hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-24 08:15:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

docs: update further reading sections

Browse Source
This commit is contained in:
james
2020-05-05 09:59:25 +01:00
parent 49280ed893
commit 292f07d1fd
41 changed files with 120 additions and 147 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
docs/language/learn-ql/cpp/conversions-classes.rst
View File

@@ -223,8 +223,5 @@ There is a similar built-in `query <https://lgtm.com/rules/2158670642/>`__ on LG
Further reading
---------------
- Explore other ways of querying classes using examples from the `C/C++ cookbook <https://help.semmle.com/wiki/label/CBCPP/class>`__.
- Take a look at the :doc:`Analyzing data flow in C and C++ <dataflow>` tutorial.
- Try the worked examples in the following topics: :doc:`Refining a query to account for edge cases <private-field-initialization>`, and :doc:`Detecting a potential buffer overflow <zero-space-terminator>`.
- Find out more about QL in the `QL language reference <https://help.semmle.com/QL/ql-handbook/index.html>`__.
- Learn more about the query console in `Using the query console <https://lgtm.com/help/lgtm/using-query-console>`__ on LGTM.com.
.. include:: ../../reusables/cpp-further-reading.rst
.. include:: ../../reusables/codeql-ref-tools-further-reading.rst

15
docs/language/learn-ql/cpp/dataflow.rst
View File

@@ -299,13 +299,6 @@ Exercise 3: Write a class that represents flow sources from ``getenv``. (`Answer
Exercise 4: Using the answers from 2 and 3, write a query which finds all global data flows from ``getenv`` to ``gethostbyname``. (`Answer <#exercise-4>`__)
Further reading
---------------
- Try the worked examples in the following topics: :doc:`Refining a query to account for edge cases <private-field-initialization>` and :doc:`Detecting a potential buffer overflow <zero-space-terminator>`.
- Find out more about QL in the `QL language reference <https://help.semmle.com/QL/ql-handbook/index.html>`__.
- Learn more about the query console in `Using the query console <https://lgtm.com/help/lgtm/using-query-console>`__ on LGTM.com.
Answers
-------
@@ -393,3 +386,11 @@ Exercise 4
from DataFlow::Node getenv, FunctionCall fc, GetenvToGethostbynameConfiguration cfg
where cfg.hasFlow(getenv, DataFlow::exprNode(fc.getArgument(0)))
select getenv.asExpr(), fc
Further reading
---------------
- `Exploring data flow with path queries <https://help.semmle.com/codeql/codeql-for-vscode/procedures/exploring-paths.html>`__
.. include:: ../../reusables/cpp-further-reading.rst
.. include:: ../../reusables/codeql-ref-tools-further-reading.rst

6
docs/language/learn-ql/cpp/expressions-types.rst
View File

@@ -132,7 +132,5 @@ Note that we replaced ``e.getEnclosingStmt()`` with ``e.getEnclosingStmt().getPa
Further reading
---------------
- Explore other ways of finding types and statements using examples from the C/C++ cookbook for `types <https://help.semmle.com/wiki/label/CBCPP/type>`__ and `statements <https://help.semmle.com/wiki/label/CBCPP/statement>`__.
- Take a look at the :doc:`Conversions and classes in C and C++ <conversions-classes>` and :doc:`Analyzing data flow in C and C++ <dataflow>` tutorials.
- Find out more about QL in the `QL language reference <https://help.semmle.com/QL/ql-handbook/index.html>`__.
- Learn more about the query console in `Using the query console <https://lgtm.com/help/lgtm/using-query-console>`__ on LGTM.com.
.. include:: ../../reusables/cpp-further-reading.rst
.. include:: ../../reusables/codeql-ref-tools-further-reading.rst

