docs-bot
@@ -54,11 +54,9 @@ The basic {% data variables.code-scanning.codeql_workflow %} uses the `autobuild
|
||||
|
||||
## {% data variables.product.prodname_codeql %} build modes
|
||||
|
||||
{% data reusables.code-scanning.beta-no-build %}
|
||||
|
||||
The {% data variables.product.prodname_codeql %} action supports three different build modes for compiled languages:
|
||||
|
||||
* `none` - the {% data variables.product.prodname_codeql %} database is created directly from the codebase without building the codebase (supported for all interpreted languages, and additionally supported in beta for {% data variables.code-scanning.no_build_support %}).
|
||||
* `none` - the {% data variables.product.prodname_codeql %} database is created directly from the codebase without building the codebase (supported for all interpreted languages, and additionally supported for {% data variables.code-scanning.no_build_support %}).
|
||||
* `autobuild` - {% data variables.product.prodname_codeql %} detects the most likely build method and uses this to attempt to build the codebase and create a database for analysis (supported for all compiled languages).
|
||||
* `manual` - you define the build steps to use for the codebase in the workflow (supported for all compiled languages).
|
||||
|
||||
@@ -143,7 +141,7 @@ To use `autobuild` or manual build steps, you can use advanced setup.
|
||||
|
||||
The {% data variables.product.prodname_codeql %} action uses `autobuild` to analyze compiled languages in the following cases.
|
||||
|
||||
* Default setup is enabled{% ifversion codeql-no-build %} and the language does not support `none` build (beta release supported for {% data variables.code-scanning.no_build_support %}).
|
||||
* Default setup is enabled{% ifversion codeql-no-build %} and the language does not support `none` build (supported for {% data variables.code-scanning.no_build_support %}).
|
||||
* Advanced setup is enabled and the workflow specifies `build-mode: autobuild`{% endif %}.
|
||||
* Advanced setup is enabled and the workflow has an Autobuild step for the language using the `autobuild` action (`{% data reusables.actions.action-codeql-action-autobuild %}`).
|
||||
|
||||
@@ -454,6 +452,13 @@ Creating a {% data variables.product.prodname_codeql %} Java database without a
|
||||
* Gradle or Maven build scripts cannot be queried for dependency information, and dependency guesses (based on Java package names) are inaccurate.
|
||||
* The repository normally generates code during the build process. This would be analyzed if you created the {% data variables.product.prodname_codeql %} database using a different mode.
|
||||
|
||||
You can ensure a more accurate analysis by taking the following steps:
|
||||
|
||||
* Provide access to the public internet or ensure that access to a private artifact repository is available.
|
||||
* Check whether the repository requires multiple versions of the same dependency. {% data variables.product.prodname_codeql %} can use only one version and usually chooses the newer version where there are multiple versions. This approach may not work for all repositories.
|
||||
* Check whether more than one version of the JDK API is required by different source Java files. When multiple versions are seen, {% data variables.product.prodname_codeql %} will use the highest version required by any build script. This may mean that some files that require a lower version of the JDK will be partially analyzed. For example, if some files require JDK 8 but a JDK 17 requirement is found in one or more build scripts, {% data variables.product.prodname_codeql %} will use JDK 17. Any files that require JDK 8 and could not be built using JDK 17 will be partially analyzed.
|
||||
* Avoid colliding class names (for example, multiple files defining `org.myproject.Test`), otherwise this may cause missing method call targets, which has an impact on dataflow analysis.
|
||||
|
||||
### Autobuild summary for Java{% endif %}
|
||||
|
||||
| Supported system type | System name |
|
||||
|
||||
@@ -2,13 +2,11 @@
|
||||
title: 'Warning: Detected X Kotlin files in your project that could not be processed without a build'
|
||||
shortTitle: Kotlin detected in no build
|
||||
allowTitleToDifferFromFilename: true
|
||||
intro: '{% data variables.product.prodname_codeql %} databases can be created for {% data variables.code-scanning.no_build_support %} without building the code, but Kotlin files are excluded unless the code is built.'
|
||||
intro: '{% data variables.product.prodname_codeql %} databases can be created for Java without building the code, but Kotlin files are excluded unless the code is built.'
