Add sample synthetic suites

felickz · web-flow · commit c0cbefc2f768 · 2025-02-21T18:57:36.000-05:00
diff --git a/suites/synthetics-cpp.qls b/suites/synthetics-cpp.qls
@@ -0,0 +1,60 @@
+# Use this query suite when looking to get the broadest coverage of security results from the CodeQL Built in packs and the GitHub Security Lab Community packs.
+# WARNING: A notable amount of false positives may be found in this configuration.  If you wish to reduce the number of false positives, use the default codeql suites :)
+# NOTE: This suite will not include audit level queries intended for gathering information about the codebase, and debugging queries intended for CodeQL developers.
+# NOTE: A suite cannot exclude directories from the scan.  Consider pairing with a codeql-config.yml that excludes unwanted folders with `paths-ignore`
+# NOTE: A suite cannot include library packs that contain data extensions.  Consider pairing with a codeql-config.yml that includes needed data models.
+
+# Run the following pack install commands to prime your workspace or run the analyze command using `--download` flag
+#codeql pack download codeql/cpp-queries
+#codeql pack download githubsecuritylab/codeql-cpp-queries
+#codeql pack download trailofbits/cpp-queries
+
+# All queries from CodeQL built in query packs
+- queries: '.'
+  from: codeql/cpp-queries
+
+# Curated packs from community repos
+
+### GitHub Security Lab ###
+# Queries via Community Packs https://github.com/GitHubSecurityLab/CodeQL-Community-Packs (NOTE: the default suites do not include audit/debugging queries)
+- qlpack: githubsecuritylab/codeql-cpp-queries
+
+### Trail of Bits ###
+# Queries via packs: https://github.com/trailofbits/codeql-queries (default suites include security + crypto)
+- qlpack: trailofbits/cpp-queries
+
+- include:
+          kind:
+              - problem
+              - path-problem
+          tags contain:
+              - security
+- include:
+        kind:
+            - diagnostic
+- include:
+        kind:
+            - metric
+        tags contain:
+            - summary
+- exclude:
+        deprecated: //
+- exclude:
+        query path:
+            # REMOVE exclude - OK even if they exist in experimental folder
+            #- /^experimental\/.*/
+            - Metrics/Summaries/FrameworkCoverage.ql
+            - /Diagnostics/Internal/.*/
+- exclude:
+        tags contain:
+            - modeleditor
+            - modelgenerator
+# Exclude audit queries from the CodeQL Built in packs
+- exclude:
+        id:
+            - cpp/untrusted-data-to-external-api
+# Remove debugging, and audit queries used by community packs (this is duplicative of the default suites from those community packs)
+- exclude:
+        tags contain:
+            - debugging
+            - audit
diff --git a/suites/synthetics-csharp.qls b/suites/synthetics-csharp.qls
@@ -0,0 +1,56 @@
+# Use this query suite when looking to get the broadest coverage of security results from the CodeQL Built in packs and the GitHub Security Lab Community packs.
+# WARNING: A notable amount of false positives may be found in this configuration.  If you wish to reduce the number of false positives, use the default codeql suites :)
+# NOTE: This suite will not include audit level queries intended for gathering information about the codebase, and debugging queries intended for CodeQL developers.
+# NOTE: A suite cannot exclude directories from the scan.  Consider pairing with a codeql-config.yml that excludes unwanted folders with `paths-ignore`
+# NOTE: A suite cannot include library packs that contain data extensions.  Consider pairing with a codeql-config.yml that includes needed data models.
+
+# Run the following pack install commands to prime your workspace or run the analyze command using `--download` flag
+#codeql pack download codeql/csharp-queries
+#codeql pack download githubsecuritylab/codeql-csharp-queries
+
+# All queries from CodeQL built in query packs
+- queries: '.'
+  from: codeql/csharp-queries
+
+# Curated packs from community repos
+
+### GitHub Security Lab ###
+# Queries via Community Packs https://github.com/GitHubSecurityLab/CodeQL-Community-Packs (NOTE: the default suites do not include audit/debugging queries)
+- qlpack: githubsecuritylab/codeql-csharp-queries
+
+
+- include:
+          kind:
+              - problem
+              - path-problem
+          tags contain:
+              - security
+- include:
+        kind:
+            - diagnostic
+- include:
+        kind:
+            - metric
+        tags contain:
+            - summary
+- exclude:
+        deprecated: //
+- exclude:
+        query path:
+            # REMOVE exclude - OK even if they exist in experimental folder
+            #- /^experimental\/.*/
+            - Metrics/Summaries/FrameworkCoverage.ql
+            - /Diagnostics/Internal/.*/
+- exclude:
+        tags contain:
+            - modeleditor
+            - modelgenerator
+# Exclude audit queries from the CodeQL Built in packs
+- exclude:
+        id:
+            - csharp/untrusted-data-to-external-api
+# Remove debugging, and audit queries used by community packs (this is duplicative of the default suites from those community packs)
+- exclude:
+        tags contain:
+            - debugging
+            - audit
diff --git a/suites/synthetics-go.qls b/suites/synthetics-go.qls
@@ -0,0 +1,60 @@
+# Use this query suite when looking to get the broadest coverage of security results from the CodeQL Built in packs and the GitHub Security Lab Community packs.
