22 Pull requests merged by 13 people

• Merge `codeql-cli-2.15.5` back to `main`

  #15236 merged Jan 5, 2024

• Ruby: Add `[]` to the methods returning an `ActionController::Parameters"

  #15234 merged Jan 5, 2024

• Python: Fix typo in upgrade script

  #15237 merged Jan 5, 2024

• Merge `codeql-cli-2.15.4` into `codeql-cli-2.15.5`

  #15229 merged Jan 5, 2024

• Python: Automated subclass models

  #15044 merged Jan 5, 2024

• Java/C#: Make it possible to specify subfolder location of generated model files.

  #15228 merged Jan 5, 2024

• C#: Update DB stats.

  #15222 merged Jan 5, 2024

• Add test for Java buildless vs Maven multimodule projects

  #15227 merged Jan 4, 2024

• 0.0.11 release of `automodel` extraction queries

  #15226 merged Jan 4, 2024

• Go: Stratify `CFG::succ` to avoid recursion

  #15162 merged Jan 4, 2024

• C#: Fix Log forging false positive.

  #15212 merged Jan 4, 2024

• ensure `publish.sh` uses the latest `automodel` release

  #15165 merged Jan 4, 2024

• Update CSV framework coverage reports

  #15220 merged Jan 4, 2024

• Go: report any extracted file as successfully extracted

  #15211 merged Jan 3, 2024

• Go: fix FP in incorrect integer conversion query relating to strict comparisons with MaxInt and MaxUint

  #15128 merged Jan 3, 2024

• C++: Improve special members test by printing more function details

  #15214 merged Jan 3, 2024

• Add missing `override`.

  #15190 merged Jan 3, 2024

• Kotlin 2: Accept changes in query-tests/UnderscoreIdentifier

  #15049 merged Jan 3, 2024

• Ruby: Model editor improvements

  #15048 merged Jan 3, 2024

• C#: .NET 8 Runtime models.

  #15174 merged Jan 3, 2024

• C++: Support more function types

  #15210 merged Jan 3, 2024

• C++: Support attribute arguments that are expressions

  #15197 merged Jan 2, 2024

12 Pull requests opened by 11 people

• C++: Accept test changes after frontend upgrade

  #15213 opened Jan 3, 2024

• Go: extract entities for type parameters

  #15216 opened Jan 3, 2024

• Swift: switch to shared, parameterized CFG library

  #15219 opened Jan 3, 2024

• JS: promote `PropsTaintStep` to a `PreCallGraphStep`

  #15221 opened Jan 4, 2024

• Add test for erb flow

  #15223 opened Jan 4, 2024

• Ruby: update tree-sitter-ruby

  #15224 opened Jan 4, 2024

• Java: Bring the Model Diff workflow back into a working state.

  #15225 opened Jan 4, 2024

• Swift: Add dataflow tests for property wrappers and SwiftUI

  #15230 opened Jan 4, 2024

• Note Java 21 support

  #15231 opened Jan 5, 2024

• Bazel: Bump dependant rules versions.

  #15232 opened Jan 5, 2024

• C++: Uncomment `@function.kind` in the dbscheme

  #15233 opened Jan 5, 2024

• Replace blog link with link to GitHub user docs

  #15235 opened Jan 5, 2024

5 Issues closed by 5 people

• False positive CWE-117 C#

  #15195 closed Jan 4, 2024

• CodeQL Rediscovering Alerts Marked As "False Positive"

  #15218 closed Jan 3, 2024

• github upload-results fails when uploading large SARIF with incorrect error message

  #15209 closed Jan 3, 2024

• Exit status -1073741515 when doing ruby analysis on Windows 2019

  #15139 closed Jan 2, 2024

• 'IOException while executing process..' error while database initialization

  #15208 closed Jan 2, 2024

2 Issues opened by 2 people

• Create java database error：[ERROR] dataset import> diagnostic.trap.gz, 35344: java.io.EOFException: Unexpected end of ZLIB input stream.

  #15217 opened Jan 3, 2024

• Taint Tracking of Function Passed Through JSX Attributes

  #15207 opened Dec 30, 2023

27 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• 32 cpp string concatenation library

  #14954 commented on Jan 5, 2024 • 18 new comments

• Swift: Query for Use of an inappropriate cryptographic hashing algorithm on passwords

  #15122 commented on Jan 5, 2024 • 13 new comments

• Go: fasthttp

  #14123 commented on Jan 4, 2024 • 4 new comments

• Java: Environment variable injection query

  #14724 commented on Jan 5, 2024 • 4 new comments

• C#: Add flow steps from a PageModel to cshtml page.

  #15039 commented on Jan 4, 2024 • 3 new comments

• Go: Decompression Bombs

  #13553 commented on Jan 4, 2024 • 3 new comments

• JS: Web Cache Deception Express

  #15180 commented on Jan 4, 2024 • 3 new comments

• Error in creating a new java pro database

  #15198 commented on Jan 2, 2024 • 2 new comments

• Encountering a Problem with CodeQL-ruby Query during the Execution Phase of the epsilonStar Function

  #15199 commented on Jan 3, 2024 • 2 new comments

• Create database failed with "diagnostic.trap.gz, 22593: java.io.EOFException: Unexpected end of ZLIB input stream"

  #11829 commented on Jan 5, 2024 • 2 new comments

• Go: Support Go 1.22

  #15202 commented on Jan 3, 2024 • 2 new comments

• Ruby: Add Insecure Randomness Query

  #14554 commented on Jan 2, 2024 • 2 new comments

• Swift: implement type pruning for dataflow

  #14592 commented on Jan 4, 2024 • 1 new comment

• False positive – "Statement has no effect" for Python type hint ellipsis

  #11351 commented on Jan 5, 2024 • 1 new comment

• General issue Python:Unable to recognize calling a method through an instance member of a class

  #14899 commented on Jan 2, 2024 • 1 new comment

• Update Kernel.qll to include `Object.send` aliases

  #15203 commented on Jan 2, 2024 • 1 new comment

• Python: Add support for more URL redirect sanitisers.

  #15187 commented on Jan 3, 2024 • 0 new comments

• C#/Java: Increase precision of model generation.

  #15179 commented on Jan 5, 2024 • 0 new comments

• Python: Mention more sanitisation options in py/url-redirection qhelp.

  #15176 commented on Jan 3, 2024 • 0 new comments

• C#: Improve arg-param mapping logic to better handle arguments passed to `params` parameters

  #15175 commented on Jan 4, 2024 • 0 new comments

• Data flow: Avoid unnecessary non-linear recursion in `fwdFlowIn`

  #15157 commented on Jan 5, 2024 • 0 new comments

• Upgrade to bazel 7.

  #15068 commented on Jan 5, 2024 • 0 new comments

• Java: Improve Gson parse, get, and stream models

  #14926 commented on Jan 2, 2024 • 0 new comments

• Java: openjdk model autogeneration

  #14919 commented on Jan 4, 2024 • 0 new comments

• Java: Add more sinks to the Insecure Randomness query

  #14681 commented on Jan 4, 2024 • 0 new comments

• add security-severity score to code scanning query list

  #12557 commented on Jan 2, 2024 • 0 new comments

• False positive - Ruby on Rails: SQL query built from user-controlled sources

  #14546 commented on Jan 2, 2024 • 0 new comments