|
||||
versions:
|
||||
feature: codeql-no-build
|
||||
---
|
||||
|
||||
{% data reusables.code-scanning.beta-no-build %}
|
||||
|
||||
## About this warning
|
||||
|
||||
```text
|
||||
@@ -21,7 +19,7 @@ This warning is reported when Kotlin files are detected in a repository that ran
|
||||
|
||||
This warning is only displayed when the build mode of `none` is used for a repository with both Java and Kotlin files.
|
||||
|
||||
The {% data variables.product.prodname_codeql %} action and {% data variables.product.prodname_codeql_cli %} support a build mode of `none` for {% data variables.code-scanning.no_build_support %}. This provides an easy way to enable analysis for Java code without building the codebase. However, Kotlin files are not included in the resulting {% data variables.product.prodname_codeql %} database.
|
||||
The {% data variables.product.prodname_codeql %} action and {% data variables.product.prodname_codeql_cli %} support a build mode of `none` for Java. This provides an easy way to enable analysis for Java code without building the codebase. However, Kotlin files are not included in the resulting {% data variables.product.prodname_codeql %} database.
|
||||
|
||||
You can verify the presence of Kotlin files by looking at the repository or pull request that triggered the warning. The `none` build mode is used only in the following circumstances:
|
||||
|
||||
|
||||
@@ -77,7 +77,7 @@ You can specify additional options depending on the location of your source file
|
||||
| {% endif %} |
|
||||
| <code><span style="white-space: nowrap;">--command</span></code> | {% octicon "x" aria-label="Optional" %} | **Recommended.** Use to specify the build command or script that invokes the build process for the codebase. Commands are run from the current folder or, where it is defined, from <code><span style="white-space: nowrap;">--source-root</span></code>. Not needed for Python and JavaScript/TypeScript analysis. |
|
||||
| {% ifversion codeql-no-build %} |
|
||||
| <code><span style="white-space: nowrap;">--build-mode</span></code> | {% octicon "x" aria-label="Optional" %} | **Beta.** Use for {% data variables.code-scanning.no_build_support %} when not providing a `--command` to specify whether to create a CodeQL database without a build (`none`) or by attempting to automatically detect a build command (`autobuild`). By default, autobuild detection is used. For a comparison of build modes, see "[CodeQL build modes](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#codeql-build-modes)." |
|
||||
| <code><span style="white-space: nowrap;">--build-mode</span></code> | {% octicon "x" aria-label="Optional" %} | **Recommended.** Use for {% data variables.code-scanning.no_build_support %} when not providing a `--command` to specify whether to create a CodeQL database without a build (`none`) or by attempting to automatically detect a build command (`autobuild`). By default, autobuild detection is used. For a comparison of build modes, see "[CodeQL build modes](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#codeql-build-modes)." |
|
||||
| {% endif %} |
|
||||
| <code><span style="white-space: nowrap;">--db-cluster</span></code> | {% octicon "x" aria-label="Optional" %} | Use in multi-language codebases to generate one database for each language specified by <code><span style="white-space: nowrap;">--language</span></code>. |
|
||||
| <code><span style="white-space: nowrap;">--no-run-unnecessary-builds</span></code> | {% octicon "x" aria-label="Optional" %} | **Recommended.** Use to suppress the build command for languages where the {% data variables.product.prodname_codeql_cli %} does not need to monitor the build (for example, Python and JavaScript/TypeScript). |
|
||||
@@ -195,8 +195,6 @@ Here, we have specified a `--source-root` path, which is the location where data
|
||||
|
||||
## Creating databases for compiled languages
|
||||
|
||||
{% data reusables.code-scanning.beta-no-build-cli %}
|
||||
|
||||
For {% ifversion codeql-no-build %}most{% endif %} compiled languages, {% data variables.product.prodname_codeql %} needs to invoke the required build system to generate a database, therefore the build method must be available to the CLI. This approach creates databases that include generated code. {% data variables.product.prodname_codeql %} has two methods for building codebases:
|
||||
|
||||
* "[Automatic build detection (autobuild)](#automatically-detecting-the-build-system)"
|
||||
|
||||
@@ -29,7 +29,7 @@ The model editor has two different modes:
|
||||
|
||||
* **Dependency mode**: The editor identifies all of the publicly accessible APIs in the selected {% data variables.product.prodname_codeql %} database. This view guides you through modeling each public API that the codebase makes available. When you have finished modeling the entire API, you can save the model and use it to improve the {% data variables.product.prodname_codeql %} analysis for all codebases that use the dependency.
