Insights: github/codeql
Overview
Could not load contribution data
Please try again later
57 Pull requests merged by 23 people
-
JavaScript: Add support for XML attributes in the data flow graph
#15110 merged
Dec 14, 2023 -
JS: fix the parsing of boolean environment variables in the TypeScript extractor
#15105 merged
Dec 14, 2023 -
Swift: Revert:Revert "Swift: CommonCrypto test cases for the BrokenCryptoAlgorithm query"
#15106 merged
Dec 14, 2023 -
Swift: Expand models for UnsafePointer and friends
#15052 merged
Dec 14, 2023 -
Bump actions/setup-go from 4 to 5
#15034 merged
Dec 14, 2023 -
JS: Various TypeScript extraction fixes.
#15072 merged
Dec 14, 2023 -
C#: Fix names of generic types/methods in model editor queries
#15089 merged
Dec 14, 2023 -
Move `FlowSummaryImpl.qll` to `dataflow` pack
#14573 merged
Dec 14, 2023 -
InlineFlowTest: Allow for custom `getArgString`
#15090 merged
Dec 14, 2023 -
C#: Remove unneeded options and add support for `paths/paths-ignore` in standalone
#15070 merged
Dec 14, 2023 -
Data flow: Use `Boolean` class
#15095 merged
Dec 14, 2023 -
Fix typo in qll.
#15099 merged
Dec 14, 2023 -
Fix typo.
#15098 merged
Dec 14, 2023 -
Update CSV framework coverage reports
#15096 merged
Dec 14, 2023 -
Java: Add `.properties` file references in integration tests
#14802 merged
Dec 13, 2023 -
Bazel/CMake: use bazelisk to use correct bazel version
#15091 merged
Dec 13, 2023 -
Merge back `rc/3.12` into main
#15092 merged
Dec 13, 2023 -
Revert "Swift: CommonCrypto test cases for the BrokenCryptoAlgorithm query"
#15094 merged
Dec 13, 2023 -
C++: Easier debugging of dataflow node `toString` output
#15088 merged
Dec 13, 2023 -
[CSharp] AWS Lambda Modelling
#13110 merged
Dec 13, 2023 -
C#: Telemetry should only count calls in source.
#15085 merged
Dec 13, 2023 -
C#: Stub generator support for `ref readonly` parameters.
#15087 merged
Dec 13, 2023 -
Bump the extractor-dependencies group in /go/extractor with 1 update
#15084 merged
Dec 13, 2023 -
C#: Base more tests purely on stubs.
#15086 merged
Dec 13, 2023 -
Update CSV framework coverage reports
#15082 merged
Dec 13, 2023 -
Release change notes for 2.15.4
#15076 merged
Dec 12, 2023 -
Java: Remove invalid OGNL sinks
#15073 merged
Dec 12, 2023 -
Go: Also follow jump steps when looking for a callee source
#15054 merged
Dec 12, 2023 -
Swift: CommonCrypto test cases for the BrokenCryptoAlgorithm query
#13870 merged
Dec 12, 2023 -
Java: Add Weak Randomness Query (CWE-330/338)
#13608 merged
Dec 12, 2023 -
C++: Add `PostUpdateNode`s for addresses of outgoing arguments
#15047 merged
Dec 12, 2023 -
C++: Add a `PropertyProvider` for only showing dataflow-relevant IR
#15075 merged
Dec 12, 2023 -
Data flow: Use cached `nodeDataFlowType` instead of `getNodeType`
#15074 merged
Dec 12, 2023 -
Python: slightly improve tarslip logic
#15051 merged
Dec 12, 2023 -
CPP: Add query for detecteing incorrect error checking for scanf
#14910 merged
Dec 12, 2023 -
Rangeanalysis: Prune range calculation.
#15037 merged
Dec 12, 2023 -
Add @RasmusWL as CODEOWNER of a misc file
#15071 merged
Dec 12, 2023 -
C++: Update test for CLI changes
#15066 merged
Dec 12, 2023 -
C#: Use `CODEQL_EXTRACTOR_CSHARP_SCRATCH_DIR` instead of `Path.GetTempPath`
#15063 merged
Dec 12, 2023 -
Java: Deprecate or remove imports of dataflow library copies
#15026 merged
Dec 11, 2023 -
C#: Use .NET 8
#14892 merged
Dec 11, 2023 -
C#: Default parameters for object using attributes.
#15050 merged
Dec 11, 2023 -
Swift: Accept test changes
#15064 merged
Dec 11, 2023 -
Bump actions/stale from 8 to 9
#15042 merged
Dec 11, 2023 -
Python: Remove control flow nodes for module entry definitions from the dataflow graph.
#15030 merged
Dec 11, 2023 -
Swift: Imprecise Taint Flows
#14925 merged
Dec 11, 2023 -
C++: Experimental query for implementation of a cryptographic primitive
#14972 merged
Dec 11, 2023 -
Update CSV framework coverage reports
#15041 merged
Dec 11, 2023 -
QL4QL: Improvements to `RedundantImport` query
#15043 merged
Dec 9, 2023 -
Java: Fix accidental cartesian product.
#15045 merged
Dec 8, 2023 -
Dataflow: Add change note about deprecation.
#15046 merged
Dec 8, 2023 -
C++: Deprecate `isUserInput`, `userInputArgument`, and `userInputReturned`
#14912 merged
Dec 8, 2023 -
Data Flow: Deprecate old data flow api.
