CodeQL query help for C#¶
Visit the articles below to see the documentation for the queries included in the following query suites:
default: queries run by default in CodeQL code scanning on GitHub.security-extended: queries fromdefault, plus extra security queries with slightly lower precision and severity.security-and-quality: queries fromdefault,security-extended, plus extra maintainability and reliability queries.
These queries are published in the CodeQL query pack codeql/csharp-queries (changelog, source).
For shorter queries that you can use as building blocks when writing your own queries, see the example queries in the CodeQL repository.
- ‘requireSSL’ attribute is not set to true
- A lock is held during a wait
- ASP.NET config file enables directory browsing
- Arbitrary file access during archive extraction (”Zip Slip”)
- Assembly path injection
- Bad dynamic call
- Bad multiple iteration
- Block code with a single Response.Write()
- Block with too many statements
- Call to GC.Collect()
- Call to ReferenceEquals(…) on value type expressions
- Call to obsolete method
- Calls to unmanaged code
- Cast from abstract to concrete collection
- Cast of ‘this’ to a type parameter
- Cast to same type
- Chain of ‘is’ tests
- Character passed to StringBuilder constructor
- Class does not implement Equals(object)
- Class has same name as super class
- Class implements ICloneable
- Clear text storage of sensitive information
- Comparison is constant
- Comparison of identical values
- Complex condition
- Constant condition
- Container contents are never accessed
- Container contents are never initialized
- Container size compared to zero.
- Cookie security: overly broad domain
- Cookie security: overly broad path
- Cookie security: persistent cookie
- Creating an ASP.NET debug binary may reveal sensitive information
- Cross-site scripting
- Denial of Service from comparison of user input against expensive regex
- Dereferenced variable is always null
- Dereferenced variable may be null
- Deserialization of untrusted data
- Deserialized delegate
- Dispose may not be called if an exception is thrown during execution
- Double-checked lock is not thread-safe
- Dubious downcast of ‘this’
- Dubious type test of ‘this’
- Empty branch of conditional, or empty loop body
- Empty lock statement
- Empty password in configuration file
- Encryption using ECB
- Equality check on floating point values
- Equals on collections
- Equals on incomparable types
- Equals should not apply “as”
- Equals should not apply “is”
- Erroneous class compare
- Exposing internal representation
- Exposure of private information
- Failure to abandon session
- Field masks field in super class
- Futile conditional
- Futile synchronization on field
- Generic catch clause
- Hard-coded connection string with credentials
- Hard-coded credentials
- Hashed value without GetHashCode definition
- Header checking disabled
- Impossible array cast
- Improper control of generation of code
- Inappropriate intimacy
- Inconsistent CompareTo and Equals
- Inconsistent Equals(object) and GetHashCode()
- Inconsistent lock sequence
- Inconsistently synchronized property
- Inefficient use of ContainsKey
- Information exposure through an exception
- Information exposure through transmitted data
- Insecure Direct Object Reference
- Insecure SQL connection
- Insecure randomness
- Invalid string formatting
- LDAP query built from user-controlled sources
- Local scope variable shadows member
- Locking the ‘this’ object in a lock statement
- Log entries created from user input
- Mishandling the Japanese era start date
- Misleading indentation
- Missed ‘readonly’ opportunity
- Missed ‘using’ opportunity
- Missed opportunity to use All
- Missed opportunity to use Cast
- Missed opportunity to use OfType
- Missed opportunity to use Select
- Missed opportunity to use Where
- Missed ternary opportunity
- Missing Dispose call on local IDisposable
- Missing X-Frame-Options HTTP header
- Missing XML validation
- Missing a summary in documentation comment
- Missing cross-site request forgery token validation
- Missing function level access control
- Missing global error handler
- Nested ‘if’ statements can be combined
- Nested loops with same variable
- Null argument to Equals(object)
- Off-by-one comparison against container length
- Page request validation is disabled
- Password in configuration file
- Poor error handling: catch of NullReferenceException
- Poor error handling: empty catch block
- Possible loss of precision
- Potentially dangerous use of non-short-circuit logic
- Potentially incorrect CompareTo(…) signature
- Potentially incorrect Equals(…) signature
- Property value is not used when setting a property
- Recursive call to Equals(object)
- Recursive call to operator==
- Redundant Select
- Redundant ToString() call
- Reference equality test on System.Object
- Regular expression injection
- Resource injection
- Rethrowing exception variable
- SQL query built from user-controlled sources
- Self-assignment
- Serialization check bypass
- Static field written by instance method
- String concatenation in loop
- StringBuilder creation in loop
- Thread-unsafe capturing of an ICryptoTransform object
- Thread-unsafe use of a static ICryptoTransform field
- Too many ‘ref’ parameters
- URL redirection from remote source
- Unchecked cast in Equals method
- Uncontrolled command line
- Uncontrolled data used in path expression
- Uncontrolled format string
- Unmanaged code
- Unnecessarily complex Boolean expression
- Unsafe year argument for ‘DateTime’ constructor
- Unsynchronized access to static collection member in non-static context
- Untrusted XML is read insecurely
- Unused label
- Unvalidated local pointer arithmetic
- Use of default ToString()
- Use of file upload
- Useless ?? expression
- Useless assignment to local variable
- Useless call to GetHashCode()
- Useless type test
- Useless upcast
- User-controlled bypass of sensitive method
- Value shadowing
- Value shadowing: server variable
- Virtual call in constructor or destructor
- Weak encryption
- Weak encryption: Insufficient key size
- Weak encryption: inadequate RSA padding
- XML injection
- XPath injection