mirror of
https://github.com/github/codeql.git
synced 2025-12-16 16:53:25 +01:00
Merge pull request #19355 from tamasvajk/test/add-query-suite-tests
Add query suite integration tests for swift, actions, csharp, go, javascript, ruby, rust
This commit is contained in:
Tamás Vajk
@@ -0,0 +1 @@
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
ql/actions/ql/src/Security/CWE-077/EnvPathInjectionCritical.ql
|
||||
ql/actions/ql/src/Security/CWE-077/EnvVarInjectionCritical.ql
|
||||
ql/actions/ql/src/Security/CWE-094/CodeInjectionCritical.ql
|
||||
ql/actions/ql/src/Security/CWE-1395/UseOfKnownVulnerableAction.ql
|
||||
ql/actions/ql/src/Security/CWE-275/MissingActionsPermissions.ql
|
||||
ql/actions/ql/src/Security/CWE-285/ImproperAccessControl.ql
|
||||
ql/actions/ql/src/Security/CWE-312/ExcessiveSecretsExposure.ql
|
||||
ql/actions/ql/src/Security/CWE-312/SecretsInArtifacts.ql
|
||||
ql/actions/ql/src/Security/CWE-312/UnmaskedSecretExposure.ql
|
||||
ql/actions/ql/src/Security/CWE-349/CachePoisoningViaCodeInjection.ql
|
||||
ql/actions/ql/src/Security/CWE-349/CachePoisoningViaDirectCache.ql
|
||||
ql/actions/ql/src/Security/CWE-349/CachePoisoningViaPoisonableStep.ql
|
||||
ql/actions/ql/src/Security/CWE-367/UntrustedCheckoutTOCTOUCritical.ql
|
||||
ql/actions/ql/src/Security/CWE-367/UntrustedCheckoutTOCTOUHigh.ql
|
||||
ql/actions/ql/src/Security/CWE-829/ArtifactPoisoningCritical.ql
|
||||
ql/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql
|
||||
ql/actions/ql/src/Security/CWE-829/UntrustedCheckoutHigh.ql
|
||||
@@ -0,0 +1,33 @@
|
||||
ql/actions/ql/src/Debug/SyntaxError.ql
|
||||
ql/actions/ql/src/Models/CompositeActionsSinks.ql
|
||||
ql/actions/ql/src/Models/CompositeActionsSources.ql
|
||||
ql/actions/ql/src/Models/CompositeActionsSummaries.ql
|
||||
ql/actions/ql/src/Models/ReusableWorkflowsSinks.ql
|
||||
ql/actions/ql/src/Models/ReusableWorkflowsSources.ql
|
||||
ql/actions/ql/src/Models/ReusableWorkflowsSummaries.ql
|
||||
ql/actions/ql/src/Security/CWE-077/EnvPathInjectionCritical.ql
|
||||
ql/actions/ql/src/Security/CWE-077/EnvPathInjectionMedium.ql
|
||||
ql/actions/ql/src/Security/CWE-077/EnvVarInjectionCritical.ql
|
||||
ql/actions/ql/src/Security/CWE-077/EnvVarInjectionMedium.ql
|
||||
ql/actions/ql/src/Security/CWE-094/CodeInjectionCritical.ql
|
||||
ql/actions/ql/src/Security/CWE-094/CodeInjectionMedium.ql
|
||||
ql/actions/ql/src/Security/CWE-1395/UseOfKnownVulnerableAction.ql
|
||||
ql/actions/ql/src/Security/CWE-275/MissingActionsPermissions.ql
|
||||
ql/actions/ql/src/Security/CWE-285/ImproperAccessControl.ql
|
||||
ql/actions/ql/src/Security/CWE-312/ExcessiveSecretsExposure.ql
|
||||
ql/actions/ql/src/Security/CWE-312/SecretsInArtifacts.ql
|
||||
ql/actions/ql/src/Security/CWE-312/UnmaskedSecretExposure.ql
|
||||
ql/actions/ql/src/Security/CWE-349/CachePoisoningViaCodeInjection.ql
|
||||
ql/actions/ql/src/Security/CWE-349/CachePoisoningViaDirectCache.ql
|
||||
ql/actions/ql/src/Security/CWE-349/CachePoisoningViaPoisonableStep.ql
|
||||
ql/actions/ql/src/Security/CWE-367/UntrustedCheckoutTOCTOUCritical.ql
|
||||
ql/actions/ql/src/Security/CWE-367/UntrustedCheckoutTOCTOUHigh.ql
|
||||
ql/actions/ql/src/Security/CWE-571/ExpressionIsAlwaysTrueCritical.ql
|
||||
ql/actions/ql/src/Security/CWE-571/ExpressionIsAlwaysTrueHigh.ql
|
||||
ql/actions/ql/src/Security/CWE-829/ArtifactPoisoningCritical.ql
|
||||
ql/actions/ql/src/Security/CWE-829/ArtifactPoisoningMedium.ql
|
||||
ql/actions/ql/src/Security/CWE-829/UnpinnedActionsTag.ql
|
||||
ql/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql
|
||||
ql/actions/ql/src/Security/CWE-829/UntrustedCheckoutHigh.ql
|
||||
ql/actions/ql/src/Security/CWE-829/UntrustedCheckoutMedium.ql
|
||||
ql/actions/ql/src/Violations Of Best Practice/CodeQL/UnnecessaryUseOfAdvancedConfig.ql
|
||||
@@ -0,0 +1,23 @@
|
||||
ql/actions/ql/src/Security/CWE-077/EnvPathInjectionCritical.ql
|
||||
ql/actions/ql/src/Security/CWE-077/EnvPathInjectionMedium.ql
|
||||
ql/actions/ql/src/Security/CWE-077/EnvVarInjectionCritical.ql
|
||||
ql/actions/ql/src/Security/CWE-077/EnvVarInjectionMedium.ql
|
||||
ql/actions/ql/src/Security/CWE-094/CodeInjectionCritical.ql
|
||||
ql/actions/ql/src/Security/CWE-094/CodeInjectionMedium.ql
|
||||
ql/actions/ql/src/Security/CWE-1395/UseOfKnownVulnerableAction.ql
|
||||
ql/actions/ql/src/Security/CWE-275/MissingActionsPermissions.ql
|
||||
ql/actions/ql/src/Security/CWE-285/ImproperAccessControl.ql
|
||||
ql/actions/ql/src/Security/CWE-312/ExcessiveSecretsExposure.ql
|
||||
ql/actions/ql/src/Security/CWE-312/SecretsInArtifacts.ql
|
||||
ql/actions/ql/src/Security/CWE-312/UnmaskedSecretExposure.ql
|
||||
ql/actions/ql/src/Security/CWE-349/CachePoisoningViaCodeInjection.ql
|
||||
ql/actions/ql/src/Security/CWE-349/CachePoisoningViaDirectCache.ql
|
||||
ql/actions/ql/src/Security/CWE-349/CachePoisoningViaPoisonableStep.ql
|
||||
ql/actions/ql/src/Security/CWE-367/UntrustedCheckoutTOCTOUCritical.ql
|
||||
ql/actions/ql/src/Security/CWE-367/UntrustedCheckoutTOCTOUHigh.ql
|
||||
ql/actions/ql/src/Security/CWE-829/ArtifactPoisoningCritical.ql
|
||||
ql/actions/ql/src/Security/CWE-829/ArtifactPoisoningMedium.ql
|
||||
ql/actions/ql/src/Security/CWE-829/UnpinnedActionsTag.ql
|
||||
ql/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql
|
||||
ql/actions/ql/src/Security/CWE-829/UntrustedCheckoutHigh.ql
|
||||
ql/actions/ql/src/Security/CWE-829/UntrustedCheckoutMedium.ql
|
||||
@@ -0,0 +1,11 @@
|
||||
ql/actions/ql/src/Debug/partial.ql
|
||||
ql/actions/ql/src/experimental/Security/CWE-074/OutputClobberingHigh.ql
|
||||
ql/actions/ql/src/experimental/Security/CWE-078/CommandInjectionCritical.ql
|
||||
ql/actions/ql/src/experimental/Security/CWE-078/CommandInjectionMedium.ql
|
||||
ql/actions/ql/src/experimental/Security/CWE-088/ArgumentInjectionCritical.ql
|
||||
ql/actions/ql/src/experimental/Security/CWE-088/ArgumentInjectionMedium.ql
|
||||
ql/actions/ql/src/experimental/Security/CWE-200/SecretExfiltration.ql
|
||||
ql/actions/ql/src/experimental/Security/CWE-284/CodeExecutionOnSelfHostedRunner.ql
|
||||
ql/actions/ql/src/experimental/Security/CWE-829/ArtifactPoisoningPathTraversal.ql
|
||||
ql/actions/ql/src/experimental/Security/CWE-829/UnversionedImmutableAction.ql
|
||||
ql/actions/ql/src/experimental/Security/CWE-918/RequestForgery.ql
|
||||
14
actions/ql/integration-tests/query-suite/test.py
Normal file
14
actions/ql/integration-tests/query-suite/test.py
Normal file
@@ -0,0 +1,14 @@
|
||||
import runs_on
|
||||
import pytest
|
||||
from query_suites import *
|
||||
|
||||
well_known_query_suites = ['actions-code-quality.qls', 'actions-security-and-quality.qls', 'actions-security-extended.qls', 'actions-code-scanning.qls']
|
||||
|
||||
@runs_on.posix
|
||||
@pytest.mark.parametrize("query_suite", well_known_query_suites)
|
||||
def test(codeql, actions, check_query_suite, query_suite):
|
||||
check_query_suite(query_suite)
|
||||
|
||||
@runs_on.posix
|
||||
def test_not_included_queries(codeql, actions, check_queries_not_included):
|
||||
check_queries_not_included('actions', well_known_query_suites)
|
||||
@@ -0,0 +1,13 @@
|
||||
ql/csharp/ql/src/API Abuse/FormatInvalid.ql
|
||||
ql/csharp/ql/src/API Abuse/NoDisposeCallOnLocalIDisposable.ql
|
||||
ql/csharp/ql/src/Bad Practices/Control-Flow/ConstantCondition.ql
|
||||
ql/csharp/ql/src/Dead Code/DeadStoreOfLocal.ql
|
||||
ql/csharp/ql/src/Likely Bugs/Collections/ContainerLengthCmpOffByOne.ql
|
||||
ql/csharp/ql/src/Likely Bugs/Collections/ContainerSizeCmpZero.ql
|
||||
ql/csharp/ql/src/Likely Bugs/DangerousNonShortCircuitLogic.ql
|
||||
ql/csharp/ql/src/Likely Bugs/ReferenceEqualsOnValueTypes.ql
|
||||
ql/csharp/ql/src/Likely Bugs/SelfAssignment.ql
|
||||
ql/csharp/ql/src/Likely Bugs/UncheckedCastInEquals.ql
|
||||
ql/csharp/ql/src/Performance/UseTryGetValue.ql
|
||||
ql/csharp/ql/src/Useless code/DefaultToString.ql
|
||||
ql/csharp/ql/src/Useless code/IntGetHashCode.ql
|
||||
@@ -0,0 +1,57 @@
|
||||
ql/csharp/ql/src/Diagnostics/CompilerError.ql
|
||||
ql/csharp/ql/src/Diagnostics/CompilerMessage.ql
|
||||
ql/csharp/ql/src/Diagnostics/DiagnosticExtractionErrors.ql
|
||||
ql/csharp/ql/src/Diagnostics/ExtractedFiles.ql
|
||||
ql/csharp/ql/src/Diagnostics/ExtractorError.ql
|
||||
ql/csharp/ql/src/Diagnostics/ExtractorMessage.ql
|
||||
ql/csharp/ql/src/Metrics/Summaries/LinesOfCode.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-011/ASPNetDebug.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-016/ASPNetPagesValidateRequest.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-022/TaintedPath.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-022/ZipSlip.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-078/CommandInjection.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-079/XSS.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-089/SqlInjection.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-090/LDAPInjection.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-091/XMLInjection.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-094/CodeInjection.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-099/ResourceInjection.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-114/AssemblyPathInjection.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-117/LogForging.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-119/LocalUnvalidatedArithmetic.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-134/UncontrolledFormatString.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-201/ExposureInTransmittedData.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-209/ExceptionInformationExposure.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-248/MissingASPNETGlobalErrorHandler.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-312/CleartextStorage.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-352/MissingAntiForgeryTokenValidation.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-359/ExposureOfPrivateInformation.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-384/AbandonSession.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-451/MissingXFrameOptions.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-502/DeserializedDelegate.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-548/ASPNetDirectoryListing.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-601/UrlRedirect.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-611/UntrustedDataInsecureXml.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-614/RequireSSL.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-643/XPathInjection.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-730/ReDoS.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-730/RegexInjection.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-807/ConditionalBypass.ql
|
||||
ql/csharp/ql/src/Security Features/CookieWithOverlyBroadDomain.ql
|
||||
ql/csharp/ql/src/Security Features/CookieWithOverlyBroadPath.ql
|
||||
ql/csharp/ql/src/Security Features/Encryption using ECB.ql
|
||||
ql/csharp/ql/src/Security Features/HeaderCheckingDisabled.ql
|
||||
ql/csharp/ql/src/Security Features/InadequateRSAPadding.ql
|
||||
ql/csharp/ql/src/Security Features/InsecureRandomness.ql
|
||||
ql/csharp/ql/src/Security Features/InsufficientKeySize.ql
|
||||
ql/csharp/ql/src/Security Features/PersistentCookie.ql
|
||||
ql/csharp/ql/src/Security Features/WeakEncryption.ql
|
||||
ql/csharp/ql/src/Telemetry/DatabaseQualityDiagnostics.ql
|
||||
ql/csharp/ql/src/Telemetry/ExternalLibraryUsage.ql
|
||||
ql/csharp/ql/src/Telemetry/ExtractorInformation.ql
|
||||
ql/csharp/ql/src/Telemetry/SupportedExternalApis.ql
|
||||
ql/csharp/ql/src/Telemetry/SupportedExternalSinks.ql
|
||||
ql/csharp/ql/src/Telemetry/SupportedExternalSources.ql
|
||||
ql/csharp/ql/src/Telemetry/SupportedExternalTaint.ql
|
||||
ql/csharp/ql/src/Telemetry/UnsupportedExternalAPIs.ql
|
||||
@@ -0,0 +1,173 @@
|
||||
ql/csharp/ql/src/API Abuse/CallToGCCollect.ql
|
||||
ql/csharp/ql/src/API Abuse/CallToObsoleteMethod.ql
|
||||
ql/csharp/ql/src/API Abuse/ClassDoesNotImplementEquals.ql
|
||||
ql/csharp/ql/src/API Abuse/ClassImplementsICloneable.ql
|
||||
ql/csharp/ql/src/API Abuse/DisposeNotCalledOnException.ql
|
||||
ql/csharp/ql/src/API Abuse/FormatInvalid.ql
|
||||
ql/csharp/ql/src/API Abuse/InconsistentEqualsGetHashCode.ql
|
||||
ql/csharp/ql/src/API Abuse/IncorrectCompareToSignature.ql
|
||||
ql/csharp/ql/src/API Abuse/IncorrectEqualsSignature.ql
|
||||
ql/csharp/ql/src/API Abuse/NoDisposeCallOnLocalIDisposable.ql
|
||||
ql/csharp/ql/src/API Abuse/NullArgumentToEquals.ql
|
||||
ql/csharp/ql/src/ASP/BlockCodeResponseWrite.ql
|
||||
ql/csharp/ql/src/Architecture/Refactoring Opportunities/InappropriateIntimacy.ql
|
||||
ql/csharp/ql/src/Bad Practices/CallsUnmanagedCode.ql
|
||||
ql/csharp/ql/src/Bad Practices/CatchOfNullReferenceException.ql
|
||||
ql/csharp/ql/src/Bad Practices/Control-Flow/ConstantCondition.ql
|
||||
ql/csharp/ql/src/Bad Practices/Declarations/LocalScopeVariableShadowsMember.ql
|
||||
ql/csharp/ql/src/Bad Practices/Declarations/TooManyRefParameters.ql
|
||||
ql/csharp/ql/src/Bad Practices/EmptyCatchBlock.ql
|
||||
ql/csharp/ql/src/Bad Practices/ErroneousClassCompare.ql
|
||||
ql/csharp/ql/src/Bad Practices/Implementation Hiding/AbstractToConcreteCollection.ql
|
||||
ql/csharp/ql/src/Bad Practices/Implementation Hiding/ExposeRepresentation.ql
|
||||
ql/csharp/ql/src/Bad Practices/Naming Conventions/FieldMasksSuperField.ql
|
||||
ql/csharp/ql/src/Bad Practices/Naming Conventions/SameNameAsSuper.ql
|
||||
ql/csharp/ql/src/Bad Practices/PathCombine.ql
|
||||
ql/csharp/ql/src/Bad Practices/UnmanagedCodeCheck.ql
|
||||
ql/csharp/ql/src/Bad Practices/VirtualCallInConstructorOrDestructor.ql
|
||||
ql/csharp/ql/src/CSI/CompareIdenticalValues.ql
|
||||
ql/csharp/ql/src/CSI/NullAlways.ql
|
||||
ql/csharp/ql/src/CSI/NullMaybe.ql
|
||||
ql/csharp/ql/src/Complexity/BlockWithTooManyStatements.ql
|
||||
ql/csharp/ql/src/Complexity/ComplexCondition.ql
|
||||
ql/csharp/ql/src/Concurrency/FutileSyncOnField.ql
|
||||
ql/csharp/ql/src/Concurrency/LockOrder.ql
|
||||
ql/csharp/ql/src/Concurrency/LockThis.ql
|
||||
ql/csharp/ql/src/Concurrency/LockedWait.ql
|
||||
ql/csharp/ql/src/Concurrency/SynchSetUnsynchGet.ql
|
||||
ql/csharp/ql/src/Concurrency/UnsafeLazyInitialization.ql
|
||||
ql/csharp/ql/src/Concurrency/UnsynchronizedStaticAccess.ql
|
||||
ql/csharp/ql/src/Configuration/EmptyPasswordInConfigurationFile.ql
|
||||
ql/csharp/ql/src/Configuration/PasswordInConfigurationFile.ql
|
||||
ql/csharp/ql/src/Dead Code/DeadStoreOfLocal.ql
|
||||
ql/csharp/ql/src/Diagnostics/CompilerError.ql
|
||||
ql/csharp/ql/src/Diagnostics/CompilerMessage.ql
|
||||
ql/csharp/ql/src/Diagnostics/DiagnosticExtractionErrors.ql
|
||||
ql/csharp/ql/src/Diagnostics/ExtractedFiles.ql
|
||||
ql/csharp/ql/src/Diagnostics/ExtractorError.ql
|
||||
ql/csharp/ql/src/Diagnostics/ExtractorMessage.ql
|
||||
