add more code-scanning suites

robertbrignull · robertbrignull · commit 6e0552c0745b · 2020-06-01T11:45:46.000+01:00
diff --git a/cpp/ql/src/codeql-suites/cpp-code-scanning.qls b/cpp/ql/src/codeql-suites/cpp-code-scanning.qls
@@ -2,3 +2,5 @@
 - qlpack: codeql-cpp
 - apply: code-scanning-selectors.yml
   from: codeql-suite-helpers
+- apply: codeql-suites/slow-queries.yml
+  from: codeql-cpp
diff --git a/cpp/ql/src/codeql-suites/cpp-lgtm-full.qls b/cpp/ql/src/codeql-suites/cpp-lgtm-full.qls
@@ -2,16 +2,8 @@
 - qlpack: codeql-cpp
 - apply: lgtm-selectors.yml
   from: codeql-suite-helpers
-# These queries are infeasible to compute on large projects:
-- exclude:
-    query path:
-      - Security/CWE/CWE-497/ExposedSystemData.ql
-      - Critical/DescriptorMayNotBeClosed.ql
-      - Critical/DescriptorNeverClosed.ql
-      - Critical/FileMayNotBeClosed.ql
-      - Critical/FileNeverClosed.ql
-      - Critical/MemoryMayNotBeFreed.ql
-      - Critical/MemoryNeverFreed.ql
+- apply: codeql-suites/slow-queries.yml
+  from: codeql-cpp 
 # These are only for IDE use.
 - exclude:
     tags contain:
diff --git a/cpp/ql/src/codeql-suites/cpp-security-and-quality.qls b/cpp/ql/src/codeql-suites/cpp-security-and-quality.qls
@@ -0,0 +1,6 @@
+- description: Security-and-quality queries for C and C++
+- qlpack: codeql-cpp
+- apply: security-and-quality-selectors.yml
+  from: codeql-suite-helpers
+- apply: codeql-suites/slow-queries.yml
+  from: codeql-cpp
diff --git a/cpp/ql/src/codeql-suites/cpp-security-extended.qls b/cpp/ql/src/codeql-suites/cpp-security-extended.qls
@@ -0,0 +1,6 @@
+- description: Security-extended queries for C and C++
+- qlpack: codeql-cpp
+- apply: security-extended-selectors.yml
+  from: codeql-suite-helpers
+- apply: codeql-suites/slow-queries.yml
+  from: codeql-cpp
diff --git a/cpp/ql/src/codeql-suites/slow-queries.yml b/cpp/ql/src/codeql-suites/slow-queries.yml
@@ -0,0 +1,11 @@
+- description: C/C++ queries are infeasible to compute on large projects
+# These queries are infeasible to compute on large projects:
+- exclude:
+    query path:
+      - Security/CWE/CWE-497/ExposedSystemData.ql
+      - Critical/DescriptorMayNotBeClosed.ql
+      - Critical/DescriptorNeverClosed.ql
+      - Critical/FileMayNotBeClosed.ql
+      - Critical/FileNeverClosed.ql
+      - Critical/MemoryMayNotBeFreed.ql
+      - Critical/MemoryNeverFreed.ql
diff --git a/csharp/ql/src/codeql-suites/csharp-security-and-quality.qls b/csharp/ql/src/codeql-suites/csharp-security-and-quality.qls
@@ -0,0 +1,4 @@
+- description: Security-and-quality queries for C#
+- qlpack: codeql-csharp
+- apply: security-and-quality-selectors.yml
+  from: codeql-suite-helpers
diff --git a/csharp/ql/src/codeql-suites/csharp-security-extended.qls b/csharp/ql/src/codeql-suites/csharp-security-extended.qls
@@ -0,0 +1,4 @@
+- description: Security-extended queries for C#
+- qlpack: codeql-csharp
+- apply: security-extended-selectors.yml
+  from: codeql-suite-helpers
diff --git a/java/ql/src/codeql-suites/java-security-and-quality.qls b/java/ql/src/codeql-suites/java-security-and-quality.qls
@@ -0,0 +1,4 @@
+- description: Security-and-quality queries for Java
+- qlpack: codeql-java
+- apply: security-and-quality-selectors.yml
+  from: codeql-suite-helpers
diff --git a/java/ql/src/codeql-suites/java-security-extended.qls b/java/ql/src/codeql-suites/java-security-extended.qls
@@ -0,0 +1,4 @@
+- description: Security-extended queries for Java
+- qlpack: codeql-java
+- apply: security-extended-selectors.yml
+  from: codeql-suite-helpers
diff --git a/javascript/ql/src/codeql-suites/javascript-security-and-quality.qls b/javascript/ql/src/codeql-suites/javascript-security-and-quality.qls
@@ -0,0 +1,4 @@
+- description: Security-and-quality queries for JavaScript
+- qlpack: codeql-javascript
+- apply: security-and-quality-selectors.yml
+  from: codeql-suite-helpers
diff --git a/javascript/ql/src/codeql-suites/javascript-security-extended.qls b/javascript/ql/src/codeql-suites/javascript-security-extended.qls
@@ -0,0 +1,4 @@
+- description: Security-extended queries for JavaScript
+- qlpack: codeql-javascript
+- apply: security-extended-selectors.yml
+  from: codeql-suite-helpers
diff --git a/misc/suite-helpers/security-and-quality-selectors.yml b/misc/suite-helpers/security-and-quality-selectors.yml
@@ -0,0 +1,18 @@
+- description: Selectors for selecting the security-and-quality queries for a language
+- include:
+    kind:
+    - problem
+    - path-problem
+    precision:
+    - high
+    - very-high
+- include:
+    kind:
+    - problem
+    - path-problem
+    precision: medium
+    problem.severity:
+      - error
+      - warning
+- exclude:
+    deprecated: //
diff --git a/misc/suite-helpers/security-extended-selectors.yml b/misc/suite-helpers/security-extended-selectors.yml
@@ -0,0 +1,24 @@
+- description: Selectors for selecting the security-extended queries for a language
+- include:
+    kind:
+    - problem
+    - path-problem
+    precision:
+    - high
+    - very-high
+    tags contain:
+    - security
+- include:
+    kind:
+    - problem
+    - path-problem
+    precision:
+    - medium
+    problem.severity:
+    - error
+    - warning
+    tags contain:
+    - security
+- exclude:
+    deprecated: //
+
diff --git a/python/ql/src/codeql-suites/python-security-and-quality.qls b/python/ql/src/codeql-suites/python-security-and-quality.qls
@@ -0,0 +1,4 @@
+- description: Security-and-quality queries for Python
+- qlpack: codeql-python
+- apply: security-and-quality-selectors.yml
+  from: codeql-suite-helpers
diff --git a/python/ql/src/codeql-suites/python-security-extended.qls b/python/ql/src/codeql-suites/python-security-extended.qls
@@ -0,0 +1,4 @@
+- description: Security-extended queries for Python
+- qlpack: codeql-python
+- apply: security-extended-selectors.yml
+  from: codeql-suite-helpers