6
docs/language/learn-ql/cpp/function-classes.rst
View File

@@ -92,7 +92,5 @@ The LGTM version of this query is considerably more complicated, but if you look
Further reading
---------------
- Explore other ways of finding functions using examples from the `C/C++ cookbook <https://help.semmle.com/wiki/label/CBCPP/function>`__.
- Take a look at some other tutorials: :doc:`Expressions, types and statements in C and C++ <introduce-libraries-cpp>`, :doc:`Conversions and classes in C and C++ <conversions-classes>`, and :doc:`Analyzing data flow in C and C++ <dataflow>`.
- Find out more about QL in the `QL language reference <https://help.semmle.com/QL/ql-handbook/index.html>`__.
- Learn more about the query console in `Using the query console <https://lgtm.com/help/lgtm/using-query-console>`__ on LGTM.com.
.. include:: ../../reusables/cpp-further-reading.rst
.. include:: ../../reusables/codeql-ref-tools-further-reading.rst

6
docs/language/learn-ql/cpp/guards.rst
View File

@@ -93,3 +93,9 @@ The ``comparesLt`` predicate
``comparesLt(left, right, k, isLessThan, testIsTrue)`` holds if ``left < right + k`` evaluates to ``isLessThan`` when the expression evaluates to ``testIsTrue``.
Further reading
---------------
.. include:: ../../reusables/cpp-further-reading.rst
.. include:: ../../reusables/codeql-ref-tools-further-reading.rst

5
docs/language/learn-ql/cpp/introduce-libraries-cpp.rst
View File

@@ -525,6 +525,5 @@ This table lists `Preprocessor <https://help.semmle.com/qldoc/cpp/semmle/code/cp
Further reading
---------------
- Experiment with the worked examples in the CodeQL for C and C++ topics: :doc:`Functions in C and C++ <function-classes>`, :doc:`Expressions, types, and statements in C and C++ <expressions-types>`, :doc:`Conversions and classes in C and C++ <conversions-classes>`, and :doc:`Analyzing data flow in C and C++ <dataflow>`.
- Find out more about QL in the `QL language reference <https://help.semmle.com/QL/ql-handbook/index.html>`__.
- Learn more about the query console in `Using the query console <https://lgtm.com/help/lgtm/using-query-console>`__ on LGTM.com.
.. include:: ../../reusables/cpp-further-reading.rst
.. include:: ../../reusables/codeql-ref-tools-further-reading.rst

5
docs/language/learn-ql/cpp/private-field-initialization.rst
View File

@@ -149,6 +149,5 @@ Finally we can simplify the query by using the transitive closure operator. In t
Further reading
---------------
- Take a look at another example: :doc:`Detecting a potential buffer overflow <zero-space-terminator>`.
- Find out more about QL in the `QL language reference <https://help.semmle.com/QL/ql-handbook/index.html>`__.
- Learn more about the query console in `Using the query console <https://lgtm.com/help/lgtm/using-query-console>`__ on LGTM.com.
.. include:: ../../reusables/cpp-further-reading.rst
.. include:: ../../reusables/codeql-ref-tools-further-reading.rst

7
docs/language/learn-ql/cpp/ql-for-cpp.rst
View File

@@ -39,10 +39,3 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat
- :doc:`Using range analysis for C and C++ <range-analysis>`: You can use range analysis to determine the upper or lower bounds on an expression, or whether an expression could potentially over or underflow.
- :doc:`Hash consing and value numbering <value-numbering-hash-cons>`: You can use specialized CodeQL libraries to recognize expressions that are syntactically identical or compute the same value at runtime in C and C++ codebases.
Further reading
---------------
- For examples of how to query common C/C++ elements, see the `C/C++ cookbook <https://help.semmle.com/wiki/display/CBCPP>`__.
- For the queries used in LGTM, display a `C/C++ query <https://lgtm.com/search?q=language%3Acpp&t=rules>`__ and click **Open in query console** to see the code used to find alerts.
- For more information about the library for C/C++ see the `CodeQL library for C/C++ <https://help.semmle.com/qldoc/cpp>`__.