ql/csharp/ql/src/Documentation/XmldocMissingSummary.ql
|
||||
ql/csharp/ql/src/Input Validation/UseOfFileUpload.ql
|
||||
ql/csharp/ql/src/Input Validation/ValueShadowing.ql
|
||||
ql/csharp/ql/src/Input Validation/ValueShadowingServerVariable.ql
|
||||
ql/csharp/ql/src/Language Abuse/CastThisToTypeParameter.ql
|
||||
ql/csharp/ql/src/Language Abuse/CatchOfGenericException.ql
|
||||
ql/csharp/ql/src/Language Abuse/ChainedIs.ql
|
||||
ql/csharp/ql/src/Language Abuse/DubiousDowncastOfThis.ql
|
||||
ql/csharp/ql/src/Language Abuse/DubiousTypeTestOfThis.ql
|
||||
ql/csharp/ql/src/Language Abuse/MissedReadonlyOpportunity.ql
|
||||
ql/csharp/ql/src/Language Abuse/MissedTernaryOpportunity.ql
|
||||
ql/csharp/ql/src/Language Abuse/MissedUsingOpportunity.ql
|
||||
ql/csharp/ql/src/Language Abuse/NestedIf.ql
|
||||
ql/csharp/ql/src/Language Abuse/RethrowException.ql
|
||||
ql/csharp/ql/src/Language Abuse/SimplifyBoolExpr.ql
|
||||
ql/csharp/ql/src/Language Abuse/UnusedPropertyValue.ql
|
||||
ql/csharp/ql/src/Language Abuse/UselessCastToSelf.ql
|
||||
ql/csharp/ql/src/Language Abuse/UselessNullCoalescingExpression.ql
|
||||
ql/csharp/ql/src/Language Abuse/UselessTypeTest.ql
|
||||
ql/csharp/ql/src/Language Abuse/UselessUpcast.ql
|
||||
ql/csharp/ql/src/Likely Bugs/Collections/ContainerLengthCmpOffByOne.ql
|
||||
ql/csharp/ql/src/Likely Bugs/Collections/ContainerSizeCmpZero.ql
|
||||
ql/csharp/ql/src/Likely Bugs/Collections/ReadOnlyContainer.ql
|
||||
ql/csharp/ql/src/Likely Bugs/Collections/WriteOnlyContainer.ql
|
||||
ql/csharp/ql/src/Likely Bugs/ConstantComparison.ql
|
||||
ql/csharp/ql/src/Likely Bugs/DangerousNonShortCircuitLogic.ql
|
||||
ql/csharp/ql/src/Likely Bugs/Dynamic/BadDynamicCall.ql
|
||||
ql/csharp/ql/src/Likely Bugs/EqualityCheckOnFloats.ql
|
||||
ql/csharp/ql/src/Likely Bugs/EqualsArray.ql
|
||||
ql/csharp/ql/src/Likely Bugs/EqualsUsesAs.ql
|
||||
ql/csharp/ql/src/Likely Bugs/EqualsUsesIs.ql
|
||||
ql/csharp/ql/src/Likely Bugs/HashedButNoHash.ql
|
||||
ql/csharp/ql/src/Likely Bugs/ImpossibleArrayCast.ql
|
||||
ql/csharp/ql/src/Likely Bugs/IncomparableEquals.ql
|
||||
ql/csharp/ql/src/Likely Bugs/InconsistentCompareTo.ql
|
||||
ql/csharp/ql/src/Likely Bugs/LeapYear/UnsafeYearConstruction.ql
|
||||
ql/csharp/ql/src/Likely Bugs/MishandlingJapaneseEra.ql
|
||||
ql/csharp/ql/src/Likely Bugs/NestedLoopsSameVariable.ql
|
||||
ql/csharp/ql/src/Likely Bugs/ObjectComparison.ql
|
||||
ql/csharp/ql/src/Likely Bugs/PossibleLossOfPrecision.ql
|
||||
ql/csharp/ql/src/Likely Bugs/RecursiveEquals.ql
|
||||
ql/csharp/ql/src/Likely Bugs/RecursiveOperatorEquals.ql
|
||||
ql/csharp/ql/src/Likely Bugs/ReferenceEqualsOnValueTypes.ql
|
||||
ql/csharp/ql/src/Likely Bugs/SelfAssignment.ql
|
||||
ql/csharp/ql/src/Likely Bugs/Statements/EmptyBlock.ql
|
||||
ql/csharp/ql/src/Likely Bugs/Statements/EmptyLockStatement.ql
|
||||
ql/csharp/ql/src/Likely Bugs/Statements/UseBraces.ql
|
||||
ql/csharp/ql/src/Likely Bugs/StaticFieldWrittenByInstance.ql
|
||||
ql/csharp/ql/src/Likely Bugs/StringBuilderCharInit.ql
|
||||
ql/csharp/ql/src/Likely Bugs/ThreadUnsafeICryptoTransform.ql
|
||||
ql/csharp/ql/src/Likely Bugs/ThreadUnsafeICryptoTransformLambda.ql
|
||||
ql/csharp/ql/src/Likely Bugs/UncheckedCastInEquals.ql
|
||||
ql/csharp/ql/src/Linq/BadMultipleIteration.ql
|
||||
ql/csharp/ql/src/Linq/MissedAllOpportunity.ql
|
||||
ql/csharp/ql/src/Linq/MissedCastOpportunity.ql
|
||||
ql/csharp/ql/src/Linq/MissedOfTypeOpportunity.ql
|
||||
ql/csharp/ql/src/Linq/MissedSelectOpportunity.ql
|
||||
ql/csharp/ql/src/Linq/MissedWhereOpportunity.ql
|
||||
ql/csharp/ql/src/Linq/RedundantSelect.ql
|
||||
ql/csharp/ql/src/Metrics/Summaries/LinesOfCode.ql
|
||||
ql/csharp/ql/src/Performance/StringBuilderInLoop.ql
|
||||
ql/csharp/ql/src/Performance/StringConcatenationInLoop.ql
|
||||
ql/csharp/ql/src/Performance/UseTryGetValue.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-011/ASPNetDebug.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-016/ASPNetPagesValidateRequest.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-020/RuntimeChecksBypass.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-022/TaintedPath.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-022/ZipSlip.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-078/CommandInjection.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-079/XSS.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-089/SqlInjection.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-090/LDAPInjection.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-091/XMLInjection.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-094/CodeInjection.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-099/ResourceInjection.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-112/MissingXMLValidation.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-114/AssemblyPathInjection.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-117/LogForging.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-119/LocalUnvalidatedArithmetic.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-134/UncontrolledFormatString.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-201/ExposureInTransmittedData.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-209/ExceptionInformationExposure.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-248/MissingASPNETGlobalErrorHandler.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-285/MissingAccessControl.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-312/CleartextStorage.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-327/InsecureSQLConnection.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-352/MissingAntiForgeryTokenValidation.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-359/ExposureOfPrivateInformation.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-384/AbandonSession.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-451/MissingXFrameOptions.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-502/DeserializedDelegate.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-548/ASPNetDirectoryListing.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-601/UrlRedirect.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-611/UntrustedDataInsecureXml.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-614/RequireSSL.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-639/InsecureDirectObjectReference.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-643/XPathInjection.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-730/ReDoS.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-730/RegexInjection.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-798/HardcodedConnectionString.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-798/HardcodedCredentials.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-807/ConditionalBypass.ql
|
||||
ql/csharp/ql/src/Security Features/CookieWithOverlyBroadDomain.ql
|
||||
ql/csharp/ql/src/Security Features/CookieWithOverlyBroadPath.ql
|
||||
ql/csharp/ql/src/Security Features/Encryption using ECB.ql
|
||||
ql/csharp/ql/src/Security Features/HeaderCheckingDisabled.ql
|
||||
ql/csharp/ql/src/Security Features/InadequateRSAPadding.ql
|
||||
ql/csharp/ql/src/Security Features/InsecureRandomness.ql
|
||||
ql/csharp/ql/src/Security Features/InsufficientKeySize.ql
|
||||
ql/csharp/ql/src/Security Features/PersistentCookie.ql
|
||||
ql/csharp/ql/src/Security Features/WeakEncryption.ql
|
||||
ql/csharp/ql/src/Telemetry/DatabaseQualityDiagnostics.ql
|
||||
ql/csharp/ql/src/Telemetry/ExternalLibraryUsage.ql
|
||||
ql/csharp/ql/src/Telemetry/ExtractorInformation.ql
|
||||
ql/csharp/ql/src/Telemetry/SupportedExternalApis.ql
|
||||
ql/csharp/ql/src/Telemetry/SupportedExternalSinks.ql
|
||||
ql/csharp/ql/src/Telemetry/SupportedExternalSources.ql
|
||||
ql/csharp/ql/src/Telemetry/SupportedExternalTaint.ql
|
||||
ql/csharp/ql/src/Telemetry/UnsupportedExternalAPIs.ql
|
||||
ql/csharp/ql/src/Useless code/DefaultToString.ql
|
||||
ql/csharp/ql/src/Useless code/FutileConditional.ql
|
||||
ql/csharp/ql/src/Useless code/IntGetHashCode.ql
|
||||
ql/csharp/ql/src/Useless code/RedundantToStringCall.ql
|
||||
ql/csharp/ql/src/Useless code/UnusedLabel.ql
|
||||
@@ -0,0 +1,71 @@
|
||||
ql/csharp/ql/src/Configuration/EmptyPasswordInConfigurationFile.ql
|
||||
ql/csharp/ql/src/Configuration/PasswordInConfigurationFile.ql
|
||||
ql/csharp/ql/src/Diagnostics/CompilerError.ql
|
||||
ql/csharp/ql/src/Diagnostics/CompilerMessage.ql
|
||||
ql/csharp/ql/src/Diagnostics/DiagnosticExtractionErrors.ql
|
||||
ql/csharp/ql/src/Diagnostics/ExtractedFiles.ql
|
||||
ql/csharp/ql/src/Diagnostics/ExtractorError.ql
|
||||
ql/csharp/ql/src/Diagnostics/ExtractorMessage.ql
|
||||
ql/csharp/ql/src/Input Validation/UseOfFileUpload.ql
|
||||
ql/csharp/ql/src/Input Validation/ValueShadowing.ql
|
||||
ql/csharp/ql/src/Input Validation/ValueShadowingServerVariable.ql
|
||||
ql/csharp/ql/src/Likely Bugs/ThreadUnsafeICryptoTransform.ql
|
||||
ql/csharp/ql/src/Likely Bugs/ThreadUnsafeICryptoTransformLambda.ql
|
||||
ql/csharp/ql/src/Metrics/Summaries/LinesOfCode.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-011/ASPNetDebug.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-016/ASPNetPagesValidateRequest.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-020/RuntimeChecksBypass.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-022/TaintedPath.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-022/ZipSlip.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-078/CommandInjection.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-079/XSS.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-089/SqlInjection.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-090/LDAPInjection.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-091/XMLInjection.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-094/CodeInjection.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-099/ResourceInjection.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-112/MissingXMLValidation.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-114/AssemblyPathInjection.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-117/LogForging.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-119/LocalUnvalidatedArithmetic.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-134/UncontrolledFormatString.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-201/ExposureInTransmittedData.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-209/ExceptionInformationExposure.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-248/MissingASPNETGlobalErrorHandler.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-285/MissingAccessControl.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-312/CleartextStorage.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-327/InsecureSQLConnection.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-352/MissingAntiForgeryTokenValidation.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-359/ExposureOfPrivateInformation.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-384/AbandonSession.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-451/MissingXFrameOptions.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-502/DeserializedDelegate.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-548/ASPNetDirectoryListing.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-601/UrlRedirect.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-611/UntrustedDataInsecureXml.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-614/RequireSSL.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-639/InsecureDirectObjectReference.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-643/XPathInjection.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-730/ReDoS.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-730/RegexInjection.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-798/HardcodedConnectionString.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-798/HardcodedCredentials.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-807/ConditionalBypass.ql
|
||||
ql/csharp/ql/src/Security Features/CookieWithOverlyBroadDomain.ql
|
||||
ql/csharp/ql/src/Security Features/CookieWithOverlyBroadPath.ql
|
||||
ql/csharp/ql/src/Security Features/Encryption using ECB.ql
|
||||
ql/csharp/ql/src/Security Features/HeaderCheckingDisabled.ql
|
||||
ql/csharp/ql/src/Security Features/InadequateRSAPadding.ql
|
||||
ql/csharp/ql/src/Security Features/InsecureRandomness.ql
|
||||
ql/csharp/ql/src/Security Features/InsufficientKeySize.ql
|
||||
ql/csharp/ql/src/Security Features/PersistentCookie.ql
|
||||
ql/csharp/ql/src/Security Features/WeakEncryption.ql
|
||||
ql/csharp/ql/src/Telemetry/DatabaseQualityDiagnostics.ql
|
||||
ql/csharp/ql/src/Telemetry/ExternalLibraryUsage.ql
|
||||
ql/csharp/ql/src/Telemetry/ExtractorInformation.ql
|
||||
ql/csharp/ql/src/Telemetry/SupportedExternalApis.ql
|
||||
ql/csharp/ql/src/Telemetry/SupportedExternalSinks.ql
|
||||
ql/csharp/ql/src/Telemetry/SupportedExternalSources.ql
|
||||
ql/csharp/ql/src/Telemetry/SupportedExternalTaint.ql
|
||||
ql/csharp/ql/src/Telemetry/UnsupportedExternalAPIs.ql
|
||||
@@ -0,0 +1,128 @@
|
||||
ql/csharp/ql/src/API Abuse/MissingDisposeCall.ql
|
||||
ql/csharp/ql/src/API Abuse/MissingDisposeMethod.ql
|
||||
ql/csharp/ql/src/API Abuse/NonOverridingMethod.ql
|
||||
ql/csharp/ql/src/API Abuse/UncheckedReturnValue.ql
|
||||
ql/csharp/ql/src/ASP/ComplexInlineCode.ql
|
||||
ql/csharp/ql/src/ASP/NonInternationalizedText.ql
|
||||
ql/csharp/ql/src/ASP/SplitControlStructure.ql
|
||||
ql/csharp/ql/src/AlertSuppression.ql
|
||||
ql/csharp/ql/src/Architecture/Dependencies/MutualDependency.ql
|
||||
ql/csharp/ql/src/Architecture/Refactoring Opportunities/FeatureEnvy.ql
|
||||
ql/csharp/ql/src/Bad Practices/Comments/CommentedOutCode.ql
|
||||
ql/csharp/ql/src/Bad Practices/Comments/TodoComments.ql
|
||||
ql/csharp/ql/src/Bad Practices/Declarations/EmptyInterface.ql
|
||||
ql/csharp/ql/src/Bad Practices/Declarations/NoConstantsOnly.ql
|
||||
ql/csharp/ql/src/Bad Practices/Implementation Hiding/StaticArray.ql
|
||||
ql/csharp/ql/src/Bad Practices/LeftoverDebugCode.ql
|
||||
ql/csharp/ql/src/Bad Practices/Magic Constants/MagicConstantsNumbers.ql
|
||||
ql/csharp/ql/src/Bad Practices/Magic Constants/MagicConstantsString.ql
|
||||
ql/csharp/ql/src/Bad Practices/Magic Constants/MagicNumbersUseConstant.ql
|
||||
ql/csharp/ql/src/Bad Practices/Magic Constants/MagicStringsUseConstant.ql
|
||||
ql/csharp/ql/src/Bad Practices/Naming Conventions/ConfusingMethodNames.ql
|
||||
ql/csharp/ql/src/Bad Practices/Naming Conventions/ConfusingOverridesNames.ql
|
||||
ql/csharp/ql/src/Bad Practices/Naming Conventions/ConstantNaming.ql
|
||||
ql/csharp/ql/src/Bad Practices/Naming Conventions/ControlNamePrefixes.ql
|
||||
ql/csharp/ql/src/Bad Practices/Naming Conventions/DefaultControlNames.ql
|
||||
