hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-03 14:18:17 +02:00
Code Issues Packages Projects Releases Wiki Activity
86,449 Commits 1,732 Branches 164 Tags
codeql-cli/v2.25.1
Commit Graph

86449 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Owen Mansel-Chan
7fdda87b06 Fix go/impossible-interface-nil-check for separate post-update nodes 
When tracing back from nil checks on interfaces, ignore post-update
nodes. There will always be a corresponding pre-update node that
contains the information we want.
 2025-10-02 12:34:58 +01:00
Michael Nebel
b5aa972bd1 Merge pull request #20525 from michaelnebel/csharp/reducelocationtuples 
C#: Reduce location tuples.
 2025-10-02 12:32:35 +02:00
Michael Nebel
57efa05215 C#: Add change note. 2025-10-02 11:34:14 +02:00
Tom Hvitved
f8b104d174 Rust: Use doubleBoundedFastTC for resolving $crate paths 2025-10-02 11:22:56 +02:00
Philip Ginsbach
d889fa8d39 Merge pull request #20571 from github/ginsbach/MoreAnnotationDocs 
document `extensible` and `additional` in QL reference and spec
 2025-10-02 09:11:06 +01:00
Philip Ginsbach
a2d31be152 improve the wording based on PR review feedback 2025-10-02 09:02:20 +01:00
Michael Nebel
4f833ca7fe Merge pull request #20513 from ewillonermsft/systemwebhttprequest-test-stubs 
Add additional SystemWeb HttpRequset properties to C# test stubs
 2025-10-02 09:22:55 +02:00
Michael Nebel
191dae47fd C#: Add a stub for the System.Uri class for the CWE-611 test. 2025-10-01 14:44:54 -07:00
ewillonermsft
6f57e5a13e Merge branch 'main' into systemwebhttprequest-test-stubs 2025-10-01 14:33:09 -07:00
REDMOND\brodes
d49efefefa Crypto: Fix for non-monotonic recursion in JCA 2025-10-01 14:36:26 -04:00
Mark C
f38ab45e94 removed all @security.severity ratings to keep the main impartial 2025-10-01 17:49:45 +01:00
Mathias Vorreiter Pedersen
011739cbd9 Merge branch 'main' into use-shared-guards-library 2025-10-01 17:21:05 +01:00
Mathias Vorreiter Pedersen
6eb2aad7da Merge pull request #20569 from aschackmull/guards/uniquevalue-perf 
Guards: Improve performance for phi nodes with many incoming constant values.
 2025-10-01 17:19:42 +01:00
Owen Mansel-Chan
2629369c93 Improve additional flow step for Host field 2025-10-01 16:18:05 +01:00
Philip Ginsbach
f0b39099e3 discuss 'extensible' whenever the spec mentions 'external' 2025-10-01 16:18:04 +01:00
Owen Mansel-Chan
c006777714 Simplify PathAssignmentBarrier 2025-10-01 16:18:03 +01:00
Philip Ginsbach
3159b299f7 member predicates cannot be 'external' 2025-10-01 16:18:02 +01:00
Owen Mansel-Chan
6d6852fb8d Test PathAssignmentBarrier for OpenUrlRedirect 2025-10-01 16:18:02 +01:00
Philip Ginsbach
341a1191a3 language reference section on 'extensible' annotation 2025-10-01 16:18:00 +01:00
Owen Mansel-Chan
f0f5fc7eac Improve SSRF additional flow step 2025-10-01 16:18:00 +01:00
Philip Ginsbach
bd3bcf981a language reference section on 'additional' annotation 2025-10-01 16:17:58 +01:00
Owen Mansel-Chan
c9ce2c8043 Add test for assignment to Url.Host field 2025-10-01 16:17:58 +01:00
Owen Mansel-Chan
8b04d0a2b9 Convert SSRF tests to inline expectations tests 2025-10-01 16:17:57 +01:00
Philip Ginsbach
