Skip to main content

C and C++ queries for CodeQL analysis

Explore the queries that CodeQL uses to analyze code written in C or C++ when you select the default or the security-extended query suite.

Who can use this feature?

CodeQL is available for the following repository types:

CodeQL includes many queries for analyzing C and C++ code. All queries in the default query suite are run by default. If you choose to use the security-extended query suite, additional queries are run. For more information, see CodeQL query suites.

Built-in queries for C and C++ analysis

This table lists the queries available with the latest release of the CodeQL action and CodeQL CLI. For more information, see CodeQL change logs in the CodeQL documentation site.

Query nameRelated CWEsDefaultExtendedCopilot Autofix
Bad check for overflow of integer addition190, 192
Badly bounded write120, 787, 805
Call to memset may be deleted14
Call to alloca in a loop770
Call to function with fewer arguments than declared parameters234, 685
Cast between HRESULT and a Boolean type253
Cast from char* to wchar_t*704
CGI script vulnerable to cross-site scripting079
Cleartext storage of sensitive information in file260, 313
Cleartext transmission of sensitive information319, 359
Comparison of narrow type with wide type in loop condition190, 197, 835
Dangerous use of 'cin'676
Exposure of system data to an unauthorized control sphere497
Failure to use HTTPS URLs319, 345
File opened with O_CREAT flag but without mode argument732
Incorrect return-value check for a 'scanf'-like function253
Iterator to expired container416, 664
Likely overrunning write120, 787, 805
Mismatching new/free or malloc/delete401
Multiplication result converted to larger type190, 192, 197, 681
No space for zero terminator131, 120, 122
Pointer overflow check758
Potential double free415
Potential use after free416
Potentially overflowing call to snprintf190, 253
Potentially unsafe call to strncat788, 676, 119, 251
Redundant null check due to previous dereference476
Returning stack-allocated memory825
Setting a DACL to NULL in a SECURITY_DESCRIPTOR732
Signed overflow check128, 190
Static array access may cause overflow119, 131
Suspicious add with sizeof468
Time-of-check time-of-use filesystem race condition367
Too few arguments to formatting function234, 685
Uncontrolled data in arithmetic expression190, 191
Uncontrolled data in SQL query089
Uncontrolled data used in OS command078, 088
Uncontrolled format string134
Unsafe use of this in constructor670
Unsigned difference expression compared to zero191
Upcast array used in pointer arithmetic119, 843
Use of a broken or risky cryptographic algorithm327
Use of a cryptographic algorithm with insufficient key size326
Use of a version of OpenSSL with Heartbleed327, 788
Use of dangerous function242, 676
Use of expired stack-address825
Use of string after lifetime ends416, 664
Use of unique pointer after lifetime ends416, 664
Wrong type of arguments to formatting function686
XML external entity expansion611
Array offset used before range check120, 125
Authentication bypass by spoofing290
boost::asio TLS settings misconfiguration326
boost::asio use of deprecated hardcoded protocol327
Certificate not checked295
Certificate result conflation295
Cleartext storage of sensitive information in an SQLite database313
Cleartext storage of sensitive information in buffer312
Comma before misleading indentation1078, 670
File created without restricting permissions732
Incorrect 'not' operator usage480
Incorrect allocation-error handling570, 252, 755
Invalid pointer dereference119, 125, 193, 787
Missing return-value check for a 'scanf'-like function252, 253
Non-constant format string134
Not enough memory allocated for array of pointer type131, 122
Not enough memory allocated for pointer type131, 122
NULL application name with an unquoted path in call to CreateProcess428
Overrunning write119, 131
Possibly wrong buffer size in string copy676, 119, 251
Potential exposure of sensitive system data to an unauthorized control sphere497
Potentially overrunning write120, 787, 805
Potentially overrunning write with float to string conversion120, 787, 805
Potentially uninitialized local variable665, 457
Potentially unsafe use of strcat676, 120, 251
Suspicious 'sizeof' use467
Suspicious pointer scaling468
Suspicious pointer scaling to void468
Type confusion843
Unbounded write120, 787, 805
Uncontrolled allocation size190, 789
Uncontrolled data used in path expression022, 023, 036, 073
Uncontrolled process operation114
Unterminated variadic call121
Untrusted input for a condition807
Use of potentially dangerous function676