hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-07 16:14:02 +02:00
Code Issues Packages Projects Releases Wiki Activity
86,439 Commits 1,732 Branches 164 Tags
codeql-cli/v2.25.0
Commit Graph

86439 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Paolo Tranquilli
6f25d7e35e Rust: fix crate graph test 2025-06-10 11:57:20 +02:00
Tamás Vajk
7a632e8a47 Merge pull request #19650 from tamasvajk/quality/string-concat-loop 
Add `cs/string-concatenation-in-loop` to the quality suite
 2025-06-10 11:49:24 +02:00
Napalys Klicius
42a880bf58 Improved test coverage for js/regex/duplicate-in-character-class 2025-06-10 11:07:22 +02:00
Napalys Klicius
c97da2eda5 Exclude expressions that are part of a conditional expression 2025-06-10 10:56:11 +02:00
Paolo Tranquilli
bcfc009228 Merge branch 'main' into redsun82/mad 2025-06-10 10:53:52 +02:00
Paolo Tranquilli
e6056f9dfc Update rust/ql/test/query-tests/security/CWE-770/main.rs 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2025-06-10 10:52:18 +02:00
Paolo Tranquilli
a405a12e93 Rust: add Callable::getParam and CallExprBase::getArg shortcuts 2025-06-10 09:51:26 +02:00
Paolo Tranquilli
902a421c23 Rust: fix docs with getArgList and getParamList 2025-06-10 09:47:15 +02:00
Paolo Tranquilli
02c11b10af Revert "Rust: rerun codegen" 
This reverts commit f647b33166.
 2025-06-10 09:43:35 +02:00
Paolo Tranquilli
b6aa6921b3 Revert "Rust: accept test changes" 
This reverts commit 9c2fea914e.
 2025-06-10 09:43:02 +02:00
Paolo Tranquilli
3fe6ba692a Revert "Rust: add Callable::getParam and CallExprBase::getArg shortcuts" 
This reverts commit c70decbe86.
 2025-06-10 09:42:28 +02:00
Napalys Klicius
b7f7092ab3 Added test cases for better test coverage 2025-06-10 09:37:40 +02:00
Paolo Tranquilli
48721dcde0 Merge branch 'main' into redsun82/rust-doc 2025-06-10 09:31:18 +02:00
Paolo Tranquilli
f647b33166 Rust: rerun codegen 2025-06-10 09:31:12 +02:00
Paolo Tranquilli
9c2fea914e Rust: accept test changes 2025-06-10 09:30:43 +02:00
Lindsay Simpkins
f96a250ffc fix qhelp files 2025-06-09 18:37:16 -04:00
Jeroen Ketema
d70282c322 C++: Update stats file 2025-06-09 23:42:52 +02:00
Jeroen Ketema
bff4213c62 C++: Add upgrade and downgrade scripts 2025-06-09 23:42:11 +02:00
Jeroen Ketema
f910906965 C++: Update expected test results 2025-06-09 23:42:09 +02:00
Jeroen Ketema
691e462501 C++: Support the __mfp8 floating point type 2025-06-09 23:42:07 +02:00
REDMOND\brodes
729467ccd6 Crypto: Separate out CTX parameter initialization, and add additional initializer subclasses. 2025-06-09 16:49:54 -04:00
Chuan-kai Lin
c1c0a705b9 Merge pull request #19704 from github/post-release-prep/codeql-cli-2.22.0 
Post-release preparation for codeql-cli-2.22.0
 2025-06-09 12:54:57 -07:00
REDMOND\brodes
4f2045bbdd Crypto: CtxFlow now uses an interface for additional steps. Add CTX step to handle paramgen. Remove redundant test. Overhaul of EVP update/initializer/final mechanics. Misc. updates for new API and refactoring EVPKeyGenOperation. Clean up of keygen_operaitons.ql. 2025-06-09 15:07:00 -04:00
github-actions[bot]
21463a9653 Post-release preparation for codeql-cli-2.22.0 2025-06-09 18:50:20 +00:00
Chuan-kai Lin
4d681f05bd Merge pull request #19703 from github/release-prep/2.22.0 
Release preparation for version 2.22.0
codeql-cli/v2.22.0 		2025-06-09 11:19:39 -07:00
github-actions[bot]
88ba02edf8 Release preparation for version 2.22.0 2025-06-09 18:14:51 +00:00
Geoffrey White
a9d5d8b2b3 Rust: Accept the new alert message in tests. 2025-06-09 19:14:14 +01:00
Geoffrey White
74ce4e8105 Update rust/ql/src/queries/security/CWE-825/AccessAfterLifetime.ql 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-06-09 19:10:39 +01:00
Geoffrey White
e7945e16cb Rust: Accept the query in suite listings. 2025-06-09 19:06:34 +01:00
Geoffrey White
9b0ee8fb9f Rust: Add security-severity tag and reduce precision to medium for now. 
precis
 2025-06-09 17:58:44 +01:00
Geoffrey White
b3330b5636 Rust: Allow parameter accesses as sources. 2025-06-09 17:58:42 +01:00
Geoffrey White
d3d0a533b5 Rust: Add test showing yet another spurious result. 2025-06-09 17:58:41 +01:00
Geoffrey White
858eec390d Rust: Exclude results where the source is a reference. 2025-06-09 17:58:40 +01:00
Geoffrey White
7bae451af3 Rust: Exclude results in macro invocations. 2025-06-09 17:58:38 +01:00
Geoffrey White
26f85585fd Rust: Add qhelp, examples, and examples as tests. 2025-06-09 17:58:37 +01:00
Aditya Sharad
e48a7da827 Actions: Add change note for Bash parsing fixes 2025-06-09 09:56:41 -07:00
Aditya Sharad
98186e3f0e Merge pull request #19700 from adityasharad/actions/validate-change-notes 
CI: Expand list of packs/languages for change note validation
 2025-06-09 22:13:30 +05:30
Aditya Sharad
2ecbecbd4b Actions: Add stress test for complex command and string interpolation 
Anonymised version of a customer report that led to
performance bottlenecks in Bash parsing.
No results are expected from both query and library tests.
 2025-06-09 09:29:15 -07:00
Aditya Sharad
848064e95a Actions: Order quoted strings by their ID, not text 
In the Bash parser, we compute a mostly-unique ID for each
quoted string within a shell script block.
Quoted strings are then ranked and referred to individually.

