[krishnprakash/codeql] b67694: Python: Remove imprecise container steps
0 views
Skip to first unread message
Phileco
Jun 5, 2026, 9:46:30 AM (2 days ago) Jun 5
to philecodi...@googlegroups.com
Branch: refs/heads/main
Home: https://github.com/krishnprakash/codeql
Commit: b67694b2abdcd66461d3827efa590f96cfc05d5f
https://github.com/krishnprakash/codeql/commit/b67694b2abdcd66461d3827efa590f96cfc05d5f
Author: Rasmus Lerchedahl Petersen <yo...@github.com>
Date: 2026-05-21 (Thu, 21 May 2026)
Changed paths:
M python/ql/consistency-queries/DataFlowConsistency.ql
M python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll
M python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll
M python/ql/test/library-tests/dataflow/sensitive-data/test.py
M python/ql/test/library-tests/dataflow/tainttracking/defaultAdditionalTaintStep-py3/test_string.py
M python/ql/test/library-tests/dataflow/tainttracking/defaultAdditionalTaintStep/test_collections.py
M python/ql/test/library-tests/dataflow/tainttracking/defaultAdditionalTaintStep/test_string.py
M python/ql/test/library-tests/dataflow/tainttracking/defaultAdditionalTaintStep/test_unpacking.py
M python/ql/test/library-tests/frameworks/stdlib/test_re.py
M python/ql/test/library-tests/frameworks/tornado/taint_test.py
M python/ql/test/query-tests/Security/CWE-020-ExternalAPIs/ExternalAPIsUsedWithUntrustedData.expected
M python/ql/test/query-tests/Security/CWE-020-ExternalAPIs/UntrustedDataToExternalAPI.expected
M python/ql/test/query-tests/Security/CWE-209-StackTraceExposure/StackTraceExposure.expected
M python/ql/test/query-tests/Security/CWE-312-CleartextLogging/CleartextLogging.expected
M python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/PartialServerSideRequestForgery.expected
M python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/NoSqlInjection.expected
Log Message:
-----------
Python: Remove imprecise container steps
- remove `tupleStoreStep` and `dictStoreStep` from `containerStep`
These are imprecise compared to the content being precise.
- add implicit reads to recover taint at sinks
- add implicit read steps for decoders
to supplement the `AdditionalTaintStep`
that now only covers when the full container is tainted.
Commit: facb3b681dd4aed6b7ff6928ab7c7a8f2c97e267
https://github.com/krishnprakash/codeql/commit/facb3b681dd4aed6b7ff6928ab7c7a8f2c97e267
Author: Rasmus Lerchedahl Petersen <yo...@github.com>
Date: 2026-05-21 (Thu, 21 May 2026)
Changed paths:
M python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll
M python/ql/test/library-tests/dataflow/tainttracking/defaultAdditionalTaintStep/test_string.py
Log Message:
-----------
Python: recover taint for % format strings
Commit: 93e7ab52b766ba4eba57713022a0243ac6c7f0d8
https://github.com/krishnprakash/codeql/commit/93e7ab52b766ba4eba57713022a0243ac6c7f0d8
Author: Rasmus Lerchedahl Petersen <yo...@github.com>
Date: 2026-05-21 (Thu, 21 May 2026)
Changed paths:
M python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/PartialServerSideRequestForgery.expected
Log Message:
-----------
Python: adjust test expectations
We now find an alert on this line as we hope to
It is not an alert for _full_ SSRF, though, since that configuration cannot handle multiple substitutions.
Commit: 9a180036a5593c15a3501d5be33ea8c7e7c1020e
https://github.com/krishnprakash/codeql/commit/9a180036a5593c15a3501d5be33ea8c7e7c1020e
Author: Rasmus Lerchedahl Petersen <yo...@github.com>
Date: 2026-05-21 (Thu, 21 May 2026)
Changed paths:
M python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll
M python/ql/test/library-tests/dataflow/tainttracking/defaultAdditionalTaintStep-py3/test_string.py
M python/ql/test/library-tests/dataflow/tainttracking/defaultAdditionalTaintStep/test_collections.py
Log Message:
-----------
Python: conversion step for `format_map`
and adjust collection test
Commit: 3275c814bd32893b43aad09bb9e915c18df210a8
https://github.com/krishnprakash/codeql/commit/3275c814bd32893b43aad09bb9e915c18df210a8
Author: Rasmus Lerchedahl Petersen <yo...@github.com>
Date: 2026-05-21 (Thu, 21 May 2026)
Changed paths:
M python/ql/test/query-tests/Security/CWE-020-ExternalAPIs/ExternalAPIsUsedWithUntrustedData.expected
M python/ql/test/query-tests/Security/CWE-020-ExternalAPIs/UntrustedDataToExternalAPI.expected
M python/ql/test/query-tests/Security/CWE-209-StackTraceExposure/StackTraceExposure.expected
M python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/NoSqlInjection.expected
Log Message:
-----------
Python: reset test expectations
Commit: f669a4f3bf16c34dffdb6b4d17e3ba85e8b5469e
https://github.com/krishnprakash/codeql/commit/f669a4f3bf16c34dffdb6b4d17e3ba85e8b5469e
Author: Rasmus Lerchedahl Petersen <yo...@github.com>
Date: 2026-05-21 (Thu, 21 May 2026)
Changed paths:
M python/ql/lib/semmle/python/frameworks/Stdlib.qll
M python/ql/test/library-tests/dataflow/tainttracking/defaultAdditionalTaintStep/test_collections.py
Log Message:
-----------
Python: Make sure all imprecise taint bubbles up
Commit: 0ecca91deaa76ac16677ee429f66e62389aebedb
https://github.com/krishnprakash/codeql/commit/0ecca91deaa76ac16677ee429f66e62389aebedb
Author: Rasmus Lerchedahl Petersen <yo...@github.com>
Date: 2026-05-21 (Thu, 21 May 2026)
Changed paths:
M python/ql/lib/semmle/python/frameworks/Stdlib.qll
Log Message:
-----------
Python: typo
Commit: fa9426c74905b9bdd9cd390df3c3e76515160ca3
https://github.com/krishnprakash/codeql/commit/fa9426c74905b9bdd9cd390df3c3e76515160ca3
Author: Rasmus Lerchedahl Petersen <yo...@github.com>
Date: 2026-05-21 (Thu, 21 May 2026)
Changed paths:
M python/ql/test/library-tests/frameworks/tornado/taint_test.py
Log Message:
-----------
Python: extra tests for comprehension
Commit: fa758d6bf5e44bbd22298de3ad609483b3f7988a
https://github.com/krishnprakash/codeql/commit/fa758d6bf5e44bbd22298de3ad609483b3f7988a
Author: Rasmus Lerchedahl Petersen <yo...@github.com>
Date: 2026-05-21 (Thu, 21 May 2026)
Changed paths:
M python/ql/test/library-tests/frameworks/tornado/taint_test.py
Log Message:
-----------
python: fix test
Commit: e8779295eea09c963f3726dc9fdd04c57ca3ec54
https://github.com/krishnprakash/codeql/commit/e8779295eea09c963f3726dc9fdd04c57ca3ec54
Author: Owen Mansel-Chan <owe...@github.com>
Date: 2026-05-22 (Fri, 22 May 2026)
Changed paths:
M python/ql/test/experimental/query-tests/Security/CWE-1427-PromptInjection/PromptInjection.expected
M python/ql/test/experimental/query-tests/Security/CWE-1427-PromptInjection/openai_test.py
M python/ql/test/query-tests/Security/CVE-2018-1281/BindToAllInterfaces.expected
Log Message:
-----------
Update test results
Commit: ec13e1bcd3f3f0c41484d976ef1fc913fed1e109
https://github.com/krishnprakash/codeql/commit/ec13e1bcd3f3f0c41484d976ef1fc913fed1e109
Author: Owen Mansel-Chan <owe...@github.com>
Date: 2026-05-27 (Wed, 27 May 2026)
Changed paths:
M python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll
M python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPublic.qll
M python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImpl.qll
M python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll
M python/ql/lib/semmle/python/dataflow/new/internal/TypeTrackingImpl.qll
M python/ql/src/Variables/LoopVariableCapture/LoopVariableCaptureQuery.qll
M python/ql/test/library-tests/frameworks/stdlib/test_re.py
Log Message:
-----------
Add wildcard `ContentSet`s to avoid performance problems
Commit: 6042adebae6089df3a0d2f5b0f8599e6b485564b
https://github.com/krishnprakash/codeql/commit/6042adebae6089df3a0d2f5b0f8599e6b485564b
Author: BazookaMusic <bazook...@github.com>
Date: 2026-05-27 (Wed, 27 May 2026)
Changed paths:
M java/ql/lib/semmle/code/java/dataflow/Bound.qll
M java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/BoundSpecific.qll
A shared/rangeanalysis/codeql/rangeanalysis/Bound.qll
Log Message:
-----------
move identical java and cs bound.qll to shared library
Commit: acb5c0e70f56d981cec2f2e408b7a15247e4d818
https://github.com/krishnprakash/codeql/commit/acb5c0e70f56d981cec2f2e408b7a15247e4d818
Author: BazookaMusic <bazook...@github.com>
Date: 2026-05-27 (Wed, 27 May 2026)
Changed paths:
M csharp/ql/lib/qlpack.yml
M csharp/ql/lib/semmle/code/csharp/dataflow/Bound.qll
M csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/BoundSpecific.qll
M java/ql/lib/semmle/code/java/dataflow/Bound.qll
Log Message:
-----------
missed changes
Commit: cc12740c0e55379ddfdb57be1f62f9322fa06927
https://github.com/krishnprakash/codeql/commit/cc12740c0e55379ddfdb57be1f62f9322fa06927
Author: BazookaMusic <bazook...@github.com>
Date: 2026-05-27 (Wed, 27 May 2026)
Changed paths:
M config/identical-files.json
Log Message:
-----------
remove check for files in sync
Commit: 80c6f082d114ce5772dd38330b528868e3914363
https://github.com/krishnprakash/codeql/commit/80c6f082d114ce5772dd38330b528868e3914363
Author: Owen Mansel-Chan <owe...@github.com>
Date: 2026-05-28 (Thu, 28 May 2026)
Changed paths:
M python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll
Log Message:
-----------
Fix TODO in `containerStep`
Commit: 812e8e6b34e09795f3013a89c2a77922b72819d7
https://github.com/krishnprakash/codeql/commit/812e8e6b34e09795f3013a89c2a77922b72819d7
Author: Owen Mansel-Chan <owe...@github.com>
Date: 2026-05-28 (Thu, 28 May 2026)
Changed paths:
A python/ql/lib/change-notes/2026-05-28-remove-imprecise-containter-steps.md
Log Message:
-----------
Add change note
Commit: df15a719cb77241ab46f4268ec7c424c206aa03d
https://github.com/krishnprakash/codeql/commit/df15a719cb77241ab46f4268ec7c424c206aa03d
Author: Owen Mansel-Chan <owe...@github.com>
Date: 2026-05-28 (Thu, 28 May 2026)
Changed paths:
M python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll
M python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPublic.qll
M python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImpl.qll
M python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll
M python/ql/src/Variables/LoopVariableCapture/LoopVariableCaptureQuery.qll
Log Message:
-----------
Add a `ContentSet` for any tuple or dictionary element
Commit: aee33a0cc90918b121717ee26719fc25fe51a174
https://github.com/krishnprakash/codeql/commit/aee33a0cc90918b121717ee26719fc25fe51a174
Author: Owen Mansel-Chan <owe...@github.com>
Date: 2026-05-29 (Fri, 29 May 2026)
Changed paths:
M python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPublic.qll
Log Message:
-----------
Add missing code for `TAnyTupleOrDictionaryElement`
Commit: b38440490aa08908676522e16dd3683174f16de9
https://github.com/krishnprakash/codeql/commit/b38440490aa08908676522e16dd3683174f16de9
Author: Owen Mansel-Chan <owe...@github.com>
Date: 2026-05-31 (Sun, 31 May 2026)
Changed paths:
M python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll
Log Message:
-----------
Address review comment
Commit: 71a363545a1e4e5829bdcab45389adc028a65720
https://github.com/krishnprakash/codeql/commit/71a363545a1e4e5829bdcab45389adc028a65720
Author: BazookaMusic <bazook...@github.com>
Date: 2026-06-01 (Mon, 01 Jun 2026)
Changed paths:
M csharp/ql/lib/semmle/code/csharp/dataflow/Bound.qll
M csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/BoundSpecific.qll
M java/ql/lib/semmle/code/java/dataflow/Bound.qll
M java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/BoundSpecific.qll
M shared/rangeanalysis/codeql/rangeanalysis/Bound.qll
Log Message:
-----------
formatting
Commit: d1226b71de156cc4f7fae5cb3e7a622934d9fae6
https://github.com/krishnprakash/codeql/commit/d1226b71de156cc4f7fae5cb3e7a622934d9fae6
Author: BazookaMusic <bazook...@github.com>
Date: 2026-06-01 (Mon, 01 Jun 2026)
Changed paths:
M shared/rangeanalysis/codeql/rangeanalysis/Bound.qll
Log Message:
-----------
formatting
Commit: c1c9287535857dc0db2c56dcbd485425c5806bdd
https://github.com/krishnprakash/codeql/commit/c1c9287535857dc0db2c56dcbd485425c5806bdd
Author: BazookaMusic <bazook...@github.com>
Date: 2026-06-01 (Mon, 01 Jun 2026)
Changed paths:
M shared/rangeanalysis/codeql/rangeanalysis/Bound.qll
Log Message:
-----------
restore file header
Commit: 019a5c01add97e33ff7337eca6a3fad65a15eed4
https://github.com/krishnprakash/codeql/commit/019a5c01add97e33ff7337eca6a3fad65a15eed4
Author: Sotiris Dragonas <36576941+B...@users.noreply.github.com>
Date: 2026-06-01 (Mon, 01 Jun 2026)
Changed paths:
M actions/ql/lib/CHANGELOG.md
R actions/ql/lib/change-notes/2026-05-12-improved-alphanumeric-regex.md
A actions/ql/lib/change-notes/released/0.4.37.md
M actions/ql/lib/codeql-pack.release.yml
M actions/ql/lib/qlpack.yml
M actions/ql/src/CHANGELOG.md
R actions/ql/src/change-notes/2026-05-05-untrusted-checkout-high.md
R actions/ql/src/change-notes/2026-05-12-sha256-pinned-actions.md
R actions/ql/src/change-notes/2026-05-14-further-iteration-untrusted-checkout-improvements-alert.md
