diff --git a/docs/codeql/codeql-cli/about-ql-packs.rst b/docs/codeql/codeql-cli/about-ql-packs.rst index dc47f2a023b..fb5a1d8a8a0 100644 --- a/docs/codeql/codeql-cli/about-ql-packs.rst +++ b/docs/codeql/codeql-cli/about-ql-packs.rst @@ -7,7 +7,7 @@ QL packs are used to organize the files used in CodeQL analysis. They contain queries, library files, query suites, and important metadata. The `CodeQL repository `__ contains QL packs for -C/C++, C#, Java, JavaScript, and Python. The `CodeQL for Go +C/C++, C#, Java, JavaScript, Python, and Ruby. The `CodeQL for Go `__ repository contains a QL pack for Go analysis. You can also make custom QL packs to contain your own queries and libraries. diff --git a/docs/codeql/codeql-cli/creating-codeql-databases.rst b/docs/codeql/codeql-cli/creating-codeql-databases.rst index cfde8adb3db..9fa137599b7 100644 --- a/docs/codeql/codeql-cli/creating-codeql-databases.rst +++ b/docs/codeql/codeql-cli/creating-codeql-databases.rst @@ -88,15 +88,15 @@ Creating databases for non-compiled languages --------------------------------------------- The CodeQL CLI includes extractors to create databases for non-compiled -languages---specifically, JavaScript (and TypeScript) and Python. These -extractors are automatically invoked when you specify JavaScript or Python as +languages---specifically, JavaScript (and TypeScript), Python, and Ruby. These +extractors are automatically invoked when you specify JavaScript, Python, or Ruby as the ``--language`` option when executing ``database create``. When creating databases for these languages you must ensure that all additional dependencies are available. .. pull-quote:: Important - When you run ``database create`` for JavaScript, TypeScript, and Python, you should not + When you run ``database create`` for JavaScript, TypeScript, Python, and Ruby, you should not specify a ``--command`` option. Otherwise this overrides the normal extractor invocation, which will create an empty database. If you create databases for multiple languages and one of them is a compiled language, @@ -129,14 +129,25 @@ When creating databases for Python you must ensure: packages that the codebase depends on. - You have installed the `virtualenv `__ pip module. -In the command line you must specify ``--language=python``. For example +In the command line you must specify ``--language=python``. For example:: :: codeql database create --language=python /python-database -executes the ``database create`` subcommand from the code's checkout root, +This executes the ``database create`` subcommand from the code's checkout root, generating a new Python database at ``/python-database``. +Ruby +~~~~ + +Creating databases for Ruby requires no additional dependencies. +In the command line you must specify ``--language=ruby``. For example:: + + codeql database create --language=ruby --source-root /ruby-database + +Here, we have specified a ``--source-root`` path, which is the location where +database creation is executed, but is not necessarily the checkout root of the +codebase. Creating databases for compiled languages ----------------------------------------- diff --git a/docs/codeql/codeql-cli/getting-started-with-the-codeql-cli.rst b/docs/codeql/codeql-cli/getting-started-with-the-codeql-cli.rst index 1144c1c3e6c..a8ef822a628 100644 --- a/docs/codeql/codeql-cli/getting-started-with-the-codeql-cli.rst +++ b/docs/codeql/codeql-cli/getting-started-with-the-codeql-cli.rst @@ -100,7 +100,7 @@ further options on the command line. The `CodeQL repository `__ contains the queries and libraries required for CodeQL analysis of C/C++, C#, Java, -JavaScript/TypeScript, and Python. +JavaScript/TypeScript, Python, and Ruby. Clone a copy of this repository into ``codeql-home``. By default, the root of the cloned repository will be called ``codeql``. diff --git a/docs/codeql/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code.rst b/docs/codeql/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code.rst index 0075826d421..a43c69edecb 100644 --- a/docs/codeql/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code.rst +++ b/docs/codeql/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code.rst @@ -78,7 +78,7 @@ Using the starter workspace ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The starter workspace is a Git repository. It contains: -* The `repository of CodeQL libraries and queries `__ for C/C++, C#, Java, JavaScript, and Python. This is included as a submodule, so it can be updated without affecting your custom queries. +* The `repository of CodeQL libraries and queries `__ for C/C++, C#, Java, JavaScript, Python, and Ruby. This is included as a submodule, so it can be updated without affecting your custom queries. * The `repository of CodeQL libraries and queries `__ for Go. This is also included as a submodule. * A series of folders named ``codeql-custom-queries-``. These are ready for you to start developing your own custom queries for each language, using the standard libraries. There are some example queries to get you started. diff --git