Overview
Could not load contribution data
Please try again later
32 Pull requests merged by 19 people
-
Dataflow: Add default taint sanitizer guard
#7587 merged
Jan 13, 2022 -
Java: A few perf fixes for getASupertype*().
#7561 merged
Jan 13, 2022 -
Java: Add Spring and Apache Common Langs taint flow steps
#7548 merged
Jan 13, 2022 -
JS: DB reads as taint sources
#7474 merged
Jan 13, 2022 -
C#: Narrow string interpolation expressions to a specific single file in testcase.
#7583 merged
Jan 13, 2022 -
JS/PY/RB: support a limited number of ranges for ReDoS analysis
#7097 merged
Jan 13, 2022 -
Update CSV framework coverage reports
#7580 merged
Jan 13, 2022 -
JS: Bump ATM pack versions to 0.0.4
#7576 merged
Jan 12, 2022 -
C++: Smaller join in `reachesRefParameter`
#7566 merged
Jan 12, 2022 -
ATM: Optimize body tokens by pushing in size restriction
#7567 merged
Jan 12, 2022 -
Java: Fix toString on field declarations with single field
#7573 merged
Jan 12, 2022 -
Add models for AbstractStringBuilder.substring,subsequence,getChars
#7574 merged
Jan 12, 2022 -
Update CSV framework coverage reports
#7572 merged
Jan 12, 2022 -
C++: Fix join orders in `cpp/unsigned-difference-expression-compared-zero`
#7551 merged
Jan 12, 2022 -
C#: Record types are allowed to seal ToString (test only).
#7562 merged
Jan 12, 2022 -
Move upgrades into standard library packs
#7355 merged
Jan 11, 2022 -
C++: Use an IPA type rather than negative indexes for argument/parameter matching in data flow
#7541 merged
Jan 11, 2022 -
Java: Promote Log Injection from experimental
#7054 merged
Jan 11, 2022 -
Java: Promote Cleartext storage of sensitive information using SharedPreferences from experimental
#6468 merged
Jan 11, 2022 -
C#: Constant string interpolation (test only).
#7559 merged
Jan 11, 2022 -
Note that parameterizations of local classes are themselves local
#7552 merged
Jan 11, 2022 -
Ruby: Revert "Update clap requirement from 2.33 to 3.0 in /ruby/generator"
#7553 merged
Jan 10, 2022 -
JS: Initial models-as-data implementation
#7171 merged
Jan 10, 2022 -
C#: Promote existing ad-hoc consistency checks to consistency queries
#7469 merged
Jan 10, 2022 -
C#: Make support for file scoped namespace declarations.
#7532 merged
Jan 10, 2022 -
C++: Use Guards library in Overflow.qll
#7521 merged
Jan 9, 2022 -
Update README.md
#5893 merged
Jan 7, 2022 -
C++: Remove bad self joins in `cpp/toctou-race-condition`.
#7517 merged
Jan 7, 2022 -
C#: Refactor and cleanup LibraryTypeDataFlow
#7507 merged
Jan 7, 2022 -
Update CSV framework coverage reports
#7530 merged
Jan 7, 2022 -
C++: Remove `rank` aggregate in `SsaInternals`
#7525 merged
Jan 6, 2022 -
Solorigate: Extract to separate qlpack
#7431 merged
Jan 6, 2022
16 Pull requests opened by 13 people
-
Update license text for CodeQL CLI to reflect GHAS
#7528 opened
Jan 6, 2022 -
QL: recognize dependecies of the form: libraryPathDependencies: library-name
#7529 opened
Jan 6, 2022 -
C++: Use range analysis for maximum lengths of `%x` formats
#7543 opened
Jan 7, 2022 -
Python: Points-to performance improvements
#7549 opened
Jan 10, 2022 -
C#: Support for identifying whether a using directive is "global".
