mirror of
https://github.com/github/codeql.git
synced 2025-12-16 16:53:25 +01:00
Pending changes exported from your codespace
This commit is contained in:
Sarita Iyer
@@ -3,7 +3,7 @@
|
||||
Abstract syntax tree classes for working with Java programs
|
||||
===========================================================
|
||||
|
||||
CodeQL has a large selection of classes for representing the abstract syntax tree of Java programs.
|
||||
CodeQL has a large selection of classes for representing the abstract syntax tree of Java and Kotlin programs.
|
||||
|
||||
.. include:: ../reusables/abstract-syntax-tree.rst
|
||||
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
.. _analyzing-data-flow-in-java:
|
||||
|
||||
Analyzing data flow in Java
|
||||
Analyzing data flow in Java and Kotlin
|
||||
===========================
|
||||
|
||||
You can use CodeQL to track the flow of data through a Java program to its use.
|
||||
You can use CodeQL to track the flow of data through a Java/Kotlin program to its use.
|
||||
|
||||
.. include:: ../reusables/kotlin-beta-note.rst
|
||||
|
||||
@@ -12,7 +12,7 @@ You can use CodeQL to track the flow of data through a Java program to its use.
|
||||
About this article
|
||||
------------------
|
||||
|
||||
This article describes how data flow analysis is implemented in the CodeQL libraries for Java and includes examples to help you write your own data flow queries.
|
||||
This article describes how data flow analysis is implemented in the CodeQL libraries for Java/Kotlin and includes examples to help you write your own data flow queries.
|
||||
The following sections describe how to use the libraries for local data flow, global data flow, and taint tracking.
|
||||
|
||||
For a more general introduction to modeling data flow, see ":ref:`About data flow analysis <about-data-flow-analysis>`."
|
||||
|
||||
@@ -52,7 +52,7 @@ After the initial ``import`` statement, this simple query comprises three parts
|
||||
+---------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------+
|
||||
| Query part | Purpose | Details |
|
||||
+===============================================================+===================================================================================================================+========================================================================================================================+
|
||||
| ``import cpp`` | Imports the standard CodeQL libraries for C/C++. | Every query begins with one or more ``import`` statements. |
|
||||
| ``import c-cpp`` | Imports the standard CodeQL libraries for C/C++. | Every query begins with one or more ``import`` statements. |
|
||||
+---------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------+
|
||||
| ``from IfStmt ifstmt, BlockStmt block`` | Defines the variables for the query. | We use: |
|
||||
| | Declarations are of the form: | |
|
||||
|
||||
@@ -70,7 +70,7 @@ After the initial ``import`` statement, this simple query comprises three parts
|
||||
+--------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------+
|
||||
| Query part | Purpose | Details |
|
||||
+==================================================================================================+===================================================================================================================+===================================================================================================+
|
||||
| ``import java`` | Imports the standard CodeQL libraries for Java and Kotlin. | Every query begins with one or more ``import`` statements. |
|
||||
| ``import java-kotlin`` | Imports the standard CodeQL libraries for Java and Kotlin. | Every query begins with one or more ``import`` statements. |
|
||||
+--------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------+
|
||||
| ``from MethodAccess ma`` | Defines the variables for the query. | We use: |
|
||||
| | Declarations are of the form: | |
|
||||
@@ -133,7 +133,7 @@ Further reading
|
||||
|
||||
.. Article-specific substitutions for the reusables used in docs/codeql/reusables/vs-code-basic-instructions
|
||||
|
||||
.. |language-text| replace:: Java
|
||||
.. |language-text| replace:: Java/Kotlin
|
||||
|
||||
.. |language-code| replace:: ``java``
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
.. _basic-query-for-javascript-code:
|
||||
|
||||
Basic query for JavaScript code
|
||||
Basic query for JavaScript and TypeScript code
|
||||
===============================
|
||||
|
||||
Learn to write and run a simple CodeQL query using Visual Studio Code with the CodeQL extension.
|
||||
@@ -10,7 +10,7 @@ Learn to write and run a simple CodeQL query using Visual Studio Code with the C
|
||||
About the query
|
||||
---------------
|
||||
|
||||
In JavaScript, any expression can be turned into an expression statement. While this is sometimes convenient, it can be dangerous. For example, imagine a programmer wants to assign a new value to a variable ``x`` by means of an assignment ``x = 42``. However, they accidentally type two equals signs, producing the comparison statement ``x == 42``. This is valid JavaScript, so no error is generated. The statement simply compares ``x`` to ``42``, and then discards the result of the comparison.
