From 30860daac4b382470cf676afcfaf7b11f5dd07e3 Mon Sep 17 00:00:00 2001 From: Arthur Baars Date: Thu, 25 Jul 2019 13:30:50 +0200 Subject: [PATCH 1/5] Add cookbook queries --- cpp/ql/examples/addressof.ql | 15 +++++ cpp/ql/examples/arrayaccess.ql | 16 ++++++ cpp/ql/examples/castexpr.ql | 15 +++++ cpp/ql/examples/catch_exception.ql | 14 +++++ cpp/ql/examples/constructor_call.ql | 15 +++++ cpp/ql/examples/derives_from_class.ql | 19 +++++++ cpp/ql/examples/emptyblock.ql | 13 +++++ cpp/ql/examples/emptythen.ql | 16 ++++++ cpp/ql/examples/eq_true.ql | 17 ++++++ cpp/ql/examples/field_access.ql | 15 +++++ cpp/ql/examples/function_call.ql | 17 ++++++ cpp/ql/examples/integer_literal.ql | 14 +++++ cpp/ql/examples/mutualrecursion.ql | 16 ++++++ cpp/ql/examples/override_method.ql | 17 ++++++ cpp/ql/examples/queries.xml | 1 + cpp/ql/examples/returnstatement.ql | 13 +++++ cpp/ql/examples/singletonblock.ql | 12 ++++ cpp/ql/examples/switchcase.ql | 16 ++++++ cpp/ql/examples/ternaryconditional.ql | 14 +++++ cpp/ql/examples/throw_exception.ql | 14 +++++ cpp/ql/examples/todocomment.ql | 13 +++++ cpp/ql/examples/toomanyparams.ql | 14 +++++ cpp/ql/examples/unusedlocalvar.ql | 15 +++++ cpp/ql/examples/unusedmethod.ql | 17 ++++++ cpp/ql/examples/unusedparam.ql | 12 ++++ cpp/ql/examples/voidreturntype.ql | 20 +++++++ cpp/ql/examples/volatilevariable.ql | 12 ++++ csharp/ql/examples/array_access.ql | 16 ++++++ csharp/ql/examples/cast_expr.ql | 15 +++++ csharp/ql/examples/catch_exception.ql | 13 +++++ csharp/ql/examples/constructor_call.ql | 13 +++++ csharp/ql/examples/empty_block.ql | 13 +++++ csharp/ql/examples/empty_then.ql | 16 ++++++ csharp/ql/examples/eq_true.ql | 13 +++++ csharp/ql/examples/extend_class.ql | 16 ++++++ csharp/ql/examples/extern_method.ql | 13 +++++ csharp/ql/examples/field_read.ql | 14 +++++ csharp/ql/examples/integer_literal.ql | 12 ++++ csharp/ql/examples/method_call.ql | 14 +++++ csharp/ql/examples/mutual_recursion.ql | 15 +++++ csharp/ql/examples/null_argument.ql | 18 ++++++ csharp/ql/examples/override_method.ql | 14 +++++ csharp/ql/examples/qualifier.ql | 12 ++++ csharp/ql/examples/queries.xml | 1 + csharp/ql/examples/return_statement.ql | 13 +++++ csharp/ql/examples/singleton_block.ql | 12 ++++ csharp/ql/examples/switch_case.ql | 16 ++++++ csharp/ql/examples/ternary_conditional.ql | 15 +++++ csharp/ql/examples/throw_exception.ql | 12 ++++ csharp/ql/examples/todo_comment.ql | 12 ++++ csharp/ql/examples/too_many_params.ql | 13 +++++ csharp/ql/examples/try_finally.ql | 15 +++++ csharp/ql/examples/unused_local_var.ql | 13 +++++ csharp/ql/examples/unused_param.ql | 12 ++++ csharp/ql/examples/void_return_type.ql | 15 +++++ csharp/ql/examples/volatile_field.ql | 13 +++++ java/ql/examples/arrayaccess.ql | 16 ++++++ java/ql/examples/castexpr.ql | 15 +++++ java/ql/examples/catch_exception.ql | 13 +++++ java/ql/examples/constructor_call.ql | 13 +++++ java/ql/examples/emptyblock.ql | 13 +++++ java/ql/examples/emptythen.ql | 16 ++++++ java/ql/examples/eq_true.ql | 13 +++++ java/ql/examples/extend_class.ql | 16 ++++++ java/ql/examples/field_read.ql | 14 +++++ java/ql/examples/integer_literal.ql | 12 ++++ java/ql/examples/method_call.ql | 14 +++++ java/ql/examples/mutualrecursion.ql | 14 +++++ java/ql/examples/nativemethod.ql | 13 +++++ java/ql/examples/null_argument.ql | 18 ++++++ java/ql/examples/override_method.ql | 14 +++++ java/ql/examples/qualifiedthis.ql | 13 +++++ java/ql/examples/queries.xml | 1 + java/ql/examples/returnstatement.ql | 13 +++++ java/ql/examples/singletonblock.ql | 12 ++++ java/ql/examples/switchcase.ql | 16 ++++++ java/ql/examples/synchronizedmethod.ql | 13 +++++ java/ql/examples/ternaryconditional.ql | 15 +++++ java/ql/examples/throw_exception.ql | 12 ++++ java/ql/examples/todocomment.ql | 12 ++++ java/ql/examples/toomanyparams.ql | 13 +++++ java/ql/examples/tryfinally.ql | 15 +++++ java/ql/examples/unusedlocalvar.ql | 13 +++++ java/ql/examples/unusedmethod.ql | 15 +++++ java/ql/examples/unusedparam.ql | 12 ++++ java/ql/examples/voidreturntype.ql | 15 +++++ java/ql/examples/volatilefield.ql | 13 +++++ javascript/ql/examples/argumentsparam.ql | 12 ++++ javascript/ql/examples/call.ql | 13 +++++ javascript/ql/examples/callback.ql | 13 +++++ javascript/ql/examples/classdefltctor.ql | 15 +++++ javascript/ql/examples/classname.ql | 14 +++++ javascript/ql/examples/constantbrackets.ql | 16 ++++++ .../dataflow/BackendIdor/BackendIdor.ql | 48 ++++++++++++++++ .../DecodingAfterSanitization.ql | 29 ++++++++++ .../DecodingAfterSanitizationGeneralized.ql | 51 +++++++++++++++++ .../examples/dataflow/EvalTaint/EvalTaint.ql | 21 +++++++ .../dataflow/EvalTaint/EvalTaintPath.ql | 24 ++++++++ .../InformationDisclosure.ql | 55 +++++++++++++++++++ .../examples/dataflow/StoredXss/StoredXss.ql | 34 ++++++++++++ .../StoredXss/StoredXssTrackedNode.ql | 49 +++++++++++++++++ .../TemplateInjection/TemplateInjection.ql | 39 +++++++++++++ javascript/ql/examples/emptyblock.ql | 13 +++++ javascript/ql/examples/emptythen.ql | 16 ++++++ javascript/ql/examples/equalitystmt.ql | 14 +++++ javascript/ql/examples/evenness.ql | 15 +++++ javascript/ql/examples/exportfn.ql | 15 +++++ javascript/ql/examples/filename.ql | 11 ++++ javascript/ql/examples/fnnoreturn.ql | 13 +++++ javascript/ql/examples/generator.ql | 14 +++++ javascript/ql/examples/iife.ql | 13 +++++ javascript/ql/examples/importfrom.ql | 14 +++++ javascript/ql/examples/jsxattribute.ql | 12 ++++ javascript/ql/examples/methodcall.ql | 13 +++++ javascript/ql/examples/namedfnexpr.ql | 11 ++++ javascript/ql/examples/newexpr.ql | 13 +++++ javascript/ql/examples/propaccess.ql | 16 ++++++ javascript/ql/examples/queries.xml | 1 + javascript/ql/examples/rendermethod.ql | 14 +++++ javascript/ql/examples/singlequotestring.ql | 13 +++++ javascript/ql/examples/singletonblock.ql | 12 ++++ javascript/ql/examples/taggedtemplates.ql | 12 ++++ javascript/ql/examples/todocomment.ql | 12 ++++ javascript/ql/examples/toomanyparams.ql | 13 +++++ javascript/ql/examples/vardecl.ql | 12 ++++ javascript/ql/examples/varref.ql | 12 ++++ javascript/ql/examples/yieldundefined.ql | 14 +++++ python/ql/examples/backticks.ql | 11 ++++ python/ql/examples/builtin_object.ql | 13 +++++ python/ql/examples/call.ql | 12 ++++ python/ql/examples/catch_exception.ql | 15 +++++ python/ql/examples/conditional_expression.ql | 16 ++++++ python/ql/examples/elif.ql | 12 ++++ python/ql/examples/emptyblock.ql | 13 +++++ python/ql/examples/emptythen.ql | 20 +++++++ python/ql/examples/eq_true.ql | 13 +++++ python/ql/examples/equalitystmt.ql | 13 +++++ python/ql/examples/extend_class.ql | 18 ++++++ python/ql/examples/filename.ql | 11 ++++ python/ql/examples/generator.ql | 12 ++++ python/ql/examples/integer_literal.ql | 12 ++++ python/ql/examples/method_call.ql | 14 +++++ python/ql/examples/mutualrecursion.ql | 12 ++++ python/ql/examples/new_instance.ql | 15 +++++ python/ql/examples/override_method.ql | 14 +++++ python/ql/examples/print.ql | 16 ++++++ python/ql/examples/private_access.ql | 18 ++++++ python/ql/examples/queries.xml | 1 + python/ql/examples/raise_exception.ql | 19 +++++++ python/ql/examples/raw_string.ql | 12 ++++ python/ql/examples/recursion.ql | 12 ++++ python/ql/examples/singlequotestring.ql | 13 +++++ python/ql/examples/store_none.ql | 17 ++++++ python/ql/examples/todocomment.ql | 12 ++++ python/ql/examples/too_many_params.ql | 13 +++++ python/ql/examples/tryfinally.ql | 14 +++++ 156 files changed, 2342 insertions(+) create mode 100644 cpp/ql/examples/addressof.ql create mode 100644 cpp/ql/examples/arrayaccess.ql create mode 100644 cpp/ql/examples/castexpr.ql create mode 100644 cpp/ql/examples/catch_exception.ql create mode 100644 cpp/ql/examples/constructor_call.ql create mode 100644 cpp/ql/examples/derives_from_class.ql create mode 100644 cpp/ql/examples/emptyblock.ql create mode 100644 cpp/ql/examples/emptythen.ql create mode 100644 cpp/ql/examples/eq_true.ql create mode 100644 cpp/ql/examples/field_access.ql create mode 100644 cpp/ql/examples/function_call.ql create mode 100644 cpp/ql/examples/integer_literal.ql create mode 100644 cpp/ql/examples/mutualrecursion.ql create mode 100644 cpp/ql/examples/override_method.ql create mode 100644 cpp/ql/examples/queries.xml create mode 100644 cpp/ql/examples/returnstatement.ql create mode 100644 cpp/ql/examples/singletonblock.ql create mode 100644 cpp/ql/examples/switchcase.ql create mode 100644 cpp/ql/examples/ternaryconditional.ql create mode 100644 cpp/ql/examples/throw_exception.ql create mode 100644 cpp/ql/examples/todocomment.ql create mode 100644 cpp/ql/examples/toomanyparams.ql create mode 100644 cpp/ql/examples/unusedlocalvar.ql create mode 100644 cpp/ql/examples/unusedmethod.ql create mode 100644 cpp/ql/examples/unusedparam.ql create mode 100644 cpp/ql/examples/voidreturntype.ql create mode 100644 cpp/ql/examples/volatilevariable.ql create mode 100644 csharp/ql/examples/array_access.ql create mode 100644 csharp/ql/examples/cast_expr.ql create mode 100644 csharp/ql/examples/catch_exception.ql create mode 100644 csharp/ql/examples/constructor_call.ql create mode 100644 csharp/ql/examples/empty_block.ql create mode 100644 csharp/ql/examples/empty_then.ql create mode 100644 csharp/ql/examples/eq_true.ql create mode 100644 csharp/ql/examples/extend_class.ql create mode 100644 csharp/ql/examples/extern_method.ql create mode 100644 csharp/ql/examples/field_read.ql create mode 100644 csharp/ql/examples/integer_literal.ql create mode 100644 csharp/ql/examples/method_call.ql create mode 100644 csharp/ql/examples/mutual_recursion.ql create mode 100644 csharp/ql/examples/null_argument.ql create mode 100644 csharp/ql/examples/override_method.ql create mode 100644 csharp/ql/examples/qualifier.ql create mode 100644 csharp/ql/examples/queries.xml create mode 100644 csharp/ql/examples/return_statement.ql create mode 100644 csharp/ql/examples/singleton_block.ql create mode 100644 csharp/ql/examples/switch_case.ql create mode 100644 csharp/ql/examples/ternary_conditional.ql create mode 100644 csharp/ql/examples/throw_exception.ql create mode 100644 csharp/ql/examples/todo_comment.ql create mode 100644 csharp/ql/examples/too_many_params.ql create mode 100644 csharp/ql/examples/try_finally.ql create mode 100644 csharp/ql/examples/unused_local_var.ql create mode 100644 csharp/ql/examples/unused_param.ql create mode 100644 csharp/ql/examples/void_return_type.ql create mode 100644 csharp/ql/examples/volatile_field.ql create mode 100644 java/ql/examples/arrayaccess.ql create mode 100644 java/ql/examples/castexpr.ql create mode 100644 java/ql/examples/catch_exception.ql create mode 100644 java/ql/examples/constructor_call.ql create mode 100644 java/ql/examples/emptyblock.ql create mode 100644 java/ql/examples/emptythen.ql create mode 100644 java/ql/examples/eq_true.ql create mode 100644 java/ql/examples/extend_class.ql create mode 100644 java/ql/examples/field_read.ql create mode 100644 java/ql/examples/integer_literal.ql create mode 100644 java/ql/examples/method_call.ql create mode 100644 java/ql/examples/mutualrecursion.ql create mode 100644 java/ql/examples/nativemethod.ql create mode 100644 java/ql/examples/null_argument.ql create mode 100644 java/ql/examples/override_method.ql create mode 100644 java/ql/examples/qualifiedthis.ql create mode 100644 java/ql/examples/queries.xml create mode 100644 java/ql/examples/returnstatement.ql create mode 100644 java/ql/examples/singletonblock.ql create mode 100644 java/ql/examples/switchcase.ql create mode 100644 java/ql/examples/synchronizedmethod.ql create mode 100644 java/ql/examples/ternaryconditional.ql create mode 100644 java/ql/examples/throw_exception.ql create mode 100644 java/ql/examples/todocomment.ql create mode 100644 java/ql/examples/toomanyparams.ql create mode 100644 java/ql/examples/tryfinally.ql create mode 100644 java/ql/examples/unusedlocalvar.ql create mode 100644 java/ql/examples/unusedmethod.ql create mode 100644 java/ql/examples/unusedparam.ql create mode 100644 java/ql/examples/voidreturntype.ql create mode 100644 java/ql/examples/volatilefield.ql create mode 100644 javascript/ql/examples/argumentsparam.ql create mode 100644 javascript/ql/examples/call.ql create mode 100644 javascript/ql/examples/callback.ql create mode 100644 javascript/ql/examples/classdefltctor.ql create mode 100644 javascript/ql/examples/classname.ql create mode 100644 javascript/ql/examples/constantbrackets.ql create mode 100644 javascript/ql/examples/dataflow/BackendIdor/BackendIdor.ql create mode 100644 javascript/ql/examples/dataflow/DecodingAfterSanitization/DecodingAfterSanitization.ql create mode 100644 javascript/ql/examples/dataflow/DecodingAfterSanitization/DecodingAfterSanitizationGeneralized.ql create mode 100644 javascript/ql/examples/dataflow/EvalTaint/EvalTaint.ql create mode 100644 javascript/ql/examples/dataflow/EvalTaint/EvalTaintPath.ql create mode 100644 javascript/ql/examples/dataflow/InformationDisclosure/InformationDisclosure.ql create mode 100644 javascript/ql/examples/dataflow/StoredXss/StoredXss.ql create mode 100644 javascript/ql/examples/dataflow/StoredXss/StoredXssTrackedNode.ql create mode 100644 javascript/ql/examples/dataflow/TemplateInjection/TemplateInjection.ql create mode 100644 javascript/ql/examples/emptyblock.ql create mode 100644 javascript/ql/examples/emptythen.ql create mode 100644 javascript/ql/examples/equalitystmt.ql create mode 100644 javascript/ql/examples/evenness.ql create mode 100644 javascript/ql/examples/exportfn.ql create mode 100644 javascript/ql/examples/filename.ql create mode 100644 javascript/ql/examples/fnnoreturn.ql create mode 100644 javascript/ql/examples/generator.ql create mode 100644 javascript/ql/examples/iife.ql create mode 100644 javascript/ql/examples/importfrom.ql create mode 100644 javascript/ql/examples/jsxattribute.ql create mode 100644 javascript/ql/examples/methodcall.ql create mode 100644 javascript/ql/examples/namedfnexpr.ql create mode 100644 javascript/ql/examples/newexpr.ql create mode 100644 javascript/ql/examples/propaccess.ql create mode 100644 javascript/ql/examples/queries.xml create mode 100644 javascript/ql/examples/rendermethod.ql create mode 100644 javascript/ql/examples/singlequotestring.ql create mode 100644 javascript/ql/examples/singletonblock.ql create mode 100644 javascript/ql/examples/taggedtemplates.ql create mode 100644 javascript/ql/examples/todocomment.ql create mode 100644 javascript/ql/examples/toomanyparams.ql create mode 100644 javascript/ql/examples/vardecl.ql create mode 100644 javascript/ql/examples/varref.ql create mode 100644 javascript/ql/examples/yieldundefined.ql create mode 100644 python/ql/examples/backticks.ql create mode 100644 python/ql/examples/builtin_object.ql create mode 100644 python/ql/examples/call.ql create mode 100644 python/ql/examples/catch_exception.ql create mode 100644 python/ql/examples/conditional_expression.ql create mode 100644 python/ql/examples/elif.ql create mode 100644 python/ql/examples/emptyblock.ql create mode 100644 python/ql/examples/emptythen.ql create mode 100644 python/ql/examples/eq_true.ql create mode 100644 python/ql/examples/equalitystmt.ql create mode 100644 python/ql/examples/extend_class.ql create mode 100644 python/ql/examples/filename.ql create mode 100644 python/ql/examples/generator.ql create mode 100644 python/ql/examples/integer_literal.ql create mode 100644 python/ql/examples/method_call.ql create mode 100644 python/ql/examples/mutualrecursion.ql create mode 100644 python/ql/examples/new_instance.ql create mode 100644 python/ql/examples/override_method.ql create mode 100644 python/ql/examples/print.ql create mode 100644 python/ql/examples/private_access.ql create mode 100644 python/ql/examples/queries.xml create mode 100644 python/ql/examples/raise_exception.ql create mode 100644 python/ql/examples/raw_string.ql create mode 100644 python/ql/examples/recursion.ql create mode 100644 python/ql/examples/singlequotestring.ql create mode 100644 python/ql/examples/store_none.ql create mode 100644 python/ql/examples/todocomment.ql create mode 100644 python/ql/examples/too_many_params.ql create mode 100644 python/ql/examples/tryfinally.ql diff --git a/cpp/ql/examples/addressof.ql b/cpp/ql/examples/addressof.ql new file mode 100644 index 00000000000..ec2c27b5a17 --- /dev/null +++ b/cpp/ql/examples/addressof.ql @@ -0,0 +1,15 @@ +/** + * @name Address of reference variable + * @description Finds address-of expressions (`&`) that take the address + * of a reference variable + * @tags addressof + * reference + */ + +import cpp + +from AddressOfExpr addr, VariableAccess access +where + access = addr.getOperand() and + access.getTarget().getType() instanceof ReferenceType +select addr diff --git a/cpp/ql/examples/arrayaccess.ql b/cpp/ql/examples/arrayaccess.ql new file mode 100644 index 00000000000..155210618ea --- /dev/null +++ b/cpp/ql/examples/arrayaccess.ql @@ -0,0 +1,16 @@ +/** + * @name Array access + * @description Finds array access expressions with an index expression + * consisting of a postfix increment (`++`) expression. + * @tags array + * access + * index + * postfix + * increment + */ + +import cpp + +from ArrayExpr a +where a.getArrayOffset() instanceof PostfixIncrExpr +select a diff --git a/cpp/ql/examples/castexpr.ql b/cpp/ql/examples/castexpr.ql new file mode 100644 index 00000000000..d556bbff5d0 --- /dev/null +++ b/cpp/ql/examples/castexpr.ql @@ -0,0 +1,15 @@ +/** + * @name Cast expressions + * @description Finds casts from a floating point type to an integer type + * @tags cast + * integer + * float + * type + */ + +import cpp + +from Cast c +where c.getExpr().getType() instanceof FloatingPointType + and c.getType() instanceof IntegralType +select c diff --git a/cpp/ql/examples/catch_exception.ql b/cpp/ql/examples/catch_exception.ql new file mode 100644 index 00000000000..233ebc0460d --- /dev/null +++ b/cpp/ql/examples/catch_exception.ql @@ -0,0 +1,14 @@ +/** + * @name Catch exception + * @description Finds places where we catch exceptions of type `parse_error` + * @tags catch + * try + * exception + */ + +import cpp + +from CatchBlock catch +// `stripType` converts `const parse_error &` to `parse_error`. +where catch.getParameter().getType().stripType().hasName("parse_error") +select catch diff --git a/cpp/ql/examples/constructor_call.ql b/cpp/ql/examples/constructor_call.ql new file mode 100644 index 00000000000..1bab2b45e01 --- /dev/null +++ b/cpp/ql/examples/constructor_call.ql @@ -0,0 +1,15 @@ +/** + * @name Call to constructor + * @description Finds places where we call `new MyClass(...)` + * @tags call + * constructor + * new + */ + +import cpp + +from NewExpr new, Constructor c +where + c = new.getInitializer().(ConstructorCall).getTarget() and + c.getName() = "MyClass" +select new diff --git a/cpp/ql/examples/derives_from_class.ql b/cpp/ql/examples/derives_from_class.ql new file mode 100644 index 00000000000..2ec18f69305 --- /dev/null +++ b/cpp/ql/examples/derives_from_class.ql @@ -0,0 +1,19 @@ +/** + * @name Class derives from + * @description Finds classes that derive from `std::exception` + * @tags base + * class + * derive + * inherit + * override + * subtype + * supertype + */ + +import cpp + +from Class type +where + type.getABaseClass+().hasName("exception") and + type.getNamespace().getName() = "std" +select type diff --git a/cpp/ql/examples/emptyblock.ql b/cpp/ql/examples/emptyblock.ql new file mode 100644 index 00000000000..ccc648b78fe --- /dev/null +++ b/cpp/ql/examples/emptyblock.ql @@ -0,0 +1,13 @@ +/** + * @name Empty blocks + * @description Finds empty block statements + * @tags empty + * block + * statement + */ + +import cpp + +from Block blk +where blk.getNumStmt() = 0 +select blk diff --git a/cpp/ql/examples/emptythen.ql b/cpp/ql/examples/emptythen.ql new file mode 100644 index 00000000000..4dae8641f5c --- /dev/null +++ b/cpp/ql/examples/emptythen.ql @@ -0,0 +1,16 @@ +/** + * @name If statements with empty then branch + * @description Finds `if` statements where the `then` branch is + * an empty block statement + * @tags if + * then + * empty + * conditional + * branch + */ + +import cpp + +from IfStmt i +where i.getThen().(Block).getNumStmt() = 0 +select i diff --git a/cpp/ql/examples/eq_true.ql b/cpp/ql/examples/eq_true.ql new file mode 100644 index 00000000000..60bca365467 --- /dev/null +++ b/cpp/ql/examples/eq_true.ql @@ -0,0 +1,17 @@ +/** + * @name Equality test on boolean + * @description Finds tests like `==true`, `!=true` + * @tags equal + * comparison + * test + * boolean + */ + +import cpp + +from EqualityOperation eq, Expr trueExpr +where + trueExpr = eq.getAnOperand() and + trueExpr.getType() instanceof BoolType and + trueExpr.getValue().toInt() = 1 +select eq diff --git a/cpp/ql/examples/field_access.ql b/cpp/ql/examples/field_access.ql new file mode 100644 index 00000000000..5cd2e09d569 --- /dev/null +++ b/cpp/ql/examples/field_access.ql @@ -0,0 +1,15 @@ +/** + * @name Access of field + * @description Finds reads of `aDate` (defined on class `Order`) + * @tags access + * field + * read + */ + +import cpp + +from Field f, FieldAccess access +where f.hasName("aDate") + and f.getDeclaringType().hasName("Order") + and f = access.getTarget() +select access diff --git a/cpp/ql/examples/function_call.ql b/cpp/ql/examples/function_call.ql new file mode 100644 index 00000000000..3791733c163 --- /dev/null +++ b/cpp/ql/examples/function_call.ql @@ -0,0 +1,17 @@ +/** + * @name Call to function + * @description Finds calls to `std::map<...>::find()` + * @tags call + * function + * method + */ + +import cpp + +from FunctionCall call, Function fcn +where + call.getTarget() = fcn and + fcn.getDeclaringType().getSimpleName() = "map" and + fcn.getDeclaringType().getNamespace().getName() = "std" and + fcn.hasName("find") +select call diff --git a/cpp/ql/examples/integer_literal.ql b/cpp/ql/examples/integer_literal.ql new file mode 100644 index 00000000000..affb5349861 --- /dev/null +++ b/cpp/ql/examples/integer_literal.ql @@ -0,0 +1,14 @@ +/** + * @name Integer literal + * @description Finds places where we use the integer literal `2` + * @tags integer + * literal + */ + +import cpp + +from Literal literal +where + literal.getType() instanceof IntType and + literal.getValue().toInt() = 2 +select literal diff --git a/cpp/ql/examples/mutualrecursion.ql b/cpp/ql/examples/mutualrecursion.ql new file mode 100644 index 00000000000..a487db8ba34 --- /dev/null +++ b/cpp/ql/examples/mutualrecursion.ql @@ -0,0 +1,16 @@ +/** + * @name Mutual recursion + * @description Finds pairs of functions that call each other + * @tags function + * method + * recursion + */ + +import cpp + +from Function m, Function n +where + exists(FunctionCall c | c.getEnclosingFunction() = m and c.getTarget() = n) and + exists(FunctionCall c | c.getEnclosingFunction() = n and c.getTarget() = m) and + m != n +select m, n diff --git a/cpp/ql/examples/override_method.ql b/cpp/ql/examples/override_method.ql new file mode 100644 index 00000000000..bbe49da897b --- /dev/null +++ b/cpp/ql/examples/override_method.ql @@ -0,0 +1,17 @@ +/** + * @name Override of method + * @description Finds methods that override `std::exception::what()` + * @tags function + * method + * override + */ + +import cpp + +from MemberFunction override, MemberFunction base +where + base.getName() = "what" and + base.getDeclaringType().getName() = "exception" and + base.getDeclaringType().getNamespace().getName() = "std" and + override.overrides+(base) +select override diff --git a/cpp/ql/examples/queries.xml b/cpp/ql/examples/queries.xml new file mode 100644 index 00000000000..99f4a7278c2 --- /dev/null +++ b/cpp/ql/examples/queries.xml @@ -0,0 +1 @@ + diff --git a/cpp/ql/examples/returnstatement.ql b/cpp/ql/examples/returnstatement.ql new file mode 100644 index 00000000000..d7558d51da0 --- /dev/null +++ b/cpp/ql/examples/returnstatement.ql @@ -0,0 +1,13 @@ +/** + * @name Return statements + * @description Finds return statements that return `0` + * @tags return + * statement + * literal + */ + +import cpp + +from ReturnStmt r +where r.getExpr().(Literal).getValue().toInt() = 0 +select r diff --git a/cpp/ql/examples/singletonblock.ql b/cpp/ql/examples/singletonblock.ql new file mode 100644 index 00000000000..a698cb1bf37 --- /dev/null +++ b/cpp/ql/examples/singletonblock.ql @@ -0,0 +1,12 @@ +/** + * @name Singleton blocks + * @description Finds block statements containing a single statement + * @tags block + * statement + */ + +import cpp + +from Block b +where b.getNumStmt() = 1 +select b diff --git a/cpp/ql/examples/switchcase.ql b/cpp/ql/examples/switchcase.ql new file mode 100644 index 00000000000..1068a8d5d70 --- /dev/null +++ b/cpp/ql/examples/switchcase.ql @@ -0,0 +1,16 @@ +/** + * @name Switch statement case missing + * @description Finds switch statements with a missing enum constant case + * and no default case + * @tags switch + * case + * enum + */ + +import cpp + +from EnumSwitch es, EnumConstant ec +where + ec = es.getAMissingCase() and + not es.hasDefaultCase() +select es, ec diff --git a/cpp/ql/examples/ternaryconditional.ql b/cpp/ql/examples/ternaryconditional.ql new file mode 100644 index 00000000000..d44a7e4babc --- /dev/null +++ b/cpp/ql/examples/ternaryconditional.ql @@ -0,0 +1,14 @@ +/** + * @name Conditional expressions + * @description Finds conditional expressions of the form `... ? ... : ...` + * where the types of the resulting expressions differ + * @tags conditional + * ternary + * type + */ + +import cpp + +from ConditionalExpr e +where e.getThen().getType() != e.getElse().getType() +select e diff --git a/cpp/ql/examples/throw_exception.ql b/cpp/ql/examples/throw_exception.ql new file mode 100644 index 00000000000..5b66dec5197 --- /dev/null +++ b/cpp/ql/examples/throw_exception.ql @@ -0,0 +1,14 @@ +/** + * @name Throw exception of type + * @description Finds places where we throw `parse_error` or one of its sub-types + * @tags base + * class + * throw + * exception + */ + +import cpp + +from ThrowExpr throw +where throw.getType().(Class).getABaseClass*().getName() = "parse_error" +select throw diff --git a/cpp/ql/examples/todocomment.ql b/cpp/ql/examples/todocomment.ql new file mode 100644 index 00000000000..6ab8c653a71 --- /dev/null +++ b/cpp/ql/examples/todocomment.ql @@ -0,0 +1,13 @@ +/** + * @name TODO comments + * @description Finds comments containing the word "TODO" + * @tags comment + * matches + * TODO + */ + +import cpp + +from Comment c +where c.getContents().matches("%TODO%") +select c diff --git a/cpp/ql/examples/toomanyparams.ql b/cpp/ql/examples/toomanyparams.ql new file mode 100644 index 00000000000..1f3eb14f4f2 --- /dev/null +++ b/cpp/ql/examples/toomanyparams.ql @@ -0,0 +1,14 @@ +/** + * @name Functions with many parameters + * @description Finds functions or methods with more than 10 parameters + * @tags function + * method + * parameter + * argument + */ + +import cpp + +from Function fcn +where fcn.getNumberOfParameters() > 10 +select fcn diff --git a/cpp/ql/examples/unusedlocalvar.ql b/cpp/ql/examples/unusedlocalvar.ql new file mode 100644 index 00000000000..65599404990 --- /dev/null +++ b/cpp/ql/examples/unusedlocalvar.ql @@ -0,0 +1,15 @@ +/** + * @name Unused local variable + * @description Finds local variables that are not accessed + * @tags variable + * local + * access + */ + +import cpp + +from LocalScopeVariable v +where + not v instanceof Parameter and + not exists(v.getAnAccess()) +select v diff --git a/cpp/ql/examples/unusedmethod.ql b/cpp/ql/examples/unusedmethod.ql new file mode 100644 index 00000000000..2ebd341b7bb --- /dev/null +++ b/cpp/ql/examples/unusedmethod.ql @@ -0,0 +1,17 @@ +/** + * @name Unused private method + * @description Finds private non-virtual methods that are not accessed + * @tags method + * access + * private + * virtual + */ + +import cpp + +from MemberFunction fcn +where + fcn.isPrivate() and + not fcn.isVirtual() and + not exists(FunctionCall call | fcn = call.getTarget()) +select fcn.getDefinition() diff --git a/cpp/ql/examples/unusedparam.ql b/cpp/ql/examples/unusedparam.ql new file mode 100644 index 00000000000..db69b0f7253 --- /dev/null +++ b/cpp/ql/examples/unusedparam.ql @@ -0,0 +1,12 @@ +/** + * @name Unused parameter + * @description Finds parameters that are not accessed + * @tags parameter + * access + */ + +import cpp + +from Parameter p +where p.isNamed() and not exists(p.getAnAccess()) +select p diff --git a/cpp/ql/examples/voidreturntype.ql b/cpp/ql/examples/voidreturntype.ql new file mode 100644 index 00000000000..4cd687226d4 --- /dev/null +++ b/cpp/ql/examples/voidreturntype.ql @@ -0,0 +1,20 @@ +/** + * @name Const method without return type + * @description Finds const methods whose return type is `void` + * @tags const + * function + * method + * modifier + * specifier + * return + * type + * void + */ + +import cpp + +from MemberFunction m +where + m.hasSpecifier("const") and + m.getType() instanceof VoidType +select m diff --git a/cpp/ql/examples/volatilevariable.ql b/cpp/ql/examples/volatilevariable.ql new file mode 100644 index 00000000000..a634a3bda6b --- /dev/null +++ b/cpp/ql/examples/volatilevariable.ql @@ -0,0 +1,12 @@ +/** + * @name Variable declared volatile + * @description Finds variables with a `volatile` modifier + * @tags variable + * volatile + */ + +import cpp + +from Variable f +where f.isVolatile() +select f diff --git a/csharp/ql/examples/array_access.ql b/csharp/ql/examples/array_access.ql new file mode 100644 index 00000000000..afda978b035 --- /dev/null +++ b/csharp/ql/examples/array_access.ql @@ -0,0 +1,16 @@ +/** + * @name Array access + * @description Finds array access expressions with an index expression + * consisting of a unary increment or decrement, e.g. 