[krishnprakash/codeql] 97f7dc: Rust: Add dataflow test cases for neutral models.
0 views
Skip to first unread message
Phileco
Feb 26, 2026, 5:31:52 PM (7 days ago) Feb 26
to philecodi...@googlegroups.com
Branch: refs/heads/main
Home: https://github.com/krishnprakash/codeql
Commit: 97f7dcb04a1d5565cce833acae0b2d5639df67af
https://github.com/krishnprakash/codeql/commit/97f7dcb04a1d5565cce833acae0b2d5639df67af
Author: Geoffrey White <40627776...@users.noreply.github.com>
Date: 2026-02-04 (Wed, 04 Feb 2026)
Changed paths:
M rust/ql/test/library-tests/dataflow/models/main.rs
M rust/ql/test/library-tests/dataflow/models/models.expected
M rust/ql/test/library-tests/dataflow/models/models.ext.yml
Log Message:
-----------
Rust: Add dataflow test cases for neutral models.
Commit: d40071321a6533b43cfc91541e57f7395c853648
https://github.com/krishnprakash/codeql/commit/d40071321a6533b43cfc91541e57f7395c853648
Author: Geoffrey White <40627776...@users.noreply.github.com>
Date: 2026-02-04 (Wed, 04 Feb 2026)
Changed paths:
M rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll
M rust/ql/test/library-tests/dataflow/models/main.rs
M rust/ql/test/library-tests/dataflow/models/models.expected
Log Message:
-----------
Rust: Implement neutral models for Rust.
Commit: 9de5f5c72b2d4215d2487ca288cac0cedc59511c
https://github.com/krishnprakash/codeql/commit/9de5f5c72b2d4215d2487ca288cac0cedc59511c
Author: Geoffrey White <40627776...@users.noreply.github.com>
Date: 2026-02-05 (Thu, 05 Feb 2026)
Changed paths:
A rust/ql/lib/change-notes/2026-02-05-neutral-models.md
M rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll
M rust/ql/test/library-tests/dataflow/models/main.rs
Log Message:
-----------
Rust: Clean up and change note.
Commit: c0a5c63e8e85a553d8b8fa4caaa512c88b4682e5
https://github.com/krishnprakash/codeql/commit/c0a5c63e8e85a553d8b8fa4caaa512c88b4682e5
Author: Geoffrey White <40627776...@users.noreply.github.com>
Date: 2026-02-05 (Thu, 05 Feb 2026)
Changed paths:
M MODULE.bazel
M actions/ql/lib/CHANGELOG.md
A actions/ql/lib/change-notes/released/0.4.27.md
M actions/ql/lib/codeql-pack.release.yml
M actions/ql/lib/codeql/actions/ast/internal/Ast.qll
M actions/ql/lib/qlpack.yml
M actions/ql/src/CHANGELOG.md
A actions/ql/src/change-notes/released/0.6.19.md
M actions/ql/src/codeql-pack.release.yml
M actions/ql/src/qlpack.yml
R actions/ql/test/library-tests/.github/workflows/commands.yml
R actions/ql/test/library-tests/.github/workflows/expression_nodes.yml
R actions/ql/test/library-tests/.github/workflows/many_strings.yml
R actions/ql/test/library-tests/.github/workflows/multiline.yml
R actions/ql/test/library-tests/.github/workflows/multiline2.yml
R actions/ql/test/library-tests/.github/workflows/poisonable_steps.yml
R actions/ql/test/library-tests/.github/workflows/shell.yml
R actions/ql/test/library-tests/.github/workflows/test.yml
A actions/ql/test/library-tests/basic/.github/workflows/commands.yml
A actions/ql/test/library-tests/basic/.github/workflows/expression_nodes.yml
A actions/ql/test/library-tests/basic/.github/workflows/many_strings.yml
A actions/ql/test/library-tests/basic/.github/workflows/multiline.yml
A actions/ql/test/library-tests/basic/.github/workflows/multiline2.yml
A actions/ql/test/library-tests/basic/.github/workflows/poisonable_steps.yml
A actions/ql/test/library-tests/basic/.github/workflows/shell.yml
A actions/ql/test/library-tests/basic/.github/workflows/test.yml
A actions/ql/test/library-tests/basic/commands.expected
A actions/ql/test/library-tests/basic/commands.ql
A actions/ql/test/library-tests/basic/poisonable_steps.expected
A actions/ql/test/library-tests/basic/poisonable_steps.ql
A actions/ql/test/library-tests/basic/test.expected
A actions/ql/test/library-tests/basic/test.ql
A actions/ql/test/library-tests/basic/workflowenum.expected
A actions/ql/test/library-tests/basic/workflowenum.ql
R actions/ql/test/library-tests/commands.expected
R actions/ql/test/library-tests/commands.ql
R actions/ql/test/library-tests/poisonable_steps.expected
R actions/ql/test/library-tests/poisonable_steps.ql
R actions/ql/test/library-tests/test.expected
R actions/ql/test/library-tests/test.ql
A actions/ql/test/library-tests/very-long-expression/.github/workflows/very_long_expression_node.yml
A actions/ql/test/library-tests/very-long-expression/very_long_expression_node.expected
A actions/ql/test/library-tests/very-long-expression/very_long_expression_node.ql
R actions/ql/test/library-tests/workflowenum.expected
R actions/ql/test/library-tests/workflowenum.ql
M cpp/ql/lib/CHANGELOG.md
R cpp/ql/lib/change-notes/2026-01-19-embed.md
R cpp/ql/lib/change-notes/2026-01-19-parameterized-barrier-guard.md
A cpp/ql/lib/change-notes/2026-02-03-windows-remote-flow-sources.md
A cpp/ql/lib/change-notes/released/7.1.0.md
M cpp/ql/lib/codeql-pack.release.yml
A cpp/ql/lib/ext/MySql.model.yml
M cpp/ql/lib/ext/Windows.model.yml
A cpp/ql/lib/ext/azure.core.model.yml
M cpp/ql/lib/qlpack.yml
M cpp/ql/lib/semmle/code/cpp/commons/Buffer.qll
M cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll
M cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll
M cpp/ql/lib/semmle/code/cpp/dataflow/internal/FlowSummaryImpl.qll
M cpp/ql/lib/semmle/code/cpp/internal/Overlay.qll
M cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll
M cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll
M cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImpl.qll
M cpp/ql/lib/semmle/code/cpp/models/Models.qll
M cpp/ql/lib/semmle/code/cpp/models/implementations/MySql.qll
A cpp/ql/lib/semmle/code/cpp/models/implementations/WinHttp.qll
M cpp/ql/src/CHANGELOG.md
M cpp/ql/src/Security/CWE/CWE-089/SqlTainted.ql
A cpp/ql/src/change-notes/released/1.5.10.md
M cpp/ql/src/codeql-pack.release.yml
M cpp/ql/src/qlpack.yml
M cpp/ql/src/utils/modelgenerator/internal/CaptureModels.qll
M cpp/ql/test/library-tests/controlflow/guards-ir/tests.expected
M cpp/ql/test/library-tests/controlflow/guards/GuardsControl.expected
M cpp/ql/test/library-tests/controlflow/guards/GuardsEnsure.expected
A cpp/ql/test/library-tests/dataflow/asDefinition/test.cpp
A cpp/ql/test/library-tests/dataflow/asDefinition/test.expected
A cpp/ql/test/library-tests/dataflow/asDefinition/test.ql
M cpp/ql/test/library-tests/dataflow/dataflow-tests/test-source-sink.expected
M cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp
A cpp/ql/test/library-tests/dataflow/external-models/azure.cpp
M cpp/ql/test/library-tests/dataflow/external-models/flow.expected
M cpp/ql/test/library-tests/dataflow/external-models/sources.expected
M cpp/ql/test/library-tests/dataflow/external-models/steps.expected
M cpp/ql/test/library-tests/dataflow/external-models/validatemodels.expected
M cpp/ql/test/library-tests/dataflow/external-models/windows.cpp
M csharp/autobuilder/Semmle.Autobuild.CSharp.Tests/BuildScripts.cs
M csharp/autobuilder/Semmle.Autobuild.Cpp.Tests/BuildScripts.cs
M csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs
M csharp/extractor/Semmle.Util/BuildActions.cs
M csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
A csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.58.md
M csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
M csharp/ql/campaigns/Solorigate/lib/qlpack.yml
M csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
A csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.58.md
M csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
M csharp/ql/campaigns/Solorigate/src/qlpack.yml
A csharp/ql/integration-tests/linux/diag_nuget_config_casing/Program.cs
A csharp/ql/integration-tests/linux/diag_nuget_config_casing/diagnostics.expected
A csharp/ql/integration-tests/linux/diag_nuget_config_casing/global.json
A csharp/ql/integration-tests/linux/diag_nuget_config_casing/sub-project/Nuget.Config
A csharp/ql/integration-tests/linux/diag_nuget_config_casing/test.csproj
A csharp/ql/integration-tests/linux/diag_nuget_config_casing/test.py
M csharp/ql/lib/CHANGELOG.md
R csharp/ql/lib/change-notes/2026-01-14-null-conditional-assignments.md
A csharp/ql/lib/change-notes/released/5.4.6.md
M csharp/ql/lib/codeql-pack.release.yml
M csharp/ql/lib/qlpack.yml
M csharp/ql/lib/semmle/code/csharp/dataflow/FlowSummary.qll
M csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowDispatch.qll
M csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll
M csharp/ql/lib/semmle/code/csharp/dataflow/internal/ExternalFlow.qll
M csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll
M csharp/ql/lib/semmle/code/csharp/frameworks/EntityFramework.qll
M csharp/ql/src/CHANGELOG.md
M csharp/ql/src/Security Features/CWE-352/MissingAntiForgeryTokenValidation.ql
A csharp/ql/src/change-notes/2026-02-04-csrf-inherited-attribute.md
A csharp/ql/src/change-notes/released/1.6.1.md
M csharp/ql/src/codeql-pack.release.yml
M csharp/ql/src/qlpack.yml
M csharp/ql/src/utils/modelgenerator/internal/CaptureModels.qll
M csharp/ql/test/library-tests/dataflow/external-models/ExternalFlow.cs
M csharp/ql/test/library-tests/dataflow/global/DataFlowPath.expected
M csharp/ql/test/library-tests/dataflow/global/TaintTrackingPath.expected
M csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected
M csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected
M csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.ql
M csharp/ql/test/query-tests/Security Features/CWE-352/missing-aspnetcore/MissingAntiForgeryTokenValidation.cs
M csharp/ql/test/query-tests/Security Features/CWE-352/missing-aspnetcore/MissingAntiForgeryTokenValidation.expected
M csharp/ql/test/query-tests/Security Features/CWE-352/missing/MissingAntiForgeryTokenValidation.cs
M csharp/ql/test/query-tests/Security Features/CWE-352/missing/MissingAntiForgeryTokenValidation.expected
M csharp/ql/test/query-tests/Security Features/CWE-639/MVCTests/CommentController.cs
M csharp/ql/test/query-tests/Security Features/CWE-639/MVCTests/InsecureDirectObjectReference.expected
M csharp/ql/test/shared/FlowSummaries.qll
A docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.23.9.rst
A docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.24.0.rst
M docs/codeql/codeql-overview/codeql-changelog/index.rst
M docs/codeql/reusables/supported-versions-compilers.rst
M go/extractor/cli/go-autobuilder/go-autobuilder.go
M go/extractor/diagnostics/BUILD.bazel
M go/extractor/diagnostics/diagnostics.go
A go/extractor/diagnostics/diagnostics_test.go
M go/extractor/extractor.go
M go/extractor/go.mod
M go/extractor/go.sum
A go/extractor/registries/BUILD.bazel
A go/extractor/registries/registryproxy.go
A go/extractor/registries/registryproxy_test.go
M go/extractor/toolchain/BUILD.bazel
M go/extractor/toolchain/toolchain.go
M go/extractor/util/BUILD.bazel
R go/extractor/util/registryproxy.go
R go/extractor/util/registryproxy_test.go
M go/extractor/util/util.go
M go/ql/consistency-queries/CHANGELOG.md
A go/ql/consistency-queries/change-notes/released/1.0.41.md
M go/ql/consistency-queries/codeql-pack.release.yml
M go/ql/consistency-queries/qlpack.yml
M go/ql/integration-tests/diagnostics/package-not-found-with-go-mod/diagnostics.expected
M go/ql/integration-tests/diagnostics/package-not-found-with-go-mod/test.py
M go/ql/integration-tests/diagnostics/package-not-found-without-go-mod/diagnostics.expected
M go/ql/integration-tests/diagnostics/package-not-found-without-go-mod/test.py
M go/ql/lib/CHANGELOG.md
A go/ql/lib/change-notes/2026-01-28-shared-basic-block-library.md
A go/ql/lib/change-notes/released/6.0.1.md
M go/ql/lib/codeql-pack.release.yml
M go/ql/lib/qlpack.yml
M go/ql/lib/semmle/go/controlflow/BasicBlocks.qll
M go/ql/lib/semmle/go/controlflow/ControlFlowGraph.qll
M go/ql/lib/semmle/go/dataflow/ExternalFlow.qll
M go/ql/lib/semmle/go/dataflow/FlowSummary.qll
M go/ql/lib/semmle/go/dataflow/SSA.qll
M go/ql/lib/semmle/go/dataflow/SsaImpl.qll
M go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll
M go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll
M go/ql/src/CHANGELOG.md
M go/ql/src/Security/CWE-020/IncompleteHostnameRegexp.ql
A go/ql/src/change-notes/released/1.5.5.md
M go/ql/src/codeql-pack.release.yml
M go/ql/src/qlpack.yml
M java/documentation/library-coverage/coverage.csv
M java/documentation/library-coverage/coverage.rst
M java/kotlin-extractor/BUILD.bazel
R java/kotlin-extractor/deps/kotlin-compiler-1.6.0.jar
R java/kotlin-extractor/deps/kotlin-compiler-1.6.20.jar
R java/kotlin-extractor/deps/kotlin-compiler-1.7.0.jar
R java/kotlin-extractor/deps/kotlin-compiler-1.7.20.jar
A java/kotlin-extractor/deps/kotlin-compiler-2.3.0.jar
R java/kotlin-extractor/deps/kotlin-compiler-embeddable-1.6.0.jar
R java/kotlin-extractor/deps/kotlin-compiler-embeddable-1.6.20.jar
R java/kotlin-extractor/deps/kotlin-compiler-embeddable-1.7.0.jar
R java/kotlin-extractor/deps/kotlin-compiler-embeddable-1.7.20.jar
A java/kotlin-extractor/deps/kotlin-compiler-embeddable-2.3.0.jar
R java/kotlin-extractor/deps/kotlin-stdlib-1.6.0.jar
R java/kotlin-extractor/deps/kotlin-stdlib-1.6.20.jar
R java/kotlin-extractor/deps/kotlin-stdlib-1.7.0.jar
R java/kotlin-extractor/deps/kotlin-stdlib-1.7.20.jar
A java/kotlin-extractor/deps/kotlin-stdlib-2.3.0.jar
M java/kotlin-extractor/dev/wrapper.py
M java/kotlin-extractor/src/main/kotlin/KotlinExtractorComponentRegistrar.kt
M java/kotlin-extractor/src/main/kotlin/KotlinFileExtractor.kt
M java/kotlin-extractor/src/main/kotlin/KotlinUsesExtractor.kt
M java/kotlin-extractor/src/main/kotlin/MetaAnnotationSupport.kt
M java/kotlin-extractor/src/main/kotlin/utils/ClassNames.kt
M java/kotlin-extractor/src/main/kotlin/utils/GetByFqName.kt
M java/kotlin-extractor/src/main/kotlin/utils/JvmNames.kt
M java/kotlin-extractor/src/main/kotlin/utils/TypeSubstitution.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/CodeQLIrConst.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/CodeQLIsRoot.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/CommentExtractorLighterAST.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/ExperimentalCompilerApi.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/FirMetadataSourceFirFile.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/IrLazyFunction.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/IrSymbolInternals.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/IrVisitor.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/IsUnderscoreParameter.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/JvmDefaultModeIsNoCompatibility.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/Kotlin2ComponentRegistrar.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/LinesOfCodeLighterAST.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/Psi2Ir.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/ReferenceEntity.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/SyntheticBodyKind.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/Types.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/UsesK2.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/VirtualFileBasedSourceElement.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/allOverriddenIncludingSelf.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/copyTo.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/createImplicitParameterDeclarationWithWrappedDescriptor.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/getFileClassFqName.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/getJvmDefaultMode.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/getJvmModuleNameForDeserializedDescriptor.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/getKotlinType.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/isDispatchReceiver.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/packageFqName.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/parameterIndexExcludingReceivers.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/parents.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/typeUtils.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/withHasQuestionMark.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_20/IsUnderscoreParameter.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_20/Types.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_7_0/getFileClassFqName.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_7_0/getKotlinType.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_7_0/withHasQuestionMark.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_7_20/allOverriddenIncludingSelf.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_7_20/copyTo.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_7_20/createImplicitParameterDeclarationWithWrappedDescriptor.kt
