hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-07 08:04:03 +02:00
Code Issues Packages Projects Releases Wiki Activity
86,439 Commits 1,734 Branches 164 Tags
codeql-cli/v2.25.0
Commit Graph

86439 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Napalys Klicius
75ee649362 JS: add change note 2025-06-12 12:14:14 +02:00
Napalys Klicius
923aff2439 JS: Fixed false positive on manual string interpolation. 2025-06-12 11:35:33 +02:00
Owen Mansel-Chan
538a5af1d1 Merge pull request #19738 from owen-mc/pr/felickz/19530 
Set CWE-134 from 9.3 to 7.3 CVSS score for memory safe languages (#2)
 2025-06-12 10:27:28 +01:00
Napalys Klicius
bafe7e66ad JS: Fix template literal detection in string concatination 2025-06-12 11:18:20 +02:00
Simon Friis Vindum
8cde1eefb2 Rust: Remove Access from adjustAccessType 2025-06-12 11:16:32 +02:00
Simon Friis Vindum
f138f77cc1 Rust: Only adjust access type for method call expressions 2025-06-12 11:16:30 +02:00
Simon Friis Vindum
03c9a78bfb Rust: Simplify accessDeclarationPositionMatch 2025-06-12 11:16:29 +02:00
Simon Friis Vindum
3463ebd8ce Rust: Adapt data flow consistency queries to ! being a call 
The exact same problem occurs in Ruby, hence the `multipleArgumentCallExclude` implementation is adapted from Ruby's.
 2025-06-12 11:16:28 +02:00
Simon Friis Vindum
fecd445e78 Rust: Use Call in data flow 2025-06-12 11:16:26 +02:00
Simon Friis Vindum
5642445e1d Rust: Fix canonical path for Deref trait 2025-06-12 11:16:25 +02:00
Simon Friis Vindum
7684e01c3a Rust: Use Call in type inference 2025-06-12 11:16:19 +02:00
Napalys Klicius
861e4ee11e JS: Added test cases including manual interpolation and string concatination. 2025-06-12 11:15:36 +02:00
Simon Friis Vindum
47864781c1 Rust: Add abstraction over all kinds of calls 2025-06-12 11:12:06 +02:00
Simon Friis Vindum
ce1c9fbec1 Rust: Account for arity in operator overloading 
For instance the binary `&` is overloadable but the prefix `&` is not. Similarly, `*` has a different target depending on if it's prefix or infix.
 2025-06-12 11:12:04 +02:00
Simon Friis Vindum
18583550ae Rust: Add data flow tests for operator overloading 2025-06-12 11:12:03 +02:00
Paolo Tranquilli
3c834de5be Rust: fix dataflow models test 2025-06-12 11:04:30 +02:00
Anders Schack-Mulligen
d0d47808e9 Java: Add change note. 2025-06-12 11:03:49 +02:00
Tom Hvitved
d667f7d411 Merge pull request #19732 from hvitved/rust/builtin-canonical-paths 
Rust: Generate canonical paths for builtins
 2025-06-12 10:47:00 +02:00
Paolo Tranquilli
85e9f5a3b0 Merge pull request #19559 from github/redsun82/rust-extract-libs 
Rust: move body skipping logic to code generation
 2025-06-12 10:45:30 +02:00
Tom Hvitved
649481e279 Merge pull request #19657 from hvitved/rust/type-inference-index-expr-simple 
Rust: Simple type inference for index expressions
 2025-06-12 10:27:09 +02:00
Owen Mansel-Chan
23cbc6abc4 Merge pull request #19723 from apsscolari/update-precision-java-concatenated-command-line 
Update precision java concatenated command line
 2025-06-12 09:23:00 +01:00
Geoffrey White
fdf1dca28f Merge pull request #19735 from geoffw0/canonical 
Rust: Update RegexInjectionExtensions to use getCanonicalPath.
 2025-06-12 09:14:52 +01:00
Napalys Klicius
c5a1421405 JS: promote suspicious-method-name-declaration to quality query. 2025-06-12 09:54:01 +02:00
Napalys Klicius
60e3b0c8e7 JS: Update qhelp and added more examples. 2025-06-12 09:53:56 +02:00
Napalys Klicius
41f4236b86 JS: expanded suspicious-method-name-declaration test suite 2025-06-12 09:29:30 +02:00
Paolo Tranquilli
326ddd6625 Merge branch 'main' into redsun82/rust-mad 2025-06-12 09:24:44 +02:00
Paolo Tranquilli
a6cc94698a Rust: fix inline flow test 2025-06-12 09:24:33 +02:00
Tom Hvitved
383cc5c2a7 Rust: Rename Bultins.qll -> Builtins.qll 2025-06-12 09:12:32 +02:00
REDMOND\brodes
20e2c7cefd Crypto: Overhaul/refactor of EVPInitialzers. Update cipher operation to disallow null key and IV on initializers (typically do not represent an actual key or IV). 2025-06-12 00:41:15 -04:00
Ana Scolari
a07ce30d30 Update java-code-scanning.qls.expected 
removing line once this query precision is changed to Medium
 2025-06-11 15:27:20 -07:00
Ana Scolari
374d7da4a2 Merge branch 'main' into update-precision-java-concatenated-command-line 2025-06-11 15:24:41 -07:00
Jon Janego
7f76f5b056 Merge pull request #19740 from github/changedocs-2.22.0 
Changedocs 2.22.0
 2025-06-11 17:18:16 -05:00
Jon Janego
94a2d0876c escaping 2025-06-11 17:02:26 -05:00
Jon Janego
62e17c108c RST sitedocs for 2.22.0 2025-06-11 16:55:14 -05:00
Jeroen Ketema
7d8d596a35 Merge pull request #19686 from github/idrissrio/lambdaparams 
C++: Add boolean for explicit lambda parameter lists
 2025-06-11 23:53:00 +02:00
Jon Janego
6ec48117b5 Merge pull request #19739 from github/changedocs-2.22.0 
fixing some improperly escaped URLs
 2025-06-11 16:24:29 -05:00
Jon Janego
6336e3d44b fixing another bracket 2025-06-11 16:02:28 -05:00
Chad Bentz
0135cf661f Attempt to edit swift change notes for CI failure 2025-06-11 21:49:26 +01:00
Jon Janego
8f55dcdd67 removing brackets around a url 2025-06-11 15:36:30 -05:00
REDMOND\brodes
8f25380655 Crypto: Consolidate tests to use node, edges, and properties. 2025-06-11 15:15:22 -04:00
Tom Hvitved
69e549f400 Rust: Generate canonical paths for builtins 2025-06-11 21:14:56 +02:00
REDMOND\brodes
d3cff2dff1 Crypto: Add support to trace keys, add support to find prior key gen properties that configure downstream operations. Add key size tests 2025-06-11 13:58:56 -04:00
Geoffrey White
087e666658 Rust: Exclude sources in macro expansions. 2025-06-11 18:48:23 +01:00
Geoffrey White
168246005c Rust: Extend tests based on cases found in DCA. 2025-06-11 18:33:59 +01:00
Nora Dimitrijević
f2bd454e99 Actions: mass enable diff-informed data flow 
An auto-generated patch that enables diff-informed data flow in the obvious cases.

