github/codeql issues and pull requests

#14389 - Release preparation for version 1.1.1

Pull Request - State: closed - Opened by codeql-ci over 2 years ago
Labels: C#, JS, C++, documentation, Java, Python, Go, Ruby, Swift, DataFlow Library

#14381 - Add skeleton bazel files for accessing the dbschemes.

Pull Request - State: closed - Opened by criemen over 2 years ago - 1 comment
Labels: C#, JS, C++, Java, Python

#14377 - Post-release preparation for codeql-cli-2.15.0

Pull Request - State: open - Opened by codeql-ci over 2 years ago
Labels: C#, JS, C++, documentation, Java, Python, Go, Ruby, Swift, DataFlow Library

#14375 - Release preparation for version 2.15.0

Pull Request - State: closed - Opened by codeql-ci over 2 years ago
Labels: C#, JS, C++, documentation, Java, Python, Go, Ruby, Swift, DataFlow Library

#14370 - Java: Enable threat models for most Java queries.

Pull Request - State: closed - Opened by michaelnebel over 2 years ago - 6 comments
Labels: documentation, Java

#14367 - Merge `rc/3.11` into `main`

Pull Request - State: closed - Opened by henrymercer over 2 years ago - 1 comment
Labels: C#, JS, C++, documentation, Mergeback, Java, Python, Go, Ruby, QL-for-QL, Swift, DataFlow Library

#14350 - Shared: Add DataFlow::DeduplicatePathGraph

Pull Request - State: closed - Opened by asgerf over 2 years ago - 5 comments
Labels: documentation, Java, Ruby, DataFlow Library

#14350 - Shared: Add DataFlow::DeduplicatePathGraph

Pull Request - State: closed - Opened by asgerf over 2 years ago - 5 comments
Labels: documentation, Java, Ruby, DataFlow Library

#14339 - JS/PY/RB/Java: escape unicode chars in overly-large-range

Pull Request - State: closed - Opened by erik-krogh over 2 years ago - 2 comments
Labels: JS, Java, Python, Ruby

#14336 - Java: Fix CFG for case rule statements.

Pull Request - State: closed - Opened by aschackmull over 2 years ago
Labels: documentation, Java

#14322 - Add Java buildless diagnostic expectations

Pull Request - State: closed - Opened by smowton over 2 years ago
Labels: Java

#14321 - All languages: Use shared FileSystem library and minor regex performance improvement.

Pull Request - State: closed - Opened by aschackmull over 2 years ago - 11 comments
Labels: C#, JS, C++, depends on internal PR, Java, Python, no-change-note-required, Go, Ruby, QL-for-QL

#14305 - Shared: add in/out barriers with flow state

Pull Request - State: closed - Opened by asgerf over 2 years ago - 2 comments
Labels: C#, C++, documentation, Java, Python, Go, Ruby, Swift, DataFlow Library

#14299 - Dataflow: Make use of defaults for language-specific hooks.

Pull Request - State: closed - Opened by aschackmull over 2 years ago
Labels: C#, C++, Java, Python, no-change-note-required, Go, Ruby, Swift, DataFlow Library

#14297 - Java: Add support for additional nodes, read steps, and store steps for QL models and model ThreadLocal.initialValue

Pull Request - State: closed - Opened by aschackmull over 2 years ago - 1 comment
Labels: Java, no-change-note-required

#14288 - Java: Add test re: buildless mode interaction with snapshot repositories

Pull Request - State: closed - Opened by smowton over 2 years ago
Labels: Java

#14287 - Bump junit:junit from 4.11 to 4.13.1 in /java/ql/integration-tests/all-platforms/java/buildless-maven

Pull Request - State: open - Opened by dependabot[bot] over 2 years ago
Labels: Java, dependencies

#14285 - Java: Test module definition in a file not named module-info.java in a buildless extraction

Pull Request - State: closed - Opened by smowton over 2 years ago
Labels: Java

#14281 - Java: standalone: add basic integration tests

Pull Request - State: closed - Opened by aibaars over 2 years ago - 1 comment
Labels: Java

