Home

Awesome

codeql-java-queries

Personal CodeQL queries for Java source code. Unlike the standard CodeQL queries which mostly focus on security, the queries of this repository are mostly for general bug patterns and code style recommendations which are not necessarily security related.

:warning: This repository currently mainly acts as scratchpad; query implementations might not follow best practices, might be ineffecient, might yield a lot of false positives and are not properly documented and tested.
This repository is therefore not recommended if you want to learn CodeQL; instead have a look at the CodeQL documentation and the CodeQL repository.

Running the queries

The queries of this repository are inside the codeql-custom-queries-java/queries folder. Most of them can be copied to clipboard and directly be run in the LGTM Query Console. Please ignore the codeql folder, it is a Git submodule representing the upstream CodeQL repository which contains the language libraries needed for these queries.

Alternatively this repository can be opened in Visual Studio Code and the queries can then be run using the CodeQL Visual Studio Code extension.

Please be aware that, as with all code scanning tools, results might be false positives. Carefully examine all findings and don't blindly follow the given advice.

License

The code in this project is licensed under the MIT License. Some queries are based on bug patterns detected by other code scanning applications, or described by advisories such as the Common Weakness Enumeration. Please let me know if you think any of the code infringes your rights.

Please note however, that usage of CodeQL itself has to adhere to the GitHub CodeQL Terms and Conditions.

Feel free to port queries contained in this repository to other code scanning application (with the disclaimer in mind that some of the queries are based on bug patterns detected by other applications). In case a query covers a bug pattern not yet detected by any other application or mentioned in any advisory, I would be pleased about any credits.

Contributing

The direction in which this repository is heading is currently not clear, I might therefore be reluctant to accepting any new query submissions. Though improvements of existing queries (except for complete rewrites) are welcome.

All contributions are implicitly made under the license of this project.

In general please prefer directly contributing to the CodeQL repository.