37 Pull requests merged by 16 people

• C++: Add more MaD summaries

  #19753 merged Jun 13, 2025

• C++: Add support to __leave

  #19734 merged Jun 13, 2025

• Rust: Disambiguate some method calls based on argument types

  #19749 merged Jun 13, 2025

• Rust: Temporarily disable type information to flow into operands

  #19755 merged Jun 13, 2025

• Rust: Type inference for macro expressions

  #19751 merged Jun 13, 2025

• Java: Update the CFG for assert statements to make them proper guards.

  #19733 merged Jun 13, 2025

• Python: Modernize iter not returning self query

  #19554 merged Jun 13, 2025

• JS: Promote js/template-syntax-in-string-literal to the Code Quality suite.

  #19726 merged Jun 13, 2025

• Rust: Model String -> str implicit conversion in type inference

  #19737 merged Jun 13, 2025

• Rust: Use hasImplementation in path resolution

  #19745 merged Jun 13, 2025

• Add black pre-commit hook

  #19712 merged Jun 12, 2025

• Rust: Use QL computed canonical paths in MaD Field tokens

  #19667 merged Jun 12, 2025

• Rust: extract hasImplementation on functions and consts

  #19649 merged Jun 12, 2025

• Rust: Data flow through overloaded operators

  #19685 merged Jun 12, 2025

• Shared: Add elaborate QL doc to TypeInference.qll

  #19727 merged Jun 12, 2025

• JS: Promote js/suspicious-method-name-declaration to the Code Quality suite.

  #19741 merged Jun 12, 2025

• Rust: fix typo in README.md

  #19742 merged Jun 12, 2025

• Rust: Also apply adjustedAccessType in RelevantAccess

  #19729 merged Jun 12, 2025

• Rust: Add another type inference debug predicate

  #19728 merged Jun 12, 2025

• Set CWE-134 from 9.3 to 7.3 CVSS score for memory safe languages (#2)

  #19738 merged Jun 12, 2025

• Rust: Generate canonical paths for builtins

  #19732 merged Jun 12, 2025

• Rust: move body skipping logic to code generation

  #19559 merged Jun 12, 2025

• Rust: Simple type inference for index expressions

  #19657 merged Jun 12, 2025

• Update precision java concatenated command line

  #19723 merged Jun 12, 2025

• Rust: Update RegexInjectionExtensions to use getCanonicalPath.

  #19735 merged Jun 12, 2025

• Changedocs 2.22.0

  #19740 merged Jun 11, 2025

• C++: Add boolean for explicit lambda parameter lists

  #19686 merged Jun 11, 2025

• fixing some improperly escaped URLs

  #19739 merged Jun 11, 2025

• Rust: Adjust the taint reach metric for better stability.

  #19718 merged Jun 11, 2025

• Rust: Fix various bad joins

  #19725 merged Jun 11, 2025

• JS: QL-side type/name resolution for TypeScript and JSDoc

  #19078 merged Jun 11, 2025

• C#: Improve cs/dereference-* queries and add to the Code Quality suite.

  #19589 merged Jun 11, 2025

• Rust: Implement type inference for ref expression as type equality

  #19724 merged Jun 11, 2025

• Rust: regenerate MaD files using DCA

  #19674 merged Jun 11, 2025

• JS: Promote js/regex/duplicate-in-character-class to quality

  #19711 merged Jun 11, 2025

• Rust: Fix bad join

  #19714 merged Jun 11, 2025

• Actions: Improve Bash parsing performance on command and string interpolations

  #19701 merged Jun 10, 2025

19 Pull requests opened by 11 people

• Enhance `cpp/overflow-calculated` - detect out-of-bounds write caused by passing the buffer size in bytes (using sizeof) instead of the number of elements to wcsftime, allowing the function to overrun the allocated buffer.

  #19722 opened Jun 10, 2025

• Update qhelp style guide for markdown format

  #19730 opened Jun 11, 2025

• Ruby: enable overlay compilation

  #19731 opened Jun 11, 2025

• JS: Promote `js/loop-iteration-skipped-due-to-shifting` to the Code Quality suite

  #19743 opened Jun 12, 2025

• MaD generator: use `--threads=0` and 2GB per thread for `--ram` by default

  #19744 opened Jun 12, 2025

• C++: Use SEH exception edges in IR and generate SEH exception edges for calls in `__try`, `__except`, and `__finally` blocks

