codeql

mirror of https://github.com/github/codeql.git synced 2026-04-05 23:28:17 +02:00

Author	SHA1	Message	Date
Simon Friis Vindum	c3349bbb04	Rust: Add type inference example with cycle blowup	2025-08-04 14:06:37 +02:00
Tom Hvitved	361ef0f50d	C#: Include constructors in `ValueOrRefType.hasCallable`	2025-08-04 13:51:17 +02:00
Geoffrey White	2ec6dafd18	Rust: Add a type inference test case resembling missing call targets in SQLx.	2025-08-04 10:21:59 +01:00
Simon Friis Vindum	9aebc58214	Merge pull request #20147 from paldepind/rust/type-limit-metric Rust: Add metric for DCA and debug predicates for type that reach the length limit	2025-08-04 07:53:14 +02:00
Mathias Vorreiter Pedersen	65b1b7f63e	C++: Add change note.	2025-08-03 12:17:37 +01:00
Mathias Vorreiter Pedersen	851c498b37	C++: Accept test changes. This is a FP that's been present since we put the IR into production in #2851 .	2025-08-03 12:17:36 +01:00
Mathias Vorreiter Pedersen	b807ee4718	C++: Accept test changes.	2025-08-03 12:17:34 +01:00
Mathias Vorreiter Pedersen	c726285cac	C++: Sync identical files.	2025-08-03 12:17:31 +01:00
Mathias Vorreiter Pedersen	0d9e298250	C++: Specifier-only converting instructions preserve GVNs.	2025-08-03 12:17:19 +01:00
Mathias Vorreiter Pedersen	fca49dde92	C++: Accept test changes.	2025-08-02 16:43:19 +01:00
Mathias Vorreiter Pedersen	73e4bfdd3e	C++: Fix missing flow by also generating final global uses for functions that have a post-update node for the global variable.	2025-08-02 16:41:23 +01:00
Mathias Vorreiter Pedersen	34c1ec73c2	C++: Add tests with missing flow through globals.	2025-08-02 16:38:32 +01:00
Mathias Vorreiter Pedersen	1aa8adb472	C++: Add test.	2025-08-02 13:00:26 +01:00
Mathias Vorreiter Pedersen	14345a8288	C++: Accept test changes.	2025-08-01 16:09:44 +01:00
Mathias Vorreiter Pedersen	7561190bd1	C++: Fix type errors in C code.	2025-08-01 16:09:42 +01:00
Napalys Klicius	881ea7631e	Added change note	2025-08-01 14:34:25 +02:00
Joe Farebrother	5e09c1d3d3	Merge remote-tracking branch 'origin/python-qual-subclass-shadow' into python-qual-subclass-shadow	2025-08-01 12:39:30 +01:00
Joe Farebrother	bc60914ed7	Update test output	2025-08-01 12:37:51 +01:00
Joe Farebrother	d8083add3e	Doc updates	2025-08-01 12:35:01 +01:00
Napalys Klicius	ae4077db72	add taint flow for arg/command-line-args with custom argv option	2025-08-01 13:34:08 +02:00
Napalys Klicius	d6508f34b6	Add taint flow for Commander.js direct property access and action callbacks	2025-08-01 13:24:19 +02:00
Napalys Klicius	39170f327c	Added couple more test cases for commander js	2025-08-01 13:14:39 +02:00
Napalys Klicius	6b4e34dd39	Added a step from parse to opts for commander js	2025-08-01 13:12:43 +02:00
Mathias Vorreiter Pedersen	1fab97b765	Merge pull request #20149 from MathiasVP/expose-definition-from-dataflow-ssa C++: Expose SSA definitions from dataflow	2025-08-01 12:04:04 +01:00
Mathias Vorreiter Pedersen	0e9286dd34	C++: Fix QLDoc.	2025-08-01 11:37:12 +01:00
Mathias Vorreiter Pedersen	b70836e241	C++: Modify the API to not expose dataflow nodes.	2025-08-01 11:34:49 +01:00
Mathias Vorreiter Pedersen	33d05984c8	C++: Stick the exposed SSA classes into a public SSA module.	2025-08-01 11:34:47 +01:00
Mathias Vorreiter Pedersen	32e6d0934e	C++: Drive-by fix: These files imported both the public dataflow files and the internal ones. Let's only import the internal ones.	2025-08-01 11:34:45 +01:00
Napalys Klicius	e980798ede	Added step through yargs/yargs constructor and chained methods.	2025-08-01 12:01:30 +02:00
Mathias Vorreiter Pedersen	7ede3aa516	C++: Fix imports.	2025-08-01 10:35:34 +01:00
Mathias Vorreiter Pedersen	0d91622d18	C++: Rename SsaInternals to SsaImpl and SsaInternalsCommon to SsaImplCommon.	2025-08-01 10:34:14 +01:00
Napalys Klicius	e8eb9be3f6	Add command injection tests for CLI argument parsing libraries	2025-08-01 11:02:59 +02:00
Geoffrey White	01d24c4f83	Merge branch 'main' into sqlx	2025-07-31 16:02:36 +01:00
Mathias Vorreiter Pedersen	18289702ca	C++: Add an example of double negation to the IR tests.	2025-07-31 15:49:05 +01:00
codeqlhelper	4323e6853f	Update cpp/ql/src/change-notes/2025-07-27-avoid-reporting-static-global-variable.md Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>	2025-07-31 21:17:29 +08:00
Mathias Vorreiter Pedersen	c8f4b287d1	C++: Add a comment on the old SSA library.	2025-07-31 14:07:38 +01:00
Mathias Vorreiter Pedersen	7e93b99ff9	C++: Add change note.	2025-07-31 13:57:19 +01:00
Mathias Vorreiter Pedersen	8691075aae	Update cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>	2025-07-31 13:52:21 +01:00
Mathias Vorreiter Pedersen	5a91aa2105	C++: Expose SSA definitions from dataflow.	2025-07-31 13:45:03 +01:00
Geoffrey White	58680c94bc	Rust: Repair BadCtorInitialization.ql's StdCall using getCanonicalPath.	2025-07-31 13:28:56 +01:00
Simon Friis Vindum	abc58ac8b3	Rust: Add metric and debug predicates for type that reach the length limit	2025-07-31 14:20:32 +02:00
Mathias Vorreiter Pedersen	1dae787605	C++: Drive-by fix suggested by Schack. This now matches the predicate in C#.	2025-07-31 12:58:05 +01:00
Napalys Klicius	3f9061abdb	Added change note	2025-07-31 13:20:38 +02:00
Napalys Klicius	d28a6e6352	Added new test cases for regexp injection with enviromental variable threat model enabled	2025-07-31 13:20:37 +02:00
Napalys Klicius	8583257574	Created new folder for test with threat models disabled	2025-07-31 13:20:30 +02:00
Ian Lynagh	492e27b8e8	Merge pull request #20141 from igfoo/igfoo/kotlin-2.2.20-beta2 Kotlin: Support 2.2.20-beta2	2025-07-31 12:00:17 +01:00
Napalys Klicius	021aa13ee2	Added change note	2025-07-31 12:45:34 +02:00
Napalys Klicius	5f538209c9	Exlucde environmental variables from default detection in regexp injection	2025-07-31 12:09:30 +02:00
Napalys Klicius	791a7e242e	Updated qhelp for cors permissive configuration	2025-07-31 11:31:10 +02:00
Napalys Klicius	2baca58b27	Removed deprecations from cors as it was moved out experimental	2025-07-31 11:08:22 +02:00

... 94 95 96 97 98 ...

86439 Commits