42 Pull requests merged by 16 people

• python: capture flow through comprehensions

  #17577 merged Oct 4, 2024

• Rust: &(mut) x is neither a read nor a write

  #17655 merged Oct 4, 2024

• Python: All dict constructor args are relevant

  #17566 merged Oct 4, 2024

• KE2: Move expr/stmt extraction to separate file

  #17662 merged Oct 4, 2024

• Adapt to sourceLocationPrefix change in qltest

  #17536 merged Oct 4, 2024

• C#/Java: Only use heuristic if no content based model exist (in mixed mode).

  #17654 merged Oct 4, 2024

• Post-release preparation for codeql-cli-2.19.1

  #17651 merged Oct 3, 2024

• Go: augment test-extraction tests

  #17637 merged Oct 3, 2024

• Rust: Diagnose unused variable false positives

  #17656 merged Oct 3, 2024

• Update Comment - Clarify threat model flow sources comment in LogForgingQuery.qll

  #17639 merged Oct 3, 2024

• Python: model urllib.parse.parse_qs

  #17565 merged Oct 3, 2024

• KE2: Refactor the top level a bit

  #17645 merged Oct 3, 2024

• JS: Fix bug causing re-evaluation of cached barriers

  #17643 merged Oct 3, 2024

• Python: Several standard library models

  #17454 merged Oct 3, 2024

• Rust: Add {BreakExpr,ContinueExpr}.getTarget()

  #17644 merged Oct 3, 2024

• Release preparation for version 2.19.1

  #17649 merged Oct 2, 2024

• Revert "Release preparation for version 2.19.1"

  #17636 merged Oct 2, 2024

• Rust: Improve lines-of-code counts.

  #17588 merged Oct 2, 2024

• Java/Kotlin: Add some dbscheme comments

  #17622 merged Oct 2, 2024

• Rust: Implement UnusedVariable.ql

  #17642 merged Oct 2, 2024

• Rust: More CFG modelling

  #17633 merged Oct 2, 2024

• C++: Remove FPs from cpp/uninitialized-local when encountered extraction errors

  #17481 merged Oct 2, 2024

• Rust: AST support for variables

  #17606 merged Oct 1, 2024

• Java: Add a test for parameter names

  #17634 merged Oct 1, 2024

• Go: add extractor option for vendor-directory extraction

  #17628 merged Oct 1, 2024

• Java/C#: Add overrides to the interpretation of neutral MaD models.

  #17604 merged Oct 1, 2024

• Go: deduplicate integration tests

  #17630 merged Oct 1, 2024

• C++: Add more macro expansion tests

  #17608 merged Oct 1, 2024

• Brodes/wcharcharconversion false positives upstream5

  #17611 merged Oct 1, 2024

• Post-release preparation for codeql-cli-2.19.1

  #17631 merged Sep 30, 2024

• Release preparation for version 2.19.1

  #17629 merged Sep 30, 2024

• Rust: extract comments

  #17624 merged Sep 30, 2024

• Java: Minor model tweak and comment fix.

  #17625 merged Sep 30, 2024

• Rust: Accept CFG inconsistencies

  #17627 merged Sep 30, 2024

• Rust: Add more CFG tests

  #17626 merged Sep 30, 2024

• Rust: Add labelled block example

  #17623 merged Sep 30, 2024

• C#: reduce extraction message severity for missing text files

  #17619 merged Sep 30, 2024

• C#/Java: Content based model generation improvements.

  #17521 merged Sep 30, 2024

• Rust: Add extraction error consistency query

  #17617 merged Sep 30, 2024

• Java: Add more type-based sanitizers.

  #17579 merged Sep 30, 2024

• Rust: Prune CFG for obviously impossible true/false edges

  #17602 merged Sep 30, 2024

• Java: Add a couple of neutrals

  #17605 merged Sep 30, 2024

19 Pull requests opened by 14 people

• Bump regex from 1.10.6 to 1.11.0 in /ql

  #17616 opened Sep 30, 2024

• Go: Make the models-as-data subtypes column do something more sensible for promoted methods

  #17618 opened Sep 30, 2024

• C#: Interpolated string expressions.

