hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Autoformat docs ql files

Browse Source
This commit is contained in:
Chris Smowton
2022-12-08 17:26:32 +00:00
parent f4f4de392f
commit 4ea795baf4
30 changed files with 66 additions and 80 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/codeql/ql-training/query-examples/cpp/bad-overflow-guard-1.ql
View File

@@ -5,4 +5,4 @@ where
a.getAnOperand() = v.getAnAccess() and
cmp.getAnOperand() = a and
cmp.getAnOperand() = v.getAnAccess()
select cmp, "Overflow check."
select cmp, "Overflow check."

2
docs/codeql/ql-training/query-examples/cpp/bad-overflow-guard-2.ql
View File

@@ -6,4 +6,4 @@ where
cmp.getAnOperand() = a and
cmp.getAnOperand() = v.getAnAccess() and
forall(Expr op | op = a.getAnOperand() | isSmall(op))
select cmp, "Bad overflow check."
select cmp, "Bad overflow check."

2
docs/codeql/ql-training/query-examples/cpp/bad-overflow-guard-3.ql
View File

@@ -9,4 +9,4 @@ where
cmp.getAnOperand() = v.getAnAccess() and
forall(Expr op | op = a.getAnOperand() | isSmall(op)) and
not isSmall(a.getExplicitlyConverted())
select cmp, "Bad overflow check"
select cmp, "Bad overflow check"

11
docs/codeql/ql-training/query-examples/cpp/control-flow-cpp-1.ql
View File

@@ -1,8 +1,9 @@
import cpp
from FunctionCall alloc, FunctionCall free, LocalScopeVariable v
where allocationCall(alloc)
and alloc = v.getAnAssignedValue()
and freeCall(free, v.getAnAccess())
and alloc.getASuccessor+() = free
where
allocationCall(alloc) and
alloc = v.getAnAssignedValue() and
freeCall(free, v.getAnAccess()) and
alloc.getASuccessor+() = free
select alloc, free

13
docs/codeql/ql-training/query-examples/cpp/control-flow-cpp-2.ql
View File

@@ -1,8 +1,9 @@
import cpp
from FunctionCall free, LocalScopeVariable v, VariableAccess u
where freeCall(free, v.getAnAccess())
and u = v.getAnAccess()
and u.isRValue()
and free.getASuccessor+() = u
select free, u
where
freeCall(free, v.getAnAccess()) and
u = v.getAnAccess() and
u.isRValue() and
free.getASuccessor+() = u
select free, u

2
docs/codeql/ql-training/query-examples/cpp/control-flow-cpp-3.ql
View File

@@ -7,4 +7,4 @@ where
use = lv.getAnAccess() and
use = def.getASuccessor+()
)
select lv, def
select lv, def

2
docs/codeql/ql-training/query-examples/cpp/control-flow-cpp-4.ql
View File

@@ -7,4 +7,4 @@ predicate isReachable(BasicBlock bb) {
from BasicBlock bb
where not isReachable(bb)
select bb
select bb

16
docs/codeql/ql-training/query-examples/cpp/control-flow-cpp-5.ql
View File

@@ -1,10 +1,10 @@
import cpp
from ExprCall c, PointerDereferenceExpr deref, VariableAccess va,
Access fnacc
where c.getLocation().getFile().getBaseName() = "cjpeg.c" and
c.getLocation().getStartLine() = 640 and
deref = c.getExpr() and
va = deref.getOperand() and
fnacc = va.getTarget().getAnAssignedValue()
select c, fnacc.getTarget()
from ExprCall c, PointerDereferenceExpr deref, VariableAccess va, Access fnacc
where
c.getLocation().getFile().getBaseName() = "cjpeg.c" and
c.getLocation().getStartLine() = 640 and
deref = c.getExpr() and
va = deref.getOperand() and
fnacc = va.getTarget().getAnAssignedValue()
select c, fnacc.getTarget()

9
docs/codeql/ql-training/query-examples/cpp/data-flow-cpp-1.ql
View File

@@ -2,7 +2,8 @@ import cpp
import semmle.code.cpp.commons.Printf
from Call c, FormattingFunction ff, Expr format
where c.getTarget() = ff and
format = c.getArgument(ff.getFormatParameterIndex()) and
not format instanceof StringLiteral
select format, "Non-constant format string."
where
c.getTarget() = ff and
format = c.getArgument(ff.getFormatParameterIndex()) and
not format instanceof StringLiteral
select format, "Non-constant format string."