#14983 merged
Dec 8, 2023 -
C++: Fix dataflow inconsistencies
#15040 merged
Dec 8, 2023 -
Ruby: Experimental model editor support
#14679 merged
Dec 8, 2023 -
Swift: Model Manual Memory Management closure functions and withMemoryRebound variants
#15038 merged
Dec 8, 2023 -
C++: Remove `DefaultTaintTracking` library
#14909 merged
Dec 8, 2023
19 Pull requests opened by 14 people
-
Python: Automated subclass models
#15044 opened
Dec 8, 2023 -
Ruby: Model editor improvements
#15048 opened
Dec 8, 2023 -
Kotlin 2: Accept changes in query-tests/UnderscoreIdentifier
#15049 opened
Dec 8, 2023 -
Web Cache Deception Vulnerability on Go Frameworks
#15057 opened
Dec 9, 2023 -
JS: Env Injection query
#15060 opened
Dec 10, 2023 -
Dataflow: Deprecate FlowStateString.
#15062 opened
Dec 11, 2023 -
C#: Re-generate stubs
#15065 opened
Dec 11, 2023 -
Upgrade to bazel 7.
#15068 opened
Dec 11, 2023 -
CPP: Add query for detecting invalid uses of temporary unique pointers.
#15078 opened
Dec 12, 2023 -
Python: Use more general definitions
#15080 opened
Dec 12, 2023 -
Fix sphinx.add_lexer.
#15097 opened
Dec 14, 2023 -
C#: Stubs refresh.
#15100 opened
Dec 14, 2023 -
Python: update to new API update is in a comment, so compilation never failed in CI.
#15101 opened
Dec 14, 2023 -
Ruby: Model simple pattern matching as value steps instead of taint steps
#15103 opened
Dec 14, 2023 -
Python: Remove `@tags meta` from internal debug queries
#15104 opened
Dec 14, 2023 -
C++: Produce a better `toString` for dataflow nodes with indirections
#15107 opened
Dec 14, 2023 -
C#: Stub generator scripts.
#15108 opened
Dec 14, 2023 -
Python: Delete old copy of DataFlowImplConsistency.qll
#15109 opened
Dec 14, 2023 -
JS: TypeScript extractor fixes into rc/3.12
#15111 opened
Dec 14, 2023
5 Issues closed by 4 people
-
How do you create COdeQL.exe file?
#15067 closed
Dec 13, 2023 -
False positive: java/ognl-injection incorrectly treating args parameters as injection sinks
#15053 closed
Dec 12, 2023 -
Add a way for C/C++ code compiled as a part of a CodeQL test to detect it is being tested
#9425 closed
Dec 12, 2023 -
Go: support remote package analysis
#13833 closed
Dec 8, 2023
5 Issues opened by 4 people
-
C#: Azure Function HttpTrigger SQL Injection is not being detected
#15102 opened
Dec 14, 2023 -
False positive: it is valid to escape $ in javascript template string syntax
#15077 opened
Dec 12, 2023 -
False positive: HTTP response splitting
#15056 opened
Dec 9, 2023 -
False positive: XSS when MimeType.TEXT has been set
#15055 opened
Dec 9, 2023
26 Unresolved conversations
Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.
-
Python: Basic implementation of variable capture
#14944 commented on
Dec 14, 2023 • 25 new comments -
Swift: implement type pruning for dataflow
#14592 commented on
Dec 14, 2023 • 24 new comments -
Go: fasthttp
#14123 commented on
Dec 14, 2023 • 16 new comments -
Java: Insecure Loading of Class in Android App without Package Signature Checking
#14752 commented on
Dec 14, 2023 • 8 new comments -
C#: Extract and use ambiguous type information for call target resolution
#14891 commented on
Dec 13, 2023 • 8 new comments -
Java: Environment variable injection query
#14724 commented on
Dec 13, 2023 • 5 new comments -
Go: Decompression Bombs
#13553 commented on
Dec 11, 2023 • 4 new comments -
Ruby: Add Insecure Randomness Query
#14554 commented on
Dec 8, 2023 • 4 new comments -
CodeQL adds redundant slash to upload sarif file endpoint
#15020 commented on
Dec 11, 2023 • 3 new comments -
C++: Return statement inside Guard Block
#15001 commented on
Dec 11, 2023 • 3 new comments -
JS: Add Permissive CORS query (CWE-942)
#14342 commented on
Dec 11, 2023 • 3 new comments -
Java: Fix FPs in Missing certificate pinning
#15012 commented on
Dec 13, 2023 • 2 new comments -
C#: Add flow steps from a PageModel to cshtml page.
#15039 commented on
Dec 13, 2023 • 2 new comments -
zero files scanned results in green build
#14841 commented on
Dec 12, 2023 • 1 new comment -
Java: Promote Unsafe URL Forward query from experimental
#14854 commented on
Dec 11, 2023 • 1 new comment -
Add a test file
#9967 commented on
Dec 8, 2023 • 0 new comments -
add security-severity score to code scanning query list
#12557 commented on
Dec 14, 2023 • 0 new comments -
Java: Add support for algorithm names specified in `.properties` files to `java/potentially-weak-cryptographic-algorithm`
#14040 commented on
Dec 14, 2023 • 0 new comments -
Ruby: Implement `mustFlow`
#14303 commented on
Dec 12, 2023 • 0 new comments -
Temporarily run the standalone extractor instead of autobuilding
#14324 commented on
Dec 14, 2023 • 0 new comments -
Java: Add more sinks to the Insecure Randomness query
#14681 commented on
Dec 13, 2023 • 0 new comments -
Python: Adopt shared type tracking library
#14848 commented on
Dec 14, 2023 • 0 new comments -
Ruby: Add mysql2 model
#14916 commented on
Dec 14, 2023 • 0 new comments -
Java: openjdk model autogeneration
#14919 commented on
Dec 14, 2023 • 0 new comments -
Fix rst code format.
#14977 commented on
Dec 14, 2023 • 0 new comments -
Ruby: Model some libraries with the model editor
#15035 commented on
Dec 8, 2023 • 0 new comments