|
||||
|
||||
The rest of this article covers the practical aspects of modelling dependencies using the {% data variables.product.prodname_codeql %} model editor. For technical information, see [Customizing library models for Java and Kotlin](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-java-and-kotlin/){% ifversion fpt or ghec or ghes > 3.12 %}, [Customizing Library Models for Ruby](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-ruby/), and [Customizing library models for C#](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-csharp/){% endif %} in the {% data variables.product.prodname_codeql %} language documentation.
|
||||
The rest of this article covers the practical aspects of modelling dependencies using the {% data variables.product.prodname_codeql %} model editor. For technical information, see [Customizing library models for Java and Kotlin](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-java-and-kotlin/){% ifversion fpt or ghec or ghes > 3.14 %}, [Customizing Library Models for Python](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-python/), [Customizing Library Models for Ruby](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-ruby/), and [Customizing library models for C#](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-csharp/){% elsif ghes > 3.12 %}, [Customizing Library Models for Ruby](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-ruby/), and [Customizing library models for C#](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-csharp/){% endif %} in the {% data variables.product.prodname_codeql %} language documentation.
|
||||
|
||||
## Displaying the {% data variables.product.prodname_codeql %} model editor
|
||||
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
# Reference: #11599 Java, #13332 Java and C#, #13659 Java, C#, and Ruby
|
||||
# Reference: #11599 Java, #13332 Java and C#, #13659 Java, C#, and Ruby, #15116 Java, C#, Python, and Ruby
|
||||
|
||||
versions:
|
||||
fpt: '*'
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
# Reference: #14183 (Add C# to existing Java support)
|
||||
# Note: This feature is currently in beta and will move to GA for all versions at the same time (see #14184)
|
||||
|
||||
versions:
|
||||
fpt: '*'
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
# Reference: #12924 (Java)
|
||||
# Reference: #12924 (Java beta)
|
||||
# Reference: #14184 (Java GA)
|
||||
|
||||
versions:
|
||||
fpt: '*'
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
{% note %}
|
||||
|
||||
**Note:** {% data variables.product.prodname_codeql %} model packs and the {% data variables.product.prodname_codeql %} model editor are currently in beta and subject to change. During the beta, model packs are supported only by {% data variables.code-scanning.codeql_model_packs_support %} analysis.
|
||||
**Note:** {% data variables.product.prodname_codeql %} model packs and the {% data variables.product.prodname_codeql %} model editor are currently in beta and subject to change. Model packs are supported by {% data variables.code-scanning.codeql_model_packs_support %} analysis.
|
||||
|
||||
{% endnote %}
|
||||
|
||||
|
||||
@@ -1,9 +0,0 @@
|
||||
{% ifversion codeql-no-build %}
|
||||
|
||||
{% note %}
|
||||
|
||||
**Note:** The option to create a {% data variables.product.prodname_codeql %} database for a compiled language without building it is currently in beta and subject to change. During the beta, this option is supported only for {% data variables.code-scanning.no_build_support %} codebases.
|
||||
|
||||
{% endnote %}
|
||||
|
||||
{% endif %}
|
||||
@@ -1,9 +0,0 @@
|
||||
{% ifversion codeql-no-build %}
|
||||
|
||||
{% note %}
|
||||
|
||||
**Note:** The option to analyze a compiled language without building it using {% data variables.product.prodname_codeql %} is currently in beta and subject to change. During the beta, this option is supported only for {% data variables.code-scanning.no_build_support %} codebases.
