-
**Description of the false positive**
Seems to not be working properly with asynchronous generators.
**URL to the alert on the project page on LGTM.com**
https://lgtm.com/projects/g/aio-libs/…
-
I am adding CodeQL checks to our repository for it to run when code is pushed to our branch. On doing that I got the following error.
```
A fatal error occurred: Severe disk cache trouble (corrupt…
-
Test case:
```go
package main
import (
"net/http"
"net/url"
)
func testssrf(req *http.Request) {
host := req.URL.Query().Get("host")
u, _ := url.Parse("http://example")
// The…
-
When I used the script that was found in [https://github.com/github/codeql/blob/main/python/ql/src/Security/CWE-078/CommandInjection.ql](url) to do a command-injection taint tracking, I found that it …
-
The number of format arguments in our python code is correct. LGTM still reports an issue.
https://lgtm.com/projects/g/frePPLe/frepple/snapshot/6b89289c3b22cc0c42e3253033a18cf870ccbccd/files/frepp…
-
I created a simple C# console application based on this article:
**_[Attacking Evil Regex: Understanding Regular Expression Denial of Service Attacks (ReDoS)](https://sec.okta.com/articles/2020/04/a…
-
I was poking around for variants of #380 using Semmle: https://lgtm.com/query/238643156377778829/
Most findings are false positives, but one looks potentially interesting.
See https://github.com/s…
-
**Description of the issue**
It is possible for a `Stmt` to enclose itself.
Is this expected behavior? If yes, maybe add a note to the docs?
```codeql
import java
from Stmt s
where s.getEnc…
-
Hi,
My team is conducting academic research on Java Cryptography API based misuse using your tool. We found that we could not detect some potential cryptographic misuses, as CodeQL (And LGTM) has i…
-
**Description of the false positive**
Variable names may contain `UID` but it refers to the unique identifiers of [DICOM](https://en.wikipedia.org/wiki/DICOM) images and in the context of reading D…