'a[i++]'. + * @tags array + * access + * index + * unary + * assignment + */ + +import csharp + +from ArrayAccess a +where a.getAnIndex() instanceof MutatorOperation +select a diff --git a/csharp/ql/examples/cast_expr.ql b/csharp/ql/examples/cast_expr.ql new file mode 100644 index 00000000000..bb4cf84108a --- /dev/null +++ b/csharp/ql/examples/cast_expr.ql @@ -0,0 +1,15 @@ +/** + * @name Cast expressions + * @description Finds casts from a floating point type to an integer type. + * @tags cast + * integer + * float + * type + */ + +import csharp + +from CastExpr c +where c.getExpr().getType() instanceof FloatingPointType + and c.getType() instanceof IntegralType +select c diff --git a/csharp/ql/examples/catch_exception.ql b/csharp/ql/examples/catch_exception.ql new file mode 100644 index 00000000000..2167eab2989 --- /dev/null +++ b/csharp/ql/examples/catch_exception.ql @@ -0,0 +1,13 @@ +/** + * @name Catch exception + * @description Finds places where we catch exceptions of type 'System.IO.IOException'. + * @tags catch + * try + * exception + */ + +import csharp + +from CatchClause catch +where catch.getCaughtExceptionType().hasQualifiedName("System.IO.IOException") +select catch diff --git a/csharp/ql/examples/constructor_call.ql b/csharp/ql/examples/constructor_call.ql new file mode 100644 index 00000000000..2f9c62d6fe8 --- /dev/null +++ b/csharp/ql/examples/constructor_call.ql @@ -0,0 +1,13 @@ +/** + * @name Call to constructor + * @description Finds places where we call 'new System.Exception(...)'. + * @tags call + * constructor + * new + */ + +import csharp + +from ObjectCreation new +where new.getObjectType().hasQualifiedName("System.Exception") +select new diff --git a/csharp/ql/examples/empty_block.ql b/csharp/ql/examples/empty_block.ql new file mode 100644 index 00000000000..5ef1e06afd6 --- /dev/null +++ b/csharp/ql/examples/empty_block.ql @@ -0,0 +1,13 @@ +/** + * @name Empty blocks + * @description Finds empty block statements. + * @tags empty + * block + * statement + */ + +import csharp + +from BlockStmt blk +where blk.isEmpty() +select blk diff --git a/csharp/ql/examples/empty_then.ql b/csharp/ql/examples/empty_then.ql new file mode 100644 index 00000000000..5f3c67f21c5 --- /dev/null +++ b/csharp/ql/examples/empty_then.ql @@ -0,0 +1,16 @@ +/** + * @name If statements with empty then branch + * @description Finds 'if' statements where the 'then' branch is + * an empty block statement. + * @tags if + * then + * empty + * conditional + * branch + */ + +import csharp + +from IfStmt i +where i.getThen().(BlockStmt).isEmpty() +select i diff --git a/csharp/ql/examples/eq_true.ql b/csharp/ql/examples/eq_true.ql new file mode 100644 index 00000000000..39f900a705a --- /dev/null +++ b/csharp/ql/examples/eq_true.ql @@ -0,0 +1,13 @@ +/** + * @name Equality test on Boolean + * @description Finds tests like 'x==true', 'x==false', 'x!=true', '!=false'. + * @tags equals + * test + * boolean + */ + +import csharp + +from EqualityOperation eq +where eq.getAnOperand() instanceof BoolLiteral +select eq diff --git a/csharp/ql/examples/extend_class.ql b/csharp/ql/examples/extend_class.ql new file mode 100644 index 00000000000..21283c80b32 --- /dev/null +++ b/csharp/ql/examples/extend_class.ql @@ -0,0 +1,16 @@ +/** + * @name Class extends/implements + * @description Finds classes/interfaces that extend/implement 'System.Collections.IEnumerator'. + * @tags class + * extends + * implements + * overrides + * subtype + * supertype + */ + +import csharp + +from RefType type +where type.getABaseType+().hasQualifiedName("System.Collections.IEnumerator") +select type diff --git a/csharp/ql/examples/extern_method.ql b/csharp/ql/examples/extern_method.ql new file mode 100644 index 00000000000..b5a55fb3c47 --- /dev/null +++ b/csharp/ql/examples/extern_method.ql @@ -0,0 +1,13 @@ +/** + * @name Extern methods + * @description Finds methods that are 'extern'. + * @tags method + * native + * modifier + */ + +import csharp + +from Method m +where m.isExtern() +select m diff --git a/csharp/ql/examples/field_read.ql b/csharp/ql/examples/field_read.ql new file mode 100644 index 00000000000..07c9d589fea --- /dev/null +++ b/csharp/ql/examples/field_read.ql @@ -0,0 +1,14 @@ +/** + * @name Read of field + * @description Finds reads of 'VirtualAddress' (defined on 'Mono.Cecil.PE.Section'). + * @tags field + * read + */ + +import csharp + +from Field f, FieldRead read +where f.hasName("VirtualAddress") + and f.getDeclaringType().hasQualifiedName("Mono.Cecil.PE.Section") + and f = read.getTarget() +select read diff --git a/csharp/ql/examples/integer_literal.ql b/csharp/ql/examples/integer_literal.ql new file mode 100644 index 00000000000..3e204d87e07 --- /dev/null +++ b/csharp/ql/examples/integer_literal.ql @@ -0,0 +1,12 @@ +/** + * @name Integer literal + * @description Finds places where we use the integer literal '0'. + * @tags integer + * literal + */ + +import csharp + +from IntegerLiteral literal +where literal.getValue().toInt() = 0 +select literal diff --git a/csharp/ql/examples/method_call.ql b/csharp/ql/examples/method_call.ql new file mode 100644 index 00000000000..b78badd1f6f --- /dev/null +++ b/csharp/ql/examples/method_call.ql @@ -0,0 +1,14 @@ +/** + * @name Call to method + * @description Finds calls to method 'Company.Class.MethodName'. + * @tags call + * method + */ + +import csharp + +from MethodCall call, Method method +where call.getTarget() = method + and method.hasName("MethodName") + and method.getDeclaringType().hasQualifiedName("Company.Class") +select call diff --git a/csharp/ql/examples/mutual_recursion.ql b/csharp/ql/examples/mutual_recursion.ql new file mode 100644 index 00000000000..d2f52e43783 --- /dev/null +++ b/csharp/ql/examples/mutual_recursion.ql @@ -0,0 +1,15 @@ +/** + * @name Mutual recursion + * @description Finds pairs of methods that call each other. + * @tags method + * recursion + */ + +import csharp + +from Method m, Method n +where m.calls(n) + and n.calls(m) + and m != n +select m, n + diff --git a/csharp/ql/examples/null_argument.ql b/csharp/ql/examples/null_argument.ql new file mode 100644 index 00000000000..8116c6a5de7 --- /dev/null +++ b/csharp/ql/examples/null_argument.ql @@ -0,0 +1,18 @@ +/** + * @name Add null to collection + * @description Finds places where we add 'null' to a collection. + * @tags null + * parameter + * argument + * collection + * add + */ + +import csharp + +from MethodCall call, Method add +where call.getTarget() = add.getAnUltimateImplementor*() + and add.hasName("Add") + and add.getDeclaringType().getSourceDeclaration().hasQualifiedName("System.Collections.Generic.ICollection<>") + and call.getAnArgument() instanceof NullLiteral +select call diff --git a/csharp/ql/examples/override_method.ql b/csharp/ql/examples/override_method.ql new file mode 100644 index 00000000000..036cdb78fa9 --- /dev/null +++ b/csharp/ql/examples/override_method.ql @@ -0,0 +1,14 @@ +/** + * @name Override of method + * @description Finds methods that directly override 'Object.ToString'. + * @tags method + * override + */ + +import csharp + +from Method override, Method base +where base.hasName("ToString") + and base.getDeclaringType().hasQualifiedName("System.Object") + and base.getAnOverrider() = override +select override diff --git a/csharp/ql/examples/qualifier.ql b/csharp/ql/examples/qualifier.ql new file mode 100644 index 00000000000..cc238a7e9e0 --- /dev/null +++ b/csharp/ql/examples/qualifier.ql @@ -0,0 +1,12 @@ +/** + * @name Expression qualifier + * @description Finds qualified expressions (e.g. 'a.b()') and their qualifiers ('a'). + * @tags qualifier + * chain + */ + +import csharp + +from QualifiableExpr qualifiedExpr, Expr qualifier +where qualifier = qualifiedExpr.getQualifier() +select qualifiedExpr, qualifier diff --git a/csharp/ql/examples/queries.xml b/csharp/ql/examples/queries.xml new file mode 100644 index 00000000000..56abe7737ac --- /dev/null +++ b/csharp/ql/examples/queries.xml @@ -0,0 +1 @@ + diff --git a/csharp/ql/examples/return_statement.ql b/csharp/ql/examples/return_statement.ql new file mode 100644 index 00000000000..a1c781c547e --- /dev/null +++ b/csharp/ql/examples/return_statement.ql @@ -0,0 +1,13 @@ +/** + * @name Return statements + * @description Finds return statements that return 'null'. + * @tags return + * statement + * null + */ + +import csharp + +from ReturnStmt r +where r.getExpr() instanceof NullLiteral +select r diff --git a/csharp/ql/examples/singleton_block.ql b/csharp/ql/examples/singleton_block.ql new file mode 100644 index 00000000000..3f85f855ef9 --- /dev/null +++ b/csharp/ql/examples/singleton_block.ql @@ -0,0 +1,12 @@ +/** + * @name Singleton blocks + * @description Finds block statements containing a single statement. + * @tags block + * statement + */ + +import csharp + +from BlockStmt b +where b.getNumberOfStmts() = 1 +select b diff --git a/csharp/ql/examples/switch_case.ql b/csharp/ql/examples/switch_case.ql new file mode 100644 index 00000000000..ce5171b980a --- /dev/null +++ b/csharp/ql/examples/switch_case.ql @@ -0,0 +1,16 @@ +/** + * @name Switch statement case missing + * @description Finds switch statements with a missing enum constant case and no default case. + * @tags switch + * case + * enum + */ + +import csharp + +from SwitchStmt switch, Enum enum, EnumConstant missing +where switch.getCondition().getType() = enum + and missing.getDeclaringType() = enum + and not switch.getAConstCase().getExpr() = missing.getAnAccess() + and not exists(switch.getDefaultCase()) +select switch diff --git a/csharp/ql/examples/ternary_conditional.ql b/csharp/ql/examples/ternary_conditional.ql new file mode 100644 index 00000000000..70068e342b4 --- /dev/null +++ b/csharp/ql/examples/ternary_conditional.ql @@ -0,0 +1,15 @@ +/** + * @name Conditional expressions + * @description Finds conditional expressions of the form '... ? ... : ...' + * where the types of the resulting expressions differ. + * @tags conditional + * type + */ + +import csharp + +from ConditionalExpr e +where e.getThen().stripImplicitCasts() != e.getElse().stripImplicitCasts() + and not e.getThen().getType() instanceof NullType + and not e.getElse().getType() instanceof NullType +select e diff --git a/csharp/ql/examples/throw_exception.ql b/csharp/ql/examples/throw_exception.ql new file mode 100644 index 00000000000..4680f4e9873 --- /dev/null +++ b/csharp/ql/examples/throw_exception.ql @@ -0,0 +1,12 @@ +/** + * @name Throw exception of given type + * @description Finds places where we throw 'System.IO.IOException' or one of its subtypes. + * @tags throw + * exception + */ + +import csharp + +from ThrowStmt throw +where throw.getThrownExceptionType().getBaseClass*().hasQualifiedName("System.IO.IOException") +select throw diff --git a/csharp/ql/examples/todo_comment.ql b/csharp/ql/examples/todo_comment.ql new file mode 100644 index 00000000000..bbe39425040 --- /dev/null +++ b/csharp/ql/examples/todo_comment.ql @@ -0,0 +1,12 @@ +/** + * @name TODO comments + * @description Finds comments containing the word "TODO". + * @tags comment + * TODO + */ + +import csharp + +from CommentLine c +where c.getText().regexpMatch("(?si).*\\bTODO\\b.*") +select c diff --git a/csharp/ql/examples/too_many_params.ql b/csharp/ql/examples/too_many_params.ql new file mode 100644 index 00000000000..348a6f5927c --- /dev/null +++ b/csharp/ql/examples/too_many_params.ql @@ -0,0 +1,13 @@ +/** + * @name Methods with many parameters + * @description Finds methods with more than ten parameters. + * @tags method + * parameter + * argument + */ + +import csharp + +from Method m +where m.getNumberOfParameters() > 10 +select m diff --git a/csharp/ql/examples/try_finally.ql b/csharp/ql/examples/try_finally.ql new file mode 100644 index 00000000000..879ae6002d2 --- /dev/null +++ b/csharp/ql/examples/try_finally.ql @@ -0,0 +1,15 @@ +/** + * @name Try-finally statements + * @description Finds try-finally statements without a catch clause. + * @tags try + * finally + * catch + * exceptions + */ + +import csharp + +from TryStmt t +where exists(t.getFinally()) + and not exists(t.getACatchClause()) +select t diff --git a/csharp/ql/examples/unused_local_var.ql b/csharp/ql/examples/unused_local_var.ql new file mode 100644 index 00000000000..74b17f69673 --- /dev/null +++ b/csharp/ql/examples/unused_local_var.ql @@ -0,0 +1,13 @@ +/** + * @name Unused local variable + * @description Finds local variables that are not accessed. + * @tags variable + * local + * access + */ + +import csharp + +from LocalVariable v +where not exists(v.getAnAccess()) +select v diff --git a/csharp/ql/examples/unused_param.ql b/csharp/ql/examples/unused_param.ql new file mode 100644 index 00000000000..314371550d9 --- /dev/null +++ b/csharp/ql/examples/unused_param.ql @@ -0,0 +1,12 @@ +/** + * @name Unused parameter + * @description Finds parameters that are not accessed. + * @tags parameter + * access + */ + +import csharp + +from Parameter p +where not exists(p.getAnAccess()) +select p diff --git a/csharp/ql/examples/void_return_type.ql b/csharp/ql/examples/void_return_type.ql new file mode 100644 index 00000000000..e3fd315cb20 --- /dev/null +++ b/csharp/ql/examples/void_return_type.ql @@ -0,0 +1,15 @@ +/** + * @name Methods without return type + * @description Finds methods whose return type is 'void'. + * @tags method + * void + * modifier + * return + * type + */ + +import csharp + +from Method m +where m.getReturnType() instanceof VoidType +select m diff --git a/csharp/ql/examples/volatile_field.ql b/csharp/ql/examples/volatile_field.ql new file mode 100644 index 00000000000..500b2bab03b --- /dev/null +++ b/csharp/ql/examples/volatile_field.ql @@ -0,0 +1,13 @@ +/** + * @name Fields declared volatile + * @description Finds fields with a 'volatile' modifier. + * @tags field + * volatile + * synchronization + */ + +import csharp + +from Field f +where f.isVolatile() +select f diff --git a/java/ql/examples/arrayaccess.ql b/java/ql/examples/arrayaccess.ql new file mode 100644 index 00000000000..d57676ce810 --- /dev/null +++ b/java/ql/examples/arrayaccess.ql @@ -0,0 +1,16 @@ +/** + * @name Array access + * @description Finds array access expressions with an index expression + * consisting of a unary assignment + * @tags array + * access + * index + * unary + * assignment + */ + +import java + +from ArrayAccess a +where a.getIndexExpr() instanceof UnaryAssignExpr +select a diff --git a/java/ql/examples/castexpr.ql b/java/ql/examples/castexpr.ql new file mode 100644 index 00000000000..fa25817367a --- /dev/null +++ b/java/ql/examples/castexpr.ql @@ -0,0 +1,15 @@ +/** + * @name Cast expressions + * @description Finds casts from a floating point type to an integer type + * @tags cast + * integer + * float + * type + */ + +import java + +from CastExpr c +where c.getExpr().getType() instanceof FloatingPointType + and c.getType() instanceof IntegralType +select c diff --git a/java/ql/examples/catch_exception.ql b/java/ql/examples/catch_exception.ql new file mode 100644 index 00000000000..475feef81b8 --- /dev/null +++ b/java/ql/examples/catch_exception.ql @@ -0,0 +1,13 @@ +/** + * @name Catch exception + * @description Finds places where we catch exceptions of type com.example.AnException + * @tags catch + * try + * exception + */ + +import java + +from CatchClause catch +where catch.getACaughtType().hasQualifiedName("com.example", "AnException") +select catch diff --git a/java/ql/examples/constructor_call.ql b/java/ql/examples/constructor_call.ql new file mode 100644 index 00000000000..bdcd812f708 --- /dev/null +++ b/java/ql/examples/constructor_call.ql @@ -0,0 +1,13 @@ +/** + * @name Call to constructor + * @description Finds places where we call `new com.example.Class(...)` + * @tags call + * constructor + * new + */ + +import java + +from ClassInstanceExpr new +where new.getConstructedType().hasQualifiedName("com.example", "Class") +select new diff --git a/java/ql/examples/emptyblock.ql b/java/ql/examples/emptyblock.ql new file mode 100644 index 00000000000..245fcfb06f3 --- /dev/null +++ b/java/ql/examples/emptyblock.ql @@ -0,0 +1,13 @@ +/** + * @name Empty blocks + * @description Finds empty block statements + * @tags empty + * block + * statement + */ + +import java + +from Block blk +where blk.getNumStmt() = 0 +select blk diff --git a/java/ql/examples/emptythen.ql b/java/ql/examples/emptythen.ql new file mode 100644 index 00000000000..6bc640fe82c --- /dev/null +++ b/java/ql/examples/emptythen.ql @@ -0,0 +1,16 @@ +/** + * @name If statements with empty then branch + * @description Finds 'if' statements where the 'then' branch is + * an empty block statement + * @tags if + * then + * empty + * conditional + * branch + */ + +import java + +from IfStmt i +where i.getThen().(Block).getNumStmt() = 0 +select i diff --git a/java/ql/examples/eq_true.ql b/java/ql/examples/eq_true.ql new file mode 100644 index 00000000000..bc53b02c2c9 --- /dev/null +++ b/java/ql/examples/eq_true.ql @@ -0,0 +1,13 @@ +/** + * @name Equality test on boolean + * @description Finds tests like `==true`, `==false`, `!=true`, `!=false` + * @tags equals + * test + * boolean + */ + +import java + +from EqualityTest eq +where eq.getAnOperand() instanceof BooleanLiteral +select eq diff --git a/java/ql/examples/extend_class.ql b/java/ql/examples/extend_class.ql new file mode 100644 index 00000000000..dfccb646974 --- /dev/null +++ b/java/ql/examples/extend_class.ql @@ -0,0 +1,16 @@ +/** + * @name Class extends/implements + * @description Finds classes/interfaces that extend/implement com.example.Class + * @tags class + * extends + * implements + * overrides + * subtype + * supertype + */ + +import java + +from RefType type +where type.getASupertype+().hasQualifiedName("com.example", "Class") +select type diff --git a/java/ql/examples/field_read.ql b/java/ql/examples/field_read.ql new file mode 100644 index 00000000000..56522e6e07f --- /dev/null +++ b/java/ql/examples/field_read.ql @@ -0,0 +1,14 @@ +/** + * @name Read of field + * @description Finds reads of aField (defined on com.example.Class) + * @tags field + * read + */ + +import java + +from Field f, FieldRead read +where f.hasName("aField") + and f.getDeclaringType().hasQualifiedName("com.example", "Class") + and f = read.getField() +select read diff --git a/java/ql/examples/integer_literal.ql b/java/ql/examples/integer_literal.ql new file mode 100644 index 00000000000..1e2bbdb43df --- /dev/null +++ b/java/ql/examples/integer_literal.ql @@ -0,0 +1,12 @@ +/** + * @name Integer literal + * @description Finds places where we use the integer literal `0` + * @tags integer + * literal + */ + +import java + +from IntegerLiteral literal +where literal.getLiteral().toInt() = 0 +select literal diff --git a/java/ql/examples/method_call.ql b/java/ql/examples/method_call.ql new file mode 100644 index 00000000000..bf2f27481da --- /dev/null +++ b/java/ql/examples/method_call.ql @@ -0,0 +1,14 @@ +/** + * @name Call to method + * @description Finds calls to com.example.Class.methodName + * @tags call + * method + */ + +import java + +from MethodAccess call, Method method +where call.getMethod() = method + and method.hasName("methodName") + and method.getDeclaringType().hasQualifiedName("com.example", "Class") +select call diff --git a/java/ql/examples/mutualrecursion.ql b/java/ql/examples/mutualrecursion.ql new file mode 100644 index 00000000000..16acd73805d --- /dev/null +++ b/java/ql/examples/mutualrecursion.ql @@ -0,0 +1,14 @@ +/** + * @name Mutual recursion + * @description Finds pairs of methods that call each other + * @tags method + * recursion + */ + +import java + +from Method m, Method n +where exists(MethodAccess ma | ma.getCaller() = m and ma.getCallee() = n) + and exists(MethodAccess ma | ma.getCaller() = n and ma.getCallee() = m) + and m != n +select m, n diff --git a/java/ql/examples/nativemethod.ql b/java/ql/examples/nativemethod.ql new file mode 100644 index 00000000000..cb7ff5feac3 --- /dev/null +++ b/java/ql/examples/nativemethod.ql @@ -0,0 +1,13 @@ +/** + * @name Native methods + * @description Finds methods that are native + * @tags method + * native + * modifier + */ + +import java + +from Method m +where m.isNative() +select m diff --git a/java/ql/examples/null_argument.ql b/java/ql/examples/null_argument.ql new file mode 100644 index 00000000000..210598938ab --- /dev/null +++ b/java/ql/examples/null_argument.ql @@ -0,0 +1,18 @@ +/** + * @name Add null to collection + * @description Finds places where we add null to a collection + * @tags null + * parameter + * argument + * collection + * add + */ + +import java + +from MethodAccess call, Method add +where call.getMethod().overrides*(add) + and add.hasName("add") + and add.getDeclaringType().getSourceDeclaration().hasQualifiedName("java.util", "Collection") + and call.getAnArgument() instanceof NullLiteral +select call diff --git a/java/ql/examples/override_method.ql b/java/ql/examples/override_method.ql new file mode 100644 index 00000000000..563bafdd54e --- /dev/null +++ b/java/ql/examples/override_method.ql @@ -0,0 +1,14 @@ +/** + * @name Override of method + * @description Finds methods that override com.example.Class.baseMethod + * @tags method + * override + */ + +import java + +from Method override, Method base +where base.hasName("baseMethod") + and base.getDeclaringType().hasQualifiedName("com.example", "Class") + and override.overrides+(base) +select override diff --git a/java/ql/examples/qualifiedthis.ql b/java/ql/examples/qualifiedthis.ql new file mode 100644 index 00000000000..35cdb5d1c7a --- /dev/null +++ b/java/ql/examples/qualifiedthis.ql @@ -0,0 +1,13 @@ +/** + * @name Qualified 'this' access + * @description Finds 'this' accesses that are qualified by a type name + * @tags this + * access + * qualifier + */ + +import java + +from ThisAccess t +where exists(t.getQualifier()) +select t diff --git a/java/ql/examples/queries.xml b/java/ql/examples/queries.xml new file mode 100644 index 00000000000..0d33187fe86 --- /dev/null +++ b/java/ql/examples/queries.xml @@ -0,0 +1 @@ + diff --git a/java/ql/examples/returnstatement.ql b/java/ql/examples/returnstatement.ql new file mode 100644 index 00000000000..8ace7e72931 --- /dev/null +++ b/java/ql/examples/returnstatement.ql @@ -0,0 +1,13 @@ +/** + * @name Return statements + * @description Finds return statements that return 'null' + * @tags return + * statement + * null + */ + +import java + +from ReturnStmt r +where r.getResult() instanceof NullLiteral +select r diff --git a/java/ql/examples/singletonblock.ql b/java/ql/examples/singletonblock.ql new file mode 100644 index 00000000000..4937c004987 --- /dev/null +++ b/java/ql/examples/singletonblock.ql @@ -0,0 +1,12 @@ +/** + * @name Singleton blocks + * @description Finds block statements containing a single statement + * @tags block + * statement + */ + +import java + +from Block b +where b.getNumStmt() = 1 +select b diff --git a/java/ql/examples/switchcase.ql b/java/ql/examples/switchcase.ql new file mode 100644 index 00000000000..b54f0d2f27a --- /dev/null +++ b/java/ql/examples/switchcase.ql @@ -0,0 +1,16 @@ +/** + * @name Switch statement case missing + * @description Finds switch statements with a missing enum constant case and no default case + * @tags switch + * case + * enum + */ + +import java + +from SwitchStmt switch, EnumType enum, EnumConstant missing +where switch.getExpr().getType() = enum + and missing.getDeclaringType() = enum + and not switch.getAConstCase().getValue() = missing.getAnAccess() + and not exists(switch.getDefaultCase()) +select switch diff --git a/java/ql/examples/synchronizedmethod.ql b/java/ql/examples/synchronizedmethod.ql new file mode 100644 index 00000000000..ced4481306d --- /dev/null +++ b/java/ql/examples/synchronizedmethod.ql @@ -0,0 +1,13 @@ +/** + * @name Synchronized methods + * @description Finds methods that are synchronized + * @tags method + * synchronized + * modifier + */ + +import java + +from Method m +where m.isSynchronized() +select m diff --git a/java/ql/examples/ternaryconditional.ql b/java/ql/examples/ternaryconditional.ql new file mode 100644 index 00000000000..8033c3f61e8 --- /dev/null +++ b/java/ql/examples/ternaryconditional.ql @@ -0,0 +1,15 @@ +/** + * @name Conditional expressions + * @description Finds conditional expressions of the form '... ? ... : ...' + * where the types of the resulting expressions differ + * @tags conditional + * type + */ + +import java + +from ConditionalExpr e +where e.getTrueExpr().getType() != e.getFalseExpr().getType() + and not e.getTrueExpr().getType() instanceof NullType + and not e.getFalseExpr().getType() instanceof NullType +select e diff --git a/java/ql/examples/throw_exception.ql b/java/ql/examples/throw_exception.ql new file mode 100644 index 00000000000..657cde6c7b6 --- /dev/null +++ b/java/ql/examples/throw_exception.ql @@ -0,0 +1,12 @@ +/** + * @name Throw exception of type + * @description Finds places where we throw com.example.AnException or one of its subtypes + * @tags throw + * exception + */ + +import java + +from ThrowStmt throw +where throw.getThrownExceptionType().getASupertype*().hasQualifiedName("com.example", "AnException") +select throw, "Don't throw com.example.AnException" diff --git a/java/ql/examples/todocomment.ql b/java/ql/examples/todocomment.ql new file mode 100644 index 00000000000..dc56b3d2223 --- /dev/null +++ b/java/ql/examples/todocomment.ql @@ -0,0 +1,12 @@ +/** + * @name TODO comments + * @description Finds comments containing the word "TODO" + * @tags comment + * TODO + */ + +import java + +from JavadocText c +where c.getText().regexpMatch("(?si).*\\bTODO\\b.*") +select c diff --git a/java/ql/examples/toomanyparams.ql b/java/ql/examples/toomanyparams.ql new file mode 100644 index 00000000000..7637c8767a1 --- /dev/null +++ b/java/ql/examples/toomanyparams.ql @@ -0,0 +1,13 @@ +/** + * @name Methods with many parameters + * @description Finds methods with more than ten parameters + * @tags method + * parameter + * argument + */ + +import java + +from Method m +where m.getNumberOfParameters() > 10 +select m diff --git a/java/ql/examples/tryfinally.ql b/java/ql/examples/tryfinally.ql new file mode 100644 index 00000000000..43daea48d00 --- /dev/null +++ b/java/ql/examples/tryfinally.ql @@ -0,0 +1,15 @@ +/** + * @name Try-finally statements + * @description Finds try-finally statements without a catch clause + * @tags try + * finally + * catch + * exceptions + */ + +import java + +from TryStmt t +where exists(t.getFinally()) + and not exists(t.getACatchClause()) +select t diff --git a/java/ql/examples/unusedlocalvar.ql b/java/ql/examples/unusedlocalvar.ql new file mode 100644 index 00000000000..2463ea0f7ed --- /dev/null +++ b/java/ql/examples/unusedlocalvar.ql @@ -0,0 +1,13 @@ +/** + * @name Unused local variable + * @description Finds local variables that are not accessed + * @tags variable + * local + * access + */ + +import java + +from LocalVariableDecl v +where not exists(v.getAnAccess()) +select v diff --git a/java/ql/examples/unusedmethod.ql b/java/ql/examples/unusedmethod.ql new file mode 100644 index 00000000000..f626617f7fc --- /dev/null +++ b/java/ql/examples/unusedmethod.ql @@ -0,0 +1,15 @@ +/** + * @name Unused private method + * @description Finds private methods that are not accessed + * @tags method + * access + * private + */ + +import java + +from Method m +where m.isPrivate() + and not exists(m.getAReference()) + and not m instanceof InitializerMethod +select m diff --git a/java/ql/examples/unusedparam.ql b/java/ql/examples/unusedparam.ql new file mode 100644 index 00000000000..73a47e1d17e --- /dev/null +++ b/java/ql/examples/unusedparam.ql @@ -0,0 +1,12 @@ +/** + * @name Unused parameter + * @description Finds parameters that are not accessed + * @tags parameter + * access + */ + +import java + +from Parameter p +where not exists(p.getAnAccess()) +select p diff --git a/java/ql/examples/voidreturntype.ql b/java/ql/examples/voidreturntype.ql new file mode 100644 index 00000000000..962379d6197 --- /dev/null +++ b/java/ql/examples/voidreturntype.ql @@ -0,0 +1,15 @@ +/** + * @name Methods without return type + * @description Finds methods whose return type is 'void' + * @tags method + * void + * modifier + * return + * type + */ + +import java + +from Method m +where m.getReturnType() instanceof VoidType +select m diff --git a/java/ql/examples/volatilefield.ql b/java/ql/examples/volatilefield.ql new file mode 100644 index 00000000000..0550940a843 --- /dev/null +++ b/java/ql/examples/volatilefield.ql @@ -0,0 +1,13 @@ +/** + * @name Fields declared volatile + * @description Finds fields with a 'volatile' modifier + * @tags field + * volatile + * synchronization + */ + +import java + +from Field f +where f.isVolatile() +select f diff --git a/javascript/ql/examples/argumentsparam.ql b/javascript/ql/examples/argumentsparam.ql new file mode 100644 index 00000000000..f98754be5a7 --- /dev/null +++ b/javascript/ql/examples/argumentsparam.ql @@ -0,0 +1,12 @@ +/** + * @name Parameters called 'arguments' + * @description Finds parameters called 'arguments' + * @tags parameter + * arguments + */ + +import javascript + +from SimpleParameter p +where p.getName() = "arguments" +select p diff --git a/javascript/ql/examples/call.ql b/javascript/ql/examples/call.ql new file mode 100644 index 00000000000..a48f0affab0 --- /dev/null +++ b/javascript/ql/examples/call.ql @@ -0,0 +1,13 @@ +/** + * @name Calls to function + * @description Finds function calls of the form `eval(...)