Insights: github/codeql
Overview
Could not load contribution data
Please try again later
41 Pull requests merged by 23 people
-
C++: Add `cpp/non-constant-format` test
#14021 merged
Aug 22, 2023 -
Swift: flow through keypath optional components
#14014 merged
Aug 22, 2023 -
C#: Generate source files from cshtml files in standalone
#13957 merged
Aug 22, 2023 -
C#: Update of VS Code settings.
#14015 merged
Aug 22, 2023 -
C#: Respect `$CODEQL_THREADS` environment variable
#14016 merged
Aug 22, 2023 -
Python: Include all assignments in data flow paths
#13738 merged
Aug 22, 2023 -
C#: Re-factor order of usings.
#13995 merged
Aug 22, 2023 -
Ruby: Include more (hash) splat flow in type tracking
#13997 merged
Aug 22, 2023 -
Java: add sanitizer to command injection query
#14012 merged
Aug 22, 2023 -
Java/C#: Update telemetry queries to report callables with sink/source neutrals as being supported.
#13432 merged
Aug 22, 2023 -
Clarify system requirements for TypeScript extraction
#14001 merged
Aug 22, 2023 -
C#: Add "c#" alias to language pack
#14010 merged
Aug 21, 2023 -
Revert "Swift: use C++20 constraints and concepts to simplify code"
#14011 merged
Aug 21, 2023 -
Swift: use C++20 constraints and concepts to simplify code
#13991 merged
Aug 21, 2023 -
Data flow: Earlier call-context based dispatch filtering
#13983 merged
Aug 21, 2023 -
Introduce shared taint tracking library
#13881 merged
Aug 21, 2023 -
Python: Flask & Django Constant Secret Key initialization
#13561 merged
Aug 21, 2023 -
Update CSV framework coverage reports
#14003 merged
Aug 21, 2023 -
C#: Re-factor dependency fetching into a separate project.
#13986 merged
Aug 21, 2023 -
Release preparation for version 2.14.3
#13998 merged
Aug 18, 2023 -
Java: Trust Boundary Violation Query
#13413 merged
Aug 18, 2023 -
Go: Basic Go 1.21 support
#13867 merged
Aug 18, 2023 -
C++: Accept regression in test after evaluator fix
#13996 merged
Aug 18, 2023 -
Ruby: More precise flow into splat parameters
#13938 merged
Aug 18, 2023 -
Java: limit field flow when tracking regex strings
#13916 merged
Aug 18, 2023 -
Java: Add dashes to SHA algorithm names in `Encryption.qll`
#13934 merged
Aug 17, 2023 -
Swift: fix version check macro to be lexicographic
#13988 merged
Aug 17, 2023 -
Java: Join-order fix in RangeAnalysis.
#13987 merged
Aug 17, 2023 -
C++: Add `cpp/invalid-pointer-deref` false positive
#13989 merged
Aug 17, 2023 -
C#: Adopt shared CFG construction library from shared `controlflow` pack
#13595 merged
Aug 17, 2023 -
Update CSV framework coverage reports
#13915 merged
Aug 17, 2023 -
C#: Fix `getMadRepresentationSpecific`
#13966 merged
Aug 17, 2023 -
Kotlin: Handle Kotlin 2 parents better
#13960 merged
Aug 16, 2023 -
Swift: Fix expected files after a semantic merge conflict
#13984 merged
Aug 16, 2023 -
Python/JavaScript: Shared module for serverless functions
#13729 merged
Aug 16, 2023 -
C++: Fix original delta calculation for subtraction in new range analysis
#13981 merged
Aug 16, 2023 -
C++: Update test after float128 related extractor changes
#13971 merged
Aug 16, 2023 -
C++: Support subtraction in the new range analysis
#13972 merged
Aug 16, 2023 -
Python: Relax module resolution
#13819 merged
Aug 16, 2023 -
C#: Add integration test for standalone extraction
#13744 merged
Aug 16, 2023 -
Java: automodel application mode: use endpoint class like in framework mode
#13886 merged
Aug 16, 2023
16 Pull requests opened by 13 people
-
Swift: teach autobuilder about SPM, CocoaPods, and Carthage
#13979 opened
Aug 16, 2023 -
Swift: Improvements related to the swift/cleartext-logging query.
#13980 opened
Aug 16, 2023 -
Dataflow: Add type-based call-edge pruning.
#13982 opened
Aug 16, 2023 -
CPP: Convert SQL tainted away from away from DefaultTaintTracking.
