hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-14 22:21:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,550 Commits 1,690 Branches 160 Tags
codeql-cli/v2.23.9
Commit Graph

84550 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nora Dimitrijević
a972ef7e31 Actions/ReusableWorkflowsSinks 
Same file uses source as endpoint
 2025-10-28 09:39:11 +01:00
Nora Dimitrijević
9c24ce0650 Actions/CompositeActionsSummaries 
Same file uses source as endpoint
 2025-10-28 09:39:09 +01:00
Nora Dimitrijević
78f2cee51c Actions/CompositeActionsSources 
Same file uses source as endpoint
 2025-10-28 09:39:06 +01:00
Nora Dimitrijević
d36b721513 Actions/CompositeActionsSinks 
Same file uses source as endpoint
 2025-10-28 09:38:55 +01:00
Nora Dimitrijević
bb10307303 Actions/SecretExfiltrationQuery 
actions/ql/src/experimental/Security/CWE-200/SecretExfiltration.ql uses source as endpoint
 2025-10-28 09:38:38 +01:00
Nora Dimitrijević
890ca8e7d1 Actions/RequestForgeryQuery 
actions/ql/src/experimental/Security/CWE-918/RequestForgery.ql uses source as endpoint
 2025-10-28 09:38:21 +01:00
Nora Dimitrijević
3fa8259042 Actions/OutputClobberingQuery 
actions/ql/src/experimental/Security/CWE-074/OutputClobberingHigh.ql uses source as endpoint
 2025-10-28 09:38:01 +01:00
Asger F
8d49f26f3d Merge pull request #20397 from asgerf/js/build-artifact-leak-fp 
JS: Fix FP in js/build-artifact-leak when keys come from an array of constants
 2025-10-28 06:40:13 +01:00
Geoffrey White
b76f27d10b Rust: Remove redundant model. 2025-10-27 18:47:17 +00:00
Geoffrey White
03204b7881 Rust: Accept tests repaired. 2025-10-27 17:53:40 +00:00
Alexander Eyers-Taylor
227e1fcbde Merge pull request #20598 from github/alexet/overlay-query-libraries 
Java: Make some query libraries local.
 2025-10-27 17:52:27 +00:00
Geoffrey White
0c92b33b8f Revert "Rust: Generalize more models." 
This reverts commit 56811d02ac.
 2025-10-27 17:47:00 +00:00
Geoffrey White
a468b1d647 Rust: Accept regressions spotted by CI. 2025-10-27 17:46:01 +00:00
Paolo Tranquilli
630ea7bd0a Merge pull request #20641 from github/redsun82/fix-pytest-build-as-test-windows 
Pytest: fix the `build-as-test` mode on Windows
 2025-10-27 15:47:24 +01:00
Geoffrey White
56811d02ac Rust: Generalize more models. 2025-10-27 14:11:09 +00:00
Idriss Riouak
11a7d53002 Merge pull request #20657 from github/idrissrio/java-maven-fix 
Java: Add integration test to reproduce regression
 2025-10-27 15:09:41 +01:00
yoff
406e48b3bb java: fix aliasing FP 
reorganise code, adding `LockField`
 2025-10-27 14:30:25 +01:00
yoff
531b994819 java: add test for aliasing 
found by triage
 2025-10-27 14:27:32 +01:00
idrissrio
d473b36918 Java: Accept new test results after extractor changes 2025-10-27 14:26:48 +01:00
idrissrio
714b2ad565 Java: Add integration test for maven 2025-10-27 14:26:47 +01:00
Simon Friis Vindum
35b4a36f37 Merge pull request #20691 from paldepind/cpp/range-analysis-refactor 
C++: A few small refactors to the simple range analysis library
 2025-10-27 14:15:37 +01:00
Anders Schack-Mulligen
31428b2f66 Merge pull request #20700 from aschackmull/java/delete-old-ssa-consistency 
Java: Remove old SSA consistency queries.
