hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-15 09:51:09 +02:00
Code Issues Packages Projects Releases Wiki Activity
87,853 Commits 1,784 Branches 169 Tags
e93bc11f6f9e0f2887b6189db4b2f331927d92eb
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
tonghuaroot e93bc11f6f Add experimental JS query for SSRF guards missing IPv6-transition unwrap 
Add javascript/ssrf-ipv6-transition-incomplete-guard, an experimental
@kind problem query that flags hand-rolled SSRF host guards which reject
private/loopback IPv4 ranges but never unwrap IPv6-transition forms
(IPv4-mapped ::ffff:, NAT64 64:ff9b::, 6to4 2002::). Such guards can be
bypassed by wrapping an internal IPv4 address in a transition literal.

Includes a .qhelp with good/bad examples, a change note, and a test pack
with two true-positive fixtures (private-ip package guard and a
hand-written RFC 1918 denylist) and two negative-control fixtures
(ipaddr.js range classifier and an explicit ::ffff: unwrap).

Signed-off-by: tonghuaroot <23011166+tonghuaroot@users.noreply.github.com>
2026-06-06 21:47:24 +08:00
.devcontainer
Add reference to official codeql system requirements doc
2025-03-17 15:57:32 +01:00
.github
Merge pull request #21324 from github/copilot/automate-go-version-updates-again
2026-06-06 03:03:03 +01:00
.vscode
Change note creation script uses EDITOR environment variable
2025-02-11 14:04:46 +01:00
actions
Post-release preparation for codeql-cli-2.25.6
2026-05-29 12:04:35 +00:00
change-notes
spelling: triggered
2022-10-20 08:21:02 -04:00
config
remove check for files in sync
2026-05-27 17:41:44 +02:00
cpp
Merge pull request #21899 from MathiasVP/use-new-prototype-extensionals
2026-06-01 10:24:19 +02:00
csharp
Add back alias for module
2026-06-04 11:08:49 +02:00
docs
update codeql documentation
2026-06-04 19:36:45 +00:00
go
Merge pull request #21269 from owen-mc/go/improve-tests-for-varargs-flow
2026-06-03 12:39:46 +01:00
java
Merge pull request #21936 from github/workflow/coverage/update
2026-06-04 12:45:21 +01:00
javascript
Add experimental JS query for SSRF guards missing IPv6-transition unwrap
2026-06-06 21:47:24 +08:00
misc
Post-release preparation for codeql-cli-2.25.6
2026-05-29 12:04:35 +00:00
python
Merge pull request #21888 from owen-mc/py/remove-imprecise-container-steps
2026-06-04 22:16:24 +01:00
ql
Use relative paths in tree-sitter extractor diagnostics
2026-05-13 09:45:37 +02:00
ruby
Merge pull request #21873 from hvitved/local-name-resolution
2026-06-01 20:51:07 +02:00
rust
Merge pull request #21918 from hvitved/rust/expose-resolution
2026-06-03 20:18:05 +02:00
shared
Merge pull request #21900 from github/bazookamusic/range-analysis-bound-move-to-shared
2026-06-04 12:45:11 +02:00
swift
Merge pull request #21912 from github/post-release-prep/codeql-cli-2.25.6
2026-05-29 14:43:56 +01:00
unified
Fix parsing of corpus tests when --- delimiter is missing
2026-06-01 14:18:37 +02:00
.bazelrc
fix: disable Android SDK auto-detection for Bazel 9 compatibility
2026-02-10 13:44:07 +01:00
.bazelrc.internal
Bazel: bump python version to 3.12
2025-03-19 15:14:13 +01:00
.bazelversion
chore: upgrade Bazel to 9.0.0
2026-02-10 13:44:04 +01:00
.clang-format
Swift: update formatting to clang-format 17.0.6
2024-01-25 13:58:14 +01:00
.editorconfig
Normalize all text files to LF
2018-09-23 16:24:31 -07:00
.git-blame-ignore-revs
Ignore auto-format commits in git blame.
2023-03-10 15:08:49 +01:00
.gitattributes
Ripunzip: use releases from github
2025-11-18 17:23:59 +01:00
.gitignore
Add .orig files to .gitignore.
2025-09-25 14:03:39 +01:00
.lfsconfig
Explain .lfsconfig choice in the comment
2024-06-04 14:27:08 +02:00
.lgtm.yml
codeql-go merge prep: integrate go/ into codeql
2022-05-20 10:22:47 -07:00
.pre-commit-config.yaml
Kotlin: reinstante trailing whitespace
2026-03-26 14:59:49 +01:00
BUILD.bazel
Rust: Vendor 3rdparty dependencies.
2024-11-13 13:22:14 +01:00
Cargo.lock
Use absolute path fallback instead of file: URI
2026-05-13 10:28:27 +02:00
Cargo.toml
unified: update build dependencies
2026-05-08 13:41:45 +00:00
CODE_OF_CONDUCT.md
Update code of conduct in line with GH
2020-04-23 10:19:13 +01:00
CODEOWNERS
CODEOWNERS: Add Go-related folders for extractor and autobuilder
2025-11-06 11:12:53 +01:00
codeql-workspace.yml
Move list of immutable actions into internal model pack for now.
2025-02-27 11:48:27 -05:00
conftest.py
Swift: add unit tests to code generation
2022-04-27 08:24:11 +02:00
CONTRIBUTING.md
Deprecate the CodeQL for VS Code docs in favour of docs.github.com version
2024-04-25 07:59:33 +00:00
defs.bzl
Bazel: code reorganization
2022-04-12 12:40:59 +02:00
LICENSE
Update license; remove redundant Go qlpack license.
2025-02-06 10:23:37 +00:00
MODULE.bazel
unified: auto-generate parser files
2026-05-12 11:24:35 +00:00
README.md
Update README.md
2024-05-07 13:09:08 +01:00
rust-toolchain.toml
Cargo: align rust toolchain version with internal repository
2025-08-11 16:45:47 +02:00

