-
Notifications
You must be signed in to change notification settings - Fork 1.7k
Insights: github/codeql
Overview
Could not load contribution data
Please try again later
42 Pull requests merged by 19 people
-
Golang: Mark filepath.IsLocal as a tainted-path sanitizer guard
#20056 merged
Jul 15, 2025 -
C++: Add test showing that the IR translation for
typeid
is broken#20058 merged
Jul 15, 2025 -
Overlay: Add XML and Java property discarding
#20011 merged
Jul 15, 2025 -
Java: Restrict results to source literals.
#20054 merged
Jul 15, 2025 -
Java: use
overlayChangedFiles
in discard prediactes#20049 merged
Jul 15, 2025 -
C++: Fix global variable dataflow FP
#20040 merged
Jul 14, 2025 -
JavaScript: Ignore
outDir
s that would exclude everything#20030 merged
Jul 14, 2025 -
Kotlin: tweak plugin test
#20039 merged
Jul 14, 2025 -
Rust: Rename type inference test inline expectation tag
#20037 merged
Jul 14, 2025 -
Ruby: enable overlay compilation
#19731 merged
Jul 14, 2025 -
Rust: Update legacy MaD models 3
#19946 merged
Jul 14, 2025 -
Kotlin: Update regex patterns to use raw string notation
#20034 merged
Jul 14, 2025 -
Bump golang.org/x/tools from 0.34.0 to 0.35.0 in /go/extractor in the extractor-dependencies group
#20035 merged
Jul 14, 2025 -
Actions: Fix Critical Artifact poisoning False Positive
#19388 merged
Jul 14, 2025 -
C++: Fix C++20 concept related class extensions
#20026 merged
Jul 13, 2025 -
Go: Add
Head
andClient.Head
fromnet/http
as request forgery sinks#20000 merged
Jul 11, 2025 -
Java: add extra sink for
java/unsafe-deserialization
#20025 merged
Jul 11, 2025 -
Rust: add more type inference tests for patterns and a simple one for a closure call
#20029 merged
Jul 11, 2025 -
Python: Support type annotations in call graph
#19672 merged
Jul 11, 2025 -
Rust: Remove
Resolvable.resolvesAsItem
#20027 merged
Jul 11, 2025 -
C++: Better dataflow for function objects
#20023 merged
Jul 11, 2025 -
C++: Do not alert on unreachable code in
cpp/incorrect-string-type-conversion
#20014 merged
Jul 11, 2025 -
Rust: Type inference for pattern matching
#20020 merged
Jul 11, 2025 -
Support approximate related locations
#19943 merged
Jul 11, 2025 -
Rust: Fix type inference for library parameters
#19658 merged
Jul 11, 2025 -
Rust: Disambiguate associated function calls
#19995 merged
Jul 10, 2025 -
C++: Add dataflow predicate for checking if a node is the final value of a parameter
#20017 merged
Jul 10, 2025 -
Ruby: add overlay annotations to AST/CFG/SSA layers
#19989 merged
Jul 10, 2025 -
C++: Add more thread creation models
#20016 merged
Jul 10, 2025 -
Rust: Update legacy MaD models 2
#19942 merged
Jul 10, 2025 -
Rust: Add more test cases for sensitive data
#20002 merged
Jul 10, 2025 -
Rust: Update legacy MaD models 4
#19948 merged
Jul 10, 2025 -
Java: Add query to detect non-case labels in switch statements
#19998 merged
Jul 10, 2025 -
Rust: Fix bad join
#20015 merged
Jul 10, 2025 -
Bump golang.org/x/mod from 0.25.0 to 0.26.0 in /go/extractor in the extractor-dependencies group
#20009 merged
Jul 10, 2025 -
Rust: add test cases for basic unwrapping and pattern matching
#20003 merged
Jul 10, 2025 -
QL4QL: Discard predicates are always alive
#20013 merged
Jul 10, 2025 -
Download GitHub database: fix
gh
invocation#10923 merged
Jul 10, 2025 -
Rust: fix missing canonical paths for trait impls on builtin numeric types
#20001 merged
Jul 10, 2025 -
C++: Fix some typos in recent change notes
#20010 merged
Jul 10, 2025 -
Rust: Add type inference test cases for tuples.
#20004 merged
Jul 10, 2025 -
Rust: set SHA256s in
MODULE.bazel
#19999 merged
Jul 9, 2025
18 Pull requests opened by 14 people
-
Java: Promote Insecure Spring Boot Actuator Configuration query from experimental
#20006 opened
Jul 9, 2025 -
feat: add getASupertype() predicate in ValueOrRefType.
#20008 opened
Jul 10, 2025 -
Java: Update qhelp: SnakeYaml is safe from version 2.0
#20018 opened
Jul 10, 2025 -
Shared: Improve sensitive data heuristics
#20024 opened
Jul 11, 2025 -
Experiment: Make all data flow incremental
#20028 opened
Jul 11, 2025 -
Kotlin: Run the tests with 2.2.0
#20031 opened
Jul 11, 2025 -
Python: Modernize 3 quality queries for comparison methods
#20038 opened
Jul 14, 2025 -
Rust: Type inference for tuples
#20041 opened
Jul 14, 2025 -
Rust: Make rust/summary/query-sinks less noisy
#20042 opened
Jul 14, 2025 -
Shared: Overhaul the AlertFiltering QLDoc
#20047 opened
Jul 14, 2025 -
JS: Exclude patched libraries from `xml-bomb` sink
#20048 opened
Jul 15, 2025 -
Rust: Do not let type info flow into a let statement identifier when …
#20051 opened
Jul 15, 2025 -
Python: Minor documantation updates to several quality queries
#20052 opened
Jul 15, 2025 -
Go: Fix compilation of DataFlowImplConsistency.qll
#20053 opened
Jul 15, 2025 -
Rust: upgrade to rust 1.88 and rust-analyzer 0.0.294
#20055 opened
Jul 15, 2025 -
Java: Accept new test result after extractor upgrade
#20057 opened
Jul 15, 2025 -
C++: Reduce duplication in `cpp/uncontrolled-process-operation`
#20059 opened
Jul 15, 2025 -
C++: Fix typeid IR translation
#20060 opened
Jul 15, 2025
7 Issues closed by 4 people
-
[removed]
#20046 closed
Jul 15, 2025 -
[removed]
#20045 closed
Jul 15, 2025 -
General issue [removed]
#20044 closed
Jul 15, 2025 -
C# ReturnStmt (and other statements) doesn't return any getExpr() nor any getAChild() since v2.21.1
#20033 closed
Jul 14, 2025 -
- Add rake task to verify <<next>> placeholders are replaced when VERSION changes
#20036 closed
Jul 14, 2025 -
False positive
#20022 closed
Jul 11, 2025 -
Rust: Learn from other security products
#20007 closed
Jul 10, 2025
3 Issues opened by 3 people
-
General issue: How to make QL scripts support accepting command-line arguments
#20050 opened
Jul 15, 2025 -
False positive: go/zipslip when `filepath.IsLocal` is already used
#20043 opened
Jul 14, 2025 -
General issue: Find the annotated type of a C# base interface
#20032 opened
Jul 11, 2025
12 Unresolved conversations
Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.
-
Python: Modernize 4 queries for missing/multiple calls to init/del methods
#19932 commented on
Jul 14, 2025 • 8 new comments -
Rust: Update SqlxQuery, SqlxExecute to use getCanonicalPath
#19802 commented on
Jul 11, 2025 • 3 new comments -
C#: Improve some existing manual models.
#19940 commented on
Jul 15, 2025 • 3 new comments -
Diff-informed queries: phase 3 (non-trivial locations)
#19957 commented on
Jul 15, 2025 • 1 new comment -
sec shared
#19984 commented on
Jul 14, 2025 • 1 new comment -
[Rust] weird behavior in dataflow when trying to select a specific node
#19983 commented on
Jul 9, 2025 • 0 new comments -
CodeQL Docs: SnakeYaml is now secure by default
#19664 commented on
Jul 10, 2025 • 0 new comments -
ShellEscape aint always escaping shells
#19906 commented on
Jul 10, 2025 • 0 new comments -
Idea/Feature request: codeql as MCP Server
#19150 commented on
Jul 14, 2025 • 0 new comments -
Overlay: Enable overlay compilation for Java
#19872 commented on
Jul 15, 2025 • 0 new comments -
Rust: Rework type inference for impl Trait in return position
#19954 commented on
Jul 11, 2025 • 0 new comments -
Just: introduce common "verbs"
#19978 commented on
Jul 10, 2025 • 0 new comments