R actions/ql/src/change-notes/2026-05-14-further-iteration-untrusted-checkout-improvements-helpfile.md
R actions/ql/src/change-notes/2026-05-14-further-iteration-untrusted-checkout-improvements-metadata.md
A actions/ql/src/change-notes/released/0.6.29.md
M actions/ql/src/codeql-pack.release.yml
M actions/ql/src/qlpack.yml
M cpp/ql/lib/CHANGELOG.md
M cpp/ql/lib/DefaultOptions.qll
M cpp/ql/lib/Options.qll
R cpp/ql/lib/change-notes/2026-05-15-secure-scanf.md
R cpp/ql/lib/change-notes/2026-05-16-alias-template.md
R cpp/ql/lib/change-notes/2026-05-18-alias-type.md
R cpp/ql/lib/change-notes/2026-05-21-generated-from.md
A cpp/ql/lib/change-notes/2026-05-27-deprecated-removal.md
A cpp/ql/lib/change-notes/released/10.2.0.md
M cpp/ql/lib/codeql-pack.release.yml
M cpp/ql/lib/cpp.qll
M cpp/ql/lib/qlpack.yml
M cpp/ql/lib/semmle/code/cpp/Location.qll
R cpp/ql/lib/semmle/code/cpp/Member.qll
M cpp/ql/lib/semmle/code/cpp/TemplateParameter.qll
M cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll
M cpp/ql/lib/semmle/code/cpp/internal/ResolveClass.qll
M cpp/ql/src/CHANGELOG.md
A cpp/ql/src/change-notes/released/1.6.4.md
M cpp/ql/src/codeql-pack.release.yml
M cpp/ql/src/qlpack.yml
M cpp/ql/test/library-tests/dataflow/external-models/flow.expected
M cpp/ql/test/library-tests/dataflow/external-models/flow.ext.yml
M cpp/ql/test/library-tests/dataflow/external-models/sinks.expected
M cpp/ql/test/library-tests/dataflow/external-models/sources.expected
M cpp/ql/test/library-tests/dataflow/external-models/test.cpp
M cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected
M cpp/ql/test/library-tests/friends/loop/friends.expected
M csharp/extractor/Semmle.Extraction.CSharp/CodeAnalysisExtensions/SymbolExtensions.cs
M csharp/extractor/Semmle.Extraction.CSharp/Entities/Accessor.cs
M csharp/paket.dependencies
M csharp/paket.lock
M csharp/paket.main.bzl
M csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
A csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.68.md
M csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
M csharp/ql/campaigns/Solorigate/lib/qlpack.yml
M csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
A csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.68.md
M csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
M csharp/ql/campaigns/Solorigate/src/qlpack.yml
M csharp/ql/integration-tests/posix/standalone_dependencies_executing_runtime/Assemblies.expected
M csharp/ql/lib/CHANGELOG.md
R csharp/ql/lib/change-notes/2026-05-12-user-increment-decrement.md
A csharp/ql/lib/change-notes/2026-05-19-properties-indexers-refreturn.md
R csharp/ql/lib/change-notes/2026-05-20-csharp14-dotnet10.md
A csharp/ql/lib/change-notes/released/6.0.2.md
M csharp/ql/lib/codeql-pack.release.yml
M csharp/ql/lib/qlpack.yml
M csharp/ql/lib/semmle/code/csharp/exprs/Call.qll
M csharp/ql/src/CHANGELOG.md
A csharp/ql/src/change-notes/released/1.7.4.md
M csharp/ql/src/codeql-pack.release.yml
M csharp/ql/src/qlpack.yml
M csharp/ql/test/library-tests/csharp8/NullableRefTypes.expected
M csharp/ql/test/library-tests/encoding/SBCS.cs
A csharp/ql/test/library-tests/indexers/Indexers13.expected
A csharp/ql/test/library-tests/indexers/Indexers13.ql
M csharp/ql/test/library-tests/indexers/PrintAst.expected
M csharp/ql/test/library-tests/indexers/indexers.cs
M csharp/ql/test/library-tests/properties/PrintAst.expected
M csharp/ql/test/library-tests/properties/Properties17.expected
A csharp/ql/test/library-tests/properties/Properties19.expected
A csharp/ql/test/library-tests/properties/Properties19.ql
M csharp/ql/test/library-tests/properties/properties.cs
M csharp/ql/test/query-tests/Telemetry/DatabaseQuality/IsNotOkayCall.expected
M csharp/ql/test/query-tests/Telemetry/DatabaseQuality/NoTarget.expected
M csharp/ql/test/query-tests/Telemetry/DatabaseQuality/Quality.cs
M go/ql/consistency-queries/CHANGELOG.md
A go/ql/consistency-queries/change-notes/released/1.0.51.md
M go/ql/consistency-queries/codeql-pack.release.yml
M go/ql/consistency-queries/qlpack.yml
M go/ql/lib/CHANGELOG.md
A go/ql/lib/change-notes/released/7.1.2.md
M go/ql/lib/codeql-pack.release.yml
M go/ql/lib/qlpack.yml
M go/ql/src/CHANGELOG.md
A go/ql/src/change-notes/released/1.6.4.md
M go/ql/src/codeql-pack.release.yml
M go/ql/src/qlpack.yml
M java/ql/lib/CHANGELOG.md
R java/ql/lib/change-notes/2026-05-19-avro-mads.md
A java/ql/lib/change-notes/released/9.1.2.md
M java/ql/lib/codeql-pack.release.yml
M java/ql/lib/qlpack.yml
M java/ql/src/CHANGELOG.md
A java/ql/src/change-notes/released/1.11.4.md
M java/ql/src/codeql-pack.release.yml
M java/ql/src/qlpack.yml
M javascript/ql/lib/CHANGELOG.md
R javascript/ql/lib/change-notes/2026-05-14-sensitive-data.md
A javascript/ql/lib/change-notes/released/2.7.2.md
M javascript/ql/lib/codeql-pack.release.yml
M javascript/ql/lib/qlpack.yml
M javascript/ql/src/CHANGELOG.md
A javascript/ql/src/change-notes/released/2.3.11.md
M javascript/ql/src/codeql-pack.release.yml
M javascript/ql/src/qlpack.yml
M misc/suite-helpers/CHANGELOG.md
A misc/suite-helpers/change-notes/released/1.0.51.md
M misc/suite-helpers/codeql-pack.release.yml
M misc/suite-helpers/qlpack.yml
M python/ql/lib/CHANGELOG.md
R python/ql/lib/change-notes/2026-05-14-sensitive-data.md
A python/ql/lib/change-notes/released/7.1.2.md
M python/ql/lib/codeql-pack.release.yml
M python/ql/lib/qlpack.yml
M python/ql/src/CHANGELOG.md
A python/ql/src/change-notes/released/1.8.4.md
M python/ql/src/codeql-pack.release.yml
M python/ql/src/qlpack.yml
A python/ql/test/library-tests/ControlFlow/evaluation-order/AllLiveReachable.expected
A python/ql/test/library-tests/ControlFlow/evaluation-order/AllLiveReachable.ql
A python/ql/test/library-tests/ControlFlow/evaluation-order/AnnotationHasCfgNode.expected
A python/ql/test/library-tests/ControlFlow/evaluation-order/AnnotationHasCfgNode.ql
A python/ql/test/library-tests/ControlFlow/evaluation-order/BasicBlockAnnotationGap.expected
A python/ql/test/library-tests/ControlFlow/evaluation-order/BasicBlockAnnotationGap.ql
A python/ql/test/library-tests/ControlFlow/evaluation-order/BasicBlockOrdering.expected
A python/ql/test/library-tests/ControlFlow/evaluation-order/BasicBlockOrdering.ql
A python/ql/test/library-tests/ControlFlow/evaluation-order/ConsecutiveTimestamps.expected
A python/ql/test/library-tests/ControlFlow/evaluation-order/ConsecutiveTimestamps.ql
A python/ql/test/library-tests/ControlFlow/evaluation-order/ContiguousTimestamps.expected
A python/ql/test/library-tests/ControlFlow/evaluation-order/ContiguousTimestamps.ql
A python/ql/test/library-tests/ControlFlow/evaluation-order/MissingAnnotations.expected
A python/ql/test/library-tests/ControlFlow/evaluation-order/MissingAnnotations.ql
A python/ql/test/library-tests/ControlFlow/evaluation-order/NeverReachable.expected
A python/ql/test/library-tests/ControlFlow/evaluation-order/NeverReachable.ql
A python/ql/test/library-tests/ControlFlow/evaluation-order/NoBackwardFlow.expected
A python/ql/test/library-tests/ControlFlow/evaluation-order/NoBackwardFlow.ql
A python/ql/test/library-tests/ControlFlow/evaluation-order/NoBasicBlock.expected
A python/ql/test/library-tests/ControlFlow/evaluation-order/NoBasicBlock.ql
A python/ql/test/library-tests/ControlFlow/evaluation-order/NoSharedReachable.expected
A python/ql/test/library-tests/ControlFlow/evaluation-order/NoSharedReachable.ql
A python/ql/test/library-tests/ControlFlow/evaluation-order/OldCfgImpl.qll
A python/ql/test/library-tests/ControlFlow/evaluation-order/StrictForward.expected
A python/ql/test/library-tests/ControlFlow/evaluation-order/StrictForward.ql
A python/ql/test/library-tests/ControlFlow/evaluation-order/TimerUtils.qll
A python/ql/test/library-tests/ControlFlow/evaluation-order/test_assert_raise.py
A python/ql/test/library-tests/ControlFlow/evaluation-order/test_async.py
A python/ql/test/library-tests/ControlFlow/evaluation-order/test_augassign.py
A python/ql/test/library-tests/ControlFlow/evaluation-order/test_basic.py
A python/ql/test/library-tests/ControlFlow/evaluation-order/test_boolean.py
A python/ql/test/library-tests/ControlFlow/evaluation-order/test_classes.py
A python/ql/test/library-tests/ControlFlow/evaluation-order/test_comprehensions.py
A python/ql/test/library-tests/ControlFlow/evaluation-order/test_conditional.py
A python/ql/test/library-tests/ControlFlow/evaluation-order/test_fstring.py
A python/ql/test/library-tests/ControlFlow/evaluation-order/test_functions.py
A python/ql/test/library-tests/ControlFlow/evaluation-order/test_if.py
A python/ql/test/library-tests/ControlFlow/evaluation-order/test_lambda.py
A python/ql/test/library-tests/ControlFlow/evaluation-order/test_loops.py
A python/ql/test/library-tests/ControlFlow/evaluation-order/test_match.py
A python/ql/test/library-tests/ControlFlow/evaluation-order/test_try.py
A python/ql/test/library-tests/ControlFlow/evaluation-order/test_unpacking.py
A python/ql/test/library-tests/ControlFlow/evaluation-order/test_with.py
A python/ql/test/library-tests/ControlFlow/evaluation-order/test_yield.py
A python/ql/test/library-tests/ControlFlow/evaluation-order/timer.py
M ruby/ql/consistency-queries/CfgConsistency.ql
M ruby/ql/lib/CHANGELOG.md
A ruby/ql/lib/change-notes/released/5.2.2.md
M ruby/ql/lib/codeql-pack.release.yml
M ruby/ql/lib/codeql/ruby/ast/Erb.qll
M ruby/ql/lib/codeql/ruby/ast/Expr.qll
M ruby/ql/lib/codeql/ruby/ast/Method.qll
M ruby/ql/lib/codeql/ruby/ast/internal/AST.qll
M ruby/ql/lib/codeql/ruby/ast/internal/Expr.qll
M ruby/ql/lib/codeql/ruby/ast/internal/Method.qll
M ruby/ql/lib/codeql/ruby/ast/internal/Synthesis.qll
M ruby/ql/lib/codeql/ruby/controlflow/internal/ControlFlowGraphImpl.qll
M ruby/ql/lib/codeql/ruby/controlflow/internal/Splitting.qll
M ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll
M ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPublic.qll
M ruby/ql/lib/codeql/ruby/experimental/Rbi.qll
M ruby/ql/lib/codeql/ruby/frameworks/Slim.qll
M ruby/ql/lib/codeql/ruby/frameworks/XmlParsing.qll
M ruby/ql/lib/codeql/ruby/frameworks/actiondispatch/internal/Routing.qll
M ruby/ql/lib/codeql/ruby/security/ImproperMemoizationQuery.qll
M ruby/ql/lib/codeql/ruby/security/InsecureDependencyQuery.qll
M ruby/ql/lib/qlpack.yml
M ruby/ql/src/CHANGELOG.md
A ruby/ql/src/change-notes/released/1.6.4.md
M ruby/ql/src/codeql-pack.release.yml
M ruby/ql/src/qlpack.yml
M ruby/ql/test/library-tests/ast/Ast.expected
M ruby/ql/test/library-tests/ast/AstDesugar.expected
M ruby/ql/test/library-tests/modules/methods.expected
M ruby/ql/test/library-tests/modules/modules.expected
M rust/ql/lib/CHANGELOG.md
R rust/ql/lib/change-notes/2026-05-14-sensitive-data.md
A rust/ql/lib/change-notes/released/0.2.15.md
M rust/ql/lib/codeql-pack.release.yml
M rust/ql/lib/qlpack.yml
M rust/ql/src/CHANGELOG.md
A rust/ql/src/change-notes/released/0.1.36.md
M rust/ql/src/codeql-pack.release.yml
M rust/ql/src/qlpack.yml
M shared/concepts/CHANGELOG.md
A shared/concepts/change-notes/released/0.0.25.md
M shared/concepts/codeql-pack.release.yml
M shared/concepts/qlpack.yml
M shared/controlflow/CHANGELOG.md
A shared/controlflow/change-notes/released/2.0.35.md
M shared/controlflow/codeql-pack.release.yml
M shared/controlflow/qlpack.yml
M shared/dataflow/CHANGELOG.md
A shared/dataflow/change-notes/released/2.1.7.md
M shared/dataflow/codeql-pack.release.yml
M shared/dataflow/qlpack.yml
M shared/mad/CHANGELOG.md
A shared/mad/change-notes/released/1.0.51.md
M shared/mad/codeql-pack.release.yml
M shared/mad/qlpack.yml
M shared/quantum/CHANGELOG.md
A shared/quantum/change-notes/released/0.0.29.md
M shared/quantum/codeql-pack.release.yml
M shared/quantum/qlpack.yml
M shared/rangeanalysis/CHANGELOG.md
A shared/rangeanalysis/change-notes/released/1.0.51.md
M shared/rangeanalysis/codeql-pack.release.yml
M shared/rangeanalysis/qlpack.yml
M shared/regex/CHANGELOG.md
A shared/regex/change-notes/released/1.0.51.md
M shared/regex/codeql-pack.release.yml
M shared/regex/qlpack.yml
M shared/ssa/CHANGELOG.md
A shared/ssa/change-notes/released/2.0.27.md
M shared/ssa/codeql-pack.release.yml
M shared/ssa/qlpack.yml
M shared/threat-models/CHANGELOG.md
A shared/threat-models/change-notes/released/1.0.51.md
M shared/threat-models/codeql-pack.release.yml
M shared/threat-models/qlpack.yml
M shared/tutorial/CHANGELOG.md
A shared/tutorial/change-notes/released/1.0.51.md
M shared/tutorial/codeql-pack.release.yml
M shared/tutorial/qlpack.yml
M shared/typeflow/CHANGELOG.md
A shared/typeflow/change-notes/released/1.0.51.md
M shared/typeflow/codeql-pack.release.yml
M shared/typeflow/qlpack.yml
M shared/typeinference/CHANGELOG.md
A shared/typeinference/change-notes/released/0.0.32.md
M shared/typeinference/codeql-pack.release.yml
M shared/typeinference/qlpack.yml
