{"payload":{"header_redesign_enabled":false,"results":[{"body":"On May 1, the action generated discussion metrics for the Orchard Core project, see here. (This was with @v3 so I\nsuppose it used v3.3.0.) As you can see, it indicates 4 discussions closed. We had 10 answered discussions in that\nperiod.\n\nThe metrics generated on 1 June, see here indicate 0 discussions closed while 9 were answered.\n\nWhat s closed supposed to mean for discussions? I suppose it makes sense, since we had more than 0, but I guess it s not\nindicating answered discussions. BTW we generate these metrics with HIDE_TIME_TO_CLOSE: true.\n\nThank you!\n","created":"2024-06-02T23:06:38.000Z","hl_text":"On May 1, the action generated discussion metrics for the Orchard Core project, see here. (This was with @v3 so I\nsuppose it used v3.3.0.) As you can see, it indicates 4 discussions closed. We had 10 answered ...","hl_title":"Number of items closed for discussions","id":"6768596","num_comments":2,"number":300,"repo":{"repository":{"id":648340231,"name":"issue-metrics","owner_id":9919,"owner_login":"github","updated_at":"2024-06-07T22:35:24.577Z","has_issues":true}},"title":"Number of items closed for discussions","url":"/github/issue-metrics/discussions/300","updated":"2024-06-08T18:04:44.000Z","user_avatar_url":"https://avatars.githubusercontent.com/u/1976647?s=48&v=4","user_id":1976647,"user_login":"Piedone"},{"body":"Changelog\n\n🚀 Features\n\n - feat: Report as issue markdown @zkoppert (#90)\n\n🧰 Maintenance\n\n - chore: standardize github action types @jmeridth (#92)\n - chore: add Jacob to pr reviews automatically @zkoppert (#89)\n - chore(deps): bump types-requests from 2.32.0.20240523 to 2.32.0.20240602 @dependabot (#88)\n - chore(deps): bump the dependencies group with 2 updates @dependabot (#87)\n - ci: Add Jeff to review new data releases @zkoppert (#85)\n - chore: remove pull_request target if we already have pull_request_target @jmeridth (#84)\n - ci: release when a new feature hits main @zkoppert (#83)\n - chore(deps): bump the dependencies group with 2 updates @dependabot (#81)\n - chore(deps): bump the dependencies group with 2 updates @dependabot (#82)\n - chore: add pull_request_target for releases @jmeridth (#80)\n - chore(deps): bump python from 2be8dad to afc139a @dependabot (#79)\n - chore(deps): bump the dependencies group with 2 updates @dependabot (#78)\n - chore(deps): bump the dependencies group with 3 updates @dependabot (#77)\n - chore: Switch to weekly dep updates to reduce noise @zkoppert (#76)\n - chore(deps): bump the dependencies group across 1 directory with 2 updates @dependabot (#75)\n\nSee details of all code changes since previous release\n","created":"2024-06-08T06:50:20.000Z","hl_text":"Changelog\n\n🚀 Features\n\n - feat: Report as issue markdown @zkoppert (#90)\n\n🧰 Maintenance\n\n - chore: standardize github action types @jmeridth (#92)\n - chore: add Jacob to pr reviews automatically @zkoppert ...","hl_title":"v1.1.12","id":"6793712","num_comments":0,"number":93,"repo":{"repository":{"id":750479518,"name":"cleanowners","owner_id":9919,"owner_login":"github","updated_at":"2024-06-08T06:50:09.635Z","has_issues":true}},"title":"v1.1.12","url":"/github/cleanowners/discussions/93","updated":"2024-06-08T06:50:22.000Z","user_avatar_url":"https://avatars.githubusercontent.com/in/15368?s=48&v=4","user_id":41898282,"user_login":"github-actions[bot]"},{"body":"Hello,\n\nThis is probably a C++ edge case. Assume that we have an object that exposes two functions and we can t know which\nfunction will be called first. In this case, I would like anything that gets tainted in one function to retain its taint\nwhen accessed by the other (even if it leads to over-tainting).