hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 17:25:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into jmespath

Browse Source
This commit is contained in:
Rasmus Wriedt Larsen
2021-06-21 15:26:45 +02:00
parent dec6723183 baf8d0a990
commit 1c48aca630
828 changed files with 21750 additions and 2337 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
docs/codeql/codeql-for-visual-studio-code/customizing-settings.rst
View File

@@ -30,7 +30,7 @@ Choosing a version of the CodeQL CLI
The CodeQL extension uses the CodeQL CLI to run commands. If you already have the CLI installed and added to your ``PATH``, the extension uses that version. This might be the case if you create your own CodeQL databases instead of downloading them from LGTM.com. Otherwise, the extension automatically manages access to the executable of the CLI for you. For more information about creating databases, see ":ref:`Creating CodeQL databases <creating-codeql-databases>`" in the CLI help.
To override the default behavior and use a different CLI, you can specify the CodeQL CLI **Executable Path**. Note that this is only available as a user setting, not as a workspace setting.
To override the default behavior and use a different CLI, you can specify the CodeQL CLI **Executable Path**.
Changing the labels of query history items
--------------------------------------------
@@ -46,6 +46,8 @@ The query history **Format** setting controls how the extension lists queries in
To override the default label, you can specify a different format for the query history items.
.. _configuring-settings-for-running-queries:
Configuring settings for running queries
-----------------------------------------
@@ -53,6 +55,8 @@ There are a number of settings for **Running Queries**. If your queries run too
.. include:: ../reusables/running-queries-debug.rst
To save query server logs in a custom location, edit the **Running Queries: Custom Log Directory** setting. If you use a custom log directory, the extension saves the logs permanently, instead of deleting them automatically after each workspace session. This is useful if you want to investigate these logs to improve the performance of your queries.
Configuring settings for testing queries
-----------------------------------------

2
docs/codeql/codeql-for-visual-studio-code/troubleshooting-codeql-for-visual-studio-code.rst
View File

@@ -38,6 +38,8 @@ You are most likely to need to restart the query server if you make external cha
To see the logs from running a particular query, right-click the query in the Query History and select **Show Query Log**.
If the log file is too large for the extension to open in the VS Code editor, the file will be displayed in your file explorer so you can open it with an external program.
By default, the extension deletes logs after each workspace session. To override this behavior, you can specify a custom directory for query server logs. For more information, see ":ref:`Customizing settings <configuring-settings-for-running-queries>`."
Exploring problems with running tests
----------------------------------------------

14
docs/codeql/ql-language-reference/expressions.rst
View File

@@ -308,7 +308,10 @@ The following aggregates are available in QL:
rank[4](int i | i = [5 .. 15] | i)
Note that the rank indices start at ``1``, so ``rank[0](...)`` returns no results.
.. pull-quote:: Note
- Rank indices start at ``1``, so ``rank[0](...)`` has no result.
- ``rank[1](...)`` is the same as ``min(...)``.
.. index:: strictconcat, strictcount, strictsum
@@ -530,14 +533,21 @@ The query produces these results:
+-----------+---------+------+
| variant | person | cost |
+-----------+---------+------+
+===========+=========+======+
| default | Alice | 201 |
+-----------+---------+------+
| default | Bob | 100 |
+-----------+---------+------+
| default | Charles | 100 |
+-----------+---------+------+
| default | Diane | 0 |
+-----------+---------+------+
| monotonic | Alice | 101 |
+-----------+---------+------+
| monotonic | Alice | 200 |
+-----------+---------+------+
| monotonic | Bob | 100 |
+-----------+---------+------+
| monotonic | Diane | 0 |
+-----------+---------+------+

17
docs/codeql/ql-language-reference/ql-language-specification.rst
View File

@@ -69,25 +69,14 @@ of the active database schema (for example, ``<queries
language="java"/>``).
A ``qlpack.yml`` file defines a :ref:`QL pack <about-ql-packs>`.
The content of a ``qlpack.yml`` file is described in the CodeQL CLI documentation. This file
will not be recognized when using legacy tools that are not based
on the CodeQL CLI (that is, LGTM.com, LGTM Enterprise, ODASA, CodeQL for
Eclipse, and CodeQL for Visual Studio).
The content of a ``qlpack.yml`` file is described in the CodeQL CLI documentation.
If both a ``queries.xml`` and a ``qlpack.yml`` exist in the same
directory, the latter takes precedence (and the former is assumed to
exist for compatibility with older tooling).
In legacy QL tools that don't recognize ``qlpack.yml`` files, the default
value of the library path for
each supported language is hard-coded. The tools contain directories within the ODASA
distribution that define the default CodeQL libraries for the selected
language. Which language to use depends on the ``language`` attribute
of the ``queries.xml`` file if not overridden with a ``--language``
option to the ODASA CLI.
On the other hand, the CodeQL CLI and newer tools based on it (such as
GitHub Code Scanning and the CodeQL extension for Visual Studio Code)
The CodeQL CLI and newer tools based on it (such as,
GitHub code scanning and the CodeQL extension for Visual Studio Code)
construct a library path using QL packs. For each QL pack
added to the library path, the QL packs named in its
``libraryPathDependencies`` will be subsequently added to the library

