jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-19 18:10:59 -05:00
Code Issues Projects Releases Wiki Activity
Files
a0dc1f74ef827ce68fbabfeb82be8076ba535b7b
docs/data/reusables/code-scanning/codeql-query-tables/csharp.md
docs-bot 33cf7b5903 Update CodeQL query tables (#58535) 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2025-11-26 09:47:30 +00:00

15 KiB
Raw Blame History

{% rowheaders %}

Query name Related CWEs Default Extended {% data variables.copilot.copilot_autofix_short %}
'requireSSL' attribute is not set to true 319, 614 {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
Arbitrary file access during archive extraction ("Zip Slip") 022 {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
ASP.NET config file enables directory browsing 548 {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
Assembly path injection 114 {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
Clear text storage of sensitive information 312, 315, 359 {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
Cookie 'HttpOnly' attribute is not set to true 1004 {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %} {% octicon "x" aria-label="Not included" %}
Cookie 'Secure' attribute is not set to true 319, 614 {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %} {% octicon "x" aria-label="Not included" %}
Cookie security: overly broad domain 287 {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
Cookie security: overly broad path 287 {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
Cookie security: persistent cookie 539 {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
Creating an ASP.NET debug binary may reveal sensitive information 011, 532 {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
Cross-site scripting 079, 116 {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
Denial of Service from comparison of user input against expensive regex 1333, 730, 400 {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
Deserialization of untrusted data 502 {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
Deserialized delegate 502 {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
Encryption using ECB 327 {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
Exposure of private information 359 {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
Failure to abandon session 384 {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
Header checking disabled 113 {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
Improper control of generation of code 094, 095, 096 {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
Information exposure through an exception 209, 497 {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
Information exposure through transmitted data 201 {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
Insecure randomness 338 {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
LDAP query built from user-controlled sources 090 {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
Log entries created from user input 117 {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
Missing cross-site request forgery token validation 352 {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
Missing global error handler 012, 248 {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
Missing X-Frame-Options HTTP header 451, 829 {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %} {% octicon "x" aria-label="Not included" %}
Page request validation is disabled 016 {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
Regular expression injection 730, 400 {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
Resource injection 099 {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
SQL query built from user-controlled sources 089 {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
Uncontrolled command line 078, 088 {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
Uncontrolled data used in path expression 022, 023, 036, 073, 099 {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
Uncontrolled format string 134 {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
Untrusted XML is read insecurely 611, 827, 776 {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
Unvalidated local pointer arithmetic 119, 120, 122, 788 {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
URL redirection from remote source 601 {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
User-controlled bypass of sensitive method 807, 247, 350 {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
Weak encryption 327 {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
Weak encryption: inadequate RSA padding 327, 780 {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
Weak encryption: Insufficient key size 326 {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
XML injection 091 {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
XPath injection 643 {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
Empty password in configuration file 258, 862 {% octicon "x" aria-label="Not included" %} {% octicon "check" aria-label="Included" %} {% octicon "x" aria-label="Not included" %}
Insecure Direct Object Reference 639 {% octicon "x" aria-label="Not included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
Insecure SQL connection 327 {% octicon "x" aria-label="Not included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
Missing function level access control 285, 284, 862 {% octicon "x" aria-label="Not included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
Missing XML validation 112 {% octicon "x" aria-label="Not included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
Serialization check bypass 020 {% octicon "x" aria-label="Not included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
Thread-unsafe capturing of an ICryptoTransform object 362 {% octicon "x" aria-label="Not included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
Thread-unsafe use of a static ICryptoTransform field 362 {% octicon "x" aria-label="Not included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
Use of file upload 434 {% octicon "x" aria-label="Not included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
Value shadowing 348 {% octicon "x" aria-label="Not included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}
Value shadowing: server variable 348 {% octicon "x" aria-label="Not included" %} {% octicon "check" aria-label="Included" %} {% octicon "check" aria-label="Included" %}

{% endrowheaders %}

Reference in New Issue View Git Blame Copy Permalink