hohn/codeql-info
1
0
Fork 0
mirror of https://github.com/hohn/codeql-info.git synced 2025-12-16 20:53:04 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
codeql-info/ql/docs/language/learn-ql/build.html-5f4acb8/codeql-language-guides/codeql-library-for-csharp.html
Michael Hohn e52393de06 Build class-based dataflow documentation
2023-11-20 11:57:03 -08:00

1394 lines
103 KiB
HTML
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html>
<html lang="en" data-content_root="../">
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />
<title>CodeQL library for C# &#8212; CodeQL</title>
<link rel="stylesheet" type="text/css" href="../_static/pygments.css?v=fa44fd50" />
<link rel="stylesheet" type="text/css" href="../_static/alabaster.css?v=93459777" />
<script src="../_static/documentation_options.js?v=5929fcd5"></script>
<script src="../_static/doctools.js?v=888ff710"></script>
<script src="../_static/sphinx_highlight.js?v=dc90522c"></script>
<link rel="icon" href="../_static/favicon.ico"/>
<link rel="index" title="Index" href="../genindex.html" />
<link rel="search" title="Search" href="../search.html" />
<link rel="next" title="Analyzing data flow in C#" href="analyzing-data-flow-in-csharp.html" />
<link rel="prev" title="Basic query for C# code" href="basic-query-for-csharp-code.html" />
<title>CodeQL docs</title>
<meta name="viewport" content="width=device-width, initial-scale=1" />
<link rel="stylesheet" href="../_static/custom.css" type="text/css" />
<link rel="stylesheet" href="../_static/primer.css" type="text/css" />
</head><body>
<header class="Header">
<div class="Header-item--full">
<a href="https://codeql.github.com/docs" class="Header-link f2 d-flex flex-items-center">
<!-- <%= octicon "mark-github", class: "mr-2", height: 32 %> -->
<svg height="32" class="octicon octicon-mark-github mr-2" viewBox="0 0 16 16" version="1.1" width="32"
aria-hidden="true">
<path fill-rule="evenodd"
d="M8 0C3.58 0 0 3.58 0 8c0 3.54 2.29 6.53 5.47 7.59.4.07.55-.17.55-.38 0-.19-.01-.82-.01-1.49-2.01.37-2.53-.49-2.69-.94-.09-.23-.48-.94-.82-1.13-.28-.15-.68-.52-.01-.53.63-.01 1.08.58 1.23.82.72 1.21 1.87.87 2.33.66.07-.52.28-.87.51-1.07-1.78-.2-3.64-.89-3.64-3.95 0-.87.31-1.59.82-2.15-.08-.2-.36-1.02.08-2.12 0 0 .67-.21 2.2.82.64-.18 1.32-.27 2-.27.68 0 1.36.09 2 .27 1.53-1.04 2.2-.82 2.2-.82.44 1.1.16 1.92.08 2.12.51.56.82 1.27.82 2.15 0 3.07-1.87 3.75-3.65 3.95.29.25.54.73.54 1.48 0 1.07-.01 1.93-.01 2.2 0 .21.15.46.55.38A8.013 8.013 0 0 0 16 8c0-4.42-3.58-8-8-8z">
</path>
</svg>
<span class="hide-sm">CodeQL documentation</span>
</a>
</div>
<div class="Header-item hide-sm hide-md">
<script src="https://addsearch.com/js/?key=93b4d287e2fc079a4089412b669785d5&categories=!0xhelp.semmle.com,0xcodeql.github.com,1xdocs,1xcodeql-standard-libraries,1xcodeql-query-help"></script>
</div>
<div class="Header-item">
<details class="dropdown details-reset details-overlay d-inline-block">
<summary class="btn bg-gray-dark text-white border" aria-haspopup="true">
CodeQL resources
<div class="dropdown-caret"></div>
</summary>
<ul class="dropdown-menu dropdown-menu-se dropdown-menu-dark">
<li><a class="dropdown-item" href="https://codeql.github.com/docs/codeql-overview">CodeQL overview</a></li>
<li class="dropdown-divider" role="separator"></li>
<div class="dropdown-header">
CodeQL tools
</div>
<li><a class="dropdown-item" href="https://codeql.github.com/docs/codeql-for-visual-studio-code">CodeQL for VS Code</a>
<li><a class="dropdown-item" href="https://codeql.github.com/docs/codeql-cli">CodeQL CLI</a>
</li>
<li class="dropdown-divider" role="separator"></li>
<div class="dropdown-header">
CodeQL guides
</div>
<li><a class="dropdown-item" href="https://codeql.github.com/docs/writing-codeql-queries">Writing CodeQL queries</a></li>
<li><a class="dropdown-item" href="https://codeql.github.com/docs/codeql-language-guides">CodeQL language guides</a>
<li class="dropdown-divider" role="separator"></li>
<div class="dropdown-header">
Reference docs
</div>
<li><a class="dropdown-item" href="https://codeql.github.com/docs/ql-language-reference/">QL language
reference</a>
<li><a class="dropdown-item" href="https://codeql.github.com/codeql-standard-libraries">CodeQL
standard-libraries</a>
<li><a class="dropdown-item" href="https://codeql.github.com/codeql-query-help">CodeQL
query help</a>
<li class="dropdown-divider" role="separator"></li>
<div class="dropdown-header">
Source files
</div>
<li><a class="dropdown-item" href="https://github.com/github/codeql">CodeQL repository</a>
</ul>
</details>
</div>
</header>
<main class="bg-gray-light clearfix">
<nav class="SideNav position-sticky top-0 col-lg-3 col-md-3 float-left p-4 hide-sm hide-md overflow-y-auto">
<ul class="current">
<li class="toctree-l1"><a class="reference internal" href="../codeql-overview/index.html">CodeQL overview</a></li>
<li class="toctree-l1"><a class="reference internal" href="../codeql-for-visual-studio-code/index.html">CodeQL for Visual Studio Code</a></li>
<li class="toctree-l1"><a class="reference internal" href="../codeql-cli/index.html">CodeQL CLI</a></li>
<li class="toctree-l1"><a class="reference internal" href="../writing-codeql-queries/index.html">Writing CodeQL queries</a></li>
<li class="toctree-l1 current"><a class="reference internal" href="index.html">CodeQL language guides</a><ul class="current">
<li class="toctree-l2"><a class="reference internal" href="codeql-for-cpp.html">CodeQL for C and C++</a></li>
<li class="toctree-l2 current"><a class="reference internal" href="codeql-for-csharp.html">CodeQL for C#</a><ul class="current">
<li class="toctree-l3"><a class="reference internal" href="basic-query-for-csharp-code.html">Basic query for C# code</a></li>
<li class="toctree-l3 current"><a class="current reference internal" href="#">CodeQL library for C#</a></li>
<li class="toctree-l3"><a class="reference internal" href="analyzing-data-flow-in-csharp.html">Analyzing data flow in C#</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="codeql-for-go.html">CodeQL for Go</a></li>
<li class="toctree-l2"><a class="reference internal" href="codeql-for-java.html">CodeQL for Java</a></li>
<li class="toctree-l2"><a class="reference internal" href="codeql-for-javascript.html">CodeQL for JavaScript</a></li>
<li class="toctree-l2"><a class="reference internal" href="codeql-for-python.html">CodeQL for Python</a></li>
<li class="toctree-l2"><a class="reference internal" href="codeql-for-ruby.html">CodeQL for Ruby</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../ql-language-reference/index.html">QL language reference</a></li>
</ul>
</nav>
<div class="body col-sm-12 col-md-9 col-lg-9 float-left border-left">
<div class="hide-lg hide-xl px-4 pt-4">
<div class="related" role="navigation" aria-label="related navigation">
<ul>
<li class="nav-item nav-item-0"><a href="../contents.html">CodeQL</a> &#187;</li>
<li class="nav-item nav-item-1"><a href="index.html"
>CodeQL language guides</a> &#187;</li>
<li class="nav-item nav-item-2"><a href="codeql-for-csharp.html"
accesskey="U">CodeQL for C#</a> &#187;</li>
</ul>
</div>
</div>
<article class="p-4 col-lg-10 col-md-10 col-sm-12">
<section id="codeql-library-for-c">
<span id="codeql-library-for-csharp"></span><h1>CodeQL library for C#<a class="headerlink" href="#codeql-library-for-c" title="Link to this heading"></a></h1>
<p>When youre analyzing a C# program, you can make use of the large collection of classes in the CodeQL library for C#.</p>
<section id="about-the-codeql-libraries-for-c">
<h2>About the CodeQL libraries for C#<a class="headerlink" href="#about-the-codeql-libraries-for-c" title="Link to this heading"></a></h2>
<p>There is an extensive core library for analyzing CodeQL databases extracted from C# projects. The classes in this library present the data from a database in an object-oriented form and provide abstractions and predicates to help you with common analysis tasks. The library is implemented as a set of QL modules, that is, files with the extension <code class="docutils literal notranslate"><span class="pre">.qll</span></code>. The module <code class="docutils literal notranslate"><span class="pre">csharp.qll</span></code> imports all the core C# library modules, so you can include the complete library by beginning your query with:</p>
<div class="highlight-ql notranslate"><div class="highlight"><pre><span></span>import csharp
</pre></div>
</div>
<p>Since this is required for all C# queries, its omitted from code snippets below.</p>
<p>The core library contains all the program elements, including <a class="reference external" href="#files">files</a>, <a class="reference external" href="#types">types</a>, methods, <a class="reference external" href="#variables">variables</a>, <a class="reference external" href="#statements">statements</a>, and <a class="reference external" href="#expressions">expressions</a>. This is sufficient for most queries, however additional libraries can be imported for bespoke functionality such as control flow and data flow. For information about these additional libraries, see “<a class="reference internal" href="codeql-for-csharp.html#codeql-for-csharp"><span class="std std-ref">CodeQL for C#</span></a>.”</p>
<section id="class-hierarchies">
<h3>Class hierarchies<a class="headerlink" href="#class-hierarchies" title="Link to this heading"></a></h3>
<p>Each section contains a class hierarchy, showing the inheritance structure between CodeQL classes. For example:</p>
<ul class="simple">
<li><p><code class="docutils literal notranslate"><span class="pre">Expr</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">Operation</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">ArithmeticOperation</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">UnaryArithmeticOperation</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">UnaryMinusExpr</span></code>, <code class="docutils literal notranslate"><span class="pre">UnaryPlusExpr</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">MutatorOperation</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">IncrementOperation</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">PreIncrExpr</span></code>, <code class="docutils literal notranslate"><span class="pre">PostIncrExpr</span></code></p></li>
</ul>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">DecrementOperation</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">PreDecrExpr</span></code>, <code class="docutils literal notranslate"><span class="pre">PostDecrExpr</span></code></p></li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">BinaryArithmeticOperation</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">AddExpr</span></code>, <code class="docutils literal notranslate"><span class="pre">SubExpr</span></code>, <code class="docutils literal notranslate"><span class="pre">MulExpr</span></code>, <code class="docutils literal notranslate"><span class="pre">DivExpr</span></code>, <code class="docutils literal notranslate"><span class="pre">RemExpr</span></code></p></li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
</ul>
<p>This means that the class <code class="docutils literal notranslate"><span class="pre">AddExpr</span></code> extends class <code class="docutils literal notranslate"><span class="pre">BinaryArithmeticOperation</span></code>, which in turn extends class <code class="docutils literal notranslate"><span class="pre">ArithmeticOperation</span></code> and so on. If you want to query any arithmetic operation, use the class <code class="docutils literal notranslate"><span class="pre">ArithmeticOperation</span></code>, but if you specifically want to limit the query to addition operations, use the class <code class="docutils literal notranslate"><span class="pre">AddExpr</span></code>.</p>
