stuff

2026-04-24 21:54:56 +00:00 · 2026-01-19 09:17:22 +00:00
parent ddee18d1dc
commit 18b383a156
521 changed files with 21184 additions and 30542 deletions
--- a/codeql/custom-queries/codeql-pack.lock.yml
+++ b/codeql/custom-queries/codeql-pack.lock.yml
@@ -0,0 +1,30 @@
+---
+lockVersion: 1.0.0
+dependencies:
+  codeql/concepts:
+    version: 0.0.13
+  codeql/controlflow:
+    version: 2.0.23
+  codeql/dataflow:
+    version: 2.0.23
+  codeql/javascript-all:
+    version: 2.6.19
+  codeql/mad:
+    version: 1.0.39
+  codeql/regex:
+    version: 1.0.39
+  codeql/ssa:
+    version: 2.0.15
+  codeql/threat-models:
+    version: 1.0.39
+  codeql/tutorial:
+    version: 1.0.39
+  codeql/typetracking:
+    version: 2.0.23
+  codeql/util:
+    version: 2.0.26
+  codeql/xml:
+    version: 1.0.39
+  codeql/yaml:
+    version: 1.0.39
+compiled: false
--- a/codeql/custom-queries/qlpack.yml
+++ b/codeql/custom-queries/qlpack.yml
@@ -0,0 +1,4 @@
+name: custom/low-code-react-migration
+version: 0.0.1
+dependencies:
+  codeql/javascript-all: "*"
--- a/codeql/custom-queries/queries/ComponentFilesWithJSX.ql
+++ b/codeql/custom-queries/queries/ComponentFilesWithJSX.ql
@@ -0,0 +1,17 @@
+/**
+ * @name Component files with JSX
+ * @description Lists component TSX files that contain JSX (candidate for JSON conversion).
+ * @kind problem
+ * @severity warning
+ * @id custom/component-files-with-jsx
+ */
+import javascript
+import semmle.javascript.JSX
+
+predicate isComponentFile(File f) {
+  f.getRelativePath().regexpMatch("^src/components/.*\\.tsx$")
+}
+
+from JsxElement jsx, File f
+where f = jsx.getFile() and isComponentFile(f)
+select f, "Component file contains JSX"
--- a/codeql/custom-queries/queries/ComponentHooksUsage.ql
+++ b/codeql/custom-queries/queries/ComponentHooksUsage.ql
@@ -0,0 +1,30 @@
+/**
+ * @name React hook usage in components
+ * @description Flags component files that call React hooks (likely needs custom hook extraction).
+ * @kind problem
+ * @severity warning
+ * @id custom/component-hooks-usage
+ */
+import javascript
+
+predicate isComponentFile(File f) {
+  f.getRelativePath().regexpMatch("^src/components/.*\\.tsx$")
+}
+
+predicate isReactHookName(string name) {
+  name = "useState" or
+  name = "useEffect" or
+  name = "useMemo" or
+  name = "useCallback" or
+  name = "useReducer" or
+  name = "useLayoutEffect" or
+  name = "useRef"
+}
+
+from CallExpr call, File f, VarRef ref
+where
+  f = call.getFile() and
+  isComponentFile(f) and
+  ref = call.getCallee() and
+  isReactHookName(ref.getName())
+select call, "React hook call in component: " + ref.getName()
--- a/codeql/custom-queries/queries/LegacyComponentImports.ql
+++ b/codeql/custom-queries/queries/LegacyComponentImports.ql
@@ -0,0 +1,12 @@
+/**
+ * @name Legacy component imports
+ * @description Finds imports still referencing legacy components instead of JSON components.
+ * @kind problem
+ * @severity warning
+ * @id custom/legacy-component-imports
+ */
+import javascript
+
+from ImportDeclaration imp
+where imp.getRawImportPath().regexpMatch("^@/components/")
+select imp, "Legacy component import: " + imp.getRawImportPath()