+# WARNING: A notable amount of false positives may be found in this configuration.  If you wish to reduce the number of false positives, use the default codeql suites :)
+# NOTE: This suite will not include audit level queries intended for gathering information about the codebase, and debugging queries intended for CodeQL developers.
+# NOTE: A suite cannot exclude directories from the scan.  Consider pairing with a codeql-config.yml that excludes unwanted folders with `paths-ignore`
+# NOTE: A suite cannot include library packs that contain data extensions.  Consider pairing with a codeql-config.yml that includes needed data models.
+
+# Run the following pack install commands to prime your workspace or run the analyze command using `--download` flag
+#codeql pack download codeql/go-queries
+#codeql pack download githubsecuritylab/codeql-go-queries
+#codeql pack download trailofbits/go-queries
+
+# All queries from CodeQL built in query packs
+- queries: '.'
+  from: codeql/go-queries
+
+# Curated packs from community repos
+
+### GitHub Security Lab ###
+# Queries via Community Packs https://github.com/GitHubSecurityLab/CodeQL-Community-Packs (NOTE: the default suites do not include audit/debugging queries)
+- qlpack: githubsecuritylab/codeql-go-queries
+
+### Trail of Bits ###
+# Queries via packs: https://github.com/trailofbits/codeql-queries (default suites include security + crypto)
+- qlpack: trailofbits/go-queries
+
+- include:
+          kind:
+              - problem
+              - path-problem
+          tags contain:
+              - security
+- include:
+        kind:
+            - diagnostic
+- include:
+        kind:
+            - metric
+        tags contain:
+            - summary
+- exclude:
+        deprecated: //
+- exclude:
+        query path:
+            # REMOVE exclude - OK even if they exist in experimental folder
+            #- /^experimental\/.*/
+            - Metrics/Summaries/FrameworkCoverage.ql
+            - /Diagnostics/Internal/.*/
+- exclude:
+        tags contain:
+            - modeleditor
+            - modelgenerator
+# Exclude audit queries from the CodeQL Built in packs
+- exclude:
+        id:
+            - go/untrusted-data-to-external-api
+# Remove debugging, and audit queries used by community packs (this is duplicative of the default suites from those community packs)
+- exclude:
+        tags contain:
+            - debugging
+            - audit
diff --git a/suites/synthetics-java.qls b/suites/synthetics-java.qls
@@ -0,0 +1,59 @@
+# Use this query suite when looking to get the broadest coverage of security results from the CodeQL Built in packs and the GitHub Security Lab Community packs.
+# WARNING: A notable amount of false positives may be found in this configuration.  If you wish to reduce the number of false positives, use the default codeql suites :)
+# NOTE: This suite will not include audit level queries intended for gathering information about the codebase, and debugging queries intended for CodeQL developers.
+# NOTE: A suite cannot exclude directories from the scan.  Consider pairing with a codeql-config.yml that excludes unwanted folders with `paths-ignore`
+# NOTE: A suite cannot include library packs that contain data extensions.  Consider pairing with a codeql-config.yml that includes needed data models.
+
+# Run the following pack install commands to prime your workspace or run the analyze command using `--download` flag
+#codeql pack download codeql/java-queries
+#codeql pack download githubsecuritylab/codeql-java-queries
+
+# All queries from CodeQL built in query packs
+- queries: '.'
+  from: codeql/java-queries
+
+# Curated packs from community repos
+
+### GitHub Security Lab ###
+# Queries via Community Packs https://github.com/GitHubSecurityLab/CodeQL-Community-Packs (NOTE: the default suites do not include audit/debugging queries)
+- qlpack: githubsecuritylab/codeql-java-queries
+
+# Queries via Community Packs that use local sources https://github.com/GitHubSecurityLab/CodeQL-Community-Packs
+- qlpack: githubsecuritylab/codeql-java-queries:suites/java-local.qls
+
+
+- include:
+          kind:
+              - problem
+              - path-problem
+          tags contain:
+              - security
+- include:
+        kind:
+            - diagnostic
+- include:
+        kind:
+            - metric
+        tags contain:
+            - summary
+- exclude:
+        deprecated: //
+- exclude:
+        query path:
+            # REMOVE exclude - OK even if they exist in experimental folder
+            #- /^experimental\/.*/
+            - Metrics/Summaries/FrameworkCoverage.ql
+            - /Diagnostics/Internal/.*/
+- exclude:
+        tags contain:
+            - modeleditor
+            - modelgenerator
+# Exclude audit queries from the CodeQL Built in packs
+- exclude:
+        id:
+            - java/untrusted-data-to-external-api
+# Remove debugging, and audit queries used by community packs (this is duplicative of the default suites from those community packs)
+- exclude:
+        tags contain:
+            - debugging
+            - audit
diff --git a/suites/synthetics-javascript.qls b/suites/synthetics-javascript.qls
@@ -0,0 +1,56 @@
+# Use this query suite when looking to get the broadest coverage of security results from the CodeQL Built in packs and the GitHub Security Lab Community packs.