7893768cb2 update annotation docs to reference type unions 2025-10-01 16:17:55 +01:00
Philip Ginsbach
8160ef6e81 update annotation docs to reference signatures 2025-10-01 16:17:53 +01:00
Owen Mansel-Chan
6e4dbe8e22 Fix SafeUrlFlow so test passes 2025-10-01 16:17:52 +01:00
Owen Mansel-Chan
620ae33e0c Make SafeUrlFlow test more comprehensive (failing) 2025-10-01 16:17:04 +01:00
REDMOND\brodes
92dac0341c Crypto: Adding necessary model interfaces for MacOperationCall in JCA. 2025-10-01 11:13:37 -04:00
Owen Mansel-Chan
8a21a4ff92 Deprecate WriteNode.writesComponent 2025-10-01 16:13:33 +01:00
Owen Mansel-Chan
59e3c14a5e Add and use WriteNode.writesElementPreUpdate 2025-10-01 16:13:31 +01:00
Owen Mansel-Chan
6fcd35885e Fix pointer content store step for write to field of pointer dereference 2025-10-01 16:13:29 +01:00
Owen Mansel-Chan
2ffb638b7e Delete WriteNode.writesFieldOnSsaWithFields 
This can be easily expressed in terms of `WriteNode.writesFieldPreUpdate`.
 2025-10-01 16:13:27 +01:00
Owen Mansel-Chan
489b8431ea Add and use WriteNode.writesFieldPreUpdate 2025-10-01 16:13:25 +01:00
Owen Mansel-Chan
c9a2816bfe Fix OpenUrlRedirect barrier for write to Url.Host 2025-10-01 16:13:24 +01:00
Owen Mansel-Chan
414bab1f30 Add OpenUrlRedirect tests for Url.Host field 2025-10-01 16:13:22 +01:00
Owen Mansel-Chan
1144bb99b4 Convert OpenUrlRedirect tests to InlineExpectations 2025-10-01 16:13:21 +01:00
Owen Mansel-Chan
7b426186aa Rephrase change note to avoid technical terms 2025-10-01 16:13:19 +01:00
Owen Mansel-Chan
630a8446ad Rename confusing predicate and add qldoc 2025-10-01 16:13:17 +01:00
Owen Mansel-Chan
b1bcbec37d Use slightly less confusing syntax 2025-10-01 16:13:15 +01:00
Owen Mansel-Chan
1d9a93a731 Rename helper predicate 2025-10-01 16:13:14 +01:00
Owen Mansel-Chan
4ee236d73f Delete commented out code 2025-10-01 16:13:12 +01:00
Owen Mansel-Chan
25f182302d Fix email injection sink that needs local flow 2025-10-01 16:13:10 +01:00
Owen Mansel-Chan
f5f6d64d9d Add change notes 2025-10-01 16:13:08 +01:00
Owen Mansel-Chan
52b6539697 Typo 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-10-01 16:13:06 +01:00
Owen Mansel-Chan
a9420d46c8 Fix bad join order 2025-10-01 16:13:04 +01:00
Owen Mansel-Chan
6cb69535a5 Add missing qldocs 2025-10-01 16:13:03 +01:00
Owen Mansel-Chan
5efc8ac1a4 Fix backwards flow through TaintTracking::FunctionModel 
We only do this for taint models as there isn't any backwards flow
through data flow function models.
 2025-10-01 16:13:01 +01:00
Owen Mansel-Chan
3906f2560d Adjust Stack Exposure test so it passes 
A minor bug in our CFG means that we evaluate the base of a
SliceExpr before the bounds. Since the bounds may have side
effects, as in this case, it would be better to evaluate them first.
But in the short term I am just adjusting the test to make it work.
 2025-10-01 16:12:59 +01:00
Owen Mansel-Chan
62155876c5 Fix flow to variable capture 
The jump step to a `SsaCaptureVariable` should start at the last use
before it, rather than from the previous definition.
 2025-10-01 16:12:57 +01:00
Owen Mansel-Chan
748c53a791 Refactor: Create writesFieldOnSsaWithFields 2025-10-01 16:12:56 +01:00