Skip to content

discussions Search Results · repo:github/codeql language:CodeQL is:public

Filter by

450 results  (178 ms)

450 results

ingithub/codeql (press backspace or delete to remove)

github/codeql
How to turn off ai findings

AI findings are of poor quality and it really does not understand what it is doing. Can I turn off the whole thing or least acknowledge partial results as unwanted ?

github/codeql
[dotnet] Missing Taint Flow from `[WebMethod]` Parameter Objects to Properties/Fields

In ASP.NET Legacy Web Services (System.Web.Services), parameters decorated with the [WebMethod] attribute are correctly identified as RemoteFlowSource. However, the TaintTracking engine fails to propagate ...

github/codeql
How does the CodeQL C extractor work

I am working on an academic research paper that documents some of the inner workings of CodeQL with the example of analyzing C code. I have gotten so far as to understand how the language itself works, ...

github/codeql
Progress tracking for .NET 10 and C# 14

The current docs state no support but partial support has been added for some things like the field keyword in properties C# 14: We’ve added support for the field keyword in properties. https://github.blog/changelog/2026-03-10-codeql-2-24-3-adds-java-26-support-and-other-improvements/ ...

github/codeql
Codeql perform issues

Getting today when performing analysis Run github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 While resolving threads, found a cgroup CPUs file with 4 CPUs in /sys/fs/cgroup/cpuset.cpus.effective. ...

github/codeql
[dotnet] taint propagation errors / regressions

Hello, I m playing with deserilization vulnerabilities and I found an error where a test case already exist, however I think it s not properly handling the case. I just added a variable assignment and ...

github/codeql
Is it possible to use CodeQL to replace code quality tools like SonarQube or Codacy?

CodeQL is specifically geared toward security analysis, but it seems that the tool should be able to do things like detecting code smells like SonarQube. Do any sufficient query packs like this exist? ...

github/codeql
how to use `--external` option of `codeql query run`

The idea is that I want to add some addition data to codeql database and use these new data as new predicates to enhance the analysis capabilities. I notice the --external option, but I don t know how ...

github/codeql
add `getEnclosingBlock` for Go

https://github.com/github/codeql/blob/6fa60932c9a44aec790290bd307d04e7a70a3d83/go/ql/lib/semmle/go/AST.qll#L77-L85 In rust and cpp, getEnclosingBlock is supported as shown by [search result](https://github.com/search?q=repo%3Agithub%2Fcodeql%20getEnclosingBlock ...

github/codeql
[csharp] Potential False Positive: Missing cross-site request forgery token validation

I have a setup where I apply the [AutoValidateAntiforgeryToken] attribute to a base controller class that all my other controller classes inherit from. This results in CSRF token validation occurring for ...