\n\nFor instance: library.cc:\n\n#include absl/base/casts.h \n\nvoid outside_fun(uint64_t arg);\n\nclass InnerClass {\n public:\n uint64_t tainted = 0;\n uint64_t not_tainted = 0;\n};\n\nclass ExampleClass {\n private:\n InnerClass obj;\n void HandleWrite(uint64_t value) {\n obj.tainted = value;\n obj.not_tainted = 1;\n uint64_t tmp = obj.tainted;\n outside_fun(tmp);\n }\n\n void test() {\n uint64_t tmp = obj.tainted;\n outside_fun(tmp);\n tmp = obj.not_tainted;\n outside_fun(tmp);\n }\n};\n\nBUILD:\n\ncc_library(\n name = library ,\n srcs = [ library.cc ],\n deps = [\n @com_google_absl//absl/base:base ,\n ],\n)\n\nand query.ql:\n\nimport cpp\nimport semmle.code.cpp.dataflow.new.DataFlow\nimport semmle.code.cpp.dataflow.new.TaintTracking\n\nmodule VanadiumConfig implements DataFlow::ConfigSig {\n predicate isSource(DataFlow::Node source) { \n exists( Function function | \n function.getName() = HandleWrite and\n source.asParameter() = function.getParameter(0)\n )\n }\n\n predicate isSink(DataFlow::Node sink) {\n any()\n }\n}\n\n\nmodule VanadiumFlow = TaintTracking::Global VanadiumConfig ;\nimport VanadiumFlow::PathGraph\n\n\nfrom VanadiumFlow::PathNode source, VanadiumFlow::PathNode sink\nwhere VanadiumFlow::flowPath(source, sink)\nselect source, source.getLocation(), sink, sink.getLocation()\n\nCreate the db with: codeql database create database --language=cpp --command= bazel build --spawn_strategy=local\n--nouse_action_cache --noremote_accept_cached --noremote_upload_local_results //library:library \n\nand execute the query with: codeql query run --database=\\ path\\ /database -- \\ path\\ /query.ql\n\nIn this example, the module identifies the tainted member at line 17, taints the variable and also identifies the flow\nat line 18. This does not happen at lines 22-23 which is what I m trying to do (note that if we add a call to test()\nafter line 18, the results do include lines 22-23).\n\nDoes anyone have any ideas on how to modify the isAdditionalFlowStep() predicate to capture this case?\n\nThanks!\n","created":"2024-06-06T16:15:55.000Z","hl_text":"Hello,\n\nThis is probably a C++ edge case. Assume that we have an object that exposes two functions and we can t know which\nfunction will be called first. In this case, I would like anything that gets tainted ...","hl_title":"[C++] Need help to retain taint in class objects if we don't know the order of execution","id":"6786458","num_comments":1,"number":16691,"repo":{"repository":{"id":143040428,"name":"codeql","owner_id":9919,"owner_login":"github","updated_at":"2024-06-08T22:37:48.077Z","has_issues":true}},"title":"[C++] Need help to retain taint in class objects if we don't know the order of execution","url":"/github/codeql/discussions/16691","updated":"2024-06-07T23:39:26.000Z","user_avatar_url":"https://avatars.githubusercontent.com/u/110858090?s=48&v=4","user_id":110858090,"user_login":"marpom"},{"body":"How do I import Flow::PathGraph for C# custom queries, I m getting module not found. Should I install the pack?\n\n---\nlibrary: false\nwarnOnImplicitThis: false\nname: getting-started/codeql-extra-queries-csharp\nversion: 1.0.0\ndependencies:\n codeql/csharp-all: ^1.0.0\n\ncodeql-pack.yml ^\n","created":"2024-06-07T21:53:46.000Z","hl_text":"How do I import Flow::PathGraph for C# custom queries, I m getting module not found. Should I install the pack?\n\n---\nlibrary: false\nwarnOnImplicitThis: false\nname: getting-started/codeql-extra-queries-csharp ...","hl_title":"Flow path graph for C#","id":"6792499","num_comments":0,"number":16707,"repo":{"repository":{"id":143040428,"name":"codeql","owner_id":9919,"owner_login":"github","updated_at":"2024-06-08T22:37:48.077Z","has_issues":true}},"title":"Flow path graph for C#","url":"/github/codeql/discussions/16707","updated":"2024-06-07T21:53:47.000Z","user_avatar_url":"https://avatars.githubusercontent.com/u/55308877?s=48&v=4","user_id":55308877,"user_login":"tardigrade-9"},{"body":"I ve read this post and documentation but I m still confused. What s explained :\n\ncount: This aggregate determines the number of distinct values of expression for each possible assignment of the\naggregation variables.