codeql
codeql copied to clipboard
github
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
Now that they are run internally using QLucie.
Adds [`_.groupBy`](https://lodash.com/docs/4.17.15#groupBy) as a taint step. This is analogous to the `GroupByTaintStep` class, which does the same for `Object` and `Map`. https://github.com/github/codeql/blob/d83cbde1cb1263fb476a55ea5fd7972307138905/javascript/ql/lib/semmle/javascript/Collections.qll#L158C1-L166C4
Adds NestJS middlewares as remote flow sources and improves dependency injection in several ways (each commit message explains what it adds support for).
This PR introduces two fixes in the `cpp/global-use-before-init` query, which currently has two very basic inaccuracies. ## Write after read Consider the following example. ```cpp int x; int main() {...
cc @nickrolfe , @aschackmull , @alexet
Hi, I have been learning to use CodeQL recently. I was trying to find all expressions that reach the `len` parameter of `memcpy`, and in the results, there is a...
Hello there. I seem to have a stuck GitHub Actions workflow. When I tried to push to GitHub yesterday, I got the following error: ``` remote: error: GH013: Repository rule...
After discussions with @knewbury01 i'm sharing our changes for the axios library. They work for us, but of course need to validate and check if they don't make FP for...
