codeql
codeql copied to clipboard
github
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
This can also serve for a place to add tests for constructs like threading.Thread, mulitprocess.Process, concurrent.futures.ThreadPoolExecutor, and concurrent.futures.ProcessPoolExecutor. ### Pull Request checklist #### All query authors - [x] A change...
Hello, I am trying to detect a scenario where sensitive information is exposed via an error message. For example, ``` protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {...
Hello, I am analyzing the dataflow paths for some of my queries and noticing some steps are being left out—specifically, the steps related to assignments. For example, ``` String value1...
Remove the workaround in `rust/unused-variable` that restricts results to files called `main.rs` (because we were getting far too many results otherwise). Once the necessary fixes are in, we can check...
Update the TS extractor to escape Double Quotes in the node_types and Automatic quote escaping when using String expressions for QL generation.
I am new to CodeQL. Here is the scenario I have. I am trying to retrieve the parameters of all public methods in a controller class. if the parameter type...
It's redundant. No changenote as this is at the dbscheme level.
The root definition (https://github.com/github/codeql/blob/main/java/ql/lib/semmle/code/java/Type.qll#L347, https://github.com/github/codeql/blob/main/java/ql/lib/semmle/code/java/Type.qll#L1230) already handles these cases.