C# queries for CodeQL analysis

Explore the queries that CodeQL uses to analyze code written in C# when you select the default or the security-extended query suite.

Who can use this feature?

Code scanning is available for all public repositories on GitHub.com. Code scanning is also available for private repositories owned by organizations that use GitHub Enterprise Cloud and have a license for GitHub Advanced Security. For more information, see "About GitHub Advanced Security."

CodeQL includes many queries for analyzing C# code. All queries in the default query suite are run by default. If you choose to use the security-extended query suite, additional queries are run. For more information, see "CodeQL query suites."

Built-in queries for C# analysis

This table lists the queries available with the latest release of the CodeQL action and CodeQL CLI. For more information, see CodeQL change logs in the CodeQL documentation site.

Note: GitHub autofix for code scanning is in beta. Functionality and documentation are subject to change. During this phase, the feature is restricted to JavaScript, TypeScript, Python, and Java alerts identified by CodeQL. If you have an enterprise account and use GitHub Advanced Security, your enterprise has access to the beta.

Query nameRelated CWEsDefaultExtendedAutofix
'requireSSL' attribute is not set to true319, 614
Arbitrary file access during archive extraction ("Zip Slip")022
ASP.NET config file enables directory browsing548
Assembly path injection114
Clear text storage of sensitive information312, 315, 359
Cookie security: overly broad domain287
Cookie security: overly broad path287
Cookie security: persistent cookie539
Creating an ASP.NET debug binary may reveal sensitive information11, 532
Cross-site scripting079, 116
Denial of Service from comparison of user input against expensive regex1333, 730, 400
Deserialization of untrusted data502
Deserialized delegate502
Encryption using ECB327
Exposure of private information359
Failure to abandon session384
Header checking disabled113
Improper control of generation of code094, 095, 096
Information exposure through an exception209, 497
Information exposure through transmitted data201
Insecure randomness338
LDAP query built from user-controlled sources090
Log entries created from user input117
Missing cross-site request forgery token validation352
Missing global error handler12, 248
Missing X-Frame-Options HTTP header451, 829
Regular expression injection730, 400
Resource injection099
SQL query built from user-controlled sources089
Uncontrolled command line078, 088
Uncontrolled data used in path expression022, 023, 036, 073, 099
Uncontrolled format string134
Untrusted XML is read insecurely611, 827, 776
Unvalidated local pointer arithmetic119, 120, 122, 788
URL redirection from remote source601
User-controlled bypass of sensitive method807, 247, 350
Weak encryption327
Weak encryption: inadequate RSA padding327, 780
Weak encryption: Insufficient key size326
XML injection091
XPath injection643
Empty password in configuration file258, 862
Hard-coded connection string with credentials259, 321, 798
Hard-coded credentials259, 321, 798
Insecure Direct Object Reference639
Insecure SQL connection327
Missing function level access control285, 284, 862
Missing XML validation112
Password in configuration file13, 256, 313
Serialization check bypass20
Thread-unsafe capturing of an ICryptoTransform object362
Thread-unsafe use of a static ICryptoTransform field362
Use of file upload434