Avoid a performance bottleneck by ranking quoted strings by their
ID, not by their source text.
I think this was the original intent of the code.

Ranking by their original text ends up evaluating multiple
possible orderings, which is slow on workflows that contain
multiple complex quoted strings, such as JSON payloads.
 2025-06-09 09:15:45 -07:00
Aditya Sharad
fbe11cfca6 Actions: Refactor logic for identifying quoted strings 
Add some doc comments and meaningful variable names.
 2025-06-09 09:15:45 -07:00
Aditya Sharad
9f60335b66 CI: Expand list of packs/languages for change note validation 2025-06-09 08:48:16 -07:00
Geoffrey White
fe20fb403d Rust: More robust fix for closures. 2025-06-09 16:41:31 +01:00
Aditya Sharad
321513c89b Actions: Order command substitutions by their ID, not text 
In the Bash parser, we compute a mostly-unique ID for each
command substitution within a shell script block.
Commands are then ranked and referred to individually.

Avoid a performance bottleneck by ranking commands by their
ID, not by their source text.
I think this was the original intent of the code.
Ranking by their original text ends up evaluating multiple
possible orderings, which is slow on workflows that contain
multiple complex command substitutions.
 2025-06-09 08:39:58 -07:00
Aditya Sharad
39e710e805 Actions: Refactor logic for identifying command substitution 
Extract helper predicates for `$(...)` command interpolation
and backtick-quoted commands.
Add some doc comments and meaningful variable names.
 2025-06-09 08:37:40 -07:00
Chad Bentz
371a50e6c4 Merge branch 'main' into cwe-134 2025-06-09 11:22:40 -04:00
Jeroen Ketema
ef210b8f5e Merge pull request #19678 from jketema/swift-6.1.2 
Swift: Update to Swift 6.1.2
 2025-06-09 17:19:42 +02:00
Chuan-kai Lin
68d2c132b2 Merge pull request #19699 from github/cklin/rc-3.18-mergeback 
Merge rc/3.18 back to main
 2025-06-09 08:15:58 -07:00
Asger F
42f762a140 JS: Update test output now that 'satisfies' is a SourceNode 2025-06-09 16:22:30 +02:00
Chuan-kai Lin
631502e129 Merge branch 'main' into cklin/rc-3.18-mergeback 2025-06-09 07:19:40 -07:00
Mathew Payne
9d23677024 Merge branch 'main' into js-clientrests-axios 2025-06-09 14:18:54 +01:00