codeql
codeql copied to clipboard
github
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
I’ve had two cases where I helped with user questions about Gradio [here](https://github.com/github/securitylab/discussions/870) and [here](https://ghsecuritylab.slack.com/archives/CQJU6RN49/p1748612269781049?thread_ts=1748419582.864919&cid=CQJU6RN49), which concern false negatives. The first case was missed due to CodeQL not propagating from...
CodeQL is unable to extract and parse a Python3 file with the following line: ``` match["something"] = somethingelse ``` The CodeQL errors just reportsa syntax error and, logs aren't helpful....
Hi, for the following snippet i'm interested in finding out what nodes flow to `s + c` node. ```javascript function main() { let s = window.location; let c = "";...
I've added support for creation [Axios](https://github.com/axios/axios) instances using `create({ ... })`
**Description of the issue** Hi all, I'm building on the Ruby language's [`Http::Client::Request`](https://codeql.github.com/codeql-standard-libraries/ruby/codeql/ruby/Concepts.qll/type.Concepts$Http$Client$Request.html) class, particularly [`NetHttpRequest`](https://codeql.github.com/codeql-standard-libraries/ruby/codeql/ruby/frameworks/http_clients/NetHttp.qll/predicate.NetHttp$NetHttpRequest$NetHttpRequest.0.html). This is going well, except `NetHttpRequest` appears to be somewhat of an outlier compared...
Hey , I noticed that you are considering only two states: 1. One regarding the path normalization if it is done or not before the safe check 2. Second concerns...
I've added the `client-response` threat model to the Threat Modelling shared library. This is a new local threat model that includes the sources of client libraries (mainly focuses at JavaScript...
This PR introduces three queries for thread-safe classes, corresponding to three properties that such classes must possess, known as - P1: No escaping - P2: Safe publication - P3: Correct...
**Description of the false positive** The CodeQL analysis is reporting a "Statement has no effect" false positive when using Apache Airflow's operator chaining syntax with >>. This is a valid...
