codeql
codeql copied to clipboard
github
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
This should fix the issue reported by @alex-slynko. I think it's reasonable to just add these calls as copy steps in general. --- Does this warrant a change note? I...
**Description of the issue** I tested CodeQL on JS, which handles postMessage validation. The rule for detecting the absence of an origin check in the postMessage handler function does not...
Our [project](https://github.com/codecentric/chaos-monkey-spring-boot/actions/runs/7928192741/job/21645971548?pr=442) uses codeql autobuild with maven and java, with no issues in the past. However, current versions of a maven plugin (asciidoctor) requires a more recent maven version. It...
CodeQL runs currently fail when the go.mod is set to version 1.22.0. Go 1.22.0 was released on 2024-02-06. The error message (as seen [in this run](https://github.com/jmhodges/howsmyssl/actions/runs/7937623723/job/21675157185?pr=631)) of the failing step...
I'm getting about 20 of these on my code but I'll only show one because they're all the same. CodeQL is identifying this as a potential use after free because...
I am trying to run the codeql scan on a azure devops repo, with the steps defined in the official documentation. Without putting GHAS task inside the yaml file build...
**Description of the false positive** This shouldn't be included because there is an adequate guard protecting against a path traversal payload. **Code samples or links to source code** ```java private...
**Description of the issue** The codeql runs in a PR (https://github.com/deepmodeling/deepmd-kit/pull/3199, commit https://github.com/deepmodeling/deepmd-kit/pull/3199/commits/ce87afc5be720c15fac114927052104028093764). It hung at: ``` [88/168 eval 3.7s] Evaluation done; writing results to codeql/python-queries/Variables/MultiplyDefined.bqrs. Starting evaluation of codeql/python-queries/Variables/UnusedModuleVariable.ql....
**Description of the issue** I added a simple/default python config to a repo (https://github.com/envoyproxy/pytooling/commit/11d2fe8a6535444f9a3eba1d91d15e32362375db) When it runs it always hangs at exactly the same place - the tail of the...
