Merge pull request #3596 from robertbrignull/more-suites

Add more code-scanning suites

cpp/ql/src/codeql-suites/cpp-code-scanning.qls

@@ -2,3 +2,5 @@
 - qlpack: codeql-cpp
 - apply: code-scanning-selectors.yml
   from: codeql-suite-helpers
+- apply: codeql-suites/exclude-slow-queries.yml
+  from: codeql-cpp

cpp/ql/src/codeql-suites/cpp-lgtm-full.qls

@@ -2,16 +2,8 @@
 - qlpack: codeql-cpp
 - apply: lgtm-selectors.yml
   from: codeql-suite-helpers
-# These queries are infeasible to compute on large projects:
-- exclude:
-    query path:
-      - Security/CWE/CWE-497/ExposedSystemData.ql
-      - Critical/DescriptorMayNotBeClosed.ql
-      - Critical/DescriptorNeverClosed.ql
-      - Critical/FileMayNotBeClosed.ql
-      - Critical/FileNeverClosed.ql
-      - Critical/MemoryMayNotBeFreed.ql
-      - Critical/MemoryNeverFreed.ql
+- apply: codeql-suites/exclude-slow-queries.yml
+  from: codeql-cpp 
 # These are only for IDE use.
 - exclude:
     tags contain:

cpp/ql/src/codeql-suites/cpp-security-and-quality.qls

@@ -0,0 +1,6 @@
+- description: Security-and-quality queries for C and C++
+- qlpack: codeql-cpp
+- apply: security-and-quality-selectors.yml
+  from: codeql-suite-helpers
+- apply: codeql-suites/exclude-slow-queries.yml
+  from: codeql-cpp

cpp/ql/src/codeql-suites/cpp-security-extended.qls

@@ -0,0 +1,6 @@
+- description: Security-extended queries for C and C++
+- qlpack: codeql-cpp
+- apply: security-extended-selectors.yml
+  from: codeql-suite-helpers
+- apply: codeql-suites/excluded-slow-queries.yml
+  from: codeql-cpp

cpp/ql/src/codeql-suites/exclude-slow-queries.yml

@@ -0,0 +1,11 @@
+- description: C/C++ queries which are infeasible to compute on large projects
+# These queries are infeasible to compute on large projects:
+- exclude:
+    query path:
+      - Security/CWE/CWE-497/ExposedSystemData.ql
+      - Critical/DescriptorMayNotBeClosed.ql
+      - Critical/DescriptorNeverClosed.ql
+      - Critical/FileMayNotBeClosed.ql
+      - Critical/FileNeverClosed.ql
+      - Critical/MemoryMayNotBeFreed.ql
+      - Critical/MemoryNeverFreed.ql

csharp/ql/src/codeql-suites/csharp-security-and-quality.qls

@@ -0,0 +1,4 @@
+- description: Security-and-quality queries for C#
+- qlpack: codeql-csharp
+- apply: security-and-quality-selectors.yml
+  from: codeql-suite-helpers

csharp/ql/src/codeql-suites/csharp-security-extended.qls

@@ -0,0 +1,4 @@
+- description: Security-extended queries for C#
+- qlpack: codeql-csharp
+- apply: security-extended-selectors.yml
+  from: codeql-suite-helpers

java/ql/src/codeql-suites/java-security-and-quality.qls

@@ -0,0 +1,4 @@
+- description: Security-and-quality queries for Java
+- qlpack: codeql-java
+- apply: security-and-quality-selectors.yml
+  from: codeql-suite-helpers

java/ql/src/codeql-suites/java-security-extended.qls

@@ -0,0 +1,4 @@
+- description: Security-extended queries for Java
+- qlpack: codeql-java
+- apply: security-extended-selectors.yml
+  from: codeql-suite-helpers

javascript/ql/src/codeql-suites/javascript-security-and-quality.qls

@@ -0,0 +1,4 @@
+- description: Security-and-quality queries for JavaScript
+- qlpack: codeql-javascript
+- apply: security-and-quality-selectors.yml
+  from: codeql-suite-helpers

javascript/ql/src/codeql-suites/javascript-security-extended.qls

@@ -0,0 +1,4 @@
+- description: Security-extended queries for JavaScript
+- qlpack: codeql-javascript
+- apply: security-extended-selectors.yml
+  from: codeql-suite-helpers

misc/suite-helpers/security-and-quality-selectors.yml

@@ -0,0 +1,18 @@
+- description: Selectors for selecting the security-and-quality queries for a language
+- include:
+    kind:
+    - problem
+    - path-problem
+    precision:
+    - high
+    - very-high
+- include:
+    kind:
+    - problem
+    - path-problem
+    precision: medium
+    problem.severity:
+      - error
+      - warning
+- exclude:
+    deprecated: //

misc/suite-helpers/security-extended-selectors.yml

@@ -0,0 +1,24 @@
+- description: Selectors for selecting the security-extended queries for a language
+- include:
+    kind:
+    - problem
+    - path-problem
+    precision:
+    - high
+    - very-high
+    tags contain:
+    - security
+- include:
+    kind:
+    - problem
+    - path-problem
+    precision:
+    - medium
+    problem.severity:
+    - error
+    - warning
+    tags contain:
+    - security
+- exclude:
+    deprecated: //
+

python/ql/src/codeql-suites/python-security-and-quality.qls

@@ -0,0 +1,4 @@
+- description: Security-and-quality queries for Python
+- qlpack: codeql-python
+- apply: security-and-quality-selectors.yml
+  from: codeql-suite-helpers

python/ql/src/codeql-suites/python-security-extended.qls

@@ -0,0 +1,4 @@
+- description: Security-extended queries for Python
+- qlpack: codeql-python
+- apply: security-extended-selectors.yml
+  from: codeql-suite-helpers