mirror of
https://github.com/github/codeql.git
synced 2026-04-25 16:55:19 +02:00
Merge branch 'main' into changedocs/2.18.0
This commit is contained in:
Florin Coada
@@ -7,8 +7,6 @@ CodeQL has a large selection of classes for representing the abstract syntax tre
|
||||
|
||||
.. include:: ../reusables/abstract-syntax-tree.rst
|
||||
|
||||
.. include:: ../reusables/kotlin-beta-note.rst
|
||||
|
||||
.. include:: ../reusables/kotlin-java-differences.rst
|
||||
|
||||
Statement classes
|
||||
@@ -385,4 +383,4 @@ Further reading
|
||||
.. _TypeLiteral: https://codeql.github.com/codeql-standard-libraries/java/semmle/code/java/Expr.qll/type.Expr$TypeLiteral.html
|
||||
.. _ClassInstanceExpr: https://codeql.github.com/codeql-standard-libraries/java/semmle/code/java/Expr.qll/type.Expr$ClassInstanceExpr.html
|
||||
.. _ArrayInit: https://codeql.github.com/codeql-standard-libraries/java/semmle/code/java/Expr.qll/type.Expr$ArrayInit.html
|
||||
.. _Annotation: https://codeql.github.com/codeql-standard-libraries/java/semmle/code/java/Annotation.qll/type.Annotation$Annotation.html
|
||||
.. _Annotation: https://codeql.github.com/codeql-standard-libraries/java/semmle/code/java/Annotation.qll/type.Annotation$Annotation.html
|
||||
|
||||
@@ -5,8 +5,6 @@ Analyzing data flow in Java and Kotlin
|
||||
|
||||
You can use CodeQL to track the flow of data through a Java/Kotlin program to its use.
|
||||
|
||||
.. include:: ../reusables/kotlin-beta-note.rst
|
||||
|
||||
.. include:: ../reusables/kotlin-java-differences.rst
|
||||
|
||||
About this article
|
||||
|
||||
@@ -5,8 +5,6 @@ Analyzing data flow in Swift
|
||||
|
||||
You can use CodeQL to track the flow of data through a Swift program to places where the data is used.
|
||||
|
||||
.. include:: ../reusables/swift-beta-note.rst
|
||||
|
||||
About this article
|
||||
------------------
|
||||
|
||||
|
||||
@@ -5,8 +5,6 @@ Annotations in Java and Kotlin
|
||||
|
||||
CodeQL databases of Java/Kotlin projects contain information about all annotations attached to program elements.
|
||||
|
||||
.. include:: ../reusables/kotlin-beta-note.rst
|
||||
|
||||
About working with annotations
|
||||
------------------------------
|
||||
|
||||
@@ -105,7 +103,7 @@ As a first step, let's write a query that finds all ``@Override`` annotations. A
|
||||
|
||||
As always, it is a good idea to try this query on a CodeQL database for a Java/Kotlin project to make sure it actually produces some results. On the earlier example, it should find the annotation on ``Sub1.m``. Next, we encapsulate the concept of an ``@Override`` annotation as a CodeQL class:
|
||||
|
||||
::
|
||||
.. code-block:: ql
|
||||
|
||||
class OverrideAnnotation extends Annotation {
|
||||
OverrideAnnotation() {
|
||||
@@ -215,11 +213,11 @@ To do so, we first introduce a class for representing all ``@SuppressWarnings``
|
||||
class SuppressDeprecationWarningAnnotation extends Annotation {
|
||||
SuppressDeprecationWarningAnnotation() {
|
||||
this.getType().hasQualifiedName("java.lang", "SuppressWarnings") and
|
||||
this.getAValue().(Literal).getLiteral().regexpMatch(".*deprecation.*")
|
||||
this.getAStringArrayValue("value").regexpMatch(".*deprecation.*")
|
||||
}
|
||||
}
|
||||
|
||||
Here, we use ``getAValue()`` to retrieve any annotation value: in fact, annotation type ``SuppressWarnings`` only has a single annotation element, so every ``@SuppressWarnings`` annotation only has a single annotation value. Then, we ensure that it is a literal, obtain its string value using ``getLiteral``, and check whether it contains the string ``deprecation`` using a regular expression match.
|
||||
Here, we use ``getAStringArrayValue("value")`` to retrieve any of the suppressed warnings: ``@SuppressWarnings`` defines the warnings to suppress using the annotation element named ``value`` of type ``String[]``, and ``getAStringArrayValue`` retrieves all of the array values; the CodeQL class ``Annotation`` also has similar convenience predicates for the other possible annotation element types. Afterwards we check whether one of the values is the string ``deprecation`` using a regular expression match.
