hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-07 22:31:39 +02:00
Code Issues Packages Projects Releases Wiki Activity
87,608 Commits 1,777 Branches 169 Tags
codeql-cli/v2.25.6
Commit Graph

87608 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
github-actions[bot]
5546025f12 update codeql documentation 2026-05-04 08:19:28 +00:00
Tom Hvitved
1f3a8319ed Update csharp/ql/lib/semmle/code/csharp/dataflow/internal/SsaImpl.qll 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-05-04 09:41:00 +02:00
MarkLee131
49e5886a06 Update java/ql/lib/ext/org.apache.commons.io.model.yml 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2026-05-04 12:56:11 +08:00
MarkLee131
c10a05f26a Update java/ql/lib/ext/org.apache.commons.io.model.yml 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2026-05-03 14:14:48 +08:00
MarkLee131
8710e63011 Update java/ql/lib/ext/javax.servlet.model.yml 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2026-05-03 14:14:15 +08:00
MarkLee131
dbc9d0de4a Update java/ql/lib/ext/org.apache.commons.io.model.yml 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2026-05-03 14:14:07 +08:00
MarkLee131
9194cdad9c Update java/ql/lib/ext/java.nio.file.model.yml 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2026-05-03 14:08:31 +08:00
MarkLee131
7050241a54 Update java/ql/lib/ext/java.nio.file.model.yml 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2026-05-03 14:08:21 +08:00
MarkLee131
62a0a3e384 Update java/ql/lib/ext/java.nio.file.model.yml 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2026-05-03 14:08:12 +08:00
MarkLee131
3ad2d8ca3d Update java/ql/lib/ext/java.nio.file.model.yml 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2026-05-03 14:04:35 +08:00
Anders Schack-Mulligen
21a0d1444f C#: Add change note. 2026-05-01 13:13:40 +02:00
Anders Schack-Mulligen
e012981e5b C#: Accept test changes for out/ref SSA location changes. 2026-05-01 10:32:18 +02:00
Anders Schack-Mulligen
351e9cc914 C#: Accept test changes. 2026-05-01 10:28:15 +02:00
Anders Schack-Mulligen
439a67a3fe C#: Fix toString for capture definitions. 2026-05-01 10:26:50 +02:00
Anders Schack-Mulligen
5fbba0e9fe C#: Delete ParameterDefaultDefinition. 2026-05-01 10:24:23 +02:00
Anders Schack-Mulligen
d3df5ce110 C#: Deprecate ParameterDefinition in favour of SsaParameterInit. 2026-05-01 10:22:53 +02:00
MarkLee131
bafa892116 Merge branch 'main' into fix/path-injection-read-subkind 2026-05-01 16:06:35 +08:00
MarkLee131
119994b59f Java: move File inspection methods to path-injection[read] 
Per review feedback on #21741: File.canRead/canWrite/canExecute,
exists/isDirectory/isFile/isHidden only inspect a path, so move them
under the path-injection[read] sub-kind. Update TaintedPath.expected
and the experimental CWE-073 expected to match.
 2026-05-01 16:04:29 +08:00
Kristen Newbury
b0bc0fdd61 Adjust changenotes actions queries 2026-04-30 12:28:06 -04:00
Mathias Vorreiter Pedersen
154d213fd2 Merge pull request #21768 from github/speed-up-unchecked-leap-year-after-modification 
C++: Speed up `cpp/leap-year/unchecked-after-arithmetic-year-modification`
 2026-04-30 16:06:17 +01:00
Kristen Newbury
4fd02220c7 Update help files CWE-829/UntrustedCheckoutX 2026-04-30 10:50:06 -04:00
Michael Nebel
4446f42846 Merge pull request #21684 from michaelnebel/csharp/improve-reachability-checks 
C#: Improve BMN feed checking & handling.
