codeql
codeql copied to clipboard
github
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
The Next.js model was missing cases for files named `route.ts` or `page.ts` outside the `pages` or `api` folders.
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4 to 6. Release notes Sourced from actions/download-artifact's releases. v6.0.0 What's Changed BREAKING CHANGE: this update supports Node v24.x. This is not a breaking change per-se but...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
The query was firing an alert only when both unsafe conditions were met: * a `synchronize` trigger * a mutable reference checkout However, both these can cause problems alone. The...
Bumps the go_modules group with 1 update in the /go/ql/test/experimental/CWE-1004 directory: [github.com/gin-gonic/gin](https://github.com/gin-gonic/gin). Bumps the go_modules group with 2 updates in the /go/ql/test/experimental/CWE-321-V2 directory: [github.com/golang-jwt/jwt/v5](https://github.com/golang-jwt/jwt) and [golang.org/x/crypto](https://github.com/golang/crypto). Updates `github.com/gin-gonic/gin` from 1.7.1...
**Description** I am testing the CodeQL accuracy by seeding different types of XSS vulnerabilities and running the advanced workflow with security-extended and security-and-quality queries. I noticed an issue with CodeQL...
**Description of the issue** The Actions ImproperAccessControl query is not working even for trivial workflows. This is an example from https://github.com/github/codeql/blob/main/actions/ql/src/Security/CWE-285/ImproperAccessControl.md and does not trigger a detection. ```yaml on: pull_request_target:...
During the process of auditing a Java project using CodeQL I discovered that Spring Boot 3 uses YAML as its configuration file format. However, it seems that the CodeQL Java...
Improve models for conversions (e.g. variants of `from` and `into`). TODO: - [ ] update this PR after https://github.com/github/codeql/pull/20891 is merged (we may need to change a few `Argument[self]` to...
I wanted to filter out tests from my results, based on if they either had a #[test] attribute or #[cfg(test)]. Currently tried something similar to this but cant figure out...
**Description of the issue** In this [repo](https://github.com/TheRenegadeCoder/sample-programs), we have stand-alone scripts (sample programs) in 150+ languages, one of which is Rust. We use the same structure for all languages (`archive//`...