<p>Classes can also be considered to be <em>sets</em>, and the <code class="docutils literal notranslate"><span class="pre">extends</span></code> relation between classes defines a subset. Every member of class <code class="docutils literal notranslate"><span class="pre">AddExpr</span></code> is also in the class <code class="docutils literal notranslate"><span class="pre">BinaryArithmeticOperation</span></code>. In general, classes overlap and an entity can be a member of several classes.</p>
<p>This overview omits some of the less important or intermediate classes from the class hierarchy.</p>
<p>Each class has predicates, which are logical propositions about that class. They also define navigable relationships between classes. Predicates are inherited, so for example the <code class="docutils literal notranslate"><span class="pre">AddExpr</span></code> class inherits the predicates <code class="docutils literal notranslate"><span class="pre">getLeftOperand()</span></code> and <code class="docutils literal notranslate"><span class="pre">getRightOperand()</span></code> from <code class="docutils literal notranslate"><span class="pre">BinaryArithmeticOperation</span></code>, and <code class="docutils literal notranslate"><span class="pre">getType()</span></code> from class <code class="docutils literal notranslate"><span class="pre">Expr</span></code>. This is similar to how methods are inherited in object-oriented programming languages.</p>
<p>In this overview, we present the most common and useful predicates. For the complete list of predicates available on each class, you can look in the CodeQL source code, use autocomplete in the editor, or see the <a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/csharp">C# reference</a>.</p>
</section>
<section id="exercises">
<h3>Exercises<a class="headerlink" href="#exercises" title="Link to this heading"></a></h3>
<p>Each section in this topic contains exercises to check your understanding.</p>
<p>Exercise 1: Simplify this query:</p>
<div class="highlight-ql notranslate"><div class="highlight"><pre><span></span>from BinaryArithmeticOperation op
where op instanceof AddExpr
select op
</pre></div>
</div>
<p>(<a class="reference external" href="#exercise-1">Answer</a>)</p>
</section>
</section>
<section id="files">
<h2>Files<a class="headerlink" href="#files" title="Link to this heading"></a></h2>
<p>Files are represented by the class <a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/csharp/semmle/code/csharp/File.qll/type.File$File.html">File</a>, and directories by the class <a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/csharp/semmle/code/csharp/File.qll/type.File$Folder.html">Folder</a>. The database contains all of the source files and assemblies used during the compilation.</p>
<section id="class-hierarchy">
<h3>Class hierarchy<a class="headerlink" href="#class-hierarchy" title="Link to this heading"></a></h3>
<ul class="simple">
<li><p><code class="docutils literal notranslate"><span class="pre">File</span></code> - any file in the database (including source files, XML and assemblies)</p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">SourceFile</span></code> - a file containing source code</p></li>
</ul>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">Folder</span></code> - a directory</p></li>
</ul>
</section>
<section id="predicates">
<h3>Predicates<a class="headerlink" href="#predicates" title="Link to this heading"></a></h3>
<ul class="simple">
<li><p><code class="docutils literal notranslate"><span class="pre">getName()</span></code> - gets the full path of the file (for example, <code class="docutils literal notranslate"><span class="pre">C:\Temp\test.cs</span></code>).</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">getNumberOfLines()</span></code> - gets the number of lines (for source files only).</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">getShortName()</span></code> - gets the name of the file without the extension (for example, <code class="docutils literal notranslate"><span class="pre">test</span></code>).</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">getBaseName()</span></code> - gets the name and extension of the file (for example, <code class="docutils literal notranslate"><span class="pre">test.cs</span></code>).</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">getParent()</span></code> - gets the parent directory.</p></li>
</ul>
</section>
<section id="examples">
<h3>Examples<a class="headerlink" href="#examples" title="Link to this heading"></a></h3>
<p>Count the number of source files:</p>
<div class="highlight-ql notranslate"><div class="highlight"><pre><span></span>select count(SourceFile f)
</pre></div>
</div>
<p>Count the number of lines of code, excluding the directory <code class="docutils literal notranslate"><span class="pre">external</span></code>:</p>
<div class="highlight-ql notranslate"><div class="highlight"><pre><span></span>select sum(SourceFile f |
not exists(Folder ext | ext.getShortName() = &quot;external&quot; |
ext.getAFolder*().getAFile() = f) |
f.getNumberOfLines())
</pre></div>
</div>
</section>
<section id="id1">
<h3>Exercises<a class="headerlink" href="#id1" title="Link to this heading"></a></h3>
<p>Exercise 2: Write a query to find the source file with the largest number of lines. Hint: Find the source file with the same number of lines as the <code class="docutils literal notranslate"><span class="pre">max</span></code> number of lines in any file. (<a class="reference external" href="#exercise-2">Answer</a>)</p>
</section>
</section>
<section id="elements">
<h2>Elements<a class="headerlink" href="#elements" title="Link to this heading"></a></h2>
<p>The class <a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/csharp/semmle/code/cil/Element.qll/type.Element$Element.html">Element</a> is the base class for all parts of a C# program, and its the root of the element class hierarchy. All program elements (such as types, methods, statements, and expressions) ultimately derive from this common base class.</p>
<p><code class="docutils literal notranslate"><span class="pre">Element</span></code> forms a hierarchical structure of the program, which can be navigated using the <code class="docutils literal notranslate"><span class="pre">getParent()</span></code> and <code class="docutils literal notranslate"><span class="pre">getChild()</span></code> predicates. This is much like an abstract syntax tree, and also applies to elements in assemblies.</p>
<section id="id2">
<h3>Predicates<a class="headerlink" href="#id2" title="Link to this heading"></a></h3>
<p>The <code class="docutils literal notranslate"><span class="pre">Element</span></code> class provides common functionality for all program elements, including:</p>
<ul class="simple">
<li><p><code class="docutils literal notranslate"><span class="pre">getLocation()</span></code> - gets the text span in the source code.</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">getFile()</span></code> - gets the <code class="docutils literal notranslate"><span class="pre">File</span></code> containing the <code class="docutils literal notranslate"><span class="pre">Element</span></code>.</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">getParent()</span></code> - gets the parent <code class="docutils literal notranslate"><span class="pre">Element</span></code>, if any.</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">getAChild()</span></code> - gets a child <code class="docutils literal notranslate"><span class="pre">Element</span></code> of this element, if any.</p></li>
</ul>
</section>
<section id="id3">
<h3>Examples<a class="headerlink" href="#id3" title="Link to this heading"></a></h3>
<p>To list all elements in <code class="docutils literal notranslate"><span class="pre">Main.cs</span></code>, their QL class and location:</p>
<div class="highlight-ql notranslate"><div class="highlight"><pre><span></span>from Element e
where e.getFile().getShortName() = &quot;Main&quot;
select e, e.getAQlClass(), e.getLocation()
</pre></div>
</div>
<p>Note that <code class="docutils literal notranslate"><span class="pre">getAQlClass()</span></code> is available on all entities and is a useful way to figure out the QL class of something. Often the same element will have several classes which are all returned by <code class="docutils literal notranslate"><span class="pre">getAQlClass()</span></code>.</p>
</section>
</section>
<section id="locations">
<h2>Locations<a class="headerlink" href="#locations" title="Link to this heading"></a></h2>
<p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/csharp/semmle/code/csharp/Location.qll/type.Location$Location.html">Location</a> represents a section of text in the source code, or an assembly. All elements have a <code class="docutils literal notranslate"><span class="pre">Location</span></code> obtained by their <code class="docutils literal notranslate"><span class="pre">getLocation()</span></code> predicate. A <code class="docutils literal notranslate"><span class="pre">SourceLocation</span></code> represents a span of text in source code, whereas an <code class="docutils literal notranslate"><span class="pre">Assembly</span></code> location represents a referenced assembly.</p>
<p>Sometimes elements have several locations, for example if they occur in both source code and an assembly. In this case, only the <code class="docutils literal notranslate"><span class="pre">SourceLocation</span></code> is returned.</p>
<section id="id4">
<h3>Class hierarchy<a class="headerlink" href="#id4" title="Link to this heading"></a></h3>
<ul class="simple">
<li><p><code class="docutils literal notranslate"><span class="pre">Location</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">SourceLocation</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">Assembly</span></code></p></li>
</ul>
</li>
</ul>
</section>
<section id="id5">
<h3>Predicates<a class="headerlink" href="#id5" title="Link to this heading"></a></h3>
<p>Some predicates of <code class="docutils literal notranslate"><span class="pre">Location</span></code> include:</p>
<ul class="simple">
<li><p><code class="docutils literal notranslate"><span class="pre">getFile()</span></code> - gets the <code class="docutils literal notranslate"><span class="pre">File</span></code>.</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">getStartLine()</span></code> - gets the first line of the text.</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">getEndLine()</span></code> - gets the last line of the text.</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">getStartColumn()</span></code> - gets the column of the start of the text.</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">getEndColumn()</span></code> - gets the column of the end of the text.</p></li>
</ul>
</section>
<section id="id6">
<h3>Examples<a class="headerlink" href="#id6" title="Link to this heading"></a></h3>
<p>Find all elements that are one character wide:</p>
<div class="highlight-ql notranslate"><div class="highlight"><pre><span></span>from Element e, Location l
where l = e.getLocation()
and l.getStartLine() = l.getEndLine()
and l.getStartColumn() = l.getEndColumn()
select e, &quot;This element is a single character.&quot;
</pre></div>
</div>
</section>
</section>
<section id="declarations">
<h2>Declarations<a class="headerlink" href="#declarations" title="Link to this heading"></a></h2>
<p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/csharp/semmle/code/cil/Declaration.qll/type.Declaration$Declaration.html">Declaration</a> is the common class of all entities defined in the program, such as types, methods, variables etc. The database contains all declarations from the source code and all referenced assemblies.</p>
