issues Search Results · repo:github/codeql language:CodeQL
Filter by
2k results
(79 ms)2k results
ingithub/codeql (press backspace or delete to remove)Hi, I have been learning to use CodeQL recently. I was trying to find all expressions that reach the len parameter of
memcpy, and in the results, there is a case like the following.
attr- val.octets = ...
question
Ret2c7
- Opened 17 hours ago
- #19838
Description of the issue
There is a newer variation of GitHub Actions TOCTOU vulnerabilities known as Workflow dispatch TOCTOU - I wrote about a
real-world example in a recent bug report writeup:
https://adnanthekhan.com/posts/dependabot-core-toctou-writeup/ ...
question
AdnaneKhan
- Opened yesterday
- #19835
Description of the false positive
The artifact poisoning CodeQL query creates a Critical false-positive under the following scenario:
- Download Artifact with path set to start with ${{ runner.temp ...
false-positive
- Opened yesterday
- #19834
Hi! I m trying to write a query that checks whether function A can call (directly or transitively) function B. I ve
implemented it with recursive predicate that uses Function.calls. It works, but is slow. ...
question
noobdoesre
- 2
- Opened yesterday
- #19830
Hello CodeQL team,
I m currently integrating CodeQL into our CI workflow for an end-to-end security test of our backend system.
Here s the procedure I followed:
Setup: Downloaded the CLI: wget
https://github.com/github/codeql-cli-binaries/releases/latest/download/codeql-linux64.zip ...
question
AntonBrazovski
- 1
- Opened 3 days ago
- #19811
Why isn t the following code recognized as a source in a global data stream? If I want to identify this source in the
global data stream, how should I write my QL?
Here s the code context:
//router.go ...
question
Weirdokky
- 2
- Opened 3 days ago
- #19807
Hello CodeQL team,
I would like to raise awareness that the newer .slnx solution format introduced by Microsoft is currently not supported
by the C# extractor in CodeQL.
The following line in the source ...
samtrion
- 2
- Opened 8 days ago
- #19767
Description of the false positive
!-- Please explain briefly why you think it shouldn t be included. --
Code samples or links to source code
!-- For open source code: file links with line numbers on ...
invalid
dillyphilly3131
- Opened 8 days ago
- #19766
Description of the issue
The Oracle Call Interface (OCI) is the main low-level C API for Oracle databases. CodeQL lacks coverage for it,
particularly for SQL injection sinks.
While I haven t done a robust ...
C++
question
ebickle
- 3
- Opened 8 days ago
- #19764
I’ve had two cases where I helped with user questions about Gradio here and
[here](https://ghsecuritylab.slack.com/archives/CQJU6RN49/p1748612269781049?thread_ts=1748419582.864919 cid=CQJU6RN49),
which ...
Python
question
sylwia-budzynska
- Opened 8 days ago
- #19752
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip!
Restrict your search to the title by using the in:title qualifier.Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip!
Press the /
key to activate the search input again and adjust your query.