Insights: github/codeql
Overview
Could not load contribution data
Please try again later
55 Pull requests merged by 27 people
-
Java: Adapt tests to JDK21
#14503 merged
Oct 17, 2023 -
Java: Refactor `java/static-initialization-vector` to use Models as Data
#14491 merged
Oct 17, 2023 -
Swift: Model StringProtocol.appendingformat and String.decodecstring
#14523 merged
Oct 17, 2023 -
Swift: add CFG for normal autoclosures
#14398 merged
Oct 17, 2023 -
C++: Add an abstract class that can be used to extend `viableCallable`
#14482 merged
Oct 17, 2023 -
Docs: add a note on db migration scripts debugging
#14528 merged
Oct 17, 2023 -
Python: Improve `yield` modeling
#14513 merged
Oct 17, 2023 -
Java: Update MaD Declarations after Triage
#13444 merged
Oct 17, 2023 -
Swift: Add data flow tests for member initialization.
#14496 merged
Oct 17, 2023 -
Swift: Add CollectionContent to defaultImplicitTaintRead
#14521 merged
Oct 17, 2023 -
Bump regex from 1.10.0 to 1.10.2 in /ql
#14520 merged
Oct 16, 2023 -
Release preparation for version 2.15.1
#14519 merged
Oct 16, 2023 -
Fix invalid `dependabot.yml`
#14516 merged
Oct 16, 2023 -
C++: Fix size deduction in `cpp/invalid-pointer-deref`
#14512 merged
Oct 16, 2023 -
Ruby: JWT Security Queries (CWE-347)
#14061 merged
Oct 16, 2023 -
Java: Synchronize `*Local` versions of queries with their remote counterpart
#14472 merged
Oct 16, 2023 -
Go: Improve Dependabot configuration
#14483 merged
Oct 16, 2023 -
C++: Mark `cpp/redundant-null-check-simple` as a security query
#14509 merged
Oct 16, 2023 -
C#: Fix FP in Missing Function Level Access Control and Insecure Direct Object Reference
#14498 merged
Oct 16, 2023 -
JS: Support import attributes
#14484 merged
Oct 16, 2023 -
JS: add support for extracting `.jsp` files
#14497 merged
Oct 16, 2023 -
Bump tracing from 0.1.38 to 0.1.39 in /ql
#14506 merged
Oct 16, 2023 -
Java/C/C#: Remove library annotations
#14494 merged
Oct 16, 2023 -
C#: Choose between .NET framework or core DLLs in standalone
#14368 merged
Oct 16, 2023 -
Go: automated mad coverage report
#14445 merged
Oct 15, 2023 -
Go: Enable GoKit module into the default list
#14276 merged
Oct 15, 2023 -
C++: Rewrite `cpp/cgi-xss` to not use default taint tracking
#14424 merged
Oct 13, 2023 -
Swift: Add more sinks to `swift/cleartext-logging`
#14485 merged
Oct 13, 2023 -
Swift: Add sinks for sqlite3 and SQLite.swift to swift/hardcoded-key
#14394 merged
Oct 13, 2023 -
Ruby: Restrict GraphQL remote flow sources
#14216 merged
Oct 13, 2023 -
Java: Flow taint through arithmetic expressions for java/thread-resource-abuse experimental query
#14399 merged
Oct 13, 2023 -
ReDoS: use the new codePointAt and codePointCount methods instead of regex hacks
#14481 merged
Oct 13, 2023 -
Fix typo in link
#14489 merged
Oct 12, 2023 -
Kotlin: Improve support for TRAP compression options
#14390 merged
Oct 12, 2023 -
Swift: Additional test cases for `swift\string-length-conflation`
#14488 merged
Oct 12, 2023 -
Swift: skip declarations marked as unavailable
#14437 merged
Oct 12, 2023 -
C++: Remove unnecessary `FlowState` from `cpp/overrun-write`
#14486 merged
Oct 12, 2023 -
use a bigger compilation cache in the compile-queries workflow
#14410 merged
Oct 12, 2023 -
Swift: Improve models for Numeric, RangeReplaceableCollection
#14354 merged
Oct 12, 2023 -
Bump golang.org/x/tools from 0.13.0 to 0.14.0 in /go/extractor
#14441 merged
Oct 12, 2023 -
Fix module name
