-
Notifications
You must be signed in to change notification settings - Fork 2
feat(resources): improve CodeQL MaD extensions support #266
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
Changes from all commits
2f1b6e3
e1287a3
0c68c46
228b68f
cffb3f8
b80df0d
db62263
8a63678
d74ee0f
46fdc62
4da5417
9787e0a
b17d0f6
4a69c81
93ab431
b573add
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Large diffs are not rendered by default.
Large diffs are not rendered by default.
| Original file line number | Diff line number | Diff line change | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| @@ -0,0 +1,148 @@ | ||||||||||||
| --- | ||||||||||||
| agent: agent | ||||||||||||
| --- | ||||||||||||
|
|
||||||||||||
| # Data Extension Development Workflow | ||||||||||||
|
|
||||||||||||
| Use this workflow to create CodeQL data extensions (Models-as-Data) for third-party libraries and frameworks. Data extensions let you customize taint tracking without writing QL code — you author YAML files that declare which functions are sources, sinks, summaries, barriers, or barrier guards. | ||||||||||||
|
|
||||||||||||
| For format reference, read the MCP resource: `codeql://learning/data-extensions` | ||||||||||||
| For language-specific guidance, read the corresponding `codeql://languages/<language>/library-modeling` resource. Available for: `cpp`, `csharp`, `go`, `java`, `javascript`, `python`, `ruby`, `rust`, `swift`. | ||||||||||||
|
|
||||||||||||
| ## Workflow Checklist | ||||||||||||
|
|
||||||||||||
| ### Phase 1: Identify the Target | ||||||||||||
|
|
||||||||||||
| - [ ] **Confirm the target library and language** | ||||||||||||
| - Library name and version: {{libraryName}} | ||||||||||||
| - Target language: {{language}} | ||||||||||||
| - Determine the model format: | ||||||||||||
| - **MaD tuple format** (9–10 column tuples): C/C++ (`codeql/cpp-all`), C# (`codeql/csharp-all`), Go (`codeql/go-all`), Java/Kotlin (`codeql/java-all`) | ||||||||||||
| - **API Graph format** (3–5 column tuples): JavaScript/TypeScript (`codeql/javascript-all`), Python (`codeql/python-all`), Ruby (`codeql/ruby-all`) | ||||||||||||
|
Comment on lines
+20
to
+21
|
||||||||||||
| - **MaD tuple format** (9–10 column tuples): C/C++ (`codeql/cpp-all`), C# (`codeql/csharp-all`), Go (`codeql/go-all`), Java/Kotlin (`codeql/java-all`) | |
| - **API Graph format** (3–5 column tuples): JavaScript/TypeScript (`codeql/javascript-all`), Python (`codeql/python-all`), Ruby (`codeql/ruby-all`) | |
| - **MaD tuple format** (9–10 column tuples): C/C++ (`codeql/cpp-all`), C# (`codeql/csharp-all`), Go (`codeql/go-all`), Java/Kotlin (`codeql/java-all`), Swift (`codeql/swift-all`) | |
| - **API Graph format** (3–5 column tuples): JavaScript/TypeScript (`codeql/javascript-all`), Python (`codeql/python-all`), Ruby (`codeql/ruby-all`) | |
| - **Rust format**: Rust (`codeql/rust-all`) uses its own crate-path-based model format; follow `codeql://languages/rust/library-modeling` |
Uh oh!
There was an error while loading. Please reload this page.