hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 10:15:14 +02:00
Code Issues Packages Projects Releases Wiki Activity
79,997 Commits 1,741 Branches 165 Tags
fc0c8a8f5a975ffb470943372471090bc1d1e2b5
Commit Graph

79997 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Hvitved
9e6ce98491 Merge pull request #19728 from hvitved/rust/type-inference-debug-predicates 
Rust: Add another type inference debug predicate
 2025-06-12 12:15:19 +02:00
Tom Hvitved
1ec376073b Update shared/typeinference/codeql/typeinference/internal/TypeInference.qll 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2025-06-12 12:14:52 +02:00
Napalys Klicius
75ee649362 JS: add change note 2025-06-12 12:14:14 +02:00
Napalys Klicius
923aff2439 JS: Fixed false positive on manual string interpolation. 2025-06-12 11:35:33 +02:00
Owen Mansel-Chan
538a5af1d1 Merge pull request #19738 from owen-mc/pr/felickz/19530 
Set CWE-134 from 9.3 to 7.3 CVSS score for memory safe languages (#2)
 2025-06-12 10:27:28 +01:00
Napalys Klicius
bafe7e66ad JS: Fix template literal detection in string concatination 2025-06-12 11:18:20 +02:00
Simon Friis Vindum
8cde1eefb2 Rust: Remove Access from adjustAccessType 2025-06-12 11:16:32 +02:00
Simon Friis Vindum
f138f77cc1 Rust: Only adjust access type for method call expressions 2025-06-12 11:16:30 +02:00
Simon Friis Vindum
03c9a78bfb Rust: Simplify accessDeclarationPositionMatch 2025-06-12 11:16:29 +02:00
Simon Friis Vindum
3463ebd8ce Rust: Adapt data flow consistency queries to ! being a call 
The exact same problem occurs in Ruby, hence the `multipleArgumentCallExclude` implementation is adapted from Ruby's.
 2025-06-12 11:16:28 +02:00
Simon Friis Vindum
fecd445e78 Rust: Use Call in data flow 2025-06-12 11:16:26 +02:00
Simon Friis Vindum
5642445e1d Rust: Fix canonical path for Deref trait 2025-06-12 11:16:25 +02:00
Simon Friis Vindum
7684e01c3a Rust: Use Call in type inference 2025-06-12 11:16:19 +02:00
Napalys Klicius
861e4ee11e JS: Added test cases including manual interpolation and string concatination. 2025-06-12 11:15:36 +02:00
Simon Friis Vindum
47864781c1 Rust: Add abstraction over all kinds of calls 2025-06-12 11:12:06 +02:00
Simon Friis Vindum
ce1c9fbec1 Rust: Account for arity in operator overloading 
For instance the binary `&` is overloadable but the prefix `&` is not. Similarly, `*` has a different target depending on if it's prefix or infix.
 2025-06-12 11:12:04 +02:00
Simon Friis Vindum
18583550ae Rust: Add data flow tests for operator overloading 2025-06-12 11:12:03 +02:00
Paolo Tranquilli
3c834de5be Rust: fix dataflow models test 2025-06-12 11:04:30 +02:00
Anders Schack-Mulligen
d0d47808e9 Java: Add change note. 2025-06-12 11:03:49 +02:00
Tom Hvitved
d667f7d411 Merge pull request #19732 from hvitved/rust/builtin-canonical-paths 
Rust: Generate canonical paths for builtins
 2025-06-12 10:47:00 +02:00
Paolo Tranquilli
85e9f5a3b0 Merge pull request #19559 from github/redsun82/rust-extract-libs 
Rust: move body skipping logic to code generation
 2025-06-12 10:45:30 +02:00
Tom Hvitved
649481e279 Merge pull request #19657 from hvitved/rust/type-inference-index-expr-simple 
Rust: Simple type inference for index expressions
 2025-06-12 10:27:09 +02:00
Owen Mansel-Chan
23cbc6abc4 Merge pull request #19723 from apsscolari/update-precision-java-concatenated-command-line 
Update precision java concatenated command line
 2025-06-12 09:23:00 +01:00
Geoffrey White
fdf1dca28f Merge pull request #19735 from geoffw0/canonical 
Rust: Update RegexInjectionExtensions to use getCanonicalPath.