<section id="id7">
<h3>Class hierarchy<a class="headerlink" href="#id7" title="Link to this heading"></a></h3>
<ul class="simple">
<li><p><code class="docutils literal notranslate"><span class="pre">Element</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">Declaration</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">Callable</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">UnboundGeneric</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">ConstructedGeneric</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">Modifiable</span></code> - a declaration which can have a modifier (for example <code class="docutils literal notranslate"><span class="pre">public</span></code>)</p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">Member</span></code> - a declaration that is member of a type</p></li>
</ul>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">Assignable</span></code> - an element that can be assigned to</p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">Variable</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">Property</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">Indexer</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">Event</span></code></p></li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
</ul>
</section>
<section id="id8">
<h3>Predicates<a class="headerlink" href="#id8" title="Link to this heading"></a></h3>
<p>Useful member predicates on <code class="docutils literal notranslate"><span class="pre">Declaration</span></code> include:</p>
<ul class="simple">
<li><p><code class="docutils literal notranslate"><span class="pre">getDeclaringType()</span></code> - gets the type containing the declaration, if any.</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">getName()</span></code>/<code class="docutils literal notranslate"><span class="pre">hasName(string)</span></code> - gets the name of the declared entity.</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">isSourceDeclaration()</span></code> - whether the declaration is source code and is not a constructed type/method.</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">getSourceDeclaration()</span></code> - gets the original (unconstructed) declaration.</p></li>
</ul>
</section>
<section id="id9">
<h3>Examples<a class="headerlink" href="#id9" title="Link to this heading"></a></h3>
<p>Find declarations containing a username:</p>
<div class="highlight-ql notranslate"><div class="highlight"><pre><span></span>from Declaration decl
where decl.getName().regexpMatch(&quot;[uU]ser([Nn]ame)?&quot;)
select decl, &quot;A username.&quot;
</pre></div>
</div>
</section>
</section>
<section id="variables">
<h2>Variables<a class="headerlink" href="#variables" title="Link to this heading"></a></h2>
<p>The class <a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/csharp/semmle/code/cil/Variable.qll/type.Variable$Variable.html">Variable</a> represents C# variables, such as fields, parameters and local variables. The database contains all variables from the source code, as well as all fields and parameters from assemblies referenced by the program.</p>
<section id="id10">
<h3>Class hierarchy<a class="headerlink" href="#id10" title="Link to this heading"></a></h3>
<ul class="simple">
<li><p><code class="docutils literal notranslate"><span class="pre">Element</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">Declaration</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">Variable</span></code> - any type of variable</p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">Field</span></code> - a field in a <code class="docutils literal notranslate"><span class="pre">class</span></code>/<code class="docutils literal notranslate"><span class="pre">struct</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">MemberConstant</span></code> - a <code class="docutils literal notranslate"><span class="pre">const</span></code> field</p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">EnumConstant</span></code> - a field in an <code class="docutils literal notranslate"><span class="pre">enum</span></code></p></li>
</ul>
</li>
</ul>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">LocalScopeVariable</span></code> - a variable whose scope is limited to a single <code class="docutils literal notranslate"><span class="pre">Callable</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">LocalVariable</span></code> - a local variable in a <code class="docutils literal notranslate"><span class="pre">Callable</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">LocalConstant</span></code> - a locally defined constant in a <code class="docutils literal notranslate"><span class="pre">Callable</span></code></p></li>
</ul>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">Parameter</span></code> - a parameter to a <code class="docutils literal notranslate"><span class="pre">Callable</span></code></p></li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
</ul>
</section>
<section id="id11">
<h3>Predicates<a class="headerlink" href="#id11" title="Link to this heading"></a></h3>
<p>Some common predicates on <code class="docutils literal notranslate"><span class="pre">Variable</span></code> are:</p>
<ul class="simple">
<li><p><code class="docutils literal notranslate"><span class="pre">getType()</span></code> - gets the <code class="docutils literal notranslate"><span class="pre">Type</span></code> of this variable.</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">getAnAccess()</span></code> - gets an expression that accesses (reads or writes) this variable, if any.</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">getAnAssignedValue()</span></code> - gets an expression that is assigned to this variable, if any.</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">getInitializer()</span></code> - gets the expression used to initialize the variable, if any.</p></li>
</ul>
</section>
<section id="id12">
<h3>Examples<a class="headerlink" href="#id12" title="Link to this heading"></a></h3>
<p>Find all unused local variables:</p>
<div class="highlight-ql notranslate"><div class="highlight"><pre><span></span>from LocalVariable v
where not exists(v.getAnAccess())
select v, &quot;This local variable is unused.&quot;
</pre></div>
</div>
</section>
</section>
<section id="types">
<h2>Types<a class="headerlink" href="#types" title="Link to this heading"></a></h2>
<p>Types are represented by the CodeQL class <a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/csharp/semmle/code/cil/Type.qll/type.Type$Type.html">Type</a> and consist of builtin types, interfaces, classes, structs, enums, and type parameters. The database contains types from the program and all referenced assemblies including mscorlib and the .NET framework.</p>
<p>The builtin types (<code class="docutils literal notranslate"><span class="pre">object</span></code>, <code class="docutils literal notranslate"><span class="pre">int</span></code>, <code class="docutils literal notranslate"><span class="pre">double</span></code> etc.) have corresponding types (<code class="docutils literal notranslate"><span class="pre">System.Object</span></code>, <code class="docutils literal notranslate"><span class="pre">System.Int32</span></code> etc.) in mscorlib.</p>
<p>Class <code class="docutils literal notranslate"><span class="pre">ValueOrRefType</span></code> represents defined types, such as a <code class="docutils literal notranslate"><span class="pre">class</span></code>, <code class="docutils literal notranslate"><span class="pre">struct</span></code>, <code class="docutils literal notranslate"><span class="pre">interface</span></code> or <code class="docutils literal notranslate"><span class="pre">enum</span></code>.</p>
<section id="id13">
<h3>Class hierarchy<a class="headerlink" href="#id13" title="Link to this heading"></a></h3>
<ul class="simple">
<li><p><code class="docutils literal notranslate"><span class="pre">Element</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">Declaration</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">Modifiable</span></code> - a declaration which can have a modifier (for example <code class="docutils literal notranslate"><span class="pre">public</span></code>)</p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">Member</span></code> - a declaration that is member of a type</p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">Type</span></code> - all types</p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">ValueOrRefType</span></code> - a defined type</p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">ValueType</span></code> - a value type (see below for further hierarchy)</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">RefType</span></code> - a reference type (see below for further hierarchy)</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">NestedType</span></code> - a type defined in another type</p></li>
</ul>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">VoidType</span></code> - <code class="docutils literal notranslate"><span class="pre">void</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">PointerType</span></code> - a pointer type</p></li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
</ul>
<p>The <code class="docutils literal notranslate"><span class="pre">ValueType</span></code> class extends further:</p>
<ul class="simple">
<li><p><code class="docutils literal notranslate"><span class="pre">ValueType</span></code> - a value type</p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">SimpleType</span></code> - a simple built-in type</p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">BoolType</span></code> - <code class="docutils literal notranslate"><span class="pre">bool</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">CharType</span></code> - <code class="docutils literal notranslate"><span class="pre">char</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">IntegralType</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">UnsignedIntegralType</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">ByteType</span></code> - <code class="docutils literal notranslate"><span class="pre">byte</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">UShortType</span></code> - <code class="docutils literal notranslate"><span class="pre">unsigned</span> <span class="pre">short</span></code>/<code class="docutils literal notranslate"><span class="pre">System.UInt16</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">UIntType</span></code> - <code class="docutils literal notranslate"><span class="pre">unsigned</span> <span class="pre">int</span></code>/<code class="docutils literal notranslate"><span class="pre">System.UInt32</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">ULongType</span></code> - <code class="docutils literal notranslate"><span class="pre">unsigned</span> <span class="pre">long</span></code>/<code class="docutils literal notranslate"><span class="pre">System.UInt64</span></code></p></li>
</ul>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">SignedIntegralType</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">SByteType</span></code> - <code class="docutils literal notranslate"><span class="pre">signed</span> <span class="pre">byte</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">ShortType</span></code> - <code class="docutils literal notranslate"><span class="pre">short</span></code>/<code class="docutils literal notranslate"><span class="pre">System.Int16</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">IntType</span></code> - <code class="docutils literal notranslate"><span class="pre">int</span></code>/<code class="docutils literal notranslate"><span class="pre">System.Int32</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">LongType</span></code> - <code class="docutils literal notranslate"><span class="pre">long</span></code>/<code class="docutils literal notranslate"><span class="pre">System.Int64</span></code></p></li>
