Highest Voted 'codeql' Questions

1

vote

0 answers

codeql java analysis is failing with ant build without giving proper hint

Any pointer why my codeql analysis is failing ? I am not getting any indication in log. Once Analysis ends, it also deletes all files from _work/_temp thus I am unable to see what's happening. Here is my yml to start the code ql analysis name:…

asked Feb 04 '22 at 21:34

Bakul Brahmbhatt

61
6

1

vote

2 answers

CodeQL Scanning JAR Files

I'm just getting started with CodeQL and have had plenty of success scanning Python projects. Now, I'm starting to scan Java projects, and I struggle to scan precompiled projects. From what I gathered, it appears CodeQL CLI includes an autobuilder…

java security jar static-analysis codeql

asked Dec 14 '21 at 18:18

travis5879

35
3

1

vote

1 answer

How to create import to CodeQL

I want to create an import to my CodeQL query. I want that this import will be named Utils and I will created inside it a predicate named isNumber. How can I creat such import? This how I want my code to look like: import cpp import Utils where …

c++ codeql semmle-ql

asked May 12 '21 at 14:36

E235

11,560
24
91
141

1

vote

1 answer

How can i use CodeQL on partial c source code?

I have a partial c source code of a project which as a result i can't build. Does anyone know if possible to run codeql on that project? Normally, to create a database, the codeql cli requires to specify the command that builds the project and i…

semmle-ql codeql

asked May 30 '20 at 16:28

thevpt

51
3

0

votes

1 answer

Codeql failing to scan github repository storing only java code

I'm trying to scan java code with codeql. In my repo I have some class files: src/com/org/proj/Main.java src/com/org/proj/Task.java It's very simple and was built by Eclipse and I only exported the executable *.jar file from it before. Now as I'm…

java github codeql

asked Aug 23 '23 at 07:32

Dániel Kőcs

66
5

0

votes

2 answers

inefficient regular expression in javascript

Hi in our below code using codeql scanning got an alert that "This part of the regular expression may cause exponential backtracking on strings starting with '0' and containing many repetitions of '0'." const validateUrl = str => { var pattern =…

javascript node.js regex codeql

asked Aug 10 '23 at 10:19

bionics parv

45
5

0

votes

0 answers

CodeQL, C# SQL Injection and detecting that input is validated or sanitized

Can CodeQL recognize that a SQL injection attack is prevented through input sanitization for C#? It looks like this is possible with Java // OK: validate the input first { String category = args[1]; …

c# codeql

asked Aug 02 '23 at 18:41

wrschneider

17,913
16
96
176

0

votes

1 answer

CodeQL Java Analysis - missing parameters

for various reasons I decided to set an environment variable in IntelliJ for the output directory defined in pom.xml. org.apache.maven.plugins …

java maven github-actions pom.xml codeql

asked Aug 02 '23 at 08:46

Chris Haas

3
1

0

votes

0 answers

GitHub CodeQL init step is taking more than 15 mins

I am trying to run CodeQL on my windows repo. The "Initialize CodeQL" step is taking more than 15 mins and eventually times out as our runers enforce a 15 min time out. How to troubleshoot why it takes this long. There is nothing in the log…

github github-actions codeql

asked Jul 31 '23 at 11:51

user2297083

168
11

0

votes

1 answer

additional TaintStep for taint tracking in python programs

I am using codeql TaintTracking and I noticed by default it does not follow data for functions it doesn't know. for exapmple for this code: import pd a = src + anything df = pd.DataFrame(a) if src is the source, then a is defined as a sink (as…

python static-analysis codeql

asked Jul 16 '23 at 22:46

Atlantis

592
5
23

0

votes

0 answers

CodeQL path flow problem defining source and sink

I'm new to CodeQL and trying to get better at it. I'm trying to create a CodeQL query that will find some flow from source to sink in the following code: https://github.com/joaomatosf/JavaDeserH2HC/blob/master/VulnerableHTTPServer.java Is there a…

codeql

asked May 23 '23 at 05:16

Don_twice

41
1
6

0

votes

1 answer

GitHub Actions CodeQL init action failed Not Found

I am trying to configure CodeQL scanning on my repo. For that purpose I am using the template provided by GitHub: # For most projects, this workflow file will not need changing; you simply need # to commit it to your repository. # # You may wish to…

github-actions codeql nektos-act

asked Apr 12 '23 at 19:20

delucaezequiel

483
2
9
26

0

votes

1 answer

Why does codeql create database run into issue?

It's my first time using codeql,the dir demo contains a simple cpp file,i tried to run a demo like this codeql database create ./demo-db -s . --language=cpp . However,it ran into issue,here are the outputs: ➜ codeql-learn codeql database create…

codeql

asked Apr 05 '23 at 14:49

turtle-russ

1

0

votes

1 answer

CodeQL in Github action: Abort the workflow if somehing was found

I'm having a GH-action which checks out source code, builds it, codeQL-checks it (+uploads the sarif results) and then publishes the built artifact to artifactory. Hoewever, I would need to abort the publishing to our repo if there were…

github-actions codeql

asked Mar 30 '23 at 16:04

Toni Kanoni

2,265
4
23
29

0

votes

0 answers

Uncontrolled data used in path expression

I am getting a uncontrolled data used in path expression error in codeql for the following code block: public static File getObjAsFile(LibraryObject object, LibraryObjectType objectType, boolean encrypt, File tempFile) { // Step 1 ... try { if…

java android codeql

asked Mar 27 '23 at 08:25

keroth

45
1
6

Questions tagged [codeql]