File tree
1,394 files changed
+98368
-57065
lines changed- .github/workflows
- config
- cpp/ql
- lib
- change-notes
- released
- experimental/semmle/code/cpp
- dataflow
- ir/dataflow/internal
- semantic
- semmle/code/cpp
- commons
- dataflow/internal
- ir
- dataflow/internal
- implementation
- aliased_ssa/internal
- raw/internal
- unaliased_ssa/internal
- models
- implementations
- interfaces
- src
- Architecture
- General Namespace-Level Information
- Refactoring Opportunities
- Best Practices
- Hiding
- Likely Errors
- Magic Constants
- Unused Entities
- Critical
- Diagnostics
- Likely Bugs
- Arithmetic
- Conversion
- Format
- Leap Year
- Memory Management
- OO
- Protocols
- Security/CWE
- CWE-022
- CWE-078
- CWE-089
- CWE-114
- CWE-129
- CWE-134
- CWE-170
- CWE-190
- CWE-253
- CWE-311
- CWE-313
- CWE-319
- CWE-457
- CWE-468
- CWE-676
- CWE-732
- CWE-807
- change-notes
- released
- experimental
- Best Practices
- Likely Bugs
- Security/CWE
- CWE-020
- CWE-1041
- CWE-120
- CWE-193
- CWE-359
- CWE-401
- CWE-670
- CWE-691
- CWE-754
- CWE-783
- CWE-787
- CWE-788
- jsf
- 4.06 Pre-Processing Directives
- 4.09 Style
- 4.10 Classes
- 4.11 Namespaces
- 4.13 Functions
- 4.15 Declarations and Definitions
- 4.21 Operators
- 4.22 Pointers and References
- 4.23 Type Conversions
- 4.25 Expressions
- test
- examples/BadLocking
- experimental/query-tests/Security/CWE
- CWE-020
- NoCheckBeforeUnsafePutUser
- semmle/tests
- CWE-1041/semmle/tests
- CWE-119
- CWE-193
- array-access
- constant-size
- pointer-deref
- CWE-359/semmle/tests
- CWE-401/semmle/tests
- CWE-670/semmle/tests
- CWE-691/semmle/tests
- CWE-754/semmle/tests
- CWE-783/semmle/tests
- CWE-788/semmle/tests
- semmle/tests
- library-tests
- dataflow
- dataflow-tests
- fields
- ir/range-analysis
- syntax-zoo
- query-tests
- Architecture/Refactoring Opportunities/ComplexFunctions
- Best Practices
- Hiding/LocalVariableHidesGlobalVariable
- Likely Errors/Slicing
- Unused Entities
- UnusedLocals
- UnusedStaticVariables
- Critical
- FileClosed
- MemoryFreed
- MissingCheckScanf
- NewFree
- UnsafeUseOfThis
- Likely Bugs
- Arithmetic/BadAdditionOverflowCheck
- Conversion
- CastArrayPointerArithmetic
- ImplicitDowncastFromBitfield
- LossyFunctionResultCast
- Format/WrongTypeFormatArguments
- Linux_mixed_byte_wprintf
- Linux_mixed_word_size
- Linux_signed_chars
- Linux_two_byte_wprintf
- Linux_unsigned_chars
- Microsoft_no_wchar
- Microsoft
- Leap Year/Adding365DaysPerYear
- Memory Management
- ImproperNullTermination
- NtohlArrayNoBound
- UsingExpiredStackAddress
- Protocols
- RedundantNullCheckSimple
- ShortLoopVarName
- Security/CWE
- CWE-022
- SAMATE/TaintedPath
- semmle/tests
- CWE-078
- SAMATE/ExecTainted
- semmle/ExecTainted
- CWE-089/SqlTainted
- CWE-114
- SAMATE/UncontrolledProcessOperation
- semmle/UncontrolledProcessOperation
- CWE-129
- SAMATE/ImproperArrayIndexValidation
- semmle/ImproperArrayIndexValidation
- CWE-134
- SAMATE
- semmle
- argv
- funcs
- globalVars
- ifs
- CWE-190
- SAMATE
- semmle
- ArithmeticUncontrolled
- ArithmeticWithExtremeValues
- TaintedAllocationSize
- tainted
- CWE-197/SAMATE/IntegerOverflowTainted
- CWE-242/semmle/tests
- CWE-253
- CWE-311/semmle/tests
- CWE-319/UseOfHttp
- CWE-416/semmle/tests
- CWE-457/semmle/tests
- CWE-468/semmle/IncorrectPointerScaling
- CWE-676/semmle/PotentiallyDangerousFunction
- CWE-732
- CWE-772
- SAMATE
- semmle
- tests-file
- tests-memory
- CWE-807/semmle/TaintedCondition
- jsf/4.09 Style/AV Rule 53 54
- csharp
- ql
- campaigns/Solorigate
- lib
- change-notes/released
- src
- change-notes/released
- test/Solorigate
- consistency-queries
