39 Pull requests merged by 22 people

• Bump golang.org/x/mod from 0.20.0 to 0.21.0 in /go/extractor in the extractor-dependencies group

  #17386 merged Sep 6, 2024

• CI: Upgrade bazel rules.

  #17389 merged Sep 6, 2024

• Go: Support 1.23 (Transparent aliases)

  #17358 merged Sep 6, 2024

• Java/C#: Field based model generator (Experimental).

  #17330 merged Sep 6, 2024

• C++: Update expected test results after extractor changes

  #17371 merged Sep 6, 2024

• Go: add tests regarding type aliasing

  #17369 merged Sep 5, 2024

• C++: Add testcase with IR inconsistencies

  #17391 merged Sep 5, 2024

• C++: Decompression Bombs

  #13560 merged Sep 5, 2024

• Go: Fix QLDoc for ResultVariableDecl

  #17381 merged Sep 5, 2024

• Bazel: stub internal repo parts needed for building rust binaries

  #17387 merged Sep 5, 2024

• C++: Make swap member functions data-flow functions

  #17351 merged Sep 5, 2024

• C++: Fix coroutine IR inconsistencies

  #17342 merged Sep 5, 2024

• Swift: upgrade prebuilt toolchain to 5.10.1

  #17352 merged Sep 5, 2024

• WIP: Python: CORS Bypass

  #16814 merged Sep 5, 2024

• C#: Delete jobs that moved to the internal repo.

  #17377 merged Sep 4, 2024

• Backport "Bazel/Go: Bump rules_go to 0.50.0" to rc/3.15

  #17380 merged Sep 4, 2024

• Add a pull request template

  #17281 merged Sep 4, 2024

• Add changelogs up to 2.18.3

  #17375 merged Sep 4, 2024

• Go: Add getParent and getIndex for TypeParamType

  #17378 merged Sep 4, 2024

• All: delete outdated deprecations

  #17349 merged Sep 4, 2024

• Bump tree-sitter to 0.23.0

  #17350 merged Sep 4, 2024

• C#: Add change note for build-mode:none GA

  #17373 merged Sep 4, 2024

• Java: Rename integration test directories.

  #17334 merged Sep 4, 2024

• Update CSV framework coverage reports

  #17266 merged Sep 4, 2024

• Dataflow: Fix minor typo.

  #17362 merged Sep 4, 2024

• Go: Remove threat models change note from 1.15.md

  #17366 merged Sep 4, 2024

• Go: Remove change note from 1.15.md

  #17367 merged Sep 4, 2024

• C++: Make realloc a data-flow function

  #17354 merged Sep 4, 2024

• C#: Support SyntheticField in MaD.

  #17346 merged Sep 4, 2024

• Include hidden files when uploading Ruby pack

  #17368 merged Sep 3, 2024

• C++: Support C11 _Generic expressions

  #17138 merged Sep 3, 2024

• Bazel/Go: Bump rules_go to 0.50.0

  #17359 merged Sep 3, 2024

• Data flow: Reduce non-linear recursion in fwdFlow0

  #17308 merged Sep 3, 2024

• C++: Update expected test results after #17347

  #17348 merged Sep 2, 2024

• C++: Tweak the bounded barrier

  #17328 merged Sep 2, 2024

• C++: Add test for cpp/uninitialized-local and va_copy

  #17347 merged Sep 2, 2024

• Swift: Work around some QHelp rendering issues.

  #17244 merged Sep 2, 2024

• C#: Rename integration test directories.

  #17333 merged Sep 2, 2024

• Merge rc/3.15 back into main

  #17336 merged Sep 2, 2024

16 Pull requests opened by 12 people

• WIP: C#: Add integration test with Blazor app

  #17355 opened Sep 3, 2024

• Go: extract and expose struct tags, interface method IDs

  #17357 opened Sep 3, 2024

• Go: Expose whether functions are variadic in their pp() output

  #17360 opened Sep 3, 2024

• Update the Docs landing page for the CodeQL docs site

  #17361 opened Sep 3, 2024

• C#/Java: Content based model generation improvements.