|
||||
|
||||
{% endnote %}
|
||||
|
||||
{% endif %}
|
||||
@@ -41,6 +41,7 @@
|
||||
| [Uncontrolled data used in OS command](https://codeql.github.com/codeql-query-help/cpp/cpp-command-line-injection/) | 078, 088 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
|
||||
| [Uncontrolled format string](https://codeql.github.com/codeql-query-help/cpp/cpp-tainted-format-string/) | 134 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
|
||||
| [Unsafe use of this in constructor](https://codeql.github.com/codeql-query-help/cpp/cpp-unsafe-use-of-this/) | 670 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
|
||||
| [Unsigned difference expression compared to zero](https://codeql.github.com/codeql-query-help/cpp/cpp-unsigned-difference-expression-compared-zero/) | 191 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
|
||||
| [Upcast array used in pointer arithmetic](https://codeql.github.com/codeql-query-help/cpp/cpp-upcast-array-pointer-arithmetic/) | 119, 843 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
|
||||
| [Use of a broken or risky cryptographic algorithm](https://codeql.github.com/codeql-query-help/cpp/cpp-weak-cryptographic-algorithm/) | 327 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
|
||||
| [Use of a cryptographic algorithm with insufficient key size](https://codeql.github.com/codeql-query-help/cpp/cpp-insufficient-key-size/) | 326 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
|
||||
@@ -84,7 +85,6 @@
|
||||
| [Unbounded write](https://codeql.github.com/codeql-query-help/cpp/cpp-unbounded-write/) | 120, 787, 805 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
|
||||
| [Uncontrolled data used in path expression](https://codeql.github.com/codeql-query-help/cpp/cpp-path-injection/) | 022, 023, 036, 073 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
|
||||
| [Uncontrolled process operation](https://codeql.github.com/codeql-query-help/cpp/cpp-uncontrolled-process-operation/) | 114 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
|
||||
| [Unsigned difference expression compared to zero](https://codeql.github.com/codeql-query-help/cpp/cpp-unsigned-difference-expression-compared-zero/) | 191 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
|
||||
| [Unterminated variadic call](https://codeql.github.com/codeql-query-help/cpp/cpp-unterminated-variadic-call/) | 121 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
|
||||
| [Untrusted input for a condition](https://codeql.github.com/codeql-query-help/cpp/cpp-tainted-permissions-check/) | 807 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
|
||||
| [Use of potentially dangerous function](https://codeql.github.com/codeql-query-help/cpp/cpp-potentially-dangerous-function/) | 676 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
|
||||
|
||||
@@ -30,6 +30,7 @@
|
||||
| [Improper verification of intent by broadcast receiver](https://codeql.github.com/codeql-query-help/java/java-improper-intent-verification/) | 925 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
|
||||
| [Inefficient regular expression](https://codeql.github.com/codeql-query-help/java/java-redos/) | 1333, 730, 400 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
|
||||
| [Information exposure through a stack trace](https://codeql.github.com/codeql-query-help/java/java-stack-trace-exposure/) | 209, 497 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
|
||||
| [Information exposure through an error message](https://codeql.github.com/codeql-query-help/java/java-error-message-exposure/) | 209 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
|
||||
| [Insecure Bean Validation](https://codeql.github.com/codeql-query-help/java/java-insecure-bean-validation/) | 094 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
|
||||
| [Insecure LDAP authentication](https://codeql.github.com/codeql-query-help/java/java-insecure-ldap-auth/) | 522, 319 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
|
||||
| [Insecure local authentication](https://codeql.github.com/codeql-query-help/java/java-android-insecure-local-authentication/) | 287 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
|
||||
|
||||
@@ -31,7 +31,7 @@
|
||||
| [Hard-coded credentials](https://codeql.github.com/codeql-query-help/javascript/js-hardcoded-credentials/) | 259, 321, 798 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
|
||||
| [Host header poisoning in email generation](https://codeql.github.com/codeql-query-help/javascript/js-host-header-forgery-in-email-generation/) | 640 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
|
||||
| [Improper code sanitization](https://codeql.github.com/codeql-query-help/javascript/js-bad-code-sanitization/) | 094, 079, 116 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
|
||||
| [Inclusion of functionality from an untrusted source](https://codeql.github.com/codeql-query-help/javascript/js-functionality-from-untrusted-source/) | 830 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