6
docs/language/learn-ql/cpp/range-analysis.rst
View File

@@ -41,3 +41,9 @@ This query uses ``upperBound`` to determine whether the result of ``snprintf`` i
convSink = call.getArgument(1).getFullyConverted()
select call, upperBound(call.getArgument(1).getFullyConverted())
Further reading
---------------
.. include:: ../../reusables/cpp-further-reading.rst
.. include:: ../../reusables/codeql-ref-tools-further-reading.rst

6
docs/language/learn-ql/cpp/value-numbering-hash-cons.rst
View File

@@ -110,3 +110,9 @@ Example query
hashCons(outer.getCondition()) = hashCons(inner.getCondition())
select inner.getCondition(), "The condition of this if statement duplicates the condition of $@",
outer.getCondition(), "an enclosing if statement"
Further reading
---------------
.. include:: ../../reusables/cpp-further-reading.rst
.. include:: ../../reusables/codeql-ref-tools-further-reading.rst

4
docs/language/learn-ql/cpp/zero-space-terminator.rst
View File

@@ -224,5 +224,5 @@ The completed query will now identify cases where the result of ``strlen`` is st
Further reading
---------------
- Find out more about QL in the `QL language reference <https://help.semmle.com/QL/ql-handbook/index.html>`__.
- Learn more about the query console in `Using the query console <https://lgtm.com/help/lgtm/using-query-console>`__ on LGTM.com.
.. include:: ../../reusables/cpp-further-reading.rst
.. include:: ../../reusables/codeql-ref-tools-further-reading.rst

7
docs/language/learn-ql/csharp/dataflow.rst
View File

@@ -553,6 +553,7 @@ This can be adapted from the ``SystemUriFlow`` class:
Further reading
---------------
- Learn about the standard libraries used to write queries for C# in :doc:`CodeQL library for C# <introduce-libraries-csharp>`.
- Find out more about QL in the `QL language reference <https://help.semmle.com/QL/ql-handbook/index.html>`__.
- Learn more about the query console in `Using the query console <https://lgtm.com/help/lgtm/using-query-console>`__ on LGTM.com.
- `Exploring data flow with path queries <https://help.semmle.com/codeql/codeql-for-vscode/procedures/exploring-paths.html>`__
.. include:: ../../reusables/csharp-further-reading.rst
.. include:: ../../reusables/codeql-ref-tools-further-reading.rst

5
docs/language/learn-ql/csharp/introduce-libraries-csharp.rst
View File

@@ -1122,6 +1122,5 @@ Here is the fixed version:
Further reading
---------------
- Visit :doc:`Analyzing data flow in C# <dataflow>` to learn more about writing queries using the standard data flow and taint tracking libraries.
- Find out more about QL in the `QL language reference <https://help.semmle.com/QL/ql-handbook/index.html>`__.
- Learn more about the query console in `Using the query console <https://lgtm.com/help/lgtm/using-query-console>`__ on LGTM.com.
.. include:: ../../reusables/csharp-further-reading.rst
.. include:: ../../reusables/codeql-ref-tools-further-reading.rst

5
docs/language/learn-ql/csharp/ql-for-csharp.rst
View File

@@ -15,9 +15,4 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat
- :doc:`Analyzing data flow in C# <dataflow>`: You can use CodeQL to track the flow of data through a C# program to its use.
Further reading
---------------
- For examples of how to query common C# elements, see the `C# cookbook <https://help.semmle.com/wiki/display/CBCSHARP>`__.
- For the queries used in LGTM, display a `C# query <https://lgtm.com/search?q=language%3Acsharp&t=rules>`__ and click **Open in query console** to see the code used to find alerts.
- For more information about the library for C# see the `CodeQL library for C# <https://help.semmle.com/qldoc/csharp>`__.

4
docs/language/learn-ql/go/introduce-libraries-go.rst
View File

@@ -611,8 +611,8 @@ is to compare them to each other to determine whether two data-flow nodes have t
Further reading
---------------
- Find out more about QL in the `QL language reference <https://help.semmle.com/QL/ql-handbook/index.html>`__.
- Learn more about the query console in `Using the query console <https://lgtm.com/help/lgtm/using-query-console>`__ on LGTM.com.
.. include:: ../../reusables/go-further-reading.rst
.. include:: ../../reusables/codeql-ref-tools-further-reading.rst
.. |ast| image:: ast.png
.. |cfg| image:: cfg.png

