-
Notifications
You must be signed in to change notification settings - Fork 1.5k
Insights: github/codeql
Overview
Could not load contribution data
Please try again later
26 Pull requests merged by 15 people
-
Java: Add comments about use of sink kind
regex-use
#17053 merged
Jul 24, 2024 -
C++: Avoid expensive negation
#17057 merged
Jul 24, 2024 -
Java: Update
Annotation
predicate examples in language guide#17026 merged
Jul 24, 2024 -
C++: Fix false positives in cpp/incorrectly-checked-scanf
#17054 merged
Jul 24, 2024 -
C++: More tests for cpp/use-after-free
#17055 merged
Jul 24, 2024 -
C++: Support destroying deletes
#17050 merged
Jul 24, 2024 -
Java: Move SensitiveLoggerConfig source to extensible format
#17036 merged
Jul 23, 2024 -
Post-release preparation for codeql-cli-2.18.1
#17041 merged
Jul 23, 2024 -
C++: Fix issue with cpp/suspicious-allocation-size
#17037 merged
Jul 23, 2024 -
C++: Fix issue with cpp/incorrect-allocation-error-handling
#17035 merged
Jul 23, 2024 -
C++: Add
UsingEnumDeclarationEntry
changenote.#17047 merged
Jul 23, 2024 -
Docs: Document preference for American English in change notes.
#17048 merged
Jul 23, 2024 -
Java: make a separate threat model kind for reverse DNS sources
#16760 merged
Jul 23, 2024 -
C++: Support
using enum
declarations.#17006 merged
Jul 23, 2024 -
Release preparation for version 2.18.1
#17040 merged
Jul 22, 2024 -
Revert "Release preparation for version 2.18.1"
#17039 merged
Jul 22, 2024 -
Add models for the
lastaflute
framework#16993 merged
Jul 22, 2024 -
Release preparation for version 2.18.1
#17032 merged
Jul 22, 2024 -
Update CSV framework coverage reports
#17024 merged
Jul 20, 2024 -
Swift: Use shared library for sensitive private information heuristics
#16570 merged
Jul 19, 2024 -
Integration tests: port to pytest.
#17015 merged
Jul 19, 2024 -
Go: convert models for websocket readers as remote flow sources to models-as-data
#17012 merged
Jul 19, 2024 -
Go: Output stdout/stderr for
go version
if something goes wrong#17016 merged
Jul 18, 2024 -
pkg.bzl: Disable remote caching of zipmerge steps.
#17010 merged
Jul 18, 2024 -
Java: Add test for autobuild with maven-enforcer
#17013 merged
Jul 18, 2024 -
Java: Tag
java/non-https-url
with CWE-345 ("Insufficient Verification of Data Authenticity")#16958 merged
Jul 18, 2024
20 Pull requests opened by 13 people
-
Shared: Add support for provenance pretty-printing as a qltest postprocess step.
#17011 opened
Jul 18, 2024 -
Go: Add support for provenance pretty-printing as a qltest postprocess step
#17014 opened
Jul 18, 2024 -
Add autofix reminder
#17017 opened
Jul 18, 2024 -
Java: JWT decoding without verification [smowton fork]
#17020 opened
Jul 19, 2024 -
Java: add apache-ant `Property` path injection sinks
#17023 opened
Jul 19, 2024 -
Java: add TaintInheritingContent for URL synthetic fields
#17025 opened
Jul 21, 2024 -
C++: Improve query doc advice for using encryption
#17028 opened
Jul 22, 2024 -
Dataflow: Add provenance to StagePathGraph.
#17029 opened
Jul 22, 2024 -
Python: remove the imprecise container taint steps
#17030 opened
Jul 22, 2024 -
C++: Add more alias and side effect models
#17034 opened
Jul 22, 2024 -
Update CSV framework coverage reports
#17042 opened
Jul 23, 2024 -
Dataflow: Fix bug causing spurious flow for FeatureHasSinkCallContext
#17049 opened
Jul 23, 2024 -
C++: Speed up alias analysis
#17056 opened
Jul 23, 2024 -
Go: Support Go 1.23
#17058 opened
Jul 24, 2024 -
Update unified changelog for 2.17.6 and 2.18.0
#17060 opened
Jul 24, 2024 -
C++: Speed up alias analysis
#17062 opened
Jul 24, 2024 -
Swift: Minor fixes
#17064 opened
Jul 24, 2024 -
Java: integration tests with proxy server
#17065 opened
Jul 24, 2024 -
Java: 17052 do not expose error message
#17066 opened
Jul 24, 2024
9 Issues closed by 6 people
-
Help setting up the local repo so I can make and test changes to the open source shared queries
#17061 closed
Jul 24, 2024 -
Migrating to new dataflow API causes missing results for my query
#17044 closed
Jul 24, 2024 -
Including the external files in database create
#17027 closed
Jul 23, 2024 -
Issue while running scan on Java project
#17046 closed
Jul 23, 2024 -
Error running query: Webview is disposed in CodeQL with Java Extension Pack
#16889 closed
Jul 22, 2024 -
Caching related doubts
#17004 closed
Jul 19, 2024 -
General issue
#17018 closed
Jul 19, 2024 -
Warning: "constexpr" is not valid here
#16995 closed
Jul 18, 2024
7 Issues opened by 5 people
-
VSCode extension AST viewer tab not showing AST for some files.