ql/csharp/ql/src/Bad Practices/Naming Conventions/VariableNameTooShort.ql
|
||||
ql/csharp/ql/src/Bad Practices/UseOfHtmlInputHidden.ql
|
||||
ql/csharp/ql/src/Bad Practices/UseOfSystemOutputStream.ql
|
||||
ql/csharp/ql/src/Dead Code/DeadRefTypes.ql
|
||||
ql/csharp/ql/src/Dead Code/NonAssignedFields.ql
|
||||
ql/csharp/ql/src/Dead Code/UnusedField.ql
|
||||
ql/csharp/ql/src/Dead Code/UnusedMethod.ql
|
||||
ql/csharp/ql/src/Documentation/XmldocExtraParam.ql
|
||||
ql/csharp/ql/src/Documentation/XmldocExtraTypeParam.ql
|
||||
ql/csharp/ql/src/Documentation/XmldocMissing.ql
|
||||
ql/csharp/ql/src/Documentation/XmldocMissingException.ql
|
||||
ql/csharp/ql/src/Documentation/XmldocMissingParam.ql
|
||||
ql/csharp/ql/src/Documentation/XmldocMissingReturn.ql
|
||||
ql/csharp/ql/src/Documentation/XmldocMissingTypeParam.ql
|
||||
ql/csharp/ql/src/Language Abuse/ForeachCapture.ql
|
||||
ql/csharp/ql/src/Language Abuse/UselessIsBeforeAs.ql
|
||||
ql/csharp/ql/src/Likely Bugs/BadCheckOdd.ql
|
||||
ql/csharp/ql/src/Likely Bugs/RandomUsedOnce.ql
|
||||
ql/csharp/ql/src/Metrics/Callables/CCyclomaticComplexity.ql
|
||||
ql/csharp/ql/src/Metrics/Callables/CLinesOfCode.ql
|
||||
ql/csharp/ql/src/Metrics/Callables/CLinesOfComment.ql
|
||||
ql/csharp/ql/src/Metrics/Callables/CNumberOfParameters.ql
|
||||
ql/csharp/ql/src/Metrics/Callables/CNumberOfStatements.ql
|
||||
ql/csharp/ql/src/Metrics/Callables/CPercentageOfComments.ql
|
||||
ql/csharp/ql/src/Metrics/Callables/StatementNestingDepth.ql
|
||||
ql/csharp/ql/src/Metrics/Dependencies/ExternalDependencies.ql
|
||||
ql/csharp/ql/src/Metrics/Dependencies/ExternalDependenciesSourceLinks.ql
|
||||
ql/csharp/ql/src/Metrics/Files/FCommentRatio.ql
|
||||
ql/csharp/ql/src/Metrics/Files/FCyclomaticComplexity.ql
|
||||
ql/csharp/ql/src/Metrics/Files/FLines.ql
|
||||
ql/csharp/ql/src/Metrics/Files/FLinesOfCode.ql
|
||||
ql/csharp/ql/src/Metrics/Files/FLinesOfComment.ql
|
||||
ql/csharp/ql/src/Metrics/Files/FLinesOfCommentedCode.ql
|
||||
ql/csharp/ql/src/Metrics/Files/FNumberOfClasses.ql
|
||||
ql/csharp/ql/src/Metrics/Files/FNumberOfInterfaces.ql
|
||||
ql/csharp/ql/src/Metrics/Files/FNumberOfStructs.ql
|
||||
ql/csharp/ql/src/Metrics/Files/FNumberOfTests.ql
|
||||
ql/csharp/ql/src/Metrics/Files/FNumberOfUsingNamespaces.ql
|
||||
ql/csharp/ql/src/Metrics/Files/FSelfContainedness.ql
|
||||
ql/csharp/ql/src/Metrics/RefTypes/TAfferentCoupling.ql
|
||||
ql/csharp/ql/src/Metrics/RefTypes/TEfferentCoupling.ql
|
||||
ql/csharp/ql/src/Metrics/RefTypes/TInheritanceDepth.ql
|
||||
ql/csharp/ql/src/Metrics/RefTypes/TLackOfCohesionCK.ql
|
||||
ql/csharp/ql/src/Metrics/RefTypes/TLackOfCohesionHS.ql
|
||||
ql/csharp/ql/src/Metrics/RefTypes/TNumberOfCallables.ql
|
||||
ql/csharp/ql/src/Metrics/RefTypes/TNumberOfEvents.ql
|
||||
ql/csharp/ql/src/Metrics/RefTypes/TNumberOfFields.ql
|
||||
ql/csharp/ql/src/Metrics/RefTypes/TNumberOfIndexers.ql
|
||||
ql/csharp/ql/src/Metrics/RefTypes/TNumberOfNonConstFields.ql
|
||||
ql/csharp/ql/src/Metrics/RefTypes/TNumberOfProperties.ql
|
||||
ql/csharp/ql/src/Metrics/RefTypes/TNumberOfStatements.ql
|
||||
ql/csharp/ql/src/Metrics/RefTypes/TResponse.ql
|
||||
ql/csharp/ql/src/Metrics/RefTypes/TSizeOfAPI.ql
|
||||
ql/csharp/ql/src/Metrics/RefTypes/TSpecialisationIndex.ql
|
||||
ql/csharp/ql/src/Metrics/RefTypes/TUnmanagedCode.ql
|
||||
ql/csharp/ql/src/Metrics/Summaries/FrameworkCoverage.ql
|
||||
ql/csharp/ql/src/Metrics/internal/ExtractorDiagnostics.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-016/ASPNetMaxRequestLength.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-016/ASPNetRequestValidationMode.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-020/ExternalAPIsUsedWithUntrustedData.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-020/UntrustedDataToExternalAPI.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-321/HardcodedEncryptionKey.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-321/HardcodedSymmetricEncryptionKey.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-327/DontInstallRootCert.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-502/UnsafeDeserialization.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-611/UseXmlSecureResolver.ql
|
||||
ql/csharp/ql/src/Security Features/CWE-838/InappropriateEncoding.ql
|
||||
ql/csharp/ql/src/Useless code/PointlessForwardingMethod.ql
|
||||
ql/csharp/ql/src/definitions.ql
|
||||
ql/csharp/ql/src/experimental/CWE-099/TaintedWebClient.ql
|
||||
ql/csharp/ql/src/experimental/CWE-918/RequestForgery.ql
|
||||
ql/csharp/ql/src/experimental/Security Features/CWE-1004/CookieWithoutHttpOnly.ql
|
||||
ql/csharp/ql/src/experimental/Security Features/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql
|
||||
ql/csharp/ql/src/experimental/Security Features/CWE-614/CookieWithoutSecure.ql
|
||||
ql/csharp/ql/src/experimental/Security Features/CWE-759/HashWithoutSalt.ql
|
||||
ql/csharp/ql/src/experimental/Security Features/JsonWebTokenHandler/delegated-security-validations-always-return-true.ql
|
||||
ql/csharp/ql/src/experimental/Security Features/JsonWebTokenHandler/security-validation-disabled.ql
|
||||
ql/csharp/ql/src/experimental/Security Features/Serialization/DefiningDatasetRelatedType.ql
|
||||
ql/csharp/ql/src/experimental/Security Features/Serialization/DefiningPotentiallyUnsafeXmlSerializer.ql
|
||||
ql/csharp/ql/src/experimental/Security Features/Serialization/UnsafeTypeUsedDataContractSerializer.ql
|
||||
ql/csharp/ql/src/experimental/Security Features/Serialization/XmlDeserializationWithDataSet.ql
|
||||
ql/csharp/ql/src/experimental/Security Features/backdoor/DangerousNativeFunctionCall.ql
|
||||
ql/csharp/ql/src/experimental/Security Features/backdoor/PotentialTimeBomb.ql
|
||||
ql/csharp/ql/src/experimental/Security Features/backdoor/ProcessNameToHashTaintFlow.ql
|
||||
ql/csharp/ql/src/filters/ClassifyFiles.ql
|
||||
ql/csharp/ql/src/meta/frameworks/Coverage.ql
|
||||
ql/csharp/ql/src/meta/frameworks/UnsupportedExternalAPIs.ql
|
||||
ql/csharp/ql/src/utils/modelconverter/ExtractNeutrals.ql
|
||||
ql/csharp/ql/src/utils/modelconverter/ExtractSinks.ql
|
||||
ql/csharp/ql/src/utils/modelconverter/ExtractSources.ql
|
||||
ql/csharp/ql/src/utils/modelconverter/ExtractSummaries.ql
|
||||
ql/csharp/ql/src/utils/modeleditor/ApplicationModeEndpoints.ql
|
||||
ql/csharp/ql/src/utils/modeleditor/FrameworkModeEndpoints.ql
|
||||
ql/csharp/ql/src/utils/modelgenerator/CaptureContentSummaryModels.ql
|
||||
ql/csharp/ql/src/utils/modelgenerator/CaptureMixedNeutralModels.ql
|
||||
ql/csharp/ql/src/utils/modelgenerator/CaptureMixedSummaryModels.ql
|
||||
ql/csharp/ql/src/utils/modelgenerator/CaptureNeutralModels.ql
|
||||
ql/csharp/ql/src/utils/modelgenerator/CaptureSinkModels.ql
|
||||
ql/csharp/ql/src/utils/modelgenerator/CaptureSourceModels.ql
|
||||
ql/csharp/ql/src/utils/modelgenerator/CaptureSummaryModels.ql
|
||||
ql/csharp/ql/src/utils/modelgenerator/CaptureTypeBasedSummaryModels.ql
|
||||
ql/csharp/ql/src/utils/modelgenerator/debug/CaptureSummaryModelsPartialPath.ql
|
||||
ql/csharp/ql/src/utils/modelgenerator/debug/CaptureSummaryModelsPath.ql
|
||||
14
csharp/ql/integration-tests/posix/query-suite/test.py
Normal file
14
csharp/ql/integration-tests/posix/query-suite/test.py
Normal file
@@ -0,0 +1,14 @@
|
||||
import runs_on
|
||||
import pytest
|
||||
from query_suites import *
|
||||
|
||||
well_known_query_suites = ['csharp-code-quality.qls', 'csharp-security-and-quality.qls', 'csharp-security-extended.qls', 'csharp-code-scanning.qls']
|
||||
|
||||
@runs_on.posix
|
||||
@pytest.mark.parametrize("query_suite", well_known_query_suites)
|
||||
def test(codeql, csharp, check_query_suite, query_suite):
|
||||
check_query_suite(query_suite)
|
||||
|
||||
@runs_on.posix
|
||||
def test_not_included_queries(codeql, csharp, check_queries_not_included):
|
||||
check_queries_not_included('csharp', well_known_query_suites)
|
||||
@@ -0,0 +1,6 @@
|
||||
ql/go/ql/src/InconsistentCode/LengthComparisonOffByOne.ql
|
||||
ql/go/ql/src/InconsistentCode/MissingErrorCheck.ql
|
||||
ql/go/ql/src/InconsistentCode/UnhandledCloseWritableHandle.ql
|
||||
ql/go/ql/src/InconsistentCode/WrappedErrorAlwaysNil.ql
|
||||
ql/go/ql/src/RedundantCode/NegativeLengthCheck.ql
|
||||
ql/go/ql/src/RedundantCode/RedundantRecover.ql
|
||||
@@ -0,0 +1,31 @@
|
||||
ql/go/ql/src/Diagnostics/ExtractionErrors.ql
|
||||
ql/go/ql/src/Diagnostics/SuccessfullyExtractedFiles.ql
|
||||
ql/go/ql/src/Security/CWE-020/IncompleteHostnameRegexp.ql
|
||||
ql/go/ql/src/Security/CWE-020/IncompleteUrlSchemeCheck.ql
|
||||
ql/go/ql/src/Security/CWE-020/MissingRegexpAnchor.ql
|
||||
ql/go/ql/src/Security/CWE-020/SuspiciousCharacterInRegexp.ql
|
||||
ql/go/ql/src/Security/CWE-022/TaintedPath.ql
|
||||
ql/go/ql/src/Security/CWE-022/UnsafeUnzipSymlink.ql
|
||||
ql/go/ql/src/Security/CWE-022/ZipSlip.ql
|
||||
ql/go/ql/src/Security/CWE-078/CommandInjection.ql
|
||||
ql/go/ql/src/Security/CWE-079/ReflectedXss.ql
|
||||
ql/go/ql/src/Security/CWE-089/SqlInjection.ql
|
||||
ql/go/ql/src/Security/CWE-089/StringBreak.ql
|
||||
ql/go/ql/src/Security/CWE-190/AllocationSizeOverflow.ql
|
||||
ql/go/ql/src/Security/CWE-209/StackTraceExposure.ql
|
||||
ql/go/ql/src/Security/CWE-295/DisabledCertificateCheck.ql
|
||||
ql/go/ql/src/Security/CWE-312/CleartextLogging.ql
|
||||
ql/go/ql/src/Security/CWE-322/InsecureHostKeyCallback.ql
|
||||
ql/go/ql/src/Security/CWE-326/InsufficientKeySize.ql
|
||||
ql/go/ql/src/Security/CWE-327/InsecureTLS.ql
|
||||
ql/go/ql/src/Security/CWE-338/InsecureRandomness.ql
|
||||
ql/go/ql/src/Security/CWE-347/MissingJwtSignatureCheck.ql
|
||||
ql/go/ql/src/Security/CWE-352/ConstantOauth2State.ql
|
||||
ql/go/ql/src/Security/CWE-601/BadRedirectCheck.ql
|
||||
ql/go/ql/src/Security/CWE-601/OpenUrlRedirect.ql
|
||||
ql/go/ql/src/Security/CWE-640/EmailInjection.ql
|
||||
ql/go/ql/src/Security/CWE-643/XPathInjection.ql
|
||||
ql/go/ql/src/Security/CWE-681/IncorrectIntegerConversionQuery.ql
|
||||
ql/go/ql/src/Security/CWE-770/UncontrolledAllocationSize.ql
|
||||
ql/go/ql/src/Security/CWE-918/RequestForgery.ql
|
||||
ql/go/ql/src/Summary/LinesOfCode.ql
|
||||
@@ -0,0 +1,55 @@
|
||||
ql/go/ql/src/Diagnostics/ExtractionErrors.ql
|
||||
ql/go/ql/src/Diagnostics/SuccessfullyExtractedFiles.ql
|
||||
ql/go/ql/src/InconsistentCode/ConstantLengthComparison.ql
|
||||
ql/go/ql/src/InconsistentCode/InconsistentLoopOrientation.ql
|
||||
ql/go/ql/src/InconsistentCode/LengthComparisonOffByOne.ql
|
||||
ql/go/ql/src/InconsistentCode/MissingErrorCheck.ql
|
||||
ql/go/ql/src/InconsistentCode/MistypedExponentiation.ql
|
||||
ql/go/ql/src/InconsistentCode/UnhandledCloseWritableHandle.ql
|
||||
ql/go/ql/src/InconsistentCode/WhitespaceContradictsPrecedence.ql
|
||||
ql/go/ql/src/InconsistentCode/WrappedErrorAlwaysNil.ql
|
||||
ql/go/ql/src/RedundantCode/CompareIdenticalValues.ql
|
||||
ql/go/ql/src/RedundantCode/DeadStoreOfField.ql
|
||||
ql/go/ql/src/RedundantCode/DeadStoreOfLocal.ql
|
||||
ql/go/ql/src/RedundantCode/DuplicateBranches.ql
|
||||
ql/go/ql/src/RedundantCode/DuplicateCondition.ql
|
||||
ql/go/ql/src/RedundantCode/DuplicateSwitchCase.ql
|
||||
ql/go/ql/src/RedundantCode/ExprHasNoEffect.ql
|
||||
ql/go/ql/src/RedundantCode/ImpossibleInterfaceNilCheck.ql
|
||||
ql/go/ql/src/RedundantCode/NegativeLengthCheck.ql
|
||||
ql/go/ql/src/RedundantCode/RedundantExpr.ql
|
||||
ql/go/ql/src/RedundantCode/RedundantRecover.ql
|
||||
ql/go/ql/src/RedundantCode/SelfAssignment.ql
|
||||
ql/go/ql/src/RedundantCode/ShiftOutOfRange.ql
|
||||
ql/go/ql/src/RedundantCode/UnreachableStatement.ql
|
||||
ql/go/ql/src/Security/CWE-020/IncompleteHostnameRegexp.ql
|
||||
ql/go/ql/src/Security/CWE-020/IncompleteUrlSchemeCheck.ql
|
||||
ql/go/ql/src/Security/CWE-020/MissingRegexpAnchor.ql
|
||||
ql/go/ql/src/Security/CWE-020/SuspiciousCharacterInRegexp.ql
|
||||
ql/go/ql/src/Security/CWE-022/TaintedPath.ql
|
||||
ql/go/ql/src/Security/CWE-022/UnsafeUnzipSymlink.ql
|
||||
ql/go/ql/src/Security/CWE-022/ZipSlip.ql
|
||||
ql/go/ql/src/Security/CWE-078/CommandInjection.ql
|
||||
ql/go/ql/src/Security/CWE-079/ReflectedXss.ql
|
||||
ql/go/ql/src/Security/CWE-089/SqlInjection.ql
|
||||
ql/go/ql/src/Security/CWE-089/StringBreak.ql
|
||||
ql/go/ql/src/Security/CWE-117/LogInjection.ql
|
||||
ql/go/ql/src/Security/CWE-190/AllocationSizeOverflow.ql
|
||||
ql/go/ql/src/Security/CWE-209/StackTraceExposure.ql
|
||||
ql/go/ql/src/Security/CWE-295/DisabledCertificateCheck.ql
|
||||
ql/go/ql/src/Security/CWE-312/CleartextLogging.ql
|
||||
ql/go/ql/src/Security/CWE-322/InsecureHostKeyCallback.ql
|
||||
ql/go/ql/src/Security/CWE-326/InsufficientKeySize.ql
|
||||
ql/go/ql/src/Security/CWE-327/InsecureTLS.ql
|
||||
ql/go/ql/src/Security/CWE-338/InsecureRandomness.ql
|
||||
ql/go/ql/src/Security/CWE-347/MissingJwtSignatureCheck.ql
|
||||
ql/go/ql/src/Security/CWE-352/ConstantOauth2State.ql
|
||||
ql/go/ql/src/Security/CWE-601/BadRedirectCheck.ql
|
||||
ql/go/ql/src/Security/CWE-601/OpenUrlRedirect.ql
|
||||
ql/go/ql/src/Security/CWE-640/EmailInjection.ql
|
||||
ql/go/ql/src/Security/CWE-643/XPathInjection.ql
|
||||
ql/go/ql/src/Security/CWE-681/IncorrectIntegerConversionQuery.ql
|
||||
ql/go/ql/src/Security/CWE-770/UncontrolledAllocationSize.ql
|
||||
ql/go/ql/src/Security/CWE-798/HardcodedCredentials.ql
|
||||
ql/go/ql/src/Security/CWE-918/RequestForgery.ql
|
||||
ql/go/ql/src/Summary/LinesOfCode.ql
|
||||
@@ -0,0 +1,33 @@
|
||||
ql/go/ql/src/Diagnostics/ExtractionErrors.ql
|
||||
ql/go/ql/src/Diagnostics/SuccessfullyExtractedFiles.ql
|
||||
ql/go/ql/src/Security/CWE-020/IncompleteHostnameRegexp.ql
|
||||
ql/go/ql/src/Security/CWE-020/IncompleteUrlSchemeCheck.ql
|
||||
ql/go/ql/src/Security/CWE-020/MissingRegexpAnchor.ql
|
||||
ql/go/ql/src/Security/CWE-020/SuspiciousCharacterInRegexp.ql
|
||||
ql/go/ql/src/Security/CWE-022/TaintedPath.ql
|
||||
ql/go/ql/src/Security/CWE-022/UnsafeUnzipSymlink.ql
|
||||
ql/go/ql/src/Security/CWE-022/ZipSlip.ql
|
||||
ql/go/ql/src/Security/CWE-078/CommandInjection.ql
|
||||
ql/go/ql/src/Security/CWE-079/ReflectedXss.ql
|
||||
ql/go/ql/src/Security/CWE-089/SqlInjection.ql
|
||||
ql/go/ql/src/Security/CWE-089/StringBreak.ql
|
||||
ql/go/ql/src/Security/CWE-117/LogInjection.ql
|
||||
ql/go/ql/src/Security/CWE-190/AllocationSizeOverflow.ql
|
||||
ql/go/ql/src/Security/CWE-209/StackTraceExposure.ql
|
||||
ql/go/ql/src/Security/CWE-295/DisabledCertificateCheck.ql
|
||||
ql/go/ql/src/Security/CWE-312/CleartextLogging.ql
|
||||
ql/go/ql/src/Security/CWE-322/InsecureHostKeyCallback.ql
|
||||
ql/go/ql/src/Security/CWE-326/InsufficientKeySize.ql
|
||||
ql/go/ql/src/Security/CWE-327/InsecureTLS.ql
|
||||
ql/go/ql/src/Security/CWE-338/InsecureRandomness.ql
|
||||
ql/go/ql/src/Security/CWE-347/MissingJwtSignatureCheck.ql
|
||||
ql/go/ql/src/Security/CWE-352/ConstantOauth2State.ql
|
||||
ql/go/ql/src/Security/CWE-601/BadRedirectCheck.ql
|
||||
ql/go/ql/src/Security/CWE-601/OpenUrlRedirect.ql
|
||||
ql/go/ql/src/Security/CWE-640/EmailInjection.ql
|
||||