</ul>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">FloatingPointType</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">FloatType</span></code> - <code class="docutils literal notranslate"><span class="pre">float</span></code>/<code class="docutils literal notranslate"><span class="pre">System.Single</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">DoubleType</span></code> - <code class="docutils literal notranslate"><span class="pre">double</span></code>/<code class="docutils literal notranslate"><span class="pre">System.Double</span></code></p></li>
</ul>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">DecimalType</span></code> - <code class="docutils literal notranslate"><span class="pre">decimal</span></code>/<code class="docutils literal notranslate"><span class="pre">System.Decimal</span></code></p></li>
</ul>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">Enum</span></code> - an <code class="docutils literal notranslate"><span class="pre">enum</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">Struct</span></code> - a <code class="docutils literal notranslate"><span class="pre">struct</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">NullableType</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">ArrayType</span></code></p></li>
</ul>
</li>
</ul>
</li>
</ul>
<p>The <code class="docutils literal notranslate"><span class="pre">RefType</span></code> class extends further:</p>
<ul class="simple">
<li><p><code class="docutils literal notranslate"><span class="pre">RefType</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">Class</span></code> - a <code class="docutils literal notranslate"><span class="pre">class</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">AnonymousClass</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">ObjectType</span></code> - <code class="docutils literal notranslate"><span class="pre">object</span></code>/<code class="docutils literal notranslate"><span class="pre">System.Object</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">StringType</span></code> - <code class="docutils literal notranslate"><span class="pre">string</span></code>/<code class="docutils literal notranslate"><span class="pre">System.String</span></code></p></li>
</ul>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">Interface</span></code> - an <code class="docutils literal notranslate"><span class="pre">interface</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">DelegateType</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">NullType</span></code> - the type of <code class="docutils literal notranslate"><span class="pre">null</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">DynamicType</span></code> - <code class="docutils literal notranslate"><span class="pre">dynamic</span></code></p></li>
</ul>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">NestedType</span></code> - a type defined in another type</p></li>
</ul>
<p>These class hierarchies omit generic types for simplicity.</p>
</section>
<section id="id14">
<h3>Predicates<a class="headerlink" href="#id14" title="Link to this heading"></a></h3>
<p>Useful members of <code class="docutils literal notranslate"><span class="pre">ValueOrRefType</span></code> include:</p>
<ul class="simple">
<li><p><code class="docutils literal notranslate"><span class="pre">getQualifiedName()/hasQualifiedName(string)</span></code> - gets the qualified name of the type (for example, <code class="docutils literal notranslate"><span class="pre">&quot;System.String&quot;</span></code>).</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">getABaseInterface()</span></code> - gets an immediate interface of this type, if any.</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">getABaseType()</span></code> - gets an immediate base class or interface of this type, if any.</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">getBaseClass()</span></code> - gets the immediate base class of this type, if any.</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">getASubType()</span></code> - gets an immediate subtype, a type which directly inherits from this type, if any.</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">getAMember()</span></code> - gets any member (field/method/property etc), if any.</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">getAMethod()</span></code> - gets a method, if any.</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">getAProperty()</span></code> - gets a property, if any.</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">getAnIndexer()</span></code> - gets an indexer, if any.</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">getAnEvent()</span></code> - gets an event, if any.</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">getAnOperator()</span></code> - gets an operator, if any.</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">getANestedType()</span></code> - gets a nested type.</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">getNamespace()</span></code> - gets the enclosing namespace.</p></li>
</ul>
</section>
<section id="id15">
<h3>Examples<a class="headerlink" href="#id15" title="Link to this heading"></a></h3>
<p>Find all members of <code class="docutils literal notranslate"><span class="pre">System.Object</span></code>:</p>
<div class="highlight-ql notranslate"><div class="highlight"><pre><span></span>from ObjectType object
select object.getAMember()
</pre></div>
</div>
<p>Find all types which directly implement <code class="docutils literal notranslate"><span class="pre">System.Collections.IEnumerable</span></code>:</p>
<div class="highlight-ql notranslate"><div class="highlight"><pre><span></span>from Interface ienumerable
where ienumerable.hasQualifiedName(&quot;System.Collections.IEnumerable&quot;)
select ienumerable.getASubType()
</pre></div>
</div>
<p>List all simple types in the <code class="docutils literal notranslate"><span class="pre">System</span></code> namespace:</p>
<div class="highlight-ql notranslate"><div class="highlight"><pre><span></span>select any(SimpleType t | t.getNamespace().hasName(&quot;System&quot;))
</pre></div>
</div>
<p>Find all variables of type <code class="docutils literal notranslate"><span class="pre">PointerType</span></code>:</p>
<div class="highlight-ql notranslate"><div class="highlight"><pre><span></span>from Variable v
where v.fromSource()
and v.getType() instanceof PointerType
select v
</pre></div>
</div>
<p>List all classes in source files:</p>
<div class="highlight-ql notranslate"><div class="highlight"><pre><span></span>from Class c
where c.fromSource()
select c
</pre></div>
</div>
</section>
<section id="id16">
<h3>Exercises<a class="headerlink" href="#id16" title="Link to this heading"></a></h3>
<p>Exercise 3: Write a query to list the methods in <code class="docutils literal notranslate"><span class="pre">string</span></code>. (<a class="reference external" href="#exercise-3">Answer</a>)</p>
<p>Exercise 4: Adapt the example to find all types which indirectly implement <code class="docutils literal notranslate"><span class="pre">IEnumerable</span></code>. (<a class="reference external" href="#exercise-4">Answer</a>)</p>
<p>Exercise 5: Write a query to find all classes starting with the letter <code class="docutils literal notranslate"><span class="pre">A</span></code>. (<a class="reference external" href="#exercise-5">Answer</a>)</p>
</section>
</section>
<section id="callables">
<h2>Callables<a class="headerlink" href="#callables" title="Link to this heading"></a></h2>
<p>Callables are represented by the class <a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/csharp/semmle/code/csharp/Callable.qll/type.Callable$Callable.html">Callable</a> and are anything that can be called independently, such as methods, constructors, destructors, operators, anonymous functions, indexers, and property accessors.</p>
<p>The database contains all of the callables in your program and in all referenced assemblies.</p>
<section id="id17">
<h3>Class hierarchy<a class="headerlink" href="#id17" title="Link to this heading"></a></h3>
<ul class="simple">
<li><p><code class="docutils literal notranslate"><span class="pre">Element</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">Declaration</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">Callable</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">Method</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">ExtensionMethod</span></code></p></li>
</ul>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">Constructor</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">StaticConstructor</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">InstanceConstructor</span></code></p></li>
</ul>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">Destructor</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">Operator</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">UnaryOperator</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">PlusOperator</span></code>, <code class="docutils literal notranslate"><span class="pre">MinusOperator</span></code>, <code class="docutils literal notranslate"><span class="pre">NotOperator</span></code>, <code class="docutils literal notranslate"><span class="pre">ComplementOperator</span></code>, <code class="docutils literal notranslate"><span class="pre">IncrementOperator</span></code>, <code class="docutils literal notranslate"><span class="pre">DecrementOperator</span></code>, <code class="docutils literal notranslate"><span class="pre">FalseOperator</span></code>, <code class="docutils literal notranslate"><span class="pre">TrueOperator</span></code></p></li>
</ul>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">BinaryOperator</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">AddOperator</span></code>, <code class="docutils literal notranslate"><span class="pre">SubOperator</span></code>, <code class="docutils literal notranslate"><span class="pre">MulOperator</span></code>, <code class="docutils literal notranslate"><span class="pre">DivOperator</span></code>, <code class="docutils literal notranslate"><span class="pre">RemOperator</span></code>, <code class="docutils literal notranslate"><span class="pre">AndOperator</span></code>, <code class="docutils literal notranslate"><span class="pre">OrOperator</span></code>, <code class="docutils literal notranslate"><span class="pre">XorOperator</span></code>, <code class="docutils literal notranslate"><span class="pre">LShiftOperator</span></code>, <code class="docutils literal notranslate"><span class="pre">RShiftOperator</span></code>, <code class="docutils literal notranslate"><span class="pre">EQOperator</span></code>, <code class="docutils literal notranslate"><span class="pre">NEOperator</span></code>, <code class="docutils literal notranslate"><span class="pre">LTOperator</span></code>, <code class="docutils literal notranslate"><span class="pre">GTOperator</span></code>, <code class="docutils literal notranslate"><span class="pre">LEOperator</span></code>, <code class="docutils literal notranslate"><span class="pre">GEOperator</span></code></p></li>
</ul>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">ConversionOperator</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">ImplicitConversionOperator</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">ExplicitConversionOperator</span></code></p></li>
</ul>
</li>
