CodeQL for C and C++¶

Experiment and learn how to write effective and efficient queries for CodeQL databases generated from C and C++ codebases.

Basic query for C and C++ code: Learn to write and run a simple CodeQL query.
CodeQL library for C and C++: When analyzing C or C++ code, you can use the large collection of classes in the CodeQL library for C and C++.
Functions in C and C++: You can use CodeQL to explore functions in C and C++ code.
Expressions, types, and statements in C and C++: You can use CodeQL to explore expressions, types, and statements in C and C++ code to find, for example, incorrect assignments.
Conversions and classes in C and C++: You can use the standard CodeQL libraries for C and C++ to detect when the type of an expression is changed.
Analyzing data flow in C and C++: You can use data flow analysis to track the flow of potentially malicious or insecure data that can cause vulnerabilities in your codebase.
Refining a query to account for edge cases: You can improve the results generated by a CodeQL query by adding conditions to remove false positive results caused by common edge cases.
Detecting a potential buffer overflow: You can use CodeQL to detect potential buffer overflows by checking for allocations equal to strlen in C and C++.
Using the guards library in C and C++: You can use the CodeQL guards library to identify conditional expressions that control the execution of other parts of a program in C and C++ codebases.
Using range analysis for C and C++: You can use range analysis to determine the upper or lower bounds on an expression, or whether an expression could potentially over or underflow.
Hash consing and value numbering: You can use specialized CodeQL libraries to recognize expressions that are syntactically identical or compute the same value at runtime in C and C++ codebases.