#14271 - Post-release preparation for codeql-cli-2.14.6

Pull Request - State: closed - Opened by codeql-ci over 2 years ago - 1 comment
Labels: C#, JS, C++, documentation, Java, Python, Go, Ruby, Swift

#14268 - Java/Dataflow: Add new light-weight data flow api and use it in XmlParsers

Pull Request - State: closed - Opened by aschackmull over 2 years ago - 4 comments
Labels: Java, no-change-note-required, DataFlow Library

#14257 - Java: Introduce a class of dataflow nodes for the threat modeling.

Pull Request - State: closed - Opened by michaelnebel over 2 years ago - 2 comments
Labels: Java, no-change-note-required

#14256 - Release preparation for version 2.14.6

Pull Request - State: closed - Opened by codeql-ci over 2 years ago
Labels: C#, JS, C++, documentation, Java, Python, Go, Ruby, Swift

#14254 - Java: Consider AssignOps in ArithExpr

Pull Request - State: closed - Opened by atorralba over 2 years ago - 6 comments
Labels: documentation, Java

#14246 - Release automodel queries version 0.0.3

Pull Request - State: closed - Opened by starcke over 2 years ago - 1 comment
Labels: Java

#14232 - Fix formatting mistake

Pull Request - State: closed - Opened by smowton over 2 years ago
Labels: Java, no-change-note-required

#14221 - Kotlin: Add more tests to the "gradle sequential" set

Pull Request - State: closed - Opened by igfoo over 2 years ago
Labels: Java

#14207 - Updates to the Java and VS Code docs

Pull Request - State: closed - Opened by felicitymay over 2 years ago - 8 comments
Labels: documentation, Java, no-change-note-required, ready-for-doc-review

#14206 - Java: add tests for programs that don't compile

Pull Request - State: closed - Opened by smowton over 2 years ago
Labels: Java, no-change-note-required, Kotlin

#14199 - Java: Add VS Code model editor queries

Pull Request - State: closed - Opened by koesie10 over 2 years ago - 3 comments
Labels: Java, no-change-note-required

#14197 - Java: Framework mode source candidates

Pull Request - State: closed - Opened by kaeluka over 2 years ago - 2 comments
Labels: Java

#14188 - Kotlin: Support 1.9.20

Pull Request - State: closed - Opened by igfoo over 2 years ago
Labels: documentation, Java, Kotlin

#14184 - Java: Automodel, new candidates fix

Pull Request - State: closed - Opened by kaeluka over 2 years ago
Labels: Java, no-change-note-required

#14177 - C#: Quoting hotfix.

Pull Request - State: closed - Opened by michaelnebel over 2 years ago - 2 comments
Labels: C#, JS, C++, documentation, Java, Python, Go, Ruby, Swift

#14174 - Post-release preparation for codeql-cli-2.14.4

Pull Request - State: closed - Opened by codeql-ci over 2 years ago
Labels: C#, JS, C++, documentation, Java, Python, Go, Ruby, Swift

#14162 - Java: Automodel App Mode Extraction: Source Candidates

Pull Request - State: closed - Opened by kaeluka over 2 years ago - 1 comment
Labels: Java, no-change-note-required

#14156 - Java: CodeQL does not detect SSL certificate validation vulnerabilities in Apache HttpComponents

Issue - State: open - Opened by ebickle over 2 years ago - 3 comments
Labels: question, Java

#14152 - Post-release preparation for codeql-cli-2.14.4

Pull Request - State: closed - Opened by codeql-ci over 2 years ago
Labels: C#, JS, C++, documentation, Java, Python, Go, Ruby, Swift

#14147 - Release preparation for version 2.14.4

Pull Request - State: closed - Opened by codeql-ci over 2 years ago
Labels: C#, JS, C++, documentation, Java, Python, Go, Ruby, Swift

