hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-03 14:18:17 +02:00
Code Issues Packages Projects Releases Wiki Activity
86,449 Commits 1,732 Branches 164 Tags
codeql-cli/v2.25.1
Commit Graph

86449 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ben Rodes
d790c6df57 Update python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/test_azure_client.py 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-09-30 14:00:25 -04:00
Ben Rodes
fab96d9539 Update python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/test_azure_client.py 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-09-30 14:00:16 -04:00
Ben Rodes
5ca9ff2082 Update python/ql/lib/semmle/python/frameworks/SSRFSink.qll 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-09-30 14:00:05 -04:00
REDMOND\brodes
341f553866 Added change logs. 2025-09-30 13:55:31 -04:00
REDMOND\brodes
704e2966cb Adding azure sdk test cases and updated test expected file. 2025-09-30 13:32:56 -04:00
REDMOND\brodes
d27d4fdb27 Updating comments. 2025-09-30 13:31:48 -04:00
Geoffrey White
372b5870b1 Merge pull request #20554 from geoffw0/docs1 
Rust: Consistency fix for reusables/extractors.rst.
 2025-09-30 17:41:05 +01:00
REDMOND\brodes
47fac883b8 Azure SDK models for SSRF analysis. 
(cherry picked from commit 0274962612c02af09729526a3c44a545c1e69be8)
 2025-09-30 11:58:26 -04:00
Geoffrey White
92122fef58 Rust: statement -> expression. 2025-09-30 15:48:26 +01:00
Geoffrey White
d9955ce93c Merge pull request #20503 from geoffw0/cookie 
Rust: New query rust/insecure-cookie
 2025-09-30 15:26:37 +01:00
Tom Hvitved
537e7a8ec3 Rust: Fix formatting 2025-09-30 16:24:38 +02:00
Tom Hvitved
701cff3ca4 Rust: Macro call resolution 2025-09-30 16:21:02 +02:00
Owen Mansel-Chan
a2a9575587 Add tests for safe URL flow 2025-09-30 15:05:42 +01:00
Simon Friis Vindum
19871a2653 Rust: Accept test changes 2025-09-30 15:26:30 +02:00
Geoffrey White
771d9345b5 Merge branch 'main' into basicquery 2025-09-30 14:19:00 +01:00
Mathias Vorreiter Pedersen
ca53a8e787 C++: Update QLDoc. 2025-09-30 14:15:55 +01:00
Mathias Vorreiter Pedersen
1b2bd30a29 Update cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2025-09-30 14:14:19 +01:00
Chris Smowton
f88daff45f Java: note that classes with entirely private constructors can't be subclassed 2025-09-30 13:57:44 +01:00
Simon Friis Vindum
49efd574a0 Rust: Add taint model for add on String 2025-09-30 14:48:03 +02:00
Idriss Riouak
fa8cbeeb44 Merge pull request #20546 from github/idrissrio/ql-constant 
Java: Fix false positives in evaluation-to-constant query for ErrorType
 2025-09-30 14:24:28 +02:00
Chris Smowton
ff4b97bf2d Reword 2025-09-30 13:08:03 +01:00
Simon Friis Vindum
c878af2b9d Rust: Remove member predicates on Type 2025-09-30 13:28:33 +02:00
Owen Mansel-Chan
5b07e8c9c4 Fix bug in UnsafeFieldReadSanitizer 2025-09-30 12:05:06 +01:00
Owen Mansel-Chan
b5fda88bd3 Remove duplication of UnsafeFieldReadSanitizer 2025-09-30 12:04:39 +01:00
idrissrio
63771110a5 Java: Address review comment 2025-09-30 11:46:37 +02:00
Michael Nebel
018ccb3354 C#: Update locations test expected output. 2025-09-30 11:33:28 +02:00
Michael Nebel
d7a2c7da18 C#: Adjust the QL library to use the locations of the unbound declarations. 2025-09-30 11:33:26 +02:00
Michael Nebel
b2cbac3250 C#: Temporarily update the test expected file. 2025-09-30 11:33:23 +02:00
Michael Nebel
443c183e41 C#: Only extract locations for unbound declarations (if a declaration can be unfound) and don't extract empty locations. 2025-09-30 11:33:21 +02:00
Michael Nebel
e9901305b2 C#: Rename GeneratedLocation to EmptyLocation and make sure that we always create one such location. 2025-09-30 11:33:19 +02:00
Michael Nebel
5843fdbdd8 C#: Add a locations example. 2025-09-30 11:33:17 +02:00
Geoffrey White
90a7a58929 Merge pull request #20515 from geoffw0/libs 
Rust: Update Supported languages and frameworks
 2025-09-30 09:56:09 +01:00
Geoffrey White
a286631018 Merge pull request #20512 from geoffw0/stmtlist 
Rust: Improve StmtList
 2025-09-30 09:53:55 +01:00
Nick Rolfe
9688d84f3e Merge pull request #20549 from github/post-release-prep/codeql-cli-2.23.2 
Post-release preparation for codeql-cli-2.23.2
 2025-09-30 09:45:22 +01:00
Simon Friis Vindum
ef80ff416f Bazel: regenerate vendored cargo dependencies 2025-09-30 10:28:42 +02:00
Simon Friis Vindum
4846cf4791 Cargo: upgrade dependencies 2025-09-30 10:21:17 +02:00
Chris Smowton
f1239352ce Note issue in related query 2025-09-29 18:43:59 +01:00
Chris Smowton
18c5cb10d9 Ruby: Update CSRF protection notes in documentation 
Autofix is confused about how the `protect_from_forgery` method works in Rails >= 5: GPT-5 says:

> In modern Rails versions (>=5, including 6 and 7 which this gem permits), ActionController::Base already enables CSRF protection by default with the `:exception` strategy; an explicit call to `protect_from_forgery` without options does not weaken security.

This is false: manual testing confirms that it actually does downgrade from `:exception` to `:null-session` behaviour when a manual call is made.

I can't find any authoritative source showing this gotcha, so I can see how the AI is confused and how humans might also struggle to verify the truth.
 2025-09-29 18:42:11 +01:00
github-actions[bot]
a7a4e43991 Post-release preparation for codeql-cli-2.23.2 2025-09-29 15:10:19 +00:00
Nick Rolfe
a05ffdbc81 Merge pull request #20545 from github/release-prep/2.23.2 
Release preparation for version 2.23.2
codeql-cli/v2.23.2 		2025-09-29 15:35:24 +01:00
Nick Rolfe
a76d736136 C#: tweak changelog wording 2025-09-29 15:32:52 +01:00
Simon Friis Vindum
98a20f9820 Rust: Add change note 2025-09-29 14:58:34 +02:00
Simon Friis Vindum
37ffe82ac9 Rust: Handle functions as lambdas 2025-09-29 14:49:04 +02:00
Simon Friis Vindum
0728692e93 Rust: Add tests for functions as lambdas 2025-09-29 14:46:53 +02:00
idrissrio
b82d8c2252 Java: Accept new test results after query change 2025-09-29 13:38:01 +02:00
idrissrio
659afb5f30 Java: Fix false positives in evaluation-to-constant query for ErrorType 2025-09-29 13:37:25 +02:00
idrissrio
e0444c531b Java: Add integration test for constant expr detection 2025-09-29 13:37:20 +02:00
Simon Friis Vindum
84c6a3a376 Rust: Add change note for actix-web models 2025-09-29 13:03:10 +02:00
Kasper Svendsen
b52fff2f81 Merge pull request #20505 from kaspersv/kaspersv/future-proof-java-discarding2 
Overlay: Discard Java config and XML base entities in overlay extracted files
 2025-09-29 13:01:08 +02:00
github-actions[bot]
d2130a589b Release preparation for version 2.23.2 2025-09-29 10:28:45 +00:00