hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-03 22:28:15 +02:00
Code Issues Packages Projects Releases Wiki Activity
86,439 Commits 1,732 Branches 164 Tags
codeql-cli/v2.25.0
Commit Graph

86439 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Chad Bentz
0665c39a07 Refactor GrapeHelperMethod constructor to reuse getHelperSelf to traverse dataflow instead of AST 
- add tests to check for nested helpers
 2025-09-22 19:08:34 -04:00
Tom Hvitved
1183e50435 Update rust/ql/lib/change-notes/2025-09-19-parameter-mad.md 2025-09-22 19:45:34 +02:00
Geoffrey White
5ad332e37f Merge pull request #20432 from github/copilot/fix-f50317f8-0a91-4bb4-a01b-353dcf0f6f3f 
Rust: Implement new query for non-HTTPS URLs (CWE-319)
 2025-09-22 18:03:52 +01:00
Chad Bentz
ecd0ce65fe Refactor GrapeHeadersBlockCall and GrapeCookiesBlockCall to simplify method call checks 2025-09-22 12:52:30 -04:00
Geoffrey White
266624dd0f Rust: The test needs to have Source tags now. 2025-09-22 17:12:52 +01:00
Geoffrey White
86c8c3c8c0 Rust: Fix warning by making the query a path-problem. 2025-09-22 17:01:12 +01:00
Geoffrey White
6362884d16 Rust: Autoformat. 2025-09-22 16:59:11 +01:00
Geoffrey White
43ac75ed62 Rust: Address another tiny suggestion from review. 2025-09-22 16:58:07 +01:00
Geoffrey White
5b4632b432 Apply suggestions from code review 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-09-22 16:55:43 +01:00
Geoffrey White
cc9c4149d7 Apply suggestions from code review 2025-09-22 16:54:08 +01:00
Geoffrey White
3de191177c Rust: Change note. 2025-09-22 16:12:30 +01:00
Geoffrey White
ae9025334e Rust: Add the new query to suite lists. 2025-09-22 16:12:29 +01:00
Geoffrey White
4662e42584 Rust: Add examples as tests (and fix them). 2025-09-22 16:12:27 +01:00
Geoffrey White
bd07350bc3 Rust: Add qhelp and examples. 2025-09-22 16:12:26 +01:00
Geoffrey White
94afc82304 Rust: Fix an issue with the local flow. 2025-09-22 16:12:25 +01:00
Geoffrey White
a3ed83bfff Rust: Make state transition / barrier nodes more reliable. 2025-09-22 16:12:23 +01:00
Geoffrey White
2654affeee Rust: Account for the 'secure' and 'partitioned' attributes. 2025-09-22 16:12:22 +01:00
Geoffrey White
257a1b0179 Rust: Refactor sources, sinks into an extensions source file. 2025-09-22 16:09:30 +01:00
Geoffrey White
eadf922280 Rust: Use models-as-data, add source/sink/flow models. 2025-09-22 16:04:56 +01:00
Geoffrey White
d52b668149 Rust: Add security-severity tag. 2025-09-22 16:04:54 +01:00
Geoffrey White
7e75c1d242 Rust: Add very basic query prototype. 2025-09-22 16:04:53 +01:00
Geoffrey White
513ae2ab54 Rust: Add tests for insecure cookies. 2025-09-22 16:04:52 +01:00
Chad Bentz
b837c56bec Refactor RootApi and GrapeApiClass constructors for improved readability; add getHelperSelf method to retrieve self parameter in helpers block. 2025-09-22 10:13:33 -04:00
Simon Friis Vindum
45b84ffb31 Rust: Ensure singleton 2025-09-22 14:23:50 +02:00
Simon Friis Vindum
4244a6569c Rust: Add change note 2025-09-22 14:19:01 +02:00
Simon Friis Vindum
a4c61f6945 Rust: Accept test changes 2025-09-22 14:18:59 +02:00
Simon Friis Vindum
7d6e2060e5 Adapt all languages to changes in shared library 2025-09-22 14:18:58 +02:00
Simon Friis Vindum
265e8b3623 Shared: Pass SummaryComponentStack to isSource and getSourceType 2025-09-22 14:18:54 +02:00
Simon Friis Vindum