#14127 - Java: Convert implementations of `LocalUserInput` to Models-as-Data

Pull Request - State: closed - Opened by egregius313 over 2 years ago - 12 comments
Labels: documentation, Java

#14117 - Java: Delete java test query which fails to compile

Pull Request - State: closed - Opened by kaspersv over 2 years ago
Labels: Java

#14100 - Data flow: Add consistency checks to shared ql pack

Pull Request - State: closed - Opened by hvitved over 2 years ago
Labels: C#, C++, Java, Python, no-change-note-required, Ruby, Swift, DataFlow Library

#14091 - Release preparation for version 2.14.4

Pull Request - State: closed - Opened by codeql-ci over 2 years ago
Labels: C#, JS, C++, documentation, Java, Python, Go, Ruby, Swift

#14089 - Java: JWT decoding without verification

Pull Request - State: closed - Opened by am0o0 over 2 years ago - 27 comments
Labels: documentation, Java

#14089 - Java: JWT decoding without verification

Pull Request - State: closed - Opened by am0o0 over 2 years ago - 27 comments
Labels: documentation, Java

#14074 - Post-release preparation for codeql-cli-2.14.3

Pull Request - State: closed - Opened by codeql-ci over 2 years ago
Labels: C#, JS, C++, documentation, Java, Python, Go, Ruby, Swift

#14056 - Java: Re-generate Jenkins and Stapler models

Pull Request - State: closed - Opened by atorralba over 2 years ago - 2 comments
Labels: Java, no-change-note-required

#14050 - Consolidate all `InlineFlowTest` libraries in the dataflow qlpack

Pull Request - State: closed - Opened by jketema over 2 years ago
Labels: C#, documentation, Java, Go, Ruby, Kotlin

#14049 - Kotlin: We now support 1.9.10

Pull Request - State: closed - Opened by igfoo over 2 years ago
Labels: documentation, Java

#14048 - Variable capture: allow arbitrary data-flow nodes to be the source of a write

Pull Request - State: closed - Opened by asgerf over 2 years ago - 1 comment
Labels: Java, no-change-note-required

#14040 - Java: Weak Hashing Algorithm specified in `.properties` files

Pull Request - State: open - Opened by egregius313 over 2 years ago - 8 comments
Labels: documentation, Java

#14035 - Variable capture: synchronize with aliases in nested scopes

Pull Request - State: closed - Opened by asgerf over 2 years ago
Labels: Java

#14032 - Java: Use nested names in MaD signatures.

Pull Request - State: closed - Opened by aschackmull over 2 years ago
Labels: documentation, Java

#14030 - Java: Add new Apache CXF generated models

Pull Request - State: open - Opened by atorralba over 2 years ago - 3 comments
Labels: Java, no-change-note-required

#14029 - Java: Add new Apache CXF models

Pull Request - State: closed - Opened by atorralba over 2 years ago - 4 comments
Labels: documentation, Java

#14027 - ReDoS: limit concretize to strings of at most length 100

Pull Request - State: closed - Opened by erik-krogh over 2 years ago - 4 comments
Labels: JS, Java, Python, Ruby, Swift

#14018 - Kotlin: Write usesK2 ("uses Kotlin 2") information to the database

Pull Request - State: closed - Opened by igfoo over 2 years ago
Labels: Java, no-change-note-required, Kotlin

#14012 - Java: add sanitizer to command injection query

Pull Request - State: closed - Opened by knewbury01 over 2 years ago
Labels: documentation, Java

#13998 - Release preparation for version 2.14.3

Pull Request - State: closed - Opened by codeql-ci over 2 years ago
Labels: C#, JS, C++, documentation, Java, Python, Go, Ruby, Swift

#13962 - Java: Add JDK17 df-generated summary models

Pull Request - State: open - Opened by jcogs33 over 2 years ago - 5 comments
Labels: Java

#13954 - Java: Automodel: Add Candidates for Regression Testing

Pull Request - State: closed - Opened by kaeluka over 2 years ago - 12 comments
Labels: Java, no-change-note-required

