codeql icon indicating copy to clipboard operation
codeql copied to clipboard

verified publisher icon github

Metadata

CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security

Results 853 codeql issues
Sort by recently updated
recently updated
newest added

False positive: Dereferenced variable may be null ignore NRT attributes

2 comment

**Description of the false positive** NRT attributes appear to be ignored by CodeQL. This results in lots of noise as we have to explicitly mark each point of use as...

Euan-McVie avatar Euan-McVie

C#
false-positive

C#: Narrow scaffolding to (transitive) dependencies.

It looks like the missing `cs/sql-injection` is because the change includes adding references to previously not extracted packages.

michaelnebel avatar michaelnebel

C#

CodeQL for php

6 comment

Code QL exists for almost all of the leading languages. But php hasn't been included yet. Code QL for php would be really great.

ArkaprabhaChakraborty avatar ArkaprabhaChakraborty

question

Rust [EXPERIMENT]: Reintroduce extractor resolution

Partially reverts https://github.com/github/codeql/pull/20295.

hvitved avatar hvitved

Rust

getMetrics appears to be miscounting blank lines in docstrings

1 comment

The definition of the python function `combine_docs` starts on line 227 in [combine_documents/map_reduce.py](https://github.com/langchain-ai/langchain/blob/master/libs/langchain/langchain_classic/chains/combine_documents/map_reduce.py) and ends on line 259. [func-def.txt](https://github.com/user-attachments/files/23375865/func-def.txt) Running the above QL script on the latest langchain database produces...

Derek-Jones avatar Derek-Jones

question
Python

[Rust] Proc macro expansion support

4 comment

Hello, is there any way or are you planning to implement analysis on expanded proc macros? Im currently trying codeQL on [Anchor](https://crates.io/crates/anchor-lang), which makes heavy use of proc macros. When...

drank40 avatar drank40

question

False positive `Explicit export is not defined` for item backed by `__getattr__`

**Description of the false positive** The `__all__` array includes a string which is handled by `def __getattr__(name: str):`, but CodeQL complains: **Code samples or links to source code** https://github.com/check-spelling-sandbox/adk-python/blob/79db5168aefdf658a36b4833809602c819c3740b/src/google/adk/tools/retrieval/__init__.py#L19 https://github.com/check-spelling-sandbox/adk-python/blob/79db5168aefdf658a36b4833809602c819c3740b/src/google/adk/tools/retrieval/__init__.py#L25-L30...

jsoref avatar jsoref

false-positive

C#: Overlay annotations.

michaelnebel avatar michaelnebel

C#
documentation

Rust [EXPERIMENT]: Reduce all query suites to just type inference

hvitved avatar hvitved

Rust

Bump chrono from 0.4.40 to 0.4.42 in /ql

Bumps [chrono](https://github.com/chronotope/chrono) from 0.4.40 to 0.4.42. Release notes Sourced from chrono's releases. 0.4.42 What's Changed Add fuzzer for DateTime::parse_from_str by @​tyler92 in chronotope/chrono#1700 Fix wrong amount of micro/milliseconds by @​nmlt...

dependabot[bot] avatar dependabot[bot]

dependencies
QL-for-QL

Metadata

7.2k
Stars
1.4k
Forks
Watchers

Owner

verified publisher icon github

Metadata

CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security

Back