\n\nSo, from what I understand, count( variable declarations | formula | expression ) will count the number of result of the\nfollowing Code QL request :\n\nfrom variable declarations \nwhere formula \nselect expression \n\nFrom what I understand CodeQL doesn t return the same tuple result twice. identical result are merged. This is why the\nrequest in the other post was returning 1.\n\nHowever here s a simple case where this is clearly not the case :\n\nclass SmallInt extends int {\n SmallInt() {\n this in [5..15]\n }\n}\n\nclass TenMult extends int{\n TenMult(){\n exists(int k | k in [0..10] and this = 10*k)\n }\n}\n\nfrom SmallInt i, TenMult tm\nwhere \n tm = i\n or tm =i+1\nselect tm, i\n\nThe above request return :\n\n| tm | i |\n| 10 | 9 |\n| 10 | 10 |\n\nNothing unusual.\n\nfrom SmallInt i, TenMult tm\nwhere \n tm = i\n or tm =i+1\nselect tm\n\nThe above request return :\n\n| tm |\n| 10 |\n\nwhich I also understand. Because there was tm = 10 twice they got merged\n\nHowever, I can t make sens of this request :\n\nselect count(SmallInt i, TenMult tm| \n tm = i or \n tm = i+1\n | tm)\n\nThe above request return :\n\n| [0] |\n| 2 |\n\nWhich I don t understand at all ! The expression part of the count aggregate is tm and the number of distinct value tm\ncan take for each possible assignment of the aggregation variables (that is to say : (9,10) and (10,10)) is only 1,\nbeing 10. So the result should be 1, and not 2. This is word to word interpretation from the documentation so what am I\nmissing ? Is this a bug ? Is the documentation wrong ? Actually it also makes sens that we want the result to be 1 and\nnot 2 for various reason (this example is my attempt to simplify the real request where I encountered this, I was\nrunning CodeQL over the juliet test suite and wanted to count the number of true positive. Obviously if a CodeQL request\ndetects 2 results in the same function, I only want to count this function once because each function correspond to a\nsingle test case.\n\nActually, after some tries I got this request which returns 1, as expected (this also solved my problem for the real\nrequest I was writting)\n\nselect count(TenMult tm| \n exists(SmallInt i | \n tm = i or \n tm = i+1\n )\n | tm)\n\nHowever I have no idea why the version without the exists doesn t work as I expected.\n\nEDIT : after some more testing, i looks like (9,10) and (10,10), the tm being 10 is like it not the same 10 because one\nis in the tuple with i=9 and i=10 . And ok that may expains things, but if so then I think the documentation is clearly\nmissleading, and that raises 2 other question :\n\n - is there any reason that justify this behavior ? if I want to count the number of distinct couple I would ve\n naturally put a simple class wrapper (with 2 int insides corresponding to i and tm in the expression part.\n - what s the point of the expression part in the count aggregate ? Because know I feel like this litteraly useless. In\n fact replacing expression with 1 litteraly gives the same result...\n\nThose 2 requests return the same result, even if it s obvious than expression takes only one distinct value\n\nbindingset[e]\nint foo(int e){\n result= 1\n}\n\nselect count(SmallInt i, TenMult tm | \n tm = i or \n tm = i+1\n | foo)\n\nselect count(SmallInt i, TenMult tm | \n tm = i or \n tm = i+1\n | 1 )\n\nEDIT 2 Ok nevermind, from the same documentation page, we learn that the expression part of count is indeed useless.