#7550 opened
Jan 10, 2022 -
Update clap requirement from 2.33 to 3.0 in /ruby/generator
#7556 opened
Jan 11, 2022 -
Add query to detect CORS misconfiguration
#7563 opened
Jan 11, 2022 -
Ruby: taint steps for pattern matches
#7568 opened
Jan 11, 2022 -
Update docs on the output of `resolve qlpacks`
#7571 opened
Jan 11, 2022 -
JS: Remove ATM `CodeToFeatures` library
#7575 opened
Jan 12, 2022 -
C#: Make support for Line span pragma
#7577 opened
Jan 12, 2022 -
C++: Store destinations should not be uses for dataflow SSA
#7578 opened
Jan 12, 2022 -
Changenotes: Add changenotes for upgrades refactoring
#7579 opened
Jan 12, 2022 -
Dataflow: Add language-specific NeedsReference predicates
#7588 opened
Jan 13, 2022 -
JS: Recognize "sql" option as a query string in MySQL
#7591 opened
Jan 13, 2022 -
C++: Fix join order in 'getConversionType4'
#7593 opened
Jan 13, 2022
6 Issues closed by 6 people
-
[Feature Request] Support Trusted Types in JavaScript queries
#7336 closed
Jan 10, 2022 -
java/dereferenced-value-may-be-null - false positive
#7538 closed
Jan 10, 2022 -
LGTM.com - false positive
#7545 closed
Jan 10, 2022 -
Incorrect message when using `\G` in CodeQL beta support for Ruby
#7001 closed
Jan 10, 2022 -
LGTM.com - false positive
#7547 closed
Jan 10, 2022 -
C/C++: LGTM.com run failed on PR but CI succeeds after changes to CMakeLists.txt
#7055 closed
Jan 6, 2022
10 Issues opened by 10 people
-
False Negative in JavaScript SQL Injection for MySQL library
#7586 opened
Jan 13, 2022 -
several source files are included in src.zip, but not in the database
#7582 opened
Jan 13, 2022 -
LGTM.com - false positive - js/prototype-polluting-assignment
#7581 opened
Jan 13, 2022 -
Got CatastrophicError in com.semmle.inmemory.trap.TrapScanner
#7557 opened
Jan 11, 2022 -
Does CodeQL understand C# file-scoped namespaces?
#7544 opened
Jan 8, 2022 -
LGTM.com - false positive go-path-injection despite using `path.Clean`
#7540 opened
Jan 7, 2022 -
java/non-null-boxed-variable - false positive
#7539 opened
Jan 7, 2022 -
Java ExceptionInInitializerError - com.sun.tools.javac.code.TypeTags
#7535 opened
Jan 7, 2022 -
no source code was seen when "codeql database create javatest -l=java -c="javac Evil.java"
#7534 opened
Jan 7, 2022 -
No alerts generated - raw results only
#7533 opened
Jan 7, 2022
24 Unresolved conversations
Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.
-
Java: CWE-552 Query to detect unsafe request dispatcher usage
#7286 commented on
Jan 12, 2022 • 27 new comments -
Dataflow: Add support for flow state
#7349 commented on
Jan 13, 2022 • 19 new comments -
Python: Add shutil module sinks for path injection query
#7455 commented on
Jan 7, 2022 • 4 new comments -
Java: Produce diffs for model generator changes
#7268 commented on
Jan 11, 2022 • 3 new comments -
Don't include arg -> param edges in PathGraph::edges where arg is not reachable
#7526 commented on
Jan 11, 2022 • 3 new comments -
LGTM.com - false positive
#7497 commented on
Jan 11, 2022 • 2 new comments -
C#: PrimaryQlClass
#7118 commented on
Jan 13, 2022 • 2 new comments -
Python: CWE-338 insecureRandomness
#7252 commented on
Jan 10, 2022 • 2 new comments -
CI: Ignore path for compiled languages
#5618 commented on
Jan 6, 2022 • 1 new comment -
LGTM.com - false positive This assignment to is useless, since its value is never read.
#6785 commented on
Jan 6, 2022 • 1 new comment -
Add certain types of indirect function calls to the C++ call graph
#7520 commented on
Jan 10, 2022 • 1 new comment -
Infinite loop when executing DataFlow queries
#7481 commented on
Jan 11, 2022 • 1 new comment -
Java: An experimental query for ignored hostname verification
#6443 commented on
Jan 9, 2022 • 1 new comment -
Java: Expand `org.apache.commons.codec` model
#6988 commented on
Jan 12, 2022 • 1 new comment -
Ruby: Add support for GraphQL
#7126 commented on
Jan 13, 2022 • 1 new comment -
Query improvement: Include IO.popen as a command execution sink in Ruby's standard library
#7483 commented on
Jan 10, 2022 • 0 new comments -
Fix order of IR call side effects
#6601 commented on
Jan 10, 2022 • 0 new comments -
Python: Basic support for match statement
#7356 commented on
Jan 12, 2022 • 0 new comments -
C++: split `cpp/overrunning-write` into two
#7386 commented on
Jan 13, 2022 • 0 new comments -
Java: Start running telemetry queries on Code Scanning
#7417 commented on
Jan 7, 2022 • 0 new comments -
Python: Add Python_JWT to JWT security query
#7452 commented on
Jan 7, 2022 • 0 new comments -
C#: Shared extraction
#7456 commented on
Jan 12, 2022 • 0 new comments -
Fix example in JavaScript query
#7489 commented on
Jan 11, 2022 • 0 new comments -
Post-release preparation for codeql-cli-2.7.5
#7514 commented on
Jan 12, 2022 • 0 new comments