ql/go/ql/src/Security/CWE-643/XPathInjection.ql
|
||||
ql/go/ql/src/Security/CWE-681/IncorrectIntegerConversionQuery.ql
|
||||
ql/go/ql/src/Security/CWE-770/UncontrolledAllocationSize.ql
|
||||
ql/go/ql/src/Security/CWE-798/HardcodedCredentials.ql
|
||||
ql/go/ql/src/Security/CWE-918/RequestForgery.ql
|
||||
ql/go/ql/src/Summary/LinesOfCode.ql
|
||||
@@ -0,0 +1,33 @@
|
||||
ql/go/ql/src/AlertSuppression.ql
|
||||
ql/go/ql/src/Metrics/FLinesOfCode.ql
|
||||
ql/go/ql/src/Metrics/FLinesOfComment.ql
|
||||
ql/go/ql/src/Security/CWE-020/ExternalAPIsUsedWithUntrustedData.ql
|
||||
ql/go/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql
|
||||
ql/go/ql/src/Security/CWE-020/UntrustedDataToUnknownExternalAPI.ql
|
||||
ql/go/ql/src/Security/CWE-078/StoredCommand.ql
|
||||
ql/go/ql/src/Security/CWE-079/StoredXss.ql
|
||||
ql/go/ql/src/definitions.ql
|
||||
ql/go/ql/src/experimental/CWE-090/LDAPInjection.ql
|
||||
ql/go/ql/src/experimental/CWE-1004/CookieWithoutHttpOnly.ql
|
||||
ql/go/ql/src/experimental/CWE-203/Timing.ql
|
||||
ql/go/ql/src/experimental/CWE-285/PamAuthBypass.ql
|
||||
ql/go/ql/src/experimental/CWE-287/ImproperLdapAuth.ql
|
||||
ql/go/ql/src/experimental/CWE-321-V2/HardCodedKeys.ql
|
||||
ql/go/ql/src/experimental/CWE-327/WeakCryptoAlgorithm.ql
|
||||
ql/go/ql/src/experimental/CWE-369/DivideByZero.ql
|
||||
ql/go/ql/src/experimental/CWE-400/DatabaseCallInLoop.ql
|
||||
ql/go/ql/src/experimental/CWE-522-DecompressionBombs/DecompressionBombs.ql
|
||||
ql/go/ql/src/experimental/CWE-525/WebCacheDeception.ql
|
||||
ql/go/ql/src/experimental/CWE-74/DsnInjection.ql
|
||||
ql/go/ql/src/experimental/CWE-74/DsnInjectionLocal.ql
|
||||
ql/go/ql/src/experimental/CWE-79/HTMLTemplateEscapingPassthrough.ql
|
||||
ql/go/ql/src/experimental/CWE-807/SensitiveConditionBypass.ql
|
||||
ql/go/ql/src/experimental/CWE-840/ConditionalBypass.ql
|
||||
ql/go/ql/src/experimental/CWE-918/SSRF.ql
|
||||
ql/go/ql/src/experimental/CWE-942/CorsMisconfiguration.ql
|
||||
ql/go/ql/src/experimental/InconsistentCode/DeferInLoop.ql
|
||||
ql/go/ql/src/experimental/InconsistentCode/GORMErrorNotChecked.ql
|
||||
ql/go/ql/src/experimental/IntegerOverflow/IntegerOverflow.ql
|
||||
ql/go/ql/src/experimental/Unsafe/WrongUsageOfUnsafe.ql
|
||||
ql/go/ql/src/filters/ClassifyFiles.ql
|
||||
ql/go/ql/src/meta/frameworks/Coverage.ql
|
||||
14
go/ql/integration-tests/query-suite/test.py
Normal file
14
go/ql/integration-tests/query-suite/test.py
Normal file
@@ -0,0 +1,14 @@
|
||||
import runs_on
|
||||
import pytest
|
||||
from query_suites import *
|
||||
|
||||
well_known_query_suites = ['go-code-quality.qls', 'go-security-and-quality.qls', 'go-security-extended.qls', 'go-code-scanning.qls']
|
||||
|
||||
@runs_on.posix
|
||||
@pytest.mark.parametrize("query_suite", well_known_query_suites)
|
||||
def test(codeql, go, check_query_suite, query_suite):
|
||||
check_query_suite(query_suite)
|
||||
|
||||
@runs_on.posix
|
||||
def test_not_included_queries(codeql, go, check_queries_not_included):
|
||||
check_queries_not_included('go', well_known_query_suites)
|
||||
@@ -1,29 +1,14 @@
|
||||
import os
|
||||
import runs_on
|
||||
import pytest
|
||||
from query_suites import *
|
||||
|
||||
well_known_query_suites = ['java-code-quality.qls', 'java-security-and-quality.qls', 'java-security-extended.qls', 'java-code-scanning.qls']
|
||||
|
||||
@runs_on.posix
|
||||
@pytest.mark.parametrize("query_suite", well_known_query_suites)
|
||||
def test(codeql, java, cwd, expected_files, semmle_code_dir, query_suite):
|
||||
actual = codeql.resolve.queries(query_suite, _capture=True).strip()
|
||||
actual = sorted(actual.splitlines())
|
||||
actual = [os.path.relpath(q, semmle_code_dir) for q in actual]
|
||||
actual_file_name = query_suite + '.actual'
|
||||
expected_files.add(actual_file_name)
|
||||
(cwd / actual_file_name).write_text('\n'.join(actual)+'\n')
|
||||
def test(codeql, java, check_query_suite, query_suite):
|
||||
check_query_suite(query_suite)
|
||||
|
||||
@runs_on.posix
|
||||
def test_not_included_queries(codeql, java, cwd, expected_files, semmle_code_dir):
|
||||
all_queries = codeql.resolve.queries(semmle_code_dir / 'ql' / 'java' / 'ql' / 'src', _capture=True).strip().splitlines()
|
||||
|
||||
included_in_qls = set()
|
||||
for query_suite in well_known_query_suites:
|
||||
included_in_qls |= set(codeql.resolve.queries(query_suite, _capture=True).strip().splitlines())
|
||||
|
||||
not_included = sorted(set(all_queries) - included_in_qls)
|
||||
not_included = [os.path.relpath(q, semmle_code_dir) for q in not_included]
|
||||
not_included_file_name = 'not_included_in_qls.actual'
|
||||
expected_files.add(not_included_file_name)
|
||||
(cwd / not_included_file_name).write_text('\n'.join(not_included)+'\n')
|
||||
def test_not_included_queries(codeql, java, check_queries_not_included):
|
||||
check_queries_not_included('java', well_known_query_suites)
|
||||
|
||||
@@ -0,0 +1,5 @@
|
||||
ql/javascript/ql/src/Declarations/IneffectiveParameterType.ql
|
||||
ql/javascript/ql/src/Expressions/ExprHasNoEffect.ql
|
||||
ql/javascript/ql/src/Expressions/MissingAwait.ql
|
||||
ql/javascript/ql/src/LanguageFeatures/SpuriousArguments.ql
|
||||
ql/javascript/ql/src/RegExp/RegExpAlwaysMatches.ql
|
||||
@@ -0,0 +1,90 @@
|
||||
ql/javascript/ql/src/AngularJS/DisablingSce.ql
|
||||
ql/javascript/ql/src/AngularJS/DoubleCompilation.ql
|
||||
ql/javascript/ql/src/AngularJS/InsecureUrlWhitelist.ql
|
||||
ql/javascript/ql/src/Diagnostics/ExtractedFiles.ql
|
||||
ql/javascript/ql/src/Diagnostics/ExtractionErrors.ql
|
||||
ql/javascript/ql/src/Electron/AllowRunningInsecureContent.ql
|
||||
ql/javascript/ql/src/Electron/DisablingWebSecurity.ql
|
||||
ql/javascript/ql/src/Performance/PolynomialReDoS.ql
|
||||
ql/javascript/ql/src/Performance/ReDoS.ql
|
||||
ql/javascript/ql/src/RegExp/IdentityReplacement.ql
|
||||
ql/javascript/ql/src/Security/CWE-020/IncompleteHostnameRegExp.ql
|
||||
ql/javascript/ql/src/Security/CWE-020/IncompleteUrlSchemeCheck.ql
|
||||
ql/javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.ql
|
||||
ql/javascript/ql/src/Security/CWE-020/IncorrectSuffixCheck.ql
|
||||
ql/javascript/ql/src/Security/CWE-020/OverlyLargeRange.ql
|
||||
ql/javascript/ql/src/Security/CWE-020/UselessRegExpCharacterEscape.ql
|
||||
ql/javascript/ql/src/Security/CWE-022/TaintedPath.ql
|
||||
ql/javascript/ql/src/Security/CWE-022/ZipSlip.ql
|
||||
ql/javascript/ql/src/Security/CWE-073/TemplateObjectInjection.ql
|
||||
ql/javascript/ql/src/Security/CWE-078/CommandInjection.ql
|
||||
ql/javascript/ql/src/Security/CWE-078/SecondOrderCommandInjection.ql
|
||||
ql/javascript/ql/src/Security/CWE-078/ShellCommandInjectionFromEnvironment.ql
|
||||
ql/javascript/ql/src/Security/CWE-078/UnsafeShellCommandConstruction.ql
|
||||
ql/javascript/ql/src/Security/CWE-078/UselessUseOfCat.ql
|
||||
ql/javascript/ql/src/Security/CWE-079/ExceptionXss.ql
|
||||
ql/javascript/ql/src/Security/CWE-079/ReflectedXss.ql
|
||||
ql/javascript/ql/src/Security/CWE-079/StoredXss.ql
|
||||
ql/javascript/ql/src/Security/CWE-079/UnsafeHtmlConstruction.ql
|
||||
ql/javascript/ql/src/Security/CWE-079/UnsafeJQueryPlugin.ql
|
||||
ql/javascript/ql/src/Security/CWE-079/Xss.ql
|
||||
ql/javascript/ql/src/Security/CWE-079/XssThroughDom.ql
|
||||
ql/javascript/ql/src/Security/CWE-089/SqlInjection.ql
|
||||
ql/javascript/ql/src/Security/CWE-094/CodeInjection.ql
|
||||
ql/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql
|
||||
ql/javascript/ql/src/Security/CWE-094/ImproperCodeSanitization.ql
|
||||
ql/javascript/ql/src/Security/CWE-094/UnsafeDynamicMethodAccess.ql
|
||||
ql/javascript/ql/src/Security/CWE-1004/ClientExposedCookie.ql
|
||||
ql/javascript/ql/src/Security/CWE-116/BadTagFilter.ql
|
||||
ql/javascript/ql/src/Security/CWE-116/DoubleEscaping.ql
|
||||
ql/javascript/ql/src/Security/CWE-116/IncompleteHtmlAttributeSanitization.ql
|
||||
ql/javascript/ql/src/Security/CWE-116/IncompleteMultiCharacterSanitization.ql
|
||||
ql/javascript/ql/src/Security/CWE-116/IncompleteSanitization.ql
|
||||
ql/javascript/ql/src/Security/CWE-116/UnsafeHtmlExpansion.ql
|
||||
ql/javascript/ql/src/Security/CWE-134/TaintedFormatString.ql
|
||||
ql/javascript/ql/src/Security/CWE-178/CaseSensitiveMiddlewarePath.ql
|
||||
ql/javascript/ql/src/Security/CWE-200/PrivateFileExposure.ql
|
||||
ql/javascript/ql/src/Security/CWE-201/PostMessageStar.ql
|
||||
ql/javascript/ql/src/Security/CWE-209/StackTraceExposure.ql
|
||||
ql/javascript/ql/src/Security/CWE-295/DisablingCertificateValidation.ql
|
||||
ql/javascript/ql/src/Security/CWE-300/InsecureDependencyResolution.ql
|
||||
ql/javascript/ql/src/Security/CWE-312/ActionsArtifactLeak.ql
|
||||
ql/javascript/ql/src/Security/CWE-312/BuildArtifactLeak.ql
|
||||
ql/javascript/ql/src/Security/CWE-312/CleartextLogging.ql
|
||||
ql/javascript/ql/src/Security/CWE-312/CleartextStorage.ql
|
||||
ql/javascript/ql/src/Security/CWE-326/InsufficientKeySize.ql
|
||||
ql/javascript/ql/src/Security/CWE-327/BadRandomness.ql
|
||||
ql/javascript/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql
|
||||
ql/javascript/ql/src/Security/CWE-338/InsecureRandomness.ql
|
||||
ql/javascript/ql/src/Security/CWE-346/CorsMisconfigurationForCredentials.ql
|
||||
ql/javascript/ql/src/Security/CWE-347/MissingJWTKeyVerification.ql
|
||||
ql/javascript/ql/src/Security/CWE-352/MissingCsrfMiddleware.ql
|
||||
ql/javascript/ql/src/Security/CWE-400/DeepObjectResourceExhaustion.ql
|
||||
ql/javascript/ql/src/Security/CWE-502/UnsafeDeserialization.ql
|
||||
ql/javascript/ql/src/Security/CWE-598/SensitiveGetQuery.ql
|
||||
ql/javascript/ql/src/Security/CWE-601/ClientSideUrlRedirect.ql
|
||||
ql/javascript/ql/src/Security/CWE-601/ServerSideUrlRedirect.ql
|
||||
ql/javascript/ql/src/Security/CWE-611/Xxe.ql
|
||||
ql/javascript/ql/src/Security/CWE-614/ClearTextCookie.ql
|
||||
ql/javascript/ql/src/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.ql
|
||||
ql/javascript/ql/src/Security/CWE-643/XpathInjection.ql
|
||||
ql/javascript/ql/src/Security/CWE-693/InsecureHelmet.ql
|
||||
ql/javascript/ql/src/Security/CWE-730/RegExpInjection.ql
|
||||
ql/javascript/ql/src/Security/CWE-730/ServerCrash.ql
|
||||
ql/javascript/ql/src/Security/CWE-754/UnvalidatedDynamicMethodCall.ql
|
||||
ql/javascript/ql/src/Security/CWE-770/MissingRateLimiting.ql
|
||||
ql/javascript/ql/src/Security/CWE-770/ResourceExhaustion.ql
|
||||
ql/javascript/ql/src/Security/CWE-776/XmlBomb.ql
|
||||
ql/javascript/ql/src/Security/CWE-798/HardcodedCredentials.ql
|
||||
ql/javascript/ql/src/Security/CWE-829/InsecureDownload.ql
|
||||
ql/javascript/ql/src/Security/CWE-830/FunctionalityFromUntrustedDomain.ql
|
||||
ql/javascript/ql/src/Security/CWE-830/FunctionalityFromUntrustedSource.ql
|
||||
ql/javascript/ql/src/Security/CWE-834/LoopBoundInjection.ql
|
||||
ql/javascript/ql/src/Security/CWE-843/TypeConfusionThroughParameterTampering.ql
|
||||
ql/javascript/ql/src/Security/CWE-915/PrototypePollutingAssignment.ql
|
||||
ql/javascript/ql/src/Security/CWE-915/PrototypePollutingFunction.ql
|
||||
ql/javascript/ql/src/Security/CWE-915/PrototypePollutingMergeCall.ql
|
||||
ql/javascript/ql/src/Security/CWE-916/InsufficientPasswordHash.ql
|
||||
ql/javascript/ql/src/Security/CWE-918/RequestForgery.ql
|
||||
ql/javascript/ql/src/Summary/LinesOfCode.ql
|
||||
ql/javascript/ql/src/Summary/LinesOfUserCode.ql
|
||||
@@ -0,0 +1,205 @@
|
||||
ql/javascript/ql/src/AngularJS/DependencyMismatch.ql
|
||||
ql/javascript/ql/src/AngularJS/DisablingSce.ql
|
||||
ql/javascript/ql/src/AngularJS/DoubleCompilation.ql
|
||||
ql/javascript/ql/src/AngularJS/DuplicateDependency.ql
|
||||
ql/javascript/ql/src/AngularJS/IncompatibleService.ql
|
||||
ql/javascript/ql/src/AngularJS/InsecureUrlWhitelist.ql
|
||||
ql/javascript/ql/src/AngularJS/MissingExplicitInjection.ql
|
||||
ql/javascript/ql/src/AngularJS/RepeatedInjection.ql
|
||||
ql/javascript/ql/src/AngularJS/UseNgSrc.ql
|
||||
ql/javascript/ql/src/DOM/DuplicateAttributes.ql
|
||||
ql/javascript/ql/src/DOM/MalformedIdAttribute.ql
|
||||
ql/javascript/ql/src/DOM/PseudoEval.ql
|
||||
ql/javascript/ql/src/Declarations/ArgumentsRedefined.ql
|
||||
ql/javascript/ql/src/Declarations/AssignmentToConst.ql
|
||||
ql/javascript/ql/src/Declarations/ClobberingVarInit.ql
|
||||
ql/javascript/ql/src/Declarations/ConflictingFunctions.ql
|
||||
ql/javascript/ql/src/Declarations/DeadStoreOfLocal.ql
|
||||
ql/javascript/ql/src/Declarations/DeadStoreOfProperty.ql
|
||||
ql/javascript/ql/src/Declarations/DeclBeforeUse.ql
|
||||
ql/javascript/ql/src/Declarations/DefaultArgumentReferencesNestedFunction.ql
|
||||
ql/javascript/ql/src/Declarations/DuplicateVarDecl.ql
|
||||
ql/javascript/ql/src/Declarations/IneffectiveParameterType.ql
|
||||
ql/javascript/ql/src/Declarations/MissingThisQualifier.ql
|
||||
ql/javascript/ql/src/Declarations/MissingVarDecl.ql
|
||||
ql/javascript/ql/src/Declarations/MixedStaticInstanceThisAccess.ql
|
||||
ql/javascript/ql/src/Declarations/SuspiciousMethodNameDeclaration.ql
|
||||
ql/javascript/ql/src/Declarations/TemporalDeadZone.ql
|
||||
ql/javascript/ql/src/Declarations/UniqueParameterNames.ql
|
||||
ql/javascript/ql/src/Declarations/UniquePropertyNames.ql
|
||||
ql/javascript/ql/src/Declarations/UnreachableMethodOverloads.ql
|
||||
ql/javascript/ql/src/Declarations/UnusedVariable.ql
|
||||
ql/javascript/ql/src/Diagnostics/ExtractedFiles.ql
|
||||
ql/javascript/ql/src/Diagnostics/ExtractionErrors.ql
|
||||
ql/javascript/ql/src/Electron/AllowRunningInsecureContent.ql
|
||||
ql/javascript/ql/src/Electron/DisablingWebSecurity.ql
|
||||
ql/javascript/ql/src/Expressions/ComparisonWithNaN.ql
|
||||
ql/javascript/ql/src/Expressions/DuplicateCondition.ql
|
||||
ql/javascript/ql/src/Expressions/DuplicateProperty.ql
|
||||
ql/javascript/ql/src/Expressions/DuplicateSwitchCase.ql
|
||||
ql/javascript/ql/src/Expressions/ExprHasNoEffect.ql
|
||||
ql/javascript/ql/src/Expressions/HeterogeneousComparison.ql
|
||||
ql/javascript/ql/src/Expressions/ImplicitOperandConversion.ql
|
||||
ql/javascript/ql/src/Expressions/MissingAwait.ql
|
||||
ql/javascript/ql/src/Expressions/MissingDotLengthInComparison.ql
|
||||
ql/javascript/ql/src/Expressions/MissingSpaceInAppend.ql
|
||||
ql/javascript/ql/src/Expressions/MisspelledVariableName.ql
|
||||
ql/javascript/ql/src/Expressions/RedundantExpression.ql
|
||||
ql/javascript/ql/src/Expressions/SelfAssignment.ql
|
||||
ql/javascript/ql/src/Expressions/ShiftOutOfRange.ql
|
||||
ql/javascript/ql/src/Expressions/StringInsteadOfRegex.ql
|
||||
ql/javascript/ql/src/Expressions/SuspiciousInvocation.ql
|
||||
ql/javascript/ql/src/Expressions/SuspiciousPropAccess.ql
|
||||
ql/javascript/ql/src/Expressions/UnboundEventHandlerReceiver.ql
|
||||
ql/javascript/ql/src/Expressions/UnclearOperatorPrecedence.ql
|
||||
ql/javascript/ql/src/Expressions/UnknownDirective.ql
|
||||
ql/javascript/ql/src/Expressions/UnneededDefensiveProgramming.ql
|
||||
