codeql
codeql copied to clipboard
github
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
I investigated a case where we didn't flag up a [result](https://github.com/rubygems/bundler/blob/674966e21cc7257dd52797ef56ee9628c3ce1bc6/lib/bundler.rb#L187) for the rb/overly-permissive-file query . This pull request implements the improvements needed to flag up that result, and makes...
Recognise send_file as a FileSystemAccess This method is available in ActionController actions, and sends the file at the given path to the client.
This implementation is dependent on features that are not yet in a stable CLI release, so CI will fail! I'm putting this here to get some early feedback on how...
In semi-recent versions of ruby the `YAML` module is an alias of `Psych`. https://ruby-doc.com/stdlib-3.0.1/libdoc/yaml/rdoc/YAML.html
Bumps [actions/setup-dotnet](https://github.com/actions/setup-dotnet) from 2 to 3.0.0. Release notes Sourced from actions/setup-dotnet's releases. v3.0.0 This major release includes the following changes: #219 New input dotnet-quality was added in #315: - uses:...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
**Summary:** This PR adds flow steps to model the routing aspect of a [deeplink](https://developer.android.com/training/app-links#deep-links)-handling Android component (i.e. wire the [Intent](https://developer.android.com/reference/android/content/Intent) being sent from the deeplink router to its destination). **Description:**...
This takes us part of the way. We still get multiple paths for the same alert, but that will be fixed in a different PR.
Similar to [`ql/dead-code`](https://github.com/github/codeql/pull/8431), but does not consider public APIs as live. That means any code that doesn't affect any (known) query is flagged. The query is therefore good at detecting...