codeql
codeql copied to clipboard
github
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
Before this PR, store steps where the target node would clear the stored content via `clearsContent` would get filtered away. However, it is convenient to be able to only filter...
Promotes the query `go/uncontrolled-allocation-size` (previously [`go/denial-of-service`](https://github.com/github/codeql/pull/15130)) from experimental. Sinks and barriers have been reused from `AllocationSizeOverflow` due to their similarities. This adds coverage for CVE-2023-37279 and CVE-2023-2253.
At present, none of the code in this PR has any effect, as the internal copy is still used for the build and CI. However, the changes in this PR...
I borrowed the query from UseAfterFree.ql present in CodeQL repo and modified to include a custom free function, but the query is not flagging UAF. ``` import cpp import semmle.code.cpp.dataflow.new.DataFlow...
I want to extract all unit test methods (Junit 4 or 5) and the corresponding methods that they test. I want to learn how to write a query for this....
My .NET solution has a project that uses a `dotnet tool` command to generate code from an OpenApi spec, this works fine in my GH workflows and local environment but...
I want to try codeQL on the Unity program of its C# code in its assets folder. I could execute "msbuild xxx.sln" in my local environment. However, when I try...
**Description of the false positive** The user input/log string is handled inside an extension log method and sanitized. We are getting a false positive warning from our Logging extension method....
