codeql
codeql copied to clipboard
github
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
**Context** Throughout the Go autobuilder, we handle semantic versions. The `semver` package has no dedicated type for them and all functions from the package work on `string` values. This makes...
This PR bumps our shared Tree-sitter extractor (and hence our Ruby and QL4QL extractors) to use the latest `tree-sitter` version.
Depends on https://github.com/github/codeql/pull/16446. This PR expands `CleartextSources.qll` to use additional sensitive data heuristics besides passwords. Additionally, the cleartext storage and cleartext logging queries allow implicit read steps at sinks. This...
I'm testing out dataflow and taint tracking analysis on Python and I've run into a example where the dataflow analysis should find a path, but fails because a class variable...
This replaces our call context representation with a set-based representation of the allowed call edges, thus unifying equivalent call contexts. This unification means that we avoid redundant computation when a...
This PR adds synthetic return nodes for flow that returns from methods via a parameter. For example, in ```csharp class C { public string Field; } public void TaintField(C c)...
This PR fixes a perfomance issue in how we model flow through EntityFramework `SaveChanges` methods. When data reaches a `SaveChanges` method call, we jump (using `SyntheticGlobal`s) to the relevant `DbSet`...
**Description of the issue** Upon execute of cpp `Security\CWE\CWE-120\OverrunWrite.ql` against a 1.2GB compressed snapshot, the CodeQL CLI throws the following exception: ``` Starting evaluation of ...\Security\CWE\CWE-120\OverrunWrite.ql. Oops! A fatal internal...
**Description of the false positive** We use a convenience function to create a logger that includes additional variables taken from a context.Context using the Value call to get the value....
