hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-31 20:58:16 +02:00
Code Issues Packages Projects Releases Wiki Activity
86,161 Commits 1,723 Branches 164 Tags
codeql-cli/v2.24.3
Commit Graph

86161 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
github-actions[bot]
b5898c5a30 Post-release preparation for codeql-cli-2.24.2 2026-02-16 17:07:45 +00:00
Taus
cd62cdadff Python: Fix bad join in returnStep 2026-02-16 16:48:08 +00:00
Jeroen Ketema
73194a5e86 C++: Fix QL-for-QL warnings and missing QLDoc 2026-02-16 17:40:18 +01:00
Jeroen Ketema
26a1f4888a C++: Modernize MustFlow using parameterized modules 2026-02-16 17:27:41 +01:00
Michael Nebel
c29bac2bc1 C#: Add change-note. 2026-02-16 16:13:06 +01:00
Michael Nebel
43c6e7d250 C#: Update test expected output. 2026-02-16 16:10:32 +01:00
Michael Nebel
9289ac2838 C#: Support for partial event declarations. 2026-02-16 16:10:28 +01:00
Michael Nebel
eec4739497 C#: Add viable callable test for partial event. 2026-02-16 16:10:26 +01:00
Michael Nebel
2b78a7b256 C#: Add PartialEvent test case. 2026-02-16 16:10:25 +01:00
Michael B. Gale
fb67f93a86 Merge pull request #21330 from github/release-prep/2.24.2 
Release preparation for version 2.24.2
codeql-cli/v2.24.2 		2026-02-16 15:00:27 +00:00
Taus
304cd12fff Python: Fix bad join in missing_imported_module 
This caused a ~30x blowup in intermediate tuples, now back to baseline.
 2026-02-16 13:48:33 +00:00
Taus
987b10ab3e Python: Fix bad join in OutgoingRequestCall 
On `keras-team/keras`, this was producing ~200 million intermediate
tuples in order to produce a total of ... 2 tuples.

After the refactor, max intermediate tuple count is ~80k for the
charpred (and 4 for the new helper predicate).
 2026-02-16 13:48:33 +00:00
Taus
72f5109ec2 Python: Add more overlay[caller] to Flow.qll 
These were causing the repo `gufolabs/noc` to spend ~30 seconds
evaluating `ControlFlowNode.strictlyDominates`. Just in case, I added
`overlay[caller] to the other instances of `pragma[inline]` as well.
 2026-02-16 13:48:33 +00:00
Taus
248932db7a Python: Fix frameworks/data/warnings.ql 2026-02-16 13:48:32 +00:00
Taus
306d7d1b5d Python: DataFlowDispatch.qll annotations 2026-02-16 13:48:32 +00:00
Taus
7ea96c43ec Python: DataFlowPrivate.qll annotations 2026-02-16 13:48:32 +00:00
Taus
bd71db87be Python: DataFlowPublic.qll annotations 2026-02-16 13:48:32 +00:00
Taus
c46c662b72 Python: LocalSources.qll annotations 2026-02-16 13:48:32 +00:00
Taus
df0f2f8ce4 Python: Simple dataflow annotations 
None of these required any changes to the dataflow libraries, so it
seemed easiest to put them in their own commit.
 2026-02-16 13:48:32 +00:00
Taus
51ebec9164 Python: Fix broken queries 2026-02-16 13:48:32 +00:00
Taus
fd7b123ee3 Python: Add overlay annotations to AST classes 
... and everything else that it depends on.
