You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+33-33Lines changed: 33 additions & 33 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -65,23 +65,23 @@ are language specific and should typically be accessed by `import qtil.lang`, e.
65
65
66
66
## Supported Languages
67
67
68
-
- C/C++: ✅ available as `import qtil.Cpp` in pack `advanced-security/qtil-cpp`
69
-
- C#: ✅ available as `import qtil.CSharp` in pack `advanced-security/qtil-csharp`
70
-
- Go: ✅ available as `import qtil.Go` in pack `advanced-security/qtil-go`
71
-
- Java: ✅ available as `import qtil.Java` in pack `advanced-security/qtil-java`
72
-
- JavaScript: ✅ available as `import qtil.Javascript` in pack `advanced-security/qtil-javascript`
73
-
- Python: ✅ available as `import qtil.Python` in pack `advanced-security/qtil-python`
74
-
- Ruby: ✅ available as `import qtil.Ruby` in pack `advanced-security/qtil-ruby`
68
+
- C/C++: ✅ available as `import qtil.Cpp` in pack `advanced-security/qtil-cpp` — [docs](https://advanced-security.github.io/codeql-qtil/qtil/Cpp.qll/module.Cpp.html)
69
+
- C#: ✅ available as `import qtil.CSharp` in pack `advanced-security/qtil-csharp` — [docs](https://advanced-security.github.io/codeql-qtil/qtil/Csharp.qll/module.Csharp.html)
70
+
- Go: ✅ available as `import qtil.Go` in pack `advanced-security/qtil-go` — [docs](https://advanced-security.github.io/codeql-qtil/qtil/Go.qll/module.Go.html)
71
+
- Java: ✅ available as `import qtil.Java` in pack `advanced-security/qtil-java` — [docs](https://advanced-security.github.io/codeql-qtil/qtil/Java.qll/module.Java.html)
72
+
- JavaScript: ✅ available as `import qtil.Javascript` in pack `advanced-security/qtil-javascript` — [docs](https://advanced-security.github.io/codeql-qtil/qtil/Javascript.qll/module.Javascript.html)
73
+
- Python: ✅ available as `import qtil.Python` in pack `advanced-security/qtil-python` — [docs](https://advanced-security.github.io/codeql-qtil/qtil/Python.qll/module.Python.html)
74
+
- Ruby: ✅ available as `import qtil.Ruby` in pack `advanced-security/qtil-ruby` — [docs](https://advanced-security.github.io/codeql-qtil/qtil/Ruby.qll/module.Ruby.html)
75
75
- Rust: ❌ not yet available
76
-
- Swift: ✅ available as `import qtil.Swift` in pack `advanced-security/qtil-swift`
76
+
- Swift: ✅ available as `import qtil.Swift` in pack `advanced-security/qtil-swift` — [docs](https://advanced-security.github.io/codeql-qtil/qtil/Swift.qll/module.Swift.html)
77
77
- QL: ❌ not yet available
78
78
- other languages: ❌ not supported by CodeQL.
79
79
80
80
## Features
81
81
82
82
### Pairs, Tuples, and Products, oh my!
83
83
84
-
**Pair**: A class to hold some set of paired values of two distinct types.
84
+
[**Pair**](https://advanced-security.github.io/codeql-qtil/qtil/tuple/Pair.qll/module.Pair.html): A class to hold some set of paired values of two distinct types.
85
85
86
86
```ql
87
87
predicate nameAge(string name, int age) {
@@ -93,7 +93,7 @@ from Qtil::Pair<string, int, nameAge/2>::Pair pair
93
93
select pair.getFirst(), pair.getSecond()
94
94
```
95
95
96
-
**Tuple**: Like a pair, but supports more than two columns.
96
+
[**Tuple**](https://advanced-security.github.io/codeql-qtil/qtil/tuple/Tuple.qll/module.Tuple.html): Like a pair, but supports more than two columns.
97
97
98
98
```ql
99
99
predicate nameAgeCity(string name, int age, City city) {
@@ -105,7 +105,7 @@ from Qtil::Tuple3<string, int, City, nameAgeCity/3>::Tuple tuple
**Product**: A class to hold all combinations of values of two distinct types.
108
+
[**Product**](https://advanced-security.github.io/codeql-qtil/qtil/tuple/Product.qll/module.Product.html): A class to hold all combinations of values of two distinct types.