` + * @tags call + * function + * eval + */ + +import javascript + +from CallExpr c +where c.getCalleeName() = "eval" +select c diff --git a/javascript/ql/examples/callback.ql b/javascript/ql/examples/callback.ql new file mode 100644 index 00000000000..f50db610a07 --- /dev/null +++ b/javascript/ql/examples/callback.ql @@ -0,0 +1,13 @@ +/** + * @name Callbacks + * @description Finds functions that are passed as arguments to other functions + * @tags function + * callback + * higher-order + */ + +import javascript + +from InvokeExpr invk, DataFlow::FunctionNode f +where f.flowsToExpr(invk.getAnArgument()) +select invk, f diff --git a/javascript/ql/examples/classdefltctor.ql b/javascript/ql/examples/classdefltctor.ql new file mode 100644 index 00000000000..60ece8462ff --- /dev/null +++ b/javascript/ql/examples/classdefltctor.ql @@ -0,0 +1,15 @@ +/** + * @name Classes with a default constructor + * @description Finds classes that do not declare an explicit constructor + * @tags class + * constructor + * default constructor + * ECMAScript 6 + * ECMAScript 2015 + */ + +import javascript + +from ClassDefinition c +where c.getConstructor().isSynthetic() +select c \ No newline at end of file diff --git a/javascript/ql/examples/classname.ql b/javascript/ql/examples/classname.ql new file mode 100644 index 00000000000..e167e942279 --- /dev/null +++ b/javascript/ql/examples/classname.ql @@ -0,0 +1,14 @@ +/** + * @name Classes called 'File' + * @description Finds classes called 'File' + * @tags class + * name + * ECMAScript 6 + * ECMAScript 2015 + */ + +import javascript + +from ClassDefinition cd +where cd.getName() = "File" +select cd \ No newline at end of file diff --git a/javascript/ql/examples/constantbrackets.ql b/javascript/ql/examples/constantbrackets.ql new file mode 100644 index 00000000000..6932ce0e063 --- /dev/null +++ b/javascript/ql/examples/constantbrackets.ql @@ -0,0 +1,16 @@ +/** + * @name Constant property name in `[]` property access + * @description Finds property accesses using the square bracket notation + * where the property name is a constant string + * @tags property access + * computed + * brackets + * index + * constant + */ + +import javascript + +from IndexExpr idx +where idx.getIndex() instanceof StringLiteral +select idx diff --git a/javascript/ql/examples/dataflow/BackendIdor/BackendIdor.ql b/javascript/ql/examples/dataflow/BackendIdor/BackendIdor.ql new file mode 100644 index 00000000000..870987445a9 --- /dev/null +++ b/javascript/ql/examples/dataflow/BackendIdor/BackendIdor.ql @@ -0,0 +1,48 @@ +/** + * @name IDOR through request to backend service + * @description Finds cases where the 'userId' field in a request to another service + * is an arbitrary user-controlled value, indicating lack of authentication. + * @kind path-problem + * @tags security + * @id js/cookbook/backend-idor + */ + +import javascript::DataFlow +import DataFlow::PathGraph + +/** + * Tracks user-controlled values into a 'userId' property sent to a backend service. + */ +class IdorTaint extends TaintTracking::Configuration { + IdorTaint() { this = "IdorTaint" } + + override predicate isSource(Node node) { node instanceof RemoteFlowSource } + + override predicate isSink(Node node) { exists(ClientRequest req | node = req.getADataNode()) } + + override predicate isAdditionalTaintStep(Node pred, Node succ) { + // Step from x -> { userId: x } + succ.(SourceNode).getAPropertyWrite("userId").getRhs() = pred + } + + override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode node) { + // After a check like `if (userId === session.user.id)`, the userId is considered safe. + node instanceof EqualityGuard + } +} + +/** + * Sanitize values that have succesfully been compared to another value. + */ +class EqualityGuard extends TaintTracking::SanitizerGuardNode, ValueNode { + override EqualityTest astNode; + + override predicate sanitizes(boolean outcome, Expr e) { + e = astNode.getAnOperand() and + outcome = astNode.getPolarity() + } +} + +from IdorTaint cfg, PathNode source, PathNode sink +where cfg.hasFlowPath(source, sink) +select sink.getNode(), source, sink, "Unauthenticated user ID from $@.", source.getNode(), "here" diff --git a/javascript/ql/examples/dataflow/DecodingAfterSanitization/DecodingAfterSanitization.ql b/javascript/ql/examples/dataflow/DecodingAfterSanitization/DecodingAfterSanitization.ql new file mode 100644 index 00000000000..a79b0fd7cad --- /dev/null +++ b/javascript/ql/examples/dataflow/DecodingAfterSanitization/DecodingAfterSanitization.ql @@ -0,0 +1,29 @@ +/** + * @name Decoding after sanitization + * @description Tracks the return value of 'escapeHtml' into 'decodeURI', indicating + an ineffective sanitization attempt. + * @kind path-problem + * @tags security + * @id js/cookbook/decoding-after-sanitization + */ + +import javascript::DataFlow +import DataFlow::PathGraph + +class DecodingAfterSanitization extends TaintTracking::Configuration { + DecodingAfterSanitization() { this = "DecodingAfterSanitization" } + + override predicate isSource(Node node) { node.(CallNode).getCalleeName() = "escapeHtml" } + + override predicate isSink(Node node) { + exists(CallNode call | + call.getCalleeName().matches("decodeURI%") and + node = call.getArgument(0) + ) + } +} + +from DecodingAfterSanitization cfg, PathNode source, PathNode sink +where cfg.hasFlowPath(source, sink) +select sink.getNode(), source, sink, "URI decoding invalidates the HTML sanitization performed $@.", + source.getNode(), "here" diff --git a/javascript/ql/examples/dataflow/DecodingAfterSanitization/DecodingAfterSanitizationGeneralized.ql b/javascript/ql/examples/dataflow/DecodingAfterSanitization/DecodingAfterSanitizationGeneralized.ql new file mode 100644 index 00000000000..d8b7ca6dbbb --- /dev/null +++ b/javascript/ql/examples/dataflow/DecodingAfterSanitization/DecodingAfterSanitizationGeneralized.ql @@ -0,0 +1,51 @@ +/** + * @name Decoding after sanitization (generalized) + * @description Tracks the return value of an HTML sanitizer into an escape-sequence decoder, + indicating an ineffective sanitization attempt. + * @kind path-problem + * @tags security + * @id js/cookbook/decoding-after-sanitization-generalized + */ + +import javascript::DataFlow +import DataFlow::PathGraph + +/** + * A call to a function that may introduce HTML meta-characters by + * replacing `%3C` or `\u003C` with `<`. + */ +class DecodingCall extends CallNode { + string kind; + + Node input; + + DecodingCall() { + getCalleeName().matches("decodeURI%") and + input = getArgument(0) and + kind = "URI decoding" + or + input = this.(JsonParserCall).getInput() and + kind = "JSON parsing" + } + + /** Gets the decoder kind, to be used in the alert message. */ + string getKind() { result = kind } + + /** Gets the input being decoded. */ + Node getInput() { result = input } +} + +class DecodingAfterSanitization extends TaintTracking::Configuration { + DecodingAfterSanitization() { this = "DecodingAfterSanitization" } + + override predicate isSource(Node node) { node instanceof HtmlSanitizerCall } + + override predicate isSink(Node node) { node = any(DecodingCall c).getInput() } +} + +from DecodingAfterSanitization cfg, PathNode source, PathNode sink, DecodingCall decoder +where + cfg.hasFlowPath(source, sink) and + decoder.getInput() = sink.getNode() +select sink.getNode(), source, sink, + decoder.getKind() + " invalidates the HTML sanitization performed $@.", source.getNode(), "here" diff --git a/javascript/ql/examples/dataflow/EvalTaint/EvalTaint.ql b/javascript/ql/examples/dataflow/EvalTaint/EvalTaint.ql new file mode 100644 index 00000000000..d0684549d62 --- /dev/null +++ b/javascript/ql/examples/dataflow/EvalTaint/EvalTaint.ql @@ -0,0 +1,21 @@ +/** + * @name Taint-tracking to 'eval' calls + * @description Tracks user-controlled values into 'eval' calls (special case of js/code-injection). + * @kind problem + * @tags security + * @id js/cookbook/eval-taint + */ + +import javascript::DataFlow + +class EvalTaint extends TaintTracking::Configuration { + EvalTaint() { this = "EvalTaint" } + + override predicate isSource(Node node) { node instanceof RemoteFlowSource } + + override predicate isSink(Node node) { node = globalVarRef("eval").getACall().getArgument(0) } +} + +from EvalTaint cfg, Node source, Node sink +where cfg.hasFlow(source, sink) +select sink, "Eval with user-controlled input from $@.", source, "here" diff --git a/javascript/ql/examples/dataflow/EvalTaint/EvalTaintPath.ql b/javascript/ql/examples/dataflow/EvalTaint/EvalTaintPath.ql new file mode 100644 index 00000000000..0a9d4e39cc3 --- /dev/null +++ b/javascript/ql/examples/dataflow/EvalTaint/EvalTaintPath.ql @@ -0,0 +1,24 @@ +/** + * @name Taint-tracking to 'eval' calls (with path visualization) + * @description Tracks user-controlled values into 'eval' calls (special case of js/code-injection), + * and generates a visualizable path from the source to the sink. + * @kind path-problem + * @tags security + * @id js/cookbook/eval-taint-path + */ + +import javascript::DataFlow +import DataFlow::PathGraph + +class EvalTaint extends TaintTracking::Configuration { + EvalTaint() { this = "EvalTaint" } + + override predicate isSource(Node node) { node instanceof RemoteFlowSource } + + override predicate isSink(Node node) { node = globalVarRef("eval").getACall().getArgument(0) } +} + +from EvalTaint cfg, PathNode source, PathNode sink +where cfg.hasFlowPath(source, sink) +select sink.getNode(), source, sink, "Eval with user-controlled input from $@.", source.getNode(), + "here" diff --git a/javascript/ql/examples/dataflow/InformationDisclosure/InformationDisclosure.ql b/javascript/ql/examples/dataflow/InformationDisclosure/InformationDisclosure.ql new file mode 100644 index 00000000000..98dbc6cf363 --- /dev/null +++ b/javascript/ql/examples/dataflow/InformationDisclosure/InformationDisclosure.ql @@ -0,0 +1,55 @@ +/** + * @name Information disclosure through postMessage + * @description Tracks values from an 'authKey' property into a postMessage call with unrestricted origin, + indicating a leak of sensitive information. + * @kind path-problem + * @tags security + * @id js/cookbook/information-disclosure + */ + +import javascript::DataFlow +import DataFlow::PathGraph + +/** + * Tracks authentication tokens ("authKey") to a postMessage call with unrestricted target origin. + * + * For example: + * ``` + * win.postMessage(JSON.stringify({ + * action: 'pause', + * auth: { + * key: window.state.authKey + * } + * }), '*'); + * ``` + */ +class AuthKeyTracking extends DataFlow::Configuration { + AuthKeyTracking() { this = "AuthKeyTracking" } + + override predicate isSource(Node node) { node.(PropRead).getPropertyName() = "authKey" } + + override predicate isSink(Node node) { + exists(MethodCallNode call | + call.getMethodName() = "postMessage" and + call.getArgument(1).getStringValue() = "*" and // no restriction on target origin + call.getArgument(0) = node + ) + } + + override predicate isAdditionalFlowStep(Node pred, Node succ) { + // Step into objects: x -> { f: x } + succ.(SourceNode).getAPropertyWrite().getRhs() = pred + or + // Step through JSON serialization: x -> JSON.stringify(x) + // Note: TaintTracking::Configuration includes this step by default, but not DataFlow::Configuration + exists(CallNode call | + call = globalVarRef("JSON").getAMethodCall("stringify") and + pred = call.getArgument(0) and + succ = call + ) + } +} + +from AuthKeyTracking cfg, PathNode source, PathNode sink +where cfg.hasFlowPath(source, sink) +select sink.getNode(), source, sink, "Message leaks the authKey from $@.", source.getNode(), "here" diff --git a/javascript/ql/examples/dataflow/StoredXss/StoredXss.ql b/javascript/ql/examples/dataflow/StoredXss/StoredXss.ql new file mode 100644 index 00000000000..45ea1525014 --- /dev/null +++ b/javascript/ql/examples/dataflow/StoredXss/StoredXss.ql @@ -0,0 +1,34 @@ +/** + * @name Extension of standard query: Stored XSS + * @description Extends the standard Stored XSS query with an additional source. + * @kind path-problem + * @tags security + * @id js/cookbook/stored-xss + */ + +import javascript::DataFlow +import semmle.javascript.security.dataflow.StoredXss +import DataFlow::PathGraph + +/** + * Data returned from a MySQL query, such as the `data` parameter in this example: + * ``` + * let mysql = require('mysql'); + * let connection = mysql.createConnection(); + * + * connection.query(..., (e, data) => { ... }); + * ``` + */ +class MysqlSource extends StoredXss::Source { + MysqlSource() { + this = moduleImport("mysql") + .getAMemberCall("createConnection") + .getAMethodCall("query") + .getCallback(1) + .getParameter(1) + } +} + +from StoredXss::Configuration cfg, PathNode source, PathNode sink +where cfg.hasFlowPath(source, sink) +select sink.getNode(), source, sink, "Stored XSS from $@.", source.getNode(), "database value." diff --git a/javascript/ql/examples/dataflow/StoredXss/StoredXssTrackedNode.ql b/javascript/ql/examples/dataflow/StoredXss/StoredXssTrackedNode.ql new file mode 100644 index 00000000000..f37b26fbf5f --- /dev/null +++ b/javascript/ql/examples/dataflow/StoredXss/StoredXssTrackedNode.ql @@ -0,0 +1,49 @@ +/** + * @name Extension of standard query: Stored XSS (with TrackedNode) + * @description Extends the standard Stored XSS query with an additional source, + * using TrackedNode to track MySQL connections globally. + * @kind path-problem + * @tags security + * @id js/cookbook/stored-xss-trackednode + */ + +import javascript::DataFlow +import semmle.javascript.security.dataflow.StoredXss +import DataFlow::PathGraph + +/** + * An instance of `mysql.createConnection()`, tracked globally. + */ +class MysqlConnection extends TrackedNode { + MysqlConnection() { this = moduleImport("mysql").getAMemberCall("createConnection") } + + /** + * Gets a call to the `query` method on this connection object. + */ + MethodCallNode getAQueryCall() { + this.flowsTo(result.getReceiver()) and + result.getMethodName() = "query" + } +} + +/** + * Data returned from a MySQL query. + * + * For example: + * ``` + * let mysql = require('mysql'); + * + * getData(mysql.createConnection()); + * + * function getData(c) { + * c.query(..., (e, data) => { ... }); + * } + * ``` + */ +class MysqlSource extends StoredXss::Source { + MysqlSource() { this = any(MysqlConnection con).getAQueryCall().getCallback(1).getParameter(1) } +} + +from StoredXss::Configuration cfg, PathNode source, PathNode sink +where cfg.hasFlowPath(source, sink) +select sink.getNode(), source, sink, "Stored XSS from $@.", source.getNode(), "database value." diff --git a/javascript/ql/examples/dataflow/TemplateInjection/TemplateInjection.ql b/javascript/ql/examples/dataflow/TemplateInjection/TemplateInjection.ql new file mode 100644 index 00000000000..fa76c477b07 --- /dev/null +++ b/javascript/ql/examples/dataflow/TemplateInjection/TemplateInjection.ql @@ -0,0 +1,39 @@ +/** + * @name Template injection + * @description Tracks user-controlled values to an unescaped lodash template placeholder. + * @kind path-problem + * @tags security + * @id js/cookbook/template-injection + */ + +import javascript::DataFlow +import DataFlow::PathGraph + +/** + * Gets the name of an unescaped placeholder in a lodash template. + * + * For example, the string `

<%= title %>

` contains the placeholder `title`. + */ +bindingset[s] +string getAPlaceholderInString(string s) { + result = s.regexpCapture(".*<%=\\s*([a-zA-Z0-9_]+)\\s*%>.*", 1) +} + +class TemplateInjection extends TaintTracking::Configuration { + TemplateInjection() { this = "TemplateInjection" } + + override predicate isSource(Node node) { node instanceof RemoteFlowSource } + + override predicate isSink(Node node) { + exists(CallNode call, string placeholder | + call = LodashUnderscore::member("template").getACall() and + placeholder = getAPlaceholderInString(call.getArgument(0).getStringValue()) and + node = call.getOptionArgument(1, placeholder) + ) + } +} + +from TemplateInjection cfg, PathNode source, PathNode sink +where cfg.hasFlowPath(source, sink) +select sink.getNode(), source, sink, + "User-controlled value from $@ occurs unescaped in a lodash template.", source.getNode(), "here." diff --git a/javascript/ql/examples/emptyblock.ql b/javascript/ql/examples/emptyblock.ql new file mode 100644 index 00000000000..3b5f4e0b337 --- /dev/null +++ b/javascript/ql/examples/emptyblock.ql @@ -0,0 +1,13 @@ +/** + * @name Empty blocks + * @description Finds empty block statements + * @tags empty + * block + * statement + */ + +import javascript + +from BlockStmt blk +where not exists(blk.getAStmt()) +select blk diff --git a/javascript/ql/examples/emptythen.ql b/javascript/ql/examples/emptythen.ql new file mode 100644 index 00000000000..cdc73adde95 --- /dev/null +++ b/javascript/ql/examples/emptythen.ql @@ -0,0 +1,16 @@ +/** + * @name If statements with empty then branch + * @description Finds 'if' statements where the 'then' branch is + * an empty block statement + * @tags if + * then + * empty + * conditional + * branch + */ + +import javascript + +from IfStmt i +where i.getThen().(BlockStmt).getNumStmt() = 0 +select i diff --git a/javascript/ql/examples/equalitystmt.ql b/javascript/ql/examples/equalitystmt.ql new file mode 100644 index 00000000000..d593e207df5 --- /dev/null +++ b/javascript/ql/examples/equalitystmt.ql @@ -0,0 +1,14 @@ +/** + * @name Equalities as expression statements + * @description Finds `==` equality expressions that form an expression statement + * @tags comparison + * equality + * non-strict + * expression statement + */ + +import javascript + +from ExprStmt e +where e.getExpr() instanceof EqExpr +select e diff --git a/javascript/ql/examples/evenness.ql b/javascript/ql/examples/evenness.ql new file mode 100644 index 00000000000..ae8eb13ad06 --- /dev/null +++ b/javascript/ql/examples/evenness.ql @@ -0,0 +1,15 @@ +/** + * @name Tests for even numbers + * @description Finds expressions of the form `e % 2 === 0` + * @tags arithmetic + * modulo + * comparison + * even + */ + +import javascript + +from StrictEqExpr eq, ModExpr mod, NumberLiteral zero, NumberLiteral two +where two.getValue() = "2" and mod.getRightOperand() = two and + zero.getValue() = "0" and eq.hasOperands(mod, two) +select eq diff --git a/javascript/ql/examples/exportfn.ql b/javascript/ql/examples/exportfn.ql new file mode 100644 index 00000000000..3a11d2948df --- /dev/null +++ b/javascript/ql/examples/exportfn.ql @@ -0,0 +1,15 @@ +/** + * @name Default exports exporting a function + * @description Finds 'default' exports that export a function + * @tags module + * export + * default export + * ECMAScript 6 + * ECMAScript 2015 + */ + +import javascript + +from ExportDefaultDeclaration e +where e.getOperand() instanceof Function +select e \ No newline at end of file diff --git a/javascript/ql/examples/filename.ql b/javascript/ql/examples/filename.ql new file mode 100644 index 00000000000..988f17ea017 --- /dev/null +++ b/javascript/ql/examples/filename.ql @@ -0,0 +1,11 @@ +/** + * @name File with given name + * @description Finds files called `index.js` + * @tags file + */ + +import javascript + +from File f +where f.getBaseName() = "index.js" +select f diff --git a/javascript/ql/examples/fnnoreturn.ql b/javascript/ql/examples/fnnoreturn.ql new file mode 100644 index 00000000000..19d170ef27c --- /dev/null +++ b/javascript/ql/examples/fnnoreturn.ql @@ -0,0 +1,13 @@ +/** + * @name Functions without return statements + * @description Finds functions that do not contain a return statement + * @tags function + * return + */ + +import javascript + +from Function f +where exists(f.getABodyStmt()) and + not exists (ReturnStmt r | r.getContainer() = f) +select f \ No newline at end of file diff --git a/javascript/ql/examples/generator.ql b/javascript/ql/examples/generator.ql new file mode 100644 index 00000000000..56f73942c7d --- /dev/null +++ b/javascript/ql/examples/generator.ql @@ -0,0 +1,14 @@ +/** + * @name Generator functions + * @description Finds generator functions + * @tags generator + * function + * ECMAScript 6 + * ECMAScript 2015 + */ + +import javascript + +from Function f +where f.isGenerator() +select f \ No newline at end of file diff --git a/javascript/ql/examples/iife.ql b/javascript/ql/examples/iife.ql new file mode 100644 index 00000000000..a321e47b12f --- /dev/null +++ b/javascript/ql/examples/iife.ql @@ -0,0 +1,13 @@ +/** + * @name Immediately invoked function expressions + * @description Finds calls of the form `(function(...) { ... })(...)` + * @tags call + * function + * immediately invoked + */ + +import javascript + +from CallExpr c +where c.getCallee().stripParens() instanceof FunctionExpr +select c diff --git a/javascript/ql/examples/importfrom.ql b/javascript/ql/examples/importfrom.ql new file mode 100644 index 00000000000..72ed470c523 --- /dev/null +++ b/javascript/ql/examples/importfrom.ql @@ -0,0 +1,14 @@ +/** + * @name Imports from 'react' + * @description Finds import statements that import from module 'react' + * @tags module + * import + * ECMAScript 6 + * ECMAScript 2015 + */ + +import javascript + +from ImportDeclaration id +where id.getImportedPath().getValue() = "react" +select id \ No newline at end of file diff --git a/javascript/ql/examples/jsxattribute.ql b/javascript/ql/examples/jsxattribute.ql new file mode 100644 index 00000000000..56c5dcd2554 --- /dev/null +++ b/javascript/ql/examples/jsxattribute.ql @@ -0,0 +1,12 @@ +/** + * @name JSX attributes + * @description Finds JSX attributes named `dangerouslySetInnerHTML` + * @tags JSX + * attribute + */ + +import javascript + +from JSXAttribute a +where a.getName() = "dangerouslySetInnerHTML" +select a diff --git a/javascript/ql/examples/methodcall.ql b/javascript/ql/examples/methodcall.ql new file mode 100644 index 00000000000..30f9efc02ac --- /dev/null +++ b/javascript/ql/examples/methodcall.ql @@ -0,0 +1,13 @@ +/** + * @name Method calls + * @description Finds calls of the form `this.isMounted(...)` + * @tags call + * method + */ + +import javascript + +from MethodCallExpr c +where c.getReceiver() instanceof ThisExpr and + c.getMethodName() = "isMounted" +select c diff --git a/javascript/ql/examples/namedfnexpr.ql b/javascript/ql/examples/namedfnexpr.ql new file mode 100644 index 00000000000..390d029cc35 --- /dev/null +++ b/javascript/ql/examples/namedfnexpr.ql @@ -0,0 +1,11 @@ +/** + * @name Named function expression + * @description Finds function expressions that have a name + * @tags function expression + */ + +import javascript + +from FunctionExpr fn +where exists(fn.getName()) +select fn \ No newline at end of file diff --git a/javascript/ql/examples/newexpr.ql b/javascript/ql/examples/newexpr.ql new file mode 100644 index 00000000000..4af457a2349 --- /dev/null +++ b/javascript/ql/examples/newexpr.ql @@ -0,0 +1,13 @@ +/** + * @name New expressions + * @description Finds new expressions of the form `new RegExp(...)` + * @tags new + * constructor + * instantiation + */ + +import javascript + +from NewExpr new +where new.getCalleeName() = "RegExp" +select new diff --git a/javascript/ql/examples/propaccess.ql b/javascript/ql/examples/propaccess.ql new file mode 100644 index 00000000000..2db9d1a62bf --- /dev/null +++ b/javascript/ql/examples/propaccess.ql @@ -0,0 +1,16 @@ +/** + * @name Property accesses + * @description Finds property accesses of the form `x.innerHTML` + * @tags property + * field + * access + * read + * write + * reference + */ + +import javascript + +from PropAccess p +where p.getPropertyName() = "innerHTML" +select p diff --git a/javascript/ql/examples/queries.xml b/javascript/ql/examples/queries.xml new file mode 100644 index 00000000000..d4346295164 --- /dev/null +++ b/javascript/ql/examples/queries.xml @@ -0,0 +1 @@ + diff --git a/javascript/ql/examples/rendermethod.ql b/javascript/ql/examples/rendermethod.ql new file mode 100644 index 00000000000..6968fbf2a2e --- /dev/null +++ b/javascript/ql/examples/rendermethod.ql @@ -0,0 +1,14 @@ +/** + * @name Methods named 'render' + * @description Finds methods named 'render' + * @tags class + * method + * ECMAScript 6 + * ECMAScript 2015 + */ + +import javascript + +from MethodDefinition m +where m.getName() = "render" +select m \ No newline at end of file diff --git a/javascript/ql/examples/singlequotestring.ql b/javascript/ql/examples/singlequotestring.ql new file mode 100644 index 00000000000..65932ac500f --- /dev/null +++ b/javascript/ql/examples/singlequotestring.ql @@ -0,0 +1,13 @@ +/** + * @name Single-quoted string literals + * @description Finds string literals using single quotes + * @tags string + * single quote + * quote + */ + +import javascript + +from StringLiteral s +where s.getRawValue().charAt(0) = "'" +select s diff --git a/javascript/ql/examples/singletonblock.ql b/javascript/ql/examples/singletonblock.ql new file mode 100644 index 00000000000..9ebd07fafd7 --- /dev/null +++ b/javascript/ql/examples/singletonblock.ql @@ -0,0 +1,12 @@ +/** + * @name Singleton blocks + * @description Finds block statements containing a single statement + * @tags block + * statement + */ + +import javascript + +from BlockStmt b +where b.getNumStmt() = 1 +select b diff --git a/javascript/ql/examples/taggedtemplates.ql b/javascript/ql/examples/taggedtemplates.ql new file mode 100644 index 00000000000..be10ecec3a7 --- /dev/null +++ b/javascript/ql/examples/taggedtemplates.ql @@ -0,0 +1,12 @@ +/** + * @name Tagged templates + * @description Finds tagged template expressions + * @tags template + * ECMAScript 6 + * ECMAScript 2015 + */ + +import javascript + +from TaggedTemplateExpr e +select e.getTag(), e.getTemplate() \ No newline at end of file diff --git a/javascript/ql/examples/todocomment.ql b/javascript/ql/examples/todocomment.ql new file mode 100644 index 00000000000..2373e1fc050 --- /dev/null +++ b/javascript/ql/examples/todocomment.ql @@ -0,0 +1,12 @@ +/** + * @name TODO comments + * @description Finds comments containing the word TODO + * @tags comment + * TODO + */ + +import javascript + +from Comment c +where c.getText().regexpMatch("(?si).*\\bTODO\\b.