Insights: github/codeql
September 16, 2022 – September 23, 2022
Overview
Could not load contribution data
Please try again later
80 Pull requests merged by 24 people
-
Post-release preparation for codeql-cli-2.11.0
#10565 merged
Sep 23, 2022 -
Swift: fix regression.
#10564 merged
Sep 23, 2022 -
Minor updates to reflect recommendations for Python support
#10553 merged
Sep 23, 2022 -
C++: Fix missing bounds in range analysis
#10555 merged
Sep 23, 2022 -
C++: Further work on buffer-overflow queries
#10398 merged
Sep 23, 2022 -
Kotlin: Simplify trapFilePathForDecl
#10556 merged
Sep 23, 2022 -
Release preparation for version 2.11.0
#10543 merged
Sep 23, 2022 -
New atm features rebased
#10018 merged
Sep 23, 2022 -
Swift: Add full stop at the end of alert-messages
#10551 merged
Sep 23, 2022 -
Kotlin: Fix non-nested local class extraction
#10549 merged
Sep 23, 2022 -
C#: Fix join order in InterpretedCallable characteristic predicate.
#10433 merged
Sep 23, 2022 -
C# Integration test validations for `dotnet run`.
#10540 merged
Sep 23, 2022 -
Python: Model `flask.jsonify`
#10535 merged
Sep 23, 2022 -
JS: Add generated typings to SQL models
#10253 merged
Sep 23, 2022 -
Data flow: Guard against `viableImplInCallContext` not being a subset of `viableCallable`
#10505 merged
Sep 23, 2022 -
Final mergeback from `rc/3.7`
#10532 merged
Sep 22, 2022 -
Update qlpack properties descriptions
#10458 merged
Sep 22, 2022 -
QL: A few more improvements to `ql/alert-message-style-violation`
#10529 merged
Sep 22, 2022 -
JS: Remove old Portal-based flow summary implementation
#10490 merged
Sep 22, 2022 -
JS: Try to parse files without using our parser extensions before enabling the extensions
#10470 merged
Sep 22, 2022 -
Ruby: RBI library changes to support models-as-data model generation
#9932 merged
Sep 22, 2022 -
Java: Delete some unused code
#10486 merged
Sep 22, 2022 -
Ruby: Add post-update nodes for compound arguments
#10444 merged
Sep 22, 2022 -
Ruby: use consistent capitalization with `import ... as`
#10531 merged
Sep 22, 2022 -
C#: Prepend `-p:UseSharedCompilation=false` instead of append for `dotnet run`
#10469 merged
Sep 22, 2022 -
Kotlin: Tolerate kotlinc versions like 1.7.20-Beta
#10530 merged
Sep 22, 2022 -
Ruby: add Hash.from_trusted_xml as an unsafe deserialization sink
#10512 merged
Sep 22, 2022 -
Ruby: Two fixes for `private` methods
#10504 merged
Sep 22, 2022 -
Swift: update Swift frontend to 5.7
#10522 merged
Sep 22, 2022 -
Ruby: Add query for debugging regexp flow
#10517 merged
Sep 22, 2022 -
Bump actions/stale from 5 to 6
#10527 merged
Sep 22, 2022 -
Swift: express the schema in Python
#10516 merged
Sep 22, 2022 -
Update section on query specifiers
#10500 merged
Sep 21, 2022 -
QL: improve the `ql/alert-message-style-violation` query.
#10513 merged
Sep 21, 2022 -
Aeisenberg/merge rc3.7 into main
#10496 merged
Sep 21, 2022 -
Kotlin: Extract `suspend` functions
#10473 merged
Sep 21, 2022 -
Swift: fix `IfConfigDecl` in QL libraries
#10511 merged
Sep 21, 2022 -
Kotlin: Tidy up TrapLocker
#10495 merged
Sep 21, 2022 -
Kotlin: Catch exception thrown by kotlinc
#10353 merged
Sep 21, 2022 -
Swift: skip one more unsupported CLI arg
#10488 merged
Sep 21, 2022 -
Ruby: Do not expose AST layer through `ruby.qll`
#10376 merged
Sep 21, 2022 -
C#: Integration test(s)
#10465 merged
Sep 21, 2022 -
Swift: move toposort in `schema.py`
#10508 merged
Sep 21, 2022 -
C++: Multiple minor improvements to the cpp/cleartext-* queries
#10300 merged
Sep 21, 2022 -
Ruby: Fix bad join-order
#10491 merged
Sep 21, 2022 -
GO: make the alert messages of taint-tracking queries more consistent
#10413 merged
Sep 21, 2022 -
Update CSV framework coverage reports
#10501 merged
Sep 21, 2022 -
RB: make the alert messages of taint-tracking queries more consistent
#10304 merged
Sep 20, 2022 -
Python: Fix imports for tarslip tests
#10494 merged
Sep 20, 2022 -
Python: `getStarArg` gives first `*args` argument
#10387 merged
Sep 20, 2022 -
Swift: do not extract unresolved things from `IfConfigDecl`
#10386 merged
Sep 20, 2022 -
Bazel: add some bazel files to `CODEOWNERS`
#10492 merged
Sep 20, 2022 -
C++: Add shared files in `experimental` to `identical-files.json`.
