hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-15 22:43:43 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,550 Commits 1,690 Branches 160 Tags
codeql-cli/v2.23.9
Commit Graph

84550 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Chris Smowton
18c5cb10d9 Ruby: Update CSRF protection notes in documentation 
Autofix is confused about how the `protect_from_forgery` method works in Rails >= 5: GPT-5 says:

> In modern Rails versions (>=5, including 6 and 7 which this gem permits), ActionController::Base already enables CSRF protection by default with the `:exception` strategy; an explicit call to `protect_from_forgery` without options does not weaken security.

This is false: manual testing confirms that it actually does downgrade from `:exception` to `:null-session` behaviour when a manual call is made.

I can't find any authoritative source showing this gotcha, so I can see how the AI is confused and how humans might also struggle to verify the truth.
 2025-09-29 18:42:11 +01:00
github-actions[bot]
a7a4e43991 Post-release preparation for codeql-cli-2.23.2 2025-09-29 15:10:19 +00:00
Nick Rolfe
a05ffdbc81 Merge pull request #20545 from github/release-prep/2.23.2 
Release preparation for version 2.23.2
codeql-cli/v2.23.2 		2025-09-29 15:35:24 +01:00
Nick Rolfe
a76d736136 C#: tweak changelog wording 2025-09-29 15:32:52 +01:00
Simon Friis Vindum
98a20f9820 Rust: Add change note 2025-09-29 14:58:34 +02:00
Simon Friis Vindum
37ffe82ac9 Rust: Handle functions as lambdas 2025-09-29 14:49:04 +02:00
Simon Friis Vindum
0728692e93 Rust: Add tests for functions as lambdas 2025-09-29 14:46:53 +02:00
idrissrio
b82d8c2252 Java: Accept new test results after query change 2025-09-29 13:38:01 +02:00
idrissrio
659afb5f30 Java: Fix false positives in evaluation-to-constant query for ErrorType 2025-09-29 13:37:25 +02:00
idrissrio
e0444c531b Java: Add integration test for constant expr detection 2025-09-29 13:37:20 +02:00
Simon Friis Vindum
84c6a3a376 Rust: Add change note for actix-web models 2025-09-29 13:03:10 +02:00
Kasper Svendsen
b52fff2f81 Merge pull request #20505 from kaspersv/kaspersv/future-proof-java-discarding2 
Overlay: Discard Java config and XML base entities in overlay extracted files
 2025-09-29 13:01:08 +02:00
github-actions[bot]
d2130a589b Release preparation for version 2.23.2 2025-09-29 10:28:45 +00:00
Simon Friis Vindum
6b7d5d2902 Rust: Add models for actix-web 2025-09-29 09:14:03 +02:00
Jeroen Ketema
9dfd87c284 Merge pull request #20514 from jketema/permissive 
C++: Update tests after extractor changes
 2025-09-28 16:56:31 +02:00
Geoffrey White
c7f6f2c8e1 Rust: Consistency fix for reusables/extractors.rst. 2025-09-26 16:40:25 +01:00
Owen Mansel-Chan
18a1075e70 Merge pull request #20523 from smowton/smowton/fix/mistyped-exp-fp 
Go: mistyped-exponentiation: notice constants with likely-bitmask values
 2025-09-26 16:02:30 +01:00
Owen Mansel-Chan
f5f61193a0 Delete change note 2025-09-26 15:33:26 +01:00
Geoffrey White
1236e2b829 Rust: Add references to alternatives in the getStmtOrExpr methods. 2025-09-26 14:55:06 +01:00
Geoffrey White
a0b533bd40 Merge pull request #20529 from geoffw0/convert 
Rust: Correct from model to taint
 2025-09-26 14:48:58 +01:00
Geoffrey White
4570d7e46e Rust: Replace getBlockChildNode with uses of getStmtOrExpr. 2025-09-26 14:32:36 +01:00
Geoffrey White
27b6f12b3c Rust: Use the suggested cleaner implementation for getStmtOrExpr. 2025-09-26 14:30:31 +01:00
Florin Coada
ba07daa50a Merge pull request #20532 from github/coadaflorin/changelog-fixes 
Update changelog for CodeQL CLI 2.23.1
 2025-09-26 14:21:21 +01:00
Geoffrey White
1635ef9ad9 Merge branch 'main' into convert 2025-09-26 14:11:04 +01:00
Florin Coada
5a0bae27ac Update changelog for CodeQL CLI 2.23.1 2025-09-26 13:57:57 +01:00
Anders Schack-Mulligen
f4388c80d0 Merge pull request #20519 from aschackmull/controlflowreach/perf2 
ControlFlow: Split only on relevant values.
 2025-09-26 14:51:49 +02:00
Florin Coada
a4f5e9aaf5 Update changelog for CodeQL CLI 2.23.1 
Added acknowledgment for the original contributor of the 'Permissive CORS configuration' query and clarified the detection of path injection in Go.
 2025-09-26 13:46:12 +01:00
Florin Coada
f6fe469e02 Merge pull request #20531 from github/coadaflorin-formatingfix2 
Fix formatting in codeql-cli-2.23.1.rst
 2025-09-26 13:31:22 +01:00
Florin Coada
3e9332edfa Fix formatting in codeql-cli-2.23.1.rst 2025-09-26 13:16:45 +01:00
Florin Coada
f8388c521e Merge pull request #20530 from github/coadaflorin/attributer-query 
Attribute `js/cors-permissive-configuration` to original author
 2025-09-26 13:11:08 +01:00
Anders Schack-Mulligen
2c29f21004 Shared: Address review comments. 2025-09-26 13:59:53 +02:00
Tom Hvitved
615b0a0310 Merge pull request #20502 from hvitved/rust/path-resolution-check-arity 
Rust: Check call arities in path resolution
 2025-09-26 13:45:26 +02:00
Tom Hvitved
4c7b66c66a Address review comments 2025-09-26 13:14:44 +02:00
Geoffrey White
77e7898f71 Rust: Use US spelling in comment. 2025-09-26 11:49:23 +01:00
Geoffrey White
f458149655 Rust: Remove a sentance from the qhelp. 2025-09-26 11:32:45 +01:00
Geoffrey White
57f84873b4 Rust: Split off cookieOptionalBarrier predicate (as suggested) and expand / clarify the QLDoc. 2025-09-26 11:29:17 +01:00
Geoffrey White
21fe142955 Update rust/ql/src/queries/security/CWE-614/InsecureCookie.qhelp 
Co-authored-by: Simon Friis Vindum <paldepind@github.com>
 2025-09-26 10:39:49 +01:00
Florin Coada
ba520c60d2 Update 2.1.0.md 2025-09-26 10:11:03 +01:00
Florin Coada
09833e2541 Update CHANGELOG for query promotion and acknowledgment 
Promote 'Permissive CORS configuration' query to default suite and acknowledge contributor.
 2025-09-26 10:09:30 +01:00
Florin Coada
2f96e32ec9 Update 2.1.0.md 2025-09-26 10:08:31 +01:00
Geoffrey White
3a03bb5a0b Rust: Repair rust/hard-coded-cryptographic-value, which had an unintentional dependence on the taint flow. 2025-09-26 10:03:38 +01:00
Geoffrey White
74a350a432 Rust: Effect on tests. 2025-09-26 09:55:16 +01:00
Tom Hvitved
c52709a5f0 Merge pull request #20516 from hvitved/rust/type-inference-union-pointer-never 
Rust: Model union, never, and pointer types
 2025-09-26 10:26:05 +02:00
Tom Hvitved
7a74efcc82 Update rust/ql/lib/codeql/rust/elements/internal/UnionImpl.qll 
Co-authored-by: Simon Friis Vindum <paldepind@github.com>
 2025-09-26 09:57:13 +02:00
Geoffrey White
ff554055a6 Rust: Correct 'from' model to taint. 2025-09-26 08:43:35 +01:00
Simon Friis Vindum
6678e79239 Merge pull request #20526 from geoffw0/lock 
Rust: Add missing Cargo.lock files
 2025-09-26 08:57:21 +02:00
ewillonermsft
c89ce067a3 Merge branch 'main' into systemwebhttprequest-test-stubs 2025-09-25 12:58:34 -07:00
ewillonermsft
b267bd11e0 Update properties to getters which is inline with the actual implementation. 2025-09-25 10:37:56 -07:00
ewillonermsft
b49b84e072 Remove this[] logic from the commit. 
Stub should not include code logic.
 2025-09-25 10:10:48 -07:00
Geoffrey White
39ceadaa26 Merge pull request #20520 from geoffw0/gitignore 
Add .orig files to the .gitignore.
 2025-09-25 18:10:24 +01:00