diff --git a/csharp/ql/src/codeql-suites/csharp-security-and-quality.qls b/csharp/ql/src/codeql-suites/csharp-security-and-quality.qls index b224499edce..21d39db383d 100644 --- a/csharp/ql/src/codeql-suites/csharp-security-and-quality.qls +++ b/csharp/ql/src/codeql-suites/csharp-security-and-quality.qls @@ -1,24 +1,7 @@ - description: Security-and-quality queries for C# - queries: . -- include: - kind: - - problem - - path-problem - precision: - - high - - very-high - tags contain: - - security -- include: - kind: - - problem - - path-problem - precision: medium - problem.severity: - - error - - warning - tags contain: - - security +- apply: security-and-frozen-quality-selectors.yml + from: codeql/suite-helpers - include: id: - cs/asp/response-write @@ -123,21 +106,3 @@ - cs/wrong-compareto-signature - cs/wrong-equals-signature - cs/xmldoc/missing-summary -- include: - kind: - - diagnostic -- include: - kind: - - metric - tags contain: - - summary -- exclude: - deprecated: // -- exclude: - query path: - - /^experimental\/.*/ - - Metrics/Summaries/FrameworkCoverage.ql -- exclude: - tags contain: - - modeleditor - - modelgenerator diff --git a/go/ql/src/codeql-suites/go-security-and-quality.qls b/go/ql/src/codeql-suites/go-security-and-quality.qls index 1043f46b27f..cb026a7700c 100644 --- a/go/ql/src/codeql-suites/go-security-and-quality.qls +++ b/go/ql/src/codeql-suites/go-security-and-quality.qls @@ -1,4 +1,28 @@ - description: Security-and-quality queries for Go - queries: . -- apply: security-and-quality-selectors.yml +- apply: security-and-frozen-quality-selectors.yml from: codeql/suite-helpers +- include: + id: + - go/comparison-of-identical-expressions + - go/constant-length-comparison + - go/duplicate-branches + - go/duplicate-condition + - go/duplicate-switch-case + - go/impossible-interface-nil-check + - go/inconsistent-loop-direction + - go/index-out-of-bounds + - go/missing-error-check + - go/mistyped-exponentiation + - go/negative-length-check + - go/redundant-assignment + - go/redundant-operation + - go/redundant-recover + - go/shift-out-of-range + - go/unexpected-nil-value + - go/unhandled-writable-file-close + - go/unreachable-statement + - go/useless-assignment-to-field + - go/useless-assignment-to-local + - go/useless-expression + - go/whitespace-contradicts-precedence diff --git a/java/ql/src/codeql-suites/java-security-and-quality.qls b/java/ql/src/codeql-suites/java-security-and-quality.qls index 91751e6da1b..011206a105c 100644 --- a/java/ql/src/codeql-suites/java-security-and-quality.qls +++ b/java/ql/src/codeql-suites/java-security-and-quality.qls @@ -1,24 +1,7 @@ - description: Security-and-quality queries for Java - queries: . -- include: - kind: - - problem - - path-problem - precision: - - high - - very-high - tags contain: - - security -- include: - kind: - - problem - - path-problem - precision: medium - problem.severity: - - error - - warning - tags contain: - - security +- apply: security-and-frozen-quality-selectors.yml + from: codeql/suite-helpers - include: id: - java/abs-of-random @@ -143,22 +126,3 @@ - java/wrong-object-serialization-signature - java/wrong-readresolve-signature - java/wrong-swing-event-adapter-signature -- include: - kind: - - diagnostic -- include: - kind: - - metric - tags contain: - - summary -- exclude: - deprecated: // -- exclude: - query path: - - /^experimental\/.*/ - - Metrics/Summaries/FrameworkCoverage.ql - - /Diagnostics/Internal/.*/ -- exclude: - tags contain: - - modeleditor - - modelgenerator diff --git a/javascript/ql/src/codeql-suites/javascript-security-and-quality.qls b/javascript/ql/src/codeql-suites/javascript-security-and-quality.qls index 38d45ecfbe6..10097f6eaad 100644 --- a/javascript/ql/src/codeql-suites/javascript-security-and-quality.qls +++ b/javascript/ql/src/codeql-suites/javascript-security-and-quality.qls @@ -1,24 +1,7 @@ - description: Security-and-quality queries for JavaScript - queries: . -- include: - kind: - - problem - - path-problem - precision: - - high - - very-high - tags contain: - - security -- include: - kind: - - problem - - path-problem - precision: medium - problem.severity: - - error - - warning - tags contain: - - security +- apply: security-and-frozen-quality-selectors.yml + from: codeql/suite-helpers - include: id: - js/node/assignment-to-exports-variable @@ -123,16 +106,3 @@ - js/diagnostics/successfully-extracted-files - js/summary/lines-of-code - js/summary/lines-of-user-code -- include: - kind: - - diagnostic -- include: - kind: - - metric - tags contain: - - summary -- exclude: - deprecated: // -- exclude: - query path: - - /^experimental\/.