codeql

mirror of https://github.com/github/codeql.git synced 2026-03-31 12:48:17 +02:00

Author	SHA1	Message	Date
Ben Rodes	46a2a249f9	Update python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/test_azure_client.py Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>	2026-02-06 11:18:49 -05:00
$REDMOND\brodes$ REDMOND\brodes	b8ba905253	Added change logs.	2026-02-06 11:18:23 -05:00
$REDMOND\brodes$ REDMOND\brodes	9912aaaf1a	Adding azure sdk test cases and updated test expected file.	2026-02-06 11:18:16 -05:00
Paolo Tranquilli	48db24d184	Merge pull request #21287 from github/redsun82/fix-rust-deps-patching Bazel: fix Rust deps patching for semver build metadata	2026-02-06 17:17:24 +01:00
$REDMOND\brodes$ REDMOND\brodes	8459eec239	Moving the SsrfSink concept into Concepts.qll, and renaming to HttpClientRequestFromModel as suggested in PR review.	2026-02-06 09:26:49 -05:00
Anders Fugmann	c5179e40c6	Kotlin: Add change note for supporting 2.3.10	2026-02-06 14:59:34 +01:00
github-actions[bot]	38830ddc5c	Bazel: fix Rust deps patching for semver build metadata Handle crate versions containing `+` build metadata (e.g., `0.9.11+spec-1.1.0`). Bazel repo names use `-` instead of `+`, so the generated labels need patching to reference the correct repo name. Also adds documentation for both patching issues handled by patch_defs.py.	2026-02-06 14:58:34 +01:00
Anders Fugmann	d5827b5cca	Kotlin: Support Kotlin 2.3.10	2026-02-06 14:54:08 +01:00
Michael Nebel	6c355a1bf8	C#: Update test expected output.	2026-02-06 14:38:27 +01:00
Michael Nebel	e550d4937c	C#: Update parameter modifiers test to include lambda expression from the new test file.	2026-02-06 14:37:50 +01:00
Michael Nebel	62a6b5985d	C#: Add test cases for lambda parameter modifiers.	2026-02-06 14:37:11 +01:00
Mathias Vorreiter Pedersen	2c05624088	Merge pull request #21280 from MathiasVP/make-getChildCount-more-robust C++: Make 'getChildCount' more robust by counting indices instead of elements	2026-02-06 12:19:20 +00:00
Ben Rodes	ac1987f264	Update python/ql/lib/change-notes/2025-09-30-azure_ssrf_models.md Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>	2026-02-05 15:44:44 -05:00
Mathias Vorreiter Pedersen	d57a42a7f7	C++: Make 'getChildCount' more robust by counting indexes instead of 'TranslatedDeclarationEntry's.	2026-02-05 20:23:45 +00:00
Tom Hvitved	32aaac27ec	Rust: Add type inference regression test	2026-02-05 17:29:42 +01:00
Tom Hvitved	2dc7576232	Rust: Rework call disambiguation logic	2026-02-05 17:29:40 +01:00
Geoffrey White	05a487ec3b	Rust: Repair following merge.	2026-02-05 15:56:58 +00:00
Geoffrey White	c0a5c63e8e	Merge branch 'main' into neutralmodels	2026-02-05 15:53:28 +00:00
Taus	5adc9f8ff0	Merge pull request #21274 from github/tausbn/python-fix-parsing-of-format-specifiers Python: Fix syntax error when `=` is used as a format fill character	2026-02-05 16:37:42 +01:00
Michael Nebel	02e4a8b6f7	C#: Add change-note.	2026-02-05 15:52:43 +01:00
Michael Nebel	bd3e4d3d7e	C#: Add MaD tests for extensions.	2026-02-05 15:38:29 +01:00
Michael Nebel	4b6a53b577	C#: Add extension data flow test.	2026-02-05 15:38:27 +01:00
Michael Nebel	6cbe000d51	C#: Add PrintAst test for extensions.	2026-02-05 15:38:25 +01:00
Michael Nebel	c040daab9c	C#: Add extensions test.	2026-02-05 15:38:20 +01:00
Michael Nebel	849823eff6	C#: Add dispatch logic for calling extensions accessors as methods.	2026-02-05 15:38:16 +01:00
Michael Nebel	e831c80a23	C#: Replace extension parameter access with the corresponding synthetic parameter.	2026-02-05 15:38:14 +01:00
Michael Nebel	5e02a86542	C#: Add extension call classes.	2026-02-05 15:38:12 +01:00
Michael Nebel	b9f36f37b6	C#: Add extension callable and accessor classes.	2026-02-05 15:38:09 +01:00
Michael Nebel	9a4a6cfcb8	C#: Add ExtensionType to the QL library.	2026-02-05 15:38:07 +01:00
Michael Nebel	edfdc9812f	C#: Extract extension types and members. Replacing invocations to static generated methods with invocation of extension type member.	2026-02-05 15:38:05 +01:00
