github/codeql issues and pull requests

#17615 - The number of paths different from codeql-cli and vscode

Issue - State: open - Opened by whyaicn 2 days ago
Labels: question

#17611 - Brodes/wcharcharconversion false positives upstream5

Pull Request - State: open - Opened by bdrodes 3 days ago - 1 comment
Labels: C++, documentation

#17610 - Brodes/wcharcharconversion false positives upstream4

Pull Request - State: closed - Opened by bdrodes 4 days ago
Labels: C++, documentation

#17609 - Brodes/wcharcharconversion false positives upstream3

Pull Request - State: closed - Opened by bdrodes 4 days ago
Labels: C++, documentation

#17608 - C++: Add more macro expansion tests

Pull Request - State: open - Opened by jketema 4 days ago
Labels: C++

#17607 - Go: Add comments noting methods from embedded interfaces are already included

Pull Request - State: closed - Opened by owen-mc 4 days ago
Labels: no-change-note-required, Go

#17606 - Rust: AST support for variables

Pull Request - State: open - Opened by hvitved 4 days ago
Labels: Rust

#17605 - Java: Add a couple of neutrals

Pull Request - State: open - Opened by aschackmull 4 days ago
Labels: Java, no-change-note-required

#17604 - Java: Add overrides to the interpretation of neutral MaD models.

Pull Request - State: open - Opened by aschackmull 4 days ago
Labels: Java

#17603 - C#: Insecure Certificate Validation.

Pull Request - State: open - Opened by michaelnebel 4 days ago - 1 comment
Labels: C#, documentation

#17602 - Rust: Prune CFG for obviously impossible `true/false` edges

Pull Request - State: open - Opened by hvitved 4 days ago
Labels: Rust

#17601 - KE2: Add CODEOWNERS

Pull Request - State: closed - Opened by igfoo 4 days ago

#17600 - KE2: Add bugfix from KE1's #17599

Pull Request - State: closed - Opened by igfoo 4 days ago
Labels: Java

#17599 - Kotlin: Fix the return type for lambda constructors

Pull Request - State: closed - Opened by igfoo 4 days ago
Labels: Java, Kotlin

#17598 - Shared: cache getBasicBlock() as it is needed from BarrierGuards

Pull Request - State: open - Opened by asgerf 4 days ago

#17597 - Java: Add model for CharArrayWriter.toString().

Pull Request - State: open - Opened by aschackmull 4 days ago - 1 comment
Labels: Java

#17596 - Update codeql-extractor.yml

Pull Request - State: closed - Opened by Arindamsharma12 4 days ago - 1 comment
Labels: JS

#17595 - Brodes/wcharcharconversion false positives upstream2

Pull Request - State: closed - Opened by bdrodes 5 days ago - 5 comments
Labels: C++, documentation

#17594 - KE2: Remove the declaration stack for now

Pull Request - State: closed - Opened by igfoo 5 days ago
Labels: Java

#17593 - C++: Make checking for macro expansions depend less on location information

Pull Request - State: closed - Opened by jketema 5 days ago
Labels: C++

#17592 - Rust: run cargo fmt

Pull Request - State: closed - Opened by aibaars 5 days ago
Labels: no-change-note-required, Rust

#17591 - Add change note for Java 23 support

Pull Request - State: closed - Opened by smowton 5 days ago
Labels: documentation, Java

#17590 - Java: FileUpload Support MaD

Pull Request - State: open - Opened by Kwstubbs 5 days ago - 4 comments
Labels: documentation, Java

#17589 - Rust: Repair rust/diagnostics/unextracted-elements

Pull Request - State: closed - Opened by geoffw0 6 days ago - 1 comment
Labels: Rust

#17588 - Rust: Improve lines-of-code counts.

