Jaroslav Lobačevski
Jaroslav Lobačevski
Because I’m tired of being ignored.
I had to rebrand because I need a page for new analysis items. There are more to just ignored pull request. Btw I don’t mind when there is an argumented...
Before you realize the `pull_request_target` **doesn't checkout the pull request files** by default and fix it to explicitly checkout `head.ref` I suggest you reading https://securitylab.github.com/research/github-actions-preventing-pwn-requests
Hi, the important prerequisite for the dangerous pattern of `pull_request_target` is the usage of untrusted data, most commonly an explicit checkout of `github.event.pull_request.head` as in the example above. There are...
Do I understand correctly that adding the `System.Memory` nuget package to the stand alone project should fix it?
One FP pattern I have noticed is when the taint from `char*` is transferred to `int` through `strlen` and causes false positives. I think for this query a string to...
~~The query doesn't find the vulnerability in tinygltf built from changset 0fa56e239c77cc864dc248842e8887d985cf8e3f. Please fix it.~~
I see why it doesn't find. Please, disregard.
I switched the sink to `any()` to see all reachable nodes (I think it was Pavel who has shown the technique in one of CodeQL videos) and it looks to...
@intrigus-lgtm Could you please add the sanitizer?