github / codeql Public

25 Pull requests merged by 16 people

• C++: Remove `rank` aggregate in `SsaInternals`

  #7525 merged Jan 6, 2022

• Solorigate: Extract to separate qlpack

  #7431 merged Jan 6, 2022

• C#: Introduce Csv validation on kind.

  #7516 merged Jan 6, 2022

• C#: Introduce flow summaries for StringValues.

  #7465 merged Jan 6, 2022

• Python: Extend unreachable statement test

  #7518 merged Jan 6, 2022

• Remove experimental tag from non-ATM queries

  #7416 merged Jan 5, 2022

• C#: Treat QL test stubs as not from source

  #7509 merged Jan 5, 2022

• Ruby: Add `rb/weak-cookie-configuration` query

  #7313 merged Jan 5, 2022

• Update clap requirement from 2.33 to 3.0 in /ruby/generator

  #7498 merged Jan 5, 2022

• C++: Increase precision of `cpp/arithmetic-uncontrolled` to `high`

  #7459 merged Jan 5, 2022

• Update CSV framework coverage reports

  #7513 merged Jan 5, 2022

• Python: remove duplicated spaces in qldoc

  #7511 merged Jan 4, 2022

• Release preparation for version 2.7.5

  #7510 merged Jan 4, 2022

• C++: relax ambiguously-signed-bit-field by allowing GLib's gboolean

  #7493 merged Jan 4, 2022

• Python: Fix another change note typo

  #7508 merged Jan 4, 2022

• QL: add "modelling/modeling" to `ql/non-us-spelling`

  #7458 merged Jan 4, 2022

• Propagate taint through AbstractStringBuilder.reverse()

  #7500 merged Jan 4, 2022

• CPP: Add query for CWE-266 Incorrect Privilege Assignment

  #6949 merged Jan 4, 2022

• Python: Fix typo in change note

  #7506 merged Jan 4, 2022

• Ruby: Flow through arrays/enumerables

  #7198 merged Jan 4, 2022

• JS/Py/Ruby: Add more CWEs to bad-tag-filter queries

  #7369 merged Jan 4, 2022

• C#: Re-factor the ForEachCapture query to use MaD flow summaries.

  #7468 merged Jan 4, 2022

• Move change notes to correct location

  #7503 merged Jan 4, 2022

• Post-release preparation for codeql-cli-2.7.4

  #7407 merged Jan 3, 2022

• QL: Support trailing comma in set literals

  #7502 merged Jan 3, 2022

10 Pull requests opened by 10 people

• Update clap requirement from 2.33 to 3.0 in /ruby/extractor

  #7499 opened Jan 3, 2022

• C#: Refactor and cleanup LibraryTypeDataFlow

  #7507 opened Jan 4, 2022

• Post-release preparation for codeql-cli-2.7.5

  #7514 opened Jan 5, 2022

• C#: Introduce extractor mode to identify DBs created with `codeql test run`

  #7515 opened Jan 5, 2022

• C++: Remove bad self joins in `cpp/toctou-race-condition`.

  #7517 opened Jan 5, 2022

• Experiment with a fixed threshold

  #7519 opened Jan 5, 2022

• C++: Use Guards library in Overflow.qll

  #7521 opened Jan 5, 2022

• Don't include arg -> param edges in PathGraph::edges where arg is not reachable

  #7526 opened Jan 6, 2022

• Update license text for CodeQL CLI to reflect GHAS

  #7528 opened Jan 6, 2022

• QL: recognize dependecies of the form: libraryPathDependencies: library-name

  #7529 opened Jan 6, 2022

6 Issues closed by 6 people

• C/C++: LGTM.com run failed on PR but CI succeeds after changes to CMakeLists.txt

  #7055 closed Jan 6, 2022

• Unsafe Jquery Plugin - Potential False Negative

  #7485 closed Jan 6, 2022

• What's the difference between these two API: getASourceSupertype and getASupertype?

  #7522 closed Jan 6, 2022

• LGTM.com - false positive - cpp/ambiguously-signed-bit-field with glib

  #7491 closed Jan 4, 2022

• java/ql/src/Security/CWE/CWE-020/ExternalAPIsUsedWithUntrustedData.ql. Error was: Unknown kind "Table" when converting to analysis model. [UNSUPPORTED_KIND]

  #7494 closed Jan 1, 2022

• dataflow can't flow from one project to another in java query

  #7492 closed Dec 31, 2021

2 Issues opened by 2 people

• Add certain types of indirect function calls to the C++ call graph

  #7520 opened Jan 5, 2022

• LGTM.com - false positive

  #7497 opened Jan 3, 2022

21 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• JS: Initial models-as-data implementation

  #7171 commented on Jan 6, 2022 • 18 new comments

• Python: Add shutil module sinks for path injection query

  #7455 commented on Jan 6, 2022 • 10 new comments

• JS: DB reads as taint sources

  #7474 commented on Jan 5, 2022 • 5 new comments

• [Feature Request] support add constraint on typeVariable while perform virtual dispatch in java query

  #7486 commented on Jan 5, 2022 • 2 new comments

• Java: Promote Cleartext storage of sensitive information using SharedPreferences from experimental

  #6468 commented on Jan 5, 2022 • 2 new comments

• QL: Add query detecting suspiciously missing parameters from the QLDoc of a predicate

  #7450 commented on Jan 4, 2022 • 2 new comments

• Fix example in JavaScript query

  #7489 commented on Jan 4, 2022 • 2 new comments

• Kotlin support

  #4699 commented on Jan 5, 2022 • 1 new comment

• CI: Ignore path for compiled languages

  #5618 commented on Jan 6, 2022 • 1 new comment

• Update README.md

  #5893 commented on Jan 6, 2022 • 1 new comment

• Python: Port and extend XXE modeling

  #6112 commented on Jan 4, 2022 • 1 new comment

• Java: Start running telemetry queries on Code Scanning

  #7417 commented on Jan 5, 2022 • 1 new comment

• C#: Promote existing ad-hoc consistency checks to consistency queries

  #7469 commented on Jan 4, 2022 • 1 new comment

• QL-for-QL: Add a redundant aggregate query

  #7472 commented on Jan 5, 2022 • 1 new comment

• Ruby: Rails route resolution

  #7061 commented on Jan 5, 2022 • 0 new comments

• Ruby: Resolve simple string interpolations

  #7334 commented on Jan 5, 2022 • 0 new comments

• Dataflow: Add support for flow state

  #7349 commented on Jan 5, 2022 • 0 new comments

• Move upgrades into standard library packs

  #7355 commented on Jan 5, 2022 • 0 new comments

• Add instructions for creating change notes.

  #7400 commented on Jan 5, 2022 • 0 new comments

• Ruby: Add Module#const_get as a code execution

  #7419 commented on Jan 6, 2022 • 0 new comments

• C#: Shared extraction

  #7456 commented on Jan 6, 2022 • 0 new comments