github/codeql issues and pull requests

#13888 - Revert "Swift: Pragmatic fix for CustomUrlSchemes.qll."

Pull Request - State: closed - Opened by sashabu about 1 year ago - 1 comment
Labels: no-change-note-required, Swift

#13887 - C++: Remove support for `_Float128x` which is not actually supported by gcc

Pull Request - State: closed - Opened by jketema about 1 year ago
Labels: C++, depends on internal PR, documentation

#13886 - Java: automodel application mode: use endpoint class like in framework mode

Pull Request - State: closed - Opened by kaeluka about 1 year ago - 3 comments
Labels: Java, no-change-note-required

#13885 - C#: LINQ recommendation queries.

Pull Request - State: closed - Opened by michaelnebel about 1 year ago - 3 comments
Labels: C#, no-change-note-required

#13882 - C#: Add query for Insecure Direct Object Reference

Pull Request - State: closed - Opened by joefarebrother about 1 year ago - 4 comments
Labels: C#, documentation, ready-for-doc-review

#13881 - Introduce shared taint tracking library

Pull Request - State: closed - Opened by jketema about 1 year ago - 7 comments
Labels: C#, C++, documentation, Java, Python, Go, Ruby, Swift

#13879 - Create separate automodel pack

Pull Request - State: closed - Opened by starcke about 1 year ago - 13 comments
Labels: C#, Java, no-change-note-required

#13878 - Ruby: Track flow from splat arguments to positional parameters

Pull Request - State: closed - Opened by hmac about 1 year ago - 1 comment
Labels: documentation, Ruby

#13876 - C#: Include ASP.NET assemblies in the standalone extraction.

Pull Request - State: closed - Opened by michaelnebel about 1 year ago - 3 comments
Labels: C#, no-change-note-required

#13875 - Database does not contain all the source files

Issue - State: closed - Opened by fossilet about 1 year ago - 3 comments
Labels: question

#13872 - Go: Add sanitizer to remove paths passing through http.Error

Pull Request - State: closed - Opened by Kwstubbs about 1 year ago - 2 comments
Labels: documentation, Go

#13869 - Swift: Route compiler diagnostics through our log.

Pull Request - State: closed - Opened by sashabu about 1 year ago
Labels: Swift

#13867 - Go: Basic Go 1.21 support

Pull Request - State: closed - Opened by mbg about 1 year ago - 10 comments
Labels: no-change-note-required, Go

#13866 - False positive: Cyclic import in Python

Issue - State: open - Opened by abadger about 1 year ago - 1 comment
Labels: Python, false-positive

#13864 - Java: Expose the MaD documentation in the TOC for CodeQL Java

Pull Request - State: closed - Opened by michaelnebel about 1 year ago - 1 comment
Labels: documentation

#13861 - Go: Fix missing flow through receiver for function variable (try 2)

Pull Request - State: open - Opened by owen-mc about 1 year ago - 1 comment
Labels: documentation, Go

#13852 - Add option to filter automodel queries

Pull Request - State: closed - Opened by starcke about 1 year ago - 1 comment
Labels: Java, no-change-note-required

#13851 - DataFlow: Support stateless `isSink` in `StateConfigSig`s

Pull Request - State: closed - Opened by MathiasVP about 1 year ago - 7 comments
Labels: C#, C++, documentation, Java, Python, Go, Ruby, Swift

#13849 - codeql won't work with chromium special file

Issue - State: open - Opened by 18Fl about 1 year ago - 11 comments
Labels: question

#13838 - Swift: add SetContent for data flow

Pull Request - State: closed - Opened by rdmarsh2 about 1 year ago - 4 comments
Labels: documentation, Swift

#13837 - Kotlin: Pass on a parentId and remove some redundant braces

Pull Request - State: closed - Opened by igfoo about 1 year ago
Labels: Kotlin

#13836 - Swift: 'ParsedSequence' lacks proper types and yields 'Unresolved' AST nodes

Pull Request - State: closed - Opened by AlexDenisov about 1 year ago - 3 comments
Labels: Swift

#13829 - Swift: Correct the behaviour of Type.getName

Pull Request - State: closed - Opened by geoffw0 about 1 year ago - 19 comments
Labels: documentation, Swift

#13827 - Swift: Model withUnsafeBytes and similar closure methods

Pull Request - State: closed - Opened by geoffw0 about 1 year ago - 9 comments
Labels: documentation, Swift

#13825 - Ruby: Add Unsafe HMAC Comparison Query.