ql/javascript/ql/src/Expressions/WhitespaceContradictsPrecedence.ql
|
||||
ql/javascript/ql/src/LanguageFeatures/BadTypeof.ql
|
||||
ql/javascript/ql/src/LanguageFeatures/ConditionalComments.ql
|
||||
ql/javascript/ql/src/LanguageFeatures/DeleteVar.ql
|
||||
ql/javascript/ql/src/LanguageFeatures/ExpressionClosures.ql
|
||||
ql/javascript/ql/src/LanguageFeatures/ForInComprehensionBlocks.ql
|
||||
ql/javascript/ql/src/LanguageFeatures/IllegalInvocation.ql
|
||||
ql/javascript/ql/src/LanguageFeatures/InconsistentNew.ql
|
||||
ql/javascript/ql/src/LanguageFeatures/InvalidPrototype.ql
|
||||
ql/javascript/ql/src/LanguageFeatures/LengthComparisonOffByOne.ql
|
||||
ql/javascript/ql/src/LanguageFeatures/NonLinearPattern.ql
|
||||
ql/javascript/ql/src/LanguageFeatures/PropertyWriteOnPrimitive.ql
|
||||
ql/javascript/ql/src/LanguageFeatures/SemicolonInsertion.ql
|
||||
ql/javascript/ql/src/LanguageFeatures/SetterReturn.ql
|
||||
ql/javascript/ql/src/LanguageFeatures/SpuriousArguments.ql
|
||||
ql/javascript/ql/src/LanguageFeatures/StrictModeCallStackIntrospection.ql
|
||||
ql/javascript/ql/src/LanguageFeatures/SyntaxError.ql
|
||||
ql/javascript/ql/src/LanguageFeatures/TemplateSyntaxInStringLiteral.ql
|
||||
ql/javascript/ql/src/LanguageFeatures/ThisBeforeSuper.ql
|
||||
ql/javascript/ql/src/LanguageFeatures/UnusedIndexVariable.ql
|
||||
ql/javascript/ql/src/LanguageFeatures/WithStatement.ql
|
||||
ql/javascript/ql/src/LanguageFeatures/YieldInNonGenerator.ql
|
||||
ql/javascript/ql/src/NodeJS/InvalidExport.ql
|
||||
ql/javascript/ql/src/NodeJS/MissingExports.ql
|
||||
ql/javascript/ql/src/Performance/PolynomialReDoS.ql
|
||||
ql/javascript/ql/src/Performance/ReDoS.ql
|
||||
ql/javascript/ql/src/React/DirectStateMutation.ql
|
||||
ql/javascript/ql/src/React/InconsistentStateUpdate.ql
|
||||
ql/javascript/ql/src/React/UnsupportedStateUpdateInLifecycleMethod.ql
|
||||
ql/javascript/ql/src/React/UnusedOrUndefinedStateProperty.ql
|
||||
ql/javascript/ql/src/RegExp/BackrefBeforeGroup.ql
|
||||
ql/javascript/ql/src/RegExp/BackrefIntoNegativeLookahead.ql
|
||||
ql/javascript/ql/src/RegExp/DuplicateCharacterInCharacterClass.ql
|
||||
ql/javascript/ql/src/RegExp/EmptyCharacterClass.ql
|
||||
ql/javascript/ql/src/RegExp/IdentityReplacement.ql
|
||||
ql/javascript/ql/src/RegExp/RegExpAlwaysMatches.ql
|
||||
ql/javascript/ql/src/RegExp/UnboundBackref.ql
|
||||
ql/javascript/ql/src/RegExp/UnmatchableCaret.ql
|
||||
ql/javascript/ql/src/RegExp/UnmatchableDollar.ql
|
||||
ql/javascript/ql/src/Security/CWE-020/IncompleteHostnameRegExp.ql
|
||||
ql/javascript/ql/src/Security/CWE-020/IncompleteUrlSchemeCheck.ql
|
||||
ql/javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.ql
|
||||
ql/javascript/ql/src/Security/CWE-020/IncorrectSuffixCheck.ql
|
||||
ql/javascript/ql/src/Security/CWE-020/MissingOriginCheck.ql
|
||||
ql/javascript/ql/src/Security/CWE-020/MissingRegExpAnchor.ql
|
||||
ql/javascript/ql/src/Security/CWE-020/OverlyLargeRange.ql
|
||||
ql/javascript/ql/src/Security/CWE-020/UselessRegExpCharacterEscape.ql
|
||||
ql/javascript/ql/src/Security/CWE-022/TaintedPath.ql
|
||||
ql/javascript/ql/src/Security/CWE-022/ZipSlip.ql
|
||||
ql/javascript/ql/src/Security/CWE-073/TemplateObjectInjection.ql
|
||||
ql/javascript/ql/src/Security/CWE-078/CommandInjection.ql
|
||||
ql/javascript/ql/src/Security/CWE-078/IndirectCommandInjection.ql
|
||||
ql/javascript/ql/src/Security/CWE-078/SecondOrderCommandInjection.ql
|
||||
ql/javascript/ql/src/Security/CWE-078/ShellCommandInjectionFromEnvironment.ql
|
||||
ql/javascript/ql/src/Security/CWE-078/UnsafeShellCommandConstruction.ql
|
||||
ql/javascript/ql/src/Security/CWE-078/UselessUseOfCat.ql
|
||||
ql/javascript/ql/src/Security/CWE-079/ExceptionXss.ql
|
||||
ql/javascript/ql/src/Security/CWE-079/ReflectedXss.ql
|
||||
ql/javascript/ql/src/Security/CWE-079/StoredXss.ql
|
||||
ql/javascript/ql/src/Security/CWE-079/UnsafeHtmlConstruction.ql
|
||||
ql/javascript/ql/src/Security/CWE-079/UnsafeJQueryPlugin.ql
|
||||
ql/javascript/ql/src/Security/CWE-079/Xss.ql
|
||||
ql/javascript/ql/src/Security/CWE-079/XssThroughDom.ql
|
||||
ql/javascript/ql/src/Security/CWE-089/SqlInjection.ql
|
||||
ql/javascript/ql/src/Security/CWE-094/CodeInjection.ql
|
||||
ql/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql
|
||||
ql/javascript/ql/src/Security/CWE-094/ImproperCodeSanitization.ql
|
||||
ql/javascript/ql/src/Security/CWE-094/UnsafeCodeConstruction.ql
|
||||
ql/javascript/ql/src/Security/CWE-094/UnsafeDynamicMethodAccess.ql
|
||||
ql/javascript/ql/src/Security/CWE-1004/ClientExposedCookie.ql
|
||||
ql/javascript/ql/src/Security/CWE-116/BadTagFilter.ql
|
||||
ql/javascript/ql/src/Security/CWE-116/DoubleEscaping.ql
|
||||
ql/javascript/ql/src/Security/CWE-116/IncompleteHtmlAttributeSanitization.ql
|
||||
ql/javascript/ql/src/Security/CWE-116/IncompleteMultiCharacterSanitization.ql
|
||||
ql/javascript/ql/src/Security/CWE-116/IncompleteSanitization.ql
|
||||
ql/javascript/ql/src/Security/CWE-116/UnsafeHtmlExpansion.ql
|
||||
ql/javascript/ql/src/Security/CWE-117/LogInjection.ql
|
||||
ql/javascript/ql/src/Security/CWE-1275/SameSiteNoneCookie.ql
|
||||
ql/javascript/ql/src/Security/CWE-134/TaintedFormatString.ql
|
||||
ql/javascript/ql/src/Security/CWE-178/CaseSensitiveMiddlewarePath.ql
|
||||
ql/javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql
|
||||
ql/javascript/ql/src/Security/CWE-200/PrivateFileExposure.ql
|
||||
ql/javascript/ql/src/Security/CWE-201/PostMessageStar.ql
|
||||
ql/javascript/ql/src/Security/CWE-209/StackTraceExposure.ql
|
||||
ql/javascript/ql/src/Security/CWE-295/DisablingCertificateValidation.ql
|
||||
ql/javascript/ql/src/Security/CWE-300/InsecureDependencyResolution.ql
|
||||
ql/javascript/ql/src/Security/CWE-312/ActionsArtifactLeak.ql
|
||||
ql/javascript/ql/src/Security/CWE-312/BuildArtifactLeak.ql
|
||||
ql/javascript/ql/src/Security/CWE-312/CleartextLogging.ql
|
||||
ql/javascript/ql/src/Security/CWE-312/CleartextStorage.ql
|
||||
ql/javascript/ql/src/Security/CWE-313/PasswordInConfigurationFile.ql
|
||||
ql/javascript/ql/src/Security/CWE-326/InsufficientKeySize.ql
|
||||
ql/javascript/ql/src/Security/CWE-327/BadRandomness.ql
|
||||
ql/javascript/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql
|
||||
ql/javascript/ql/src/Security/CWE-338/InsecureRandomness.ql
|
||||
ql/javascript/ql/src/Security/CWE-346/CorsMisconfigurationForCredentials.ql
|
||||
ql/javascript/ql/src/Security/CWE-347/MissingJWTKeyVerification.ql
|
||||
ql/javascript/ql/src/Security/CWE-352/MissingCsrfMiddleware.ql
|
||||
ql/javascript/ql/src/Security/CWE-367/FileSystemRace.ql
|
||||
ql/javascript/ql/src/Security/CWE-377/InsecureTemporaryFile.ql
|
||||
ql/javascript/ql/src/Security/CWE-384/SessionFixation.ql
|
||||
ql/javascript/ql/src/Security/CWE-400/DeepObjectResourceExhaustion.ql
|
||||
ql/javascript/ql/src/Security/CWE-400/RemotePropertyInjection.ql
|
||||
ql/javascript/ql/src/Security/CWE-502/UnsafeDeserialization.ql
|
||||
ql/javascript/ql/src/Security/CWE-506/HardcodedDataInterpretedAsCode.ql
|
||||
ql/javascript/ql/src/Security/CWE-598/SensitiveGetQuery.ql
|
||||
ql/javascript/ql/src/Security/CWE-601/ClientSideUrlRedirect.ql
|
||||
ql/javascript/ql/src/Security/CWE-601/ServerSideUrlRedirect.ql
|
||||
ql/javascript/ql/src/Security/CWE-611/Xxe.ql
|
||||
ql/javascript/ql/src/Security/CWE-614/ClearTextCookie.ql
|
||||
ql/javascript/ql/src/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.ql
|
||||
ql/javascript/ql/src/Security/CWE-643/XpathInjection.ql
|
||||
ql/javascript/ql/src/Security/CWE-693/InsecureHelmet.ql
|
||||
ql/javascript/ql/src/Security/CWE-730/RegExpInjection.ql
|
||||
ql/javascript/ql/src/Security/CWE-730/ServerCrash.ql
|
||||
ql/javascript/ql/src/Security/CWE-754/UnvalidatedDynamicMethodCall.ql
|
||||
ql/javascript/ql/src/Security/CWE-770/MissingRateLimiting.ql
|
||||
ql/javascript/ql/src/Security/CWE-770/ResourceExhaustion.ql
|
||||
ql/javascript/ql/src/Security/CWE-776/XmlBomb.ql
|
||||
ql/javascript/ql/src/Security/CWE-798/HardcodedCredentials.ql
|
||||
ql/javascript/ql/src/Security/CWE-807/ConditionalBypass.ql
|
||||
ql/javascript/ql/src/Security/CWE-829/InsecureDownload.ql
|
||||
ql/javascript/ql/src/Security/CWE-830/FunctionalityFromUntrustedDomain.ql
|
||||
ql/javascript/ql/src/Security/CWE-830/FunctionalityFromUntrustedSource.ql
|
||||
ql/javascript/ql/src/Security/CWE-834/LoopBoundInjection.ql
|
||||
ql/javascript/ql/src/Security/CWE-843/TypeConfusionThroughParameterTampering.ql
|
||||
ql/javascript/ql/src/Security/CWE-862/EmptyPasswordInConfigurationFile.ql
|
||||
ql/javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql
|
||||
ql/javascript/ql/src/Security/CWE-915/PrototypePollutingAssignment.ql
|
||||
ql/javascript/ql/src/Security/CWE-915/PrototypePollutingFunction.ql
|
||||
ql/javascript/ql/src/Security/CWE-915/PrototypePollutingMergeCall.ql
|
||||
ql/javascript/ql/src/Security/CWE-916/InsufficientPasswordHash.ql
|
||||
ql/javascript/ql/src/Security/CWE-918/ClientSideRequestForgery.ql
|
||||
ql/javascript/ql/src/Security/CWE-918/RequestForgery.ql
|
||||
ql/javascript/ql/src/Statements/DanglingElse.ql
|
||||
ql/javascript/ql/src/Statements/IgnoreArrayResult.ql
|
||||
ql/javascript/ql/src/Statements/InconsistentLoopOrientation.ql
|
||||
ql/javascript/ql/src/Statements/LabelInCase.ql
|
||||
ql/javascript/ql/src/Statements/LoopIterationSkippedDueToShifting.ql
|
||||
ql/javascript/ql/src/Statements/MisleadingIndentationAfterControlStmt.ql
|
||||
ql/javascript/ql/src/Statements/ReturnAssignsLocal.ql
|
||||
ql/javascript/ql/src/Statements/SuspiciousUnusedLoopIterationVariable.ql
|
||||
ql/javascript/ql/src/Statements/UnreachableStatement.ql
|
||||
ql/javascript/ql/src/Statements/UseOfReturnlessFunction.ql
|
||||
ql/javascript/ql/src/Statements/UselessComparisonTest.ql
|
||||
ql/javascript/ql/src/Statements/UselessConditional.ql
|
||||
ql/javascript/ql/src/Summary/LinesOfCode.ql
|
||||
ql/javascript/ql/src/Summary/LinesOfUserCode.ql
|
||||
ql/javascript/ql/src/Vue/ArrowMethodOnVueInstance.ql
|
||||
@@ -0,0 +1,107 @@
|
||||
ql/javascript/ql/src/AngularJS/DisablingSce.ql
|
||||
ql/javascript/ql/src/AngularJS/DoubleCompilation.ql
|
||||
ql/javascript/ql/src/AngularJS/InsecureUrlWhitelist.ql
|
||||
ql/javascript/ql/src/Diagnostics/ExtractedFiles.ql
|
||||
ql/javascript/ql/src/Diagnostics/ExtractionErrors.ql
|
||||
ql/javascript/ql/src/Electron/AllowRunningInsecureContent.ql
|
||||
ql/javascript/ql/src/Electron/DisablingWebSecurity.ql
|
||||
ql/javascript/ql/src/Performance/PolynomialReDoS.ql
|
||||
ql/javascript/ql/src/Performance/ReDoS.ql
|
||||
ql/javascript/ql/src/RegExp/IdentityReplacement.ql
|
||||
ql/javascript/ql/src/Security/CWE-020/IncompleteHostnameRegExp.ql
|
||||
ql/javascript/ql/src/Security/CWE-020/IncompleteUrlSchemeCheck.ql
|
||||
ql/javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.ql
|
||||
ql/javascript/ql/src/Security/CWE-020/IncorrectSuffixCheck.ql
|
||||
ql/javascript/ql/src/Security/CWE-020/MissingOriginCheck.ql
|
||||
ql/javascript/ql/src/Security/CWE-020/MissingRegExpAnchor.ql
|
||||
ql/javascript/ql/src/Security/CWE-020/OverlyLargeRange.ql
|
||||
ql/javascript/ql/src/Security/CWE-020/UselessRegExpCharacterEscape.ql
|
||||
ql/javascript/ql/src/Security/CWE-022/TaintedPath.ql
|
||||
ql/javascript/ql/src/Security/CWE-022/ZipSlip.ql
|
||||
ql/javascript/ql/src/Security/CWE-073/TemplateObjectInjection.ql
|
||||
ql/javascript/ql/src/Security/CWE-078/CommandInjection.ql
|
||||
ql/javascript/ql/src/Security/CWE-078/IndirectCommandInjection.ql
|
||||
ql/javascript/ql/src/Security/CWE-078/SecondOrderCommandInjection.ql
|
||||
ql/javascript/ql/src/Security/CWE-078/ShellCommandInjectionFromEnvironment.ql
|
||||
ql/javascript/ql/src/Security/CWE-078/UnsafeShellCommandConstruction.ql
|
||||
ql/javascript/ql/src/Security/CWE-078/UselessUseOfCat.ql
|
||||
ql/javascript/ql/src/Security/CWE-079/ExceptionXss.ql
|
||||
ql/javascript/ql/src/Security/CWE-079/ReflectedXss.ql
|
||||
ql/javascript/ql/src/Security/CWE-079/StoredXss.ql
|
||||
ql/javascript/ql/src/Security/CWE-079/UnsafeHtmlConstruction.ql
|
||||
ql/javascript/ql/src/Security/CWE-079/UnsafeJQueryPlugin.ql
|
||||
ql/javascript/ql/src/Security/CWE-079/Xss.ql
|
||||
ql/javascript/ql/src/Security/CWE-079/XssThroughDom.ql
|
||||
ql/javascript/ql/src/Security/CWE-089/SqlInjection.ql
|
||||
ql/javascript/ql/src/Security/CWE-094/CodeInjection.ql
|
||||
ql/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql
|
||||
ql/javascript/ql/src/Security/CWE-094/ImproperCodeSanitization.ql
|
||||
ql/javascript/ql/src/Security/CWE-094/UnsafeCodeConstruction.ql
|
||||
ql/javascript/ql/src/Security/CWE-094/UnsafeDynamicMethodAccess.ql
|
||||
ql/javascript/ql/src/Security/CWE-1004/ClientExposedCookie.ql
|
||||
ql/javascript/ql/src/Security/CWE-116/BadTagFilter.ql
|
||||
ql/javascript/ql/src/Security/CWE-116/DoubleEscaping.ql
|
||||
ql/javascript/ql/src/Security/CWE-116/IncompleteHtmlAttributeSanitization.ql
|
||||
ql/javascript/ql/src/Security/CWE-116/IncompleteMultiCharacterSanitization.ql
|
||||
ql/javascript/ql/src/Security/CWE-116/IncompleteSanitization.ql
|
||||
ql/javascript/ql/src/Security/CWE-116/UnsafeHtmlExpansion.ql
|
||||
ql/javascript/ql/src/Security/CWE-117/LogInjection.ql
|
||||
ql/javascript/ql/src/Security/CWE-1275/SameSiteNoneCookie.ql
|
||||
ql/javascript/ql/src/Security/CWE-134/TaintedFormatString.ql
|
||||
ql/javascript/ql/src/Security/CWE-178/CaseSensitiveMiddlewarePath.ql
|
||||
ql/javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql
|
||||
ql/javascript/ql/src/Security/CWE-200/PrivateFileExposure.ql
|
||||
ql/javascript/ql/src/Security/CWE-201/PostMessageStar.ql
|
||||
ql/javascript/ql/src/Security/CWE-209/StackTraceExposure.ql
|
||||
ql/javascript/ql/src/Security/CWE-295/DisablingCertificateValidation.ql
|
||||
ql/javascript/ql/src/Security/CWE-300/InsecureDependencyResolution.ql
|
||||
ql/javascript/ql/src/Security/CWE-312/ActionsArtifactLeak.ql
|
||||
ql/javascript/ql/src/Security/CWE-312/BuildArtifactLeak.ql
|
||||
ql/javascript/ql/src/Security/CWE-312/CleartextLogging.ql
|
||||
ql/javascript/ql/src/Security/CWE-312/CleartextStorage.ql
|
||||
ql/javascript/ql/src/Security/CWE-313/PasswordInConfigurationFile.ql
|
||||
ql/javascript/ql/src/Security/CWE-326/InsufficientKeySize.ql
|
||||
ql/javascript/ql/src/Security/CWE-327/BadRandomness.ql
|
||||
ql/javascript/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql
|
||||
ql/javascript/ql/src/Security/CWE-338/InsecureRandomness.ql
|
||||
ql/javascript/ql/src/Security/CWE-346/CorsMisconfigurationForCredentials.ql
|
||||
ql/javascript/ql/src/Security/CWE-347/MissingJWTKeyVerification.ql
|
||||
ql/javascript/ql/src/Security/CWE-352/MissingCsrfMiddleware.ql
|
||||
ql/javascript/ql/src/Security/CWE-367/FileSystemRace.ql
|
||||
ql/javascript/ql/src/Security/CWE-377/InsecureTemporaryFile.ql
|
||||
ql/javascript/ql/src/Security/CWE-384/SessionFixation.ql
|
||||
ql/javascript/ql/src/Security/CWE-400/DeepObjectResourceExhaustion.ql
