codeql
codeql copied to clipboard
github
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
**Description of the issue** A fresh download of the CodeQL bundle shows errors when running: ``` ./codeql resolve qlpacks ``` The errors shown seems to be false positives because they...
**Description of the false positive** I'm writing functions to add files to an SQL database, and CodeQL has flagged that the file paths are a potential security risk. I have...
First many Python commits from https://github.com/github/codeql/pull/17203 -- this PR mostly follows the structure of that PR. The most interesting aspect of this PR is that in ebb9f4a I was only...
This PR modifies Java queries in the Code Scanning suite to support restricting alerts based on source location, with the restrictions configured through extensible predicates.
This PR adopts the newly introduced shared [SSA data-flow integration layer](https://github.com/github/codeql/pull/16884). A side-effect is that we get [phi-input barrier guards](https://github.com/github/codeql/pull/15985) for free, which had not previously been ported to C#.
**Description of the issue** The CodeQL c-cpp workflow on the [OpenEXR](https://github.com/AcademySoftwareFoundation/openexr) repo began failing on July 27. We use the default [configuration](https://github.com/AcademySoftwareFoundation/openexr/blob/main/.github/workflows/codeql.yml), and runs have traditionally taken 4-12 minutes, but...
From a comment posted to https://github.com/github/codeql/issues/7535 by @dwnusbaum: We are using the `java.compiler` module and `JavaCompiler` as part of our (Maven) build process. Here is the full stack trace in...
Hello, I am currently trying to create a query that will allow me to determine whether a servlet message contains sensitive information. ``` import java import semmle.code.java.dataflow.TaintTracking import semmle.code.java.frameworks.Servlets import...
