-
## Short description
CLI version 2.0.0 together with `master` branch of [ql](https://github.com/Semmle/ql) says `A fatal error occurred: This QL dataset is not compatible with the QL library /works…
-
CodeQL reports a "Resolving XML external entity in user-controlled data" alert for the following Java code. This appears to be a false positive.
Could the query be enhanced to recognise the follow…
-
I've created a simple log4j project: [log4j-test.zip](https://github.com/github/codeql/files/7886955/log4j-test.zip)
It uses log4j 2.11 which is vulnerable to JNDI injection, and I've verified the …
-
### Version
CodeQL CLI v2.5.0
### Description
Similar to #5476
It appears when `codeql test run` encounters a `module-info.java` file, but the `-source` version is lower than 9 (e.g. 8 which i…
-
When I test this code in python\ql\lib\semmle\python\security\dataflow\ServerSideRequestForgeryCustomizations.qll
![image](https://github.com/user-attachments/assets/c38edc8a-f78e-47d5-87cb-8d8c75de5…
-
Came across Codeql and this library looks promising!
I have to extract:
1. basic def-use chain for intraprocedural and interprocedural analysis with Java. I want to feed:
2. Also I have to extrac…
-
This issue is mainly about global taint analysis implemented offcially by CodeQL C/C++.
libs I use :
```codeql
import semmle.code.cpp.dataflow.TaintTracking
import DataFlow::PathGraph
```
a…
-
The Blowfish cryptographic algorithm is considered secure by CodeQL’s `java-code-scanning` or `java-lgtm-full` query suite (reference: https://github.com/github/codeql/blob/main/java/ql/src/semmle/cod…
-
I have built a CodeQL database for my Java project. I am able to execute simple queries on it, but when I attempt to execute a DataFlow query, The execution gets stuck in an infinite loop (probably in…
-
I have multiple questions/reports.
1.) The following code has the Unvalidated Dynamic Call vulnerability however it is missed by codeql.
```js
var actions = new Map();
actions.put("play", functio…