32 Pull requests merged by 16 people

• KE2: Extract safe qualified expressions

  #17881 merged Nov 8, 2024

• Kotlin: Support NotNullExpr in TypeFlow.

  #17932 merged Nov 8, 2024

• Bump golang.org/x/mod from 0.21.0 to 0.22.0 in /go/extractor in the extractor-dependencies group

  #17934 merged Nov 8, 2024

• Rust: allow to specify the target directory

  #17931 merged Nov 8, 2024

• Rust: extract some resolved paths

  #17882 merged Nov 8, 2024

• Rust: Fix rust/unused-variable FPs

  #17913 merged Nov 8, 2024

• fix: add "actions" tag to ActionsArtifactLeak

  #17912 merged Nov 8, 2024

• Rust: Implement enclosing callable

  #17921 merged Nov 8, 2024

• C++: Fix FPs in cpp/wrong-number-format-arguments

  #17906 merged Nov 7, 2024

• KE2: add source jars to intellij project

  #17885 merged Nov 7, 2024

• Data flow: Order provenance output by textual representation

  #17887 merged Nov 7, 2024

• C#: Models for higher order methods.

  #17742 merged Nov 7, 2024

• Rust: exclude uncompiled files from semantics and surface semantic-less reason

  #17920 merged Nov 7, 2024

• VSCode setting: turn off editor.suggest.matchOnWordStartOnly

  #17925 merged Nov 6, 2024

• Rust: Expose counts of data flow inconsistencies

  #17908 merged Nov 6, 2024

• Rust: Fix unique type data flow inconsistency

  #17917 merged Nov 6, 2024

• Shared: Add a Universal Flow library and refactor TypeFlow to use it.

  #17863 merged Nov 6, 2024

• Rust: Include literals in the CFG for literal patterns

  #17915 merged Nov 6, 2024

• Rust: Data flow additions

  #17888 merged Nov 5, 2024

• Rust: Remove the workaround in rust/unused-variable.

  #17757 merged Nov 5, 2024

• Swift: Update models for better Swift 6 compatibility.

  #17891 merged Nov 5, 2024

• Post-release preparation for codeql-cli-2.19.3

  #17904 merged Nov 4, 2024

• Release preparation for version 2.19.3

  #17903 merged Nov 4, 2024

• CodeQL 2.19.2 changedocs

  #17832 merged Nov 4, 2024

• Handle matrix jobs in accept changes script

  #17899 merged Nov 4, 2024

• JS: Add support for threat models

  #17256 merged Nov 4, 2024

• Rust: CFG classes are in expression module iff they correspond to exp…

  #17898 merged Nov 4, 2024

• Rust: Add data flow consistency queries

  #17895 merged Nov 4, 2024

• Rust: fix semantic merge conflict about semantics

  #17897 merged Nov 4, 2024

• Rust: try to speed things up a bit

  #17849 merged Nov 4, 2024

• Rust: Exclude results inside macro expansions from unused entity queries

  #17865 merged Nov 3, 2024

• Python: Refactor references to NormalCall.

  #17789 merged Nov 1, 2024

19 Pull requests opened by 15 people

• Kotlin extractor: use special <nulltype> for null literals

  #17890 opened Nov 1, 2024

• C++: Initial telemetry queries

  #17892 opened Nov 1, 2024

• Go: Fix buggy `FindAllFilesWithName` implementation

  #17900 opened Nov 4, 2024

• Java: Add a default taint sanitizer for contains-checks on lists of constants

  #17901 opened Nov 4, 2024

• Go: `database` local source models

  #17905 opened Nov 4, 2024

• Brodes/guard flow parsing

  #17907 opened Nov 4, 2024

• Support for matchAll js

  #17910 opened Nov 5, 2024

• C#: Deprecate experimental queries.

