github/codeql issues and pull requests

#16965 - Java: add path-injection sink for `hudson.FilePath.exists()`

Pull Request - State: closed - Opened by jcogs33 over 1 year ago - 1 comment
Labels: documentation, Java

#16958 - Java: Tag `java/non-https-url` with CWE-345 ("Insufficient Verification of Data Authenticity")

Pull Request - State: closed - Opened by max-schaefer over 1 year ago
Labels: Java, no-change-note-required

#16955 - Kotlin: Kotlin support is now out of beta, and generally available

Pull Request - State: closed - Opened by igfoo over 1 year ago
Labels: documentation, Java, ready-for-doc-review

#16932 - Kotlin: Add 2.0.20 support

Pull Request - State: closed - Opened by igfoo over 1 year ago - 2 comments
Labels: documentation, Java, Kotlin

#16921 - Release preparation for version 2.18.0

Pull Request - State: closed - Opened by codeql-ci over 1 year ago
Labels: C#, JS, C++, documentation, Java, Python, Go, Ruby, Swift, DataFlow Library

#16914 - Java: Improve Android app detection

Pull Request - State: closed - Opened by owen-mc over 1 year ago - 1 comment
Labels: documentation, Java

#16900 - Java: Adopt shared SSA library

Pull Request - State: open - Opened by hvitved over 1 year ago - 1 comment
Labels: Java, no-change-note-required

#16899 - Java/Kotlin: Remove legacy $SEMMLE_DIST support

Pull Request - State: closed - Opened by igfoo over 1 year ago
Labels: documentation, Java, Kotlin

#16896 - SSA: Add `BasicBlock.{getNode/1,length/0}` to the input signature

Pull Request - State: closed - Opened by hvitved over 1 year ago
Labels: C#, C++, Java, Python, no-change-note-required, Ruby, Swift, DataFlow Library

#16848 - Users/chanely/insecure sql connection versioncheck

Pull Request - State: closed - Opened by chanel-y over 1 year ago - 2 comments
Labels: C#, JS, C++, documentation, Java, Python, Go, Ruby, Swift, DataFlow Library

#16847 - Java: Adjust test expectations for Java diagnostic severity changes

Pull Request - State: closed - Opened by smowton over 1 year ago - 1 comment
Labels: Java

#16835 - Java: Replace the MaD Object.clone() models with a non-aliasing value step.

Pull Request - State: closed - Opened by aschackmull over 1 year ago - 2 comments
Labels: Java, no-change-note-required

#16831 - Backport Maven regex fix to rc/3.14

Pull Request - State: closed - Opened by smowton over 1 year ago
Labels: Java

#16830 - Post-release preparation for codeql-cli-2.17.6

Pull Request - State: closed - Opened by codeql-ci over 1 year ago
Labels: C#, JS, C++, documentation, Java, Python, Go, Ruby, Swift, DataFlow Library

#16823 - Java: Adjust and tolerate variability in test expectations

Pull Request - State: closed - Opened by smowton over 1 year ago - 1 comment
Labels: Java

#16821 - Release preparation for version 2.17.6

Pull Request - State: closed - Opened by codeql-ci over 1 year ago
Labels: C#, JS, C++, documentation, Java, Python, Go, Ruby, Swift, DataFlow Library

#16810 - Java: add diagnostic query indicating low database quality

Pull Request - State: closed - Opened by smowton over 1 year ago - 4 comments
Labels: documentation, Java, ready-for-doc-review

#16808 - Align Java CommandInjectionRuntimeExec.ql Severity

Pull Request - State: closed - Opened by JLLeitschuh over 1 year ago - 1 comment
Labels: Java

#16785 - Dataflow: Replace stage 3 type pruning with flow-insensitive type pruning.

Pull Request - State: closed - Opened by aschackmull over 1 year ago - 4 comments
Labels: C#, C++, Java, Python, no-change-note-required, Go, Ruby, Swift, DataFlow Library

#16784 - C++/Java: Accept new warning format in ql tests

Pull Request - State: closed - Opened by redsun82 over 1 year ago
Labels: JS, C++, depends on internal PR, Java, Python

#16775 - C#/Java: Parameterized module for model printing.

