Commit 6f64839
File tree
2,113 files changed
+104253
-88012
lines changed- .github
- workflows
- actions/ql
- lib
- change-notes/released
- src
- change-notes/released
- config
- cpp
- downgrades/770002bb02322e04fa25345838ce6e82af285a0b
- ql
- integration-tests/query-suite
- lib
- change-notes
- released
- semmle/code/cpp
- commons
- controlflow
- dataflow
- internal
- internal
- ir
- dataflow/internal
- implementation/raw/internal
- upgrades/7e7c2f55670f8123d514cf542ccb1938118ac561
- src
- Likely Bugs
- Arithmetic
- Format
- Memory Management
- Security/CWE
- CWE-079
- CWE-134
- CWE-468
- Telemetry
- change-notes
- released
- utils/modelgenerator/internal
- test
- library-tests
- dataflow
- fields
- ir-barrier-guards
- models-as-data
- taint-tests
- ir
- points_to
- range-analysis
- types
- query-tests
- Likely Bugs
- Arithmetic/IntMultToLong
- Format/WrongTypeFormatArguments/Buildless
- Leap Year/UncheckedLeapYearAfterYearModification
- Security/CWE/CWE-468/semmle/SuspiciousAddWithSizeof
- csharp
- documentation/library-coverage
- downgrades
- 19b8cc3e2dc768d4cbc03d6e3773b709bbebd036
- e73ca2c93df8aae162f1704edc4817a5cb330529
- extractor
- Semmle.Extraction.CSharp.DependencyFetching
- Semmle.Extraction.CSharp
- CodeAnalysisExtensions
- Entities
- Base
- Expressions
- ObjectCreation
- ql
- campaigns/Solorigate
- lib
- change-notes/released
- src
- change-notes/released
- consistency-queries
- integration-tests
- all-platforms
- autobuild_slnx
- autobuild
- binlog_multiple
- binlog
- blazor_build_mode_none
- BlazorTest
- blazor
- BlazorTest
- conditional_compilation
- cshtml_standalone_disabled
- cshtml_standalone_flowsteps
- cshtml_standalone_net6
- cshtml_standalone
- cshtml
- diag_dotnet_incompatible
- diag_missing_project_files
- diag_missing_xamarin_sdk
- diag_recursive_generics
- dotnet_10
- dotnet_build
- dotnet_no_args_inject
- dotnet_pack
- dotnet_publish
- dotnet_run
- source_generator
- standalone_buildless_option
- standalone_dependencies_net48
- standalone_dependency_dir/proj
- standalone_failed
- standalone_resx
- standalone_slnx
- standalone_winforms
- standalone
- linux
- compiler_args
- diag_nuget_config_casing
- standalone_dependencies_non_utf8_filename
- posix
- dotnet_test_mstest
- dotnet_test
- inherit-env-vars
- standalone_dependencies_multi_project
- standalone_dependencies_multi_target
- standalone_dependencies_no_framework
- standalone_dependencies_nuget with_space
- standalone_dependencies_nuget_config_error_timeout
- standalone_dependencies_nuget_config_error
- standalone_dependencies_nuget_config_fallback
- standalone_dependencies_nuget_no_sources/proj
- standalone_dependencies_nuget_versions
- standalone_dependencies_nuget
- standalone_dependencies
- warn_as_error
- windows/standalone_dependencies
- lib
- change-notes
- released
- experimental/code/csharp/Cryptography
- ext
- semmle/code/csharp
- commons
- controlflow
- internal
- dataflow
- internal
- rangeanalysis
- dispatch
- exprs
- internal
- frameworks/system
- metrics
- security/dataflow
- upgrades
- 178a7e6cf335486d33d4e49543148e3f57f04a9a
- e73ca2c93df8aae162f1704edc4817a5cb330529
- src
- Bad Practices/Control-Flow
- Complexity
- Dead Code
- Language Abuse
- Likely Bugs
- Collections
- Performance
- Security Features
- CWE-079
- CWE-117
- CWE-119
- change-notes
- released
- experimental
- CWE-918
- Security Features/CWE-759
- test
- library-tests
- arguments
- assignments
- controlflow/graph
- csharp11
- csharp7
- csharp8
- dataflow
- constructors
- external-models
- flowsources/remote
- library
- local
- methods
- modulusanalysis
- nullcoalescing
- operators
- signanalysis
- ssa
- structs
- dispatch
- dynamic
- linq
- partial
- structuralcomparison
- query-tests
- Concurrency/SynchSetUnsynchGet
- Dead Code/DeadStoreOfLocal
- Language Abuse/UselessNullCoalescingExpression
- Security Features
- CWE-1004/HttpOnlyCookie
- AspNetCore/NoPolicy
- SystemWeb/HttpOnlyCookiesFalse
- CWE-117
- CWE-614/InsecureCookie
- AspNetCore/NoPolicy
- SystemWeb/RequireSSLFalse
- WriteOnlyContainer
- docs/codeql
- codeql-language-guides
- codeql-overview/codeql-changelog
