Pulse · github/codeql · GitHub

November 16, 2024 – November 23, 2024

Overview

94 Active pull requests

9 Active issues

72 Pull requests merged by 23 people

C++: Implement compilation_build_mode
#18080 merged Nov 22, 2024
C++: Remove FPs from cpp/too-few-arguments
#17919 merged Nov 22, 2024
KE2: Small refactoring
#18075 merged Nov 22, 2024
KE2: Add warnings-as-error to build system, but commented out for now
#18076 merged Nov 22, 2024
KE2: Reenable more code for ExprParent.stmt
#18077 merged Nov 22, 2024
KE2: Remove some dead code
#18079 merged Nov 22, 2024
Rust: fix regression in getFormat indexing
#18074 merged Nov 22, 2024
Rust: fix parent/child relationship for format entities
#18071 merged Nov 22, 2024
Rust: Extend data flow library instantiation for global data flow
#18056 merged Nov 22, 2024
Revert "C++: Implement compilation_build_mode"
#18072 merged Nov 22, 2024
Post-release preparation for codeql-cli-2.19.4
#18067 merged Nov 22, 2024
KE2: Use the right language version
#18064 merged Nov 22, 2024
KE2: Start working on KtTypes
#18031 merged Nov 22, 2024
C++: Implement compilation_build_mode
#18009 merged Nov 22, 2024
Python: Add some test cases for flow involving global and captured variables
#18037 merged Nov 22, 2024
Delete Automodel Queries
#18022 merged Nov 22, 2024
Rust: SQL Injection Query
#18025 merged Nov 21, 2024
CI: Set --ram in compile-queries.yml
#18053 merged Nov 21, 2024
JS: Added support for [Object, Map].groupBy ES2024 feature
#18008 merged Nov 21, 2024
Release preparation for version 2.19.4
#18065 merged Nov 21, 2024
Revert "Revert "Post-release preparation for codeql-cli-2.19.4""
#18063 merged Nov 21, 2024
Revert "Merge pull request #18036 from github/release-prep/2.19.4"
#18062 merged Nov 21, 2024
Revert "Merge pull request #17938 from MathiasVP/fix-fp-in-missing-check-scanf-fixing-take-2"
#18057 merged Nov 21, 2024
Revert "Post-release preparation for codeql-cli-2.19.4"
#18059 merged Nov 21, 2024
JS: Added taint-step String.prototype.toWellFormed ES2023 feature
#18047 merged Nov 21, 2024
Update CSV framework coverage reports
#18051 merged Nov 21, 2024
Rust: Add (auto-generated) CFG node wrapper classes
#17918 merged Nov 21, 2024
Data flow: Track call contexts in parameterValueFlow
#17876 merged Nov 21, 2024
Add Deserialize() and Deserialize<T> to System.Web.Serialization stubs
#18052 merged Nov 21, 2024
Rust: Include self parameters in the CFG
#18041 merged Nov 21, 2024
JS: Added support for Array.prototype.[findLastIndex, findLast] ES2022 feature
#18005 merged Nov 21, 2024
KE2: Fix build
#18027 merged Nov 20, 2024
Util: Refactor DenseRank implementation
#18042 merged Nov 20, 2024
Go: reinstate models-as-data sink conversions with fixes
#17494 merged Nov 20, 2024
C++: Reduce number of FPs cpp/guarded-free and turn if(x) { free(x) } cases from FNs to TPs
#17986 merged Nov 20, 2024
BigInt GA: update docs
#17987 merged Nov 20, 2024
C#: Update to .NET 9
#18033 merged Nov 20, 2024
Update CSV framework coverage reports
#18040 merged Nov 20, 2024
Go: Allow package-level variables in models-as-data models
#18034 merged Nov 19, 2024
Post-release preparation for codeql-cli-2.19.4
#18039 merged Nov 19, 2024
C++: fix typo in qhelp
#18038 merged Nov 19, 2024
KE2: Extract if expressions/statements
#18028 merged Nov 19, 2024
Release preparation for version 2.19.4
#18036 merged Nov 19, 2024
Python: Fix pruning of literals in match pattern
#18030 merged Nov 19, 2024
Rust: Add local data flow edge for SSA nodes
#18026 merged Nov 19, 2024
Python: Bottle Framework Support
#17370 merged Nov 19, 2024
Rust: Handle early returns in async blocks in CFG
#18024 merged Nov 19, 2024
C#: Update to .NET9.
#17999 merged Nov 19, 2024
Bazel: add an install shortcut and an experimental attribute to codeql_pack
#18023 merged Nov 19, 2024
KE2: Use the right file numbers
#18016 merged Nov 19, 2024
C#: Add generated higher order models for .NET8 Runtime.
#17845 merged Nov 19, 2024
KE2: Extract parenthesized expressions
#18006 merged Nov 19, 2024
Rust: Include patterns as data flow nodes
#17971 merged Nov 19, 2024
Rust: Include method calls in DataFlowCall and implement simple call target resolution
#18010 merged Nov 19, 2024
Rust: Improve CFG for let expressions
#18007 merged Nov 19, 2024
Revert "Revert "C++: Do not generate IR for functions with multiple entry points""
#18004 merged Nov 19, 2024
Revert "Revert "Rust: allow to specify more cargo configuration options""
#18012 merged Nov 19, 2024
Java: fix unreachable basic blocks in const switch stmt
#17988 merged Nov 19, 2024
Go: set subtypes column to true for models where it has a meaning
#17966 merged Nov 19, 2024
Remove duplicated "Supported CPU architectures" from "Supported platforms" table
#18015 merged Nov 18, 2024
C++: Add another IR consistency query
#18013 merged Nov 18, 2024
Rust: only accept options.yml in QL tests
#18003 merged Nov 18, 2024
C++: Fix some FPs in cpp/missing-check-scanf (second attempt)
#17938 merged Nov 18, 2024
Revert "Rust: allow to specify more cargo configuration options"
#18011 merged Nov 18, 2024
JS: Added support for Array.prototype.with() ES2023 feature
#17993 merged Nov 18, 2024
Rust: allow to specify more cargo configuration options
#17937 merged Nov 18, 2024
JS: Follow use-use flow after a post-update
#17535 merged Nov 18, 2024
Swift: More model repairs for Swift 6
#17989 merged Nov 18, 2024
C#: Consider the extraction of empty binlog files acceptable
#17992 merged Nov 18, 2024
Rust: add optional dependencies to ql tests
#18002 merged Nov 18, 2024
Rust: Fix default source and sink in inline flow test
#17995 merged Nov 18, 2024
JS: Added support for Array.prototype.toSpliced() ES2023 feature
#17977 merged Nov 18, 2024

