hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-03 22:28:15 +02:00
Code Issues Packages Projects Releases Wiki Activity
86,439 Commits 1,732 Branches 164 Tags
codeql-cli/v2.25.0
Commit Graph

86439 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Hvitved
537e7a8ec3 Rust: Fix formatting 2025-09-30 16:24:38 +02:00
Tom Hvitved
701cff3ca4 Rust: Macro call resolution 2025-09-30 16:21:02 +02:00
Owen Mansel-Chan
a2a9575587 Add tests for safe URL flow 2025-09-30 15:05:42 +01:00
Simon Friis Vindum
19871a2653 Rust: Accept test changes 2025-09-30 15:26:30 +02:00
Geoffrey White
771d9345b5 Merge branch 'main' into basicquery 2025-09-30 14:19:00 +01:00
Mathias Vorreiter Pedersen
ca53a8e787 C++: Update QLDoc. 2025-09-30 14:15:55 +01:00
Mathias Vorreiter Pedersen
1b2bd30a29 Update cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2025-09-30 14:14:19 +01:00
Chris Smowton
f88daff45f Java: note that classes with entirely private constructors can't be subclassed 2025-09-30 13:57:44 +01:00
Simon Friis Vindum
49efd574a0 Rust: Add taint model for add on String 2025-09-30 14:48:03 +02:00
Idriss Riouak
fa8cbeeb44 Merge pull request #20546 from github/idrissrio/ql-constant 
Java: Fix false positives in evaluation-to-constant query for ErrorType
 2025-09-30 14:24:28 +02:00
Chris Smowton
ff4b97bf2d Reword 2025-09-30 13:08:03 +01:00
Simon Friis Vindum
c878af2b9d Rust: Remove member predicates on Type 2025-09-30 13:28:33 +02:00
Owen Mansel-Chan
5b07e8c9c4 Fix bug in UnsafeFieldReadSanitizer 2025-09-30 12:05:06 +01:00
Owen Mansel-Chan
b5fda88bd3 Remove duplication of UnsafeFieldReadSanitizer 2025-09-30 12:04:39 +01:00
idrissrio
63771110a5 Java: Address review comment 2025-09-30 11:46:37 +02:00
Michael Nebel
018ccb3354 C#: Update locations test expected output. 2025-09-30 11:33:28 +02:00
Michael Nebel
d7a2c7da18 C#: Adjust the QL library to use the locations of the unbound declarations. 2025-09-30 11:33:26 +02:00
Michael Nebel
b2cbac3250 C#: Temporarily update the test expected file. 2025-09-30 11:33:23 +02:00
Michael Nebel
443c183e41 C#: Only extract locations for unbound declarations (if a declaration can be unfound) and don't extract empty locations. 2025-09-30 11:33:21 +02:00
Michael Nebel
e9901305b2 C#: Rename GeneratedLocation to EmptyLocation and make sure that we always create one such location. 2025-09-30 11:33:19 +02:00
Michael Nebel
5843fdbdd8 C#: Add a locations example. 2025-09-30 11:33:17 +02:00
Geoffrey White
90a7a58929 Merge pull request #20515 from geoffw0/libs 
Rust: Update Supported languages and frameworks
 2025-09-30 09:56:09 +01:00
Geoffrey White
a286631018 Merge pull request #20512 from geoffw0/stmtlist 
Rust: Improve StmtList
 2025-09-30 09:53:55 +01:00
Nick Rolfe
9688d84f3e Merge pull request #20549 from github/post-release-prep/codeql-cli-2.23.2 
Post-release preparation for codeql-cli-2.23.2
 2025-09-30 09:45:22 +01:00
Simon Friis Vindum
ef80ff416f Bazel: regenerate vendored cargo dependencies 2025-09-30 10:28:42 +02:00
Simon Friis Vindum
4846cf4791 Cargo: upgrade dependencies 2025-09-30 10:21:17 +02:00
Chris Smowton
f1239352ce Note issue in related query 2025-09-29 18:43:59 +01:00
Chris Smowton
18c5cb10d9 Ruby: Update CSRF protection notes in documentation 
Autofix is confused about how the `protect_from_forgery` method works in Rails >= 5: GPT-5 says:

> In modern Rails versions (>=5, including 6 and 7 which this gem permits), ActionController::Base already enables CSRF protection by default with the `:exception` strategy; an explicit call to `protect_from_forgery` without options does not weaken security.