A java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/CodeQLIrConst.kt
A java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/CodeQLIsRoot.kt
A java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/CommentExtractorLighterAST.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/ExperimentalCompilerApi.kt
A java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/FirMetadataSourceFirFile.kt
A java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/IrLazyFunction.kt
A java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/IrSymbolInternals.kt
A java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/IrVisitor.kt
A java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/JvmDefaultModeIsNoCompatibility.kt
A java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/Kotlin2ComponentRegistrar.kt
A java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/LinesOfCodeLighterAST.kt
A java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/Psi2Ir.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/ReferenceEntity.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/SyntheticBodyKind.kt
A java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/UsesK2.kt
A java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/VirtualFileBasedSourceElement.kt
A java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/createImplicitParameterDeclarationWithWrappedDescriptor.kt
A java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/getJvmDefaultMode.kt
A java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/getJvmModuleNameForDeserializedDescriptor.kt
A java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/getKotlinType.kt
A java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/isDispatchReceiver.kt
A java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/packageFqName.kt
A java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/parameterIndexExcludingReceivers.kt
A java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/parents.kt
A java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/typeUtils.kt
M java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_9_0-Beta/Kotlin2ComponentRegistrar.kt
M java/kotlin-extractor/versions.bzl
M java/ql/consistency-queries/UnaryExpr.ql
M java/ql/examples/snippets/returnstatement.ql
M java/ql/examples/snippets/ternaryconditional.ql
M java/ql/integration-tests/kotlin/all-platforms/compiler_arguments/app/build.gradle
M java/ql/integration-tests/kotlin/all-platforms/diagnostics/kotlin-version-too-new/diagnostics.expected
M java/ql/integration-tests/kotlin/all-platforms/gradle_groovy_app/app/build.gradle
M java/ql/integration-tests/kotlin/all-platforms/gradle_kotlinx_serialization/PrintAst.expected
M java/ql/integration-tests/kotlin/all-platforms/gradle_kotlinx_serialization/app/build.gradle
M java/ql/integration-tests/kotlin/all-platforms/gradle_kotlinx_serialization/diag.expected
M java/ql/integration-tests/kotlin/all-platforms/java_modifiers/test.expected
M java/ql/integration-tests/kotlin/all-platforms/jvmoverloads-external-class/test.expected
M java/ql/integration-tests/kotlin/all-platforms/kotlin_java_static_fields/test.expected
M java/ql/integration-tests/kotlin/all-platforms/kotlin_kfunction/app/build.gradle
M java/ql/integration-tests/kotlin/all-platforms/nullability-annotations/test.expected
M java/ql/integration-tests/kotlin/posix/module_mangled_names/test.expected
M java/ql/lib/CHANGELOG.md
A java/ql/lib/change-notes/2026-02-04-renames.md
M java/ql/lib/change-notes/released/4.1.0.md
M java/ql/lib/change-notes/released/7.2.0.md
M java/ql/lib/change-notes/released/7.5.0.md
A java/ql/lib/change-notes/released/8.0.0.md
M java/ql/lib/codeql-pack.release.yml
M java/ql/lib/ext/java.util.model.yml
M java/ql/lib/ext/org.apache.commons.collections4.map.model.yml
M java/ql/lib/ext/org.apache.commons.collections4.model.yml
M java/ql/lib/ext/org.apache.commons.collections4.set.model.yml
M java/ql/lib/ext/org.springframework.web.util.model.yml
A java/ql/lib/printCfg.ql
M java/ql/lib/qlpack.yml
M java/ql/lib/semmle/code/java/Concurrency.qll
M java/ql/lib/semmle/code/java/ConflictingAccess.qll
M java/ql/lib/semmle/code/java/Constants.qll
M java/ql/lib/semmle/code/java/ControlFlowGraph.qll
M java/ql/lib/semmle/code/java/Conversions.qll
M java/ql/lib/semmle/code/java/Expr.qll
M java/ql/lib/semmle/code/java/Member.qll
M java/ql/lib/semmle/code/java/PrettyPrintAst.qll
M java/ql/lib/semmle/code/java/Statement.qll
M java/ql/lib/semmle/code/java/arithmetic/Overflow.qll
M java/ql/lib/semmle/code/java/comparison/Comparison.qll
M java/ql/lib/semmle/code/java/controlflow/Guards.qll
M java/ql/lib/semmle/code/java/controlflow/UnreachableBlocks.qll
M java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll
M java/ql/lib/semmle/code/java/dataflow/FlowSummary.qll
M java/ql/lib/semmle/code/java/dataflow/NullGuards.qll
M java/ql/lib/semmle/code/java/dataflow/Nullness.qll
M java/ql/lib/semmle/code/java/dataflow/RangeAnalysis.qll
M java/ql/lib/semmle/code/java/dataflow/TypeFlow.qll
M java/ql/lib/semmle/code/java/dataflow/internal/BaseSSA.qll
M java/ql/lib/semmle/code/java/dataflow/internal/DataFlowDispatch.qll
M java/ql/lib/semmle/code/java/dataflow/internal/DataFlowNodes.qll
M java/ql/lib/semmle/code/java/dataflow/internal/DataFlowUtil.qll
M java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll
M java/ql/lib/semmle/code/java/dataflow/internal/SsaImpl.qll
M java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/SignAnalysisSpecific.qll
M java/ql/lib/semmle/code/java/deadcode/DeadEnumConstant.qll
M java/ql/lib/semmle/code/java/dispatch/DispatchFlow.qll
M java/ql/lib/semmle/code/java/dispatch/ObjFlow.qll
M java/ql/lib/semmle/code/java/dispatch/WrappedInvocation.qll
M java/ql/lib/semmle/code/java/frameworks/JaxWS.qll
M java/ql/lib/semmle/code/java/frameworks/Mockito.qll
M java/ql/lib/semmle/code/java/frameworks/MyBatis.qll
M java/ql/lib/semmle/code/java/frameworks/ThreadLocal.qll
M java/ql/lib/semmle/code/java/frameworks/android/AsyncTask.qll
M java/ql/lib/semmle/code/java/frameworks/android/Compose.qll
M java/ql/lib/semmle/code/java/frameworks/android/Intent.qll
M java/ql/lib/semmle/code/java/frameworks/javaee/ejb/EJBRestrictions.qll
M java/ql/lib/semmle/code/java/frameworks/spring/SpringHttp.qll
M java/ql/lib/semmle/code/java/frameworks/stapler/Stapler.qll
M java/ql/lib/semmle/code/java/frameworks/struts/StrutsActions.qll
M java/ql/lib/semmle/code/java/frameworks/struts/StrutsConventions.qll
M java/ql/lib/semmle/code/java/security/ArithmeticCommon.qll
M java/ql/lib/semmle/code/java/security/FragmentInjection.qll
M java/ql/lib/semmle/code/java/security/InsecureRandomnessQuery.qll
M java/ql/lib/semmle/code/java/security/StaticInitializationVectorQuery.qll
M java/ql/lib/semmle/code/java/security/UnsafeDeserializationQuery.qll
M java/ql/lib/semmle/code/java/security/UnsafeHostnameVerificationQuery.qll
M java/ql/lib/semmle/code/java/security/internal/ArraySizing.qll
M java/ql/src/Advisory/Declarations/NonFinalImmutableField.ql
M java/ql/src/CHANGELOG.md
M java/ql/src/Language Abuse/IterableClass.qll
M java/ql/src/Language Abuse/IterableIterator.ql
M java/ql/src/Likely Bugs/Arithmetic/CondExprTypes.ql
M java/ql/src/Likely Bugs/Collections/IteratorRemoveMayFail.ql
M java/ql/src/Likely Bugs/Collections/ReadOnlyContainer.ql
M java/ql/src/Likely Bugs/Comparison/DefineEqualsWhenAddingFields.ql
M java/ql/src/Likely Bugs/Comparison/Equality.qll
M java/ql/src/Likely Bugs/Comparison/MissingInstanceofInEquals.ql
M java/ql/src/Likely Bugs/Comparison/StringComparison.ql
M java/ql/src/Likely Bugs/Comparison/UselessComparisonTest.ql
M java/ql/src/Likely Bugs/Concurrency/NonSynchronizedOverride.ql
M java/ql/src/Likely Bugs/Concurrency/UnreleasedLock.qhelp
M java/ql/src/Likely Bugs/Serialization/NonSerializableInnerClass.ql
M java/ql/src/Likely Bugs/Statements/Chaining.qll
M java/ql/src/Likely Bugs/Statements/ImpossibleCast.ql
M java/ql/src/Likely Bugs/Termination/SpinOnField.ql
M java/ql/src/Metrics/Summaries/GeneratedVsManualCoverageQuery.qll
M java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.ql
M java/ql/src/Security/CWE/CWE-367/TOCTOURace.ql
M java/ql/src/Security/CWE/CWE-835/InfiniteLoop.ql
M java/ql/src/Violations of Best Practice/Boolean Logic/SimplifyBoolExpr.ql
M java/ql/src/Violations of Best Practice/Boxed Types/BoxedVariable.ql
M java/ql/src/Violations of Best Practice/Dead Code/DeadStoreOfLocal.ql
M java/ql/src/Violations of Best Practice/Dead Code/NonAssignedFields.ql
M java/ql/src/Violations of Best Practice/Implementation Hiding/ExposeRepresentation.ql
M java/ql/src/Violations of Best Practice/Implementation Hiding/StaticArray.ql
M java/ql/src/Violations of Best Practice/Naming Conventions/ConfusingOverloading.ql
M java/ql/src/Violations of Best Practice/Naming Conventions/Shadowing.qll
M java/ql/src/Violations of Best Practice/legacy/AutoBoxing.ql
A java/ql/src/change-notes/released/1.10.6.md
M java/ql/src/codeql-pack.release.yml
M java/ql/src/experimental/Security/CWE/CWE-094/SpringViewManipulationLib.qll
M java/ql/src/experimental/Security/CWE/CWE-295/JxBrowserWithoutCertValidation.ql
M java/ql/src/qlpack.yml
M java/ql/src/utils/modelgenerator/internal/CaptureModels.qll
M java/ql/test-kotlin1/library-tests/data-classes/PrintAst.expected
M java/ql/test-kotlin1/library-tests/exprs/unaryOp.ql
M java/ql/test-kotlin1/library-tests/methods/exprs.expected
M java/ql/test-kotlin1/library-tests/ministdlib/MiniStdLib.kt
M java/ql/test-kotlin1/library-tests/ministdlib/classes.expected
M java/ql/test-kotlin2/library-tests/annotation_classes/PrintAst.expected
M java/ql/test-kotlin2/library-tests/annotation_classes/classes.expected
M java/ql/test-kotlin2/library-tests/annotations/jvmName/test.expected
M java/ql/test-kotlin2/library-tests/classes/ctorCalls.expected
M java/ql/test-kotlin2/library-tests/classes/genericExprTypes.expected
M java/ql/test-kotlin2/library-tests/comments/comments.expected
M java/ql/test-kotlin2/library-tests/companion_objects/method_accesses.expected
M java/ql/test-kotlin2/library-tests/data-classes/PrintAst.expected
M java/ql/test-kotlin2/library-tests/data-classes/callees.expected
M java/ql/test-kotlin2/library-tests/exprs/PrintAst.expected
M java/ql/test-kotlin2/library-tests/exprs/exprs.expected
M java/ql/test-kotlin2/library-tests/exprs/funcExprs.expected
M java/ql/test-kotlin2/library-tests/exprs/unaryOp.expected
M java/ql/test-kotlin2/library-tests/exprs/unaryOp.ql
M java/ql/test-kotlin2/library-tests/generic-instance-methods/test.expected
M java/ql/test-kotlin2/library-tests/generic-selective-extraction/test.expected
M java/ql/test-kotlin2/library-tests/inherited-default-value/test.expected
M java/ql/test-kotlin2/library-tests/interface-delegate/test.expected
M java/ql/test-kotlin2/library-tests/internal-constructor-called-from-java/test.expected
M java/ql/test-kotlin2/library-tests/internal-public-alias/test.expected
M java/ql/test-kotlin2/library-tests/java_and_kotlin/test.expected
M java/ql/test-kotlin2/library-tests/java_and_kotlin_internal/visibility.expected
M java/ql/test-kotlin2/library-tests/jvmoverloads-annotation/PrintAst.expected
M java/ql/test-kotlin2/library-tests/jvmoverloads-annotation/test.expected
M java/ql/test-kotlin2/library-tests/jvmoverloads_flow/test.expected
M java/ql/test-kotlin2/library-tests/jvmoverloads_generics/test.expected
M java/ql/test-kotlin2/library-tests/jvmstatic-annotation/test.expected
M java/ql/test-kotlin2/library-tests/lateinit/test.expected
M java/ql/test-kotlin2/library-tests/methods-mixed-java-and-kotlin/test.expected
M java/ql/test-kotlin2/library-tests/methods/exprs.expected
M java/ql/test-kotlin2/library-tests/methods/methods.expected
M java/ql/test-kotlin2/library-tests/methods/parameters.expected
M java/ql/test-kotlin2/library-tests/modifiers/modifiers.expected
M java/ql/test-kotlin2/library-tests/parameter-defaults/defaults.expected
M java/ql/test-kotlin2/library-tests/private-anonymous-types/test.expected
M java/ql/test-kotlin2/library-tests/properties/properties.expected
M java/ql/test-kotlin2/library-tests/stmts/PrintAst.expected
M java/ql/test-kotlin2/library-tests/stmts/stmts.expected
M java/ql/test-kotlin2/library-tests/vararg/args.expected
M java/ql/test/experimental/query-tests/security/CWE-601/SpringUrlRedirect.expected
M java/ql/test/library-tests/dataflow/capture/inlinetest.expected
M java/ql/test/library-tests/dataflow/collections/containerflow.expected
M java/ql/test/library-tests/frameworks/android/taint-database/flowSteps.ql
M java/ql/test/library-tests/frameworks/apache-collections/Test.java
M java/ql/test/library-tests/frameworks/apache-collections/test.expected
M java/ql/test/library-tests/frameworks/apache-commons-lang3/flow.expected
M java/ql/test/library-tests/frameworks/json-java/test.expected
M java/ql/test/library-tests/frameworks/netty/generated/test.expected
M java/ql/test/library-tests/frameworks/spring/beans/test.expected
M java/ql/test/library-tests/frameworks/spring/http/flow.expected
M java/ql/test/library-tests/frameworks/spring/util/test.expected
M java/ql/test/library-tests/frameworks/spring/webutil/test.expected
M java/ql/test/library-tests/locations/NegativeLiteralLocation.ql
M java/ql/test/library-tests/optional/test.expected
M java/ql/test/library-tests/scanner/test.expected
M java/ql/test/query-tests/UnreleasedLock/UnreleasedLock.java
M java/ql/test/query-tests/lgtm-example-queries/returnstatement.ql
M javascript/ql/lib/CHANGELOG.md
A javascript/ql/lib/change-notes/released/2.6.21.md
M javascript/ql/lib/codeql-pack.release.yml
M javascript/ql/lib/qlpack.yml
M javascript/ql/lib/semmle/javascript/dataflow/FlowSummary.qll
M javascript/ql/lib/semmle/javascript/dataflow/internal/BarrierGuards.qll
M javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowArg.qll
M javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/SummaryTypeTracker.qll
M javascript/ql/lib/semmle/javascript/frameworks/AsyncPackage.qll
M javascript/ql/lib/semmle/javascript/frameworks/Credentials.qll
M javascript/ql/lib/semmle/javascript/frameworks/LodashUnderscore.qll
M javascript/ql/lib/semmle/javascript/frameworks/NoSQL.qll
M javascript/ql/lib/semmle/javascript/frameworks/NodeJSLib.model.yml
M javascript/ql/lib/semmle/javascript/frameworks/SQL.qll
M javascript/ql/lib/semmle/javascript/frameworks/UriLibraries.qll
M javascript/ql/lib/semmle/javascript/frameworks/data/ModelsAsData.qll
M javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModels.qll
M javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModelsExtensions.qll
M javascript/ql/lib/semmle/javascript/frameworks/data/internal/empty.model.yml
M javascript/ql/lib/semmle/javascript/internal/flow_summaries/AmbiguousCoreMethods.qll
M javascript/ql/lib/semmle/javascript/internal/flow_summaries/Arrays.qll
M javascript/ql/lib/semmle/javascript/internal/flow_summaries/Decoders.qll
M javascript/ql/lib/semmle/javascript/internal/flow_summaries/ExceptionFlow.qll
M javascript/ql/lib/semmle/javascript/internal/flow_summaries/FlowSummaryUtil.qll
M javascript/ql/lib/semmle/javascript/internal/flow_summaries/Iterators.qll
M javascript/ql/lib/semmle/javascript/internal/flow_summaries/JsonStringify.qll
M javascript/ql/lib/semmle/javascript/internal/flow_summaries/Maps.qll
M javascript/ql/lib/semmle/javascript/internal/flow_summaries/Promises.qll
M javascript/ql/lib/semmle/javascript/internal/flow_summaries/Sets.qll
M javascript/ql/lib/semmle/javascript/internal/flow_summaries/Strings.qll
M javascript/ql/lib/semmle/javascript/internal/flow_summaries/TypedArrays.qll
M javascript/ql/lib/semmle/javascript/internal/flow_summaries/UrlSearchParams.qll
M javascript/ql/lib/semmle/javascript/security/CorsPermissiveConfigurationCustomizations.qll
M javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirectCustomizations.qll
M javascript/ql/lib/semmle/javascript/security/dataflow/CodeInjectionCustomizations.qll
M javascript/ql/lib/semmle/javascript/security/dataflow/CommandInjectionCustomizations.qll
M javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssCustomizations.qll
M javascript/ql/lib/semmle/javascript/security/dataflow/IncompleteHtmlAttributeSanitizationCustomizations.qll
