Insights: github/codeql

49 Pull requests merged by 22 people

• Java: Add Android missing certificate pinning query (CWE-295)

  #10971 merged Dec 20, 2022

• QL: improve the dead-code query

  #11173 merged Dec 20, 2022

• Python: support grouped exceptions

  #11244 merged Dec 21, 2022

• Java: Query for detecting addJavascriptInterface method calls

  #11282 merged Dec 19, 2022

• QL: Mock the `QlBuiltins` module in QL-for-QL

  #11519 merged Dec 22, 2022

• Java: model top 100 JDK APIs

  #11572 merged Dec 20, 2022

• Rb: add Kernel methods as sinks to path-injection

  #11575 merged Dec 19, 2022

• Java: add MaD metrics query

  #11585 merged Dec 16, 2022

• C#: Support List and Slice patterns.

  #11594 merged Dec 16, 2022

• Swift: MethodRefExpr -> MethodLookupExpr

  #11595 merged Dec 22, 2022

• ATM: speedup the "ATM - Check query suite" CI job

  #11661 merged Dec 19, 2022

• Kotlin: Revert type erasure within $default functions

  #11665 merged Dec 19, 2022

• Data flow: Track callable in flow-through pruning

  #11674 merged Dec 16, 2022

• C++: Update tests after frontend changes

  #11680 merged Dec 16, 2022

• Merge `rc/3.8` back to `main`

  #11681 merged Dec 16, 2022

• C#: Re-factor and use `ForEach`.

  #11686 merged Dec 16, 2022

• C++: Define the `argv` flow source in terms the input parameter

  #11693 merged Dec 20, 2022

• C++: Iterator flow for IR-based use-use flow (second attempt)

  #11694 merged Dec 16, 2022

• Dynamic: Share more regexp code

  #11699 merged Dec 19, 2022

• C#/Java: Migrate tests to use implicitly loaded extensions.

  #11705 merged Dec 16, 2022

• Go: Use any() to stub getCallbackParameter/ReturnType and getSyntheticGlobalType

  #11706 merged Dec 16, 2022

• Java: handle printing an empty comment (/**/); add relevant tests

  #11707 merged Dec 20, 2022

• Ruby: Recognize custom `self.new` methods that return `self.allocate`

  #11718 merged Dec 16, 2022

• Shared AlertSuppression library

  #11719 merged Dec 19, 2022

• Ruby: Fix bug in call-sensitivity logic for `initialize` calls

  #11720 merged Dec 16, 2022

• C++: Use `unique` in `getBufferSize`

  #11722 merged Dec 16, 2022

• CodeQL alert suppression

  #11723 merged Dec 21, 2022

• C++: Use `asExpr` in `cpp/cleartext-transmission`

  #11724 merged Dec 19, 2022

• ATM: fix script updating endpoint large scale test data

  #11726 merged Dec 19, 2022

• C++: Fix `DataFlow <-> Expr` mappings for `CrementOperation` and `AssignOperation`

  #11727 merged Dec 16, 2022

• C++: Prepare `cpp/cleartext-storage-database` for use-use flow

  #11729 merged Dec 19, 2022

• remove com.semmle.util.data.Option from from extractor code interface II

  #11731 merged Dec 19, 2022

• C#: Add dummy type sizes for the list pattern expressions kinds.

  #11733 merged Dec 19, 2022

• Update query-classification-and-display.md

  #11736 merged Dec 19, 2022

• Update supported-queries.md

  #11737 merged Dec 19, 2022

• Remove references to lgtm.com in Go folder

  #11745 merged Dec 20, 2022

• Fix javascript syntax

  #11751 merged Dec 20, 2022

• QL: fix visibility of module parameters

  #11756 merged Dec 20, 2022

• QL/RB: make top TreeSitter.qll comment into a qldoc

  #11757 merged Dec 20, 2022

• C++: Generate IR for `__try __finally` and `__try __except`

  #11761 merged Dec 22, 2022

• QL: fix `getAnnotation()` for new-type branches with parameters

  #11762 merged Dec 20, 2022

• Update CSV framework coverage reports

  #11764 merged Dec 21, 2022

• Bump actions/stale from 6 to 7

  #11765 merged Dec 21, 2022

• Java: Fix new Android queries' IDs

  #11766 merged Dec 21, 2022

• Java: Small simplification in Missing Certificate Pinning tests

  #11767 merged Dec 21, 2022

• C++: Fix implicit reads on `cpp/cleartext-storage-database`

  #11768 merged Dec 22, 2022

• AlertSuppression: fix python test cases

  #11771 merged Dec 21, 2022

• Swift: add AlertSuppression.ql

  #11773 merged Dec 21, 2022

• CI: use the new actions/cache@v3 instead of my own fork

  #11777 merged Dec 22, 2022

21 Pull requests opened by 15 people

• C#/Java: Re-factor provenance related predicates.

  #11721 opened Dec 16, 2022

• Ruby: Reimplement flow through captured variables using field flow

  #11725 opened Dec 16, 2022

• C++: Parameterize the semantic range analysis

  #11728 opened Dec 16, 2022

• Java: improve naming and description of SqlUnescaped.ql

  #11730 opened Dec 16, 2022

• Go: Allow data flow through varargs parameters

  #11732 opened Dec 19, 2022

• Go: Models as Data using extensions.

  #11738 opened Dec 19, 2022

• Reduce alerts for `logrus` when using a sanitising formatter such as `JSONFormatter`

  #11739 opened Dec 19, 2022

• C#: Update stats based on projects.

