CodeQL-Community-Packs

CodeQL-Community-Packs copied to clipboard

Kwstubbs

This pull request includes a small change to the `configs/synthetics.yml` file. The change adds a new path to the `paths-ignore:` section, specifically `**/wwwroot/lib/**`, to exclude it from certain operations or...

felickz

GeekMasher

CSRF validation missing - enhanced rule forked from main CodeQL queries: https://github.com/advanced-security/codeql-queries/pull/157 - adds a hit on this repo: https://github.com/appsecco/dvcsharp-api

felickz

Go: Local Sources

1

GeekMasher

This is currently the best reference that aggregates this list of installed/vendored dependency folders that cause CodeQL to report vulns in 3rd party code. Ex: https://github.com/nodejs/node/tree/main/deps Ref: - https://ghsecuritylab.slack.com/archives/CQJN6KQHX/p1718740573865399

felickz

GeekMasher

GeekMasher

Update synthetics config to remove test dir

2

GeekMasher

Add local sources to audit config

1

``` - name: Initialize CodeQL uses: github/codeql-action/init@v3 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} config-file: GitHubSecurityLab/CodeQL-Community-Packs/configs/default.yml@main config: | threat-models: local ``` > Warning: Both a config file and...

felickz