|
||||
In JavaScript and TypeScript, any expression can be turned into an expression statement. While this is sometimes convenient, it can be dangerous. For example, imagine a programmer wants to assign a new value to a variable ``x`` by means of an assignment ``x = 42``. However, they accidentally type two equals signs, producing the comparison statement ``x == 42``. This is valid JavaScript, so no error is generated. The statement simply compares ``x`` to ``42``, and then discards the result of the comparison.
|
||||
|
||||
The query you will run finds instances of this problem. The query searches for expressions ``e`` that are pure—that is, their evaluation does not lead to any side effects—but appear as an expression statement.
|
||||
|
||||
@@ -50,7 +50,7 @@ After the initial ``import`` statement, this simple query comprises three parts
|
||||
+---------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------+
|
||||
| Query part | Purpose | Details |
|
||||
+===============================================================+===================================================================================================================+========================================================================================================================+
|
||||
| ``import javascript`` | Imports the standard CodeQL libraries for JavaScript. | Every query begins with one or more ``import`` statements. |
|
||||
| ``import javascript-typescript`` | Imports the standard CodeQL libraries for JavaScript and TypeScript. | Every query begins with one or more ``import`` statements. |
|
||||
+---------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------+
|
||||
| ``from Expr e`` | Defines the variables for the query. | ``e`` is declared as a variable that ranges over expressions. |
|
||||
| | Declarations are of the form: | |
|
||||
|
||||
@@ -10,7 +10,7 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat
|
||||
|
||||
.. pull-quote:: Enabling Kotlin support
|
||||
|
||||
CodeQL treats Java and Kotlin as parts of the same language, so to enable Kotlin support you should enable ``java`` as a language.
|
||||
CodeQL treats Java and Kotlin as parts of the same language, so to enable Kotlin support you should enable ``java-kotlin`` as a language.
|
||||
|
||||
.. toctree::
|
||||
:hidden:
|
||||
@@ -26,11 +26,11 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat
|
||||
working-with-source-locations
|
||||
abstract-syntax-tree-classes-for-working-with-java-programs
|
||||
|
||||
- :doc:`Basic query for Java code <basic-query-for-java-code>`: Learn to write and run a simple CodeQL query.
|
||||
- :doc:`Basic query for Java and Kotlin code <basic-query-for-java-code>`: Learn to write and run a simple CodeQL query.
|
||||
|
||||
- :doc:`CodeQL library for Java <codeql-library-for-java>`: When analyzing Java code, you can use the large collection of classes in the CodeQL library for Java.
|
||||
- :doc:`CodeQL library for Java and Kotlin <codeql-library-for-java>`: When analyzing Java/Kotlin code, you can use the large collection of classes in the CodeQL library for Java/Kotlin.
|
||||
|
||||
- :doc:`Analyzing data flow in Java <analyzing-data-flow-in-java>`: You can use CodeQL to track the flow of data through a Java program to its use.
|
||||
- :doc:`Analyzing data flow in Java and Kotlin <analyzing-data-flow-in-java>`: You can use CodeQL to track the flow of data through a Java/Kotlin program to its use.
|
||||
|
||||
- :doc:`Java types <types-in-java>`: You can use CodeQL to find out information about data types used in Java code. This allows you to write queries to identify specific type-related issues.
|
||||
|
||||
@@ -44,4 +44,4 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat
|
||||
|
||||
- :doc:`Working with source locations <working-with-source-locations>`: You can use the location of entities within Java code to look for potential errors. Locations allow you to deduce the presence, or absence, of white space which, in some cases, may indicate a problem.
|
||||
|
||||
- :doc:`Abstract syntax tree classes for working with Java programs <abstract-syntax-tree-classes-for-working-with-java-programs>`: CodeQL has a large selection of classes for representing the abstract syntax tree of Java programs.
|
||||
- :doc:`Abstract syntax tree classes for working with Java and Kotlin programs <abstract-syntax-tree-classes-for-working-with-java-programs>`: CodeQL has a large selection of classes for representing the abstract syntax tree of Java/Kotlin programs.
