hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-05 15:18:20 +02:00
Code Issues Packages Projects Releases Wiki Activity
86,439 Commits 1,732 Branches 164 Tags
codeql-cli/v2.25.0
Commit Graph

86439 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nora Dimitrijević
e382cb5696 [DIFF-INFORMED] C++: DecompressionBombs 2025-08-15 12:00:48 +02:00
Nora Dimitrijević
fabdf9923c [DIFF-INFORMED] C++: ConstantSizeArrayOffByOne 2025-08-15 12:00:46 +02:00
Nora Dimitrijević
448a1ea87a [DIFF-INFORMED] C++: OverflowDestination 2025-08-15 12:00:39 +02:00
Nora Dimitrijević
43e99d0872 [TEST] C++: CleartextSqliteDatabase: add new test 2025-08-15 12:00:26 +02:00
Nora Dimitrijević
126d24a522 [DIFF-INFORMED] Actions: EnvVarInjection 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/actions/ql/src/Security/CWE-077/EnvVarInjectionMedium.ql#L35
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/actions/ql/src/Security/CWE-077/EnvVarInjectionCritical.ql#L46
 2025-08-15 11:11:12 +02:00
Nora Dimitrijević
f1445eb52f [DIFF-INFORMED] Actions: EnvPathInjection 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/actions/ql/src/Security/CWE-077/EnvPathInjectionMedium.ql#L30
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/actions/ql/src/Security/CWE-077/EnvPathInjectionCritical.ql#L37
 2025-08-15 11:11:07 +02:00
Nora Dimitrijević
f1b995a736 [DIFF-INFORMED] Actions: CommandInjection 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/actions/ql/src/experimental/Security/CWE-078/CommandInjectionMedium.ql#L24
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/actions/ql/src/experimental/Security/CWE-078/CommandInjectionCritical.ql#L28
 2025-08-15 11:11:03 +02:00
Nora Dimitrijević
418e4b4a3a [DIFF-INFORMED] Actions: CodeInjection 
Query: https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/actions/ql/src/Security/CWE-349/CachePoisoningViaCodeInjection.ql#L46
 2025-08-15 11:10:58 +02:00
Nora Dimitrijević
bbda2902be [DIFF-INFORMED] Actions: ArtifactPoisoning 
Queries:
- https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/actions/ql/src/Security/CWE-829/ArtifactPoisoningMedium.ql#L23
- https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/actions/ql/src/Security/CWE-829/ArtifactPoisoningCritical.ql#L26
 2025-08-15 11:10:42 +02:00
Nora Dimitrijević
896819fdf3 [DIFF-INFORMED] Actions: ArgumentInjection 
Query:
- https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/actions/ql/src/experimental/Security/CWE-088/ArgumentInjectionMedium.ql#L23
- https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/actions/ql/src/experimental/Security/CWE-088/ArgumentInjectionCritical.ql#L27
 2025-08-15 11:10:14 +02:00
Tom Hvitved
7501e621d1 Shared: Skip non-CFG children in StandardTree 2025-08-15 10:30:47 +02:00
Michael B. Gale
ec605b2c95 Merge pull request #20229 from github/mbg/ci/fix/csharp-create-extractor-pack 
C#: Replace input interpolation with environment variable
 2025-08-15 09:19:41 +01:00
Paolo Tranquilli
71edc48c0e Merge branch 'main' into redsun82/cargo-upgrade-2 2025-08-15 10:15:26 +02:00
Paolo Tranquilli
0924d795b4 Rust: accept test changes 2025-08-15 10:12:12 +02:00
Michael B. Gale
e1ffb323a0 C#: Replace input interpolation with environment variable 2025-08-15 09:00:28 +01:00
Sid Gawri
a8889ff056 add extensions for remote sources 2025-08-14 16:10:49 -04:00
Tom Hvitved
a07e357e67 Rust: Distinguish internal/external items in path resolution 2025-08-14 20:42:47 +02:00
Tom Hvitved
f1bff93bc5 Merge pull request #20203 from hvitved/rust/if-let-chain-test 
Rust: Handle chained `let` expressions
 2025-08-14 19:51:43 +02:00
Geoffrey White
f05d815af9 Rust: Update the security-severity tag. 2025-08-14 17:59:54 +01:00
