codeql
codeql copied to clipboard
github
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
The tests are failing, and that's expected (there is an internal PR that updates the expected output). I've been working on making the alert-messages consistent across languages, and some fan...
As pointed out by @asgerf, the inherent imprecision when comparing floats (and complex numbers) makes them unsuitable for tracking precise hash index information. We therefore simply treat reads and stores...
**Description of the false positive** **URL to the alert on the project page on LGTM.com**
Add a table of platform requirements (OS, OS version, CPU architecture). Add a list of additional language-specific software requirements. Preview: 
Bumps [github.com/labstack/echo/v4](https://github.com/labstack/echo) from 4.1.17 to 4.9.0. Release notes Sourced from github.com/labstack/echo/v4's releases. v4.9.0 Security Fix open redirect vulnerability in handlers serving static directories (e.Static, e.StaticFs, echo.StaticDirectoryHandler) #2260 Enhancements Allow configuring...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Rather than using lock files and rewriting TRAP file, and storing the metadata in a .metadata file, we now encode the metadata in the filename and rename all but the...
Add a query for checking for an exported `` element in `AndroidManifest.xml` which has improperly configured permissions. Cf. [GHSL Research], [CVE-2021-41166] [GHSL Research]: https://securitylab.github.com/advisories/GHSL-2021-1007-Nextcloud_Android_app/#issue-2-permission-bypass-in-disklruimagecachefileprovider-ghsl-2021-1008 [CVE-2021-41166]: https://nvd.nist.gov/vuln/detail/CVE-2021-41166