22 Pull requests opened by 16 people

Go: Fix missing promoted fields due to name clash
#18001 opened Nov 17, 2024
Brodes/seh flow phase1 throwing models
#18014 opened Nov 18, 2024
C++: Generate int-to-bool conversion instructions in C code
#18017 opened Nov 18, 2024
C#: Set proxy environment variables, if Dependabot proxy is detected
#18029 opened Nov 19, 2024
Rust: add some `toString` implementations
#18035 opened Nov 19, 2024
JS: Fix jump steps generated by IIFEs and exception flow
#18043 opened Nov 20, 2024
JS: Merge 'main' and implement 'speculativeTaintStep'
#18044 opened Nov 20, 2024
C++: Add a dataflow model for `CComBSTR`
#18046 opened Nov 20, 2024
Cherry-pick -> KE2: Bazel: Flip --incompatible_use_plus_in_repo_names.
#18048 opened Nov 20, 2024
Brodes/seh flow phase2 splitting seh edges
#18049 opened Nov 20, 2024
JS: Enabled Regular Expression Unicode Sets
#18055 opened Nov 21, 2024
KE2: Extract `when` expressions
#18058 opened Nov 21, 2024
C#: Default subtypes to true.
#18060 opened Nov 21, 2024
JS: Reworked CWE-643 test cases
#18066 opened Nov 21, 2024
Rust: Add some flow source models
#18069 opened Nov 22, 2024
Rust: Use extended canonical paths to resolve calls in data flow
#18070 opened Nov 22, 2024
WIP: SimpleRA BigInt Rewrite
#18073 opened Nov 22, 2024
Rust: Flow through enum constructors
#18078 opened Nov 22, 2024
KE2: Add more dbscheme comments
#18081 opened Nov 22, 2024
Rust: add extended canonical paths on enum variants
#18083 opened Nov 22, 2024
Java: add SHA3 family to list of secure crypto algorithms
#18084 opened Nov 22, 2024
Add script and VSCode task for creating change notes
#18086 opened Nov 22, 2024

5 Issues closed by 5 people

[BUG] CodeQL Fails to Process --include=<arg> in clang Commands
#18019 closed Nov 22, 2024
A problem about how to find a calltrace through a method
#17872 closed Nov 21, 2024
[Feature Request] Allow Field Constraints in Member Predicates for Enhanced Flexibility in Class Queries
#17990 closed Nov 19, 2024
View messages
#18021 closed Nov 19, 2024
CodeQL fails to find struct field refs
#18020 closed Nov 19, 2024

4 Issues opened by 4 people

[java] False positive
#18082 opened Nov 22, 2024
[Java] - Limiting Flows Based on Patterns
#18050 opened Nov 20, 2024
Limit Cache Size on Disk
#18045 opened Nov 20, 2024
Generating --dot format report output dot file with wrong syntax
#18032 opened Nov 19, 2024

16 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

Go: Models as Data Documentation
#17258 commented on Nov 20, 2024 • 13 new comments
Java: IPA the CFG (second try)
#17970 commented on Nov 22, 2024 • 13 new comments
java: inline range test
#17997 commented on Nov 19, 2024 • 10 new comments
Java: Add a default taint sanitizer for contains-checks on lists of constants
#17901 commented on Nov 22, 2024 • 2 new comments
Brodes/seh flow overhaul2
#17676 commented on Nov 20, 2024 • 1 new comment
Python: Promote Template Injection query from experimental
#17922 commented on Nov 22, 2024 • 1 new comment
Add support for PowerShell as a supported language in CodeQL
#17927 commented on Nov 18, 2024 • 0 new comments
C/C++: Paths reported in sarif results contain extra back slashes in latest version of CodeQL (2.19.2)
#17972 commented on Nov 22, 2024 • 0 new comments
C++: Merge the location tables
#17581 commented on Nov 18, 2024 • 0 new comments
Java: FileUpload Support MaD
#17590 commented on Nov 20, 2024 • 0 new comments
Swift: make extractor compilable with Swift 6
#17699 commented on Nov 18, 2024 • 0 new comments
Java: Improve weak crypto query
#17869 commented on Nov 21, 2024 • 0 new comments
Go: `database` local source models
#17905 commented on Nov 22, 2024 • 0 new comments
Rust: Add unresolved macro calls diagnostic
#17940 commented on Nov 22, 2024 • 0 new comments
CI: use `git-lfs` fork for `git_lfs_probe.py`
#17969 commented on Nov 19, 2024 • 0 new comments
Rust: extract types
#18000 commented on Nov 19, 2024 • 0 new comments