Geoffrey White
bc0d327278 Rust: Add log injection sinks to stats. 2025-08-14 17:42:04 +01:00
Geoffrey White
9e4f59ce30 Rust: Accept consistency check failures. 2025-08-14 17:39:06 +01:00
Geoffrey White
4328ed8fcb Rust: Update suite lists. 2025-08-14 17:39:04 +01:00
Geoffrey White
9836592278 Rust: Fix compilation errors in example code. 2025-08-14 17:39:02 +01:00
Paolo Tranquilli
6ca1c587f6 Merge branch 'main' into redsun82/cargo-upgrade-2 2025-08-14 17:55:17 +02:00
Anders Schack-Mulligen
b67394a450 Merge pull request #20183 from aschackmull/java/barrierguard-wrappers 
Java: Enable BarrierGuard wrappers
 2025-08-14 16:06:21 +02:00
copilot-swe-agent[bot]
7b1aa2307f Address PR feedback: trim examples, remove duplicate CWE ref, autoformat 
Co-authored-by: geoffw0 <40627776+geoffw0@users.noreply.github.com>
 2025-08-14 13:15:03 +00:00
Geoffrey White
49265b6e7e Rust: Update inline test annotations accordingly. 2025-08-14 13:49:41 +01:00
Tom Hvitved
5c0300cbdf Merge pull request #20224 from hvitved/rust/remove-extractor-resolution-references 
Rust: Remove references to `getResolvedPath` and `getExtendedCanonicalPath`
 2025-08-14 14:45:33 +02:00
Tom Hvitved
d09645bc96 Add change note 2025-08-14 14:38:44 +02:00
Geoffrey White
2a19a1789d Rust: Run test, accept .expected and Cargo.lock. 2025-08-14 13:17:50 +01:00
Geoffrey White
6951f585c8 Merge pull request #20226 from geoffw0/stdlib 
Rust: Update StartswithCall to use getCanonicalPath
 2025-08-14 13:04:30 +01:00
Geoffrey White
02b9229be7 Rust: Update StartswithCall. 2025-08-14 12:09:49 +01:00
Geoffrey White
6941e7fef1 Rust: Add tags to intermediate steps in the test. 2025-08-14 11:37:22 +01:00
Geoffrey White
ecf0e08f55 Rust: Add some more path injection test case variants. 2025-08-14 11:05:48 +01:00
Tom Hvitved
51fb2157ef Rust: Remove references to getResolvedPath and getExtendedCanonicalPath 2025-08-14 11:31:42 +02:00
Jeroen Ketema
28f2157a8c Go: Mention Go 1.25 as supported 2025-08-14 10:49:19 +02:00
Geoffrey White
1c186e2a59 Merge remote-tracking branch 'upstream/main' into pathbuf 2025-08-14 09:38:38 +01:00
Tom Hvitved
f63e55c1fd Rust: Handle chained let expressions 2025-08-14 10:36:43 +02:00
Tom Hvitved
fd1d9401c0 Rust: Add tests for chained let expressions 2025-08-14 10:36:41 +02:00
Jeroen Ketema
72c89ec076 Merge pull request #20218 from MathiasVP/fix-guard-conditions-for-likely 
C++: Improvements to `IRGuard`s
 2025-08-14 10:24:48 +02:00
copilot-swe-agent[bot]
d72efc52f7 Final validation and cleanup of Rust log injection query 
Co-authored-by: geoffw0 <40627776+geoffw0@users.noreply.github.com>
 2025-08-13 18:12:36 +00:00
copilot-swe-agent[bot]
39ea50746f Implement Rust log injection query and test infrastructure 
Co-authored-by: geoffw0 <40627776+geoffw0@users.noreply.github.com>
 2025-08-13 18:09:03 +00:00
copilot-swe-agent[bot]
d954b504b4 Initial plan 2025-08-13 17:56:12 +00:00
Jon Janego
603f0f2d55 Merge pull request #20219 from github/changedocs-2.22.3 
Sitedocs for 2.22.3
 2025-08-13 11:54:05 -05:00
Jon Janego
cc302c0d1d Sitedocs for 2.22.3 2025-08-13 11:32:31 -05:00
Mathias Vorreiter Pedersen
39f5e33dea C++: Accept more test changes. 2025-08-13 17:46:06 +02:00
Mathias Vorreiter Pedersen
9c3bb87b89 C++: Add change note. 2025-08-13 16:42:39 +02:00
Mathias Vorreiter Pedersen
9ee313ff0a C++: Remove code that is now subsumed. 2025-08-13 16:29:49 +02:00
Mathias Vorreiter Pedersen
bf4a84ba8f C++: Drive-by: Add forgotten disjuncts involving '__builtin_expect'. 2025-08-13 16:29:42 +02:00
Mathias Vorreiter Pedersen
e6cd27a992 C++: Skip non-Boolean instructions in the new inference step. 2025-08-13 16:20:21 +02:00