\n\nAs a special case, you can omit the expression part from count even if there is more than one aggregation variable. In\nsuch a case, it counts the number of distinct tuples of aggregation variables that satisfy the formula. In other words,\nthe expression part is considered to be the constant 1. For example, the following aggregations are equivalent:\n\nMy 2 questions above still holds, I don t understand the logic behind it at all. And now I m convinced that the\ndocumentation about count is wrong. Or I m missing something now I don t see how a count request could have a different\nresult wether you omit the expression part or put a constant in it.\n\nAlso, VScode syntax coloration is wrong. In the following request it consider ott as an unused variable and display a\nwarning but this request returns 3 (proff that ott is in fact used)\n\nclass OneTwoThree extends int{\n OneTwoThree(){\n this = 1 or this = 2 or this = 3\n }\n}\nselect count(OneTwoThree ott | | 1)\n//returns 3\n\nNot sure about this but it seems like count behave as a monotonic aggregate.\n","created":"2024-06-07T05:54:47.000Z","hl_text":"I ve read this post and documentation but I m still confused. What s explained :\n\ncount: This aggregate determines the number of distinct values of expression for each possible assignment of the\naggregation ...","hl_title":"Why does "count" aggregate counts multiple time the same result ?","id":"6788668","num_comments":2,"number":16698,"repo":{"repository":{"id":143040428,"name":"codeql","owner_id":9919,"owner_login":"github","updated_at":"2024-06-08T22:37:48.077Z","has_issues":true}},"title":"Why does \"count\" aggregate counts multiple time the same result ?","url":"/github/codeql/discussions/16698","updated":"2024-06-07T11:39:34.000Z","user_avatar_url":"https://avatars.githubusercontent.com/u/66423373?s=48&v=4","user_id":66423373,"user_login":"ayosten"},{"body":"We re trying to look at using the importer to convert some CircleCI config for repos on our GH Enterprise server, but\ndespite using https://git.mycorp.com/ as the GITHUB_INSTANCE_URL when running gh actions-importer configure or the\n--github-instance-url param with gh actions-importer audit circle-ci, it initially errored with:\n\nMessage: Unable to locate credentials for https://github.com \n\nWhen I provide said alternative credentials via a --credentials-file it uses them to access our github.com org enumerate\npublic private repos there where we have a few - but they are old, not under CI control not the ones we want!\n\nHas anybody managed to use this with GHES?\n","created":"2024-04-17T19:12:36.000Z","hl_text":"We re trying to look at using the importer to convert some CircleCI config for repos on our GH Enterprise server, but\ndespite using https://git.mycorp.com/ as the GITHUB_INSTANCE_URL when running gh actions-importer ...","hl_title":"gh actions-importer keeps calling github.com instead of GHES instance","id":"6521022","num_comments":2,"number":294,"repo":{"repository":{"id":560182652,"name":"gh-actions-importer","owner_id":9919,"owner_login":"github","updated_at":"2024-06-03T22:07:01.300Z","has_issues":false}},"title":"gh actions-importer keeps calling github.com instead of GHES instance","url":"/github/gh-actions-importer/discussions/294","updated":"2024-06-06T16:56:01.000Z","user_avatar_url":"https://avatars.githubusercontent.com/u/2693365?s=48&v=4","user_id":2693365,"user_login":"tyrken"},{"body":"I ve been looking into the taint tracking module and I believe there s an issue when it comes to BuiltinBitCast.