Pull Request - State: closed - Opened by michaelnebel over 1 year ago - 1 comment
Labels: C#, Java, no-change-note-required

#16772 - Java: Opt-in `java/tainted-permissions-check` to threat models.

Pull Request - State: closed - Opened by michaelnebel over 1 year ago
Labels: documentation, Java

#16761 - Java: Exclude loopback address from reverse DNS source

Pull Request - State: closed - Opened by owen-mc over 1 year ago
Labels: documentation, Java

#16760 - Java: make a separate threat model kind for reverse DNS sources

Pull Request - State: closed - Opened by owen-mc over 1 year ago - 3 comments
Labels: documentation, Java

#16759 - C#/Java: Introduce source and sink model generation sanitisers.

Pull Request - State: closed - Opened by michaelnebel over 1 year ago
Labels: C#, Java, no-change-note-required

#16752 - C#/Java: Add some (shared) helper classes for Neutrals, Sources and Sink

Pull Request - State: closed - Opened by michaelnebel over 1 year ago - 1 comment
Labels: C#, Java, no-change-note-required, DataFlow Library

#16736 - Java/Kotlin: Tag the LoC queries 'debug'

Pull Request - State: closed - Opened by igfoo over 1 year ago
Labels: Java, no-change-note-required

#16725 - Mergeback from `rc/3.14`

Pull Request - State: closed - Opened by MathiasVP over 1 year ago
Labels: C#, JS, C++, documentation, Java, Python, Go, Ruby, Swift, DataFlow Library

#16722 - C#/Java: Respect manual neutrals, sources and sinks in model generation.

Pull Request - State: closed - Opened by michaelnebel over 1 year ago - 2 comments
Labels: C#, Java, no-change-note-required

#16720 - Kotlin: cleanup after internal changes

Pull Request - State: closed - Opened by redsun82 over 1 year ago - 6 comments
Labels: depends on internal PR, documentation, Java, Kotlin

#16717 - Post-release preparation for codeql-cli-2.17.5

Pull Request - State: closed - Opened by codeql-ci over 1 year ago
Labels: C#, JS, C++, documentation, Java, Python, Go, Ruby, Swift, DataFlow Library

#16715 - Release preparation for version 2.17.5

Pull Request - State: closed - Opened by codeql-ci over 1 year ago
Labels: C#, JS, C++, documentation, Java, Python, Go, Ruby, Swift, DataFlow Library

#16712 - Java: Add `FileUtils` sinks to path injection

Pull Request - State: closed - Opened by mbaluda over 1 year ago - 1 comment
Labels: documentation, Java

#16708 - Java: new path injection sinks

Pull Request - State: closed - Opened by am0o0 over 1 year ago - 10 comments
Labels: Java

#16685 - Java: Add change note documenting ECJ improvements

Pull Request - State: closed - Opened by smowton over 1 year ago
Labels: documentation, Java

#16682 - Java integration tests: accept new output

Pull Request - State: closed - Opened by igfoo over 1 year ago
Labels: Java

#16676 - C/C#/Java/Swift: Cover all params in QLDoc of `modelCoverage`

Pull Request - State: closed - Opened by owen-mc over 1 year ago
Labels: C#, C++, Java, no-change-note-required, Swift

#16642 - Post-release preparation for codeql-cli-2.17.4

Pull Request - State: closed - Opened by codeql-ci over 1 year ago
Labels: C#, JS, C++, documentation, Java, Python, Go, Ruby, Swift, DataFlow Library

#16641 - Mark all integration tests as legacy

Pull Request - State: closed - Opened by redsun82 over 1 year ago
Labels: C#, JS, Java, Go, Ruby, Swift

#16640 - Release preparation for version 2.17.4

Pull Request - State: closed - Opened by codeql-ci over 1 year ago
Labels: C#, JS, C++, documentation, Java, Python, Go, Ruby, Swift, DataFlow Library