M javascript/ql/lib/semmle/javascript/security/dataflow/LogInjectionQuery.qll
M javascript/ql/lib/semmle/javascript/security/dataflow/ReflectedXssCustomizations.qll
M javascript/ql/lib/semmle/javascript/security/dataflow/RequestForgeryCustomizations.qll
M javascript/ql/lib/semmle/javascript/security/dataflow/ServerSideUrlRedirectCustomizations.qll
M javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll
M javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDeserializationCustomizations.qll
M javascript/ql/lib/utils/test/InlineSummaries.qll
M javascript/ql/src/CHANGELOG.md
A javascript/ql/src/change-notes/released/2.3.1.md
M javascript/ql/src/codeql-pack.release.yml
M javascript/ql/src/qlpack.yml
M javascript/ql/test/library-tests/frameworks/data/test.ql
R misc/bazel/registry/modules/rules_kotlin/2.1.3-codeql.1/MODULE.bazel
R misc/bazel/registry/modules/rules_kotlin/2.1.3-codeql.1/patches/codeql_add_language_version_option.patch
R misc/bazel/registry/modules/rules_kotlin/2.1.3-codeql.1/patches/codeql_do_not_emit_jdeps.patch
R misc/bazel/registry/modules/rules_kotlin/2.1.3-codeql.1/source.json
A misc/bazel/registry/modules/rules_kotlin/2.2.0-codeql.1/MODULE.bazel
A misc/bazel/registry/modules/rules_kotlin/2.2.0-codeql.1/patches/codeql_add_language_version_option.patch
A misc/bazel/registry/modules/rules_kotlin/2.2.0-codeql.1/patches/codeql_do_not_emit_jdeps.patch
A misc/bazel/registry/modules/rules_kotlin/2.2.0-codeql.1/source.json
M misc/bazel/registry/modules/rules_kotlin/metadata.json
M misc/suite-helpers/CHANGELOG.md
A misc/suite-helpers/change-notes/released/1.0.41.md
M misc/suite-helpers/codeql-pack.release.yml
M misc/suite-helpers/qlpack.yml
M python/extractor/semmle/util.py
M python/extractor/tests/parser/strings.py
M python/extractor/tests/parser/template_strings_new.expected
M python/extractor/tests/parser/template_strings_new.py
M python/extractor/tsg-python/tsp/grammar.js
M python/extractor/tsg-python/tsp/src/grammar.json
M python/extractor/tsg-python/tsp/src/node-types.json
M python/extractor/tsg-python/tsp/src/parser.c
M python/extractor/tsg-python/tsp/src/tree_sitter/array.h
M python/extractor/tsg-python/tsp/src/tree_sitter/parser.h
M python/ql/integration-tests/query-suite/not_included_in_qls.expected
M python/ql/lib/CHANGELOG.md
R python/ql/lib/change-notes/2026-01-20-support-ListElement-in-python-MaD.md
A python/ql/lib/change-notes/2026-02-05-fix-format-fill-character-misparse.md
M python/ql/lib/change-notes/released/6.0.0.md
A python/ql/lib/change-notes/released/6.1.0.md
M python/ql/lib/codeql-pack.release.yml
M python/ql/lib/qlpack.yml
M python/ql/lib/semmle/python/Concepts.qll
M python/ql/lib/semmle/python/Frameworks.qll
M python/ql/lib/semmle/python/dataflow/new/FlowSummary.qll
M python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPublic.qll
M python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImpl.qll
M python/ql/lib/semmle/python/dataflow/new/internal/TypeTrackingImpl.qll
A python/ql/lib/semmle/python/frameworks/Django.model.yml
M python/ql/lib/semmle/python/frameworks/Django.qll
M python/ql/lib/semmle/python/frameworks/Flask.qll
M python/ql/lib/semmle/python/frameworks/Stdlib.qll
A python/ql/lib/semmle/python/frameworks/Websockets.qll
A python/ql/lib/semmle/python/frameworks/agent.model.yml
M python/ql/lib/semmle/python/frameworks/data/ModelsAsData.qll
M python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModels.qll
M python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModelsExtensions.qll
M python/ql/lib/semmle/python/frameworks/data/internal/empty.model.yml
A python/ql/lib/semmle/python/frameworks/openai.model.yml
M python/ql/lib/semmle/python/security/dataflow/CodeInjectionCustomizations.qll
M python/ql/lib/semmle/python/security/dataflow/CommandInjectionCustomizations.qll
M python/ql/lib/semmle/python/security/dataflow/LogInjectionCustomizations.qll
M python/ql/lib/semmle/python/security/dataflow/PathInjectionCustomizations.qll
M python/ql/lib/semmle/python/security/dataflow/ReflectedXSSCustomizations.qll
M python/ql/lib/semmle/python/security/dataflow/SqlInjectionCustomizations.qll
M python/ql/lib/semmle/python/security/dataflow/UnsafeDeserializationCustomizations.qll
M python/ql/lib/semmle/python/security/dataflow/UrlRedirectCustomizations.qll
A python/ql/lib/utils/test/PrettyPrintModels.ql
M python/ql/src/CHANGELOG.md
M python/ql/src/Security/CWE-798/HardcodedCredentials.ql
A python/ql/src/change-notes/released/1.7.6.md
M python/ql/src/codeql-pack.release.yml
A python/ql/src/experimental/Security/CWE-1427/PromptInjection.qhelp
A python/ql/src/experimental/Security/CWE-1427/PromptInjection.ql
A python/ql/src/experimental/Security/CWE-1427/examples/example.py
M python/ql/src/experimental/semmle/python/Concepts.qll
M python/ql/src/experimental/semmle/python/Frameworks.qll
A python/ql/src/experimental/semmle/python/frameworks/OpenAI.qll
A python/ql/src/experimental/semmle/python/security/dataflow/PromptInjectionCustomizations.qll
A python/ql/src/experimental/semmle/python/security/dataflow/PromptInjectionQuery.qll
M python/ql/src/qlpack.yml
M python/ql/test/experimental/meta/MaDTest.qll
M python/ql/test/experimental/query-tests/Security/CWE-022-UnsafeUnpacking/UnsafeUnpack.expected
M python/ql/test/experimental/query-tests/Security/CWE-022-UnsafeUnpacking/UnsafeUnpack.qlref
A python/ql/test/experimental/query-tests/Security/CWE-1427-PromptInjection/PromptInjection.expected
A python/ql/test/experimental/query-tests/Security/CWE-1427-PromptInjection/PromptInjection.qlref
A python/ql/test/experimental/query-tests/Security/CWE-1427-PromptInjection/agent_instructions.py
A python/ql/test/experimental/query-tests/Security/CWE-1427-PromptInjection/openai_test.py
M python/ql/test/experimental/query-tests/Security/CWE-409/DecompressionBombs.expected
M python/ql/test/experimental/query-tests/Security/CWE-409/DecompressionBombs.qlref
M python/ql/test/library-tests/dataflow/summaries/TestSummaries.qll
M python/ql/test/library-tests/dataflow/typetracking-summaries/TestSummaries.qll
M python/ql/test/library-tests/frameworks/data/test.ql
A python/ql/test/library-tests/frameworks/websockets/ConceptsTest.expected
A python/ql/test/library-tests/frameworks/websockets/ConceptsTest.ql
A python/ql/test/library-tests/frameworks/websockets/InlineTaintTest.expected
A python/ql/test/library-tests/frameworks/websockets/InlineTaintTest.ql
A python/ql/test/library-tests/frameworks/websockets/response_test.py
A python/ql/test/library-tests/frameworks/websockets/taint_test_asyncio.py
A python/ql/test/library-tests/frameworks/websockets/taint_test_sync.py
M python/ql/test/query-tests/Security/CWE-089-SqlInjection-local-threat-model/SqlInjection.expected
M python/ql/test/query-tests/Security/CWE-089-SqlInjection-local-threat-model/SqlInjection.qlref
M python/ql/test/query-tests/Security/CWE-113-HeaderInjection/Tests1/HeaderInjection.expected
M python/ql/test/query-tests/Security/CWE-113-HeaderInjection/Tests1/HeaderInjection.qlref
M ruby/ql/docs/flow_summaries.md
M ruby/ql/lib/CHANGELOG.md
A ruby/ql/lib/change-notes/released/5.1.9.md
M ruby/ql/lib/codeql-pack.release.yml
M ruby/ql/lib/codeql/ruby/dataflow/FlowSummary.qll
M ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowDispatch.qll
M ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPublic.qll
M ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImpl.qll
M ruby/ql/lib/codeql/ruby/dataflow/internal/SsaImpl.qll
M ruby/ql/lib/codeql/ruby/frameworks/ActionController.qll
M ruby/ql/lib/codeql/ruby/frameworks/ActiveSupport.qll
M ruby/ql/lib/codeql/ruby/frameworks/Arel.qll
M ruby/ql/lib/codeql/ruby/frameworks/Core.qll
M ruby/ql/lib/codeql/ruby/frameworks/Erb.qll
M ruby/ql/lib/codeql/ruby/frameworks/Files.qll
M ruby/ql/lib/codeql/ruby/frameworks/Ldap.qll
M ruby/ql/lib/codeql/ruby/frameworks/Mysql2.qll
M ruby/ql/lib/codeql/ruby/frameworks/Pg.qll
M ruby/ql/lib/codeql/ruby/frameworks/Rails.qll
M ruby/ql/lib/codeql/ruby/frameworks/Sequel.qll
M ruby/ql/lib/codeql/ruby/frameworks/Sinatra.qll
M ruby/ql/lib/codeql/ruby/frameworks/Sqlite3.qll
M ruby/ql/lib/codeql/ruby/frameworks/Translation.qll
M ruby/ql/lib/codeql/ruby/frameworks/core/Array.qll
M ruby/ql/lib/codeql/ruby/frameworks/core/Base64.qll
M ruby/ql/lib/codeql/ruby/frameworks/core/Hash.qll
M ruby/ql/lib/codeql/ruby/frameworks/core/Kernel.qll
M ruby/ql/lib/codeql/ruby/frameworks/core/Object.qll
M ruby/ql/lib/codeql/ruby/frameworks/core/String.qll
M ruby/ql/lib/codeql/ruby/frameworks/data/ModelsAsData.qll
M ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModels.qll
M ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModelsExtensions.qll
M ruby/ql/lib/codeql/ruby/frameworks/data/internal/empty.model.yml
M ruby/ql/lib/codeql/ruby/frameworks/rack/internal/Utils.qll
A ruby/ql/lib/codeql/ruby/frameworks/regexp/model.yml
M ruby/ql/lib/codeql/ruby/security/CodeInjectionCustomizations.qll
M ruby/ql/lib/codeql/ruby/security/CommandInjectionCustomizations.qll
M ruby/ql/lib/codeql/ruby/security/LogInjectionQuery.qll
M ruby/ql/lib/codeql/ruby/security/PathInjectionCustomizations.qll
M ruby/ql/lib/codeql/ruby/security/ServerSideRequestForgeryCustomizations.qll
M ruby/ql/lib/codeql/ruby/security/SqlInjectionCustomizations.qll
M ruby/ql/lib/codeql/ruby/security/UrlRedirectCustomizations.qll
M ruby/ql/lib/codeql/ruby/security/regexp/RegExpInjectionCustomizations.qll
M ruby/ql/lib/codeql/ruby/typetracking/internal/TypeTrackingImpl.qll
M ruby/ql/lib/qlpack.yml
M ruby/ql/src/CHANGELOG.md
A ruby/ql/src/change-notes/released/1.5.6.md
M ruby/ql/src/codeql-pack.release.yml
M ruby/ql/src/qlpack.yml
M ruby/ql/test/library-tests/dataflow/flow-summaries/semantics.ql
M ruby/ql/test/library-tests/dataflow/regressions/Regressions.ql
M ruby/ql/test/library-tests/dataflow/summaries/Summaries.ql
M rust/ql/lib/CHANGELOG.md
R rust/ql/lib/change-notes/2026-01-16-type-inference-closures.md
M rust/ql/lib/change-notes/released/0.2.4.md
A rust/ql/lib/change-notes/released/0.2.5.md
M rust/ql/lib/codeql-pack.release.yml
M rust/ql/lib/codeql/rust/dataflow/FlowSummary.qll
M rust/ql/lib/codeql/rust/dataflow/internal/FlowSummaryImpl.qll
M rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll
M rust/ql/lib/codeql/rust/frameworks/stdlib/Stdlib.qll
M rust/ql/lib/codeql/rust/frameworks/stdlib/core.model.yml
M rust/ql/lib/codeql/rust/frameworks/stdlib/ffi.model.yml
M rust/ql/lib/codeql/rust/frameworks/stdlib/fs.model.yml
M rust/ql/lib/codeql/rust/frameworks/stdlib/io.model.yml
M rust/ql/lib/codeql/rust/internal/PathResolution.qll
M rust/ql/lib/codeql/rust/internal/typeinference/BlanketImplementation.qll
M rust/ql/lib/codeql/rust/internal/typeinference/DerefChain.qll
M rust/ql/lib/codeql/rust/internal/typeinference/FunctionOverloading.qll
M rust/ql/lib/codeql/rust/internal/typeinference/FunctionType.qll
M rust/ql/lib/codeql/rust/internal/typeinference/Type.qll
M rust/ql/lib/codeql/rust/internal/typeinference/TypeInference.qll
M rust/ql/lib/codeql/rust/internal/typeinference/TypeInferenceConsistency.qll
M rust/ql/lib/codeql/rust/internal/typeinference/TypeMention.qll
M rust/ql/lib/qlpack.yml
M rust/ql/src/CHANGELOG.md
A rust/ql/src/change-notes/released/0.1.26.md
M rust/ql/src/codeql-pack.release.yml
M rust/ql/src/qlpack.yml
M rust/ql/test/library-tests/dataflow/local/inline-flow.expected
M rust/ql/test/library-tests/dataflow/modeled/inline-flow.expected
M rust/ql/test/library-tests/dataflow/models/models.ql
M rust/ql/test/library-tests/dataflow/sources/env/InlineFlow.expected
M rust/ql/test/library-tests/dataflow/sources/file/InlineFlow.expected
M rust/ql/test/library-tests/dataflow/sources/stdin/InlineFlow.expected
M rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.expected
M rust/ql/test/library-tests/dataflow/taint/inline-taint-flow.expected
M rust/ql/test/library-tests/path-resolution/CONSISTENCY/PathResolutionConsistency.expected
M rust/ql/test/library-tests/path-resolution/main.rs
M rust/ql/test/library-tests/path-resolution/path-resolution.expected
M rust/ql/test/library-tests/type-inference/CONSISTENCY/PathResolutionConsistency.expected
A rust/ql/test/library-tests/type-inference/CONSISTENCY/TypeInferenceConsistency.expected
M rust/ql/test/library-tests/type-inference/associated_types.rs
M rust/ql/test/library-tests/type-inference/main.rs
M rust/ql/test/library-tests/type-inference/type-inference.expected
M rust/ql/test/query-tests/security/CWE-022/TaintedPath.expected
M rust/ql/test/query-tests/security/CWE-295/DisabledCertificateCheck.expected
M rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected
M rust/ql/test/query-tests/security/CWE-798/HardcodedCryptographicValue.expected
M shared/concepts/CHANGELOG.md
A shared/concepts/change-notes/released/0.0.15.md
M shared/concepts/codeql-pack.release.yml
M shared/concepts/qlpack.yml
M shared/controlflow/CHANGELOG.md
A shared/controlflow/change-notes/released/2.0.25.md
M shared/controlflow/codeql-pack.release.yml
M shared/controlflow/codeql/controlflow/Cfg.qll
A shared/controlflow/codeql/controlflow/PrintGraph.qll
M shared/controlflow/qlpack.yml
M shared/dataflow/CHANGELOG.md
A shared/dataflow/change-notes/released/2.0.25.md
M shared/dataflow/codeql-pack.release.yml
M shared/dataflow/codeql/dataflow/internal/FlowSummaryImpl.qll
M shared/dataflow/codeql/dataflow/test/ProvenancePathGraph.qll
M shared/dataflow/qlpack.yml
M shared/mad/CHANGELOG.md
A shared/mad/change-notes/released/1.0.41.md
M shared/mad/codeql-pack.release.yml
M shared/mad/codeql/mad/ModelValidation.qll
M shared/mad/qlpack.yml
M shared/quantum/CHANGELOG.md
A shared/quantum/change-notes/released/0.0.19.md
M shared/quantum/codeql-pack.release.yml
M shared/quantum/qlpack.yml
M shared/rangeanalysis/CHANGELOG.md
A shared/rangeanalysis/change-notes/released/1.0.41.md
M shared/rangeanalysis/codeql-pack.release.yml
M shared/rangeanalysis/qlpack.yml
M shared/regex/CHANGELOG.md
A shared/regex/change-notes/released/1.0.41.md
M shared/regex/codeql-pack.release.yml
M shared/regex/qlpack.yml
M shared/ssa/CHANGELOG.md
A shared/ssa/change-notes/released/2.0.17.md
M shared/ssa/codeql-pack.release.yml
M shared/ssa/qlpack.yml
M shared/threat-models/CHANGELOG.md
A shared/threat-models/change-notes/released/1.0.41.md
M shared/threat-models/codeql-pack.release.yml
M shared/threat-models/qlpack.yml
M shared/tutorial/CHANGELOG.md
A shared/tutorial/change-notes/released/1.0.41.md
M shared/tutorial/codeql-pack.release.yml
M shared/tutorial/qlpack.yml
M shared/typeflow/CHANGELOG.md
A shared/typeflow/change-notes/released/1.0.41.md
M shared/typeflow/codeql-pack.release.yml
M shared/typeflow/qlpack.yml
M shared/typeinference/CHANGELOG.md
A shared/typeinference/change-notes/released/0.0.22.md
M shared/typeinference/codeql-pack.release.yml
M shared/typeinference/codeql/typeinference/internal/TypeInference.qll
M shared/typeinference/qlpack.yml
M shared/typetracking/CHANGELOG.md
A shared/typetracking/change-notes/released/2.0.25.md
M shared/typetracking/codeql-pack.release.yml
M shared/typetracking/qlpack.yml
M shared/typos/CHANGELOG.md
A shared/typos/change-notes/released/1.0.41.md
M shared/typos/codeql-pack.release.yml
M shared/typos/qlpack.yml
M shared/util/CHANGELOG.md
A shared/util/change-notes/released/2.0.28.md
M shared/util/codeql-pack.release.yml
M shared/util/qlpack.yml
M shared/xml/CHANGELOG.md
A shared/xml/change-notes/released/1.0.41.md
M shared/xml/codeql-pack.release.yml
M shared/xml/qlpack.yml
M shared/yaml/CHANGELOG.md
A shared/yaml/change-notes/released/1.0.41.md
M shared/yaml/codeql-pack.release.yml
M shared/yaml/qlpack.yml
M swift/ql/lib/CHANGELOG.md
A swift/ql/lib/change-notes/released/6.2.1.md
M swift/ql/lib/codeql-pack.release.yml
M swift/ql/lib/codeql/swift/dataflow/ExternalFlow.qll
M swift/ql/lib/codeql/swift/dataflow/FlowSummary.qll
M swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImpl.qll
M swift/ql/lib/qlpack.yml
M swift/ql/src/CHANGELOG.md
A swift/ql/src/change-notes/released/1.2.15.md
M swift/ql/src/codeql-pack.release.yml
M swift/ql/src/qlpack.yml
Log Message:
-----------
Merge branch 'main' into neutralmodels
Commit: 05a487ec3bae0bbcadd9019eb546760619a0988e
https://github.com/krishnprakash/codeql/commit/05a487ec3bae0bbcadd9019eb546760619a0988e
Author: Geoffrey White <40627776...@users.noreply.github.com>
Date: 2026-02-05 (Thu, 05 Feb 2026)
Changed paths:
M rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll
Log Message:
-----------
Rust: Repair following merge.
