From 4aa92dfd8802a54b8f90b192db1001da7da66100 Mon Sep 17 00:00:00 2001 From: Siara <108543037+SiaraMist@users.noreply.github.com> Date: Mon, 12 Dec 2022 17:13:57 -0800 Subject: [PATCH] Updates from review comments --- .../introduction-to-ql.rst | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/docs/codeql/writing-codeql-queries/introduction-to-ql.rst b/docs/codeql/writing-codeql-queries/introduction-to-ql.rst index 9b6185a2997..df531ae7b6e 100644 --- a/docs/codeql/writing-codeql-queries/introduction-to-ql.rst +++ b/docs/codeql/writing-codeql-queries/introduction-to-ql.rst @@ -19,13 +19,13 @@ QL also supports recursion and aggregates. This allows you to write complex recu Running a query --------------- -You can try out the following examples and exercises using :ref:`CodeQL for VS Code ` or the `CodeQL template '. +You can try out the following examples and exercises using :ref:`CodeQL for VS Code ` or the `CodeQL template ' on GitHub Codespaces. Here is an example of a basic query: .. code-block:: ql - import + import tutorial select "hello world" @@ -111,11 +111,13 @@ Example CodeQL queries ---------------------- The previous examples used the primitive types built in to QL. Although we chose a project to query, we didn't use the information in that project's database. -The following example queries *do* use these databases and give you an idea of how to use CodeQL to analyze projects. +The following example queries *do* use these databases and give you an idea of how to use CodeQL to analyze projects. Queries using the CodeQL libraries can find errors and uncover variants of important security vulnerabilities in codebases. Visit `GitHub Security Lab `__ to read about examples of vulnerabilities that we have recently found in open source projects. +Before you can run the following examples, you will need to install the CodeQL extension for Visual Studio Code. For more information, see :ref:`Setting up CodeQL in Visual Studio Code `. You will also need to import and select a database in the corresponding programming language. For more information about obtaining CodeQL databases, see `Analyzing your projects `__ in the CodeQL for VS Code documentation. + To import the CodeQL library for a specific programming language, type ``import `` at the start of the query. .. code-block:: ql @@ -163,6 +165,8 @@ Exercise 1 .. code-block:: ql + import tutorial + from string s where s = "lgtm" select s.length() @@ -171,6 +175,8 @@ There is often more than one way to define a query. For example, we can also wri .. code-block:: ql + import tutorial + select "lgtm".length() Exercise 2 @@ -178,6 +184,8 @@ Exercise 2 .. code-block:: ql + import tutorial + from float x, float y where x = 3.pow(5) and y = 245.6 select x.minimum(y).sin() @@ -187,6 +195,8 @@ Exercise 3 .. code-block:: ql + import tutorial + from boolean b where b = false select b.booleanNot() @@ -196,6 +206,8 @@ Exercise 4 .. code-block:: ql + import tutorial + from date start, date end where start = "10/06/2017".toDate() and end = "28/09/2017".toDate() select start.daysTo(end)