codeql
codeql copied to clipboard
github
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
We used to have taint steps from any element of a collection to the entire collection (see [here](https://github.com/github/codeql/blob/main/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll#L171-L192)). These are very imprecise, leading to false positives (e.g. seen [here](https://github.com/github/codeql/issues/17008#issuecomment-2233920861) and...
**Description of the issue** I'm practicing securitylab's Codeql-and-chill, https://securitylab.github.com/ctf/codeql-and-chill/ and I found four data flows using the following codeql rules, with one missing,However, in my test demo, the missing data...
**Description of the issue** I want to write a query to find the nested structs in an struct in Golang. Let's say my struct is something like: ``` type SomeStruct...
Bumps [regex](https://github.com/rust-lang/regex) from 1.10.4 to 1.10.6. Changelog Sourced from regex's changelog. 1.10.6 (2024-08-02) This is a new patch release with a fix for the unstable crate feature that enables std::str::Pattern...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Entra ID as SAML IdP Causes CodeQL to Fail with Self-Signed Certificate Found in Certificate Chain
### Environment - GHES 3.13.0 on Azure VM STIGd to 98% (working fine) - EntraID SAML setup for GitHub **NOTE: Tried OIDC however GitHub 3.13.0 goes to the Azure commercial...
When I try to run `codeql pack download ...` I get the following error. ``` > codeql pack download codeql/javascript-queries Package specifications to check for download: codeql/javascript-queries A fatal error...
JUnit Tests using JUnit 5 are reported as java/unused-reference-type. This is because the JUnit 5 convention is to use package scoped class and method names. This rule should be checking...