M shared/typetracking/CHANGELOG.md
A shared/typetracking/change-notes/released/2.0.35.md
M shared/typetracking/codeql-pack.release.yml
M shared/typetracking/qlpack.yml
M shared/typos/CHANGELOG.md
A shared/typos/change-notes/released/1.0.51.md
M shared/typos/codeql-pack.release.yml
M shared/typos/qlpack.yml
M shared/util/CHANGELOG.md
A shared/util/change-notes/released/2.0.38.md
M shared/util/codeql-pack.release.yml
M shared/util/qlpack.yml
M shared/xml/CHANGELOG.md
A shared/xml/change-notes/released/1.0.51.md
M shared/xml/codeql-pack.release.yml
M shared/xml/qlpack.yml
M shared/yaml/CHANGELOG.md
A shared/yaml/change-notes/released/1.0.51.md
M shared/yaml/codeql-pack.release.yml
M shared/yaml/qlpack.yml
M swift/ql/lib/CHANGELOG.md
R swift/ql/lib/change-notes/2026-05-14-sensitive-data.md
R swift/ql/lib/change-notes/2026-05-19-swift-6.3.2.md
A swift/ql/lib/change-notes/released/6.7.0.md
M swift/ql/lib/codeql-pack.release.yml
M swift/ql/lib/codeql/swift/security/WeakPasswordHashingExtensions.qll
M swift/ql/lib/codeql/swift/security/WeakSensitiveDataHashingExtensions.qll
M swift/ql/lib/qlpack.yml
M swift/ql/src/CHANGELOG.md
A swift/ql/src/change-notes/2026-05-26-hashing-sinks.md
A swift/ql/src/change-notes/released/1.3.4.md
M swift/ql/src/codeql-pack.release.yml
M swift/ql/src/qlpack.yml
M swift/ql/test/query-tests/Security/CWE-328/WeakPasswordHashing.expected
M swift/ql/test/query-tests/Security/CWE-328/WeakSensitiveDataHashing.expected
M swift/ql/test/query-tests/Security/CWE-328/testCryptoKit.swift
M unified/extractor/tests/corpus/swift/closures.txt
M unified/extractor/tests/corpus/swift/collections.txt
M unified/extractor/tests/corpus/swift/control-flow.txt
M unified/extractor/tests/corpus/swift/desugar.txt
M unified/extractor/tests/corpus/swift/functions.txt
M unified/extractor/tests/corpus/swift/literals.txt
M unified/extractor/tests/corpus/swift/loops.txt
M unified/extractor/tests/corpus/swift/operators.txt
M unified/extractor/tests/corpus/swift/optionals-and-errors.txt
M unified/extractor/tests/corpus/swift/types.txt
M unified/extractor/tests/corpus/swift/variables.txt
M unified/extractor/tree-sitter-swift/grammar.js
M unified/extractor/tree-sitter-swift/node-types.yml
M unified/ql/test/library-tests/BasicTest/test.expected
Log Message:
-----------
Merge branch 'main' into bazookamusic/range-analysis-bound-move-to-shared
Commit: fa63dad1d16874e3ee478763cdcf360fa42e096b
https://github.com/krishnprakash/codeql/commit/fa63dad1d16874e3ee478763cdcf360fa42e096b
Author: BazookaMusic <bazook...@github.com>
Date: 2026-06-01 (Mon, 01 Jun 2026)
Changed paths:
A shared/rangeanalysis/change-notes/released/1.0.52.md
Log Message:
-----------
change note
Commit: c610af88d3518b858bb74e16d396147f0af31b0e
https://github.com/krishnprakash/codeql/commit/c610af88d3518b858bb74e16d396147f0af31b0e
Author: BazookaMusic <bazook...@github.com>
Date: 2026-06-01 (Mon, 01 Jun 2026)
Changed paths:
M csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/BoundSpecific.qll
Log Message:
-----------
fix comment and add overlay[local?]
Commit: 2a3cff382c4ffa044637d601a1e5946dd05ab87a
https://github.com/krishnprakash/codeql/commit/2a3cff382c4ffa044637d601a1e5946dd05ab87a
Author: BazookaMusic <bazook...@github.com>
Date: 2026-06-01 (Mon, 01 Jun 2026)
Changed paths:
M shared/rangeanalysis/codeql/rangeanalysis/Bound.qll
Log Message:
-----------
more specific comment
Commit: 566a92e55519bdad0fab656cb44edcd8e8837ffd
https://github.com/krishnprakash/codeql/commit/566a92e55519bdad0fab656cb44edcd8e8837ffd
Author: BazookaMusic <bazook...@github.com>
Date: 2026-06-02 (Tue, 02 Jun 2026)
Changed paths:
M shared/rangeanalysis/codeql/rangeanalysis/Bound.qll
Log Message:
-----------
formatting again
Commit: 61a5cece56c8c7dbdd30532935600b09709c720d
https://github.com/krishnprakash/codeql/commit/61a5cece56c8c7dbdd30532935600b09709c720d
Author: Sotiris Dragonas <36576941+B...@users.noreply.github.com>
Date: 2026-06-02 (Tue, 02 Jun 2026)
Changed paths:
M ruby/ql/lib/codeql/ruby/ast/Parameter.qll
M ruby/ql/lib/codeql/ruby/ast/internal/AST.qll
M ruby/ql/lib/codeql/ruby/ast/internal/Parameter.qll
M ruby/ql/lib/codeql/ruby/ast/internal/Scope.qll
M ruby/ql/lib/codeql/ruby/ast/internal/Synthesis.qll
M ruby/ql/lib/codeql/ruby/ast/internal/Variable.qll
M ruby/ql/lib/qlpack.yml
M ruby/ql/test/library-tests/variables/parameter.expected
M ruby/ql/test/library-tests/variables/scopes.rb
M ruby/ql/test/library-tests/variables/ssa.expected
M ruby/ql/test/library-tests/variables/varaccess.expected
M ruby/ql/test/library-tests/variables/variable.expected
M ruby/ql/test/library-tests/variables/varscopes.expected
M rust/ql/.generated.list
M rust/ql/.gitattributes
M rust/ql/lib/codeql/rust/elements/internal/ParamBaseImpl.qll
M rust/ql/lib/codeql/rust/elements/internal/VariableImpl.qll
M rust/ql/lib/qlpack.yml
M rust/ql/test/library-tests/variables/Cfg.expected
M rust/ql/test/library-tests/variables/Ssa.expected
M rust/ql/test/library-tests/variables/main.rs
M rust/ql/test/library-tests/variables/variables.expected
A shared/namebinding/codeql/namebinding/LocalNameBinding.qll
A shared/namebinding/qlpack.yml
Log Message:
-----------
Merge branch 'main' into bazookamusic/range-analysis-bound-move-to-shared
Commit: ad97b6dd644700a76372838a7f0fd002a98e383a
https://github.com/krishnprakash/codeql/commit/ad97b6dd644700a76372838a7f0fd002a98e383a
Author: Owen Mansel-Chan <owe...@github.com>
Date: 2026-06-02 (Tue, 02 Jun 2026)
Changed paths:
M python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll
M python/ql/lib/semmle/python/frameworks/Stdlib.qll
Log Message:
-----------
Use access path for `str.join` model
Commit: dede5bc49bcaab2f9bef0b8a0025bf62cbabb85d
https://github.com/krishnprakash/codeql/commit/dede5bc49bcaab2f9bef0b8a0025bf62cbabb85d
Author: Owen Mansel-Chan <owe...@github.com>
Date: 2026-06-02 (Tue, 02 Jun 2026)
Changed paths:
M python/ql/lib/semmle/python/frameworks/Stdlib.qll
Log Message:
-----------
Track flow through `tuple()` with list with tainted elements
Commit: c3ef1ddd64a2616fba1624132de647c65a00169b
https://github.com/krishnprakash/codeql/commit/c3ef1ddd64a2616fba1624132de647c65a00169b
Author: Owen Mansel-Chan <owe...@github.com>
Date: 2026-06-02 (Tue, 02 Jun 2026)
Changed paths:
A python/ql/lib/semmle/python/frameworks/lxml.model.yml
A python/ql/lib/semmle/python/frameworks/xml.model.yml
Log Message:
-----------
Add MaD models for lxml and xml etree.fromstringlist
Commit: f62ebef9e0c47703e4792492ba13fedfd3abe1f4
https://github.com/krishnprakash/codeql/commit/f62ebef9e0c47703e4792492ba13fedfd3abe1f4
Author: Owen Mansel-Chan <owe...@github.com>
Date: 2026-06-02 (Tue, 02 Jun 2026)
Changed paths:
M python/ql/test/experimental/query-tests/Security/CWE-1427-PromptInjection/PromptInjection.expected
M python/ql/test/experimental/query-tests/Security/CWE-1427-PromptInjection/openai_test.py
M python/ql/test/library-tests/dataflow/tainttracking/defaultAdditionalTaintStep/test_collections.py
M python/ql/test/library-tests/frameworks/tornado/taint_test.py
M python/ql/test/query-tests/Security/CWE-078-UnsafeShellCommandConstruction/UnsafeShellCommandConstruction.expected
Log Message:
-----------
Adjust expected test output
Commit: 20ce679d611a0e4981604307516034e876282ec7
https://github.com/krishnprakash/codeql/commit/20ce679d611a0e4981604307516034e876282ec7
Author: Owen Mansel-Chan <owe...@github.com>
Date: 2026-06-02 (Tue, 02 Jun 2026)
Changed paths:
M python/ql/test/experimental/query-tests/Security/CWE-022-TarSlip/TarSlip.expected
M python/ql/test/experimental/query-tests/Security/CWE-022-UnsafeUnpacking/UnsafeUnpack.expected
M python/ql/test/experimental/query-tests/Security/CWE-074-RemoteCommandExecution/RemoteCommandExecution.expected
M python/ql/test/experimental/query-tests/Security/CWE-091-XsltInjection/XsltInjection.expected
M python/ql/test/library-tests/dataflow/summaries/summaries.expected
M python/ql/test/query-tests/Security/CWE-020-ExternalAPIs/UntrustedDataToExternalAPI.expected
M python/ql/test/query-tests/Security/CWE-079-ReflectedXss/ReflectedXss.expected
M python/ql/test/query-tests/Security/CWE-312-CleartextStorage/CleartextStorage.expected
M python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/NoSqlInjection.expected
Log Message:
-----------
Accept changed edges in test output
No changes to alerts
Commit: b27d08ee32c678985aa73e73ef00090becd736d0
https://github.com/krishnprakash/codeql/commit/b27d08ee32c678985aa73e73ef00090becd736d0
Author: Owen Mansel-Chan <owe...@github.com>
Date: 2026-06-02 (Tue, 02 Jun 2026)
Changed paths:
M python/ql/test/experimental/query-tests/Security/CWE-091-XsltInjection/XsltInjection.expected
M python/ql/test/library-tests/frameworks/gradio/taint_step_test.expected
Log Message:
-----------
Update edges in expected test output
Commit: 04341c47bdb710c03d6514e886edfd74094ae125
https://github.com/krishnprakash/codeql/commit/04341c47bdb710c03d6514e886edfd74094ae125
Author: Owen Mansel-Chan <owe...@github.com>
Date: 2026-06-02 (Tue, 02 Jun 2026)
Changed paths:
M python/ql/lib/semmle/python/frameworks/Stdlib.qll
Log Message:
-----------
Tweak model for str.join
Commit: 5042fdee8494763812de02252948d26884f4429a
https://github.com/krishnprakash/codeql/commit/5042fdee8494763812de02252948d26884f4429a
Author: Owen Mansel-Chan <owe...@github.com>
Date: 2026-06-02 (Tue, 02 Jun 2026)
Changed paths:
M python/ql/lib/semmle/python/frameworks/Stdlib.qll
Log Message:
-----------
Remove imprecise model for `list()`
Commit: 6f2cc43f32bd6e1a8822425542fc199a534cd41d
https://github.com/krishnprakash/codeql/commit/6f2cc43f32bd6e1a8822425542fc199a534cd41d
Author: Owen Mansel-Chan <owe...@github.com>
Date: 2026-06-02 (Tue, 02 Jun 2026)
Changed paths:
M python/ql/lib/semmle/python/frameworks/Stdlib.qll
Log Message:
-----------
Remove imprecise model for `tuple()`
Commit: 0a801440b98382688b642fb0476be56e3383fb88
https://github.com/krishnprakash/codeql/commit/0a801440b98382688b642fb0476be56e3383fb88
Author: BazookaMusic <bazook...@github.com>
Date: 2026-06-03 (Wed, 03 Jun 2026)
Changed paths:
M csharp/ql/lib/semmle/code/csharp/dataflow/Bound.qll
R csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/BoundSpecific.qll
M java/ql/lib/semmle/code/java/dataflow/Bound.qll
R java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/BoundSpecific.qll
M shared/rangeanalysis/codeql/rangeanalysis/Bound.qll
Log Message:
-----------
review comments
Commit: f34275636ccc592699d18db2e8c401b6aaa791af
https://github.com/krishnprakash/codeql/commit/f34275636ccc592699d18db2e8c401b6aaa791af
Author: BazookaMusic <bazook...@github.com>
Date: 2026-06-03 (Wed, 03 Jun 2026)
Changed paths:
M csharp/ql/lib/semmle/code/csharp/dataflow/Bound.qll
M java/ql/lib/semmle/code/java/dataflow/Bound.qll
R shared/rangeanalysis/change-notes/released/1.0.52.md
Log Message:
-----------
No duplicate Ssa and remove release changenot
Commit: 93a4b427e3ab1452f15c650411147e987ea649b4
https://github.com/krishnprakash/codeql/commit/93a4b427e3ab1452f15c650411147e987ea649b4
Author: Henry Mercer <henry...@github.com>
Date: 2026-06-03 (Wed, 03 Jun 2026)
Changed paths:
M actions/ql/lib/qlpack.yml
M actions/ql/src/qlpack.yml
M cpp/ql/lib/qlpack.yml
M cpp/ql/src/qlpack.yml
M csharp/ql/campaigns/Solorigate/lib/qlpack.yml
M csharp/ql/campaigns/Solorigate/src/qlpack.yml
M csharp/ql/lib/qlpack.yml
M csharp/ql/src/qlpack.yml
M go/ql/consistency-queries/qlpack.yml
M go/ql/lib/qlpack.yml
M go/ql/src/qlpack.yml
M java/ql/lib/qlpack.yml
M java/ql/src/qlpack.yml
M javascript/ql/lib/qlpack.yml
M javascript/ql/src/qlpack.yml
M misc/suite-helpers/qlpack.yml
M python/ql/lib/qlpack.yml
M python/ql/src/qlpack.yml
M ruby/ql/lib/qlpack.yml
M ruby/ql/src/qlpack.yml
M rust/ql/lib/qlpack.yml
M rust/ql/src/qlpack.yml
M shared/concepts/qlpack.yml
M shared/controlflow/qlpack.yml
M shared/dataflow/qlpack.yml
M shared/mad/qlpack.yml
M shared/quantum/qlpack.yml
M shared/rangeanalysis/qlpack.yml
M shared/regex/qlpack.yml
M shared/ssa/qlpack.yml
M shared/threat-models/qlpack.yml
M shared/tutorial/qlpack.yml
M shared/typeflow/qlpack.yml
M shared/typeinference/qlpack.yml
M shared/typetracking/qlpack.yml
M shared/typos/qlpack.yml
M shared/util/qlpack.yml
M shared/xml/qlpack.yml
M shared/yaml/qlpack.yml
M swift/ql/lib/qlpack.yml
M swift/ql/src/qlpack.yml
Log Message:
-----------
Merge pull request #21933 from github/post-release-prep/codeql-cli-2.25.6
Post-release preparation for codeql-cli-2.25.6
Commit: da999ee440f951e82b0c776c0c8c025f2ed8fc1d
https://github.com/krishnprakash/codeql/commit/da999ee440f951e82b0c776c0c8c025f2ed8fc1d
Author: Owen Mansel-Chan <owe...@github.com>
Date: 2026-06-03 (Wed, 03 Jun 2026)
Changed paths:
M python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll
M python/ql/lib/semmle/python/frameworks/Stdlib.qll
Log Message:
-----------
Address review comments
Commit: 5576d307808a1be0f9b0651df432d4e81cb3787c
https://github.com/krishnprakash/codeql/commit/5576d307808a1be0f9b0651df432d4e81cb3787c
Author: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Date: 2026-06-04 (Thu, 04 Jun 2026)
Changed paths:
M java/documentation/library-coverage/coverage.csv
M java/documentation/library-coverage/coverage.rst
Log Message:
-----------
Add changed framework coverage reports
Commit: d2972cb53f90f34ab9458835bf64833a7a91d7ec
https://github.com/krishnprakash/codeql/commit/d2972cb53f90f34ab9458835bf64833a7a91d7ec
Author: BazookaMusic <bazook...@github.com>
Date: 2026-06-04 (Thu, 04 Jun 2026)
Changed paths:
M csharp/ql/lib/semmle/code/csharp/dataflow/Bound.qll
M java/ql/lib/semmle/code/java/dataflow/Bound.qll
Log Message:
-----------
Add back alias for module
Commit: d6892eaf0d6c37b72b128c188bb7d7f27260edf0
https://github.com/krishnprakash/codeql/commit/d6892eaf0d6c37b72b128c188bb7d7f27260edf0
Author: Sotiris Dragonas <36576941+B...@users.noreply.github.com>
Date: 2026-06-04 (Thu, 04 Jun 2026)
Changed paths:
M config/identical-files.json
M csharp/ql/lib/qlpack.yml
M csharp/ql/lib/semmle/code/csharp/dataflow/Bound.qll
R csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/BoundSpecific.qll
M java/ql/lib/semmle/code/java/dataflow/Bound.qll
R java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/BoundSpecific.qll
A shared/rangeanalysis/codeql/rangeanalysis/Bound.qll
Log Message:
-----------
Merge pull request #21900 from github/bazookamusic/range-analysis-bound-move-to-shared
Bound.qll - Replace utility for range analysis duplicate across java and cs with shared file
Commit: cd2398aeea9a1ef5626445d886298b96fcf652ef
https://github.com/krishnprakash/codeql/commit/cd2398aeea9a1ef5626445d886298b96fcf652ef
Author: Owen Mansel-Chan <62447351...@users.noreply.github.com>
Date: 2026-06-04 (Thu, 04 Jun 2026)
Changed paths:
M java/documentation/library-coverage/coverage.csv
M java/documentation/library-coverage/coverage.rst
Log Message:
-----------
Merge pull request #21936 from github/workflow/coverage/update
Update CSV framework coverage reports
Commit: b32573b0603476b66d604f2ba6632d7d88f6b926
https://github.com/krishnprakash/codeql/commit/b32573b0603476b66d604f2ba6632d7d88f6b926
Author: github-actions[bot] <github-...@github.com>
Date: 2026-06-04 (Thu, 04 Jun 2026)
Changed paths:
A docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.25.6.rst
M docs/codeql/codeql-overview/codeql-changelog/index.rst
Log Message:
-----------
update codeql documentation
Commit: 2f3524de748f26e73f8d577266d02fd454d7379c
https://github.com/krishnprakash/codeql/commit/2f3524de748f26e73f8d577266d02fd454d7379c
Author: Henry Mercer <henry...@github.com>
Date: 2026-06-04 (Thu, 04 Jun 2026)
Changed paths:
Log Message:
-----------
Merge branch 'rc/3.22' into codeql-spark-run-26947645690
Commit: 284f42bb9ede056a6c9230bfbeae5f8524e53dd2
https://github.com/krishnprakash/codeql/commit/284f42bb9ede056a6c9230bfbeae5f8524e53dd2
Author: Mario Campos <mario-...@github.com>
Date: 2026-06-04 (Thu, 04 Jun 2026)
Changed paths:
A docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.25.6.rst
M docs/codeql/codeql-overview/codeql-changelog/index.rst
Log Message:
-----------
Merge pull request #21945 from github/codeql-spark-run-26947645690
Update changelog documentation site for codeql-cli-2.25.6
Commit: dc1409e5f45d5a23d7350254854d5db918fd6fc1
https://github.com/krishnprakash/codeql/commit/dc1409e5f45d5a23d7350254854d5db918fd6fc1
Author: github-actions[bot] <github-...@github.com>
Date: 2026-06-04 (Thu, 04 Jun 2026)
Changed paths:
M docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.25.6.rst
Log Message:
-----------
update codeql documentation
Commit: ba8eebe2b5b6ab17d8a15ed08b92313d4027f659
https://github.com/krishnprakash/codeql/commit/ba8eebe2b5b6ab17d8a15ed08b92313d4027f659
Author: Jon Janego <jonj...@github.com>
Date: 2026-06-04 (Thu, 04 Jun 2026)
Changed paths:
M docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.25.6.rst
Log Message:
-----------
Merge pull request #21948 from github/codeql-spark-run-26974832191
Update changelog documentation site for codeql-cli-2.25.6
Commit: 1f91f915c7778dc58d1522bf6aed6644c78ec920
https://github.com/krishnprakash/codeql/commit/1f91f915c7778dc58d1522bf6aed6644c78ec920
Author: Owen Mansel-Chan <62447351...@users.noreply.github.com>
Date: 2026-06-04 (Thu, 04 Jun 2026)
Changed paths:
M python/ql/consistency-queries/DataFlowConsistency.ql
A python/ql/lib/change-notes/2026-05-28-remove-imprecise-containter-steps.md
M python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll
M python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPublic.qll
M python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImpl.qll
M python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll
M python/ql/lib/semmle/python/dataflow/new/internal/TypeTrackingImpl.qll
M python/ql/lib/semmle/python/frameworks/Stdlib.qll
A python/ql/lib/semmle/python/frameworks/lxml.model.yml
A python/ql/lib/semmle/python/frameworks/xml.model.yml
M python/ql/src/Variables/LoopVariableCapture/LoopVariableCaptureQuery.qll
M python/ql/test/experimental/query-tests/Security/CWE-022-TarSlip/TarSlip.expected
M python/ql/test/experimental/query-tests/Security/CWE-022-UnsafeUnpacking/UnsafeUnpack.expected
M python/ql/test/experimental/query-tests/Security/CWE-074-RemoteCommandExecution/RemoteCommandExecution.expected
M python/ql/test/experimental/query-tests/Security/CWE-091-XsltInjection/XsltInjection.expected
M python/ql/test/experimental/query-tests/Security/CWE-1427-PromptInjection/PromptInjection.expected
M python/ql/test/library-tests/dataflow/sensitive-data/test.py
M python/ql/test/library-tests/dataflow/summaries/summaries.expected
M python/ql/test/library-tests/dataflow/tainttracking/defaultAdditionalTaintStep/test_collections.py
M python/ql/test/library-tests/dataflow/tainttracking/defaultAdditionalTaintStep/test_unpacking.py
M python/ql/test/library-tests/frameworks/gradio/taint_step_test.expected
M python/ql/test/library-tests/frameworks/stdlib/test_re.py
M python/ql/test/library-tests/frameworks/tornado/taint_test.py
M python/ql/test/query-tests/Security/CVE-2018-1281/BindToAllInterfaces.expected
M python/ql/test/query-tests/Security/CWE-020-ExternalAPIs/UntrustedDataToExternalAPI.expected
M python/ql/test/query-tests/Security/CWE-078-UnsafeShellCommandConstruction/UnsafeShellCommandConstruction.expected
M python/ql/test/query-tests/Security/CWE-079-ReflectedXss/ReflectedXss.expected
M python/ql/test/query-tests/Security/CWE-209-StackTraceExposure/StackTraceExposure.expected
M python/ql/test/query-tests/Security/CWE-312-CleartextLogging/CleartextLogging.expected
M python/ql/test/query-tests/Security/CWE-312-CleartextStorage/CleartextStorage.expected
M python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/PartialServerSideRequestForgery.expected
M python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/NoSqlInjection.expected
Log Message:
-----------
Merge pull request #21888 from owen-mc/py/remove-imprecise-container-steps
Python: Remove imprecise container steps #2
Commit: 239d2d0e2d783164dc029f4a4f703546282009f7
https://github.com/krishnprakash/codeql/commit/239d2d0e2d783164dc029f4a4f703546282009f7
Author: Phileco <132178579+k...@users.noreply.github.com>
Date: 2026-06-05 (Fri, 05 Jun 2026)
Changed paths:
M config/identical-files.json
M csharp/ql/lib/qlpack.yml
M csharp/ql/lib/semmle/code/csharp/dataflow/Bound.qll
R csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/BoundSpecific.qll
A docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.25.6.rst
M docs/codeql/codeql-overview/codeql-changelog/index.rst
M java/documentation/library-coverage/coverage.csv
M java/documentation/library-coverage/coverage.rst
M java/ql/lib/semmle/code/java/dataflow/Bound.qll
R java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/BoundSpecific.qll
M python/ql/consistency-queries/DataFlowConsistency.ql
A python/ql/lib/change-notes/2026-05-28-remove-imprecise-containter-steps.md
M python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll
M python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPublic.qll
M python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImpl.qll
M python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll
M python/ql/lib/semmle/python/dataflow/new/internal/TypeTrackingImpl.qll
M python/ql/lib/semmle/python/frameworks/Stdlib.qll
A python/ql/lib/semmle/python/frameworks/lxml.model.yml
A python/ql/lib/semmle/python/frameworks/xml.model.yml
M python/ql/src/Variables/LoopVariableCapture/LoopVariableCaptureQuery.qll
M python/ql/test/experimental/query-tests/Security/CWE-022-TarSlip/TarSlip.expected
M python/ql/test/experimental/query-tests/Security/CWE-022-UnsafeUnpacking/UnsafeUnpack.expected
M python/ql/test/experimental/query-tests/Security/CWE-074-RemoteCommandExecution/RemoteCommandExecution.expected
M python/ql/test/experimental/query-tests/Security/CWE-091-XsltInjection/XsltInjection.expected
M python/ql/test/experimental/query-tests/Security/CWE-1427-PromptInjection/PromptInjection.expected
M python/ql/test/library-tests/dataflow/sensitive-data/test.py
M python/ql/test/library-tests/dataflow/summaries/summaries.expected
M python/ql/test/library-tests/dataflow/tainttracking/defaultAdditionalTaintStep/test_collections.py
M python/ql/test/library-tests/dataflow/tainttracking/defaultAdditionalTaintStep/test_unpacking.py
M python/ql/test/library-tests/frameworks/gradio/taint_step_test.expected
M python/ql/test/library-tests/frameworks/stdlib/test_re.py
M python/ql/test/library-tests/frameworks/tornado/taint_test.py
M python/ql/test/query-tests/Security/CVE-2018-1281/BindToAllInterfaces.expected
M python/ql/test/query-tests/Security/CWE-020-ExternalAPIs/UntrustedDataToExternalAPI.expected
M python/ql/test/query-tests/Security/CWE-078-UnsafeShellCommandConstruction/UnsafeShellCommandConstruction.expected
M python/ql/test/query-tests/Security/CWE-079-ReflectedXss/ReflectedXss.expected
M python/ql/test/query-tests/Security/CWE-209-StackTraceExposure/StackTraceExposure.expected
M python/ql/test/query-tests/Security/CWE-312-CleartextLogging/CleartextLogging.expected
M python/ql/test/query-tests/Security/CWE-312-CleartextStorage/CleartextStorage.expected
M python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/PartialServerSideRequestForgery.expected
M python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/NoSqlInjection.expected
A shared/rangeanalysis/codeql/rangeanalysis/Bound.qll
Log Message:
-----------
Merge branch 'github:main' into main
Compare: https://github.com/krishnprakash/codeql/compare/f1c9caf5a070...239d2d0e2d78
To unsubscribe from these emails, change your notification settings at https://github.com/krishnprakash/codeql/settings/notifications
Home: https://github.com/krishnprakash/codeql
Commit: b67694b2abdcd66461d3827efa590f96cfc05d5f
https://github.com/krishnprakash/codeql/commit/b67694b2abdcd66461d3827efa590f96cfc05d5f
Author: Rasmus Lerchedahl Petersen <yo...@github.com>
Date: 2026-05-21 (Thu, 21 May 2026)
Changed paths:
M python/ql/consistency-queries/DataFlowConsistency.ql
M python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll
M python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll
M python/ql/test/library-tests/dataflow/sensitive-data/test.py
M python/ql/test/library-tests/dataflow/tainttracking/defaultAdditionalTaintStep-py3/test_string.py
M python/ql/test/library-tests/dataflow/tainttracking/defaultAdditionalTaintStep/test_collections.py
M python/ql/test/library-tests/dataflow/tainttracking/defaultAdditionalTaintStep/test_string.py
M python/ql/test/library-tests/dataflow/tainttracking/defaultAdditionalTaintStep/test_unpacking.py
M python/ql/test/library-tests/frameworks/stdlib/test_re.py
M python/ql/test/library-tests/frameworks/tornado/taint_test.py
M python/ql/test/query-tests/Security/CWE-020-ExternalAPIs/ExternalAPIsUsedWithUntrustedData.expected
M python/ql/test/query-tests/Security/CWE-020-ExternalAPIs/UntrustedDataToExternalAPI.expected
M python/ql/test/query-tests/Security/CWE-209-StackTraceExposure/StackTraceExposure.expected
M python/ql/test/query-tests/Security/CWE-312-CleartextLogging/CleartextLogging.expected
M python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/PartialServerSideRequestForgery.expected
M python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/NoSqlInjection.expected
Log Message:
-----------
Python: Remove imprecise container steps
- remove `tupleStoreStep` and `dictStoreStep` from `containerStep`
These are imprecise compared to the content being precise.