#10487 merged
Sep 20, 2022 -
JS: change alert messages of path queries to use the same template
#10286 merged
Sep 20, 2022 -
Java: Promote Server-side template injection from experimental
#10352 merged
Sep 20, 2022 -
Swift: remove (dead) VFS related code
#10452 merged
Sep 20, 2022 -
Swift: trigger workflows on bazel changes
#10482 merged
Sep 20, 2022 -
Ruby: Rework call graph implementation
#10336 merged
Sep 20, 2022 -
Swift: Fix missing results in swift/cleartext-storage-database
#10430 merged
Sep 20, 2022 -
Ruby: model ActionView::FileSystemResolver as a FileSystemAccess
#10450 merged
Sep 20, 2022 -
Python dataflow: flow summaries restart
#8781 merged
Sep 20, 2022 -
Swift: fix version in integration tests
#10485 merged
Sep 20, 2022 -
JS: filter out "file read after existence check" from js/file-system-race
#10471 merged
Sep 20, 2022 -
ruby: remove unused predicate from NfaUtilsSpecific
#10476 merged
Sep 20, 2022 -
Java: Improve and add predicates and classes for annotations
#6246 merged
Sep 20, 2022 -
update the style guide on alert-messages
#10405 merged
Sep 20, 2022 -
Go: Fix source/sanitizer class that were never used
#10475 merged
Sep 20, 2022 -
JS: don't mention classes that don't exist in TaintTracking.qll
#10472 merged
Sep 20, 2022 -
Java: really return a unique location for non-source entities
#10457 merged
Sep 20, 2022 -
C++: Add a `cpp/invalid-pointer-deref` query to experimental
#10438 merged
Sep 20, 2022 -
Swift: open(2) interception
#10447 merged
Sep 20, 2022 -
C#: Theorems for Free - Model generation
#10238 merged
Sep 20, 2022 -
Add redirect for removed 'About QL packs' article
#10468 merged
Sep 19, 2022 -
C#: Remove `dotnet run` support in LUA tracer.
#10464 merged
Sep 19, 2022 -
Python: Allow `CallNode.getArgByName` for keyword args after `**kwargs`
#10384 merged
Sep 19, 2022 -
ensure consistent casing of names
#10312 merged
Sep 19, 2022 -
python: Port `RaisingTuple.ql` to not use `points-to`
#10264 merged
Sep 19, 2022 -
python: port UnguardedNextInIterator from `points-to` to API graph
#10265 merged
Sep 19, 2022 -
python: rewrite CatchingBaseException from `points-to` to API graph
#10266 merged
Sep 19, 2022 -
JS: Fix FP in js/regexp/always-matches
#10396 merged
Sep 19, 2022
30 Pull requests opened by 22 people
-
Kotlin: Add test cases for argument-parameter mismatch
#10477 opened
Sep 19, 2022 -
Java: add Android service sources
#10479 opened
Sep 19, 2022 -
Update supported language codes
#10480 opened
Sep 19, 2022 -
Update bazel to v5.3.1
#10481 opened
Sep 19, 2022 -
Java: Improve `ImportStaticTypeMember` and `ImportStaticOnDemand`
#10497 opened
Sep 20, 2022 -
Java: Add `CompilationUnit.getATypeAvailableBySimpleName()`
#10498 opened
Sep 20, 2022 -
Java: Add `getJavadoc` predicate for `JavadocParent` and `JavadocElement`
#10499 opened
Sep 20, 2022 -
Kotlin: Fix type access expressions in enum constructor calls
#10506 opened
Sep 21, 2022 -
CPP: Make more alert-messages follow the style guide
#10507 opened
Sep 21, 2022 -
C#: Add test case for `JsonConvert.DeserializeObject` in interpolated string
#10509 opened
Sep 21, 2022 -
C++: Fix FPs for cpp/unused-static-function in files that were not extracted completely
#10510 opened
Sep 21, 2022 -
Run tests
#10515 opened
Sep 21, 2022 -
Kotlin: Fix comment extraction for anonymous objects
#10520 opened
Sep 21, 2022 -
Java: Disable Kotlin element of test re: database inconsistency exposed by JDK18 extractor upgrade
#10523 opened
Sep 21, 2022 -
Java: Update the alert messages to better follow the style guide
#10528 opened
Sep 22, 2022 -
Java: Add support for java.util.StringJoiner
#10533 opened
Sep 22, 2022 -
Swift: check for using ECB encryption mode
#10536 opened
Sep 22, 2022 -
Ruby: Model flow through ActionController::Parameters
#10538 opened
Sep 22, 2022 -
Python: add subscript to API graphs
#10539 opened
Sep 22, 2022 -
Kotlin unit tests: use best plugin version compatible with environment kotlinc
#10542 opened
Sep 22, 2022 -
Bump actions/upload-artifact from 2 to 3
#10545 opened
Sep 23, 2022 -
Ruby: Add call graph tests for unsupported constructs
#10548 opened
Sep 23, 2022 -
C++: New Query `cpp/comma-before-misleading-indentation`
#10550 opened
Sep 23, 2022 -
C#: Consider DateTime as simple type sanitizer.
