codeql
codeql copied to clipboard
github
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
Many things are happening in this PR, all of which are outlined below. Commit-by-commit review is highly recommended. All the tests should pass on every commit. ## ~~1: Disable parts...
I'll split this into more meaningful commit chunks when I pull the PR out of draft (and also write an actual description of the whats and whys of this PR).
This is abandoned external PR https://github.com/github/codeql/pull/6716, but I have also written tests and ported the hardcoded-creds queries to use inline-expectations tests so it's practically possible to verify that the results...
Included the methods that might receive hard-coded credential material in their parameters from some of the most used SSH, FTP, and MongoDB Java libraries in the Maven official repository to...
This query warns about `android:debuggable="true"` set in the application section of the `AndroidManifest.xml` file.
The previous version was from back in March. The updated version of `codeql-action` is the latest `main` + a commit that adds `ql` as a supported language. TODO: - wait...
This PR adds a query to detect implicitly exported components in `AndroidManifest.xml` files.
New queries to address some of the major security issues discussed at [azure-activedirectory-identitymodel-extensions-for-dotnet ValidatingTokens wiki](https://aka.ms/wilson/tokenvalidation)