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
CodeQL for JavaScript
|
||||
=====================
|
||||
|
||||
Experiment and learn how to write effective and efficient queries for CodeQL databases generated from JavaScript codebases.
|
||||
Experiment and learn how to write effective and efficient queries for CodeQL databases generated from JavaScript and TypeScript codebases.
|
||||
|
||||
.. toctree::
|
||||
:hidden:
|
||||
@@ -18,7 +18,7 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat
|
||||
abstract-syntax-tree-classes-for-working-with-javascript-and-typescript-programs
|
||||
data-flow-cheat-sheet-for-javascript
|
||||
|
||||
- :doc:`Basic query for JavaScript code <basic-query-for-javascript-code>`: Learn to write and run a simple CodeQL query.
|
||||
- :doc:`Basic query for JavaScript and TypeScript code <basic-query-for-javascript-code>`: Learn to write and run a simple CodeQL query.
|
||||
|
||||
- :doc:`CodeQL library for JavaScript <codeql-library-for-javascript>`: When you're analyzing a JavaScript program, you can make use of the large collection of classes in the CodeQL library for JavaScript.
|
||||
|
||||
|
||||
@@ -1,14 +1,14 @@
|
||||
.. _codeql-library-for-java:
|
||||
|
||||
CodeQL library for Java
|
||||
CodeQL library for Java and Kotlin
|
||||
=======================
|
||||
|
||||
When you're analyzing a Java program, you can make use of the large collection of classes in the CodeQL library for Java.
|
||||
When you're analyzing a Java/Kotlin program, you can make use of the large collection of classes in the CodeQL library for Java/Kotlin.
|
||||
|
||||
About the CodeQL library for Java
|
||||
About the CodeQL library for Java and Kotlin
|
||||
---------------------------------
|
||||
|
||||
There is an extensive library for analyzing CodeQL databases extracted from Java projects. The classes in this library present the data from a database in an object-oriented form and provide abstractions and predicates to help you with common analysis tasks.
|
||||
There is an extensive library for analyzing CodeQL databases extracted from Java/Kotlin projects. The classes in this library present the data from a database in an object-oriented form and provide abstractions and predicates to help you with common analysis tasks.
|
||||
|
||||
The library is implemented as a set of QL modules, that is, files with the extension ``.qll``. The module ``java.qll`` imports all the core Java library modules, so you can include the complete library by beginning your query with:
|
||||
|
||||
@@ -27,7 +27,7 @@ The rest of this article briefly summarizes the most important classes and predi
|
||||
Summary of the library classes
|
||||
------------------------------
|
||||
|
||||
The most important classes in the standard Java library can be grouped into five main categories:
|
||||
The most important classes in the standard Java/Kotlin library can be grouped into five main categories:
|
||||
|
||||
#. Classes for representing program elements (such as classes and methods)
|
||||
#. Classes for representing AST nodes (such as statements and expressions)
|
||||
@@ -192,7 +192,7 @@ The wildcards ``? extends Number`` and ``? super Float`` are represented by clas
|
||||
|
||||
For dealing with generic methods, there are classes ``GenericMethod``, ``ParameterizedMethod`` and ``RawMethod``, which are entirely analogous to the like-named classes for representing generic types.
|
||||
|
||||
For more information on working with types, see the :doc:`Types in Java <types-in-java>`.
|
||||
For more information on working with types, see the :doc:`Types in Java and Kotlin <types-in-java>`.
|
||||
|
||||
Variables
|
||||
~~~~~~~~~
|
||||
@@ -206,7 +206,7 @@ Class ``Variable`` represents a variable `in the Java sense <https://docs.oracle
|
||||
Abstract syntax tree
|
||||
--------------------
|
||||
|
||||
Classes in this category represent abstract syntax tree (AST) nodes, that is, statements (class ``Stmt``) and expressions (class ``Expr``). For a full list of expression and statement types available in the standard QL library, see ":doc:`Abstract syntax tree classes for working with Java programs <abstract-syntax-tree-classes-for-working-with-java-programs>`."
|
||||
Classes in this category represent abstract syntax tree (AST) nodes, that is, statements (class ``Stmt``) and expressions (class ``Expr``). For a full list of expression and statement types available in the standard QL library, see ":doc:`Abstract syntax tree classes for working with Java and Kotlin programs <abstract-syntax-tree-classes-for-working-with-java-programs>`."
|
||||
|
||||
Both ``Expr`` and ``Stmt`` provide member predicates for exploring the abstract syntax tree of a program:
|
||||
|
||||
@@ -254,12 +254,12 @@ Finally, here is a query that finds method bodies:
|
||||
|
||||
As these examples show, the parent node of an expression is not always an expression: it may also be a statement, for example, an ``IfStmt``. Similarly, the parent node of a statement is not always a statement: it may also be a method or a constructor. To capture this, the QL Java library provides two abstract class ``ExprParent`` and ``StmtParent``, the former representing any node that may be the parent node of an expression, and the latter any node that may be the parent node of a statement.
