-
**Description of the false positive**
CodeQL is reporting a log injection vulnerability even though I am deleting the problematic characters with Kotlin's `replace` function call with a Regex as it…
-
**Description of the issue**
Upon execute of cpp `Security\CWE\CWE-120\OverrunWrite.ql` against a 1.2GB compressed snapshot, the CodeQL CLI throws the following exception:
```
Starting evaluation of …
-
I want to get a call graph in JavaScript. I have found a solution in #9458 . But when I add query metadata to the query, for example
```
/**
* This is an automatically generated file
* @name My…
-
**Describe the bug**
A clear and concise description of what the bug is.
**To Reproduce**
Steps to reproduce the behavior:
1. With this workflow `csharp-qltest.yml`:
```yml
name: "C#: Run QL T…
-
Hi, I have encountered some issues while working with the CodeQL setup and evaluation process for CWE-190. I would appreciate some clarification and assistance.
1. File Copy Purpose:
In the `se…
-
I use Use-After-Query.ql to detec a simple c code which exists UAF bug , but it doesn't works
- Use-After-Query.ql
```
/**
* @name Potential use after free
* @description An allocated me…
-
Importing Core theory produced results into the Prolog for easy query, maybe based on ELPI https://github.com/LPCIC/elpi
To be able to write rules like https://fbinfer.com/docs/linters.html for Inf…
-
I borrowed the query from UseAfterFree.ql present in CodeQL repo and modified to include a custom free function, but the query is not flagging UAF.
```
import cpp
import semmle.code.cpp.dataflow.…
-
when i try to analysis aosp database with this qury script:
```
/**
* @id 1
* @kind path-problem
*/
import java
import semmle.code.java.dataflow.FlowSources
import semmle.code.java.dataflow…
-
2024-09-05 12:29:29] [DETAILS] database interpret-results> Interpreted definitions query "Jump-to-definition links" (java/jump-to-definition) at path /root/Drone/sast/code/java-database/results/codeql…