codeql
codeql copied to clipboard
github
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
Bumps [regex](https://github.com/rust-lang/regex) from 1.10.4 to 1.10.5. Changelog Sourced from regex's changelog. 1.10.5 (2024-06-09) This is a new patch release with some minor fixes. Bug fixes: [BUG #1203](rust-lang/regex#1203): Escape invalid UTF-8...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Adds sources and a few summaries for the `"file"` source threat model.
**Description of the false positive** A simple, valid e-mail address inside an e-mail message triggers https://codeql.github.com/codeql-query-help/go/go-email-injection/ The rule also triggers on valid html, although the [security model](https://pkg.go.dev/html/template#hdr-Security_Model) in `html/template` should...
**Description of the issue** We've been using the advanced configuration option for GitHub for awhile now with no issues. With all of the improvements made to the default configuration option,...
When a method is extracted multiple times, in different files, we end up with a single method containing multiple method bodies. This can sometimes throw data flow off, so this...
`memset()` is often used for data sanitization in security sensitive software to harden against information leaks. However, compiler dead store elimination passes can remove that hardening. Recently, I had been...
As a example: * a/a.h ```cpp #include "b.h" ``` * a/c.h ```cpp hi_c c; ``` * b/b.h ```cpp #include "c.h" ``` * c/c.h ```cpp hello_c c; ``` * test.cpp ```cpp...
