Skip to main content

Java and Kotlin queries for CodeQL analysis

Explore the queries that CodeQL uses to analyze code written in Java or Kotlin when you select the default or the security-extended query suite.

Who can use this feature?

CodeQL is available for the following repository types:

CodeQL includes many queries for analyzing Java and Kotlin code. All queries in the default query suite are run by default. If you choose to use the security-extended query suite, additional queries are run. For more information, see "CodeQL query suites."

Built-in queries for Java and Kotlin analysis

This table lists the queries available with the latest release of the CodeQL action and CodeQL CLI. For more information, see CodeQL change logs in the CodeQL documentation site.

Note: The initial release of GitHub Enterprise Server 3.12 included CodeQL action and CodeQL CLI 2.15.5, which may not include all of these queries. Your site administrator can update your CodeQL version to a newer release. For more information, see "Configuring code scanning for your appliance."

Query nameRelated CWEsDefaultExtendedCopilot Autofix
TrustManager that accepts all certificates295
Android WebView that accepts all certificates295
Android debuggable attribute enabled489
Android fragment injection470
Android fragment injection in PreferenceActivity470
Android Intent redirection926, 940
Android Webview debugging enabled489
Arbitrary file access during archive extraction ("Zip Slip")022
Building a command line with string concatenation078, 088
Cleartext storage of sensitive information in cookie315
Cross-site scripting079
Depending upon JCenter/Bintray as an artifact repository1104
Deserialization of user-controlled data502
Detect JHipster Generator Vulnerability CVE-2019-16303338
Disabled Netty HTTP header validation93, 113
Disabled Spring CSRF protection352
Expression language injection (JEXL)094
Expression language injection (MVEL)094
Expression language injection (Spring)094
Failure to use HTTPS or SFTP URL in Maven artifact upload/download300, 319, 494, 829
Failure to use secure cookies614
Groovy Language injection094
HTTP response splitting113
Implicit narrowing conversion in compound assignment190, 192, 197, 681
Implicitly exported Android component926
Improper verification of intent by broadcast receiver925
Inefficient regular expression1333, 730, 400
Information exposure through a stack trace209, 497
Information exposure through an error message209
Insecure Bean Validation094
Insecure LDAP authentication522, 319
Insecure local authentication287
Insecure randomness330, 338
Intent URI permission manipulation266, 926
JNDI lookup with user-controlled name074
LDAP query built from user-controlled sources090
Missing JWT signature check347
OGNL Expression Language statement with user-controlled input917
Overly permissive regular expression range020
Partial path traversal vulnerability from remote023
Polynomial regular expression used on uncontrolled data1333, 730, 400
Query built from user-controlled sources089, 564
Reading from a world writable file732
Regular expression injection730, 400
Resolving XML external entity in user-controlled data611, 776, 827
Server-side request forgery918
Server-side template injection1336, 094
Uncontrolled command line078, 088
Uncontrolled data used in content resolution441, 610
Uncontrolled data used in path expression022, 023, 036, 073
Unsafe hostname verification297
URL forward from a remote source552
URL redirection from remote source601
Use of a broken or risky cryptographic algorithm327, 328
Use of a cryptographic algorithm with insufficient key size326
Use of a predictable seed in a secure random number generator335, 337
Use of externally-controlled format string134
Use of implicit PendingIntents927
Use of RSA algorithm without OAEP780
User-controlled data in numeric cast197, 681
User-controlled data used in permissions check807, 290
Using a static initialization vector for encryption329, 1204
XPath injection643
XSLT transformation with user-controlled stylesheet074
Access Java object methods through JavaScript exposure079
Android APK installation094
Android missing certificate pinning295
Android sensitive keyboard cache524
Android WebSettings file access200
Android WebView JavaScript settings079
Android WebView settings allows access to content links200
Application backup allowed312
Building a command with an injected environment variable078, 088, 454
Cleartext storage of sensitive information in the Android filesystem312
Cleartext storage of sensitive information using 'Properties' class313
Cleartext storage of sensitive information using SharedPreferences on Android312
Cleartext storage of sensitive information using a local database on Android312
Comparison of narrow type with wide type in loop condition190, 197
Executing a command with a relative path078, 088
Exposure of sensitive information to notifications200
Exposure of sensitive information to UI text views200
Hard-coded credential in API call798
Improper validation of user-provided array index129
Improper validation of user-provided size used for array construction129
Insecure basic authentication522, 319
Insecure JavaMail SSL Configuration297
Insecurely generated keys for local authentication287
Insertion of sensitive information into log files532
Leaking sensitive information through a ResultReceiver927
Leaking sensitive information through an implicit Intent927
Local information disclosure in a temporary directory200, 732
Log Injection117
Loop with unreachable exit condition835
Missing read or write permission in a content provider926
Partial path traversal vulnerability023
Query built by concatenation with a possibly-untrusted string089, 564
Race condition in socket authentication421
Time-of-check time-of-use race condition367
Trust boundary violation501
Uncontrolled data in arithmetic expression190, 191
Unreleased lock764, 833
Unsafe certificate trust273
Unsafe resource fetching in Android WebView749, 079
Use of a potentially broken or risky cryptographic algorithm327, 328
Use of a potentially dangerous function676
User-controlled bypass of sensitive method807, 290
User-controlled data in arithmetic expression190, 191