Insights: github/codeql
Overview
Could not load contribution data
Please try again later
47 Pull requests merged by 20 people
-
Swift: Fix failing tests
#14684 merged
Nov 3, 2023 -
Python: filter local self loops
#14644 merged
Nov 3, 2023 -
Python: Add AWS Lambda as a supported framework
#14653 merged
Nov 3, 2023 -
Swift: rework resource dir
#14629 merged
Nov 3, 2023 -
C#: Update DependencyManager logic to exclude commented out references.
#14665 merged
Nov 3, 2023 -
C#: Split `generated/dotnet_runtime.yml` into separate files (take 2)
#14675 merged
Nov 3, 2023 -
Revert "C#: Split `generated/dotnet_runtime.yml` into separate files"
#14674 merged
Nov 3, 2023 -
RangeAnalysis: Improve bounds that rely on relative modulus.
#14664 merged
Nov 3, 2023 -
C++: Adding a model implementation for ODBC.
#14647 merged
Nov 2, 2023 -
Swift: Models for String methods involving closures.
#14578 merged
Nov 2, 2023 -
C#: Split `generated/dotnet_runtime.yml` into separate files
#14663 merged
Nov 2, 2023 -
C#: Move qualified name computation into `QualifiedName.qll`
#14657 merged
Nov 2, 2023 -
Java/C++: Share modulus analysis
#14659 merged
Nov 2, 2023 -
Update CSV framework coverage reports
#14651 merged
Nov 2, 2023 -
Swift: New query for Missing Regular Expression Anchor
#14639 merged
Nov 2, 2023 -
Python: module for import time flow
#14617 merged
Nov 2, 2023 -
Rangeanalysis: Share ssaRead predicate
#14656 merged
Nov 1, 2023 -
C++: Remove one use of range analysis in `cpp/invalid-pointer-deref`
#14648 merged
Nov 1, 2023 -
Ruby: Summarized type-tracking stores should target post-update nodes
#14628 merged
Nov 1, 2023 -
Python: Update debug query to changed API
#14654 merged
Nov 1, 2023 -
C++: `AssignPointerAddExpr` and `AssignPointerSubExpr` should not be bitwise operations
#14635 merged
Oct 31, 2023 -
JS: re-order expected test output of all JS tests
#14645 merged
Oct 31, 2023 -
Java: Convert `SensitiveApi.qll` to use Models-as-Data
#13978 merged
Oct 31, 2023 -
C++: Drop `experimental` tag from `cpp/invalid-pointer-deref`
#14650 merged
Oct 31, 2023 -
C++: Add a taint model for `realloc`
#14637 merged
Oct 31, 2023 -
Kotlin: Make the enum test more precise
#14614 merged
Oct 31, 2023 -
Swift: remove outdated CLI argument
#14537 merged
Oct 31, 2023 -
Javascript: add `req.path` as remote flow source
#14643 merged
Oct 31, 2023 -
CPP: Add some range analysis cases
#14444 merged
Oct 31, 2023 -
Swift: add `VarDecl` children to `CaptureListExpr`
#14633 merged
Oct 31, 2023 -
Go: mark all integration tests non-parallelisable
#14640 merged
Oct 31, 2023 -
Swift: Clean up the swift/unsafe-js-eval test
#14638 merged
Oct 31, 2023 -
Kotlin: Add support for JavaBinarySourceElement sources
#14622 merged
Oct 31, 2023 -
C#: Handle `netstandard` references in standalone extraction
#14545 merged
Oct 31, 2023 -
Post-release preparation for codeql-cli-2.15.2
#14634 merged
Oct 31, 2023 -
C++: Share IPA numbering for indirect nodes
#14632 merged
Oct 31, 2023 -
C#: Only use `getTypeRef` when there is not already a type available
#14607 merged
Oct 30, 2023 -
CPP: Add dataflow FP with output arguments
#14623 merged
Oct 30, 2023 -
Kotlin: Fix getFileClassFqName for IrField
#14621 merged
Oct 30, 2023 -
Kotlin: Log when we start and finish writing to TRAP files
#14518 merged
Oct 30, 2023 -
JS/Ruby/Python: Add neutralModel extensible predicate
#14631 merged
Oct 30, 2023 -
Release preparation for version 2.15.2
#14630 merged
Oct 30, 2023 -
Swift: clean up `VarDecl`, `NamedPattern` and `SwitchStmt` interactions
#14567 merged
Oct 30, 2023 -
Swift: Flow through OpenExistentialExpr
#14113 merged
Oct 30, 2023 -
Swift: QLDoc and test for getCanonicalType
#14618 merged
Oct 30, 2023 -
C#: Fix params attribute argument extraction
#14493 merged
Oct 30, 2023 -
C++: Fix `strtol` model
#14619 merged
Oct 30, 2023
21 Pull requests opened by 15 people
-
Ruby: refine `ActiveRecord` `update_all` as an SQL sink
#14627 opened
Oct 30, 2023 -
Python: Add support for Python 3.12 type syntax
#14636 opened
Oct 30, 2023 -
Java: Publish Automodel query pack 0.0.7
#14642 opened
Oct 31, 2023 -
Java: Update MaD Declarations after Triage
#14646 opened
Oct 31, 2023 -
Go: Add Cors Gin Support
#14649 opened
Oct 31, 2023 -
C#: Use `project.assets.json` for package dependencies.