*") +select c diff --git a/javascript/ql/examples/toomanyparams.ql b/javascript/ql/examples/toomanyparams.ql new file mode 100644 index 00000000000..4cf3df1c936 --- /dev/null +++ b/javascript/ql/examples/toomanyparams.ql @@ -0,0 +1,13 @@ +/** + * @name Functions with many parameters + * @description Finds functions with more than ten parameters + * @tags function + * parameter + * argument + */ + +import javascript + +from Function f +where f.getNumParameter() > 10 +select f diff --git a/javascript/ql/examples/vardecl.ql b/javascript/ql/examples/vardecl.ql new file mode 100644 index 00000000000..3e603799e52 --- /dev/null +++ b/javascript/ql/examples/vardecl.ql @@ -0,0 +1,12 @@ +/** + * @name Declaration of variable + * @description Finds places where we declare a variable called `v` + * @tags variable + * declaration + */ + +import javascript + +from VarDecl d +where d.getVariable().getName() = "v" +select d diff --git a/javascript/ql/examples/varref.ql b/javascript/ql/examples/varref.ql new file mode 100644 index 00000000000..8ad911dd6af --- /dev/null +++ b/javascript/ql/examples/varref.ql @@ -0,0 +1,12 @@ +/** + * @name Reference to variable + * @description Finds places where we reference a variable called `undefined` + * @tags variable + * reference + */ + +import javascript + +from VarRef ref +where ref.getVariable().getName() = "undefined" +select ref diff --git a/javascript/ql/examples/yieldundefined.ql b/javascript/ql/examples/yieldundefined.ql new file mode 100644 index 00000000000..6b60959dd62 --- /dev/null +++ b/javascript/ql/examples/yieldundefined.ql @@ -0,0 +1,14 @@ +/** + * @name Empty yield + * @description Finds yield expressions without an operand + * @tags generator + * yield + * ECMAScript 6 + * ECMAScript 2015 + */ + +import javascript + +from YieldExpr yield +where not exists(yield.getOperand()) +select yield \ No newline at end of file diff --git a/python/ql/examples/backticks.ql b/python/ql/examples/backticks.ql new file mode 100644 index 00000000000..9b6e071bf30 --- /dev/null +++ b/python/ql/examples/backticks.ql @@ -0,0 +1,11 @@ +/** + * @name String conversion expressions + * @description Finds `String conversions` expressions (expressions enclosed in backticks), which are removed in Python 3 + * @tags backtick + * string conversion + */ + +import python + +from Repr r +select r diff --git a/python/ql/examples/builtin_object.ql b/python/ql/examples/builtin_object.ql new file mode 100644 index 00000000000..1452fd4bd7c --- /dev/null +++ b/python/ql/examples/builtin_object.ql @@ -0,0 +1,13 @@ +/** + * @name Builtin objects + * @description Finds expressions that refer to an object in the builtins module (like int or None). + * @tags reference + * builtin + * object + */ + +import python + +from Expr e +where e.refersTo(builtin_object(_)) +select e diff --git a/python/ql/examples/call.ql b/python/ql/examples/call.ql new file mode 100644 index 00000000000..2bff21506fc --- /dev/null +++ b/python/ql/examples/call.ql @@ -0,0 +1,12 @@ +/** + * @name Calls to function + * @description Finds calls to any function named "len" + * @tags call + * function + */ + +import python + +from FunctionObject len, CallNode call +where len.getName() = "len" and len.getACall() = call +select call diff --git a/python/ql/examples/catch_exception.ql b/python/ql/examples/catch_exception.ql new file mode 100644 index 00000000000..3f1fff5b972 --- /dev/null +++ b/python/ql/examples/catch_exception.ql @@ -0,0 +1,15 @@ +/** + * @name Handle exception of given class + * @description Finds places where we handle MyExceptionClass exceptions + * @tags catch + * try + * exception + */ + +import python + +from ExceptStmt ex, ClassObject cls +where + cls.getName() = "MyExceptionClass" and + ex.getType().refersTo(cls) +select ex diff --git a/python/ql/examples/conditional_expression.ql b/python/ql/examples/conditional_expression.ql new file mode 100644 index 00000000000..f9b72e58d7f --- /dev/null +++ b/python/ql/examples/conditional_expression.ql @@ -0,0 +1,16 @@ +/** + * @name Conditional expressions + * @description Finds conditional expressions of the form '... if ... else ...' + * where the classes of the sub-expressions differ + * @tags conditional + * expression + * ternary + */ + +import python + +from IfExp e, ClassObject cls1, ClassObject cls2 +where + e.getBody().refersTo(_, cls1, _) and e.getOrelse().refersTo(_, cls2, _) and + cls1 != cls2 +select e \ No newline at end of file diff --git a/python/ql/examples/elif.ql b/python/ql/examples/elif.ql new file mode 100644 index 00000000000..120c15307ac --- /dev/null +++ b/python/ql/examples/elif.ql @@ -0,0 +1,12 @@ +/** + * @name Elif statement + * @description Finds `elif` sub-statements within `if` statements + * @tags if + * else + */ + +import python + +from If i +where i.isElif() +select i diff --git a/python/ql/examples/emptyblock.ql b/python/ql/examples/emptyblock.ql new file mode 100644 index 00000000000..73248c54c99 --- /dev/null +++ b/python/ql/examples/emptyblock.ql @@ -0,0 +1,13 @@ +/** + * @name Empty blocks + * @description Finds the first statement in a block consisting of nothing but Pass statements + * @tags empty + * block + * statement + */ + +import python + +from StmtList blk +where not exists(Stmt s | not s instanceof Pass) +select blk.getItem(0) diff --git a/python/ql/examples/emptythen.ql b/python/ql/examples/emptythen.ql new file mode 100644 index 00000000000..c0f303005df --- /dev/null +++ b/python/ql/examples/emptythen.ql @@ -0,0 +1,20 @@ +/** + * @name If statements with empty then branch + * @description Finds 'if' statements where the "then" branch + * consists entirely of Pass statements + * @tags if + * then + * empty + * conditional + * branch + */ + +import python + +from If i +where + not exists(Stmt s | + i.getStmt(_) = s and + not s instanceof Pass + ) +select i diff --git a/python/ql/examples/eq_true.ql b/python/ql/examples/eq_true.ql new file mode 100644 index 00000000000..920e5b1635d --- /dev/null +++ b/python/ql/examples/eq_true.ql @@ -0,0 +1,13 @@ +/** + * @name Equality test on boolean + * @description Finds tests like `==true`, `==false`, `"!=true`, `is false` + * @tags equals + * test + * boolean + */ + +import python + +from Compare eq +where eq.getAComparator() instanceof BooleanLiteral +select eq diff --git a/python/ql/examples/equalitystmt.ql b/python/ql/examples/equalitystmt.ql new file mode 100644 index 00000000000..f246e031bba --- /dev/null +++ b/python/ql/examples/equalitystmt.ql @@ -0,0 +1,13 @@ +/** + * @name Equalities as expression statements + * @description Finds `==` equality expressions that form a statement + * @tags comparison + * equality + * expression statement + */ + +import python + +from ExprStmt e, Compare eq +where e.getValue() = eq and eq.getOp(0) instanceof Eq +select e diff --git a/python/ql/examples/extend_class.ql b/python/ql/examples/extend_class.ql new file mode 100644 index 00000000000..1290e24eb5b --- /dev/null +++ b/python/ql/examples/extend_class.ql @@ -0,0 +1,18 @@ +/** + * @name Class subclasses + * @description Finds classes that subclass MyClass + * @tags class + * extends + * implements + * overrides + * subtype + * supertype + */ + +import python + +from ClassObject sub, ClassObject base +where + base.getName() = "MyClass" and + sub.getABaseType() = base +select sub diff --git a/python/ql/examples/filename.ql b/python/ql/examples/filename.ql new file mode 100644 index 00000000000..87b3f6dbea3 --- /dev/null +++ b/python/ql/examples/filename.ql @@ -0,0 +1,11 @@ +/** + * @name File with given name + * @description Finds files called `spam.py` + * @tags file + */ + +import python + +from File f +where f.getName() = "spam.py" +select f diff --git a/python/ql/examples/generator.ql b/python/ql/examples/generator.ql new file mode 100644 index 00000000000..4f98a52e3a6 --- /dev/null +++ b/python/ql/examples/generator.ql @@ -0,0 +1,12 @@ +/** + * @name Generator functions + * @description Finds generator functions + * @tags generator + * function + */ + +import python + +from Function f +where f.isGenerator() +select f \ No newline at end of file diff --git a/python/ql/examples/integer_literal.ql b/python/ql/examples/integer_literal.ql new file mode 100644 index 00000000000..2bda0d1a7d1 --- /dev/null +++ b/python/ql/examples/integer_literal.ql @@ -0,0 +1,12 @@ +/** + * @name Integer literal + * @description Finds places where we use the integer literal `0` + * @tags integer + * literal + */ + +import python + +from IntegerLiteral literal +where literal.getValue() = 0 +select literal diff --git a/python/ql/examples/method_call.ql b/python/ql/examples/method_call.ql new file mode 100644 index 00000000000..1418c3afb0d --- /dev/null +++ b/python/ql/examples/method_call.ql @@ -0,0 +1,14 @@ +/** + * @name Call to method + * @description Finds calls to MyClass.methodName + * @tags call + * method + */ + +import python + +from AstNode call, FunctionObject method +where + method.getQualifiedName() = "MyClass.methodName" and + method.getACall().getNode() = call +select call diff --git a/python/ql/examples/mutualrecursion.ql b/python/ql/examples/mutualrecursion.ql new file mode 100644 index 00000000000..0f16ef37889 --- /dev/null +++ b/python/ql/examples/mutualrecursion.ql @@ -0,0 +1,12 @@ +/** + * @name Mutual recursion + * @description Finds pairs of functions that call each other + * @tags method + * recursion + */ + +import python + +from FunctionObject m, FunctionObject n +where m != n and m.getACallee() = n and n.getACallee() = m +select m, n diff --git a/python/ql/examples/new_instance.ql b/python/ql/examples/new_instance.ql new file mode 100644 index 00000000000..47323b9e903 --- /dev/null +++ b/python/ql/examples/new_instance.ql @@ -0,0 +1,15 @@ +/** + * @name Create new object + * @description Finds places where we create a new instanceof `MyClass` + * @tags call + * constructor + * new + */ + +import python + +from Call new, ClassObject cls +where + cls.getName() = "MyClass" and + new.getFunc().refersTo(cls) +select new diff --git a/python/ql/examples/override_method.ql b/python/ql/examples/override_method.ql new file mode 100644 index 00000000000..c9982be3077 --- /dev/null +++ b/python/ql/examples/override_method.ql @@ -0,0 +1,14 @@ +/** + * @name Override of method + * @description Finds methods that overide MyClass.methodName + * @tags method + * override + */ + +import python + +from FunctionObject override, FunctionObject base +where + base.getQualifiedName() = "MyClass.methodName" and + override.overrides(base) +select override diff --git a/python/ql/examples/print.ql b/python/ql/examples/print.ql new file mode 100644 index 00000000000..03b53dfd7dd --- /dev/null +++ b/python/ql/examples/print.ql @@ -0,0 +1,16 @@ +/** + * @name Find prints + * @description Find print statements or calls to the builtin function 'print' + * @tags print + */ + +import python + +from AstNode print +where + /* Python 2 without `from __future__ import print_function` */ + print instanceof Print + or + /* Python 3 or with `from __future__ import print_function` */ + print.(Call).getFunc().refersTo(thePrintFunction()) +select print diff --git a/python/ql/examples/private_access.ql b/python/ql/examples/private_access.ql new file mode 100644 index 00000000000..d902fa71d13 --- /dev/null +++ b/python/ql/examples/private_access.ql @@ -0,0 +1,18 @@ +/** + * @name Private access + * @description Find accesses to "private" attributes (those starting with an underscore) + * @tags access + * private + */ + +import python + +predicate is_private(Attribute a) { + a.getName().matches("\\_%") and + not a.getName().matches("\\_\\_%\\_\\_") +} + +from Attribute access +where is_private(access) and +not access.getObject().(Name).getId() = "self" +select access diff --git a/python/ql/examples/queries.xml b/python/ql/examples/queries.xml new file mode 100644 index 00000000000..27449f34263 --- /dev/null +++ b/python/ql/examples/queries.xml @@ -0,0 +1 @@ + diff --git a/python/ql/examples/raise_exception.ql b/python/ql/examples/raise_exception.ql new file mode 100644 index 00000000000..2a6853a4af1 --- /dev/null +++ b/python/ql/examples/raise_exception.ql @@ -0,0 +1,19 @@ +/** + * @name Raise exception of a class + * @description Finds places where we raise AnException or one of its subclasses + * @tags throw + * raise + * exception + */ + +import python + +from Raise raise, ClassObject ex +where + ex.getName() = "AnException" and + ( + raise.getException().refersTo(ex.getAnImproperSuperType()) + or + raise.getException().refersTo(_, ex.getAnImproperSuperType(), _) + ) +select raise, "Don't raise instances of 'AnException'" diff --git a/python/ql/examples/raw_string.ql b/python/ql/examples/raw_string.ql new file mode 100644 index 00000000000..234086e81e6 --- /dev/null +++ b/python/ql/examples/raw_string.ql @@ -0,0 +1,12 @@ +/** + * @name Raw string literals + * @description Finds string literals with an 'r' prefix + * @tags string + * raw + */ + +import python + +from StrConst s +where s.getPrefix().matches("%r%") +select s diff --git a/python/ql/examples/recursion.ql b/python/ql/examples/recursion.ql new file mode 100644 index 00000000000..b944329fec1 --- /dev/null +++ b/python/ql/examples/recursion.ql @@ -0,0 +1,12 @@ +/** + * @name Recursion + * @description Finds functions that call themselves + * @tags method + * recursion + */ + +import python + +from FunctionObject f +where f.getACallee() = f +select f diff --git a/python/ql/examples/singlequotestring.ql b/python/ql/examples/singlequotestring.ql new file mode 100644 index 00000000000..d17e2d4822d --- /dev/null +++ b/python/ql/examples/singlequotestring.ql @@ -0,0 +1,13 @@ +/** + * @name Single-quoted string literals + * @description Finds string literals using single quotes + * @tags string + * single quote + * quote + */ + +import python + +from StrConst s +where s.getPrefix().charAt(_) = "'" +select s diff --git a/python/ql/examples/store_none.ql b/python/ql/examples/store_none.ql new file mode 100644 index 00000000000..8a21f7f5598 --- /dev/null +++ b/python/ql/examples/store_none.ql @@ -0,0 +1,17 @@ +/** + * @name Store None to collection + * @description Finds places where `None` is used as an index when storing to a collection + * @tags None + * parameter + * argument + * collection + * add + */ + +import python + +from SubscriptNode store +where + store.isStore() and + store.getIndex().refersTo(theNoneObject()) +select store diff --git a/python/ql/examples/todocomment.ql b/python/ql/examples/todocomment.ql new file mode 100644 index 00000000000..1ec016842fe --- /dev/null +++ b/python/ql/examples/todocomment.ql @@ -0,0 +1,12 @@ +/** + * @name TODO comments + * @description Finds comments containing the word "TODO" + * @tags comment + * TODO + */ + +import python + +from Comment c +where c.getText().regexpMatch("(?si).*\\bTODO\\b.*") +select c diff --git a/python/ql/examples/too_many_params.ql b/python/ql/examples/too_many_params.ql new file mode 100644 index 00000000000..5ca9bc18cd9 --- /dev/null +++ b/python/ql/examples/too_many_params.ql @@ -0,0 +1,13 @@ +/** + * @name Functions with many parameters + * @description Finds functions with more than 7 parameters + * @tags function + * parameter + * argument + */ + +import python + +from Function fcn +where count(fcn.getAnArg()) > 7 +select fcn diff --git a/python/ql/examples/tryfinally.ql b/python/ql/examples/tryfinally.ql new file mode 100644 index 00000000000..3e9adfcbc58 --- /dev/null +++ b/python/ql/examples/tryfinally.ql @@ -0,0 +1,14 @@ +/** + * @name Try-finally statements + * @description Finds try-finally statements without an exception handler + * @tags try + * finally + * exceptions + */ + +import python + +from Try t +where exists(t.getFinalbody()) + and not exists(t.getAHandler()) +select t From bdce7d07c137ce5d6fea1ab8f6da0767a87d83d9 Mon Sep 17 00:00:00 2001 From: Arthur Baars Date: Thu, 25 Jul 2019 15:38:25 +0200 Subject: [PATCH 2/5] Move 'snippet' queries to 'snippets' folders --- cpp/ql/examples/{ => snippets}/addressof.ql | 0 cpp/ql/examples/{ => snippets}/arrayaccess.ql | 0 cpp/ql/examples/{ => snippets}/castexpr.ql | 0 cpp/ql/examples/{ => snippets}/catch_exception.ql | 0 cpp/ql/examples/{ => snippets}/constructor_call.ql | 0 cpp/ql/examples/{ => snippets}/derives_from_class.ql | 0 cpp/ql/examples/{ => snippets}/emptyblock.ql | 0 cpp/ql/examples/{ => snippets}/emptythen.ql | 0 cpp/ql/examples/{ => snippets}/eq_true.ql | 0 cpp/ql/examples/{ => snippets}/field_access.ql | 0 cpp/ql/examples/{ => snippets}/function_call.ql | 0 cpp/ql/examples/{ => snippets}/integer_literal.ql | 0 cpp/ql/examples/{ => snippets}/mutualrecursion.ql | 0 cpp/ql/examples/{ => snippets}/override_method.ql | 0 cpp/ql/examples/{ => snippets}/returnstatement.ql | 0 cpp/ql/examples/{ => snippets}/singletonblock.ql | 0 cpp/ql/examples/{ => snippets}/switchcase.ql | 0 cpp/ql/examples/{ => snippets}/ternaryconditional.ql | 0 cpp/ql/examples/{ => snippets}/throw_exception.ql | 0 cpp/ql/examples/{ => snippets}/todocomment.ql | 0 cpp/ql/examples/{ => snippets}/toomanyparams.ql | 0 cpp/ql/examples/{ => snippets}/unusedlocalvar.ql | 0 cpp/ql/examples/{ => snippets}/unusedmethod.ql | 0 cpp/ql/examples/{ => snippets}/unusedparam.ql | 0 cpp/ql/examples/{ => snippets}/voidreturntype.ql | 0 cpp/ql/examples/{ => snippets}/volatilevariable.ql | 0 csharp/ql/examples/{ => snippets}/array_access.ql | 0 csharp/ql/examples/{ => snippets}/cast_expr.ql | 0 csharp/ql/examples/{ => snippets}/catch_exception.ql | 0 csharp/ql/examples/{ => snippets}/constructor_call.ql | 0 csharp/ql/examples/{ => snippets}/empty_block.ql | 0 csharp/ql/examples/{ => snippets}/empty_then.ql | 0 csharp/ql/examples/{ => snippets}/eq_true.ql | 0 csharp/ql/examples/{ => snippets}/extend_class.ql | 0 csharp/ql/examples/{ => snippets}/extern_method.ql | 0 csharp/ql/examples/{ => snippets}/field_read.ql | 0 csharp/ql/examples/{ => snippets}/integer_literal.ql | 0 csharp/ql/examples/{ => snippets}/method_call.ql | 0 csharp/ql/examples/{ => snippets}/mutual_recursion.ql | 0 csharp/ql/examples/{ => snippets}/null_argument.ql | 0 csharp/ql/examples/{ => snippets}/override_method.ql | 0 csharp/ql/examples/{ => snippets}/qualifier.ql | 0 csharp/ql/examples/{ => snippets}/return_statement.ql | 0 csharp/ql/examples/{ => snippets}/singleton_block.ql | 0 csharp/ql/examples/{ => snippets}/switch_case.ql | 0 csharp/ql/examples/{ => snippets}/ternary_conditional.ql | 0 csharp/ql/examples/{ => snippets}/throw_exception.ql | 0 csharp/ql/examples/{ => snippets}/todo_comment.ql | 0 csharp/ql/examples/{ => snippets}/too_many_params.ql | 0 csharp/ql/examples/{ => snippets}/try_finally.ql | 0 csharp/ql/examples/{ => snippets}/unused_local_var.ql | 0 csharp/ql/examples/{ => snippets}/unused_param.ql | 0 csharp/ql/examples/{ => snippets}/void_return_type.ql | 0 csharp/ql/examples/{ => snippets}/volatile_field.ql | 0 java/ql/examples/{ => snippets}/arrayaccess.ql | 0 java/ql/examples/{ => snippets}/castexpr.ql | 0 java/ql/examples/{ => snippets}/catch_exception.ql | 0 java/ql/examples/{ => snippets}/constructor_call.ql | 0 java/ql/examples/{ => snippets}/emptyblock.ql | 0 java/ql/examples/{ => snippets}/emptythen.ql | 0 java/ql/examples/{ => snippets}/eq_true.ql | 0 java/ql/examples/{ => snippets}/extend_class.ql | 0 java/ql/examples/{ => snippets}/field_read.ql | 0 java/ql/examples/{ => snippets}/integer_literal.ql | 0 java/ql/examples/{ => snippets}/method_call.ql | 0 java/ql/examples/{ => snippets}/mutualrecursion.ql | 0 java/ql/examples/{ => snippets}/nativemethod.ql | 0 java/ql/examples/{ => snippets}/null_argument.ql | 0 java/ql/examples/{ => snippets}/override_method.ql | 0 java/ql/examples/{ => snippets}/qualifiedthis.ql | 0 java/ql/examples/{ => snippets}/returnstatement.ql | 0 java/ql/examples/{ => snippets}/singletonblock.ql | 0 java/ql/examples/{ => snippets}/switchcase.ql | 0 java/ql/examples/{ => snippets}/synchronizedmethod.ql | 0 java/ql/examples/{ => snippets}/ternaryconditional.ql | 0 java/ql/examples/{ => snippets}/throw_exception.ql | 0 java/ql/examples/{ => snippets}/todocomment.ql | 0 java/ql/examples/{ => snippets}/toomanyparams.ql | 0 java/ql/examples/{ => snippets}/tryfinally.ql | 0 java/ql/examples/{ => snippets}/unusedlocalvar.ql | 0 java/ql/examples/{ => snippets}/unusedmethod.ql | 0 java/ql/examples/{ => snippets}/unusedparam.ql | 0 java/ql/examples/{ => snippets}/voidreturntype.ql | 0 java/ql/examples/{ => snippets}/volatilefield.ql | 0 .../ql/examples/{ => queries}/dataflow/BackendIdor/BackendIdor.ql | 0 .../DecodingAfterSanitization/DecodingAfterSanitization.ql | 0 .../DecodingAfterSanitizationGeneralized.ql | 0 .../ql/examples/{ => queries}/dataflow/EvalTaint/EvalTaint.ql | 0 .../ql/examples/{ => queries}/dataflow/EvalTaint/EvalTaintPath.ql | 0 .../dataflow/InformationDisclosure/InformationDisclosure.ql | 0 .../ql/examples/{ => queries}/dataflow/StoredXss/StoredXss.ql | 0 .../{ => queries}/dataflow/StoredXss/StoredXssTrackedNode.ql | 0 .../{ => queries}/dataflow/TemplateInjection/TemplateInjection.ql | 0 javascript/ql/examples/{ => snippets}/argumentsparam.ql | 0 javascript/ql/examples/{ => snippets}/call.ql | 0 javascript/ql/examples/{ => snippets}/callback.ql | 0 javascript/ql/examples/{ => snippets}/classdefltctor.ql | 0 javascript/ql/examples/{ => snippets}/classname.ql | 0 javascript/ql/examples/{ => snippets}/constantbrackets.ql | 0 javascript/ql/examples/{ => snippets}/emptyblock.ql | 0 javascript/ql/examples/{ => snippets}/emptythen.ql | 0 javascript/ql/examples/{ => snippets}/equalitystmt.ql | 0 javascript/ql/examples/{ => snippets}/evenness.ql | 0 javascript/ql/examples/{ => snippets}/exportfn.ql | 0 javascript/ql/examples/{ => snippets}/filename.ql | 0 javascript/ql/examples/{ => snippets}/fnnoreturn.ql | 0 javascript/ql/examples/{ => snippets}/generator.ql | 0 javascript/ql/examples/{ => snippets}/iife.ql | 0 javascript/ql/examples/{ => snippets}/importfrom.ql | 0 javascript/ql/examples/{ => snippets}/jsxattribute.ql | 0 javascript/ql/examples/{ => snippets}/methodcall.ql | 0 javascript/ql/examples/{ => snippets}/namedfnexpr.ql | 0 javascript/ql/examples/{ => snippets}/newexpr.ql | 0 javascript/ql/examples/{ => snippets}/propaccess.ql | 0 javascript/ql/examples/{ => snippets}/rendermethod.ql | 0 javascript/ql/examples/{ => snippets}/singlequotestring.ql | 0 javascript/ql/examples/{ => snippets}/singletonblock.ql | 0 javascript/ql/examples/{ => snippets}/taggedtemplates.ql | 0 javascript/ql/examples/{ => snippets}/todocomment.ql | 0 javascript/ql/examples/{ => snippets}/toomanyparams.ql | 0 javascript/ql/examples/{ => snippets}/vardecl.ql | 0 javascript/ql/examples/{ => snippets}/varref.ql | 0 javascript/ql/examples/{ => snippets}/yieldundefined.ql | 0 python/ql/examples/{ => snippets}/backticks.ql | 0 python/ql/examples/{ => snippets}/builtin_object.ql | 0 python/ql/examples/{ => snippets}/call.ql | 0 python/ql/examples/{ => snippets}/catch_exception.ql | 0 python/ql/examples/{ => snippets}/conditional_expression.ql | 0 python/ql/examples/{ => snippets}/elif.ql | 0 python/ql/examples/{ => snippets}/emptyblock.ql | 0 python/ql/examples/{ => snippets}/emptythen.ql | 0 python/ql/examples/{ => snippets}/eq_true.ql | 0 python/ql/examples/{ => snippets}/equalitystmt.ql | 0 python/ql/examples/{ => snippets}/extend_class.ql | 0 python/ql/examples/{ => snippets}/filename.ql | 0 python/ql/examples/{ => snippets}/generator.ql | 0 python/ql/examples/{ => snippets}/integer_literal.ql | 0 python/ql/examples/{ => snippets}/method_call.ql | 0 python/ql/examples/{ => snippets}/mutualrecursion.ql | 0 python/ql/examples/{ => snippets}/new_instance.ql | 0 python/ql/examples/{ => snippets}/override_method.ql | 0 python/ql/examples/{ => snippets}/print.ql | 0 python/ql/examples/{ => snippets}/private_access.ql | 0 python/ql/examples/{ => snippets}/raise_exception.ql | 0 python/ql/examples/{ => snippets}/raw_string.ql | 0 python/ql/examples/{ => snippets}/recursion.ql | 0 python/ql/examples/{ => snippets}/singlequotestring.ql | 0 python/ql/examples/{ => snippets}/store_none.ql | 0 python/ql/examples/{ => snippets}/todocomment.ql | 0 python/ql/examples/{ => snippets}/too_many_params.ql | 0 python/ql/examples/{ => snippets}/tryfinally.ql | 0 151 files changed, 0 insertions(+), 0 deletions(-) rename cpp/ql/examples/{ => snippets}/addressof.ql (100%) rename cpp/ql/examples/{ => snippets}/arrayaccess.ql (100%) rename cpp/ql/examples/{ => snippets}/castexpr.ql (100%) rename cpp/ql/examples/{ => snippets}/catch_exception.ql (100%) rename cpp/ql/examples/{ => snippets}/constructor_call.ql (100%) rename cpp/ql/examples/{ => snippets}/derives_from_class.ql (100%) rename cpp/ql/examples/{ => snippets}/emptyblock.ql (100%) rename cpp/ql/examples/{ => snippets}/emptythen.ql (100%) rename cpp/ql/examples/{ => snippets}/eq_true.ql (100%) rename cpp/ql/examples/{ => snippets}/field_access.ql (100%) rename cpp/ql/examples/{ => snippets}/function_call.ql (100%) rename cpp/ql/examples/{ => snippets}/integer_literal.ql (100%) rename cpp/ql/examples/{ => snippets}/mutualrecursion.ql (100%) rename cpp/ql/examples/{ => snippets}/override_method.ql (100%) rename cpp/ql/examples/{ => snippets}/returnstatement.ql (100%) rename cpp/ql/examples/{ => snippets}/singletonblock.ql (100%) rename cpp/ql/examples/{ => snippets}/switchcase.ql (100%) rename cpp/ql/examples/{ => snippets}/ternaryconditional.ql (100%) rename cpp/ql/examples/{ => snippets}/throw_exception.ql (100%) rename cpp/ql/examples/{ => snippets}/todocomment.ql (100%) rename cpp/ql/examples/{ => snippets}/toomanyparams.ql (100%) rename cpp/ql/examples/{ => snippets}/unusedlocalvar.ql (100%) rename cpp/ql/examples/{ => snippets}/unusedmethod.ql (100%) rename cpp/ql/examples/{ => snippets}/unusedparam.ql (100%) rename cpp/ql/examples/{ => snippets}/voidreturntype.ql (100%) rename cpp/ql/examples/{ => snippets}/volatilevariable.ql (100%) rename csharp/ql/examples/{ => snippets}/array_access.ql (100%) rename csharp/ql/examples/{ => snippets}/cast_expr.ql (100%) rename csharp/ql/examples/{ => snippets}/catch_exception.ql (100%) rename csharp/ql/examples/{ => snippets}/constructor_call.ql (100%) rename csharp/ql/examples/{ => snippets}/empty_block.ql (100%) rename csharp/ql/examples/{ => snippets}/empty_then.ql (100%) rename csharp/ql/examples/{ => snippets}/eq_true.ql (100%) rename csharp/ql/examples/{ => snippets}/extend_class.ql (100%) rename csharp/ql/examples/{ => snippets}/extern_method.ql (100%) rename csharp/ql/examples/{ => snippets}/field_read.ql (100%) rename csharp/ql/examples/{ => snippets}/integer_literal.ql (100%) rename csharp/ql/examples/{ => snippets}/method_call.ql (100%) rename csharp/ql/examples/{ => snippets}/mutual_recursion.ql (100%) rename csharp/ql/examples/{ => snippets}/null_argument.ql (100%) rename csharp/ql/examples/{ => snippets}/override_method.ql (100%) rename csharp/ql/examples/{ => snippets}/qualifier.ql (100%) rename csharp/ql/examples/{ => snippets}/return_statement.ql (100%) rename csharp/ql/examples/{ => snippets}/singleton_block.ql (100%) rename csharp/ql/examples/{ => snippets}/switch_case.ql (100%) rename csharp/ql/examples/{ => snippets}/ternary_conditional.ql (100%) rename csharp/ql/examples/{ => snippets}/throw_exception.ql (100%) rename csharp/ql/examples/{ => snippets}/todo_comment.ql (100%) rename csharp/ql/examples/{ => snippets}/too_many_params.ql (100%) rename csharp/ql/examples/{ => snippets}/try_finally.ql (100%) rename csharp/ql/examples/{ => snippets}/unused_local_var.ql (100%) rename csharp/ql/examples/{ => snippets}/unused_param.ql (100%) rename csharp/ql/examples/{ => snippets}/void_return_type.ql (100%) rename csharp/ql/examples/{ => snippets}/volatile_field.ql (100%) rename java/ql/examples/{ => snippets}/arrayaccess.ql (100%) rename java/ql/examples/{ => snippets}/castexpr.ql (100%) rename java/ql/examples/{ => snippets}/catch_exception.ql (100%) rename java/ql/examples/{ => snippets}/constructor_call.ql (100%) rename java/ql/examples/{ => snippets}/emptyblock.ql (100%) rename java/ql/examples/{ => snippets}/emptythen.ql (100%) rename java/ql/examples/{ => snippets}/eq_true.ql (100%) rename java/ql/examples/{ => snippets}/extend_class.ql (100%) rename java/ql/examples/{ => snippets}/field_read.ql (100%) rename java/ql/examples/{ => snippets}/integer_literal.ql (100%) rename java/ql/examples/{ => snippets}/method_call.ql (100%) rename java/ql/examples/{ => snippets}/mutualrecursion.ql (100%) rename java/ql/examples/{ => snippets}/nativemethod.ql (100%) rename java/ql/examples/{ => snippets}/null_argument.ql (100%) rename java/ql/examples/{ => snippets}/override_method.ql (100%) rename java/ql/examples/{ => snippets}/qualifiedthis.ql (100%) rename java/ql/examples/{ => snippets}/returnstatement.ql (100%) rename java/ql/examples/{ => snippets}/singletonblock.ql (100%) rename java/ql/examples/{ => snippets}/switchcase.ql (100%) rename java/ql/examples/{ => snippets}/synchronizedmethod.ql (100%) rename java/ql/examples/{ => snippets}/ternaryconditional.ql (100%) rename java/ql/examples/{ => snippets}/throw_exception.ql (100%) rename java/ql/examples/{ => snippets}/todocomment.ql (100%) rename java/ql/examples/{ => snippets}/toomanyparams.ql (100%) rename java/ql/examples/{ => snippets}/tryfinally.ql (100%) rename java/ql/examples/{ => snippets}/unusedlocalvar.ql (100%) rename java/ql/examples/{ => snippets}/unusedmethod.ql (100%) rename java/ql/examples/{ => snippets}/unusedparam.ql (100%) rename java/ql/examples/{ => snippets}/voidreturntype.ql (100%) rename java/ql/examples/{ => snippets}/volatilefield.ql (100%) rename javascript/ql/examples/{ => queries}/dataflow/BackendIdor/BackendIdor.ql (100%) rename javascript/ql/examples/{ => queries}/dataflow/DecodingAfterSanitization/DecodingAfterSanitization.ql (100%) rename javascript/ql/examples/{ => queries}/dataflow/DecodingAfterSanitization/DecodingAfterSanitizationGeneralized.ql (100%) rename javascript/ql/examples/{ => queries}/dataflow/EvalTaint/EvalTaint.ql (100%) rename javascript/ql/examples/{ => queries}/dataflow/EvalTaint/EvalTaintPath.ql (100%) rename javascript/ql/examples/{ => queries}/dataflow/InformationDisclosure/InformationDisclosure.ql (100%) rename javascript/ql/examples/{ => queries}/dataflow/StoredXss/StoredXss.ql (100%) rename javascript/ql/examples/{ => queries}/dataflow/StoredXss/StoredXssTrackedNode.ql (100%) rename javascript/ql/examples/{ => queries}/dataflow/TemplateInjection/TemplateInjection.ql (100%) rename javascript/ql/examples/{ => snippets}/argumentsparam.ql (100%) rename javascript/ql/examples/{ => snippets}/call.ql (100%) rename javascript/ql/examples/{ => snippets}/callback.ql (100%) rename javascript/ql/examples/{ => snippets}/classdefltctor.ql (100%) rename javascript/ql/examples/{ => snippets}/classname.ql (100%) rename javascript/ql/examples/{ => snippets}/constantbrackets.ql (100%) rename javascript/ql/examples/{ => snippets}/emptyblock.ql (100%) rename javascript/ql/examples/{ => snippets}/emptythen.ql (100%) rename javascript/ql/examples/{ => snippets}/equalitystmt.ql (100%) rename javascript/ql/examples/{ => snippets}/evenness.ql (100%) rename javascript/ql/examples/{ => snippets}/exportfn.ql (100%) rename javascript/ql/examples/{ => snippets}/filename.ql (100%) rename javascript/ql/examples/{ => snippets}/fnnoreturn.ql (100%) rename javascript/ql/examples/{ => snippets}/generator.ql (100%) rename javascript/ql/examples/{ => snippets}/iife.ql (100%) rename javascript/ql/examples/{ => snippets}/importfrom.ql (100%) rename javascript/ql/examples/{ => snippets}/jsxattribute.ql (100%) rename javascript/ql/examples/{ => snippets}/methodcall.ql (100%) rename javascript/ql/examples/{ => snippets}/namedfnexpr.ql (100%) rename javascript/ql/examples/{ => snippets}/newexpr.ql (100%) rename javascript/ql/examples/{ => snippets}/propaccess.ql (100%) rename javascript/ql/examples/{ => snippets}/rendermethod.ql (100%) rename javascript/ql/examples/{ => snippets}/singlequotestring.ql (100%) rename javascript/ql/examples/{ => snippets}/singletonblock.ql (100%) rename javascript/ql/examples/{ => snippets}/taggedtemplates.ql (100%) rename javascript/ql/examples/{ => snippets}/todocomment.ql (100%) rename javascript/ql/examples/{ => snippets}/toomanyparams.ql (100%) rename javascript/ql/examples/{ => snippets}/vardecl.ql (100%) rename javascript/ql/examples/{ => snippets}/varref.ql (100%) rename javascript/ql/examples/{ => snippets}/yieldundefined.ql (100%) rename python/ql/examples/{ => snippets}/backticks.ql (100%) rename python/ql/examples/{ => snippets}/builtin_object.ql (100%) rename python/ql/examples/{ => snippets}/call.ql (100%) rename python/ql/examples/{ => snippets}/catch_exception.ql (100%) rename python/ql/examples/{ => snippets}/conditional_expression.ql (100%) rename python/ql/examples/{ => snippets}/elif.ql (100%) rename python/ql/examples/{ => snippets}/emptyblock.ql (100%) rename python/ql/examples/{ => snippets}/emptythen.ql (100%) rename python/ql/examples/{ => snippets}/eq_true.ql (100%) rename python/ql/examples/{ => snippets}/equalitystmt.ql (100%) rename python/ql/examples/{ => snippets}/extend_class.ql (100%) rename python/ql/examples/{ => snippets}/filename.ql (100%) rename python/ql/examples/{ => snippets}/generator.ql (100%) rename python/ql/examples/{ => snippets}/integer_literal.ql (100%) rename python/ql/examples/{ => snippets}/method_call.ql (100%) rename python/ql/examples/{ => snippets}/mutualrecursion.ql (100%) rename python/ql/examples/{ => snippets}/new_instance.ql (100%) rename python/ql/examples/{ => snippets}/override_method.ql (100%) rename python/ql/examples/{ => snippets}/print.ql (100%) rename python/ql/examples/{ => snippets}/private_access.ql (100%) rename python/ql/examples/{ => snippets}/raise_exception.ql (100%) rename python/ql/examples/{ => snippets}/raw_string.ql (100%) rename python/ql/examples/{ => snippets}/recursion.ql (100%) rename python/ql/examples/{ => snippets}/singlequotestring.ql (100%) rename python/ql/examples/{ => snippets}/store_none.ql (100%) rename python/ql/examples/{ => snippets}/todocomment.ql (100%) rename python/ql/examples/{ => snippets}/too_many_params.ql (100%) rename python/ql/examples/{ => snippets}/tryfinally.ql (100%) diff --git a/cpp/ql/examples/addressof.ql b/cpp/ql/examples/snippets/addressof.ql similarity index 100% rename from cpp/ql/examples/addressof.ql rename to cpp/ql/examples/snippets/addressof.ql diff --git a/cpp/ql/examples/arrayaccess.ql b/cpp/ql/examples/snippets/arrayaccess.ql similarity index 100% rename from cpp/ql/examples/arrayaccess.ql rename to cpp/ql/examples/snippets/arrayaccess.ql diff --git a/cpp/ql/examples/castexpr.ql b/cpp/ql/examples/snippets/castexpr.ql similarity index 100% rename from cpp/ql/examples/castexpr.ql rename to cpp/ql/examples/snippets/castexpr.ql diff --git a/cpp/ql/examples/catch_exception.ql b/cpp/ql/examples/snippets/catch_exception.ql similarity index 100% rename from cpp/ql/examples/catch_exception.ql rename to cpp/ql/examples/snippets/catch_exception.ql diff --git a/cpp/ql/examples/constructor_call.ql b/cpp/ql/examples/snippets/constructor_call.ql similarity index 100% rename from cpp/ql/examples/constructor_call.ql rename to cpp/ql/examples/snippets/constructor_call.ql diff --git a/cpp/ql/examples/derives_from_class.ql b/cpp/ql/examples/snippets/derives_from_class.ql similarity index 100% rename from cpp/ql/examples/derives_from_class.ql rename to cpp/ql/examples/snippets/derives_from_class.ql diff --git a/cpp/ql/examples/emptyblock.ql b/cpp/ql/examples/snippets/emptyblock.ql similarity index 100% rename from cpp/ql/examples/emptyblock.ql rename to cpp/ql/examples/snippets/emptyblock.ql diff --git a/cpp/ql/examples/emptythen.ql b/cpp/ql/examples/snippets/emptythen.ql similarity index 100% rename from cpp/ql/examples/emptythen.ql rename to cpp/ql/examples/snippets/emptythen.ql diff --git a/cpp/ql/examples/eq_true.ql b/cpp/ql/examples/snippets/eq_true.ql similarity index 100% rename from cpp/ql/examples/eq_true.ql rename to cpp/ql/examples/snippets/eq_true.ql diff --git a/cpp/ql/examples/field_access.ql b/cpp/ql/examples/snippets/field_access.ql similarity index 100% rename from cpp/ql/examples/field_access.ql rename to cpp/ql/examples/snippets/field_access.ql diff --git a/cpp/ql/examples/function_call.ql b/cpp/ql/examples/snippets/function_call.ql similarity index 100% rename from cpp/ql/examples/function_call.ql rename to cpp/ql/examples/snippets/function_call.ql diff --git a/cpp/ql/examples/integer_literal.ql b/cpp/ql/examples/snippets/integer_literal.ql similarity index 100% rename from cpp/ql/examples/integer_literal.ql rename to cpp/ql/examples/snippets/integer_literal.ql diff --git a/cpp/ql/examples/mutualrecursion.ql b/cpp/ql/examples/snippets/mutualrecursion.ql similarity index 100% rename from cpp/ql/examples/mutualrecursion.ql rename to cpp/ql/examples/snippets/mutualrecursion.ql diff --git a/cpp/ql/examples/override_method.ql b/cpp/ql/examples/snippets/override_method.ql similarity index 100% rename from cpp/ql/examples/override_method.ql rename to cpp/ql/examples/snippets/override_method.ql diff --git a/cpp/ql/examples/returnstatement.ql b/cpp/ql/examples/snippets/returnstatement.ql similarity index 100% rename from cpp/ql/examples/returnstatement.ql rename to cpp/ql/examples/snippets/returnstatement.ql diff --git a/cpp/ql/examples/singletonblock.ql b/cpp/ql/examples/snippets/singletonblock.ql similarity index 100% rename from cpp/ql/examples/singletonblock.ql rename to cpp/ql/examples/snippets/singletonblock.ql diff --git a/cpp/ql/examples/switchcase.ql b/cpp/ql/examples/snippets/switchcase.ql similarity index 100% rename from cpp/ql/examples/switchcase.ql rename to cpp/ql/examples/snippets/switchcase.ql diff --git a/cpp/ql/examples/ternaryconditional.ql b/cpp/ql/examples/snippets/ternaryconditional.ql similarity index 100% rename from cpp/ql/examples/ternaryconditional.ql rename to cpp/ql/examples/snippets/ternaryconditional.ql diff --git a/cpp/ql/examples/throw_exception.ql b/cpp/ql/examples/snippets/throw_exception.ql similarity index 100% rename from cpp/ql/examples/throw_exception.ql rename to cpp/ql/examples/snippets/throw_exception.ql diff --git a/cpp/ql/examples/todocomment.ql b/cpp/ql/examples/snippets/todocomment.ql similarity index 100% rename from cpp/ql/examples/todocomment.ql rename to cpp/ql/examples/snippets/todocomment.ql diff --git a/cpp/ql/examples/toomanyparams.ql b/cpp/ql/examples/snippets/toomanyparams.ql similarity index 100% rename from cpp/ql/examples/toomanyparams.ql rename to cpp/ql/examples/snippets/toomanyparams.ql diff --git a/cpp/ql/examples/unusedlocalvar.ql b/cpp/ql/examples/snippets/unusedlocalvar.ql similarity index 100% rename from cpp/ql/examples/unusedlocalvar.ql rename to cpp/ql/examples/snippets/unusedlocalvar.ql diff --git a/cpp/ql/examples/unusedmethod.ql b/cpp/ql/examples/snippets/unusedmethod.ql similarity index 100% rename from cpp/ql/examples/unusedmethod.ql rename to cpp/ql/examples/snippets/unusedmethod.ql diff --git a/cpp/ql/examples/unusedparam.ql b/cpp/ql/examples/snippets/unusedparam.ql similarity index 100% rename from cpp/ql/examples/unusedparam.ql rename to cpp/ql/examples/snippets/unusedparam.ql diff --git a/cpp/ql/examples/voidreturntype.ql b/cpp/ql/examples/snippets/voidreturntype.ql similarity index 100% rename from cpp/ql/examples/voidreturntype.ql rename to cpp/ql/examples/snippets/voidreturntype.ql diff --git a/cpp/ql/examples/volatilevariable.ql b/cpp/ql/examples/snippets/volatilevariable.ql similarity index 100% rename from cpp/ql/examples/volatilevariable.ql rename to cpp/ql/examples/snippets/volatilevariable.ql diff --git a/csharp/ql/examples/array_access.ql b/csharp/ql/examples/snippets/array_access.ql similarity index 100% rename from csharp/ql/examples/array_access.ql rename to csharp/ql/examples/snippets/array_access.ql diff --git a/csharp/ql/examples/cast_expr.ql b/csharp/ql/examples/snippets/cast_expr.ql similarity index 100% rename from csharp/ql/examples/cast_expr.ql rename to csharp/ql/examples/snippets/cast_expr.ql diff --git a/csharp/ql/examples/catch_exception.ql b/csharp/ql/examples/snippets/catch_exception.ql similarity index 100% rename from csharp/ql/examples/catch_exception.ql rename to csharp/ql/examples/snippets/catch_exception.ql diff --git a/csharp/ql/examples/constructor_call.ql b/csharp/ql/examples/snippets/constructor_call.ql similarity index 100% rename from csharp/ql/examples/constructor_call.ql rename to csharp/ql/examples/snippets/constructor_call.ql diff --git a/csharp/ql/examples/empty_block.ql b/csharp/ql/examples/snippets/empty_block.ql similarity index 100% rename from csharp/ql/examples/empty_block.ql rename to csharp/ql/examples/snippets/empty_block.ql diff --git a/csharp/ql/examples/empty_then.ql b/csharp/ql/examples/snippets/empty_then.ql similarity index 100% rename from csharp/ql/examples/empty_then.ql rename to csharp/ql/examples/snippets/empty_then.ql diff --git a/csharp/ql/examples/eq_true.ql b/csharp/ql/examples/snippets/eq_true.ql similarity index 100% rename from csharp/ql/examples/eq_true.ql rename to csharp/ql/examples/snippets/eq_true.ql diff --git a/csharp/ql/examples/extend_class.ql b/csharp/ql/examples/snippets/extend_class.ql similarity index 100% rename from csharp/ql/examples/extend_class.ql rename to csharp/ql/examples/snippets/extend_class.ql diff --git a/csharp/ql/examples/extern_method.ql b/csharp/ql/examples/snippets/extern_method.ql similarity index 100% rename from csharp/ql/examples/extern_method.ql rename to csharp/ql/examples/snippets/extern_method.ql diff --git a/csharp/ql/examples/field_read.ql b/csharp/ql/examples/snippets/field_read.ql similarity index 100% rename from csharp/ql/examples/field_read.ql rename to csharp/ql/examples/snippets/field_read.ql diff --git a/csharp/ql/examples/integer_literal.ql b/csharp/ql/examples/snippets/integer_literal.ql similarity index 100% rename from csharp/ql/examples/integer_literal.ql rename to csharp/ql/examples/snippets/integer_literal.ql diff --git a/csharp/ql/examples/method_call.ql b/csharp/ql/examples/snippets/method_call.ql similarity index 100% rename from csharp/ql/examples/method_call.ql rename to csharp/ql/examples/snippets/method_call.ql diff --git a/csharp/ql/examples/mutual_recursion.ql b/csharp/ql/examples/snippets/mutual_recursion.ql similarity index 100% rename from csharp/ql/examples/mutual_recursion.ql rename to csharp/ql/examples/snippets/mutual_recursion.ql diff --git a/csharp/ql/examples/null_argument.ql b/csharp/ql/examples/snippets/null_argument.ql similarity index 100% rename from csharp/ql/examples/null_argument.ql rename to csharp/ql/examples/snippets/null_argument.ql diff --git a/csharp/ql/examples/override_method.ql b/csharp/ql/examples/snippets/override_method.ql similarity index 100% rename from csharp/ql/examples/override_method.ql rename to csharp/ql/examples/snippets/override_method.ql diff --git a/csharp/ql/examples/qualifier.ql b/csharp/ql/examples/snippets/qualifier.ql similarity index 100% rename from csharp/ql/examples/qualifier.ql rename to csharp/ql/examples/snippets/qualifier.ql diff --git a/csharp/ql/examples/return_statement.ql b/csharp/ql/examples/snippets/return_statement.ql similarity index 100% rename from csharp/ql/examples/return_statement.ql rename to csharp/ql/examples/snippets/return_statement.ql diff --git a/csharp/ql/examples/singleton_block.ql b/csharp/ql/examples/snippets/singleton_block.ql similarity index 100% rename from csharp/ql/examples/singleton_block.ql rename to csharp/ql/examples/snippets/singleton_block.ql diff --git a/csharp/ql/examples/switch_case.ql b/csharp/ql/examples/snippets/switch_case.ql similarity index 100% rename from csharp/ql/examples/switch_case.ql rename to csharp/ql/examples/snippets/switch_case.ql diff --git a/csharp/ql/examples/ternary_conditional.ql b/csharp/ql/examples/snippets/ternary_conditional.ql similarity index 100% rename from csharp/ql/examples/ternary_conditional.ql rename to csharp/ql/examples/snippets/ternary_conditional.ql diff --git a/csharp/ql/examples/throw_exception.ql b/csharp/ql/examples/snippets/throw_exception.ql similarity index 100% rename from csharp/ql/examples/throw_exception.ql rename to csharp/ql/examples/snippets/throw_exception.ql diff --git a/csharp/ql/examples/todo_comment.ql b/csharp/ql/examples/snippets/todo_comment.ql similarity index 100% rename from csharp/ql/examples/todo_comment.ql rename to csharp/ql/examples/snippets/todo_comment.ql diff --git a/csharp/ql/examples/too_many_params.ql b/csharp/ql/examples/snippets/too_many_params.ql similarity index 100% rename from csharp/ql/examples/too_many_params.ql rename to csharp/ql/examples/snippets/too_many_params.ql diff --git a/csharp/ql/examples/try_finally.ql b/csharp/ql/examples/snippets/try_finally.ql similarity index 100% rename from csharp/ql/examples/try_finally.ql rename to csharp/ql/examples/snippets/try_finally.ql diff --git a/csharp/ql/examples/unused_local_var.ql b/csharp/ql/examples/snippets/unused_local_var.ql similarity index 100% rename from csharp/ql/examples/unused_local_var.ql rename to csharp/ql/examples/snippets/unused_local_var.ql diff --git a/csharp/ql/examples/unused_param.ql b/csharp/ql/examples/snippets/unused_param.ql similarity index 100% rename from csharp/ql/examples/unused_param.ql rename to csharp/ql/examples/snippets/unused_param.ql diff --git a/csharp/ql/examples/void_return_type.ql b/csharp/ql/examples/snippets/void_return_type.ql similarity index 100% rename from csharp/ql/examples/void_return_type.ql rename to csharp/ql/examples/snippets/void_return_type.ql diff --git a/csharp/ql/examples/volatile_field.ql b/csharp/ql/examples/snippets/volatile_field.ql similarity index 100% rename from csharp/ql/examples/volatile_field.ql rename to csharp/ql/examples/snippets/volatile_field.ql diff --git a/java/ql/examples/arrayaccess.ql b/java/ql/examples/snippets/arrayaccess.ql similarity index 100% rename from java/ql/examples/arrayaccess.ql rename to java/ql/examples/snippets/arrayaccess.ql diff --git a/java/ql/examples/castexpr.ql b/java/ql/examples/snippets/castexpr.ql similarity index 100% rename from java/ql/examples/castexpr.ql rename to java/ql/examples/snippets/castexpr.ql diff --git a/java/ql/examples/catch_exception.ql b/java/ql/examples/snippets/catch_exception.ql similarity index 100% rename from java/ql/examples/catch_exception.ql rename to java/ql/examples/snippets/catch_exception.ql diff --git a/java/ql/examples/constructor_call.ql b/java/ql/examples/snippets/constructor_call.ql similarity index 100% rename from java/ql/examples/constructor_call.ql rename to java/ql/examples/snippets/constructor_call.ql diff --git a/java/ql/examples/emptyblock.ql b/java/ql/examples/snippets/emptyblock.ql similarity index 100% rename from java/ql/examples/emptyblock.ql rename to java/ql/examples/snippets/emptyblock.ql diff --git a/java/ql/examples/emptythen.ql b/java/ql/examples/snippets/emptythen.ql similarity index 100% rename from java/ql/examples/emptythen.ql rename to java/ql/examples/snippets/emptythen.ql diff --git a/java/ql/examples/eq_true.ql b/java/ql/examples/snippets/eq_true.ql similarity index 100% rename from java/ql/examples/eq_true.ql rename to java/ql/examples/snippets/eq_true.ql diff --git a/java/ql/examples/extend_class.ql b/java/ql/examples/snippets/extend_class.ql similarity index 100% rename from java/ql/examples/extend_class.ql rename to java/ql/examples/snippets/extend_class.ql diff --git a/java/ql/examples/field_read.ql b/java/ql/examples/snippets/field_read.ql similarity index 100% rename from java/ql/examples/field_read.ql rename to java/ql/examples/snippets/field_read.ql diff --git a/java/ql/examples/integer_literal.ql b/java/ql/examples/snippets/integer_literal.ql similarity index 100% rename from java/ql/examples/integer_literal.ql rename to java/ql/examples/snippets/integer_literal.ql diff --git a/java/ql/examples/method_call.ql b/java/ql/examples/snippets/method_call.ql similarity index 100% rename from java/ql/examples/method_call.ql rename to java/ql/examples/snippets/method_call.ql diff --git a/java/ql/examples/mutualrecursion.ql b/java/ql/examples/snippets/mutualrecursion.ql similarity index 100% rename from java/ql/examples/mutualrecursion.ql rename to java/ql/examples/snippets/mutualrecursion.ql diff --git a/java/ql/examples/nativemethod.ql b/java/ql/examples/snippets/nativemethod.ql similarity index 100% rename from java/ql/examples/nativemethod.ql rename to java/ql/examples/snippets/nativemethod.ql diff --git a/java/ql/examples/null_argument.ql b/java/ql/examples/snippets/null_argument.ql similarity index 100% rename from java/ql/examples/null_argument.ql rename to java/ql/examples/snippets/null_argument.ql diff --git a/java/ql/examples/override_method.ql b/java/ql/examples/snippets/override_method.ql similarity index 100% rename from java/ql/examples/override_method.ql rename to java/ql/examples/snippets/override_method.ql diff --git a/java/ql/examples/qualifiedthis.ql b/java/ql/examples/snippets/qualifiedthis.ql similarity index 100% rename from java/ql/examples/qualifiedthis.ql rename to java/ql/examples/snippets/qualifiedthis.ql diff --git a/java/ql/examples/returnstatement.ql b/java/ql/examples/snippets/returnstatement.ql similarity index 100% rename from java/ql/examples/returnstatement.ql rename to java/ql/examples/snippets/returnstatement.ql diff --git a/java/ql/examples/singletonblock.ql b/java/ql/examples/snippets/singletonblock.ql similarity index 100% rename from java/ql/examples/singletonblock.ql rename to java/ql/examples/snippets/singletonblock.ql diff --git a/java/ql/examples/switchcase.ql b/java/ql/examples/snippets/switchcase.ql similarity index 100% rename from java/ql/examples/switchcase.ql rename to java/ql/examples/snippets/switchcase.ql diff --git a/java/ql/examples/synchronizedmethod.ql b/java/ql/examples/snippets/synchronizedmethod.ql similarity index 100% rename from java/ql/examples/synchronizedmethod.ql rename to java/ql/examples/snippets/synchronizedmethod.ql diff --git a/java/ql/examples/ternaryconditional.ql b/java/ql/examples/snippets/ternaryconditional.ql similarity index 100% rename from java/ql/examples/ternaryconditional.ql rename to java/ql/examples/snippets/ternaryconditional.ql diff --git a/java/ql/examples/throw_exception.ql b/java/ql/examples/snippets/throw_exception.ql similarity index 100% rename from java/ql/examples/throw_exception.ql rename to java/ql/examples/snippets/throw_exception.ql diff --git a/java/ql/examples/todocomment.ql b/java/ql/examples/snippets/todocomment.ql similarity index 100% rename from java/ql/examples/todocomment.ql rename to java/ql/examples/snippets/todocomment.ql diff --git a/java/ql/examples/toomanyparams.ql b/java/ql/examples/snippets/toomanyparams.ql similarity index 100% rename from java/ql/examples/toomanyparams.ql rename to java/ql/examples/snippets/toomanyparams.ql diff --git a/java/ql/examples/tryfinally.ql b/java/ql/examples/snippets/tryfinally.ql similarity index 100% rename from java/ql/examples/tryfinally.ql rename to java/ql/examples/snippets/tryfinally.ql diff --git a/java/ql/examples/unusedlocalvar.ql b/java/ql/examples/snippets/unusedlocalvar.ql similarity index 100% rename from java/ql/examples/unusedlocalvar.ql rename to java/ql/examples/snippets/unusedlocalvar.ql diff --git a/java/ql/examples/unusedmethod.ql b/java/ql/examples/snippets/unusedmethod.ql similarity index 100% rename from java/ql/examples/unusedmethod.ql rename to java/ql/examples/snippets/unusedmethod.ql diff --git a/java/ql/examples/unusedparam.ql b/java/ql/examples/snippets/unusedparam.ql similarity index 100% rename from java/ql/examples/unusedparam.ql rename to java/ql/examples/snippets/unusedparam.ql diff --git a/java/ql/examples/voidreturntype.ql b/java/ql/examples/snippets/voidreturntype.ql similarity index 100% rename from java/ql/examples/voidreturntype.ql rename to java/ql/examples/snippets/voidreturntype.ql diff --git a/java/ql/examples/volatilefield.ql b/java/ql/examples/snippets/volatilefield.ql similarity index 100% rename from java/ql/examples/volatilefield.ql rename to java/ql/examples/snippets/volatilefield.ql diff --git a/javascript/ql/examples/dataflow/BackendIdor/BackendIdor.ql b/javascript/ql/examples/queries/dataflow/BackendIdor/BackendIdor.ql similarity index 100% rename from javascript/ql/examples/dataflow/BackendIdor/BackendIdor.ql rename to javascript/ql/examples/queries/dataflow/BackendIdor/BackendIdor.ql diff --git a/javascript/ql/examples/dataflow/DecodingAfterSanitization/DecodingAfterSanitization.ql b/javascript/ql/examples/queries/dataflow/DecodingAfterSanitization/DecodingAfterSanitization.ql similarity index 100% rename from javascript/ql/examples/dataflow/DecodingAfterSanitization/DecodingAfterSanitization.ql rename to javascript/ql/examples/queries/dataflow/DecodingAfterSanitization/DecodingAfterSanitization.ql diff --git a/javascript/ql/examples/dataflow/DecodingAfterSanitization/DecodingAfterSanitizationGeneralized.ql b/javascript/ql/examples/queries/dataflow/DecodingAfterSanitization/DecodingAfterSanitizationGeneralized.ql similarity index 100% rename from javascript/ql/examples/dataflow/DecodingAfterSanitization/DecodingAfterSanitizationGeneralized.ql rename to javascript/ql/examples/queries/dataflow/DecodingAfterSanitization/DecodingAfterSanitizationGeneralized.ql diff --git a/javascript/ql/examples/dataflow/EvalTaint/EvalTaint.ql b/javascript/ql/examples/queries/dataflow/EvalTaint/EvalTaint.ql similarity index 100% rename from javascript/ql/examples/dataflow/EvalTaint/EvalTaint.ql rename to javascript/ql/examples/queries/dataflow/EvalTaint/EvalTaint.ql diff --git a/javascript/ql/examples/dataflow/EvalTaint/EvalTaintPath.ql b/javascript/ql/examples/queries/dataflow/EvalTaint/EvalTaintPath.ql similarity index 100% rename from javascript/ql/examples/dataflow/EvalTaint/EvalTaintPath.ql rename to javascript/ql/examples/queries/dataflow/EvalTaint/EvalTaintPath.ql diff --git a/javascript/ql/examples/dataflow/InformationDisclosure/InformationDisclosure.ql b/javascript/ql/examples/queries/dataflow/InformationDisclosure/InformationDisclosure.ql similarity index 100% rename from javascript/ql/examples/dataflow/InformationDisclosure/InformationDisclosure.ql rename to javascript/ql/examples/queries/dataflow/InformationDisclosure/InformationDisclosure.ql diff --git a/javascript/ql/examples/dataflow/StoredXss/StoredXss.ql b/javascript/ql/examples/queries/dataflow/StoredXss/StoredXss.ql similarity index 100% rename from javascript/ql/examples/dataflow/StoredXss/StoredXss.ql rename to javascript/ql/examples/queries/dataflow/StoredXss/StoredXss.ql diff --git a/javascript/ql/examples/dataflow/StoredXss/StoredXssTrackedNode.ql b/javascript/ql/examples/queries/dataflow/StoredXss/StoredXssTrackedNode.ql similarity index 100% rename from javascript/ql/examples/dataflow/StoredXss/StoredXssTrackedNode.ql rename to javascript/ql/examples/queries/dataflow/StoredXss/StoredXssTrackedNode.ql diff --git a/javascript/ql/examples/dataflow/TemplateInjection/TemplateInjection.ql b/javascript/ql/examples/queries/dataflow/TemplateInjection/TemplateInjection.ql similarity index 100% rename from javascript/ql/examples/dataflow/TemplateInjection/TemplateInjection.ql rename to javascript/ql/examples/queries/dataflow/TemplateInjection/TemplateInjection.ql diff --git a/javascript/ql/examples/argumentsparam.ql b/javascript/ql/examples/snippets/argumentsparam.ql similarity index 100% rename from javascript/ql/examples/argumentsparam.ql rename to javascript/ql/examples/snippets/argumentsparam.ql diff --git a/javascript/ql/examples/call.ql b/javascript/ql/examples/snippets/call.ql similarity index 100% rename from javascript/ql/examples/call.ql rename to javascript/ql/examples/snippets/call.ql diff --git a/javascript/ql/examples/callback.ql b/javascript/ql/examples/snippets/callback.ql similarity index 100% rename from javascript/ql/examples/callback.ql rename to javascript/ql/examples/snippets/callback.ql diff --git a/javascript/ql/examples/classdefltctor.ql b/javascript/ql/examples/snippets/classdefltctor.ql similarity index 100% rename from javascript/ql/examples/classdefltctor.ql rename to javascript/ql/examples/snippets/classdefltctor.ql diff --git a/javascript/ql/examples/classname.ql b/javascript/ql/examples/snippets/classname.ql similarity index 100% rename from javascript/ql/examples/classname.ql rename to javascript/ql/examples/snippets/classname.ql diff --git a/javascript/ql/examples/constantbrackets.ql b/javascript/ql/examples/snippets/constantbrackets.ql similarity index 100% rename from javascript/ql/examples/constantbrackets.ql rename to javascript/ql/examples/snippets/constantbrackets.ql diff --git a/javascript/ql/examples/emptyblock.ql b/javascript/ql/examples/snippets/emptyblock.ql similarity index 100% rename from javascript/ql/examples/emptyblock.ql rename to javascript/ql/examples/snippets/emptyblock.ql diff --git a/javascript/ql/examples/emptythen.ql b/javascript/ql/examples/snippets/emptythen.ql similarity index 100% rename from javascript/ql/examples/emptythen.ql rename to javascript/ql/examples/snippets/emptythen.ql diff --git a/javascript/ql/examples/equalitystmt.ql b/javascript/ql/examples/snippets/equalitystmt.ql similarity index 100% rename from javascript/ql/examples/equalitystmt.ql rename to javascript/ql/examples/snippets/equalitystmt.ql diff --git a/javascript/ql/examples/evenness.ql b/javascript/ql/examples/snippets/evenness.ql similarity index 100% rename from javascript/ql/examples/evenness.ql rename to javascript/ql/examples/snippets/evenness.ql diff --git a/javascript/ql/examples/exportfn.ql b/javascript/ql/examples/snippets/exportfn.ql similarity index 100% rename from javascript/ql/examples/exportfn.ql rename to javascript/ql/examples/snippets/exportfn.ql diff --git a/javascript/ql/examples/filename.ql b/javascript/ql/examples/snippets/filename.ql similarity index 100% rename from javascript/ql/examples/filename.ql rename to javascript/ql/examples/snippets/filename.ql diff --git a/javascript/ql/examples/fnnoreturn.ql b/javascript/ql/examples/snippets/fnnoreturn.ql similarity index 100% rename from javascript/ql/examples/fnnoreturn.ql rename to javascript/ql/examples/snippets/fnnoreturn.ql diff --git a/javascript/ql/examples/generator.ql b/javascript/ql/examples/snippets/generator.ql similarity index 100% rename from javascript/ql/examples/generator.ql rename to javascript/ql/examples/snippets/generator.ql diff --git a/javascript/ql/examples/iife.ql b/javascript/ql/examples/snippets/iife.ql similarity index 100% rename from javascript/ql/examples/iife.ql rename to javascript/ql/examples/snippets/iife.ql diff --git a/javascript/ql/examples/importfrom.ql b/javascript/ql/examples/snippets/importfrom.ql similarity index 100% rename from javascript/ql/examples/importfrom.ql rename to javascript/ql/examples/snippets/importfrom.ql diff --git