codeql
codeql copied to clipboard
github
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
Identifies the mistake fixed in this PR: https://github.com/github/codeql/pull/8380 Basically, a transitive closure might restrict the type when you do zero steps through it, which might not be intentional. I think...
Hi there, This merge request ports these two similar queries to C#: * [[Java] CWE-348: Using a client-supplied IP address in a security check #5631](https://github.com/github/codeql/pull/5631) * [[Python] CWE-348: Client supplied...
This PR adds a new query, `IncompleteMultiCharSanitization`, which is a port of a JS query of the same name. It finds cases where a regex is used to strip a...
As documented at https://kotlinlang.org/docs/annotations.html#constructors, annotation properties of type KClass get rewritten when targeting the JVM.
In some situations,codeql will connect unrelated nodes and believe that there is a flow between them. for example,when using TaintTracking::Configuration or sinkNode. Example: Java file: ``` import java.net.MalformedURLException; import java.net.URL;...
this query finds certificate situations without name validation. I tried to take into account all cases of name processing, so there are old methods. CVE-2010-1155 CVE-2013-7449 CVE-2016-10937 I had some...
This query finds memory that might no be freed in a loop. For exemple : ```c for(int i = 0; i < 10; i++){ char* notfree = malloc(0x100); if(i ==...
Initially I started with refactoring the HTTP models to use dataflow nodes. That was done surprisingly quick, so I continued with more library models. I've made deprecated aliases where a...