hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-31 04:38:18 +02:00
Code Issues Packages Projects Releases Wiki Activity
86,620 Commits 1,723 Branches 164 Tags
f897575d3fee366c942fd2ac7872ab5237cb35db
Commit Graph

86620 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Owen Mansel-Chan
f897575d3f Update change note 2026-03-27 10:11:13 +00:00
Owen Mansel-Chan
8a99ef4531 Update csv model tests to use MaD 2026-03-26 16:44:58 +00:00
Owen Mansel-Chan
21ecf230ce Small tweaks 2026-03-26 16:39:10 +00:00
Owen Mansel-Chan
de4fe6d25c Use inline expectations for query test 2026-03-26 15:27:17 +00:00
copilot-swe-agent[bot]
d69bcca687 Remove CSV model infrastructure from ExternalFlow.qll 
Remove SourceModelCsv, SinkModelCsv, SummaryModelCsv classes,
single-argument CSV predicates, CSV parsing in MadInput, and
CSV-specific validation checks. Simplify MadInput to only contain
the namespace separator. Convert test models to .ext.yml format.

Agent-Logs-Url: https://github.com/github/codeql/sessions/89ff81fe-5585-446d-99e2-6fe6966495c5

Co-authored-by: owen-mc <62447351+owen-mc@users.noreply.github.com>
 2026-03-26 15:07:39 +00:00
Owen Mansel-Chan
64a52ba07f Update test that uses zmq models 2026-03-26 14:53:33 +00:00
Owen Mansel-Chan
6769f08f93 Remove blank line at end of file 2026-03-26 14:10:15 +00:00
copilot-swe-agent[bot]
a6377145ac Convert C++ CSV models from QL files to .model.yml data extensions 
Migrate ZeroMQ models from ZMQ.qll and getc-family source models
from Gets.qll into new .model.yml files in the ext/ directory.

Agent-Logs-Url: https://github.com/github/codeql/sessions/da8f5e5b-35f7-47a4-afa0-750616e3df5b

