Commit e1d8d27
authored
File tree
- cpp/ql
- src
- Critical
- Security/CWE/CWE-114
- change-notes
- test
- examples/BadLocking
- experimental/query-tests/Security/CWE
- CWE-020
- NoCheckBeforeUnsafePutUser
- semmle/tests
- CWE-078
- CWE-1041/semmle/tests
- CWE-1126/semmle/tests
- CWE-1240
- CWE-125/semmle/tests
- CWE-190
- AllocMultiplicationOverflow
- DangerousUseOfTransformationAfterOperation
- IfStatementAdditionOverflow
- CWE-193
- array-access
- constant-size
- CWE-200
- test1
- test2
- test3
- CWE-243/semmle/tests
- CWE-266/semmle/tests
- CWE-285
- CWE-295
- CWE-359/semmle/tests
- CWE-369/semmle/tests
- CWE-377/semmle/tests
- CWE-401/semmle/tests
- CWE-409/DecompressionBombs
- CWE-415/semmle/tests
- CWE-476/semmle/tests
- CWE-561/semmle/tests
- CWE-670/semmle/tests
- CWE-675/semmle/tests
- CWE-691/semmle/tests
- CWE-703/semmle/tests
- CWE-754/semmle/tests
- CWE-758/semmle/tests
- CWE-783/semmle/tests
- CWE-788/semmle/tests
- CWE-805/semmle/tests
- semmle/tests
- library-tests
- ir
- ir
- ssa
- lossy_pointer_cast
- syntax-zoo
- query-tests
- Architecture
- FeatureEnvy
- Refactoring Opportunities
- ClassesWithManyFields
- ComplexFunctions
- Best Practices
- GuardedFree
- Hiding
- DeclarationHidesParameter
- DeclarationHidesVariable
- LocalVariableHidesGlobalVariable
- Likely Errors
- CommaBeforeMisleadingIndentation
- OffsetUseBeforeRangeCheck
- Slicing
- Magic Constants
- Japanese Era
- MagicConstantsNumbers
- MagicConstantsString
- RuleOfTwo
- SloppyGlobal
- Unused Entities
- UnusedIncludes
- UnusedLocals
- UnusedStaticFunctions
- UnusedStaticVariables
- Critical
- DeadCodeFunction
- DeadCodeGoto
- FileClosed
- GlobalUseBeforeInit
- InitialisationNotRun
- LargeParameter
- MemoryFreed
- MissingCheckScanf
- MissingNullTest
- NewFree
- NotInitialised
- OverflowCalculated
- OverflowStatic
- ReturnValueIgnored
- SizeCheck
- UnsafeUseOfThis
- Documentation/DocumentApi
- Header Cleanup/Cleanup-DuplicateIncludeGuard
- subfolder
- JPL_C
- LOC-3
- Rule 13
- LimitedScopeFile
- LimitedScopeFunction
- Rule 17
- LOC-4
- Rule 29/NonConstFunctionPointer
- Rule 30/FunctionPointerConversions
- Likely Bugs
- AmbiguouslySignedBitField
- Arithmetic
- BadAdditionOverflowCheck
- BadCheckOdd
- BitwiseSignCheck
- ComparisonPrecedence
- FloatComparison
- IntMultToLong
- PointlessComparison
- UnsignedGEZero
- ContinueInFalseLoop
- Conversion
- ArrayArgSizeMismatch
- CastArrayPointerArithmetic
- ImplicitDowncastFromBitfield
- LossyFunctionResultCast
- Format
- NonConstantFormat
- SnprintfOverflow
- WrongNumberOfFormatArguments
- WrongTypeFormatArguments
- Buildless
- Builtin
- Linux_mixed_byte_wprintf
- Linux_mixed_word_size
- Linux_signed_chars
- Linux_two_byte_wprintf
- Linux_unsigned_chars
- Microsoft_no_wchar
- Microsoft
- InconsistentCheckReturnNull
- Leap Year
- Adding365DaysPerYear
- UncheckedLeapYearAfterYearModification
- UnsafeArrayForDaysOfYear
- Likely Typos
- AssignWhereCompareMeant
- CompareWhereAssignMeant
- DubiousNullCheck
- ExprHasNoEffect
- CMakeFiles/CMakeScratch/TryCompile-abcdef
- autoconf
- meson-private/tmp_abc
- IncorrectNotOperatorUsage
- ShortCircuitBitMask
- UsingStrcpyAsBoolean
- inconsistentLoopDirection
- Memory Management
- AllocaInLoop
- ImproperNullTermination
- NtohlArrayNoBound
- Padding
- More64BitWaste
- NonPortablePrintf
- Suboptimal64BitType
- PointerOverflow
- ReturnCstrOfLocalStdString
- ReturnStackAllocatedMemory
- StackAddressEscapes
- StrncpyFlippedArgs
- SuspiciousCallToMemset
- SuspiciousCallToStrncat
- SuspiciousSizeof
- UnsafeUseOfStrcat