 2026-02-16 13:48:32 +00:00
Tom Hvitved
79cbf2f1cf Merge pull request #21312 from hvitved/rust/type-inference-bad-join 
Rust: Fix bad join
 2026-02-16 14:45:58 +01:00
Simon Friis Vindum
d0681c6ffb C++: Divide nr of bounds between branches for phi nodes 2026-02-16 14:36:09 +01:00
Simon Friis Vindum
032c7ea034 C++: Include the actual number of lower/upper bounds for added context in expected files 2026-02-16 14:36:08 +01:00
Simon Friis Vindum
da527ffc19 C++: Add simple range analysis test with repeated if-else statements 2026-02-16 14:36:06 +01:00
github-actions[bot]
ef04f927fb Release preparation for version 2.24.2 2026-02-16 13:29:25 +00:00
Owen Mansel-Chan
7742a5667f Merge pull request #21326 from owen-mc/java/log-injection-regex-match 
Java: Recognise `@Pattern` annotation as sanitizer for log injection
 2026-02-16 12:14:28 +00:00
Owen Mansel-Chan
cf73d96c9d Update test results (remove SPURIOUS annotations) 2026-02-16 12:03:02 +00:00
Owen Mansel-Chan
597be6a1c0 Add change note 2026-02-16 12:01:15 +00:00
Owen Mansel-Chan
94f1d94a2b Rename MethodCall ma to mc 2026-02-16 12:01:14 +00:00
Owen Mansel-Chan
9fc95f5171 Expand log injection sanitizers to annotation regex matches 2026-02-16 12:01:13 +00:00
Owen Mansel-Chan
924bb92d91 Expand log injection sanitizer guards to non-annotation regex matches 2026-02-16 12:01:11 +00:00
Owen Mansel-Chan
60e58f8219 Refactor logInjectionGuard part 2 2026-02-16 12:01:10 +00:00
Owen Mansel-Chan
6c0c1d558e Refactor logInjectionGuard part 1 2026-02-16 12:01:08 +00:00
Owen Mansel-Chan
146fc7a8c0 Add failing log injection test for @Pattern validation 2026-02-16 12:01:07 +00:00
Owen Mansel-Chan
91c731f68d Fix new usage that was introduced 2026-02-16 11:03:27 +00:00
Owen Mansel-Chan
c4192b670b More copilot suggestions 2026-02-16 11:02:21 +00:00
Owen Mansel-Chan
53b8f2abb1 Apply copilot's fixes 2026-02-16 11:02:20 +00:00
Owen Mansel-Chan
178fbf9600 Add missing QLDoc 2026-02-16 11:02:19 +00:00
Owen Mansel-Chan
6da3a4557e Add change note 2026-02-16 11:02:17 +00:00
Owen Mansel-Chan
31840902cd Fix places which already dealt with both javax and jakarta 2026-02-16 11:02:16 +00:00
Owen Mansel-Chan
4b240ebf8a Define new predicate javaxOrJakarta() 2026-02-16 11:02:14 +00:00
Owen Mansel-Chan
a5e6f6daf9 Replace "javax" with javaxOrJakarta() 
This is just a find-replace of `"javax` with `javaxOrJakarta() + "`.
 2026-02-16 11:02:12 +00:00
Jeroen Ketema
7d2b40c657 Merge pull request #21313 from MathiasVP/range-analysis-lower-bound-and-measure-enums 
C++: Measure bounds for `Enum` constants and reduce `getBoundsLimit`
 2026-02-16 11:50:38 +01:00
Mathias Vorreiter Pedersen
5ccd61ac97 C++: Respond to review comments. 2026-02-16 09:49:31 +00:00
Mathias Vorreiter Pedersen
bfbb2eef6c C++: Add a test showing that we infer a lower and upper bound for parameters of enum types. 2026-02-16 09:38:15 +00:00
Mathias Vorreiter Pedersen
84be8517bb Update cpp/ql/lib/semmle/code/cpp/rangeanalysis/SimpleRangeAnalysis.qll 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-02-16 09:30:56 +00:00
Tom Hvitved
149f3ed5b6 Merge pull request #21301 from hvitved/rust/type-inference-trait-call-perf 
Rust: Speedup type inference for `Trait::function()` calls
 2026-02-16 10:20:50 +01:00
Owen Mansel-Chan
47a9f87d9b Merge pull request #21310 from owen-mc/java/regex-execution 
Java: Add RegexMatch concept and recognise `@Pattern` annotation as sanitizer
 2026-02-16 09:11:47 +00:00
Simon Friis Vindum
6f609a5ed6 Merge pull request #21316 from paldepind/ruby/binary-of-at-start-of-line 
Ruby: Add test cases for binary operator at start of line
 2026-02-16 09:49:48 +01:00