hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-08 14:42:30 +02:00
Code Issues Packages Projects Releases Wiki Activity
87,608 Commits 1,776 Branches 169 Tags
codeql-cli/v2.25.6
Commit Graph

87608 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
github-actions[bot]
ce6e6d5db3 Post-release preparation for codeql-cli-2.25.1 2026-03-30 08:43:48 +00:00
Paolo Tranquilli
6fad5b823c Kotlin: accept test changes 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-03-30 10:07:17 +02:00
Owen Mansel-Chan
898d12b0be Merge pull request #21608 from MarkLee131/fix/tainted-arithmetic-bounds-check-barrier 
Exclude bounds-check arithmetic from tainted-arithmetic sinks
 2026-03-29 22:47:20 +01:00
MarkLee131
e6adfbca77 Address review: update QLDoc comment and fix expected test output 
- Clarify that arithmeticUsedInBoundsCheck applies to if-condition
  comparisons, not all comparisons
- Update expected test line numbers to reflect added test calls
 2026-03-29 11:53:06 +08:00
Kaixuan Li
b595a70384 Update java/ql/lib/change-notes/2026-03-28-tainted-arithmetic-bounds-check.md 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-03-29 11:45:27 +08:00
Kaixuan Li
938039d82c Merge branch 'main' into fix/tainted-arithmetic-bounds-check-barrier 2026-03-29 10:25:39 +08:00
Kaixuan Li
f5cfc5e282 Update java/ql/test/query-tests/security/CWE-190/semmle/tests/ArithmeticTainted.java 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2026-03-29 10:25:10 +08:00
Owen Mansel-Chan
58218ee630 Merge pull request #21594 from MarkLee131/fix/add-ec-to-secure-algorithm-whitelist 
Add EC to secure algorithm whitelist for Java CWE-327 query
 2026-03-28 17:13:19 +00:00
Owen Mansel-Chan
2b8558706f Add sentence to change note. 2026-03-28 16:39:16 +00:00
Owen Mansel-Chan
ea9b99f67c Rephrase change note 2026-03-28 16:36:39 +00:00
MarkLee131
0c5e89a68e Exclude bounds-check arithmetic from tainted-arithmetic sinks 
The java/tainted-arithmetic query now recognizes when an arithmetic
expression appears directly as an operand of a comparison (e.g.,
`if (off + len > array.length)`). Such expressions are bounds checks,
not vulnerable computations, and are excluded via the existing
overflowIrrelevant predicate.

Add test cases for bounds-checking patterns that should not be flagged.
 2026-03-28 17:39:40 +08:00
MarkLee131
da4a2238bc Address PR review: add Signature.getInstance sink, HMAC/PBKDF2 whitelist, fix test APIs 
- Model Signature.getInstance() as CryptoAlgoSpec sink (previously only
  Signature constructor was modeled)
- Add HMAC-based algorithms (HMACSHA1/256/384/512, HmacSHA1/256/384/512)
  and PBKDF2 to the secure algorithm whitelist
- Fix XDH/X25519/X448 tests to use KeyAgreement.getInstance() instead of
  KeyPairGenerator.getInstance() to match their key agreement semantics
- Add test cases for SHA384withECDSA, HMACSHA*, and PBKDF2WithHmacSHA1
  from user-reported false positives
- Update change note to document all additions
 2026-03-28 16:53:46 +08:00
MarkLee131
a9449cc991 Add EC to secure algorithm whitelist for Java CWE-327 query 2026-03-28 16:48:58 +08:00
Taus
a0b3c2f13a Python: Update change note 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-03-27 23:46:50 +01:00
Taus
187f7c7bcf Python: Move isNetworkBind check into isSink 2026-03-27 22:45:26 +00:00
Owen Mansel-Chan
37aac05964 Replace branch with acceptingValue 2026-03-27 22:39:10 +00:00
Taus
c5ef1f6342 Python: Port UseOfExit.ql 2026-03-27 22:28:38 +00:00
Owen Mansel-Chan
a7fdc4b543 Replace acceptingvalue with acceptingValue 2026-03-27 22:15:45 +00:00
Owen Mansel-Chan
a8b52acaa9 Merge pull request #21585 from github/copilot/convert-models-to-yml 
C++: Convert remaining CSV models to .model.yml and remove CSV model infrastructure
 2026-03-27 20:48:34 +00:00
Geoffrey White
a9cce1c0fa C++: Undo increasing query precision. 2026-03-27 17:32:03 +00:00
Geoffrey White
4f3108c444 C++: Update change note. 2026-03-27 17:04:05 +00:00
Taus
4f74d421b9 Python: Exclude AF_UNIX sockets from BindToAllInterfaces 
Looking at the results of the the previous DCA run, there was a bunch of
false positives where `bind` was being used with a `AF_UNIX` socket (a
filesystem path encoded as a string), not a `(host, port)` tuple. These
results should be excluded from the query, as they are not vulnerable.