#16628 - Disable csrf for ServerHttpSecurity

Pull Request - State: closed - Opened by mbaluda over 1 year ago
Labels: documentation, Java

#16625 - Revert "Release preparation for version 2.17.4"

Pull Request - State: closed - Opened by cklin over 1 year ago
Labels: C#, JS, C++, documentation, Java, Python, Go, Ruby, Swift, DataFlow Library

#16607 - Post-release preparation for codeql-cli-2.17.4

Pull Request - State: closed - Opened by codeql-ci over 1 year ago
Labels: C#, JS, C++, documentation, Java, Python, Go, Ruby, Swift, DataFlow Library

#16605 - Release preparation for version 2.17.4

Pull Request - State: closed - Opened by codeql-ci over 1 year ago
Labels: C#, JS, C++, documentation, Java, Python, Go, Ruby, Swift, DataFlow Library

#16600 - Java: Add more File-related sinks to the path-injection query

Pull Request - State: closed - Opened by atorralba over 1 year ago - 3 comments
Labels: depends on internal PR, documentation, Java

#16578 - Java: Do not lift neutrals in Model generation.

Pull Request - State: closed - Opened by michaelnebel over 1 year ago
Labels: Java, no-change-note-required

#16573 - Java: Fix join-order in viableImplInCallContext.

Pull Request - State: closed - Opened by aschackmull over 1 year ago
Labels: Java, no-change-note-required

#16572 - Java: include link to `remote source` in TrustBoundaryViolation.ql

Pull Request - State: closed - Opened by aibaars over 1 year ago - 2 comments
Labels: documentation, Java

#16566 - Update CSV framework coverage reports

Pull Request - State: closed - Opened by github-actions[bot] over 1 year ago
Labels: Java

#16565 - Release preparation for version 2.17.4

Pull Request - State: closed - Opened by codeql-ci over 1 year ago
Labels: C#, JS, C++, documentation, Java, Python, Go, Ruby, Swift, DataFlow Library

#16564 - Update all pack versions to `1.0.0`

Pull Request - State: closed - Opened by dbartol over 1 year ago - 5 comments
Labels: C#, JS, C++, documentation, Java, Python, Go, Ruby, QL-for-QL, Swift, DataFlow Library

#16562 - Dataflow: Fix qltests following https://github.com/github/codeql/pull/16511

Pull Request - State: closed - Opened by aschackmull over 1 year ago
Labels: C++, Java, Python, no-change-note-required, Go

#16561 - Java: Improve dispatch through TypeFlow of effectively private calls.

Pull Request - State: closed - Opened by aschackmull over 1 year ago - 1 comment
Labels: documentation, Java

#16560 - Dataflow: dummy CI trigger [DON'T MERGE]

Pull Request - State: closed - Opened by aschackmull over 1 year ago
Labels: C#, C++, Java, Python, Go, Ruby, Swift

#16553 - Java: Reword recommendation section of XXE query

Pull Request - State: closed - Opened by atorralba over 1 year ago - 2 comments
Labels: documentation, Java, no-change-note-required, ready-for-doc-review

#16552 - Java: Remove source dispatch when there's an exact match from a manual model.

Pull Request - State: closed - Opened by aschackmull over 1 year ago - 12 comments
Labels: Java, no-change-note-required, DataFlow Library

#16551 - Java: Revise some jdk time-related models

Pull Request - State: closed - Opened by aschackmull over 1 year ago - 1 comment
Labels: Java, no-change-note-required

#16506 - Java: Add change note for Gradle JDK version detection

Pull Request - State: closed - Opened by smowton over 1 year ago
Labels: documentation, Java

#16500 - Java: Add support for flow through side-effects on static fields.

Pull Request - State: closed - Opened by aschackmull over 1 year ago - 4 comments
Labels: documentation, Java

#16497 - Java: Add tests for `comparison-with-wider-type`.

