codeql
codeql copied to clipboard
github
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
**Description of the issue** I'm aware, that kotlin support is not official yet (https://github.com/github/roadmap/issues/207). However, codeql already contains a [kotlin extractor](https://github.com/github/codeql/tree/main/java/kotlin-extractor). Is it somehow possible to use that to create...
ECB should never be used as a mode for encryption. This mode encrypts data the same way every time (i.e., same plaintext will produce the same ciphertext). This behaviour makes...
Hi! I want to detect if there is a check for NULL return value of a function.And I want to get the block which is controlled by `ret == NULL`...
This generates functions that omit parameters with default values, rightmost first, such that Java can achieve a similar experience to Kotlin (which represents calls internally as if the default was...
This PR adds a class that's defined as the union of `ClassDecl and `StructDecl`. This is motivated by us having used the wrong one of these on several occasions. Hopefully,...
Including `ActiveSupport::XmlMini` (plus `Hash.from_xml`, which uses it) when its backend is set to use LibXML.
Add `URL.resourceBytes`, `URL.lines` and `URL.resourceBytes.lines` as taint sources. I haven't used Models-As-Data because it doesn't currently support member variables in Swift. When that changes we should be able to simplify...
I'm transitioning a project from LGTM.com to Github Actions CodeQL. This particular issue shows up in both cases and is (I think) the root cause of a huge amount of...
I'm transitioning a project from LGTM.com to Github Actions CodeQL. While doing so, https://github.com/TrenchBoot/secure-kernel-loader/security/code-scanning/18 got reported. The complaint is a "Potentially uninitialized local variable" and while strictly speaking, this statement...