codeql
codeql copied to clipboard
github
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
While developing, things changed majorly 2-3 times, and it just wasn't feasible to go back and write a really nice commit history... so this is what you get instead. I've...
As a real consistency query, so it will be run as part of ALL tests. (which might make CI take longer, but the value is nice I think) I've made...
Add support for the languages Ruby and Swift based on the language codes used in the queries.
Hi, I learn how to write ql to do dataflow analyse, and then I want to detect memory leak like missing `free` after `malloc`. But I met a problem, I...
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 3 to 4. Release notes Sourced from actions/setup-python's releases. v4.0.0 What's Changed Support for python-version-file input: #336 Example of usage: - uses: actions/setup-python@v4 with: python-version-file: '.python-version' #...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Gets a TP/FP for CVE-2022-29078. [Latest performance evaluation shows a ~1.5% performance regression](https://github.com/github/codeql-dca-main/tree/data/erik-krogh/aliasFlow-try-more-threads-again__1/reports). And [an evaluation on default.yml](https://github.com/github/codeql-dca-main/tree/data/erik-krogh/aliasFlow__default__code-scanning__7/reports) shows about the same performance regression. I've battled the performance evaluations on...
When I compile some projects, I use `configure` and `make `to create a database. But some code in `#if `or `#ifdef`. Maybe there are conditions that need to be met...
- `ImportStaticTypeMember` and `ImportStaticOnDemand` are now properly considering inherited members (except for inherited member types, see #5596). - `ImportStaticOnDemand` predicates do not have non-`static` members and initializer methods as results...
This hopefully makes it a bit easier to use the Javadoc classes `JavadocParent` and `JavadocTag`. Though if you think these changes are not worth it, feel free to close this...