Insights: github/codeql
Overview
Could not load contribution data
Please try again later
56 Pull requests merged by 21 people
-
C++/Swift: Rewrite inline expectation tests to use the parameterized module
#13269 merged
May 24, 2023 -
C++: Add `cpp/invalid-pointer-deref` FP test case
#13271 merged
May 24, 2023 -
Docs: Late inlining now supported for member predicates
#13274 merged
May 24, 2023 -
Swift: make only certain elements hideable in the AST
#13249 merged
May 24, 2023 -
Ruby: Include both `self` parameters and SSA definitions in call graph construction
#13251 merged
May 24, 2023 -
Ruby: fix some name clashes between summarized callables
#13265 merged
May 24, 2023 -
Fix "Introducing the JavaScript libraries" query12.qll and add test case
#13176 merged
May 24, 2023 -
Java: Tweak java.nio.file.Files.copy models
#13248 merged
May 24, 2023 -
C++: Modernize `PrintIR` for local dataflow
#13266 merged
May 24, 2023 -
C#: Entity framework. Convert DbSet summaries to MaD models.
#13085 merged
May 24, 2023 -
Ruby: Include underlying SSA parameter definition in `localFlowSsaParamCaptureInput`
#13255 merged
May 24, 2023 -
Add forgotten classes related to the legacy `InlineExpectationsTest`class
#13261 merged
May 24, 2023 -
C++: Promote the product-dataflow library out of experimental
#13244 merged
May 23, 2023 -
C++: Fix more pointer/pointee conflation
#13246 merged
May 23, 2023 -
JS/Ruby/QL/Python: sync dbscheme fragments
#13154 merged
May 23, 2023 -
C++: Rewrite flow test common to use inline expectation test module
#13260 merged
May 23, 2023 -
move section on signatures in the QL specification
#13264 merged
May 23, 2023 -
update QL specification on annotations for parameterised modules
#13263 merged
May 23, 2023 -
Java: Add constraint to `HostnameSanitizingPrefix` to prevent false negatives in SSRF queries
#13097 merged
May 23, 2023 -
Hotfix: Go: exclude method receivers from dead-store-of-field query
#13257 merged
May 23, 2023 -
Swift: remove unneeded properties from `InterpolatedStringLiteralExpr`
#13238 merged
May 23, 2023 -
Swift: Make the cleartext logging query consistent with other cleartext-* queries.
#13163 merged
May 23, 2023 -
Turn inline expectation test into a parameterized module
#12789 merged
May 23, 2023 -
Swift: Add EnumDecl.getEnumElement(_)
#13213 merged
May 23, 2023 -
Java: Make inputStreamWrapper consider supertypes transitively
#13091 merged
May 23, 2023 -
C#: System.DateTime defaults.
#13202 merged
May 23, 2023 -
Hotfix: Go: count passing to a vararg function as escaping
#13250 merged
May 23, 2023 -
Swift: trigger workflow on `codeql-cli-*`
#13252 merged
May 23, 2023 -
Release preparation for version 2.13.3
#13243 merged
May 23, 2023 -
[Python] Add Unicode Bypass Validation query tests and help
#12991 merged
May 23, 2023 -
Update CSV framework coverage reports
#13245 merged
May 23, 2023 -
ReDoS: add another example to the qhelp in poly-redos, showing how to just limit the length of the input
#13164 merged
May 23, 2023 -
JS: Support sub modules
#12975 merged
May 23, 2023 -
Bump regex from 1.8.1 to 1.8.2 in /ql
#13247 merged
May 23, 2023 -
C++: Include inline namespaces in `StdNamespace`
#13234 merged
May 22, 2023 -
Ruby: Allow for flow out of callbacks passed to summarized methods in type tracking
#13233 merged
May 22, 2023 -
C++: Add `cpp/invalid-pointer-deref` false positives
#13237 merged
May 22, 2023 -
repair and update the Identifier section of the QL specification
#13236 merged
May 22, 2023 -
C++: Add FP testcase for `cpp/overrun-write`
#13229 merged
May 22, 2023 -
Swift: fix hidden AST getters
#13232 merged
May 22, 2023 -
JS: require arguments to be shell interpreted to be flagged by indirect-command-injection
#13196 merged
May 22, 2023 -
Java: Add TemplateEngine.createTemplate as a Groovy injection sink
#13230 merged
May 22, 2023 -
Ruby: Allow for flow through callbacks to summarized methods in type tracking
#13231 merged
May 22, 2023 -
Swift: Use asNominalTypeDecl more.
#13223 merged
May 19, 2023 -
add syntax for signature definitions to QL specification
#13222 merged
May 19, 2023 -
Swift: Drop support for plaintext diagnostics (and `helpLinks`).
#13224 merged
May 19, 2023 -
Swift: reword TSP diagnostics after doc team review
#13186 merged
May 19, 2023 -
Swift: Taint model for FilePath
#13221 merged
May 19, 2023 -
Update CSV framework coverage reports
#13220 merged
May 19, 2023 -
Swift: Emit diagnostics on assertion/expectation violations.