- integration-tests/all-platforms/dotnet_run
- lib
- change-notes
- released
- semmle/code/csharp
- dataflow
- internal
- frameworks/microsoft
- security
- cryptography
- src
- API Abuse
- CSI
- Concurrency
- Dead Code
- Diagnostics
- Language Abuse
- Linq
- Security Features
- CWE-022
- CWE-078
- CWE-079
- CWE-089
- CWE-090
- CWE-091
- CWE-094
- CWE-099
- CWE-112
- CWE-114
- CWE-117
- CWE-134
- CWE-201
- CWE-209
- CWE-312
- CWE-321
- CWE-327
- CWE-384
- CWE-611
- CWE-643
- CWE-730
- CWE-807
- change-notes
- released
- experimental
- CWE-099
- CWE-918
- Security Features
- JsonWebTokenHandler
- backdoor
- ir/implementation/unaliased_ssa/internal
- meta/frameworks
- test
- experimental
- CWE-918
- Security Features
- JsonWebTokenHandler
- backdoor
- library-tests
- dataflow
- global
- local
- frameworks/microsoft
- query-tests
- API Abuse
- ClassDoesNotImplementEquals
- NoDisposeCallOnLocalIDisposable
- Concurrency/SynchSetUnsynchGet
- Dead Code
- NonAssignedFields
- Tests
- Language Abuse
- ForeachCapture
- UselessIsBeforeAs
- Nullness
- Security Features
- CWE-022/TaintedPath
- CWE-078
- CWE-079/StoredXSS
- CWE-089
- CWE-090
- CWE-091/XMLInjection
- CWE-094
- CWE-099
- CWE-112
- CWE-114/AssemblyPathInjection
- CWE-117
- CWE-134
- CWE-201/ExposureInTransmittedData
- CWE-209
- CWE-312
- CWE-321/HardcodedSymmetricEncryptionKey
- CWE-327
- DontInstallRootCert
- InsecureSQLConnection
- CWE-338
- CWE-384
- CWE-611
- CWE-643
- CWE-730/ReDoS
- CWE-807
- tools
- docs
- codeql
- codeql-cli
- codeql-overview
- support/reusables
- ql-libraries/dataflow
- go/ql
- lib
- change-notes
- released
- semmle/go
- frameworks
- security
- src
- Diagnostics
- InconsistentCode
- Security
- CWE-020
- CWE-117
- CWE-338
- change-notes
- released
- experimental
- CWE-369
- CWE-400
- CWE-918
- IntegerOverflow
- test
- experimental
- CWE-369
- CWE-400
- CWE-918
- library-tests/semmle/go/frameworks/Beego
- query-tests
- InconsistentCode/WrappedErrorAlwaysNil
- Security
- CWE-020/SuspiciousCharacterInRegexp
- CWE-338/InsecureRandomness
- javascript
- documentation
- extractor
- src/com/semmle
- jcorn
- flow
- js
- extractor
- parser
- tests/mozilla/output/trap
- ql
- experimental/adaptivethreatmodeling
- lib/experimental/adaptivethreatmodeling
- test
- endpoint_large_scale
- endpoint_unit_tests
- generic_feature_testing
- lib
- change-notes
- released
- semmle/javascript
- frameworks
- data/internal
- minimongo
- mongodb
- mssql
- mysql
- pg
- sequelize
- spanner
- sqlite3
- security
- dataflow
- src
- Diagnostics
- Security
- CWE-079
- CWE-094
- change-notes
- released
- experimental/Summaries
- test
- ApiGraphs/typed
- library-tests
- Security/heuristics
- frameworks/SQL
- query-tests
- LanguageFeatures/SyntaxError
- Security
- CWE-089/untyped
- CWE-116
- BadTagFilter
- IncompleteSanitization
- CWE-798
- Summaries
- java
- documentation/library-coverage
- kotlin-extractor
- src/main
- java/com/semmle/extractor/java
- kotlin
- comments
- utils
- versions
- v_1_4_32
- v_1_5_20
- v_1_6_0
- v_1_7_0
- ql
- consistency-queries
- integration-tests/posix-only/kotlin/gradle_kotlinx_serialization
- lib
- change-notes
- released
- semmle/code/java
- controlflow
- dataflow
- internal
- frameworks/android
- regex
- security
- src
- Advisory/Documentation
- Diagnostics
- Frameworks/Spring
- Architecture/Refactoring Opportunities
- Violations of Best Practice
- Language Abuse
- Likely Bugs
- Collections
- Comparison
- Concurrency
- Likely Typos
- Nullness
- Serialization
- Statements
- Performance
- Security/CWE
- CWE-022
- CWE-023
- CWE-078
- CWE-079
- CWE-089
- CWE-090
