codeql
codeql copied to clipboard
github
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
This adds a new shared Guards library, which provides complex implication logic between guards. The implementation is heavily inspired by the corresponding Java and C# versions. The Java Guards library...
The old logic relied on parameters having a pattern, which is not the case for parameters extracted from library code. The updated test output reveals that we do not handle...
Hello, I'm not familiar with `isAdditionalFlowStep`, so there might be some issues with the rule I wrote. Could you please help me take a look? ```java public class HashMap extends...
Hello, I am getting some false positives with some of my queries, which are usually centered around a source node flowing into an object and then other data from that...
First of all, thanks for your hard work! I'm a huge fan of CodeQL, and I think support for GitHub Actions within it is amazing. I'm filing this because I...
Hello CodeQL team, I would like to raise awareness that the newer `.slnx` solution format introduced by Microsoft is currently not supported by the C# extractor in CodeQL. The following...
This PR makes these changes: 1. In `FlowSummaryPrivate.qll`: Added support for `anyProperty` content set in flow summaries: - Please confirm this is the correct way to support this. I needed...
This pull request improves the detection of buffer overflow issues in the `OverflowCalculated.ql` query. ### Improvements to buffer overflow detection: * **Enhanced query description**: The description of the query has...
Improve the TypeORM model with the Repository API https://orkhan.gitbook.io/typeorm/docs/repository-api, which includes the `.query(sink)` SQL injection sink.