hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-01 21:34:50 +01:00
Code Issues Packages Projects Releases Wiki Activity
85,907 Commits 1,697 Branches 161 Tags
codeql-cli/v2.24.2
Commit Graph

85907 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ben Ahmady
513dcf1cb4 Merge branch 'main' into basicquery 2025-10-01 11:02:19 +01:00
Owen Mansel-Chan
c93852d87a Improve comments in test file 2025-10-01 11:01:58 +01:00
Simon Friis Vindum
daf0cf1c1b Rust: Rename predicates 2025-10-01 11:43:51 +02:00
Owen Mansel-Chan
dd3f754cb3 Add change note. 2025-10-01 09:32:00 +01:00
Simon Friis Vindum
a359a24c9e Merge pull request #20559 from paldepind/rust/string-add-ref 
Rust: Add taint model for add on `String`
 2025-10-01 09:38:54 +02:00
REDMOND\brodes
26b8a394b3 Adjusting acryonym for SSRF for casing standards. 2025-09-30 14:09:06 -04:00
REDMOND\brodes
a660eaba95 Adding docs. 2025-09-30 14:07:32 -04:00
REDMOND\brodes
acddb2c272 Moved change log to correct location. 2025-09-30 14:02:43 -04:00
Ben Rodes
d790c6df57 Update python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/test_azure_client.py 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-09-30 14:00:25 -04:00
Ben Rodes
fab96d9539 Update python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/test_azure_client.py 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-09-30 14:00:16 -04:00
Ben Rodes
5ca9ff2082 Update python/ql/lib/semmle/python/frameworks/SSRFSink.qll 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-09-30 14:00:05 -04:00
REDMOND\brodes
341f553866 Added change logs. 2025-09-30 13:55:31 -04:00
REDMOND\brodes
704e2966cb Adding azure sdk test cases and updated test expected file. 2025-09-30 13:32:56 -04:00
REDMOND\brodes
d27d4fdb27 Updating comments. 2025-09-30 13:31:48 -04:00
Geoffrey White
372b5870b1 Merge pull request #20554 from geoffw0/docs1 
Rust: Consistency fix for reusables/extractors.rst.
 2025-09-30 17:41:05 +01:00
REDMOND\brodes
47fac883b8 Azure SDK models for SSRF analysis. 
(cherry picked from commit 0274962612c02af09729526a3c44a545c1e69be8)
 2025-09-30 11:58:26 -04:00
Geoffrey White
92122fef58 Rust: statement -> expression. 2025-09-30 15:48:26 +01:00
Geoffrey White
d9955ce93c Merge pull request #20503 from geoffw0/cookie 
Rust: New query rust/insecure-cookie
 2025-09-30 15:26:37 +01:00
Tom Hvitved
537e7a8ec3 Rust: Fix formatting 2025-09-30 16:24:38 +02:00
Tom Hvitved
701cff3ca4 Rust: Macro call resolution 2025-09-30 16:21:02 +02:00
Owen Mansel-Chan
a2a9575587 Add tests for safe URL flow 2025-09-30 15:05:42 +01:00
Simon Friis Vindum
19871a2653 Rust: Accept test changes 2025-09-30 15:26:30 +02:00
Geoffrey White
771d9345b5 Merge branch 'main' into basicquery 2025-09-30 14:19:00 +01:00
Mathias Vorreiter Pedersen
ca53a8e787 C++: Update QLDoc. 2025-09-30 14:15:55 +01:00
Mathias Vorreiter Pedersen
1b2bd30a29 Update cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2025-09-30 14:14:19 +01:00
Chris Smowton
f88daff45f Java: note that classes with entirely private constructors can't be subclassed 2025-09-30 13:57:44 +01:00
Simon Friis Vindum
49efd574a0 Rust: Add taint model for add on String 2025-09-30 14:48:03 +02:00
Idriss Riouak