#10554 opened
Sep 23, 2022 -
C#: Update the alert messages to better follow the style guide #10528
#10557 opened
Sep 23, 2022 -
Java: Improve performance of StaticInitializationVector.
#10558 opened
Sep 23, 2022 -
Ruby: some improvements
#10559 opened
Sep 23, 2022 -
Ruby: add YAML.load_file as an unsafe deserialization sink
#10560 opened
Sep 23, 2022 -
Go: Use a consistent query identifier for successfully extracted files
#10561 opened
Sep 23, 2022 -
C++: prototype for off-by-one in array-typed field
#10562 opened
Sep 23, 2022
8 Issues closed by 5 people
-
LGTM.com - false positive: `js/prototype-polluting-assignment`
#10552 closed
Sep 23, 2022 -
LGTM.com - false positivehe alert on the project page on LGTM.com
#10547 closed
Sep 23, 2022 -
LGTM.com - false positive
#10546 closed
Sep 23, 2022 -
Expected exactly one pattern. [INVALID_RESULT_PATTERNS]
#10484 closed
Sep 20, 2022 -
LGTM.com - false positive
#10462 closed
Sep 20, 2022 -
Query evaluation ran out of Java heap
#10432 closed
Sep 19, 2022 -
C:FunctionCall has different name from its in source code
#10467 closed
Sep 19, 2022 -
General issue
#10463 closed
Sep 17, 2022
5 Issues opened by 4 people
-
Javascript GetAChainedMethodCall
#10544 opened
Sep 22, 2022 -
C: Question aboutDataFlow Analyse
#10534 opened
Sep 22, 2022 -
codeql resolve qlpacks hangs
#10526 opened
Sep 22, 2022 -
How to customize the results of @kind: path-problem ?
#10493 opened
Sep 20, 2022 -
CPP: Missing code in database
#10466 opened
Sep 17, 2022
25 Unresolved conversations
Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.
-
Ruby: type-tracking and API edges through simple library callables
#10375 commented on
Sep 23, 2022 • 21 new comments -
Update the analyze databases article
#10459 commented on
Sep 22, 2022 • 17 new comments -
Java: CWE-552 Query to detect unsafe resource loading in Java Spring applications
#9199 commented on
Sep 23, 2022 • 13 new comments -
Java: Android deeplink analysis
#10368 commented on
Sep 23, 2022 • 7 new comments -
Kotlin: Implement JvmOverloads annotation
#9811 commented on
Sep 23, 2022 • 6 new comments -
Ruby: Context sensitive instance method resolution
#10358 commented on
Sep 23, 2022 • 5 new comments -
Ruby: add `rb/sensitive-get-query` query
#10369 commented on
Sep 23, 2022 • 5 new comments -
General issue (No source was seen and extracted)
#10132 commented on
Sep 21, 2022 • 4 new comments -
Java: Promote `PathSanitizer.qll` from experimental
#10177 commented on
Sep 21, 2022 • 4 new comments -
Java: New Android query to detect unsafe content URI resolution
#10223 commented on
Sep 21, 2022 • 4 new comments -
Java: Add query for WebView debugging enabled
#10241 commented on
Sep 23, 2022 • 2 new comments -
JS: expand localFieldStep to use access-paths, and build access-paths in more cases
#10378 commented on
Sep 22, 2022 • 2 new comments -
CPP:Some questions about Control flow analyse and query time
#10411 commented on
Sep 20, 2022 • 1 new comment -
Scala Compatibility
#4365 commented on
Sep 22, 2022 • 1 new comment -
Python: Add dataflow consistency query
#8457 commented on
Sep 23, 2022 • 1 new comment -
Bump actions/setup-python from 3 to 4
#10346 commented on
Sep 23, 2022 • 1 new comment -
C#: Dynamically create type based summaries
#10436 commented on
Sep 22, 2022 • 1 new comment -
Java: JavadocTag does not contain multi-line JavadocText children
#3825 commented on
Sep 19, 2022 • 0 new comments -
Java: Add Import.getATypeImport
#4119 commented on
Sep 20, 2022 • 0 new comments -
QL: detect unqueryable code
#8454 commented on
Sep 20, 2022 • 0 new comments -
Add a test file
#9967 commented on
Sep 23, 2022 • 0 new comments -
Ruby: Model Activestorage
#10090 commented on
Sep 20, 2022 • 0 new comments -
Python: New call-graph based on type-trackers [still WIP]
#10148 commented on
Sep 23, 2022 • 0 new comments -
Ruby: Model ActionView
#10316 commented on
Sep 20, 2022 • 0 new comments -
Ruby: Treat ActiveRecord::Base.create as a model instantiation
#10338 commented on
Sep 20, 2022 • 0 new comments