Insights: github/codeql
Overview
Could not load contribution data
Please try again later
59 Pull requests merged by 21 people
-
Fix sphinx.add_lexer.
#15112 merged
Dec 19, 2023 -
Post-release preparation for codeql-cli-2.15.5
#15153 merged
Dec 19, 2023 -
Java: Add the `Map#replace` and `Map#replaceAll` methods to `MapMutator` in `Maps.qll`
#15126 merged
Dec 19, 2023 -
C++: Update test after extractor changes
#15146 merged
Dec 19, 2023 -
C++: Fix unnecessary evaluation of debug strings
#15152 merged
Dec 19, 2023 -
Python: update to new API update is in a comment, so compilation never failed in CI.
#15101 merged
Dec 19, 2023 -
Release preparation for version 2.15.5
#15141 merged
Dec 18, 2023 -
Python: Remove `@tags meta` from internal debug queries
#15104 merged
Dec 18, 2023 -
Python: Adopt shared type tracking library
#14848 merged
Dec 18, 2023 -
C++: Fix joins in `cpp/use-after-free`
#15136 merged
Dec 18, 2023 -
TESTING IGNORE Release preparation for version 2.92.0
#15137 merged
Dec 18, 2023 -
C#: Add telemetry query to report extractor information
#15124 merged
Dec 18, 2023 -
C#: Exclude not existing or problematic files from standalone extraction
#15131 merged
Dec 18, 2023 -
Swift: do not trace codesign binary
#15134 merged
Dec 18, 2023 -
C++: Fix joins in `isModifiableAtImpl`
#15132 merged
Dec 18, 2023 -
Bazel/CMake: use bazelisk to use correct bazel version
#15135 merged
Dec 18, 2023 -
TESTING IGNORE - Release preparation for version 2.91.0 - TESTING IGNORE
#15133 merged
Dec 18, 2023 -
C++: Fix joins in `cpp/wrong-type-format-argument`
#15129 merged
Dec 18, 2023 -
C#: Escape method names in stub generation.
#15119 merged
Dec 18, 2023 -
C++: Fix FPs in `cpp/double-free` and `cpp/use-after-free`
#15123 merged
Dec 18, 2023 -
C++: Fix joins in `AV Rule 145`
#15121 merged
Dec 18, 2023 -
Java: Fix FPs in Missing certificate pinning
#15012 merged
Dec 18, 2023 -
Ruby: Model simple pattern matching as value steps instead of taint steps
#15103 merged
Dec 18, 2023 -
Swift: Add more test cases for application(...launchOptions...).
#15125 merged
Dec 18, 2023 -
C++: Fix joins in `cpp/resource-not-released-in-destructor`
#15120 merged
Dec 15, 2023 -
C++: Only consider the maximum buffer size for badly bounded write
#15117 merged
Dec 15, 2023 -
Dataflow: Deprecate FlowStateString.
#15062 merged
Dec 15, 2023 -
JS: add integration test for the new extractor option to disable type extraction
#15115 merged
Dec 15, 2023 -
C#: .NET8 Stubs update.
#15100 merged
Dec 15, 2023 -
C++: Produce a better `toString` for dataflow nodes with indirections
#15107 merged
Dec 15, 2023 -
JS: TypeScript extractor fixes into rc/3.12
#15111 merged
Dec 15, 2023 -
C#: Stub generator scripts.
#15108 merged
Dec 15, 2023 -
Python: Delete old copy of DataFlowImplConsistency.qll
#15109 merged
Dec 15, 2023 -
JavaScript: Add support for XML attributes in the data flow graph
#15110 merged
Dec 14, 2023 -
JS: fix the parsing of boolean environment variables in the TypeScript extractor
#15105 merged
Dec 14, 2023 -
Swift: Revert:Revert "Swift: CommonCrypto test cases for the BrokenCryptoAlgorithm query"
#15106 merged
Dec 14, 2023 -
Swift: Expand models for UnsafePointer and friends
#15052 merged
Dec 14, 2023 -
Bump actions/setup-go from 4 to 5
#15034 merged
Dec 14, 2023 -
JS: Various TypeScript extraction fixes.
#15072 merged
Dec 14, 2023 -
C#: Fix names of generic types/methods in model editor queries
#15089 merged
Dec 14, 2023 -
Move `FlowSummaryImpl.qll` to `dataflow` pack
#14573 merged
Dec 14, 2023 -
InlineFlowTest: Allow for custom `getArgString`
#15090 merged
Dec 14, 2023 -
C#: Remove unneeded options and add support for `paths/paths-ignore` in standalone
#15070 merged
Dec 14, 2023 -
Data flow: Use `Boolean` class
#15095 merged
Dec 14, 2023 -
Fix typo in qll.
