codeql

mirror of https://github.com/github/codeql.git synced 2026-06-07 22:31:39 +02:00

Author	SHA1	Message	Date
Jack Nørskov Jørgensen	7f12fb7352	Change path where tool generate MaDs	2026-04-24 13:24:31 +02:00
Jack Nørskov Jørgensen	a6e052b2a0	Move generated MaDs for C# into modelgenerator/	2026-04-24 13:24:31 +02:00
Jack Nørskov Jørgensen	073529a951	Move generated MaDs for Rust into modelgenerator/	2026-04-24 13:24:31 +02:00
Jack Nørskov Jørgensen	07cb9803f0	Move generated MaDs for CPP into modelgenerator/	2026-04-24 13:24:31 +02:00
Jack Nørskov Jørgensen	6ec250951a	Move generated MaDs for Java into modelgenerator/	2026-04-24 13:24:31 +02:00
Tom Hvitved	cbc12324bb	Merge pull request #21703 from hvitved/rust/type-inference-sibling Rust: Refine `implSiblings`	2026-04-24 12:36:51 +02:00
Owen Mansel-Chan	9fbe447428	Merge pull request #21749 from github/copilot/add-hibernate-sql-injection-tests Add Hibernate SQL injection sink models and coverage	2026-04-24 09:36:46 +01:00
Michael Nebel	f3f3ee6e81	C#: Add cs/deferenced-value-is-always-null test example for compound operators.	2026-04-24 08:57:14 +02:00
Michael Nebel	01baa6e3ae	C#: Add tests and update expected test output.	2026-04-24 08:57:11 +02:00
Michael Nebel	e2fcaeb46a	C#: Handle compound assignment operators in the dispatch logic (and assignable definition).	2026-04-24 08:57:09 +02:00
Michael Nebel	bdf0c8ff5a	C#: Add compound assignment operator call classes.	2026-04-24 08:57:06 +02:00
Michael Nebel	43ebcb68f0	C#: Add upgrade- and downgrade scripts.	2026-04-24 08:57:00 +02:00
Michael Nebel	44dd2f008b	C#: Update the DB scheme, such that compound assignment operator calls can be considered qualifiable expressions.	2026-04-24 08:56:57 +02:00
Michael Nebel	2729bfe379	C#: Add compound assignment operator QL classes.	2026-04-24 08:50:09 +02:00
Michael Nebel	13e8976494	C#: Add change-note.	2026-04-24 08:50:06 +02:00
Michael Nebel	8ce38a5dfb	C#: Re-use the GetTargetSymbol logic from invocations to find the right operator symbol (operators can also be declared in extensions).	2026-04-24 08:50:03 +02:00
Michael Nebel	77f0de89ec	C#: Add support for compound assignment operators in the TryGetOperatorSymbol method.	2026-04-24 08:50:00 +02:00
Jeroen Ketema	ae89b2ee79	Merge pull request #21747 from jketema/join-order Fix two `QualifiedName` join orders	2026-04-24 08:05:24 +02:00
Mathias Vorreiter Pedersen	82c99a594d	Merge pull request #21750 from github/fix-join-in-assertions-in-ir C++: Fix join in `TranslatedAssertion::getVariable`	2026-04-23 17:25:15 +01:00
copilot-swe-agent[bot]	083909ee3b	Add Java change note for Hibernate sinks Agent-Logs-Url: https://github.com/github/codeql/sessions/41769e74-a435-4aaf-b5f7-92060f6cd84e Co-authored-by: owen-mc <62447351+owen-mc@users.noreply.github.com>	2026-04-23 14:10:29 +00:00
copilot-swe-agent[bot]	25d232b815	Model additional Hibernate query sinks Agent-Logs-Url: https://github.com/github/codeql/sessions/fc2c7f71-3493-4bf7-9136-34571a1d4b47 Co-authored-by: owen-mc <62447351+owen-mc@users.noreply.github.com>	2026-04-23 13:41:03 +00:00
Tom Hvitved	c64223ae56	Merge pull request #21748 from hvitved/shared/remove-deprecated Shared: Remove deprecated code	2026-04-23 14:44:17 +02:00
