codeql

codeql copied to clipboard

C#: Negative summaries (ie. no flow through)

8

In this PR we introduce the concept of `negative` flow summaries, which is a summary of a callable stating that there is no flow via this callable. The implementation introduces...

michaelnebel

In this PR we introduce the following improvements to the the stub generator. - Enums are now explicitly typed and enum values are assigned. - Support for function pointers types....

michaelnebel

- Update .gitignore for .vscode/*.log temporaries - C++: Add test and placeholder query. - C++: First working. We now prefer flagging the cases where the variable was initialized, as in...

d10c

Python: Timing attack

9

A constant-time algorithm should be used for checking the value of info. In other words, the comparison time should not depend on the content of the input, Otherwise, an attacker...

ahmed-farid-dev

LGTM.com - false positive for py/uninitialized-local-variable

3

**Description of the false positive** The error says that a variable may be used before it is initialized but the variable is defined on the line above. I cannot see...

rparini

Java: Promote HashWithoutSalt query

9

joefarebrother

hvitved

JS: add call-edge for dynamic dispatch to unknown property from an object literal

2

CVE-2019-10807: TP/TN [The evaluation suggests a very slight performance regression](https://github.com/github/codeql-dca-main/tree/data/PR-9751-0-javascript__2/reports). No new results from the evaluation, but plenty of new call-edges (see the meta alert diff). The call-edges look good...

erik-krogh

Steps into captured variables are moved into jumpStep where they always should have been, and the store/load step implementation for channels is completed. For the time being this takes a...

smowton

This PR merges back all of the changes from the release of codeql-cli-2.10.3.

codeql-ci