Ideally, we would just add `.TupleElement[0]` to the MaD sink, except we
don't actually support this in Python MaD...

So, instead I opted for a more low-tech solution: check that the
argument in question flows from a tuple in the local scope.

This eliminates a bunch of false positives on `python/cpython` leaving
behind four true positive results.
 2026-03-27 16:55:10 +00:00
Geoffrey White
50681a3c42 C++: Add note to the .qhelp. 2026-03-27 16:47:31 +00:00
Geoffrey White
bb9873dc8f C++: Increase the query precision to high. 2026-03-27 16:40:45 +00:00
Jeroen Ketema
0f8e39a236 C++: Silence ExtractionRecoverableWarnings when BMN is active 2026-03-27 13:42:44 +01:00
Taus
47d24632e6 Python: Port ShouldUseWithStatement.ql 
Only trivial test changes.
 2026-03-27 12:34:20 +00:00
Taus
0ea80ac184 Python: Port UnusedExceptionObject.ql 
Depending on whether other queries depend on this, we may end up moving
the exception utility functions to a more central location.
 2026-03-27 12:34:14 +00:00
Taus
60f9ce4ce7 Python: Port UnreachableCode.ql 2026-03-27 12:33:04 +00:00
Owen Mansel-Chan
b3285c6ae2 Make description of acceptingvalue column clearer 2026-03-27 11:35:22 +00:00
Owen Mansel-Chan
c07a814515 Add comments to converted MaD file 2026-03-27 11:23:33 +00:00
Mathias Vorreiter Pedersen
8fc914f636 Merge pull request #21591 from MathiasVP/restrict-pair-cand 
C++: Fix join orders in virtual dispatch computation
 2026-03-27 11:20:53 +00:00
Owen Mansel-Chan
7e1ad825c3 Fix model row with misaligned columns 
The original CSV had too many columns, and copilot cut off the last one, before adding the provenance column at the end.
 2026-03-27 11:17:15 +00:00
Tom Hvitved
6dc98cfd01 Rust: Infer argument types based on trait bounds on parameters 2026-03-27 11:39:03 +01:00
Owen Mansel-Chan
f897575d3f Update change note 2026-03-27 10:11:13 +00:00
Paolo Tranquilli
55b95d22e9 Merge pull request #21580 from github/dependabot/bazel/rules_shell-0.7.1 
Bump rules_shell from 0.6.1 to 0.7.1
 2026-03-27 11:08:39 +01:00
Owen Mansel-Chan
5451424e75 Rust: Fix columns for neutrals 2026-03-27 09:47:36 +00:00
Owen Mansel-Chan
886a16bfad C++: Add provenance column 2026-03-27 09:47:34 +00:00
Owen Mansel-Chan
e680d49c93 Shared: document extensible relations rather than CSV 2026-03-27 09:47:32 +00:00
Owen Mansel-Chan
df842665b7 Rust: Add neutrals to MaD format explanation 2026-03-27 09:47:30 +00:00
Owen Mansel-Chan
805d2ec46c Go: Add provenance to MaD format explanation 2026-03-27 09:47:28 +00:00
Owen Mansel-Chan
61b13d5702 C++: Add provenance to MaD format explanation 2026-03-27 09:47:26 +00:00
Owen Mansel-Chan
10fddc7b96 Add barriers and barrier guards to MaD format explanations 2026-03-27 09:47:24 +00:00
Michael Nebel
73360eefb3 Merge pull request #21452 from michaelnebel/csharp/expandedassignment 
C#: Remove expanded assignments.
 2026-03-27 09:18:55 +01:00
yoff
08e115056d Merge pull request #21519 from github/tausbn/python-port-no-alert-change 2026-03-27 08:44:28 +01:00
Taus
c9832c330a Python: Convert BindToAllInterfaces to path-problem 
Now that we're using global data-flow, we might as well make use of the
fact that we know where the source is.
 2026-03-26 21:10:43 +00:00
Henry Mercer
4f79d6a2de Merge branch 'main' into henrymercer/yaml-regression-test 2026-03-26 19:36:21 +00:00
Michael Nebel
c4c363d4e5 Merge pull request #21589 from michaelnebel/csharp/updateintegrationtests 
C#: Update integration tests to use SDK 10.0.201.
 2026-03-26 19:51:22 +01:00
Mathias Vorreiter Pedersen
56153d583e C++: Switch to doublyBoundedFastTC when computing virtual dispatch edges and inline pairCand to avoid a giant tuple explosion. 2026-03-26 17:31:18 +00:00
Michael Nebel
1a4f333c4a C#: Update integration tests to use SDK 10.0.201. 2026-03-26 18:07:05 +01:00
Tom Hvitved
b8a8a160c5 Rust: More type inference tests 2026-03-26 18:06:32 +01:00