codeql
codeql copied to clipboard
github
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
Demo code: ```cpp #include #include #include using namespace std; void mysql_query(char *test1,const char *test2){ //just for test printf("%s %s\n",test1,test2); } int main(){ char input[100]; scanf("%s", input); string in(input, strlen(input)); in="test";...
`import os` is not a syntax error, nor can I see any special chars that may count as one. The code runs just fine https://lgtm.com/projects/g/demisto/content/snapshot/5c6a7407d70b6c848c71537e58109d556ef5653b/files/Tests/scripts/collect_tests/collect_tests.py?sort=name&dir=ASC&mode=heatmap#x8c3e1b95a9b08ffa:1
These changes are mostly in service of better parameter type modelling - they should make more sense in the context of the models-as-data manager PR for a Ruby typegraph implementation.
**Description of the false positive** Using multiple base classes from `sklearn.base` together, e.g., ```python from sklearn.base import BaseEstimator, ClusterMixin class Clustering(ClusterMixin, BaseEstimator): ... ``` LGTM identifies following error: `Base classes...
By default, "dot" (`.`) in regular expressions matches all characters except newline characters `\n` and `\r`. Regular expressions containing a dot can be bypassed with the characters `\r(%0a)` and `\n(%0d)`...
**Description of the false positive** When using the new [](https://vuejs.org/api/sfc-script-setup.html) in vue sfcs the top-level functions/variables are automatically exposed to the template. Since they are not used inside the ``...
**Description of the false positive** CodeQL tells me that I do not call the `__init__` methof of the grandparent of my class, while I actually call `super().__init__` a few lines...
I am trying to make LGTM.com to use Python 3.10 instead of 3.8 because in 3.9 `ArgumentParser.__init__` gained a new keyword `exit_on_error` but LGTM is not recognizing that. This is...