Pull Request - State: open - Opened by geoffw0 6 days ago - 1 comment
Labels: Rust

#17587 - Resolve id conflict with XssWithAdditionalSources.ql

Pull Request - State: closed - Opened by 5idg5 6 days ago
Labels: JS

#17586 - Fix link to change logs on landing page

Pull Request - State: closed - Opened by felicitymay 6 days ago
Labels: documentation, no-change-note-required

#17585 - Shared: Add CFG consistency check for scopes with missing entry points

Pull Request - State: closed - Opened by hvitved 6 days ago
Labels: C#, no-change-note-required, Ruby, Rust

#17584 - Dataflow: Deduplicate results when sinks accept multiple FlowStates.

Pull Request - State: open - Opened by aschackmull 6 days ago - 1 comment
Labels: DataFlow Library

#17583 - C++: Remove `inline` pragma from sink

Pull Request - State: closed - Opened by jketema 6 days ago - 1 comment
Labels: C++, no-change-note-required

#17582 - C#: `AttributeCollection` is no longer considered a HTML sink.

Pull Request - State: closed - Opened by michaelnebel 6 days ago - 1 comment
Labels: C#, documentation

#17581 - C++: Merge the location tables

Pull Request - State: open - Opened by jketema 6 days ago
Labels: C++

#17580 - Revert changes that made the links in the drop-down on CodeQL docs site relative

Pull Request - State: closed - Opened by felicitymay 6 days ago
Labels: documentation, no-change-note-required

#17579 - Java: Add more type-based sanitizers.

Pull Request - State: open - Opened by aschackmull 6 days ago - 5 comments
Labels: Java, no-change-note-required

#17578 - Cpp: Replace sink inlining with a forward scan from source.

Pull Request - State: closed - Opened by aschackmull 6 days ago - 1 comment
Labels: C++, no-change-note-required, DataFlow Library

#17577 - python: capture flow through comprehensions

Pull Request - State: open - Opened by yoff 6 days ago
Labels: Python

#17576 - C++: Do not wrap quoted text to the next line

Pull Request - State: closed - Opened by jketema 6 days ago
Labels: C++, no-change-note-required

#17575 - False positive

Issue - State: closed - Opened by KevinHuerta26 6 days ago
Labels: false-positive

#17574 - CleartextLogging.qhelp needs more help

Issue - State: open - Opened by jsoref 6 days ago - 1 comment

#17573 - Go: zip-slip FP / missed a zip-slip guard in argoproj/argo-cd

Issue - State: open - Opened by jsoref 6 days ago - 3 comments

#17572 - Java: control-flow dependency query

Issue - State: closed - Opened by whyaicn 6 days ago - 7 comments
Labels: question

#17571 - Downgrade IncorrectIntegerConversionQuery precision to high

Pull Request - State: closed - Opened by jsoref 6 days ago
Labels: documentation, Go

#17570 - IncorrectIntegerConversionQuery precision is overly ambitious and its help should warn about false positives

Issue - State: open - Opened by jsoref 6 days ago

#17569 - Cannot find a template function definition in rapidxml

Issue - State: closed - Opened by junwha0511 6 days ago - 6 comments
Labels: question

#17567 - C# False positive: XSS via AttributeCollection

Issue - State: closed - Opened by rpmrmartin 6 days ago - 2 comments
Labels: false-positive

#17566 - Python: All dict constructor args are relevant

Pull Request - State: open - Opened by yoff 6 days ago
Labels: Python

#17565 - Python: model `urllib.parse.parse_qs`

Pull Request - State: open - Opened by yoff 6 days ago
Labels: documentation, Python

#17564 - Java 23 support

Issue - State: closed - Opened by TheDGOfficial 6 days ago - 5 comments
Labels: question

#17563 - Add setVariable models for JellyContext

Pull Request - State: open - Opened by egregius313 7 days ago - 1 comment
Labels: Java

#17562 - Cpp: Replace sink inlining with an ad-hoc forward scan from source.