 2025-06-12 09:14:52 +01:00
Napalys Klicius
c5a1421405 JS: promote suspicious-method-name-declaration to quality query. 2025-06-12 09:54:01 +02:00
Napalys Klicius
60e3b0c8e7 JS: Update qhelp and added more examples. 2025-06-12 09:53:56 +02:00
Napalys Klicius
41f4236b86 JS: expanded suspicious-method-name-declaration test suite 2025-06-12 09:29:30 +02:00
Paolo Tranquilli
326ddd6625 Merge branch 'main' into redsun82/rust-mad 2025-06-12 09:24:44 +02:00
Paolo Tranquilli
a6cc94698a Rust: fix inline flow test 2025-06-12 09:24:33 +02:00
Tom Hvitved
383cc5c2a7 Rust: Rename Bultins.qll -> Builtins.qll 2025-06-12 09:12:32 +02:00
Ana Scolari
a07ce30d30 Update java-code-scanning.qls.expected 
removing line once this query precision is changed to Medium
 2025-06-11 15:27:20 -07:00
Ana Scolari
374d7da4a2 Merge branch 'main' into update-precision-java-concatenated-command-line 2025-06-11 15:24:41 -07:00
Jon Janego
7f76f5b056 Merge pull request #19740 from github/changedocs-2.22.0 
Changedocs 2.22.0
 2025-06-11 17:18:16 -05:00
Jon Janego
94a2d0876c escaping 2025-06-11 17:02:26 -05:00
Jon Janego
62e17c108c RST sitedocs for 2.22.0 2025-06-11 16:55:14 -05:00
Jeroen Ketema
7d8d596a35 Merge pull request #19686 from github/idrissrio/lambdaparams 
C++: Add boolean for explicit lambda parameter lists
 2025-06-11 23:53:00 +02:00
Jon Janego
6ec48117b5 Merge pull request #19739 from github/changedocs-2.22.0 
fixing some improperly escaped URLs
 2025-06-11 16:24:29 -05:00
Jon Janego
6336e3d44b fixing another bracket 2025-06-11 16:02:28 -05:00
Chad Bentz
0135cf661f Attempt to edit swift change notes for CI failure 2025-06-11 21:49:26 +01:00
Jon Janego
8f55dcdd67 removing brackets around a url 2025-06-11 15:36:30 -05:00
Tom Hvitved
69e549f400 Rust: Generate canonical paths for builtins 2025-06-11 21:14:56 +02:00
Geoffrey White
bd21a03fc3 Merge pull request #19718 from geoffw0/taintreach 
Rust: Adjust the taint reach metric for better stability.
 2025-06-11 17:51:50 +01:00
Ana Scolari
b84f9d6c3c Update java/ql/src/change-notes/2025-06-10-reduce-precision-for-building-cmdline-with-string-concatenation.md 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2025-06-11 08:55:45 -07:00
Ana Scolari
f915984b01 Update java/ql/src/change-notes/2025-06-10-reduce-precision-for-building-cmdline-with-string-concatenation.md 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-06-11 08:55:34 -07:00
Paolo Tranquilli
97c2dfe23f Rust: fix tests 2025-06-11 17:32:43 +02:00
Paolo Tranquilli
bea5381420 Rust: replace last hand-written instances of Field[crate:: 2025-06-11 16:48:39 +02:00
Paolo Tranquilli
c6c52edbee MaD generator: tweak the scripts 
* fix a bug where the order of model generation was determined by the
  order in the `download.json` file of the experiment rather than the
  order in the config file
* allow configuring `--ram` and `--threads` in the MaD generator scripts
* use no `--ram` and `--threads=0` by default in the bulk generator
  (single generator defaults are left unchanged)
* allow to pass `--dca` multiple times, taking DBs from experiments
  listed last. This allows to run a subset of the sources in a "fixup"
  experiment and use it to "patch" a previous run without rerunning
  everything.
 2025-06-11 16:42:00 +02:00
Paolo Tranquilli
051704e59d Merge branch 'main' into redsun82/rust-mad 2025-06-11 16:39:10 +02:00
Geoffrey White
0c05fa48eb Rust: Update RegexInjectionExtensions to use getCanonicalPath. 2025-06-11 15:32:23 +01:00
Anders Schack-Mulligen
f27e310ba3 Java: Adjust references. 2025-06-11 15:53:02 +02:00