codeql
codeql copied to clipboard
github
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
I use Use-After-Query.ql to detec a simple c code which exists UAF bug , but it doesn't works - Use-After-Query.ql ``` /** * @name Potential use after free * @description...
The [Helmet 🪖 middleware](https://helmetjs.github.io/) is used to set security-related HTTP headers in Express applications. This query finds instances where the middleware is configured with important ⚠️ security features disabled 🚫....
There was a bug in the design of `TypeModel`, that meant when pruning models we have no way of knowing which types might be contributed via a `TypeModel`. This PR...
I originally reported this here: "CodeQL XSS False Positives and XSS AutoFix incorrect location for defensive encoding" (https://github.com/orgs/community/discussions/122802), but am reporting it here because I was told this is a...
This PR changes the CSV framework coverage reports.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "github-actions[bot] avatar"){kind=avatar}
Part of https://github.com/github/codeql-python-team/issues/792 promoting https://github.com/github/codeql/pull/6360; Depends on https://github.com/github/codeql/pull/16696 Promotes the Cookie Injection query from experimental, finding instances of user input being used to set the name or value of a...
This was causing some confusion [here](https://github.com/github/codeql/discussions/16890). Support for `switch` statements was added in https://github.com/github/codeql/pull/15941.
This PR adds support for `Element` content for C++ like we have for other CodeQL supported languages. Given code such as: ```cpp std::vector v; int x = source(); v.push_back(x); //...
Js2Py is a Javascript to Python translation library written in Python. It allows users to invoke JavaScript code directly from Python. The Js2Py interpreter by default exposes the entire standard...
