Lea Rosema on Nostr: Yesterday I tried out codeql which is a code scanning feature by GitHub. It parses ...
Yesterday I tried out codeql which is a code scanning feature by GitHub.
It parses the code into an AST and puts it into a database, which allows to run queries against it.
Was quite impressed by it. It spotted a thing in a regular expression in my JavaScript code which is a security vulnerability.
But one thing Github also offers was to autofix the issue via Copilot. Copilot made the issue worse, it added the one missing 'g' modifier but it also removed all the 'm' (multiline) modifier.
It parses the code into an AST and puts it into a database, which allows to run queries against it.
Was quite impressed by it. It spotted a thing in a regular expression in my JavaScript code which is a security vulnerability.
But one thing Github also offers was to autofix the issue via Copilot. Copilot made the issue worse, it added the one missing 'g' modifier but it also removed all the 'm' (multiline) modifier.