34 Pull requests merged by 20 people

• Update CSV framework coverage reports

  #16974 merged Jul 14, 2024

• Update CSV framework coverage reports

  #16967 merged Jul 13, 2024

• Java: add path-injection sink for hudson.FilePath.exists()

  #16965 merged Jul 13, 2024

• Added detection for untrusted domains in script content - edited existing library and added new query and tests ("the Polyfill PR")

  #16886 merged Jul 12, 2024

• Python: Handle diagnostics writing for BuiltinModuleExtractable

  #16940 merged Jul 12, 2024

• SSA: Reduce caching in data-flow integration layer

  #16966 merged Jul 12, 2024

• C#: Order syntax trees before creating compilation

  #16968 merged Jul 12, 2024

• C++: Strip specifiers and typedefs when finding iterator parameter for string taint function

  #16969 merged Jul 12, 2024

• C++: Assorted minor doc improvements

  #16939 merged Jul 11, 2024

• C++: Test C++20 implicit array sizes.

  #16956 merged Jul 11, 2024

• Swift: Add GA change note.

  #16962 merged Jul 11, 2024

• SSA: Make barrier guards a parameterized module

  #16952 merged Jul 11, 2024

• Python : Arbitrary code execution due to Js2Py

  #16771 merged Jul 11, 2024

• Python: Model CookieWrites from HeaderWrites

  #16696 merged Jul 11, 2024

• Remove CI workaround for DatabaseQualityDiagnostics.ql

  #16954 merged Jul 11, 2024

• Java/Kotlin: Remove legacy $SEMMLE_DIST support

  #16899 merged Jul 11, 2024

• JS/TS: insecure Helmet middleware (new query)

  #16540 merged Jul 11, 2024

• Go: Allow grouping import paths for models-as-data

  #16941 merged Jul 11, 2024

• C++: Support more builtin operations

  #16951 merged Jul 11, 2024

• Go: Add environment variable to include vendor directories in extraction

  #16925 merged Jul 11, 2024

• C#: Perform fewer regexpCaptures when matching version numbers

  #16946 merged Jul 11, 2024

• C#: Restore Windows dependencies when Windows Forms or WPF usage is detected

  #16924 merged Jul 11, 2024

• C#: Order files in buildless extraction

  #16945 merged Jul 10, 2024

• SSA: Add data flow integration layer

  #16884 merged Jul 10, 2024

• C++: Add cpp/iterator-to-expired-container FP

  #16935 merged Jul 9, 2024

• C++: Fix cpp/iterator-to-expired-container FPs

  #16915 merged Jul 9, 2024

• C++: Promote cpp/unsafe-strncat to Code Scanning

  #16930 merged Jul 8, 2024

• C++: Add 'cpp/unsafe-strncat' FPs

  #16929 merged Jul 8, 2024

• Install script: Windows-compatible cleanup path.

  #16928 merged Jul 8, 2024

• Go: fix clear sanitizer

  #16931 merged Jul 8, 2024

• Post-release preparation for codeql-cli-2.18.0

  #16926 merged Jul 8, 2024

• Kotlin: make wrapper cache downloaded zips

  #16922 merged Jul 8, 2024

• Release preparation for version 2.18.0

  #16921 merged Jul 8, 2024

• Java: add diagnostic query indicating low database quality

  #16810 merged Jul 8, 2024

21 Pull requests opened by 15 people

• Bump the extractor-dependencies group across 1 directory with 2 updates

  #16916 opened Jul 8, 2024

• Python: Add test for impossible isinstance flow

  #16923 opened Jul 8, 2024

• Go: Refactor test workflows

  #16927 opened Jul 8, 2024

• Kotlin: Add 2.0.20 support

  #16932 opened Jul 8, 2024

• [Draft] Python: Promote the insecure cookie query from experimental

  #16933 opened Jul 8, 2024

• Swift: fix to install git-lfs in codespace without write access to `codeql.git`

  #16934 opened Jul 9, 2024

• C#: Adopt shared SSA data-flow integration

  #16936 opened Jul 9, 2024

• Ruby: Adopt shared SSA data-flow integration

  #16937 opened Jul 9, 2024

• C#: Do not skip extraction of already seen source files

  #16938 opened Jul 9, 2024

• Missing cross-site request forgery token validation query (experimental)

  #16942 opened Jul 9, 2024

• C++: Update attributes test output

  #16947 opened Jul 10, 2024

• Kotlin: Kotlin support is now out of beta, and generally available

  #16955 opened Jul 11, 2024

• WIP: Change autobuild to run binlog extraction

  #16957 opened Jul 11, 2024

• Java: Tag `java/non-https-url` with CWE-345 ("Insufficient Verification of Data Authenticity")

  #16958 opened Jul 11, 2024

• C++: Promote `cp/iterator-to-expired-container` to Code Scanning

  #16959 opened Jul 11, 2024

• Go: Convert fasthttp sources to MaD

  #16960 opened Jul 11, 2024

• Go: Convert go-restful, Gin and Mux sources to MaD

  #16963 opened Jul 11, 2024

• Java: add `IOUtils.toByteArray(InputStream)` summary

  #16964 opened Jul 11, 2024

• Data flow: Compute local big step relation per stage

  #16970 opened Jul 12, 2024

• Python: Add MaD support for DictionaryElement/DictionaryElementAny for sources

  #16971 opened Jul 12, 2024

• C++: Update tests to reflect on-demand indexing of special member functions.

