C# queries for CodeQL analysis

Explore the queries that CodeQL uses to analyze code written in C# when you select the default or the security-extended query suite.

Who can use this feature?

Code scanning is available for all public repositories on GitHub.com. To use code scanning in a private repository owned by an organization, you must have a license for GitHub Advanced Security. For more information, see " About GitHub Advanced Security ."

CodeQL includes many queries for analyzing C# code. All queries in the default query suite are run by default. If you choose to use the security-extended query suite, additional queries are run. For more information, see " CodeQL query suites ."

Built-in queries for C# analysis

This table lists the queries available with the latest release of the CodeQL action and CodeQL CLI. For more information, see CodeQL change logs in the CodeQL documentation site.

Note

GitHub autofix for code scanning is in beta. Functionality and documentation are subject to change. During this phase, the feature is restricted to C#, Go, Java, JavaScript/TypeScript, Python, and Ruby alerts identified by CodeQL for private and internal repositories. If you have an enterprise account and use GitHub Advanced Security, your enterprise has access to the beta.

Query name	Related CWEs	Default	Extended	Autofix
'requireSSL' attribute is not set to true	319, 614
Arbitrary file access during archive extraction ("Zip Slip")	022
ASP.NET config file enables directory browsing	548
Assembly path injection	114
Clear text storage of sensitive information	312, 315, 359
Cookie security: overly broad domain	287
Cookie security: overly broad path	287
Cookie security: persistent cookie	539
Creating an ASP.NET debug binary may reveal sensitive information	11, 532
Cross-site scripting	079, 116
Denial of Service from comparison of user input against expensive regex	1333, 730, 400
Deserialization of untrusted data	502
Deserialized delegate	502
Encryption using ECB	327
Exposure of private information	359
Failure to abandon session	384
Header checking disabled	113
Improper control of generation of code	094, 095, 096
Information exposure through an exception	209, 497
Information exposure through transmitted data	201
Insecure randomness	338
LDAP query built from user-controlled sources	090
Log entries created from user input	117
Missing cross-site request forgery token validation	352
Missing global error handler	12, 248
Missing X-Frame-Options HTTP header	451, 829
Page request validation is disabled	16
Regular expression injection	730, 400
Resource injection	099
SQL query built from user-controlled sources	089
Uncontrolled command line	078, 088
Uncontrolled data used in path expression	022, 023, 036, 073, 099
Uncontrolled format string	134
Untrusted XML is read insecurely	611, 827, 776
Unvalidated local pointer arithmetic	119, 120, 122, 788
URL redirection from remote source	601
User-controlled bypass of sensitive method	807, 247, 350
Weak encryption	327
Weak encryption: inadequate RSA padding	327, 780
Weak encryption: Insufficient key size	326
XML injection	091
XPath injection	643
Empty password in configuration file	258, 862
Hard-coded connection string with credentials	259, 321, 798
Hard-coded credentials	259, 321, 798
Insecure Direct Object Reference	639
Insecure SQL connection	327
Missing function level access control	285, 284, 862
Missing XML validation	112
Password in configuration file	13, 256, 313
Serialization check bypass	20
Thread-unsafe capturing of an ICryptoTransform object	362
Thread-unsafe use of a static ICryptoTransform field	362
Use of file upload	434
Value shadowing	348
Value shadowing: server variable	348