#13934 - Java: Add dashes to SHA algorithm names in `Encryption.qll`

Pull Request - State: closed - Opened by egregius313 over 2 years ago
Labels: documentation, Java

#13918 - Post-release preparation for codeql-cli-2.14.2

Pull Request - State: closed - Opened by codeql-ci over 2 years ago
Labels: C#, JS, C++, documentation, Java, Python, Go, Ruby, Swift

#13916 - Java: limit field flow when tracking regex strings

Pull Request - State: closed - Opened by erik-krogh over 2 years ago - 3 comments
Labels: Java, no-change-note-required

#13903 - Java: New models for JAX-RS

Pull Request - State: closed - Opened by atorralba over 2 years ago - 1 comment
Labels: documentation, Java

#13901 - Data flow: Refactor shared library

Pull Request - State: closed - Opened by hvitved over 2 years ago
Labels: C#, C++, Java, Python, no-change-note-required, Go, Ruby, Swift, DataFlow Library

#13900 - Java: Improve `JaxWsEndpoint::getARemoteMethod`

Pull Request - State: closed - Opened by atorralba over 2 years ago - 2 comments
Labels: documentation, Java

#13899 - Java: Fix typo in `StdlibRandomSource::getOutput`

Pull Request - State: closed - Opened by egregius313 over 2 years ago
Labels: documentation, Java

#13889 - Java: remove duplicate models

Pull Request - State: closed - Opened by jcogs33 over 2 years ago - 2 comments
Labels: Java, no-change-note-required

#13886 - Java: automodel application mode: use endpoint class like in framework mode

Pull Request - State: closed - Opened by kaeluka over 2 years ago - 3 comments
Labels: Java, no-change-note-required

#13881 - Introduce shared taint tracking library

Pull Request - State: closed - Opened by jketema over 2 years ago - 7 comments
Labels: C#, C++, documentation, Java, Python, Go, Ruby, Swift

#13879 - Create separate automodel pack

Pull Request - State: closed - Opened by starcke over 2 years ago - 13 comments
Labels: C#, Java, no-change-note-required

#13851 - DataFlow: Support stateless `isSink` in `StateConfigSig`s

Pull Request - State: closed - Opened by MathiasVP over 2 years ago - 7 comments
Labels: C#, C++, documentation, Java, Python, Go, Ruby, Swift

#13778 - Java: Understand multiple parse mode flags specified in a regular expression string

Pull Request - State: closed - Opened by geoffw0 over 2 years ago - 20 comments
Labels: documentation, Java

#13773 - Java: Add XXE sinks for MDHT

Pull Request - State: closed - Opened by atorralba over 2 years ago - 2 comments
Labels: documentation, Java

#13705 - Java: Add support for Kotlin's `apply` to java/android/unsafe-android-wevbiew-fetch

Pull Request - State: open - Opened by atorralba over 2 years ago
Labels: documentation, Java

#13702 - Kotlin: Support apply

Pull Request - State: closed - Opened by atorralba over 2 years ago - 1 comment
Labels: documentation, Java, Kotlin

#13695 - DataFlow: Remove unnecessary/redundant implementations of `isBarrier/2` and `isAdditionalFlowStep/4`

Pull Request - State: open - Opened by egregius313 over 2 years ago
Labels: C#, C++, Java, Python, no-change-note-required, Go, Ruby, Swift

#13694 - DataFlow: Add default implementations of isBarrier/2 and isAddiitonalFlowStep/4

Pull Request - State: open - Opened by egregius313 over 2 years ago
Labels: C#, C++, Java, Python, no-change-note-required, Go, Ruby, Swift, DataFlow Library

#13690 - Post-release preparation for codeql-cli-2.14.0

Pull Request - State: closed - Opened by codeql-ci over 2 years ago
Labels: C#, JS, C++, documentation, Java, Python, Go, Ruby, Swift

#13684 - Release preparation for version 2.14.0

Pull Request - State: closed - Opened by codeql-ci over 2 years ago
Labels: C#, JS, C++, documentation, Java, Python, Go, Ruby, Swift

