Highest Voted 'codeql' Questions

0

votes

2 answers

Check which line of code is failing Github CodeQL Action?

Before Github absorved CodeQL the UI of the project was quite intuitive, you could see immediately where your project was failing the CodeQL test, i.e., which file, line of code and which type of warning/error. Now the project is run by Github…

github-actions codeql

asked Mar 20 '23 at 07:57

João Pimentel Ferreira

14,289
10
80
109

0

votes

0 answers

while trying to implement codeql with kotlin springboot project that time I am getting "No code found during the code build" error

while trying to implement codeql with kotlin springboot project that time I am getting "No code found during the code build" errorenter image description here I have configured codeql.yml file that I am attaching in the above

kotlin codeql

asked Mar 09 '23 at 07:23

Sagar Manna

1

0

votes

0 answers

Uncontrolled format string

CodeQL tool throws the error "Uncontrolled format string" for the below code where string.Format used, Detailed error - Passing untrusted format strings from remote data sources can throw exceptions and cause a denial of service. public async…

c# codeql

asked Mar 08 '23 at 14:10

Sara

55
5

0

votes

1 answer

Codeql extract local dataflow of a java method takes so long

I want to extract the local data flow of a Java method. So far I have this query to extract wherever a variable is accessed, declared, or assigned within the function: /** * @name Empty block * @kind problem * @problem.severity warning * @id…

java codeql

asked Mar 01 '23 at 19:55

m0ss

334
2
4
17

0

votes

1 answer

Enable/Disable CodeQL code scanning for a repo using Github Rest API

Is it possible to enable/disable CodeQL code scanning for a repo using Github Rest API in any of the Github accounts?(Personal accounts/ Organization accounts /Enterprise…

github codeql

asked Feb 13 '23 at 09:09

archit

3
2

0

votes

1 answer

Redirecting STDIN input in Powershell script on Azure pipeline

I created AzureDevOps pipeline for CodeQL scanner analysis. I am using Powershell sript in the YAML file. I need to pass the token stored in environmental variable UPLOAD_TOKEN. It looks that passing output from one pipe to another does not work on…

powershell azure-devops codeql

asked Jan 18 '23 at 10:24

Daria Łach

1

0

votes

1 answer

How can I ignore test file in codeql?

I want to ignore test files in codeql result. but this query includes test files. import codeql.ruby.AST from RegExpLiteral t, File f where not f.getBaseName().regexpMatch("spec") select t ignore test files in the result

ruby codeql

asked Dec 27 '22 at 14:19

Kakashi77

41
3

0

votes

1 answer

Can I use codeql to extract all regular expressions for a ruby project?

. this is the closest what I found but this returns part of regex and it do not return all of regex is ther any way to archive this even without codeql import codeql.ruby.security.regexp.ExponentialBackTracking import…

regex ruby codeql

asked Dec 18 '22 at 04:05

Kakashi77

41
3

0

votes

0 answers

How can get ahead node and behind node in codeQL?

I want to get a ahead token and behind token based on DotExpr in codeQL. Example: ${msg.data} In this example, DotExpr is ${msg.data} and Both of ahead and behind nodes are and . In this case, if i can get ${msg.data}…

javascript codeql

asked Nov 24 '22 at 11:09

leesh

121
2
11

0

votes

1 answer

Javascript extractor problem with CodeQL create database

I issued the command: codeql database create ./databases/Pixi --language="javascript" --source-root="Pixi" And got the following errors: Initializing database at /sda8/codeql-2.11.1/program/databases/Pixi. A fatal error occurred: There's no CodeQL…

codeql

asked Oct 15 '22 at 05:32

Peter Teoh

6,337
4
42
58

0

votes

0 answers

CodeQL "Reflected server-side cross-site scripting"

When first establishing my GitHub codeql analysis, I have a few results I do not quite understand and would like to understand why they are considered problems. Second, I have a medium error "Reflected server-side cross-site scripting" which stems…

javascript python security github codeql

asked Aug 29 '22 at 16:52

Christina Stebbins

380
3
14

0

votes

1 answer

CodeQL find dependency usages

How do I get a list of method calls which the implementation is from a dependency For example, dependency group id: "com.google.protobuf"

java codeql

asked Jul 16 '22 at 12:24

whoopdedoo

2,815
23
46

0

votes

1 answer

Taint analysis does not have flow path for non constant field of a class as its source

I have this simple Test class, where I'm trying to mimic a path problem. with Message1 as source and Console.WriteLine(Message1) as sink. class Test { private const string Message1 = "Test Message 1"; private readonly string…

c# code-analysis codeql

asked Jun 15 '22 at 13:32

Manu Nair

70
2
4

0

votes

1 answer

Codeql c c++ ql queries

I want to statically check the vulnerabilities of c c++ code with codeql, such as: double free, array out of bounds, resource Allocates,releases unpaired etc., where can I get a ql scripts to use. This SDK:https://github.com/github/codeql is too…

c++ codeql

asked Mar 10 '22 at 11:15

madly programmer

3
2

0

votes

1 answer

Does CodeQL support edits on a call graph?

I'm new to CodeQL and am reading this tutorial about how to query a Java call graph. It looks like CodeQL only supports read operations on the call graph. If I hope to edit the call graph (e.g., add or delete an edge that represents method A calls…

java static-analysis call-graph codeql

asked Oct 29 '21 at 09:31

Richard Hu

811
5
18

Questions tagged [codeql]