Builds on https://github.com/github/codeql/pull/18346 and https://github.com/github/codeql-patch/pull/88
 2025-06-11 19:10:11 +02:00
Geoffrey White
b29deed919 Rust: Accept changes in an unrelated test reported by CI. 2025-06-11 18:09:22 +01:00
Nora Dimitrijević
f2085c2293 C#: mass enable diff-informed data flow 
An auto-generated patch that enables diff-informed data flow in the obvious cases.

Builds on https://github.com/github/codeql/pull/18344 and https://github.com/github/codeql-patch/pull/88
 2025-06-11 18:56:25 +02:00
Geoffrey White
bd21a03fc3 Merge pull request #19718 from geoffw0/taintreach 
Rust: Adjust the taint reach metric for better stability.
 2025-06-11 17:51:50 +01:00
Nora Dimitrijević
4dd07f475b C++: mass enable diff-informed data flow 
An auto-generated patch that enables diff-informed data flow in the obvious cases.

Builds on https://github.com/github/codeql/pull/18342 and https://github.com/github/codeql-patch/pull/88
 2025-06-11 18:51:01 +02:00
Nora Dimitrijević
e233501144 Go: mass enable diff-informed data flow 
An auto-generated patch that enables diff-informed data flow in the obvious cases.

Builds on https://github.com/github/codeql/pull/18345 and https://github.com/github/codeql-patch/pull/88
 2025-06-11 18:44:24 +02:00