Michael Nebel	ab505e3281	C#: Add class for making synthetic parameter entities.	2026-02-05 15:38:02 +01:00
Taus	8c27437628	Python: Bump extractor version and add change note	2026-02-05 13:50:54 +00:00
Taus	12ee93042b	Python: Add tests	2026-02-05 13:47:24 +00:00
Taus	bac356c9a1	Python: Regenerate parser files	2026-02-05 13:46:59 +00:00
Taus	68c1a3d389	Python: Fix syntax error when `=` is used as a format fill character An example (provided by @redsun82) is the string `f"{x:=^20}"`. Parsing this (with unnamed nodes shown) illustrates the problem: ``` module [0, 0] - [2, 0] expression_statement [0, 0] - [0, 11] string [0, 0] - [0, 11] string_start [0, 0] - [0, 2] interpolation [0, 2] - [0, 10] "{" [0, 2] - [0, 3] expression: named_expression [0, 3] - [0, 9] name: identifier [0, 3] - [0, 4] ":=" [0, 4] - [0, 6] ERROR [0, 6] - [0, 7] "^" [0, 6] - [0, 7] value: integer [0, 7] - [0, 9] "}" [0, 9] - [0, 10] string_end [0, 10] - [0, 11] ``` Observe that we've managed to combine the format specifier token `:` and the fill character `=` in a single token (which doesn't match the `:` we expect in the grammar rule), and hence we get a syntax error. If we change the `=` to some other character (e.g. a `-`), we instead get ``` module [0, 0] - [2, 0] expression_statement [0, 0] - [0, 11] string [0, 0] - [0, 11] string_start [0, 0] - [0, 2] interpolation [0, 2] - [0, 10] "{" [0, 2] - [0, 3] expression: identifier [0, 3] - [0, 4] format_specifier: format_specifier [0, 4] - [0, 9] ":" [0, 4] - [0, 5] "}" [0, 9] - [0, 10] string_end [0, 10] - [0, 11] ``` and in particular no syntax error. To fix this, we want to ensure that the `:` is lexed on its own, and the `token(prec(1, ...))` construction can be used to do exactly this. Finally, you may wonder why `=` is special here. I think what's going on is that the lexer knows that `:=` is a token on its own (because it's used in the walrus operator), and so it greedily consumes the following `=` with this in mind.	2026-02-05 13:45:54 +00:00
Tom Hvitved	2764d697d2	Rust: Merge `Input1` and `Input2` modules	2026-02-05 14:29:46 +01:00
Tom Hvitved	c62d95ac9d	Rust: More type inference tests	2026-02-05 14:29:41 +01:00
Paolo Tranquilli	05bef12ddd	Merge pull request #21265 from github/redsun82/csharp-csrf-inheritance C#: Fix CSRF query to check antiforgery attributes on base classes	2026-02-05 14:20:30 +01:00
Idriss Riouak	1df3adf021	Merge pull request #21244 from github/idrissrio/cpp/overlay/changes-json C/C++ overlay: use files table instead of `overlayChangedFiles` for overlay discard	2026-02-05 13:15:07 +01:00
Tom Hvitved	025f73301b	Rust: Move some overloading tests into a separate file	2026-02-05 12:49:53 +01:00
idrissrio	e26c199426	C/C++ overlay: use files table instead of `overlayChangedFiles` for overlay discard	2026-02-05 12:43:01 +01:00
Tom Hvitved	1203da1b66	Merge pull request #21253 from paldepind/rust/as-path-trait Rust: Resolve `as` paths to trait	2026-02-05 12:38:16 +01:00
Paolo Tranquilli	f79bd3f4cf	C#: accept location changes in test	2026-02-05 12:14:59 +01:00
Mathias Vorreiter Pedersen	476df7de73	Merge pull request #21260 from MathiasVP/add-windows-remote-flow-sources C++: Add more Win32 and Azure SDK remote flow sources	2026-02-05 10:47:03 +00:00
Anders Schack-Mulligen	29e01748b7	Merge pull request #21267 from aschackmull/java/rename-misc Java: Rename several AST predicates.	2026-02-05 11:15:29 +01:00
Anders Schack-Mulligen	11003e685d	Java: Fix qldoc	2026-02-05 10:37:19 +01:00
Geoffrey White	9de5f5c72b	Rust: Clean up and change note.	2026-02-05 08:58:08 +00:00
Anders Schack-Mulligen	e4daeec2ca	Merge pull request #21268 from aschackmull/java/view-cfg Java: Add support for "View CFG" in VSCode.	2026-02-05 09:48:14 +01:00
Anders Schack-Mulligen	81977f11a1	Cfg: qldoc + overlay fixups.	2026-02-05 08:59:28 +01:00
Anders Schack-Mulligen	32fe12a6dd	Java: Delay deprecation a bit.	2026-02-05 08:51:27 +01:00

... 12 13 14 15 16 ...

86439 Commits