• CodeQL query help documentation »

CodeQL query help for C and C++

Visit the articles below to see the documentation for the queries included in the following query suites:

• default: queries run by default in CodeQL code scanning on GitHub.

• security-extended: queries from default, plus extra security queries with slightly lower precision and severity.

• security-and-quality: queries from default, security-extended, plus extra maintainability and reliability queries.

These queries are published in the CodeQL query pack codeql/cpp-queries (changelog, source).

For shorter queries that you can use as building blocks when writing your own queries, see the example queries in the CodeQL repository.

• ‘new’ object freed with ‘delete[]’
• ‘new[]’ array freed with ‘delete’
• Accidental rethrow
• Ambiguously signed bit-field member
• Arithmetic operation assumes 365 days per year
• Array argument size mismatch
• Array offset used before range check
• Assignment where comparison was intended
• Authentication bypass by spoofing
• Avoid floats in for loops
• Bad check for oddness
• Bad check for overflow of integer addition
• Badly bounded write
• Block with too many statements
• CGI script vulnerable to cross-site scripting
• Call to