2
docs/codeql/reusables/running-queries-debug.rst
View File

@@ -1 +1 @@
If you want to examine query performance, enable the **Running Queries: Debug** setting to include timing and tuple counts in the CodeQL Query Server logs shown in the Output view. The tuple count is useful because it indicates the size of the :ref:`predicates <predicates>` computed by the query.
If you want to examine query performance, enable the **Running Queries: Debug** setting to include timing and tuple counts. This is shown in the logs in the CodeQL Query Server tab of the Output view. The tuple count is useful because it indicates the size of the :ref:`predicates <predicates>` computed by the query.

1
docs/codeql/support/index.rst
View File

@@ -16,5 +16,4 @@ For details of the CodeQL libraries, see `CodeQL standard libraries <https://cod
.. toctree::
:hidden:
notes-ql-users
ql-training

91
docs/codeql/support/notes-ql-users.rst
View File

@@ -1,91 +0,0 @@
Notes for legacy QL CLI users
=============================
If you've previously used the QL command-line tools (``odasa``), you'll notice a
few key differences when you use the new CodeQL products:
* "QL snapshots" are now called `CodeQL databases <https://help.semmle.com/codeql/glossary.html#codeql-database>`__.
* The process of creating a CodeQL database is much simpler and more streamlined.
There's no need to create ``projects`` or ``snapshots``---just check out the
code and build it using the CodeQL CLI ``codeql database create`` command.
* Queries are run against CodeQL databases using the CodeQL CLI ``codeql
database analyze`` command.
For more information, see `Creating CodeQL databases
<https://help.semmle.com/codeql/codeql-cli/procedures/create-codeql-database.html>`__ and
`Analyzing databases with the CodeQL CLI <https://help.semmle.com/codeql/codeql-cli/procedures/analyze-codeql-database.html>`__.
For detailed guidance about equivalent commands, see `Overview of common commands
<#overview-of-common-commands>`__ below.
.. _database-compatibiilty-notes:
Database compatibility notes
----------------------------
A CodeQL database created by the CodeQL CLI serves the same purpose as a QL
snapshot created using ``odasa``. They both contain a code database to query and
usually a source reference for results display. However, they are not identical
formats and, if you use the legacy QL tools alongside the CodeQL tools, you need
to be aware of the following:
* Existing QL snapshots, exported using the legacy CLI, can be used with the new
CodeQL tools. Unzip the snapshot and treat the directory as a database. If it
was built with an earlier version of the legacy CLI, you may need to upgrade
the database using ``codeql database upgrade``. For more information, see the
`database upgrade reference documentation
<https://help.semmle.com/codeql/codeql-cli/commands/database-upgrade.html>`__.
* CodeQL databases are not directly compatible with CodeQL for Eclipse.
However, you can "bundle" a CodeQL database into the equivalent of a QL
exported snapshot by running::
codeql database bundle --include-uncompressed-source -o <output-zip> <codeql-database>
The resulting database can be imported into CodeQL for Eclipse. For more
information, see the `database bundle reference documentation <https://help.semmle.com/codeql/codeql-cli/commands/database-bundle.html>`__.
* .. include:: ../reusables/index-files-note.rst
* CodeQL databases cannot be directly uploaded to an LGTM Enterprise instance.
For more information, see `Preparing CodeQL databases to upload to LGTM
<https://help.semmle.com/lgtm-enterprise/admin/help/prepare-database-upload.html>`__
in the LGTM admin help.
Query suites
------------
CodeQL includes a new, more flexible, format for query suites. Legacy query
suite definitions are not compatible with the new CodeQL tools. For more
information about CodeQL query suites, see `Creating CodeQL query suites
<https://help.semmle.com/codeql/codeql-cli/procedures/query-suites.html>`__.
Overview of common commands
---------------------------
If you're switching from the legacy ODASA CLI to the new CodeQL CLI,
the table below shows which commands replace the most
common ODASA processes.
+------------------------------------------+---------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``odasa`` command | Corresponding ``codeql`` command | Notes |
+==========================================+===================================================================================================+=========================================================================================================================================================================================================================================================================================================================================================================================================================================================================+
| ``bootstrap`` | n/a | CodeQL analysis does not use ``project`` files during database creation. For more information about creating databases, see `Creating CodeQL databases <https://help.semmle.com/codeql/codeql-cli/procedures/create-codeql-database.html>`__. |
+------------------------------------------+---------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``addSnapshot``, ``addLatestSnapshot`` | n/a | To obtain the version of the code you want to analyze, just run your normal check-out commands. |
+------------------------------------------+---------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``buildSnapshot`` | `database create <https://help.semmle.com/codeql/codeql-cli/commands/database-create.html>`__ | When creating a CodeQL database, you specfiy build commands in the command line, rather than in a project file. For more information, see `Creating CodeQL databases <https://help.semmle.com/codeql/codeql-cli/procedures/create-codeql-database.html>`__. |
+------------------------------------------+---------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``analyzeSnapshot`` | `database analyze <https://help.semmle.com/codeql/codeql-cli/commands/database-analyze.html>`__ | For more information, see `Analyzing databases with the CodeQL CLI <https://help.semmle.com/codeql/codeql-cli/procedures/analyze-codeql-database.html>`__. |
+------------------------------------------+---------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``archiveSnapshot`` | `database cleanup <https://help.semmle.com/codeql/codeql-cli/commands/database-cleanup.html>`__ | Use ``database cleanup`` to reduce the size of a CodeQL database by deleting temporary data. |
+------------------------------------------+---------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``export`` | `database bundle <https://help.semmle.com/codeql/codeql-cli/commands/database-bundle.html>`__ | You don't need to export databases before adding them to VS Code. However, you should "bundle" CodeQL databases before using them with LGTM Enterprise, CodeQL for Eclipse, or CodeQL for Visual Studio. For more information, see `Preparing CodeQL databases to upload to LGTM <https://help.semmle.com/lgtm-enterprise/admin/help/prepare-database-upload.html>`__ in the LGTM admin help and the `Database compatibility notes <#database-compatibility-notes>`__. |
+------------------------------------------+---------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``prepareQueries`` | `query compile <https://help.semmle.com/codeql/codeql-cli/commands/query-compile.html>`__ | Queries are compiled when you run ``database analyze`` and other query-running commands. You can speed up compilation by running ``query compile`` separately using more threads. |
+------------------------------------------+---------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``qltest`` | `test run <https://help.semmle.com/codeql/codeql-cli/commands/test-run.html>`__ | For more information about running regression tests, see `Testing custom queries <https://help.semmle.com/codeql/codeql-cli/procedures/test-queries.html>`__. |
+------------------------------------------+---------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``runQuery`` | `query run <https://help.semmle.com/codeql/codeql-cli/commands/query-run.html>`__ | Use ``query run`` to quickly view results in your terminal. To generate interpreted results that can be viewed in source code, use ``database analyze``. |
+------------------------------------------+---------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``upgrade`` | `database upgrade <https://help.semmle.com/codeql/codeql-cli/commands/database-upgrade.html>`__ | For more information, see `Upgrading CodeQL databases <https://help.semmle.com/codeql/codeql-cli/procedures/upgrade-codeql-database.html>`__. |
+------------------------------------------+---------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