\nSpecifically it looks like it doesn t identify the flow to the argument of __builtin_bit_cast() and as a result the\nreturn value is never tainted. As an example, library.cc:\n\n#include absl/base/casts.h \n\nvoid outside_fun(uint64_t arg);\nvoid outside_fun2(double arg);\n\nclass ExampleClass {\n private:\n void HandleWrite(uint64_t value) {\n uint64_t test = value++;\n outside_fun(test);\n double d = __builtin_bit_cast(double, value);\n outside_fun2(d);\n }\n};\n\nBUILD:\n\ncc_library(\n name = library ,\n srcs = [ library.cc ],\n deps = [ \n @com_google_absl//absl/base:base ,\n ], \n)\n\nand query.ql:\n\nimport cpp\nimport semmle.code.cpp.dataflow.new.DataFlow\nimport semmle.code.cpp.dataflow.new.TaintTracking\n\nmodule SampleConfig implements DataFlow::ConfigSig {\n predicate isSource(DataFlow::Node source) { \n exists( Function function | \n function.getName() = HandleWrite and\n source.asParameter() = function.getParameter(0)\n )\n }\n\n predicate isSink(DataFlow::Node sink) {\n any()\n }\n}\n\nmodule SampleFlow = TaintTracking::Global SampleConfig ;\nimport SampleFlow::PathGraph\n\nfrom SampleFlow::PathNode source, SampleFlow::PathNode sink\nwhere SampleFlow::flowPath(source, sink)\nselect source, source.getLocation(), sink, sink.getLocation()\n\nCreate the db with: codeql database create database --language=cpp --command= bazel build --spawn_strategy=local\n--nouse_action_cache --noremote_accept_cached --noremote_upload_local_results //library:library and run the query with:\ncodeql query run --database=\\ path\\ /database -- \\ path\\ /query.ql\n\nIn this case the results do not include the use of value at line 11 or d at lines 11 and 12.\n\nAny ideas on how to work around this issue?\n\nThanks!\n","created":"2024-06-03T18:22:10.000Z","hl_text":"I ve been looking into the taint tracking module and I believe there s an issue when it comes to BuiltinBitCast.\nSpecifically it looks like it doesn t identify the flow to the argument of __builtin_bit_cast() ...","hl_title":"BuiltinBitCast doesn't seem to be tracked by TaintTracking.","id":"6772815","num_comments":3,"number":16655,"repo":{"repository":{"id":143040428,"name":"codeql","owner_id":9919,"owner_login":"github","updated_at":"2024-06-08T22:37:48.077Z","has_issues":true}},"title":"BuiltinBitCast doesn't seem to be tracked by TaintTracking.","url":"/github/codeql/discussions/16655","updated":"2024-06-06T15:42:20.000Z","user_avatar_url":"https://avatars.githubusercontent.com/u/110858090?s=48&v=4","user_id":110858090,"user_login":"marpom"},{"body":"I am currently using CodeQL to achieve the following goals:\n\nAnalyze the data flow of the JavaScript code and extract the data dependencies of all exec methods. Where the Source is\nset to all variable definitions and assignment expressions. In this process, I need to extract all intermediate nodes on\nall paths from Source to Sink, and extract all string constants.\n\nHere is my query:\n\n/**\n@kind path-problem\n@id javascript/execdataflowanalysis\n*/\n\nimport javascript\nimport semmle.javascript.dataflow.TaintTracking\nimport DataFlow::PathGraph\n\nclass ExecDataFlowConfig extends TaintTracking::Configuration {\n ExecDataFlowConfig() { this = ExecDataFlowConfig }\n \n override predicate isSource(DataFlow::Node source) {\n exists(VariableDeclarator v |\n source.asExpr() = v.getAChild*()\n ) or\n exists(AssignExpr a |\n source.asExpr() = a.getAChild*()\n ) or\n exists(CallExpr c |\n source.asExpr() = c.getAChild*()\n )\n }\n\n // override predicate isSource(DataFlow::Node source) {\n // exists(ExprOrStmt exprostmt | \n // source.asExpr() = exprostmt.getAChild*()\n // )\n // }\n\n\n override predicate isSink(DataFlow::Node sink) {\n exists(CallExpr execCall |\n execCall.getCalleeName() = exec and\n exists(int i |\n i execCall.getNumArgument() and\n sink.asExpr() = execCall.getArgument(i) or \n sink.asExpr() = execCall.getArgument(i).getAChild*()\n )\n )\n }\n}\n\nfrom ExecDataFlowConfig cfg, DataFlow::PathNode sourceNode, DataFlow::PathNode sinkNode, DataFlow::MidPathNode midNode\nwhere\n cfg.hasFlowPath(sourceNode, sinkNode)\nselect sourceNode.getNode(), sourceNode, sinkNode, \n\nHowever, I found that I didn t find all the string constants.