**Ordered**: Takes orderable data, and automatically adds `getPrevious()`, `getNext()` predicate members for ease of traversal.
118
+
[**Ordered**](https://advanced-security.github.io/codeql-qtil/qtil/list/Ordered.qll/module.Ordered.html): Takes orderable data, and automatically adds `getPrevious()`, `getNext()` predicate members for ease of traversal.
119
119
120
120
_Note: the `getOrder()` predicate should not have duplicates._
**CondensedList**: Like the `Ordered` class, but creates a separate `ListEntry` type rather than
147
+
[**CondensedList**](https://advanced-security.github.io/codeql-qtil/qtil/list/CondensedList.qll/module.CondensedList.html): Like the `Ordered` class, but creates a separate `ListEntry` type rather than
**join(sep, ...)**: The first argument is used as a separator to join the remaining two to eight arguments.
170
+
[**join(sep, ...)**](https://advanced-security.github.io/codeql-qtil/qtil/strings/Join.qll/module.Join.html): The first argument is used as a separator to join the remaining two to eight arguments.
171
171
172
172
This is not intended to replace the CodeQL `concat` aggregation, but rather, to be used in cases where aggregation is not desired.
173
173
@@ -176,7 +176,7 @@ This is not intended to replace the CodeQL `concat` aggregation, but rather, to
176
176
select Qtil::join(",", "a", "b", "c")
177
177
```
178
178
179
-
**Escape**: Provides a set of modules for escaping and unescaping strings.
179
+
[**Escape**](https://advanced-security.github.io/codeql-qtil/qtil/strings/Escape.qll/module.Escape.html): Provides a set of modules for escaping and unescaping strings.
180
180
181
181
_CAUTION: Be careful in applying this escaping, which has not yet been thoroughly tested or validated, to a sensitive security context._
Escaping characters will carefully escape and unescape themselves. See documentation on escape maps
197
197
to handle cases like turning newlines into `\n`, etc.
198
198
199
-
**Char**: A subtype of `int` that holds a character code, with members such as `toUppercase()`,
199
+
[**Char**](https://advanced-security.github.io/codeql-qtil/qtil/strings/Char.qll/module.Char.html): A subtype of `int` that holds a character code, with members such as `toUppercase()`,
200
200
`isLowercase()`, `isDigit()`, and `repeat(n)`.
201
201
202
202
```ql
@@ -206,15 +206,15 @@ where c.isStr("a") or c = charOf("b") or c = "0".codePointAt(0)
206
206
select b.toUppercase().toString()
207
207
```
208
208
209
-
See also the module `Chars` which defines standard nullary predicates that common characters, for
209
+
See also the module [`Chars`](https://advanced-security.github.io/codeql-qtil/qtil/strings/Chars.qll/module.Chars.html) which defines standard nullary predicates that common characters, for
210
210
instance, `Qtil::Chars::dollar()` holds for the result `"$"`,`Qtil::Chars::a()` holds for `"a"`, and `Qtil::Chars::upperA()` holds for `"A"`.
211
211
212
212
### ASTs:
213
213
214
214
The following modules are usable by importing `qtil.lang`, for instance, `qtil.cpp`. However, the
215
215
implementations are shared across languages and are available in a do-it-yourself way as well.
216
216
217
-
**TwoOperands**: A module to simplify checks that an operator uses two distinct operands in a
217
+
[**TwoOperands**](https://advanced-security.github.io/codeql-qtil/qtil/ast/TwoOperands.qll/module.TwoOperands.html): A module to simplify checks that an operator uses two distinct operands in a
**QlFormat** offers a way of formatting CodeQL query messages in a consistent way, with varying
245
+
[**QlFormat**](https://advanced-security.github.io/codeql-qtil/qtil/format/QLFormat.qll/module.QLFormat.html) offers a way of formatting CodeQL query messages in a consistent way, with varying
246
246
numbers of placeholders, via a template-like syntax. This module is useful for writing more
247
247
user-friendly messages for certain types of queries, with a cleaner query implementation.