Commit: 08174d7ec9d0067430c57c9ca2754f6cbbd1ff98
https://github.com/krishnprakash/codeql/commit/08174d7ec9d0067430c57c9ca2754f6cbbd1ff98
Author: Geoffrey White <40627776...@users.noreply.github.com>
Date: 2026-02-06 (Fri, 06 Feb 2026)
Changed paths:
M rust/ql/lib/codeql/files/FileSystem.qll
A rust/ql/test/library-tests/dataflow/models/external_file.rs
M rust/ql/test/library-tests/dataflow/models/main.rs
M rust/ql/test/library-tests/dataflow/models/models.expected
M rust/ql/test/library-tests/dataflow/models/models.ext.yml
Log Message:
-----------
Rust: Add test cases for summaries as well.
Commit: a5aeadd31d9e0628866c96bd55e0aa78af40819c
https://github.com/krishnprakash/codeql/commit/a5aeadd31d9e0628866c96bd55e0aa78af40819c
Author: Geoffrey White <40627776...@users.noreply.github.com>
Date: 2026-02-06 (Fri, 06 Feb 2026)
Changed paths:
M rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll
M rust/ql/test/library-tests/dataflow/models/main.rs
M rust/ql/test/library-tests/dataflow/models/models.expected
Log Message:
-----------
Rust: Fix for neutral summaries.
Commit: 6b7f3392877b58f6c3fa3c6cbe17a0feab287ac2
https://github.com/krishnprakash/codeql/commit/6b7f3392877b58f6c3fa3c6cbe17a0feab287ac2
Author: Geoffrey White <40627776...@users.noreply.github.com>
Date: 2026-02-23 (Mon, 23 Feb 2026)
Changed paths:
M rust/ql/lib/codeql/rust/dataflow/internal/FlowSummaryImpl.qll
M rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll
Log Message:
-----------
Rust: Define neutralElement in the shared data flow input.
Commit: e9511560b7d25c3cf892ad84e0975f2d44cf38dc
https://github.com/krishnprakash/codeql/commit/e9511560b7d25c3cf892ad84e0975f2d44cf38dc
Author: Geoffrey White <40627776...@users.noreply.github.com>
Date: 2026-02-23 (Mon, 23 Feb 2026)
Changed paths:
M rust/ql/lib/codeql/files/FileSystem.qll
Log Message:
-----------
Rust: Autoformat.
Commit: 8488039fb9dc8de56a60b56e56b672a540f67963
https://github.com/krishnprakash/codeql/commit/8488039fb9dc8de56a60b56e56b672a540f67963
Author: yoff <yo...@github.com>
Date: 2026-02-24 (Tue, 24 Feb 2026)
Changed paths:
M python/ql/test/library-tests/dataflow/tainttracking/customSanitizer/test_logical.py
Log Message:
-----------
python: add tests for guards compared to booleans
Commit: 7351e82c9221d33c29e2eb609f422ff6d5f2e75b
https://github.com/krishnprakash/codeql/commit/7351e82c9221d33c29e2eb609f422ff6d5f2e75b
Author: yoff <yo...@github.com>
Date: 2026-02-24 (Tue, 24 Feb 2026)
Changed paths:
M python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPublic.qll
M python/ql/test/library-tests/dataflow/tainttracking/customSanitizer/InlineTaintTest.expected
M python/ql/test/library-tests/dataflow/tainttracking/customSanitizer/test_logical.py
Log Message:
-----------
python: handle guards compared to boolean literals
Commit: 7df44f9418489c0ac38af957466590b48beac32c
https://github.com/krishnprakash/codeql/commit/7df44f9418489c0ac38af957466590b48beac32c
Author: yoff <yo...@github.com>
Date: 2026-02-24 (Tue, 24 Feb 2026)
Changed paths:
A python/ql/lib/change-notes/2026-02-08-guards-compared-to-boolean-literals.md
Log Message:
-----------
python: add change note
Commit: 8769059ce58c83782e9385be97617188993f0fa0
https://github.com/krishnprakash/codeql/commit/8769059ce58c83782e9385be97617188993f0fa0
Author: Geoffrey White <40627776...@users.noreply.github.com>
Date: 2026-02-24 (Tue, 24 Feb 2026)
Changed paths:
M rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll
Log Message:
-----------
Rust: Remove another call to neutralModel we don't need to make explicitly.
Commit: de9b1adf63ec15beb836f3c94a1a218f29db425a
https://github.com/krishnprakash/codeql/commit/de9b1adf63ec15beb836f3c94a1a218f29db425a
Author: Tom Hvitved <hvi...@github.com>
Date: 2026-02-25 (Wed, 25 Feb 2026)
Changed paths:
M rust/ql/lib/codeql/rust/elements/internal/InvocationExprImpl.qll
M rust/ql/lib/codeql/rust/internal/typeinference/FunctionOverloading.qll
M rust/ql/lib/codeql/rust/internal/typeinference/FunctionType.qll
M rust/ql/lib/codeql/rust/internal/typeinference/TypeInference.qll
M rust/ql/test/library-tests/type-inference/type-inference.expected
Log Message:
-----------
Rust: Unify logic in `MethodResolution`; remove `TypeQualifierIsInstantiationOfImplSelf` logic
Commit: 42e41c57d46c5fe88cfbf646fb73b16804ea9031
https://github.com/krishnprakash/codeql/commit/42e41c57d46c5fe88cfbf646fb73b16804ea9031
Author: Paolo Tranquilli <reds...@github.com>
Date: 2026-02-25 (Wed, 25 Feb 2026)
Changed paths:
M go/extractor/BUILD.bazel
Log Message:
-----------
Go: fix standalone build of the Go extractor
https://github.com/github/codeql/pull/21276 worked together with the
internal changes but broke the standalone build of the Go extractor of
this repo in isolation.
The root cause was the lack of an auto-loaded `java_library` rule
definition. This fixes it.
I also checked this doesn't happen anywhere else.
Commit: 5b5dc9c70831f1f3e19a442b45699b0691139097
https://github.com/krishnprakash/codeql/commit/5b5dc9c70831f1f3e19a442b45699b0691139097
Author: Paolo Tranquilli <reds...@github.com>
Date: 2026-02-25 (Wed, 25 Feb 2026)
Changed paths:
M swift/third_party/BUILD.binlog.bazel
R swift/third_party/BUILD.fmt.bazel
M swift/third_party/BUILD.picosha2.bazel
M swift/third_party/BUILD.swift-llvm-support.bazel
Log Message:
-----------
Bazel: load `rules_cc` explicitly
Turns out in https://github.com/github/codeql/pull/21371 I was right
about `java_*` rules not relying on autoload anywhere, but it turns out
some `cc_*` rules still relied on autoload. This autoload is currently
configured in the internal repository, but we want to remove it
eventually. This patch:
* adds explicit loads to `rules_cc`
* removes an obsolete file (that depedency has its own bazel module
since some time, we just forgot to remove the old file)
Commit: 968856ed96d6fbdc19581bc84156ec6c69e5e605
https://github.com/krishnprakash/codeql/commit/968856ed96d6fbdc19581bc84156ec6c69e5e605
Author: Paolo Tranquilli <reds...@github.com>
Date: 2026-02-25 (Wed, 25 Feb 2026)
Changed paths:
M go/extractor/BUILD.bazel
Log Message:
-----------
Merge pull request #21371 from github/redsun82/fix-local-go-builds
Go: fix standalone build of the Go extractor
Commit: 15a2575949e2be2c10a72eb07812a57221780adb
https://github.com/krishnprakash/codeql/commit/15a2575949e2be2c10a72eb07812a57221780adb
Author: Paolo Tranquilli <reds...@github.com>
Date: 2026-02-25 (Wed, 25 Feb 2026)
Changed paths:
M go/extractor/BUILD.bazel
Log Message:
-----------
Merge branch 'main' into redsun82/load-cc-explicitly
Commit: 4d0c72eafecf586b0de4bc1c7ed7f59e260e0e9e
https://github.com/krishnprakash/codeql/commit/4d0c72eafecf586b0de4bc1c7ed7f59e260e0e9e
Author: Paolo Tranquilli <reds...@github.com>
Date: 2026-02-25 (Wed, 25 Feb 2026)
Changed paths:
M swift/third_party/load.bzl
Log Message:
-----------
Bazel: add explicit `rules_shell` load
Commit: ccc318106e120aeea581a0bc7ddaf05265700256
https://github.com/krishnprakash/codeql/commit/ccc318106e120aeea581a0bc7ddaf05265700256
Author: Geoffrey White <40627776...@users.noreply.github.com>
Date: 2026-02-25 (Wed, 25 Feb 2026)
Changed paths:
A rust/ql/lib/codeql/rust/frameworks/empty.model.yml
Log Message:
-----------
Rust: Add an empty.model.yml similar to the one in CPP, to avoid errors about missing extensionals.
Commit: 4e4d0555c0ddde12660272a952ea18a4825cdf7c
https://github.com/krishnprakash/codeql/commit/4e4d0555c0ddde12660272a952ea18a4825cdf7c
Author: Paolo Tranquilli <reds...@github.com>
Date: 2026-02-25 (Wed, 25 Feb 2026)
Changed paths:
M swift/third_party/BUILD.binlog.bazel
R swift/third_party/BUILD.fmt.bazel
M swift/third_party/BUILD.picosha2.bazel
M swift/third_party/BUILD.swift-llvm-support.bazel
M swift/third_party/load.bzl
Log Message:
-----------
Merge pull request #21373 from github/redsun82/load-cc-explicitly
Bazel: load `rules_cc` and `rules_shell` explicitly
Commit: 5523b5e25f01c4bb3183d8286a2fd7194807566c
https://github.com/krishnprakash/codeql/commit/5523b5e25f01c4bb3183d8286a2fd7194807566c
Author: Geoffrey White <40627776...@users.noreply.github.com>
Date: 2026-02-25 (Wed, 25 Feb 2026)
Changed paths:
A rust/ql/lib/change-notes/2026-02-05-neutral-models.md
M rust/ql/lib/codeql/files/FileSystem.qll
M rust/ql/lib/codeql/rust/dataflow/internal/FlowSummaryImpl.qll
M rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll
A rust/ql/lib/codeql/rust/frameworks/empty.model.yml
A rust/ql/test/library-tests/dataflow/models/external_file.rs
M rust/ql/test/library-tests/dataflow/models/main.rs
M rust/ql/test/library-tests/dataflow/models/models.expected
M rust/ql/test/library-tests/dataflow/models/models.ext.yml
Log Message:
-----------
Merge pull request #21271 from geoffw0/neutralmodels
Rust: Add support for neutral models.
Commit: c4f8748a422489724260928a90e129b67acff1c2
https://github.com/krishnprakash/codeql/commit/c4f8748a422489724260928a90e129b67acff1c2
Author: yoff <yo...@github.com>
Date: 2026-02-25 (Wed, 25 Feb 2026)
Changed paths:
M python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgeryCustomizations.qll
Log Message:
-----------
Python: simplify barrier guard
Commit: 9b9c9304c7e53e1b5aa38b09a2c68baf03c1fdf1
https://github.com/krishnprakash/codeql/commit/9b9c9304c7e53e1b5aa38b09a2c68baf03c1fdf1
Author: yoff <yo...@github.com>
Date: 2026-02-25 (Wed, 25 Feb 2026)
Changed paths:
M python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPublic.qll
Log Message:
-----------
Python: simplify logic, suggested in review
Commit: cfbae5084561cd80f65233747689106f1e579be2
https://github.com/krishnprakash/codeql/commit/cfbae5084561cd80f65233747689106f1e579be2
Author: yoff <yo...@github.com>
Date: 2026-02-26 (Thu, 26 Feb 2026)
Changed paths:
A python/ql/lib/semmle/python/frameworks/AntiSSRF.model.yml
M python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgeryCustomizations.qll
Log Message:
-----------
Python: convert barrier guard to MaD
Commit: 89e5a9bd728e4f48ad0a3adc31dd0ad374da6a2f
https://github.com/krishnprakash/codeql/commit/89e5a9bd728e4f48ad0a3adc31dd0ad374da6a2f
Author: yoff <lerch...@gmail.com>
Date: 2026-02-26 (Thu, 26 Feb 2026)
Changed paths:
M python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPublic.qll
Log Message:
-----------
Update python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPublic.qll
Co-authored-by: Taus <tau...@github.com>
Commit: 11a726d1b48e15cb8cbcc1fc23fbdfb5715b7fe8
https://github.com/krishnprakash/codeql/commit/11a726d1b48e15cb8cbcc1fc23fbdfb5715b7fe8
Author: Tom Hvitved <hvi...@github.com>
Date: 2026-02-26 (Thu, 26 Feb 2026)
Changed paths:
M rust/ql/lib/codeql/rust/elements/internal/InvocationExprImpl.qll
M rust/ql/lib/codeql/rust/internal/typeinference/FunctionType.qll
Log Message:
-----------
Address review comments
Commit: 4280d35bf3345404b85c160fd9b2e86a8da09045
https://github.com/krishnprakash/codeql/commit/4280d35bf3345404b85c160fd9b2e86a8da09045
Author: Tom Hvitved <hvi...@github.com>
Date: 2026-02-26 (Thu, 26 Feb 2026)
Changed paths:
M rust/ql/lib/codeql/rust/elements/internal/InvocationExprImpl.qll
M rust/ql/lib/codeql/rust/internal/typeinference/FunctionOverloading.qll
M rust/ql/lib/codeql/rust/internal/typeinference/FunctionType.qll
M rust/ql/lib/codeql/rust/internal/typeinference/TypeInference.qll
M rust/ql/test/library-tests/type-inference/type-inference.expected
Log Message:
-----------
Merge pull request #21366 from hvitved/rust/type-inference-unify-method-resolution
Rust: Unify logic in `MethodResolution`; remove `TypeQualifierIsInstantiationOfImplSelf` logic
Commit: 600f585a31699f91067f96e5934c2bdea2a2f657
https://github.com/krishnprakash/codeql/commit/600f585a31699f91067f96e5934c2bdea2a2f657
Author: yoff <yo...@github.com>
Date: 2026-02-26 (Thu, 26 Feb 2026)
Changed paths:
A python/ql/lib/change-notes/2026-02-08-guards-compared-to-boolean-literals.md
M python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPublic.qll
A python/ql/lib/semmle/python/frameworks/AntiSSRF.model.yml
M python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgeryCustomizations.qll
M python/ql/test/library-tests/dataflow/tainttracking/customSanitizer/InlineTaintTest.expected
M python/ql/test/library-tests/dataflow/tainttracking/customSanitizer/test_logical.py
Log Message:
-----------
Merge pull request #21296 from yoff/python/bool-comparison-guards
Python: Handle guards being compared to boolean literals
Commit: a997838387bf6101fb52417b7e727252ea1040a0
https://github.com/krishnprakash/codeql/commit/a997838387bf6101fb52417b7e727252ea1040a0
Author: Phileco <132178579+k...@users.noreply.github.com>
Date: 2026-02-27 (Fri, 27 Feb 2026)
Changed paths:
M go/extractor/BUILD.bazel
A python/ql/lib/change-notes/2026-02-08-guards-compared-to-boolean-literals.md
M python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPublic.qll
A python/ql/lib/semmle/python/frameworks/AntiSSRF.model.yml
M python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgeryCustomizations.qll
M python/ql/test/library-tests/dataflow/tainttracking/customSanitizer/InlineTaintTest.expected
M python/ql/test/library-tests/dataflow/tainttracking/customSanitizer/test_logical.py
A rust/ql/lib/change-notes/2026-02-05-neutral-models.md
M rust/ql/lib/codeql/files/FileSystem.qll
M rust/ql/lib/codeql/rust/dataflow/internal/FlowSummaryImpl.qll
M rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll
M rust/ql/lib/codeql/rust/elements/internal/InvocationExprImpl.qll
A rust/ql/lib/codeql/rust/frameworks/empty.model.yml
M rust/ql/lib/codeql/rust/internal/typeinference/FunctionOverloading.qll
M rust/ql/lib/codeql/rust/internal/typeinference/FunctionType.qll
M rust/ql/lib/codeql/rust/internal/typeinference/TypeInference.qll
A rust/ql/test/library-tests/dataflow/models/external_file.rs
M rust/ql/test/library-tests/dataflow/models/main.rs
M rust/ql/test/library-tests/dataflow/models/models.expected
M rust/ql/test/library-tests/dataflow/models/models.ext.yml
M rust/ql/test/library-tests/type-inference/type-inference.expected
M swift/third_party/BUILD.binlog.bazel
R swift/third_party/BUILD.fmt.bazel
M swift/third_party/BUILD.picosha2.bazel
M swift/third_party/BUILD.swift-llvm-support.bazel
M swift/third_party/load.bzl
Log Message:
-----------
Merge branch 'github:main' into main
Compare: https://github.com/krishnprakash/codeql/compare/88c4c86fb264...a997838387bf
To unsubscribe from these emails, change your notification settings at https://github.com/krishnprakash/codeql/settings/notifications
Home: https://github.com/krishnprakash/codeql
Commit: 97f7dcb04a1d5565cce833acae0b2d5639df67af
https://github.com/krishnprakash/codeql/commit/97f7dcb04a1d5565cce833acae0b2d5639df67af
Author: Geoffrey White <40627776...@users.noreply.github.com>
Date: 2026-02-04 (Wed, 04 Feb 2026)
Changed paths:
M rust/ql/test/library-tests/dataflow/models/main.rs
M rust/ql/test/library-tests/dataflow/models/models.expected
M rust/ql/test/library-tests/dataflow/models/models.ext.yml
Log Message:
-----------
Rust: Add dataflow test cases for neutral models.
