-
### Description
There are some potential null dereference bugs.
In src/Mayaqua/Network.c: 5807 and 5671, calling SSL_set_ex_data without checking the parameter 1 might cause a null-dereference.
…
icy17 updated
10 months ago
-
Platform: Python
**Description of the false positive**
`assert` calls will be ignored when using the `-O` option. Therefore some code shouldn't be considered as dead.
This is quite low priori…
-
**Description of the issue**
I possess a source code and my goal is to identify any instances of double free vulnerabilities. Technically, the double free vulnerabilities within this source code ar…
-
I wrote a small query to understand all the IRGuardConditions inside a function
```
predicate isNotNullCheck3(IRGuardCondition g, Expr e, boolean branch) {
branch = true
and
(g.getEnc…
-
Hello!
Context: I'm using CodeQL to feed into another security analysis tool, in a way that's different from normal usage. The main challenge I'm having is taking a function that CodeQL has found,…
-
Hi,
I am analysing python code in terms of vulnerability CWE-502 and am running query [UnsafeDeserialization.ql](https://github.com/github/codeql/blob/main/python/ql/src/Security/CWE-502/UnsafeDese…
-
This comes from a discussion with @smowton over [here](https://github.com/github/securitylab-bounties/issues/92).
Certain categories such as Open Redirect, SSRF and Android WebView URL injection wi…
-
LGTM complains about `Call to a non-callable of class CLS`.
In my case, CLS refers to the class and the call should thus create a new instance. I guess the problem in my case is that I needed to ad…
-
**PostUpdateNode** or **ThisAcess** may flow to the wrong **ClassInstanceExpr** of the class.
Which may lead to wrong result and slow down the analyze.
How can i fix it?
for example **this.d…
-
https://lgtm.com/projects/g/quickfix-j/quickfixj/snapshot/9657839bf46838645b670486e57852de40d34f04/files/quickfixj-core/src/main/java/quickfix/Message.java?sort=name&dir=ASC&mode=heatmap#xaced2743c6d7…