hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-14 03:09:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Commit Graph

  • 87c35e6401 Merge pull request #21654 from MarkLee131/fix/sensitive-log-hash-sanitizer Owen Mansel-Chan 2026-04-30 13:21:03 +01:00
  • ff8ab191d1 C#: Drop caching for deprecated predicates. Anders Schack-Mulligen 2026-04-28 15:06:59 +02:00
  • 77807c83f8 C#: Exclude entry definitions from qualifier definitions. Anders Schack-Mulligen 2026-04-28 14:46:43 +02:00
  • e0421dbf53 C#: Reinstate toString for SSA data flow nodes. Anders Schack-Mulligen 2026-04-28 13:38:14 +02:00
  • bedadc9f04 C#: Deprecate some SSA internals. Anders Schack-Mulligen 2026-04-28 13:35:14 +02:00
  • 55b83ca22a C#: Deprecate Ssa::Definition in favour of SsaDefinition. Anders Schack-Mulligen 2026-04-28 11:20:54 +02:00
  • de96b5acfd C#: Deprecate Ssa::ImplicitDefinition. Anders Schack-Mulligen 2026-04-28 11:15:13 +02:00
  • 80d5e27b46 C#: Deprecate Ssa::ImplicitEntryDefinition. Anders Schack-Mulligen 2026-04-28 11:03:03 +02:00
  • e1cd708c75 Rust: Use verbose type paths in inline expectation comments Tom Hvitved 2026-04-30 13:33:32 +02:00
  • 65f647a8c0 C#: Replace Ssa::UncertainDefinition with SsaUncertainWrite. Anders Schack-Mulligen 2026-04-27 15:07:51 +02:00
  • 9a7eb8dfb9 C#: Replace Ssa::PhiNode with SsaPhiDefinition. Anders Schack-Mulligen 2026-04-27 15:05:12 +02:00
  • 6ecdf3fe32 C#: Replace Ssa::ImplicitParameterDefinition with SsaParameterInit. Anders Schack-Mulligen 2026-04-27 14:59:22 +02:00
  • 4042bbec5b Swift: Add type inference tests Tom Hvitved 2026-04-29 11:11:44 +02:00
  • 936f0c650c Address review comments on path-injection[read] sub-kind MarkLee131 2026-04-30 19:06:04 +08:00
  • 31e06bc0a9 C#: Remove SSA location overrides. Anders Schack-Mulligen 2026-04-27 14:56:52 +02:00
  • dc34b10cb6 C#: Replace Ssa::ExplicitDefinition with SsaExplicitWrite. Anders Schack-Mulligen 2026-04-24 16:04:36 +02:00
  • a6c7f27fc1 C#: Deprecate Definition.getEnclosingCallable. Anders Schack-Mulligen 2026-04-24 08:51:25 +02:00
  • ed6cdfc227 C#: Move isLiveOutRefParameterDefinition to top-level. Anders Schack-Mulligen 2026-04-24 08:47:36 +02:00
  • 9345c44e0f C#: Delete test for Definition.getElement. Anders Schack-Mulligen 2026-04-23 16:23:21 +02:00
  • c88a22ccf8 C#: Replace most uses of Ssa::Definition with SsaDefinition. Anders Schack-Mulligen 2026-04-23 16:21:29 +02:00
  • 2545f06b52 C#: Deprecate member predicate Definition.getAReadAtNode. Anders Schack-Mulligen 2026-04-23 14:59:01 +02:00
  • 83c7a33e53 C#: Deprecate member predicates Definition.getAFirstRead and getAFirstReadAtNode. Anders Schack-Mulligen 2026-04-23 14:45:46 +02:00
  • 90741b15e2 Merge branch 'main' into fix/path-injection-read-subkind MarkLee131 2026-04-30 18:37:12 +08:00
  • fb438bf512 C#: Remove references to getAFirstReadAtNode. Anders Schack-Mulligen 2026-04-23 14:25:43 +02:00
  • e5d219a039 C#: Simplify library instantiations. Anders Schack-Mulligen 2026-04-23 13:38:28 +02:00
  • 72d21a9a56 C#: Instantiate shared SSA wrappers. Anders Schack-Mulligen 2026-04-17 15:25:22 +02:00
  • 7ef9e1b939 C#: Rename SsaImpl input. Anders Schack-Mulligen 2026-04-17 15:19:40 +02:00
  • a473fdb709 Merge pull request #21759 from hvitved/csharp/cfg-params Tom Hvitved 2026-04-30 11:31:06 +02:00
  • fed42d655f Merge pull request #21656 from MarkLee131/fix/trust-boundary-regexp-barrier Owen Mansel-Chan 2026-04-29 14:59:01 +01:00
  • 03d70b9f94 C#: Add another nuget.config integration test. Michael Nebel 2026-04-29 15:47:32 +02:00
  • e29770c2b5 C#: Fix missing slash in comments. Michael Nebel 2026-04-29 15:27:47 +02:00
  • 28a6ff208c Merge remote-tracking branch 'origin/main' into fix/sensitive-log-hash-sanitizer MarkLee131 2026-04-29 20:59:59 +08:00
  • e14b654e8a Update shared/controlflow/codeql/controlflow/ControlFlowGraph.qll Tom Hvitved 2026-04-29 14:57:35 +02:00
