codeql
codeql copied to clipboard
github
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
Our code scanner ran fine until a week ago in Azure pipeline. It could be a coincidence, but it worked with 2.17.3 and started failing with 2.17.4. Before: ```Starting query...
Hello, I was hoping to get some help about using `getType()` in Typescript files. The docs say the following: ``` Static type information Static type information and global name binding...
### Problem (CodeQL CLI 2.17.6) When you run `codeql query format`, respectively the "Format Document" action in the VS Code extension, CodeQL [set literal](https://codeql.github.com/docs/ql-language-reference/expressions/#set-literal-expressions) elements are laid out to be...
I'm new to threat models, so I may be missing something that is required. In particular, is it okay to have a threat model kind that isn't part of the...
These are the models gathered so far during experiments not extracting the standard library by default. A good part of the models are generated by special automation. Where possible, I...
This code in the autobuild.sh script halves memory between the JVM and TS: https://github.com/github/codeql/blob/59a77a873c894bca7274a7ed7c7c6d937547e9b3/javascript/resources/tools/autobuild.sh#L7-L13 Since CODEQL_RAM appears to be a default variable, consuming most of the Github runner's memory, this...
I added support for: remote flow sources SSRF sinks XSS sinks Unsafe LDAP Sensitive APIs (hard coded secret) And required additional taint steps. I'll add inline tests soon, the test...
@yoff and I ran this query against the top 100 java repos with MRVA. Looking through a decent sample of the results, we found no false positives. Is that sufficient...
