GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → Marcono1234 → codeql-java-queries

Marcono1234 / codeql-java-queries

Licence: MIT license
Personal LGTM CodeQL queries

Programming Languages

CodeQL
11 projects
java
68154 projects - #9 most used programming language

Labels

semmle-ql

Projects that are alternatives of or similar to codeql-java-queries

demos
This repo has been migrated to https://github.com/github/security-lab/tree/master/CodeQL_Queries
Stars: ✭ 23 (-45.24%)
Mutual labels:  semmle-ql
SecurityQueries
No description or website provided.
Stars: ✭ 79 (+88.1%)
Mutual labels:  semmle-ql
codeql
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
Stars: ✭ 5,688 (+13442.86%)
Mutual labels:  semmle-ql

codeql-java-queries

Personal CodeQL queries for Java source code. Unlike the standard CodeQL queries which mostly focus on security, the queries of this repository are mostly for general bug patterns and code style recommendations which are not necessarily security related.

⚠️ This repository currently mainly acts as scratchpad; query implementations might not follow best practices, might be ineffecient, might yield a lot of false positives and are not properly documented and tested.
This repository is therefore not recommended if you want to learn CodeQL; instead have a look at the CodeQL documentation and the CodeQL repository.

Running the queries

The queries of this repository are inside the codeql-custom-queries-java/queries folder. Most of them can be copied to clipboard and directly be run in the LGTM Query Console. Please ignore the codeql folder, it is a Git submodule representing the upstream CodeQL repository which contains the language libraries needed for these queries.

Alternatively this repository can be opened in Visual Studio Code and the queries can then be run using the CodeQL Visual Studio Code extension.

Please be aware that, as with all code scanning tools, results might be false positives. Carefully examine all findings and don't blindly follow the given advice.

License

The code in this project is licensed under the MIT License. Some queries are based on bug patterns detected by other code scanning applications, or described by advisories such as the Common Weakness Enumeration. Please let me know if you think any of the code infringes your rights.

Please note however, that usage of CodeQL itself has to adhere to the GitHub CodeQL Terms and Conditions.

Feel free to port queries contained in this repository to other code scanning application (with the disclaimer in mind that some of the queries are based on bug patterns detected by other applications). In case a query covers a bug pattern not yet detected by any other application or mentioned in any advisory, I would be pleased about any credits.

Contributing

The direction in which this repository is heading is currently not clear, I might therefore be reluctant to accepting any new query submissions. Though improvements of existing queries (except for complete rewrites) are welcome.

All contributions are implicitly made under the license of this project.

In general please prefer directly contributing to the CodeQL repository.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].