#13681 - Mergeback `rc/3.10` -> `main`

Pull Request - State: closed - Opened by dbartol over 2 years ago
Labels: C#, JS, C++, documentation, Java, Python, Go, Ruby, Swift

#13679 - DataFlow: Speed up the big step relation

Pull Request - State: open - Opened by MathiasVP over 2 years ago
Labels: C#, C++, Java, Python, no-change-note-required, Go, Ruby, Swift, DataFlow Library

#13677 - Release preparation for version 2.14.0

Pull Request - State: closed - Opened by codeql-ci over 2 years ago
Labels: C#, JS, C++, documentation, Java, Python, Go, Ruby, Swift

#13651 - Java/C#: Reduce the amount of telemetry being produced.

Pull Request - State: closed - Opened by michaelnebel over 2 years ago
Labels: C#, Java, no-change-note-required

#13638 - Remove pragma[assume_small_delta]

Pull Request - State: closed - Opened by cklin over 2 years ago - 3 comments
Labels: C#, JS, C++, Java, Python, no-change-note-required, Go, Ruby, QL-for-QL, Swift, DataFlow Library

#13636 - Java: Add metric queries for counting sinks coming from models

Pull Request - State: open - Opened by tausbn over 2 years ago
Labels: Java, no-change-note-required

#13630 - Post-release preparation for codeql-cli-2.13.5

Pull Request - State: closed - Opened by codeql-ci over 2 years ago
Labels: C#, JS, C++, documentation, Java, Python, Go, Ruby, Swift

#13608 - Java: Add Weak Randomness Query (CWE-330/338)

Pull Request - State: open - Opened by egregius313 over 2 years ago - 28 comments
Labels: documentation, Java

#13555 - Java: Decompression Bombs

Pull Request - State: open - Opened by amammad over 2 years ago - 4 comments
Labels: documentation, Java, external-contribution

#13555 - Java: Decompression Bombs

Pull Request - State: closed - Opened by am0o0 over 2 years ago - 10 comments
Labels: documentation, Java, external-contribution

#13546 - Java: Support for With[out]Element for MaD.

Pull Request - State: closed - Opened by michaelnebel over 2 years ago - 11 comments
Labels: documentation, Java, no-change-note-required

#13506 - Java: Threat Models

Pull Request - State: closed - Opened by michaelnebel over 2 years ago - 1 comment
Labels: Java, no-change-note-required

#13484 - Java: Experimental version of Java Command Injection query

Pull Request - State: closed - Opened by aegilops over 2 years ago - 4 comments
Labels: documentation, Java

#13478 - Java: Add proper support for variable capture flow.

Pull Request - State: closed - Opened by aschackmull over 2 years ago - 8 comments
Labels: documentation, Java

#13469 - ReDoS: stop spuriously matching everything when encountering an unsupported charclass

Pull Request - State: open - Opened by erik-krogh over 2 years ago
Labels: JS, Java, Python, Ruby

#13468 - ReDoS: stop spuriously matching everything when encountering an unsupported charclass

Pull Request - State: open - Opened by erik-krogh over 2 years ago - 2 comments
Labels: JS, Java, Python, Ruby

#13461 - Go: show FunctionModel steps in path summaries

Pull Request - State: open - Opened by owen-mc over 2 years ago
Labels: C#, C++, Java, Python, Go, Ruby, Swift, DataFlow Library

#13455 - Dataflow: add language-specific hook for breaking up big step relation

Pull Request - State: open - Opened by owen-mc over 2 years ago - 3 comments
Labels: C#, C++, Java, Python, no-change-note-required, Go, Ruby, Swift, DataFlow Library

#13452 - Re-factor printing of summary component stacks.

Pull Request - State: closed - Opened by michaelnebel over 2 years ago - 2 comments
Labels: C#, Java, Python, no-change-note-required, Go, Ruby, Swift, DataFlow Library

GitHub / github/codeql issues and pull requests