codeql
codeql copied to clipboard
github
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
Add flow summaries for methods on `ActionController::Parameters`, which mostly propagate taint from receiver to return value. [Evaluation](https://github.com/github/codeql-dca-main/issues/7317) shows that we catch a couple more TPs due to flow through parameters...
This should make it easier to diagnose certain kinds of problems.
These were only needed for points-to. If they only contained `--max-import-depth`, I've removed the `options` file entirely.
On lgtm.com I ran the following query c++ on openssl/openssl: ``` import cpp from Call c where not c.getTarget().hasDefinition() and c.getTarget().hasGlobalName("BUF_MEM_free") select c, "TEST" ``` It produces several instances of...
Adds support for Annotation types in our Java stub generator. Due to default values for Annotation methods not being currently supported, the stubs generated may need manual correction if the...
Adds a query to detect uncontrolled data being used in `ContentProvider` methods that resolve URIs. Normally this is done to allow third party applications to provide URIs pointing to external...
Promotes `PathSanitizer.qll` from experimental and uses it in `java/tainted-path`, `java/tainted-path-local` and `java/zipslip`. The deprecation of `PathTraversalBarrierGuard` wasn't necessary since it was previously in experimental and thus it was not importable...
Bump the version numbers of the ML-powered library and query packs to 0.3.5 after the 0.3.4 release of the query pack.