|
||||
|
||||
For real-world use, this check would have to be generalized a bit: for example, the OpenJDK Java compiler allows ``@SuppressWarnings("all")`` annotations to suppress all warnings. We may also want to make sure that ``deprecation`` is matched as an entire word, and not as part of another word, by changing the regular expression to ``".*\\bdeprecation\\b.*"``.
|
||||
|
||||
|
||||
@@ -5,7 +5,6 @@ Basic query for Swift code
|
||||
|
||||
Learn to write and run a simple CodeQL query using Visual Studio Code with the CodeQL extension.
|
||||
|
||||
.. include:: ../reusables/swift-beta-note.rst
|
||||
.. include:: ../reusables/vs-code-basic-instructions/setup-to-run-queries.rst
|
||||
|
||||
About the query
|
||||
|
||||
@@ -5,9 +5,6 @@ CodeQL for Java and Kotlin
|
||||
|
||||
Experiment and learn how to write effective and efficient queries for CodeQL databases generated from Java and Kotlin codebases.
|
||||
|
||||
.. include:: ../reusables/kotlin-beta-note.rst
|
||||
|
||||
|
||||
.. pull-quote:: Enabling Kotlin support
|
||||
|
||||
CodeQL treats Java and Kotlin as parts of the same language, so to enable Kotlin support you should enable ``java-kotlin`` as a language.
|
||||
|
||||
@@ -5,8 +5,6 @@ CodeQL for Swift
|
||||
|
||||
Experiment and learn how to write effective and efficient queries for CodeQL databases generated from Swift codebases.
|
||||
|
||||
.. include:: ../reusables/swift-beta-note.rst
|
||||
|
||||
.. toctree::
|
||||
:hidden:
|
||||
|
||||
|
||||
@@ -5,8 +5,6 @@ CodeQL library for Java and Kotlin
|
||||
|
||||
When you're analyzing a Java/Kotlin program, you can make use of the large collection of classes in the CodeQL library for Java/Kotlin.
|
||||
|
||||
.. include:: ../reusables/kotlin-beta-note.rst
|
||||
|
||||
About the CodeQL library for Java and Kotlin
|
||||
--------------------------------------------
|
||||
|
||||
|
||||
@@ -5,8 +5,6 @@ Customizing library models for Java and Kotlin
|
||||
|
||||
You can model the methods and callables that control data flow in any framework or library. This is especially useful for custom frameworks or niche libraries, that are not supported by the standard CodeQL libraries.
|
||||
|
||||
.. include:: ../reusables/kotlin-beta-note.rst
|
||||
|
||||
.. include:: ../reusables/beta-note-customizing-library-models.rst
|
||||
|
||||
About this article
|
||||
|
||||
@@ -5,8 +5,6 @@ Overflow-prone comparisons in Java and Kotlin
|
||||
|
||||
You can use CodeQL to check for comparisons in Java/Kotlin code where one side of the comparison is prone to overflow.
|
||||
|
||||
.. include:: ../reusables/kotlin-beta-note.rst
|
||||
|
||||
About this article
|
||||
------------------
|
||||
|
||||
|
||||
@@ -5,8 +5,6 @@ Types in Java and Kotlin
|
||||
|
||||
You can use CodeQL to find out information about data types used in Java/Kotlin code. This allows you to write queries to identify specific type-related issues.
|
||||
|
||||
.. include:: ../reusables/kotlin-beta-note.rst
|
||||
|
||||
About working with Java types
|
||||
-----------------------------
|
||||
|
||||
|
||||
@@ -5,8 +5,6 @@ Working with source locations
|
||||
|
||||
You can use the location of entities within Java/Kotlin code to look for potential errors. Locations allow you to deduce the presence, or absence, of white space which, in some cases, may indicate a problem.
|
||||
|
||||
.. include:: ../reusables/kotlin-beta-note.rst
|
||||
|
||||
About source locations
|
||||
----------------------
|
||||
|
||||
|
||||
@@ -12,8 +12,6 @@ Supported platforms
|
||||
|
||||
.. include:: ../reusables/supported-platforms.rst
|
||||
|
||||
.. include:: ../reusables/kotlin-beta-note.rst
|
||||
|
||||
Additional software requirements
|
||||
################################
|
||||
|
||||
|
||||
@@ -3,9 +3,6 @@ CodeQL CWE coverage
|
||||
|
||||
You can view the full coverage of MITRE's Common Weakness Enumeration (CWE) or coverage by language for the latest release of CodeQL.
|
||||
|
||||
.. include:: ../reusables/kotlin-beta-note.rst
|
||||
.. include:: ../reusables/swift-beta-note.rst
|
||||
|
||||
About CWEs
|
||||
##########
|
||||
|
||||
|
||||
@@ -12,9 +12,6 @@ View the query help for the queries included in the ``default``, ``security-exte
|
||||
- :doc:`CodeQL query help for Ruby <ruby>`
|
||||
- :doc:`CodeQL query help for Swift <swift>`
|
||||
|
||||
.. include:: ../reusables/kotlin-beta-note.rst
|
||||
.. include:: ../reusables/swift-beta-note.rst
|
||||
|
||||
.. pull-quote:: Information
|
||||
|
||||
Each query help article includes:
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
.. pull-quote:: Note
|
||||
|
||||
CodeQL analysis for Kotlin is currently in beta. During the beta, analysis of Kotlin code,
|
||||
and the accompanying documentation, will not be as comprehensive as for other languages.
|
||||
@@ -97,8 +97,6 @@ and the CodeQL library pack ``codeql/go-all`` (`changelog <https://github.com/gi
|
||||
Java and Kotlin built-in support
|
||||
==================================
|
||||
|
||||
.. include:: ../reusables/kotlin-beta-note.rst
|
||||
|
||||
Provided by the current versions of the
|
||||
CodeQL query pack ``codeql/java-queries`` (`changelog <https://github.com/github/codeql/tree/codeql-cli/latest/java/ql/src/CHANGELOG.md>`__, `source <https://github.com/github/codeql/tree/codeql-cli/latest/java/ql/src>`__)
|
||||
and the CodeQL library pack ``codeql/java-all`` (`changelog <https://github.com/github/codeql/tree/codeql-cli/latest/java/ql/lib/CHANGELOG.md>`__, `source <https://github.com/github/codeql/tree/codeql-cli/latest/java/ql/lib>`__).
|
||||
@@ -287,8 +285,6 @@ and the CodeQL library pack ``codeql/ruby-all`` (`changelog <https://github.com/
|
||||
Swift built-in support
|
||||
================================
|
||||
|
||||
.. include:: ../reusables/swift-beta-note.rst
|
||||
|
||||
Provided by the current versions of the
|
||||
CodeQL query pack ``codeql/swift-queries`` (`changelog <https://github.com/github/codeql/tree/codeql-cli/latest/swift/ql/src/CHANGELOG.md>`__, `source <https://github.com/github/codeql/tree/codeql-cli/latest/swift/ql/src>`__)
|
||||
and the CodeQL library pack ``codeql/swift-all`` (`changelog <https://github.com/github/codeql/tree/codeql-cli/latest/swift/ql/lib/CHANGELOG.md>`__, `source <https://github.com/github/codeql/tree/codeql-cli/latest/swift/ql/lib>`__).
|
||||
|
||||
@@ -20,12 +20,12 @@
|
||||
Java,"Java 7 to 22 [5]_","javac (OpenJDK and Oracle JDK),
|
||||
|
||||
Eclipse compiler for Java (ECJ) [6]_",``.java``
|
||||
Kotlin [7]_,"Kotlin 1.5.0 to 2.0.0\ *x*","kotlinc",``.kt``
|
||||
JavaScript,ECMAScript 2022 or lower,Not applicable,"``.js``, ``.jsx``, ``.mjs``, ``.es``, ``.es6``, ``.htm``, ``.html``, ``.xhtm``, ``.xhtml``, ``.vue``, ``.hbs``, ``.ejs``, ``.njk``, ``.json``, ``.yaml``, ``.yml``, ``.raml``, ``.xml`` [8]_"
|
||||
Python [9]_,"2.7, 3.5, 3.6, 3.7, 3.8, 3.9, 3.10, 3.11, 3.12",Not applicable,``.py``
|
||||
Ruby [10]_,"up to 3.3",Not applicable,"``.rb``, ``.erb``, ``.gemspec``, ``Gemfile``"
|
||||
Swift [11]_,"Swift 5.4-5.10","Swift compiler","``.swift``"
|
||||
TypeScript [12]_,"2.6-5.5",Standard TypeScript compiler,"``.ts``, ``.tsx``, ``.mts``, ``.cts``"
|
||||
Kotlin,"Kotlin 1.5.0 to 2.0.2\ *x*","kotlinc",``.kt``
|
||||
JavaScript,ECMAScript 2022 or lower,Not applicable,"``.js``, ``.jsx``, ``.mjs``, ``.es``, ``.es6``, ``.htm``, ``.html``, ``.xhtm``, ``.xhtml``, ``.vue``, ``.hbs``, ``.ejs``, ``.njk``, ``.json``, ``.yaml``, ``.yml``, ``.raml``, ``.xml`` [7]_"
|
||||
Python [8]_,"2.7, 3.5, 3.6, 3.7, 3.8, 3.9, 3.10, 3.11, 3.12",Not applicable,``.py``
|
||||
Ruby [9]_,"up to 3.3",Not applicable,"``.rb``, ``.erb``, ``.gemspec``, ``Gemfile``"
|
||||
Swift [10]_,"Swift 5.4-5.10","Swift compiler","``.swift``"
|
||||
TypeScript [11]_,"2.6-5.5",Standard TypeScript compiler,"``.ts``, ``.tsx``, ``.mts``, ``.cts``"
|
||||
|
||||
.. container:: footnote-group
|
||||
|
||||
@@ -35,9 +35,8 @@
|
||||
.. [4] Support for the Arm Compiler (armcc) is preliminary.
|
||||
.. [5] Builds that execute on Java 7 to 22 can be analyzed. The analysis understands Java 22 standard language features.
|
||||
.. [6] ECJ is supported when the build invokes it via the Maven Compiler plugin or the Takari Lifecycle plugin.
|
||||
.. [7] Kotlin support is currently in beta.
|
||||
.. [8] JSX and Flow code, YAML, JSON, HTML, and XML files may also be analyzed with JavaScript files.
|
||||
.. [9] The extractor requires Python 3 to run. To analyze Python 2.7 you should install both versions of Python.
|
||||
.. [10] Requires glibc 2.17.
|
||||
.. [11] Swift support is currently in beta. Support for the analysis of Swift requires macOS or Linux.
|
||||
.. [12] TypeScript analysis is performed by running the JavaScript extractor with TypeScript enabled. This is the default.
|
||||
.. [7] JSX and Flow code, YAML, JSON, HTML, and XML files may also be analyzed with JavaScript files.
|
||||
.. [8] The extractor requires Python 3 to run. To analyze Python 2.7 you should install both versions of Python.
|
||||
.. [9] Requires glibc 2.17.
|
||||
.. [10] Support for the analysis of Swift requires macOS or Linux.
|
||||
.. [11] TypeScript analysis is performed by running the JavaScript extractor with TypeScript enabled. This is the default.
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
.. pull-quote:: Note
|
||||
|
||||
CodeQL analysis for Swift is currently in beta. During the beta, analysis of Swift code,
|
||||
and the accompanying documentation, will not be as comprehensive as for other languages.
|
||||
@@ -5,6 +5,15 @@ A threat model is a named class of dataflow sources that can be enabled or disab
|
||||
The ``kind`` property of the ``sourceModel`` determines which threat model a source is associated with. There are two main categories:
|
||||
|
||||
- ``remote`` which represents requests and responses from the network.
|
||||
- ``local`` which represents data from local files (``file``), command-line arguments (``commandargs``), database reads (``database``), and environment variables(``environment``).
|
||||
- ``local`` which represents data from local files (``file``), command-line arguments (``commandargs``), database reads (``database``), environment variables(``environment``) and Windows registry values ("windows-registry"). Currently, Windows registry values are used by C# only.
|
||||
|
||||
Note that subcategories can be turned included or excluded separately, so you can specify ``local`` without ``database``, or just ``commandargs`` and ``environment`` without the rest of ``local``.
|
||||
|
||||
The less commonly used categories are:
|
||||
|
||||
- ``android`` which represents reads from external files in Android (``android-external-storage-dir``) and parameter of an entry-point method declared in a ``ContentProvider`` class (``contentprovider``). Currently only used by Java/Kotlin.
|
||||
- ``database-access-result`` which represents a database access. Currently only used by JavaScript.
|
||||
- ``file-write`` which represents opening a file in write mode. Currently only used in C#.
|
||||
- ``reverse-dns`` which represents reverse DNS lookups. Currently only used in Java.
|
||||
|
||||
When running a CodeQL analysis, the ``remote`` threat model is included by default. You can optionally include other threat models as appropriate when using the CodeQL CLI and in GitHub code scanning. For more information, see `Analyzing your code with CodeQL queries <https://docs.github.com/code-security/codeql-cli/getting-started-with-the-codeql-cli/analyzing-your-code-with-codeql-queries#including-model-packs-to-add-potential-sources-of-tainted-data>`__ and `Customizing your advanced setup for code scanning <https://docs.github.com/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#extending-codeql-coverage-with-threat-models>`__.
|
||||
|
||||
Reference in New Issue
Block a user