#15099 merged
Dec 14, 2023 -
Fix typo.
#15098 merged
Dec 14, 2023 -
Update CSV framework coverage reports
#15096 merged
Dec 14, 2023 -
Java: Add `.properties` file references in integration tests
#14802 merged
Dec 13, 2023 -
Bazel/CMake: use bazelisk to use correct bazel version
#15091 merged
Dec 13, 2023 -
Merge back `rc/3.12` into main
#15092 merged
Dec 13, 2023 -
Revert "Swift: CommonCrypto test cases for the BrokenCryptoAlgorithm query"
#15094 merged
Dec 13, 2023 -
C++: Easier debugging of dataflow node `toString` output
#15088 merged
Dec 13, 2023 -
[CSharp] AWS Lambda Modelling
#13110 merged
Dec 13, 2023 -
C#: Telemetry should only count calls in source.
#15085 merged
Dec 13, 2023 -
C#: Stub generator support for `ref readonly` parameters.
#15087 merged
Dec 13, 2023 -
Bump the extractor-dependencies group in /go/extractor with 1 update
#15084 merged
Dec 13, 2023 -
C#: Base more tests purely on stubs.
#15086 merged
Dec 13, 2023 -
Update CSV framework coverage reports
#15082 merged
Dec 13, 2023
27 Pull requests opened by 16 people
-
Bump actions/download-artifact from 3 to 4
#15113 opened
Dec 15, 2023 -
Bump actions/upload-artifact from 3 to 4
#15114 opened
Dec 15, 2023 -
Swift: separate installation of dependencies and autobuilding
#15116 opened
Dec 15, 2023 -
Ruby: Track types in data flow
#15118 opened
Dec 15, 2023 -
Swift: Query for Use of an inappropriate cryptographic hashing algorithm on passwords
#15122 opened
Dec 15, 2023 -
Add buildless tests
#15127 opened
Dec 15, 2023 -
Go: fix FP in incorrect integer conversion query relating to strict comparisons with MaxInt and MaxUint
#15128 opened
Dec 17, 2023 -
Go: new query for detect DOS vulnerability
#15130 opened
Dec 18, 2023 -
Data flow: prune context-sensitivity relations
#15140 opened
Dec 18, 2023 -
Bump golang.org/x/crypto from 0.12.0 to 0.17.0 in /go/ql/test/experimental/CWE-347
#15147 opened
Dec 18, 2023 -
Bump golang.org/x/crypto from 0.12.0 to 0.17.0 in /go/ql/test/experimental/CWE-321-V2
#15148 opened
Dec 18, 2023 -
Bump golang.org/x/crypto from 0.12.0 to 0.17.0 in /go/ql/test/library-tests/semmle/go/frameworks/Afero
#15149 opened
Dec 18, 2023 -
Bump golang.org/x/crypto from 0.12.0 to 0.17.0 in /go/ql/test/library-tests/semmle/go/frameworks/Iris
#15150 opened
Dec 18, 2023 -
Bump golang.org/x/crypto from 0.9.0 to 0.17.0 in /go/ql/test/experimental/CWE-942
#15151 opened
Dec 19, 2023 -
C#: Replace more hand written stubs with generated ones.
#15154 opened
Dec 19, 2023 -
C#: Fix working directory structures in standalone
#15156 opened
Dec 19, 2023 -
Data flow: Avoid unnecessary non-linear recursion in `fwdFlowIn`
#15157 opened
Dec 19, 2023 -
C#: Classify test support files in model editor queries
#15159 opened
Dec 19, 2023 -
C#: Mention more XSS sanitisation options in query help.
#15160 opened
Dec 19, 2023 -
Go: Stratify `CFG::succ` to avoid recursion
#15162 opened
Dec 19, 2023 -
Javascript: Regex Global Flag in Test Function
#15163 opened
Dec 19, 2023 -
Update system requirements for ruby
#15164 opened
Dec 19, 2023 -
ensure `publish.sh` uses the latest `automodel` release
#15165 opened
Dec 19, 2023 -
Python: Add scope entry definition nodes
#15166 opened
Dec 19, 2023 -
Python experiment: adding entry definitions to the basic variable capture branch
#15167 opened
Dec 19, 2023 -
codeql@1.0.0
#15172 opened
Dec 20, 2023
5 Issues closed by 3 people
-
False positive: go/incorrect-integer-conversion
#15158 closed
Dec 19, 2023 -
zero files scanned results in green build
#14841 closed
Dec 15, 2023 -
False positive, cpp/ql/src/Security/CWE/CWE-120/BadlyBoundedWrite.ql
#13913 closed
Dec 15, 2023 -
How do you create COdeQL.exe file?
