Insights: github/codeql
Overview
Could not load contribution data
Please try again later
36 Pull requests merged by 20 people
-
Update CSV framework coverage reports
#15517 merged
Feb 5, 2024 -
Kotlin: Add path transformer support
#15477 merged
Feb 2, 2024 -
C++: Add PreprocBlock.qll library
#15476 merged
Feb 2, 2024 -
Automodel: Do not consider `@FunctionalInterface`-typed expressions as candidates.
#15499 merged
Feb 2, 2024 -
C++: Block summary flow through `strdup` and friends
#15504 merged
Feb 2, 2024 -
Java: Remove two redundant models implied by CharSequence models.
#15511 merged
Feb 2, 2024 -
C#: Inter-procedural dataflow for `ref` structs when used as arguments.
#15502 merged
Feb 2, 2024 -
C#: Disable msbuild node reuse in dependency fetcher
#15509 merged
Feb 2, 2024 -
C++: Ensure that only one Function exists for every function - take 2
#15421 merged
Feb 2, 2024 -
C#: Improve messages in buildless extraction logs
#15505 merged
Feb 2, 2024 -
Go: Include versions in newer Go version needed diagnostic
#15492 merged
Feb 1, 2024 -
Ruby: Add another dataflow test
#15498 merged
Feb 1, 2024 -
Updated dotnet version to 8.0.101
#15475 merged
Feb 1, 2024 -
C#: Fix extraction of qualified delegate calls
#15484 merged
Feb 1, 2024 -
Ruby: Model constructors in endpoint query on new instead of initialize
#15490 merged
Feb 1, 2024 -
C#: Disable msbuild node reuse in autobuild
#15491 merged
Feb 1, 2024 -
Ruby: Add Insecure Randomness Query
#14554 merged
Jan 31, 2024 -
Ruby: Model flow through `ViewComponent` render methods
#15370 merged
Jan 31, 2024 -
Ruby: Only model relevant files for type models
#15485 merged
Jan 31, 2024 -
C#: Extract expanded compiler arguments
#15472 merged
Jan 31, 2024 -
False positive fix for cpp/uninitialized-local
#15463 merged
Jan 31, 2024 -
Ruby: Only generate models for public methods
#15473 merged
Jan 31, 2024 -
C++: Support function calls throwing exceptions in the IR
#15461 merged
Jan 31, 2024 -
Ruby: Rework `mayBenefitFromCallContext`
#15468 merged
Jan 30, 2024 -
Ruby: additional unsafe deserialization sinks for ox and one for oj
#14544 merged
Jan 30, 2024 -
JS/TS/Python/Ruby: Renames diagnostic query files and tests
#15465 merged
Jan 30, 2024 -
Python: Add `html.escape` as HTML sanitizer
#15398 merged
Jan 30, 2024 -
Ruby: Correctly report supported status of summary and neutral models
#15470 merged
Jan 30, 2024 -
Ruby: Block flow from LHS of && expressions
#15467 merged
Jan 30, 2024 -
C# 12: Support for collection expressions.
#15426 merged
Jan 30, 2024 -
cpp/incorrect-string-type-conversion false positive fixes
#15448 merged
Jan 30, 2024 -
C++: Fix more `asExpr` duplication
#15458 merged
Jan 30, 2024 -
C++: Fix another FP in `cpp/incorrectly-checked-scanf`
#15460 merged
Jan 30, 2024 -
C++: Fix FP in `cpp/incorrectly-checked-scanf`
#15456 merged
Jan 29, 2024 -
Python: Support `a` (ASCII) inline regex flag
#15390 merged
Jan 29, 2024 -
C#: Change asp.net core view generation to be opt out
#15454 merged
Jan 29, 2024
24 Pull requests opened by 19 people
-
Python: Model the `psycopg` package
#15457 opened
Jan 29, 2024 -
C#: Add summaries for Span<T> and ReadOnlySpan<T>.
#15459 opened
Jan 29, 2024 -
Check for large runners
#15471 opened
Jan 30, 2024 -
C# 12: Primary constructors.
#15474 opened
Jan 30, 2024 -
Revert "Ruby: additional unsafe deserialization sinks for ox and one for oj"
#15479 opened
Jan 30, 2024 -
False positive in SensitiveDataHeuristics - exclude certification from maybeCertificate() regex
#15480 opened
Jan 30, 2024 -
Java: Add query for insecure local authentication
#15481 opened
Jan 31, 2024 -
Ruby: Block flow into flow sources
#15483 opened
Jan 31, 2024 -
Java: Update MaD Declarations after Triage
#15486 opened
Jan 31, 2024 -
Ruby: add docs for customizing library models with data extensions
#15488 opened
Jan 31, 2024 -
C#: Additional tracking of lambdas through fields and properties
#15489 opened
Jan 31, 2024 -
Declare permissions
#15493 opened
Jan 31, 2024 -
Tree-sitter extractors: use fresh IDs for locations
#15496 opened
Jan 31, 2024 -
Python: Support integer subscripts in the API graph
#15497 opened
Jan 31, 2024 -
Dataflow/Java: Support alert provenance
#15501 opened
Feb 1, 2024 -
Ruby: Add query for access paths in model editor
#15503 opened
Feb 1, 2024 -
C++: Add implicit destructors for named variables to the IR
#15506 opened
Feb 1, 2024 -
Shared: fix a bug in stateful outbarriers
#15507 opened
Feb 1, 2024 -
JS: Add support for TS 5.4-beta
#15510 opened
Feb 2, 2024 -
Added model for gettext variants.
