Insights: github/codeql
Overview
Could not load contribution data
Please try again later
43 Pull requests merged by 27 people
-
Go: Improve robustness of integration tests
#15355 merged
Jan 17, 2024 -
Js/Py/Rb: Report any extracted file as successfully extracted
#15256 merged
Jan 17, 2024 -
Automodel: Apply negative characteristics only to endpoints of the right kind.
#15326 merged
Jan 17, 2024 -
C++/Swift: Create shared library and share Diagnostics
#15354 merged
Jan 17, 2024 -
JS/PY/JAVA/RB: mark the range [0-?] as good in the overly-large-range query
#15351 merged
Jan 17, 2024 -
C++: update tests to pick up destructor changes
#15329 merged
Jan 17, 2024 -
Swift: Add `nomagic` to `Pattern.getMatchingExpr`
#15348 merged
Jan 17, 2024 -
Go: Exclude all FlowSummaryNodes from test results
#15341 merged
Jan 17, 2024 -
Swift: switch to shared, parameterized CFG library
#15219 merged
Jan 16, 2024 -
Generate Changelogs for 2.15.5 & 2.16.0
#15279 merged
Jan 16, 2024 -
Add note about telemetry for CodeQL extension settings
#15333 merged
Jan 16, 2024 -
Post-release preparation for codeql-cli-2.16.0
#15254 merged
Jan 16, 2024 -
Swift extractor: Generalise SwiftDiagnostics
#15322 merged
Jan 16, 2024 -
Swift: upgrade to 5.9.2
#15259 merged
Jan 16, 2024 -
C#: Respect order of `LGTM_INDEX_FILTERS` in buildless extraction
#15325 merged
Jan 16, 2024 -
Java: Improve Regex flag parsing
#15244 merged
Jan 16, 2024 -
Go: Better handle pre-release versions
#15327 merged
Jan 15, 2024 -
Go: add fasthttp to frameworks for coverage
#15324 merged
Jan 15, 2024 -
Go: fasthttp
#14123 merged
Jan 14, 2024 -
C++: Fix typo
#15315 merged
Jan 12, 2024 -
Update supported-versions-compilers.rst on release candidate branch
#15266 merged
Jan 12, 2024 -
C#: Improve getRuntimeArgumentForParameter to consider named arguments.
#15296 merged
Jan 12, 2024 -
C#/Java: Increase precision of model generation.
#15179 merged
Jan 12, 2024 -
Revert "Swift: separate installation of dependencies and autobuilding"
#15305 merged
Jan 12, 2024 -
C++: Fix duplicate "final global value" nodes
#15282 merged
Jan 12, 2024 -
Python: Mention more sanitisation options in py/url-redirection qhelp.
#15176 merged
Jan 12, 2024 -
C++: Revert "Merge pull request #12125 from jketema/unique-function"
#15304 merged
Jan 12, 2024 -
Go: Recognize unsafe candidate selection in `go/insecure-randomness`
#15294 merged
Jan 12, 2024 -
C#/Java: Manual neutral summaries should block generated summaries
#15246 merged
Jan 12, 2024 -
Bump the extractor-dependencies group in /go/extractor with 1 update
#15302 merged
Jan 12, 2024 -
C# 12: Type alias [Test only]
#15297 merged
Jan 12, 2024 -
Replace blog link with link to GitHub user docs
#15235 merged
Jan 12, 2024 -
Update CSV framework coverage reports
#15301 merged
Jan 12, 2024 -
C++: Add a test with `__uuidof` in a template.
#15300 merged
Jan 11, 2024 -
Update query-metadata-style-guide.md clarify problem.severity
#15288 merged
Jan 11, 2024 -
JS: Include sink nodes as base-case when resolving types
#15295 merged
Jan 11, 2024 -
C# 12: Support for lambda `param` parameter and parameter defaults.
#15249 merged
Jan 11, 2024 -
JS: Add `dot.js` support
#13624 merged
Jan 11, 2024 -
Ruby: Handle captured `yield` calls
#15273 merged
Jan 11, 2024 -
Java: improve models for some important JDK methods
#15280 merged
Jan 11, 2024 -
Release automodel extraction queries v0.0.12.
#15283 merged
Jan 11, 2024 -
Update CSV framework coverage reports
#15289 merged
Jan 11, 2024 -
C++: add `.def` to exceptions to AV rule 32
#15265 merged
Jan 11, 2024
19 Pull requests opened by 15 people
-
C# WIP: Change pre-finalize to run standalone extraction
#15298 opened
Jan 11, 2024 -
Python: add models for `stdlib`
#15306 opened
Jan 12, 2024 -
Ruby: Add type row for extends calls
#15311 opened
Jan 12, 2024 -
Python: add new Pandas sinks
#15314 opened
Jan 12, 2024 -
C++: First-class destructors in AST and IR
#15318 opened
Jan 12, 2024 -
[Python] Add Unicode DoS (qhelp, tests and the query)
#15319 opened
Jan 13, 2024 -
C# 12: Inline array support.
