codeql
codeql copied to clipboard
github
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
https://github.com/github/codeql/blob/590e93d8edec4d7216935ed4425a7ab77b3b2f34/go/ql/src/Security/CWE-681/IncorrectIntegerConversionQuery.ql#L13 We've seen people trying to "fix" reports based on this tooling. I spent some time tracing the flow of one such incident: https://github.com/argoproj/argo-cd/pull/18436#issuecomment-2359634170 For my reference, I used https://github.com/check-spelling-sandbox/argo-cd/security/code-scanning/3...
Completely broken for now, no extraction seems to be going on.
In this PR we generate mixed summary models (and corresponding neutrals) and sinks for the following libraries frameworks - https://github.com/gradle/gradle - https://github.com/apache/avro - https://github.com/qos-ch/slf4j - https://github.com/apache/xmlbeans - https://github.com/androidx/androidx This was...
This PR changes the diagnostics we emit when the extractor's call to `packages.Load` returns no packages: - The diagnostic emitted by the extractor has been downgraded from an error-level diagnostic...
### Pull Request checklist #### All query authors - [ ] A change note is added if necessary. See [the documentation](https://github.com/github/codeql/blob/main/docs/change-notes.md) in this repository. - [ ] All new queries...
### Pull Request checklist ~does a query removal require a changenote?~ added I propose removing this query, as it is subsumed by the logic of [EmptyBlock which does also cover...
**Description of the issue** Svelte is gaining traction as a frontend web framework. It would be awesome for codeql to support `.svelte` files