  #17363 opened Sep 3, 2024

• Python: Bottle Framework Header Support

  #17370 opened Sep 3, 2024

• Bump actions/download-artifact from 3 to 4.1.7 in /.github/workflows in the github_actions group across 1 directory

  #17372 opened Sep 3, 2024

• Ruby: Update Tree-sitter grammar

  #17379 opened Sep 4, 2024

• Update "About CodeQL" to cover the information needs of security researchers better

  #17383 opened Sep 4, 2024

• Brodes/overflow buffer fixes upstream

  #17384 opened Sep 4, 2024

• Add Expr, Stmt, Pat to schema.py

  #17390 opened Sep 5, 2024

• Go: Add change note and update docs for Go 1.23

  #17395 opened Sep 6, 2024

• Rust: generate test code from schema docstrings

  #17396 opened Sep 6, 2024

• Added undefined throwing function.

  #17397 opened Sep 6, 2024

• C++: Re-introduce the original version of the `many_defs_per_use` IR test

  #17399 opened Sep 6, 2024

• Go: add tests for dataflow relating to type aliasing

  #17400 opened Sep 6, 2024

5 Issues closed by 3 people

• C++: support the search order of header files used by clang/gcc

  #16648 closed Sep 6, 2024

• A

  #17392 closed Sep 5, 2024

• How to use ql to calculate N factorial by recursion function

  #17374 closed Sep 5, 2024

• False positive

  #17365 closed Sep 4, 2024

• General issue

  #17344 closed Sep 1, 2024

6 Issues opened by 6 people

• Strange behavior on analyzing react framework

  #17398 opened Sep 6, 2024

• database finalize exit with 32

  #17394 opened Sep 6, 2024

• isSanitizerGuard works incorrectly when the function name startwith "isValid"

  #17393 opened Sep 6, 2024

• Error was: Unknown kind "Table". [UNSUPPORTED_KIND]

  #17388 opened Sep 5, 2024

• Speeding up query

  #17385 opened Sep 4, 2024

• False positive: SSRF warning on user-based input in FastAPI endpoint

  #17353 opened Sep 3, 2024

17 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• CPP: Disabled SSL certificate verification

  #16811 commented on Sep 2, 2024 • 9 new comments

• JS: Improve handling of spread arguments and rest parameters [shared data flow branch]

  #17213 commented on Sep 6, 2024 • 6 new comments

• Go: Implement `stdin` models

  #17335 commented on Sep 4, 2024 • 2 new comments

• Go: Support Go 1.23 (Explicit aliases)

  #17058 commented on Sep 4, 2024 • 2 new comments

• Go 1.23 fixups

  #17341 commented on Sep 3, 2024 • 1 new comment

• C++: Improve AliasedSSA performance

  #17225 commented on Sep 3, 2024 • 1 new comment

• Python: Pycurl SSL Disabled

  #16812 commented on Sep 2, 2024 • 0 new comments

• Bump lazy_static from 1.4.0 to 1.5.0 in /ql

  #16815 commented on Sep 4, 2024 • 0 new comments

• Data flow: Store/load matching in pruning stage 3

  #16741 commented on Sep 5, 2024 • 0 new comments

• Bump regex from 1.10.4 to 1.10.6 in /ql

  #17144 commented on Sep 4, 2024 • 0 new comments

• How to check CWE-404 when throw exception

  #17319 commented on Sep 3, 2024 • 0 new comments

• Chromium: `We have exhausted all available IDs in the disk pool`

  #17332 commented on Sep 2, 2024 • 0 new comments

• Go: Models as Data Documentation

  #17258 commented on Sep 3, 2024 • 0 new comments

• Data flow: Cache `TNodeEx`

  #17300 commented on Sep 5, 2024 • 0 new comments

• Python: Exclude certificate classification fo sensitive data queries

  #17314 commented on Sep 5, 2024 • 0 new comments

• Why doesn't CodeQL support auditing PHP

  #12376 commented on Aug 31, 2024 • 0 new comments

• CodeQL for php

  #14000 commented on Aug 31, 2024 • 0 new comments