  #11740 opened Dec 19, 2022

• Remove references to LGTM in code

  #11741 opened Dec 19, 2022

• Swift: Add more path injection sinks

  #11742 opened Dec 19, 2022

• C++: `PostUpdateNode`s for <s>pointer-to-const</s>const-pointer arguments

  #11743 opened Dec 19, 2022

• Tutorial: Move QL detective tutorial library into shared `codeql/tutorial` library pack

  #11747 opened Dec 20, 2022

• C#/Java: Move the modelgenerator.

  #11760 opened Dec 20, 2022

• Swift: extract AST/CFG/SSA for closure captures

  #11763 opened Dec 20, 2022

• JS: Sanitizer for `sanitizer(x) === true`

  #11769 opened Dec 21, 2022

• QL: Add OmittableExists query

  #11770 opened Dec 21, 2022

• Alert suppression: allow `// codeql[...]` suppression comments on the same line

  #11772 opened Dec 21, 2022

• All: Remove omittable exists variables

  #11775 opened Dec 21, 2022

• Shared: Inline test expectations

  #11778 opened Dec 21, 2022

• Java: model top JDK APIs

  #11779 opened Dec 21, 2022

• C++: Map more expressions to `OperandNode`s

  #11781 opened Dec 22, 2022

4 Issues closed by 4 people

• how to do taint tracking when assign to ConstructorFieldInit

  #11734 closed Dec 21, 2022

• Placeholders in alerts not evaluated when running in CLI

  #11758 closed Dec 20, 2022

• Unable to create a database from local Java sourcecode folder

  #11759 closed Dec 20, 2022

• False positive - About JS isSanitizerGuard of TaintTracking::Configuration

  #11488 closed Dec 19, 2022

4 Issues opened by 4 people

• python taint tracking doesn't work with namespace packages properly

  #11780 opened Dec 21, 2022

• I have setup a project to test the capability of CodeQL，to test taint tracking ablitity

  #11752 opened Dec 20, 2022

• [UX] How to run the ql tutorials in VS Code

  #11746 opened Dec 19, 2022

• Explanation of ”Comparison result is always the same“ in PR is technically correct, but unclear

  #11744 opened Dec 19, 2022

26 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• Java: Apply deadcode guard to data flow nodes.

  #11712 commented on Dec 21, 2022 • 11 new comments

• C++: Use `FlowSource` in `DefaultTaintTracking` instead of `isUserInput`

  #11714 commented on Dec 22, 2022 • 9 new comments

• [Java] Document fixes for deserialization vulnerabilities by framework

  #11700 commented on Dec 20, 2022 • 8 new comments

• False positive: About Javascript TaintBarriers

  #11667 commented on Dec 21, 2022 • 6 new comments

• Go: Add and Modify Sanitizers For TaintedPath

  #11703 commented on Dec 19, 2022 • 6 new comments

• Swift: Add predicate injection query

  #11670 commented on Dec 20, 2022 • 5 new comments

• Go: Count fields correctly

  #11701 commented on Dec 21, 2022 • 5 new comments

• JS: Add experimental variants of common security queries with more sources

  #11582 commented on Dec 20, 2022 • 4 new comments

• Introduce the security-experimental CodeQL suite and experimental tag

  #11702 commented on Dec 19, 2022 • 3 new comments

• Java: Some expressions have `<any>` as type

  #11442 commented on Dec 16, 2022 • 2 new comments

• Rb: Add an `unsafe-code-construction` query

  #10862 commented on Dec 20, 2022 • 2 new comments

• Java: exclude parameterless static methods from `DataFlowTargetApi` and from `ExternalApi`

  #11717 commented on Dec 16, 2022 • 2 new comments

• [Java] "Deserialization of user-controlled data" is overly broad to be useful to end users

  #11603 commented on Dec 16, 2022 • 1 new comment

• Java: `Type.getErasure()` erroneously has `Object` as result on some databases

  #11264 commented on Dec 16, 2022 • 1 new comment

• CPP: Add query for CWE-369: Divide By Zero.

  #10431 commented on Dec 17, 2022 • 1 new comment

• Java: Android WebView Content Access Query

  #11283 commented on Dec 22, 2022 • 1 new comment

• Python: New type-tracking based call-graph

  #11376 commented on Dec 19, 2022 • 1 new comment

• Missing IR generation for field initialization via NSDMI

  #8256 commented on Dec 19, 2022 • 0 new comments

• DO NOT MERGE: Replace AST with IR use-use dataflow

  #10817 commented on Dec 22, 2022 • 0 new comments

• Ruby: Document flow summary syntax

  #10899 commented on Dec 22, 2022 • 0 new comments

• Swift: Uncontrolled format string query

  #11529 commented on Dec 16, 2022 • 0 new comments

• Python: Unsafe unpacking using `shutil.unpack_archive()` query and tests

  #11570 commented on Dec 19, 2022 • 0 new comments

• Swift: generalize open redirection on both platforms and rework output rewriting

  #11571 commented on Dec 20, 2022 • 0 new comments

• Python: cryptography module upgrades

  #11678 commented on Dec 21, 2022 • 0 new comments

• ATM: add boosted version for `ShellCommandInjectionFromEnvironment` query

  #11709 commented on Dec 19, 2022 • 0 new comments

• C#/Java: Delete deprecated ModelCsv classes and related predicates.

  #11711 commented on Dec 20, 2022 • 0 new comments