12 Pull requests merged by 8 people

• Crypto: Refactor OpenSSL operation step data-flow logic

  #19880 merged Jun 27, 2025

• Overlay: Add missing overlay[caller?] annotation

  #19901 merged Jun 27, 2025

• Overlay: Add overlay annotation to shared lib

  #19898 merged Jun 27, 2025

• C++: Pretty print MaD ids in test output

  #19894 merged Jun 27, 2025

• Rust: Cache DataFlow::Node.{toString,getLocation}

  #19886 merged Jun 27, 2025

• C#: Models for Microsoft.Data.SqlClient.

  #19877 merged Jun 27, 2025

• Java, Ruby: add missing .qlref tests

  #19888 merged Jun 27, 2025

• Rust: Data flow through trait methods

  #19881 merged Jun 27, 2025

• Java: Diff-informed CleartextStorageCookie.ql

  #19846 merged Jun 27, 2025

• Kaspersv/overlay java annotations

  #19887 merged Jun 27, 2025

• Overlay: Add overlay annotations to Java & shared libraries

  #19779 merged Jun 27, 2025

• Python: Improve performance of FileNotClosed query by using basic block reachability

  #19641 merged Jun 26, 2025

7 Pull requests opened by 7 people

• Create copilot-instructions.md

  #19899 opened Jun 27, 2025

• Rust: Apply inherent method prioritization inside type inference loop

  #19903 opened Jun 27, 2025

• C++: Sync the product-flow field flow branch limits with the default one

  #19904 opened Jun 27, 2025

• Quantum: Initial support for C#

  #19905 opened Jun 27, 2025

• C++: fix `(no string representation)` for `ConstructorInit`

  #19907 opened Jun 27, 2025

• Openssl padding refactor

  #19908 opened Jun 27, 2025

• Update CSV framework coverage reports

  #19910 opened Jun 28, 2025

5 Issues opened by 5 people

• Gg

  #19913 opened Jun 29, 2025

• Feature request: overwrite existing database, but ask first

  #19909 opened Jun 27, 2025

• ShellEscape aint always escaping shells

  #19906 opened Jun 27, 2025

• Flask ImmutableMultiDict type cannot be accurately determined when calling to_dict

  #19902 opened Jun 27, 2025

• [python] The tuple (*) argument of a call cannot step to function parameter for the CommandInjectionCustomizations flow

  #19900 opened Jun 27, 2025

14 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• Overlay: Add manual Java overlay annotations & discard predicates

  #19813 commented on Jun 27, 2025 • 5 new comments

• C++: Merge the location tables

  #17581 commented on Jun 28, 2025 • 3 new comments

• Error running codeql database analyze go

  #19890 commented on Jun 27, 2025 • 0 new comments

• Code QL not finding sql server injection attack

  #19855 commented on Jun 27, 2025 • 0 new comments

• Code scanning is waiting for results from CodeQL; CodeQL is stuck

  #19671 commented on Jun 27, 2025 • 0 new comments

• False positive

  #19856 commented on Jun 28, 2025 • 0 new comments

• Quantum: Support for BouncyCastle signature algorithms and block cipher modes

  #19568 commented on Jun 27, 2025 • 0 new comments

• Fixes in cpp/global-use-before-init

  #19676 commented on Jun 28, 2025 • 0 new comments

• Overlay: Add CI workflow to check overlay annotations

  #19780 commented on Jun 27, 2025 • 0 new comments

• Codegen: improve implementation of generated parent/child relationship

  #19866 commented on Jun 27, 2025 • 0 new comments

• Java: Add query to detect special characters in string literals

  #19875 commented on Jun 27, 2025 • 0 new comments

• Go/Ruby/Python: Freeze quality queries in `security-and-quality`.

  #19891 commented on Jun 27, 2025 • 0 new comments

• Python: Allow use of `match` as an identifier

  #19895 commented on Jun 27, 2025 • 0 new comments

• Java/Ruby/Rust/QL: add `overlayChangedFiles` relation to dbscheme

  #19896 commented on Jun 27, 2025 • 0 new comments