</ul>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">AnonymousFunctionExpr</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">LambdaExpr</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">AnonymousMethodExpr</span></code></p></li>
</ul>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">Accessor</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">Getter</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">Setter</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">EventAccessor</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">AddEventAccessor</span></code>, <code class="docutils literal notranslate"><span class="pre">RemoveEventAccessor</span></code></p></li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
</ul>
</section>
<section id="id18">
<h3>Predicates<a class="headerlink" href="#id18" title="Link to this heading"></a></h3>
<p>Here are a few useful predicates on the <code class="docutils literal notranslate"><span class="pre">Callable</span></code> class:</p>
<ul class="simple">
<li><p><code class="docutils literal notranslate"><span class="pre">getParameter(int)</span></code>/<code class="docutils literal notranslate"><span class="pre">getAParameter()</span></code> - gets a parameter.</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">calls(Callable)</span></code> - whether theres a direct call from one callable to another.</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">getReturnType()</span></code> - gets the return type.</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">getBody()</span></code>/<code class="docutils literal notranslate"><span class="pre">getExpressionBody()</span></code> - gets the body of the callable.</p></li>
</ul>
<p>Since <code class="docutils literal notranslate"><span class="pre">Callable</span></code> extends <code class="docutils literal notranslate"><span class="pre">Declaration</span></code>, it also has predicates from <code class="docutils literal notranslate"><span class="pre">Declaration</span></code>, such as:</p>
<ul class="simple">
<li><p><code class="docutils literal notranslate"><span class="pre">getName()</span></code>/<code class="docutils literal notranslate"><span class="pre">hasName(string)</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">getSourceDeclaration()</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">getName()</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">getDeclaringType()</span></code></p></li>
</ul>
<p>Methods have additional predicates, including:</p>
<ul class="simple">
<li><p><code class="docutils literal notranslate"><span class="pre">getAnOverridee()</span></code> - gets a method that is immediately overridden by this method.</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">getAnOverrider()</span></code> - gets a method that immediately overrides this method.</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">getAnImplementee()</span></code> - gets an interface method that is immediately implemented by this method.</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">getAnImplementor()</span></code> - gets a method that immediately implements this interface method.</p></li>
</ul>
</section>
<section id="id19">
<h3>Examples<a class="headerlink" href="#id19" title="Link to this heading"></a></h3>
<p>List all types which override <code class="docutils literal notranslate"><span class="pre">ToString</span></code>:</p>
<div class="highlight-ql notranslate"><div class="highlight"><pre><span></span>from Method m
where m.hasName(&quot;ToString&quot;)
select m
</pre></div>
</div>
<p>Find methods that look like <code class="docutils literal notranslate"><span class="pre">ToString</span></code> methods but dont override <code class="docutils literal notranslate"><span class="pre">Object.ToString</span></code>:</p>
<div class="highlight-ql notranslate"><div class="highlight"><pre><span></span>from Method toString, Method falseToString
where toString.hasQualifiedName(&quot;System.Object.ToString&quot;)
and falseToString.getName().toLowerCase() = &quot;tostring&quot;
and not falseToString.overrides*(toString)
and falseToString.getNumberOfParameters() = 0
select falseToString, &quot;This method looks like it overrides Object.ToString but it doesn&#39;t.&quot;
</pre></div>
</div>
<p>Find all methods which take a pointer type:</p>
<div class="highlight-ql notranslate"><div class="highlight"><pre><span></span>from Method m
where m.getAParameter().getType() instanceof PointerType
select m, &quot;This method uses pointers.&quot;
</pre></div>
</div>
<p>Find all classes which have a destructor but arent disposable:</p>
<div class="highlight-ql notranslate"><div class="highlight"><pre><span></span>from Class c
where c.getAMember() instanceof Destructor
and not c.getABaseType*().hasQualifiedName(&quot;System.IDisposable&quot;)
select c, &quot;This class has a destructor but is not IDisposable.&quot;
</pre></div>
</div>
<p>Find <code class="docutils literal notranslate"><span class="pre">Main</span></code> methods which are not <code class="docutils literal notranslate"><span class="pre">private</span></code>:</p>
<div class="highlight-ql notranslate"><div class="highlight"><pre><span></span>from Method m
where m.hasName(&quot;Main&quot;)
and not m.isPrivate()
select m, &quot;Main method should be private.&quot;
</pre></div>
</div>
</section>
</section>
<section id="statements">
<h2>Statements<a class="headerlink" href="#statements" title="Link to this heading"></a></h2>
<p>Statements are represented by the class <a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/csharp/semmle/code/csharp/Stmt.qll/type.Stmt$Stmt.html">Stmt</a> and make up the body of methods (and other callables). The database contains all statements in the source code, but does not contain any statements from referenced assemblies where the source code is not available.</p>
<section id="id20">
<h3>Class hierarchy<a class="headerlink" href="#id20" title="Link to this heading"></a></h3>
<ul class="simple">
<li><p><code class="docutils literal notranslate"><span class="pre">Element</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">ControlFlowElement</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">Stmt</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">BlockStmt</span></code> - <code class="docutils literal notranslate"><span class="pre">{</span> <span class="pre">...</span> <span class="pre">}</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">ExprStmt</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">SelectionStmt</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">IfStmt</span></code> - <code class="docutils literal notranslate"><span class="pre">if</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">SwitchStmt</span></code> - <code class="docutils literal notranslate"><span class="pre">switch</span></code></p></li>
</ul>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">LabeledStmt</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">ConstCase</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">DefaultCase</span></code> - <code class="docutils literal notranslate"><span class="pre">default</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">LabelStmt</span></code></p></li>
</ul>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">LoopStmt</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">WhileStmt</span></code> - <code class="docutils literal notranslate"><span class="pre">while(...)</span> <span class="pre">{</span> <span class="pre">...</span> <span class="pre">}</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">DoStmt</span></code> - <code class="docutils literal notranslate"><span class="pre">do</span> <span class="pre">{</span> <span class="pre">...</span> <span class="pre">}</span> <span class="pre">while(...)</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">ForStmt</span></code> - <code class="docutils literal notranslate"><span class="pre">for</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">ForEachStmt</span></code> - <code class="docutils literal notranslate"><span class="pre">foreach</span></code></p></li>
</ul>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">JumpStmt</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">BreakStmt</span></code> - <code class="docutils literal notranslate"><span class="pre">break</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">ContinueStmt</span></code> - <code class="docutils literal notranslate"><span class="pre">continue</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">GotoStmt</span></code> - <code class="docutils literal notranslate"><span class="pre">goto</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">GotoLabelStmt</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">GotoCaseStmt</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">GotoDefaultStmt</span></code></p></li>
</ul>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">ThrowStmt</span></code> - <code class="docutils literal notranslate"><span class="pre">throw</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">ReturnStmt</span></code> - <code class="docutils literal notranslate"><span class="pre">return</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">YieldStmt</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">YieldBreakStmt</span></code> - <code class="docutils literal notranslate"><span class="pre">yield</span> <span class="pre">break</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">YieldReturnStmt</span></code> - <code class="docutils literal notranslate"><span class="pre">yield</span> <span class="pre">return</span></code></p></li>
</ul>
</li>
</ul>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">TryStmt</span></code> - <code class="docutils literal notranslate"><span class="pre">try</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">CatchClause</span></code> - <code class="docutils literal notranslate"><span class="pre">catch</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">SpecificCatchClause</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">GeneralCatchClause</span></code></p></li>
</ul>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">CheckedStmt</span></code> - <code class="docutils literal notranslate"><span class="pre">checked</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">UncheckedStmt</span></code> - <code class="docutils literal notranslate"><span class="pre">unchecked</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">LockStmt</span></code> - <code class="docutils literal notranslate"><span class="pre">lock</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">UsingStmt</span></code> - <code class="docutils literal notranslate"><span class="pre">using</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">LocalVariableDeclStmt</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">LocalConstantDeclStmt</span></code></p></li>
</ul>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">EmptyStmt</span></code> - <code class="docutils literal notranslate"><span class="pre">;</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">UnsafeStmt</span></code> - <code class="docutils literal notranslate"><span class="pre">unsafe</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">FixedStmt</span></code> - <code class="docutils literal notranslate"><span class="pre">fixed</span></code></p></li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
</ul>
</section>
<section id="id21">
<h3>Examples<a class="headerlink" href="#id21" title="Link to this heading"></a></h3>
<p>Find long methods:</p>
<div class="highlight-ql notranslate"><div class="highlight"><pre><span></span>from Method m
where m.getBody().(BlockStmt).getNumberOfStmts() &gt;= 100
select m, &quot;This is a long method!&quot;
</pre></div>
</div>
<p>Find <code class="docutils literal notranslate"><span class="pre">for(;;)</span></code>:</p>