7
docs/language/learn-ql/go/ql-for-go.rst
View File

@@ -11,10 +11,3 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat
- `Basic Go query <https://lgtm.com/help/lgtm/console/ql-go-basic-example>`__: Learn to write and run a simple CodeQL query using LGTM.
- :doc:`CodeQL library for Go <introduce-libraries-go>`: When you're analyzing a Go program, you can make use of the large collection of classes in the CodeQL library for Go.
Further reading
---------------
- For examples of how to query common Go elements, see the `Go cookbook <https://help.semmle.com/wiki/display/CBGO>`__.
- For the queries used in LGTM, display a `Go query <https://lgtm.com/search?q=language%3Ago&t=rules>`__ and click **Open in query console** to see the code used to find alerts.
- For more information about the library for Go see the `CodeQL library for Go <https://help.semmle.com/qldoc/go/>`__.

5
docs/language/learn-ql/java/annotations.rst
View File

@@ -240,6 +240,5 @@ Now we can extend our query to filter out calls in methods carrying a ``Suppress
Further reading
---------------
- Take a look at some of the other articles in this section: :doc:`Javadoc <javadoc>` and :doc:`Working with source locations <source-locations>`.
- Find out how specific classes in the AST are represented in the standard library for Java: :doc:`Classes for working with Java code <ast-class-reference>`.
- Find out more about QL in the `QL language reference <https://help.semmle.com/QL/ql-handbook/index.html>`__.
.. include:: ../../reusables/java-further-reading.rst
.. include:: ../../reusables/codeql-ref-tools-further-reading.rst

6
docs/language/learn-ql/java/ast-class-reference.rst
View File

@@ -274,3 +274,9 @@ Miscellaneous
+------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------+
| ``@Annot(key=val)`` | `Annotation <https://help.semmle.com/qldoc/java/semmle/code/java/Annotation.qll/type.Annotation$Annotation.html>`__ |   |
+------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------+
Further reading
---------------
.. include:: ../../reusables/java-further-reading.rst
.. include:: ../../reusables/codeql-ref-tools-further-reading.rst

5
docs/language/learn-ql/java/call-graph.rst
View File

@@ -164,6 +164,5 @@ Finally, on many Java projects there are methods that are invoked indirectly by
Further reading
---------------
- Find out how to query metadata and white space: :doc:`Annotations in Java <annotations>`, :doc:`Javadoc <javadoc>`, and :doc:`Working with source locations <source-locations>`.
- Find out how specific classes in the AST are represented in the standard library for Java: :doc:`Classes for working with Java code <ast-class-reference>`.
- Find out more about QL in the `QL language reference <https://help.semmle.com/QL/ql-handbook/index.html>`__.
.. include:: ../../reusables/java-further-reading.rst
.. include:: ../../reusables/codeql-ref-tools-further-reading.rst

15
docs/language/learn-ql/java/dataflow.rst
View File

@@ -257,13 +257,6 @@ Exercise 3: Write a class that represents flow sources from ``java.lang.System.g
Exercise 4: Using the answers from 2 and 3, write a query which finds all global data flows from ``getenv`` to ``java.net.URL``. (`Answer <#exercise-4>`__)
Further reading
---------------
- Try the worked examples in these articles: :doc:`Navigating the call graph <call-graph>` and :doc:`Working with source locations <source-locations>`.
- Find out more about QL in the `QL language reference <https://help.semmle.com/QL/ql-handbook/index.html>`__.
- Learn more about the query console in `Using the query console <https://lgtm.com/help/lgtm/using-query-console>`__ on LGTM.com.
Answers
-------
@@ -361,3 +354,11 @@ Exercise 4
from DataFlow::Node src, DataFlow::Node sink, GetenvToURLConfiguration config
where config.hasFlow(src, sink)
select src, "This environment variable constructs a URL $@.", sink, "here"
Further reading
---------------
- `Exploring data flow with path queries <https://help.semmle.com/codeql/codeql-for-vscode/procedures/exploring-paths.html>`__
.. include:: ../../reusables/java-further-reading.rst
.. include:: ../../reusables/codeql-ref-tools-further-reading.rst