#17068 opened
Jul 25, 2024 -
False positive: Java: stack-trace-exposure
#17052 opened
Jul 23, 2024 -
taint tracking didn't connect
#17045 opened
Jul 23, 2024 -
Confused about the query time
#17022 opened
Jul 19, 2024 -
Python: Local/Global dataflow analysis not tracing class field?
#17021 opened
Jul 19, 2024 -
Python: Why global dataflow not tracking `endpoints` in function `Service.start()`?
#17019 opened
Jul 19, 2024
28 Unresolved conversations
Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.
-
Python: Promote the insecure cookie query from experimental
#16933 commented on
Jul 24, 2024 • 7 new comments -
Python: Modelling of the Standard Library
#16840 commented on
Jul 23, 2024 • 6 new comments -
C++: Alias analysis follow-up to #16907
#16981 commented on
Jul 24, 2024 • 4 new comments -
C#/Java/Go: Neutrals are split into separate classes.
#17007 commented on
Jul 20, 2024 • 1 new comment -
C#: Adopt shared SSA data-flow integration
#16936 commented on
Jul 19, 2024 • 1 new comment -
Java: Decompression Bombs
#13555 commented on
Jul 19, 2024 • 1 new comment -
Javascript: Add environment variables to allow specifying memory sizes
#16803 commented on
Jul 24, 2024 • 1 new comment -
Ruby: Add get_response for Net::HTTP
#17002 commented on
Jul 23, 2024 • 0 new comments -
C++: Update attributes test output
#16947 commented on
Jul 24, 2024 • 0 new comments -
Ruby: Adopt shared SSA data-flow integration
#16937 commented on
Jul 19, 2024 • 0 new comments -
Python: Promote cookie injection query from experimental
#16893 commented on
Jul 24, 2024 • 0 new comments -
C#: Update .NET 8 Runtime models.
#16872 commented on
Jul 19, 2024 • 0 new comments -
C++/Java/C# Shared Range Analysis: BigInt rewrite experiment
#16864 commented on
Jul 19, 2024 • 0 new comments -
C#: Add query for insecure certificate validation
#16824 commented on
Jul 25, 2024 • 0 new comments -
C#: Restrict multi-body dataflow dispatch based on file-system distance
#16817 commented on
Jul 19, 2024 • 0 new comments -
WIP: Python: CORS Bypass
#16814 commented on
Jul 23, 2024 • 0 new comments -
WIP: Go: CORS Bypass due to incorrect checks
#16813 commented on
Jul 18, 2024 • 0 new comments -
Align Ruby NonConstantKernelOpen.ql Severity
#16807 commented on
Jul 23, 2024 • 0 new comments -
Add `rb/weak-sensitive-data-hashing` query port
#16781 commented on
Jul 23, 2024 • 0 new comments -
Java: JWT decoding without verification
#14089 commented on
Jul 19, 2024 • 0 new comments -
Secure Java RSA Crypto Not Recognized By CodeQL
#12390 commented on
Jul 24, 2024 • 0 new comments -
C++ extractor giving multiple compilation errors when trying to compile the linux kernel
#16908 commented on
Jul 23, 2024 • 0 new comments -
In sa_make_variable_label: Parameter has no associated parameter type.
#16997 commented on
Jul 19, 2024 • 0 new comments -
No entity set found for seq 0
#16996 commented on
Jul 19, 2024 • 0 new comments -
Parameterized codeql queries
#17005 commented on
Jul 19, 2024 • 0 new comments -
CodeQL configuration steps for Windows driver testing is giving an error
#16837 commented on
Jul 19, 2024 • 0 new comments -
False positive "Uncontrolled data used in path expression" in C code
#16983 commented on
Jul 18, 2024 • 0 new comments -
error: expression preceding parentheses of apparent call must have (pointer-to-) function type
#17009 commented on
Jul 18, 2024 • 0 new comments