Co-authored-by: owen-mc <62447351+owen-mc@users.noreply.github.com>
 2026-03-26 12:38:19 +00:00
copilot-swe-agent[bot]
4748c4a4f5 Initial plan 2026-03-26 12:31:21 +00:00
Paolo Tranquilli
6c52de9234 Merge pull request #21566 from github/redsun82/csharp-opt-out-of-dotnet-telemetry 
C#: Opt out of dotnet CLI telemetry
 2026-03-25 14:55:33 +01:00
Tom Hvitved
c579ec9ea7 Merge pull request #21575 from hvitved/rust/model-generator-taint-steps 
Rust: Include taint steps when generating flow models
 2026-03-25 14:41:36 +01:00
Owen Mansel-Chan
898713538f Merge pull request #21563 from owen-mc/rust/allow-mad-barriers 
Rust: Enable MaD barriers for queries with MaD sinks
 2026-03-25 12:55:31 +00:00
Tom Hvitved
fba4a83dc8 Rust: Include taint steps when generating flow models 2026-03-25 12:52:08 +01:00
Owen Mansel-Chan
f25d7456da Fix QL formatting 2026-03-25 10:05:04 +00:00
Owen Mansel-Chan
bedfe1e755 Apply suggestions from code review 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2026-03-24 22:06:53 +00:00
Simon Friis Vindum
0ed037d667 Merge pull request #21544 from paldepind/cpp/extraction-information-expr-types 
C++: Add expressions with type data to `cpp/extraction-information`
 2026-03-24 17:16:47 +01:00
Simon Friis Vindum
8cb5380d84 C++: Remove unused find predicate 2026-03-24 15:54:46 +01:00
Paolo Tranquilli
14b3f6211e C#: Opt out of dotnet CLI telemetry 
Add `DOTNET_CLI_TELEMETRY_OPTOUT=1` to the minimal environment used for
all `dotnet` invocations. The telemetry is unnecessary and may even be
causing segfaults in some cases.
 2026-03-24 14:16:49 +01:00
Florin Coada
70d8c1c76e Merge pull request #21558 from github/codeql-spark-run-23458057791 
Update changelog documentation site for codeql-cli-2.25.0
 2026-03-24 12:54:23 +00:00
Taus
f245da1e52 Merge pull request #21560 from github/tausbn/cpp-fix-bad-join-in-printf 
C++: Fix bad join in `callsVariadicFormatter`
 2026-03-24 13:37:23 +01:00
Owen Mansel-Chan
7e6319d648 Remove unused field 2026-03-24 10:39:32 +00:00
Owen Mansel-Chan
93231794ee Document that MaD barriers for hardcoded credentials apply to all kinds 2026-03-24 10:39:05 +00:00
Owen Mansel-Chan
5762191832 Enable MaD barriers for queries with MaD sinks 2026-03-24 10:28:25 +00:00
Owen Mansel-Chan
fd8821fcb5 Merge pull request #21475 from owen-mc/rust/mad-barriers 
Rust: Add support for defining barriers and barrier guards using models-as-data
 2026-03-24 09:31:24 +00:00
Tom Hvitved
cc99867969 Merge pull request #21511 from hvitved/ruby/empty-stats 
Ruby: Use empty DB stats
 2026-03-24 08:25:43 +01:00
Taus
2e76f3471a C++: Fix bad join in callsVariadicFormatter 
On `wireshark` this reduces the intermediate tuple count from roughly 88
million tuples to roughly 3000 (with the new helper predicate
materialising ~300 tuples).
 2026-03-23 23:17:22 +00:00
github-actions[bot]
19424627c1 update codeql documentation 2026-03-23 20:19:09 +00:00
Mathias Vorreiter Pedersen
680ea0b960 Merge pull request #21552 from MathiasVP/more-public-dataflow-apis 
C++: Expose indirect instructions and indirect parameters in dataflow
 2026-03-23 17:46:14 +00:00
Mario Campos
a5763303fc Merge pull request #21557 from github/rc/3.21 
Merge back remaining changes from rc/3.21
 2026-03-23 12:28:34 -05:00
Owen Mansel-Chan
8d16a2b4fa Fix parameter -> argument in QLDoc 2026-03-23 16:24:03 +00:00
Owen Mansel-Chan
97ebc0e839 Update QLDoc in FlowBarrier.qll 2026-03-23 16:22:27 +00:00
Owen Mansel-Chan
d82fc67b36 Fix QLDoc formatting 2026-03-23 16:11:22 +00:00
Mathias Vorreiter Pedersen
8cebf510dc C++: Reword the change note from #21458. 2026-03-23 13:45:46 +00:00
Mathias Vorreiter Pedersen
b5723bd75d Merge branch 'main' into more-public-dataflow-apis 2026-03-23 13:43:01 +00:00
Mathias Vorreiter Pedersen
fef314e27f C++: Add change note. 2026-03-23 13:39:15 +00:00
Mathias Vorreiter Pedersen
1363c54a9f C++: Add 'asIndirectInstruction' as a public predicate. 2026-03-23 13:28:33 +00:00
Mathias Vorreiter Pedersen
09caeca7e9 C++: Move parameter indirection nodes into the public API. 2026-03-23 13:27:20 +00:00
Simon Friis Vindum
c67122b3f1 C++: Add expressions with type data to cpp/extraction-information 2026-03-23 12:14:11 +01:00
Tom Hvitved
0d0d34cc71 Merge pull request #21498 from Gregro/csharp/fix-log-forging-extension-methods 
C#: Fix false positives in cs/log-forging for extension methods
 2026-03-23 11:24:12 +01:00
Jeroen Ketema
be245357cc Merge pull request #21458 from github/jeongsoolee09/add-getIndirectionIndex 
Add `IndirectUninitializedNode` and related helper predicates
 2026-03-23 11:03:57 +01:00
Jeroen Ketema
ee00b98476 Update cpp/ql/lib/change-notes/2026-03-20-add-indirect-uninitialized-node.md 2026-03-23 10:44:21 +01:00
Jeongsoo Lee
6ae32f22a8 Merge branch 'main' into jeongsoolee09/add-getIndirectionIndex 2026-03-22 11:51:14 -04:00
Gregro
a59c865328 let interprocedural analysis handle source-available extension methods for LogForgingLogMessageSink's 2026-03-21 20:05:08 +00:00
Gregro
d0c48893f5 update test helper to use more robust .ReplaceLineEndings() sanitizer 2026-03-21 20:05:08 +00:00
Gregro
d99247cf13 Clarify static extension method class name 2026-03-21 20:05:08 +00:00
Gregro
a9eb801fea C#: Fix false positives in cs/log-forging for extension methods 2026-03-21 20:05:08 +00:00
Tom Hvitved
9a4bc69843 Merge pull request #21510 from hvitved/ci/remove-ruby-checks 
CI: Remove Ruby checks
 2026-03-21 08:04:17 +01:00
Jeongsoo Lee
d4fef1c68e Merge branch 'main' into jeongsoolee09/add-getIndirectionIndex 2026-03-20 10:01:05 -07:00
Jeongsoo Lee
d2fcced5ad Add a feature change note 2026-03-20 09:59:12 -07:00
Owen Mansel-Chan
093c27955f Fix incorrect QLDoc 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-03-20 15:24:15 +00:00