<div class="highlight-ql notranslate"><div class="highlight"><pre><span></span>from ForStmt for
where not exists(for.getAnInitializer())
and not exists(for.getUpdate(_))
and not exists(for.getCondition())
select for, &quot;Infinite loop.&quot;
</pre></div>
</div>
<p>Find <code class="docutils literal notranslate"><span class="pre">catch(NullDefererenceException)</span></code>:</p>
<div class="highlight-ql notranslate"><div class="highlight"><pre><span></span>from SpecificCatchClause catch
where catch.getCaughtExceptionType().hasQualifiedName(&quot;System.NullReferenceException&quot;)
select catch, &quot;Catch NullReferenceException.&quot;
</pre></div>
</div>
<p>Find an <code class="docutils literal notranslate"><span class="pre">if</span></code> statement with a constant condition:</p>
<div class="highlight-ql notranslate"><div class="highlight"><pre><span></span>from IfStmt ifStmt
where ifStmt.getCondition().hasValue()
select ifStmt, &quot;This &#39;if&#39; statement is constant.&quot;
</pre></div>
</div>
<p>Find an <code class="docutils literal notranslate"><span class="pre">if</span></code> statement with an empty “then” block:</p>
<div class="highlight-ql notranslate"><div class="highlight"><pre><span></span>from IfStmt ifStmt
where ifStmt.getThen().(BlockStmt).isEmpty()
select ifStmt, &quot;If statement with empty &#39;then&#39; block.&quot;
</pre></div>
</div>
<p>The <code class="docutils literal notranslate"><span class="pre">(BlockStmt)</span></code> is an inline cast, which restricts the query to cases where the result of <code class="docutils literal notranslate"><span class="pre">getThen()</span></code> has the QL class <code class="docutils literal notranslate"><span class="pre">BlockStmt</span></code>, and allows predicates on <code class="docutils literal notranslate"><span class="pre">BlockStmt</span></code> to be used, such as <code class="docutils literal notranslate"><span class="pre">isEmpty()</span></code>.</p>
</section>
<section id="id22">
<h3>Exercises<a class="headerlink" href="#id22" title="Link to this heading"></a></h3>
<p>Exercise 6: Write a query to list all empty methods. (<a class="reference external" href="#exercise-6">Answer</a>)</p>
<p>Exercise 7: Modify the last example to also detect empty statements (<code class="docutils literal notranslate"><span class="pre">;</span></code>) in the “then” block. (<a class="reference external" href="#exercise-7">Answer</a>)</p>
<p>Exercise 8: Modify the last example to exclude chains of <code class="docutils literal notranslate"><span class="pre">if</span></code> statements, where the <code class="docutils literal notranslate"><span class="pre">else</span></code> part is another <code class="docutils literal notranslate"><span class="pre">if</span></code> statement. (<a class="reference external" href="#exercise-8">Answer</a>)</p>
</section>
</section>
<section id="expressions">
<h2>Expressions<a class="headerlink" href="#expressions" title="Link to this heading"></a></h2>
<p>The <a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/csharp/semmle/code/csharp/exprs/Expr.qll/type.Expr$Expr.html">Expr</a> class represents all C# expressions in the program. An expression is something producing a value such as <code class="docutils literal notranslate"><span class="pre">a+b</span></code> or <code class="docutils literal notranslate"><span class="pre">new</span> <span class="pre">List&lt;int&gt;()</span></code>. The database contains all expressions from the source code, but no expressions from referenced assemblies where the source code is not available.</p>
<p>The <code class="docutils literal notranslate"><span class="pre">Access</span></code> class represents any use or cross-reference of another <code class="docutils literal notranslate"><span class="pre">Declaration</span></code> such a variable, property, method or field. The <code class="docutils literal notranslate"><span class="pre">getTarget()</span></code> predicate gets the declaration being accessed.</p>
<p>The <code class="docutils literal notranslate"><span class="pre">Call</span></code> class represents a call to a <code class="docutils literal notranslate"><span class="pre">Callable</span></code>, for example to a <code class="docutils literal notranslate"><span class="pre">Method</span></code> or an <code class="docutils literal notranslate"><span class="pre">Accessor</span></code>, and the <code class="docutils literal notranslate"><span class="pre">getTarget()</span></code> method gets the <code class="docutils literal notranslate"><span class="pre">Callable</span></code> being called. The <code class="docutils literal notranslate"><span class="pre">Operation</span></code> class consists of arithmetic, bitwise operations and logical operations.</p>
<p>Some expressions use a qualifier, which is the object on which the expression operates. A typical example is a <code class="docutils literal notranslate"><span class="pre">MethodCall</span></code>. In this case, the <code class="docutils literal notranslate"><span class="pre">getQualifier()</span></code> predicate is used to get the expression on the left of the <code class="docutils literal notranslate"><span class="pre">.</span></code>, and <code class="docutils literal notranslate"><span class="pre">getArgument(int)</span></code> is used to get the arguments of the call.</p>
<section id="id23">
<h3>Class hierarchy<a class="headerlink" href="#id23" title="Link to this heading"></a></h3>
<ul class="simple">
<li><p><code class="docutils literal notranslate"><span class="pre">Element</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">ControlFlowElement</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">Expr</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">LocalVariableDeclExpr</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">LocalConstantDeclExpr</span></code></p></li>
</ul>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">Operation</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">UnaryOperation</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">SizeofExpr</span></code>, <code class="docutils literal notranslate"><span class="pre">PointerIndirectionExpr</span></code>, <code class="docutils literal notranslate"><span class="pre">AddressOfExpr</span></code></p></li>
</ul>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">BinaryOperation</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">ComparisonOperation</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">EqualityOperation</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">EQExpr</span></code>, <code class="docutils literal notranslate"><span class="pre">NEExpr</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">RelationalOperation</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">GTExpr</span></code>, <code class="docutils literal notranslate"><span class="pre">LTExpr</span></code>, <code class="docutils literal notranslate"><span class="pre">GEExpr</span></code>, <code class="docutils literal notranslate"><span class="pre">LEExpr</span></code></p></li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">Assignment</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">AssignOperation</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">AddOrRemoveEventExpr</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">AddEventExpr</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">RemoveEventExpr</span></code></p></li>
</ul>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">AssignArithmeticOperation</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">AssignAddExpr</span></code>, <code class="docutils literal notranslate"><span class="pre">AssignSubExpr</span></code>, <code class="docutils literal notranslate"><span class="pre">AssignMulExpr</span></code>, <code class="docutils literal notranslate"><span class="pre">AssignDivExpr</span></code>, <code class="docutils literal notranslate"><span class="pre">AssignRemExpr</span></code></p></li>
</ul>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">AssignBitwiseOperation</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">AssignAndExpr</span></code>, <code class="docutils literal notranslate"><span class="pre">AssignOrExpr</span></code>, <code class="docutils literal notranslate"><span class="pre">AssignXorExpr</span></code>, <code class="docutils literal notranslate"><span class="pre">AssignLShiftExpr</span></code>, <code class="docutils literal notranslate"><span class="pre">AssignRShiftExpr</span></code></p></li>
</ul>
</li>
</ul>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">AssignExpr</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">MemberInitializer</span></code></p></li>
</ul>
</li>
</ul>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">ArithmeticOperation</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">UnaryArithmeticOperation</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">UnaryMinusExpr</span></code>, <code class="docutils literal notranslate"><span class="pre">UnaryPlusExpr</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">MutatorOperation</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">IncrementOperation</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">PreIncrExpr</span></code>, <code class="docutils literal notranslate"><span class="pre">PostIncrExpr</span></code></p></li>
</ul>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">DecrementOperation</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">PreDecrExpr</span></code>, <code class="docutils literal notranslate"><span class="pre">PostDecrExpr</span></code></p></li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">BinaryArithmeticOperation</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">AddExpr</span></code>, <code class="docutils literal notranslate"><span class="pre">SubExpr</span></code>, <code class="docutils literal notranslate"><span class="pre">MulExpr</span></code>, <code class="docutils literal notranslate"><span class="pre">DivExpr</span></code>, <code class="docutils literal notranslate"><span class="pre">RemExpr</span></code></p></li>
</ul>
</li>
</ul>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">BitwiseOperation</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">UnaryBitwiseOperation</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">ComplementOperation</span></code></p></li>
</ul>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">BinaryBitwiseOperation</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">LShiftExpr</span></code>, <code class="docutils literal notranslate"><span class="pre">RShiftExpr</span></code>, <code class="docutils literal notranslate"><span class="pre">BitwiseAndExpr</span></code>, <code class="docutils literal notranslate"><span class="pre">BitwiseOrExpr</span></code>, <code class="docutils literal notranslate"><span class="pre">BitwiseXorExpr</span></code></p></li>
</ul>
</li>
</ul>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">LogicalOperation</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">UnaryLogicalOperation</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">LogicalNotOperation</span></code></p></li>
</ul>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">BinaryLogicalOperation</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">LogicalAndExpr</span></code>, <code class="docutils literal notranslate"><span class="pre">LogicalOrExpr</span></code>, <code class="docutils literal notranslate"><span class="pre">NullCoalescingExpr</span></code></p></li>
</ul>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">ConditionalExpr</span></code></p></li>
</ul>
</li>
