hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-18 16:03:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
85,654 Commits 1,692 Branches 160 Tags
codeql-cli/v2.24.1
Commit Graph

85654 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mathias Vorreiter Pedersen
b0e9238ddf Merge branch 'main' into use-shared-guards-library 2025-10-01 11:59:17 +01:00
Geoffrey White
b02c19b5bf Rust: Slightly cleaner screenshots. 2025-10-01 11:59:08 +01:00
Mark C
c5cf0ffa75 added java cryptographic check queries 2025-10-01 11:55:51 +01:00
Geoffrey White
936702a0e5 Rust: Update graphics. 2025-10-01 11:49:54 +01:00
Mathias Vorreiter Pedersen
353ee8baa0 C++: Port a test from the experimental directory to show that it works in the non-experimental "new" range analysis. 2025-10-01 11:33:47 +01:00
Chris Smowton
f5ae5bed47 Merge pull request #20560 from smowton/smowton/fix/start-in-constructor-fp 
Java: note that classes with entirely private constructors can't be subclassed
 2025-10-01 11:16:50 +01:00
Geoffrey White
2c7291d27e Rust: Fix toctree bug. 2025-10-01 11:12:29 +01:00
Ben Ahmady
513dcf1cb4 Merge branch 'main' into basicquery 2025-10-01 11:02:19 +01:00
Owen Mansel-Chan
c93852d87a Improve comments in test file 2025-10-01 11:01:58 +01:00
Simon Friis Vindum
daf0cf1c1b Rust: Rename predicates 2025-10-01 11:43:51 +02:00
Owen Mansel-Chan
dd3f754cb3 Add change note. 2025-10-01 09:32:00 +01:00
Simon Friis Vindum
a359a24c9e Merge pull request #20559 from paldepind/rust/string-add-ref 
Rust: Add taint model for add on `String`
 2025-10-01 09:38:54 +02:00
Geoffrey White
372b5870b1 Merge pull request #20554 from geoffw0/docs1 
Rust: Consistency fix for reusables/extractors.rst.
 2025-09-30 17:41:05 +01:00
Geoffrey White
92122fef58 Rust: statement -> expression. 2025-09-30 15:48:26 +01:00
Geoffrey White
d9955ce93c Merge pull request #20503 from geoffw0/cookie 
Rust: New query rust/insecure-cookie
 2025-09-30 15:26:37 +01:00
Tom Hvitved
537e7a8ec3 Rust: Fix formatting 2025-09-30 16:24:38 +02:00
Tom Hvitved
701cff3ca4 Rust: Macro call resolution 2025-09-30 16:21:02 +02:00
Owen Mansel-Chan
a2a9575587 Add tests for safe URL flow 2025-09-30 15:05:42 +01:00
Simon Friis Vindum
19871a2653 Rust: Accept test changes 2025-09-30 15:26:30 +02:00
Geoffrey White
771d9345b5 Merge branch 'main' into basicquery 2025-09-30 14:19:00 +01:00
Mathias Vorreiter Pedersen
ca53a8e787 C++: Update QLDoc. 2025-09-30 14:15:55 +01:00
Mathias Vorreiter Pedersen
1b2bd30a29 Update cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2025-09-30 14:14:19 +01:00
Chris Smowton
f88daff45f Java: note that classes with entirely private constructors can't be subclassed 2025-09-30 13:57:44 +01:00
Simon Friis Vindum
49efd574a0 Rust: Add taint model for add on String 2025-09-30 14:48:03 +02:00
Idriss Riouak
fa8cbeeb44 Merge pull request #20546 from github/idrissrio/ql-constant 
Java: Fix false positives in evaluation-to-constant query for ErrorType
 2025-09-30 14:24:28 +02:00
Chris Smowton
ff4b97bf2d Reword 2025-09-30 13:08:03 +01:00
Simon Friis Vindum
c878af2b9d Rust: Remove member predicates on Type 2025-09-30 13:28:33 +02:00
Owen Mansel-Chan
5b07e8c9c4 Fix bug in UnsafeFieldReadSanitizer 2025-09-30 12:05:06 +01:00
Owen Mansel-Chan
b5fda88bd3 Remove duplication of UnsafeFieldReadSanitizer 2025-09-30 12:04:39 +01:00
idrissrio
63771110a5 Java: Address review comment 2025-09-30 11:46:37 +02:00
Michael Nebel
018ccb3354 C#: Update locations test expected output. 2025-09-30 11:33:28 +02:00
Michael Nebel
d7a2c7da18 C#: Adjust the QL library to use the locations of the unbound declarations. 2025-09-30 11:33:26 +02:00
Michael Nebel
b2cbac3250 C#: Temporarily update the test expected file. 2025-09-30 11:33:23 +02:00
Michael Nebel
443c183e41 C#: Only extract locations for unbound declarations (if a declaration can be unfound) and don't extract empty locations. 2025-09-30 11:33:21 +02:00
Michael Nebel
e9901305b2 C#: Rename GeneratedLocation to EmptyLocation and make sure that we always create one such location. 2025-09-30 11:33:19 +02:00
Michael Nebel
5843fdbdd8 C#: Add a locations example. 2025-09-30 11:33:17 +02:00
Geoffrey White
90a7a58929 Merge pull request #20515 from geoffw0/libs 
Rust: Update Supported languages and frameworks
 2025-09-30 09:56:09 +01:00
Geoffrey White
a286631018 Merge pull request #20512 from geoffw0/stmtlist 
Rust: Improve StmtList
 2025-09-30 09:53:55 +01:00
Nick Rolfe
9688d84f3e Merge pull request #20549 from github/post-release-prep/codeql-cli-2.23.2 
Post-release preparation for codeql-cli-2.23.2
 2025-09-30 09:45:22 +01:00
Simon Friis Vindum
ef80ff416f Bazel: regenerate vendored cargo dependencies 2025-09-30 10:28:42 +02:00
Simon Friis Vindum
4846cf4791 Cargo: upgrade dependencies 2025-09-30 10:21:17 +02:00
Chris Smowton
f1239352ce Note issue in related query 2025-09-29 18:43:59 +01:00
Chris Smowton
18c5cb10d9 Ruby: Update CSRF protection notes in documentation 
Autofix is confused about how the `protect_from_forgery` method works in Rails >= 5: GPT-5 says:

> In modern Rails versions (>=5, including 6 and 7 which this gem permits), ActionController::Base already enables CSRF protection by default with the `:exception` strategy; an explicit call to `protect_from_forgery` without options does not weaken security.

This is false: manual testing confirms that it actually does downgrade from `:exception` to `:null-session` behaviour when a manual call is made.

I can't find any authoritative source showing this gotcha, so I can see how the AI is confused and how humans might also struggle to verify the truth.
 2025-09-29 18:42:11 +01:00
github-actions[bot]
a7a4e43991 Post-release preparation for codeql-cli-2.23.2 2025-09-29 15:10:19 +00:00
Nick Rolfe
a05ffdbc81 Merge pull request #20545 from github/release-prep/2.23.2 
Release preparation for version 2.23.2
codeql-cli/v2.23.2 		2025-09-29 15:35:24 +01:00
Nick Rolfe
a76d736136 C#: tweak changelog wording 2025-09-29 15:32:52 +01:00
Simon Friis Vindum
98a20f9820 Rust: Add change note 2025-09-29 14:58:34 +02:00
Simon Friis Vindum
37ffe82ac9 Rust: Handle functions as lambdas 2025-09-29 14:49:04 +02:00
Simon Friis Vindum
0728692e93 Rust: Add tests for functions as lambdas 2025-09-29 14:46:53 +02:00
idrissrio
b82d8c2252 Java: Accept new test results after query change 2025-09-29 13:38:01 +02:00