#15067 closed
Dec 13, 2023
5 Issues opened by 4 people
-
Incomplete documentation for cs/web/broad-cookie-domain
#15169 opened
Dec 19, 2023 -
False positive: cs/web/broad-cookie-domain for Domain = null or ""
#15168 opened
Dec 19, 2023 -
C#: Missing modelling of Newtonsoft.Json StringEscapeHandling
#15155 opened
Dec 19, 2023 -
Exit status -1073741515 when doing ruby analysis on Windows 2019
#15139 opened
Dec 18, 2023 -
C#: Azure Function HttpTrigger SQL Injection is not being detected
#15102 opened
Dec 14, 2023
32 Unresolved conversations
Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.
-
Python: Basic implementation of variable capture
#14944 commented on
Dec 19, 2023 • 85 new comments -
Swift: implement type pruning for dataflow
#14592 commented on
Dec 15, 2023 • 27 new comments -
Java: Insecure Loading of Class in Android App without Package Signature Checking
#14752 commented on
Dec 19, 2023 • 14 new comments -
Web Cache Deception Vulnerability on Go Frameworks
#15057 commented on
Dec 19, 2023 • 12 new comments -
Go: Decompression Bombs
#13553 commented on
Dec 19, 2023 • 8 new comments -
Go: fasthttp
#14123 commented on
Dec 14, 2023 • 8 new comments -
32 cpp string concatenation library
#14954 commented on
Dec 19, 2023 • 8 new comments -
Python: Automated subclass models
#15044 commented on
Dec 19, 2023 • 7 new comments -
CPP: Add query for detecting invalid uses of temporary unique pointers.
#15078 commented on
Dec 15, 2023 • 7 new comments -
Python: Use more general definitions
#15080 commented on
Dec 15, 2023 • 6 new comments -
C#: Add flow steps from a PageModel to cshtml page.
#15039 commented on
Dec 15, 2023 • 5 new comments -
Java: Update MaD Declarations after Triage
#14580 commented on
Dec 19, 2023 • 3 new comments -
Ruby: Model editor improvements
#15048 commented on
Dec 15, 2023 • 3 new comments -
General issue - CodeQL exiting with exit code 2
#14866 commented on
Dec 15, 2023 • 2 new comments -
Java: Update MaD Declarations after Triage
#14646 commented on
Dec 19, 2023 • 2 new comments -
C#: Extract and use ambiguous type information for call target resolution
#14891 commented on
Dec 13, 2023 • 2 new comments -
General issue [Azure DevOps Pipeline]: pipeline is stuck at "Starting evaluation of codeql/csharp-queries/Telemetry/UnsupportedExternalAPIs.ql." step
#15059 commented on
Dec 17, 2023 • 1 new comment -
add security-severity score to code scanning query list
#12557 commented on
Dec 18, 2023 • 1 new comment -
[Java] Add Unicode Bypass Validation query, test and help file
#12995 commented on
Dec 19, 2023 • 1 new comment -
JS: Add `dot.js` support
#13624 commented on
Dec 19, 2023 • 1 new comment -
JS: Add Permissive CORS query (CWE-942)
#14342 commented on
Dec 19, 2023 • 1 new comment -
Java: Add more sinks to the Insecure Randomness query
#14681 commented on
Dec 19, 2023 • 1 new comment -
Java: Environment variable injection query
#14724 commented on
Dec 15, 2023 • 1 new comment -
C++: Ensure that only one `Function` exists for every function
#12125 commented on
Dec 15, 2023 • 0 new comments -
Temporarily run the standalone extractor instead of autobuilding
#14324 commented on
Dec 14, 2023 • 0 new comments -
[Feature branch] JS: Migrate to shared dataflow library
#14412 commented on
Dec 18, 2023 • 0 new comments -
Ruby: Add Insecure Randomness Query
#14554 commented on
Dec 18, 2023 • 0 new comments -
Ruby: Add mysql2 model
#14916 commented on
Dec 14, 2023 • 0 new comments -
Java: openjdk model autogeneration
#14919 commented on
Dec 14, 2023 • 0 new comments -
Java: Improve Gson parse, get, and stream models
#14926 commented on
Dec 15, 2023 • 0 new comments -
Fix rst code format.
#14977 commented on
Dec 14, 2023 • 0 new comments -
Upgrade to bazel 7.
#15068 commented on
Dec 13, 2023 • 0 new comments