This repository is where I store and research CodeQL security queries for the community and organisations to use.
Name
Severity
Path
Base64 Encoding of Sensitive InformationHigh / 8.0
java/CWE-326/Base64Encryption.ql
Hard-coded password fieldUnknown / 9.8
java/CWE-798/HardcodedPasswordsInProperties.ql
Sensitive information exposure through loggingUnknown / 8.0
java/CWE-532/SensitiveInformation.ql
Use of Cryptographically Weak Pseudo-Random Number GeneratorMedium / 6.0
java/CWE-338/WeakPRNG.ql
Customized Cross-site scriptingUnknown / 6.1
java/CWE-079/XSSJSP.ql
Queries - JavaScript / TypeScript
Name
Severity
Path
Code injectionCritical / 10.0
python/CWE-094/CodeInjectionLocal.ql
SQL query built from user-controlled sourcesCritical / 10.0
python/CWE-089/SqlInjectionLocal.ql
Deserializing untrusted inputHigh / 8.0
python/CWE-502/UnsafeDeserializationLocal.ql
Uncontrolled command lineCritical / 10.0
python/CWE-078/CommandInjectionLocal.ql
Use of a broken or weak cryptographic algorithmMedium / 5.0
python/CWE-327/WeakHashingAlgorithms.ql
Dangerous FunctionsLow / 2.5
python/CWE-676/DangerousFunctions.ql
Insufficient LoggingLow / 1.0
python/CWE-778/InsufficientLogging.ql
Hard-coded credentialsMedium / 5.9
python/CWE-798/HardcodedFrameworkSecrets.ql
Use of Cryptographically Weak Pseudo-Random Number GeneratorMedium / 6.0
python/CWE-338/WeakPRNG.ql
This folder contains scripts that I use to make my life easier (all store in the ./scripts directory).
Name (path)
Description
update.shUpdates CodeQL CLI automatically
scan.pyScript to automatically create and store CodeQL databases. VSCode tasks for workspace available.
This action is used to easily inject customisations into CodeQL.
See the README for more information.