5
docs/language/learn-ql/java/expressions-statements.rst
View File

@@ -125,6 +125,5 @@ Now we rewrite our query to make use of these new classes:
Further reading
---------------
- Have a look at some of the other articles in this section: :doc:`Java types <types-class-hierarchy>`, :doc:`Navigating the call graph <call-graph>`, :doc:`Annotations in Java <annotations>`, :doc:`Javadoc <javadoc>`, and :doc:`Working with source locations <source-locations>`.
- Find out how specific classes in the AST are represented in the standard library for Java: :doc:`Classes for working with Java code <ast-class-reference>`.
- Find out more about QL in the `QL language reference <https://help.semmle.com/QL/ql-handbook/index.html>`__.
.. include:: ../../reusables/java-further-reading.rst
.. include:: ../../reusables/codeql-ref-tools-further-reading.rst

5
docs/language/learn-ql/java/introduce-libraries-java.rst
View File

@@ -386,6 +386,5 @@ For more information about callables and calls, see the :doc:`article on the cal
Further reading
---------------
- Experiment with the worked examples in the CodeQL for Java articles: :doc:`Java types <types-class-hierarchy>`, :doc:`Overflow-prone comparisons in Java <expressions-statements>`, :doc:`Navigating the call graph <call-graph>`, :doc:`Annotations in Java <annotations>`, :doc:`Javadoc <javadoc>` and :doc:`Working with source locations <source-locations>`.
- Find out how specific classes in the AST are represented in the standard library for Java: :doc:`Classes for working with Java code <ast-class-reference>`.
- Find out more about QL in the `QL language reference <https://help.semmle.com/QL/ql-handbook/index.html>`__.
.. include:: ../../reusables/java-further-reading.rst
.. include:: ../../reusables/codeql-ref-tools-further-reading.rst

5
docs/language/learn-ql/java/javadoc.rst
View File

@@ -221,6 +221,5 @@ Currently, ``visibleIn`` only considers single-type imports, but you could exten
Further reading
---------------
- Find out how you can use the location API to define queries on whitespace: :doc:`Working with source locations <source-locations>`.
- Find out how specific classes in the AST are represented in the standard library for Java: :doc:`Classes for working with Java code <ast-class-reference>`.
- Find out more about QL in the `QL language reference <https://help.semmle.com/QL/ql-handbook/index.html>`__.
.. include:: ../../reusables/java-further-reading.rst
.. include:: ../../reusables/codeql-ref-tools-further-reading.rst

7
docs/language/learn-ql/java/ql-for-java.rst
View File

@@ -36,10 +36,3 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat
- :doc:`Classes for working with Java code <ast-class-reference>`: CodeQL has a large selection of classes for working with Java statements and expressions.
Further reading
---------------
- For examples of how to query common Java elements, see the `Java cookbook <https://help.semmle.com/wiki/display/CBJAVA>`__.
- For the queries used in LGTM, display a `Java query <https://lgtm.com/search?q=language%3Ajava&t=rules>`__ and click **Open in query console** to see the code used to find alerts.
- For more information about the library for Java see the `CodeQL library for Java <https://help.semmle.com/qldoc/java>`__.

4
docs/language/learn-ql/java/source-locations.rst
View File

@@ -186,5 +186,5 @@ Whitespace suggests that the programmer meant to toggle ``i`` between zero and o
Further reading
---------------
- Find out how specific classes in the AST are represented in the standard library for Java: :doc:`Classes for working with Java code <ast-class-reference>`.
- Find out more about QL in the `QL language reference <https://help.semmle.com/QL/ql-handbook/index.html>`__.
.. include:: ../../reusables/java-further-reading.rst
.. include:: ../../reusables/codeql-ref-tools-further-reading.rst

5
docs/language/learn-ql/java/types-class-hierarchy.rst
View File

@@ -299,6 +299,5 @@ Adding these three improvements, our final query becomes:
Further reading
---------------
- Take a look at some of the other articles in this section: :doc:`Overflow-prone comparisons in Java <expressions-statements>`, :doc:`Navigating the call graph <call-graph>`, :doc:`Annotations in Java <annotations>`, :doc:`Javadoc <javadoc>`, and :doc:`Working with source locations <source-locations>`.
- Find out how specific classes in the AST are represented in the standard library for Java: :doc:`Classes for working with Java code <ast-class-reference>`.
- Find out more about QL in the `QL language reference <https://help.semmle.com/QL/ql-handbook/index.html>`__.
.. include:: ../../reusables/java-further-reading.rst
.. include:: ../../reusables/codeql-ref-tools-further-reading.rst