#14442 merged
Oct 11, 2023 -
Post-release preparation for codeql-cli-2.15.0
#14443 merged
Oct 11, 2023 -
C#: Include the `void` type in value types
#14436 merged
Oct 11, 2023 -
JS/Ruby: desync two queries and port the Ruby version to ConfigSig-style
#14435 merged
Oct 11, 2023 -
Go: Move `go.mod` into `extractor` subdirectory
#14439 merged
Oct 11, 2023 -
Automodel: Fix automodel extraction queries
#14438 merged
Oct 11, 2023 -
Go: New File System Access Sinks
#14064 merged
Oct 11, 2023 -
Go: Improved JWT query, JWT decoding without verification
#14075 merged
Oct 11, 2023 -
C++: Use fully converted instructions as the target of modelled functions
#14432 merged
Oct 11, 2023 -
C#: Remove `keyset` from `metadata_handle` relation
#14429 merged
Oct 11, 2023 -
JS: recognize tagged template literals as `DataFlow::CallNode`
#14405 merged
Oct 11, 2023 -
C#: Add autobuilder test with global.json
#14421 merged
Oct 11, 2023 -
Python: Better allow `import *` to work with API graphs
#14430 merged
Oct 11, 2023 -
JS: delete an .expected file outside the test directories
#14433 merged
Oct 11, 2023 -
C#: Make conflicting assembly selection deterministic in standalone
#14428 merged
Oct 11, 2023
17 Pull requests opened by 15 people
-
JS: Add JSON Stringify Sanitizer
#14434 opened
Oct 10, 2023 -
CPP: Add some range analysis cases
#14444 opened
Oct 11, 2023 -
Python: exclude loops from `varBlockStep`
#14446 opened
Oct 11, 2023 -
Java: basic version of automodel extraction query docs
#14487 opened
Oct 12, 2023 -
C#: Fix params attribute argument extraction
#14493 opened
Oct 13, 2023 -
C++: Fix ImplicitThisFieldAccess
#14495 opened
Oct 13, 2023 -
Shared: Add library for filepath normalization
#14500 opened
Oct 13, 2023 -
Swift: Model RawRepresentable
#14502 opened
Oct 13, 2023 -
JS: update typescript extractor to use 5.3 .
#14510 opened
Oct 16, 2023 -
Swift: Model Substring
#14511 opened
Oct 16, 2023 -
Java: Improve java/spring-disabled-csrf-protection
#14515 opened
Oct 16, 2023 -
CI: Update framework coverage difference commenter
#14517 opened
Oct 16, 2023 -
Kotlin: Log when we start and finish writing to TRAP files
#14518 opened
Oct 16, 2023 -
C++: Add more documentation about dataflow through indirections
#14524 opened
Oct 17, 2023 -
Swift: SingleValueStmtExpr migration scripts
#14525 opened
Oct 17, 2023 -
Kotlin: Don't convert back and forth between ClassId and FqName
#14529 opened
Oct 17, 2023 -
Post-release preparation for codeql-cli-2.15.1
#14531 opened
Oct 17, 2023
5 Issues closed by 5 people
-
Extract JavaScript from <script> tags within JSP files
#14490 closed
Oct 17, 2023 -
Language identifier java-kotlin can not be found
#14514 closed
Oct 16, 2023 -
False positive: Incomplete multi-character sanitization
#14504 closed
Oct 16, 2023 -
False positive : Missing function level access control (cs/web/missing-function-level-access-control)
#14478 closed
Oct 16, 2023 -
Query help files should be identified and processed when executing codeql pack create
#13609 closed
Oct 12, 2023
4 Issues opened by 4 people
-
gradle: False positives from generated code from the version catalog feature
#14530 opened
Oct 17, 2023 -
CodeQL CLI v2.15.0 returns `HTTP/1.1 302 Found` error on `codeql github upload-results`
#14501 opened
Oct 13, 2023 -
Error downloading/installing codeql cpp-queries package
#14492 opened
Oct 13, 2023 -
Does C++ extractor support to process code with unity build?
