hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-31 04:38:18 +02:00
Code Issues Packages Projects Releases Wiki Activity
86,439 Commits 1,723 Branches 164 Tags
codeql-cli/v2.25.0
Commit Graph

86439 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Geoffrey White
b08e4e1dba Merge branch 'main' into toolstatus 2026-02-19 16:19:15 +00:00
Taus
07099f17d6 Python: Add change note 2026-02-19 12:32:27 +00:00
Taus
e8de8433f4 Python: Update all metrics-dependant queries 
The ones that no longer require points-to no longer import
`LegacyPointsTo`. The ones that do use the specific
`...MetricsWithPointsTo` classes that are applicable.
 2026-02-19 12:32:27 +00:00
Taus
20fea3955e Python: Remove points-to from Metrics.qll 
Moves the classes/predicates that _actually_ depend on points-to to the
`LegacyPointsTo` module, leaving behind a module that contains all of
the metrics-related stuff (line counts, nesting depth, etc.) that don't
need points-to to be evaluated.

Consequently, `Metrics` is now no longer a private import in
`python.qll`.
 2026-02-19 12:32:27 +00:00
Asger F
a684943bb7 JS: Model mobx-react{-lite} as higher-order component builders 2026-02-19 11:26:46 +01:00
Asger F
a0099d64c8 JS: Add mobx-react and mobx-react-lite tests 2026-02-19 11:26:44 +01:00
Paolo Tranquilli
dfe451128e Merge branch 'main' into redsun82/bazel-9 2026-02-19 11:05:32 +01:00
Geoffrey White
fd5c5b5635 Rust: Change note. 2026-02-19 08:59:55 +00:00
Geoffrey White
97a02ed903 Rust: Remove MacroCallTargetStats from rust/diagnostic/database-quality. 2026-02-19 08:57:12 +00:00
Paolo Tranquilli
6e8f43ce2e Merge pull request #21343 from github/redsun82/update-rust-toolchain 
Bazel: Update Rust toolchain to nightly/2026-01-22 and rules_rust to 0.68.1.codeql.1
 2026-02-19 09:40:26 +01:00
Tom Hvitved
6dfbd4e062 Merge pull request #21342 from hvitved/csharp/equals-nullable-tests 
C#: Add tests for `Equals` methods with nullable parameter types
 2026-02-19 09:08:33 +01:00
Paolo Tranquilli
e11363280a Rust: accept test changes 2026-02-18 16:56:28 +01:00
Taus
6b6d8862b0 Merge pull request #21288 from microsoft/azure_python_sanitizer_upstream2 
Azure python sanitizer upstream2
 2026-02-18 14:59:59 +01:00
Owen Mansel-Chan
1d6b8c5120 Use postprocessing queries for unrelated test 
Need to do this because the model numbering was changing. At the same
time we may as well use inline expectations.
 2026-02-18 13:49:53 +00:00
Owen Mansel-Chan
05d681fe19 Update taintstep test for models becoming MaD 2026-02-18 13:49:50 +00:00
Mathias Vorreiter Pedersen
a2339305e5 Merge pull request #329 from geoffw0/moreascii 
Address more non-ascii characters
 2026-02-18 13:43:16 +00:00
Owen Mansel-Chan
f577e973bc Update other test in same folder 2026-02-18 13:39:06 +00:00
Óscar San José
df35f9f98b Merge pull request #21339 from github/oscarsj/skip-csharp-integration-on-macos-26 
Skip csharp integration tests on macos-26
 2026-02-18 14:29:42 +01:00
Paolo Tranquilli
24f3d9ede0 Revert rust-toolchain.toml changes and update test expectations 2026-02-18 13:56:48 +01:00
Taus
3d4785f29f Python: Add change note 2026-02-18 12:51:35 +00:00
Tom Hvitved
1357de90ec Merge pull request #21311 from hvitved/rust/path-resolution-remove-duplicates 
Rust: Make path resolution robust against invalid code with conflicting declarations
 2026-02-18 12:29:06 +01:00
Geoffrey White
d7250a8abe Address more non-ascii characters. 2026-02-18 11:23:01 +00:00
Paolo Tranquilli
116f5a253c Bazel: Update Rust toolchain to nightly/2026-01-22 and rules_rust to 0.68.1.codeql.1 
Update the Rust nightly toolchain from nightly/2025-08-01 to nightly/2026-01-22
(rustc 1.95.0-nightly), and rules_rust from 0.66.0 to 0.68.1.codeql.1.

