CodeQL query help for Java¶
Visit the articles below to see the documentation for the queries included in the following query suites:
code-scanning
: queries run by default in CodeQL code scanning on GitHub.security-extended
: queries fromcode-scanning
, plus extra security queries with slightly lower precision and severity.security-and-quality
: queries fromcode-scanning
,security-extended
, plus extra maintainability and reliability queries.
For shorter queries that you can use as building blocks when writing your own queries, see the example queries in the CodeQL repository.
- Arbitrary file write during archive extraction (“Zip Slip”)
- Array index out of bounds
- Boxed variable is never null
- Building a command line with string concatenation
- Cast from abstract to concrete collection
- Character passed to StringBuffer or StringBuilder constructor
- Cleartext storage of sensitive information in cookie
- Comparison of identical values
- Constant loop condition
- Container contents are never accessed
- Container contents are never initialized
- Container size compared to zero
- Continue statement that does not continue
- Contradictory type checks
- Cross-site scripting
- Dereferenced expression may be null
- Dereferenced variable is always null
- Dereferenced variable may be null
- Deserialization of user-controlled data
- Detect JHipster Generator Vulnerability CVE-2019-16303
- Disabled Netty HTTP header validation
- Disabled Spring CSRF protection
- Double-checked locking is not thread-safe
- Equals method does not inspect argument type
- Equals on incomparable types
- Equals or hashCode on arrays
- Expression always evaluates to the same value
- Failure to use HTTPS or SFTP URL in Maven artifact upload/download
- Failure to use secure cookies
- HTTP response splitting
- Hashed value without hashCode definition
- Implicit conversion from array to string
- Implicit narrowing conversion in compound assignment
- Inconsistent equals and hashCode
- Inconsistent synchronization of getter and setter
- Inefficient output stream
- Information exposure through a stack trace
- Insecure Bean Validation
- Interface cannot be implemented
- Iterable wrapping an iterator
- Iterator implementing Iterable
- LDAP query built from user-controlled sources
- Left shift by more than the type width
- Lines of code in files
- Lines of commented-out code in files
- Lines of comments in files
- Misleading indentation
- Missing format argument
- Missing space in string literal
- Non-final method invocation in constructor
- Non-synchronized override of synchronized method
- Number of tests
- Potential database resource leak
- Potential input resource leak
- Potential output resource leak
- Query built from user-controlled sources
- Query built without neutralizing special characters
- Race condition in double-checked locking object initialization
- Reading from a world writable file
- Reference equality test of boxed types
- Resolving XML external entity in user-controlled data
- Result of multiplication cast to wider type
- Self assignment
- Spurious Javadoc @param tags
- Subtle call to inherited method
- Suspicious date format
- Synchronization on boxed types or strings
- Type mismatch on container access
- Type mismatch on container modification
- URL redirection from remote source
- Uncontrolled command line
- Uncontrolled data used in path expression
- Unreachable catch clause
- Unused format argument
- Use of a broken or risky cryptographic algorithm
- Use of a predictable seed in a secure random number generator
- Use of externally-controlled format string
- Useless comparison test
- Useless null check
- Useless type test
- User-controlled data in numeric cast
- User-controlled data used in permissions check
- Whitespace contradicts operator precedence
- Wrong NaN comparison