9
docs/codeql/ql-training/query-examples/cpp/data-flow-cpp-2.ql
View File

@@ -5,8 +5,9 @@ import semmle.code.cpp.commons.Printf
class SourceNode extends DataFlow::Node { /* ... */ }
from FormattingFunction f, Call c, SourceNode src, DataFlow::Node arg
where c.getTarget() = f and
arg.asExpr() = c.getArgument(f.getFormatParameterIndex()) and
DataFlow::localFlow(src, arg) and
not src.asExpr() instanceof StringLiteral
where
c.getTarget() = f and
arg.asExpr() = c.getArgument(f.getFormatParameterIndex()) and
DataFlow::localFlow(src, arg) and
not src.asExpr() instanceof StringLiteral
select arg, "Non-constant format string."

6
docs/codeql/ql-training/query-examples/cpp/empty-if-cpp-class.ql
View File

@@ -1,11 +1,9 @@
import cpp
class EmptyBlock extends Block {
EmptyBlock() {
this.isEmpty()
}
EmptyBlock() { this.isEmpty() }
}
from IfStmt ifStmt
where ifstmt.getThen() instanceof EmptyBlock
select ifstmt
select ifstmt

2
docs/codeql/ql-training/query-examples/cpp/empty-if-cpp-model.ql
View File

@@ -8,4 +8,4 @@ from IfStmt ifstmt
where
ifstmt.getThen() instanceof EmptyBlock and
not exists(ifstmt.getElse())
select ifstmt, "This if-statement is redundant."
select ifstmt, "This if-statement is redundant."

6
docs/codeql/ql-training/query-examples/cpp/empty-if-cpp-predicate.ql
View File

@@ -1,9 +1,7 @@
import cpp
predicate isEmpty(Block block) {
block.isEmpty()
}
predicate isEmpty(Block block) { block.isEmpty() }
from IfStmt ifstmt
where isEmpty(ifstmt.getThen())
select ifstmt, "This if-statement is redundant."
select ifstmt, "This if-statement is redundant."

6
docs/codeql/ql-training/query-examples/cpp/empty-if-cpp.ql
View File

@@ -1,7 +1,7 @@
import cpp
import cpp
from IfStmt ifstmt, Block block
where
block = ifstmt.getThen() and
block.isEmpty()
select ifstmt, "This if-statement is redundant."
select ifstmt, "This if-statement is redundant."

5
docs/codeql/ql-training/query-examples/cpp/global-data-flow-cpp-1.ql
View File

@@ -3,11 +3,12 @@ import semmle.code.cpp.dataflow.TaintTracking
class TaintedFormatConfig extends TaintTracking::Configuration {
TaintedFormatConfig() { this = "TaintedFormatConfig" }
override predicate isSource(DataFlow::Node source) { /* TBD */ }
override predicate isSink(DataFlow::Node sink) { /* TBD */ }
}
from TaintedFormatConfig cfg, DataFlow::Node source, DataFlow::Node sink
where cfg.hasFlow(source, sink)
select sink, "This format string may be derived from a $@.",
source, "user-controlled value"
select sink, "This format string may be derived from a $@.", source, "user-controlled value"

2
docs/codeql/ql-training/query-examples/cpp/snprintf-1.ql
View File

@@ -8,4 +8,4 @@ where
TaintTracking::localTaint(source, sink) and
source.asExpr() = call and
sink.asExpr() = call.getArgument(1)
select call
select call

2
docs/codeql/ql-training/query-examples/java/data-flow-java-1.ql
View File

@@ -8,4 +8,4 @@ from MethodAccess ma
where
ma.getMethod().getName().matches("sparql%Query") and
ma.getArgument(0) instanceof StringConcat
select ma, "SPARQL query vulnerable to injection."
select ma, "SPARQL query vulnerable to injection."

2
docs/codeql/ql-training/query-examples/java/data-flow-java-2.ql
View File

@@ -5,4 +5,4 @@ from MethodAccess ma, StringConcat stringConcat
where
ma.getMethod().getName().matches("sparql%Query") and
localFlow(exprNode(stringConcat), exprNode(ma.getArgument(0)))
select ma, "SPARQL query vulnerable to injection."
select ma, "SPARQL query vulnerable to injection."

7
docs/codeql/ql-training/query-examples/java/empty-if-java-class.ql
View File

@@ -1,12 +1,9 @@
import java
class EmptyBlock extends Block {
EmptyBlock() {
this.getNumStmt() = 0
}
EmptyBlock() { this.getNumStmt() = 0 }
}
from IfStmt ifstmt
where ifstmt.getThen() instanceof
EmptyBlock
where ifstmt.getThen() instanceof EmptyBlock
select ifstmt

2
docs/codeql/ql-training/query-examples/java/empty-if-java-model.ql
View File

@@ -8,4 +8,4 @@ from IfStmt ifstmt
where
ifstmt.getThen() instanceof EmptyBlock and
not exists(ifstmt.getElse())
select ifstmt, "This if-statement is redundant."
select ifstmt, "This if-statement is redundant."

