Insights: github/codeql
Overview
Could not load contribution data
Please try again later
48 Pull requests merged by 21 people
-
Swift: separate installation of dependencies and autobuilding
#15116 merged
Dec 21, 2023 -
C++: Show indirections when printing SSA variables
#15185 merged
Dec 21, 2023 -
Update CSV framework coverage reports
#15182 merged
Dec 21, 2023 -
Update system requirements for ruby
#15164 merged
Dec 20, 2023 -
Python: Basic implementation of variable capture
#14944 merged
Dec 20, 2023 -
C#: Mention more XSS sanitisation options in query help.
#15160 merged
Dec 20, 2023 -
Java: Update MaD Declarations after Triage
#14646 merged
Dec 20, 2023 -
Java: Update MaD Declarations after Triage
#14580 merged
Dec 20, 2023 -
Python: Add scope entry definition nodes
#15166 merged
Dec 20, 2023 -
C++: Remove unneeded extractor option
#15173 merged
Dec 20, 2023 -
C#: Fix working directory structures in standalone
#15156 merged
Dec 20, 2023 -
CPP: Add query for detecting invalid uses of temporary unique pointers.
#15078 merged
Dec 20, 2023 -
C#: Classify test support files in model editor queries
#15159 merged
Dec 20, 2023 -
C#: Replace more hand written stubs with generated ones.
#15154 merged
Dec 20, 2023 -
Fix sphinx.add_lexer.
#15112 merged
Dec 19, 2023 -
Post-release preparation for codeql-cli-2.15.5
#15153 merged
Dec 19, 2023 -
Java: Add the `Map#replace` and `Map#replaceAll` methods to `MapMutator` in `Maps.qll`
#15126 merged
Dec 19, 2023 -
C++: Update test after extractor changes
#15146 merged
Dec 19, 2023 -
C++: Fix unnecessary evaluation of debug strings
#15152 merged
Dec 19, 2023 -
Python: update to new API update is in a comment, so compilation never failed in CI.
#15101 merged
Dec 19, 2023 -
Release preparation for version 2.15.5
#15141 merged
Dec 18, 2023 -
Python: Remove `@tags meta` from internal debug queries
#15104 merged
Dec 18, 2023 -
Python: Adopt shared type tracking library
#14848 merged
Dec 18, 2023 -
C++: Fix joins in `cpp/use-after-free`
#15136 merged
Dec 18, 2023 -
TESTING IGNORE Release preparation for version 2.92.0
#15137 merged
Dec 18, 2023 -
C#: Add telemetry query to report extractor information
#15124 merged
Dec 18, 2023 -
C#: Exclude not existing or problematic files from standalone extraction
#15131 merged
Dec 18, 2023 -
Swift: do not trace codesign binary
#15134 merged
Dec 18, 2023 -
C++: Fix joins in `isModifiableAtImpl`
#15132 merged
Dec 18, 2023 -
Bazel/CMake: use bazelisk to use correct bazel version
#15135 merged
Dec 18, 2023 -
TESTING IGNORE - Release preparation for version 2.91.0 - TESTING IGNORE
#15133 merged
Dec 18, 2023 -
C++: Fix joins in `cpp/wrong-type-format-argument`
#15129 merged
Dec 18, 2023 -
C#: Escape method names in stub generation.
#15119 merged
Dec 18, 2023 -
C++: Fix FPs in `cpp/double-free` and `cpp/use-after-free`
#15123 merged
Dec 18, 2023 -
C++: Fix joins in `AV Rule 145`
#15121 merged
Dec 18, 2023 -
Java: Fix FPs in Missing certificate pinning
#15012 merged
Dec 18, 2023 -
Ruby: Model simple pattern matching as value steps instead of taint steps
#15103 merged
Dec 18, 2023 -
Swift: Add more test cases for application(...launchOptions...).
#15125 merged
Dec 18, 2023 -
C++: Fix joins in `cpp/resource-not-released-in-destructor`
#15120 merged
Dec 15, 2023 -
C++: Only consider the maximum buffer size for badly bounded write
#15117 merged
Dec 15, 2023 -
Dataflow: Deprecate FlowStateString.
#15062 merged
Dec 15, 2023 -
JS: add integration test for the new extractor option to disable type extraction
#15115 merged
Dec 15, 2023 -
C#: .NET8 Stubs update.
#15100 merged
Dec 15, 2023 -
C++: Produce a better `toString` for dataflow nodes with indirections
#15107 merged
Dec 15, 2023 -
JS: TypeScript extractor fixes into rc/3.12
#15111 merged
Dec 15, 2023 -
C#: Stub generator scripts.
#15108 merged
Dec 15, 2023 -
Python: Delete old copy of DataFlowImplConsistency.qll
#15109 merged
Dec 15, 2023
27 Pull requests opened by 16 people
-
Ruby: Track types in data flow
#15118 opened
Dec 15, 2023 -
Swift: Query for Use of an inappropriate cryptographic hashing algorithm on passwords
#15122 opened
Dec 15, 2023 -
Add buildless tests
#15127 opened
Dec 15, 2023 -
Go: fix FP in incorrect integer conversion query relating to strict comparisons with MaxInt and MaxUint
#15128 opened
Dec 17, 2023 -
Go: new query for detect DOS vulnerability
#15130 opened
Dec 18, 2023 -
Data flow: prune context-sensitivity relations
#15140 opened
Dec 18, 2023 -
Bump golang.org/x/crypto from 0.12.0 to 0.17.0 in /go/ql/test/experimental/CWE-347
#15147 opened
Dec 18, 2023 -
Bump golang.org/x/crypto from 0.12.0 to 0.17.0 in /go/ql/test/experimental/CWE-321-V2
#15148 opened
Dec 18, 2023 -
Bump golang.org/x/crypto from 0.12.0 to 0.17.0 in /go/ql/test/library-tests/semmle/go/frameworks/Afero
#15149 opened
Dec 18, 2023 -
Bump golang.org/x/crypto from 0.12.0 to 0.17.0 in /go/ql/test/library-tests/semmle/go/frameworks/Iris
#15150 opened
Dec 18, 2023 -
Bump golang.org/x/crypto from 0.9.0 to 0.17.0 in /go/ql/test/experimental/CWE-942
#15151 opened
Dec 19, 2023 -
Data flow: Avoid unnecessary non-linear recursion in `fwdFlowIn`
#15157 opened
Dec 19, 2023 -
Go: Stratify `CFG::succ` to avoid recursion
#15162 opened
Dec 19, 2023 -
Javascript: Regex Global Flag in Test Function
#15163 opened
Dec 19, 2023 -
ensure `publish.sh` uses the latest `automodel` release
#15165 opened
Dec 19, 2023 -
Python experiment: adding entry definitions to the basic variable capture branch
#15167 opened
Dec 19, 2023 -
C#: .NET 8 Runtime models.
