Skip to content

/ codeql

New pull request New
99 Open 3,166 Closed
99 Open 3,166 Closed
Author
Filter by author
Label
Filter by label
Use alt + click/return to exclude labels.
Projects
Filter by project
Milestones
Filter by milestone
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀
JS: extend support for yargs for js/indirect-command-line-injection
JS
#3643 opened Jun 8, 2020 by erik-krogh Draft
2
JS: Add PreCallGraphStep and use some array steps in type tracking
Awaiting evaluation JS
#3641 opened Jun 8, 2020 by asgerf Draft 0 of 2
1
Python: Handle Python 3.8 `Enum._convert`
Python
#3640 opened Jun 8, 2020 by RasmusWL Review required
JS: Track functions through props and returns
Awaiting evaluation JS
#3639 opened Jun 8, 2020 by asgerf Draft 0 of 2
JS: Adds basic support for `webpack-dev-server` and importing from neighbouring packages.
Awaiting evaluation JS
#3630 opened Jun 5, 2020 by erik-krogh Draft 0 of 3
2
Python: Fix points-to for unrelated modules with the same name.
Awaiting evaluation Python WIP
#3628 opened Jun 5, 2020 by tausbn Changes requested
5
JS: Ignore returned exprs in defensive programming query
Awaiting evaluation JS
#3627 opened Jun 5, 2020 by asgerf Review required
2 1
JS: Fix inconsistencies in js/path-injection
JS
#3619 opened Jun 4, 2020 by erik-krogh Review required 3 of 3
1
JS: Don't treat a property of a tainted object as tainted when there exists a dominating write
Awaiting evaluation JS
#3613 opened Jun 3, 2020 by erik-krogh Draft 0 of 2
9
C++: Share `TInstruction` across IR stages
C# C++
#3612 opened Jun 3, 2020 by dbartol Draft
C#: Add call-sensitivity to data-flow call resolution
C#
#3610 opened Jun 3, 2020 by hvitved Review required
@calumgrant
1
Java: Backport missing CFG edge fix for switch expressions
Java
#3608 opened Jun 3, 2020 by aschackmull Review required 1.24
JS: Introduce SharedTaintStep
JS
#3603 opened Jun 2, 2020 by asgerf Draft
2
Add Log4J 2 and a new search string secret
Java
#3600 opened Jun 2, 2020 by luchua-bc Review required
JS: Recognize calls to .item and .namedItem
JS
#3599 opened Jun 1, 2020 by asgerf Approved
Add more code-scanning suites
#3596 opened Jun 1, 2020 by robertbrignull Review required
6
Java: Add check for J2EE server directory listing
Java
#3595 opened May 30, 2020 by luchua-bc Review required
C++: IR return indirections for `this`
C++
#3587 opened May 28, 2020 by rdmarsh2 Review required
6
[Java] CWE-295 - Incorrect Hostname Verification
Java
#3581 opened May 27, 2020 by intrigus-lgtm Review required
6
Python: insecure-protocol outdated
Python false-positive
#3580 opened May 27, 2020 by yoff Draft
4
Python: Add QLDoc for FunctionValue.getQualifiedName
Python
#3575 opened May 27, 2020 by RasmusWL Review required
Java: CWE-273 Unsafe certificate trust
Java
#3550 opened May 24, 2020 by luchua-bc Review required
7
Python: How to make TaintKinds for dict subclasses
Python
#3545 opened May 22, 2020 by RasmusWL Draft
1
Java: add websocket reads as remote flow source.
Java
#3543 opened May 21, 2020 by porcupineyhairs Review required
Java : add MongoDB injection sinks
Java
#3542 opened May 21, 2020 by porcupineyhairs Review required
ProTip! no:milestone will show everything without a milestone.
You can’t perform that action at this time.