C and C++ queries for CodeQL analysis

Explore the queries that CodeQL uses to analyze code written in C or C++ when you select the default or the security-extended query suite.

Who can use this feature?

Code scanning is available for all public repositories on GitHub.com. Code scanning is also available for private repositories owned by organizations that use GitHub Enterprise Cloud and have a license for GitHub Advanced Security. For more information, see "About GitHub Advanced Security."

CodeQL includes many queries for analyzing C and C++ code. All queries in the default query suite are run by default. If you choose to use the security-extended query suite, additional queries are run. For more information, see "CodeQL query suites."

Built-in queries for C and C++ analysis

This table lists the queries available with the latest release of the CodeQL action and CodeQL CLI. For more information, see CodeQL change logs in the CodeQL documentation site.

Note

GitHub autofix for code scanning is in beta. Functionality and documentation are subject to change. During this phase, the feature is restricted to alerts identified by CodeQL for private and internal repositories. If you have an enterprise account and use GitHub Advanced Security, your enterprise has access to the beta.

Query name	Related CWEs	Default	Extended	Autofix
Bad check for overflow of integer addition	190, 192
Badly bounded write	120, 787, 805
Call to `memset` may be deleted	14
Call to alloca in a loop	770
Call to function with fewer arguments than declared parameters	234, 685
Cast between HRESULT and a Boolean type	253
Cast from char* to wchar_t*	704
CGI script vulnerable to cross-site scripting	079
Cleartext storage of sensitive information in file	260, 313
Cleartext transmission of sensitive information	319, 359
Comparison of narrow type with wide type in loop condition	190, 197, 835
Dangerous use of 'cin'	676
Exposure of system data to an unauthorized control sphere	497
Failure to use HTTPS URLs	319, 345
File opened with O_CREAT flag but without mode argument	732
Incorrect return-value check for a 'scanf'-like function	253
Likely overrunning write	120, 787, 805
Mismatching new/free or malloc/delete	401
Multiplication result converted to larger type	190, 192, 197, 681
No space for zero terminator	131, 120, 122
Pointer overflow check	758
Potential double free	415
Potential use after free	416
Potentially overflowing call to snprintf	190, 253
Redundant null check due to previous dereference	476
Returning stack-allocated memory	825
Setting a DACL to NULL in a SECURITY_DESCRIPTOR	732
Signed overflow check	128, 190
Static array access may cause overflow	119, 131
Suspicious add with sizeof	468
Time-of-check time-of-use filesystem race condition	367
Too few arguments to formatting function	234, 685
Uncontrolled data in arithmetic expression	190, 191
Uncontrolled data in SQL query	089
Uncontrolled data used in OS command	078, 088
Uncontrolled format string	134
Unsafe use of this in constructor	670
Upcast array used in pointer arithmetic	119, 843
Use of a broken or risky cryptographic algorithm	327
Use of a cryptographic algorithm with insufficient key size	326
Use of a version of OpenSSL with Heartbleed	327, 788
Use of dangerous function	242, 676
Use of expired stack-address	825
Use of string after lifetime ends	416, 664
Use of unique pointer after lifetime ends	416, 664
Wrong type of arguments to formatting function	686
XML external entity expansion	611
Array offset used before range check	120, 125
Authentication bypass by spoofing	290
boost::asio TLS settings misconfiguration	326
boost::asio use of deprecated hardcoded protocol	327
Certificate not checked	295
Certificate result conflation	295
Cleartext storage of sensitive information in an SQLite database	313
Cleartext storage of sensitive information in buffer	312
Comma before misleading indentation	1078, 670
File created without restricting permissions	732
Incorrect 'not' operator usage	480
Incorrect allocation-error handling	570, 252, 755
Invalid pointer dereference	119, 125, 193, 787
Iterator to expired container	416, 664
Missing return-value check for a 'scanf'-like function	252, 253
Non-constant format string	134
Not enough memory allocated for array of pointer type	131, 122
Not enough memory allocated for pointer type	131, 122
NULL application name with an unquoted path in call to CreateProcess	428
Overflow in uncontrolled allocation size	190, 789
Overrunning write	119, 131
Possibly wrong buffer size in string copy	676, 119, 251
Potential exposure of sensitive system data to an unauthorized control sphere	497
Potentially overrunning write	120, 787, 805
Potentially overrunning write with float to string conversion	120, 787, 805
Potentially uninitialized local variable	665, 457
Potentially unsafe call to strncat	788, 676, 119, 251
Potentially unsafe use of strcat	676, 120, 251
Suspicious 'sizeof' use	467
Suspicious pointer scaling	468
Suspicious pointer scaling to void	468
Type confusion	843
Unbounded write	120, 787, 805
Uncontrolled data used in path expression	022, 023, 036, 073
Uncontrolled process operation	114
Unsigned difference expression compared to zero	191
Unterminated variadic call	121
Untrusted input for a condition	807
Use of potentially dangerous function	676

Jun	JUL	Aug
	24
2023	2024	2025