#14479 opened
Oct 12, 2023
35 Unresolved conversations
Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.
-
Go: Decompression Bombs
#13553 commented on
Oct 17, 2023 • 19 new comments -
Go: fasthttp
#14123 commented on
Oct 17, 2023 • 19 new comments -
Java: Convert `SensitiveApi.qll` to use Models-as-Data
#13978 commented on
Oct 17, 2023 • 18 new comments -
JS: Add Permissive CORS query (CWE-942)
#14342 commented on
Oct 16, 2023 • 10 new comments -
Go: Add Improper LDAP Authentication query (CWE-287)
#13366 commented on
Oct 17, 2023 • 9 new comments -
JS: provide command execution sinks for execa package
#14294 commented on
Oct 12, 2023 • 7 new comments -
Ruby: Port `UrlConcatenation.qll` from JS
#14180 commented on
Oct 16, 2023 • 6 new comments -
Failed to create database on Android
#14404 commented on
Oct 11, 2023 • 4 new comments -
Swift: Flow through OpenExistentialExpr
#14113 commented on
Oct 17, 2023 • 4 new comments -
Shared: Add DataFlow::DeduplicatePathGraph
#14350 commented on
Oct 13, 2023 • 3 new comments -
Error downloading packs with corporate certificate in chain
#13132 commented on
Oct 13, 2023 • 2 new comments -
Use Specific Python Virtual Environment Dependency
#14187 commented on
Oct 16, 2023 • 2 new comments -
Go: Add JWT Algorithm Confusion and JWT decoding without Signature Verification
#14081 commented on
Oct 17, 2023 • 2 new comments -
C#: Inspect project.assets.json to find dependencies.
#14411 commented on
Oct 13, 2023 • 2 new comments -
LGTM.com - false positive "Statement has no effect" for Python await
#11235 commented on
Oct 14, 2023 • 1 new comment -
Ruby: Decompression Bombs
#13556 commented on
Oct 17, 2023 • 1 new comment -
Swift: Risky or Broken Cryptographic Algorithm Query
#13649 commented on
Oct 13, 2023 • 1 new comment -
CPP: Add reverse bounds in range analysis for InvalidPointerDeref
#14335 commented on
Oct 12, 2023 • 1 new comment -
Java: Decompression Bombs
#13555 commented on
Oct 14, 2023 • 0 new comments -
Python: Decompression Bombs
#13557 commented on
Oct 17, 2023 • 0 new comments -
C#: Decompression Bombs
#13558 commented on
Oct 17, 2023 • 0 new comments -
Java: Add Weak Randomness Query (CWE-330/338)
#13608 commented on
Oct 11, 2023 • 0 new comments -
Ruby: query to automatically extract type definitions from library code
#13750 commented on
Oct 16, 2023 • 0 new comments -
Java: Weak Cryptographic Algorithm from `.properties` files
#14040 commented on
Oct 16, 2023 • 0 new comments -
Python: Allow namespace packages
#14114 commented on
Oct 11, 2023 • 0 new comments -
C++: Update for changes in frontend.
#14135 commented on
Oct 12, 2023 • 0 new comments -
Swift: upgrade to 5.9
#14261 commented on
Oct 17, 2023 • 0 new comments -
Ruby: Add a query for CSRF protection not enabled
#14308 commented on
Oct 17, 2023 • 0 new comments -
Temporarily run the standalone extractor instead of autobuilding
#14324 commented on
Oct 16, 2023 • 0 new comments -
C++: use in/out barriers with flow state
#14331 commented on
Oct 13, 2023 • 0 new comments -
C#: Sunset QL based stub generator.
#14363 commented on
Oct 13, 2023 • 0 new comments -
Kotlin: Remove 1.4 compatibility
#14393 commented on
Oct 16, 2023 • 0 new comments -
[Feature branch] JS: Migrate to shared dataflow library
#14412 commented on
Oct 13, 2023 • 0 new comments -
JavaScript: Adjust XSS and log injection query severities
#14419 commented on
Oct 16, 2023 • 0 new comments -
C#: Disable CIL extraction for testing purposes.
#14422 commented on
Oct 12, 2023 • 0 new comments