codeql
codeql copied to clipboard
github
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
In this pull request, I've also added some valuable remote flow sources that I thought were related to my query because mostly it needs a file upload from Forms as...
Public runners have ~10G of ram available. XL runners have >50G of ram available. It's nice to be able to run tests on public runners. Introduce an action that: *...
Original: https://github.com/github/codeql/pull/13281 (with performance improvements) ### Summary + Patched False negative case with original GH query (see bottom of post) + Patched False positive case with sanitizer wrappers (see below...
I use Azure DevOps pipeline to perform CodeQL code scanning. It goes well until I try to upload sarif file to github. I use this command to do upload: `echo...
Below commands works as expected in local but not through codeql integration in github. mvnw.cmd clean package -f pom.xml -B -V -e -Dfindbugs.skip -Dcheckstyle.skip -Dpmd.skip=true -Denforcer.skip -Dmaven.javadoc.skip -DskipTests -Dmaven.test.skip.exec -Dlicense.skip=true...
## GitHub Security Lab BB Submission The goal of this query is to detect the use of a PRNG like `java.util.Random`, `org.apache.commons.lang.RandomStringUtils`, `org.apache.commons.text.RandomStringGenerator`, or `java.util.concurrent.ThreadLocalRandom` in a security sensitive context....
/apps/actions-runner/_work/_tool/CodeQL/2.15.2/x64/codeql/codeql database finalize --finalize-dataset --threads=4 --ram=14356 /apps/actions-runner/_work/_temp/codeql_databases/csharp Running pre-finalize script /apps/actions-runner/_work/_tool/CodeQL/2.15.2/x64/codeql/csharp/tools/pre-finalize.sh in /apps/actions-runner/_work/*/*. Running TRAP import for CodeQL database at /apps/actions-runner/_work/_temp/codeql_databases/csharp... A fatal error occurred: Dataset /apps/actions-runner/_work/_temp/codeql_databases/csharp/db-csharp has been finalized...
A call to `extend M` adds all the instance methods of module `M` as class methods to the receiver. For example: ```rb module A def f; end end class B...
Bumps [org.springframework:spring-context](https://github.com/spring-projects/spring-framework) from 5.3.18 to 5.3.19. Release notes Sourced from org.springframework:spring-context's releases. v5.3.19 :star: New Features Remove DNS lookups during websocket connection initiation #28280 Add application/graphql+json Media type and MIME...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}