6
docs/codeql/ql-training/query-examples/java/empty-if-java-predicate.ql
View File

@@ -1,9 +1,7 @@
import java
predicate isEmpty(Block block) {
block.getNumStmt() = 0
}
predicate isEmpty(Block block) { block.getNumStmt() = 0 }
from IfStmt ifstmt
where isEmpty(ifstmt.getThen())
select ifstmt
select ifstmt

2
docs/codeql/ql-training/query-examples/java/empty-if-java.ql
View File

@@ -4,4 +4,4 @@ from IfStmt ifstmt, Block block
where
block = ifstmt.getThen() and
block.getNumStmt() = 0
select ifstmt, "This if-statement is redundant."
select ifstmt, "This if-statement is redundant."

6
docs/codeql/ql-training/query-examples/java/global-data-flow-java-1.ql
View File

@@ -3,12 +3,12 @@ import semmle.code.java.dataflow.TaintTracking
class TaintedOGNLConfig extends TaintTracking::Configuration {
TaintedOGNLConfig() { this = "TaintedOGNLConfig" }
override predicate isSource(DataFlow::Node source) { /* TBD */ }
override predicate isSink(DataFlow::Node sink) { /* TBD */ }
}
from TaintedOGNLConfig cfg, DataFlow::Node source, DataFlow::Node sink
where cfg.hasFlow(source, sink)
select source,
"This untrusted input is evaluated as an OGNL expression $@.",
sink, "here"
select source, "This untrusted input is evaluated as an OGNL expression $@.", sink, "here"

2
docs/codeql/ql-training/query-examples/java/query-injection-java-1.ql
View File

@@ -4,4 +4,4 @@ from Method m, MethodAccess ma
where
m.getName().matches("sparql%Query") and
ma.getMethod() = m
select ma, m
select ma, m

2
docs/codeql/ql-training/query-examples/java/query-injection-java-2.ql
View File

@@ -5,4 +5,4 @@ where
m.getName().matches("sparql%Query") and
ma.getMethod() = m and
isStringConcat(ma.getArgument(0))
select ma, m
select ma, m

6
docs/codeql/ql-training/query-examples/java/query-injection-java-3.ql
View File

@@ -1,12 +1,10 @@
import java
predicate isStringConcat(AddExpr ae) {
ae.getType() instanceof TypeString
}
predicate isStringConcat(AddExpr ae) { ae.getType() instanceof TypeString }
from Method m, MethodAccess ma
where
m.getName().matches("sparql%Query") and
ma.getMethod() = m and
isStringConcat(ma.getArgument(0))
select ma, "SPARQL query vulnerable to injection."
select ma, "SPARQL query vulnerable to injection."

4
docs/codeql/writing-codeql-queries/river-answer-1-path.ql
View File

@@ -5,9 +5,7 @@
/** A possible cargo item. */
class Cargo extends string {
Cargo() {
this = ["Nothing", "Goat", "Cabbage", "Wolf"]
}
Cargo() { this = ["Nothing", "Goat", "Cabbage", "Wolf"] }
}
/** A shore, named either `Left` or `Right`. */

6
docs/codeql/writing-codeql-queries/river-answer-2-abstract-class.ql
View File

@@ -119,18 +119,16 @@ string onRight(Man man, Goat goat, Cabbage cabbage, Wolf wolf) {
/** Renders the state as a string, using unicode symbols. */
string render(Man man, Goat goat, Cabbage cabbage, Wolf wolf) {
result = onLeft(man, goat, cabbage, wolf) + "___🌊🌊🌊🌊🌊🌊🌊🌊🌊🌊___" +
result =
onLeft(man, goat, cabbage, wolf) + "___🌊🌊🌊🌊🌊🌊🌊🌊🌊🌊___" +
onRight(man, goat, cabbage, wolf)
}
/** A record of where everything is. */
class State extends string {
Man man;
Goat goat;
Cabbage cabbage;
Wolf wolf;
State() { this = render(man, goat, cabbage, wolf) }

3
docs/codeql/writing-codeql-queries/river-answer-3-datatypes.ql
View File

@@ -90,11 +90,8 @@ newtype TState = Currently(Man man, Goat goat, Cabbage cabbage, Wolf wolf)
/** A record of where everything is. */
class State extends TState {
Man man;
Goat goat;
Cabbage cabbage;
Wolf wolf;
State() { this = Currently(man, goat, cabbage, wolf) }

1
docs/codeql/writing-codeql-queries/river-crossing-1.ql
View File

@@ -99,4 +99,3 @@ class GoalState extends State {
from string path
where any(InitialState i).reachesVia(path, _) = any(GoalState g)
select path