hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-08 06:32:28 +02:00
Code Issues Packages Projects Releases Wiki Activity
87,608 Commits 1,777 Branches 169 Tags
codeql-cli/v2.25.6
Commit Graph

87608 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Anders Schack-Mulligen
6ffed8523c Cfg/Java: Move InstanceOfExpr CFG into shared lib. 2026-04-10 15:47:09 +02:00
Anders Schack-Mulligen
035b83c0e4 C#: Introduce ControlFlowElementOrCallable. 2026-04-10 15:47:08 +02:00
Anders Schack-Mulligen
0b6c416fd4 Cfg: Support short-circuiting compound assignments. 2026-04-10 15:47:08 +02:00
Anders Schack-Mulligen
a53cffc121 Cfg: Support GotoStmt. 2026-04-10 15:47:07 +02:00
Anders Schack-Mulligen
93a594e9c0 Cfg: Support Throw expressions. 2026-04-10 15:47:07 +02:00
Taus
6078df524b Merge pull request #21683 from github/tausbn/python-add-extractor-pack-build-script 
Python: Add `create-extractor-pack.sh` for Python
 2026-04-10 15:16:54 +02:00
Jeroen Ketema
888d392040 Merge pull request #21636 from jketema/actions-perm 
Actions: Correctly check reusable workflow permissions in `actions/missing-workflow-permissions`
 2026-04-10 15:02:36 +02:00
Geoffrey White
b9226a359a Merge pull request #21633 from geoffw0/intmultlong2 
C++: Upgrade cpp/integer-multiplication-cast-to-long to high precision
 2026-04-10 14:02:34 +01:00
Geoffrey White
814c0ae7a8 Merge pull request #21632 from geoffw0/wrongtype2 
C++: Upgrade cpp/wrong-type-format-argument to high precision
 2026-04-10 14:01:07 +01:00
Geoffrey White
9ea33bc5bb Merge pull request #21553 from geoffw0/implicitfn 
C++: Disable cpp/implicit-function-declaration on build mode none databases
 2026-04-10 14:00:06 +01:00
Geoffrey White
bcf612e6fe Merge branch 'main' into compwidertype2 2026-04-10 13:58:35 +01:00
Anders Schack-Mulligen
dfa8d72dd3 Merge pull request #21685 from aschackmull/csharp/unbind-new 
C#: Replace old-style unbind with pragmas.
 2026-04-10 13:55:01 +02:00
copilot-swe-agent[bot]
ec12035ac2 Extend unpinned-tag query to scan composite action metadata 
Agent-Logs-Url: https://github.com/github/codeql/sessions/c52790be-00f6-4250-b46b-38c05365ddd7

