CodeQL query help for C#¶
Visit the articles below to see the documentation for the queries included in the following query suites:
code-scanning: queries run by default in CodeQL code scanning on GitHub.security-extended: queries fromcode-scanning, plus extra security queries with slightly lower precision and severity.security-and-quality: queries fromcode-scanning,security-extended, plus extra maintainability and reliability queries.
For shorter queries that you can use as building blocks when writing your own queries, see the example queries in the CodeQL repository.
- ‘requireSSL’ attribute is not set to true
- A lock is held during a wait
- ASP.NET config file enables directory browsing
- Arbitrary file write during zip extraction (“Zip Slip”)
- Assembly path injection
- Call to GC.Collect()
- Call to ReferenceEquals(…) on value type expressions
- Call to obsolete method
- Character passed to StringBuilder constructor
- Class implements ICloneable
- Clear text storage of sensitive information
- Comparison is constant
- Comparison of identical values
- Constant condition
- Container contents are never accessed
- Container contents are never initialized
- Container size compared to zero.
- Cookie security: overly broad domain
- Cookie security: overly broad path
- Cookie security: persistent cookie
- Creating an ASP.NET debug binary may reveal sensitive information
- Cross-site scripting
- Denial of Service from comparison of user input against expensive regex
- Dereferenced variable is always null
- Dereferenced variable may be null
- Deserialization of untrusted data
- Deserialized delegate
- Dubious downcast of ‘this’
- Dubious type test of ‘this’
- Empty branch of conditional, or empty loop body
- Empty lock statement
- Encryption using ECB
- Equals on incomparable types
- Exposure of private information
- Failure to abandon session
- Field masks field in super class
- Futile conditional
- Futile synchronization on field
- Hard-coded connection string with credentials
- Hard-coded credentials
- Hashed value without GetHashCode definition
- Header checking disabled
- Impossible array cast
- Improper control of generation of code
- Inconsistent lock sequence
- Information exposure through an exception
- Information exposure through transmitted data
- Insecure randomness
- Invalid string formatting
- LDAP query built from user-controlled sources
- Lines of code in files
- Lines of commented-out code in files
- Lines of comments in files
- Locking the ‘this’ object in a lock statement
- Log entries created from user input
- Missing Dispose call on local IDisposable
- Missing X-Frame-Options HTTP header
- Missing cross-site request forgery token validation
- Missing global error handler
- Nested loops with same variable
- Null argument to Equals(object)
- Number of tests
- Off-by-one comparison against container length
- Poor error handling: catch of NullReferenceException
- Poor error handling: empty catch block
- Possible loss of precision
- Potentially dangerous use of non-short-circuit logic
- Property value is not used when setting a property
- Recursive call to Equals(object)
- Redundant Select
- Regular expression injection
- Resource injection
- Rethrowing exception variable
- SQL query built from user-controlled sources
- Self-assignment
- String concatenation in loop
- StringBuilder creation in loop
- Too many ‘ref’ parameters
- URL redirection from remote source
- Unchecked cast in Equals method
- Uncontrolled command line
- Uncontrolled data used in path expression
- Uncontrolled format string
- Untrusted XML is read insecurely
- Unused label
- Unvalidated local pointer arithmetic
- Use of default ToString()
- Useless assignment to local variable
- User-controlled bypass of sensitive method
- Using a package with a known vulnerability
- Weak encryption
- Weak encryption: Insufficient key size
- Weak encryption: inadequate RSA padding
- XML injection
- XPath injection