hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-19 16:33:40 +01:00
Code Issues Packages Projects Releases Wiki Activity
81,248 Commits 1,692 Branches 160 Tags
f6975117fe4591a735caad7ca310de7651227939
Commit Graph

81248 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Anders Schack-Mulligen
f6975117fe Merge pull request #20083 from aschackmull/java/prune-csrf-unprotected-request-type 
Java: Prune PathGraph for CsrfUnprotectedRequestType.ql
 2025-07-18 13:25:00 +02:00
Michael Nebel
ededa3c006 Merge pull request #20087 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2025-07-18 08:34:04 +02:00
github-actions[bot]
2f84a4a5b5 Add changed framework coverage reports 2025-07-18 00:25:03 +00:00
Anders Schack-Mulligen
996de78a66 Java: Prune PathGraph for CsrfUnprotectedRequestType.ql 2025-07-17 15:06:38 +02:00
Anders Schack-Mulligen
1485d7072d Merge pull request #19885 from aschackmull/java/annotated-exit-cfg 
Java: Add AnnotatedExitNodes to the CFG.
 2025-07-17 15:02:24 +02:00
Michael Nebel
2f29459cda Merge pull request #19931 from michaelnebel/ql4ql/qualitytagcheck 
Ql4ql: Quality query tagging.
 2025-07-17 14:53:14 +02:00
Idriss Riouak
36ebe99f2f Merge pull request #19707 from microsoft/lwsimpkins/fix-qhelp-upstream 
fix qhelp files
 2025-07-17 14:51:01 +02:00
Owen Mansel-Chan
af977e9ac7 Merge pull request #20067 from owen-mc/java/unsafe-deserialization-mad-sinks 
Java: allow the definition of `java/unsafe-deserialization` sinks using data extensions
 2025-07-17 13:42:31 +01:00
Kasper Svendsen
a807db52ad Merge pull request #19872 from github/kaspersv/overlay-java-enable 
Overlay: Enable overlay compilation for Java
 2025-07-17 14:38:17 +02:00
Jeroen Ketema
acc66c7b58 Merge pull request #19984 from jketema/jketema/sec-shared 
Make a proper shared library out of the concept related libraries
 2025-07-17 13:25:33 +02:00
Owen Mansel-Chan
6629bd8279 No need to deprecate classes when module is deprecated 2025-07-17 11:52:31 +01:00
Owen Mansel-Chan
b361f76643 Delete unused private class 2025-07-17 11:36:06 +01:00
Anders Schack-Mulligen
448cc82ef9 Kotlin: Accept more test changes. 2025-07-17 11:21:27 +02:00
Anders Schack-Mulligen
54775e0958 Java: Adjust Paths.qll 2025-07-17 11:21:26 +02:00
Anders Schack-Mulligen
e7a6259bd7 Java: Accept test changes. 2025-07-17 11:21:26 +02:00
Anders Schack-Mulligen
fbe79e8a52 Java: Add AnnotatedExitNodes to the CFG. 2025-07-17 11:21:26 +02:00
Owen Mansel-Chan
53e1939b60 Merge pull request #20053 from owen-mc/go/fix-dataflowconsistency 
Go: Fix compilation of DataFlowImplConsistency.qll
 2025-07-17 09:22:12 +01:00
Michael Nebel
01738c2e42 Merge pull request #19940 from michaelnebel/csharp/fixmodels 
C#: Improve some existing manual models.