Anders Schack-Mulligen	cb21044900	Merge pull request #21744 from aschackmull/csharp/ssa C#: Replace BaseSSA classes with shared code.	2026-04-23 14:39:54 +02:00
Tom Hvitved	eee5b067b3	Merge pull request #21743 from hvitved/cfg/body-parts C#: Move handling of callables into shared control flow library	2026-04-23 14:10:46 +02:00
Mathias Vorreiter Pedersen	14efb4502b	C++: Fix join in getVariable.	2026-04-23 12:10:09 +01:00
Owen Mansel-Chan	bf960b8c76	Merge pull request #21652 from MarkLee131/fix/path-injection-torealpath Java: recognize Path.toRealPath() as path normalization sanitizer	2026-04-23 11:18:23 +01:00
copilot-swe-agent[bot]	081ad03b4b	Add Hibernate SQL injection sink tests Agent-Logs-Url: https://github.com/github/codeql/sessions/2e7aecca-63ea-489f-8b87-4cc557655919 Co-authored-by: owen-mc <62447351+owen-mc@users.noreply.github.com>	2026-04-23 10:04:52 +00:00
copilot-swe-agent[bot]	7b897add22	Initial plan	2026-04-23 09:50:34 +00:00
Owen Mansel-Chan	9f19791d8c	Merge branch 'main' into fix/path-injection-torealpath	2026-04-23 10:40:47 +01:00
Tom Hvitved	61f1ef877f	Swift: Remove deprecated references to deprecated shared code	2026-04-23 11:29:10 +02:00
Tom Hvitved	18da5f61cd	Ruby: Remove deprecated references to deprecated shared code	2026-04-23 11:29:04 +02:00
Tom Hvitved	14dd72b3b1	C#: Remove deprecated references to deprecated shared code	2026-04-23 11:28:33 +02:00
Tom Hvitved	90ae086822	Shared: Remove deprecated code	2026-04-23 11:24:14 +02:00
Tom Hvitved	1a84b2b555	CFG: Use dense ranking	2026-04-23 11:22:38 +02:00
Jeroen Ketema	076b020dc4	Fix two `QualifiedName` join orders Before on `StanfordLegion__legion` with `cpp/throwing-pointer`: ``` Pipeline standard for QualifiedName::Namespace.getQualifiedName/0#cbc0648a@7ff329j5 was evaluated in 2 iterations totaling 0ms (delta sizes total: 70). 162061 ~0% {2} r1 = JOIN `QualifiedName::Namespace.getQualifiedName/0#cbc0648a#prev_delta` WITH namespacembrs ON FIRST 1 OUTPUT Rhs.1, Lhs.1 70 ~2% {4} \| JOIN WITH namespaces ON FIRST 1 OUTPUT Lhs.0, _, Lhs.1, Rhs.1 70 ~0% {2} \| REWRITE WITH Tmp.1 := "::", Out.1 := (In.2 ++ Tmp.1 ++ In.3) KEEPING 2 70 ~0% {2} \| AND NOT `QualifiedName::Namespace.getQualifiedName/0#cbc0648a#prev`(FIRST 2) return r1 Pipeline standard for QualifiedName::Namespace.getAQualifierForMembers/0#132b16e1@cfd47189 was evaluated in 2 iterations totaling 3ms (delta sizes total: 85). 12 ~0% {2} r1 = JOIN `QualifiedName::Namespace.getAQualifierForMembers/0#132b16e1#prev_delta` WITH _#namespace_inlineMerge_#namespacembrsMerge#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1 162417 ~0% {2} r2 = JOIN `QualifiedName::Namespace.getAQualifierForMembers/0#132b16e1#prev_delta` WITH namespacembrs ON FIRST 1 OUTPUT Rhs.1, Lhs.1 73 ~1% {4} \| JOIN WITH namespaces ON FIRST 1 OUTPUT Lhs.0, _, Lhs.1, Rhs.1 73 ~0% {2} \| REWRITE WITH Tmp.1 := "::", Out.1 := (In.2 ++ Tmp.1 ++ In.3) KEEPING 2 85 ~0% {2} r3 = r1 UNION r2 85 ~0% {2} \| AND NOT `QualifiedName::Namespace.getAQualifierForMembers/0#132b16e1#prev`(FIRST 2) return r3 ``` After: ``` Pipeline standard for QualifiedName::Namespace.getQualifiedName/0#cbc0648a@91677d3f was evaluated in 2 iterations totaling 0ms (delta sizes total: 70). 