codeql

codeql copied to clipboard

I created a sample SQL Server injection attack, and CodeQL is not recognizing the vulnerability. If I do the same thing for a PostgreSQL database, it recognizes the vulnerability. No...

mbowlin-insight

The following pull request explicitly marks `Sinon`’s package `match` calls as non-RegExp in order to avoid false positives.

Napalys

hvitved

I picked this commit out of #17846 because it doesn't rely on any of the controversial API changes that are holding back that PR. It appears there are no tests...

jbj

Add support for Oracle Call Interface (OCI) to C/C++ coverage

5

**Description of the issue** The [Oracle Call Interface (OCI)](https://www.oracle.com/ca-en/database/technologies/appdev/oci.html) is the main low-level C API for Oracle databases. CodeQL lacks coverage for it, particularly for SQL injection sinks. While I...

ebickle

Example prior work: https://github.com/github/codeql/pull/18848

d10c

Rust: New query rust/access-after-lifetime-ended

3

New query `rust/access-after-lifetime-ended`, for detecting pointer dereferences after the lifetime of the pointed-to object has ended. Makes use of some existing tests that were created for `rust/access-invalid-pointer` (before I realized...

geoffw0

This is on top of https://github.com/github/codeql/pull/19524

redsun82

This is to be merged after we do the upcoming release cut.

redsun82

redsun82