- UsingExpiredStackAddress
- OO
- IncorrectConstructorDelegation
- NonVirtualDestructorInBaseClass
- ThrowInDestructor
- Protocols
- RedundantNullCheckSimple
- ReturnConstTypeMember
- ReturnConstType
- ShortLoopVarName
- Underspecified Functions
- UseInOwnInitializer
- Power of 10/Rule 2
- Security/CWE
- CWE-014
- CWE-022/SAMATE/TaintedPath
- CWE-078
- SAMATE/ExecTainted
- semmle/ExecTainted
- CWE-079/semmle/CgiXss
- CWE-114
- SAMATE/UncontrolledProcessOperation
- semmle/UncontrolledProcessOperation
- CWE-119
- SAMATE
- semmle/tests
- CWE-120/semmle
- UnsafeUseOfStrcat
- tests
- CWE-121/semmle/tests
- CWE-129
- SAMATE/ImproperArrayIndexValidation
- semmle/ImproperArrayIndexValidation
- CWE-131/NoSpaceForZeroTerminator
- CWE-134
- SAMATE
- semmle
- argv
- consts
- funcs
- globalVars
- ifs
- CWE-190
- SAMATE
- semmle
- ArithmeticUncontrolled
- ArithmeticWithExtremeValues
- ComparisonWithWiderType
- TaintedAllocationSize
- tainted
- CWE-191/UnsignedDifferenceExpressionComparedZero
- CWE-193
- CWE-197/SAMATE/IntegerOverflowTainted
- CWE-242/semmle/tests
- CWE-253
- CWE-290/semmle/AuthenticationBypass
- CWE-295
- CWE-311/semmle/tests
- CWE-319/UseOfHttp
- CWE-326
- CWE-327
- CWE-367/semmle
- CWE-416/semmle/tests
- IteratorToExpiredContainer
- UseAfterFree
- UseOfStringAfterLifetimeEnds
- UseOfUniquePtrAfterLifetimeEnds
- CWE-428
- CWE-457/semmle
- ConditionallyUninitializedVariable
- tests
- CWE-468/semmle
- IncorrectPointerScaling
- SuspiciousAddWithSizeof
- CWE-497
- SAMATE
- semmle/tests
- CWE-570
- CWE-611
- CWE-676
- SAMATE/DangerousUseOfCin
- semmle
- DangerousUseOfCin
- PotentiallyDangerousFunction
- CWE-732
- CWE-764/semmle/tests
- CWE-772
- SAMATE
- semmle
- tests-file
- tests-memory
- CWE-807/semmle/TaintedCondition
- CWE-835/semmle/InfiniteLoopWithUnsatisfiableExitCondition
- CWE-843
- jsf
- 3.02 Code Size and Complexity/AV Rule 1
- 4.04 Environment/AV Rule 13
- 4.06 Pre-Processing Directives/AV Rule 32
- 4.09 Style/AV Rule 53 54
- 4.10 Classes
- AV Rule 73
- AV Rule 76
- AV Rule 77.1
- AV Rule 78
- AV Rule 79
- AV Rule 82
- AV Rule 85
- AV Rule 97
- 4.13 Functions
- AV Rule 107
- AV Rule 114
- 4.16 Initialization/AV Rule 145
- 4.21 Operators
- AV Rule 157
- AV Rule 164
- AV Rule 165
- AV Rule 166
- 4.22 Pointers and References/AV Rule 176
- 4.24 Control Flow Structures
- AV Rule 186
- AV Rule 193
- AV Rule 196
- AV Rule 201
- 4.28 Portable Code/AV Rule 210
- csharp/ql
- campaigns/Solorigate/test/Solorigate
- integration-tests
- all-platforms
- blazor_net_8
- BlazorTest/Components
- Pages
- blazor
- BlazorTest/Components
- Pages
- standalone_buildless_option
- standalone
- posix/query-suite
- lib
- ext
- utils/test/internal
- src
- Security Features
- CWE-020
- CWE-114
- change-notes
- released
- codeql-suites
- test
- experimental
- CWE-918
- Security Features
- CWE-759
- JsonWebTokenHandler
- Serialization
- backdoor
- library-tests
- arguments
- assignments
- attributes
- comments
- compilations
- constructors
- conversion/operator
- csharp11
- csharp6
- csharp7.1
- csharp7.2
- csharp7.3
- csharp7
- csharp8
- csharp9
- dataflow
- implicittostring
- tuples
- definitions
- delegates
- diagnostics
- dynamic
- enums
- events
- exceptions
- expressions
- extension
- fields
- filters/ClassifyFiles
- frameworks/microsoft/aspnetcore/blazor
- generics
- goto
- indexers
- initializers
- linq
- members
- methods
- nameof
- namespaces
- nestedtypes
- operators
- partial
- properties
- statements
- stringinterpolation
- types
- unsafe
- query-tests
- API Abuse
- CallToGCCollect