70 ~0% {4} r1 = JOIN `QualifiedName::Namespace.getQualifiedName/0#cbc0648a#prev_delta` WITH _#namespacembrsMerge_1#antijoin_rhs_#namespacembrsMerge_10#join_rhs_#namespacesMerge#join_rhs ON FIRST 1 OUTPUT Rhs.1, _, Lhs.1, Rhs.2 70 ~0% {2} \| REWRITE WITH Tmp.1 := "::", Out.1 := (In.2 ++ Tmp.1 ++ In.3) KEEPING 2 70 ~0% {2} \| AND NOT `QualifiedName::Namespace.getQualifiedName/0#cbc0648a#prev`(FIRST 2) return r1 Pipeline standard for QualifiedName::Namespace.getAQualifierForMembers/0#132b16e1@3bbc99mb was evaluated in 2 iterations totaling 0ms (delta sizes total: 85). 12 ~0% {2} r1 = JOIN `QualifiedName::Namespace.getAQualifierForMembers/0#132b16e1#prev_delta` WITH _#namespace_inlineMerge_#namespacembrsMerge_1#antijoin_rhs__#namespacembrsMerge_#namespacembrsMerge___#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1 73 ~0% {4} r2 = JOIN `QualifiedName::Namespace.getAQualifierForMembers/0#132b16e1#prev_delta` WITH _#namespacembrsMerge_1#antijoin_rhs_#namespacesMerge__#namespacembrsMerge_#namespacembrsMerge_10#joi__#join_rhs ON FIRST 1 OUTPUT Rhs.1, _, Lhs.1, Rhs.2 73 ~1% {2} \| REWRITE WITH Tmp.1 := "::", Out.1 := (In.2 ++ Tmp.1 ++ In.3) KEEPING 2 85 ~0% {2} r3 = r1 UNION r2 85 ~0% {2} \| AND NOT `QualifiedName::Namespace.getAQualifierForMembers/0#132b16e1#prev`(FIRST 2) return r3 ```	2026-04-23 10:37:12 +02:00
Jeroen Ketema	f50bbdb9af	C++: Update expected test results after extractor changes	2026-04-23 10:13:57 +02:00
Tom Hvitved	71fa2166ee	Apply suggestions from code review Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2026-04-22 17:06:31 +02:00
Owen Mansel-Chan	d6abd4c72d	Merge pull request #21745 from owen-mc/go/refactor-encryption-operation Go: refactor `EncryptionOperation`	2026-04-22 15:46:49 +01:00
Owen Mansel-Chan	57eaed4dcc	Refactor: remove fields from `EncryptionOperation` Co-authored-by: Copilot <copilot@github.com>	2026-04-22 13:37:35 +01:00
Tom Hvitved	6ebf4ee394	Java: Adapt to changes in CFG library	2026-04-22 14:11:58 +02:00
Tom Hvitved	39cd86a48e	C#: Move handling of callables into shared control flow library	2026-04-22 14:11:57 +02:00
Anders Schack-Mulligen	4b8e4b40af	C#: Fix test.	2026-04-22 14:00:13 +02:00
Tom Hvitved	e60275c4de	Rust: Refine `implSiblings` Consider two implementations of the same trait to be siblings when the type being implemented by one is an instantiation of the type being implemented by the other.	2026-04-22 13:32:56 +02:00
Anders Schack-Mulligen	b0c31badc2	C#: Bugfix for multi-body baseSsa entry defs.	2026-04-22 11:53:44 +02:00
Anders Schack-Mulligen	ae7904f0c8	C#: Fix BaseSSA caching.	2026-04-22 11:53:44 +02:00
Anders Schack-Mulligen	bbd60031b1	C#: Replace references to old BaseSSA classes.	2026-04-22 11:53:40 +02:00
Anders Schack-Mulligen	145d3242a6	C#: Instantiate shared SSA wrappers for BaseSSA.	2026-04-22 11:51:44 +02:00
Michael Nebel	bca51a986c	Merge pull request #21612 from michaelnebel/csharp/legacyasptaintedmember C#: Taint members of types in ASP.NET user context.	2026-04-22 09:28:27 +02:00
Owen Mansel-Chan	62f15d0166	Merge pull request #21742 from owen-mc/docs/fixes Docs: several minor fixes	2026-04-21 17:40:11 +01:00
Florin Coada	a44883486a	Update docs/codeql/codeql-language-guides/customizing-library-models-for-rust.rst Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>	2026-04-21 16:44:12 +01:00

... 8 9 10 11 12 ...

87608 Commits