codeql

codeql copied to clipboard

False positive for cs/dereferenced-value-is-always-null in CSharp

2

**Description of the false positive** Hi, I wonder if this is a false positive in cs/dereferenced-value-is-always-null. From my understanding, the program would never run L975. **Code samples or links to...

wwwjwww

hvitved

Test updates after extractor changes

jketema

As pointed out in https://github.com/bazelbuild/bazel/issues/21768, bazel 7 moved multi-arch macOS toolchain support to `apple_support`, so building Swift (which must target `x86_64` for now) was broken. Internally in the codeql CLI...

redsun82

Go: Convert models for variadic functions to use models-as-data

2

These were not converted when most of the rest of the models were converted in https://github.com/github/codeql/pull/12750 because at the time flow didn't work through variadic parameters when using models-as-data. That...

owen-mc

JS: Env Injection query

2

Detect user-controllable environment variable injection that can lead to security issues.

am0o0

JS: Extends CredentialsNode class mostly related to JWT authentication packages

3

am0o0

How to write Metadata for queries to get Call Graph in JavaScript?

3

I want to get a call graph in JavaScript. I have found a solution in #9458 . But when I add query metadata to the query, for example ``` /**...

flyboss

krishnprakash

Rewrite recommendations for the query `cpp/no-space-for-terminator`

1

This PR aims to improve the recommendations with the following changes: - Replace segmentation fault with crash that is platform agnostic (I think segmentation fault is not really a thing...

rvermeulen