248
248
@@ -290,7 +290,7 @@ This mixture of query results with different numbers of placeholders can be done
290
290
`QlFormat`features of qtil, but this approach can allow for much better readability and
291
291
maintainability of the query code.
292
292
293
-
**CustomPathProblem**: Allows users to create a query that has a custom trace through the source
293
+
[**CustomPathProblem**](https://advanced-security.github.io/codeql-qtil/qtil/locations/CustomPathProblem.qll/module.CustomPathProblem.html): Allows users to create a query that has a custom trace through the source
294
294
code. For example, CodeQL data flow `PathGraph` shows dataflow through a program. However, by using
295
295
this module, query authors can trace any path -- a call graph, inheritance chain, transitive
296
296
file imports, etc.
@@ -322,12 +322,12 @@ select end, start, end, "Transitive inclusion of banned_header.h from main.cpp"
322
322
```
323
323
324
324
If you wish to perform a path search such as the above, but without reporting problems, you can
325
-
use the `Qtil::GraphPathSearch` module instead, which provides an efficient search algorithm
325
+
use the [`Qtil::GraphPathSearch`](https://advanced-security.github.io/codeql-qtil/qtil/graph/GraphPathSearch.qll/module.GraphPathSearch.html) module instead, which provides an efficient search algorithm
326
326
without producing a `@kind path-problem` query.
327
327
328
328
### Inheritance
329
329
330
-
**Instance**: A module to make `instanceof` inheritance easier in CodeQL, by writing
330
+
[**Instance**](https://advanced-security.github.io/codeql-qtil/qtil/inheritance/Instance.qll/module.Instance.html): A module to make `instanceof` inheritance easier in CodeQL, by writing
331
331
`class Foo extends Qtil::Instanceof<Bar>::Type`, which automatically adds `toString()` and a
332
332
member `Bar inst()` to access the member predicates on the `Bar` parent class.
333
333
@@ -352,7 +352,7 @@ requires a finite type (standard CodeQL class type). However, infinite types (su
352
352
primitives) require special care, which `InfInstance` handles correctly, allowing
353
353
`bindingset[this] class OpaqueIntType extends Qtil::InfInstance<int>::Type {}`. See also `UnderlyingString`.
354
354
355
-
**Final**: A module to avoid creating final type alias declarations, which are required in
355
+
[**Final**](https://advanced-security.github.io/codeql-qtil/qtil/parameterization/Finalize.qll/module.Finalize.html): A module to avoid creating final type alias declarations, which are required in
356
356
some contexts, such as parameterized modules. Simply extend `Qtil::Final<T>::Type` instead of
357
357
declaring a final alias type.
358
358
@@ -365,7 +365,7 @@ final class FinalFoo = Foo;
365
365
class MyFoo2 extends FinalFoo { ... }
366
366
```
367
367
368
-
**UnderlyingString**: A class to support inheriting from string in order to create custom
368
+
[**UnderlyingString**](https://advanced-security.github.io/codeql-qtil/qtil/inheritance/UnderlyingString.qll/module.UnderlyingString.html): A class to support inheriting from string in order to create custom
369
369
infinite types with a hidden string representation.
370
370
371
371
```ql
@@ -377,7 +377,7 @@ class Person extends Qtil::UnderlyingString {
377
377
378
378
_Note: this class is effectively the same as `Qtil::InfInstance<string>::Type`, but uses the member `str()` to get the underlying string instead of the member `inst()`._
379
379
380
-
**Finitize**: A module to produce a finite type from an infinite type (such as `string`, `int`, or
380
+
[**Finitize**](https://advanced-security.github.io/codeql-qtil/qtil/inheritance/Finitize.qll/module.Finitize.html): A module to produce a finite type from an infinite type (such as `string`, `int`, or
381
381
`Qtil::InfInstance<string>::Type`, etc.) by providing predicate that constrains that infinite type.
382
382
383
383
```ql
@@ -397,18 +397,18 @@ infinite types in a query.
397
397
Location types in CodeQL are different types across languages. To use these classes, import
398
398
`qtil.lang` (for instance, `qtil.cpp`).