|
||||
ql/javascript/ql/src/Security/CWE-400/RemotePropertyInjection.ql
|
||||
ql/javascript/ql/src/Security/CWE-502/UnsafeDeserialization.ql
|
||||
ql/javascript/ql/src/Security/CWE-506/HardcodedDataInterpretedAsCode.ql
|
||||
ql/javascript/ql/src/Security/CWE-598/SensitiveGetQuery.ql
|
||||
ql/javascript/ql/src/Security/CWE-601/ClientSideUrlRedirect.ql
|
||||
ql/javascript/ql/src/Security/CWE-601/ServerSideUrlRedirect.ql
|
||||
ql/javascript/ql/src/Security/CWE-611/Xxe.ql
|
||||
ql/javascript/ql/src/Security/CWE-614/ClearTextCookie.ql
|
||||
ql/javascript/ql/src/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.ql
|
||||
ql/javascript/ql/src/Security/CWE-643/XpathInjection.ql
|
||||
ql/javascript/ql/src/Security/CWE-693/InsecureHelmet.ql
|
||||
ql/javascript/ql/src/Security/CWE-730/RegExpInjection.ql
|
||||
ql/javascript/ql/src/Security/CWE-730/ServerCrash.ql
|
||||
ql/javascript/ql/src/Security/CWE-754/UnvalidatedDynamicMethodCall.ql
|
||||
ql/javascript/ql/src/Security/CWE-770/MissingRateLimiting.ql
|
||||
ql/javascript/ql/src/Security/CWE-770/ResourceExhaustion.ql
|
||||
ql/javascript/ql/src/Security/CWE-776/XmlBomb.ql
|
||||
ql/javascript/ql/src/Security/CWE-798/HardcodedCredentials.ql
|
||||
ql/javascript/ql/src/Security/CWE-807/ConditionalBypass.ql
|
||||
ql/javascript/ql/src/Security/CWE-829/InsecureDownload.ql
|
||||
ql/javascript/ql/src/Security/CWE-830/FunctionalityFromUntrustedDomain.ql
|
||||
ql/javascript/ql/src/Security/CWE-830/FunctionalityFromUntrustedSource.ql
|
||||
ql/javascript/ql/src/Security/CWE-834/LoopBoundInjection.ql
|
||||
ql/javascript/ql/src/Security/CWE-843/TypeConfusionThroughParameterTampering.ql
|
||||
ql/javascript/ql/src/Security/CWE-862/EmptyPasswordInConfigurationFile.ql
|
||||
ql/javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql
|
||||
ql/javascript/ql/src/Security/CWE-915/PrototypePollutingAssignment.ql
|
||||
ql/javascript/ql/src/Security/CWE-915/PrototypePollutingFunction.ql
|
||||
ql/javascript/ql/src/Security/CWE-915/PrototypePollutingMergeCall.ql
|
||||
ql/javascript/ql/src/Security/CWE-916/InsufficientPasswordHash.ql
|
||||
ql/javascript/ql/src/Security/CWE-918/ClientSideRequestForgery.ql
|
||||
ql/javascript/ql/src/Security/CWE-918/RequestForgery.ql
|
||||
ql/javascript/ql/src/Summary/LinesOfCode.ql
|
||||
ql/javascript/ql/src/Summary/LinesOfUserCode.ql
|
||||
@@ -0,0 +1,148 @@
|
||||
ql/javascript/ql/src/AlertSuppression.ql
|
||||
ql/javascript/ql/src/AngularJS/DeadAngularJSEventListener.ql
|
||||
ql/javascript/ql/src/AngularJS/UnusedAngularDependency.ql
|
||||
ql/javascript/ql/src/Comments/CommentedOutCode.ql
|
||||
ql/javascript/ql/src/Comments/FCommentedOutCode.ql
|
||||
ql/javascript/ql/src/Comments/TodoComments.ql
|
||||
ql/javascript/ql/src/DOM/Alert.ql
|
||||
ql/javascript/ql/src/DOM/AmbiguousIdAttribute.ql
|
||||
ql/javascript/ql/src/DOM/ConflictingAttributes.ql
|
||||
ql/javascript/ql/src/DOM/TargetBlank.ql
|
||||
ql/javascript/ql/src/Declarations/DeadStoreOfGlobal.ql
|
||||
ql/javascript/ql/src/Declarations/RedeclaredVariable.ql
|
||||
ql/javascript/ql/src/Declarations/TooManyParameters.ql
|
||||
ql/javascript/ql/src/Declarations/UnstableCyclicImport.ql
|
||||
ql/javascript/ql/src/Declarations/UnusedParameter.ql
|
||||
ql/javascript/ql/src/Declarations/UnusedProperty.ql
|
||||
ql/javascript/ql/src/Electron/EnablingNodeIntegration.ql
|
||||
ql/javascript/ql/src/Expressions/BitwiseSignCheck.ql
|
||||
ql/javascript/ql/src/Expressions/CompareIdenticalValues.ql
|
||||
ql/javascript/ql/src/Expressions/MisspelledIdentifier.ql
|
||||
ql/javascript/ql/src/JSDoc/BadParamTag.ql
|
||||
ql/javascript/ql/src/JSDoc/JSDocForNonExistentParameter.ql
|
||||
ql/javascript/ql/src/JSDoc/UndocumentedParameter.ql
|
||||
ql/javascript/ql/src/LanguageFeatures/ArgumentsCallerCallee.ql
|
||||
ql/javascript/ql/src/LanguageFeatures/DebuggerStatement.ql
|
||||
ql/javascript/ql/src/LanguageFeatures/EmptyArrayInit.ql
|
||||
ql/javascript/ql/src/LanguageFeatures/Eval.ql
|
||||
ql/javascript/ql/src/LanguageFeatures/JumpFromFinally.ql
|
||||
ql/javascript/ql/src/LanguageFeatures/SetterIgnoresParameter.ql
|
||||
ql/javascript/ql/src/LanguageFeatures/WrongExtensionJSON.ql
|
||||
ql/javascript/ql/src/Metrics/Dependencies/ExternalDependencies.ql
|
||||
ql/javascript/ql/src/Metrics/Dependencies/ExternalDependenciesSourceLinks.ql
|
||||
ql/javascript/ql/src/Metrics/FCommentRatio.ql
|
||||
ql/javascript/ql/src/Metrics/FCyclomaticComplexity.ql
|
||||
ql/javascript/ql/src/Metrics/FFunctions.ql
|
||||
ql/javascript/ql/src/Metrics/FLines.ql
|
||||
ql/javascript/ql/src/Metrics/FLinesOfCode.ql
|
||||
ql/javascript/ql/src/Metrics/FLinesOfComment.ql
|
||||
ql/javascript/ql/src/Metrics/FLinesOfDuplicatedCode.ql
|
||||
ql/javascript/ql/src/Metrics/FLinesOfSimilarCode.ql
|
||||
ql/javascript/ql/src/Metrics/FNumberOfStatements.ql
|
||||
ql/javascript/ql/src/Metrics/FNumberOfTests.ql
|
||||
ql/javascript/ql/src/Metrics/FUseOfES6.ql
|
||||
ql/javascript/ql/src/Metrics/FunCyclomaticComplexity.ql
|
||||
ql/javascript/ql/src/Metrics/FunLinesOfCode.ql
|
||||
ql/javascript/ql/src/NodeJS/CyclicImport.ql
|
||||
ql/javascript/ql/src/NodeJS/DubiousImport.ql
|
||||
ql/javascript/ql/src/NodeJS/UnresolvableImport.ql
|
||||
ql/javascript/ql/src/NodeJS/UnusedDependency.ql
|
||||
ql/javascript/ql/src/Performance/NonLocalForIn.ql
|
||||
ql/javascript/ql/src/Performance/ReassignParameterAndUseArguments.ql
|
||||
ql/javascript/ql/src/RegExp/BackspaceEscape.ql
|
||||
ql/javascript/ql/src/RegExp/MalformedRegExp.ql
|
||||
ql/javascript/ql/src/Security/CWE-020/ExternalAPIsUsedWithUntrustedData.ql
|
||||
ql/javascript/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql
|
||||
ql/javascript/ql/src/Security/CWE-451/MissingXFrameOptions.ql
|
||||
ql/javascript/ql/src/Security/CWE-807/DifferentKindsComparisonBypass.ql
|
||||
ql/javascript/ql/src/Security/trest/test.ql
|
||||
ql/javascript/ql/src/Statements/EphemeralLoop.ql
|
||||
ql/javascript/ql/src/Statements/ImplicitReturn.ql
|
||||
ql/javascript/ql/src/Statements/InconsistentReturn.ql
|
||||
ql/javascript/ql/src/Statements/NestedLoopsSameVariable.ql
|
||||
ql/javascript/ql/src/Statements/ReturnOutsideFunction.ql
|
||||
ql/javascript/ql/src/Summary/TaintSinks.ql
|
||||
ql/javascript/ql/src/Summary/TaintSources.ql
|
||||
ql/javascript/ql/src/definitions.ql
|
||||
ql/javascript/ql/src/experimental/Security/CWE-094-dataURL/CodeInjection.ql
|
||||
ql/javascript/ql/src/experimental/Security/CWE-094/UntrustedCheckout.ql
|
||||
ql/javascript/ql/src/experimental/Security/CWE-099/EnvValueAndKeyInjection.ql
|
||||
ql/javascript/ql/src/experimental/Security/CWE-099/EnvValueInjection.ql
|
||||
ql/javascript/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.ql
|
||||
ql/javascript/ql/src/experimental/Security/CWE-347/decodeJwtWithoutVerification.ql
|
||||
ql/javascript/ql/src/experimental/Security/CWE-347/decodeJwtWithoutVerificationLocalSource.ql
|
||||
ql/javascript/ql/src/experimental/Security/CWE-444/InsecureHttpParser.ql
|
||||
ql/javascript/ql/src/experimental/Security/CWE-522-DecompressionBombs/DecompressionBombs.ql
|
||||
ql/javascript/ql/src/experimental/Security/CWE-918/SSRF.ql
|
||||
ql/javascript/ql/src/experimental/Security/CWE-942/CorsPermissiveConfiguration.ql
|
||||
ql/javascript/ql/src/experimental/StandardLibrary/MultipleArgumentsToSetConstructor.ql
|
||||
ql/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql
|
||||
ql/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-078/CommandInjection.ql
|
||||
ql/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-079/Xss.ql
|
||||
ql/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-089/SqlInjection.ql
|
||||
ql/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-094/CodeInjection.ql
|
||||
ql/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-117/LogInjection.ql
|
||||
ql/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-134/TaintedFormatString.ql
|
||||
ql/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-346/CorsMisconfigurationForCredentials.ql
|
||||
ql/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-400/RemotePropertyInjection.ql
|
||||
ql/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-502/UnsafeDeserialization.ql
|
||||
ql/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-611/Xxe.ql
|
||||
ql/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-643/XpathInjection.ql
|
||||
ql/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-730/RegExpInjection.ql
|
||||
ql/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-770/ResourceExhaustion.ql
|
||||
ql/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-776/XmlBomb.ql
|
||||
ql/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-807/ConditionalBypass.ql
|
||||
ql/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-915/PrototypePollutingAssignment.ql
|
||||
ql/javascript/ql/src/external/DuplicateFunction.ql
|
||||
ql/javascript/ql/src/external/DuplicateToplevel.ql
|
||||
ql/javascript/ql/src/external/SimilarFunction.ql
|
||||
ql/javascript/ql/src/external/SimilarToplevel.ql
|
||||
ql/javascript/ql/src/filters/ClassifyFiles.ql
|
||||
ql/javascript/ql/src/meta/ApiGraphs/ApiGraphEdges.ql
|
||||
ql/javascript/ql/src/meta/ApiGraphs/ApiGraphNodes.ql
|
||||
ql/javascript/ql/src/meta/ApiGraphs/ApiGraphPointsToEdges.ql
|
||||
ql/javascript/ql/src/meta/ApiGraphs/ApiGraphRhsNodes.ql
|
||||
ql/javascript/ql/src/meta/ApiGraphs/ApiGraphUseNodes.ql
|
||||
ql/javascript/ql/src/meta/Consistency.ql
|
||||
ql/javascript/ql/src/meta/SSA/DeadDef.ql
|
||||
ql/javascript/ql/src/meta/SSA/Dominance.ql
|
||||
ql/javascript/ql/src/meta/SSA/MultipleDefs.ql
|
||||
ql/javascript/ql/src/meta/SSA/MultipleRefinementInputs.ql
|
||||
ql/javascript/ql/src/meta/SSA/NoDefs.ql
|
||||
ql/javascript/ql/src/meta/SSA/NoPhiInputs.ql
|
||||
ql/javascript/ql/src/meta/SSA/NoRefinementInputs.ql
|
||||
ql/javascript/ql/src/meta/SSA/SinglePhiInput.ql
|
||||
ql/javascript/ql/src/meta/alerts/CallGraph.ql
|
||||
ql/javascript/ql/src/meta/alerts/ImportGraph.ql
|
||||
ql/javascript/ql/src/meta/alerts/LibraryInputs.ql
|
||||
ql/javascript/ql/src/meta/alerts/TaintSinks.ql
|
||||
ql/javascript/ql/src/meta/alerts/TaintSources.ql
|
||||
ql/javascript/ql/src/meta/alerts/TaintedNodes.ql
|
||||
ql/javascript/ql/src/meta/alerts/ThreatModelSources.ql
|
||||
ql/javascript/ql/src/meta/analysis-quality/CalledFunctionCandidates.ql
|
||||
ql/javascript/ql/src/meta/analysis-quality/CalledFunctionRatio.ql
|
||||
ql/javascript/ql/src/meta/analysis-quality/CalledFunctions.ql
|
||||
ql/javascript/ql/src/meta/analysis-quality/DomValueRefs.ql
|
||||
ql/javascript/ql/src/meta/analysis-quality/NumModules.ql
|
||||
ql/javascript/ql/src/meta/analysis-quality/ResolvableCallCandidates.ql
|
||||
ql/javascript/ql/src/meta/analysis-quality/ResolvableCallRatio.ql
|
||||
ql/javascript/ql/src/meta/analysis-quality/ResolvableCalls.ql
|
||||
ql/javascript/ql/src/meta/analysis-quality/ResolvableImports.ql
|
||||
ql/javascript/ql/src/meta/analysis-quality/RouteHandlers.ql
|
||||
ql/javascript/ql/src/meta/analysis-quality/SanitizersReachableFromSource.ql
|
||||
ql/javascript/ql/src/meta/analysis-quality/SinksReachableFromSanitizer.ql
|
||||
ql/javascript/ql/src/meta/analysis-quality/TaintSinks.ql
|
||||
ql/javascript/ql/src/meta/analysis-quality/TaintSources.ql
|
||||
ql/javascript/ql/src/meta/analysis-quality/TaintSteps.ql
|
||||
ql/javascript/ql/src/meta/analysis-quality/TaintedNodes.ql
|
||||
ql/javascript/ql/src/meta/analysis-quality/UncalledFunctions.ql
|
||||
ql/javascript/ql/src/meta/analysis-quality/UnmodelledSteps.ql
|
||||
ql/javascript/ql/src/meta/analysis-quality/UnpromotedRouteHandlerCandidate.ql
|
||||
ql/javascript/ql/src/meta/analysis-quality/UnpromotedRouteSetupCandidate.ql
|
||||
ql/javascript/ql/src/meta/analysis-quality/UnresolvableCalls.ql
|
||||
ql/javascript/ql/src/meta/analysis-quality/UnresolvableImports.ql
|
||||
ql/javascript/ql/src/meta/extraction-metrics/FileData.ql
|
||||
ql/javascript/ql/src/meta/extraction-metrics/MissingMetrics.ql
|
||||
ql/javascript/ql/src/meta/extraction-metrics/PhaseTimings.ql
|
||||
ql/javascript/ql/src/meta/types/TypedExprs.ql
|
||||
ql/javascript/ql/src/meta/types/TypesWithQualifiedName.ql
|
||||
14
javascript/ql/integration-tests/query-suite/test.py
Normal file
14
javascript/ql/integration-tests/query-suite/test.py
Normal file
@@ -0,0 +1,14 @@
|
||||
import runs_on
|
||||
import pytest
|
||||
from query_suites import *
|
||||
|
||||
well_known_query_suites = ['javascript-code-quality.qls', 'javascript-security-and-quality.qls', 'javascript-security-extended.qls', 'javascript-code-scanning.qls']
|
||||
|
||||
@runs_on.posix
|
||||
@pytest.mark.parametrize("query_suite", well_known_query_suites)
|
||||
def test(codeql, javascript, check_query_suite, query_suite):
|
||||
check_query_suite(query_suite)
|
||||
|
||||
@runs_on.posix
|
||||
def test_not_included_queries(codeql, javascript, check_queries_not_included):
|
||||
check_queries_not_included('javascript', well_known_query_suites)
|
||||
30
misc/pytest/lib/query_suites.py
Normal file
30
misc/pytest/lib/query_suites.py
Normal file
@@ -0,0 +1,30 @@
|
||||
|
||||
import os
|
||||
import pytest
|
||||
|
||||
@pytest.fixture
|
||||
def check_query_suite(codeql, cwd, expected_files, semmle_code_dir):
|
||||
def ret(query_suite):
|
||||
actual = codeql.resolve.queries(query_suite, _capture=True)
|
||||
actual = sorted(actual.splitlines())
|
||||
actual = [os.path.relpath(q, semmle_code_dir) for q in actual]
|
||||
actual_file_name = query_suite + '.actual'
|
||||
expected_files.add(actual_file_name)
|
||||
(cwd / actual_file_name).write_text('\n'.join(actual) + '\n')
|
||||
return ret
|
||||
|
||||
@pytest.fixture
|
||||
def check_queries_not_included(codeql, cwd, expected_files, semmle_code_dir):
|
||||
def ret(lang_folder_name, query_suites):
|
||||
all_queries = codeql.resolve.queries(semmle_code_dir / 'ql' / lang_folder_name / 'ql' / 'src', _capture=True).splitlines()
|
||||
|
||||
included_in_qls = set()
|
||||
for query_suite in query_suites:
|
||||
included_in_qls |= set(codeql.resolve.queries(query_suite, _capture=True).strip().splitlines())
|
||||
|
||||
not_included = sorted(set(all_queries) - included_in_qls)
|
||||
not_included = [os.path.relpath(q, semmle_code_dir) for q in not_included]
|
||||
not_included_file_name = 'not_included_in_qls.actual'
|
||||
expected_files.add(not_included_file_name)
|
||||
(cwd / not_included_file_name).write_text('\n'.join(not_included) + '\n')
|
||||
return ret
|
||||
@@ -0,0 +1,36 @@
|
||||
ql/ruby/ql/src/AlertSuppression.ql
|
||||
ql/ruby/ql/src/experimental/CWE-522-DecompressionBombs/DecompressionBombs.ql
|
||||
ql/ruby/ql/src/experimental/cwe-022-zipslip/ZipSlip.ql
|
||||
ql/ruby/ql/src/experimental/cwe-176/UnicodeBypassValidation.ql
|
||||
ql/ruby/ql/src/experimental/cwe-208/UnsafeHmacComparison.ql
|
||||
ql/ruby/ql/src/experimental/cwe-347/EmptyJWTSecret.ql
|
||||
