codeql
codeql copied to clipboard
github
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
We are evaluating GHAS for our app sec pipeline and we can't seem to get it to flag for sql injection. ```csharp public void SubscribeTo(int systemKeyId, ThirdPartyType thirdParty, string userReference)...
See https://docs.python.org/3/library/compression.zstd.html for information about this library. As far as I can tell, the `zstd` library is not vulnerable to things like ZipSlip, but it _could_ be vulnerable to a...
This PR is stacked on top of #20708, so that one should be reviewed first. --- See https://peps.python.org/pep-0758/ for more details. We implement this by extending the syntax for exceptions...
Adds remote flow sources for parameters of `WebSocketHandler` methods, and taint steps for related types.
Add `use cache` directives(including `use cache: remote`, `use cache: private`) for [Next.js 16 ](https://nextjs.org/docs/app/api-reference/directives)
Hello, we are looking for methods to extract control flow graph from shell scripts? We tried `getACommand` (by calling it multiple times against the same script). However, it seems the...
**Title:** **Windows: AccessDeniedException during `codeql database create` TRAP finalization (`pools/0` move fails)** **Description:** **❗ Summary** On Windows 11, running `codeql database create` for a JavaScript project fails during TRAP import...
ChatGPT search suggests that CodeQL operates at the IL level for dotnet code. In that case, can static analysis of F# be done to mark any vulnerablilites? Please advise. Thanks