399
399
400
-
**StringLocation**: A class that supports the codification of any location as a string, which the
400
+
[**StringLocation**](https://advanced-security.github.io/codeql-qtil/qtil/locations/StringLocation.qll/module.StringLocation.html): A class that supports the codification of any location as a string, which the
401
401
CodeQL engine will use as a location when selected by a query. Also includes support to turn
402
402
existing locations into strings with `StringToLocation`, and support to finitize them at the point
403
403
where a query no longer must deal with an infinite set using the `Finitize` module.
404
404
405
-
**OptionalLocation**: A class that works much like `Option<Location>`, but that also implements the
405
+
[**OptionalLocation**](https://advanced-security.github.io/codeql-qtil/qtil/locations/OptionalLocation.qll/module.OptionalLocation.html): A class that works much like `Option<Location>`, but that also implements the
406
406
`hasLocation()` predicate which the CodeQL engine expects of a location. Allows queries to select
407
407
placeholder locations that may or may not exist.
408
408
409
-
**NullLocation**: An empty location.
409
+
[**NullLocation**](https://advanced-security.github.io/codeql-qtil/qtil/locations/NullLocation.qll/module.NullLocation.html): An empty location.
410
410
411
-
**Locatable**: A signature module that allows cross language support for locatable elements in a
411
+
[**Locatable**](https://advanced-security.github.io/codeql-qtil/qtil/locations/Locatable.qll/module.Locatable.html): A signature module that allows cross language support for locatable elements in a
412
412
query language, for instance C++ or Java.
413
413
414
414
This module, and `qtil` modules that depend on it, should already have preexisting
@@ -418,7 +418,7 @@ module allows you to add qtil support for new languages.
418
418
419
419
### Graphs
420
420
421
-
**GraphPathSearch**: A module for efficiently finding paths in custom directed graphs from a set of
421
+
[**GraphPathSearch**](https://advanced-security.github.io/codeql-qtil/qtil/graph/GraphPathSearch.qll/module.GraphPathSearch.html): A module for efficiently finding paths in custom directed graphs from a set of
422
422
starting nodes to a set of ending nodes. For performance, this module uses a pattern called "forward
423
423
reverse pruning," a pattern widely used in the CodeQL dataflow libraries.
424
424
@@ -444,7 +444,7 @@ For displaying the discovered paths to users, see the `CustomPathProblem` module
444
444
While codeql's `test run` subcommand is a great way to test queries, it can be better in some cases
445
445
to write a more traditional unit test for CodeQL libraries. Rather than selecting a set of outputs
446
446
in a query and then inspecting that the query result (in the `.expectations` file) makes sense, qtil
447
-
provides a library called "Qnit" for writing direct test cases with expectations, so that there's
447
+
provides a library called ["Qnit"](https://advanced-security.github.io/codeql-qtil/qtil/testing/Qnit.qll/module.Qnit.html) for writing direct test cases with expectations, so that there's
448
448
better cohesion between a test case and its expected output.
449
449
450
450
To use Qnit, import the `qtil.testing.Qnit` module, and create a test class that extends
@@ -486,7 +486,7 @@ See the README in the `qtil.testing` directory for more information on how to us
486
486
487
487
### Parameterization
488
488
489
-
**SignaturePredicates.qll** defines modules for creating signature predicates without separate
489
+
[**SignaturePredicates.qll**](https://advanced-security.github.io/codeql-qtil/qtil/parameterization/SignaturePredicates.qll/module.SignaturePredicates.html) defines modules for creating signature predicates without separate
490
490
signature predicate declarations.
491
491
492
492
Rather than writing:
@@ -528,7 +528,7 @@ The declared predicate signatures look as follows:
528
528
string, and an int result.
529
529
- etc., for `Ternary`, `Quaternary`, and up to `Senary` (six parameter) predicates.
530
530
531
-
**SignatureTypes.qll** contains various baseline signature types to aid in writing correct
531
+
[**SignatureTypes.qll**](https://advanced-security.github.io/codeql-qtil/qtil/parameterization/SignatureTypes.qll/module.SignatureTypes.html) contains various baseline signature types to aid in writing correct
532
532
parameterized modules, as well as a utility to create a signature type from any existing type.
0 commit comments