mirror of
https://github.com/github/codeql.git
synced 2026-05-05 21:55:19 +02:00
Merge pull request #6327 from ethanpalm/cwe-coverage-tables
CodeQL: Display CWE coverage information by language
This commit is contained in:
Ethan Palm
@@ -1,8 +1,10 @@
|
||||
# CodeQL CWE coverage
|
||||
CodeQL CWE coverage
|
||||
===================
|
||||
|
||||
An overview of the coverage of MITRE's Common Weakness Enumeration (CWE) for the latest release of CodeQL.
|
||||
You can view the full coverage of MITRE's Common Weakness Enumeration (CWE) or coverage by language for the latest release of CodeQL.
|
||||
|
||||
## About CWEs
|
||||
About CWEs
|
||||
##########
|
||||
|
||||
The CWE categorization contains several types of entity, collectively known as CWEs. The CWEs that we consider in this report are only those of the types:
|
||||
|
||||
@@ -11,15 +13,22 @@ The CWE categorization contains several types of entity, collectively known as C
|
||||
- Weakness Variant
|
||||
- Compound Element
|
||||
|
||||
Other types of CWE do not correspond directly to weaknesses, so are omitted.
|
||||
Other types of CWE that do not correspond directly to weaknesses are omitted.
|
||||
|
||||
The CWE categorization includes relationships between entities, in particular a parent-child relationship.
|
||||
These relationships are associated with Views (another kind of CWE entity). For the purposes of coverage claims, we use the "[Research View](https://cwe.mitre.org/data/definitions/1000.html)."
|
||||
These relationships are associated with Views (another kind of CWE entity). For the purposes of coverage claims, we use the "`Research View <https://cwe.mitre.org/data/definitions/1000.html>`_."
|
||||
|
||||
Every security query is associated with one or more CWEs, which are the most precise CWEs that are covered by that query.
|
||||
Overall coverage is claimed for the most-precise CWEs, as well as for any of their ancestors in the View.
|
||||
|
||||
## Overview
|
||||
|
||||
<!-- autogenerated CWE coverage table will be added below -->
|
||||
.. toctree::
|
||||
:hidden:
|
||||
:titlesonly:
|
||||
|
||||
full-cwe
|
||||
cpp-cwe
|
||||
csharp-cwe
|
||||
go-cwe
|
||||
java-cwe
|
||||
javascript-cwe
|
||||
python-cwe
|
||||
8
docs/codeql/query-help/cpp-cwe.md
Normal file
8
docs/codeql/query-help/cpp-cwe.md
Normal file
@@ -0,0 +1,8 @@
|
||||
# CWE coverage for C and C++
|
||||
|
||||
An overview of CWE coverage for C and C++ in the latest release of CodeQL.
|
||||
|
||||
## Overview
|
||||
|
||||
<!-- autogenerated CWE coverage table will be added below -->
|
||||
|
||||
8
docs/codeql/query-help/csharp-cwe.md
Normal file
8
docs/codeql/query-help/csharp-cwe.md
Normal file
@@ -0,0 +1,8 @@
|
||||
# CWE coverage for C#
|
||||
|
||||
An overview of CWE coverage for C# in the latest release of CodeQL.
|
||||
|
||||
## Overview
|
||||
|
||||
<!-- autogenerated CWE coverage table will be added below -->
|
||||
|
||||
8
docs/codeql/query-help/full-cwe.md
Normal file
8
docs/codeql/query-help/full-cwe.md
Normal file
@@ -0,0 +1,8 @@
|
||||
# CodeQL full CWE coverage
|
||||
|
||||
An overview of the full coverage of MITRE's Common Weakness Enumeration (CWE) for the latest release of CodeQL.
|
||||
|
||||
## Overview
|
||||
|
||||
<!-- autogenerated CWE coverage table will be added below -->
|
||||
|
||||
8
docs/codeql/query-help/go-cwe.md
Normal file
8
docs/codeql/query-help/go-cwe.md
Normal file
@@ -0,0 +1,8 @@
|
||||
# CWE coverage for Go
|
||||
|
||||
An overview of CWE coverage for Go in the latest release of CodeQL.
|
||||
|
||||
## Overview
|
||||
|
||||
<!-- autogenerated CWE coverage table will be added below -->
|
||||
|
||||
8
docs/codeql/query-help/java-cwe.md
Normal file
8
docs/codeql/query-help/java-cwe.md
Normal file
@@ -0,0 +1,8 @@
|
||||
# CWE coverage for Java
|
||||
|
||||
An overview of CWE coverage for Java in the latest release of CodeQL.
|
||||
|
||||
## Overview
|
||||
|
||||
<!-- autogenerated CWE coverage table will be added below -->
|
||||
|
||||
8
docs/codeql/query-help/javascript-cwe.md
Normal file
8
docs/codeql/query-help/javascript-cwe.md
Normal file
@@ -0,0 +1,8 @@
|
||||
# CWE coverage for JavaScript
|
||||
|
||||
An overview of CWE coverage for JavaScript in the latest release of CodeQL.
|
||||
|
||||
## Overview
|
||||
|
||||
<!-- autogenerated CWE coverage table will be added below -->
|
||||
|
||||
8
docs/codeql/query-help/python-cwe.md
Normal file
8
docs/codeql/query-help/python-cwe.md
Normal file
@@ -0,0 +1,8 @@
|
||||
# CWE coverage for Python
|
||||
|
||||
An overview of CWE coverage for Python in the latest release of CodeQL.
|
||||
|
||||
## Overview
|
||||
|
||||
<!-- autogenerated CWE coverage table will be added below -->
|
||||
|
||||
@@ -2,7 +2,9 @@ CodeQL query help Sphinx documentation
|
||||
--------------------------------------
|
||||
|
||||
This project supplies the configuration and some boiler plate
|
||||
index files for the CodeQL query help documentation.
|
||||
index files for the CodeQL query help and CWE coverage documentation.
|
||||
|
||||
The query help itself is automatically generated by the
|
||||
"Generate CodeQL query help documentation using Sphinx" workflow.
|
||||
"Generate CodeQL query help documentation using Sphinx" workflow.
|
||||
|
||||
The CWE coverage tables are generated and appended to pages by the "Docs generate query help" workflow in the `semmle-code` repository.
|
||||
|
||||
Reference in New Issue
Block a user