The new nightly changed how stdlib metadata is distributed: .rlib files now
contain only a metadata stub, with full metadata in separate .rmeta files.
rules_rust's stdlib glob doesn't include *.rmeta, causing 'only metadata stub
found' errors. This is patched via a custom registry entry (0.68.1.codeql.1).

Upstream bug: https://github.com/bazelbuild/rules_rust/issues/3859
 2026-02-18 12:22:01 +01:00
Idriss Riouak
22b55f3d6f Merge pull request #21063 from github/idrissrio/cpp/overlay/single-location 
C/C++ overlay: discard single location elements
 2026-02-18 08:58:21 +01:00
Tom Hvitved
93d417049c C#: Add tests for Equals methods with nullable parameter types 2026-02-18 08:42:15 +01:00
Owen Mansel-Chan
1bff7a3eb8 Add change note 2026-02-17 22:29:35 +00:00
Owen Mansel-Chan
eb7f1989c7 Reinstate ql model for String#shellescape 2026-02-17 22:27:15 +00:00
Owen Mansel-Chan
de5470a85c Add MaD barriers for Shellwords.escape and shellescape 
Note that this will only block flow for queries that use the kind `command-injection`.
 2026-02-17 22:27:13 +00:00
Owen Mansel-Chan
b3681f7a0c Model flow through Shellwords escape and shellescape 2026-02-17 22:27:11 +00:00
Owen Mansel-Chan
6294c3b3b8 Remove Shellwords sanitizer in ql 
Note that some sanitizers had no effect because flow through those functions wasn't modeled.
 2026-02-17 22:27:10 +00:00
Owen Mansel-Chan
4aee99f0eb Reinstate SQLite3 sanitizer in MaD 2026-02-17 22:27:08 +00:00
Owen Mansel-Chan
5df695bec9 Move SQLite3 flow model to MaD and remove ql sanitizer 2026-02-17 22:27:06 +00:00
Owen Mansel-Chan
1fa183ee2a Improve Sqlite3 test 2026-02-17 22:27:04 +00:00
Owen Mansel-Chan
d4bb92b038 Reinstate Mysql2 sanitizer in MaD 2026-02-17 22:27:03 +00:00
Owen Mansel-Chan
3e4f42f8a3 Move Mysql2 flow model to MaD and remove ql sanitizer 2026-02-17 22:27:01 +00:00
Owen Mansel-Chan
fc429c1757 Improve Mysql2 test 2026-02-17 22:27:00 +00:00
Owen Mansel-Chan
1d7a39a093 Change how sql-injection barriers are accepted 2026-02-17 22:26:58 +00:00
Ben Rodes
a1eaf42cbf Update python/ql/lib/change-notes/2026-02-09-ssrf_test_case_cleanup_and_new_ssrf_barriers.md 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2026-02-17 13:05:51 -05:00
Óscar San José
fa73cd5d5c Remove unnecessary blank line in test.py 2026-02-17 18:49:51 +01:00
Óscar San José
6760390d75 Fix imports 2026-02-17 18:49:11 +01:00
Óscar San José
60295662b7 Merge branch 'main' into oscarsj/skip-csharp-integration-on-macos-26 2026-02-17 18:42:16 +01:00
Ben Rodes
ea0d1bf262 Apply suggestion from @bdrodes 2026-02-17 12:38:59 -05:00
Ben Rodes
0106072b88 Update cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2026-02-17 12:35:27 -05:00
Ben Rodes
779fd757a3 Update cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2026-02-17 12:35:15 -05:00
Óscar San José
0b31ca4348 Merge pull request #21340 from github/copilot/sub-pr-21339 
Centralize mono/nuget platform skip predicate in conftest.py
 2026-02-17 18:26:31 +01:00
copilot-swe-agent[bot]
60b8213fdd Remove unused pytest import from conftest.py 
Co-authored-by: oscarsj <1410188+oscarsj@users.noreply.github.com>
 2026-02-17 17:22:27 +00:00
copilot-swe-agent[bot]
004ebd386c Centralize mono/nuget skip predicate in conftest.py 
Co-authored-by: oscarsj <1410188+oscarsj@users.noreply.github.com>
 2026-02-17 17:21:50 +00:00
copilot-swe-agent[bot]
9efe112026 Initial plan 2026-02-17 17:16:54 +00:00
Óscar San José
5cf281a1b6 Apply suggestions from code review 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-02-17 18:16:51 +01:00
Jeroen Ketema
61dc1d673e Merge pull request #21331 from jketema/must-flow 
C++: Modernize `MustFlow` and fix `allowInterproceduralFlow` in the case of direct recursion
 2026-02-17 17:36:58 +01:00