codeql
codeql copied to clipboard
github
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
There is an autogenerated MaD for System.Net.Http.HttpRequestMessage constructor where `Uri` class is one of the parameters. However, it's missing the overloaded constructor where the parameter is a string URL. -...
This PR adds a new medium precision query `cpp/type-confusion` to detect issues such as: ```cpp struct Animal { virtual ~Animal(); }; struct Cat : public Animal { Cat(); ~Cat(); };...
Currently we can only use `@kind problem` and `@kind path-problem` queries with query suites. Other queries need to be run manually and they end up in a separate format (`.bqrs`...
This PR fixes a subtle problem in the C++ SSA. Consider an example such as: ```cpp void test() { int x; sink(&x); } ``` a basic requirement for SSA is...
Adds more models for the `environment` and `commandargs` local source kinds. This primarily focuses on the .NET standard library and the `Microsoft.Extensions.Configuration` library.
This pull request adds a query for Permissive CORS to prevent CSRF attacks for Apollo Server. I plan to add a couple more libraries, so I'll leave it in draft...
