codeql
codeql copied to clipboard
github
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
Removes three queries from the JS qlpack, which have been superseded by newer queries that are part of the Actions qlpack: * `js/actions/pull-request-target` has been superseded by `actions/untrusted-checkout/{medium,high,critical}` * `js/actions/actions-artifact-leak`...
This PR implements support for overloaded index expressions. The implementation is very similar to the existing overloaded operators. Like the desugaring of `*` the desugaring of `..[..]` includes a `*`...
- Adds flow through the [use function](https://react.dev/reference/react/use) from `react`. - Marks parameters of a ["use server" function](https://react.dev/reference/rsc/use-server) as taint sources. - Also makes the React unit tests use inline expectation.
**Description of the issue** Seeing this error in the CodeQL run: `A parse error occurred. Check the syntax of the file. If the file is invalid, correct the error or...
Observe that MS calculator is currently broken in DCA. I don't think missing out on the project is critical for this PR. I've opened https://github.com/microsoft/calculator/pull/2347 to hopefully get this resolved.
Adds type inference for `for` loops and array expressions. Currently for `for` loops this is limited to loops iterating through arrays. @hvitved please advise. - I think for the more...
There will need to be followup changes on the QL side before querying will work, but this is enough to be able to build an overlay database for Ruby.
Converts the remaining `{go,swift,ruby}-code-scanning.qls` query tests to `.qlref`. Example prior work: https://github.com/github/codeql/pull/18848 In the Go IncorrectIntegerConversion case, the `#select`, `edges`, and `nodes` query predicates have different results depending on whether...
