CodeQL Security Rules

Browse and search through our comprehensive collection of CodeQL security rules for all programming languages.

All SQL Injection XSS Path Traversal Command Injection Authentication CSRF Insecure Deserialization XXE Logic Error Access Control

Tomcat config disables 'HttpOnly' flag (XSS risk)

Java

Low

Disabling 'HttpOnly' leaves session cookies vulnerable to an XSS attack.

ID:java/tomcat-disabled-httponly•CWE:CWE-1004

Kind:problem

# experimental

View Detail

Potential Log4J LDAP JNDI injection (CVE-2021-44228)

Java

Low

Building Log4j log entries from user-controlled data may allow * attackers to inject malicious code through JNDI lookups when * using Log4J versions vulnerable to CVE-2021-44228.

ID:java/log4j-injection•CWE:CWE-020

Kind:path-problem

# experimental

View Detail

SQL injection in MyBatis Mapper XML

Java

Low

Constructing a dynamic SQL statement with input that comes from an * untrusted source could allow an attacker to modify the statement's * meaning or to execute arbitrary SQL commands.

ID:java/mybatis-xml-sql-injection•CWE:CWE-089

Kind:path-problem

# experimental

View Detail

PreviousNext