fa8cbeeb44 Merge pull request #20546 from github/idrissrio/ql-constant 
Java: Fix false positives in evaluation-to-constant query for ErrorType
 2025-09-30 14:24:28 +02:00
Chris Smowton
ff4b97bf2d Reword 2025-09-30 13:08:03 +01:00
Simon Friis Vindum
c878af2b9d Rust: Remove member predicates on Type 2025-09-30 13:28:33 +02:00
Owen Mansel-Chan
5b07e8c9c4 Fix bug in UnsafeFieldReadSanitizer 2025-09-30 12:05:06 +01:00
Owen Mansel-Chan
b5fda88bd3 Remove duplication of UnsafeFieldReadSanitizer 2025-09-30 12:04:39 +01:00
idrissrio
63771110a5 Java: Address review comment 2025-09-30 11:46:37 +02:00
Michael Nebel
018ccb3354 C#: Update locations test expected output. 2025-09-30 11:33:28 +02:00
Michael Nebel
d7a2c7da18 C#: Adjust the QL library to use the locations of the unbound declarations. 2025-09-30 11:33:26 +02:00
Michael Nebel
b2cbac3250 C#: Temporarily update the test expected file. 2025-09-30 11:33:23 +02:00
Michael Nebel
443c183e41 C#: Only extract locations for unbound declarations (if a declaration can be unfound) and don't extract empty locations. 2025-09-30 11:33:21 +02:00
Michael Nebel
e9901305b2 C#: Rename GeneratedLocation to EmptyLocation and make sure that we always create one such location. 2025-09-30 11:33:19 +02:00
Michael Nebel
5843fdbdd8 C#: Add a locations example. 2025-09-30 11:33:17 +02:00
Geoffrey White
90a7a58929 Merge pull request #20515 from geoffw0/libs 
Rust: Update Supported languages and frameworks
 2025-09-30 09:56:09 +01:00
Geoffrey White
a286631018 Merge pull request #20512 from geoffw0/stmtlist 
Rust: Improve StmtList
 2025-09-30 09:53:55 +01:00
Nick Rolfe
9688d84f3e Merge pull request #20549 from github/post-release-prep/codeql-cli-2.23.2 
Post-release preparation for codeql-cli-2.23.2
 2025-09-30 09:45:22 +01:00
Simon Friis Vindum
ef80ff416f Bazel: regenerate vendored cargo dependencies 2025-09-30 10:28:42 +02:00
Simon Friis Vindum
4846cf4791 Cargo: upgrade dependencies 2025-09-30 10:21:17 +02:00
Chris Smowton
f1239352ce Note issue in related query 2025-09-29 18:43:59 +01:00
Chris Smowton
18c5cb10d9 Ruby: Update CSRF protection notes in documentation 
Autofix is confused about how the `protect_from_forgery` method works in Rails >= 5: GPT-5 says:

> In modern Rails versions (>=5, including 6 and 7 which this gem permits), ActionController::Base already enables CSRF protection by default with the `:exception` strategy; an explicit call to `protect_from_forgery` without options does not weaken security.

This is false: manual testing confirms that it actually does downgrade from `:exception` to `:null-session` behaviour when a manual call is made.

I can't find any authoritative source showing this gotcha, so I can see how the AI is confused and how humans might also struggle to verify the truth.
 2025-09-29 18:42:11 +01:00
github-actions[bot]
a7a4e43991 Post-release preparation for codeql-cli-2.23.2 2025-09-29 15:10:19 +00:00
Nick Rolfe
a05ffdbc81 Merge pull request #20545 from github/release-prep/2.23.2 
Release preparation for version 2.23.2
codeql-cli/v2.23.2 		2025-09-29 15:35:24 +01:00
Nick Rolfe
a76d736136 C#: tweak changelog wording 2025-09-29 15:32:52 +01:00
Simon Friis Vindum
98a20f9820 Rust: Add change note 2025-09-29 14:58:34 +02:00