codeql
codeql copied to clipboard
github
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
This should be a simple semantics-preserving refactor to eliminate references to `TNormalCall`.
After upgrading to CodeQL 2.19.1 to get Java 23 support (see issue #17564), the Java 23 project is still not analyzed successfully by CodeQL. Example project here: https://github.com/danishnawab/codeql-java23/tree/master ## Java...
**Description of the issue** CodeQL scan is not picking up SQL Injection vulnerability in the following Azure Function trigger: ```csharp using System.Net; using Microsoft.Azure.Functions.Worker; using Microsoft.Azure.Functions.Worker.Http; using Microsoft.Data.Sqlite; using Microsoft.Extensions.Logging;...
Hi there, I'm a committer for the Chromium project & we've been experimenting with building CodeQL databases of Chromium. Recently, we upgraded the version of CodeQL we were using to...
C# Dataflow limited heavily by lack of support for ServiceProvider and Dependency Injection tracking
**Description of the issue** Dependency injection and service provider building are some of the core concepts of .net / C# architecture that really define the characteristics of the platform. In...
Bumps the npm_and_yarn group with 1 update in the /javascript/ql/test/library-tests/frameworks/Next directory: [next](https://github.com/vercel/next.js). Bumps the npm_and_yarn group with 1 update in the /javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss directory: [next](https://github.com/vercel/next.js). Updates `next` from 10.2.3 to 14.2.15...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Add [gorilla mux.Vars](https://pkg.go.dev/github.com/gorilla/mux#Vars) sanitizer
I hit on an issue while implementing a taint tracking use case. So I've prepared a minimal example that showcases the issue: Here is the java code: ```java import java.util.Optional;...
Overhaul of try/catch to support differentiating SEH vs C++ exception handling in IR generation.