Pull Request - State: closed - Opened by aschackmull 7 days ago - 1 comment
Labels: C++

#17561 - Revert "Java: add support for alert location restrictions"

Pull Request - State: closed - Opened by cklin 7 days ago
Labels: C#, C++, Java, Python, no-change-note-required, Go, Ruby, Swift, DataFlow Library

#17560 - Codegen: Do not cache injectors/projectors in `Synth` module

Pull Request - State: closed - Opened by hvitved 7 days ago
Labels: no-change-note-required, Rust, Swift

#17559 - [Java][QL] Need help improving the logic of this Java query

Issue - State: closed - Opened by chmodxxx 7 days ago - 2 comments
Labels: question

#17558 - Rust: Enable CFG consistency checks

Pull Request - State: closed - Opened by hvitved 7 days ago
Labels: C#, no-change-note-required, Ruby, Rust

#17557 - Rust: CFG improvements

Pull Request - State: closed - Opened by hvitved 7 days ago
Labels: no-change-note-required, Rust

#17556 - BigInt Documentation

Pull Request - State: open - Opened by d10c 7 days ago
Labels: documentation

#17555 - Add support for Kotlin 2.1.0-Beta1

Pull Request - State: closed - Opened by igfoo 7 days ago
Labels: documentation, Java, Kotlin

#17554 - Autofix/alert 200 81645bf527

Pull Request - State: closed - Opened by aka2024 7 days ago - 2 comments
Labels: invalid, C#, documentation, QL-for-QL

#17553 - C++: Remove FPs in cpp/wrong-number-format-arguments due to BMN

Pull Request - State: closed - Opened by calumgrant 8 days ago - 4 comments
Labels: C++, documentation

#17552 - Rust: extract parse errors as diagnostics

Pull Request - State: closed - Opened by aibaars 8 days ago
Labels: no-change-note-required, Ruby, Rust

#17551 - Autofix/alert 200 81645bf527

Pull Request - State: closed - Opened by aka2024 8 days ago - 3 comments
Labels: invalid

#17550 - WIP: KE2: Change function and class extraction to be based on `KaSymbol`

Pull Request - State: closed - Opened by tamasvajk 8 days ago
Labels: Java

#17549 - Aka2024 patch 1

Pull Request - State: closed - Opened by aka2024 8 days ago
Labels: invalid

#17548 - Shared: Post-processing query for inline test expectations

Pull Request - State: open - Opened by hvitved 8 days ago
Labels: C#, JS, C++, Java, Python, Go, Ruby, Swift, DataFlow Library

#17547 - Java: Update Java JDK 17 models.

Pull Request - State: open - Opened by michaelnebel 8 days ago - 1 comment
Labels: C#, Java, DataFlow Library

#17546 - KE2: Change Kotlin compiler version in IDEA settings

Pull Request - State: closed - Opened by tamasvajk 8 days ago

#17545 - Aka2024 patch 1

Pull Request - State: closed - Opened by aka2024 8 days ago
Labels: C#, documentation

#17544 - Java: data-flow / via-point query

Issue - State: closed - Opened by whyaicn 9 days ago - 8 comments
Labels: question

#17543 - Rust: generate the extractor

Pull Request - State: closed - Opened by aibaars 10 days ago
Labels: no-change-note-required, Rust

#17540 - Python: Expand `StringConstCompareBarrier` sanitizer gaurds to cover additional constants

Pull Request - State: closed - Opened by joefarebrother 11 days ago - 1 comment
Labels: documentation, Python

#17539 - Rust/Codegen: allow to "detach" property emission

Pull Request - State: closed - Opened by redsun82 11 days ago
Labels: Rust

#17538 - Update index.html

Pull Request - State: closed - Opened by coadaflorin 11 days ago
Labels: documentation

#17537 - Rust: take test code also from property descriptions

Pull Request - State: closed - Opened by redsun82 11 days ago
Labels: Rust

#17536 - Adapt to `sourceLocationPrefix` change in `qltest`

Pull Request - State: open - Opened by hvitved 11 days ago - 3 comments
Labels: JS, C++, depends on internal PR, Java, Python, no-change-note-required, Kotlin