#15513 opened
Feb 2, 2024 -
C++: Change sources in `NonConstantFormat.ql`
#15516 opened
Feb 2, 2024 -
C#: Extract dependency restore telemetry data
#15518 opened
Feb 5, 2024
8 Issues closed by 7 people
-
Python extractor failure when Python 3.6 is used
#15337 closed
Feb 5, 2024 -
cpp query does not stop
#15442 closed
Feb 2, 2024 -
Kotlin Extractor does not respect SEMMLE_PATH_TRANSFORMER for Source Files
#15382 closed
Feb 2, 2024 -
C++ Function Call to Undefined Function
#9799 closed
Feb 2, 2024 -
How to show all the results from multiple queiries?
#15482 closed
Jan 31, 2024 -
Failed to load semmle.go.controlflow: "Could not resolve module semmle.go.controlflow"
#15469 closed
Jan 31, 2024 -
Issues Encountered While Analyzing C Control Flow with CodeQL
#15455 closed
Jan 30, 2024 -
False positive and misleading diagnostic on scanf
#15415 closed
Jan 30, 2024
8 Issues opened by 7 people
-
When I run database analyse for cpp, the exported sarif is empty while bqrs contains many warnings
#15514 opened
Feb 2, 2024 -
eliminate GuardConditions that are part of Assertions in cpp
#15512 opened
Feb 2, 2024 -
SARIF produced in `csharp` scan contains `NaN` values
#15508 opened
Feb 2, 2024 -
explicit java Function<X,Y> implementation is not tainted?
#15494 opened
Jan 31, 2024 -
False positive: Certification should not match maybeCertificate()
#15478 opened
Jan 30, 2024 -
Python codeql analysis hangs at `UnusedModuleVariable`
#15466 opened
Jan 29, 2024 -
Workflows get stuck on forks
#15464 opened
Jan 29, 2024 -
Workflows are missing permissions requests
#15462 opened
Jan 29, 2024
25 Unresolved conversations
Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.
-
JS: Add library for naming endpoints
#15380 commented on
Jan 31, 2024 • 15 new comments -
Java: Add query for sensitive data exposed in text fields
#15396 commented on
Feb 2, 2024 • 13 new comments -
C#: Refactor C# queries to use `ThreatModelFlowSource` instead of `RemoteFlowSource`
#15419 commented on
Feb 5, 2024 • 6 new comments -
Go: Update autobuilder to deal with the upcoming deprecation of the legacy GOPATH mode
#15361 commented on
Feb 2, 2024 • 5 new comments -
Python: add models for `stdlib`
#15306 commented on
Feb 5, 2024 • 5 new comments -
C++: Implement models-as-data
#15371 commented on
Feb 1, 2024 • 4 new comments -
Java: Extend JAXB.qll to cover Jakarta XML Binding
#4840 commented on
Feb 1, 2024 • 2 new comments -
Dataflow perf investigations
#15444 commented on
Jan 30, 2024 • 1 new comment -
Some CPP source files do not contain headers
#15366 commented on
Jan 29, 2024 • 1 new comment -
False negative: NestJS TypeORM SQLInjection vulnerability not detected
#15299 commented on
Jan 29, 2024 • 0 new comments -
False positive - "zx" npm package usage is mistakenly detected as jQuery usage
#15286 commented on
Feb 1, 2024 • 0 new comments -
Unique IDs for C++ Functions
#15342 commented on
Feb 1, 2024 • 0 new comments -
C#: Merge `cs/exposure-of-private-information` into `cs/cleartext-storage-of-sensitive-information`,
#15379 commented on
Jan 29, 2024 • 0 new comments -
Dataflow break when using a switch statement with type assertions in golang?
#15350 commented on
Feb 1, 2024 • 0 new comments -
Tree sitter extractor: Proper handling of `LGTM_INDEX_FILTERS`
#15365 commented on
Jan 30, 2024 • 0 new comments -
Java: Refactor path injection sinks
#12886 commented on
Jan 30, 2024 • 0 new comments -
[Python] Add Unicode DoS (qhelp, tests and the query)
#15319 commented on
Jan 29, 2024 • 0 new comments -
Python: add new Pandas sinks
#15314 commented on
Jan 29, 2024 • 0 new comments -
Ruby: Decompression Bombs
#13556 commented on
Feb 1, 2024 • 0 new comments -
C# WIP: Change pre-finalize to run standalone extraction
#15298 commented on
Feb 1, 2024 • 0 new comments -
C++: Accept test changes after frontend upgrade
#15213 commented on
Feb 1, 2024 • 0 new comments -
JS: Web Cache Deception Express
#15180 commented on
Feb 1, 2024 • 0 new comments -
Javascript: Regex Global Flag in Test Function
#15163 commented on
Feb 1, 2024 • 0 new comments -
Data flow: prune context-sensitivity relations
#15140 commented on
Jan 30, 2024 • 0 new comments -
JS: Add Permissive CORS query (CWE-942)
#14342 commented on
Feb 1, 2024 • 0 new comments