• CodeQL query help documentation »

CodeQL query help for C#

Visit the articles below to see the documentation for the queries included in the following query suites:

• code-scanning: queries run by default in CodeQL code scanning on GitHub.

• security-extended: queries from code-scanning, plus extra security queries with slightly lower precision and severity.

• security-and-quality: queries from code-scanning, security-extended, plus extra maintainability and reliability queries.

These queries are published in the CodeQL query pack codeql/csharp-queries (changelog, source).

For shorter queries that you can use as building blocks when writing your own queries, see the example queries in the CodeQL repository.

• ‘requireSSL’ attribute is not set to true
• A lock is held during a wait
• ASP.NET config file enables directory browsing
• Arbitrary file write during zip extraction (”Zip Slip”)
• Assembly path injection
• Bad dynamic call
• Bad multiple iteration
• Block code with a single Response.Write()
• Block with too many statements
• Call to GC.Collect()
• Call to ReferenceEquals(…) on value type expressions
• Call to obsolete method
• Calls to unmanaged code
• Cast from abstract to concrete collection
• Cast of ‘this’ to a type parameter
• Cast to same type
• Chain of ‘is’ tests
• Character passed to StringBuilder constructor
• Class does not implement Equals(object)
• Class has same name as super class
• Class implements ICloneable
• Clear text storage of sensitive information
• Comparison is constant
• Comparison of identical values
• Complex condition
• Constant condition
• Container contents are never accessed
• Container contents are never initialized
• Container size compared to zero.
• Cookie security: overly broad domain
• Cookie security: overly broad path
• Cookie security: persistent cookie
• Creating an ASP.NET debug binary may reveal sensitive information
• Cross-site scripting
• Denial of Service from comparison of user input against expensive regex
• Dereferenced variable is always null
• Dereferenced variable may be null
• Deserialization of untrusted data
• Deserialized delegate
• Dispose may not be called if an exception is thrown during execution
• Double-checked lock is not thread-safe
• Dubious downcast of ‘this’
• Dubious type test of ‘this’
• Empty branch of conditional, or empty loop body
• Empty lock statement
• Empty password in configuration file
• Encryption using ECB
• Equality check on floating point values
• Equals on collections
• Equals on incomparable types
• Equals should not apply “as”
• Equals should not apply “is”
• Erroneous class compare
• Exposing internal representation
• Exposure of private information
• Failure to abandon session
• Field masks field in super class
• Futile conditional
• Futile synchronization on field
• Generic catch clause
• Hard-coded connection string with credentials
• Hard-coded credentials
• Hashed value without GetHashCode definition
• Header checking disabled
• Impossible array cast
• Improper control of generation of code
• Inappropriate intimacy
• Inconsistent CompareTo and Equals
• Inconsistent Equals(object) and GetHashCode()
• Inconsistent lock sequence
• Inconsistently synchronized property
• Inefficient use of ContainsKey
• Information exposure through an exception
• Information exposure through transmitted data
• Insecure SQL connection
• Insecure randomness
• Invalid string formatting
• LDAP query built from stored user-controlled sources
• LDAP query built from user-controlled sources
• Lines of code in files
• Lines of commented-out code in files
• Lines of comments in files
• Local scope variable shadows member
• Locking the ‘this’ object in a lock statement
• Log entries created from user input
• Mishandling the Japanese era start date
• Misleading indentation
• Missed ‘readonly’ opportunity
• Missed ‘using’ opportunity
• Missed opportunity to use All
• Missed opportunity to use Cast
• Missed opportunity to use OfType
• Missed opportunity to use Select
• Missed opportunity to use Where
• Missed ternary opportunity
• Missing Dispose call on local IDisposable
• Missing X-Frame-Options HTTP header
• Missing XML validation
• Missing a summary in documentation comment
• Missing cross-site request forgery token validation
• Missing global error handler
• Nested ‘if’ statements can be combined
• Nested loops with same variable
• Null argument to Equals(object)
• Number of tests
• Off-by-one comparison against container length
• Password in configuration file
• Poor error handling: catch of NullReferenceException
• Poor error handling: empty catch block
• Possible loss of precision
• Potentially dangerous use of non-short-circuit logic
• Potentially incorrect CompareTo(…) signature
• Potentially incorrect Equals(…) signature
• Property value is not used when setting a property
• Recursive call to Equals(object)
• Recursive call to operator==
• Redundant Select
• Redundant ToString() call
• Reference equality test on System.Object
• Regular expression injection
• Resource injection
• Rethrowing exception variable
• SQL query built from stored user-controlled sources
• SQL query built from user-controlled sources
• Self-assignment
• Serialization check bypass
• Static field written by instance method
• Stored XPath injection
• Stored cross-site scripting
• String concatenation in loop
• StringBuilder creation in loop
• Thread-unsafe capturing of an ICryptoTransform object
• Thread-unsafe use of a static ICryptoTransform field
• Too many ‘ref’ parameters
• URL redirection from remote source
• Unchecked cast in Equals method
• Uncontrolled command line
• Uncontrolled command line from stored user input
• Uncontrolled data used in path expression
• Uncontrolled format string
• Unmanaged code
• Unnecessarily complex Boolean expression
• Unsafe year argument for ‘DateTime’ constructor
• Unsynchronized access to static collection member in non-static context
• Untrusted XML is read insecurely
• Unused label
• Unvalidated local pointer arithmetic
• Use of default ToString()
• Use of file upload
• Useless ?? expression
• Useless assignment to local variable
• Useless call to GetHashCode()
• Useless type test
• Useless upcast
• User-controlled bypass of sensitive method
• Value shadowing
• Value shadowing: server variable
• Virtual call in constructor or destructor
• Weak encryption
• Weak encryption: Insufficient key size
• Weak encryption: inadequate RSA padding
• XML injection
• XPath injection

• © GitHub, Inc.
• Terms
• Privacy