  #16972 opened Jul 12, 2024

11 Issues closed by 7 people

• [CLI] `query format` should keep set literal elements on separate lines

  #16880 closed Jul 12, 2024

• Running multiple queries concurrently

  #16950 closed Jul 12, 2024

• Python global dataflow analysis do not track @classmethod correctly.

  #16953 closed Jul 11, 2024

• SARIF: Backslash in query message is not escaped

  #15245 closed Jul 11, 2024

• Java: Run Database analyze and throw the Error of DatabaseQualityDiagnostics.ql

  #16944 closed Jul 11, 2024

• Extractor terminated with exit code 1 ( error: the "ext_vector_type" attribute may appear only in a typedef)

  #16853 closed Jul 9, 2024

• Extractor exiting with code 1 ("Warning[extractor-c++]: In index_expr_node: Unknown expr kind 30.")

  #16854 closed Jul 9, 2024

• Catastrophic error ("assertion failed: cast_node: cast to class type") when compiling a CodeQL database from Chromium

  #16782 closed Jul 9, 2024

• False positives

  #16917 closed Jul 8, 2024

• General issue

  #16919 closed Jul 8, 2024

• **Description of the false positive**

  #16918 closed Jul 8, 2024

6 Issues opened by 5 people

• False positive: Mistaking Username as password if they are set in the same tuple

  #16976 opened Jul 14, 2024

• Python: How to find type information for a specific variable or object

  #16961 opened Jul 11, 2024

• False positive - Java - Server-side request forgery - When type converted to `File`

  #16949 opened Jul 10, 2024

• Error: Comamnd failed: df -Pk when using macos-14 runners (macos-latest)

  #16948 opened Jul 10, 2024

• False positive: Ruby: Kernel Open when File existence guard is present

  #16943 opened Jul 9, 2024

• Control Flow Analysis Visualization: Result generated by CodeQL can not understand well by human

  #16920 opened Jul 8, 2024

27 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• Java: Decompression Bombs

  #13555 commented on Jul 13, 2024 • 15 new comments

• Java: Adopt shared SSA library

  #16900 commented on Jul 12, 2024 • 11 new comments

• Java: new path injection sinks

  #16708 commented on Jul 13, 2024 • 8 new comments

• Python: Modelling of the Standard Library

  #16840 commented on Jul 12, 2024 • 7 new comments

• WIP: Go: CORS Bypass due to incorrect checks

  #16813 commented on Jul 11, 2024 • 4 new comments

• Java: make a separate threat model kind for reverse DNS sources

  #16760 commented on Jul 9, 2024 • 4 new comments

• JS: Extends CredentialsNode class mostly related to JWT authentication packages

  #14666 commented on Jul 14, 2024 • 3 new comments

• java inline expectations proof-of-concept with tests

  #16911 commented on Jul 8, 2024 • 3 new comments

• Java: Improve Android app detection

  #16914 commented on Jul 13, 2024 • 3 new comments

• [Feature branch] JS: Migrate to shared dataflow library

  #14412 commented on Jul 8, 2024 • 2 new comments

• C#: Narrow source model generation.

  #16873 commented on Jul 11, 2024 • 1 new comment

• Javascript: Add environment variables to allow specifying memory sizes

  #16803 commented on Jul 11, 2024 • 1 new comment

• Go: Convert chi echo and elazarl sources to MaD

  #16856 commented on Jul 14, 2024 • 0 new comments

• C++: Add a new `MemoryLocation` to represent sets of `Allocation`s

  #16907 commented on Jul 8, 2024 • 0 new comments

• C#: Restrict multi-body dataflow dispatch based on file-system distance

  #16817 commented on Jul 12, 2024 • 0 new comments

• Bump the extractor-dependencies group across 1 directory with 2 updates

  #16909 commented on Jul 12, 2024 • 0 new comments

• WIP: Python: CORS Bypass

  #16814 commented on Jul 11, 2024 • 0 new comments

• Bump the extractor-dependencies group in /go/extractor with 2 updates

  #16750 commented on Jul 12, 2024 • 0 new comments

• Swift: Remove beta label

  #16502 commented on Jul 12, 2024 • 0 new comments

• Java: JWT decoding without verification

  #14089 commented on Jul 13, 2024 • 0 new comments

• C++: Decompression Bombs

  #13560 commented on Jul 14, 2024 • 0 new comments

• CodeQL run time increased from mins to hours

  #16448 commented on Jul 12, 2024 • 0 new comments

• Using binary logs to significantly increase CodeQL analysis performance for C#

  #16346 commented on Jul 12, 2024 • 0 new comments

• Don't divide CODEQL_RAM in half

  #16780 commented on Jul 11, 2024 • 0 new comments

• How to get each Node in the dataflow paths with PathGraph

  #16881 commented on Jul 9, 2024 • 0 new comments

• Python: False positive caused by impossible `isinstance` check

  #16912 commented on Jul 8, 2024 • 0 new comments

• C++ extractor giving multiple compilation errors when trying to compile the linux kernel

  #16908 commented on Jul 8, 2024 • 0 new comments