 2025-10-27 14:12:09 +01:00
Paolo Tranquilli
105f810654 Merge pull request #20658 from github/redsun82/csharp-fix-xframe-options-in-location 
Csharp: fix `cs/web/missing-x-frame-options` to also consider `location` elements
 2025-10-27 13:49:09 +01:00
Geoffrey White
bd11873e0d Rust: Generalize a model of futures_io...poll_read. 2025-10-27 12:22:13 +00:00
Chris Smowton
2e0e9e0834 Merge pull request #20550 from github/smowton/admin/document-rails-5-csrf 
Ruby: Update CSRF protection notes in documentation
 2025-10-27 12:19:16 +00:00
Anders Schack-Mulligen
96fc1e889a Java: Accept .expected file. 2025-10-27 13:17:53 +01:00
Geoffrey White
c8b8046302 Rust: Generalize a model of alloc::boxed::Box. 2025-10-27 12:09:05 +00:00
Geoffrey White
d650ccb74b Rust: Generalize some std::io::Read models. 2025-10-27 12:09:04 +00:00
Anders Schack-Mulligen
02a942554d Java: Remove old SSA consistency queries. 2025-10-27 12:55:43 +01:00
Jeroen Ketema
47b26ddea4 Merge pull request #20446 from github/jketema/swift-6.2 
Swift: Make extractor compile with Swift 6.2
 2025-10-27 12:24:16 +01:00
Jeroen Ketema
be0d405f6d Swift: Update artifacts 2025-10-27 11:28:53 +01:00
yoff
83508ba661 java: adjust qhelp and examples for SafePublication 2025-10-27 11:25:51 +01:00
Jeroen Ketema
aabc8bc38b Swift: Fix typo in change note 2025-10-27 10:54:39 +01:00
Jeroen Ketema
2022dd833e Swift: Address review comments 2025-10-27 10:48:02 +01:00
Paolo Tranquilli
3f98d32124 C#: Update change note for location handling in query 2025-10-27 09:51:10 +01:00
Nicolas Will
d4787520fd Merge pull request #20690 from bdrodes/weak_symmetric_cipher_bug 
Crypto: Fix bug in weak symmetric cipher query
 2025-10-24 22:38:07 +02:00
Nicolas Will
e7bd435bee Merge pull request #20696 from bdrodes/bad_mac_decrypt_then_mac 
Crypto: Adding bad decrypt then mac order query.
 2025-10-24 22:07:26 +02:00
REDMOND\brodes
65d0ca9e53 Crypto: Simplifying expression for ql-for-ql alert. 2025-10-24 14:08:25 -04:00
REDMOND\brodes
0394816756 Crypto: typo fix 2025-10-24 14:06:52 -04:00
REDMOND\brodes
b20689fa46 Crypto: removing comments 2025-10-24 14:06:08 -04:00
REDMOND\brodes
0e624f51d5 Crypto: Adding bad decrypt then mac order query. Fixes to BadMacOrderMacOnEncryptPlaintext as well. 2025-10-24 12:44:28 -04:00
Simon Friis Vindum
d1ea1af945 C++: Make small trivial tweaks 2025-10-24 16:16:57 +02:00
Simon Friis Vindum
5709964fbf C++: Simplify boundFromGuard 
The last disjunct in `boundFromGuard` is moved into `linearBoundFromGuard`. This avoids repeating the calculation for `boundValue`.

`getBounds` and `getExprTypeBounds` are turned into predicates with result. Their middle argument was the "output" which was confusing.
 2025-10-24 16:12:05 +02:00
Simon Friis Vindum
383e6a44aa C++: Use or instead of if 
The proposition in the true branch implied the condition, so `or` is more appropriate. Also eliminated an existentially quantified variable.
 2025-10-24 16:08:35 +02:00
Simon Friis Vindum
3af9885489 C++: Fix typos in tests 2025-10-24 16:04:34 +02:00
Simon Friis Vindum
17e0dec08a C++: Add toString for RelationStrictness 
This helps for debugging.
 2025-10-24 16:01:38 +02:00
Simon Friis Vindum
a0a6f288b5 Merge pull request #20645 from paldepind/cpp/range-analysis-measure 
C++: Range analysis measure bounds
 2025-10-24 15:30:07 +02:00
Jeroen Ketema
74384bbeae Swift: Add change notes 2025-10-24 14:38:01 +02:00
Jeroen Ketema
e415772688 Swift: Add upgrade and downgrade scripts 2025-10-24 14:38:00 +02:00
Jeroen Ketema
2843761471 Swift: Special case the xcode-fails-spm-works test results on macOS 26 
macOS 26 comes with Xcode 26, which does not call the compiler on the file
with the `#error` diagnostic directive.
 2025-10-24 14:37:58 +02:00