hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 02:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added MissingSecuritySeverity query

Browse Source
This commit is contained in:
Tony Torralba
2022-03-14 17:15:20 +01:00
parent bcdbfefb2b
commit 03f3535188
10 changed files with 79 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
ql/ql/src/queries/style/MissingSecuritySeverity.ql Normal file
View File

@@ -0,0 +1,29 @@
/**
* @name Missing security-severity tag
* @description Queries tagged as `security` should also have a `@security-severity` tag.
* @kind problem
* @problem.severity warning
* @precision very-high
* @id ql/missing-security-severity
* @tags correctness
*/
import ql
predicate missingSecuritySeverity(QLDoc doc) {
exists(string s | s = doc.getContents() |
exists(string securityTag | securityTag = s.splitAt("@") |
securityTag.matches("tags%security%")
) and
not exists(string securitySeverity | securitySeverity = s.splitAt("@") |
securitySeverity.matches("security-severity %")
)
)
}
from TopLevel t
where
t.getLocation().getFile().getBaseName().matches("%.ql") and
not t.getLocation().getFile().getRelativePath().matches("%/experimental/%") and
missingSecuritySeverity(t.getQLDoc())
select t, "This query file is missing a `@security-severity` tag."

1
ql/ql/test/queries/style/MissingSecuritySeverity/MissingSecuritySeverity.expected Normal file
View File

@@ -0,0 +1 @@
| testcases/Bad.ql:1:1:15:9 | TopLevel | This query file is missing a `@security-severity` tag. |

1
ql/ql/test/queries/style/MissingSecuritySeverity/MissingSecuritySeverity.qlref Normal file
View File

@@ -0,0 +1 @@
queries/style/MissingSecuritySeverity.ql

0
ql/ql/test/queries/style/MissingSecuritySeverity/testcases/Bad.expected Normal file
View File

15
ql/ql/test/queries/style/MissingSecuritySeverity/testcases/Bad.ql Normal file
View File

@@ -0,0 +1,15 @@
/**
* @name Some query
* @description Some description
* @kind problem
* @problem.severity warning
* @precision very-high
* @id ql/some-query
* @tags quality
* security
*/
import ql
from Class c
select c

0
ql/ql/test/queries/style/MissingSecuritySeverity/testcases/Good.expected Normal file
View File

16
ql/ql/test/queries/style/MissingSecuritySeverity/testcases/Good.ql Normal file
View File

@@ -0,0 +1,16 @@
/**
* @name Some query
* @description Some description
* @kind problem
* @problem.severity warning
* @security-severity 10.0
* @precision very-high
* @id ql/some-query
* @tags quality
* security
*/
import ql
from Class c
select c

0
ql/ql/test/queries/style/MissingSecuritySeverity/testcases/NoSecurity.expected Normal file
View File

14
ql/ql/test/queries/style/MissingSecuritySeverity/testcases/NoSecurity.ql Normal file
View File

@@ -0,0 +1,14 @@
/**
* @name Some query
* @description Some description
* @kind problem
* @problem.severity warning
* @precision very-high
* @id ql/some-query
* @tags quality
*/
import ql
from Class c
select c

3
ql/ql/test/queries/style/MissingSecuritySeverity/testcases/NotAQuery.qll Normal file
View File

@@ -0,0 +1,3 @@
import ql
FieldDecl getAField(Class c) { result = c.getAField() }