CodeQL documentation
CodeQL resources
CodeQL overview
CodeQL guides
Writing CodeQL queries
CodeQL language guides
Reference docs
QL language reference
CodeQL standard-libraries
CodeQL query help
Source files
CodeQL repository
Academic
QL publications
CodeQL query help for C and C++
CodeQL query help for C#
CodeQL query help for GitHub Actions
CodeQL query help for Go
CodeQL query help for Java and Kotlin
Access Java object methods through JavaScript exposure
Access to unsupported JDK-internal API
Android APK installation
Android Intent redirection
Android WebSettings file access
Android WebView JavaScript settings
Android WebView settings allows access to content links
Android Webview debugging enabled
Android
WebView
that accepts all certificates
Android debuggable attribute enabled
Android fragment injection
Android fragment injection in PreferenceActivity
Android missing certificate pinning
Android sensitive keyboard cache
AnnotationPresent check
Application backup allowed
Arbitrary file access during archive extraction (”Zip Slip”)
Array index out of bounds
Bad implementation of an event Adapter
Bad suite method
Boxed variable is never null
Building a command line with string concatenation
Building a command with an injected environment variable
Call to Iterator.remove may fail
Cast from abstract to concrete collection
Chain of ‘instanceof’ tests
Character passed to StringBuffer or StringBuilder constructor
Class has same name as super class
Cleartext storage of sensitive information in cookie
Cleartext storage of sensitive information in the Android filesystem
Cleartext storage of sensitive information using ‘Properties’ class
Cleartext storage of sensitive information using
SharedPreferences
on Android
Cleartext storage of sensitive information using a local database on Android
Comparison of identical values
Comparison of narrow type with wide type in loop condition
Confusing method names because of capitalization
Confusing non-overriding of package-private method
Confusing overloading of methods