-
Notifications
You must be signed in to change notification settings - Fork 1.5k
Insights: github/codeql
Overview
Could not load contribution data
Please try again later
34 Pull requests merged by 20 people
-
Update CSV framework coverage reports
#16974 merged
Jul 14, 2024 -
Update CSV framework coverage reports
#16967 merged
Jul 13, 2024 -
Java: add path-injection sink for
hudson.FilePath.exists()
#16965 merged
Jul 13, 2024 -
Python: Handle diagnostics writing for
BuiltinModuleExtractable
#16940 merged
Jul 12, 2024 -
SSA: Reduce caching in data-flow integration layer
#16966 merged
Jul 12, 2024 -
C#: Order syntax trees before creating compilation
#16968 merged
Jul 12, 2024 -
C++: Strip specifiers and typedefs when finding iterator parameter for string taint function
#16969 merged
Jul 12, 2024 -
C++: Assorted minor doc improvements
#16939 merged
Jul 11, 2024 -
C++: Test C++20 implicit array sizes.
#16956 merged
Jul 11, 2024 -
Swift: Add GA change note.
#16962 merged
Jul 11, 2024 -
SSA: Make barrier guards a parameterized module
#16952 merged
Jul 11, 2024 -
Python : Arbitrary code execution due to Js2Py
#16771 merged
Jul 11, 2024 -
Python: Model CookieWrites from HeaderWrites
#16696 merged
Jul 11, 2024 -
Remove CI workaround for
DatabaseQualityDiagnostics.ql
#16954 merged
Jul 11, 2024 -
Java/Kotlin: Remove legacy $SEMMLE_DIST support
#16899 merged
Jul 11, 2024 -
JS/TS: insecure Helmet middleware (new query)
#16540 merged
Jul 11, 2024 -
Go: Allow grouping import paths for models-as-data
#16941 merged
Jul 11, 2024 -
C++: Support more builtin operations
#16951 merged
Jul 11, 2024 -
Go: Add environment variable to include
vendor
directories in extraction#16925 merged
Jul 11, 2024 -
C#: Perform fewer
regexpCapture
s when matching version numbers#16946 merged
Jul 11, 2024 -
C#: Restore Windows dependencies when Windows Forms or WPF usage is detected
#16924 merged
Jul 11, 2024 -
C#: Order files in buildless extraction
#16945 merged
Jul 10, 2024 -
SSA: Add data flow integration layer
#16884 merged
Jul 10, 2024 -
C++: Add
cpp/iterator-to-expired-container
FP#16935 merged
Jul 9, 2024 -
C++: Fix
cpp/iterator-to-expired-container
FPs#16915 merged
Jul 9, 2024 -
C++: Promote
cpp/unsafe-strncat
to Code Scanning#16930 merged
Jul 8, 2024 -
C++: Add 'cpp/unsafe-strncat' FPs
#16929 merged
Jul 8, 2024 -
Install script: Windows-compatible cleanup path.
#16928 merged
Jul 8, 2024 -
Go: fix
clear
sanitizer#16931 merged
Jul 8, 2024 -
Post-release preparation for codeql-cli-2.18.0
#16926 merged
Jul 8, 2024 -
Kotlin: make wrapper cache downloaded zips
#16922 merged
Jul 8, 2024 -
Release preparation for version 2.18.0
#16921 merged
Jul 8, 2024 -
Java: add diagnostic query indicating low database quality
#16810 merged
Jul 8, 2024
21 Pull requests opened by 15 people
-
Bump the extractor-dependencies group across 1 directory with 2 updates
#16916 opened
Jul 8, 2024 -
Python: Add test for impossible isinstance flow
#16923 opened
Jul 8, 2024 -
Go: Refactor test workflows
#16927 opened
Jul 8, 2024 -
Kotlin: Add 2.0.20 support
#16932 opened
Jul 8, 2024 -
[Draft] Python: Promote the insecure cookie query from experimental
#16933 opened
Jul 8, 2024 -
Swift: fix to install git-lfs in codespace without write access to `codeql.git`
#16934 opened
Jul 9, 2024 -
C#: Adopt shared SSA data-flow integration
#16936 opened
Jul 9, 2024 -
Ruby: Adopt shared SSA data-flow integration
#16937 opened
Jul 9, 2024 -
C#: Do not skip extraction of already seen source files
#16938 opened
Jul 9, 2024 -
Missing cross-site request forgery token validation query (experimental)
#16942 opened
Jul 9, 2024 -
C++: Update attributes test output
#16947 opened
Jul 10, 2024 -
Kotlin: Kotlin support is now out of beta, and generally available
#16955 opened
Jul 11, 2024 -
WIP: Change autobuild to run binlog extraction
#16957 opened
Jul 11, 2024 -
Java: Tag `java/non-https-url` with CWE-345 ("Insufficient Verification of Data Authenticity")
#16958 opened
Jul 11, 2024 -
C++: Promote `cp/iterator-to-expired-container` to Code Scanning
#16959 opened
Jul 11, 2024 -
Go: Convert fasthttp sources to MaD
#16960 opened
Jul 11, 2024 -
Go: Convert go-restful, Gin and Mux sources to MaD
#16963 opened
Jul 11, 2024 -
Java: add `IOUtils.toByteArray(InputStream)` summary
#16964 opened
Jul 11, 2024 -
Data flow: Compute local big step relation per stage
#16970 opened
Jul 12, 2024 -
Python: Add MaD support for DictionaryElement/DictionaryElementAny for sources
#16971 opened
Jul 12, 2024 -
C++: Update tests to reflect on-demand indexing of special member functions.