Pull Request - State: closed - Opened by max-schaefer over 1 year ago
Labels: Java, no-change-note-required

#16491 - Post-release preparation for codeql-cli-2.17.3

Pull Request - State: closed - Opened by codeql-ci over 1 year ago
Labels: C#, JS, C++, documentation, Java, Python, Go, Ruby, Swift, DataFlow Library

#16489 - Release preparation for version 2.17.3

Pull Request - State: closed - Opened by codeql-ci over 1 year ago
Labels: C#, JS, C++, documentation, Java, Python, Go, Ruby, Swift, DataFlow Library

#16488 - Java: Add comments to tests that spawn an HTTP/S server

Pull Request - State: closed - Opened by smowton over 1 year ago
Labels: Java

#16482 - Java: Add RSA/ECB/OEAP ciphers to the list of secure algorithms

Pull Request - State: closed - Opened by grakshith over 1 year ago - 3 comments
Labels: documentation, Java

#16478 - Java: Clean up some instances of getQualifiedName.

Pull Request - State: closed - Opened by aschackmull over 1 year ago
Labels: Java, no-change-note-required

#16477 - C#: Inline expectation for model generator test.

Pull Request - State: closed - Opened by michaelnebel over 1 year ago
Labels: C#, Java, no-change-note-required

#16468 - Java: add test cases for Maven and Gradle stalling in buildless mode

Pull Request - State: closed - Opened by smowton over 1 year ago
Labels: Java

#16444 - Shared data flow: Make summaryThroughStepValue include param outputs

Pull Request - State: closed - Opened by owen-mc almost 2 years ago - 1 comment
Labels: C#, C++, Java, Python, no-change-note-required, Go, Ruby, Swift, DataFlow Library

#16443 - Java: Re-generate the Jave JDK 17 models.

Pull Request - State: closed - Opened by michaelnebel almost 2 years ago - 1 comment
Labels: Java

#16443 - Java: Re-generate the Jave JDK 17 models.

Pull Request - State: closed - Opened by michaelnebel almost 2 years ago - 1 comment
Labels: Java

#16421 - Java: Use entities in reorder directives

Pull Request - State: closed - Opened by cklin almost 2 years ago
Labels: Java

#16408 - Post-release preparation for codeql-cli-2.17.2

Pull Request - State: closed - Opened by codeql-ci almost 2 years ago
Labels: C#, JS, C++, Java, Python, Go, Ruby, Swift, DataFlow Library

#16407 - Release preparation for version 2.17.2

Pull Request - State: closed - Opened by codeql-ci almost 2 years ago
Labels: C#, JS, C++, documentation, Java, Python, Go, Ruby, Swift, DataFlow Library

#16401 - Java/Kotlin: Remove support for some deprecated environment variables

Pull Request - State: closed - Opened by igfoo almost 2 years ago
Labels: documentation, Java, Kotlin

#16394 - Data flow: Synthesize parameter return nodes

Pull Request - State: closed - Opened by hvitved almost 2 years ago
Labels: C#, C++, depends on internal PR, documentation, Java, Go, Ruby, Swift, DataFlow Library

#16392 - External flow: standardize `empty.model.yml`

Pull Request - State: closed - Opened by owen-mc almost 2 years ago - 1 comment
Labels: C#, JS, Java, Python, no-change-note-required, Go, Ruby

#16374 - Java: Improve finding best type for models and lifting.

Issue - State: closed - Opened by michaelnebel almost 2 years ago
Labels: C#, Java, no-change-note-required

#16365 - Post-release preparation for codeql-cli-2.17.2

Pull Request - State: closed - Opened by codeql-ci almost 2 years ago
Labels: C#, JS, C++, documentation, Java, Python, Go, Ruby, Swift, DataFlow Library

#16363 - Release preparation for version 2.17.2

Pull Request - State: closed - Opened by codeql-ci almost 2 years ago
Labels: C#, JS, C++, documentation, Java, Python, Go, Ruby, Swift, DataFlow Library

#16362 - Java: Remove local query variants.