#14655 opened
Nov 1, 2023 -
Swift: Fix defaultImplicitTaintRead on fields
#14661 opened
Nov 1, 2023 -
C#: Use different MaD format for generics
#14662 opened
Nov 2, 2023 -
JS: Extends CredentialsNode class mostly related to JWT authentication packages
#14666 opened
Nov 2, 2023 -
C++: Allocate more `FunctionInput` and `FunctionOutput`s
#14667 opened
Nov 2, 2023 -
VS Code extension docs: Changes to database downloads
#14668 opened
Nov 2, 2023 -
C++: Rewrite `cpp/unbounded-write` away from `DefaultTaintTracking`
#14669 opened
Nov 2, 2023 -
Java: Add support for Java 21 language features
#14671 opened
Nov 2, 2023 -
JS: Move the language pack build and tests to Bazel
#14677 opened
Nov 3, 2023 -
C#: Correctly parse operator names in MaD
#14678 opened
Nov 3, 2023 -
Ruby: Experimental model editor support
#14679 opened
Nov 3, 2023 -
Swift: Generalize flow through subscript writes / test and fix some closure methods of Data
#14680 opened
Nov 3, 2023 -
Java: Add more sinks to the Weak Randomness query
#14681 opened
Nov 3, 2023 -
Swift: Correct a couple of FilePath models.
#14682 opened
Nov 3, 2023 -
Swift: Model NSString.enumerate*
#14683 opened
Nov 3, 2023 -
JS: remove the remaining yarn files
#14686 opened
Nov 5, 2023
8 Issues closed by 7 people
-
CodeQL docs links 404
#14658 closed
Nov 1, 2023 -
Java: java/unsafe-deserialization doesn't detect use of javax.jms.ObjectMessage.getObject()
#14569 closed
Oct 31, 2023 -
JavaScript: RemoteFlowSource does not seem to pick up data fetched from path
#9760 closed
Oct 31, 2023 -
LGTM.com - false positive (existing alert for removed file)
#4714 closed
Oct 31, 2023 -
cpp taint flow false negative for a general address addition pattern
#14625 closed
Oct 30, 2023 -
java code scanning
#14558 closed
Oct 30, 2023 -
"CodeQL library search" language filter does not work for Ruby
#11840 closed
Oct 30, 2023 -
Cannot decode bqrs file properly to get functions list
#14586 closed
Oct 30, 2023
4 Issues opened by 4 people
-
False positive: Python - Deserialization of user-controlled data
#14685 opened
Nov 5, 2023 -
False positive - Ruby (on Rails) - SQL query built from user-controlled sources
#14670 opened
Nov 2, 2023 -
workflow yml file configuration
#14652 opened
Nov 1, 2023 -
False positive - C# Constant Condition
#14641 opened
Oct 31, 2023
18 Unresolved conversations
Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.
-
C#: Inspect project.assets.json to find dependencies.
#14411 commented on
Nov 1, 2023 • 21 new comments -
C#: Add flow steps for View calls refering to Razor pages
#14343 commented on
Nov 2, 2023 • 17 new comments -
Move `FlowSummaryImpl.qll` to `dataflow` pack
#14573 commented on
Oct 30, 2023 • 8 new comments -
Go: fasthttp
#14123 commented on
Nov 5, 2023 • 6 new comments -
Go: Decompression Bombs
#13553 commented on
Nov 4, 2023 • 5 new comments -
C++ extractor fails to process code based on Unreal Engine
#13994 commented on
Nov 1, 2023 • 3 new comments -
Java: Decompression Bombs
#13555 commented on
Nov 3, 2023 • 3 new comments -
Java: Make it more explicit when CodeQL classes and predicates only apply to Kotlin
#14556 commented on
Oct 30, 2023 • 2 new comments -
JS: decoding JWT without signature verification
#14088 commented on
Nov 2, 2023 • 2 new comments -
JavaScript Webpack Vulnerability
#3963 commented on
Oct 30, 2023 • 1 new comment -
ERROR: Could not resolve module javascript.
#4280 commented on
Oct 30, 2023 • 1 new comment -
javascript: Property access on null or undefined
#12722 commented on
Oct 30, 2023 • 1 new comment -
MSBuild doesn't respect MvcBuildViews-setting in .csproj -file when run through CodeQL-cli or through codeql github action
#11890 commented on
Nov 1, 2023 • 1 new comment -
Java: Add Weak Randomness Query (CWE-330/338)
#13608 commented on
Nov 3, 2023 • 0 new comments -
Swift: upgrade to 5.9
#14261 commented on
Oct 31, 2023 • 0 new comments -
Ruby: Add Insecure Randomness Query
#14554 commented on
Oct 30, 2023 • 0 new comments -
C++: Rewrite `cpp/uncontrolled-process-operation` to not use `DefaultTaintTracking`
#14561 commented on
Nov 1, 2023 • 0 new comments -
Java: Add JMS sink to java/unsafe-deserialization
#14610 commented on
Oct 31, 2023 • 0 new comments