- CallToObsoleteMethod
- ClassDoesNotImplementEquals
- ClassImplementsICloneable
- DisposeNotCalledOnException
- InconsistentEqualsGetHashCode
- IncorrectCompareToSignature
- IncorrectEqualsSignature
- MissingDisposeCall
- MissingDisposeMethod
- NonOverridingMethod
- NullArgumentToEquals
- UncheckedReturnValue
- ASP
- BlockCodeResponseWrite
- ComplexInlineCode
- NonInternationalizedText
- SplitControlStructure
- AlertSuppression
- Architecture
- Dependencies/MutualDependency
- Refactoring Opportunities
- FeatureEnvy
- InappropriateIntimacy
- Bad Practices
- Declarations
- EmptyInterface
- LocalScopeVariableShadowsMember
- NoConstantsOnly
- TooManyRefParameters
- EmptyCatchBlock
- Implementation Hiding
- AbstractToConcreteCollection
- ExposeRepresentation
- StaticArray
- Naming Conventions
- ConfusingMethodNames
- VariableNameTooShort
- Path Combine
- VirtualCallInConstructorOrDestructor
- CSI/CompareIdenticalValues
- Concurrency
- FutileSyncOnField
- LockOrder
- LockThis
- LockedWait
- SynchSetUnsynchGet
- UnsafeLazyInitialization
- UnsynchronizedStaticAccess
- Configuration/PasswordInConfigurationFile
- Dead Code
- NonAssignedFields
- Tests
- Documentation
- EmptyBlock
- Language Abuse
- CatchOfGenericException
- ChainedIs
- DubiousTypeTestOfThis
- ForeachCapture
- MissedTernaryOpportunity
- NestedIf
- RethrowException
- SimplifyBoolExpr
- UselessCastToSelf
- UselessIsBeforeAs
- UselessNullCoalescingExpression
- UselessUpcast
- Likely Bugs
- BadCheckOdd
- Collections
- ContainerLengthCmpOffByOne
- ContainerSizeCmpZero
- DangerousNonShortCircuitLogic
- Dynamic
- EqualsArray
- EqualsUsesAs
- EqualsUsesIs
- IncomparableEquals
- InconsistentCompareTo
- MishandlingJapaneseEra
- NestedLoopsSameVariable
- ObjectComparison
- PossibleLossOfPrecision
- RandomUsedOnce
- RecursiveEquals
- SelfAssignment
- StaticFieldWrittenByInstance
- StringBuilderCharInit
- ThreadUnsafeICryptoTransformLambda
- ThreadUnsafeICryptoTransform
- UncheckedCastInEquals
- UnsafeYearConstruction
- Linq
- MissedCastOpportunity
- MissedWhereOpportunity
- MagicConstants
- Metrics
- Files/FLinesOfCommentedCode
- RefTypes/TNumberOfFields
- Summaries
- Performance
- StringBuilderInLoop
- StringConcatenationInLoop
- UseTryGetValue
- ReadOnlyContainer
- Security Features
- CWE-011
- bad1
- bad2
- CWE-016
- ASPNetMaxRequestLength
- bad
- ASPNetPagesValidateRequest
- ASPNetRequestValidationMode
- CWE-020
- CWE-022
- TaintedPath
- ZipSlip
- CWE-078
- CWE-079
- StoredXSS
- XSSAsp
- XSSRazorPages
- Areas/TestArea/Views
- Test4
- Controllers
- Generated
- MyAreas/Test4
- Views
- Custom2
- Custom/Test3
- Other
- Test2
- Test4
- Test
- CWE-090
- CWE-091/XMLInjection
- CWE-094
- CWE-099
- CWE-112
- CWE-114/AssemblyPathInjection
- CWE-119
- CWE-201/ExposureInTransmittedData
- CWE-209
- CWE-248/MissingASPNETGlobalErrorHandler
- WebConfigOffButGlobal
- WebConfigOff
- CWE-285/MissingAccessControl/WebFormsTests
- Test1
- Test3/B
- CWE-312
- CWE-321/HardcodedSymmetricEncryptionKey
- CWE-327
- DontInstallRootCert
- InsecureSQLConnection
- InsufficientKeySize
- CWE-338
- CWE-352
- global
- missing-aspnetcore
- missing
- CWE-359
- CWE-384
- CWE-451/MissingXFrameOptions
- CodeAddedHeader
- WebConfigAddedHeaderInLocation
- WebConfigAddedHeader
- CWE-539/PersistentCookie
- CWE-548
- CWE-601/UrlRedirect
- CWE-611
- CWE-614/RequireSSL
- AddedInCode
- AddedInForms
- HttpCookiesCorrect
- RequireSSLMissing
- CWE-639
- MVCTests
- WebFormsTests
- CWE-643
- CWE-730
- ReDoSGlobalTimeout
- ReDoS
- RegexInjection
- CWE-798
- CWE-807