  #17620 opened Sep 30, 2024

• C#: Make Nullable type a ConstructedType and VoidType a ValueType.

  #17621 opened Sep 30, 2024

• Python/DSVW repro

  #17635 opened Oct 1, 2024

• Rust: More information about extractor errors and warnings

  #17647 opened Oct 2, 2024

• Dataflow: apply diff-informed filtering consistently

  #17648 opened Oct 2, 2024

• Python: Allow type tracking through comprehensions

  #17653 opened Oct 3, 2024

• Rust: Implement `ConditionalCompletionSplitting`

  #17657 opened Oct 3, 2024

• Shared `ConditionalCompletionSplitting` implementation

  #17658 opened Oct 3, 2024

• Rust: add macro expansion to the extractor

  #17659 opened Oct 3, 2024

• Remove unnecessary query

  #17660 opened Oct 3, 2024

• SSA: Add BarrierGuardWithState

  #17661 opened Oct 4, 2024

• Dataflow: Add support for speculative taint flow.

  #17663 opened Oct 4, 2024

• KE2: Extract some expr/stmt kinds

  #17664 opened Oct 4, 2024

• C++: Add some documentation on the printed IR

  #17665 opened Oct 4, 2024

• C#: .NET 8 models

  #17666 opened Oct 4, 2024

• KE2: Be concurrency-safe (hopefully!) and enable concurrency

  #17667 opened Oct 4, 2024

• Java: Typo in a comment

  #17668 opened Oct 4, 2024

4 Issues closed by 4 people

• So So so

  #17650 closed Oct 2, 2024

• Independenbot

  #17640 closed Oct 2, 2024

• [cpp] extractor crashed when creating database

  #16449 closed Sep 30, 2024

• Java: control-flow dependency query

  #17572 closed Sep 29, 2024

3 Issues opened by 3 people

• Support for Svelte

  #17638 opened Oct 1, 2024

• Java Tracking From Exception Construction to Catch Clause

  #17632 opened Sep 30, 2024

• The number of paths different from codeql-cli and vscode

  #17615 opened Sep 29, 2024

14 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• Go: extract and expose struct tags, interface method IDs

  #17357 commented on Oct 4, 2024 • 9 new comments

• BigInt Documentation

  #17556 commented on Oct 4, 2024 • 5 new comments

• Java: sanitize values which are checked against an allowlist (currently only java.util.List.contains)

  #17051 commented on Oct 3, 2024 • 2 new comments

• Java: Add model for CharArrayWriter.toString().

  #17597 commented on Sep 30, 2024 • 1 new comment

• isSanitizerGuard works incorrectly when the function name startwith "isValid"

  #17393 commented on Oct 1, 2024 • 0 new comments

• C#: Relax dotnet rule.

  #16792 commented on Sep 30, 2024 • 0 new comments

• C#: Add query for insecure certificate validation

  #16824 commented on Oct 1, 2024 • 0 new comments

• C++: Improve AliasedSSA performance

  #17225 commented on Oct 4, 2024 • 0 new comments

• Go: Implement `stdin` models

  #17335 commented on Oct 1, 2024 • 0 new comments

• JS: Follow use-use flow after a post-update

  #17535 commented on Oct 3, 2024 • 0 new comments

• Java: Update Java JDK 17 models.

  #17547 commented on Oct 4, 2024 • 0 new comments

• Shared: Post-processing query for inline test expectations

  #17548 commented on Oct 4, 2024 • 0 new comments

• C++: Merge the location tables

  #17581 commented on Oct 1, 2024 • 0 new comments

• C#: Insecure Certificate Validation.

  #17603 commented on Oct 1, 2024 • 0 new comments