|
||||
|
||||
For more information on working with AST classes, see the :doc:`article on overflow-prone comparisons in Java <overflow-prone-comparisons-in-java>`.
|
||||
For more information on working with AST classes, see the :doc:`article on overflow-prone comparisons in Java and Kotlin <overflow-prone-comparisons-in-java>`.
|
||||
|
||||
Metadata
|
||||
--------
|
||||
|
||||
Java programs have several kinds of metadata, in addition to the program code proper. In particular, there are `annotations <https://docs.oracle.com/javase/tutorial/java/annotations/>`__ and `Javadoc <https://en.wikipedia.org/wiki/Javadoc>`__ comments. Since this metadata is interesting both for enhancing code analysis and as an analysis subject in its own right, the QL library defines classes for accessing it.
|
||||
Java/Kotlin programs have several kinds of metadata, in addition to the program code proper. In particular, there are `annotations <https://docs.oracle.com/javase/tutorial/java/annotations/>`__ and `Javadoc <https://en.wikipedia.org/wiki/Javadoc>`__ comments. Since this metadata is interesting both for enhancing code analysis and as an analysis subject in its own right, the QL library defines classes for accessing it.
|
||||
|
||||
For annotations, class ``Annotatable`` is a superclass of all program elements that can be annotated. This includes packages, reference types, fields, methods, constructors, and local variable declarations. For every such element, its predicate ``getAnAnnotation`` allows you to retrieve any annotations the element may have. For example, the following query finds all annotations on constructors:
|
||||
|
||||
@@ -344,7 +344,7 @@ Most large projects include some methods with a very high cyclomatic complexity.
|
||||
Call graph
|
||||
----------
|
||||
|
||||
CodeQL databases generated from Java code bases include precomputed information about the program's call graph, that is, which methods or constructors a given call may dispatch to at runtime.
|
||||
CodeQL databases generated from Java and Kotlin code bases include precomputed information about the program's call graph, that is, which methods or constructors a given call may dispatch to at runtime.
|
||||
|
||||
The class ``Callable``, introduced above, includes both methods and constructors. Call expressions are abstracted using class ``Call``, which includes method calls, ``new`` expressions, and explicit constructor calls using ``this`` or ``super``.
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# CWE coverage for JavaScript
|
||||
# CWE coverage for JavaScript and TypeScript
|
||||
|
||||
An overview of CWE coverage for JavaScript in the latest release of CodeQL.
|
||||
An overview of CWE coverage for JavaScript and TypeScript in the latest release of CodeQL.
|
||||
|
||||
## Overview
|
||||
|
||||
|
||||
@@ -5,15 +5,15 @@
|
||||
* - Language
|
||||
- Identifier
|
||||
* - C/C++
|
||||
- ``cpp``
|
||||
- ``c-cpp``
|
||||
* - C#
|
||||
- ``csharp``
|
||||
* - Go
|
||||
- ``go``
|
||||
* - Java/Kotlin
|
||||
- ``java``
|
||||
- ``java-kotlin``
|
||||
* - JavaScript/TypeScript
|
||||
- ``javascript``
|
||||
- ``javascript-typescript``
|
||||
* - Python
|
||||
- ``python``
|
||||
* - Ruby
|
||||
|
||||
@@ -74,7 +74,7 @@ When writing your own alert queries, you would typically import the standard lib
|
||||
- :ref:`CodeQL library guide for C and C++ <codeql-library-for-cpp>`
|
||||
- :ref:`CodeQL library guide for C# <codeql-library-for-csharp>`
|
||||
- :ref:`CodeQL library guide for Go <codeql-library-for-go>`
|
||||
- :ref:`CodeQL library guide for Java <codeql-library-for-java>`
|
||||
- :ref:`CodeQL library guide for Java and Kotlin <codeql-library-for-java>`
|
||||
- :ref:`CodeQL library guide for JavaScript <codeql-library-for-javascript>`
|
||||
- :ref:`CodeQL library guide for Python <codeql-library-for-python>`
|
||||
- :ref:`CodeQL library guide for Ruby <codeql-library-for-ruby>`
