Go queries for CodeQL analysis

CodeQL includes many queries for analyzing Go code. All queries in the default query suite are run by default. If you choose to use the security-extended query suite, additional queries are run. For more information, see CodeQL query suites.

Built-in queries for Go analysis

This table lists the queries available with the latest release of the CodeQL action and CodeQL CLI. For more information, see CodeQL change logs in the CodeQL documentation site.

Query name	Related CWEs	Default	Extended	Copilot Autofix
Arbitrary file access during archive extraction ("Zip Slip")	022
Arbitrary file write extracting an archive containing symbolic links	022
Bad redirect check	601
Clear-text logging of sensitive information	312, 315, 359
Command built from user-controlled sources	078
Database query built from user-controlled sources	089
Disabled TLS certificate check	295
Email content injection	640
Incomplete regular expression for hostnames	20
Incomplete URL scheme check	020
Incorrect conversion between integer types	190, 681
Information exposure through a stack trace	209, 497
Insecure TLS configuration	327
Missing JWT signature check	347
Missing regular expression anchor	20
Open URL redirect	601
Potentially unsafe quoting	078, 089, 094
Reflected cross-site scripting	079, 116
Size computation for allocation may overflow	190
Slice memory allocation with excessive size value	770
Suspicious characters in a regular expression	20
Uncontrolled data used in network request	918
Uncontrolled data used in path expression	022, 023, 036, 073, 099
Use of a weak cryptographic key	326
Use of constant `state` value in OAuth 2.0 URL	352
Use of insecure HostKeyCallback implementation	322
Use of insufficient randomness as the key of a cryptographic algorithm	338
XPath injection	643
Hard-coded credentials	259, 321, 798
Log entries created from user input	117

Go queries for CodeQL analysis

Who can use this feature?

Built-in queries for Go analysis