#13170 merged
May 18, 2023 -
C++: Replace `C18` with `C17` in documentation
#13218 merged
May 18, 2023 -
C++: Small cleanup of `cpp/overrun-write`
#13217 merged
May 18, 2023 -
Java: Add SQLi sinks for Spring JDBC
#13140 merged
May 18, 2023 -
C++: Fix pointer/pointee conflation
#13191 merged
May 18, 2023 -
C++: Update documentation for `TypeMention`
#13215 merged
May 18, 2023 -
C++: Use range analysis-based `hasSize` predicate in `cpp/invalid-pointer-deref`
#13203 merged
May 18, 2023
19 Pull requests opened by 13 people
-
C++: Quotient dataflow nodes by an equivalence relation
#13219 opened
May 18, 2023 -
Java: Migrate path injection sinks to models-as-data (simplified)
#13225 opened
May 19, 2023 -
C++: fix equality refinement in new range analysis
#13226 opened
May 19, 2023 -
Java: Add autogenerated models for frameworks related to Jenkins
#13227 opened
May 19, 2023 -
Java: add error message for deprecated sink kinds in `getInvalidModelKind`
#13228 opened
May 19, 2023 -
Java: Add Hudson models
#13235 opened
May 22, 2023 -
Java: Add QL support for automodel application mode
#13239 opened
May 22, 2023 -
Swift: reorganize `VarDecl` instances within `BraceStmt`
#13240 opened
May 22, 2023 -
Java: Model the Stapler framework
#13256 opened
May 23, 2023 -
Codegen: allow `synth` properties of non-`synth` classes
#13258 opened
May 23, 2023 -
Ruby: Refactor and slightly expand `ActionDispatch` modelling
#13259 opened
May 23, 2023 -
C#: Re-factor getComponent.
#13262 opened
May 23, 2023 -
C++: Promote `cpp/overrun-write` out of experimental
#13267 opened
May 23, 2023 -
Swift: add CFG and PrintAst consistency queries, enabling them in CI
#13270 opened
May 24, 2023 -
Post-release preparation for codeql-cli-2.13.3
#13272 opened
May 24, 2023 -
Dataflow: Refactor FlowSummaryImpl to synthesize nodes independently from DataFlow::Node.
#13273 opened
May 24, 2023 -
Kotlin 1.9 support
#13275 opened
May 24, 2023 -
Swift: Add path injection sinks for sqlite3 and SQLite.swift
#13276 opened
May 24, 2023 -
Swift: add consistency check and accept results for the moment
#13277 opened
May 24, 2023
5 Issues closed by 4 people
-
Go: RangeStmt declaring variables with := does not contain a DefineStmt
#13241 closed
May 23, 2023 -
Issue with decoding bqrs file to a human readable format
#13047 closed
May 19, 2023 -
CPP: TypeMention only covers mentions of user-defined types
#13214 closed
May 18, 2023 -
Kind error in /go/ql/src/Security/CWE-020/ExternalAPIsUsedWithUntrustedData.ql
#13171 closed
May 18, 2023
1 Issue opened by 1 person
-
"Finding definitions" in non-ql files
#13254 opened
May 23, 2023
25 Unresolved conversations
Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.
-
[Ruby] Add Unicode Bypass Validation query, test and help file
#12992 commented on
May 24, 2023 • 21 new comments -
Shared: Add stubs for `identify-environment` scripts
#13211 commented on
May 23, 2023 • 14 new comments -
C/C++: how to optimize function pointer tracing?
#13198 commented on
May 23, 2023 • 12 new comments -
C++: stitch paths and ignore cast arrays in constant off-by-one query
#13045 commented on
May 22, 2023 • 5 new comments -
CPP: Add query for CVE-2022-37454: Integer addition may overflow inside if statement
#12036 commented on
May 19, 2023 • 3 new comments -
Ruby: Add SQL Injection Sinks
#12832 commented on
May 24, 2023 • 3 new comments -
C#: Use synthetic global in the EntityFramework code instead of jump steps.
#13147 commented on
May 24, 2023 • 3 new comments -
Kotlin: Refactor extractTypeAccessRecursive
#13210 commented on
May 23, 2023 • 2 new comments -
[CPP][Questions]No effective API to qeury macro used in function parameter declaration
#8497 commented on
May 17, 2023 • 1 new comment -
CodeQL for unity
#11791 commented on
May 24, 2023 • 1 new comment -
Java: Refactor path injection sinks
#12886 commented on
May 19, 2023 • 1 new comment -
JS: update MaD sink kinds
#13157 commented on
May 19, 2023 • 1 new comment -
C#: update MaD sink kinds
#13158 commented on
May 22, 2023 • 1 new comment -
[Java] Add basic support for Google's Gson library
#13179 commented on
May 18, 2023 • 1 new comment -
cpp: Add basic GSSAPI memory leak query
#13189 commented on
May 17, 2023 • 1 new comment -
Java: add some neutral models discovered with heuristics
#12249 commented on
May 22, 2023 • 0 new comments -
Swift: Model Sequence.withContiguousStorageIfAvailable
#12416 commented on
May 23, 2023 • 0 new comments -
Swift: mangle types
#12433 commented on
May 24, 2023 • 0 new comments -
JS: Add support for TS 5.1
#12874 commented on
May 22, 2023 • 0 new comments -
Ruby: Remove canonical return nodes
#12964 commented on
May 24, 2023 • 0 new comments -
[Draft] [C#] Add query for missing function level access control
#13094 commented on
May 23, 2023 • 0 new comments -
ReDoS: revert new superlinear algorithm.
#13127 commented on
May 24, 2023 • 0 new comments -
ruby/python: Shared module for typetracking through flow summaries
#13178 commented on
May 22, 2023 • 0 new comments -
Swift: Adopt the shared sensitive data library
#13190 commented on
May 23, 2023 • 0 new comments -
python: Container summaries, part 2
#13209 commented on
May 24, 2023 • 0 new comments