hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-23 02:13:41 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,550 Commits 1,693 Branches 161 Tags
codeql-cli/v2.23.9
Commit Graph

84550 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
REDMOND\brodes
ca1d4e270a Crypto: Separating out an IntLiteral class so it is clearer that some constraints for generic input sources are heuristics to filter sources, and other constraints narrow the literals to a general type (ints). Also adding fixes in KnownAlgorithmConstants to classify some algorithms as key exchange and signature correctly, and added support for a signature constant wrapper. 2025-05-22 12:53:11 -04:00
Napalys Klicius
b10a9481f3 Fixed false positives from strapi and rxjs/testing as well as when one passes function as second arg to pipe 2025-05-22 18:50:02 +02:00
Napalys Klicius
e6ae8bbde4 Added test cases where second parameter passed to pipe is a function and some popular library ones 2025-05-22 18:50:01 +02:00
Napalys Klicius
ac24fdd348 Add predicate to detect non-stream-like usage in sources of pipe calls 2025-05-22 18:49:59 +02:00
Napalys Klicius
5b1af0c0bd Added detection of custom gulp-plumber sanitizer, thus one would not flag such instances. 2025-05-22 18:49:53 +02:00
Geoffrey White
9ac24c7f4f Merge branch 'main' into moresensitive 2025-05-22 16:11:12 +01:00
Geoffrey White
09dd00089b Merge pull request #19546 from geoffw0/logsinks 
Rust: Models for log_err
 2025-05-22 16:06:26 +01:00
REDMOND\brodes
570fdeb254 Crypto: Code Cleanup (+1 squashed commits) 
Squashed commits:

[417734cc3c] Crypto: Fixing typo (+1 squashed commits)

Squashed commits:

