mirror of
https://github.com/github/codeql.git
synced 2025-12-17 01:03:14 +01:00
Use extension packs for threat models
This commit is contained in:
Dave Bartolomeo
@@ -6,7 +6,7 @@ provide:
|
|||||||
- "*/ql/consistency-queries/qlpack.yml"
|
- "*/ql/consistency-queries/qlpack.yml"
|
||||||
- "*/ql/automodel/src/qlpack.yml"
|
- "*/ql/automodel/src/qlpack.yml"
|
||||||
- "*/ql/automodel/test/qlpack.yml"
|
- "*/ql/automodel/test/qlpack.yml"
|
||||||
- "shared/*/qlpack.yml"
|
- "shared/**/qlpack.yml"
|
||||||
- "cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/tainted/qlpack.yml"
|
- "cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/tainted/qlpack.yml"
|
||||||
- "go/ql/config/legacy-support/qlpack.yml"
|
- "go/ql/config/legacy-support/qlpack.yml"
|
||||||
- "go/build/codeql-extractor-go/codeql-extractor.yml"
|
- "go/build/codeql-extractor-go/codeql-extractor.yml"
|
||||||
|
|||||||
@@ -9,6 +9,7 @@ dependencies:
|
|||||||
codeql/dataflow: ${workspace}
|
codeql/dataflow: ${workspace}
|
||||||
codeql/mad: ${workspace}
|
codeql/mad: ${workspace}
|
||||||
codeql/regex: ${workspace}
|
codeql/regex: ${workspace}
|
||||||
|
codeql/threat-models: ${workspace}
|
||||||
codeql/tutorial: ${workspace}
|
codeql/tutorial: ${workspace}
|
||||||
codeql/typetracking: ${workspace}
|
codeql/typetracking: ${workspace}
|
||||||
codeql/util: ${workspace}
|
codeql/util: ${workspace}
|
||||||
@@ -16,5 +17,4 @@ dataExtensions:
|
|||||||
- ext/*.model.yml
|
- ext/*.model.yml
|
||||||
- ext/generated/*.model.yml
|
- ext/generated/*.model.yml
|
||||||
- ext/experimental/*.model.yml
|
- ext/experimental/*.model.yml
|
||||||
- ext/threatmodels/*.model.yml
|
|
||||||
warnOnImplicitThis: true
|
warnOnImplicitThis: true
|
||||||
|
|||||||
@@ -29,7 +29,7 @@ import semmle.code.java.frameworks.struts.StrutsActions
|
|||||||
import semmle.code.java.frameworks.Thrift
|
import semmle.code.java.frameworks.Thrift
|
||||||
import semmle.code.java.frameworks.javaee.jsf.JSFRenderer
|
import semmle.code.java.frameworks.javaee.jsf.JSFRenderer
|
||||||
private import semmle.code.java.dataflow.ExternalFlow
|
private import semmle.code.java.dataflow.ExternalFlow
|
||||||
private import semmle.code.java.dataflow.ExternalFlowConfiguration
|
private import codeql.threatmodels.ThreatModels
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* A data flow source.
|
* A data flow source.
