codeql

codeql copied to clipboard

Ruby: Change how we pull in `shared/tree-sitter-extractor` dependency

1

Previously, we pulled in the shared tree-sitter extractor via a `git` dependency in `Cargo.toml` to address a `rules_rust` limitation (no `path` dependencies outside of the cargo workspace)). This was a...

criemen

redsun82

C# POC: Add binary log based extraction

1

tamasvajk

LGTM.com - false positive - cs/dereferenced-value-is-always-null when passed by ref to a method like Array.Resize

2

**Description of the false positive** In general, the `cs/dereferenced-value-is-always-null` rule makes sense: https://lgtm.com/rules/1506094316834/ However, if a local is passed to a method by `ref`, it is possible that the method...

ahsonkhan

C#: Re-generate .NET 8 Runtime models.

1

Re-generating the .NET runtime models revealed the very broad set of database (reader) sources. Since we are now generating models that applies to all subclasses of database reader, the issue...

michaelnebel

C++: Decompression Bombs

22

This is part of All for one, one for all query submission, I'm going to submit an issue in github/securitylab for this pull request too. this query will be upgraded...

am0o0

codeql-ci

Unable to resolve CodeQL SSRF warning for a HTTP request function that takes pip package names as input

4

I'm working on a function that returns a HTTP response from https://pypi.org/simple/ when Python's `pip` installer requests it for a package. When pushing my code onto GitHub, the CodeQL checks...

tieneupin

Update go's copy of `ExternalFlow.qll` to bring it in line with java and csharp's. - Add support for neutral models. - Change the way that the receiver is referred to...

owen-mc

Same as https://github.com/github/codeql/pull/16500 for Java.

hvitved