|
||||
| [Inclusion of functionality from an untrusted source](https://codeql.github.com/codeql-query-help/javascript/js-functionality-from-untrusted-source/) | 830 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
|
||||
| [Incomplete HTML attribute sanitization](https://codeql.github.com/codeql-query-help/javascript/js-incomplete-html-attribute-sanitization/) | 079, 116, 020 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
|
||||
| [Incomplete multi-character sanitization](https://codeql.github.com/codeql-query-help/javascript/js-incomplete-multi-character-sanitization/) | 020, 080, 116 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
|
||||
| [Incomplete regular expression for hostnames](https://codeql.github.com/codeql-query-help/javascript/js-incomplete-hostname-regexp/) | 020 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
|
||||
|
||||
@@ -8,6 +8,7 @@
|
||||
| [Clear-text logging of sensitive information](https://codeql.github.com/codeql-query-help/python/py-clear-text-logging-sensitive-data/) | 312, 359, 532 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
|
||||
| [Clear-text storage of sensitive information](https://codeql.github.com/codeql-query-help/python/py-clear-text-storage-sensitive-data/) | 312, 315, 359 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
|
||||
| [Code injection](https://codeql.github.com/codeql-query-help/python/py-code-injection/) | 094, 095, 116 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
|
||||
| [Construction of a cookie using user-supplied input](https://codeql.github.com/codeql-query-help/python/py-cookie-injection/) | 20 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
|
||||
| [CSRF protection weakened or disabled](https://codeql.github.com/codeql-query-help/python/py-csrf-protection-disabled/) | 352 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
|
||||
| [Default version of SSL/TLS may be insecure](https://codeql.github.com/codeql-query-help/python/py-insecure-default-protocol/) | 327 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
|
||||
| [Deserialization of user-controlled data](https://codeql.github.com/codeql-query-help/python/py-unsafe-deserialization/) | 502 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
|
||||
|
||||
@@ -35,6 +35,7 @@
|
||||
| [Use of `Kernel.open` or `IO.read` or similar sinks with a non-constant value](https://codeql.github.com/codeql-query-help/ruby/rb-non-constant-kernel-open/) | 078, 088, 073 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
|
||||
| [Use of `Kernel.open`, `IO.read` or similar sinks with user-controlled input](https://codeql.github.com/codeql-query-help/ruby/rb-kernel-open/) | 078, 088, 073 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
|
||||
| [Use of a broken or weak cryptographic algorithm](https://codeql.github.com/codeql-query-help/ruby/rb-weak-cryptographic-algorithm/) | 327 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
|
||||
| [Use of a broken or weak cryptographic hashing algorithm on sensitive data](https://codeql.github.com/codeql-query-help/ruby/rb-weak-sensitive-data-hashing/) | 327, 328, 916 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
|
||||
| [Use of externally-controlled format string](https://codeql.github.com/codeql-query-help/ruby/rb-tainted-format-string/) | 134 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
|
||||
| [Weak cookie configuration](https://codeql.github.com/codeql-query-help/ruby/rb-weak-cookie-configuration/) | 732, 1275 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
|
||||
| [XML external entity expansion](https://codeql.github.com/codeql-query-help/ruby/rb-xxe/) | 611, 776, 827 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
|
||||
|
||||
@@ -7,13 +7,13 @@ codeql_workflow: 'CodeQL analysis workflow'
|
||||
tool_status_page: 'tool status page'
|
||||
|
||||
# List of compiled languages supported for `no-build` extraction
|
||||
no_build_support: 'Java{% ifversion codeql-no-build-csharp %} and C#{% endif %}'
|
||||
no_build_support: '{% ifversion codeql-no-build-csharp %}C# (beta) and{% endif %} Java'
|
||||
|
||||
# List of compiled languages
|
||||
compiled_languages: 'C/C++, C#, {% ifversion codeql-go-autobuild %} Go,{% endif %} Java, and Swift'
|
||||
|
||||
# List of languages where the libraries support expansion using CodeQL model packs at the repository level.
|
||||
codeql_model_packs_support: '{% ifversion fpt or ghec or ghes > 3.12 %}C#, Java/Kotlin, and Ruby{% elsif ghes > 3.10 %}Java/Kotlin{% endif %}'
|
||||
codeql_model_packs_support: '{% ifversion fpt or ghec or ghes > 3.14 %}C#, Java/Kotlin, Python, and Ruby{% elsif ghes > 3.12 %}C#, Java/Kotlin, and Ruby{% elsif ghes > 3.10 %}Java/Kotlin{% endif %}'
|
||||
|
||||
# List of that allow threat models to be configurable for code scanning
|
||||
code_scanning_threat_model_support: 'Java/Kotlin{% ifversion fpt or ghec or ghes > 3.12 %} and C#{% endif %}'
|
||||
|
||||
Reference in New Issue
Block a user