Overview
Could not load contribution data
Please try again later
37 Pull requests merged by 20 people
-
Java: CWE-400 - Query to detect uncontrolled thread resource consumption
#6717 merged
Nov 24, 2021 -
Ruby: fix CI jobs after removal of `.codeql-manifest.json`
#7222 merged
Nov 24, 2021 -
JS/PY/RB: get ReDoSUtil in sync for ruby
#7173 merged
Nov 24, 2021 -
Python: Model `wsgiref.simple_server` applications
#7131 merged
Nov 24, 2021 -
Python/Ruby: Remove owasp tags
#7145 merged
Nov 24, 2021 -
C++: Hide some IR dataflow nodes
#7226 merged
Nov 24, 2021 -
Python: Model `posixpath` and `os.stat`
#7143 merged
Nov 24, 2021 -
Java: Add diagnostic query for framework coverage
#7181 merged
Nov 24, 2021 -
C++: take IR Operand locations from definitions
#7188 merged
Nov 23, 2021 -
Ruby: add regex injection query
#6978 merged
Nov 23, 2021 -
Ruby: Fix SSA consistency tests + CFG bug
#7218 merged
Nov 23, 2021 -
C++: Don't interpret 'ReferenceToInstruction' as a load
#7109 merged
Nov 23, 2021 -
Ruby: Add `rb/csrf-protection-disabled` query
#7062 merged
Nov 23, 2021 -
Python: Promote ReDoS queries
#6972 merged
Nov 23, 2021 -
Ruby: Desugar `for` loops as calls to `each`
#7098 merged
Nov 23, 2021 -
Fix link formatting
#7215 merged
Nov 23, 2021 -
Ruby: Remove CP in `EnsureSplitImpl::exit/3`
#7172 merged
Nov 23, 2021 -
Ruby: Restrict use-use flow
#7208 merged
Nov 23, 2021 -
JS: [Internal only] Rename the available ML models external predicate
#7186 merged
Nov 22, 2021 -
Merge Ruby workspace into root workspace
#7211 merged
Nov 22, 2021 -
Update query-metadata-style-guide.md
#7206 merged
Nov 22, 2021 -
C++: Move experimental test.
#7209 merged
Nov 22, 2021 -
Ruby: Add Server-Side Request Forgery query
#7015 merged
Nov 22, 2021 -
JS: Mention .hbs, .ejs, and .njk file extensions
#7207 merged
Nov 22, 2021 -
C#: Fix bad magic `Element::fromSource` in context of `SelfAssignment.ql`
#7182 merged
Nov 22, 2021 -
Ruby: use A/An/The to start qlDoc for classes
#7170 merged
Nov 19, 2021 -
Java: Don't clear content in store steps in summaries.
#7187 merged
Nov 19, 2021 -
Shared CFG: Add "dead end" consistency query
#7130 merged
Nov 19, 2021 -
Ruby: Move SSA consistency queries into shared SSA library
#7179 merged
Nov 19, 2021 -
use matches instead of regexpMatch/prefix/suffix
#7169 merged
Nov 19, 2021 -
C#: move Linq/Helpers.qll to the lib folder
#7174 merged
Nov 18, 2021 -
C#: Extend `(Annotated)ExitNode` to also cover static fields
#7160 merged
Nov 18, 2021 -
ATM: use min() instead of rank[1]
#7168 merged
Nov 18, 2021 -
Data flow: Restrict derived flow summaries
#6931 merged
Nov 18, 2021 -
C++: Always recognize pointers as iterators
#7159 merged
Nov 18, 2021 -
Update CSV framework coverage reports
#7165 merged
Nov 18, 2021 -
JS/Py/Ruby: add a bad-tag-filter query
#6561 merged
Nov 18, 2021
22 Pull requests opened by 13 people
-
Update packs to allow automatic release prep
#7161 opened
Nov 17, 2021 -
Ruby: Extend `FileSystemReadAccess` to include more potential sources of input from the filesystem
#7163 opened
Nov 17, 2021 -
Ruby: Add more potential `SystemCommandExecution` sinks
#7164 opened
Nov 17, 2021 -
Move upgrades into standard library packs
#7166 opened
Nov 18, 2021 -
JS: Initial models-as-data implementation
#7171 opened
Nov 18, 2021 -
fix request for cpp exceptions
#7177 opened
Nov 19, 2021 -
C#: Initial implementation of csv printing in FlowSummaries test
#7178 opened
Nov 19, 2021 -
JS: Make the edges of API-graphs into IPA types
#7180 opened
Nov 19, 2021 -
C#: Enable SSA consistency queries
#7185 opened
Nov 19, 2021 -
Multiple scopes for neighborhood feature
#7196 opened
Nov 20, 2021 -
Ruby: Flow through arrays/enumerables
#7198 opened
Nov 20, 2021 -
Release preparation
#7200 opened
Nov 21, 2021 -
Release preparation for version 2.7.3-fake
#7210 opened
Nov 22, 2021 -
JS: Add support for TypeScript 4.5
#7216 opened
Nov 23, 2021 -
Python: Add `x in <var>` test for StringConstCompare
#7217 opened
Nov 23, 2021 -
Ruby: extractor performance optimisations
#7219 opened
Nov 23, 2021 -
Python: FastAPI improvements
#7228 opened
Nov 24, 2021 -
Document XXE sanitisation policy
#7229 opened
Nov 24, 2021 -
C#: Update the Microsoft.NETCore.App stub
#7230 opened
Nov 24, 2021 -
C#: Enable data-flow consistency queries
#7231 opened
Nov 24, 2021 -
Data flow: Performance tuning
#7232 opened
Nov 24, 2021 -
JS/Py: Fix cleartext logging CWEs
#7233 opened
Nov 24, 2021
7 Issues closed by 5 people
-
JS: Missing Indirect Callees
#7052 closed
Nov 23, 2021 -
Query compilation fails for ruby and go with error 'codeql/suite-helpers' not found.