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
import semmle.code.java.dataflow.ExternalFlowConfiguration as ExternalFlowConfiguration
|
import codeql.threatmodels.ThreatModels as ThreatModels
|
||||||
|
|
||||||
query predicate supportedThreatModels(string kind) {
|
query predicate supportedThreatModels(string kind) {
|
||||||
ExternalFlowConfiguration::currentThreatModel(kind)
|
ThreatModels::currentThreatModel(kind)
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
import semmle.code.java.dataflow.ExternalFlowConfiguration as ExternalFlowConfiguration
|
import codeql.threatmodels.ThreatModels as ThreatModels
|
||||||
|
|
||||||
query predicate supportedThreatModels(string kind) {
|
query predicate supportedThreatModels(string kind) {
|
||||||
ExternalFlowConfiguration::currentThreatModel(kind)
|
ThreatModels::currentThreatModel(kind)
|
||||||
}
|
}
|
||||||
|
|||||||
10
shared/threat-models-ext/android/qlpack.yml
Normal file
10
shared/threat-models-ext/android/qlpack.yml
Normal file
@@ -0,0 +1,10 @@
|
|||||||
|
name: codeql/threat-android
|
||||||
|
version: 0.0.0-dev
|
||||||
|
groups:
|
||||||
|
- shared
|
||||||
|
- threat-models
|
||||||
|
library: true
|
||||||
|
dataExtensions:
|
||||||
|
- "*.model.yml"
|
||||||
|
extensionTargets:
|
||||||
|
codeql/threat-models: ${workspace}
|
||||||
7
shared/threat-models-ext/android/threat.model.yml
Normal file
7
shared/threat-models-ext/android/threat.model.yml
Normal file
@@ -0,0 +1,7 @@
|
|||||||
|
extensions:
|
||||||
|
|
||||||
|
- addsTo:
|
||||||
|
pack: codeql/threat-models
|
||||||
|
extensible: supportedThreatModels
|
||||||
|
data:
|
||||||
|
- ["android"]
|
||||||
10
shared/threat-models-ext/local/qlpack.yml
Normal file
10
shared/threat-models-ext/local/qlpack.yml
Normal file
@@ -0,0 +1,10 @@
|
|||||||
|
name: codeql/threat-local
|
||||||
|
version: 0.0.0-dev
|
||||||
|
groups:
|
||||||
|
- shared
|
||||||
|
- threat-models
|
||||||
|
library: true
|
||||||
|
dataExtensions:
|
||||||
|
- "*.model.yml"
|
||||||
|
extensionTargets:
|
||||||
|
codeql/threat-models: ${workspace}
|
||||||
7
shared/threat-models-ext/local/threat.model.yml
Normal file
7
shared/threat-models-ext/local/threat.model.yml
Normal file
@@ -0,0 +1,7 @@
|
|||||||
|
extensions:
|
||||||
|
|
||||||
|
- addsTo:
|
||||||
|
pack: codeql/threat-models
|
||||||
|
extensible: supportedThreatModels
|
||||||
|
data:
|
||||||
|
- ["local"]
|
||||||
@@ -5,12 +5,10 @@
|
|||||||
* are applicable to generic queries.
|
* are applicable to generic queries.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
private import ExternalFlowExtensions
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Holds if the specified kind of source model is supported for the current query.
|
* Holds if the specified kind of source model is supported for the current query.
|
||||||
*/
|
*/
|
||||||
extensible private predicate supportedThreatModels(string kind);
|
extensible predicate supportedThreatModels(string kind);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Holds if the specified kind of source model is containted within the specified group.
|
* Holds if the specified kind of source model is containted within the specified group.
|
||||||
@@ -1,7 +1,7 @@
|
|||||||
extensions:
|
extensions:
|
||||||
|
|
||||||
- addsTo:
|
- addsTo:
|
||||||
pack: codeql/java-all
|
pack: codeql/threat-models
|
||||||
extensible: supportedThreatModels
|
extensible: supportedThreatModels
|
||||||
data:
|
data:
|
||||||
- ["default"] # The "default" threat model is always included.
|
- ["default"] # The "default" threat model is always included.
|
||||||
@@ -1,7 +1,7 @@
|
|||||||
extensions:
|
extensions:
|
||||||
|
|
||||||
- addsTo:
|
- addsTo:
|
||||||
pack: codeql/java-all
|
pack: codeql/threat-models
|
||||||
extensible: threatModelGrouping
|
extensible: threatModelGrouping
|
||||||
data:
|
data:
|
||||||
# Default threat model
|
# Default threat model
|
||||||
6
shared/threat-models/qlpack.yml
Normal file
6
shared/threat-models/qlpack.yml
Normal file
@@ -0,0 +1,6 @@
|
|||||||
|
name: codeql/threat-models
|
||||||
|
version: 0.0.0-dev
|
||||||
|
library: true
|
||||||
|
groups: shared
|
||||||
|
dataExtensions:
|
||||||
|
- ext/*.model.yml
|
||||||
Reference in New Issue
Block a user