codeql
codeql copied to clipboard
github
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
The `AddLocalSource` classes were added in https://github.com/github/codeql/pull/15419 to make deprecating `LocalSource` classes easier. This removes them so that queries rely on `ThreatModelFlowSource`.
Specifically in Rails apps, we look for root ActionController classes without a call to `protect_from_forgery`.
This PR adds some additional sanitizers to the TaintedPath Customization due to a high number of false positives I have found after doing some research. I have added: filepath.Base strings.ReplaceAll...
Attempts to add support for tracking more than just attribute content in type-trackers. Adding the store/read steps is the most important part. This is PR is currently a draft, since...
This is part of All for one, one for all query submission, I'm going to submit an issue in github/securitylab for this pull request too. I tried my best to...
This is a follow-up to #15419. This removes the `Stored` variants of queries, as the results are now accessible by using the `local` threat model. The affected queries are: -...
How can I download standard libraries locally? Preferably stored as some sort of structured data, please!
Like [Ruby](https://github.com/github/codeql/blob/6ce8e0510f9e58bfa55e305ccafd354d1468950c/ruby/ql/consistency-queries/TypeTrackingConsistency.ql#L4-L6) we need to exclude nodes related to post-update (created as draft to ensure I didn't overlook anything important)
**Description of the issue** Hello, I made a query that seems to be working just fine using the VS Code extension. However, when I try to query my database using...