+# WARNING: A notable amount of false positives may be found in this configuration.  If you wish to reduce the number of false positives, use the default codeql suites :)
+# NOTE: This suite will not include audit level queries intended for gathering information about the codebase, and debugging queries intended for CodeQL developers.
+# NOTE: A suite cannot exclude directories from the scan.  Consider pairing with a codeql-config.yml that excludes unwanted folders with `paths-ignore`
+# NOTE: A suite cannot include library packs that contain data extensions.  Consider pairing with a codeql-config.yml that includes needed data models.
+
+# Run the following pack install commands to prime your workspace or run the analyze command using `--download` flag
+#codeql pack download codeql/javascript-queries
+#codeql pack download githubsecuritylab/codeql-javascript-queries
+
+# All queries from CodeQL built in query packs
+- queries: '.'
+  from: codeql/javascript-queries
+
+# Curated packs from community repos
+
+### GitHub Security Lab ###
+# Queries via Community Packs https://github.com/GitHubSecurityLab/CodeQL-Community-Packs (NOTE: the default suites do not include audit/debugging queries)
+- qlpack: githubsecuritylab/codeql-javascript-queries
+
+
+- include:
+          kind:
+              - problem
+              - path-problem
+          tags contain:
+              - security
+- include:
+        kind:
+            - diagnostic
+- include:
+        kind:
+            - metric
+        tags contain:
+            - summary
+- exclude:
+        deprecated: //
+- exclude:
+        query path:
+            # REMOVE exclude - OK even if they exist in experimental folder
+            #- /^experimental\/.*/
+            - Metrics/Summaries/FrameworkCoverage.ql
+            - /Diagnostics/Internal/.*/
+- exclude:
+        tags contain:
+            - modeleditor
+            - modelgenerator
+# Exclude audit queries from the CodeQL Built in packs
+- exclude:
+        id:
+            - javascript/untrusted-data-to-external-api
+# Remove debugging, and audit queries used by community packs (this is duplicative of the default suites from those community packs)
+- exclude:
+        tags contain:
+            - debugging
+            - audit
diff --git a/suites/synthetics-python.qls b/suites/synthetics-python.qls
@@ -0,0 +1,59 @@
+# Use this query suite when looking to get the broadest coverage of security results from the CodeQL Built in packs and the GitHub Security Lab Community packs.
+# WARNING: A notable amount of false positives may be found in this configuration.  If you wish to reduce the number of false positives, use the default codeql suites :)
+# NOTE: This suite will not include audit level queries intended for gathering information about the codebase, and debugging queries intended for CodeQL developers.
+# NOTE: A suite cannot exclude directories from the scan.  Consider pairing with a codeql-config.yml that excludes unwanted folders with `paths-ignore`
+# NOTE: A suite cannot include library packs that contain data extensions.  Consider pairing with a codeql-config.yml that includes needed data models.
+
+# Run the following pack install commands to prime your workspace or run the analyze command using `--download` flag
+#codeql pack download codeql/python-queries
+#codeql pack download githubsecuritylab/codeql-python-queries
+
+# All queries from CodeQL built in query packs
+- queries: '.'
+  from: codeql/python-queries
+
+# Curated packs from community repos
+
+### GitHub Security Lab ###
+# Queries via Community Packs https://github.com/GitHubSecurityLab/CodeQL-Community-Packs (NOTE: the default suites do not include audit/debugging queries)
+- qlpack: githubsecuritylab/codeql-python-queries
+
+# Queries via Community Packs that use local sources https://github.com/GitHubSecurityLab/CodeQL-Community-Packs
+- qlpack: githubsecuritylab/codeql-python-queries:suites/python-local.qls
+
+
+- include:
+          kind:
+              - problem
+              - path-problem
+          tags contain:
+              - security
+- include:
+        kind:
+            - diagnostic
+- include:
+        kind:
+            - metric
+        tags contain:
+            - summary
+- exclude:
+        deprecated: //
+- exclude:
+        query path:
+            # REMOVE exclude - OK even if they exist in experimental folder
+            #- /^experimental\/.*/
+            - Metrics/Summaries/FrameworkCoverage.ql
+            - /Diagnostics/Internal/.*/
+- exclude:
+        tags contain:
+            - modeleditor
+            - modelgenerator
+# Exclude audit queries from the CodeQL Built in packs
+- exclude:
+        id:
+            - python/untrusted-data-to-external-api
+# Remove debugging, and audit queries used by community packs (this is duplicative of the default suites from those community packs)
+- exclude:
+        tags contain:
+            - debugging
+            - audit
diff --git a/suites/synthetics-ruby.qls b/suites/synthetics-ruby.qls