a/docs/codeql/codeql-language-guides/codeql-for-ruby.rst b/docs/codeql/codeql-language-guides/codeql-for-ruby.rst index eaf5e8c94e1..bfb29a012ef 100644 --- a/docs/codeql/codeql-language-guides/codeql-for-ruby.rst +++ b/docs/codeql/codeql-language-guides/codeql-for-ruby.rst @@ -14,3 +14,5 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat - :doc:`Basic query for Ruby code `: Learn to write and run a simple CodeQL query using LGTM. - :doc:`CodeQL library for Ruby `: When you're analyzing a Ruby program, you can make use of the large collection of classes in the CodeQL library for Ruby. + +.. include:: ../reusables/ruby-beta-note.rst diff --git a/docs/codeql/query-help/codeql-cwe-coverage.rst b/docs/codeql/query-help/codeql-cwe-coverage.rst index b333053a1c8..cc538196b4f 100644 --- a/docs/codeql/query-help/codeql-cwe-coverage.rst +++ b/docs/codeql/query-help/codeql-cwe-coverage.rst @@ -33,3 +33,5 @@ Note that the CWE coverage includes both "`supported queries ` - :doc:`CodeQL query help for Python ` - .. pull-quote:: Information Each query help article includes: @@ -23,6 +22,8 @@ View the query help for the queries included in the ``code-scanning``, ``securit For a full list of the CWEs covered by these queries, see ":doc:`CodeQL CWE coverage `." +.. include:: ../reusables/ruby-beta-note.rst + .. toctree:: :hidden: :titlesonly: diff --git a/docs/codeql/reusables/extractors.rst b/docs/codeql/reusables/extractors.rst index 9076f7a768d..a3a4952811d 100644 --- a/docs/codeql/reusables/extractors.rst +++ b/docs/codeql/reusables/extractors.rst @@ -15,4 +15,6 @@ * - JavaScript/TypeScript - ``javascript`` * - Python - - ``python`` \ No newline at end of file + - ``python`` + * - Ruby + - ``ruby`` \ No newline at end of file diff --git a/docs/codeql/reusables/ruby-beta-note.rst b/docs/codeql/reusables/ruby-beta-note.rst new file mode 100644 index 00000000000..761381777c0 --- /dev/null +++ b/docs/codeql/reusables/ruby-beta-note.rst @@ -0,0 +1,4 @@ + .. pull-quote:: Note + + CodeQL analysis for Ruby is currently in beta. During the beta, analysis of Ruby code, + and the accompanying documentation, will not be as comprehensive as for other languages. diff --git a/docs/codeql/support/reusables/versions-compilers.rst b/docs/codeql/support/reusables/versions-compilers.rst index 42c830ea665..62678e16f05 100644 --- a/docs/codeql/support/reusables/versions-compilers.rst +++ b/docs/codeql/support/reusables/versions-compilers.rst @@ -22,7 +22,8 @@ Eclipse compiler for Java (ECJ) [5]_",``.java`` JavaScript,ECMAScript 2021 or lower,Not applicable,"``.js``, ``.jsx``, ``.mjs``, ``.es``, ``.es6``, ``.htm``, ``.html``, ``.xhm``, ``.xhtml``, ``.vue``, ``.json``, ``.yaml``, ``.yml``, ``.raml``, ``.xml`` [6]_" Python,"2.7, 3.5, 3.6, 3.7, 3.8, 3.9",Not applicable,``.py`` - TypeScript [7]_,"2.6-4.4",Standard TypeScript compiler,"``.ts``, ``.tsx``" + Ruby [7]_,"up to 3.02",Not applicable,"``.rb``, ``.erb``, ``.gemspec``, ``Gemfile``" + TypeScript [8]_,"2.6-4.4",Standard TypeScript compiler,"``.ts``, ``.tsx``" .. container:: footnote-group @@ -32,4 +33,5 @@ .. [4] Builds that execute on Java 7 to 16 can be analyzed. The analysis understands Java 16 standard language features. .. [5] ECJ is supported when the build invokes it via the Maven Compiler plugin or the Takari Lifecycle plugin. .. [6] JSX and Flow code, YAML, JSON, HTML, and XML files may also be analyzed with JavaScript files. - .. [7] TypeScript analysis is performed by running the JavaScript extractor with TypeScript enabled. This is the default for LGTM. + .. [7] Requires glibc 2.17. + .. [8] TypeScript analysis is performed by running the JavaScript extractor with TypeScript enabled. This is the default for LGTM. diff --git a/docs/codeql/writing-codeql-queries/creating-path-queries.rst b/docs/codeql/writing-codeql-queries/creating-path-queries.rst index 60723f488e1..4eec766d488 100644 --- a/docs/codeql/writing-codeql-queries/creating-path-queries.rst +++ b/docs/codeql/writing-codeql-queries/creating-path-queries.rst @@ -116,7 +116,7 @@ Declaring sources and sinks You must provide information about the ``source`` and ``sink`` in your path query. These are objects that correspond to the nodes of the paths that you are exploring. The name and the type of the ``source`` and the ``sink`` must be declared in the ``from`` statement of the query, and the types must be compatible with the nodes of the graph computed by the ``edges`` predicate. -If you are querying C/C++, C#, Java, or JavaScript code (and you have used ``import DataFlow::PathGraph`` in your query), the definitions of the ``source`` and ``sink`` are accessed via the ``Configuration`` class in the data flow library. You should declare all three of these objects in the ``from`` statement. +If you are querying C/C++, C#, Java, JavaScript, Python, or Ruby code (and you have used ``import DataFlow::PathGraph`` in your query), the definitions of the ``source`` and ``sink`` are accessed via the ``Configuration`` class in the data flow library. You should declare all three of these objects in the ``from`` statement. For example: .. code-block:: ql