- CWE-094
- CWE-113
- CWE-117
- CWE-129
- CWE-134
- CWE-190
- CWE-266
- CWE-295
- CWE-297
- CWE-312
- CWE-319
- CWE-347
- CWE-367
- CWE-470
- CWE-489
- CWE-502
- CWE-522
- CWE-601
- CWE-611
- CWE-643
- CWE-681
- CWE-730
- CWE-732
- CWE-780
- CWE-807
- CWE-917
- CWE-918
- CWE-925
- CWE-927
- CWE-940
- Violations of Best Practice
- Dead Code
- Implementation Hiding
- Undesirable Calls
- change-notes
- released
- experimental
- Security/CWE
- CWE-020
- CWE-036
- CWE-073
- CWE-078
- CWE-094
- CWE-1004
- CWE-200
- CWE-297
- CWE-299
- CWE-327
- CWE-489
- CWE-502
- CWE-548
- CWE-552
- CWE-600
- CWE-939
- semmle/code/java
- frameworks
- utils/stub-generator
- test
- experimental/query-tests/security
- CWE-020
- CWE-078
- CWE-200
- CWE-297
- CWE-299
- CWE-327
- CWE-502
- CWE-548
- CWE-552
- CWE-600
- kotlin
- library-tests
- annotation-accessor-result-type
- classes
- comments
- controlflow
- basic/CONSISTENCY
- dominance/CONSISTENCY
- data-classes
- enum
- exprs_typeaccess
- exprs
- CONSISTENCY
- java-lang-number-conversions/CONSISTENCY
- java-map-methods
- CONSISTENCY
- jvmoverloads-annotation
- jvmoverloads_flow
- jvmoverloads_generics
- methods
- modifiers
- multiple_extensions
- parameter-defaults
- reflection
- query-tests
- ExposeRepresentation
- MissingInstanceofInEquals
- library-tests
- dataflow/taintsources
- frameworks
- JaxWs
- android
- intent
- taint-database
- widget
- pathsanitizer
- query-tests
- ContradictoryTypeChecks
- InefficientOutputStream
- IteratorRemoveMayFail
- MissingInstanceofInEquals
- Nullness
- PartiallyMaskedCatch
- SelfAssignment
- Stubs
- Minimal
- testlib
- org/test
- UselessNullCheck
- WrongNanComparison
- security
- CWE-022/semmle/tests
- CWE-023/semmle/tests
- CWE-078
- CWE-089/semmle/examples
- CWE-090
- CWE-094
- CWE-113/semmle/tests
- CWE-129/semmle/tests
- CWE-134/semmle/tests
- CWE-190/semmle/tests
- CWE-297
- CWE-311/CWE-319
- CWE-367/semmle/tests
- CWE-489
- debuggable-attribute
- TestFalse
- TestNotSet
- Testbuild
- webview-debugging
- CWE-601/semmle/tests
- CWE-611
- CWE-681/semmle/tests
- CWE-732/semmle/tests
- CWE-807/semmle/tests
- stubs
- android
- android
- accounts
- app
- content
- pm
- res
- loader
- database
- sqlite
- graphics
- drawable
- text
- hardware
- icu/util
- net
- os
- util
- view
- webkit
- com/android/internal
- org/xmlpull/v1
- google-android-9.0.0/android/app
- springframework-5.3.8/org/springframework/core/io
- misc/suite-helpers
- change-notes/released
- python/ql
- lib
- change-notes
- released
- semmle/python
- dataflow/new
- internal
- frameworks
- data/internal
- security
- src
- Diagnostics
- Security/CWE-215
- change-notes
- released
- experimental
- Security/CWE-348
- semmle/python/frameworks
- meta/alerts
- test
- experimental
- dataflow
- basic
- calls
- consistency
- coverage
- fieldflow
- global-flow
- match
- pep_328
- regression
- strange-essaflow
- tainttracking
- basic
- commonSanitizer
- customSanitizer
- defaultAdditionalTaintStep-py3
- defaultAdditionalTaintStep
- unwanted-global-flow
- typetracking
- variable-capture
- query-tests/Security
- CWE-079
- CWE-113
- CWE-1236
- CWE-522
- CWE-614
- CWE-943
- library-tests
- ApiGraphs/py3
- frameworks
- django-orm
- flask
- query-tests/Security
- CWE-020-ExternalAPIs
- CWE-022-PathInjection
- CWE-078-CommandInjection-py2
- CWE-078-CommandInjection
- CWE-079-Jinja2WithoutEscaping
- CWE-079-ReflectedXss
- CWE-090-LdapInjection
- CWE-094-CodeInjection
- CWE-116-BadTagFilter
- CWE-117-LogInjection
- CWE-209-StackTraceExposure
- CWE-215-FlaskDebug
- CWE-327-InsecureProtocol
- CWE-502-UnsafeDeserialization