- add implicit reads to recover taint at sinks
- add implicit read steps for decoders
to supplement the `AdditionalTaintStep`
that now only covers when the full container is tainted.
Commit: facb3b681dd4aed6b7ff6928ab7c7a8f2c97e267
https://github.com/krishnprakash/codeql/commit/facb3b681dd4aed6b7ff6928ab7c7a8f2c97e267
Author: Rasmus Lerchedahl Petersen <yo...@github.com>
Date: 2026-05-21 (Thu, 21 May 2026)
Changed paths:
M python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll
M python/ql/test/library-tests/dataflow/tainttracking/defaultAdditionalTaintStep/test_string.py
Log Message:
-----------
Python: recover taint for % format strings
Commit: 93e7ab52b766ba4eba57713022a0243ac6c7f0d8
https://github.com/krishnprakash/codeql/commit/93e7ab52b766ba4eba57713022a0243ac6c7f0d8
Author: Rasmus Lerchedahl Petersen <yo...@github.com>
Date: 2026-05-21 (Thu, 21 May 2026)
Changed paths:
M python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/PartialServerSideRequestForgery.expected
Log Message:
-----------
Python: adjust test expectations
We now find an alert on this line as we hope to
It is not an alert for _full_ SSRF, though, since that configuration cannot handle multiple substitutions.
Commit: 9a180036a5593c15a3501d5be33ea8c7e7c1020e
https://github.com/krishnprakash/codeql/commit/9a180036a5593c15a3501d5be33ea8c7e7c1020e
Author: Rasmus Lerchedahl Petersen <yo...@github.com>
Date: 2026-05-21 (Thu, 21 May 2026)
Changed paths:
M python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll
M python/ql/test/library-tests/dataflow/tainttracking/defaultAdditionalTaintStep-py3/test_string.py
M python/ql/test/library-tests/dataflow/tainttracking/defaultAdditionalTaintStep/test_collections.py
Log Message:
-----------
Python: conversion step for `format_map`
and adjust collection test
Commit: 3275c814bd32893b43aad09bb9e915c18df210a8
https://github.com/krishnprakash/codeql/commit/3275c814bd32893b43aad09bb9e915c18df210a8
Author: Rasmus Lerchedahl Petersen <yo...@github.com>
Date: 2026-05-21 (Thu, 21 May 2026)
Changed paths:
M python/ql/test/query-tests/Security/CWE-020-ExternalAPIs/ExternalAPIsUsedWithUntrustedData.expected
M python/ql/test/query-tests/Security/CWE-020-ExternalAPIs/UntrustedDataToExternalAPI.expected
M python/ql/test/query-tests/Security/CWE-209-StackTraceExposure/StackTraceExposure.expected
M python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/NoSqlInjection.expected
Log Message:
-----------
Python: reset test expectations
Commit: f669a4f3bf16c34dffdb6b4d17e3ba85e8b5469e
https://github.com/krishnprakash/codeql/commit/f669a4f3bf16c34dffdb6b4d17e3ba85e8b5469e
Author: Rasmus Lerchedahl Petersen <yo...@github.com>
Date: 2026-05-21 (Thu, 21 May 2026)
Changed paths:
M python/ql/lib/semmle/python/frameworks/Stdlib.qll
M python/ql/test/library-tests/dataflow/tainttracking/defaultAdditionalTaintStep/test_collections.py
Log Message:
-----------
Python: Make sure all imprecise taint bubbles up
Commit: 0ecca91deaa76ac16677ee429f66e62389aebedb
https://github.com/krishnprakash/codeql/commit/0ecca91deaa76ac16677ee429f66e62389aebedb
Author: Rasmus Lerchedahl Petersen <yo...@github.com>
Date: 2026-05-21 (Thu, 21 May 2026)
Changed paths:
M python/ql/lib/semmle/python/frameworks/Stdlib.qll
Log Message:
-----------
Python: typo
Commit: fa9426c74905b9bdd9cd390df3c3e76515160ca3
https://github.com/krishnprakash/codeql/commit/fa9426c74905b9bdd9cd390df3c3e76515160ca3
Author: Rasmus Lerchedahl Petersen <yo...@github.com>
Date: 2026-05-21 (Thu, 21 May 2026)
Changed paths:
M python/ql/test/library-tests/frameworks/tornado/taint_test.py
Log Message:
-----------
Python: extra tests for comprehension
Commit: fa758d6bf5e44bbd22298de3ad609483b3f7988a
https://github.com/krishnprakash/codeql/commit/fa758d6bf5e44bbd22298de3ad609483b3f7988a
Author: Rasmus Lerchedahl Petersen <yo...@github.com>
Date: 2026-05-21 (Thu, 21 May 2026)
Changed paths:
M python/ql/test/library-tests/frameworks/tornado/taint_test.py
Log Message:
-----------
python: fix test
Commit: e8779295eea09c963f3726dc9fdd04c57ca3ec54
https://github.com/krishnprakash/codeql/commit/e8779295eea09c963f3726dc9fdd04c57ca3ec54
Author: Owen Mansel-Chan <owe...@github.com>
Date: 2026-05-22 (Fri, 22 May 2026)
Changed paths:
M python/ql/test/experimental/query-tests/Security/CWE-1427-PromptInjection/PromptInjection.expected
M python/ql/test/experimental/query-tests/Security/CWE-1427-PromptInjection/openai_test.py
M python/ql/test/query-tests/Security/CVE-2018-1281/BindToAllInterfaces.expected
Log Message:
-----------
Update test results
Commit: ec13e1bcd3f3f0c41484d976ef1fc913fed1e109
https://github.com/krishnprakash/codeql/commit/ec13e1bcd3f3f0c41484d976ef1fc913fed1e109
Author: Owen Mansel-Chan <owe...@github.com>
Date: 2026-05-27 (Wed, 27 May 2026)
Changed paths:
M python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll
M python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPublic.qll
M python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImpl.qll
M python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll
M python/ql/lib/semmle/python/dataflow/new/internal/TypeTrackingImpl.qll
M python/ql/src/Variables/LoopVariableCapture/LoopVariableCaptureQuery.qll
M python/ql/test/library-tests/frameworks/stdlib/test_re.py
Log Message:
-----------
Add wildcard `ContentSet`s to avoid performance problems
Commit: 6042adebae6089df3a0d2f5b0f8599e6b485564b
https://github.com/krishnprakash/codeql/commit/6042adebae6089df3a0d2f5b0f8599e6b485564b
Author: BazookaMusic <bazook...@github.com>
Date: 2026-05-27 (Wed, 27 May 2026)
Changed paths:
M java/ql/lib/semmle/code/java/dataflow/Bound.qll
M java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/BoundSpecific.qll
A shared/rangeanalysis/codeql/rangeanalysis/Bound.qll
Log Message:
-----------
move identical java and cs bound.qll to shared library
Commit: acb5c0e70f56d981cec2f2e408b7a15247e4d818
https://github.com/krishnprakash/codeql/commit/acb5c0e70f56d981cec2f2e408b7a15247e4d818
Author: BazookaMusic <bazook...@github.com>
Date: 2026-05-27 (Wed, 27 May 2026)
Changed paths:
M csharp/ql/lib/qlpack.yml
M csharp/ql/lib/semmle/code/csharp/dataflow/Bound.qll
M csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/BoundSpecific.qll
M java/ql/lib/semmle/code/java/dataflow/Bound.qll
Log Message:
-----------
missed changes
Commit: cc12740c0e55379ddfdb57be1f62f9322fa06927
https://github.com/krishnprakash/codeql/commit/cc12740c0e55379ddfdb57be1f62f9322fa06927
Author: BazookaMusic <bazook...@github.com>
Date: 2026-05-27 (Wed, 27 May 2026)
Changed paths:
M config/identical-files.json
Log Message:
-----------
remove check for files in sync
Commit: 80c6f082d114ce5772dd38330b528868e3914363
https://github.com/krishnprakash/codeql/commit/80c6f082d114ce5772dd38330b528868e3914363
Author: Owen Mansel-Chan <owe...@github.com>
Date: 2026-05-28 (Thu, 28 May 2026)
Changed paths:
M python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll
Log Message:
-----------
Fix TODO in `containerStep`
Commit: 812e8e6b34e09795f3013a89c2a77922b72819d7
https://github.com/krishnprakash/codeql/commit/812e8e6b34e09795f3013a89c2a77922b72819d7
Author: Owen Mansel-Chan <owe...@github.com>
Date: 2026-05-28 (Thu, 28 May 2026)
Changed paths:
A python/ql/lib/change-notes/2026-05-28-remove-imprecise-containter-steps.md
Log Message:
-----------
Add change note
Commit: df15a719cb77241ab46f4268ec7c424c206aa03d
https://github.com/krishnprakash/codeql/commit/df15a719cb77241ab46f4268ec7c424c206aa03d
Author: Owen Mansel-Chan <owe...@github.com>
Date: 2026-05-28 (Thu, 28 May 2026)
Changed paths:
M python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll
M python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPublic.qll
M python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImpl.qll
M python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll
M python/ql/src/Variables/LoopVariableCapture/LoopVariableCaptureQuery.qll
Log Message:
-----------
Add a `ContentSet` for any tuple or dictionary element
Commit: aee33a0cc90918b121717ee26719fc25fe51a174
https://github.com/krishnprakash/codeql/commit/aee33a0cc90918b121717ee26719fc25fe51a174
Author: Owen Mansel-Chan <owe...@github.com>
Date: 2026-05-29 (Fri, 29 May 2026)
Changed paths:
M python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPublic.qll
Log Message:
-----------
Add missing code for `TAnyTupleOrDictionaryElement`
Commit: b38440490aa08908676522e16dd3683174f16de9
https://github.com/krishnprakash/codeql/commit/b38440490aa08908676522e16dd3683174f16de9
Author: Owen Mansel-Chan <owe...@github.com>
Date: 2026-05-31 (Sun, 31 May 2026)
Changed paths:
M python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll
Log Message:
-----------
Address review comment
Commit: 71a363545a1e4e5829bdcab45389adc028a65720
https://github.com/krishnprakash/codeql/commit/71a363545a1e4e5829bdcab45389adc028a65720
Author: BazookaMusic <bazook...@github.com>
Date: 2026-06-01 (Mon, 01 Jun 2026)
Changed paths:
M csharp/ql/lib/semmle/code/csharp/dataflow/Bound.qll
M csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/BoundSpecific.qll
M java/ql/lib/semmle/code/java/dataflow/Bound.qll
M java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/BoundSpecific.qll
M shared/rangeanalysis/codeql/rangeanalysis/Bound.qll
Log Message:
-----------
formatting
Commit: d1226b71de156cc4f7fae5cb3e7a622934d9fae6
https://github.com/krishnprakash/codeql/commit/d1226b71de156cc4f7fae5cb3e7a622934d9fae6
Author: BazookaMusic <bazook...@github.com>
Date: 2026-06-01 (Mon, 01 Jun 2026)
Changed paths:
M shared/rangeanalysis/codeql/rangeanalysis/Bound.qll
Log Message:
-----------
formatting
Commit: c1c9287535857dc0db2c56dcbd485425c5806bdd
https://github.com/krishnprakash/codeql/commit/c1c9287535857dc0db2c56dcbd485425c5806bdd
Author: BazookaMusic <bazook...@github.com>
Date: 2026-06-01 (Mon, 01 Jun 2026)
Changed paths:
M shared/rangeanalysis/codeql/rangeanalysis/Bound.qll
Log Message:
-----------
restore file header
Commit: 019a5c01add97e33ff7337eca6a3fad65a15eed4
https://github.com/krishnprakash/codeql/commit/019a5c01add97e33ff7337eca6a3fad65a15eed4
Author: Sotiris Dragonas <36576941+B...@users.noreply.github.com>
Date: 2026-06-01 (Mon, 01 Jun 2026)
Changed paths:
M actions/ql/lib/CHANGELOG.md
R actions/ql/lib/change-notes/2026-05-12-improved-alphanumeric-regex.md
A actions/ql/lib/change-notes/released/0.4.37.md
M actions/ql/lib/codeql-pack.release.yml
M actions/ql/lib/qlpack.yml
M actions/ql/src/CHANGELOG.md
R actions/ql/src/change-notes/2026-05-05-untrusted-checkout-high.md
R actions/ql/src/change-notes/2026-05-12-sha256-pinned-actions.md
R actions/ql/src/change-notes/2026-05-14-further-iteration-untrusted-checkout-improvements-alert.md
R actions/ql/src/change-notes/2026-05-14-further-iteration-untrusted-checkout-improvements-helpfile.md
R actions/ql/src/change-notes/2026-05-14-further-iteration-untrusted-checkout-improvements-metadata.md
A actions/ql/src/change-notes/released/0.6.29.md
M actions/ql/src/codeql-pack.release.yml
M actions/ql/src/qlpack.yml
M cpp/ql/lib/CHANGELOG.md
M cpp/ql/lib/DefaultOptions.qll
M cpp/ql/lib/Options.qll
R cpp/ql/lib/change-notes/2026-05-15-secure-scanf.md
R cpp/ql/lib/change-notes/2026-05-16-alias-template.md
R cpp/ql/lib/change-notes/2026-05-18-alias-type.md
R cpp/ql/lib/change-notes/2026-05-21-generated-from.md
A cpp/ql/lib/change-notes/2026-05-27-deprecated-removal.md
A cpp/ql/lib/change-notes/released/10.2.0.md
M cpp/ql/lib/codeql-pack.release.yml
M cpp/ql/lib/cpp.qll
M cpp/ql/lib/qlpack.yml
M cpp/ql/lib/semmle/code/cpp/Location.qll
R cpp/ql/lib/semmle/code/cpp/Member.qll
M cpp/ql/lib/semmle/code/cpp/TemplateParameter.qll
M cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll
M cpp/ql/lib/semmle/code/cpp/internal/ResolveClass.qll
