Insights: github/codeql
Overview
Could not load contribution data
Please try again later
32 Pull requests merged by 23 people
-
CI: Update framework coverage difference commenter
#14517 merged
Oct 25, 2023 -
C++: Remove getLocation from Container.
#14337 merged
Oct 25, 2023 -
Java: exclude internal packages globally from MaD models
#14581 merged
Oct 25, 2023 -
C++: Fix `strtok` model for indirections
#14587 merged
Oct 25, 2023 -
Go: make data flow consistency checks available (and fix one)
#14547 merged
Oct 25, 2023 -
Swift: Update README.md
#14574 merged
Oct 25, 2023 -
Swift: Model Substring
#14511 merged
Oct 25, 2023 -
Update CSV framework coverage reports
#14585 merged
Oct 25, 2023 -
Java: Replace MethodAccess, LValue, RValue with more intuitive names. Introduce NewClassExpr.
#14575 merged
Oct 24, 2023 -
Javascript extractor: Bazel-based build
#14552 merged
Oct 24, 2023 -
Swift: Model RawRepresentable
#14502 merged
Oct 24, 2023 -
CPP: Add test demonstrating use-after-free false negatives.
#14568 merged
Oct 24, 2023 -
C++: Fix indirect taint
#14571 merged
Oct 24, 2023 -
C#: Sunset QL based stub generator.
#14363 merged
Oct 24, 2023 -
Java: Added up to date models for Spring's ResponseEntity
#14566 merged
Oct 24, 2023 -
Codegen: add `@qltest.test_with`
#14563 merged
Oct 23, 2023 -
Shared: Add library for filepath normalization
#14500 merged
Oct 23, 2023 -
fix CWE number
#14541 merged
Oct 23, 2023 -
Java/Kotlin: Reshuffle our LoC queries
#14551 merged
Oct 23, 2023 -
Java: Automodel Framework Mode Extraction Bug
#14553 merged
Oct 23, 2023 -
Go: Add Go frameworks for automated coverage reports
#14536 merged
Oct 20, 2023 -
C++: Fix ImplicitThisFieldAccess
#14495 merged
Oct 20, 2023 -
fix typo ('Configration' to ‘Configuration’)
#14539 merged
Oct 20, 2023 -
Swift: add children to `UnspecifiedElement`
#14538 merged
Oct 20, 2023 -
Bump to Go 1.21 in supported compilers docs
#14550 merged
Oct 20, 2023 -
Improve change note checking
#14542 merged
Oct 20, 2023 -
Kotlin: Don't convert back and forth between ClassId and FqName
#14529 merged
Oct 20, 2023 -
Post-release preparation for codeql-cli-2.15.1
#14531 merged
Oct 19, 2023 -
move the documentation of codePointAt and codePointCount to the string type instead of the int type
#14543 merged
Oct 19, 2023 -
C++: Update for changes in frontend.
#14135 merged
Oct 19, 2023 -
C++: Add more documentation about dataflow through indirections
#14524 merged
Oct 19, 2023 -
Update CSV framework coverage reports
#14533 merged
Oct 19, 2023
23 Pull requests opened by 18 people
-
Ruby: additional unsafe deserialization sinks for ox and one for oj
#14544 opened
Oct 19, 2023 -
C#: Handle `netstandard` references in standalone extraction
#14545 opened
Oct 19, 2023 -
Implement threat models as extension packs
#14548 opened
Oct 19, 2023 -
Ruby: Add Insecure Randomness Query
#14554 opened
Oct 21, 2023 -
Ruby: add a query and script for autogenerating typeModel and summaryModel data extensions entries
#14560 opened
Oct 23, 2023 -
C++: Rewrite `cpp/uncontrolled-process-operation` to not use `DefaultTaintTracking`
#14561 opened
Oct 23, 2023 -
C#: No CIL extraction by default.
#14564 opened
Oct 23, 2023 -
Swift: clean up `VarDecl`, `NamedPattern` and `SwitchStmt` interactions
#14567 opened
Oct 23, 2023 -
Swift: extract types for patterns
#14570 opened
Oct 23, 2023 -
Move `FlowSummaryImpl.qll` to `dataflow` pack
#14573 opened
Oct 24, 2023 -
Swift: Add variable-capture flow
#14577 opened
Oct 24, 2023 -
Swift: Models for String methods involving closures.
