CodeQL documentation
CodeQL resources
CodeQL overview
CodeQL guides
Writing CodeQL queries
CodeQL language guides
Reference docs
QL language reference
CodeQL standard-libraries
CodeQL query help
Source files
CodeQL repository
Academic
QL publications
CodeQL query help for C and C++
CodeQL query help for C#
‘requireSSL’ attribute is not set to true
A lock is held during a wait
ASP.NET config file enables directory browsing
Arbitrary file access during archive extraction (”Zip Slip”)
Assembly path injection
Bad dynamic call
Bad multiple iteration
Block code with a single Response.Write()
Block with too many statements
Call to GC.Collect()
Call to ReferenceEquals(…) on value type expressions
Call to System.IO.Path.Combine
Call to obsolete method
Calls to unmanaged code
Cast from abstract to concrete collection
Cast of ‘this’ to a type parameter
Cast to same type
Chain of ‘is’ tests
Character passed to StringBuilder constructor
Class does not implement Equals(object)
Class has same name as super class
Class implements ICloneable
Clear text storage of sensitive information
Comparison is constant
Comparison of identical values
Complex condition
Constant condition
Container contents are never accessed
Container contents are never initialized
Container size compared to zero
Cookie ‘HttpOnly’ attribute is not set to true
Cookie ‘Secure’ attribute is not set to true
Cookie security: overly broad domain
Cookie security: overly broad path
Cookie security: persistent cookie
Creating an ASP.NET debug binary may reveal sensitive information
Cross-site scripting
Denial of Service from comparison of user input against expensive regex