Stack Overflow
Stack Overflow

Questions tagged [codeql]

62 questions
3
votes
1 answer

How can I fix the error "DOM text is reinterpreted as HTML without escaping meta-characters"? (from GitHub)

I’m getting this security error on GitHub: DOM text is reinterpreted as HTML without escaping meta-characters.CodeQL For this part of the code: var url = window.location.href; var title = $('title').text(); $(document).ready(function() { …
Adel Benyahia
  • 233
  • 3
  • 10
2
votes
1 answer

CodeQL: Gin / MongoDB API - Database query built from user-controlled sources error

I have a simple Golang Gin API that uses MongoDB as the backend database. My team is using GitHub CodeQL, so we want to be sure we are following the best standards. However, we continue to get this error for all of our query endpoints: Database…
Kyle Barnes
  • 729
  • 3
  • 13
  • 22
2
votes
1 answer

Inline suppressing of warnings with Github CodeQL

CodeQL reports some true and some false positive for a specific rule. Is there a way to mark a Python codeline so that the check is ignored by CodeQL? Similar, for example to # noqa for Python flake or pep-8 checks.
Josef
  • 21,998
  • 3
  • 54
  • 67
2
votes
0 answers

Is there a way to exclude files from CodeQL scanning on GitHub

I had tried using paths-ignore that I read about from https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning but it didn't help since they don't determine what…
DevopitionBro
  • 111
  • 1
  • 6
2
votes
1 answer

GitHub Actions: CodeQL Analysis results

I have integrated CodeQL in my github project via website. It works, it analyses and produce SARIF files. And then it says that results were successfully uploaded: Uploading results Processing sarif files:…
truf
  • 2,843
  • 26
  • 39
2
votes
1 answer

Failed to add CodeQL library from a differnet folder: "Could not resolve module "

I have the following folder structure: └── MyProj ├── Dangerous_Memcopy │ ├── Config.qll │ └── ... ├── MemMangementLibraries │ ├── FFmpegMemory │ └── ... This is the beginning of Config.qll: import cpp import…
E235
  • 11,560
  • 24
  • 91
  • 141
2
votes
0 answers

Is there a way to process Lombok-ed source file in codeql

I am trying to write a code analyzer with codeql(https://securitylab.github.com/tools/codeql),but I account an error which is displayed as flollowing [2021-01-20 15:56:59] [javac-extractor-4576] [WARN] Skipping Lombok-ed source file: so my…
kongzhen
  • 21
  • 1
1
vote
0 answers

What is the correct way to organize (and referer to) a set of CodeQL queries?

I am learning CodeQL and I now have several custom CodeQL queries for a Java library that we use. The queries run in VSCode, if I run them one by one. I would like to be able to use them duing the Github Workflow. My understanding is that I need to…
carlspring
  • 31,231
  • 29
  • 115
  • 197
1
vote
1 answer

How do I display full string in a CodeQL exported result?

Converting a.getChild(1) to a string using toString() test.ql /** * @id custom * @kind problem * @problem.severity warning * */ import javascript from ObjectExpr oe, Property p1, int i, AstNode a where p1 = oe.getProperty(i) and …
Benassin
  • 37
  • 7
1
vote
1 answer

CodeQL dataflow query on a C program not finding a simple path from an assignment expression to a function's argument

I am new to CodeQL and have started learning about dataflow queries for C/C++ programs. Following is a excerpt of a C program that I want to analyse: int main(int argc, char * argv[]) { unsigned short size, x, y; int r1, r2; x =…
Sanjay
  • 95
  • 2
  • 14
1
vote
1 answer

Code analysis warning while parsing boolean query param (REST)

export function isLegacyResource(): boolean { const queryParams = new URLSearchParams(window.location.search); return isQspValueTruthy(queryParams.get('isLegacy')); } export function isQspValueTruthy(value: string | null): boolean { if…
unknown_boundaries
  • 1,482
  • 3
  • 25
  • 47
1
vote
1 answer

How to enable the same queries from LGTM in Github CodeQL analysis

With LGTM.com being shut down I am looking to enable code analysis in Github to run the same analysis that lgtm.com does. At the first glance on Github's workflow, it seems to me it is only running a subset of scanning rules that are security…
happymacaron
  • 450
  • 5
  • 10
1
vote
0 answers

CodeQL -Error: init post-action step failed: Error: Config file could not be found at expected location. Did the 'init' action fail to start?

I'm working on the NEXT.js app and I got this error, What is the reason for that? I happened When I check the code with : CodeQL / Analyze (javascript) (pull_request) Failing after 13s — Analyze (javascript) My Error is : Error: init post-action…
Nuwan Chamikara
  • 433
  • 1
  • 5
  • 17
1
vote
0 answers

Github workflow error: process completed with exit code 1. ( workflowscodeql-analysis.yml)

I am getting error: process completed with exit code 1. When my github workflow file is analyzing java files. - if: matrix.language == 'java' name: Build Java run: | java UserRegistration1ApplicationTests java…
Abhishek pandey
  • 19
  • 3
1
vote
2 answers

Configuring CodeQL with Github actions using well known weaknesses

I am new to CodeQL and therefore my apologies if my question is an obvious one, however, I've been unable to understand a few simple concepts. Firstly, I can easily configure a public repo with a github action using a yml file configured as…
sdbol
  • 413
  • 4
  • 17
1
2 3 4 5