github / codeql Public

28 Pull requests merged by 21 people

• JS: [Internal only] Rename ATM query pack for consistency with other packs

  #6958 merged Oct 25, 2021

• Automatically label Ruby PRs

  #6954 merged Oct 25, 2021

• Python: Add missing `pragma[noinline]`

  #6941 merged Oct 25, 2021

• JS: Skip files with unsupported file encoding

  #6924 merged Oct 25, 2021

• Ruby: remove VS Code workspace

  #6951 merged Oct 25, 2021

• Update tracing-subscriber requirement from 0.2 to 0.3 in /ruby/extractor

  #6944 merged Oct 25, 2021

• Update tracing-subscriber requirement from 0.2 to 0.3 in /ruby/generator

  #6943 merged Oct 25, 2021

• Update CSV framework coverage reports

  #6938 merged Oct 25, 2021

• Java: Replace @type with more specific types

  #6921 merged Oct 25, 2021

• Merge codeql-ruby into codeql

  #6942 merged Oct 25, 2021

• C#: Improve join-order in `defaultDelegateConversion`

  #6936 merged Oct 22, 2021

• Docs: Updates for Ruby support

  #6887 merged Oct 22, 2021

• JS: [Internal only] Add experimental libraries and queries for adaptive threat modeling

  #6907 merged Oct 22, 2021

• [Java] JDK Collection lambda models

  #6917 merged Oct 22, 2021

• Python: Improve SARIF severity level reporting of extractor diagnostics

  #6928 merged Oct 21, 2021

• Language reference: Fix when trailing commas are allowed

  #6896 merged Oct 20, 2021

• Mention default JavaScript Autobuilder excludes

  #6929 merged Oct 20, 2021

• C++: Use set literals (more).

  #6926 merged Oct 20, 2021

• Data flow: Rework `SummarizedCallable::clearsContent/2`

  #6777 merged Oct 20, 2021

• Ruby documentation

  #6860 merged Oct 20, 2021

• Introduce foldable region in CSV coverage PR comments

  #6914 merged Oct 20, 2021

• [Java] CWE-552: Unsafe url forward

  #6240 merged Oct 19, 2021

• C++: Fix unbound variables in PrivateCleartextWrite.qll.

  #6916 merged Oct 19, 2021

• C#: Remove cartesian product in stubbing (GeneratedType::getStub)

  #6913 merged Oct 19, 2021

• Java: Factor out string prefix logic

  #6859 merged Oct 19, 2021

• Java: Fix bad join-order.

  #6912 merged Oct 19, 2021

• Python SignatureOverriddenMethod: Rmv duplicate condition

  #6899 merged Oct 19, 2021

• Java: Add `MemberRefExpr.getReceiverType()`

  #6900 merged Oct 19, 2021

16 Pull requests opened by 11 people

• C++: Fix the two null termination queries and re-enable them.

  #6915 opened Oct 19, 2021

• Java: CWE-470 - Queries to detect Fragment Injection in Android applications

  #6923 opened Oct 20, 2021

• Data flow: Restrict derived flow summaries

  #6931 opened Oct 21, 2021

• Dataflow: Add support for call context restrictions on sources/sinks.

  #6932 opened Oct 21, 2021

• Use the new instanceof syntax everywhere

  #6934 opened Oct 21, 2021

• Java: CWE-347 Query for detecting Signature Exclusion Attack with SAML assertion

  #6935 opened Oct 22, 2021

• Fix version number in language reference

  #6939 opened Oct 23, 2021

• CPP: Add query for CWE-377 Insecure Temporary File

  #6947 opened Oct 25, 2021

• CPP: Add query for CWE-243 Creation of chroot Jail Without Changing Working Directory

  #6948 opened Oct 25, 2021

• CPP: Add query for CWE-266 Incorrect Privilege Assignment

  #6949 opened Oct 25, 2021

• CPP: Add query for CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

  #6950 opened Oct 25, 2021

• Add Ruby to generate-code-scanning-query-list.py and make the script faster

  #6952 opened Oct 25, 2021

• Codeql ruby 3.3

  #6955 opened Oct 25, 2021

• Java: Make a test output a bit more readable

  #6959 opened Oct 25, 2021

• use set literal instead of big disjunction of literals

  #6960 opened Oct 25, 2021

• C#: Fix join order in `inDefDominanceFrontier`

  #6961 opened Oct 25, 2021

5 Issues closed by 6 people

• Error when trying to analyze Go db

  #6956 closed Oct 25, 2021

• LGTM.com - false positive

  #6940 closed Oct 25, 2021

• Can someone explain what isAdditionalTaintStep means?

  #6729 closed Oct 22, 2021

• Expected at least 2 columns.

  #6930 closed Oct 21, 2021

• Allow filtering by partial matches or regex for query tags in CodeQL query suites

  #6919 closed Oct 19, 2021

5 Issues opened by 5 people

• Does CodeQL support dotNet 5.0?

  #6957 opened Oct 25, 2021

• LGTM.com - false positive - Unnecessary deletion of local variable

  #6953 opened Oct 25, 2021

• Java:ecj is disabled for create a java database

  #6933 opened Oct 21, 2021

• LGTM.com - false positive

  #6927 opened Oct 20, 2021

• Javascript: How can I filter some dataflow results?

  #6920 opened Oct 20, 2021

20 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• Java: Initial CSV model generator

  #6664 commented on Oct 25, 2021 • 18 new comments

• Java: Promote android sensitive broadcast query

  #6599 commented on Oct 25, 2021 • 17 new comments

• Java: Simple support for Ratpack HTTP Framework

  #4991 commented on Oct 25, 2021 • 11 new comments

• [Javascript] CWE-348: Client supplied ip used in security check

  #6864 commented on Oct 25, 2021 • 9 new comments

• Python: Model `asyncpg`

  #6776 commented on Oct 25, 2021 • 6 new comments

• Why is src.zip not generated?

  #6875 commented on Oct 21, 2021 • 2 new comments

• Java: Additional hardcoded credentials candidates 3rd-party api calls

  #6716 commented on Oct 23, 2021 • 2 new comments

• C# : Add query to detect SSRF

  #5110 commented on Oct 21, 2021 • 1 new comment

• Python : Add Flask sinks for path injection query

  #6330 commented on Oct 25, 2021 • 1 new comment

• Java: CWE-927 - Query to detect the use of implicit PendingIntents

  #6779 commented on Oct 19, 2021 • 1 new comment

• Android: Add models for `android.app.Notification` builders

  #6823 commented on Oct 19, 2021 • 1 new comment

• Python: Type tracker changes

  #6858 commented on Oct 25, 2021 • 1 new comment

• Java data flow: Identify side effects on captured variable in lambda callback.

  #6906 commented on Oct 19, 2021 • 0 new comments

• LGTM.com - false positive (captured variable)

  #6457 commented on Oct 21, 2021 • 0 new comments

• Java : Add SSTI query

  #5935 commented on Oct 21, 2021 • 0 new comments

• Data flow: Prevent "fluent summary flow" when it will result in a flow loop

  #6780 commented on Oct 20, 2021 • 0 new comments

• Python: Model FastAPI

  #6782 commented on Oct 25, 2021 • 0 new comments

• Data flow: Support hidden parameter/return nodes in `subpaths` predicate

  #6824 commented on Oct 20, 2021 • 0 new comments

• C++: Redesign IR dataflow using the shared SSA library

  #6825 commented on Oct 25, 2021 • 0 new comments

• JS: add explicit this to all member calls

  #6873 commented on Oct 25, 2021 • 0 new comments