M cpp/ql/src/CHANGELOG.md
A cpp/ql/src/change-notes/released/1.6.4.md
M cpp/ql/src/codeql-pack.release.yml
M cpp/ql/src/qlpack.yml
M cpp/ql/test/library-tests/dataflow/external-models/flow.expected
M cpp/ql/test/library-tests/dataflow/external-models/flow.ext.yml
M cpp/ql/test/library-tests/dataflow/external-models/sinks.expected
M cpp/ql/test/library-tests/dataflow/external-models/sources.expected
M cpp/ql/test/library-tests/dataflow/external-models/test.cpp
M cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected
M cpp/ql/test/library-tests/friends/loop/friends.expected
M csharp/extractor/Semmle.Extraction.CSharp/CodeAnalysisExtensions/SymbolExtensions.cs
M csharp/extractor/Semmle.Extraction.CSharp/Entities/Accessor.cs
M csharp/paket.dependencies
M csharp/paket.lock
M csharp/paket.main.bzl
M csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
A csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.68.md
M csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
M csharp/ql/campaigns/Solorigate/lib/qlpack.yml
M csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
A csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.68.md
M csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
M csharp/ql/campaigns/Solorigate/src/qlpack.yml
M csharp/ql/integration-tests/posix/standalone_dependencies_executing_runtime/Assemblies.expected
M csharp/ql/lib/CHANGELOG.md
R csharp/ql/lib/change-notes/2026-05-12-user-increment-decrement.md
A csharp/ql/lib/change-notes/2026-05-19-properties-indexers-refreturn.md
R csharp/ql/lib/change-notes/2026-05-20-csharp14-dotnet10.md
A csharp/ql/lib/change-notes/released/6.0.2.md
M csharp/ql/lib/codeql-pack.release.yml
M csharp/ql/lib/qlpack.yml
M csharp/ql/lib/semmle/code/csharp/exprs/Call.qll
M csharp/ql/src/CHANGELOG.md
A csharp/ql/src/change-notes/released/1.7.4.md
M csharp/ql/src/codeql-pack.release.yml
M csharp/ql/src/qlpack.yml
M csharp/ql/test/library-tests/csharp8/NullableRefTypes.expected
M csharp/ql/test/library-tests/encoding/SBCS.cs
A csharp/ql/test/library-tests/indexers/Indexers13.expected
A csharp/ql/test/library-tests/indexers/Indexers13.ql
M csharp/ql/test/library-tests/indexers/PrintAst.expected
M csharp/ql/test/library-tests/indexers/indexers.cs
M csharp/ql/test/library-tests/properties/PrintAst.expected
M csharp/ql/test/library-tests/properties/Properties17.expected
A csharp/ql/test/library-tests/properties/Properties19.expected
A csharp/ql/test/library-tests/properties/Properties19.ql
M csharp/ql/test/library-tests/properties/properties.cs
M csharp/ql/test/query-tests/Telemetry/DatabaseQuality/IsNotOkayCall.expected
M csharp/ql/test/query-tests/Telemetry/DatabaseQuality/NoTarget.expected
M csharp/ql/test/query-tests/Telemetry/DatabaseQuality/Quality.cs
M go/ql/consistency-queries/CHANGELOG.md
A go/ql/consistency-queries/change-notes/released/1.0.51.md
M go/ql/consistency-queries/codeql-pack.release.yml
M go/ql/consistency-queries/qlpack.yml
M go/ql/lib/CHANGELOG.md
A go/ql/lib/change-notes/released/7.1.2.md
M go/ql/lib/codeql-pack.release.yml
M go/ql/lib/qlpack.yml
M go/ql/src/CHANGELOG.md
A go/ql/src/change-notes/released/1.6.4.md
M go/ql/src/codeql-pack.release.yml
M go/ql/src/qlpack.yml
M java/ql/lib/CHANGELOG.md
R java/ql/lib/change-notes/2026-05-19-avro-mads.md
A java/ql/lib/change-notes/released/9.1.2.md
M java/ql/lib/codeql-pack.release.yml
M java/ql/lib/qlpack.yml
M java/ql/src/CHANGELOG.md
A java/ql/src/change-notes/released/1.11.4.md
M java/ql/src/codeql-pack.release.yml
M java/ql/src/qlpack.yml
M javascript/ql/lib/CHANGELOG.md
R javascript/ql/lib/change-notes/2026-05-14-sensitive-data.md
A javascript/ql/lib/change-notes/released/2.7.2.md
M javascript/ql/lib/codeql-pack.release.yml
M javascript/ql/lib/qlpack.yml
M javascript/ql/src/CHANGELOG.md
A javascript/ql/src/change-notes/released/2.3.11.md
M javascript/ql/src/codeql-pack.release.yml
M javascript/ql/src/qlpack.yml
M misc/suite-helpers/CHANGELOG.md
A misc/suite-helpers/change-notes/released/1.0.51.md
M misc/suite-helpers/codeql-pack.release.yml
M misc/suite-helpers/qlpack.yml
M python/ql/lib/CHANGELOG.md
R python/ql/lib/change-notes/2026-05-14-sensitive-data.md
A python/ql/lib/change-notes/released/7.1.2.md
M python/ql/lib/codeql-pack.release.yml
M python/ql/lib/qlpack.yml
M python/ql/src/CHANGELOG.md
A python/ql/src/change-notes/released/1.8.4.md
M python/ql/src/codeql-pack.release.yml
M python/ql/src/qlpack.yml
A python/ql/test/library-tests/ControlFlow/evaluation-order/AllLiveReachable.expected
A python/ql/test/library-tests/ControlFlow/evaluation-order/AllLiveReachable.ql
A python/ql/test/library-tests/ControlFlow/evaluation-order/AnnotationHasCfgNode.expected
A python/ql/test/library-tests/ControlFlow/evaluation-order/AnnotationHasCfgNode.ql
A python/ql/test/library-tests/ControlFlow/evaluation-order/BasicBlockAnnotationGap.expected
A python/ql/test/library-tests/ControlFlow/evaluation-order/BasicBlockAnnotationGap.ql
A python/ql/test/library-tests/ControlFlow/evaluation-order/BasicBlockOrdering.expected
A python/ql/test/library-tests/ControlFlow/evaluation-order/BasicBlockOrdering.ql
A python/ql/test/library-tests/ControlFlow/evaluation-order/ConsecutiveTimestamps.expected
A python/ql/test/library-tests/ControlFlow/evaluation-order/ConsecutiveTimestamps.ql
A python/ql/test/library-tests/ControlFlow/evaluation-order/ContiguousTimestamps.expected
A python/ql/test/library-tests/ControlFlow/evaluation-order/ContiguousTimestamps.ql
A python/ql/test/library-tests/ControlFlow/evaluation-order/MissingAnnotations.expected
A python/ql/test/library-tests/ControlFlow/evaluation-order/MissingAnnotations.ql
A python/ql/test/library-tests/ControlFlow/evaluation-order/NeverReachable.expected
A python/ql/test/library-tests/ControlFlow/evaluation-order/NeverReachable.ql
A python/ql/test/library-tests/ControlFlow/evaluation-order/NoBackwardFlow.expected
A python/ql/test/library-tests/ControlFlow/evaluation-order/NoBackwardFlow.ql
A python/ql/test/library-tests/ControlFlow/evaluation-order/NoBasicBlock.expected
A python/ql/test/library-tests/ControlFlow/evaluation-order/NoBasicBlock.ql
A python/ql/test/library-tests/ControlFlow/evaluation-order/NoSharedReachable.expected
A python/ql/test/library-tests/ControlFlow/evaluation-order/NoSharedReachable.ql
A python/ql/test/library-tests/ControlFlow/evaluation-order/OldCfgImpl.qll
A python/ql/test/library-tests/ControlFlow/evaluation-order/StrictForward.expected
A python/ql/test/library-tests/ControlFlow/evaluation-order/StrictForward.ql
A python/ql/test/library-tests/ControlFlow/evaluation-order/TimerUtils.qll
A python/ql/test/library-tests/ControlFlow/evaluation-order/test_assert_raise.py
A python/ql/test/library-tests/ControlFlow/evaluation-order/test_async.py
A python/ql/test/library-tests/ControlFlow/evaluation-order/test_augassign.py
A python/ql/test/library-tests/ControlFlow/evaluation-order/test_basic.py
A python/ql/test/library-tests/ControlFlow/evaluation-order/test_boolean.py
A python/ql/test/library-tests/ControlFlow/evaluation-order/test_classes.py
A python/ql/test/library-tests/ControlFlow/evaluation-order/test_comprehensions.py
A python/ql/test/library-tests/ControlFlow/evaluation-order/test_conditional.py
A python/ql/test/library-tests/ControlFlow/evaluation-order/test_fstring.py
A python/ql/test/library-tests/ControlFlow/evaluation-order/test_functions.py
A python/ql/test/library-tests/ControlFlow/evaluation-order/test_if.py
A python/ql/test/library-tests/ControlFlow/evaluation-order/test_lambda.py
A python/ql/test/library-tests/ControlFlow/evaluation-order/test_loops.py
A python/ql/test/library-tests/ControlFlow/evaluation-order/test_match.py
A python/ql/test/library-tests/ControlFlow/evaluation-order/test_try.py
A python/ql/test/library-tests/ControlFlow/evaluation-order/test_unpacking.py
A python/ql/test/library-tests/ControlFlow/evaluation-order/test_with.py
A python/ql/test/library-tests/ControlFlow/evaluation-order/test_yield.py
A python/ql/test/library-tests/ControlFlow/evaluation-order/timer.py
M ruby/ql/consistency-queries/CfgConsistency.ql
M ruby/ql/lib/CHANGELOG.md
A ruby/ql/lib/change-notes/released/5.2.2.md
M ruby/ql/lib/codeql-pack.release.yml
M ruby/ql/lib/codeql/ruby/ast/Erb.qll
M ruby/ql/lib/codeql/ruby/ast/Expr.qll
M ruby/ql/lib/codeql/ruby/ast/Method.qll
M ruby/ql/lib/codeql/ruby/ast/internal/AST.qll
M ruby/ql/lib/codeql/ruby/ast/internal/Expr.qll
M ruby/ql/lib/codeql/ruby/ast/internal/Method.qll
M ruby/ql/lib/codeql/ruby/ast/internal/Synthesis.qll
M ruby/ql/lib/codeql/ruby/controlflow/internal/ControlFlowGraphImpl.qll
M ruby/ql/lib/codeql/ruby/controlflow/internal/Splitting.qll
M ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll
M ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPublic.qll
M ruby/ql/lib/codeql/ruby/experimental/Rbi.qll
M ruby/ql/lib/codeql/ruby/frameworks/Slim.qll
M ruby/ql/lib/codeql/ruby/frameworks/XmlParsing.qll
M ruby/ql/lib/codeql/ruby/frameworks/actiondispatch/internal/Routing.qll
M ruby/ql/lib/codeql/ruby/security/ImproperMemoizationQuery.qll
M ruby/ql/lib/codeql/ruby/security/InsecureDependencyQuery.qll
M ruby/ql/lib/qlpack.yml
M ruby/ql/src/CHANGELOG.md
A ruby/ql/src/change-notes/released/1.6.4.md
M ruby/ql/src/codeql-pack.release.yml
M ruby/ql/src/qlpack.yml
M ruby/ql/test/library-tests/ast/Ast.expected
M ruby/ql/test/library-tests/ast/AstDesugar.expected
M ruby/ql/test/library-tests/modules/methods.expected
M ruby/ql/test/library-tests/modules/modules.expected
M rust/ql/lib/CHANGELOG.md
R rust/ql/lib/change-notes/2026-05-14-sensitive-data.md
A rust/ql/lib/change-notes/released/0.2.15.md
M rust/ql/lib/codeql-pack.release.yml
M rust/ql/lib/qlpack.yml
M rust/ql/src/CHANGELOG.md
A rust/ql/src/change-notes/released/0.1.36.md
M rust/ql/src/codeql-pack.release.yml
M rust/ql/src/qlpack.yml
M shared/concepts/CHANGELOG.md
A shared/concepts/change-notes/released/0.0.25.md
M shared/concepts/codeql-pack.release.yml
M shared/concepts/qlpack.yml
M shared/controlflow/CHANGELOG.md
A shared/controlflow/change-notes/released/2.0.35.md
M shared/controlflow/codeql-pack.release.yml
M shared/controlflow/qlpack.yml
M shared/dataflow/CHANGELOG.md
A shared/dataflow/change-notes/released/2.1.7.md
M shared/dataflow/codeql-pack.release.yml
M shared/dataflow/qlpack.yml
M shared/mad/CHANGELOG.md
A shared/mad/change-notes/released/1.0.51.md
M shared/mad/codeql-pack.release.yml
M shared/mad/qlpack.yml
M shared/quantum/CHANGELOG.md
A shared/quantum/change-notes/released/0.0.29.md
M shared/quantum/codeql-pack.release.yml
M shared/quantum/qlpack.yml
M shared/rangeanalysis/CHANGELOG.md
A shared/rangeanalysis/change-notes/released/1.0.51.md
M shared/rangeanalysis/codeql-pack.release.yml
M shared/rangeanalysis/qlpack.yml
M shared/regex/CHANGELOG.md
A shared/regex/change-notes/released/1.0.51.md
M shared/regex/codeql-pack.release.yml
M shared/regex/qlpack.yml
M shared/ssa/CHANGELOG.md
A shared/ssa/change-notes/released/2.0.27.md
M shared/ssa/codeql-pack.release.yml
M shared/ssa/qlpack.yml
M shared/threat-models/CHANGELOG.md
A shared/threat-models/change-notes/released/1.0.51.md
M shared/threat-models/codeql-pack.release.yml
M shared/threat-models/qlpack.yml
M shared/tutorial/CHANGELOG.md
A shared/tutorial/change-notes/released/1.0.51.md
M shared/tutorial/codeql-pack.release.yml
M shared/tutorial/qlpack.yml
M shared/typeflow/CHANGELOG.md
A shared/typeflow/change-notes/released/1.0.51.md
M shared/typeflow/codeql-pack.release.yml
M shared/typeflow/qlpack.yml
M shared/typeinference/CHANGELOG.md
A shared/typeinference/change-notes/released/0.0.32.md
M shared/typeinference/codeql-pack.release.yml
M shared/typeinference/qlpack.yml
M shared/typetracking/CHANGELOG.md
A shared/typetracking/change-notes/released/2.0.35.md
M shared/typetracking/codeql-pack.release.yml