- CWE-601-UrlRedirect
- CWE-611-Xxe
- CWE-643-XPathInjection
- CWE-730-PolynomialReDoS
- CWE-730-ReDoS
- CWE-730-RegexInjection
- CWE-732-WeakFilePermissions
- CWE-776-XmlBomb
- CWE-918-ServerSideRequestForgery
- ql/ql/src
- codeql_ql
- ast/internal
- style
- codeql
- queries
- diagnostics
- style
- ruby/ql
- lib
- change-notes
- released
- codeql/ruby
- ast
- internal
- controlflow/internal
- dataflow
- internal
- tainttrackingforregexp
- experimental
- frameworks
- core
- data/internal
- http_clients
- internal
- stdlib
- regexp
- internal
- security
- typetracking
- src
- change-notes
- released
- queries
- analysis
- diagnostics
- security/cwe-078
- test
- TestUtilities
- library-tests
- controlflow/graph
- dataflow
- api-graphs
- array-flow
- call-sensitivity
- global
- hash-flow
- local
- summaries
- type-tracker
- experimental
- frameworks
- action_controller
- action_view
- active_record
- active_storage
- active_support
- app/controllers
- pathname
- modules
- query-tests/security
- cwe-020/MissingRegExpAnchor
- cwe-022
- cwe-078
- cwe-079
- app/views/foo
- bars
- stores
- cwe-116/IncompleteMultiCharacterSanitization
- cwe-502/unsafe-deserialization
- cwe-611
- libxml-backend
- xxe
- swift/ql
- lib
- codeql/swift
- dataflow
- internal
- elements
- decl
- type
- frameworks/StandardLibrary
- src/queries/Security
- CWE-079
- CWE-135
- CWE-311
- CWE-328
- ECB-Encryption
- test
- library-tests/dataflow
- dataflow
- flowsources
- taint
- query-tests/Security
- CWE-079
- CWE-135
- CWE-311
- ECB-Encryption
Some content is hidden
Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.
1,394 files changed
+98368
-57065
lines changedLines changed: 1 addition & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
43 | 43 | | |
44 | 44 | | |
45 | 45 | | |
46 | | - | |
| 46 | + | |
47 | 47 | | |
48 | 48 | | |
49 | 49 | | |
| |||
Lines changed: 1 addition & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
27 | 27 | | |
28 | 28 | | |
29 | 29 | | |
30 | | - | |
| 30 | + | |
31 | 31 | | |
32 | 32 | | |
33 | 33 | | |
| |||
Lines changed: 1 addition & 2 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
4 | 4 | | |
5 | 5 | | |
6 | 6 | | |
7 | | - | |
8 | | - | |
| 7 | + | |
9 | 8 | | |
10 | 9 | | |
11 | 10 | | |
| |||
Lines changed: 3 additions & 2 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
33 | 33 | | |
34 | 34 | | |
35 | 35 | | |
36 | | - | |
| 36 | + | |
37 | 37 | | |
| 38 | + | |
38 | 39 | | |
39 | 40 | | |
40 | 41 | | |
| |||
69 | 70 | | |
70 | 71 | | |
71 | 72 | | |
72 | | - | |
| 73 | + | |
73 | 74 | | |
74 | 75 | | |
75 | 76 | | |
| |||
Lines changed: 19 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
| 1 | + | |
| 2 | + | |
| 3 | + | |
| 4 | + | |
| 5 | + | |
| 6 | + | |
| 7 | + | |
| 8 | + | |
| 9 | + | |
| 10 | + | |
| 11 | + | |
| 12 | + | |
| 13 | + | |
| 14 | + | |
| 15 | + | |
| 16 | + | |
| 17 | + | |
| 18 | + | |
| 19 | + | |
1 | 20 | | |
2 | 21 | | |
3 | 22 | | |
| |||
Lines changed: 0 additions & 4 deletions
This file was deleted.
Lines changed: 0 additions & 5 deletions
This file was deleted.
Lines changed: 13 additions & 3 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | | - | |
2 | | - | |
3 | | - | |
| 1 | + | |
| 2 | + | |
| 3 | + | |
| 4 | + | |
| 5 | + | |
| 6 | + | |
| 7 | + | |
| 8 | + | |
| 9 | + | |
4 | 10 | | |
| 11 | + | |
| 12 | + | |
| 13 | + | |
| 14 | + | |
Lines changed: 3 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
| 1 | + | |
| 2 | + | |
| 3 | + | |
Lines changed: 1 addition & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | 1 | | |
2 | | - | |
| 2 | + | |
0 commit comments