Commit: d40071321a6533b43cfc91541e57f7395c853648
https://github.com/krishnprakash/codeql/commit/d40071321a6533b43cfc91541e57f7395c853648
Author: Geoffrey White <40627776...@users.noreply.github.com>
Date: 2026-02-04 (Wed, 04 Feb 2026)
Changed paths:
M rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll
M rust/ql/test/library-tests/dataflow/models/main.rs
M rust/ql/test/library-tests/dataflow/models/models.expected
Log Message:
-----------
Rust: Implement neutral models for Rust.
Commit: 9de5f5c72b2d4215d2487ca288cac0cedc59511c
https://github.com/krishnprakash/codeql/commit/9de5f5c72b2d4215d2487ca288cac0cedc59511c
Author: Geoffrey White <40627776...@users.noreply.github.com>
Date: 2026-02-05 (Thu, 05 Feb 2026)
Changed paths:
A rust/ql/lib/change-notes/2026-02-05-neutral-models.md
M rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll
M rust/ql/test/library-tests/dataflow/models/main.rs
Log Message:
-----------
Rust: Clean up and change note.
Commit: c0a5c63e8e85a553d8b8fa4caaa512c88b4682e5
https://github.com/krishnprakash/codeql/commit/c0a5c63e8e85a553d8b8fa4caaa512c88b4682e5
Author: Geoffrey White <40627776...@users.noreply.github.com>
Date: 2026-02-05 (Thu, 05 Feb 2026)
Changed paths:
M MODULE.bazel
M actions/ql/lib/CHANGELOG.md
A actions/ql/lib/change-notes/released/0.4.27.md
M actions/ql/lib/codeql-pack.release.yml
M actions/ql/lib/codeql/actions/ast/internal/Ast.qll
M actions/ql/lib/qlpack.yml
M actions/ql/src/CHANGELOG.md
A actions/ql/src/change-notes/released/0.6.19.md
M actions/ql/src/codeql-pack.release.yml
M actions/ql/src/qlpack.yml
R actions/ql/test/library-tests/.github/workflows/commands.yml
R actions/ql/test/library-tests/.github/workflows/expression_nodes.yml
R actions/ql/test/library-tests/.github/workflows/many_strings.yml
R actions/ql/test/library-tests/.github/workflows/multiline.yml
R actions/ql/test/library-tests/.github/workflows/multiline2.yml
R actions/ql/test/library-tests/.github/workflows/poisonable_steps.yml
R actions/ql/test/library-tests/.github/workflows/shell.yml
R actions/ql/test/library-tests/.github/workflows/test.yml
A actions/ql/test/library-tests/basic/.github/workflows/commands.yml
A actions/ql/test/library-tests/basic/.github/workflows/expression_nodes.yml
A actions/ql/test/library-tests/basic/.github/workflows/many_strings.yml
A actions/ql/test/library-tests/basic/.github/workflows/multiline.yml
A actions/ql/test/library-tests/basic/.github/workflows/multiline2.yml
A actions/ql/test/library-tests/basic/.github/workflows/poisonable_steps.yml
A actions/ql/test/library-tests/basic/.github/workflows/shell.yml
A actions/ql/test/library-tests/basic/.github/workflows/test.yml
A actions/ql/test/library-tests/basic/commands.expected
A actions/ql/test/library-tests/basic/commands.ql
A actions/ql/test/library-tests/basic/poisonable_steps.expected
A actions/ql/test/library-tests/basic/poisonable_steps.ql
A actions/ql/test/library-tests/basic/test.expected
A actions/ql/test/library-tests/basic/test.ql
A actions/ql/test/library-tests/basic/workflowenum.expected
A actions/ql/test/library-tests/basic/workflowenum.ql
R actions/ql/test/library-tests/commands.expected
R actions/ql/test/library-tests/commands.ql
R actions/ql/test/library-tests/poisonable_steps.expected
R actions/ql/test/library-tests/poisonable_steps.ql
R actions/ql/test/library-tests/test.expected
R actions/ql/test/library-tests/test.ql
A actions/ql/test/library-tests/very-long-expression/.github/workflows/very_long_expression_node.yml
A actions/ql/test/library-tests/very-long-expression/very_long_expression_node.expected
A actions/ql/test/library-tests/very-long-expression/very_long_expression_node.ql
R actions/ql/test/library-tests/workflowenum.expected
R actions/ql/test/library-tests/workflowenum.ql
M cpp/ql/lib/CHANGELOG.md
R cpp/ql/lib/change-notes/2026-01-19-embed.md
R cpp/ql/lib/change-notes/2026-01-19-parameterized-barrier-guard.md
A cpp/ql/lib/change-notes/2026-02-03-windows-remote-flow-sources.md
A cpp/ql/lib/change-notes/released/7.1.0.md
M cpp/ql/lib/codeql-pack.release.yml
A cpp/ql/lib/ext/MySql.model.yml
M cpp/ql/lib/ext/Windows.model.yml
A cpp/ql/lib/ext/azure.core.model.yml
M cpp/ql/lib/qlpack.yml
M cpp/ql/lib/semmle/code/cpp/commons/Buffer.qll
M cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll
M cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll
M cpp/ql/lib/semmle/code/cpp/dataflow/internal/FlowSummaryImpl.qll
M cpp/ql/lib/semmle/code/cpp/internal/Overlay.qll
M cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll
M cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll
M cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImpl.qll
M cpp/ql/lib/semmle/code/cpp/models/Models.qll
M cpp/ql/lib/semmle/code/cpp/models/implementations/MySql.qll
A cpp/ql/lib/semmle/code/cpp/models/implementations/WinHttp.qll
M cpp/ql/src/CHANGELOG.md
M cpp/ql/src/Security/CWE/CWE-089/SqlTainted.ql
A cpp/ql/src/change-notes/released/1.5.10.md
M cpp/ql/src/codeql-pack.release.yml
M cpp/ql/src/qlpack.yml
M cpp/ql/src/utils/modelgenerator/internal/CaptureModels.qll
M cpp/ql/test/library-tests/controlflow/guards-ir/tests.expected
M cpp/ql/test/library-tests/controlflow/guards/GuardsControl.expected
M cpp/ql/test/library-tests/controlflow/guards/GuardsEnsure.expected
A cpp/ql/test/library-tests/dataflow/asDefinition/test.cpp
A cpp/ql/test/library-tests/dataflow/asDefinition/test.expected
A cpp/ql/test/library-tests/dataflow/asDefinition/test.ql
M cpp/ql/test/library-tests/dataflow/dataflow-tests/test-source-sink.expected
M cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp
A cpp/ql/test/library-tests/dataflow/external-models/azure.cpp
M cpp/ql/test/library-tests/dataflow/external-models/flow.expected
M cpp/ql/test/library-tests/dataflow/external-models/sources.expected
M cpp/ql/test/library-tests/dataflow/external-models/steps.expected
M cpp/ql/test/library-tests/dataflow/external-models/validatemodels.expected
M cpp/ql/test/library-tests/dataflow/external-models/windows.cpp
M csharp/autobuilder/Semmle.Autobuild.CSharp.Tests/BuildScripts.cs
M csharp/autobuilder/Semmle.Autobuild.Cpp.Tests/BuildScripts.cs
M csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs
M csharp/extractor/Semmle.Util/BuildActions.cs
M csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
A csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.58.md
M csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
M csharp/ql/campaigns/Solorigate/lib/qlpack.yml
M csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
A csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.58.md
M csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
M csharp/ql/campaigns/Solorigate/src/qlpack.yml
A csharp/ql/integration-tests/linux/diag_nuget_config_casing/Program.cs
A csharp/ql/integration-tests/linux/diag_nuget_config_casing/diagnostics.expected
A csharp/ql/integration-tests/linux/diag_nuget_config_casing/global.json
A csharp/ql/integration-tests/linux/diag_nuget_config_casing/sub-project/Nuget.Config
A csharp/ql/integration-tests/linux/diag_nuget_config_casing/test.csproj
A csharp/ql/integration-tests/linux/diag_nuget_config_casing/test.py
M csharp/ql/lib/CHANGELOG.md
R csharp/ql/lib/change-notes/2026-01-14-null-conditional-assignments.md
A csharp/ql/lib/change-notes/released/5.4.6.md
M csharp/ql/lib/codeql-pack.release.yml
M csharp/ql/lib/qlpack.yml
M csharp/ql/lib/semmle/code/csharp/dataflow/FlowSummary.qll
M csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowDispatch.qll
M csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll
M csharp/ql/lib/semmle/code/csharp/dataflow/internal/ExternalFlow.qll
M csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll
M csharp/ql/lib/semmle/code/csharp/frameworks/EntityFramework.qll
M csharp/ql/src/CHANGELOG.md
M csharp/ql/src/Security Features/CWE-352/MissingAntiForgeryTokenValidation.ql
A csharp/ql/src/change-notes/2026-02-04-csrf-inherited-attribute.md
A csharp/ql/src/change-notes/released/1.6.1.md
M csharp/ql/src/codeql-pack.release.yml
M csharp/ql/src/qlpack.yml
M csharp/ql/src/utils/modelgenerator/internal/CaptureModels.qll
M csharp/ql/test/library-tests/dataflow/external-models/ExternalFlow.cs
M csharp/ql/test/library-tests/dataflow/global/DataFlowPath.expected
M csharp/ql/test/library-tests/dataflow/global/TaintTrackingPath.expected
M csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected
M csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected
M csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.ql
M csharp/ql/test/query-tests/Security Features/CWE-352/missing-aspnetcore/MissingAntiForgeryTokenValidation.cs
M csharp/ql/test/query-tests/Security Features/CWE-352/missing-aspnetcore/MissingAntiForgeryTokenValidation.expected
M csharp/ql/test/query-tests/Security Features/CWE-352/missing/MissingAntiForgeryTokenValidation.cs
M csharp/ql/test/query-tests/Security Features/CWE-352/missing/MissingAntiForgeryTokenValidation.expected
M csharp/ql/test/query-tests/Security Features/CWE-639/MVCTests/CommentController.cs
M csharp/ql/test/query-tests/Security Features/CWE-639/MVCTests/InsecureDirectObjectReference.expected
M csharp/ql/test/shared/FlowSummaries.qll
A docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.23.9.rst
A docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.24.0.rst
M docs/codeql/codeql-overview/codeql-changelog/index.rst
M docs/codeql/reusables/supported-versions-compilers.rst
M go/extractor/cli/go-autobuilder/go-autobuilder.go
M go/extractor/diagnostics/BUILD.bazel
M go/extractor/diagnostics/diagnostics.go
A go/extractor/diagnostics/diagnostics_test.go
M go/extractor/extractor.go
M go/extractor/go.mod
M go/extractor/go.sum
A go/extractor/registries/BUILD.bazel
A go/extractor/registries/registryproxy.go
A go/extractor/registries/registryproxy_test.go
M go/extractor/toolchain/BUILD.bazel
M go/extractor/toolchain/toolchain.go
M go/extractor/util/BUILD.bazel
R go/extractor/util/registryproxy.go
R go/extractor/util/registryproxy_test.go
M go/extractor/util/util.go
M go/ql/consistency-queries/CHANGELOG.md
A go/ql/consistency-queries/change-notes/released/1.0.41.md
M go/ql/consistency-queries/codeql-pack.release.yml
M go/ql/consistency-queries/qlpack.yml
M go/ql/integration-tests/diagnostics/package-not-found-with-go-mod/diagnostics.expected
M go/ql/integration-tests/diagnostics/package-not-found-with-go-mod/test.py
M go/ql/integration-tests/diagnostics/package-not-found-without-go-mod/diagnostics.expected
M go/ql/integration-tests/diagnostics/package-not-found-without-go-mod/test.py
M go/ql/lib/CHANGELOG.md
A go/ql/lib/change-notes/2026-01-28-shared-basic-block-library.md
A go/ql/lib/change-notes/released/6.0.1.md
M go/ql/lib/codeql-pack.release.yml
M go/ql/lib/qlpack.yml
M go/ql/lib/semmle/go/controlflow/BasicBlocks.qll
M go/ql/lib/semmle/go/controlflow/ControlFlowGraph.qll
M go/ql/lib/semmle/go/dataflow/ExternalFlow.qll
M go/ql/lib/semmle/go/dataflow/FlowSummary.qll
M go/ql/lib/semmle/go/dataflow/SSA.qll
M go/ql/lib/semmle/go/dataflow/SsaImpl.qll
M go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll
M go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll
M go/ql/src/CHANGELOG.md
M go/ql/src/Security/CWE-020/IncompleteHostnameRegexp.ql
A go/ql/src/change-notes/released/1.5.5.md
M go/ql/src/codeql-pack.release.yml
M go/ql/src/qlpack.yml
M java/documentation/library-coverage/coverage.csv
M java/documentation/library-coverage/coverage.rst
M java/kotlin-extractor/BUILD.bazel
R java/kotlin-extractor/deps/kotlin-compiler-1.6.0.jar
R java/kotlin-extractor/deps/kotlin-compiler-1.6.20.jar
R java/kotlin-extractor/deps/kotlin-compiler-1.7.0.jar
R java/kotlin-extractor/deps/kotlin-compiler-1.7.20.jar
A java/kotlin-extractor/deps/kotlin-compiler-2.3.0.jar
R java/kotlin-extractor/deps/kotlin-compiler-embeddable-1.6.0.jar
R java/kotlin-extractor/deps/kotlin-compiler-embeddable-1.6.20.jar
R java/kotlin-extractor/deps/kotlin-compiler-embeddable-1.7.0.jar
R java/kotlin-extractor/deps/kotlin-compiler-embeddable-1.7.20.jar
A java/kotlin-extractor/deps/kotlin-compiler-embeddable-2.3.0.jar
R java/kotlin-extractor/deps/kotlin-stdlib-1.6.0.jar
R java/kotlin-extractor/deps/kotlin-stdlib-1.6.20.jar
R java/kotlin-extractor/deps/kotlin-stdlib-1.7.0.jar
R java/kotlin-extractor/deps/kotlin-stdlib-1.7.20.jar
A java/kotlin-extractor/deps/kotlin-stdlib-2.3.0.jar
M java/kotlin-extractor/dev/wrapper.py
M java/kotlin-extractor/src/main/kotlin/KotlinExtractorComponentRegistrar.kt
M java/kotlin-extractor/src/main/kotlin/KotlinFileExtractor.kt
M java/kotlin-extractor/src/main/kotlin/KotlinUsesExtractor.kt
M java/kotlin-extractor/src/main/kotlin/MetaAnnotationSupport.kt
M java/kotlin-extractor/src/main/kotlin/utils/ClassNames.kt
M java/kotlin-extractor/src/main/kotlin/utils/GetByFqName.kt
M java/kotlin-extractor/src/main/kotlin/utils/JvmNames.kt
M java/kotlin-extractor/src/main/kotlin/utils/TypeSubstitution.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/CodeQLIrConst.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/CodeQLIsRoot.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/CommentExtractorLighterAST.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/ExperimentalCompilerApi.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/FirMetadataSourceFirFile.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/IrLazyFunction.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/IrSymbolInternals.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/IrVisitor.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/IsUnderscoreParameter.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/JvmDefaultModeIsNoCompatibility.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/Kotlin2ComponentRegistrar.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/LinesOfCodeLighterAST.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/Psi2Ir.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/ReferenceEntity.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/SyntheticBodyKind.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/Types.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/UsesK2.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/VirtualFileBasedSourceElement.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/allOverriddenIncludingSelf.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/copyTo.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/createImplicitParameterDeclarationWithWrappedDescriptor.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/getFileClassFqName.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/getJvmDefaultMode.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/getJvmModuleNameForDeserializedDescriptor.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/getKotlinType.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/isDispatchReceiver.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/packageFqName.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/parameterIndexExcludingReceivers.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/parents.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/typeUtils.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/withHasQuestionMark.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_20/IsUnderscoreParameter.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_20/Types.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_7_0/getFileClassFqName.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_7_0/getKotlinType.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_7_0/withHasQuestionMark.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_7_20/allOverriddenIncludingSelf.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_7_20/copyTo.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_7_20/createImplicitParameterDeclarationWithWrappedDescriptor.kt
A java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/CodeQLIrConst.kt
A java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/CodeQLIsRoot.kt
A java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/CommentExtractorLighterAST.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/ExperimentalCompilerApi.kt