M shared/typetracking/qlpack.yml
M shared/typos/CHANGELOG.md
A shared/typos/change-notes/released/1.0.51.md
M shared/typos/codeql-pack.release.yml
M shared/typos/qlpack.yml
M shared/util/CHANGELOG.md
A shared/util/change-notes/released/2.0.38.md
M shared/util/codeql-pack.release.yml
M shared/util/qlpack.yml
M shared/xml/CHANGELOG.md
A shared/xml/change-notes/released/1.0.51.md
M shared/xml/codeql-pack.release.yml
M shared/xml/qlpack.yml
M shared/yaml/CHANGELOG.md
A shared/yaml/change-notes/released/1.0.51.md
M shared/yaml/codeql-pack.release.yml
M shared/yaml/qlpack.yml
M swift/ql/lib/CHANGELOG.md
R swift/ql/lib/change-notes/2026-05-14-sensitive-data.md
R swift/ql/lib/change-notes/2026-05-19-swift-6.3.2.md
A swift/ql/lib/change-notes/released/6.7.0.md
M swift/ql/lib/codeql-pack.release.yml
M swift/ql/lib/codeql/swift/security/WeakPasswordHashingExtensions.qll
M swift/ql/lib/codeql/swift/security/WeakSensitiveDataHashingExtensions.qll
M swift/ql/lib/qlpack.yml
M swift/ql/src/CHANGELOG.md
A swift/ql/src/change-notes/2026-05-26-hashing-sinks.md
A swift/ql/src/change-notes/released/1.3.4.md
M swift/ql/src/codeql-pack.release.yml
M swift/ql/src/qlpack.yml
M swift/ql/test/query-tests/Security/CWE-328/WeakPasswordHashing.expected
M swift/ql/test/query-tests/Security/CWE-328/WeakSensitiveDataHashing.expected
M swift/ql/test/query-tests/Security/CWE-328/testCryptoKit.swift
M unified/extractor/tests/corpus/swift/closures.txt
M unified/extractor/tests/corpus/swift/collections.txt
M unified/extractor/tests/corpus/swift/control-flow.txt
M unified/extractor/tests/corpus/swift/desugar.txt
M unified/extractor/tests/corpus/swift/functions.txt
M unified/extractor/tests/corpus/swift/literals.txt
M unified/extractor/tests/corpus/swift/loops.txt
M unified/extractor/tests/corpus/swift/operators.txt
M unified/extractor/tests/corpus/swift/optionals-and-errors.txt
M unified/extractor/tests/corpus/swift/types.txt
M unified/extractor/tests/corpus/swift/variables.txt
M unified/extractor/tree-sitter-swift/grammar.js
M unified/extractor/tree-sitter-swift/node-types.yml
M unified/ql/test/library-tests/BasicTest/test.expected
Log Message:
-----------
Merge branch 'main' into bazookamusic/range-analysis-bound-move-to-shared
Commit: fa63dad1d16874e3ee478763cdcf360fa42e096b
https://github.com/krishnprakash/codeql/commit/fa63dad1d16874e3ee478763cdcf360fa42e096b
Author: BazookaMusic <bazook...@github.com>
Date: 2026-06-01 (Mon, 01 Jun 2026)
Changed paths:
A shared/rangeanalysis/change-notes/released/1.0.52.md
Log Message:
-----------
change note
Commit: c610af88d3518b858bb74e16d396147f0af31b0e
https://github.com/krishnprakash/codeql/commit/c610af88d3518b858bb74e16d396147f0af31b0e
Author: BazookaMusic <bazook...@github.com>
Date: 2026-06-01 (Mon, 01 Jun 2026)
Changed paths:
M csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/BoundSpecific.qll
Log Message:
-----------
fix comment and add overlay[local?]
Commit: 2a3cff382c4ffa044637d601a1e5946dd05ab87a
https://github.com/krishnprakash/codeql/commit/2a3cff382c4ffa044637d601a1e5946dd05ab87a
Author: BazookaMusic <bazook...@github.com>
Date: 2026-06-01 (Mon, 01 Jun 2026)
Changed paths:
M shared/rangeanalysis/codeql/rangeanalysis/Bound.qll
Log Message:
-----------
more specific comment
Commit: 566a92e55519bdad0fab656cb44edcd8e8837ffd
https://github.com/krishnprakash/codeql/commit/566a92e55519bdad0fab656cb44edcd8e8837ffd
Author: BazookaMusic <bazook...@github.com>
Date: 2026-06-02 (Tue, 02 Jun 2026)
Changed paths:
M shared/rangeanalysis/codeql/rangeanalysis/Bound.qll
Log Message:
-----------
formatting again
Commit: 61a5cece56c8c7dbdd30532935600b09709c720d
https://github.com/krishnprakash/codeql/commit/61a5cece56c8c7dbdd30532935600b09709c720d
Author: Sotiris Dragonas <36576941+B...@users.noreply.github.com>
Date: 2026-06-02 (Tue, 02 Jun 2026)
Changed paths:
M ruby/ql/lib/codeql/ruby/ast/Parameter.qll
M ruby/ql/lib/codeql/ruby/ast/internal/AST.qll
M ruby/ql/lib/codeql/ruby/ast/internal/Parameter.qll
M ruby/ql/lib/codeql/ruby/ast/internal/Scope.qll
M ruby/ql/lib/codeql/ruby/ast/internal/Synthesis.qll
M ruby/ql/lib/codeql/ruby/ast/internal/Variable.qll
M ruby/ql/lib/qlpack.yml
M ruby/ql/test/library-tests/variables/parameter.expected
M ruby/ql/test/library-tests/variables/scopes.rb
M ruby/ql/test/library-tests/variables/ssa.expected
M ruby/ql/test/library-tests/variables/varaccess.expected
M ruby/ql/test/library-tests/variables/variable.expected
M ruby/ql/test/library-tests/variables/varscopes.expected
M rust/ql/.generated.list
M rust/ql/.gitattributes
M rust/ql/lib/codeql/rust/elements/internal/ParamBaseImpl.qll
M rust/ql/lib/codeql/rust/elements/internal/VariableImpl.qll
M rust/ql/lib/qlpack.yml
M rust/ql/test/library-tests/variables/Cfg.expected
M rust/ql/test/library-tests/variables/Ssa.expected
M rust/ql/test/library-tests/variables/main.rs
M rust/ql/test/library-tests/variables/variables.expected
A shared/namebinding/codeql/namebinding/LocalNameBinding.qll
A shared/namebinding/qlpack.yml
Log Message:
-----------
Merge branch 'main' into bazookamusic/range-analysis-bound-move-to-shared
Commit: ad97b6dd644700a76372838a7f0fd002a98e383a
https://github.com/krishnprakash/codeql/commit/ad97b6dd644700a76372838a7f0fd002a98e383a
Author: Owen Mansel-Chan <owe...@github.com>
Date: 2026-06-02 (Tue, 02 Jun 2026)
Changed paths:
M python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll
M python/ql/lib/semmle/python/frameworks/Stdlib.qll
Log Message:
-----------
Use access path for `str.join` model
Commit: dede5bc49bcaab2f9bef0b8a0025bf62cbabb85d
https://github.com/krishnprakash/codeql/commit/dede5bc49bcaab2f9bef0b8a0025bf62cbabb85d
Author: Owen Mansel-Chan <owe...@github.com>
Date: 2026-06-02 (Tue, 02 Jun 2026)
Changed paths:
M python/ql/lib/semmle/python/frameworks/Stdlib.qll
Log Message:
-----------
Track flow through `tuple()` with list with tainted elements
Commit: c3ef1ddd64a2616fba1624132de647c65a00169b
https://github.com/krishnprakash/codeql/commit/c3ef1ddd64a2616fba1624132de647c65a00169b
Author: Owen Mansel-Chan <owe...@github.com>
Date: 2026-06-02 (Tue, 02 Jun 2026)
Changed paths:
A python/ql/lib/semmle/python/frameworks/lxml.model.yml
A python/ql/lib/semmle/python/frameworks/xml.model.yml
Log Message:
-----------
Add MaD models for lxml and xml etree.fromstringlist
Commit: f62ebef9e0c47703e4792492ba13fedfd3abe1f4
https://github.com/krishnprakash/codeql/commit/f62ebef9e0c47703e4792492ba13fedfd3abe1f4
Author: Owen Mansel-Chan <owe...@github.com>
Date: 2026-06-02 (Tue, 02 Jun 2026)
Changed paths:
M python/ql/test/experimental/query-tests/Security/CWE-1427-PromptInjection/PromptInjection.expected
M python/ql/test/experimental/query-tests/Security/CWE-1427-PromptInjection/openai_test.py
M python/ql/test/library-tests/dataflow/tainttracking/defaultAdditionalTaintStep/test_collections.py
M python/ql/test/library-tests/frameworks/tornado/taint_test.py
M python/ql/test/query-tests/Security/CWE-078-UnsafeShellCommandConstruction/UnsafeShellCommandConstruction.expected
Log Message:
-----------
Adjust expected test output
Commit: 20ce679d611a0e4981604307516034e876282ec7
https://github.com/krishnprakash/codeql/commit/20ce679d611a0e4981604307516034e876282ec7
Author: Owen Mansel-Chan <owe...@github.com>
Date: 2026-06-02 (Tue, 02 Jun 2026)
Changed paths:
M python/ql/test/experimental/query-tests/Security/CWE-022-TarSlip/TarSlip.expected
M python/ql/test/experimental/query-tests/Security/CWE-022-UnsafeUnpacking/UnsafeUnpack.expected
M python/ql/test/experimental/query-tests/Security/CWE-074-RemoteCommandExecution/RemoteCommandExecution.expected
M python/ql/test/experimental/query-tests/Security/CWE-091-XsltInjection/XsltInjection.expected
M python/ql/test/library-tests/dataflow/summaries/summaries.expected
M python/ql/test/query-tests/Security/CWE-020-ExternalAPIs/UntrustedDataToExternalAPI.expected
M python/ql/test/query-tests/Security/CWE-079-ReflectedXss/ReflectedXss.expected
M python/ql/test/query-tests/Security/CWE-312-CleartextStorage/CleartextStorage.expected
M python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/NoSqlInjection.expected
Log Message:
-----------
Accept changed edges in test output
No changes to alerts
Commit: b27d08ee32c678985aa73e73ef00090becd736d0
https://github.com/krishnprakash/codeql/commit/b27d08ee32c678985aa73e73ef00090becd736d0
Author: Owen Mansel-Chan <owe...@github.com>
Date: 2026-06-02 (Tue, 02 Jun 2026)
Changed paths:
M python/ql/test/experimental/query-tests/Security/CWE-091-XsltInjection/XsltInjection.expected
M python/ql/test/library-tests/frameworks/gradio/taint_step_test.expected
Log Message:
-----------
Update edges in expected test output
Commit: 04341c47bdb710c03d6514e886edfd74094ae125
https://github.com/krishnprakash/codeql/commit/04341c47bdb710c03d6514e886edfd74094ae125
Author: Owen Mansel-Chan <owe...@github.com>
Date: 2026-06-02 (Tue, 02 Jun 2026)
Changed paths:
M python/ql/lib/semmle/python/frameworks/Stdlib.qll
Log Message:
-----------
Tweak model for str.join
Commit: 5042fdee8494763812de02252948d26884f4429a
https://github.com/krishnprakash/codeql/commit/5042fdee8494763812de02252948d26884f4429a
Author: Owen Mansel-Chan <owe...@github.com>
Date: 2026-06-02 (Tue, 02 Jun 2026)
Changed paths:
M python/ql/lib/semmle/python/frameworks/Stdlib.qll
Log Message:
-----------
Remove imprecise model for `list()`
Commit: 6f2cc43f32bd6e1a8822425542fc199a534cd41d
https://github.com/krishnprakash/codeql/commit/6f2cc43f32bd6e1a8822425542fc199a534cd41d
Author: Owen Mansel-Chan <owe...@github.com>
Date: 2026-06-02 (Tue, 02 Jun 2026)
Changed paths:
M python/ql/lib/semmle/python/frameworks/Stdlib.qll
Log Message:
-----------
Remove imprecise model for `tuple()`
Commit: 0a801440b98382688b642fb0476be56e3383fb88
https://github.com/krishnprakash/codeql/commit/0a801440b98382688b642fb0476be56e3383fb88
Author: BazookaMusic <bazook...@github.com>
Date: 2026-06-03 (Wed, 03 Jun 2026)
Changed paths:
M csharp/ql/lib/semmle/code/csharp/dataflow/Bound.qll
R csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/BoundSpecific.qll
M java/ql/lib/semmle/code/java/dataflow/Bound.qll
R java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/BoundSpecific.qll
M shared/rangeanalysis/codeql/rangeanalysis/Bound.qll
Log Message:
-----------
review comments
Commit: f34275636ccc592699d18db2e8c401b6aaa791af
https://github.com/krishnprakash/codeql/commit/f34275636ccc592699d18db2e8c401b6aaa791af
Author: BazookaMusic <bazook...@github.com>
Date: 2026-06-03 (Wed, 03 Jun 2026)
Changed paths:
M csharp/ql/lib/semmle/code/csharp/dataflow/Bound.qll
M java/ql/lib/semmle/code/java/dataflow/Bound.qll
R shared/rangeanalysis/change-notes/released/1.0.52.md
Log Message:
-----------
No duplicate Ssa and remove release changenot
Commit: 93a4b427e3ab1452f15c650411147e987ea649b4
https://github.com/krishnprakash/codeql/commit/93a4b427e3ab1452f15c650411147e987ea649b4
Author: Henry Mercer <henry...@github.com>
Date: 2026-06-03 (Wed, 03 Jun 2026)
Changed paths:
M actions/ql/lib/qlpack.yml
M actions/ql/src/qlpack.yml
M cpp/ql/lib/qlpack.yml
M cpp/ql/src/qlpack.yml
M csharp/ql/campaigns/Solorigate/lib/qlpack.yml
M csharp/ql/campaigns/Solorigate/src/qlpack.yml
M csharp/ql/lib/qlpack.yml
M csharp/ql/src/qlpack.yml
M go/ql/consistency-queries/qlpack.yml
M go/ql/lib/qlpack.yml
M go/ql/src/qlpack.yml
M java/ql/lib/qlpack.yml
M java/ql/src/qlpack.yml
M javascript/ql/lib/qlpack.yml
M javascript/ql/src/qlpack.yml
M misc/suite-helpers/qlpack.yml
M python/ql/lib/qlpack.yml
M python/ql/src/qlpack.yml
M ruby/ql/lib/qlpack.yml
M ruby/ql/src/qlpack.yml
M rust/ql/lib/qlpack.yml
M rust/ql/src/qlpack.yml
M shared/concepts/qlpack.yml
M shared/controlflow/qlpack.yml
M shared/dataflow/qlpack.yml
M shared/mad/qlpack.yml
M shared/quantum/qlpack.yml
M shared/rangeanalysis/qlpack.yml