a/javascript/ql/examples/jsxattribute.ql b/javascript/ql/examples/snippets/jsxattribute.ql similarity index 100% rename from javascript/ql/examples/jsxattribute.ql rename to javascript/ql/examples/snippets/jsxattribute.ql diff --git a/javascript/ql/examples/methodcall.ql b/javascript/ql/examples/snippets/methodcall.ql similarity index 100% rename from javascript/ql/examples/methodcall.ql rename to javascript/ql/examples/snippets/methodcall.ql diff --git a/javascript/ql/examples/namedfnexpr.ql b/javascript/ql/examples/snippets/namedfnexpr.ql similarity index 100% rename from javascript/ql/examples/namedfnexpr.ql rename to javascript/ql/examples/snippets/namedfnexpr.ql diff --git a/javascript/ql/examples/newexpr.ql b/javascript/ql/examples/snippets/newexpr.ql similarity index 100% rename from javascript/ql/examples/newexpr.ql rename to javascript/ql/examples/snippets/newexpr.ql diff --git a/javascript/ql/examples/propaccess.ql b/javascript/ql/examples/snippets/propaccess.ql similarity index 100% rename from javascript/ql/examples/propaccess.ql rename to javascript/ql/examples/snippets/propaccess.ql diff --git a/javascript/ql/examples/rendermethod.ql b/javascript/ql/examples/snippets/rendermethod.ql similarity index 100% rename from javascript/ql/examples/rendermethod.ql rename to javascript/ql/examples/snippets/rendermethod.ql diff --git a/javascript/ql/examples/singlequotestring.ql b/javascript/ql/examples/snippets/singlequotestring.ql similarity index 100% rename from javascript/ql/examples/singlequotestring.ql rename to javascript/ql/examples/snippets/singlequotestring.ql diff --git a/javascript/ql/examples/singletonblock.ql b/javascript/ql/examples/snippets/singletonblock.ql similarity index 100% rename from javascript/ql/examples/singletonblock.ql rename to javascript/ql/examples/snippets/singletonblock.ql diff --git a/javascript/ql/examples/taggedtemplates.ql b/javascript/ql/examples/snippets/taggedtemplates.ql similarity index 100% rename from javascript/ql/examples/taggedtemplates.ql rename to javascript/ql/examples/snippets/taggedtemplates.ql diff --git a/javascript/ql/examples/todocomment.ql b/javascript/ql/examples/snippets/todocomment.ql similarity index 100% rename from javascript/ql/examples/todocomment.ql rename to javascript/ql/examples/snippets/todocomment.ql diff --git a/javascript/ql/examples/toomanyparams.ql b/javascript/ql/examples/snippets/toomanyparams.ql similarity index 100% rename from javascript/ql/examples/toomanyparams.ql rename to javascript/ql/examples/snippets/toomanyparams.ql diff --git a/javascript/ql/examples/vardecl.ql b/javascript/ql/examples/snippets/vardecl.ql similarity index 100% rename from javascript/ql/examples/vardecl.ql rename to javascript/ql/examples/snippets/vardecl.ql diff --git a/javascript/ql/examples/varref.ql b/javascript/ql/examples/snippets/varref.ql similarity index 100% rename from javascript/ql/examples/varref.ql rename to javascript/ql/examples/snippets/varref.ql diff --git a/javascript/ql/examples/yieldundefined.ql b/javascript/ql/examples/snippets/yieldundefined.ql similarity index 100% rename from javascript/ql/examples/yieldundefined.ql rename to javascript/ql/examples/snippets/yieldundefined.ql diff --git a/python/ql/examples/backticks.ql b/python/ql/examples/snippets/backticks.ql similarity index 100% rename from python/ql/examples/backticks.ql rename to python/ql/examples/snippets/backticks.ql diff --git a/python/ql/examples/builtin_object.ql b/python/ql/examples/snippets/builtin_object.ql similarity index 100% rename from python/ql/examples/builtin_object.ql rename to python/ql/examples/snippets/builtin_object.ql diff --git a/python/ql/examples/call.ql b/python/ql/examples/snippets/call.ql similarity index 100% rename from python/ql/examples/call.ql rename to python/ql/examples/snippets/call.ql diff --git a/python/ql/examples/catch_exception.ql b/python/ql/examples/snippets/catch_exception.ql similarity index 100% rename from python/ql/examples/catch_exception.ql rename to python/ql/examples/snippets/catch_exception.ql diff --git a/python/ql/examples/conditional_expression.ql b/python/ql/examples/snippets/conditional_expression.ql similarity index 100% rename from python/ql/examples/conditional_expression.ql rename to python/ql/examples/snippets/conditional_expression.ql diff --git a/python/ql/examples/elif.ql b/python/ql/examples/snippets/elif.ql similarity index 100% rename from python/ql/examples/elif.ql rename to python/ql/examples/snippets/elif.ql diff --git a/python/ql/examples/emptyblock.ql b/python/ql/examples/snippets/emptyblock.ql similarity index 100% rename from python/ql/examples/emptyblock.ql rename to python/ql/examples/snippets/emptyblock.ql diff --git a/python/ql/examples/emptythen.ql b/python/ql/examples/snippets/emptythen.ql similarity index 100% rename from python/ql/examples/emptythen.ql rename to python/ql/examples/snippets/emptythen.ql diff --git a/python/ql/examples/eq_true.ql b/python/ql/examples/snippets/eq_true.ql similarity index 100% rename from python/ql/examples/eq_true.ql rename to python/ql/examples/snippets/eq_true.ql diff --git a/python/ql/examples/equalitystmt.ql b/python/ql/examples/snippets/equalitystmt.ql similarity index 100% rename from python/ql/examples/equalitystmt.ql rename to python/ql/examples/snippets/equalitystmt.ql diff --git a/python/ql/examples/extend_class.ql b/python/ql/examples/snippets/extend_class.ql similarity index 100% rename from python/ql/examples/extend_class.ql rename to python/ql/examples/snippets/extend_class.ql diff --git a/python/ql/examples/filename.ql b/python/ql/examples/snippets/filename.ql similarity index 100% rename from python/ql/examples/filename.ql rename to python/ql/examples/snippets/filename.ql diff --git a/python/ql/examples/generator.ql b/python/ql/examples/snippets/generator.ql similarity index 100% rename from python/ql/examples/generator.ql rename to python/ql/examples/snippets/generator.ql diff --git a/python/ql/examples/integer_literal.ql b/python/ql/examples/snippets/integer_literal.ql similarity index 100% rename from python/ql/examples/integer_literal.ql rename to python/ql/examples/snippets/integer_literal.ql diff --git a/python/ql/examples/method_call.ql b/python/ql/examples/snippets/method_call.ql similarity index 100% rename from python/ql/examples/method_call.ql rename to python/ql/examples/snippets/method_call.ql diff --git a/python/ql/examples/mutualrecursion.ql b/python/ql/examples/snippets/mutualrecursion.ql similarity index 100% rename from python/ql/examples/mutualrecursion.ql rename to python/ql/examples/snippets/mutualrecursion.ql diff --git a/python/ql/examples/new_instance.ql b/python/ql/examples/snippets/new_instance.ql similarity index 100% rename from python/ql/examples/new_instance.ql rename to python/ql/examples/snippets/new_instance.ql diff --git a/python/ql/examples/override_method.ql b/python/ql/examples/snippets/override_method.ql similarity index 100% rename from python/ql/examples/override_method.ql rename to python/ql/examples/snippets/override_method.ql diff --git a/python/ql/examples/print.ql b/python/ql/examples/snippets/print.ql similarity index 100% rename from python/ql/examples/print.ql rename to python/ql/examples/snippets/print.ql diff --git a/python/ql/examples/private_access.ql b/python/ql/examples/snippets/private_access.ql similarity index 100% rename from python/ql/examples/private_access.ql rename to python/ql/examples/snippets/private_access.ql diff --git a/python/ql/examples/raise_exception.ql b/python/ql/examples/snippets/raise_exception.ql similarity index 100% rename from python/ql/examples/raise_exception.ql rename to python/ql/examples/snippets/raise_exception.ql diff --git a/python/ql/examples/raw_string.ql b/python/ql/examples/snippets/raw_string.ql similarity index 100% rename from python/ql/examples/raw_string.ql rename to python/ql/examples/snippets/raw_string.ql diff --git a/python/ql/examples/recursion.ql b/python/ql/examples/snippets/recursion.ql similarity index 100% rename from python/ql/examples/recursion.ql rename to python/ql/examples/snippets/recursion.ql diff --git a/python/ql/examples/singlequotestring.ql b/python/ql/examples/snippets/singlequotestring.ql similarity index 100% rename from python/ql/examples/singlequotestring.ql rename to python/ql/examples/snippets/singlequotestring.ql diff --git a/python/ql/examples/store_none.ql b/python/ql/examples/snippets/store_none.ql similarity index 100% rename from python/ql/examples/store_none.ql rename to python/ql/examples/snippets/store_none.ql diff --git a/python/ql/examples/todocomment.ql b/python/ql/examples/snippets/todocomment.ql similarity index 100% rename from python/ql/examples/todocomment.ql rename to python/ql/examples/snippets/todocomment.ql diff --git a/python/ql/examples/too_many_params.ql b/python/ql/examples/snippets/too_many_params.ql similarity index 100% rename from python/ql/examples/too_many_params.ql rename to python/ql/examples/snippets/too_many_params.ql diff --git a/python/ql/examples/tryfinally.ql b/python/ql/examples/snippets/tryfinally.ql similarity index 100% rename from python/ql/examples/tryfinally.ql rename to python/ql/examples/snippets/tryfinally.ql From ccde7cf6cf01ff74c638f4ad2a28238baf93f175 Mon Sep 17 00:00:00 2001 From: Arthur Baars Date: Thu, 25 Jul 2019 15:43:39 +0200 Subject: [PATCH 3/5] Add @id to example queries --- cpp/ql/examples/snippets/addressof.ql | 1 + cpp/ql/examples/snippets/arrayaccess.ql | 1 + cpp/ql/examples/snippets/castexpr.ql | 1 + cpp/ql/examples/snippets/catch_exception.ql | 1 + cpp/ql/examples/snippets/constructor_call.ql | 1 + cpp/ql/examples/snippets/derives_from_class.ql | 1 + cpp/ql/examples/snippets/emptyblock.ql | 1 + cpp/ql/examples/snippets/emptythen.ql | 1 + cpp/ql/examples/snippets/eq_true.ql | 1 + cpp/ql/examples/snippets/field_access.ql | 1 + cpp/ql/examples/snippets/function_call.ql | 1 + cpp/ql/examples/snippets/integer_literal.ql | 1 + cpp/ql/examples/snippets/mutualrecursion.ql | 1 + cpp/ql/examples/snippets/override_method.ql | 1 + cpp/ql/examples/snippets/returnstatement.ql | 1 + cpp/ql/examples/snippets/singletonblock.ql | 1 + cpp/ql/examples/snippets/switchcase.ql | 1 + cpp/ql/examples/snippets/ternaryconditional.ql | 1 + cpp/ql/examples/snippets/throw_exception.ql | 1 + cpp/ql/examples/snippets/todocomment.ql | 1 + cpp/ql/examples/snippets/toomanyparams.ql | 1 + cpp/ql/examples/snippets/unusedlocalvar.ql | 1 + cpp/ql/examples/snippets/unusedmethod.ql | 1 + cpp/ql/examples/snippets/unusedparam.ql | 1 + cpp/ql/examples/snippets/voidreturntype.ql | 1 + cpp/ql/examples/snippets/volatilevariable.ql | 1 + csharp/ql/examples/snippets/array_access.ql | 1 + csharp/ql/examples/snippets/cast_expr.ql | 1 + csharp/ql/examples/snippets/catch_exception.ql | 1 + csharp/ql/examples/snippets/constructor_call.ql | 1 + csharp/ql/examples/snippets/empty_block.ql | 1 + csharp/ql/examples/snippets/empty_then.ql | 1 + csharp/ql/examples/snippets/eq_true.ql | 1 + csharp/ql/examples/snippets/extend_class.ql | 1 + csharp/ql/examples/snippets/extern_method.ql | 1 + csharp/ql/examples/snippets/field_read.ql | 1 + csharp/ql/examples/snippets/integer_literal.ql | 1 + csharp/ql/examples/snippets/method_call.ql | 1 + csharp/ql/examples/snippets/mutual_recursion.ql | 1 + csharp/ql/examples/snippets/null_argument.ql | 1 + csharp/ql/examples/snippets/override_method.ql | 1 + csharp/ql/examples/snippets/qualifier.ql | 1 + csharp/ql/examples/snippets/return_statement.ql | 1 + csharp/ql/examples/snippets/singleton_block.ql | 1 + csharp/ql/examples/snippets/switch_case.ql | 1 + csharp/ql/examples/snippets/ternary_conditional.ql | 1 + csharp/ql/examples/snippets/throw_exception.ql | 1 + csharp/ql/examples/snippets/todo_comment.ql | 1 + csharp/ql/examples/snippets/too_many_params.ql | 1 + csharp/ql/examples/snippets/try_finally.ql | 1 + csharp/ql/examples/snippets/unused_local_var.ql | 1 + csharp/ql/examples/snippets/unused_param.ql | 1 + csharp/ql/examples/snippets/void_return_type.ql | 1 + csharp/ql/examples/snippets/volatile_field.ql | 1 + java/ql/examples/snippets/arrayaccess.ql | 1 + java/ql/examples/snippets/castexpr.ql | 1 + java/ql/examples/snippets/catch_exception.ql | 1 + java/ql/examples/snippets/constructor_call.ql | 1 + java/ql/examples/snippets/emptyblock.ql | 1 + java/ql/examples/snippets/emptythen.ql | 1 + java/ql/examples/snippets/eq_true.ql | 1 + java/ql/examples/snippets/extend_class.ql | 1 + java/ql/examples/snippets/field_read.ql | 1 + java/ql/examples/snippets/integer_literal.ql | 1 + java/ql/examples/snippets/method_call.ql | 1 + java/ql/examples/snippets/mutualrecursion.ql | 1 + java/ql/examples/snippets/nativemethod.ql | 1 + java/ql/examples/snippets/null_argument.ql | 1 + java/ql/examples/snippets/override_method.ql | 1 + java/ql/examples/snippets/qualifiedthis.ql | 1 + java/ql/examples/snippets/returnstatement.ql | 1 + java/ql/examples/snippets/singletonblock.ql | 1 + java/ql/examples/snippets/switchcase.ql | 1 + java/ql/examples/snippets/synchronizedmethod.ql | 1 + java/ql/examples/snippets/ternaryconditional.ql | 1 + java/ql/examples/snippets/throw_exception.ql | 1 + java/ql/examples/snippets/todocomment.ql | 1 + java/ql/examples/snippets/toomanyparams.ql | 1 + java/ql/examples/snippets/tryfinally.ql | 1 + java/ql/examples/snippets/unusedlocalvar.ql | 1 + java/ql/examples/snippets/unusedmethod.ql | 1 + java/ql/examples/snippets/unusedparam.ql | 1 + java/ql/examples/snippets/voidreturntype.ql | 1 + java/ql/examples/snippets/volatilefield.ql | 1 + javascript/ql/examples/snippets/argumentsparam.ql | 1 + javascript/ql/examples/snippets/call.ql | 1 + javascript/ql/examples/snippets/callback.ql | 1 + javascript/ql/examples/snippets/classdefltctor.ql | 1 + javascript/ql/examples/snippets/classname.ql | 1 + javascript/ql/examples/snippets/constantbrackets.ql | 1 + javascript/ql/examples/snippets/emptyblock.ql | 1 + javascript/ql/examples/snippets/emptythen.ql | 1 + javascript/ql/examples/snippets/equalitystmt.ql | 1 + javascript/ql/examples/snippets/evenness.ql | 1 + javascript/ql/examples/snippets/exportfn.ql | 1 + javascript/ql/examples/snippets/filename.ql | 1 + javascript/ql/examples/snippets/fnnoreturn.ql | 1 + javascript/ql/examples/snippets/generator.ql | 1 + javascript/ql/examples/snippets/iife.ql | 1 + javascript/ql/examples/snippets/importfrom.ql | 1 + javascript/ql/examples/snippets/jsxattribute.ql | 1 + javascript/ql/examples/snippets/methodcall.ql | 1 + javascript/ql/examples/snippets/namedfnexpr.ql | 1 + javascript/ql/examples/snippets/newexpr.ql | 1 + javascript/ql/examples/snippets/propaccess.ql | 1 + javascript/ql/examples/snippets/rendermethod.ql | 1 + javascript/ql/examples/snippets/singlequotestring.ql | 1 + javascript/ql/examples/snippets/singletonblock.ql | 1 + javascript/ql/examples/snippets/taggedtemplates.ql | 1 + javascript/ql/examples/snippets/todocomment.ql | 1 + javascript/ql/examples/snippets/toomanyparams.ql | 1 + javascript/ql/examples/snippets/vardecl.ql | 1 + javascript/ql/examples/snippets/varref.ql | 1 + javascript/ql/examples/snippets/yieldundefined.ql | 1 + python/ql/examples/snippets/backticks.ql | 1 + python/ql/examples/snippets/builtin_object.ql | 1 + python/ql/examples/snippets/call.ql | 1 + python/ql/examples/snippets/catch_exception.ql | 1 + python/ql/examples/snippets/conditional_expression.ql | 1 + python/ql/examples/snippets/elif.ql | 1 + python/ql/examples/snippets/emptyblock.ql | 1 + python/ql/examples/snippets/emptythen.ql | 1 + python/ql/examples/snippets/eq_true.ql | 1 + python/ql/examples/snippets/equalitystmt.ql | 1 + python/ql/examples/snippets/extend_class.ql | 1 + python/ql/examples/snippets/filename.ql | 1 + python/ql/examples/snippets/generator.ql | 1 + python/ql/examples/snippets/integer_literal.ql | 1 + python/ql/examples/snippets/method_call.ql | 1 + python/ql/examples/snippets/mutualrecursion.ql | 1 + python/ql/examples/snippets/new_instance.ql | 1 + python/ql/examples/snippets/override_method.ql | 1 + python/ql/examples/snippets/print.ql | 1 + python/ql/examples/snippets/private_access.ql | 1 + python/ql/examples/snippets/raise_exception.ql | 1 + python/ql/examples/snippets/raw_string.ql | 1 + python/ql/examples/snippets/recursion.ql | 1 + python/ql/examples/snippets/singlequotestring.ql | 1 + python/ql/examples/snippets/store_none.ql | 1 + python/ql/examples/snippets/todocomment.ql | 1 + python/ql/examples/snippets/too_many_params.ql | 1 + python/ql/examples/snippets/tryfinally.ql | 1 + 142 files changed, 142 insertions(+) diff --git a/cpp/ql/examples/snippets/addressof.ql b/cpp/ql/examples/snippets/addressof.ql index ec2c27b5a17..d6fdd4ad346 100644 --- a/cpp/ql/examples/snippets/addressof.ql +++ b/cpp/ql/examples/snippets/addressof.ql @@ -1,4 +1,5 @@ /** + * @id cpp/examples/addressof * @name Address of reference variable * @description Finds address-of expressions (`&`) that take the address * of a reference variable diff --git a/cpp/ql/examples/snippets/arrayaccess.ql b/cpp/ql/examples/snippets/arrayaccess.ql index 155210618ea..6a7f600571d 100644 --- a/cpp/ql/examples/snippets/arrayaccess.ql +++ b/cpp/ql/examples/snippets/arrayaccess.ql @@ -1,4 +1,5 @@ /** + * @id cpp/examples/arrayaccess * @name Array access * @description Finds array access expressions with an index expression * consisting of a postfix increment (`++`) expression. diff --git a/cpp/ql/examples/snippets/castexpr.ql b/cpp/ql/examples/snippets/castexpr.ql index d556bbff5d0..d6ad9f6e307 100644 --- a/cpp/ql/examples/snippets/castexpr.ql +++ b/cpp/ql/examples/snippets/castexpr.ql @@ -1,4 +1,5 @@ /** + * @id cpp/examples/castexpr * @name Cast expressions * @description Finds casts from a floating point type to an integer type * @tags cast diff --git a/cpp/ql/examples/snippets/catch_exception.ql b/cpp/ql/examples/snippets/catch_exception.ql index 233ebc0460d..cad9820fef0 100644 --- a/cpp/ql/examples/snippets/catch_exception.ql +++ b/cpp/ql/examples/snippets/catch_exception.ql @@ -1,4 +1,5 @@ /** + * @id cpp/examples/catch-exception * @name Catch exception * @description Finds places where we catch exceptions of type `parse_error` * @tags catch diff --git a/cpp/ql/examples/snippets/constructor_call.ql b/cpp/ql/examples/snippets/constructor_call.ql index 1bab2b45e01..d584899530c 100644 --- a/cpp/ql/examples/snippets/constructor_call.ql +++ b/cpp/ql/examples/snippets/constructor_call.ql @@ -1,4 +1,5 @@ /** + * @id cpp/examples/constructor-call * @name Call to constructor * @description Finds places where we call `new MyClass(...)` * @tags call diff --git a/cpp/ql/examples/snippets/derives_from_class.ql b/cpp/ql/examples/snippets/derives_from_class.ql index 2ec18f69305..996a2534da1 100644 --- a/cpp/ql/examples/snippets/derives_from_class.ql +++ b/cpp/ql/examples/snippets/derives_from_class.ql @@ -1,4 +1,5 @@ /** + * @id cpp/examples/derives-from-class * @name Class derives from * @description Finds classes that derive from `std::exception` * @tags base diff --git a/cpp/ql/examples/snippets/emptyblock.ql b/cpp/ql/examples/snippets/emptyblock.ql index ccc648b78fe..2f1e198fc59 100644 --- a/cpp/ql/examples/snippets/emptyblock.ql +++ b/cpp/ql/examples/snippets/emptyblock.ql @@ -1,4 +1,5 @@ /** + * @id cpp/examples/emptyblock * @name Empty blocks * @description Finds empty block statements * @tags empty diff --git a/cpp/ql/examples/snippets/emptythen.ql b/cpp/ql/examples/snippets/emptythen.ql index 4dae8641f5c..0ae060838d2 100644 --- a/cpp/ql/examples/snippets/emptythen.ql +++ b/cpp/ql/examples/snippets/emptythen.ql @@ -1,4 +1,5 @@ /** + * @id cpp/examples/emptythen * @name If statements with empty then branch * @description Finds `if` statements where the `then` branch is * an empty block statement diff --git a/cpp/ql/examples/snippets/eq_true.ql b/cpp/ql/examples/snippets/eq_true.ql index 60bca365467..f91287cd371 100644 --- a/cpp/ql/examples/snippets/eq_true.ql +++ b/cpp/ql/examples/snippets/eq_true.ql @@ -1,4 +1,5 @@ /** + * @id cpp/examples/eq-true * @name Equality test on boolean * @description Finds tests like `==true`, `!=true` * @tags equal diff --git a/cpp/ql/examples/snippets/field_access.ql b/cpp/ql/examples/snippets/field_access.ql index 5cd2e09d569..5e65225c3e8 100644 --- a/cpp/ql/examples/snippets/field_access.ql +++ b/cpp/ql/examples/snippets/field_access.ql @@ -1,4 +1,5 @@ /** + * @id cpp/examples/field-access * @name Access of field * @description Finds reads of `aDate` (defined on class `Order`) * @tags access diff --git a/cpp/ql/examples/snippets/function_call.ql b/cpp/ql/examples/snippets/function_call.ql index 3791733c163..5390974a604 100644 --- a/cpp/ql/examples/snippets/function_call.ql +++ b/cpp/ql/examples/snippets/function_call.ql @@ -1,4 +1,5 @@ /** + * @id cpp/examples/function-call * @name Call to function * @description Finds calls to `std::map<...>::find()` * @tags call diff --git a/cpp/ql/examples/snippets/integer_literal.ql b/cpp/ql/examples/snippets/integer_literal.ql index affb5349861..4da8c0494b7 100644 --- a/cpp/ql/examples/snippets/integer_literal.ql +++ b/cpp/ql/examples/snippets/integer_literal.ql @@ -1,4 +1,5 @@ /** + * @id cpp/examples/integer-literal * @name Integer literal * @description Finds places where we use the integer literal `2` * @tags integer diff --git a/cpp/ql/examples/snippets/mutualrecursion.ql b/cpp/ql/examples/snippets/mutualrecursion.ql index a487db8ba34..744c4de5832 100644 --- a/cpp/ql/examples/snippets/mutualrecursion.ql +++ b/cpp/ql/examples/snippets/mutualrecursion.ql @@ -1,4 +1,5 @@ /** + * @id cpp/examples/mutualrecursion * @name Mutual recursion * @description Finds pairs of functions that call each other * @tags function diff --git a/cpp/ql/examples/snippets/override_method.ql b/cpp/ql/examples/snippets/override_method.ql index bbe49da897b..4917437b666 100644 --- a/cpp/ql/examples/snippets/override_method.ql +++ b/cpp/ql/examples/snippets/override_method.ql @@ -1,4 +1,5 @@ /** + * @id cpp/examples/override-method * @name Override of method * @description Finds methods that override `std::exception::what()` * @tags function diff --git a/cpp/ql/examples/snippets/returnstatement.ql b/cpp/ql/examples/snippets/returnstatement.ql index d7558d51da0..bf52adc674a 100644 --- a/cpp/ql/examples/snippets/returnstatement.ql +++ b/cpp/ql/examples/snippets/returnstatement.ql @@ -1,4 +1,5 @@ /** + * @id cpp/examples/returnstatement * @name Return statements * @description Finds return statements that return `0` * @tags return diff --git a/cpp/ql/examples/snippets/singletonblock.ql b/cpp/ql/examples/snippets/singletonblock.ql index a698cb1bf37..a265d84a0da 100644 --- a/cpp/ql/examples/snippets/singletonblock.ql +++ b/cpp/ql/examples/snippets/singletonblock.ql @@ -1,4 +1,5 @@ /** + * @id cpp/examples/singletonblock * @name Singleton blocks * @description Finds block statements containing a single statement * @tags block diff --git a/cpp/ql/examples/snippets/switchcase.ql b/cpp/ql/examples/snippets/switchcase.ql index 1068a8d5d70..576d7386c80 100644 --- a/cpp/ql/examples/snippets/switchcase.ql +++ b/cpp/ql/examples/snippets/switchcase.ql @@ -1,4 +1,5 @@ /** + * @id cpp/examples/switchcase * @name Switch statement case missing * @description Finds switch statements with a missing enum constant case * and no default case diff --git a/cpp/ql/examples/snippets/ternaryconditional.ql b/cpp/ql/examples/snippets/ternaryconditional.ql index d44a7e4babc..74b3bc7cdd5 100644 --- a/cpp/ql/examples/snippets/ternaryconditional.ql +++ b/cpp/ql/examples/snippets/ternaryconditional.ql @@ -1,4 +1,5 @@ /** + * @id cpp/examples/ternaryconditional * @name Conditional expressions * @description Finds conditional expressions of the form `... ? ... : ...` * where the types of the resulting expressions differ diff --git a/cpp/ql/examples/snippets/throw_exception.ql b/cpp/ql/examples/snippets/throw_exception.ql index 5b66dec5197..d8525de3373 100644 --- a/cpp/ql/examples/snippets/throw_exception.ql +++ b/cpp/ql/examples/snippets/throw_exception.ql @@ -1,4 +1,5 @@ /** + * @id cpp/examples/throw-exception * @name Throw exception of type * @description Finds places where we throw `parse_error` or one of its sub-types * @tags base diff --git a/cpp/ql/examples/snippets/todocomment.ql b/cpp/ql/examples/snippets/todocomment.ql index 6ab8c653a71..d11782bada0 100644 --- a/cpp/ql/examples/snippets/todocomment.ql +++ b/cpp/ql/examples/snippets/todocomment.ql @@ -1,4 +1,5 @@ /** + * @id cpp/examples/todocomment * @name TODO comments * @description Finds comments containing the word "TODO" * @tags comment diff --git a/cpp/ql/examples/snippets/toomanyparams.ql b/cpp/ql/examples/snippets/toomanyparams.ql index 1f3eb14f4f2..318550fe463 100644 --- a/cpp/ql/examples/snippets/toomanyparams.ql +++ b/cpp/ql/examples/snippets/toomanyparams.ql @@ -1,4 +1,5 @@ /** + * @id cpp/examples/toomanyparams * @name Functions with many parameters * @description Finds functions or methods with more than 10 parameters * @tags function diff --git a/cpp/ql/examples/snippets/unusedlocalvar.ql b/cpp/ql/examples/snippets/unusedlocalvar.ql index 65599404990..a6fdbb8ec42 100644 --- a/cpp/ql/examples/snippets/unusedlocalvar.ql +++ b/cpp/ql/examples/snippets/unusedlocalvar.ql @@ -1,4 +1,5 @@ /** + * @id cpp/examples/unusedlocalvar * @name Unused local variable * @description Finds local variables that are not accessed * @tags variable diff --git a/cpp/ql/examples/snippets/unusedmethod.ql b/cpp/ql/examples/snippets/unusedmethod.ql index 2ebd341b7bb..7544b24e347 100644 --- a/cpp/ql/examples/snippets/unusedmethod.ql +++ b/cpp/ql/examples/snippets/unusedmethod.ql @@ -1,4 +1,5 @@ /** + * @id cpp/examples/unusedmethod * @name Unused private method * @description Finds private non-virtual methods that are not accessed * @tags method diff --git a/cpp/ql/examples/snippets/unusedparam.ql b/cpp/ql/examples/snippets/unusedparam.ql index db69b0f7253..07a3fc46ffe 100644 --- a/cpp/ql/examples/snippets/unusedparam.ql +++ b/cpp/ql/examples/snippets/unusedparam.ql @@ -1,4 +1,5 @@ /** + * @id cpp/examples/unusedparam * @name Unused parameter * @description Finds parameters that are not accessed * @tags parameter diff --git a/cpp/ql/examples/snippets/voidreturntype.ql b/cpp/ql/examples/snippets/voidreturntype.ql index 4cd687226d4..dee01207af7 100644 --- a/cpp/ql/examples/snippets/voidreturntype.ql +++ b/cpp/ql/examples/snippets/voidreturntype.ql @@ -1,4 +1,5 @@ /** + * @id cpp/examples/voidreturntype * @name Const method without return type * @description Finds const methods whose return type is `void` * @tags const diff --git a/cpp/ql/examples/snippets/volatilevariable.ql b/cpp/ql/examples/snippets/volatilevariable.ql index a634a3bda6b..8d97d1619da 100644 --- a/cpp/ql/examples/snippets/volatilevariable.ql +++ b/cpp/ql/examples/snippets/volatilevariable.ql @@ -1,4 +1,5 @@ /** + * @id cpp/examples/volatilevariable * @name Variable declared volatile * @description Finds variables with a `volatile` modifier * @tags variable diff --git a/csharp/ql/examples/snippets/array_access.ql b/csharp/ql/examples/snippets/array_access.ql index afda978b035..976a3294d03 100644 --- a/csharp/ql/examples/snippets/array_access.ql +++ b/csharp/ql/examples/snippets/array_access.ql @@ -1,4 +1,5 @@ /** + * @id cs/examples/array-access * @name Array access * @description Finds array access expressions with an index expression * consisting of a unary increment or decrement, e.g. 'a[i++]'. diff --git a/csharp/ql/examples/snippets/cast_expr.ql b/csharp/ql/examples/snippets/cast_expr.ql index bb4cf84108a..b95b1155af8 100644 --- a/csharp/ql/examples/snippets/cast_expr.ql +++ b/csharp/ql/examples/snippets/cast_expr.ql @@ -1,4 +1,5 @@ /** + * @id cs/examples/cast-expr * @name Cast expressions * @description Finds casts from a floating point type to an integer type. * @tags cast diff --git a/csharp/ql/examples/snippets/catch_exception.ql b/csharp/ql/examples/snippets/catch_exception.ql index 2167eab2989..a8863497604 100644 --- a/csharp/ql/examples/snippets/catch_exception.ql +++ b/csharp/ql/examples/snippets/catch_exception.ql @@ -1,4 +1,5 @@ /** + * @id cs/examples/catch-exception * @name Catch exception * @description Finds places where we catch exceptions of type 'System.IO.IOException'. * @tags catch diff --git a/csharp/ql/examples/snippets/constructor_call.ql b/csharp/ql/examples/snippets/constructor_call.ql index 2f9c62d6fe8..6c1d17d8e38 100644 --- a/csharp/ql/examples/snippets/constructor_call.ql +++ b/csharp/ql/examples/snippets/constructor_call.ql @@ -1,4 +1,5 @@ /** + * @id cs/examples/constructor-call * @name Call to constructor * @description Finds places where we call 'new System.Exception(...)'