Merge pull request #12557 from felickz/patch-1

RasmusWL · web-flow · commit 377c6b4cc805 · 2024-04-30T13:48:22.000+02:00
add  security-severity score to code scanning query list
diff --git a/misc/scripts/generate-code-scanning-query-list.py b/misc/scripts/generate-code-scanning-query-list.py
@@ -8,7 +8,7 @@
 
 """
 This script collects CodeQL queries that are part of code scanning query packs
-and prints CSV data to stdout that describes which packs contain which queries.
+and prints CSV data to stdout that describes which suites in the pack contain which queries.
 
 Errors are printed to stderr. This script requires that 'git' and 'codeql' commands
 are on the PATH. It'll try to automatically set the CodeQL search path correctly,
@@ -159,7 +159,7 @@ def subprocess_run(cmd):
         csvwriter = csv.writer(sys.stdout)
         csvwriter.writerow([
             "Query filename", "Suite", "Query name", "Query ID",
-            "Kind", "Severity", "Precision", "Tags"
+            "Kind", "Severity", "Precision", "Tags", "Security score"
         ])
 
         # Iterate over all languages and packs, and resolve which queries are part of those packs
@@ -198,5 +198,6 @@ def subprocess_run(cmd):
                         get_query_metadata('kind', meta, queryfile_nwo),
                         get_query_metadata('problem.severity', meta, queryfile_nwo),
                         get_query_metadata('precision', meta, queryfile_nwo),
-                        get_query_metadata('tags', meta, queryfile_nwo)
+                        get_query_metadata('tags', meta, queryfile_nwo),
+                        get_query_metadata('security-severity', meta, queryfile_nwo),
                     ])