M shared/regex/qlpack.yml
M shared/ssa/qlpack.yml
M shared/threat-models/qlpack.yml
M shared/tutorial/qlpack.yml
M shared/typeflow/qlpack.yml
M shared/typeinference/qlpack.yml
M shared/typetracking/qlpack.yml
M shared/typos/qlpack.yml
M shared/util/qlpack.yml
M shared/xml/qlpack.yml
M shared/yaml/qlpack.yml
M swift/ql/lib/qlpack.yml
M swift/ql/src/qlpack.yml
Log Message:
-----------
Merge pull request #21933 from github/post-release-prep/codeql-cli-2.25.6
Post-release preparation for codeql-cli-2.25.6
Commit: da999ee440f951e82b0c776c0c8c025f2ed8fc1d
https://github.com/krishnprakash/codeql/commit/da999ee440f951e82b0c776c0c8c025f2ed8fc1d
Author: Owen Mansel-Chan <owe...@github.com>
Date: 2026-06-03 (Wed, 03 Jun 2026)
Changed paths:
M python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll
M python/ql/lib/semmle/python/frameworks/Stdlib.qll
Log Message:
-----------
Address review comments
Commit: 5576d307808a1be0f9b0651df432d4e81cb3787c
https://github.com/krishnprakash/codeql/commit/5576d307808a1be0f9b0651df432d4e81cb3787c
Author: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Date: 2026-06-04 (Thu, 04 Jun 2026)
Changed paths:
M java/documentation/library-coverage/coverage.csv
M java/documentation/library-coverage/coverage.rst
Log Message:
-----------
Add changed framework coverage reports
Commit: d2972cb53f90f34ab9458835bf64833a7a91d7ec
https://github.com/krishnprakash/codeql/commit/d2972cb53f90f34ab9458835bf64833a7a91d7ec
Author: BazookaMusic <bazook...@github.com>
Date: 2026-06-04 (Thu, 04 Jun 2026)
Changed paths:
M csharp/ql/lib/semmle/code/csharp/dataflow/Bound.qll
M java/ql/lib/semmle/code/java/dataflow/Bound.qll
Log Message:
-----------
Add back alias for module
Commit: d6892eaf0d6c37b72b128c188bb7d7f27260edf0
https://github.com/krishnprakash/codeql/commit/d6892eaf0d6c37b72b128c188bb7d7f27260edf0
Author: Sotiris Dragonas <36576941+B...@users.noreply.github.com>
Date: 2026-06-04 (Thu, 04 Jun 2026)
Changed paths:
M config/identical-files.json
M csharp/ql/lib/qlpack.yml
M csharp/ql/lib/semmle/code/csharp/dataflow/Bound.qll
R csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/BoundSpecific.qll
M java/ql/lib/semmle/code/java/dataflow/Bound.qll
R java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/BoundSpecific.qll
A shared/rangeanalysis/codeql/rangeanalysis/Bound.qll
Log Message:
-----------
Merge pull request #21900 from github/bazookamusic/range-analysis-bound-move-to-shared
Bound.qll - Replace utility for range analysis duplicate across java and cs with shared file
Commit: cd2398aeea9a1ef5626445d886298b96fcf652ef
https://github.com/krishnprakash/codeql/commit/cd2398aeea9a1ef5626445d886298b96fcf652ef
Author: Owen Mansel-Chan <62447351...@users.noreply.github.com>
Date: 2026-06-04 (Thu, 04 Jun 2026)
Changed paths:
M java/documentation/library-coverage/coverage.csv
M java/documentation/library-coverage/coverage.rst
Log Message:
-----------
Merge pull request #21936 from github/workflow/coverage/update
Update CSV framework coverage reports
Commit: b32573b0603476b66d604f2ba6632d7d88f6b926
https://github.com/krishnprakash/codeql/commit/b32573b0603476b66d604f2ba6632d7d88f6b926
Author: github-actions[bot] <github-...@github.com>
Date: 2026-06-04 (Thu, 04 Jun 2026)
Changed paths:
A docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.25.6.rst
M docs/codeql/codeql-overview/codeql-changelog/index.rst
Log Message:
-----------
update codeql documentation
Commit: 2f3524de748f26e73f8d577266d02fd454d7379c
https://github.com/krishnprakash/codeql/commit/2f3524de748f26e73f8d577266d02fd454d7379c
Author: Henry Mercer <henry...@github.com>
Date: 2026-06-04 (Thu, 04 Jun 2026)
Changed paths:
Log Message:
-----------
Merge branch 'rc/3.22' into codeql-spark-run-26947645690
Commit: 284f42bb9ede056a6c9230bfbeae5f8524e53dd2
https://github.com/krishnprakash/codeql/commit/284f42bb9ede056a6c9230bfbeae5f8524e53dd2
Author: Mario Campos <mario-...@github.com>
Date: 2026-06-04 (Thu, 04 Jun 2026)
Changed paths:
A docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.25.6.rst
M docs/codeql/codeql-overview/codeql-changelog/index.rst
Log Message:
-----------
Merge pull request #21945 from github/codeql-spark-run-26947645690
Update changelog documentation site for codeql-cli-2.25.6
Commit: dc1409e5f45d5a23d7350254854d5db918fd6fc1
https://github.com/krishnprakash/codeql/commit/dc1409e5f45d5a23d7350254854d5db918fd6fc1
Author: github-actions[bot] <github-...@github.com>
Date: 2026-06-04 (Thu, 04 Jun 2026)
Changed paths:
M docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.25.6.rst
Log Message:
-----------
update codeql documentation
Commit: ba8eebe2b5b6ab17d8a15ed08b92313d4027f659
https://github.com/krishnprakash/codeql/commit/ba8eebe2b5b6ab17d8a15ed08b92313d4027f659
Author: Jon Janego <jonj...@github.com>
Date: 2026-06-04 (Thu, 04 Jun 2026)
Changed paths:
M docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.25.6.rst
Log Message:
-----------
Merge pull request #21948 from github/codeql-spark-run-26974832191
Update changelog documentation site for codeql-cli-2.25.6
Commit: 1f91f915c7778dc58d1522bf6aed6644c78ec920
https://github.com/krishnprakash/codeql/commit/1f91f915c7778dc58d1522bf6aed6644c78ec920
Author: Owen Mansel-Chan <62447351...@users.noreply.github.com>
Date: 2026-06-04 (Thu, 04 Jun 2026)
Changed paths:
M python/ql/consistency-queries/DataFlowConsistency.ql
A python/ql/lib/change-notes/2026-05-28-remove-imprecise-containter-steps.md
M python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll
M python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPublic.qll
M python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImpl.qll
M python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll
M python/ql/lib/semmle/python/dataflow/new/internal/TypeTrackingImpl.qll
M python/ql/lib/semmle/python/frameworks/Stdlib.qll
A python/ql/lib/semmle/python/frameworks/lxml.model.yml
A python/ql/lib/semmle/python/frameworks/xml.model.yml
M python/ql/src/Variables/LoopVariableCapture/LoopVariableCaptureQuery.qll
M python/ql/test/experimental/query-tests/Security/CWE-022-TarSlip/TarSlip.expected
M python/ql/test/experimental/query-tests/Security/CWE-022-UnsafeUnpacking/UnsafeUnpack.expected
M python/ql/test/experimental/query-tests/Security/CWE-074-RemoteCommandExecution/RemoteCommandExecution.expected
M python/ql/test/experimental/query-tests/Security/CWE-091-XsltInjection/XsltInjection.expected
M python/ql/test/experimental/query-tests/Security/CWE-1427-PromptInjection/PromptInjection.expected
M python/ql/test/library-tests/dataflow/sensitive-data/test.py
M python/ql/test/library-tests/dataflow/summaries/summaries.expected
M python/ql/test/library-tests/dataflow/tainttracking/defaultAdditionalTaintStep/test_collections.py
M python/ql/test/library-tests/dataflow/tainttracking/defaultAdditionalTaintStep/test_unpacking.py
M python/ql/test/library-tests/frameworks/gradio/taint_step_test.expected
M python/ql/test/library-tests/frameworks/stdlib/test_re.py
M python/ql/test/library-tests/frameworks/tornado/taint_test.py
M python/ql/test/query-tests/Security/CVE-2018-1281/BindToAllInterfaces.expected
M python/ql/test/query-tests/Security/CWE-020-ExternalAPIs/UntrustedDataToExternalAPI.expected
M python/ql/test/query-tests/Security/CWE-078-UnsafeShellCommandConstruction/UnsafeShellCommandConstruction.expected
M python/ql/test/query-tests/Security/CWE-079-ReflectedXss/ReflectedXss.expected
M python/ql/test/query-tests/Security/CWE-209-StackTraceExposure/StackTraceExposure.expected
M python/ql/test/query-tests/Security/CWE-312-CleartextLogging/CleartextLogging.expected
M python/ql/test/query-tests/Security/CWE-312-CleartextStorage/CleartextStorage.expected
M python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/PartialServerSideRequestForgery.expected
M python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/NoSqlInjection.expected
Log Message:
-----------
Merge pull request #21888 from owen-mc/py/remove-imprecise-container-steps
Python: Remove imprecise container steps #2
Commit: 239d2d0e2d783164dc029f4a4f703546282009f7
https://github.com/krishnprakash/codeql/commit/239d2d0e2d783164dc029f4a4f703546282009f7
Author: Phileco <132178579+k...@users.noreply.github.com>
Date: 2026-06-05 (Fri, 05 Jun 2026)
Changed paths:
M config/identical-files.json
M csharp/ql/lib/qlpack.yml
M csharp/ql/lib/semmle/code/csharp/dataflow/Bound.qll
R csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/BoundSpecific.qll
A docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.25.6.rst
M docs/codeql/codeql-overview/codeql-changelog/index.rst
M java/documentation/library-coverage/coverage.csv
M java/documentation/library-coverage/coverage.rst
M java/ql/lib/semmle/code/java/dataflow/Bound.qll
R java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/BoundSpecific.qll
M python/ql/consistency-queries/DataFlowConsistency.ql
A python/ql/lib/change-notes/2026-05-28-remove-imprecise-containter-steps.md
M python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll
M python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPublic.qll
M python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImpl.qll
M python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll
M python/ql/lib/semmle/python/dataflow/new/internal/TypeTrackingImpl.qll
M python/ql/lib/semmle/python/frameworks/Stdlib.qll
A python/ql/lib/semmle/python/frameworks/lxml.model.yml
A python/ql/lib/semmle/python/frameworks/xml.model.yml
M python/ql/src/Variables/LoopVariableCapture/LoopVariableCaptureQuery.qll
M python/ql/test/experimental/query-tests/Security/CWE-022-TarSlip/TarSlip.expected
M python/ql/test/experimental/query-tests/Security/CWE-022-UnsafeUnpacking/UnsafeUnpack.expected
M python/ql/test/experimental/query-tests/Security/CWE-074-RemoteCommandExecution/RemoteCommandExecution.expected
M python/ql/test/experimental/query-tests/Security/CWE-091-XsltInjection/XsltInjection.expected
M python/ql/test/experimental/query-tests/Security/CWE-1427-PromptInjection/PromptInjection.expected
M python/ql/test/library-tests/dataflow/sensitive-data/test.py
M python/ql/test/library-tests/dataflow/summaries/summaries.expected
M python/ql/test/library-tests/dataflow/tainttracking/defaultAdditionalTaintStep/test_collections.py
M python/ql/test/library-tests/dataflow/tainttracking/defaultAdditionalTaintStep/test_unpacking.py
M python/ql/test/library-tests/frameworks/gradio/taint_step_test.expected
M python/ql/test/library-tests/frameworks/stdlib/test_re.py
M python/ql/test/library-tests/frameworks/tornado/taint_test.py
M python/ql/test/query-tests/Security/CVE-2018-1281/BindToAllInterfaces.expected
M python/ql/test/query-tests/Security/CWE-020-ExternalAPIs/UntrustedDataToExternalAPI.expected
M python/ql/test/query-tests/Security/CWE-078-UnsafeShellCommandConstruction/UnsafeShellCommandConstruction.expected
M python/ql/test/query-tests/Security/CWE-079-ReflectedXss/ReflectedXss.expected
M python/ql/test/query-tests/Security/CWE-209-StackTraceExposure/StackTraceExposure.expected
M python/ql/test/query-tests/Security/CWE-312-CleartextLogging/CleartextLogging.expected
M python/ql/test/query-tests/Security/CWE-312-CleartextStorage/CleartextStorage.expected
M python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/PartialServerSideRequestForgery.expected
M python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/NoSqlInjection.expected
A shared/rangeanalysis/codeql/rangeanalysis/Bound.qll
Log Message:
-----------
Merge branch 'github:main' into main
Compare: https://github.com/krishnprakash/codeql/compare/f1c9caf5a070...239d2d0e2d78
To unsubscribe from these emails, change your notification settings at https://github.com/krishnprakash/codeql/settings/notifications
Reply all
Reply to author
Forward
0 new messages