codeql
codeql copied to clipboard
github
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
Trust Microsoft*/GitHub* Actions publishers for the unpinned actions query. Ex: ```yml # Discover where the MSBuild tool is and automatically add it to the PATH environment variable - name: Setup...
**Description of the false positive** This flagged for outputting the value of an environment variable to logs. Generally, that could be a problem. In this case, the env var clearly...
Consider this situation: ```go type T1 = T2 type T2 struct {} ``` Previously, `DefinedType.getBaseType` just gave the underlying type, so calling it on `T1` would give `struct {}`. This...
This pull request introduces deprecations and enhancements to the Go QL library, focusing on improving the link between declarations and the things that have been declared. Key changes include the...
Adds support for tracking instances via type annotations. Also adds a convenience method to the newly added `Annotation` class, `getAnnotatedExpression`, that returns the expression that is annotated with the given...
**Description of the false positive** **Code samples or links to source code** https://github.com/github/codeql/blob/dc440aaee6695deb0d9676b87e06ea984e1b4ae5/go/ql/src/Security/CWE-089/SqlInjection/ The following code has a large number of vulnerability false positives in the case of a MongoDB...
This is another issue we encountered when analysing databases created with `build-mode=none`. It appears that dataflow graphs are broken when static fields are accessed on unknown classes. Please take a...
**Description of the false positive** ``` remote: error: GH013: Repository rule violations found for refs/heads/trunk. remote: Review all repository rules at https://github.com/SwuduSusuwu/SusuLib/rules?ref=refs%2Fheads%2Ftrunk remote: remote: - Code scanning is waiting for...
CodeQL build commands file on swift packages that use toolchain version 6.1