19
docs/codeql/support/reusables/frameworks.rst
View File

@@ -1,7 +1,7 @@
C and C++ built-in support
================================
.. csv-table::
.. csv-table::
:header-rows: 1
:class: fullWidthTable
:widths: auto
@@ -14,7 +14,7 @@ C and C++ built-in support
C# built-in support
================================
.. csv-table::
.. csv-table::
:header-rows: 1
:class: fullWidthTable
:widths: auto
@@ -84,7 +84,7 @@ Go built-in support
Java built-in support
==================================
.. csv-table::
.. csv-table::
:header-rows: 1
:class: fullWidthTable
:widths: auto
@@ -109,7 +109,7 @@ Java built-in support
JavaScript and TypeScript built-in support
=======================================================
.. csv-table::
.. csv-table::
:header-rows: 1
:class: fullWidthTable
:widths: auto
@@ -152,19 +152,26 @@ Python built-in support
:widths: auto
Name, Category
aiohttp.web, Web framework
Django, Web framework
Flask, Web framework
Tornado, Web framework
Twisted, Web framework
PyYAML, Serialization
dill, Serialization
simplejson, Serialization
ujson, Serialization
fabric, Utility library
invoke, Utility library
idna, Utility library
invoke, Utility library
jmespath, Utility library
multidict, Utility library
yarl, Utility library
aioch, Database
clickhouse-driver, Database
mysql-connector-python, Database
MySQLdb, Database
mysql-connector, Database
MySQL-python, Database
psycopg2, Database
sqlite3, Database
cryptography, Cryptography library

4
docs/codeql/support/reusables/versions-compilers.rst
View File

@@ -4,9 +4,9 @@
:stub-columns: 1
Language,Variants,Compilers,Extensions
C/C++,"C89, C99, C11, C18, C++98, C++03, C++11, C++14, C++17","Clang (and clang-cl [1]_) extensions (up to Clang 9.0),
C/C++,"C89, C99, C11, C18, C++98, C++03, C++11, C++14, C++17","Clang (and clang-cl [1]_) extensions (up to Clang 12.0),
GNU extensions (up to GCC 9.2),
GNU extensions (up to GCC 11.1),
Microsoft extensions (up to VS 2019),