From cbcf85a9532f5680a6a00f590faf5b5ae554f07d Mon Sep 17 00:00:00 2001 From: Asger F Date: Fri, 26 Jun 2026 12:00:26 +0200 Subject: [PATCH 1/3] unified: Add standard query suites The suites include 'Unified' in their name. It sounds a bit off but it might cause confusion if we don't include some kind of language name in there. --- .../ql/src/codeql-suites/unified-code-quality-extended.qls | 3 +++ unified/ql/src/codeql-suites/unified-code-quality.qls | 3 +++ unified/ql/src/codeql-suites/unified-code-scanning.qls | 4 ++++ unified/ql/src/codeql-suites/unified-security-and-quality.qls | 4 ++++ .../ql/src/codeql-suites/unified-security-experimental.qls | 4 ++++ unified/ql/src/codeql-suites/unified-security-extended.qls | 4 ++++ 6 files changed, 22 insertions(+) create mode 100644 unified/ql/src/codeql-suites/unified-code-quality-extended.qls create mode 100644 unified/ql/src/codeql-suites/unified-code-quality.qls create mode 100644 unified/ql/src/codeql-suites/unified-code-scanning.qls create mode 100644 unified/ql/src/codeql-suites/unified-security-and-quality.qls create mode 100644 unified/ql/src/codeql-suites/unified-security-experimental.qls create mode 100644 unified/ql/src/codeql-suites/unified-security-extended.qls diff --git a/unified/ql/src/codeql-suites/unified-code-quality-extended.qls b/unified/ql/src/codeql-suites/unified-code-quality-extended.qls new file mode 100644 index 000000000000..1ee85cae856c --- /dev/null +++ b/unified/ql/src/codeql-suites/unified-code-quality-extended.qls @@ -0,0 +1,3 @@ +- queries: . +- apply: code-quality-extended-selectors.yml + from: codeql/suite-helpers diff --git a/unified/ql/src/codeql-suites/unified-code-quality.qls b/unified/ql/src/codeql-suites/unified-code-quality.qls new file mode 100644 index 000000000000..2074f9378cfd --- /dev/null +++ b/unified/ql/src/codeql-suites/unified-code-quality.qls @@ -0,0 +1,3 @@ +- queries: . +- apply: code-quality-selectors.yml + from: codeql/suite-helpers diff --git a/unified/ql/src/codeql-suites/unified-code-scanning.qls b/unified/ql/src/codeql-suites/unified-code-scanning.qls new file mode 100644 index 000000000000..2a46a1604c3d --- /dev/null +++ b/unified/ql/src/codeql-suites/unified-code-scanning.qls @@ -0,0 +1,4 @@ +- description: Standard Code Scanning queries for Unified +- queries: . +- apply: code-scanning-selectors.yml + from: codeql/suite-helpers diff --git a/unified/ql/src/codeql-suites/unified-security-and-quality.qls b/unified/ql/src/codeql-suites/unified-security-and-quality.qls new file mode 100644 index 000000000000..255b6082c8bc --- /dev/null +++ b/unified/ql/src/codeql-suites/unified-security-and-quality.qls @@ -0,0 +1,4 @@ +- description: Security-and-quality queries for Unified +- queries: . +- apply: security-and-quality-selectors.yml + from: codeql/suite-helpers diff --git a/unified/ql/src/codeql-suites/unified-security-experimental.qls b/unified/ql/src/codeql-suites/unified-security-experimental.qls new file mode 100644 index 000000000000..d94d4fcae6a6 --- /dev/null +++ b/unified/ql/src/codeql-suites/unified-security-experimental.qls @@ -0,0 +1,4 @@ +- description: Extended and experimental security queries for Unified +- queries: . +- apply: security-experimental-selectors.yml + from: codeql/suite-helpers diff --git a/unified/ql/src/codeql-suites/unified-security-extended.qls b/unified/ql/src/codeql-suites/unified-security-extended.qls new file mode 100644 index 000000000000..fc6446d8fed4 --- /dev/null +++ b/unified/ql/src/codeql-suites/unified-security-extended.qls @@ -0,0 +1,4 @@ +- description: Security-extended queries for Unified +- queries: . +- apply: security-extended-selectors.yml + from: codeql/suite-helpers From 8d564d31e619116cde2681deec4ae3a429b9673d Mon Sep 17 00:00:00 2001 From: Asger F Date: Fri, 26 Jun 2026 15:07:26 +0200 Subject: [PATCH 2/3] unified: Add default_queries --- unified/codeql-extractor.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/unified/codeql-extractor.yml b/unified/codeql-extractor.yml index 388566c09f11..8851d3520795 100644 --- a/unified/codeql-extractor.yml +++ b/unified/codeql-extractor.yml @@ -5,6 +5,8 @@ column_kind: "utf8" legacy_qltest_extraction: true build_modes: - none +default_queries: + - codeql/unified-queries github_api_languages: - Swift scc_languages: From fc94d1c035f2724f2439612ccef8c9b435f1ef11 Mon Sep 17 00:00:00 2001 From: Asger F Date: Fri, 26 Jun 2026 12:11:36 +0200 Subject: [PATCH 3/3] unified: Add a dummy query This is just to test DCA --- unified/ql/src/DummyQuery.ql | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 unified/ql/src/DummyQuery.ql diff --git a/unified/ql/src/DummyQuery.ql b/unified/ql/src/DummyQuery.ql new file mode 100644 index 000000000000..32890433c103 --- /dev/null +++ b/unified/ql/src/DummyQuery.ql @@ -0,0 +1,16 @@ +/** + * @name Dummy query + * @description Dummy query that flags any name longer than 100 characters + * @kind problem + * @id unified/dummy + * @problem.severity error + * @precision high + * @security-severity 7 + * @tags security + */ + +import unified + +from Identifier id +where id.getValue().length() > 100 +select id, "Name is too long: " + id.getValue()