Pull Request - State: closed - Opened by boveus about 1 year ago - 1 comment
Labels: Ruby

#13820 - Go: Make flow configurations use new data flow API

Pull Request - State: closed - Opened by owen-mc about 1 year ago - 3 comments
Labels: no-change-note-required, Go

#13819 - Python: Relax module resolution

Pull Request - State: closed - Opened by yoff about 1 year ago - 3 comments
Labels: documentation, Python

#13783 - C++: Constant type-bounds in the new range analysis

Pull Request - State: closed - Opened by MathiasVP about 1 year ago - 15 comments
Labels: C++, no-change-note-required

#13782 - Python: Add `shlex.quote` as `py/shell-command-constructed-from-input` sanitizer

Pull Request - State: closed - Opened by jorgectf about 1 year ago - 6 comments
Labels: documentation, Python

#13781 - Python: Add unsafe deserialization sinks (CWE-502)

Pull Request - State: closed - Opened by maikypedia about 1 year ago - 1 comment
Labels: documentation, Python, external-contribution

#13779 - Python: Understand multiple parse mode flags specified in a regular expression string

Pull Request - State: closed - Opened by geoffw0 about 1 year ago - 6 comments
Labels: documentation, Python

#13778 - Java: Understand multiple parse mode flags specified in a regular expression string

Pull Request - State: closed - Opened by geoffw0 about 1 year ago - 20 comments
Labels: documentation, Java

#13773 - Java: Add XXE sinks for MDHT

Pull Request - State: closed - Opened by atorralba about 1 year ago - 2 comments
Labels: documentation, Java

#13771 - JavaScript: Improve query help for `js/server-side-unvalidated-url-redirection`.

Pull Request - State: closed - Opened by max-schaefer about 1 year ago - 4 comments
Labels: JS, documentation, ready-for-doc-review

#13765 - Question about connecting taint flows

Issue - State: closed - Opened by scottconstable about 1 year ago - 4 comments
Labels: question

#13750 - Ruby: query to automatically extract type definitions from library code

Pull Request - State: closed - Opened by alexrford about 1 year ago - 1 comment
Labels: no-change-note-required, Ruby

#13749 - False positive for IncompleteHostnameRegExp in Ruby

Issue - State: open - Opened by izuzak about 1 year ago
Labels: false-positive, Ruby

#13748 - Failing test to demonstrate problem with detecting regex match calls in Ruby

Pull Request - State: closed - Opened by izuzak about 1 year ago - 1 comment
Labels: Ruby

#13744 - C#: Add integration test for standalone extraction

Pull Request - State: closed - Opened by tamasvajk about 1 year ago - 3 comments
Labels: C#, C++

#13741 - Swift: add DataFlow::Content for arrays

Pull Request - State: closed - Opened by rdmarsh2 about 1 year ago - 7 comments
Labels: documentation, Swift

#13738 - Python: Include all assignments in data flow paths

Pull Request - State: closed - Opened by RasmusWL about 1 year ago - 2 comments
Labels: documentation, Python

#13731 - Python: Aiohttp improvements

Pull Request - State: closed - Opened by pwntester about 1 year ago - 10 comments
Labels: documentation, Python

#13729 - Python/JavaScript: Shared module for serverless functions

Pull Request - State: closed - Opened by yoff about 1 year ago - 1 comment
Labels: JS, documentation, Python

#13727 - JS: Add 'vulnerableCallModel' extension point

Pull Request - State: open - Opened by asgerf about 1 year ago
Labels: JS, Python, Ruby

#13725 - C++: Fix barriers in invalid pointer deref

Pull Request - State: closed - Opened by MathiasVP about 1 year ago - 6 comments
Labels: C++, no-change-note-required

#13722 - WIP: C#: Generate source files from `cshtml` files in standalone

Pull Request - State: closed - Opened by tamasvajk about 1 year ago - 1 comment
Labels: C#

#13716 - C++: Updates for changes in frontend

Pull Request - State: closed - Opened by jketema about 1 year ago - 1 comment
Labels: C++, depends on internal PR, no-change-note-required

#13708 - Update CSV framework coverage reports

Pull Request - State: open - Opened by github-actions[bot] about 1 year ago

#13707 - FP in C# XSS Sink

Issue - State: open - Opened by Kwstubbs about 1 year ago
Labels: false-positive

#13706 - Swift: Query for escaping parameters of unsafe closures

Pull Request - State: open - Opened by rdmarsh2 about 1 year ago
Labels: Swift

#13705 - Java: Add support for Kotlin's `apply` to java/android/unsafe-android-wevbiew-fetch

Pull Request - State: open - Opened by atorralba about 1 year ago
Labels: documentation, Java

#13704 - C++: Add assignment operation IR test where the result is being used

Pull Request - State: closed - Opened by jketema about 1 year ago
Labels: C++

#13702 - Kotlin: Support apply

Pull Request - State: closed - Opened by atorralba about 1 year ago - 1 comment
Labels: documentation, Java, Kotlin

#13701 - C++: more constant array off-by-one tests

Pull Request - State: closed - Opened by rdmarsh2 about 1 year ago - 1 comment
Labels: C++

#13700 - JS: Recognize 'fs/promises' alias and handle spread arguments in path.join()

Pull Request - State: open - Opened by asgerf about 1 year ago
Labels: JS, documentation

#13699 - C++: Handle call-contexts mismatches in `cpp/invalid-pointer-deref`

Pull Request - State: open - Opened by MathiasVP about 1 year ago - 1 comment
Labels: C++

#13698 - Swift: Expand taint models for URL

Pull Request - State: open - Opened by geoffw0 about 1 year ago - 3 comments
Labels: documentation, Swift

#13697 - Are there any alternative commands available to resolve the following situation?