  • 51e2a5418b Java: move EncryptedSensitiveMethodCall into Sanitizers.qll MarkLee131 2026-04-29 20:56:36 +08:00
  • 75162bb9eb Update java/ql/test/query-tests/security/CWE-532/Test.java MarkLee131 2026-04-29 20:53:58 +08:00
  • 49d014cbac Merge branch 'main' into fix/trust-boundary-regexp-barrier MarkLee131 2026-04-29 20:48:22 +08:00
  • d27ee86242 Java: refactor trust-boundary sanitizers into TrustBoundaryValidationSanitizer subclasses MarkLee131 2026-04-29 20:45:45 +08:00
  • 511627b20c Add MaDs for Jakarta jacknojo/add_llm_generated_mads_for_jakartaee Jack Nørskov Jørgensen 2026-04-29 14:35:53 +02:00
  • 0192ffab07 Merge pull request #21751 from github/jacknojo/move_java_generated_mads Jack Nørskov Jørgensen 2026-04-29 14:33:58 +02:00
  • 99b5cecb18 Java: Adapt to changes in shared CFG library Tom Hvitved 2026-04-28 10:32:53 +02:00
  • 99023f8b59 C#: Add upgrade/downgrade scripts Tom Hvitved 2026-04-29 14:02:43 +02:00
  • b6c464281b C#: Move internal logic into internal/ControlFlowGraph.qll Tom Hvitved 2026-04-28 14:22:28 +02:00
  • d4a32476da C#: No need to special-case default arguments in nullness analysis Tom Hvitved 2026-04-28 10:44:16 +02:00
  • 6c42418faf C#: Use parameter CFG nodes in SSA Tom Hvitved 2026-04-27 12:12:59 +02:00
  • cbe207ab65 C#: Include parameters and their defaults in the CFG Tom Hvitved 2026-04-28 10:45:47 +02:00
  • d792e11b7f C#: Add tests for methods with default parameters Tom Hvitved 2026-04-21 13:42:33 +02:00
  • 77639817fe C#: Remove unintended CP Tom Hvitved 2026-04-28 10:45:53 +02:00
  • 68be006a29 Merge pull request #21641 from github/josefs/promptInjectionImprovements Josef Svenningsson 2026-04-29 11:23:52 +01:00
  • 96d6ee61ff Update cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql Mathias Vorreiter Pedersen 2026-04-29 10:55:02 +01:00
  • bfd3683b0b Merge pull request #21372 from michaelnebel/csharp14/usercompoundassignment Michael Nebel 2026-04-29 11:22:35 +02:00
  • c95083b176 Merge pull request #21697 from yearn/js/vercel-node-framework Asger F 2026-04-29 10:58:53 +02:00
  • dfd85c321c C++: Compute 'IgnorableOperationToOperationSourceCandidateConfig' after an initial round of the query to reduce the number of sinks. Mathias Vorreiter Pedersen 2026-04-28 22:02:32 +01:00
  • c2beef1900 Merge pull request #21765 from jketema/switch Jeroen Ketema 2026-04-28 21:57:10 +02:00
  • 25a8aa97b2 Fix openai prompt injection tests Josef Svenningsson 2026-04-28 18:23:42 +01:00
  • 691aeb0815 Remove the chat completion create logic. Josef Svenningsson 2026-04-28 18:13:45 +01:00
  • a05e191518 Add tests for anthropic prompt injection models Josef Svenningsson 2026-04-28 15:51:45 +01:00
  • e069c9c2ee Fix tests Josef Svenningsson 2026-04-02 19:17:48 +01:00
  • bb18bb084c Improve prompt inject for Python Josef Svenningsson 2026-04-02 17:42:37 +01:00
  • 6f774470b3 Merge branch 'main' into js/vercel-node-framework murderteeth 2026-04-28 12:30:27 -04:00
  • 18b06f1cf4 Model res.json and res.jsonp as Vercel response sinks murderteeth 2026-04-28 16:14:53 +00:00
  • 1b87140ce7 Regenerate DatabaseAccesses.expected for new vercel.ts fixture murderteeth 2026-04-28 15:57:06 +00:00
  • 29dd56f83f C++: Make formatting of switch statement examples more uniform Jeroen Ketema 2026-04-28 16:36:54 +02:00
  • 0bc23c3af1 C++: Match example with text Jeroen Ketema 2026-04-28 16:33:17 +02:00
  • f634b328ee C++: Fix join-order problem in getNextSwitchCase Jeroen Ketema 2026-04-28 15:44:53 +02:00
  • fa8c1d6226 C++: Add a getSwitchCase predicate to SwitchStmt Jeroen Ketema 2026-04-28 15:44:12 +02:00
  • 1ba9601257 Merge pull request #21764 from github/add-strsafe.h-models Mathias Vorreiter Pedersen 2026-04-28 12:10:26 +01:00
  • 67aa342fe5 C#: Update test expected output for integration tests. Michael Nebel 2026-04-28 12:46:41 +02:00