  #17911 opened Nov 5, 2024

• Rust: Auto-generate `CfgNodes.qll`

  #17918 opened Nov 6, 2024

• C++: Remove FPs from cpp/too-few-arguments

  #17919 opened Nov 6, 2024

• Python: Promote Template Injection query from experimental

  #17922 opened Nov 6, 2024

• Rust: More tests for rust/deadcode

  #17923 opened Nov 6, 2024

• Brodes/guard flow parsing k

  #17933 opened Nov 7, 2024

• Changedocs for 2.19.3

  #17935 opened Nov 8, 2024

• Napalys/js array prototype functions

  #17936 opened Nov 8, 2024

• Rust: allow to specify more cargo configuration options

  #17937 opened Nov 8, 2024

• C++: #16009 (second attempt)

  #17938 opened Nov 8, 2024

• KE2: Extract `compareTo` calls for binary comparisons

  #17939 opened Nov 8, 2024

• Rust: Add unresolved macro calls diagnostic

  #17940 opened Nov 8, 2024

15 Issues closed by 7 people

• CPP SimpleRangeAnalysis::getTruncatedUpperBounds NegativeArraySizeException

  #16437 closed Nov 8, 2024

• database finalize exit with 32

  #17394 closed Nov 8, 2024

• Add Dart language

  #17447 closed Nov 8, 2024

• CodeQL Syntax Errors for javascript-typescript

  #17902 closed Nov 7, 2024

• No query results when scanning a database that has been bundled and later unbundled

  #17914 closed Nov 7, 2024

• IncorrectIntegerConversionQuery precision is overly ambitious and its help should warn about false positives

  #17570 closed Nov 7, 2024

• Python question: How to implement an `isAdditionalFlowStep` for this?

  #17909 closed Nov 7, 2024

• C# Dataflow limited heavily by lack of support for ServiceProvider and Dependency Injection tracking

  #14998 closed Nov 7, 2024

• C sharp build is failing after enabling AdvancedSecurity-Codeql-Init@1

  #15679 closed Nov 7, 2024

• Missing option to enable CodeQL at personal org level

  #16350 closed Nov 7, 2024

• CodeQL version 2.18.2 doubles the amount of time spent compiling CodeQL databases

  #17489 closed Nov 7, 2024

• False positive

  #17926 closed Nov 7, 2024

• Java Tracking From Exception Construction to Catch Clause

  #17632 closed Nov 6, 2024

• Why does the data flow in CodeQL for my query only go through the get method of third-party classes and not the getString method?

  #17894 closed Nov 4, 2024

• CodeQL Csharp query help

  #17722 closed Nov 2, 2024

7 Issues opened by 5 people

• UX: interrupt codeql database analyze should write the already computed results to the output file

  #17930 opened Nov 7, 2024

• UX: ability to influence the order of queries execution order in a query suite/pack

  #17929 opened Nov 7, 2024

• UX: codeql database analyze should display timestamps

  #17928 opened Nov 7, 2024

• Add support for PowerShell as a supported language in CodeQL

  #17927 opened Nov 7, 2024

• General issue

  #17924 opened Nov 6, 2024

• When I use 'codeql database create ./ --language="go"' to create a database, the yaml files in the project will not be included in the database

  #17916 opened Nov 6, 2024

• Autobuild Go detects go.work files in vendored directories

  #17893 opened Nov 1, 2024

12 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• Go: Add Tainted Path sanitizers

  #17759 commented on Nov 7, 2024 • 5 new comments

• Swift: make extractor compilable with Swift 6

  #17699 commented on Nov 6, 2024 • 4 new comments

• C#: Add generated higher order models for .NET8 Runtime.

  #17845 commented on Nov 8, 2024 • 4 new comments

• KE2: implement basic usage of properties, variables and flexible types

  #17884 commented on Nov 7, 2024 • 3 new comments

• C++: Total number of baseline files limit

  #17743 commented on Nov 6, 2024 • 0 new comments

• Python: tests with false positives around `match`

  #16764 commented on Nov 7, 2024 • 0 new comments

• Java: Adopt shared SSA library

  #16900 commented on Nov 5, 2024 • 0 new comments

• Java: sanitize values which are checked against an allowlist using java.util.List.contains or java.util.Set.contains

  #17051 commented on Nov 4, 2024 • 0 new comments

• Python: Remove imprecise container steps

  #17493 commented on Nov 1, 2024 • 0 new comments

• Go: Make the models-as-data subtypes column do something more sensible for promoted methods

  #17618 commented on Nov 7, 2024 • 0 new comments

• KE2: extract binary operators

  #17761 commented on Nov 8, 2024 • 0 new comments

• Java: Improve weak crypto query

  #17869 commented on Nov 3, 2024 • 0 new comments