</ul>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">ParenthesisedExpr</span></code>, <code class="docutils literal notranslate"><span class="pre">CheckedExpr</span></code>, <code class="docutils literal notranslate"><span class="pre">UncheckedExpr</span></code>, <code class="docutils literal notranslate"><span class="pre">IsExpr</span></code>, <code class="docutils literal notranslate"><span class="pre">AsExpr</span></code>, <code class="docutils literal notranslate"><span class="pre">CastExpr</span></code>, <code class="docutils literal notranslate"><span class="pre">TypeofExpr</span></code>, <code class="docutils literal notranslate"><span class="pre">DefaultValueExpr</span></code>, <code class="docutils literal notranslate"><span class="pre">AwaitExpr</span></code>, <code class="docutils literal notranslate"><span class="pre">NameofExpr</span></code>, <code class="docutils literal notranslate"><span class="pre">InterpolatedStringExpr</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">Access</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">ThisAccess</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">BaseAccess</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">MemberAccess</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">MethodAccess</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">VirtualMethodAccess</span></code></p></li>
</ul>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">FieldAccess</span></code>, <code class="docutils literal notranslate"><span class="pre">PropertyAccess</span></code>, <code class="docutils literal notranslate"><span class="pre">IndexerAccess</span></code>, <code class="docutils literal notranslate"><span class="pre">EventAccess</span></code>, <code class="docutils literal notranslate"><span class="pre">MethodAccess</span></code></p></li>
</ul>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">AssignableAccess</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">VariableAccess</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">ParameterAccess</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">LocalVariableAccess</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">LocalScopeVariableAccess</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">FieldAccess</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">MemberConstantAccess</span></code></p></li>
</ul>
</li>
</ul>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">PropertyAccess</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">TrivialPropertyAccess</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">VirtualPropertyAccess</span></code></p></li>
</ul>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">IndexerAccess</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">VirtualIndexerAccess</span></code></p></li>
</ul>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">EventAccess</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">VirtualEventAccess</span></code></p></li>
</ul>
</li>
</ul>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">TypeAccess</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">ArrayAccess</span></code></p></li>
</ul>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">Call</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">PropertyCall</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">IndexerCall</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">EventCall</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">MethodCall</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">VirtualMethodCall</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">ElementInitializer</span></code></p></li>
</ul>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">ConstructorInitializer</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">OperatorCall</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">MutatorOperatorCall</span></code></p></li>
</ul>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">DelegateCall</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">ObjectCreation</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">DefaultValueTypeObjectCreation</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">TypeParameterObjectCreation</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">AnonymousObjectCreation</span></code></p></li>
</ul>
</li>
</ul>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">ObjectOrCollectionInitializer</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">ObjectInitializer</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">CollectionInitializer</span></code></p></li>
</ul>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">DelegateCreation</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">ExplicitDelegateCreation</span></code>, <code class="docutils literal notranslate"><span class="pre">ImplicitDelegateCreation</span></code></p></li>
</ul>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">ArrayInitializer</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">ArrayCreation</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">AnonymousFunctionExpr</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">LambdaExpr</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">AnonymousMethodExpr</span></code></p></li>
</ul>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">Literal</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">BoolLiteral</span></code>, <code class="docutils literal notranslate"><span class="pre">CharLiteral</span></code>, <code class="docutils literal notranslate"><span class="pre">IntegerLiteral</span></code>, <code class="docutils literal notranslate"><span class="pre">IntLiteral</span></code>, <code class="docutils literal notranslate"><span class="pre">LongLiteral</span></code>, <code class="docutils literal notranslate"><span class="pre">UIntLiteral</span></code>, <code class="docutils literal notranslate"><span class="pre">ULongLiteral</span></code>, <code class="docutils literal notranslate"><span class="pre">RealLiteral</span></code>, <code class="docutils literal notranslate"><span class="pre">FloatLiteral</span></code>, <code class="docutils literal notranslate"><span class="pre">DoubleLiteral</span></code>, <code class="docutils literal notranslate"><span class="pre">DecimalLiteral</span></code>, <code class="docutils literal notranslate"><span class="pre">StringLiteral</span></code>, <code class="docutils literal notranslate"><span class="pre">NullLiteral</span></code></p></li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
</ul>
</section>
<section id="id24">
<h3>Predicates<a class="headerlink" href="#id24" title="Link to this heading"></a></h3>
<p>Useful predicates on <code class="docutils literal notranslate"><span class="pre">Expr</span></code> include:</p>
<ul class="simple">
<li><p><code class="docutils literal notranslate"><span class="pre">getType()</span></code> - gets the <code class="docutils literal notranslate"><span class="pre">Type</span></code> of the expression.</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">getValue()</span></code> - gets the compile-time constant, if any.</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">hasValue()</span></code> - whether the expression has a compile-time constant.</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">getEnclosingStmt()</span></code> - gets the statement containing the expression, if any.</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">getEnclosingCallable()</span></code> - gets the callable containing the expression, if any.</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">stripCasts()</span></code> - remove all explicit or implicit casts.</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">isImplicit()</span></code> - whether the expression was implicit, such as an implicit <code class="docutils literal notranslate"><span class="pre">this</span></code> qualifier (<code class="docutils literal notranslate"><span class="pre">ThisAccess</span></code>).</p></li>
</ul>
</section>
<section id="id25">
<h3>Examples<a class="headerlink" href="#id25" title="Link to this heading"></a></h3>
<p>Find calls to <code class="docutils literal notranslate"><span class="pre">String.Format</span></code> with just one argument:</p>
<div class="highlight-ql notranslate"><div class="highlight"><pre><span></span>from MethodCall c
where c.getTarget().hasQualifiedName(&quot;System.String.Format&quot;)
and c.getNumberOfArguments() = 1
select c, &quot;Missing arguments to &#39;String.Format&#39;.&quot;
</pre></div>
</div>
<p>Find all comparisons of floating point values:</p>
<div class="highlight-ql notranslate"><div class="highlight"><pre><span></span>from ComparisonOperation cmp
where (cmp instanceof EQExpr or cmp instanceof NEExpr)
and cmp.getAnOperand().getType() instanceof FloatingPointType
select cmp, &quot;Comparison of floating point values.&quot;
</pre></div>
</div>
<p>Find hard-coded passwords:</p>
<div class="highlight-ql notranslate"><div class="highlight"><pre><span></span>from Variable v, string value
where v.getName().regexpMatch(&quot;[pP]ass(word|wd|)&quot;)
and value = v.getAnAssignedValue().getValue()
select v, &quot;Hard-coded password &#39;&quot; + value + &quot;&#39;.&quot;
</pre></div>
</div>
</section>
<section id="id26">
<h3>Exercises<a class="headerlink" href="#id26" title="Link to this heading"></a></h3>
<p>Exercise 9: Limit the previous query to string types. Exclude empty passwords or null passwords. (<a class="reference external" href="#exercise-9">Answer</a>)</p>
</section>
</section>
<section id="attributes">
<h2>Attributes<a class="headerlink" href="#attributes" title="Link to this heading"></a></h2>
<p>C# attributes are represented by the class <a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/csharp/semmle/code/cil/Attribute.qll/type.Attribute$Attribute.html">Attribute</a>. They can be present on many C# elements, such as classes, methods, fields, and parameters. The database contains attributes from the source code and all assembly references.</p>
<p>The attribute of any <code class="docutils literal notranslate"><span class="pre">Element</span></code> can be obtained via <code class="docutils literal notranslate"><span class="pre">getAnAttribute()</span></code>, whereas if you have an attribute, you can find its element via <code class="docutils literal notranslate"><span class="pre">getTarget()</span></code>. These two query fragments are identical:</p>
<div class="highlight-ql notranslate"><div class="highlight"><pre><span></span>attribute = element.getAnAttribute()
element = attribute.getTarget()
</pre></div>
</div>
<section id="id27">
<h3>Class hierarchy<a class="headerlink" href="#id27" title="Link to this heading"></a></h3>
<ul class="simple">
<li><p><code class="docutils literal notranslate"><span class="pre">Element</span></code></p>
<ul>
<li><p><code class="docutils literal notranslate"><span class="pre">Attribute</span></code></p></li>
</ul>
</li>
</ul>
</section>
<section id="id28">
<h3>Predicates<a class="headerlink" href="#id28" title="Link to this heading"></a></h3>
<ul class="simple">
<li><p><code class="docutils literal notranslate"><span class="pre">getTarget()</span></code> - gets the <code class="docutils literal notranslate"><span class="pre">Element</span></code> to which this attribute applies.</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">getArgument(int)</span></code> - gets the given argument of the attribute.</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">getType()</span></code> - gets the type of this attribute. Note that the class name must end in <code class="docutils literal notranslate"><span class="pre">&quot;Attribute&quot;</span></code>.</p></li>
</ul>
</section>
<section id="id29">
<h3>Examples<a class="headerlink" href="#id29" title="Link to this heading"></a></h3>
<p>Find all obsolete elements:</p>