  • b07d2fb7d7 Merge pull request #21740 from owen-mc/go/overlay-correctness Owen Mansel-Chan 2026-04-28 11:35:14 +01:00
  • c59d6cb2a7 C++: Accept query test change. Mathias Vorreiter Pedersen 2026-04-28 11:35:08 +01:00
  • ba649835ed Rust: pin integration test toolchain to 1.94.1 redsun82/pin-rust-toolchain-1-94-1 Paolo Tranquilli 2026-04-28 11:25:02 +02:00
  • f28d5d2f59 C++: Add change note. Mathias Vorreiter Pedersen 2026-04-28 10:57:04 +01:00
  • 86d8e362a1 C++: Accept test changes. Mathias Vorreiter Pedersen 2026-04-28 10:28:13 +01:00
  • 2805f788ee C++: Add strsafe.h model. Mathias Vorreiter Pedersen 2026-04-28 10:28:05 +01:00
  • e29efc7d2c C++: Add tests with missing flow. Mathias Vorreiter Pedersen 2026-04-28 10:50:39 +01:00
  • 615ae41e67 C#: Address review comments. Michael Nebel 2026-04-27 16:03:13 +02:00
  • ae81f3a00f C#: Inherited feeds may not get properly computed if a nuget.config file contains a clear. This has been fixed. Michael Nebel 2026-04-24 15:24:34 +02:00
  • ed857ad6e0 C#: Make the restore sources project/solution specific. Michael Nebel 2026-04-24 15:22:17 +02:00
  • a6d1ccae8e C#: Update integration test expected output. Michael Nebel 2026-04-22 11:36:55 +02:00
  • 831b4d6ceb C#: Add NuGet package missing failures to the compilation info. Michael Nebel 2026-04-22 10:54:25 +02:00
  • 9bd4f65463 C#: Also apply feed exclusions to inherited feeds. Michael Nebel 2026-04-22 10:29:42 +02:00
  • 5ff4b43732 C#: Address review comment. Michael Nebel 2026-04-22 10:21:10 +02:00
  • ca0c2746fc C#: Address Copilots review comments. Michael Nebel 2026-04-13 13:07:59 +02:00
  • b7e3e6c5ca C#: Add change-note. Michael Nebel 2026-04-10 13:50:27 +02:00
  • 597f3fa727 C#: Update integration test expected output. Michael Nebel 2026-04-13 11:25:05 +02:00
  • 6f888f1544 C#: Change the All NuGet feed reachable telemetry. Michael Nebel 2026-04-13 11:00:48 +02:00
  • 8372a37f74 C#: Only include feeds that we can connect to. Michael Nebel 2026-04-10 16:13:12 +02:00
  • c0a1dd0524 C#: Only use the default package source when using nuget.exe if it is reachable. Michael Nebel 2026-04-10 13:38:03 +02:00
  • e6df1d8d8a C#: Handle special case when no feeds are reachable. Michael Nebel 2026-04-10 13:11:47 +02:00
  • 1ee6d631c6 C#: Rename ExtraArgs to NugetSources. Michael Nebel 2026-04-10 11:47:12 +02:00
  • 8369c926b1 C#: Simplify and improve the reachability check and improve the logging. Michael Nebel 2026-04-10 10:02:13 +02:00
  • 1dfe30deaf C#: For specific listed nuget feeds in a project, still allow their use unless there is a timeout when trying to reach them. Michael Nebel 2026-04-10 09:02:59 +02:00
  • 21fb44d0ba C#: Re-add the compilation information on reachable fallback NuGet feed count. Michael Nebel 2026-04-09 15:49:53 +02:00
  • b95a8aa378 C#: Address review comments. Michael Nebel 2026-04-09 15:39:43 +02:00
  • c53b2f589b C#: Remove redundant out parameter from CheckSpecifiedFeeds. Michael Nebel 2026-04-09 15:24:37 +02:00
  • 4dad62c481 C#: Make sure that the feeds that excluded for the feed check (based on an environment variable setting) are still used as sources. Michael Nebel 2026-04-09 15:06:40 +02:00
  • 365b419b5e C#: Add private registries to the set of explicit feeds. Always use specific sources for restoring if private registries are used of if nuget feed reachability check is performed. Michael Nebel 2026-04-09 14:32:30 +02:00
  • 132dc1fa26 C#: Turn checkNugetFeedResponsiveness into a field and remove some explicit this qualifiers. Michael Nebel 2026-04-09 13:06:32 +02:00
  • cce5f06086 Only use reachable feeds when private registries are configured Michael B. Gale 2026-02-27 14:38:01 +00:00
  • 17c45fcd75 Check reachability of inherited feeds Michael B. Gale 2026-02-27 14:32:01 +00:00
  • 9898e21ce7 Divide up CheckSpecifiedFeeds Michael B. Gale 2026-02-27 14:30:57 +00:00