#15174 opened
Dec 20, 2023 -
C#: Improve arg-param mapping logic to better handle arguments passed to `params` parameters
#15175 opened
Dec 20, 2023 -
Python: Mention more sanitisation options in py/url-redirection qhelp.
#15176 opened
Dec 20, 2023 -
C#/Java: Only generate models if there doesn't exist manual summary or neutral summary model.
#15179 opened
Dec 20, 2023 -
JS: Web Cache Deception Express
#15180 opened
Dec 20, 2023 -
GO - Add sink for libxml2 in go/xml/xpath-injection via XPath.qll
#15181 opened
Dec 20, 2023 -
Java: Fix minor error in `java/potentially-weak-cryptographic-algorithm`
#15183 opened
Dec 21, 2023 -
Python: Add support for more URL redirect sanitisers.
#15187 opened
Dec 21, 2023 -
Java: Update MaD Declarations after Triage
#15188 opened
Dec 21, 2023 -
Merge `rc/3.12` into `main`
#15189 opened
Dec 22, 2023
3 Issues closed by 3 people
-
False positive: go/incorrect-integer-conversion
#15158 closed
Dec 19, 2023 -
zero files scanned results in green build
#14841 closed
Dec 15, 2023 -
False positive, cpp/ql/src/Security/CWE/CWE-120/BadlyBoundedWrite.ql
#13913 closed
Dec 15, 2023
6 Issues opened by 4 people
-
IRGuardCondition failure to detect NULL condition
#15186 opened
Dec 21, 2023 -
False positive: py/url-redirection does not recognise sanitisation by checking netloc
#15178 opened
Dec 20, 2023 -
Incomplete documentation for cs/web/broad-cookie-domain
#15169 opened
Dec 19, 2023 -
False positive: cs/web/broad-cookie-domain for Domain = null or ""
#15168 opened
Dec 19, 2023 -
C#: Missing modelling of Newtonsoft.Json StringEscapeHandling
#15155 opened
Dec 19, 2023 -
Exit status -1073741515 when doing ruby analysis on Windows 2019
#15139 opened
Dec 18, 2023
21 Unresolved conversations
Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.
-
Java: Insecure Loading of Class in Android App without Package Signature Checking
#14752 commented on
Dec 22, 2023 • 22 new comments -
32 cpp string concatenation library
#14954 commented on
Dec 20, 2023 • 11 new comments -
Go: Decompression Bombs
#13553 commented on
Dec 19, 2023 • 8 new comments -
JS: Add `dot.js` support
#13624 commented on
Dec 20, 2023 • 3 new comments -
Ruby: Add Insecure Randomness Query
#14554 commented on
Dec 20, 2023 • 3 new comments -
Swift: implement type pruning for dataflow
#14592 commented on
Dec 15, 2023 • 3 new comments -
Java: Environment variable injection query
#14724 commented on
Dec 21, 2023 • 3 new comments -
C#: Add flow steps from a PageModel to cshtml page.
#15039 commented on
Dec 15, 2023 • 3 new comments -
Ruby: Model editor improvements
#15048 commented on
Dec 15, 2023 • 3 new comments -
Web Cache Deception Vulnerability on Go Frameworks
#15057 commented on
Dec 19, 2023 • 3 new comments -
General issue - CodeQL exiting with exit code 2
#14866 commented on
Dec 15, 2023 • 2 new comments -
C++: Ensure that only one `Function` exists for every function
#12125 commented on
Dec 22, 2023 • 2 new comments -
Python: Automated subclass models
#15044 commented on
Dec 19, 2023 • 2 new comments -
Python: Use more general definitions
#15080 commented on
Dec 15, 2023 • 2 new comments -
General issue [Azure DevOps Pipeline]: pipeline is stuck at "Starting evaluation of codeql/csharp-queries/Telemetry/UnsupportedExternalAPIs.ql." step
#15059 commented on
Dec 17, 2023 • 1 new comment -
add security-severity score to code scanning query list
#12557 commented on
Dec 18, 2023 • 1 new comment -
[Java] Add Unicode Bypass Validation query, test and help file
#12995 commented on
Dec 19, 2023 • 1 new comment -
JS: Add Permissive CORS query (CWE-942)
#14342 commented on
Dec 20, 2023 • 1 new comment -
Java: Add more sinks to the Insecure Randomness query
#14681 commented on
Dec 19, 2023 • 1 new comment -
[Feature branch] JS: Migrate to shared dataflow library
#14412 commented on
Dec 21, 2023 • 0 new comments -
Java: Improve Gson parse, get, and stream models
#14926 commented on
Dec 15, 2023 • 0 new comments