<div class="highlight-ql notranslate"><div class="highlight"><pre><span></span>from Element e, Attribute attribute
where e = attribute.getTarget()
and attribute.getType().hasName(&quot;ObsoleteAttribute&quot;)
select e, &quot;This is obsolete because &quot; + attribute.getArgument(0).getValue()
</pre></div>
</div>
<p>Model NUnit test fixtures:</p>
<div class="highlight-ql notranslate"><div class="highlight"><pre><span></span>class TestFixture extends Class
{
TestFixture() {
this.getAnAttribute().getType().hasName(&quot;TestFixtureAttribute&quot;)
}
TestMethod getATest() {
result = this.getAMethod()
}
}
class TestMethod extends Method
{
TestMethod() {
this.getAnAttribute().getType().hasName(&quot;TestAttribute&quot;)
}
}
from TestFixture f
select f, f.getATest()
</pre></div>
</div>
</section>
<section id="id30">
<h3>Exercises<a class="headerlink" href="#id30" title="Link to this heading"></a></h3>
<p>Exercise 10: Write a query to find just obsolete methods. (<a class="reference external" href="#exercise-10">Answer</a>)</p>
<p>Exercise 11: Write a query to find all places where the <code class="docutils literal notranslate"><span class="pre">Obsolete</span></code> attribute is used without a reason string (that is, <code class="docutils literal notranslate"><span class="pre">[Obsolete]</span></code>). (<a class="reference external" href="#exercise-11">Answer</a>)</p>
<p>Exercise 12: In the first example, what happens if the <code class="docutils literal notranslate"><span class="pre">Obsolete</span></code> attribute doesnt have a reason string? How could the query be fixed to accommodate this? (<a class="reference external" href="#exercise-12">Answer</a>)</p>
</section>
</section>
<hr class="docutils" />
<section id="answers">
<h2>Answers<a class="headerlink" href="#answers" title="Link to this heading"></a></h2>
<section id="exercise-1">
<h3>Exercise 1<a class="headerlink" href="#exercise-1" title="Link to this heading"></a></h3>
<div class="highlight-ql notranslate"><div class="highlight"><pre><span></span>from AddExpr op
select op
</pre></div>
</div>
<p>or</p>
<div class="highlight-ql notranslate"><div class="highlight"><pre><span></span>select any(AddExpr op)
</pre></div>
</div>
</section>
<section id="exercise-2">
<h3>Exercise 2<a class="headerlink" href="#exercise-2" title="Link to this heading"></a></h3>
<div class="highlight-ql notranslate"><div class="highlight"><pre><span></span>from File f
where f.getNumberOfLines() = max(any(File g).getNumberOfLines())
select f
</pre></div>
</div>
</section>
<section id="exercise-3">
<h3>Exercise 3<a class="headerlink" href="#exercise-3" title="Link to this heading"></a></h3>
<div class="highlight-ql notranslate"><div class="highlight"><pre><span></span>from StringType s
select s.getAMethod()
</pre></div>
</div>
</section>
<section id="exercise-4">
<h3>Exercise 4<a class="headerlink" href="#exercise-4" title="Link to this heading"></a></h3>
<div class="highlight-ql notranslate"><div class="highlight"><pre><span></span>from Interface ienumerable
where ienumerable.hasQualifiedName(&quot;System.Collections.IEnumerable&quot;)
select ienumerable.getASubType*()
</pre></div>
</div>
</section>
<section id="exercise-5">
<h3>Exercise 5<a class="headerlink" href="#exercise-5" title="Link to this heading"></a></h3>
<div class="highlight-ql notranslate"><div class="highlight"><pre><span></span>from Class a
where a.getName().toLowerCase().matches(&quot;a%&quot;)
select a
</pre></div>
</div>
</section>
<section id="exercise-6">
<h3>Exercise 6<a class="headerlink" href="#exercise-6" title="Link to this heading"></a></h3>
<div class="highlight-ql notranslate"><div class="highlight"><pre><span></span>select any(Method m | m.getBody().(BlockStmt).isEmpty())
</pre></div>
</div>
</section>
<section id="exercise-7">
<h3>Exercise 7<a class="headerlink" href="#exercise-7" title="Link to this heading"></a></h3>
<div class="highlight-ql notranslate"><div class="highlight"><pre><span></span>from IfStmt ifStmt
where ifStmt.getThen().(BlockStmt).isEmpty() or ifStmt.getThen() instanceof EmptyStmt
select ifStmt, &quot;If statement with empty &#39;then&#39; block.&quot;
</pre></div>
</div>
</section>
<section id="exercise-8">
<h3>Exercise 8<a class="headerlink" href="#exercise-8" title="Link to this heading"></a></h3>
<div class="highlight-ql notranslate"><div class="highlight"><pre><span></span>from IfStmt ifStmt
where (ifStmt.getThen().(BlockStmt).isEmpty() or ifStmt.getThen() instanceof EmptyStmt)
and not ifStmt.getElse() instanceof IfStmt
select ifStmt, &quot;If statement with empty &#39;then&#39; block.&quot;
</pre></div>
</div>
</section>
<section id="exercise-9">
<h3>Exercise 9<a class="headerlink" href="#exercise-9" title="Link to this heading"></a></h3>
<div class="highlight-ql notranslate"><div class="highlight"><pre><span></span>from Variable v, StringLiteral value
where v.getName().regexpMatch(&quot;[pP]ass(word|wd|)&quot;)
and value = v.getAnAssignedValue()
and value.getValue() != &quot;&quot;
select v, &quot;Hard-coded password &#39;&quot; + value.getValue() + &quot;&#39;.&quot;
</pre></div>
</div>
</section>
<section id="exercise-10">
<h3>Exercise 10<a class="headerlink" href="#exercise-10" title="Link to this heading"></a></h3>
<div class="highlight-ql notranslate"><div class="highlight"><pre><span></span>from Method method, Attribute attribute
where method = attribute.getTarget()
and attribute.getType().hasName(&quot;ObsoleteAttribute&quot;)
select method, &quot;This is obsolete because &quot; + attribute.getArgument(0).getValue()
</pre></div>
</div>
</section>
<section id="exercise-11">
<h3>Exercise 11<a class="headerlink" href="#exercise-11" title="Link to this heading"></a></h3>
<div class="highlight-ql notranslate"><div class="highlight"><pre><span></span>from Attribute attribute
where attribute.getType().hasName(&quot;ObsoleteAttribute&quot;)
and not exists(attribute.getArgument(0))
select attribute, &quot;Missing reason in &#39;Obsolete&#39; attribute.&quot;
</pre></div>
</div>
</section>
<section id="exercise-12">
<h3>Exercise 12<a class="headerlink" href="#exercise-12" title="Link to this heading"></a></h3>
<p>The query does not return results where the argument is missing.</p>
<p>Here is the fixed version:</p>
<div class="highlight-ql notranslate"><div class="highlight"><pre><span></span>from Element e, Attribute attribute, string reason
where e = attribute.getTarget()
and attribute.getType().hasName(&quot;ObsoleteAttribute&quot;)
and if exists(attribute.getArgument(0))
then reason = attribute.getArgument(0).getValue()
else reason = &quot;(not given)&quot;
select e, &quot;This is obsolete because &quot; + reason
</pre></div>
</div>
</section>
</section>
<section id="further-reading">
<h2>Further reading<a class="headerlink" href="#further-reading" title="Link to this heading"></a></h2>
<ul class="simple">
<li><p><a class="reference external" href="https://github.com/github/codeql/tree/main/csharp/ql/src">CodeQL queries for C#</a></p></li>
<li><p><a class="reference external" href="https://github.com/github/codeql/tree/main/csharp/ql/examples">Example queries for C#</a></p></li>
<li><p><a class="reference external" href="https://codeql.github.com/codeql-standard-libraries/csharp/">CodeQL library reference for C#</a></p></li>
</ul>
<ul class="simple">
<li><p><a class="reference internal" href="../ql-language-reference/index.html#ql-language-reference"><span class="std std-ref">QL language reference</span></a></p></li>
<li><p><a class="reference internal" href="../codeql-overview/codeql-tools.html#codeql-tools"><span class="std std-ref">CodeQL tools</span></a></p></li>
</ul>
</section>
</section>
</article>
<!-- GitHub footer, with links to terms and privacy statement -->
<div class="px-3 px-md-6 f6 py-4 d-sm-flex flex-justify-between flex-row-reverse flex-items-center border-top">
<ul class="list-style-none d-flex flex-items-center mb-3 mb-sm-0 lh-condensed-ultra">
<li class="mr-3">
<a href="https://twitter.com/github" title="GitHub on Twitter" style="color: #959da5;">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 273.5 222.3" class="d-block" height="18">
<path
d="M273.5 26.3a109.77 109.77 0 0 1-32.2 8.8 56.07 56.07 0 0 0 24.7-31 113.39 113.39 0 0 1-35.7 13.6 56.1 56.1 0 0 0-97 38.4 54 54 0 0 0 1.5 12.8A159.68 159.68 0 0 1 19.1 10.3a56.12 56.12 0 0 0 17.4 74.9 56.06 56.06 0 0 1-25.4-7v.7a56.11 56.11 0 0 0 45 55 55.65 55.65 0 0 1-14.8 2 62.39 62.39 0 0 1-10.6-1 56.24 56.24 0 0 0 52.4 39 112.87 112.87 0 0 1-69.7 24 119 119 0 0 1-13.4-.8 158.83 158.83 0 0 0 86 25.2c103.2 0 159.6-85.5 159.6-159.6 0-2.4-.1-4.9-.2-7.3a114.25 114.25 0 0 0 28.1-29.1"
fill="currentColor"></path>
</svg>
</a>
</li>
<li class="mr-3">
<a href="https://www.facebook.com/GitHub" title="GitHub on Facebook" style="color: #959da5;">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 15.3 15.4" class="d-block" height="18">
<path
d="M14.5 0H.8a.88.88 0 0 0-.8.9v13.6a.88.88 0 0 0 .8.9h7.3v-6h-2V7.1h2V5.4a2.87 2.87 0 0 1 2.5-3.1h.5a10.87 10.87 0 0 1 1.8.1v2.1h-1.3c-1 0-1.1.5-1.1 1.1v1.5h2.3l-.3 2.3h-2v5.9h3.9a.88.88 0 0 0 .9-.8V.8a.86.86 0 0 0-.8-.8z"
fill="currentColor"></path>
</svg>
</a>
</li>
<li class="mr-3">
<a href="https://www.youtube.com/github" title="GitHub on YouTube" style="color: #959da5;">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 19.17 13.6" class="d-block" height="16">
<path
d="M18.77 2.13A2.4 2.4 0 0 0 17.09.42C15.59 0 9.58 0 9.58 0a57.55 57.55 0 0 0-7.5.4A2.49 2.49 0 0 0 .39 2.13 26.27 26.27 0 0 0 0 6.8a26.15 26.15 0 0 0 .39 4.67 2.43 2.43 0 0 0 1.69 1.71c1.52.42 7.5.42 7.5.42a57.69 57.69 0 0 0 7.51-.4 2.4 2.4 0 0 0 1.68-1.71 25.63 25.63 0 0 0 .4-4.67 24 24 0 0 0-.4-4.69zM7.67 9.71V3.89l5 2.91z"
fill="currentColor"></path>
</svg>
</a>
</li>
<li class="mr-3 flex-self-start">
<a href="https://www.linkedin.com/company/github" title="GitHub on Linkedin" style="color: #959da5;">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 19 18" class="d-block" height="18">
<path
d="M3.94 2A2 2 0 1 1 2 0a2 2 0 0 1 1.94 2zM4 5.48H0V18h4zm6.32 0H6.34V18h3.94v-6.57c0-3.66 4.77-4 4.77 0V18H19v-7.93c0-6.17-7.06-5.94-8.72-2.91z"
fill="currentColor"></path>
</svg>
</a>
</li>
<li>
<a href="https://github.com/github" title="GitHub's organization" style="color: #959da5;">
<svg version="1.1" width="20" height="20" viewBox="0 0 16 16" class="octicon octicon-mark-github"
aria-hidden="true">
<path fill-rule="evenodd"
d="M8 0C3.58 0 0 3.58 0 8c0 3.54 2.29 6.53 5.47 7.59.4.07.55-.17.55-.38 0-.19-.01-.82-.01-1.49-2.01.37-2.53-.49-2.69-.94-.09-.23-.48-.94-.82-1.13-.28-.15-.68-.52-.01-.53.63-.01 1.08.58 1.23.82.72 1.21 1.87.87 2.33.66.07-.52.28-.87.51-1.07-1.78-.2-3.64-.89-3.64-3.95 0-.87.31-1.59.82-2.15-.08-.2-.36-1.02.08-2.12 0 0 .67-.21 2.2.82.64-.18 1.32-.27 2-.27.68 0 1.36.09 2 .27 1.53-1.04 2.2-.82 2.2-.82.44 1.1.16 1.92.08 2.12.51.56.82 1.27.82 2.15 0 3.07-1.87 3.75-3.65 3.95.29.25.54.73.54 1.48 0 1.07-.01 1.93-.01 2.2 0 .21.15.46.55.38A8.013 8.013 0 0016 8c0-4.42-3.58-8-8-8z">
</path>
</svg>
</a>
</li>
</ul>
<ul class="list-style-none d-flex text-gray">
<li class="mr-3">&copy;
<script type="text/javascript">document.write(new Date().getFullYear());</script> GitHub, Inc.</li>
<li class="mr-3"><a
href="https://docs.github.com/github/site-policy/github-terms-of-service"
class="link-gray">Terms </a></li>
<li><a href="https://docs.github.com/github/site-policy/github-privacy-statement"
class="link-gray">Privacy </a></li>
</ul>
</div>
</div>
</main>
<script type="text/javascript">
$(document).ready(function () {
$(".toggle > *").hide();
$(".toggle .name").show();
$(".toggle .name").click(function () {
$(this).parent().children().not(".name").toggle(400);
$(this).parent().children(".name").toggleClass("open");
})
});
</script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink