Skip to content

Sync Main (autogenerated) #273

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 275 commits into from
Sep 2, 2025
Merged

Sync Main (autogenerated) #273

merged 275 commits into from
Sep 2, 2025

Conversation

@dilanbhalla
Copy link
Collaborator

@dilanbhalla dilanbhalla commented Aug 21, 2025

This PR syncs the latest changes from codeql-cli/latest into main.

d10c and others added 30 commits July 17, 2025 14:44
@d10c
[DIFF-INFORMED] Ruby: MissingFullAnchor
4b6135c 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/ruby/ql/src/queries/security/cwe-020/MissingFullAnchor.ql#L18
@d10c
[DIFF-INFORMED] C#: ConditionalBypass
793f921 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/csharp/ql/src/Security%20Features/CWE-807/ConditionalBypass.ql#L22
@d10c
[DIFF-INFORMED] C#: UnsafeDeserializationQuery
7f085e6 
https://github.com/d10c/codeql/blob/57c8b6e2299f5d6e991bd1a198a58692b6d6e016/csharp/ql/src/Security%20Features/CWE-502/UnsafeDeserializationUntrustedInput.ql#L59
@d10c
[DIFF-INFORMED] C#: ThreadUnsafeCryptoTransformLambda
b2fd58e
@d10c
[DIFF-INFORMED] C#: HardcodedConnectionString
218fcbb
@mschwager
Fix github#19294, Ruby NetHttpRequest improvements
9da94fb
@mschwager
Update expected test output
5192f31
@mschwager
Add change-note
d8b9d4d
@geoffw0
Merge branch 'main' into sqlx
67c170f
@aschackmull
Java: Untangle code a bit to improve join order.
e3021f4
@aschackmull
Java: Improve joinorder in getErasedRepr.
5ca35af
@aschackmull
Java: Improve ObjFlow performance.
6c82752
@geoffw0
Rust: Add tests cases for cleartext storage.
9972aaf
@geoffw0
Rust: The Cargo.lock file has changed as well.
897822d
@geoffw0
Rust: Query framework.
5c64d4e
@geoffw0
Rust: Implement query.
a3110a9
@geoffw0
Rust: Add qhelp and examples.
e585e67
@geoffw0
Rust: Clean up the alert message.
215fe7d
@geoffw0
Rust: Address small bugs in the test.
b6e60e4
@geoffw0
Rust: Add examples to tests.
42ced8a
@Napalys
Exlucde environmental variables from default detection in regexp inje…
5f53820 
…ction
@Napalys
Created new folder for test with threat models disabled
8583257
@Napalys
Added new test cases for regexp injection with enviromental variable …
d28a6e6 
…threat model enabled
@Napalys
Added change note
3f9061a
@geoffw0
Rust: Repair BadCtorInitialization.ql's StdCall using getCanonicalPath.
58680c9
@MathiasVP
C++: Add an example of double negation to the IR tests.
1828970
@geoffw0
Merge branch 'main' into sqlx
01d24c4
@Napalys
Add command injection tests for CLI argument parsing libraries
e8eb9be
@Napalys
Added step through yargs/yargs constructor and chained methods.
e980798
@Napalys
Added a step from parse to opts for commander js
6b4e34d
d10c and others added 24 commits August 15, 2025 12:07
@d10c
Merge pull request github#20074 from d10c/d10c/diff-informed-phase-3-…
8000e7c 
…csharp

C#: Diff-informed queries: phase 3 (non-trivial locations)
@igfoo
C++: Add some more tests for SloppyGlobal
0b68c1c
@igfoo
C++: SloppyGlobal: Don't alert on template instantiations, only the t…
4b78606 
…emplate
@d10c
Merge pull request github#20075 from d10c/d10c/diff-informed-phase-3-go
0512940 
Go: Diff-informed queries: phase 3 (non-trivial locations)
@igfoo
C++: SloppyGlobal: Accept test changes
bfd4c41 
We no longer alert on template instantiations, just the template.
@hvitved
Rust: Remove TC from ImplTraitTypeRepr.isInReturnPos
1af6ddd
@igfoo
C++: Add some BAD annotations to SloppyGlobal test
3157fcd
@igfoo
C++: Add a changenote for the change to cpp/short-global-name
0870cc3
@jketema
Merge pull request github#20223 from jketema/go-1.25-doc
84119ba 
Go: Mention Go 1.25 as supported
@d10c
Merge pull request github#20072 from d10c/d10c/diff-informed-phase-3-…
bb9daa0 
…actions

Actions: Diff-informed queries: phase 3 (non-trivial locations)
@5idg5
Merge branch 'main' of https://github.com/5idg5/codeql into java/data…
e697e89 
…-extensions-change
@5idg5
changenote
d84e531
@Napalys
Merge pull request github#20148 from Napalys/js/reg-exp-env-variable-…
b234618 
…threat-model

JS: Exclude environment variables from `js/regex-injection` query by default
@Napalys
Merge pull request github#20151 from Napalys/js/command-line-libs
b19d1e0 
JS: Enhance command injection detection for CLI argument parsing libraries
@d10c
Merge pull request github#20079 from d10c/d10c/diff-informed-phase-3-…
4199859 
…python

Python: Diff-informed queries: phase 3 (non-trivial locations)
@d10c
Merge pull request github#20073 from d10c/d10c/diff-informed-phase-3-cpp
f1b5564 
C++: Diff-informed queries: phase 3 (non-trivial locations)
@aschackmull
Merge pull request github#20228 from 5idg5/java/data-extensions-change
877d397 
Add data extensions for remote tainted sources
@geoffw0
Merge pull request github#20222 from geoffw0/pathbuf
4eea443 
Rust: Add a type inference test case resembling PathBuf.canonicalize.
@hvitved
Merge pull request github#20230 from hvitved/cfg/standard-tree-skip-n…
299ccb6 
…on-tree-children

Shared: Skip non-CFG children in `StandardTree`
@igfoo
Merge pull request github#20232 from igfoo/igfoo/SloppyGlobal
fd020b5 
C++: SloppyGlobal: Don't alert on template instantiations, only the template
@hvitved
Merge pull request github#20233 from hvitved/rust/remove-tc
f1ca0ec 
Rust: Remove TC from `ImplTraitTypeRepr.isInReturnPos`
Release preparation for version 2.22.4
90d2999
@smowton
Merge pull request github#20240 from github/release-prep/2.22.4
57378ec 
Release preparation for version 2.22.4
Merge tag 'codeql-cli/latest' into auto/sync-main-pr
05dbec6 
Compatible with the latest released version of the CodeQL CLI
@dilanbhalla dilanbhalla merged commit 218f79f into main Sep 2, 2025
17 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ropwareJB ropwareJB ropwareJB approved these changes

@MathiasVP MathiasVP MathiasVP approved these changes

Assignees

No one assigned

Labels

autogenerated

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.