*/ diff --git a/misc/suite-helpers/security-and-frozen-quality-selectors.yml b/misc/suite-helpers/security-and-frozen-quality-selectors.yml new file mode 100644 index 00000000000..f688b5db046 --- /dev/null +++ b/misc/suite-helpers/security-and-frozen-quality-selectors.yml @@ -0,0 +1,5 @@ +- description: Selectors for selecting the non-quality queries for the security-and-quality queries for a language +- apply: security-extended-selectors.yml +- exclude: + tags contain: + - 'model-generator' diff --git a/python/ql/src/codeql-suites/python-security-and-quality.qls b/python/ql/src/codeql-suites/python-security-and-quality.qls index 2a97a497db0..557ca61f2b1 100644 --- a/python/ql/src/codeql-suites/python-security-and-quality.qls +++ b/python/ql/src/codeql-suites/python-security-and-quality.qls @@ -1,4 +1,128 @@ - description: Security-and-quality queries for Python - queries: . -- apply: security-and-quality-selectors.yml +- apply: security-and-frozen-quality-selectors.yml from: codeql/suite-helpers +- include: + id: + - py/asserts-tuple + - py/attribute-shadows-method + - py/call-to-non-callable + - py/call/wrong-arguments + - py/call/wrong-named-argument + - py/call/wrong-named-class-argument + - py/call/wrong-number-class-arguments + - py/catch-base-exception + - py/commented-out-code + - py/comparison-missing-self + - py/comparison-of-constants + - py/comparison-of-identical-expressions + - py/comparison-using-is + - py/conflicting-attributes + - py/constant-conditional-expression + - py/cyclic-import + - py/deprecated-slice-method + - py/duplicate-key-dict-literal + - py/empty-except + - py/encoding-error + - py/equals-hash-mismatch + - py/exit-from-finally + - py/explicit-call-to-delete + - py/explicit-return-in-init + - py/file-not-closed + - py/hash-unhashable-value + - py/illegal-raise + - py/implicit-string-concatenation-in-list + - py/import-and-import-from + - py/import-deprecated-module + - py/import-of-mutable-attribute + - py/import-own-module + - py/imprecise-assert + - py/incomplete-ordering + - py/inconsistent-equality + - py/inconsistent-mro + - py/ineffectual-statement + - py/inheritance/incorrect-overridden-signature + - py/inheritance/incorrect-overriding-signature + - py/inheritance/signature-mismatch + - py/init-calls-subclass + - py/init-method-is-generator + - py/iter-returns-non-iterator + - py/iter-returns-non-self + - py/iteration-string-and-sequence + - py/leaking-list-comprehension + - py/loop-variable-capture + - py/member-test-non-container + - py/mismatched-multiple-assignment + - py/missing-call-to-delete + - py/missing-call-to-init + - py/missing-equals + - py/mixed-returns + - py/mixed-tuple-returns + - py/modification-of-default-value + - py/modification-of-locals + - py/multiple-calls-to-delete + - py/multiple-calls-to-init + - py/multiple-definition + - py/mutable-descriptor + - py/nested-loops-with-same-variable + - py/nested-loops-with-same-variable-reused + - py/non-iterable-in-for-loop + - py/not-named-cls + - py/not-named-self + - py/old-style-octal-literal + - py/overly-complex-delete + - py/overwritten-inherited-attribute + - py/percent-format/not-mapping + - py/percent-format/unsupported-character + - py/percent-format/wrong-arguments + - py/polluting-import + - py/print-during-import + - py/procedure-return-value-used + - py/property-in-old-style-class + - py/pythagorean + - py/raise-not-implemented + - py/raises-tuple + - py/redundant-assignment + - py/redundant-comparison + - py/redundant-else + - py/redundant-global-declaration + - py/regex/backspace-escape + - py/regex/duplicate-in-character-class + - py/regex/incomplete-special-group + - py/regex/unmatchable-caret + - py/regex/unmatchable-dollar + - py/repeated-import + - py/return-or-yield-outside-function + - py/should-use-with + - py/side-effect-in-assert + - py/slots-in-old-style-class + - py/special-method-wrong-signature + - py/str-format/missing-argument + - py/str-format/missing-named-argument + - py/str-format/mixed-fields + - py/str-format/surplus-argument + - py/str-format/surplus-named-argument + - py/super-in-old-style + - py/super-not-enclosing-class + - py/syntax-error + - py/test-equals-none + - py/truncated-division + - py/undefined-export + - py/undefined-placeholder-variable + - py/unexpected-raise-in-special-method + - py/unguarded-next-in-generator + - py/uninitialized-local-variable + - py/unnecessary-delete + - py/unnecessary-lambda + - py/unnecessary-pass + - py/unreachable-except + - py/unreachable-statement + - py/unsafe-cyclic-import + - py/unused-exception-object + - py/unused-global-variable + - py/unused-import + - py/unused-local-variable + - py/unused-loop-variable + - py/use-of-apply + - py/use-of-exit-or-quit + - py/useless-except diff --git a/ruby/ql/src/codeql-suites/ruby-security-and-quality.qls b/ruby/ql/src/codeql-suites/ruby-security-and-quality.qls index 588a074cb50..dd91109a3ac 100644 --- a/ruby/ql/src/codeql-suites/ruby-security-and-quality.qls +++ b/ruby/ql/src/codeql-suites/ruby-security-and-quality.qls @@ -1,4 +1,9 @@ - description: Security-and-quality queries for Ruby - queries: . -- apply: security-and-quality-selectors.yml +- apply: security-and-frozen-quality-selectors.yml from: codeql/suite-helpers +- include: + id: + - rb/database-query-in-loop + - rb/uninitialized-local-variable + - rb/useless-assignment-to-local