  #19746 opened Jun 12, 2025

• Add CI workflow to check overlay annotations

  #19747 opened Jun 13, 2025

• Rust: regenerate models

  #19748 opened Jun 13, 2025

• JS: remove `encodeURI` from sanitizer list of request forgery

  #19750 opened Jun 13, 2025

• Rust: Type inference for `for` loops and array expressions

  #19754 opened Jun 13, 2025

• Rust: Type inference uses defaults for type parameters

  #19756 opened Jun 13, 2025

• Actions: mass-enable diff-informed queries phase 2 - `getASelected{Source,Sink}Location() { none() }`

  #19757 opened Jun 13, 2025

• C#: mass-enable diff-informed queries phase 2 - `getASelected{Source,Sink}Location() { none() }`

  #19758 opened Jun 13, 2025

• C++: mass-enable diff-informed queries phase 2 - `getASelected{Source,Sink}Location() { none() }`

  #19759 opened Jun 13, 2025

• Go: mass-enable diff-informed queries phase 2 - `getASelected{Source,Sink}Location() { none() }`

  #19760 opened Jun 13, 2025

• Swift: mass-enable diff-informed queries phase 2 - `getASelected{Source,Sink}Location() { none() }`

  #19761 opened Jun 13, 2025

• Improve TypeORM model

  #19762 opened Jun 13, 2025

• Go: Update tags for high precision quality queries

  #19763 opened Jun 13, 2025

• CI: fix python version

  #19765 opened Jun 13, 2025

1 Issue closed by 1 person

• C/C++: `Gotostmt` also matches `__leave` keyword

  #19666 closed Jun 13, 2025

4 Issues opened by 4 people

• Add support for Oracle Call Interface (OCI) to C/C++ coverage

  #19764 opened Jun 13, 2025

• Taint step for the Gradio framework

  #19752 opened Jun 13, 2025

• Extraction error with tsg-python

  #19736 opened Jun 11, 2025

• CodeQL unable to find out sources of a chosen dataflow node in Javascript

  #19720 opened Jun 10, 2025

23 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• Quantum: Support for BouncyCastle signature algorithms and block cipher modes

  #19568 commented on Jun 12, 2025 • 19 new comments

• C#: mass enable diff-informed data flow

  #19661 commented on Jun 13, 2025 • 7 new comments

• Ruby: generate overlay discard predicates

  #19719 commented on Jun 13, 2025 • 6 new comments

• Python: Modernize the init-calls-subclass query

  #19709 commented on Jun 13, 2025 • 3 new comments

• Rust: New query rust/access-after-lifetime-ended

  #19702 commented on Jun 13, 2025 • 2 new comments

• C#: Add `cs/gethashcode-is-not-defined` to the Code Quality suite.

  #19716 commented on Jun 11, 2025 • 0 new comments

• Quantum: Add OpenSSL signature models (Pawel Platek)

  #19705 commented on Jun 13, 2025 • 0 new comments

• Ruby: add support for extracting overlay databases

  #19684 commented on Jun 12, 2025 • 0 new comments

• Fixes in cpp/global-use-before-init

  #19676 commented on Jun 13, 2025 • 0 new comments

• C++: mass enable diff-informed data flow

  #19663 commented on Jun 13, 2025 • 0 new comments

• Swift: mass enable diff-informed data flow

  #19662 commented on Jun 13, 2025 • 0 new comments

• Go: mass enable diff-informed data flow

  #19660 commented on Jun 13, 2025 • 0 new comments

• Actions: mass enable diff-informed data flow

  #19659 commented on Jun 13, 2025 • 0 new comments

• Rust: Fix type inference for library parameters

  #19658 commented on Jun 13, 2025 • 0 new comments

• JS: ClientRequests Axios Instance support

  #19655 commented on Jun 11, 2025 • 0 new comments

• Rust: emit `Const` bodies in library mode

  #19651 commented on Jun 12, 2025 • 0 new comments

• Python: Improve performance of FileNotClosed query by using basic block reachability

  #19641 commented on Jun 13, 2025 • 0 new comments

• JS: Deprecate type extraction

  #19640 commented on Jun 13, 2025 • 0 new comments

• Add script to add overlay annotations

  #19631 commented on Jun 11, 2025 • 0 new comments

• Add QL for QL query to warn about possible non-inlining across overlay frontier

  #19590 commented on Jun 11, 2025 • 0 new comments

• Rust: upgrade `rust-analyzer` to 0.0.287

  #19524 commented on Jun 13, 2025 • 0 new comments

• Rust: update docs

  #19280 commented on Jun 13, 2025 • 0 new comments

• Rust: Make `SummarizedCallable` extend `Function` instead of `string`

  #19268 commented on Jun 12, 2025 • 0 new comments