6
docs/language/learn-ql/javascript/ast-class-reference.rst
View File

@@ -356,3 +356,9 @@ All classes in this table are subclasses of `Expr <https://help.semmle.com/qldoc
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+
| ``yield`` `Expr <https://help.semmle.com/qldoc/javascript/semmle/javascript/Expr.qll/type.Expr$Expr.html>`__ | `YieldExpr <https://help.semmle.com/qldoc/javascript/semmle/javascript/Expr.qll/type.Expr$YieldExpr.html>`__ |
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------+
Further reading
---------------
.. include:: ../../reusables/javascript-further-reading.rst
.. include:: ../../reusables/codeql-ref-tools-further-reading.rst

8
docs/language/learn-ql/javascript/dataflow-cheat-sheet.rst
View File

@@ -216,3 +216,11 @@ Troubleshooting
- Compilation fails due to incompatible types? Make sure AST nodes and
DataFlow nodes are not mixed up. Use `asExpr() <https://help.semmle.com/qldoc/javascript/semmle/javascript/dataflow/DataFlow.qll/predicate.DataFlow$DataFlow$Node$asExpr.0.html>`__ or
`flow() <https://help.semmle.com/qldoc/javascript/semmle/javascript/AST.qll/predicate.AST$AST$ValueNode$flow.0.html>`__ to convert.
Further reading
---------------
- `Exploring data flow with path queries <https://help.semmle.com/codeql/codeql-for-vscode/procedures/exploring-paths.html>`__
.. include:: ../../reusables/javascript-further-reading.rst
.. include:: ../../reusables/codeql-ref-tools-further-reading.rst

15
docs/language/learn-ql/javascript/dataflow.rst
View File

@@ -468,13 +468,6 @@ Hint: array indices are properties with numeric names; you can use regular expre
Exercise 4: Using the answers from 2 and 3, write a query which finds all global data flows from array elements of the result of a call to the ``tagName`` argument to the
``createElement`` function. (`Answer <#exercise-4>`__)
Further reading
---------------
- Find out more about QL in the `QL language reference <https://help.semmle.com/QL/ql-handbook/index.html>`__.
- Learn more about the query console in `Using the query console <https://lgtm.com/help/lgtm/using-query-console>`__ on LGTM.com.
- Learn about writing more precise data-flow analyses in :doc:`Using flow labels for precise data flow analysis <flow-labels>`
Answers
-------
@@ -557,3 +550,11 @@ Exercise 4
from HardCodedTagNameConfiguration cfg, DataFlow::Node source, DataFlow::Node sink
where cfg.hasFlow(source, sink)
select source, sink
Further reading
---------------
- `Exploring data flow with path queries <https://help.semmle.com/codeql/codeql-for-vscode/procedures/exploring-paths.html>`__
.. include:: ../../reusables/java-further-reading.rst
.. include:: ../../reusables/codeql-ref-tools-further-reading.rst

7
docs/language/learn-ql/javascript/flow-labels.rst
View File

@@ -398,6 +398,7 @@ string may be an absolute path and whether it may contain ``..`` components.
Further reading
---------------
- Learn about the standard CodeQL libraries used to write queries for JavaScript in :doc:`CodeQL libraries for JavaScript <introduce-libraries-js>`.
- Find out more about QL in the `QL language reference <https://help.semmle.com/QL/ql-handbook/index.html>`__.
- Learn more about the query console in `Using the query console <https://lgtm.com/help/lgtm/using-query-console>`__ on LGTM.com.
- `Exploring data flow with path queries <https://help.semmle.com/codeql/codeql-for-vscode/procedures/exploring-paths.html>`__
.. include:: ../../reusables/javascript-further-reading.rst
.. include:: ../../reusables/codeql-ref-tools-further-reading.rst

