Insights: github/codeql
Overview
Could not load contribution data
Please try again later
39 Pull requests merged by 22 people
-
GO - Add sink for libxml2 in go/xml/xpath-injection via XPath.qll
#15181 merged
Dec 24, 2023 -
Merge `rc/3.12` into `main`
#15189 merged
Dec 22, 2023 -
Java: Generalize MaybeBrokenCryptoAlgorithmQuery.qll
#15192 merged
Dec 22, 2023 -
Java: Fix minor error in `java/potentially-weak-cryptographic-algorithm`
#15183 merged
Dec 22, 2023 -
C++: Ensure that only one `Function` exists for every function
#12125 merged
Dec 22, 2023 -
C++: Show base variable in SSA variable `toString`s
#15191 merged
Dec 22, 2023 -
Add buildless tests
#15127 merged
Dec 22, 2023 -
Java: Insecure Loading of Class in Android App without Package Signature Checking
#14752 merged
Dec 22, 2023 -
Swift: separate installation of dependencies and autobuilding
#15116 merged
Dec 21, 2023 -
C++: Show indirections when printing SSA variables
#15185 merged
Dec 21, 2023 -
Update CSV framework coverage reports
#15182 merged
Dec 21, 2023 -
Update system requirements for ruby
#15164 merged
Dec 20, 2023 -
Python: Basic implementation of variable capture
#14944 merged
Dec 20, 2023 -
C#: Mention more XSS sanitisation options in query help.
#15160 merged
Dec 20, 2023 -
Java: Update MaD Declarations after Triage
#14646 merged
Dec 20, 2023 -
Java: Update MaD Declarations after Triage
#14580 merged
Dec 20, 2023 -
Python: Add scope entry definition nodes
#15166 merged
Dec 20, 2023 -
C++: Remove unneeded extractor option
#15173 merged
Dec 20, 2023 -
C#: Fix working directory structures in standalone
#15156 merged
Dec 20, 2023 -
CPP: Add query for detecting invalid uses of temporary unique pointers.
#15078 merged
Dec 20, 2023 -
C#: Classify test support files in model editor queries
#15159 merged
Dec 20, 2023 -
C#: Replace more hand written stubs with generated ones.
#15154 merged
Dec 20, 2023 -
Fix sphinx.add_lexer.
#15112 merged
Dec 19, 2023 -
Post-release preparation for codeql-cli-2.15.5
#15153 merged
Dec 19, 2023 -
Java: Add the `Map#replace` and `Map#replaceAll` methods to `MapMutator` in `Maps.qll`
#15126 merged
Dec 19, 2023 -
C++: Update test after extractor changes
#15146 merged
Dec 19, 2023 -
C++: Fix unnecessary evaluation of debug strings
#15152 merged
Dec 19, 2023 -
Python: update to new API update is in a comment, so compilation never failed in CI.
#15101 merged
Dec 19, 2023 -
Release preparation for version 2.15.5
#15141 merged
Dec 18, 2023 -
Python: Remove `@tags meta` from internal debug queries
#15104 merged
Dec 18, 2023 -
Python: Adopt shared type tracking library
#14848 merged
Dec 18, 2023 -
C++: Fix joins in `cpp/use-after-free`
#15136 merged
Dec 18, 2023 -
TESTING IGNORE Release preparation for version 2.92.0
#15137 merged
Dec 18, 2023 -
C#: Add telemetry query to report extractor information
#15124 merged
Dec 18, 2023 -
C#: Exclude not existing or problematic files from standalone extraction
#15131 merged
Dec 18, 2023 -
Swift: do not trace codesign binary
#15134 merged
Dec 18, 2023 -
C++: Fix joins in `isModifiableAtImpl`
#15132 merged
Dec 18, 2023 -
Bazel/CMake: use bazelisk to use correct bazel version
#15135 merged
Dec 18, 2023
23 Pull requests opened by 13 people
-
Data flow: prune context-sensitivity relations
#15140 opened
Dec 18, 2023 -
Bump golang.org/x/crypto from 0.12.0 to 0.17.0 in /go/ql/test/experimental/CWE-347
#15147 opened
Dec 18, 2023 -
Bump golang.org/x/crypto from 0.12.0 to 0.17.0 in /go/ql/test/experimental/CWE-321-V2
#15148 opened
Dec 18, 2023 -
Bump golang.org/x/crypto from 0.12.0 to 0.17.0 in /go/ql/test/library-tests/semmle/go/frameworks/Afero
#15149 opened
Dec 18, 2023 -
Bump golang.org/x/crypto from 0.12.0 to 0.17.0 in /go/ql/test/library-tests/semmle/go/frameworks/Iris
#15150 opened
Dec 18, 2023 -
Bump golang.org/x/crypto from 0.9.0 to 0.17.0 in /go/ql/test/experimental/CWE-942
#15151 opened
Dec 19, 2023 -
Data flow: Avoid unnecessary non-linear recursion in `fwdFlowIn`
#15157 opened
Dec 19, 2023 -
Go: Stratify `CFG::succ` to avoid recursion
#15162 opened
Dec 19, 2023 -
Javascript: Regex Global Flag in Test Function
#15163 opened
Dec 19, 2023 -
ensure `publish.sh` uses the latest `automodel` release
#15165 opened
Dec 19, 2023 -
Python experiment: adding entry definitions to the basic variable capture branch
#15167 opened
Dec 19, 2023 -
C#: .NET 8 Runtime models.