#14578 opened
Oct 24, 2023 -
C++: Define an extractor version table and use in IR generation
#14579 opened
Oct 24, 2023 -
Java: Update MaD Declarations after Triage
#14580 opened
Oct 24, 2023 -
Alternate threat model implementation
#14582 opened
Oct 24, 2023 -
Java: Deprecate MethodAccess and SuperMethodAccess
#14583 opened
Oct 24, 2023 -
Kotlin: Mention `Literal::getLiteral()` difference from source code
#14584 opened
Oct 25, 2023 -
C++/Java: Share core range analysis
#14588 opened
Oct 25, 2023 -
C#: Use `C'X` fully-qualified-name format instead of `C<,...,>`
#14589 opened
Oct 25, 2023 -
Python: Fix dataflow consistency error due to missing class scope
#14590 opened
Oct 25, 2023 -
Python: Minor cleanup for string pool interaction
#14591 opened
Oct 25, 2023 -
Swift: implement type pruning for dataflow
#14592 opened
Oct 25, 2023 -
Bump google.golang.org/grpc from 1.40.0 to 1.56.3 in /go/ql/test/experimental/CWE-321
#14594 opened
Oct 25, 2023
7 Issues closed by 7 people
-
codeql-cpp: missing source file for small-size project
#14593 closed
Oct 26, 2023 -
Javascript cannot query specific getAMemberCall
#13401 closed
Oct 25, 2023 -
java-code-scanning.qls is not a .ql file, .qls file, a directory, or a query pack specification.
#14576 closed
Oct 24, 2023 -
upload sarif file occur path i s not exist
#14572 closed
Oct 24, 2023 -
JavaScript: ERROR: No higher-order predicate with name scoreEndpoints
#14557 closed
Oct 24, 2023 -
java code scanning failed
#14549 closed
Oct 23, 2023
7 Issues opened by 6 people
-
False positive
#14596 opened
Oct 25, 2023 -
Severity misrepresentation
#14595 opened
Oct 25, 2023 -
Cannot decode bqrs file properly to get functions list
#14586 opened
Oct 25, 2023 -
Java: java/unsafe-deserialization doesn't detect use of javax.jms.ObjectMessage.getObject()
#14569 opened
Oct 23, 2023 -
java code scanning
#14558 opened
Oct 23, 2023 -
Java: Make it more explicit when CodeQL classes and predicates only apply to Kotlin
#14556 opened
Oct 21, 2023 -
False positive - Ruby on Rails: SQL query built from user-controlled sources
#14546 opened
Oct 19, 2023
45 Unresolved conversations
Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.
-
Java: basic version of automodel extraction query docs
#14487 commented on
Oct 25, 2023 • 15 new comments -
Swift: Add regular expression evaluation models for StringProtocol and NSString methods
#14383 commented on
Oct 25, 2023 • 12 new comments -
Go: Add JWT Algorithm Confusion Query
#14534 commented on
Oct 24, 2023 • 9 new comments -
Java: Convert `SensitiveApi.qll` to use Models-as-Data
#13978 commented on
Oct 25, 2023 • 8 new comments -
Java: Weak Hashing Algorithm specified in `.properties` files
#14040 commented on
Oct 26, 2023 • 6 new comments -
Python - Add Django RestFramework request handler args + kwargs
#14353 commented on
Oct 24, 2023 • 3 new comments -
Python: Allow namespace packages
#14114 commented on
Oct 23, 2023 • 2 new comments -
JS: extend DatabaseAccess by `TypeORM` and `sqlite` and `better-sqlite3` packages
#14302 commented on
Oct 25, 2023 • 2 new comments -
JavaScript: Adjust XSS and log injection query severities
#14419 commented on
Oct 23, 2023 • 2 new comments -
CodeQL CLI v2.15.0 returns `HTTP/1.1 302 Found` error on `codeql github upload-results`
#14501 commented on
Oct 23, 2023 • 1 new comment -
gradle: False positives from generated code from the version catalog feature
#14530 commented on
Oct 24, 2023 • 1 new comment -
Suggestion: toHex method for int
#4145 commented on
Oct 25, 2023 • 1 new comment -