5
docs/language/learn-ql/javascript/introduce-libraries-js.rst
View File

@@ -1031,6 +1031,5 @@ Predicate ``YAMLMapping.maps(key, value)`` models the key-value relation represe
Further reading
---------------
- Learn about the standard CodeQL libraries used to write queries for TypeScript in :doc:`CodeQL libraries for TypeScript <introduce-libraries-ts>`.
- Find out more about QL in the `QL language reference <https://help.semmle.com/QL/ql-handbook/index.html>`__.
- Learn more about the query console in `Using the query console <https://lgtm.com/help/lgtm/using-query-console>`__ on LGTM.com.
.. include:: ../../reusables/javascript-further-reading.rst
.. include:: ../../reusables/codeql-ref-tools-further-reading.rst

5
docs/language/learn-ql/javascript/introduce-libraries-ts.rst
View File

@@ -449,6 +449,5 @@ A `LocalNamespaceName <https://help.semmle.com/qldoc/javascript/semmle/javascrip
Further reading
---------------
- Learn about the standard CodeQL libraries used to write queries for JavaScript in :doc:`CodeQL libraries for JavaScript <introduce-libraries-js>`.
- Find out more about QL in the `QL language reference <https://help.semmle.com/QL/ql-handbook/index.html>`__.
- Learn more about the query console in `Using the query console <https://lgtm.com/help/lgtm/using-query-console>`__ on LGTM.com.
.. include:: ../../reusables/javascript-further-reading.rst
.. include:: ../../reusables/codeql-ref-tools-further-reading.rst

7
docs/language/learn-ql/javascript/ql-for-javascript.rst
View File

@@ -29,10 +29,3 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat
- :doc:`Abstract syntax tree classes for JavaScript and TypeScript <ast-class-reference>`: CodeQL has a large selection of classes for working with JavaScript and TypeScript statements and expressions.
- :doc:`Data flow cheat sheet for JavaScript <dataflow-cheat-sheet>`: This article describes parts of the JavaScript libraries commonly used for variant analysis and in data flow queries.
Further reading
---------------
- For examples of how to query common JavaScript elements, see the `JavaScript cookbook <https://help.semmle.com/wiki/display/CBJS>`__.
- For the queries used in LGTM, display a `JavaScript query <https://lgtm.com/search?q=language%3Ajavascript&t=rules>`__ and click **Open in query console** to see the code used to find alerts.
- For more information about the library for JavaScript see the `CodeQL library for JavaScript <https://help.semmle.com/qldoc/javascript/>`__.

5
docs/language/learn-ql/javascript/type-tracking.rst
View File

@@ -521,6 +521,5 @@ Type tracking is used in a few places in the standard libraries:
Further reading
---------------
- Find out more about QL in the `QL language reference <https://help.semmle.com/QL/ql-handbook/index.html>`__.
- Learn more about the query console in `Using the query console <https://lgtm.com/help/lgtm/using-query-console>`__ on LGTM.com.
- Learn about writing precise data-flow analyses in :doc:`Using flow labels for precise data flow analysis <flow-labels>`.
.. include:: ../../reusables/javascript-further-reading.rst
.. include:: ../../reusables/codeql-ref-tools-further-reading.rst

4
docs/language/learn-ql/python/control-flow.rst
View File

@@ -117,6 +117,6 @@ Example finding mutually exclusive blocks within the same function
Further reading
---------------
- ":doc:`Analyzing data flow and tracking tainted data in Python <taint-tracking>`"
.. include:: ../../reusables/python-further-reading.rst
.. include:: ../../reusables/codeql-ref-tools-further-reading.rst
.. include:: ../../reusables/python-other-resources.rst

7
docs/language/learn-ql/python/functions.rst
View File

@@ -81,9 +81,6 @@ In a later tutorial we will see how to use the type-inference library to find ca
Further reading
---------------
- ":doc:`Expressions and statements in Python <statements-expressions>`"
- ":doc:`Pointer analysis and type inference in Python <pointsto-type-infer>`"
- ":doc:`Analyzing control flow in Python <control-flow>`"
- ":doc:`Analyzing data flow and tracking tainted data in Python <taint-tracking>`"
.. include:: ../../reusables/python-further-reading.rst
.. include:: ../../reusables/codeql-ref-tools-further-reading.rst
.. include:: ../../reusables/python-other-resources.rst

