CodeQL documentation
CodeQL resources
CodeQL overview
CodeQL guides
Writing CodeQL queries
CodeQL language guides
Reference docs
QL language reference
CodeQL standard-libraries
CodeQL query help
Source files
CodeQL repository
Academic
QL publications
CodeQL query help for C and C++
CodeQL query help for C#
CodeQL query help for GitHub Actions
CodeQL query help for Go
CodeQL query help for Java and Kotlin
CodeQL query help for JavaScript and TypeScript
Access to let-bound variable in temporal dead zone
Arbitrary file access during archive extraction (”Zip Slip”)
Arguments redefined
Arrow method on Vue instance
Assignment to constant
Assignment to exports variable
Assignment to property of primitive value
Back reference into negative lookahead assertion
Back reference precedes capture group
Bad HTML filtering regexp
CORS misconfiguration for credentials transfer
Call to eval-like DOM function
Case-sensitive middleware path
Clear text storage of sensitive information
Clear text transmission of sensitive cookie
Clear-text logging of sensitive information
Client-side URL redirect
Client-side cross-site scripting
Client-side request forgery
Code injection
Comparison between inconvertible types
Comparison with NaN
Conditional comments
Conflicting function declarations
Conflicting variable initialization
Creating biased random numbers from a cryptographically secure source
Cross-window communication with unrestricted target origin
DOM text reinterpreted as HTML
Database query built from user-controlled sources
Default parameter references nested function
Deleting non-property
Dependency download using unencrypted communication channel
Dependency mismatch
Deserialization of user-controlled data
Direct state mutation
Disabling Electron webSecurity
Disabling SCE
Disabling certificate validation
Double compilation
Double escaping or unescaping
Download of sensitive file through insecure connection
Duplicate ‘if’ condition
Duplicate HTML element attributes
Duplicate character in character class
Duplicate dependency
Duplicate parameter names
Duplicate property
Duplicate switch case
Duplicate variable declaration
Empty character class
Empty password in configuration file
Enabling Electron allowRunningInsecureContent
Exception text reinterpreted as HTML
Exposure of private files
Expression has no effect
Expression injection in Actions
Failure to abandon session
File data in outbound network request
Hard-coded credentials
Hard-coded data interpreted as code
Host header poisoning in email generation
Identical operands
Ignoring result from pure array method
Illegal invocation
Implicit operand conversion
Improper code sanitization
Inclusion of functionality from an untrusted source
Incompatible dependency injection
Incomplete HTML attribute sanitization
Incomplete URL scheme check
Incomplete URL substring sanitization
Incomplete multi-character sanitization
Incomplete regular expression for hostnames
Incomplete string escaping or encoding
Inconsistent direction of for loop
Inconsistent use of ‘new’
Incorrect suffix check
Indirect uncontrolled command line
Ineffective parameter type