hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-31 12:48:17 +02:00
Code Issues Packages Projects Releases Wiki Activity
86,161 Commits 1,723 Branches 164 Tags
codeql-cli/v2.24.3
Commit Graph

86161 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Owen Mansel-Chan
b3681f7a0c Model flow through Shellwords escape and shellescape 2026-02-17 22:27:11 +00:00
Owen Mansel-Chan
6294c3b3b8 Remove Shellwords sanitizer in ql 
Note that some sanitizers had no effect because flow through those functions wasn't modeled.
 2026-02-17 22:27:10 +00:00
Owen Mansel-Chan
4aee99f0eb Reinstate SQLite3 sanitizer in MaD 2026-02-17 22:27:08 +00:00
Owen Mansel-Chan
5df695bec9 Move SQLite3 flow model to MaD and remove ql sanitizer 2026-02-17 22:27:06 +00:00
Owen Mansel-Chan
1fa183ee2a Improve Sqlite3 test 2026-02-17 22:27:04 +00:00
Owen Mansel-Chan
d4bb92b038 Reinstate Mysql2 sanitizer in MaD 2026-02-17 22:27:03 +00:00
Owen Mansel-Chan
3e4f42f8a3 Move Mysql2 flow model to MaD and remove ql sanitizer 2026-02-17 22:27:01 +00:00
Owen Mansel-Chan
fc429c1757 Improve Mysql2 test 2026-02-17 22:27:00 +00:00
Owen Mansel-Chan
1d7a39a093 Change how sql-injection barriers are accepted 2026-02-17 22:26:58 +00:00
Ben Rodes
a1eaf42cbf Update python/ql/lib/change-notes/2026-02-09-ssrf_test_case_cleanup_and_new_ssrf_barriers.md 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2026-02-17 13:05:51 -05:00
Óscar San José
fa73cd5d5c Remove unnecessary blank line in test.py 2026-02-17 18:49:51 +01:00
Óscar San José
6760390d75 Fix imports 2026-02-17 18:49:11 +01:00
Óscar San José
60295662b7 Merge branch 'main' into oscarsj/skip-csharp-integration-on-macos-26 2026-02-17 18:42:16 +01:00
Ben Rodes
ea0d1bf262 Apply suggestion from @bdrodes 2026-02-17 12:38:59 -05:00
Ben Rodes
0106072b88 Update cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2026-02-17 12:35:27 -05:00
Ben Rodes
779fd757a3 Update cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2026-02-17 12:35:15 -05:00
Óscar San José
0b31ca4348 Merge pull request #21340 from github/copilot/sub-pr-21339 
Centralize mono/nuget platform skip predicate in conftest.py
 2026-02-17 18:26:31 +01:00
copilot-swe-agent[bot]
60b8213fdd Remove unused pytest import from conftest.py 
Co-authored-by: oscarsj <1410188+oscarsj@users.noreply.github.com>
 2026-02-17 17:22:27 +00:00
copilot-swe-agent[bot]
004ebd386c Centralize mono/nuget skip predicate in conftest.py 
Co-authored-by: oscarsj <1410188+oscarsj@users.noreply.github.com>
 2026-02-17 17:21:50 +00:00
copilot-swe-agent[bot]
9efe112026 Initial plan 2026-02-17 17:16:54 +00:00
Óscar San José
5cf281a1b6 Apply suggestions from code review 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-02-17 18:16:51 +01:00
Jeroen Ketema
61dc1d673e Merge pull request #21331 from jketema/must-flow 
C++: Modernize `MustFlow` and fix `allowInterproceduralFlow` in the case of direct recursion
 2026-02-17 17:36:58 +01:00
Óscar San José
0676ba1c07 Skip csharp integration tests on macos-26 2026-02-17 17:23:38 +01:00
Ben Rodes
1072d6a7b7 Apply suggestion from @geoffw0 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2026-02-17 10:49:58 -05:00
Ben Rodes
ceb3b21e0f Update python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgeryCustomizations.qll 
Co-authored-by: Taus <tausbn@github.com>
 2026-02-17 10:28:43 -05:00
Ben Rodes
c811fae876 Update cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2026-02-17 10:14:11 -05:00
Ben Rodes
549dcb31be Update cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2026-02-17 10:13:55 -05:00
Owen Mansel-Chan
05f9b4124d Revert "javascript: remove sanitizer to be replaced by model" 
This reverts commit da2f77d615.