 2025-07-17 07:58:14 +02:00
Jeroen Ketema
eabe651edf Merge pull request #20069 from jketema/spaceship-ir 
C++: Support the spaceship operator in the IR
 2025-07-16 21:45:39 +02:00
Jeroen Ketema
29a6af4efd C++: Fix instruction class name 2025-07-16 18:11:17 +02:00
Jeroen Ketema
f319381f27 C++: Support the spaceship operator in the IR 2025-07-16 17:53:55 +02:00
Jeroen Ketema
9b8302f983 Merge pull request #20068 from jketema/spaceship-test 
C++: Add test that shows that IR generation for `<=>` is broken
 2025-07-16 16:50:25 +02:00
Owen Mansel-Chan
805e31fdb9 Update test expectations 2025-07-16 15:25:45 +01:00
Jeroen Ketema
807ab986f4 C++: Update more exoected test results 2025-07-16 16:19:40 +02:00
Mathias Vorreiter Pedersen
a9fb49a2c3 Merge pull request #20066 from MathiasVP/dont-summarize-function-pointer-calls 
C++: Don't wrap calls through function pointers in `FunctionWithWrappers`
 2025-07-16 14:57:14 +01:00
Jeroen Ketema
2709bf0615 C++: Add test that shows that IR generation for <=> is broken 2025-07-16 15:54:18 +02:00
Owen Mansel-Chan
7d4a70cc1d Add change notes 2025-07-16 14:44:24 +01:00
Owen Mansel-Chan
ad60aff860 Update which sink kinds are shared between languages 2025-07-16 14:42:12 +01:00
Owen Mansel-Chan
fdd1e3fefe Use MaD models for unsafe deserialization sinks when possible 
Many of the unsafe deserialization sinks have to stay defined in QL
because they have custom logic that cannot be expressed in MaD models.
 2025-07-16 14:42:07 +01:00
Mathias Vorreiter Pedersen
8b953e4f22 C++: No need for 'resolveCall' anymore. 2025-07-16 14:28:04 +01:00
Mathias Vorreiter Pedersen
df4b338c5d C++: Add change notes. 2025-07-16 14:11:09 +01:00
Jeroen Ketema
1990438376 JS: Fix import 
The import should not have been private, because we want users to still be
able to import this file and have access to the crypto algorithms.
 2025-07-16 14:41:50 +02:00
Jeroen Ketema
24bea738c9 Shared: Add missing QLDoc and change note 2025-07-16 14:37:43 +02:00
Mathias Vorreiter Pedersen
ca913b452c C++: Don't summarize calls through function pointers in FunctionWithWrappers. 2025-07-16 11:51:46 +01:00
Jeroen Ketema
200d46f5c7 Merge pull request #20060 from jketema/typeid-fix 
C++: Fix typeid IR translation
 2025-07-16 12:40:03 +02:00
Michael Nebel
e9fdca7d39 C#: Address review comments. 2025-07-16 11:12:25 +02:00
Chris Smowton
d6a3b2e91f Merge pull request #20065 from smowton/smowton/fix/web.config 
C#: Make web.config match case insensitive (with change note)
 2025-07-16 09:52:34 +01:00
Michael Nebel
c5357ff556 Merge pull request #20008 from Hug0Vincent/csharp 
feat: add getASupertype() predicate in ValueOrRefType.
 2025-07-16 10:39:57 +02:00
Chris Smowton
a537c0091e change note 2025-07-16 09:06:38 +01:00
Geoffrey White
d264fb5865 Merge pull request #20042 from geoffw0/sinknoise 
Rust: Make rust/summary/query-sinks less noisy
 2025-07-16 08:36:16 +01:00
Michael Nebel
70bf61dc57 C#: Convert Deserialization tests to use inline expectations. 2025-07-16 08:41:58 +02:00
Michael Nebel
8f8b0428ab C#: Add change-note. 2025-07-16 08:41:56 +02:00
Michael Nebel
eba901f610 C#: Update flow summaries expected output. 2025-07-16 08:41:55 +02:00
Michael Nebel
95763dd225 C#: Add some models for SerializationInto and SerializationInfoEnumerator. 2025-07-16 08:41:53 +02:00
Michael Nebel
5c05ff843a C#: Improve the models for System.Text.Encoding.[GetBytes|GetChars]. 2025-07-16 08:41:52 +02:00
Michael Nebel
064c4fca12 C#: Add models for the remaining overloads of System.Xml.XmlDictionaryReader.CreateBinaryReader. 2025-07-16 08:41:50 +02:00
Michael Nebel
3ae69d5f3d C#: Promote the generated System.Xml.XmlDictionaryReader.CreateBinaryReader models to manual models. 2025-07-16 08:41:49 +02:00
Michael Nebel
8ee16f68a7 C#: Update test expected output. 2025-07-16 08:41:48 +02:00
Michael Nebel
13b40bbab4 C#: Fix erroneous model the MemoryStream constructor (and align with the other models). 2025-07-16 08:41:46 +02:00
Michael Nebel
4036140f4b C#: Add Deserialize testcase. 2025-07-16 08:41:45 +02:00