Co-authored-by: oscarsj <1410188+oscarsj@users.noreply.github.com>
 2026-04-10 11:20:36 +00:00
Tom Hvitved
27f7f747a4 Rust: Check whole blanket constraints, not just the root trait type 2026-04-10 13:20:36 +02:00
Tom Hvitved
be329c8ab4 Rust: Replace recursion through forall with ranked recursion 2026-04-10 13:18:57 +02:00
copilot-swe-agent[bot]
386872c668 Initial plan 2026-04-10 11:16:42 +00:00
Geoffrey White
bcdbf141bc Merge pull request #21671 from geoffw0/neutralperf 
Rust: Fix performance issue with additionalExternalFile
 2026-04-10 12:08:27 +01:00
Geoffrey White
0714ca816a Merge branch 'main' into suspicioussizeof2 2026-04-10 10:10:45 +01:00
Tom Hvitved
42fe2d5002 Rust: Add another type inference test 2026-04-10 10:18:54 +02:00
Paolo Tranquilli
7de8ce961c Merge pull request #21677 from github/dependabot/bazel/gazelle-0.50.0 
Bump gazelle from 0.47.0 to 0.50.0
 2026-04-10 10:07:25 +02:00
Michael Nebel
66278fcd10 Merge pull request #21690 from samchang-msft/update-net10-support 
Support added in Jan 2026
 2026-04-10 08:40:29 +02:00
Sam Chang
7883fab44f Qualify the limited support for .NET 10 and C# 14 2026-04-09 12:06:54 -07:00
Sam Chang
38440d96b8 Support added in Jan 2026 2026-04-09 10:48:08 -07:00
Jeroen Ketema
43f48001e3 Swift: Clear override 2026-04-09 16:32:43 +02:00
Jeroen Ketema
4ada727bab Swift: Add staged archives to LFS 2026-04-09 16:32:36 +02:00
Anders Schack-Mulligen
cf4ab1d106 C#: Replace old-style unbind with pragmas. 2026-04-09 15:57:19 +02:00
Tom Hvitved
23f081006e Rust: Track closure types in data flow 2026-04-09 15:25:52 +02:00
Tom Hvitved
3fa5c952b3 Rust: Add more closure flow tests 2026-04-09 15:25:50 +02:00
Jeroen Ketema
85c42ae932 Swift: Update supported versions 2026-04-09 15:19:29 +02:00
Jeroen Ketema
94fb011b90 Swift: Add change note 2026-04-09 15:17:13 +02:00
Taus
d622dabf3e Python: Add create-extractor-pack.sh for Python 
This allows us to build and test the extractor (for actual QL extraction
-- not just the extractor unit tests) entirely from within the
`github/codeql` repo, just as we do with Ruby. All that's needed is a
`--search-path` argument that points to the repo root.
 2026-04-09 13:06:45 +00:00
Jeroen Ketema
21937c2415 Swift: Add dbscheme upgrade and downgrade scripts 2026-04-09 15:05:30 +02:00
Jeroen Ketema
7879d0a006 Swift: Fix OpaqueTypeArchetypeType name mangling 2026-04-09 15:05:28 +02:00
Jeroen Ketema
34b626e8bb Swift: Update expected integration test results 2026-04-09 15:05:27 +02:00
Jeroen Ketema
d09e2f66cd Swift: Assign indexes to fileprivate ValueDecls 
At least in the case of function declarations there can be multiple
identical ones within the same module, causing data set check errors
if not differentiated.
 2026-04-09 15:05:16 +02:00
Tom Hvitved
33cc887be0 Merge pull request #21592 from hvitved/dataflow/source-call-context-type-flow 
Data flow: Add hook for preventing lambda dispatch in source call contexts
 2026-04-09 13:44:42 +02:00
Geoffrey White
e72c116664 Rust: Proposed improved solution. 2026-04-09 11:18:25 +01:00
Tom Hvitved
d704b753c8 Fix CP in typeFlowParamType 
Forgot to link `p` with `c` using `nodeEnclosingCallable(p, c)`.
 2026-04-09 09:19:55 +02:00
dependabot[bot]
7833a0a2e8 Bump gazelle from 0.47.0 to 0.50.0 
Bumps [gazelle](https://github.com/bazel-contrib/bazel-gazelle) from 0.47.0 to 0.50.0.
- [Release notes](https://github.com/bazel-contrib/bazel-gazelle/releases)
- [Commits](https://github.com/bazel-contrib/bazel-gazelle/compare/v0.47.0...v0.50.0)

---
updated-dependencies:
- dependency-name: gazelle
  dependency-version: 0.50.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-09 03:08:02 +00:00
Geoffrey White
95681bfad4 Rust: Fix performance issue with File.fromSource. 2026-04-08 15:04:03 +01:00
Jeroen Ketema
7bf78de167 Swift: Fix AnyFunctionType name mangling 2026-04-08 15:53:24 +02:00
Kristen Newbury
fb0ee5b987 Merge pull request #21640 from knewbury01/knewbury01/adjust-actions-queries-alerts 
Adjust alert messages CWE-829/ArtifactPoisoning[Critical|Medium]
 2026-04-08 09:44:00 -04:00
Jeroen Ketema
f7de0abe60 Swift: Fix BuiltinFixedArrayType mangling 2026-04-08 15:41:57 +02:00
Kristen Newbury
7b7411f7df Change alert location CWE-829/ArtifactPoisoning queries 2026-04-08 08:57:45 -04:00
Jeroen Ketema
5eb8db0d48 Swift: Update expected QL test results after 6.3 update 2026-04-08 13:21:33 +02:00
Jeroen Ketema
6b2494c3e5 Swift: Update generated files 2026-04-08 13:21:03 +02:00
Jeroen Ketema
d473c7143d Swift: Update schema 2026-04-08 13:20:06 +02:00
Jeroen Ketema
fd83515843 Swift: Make extractor compile 2026-04-08 13:19:40 +02:00
Jeroen Ketema
2fbfcb970e Swift: Use Swift 6.3 artifacts 2026-04-08 13:19:00 +02:00
Taus
e3688444d7 Python: Also exclude class scope 
Changing the `locals()` dictionary actually _does_ change the attributes
of the class being defined, so we shouldn't alert in this case.
 2026-04-07 23:46:03 +02:00