Pull Request - State: closed - Opened by michaelnebel almost 2 years ago - 3 comments
Labels: documentation, Java

#16344 - JS/Java/Kotlin extractors: support Zstd TRAP compression

Pull Request - State: closed - Opened by d10c almost 2 years ago - 1 comment
Labels: JS, Java, Kotlin

#16341 - Java: Remove support for deprecated ODASA_BUILD_ERROR_DIR env var

Pull Request - State: closed - Opened by igfoo almost 2 years ago
Labels: documentation, Java, Kotlin

#16336 - Java: Add Android Gradle Plugin 8 and Spring Boot 3 tests

Pull Request - State: closed - Opened by smowton almost 2 years ago - 1 comment
Labels: Java

#16335 - CodeQL detected code written in Java/Kotlin but could not process any of it

Issue - State: closed - Opened by ShanRen995 almost 2 years ago - 4 comments
Labels: question, Java

#16330 - All: delete outdated deprecations

Pull Request - State: closed - Opened by erik-krogh almost 2 years ago - 1 comment
Labels: C#, JS, C++, documentation, Java, Python, Go, Ruby

#16297 - Java: Identify more APIs as supported in the telemetry queries.

Pull Request - State: closed - Opened by michaelnebel almost 2 years ago - 9 comments
Labels: Java, no-change-note-required

#16290 - Java: Fix join-order.

Pull Request - State: closed - Opened by aschackmull almost 2 years ago
Labels: Java, no-change-note-required

#16228 - Post-release preparation for codeql-cli-2.17.1

Pull Request - State: closed - Opened by codeql-ci almost 2 years ago
Labels: C#, JS, C++, documentation, Java, Python, Go, Ruby, Swift, DataFlow Library

#16219 - Release preparation for version 2.17.1

Pull Request - State: closed - Opened by codeql-ci almost 2 years ago
Labels: C#, JS, C++, documentation, Java, Python, Go, Ruby, Swift, DataFlow Library

#16210 - Dataflow: Add support for pretty-printed alert provenance in tests

Pull Request - State: closed - Opened by aschackmull almost 2 years ago - 3 comments
Labels: C#, JS, Java, Python, no-change-note-required, Go, Ruby, DataFlow Library

#16202 - --build-mode=none runs the autobuild script for Java on CentOS 7

Issue - State: closed - Opened by abaveja313 almost 2 years ago - 5 comments
Labels: question, Java

#16193 - Redsun82/test

Pull Request - State: closed - Opened by redsun82 almost 2 years ago
Labels: documentation, Java, Kotlin

#16188 - Java: add test for a Maven project with an unreachable repository

Pull Request - State: closed - Opened by smowton almost 2 years ago
Labels: Java

#16177 - Kotlin: Add 2.0.0-RC1 support (and remove 2.0.0-Beta4)

Pull Request - State: closed - Opened by igfoo almost 2 years ago
Labels: depends on internal PR, Java, Kotlin

#16160 - Java: Delete models for JDK internal packages

Pull Request - State: closed - Opened by owen-mc almost 2 years ago - 1 comment
Labels: Java, no-change-note-required

#16128 - Java: add link to the source variable in the alert-message for `java/implicit-cast-in-compound-assignment`

Pull Request - State: closed - Opened by erik-krogh almost 2 years ago
Labels: Java

#16102 - Post-release preparation for codeql-cli-2.17.0

Pull Request - State: closed - Opened by codeql-ci almost 2 years ago
Labels: C#, JS, C++, Java, Python, no-change-note-required, Go, Ruby, Swift, DataFlow Library

#16098 - Revert "Release preparation for version 2.17.0"

Pull Request - State: closed - Opened by cklin almost 2 years ago
Labels: C#, JS, C++, documentation, Java, Python, Go, Ruby, Swift, DataFlow Library

#16086 - Post-release preparation for codeql-cli-2.17.0

Pull Request - State: closed - Opened by codeql-ci almost 2 years ago
Labels: C#, JS, C++, documentation, Java, Python, Go, Ruby, Swift, DataFlow Library

#16085 - Release preparation for version 2.17.0

Pull Request - State: closed - Opened by codeql-ci almost 2 years ago
Labels: C#, JS, C++, documentation, Java, Python, Go, Ruby, Swift, DataFlow Library

GitHub / github/codeql issues and pull requests