 2026-04-30 15:53:52 +02:00
Tom Hvitved
a291548fd8 Update rust/ql/test/library-tests/type-inference/main.rs 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-04-30 14:31:24 +02:00
Owen Mansel-Chan
87c35e6401 Merge pull request #21654 from MarkLee131/fix/sensitive-log-hash-sanitizer 
Java: treat hash/encrypt/digest methods as sensitive-log sanitizers
 2026-04-30 13:21:03 +01:00
Anders Schack-Mulligen
ff8ab191d1 C#: Drop caching for deprecated predicates. 2026-04-30 13:58:55 +02:00
Anders Schack-Mulligen
77807c83f8 C#: Exclude entry definitions from qualifier definitions. 2026-04-30 13:56:21 +02:00
Anders Schack-Mulligen
e0421dbf53 C#: Reinstate toString for SSA data flow nodes. 2026-04-30 13:56:16 +02:00
Anders Schack-Mulligen
bedadc9f04 C#: Deprecate some SSA internals. 2026-04-30 13:54:21 +02:00
Anders Schack-Mulligen
55b83ca22a C#: Deprecate Ssa::Definition in favour of SsaDefinition. 2026-04-30 13:54:20 +02:00
Anders Schack-Mulligen
de96b5acfd C#: Deprecate Ssa::ImplicitDefinition. 2026-04-30 13:54:20 +02:00
Anders Schack-Mulligen
80d5e27b46 C#: Deprecate Ssa::ImplicitEntryDefinition. 2026-04-30 13:54:15 +02:00
Tom Hvitved
e1cd708c75 Rust: Use verbose type paths in inline expectation comments 2026-04-30 13:54:09 +02:00
Anders Schack-Mulligen
65f647a8c0 C#: Replace Ssa::UncertainDefinition with SsaUncertainWrite. 2026-04-30 13:49:23 +02:00
Anders Schack-Mulligen
9a7eb8dfb9 C#: Replace Ssa::PhiNode with SsaPhiDefinition. 2026-04-30 13:49:23 +02:00
Anders Schack-Mulligen
6ecdf3fe32 C#: Replace Ssa::ImplicitParameterDefinition with SsaParameterInit. 2026-04-30 13:49:19 +02:00
Tom Hvitved
4042bbec5b Swift: Add type inference tests 2026-04-30 13:45:57 +02:00
MarkLee131
936f0c650c Address review comments on path-injection[read] sub-kind 
- shared/mad/codeql/mad/ModelValidation.qll: shorten the comment
  for `path-injection[%]` to `// Java-only currently`, matching the
  style of other language-scoped entries and dropping API examples
  and the java/zipslip reference.
- java/ql/lib/semmle/code/java/security/ZipSlipQuery.qll: replace
  the `File.exists` example in the QLDoc with `FileReader`, since
  `File.exists` is still labelled plain `path-injection`, not
  `path-injection[read]`.
 2026-04-30 19:06:04 +08:00
Anders Schack-Mulligen
31e06bc0a9 C#: Remove SSA location overrides. 2026-04-30 12:56:58 +02:00
Anders Schack-Mulligen
dc34b10cb6 C#: Replace Ssa::ExplicitDefinition with SsaExplicitWrite. 2026-04-30 12:52:51 +02:00
Anders Schack-Mulligen
a6c7f27fc1 C#: Deprecate Definition.getEnclosingCallable. 2026-04-30 12:46:28 +02:00
Anders Schack-Mulligen
ed6cdfc227 C#: Move isLiveOutRefParameterDefinition to top-level. 2026-04-30 12:46:27 +02:00
Anders Schack-Mulligen
9345c44e0f C#: Delete test for Definition.getElement. 2026-04-30 12:46:23 +02:00
Anders Schack-Mulligen
c88a22ccf8 C#: Replace most uses of Ssa::Definition with SsaDefinition. 2026-04-30 12:45:25 +02:00
Anders Schack-Mulligen
2545f06b52 C#: Deprecate member predicate Definition.getAReadAtNode. 2026-04-30 12:42:24 +02:00
Anders Schack-Mulligen
83c7a33e53 C#: Deprecate member predicates Definition.getAFirstRead and getAFirstReadAtNode. 2026-04-30 12:42:21 +02:00
MarkLee131
90741b15e2 Merge branch 'main' into fix/path-injection-read-subkind 2026-04-30 18:37:12 +08:00
Anders Schack-Mulligen
fb438bf512 C#: Remove references to getAFirstReadAtNode. 2026-04-30 11:55:55 +02:00
Anders Schack-Mulligen
e5d219a039 C#: Simplify library instantiations. 2026-04-30 11:50:59 +02:00
Anders Schack-Mulligen
72d21a9a56 C#: Instantiate shared SSA wrappers. 2026-04-30 11:48:27 +02:00
Anders Schack-Mulligen
7ef9e1b939 C#: Rename SsaImpl input. 2026-04-30 11:46:20 +02:00