- CWE-838
- Telemetry
- LibraryUsage
- SupportedExternalApis
- SupportedExternalSinks
- SupportedExternalSources
- UnusedPropertyValue
- UseBraces
- Useless Code/PointlessForwardingMethod
- WriteOnlyContainer
- standalone/Likely Bugs
- IncomparableEquals
- ObjectComparison
- utils/modeleditor
- docs/codeql
- codeql-overview/codeql-changelog
- reusables
- go
- actions/test
- downgrades/5ff5325d274ae4f86defa195577bc7c1370b72fa
- extractor
- dbscheme
- trap
- ql
- lib
- change-notes
- ext
- semmle/go
- security
- upgrades/b1341734d6870b105e5c9d168ce7dec25d7f72d0
- test
- library-tests/semmle/go/Function
- query-tests/Security/CWE-022
- javascript/ql/test
- experimental
- Security
- CWE-094-dataURL
- CWE-099
- EnvValueAndKeyInjection
- EnvValueInjection
- CWE-347
- localsource
- remotesource
- CWE-918
- SsrfIpv6TransitionIncompleteGuard
- StandardLibrary/MultipleArgumentsToSetConstructor
- library-tests/frameworks
- HTTP-heuristics
- src
- Templating
- views
- query-tests/AngularJS/MissingExplicitInjection
- java
- documentation/library-coverage
- kotlin-extractor/dev
- ql
- integration-tests/kotlin/all-platforms/diagnostics/kotlin-version-too-new
- lib
- change-notes
- ext
- generated/llmgenerator
- semmle/code/java
- dataflow/internal
- security
- test
- query-tests/security
- CWE-022/semmle/tests
- CWE-918
- stubs/springframework-5.8.x/org/springframework/web/reactive/function/client
- misc
- bazel/3rdparty/tree_sitter_extractors_deps
- codegen
- python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/PoC
- ruby/ql/lib/codeql/ruby/ast/internal
- swift
- ql/lib/change-notes
- third_party/resources
- unified
- extractor
- src/languages/swift
- tests
- corpus/swift
- control-flow
- types
- variables
- ql
- lib
- codeql/unified
- internal
- dev
- test/library-tests/variables
Some content is hidden
Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
6 | 6 | | |
7 | 7 | | |
8 | 8 | | |
| 9 | + | |
9 | 10 | | |
10 | 11 | | |
11 | 12 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
24 | 24 | | |
25 | 25 | | |
26 | 26 | | |
27 | | - | |
| 27 | + | |
28 | 28 | | |
29 | 29 | | |
30 | 30 | | |
| |||
276 | 276 | | |
277 | 277 | | |
278 | 278 | | |
279 | | - | |
| 279 | + | |
280 | 280 | | |
281 | 281 | | |
282 | 282 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
8 | 8 | | |
9 | 9 | | |
10 | 10 | | |
11 | | - | |
| 11 | + | |
12 | 12 | | |
13 | 13 | | |
14 | 14 | | |
| |||
Lines changed: 2 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
9 | 9 | | |
10 | 10 | | |
11 | 11 | | |
| 12 | + | |
| 13 | + | |
12 | 14 | | |
13 | 15 | | |
14 | 16 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
| 1 | + | |
| 2 | + | |
| 3 | + | |
| 4 | + | |
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
| 1 | + | |
| 2 | + | |
| 3 | + | |
| 4 | + | |
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | | - | |
| 1 | + | |
| 2 | + | |
Lines changed: 2 additions & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | | - | |
| 1 | + | |
| 2 | + | |
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
48 | 48 | | |
49 | 49 | | |
50 | 50 | | |
51 | | - | |
| 51 | + | |
52 | 52 | | |
53 | 53 | | |
54 | 54 | | |
| |||
62 | 62 | | |
63 | 63 | | |
64 | 64 | | |
65 | | - | |
| 65 | + | |
66 | 66 | | |
67 | 67 | | |
68 | 68 | | |
69 | 69 | | |
70 | 70 | | |
71 | 71 | | |
72 | | - | |
| 72 | + | |
73 | 73 | | |
74 | 74 | | |
75 | 75 | | |
| |||
86 | 86 | | |
87 | 87 | | |
88 | 88 | | |
89 | | - | |
| 89 | + | |
90 | 90 | | |
91 | 91 | | |
92 | 92 | | |
| |||
0 commit comments