- go
- extractor
- ql
- consistency-queries
- change-notes/released
- lib
- change-notes/released
- semmle/go
- concepts
- controlflow
- dataflow
- barrierguardutil
- internal
- dependencies
- frameworks
- stdlib
- utils/test/internal
- src
- RedundantCode
- Security
- CWE-079
- CWE-117
- CWE-327/examples
- change-notes
- released
- experimental/CWE-203
- filters
- test/library-tests/semmle/go
- PrintAst
- dataflow
- ExternalFlowInheritance
- VarArgsWithFunctionModels
- flowsources/local
- file
- stdin
- frameworks/Macaron
- javascript
- downgrades/26a123164be893893e2aa0374d820785decf55af
- extractor
- src/com/semmle/js/extractor
- tests
- cfg/output/trap
- closure/output/trap
- comments/output/trap
- default-encoding/output/trap
- e4x/output/trap
- encoding/output/trap
- errors/output/trap
- es2015/output/trap
- es2016/output/trap
- es2017/output/trap
- es2018/output/trap
- es2019/output/trap
- es2021/output/trap
- es2024/output/trap
- esnext/output/trap
- exprs/output/trap
- extensions/output/trap
- externs/output/trap
- flow/output/trap
- functionbind/output/trap
- generatedcode/output/trap
- helloworld/output/trap
- html/output/trap
- jscript/output/trap
- jsx/output/trap
- keywords/output/trap
- moduleTypes1/output/trap
- moduleTypes2/output/trap
- moduleTypes3/output/trap
- mozilla/output/trap
- ng-templates/output/trap
- node/output/trap
- regexp/output/trap
- restprops/output/trap
- shebang/output/trap
- stmts/output/trap
- strictmode/output/trap
- ts/output/trap
- v8/output/trap
- variables/output/trap
- vue/output/trap
- ql
- lib
- change-notes/released
- semmle/javascript
- frameworks
- data
- security
- dataflow
- upgrades/578367e82a25a3e286aaf1238613db3717b67476
- src
- change-notes/released
- test
- library-tests
- TypeScript/Shebangs
- frameworks
- ReactJS
- WebSocket
- variables
- query-tests
- Declarations
- SuspiciousMethodNameDeclaration
- UniquePropertyNames
- Expressions
- DuplicateProperty
- ExprHasNoEffect
- Quality/UnhandledErrorInStreamPipeline
- Security
- CWE-022/TaintedPath
- CWE-078/CommandInjection
- CWE-918
- Statements/LoopIterationSkippedDueToShifting
- java
- downgrades/de4ded61c8ae83f829aedaf05be73307ba25ca40
- ql
- consistency-queries
- lib
- change-notes/released
- config
- ext
- semmle/code/java
- arithmetic
- controlflow
- dataflow
- internal
- rangeanalysis
- metrics
- security
- upgrades/9f6026c400996c13842974b24f076a486ad1f69c
- utils/test
- src
- Likely Bugs
- Arithmetic
- Comparison
- Termination
- Security/CWE
- CWE-079
- CWE-117
- CWE-295
- Violations of Best Practice
- Declarations
- legacy
- change-notes
- released
- experimental/quantum/Examples
- test-kotlin1/library-tests
- controlflow
- basic
- dominance
- exprs
- test-kotlin2/library-tests
- controlflow
- basic
- dominance
- exprs
- test
- experimental/query-tests/quantum/examples
- BadMacUse
- InsecureOrUnknownNonceSource
- WeakOrUnknownAsymmetricKeySize
- WeakOrUnknownBlockMode
- WeakOrUnknownHash
- WeakOrUnknownKDFIterationCount
- WeakOrUnknownKDFKeySize
- WeakOrUnknownSymmetricCipher
- ext/TestModels
- library-tests
- controlflow
- basic
- dominance
- dataflow
- capture
- entrypoint-types
- fluent-methods
- taint-jackson
- taintsources
- flexible-constructors
- frameworks
- android
- intent
- slice
- taint-database
- apache-commons-lang3
- apache-http
- guava/handwritten
- javax-json
- jms
- lastaflute
- netty/manual
- rabbitmq
- ratpack/resources
- spring
- cache
- context
- controller
- data
- http
- ui
- util
- validation
- webmultipart
- websocket
- webutil
- guards12
- guards
- java7/MultiCatch
- optional
- pattern-instanceof
- pattern-switch/cfg
- ssa
- successors
- CloseReaderTest
- LoopVarReadTest
- SaveFileTest
- SchackTest
- TestBreak
- TestContinue
- TestDeclarations
- TestFinallyBreakContinue
- TestFinally
- TestLoopBranch
- TestThrow2
- TestThrow
- TestTryCatch
- TestTryWithResources
- switch-default-impossible-dispatch
- query-tests
- Escaping
- Nullness
- SafePublication
- StringComparison
- ThreadSafe/examples
- UselessComparisonTest
- security
- CWE-078
- CWE-1004
- CWE-1204
- CWE-200/semmle/tests