\n","created":"2024-06-04T07:23:06.000Z","hl_text":"I am currently using CodeQL to achieve the following goals:\n\nAnalyze the data flow of the JavaScript code and extract the data dependencies of all exec methods. Where the Source is\nset to all variable ...","hl_title":"[JavaScript] Can I find out all the intermediate nodes on the paths from `Source` to `Sink` through CodeQL?","id":"6775248","num_comments":4,"number":16659,"repo":{"repository":{"id":143040428,"name":"codeql","owner_id":9919,"owner_login":"github","updated_at":"2024-06-08T22:37:48.077Z","has_issues":true}},"title":"[JavaScript] Can I find out all the intermediate nodes on the paths from `Source` to `Sink` through CodeQL?","url":"/github/codeql/discussions/16659","updated":"2024-06-06T12:35:56.000Z","user_avatar_url":"https://avatars.githubusercontent.com/u/34503403?s=48&v=4","user_id":34503403,"user_login":"HJX-zhanS"},{"body":"I was wondering, since there is no native support for Rust, if the community can recommend a good Rust-plugin for LGTM.\n","created":"2022-03-18T14:33:40.000Z","hl_text":"I was wondering, since there is no native support for Rust, if the community can recommend a good Rust-plugin for LGTM.\n","hl_title":"Rust plugin available","id":"3946909","num_comments":8,"number":8485,"repo":{"repository":{"id":143040428,"name":"codeql","owner_id":9919,"owner_login":"github","updated_at":"2024-06-08T22:37:48.077Z","has_issues":true}},"title":"Rust plugin available","url":"/github/codeql/discussions/8485","updated":"2024-06-04T22:59:29.000Z","user_avatar_url":"https://avatars.githubusercontent.com/u/4340405?s=48&v=4","user_id":4340405,"user_login":"BirgitPohl"},{"body":"Want to Know about the Repository that has the most commit\n\nI want to obtain detailed information about the GitHub repository that holds the record for the most commits globally.\nThe information should be retrieved using api.github.com or any other but it must be the authentic source.\n\nAnswer If Any One Knows How\n\nRegards, Huzaifa Asim GitHub - Email - Website\n","created":"2024-06-04T12:44:30.000Z","hl_text":"Want to Know about the Repository that has the most commit\n\nI want to obtain detailed information about the GitHub repository that holds the record for the most commits globally.\nThe information should ...","hl_title":"I Want to Retrieve Information About the GitHub Repository that the Most Commits in the world.","id":"6776893","num_comments":0,"number":3633,"repo":{"repository":{"id":274190073,"name":"rest-api-description","owner_id":9919,"owner_login":"github","updated_at":"2024-06-06T19:50:31.252Z","has_issues":true}},"title":"I Want to Retrieve Information About the GitHub Repository that the Most Commits in the world.","url":"/github/rest-api-description/discussions/3633","updated":"2024-06-04T12:44:31.000Z","user_avatar_url":"https://avatars.githubusercontent.com/u/64212910?s=48&v=4","user_id":64212910,"user_login":"huzaifaasim017"}],"type":"discussions","page":1,"page_count":100,"elapsed_millis":77,"errors":[],"result_count":1306,"facets":[],"protected_org_logins":[],"topics":null,"query_id":"","logged_in":false,"sign_up_path":"/signup?source=code_search_results","sign_in_path":"/login?return_to=https%3A%2F%2Fgithub.com%2Fsearch%3Fq%3Dorg%253Agithub%26type%3DDiscussions%26utf8%3D%25E2%259C%2593","metadata":null},"title":"Discussion search results"}