mirror of
https://github.com/tiennm99/litellm.git
synced 2026-06-17 22:48:35 +00:00
Yuneng Jiang
ec4273ed8b
Switch query suite from security-extended to security-and-quality to match the default GitHub Advanced Security setup. Run scheduled scans daily instead of weekly. Remove paths-ignore for _experimental/out so build artifacts are also scanned. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
22 lines
705 B
YAML
22 lines
705 B
YAML
name: "LiteLLM CodeQL config"
|
|
|
|
queries:
|
|
- uses: security-and-quality
|
|
|
|
# Known OOM queries on large Python codebases:
|
|
# CodeQL builds a full data flow graph in memory. These two queries trace
|
|
# sensitive data through every log call / regex pattern, causing combinatorial
|
|
# path explosion on codebases with extensive logging like LiteLLM (>2 GiB
|
|
# result sets). This is a known CodeQL scaling limitation, not a code issue.
|
|
# Re-test periodically as CodeQL improves or the codebase refactors logging.
|
|
query-filters:
|
|
- exclude:
|
|
id: py/clear-text-logging-sensitive-data # CWE-312
|
|
- exclude:
|
|
id: py/polynomial-redos # CWE-730
|
|
|
|
paths-ignore:
|
|
- tests
|
|
- docs
|
|
- "**/*.md"
|