Pulse · github/codeql · GitHub

August 17, 2025 – August 24, 2025

Overview

41 Active pull requests

9 Active issues

31 Pull requests merged by 20 people

rust integration test: use all output from codeql test run
#20269 merged Aug 22, 2025
Rust: Implement a new query for Log Injection
#20221 merged Aug 22, 2025
Fix the broken reference
#18722 merged Aug 22, 2025
Correct menu title name of "Open Workspace"
#12660 merged Aug 22, 2025
Merge rc/3.19 into main
#20264 merged Aug 21, 2025
Rust: Adjust jump-to-def for paths with generic arguments
#20248 merged Aug 21, 2025
Type inference: Rename some variables
#20234 merged Aug 21, 2025
C#: Allow implicit collection reads in sink nodes.
#20089 merged Aug 21, 2025
Java: Add previous-id and adjust tags for java/garbage-collection and java/run-finalizers-on-exit
#20095 merged Aug 21, 2025
Bump the extractor-dependencies group in /go/extractor with 2 updates
#20188 merged Aug 21, 2025
C++: Use the shared type-tracking library for virtual dispatch resolution
#20249 merged Aug 21, 2025
CS: Update cs/ldap-injection qhelp
#20254 merged Aug 21, 2025
Add extra Customizations files
#20252 merged Aug 20, 2025
Rust: update README to remove experimental warning
#20251 merged Aug 20, 2025
Update CSV framework coverage reports
#20244 merged Aug 20, 2025
Rust: Update StreamCipherInit to use getCanonicalPath.
#20238 merged Aug 19, 2025
C++: Mark the write to fprintf's 0'th argument as partial
#20242 merged Aug 19, 2025
Rust: Distinguish internal/external items in path resolution
#20191 merged Aug 19, 2025
Guards: Cache nullGuard predicate.
#20237 merged Aug 19, 2025
Rust: Take transitive dependencies into account when computing canonical paths
#20243 merged Aug 19, 2025
Post-release preparation for codeql-cli-2.22.4
#20241 merged Aug 18, 2025
Release preparation for version 2.22.4
#20240 merged Aug 18, 2025
Rust: Remove TC from ImplTraitTypeRepr.isInReturnPos
#20233 merged Aug 18, 2025
C++: SloppyGlobal: Don't alert on template instantiations, only the template
#20232 merged Aug 18, 2025
Shared: Skip non-CFG children in StandardTree
#20230 merged Aug 18, 2025
Rust: Add a type inference test case resembling PathBuf.canonicalize.
#20222 merged Aug 18, 2025
Add data extensions for remote tainted sources
#20228 merged Aug 18, 2025
C++: Diff-informed queries: phase 3 (non-trivial locations)
#20073 merged Aug 18, 2025
Python: Diff-informed queries: phase 3 (non-trivial locations)
#20079 merged Aug 18, 2025
JS: Enhance command injection detection for CLI argument parsing libraries
#20151 merged Aug 18, 2025
JS: Exclude environment variables from js/regex-injection query by default
#20148 merged Aug 18, 2025

10 Pull requests opened by 9 people

C#: Streamline MaD summaries for Byte- and Char arrays and pointers
#20239 opened Aug 18, 2025
Java: accept new test results after extractor update
#20247 opened Aug 19, 2025
Bazel: do not force `lld` and fix `platforms` warning
#20250 opened Aug 19, 2025
Shared: Add and use a signature for basic blocks
#20253 opened Aug 20, 2025
Add reuse nonce test for java
#20258 opened Aug 20, 2025
[Draft] Modernize the Unreachable Except Block query
#20263 opened Aug 21, 2025
Java: Add more nullness tests and fix a bug causing false negatives.
#20267 opened Aug 22, 2025
Add changelog entry for CodeQL CLI version 2.22.4
#20268 opened Aug 22, 2025
Rust: Improve FS models
#20270 opened Aug 22, 2025
Java: Make virtual dispatch global while keeping ssa local.
#20271 opened Aug 22, 2025

5 Issues closed by 4 people

Should `qlpack.yml` `compileForOverlayEval` be documented?
#20186 closed Aug 22, 2025
How to write CodeQL rules?
#20159 closed Aug 22, 2025
General issue: java-queries@1.6.3 is failing
#20262 closed Aug 21, 2025
"No code found during the build." after successful compilation for C++ in Visual Studio 2019
#7365 closed Aug 18, 2025
Superflous paths-ignore warning?
#6845 closed Aug 18, 2025

4 Issues opened by 4 people

[JS]General issue: ES6 Analysis Seems Unsupported
#20261 opened Aug 21, 2025
General issue: MetricCallable Kotlin
#20259 opened Aug 21, 2025
CodeQL Ruby parser fails on bare & block forwarding in multi-line method calls
#20257 opened Aug 20, 2025
[Rust] Unused variable False positive
#20256 opened Aug 20, 2025

16 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

Java: Added new query `java/visible-for-testing-abuse`
#20178 commented on Aug 24, 2025 • 21 new comments
Rust: upgrade to rust-analyzer 0.0.300
#20055 commented on Aug 22, 2025 • 17 new comments
Java: Add support to Compact Source Files
#20116 commented on Aug 21, 2025 • 8 new comments
Java: Enhance `java/jvm-exit` query and add to quality
#20190 commented on Aug 24, 2025 • 7 new comments
JS: Move cors-misconfiguration query from experimental to Security
#20146 commented on Aug 22, 2025 • 4 new comments
Python extractor: overlay support
#20206 commented on Aug 20, 2025 • 3 new comments
Python: Modernize the Signature Mismatch query
#20217 commented on Aug 19, 2025 • 3 new comments
Java: Promote Insecure Spring Boot Actuator Configuration query from experimental
#20006 commented on Aug 22, 2025 • 2 new comments
Java: Add support to `ModuleImportDeclaration`
#20097 commented on Aug 21, 2025 • 1 new comment
CWE 134
#20131 commented on Aug 19, 2025 • 0 new comments
Quantum: Refactor OpenSSL padding modeling
#19908 commented on Aug 20, 2025 • 0 new comments
Signature model refactor
#19944 commented on Aug 22, 2025 • 0 new comments
Java: Add test for flexible constructor support
#20136 commented on Aug 18, 2025 • 0 new comments
Java: port quality query `java/mocking-all-non-private-methods-means-unit-test-is-too-big`
#20205 commented on Aug 22, 2025 • 0 new comments
Rust: Fallback crate resolution
#20225 commented on Aug 23, 2025 • 0 new comments
Rust: Model `async` return types as `dyn Future`
#20236 commented on Aug 19, 2025 • 0 new comments