[1ac3d5c7d4] Crypto: Fixing typo caused by AI auto complete.
 2025-05-22 10:52:19 -04:00
REDMOND\brodes
a5b57d3694 Merge branch 'main' into generic_constant_filtering 
# Conflicts:
#	cpp/ql/lib/experimental/quantum/Language.qll
#	cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/KnownAlgorithmConstants.qll
#	cpp/ql/lib/experimental/quantum/OpenSSL/OpenSSL.qll
 2025-05-22 10:37:10 -04:00
REDMOND\brodes
09170e598c Crypto: Making generic literal filter more explicit that it is for filtering all constants, not just for algorithms. 2025-05-22 10:31:58 -04:00
Geoffrey White
dc280c6fb7 Rust: Add missing assignment class relations. 2025-05-22 15:23:29 +01:00
Owen Mansel-Chan
46a6b8ad07 Add change note 2025-05-22 15:21:51 +01:00
Owen Mansel-Chan
66bbaf2dc8 Add tests for cloud.google.com/go/bigquery.Client.Query 2025-05-22 15:16:12 +01:00
Owen Mansel-Chan
c0187aff73 Add model for cloud.google.com/go/bigquery.Client.Query 2025-05-22 15:15:54 +01:00
Owen Mansel-Chan
663c83d8c6 Merge pull request #19556 from owen-mc/java/pr/19512 
Java: Fix SpringRequestMappingMethod URL Extraction #2
 2025-05-22 15:08:31 +01:00
Owen Mansel-Chan
8b68d95231 Merge pull request #19560 from owen-mc/java/add-stringreplaceallwithnonregex-test 
Java: Add test showing correct usage
 2025-05-22 15:07:58 +01:00
Paolo Tranquilli
4995137145 Merge pull request #19550 from github/redsun82/git-ignore-db-upgrade-checks-files 
DevEx: add temporary files created by some checks to `.gitignore`
 2025-05-22 15:32:02 +02:00
Owen Mansel-Chan
79453cc103 Add test showing correct usage 2025-05-22 14:30:32 +01:00
Owen Mansel-Chan
476ada13db Improve QLDoc for SpringRequestMappingMethod.getAValue 2025-05-22 14:22:28 +01:00
Michael Nebel
4c818c00f3 Merge pull request #19480 from michaelnebel/csharp/updatemodels 
C#: Re-generate .NET 9 Runtime models.
 2025-05-22 15:04:53 +02:00
Paolo Tranquilli
38c5c65927 Merge pull request #19558 from jketema/swift-clarify 
Swift: Clarify the tag in the Swift updating doc
 2025-05-22 15:01:02 +02:00
Geoffrey White
b22ce5515f Rust: Make RefExpr an Operation. 2025-05-22 13:52:13 +01:00
Geoffrey White
b8f0e4d7e0 Rust: Use DerefExpr. 2025-05-22 13:52:08 +01:00
Geoffrey White
6c19cecb07 Rust: Add DerefExpr class. 2025-05-22 13:50:30 +01:00
Geoffrey White
fafdc1d181 Rust: Add BitwiseOperation library. 2025-05-22 13:50:29 +01:00
Geoffrey White
11480d29b7 Rust: Add ArithmeticOperation library. 2025-05-22 13:50:24 +01:00
Paolo Tranquilli
7e917c9c35 Rust: move body skipping logic to code generation 2025-05-22 14:44:42 +02:00
Jeroen Ketema
b8fe1a676a Swift: Clarify the tag in the Swift updating doc 2025-05-22 14:43:17 +02:00
Geoffrey White
d27596a0b2 Merge pull request #19535 from geoffw0/operations2 
Rust: Add ComparisonOperation library.
 2025-05-22 13:41:53 +01:00
Simon Friis Vindum
c4bbfbc865 Merge pull request #19555 from paldepind/rust/timpl 
Rust: Remove unused impl type
 2025-05-22 13:54:15 +02:00
Arthur Baars
a4788fd816 Rust: update expected output 2025-05-22 13:36:38 +02:00
Owen Mansel-Chan
45475c5c1d Add change note 2025-05-22 12:29:31 +01:00
Owen Mansel-Chan
59d4f039d8 Deprecate SpringRequestMappingMethod.getValue (which didn't work) 2025-05-22 12:29:29 +01:00
Owen Mansel-Chan
708bbe391e Add test for SpringRequestMappingMethod.getAValue 2025-05-22 12:22:34 +01:00
Owen Mansel-Chan
775338ebdd Rename getArrayValue to getAValue 2025-05-22 12:21:20 +01:00
Asger F
9202a1b084 Merge pull request #19516 from asgerf/js/npm-package-name-join 
JS: More efficient nested package naming
 2025-05-22 12:46:43 +02:00
Napalys Klicius
b1048719aa Added UnhandledStreamPipe to javascript-security-and-quality.qls and javascript-code-quality.qls 2025-05-22 12:42:56 +02:00
Napalys Klicius
09220fce84 Fixed issue where pipe calls from rxjs package would been identified as pipe calls on streams 2025-05-22 12:33:36 +02:00
Napalys Klicius
d7f86db76c Enhance PipeCall to exclude non-function and non-object arguments in pipe method detection 2025-05-22 12:31:27 +02:00
Napalys Klicius
4332de464a Eliminate false positives by detecting non-stream objects returned from pipe() calls based on accessed properties 2025-05-22 12:31:26 +02:00
Napalys Klicius
5710f0cf51 Add test cases for non-stream field accesses and methods before and after pipe operations 2025-05-22 12:31:19 +02:00
Geoffrey White
852203911a Rust: Equal -> Equals. 2025-05-22 11:13:56 +01:00
Arthur Baars
7e5f6523c5 Rust: disable ResolvePaths when extracting library source files 2025-05-22 11:35:54 +02:00
Tom Hvitved
76737cb53a Rust: Follow-up changes after rebase 2025-05-22 10:22:03 +02:00
Simon Friis Vindum
36f5e78a7e Rust: Remove unused impl type 2025-05-22 10:17:44 +02:00
Joe Farebrother
7b452a1611 Add case for wrappers 2025-05-22 09:01:15 +01:00
Arthur Baars
28be2086ad Rust: drop too noisy log statements 2025-05-22 09:53:43 +02:00
Arthur Baars
a6cd60f20e Rust: address comments 2025-05-22 09:53:41 +02:00
Arthur Baars
fa1a21b20d Rust: reduce log-level of diagnostics when extracting library files 2025-05-22 09:53:39 +02:00
Arthur Baars
2a93b2a499 Rust: integration-tests: update output 2025-05-22 09:53:37 +02:00