. * @tags call diff --git a/csharp/ql/examples/snippets/empty_block.ql b/csharp/ql/examples/snippets/empty_block.ql index 5ef1e06afd6..62dfc4faca1 100644 --- a/csharp/ql/examples/snippets/empty_block.ql +++ b/csharp/ql/examples/snippets/empty_block.ql @@ -1,4 +1,5 @@ /** + * @id cs/examples/empty-block * @name Empty blocks * @description Finds empty block statements. * @tags empty diff --git a/csharp/ql/examples/snippets/empty_then.ql b/csharp/ql/examples/snippets/empty_then.ql index 5f3c67f21c5..e7e483f5c68 100644 --- a/csharp/ql/examples/snippets/empty_then.ql +++ b/csharp/ql/examples/snippets/empty_then.ql @@ -1,4 +1,5 @@ /** + * @id cs/examples/empty-then * @name If statements with empty then branch * @description Finds 'if' statements where the 'then' branch is * an empty block statement. diff --git a/csharp/ql/examples/snippets/eq_true.ql b/csharp/ql/examples/snippets/eq_true.ql index 39f900a705a..26a3a005bf7 100644 --- a/csharp/ql/examples/snippets/eq_true.ql +++ b/csharp/ql/examples/snippets/eq_true.ql @@ -1,4 +1,5 @@ /** + * @id cs/examples/eq-true * @name Equality test on Boolean * @description Finds tests like 'x==true', 'x==false', 'x!=true', '!=false'. * @tags equals diff --git a/csharp/ql/examples/snippets/extend_class.ql b/csharp/ql/examples/snippets/extend_class.ql index 21283c80b32..310c78d1cd7 100644 --- a/csharp/ql/examples/snippets/extend_class.ql +++ b/csharp/ql/examples/snippets/extend_class.ql @@ -1,4 +1,5 @@ /** + * @id cs/examples/extend-class * @name Class extends/implements * @description Finds classes/interfaces that extend/implement 'System.Collections.IEnumerator'. * @tags class diff --git a/csharp/ql/examples/snippets/extern_method.ql b/csharp/ql/examples/snippets/extern_method.ql index b5a55fb3c47..7accb92e15b 100644 --- a/csharp/ql/examples/snippets/extern_method.ql +++ b/csharp/ql/examples/snippets/extern_method.ql @@ -1,4 +1,5 @@ /** + * @id cs/examples/extern-method * @name Extern methods * @description Finds methods that are 'extern'. * @tags method diff --git a/csharp/ql/examples/snippets/field_read.ql b/csharp/ql/examples/snippets/field_read.ql index 07c9d589fea..2a8dd9916b1 100644 --- a/csharp/ql/examples/snippets/field_read.ql +++ b/csharp/ql/examples/snippets/field_read.ql @@ -1,4 +1,5 @@ /** + * @id cs/examples/field-read * @name Read of field * @description Finds reads of 'VirtualAddress' (defined on 'Mono.Cecil.PE.Section'). * @tags field diff --git a/csharp/ql/examples/snippets/integer_literal.ql b/csharp/ql/examples/snippets/integer_literal.ql index 3e204d87e07..26bd72f4994 100644 --- a/csharp/ql/examples/snippets/integer_literal.ql +++ b/csharp/ql/examples/snippets/integer_literal.ql @@ -1,4 +1,5 @@ /** + * @id cs/examples/integer-literal * @name Integer literal * @description Finds places where we use the integer literal '0'. * @tags integer diff --git a/csharp/ql/examples/snippets/method_call.ql b/csharp/ql/examples/snippets/method_call.ql index b78badd1f6f..3419f9abeab 100644 --- a/csharp/ql/examples/snippets/method_call.ql +++ b/csharp/ql/examples/snippets/method_call.ql @@ -1,4 +1,5 @@ /** + * @id cs/examples/method-call * @name Call to method * @description Finds calls to method 'Company.Class.MethodName'. * @tags call diff --git a/csharp/ql/examples/snippets/mutual_recursion.ql b/csharp/ql/examples/snippets/mutual_recursion.ql index d2f52e43783..5c55cd95ade 100644 --- a/csharp/ql/examples/snippets/mutual_recursion.ql +++ b/csharp/ql/examples/snippets/mutual_recursion.ql @@ -1,4 +1,5 @@ /** + * @id cs/examples/mutual-recursion * @name Mutual recursion * @description Finds pairs of methods that call each other. * @tags method diff --git a/csharp/ql/examples/snippets/null_argument.ql b/csharp/ql/examples/snippets/null_argument.ql index 8116c6a5de7..fb5c29d2301 100644 --- a/csharp/ql/examples/snippets/null_argument.ql +++ b/csharp/ql/examples/snippets/null_argument.ql @@ -1,4 +1,5 @@ /** + * @id cs/examples/null-argument * @name Add null to collection * @description Finds places where we add 'null' to a collection. * @tags null diff --git a/csharp/ql/examples/snippets/override_method.ql b/csharp/ql/examples/snippets/override_method.ql index 036cdb78fa9..0e022864604 100644 --- a/csharp/ql/examples/snippets/override_method.ql +++ b/csharp/ql/examples/snippets/override_method.ql @@ -1,4 +1,5 @@ /** + * @id cs/examples/override-method * @name Override of method * @description Finds methods that directly override 'Object.ToString'. * @tags method diff --git a/csharp/ql/examples/snippets/qualifier.ql b/csharp/ql/examples/snippets/qualifier.ql index cc238a7e9e0..3243aafb514 100644 --- a/csharp/ql/examples/snippets/qualifier.ql +++ b/csharp/ql/examples/snippets/qualifier.ql @@ -1,4 +1,5 @@ /** + * @id cs/examples/qualifier * @name Expression qualifier * @description Finds qualified expressions (e.g. 'a.b()') and their qualifiers ('a'). * @tags qualifier diff --git a/csharp/ql/examples/snippets/return_statement.ql b/csharp/ql/examples/snippets/return_statement.ql index a1c781c547e..63ddebe222e 100644 --- a/csharp/ql/examples/snippets/return_statement.ql +++ b/csharp/ql/examples/snippets/return_statement.ql @@ -1,4 +1,5 @@ /** + * @id cs/examples/return-statement * @name Return statements * @description Finds return statements that return 'null'. * @tags return diff --git a/csharp/ql/examples/snippets/singleton_block.ql b/csharp/ql/examples/snippets/singleton_block.ql index 3f85f855ef9..0c492f1b307 100644 --- a/csharp/ql/examples/snippets/singleton_block.ql +++ b/csharp/ql/examples/snippets/singleton_block.ql @@ -1,4 +1,5 @@ /** + * @id cs/examples/singleton-block * @name Singleton blocks * @description Finds block statements containing a single statement. * @tags block diff --git a/csharp/ql/examples/snippets/switch_case.ql b/csharp/ql/examples/snippets/switch_case.ql index ce5171b980a..0fd378dae03 100644 --- a/csharp/ql/examples/snippets/switch_case.ql +++ b/csharp/ql/examples/snippets/switch_case.ql @@ -1,4 +1,5 @@ /** + * @id cs/examples/switch-case * @name Switch statement case missing * @description Finds switch statements with a missing enum constant case and no default case. * @tags switch diff --git a/csharp/ql/examples/snippets/ternary_conditional.ql b/csharp/ql/examples/snippets/ternary_conditional.ql index 70068e342b4..669db8d327e 100644 --- a/csharp/ql/examples/snippets/ternary_conditional.ql +++ b/csharp/ql/examples/snippets/ternary_conditional.ql @@ -1,4 +1,5 @@ /** + * @id cs/examples/ternary-conditional * @name Conditional expressions * @description Finds conditional expressions of the form '... ? ... : ...' * where the types of the resulting expressions differ. diff --git a/csharp/ql/examples/snippets/throw_exception.ql b/csharp/ql/examples/snippets/throw_exception.ql index 4680f4e9873..d363b6fde22 100644 --- a/csharp/ql/examples/snippets/throw_exception.ql +++ b/csharp/ql/examples/snippets/throw_exception.ql @@ -1,4 +1,5 @@ /** + * @id cs/examples/throw-exception * @name Throw exception of given type * @description Finds places where we throw 'System.IO.IOException' or one of its subtypes. * @tags throw diff --git a/csharp/ql/examples/snippets/todo_comment.ql b/csharp/ql/examples/snippets/todo_comment.ql index bbe39425040..f99957a535e 100644 --- a/csharp/ql/examples/snippets/todo_comment.ql +++ b/csharp/ql/examples/snippets/todo_comment.ql @@ -1,4 +1,5 @@ /** + * @id cs/examples/todo-comment * @name TODO comments * @description Finds comments containing the word "TODO". * @tags comment diff --git a/csharp/ql/examples/snippets/too_many_params.ql b/csharp/ql/examples/snippets/too_many_params.ql index 348a6f5927c..d8de4f9127f 100644 --- a/csharp/ql/examples/snippets/too_many_params.ql +++ b/csharp/ql/examples/snippets/too_many_params.ql @@ -1,4 +1,5 @@ /** + * @id cs/examples/too-many-params * @name Methods with many parameters * @description Finds methods with more than ten parameters. * @tags method diff --git a/csharp/ql/examples/snippets/try_finally.ql b/csharp/ql/examples/snippets/try_finally.ql index 879ae6002d2..5c119b91335 100644 --- a/csharp/ql/examples/snippets/try_finally.ql +++ b/csharp/ql/examples/snippets/try_finally.ql @@ -1,4 +1,5 @@ /** + * @id cs/examples/try-finally * @name Try-finally statements * @description Finds try-finally statements without a catch clause. * @tags try diff --git a/csharp/ql/examples/snippets/unused_local_var.ql b/csharp/ql/examples/snippets/unused_local_var.ql index 74b17f69673..e4684661ee2 100644 --- a/csharp/ql/examples/snippets/unused_local_var.ql +++ b/csharp/ql/examples/snippets/unused_local_var.ql @@ -1,4 +1,5 @@ /** + * @id cs/examples/unused-local-var * @name Unused local variable * @description Finds local variables that are not accessed. * @tags variable diff --git a/csharp/ql/examples/snippets/unused_param.ql b/csharp/ql/examples/snippets/unused_param.ql index 314371550d9..9fb3608c450 100644 --- a/csharp/ql/examples/snippets/unused_param.ql +++ b/csharp/ql/examples/snippets/unused_param.ql @@ -1,4 +1,5 @@ /** + * @id cs/examples/unused-param * @name Unused parameter * @description Finds parameters that are not accessed. * @tags parameter diff --git a/csharp/ql/examples/snippets/void_return_type.ql b/csharp/ql/examples/snippets/void_return_type.ql index e3fd315cb20..efc16300d2a 100644 --- a/csharp/ql/examples/snippets/void_return_type.ql +++ b/csharp/ql/examples/snippets/void_return_type.ql @@ -1,4 +1,5 @@ /** + * @id cs/examples/void-return-type * @name Methods without return type * @description Finds methods whose return type is 'void'. * @tags method diff --git a/csharp/ql/examples/snippets/volatile_field.ql b/csharp/ql/examples/snippets/volatile_field.ql index 500b2bab03b..d6939ed7b18 100644 --- a/csharp/ql/examples/snippets/volatile_field.ql +++ b/csharp/ql/examples/snippets/volatile_field.ql @@ -1,4 +1,5 @@ /** + * @id cs/examples/volatile-field * @name Fields declared volatile * @description Finds fields with a 'volatile' modifier. * @tags field diff --git a/java/ql/examples/snippets/arrayaccess.ql b/java/ql/examples/snippets/arrayaccess.ql index d57676ce810..16b53b20a64 100644 --- a/java/ql/examples/snippets/arrayaccess.ql +++ b/java/ql/examples/snippets/arrayaccess.ql @@ -1,4 +1,5 @@ /** + * @id java/examples/arrayaccess * @name Array access * @description Finds array access expressions with an index expression * consisting of a unary assignment diff --git a/java/ql/examples/snippets/castexpr.ql b/java/ql/examples/snippets/castexpr.ql index fa25817367a..838fde6e09a 100644 --- a/java/ql/examples/snippets/castexpr.ql +++ b/java/ql/examples/snippets/castexpr.ql @@ -1,4 +1,5 @@ /** + * @id java/examples/castexpr * @name Cast expressions * @description Finds casts from a floating point type to an integer type * @tags cast diff --git a/java/ql/examples/snippets/catch_exception.ql b/java/ql/examples/snippets/catch_exception.ql index 475feef81b8..7de9af20c85 100644 --- a/java/ql/examples/snippets/catch_exception.ql +++ b/java/ql/examples/snippets/catch_exception.ql @@ -1,4 +1,5 @@ /** + * @id java/examples/catch-exception * @name Catch exception * @description Finds places where we catch exceptions of type com.example.AnException * @tags catch diff --git a/java/ql/examples/snippets/constructor_call.ql b/java/ql/examples/snippets/constructor_call.ql index bdcd812f708..f32760f0506 100644 --- a/java/ql/examples/snippets/constructor_call.ql +++ b/java/ql/examples/snippets/constructor_call.ql @@ -1,4 +1,5 @@ /** + * @id java/examples/constructor-call * @name Call to constructor * @description Finds places where we call `new com.example.Class(...)` * @tags call diff --git a/java/ql/examples/snippets/emptyblock.ql b/java/ql/examples/snippets/emptyblock.ql index 245fcfb06f3..3bba6eda938 100644 --- a/java/ql/examples/snippets/emptyblock.ql +++ b/java/ql/examples/snippets/emptyblock.ql @@ -1,4 +1,5 @@ /** + * @id java/examples/emptyblock * @name Empty blocks * @description Finds empty block statements * @tags empty diff --git a/java/ql/examples/snippets/emptythen.ql b/java/ql/examples/snippets/emptythen.ql index 6bc640fe82c..c3bc44b1215 100644 --- a/java/ql/examples/snippets/emptythen.ql +++ b/java/ql/examples/snippets/emptythen.ql @@ -1,4 +1,5 @@ /** + * @id java/examples/emptythen * @name If statements with empty then branch * @description Finds 'if' statements where the 'then' branch is * an empty block statement diff --git a/java/ql/examples/snippets/eq_true.ql b/java/ql/examples/snippets/eq_true.ql index bc53b02c2c9..74b4bd72914 100644 --- a/java/ql/examples/snippets/eq_true.ql +++ b/java/ql/examples/snippets/eq_true.ql @@ -1,4 +1,5 @@ /** + * @id java/examples/eq-true * @name Equality test on boolean * @description Finds tests like `==true`, `==false`, `!=true`, `!=false` * @tags equals diff --git a/java/ql/examples/snippets/extend_class.ql b/java/ql/examples/snippets/extend_class.ql index dfccb646974..fadbd1097f0 100644 --- a/java/ql/examples/snippets/extend_class.ql +++ b/java/ql/examples/snippets/extend_class.ql @@ -1,4 +1,5 @@ /** + * @id java/examples/extend-class * @name Class extends/implements * @description Finds classes/interfaces that extend/implement com.example.Class * @tags class diff --git a/java/ql/examples/snippets/field_read.ql b/java/ql/examples/snippets/field_read.ql index 56522e6e07f..41210d4e7df 100644 --- a/java/ql/examples/snippets/field_read.ql +++ b/java/ql/examples/snippets/field_read.ql @@ -1,4 +1,5 @@ /** + * @id java/examples/field-read * @name Read of field * @description Finds reads of aField (defined on com.example.Class) * @tags field diff --git a/java/ql/examples/snippets/integer_literal.ql b/java/ql/examples/snippets/integer_literal.ql index 1e2bbdb43df..8082c65c65c 100644 --- a/java/ql/examples/snippets/integer_literal.ql +++ b/java/ql/examples/snippets/integer_literal.ql @@ -1,4 +1,5 @@ /** + * @id java/examples/integer-literal * @name Integer literal * @description Finds places where we use the integer literal `0` * @tags integer diff --git a/java/ql/examples/snippets/method_call.ql b/java/ql/examples/snippets/method_call.ql index bf2f27481da..f54809fd619 100644 --- a/java/ql/examples/snippets/method_call.ql +++ b/java/ql/examples/snippets/method_call.ql @@ -1,4 +1,5 @@ /** + * @id java/examples/method-call * @name Call to method * @description Finds calls to com.example.Class.methodName * @tags call diff --git a/java/ql/examples/snippets/mutualrecursion.ql b/java/ql/examples/snippets/mutualrecursion.ql index 16acd73805d..5d1368a3d63 100644 --- a/java/ql/examples/snippets/mutualrecursion.ql +++ b/java/ql/examples/snippets/mutualrecursion.ql @@ -1,4 +1,5 @@ /** + * @id java/examples/mutualrecursion * @name Mutual recursion * @description Finds pairs of methods that call each other * @tags method diff --git a/java/ql/examples/snippets/nativemethod.ql b/java/ql/examples/snippets/nativemethod.ql index cb7ff5feac3..c1111219391 100644 --- a/java/ql/examples/snippets/nativemethod.ql +++ b/java/ql/examples/snippets/nativemethod.ql @@ -1,4 +1,5 @@ /** + * @id java/examples/nativemethod * @name Native methods * @description Finds methods that are native * @tags method diff --git a/java/ql/examples/snippets/null_argument.ql b/java/ql/examples/snippets/null_argument.ql index 210598938ab..41534a3b7f1 100644 --- a/java/ql/examples/snippets/null_argument.ql +++ b/java/ql/examples/snippets/null_argument.ql @@ -1,4 +1,5 @@ /** + * @id java/examples/null-argument * @name Add null to collection * @description Finds places where we add null to a collection * @tags null diff --git a/java/ql/examples/snippets/override_method.ql b/java/ql/examples/snippets/override_method.ql index 563bafdd54e..6886b86bc7d 100644 --- a/java/ql/examples/snippets/override_method.ql +++ b/java/ql/examples/snippets/override_method.ql @@ -1,4 +1,5 @@ /** + * @id java/examples/override-method * @name Override of method * @description Finds methods that override com.example.Class.baseMethod * @tags method diff --git a/java/ql/examples/snippets/qualifiedthis.ql b/java/ql/examples/snippets/qualifiedthis.ql index 35cdb5d1c7a..602bd7d5289 100644 --- a/java/ql/examples/snippets/qualifiedthis.ql +++ b/java/ql/examples/snippets/qualifiedthis.ql @@ -1,4 +1,5 @@ /** + * @id java/examples/qualifiedthis * @name Qualified 'this' access * @description Finds 'this' accesses that are qualified by a type name * @tags this diff --git a/java/ql/examples/snippets/returnstatement.ql b/java/ql/examples/snippets/returnstatement.ql index 8ace7e72931..14270dc87c2 100644 --- a/java/ql/examples/snippets/returnstatement.ql +++ b/java/ql/examples/snippets/returnstatement.ql @@ -1,4 +1,5 @@ /** + * @id java/examples/returnstatement * @name Return statements * @description Finds return statements that return 'null' * @tags return diff --git a/java/ql/examples/snippets/singletonblock.ql b/java/ql/examples/snippets/singletonblock.ql index 4937c004987..1096711e462 100644 --- a/java/ql/examples/snippets/singletonblock.ql +++ b/java/ql/examples/snippets/singletonblock.ql @@ -1,4 +1,5 @@ /** + * @id java/examples/singletonblock * @name Singleton blocks * @description Finds block statements containing a single statement * @tags block diff --git a/java/ql/examples/snippets/switchcase.ql b/java/ql/examples/snippets/switchcase.ql index b54f0d2f27a..97c215723d0 100644 --- a/java/ql/examples/snippets/switchcase.ql +++ b/java/ql/examples/snippets/switchcase.ql @@ -1,4 +1,5 @@ /** + * @id java/examples/switchcase * @name Switch statement case missing * @description Finds switch statements with a missing enum constant case and no default case * @tags switch diff --git a/java/ql/examples/snippets/synchronizedmethod.ql b/java/ql/examples/snippets/synchronizedmethod.ql index ced4481306d..c0f8afac3ee 100644 --- a/java/ql/examples/snippets/synchronizedmethod.ql +++ b/java/ql/examples/snippets/synchronizedmethod.ql @@ -1,4 +1,5 @@ /** + * @id java/examples/synchronizedmethod * @name Synchronized methods * @description Finds methods that are synchronized * @tags method diff --git a/java/ql/examples/snippets/ternaryconditional.ql b/java/ql/examples/snippets/ternaryconditional.ql index 8033c3f61e8..b6846180675 100644 --- a/java/ql/examples/snippets/ternaryconditional.ql +++ b/java/ql/examples/snippets/ternaryconditional.ql @@ -1,4 +1,5 @@ /** + * @id java/examples/ternaryconditional * @name Conditional expressions * @description Finds conditional expressions of the form '... ? ... : ...' * where the types of the resulting expressions differ diff --git a/java/ql/examples/snippets/throw_exception.ql b/java/ql/examples/snippets/throw_exception.ql index 657cde6c7b6..d749c9eea40 100644 --- a/java/ql/examples/snippets/throw_exception.ql +++ b/java/ql/examples/snippets/throw_exception.ql @@ -1,4 +1,5 @@ /** + * @id java/examples/throw-exception * @name Throw exception of type * @description Finds places where we throw com.example.AnException or one of its subtypes * @tags throw diff --git a/java/ql/examples/snippets/todocomment.ql b/java/ql/examples/snippets/todocomment.ql index dc56b3d2223..3debe017bbe 100644 --- a/java/ql/examples/snippets/todocomment.ql +++ b/java/ql/examples/snippets/todocomment.ql @@ -1,4 +1,5 @@ /** + * @id java/examples/todocomment * @name TODO comments * @description Finds comments containing the word "TODO" * @tags comment diff --git a/java/ql/examples/snippets/toomanyparams.ql b/java/ql/examples/snippets/toomanyparams.ql index 7637c8767a1..ff6bd4f78b5 100644 --- a/java/ql/examples/snippets/toomanyparams.ql +++ b/java/ql/examples/snippets/toomanyparams.ql @@ -1,4 +1,5 @@ /** + * @id java/examples/toomanyparams * @name Methods with many parameters * @description Finds methods with more than ten parameters * @tags method diff --git a/java/ql/examples/snippets/tryfinally.ql b/java/ql/examples/snippets/tryfinally.ql index 43daea48d00..065e5a34c4c 100644 --- a/java/ql/examples/snippets/tryfinally.ql +++ b/java/ql/examples/snippets/tryfinally.ql @@ -1,4 +1,5 @@ /** + * @id java/examples/tryfinally * @name Try-finally statements * @description Finds try-finally statements without a catch clause * @tags try diff --git a/java/ql/examples/snippets/unusedlocalvar.ql b/java/ql/examples/snippets/unusedlocalvar.ql index 2463ea0f7ed..5ffdb9ad096 100644 --- a/java/ql/examples/snippets/unusedlocalvar.ql +++ b/java/ql/examples/snippets/unusedlocalvar.ql @@ -1,4 +1,5 @@ /** + * @id java/examples/unusedlocalvar * @name Unused local variable * @description Finds local variables that are not accessed * @tags variable diff --git a/java/ql/examples/snippets/unusedmethod.ql b/java/ql/examples/snippets/unusedmethod.ql index f626617f7fc..79cae808bcb 100644 --- a/java/ql/examples/snippets/unusedmethod.ql +++ b/java/ql/examples/snippets/unusedmethod.ql @@ -1,4 +1,5 @@ /** + * @id java/examples/unusedmethod * @name Unused private method * @description Finds private methods that are not accessed * @tags method diff --git a/java/ql/examples/snippets/unusedparam.ql b/java/ql/examples/snippets/unusedparam.ql index 73a47e1d17e..840d3992d23 100644 --- a/java/ql/examples/snippets/unusedparam.ql +++ b/java/ql/examples/snippets/unusedparam.ql @@ -1,4 +1,5 @@ /** + * @id java/examples/unusedparam * @name Unused parameter * @description Finds parameters that are not accessed * @tags parameter diff --git a/java/ql/examples/snippets/voidreturntype.ql b/java/ql/examples/snippets/voidreturntype.ql index 962379d6197..d390602d278 100644 --- a/java/ql/examples/snippets/voidreturntype.ql +++ b/java/ql/examples/snippets/voidreturntype.ql @@ -1,4 +1,5 @@ /** + * @id java/examples/voidreturntype * @name Methods without return type * @description Finds methods whose return type is 'void' * @tags method diff --git a/java/ql/examples/snippets/volatilefield.ql b/java/ql/examples/snippets/volatilefield.ql index 0550940a843..a3ae6a0a666 100644 --- a/java/ql/examples/snippets/volatilefield.ql +++ b/java/ql/examples/snippets/volatilefield.ql @@ -1,4 +1,5 @@ /** + * @id java/examples/volatilefield * @name Fields declared volatile * @description Finds fields with a 'volatile' modifier * @tags field diff --git a/javascript/ql/examples/snippets/argumentsparam.ql b/javascript/ql/examples/snippets/argumentsparam.ql index f98754be5a7..76aaccfffe7 100644 --- a/javascript/ql/examples/snippets/argumentsparam.ql +++ b/javascript/ql/examples/snippets/argumentsparam.ql @@ -1,4 +1,5 @@ /** + * @id js/examples/argumentsparam * @name Parameters called 'arguments' * @description Finds parameters called 'arguments' * @tags parameter diff --git a/javascript/ql/examples/snippets/call.ql b/javascript/ql/examples/snippets/call.ql index a48f0affab0..c0765888bda 100644 --- a/javascript/ql/examples/snippets/call.ql +++ b/javascript/ql/examples/snippets/call.ql @@ -1,4 +1,5 @@ /** + * @id js/examples/call * @name Calls to function * @description Finds function calls of the form `eval(...)` * @tags call diff --git a/javascript/ql/examples/snippets/callback.ql b/javascript/ql/examples/snippets/callback.ql index f50db610a07..11cf6cd784b 100644 --- a/javascript/ql/examples/snippets/callback.ql +++ b/javascript/ql/examples/snippets/callback.ql @@ -1,4 +1,5 @@ /** + * @id js/examples/callback * @name Callbacks * @description Finds functions that are passed as arguments to other functions * @tags function diff --git a/javascript/ql/examples/snippets/classdefltctor.ql b/javascript/ql/examples/snippets/classdefltctor.ql index 60ece8462ff..51a509e7320 100644 --- a/javascript/ql/examples/snippets/classdefltctor.ql +++ b/javascript/ql/examples/snippets/classdefltctor.ql @@ -1,4 +1,5 @@ /** + * @id js/examples/classdefltctor * @name Classes with a default constructor * @description Finds classes that do not declare an explicit constructor * @tags class diff --git a/javascript/ql/examples/snippets/classname.ql b/javascript/ql/examples/snippets/classname.ql index e167e942279..1eca5c49699 100644 --- a/javascript/ql/examples/snippets/classname.ql +++ b/javascript/ql/examples/snippets/classname.ql @@ -1,4 +1,5 @@ /** + * @id js/examples/classname * @name Classes called 'File' * @description Finds classes called 'File' * @tags class diff --git a/javascript/ql/examples/snippets/constantbrackets.ql b/javascript/ql/examples/snippets/constantbrackets.ql index 6932ce0e063..bc92a4aae2e 100644 --- a/javascript/ql/examples/snippets/constantbrackets.ql +++ b/javascript/ql/examples/snippets/constantbrackets.ql @@ -1,4 +1,5 @@ /** + * @id js/examples/constantbrackets * @name Constant property name in `[]` property access * @description Finds property accesses using the square bracket notation * where the property name is a constant string diff --git a/javascript/ql/examples/snippets/emptyblock.ql b/javascript/ql/examples/snippets/emptyblock.ql index 3b5f4e0b337..7f1b0fc7e98 100644 --- a/javascript/ql/examples/snippets/emptyblock.ql +++ b/javascript/ql/examples/snippets/emptyblock.ql @@ -1,4 +1,5 @@ /** + * @id js/examples/emptyblock * @name Empty blocks * @description Finds empty block statements * @tags empty diff --git a/javascript/ql/examples/snippets/emptythen.ql b/javascript/ql/examples/snippets/emptythen.ql index cdc73adde95..1daa3d5ff69 100644 --- a/javascript/ql/examples/snippets/emptythen.ql +++ b/javascript/ql/examples/snippets/emptythen.ql @@ -1,4 +1,5 @@ /** + * @id js/examples/emptythen * @name If statements with empty then branch * @description Finds 'if' statements where the 'then' branch is * an empty block statement diff --git a/javascript/ql/examples/snippets/equalitystmt.ql b/javascript/ql/examples/snippets/equalitystmt.ql index d593e207df5..c88efcca4da 100644 --- a/javascript/ql/examples/snippets/equalitystmt.ql +++ b/javascript/ql/examples/snippets/equalitystmt.ql @@ -1,4 +1,5 @@ /** + * @id js/examples/equalitystmt * @name Equalities as expression statements * @description Finds `==` equality expressions that form an expression statement * @tags comparison diff --git a/javascript/ql/examples/snippets/evenness.ql b/javascript/ql/examples/snippets/evenness.ql index ae8eb13ad06..2f73d5349aa 100644 --- a/javascript/ql/examples/snippets/evenness.ql +++ b/javascript/ql/examples/snippets/evenness.ql @@ -1,4 +1,5 @@ /** + * @id js/examples/evenness * @name Tests for even numbers * @description Finds expressions of the form `e % 2 === 0` * @tags arithmetic diff --git a/javascript/ql/examples/snippets/exportfn.ql b/javascript/ql/examples/snippets/exportfn.ql index 3a11d2948df..961bf5d02da 100644 --- a/javascript/ql/examples/snippets/exportfn.ql +++ b/javascript/ql/examples/snippets/exportfn.ql @@ -1,4 +1,5 @@ /** + * @id js/examples/exportfn * @name Default exports exporting a function * @description Finds 'default' exports that export a function * @tags module diff --git a/javascript/ql/examples/snippets/filename.ql b/javascript/ql/examples/snippets/filename.ql index 988f17ea017..8673f194a8a 100644 --- a/javascript/ql/examples/snippets/filename.ql +++ b/javascript/ql/examples/snippets/filename.ql @@ -1,4 +1,5 @@ /** + * @id js/examples/filename * @name File with given name * @description Finds files called `index.js` * @tags file diff --git a/javascript/ql/examples/snippets/fnnoreturn.ql b/javascript/ql/examples/snippets/fnnoreturn.ql index 19d170ef27c..fec2d1e24cb 100644 --- a/javascript/ql/examples/snippets/fnnoreturn.ql +++ b/javascript/ql/examples/snippets/fnnoreturn.ql @@ -1,4 +1,5 @@ /** + * @id js/examples/fnnoreturn * @name Functions without return statements * @description Finds functions that do not contain a return statement * @tags function diff --git a/javascript/ql/examples/snippets/generator.ql b/javascript/ql/examples/snippets/generator.ql index 56f73942c7d..7cf7bfb7f82 100644 --- a/javascript/ql/examples/snippets/generator.ql +++ b/javascript/ql/examples/snippets/generator.ql @@ -1,4 +1,5 @@ /** + * @id js/examples/generator * @name Generator functions * @description Finds generator functions * @tags generator diff --git a/javascript/ql/examples/snippets/iife.ql b/javascript/ql/examples/snippets/iife.ql index a321e47b12f..18b24dff654 100644 --- a/javascript/ql/examples/snippets/iife.ql +++ b/javascript/ql/examples/snippets/iife.ql @@ -1,4 +1,5 @@ /** + * @id js/examples/iife * @name Immediately invoked function expressions * @description Finds calls of the form `(function(...) { ... })(...)` * @tags call diff --git a/javascript/ql/examples/snippets/importfrom.ql b/javascript/ql/examples/snippets/importfrom.ql index 72ed470c523..1731646616e 100644 --- a/javascript/ql/examples/snippets/importfrom.ql +++ b/javascript/ql/examples/snippets/importfrom.ql @@ -1,4 +1,5 @@ /** + * @id js/examples/importfrom * @name Imports from 'react' * @description Finds import statements that import from module 'react' * @tags module diff --git a/javascript/ql/examples/snippets/jsxattribute.ql b/javascript/ql/examples/snippets/jsxattribute.ql index 56c5dcd2554..ffea469acb5 100644 --- a/javascript/ql/examples/snippets/jsxattribute.ql +++ b/javascript/ql/examples/snippets/jsxattribute.ql @@ -1,4 +1,5 @@ /** + * @id js/examples/jsxattribute * @name JSX attributes * @description Finds JSX attributes named `dangerouslySetInnerHTML` * @tags JSX diff --git a/javascript/ql/examples/snippets/methodcall.ql b/javascript/ql/examples/snippets/methodcall.ql index 30f9efc02ac..f1947974087 100644 --- a/javascript/ql/examples/snippets/methodcall.ql +++ b/javascript/ql/examples/snippets/methodcall.ql @@ -1,4 +1,5 @@ /** + * @id js/examples/methodcall * @name Method calls * @description Finds calls of the form `this.isMounted(...)