hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-06 07:34:00 +02:00
Code Issues Packages Projects Releases Wiki Activity
86,439 Commits 1,732 Branches 164 Tags
codeql-cli/v2.25.0
Commit Graph

86439 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
be7db8079a Rust: Accept consistency check change (from CI). 2025-07-14 10:59:03 +01:00
Joe Farebrother
ea48fcca8f Update doc for equalsNotEquals 2025-07-14 10:49:28 +01:00
Ian Lynagh
86ebf3d9f6 Merge pull request #20034 from github/igfoo/fix_regex_in_dbscheme_parser 
Kotlin: Update regex patterns to use raw string notation
 2025-07-14 10:43:45 +01:00
Jeroen Ketema
f07d8ee493 Remove duplicate copies of CryptoAlgorithms and CryptoAlgorithmNames 2025-07-14 11:39:06 +02:00
Jeroen Ketema
f4ba2e1fd0 Properly share CryptoAlgorithms and CryptoAlgorithmNames 2025-07-14 11:39:00 +02:00
Jeroen Ketema
c582a9ccd6 Remove duplicate copies of SensitiveDataHeuristics 2025-07-14 11:38:52 +02:00
Jeroen Ketema
8b828cecf1 Use shared SensitiveDataHeuristics 2025-07-14 11:38:47 +02:00
Jeroen Ketema
01ee3f7011 Shared: Add shared concepts library 2025-07-14 11:38:39 +02:00
Michael B. Gale
27f2000eff Merge pull request #20035 from github/dependabot/go_modules/go/extractor/extractor-dependencies-5538d87460 
Bump golang.org/x/tools from 0.34.0 to 0.35.0 in /go/extractor in the extractor-dependencies group
 2025-07-14 10:12:38 +01:00
Simon Friis Vindum
1f2e0683e7 Rust: Rename type inference test inline expectation tag 2025-07-14 11:02:22 +02:00
Napalys Klicius
cb6978063e Merge pull request #19388 from AdnaneKhan/patch-1 
Actions: Fix Critical Artifact poisoning False Positive
 2025-07-14 09:58:18 +02:00
dependabot[bot]
c267a88f88 Bump golang.org/x/tools 
---
updated-dependencies:
- dependency-name: golang.org/x/tools
  dependency-version: 0.35.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-07-14 03:37:24 +00:00
Ian Lynagh
a6701ced8d Kotlin: Update regex patterns to use raw string notation 
Fixes warnings like
SyntaxWarning: invalid escape sequence '\S'
 2025-07-13 23:42:50 +01:00
Jeroen Ketema
d82d5c23bf Merge pull request #20026 from jketema/concept-fix 
C++: Fix C++20 concept related class extensions
 2025-07-13 10:20:10 +02:00
Owen Mansel-Chan
391e9f7471 Merge pull request #20000 from owen-mc/go/request-forgery 
Go: Add `Head` and `Client.Head` from `net/http` as request forgery sinks
 2025-07-12 00:30:23 +01:00
Owen Mansel-Chan
03e8865933 Merge pull request #20025 from owen-mc/java/unsafe-deserialization 
Java: add extra sink for `java/unsafe-deserialization`
 2025-07-11 23:59:22 +01:00
Joe Farebrother
58f503de38 Update docs for incomplete ordering + inconsistent hashing 2025-07-11 23:08:50 +01:00
Geoffrey White
05e1cd437d Rust: Fix garbled merge. 2025-07-11 17:50:24 +01:00
Geoffrey White
e20ae48699 Merge branch 'main' into models3b 2025-07-11 17:37:52 +01:00
Adnan Khan
c95b5ce598 Merge branch 'main' into patch-1 2025-07-11 09:12:39 -07:00
AdnaneKhan
6ac0f0e031 Fix change note filename. 2025-07-11 12:11:58 -04:00
Geoffrey White
68a37f99e3 Rust: Add something similar as a type inference test case. 2025-07-11 17:08:05 +01:00
Arthur Baars
14a362d1bc Merge pull request #20029 from github/aibaars/more-pattern-tests 
Rust: add more type inference tests for patterns and a simple one for a closure call
 2025-07-11 17:35:37 +02:00
Geoffrey White
33ea822f40 Rust: Workaround for type inference issue in the test. 2025-07-11 16:09:43 +01:00
Taus
30f705822d JavaScript: Add test where outDir resolves to an unwanted path 2025-07-11 14:58:03 +00:00
Taus
344535b559 Merge pull request #19672 from github/tausbn/python-support-type-annotations-in-call-graph 
Python: Support type annotations in call graph
 2025-07-11 16:44:10 +02:00
Geoffrey White
4778ef616a Rust: Add a test case for password_confirmation. 2025-07-11 15:43:31 +01:00
Tom Hvitved
88b4f971b5 Merge pull request #20027 from hvitved/rust/remove-resolves-as-item 
Rust: Remove `Resolvable.resolvesAsItem`
 2025-07-11 16:39:12 +02:00
Mathias Vorreiter Pedersen
1da42cb590 Merge pull request #20023 from MathiasVP/dataflow-for-functors 
C++: Better dataflow for function objects
 2025-07-11 15:14:27 +01:00
Joe Farebrother
843a6c8012 Remove total order check from equals not equals (doesn't make sense there; total order doesn't define eq or ne methods at all) 2025-07-11 15:12:59 +01:00
Joe Farebrother
083d258585 Add/update unit tests 2025-07-11 15:10:45 +01:00
Arthur Baars
519905ee9e Rust: type inference: add test for closure argument 2025-07-11 15:59:43 +02:00
Arthur Baars
32e7a9d445 Rust: type inference: more pattern matching tests 
Thanks to co-pilot for generating the examples
 2025-07-11 15:55:45 +02:00
Taus
2f822cb0cd JavaScript: Add change note 2025-07-11 13:32:35 +00:00
Taus
43accc50cd JavaScript: Ignore outDirs that would exclude everything 
In #19680 we added support for automatically ignoring files in the
`outDir` directory as specified in the TSconfig compiler options (as
these files were likely duplicates of `.ts` file we were already
scanning).

