Giter Site home page Giter Site logo

codeql-java-queries's Introduction

codeql-java-queries

Personal CodeQL queries for Java source code. Unlike the standard CodeQL queries which mostly focus on security, the queries of this repository are mostly for general bug patterns and code style recommendations which are not necessarily security related.

โš ๏ธ This repository currently mainly acts as scratchpad; query implementations might not follow best practices, might be ineffecient, might yield a lot of false positives and are not properly documented and tested.
This repository is therefore not recommended if you want to learn CodeQL; instead have a look at the CodeQL documentation and the CodeQL repository.

Running the queries

The queries of this repository are inside the codeql-custom-queries-java/queries folder. Most of them can be copied to clipboard and directly be run in the LGTM Query Console. Please ignore the codeql folder, it is a Git submodule representing the upstream CodeQL repository which contains the language libraries needed for these queries.

Alternatively this repository can be opened in Visual Studio Code and the queries can then be run using the CodeQL Visual Studio Code extension.

Please be aware that, as with all code scanning tools, results might be false positives. Carefully examine all findings and don't blindly follow the given advice.

License

The code in this project is licensed under the MIT License. Some queries are based on bug patterns detected by other code scanning applications, or described by advisories such as the Common Weakness Enumeration. Please let me know if you think any of the code infringes your rights.

Please note however, that usage of CodeQL itself has to adhere to the GitHub CodeQL Terms and Conditions.

Feel free to port queries contained in this repository to other code scanning application (with the disclaimer in mind that some of the queries are based on bug patterns detected by other applications). In case a query covers a bug pattern not yet detected by any other application or mentioned in any advisory, I would be pleased about any credits.

Contributing

The direction in which this repository is heading is currently not clear, I might therefore be reluctant to accepting any new query submissions. Though improvements of existing queries (except for complete rewrites) are welcome.

All contributions are implicitly made under the license of this project.

In general please prefer directly contributing to the CodeQL repository.

codeql-java-queries's People

Contributors

marcono1234 avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.