docs/data/reusables/code-scanning/codeql-query-tables/go.md

{% rowheaders %}

Query name	Related CWEs	Default	Extended
Arbitrary file access during archive extraction ("Zip Slip")	022	{% octicon "check" aria-label="Included" %}	{% octicon "check" aria-label="Included" %}
Arbitrary file write extracting an archive containing symbolic links	022	{% octicon "check" aria-label="Included" %}	{% octicon "check" aria-label="Included" %}
Bad redirect check	601	{% octicon "check" aria-label="Included" %}	{% octicon "check" aria-label="Included" %}
Clear-text logging of sensitive information	312, 315, 359	{% octicon "check" aria-label="Included" %}	{% octicon "check" aria-label="Included" %}
Command built from user-controlled sources	078	{% octicon "check" aria-label="Included" %}	{% octicon "check" aria-label="Included" %}
Database query built from user-controlled sources	089	{% octicon "check" aria-label="Included" %}	{% octicon "check" aria-label="Included" %}
Disabled TLS certificate check	295	{% octicon "check" aria-label="Included" %}	{% octicon "check" aria-label="Included" %}
Email content injection	640	{% octicon "check" aria-label="Included" %}	{% octicon "check" aria-label="Included" %}
Hard-coded credentials	259, 321, 798	{% octicon "x" aria-label="Not included" %}	{% octicon "check" aria-label="Included" %}
Incomplete regular expression for hostnames	20	{% octicon "check" aria-label="Included" %}	{% octicon "check" aria-label="Included" %}
Incomplete URL scheme check	020	{% octicon "check" aria-label="Included" %}	{% octicon "check" aria-label="Included" %}
Incorrect conversion between integer types	190, 681	{% octicon "check" aria-label="Included" %}	{% octicon "check" aria-label="Included" %}
Information exposure through a stack trace	209, 497	{% octicon "check" aria-label="Included" %}	{% octicon "check" aria-label="Included" %}
Insecure TLS configuration	327	{% octicon "check" aria-label="Included" %}	{% octicon "check" aria-label="Included" %}
Log entries created from user input	117	{% octicon "x" aria-label="Not included" %}	{% octicon "check" aria-label="Included" %}
Missing regular expression anchor	20	{% octicon "check" aria-label="Included" %}	{% octicon "check" aria-label="Included" %}
Open URL redirect	601	{% octicon "check" aria-label="Included" %}	{% octicon "check" aria-label="Included" %}
Potentially unsafe quoting	078, 089, 094	{% octicon "check" aria-label="Included" %}	{% octicon "check" aria-label="Included" %}
Reflected cross-site scripting	079, 116	{% octicon "check" aria-label="Included" %}	{% octicon "check" aria-label="Included" %}
Size computation for allocation may overflow	190	{% octicon "check" aria-label="Included" %}	{% octicon "check" aria-label="Included" %}
Suspicious characters in a regular expression	20	{% octicon "check" aria-label="Included" %}	{% octicon "check" aria-label="Included" %}
Uncontrolled data used in network request	918	{% octicon "check" aria-label="Included" %}	{% octicon "check" aria-label="Included" %}
Uncontrolled data used in path expression	022, 023, 036, 073, 099	{% octicon "check" aria-label="Included" %}	{% octicon "check" aria-label="Included" %}
Use of a weak cryptographic key	326	{% octicon "check" aria-label="Included" %}	{% octicon "check" aria-label="Included" %}
Use of constant state value in OAuth 2.0 URL	352	{% octicon "check" aria-label="Included" %}	{% octicon "check" aria-label="Included" %}
Use of insecure HostKeyCallback implementation	322	{% octicon "check" aria-label="Included" %}	{% octicon "check" aria-label="Included" %}
Use of insufficient randomness as the key of a cryptographic algorithm	338	{% octicon "check" aria-label="Included" %}	{% octicon "check" aria-label="Included" %}
XPath injection	643	{% octicon "check" aria-label="Included" %}	{% octicon "check" aria-label="Included" %}

{% endrowheaders %}