ql/ruby/ql/src/experimental/cwe-347/MissingJWTVerification.ql
|
||||
ql/ruby/ql/src/experimental/cwe-502/UnsafeYamlDeserialization.ql
|
||||
ql/ruby/ql/src/experimental/cwe-807/ConditionalBypass.ql
|
||||
ql/ruby/ql/src/experimental/decompression-api/DecompressionApi.ql
|
||||
ql/ruby/ql/src/experimental/improper-memoization/ImproperMemoization.ql
|
||||
ql/ruby/ql/src/experimental/insecure-randomness/InsecureRandomness.ql
|
||||
ql/ruby/ql/src/experimental/ldap-improper-auth/ImproperLdapAuth.ql
|
||||
ql/ruby/ql/src/experimental/ldap-injection/LdapInjection.ql
|
||||
ql/ruby/ql/src/experimental/manually-check-http-verb/ManuallyCheckHttpVerb.ql
|
||||
ql/ruby/ql/src/experimental/performance/UseDetect.ql
|
||||
ql/ruby/ql/src/experimental/template-injection/TemplateInjection.ql
|
||||
ql/ruby/ql/src/experimental/weak-params/WeakParams.ql
|
||||
ql/ruby/ql/src/experimental/xpath-injection/XpathInjection.ql
|
||||
ql/ruby/ql/src/filters/ClassifyFiles.ql
|
||||
ql/ruby/ql/src/queries/analysis/Definitions.ql
|
||||
ql/ruby/ql/src/queries/diagnostics/PerformanceDiagnostics.ql
|
||||
ql/ruby/ql/src/queries/meta/CallGraph.ql
|
||||
ql/ruby/ql/src/queries/meta/SummarizedCallableCallSites.ql
|
||||
ql/ruby/ql/src/queries/meta/TaintSinks.ql
|
||||
ql/ruby/ql/src/queries/meta/TaintSources.ql
|
||||
ql/ruby/ql/src/queries/meta/TaintedNodes.ql
|
||||
ql/ruby/ql/src/queries/metrics/FLines.ql
|
||||
ql/ruby/ql/src/queries/metrics/FLinesOfCode.ql
|
||||
ql/ruby/ql/src/queries/metrics/FLinesOfComments.ql
|
||||
ql/ruby/ql/src/queries/modeling/GenerateModel.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-732/WeakFilePermissions.ql
|
||||
ql/ruby/ql/src/queries/variables/UnusedParameter.ql
|
||||
ql/ruby/ql/src/utils/modeleditor/ApplicationModeEndpoints.ql
|
||||
ql/ruby/ql/src/utils/modeleditor/FrameworkModeAccessPaths.ql
|
||||
ql/ruby/ql/src/utils/modeleditor/FrameworkModeEndpoints.ql
|
||||
@@ -0,0 +1,3 @@
|
||||
ql/ruby/ql/src/queries/performance/DatabaseQueryInLoop.ql
|
||||
ql/ruby/ql/src/queries/variables/DeadStoreOfLocal.ql
|
||||
ql/ruby/ql/src/queries/variables/UninitializedLocal.ql
|
||||
@@ -0,0 +1,44 @@
|
||||
ql/ruby/ql/src/queries/diagnostics/ExtractedFiles.ql
|
||||
ql/ruby/ql/src/queries/diagnostics/ExtractionErrors.ql
|
||||
ql/ruby/ql/src/queries/diagnostics/ExtractionWarnings.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-020/IncompleteHostnameRegExp.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-020/IncompleteUrlSubstringSanitization.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-020/MissingFullAnchor.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-020/OverlyLargeRange.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-022/PathInjection.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-078/CommandInjection.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-078/KernelOpen.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-078/NonConstantKernelOpen.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-078/UnsafeShellCommandConstruction.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-079/ReflectedXSS.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-079/StoredXSS.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-079/UnsafeHtmlConstruction.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-089/SqlInjection.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-094/CodeInjection.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-116/BadTagFilter.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-116/IncompleteMultiCharacterSanitization.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-116/IncompleteSanitization.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-1333/PolynomialReDoS.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-1333/ReDoS.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-1333/RegExpInjection.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-134/TaintedFormatString.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-209/StackTraceExposure.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-300/InsecureDependencyResolution.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-312/CleartextLogging.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-312/CleartextStorage.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-327/BrokenCryptoAlgorithm.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-327/WeakSensitiveDataHashing.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-352/CSRFProtectionDisabled.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-352/CSRFProtectionNotEnabled.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-502/UnsafeDeserialization.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-598/SensitiveGetQuery.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-601/UrlRedirect.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-611/Xxe.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-732/WeakCookieConfiguration.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-829/InsecureDownload.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-915/MassAssignment.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-918/ServerSideRequestForgery.ql
|
||||
ql/ruby/ql/src/queries/summary/LinesOfCode.ql
|
||||
ql/ruby/ql/src/queries/summary/LinesOfUserCode.ql
|
||||
ql/ruby/ql/src/queries/summary/NumberOfFilesExtractedWithErrors.ql
|
||||
ql/ruby/ql/src/queries/summary/NumberOfSuccessfullyExtractedFiles.ql
|
||||
@@ -0,0 +1,54 @@
|
||||
ql/ruby/ql/src/queries/diagnostics/ExtractedFiles.ql
|
||||
ql/ruby/ql/src/queries/diagnostics/ExtractionErrors.ql
|
||||
ql/ruby/ql/src/queries/diagnostics/ExtractionWarnings.ql
|
||||
ql/ruby/ql/src/queries/performance/DatabaseQueryInLoop.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-020/IncompleteHostnameRegExp.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-020/IncompleteUrlSubstringSanitization.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-020/MissingFullAnchor.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-020/MissingRegExpAnchor.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-020/OverlyLargeRange.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-022/PathInjection.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-078/CommandInjection.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-078/KernelOpen.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-078/NonConstantKernelOpen.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-078/UnsafeShellCommandConstruction.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-079/ReflectedXSS.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-079/StoredXSS.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-079/UnsafeHtmlConstruction.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-089/SqlInjection.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-094/CodeInjection.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-094/UnsafeCodeConstruction.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-116/BadTagFilter.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-116/IncompleteMultiCharacterSanitization.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-116/IncompleteSanitization.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-117/LogInjection.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-1333/PolynomialReDoS.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-1333/ReDoS.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-1333/RegExpInjection.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-134/TaintedFormatString.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-209/StackTraceExposure.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-295/RequestWithoutValidation.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-300/InsecureDependencyResolution.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-312/CleartextLogging.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-312/CleartextStorage.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-327/BrokenCryptoAlgorithm.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-327/WeakSensitiveDataHashing.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-352/CSRFProtectionDisabled.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-352/CSRFProtectionNotEnabled.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-502/UnsafeDeserialization.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-506/HardcodedDataInterpretedAsCode.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-598/SensitiveGetQuery.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-601/UrlRedirect.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-611/Xxe.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-732/WeakCookieConfiguration.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-798/HardcodedCredentials.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-829/InsecureDownload.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-912/HttpToFileAccess.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-915/MassAssignment.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-918/ServerSideRequestForgery.ql
|
||||
ql/ruby/ql/src/queries/summary/LinesOfCode.ql
|
||||
ql/ruby/ql/src/queries/summary/LinesOfUserCode.ql
|
||||
ql/ruby/ql/src/queries/summary/NumberOfFilesExtractedWithErrors.ql
|
||||
ql/ruby/ql/src/queries/summary/NumberOfSuccessfullyExtractedFiles.ql
|
||||
ql/ruby/ql/src/queries/variables/DeadStoreOfLocal.ql
|
||||
ql/ruby/ql/src/queries/variables/UninitializedLocal.ql
|
||||
@@ -0,0 +1,51 @@
|
||||
ql/ruby/ql/src/queries/diagnostics/ExtractedFiles.ql
|
||||
ql/ruby/ql/src/queries/diagnostics/ExtractionErrors.ql
|
||||
ql/ruby/ql/src/queries/diagnostics/ExtractionWarnings.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-020/IncompleteHostnameRegExp.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-020/IncompleteUrlSubstringSanitization.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-020/MissingFullAnchor.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-020/MissingRegExpAnchor.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-020/OverlyLargeRange.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-022/PathInjection.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-078/CommandInjection.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-078/KernelOpen.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-078/NonConstantKernelOpen.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-078/UnsafeShellCommandConstruction.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-079/ReflectedXSS.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-079/StoredXSS.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-079/UnsafeHtmlConstruction.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-089/SqlInjection.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-094/CodeInjection.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-094/UnsafeCodeConstruction.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-116/BadTagFilter.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-116/IncompleteMultiCharacterSanitization.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-116/IncompleteSanitization.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-117/LogInjection.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-1333/PolynomialReDoS.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-1333/ReDoS.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-1333/RegExpInjection.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-134/TaintedFormatString.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-209/StackTraceExposure.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-295/RequestWithoutValidation.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-300/InsecureDependencyResolution.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-312/CleartextLogging.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-312/CleartextStorage.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-327/BrokenCryptoAlgorithm.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-327/WeakSensitiveDataHashing.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-352/CSRFProtectionDisabled.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-352/CSRFProtectionNotEnabled.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-502/UnsafeDeserialization.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-506/HardcodedDataInterpretedAsCode.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-598/SensitiveGetQuery.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-601/UrlRedirect.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-611/Xxe.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-732/WeakCookieConfiguration.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-798/HardcodedCredentials.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-829/InsecureDownload.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-912/HttpToFileAccess.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-915/MassAssignment.ql
|
||||
ql/ruby/ql/src/queries/security/cwe-918/ServerSideRequestForgery.ql
|
||||
ql/ruby/ql/src/queries/summary/LinesOfCode.ql
|
||||
ql/ruby/ql/src/queries/summary/LinesOfUserCode.ql
|
||||
ql/ruby/ql/src/queries/summary/NumberOfFilesExtractedWithErrors.ql
|
||||
ql/ruby/ql/src/queries/summary/NumberOfSuccessfullyExtractedFiles.ql
|
||||
14
ruby/ql/integration-tests/query-suite/test.py
Normal file
14
ruby/ql/integration-tests/query-suite/test.py
Normal file
@@ -0,0 +1,14 @@
|
||||
import runs_on
|
||||
import pytest
|
||||
from query_suites import *
|
||||
|
||||
well_known_query_suites = ['ruby-code-quality.qls', 'ruby-security-and-quality.qls', 'ruby-security-extended.qls', 'ruby-code-scanning.qls']
|
||||
|
||||
@runs_on.posix
|
||||
@pytest.mark.parametrize("query_suite", well_known_query_suites)
|
||||
def test(codeql, ruby, check_query_suite, query_suite):
|
||||
check_query_suite(query_suite)
|
||||
|
||||
@runs_on.posix
|
||||
def test_not_included_queries(codeql, ruby, check_queries_not_included):
|
||||
check_queries_not_included('ruby', well_known_query_suites)
|
||||
@@ -0,0 +1,16 @@
|
||||
ql/rust/ql/src/queries/summary/CryptographicOperations.ql
|
||||
ql/rust/ql/src/queries/summary/LinesOfUserCodeInFiles.ql
|
||||
ql/rust/ql/src/queries/summary/QuerySinks.ql
|
||||
ql/rust/ql/src/queries/summary/SensitiveData.ql
|
||||
ql/rust/ql/src/queries/summary/TaintSources.ql
|
||||
ql/rust/ql/src/queries/unusedentities/UnreachableCode.ql
|
||||
ql/rust/ql/src/queries/unusedentities/UnusedValue.ql
|
||||
ql/rust/ql/src/utils/modelgenerator/CaptureContentSummaryModels.ql
|
||||
ql/rust/ql/src/utils/modelgenerator/CaptureMixedNeutralModels.ql
|
||||
ql/rust/ql/src/utils/modelgenerator/CaptureMixedSummaryModels.ql
|
||||
ql/rust/ql/src/utils/modelgenerator/CaptureNeutralModels.ql
|
||||
ql/rust/ql/src/utils/modelgenerator/CaptureSinkModels.ql
|
||||