#15328 opened
Jan 15, 2024 -
Generalization of FlowAfterFree
#15343 opened
Jan 16, 2024 -
Bump org.apache.shiro:shiro-core from 1.8.0 to 1.13.0 in /java/ql/test/utils/flowtestcasegenerator
#15344 opened
Jan 16, 2024 -
Python: Improve Regex flag parsing
#15345 opened
Jan 17, 2024 -
Remove outdated CodeQL CLI docs
#15349 opened
Jan 17, 2024 -
Ruby: Do not generate reverse stores from attribute reads
#15353 opened
Jan 17, 2024 -
Automodel: Switch tests to inline expectations
#15356 opened
Jan 17, 2024 -
C#: Threat Modeling - Introduce `ThreatModelFlowSource`
#15359 opened
Jan 17, 2024 -
C#: Report any extracted file as successfully extracted
#15360 opened
Jan 17, 2024 -
Go: Update autobuilder to deal with the upcoming deprecation of the legacy GOPATH mode
#15361 opened
Jan 17, 2024 -
Go: Add `go.work` file
#15362 opened
Jan 17, 2024 -
Bump actions/cache from 3 to 4
#15363 opened
Jan 18, 2024 -
Bump rayon from 1.8.0 to 1.8.1 in /ql
#15364 opened
Jan 18, 2024
2 Issues closed by 2 people
-
The QL query should not have multiple results?
#15274 closed
Jan 17, 2024 -
General issue
#15334 closed
Jan 16, 2024
7 Issues opened by 7 people
-
Dataflow break when using a switch statement with type assertions in golang?
#15350 opened
Jan 17, 2024 -
Unique IDs for C++ Functions
#15342 opened
Jan 16, 2024 -
Python extractor failure when Python 3.6 is used
#15337 opened
Jan 16, 2024 -
CWE-434 "Unrestricted Upload of File with Dangerous Type" related rules absence
#15335 opened
Jan 16, 2024 -
Java: Taint flows backwards for array element
#15321 opened
Jan 15, 2024 -
False positive: Modification of parameter with default for Python copy.deepcopy
#15317 opened
Jan 12, 2024 -
False negative: NestJS TypeORM SQLInjection vulnerability not detected
#15299 opened
Jan 11, 2024
24 Unresolved conversations
Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.
-
Ruby: Track types in data flow
#15118 commented on
Jan 16, 2024 • 9 new comments -
Go: Decompression Bombs
#13553 commented on
Jan 17, 2024 • 7 new comments -
Go: new query for detect DOS vulnerability
#15130 commented on
Jan 12, 2024 • 6 new comments -
Add test for erb flow
#15223 commented on
Jan 17, 2024 • 3 new comments -
C++ Function Call to Undefined Function
#9799 commented on
Jan 12, 2024 • 3 new comments -
CodeQL Package Manger and CodeQL Packs Beta Status
#15287 commented on
Jan 11, 2024 • 2 new comments -
CodeQL is missing an inline mechanism to suppress warnings
#11427 commented on
Jan 11, 2024 • 2 new comments -
Python: remove assignments handled by capture library
#15255 commented on
Jan 16, 2024 • 2 new comments -
IRGuardCondition failure to detect NULL condition
#15186 commented on
Jan 17, 2024 • 2 new comments -
Java: Add query for exposure of sensitive information to android notifiactions
#15281 commented on
Jan 16, 2024 • 1 new comment -
27 cppnon constant format bug
#14700 commented on
Jan 11, 2024 • 1 new comment -
Java: Introduce a common sanitizer type for types which cannot realistically carry taint.
#15291 commented on
Jan 17, 2024 • 1 new comment -
General issue - CodeQL exiting with exit code 2
#14866 commented on
Jan 14, 2024 • 1 new comment -
False positive - cs/unused-reftype - C#
#15278 commented on
Jan 12, 2024 • 1 new comment -
CodeQL for unity
#11791 commented on
Jan 11, 2024 • 1 new comment -
Java: Add `java.util.UUID` and `java.util.Date` to the `SimpleScalarSanitizer` class
#15292 commented on
Jan 16, 2024 • 0 new comments -
Go: extract entities for type parameters
#15216 commented on
Jan 16, 2024 • 0 new comments -
C++: Accept test changes after frontend upgrade
#15213 commented on
Jan 12, 2024 • 0 new comments -
Go: Support Go 1.22
#15202 commented on
Jan 17, 2024 • 0 new comments -
Data flow: prune context-sensitivity relations
#15140 commented on
Jan 12, 2024 • 0 new comments -
Java: openjdk model autogeneration
#14919 commented on
Jan 17, 2024 • 0 new comments -
C#: Extract and use ambiguous type information for call target resolution
#14891 commented on
Jan 17, 2024 • 0 new comments -
add security-severity score to code scanning query list
#12557 commented on
Jan 17, 2024 • 0 new comments -
A security issue that codeql cannot detect
#12473 commented on
Jan 16, 2024 • 0 new comments