|
||||
|
||||
@@ -18,7 +18,7 @@ See the following tutorials for more information about analyzing data flow in sp
|
||||
|
||||
- ":ref:`Analyzing data flow in C/C++ <analyzing-data-flow-in-cpp>`"
|
||||
- ":ref:`Analyzing data flow in C# <analyzing-data-flow-in-csharp>`"
|
||||
- ":ref:`Analyzing data flow in Java <analyzing-data-flow-in-java>`"
|
||||
- ":ref:`Analyzing data flow in Java/Kotlin <analyzing-data-flow-in-java>`"
|
||||
- ":ref:`Analyzing data flow in JavaScript/TypeScript <analyzing-data-flow-in-javascript-and-typescript>`"
|
||||
- ":ref:`Analyzing data flow in Python <analyzing-data-flow-in-python>`"
|
||||
- ":ref:`Analyzing data flow in Ruby <analyzing-data-flow-in-ruby>`"
|
||||
|
||||
@@ -28,7 +28,7 @@ For more language-specific information on analyzing data flow, see:
|
||||
|
||||
- ":ref:`Analyzing data flow in C/C++ <analyzing-data-flow-in-cpp>`"
|
||||
- ":ref:`Analyzing data flow in C# <analyzing-data-flow-in-csharp>`"
|
||||
- ":ref:`Analyzing data flow in Java <analyzing-data-flow-in-java>`"
|
||||
- ":ref:`Analyzing data flow in Java/Kotlin <analyzing-data-flow-in-java>`"
|
||||
- ":ref:`Analyzing data flow in JavaScript/TypeScript <analyzing-data-flow-in-javascript-and-typescript>`"
|
||||
- ":ref:`Analyzing data flow in Python <analyzing-data-flow-in-python>`"
|
||||
- ":ref:`Analyzing data flow in Ruby <analyzing-data-flow-in-ruby>`"
|
||||
@@ -123,7 +123,7 @@ Declaring sources and sinks
|
||||
You must provide information about the ``source`` and ``sink`` in your path query. These are objects that correspond to the nodes of the paths that you are exploring.
|
||||
The name and the type of the ``source`` and the ``sink`` must be declared in the ``from`` statement of the query, and the types must be compatible with the nodes of the graph computed by the ``edges`` predicate.
|
||||
|
||||
If you are querying C/C++, C#, Go, Java, JavaScript, Python, or Ruby code (and you have used ``import MyFlow::PathGraph`` in your query), the definitions of the ``source`` and ``sink`` are accessed via the module resulting from the application of the ``Global<..>`` module in the data flow library. You should declare both of these objects in the ``from`` statement.
|
||||
If you are querying C/C++, C#, Go, Java/Kotlin, JavaScript/TypeScript, Python, or Ruby code (and you have used ``import MyFlow::PathGraph`` in your query), the definitions of the ``source`` and ``sink`` are accessed via the module resulting from the application of the ``Global<..>`` module in the data flow library. You should declare both of these objects in the ``from`` statement.
|
||||
For example:
|
||||
|
||||
.. code-block:: ql
|
||||
|
||||
@@ -15,7 +15,7 @@ For more information about how to write useful query help in a style that is con
|
||||
|
||||
You can access the query help for CodeQL queries by visiting `CodeQL query help <https://codeql.github.com/codeql-query-help>`__.
|
||||
You can also access the raw query help files in the `GitHub repository <https://github.com/github/codeql>`__.
|
||||
For example, see the `JavaScript security queries <https://github.com/github/codeql/tree/main/javascript/ql/src/Security>`__ and `C/C++ critical queries <https://github.com/github/codeql/tree/main/cpp/ql/src/Critical>`__.
|
||||
For example, see the `JavaScript/TypeScript security queries <https://github.com/github/codeql/tree/main/javascript/ql/src/Security>`__ and `C/C++ critical queries <https://github.com/github/codeql/tree/main/cpp/ql/src/Critical>`__.
|
||||
|
||||
Overview
|
||||
========
|
||||
|
||||
@@ -70,7 +70,7 @@ You must specify an `@id` property for your query. It must be unique and should
|
||||
* C and C++: `cpp`
|
||||
* C#: `cs`
|
||||
* Go: `go`
|
||||
* Java: `java`
|
||||
* Java and Kotlin: `java`
|
||||
* JavaScript and TypeScript: `js`
|
||||
* Python: `py`
|
||||
|
||||
|
||||
Reference in New Issue
Block a user