#13985 opened
Aug 16, 2023 -
Python: Port old experimental points-to based queries
#13990 opened
Aug 17, 2023 -
C# Standalone: Install .NET SDK specified in `global.json`
#13999 opened
Aug 18, 2023 -
C++: Promote `cpp/invalid-pointer-deref` out of experimental
#14006 opened
Aug 21, 2023 -
JS: Follow immediate predecessors in path resolution
#14007 opened
Aug 21, 2023 -
C++: Reuse even more `DataFlow::Node`s
#14008 opened
Aug 21, 2023 -
python: allow namespace packages as packages
#14009 opened
Aug 21, 2023 -
CPP:Only taint argv indirections
#14013 opened
Aug 21, 2023 -
TEST do not merge
#14017 opened
Aug 22, 2023 -
Kotlin: Write usesK2 information to the database
#14018 opened
Aug 22, 2023 -
C#: Exclude dll files when getting files in the dependency manager.
#14019 opened
Aug 22, 2023 -
C#: Fix lazy evaluation of not yet downloaded packages
#14020 opened
Aug 22, 2023 -
Swift: extract `nextCall` from `ForEachStmt`
#14023 opened
Aug 22, 2023
4 Issues closed by 3 people
-
Could `CallInstruction` get virtual function target?
#14005 closed
Aug 23, 2023 -
Question about connecting taint flows
#13765 closed
Aug 21, 2023 -
`codeql query run` and `codeql database analyze` produce different results
#14002 closed
Aug 21, 2023 -
Incorrect value of string literals
#13993 closed
Aug 21, 2023
6 Issues opened by 6 people
-
Predicate to catch a load in C/C++?
#14025 opened
Aug 22, 2023 -
False positive for blank space characters
#14022 opened
Aug 22, 2023 -
Question: Extending Query (UnsafeDeserialization.ql) for CWE-502
#14004 opened
Aug 19, 2023 -
CodeQL for php
#14000 opened
Aug 18, 2023 -
C++ extractor fails to process code based on Unreal Engine
#13994 opened
Aug 18, 2023 -
go 1.21 support
#13992 opened
Aug 17, 2023
26 Unresolved conversations
Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.
-
JavaScript: Improve query help for `js/server-side-unvalidated-url-redirection`.
#13771 commented on
Aug 21, 2023 • 8 new comments -
Swift: collection/tuple content for dictionary flow
#13947 commented on
Aug 22, 2023 • 8 new comments -
Java: Convert `SensitiveApi.qll` to use Models-as-Data
#13978 commented on
Aug 22, 2023 • 7 new comments -
Create separate automodel pack
#13879 commented on
Aug 22, 2023 • 6 new comments -
Swift: dataflow for `for-in` loops
#13909 commented on
Aug 17, 2023 • 6 new comments -
Java: Automodel Application Mode: Add Candidates for Regression Testing
#13954 commented on
Aug 17, 2023 • 6 new comments -
Python: parse mode chars should not be considered chars
#13975 commented on
Aug 16, 2023 • 6 new comments -
codeql won't work with chromium special file
#13849 commented on
Aug 23, 2023 • 3 new comments -
Swift: Model withUnsafeBytes and similar closure methods
#13827 commented on
Aug 22, 2023 • 3 new comments -
C#: Compile against the reference assemblies in the standalone extractor (if possible)
#13970 commented on
Aug 17, 2023 • 3 new comments -
Ruby: Add Improper LDAP Authentication query (CWE-287)
#13313 commented on
Aug 22, 2023 • 2 new comments -
False positive, cpp/ql/src/Security/CWE/CWE-120/BadlyBoundedWrite.ql
#13913 commented on
Aug 18, 2023 • 1 new comment -
Query help files should be identified and processed when executing codeql pack create
#13609 commented on
Aug 18, 2023 • 1 new comment -
Support new React directives
#13296 commented on
Aug 23, 2023 • 1 new comment -
Java: Understand multiple parse mode flags specified in a regular expression string
#13778 commented on
Aug 16, 2023 • 1 new comment -
C#: Add query for Insecure Direct Object Reference
#13882 commented on
Aug 22, 2023 • 1 new comment -
Swift: Update the weak sensitive data hashing examples and qhelp
#13943 commented on
Aug 21, 2023 • 1 new comment -
Python: Add dataflow consistency query
#8457 commented on
Aug 22, 2023 • 0 new comments -
Ruby: Reimplement flow through captured variables using field flow
#11725 commented on
Aug 22, 2023 • 0 new comments -
[Python] Configuration Injection query
#13640 commented on
Aug 21, 2023 • 0 new comments -
C++: Updates for changes in frontend
#13716 commented on
Aug 18, 2023 • 0 new comments -
Ruby: query to automatically extract type definitions from library code
#13750 commented on
Aug 21, 2023 • 0 new comments -
Swift: Models and tests for numeric conversions
#13946 commented on
Aug 16, 2023 • 0 new comments -
Ruby: Remove isSplatAll
#13967 commented on
Aug 22, 2023 • 0 new comments -
Shared extractor: support file path globs
#13969 commented on
Aug 18, 2023 • 0 new comments -
Ruby: Model more flow from splat arguments
#13974 commented on
Aug 16, 2023 • 0 new comments