This is false: manual testing confirms that it actually does downgrade from `:exception` to `:null-session` behaviour when a manual call is made.

I can't find any authoritative source showing this gotcha, so I can see how the AI is confused and how humans might also struggle to verify the truth.
 2025-09-29 18:42:11 +01:00
github-actions[bot]
a7a4e43991 Post-release preparation for codeql-cli-2.23.2 2025-09-29 15:10:19 +00:00
Nick Rolfe
a05ffdbc81 Merge pull request #20545 from github/release-prep/2.23.2 
Release preparation for version 2.23.2
codeql-cli/v2.23.2 		2025-09-29 15:35:24 +01:00
Nick Rolfe
a76d736136 C#: tweak changelog wording 2025-09-29 15:32:52 +01:00
Simon Friis Vindum
98a20f9820 Rust: Add change note 2025-09-29 14:58:34 +02:00
Simon Friis Vindum
37ffe82ac9 Rust: Handle functions as lambdas 2025-09-29 14:49:04 +02:00
Simon Friis Vindum
0728692e93 Rust: Add tests for functions as lambdas 2025-09-29 14:46:53 +02:00
idrissrio
b82d8c2252 Java: Accept new test results after query change 2025-09-29 13:38:01 +02:00
idrissrio
659afb5f30 Java: Fix false positives in evaluation-to-constant query for ErrorType 2025-09-29 13:37:25 +02:00
idrissrio
e0444c531b Java: Add integration test for constant expr detection 2025-09-29 13:37:20 +02:00
Simon Friis Vindum
84c6a3a376 Rust: Add change note for actix-web models 2025-09-29 13:03:10 +02:00
Kasper Svendsen
b52fff2f81 Merge pull request #20505 from kaspersv/kaspersv/future-proof-java-discarding2 
Overlay: Discard Java config and XML base entities in overlay extracted files
 2025-09-29 13:01:08 +02:00
github-actions[bot]
d2130a589b Release preparation for version 2.23.2 2025-09-29 10:28:45 +00:00
Simon Friis Vindum
6b7d5d2902 Rust: Add models for actix-web 2025-09-29 09:14:03 +02:00
Jeroen Ketema
9dfd87c284 Merge pull request #20514 from jketema/permissive 
C++: Update tests after extractor changes
 2025-09-28 16:56:31 +02:00
Geoffrey White
c7f6f2c8e1 Rust: Consistency fix for reusables/extractors.rst. 2025-09-26 16:40:25 +01:00
Owen Mansel-Chan
18a1075e70 Merge pull request #20523 from smowton/smowton/fix/mistyped-exp-fp 
Go: mistyped-exponentiation: notice constants with likely-bitmask values
 2025-09-26 16:02:30 +01:00
Owen Mansel-Chan
f5f61193a0 Delete change note 2025-09-26 15:33:26 +01:00
Geoffrey White
1236e2b829 Rust: Add references to alternatives in the getStmtOrExpr methods. 2025-09-26 14:55:06 +01:00
Geoffrey White
a0b533bd40 Merge pull request #20529 from geoffw0/convert 
Rust: Correct from model to taint
 2025-09-26 14:48:58 +01:00
Geoffrey White
4570d7e46e Rust: Replace getBlockChildNode with uses of getStmtOrExpr. 2025-09-26 14:32:36 +01:00
Geoffrey White
27b6f12b3c Rust: Use the suggested cleaner implementation for getStmtOrExpr. 2025-09-26 14:30:31 +01:00
Florin Coada
ba07daa50a Merge pull request #20532 from github/coadaflorin/changelog-fixes 
Update changelog for CodeQL CLI 2.23.1
 2025-09-26 14:21:21 +01:00