codeql
codeql copied to clipboard
github
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
This is currently the bare minimum for the UX team to build against.
Hello, I have a case where I sanitize user inputs using log4j2 Pattern rule to escape '\n' and '\r' using the encode pattern %encode as follows where the user provided...
Please, find in this pull request a new query "Unicode DoS" (CWE-770).
**Description of the issue** When executing a `csharp` run on a repository, the SARIF produced has `NaN` values in it and causes errors in the workflow. **Workflow Error** _Code Scanning...
Consider the following example: ##### MyCallable.qll ```codeql import java class CallableByErasure extends Callable { override predicate hasQualifiedName(string package, string type, string name) { this.isDeclaredIn(package, type) and this.hasName(name) } predicate isDeclaredIn(string...
**Questions** - According to https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/, only few compilers are supported. The supported compiler are old versions (clang12 and gcc11). Is there any issue to use latest version og these compilers...
Hello, I am trying to create a few dataflow queries for python and I noticed that the Dataflow module is unable to do taint tracking through indirect calls. ```py def...
This is part of All for one, one for all query submission, I'm going to submit an issue in github/securitylab for this pull request too. I've added sanitizers as much...
as it should be covered by `SummarizedCallableFromModel` Also move things around, to look more like the Ruby code. Thanks to @aschackmull for finding this.