codeql
codeql copied to clipboard
github
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
This introduces a first version of a generated IPA layer. ## Schema In `schema.yml`, types can be marked with either ```yml MyType: _ipa: from: OtherType ``` or ```yml MyType: _ipa:...
The culprit: ``` Tuple counts for PointsTo::InterProceduralPointsTo::scope_entry_value_transfer_from_earlier#741b54e2#ffff#join_rhs/5@eb1340iv after 12.6s: 72973 ~3% {2} r1 = JOIN PointsToContext::TImportContext#cf3039a0#f WITH Definitions::NonEscapingGlobalVariable#class#486534ab#f CARTESIAN PRODUCT OUTPUT Rhs.0, Lhs.0 'arg1' 537932 ~0% {3} r2 = JOIN...
https://lgtm.com/projects/g/hydro-dev/Hydro/snapshot/3fa893624d561c03ad1f2d3449ff91b47f6bbf0b/files/packages/hydrooj/src/service/server.ts?sort=name&dir=ASC&mode=heatmap#x3db6b2ce861a6fb2:1
**Description of the false positive** Within the project module `cogent3.util.io`, importing from the standard library `io` is incorrectly labelled as a cyclic import. **URL to the alert on the project...
When creating a database with javascript as the language, I expect .json files to be included. But, they are not. **Steps to reproduce**: 1. Create a folder `t` 2. Create...
**Description of the false positive** `java.validation.constraints.*` are not identified for input validation. For example in following example the `id` path param is considered to be insecure. Example ```java import javax.validation.constraints.Max;...
this query looks for undefined behaviors associated with a malloc call with size zero. in this case, we can get a non-zero answer and we will no longer be able...
It looks like codeql doesn't support .net minimalApi. I created a [sample project](https://github.com/feitzi/AdvancedSecuritySample) to describe this issue. In this project I have two redirect methods, they to the same. One...
This query is looking for a simple error condition in the argument. It seemed to me that in working with this problem, the functions of working with ssl were undeservedly...