8
docs/language/learn-ql/python/introduce-libraries-python.rst
View File

@@ -340,10 +340,6 @@ For more information about these classes, see ":doc:`Analyzing data flow and tra
Further reading
---------------
- ":doc:`Functions in Python <functions>`"
- ":doc:`Expressions and statements in Python <statements-expressions>`"
- ":doc:`Pointer analysis and type inference in Python <pointsto-type-infer>`"
- ":doc:`Analyzing control flow in Python <control-flow>`"
- ":doc:`Analyzing data flow and tracking tainted data in Python <taint-tracking>`"
.. include:: ../../reusables/python-further-reading.rst
.. include:: ../../reusables/codeql-ref-tools-further-reading.rst
.. include:: ../../reusables/python-other-resources.rst

5
docs/language/learn-ql/python/pointsto-type-infer.rst
View File

@@ -226,7 +226,6 @@ Then we can use ``Value.getACall()`` to identify calls to the ``eval`` function,
Further reading
---------------
- ":doc:`Analyzing control flow in Python <control-flow>`"
- ":doc:`Analyzing data flow and tracking tainted data in Python <taint-tracking>`"
.. include:: ../../reusables/python-further-reading.rst
.. include:: ../../reusables/codeql-ref-tools-further-reading.rst
.. include:: ../../reusables/python-other-resources.rst

7
docs/language/learn-ql/python/ql-for-python.rst
View File

@@ -26,10 +26,3 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat
- :doc:`Pointer analysis and type inference in Python <pointsto-type-infer>`: At runtime, each Python expression has a value with an associated type. You can learn how an expression behaves at runtime by using type-inference classes from the standard CodeQL library.
- :doc:`Analyzing data flow and tracking tainted data in Python <taint-tracking>`: You can use CodeQL to track the flow of data through a Python program. Tracking user-controlled, or tainted, data is a key technique for security researchers.
Further reading
---------------
- For examples of how to query common Python elements, see the `Python cookbook <https://help.semmle.com/wiki/display/CBPython>`__.
- For the queries used in LGTM, display a `Python query <https://lgtm.com/search?q=language%3APython&t=rules>`__ and click **Open in query console** to see the code used to find alerts.
- For more information about the library for JavaScript see the `CodeQL library for Python <https://help.semmle.com/qldoc/python/>`__.

7
docs/language/learn-ql/python/statements-expressions.rst
View File

@@ -256,9 +256,6 @@ Here is the relevant part of the class hierarchy:
Further reading
---------------
- ":doc:`Functions in Python <functions>`"
- ":doc:`Pointer analysis and type inference in Python <pointsto-type-infer>`"
- ":doc:`Analyzing control flow in Python <control-flow>`"
- ":doc:`Analyzing data flow and tracking tainted data in Python <taint-tracking>`"
.. include:: ../../reusables/python-further-reading.rst
.. include:: ../../reusables/codeql-ref-tools-further-reading.rst
.. include:: ../../reusables/python-other-resources.rst

8
docs/language/learn-ql/python/taint-tracking.rst
View File

@@ -259,8 +259,8 @@ which defines the simplest possible taint kind class, ``HardcodedValue``, and cu
Further reading
---------------
- ":doc:`Pointer analysis and type inference in Python <pointsto-type-infer>`"
- ":doc:`Analyzing control flow in Python <control-flow>`"
- ":doc:`Analyzing data flow and tracking tainted data in Python <taint-tracking>`"
- `Exploring data flow with path queries <https://help.semmle.com/codeql/codeql-for-vscode/procedures/exploring-paths.html>`__
.. include:: ../../reusables/python-further-reading.rst
.. include:: ../../reusables/codeql-ref-tools-further-reading.rst
.. include:: ../../reusables/python-other-resources.rst