- SensitiveNotification
- SensitiveTextView
- CWE-287
- InsecureKeys/Test1
- InsecureLocalAuth
- CWE-295
- AndroidMissingCertificatePinning
- Test1
- Test2
- Test3
- Test4
- ImproperWebVeiwCertificateValidation
- CWE-297
- CWE-312/android/CleartextStorage
- CWE-524/res/layout
- CWE-749
- CWE-918
- CWE-927
- misc
- bazel
- 3rdparty
- py_deps
- tree_sitter_extractors_deps
- registry/modules
- rules_dotnet/0.21.5-codeql.1
- rules_rust
- 0.68.1.codeql.1
- patches
- suite-helpers
- change-notes/released
- python/ql
- lib
- analysis
- change-notes
- released
- semmle/python
- dataflow/new
- internal
- essa
- frameworks
- data
- internal
- internal
- objects
- security/dataflow
- types
- src
- Classes
- CallsToInitDel
- Expressions
- Functions
- Imports
- Metrics
- History
- Security
- CWE-079
- CWE-117
- Statements
- Summary
- Variables
- LoopVariableCapture
- analysis
- change-notes
- released
- test
- 2/query-tests/Classes/new-style
- experimental
- import-resolution-namespace-relative
- pkg
- sub
- import-resolution
- package/subpackage
- library-tests
- CallGraph-type-annotations
- CallGraph/code
- query-tests/Security
- CWE-022-UnsafeUnpacking
- CWE-1427-PromptInjection
- CWE-176
- library-tests
- ApiGraphs
- py2
- py3
- ControlFlow/general
- dataflow
- basic
- calls-overload
- coverage-py2
- coverage-py3
- coverage
- global-flow
- global-or-captured-vars
- match
- model-summaries
- module-initialization
- summaries
- tainttracking/customSanitizer
- typetracking-summaries
- typetracking
- variable-capture
- frameworks
- data
- django-orm/testapp
- django-v1
- django-v2-v3
- testapp
- testproj
- django
- fabric
- flask
- invoke
- mysql-connector-python
- mysqldb
- pandas
- paramiko
- pyramid
- rest_framework/testproj
- ruamel.yaml
- stdlib-py2
- stdlib-py3
- stdlib
- yaml
- regexparser
- regex
- query-tests
- Classes/should-be-context-manager
- Exceptions/general
- Functions
- ModificationOfParameterWithDefault
- general
- methodArgNames
- overriding
- Resources/FileNotAlwaysClosed
- Security
- CWE-022-PathInjection
- CWE-078-CommandInjection
- CWE-078-UnsafeShellCommandConstruction
- src
- CWE-1004-NonHttpOnlyCookie
- CWE-1275-SameSiteNoneCookie
- CWE-209-StackTraceExposure
- CWE-614-InsecureCookie
- CWE-943-NoSqlInjection
- Variables/capture
- ruby/ql
- lib
- change-notes/released
- codeql/ruby
- ast/internal
- dataflow/internal
- frameworks
- actioncontroller
- actiondispatch/internal
- core
- stdlib
- security
- src
- change-notes
- released
- experimental/cwe-176/examples
- queries/security
- cwe-079
- cwe-117
- test
- library-tests
- dataflow
- api-graphs
- flow-summaries
- local
- frameworks
- action_controller
- action_mailer
- active_support
- arel
- json
- mysql2
- sqlite3
- query-tests
- experimental
- cwe-176
- improper-memoization
- security
- cwe-094/CodeInjection
- cwe-300
- variables
- DeadStoreOfLocal
- UninitializedLocal
- rust/ql
- lib
- change-notes/released
- codeql
- files
- rust
- dataflow
- internal
- elements/internal
- frameworks
- stdlib
- internal
- typeinference
- security
- regex
- src
- change-notes
- released
- queries/security
- CWE-079
- CWE-117
- CWE-295
- CWE-825
- utils/modelgenerator/internal
- test
- library-tests
- dataflow
- barrier
- models
- sources/net/CONSISTENCY
- taint
- type-inference
- CONSISTENCY
- query-tests/security
- CWE-117
- CONSISTENCY
- CWE-312
- CWE-327/BrokenCryptoAlgorithm
- CONSISTENCY
- CWE-770
- CWE-825
- utils-tests/modelgenerator
- swift
- extractor
- ql
- integration-tests/posix
- deduplication
- hello-world
- lib
- change-notes/released
- codeql/swift/frameworks/StandardLibrary
- src
- change-notes
- released
- diagnostics
- queries/Security/CWE-079
- test
- library-tests/dataflow/taint/libraries
- query-tests/Diagnostics
- third_party
- resources
Some content is hidden
Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.
2,113 files changed
+104253
-88012
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
45 | 45 | | |
46 | 46 | | |
47 | 47 | | |
| 48 | + | |
| 49 | + | |
This file was deleted.
This file was deleted.
This file was deleted.
0 commit comments