#17535 - JS: Follow use-use flow after a post-update

Pull Request - State: open - Opened by asgerf 11 days ago
Labels: JS

#17534 - [do not merge] Dummy PR for Go test extraction testing

Pull Request - State: closed - Opened by smowton 11 days ago
Labels: Go

#17533 - Codegen: introduce inherited pragmas and move remaining decorations

Pull Request - State: closed - Opened by redsun82 11 days ago
Labels: Rust

#17532 - Codegen: parametrized pragmas

Pull Request - State: closed - Opened by redsun82 11 days ago

#17531 - False positive: Unread local variable used in Java assert

Issue - State: open - Opened by simonhir 11 days ago - 2 comments
Labels: false-positive

#17530 - Codegen: allow full annotation of classes

Pull Request - State: closed - Opened by redsun82 11 days ago
Labels: Rust

#17529 - Update CSV framework coverage reports

Pull Request - State: closed - Opened by github-actions[bot] 11 days ago

#17528 - Revert "Revert "Codegen: allow to include `.py` files in `schema.py`""

Pull Request - State: closed - Opened by AmberHussle19 11 days ago
Labels: invalid

#17527 - Rust: add QL doc annotations to schema

Pull Request - State: closed - Opened by aibaars 11 days ago - 2 comments
Labels: Rust

#17526 - Update from Go 1.20 to 1.22 causes CodeQL to no longer detect that we built Go code

Issue - State: open - Opened by dagood 11 days ago - 6 comments
Labels: question, Go

#17525 - Rust: Unreachable code query

Pull Request - State: open - Opened by geoffw0 11 days ago - 2 comments
Labels: documentation, no-change-note-required, ready-for-doc-review, Rust

#17524 - Revert "Codegen: allow to include `.py` files in `schema.py`"

Pull Request - State: closed - Opened by redsun82 12 days ago

#17523 - Codegen/Rust: allow breaking up schema file

Pull Request - State: closed - Opened by redsun82 12 days ago
Labels: Rust

#17522 - DO NOT MERGE (checking the right CI jobs run)

Pull Request - State: closed - Opened by owen-mc 12 days ago
Labels: DataFlow Library

#17521 - C#/Java: Content based model generation improvements.

Pull Request - State: open - Opened by michaelnebel 12 days ago - 1 comment
Labels: C#, Java, no-change-note-required, DataFlow Library

#17520 - Shared: Do not use `@kind graph` for CFG test output

Pull Request - State: closed - Opened by hvitved 12 days ago - 2 comments
Labels: C#, no-change-note-required, Ruby, Rust, Swift

#17519 - Bump rustix from 0.37.8 to 0.37.27 in /ql in the cargo group

Pull Request - State: open - Opened by dependabot[bot] 12 days ago
Labels: dependencies, QL-for-QL

#17518 - JS shared dataflow: Run CI checks after merging main

Pull Request - State: open - Opened by asgerf 12 days ago

#17517 - WIP: KE2: Split extractor to self contained entity classes

Pull Request - State: open - Opened by tamasvajk 12 days ago
Labels: Java, Kotlin

#17516 - Codegen: allow to attach docstrings after the definition

Pull Request - State: closed - Opened by redsun82 12 days ago

#17515 - Go: Run CI when shared libraries change

Pull Request - State: closed - Opened by owen-mc 12 days ago - 1 comment
Labels: no-change-note-required

#17514 - Codegen: allow to include `.py` files in `schema.py`

Pull Request - State: closed - Opened by redsun82 12 days ago

#17513 - C#/Go: Fix test expectations including double space

Pull Request - State: closed - Opened by owen-mc 12 days ago - 1 comment
Labels: C#, no-change-note-required, Go

#17512 - C#: Fix failing tests on main.

Pull Request - State: closed - Opened by michaelnebel 12 days ago - 3 comments
Labels: C#

#17511 - Adding unified changelog for 2.19.0

Pull Request - State: closed - Opened by coadaflorin 12 days ago
Labels: documentation

#17510 - Model summary for `org.springframework.core.io.getInputStream` methods

Pull Request - State: closed - Opened by mbaluda 13 days ago - 2 comments
Labels: documentation, Java

GitHub / github/codeql issues and pull requests