ql/rust/ql/src/utils/modelgenerator/CaptureSourceModels.ql
|
||||
ql/rust/ql/src/utils/modelgenerator/CaptureSummaryModels.ql
|
||||
ql/rust/ql/src/utils/modelgenerator/debug/CaptureSummaryModelsPartialPath.ql
|
||||
ql/rust/ql/src/utils/modelgenerator/debug/CaptureSummaryModelsPath.ql
|
||||
@@ -0,0 +1 @@
|
||||
|
||||
@@ -0,0 +1,26 @@
|
||||
ql/rust/ql/src/queries/diagnostics/AstConsistencyCounts.ql
|
||||
ql/rust/ql/src/queries/diagnostics/CfgConsistencyCounts.ql
|
||||
ql/rust/ql/src/queries/diagnostics/DataFlowConsistencyCounts.ql
|
||||
ql/rust/ql/src/queries/diagnostics/ExtractedFiles.ql
|
||||
ql/rust/ql/src/queries/diagnostics/ExtractionErrors.ql
|
||||
ql/rust/ql/src/queries/diagnostics/ExtractionWarnings.ql
|
||||
ql/rust/ql/src/queries/diagnostics/SsaConsistencyCounts.ql
|
||||
ql/rust/ql/src/queries/diagnostics/UnextractedElements.ql
|
||||
ql/rust/ql/src/queries/diagnostics/UnresolvedMacroCalls.ql
|
||||
ql/rust/ql/src/queries/security/CWE-020/RegexInjection.ql
|
||||
ql/rust/ql/src/queries/security/CWE-022/TaintedPath.ql
|
||||
ql/rust/ql/src/queries/security/CWE-089/SqlInjection.ql
|
||||
ql/rust/ql/src/queries/security/CWE-311/CleartextTransmission.ql
|
||||
ql/rust/ql/src/queries/security/CWE-312/CleartextLogging.ql
|
||||
ql/rust/ql/src/queries/security/CWE-327/BrokenCryptoAlgorithm.ql
|
||||
ql/rust/ql/src/queries/security/CWE-328/WeakSensitiveDataHashing.ql
|
||||
ql/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql
|
||||
ql/rust/ql/src/queries/summary/LinesOfCode.ql
|
||||
ql/rust/ql/src/queries/summary/LinesOfUserCode.ql
|
||||
ql/rust/ql/src/queries/summary/NumberOfFilesExtractedWithErrors.ql
|
||||
ql/rust/ql/src/queries/summary/NumberOfSuccessfullyExtractedFiles.ql
|
||||
ql/rust/ql/src/queries/summary/QuerySinkCounts.ql
|
||||
ql/rust/ql/src/queries/summary/SummaryStats.ql
|
||||
ql/rust/ql/src/queries/summary/SummaryStatsReduced.ql
|
||||
ql/rust/ql/src/queries/telemetry/DatabaseQualityDiagnostics.ql
|
||||
ql/rust/ql/src/queries/telemetry/ExtractorInformation.ql
|
||||
@@ -0,0 +1,29 @@
|
||||
ql/rust/ql/src/queries/diagnostics/AstConsistencyCounts.ql
|
||||
ql/rust/ql/src/queries/diagnostics/CfgConsistencyCounts.ql
|
||||
ql/rust/ql/src/queries/diagnostics/DataFlowConsistencyCounts.ql
|
||||
ql/rust/ql/src/queries/diagnostics/ExtractedFiles.ql
|
||||
ql/rust/ql/src/queries/diagnostics/ExtractionErrors.ql
|
||||
ql/rust/ql/src/queries/diagnostics/ExtractionWarnings.ql
|
||||
ql/rust/ql/src/queries/diagnostics/SsaConsistencyCounts.ql
|
||||
ql/rust/ql/src/queries/diagnostics/UnextractedElements.ql
|
||||
ql/rust/ql/src/queries/diagnostics/UnresolvedMacroCalls.ql
|
||||
ql/rust/ql/src/queries/security/CWE-020/RegexInjection.ql
|
||||
ql/rust/ql/src/queries/security/CWE-022/TaintedPath.ql
|
||||
ql/rust/ql/src/queries/security/CWE-089/SqlInjection.ql
|
||||
ql/rust/ql/src/queries/security/CWE-311/CleartextTransmission.ql
|
||||
ql/rust/ql/src/queries/security/CWE-312/CleartextLogging.ql
|
||||
ql/rust/ql/src/queries/security/CWE-327/BrokenCryptoAlgorithm.ql
|
||||
ql/rust/ql/src/queries/security/CWE-328/WeakSensitiveDataHashing.ql
|
||||
ql/rust/ql/src/queries/security/CWE-696/BadCtorInitialization.ql
|
||||
ql/rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSize.ql
|
||||
ql/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql
|
||||
ql/rust/ql/src/queries/summary/LinesOfCode.ql
|
||||
ql/rust/ql/src/queries/summary/LinesOfUserCode.ql
|
||||
ql/rust/ql/src/queries/summary/NumberOfFilesExtractedWithErrors.ql
|
||||
ql/rust/ql/src/queries/summary/NumberOfSuccessfullyExtractedFiles.ql
|
||||
ql/rust/ql/src/queries/summary/QuerySinkCounts.ql
|
||||
ql/rust/ql/src/queries/summary/SummaryStats.ql
|
||||
ql/rust/ql/src/queries/summary/SummaryStatsReduced.ql
|
||||
ql/rust/ql/src/queries/telemetry/DatabaseQualityDiagnostics.ql
|
||||
ql/rust/ql/src/queries/telemetry/ExtractorInformation.ql
|
||||
ql/rust/ql/src/queries/unusedentities/UnusedVariable.ql
|
||||
@@ -0,0 +1,27 @@
|
||||
ql/rust/ql/src/queries/diagnostics/AstConsistencyCounts.ql
|
||||
ql/rust/ql/src/queries/diagnostics/CfgConsistencyCounts.ql
|
||||
ql/rust/ql/src/queries/diagnostics/DataFlowConsistencyCounts.ql
|
||||
ql/rust/ql/src/queries/diagnostics/ExtractedFiles.ql
|
||||
ql/rust/ql/src/queries/diagnostics/ExtractionErrors.ql
|
||||
ql/rust/ql/src/queries/diagnostics/ExtractionWarnings.ql
|
||||
ql/rust/ql/src/queries/diagnostics/SsaConsistencyCounts.ql
|
||||
ql/rust/ql/src/queries/diagnostics/UnextractedElements.ql
|
||||
ql/rust/ql/src/queries/diagnostics/UnresolvedMacroCalls.ql
|
||||
ql/rust/ql/src/queries/security/CWE-020/RegexInjection.ql
|
||||
ql/rust/ql/src/queries/security/CWE-022/TaintedPath.ql
|
||||
ql/rust/ql/src/queries/security/CWE-089/SqlInjection.ql
|
||||
ql/rust/ql/src/queries/security/CWE-311/CleartextTransmission.ql
|
||||
ql/rust/ql/src/queries/security/CWE-312/CleartextLogging.ql
|
||||
ql/rust/ql/src/queries/security/CWE-327/BrokenCryptoAlgorithm.ql
|
||||
ql/rust/ql/src/queries/security/CWE-328/WeakSensitiveDataHashing.ql
|
||||
ql/rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSize.ql
|
||||
ql/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql
|
||||
ql/rust/ql/src/queries/summary/LinesOfCode.ql
|
||||
ql/rust/ql/src/queries/summary/LinesOfUserCode.ql
|
||||
ql/rust/ql/src/queries/summary/NumberOfFilesExtractedWithErrors.ql
|
||||
ql/rust/ql/src/queries/summary/NumberOfSuccessfullyExtractedFiles.ql
|
||||
ql/rust/ql/src/queries/summary/QuerySinkCounts.ql
|
||||
ql/rust/ql/src/queries/summary/SummaryStats.ql
|
||||
ql/rust/ql/src/queries/summary/SummaryStatsReduced.ql
|
||||
ql/rust/ql/src/queries/telemetry/DatabaseQualityDiagnostics.ql
|
||||
ql/rust/ql/src/queries/telemetry/ExtractorInformation.ql
|
||||
14
rust/ql/integration-tests/query-suite/test.py
Normal file
14
rust/ql/integration-tests/query-suite/test.py
Normal file
@@ -0,0 +1,14 @@
|
||||
import runs_on
|
||||
import pytest
|
||||
from query_suites import *
|
||||
|
||||
well_known_query_suites = ['rust-code-quality.qls', 'rust-security-and-quality.qls', 'rust-security-extended.qls', 'rust-code-scanning.qls']
|
||||
|
||||
@runs_on.posix
|
||||
@pytest.mark.parametrize("query_suite", well_known_query_suites)
|
||||
def test(codeql, rust, check_query_suite, query_suite):
|
||||
check_query_suite(query_suite)
|
||||
|
||||
@runs_on.posix
|
||||
def test_not_included_queries(codeql, rust, check_queries_not_included):
|
||||
check_queries_not_included('rust', well_known_query_suites)
|
||||
@@ -0,0 +1,9 @@
|
||||
ql/swift/ql/src/AlertSuppression.ql
|
||||
ql/swift/ql/src/experimental/Security/CWE-022/UnsafeUnpack.ql
|
||||
ql/swift/ql/src/queries/Summary/FlowSources.ql
|
||||
ql/swift/ql/src/queries/Summary/QuerySinks.ql
|
||||
ql/swift/ql/src/queries/Summary/RegexEvals.ql
|
||||
ql/swift/ql/src/queries/Summary/SensitiveExprs.ql
|
||||
ql/swift/ql/src/queries/Summary/SummaryStats.ql
|
||||
ql/swift/ql/src/queries/Summary/TaintReach.ql
|
||||
ql/swift/ql/src/queries/ide-contextual-queries/printAst.ql
|
||||
@@ -0,0 +1 @@
|
||||
|
||||
@@ -0,0 +1,31 @@
|
||||
ql/swift/ql/src/diagnostics/ExtractedFiles.ql
|
||||
ql/swift/ql/src/diagnostics/SuccessfullyExtractedLines.ql
|
||||
ql/swift/ql/src/diagnostics/internal/AstNodes.ql
|
||||
ql/swift/ql/src/diagnostics/internal/ExtractionErrors.ql
|
||||
ql/swift/ql/src/diagnostics/internal/UnresolvedAstNodes.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-020/IncompleteHostnameRegex.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-020/MissingRegexAnchor.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-022/PathInjection.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-078/CommandInjection.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-079/UnsafeWebViewFetch.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-089/SqlInjection.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-116/BadTagFilter.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-1204/StaticInitializationVector.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-1333/ReDoS.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-134/UncontrolledFormatString.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-135/StringLengthConflation.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-259/ConstantPassword.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-311/CleartextStorageDatabase.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-311/CleartextTransmission.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-312/CleartextLogging.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-312/CleartextStoragePreferences.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-321/HardcodedEncryptionKey.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-327/ECBEncryption.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-328/WeakPasswordHashing.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-328/WeakSensitiveDataHashing.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-611/XXE.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-730/RegexInjection.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-757/InsecureTLS.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-760/ConstantSalt.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-916/InsufficientHashIterations.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-943/PredicateInjection.ql
|
||||
@@ -0,0 +1,32 @@
|
||||
ql/swift/ql/src/diagnostics/ExtractedFiles.ql
|
||||
ql/swift/ql/src/diagnostics/SuccessfullyExtractedLines.ql
|
||||
ql/swift/ql/src/diagnostics/internal/AstNodes.ql
|
||||
ql/swift/ql/src/diagnostics/internal/ExtractionErrors.ql
|
||||
ql/swift/ql/src/diagnostics/internal/UnresolvedAstNodes.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-020/IncompleteHostnameRegex.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-020/MissingRegexAnchor.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-022/PathInjection.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-078/CommandInjection.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-079/UnsafeWebViewFetch.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-089/SqlInjection.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-094/UnsafeJsEval.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-116/BadTagFilter.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-1204/StaticInitializationVector.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-1333/ReDoS.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-134/UncontrolledFormatString.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-135/StringLengthConflation.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-259/ConstantPassword.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-311/CleartextStorageDatabase.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-311/CleartextTransmission.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-312/CleartextLogging.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-312/CleartextStoragePreferences.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-321/HardcodedEncryptionKey.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-327/ECBEncryption.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-328/WeakPasswordHashing.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-328/WeakSensitiveDataHashing.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-611/XXE.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-730/RegexInjection.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-757/InsecureTLS.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-760/ConstantSalt.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-916/InsufficientHashIterations.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-943/PredicateInjection.ql
|
||||
@@ -0,0 +1,32 @@
|
||||
ql/swift/ql/src/diagnostics/ExtractedFiles.ql
|
||||
ql/swift/ql/src/diagnostics/SuccessfullyExtractedLines.ql
|
||||
ql/swift/ql/src/diagnostics/internal/AstNodes.ql
|
||||
ql/swift/ql/src/diagnostics/internal/ExtractionErrors.ql
|
||||
ql/swift/ql/src/diagnostics/internal/UnresolvedAstNodes.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-020/IncompleteHostnameRegex.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-020/MissingRegexAnchor.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-022/PathInjection.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-078/CommandInjection.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-079/UnsafeWebViewFetch.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-089/SqlInjection.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-094/UnsafeJsEval.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-116/BadTagFilter.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-1204/StaticInitializationVector.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-1333/ReDoS.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-134/UncontrolledFormatString.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-135/StringLengthConflation.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-259/ConstantPassword.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-311/CleartextStorageDatabase.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-311/CleartextTransmission.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-312/CleartextLogging.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-312/CleartextStoragePreferences.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-321/HardcodedEncryptionKey.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-327/ECBEncryption.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-328/WeakPasswordHashing.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-328/WeakSensitiveDataHashing.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-611/XXE.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-730/RegexInjection.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-757/InsecureTLS.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-760/ConstantSalt.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-916/InsufficientHashIterations.ql
|
||||
ql/swift/ql/src/queries/Security/CWE-943/PredicateInjection.ql
|
||||
14
swift/ql/integration-tests/posix/query-suite/test.py
Normal file
14
swift/ql/integration-tests/posix/query-suite/test.py
Normal file
@@ -0,0 +1,14 @@
|
||||
import runs_on
|
||||
import pytest
|
||||
from query_suites import *
|
||||
|
||||
well_known_query_suites = ['swift-code-quality.qls', 'swift-security-and-quality.qls', 'swift-security-extended.qls', 'swift-code-scanning.qls']
|
||||
|
||||
@runs_on.posix
|
||||
@pytest.mark.parametrize("query_suite", well_known_query_suites)
|
||||
def test(codeql, swift, check_query_suite, query_suite):
|
||||
check_query_suite(query_suite)
|
||||
|
||||
@runs_on.posix
|
||||
def test_not_included_queries(codeql, swift, check_queries_not_included):
|
||||
check_queries_not_included('swift', well_known_query_suites)
|
||||
Reference in New Issue
Block a user