Issue - State: open - Opened by KingXS about 1 year ago - 1 comment

#13696 - Swift: remove FallthroughStmt assertion

Pull Request - State: closed - Opened by AlexDenisov about 1 year ago
Labels: Swift

#13695 - DataFlow: Remove unnecessary/redundant implementations of `isBarrier/2` and `isAdditionalFlowStep/4`

Pull Request - State: open - Opened by egregius313 about 1 year ago
Labels: C#, C++, Java, Python, no-change-note-required, Go, Ruby, Swift

#13694 - DataFlow: Add default implementations of isBarrier/2 and isAddiitonalFlowStep/4

Pull Request - State: open - Opened by egregius313 about 1 year ago
Labels: C#, C++, Java, Python, no-change-note-required, Go, Ruby, Swift, DataFlow Library

#13693 - Bump regex from 1.9.0 to 1.9.1 in /ql

Pull Request - State: closed - Opened by dependabot[bot] about 1 year ago
Labels: dependencies, QL-for-QL, rust

#13692 - Mention needed imports at top of "Analyzing data flow in Java"

Pull Request - State: open - Opened by Marcono1234 about 1 year ago - 1 comment
Labels: documentation

#13691 - [Question] How to eliminate cartesian product for negation

Issue - State: open - Opened by chmodxxx about 1 year ago
Labels: question

#13690 - Post-release preparation for codeql-cli-2.14.0

Pull Request - State: closed - Opened by codeql-ci about 1 year ago
Labels: C#, JS, C++, documentation, Java, Python, Go, Ruby, Swift

#13689 - C#: Add missing parameter to interface

Pull Request - State: closed - Opened by tamasvajk about 1 year ago
Labels: C#

#13688 - C#: Turn RuntimeVersion into a record type.

Pull Request - State: closed - Opened by michaelnebel about 1 year ago
Labels: C#, no-change-note-required

#13687 - C#: Use `nuget.config` file for `dotnet restore` fallback logic

Pull Request - State: closed - Opened by tamasvajk about 1 year ago
Labels: C#

#13686 - When publishing a codeql query pack with the --allow-prerelease option, if the version already exists, it should be overwritten

Issue - State: open - Opened by carlspring about 1 year ago - 1 comment
Labels: enhancement, backlog

#13685 - Python: Model parameter with default value as `DefinitionNode`

Pull Request - State: closed - Opened by RasmusWL about 1 year ago - 6 comments
Labels: documentation, Python

#13684 - Release preparation for version 2.14.0

Pull Request - State: closed - Opened by codeql-ci about 1 year ago
Labels: C#, JS, C++, documentation, Java, Python, Go, Ruby, Swift

#13683 - Ruby: exclude Object class from API graph

Pull Request - State: closed - Opened by asgerf about 1 year ago
Labels: documentation, Python, Ruby

#13682 - C++: Support pointer addition and subtraction in the IRGuards library

Pull Request - State: closed - Opened by jketema about 1 year ago - 2 comments
Labels: C++, documentation

#13681 - Mergeback `rc/3.10` -> `main`

Pull Request - State: closed - Opened by dbartol about 1 year ago
Labels: C#, JS, C++, documentation, Java, Python, Go, Ruby, Swift

#13680 - C++: Add more default predicates to product flow

Pull Request - State: closed - Opened by jketema about 1 year ago - 1 comment
Labels: C++, documentation

#13679 - DataFlow: Speed up the big step relation

Pull Request - State: open - Opened by MathiasVP about 1 year ago
Labels: C#, C++, Java, Python, no-change-note-required, Go, Ruby, Swift, DataFlow Library

#13678 - Swift: 5.9 preparation

Pull Request - State: closed - Opened by AlexDenisov about 1 year ago
Labels: Swift

#13677 - Release preparation for version 2.14.0

Pull Request - State: closed - Opened by codeql-ci about 1 year ago
Labels: C#, JS, C++, documentation, Java, Python, Go, Ruby, Swift

#13676 - Python: Relax restriction of flow through `async with`

Pull Request - State: closed - Opened by RasmusWL about 1 year ago - 1 comment
Labels: documentation, Python

#13675 - Swift: expose swift version definitions

Pull Request - State: closed - Opened by redsun82 about 1 year ago - 1 comment
Labels: Swift

#13674 - Bump regex from 1.8.4 to 1.9.0 in /ql

Pull Request - State: closed - Opened by dependabot[bot] about 1 year ago
Labels: dependencies, QL-for-QL, rust

#13673 - Go: make parameter nodes for unused parameters #3 (Base ParameterNode on IR::InitParameterInstruction instead of SsaNode)

Pull Request - State: open - Opened by owen-mc about 1 year ago
Labels: documentation, Go

GitHub / github/codeql issues and pull requests