However, in some cases people put `outDir: "."` or even `outDir: ".."`
in their configuration, which had the side effect of excluding _all_
files, leading to a failed extraction.

With the changes in this PR, we now ignore any `outDir`s that are not
properly contained within the source root of the code being scanned.
This should prevent the files from being extracted, while still allowing
us to not double-scan files in, say, a `.github` directory, as seen in
some Actions workflows.
 2025-07-11 13:28:59 +00:00
Mathias Vorreiter Pedersen
053a749e14 C++: Add change note. 2025-07-11 13:43:01 +01:00
Tom Hvitved
655b3de6bb Rust: Remove Resolvable.resolvesAsItem 
Removes one more use of extractor-based resolution.
 2025-07-11 14:41:41 +02:00
Mathias Vorreiter Pedersen
649c8831ec Merge pull request #20014 from jketema/wchar 
C++: Do not alert on unreachable code in `cpp/incorrect-string-type-conversion`
 2025-07-11 13:39:37 +01:00
Tom Hvitved
0a18db8960 Merge pull request #20020 from hvitved/rust/type-inference-pattern-matching 
Rust: Type inference for pattern matching
 2025-07-11 14:05:10 +02:00
Taus
c6c6a857df Python: Add tests 
Also fixes an issue with the return type annotations that caused these
to not work properly.

Currently, annotated assignments don't work properly, due to the fact
that our flow relation doesn't consider flow going to the "type" part of
an annotated assignment. This means that in `x : Foo`, we do correctly
note that `x` is annotated with `Foo`, but we have no idea what `Foo`
is, since it has no incoming flow.

To fix this we should probably just extend the flow relation, but this
may need to be done with some care, so I have left it as future work.
 2025-07-11 12:03:14 +00:00
Taus
2c45550a9f Python: Add change note 
Co-authored-by: Napalys Klicius <napalys@github.com>
 2025-07-11 12:03:14 +00:00
Taus
d1cf7f0624 Python: Support type annotations in call graph 
Adds support for tracking instances via type annotations. Also adds a
convenience method to the newly added `Annotation` class,
`getAnnotatedExpression`, that returns the expression that is annotated
with the given type. For return annotations this is any value returned
from the annotated function in question.

Co-authored-by: Napalys Klicius <napalys@github.com>
 2025-07-11 12:03:14 +00:00
Jeroen Ketema
232377a583 C++: Fix C++20 concept related class extensions 2025-07-11 13:38:06 +02:00
Geoffrey White
8f6f9f4359 Add change notes. 2025-07-11 11:54:59 +01:00
Tom Hvitved
edf6c7fbd6 Rust: Handle (Enum::)Variant::<TypeArg> type mentions 2025-07-11 12:44:47 +02:00
Tom Hvitved
a96d3d7be8 Rust: Add more type inference tests 2025-07-11 12:42:54 +02:00
Owen Mansel-Chan
7764fbb664 Change note 2025-07-11 11:05:48 +01:00
Owen Mansel-Chan
8e4bd1a102 Add sink for ObjectInput.readObject to make test pass 2025-07-11 11:05:38 +01:00
Owen Mansel-Chan
34fae324a0 Add test for ObjectInput.readObject 2025-07-11 11:03:47 +01:00
Mathias Vorreiter Pedersen
4f538a2b1f C++: Accept taint test changes. 2025-07-11 09:46:22 +01:00