 2026-02-17 14:39:04 +00:00
Owen Mansel-Chan
b8f9dd9de5 Revert "javascript: add MaD model" 
This reverts commit 75bd4a7a12.
 2026-02-17 14:38:56 +00:00
Michael Nebel
a8e93e7fa0 Merge pull request #21325 from michaelnebel/csharp14/partialmembers 
C# 14: Support for partial `event` declarations.
 2026-02-17 15:00:00 +01:00
Idriss Riouak
744ade6720 Merge pull request #21338 from github/idrissrio/java/fix-change-note 
Java: Fix Maven change note
 2026-02-17 14:48:37 +01:00
Idriss Riouak
c877487e11 Merge pull request #21337 from github/idrissrio/java/jdk26-note 
Java: Add change note for Java 26 and updated supported languages
 2026-02-17 14:48:16 +01:00
idrissrio
5151df456c Java: Fix Maven change note 2026-02-17 14:27:27 +01:00
idrissrio
8aa839f4c0 Java: Address review comments 2026-02-17 14:19:12 +01:00
idrissrio
1a35a05ccc Java: Update supported language versions to include Java 26 2026-02-17 13:59:45 +01:00
idrissrio
bd94ceddd9 Java: Add change note for JDK 26 2026-02-17 13:58:55 +01:00
Owen Mansel-Chan
3dc465f167 Accept MaD sanitizers for queries with MaD sinks 2026-02-17 12:48:36 +00:00
Owen Mansel-Chan
61e8f91404 Accept MaD sanitizers for queries with MaD sinks 2026-02-17 12:45:24 +00:00
Tom Hvitved
e587541e55 Rust: Restrict type propagation into receivers 2026-02-17 13:42:56 +01:00
Tom Hvitved
8a051d7e57 Rust: Add type inference test 2026-02-17 13:40:16 +01:00
Michael Nebel
fa27eaabef Merge pull request #21309 from michaelnebel/csharp14/field 
C# 14: Support the `field` keyword.
 2026-02-17 11:53:48 +01:00
Tom Hvitved
d3541b87d6 Rust: Make path resolution robust against invalid code with conflicting declarations 2026-02-17 11:13:32 +01:00
idrissrio
c3f0967e9b C/C++ overlay: discard single location elements 2026-02-17 10:50:24 +01:00
Jeroen Ketema
3aa21242cd C++: Add change notes 2026-02-17 10:28:29 +01:00
Owen Mansel-Chan
94e3d86f6a Merge pull request #21319 from owen-mc/java/javax-jakarta 
Java: Always use both "javax" and "jakarta" at the beginning of Jave EE packages
 2026-02-17 08:31:52 +00:00
Jeroen Ketema
31895c04f8 C++: MustFlow minor clean up 2026-02-17 09:06:36 +01:00
Jeroen Ketema
e299cccb6e C++: Simplify test 2026-02-16 19:09:30 +01:00
Jeroen Ketema
4efbc6ea9b C++: Handle allowInterproceduralFlow correctly in case of recursive functions 2026-02-16 19:04:23 +01:00
Jeroen Ketema
366ebcad83 C++: Add cpp/return-stack-allocated-memory test case 2026-02-16 18:58:39 +01:00
Michael B. Gale
b34777e67f Merge pull request #21332 from github/post-release-prep/codeql-cli-2.24.2 
Post-release preparation for codeql-cli-2.24.2
 2026-02-16 17:50:30 +00:00