` * @tags call diff --git a/javascript/ql/examples/snippets/namedfnexpr.ql b/javascript/ql/examples/snippets/namedfnexpr.ql index 390d029cc35..20c76268094 100644 --- a/javascript/ql/examples/snippets/namedfnexpr.ql +++ b/javascript/ql/examples/snippets/namedfnexpr.ql @@ -1,4 +1,5 @@ /** + * @id js/examples/namedfnexpr * @name Named function expression * @description Finds function expressions that have a name * @tags function expression diff --git a/javascript/ql/examples/snippets/newexpr.ql b/javascript/ql/examples/snippets/newexpr.ql index 4af457a2349..44f0a628da2 100644 --- a/javascript/ql/examples/snippets/newexpr.ql +++ b/javascript/ql/examples/snippets/newexpr.ql @@ -1,4 +1,5 @@ /** + * @id js/examples/newexpr * @name New expressions * @description Finds new expressions of the form `new RegExp(...)` * @tags new diff --git a/javascript/ql/examples/snippets/propaccess.ql b/javascript/ql/examples/snippets/propaccess.ql index 2db9d1a62bf..d983816ad21 100644 --- a/javascript/ql/examples/snippets/propaccess.ql +++ b/javascript/ql/examples/snippets/propaccess.ql @@ -1,4 +1,5 @@ /** + * @id js/examples/propaccess * @name Property accesses * @description Finds property accesses of the form `x.innerHTML` * @tags property diff --git a/javascript/ql/examples/snippets/rendermethod.ql b/javascript/ql/examples/snippets/rendermethod.ql index 6968fbf2a2e..bdef5116c66 100644 --- a/javascript/ql/examples/snippets/rendermethod.ql +++ b/javascript/ql/examples/snippets/rendermethod.ql @@ -1,4 +1,5 @@ /** + * @id js/examples/rendermethod * @name Methods named 'render' * @description Finds methods named 'render' * @tags class diff --git a/javascript/ql/examples/snippets/singlequotestring.ql b/javascript/ql/examples/snippets/singlequotestring.ql index 65932ac500f..cdb298db40d 100644 --- a/javascript/ql/examples/snippets/singlequotestring.ql +++ b/javascript/ql/examples/snippets/singlequotestring.ql @@ -1,4 +1,5 @@ /** + * @id js/examples/singlequotestring * @name Single-quoted string literals * @description Finds string literals using single quotes * @tags string diff --git a/javascript/ql/examples/snippets/singletonblock.ql b/javascript/ql/examples/snippets/singletonblock.ql index 9ebd07fafd7..298eeebef09 100644 --- a/javascript/ql/examples/snippets/singletonblock.ql +++ b/javascript/ql/examples/snippets/singletonblock.ql @@ -1,4 +1,5 @@ /** + * @id js/examples/singletonblock * @name Singleton blocks * @description Finds block statements containing a single statement * @tags block diff --git a/javascript/ql/examples/snippets/taggedtemplates.ql b/javascript/ql/examples/snippets/taggedtemplates.ql index be10ecec3a7..d853adad186 100644 --- a/javascript/ql/examples/snippets/taggedtemplates.ql +++ b/javascript/ql/examples/snippets/taggedtemplates.ql @@ -1,4 +1,5 @@ /** + * @id js/examples/taggedtemplates * @name Tagged templates * @description Finds tagged template expressions * @tags template diff --git a/javascript/ql/examples/snippets/todocomment.ql b/javascript/ql/examples/snippets/todocomment.ql index 2373e1fc050..e311d317d03 100644 --- a/javascript/ql/examples/snippets/todocomment.ql +++ b/javascript/ql/examples/snippets/todocomment.ql @@ -1,4 +1,5 @@ /** + * @id js/examples/todocomment * @name TODO comments * @description Finds comments containing the word TODO * @tags comment diff --git a/javascript/ql/examples/snippets/toomanyparams.ql b/javascript/ql/examples/snippets/toomanyparams.ql index 4cf3df1c936..1ff50523a83 100644 --- a/javascript/ql/examples/snippets/toomanyparams.ql +++ b/javascript/ql/examples/snippets/toomanyparams.ql @@ -1,4 +1,5 @@ /** + * @id js/examples/toomanyparams * @name Functions with many parameters * @description Finds functions with more than ten parameters * @tags function diff --git a/javascript/ql/examples/snippets/vardecl.ql b/javascript/ql/examples/snippets/vardecl.ql index 3e603799e52..0a819a035da 100644 --- a/javascript/ql/examples/snippets/vardecl.ql +++ b/javascript/ql/examples/snippets/vardecl.ql @@ -1,4 +1,5 @@ /** + * @id js/examples/vardecl * @name Declaration of variable * @description Finds places where we declare a variable called `v` * @tags variable diff --git a/javascript/ql/examples/snippets/varref.ql b/javascript/ql/examples/snippets/varref.ql index 8ad911dd6af..133ade9d453 100644 --- a/javascript/ql/examples/snippets/varref.ql +++ b/javascript/ql/examples/snippets/varref.ql @@ -1,4 +1,5 @@ /** + * @id js/examples/varref * @name Reference to variable * @description Finds places where we reference a variable called `undefined` * @tags variable diff --git a/javascript/ql/examples/snippets/yieldundefined.ql b/javascript/ql/examples/snippets/yieldundefined.ql index 6b60959dd62..16c5d0dde90 100644 --- a/javascript/ql/examples/snippets/yieldundefined.ql +++ b/javascript/ql/examples/snippets/yieldundefined.ql @@ -1,4 +1,5 @@ /** + * @id js/examples/yieldundefined * @name Empty yield * @description Finds yield expressions without an operand * @tags generator diff --git a/python/ql/examples/snippets/backticks.ql b/python/ql/examples/snippets/backticks.ql index 9b6e071bf30..68aa2c303d8 100644 --- a/python/ql/examples/snippets/backticks.ql +++ b/python/ql/examples/snippets/backticks.ql @@ -1,4 +1,5 @@ /** + * @id py/examples/backticks * @name String conversion expressions * @description Finds `String conversions` expressions (expressions enclosed in backticks), which are removed in Python 3 * @tags backtick diff --git a/python/ql/examples/snippets/builtin_object.ql b/python/ql/examples/snippets/builtin_object.ql index 1452fd4bd7c..bc9cca6260f 100644 --- a/python/ql/examples/snippets/builtin_object.ql +++ b/python/ql/examples/snippets/builtin_object.ql @@ -1,4 +1,5 @@ /** + * @id py/examples/builtin-object * @name Builtin objects * @description Finds expressions that refer to an object in the builtins module (like int or None). * @tags reference diff --git a/python/ql/examples/snippets/call.ql b/python/ql/examples/snippets/call.ql index 2bff21506fc..fc63bcc9a26 100644 --- a/python/ql/examples/snippets/call.ql +++ b/python/ql/examples/snippets/call.ql @@ -1,4 +1,5 @@ /** + * @id py/examples/call * @name Calls to function * @description Finds calls to any function named "len" * @tags call diff --git a/python/ql/examples/snippets/catch_exception.ql b/python/ql/examples/snippets/catch_exception.ql index 3f1fff5b972..1d2399a05ef 100644 --- a/python/ql/examples/snippets/catch_exception.ql +++ b/python/ql/examples/snippets/catch_exception.ql @@ -1,4 +1,5 @@ /** + * @id py/examples/catch-exception * @name Handle exception of given class * @description Finds places where we handle MyExceptionClass exceptions * @tags catch diff --git a/python/ql/examples/snippets/conditional_expression.ql b/python/ql/examples/snippets/conditional_expression.ql index f9b72e58d7f..3081d14757d 100644 --- a/python/ql/examples/snippets/conditional_expression.ql +++ b/python/ql/examples/snippets/conditional_expression.ql @@ -1,4 +1,5 @@ /** + * @id py/examples/conditional-expression * @name Conditional expressions * @description Finds conditional expressions of the form '... if ... else ...' * where the classes of the sub-expressions differ diff --git a/python/ql/examples/snippets/elif.ql b/python/ql/examples/snippets/elif.ql index 120c15307ac..0c0391b1742 100644 --- a/python/ql/examples/snippets/elif.ql +++ b/python/ql/examples/snippets/elif.ql @@ -1,4 +1,5 @@ /** + * @id py/examples/elif * @name Elif statement * @description Finds `elif` sub-statements within `if` statements * @tags if diff --git a/python/ql/examples/snippets/emptyblock.ql b/python/ql/examples/snippets/emptyblock.ql index 73248c54c99..8f05150dc41 100644 --- a/python/ql/examples/snippets/emptyblock.ql +++ b/python/ql/examples/snippets/emptyblock.ql @@ -1,4 +1,5 @@ /** + * @id py/examples/emptyblock * @name Empty blocks * @description Finds the first statement in a block consisting of nothing but Pass statements * @tags empty diff --git a/python/ql/examples/snippets/emptythen.ql b/python/ql/examples/snippets/emptythen.ql index c0f303005df..4c23c05ee71 100644 --- a/python/ql/examples/snippets/emptythen.ql +++ b/python/ql/examples/snippets/emptythen.ql @@ -1,4 +1,5 @@ /** + * @id py/examples/emptythen * @name If statements with empty then branch * @description Finds 'if' statements where the "then" branch * consists entirely of Pass statements diff --git a/python/ql/examples/snippets/eq_true.ql b/python/ql/examples/snippets/eq_true.ql index 920e5b1635d..01c49d4d900 100644 --- a/python/ql/examples/snippets/eq_true.ql +++ b/python/ql/examples/snippets/eq_true.ql @@ -1,4 +1,5 @@ /** + * @id py/examples/eq-true * @name Equality test on boolean * @description Finds tests like `==true`, `==false`, `"!=true`, `is false` * @tags equals diff --git a/python/ql/examples/snippets/equalitystmt.ql b/python/ql/examples/snippets/equalitystmt.ql index f246e031bba..674037ab2e6 100644 --- a/python/ql/examples/snippets/equalitystmt.ql +++ b/python/ql/examples/snippets/equalitystmt.ql @@ -1,4 +1,5 @@ /** + * @id py/examples/equalitystmt * @name Equalities as expression statements * @description Finds `==` equality expressions that form a statement * @tags comparison diff --git a/python/ql/examples/snippets/extend_class.ql b/python/ql/examples/snippets/extend_class.ql index 1290e24eb5b..038fc78a9f2 100644 --- a/python/ql/examples/snippets/extend_class.ql +++ b/python/ql/examples/snippets/extend_class.ql @@ -1,4 +1,5 @@ /** + * @id py/examples/extend-class * @name Class subclasses * @description Finds classes that subclass MyClass * @tags class diff --git a/python/ql/examples/snippets/filename.ql b/python/ql/examples/snippets/filename.ql index 87b3f6dbea3..eb8b9ccb7a2 100644 --- a/python/ql/examples/snippets/filename.ql +++ b/python/ql/examples/snippets/filename.ql @@ -1,4 +1,5 @@ /** + * @id py/examples/filename * @name File with given name * @description Finds files called `spam.py` * @tags file diff --git a/python/ql/examples/snippets/generator.ql b/python/ql/examples/snippets/generator.ql index 4f98a52e3a6..c374895c8e6 100644 --- a/python/ql/examples/snippets/generator.ql +++ b/python/ql/examples/snippets/generator.ql @@ -1,4 +1,5 @@ /** + * @id py/examples/generator * @name Generator functions * @description Finds generator functions * @tags generator diff --git a/python/ql/examples/snippets/integer_literal.ql b/python/ql/examples/snippets/integer_literal.ql index 2bda0d1a7d1..1a1b4685ce8 100644 --- a/python/ql/examples/snippets/integer_literal.ql +++ b/python/ql/examples/snippets/integer_literal.ql @@ -1,4 +1,5 @@ /** + * @id py/examples/integer-literal * @name Integer literal * @description Finds places where we use the integer literal `0` * @tags integer diff --git a/python/ql/examples/snippets/method_call.ql b/python/ql/examples/snippets/method_call.ql index 1418c3afb0d..32413008e86 100644 --- a/python/ql/examples/snippets/method_call.ql +++ b/python/ql/examples/snippets/method_call.ql @@ -1,4 +1,5 @@ /** + * @id py/examples/method-call * @name Call to method * @description Finds calls to MyClass.methodName * @tags call diff --git a/python/ql/examples/snippets/mutualrecursion.ql b/python/ql/examples/snippets/mutualrecursion.ql index 0f16ef37889..0cd445b6e3b 100644 --- a/python/ql/examples/snippets/mutualrecursion.ql +++ b/python/ql/examples/snippets/mutualrecursion.ql @@ -1,4 +1,5 @@ /** + * @id py/examples/mutualrecursion * @name Mutual recursion * @description Finds pairs of functions that call each other * @tags method diff --git a/python/ql/examples/snippets/new_instance.ql b/python/ql/examples/snippets/new_instance.ql index 47323b9e903..6dcfcad2c2c 100644 --- a/python/ql/examples/snippets/new_instance.ql +++ b/python/ql/examples/snippets/new_instance.ql @@ -1,4 +1,5 @@ /** + * @id py/examples/new-instance * @name Create new object * @description Finds places where we create a new instanceof `MyClass` * @tags call diff --git a/python/ql/examples/snippets/override_method.ql b/python/ql/examples/snippets/override_method.ql index c9982be3077..81a02004e37 100644 --- a/python/ql/examples/snippets/override_method.ql +++ b/python/ql/examples/snippets/override_method.ql @@ -1,4 +1,5 @@ /** + * @id py/examples/override-method * @name Override of method * @description Finds methods that overide MyClass.methodName * @tags method diff --git a/python/ql/examples/snippets/print.ql b/python/ql/examples/snippets/print.ql index 03b53dfd7dd..f163cd7b500 100644 --- a/python/ql/examples/snippets/print.ql +++ b/python/ql/examples/snippets/print.ql @@ -1,4 +1,5 @@ /** + * @id py/examples/print * @name Find prints * @description Find print statements or calls to the builtin function 'print' * @tags print diff --git a/python/ql/examples/snippets/private_access.ql b/python/ql/examples/snippets/private_access.ql index d902fa71d13..5ea42e965d0 100644 --- a/python/ql/examples/snippets/private_access.ql +++ b/python/ql/examples/snippets/private_access.ql @@ -1,4 +1,5 @@ /** + * @id py/examples/private-access * @name Private access * @description Find accesses to "private" attributes (those starting with an underscore) * @tags access diff --git a/python/ql/examples/snippets/raise_exception.ql b/python/ql/examples/snippets/raise_exception.ql index 2a6853a4af1..75bb00a7254 100644 --- a/python/ql/examples/snippets/raise_exception.ql +++ b/python/ql/examples/snippets/raise_exception.ql @@ -1,4 +1,5 @@ /** + * @id py/examples/raise-exception * @name Raise exception of a class * @description Finds places where we raise AnException or one of its subclasses * @tags throw diff --git a/python/ql/examples/snippets/raw_string.ql b/python/ql/examples/snippets/raw_string.ql index 234086e81e6..3711d8d5171 100644 --- a/python/ql/examples/snippets/raw_string.ql +++ b/python/ql/examples/snippets/raw_string.ql @@ -1,4 +1,5 @@ /** + * @id py/examples/raw-string * @name Raw string literals * @description Finds string literals with an 'r' prefix * @tags string diff --git a/python/ql/examples/snippets/recursion.ql b/python/ql/examples/snippets/recursion.ql index b944329fec1..318646cf0db 100644 --- a/python/ql/examples/snippets/recursion.ql +++ b/python/ql/examples/snippets/recursion.ql @@ -1,4 +1,5 @@ /** + * @id py/examples/recursion * @name Recursion * @description Finds functions that call themselves * @tags method diff --git a/python/ql/examples/snippets/singlequotestring.ql b/python/ql/examples/snippets/singlequotestring.ql index d17e2d4822d..2c2ee5704a5 100644 --- a/python/ql/examples/snippets/singlequotestring.ql +++ b/python/ql/examples/snippets/singlequotestring.ql @@ -1,4 +1,5 @@ /** + * @id py/examples/singlequotestring * @name Single-quoted string literals * @description Finds string literals using single quotes * @tags string diff --git a/python/ql/examples/snippets/store_none.ql b/python/ql/examples/snippets/store_none.ql index 8a21f7f5598..5d9f1884f01 100644 --- a/python/ql/examples/snippets/store_none.ql +++ b/python/ql/examples/snippets/store_none.ql @@ -1,4 +1,5 @@ /** + * @id py/examples/store-none * @name Store None to collection * @description Finds places where `None` is used as an index when storing to a collection * @tags None diff --git a/python/ql/examples/snippets/todocomment.ql b/python/ql/examples/snippets/todocomment.ql index 1ec016842fe..f5017c01dda 100644 --- a/python/ql/examples/snippets/todocomment.ql +++ b/python/ql/examples/snippets/todocomment.ql @@ -1,4 +1,5 @@ /** + * @id py/examples/todocomment * @name TODO comments * @description Finds comments containing the word "TODO" * @tags comment diff --git a/python/ql/examples/snippets/too_many_params.ql b/python/ql/examples/snippets/too_many_params.ql index 5ca9bc18cd9..1baa2243db1 100644 --- a/python/ql/examples/snippets/too_many_params.ql +++ b/python/ql/examples/snippets/too_many_params.ql @@ -1,4 +1,5 @@ /** + * @id py/examples/too-many-params * @name Functions with many parameters * @description Finds functions with more than 7 parameters * @tags function diff --git a/python/ql/examples/snippets/tryfinally.ql b/python/ql/examples/snippets/tryfinally.ql index 3e9adfcbc58..f37b86f3fa6 100644 --- a/python/ql/examples/snippets/tryfinally.ql +++ b/python/ql/examples/snippets/tryfinally.ql @@ -1,4 +1,5 @@ /** + * @id py/examples/tryfinally * @name Try-finally statements * @description Finds try-finally statements without an exception handler * @tags try From 89906e610ae97da3a2e4f4fe67d0ca59a0a13c47 Mon Sep 17 00:00:00 2001 From: Arthur Baars Date: Thu, 25 Jul 2019 15:50:37 +0200 Subject: [PATCH 4/5] Use js/examples instead of js/cookbook in @id --- .../ql/examples/queries/dataflow/BackendIdor/BackendIdor.ql | 2 +- .../DecodingAfterSanitization/DecodingAfterSanitization.ql | 2 +- .../DecodingAfterSanitizationGeneralized.ql | 2 +- javascript/ql/examples/queries/dataflow/EvalTaint/EvalTaint.ql | 2 +- .../ql/examples/queries/dataflow/EvalTaint/EvalTaintPath.ql | 2 +- .../dataflow/InformationDisclosure/InformationDisclosure.ql | 2 +- javascript/ql/examples/queries/dataflow/StoredXss/StoredXss.ql | 2 +- .../examples/queries/dataflow/StoredXss/StoredXssTrackedNode.ql | 2 +- .../queries/dataflow/TemplateInjection/TemplateInjection.ql | 2 +- 9 files changed, 9 insertions(+), 9 deletions(-) diff --git a/javascript/ql/examples/queries/dataflow/BackendIdor/BackendIdor.ql b/javascript/ql/examples/queries/dataflow/BackendIdor/BackendIdor.ql index 870987445a9..1d781e29045 100644 --- a/javascript/ql/examples/queries/dataflow/BackendIdor/BackendIdor.ql +++ b/javascript/ql/examples/queries/dataflow/BackendIdor/BackendIdor.ql @@ -4,7 +4,7 @@ * is an arbitrary user-controlled value, indicating lack of authentication. * @kind path-problem * @tags security - * @id js/cookbook/backend-idor + * @id js/examples/backend-idor */ import javascript::DataFlow diff --git a/javascript/ql/examples/queries/dataflow/DecodingAfterSanitization/DecodingAfterSanitization.ql b/javascript/ql/examples/queries/dataflow/DecodingAfterSanitization/DecodingAfterSanitization.ql index a79b0fd7cad..292983a3dc8 100644 --- a/javascript/ql/examples/queries/dataflow/DecodingAfterSanitization/DecodingAfterSanitization.ql +++ b/javascript/ql/examples/queries/dataflow/DecodingAfterSanitization/DecodingAfterSanitization.ql @@ -4,7 +4,7 @@ an ineffective sanitization attempt. * @kind path-problem * @tags security - * @id js/cookbook/decoding-after-sanitization + * @id js/examples/decoding-after-sanitization */ import javascript::DataFlow diff --git a/javascript/ql/examples/queries/dataflow/DecodingAfterSanitization/DecodingAfterSanitizationGeneralized.ql b/javascript/ql/examples/queries/dataflow/DecodingAfterSanitization/DecodingAfterSanitizationGeneralized.ql index d8b7ca6dbbb..5b6791ce823 100644 --- a/javascript/ql/examples/queries/dataflow/DecodingAfterSanitization/DecodingAfterSanitizationGeneralized.ql +++ b/javascript/ql/examples/queries/dataflow/DecodingAfterSanitization/DecodingAfterSanitizationGeneralized.ql @@ -4,7 +4,7 @@ indicating an ineffective sanitization attempt. * @kind path-problem * @tags security - * @id js/cookbook/decoding-after-sanitization-generalized + * @id js/examples/decoding-after-sanitization-generalized */ import javascript::DataFlow diff --git a/javascript/ql/examples/queries/dataflow/EvalTaint/EvalTaint.ql b/javascript/ql/examples/queries/dataflow/EvalTaint/EvalTaint.ql index d0684549d62..a02ad41063c 100644 --- a/javascript/ql/examples/queries/dataflow/EvalTaint/EvalTaint.ql +++ b/javascript/ql/examples/queries/dataflow/EvalTaint/EvalTaint.ql @@ -3,7 +3,7 @@ * @description Tracks user-controlled values into 'eval' calls (special case of js/code-injection). * @kind problem * @tags security - * @id js/cookbook/eval-taint + * @id js/examples/eval-taint */ import javascript::DataFlow diff --git a/javascript/ql/examples/queries/dataflow/EvalTaint/EvalTaintPath.ql b/javascript/ql/examples/queries/dataflow/EvalTaint/EvalTaintPath.ql index 0a9d4e39cc3..0d5d99930f3 100644 --- a/javascript/ql/examples/queries/dataflow/EvalTaint/EvalTaintPath.ql +++ b/javascript/ql/examples/queries/dataflow/EvalTaint/EvalTaintPath.ql @@ -4,7 +4,7 @@ * and generates a visualizable path from the source to the sink. * @kind path-problem * @tags security - * @id js/cookbook/eval-taint-path + * @id js/examples/eval-taint-path */ import javascript::DataFlow diff --git a/javascript/ql/examples/queries/dataflow/InformationDisclosure/InformationDisclosure.ql b/javascript/ql/examples/queries/dataflow/InformationDisclosure/InformationDisclosure.ql index 98dbc6cf363..2cd25b63d8a 100644 --- a/javascript/ql/examples/queries/dataflow/InformationDisclosure/InformationDisclosure.ql +++ b/javascript/ql/examples/queries/dataflow/InformationDisclosure/InformationDisclosure.ql @@ -4,7 +4,7 @@ indicating a leak of sensitive information. * @kind path-problem * @tags security - * @id js/cookbook/information-disclosure + * @id js/examples/information-disclosure */ import javascript::DataFlow diff --git a/javascript/ql/examples/queries/dataflow/StoredXss/StoredXss.ql b/javascript/ql/examples/queries/dataflow/StoredXss/StoredXss.ql index 45ea1525014..0d762f42a9a 100644 --- a/javascript/ql/examples/queries/dataflow/StoredXss/StoredXss.ql +++ b/javascript/ql/examples/queries/dataflow/StoredXss/StoredXss.ql @@ -3,7 +3,7 @@ * @description Extends the standard Stored XSS query with an additional source. * @kind path-problem * @tags security - * @id js/cookbook/stored-xss + * @id js/examples/stored-xss */ import javascript::DataFlow diff --git a/javascript/ql/examples/queries/dataflow/StoredXss/StoredXssTrackedNode.ql b/javascript/ql/examples/queries/dataflow/StoredXss/StoredXssTrackedNode.ql index f37b26fbf5f..1be64ecd270 100644 --- a/javascript/ql/examples/queries/dataflow/StoredXss/StoredXssTrackedNode.ql +++ b/javascript/ql/examples/queries/dataflow/StoredXss/StoredXssTrackedNode.ql @@ -4,7 +4,7 @@ * using TrackedNode to track MySQL connections globally. * @kind path-problem * @tags security - * @id js/cookbook/stored-xss-trackednode + * @id js/examples/stored-xss-trackednode */ import javascript::DataFlow diff --git a/javascript/ql/examples/queries/dataflow/TemplateInjection/TemplateInjection.ql b/javascript/ql/examples/queries/dataflow/TemplateInjection/TemplateInjection.ql index fa76c477b07..fe69825d764 100644 --- a/javascript/ql/examples/queries/dataflow/TemplateInjection/TemplateInjection.ql +++ b/javascript/ql/examples/queries/dataflow/TemplateInjection/TemplateInjection.ql @@ -3,7 +3,7 @@ * @description Tracks user-controlled values to an unescaped lodash template placeholder. * @kind path-problem * @tags security - * @id js/cookbook/template-injection + * @id js/examples/template-injection */ import javascript::DataFlow From b3c403a142e1e939069f7b47d587fbeb8318857a Mon Sep 17 00:00:00 2001 From: Arthur Baars Date: Thu, 25 Jul 2019 16:54:30 +0200 Subject: [PATCH 5/5] Update javascript example queries --- .../ql/examples/queries/dataflow/BackendIdor/BackendIdor.ql | 3 ++- .../DecodingAfterSanitization/DecodingAfterSanitization.ql | 3 ++- .../DecodingAfterSanitizationGeneralized.ql | 3 ++- javascript/ql/examples/queries/dataflow/EvalTaint/EvalTaint.ql | 3 ++- .../ql/examples/queries/dataflow/EvalTaint/EvalTaintPath.ql | 3 ++- .../dataflow/InformationDisclosure/InformationDisclosure.ql | 3 ++- javascript/ql/examples/queries/dataflow/StoredXss/StoredXss.ql | 3 ++- .../queries/dataflow/StoredXss/StoredXssTrackedNode.ql | 3 ++- .../queries/dataflow/TemplateInjection/TemplateInjection.ql | 3 ++- 9 files changed, 18 insertions(+), 9 deletions(-) diff --git a/javascript/ql/examples/queries/dataflow/BackendIdor/BackendIdor.ql b/javascript/ql/examples/queries/dataflow/BackendIdor/BackendIdor.ql index 1d781e29045..020516406af 100644 --- a/javascript/ql/examples/queries/dataflow/BackendIdor/BackendIdor.ql +++ b/javascript/ql/examples/queries/dataflow/BackendIdor/BackendIdor.ql @@ -7,7 +7,8 @@ * @id js/examples/backend-idor */ -import javascript::DataFlow +import javascript +import DataFlow import DataFlow::PathGraph /** diff --git a/javascript/ql/examples/queries/dataflow/DecodingAfterSanitization/DecodingAfterSanitization.ql b/javascript/ql/examples/queries/dataflow/DecodingAfterSanitization/DecodingAfterSanitization.ql index 292983a3dc8..033eb63bce9 100644 --- a/javascript/ql/examples/queries/dataflow/DecodingAfterSanitization/DecodingAfterSanitization.ql +++ b/javascript/ql/examples/queries/dataflow/DecodingAfterSanitization/DecodingAfterSanitization.ql @@ -7,7 +7,8 @@ * @id js/examples/decoding-after-sanitization */ -import javascript::DataFlow +import javascript +import DataFlow import DataFlow::PathGraph class DecodingAfterSanitization extends TaintTracking::Configuration { diff --git a/javascript/ql/examples/queries/dataflow/DecodingAfterSanitization/DecodingAfterSanitizationGeneralized.ql b/javascript/ql/examples/queries/dataflow/DecodingAfterSanitization/DecodingAfterSanitizationGeneralized.ql index 5b6791ce823..806cdeeaa91 100644 --- a/javascript/ql/examples/queries/dataflow/DecodingAfterSanitization/DecodingAfterSanitizationGeneralized.ql +++ b/javascript/ql/examples/queries/dataflow/DecodingAfterSanitization/DecodingAfterSanitizationGeneralized.ql @@ -7,7 +7,8 @@ * @id js/examples/decoding-after-sanitization-generalized */ -import javascript::DataFlow +import javascript +import DataFlow import DataFlow::PathGraph /** diff --git a/javascript/ql/examples/queries/dataflow/EvalTaint/EvalTaint.ql b/javascript/ql/examples/queries/dataflow/EvalTaint/EvalTaint.ql index a02ad41063c..2668fd2c3b1 100644 --- a/javascript/ql/examples/queries/dataflow/EvalTaint/EvalTaint.ql +++ b/javascript/ql/examples/queries/dataflow/EvalTaint/EvalTaint.ql @@ -6,7 +6,8 @@ * @id js/examples/eval-taint */ -import javascript::DataFlow +import javascript +import DataFlow class EvalTaint extends TaintTracking::Configuration { EvalTaint() { this = "EvalTaint" } diff --git a/javascript/ql/examples/queries/dataflow/EvalTaint/EvalTaintPath.ql b/javascript/ql/examples/queries/dataflow/EvalTaint/EvalTaintPath.ql index 0d5d99930f3..e449c61073d 100644 --- a/javascript/ql/examples/queries/dataflow/EvalTaint/EvalTaintPath.ql +++ b/javascript/ql/examples/queries/dataflow/EvalTaint/EvalTaintPath.ql @@ -7,7 +7,8 @@ * @id js/examples/eval-taint-path */ -import javascript::DataFlow +import javascript +import DataFlow import DataFlow::PathGraph class EvalTaint extends TaintTracking::Configuration { diff --git a/javascript/ql/examples/queries/dataflow/InformationDisclosure/InformationDisclosure.ql b/javascript/ql/examples/queries/dataflow/InformationDisclosure/InformationDisclosure.ql index 2cd25b63d8a..f7d17b24ea4 100644 --- a/javascript/ql/examples/queries/dataflow/InformationDisclosure/InformationDisclosure.ql +++ b/javascript/ql/examples/queries/dataflow/InformationDisclosure/InformationDisclosure.ql @@ -7,7 +7,8 @@ * @id js/examples/information-disclosure */ -import javascript::DataFlow +import javascript +import DataFlow import DataFlow::PathGraph /** diff --git a/javascript/ql/examples/queries/dataflow/StoredXss/StoredXss.ql b/javascript/ql/examples/queries/dataflow/StoredXss/StoredXss.ql index 0d762f42a9a..5d7234ef504 100644 --- a/javascript/ql/examples/queries/dataflow/StoredXss/StoredXss.ql +++ b/javascript/ql/examples/queries/dataflow/StoredXss/StoredXss.ql @@ -6,7 +6,8 @@ * @id js/examples/stored-xss */ -import javascript::DataFlow +import javascript +import DataFlow import semmle.javascript.security.dataflow.StoredXss import DataFlow::PathGraph diff --git a/javascript/ql/examples/queries/dataflow/StoredXss/StoredXssTrackedNode.ql b/javascript/ql/examples/queries/dataflow/StoredXss/StoredXssTrackedNode.ql index 1be64ecd270..70e79b2220e 100644 --- a/javascript/ql/examples/queries/dataflow/StoredXss/StoredXssTrackedNode.ql +++ b/javascript/ql/examples/queries/dataflow/StoredXss/StoredXssTrackedNode.ql @@ -7,7 +7,8 @@ * @id js/examples/stored-xss-trackednode */ -import javascript::DataFlow +import javascript +import DataFlow import semmle.javascript.security.dataflow.StoredXss import DataFlow::PathGraph diff --git a/javascript/ql/examples/queries/dataflow/TemplateInjection/TemplateInjection.ql b/javascript/ql/examples/queries/dataflow/TemplateInjection/TemplateInjection.ql index fe69825d764..c15022adc62 100644 --- a/javascript/ql/examples/queries/dataflow/TemplateInjection/TemplateInjection.ql +++ b/javascript/ql/examples/queries/dataflow/TemplateInjection/TemplateInjection.ql @@ -6,7 +6,8 @@ * @id js/examples/template-injection */ -import javascript::DataFlow +import javascript +import DataFlow import DataFlow::PathGraph /**