README.md

CodeQL

This open source repository contains the standard CodeQL libraries and queries that power GitHub Advanced Security and the other application security products that GitHub makes available to its customers worldwide.

How do I learn CodeQL and run queries?

There is extensive documentation about the CodeQL language, writing CodeQL using the CodeQL extension for Visual Studio Code and using the CodeQL CLI.

Contributing

We welcome contributions to our standard library and standard checks. Do you have an idea for a new check, or how to improve an existing query? Then please go ahead and open a pull request! Before you do, though, please take the time to read our contributing guidelines. You can also consult our style guides to learn how to format your code for consistency and clarity, how to write query metadata, and how to write query help documentation for your query.

For information on contributing to CodeQL documentation, see the "contributing guide" for docs.

License

The code in this repository is licensed under the MIT License by GitHub.

The CodeQL CLI (including the CodeQL engine) is hosted in a different repository and is licensed separately. If you'd like to use the CodeQL CLI to analyze closed-source code, you will need a separate commercial license; please contact us for further help.

Visual Studio Code integration

If you use Visual Studio Code to work in this repository, there are a few integration features to make development easier.

CodeQL for Visual Studio Code

You can install the CodeQL for Visual Studio Code extension to get syntax highlighting, IntelliSense, and code navigation for the QL language, as well as unit test support for testing CodeQL libraries and queries.

Tasks

The .vscode/tasks.json file defines custom tasks specific to working in this repository. To invoke one of these tasks, select the Terminal | Run Task... menu option, and then select the desired task from the dropdown. You can also invoke the Tasks: Run Task command from the command palette.

Description
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
codeqlgithub-advanced-securitygithub-security-labsemmle-qlworks-with-codespaces
Readme MIT 20 GiB
Languages
CodeQL 32.2%
Kotlin 27.2%
C# 17%
Java 7.7%
Python 4.6%
Other 11%