A java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/FirMetadataSourceFirFile.kt
A java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/IrLazyFunction.kt
A java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/IrSymbolInternals.kt
A java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/IrVisitor.kt
A java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/JvmDefaultModeIsNoCompatibility.kt
A java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/Kotlin2ComponentRegistrar.kt
A java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/LinesOfCodeLighterAST.kt
A java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/Psi2Ir.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/ReferenceEntity.kt
R java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/SyntheticBodyKind.kt
A java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/UsesK2.kt
A java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/VirtualFileBasedSourceElement.kt
A java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/createImplicitParameterDeclarationWithWrappedDescriptor.kt
A java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/getJvmDefaultMode.kt
A java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/getJvmModuleNameForDeserializedDescriptor.kt
A java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/getKotlinType.kt
A java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/isDispatchReceiver.kt
A java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/packageFqName.kt
A java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/parameterIndexExcludingReceivers.kt
A java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/parents.kt
A java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/typeUtils.kt
M java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_9_0-Beta/Kotlin2ComponentRegistrar.kt
M java/kotlin-extractor/versions.bzl
M java/ql/consistency-queries/UnaryExpr.ql
M java/ql/examples/snippets/returnstatement.ql
M java/ql/examples/snippets/ternaryconditional.ql
M java/ql/integration-tests/kotlin/all-platforms/compiler_arguments/app/build.gradle
M java/ql/integration-tests/kotlin/all-platforms/diagnostics/kotlin-version-too-new/diagnostics.expected
M java/ql/integration-tests/kotlin/all-platforms/gradle_groovy_app/app/build.gradle
M java/ql/integration-tests/kotlin/all-platforms/gradle_kotlinx_serialization/PrintAst.expected
M java/ql/integration-tests/kotlin/all-platforms/gradle_kotlinx_serialization/app/build.gradle
M java/ql/integration-tests/kotlin/all-platforms/gradle_kotlinx_serialization/diag.expected
M java/ql/integration-tests/kotlin/all-platforms/java_modifiers/test.expected
M java/ql/integration-tests/kotlin/all-platforms/jvmoverloads-external-class/test.expected
M java/ql/integration-tests/kotlin/all-platforms/kotlin_java_static_fields/test.expected
M java/ql/integration-tests/kotlin/all-platforms/kotlin_kfunction/app/build.gradle
M java/ql/integration-tests/kotlin/all-platforms/nullability-annotations/test.expected
M java/ql/integration-tests/kotlin/posix/module_mangled_names/test.expected
M java/ql/lib/CHANGELOG.md
A java/ql/lib/change-notes/2026-02-04-renames.md
M java/ql/lib/change-notes/released/4.1.0.md
M java/ql/lib/change-notes/released/7.2.0.md
M java/ql/lib/change-notes/released/7.5.0.md
A java/ql/lib/change-notes/released/8.0.0.md
M java/ql/lib/codeql-pack.release.yml
M java/ql/lib/ext/java.util.model.yml
M java/ql/lib/ext/org.apache.commons.collections4.map.model.yml
M java/ql/lib/ext/org.apache.commons.collections4.model.yml
M java/ql/lib/ext/org.apache.commons.collections4.set.model.yml
M java/ql/lib/ext/org.springframework.web.util.model.yml
A java/ql/lib/printCfg.ql
M java/ql/lib/qlpack.yml
M java/ql/lib/semmle/code/java/Concurrency.qll
M java/ql/lib/semmle/code/java/ConflictingAccess.qll
M java/ql/lib/semmle/code/java/Constants.qll
M java/ql/lib/semmle/code/java/ControlFlowGraph.qll
M java/ql/lib/semmle/code/java/Conversions.qll
M java/ql/lib/semmle/code/java/Expr.qll
M java/ql/lib/semmle/code/java/Member.qll
M java/ql/lib/semmle/code/java/PrettyPrintAst.qll
M java/ql/lib/semmle/code/java/Statement.qll
M java/ql/lib/semmle/code/java/arithmetic/Overflow.qll
M java/ql/lib/semmle/code/java/comparison/Comparison.qll
M java/ql/lib/semmle/code/java/controlflow/Guards.qll
M java/ql/lib/semmle/code/java/controlflow/UnreachableBlocks.qll
M java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll
M java/ql/lib/semmle/code/java/dataflow/FlowSummary.qll
M java/ql/lib/semmle/code/java/dataflow/NullGuards.qll
M java/ql/lib/semmle/code/java/dataflow/Nullness.qll
M java/ql/lib/semmle/code/java/dataflow/RangeAnalysis.qll
M java/ql/lib/semmle/code/java/dataflow/TypeFlow.qll
M java/ql/lib/semmle/code/java/dataflow/internal/BaseSSA.qll
M java/ql/lib/semmle/code/java/dataflow/internal/DataFlowDispatch.qll
M java/ql/lib/semmle/code/java/dataflow/internal/DataFlowNodes.qll
M java/ql/lib/semmle/code/java/dataflow/internal/DataFlowUtil.qll
M java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll
M java/ql/lib/semmle/code/java/dataflow/internal/SsaImpl.qll
M java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/SignAnalysisSpecific.qll
M java/ql/lib/semmle/code/java/deadcode/DeadEnumConstant.qll
M java/ql/lib/semmle/code/java/dispatch/DispatchFlow.qll
M java/ql/lib/semmle/code/java/dispatch/ObjFlow.qll
M java/ql/lib/semmle/code/java/dispatch/WrappedInvocation.qll
M java/ql/lib/semmle/code/java/frameworks/JaxWS.qll
M java/ql/lib/semmle/code/java/frameworks/Mockito.qll
M java/ql/lib/semmle/code/java/frameworks/MyBatis.qll
M java/ql/lib/semmle/code/java/frameworks/ThreadLocal.qll
M java/ql/lib/semmle/code/java/frameworks/android/AsyncTask.qll
M java/ql/lib/semmle/code/java/frameworks/android/Compose.qll
M java/ql/lib/semmle/code/java/frameworks/android/Intent.qll
M java/ql/lib/semmle/code/java/frameworks/javaee/ejb/EJBRestrictions.qll
M java/ql/lib/semmle/code/java/frameworks/spring/SpringHttp.qll
M java/ql/lib/semmle/code/java/frameworks/stapler/Stapler.qll
M java/ql/lib/semmle/code/java/frameworks/struts/StrutsActions.qll
M java/ql/lib/semmle/code/java/frameworks/struts/StrutsConventions.qll
M java/ql/lib/semmle/code/java/security/ArithmeticCommon.qll
M java/ql/lib/semmle/code/java/security/FragmentInjection.qll
M java/ql/lib/semmle/code/java/security/InsecureRandomnessQuery.qll
M java/ql/lib/semmle/code/java/security/StaticInitializationVectorQuery.qll
M java/ql/lib/semmle/code/java/security/UnsafeDeserializationQuery.qll
M java/ql/lib/semmle/code/java/security/UnsafeHostnameVerificationQuery.qll
M java/ql/lib/semmle/code/java/security/internal/ArraySizing.qll
M java/ql/src/Advisory/Declarations/NonFinalImmutableField.ql
M java/ql/src/CHANGELOG.md
M java/ql/src/Language Abuse/IterableClass.qll
M java/ql/src/Language Abuse/IterableIterator.ql
M java/ql/src/Likely Bugs/Arithmetic/CondExprTypes.ql
M java/ql/src/Likely Bugs/Collections/IteratorRemoveMayFail.ql
M java/ql/src/Likely Bugs/Collections/ReadOnlyContainer.ql
M java/ql/src/Likely Bugs/Comparison/DefineEqualsWhenAddingFields.ql
M java/ql/src/Likely Bugs/Comparison/Equality.qll
M java/ql/src/Likely Bugs/Comparison/MissingInstanceofInEquals.ql
M java/ql/src/Likely Bugs/Comparison/StringComparison.ql
M java/ql/src/Likely Bugs/Comparison/UselessComparisonTest.ql
M java/ql/src/Likely Bugs/Concurrency/NonSynchronizedOverride.ql
M java/ql/src/Likely Bugs/Concurrency/UnreleasedLock.qhelp
M java/ql/src/Likely Bugs/Serialization/NonSerializableInnerClass.ql
M java/ql/src/Likely Bugs/Statements/Chaining.qll
M java/ql/src/Likely Bugs/Statements/ImpossibleCast.ql
M java/ql/src/Likely Bugs/Termination/SpinOnField.ql
M java/ql/src/Metrics/Summaries/GeneratedVsManualCoverageQuery.qll
M java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.ql
M java/ql/src/Security/CWE/CWE-367/TOCTOURace.ql
M java/ql/src/Security/CWE/CWE-835/InfiniteLoop.ql
M java/ql/src/Violations of Best Practice/Boolean Logic/SimplifyBoolExpr.ql
M java/ql/src/Violations of Best Practice/Boxed Types/BoxedVariable.ql
M java/ql/src/Violations of Best Practice/Dead Code/DeadStoreOfLocal.ql
M java/ql/src/Violations of Best Practice/Dead Code/NonAssignedFields.ql
M java/ql/src/Violations of Best Practice/Implementation Hiding/ExposeRepresentation.ql
M java/ql/src/Violations of Best Practice/Implementation Hiding/StaticArray.ql
M java/ql/src/Violations of Best Practice/Naming Conventions/ConfusingOverloading.ql
M java/ql/src/Violations of Best Practice/Naming Conventions/Shadowing.qll
M java/ql/src/Violations of Best Practice/legacy/AutoBoxing.ql
A java/ql/src/change-notes/released/1.10.6.md
M java/ql/src/codeql-pack.release.yml
M java/ql/src/experimental/Security/CWE/CWE-094/SpringViewManipulationLib.qll
M java/ql/src/experimental/Security/CWE/CWE-295/JxBrowserWithoutCertValidation.ql
M java/ql/src/qlpack.yml
M java/ql/src/utils/modelgenerator/internal/CaptureModels.qll
M java/ql/test-kotlin1/library-tests/data-classes/PrintAst.expected
M java/ql/test-kotlin1/library-tests/exprs/unaryOp.ql
M java/ql/test-kotlin1/library-tests/methods/exprs.expected
M java/ql/test-kotlin1/library-tests/ministdlib/MiniStdLib.kt
M java/ql/test-kotlin1/library-tests/ministdlib/classes.expected
M java/ql/test-kotlin2/library-tests/annotation_classes/PrintAst.expected
M java/ql/test-kotlin2/library-tests/annotation_classes/classes.expected
M java/ql/test-kotlin2/library-tests/annotations/jvmName/test.expected
M java/ql/test-kotlin2/library-tests/classes/ctorCalls.expected
M java/ql/test-kotlin2/library-tests/classes/genericExprTypes.expected
M java/ql/test-kotlin2/library-tests/comments/comments.expected
M java/ql/test-kotlin2/library-tests/companion_objects/method_accesses.expected
M java/ql/test-kotlin2/library-tests/data-classes/PrintAst.expected
M java/ql/test-kotlin2/library-tests/data-classes/callees.expected
M java/ql/test-kotlin2/library-tests/exprs/PrintAst.expected
M java/ql/test-kotlin2/library-tests/exprs/exprs.expected
M java/ql/test-kotlin2/library-tests/exprs/funcExprs.expected
M java/ql/test-kotlin2/library-tests/exprs/unaryOp.expected
M java/ql/test-kotlin2/library-tests/exprs/unaryOp.ql
M java/ql/test-kotlin2/library-tests/generic-instance-methods/test.expected
M java/ql/test-kotlin2/library-tests/generic-selective-extraction/test.expected
M java/ql/test-kotlin2/library-tests/inherited-default-value/test.expected
M java/ql/test-kotlin2/library-tests/interface-delegate/test.expected
M java/ql/test-kotlin2/library-tests/internal-constructor-called-from-java/test.expected
M java/ql/test-kotlin2/library-tests/internal-public-alias/test.expected
M java/ql/test-kotlin2/library-tests/java_and_kotlin/test.expected
M java/ql/test-kotlin2/library-tests/java_and_kotlin_internal/visibility.expected
M java/ql/test-kotlin2/library-tests/jvmoverloads-annotation/PrintAst.expected
M java/ql/test-kotlin2/library-tests/jvmoverloads-annotation/test.expected
M java/ql/test-kotlin2/library-tests/jvmoverloads_flow/test.expected
M java/ql/test-kotlin2/library-tests/jvmoverloads_generics/test.expected
M java/ql/test-kotlin2/library-tests/jvmstatic-annotation/test.expected
M java/ql/test-kotlin2/library-tests/lateinit/test.expected
M java/ql/test-kotlin2/library-tests/methods-mixed-java-and-kotlin/test.expected
M java/ql/test-kotlin2/library-tests/methods/exprs.expected
M java/ql/test-kotlin2/library-tests/methods/methods.expected
M java/ql/test-kotlin2/library-tests/methods/parameters.expected
M java/ql/test-kotlin2/library-tests/modifiers/modifiers.expected
M java/ql/test-kotlin2/library-tests/parameter-defaults/defaults.expected
M java/ql/test-kotlin2/library-tests/private-anonymous-types/test.expected
M java/ql/test-kotlin2/library-tests/properties/properties.expected
M java/ql/test-kotlin2/library-tests/stmts/PrintAst.expected
M java/ql/test-kotlin2/library-tests/stmts/stmts.expected
M java/ql/test-kotlin2/library-tests/vararg/args.expected
M java/ql/test/experimental/query-tests/security/CWE-601/SpringUrlRedirect.expected
M java/ql/test/library-tests/dataflow/capture/inlinetest.expected
M java/ql/test/library-tests/dataflow/collections/containerflow.expected
M java/ql/test/library-tests/frameworks/android/taint-database/flowSteps.ql
M java/ql/test/library-tests/frameworks/apache-collections/Test.java
M java/ql/test/library-tests/frameworks/apache-collections/test.expected
M java/ql/test/library-tests/frameworks/apache-commons-lang3/flow.expected
M java/ql/test/library-tests/frameworks/json-java/test.expected
M java/ql/test/library-tests/frameworks/netty/generated/test.expected
M java/ql/test/library-tests/frameworks/spring/beans/test.expected
M java/ql/test/library-tests/frameworks/spring/http/flow.expected
M java/ql/test/library-tests/frameworks/spring/util/test.expected
M java/ql/test/library-tests/frameworks/spring/webutil/test.expected
M java/ql/test/library-tests/locations/NegativeLiteralLocation.ql
M java/ql/test/library-tests/optional/test.expected
M java/ql/test/library-tests/scanner/test.expected
M java/ql/test/query-tests/UnreleasedLock/UnreleasedLock.java
M java/ql/test/query-tests/lgtm-example-queries/returnstatement.ql
M javascript/ql/lib/CHANGELOG.md
A javascript/ql/lib/change-notes/released/2.6.21.md
M javascript/ql/lib/codeql-pack.release.yml
M javascript/ql/lib/qlpack.yml
M javascript/ql/lib/semmle/javascript/dataflow/FlowSummary.qll
M javascript/ql/lib/semmle/javascript/dataflow/internal/BarrierGuards.qll
M javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowArg.qll
M javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/SummaryTypeTracker.qll
M javascript/ql/lib/semmle/javascript/frameworks/AsyncPackage.qll
M javascript/ql/lib/semmle/javascript/frameworks/Credentials.qll
M javascript/ql/lib/semmle/javascript/frameworks/LodashUnderscore.qll
M javascript/ql/lib/semmle/javascript/frameworks/NoSQL.qll
M javascript/ql/lib/semmle/javascript/frameworks/NodeJSLib.model.yml
M javascript/ql/lib/semmle/javascript/frameworks/SQL.qll
M javascript/ql/lib/semmle/javascript/frameworks/UriLibraries.qll
M javascript/ql/lib/semmle/javascript/frameworks/data/ModelsAsData.qll
M javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModels.qll
M javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModelsExtensions.qll
M javascript/ql/lib/semmle/javascript/frameworks/data/internal/empty.model.yml
M javascript/ql/lib/semmle/javascript/internal/flow_summaries/AmbiguousCoreMethods.qll
M javascript/ql/lib/semmle/javascript/internal/flow_summaries/Arrays.qll
M javascript/ql/lib/semmle/javascript/internal/flow_summaries/Decoders.qll
M javascript/ql/lib/semmle/javascript/internal/flow_summaries/ExceptionFlow.qll
M javascript/ql/lib/semmle/javascript/internal/flow_summaries/FlowSummaryUtil.qll
M javascript/ql/lib/semmle/javascript/internal/flow_summaries/Iterators.qll
M javascript/ql/lib/semmle/javascript/internal/flow_summaries/JsonStringify.qll
M javascript/ql/lib/semmle/javascript/internal/flow_summaries/Maps.qll
M javascript/ql/lib/semmle/javascript/internal/flow_summaries/Promises.qll
M javascript/ql/lib/semmle/javascript/internal/flow_summaries/Sets.qll
M javascript/ql/lib/semmle/javascript/internal/flow_summaries/Strings.qll
M javascript/ql/lib/semmle/javascript/internal/flow_summaries/TypedArrays.qll
M javascript/ql/lib/semmle/javascript/internal/flow_summaries/UrlSearchParams.qll
M javascript/ql/lib/semmle/javascript/security/CorsPermissiveConfigurationCustomizations.qll
M javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirectCustomizations.qll
M javascript/ql/lib/semmle/javascript/security/dataflow/CodeInjectionCustomizations.qll
M javascript/ql/lib/semmle/javascript/security/dataflow/CommandInjectionCustomizations.qll
M javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssCustomizations.qll
M javascript/ql/lib/semmle/javascript/security/dataflow/IncompleteHtmlAttributeSanitizationCustomizations.qll
M javascript/ql/lib/semmle/javascript/security/dataflow/LogInjectionQuery.qll
M javascript/ql/lib/semmle/javascript/security/dataflow/ReflectedXssCustomizations.qll
M javascript/ql/lib/semmle/javascript/security/dataflow/RequestForgeryCustomizations.qll