#15174 opened
Dec 20, 2023 -
C#: Improve arg-param mapping logic to better handle arguments passed to `params` parameters
#15175 opened
Dec 20, 2023 -
Python: Mention more sanitisation options in py/url-redirection qhelp.
#15176 opened
Dec 20, 2023 -
C#/Java: Only generate models if there doesn't exist manual summary or neutral summary model.
#15179 opened
Dec 20, 2023 -
JS: Web Cache Deception Express
#15180 opened
Dec 20, 2023 -
Python: Add support for more URL redirect sanitisers.
#15187 opened
Dec 21, 2023 -
Java: Update MaD Declarations after Triage
#15188 opened
Dec 21, 2023 -
Add missing `override`.
#15190 opened
Dec 22, 2023 -
Golang - Server Side Template Injection
#15193 opened
Dec 22, 2023 -
C++: Global variable flow without explicit SSA definitions
#15194 opened
Dec 22, 2023 -
C++: Support attribute arguments that are expressions
#15197 opened
Dec 22, 2023
3 Issues closed by 3 people
-
C++ Function Call to Undefined Function
#9799 closed
Dec 22, 2023 -
False positive: go/incorrect-integer-conversion
#15158 closed
Dec 19, 2023
9 Issues opened by 7 people
-
Encountering a Problem with CodeQL-ruby Query during the Execution Phase of the epsilonStar Function
#15199 opened
Dec 23, 2023 -
Error in creating a new java pro database
#15198 opened
Dec 23, 2023 -
False positive CWE-117 C#
#15195 opened
Dec 22, 2023 -
IRGuardCondition failure to detect NULL condition
#15186 opened
Dec 21, 2023 -
False positive: py/url-redirection does not recognise sanitisation by checking netloc
#15178 opened
Dec 20, 2023 -
Incomplete documentation for cs/web/broad-cookie-domain
#15169 opened
Dec 19, 2023 -
False positive: cs/web/broad-cookie-domain for Domain = null or ""
#15168 opened
Dec 19, 2023 -
C#: Missing modelling of Newtonsoft.Json StringEscapeHandling
#15155 opened
Dec 19, 2023 -
Exit status -1073741515 when doing ruby analysis on Windows 2019
#15139 opened
Dec 18, 2023
15 Unresolved conversations
Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.
-
[Feature branch] JS: Migrate to shared dataflow library
#14412 commented on
Dec 22, 2023 • 12 new comments -
32 cpp string concatenation library
#14954 commented on
Dec 20, 2023 • 11 new comments -
Swift: implement type pruning for dataflow
#14592 commented on
Dec 22, 2023 • 5 new comments -
JS: Add `dot.js` support
#13624 commented on
Dec 20, 2023 • 3 new comments -
Ruby: Add Insecure Randomness Query
#14554 commented on
Dec 20, 2023 • 3 new comments -
Java: Environment variable injection query
#14724 commented on
Dec 21, 2023 • 3 new comments -
Go: new query for detect DOS vulnerability
#15130 commented on
Dec 19, 2023 • 3 new comments -
Go: Decompression Bombs
#13553 commented on
Dec 19, 2023 • 2 new comments -
JS: Add Permissive CORS query (CWE-942)
#14342 commented on
Dec 22, 2023 • 2 new comments -
Python: Automated subclass models
#15044 commented on
Dec 19, 2023 • 2 new comments -
Web Cache Deception Vulnerability on Go Frameworks
#15057 commented on
Dec 19, 2023 • 2 new comments -
[Java] Add Unicode Bypass Validation query, test and help file
#12995 commented on
Dec 19, 2023 • 1 new comment -
Go: fasthttp
#14123 commented on
Dec 23, 2023 • 1 new comment -
Java: Add more sinks to the Insecure Randomness query
#14681 commented on
Dec 19, 2023 • 1 new comment -
Swift: Query for Use of an inappropriate cryptographic hashing algorithm on passwords
#15122 commented on
Dec 20, 2023 • 1 new comment