hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 09:15:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

Create new CWE coverage overview and full CWE coverage page

Browse Source
This commit is contained in:
Ethan P
2021-07-19 14:01:42 -04:00
parent 618e8b34dc
commit 5028fccee5
2 changed files with 25 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
docs/codeql/query-help/codeql-cwe-coverage-full.md Normal file
View File

@@ -0,0 +1,8 @@
# CodeQL full CWE coverage
An overview of the full coverage of MITRE's Common Weakness Enumeration (CWE) for the latest release of CodeQL.
## Overview
<!-- autogenerated CWE coverage table will be added below -->

25
docs/codeql/query-help/codeql-cwe-coverage.md → docs/codeql/query-help/codeql-cwe-coverage.rst
View File

@@ -1,8 +1,10 @@
# CodeQL CWE coverage
CodeQL CWE coverage
===================
An overview of the coverage of MITRE's Common Weakness Enumeration (CWE) for the latest release of CodeQL.
You can view the full coverage of MITRE's Common Weakness Enumeration (CWE) or coverage by language for the latest release of CodeQL.
## About CWEs
About CWEs
##########
The CWE categorization contains several types of entity, collectively known as CWEs. The CWEs that we consider in this report are only those of the types:
@@ -11,15 +13,22 @@ The CWE categorization contains several types of entity, collectively known as C
- Weakness Variant
- Compound Element
Other types of CWE do not correspond directly to weaknesses, so are omitted.
Other types of CWE that do not correspond directly to weaknesses are omitted.
The CWE categorization includes relationships between entities, in particular a parent-child relationship.
These relationships are associated with Views (another kind of CWE entity). For the purposes of coverage claims, we use the "[Research View](https://cwe.mitre.org/data/definitions/1000.html)."
These relationships are associated with Views (another kind of CWE entity). For the purposes of coverage claims, we use the "`Research View <https://cwe.mitre.org/data/definitions/1000.html>`_."
Every security query is associated with one or more CWEs, which are the most precise CWEs that are covered by that query.
Overall coverage is claimed for the most-precise CWEs, as well as for any of their ancestors in the View.
## Overview
<!-- autogenerated CWE coverage table will be added below -->
.. toctree::
:hidden:
:titlesonly:
codeql-cwe-coverage-full
cpp-cwe
csharp-cwe
go-cwe
java-cwe
javascript-cwe
python-cwe