codeql
codeql copied to clipboard
github
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
**Description of the false positive** In a c# project, we are using NWebsec.AspNetCore.Middleware's ([docs](https://docs.nwebsec.com/en/latest/nwebsec/NWebsec.AspNetCore.Middleware.html)) ApplicationBuilderExtensions to set the X-Frame-Options policy. The scanner, however, reports Missing X-Frame-Options HTTP header (cs/web/missing-x-frame-options) as...
**Description of the false positive** In a C# project, we have dozens of potential false positives for "Insecure Direct Object Reference (cs/web/insecure-direct-object-reference)" and "Missing function level access control (cs/web/missing-function-level-access-control)" due...
I use command creating databases , like : `codeql database create C:\test\codeql-database --source-root "E:\test-project-code\src" --language=cpp --command="call build_win_codeql.bat" --threads=0 --verbose --overwrite --mode=clear --min-disk-free=100000` it built project successful, but it takes too...
I am encountering an issue with CodeQL version 2.17 when using the new `--build-mode=none` option for Java on CentOS Linux 7 (Core). Despite specifying this option in the `codeql database...
please support newer kotlin versions.  https://github.com/Zoxcore/trifa_material/actions/runs/8117069571
Downloading the latest version (2.17.0) and running just the executable without any arguments, prints warning `/Users//.config/codeql/config:1: Warning: Ignoring line with no option name."` when this config file is present. ```...
Summary While conducting a CodeQL scan on a JavaScript project, multiple queries (query0.ql through query11.ql) encountered an error at a specific iteration (iteration 56) within the ApiGraphs::API::Impl::defStep/2#c19437fe. This issue appears...
I want to know if it is possible to run the codeQL queries for a C# code without building it. I am using Advanced Security inside Azure devops, which requires...
related log: ```log [2024-03-26 13:08:51] (664s) >>> Created relation gadgets#0b9c9d51::getParaPointerIndex#1#ff/2@0e72064q with 5120 rows and digest 8c17e92ufpma1sptlsm3ibgk848. [2024-03-26 13:08:51] (664s) No need to promote strings for predicate gadgets#0b9c9d51::getParaPointerIndex#1#ff as it does...