M javascript/ql/lib/semmle/javascript/security/dataflow/ServerSideUrlRedirectCustomizations.qll
M javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll
M javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDeserializationCustomizations.qll
M javascript/ql/lib/utils/test/InlineSummaries.qll
M javascript/ql/src/CHANGELOG.md
A javascript/ql/src/change-notes/released/2.3.1.md
M javascript/ql/src/codeql-pack.release.yml
M javascript/ql/src/qlpack.yml
M javascript/ql/test/library-tests/frameworks/data/test.ql
R misc/bazel/registry/modules/rules_kotlin/2.1.3-codeql.1/MODULE.bazel
R misc/bazel/registry/modules/rules_kotlin/2.1.3-codeql.1/patches/codeql_add_language_version_option.patch
R misc/bazel/registry/modules/rules_kotlin/2.1.3-codeql.1/patches/codeql_do_not_emit_jdeps.patch
R misc/bazel/registry/modules/rules_kotlin/2.1.3-codeql.1/source.json
A misc/bazel/registry/modules/rules_kotlin/2.2.0-codeql.1/MODULE.bazel
A misc/bazel/registry/modules/rules_kotlin/2.2.0-codeql.1/patches/codeql_add_language_version_option.patch
A misc/bazel/registry/modules/rules_kotlin/2.2.0-codeql.1/patches/codeql_do_not_emit_jdeps.patch
A misc/bazel/registry/modules/rules_kotlin/2.2.0-codeql.1/source.json
M misc/bazel/registry/modules/rules_kotlin/metadata.json
M misc/suite-helpers/CHANGELOG.md
A misc/suite-helpers/change-notes/released/1.0.41.md
M misc/suite-helpers/codeql-pack.release.yml
M misc/suite-helpers/qlpack.yml
M python/extractor/semmle/util.py
M python/extractor/tests/parser/strings.py
M python/extractor/tests/parser/template_strings_new.expected
M python/extractor/tests/parser/template_strings_new.py
M python/extractor/tsg-python/tsp/grammar.js
M python/extractor/tsg-python/tsp/src/grammar.json
M python/extractor/tsg-python/tsp/src/node-types.json
M python/extractor/tsg-python/tsp/src/parser.c
M python/extractor/tsg-python/tsp/src/tree_sitter/array.h
M python/extractor/tsg-python/tsp/src/tree_sitter/parser.h
M python/ql/integration-tests/query-suite/not_included_in_qls.expected
M python/ql/lib/CHANGELOG.md
R python/ql/lib/change-notes/2026-01-20-support-ListElement-in-python-MaD.md
A python/ql/lib/change-notes/2026-02-05-fix-format-fill-character-misparse.md
M python/ql/lib/change-notes/released/6.0.0.md
A python/ql/lib/change-notes/released/6.1.0.md
M python/ql/lib/codeql-pack.release.yml
M python/ql/lib/qlpack.yml
M python/ql/lib/semmle/python/Concepts.qll
M python/ql/lib/semmle/python/Frameworks.qll
M python/ql/lib/semmle/python/dataflow/new/FlowSummary.qll
M python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPublic.qll
M python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImpl.qll
M python/ql/lib/semmle/python/dataflow/new/internal/TypeTrackingImpl.qll
A python/ql/lib/semmle/python/frameworks/Django.model.yml
M python/ql/lib/semmle/python/frameworks/Django.qll
M python/ql/lib/semmle/python/frameworks/Flask.qll
M python/ql/lib/semmle/python/frameworks/Stdlib.qll
A python/ql/lib/semmle/python/frameworks/Websockets.qll
A python/ql/lib/semmle/python/frameworks/agent.model.yml
M python/ql/lib/semmle/python/frameworks/data/ModelsAsData.qll
M python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModels.qll
M python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModelsExtensions.qll
M python/ql/lib/semmle/python/frameworks/data/internal/empty.model.yml
A python/ql/lib/semmle/python/frameworks/openai.model.yml
M python/ql/lib/semmle/python/security/dataflow/CodeInjectionCustomizations.qll
M python/ql/lib/semmle/python/security/dataflow/CommandInjectionCustomizations.qll
M python/ql/lib/semmle/python/security/dataflow/LogInjectionCustomizations.qll
M python/ql/lib/semmle/python/security/dataflow/PathInjectionCustomizations.qll
M python/ql/lib/semmle/python/security/dataflow/ReflectedXSSCustomizations.qll
M python/ql/lib/semmle/python/security/dataflow/SqlInjectionCustomizations.qll
M python/ql/lib/semmle/python/security/dataflow/UnsafeDeserializationCustomizations.qll
M python/ql/lib/semmle/python/security/dataflow/UrlRedirectCustomizations.qll
A python/ql/lib/utils/test/PrettyPrintModels.ql
M python/ql/src/CHANGELOG.md
M python/ql/src/Security/CWE-798/HardcodedCredentials.ql
A python/ql/src/change-notes/released/1.7.6.md
M python/ql/src/codeql-pack.release.yml
A python/ql/src/experimental/Security/CWE-1427/PromptInjection.qhelp
A python/ql/src/experimental/Security/CWE-1427/PromptInjection.ql
A python/ql/src/experimental/Security/CWE-1427/examples/example.py
M python/ql/src/experimental/semmle/python/Concepts.qll
M python/ql/src/experimental/semmle/python/Frameworks.qll
A python/ql/src/experimental/semmle/python/frameworks/OpenAI.qll
A python/ql/src/experimental/semmle/python/security/dataflow/PromptInjectionCustomizations.qll
A python/ql/src/experimental/semmle/python/security/dataflow/PromptInjectionQuery.qll
M python/ql/src/qlpack.yml
M python/ql/test/experimental/meta/MaDTest.qll
M python/ql/test/experimental/query-tests/Security/CWE-022-UnsafeUnpacking/UnsafeUnpack.expected
M python/ql/test/experimental/query-tests/Security/CWE-022-UnsafeUnpacking/UnsafeUnpack.qlref
A python/ql/test/experimental/query-tests/Security/CWE-1427-PromptInjection/PromptInjection.expected
A python/ql/test/experimental/query-tests/Security/CWE-1427-PromptInjection/PromptInjection.qlref
A python/ql/test/experimental/query-tests/Security/CWE-1427-PromptInjection/agent_instructions.py
A python/ql/test/experimental/query-tests/Security/CWE-1427-PromptInjection/openai_test.py
M python/ql/test/experimental/query-tests/Security/CWE-409/DecompressionBombs.expected
M python/ql/test/experimental/query-tests/Security/CWE-409/DecompressionBombs.qlref
M python/ql/test/library-tests/dataflow/summaries/TestSummaries.qll
M python/ql/test/library-tests/dataflow/typetracking-summaries/TestSummaries.qll
M python/ql/test/library-tests/frameworks/data/test.ql
A python/ql/test/library-tests/frameworks/websockets/ConceptsTest.expected
A python/ql/test/library-tests/frameworks/websockets/ConceptsTest.ql
A python/ql/test/library-tests/frameworks/websockets/InlineTaintTest.expected
A python/ql/test/library-tests/frameworks/websockets/InlineTaintTest.ql
A python/ql/test/library-tests/frameworks/websockets/response_test.py
A python/ql/test/library-tests/frameworks/websockets/taint_test_asyncio.py
A python/ql/test/library-tests/frameworks/websockets/taint_test_sync.py
M python/ql/test/query-tests/Security/CWE-089-SqlInjection-local-threat-model/SqlInjection.expected
M python/ql/test/query-tests/Security/CWE-089-SqlInjection-local-threat-model/SqlInjection.qlref
M python/ql/test/query-tests/Security/CWE-113-HeaderInjection/Tests1/HeaderInjection.expected
M python/ql/test/query-tests/Security/CWE-113-HeaderInjection/Tests1/HeaderInjection.qlref
M ruby/ql/docs/flow_summaries.md
M ruby/ql/lib/CHANGELOG.md
A ruby/ql/lib/change-notes/released/5.1.9.md
M ruby/ql/lib/codeql-pack.release.yml
M ruby/ql/lib/codeql/ruby/dataflow/FlowSummary.qll
M ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowDispatch.qll
M ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPublic.qll
M ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImpl.qll
M ruby/ql/lib/codeql/ruby/dataflow/internal/SsaImpl.qll
M ruby/ql/lib/codeql/ruby/frameworks/ActionController.qll
M ruby/ql/lib/codeql/ruby/frameworks/ActiveSupport.qll
M ruby/ql/lib/codeql/ruby/frameworks/Arel.qll
M ruby/ql/lib/codeql/ruby/frameworks/Core.qll
M ruby/ql/lib/codeql/ruby/frameworks/Erb.qll
M ruby/ql/lib/codeql/ruby/frameworks/Files.qll
M ruby/ql/lib/codeql/ruby/frameworks/Ldap.qll
M ruby/ql/lib/codeql/ruby/frameworks/Mysql2.qll
M ruby/ql/lib/codeql/ruby/frameworks/Pg.qll
M ruby/ql/lib/codeql/ruby/frameworks/Rails.qll
M ruby/ql/lib/codeql/ruby/frameworks/Sequel.qll
M ruby/ql/lib/codeql/ruby/frameworks/Sinatra.qll
M ruby/ql/lib/codeql/ruby/frameworks/Sqlite3.qll
M ruby/ql/lib/codeql/ruby/frameworks/Translation.qll
M ruby/ql/lib/codeql/ruby/frameworks/core/Array.qll
M ruby/ql/lib/codeql/ruby/frameworks/core/Base64.qll
M ruby/ql/lib/codeql/ruby/frameworks/core/Hash.qll
M ruby/ql/lib/codeql/ruby/frameworks/core/Kernel.qll
M ruby/ql/lib/codeql/ruby/frameworks/core/Object.qll
M ruby/ql/lib/codeql/ruby/frameworks/core/String.qll
M ruby/ql/lib/codeql/ruby/frameworks/data/ModelsAsData.qll
M ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModels.qll
M ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModelsExtensions.qll
M ruby/ql/lib/codeql/ruby/frameworks/data/internal/empty.model.yml
M ruby/ql/lib/codeql/ruby/frameworks/rack/internal/Utils.qll
A ruby/ql/lib/codeql/ruby/frameworks/regexp/model.yml
M ruby/ql/lib/codeql/ruby/security/CodeInjectionCustomizations.qll
M ruby/ql/lib/codeql/ruby/security/CommandInjectionCustomizations.qll
M ruby/ql/lib/codeql/ruby/security/LogInjectionQuery.qll
M ruby/ql/lib/codeql/ruby/security/PathInjectionCustomizations.qll
M ruby/ql/lib/codeql/ruby/security/ServerSideRequestForgeryCustomizations.qll
M ruby/ql/lib/codeql/ruby/security/SqlInjectionCustomizations.qll
M ruby/ql/lib/codeql/ruby/security/UrlRedirectCustomizations.qll
M ruby/ql/lib/codeql/ruby/security/regexp/RegExpInjectionCustomizations.qll
M ruby/ql/lib/codeql/ruby/typetracking/internal/TypeTrackingImpl.qll
M ruby/ql/lib/qlpack.yml
M ruby/ql/src/CHANGELOG.md
A ruby/ql/src/change-notes/released/1.5.6.md
M ruby/ql/src/codeql-pack.release.yml
M ruby/ql/src/qlpack.yml
M ruby/ql/test/library-tests/dataflow/flow-summaries/semantics.ql
M ruby/ql/test/library-tests/dataflow/regressions/Regressions.ql
M ruby/ql/test/library-tests/dataflow/summaries/Summaries.ql
M rust/ql/lib/CHANGELOG.md
R rust/ql/lib/change-notes/2026-01-16-type-inference-closures.md
M rust/ql/lib/change-notes/released/0.2.4.md
A rust/ql/lib/change-notes/released/0.2.5.md
M rust/ql/lib/codeql-pack.release.yml
M rust/ql/lib/codeql/rust/dataflow/FlowSummary.qll
M rust/ql/lib/codeql/rust/dataflow/internal/FlowSummaryImpl.qll
M rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll
M rust/ql/lib/codeql/rust/frameworks/stdlib/Stdlib.qll
M rust/ql/lib/codeql/rust/frameworks/stdlib/core.model.yml
M rust/ql/lib/codeql/rust/frameworks/stdlib/ffi.model.yml
M rust/ql/lib/codeql/rust/frameworks/stdlib/fs.model.yml
M rust/ql/lib/codeql/rust/frameworks/stdlib/io.model.yml
M rust/ql/lib/codeql/rust/internal/PathResolution.qll
M rust/ql/lib/codeql/rust/internal/typeinference/BlanketImplementation.qll
M rust/ql/lib/codeql/rust/internal/typeinference/DerefChain.qll
M rust/ql/lib/codeql/rust/internal/typeinference/FunctionOverloading.qll
M rust/ql/lib/codeql/rust/internal/typeinference/FunctionType.qll
M rust/ql/lib/codeql/rust/internal/typeinference/Type.qll
M rust/ql/lib/codeql/rust/internal/typeinference/TypeInference.qll
M rust/ql/lib/codeql/rust/internal/typeinference/TypeInferenceConsistency.qll
M rust/ql/lib/codeql/rust/internal/typeinference/TypeMention.qll
M rust/ql/lib/qlpack.yml
M rust/ql/src/CHANGELOG.md
A rust/ql/src/change-notes/released/0.1.26.md
M rust/ql/src/codeql-pack.release.yml
M rust/ql/src/qlpack.yml
M rust/ql/test/library-tests/dataflow/local/inline-flow.expected
M rust/ql/test/library-tests/dataflow/modeled/inline-flow.expected
M rust/ql/test/library-tests/dataflow/models/models.ql
M rust/ql/test/library-tests/dataflow/sources/env/InlineFlow.expected
M rust/ql/test/library-tests/dataflow/sources/file/InlineFlow.expected
M rust/ql/test/library-tests/dataflow/sources/stdin/InlineFlow.expected
M rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.expected
M rust/ql/test/library-tests/dataflow/taint/inline-taint-flow.expected
M rust/ql/test/library-tests/path-resolution/CONSISTENCY/PathResolutionConsistency.expected
M rust/ql/test/library-tests/path-resolution/main.rs
M rust/ql/test/library-tests/path-resolution/path-resolution.expected
M rust/ql/test/library-tests/type-inference/CONSISTENCY/PathResolutionConsistency.expected
A rust/ql/test/library-tests/type-inference/CONSISTENCY/TypeInferenceConsistency.expected
M rust/ql/test/library-tests/type-inference/associated_types.rs
M rust/ql/test/library-tests/type-inference/main.rs
M rust/ql/test/library-tests/type-inference/type-inference.expected
M rust/ql/test/query-tests/security/CWE-022/TaintedPath.expected
M rust/ql/test/query-tests/security/CWE-295/DisabledCertificateCheck.expected
M rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected
M rust/ql/test/query-tests/security/CWE-798/HardcodedCryptographicValue.expected
M shared/concepts/CHANGELOG.md
A shared/concepts/change-notes/released/0.0.15.md
M shared/concepts/codeql-pack.release.yml
M shared/concepts/qlpack.yml
M shared/controlflow/CHANGELOG.md
A shared/controlflow/change-notes/released/2.0.25.md
M shared/controlflow/codeql-pack.release.yml
M shared/controlflow/codeql/controlflow/Cfg.qll
A shared/controlflow/codeql/controlflow/PrintGraph.qll
M shared/controlflow/qlpack.yml
M shared/dataflow/CHANGELOG.md
A shared/dataflow/change-notes/released/2.0.25.md
M shared/dataflow/codeql-pack.release.yml
M shared/dataflow/codeql/dataflow/internal/FlowSummaryImpl.qll
M shared/dataflow/codeql/dataflow/test/ProvenancePathGraph.qll
M shared/dataflow/qlpack.yml
M shared/mad/CHANGELOG.md
A shared/mad/change-notes/released/1.0.41.md
M shared/mad/codeql-pack.release.yml
M shared/mad/codeql/mad/ModelValidation.qll
M shared/mad/qlpack.yml
M shared/quantum/CHANGELOG.md
A shared/quantum/change-notes/released/0.0.19.md
M shared/quantum/codeql-pack.release.yml
M shared/quantum/qlpack.yml
M shared/rangeanalysis/CHANGELOG.md
A shared/rangeanalysis/change-notes/released/1.0.41.md
M shared/rangeanalysis/codeql-pack.release.yml
M shared/rangeanalysis/qlpack.yml
M shared/regex/CHANGELOG.md
A shared/regex/change-notes/released/1.0.41.md
M shared/regex/codeql-pack.release.yml
M shared/regex/qlpack.yml
M shared/ssa/CHANGELOG.md
A shared/ssa/change-notes/released/2.0.17.md
M shared/ssa/codeql-pack.release.yml
M shared/ssa/qlpack.yml
M shared/threat-models/CHANGELOG.md
A shared/threat-models/change-notes/released/1.0.41.md
M shared/threat-models/codeql-pack.release.yml
M shared/threat-models/qlpack.yml
M shared/tutorial/CHANGELOG.md
A shared/tutorial/change-notes/released/1.0.41.md
M shared/tutorial/codeql-pack.release.yml
M shared/tutorial/qlpack.yml
M shared/typeflow/CHANGELOG.md
A shared/typeflow/change-notes/released/1.0.41.md
M shared/typeflow/codeql-pack.release.yml
M shared/typeflow/qlpack.yml
M shared/typeinference/CHANGELOG.md
A shared/typeinference/change-notes/released/0.0.22.md
M shared/typeinference/codeql-pack.release.yml
M shared/typeinference/codeql/typeinference/internal/TypeInference.qll
M shared/typeinference/qlpack.yml
M shared/typetracking/CHANGELOG.md
A shared/typetracking/change-notes/released/2.0.25.md
M shared/typetracking/codeql-pack.release.yml
M shared/typetracking/qlpack.yml
M shared/typos/CHANGELOG.md
A shared/typos/change-notes/released/1.0.41.md
M shared/typos/codeql-pack.release.yml
M shared/typos/qlpack.yml
M shared/util/CHANGELOG.md
A shared/util/change-notes/released/2.0.28.md
M shared/util/codeql-pack.release.yml
M shared/util/qlpack.yml
M shared/xml/CHANGELOG.md
A shared/xml/change-notes/released/1.0.41.md
M shared/xml/codeql-pack.release.yml
M shared/xml/qlpack.yml
M shared/yaml/CHANGELOG.md
A shared/yaml/change-notes/released/1.0.41.md
M shared/yaml/codeql-pack.release.yml
M shared/yaml/qlpack.yml
M swift/ql/lib/CHANGELOG.md
A swift/ql/lib/change-notes/released/6.2.1.md
M swift/ql/lib/codeql-pack.release.yml
M swift/ql/lib/codeql/swift/dataflow/ExternalFlow.qll
M swift/ql/lib/codeql/swift/dataflow/FlowSummary.qll
M swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImpl.qll
M swift/ql/lib/qlpack.yml
M swift/ql/src/CHANGELOG.md
A swift/ql/src/change-notes/released/1.2.15.md
M swift/ql/src/codeql-pack.release.yml
M swift/ql/src/qlpack.yml
Log Message:
-----------
Merge branch 'main' into neutralmodels
Commit: 05a487ec3bae0bbcadd9019eb546760619a0988e
https://github.com/krishnprakash/codeql/commit/05a487ec3bae0bbcadd9019eb546760619a0988e
Author: Geoffrey White <40627776...@users.noreply.github.com>
Date: 2026-02-05 (Thu, 05 Feb 2026)
Changed paths:
M rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll
Log Message:
-----------
Rust: Repair following merge.