#7193 closed
Nov 23, 2021 -
CodeQL not detecting unsafe html constructing
#7205 closed
Nov 22, 2021 -
`scanning results / CodeQL` check hanging on PRs in transferred repo
#7176 closed
Nov 22, 2021 -
Codeql not running on all PRs
#7190 closed
Nov 20, 2021 -
F# support
#7167 closed
Nov 19, 2021 -
Any way to debug with codeql
#7153 closed
Nov 18, 2021
8 Issues opened by 7 people
-
LGTM.com - false positive
#7235 opened
Nov 24, 2021 -
LGTM.com - false positive
#7234 opened
Nov 24, 2021 -
CodeQL Cli - false positive - Missing Dispose call on local IDisposable on MemoryStream
#7227 opened
Nov 24, 2021 -
How to suppress "module import itself" in python
#7224 opened
Nov 24, 2021 -
[JavaScript] TaintTracking cannot track tainted values out of callback functions
#7221 opened
Nov 23, 2021 -
LGTM.com - false positive - undeclared functions from the Python C API
#7214 opened
Nov 23, 2021 -
Unable to create a database for a Javascript project
#7213 opened
Nov 23, 2021 -
Java false positive: XXE via XMLInputFactory
#7199 opened
Nov 20, 2021
24 Unresolved conversations
Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.
-
Ruby: pattern matching
#7154 commented on
Nov 24, 2021 • 29 new comments -
Java : Add SSTI query
#5935 commented on
Nov 22, 2021 • 22 new comments -
CPP: Add query for CWE-266 Incorrect Privilege Assignment
#6949 commented on
Nov 23, 2021 • 17 new comments -
Java: Ratpack HTTP Framework Additional Modeling
#7007 commented on
Nov 24, 2021 • 14 new comments -
Add neighborhood scope token feature to ATM library
#7158 commented on
Nov 19, 2021 • 13 new comments -
Java: CWE-266 - Query to detect Intent URI Permission Manipulation in Android applications
#6975 commented on
Nov 23, 2021 • 9 new comments -
Ruby: Add support for GraphQL
#7126 commented on
Nov 23, 2021 • 7 new comments -
[Java] CWE-089 MyBatis Mapper Sql Injection
#6319 commented on
Nov 24, 2021 • 6 new comments -
Can't get it work with maven project
#7157 commented on
Nov 23, 2021 • 5 new comments -
JS: Add routing trees library
#7049 commented on
Nov 24, 2021 • 5 new comments -
CI: Ignore path for compiled languages
#5618 commented on
Nov 18, 2021 • 1 new comment -
possible incompleteness in Dataflow Analysis
#7128 commented on
Nov 22, 2021 • 1 new comment -
[JavaScript] Another limited case for tainting objects with methods
#7106 commented on
Nov 22, 2021 • 1 new comment -
Java: An experimental query for ignored hostname verification
#6443 commented on
Nov 23, 2021 • 1 new comment -
[Javascript] CWE-348: Client supplied ip used in security check
#6864 commented on
Nov 19, 2021 • 1 new comment -
Java: CWE-470 - Queries to detect Fragment Injection in Android applications
#6923 commented on
Nov 24, 2021 • 1 new comment -
Ruby/Python: parse anchors in regexes as special characters
#7120 commented on
Nov 19, 2021 • 1 new comment -
Java: Promote Insecure TrustManager from experimental
#7136 commented on
Nov 22, 2021 • 1 new comment -
JS: add explicit this to all member calls
#6873 commented on
Nov 24, 2021 • 0 new comments -
Java: Promote Log Injection from experimental
#7054 commented on
Nov 19, 2021 • 0 new comments -
Ruby: Rails route resolution
#7061 commented on
Nov 19, 2021 • 0 new comments -
Python/C#: Add CWE-1333 to redos queries
#7089 commented on
Nov 24, 2021 • 0 new comments -
Ruby: Cache more predicates
#7090 commented on
Nov 23, 2021 • 0 new comments -
JS/PY/RB: support a limited number of ranges for ReDoS analysis
#7097 commented on
Nov 24, 2021 • 0 new comments