Merge pull request #3596 from robertbrignull/more-suites

Add more code-scanning suites
2025-12-21 11:16:30 +01:00 · 2020-06-12 09:08:20 +02:00
parent 035d8ea24c ded5eec76a
commit abd05bcff1
15 changed files with 101 additions and 10 deletions
--- a/cpp/ql/src/codeql-suites/cpp-code-scanning.qls
+++ b/cpp/ql/src/codeql-suites/cpp-code-scanning.qls
@@ -2,3 +2,5 @@
 - qlpack: codeql-cpp
 - apply: code-scanning-selectors.yml
  from: codeql-suite-helpers
+- apply: codeql-suites/exclude-slow-queries.yml
+  from: codeql-cpp
--- a/cpp/ql/src/codeql-suites/cpp-lgtm-full.qls
+++ b/cpp/ql/src/codeql-suites/cpp-lgtm-full.qls
@@ -2,16 +2,8 @@
 - qlpack: codeql-cpp
 - apply: lgtm-selectors.yml
  from: codeql-suite-helpers
-# These queries are infeasible to compute on large projects:
- exclude:
-    query path:
-      - Security/CWE/CWE-497/ExposedSystemData.ql
-      - Critical/DescriptorMayNotBeClosed.ql
-      - Critical/DescriptorNeverClosed.ql
-      - Critical/FileMayNotBeClosed.ql
-      - Critical/FileNeverClosed.ql
-      - Critical/MemoryMayNotBeFreed.ql
-      - Critical/MemoryNeverFreed.ql
+- apply: codeql-suites/exclude-slow-queries.yml
+  from: codeql-cpp 
 # These are only for IDE use.
 - exclude:
    tags contain:
--- a/cpp/ql/src/codeql-suites/cpp-security-and-quality.qls
+++ b/cpp/ql/src/codeql-suites/cpp-security-and-quality.qls
@@ -0,0 +1,6 @@
+- description: Security-and-quality queries for C and C++
+- qlpack: codeql-cpp
+- apply: security-and-quality-selectors.yml
+  from: codeql-suite-helpers
+- apply: codeql-suites/exclude-slow-queries.yml
+  from: codeql-cpp
--- a/cpp/ql/src/codeql-suites/cpp-security-extended.qls
+++ b/cpp/ql/src/codeql-suites/cpp-security-extended.qls
@@ -0,0 +1,6 @@
+- description: Security-extended queries for C and C++
+- qlpack: codeql-cpp
+- apply: security-extended-selectors.yml
+  from: codeql-suite-helpers
+- apply: codeql-suites/excluded-slow-queries.yml
+  from: codeql-cpp
--- a/cpp/ql/src/codeql-suites/exclude-slow-queries.yml
+++ b/cpp/ql/src/codeql-suites/exclude-slow-queries.yml
@@ -0,0 +1,11 @@
+- description: C/C++ queries which are infeasible to compute on large projects
+# These queries are infeasible to compute on large projects:
+- exclude:
+    query path:
+      - Security/CWE/CWE-497/ExposedSystemData.ql
+      - Critical/DescriptorMayNotBeClosed.ql
+      - Critical/DescriptorNeverClosed.ql
+      - Critical/FileMayNotBeClosed.ql
+      - Critical/FileNeverClosed.ql
+      - Critical/MemoryMayNotBeFreed.ql
+      - Critical/MemoryNeverFreed.ql