Commit: 08174d7ec9d0067430c57c9ca2754f6cbbd1ff98
https://github.com/krishnprakash/codeql/commit/08174d7ec9d0067430c57c9ca2754f6cbbd1ff98
Author: Geoffrey White <40627776...@users.noreply.github.com>
Date: 2026-02-06 (Fri, 06 Feb 2026)
Changed paths:
M rust/ql/lib/codeql/files/FileSystem.qll
A rust/ql/test/library-tests/dataflow/models/external_file.rs
M rust/ql/test/library-tests/dataflow/models/main.rs
M rust/ql/test/library-tests/dataflow/models/models.expected
M rust/ql/test/library-tests/dataflow/models/models.ext.yml
Log Message:
-----------
Rust: Add test cases for summaries as well.
Commit: a5aeadd31d9e0628866c96bd55e0aa78af40819c
https://github.com/krishnprakash/codeql/commit/a5aeadd31d9e0628866c96bd55e0aa78af40819c
Author: Geoffrey White <40627776...@users.noreply.github.com>
Date: 2026-02-06 (Fri, 06 Feb 2026)
Changed paths:
M rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll
M rust/ql/test/library-tests/dataflow/models/main.rs
M rust/ql/test/library-tests/dataflow/models/models.expected
Log Message:
-----------
Rust: Fix for neutral summaries.
Commit: 6b7f3392877b58f6c3fa3c6cbe17a0feab287ac2
https://github.com/krishnprakash/codeql/commit/6b7f3392877b58f6c3fa3c6cbe17a0feab287ac2
Author: Geoffrey White <40627776...@users.noreply.github.com>
Date: 2026-02-23 (Mon, 23 Feb 2026)
Changed paths:
M rust/ql/lib/codeql/rust/dataflow/internal/FlowSummaryImpl.qll
M rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll
Log Message:
-----------
Rust: Define neutralElement in the shared data flow input.
Commit: e9511560b7d25c3cf892ad84e0975f2d44cf38dc
https://github.com/krishnprakash/codeql/commit/e9511560b7d25c3cf892ad84e0975f2d44cf38dc
Author: Geoffrey White <40627776...@users.noreply.github.com>
Date: 2026-02-23 (Mon, 23 Feb 2026)
Changed paths:
M rust/ql/lib/codeql/files/FileSystem.qll
Log Message:
-----------
Rust: Autoformat.
Commit: 8488039fb9dc8de56a60b56e56b672a540f67963
https://github.com/krishnprakash/codeql/commit/8488039fb9dc8de56a60b56e56b672a540f67963
Author: yoff <yo...@github.com>
Date: 2026-02-24 (Tue, 24 Feb 2026)
Changed paths:
M python/ql/test/library-tests/dataflow/tainttracking/customSanitizer/test_logical.py
Log Message:
-----------
python: add tests for guards compared to booleans
Commit: 7351e82c9221d33c29e2eb609f422ff6d5f2e75b
https://github.com/krishnprakash/codeql/commit/7351e82c9221d33c29e2eb609f422ff6d5f2e75b
Author: yoff <yo...@github.com>
Date: 2026-02-24 (Tue, 24 Feb 2026)
Changed paths:
M python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPublic.qll
M python/ql/test/library-tests/dataflow/tainttracking/customSanitizer/InlineTaintTest.expected
M python/ql/test/library-tests/dataflow/tainttracking/customSanitizer/test_logical.py
Log Message:
-----------
python: handle guards compared to boolean literals
Commit: 7df44f9418489c0ac38af957466590b48beac32c
https://github.com/krishnprakash/codeql/commit/7df44f9418489c0ac38af957466590b48beac32c
Author: yoff <yo...@github.com>
Date: 2026-02-24 (Tue, 24 Feb 2026)
Changed paths:
A python/ql/lib/change-notes/2026-02-08-guards-compared-to-boolean-literals.md
Log Message:
-----------
python: add change note
Commit: 8769059ce58c83782e9385be97617188993f0fa0
https://github.com/krishnprakash/codeql/commit/8769059ce58c83782e9385be97617188993f0fa0
Author: Geoffrey White <40627776...@users.noreply.github.com>
Date: 2026-02-24 (Tue, 24 Feb 2026)
Changed paths:
M rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll
Log Message:
-----------
Rust: Remove another call to neutralModel we don't need to make explicitly.
Commit: de9b1adf63ec15beb836f3c94a1a218f29db425a
https://github.com/krishnprakash/codeql/commit/de9b1adf63ec15beb836f3c94a1a218f29db425a
Author: Tom Hvitved <hvi...@github.com>
Date: 2026-02-25 (Wed, 25 Feb 2026)
Changed paths:
M rust/ql/lib/codeql/rust/elements/internal/InvocationExprImpl.qll
M rust/ql/lib/codeql/rust/internal/typeinference/FunctionOverloading.qll
M rust/ql/lib/codeql/rust/internal/typeinference/FunctionType.qll
M rust/ql/lib/codeql/rust/internal/typeinference/TypeInference.qll
M rust/ql/test/library-tests/type-inference/type-inference.expected
Log Message:
-----------
Rust: Unify logic in `MethodResolution`; remove `TypeQualifierIsInstantiationOfImplSelf` logic
Commit: 42e41c57d46c5fe88cfbf646fb73b16804ea9031
https://github.com/krishnprakash/codeql/commit/42e41c57d46c5fe88cfbf646fb73b16804ea9031
Author: Paolo Tranquilli <reds...@github.com>
Date: 2026-02-25 (Wed, 25 Feb 2026)
Changed paths:
M go/extractor/BUILD.bazel
Log Message:
-----------
Go: fix standalone build of the Go extractor
https://github.com/github/codeql/pull/21276 worked together with the
internal changes but broke the standalone build of the Go extractor of
this repo in isolation.
The root cause was the lack of an auto-loaded `java_library` rule
definition. This fixes it.
I also checked this doesn't happen anywhere else.
Commit: 5b5dc9c70831f1f3e19a442b45699b0691139097
https://github.com/krishnprakash/codeql/commit/5b5dc9c70831f1f3e19a442b45699b0691139097
Author: Paolo Tranquilli <reds...@github.com>
Date: 2026-02-25 (Wed, 25 Feb 2026)
Changed paths:
M swift/third_party/BUILD.binlog.bazel
R swift/third_party/BUILD.fmt.bazel
M swift/third_party/BUILD.picosha2.bazel
M swift/third_party/BUILD.swift-llvm-support.bazel
Log Message:
-----------
Bazel: load `rules_cc` explicitly
Turns out in https://github.com/github/codeql/pull/21371 I was right
about `java_*` rules not relying on autoload anywhere, but it turns out
some `cc_*` rules still relied on autoload. This autoload is currently
configured in the internal repository, but we want to remove it
eventually. This patch:
* adds explicit loads to `rules_cc`
* removes an obsolete file (that depedency has its own bazel module
since some time, we just forgot to remove the old file)
Commit: 968856ed96d6fbdc19581bc84156ec6c69e5e605
https://github.com/krishnprakash/codeql/commit/968856ed96d6fbdc19581bc84156ec6c69e5e605
Author: Paolo Tranquilli <reds...@github.com>
Date: 2026-02-25 (Wed, 25 Feb 2026)
Changed paths:
M go/extractor/BUILD.bazel
Log Message:
-----------
Merge pull request #21371 from github/redsun82/fix-local-go-builds
Go: fix standalone build of the Go extractor
Commit: 15a2575949e2be2c10a72eb07812a57221780adb
https://github.com/krishnprakash/codeql/commit/15a2575949e2be2c10a72eb07812a57221780adb
Author: Paolo Tranquilli <reds...@github.com>
Date: 2026-02-25 (Wed, 25 Feb 2026)
Changed paths:
M go/extractor/BUILD.bazel
Log Message:
-----------
Merge branch 'main' into redsun82/load-cc-explicitly
Commit: 4d0c72eafecf586b0de4bc1c7ed7f59e260e0e9e
https://github.com/krishnprakash/codeql/commit/4d0c72eafecf586b0de4bc1c7ed7f59e260e0e9e
Author: Paolo Tranquilli <reds...@github.com>
Date: 2026-02-25 (Wed, 25 Feb 2026)
Changed paths:
M swift/third_party/load.bzl
Log Message:
-----------
Bazel: add explicit `rules_shell` load
Commit: ccc318106e120aeea581a0bc7ddaf05265700256
https://github.com/krishnprakash/codeql/commit/ccc318106e120aeea581a0bc7ddaf05265700256
Author: Geoffrey White <40627776...@users.noreply.github.com>
Date: 2026-02-25 (Wed, 25 Feb 2026)
Changed paths:
A rust/ql/lib/codeql/rust/frameworks/empty.model.yml
Log Message:
-----------
Rust: Add an empty.model.yml similar to the one in CPP, to avoid errors about missing extensionals.
Commit: 4e4d0555c0ddde12660272a952ea18a4825cdf7c
https://github.com/krishnprakash/codeql/commit/4e4d0555c0ddde12660272a952ea18a4825cdf7c
Author: Paolo Tranquilli <reds...@github.com>
Date: 2026-02-25 (Wed, 25 Feb 2026)
Changed paths:
M swift/third_party/BUILD.binlog.bazel
R swift/third_party/BUILD.fmt.bazel
M swift/third_party/BUILD.picosha2.bazel
M swift/third_party/BUILD.swift-llvm-support.bazel
M swift/third_party/load.bzl
Log Message:
-----------
Merge pull request #21373 from github/redsun82/load-cc-explicitly
Bazel: load `rules_cc` and `rules_shell` explicitly
Commit: 5523b5e25f01c4bb3183d8286a2fd7194807566c
https://github.com/krishnprakash/codeql/commit/5523b5e25f01c4bb3183d8286a2fd7194807566c
Author: Geoffrey White <40627776...@users.noreply.github.com>
Date: 2026-02-25 (Wed, 25 Feb 2026)
Changed paths:
A rust/ql/lib/change-notes/2026-02-05-neutral-models.md
M rust/ql/lib/codeql/files/FileSystem.qll
M rust/ql/lib/codeql/rust/dataflow/internal/FlowSummaryImpl.qll
M rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll
A rust/ql/lib/codeql/rust/frameworks/empty.model.yml
A rust/ql/test/library-tests/dataflow/models/external_file.rs
M rust/ql/test/library-tests/dataflow/models/main.rs
M rust/ql/test/library-tests/dataflow/models/models.expected
M rust/ql/test/library-tests/dataflow/models/models.ext.yml
Log Message:
-----------
Merge pull request #21271 from geoffw0/neutralmodels
Rust: Add support for neutral models.
Commit: c4f8748a422489724260928a90e129b67acff1c2
https://github.com/krishnprakash/codeql/commit/c4f8748a422489724260928a90e129b67acff1c2
Author: yoff <yo...@github.com>
Date: 2026-02-25 (Wed, 25 Feb 2026)
Changed paths:
M python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgeryCustomizations.qll
Log Message:
-----------
Python: simplify barrier guard
Commit: 9b9c9304c7e53e1b5aa38b09a2c68baf03c1fdf1
https://github.com/krishnprakash/codeql/commit/9b9c9304c7e53e1b5aa38b09a2c68baf03c1fdf1
Author: yoff <yo...@github.com>
Date: 2026-02-25 (Wed, 25 Feb 2026)
Changed paths:
M python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPublic.qll
Log Message:
-----------
Python: simplify logic, suggested in review
Commit: cfbae5084561cd80f65233747689106f1e579be2
https://github.com/krishnprakash/codeql/commit/cfbae5084561cd80f65233747689106f1e579be2
Author: yoff <yo...@github.com>
Date: 2026-02-26 (Thu, 26 Feb 2026)
Changed paths:
A python/ql/lib/semmle/python/frameworks/AntiSSRF.model.yml
M python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgeryCustomizations.qll
Log Message:
-----------
Python: convert barrier guard to MaD
Commit: 89e5a9bd728e4f48ad0a3adc31dd0ad374da6a2f
https://github.com/krishnprakash/codeql/commit/89e5a9bd728e4f48ad0a3adc31dd0ad374da6a2f
Author: yoff <lerch...@gmail.com>
Date: 2026-02-26 (Thu, 26 Feb 2026)
Changed paths:
M python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPublic.qll
Log Message:
-----------
Update python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPublic.qll
Co-authored-by: Taus <tau...@github.com>
Commit: 11a726d1b48e15cb8cbcc1fc23fbdfb5715b7fe8
https://github.com/krishnprakash/codeql/commit/11a726d1b48e15cb8cbcc1fc23fbdfb5715b7fe8
Author: Tom Hvitved <hvi...@github.com>
Date: 2026-02-26 (Thu, 26 Feb 2026)
Changed paths:
M rust/ql/lib/codeql/rust/elements/internal/InvocationExprImpl.qll
M rust/ql/lib/codeql/rust/internal/typeinference/FunctionType.qll
Log Message:
-----------
Address review comments
Commit: 4280d35bf3345404b85c160fd9b2e86a8da09045
https://github.com/krishnprakash/codeql/commit/4280d35bf3345404b85c160fd9b2e86a8da09045
Author: Tom Hvitved <hvi...@github.com>
Date: 2026-02-26 (Thu, 26 Feb 2026)
Changed paths:
M rust/ql/lib/codeql/rust/elements/internal/InvocationExprImpl.qll
M rust/ql/lib/codeql/rust/internal/typeinference/FunctionOverloading.qll
M rust/ql/lib/codeql/rust/internal/typeinference/FunctionType.qll
M rust/ql/lib/codeql/rust/internal/typeinference/TypeInference.qll
M rust/ql/test/library-tests/type-inference/type-inference.expected
Log Message:
-----------
Merge pull request #21366 from hvitved/rust/type-inference-unify-method-resolution
Rust: Unify logic in `MethodResolution`; remove `TypeQualifierIsInstantiationOfImplSelf` logic
Commit: 600f585a31699f91067f96e5934c2bdea2a2f657
https://github.com/krishnprakash/codeql/commit/600f585a31699f91067f96e5934c2bdea2a2f657
Author: yoff <yo...@github.com>
Date: 2026-02-26 (Thu, 26 Feb 2026)
Changed paths:
A python/ql/lib/change-notes/2026-02-08-guards-compared-to-boolean-literals.md
M python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPublic.qll
A python/ql/lib/semmle/python/frameworks/AntiSSRF.model.yml
M python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgeryCustomizations.qll
M python/ql/test/library-tests/dataflow/tainttracking/customSanitizer/InlineTaintTest.expected
M python/ql/test/library-tests/dataflow/tainttracking/customSanitizer/test_logical.py
Log Message:
-----------
Merge pull request #21296 from yoff/python/bool-comparison-guards
Python: Handle guards being compared to boolean literals
Commit: a997838387bf6101fb52417b7e727252ea1040a0
https://github.com/krishnprakash/codeql/commit/a997838387bf6101fb52417b7e727252ea1040a0
Author: Phileco <132178579+k...@users.noreply.github.com>
Date: 2026-02-27 (Fri, 27 Feb 2026)
Changed paths:
M go/extractor/BUILD.bazel
A python/ql/lib/change-notes/2026-02-08-guards-compared-to-boolean-literals.md
M python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPublic.qll
A python/ql/lib/semmle/python/frameworks/AntiSSRF.model.yml
M python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgeryCustomizations.qll
M python/ql/test/library-tests/dataflow/tainttracking/customSanitizer/InlineTaintTest.expected
M python/ql/test/library-tests/dataflow/tainttracking/customSanitizer/test_logical.py
A rust/ql/lib/change-notes/2026-02-05-neutral-models.md
M rust/ql/lib/codeql/files/FileSystem.qll
M rust/ql/lib/codeql/rust/dataflow/internal/FlowSummaryImpl.qll
M rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll
M rust/ql/lib/codeql/rust/elements/internal/InvocationExprImpl.qll
A rust/ql/lib/codeql/rust/frameworks/empty.model.yml
M rust/ql/lib/codeql/rust/internal/typeinference/FunctionOverloading.qll
M rust/ql/lib/codeql/rust/internal/typeinference/FunctionType.qll
M rust/ql/lib/codeql/rust/internal/typeinference/TypeInference.qll
A rust/ql/test/library-tests/dataflow/models/external_file.rs
M rust/ql/test/library-tests/dataflow/models/main.rs
M rust/ql/test/library-tests/dataflow/models/models.expected
M rust/ql/test/library-tests/dataflow/models/models.ext.yml
M rust/ql/test/library-tests/type-inference/type-inference.expected
M swift/third_party/BUILD.binlog.bazel
R swift/third_party/BUILD.fmt.bazel
M swift/third_party/BUILD.picosha2.bazel
M swift/third_party/BUILD.swift-llvm-support.bazel
M swift/third_party/load.bzl
Log Message:
-----------
Merge branch 'github:main' into main
Compare: https://github.com/krishnprakash/codeql/compare/88c4c86fb264...a997838387bf
To unsubscribe from these emails, change your notification settings at https://github.com/krishnprakash/codeql/settings/notifications
Reply all
Reply to author
Forward
0 new messages