#16972 opened
Jul 12, 2024
11 Issues closed by 7 people
-
[CLI] `query format` should keep set literal elements on separate lines
#16880 closed
Jul 12, 2024 -
Running multiple queries concurrently
#16950 closed
Jul 12, 2024 -
Python global dataflow analysis do not track @classmethod correctly.
#16953 closed
Jul 11, 2024 -
SARIF: Backslash in query message is not escaped
#15245 closed
Jul 11, 2024 -
Java: Run Database analyze and throw the Error of DatabaseQualityDiagnostics.ql
#16944 closed
Jul 11, 2024 -
Extractor exiting with code 1 ("Warning[extractor-c++]: In index_expr_node: Unknown expr kind 30.")
#16854 closed
Jul 9, 2024 -
False positives
#16917 closed
Jul 8, 2024 -
General issue
#16919 closed
Jul 8, 2024 -
**Description of the false positive**
#16918 closed
Jul 8, 2024
6 Issues opened by 5 people
-
False positive: Mistaking Username as password if they are set in the same tuple
#16976 opened
Jul 14, 2024 -
Python: How to find type information for a specific variable or object
#16961 opened
Jul 11, 2024 -
False positive - Java - Server-side request forgery - When type converted to `File`
#16949 opened
Jul 10, 2024 -
Error: Comamnd failed: df -Pk when using macos-14 runners (macos-latest)
#16948 opened
Jul 10, 2024 -
False positive: Ruby: Kernel Open when File existence guard is present
#16943 opened
Jul 9, 2024 -
Control Flow Analysis Visualization: Result generated by CodeQL can not understand well by human
#16920 opened
Jul 8, 2024
27 Unresolved conversations
Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.
-
Java: Decompression Bombs
#13555 commented on
Jul 13, 2024 • 15 new comments -
Java: Adopt shared SSA library
#16900 commented on
Jul 12, 2024 • 11 new comments -
Java: new path injection sinks
#16708 commented on
Jul 13, 2024 • 8 new comments -
Python: Modelling of the Standard Library
#16840 commented on
Jul 12, 2024 • 7 new comments -
WIP: Go: CORS Bypass due to incorrect checks
#16813 commented on
Jul 11, 2024 • 4 new comments -
Java: make a separate threat model kind for reverse DNS sources
#16760 commented on
Jul 9, 2024 • 4 new comments -
JS: Extends CredentialsNode class mostly related to JWT authentication packages
#14666 commented on
Jul 14, 2024 • 3 new comments -
java inline expectations proof-of-concept with tests
#16911 commented on
Jul 8, 2024 • 3 new comments -
Java: Improve Android app detection
#16914 commented on
Jul 13, 2024 • 3 new comments -
[Feature branch] JS: Migrate to shared dataflow library
#14412 commented on
Jul 8, 2024 • 2 new comments -
C#: Narrow source model generation.
#16873 commented on
Jul 11, 2024 • 1 new comment -
Javascript: Add environment variables to allow specifying memory sizes
#16803 commented on
Jul 11, 2024 • 1 new comment -
Go: Convert chi echo and elazarl sources to MaD
#16856 commented on
Jul 14, 2024 • 0 new comments -
C++: Add a new `MemoryLocation` to represent sets of `Allocation`s
#16907 commented on
Jul 8, 2024 • 0 new comments -
C#: Restrict multi-body dataflow dispatch based on file-system distance
#16817 commented on
Jul 12, 2024 • 0 new comments -
Bump the extractor-dependencies group across 1 directory with 2 updates
#16909 commented on
Jul 12, 2024 • 0 new comments -
WIP: Python: CORS Bypass
#16814 commented on
Jul 11, 2024 • 0 new comments -
Bump the extractor-dependencies group in /go/extractor with 2 updates
#16750 commented on
Jul 12, 2024 • 0 new comments -
Swift: Remove beta label
#16502 commented on
Jul 12, 2024 • 0 new comments -
Java: JWT decoding without verification
#14089 commented on
Jul 13, 2024 • 0 new comments -
C++: Decompression Bombs
#13560 commented on
Jul 14, 2024 • 0 new comments -
CodeQL run time increased from mins to hours
#16448 commented on
Jul 12, 2024 • 0 new comments -
Using binary logs to significantly increase CodeQL analysis performance for C#
#16346 commented on
Jul 12, 2024 • 0 new comments -
Don't divide CODEQL_RAM in half
#16780 commented on
Jul 11, 2024 • 0 new comments -
How to get each Node in the dataflow paths with PathGraph
#16881 commented on
Jul 9, 2024 • 0 new comments -
Python: False positive caused by impossible `isinstance` check
#16912 commented on
Jul 8, 2024 • 0 new comments -
C++ extractor giving multiple compilation errors when trying to compile the linux kernel
#16908 commented on
Jul 8, 2024 • 0 new comments