[CSharp] AWS Lambda Modelling
#13110 commented on
Oct 23, 2023 • 1 new comment -
Go: Add Improper LDAP Authentication query (CWE-287)
#13366 commented on
Oct 25, 2023 • 1 new comment -
Ruby: add seperate additional steps between `YAML.parse*` methods and `to_ruby`
#13431 commented on
Oct 24, 2023 • 1 new comment -
JS: JWT constant key, no Verification issues
#14088 commented on
Oct 19, 2023 • 1 new comment -
C#: Add XSS flow steps for View calls refering to Razor pages
#14343 commented on
Oct 24, 2023 • 1 new comment -
Certain syntaxes in ruby cause extraction errors
#14279 commented on
Oct 19, 2023 • 0 new comments -
Ruby parse error on valid Ruby code
#7005 commented on
Oct 19, 2023 • 0 new comments -
False positive for IncompleteHostnameRegExp in Ruby
#13749 commented on
Oct 19, 2023 • 0 new comments -
"CodeQL library search" language filter does not work for Ruby
#11840 commented on
Oct 19, 2023 • 0 new comments -
Ruby: Traditional if-else not detected as `StringConstArrayInclusionCallBarrier` compared to conditional assignment.
#11558 commented on
Oct 19, 2023 • 0 new comments -
[JavaScript] - Incomplete string escaping or encoding
#9450 commented on
Oct 19, 2023 • 0 new comments -
JavaScript Webpack Vulnerability
#3963 commented on
Oct 19, 2023 • 0 new comments -
Javascript Sqlite database opening
#7597 commented on
Oct 19, 2023 • 0 new comments -
javascript: Property access on null or undefined
#12722 commented on
Oct 19, 2023 • 0 new comments -
ERROR: Could not resolve module javascript.
#4280 commented on
Oct 19, 2023 • 0 new comments -
JavaScript: Restricting `isSource` predicate leads to more alerts
#7790 commented on
Oct 19, 2023 • 0 new comments -
Unable to parse Module of certain type for JavaScript
#5697 commented on
Oct 19, 2023 • 0 new comments -
Javascript: How can I filter some dataflow results?
#6920 commented on
Oct 19, 2023 • 0 new comments -
XML in javascript hasn't been written?[QUESTION][XML]
#3949 commented on
Oct 19, 2023 • 0 new comments -
JavaScript: RemoteFlowSource does not seem to pick up data fetched from path
#9760 commented on
Oct 19, 2023 • 0 new comments -
Javascript: How to define an own type and mark its attributes and types
#12524 commented on
Oct 19, 2023 • 0 new comments -
False positive - DOMParser().parseFromString is treated as XSS sink
#12882 commented on
Oct 19, 2023 • 0 new comments -
JS: How to mark the value of a property
#5969 commented on
Oct 19, 2023 • 0 new comments -
The TypeScript parser wrapper crashed with exit code 1
#13656 commented on
Oct 19, 2023 • 0 new comments -
False positive - when json.Marshal output is used - cant result in "Potentially unsafe quoting"
#14159 commented on
Oct 23, 2023 • 0 new comments -
codeql pack publish fails with confusing SocketException when token lacks permission
#14104 commented on
Oct 24, 2023 • 0 new comments -
add security-severity score to code scanning query list
#12557 commented on
Oct 25, 2023 • 0 new comments -
Java: Add Weak Randomness Query (CWE-330/338)
#13608 commented on
Oct 26, 2023 • 0 new comments -
Ruby: Port `UrlConcatenation.qll` from JS
#14180 commented on
Oct 23, 2023 • 0 new comments -
Shared: Add DataFlow::DeduplicatePathGraph
#14350 commented on
Oct 23, 2023 • 0 new comments -
Python: New FileSystem Access
#14406 commented on
Oct 24, 2023 • 0 new comments -
C#: Inspect project.assets.json to find dependencies.
#14411 commented on
Oct 25, 2023 • 0 new comments -
C#: Fix params attribute argument extraction
#14493 commented on
Oct 23, 2023 • 0 new comments