codeql
codeql copied to clipboard
github
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
I'm trying to create a codeql database for the openharmony project (https://github.com/openharmony/manifest). Although I can get a packed database, lots of files are not included in the database. I checked...
The code analysis run duration increased from mins to hours from 2.16.4. I've attached the runtime options as pdf for both versions below [2.16.4.pdf](https://github.com/github/codeql/files/15240366/2.16.4.pdf) [2.16.3.pdf](https://github.com/github/codeql/files/15240367/2.16.3.pdf) It was consistently in the...
**Context** In Go 1.21, the Go team started making a distinction between _language_ and _toolchain_ versions. Historically, the Go version is declared with a `go` directive in a `go.mod` file,...
I am trying to run CodeQL on ServiceFabric codebase and its being very slow when I pass `--command`. My understanding is when we pass `--command` CodQL invokes this command at...
**Description of the false positive** This rule fires when you make a slice from the length of another slice and add a small constant size to it. It's literally impossible...
In one of our projects we have identified a python SQL Injection Vulnerability for CWE-089 which doesn't appear to be being identified by the python SqlInjection.ql found here: https://github.com/github/codeql/tree/main/python/ql/src/Security/CWE-089/SqlInjection.ql Here...
This encapsulate arch specific logic, local installation and separation of zip files into generic and arch-specific parts as required by the internal build. Moreover, it introduces `codeql_pkg_zip_import`, which allows to...
### Targeting a feature branch This PR is targeting a branch named `js/shared-dataflow-branch`, not `main` as we normally would. - Merging into `main` will happen at a later point, and...
