codeql
codeql copied to clipboard
github
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
We use CodeQL through GitHub Actions and had an issue with CodeQL no longer finding Go code when we updated Go from 1.20 to 1.22. Our build actually builds the...
https://github.com/github/codeql/blob/590e93d8edec4d7216935ed4425a7ab77b3b2f34/go/ql/src/Security/CWE-022/ZipSlip.ql#L22-L23 Here's my fork's report: https://github.com/check-spelling-sandbox/argo-cd/security/code-scanning/4 --- Arbitrary file access during archive extraction ("Zip Slip") Code snippet [util/io/files/tar.go:75](https://github.com/check-spelling-sandbox/argo-cd/blob/4014cc8b040f55dc698295d658cf0eb780ea7203/util/io/files/tar.go#L75-L75) ```go tr := tar.NewReader(lr) for { header, err := tr.Next() ``` >...
Until now we've included the FlowState in the definition of PathNodeSink, but when sinks accept multiple states then this can show up as seemingly duplicate results. Projecting the state column...
https://github.com/github/codeql/blob/590e93d8edec4d7216935ed4425a7ab77b3b2f34/go/ql/src/Security/CWE-312/CleartextLogging.qhelp#L8-L9 https://github.com/check-spelling-sandbox/argo-cd/security/code-scanning/7 [cmd/argocd-git-ask-pass/commands/argocd_git_ask_pass.go:49](https://github.com/check-spelling-sandbox/argo-cd/blob/4014cc8b040f55dc698295d658cf0eb780ea7203/cmd/argocd-git-ask-pass/commands/argocd_git_ask_pass.go#L49-L49) ```go case strings.HasPrefix(os.Args[1], "Username"): fmt.Println(creds.Username) case strings.HasPrefix(os.Args[1], "Password"): fmt.Println(creds.Password) flows to a logging call. CodeQL default: errors.CheckError(fmt.Errorf("unknown credential type '%s'", os.Args[1])) } ``` It's true, this code...
### Pull Request checklist #### All query authors - [ ] A change note is added if necessary. See [the documentation](https://github.com/github/codeql/blob/main/docs/change-notes.md) in this repository. - [x] All new queries have...
**Description of the issue** Currently the `cpp/wrong-type-format-argument` diagnostic displays something like this ``` This argument should be of type 'int' but is of type 'unsigned long'. ``` It would be...
The first 14 commits are reinstating commits that were reverted in https://github.com/github/codeql/pull/17296. Then there are some commits fixing things: reverting some models back to QL and adding some models-as-data models...
Bumps the cargo group in /ql with 1 update: [rustix](https://github.com/bytecodealliance/rustix). Updates `rustix` from 0.37.8 to 0.37.27 Release notes Sourced from rustix's releases. 0.37.20 Fix decoding of abstract unix sockets (#661)...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
- remove `tupleStoreStep` and `dictStoreStep` from `containerStep` These are imprecise compared to the content being precise. - add implicit reads to recover taint at sinks - add implicit read steps...
**Description of the issue** CodeQL was generally working great for @project-chip/matter.js, but now with adding much more auto-generated code (and yes getting a bit fancy on TypeScript edges) the processing...