014c27ee8a Rust: Discard sources with spaces in inline flow tests 2025-09-22 14:13:39 +02:00
Simon Friis Vindum
05a58323c1 Rust: Add Warp test to request forgery query tests 2025-09-22 14:13:38 +02:00
Simon Friis Vindum
cd807533f2 Rust: Add tests for parameter in source model 2025-09-22 14:13:37 +02:00
Joe Farebrother
463f79bed2 Merge pull request #20263 from joefarebrother/python-qual-exceptions 
Python: Modernize the Unreachable Except Block query
 2025-09-22 09:42:09 +01:00
Tom Hvitved
be260befd4 Merge pull request #20497 from hvitved/rust/missing-model 
Rust: Add missing model
 2025-09-22 10:30:25 +02:00
Napalys Klicius
a0ea0c9e47 Merge pull request #20492 from Napalys/js/graph-ql-obj-type 
JS: mark `GraphQLObjectType` resolvers args as remote sources
 2025-09-22 09:59:20 +02:00
Tom Hvitved
78641b4dde Rust: Reduce size of unqualifiedPathLookup 2025-09-22 09:46:28 +02:00
Tom Hvitved
b5b6f06005 Rust: Fix bad join 
```
Evaluated relational algebra for predicate _PathResolution::CrateItemNode.getName/0#dispred#91b4dd6b_PathResolution::SourceFileItemNode#bd8f490__#antijoin_rhs@e84aee8k with tuple counts:
        35406180  ~0%    {3} r1 = JOIN PathResolution::SourceFileItemNode#bd8f4905 WITH `PathResolution::CrateItemNode.getName/0#dispred#91b4dd6b` CARTESIAN PRODUCT OUTPUT Lhs.0, Rhs.1, Rhs.0
            8455  ~2%    {4}    | JOIN WITH `PathResolution::declaresDirectly/3#7d0350fb_021#join_rhs` ON FIRST 2 OUTPUT Rhs.2, Lhs.0, Lhs.2, Lhs.1
            3259  ~0%    {3}    | JOIN WITH num#PathResolution::TTypeNamespace#4897e416 ON FIRST 1 OUTPUT Lhs.1, Lhs.2, Lhs.3
                         return r1
```
 2025-09-22 09:38:43 +02:00
Tom Hvitved
b2cc01c490 Rust: Visibility check for qualified path resolution 2025-09-22 09:38:30 +02:00
Kasper Svendsen
97d62950a8 Merge pull request #20484 from kaspersv/kaspersv/future-proof-java-discarding 
Overlay: Future-proof Java config & XML discard predicates
 2025-09-22 08:16:44 +02:00
Chad Bentz
1bf6101967 Remove redundant exclusion of base Grape::API module from GrapeApiClass 
- should not impact extracted application code
 2025-09-21 20:52:28 -04:00
Chad Bentz
50bf9ae756 Refactor RootApi class to use getAnImmediateDescendent for clarity 2025-09-21 20:44:46 -04:00
Tom Hvitved
8d5d219c0f Rust: Update expected test output 2025-09-21 15:36:22 +02:00
Tom Hvitved
223ab5e60c Rust: Add missing model 2025-09-21 15:28:50 +02:00
Tom Hvitved
bdeeb3217e Rust: Add path resolution tests 2025-09-20 09:30:55 +02:00
Tom Hvitved
fdb0c6ebb5 Merge pull request #20454 from paldepind/rust/path-resolution-attribute-expansion 
Rust: Account for attribute expansions in path resolution
 2025-09-20 09:21:00 +02:00
Chad Bentz
f4bbbc346f Refactor Grape framework to be encapsulated properly in Module 2025-09-19 19:06:50 -04:00
Chad Bentz
89e9ee43c0 Convert from GrapeHelperMethodTaintStep extends AdditionalTaintStep to a simplified GrapeHelperMethodTarget extends AdditionalCallTarget 2025-09-19 18:28:45 -04:00
Joe Farebrother
6eac6b7258 Rename qhelp file 2025-09-19 17:03:19 +01:00
Geoffrey White
c26a07bb10 Apply suggestions from code review 
Co-authored-by: Simon Friis Vindum <simonfv@gmail.com>
 2025-09-19 16:49:54 +01:00
Taus
b9f073e596 Python: Update test output 2025-09-19 15:39:12 +00:00
Geoffrey White
523ec9d633 Merge pull request #20439 from geoffw0/assignment 
Rust: Add a couple of simple data flow test cases
 2025-09-19 16:27:14 +01:00