Merge pull request #13525 from github/rc/3.10

Merge `rc/3.10` back to `main`
2026-04-26 09:15:12 +02:00 · 2023-06-21 17:13:36 +01:00
parent 3b0220d556 18a5c48c79
commit 5afdaf8fe1
136 changed files with 529 additions and 243 deletions
--- a/docs/codeql/codeql-for-visual-studio-code/running-codeql-queries-at-scale-with-mrva.rst
+++ b/docs/codeql/codeql-for-visual-studio-code/running-codeql-queries-at-scale-with-mrva.rst
@@ -153,6 +153,36 @@ For example, if you want to continue analyzing a set of repositories that had re

 You can then insert the ``new-repo-list`` of repositories into your list of custom repository lists for easy access in the Variant Analysis Repositories panel.

+Using GitHub code search to add repositories to a custom list 
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+You can use code search directly in the CodeQL extension to add a subset of repositories from GitHub.com to a custom list. 
+
+.. pull-quote::
+
+    Note
+
+    This feature uses the legacy code search via the code search API. For more information on the syntax to use, see "`Searching code (legacy) <https://docs.github.com/en/search-github/searching-on-github/searching-code>`__."
+
+For example, to add all repositories in the ``rails`` organization on GitHub, you can search ``org:rails``. 
+
+You can add a maximum of 1000 repositories to a custom list per search. 
+
+#. In the Variant Analysis Repositories panel, choose the list that you want to add repositories to. You can create a new list or choose an existing list that already contains repositories.
+
+#. Right-click on the list you have chosen and then click **Add repositories with GitHub Code Search**. 
+
+#. In the pop-up that appears at the top of the application, under the search bar, select a language for your search from the choices in the dropdown. 
+
+    .. image:: ../images/codeql-for-visual-studio-code/variant-analysis-code-search-language.png
+        :alt: Screenshot of the search bar for using code search to add repositories to a custom list. The search bar asks you to choose a language for your search and has a dropdown list of languages to choose from.
+
+#. In the search bar, type the search query that you want to use and press **Enter**.
+
+You can view the progress of your search in the bottom right corner of the application in a box with the text "Searching for repositories...". If you click **Cancel**, no repositories will be added to your list. Once complete, you will see the resulting repositories appear in the dropdown under your custom list in the Variant Analysis Repositories panel.
+
+Some of the resulting repositories will not have CodeQL databases and some may not allow access by the CodeQL extension for Visual Studio Code. When you run an analysis on the list, the Variant Analysis Results view will show you which repositories were analyzed, which denied access, and which had no CodeQL database.
+
 Troubleshooting variant analysis
 --------------------------------

--- a/docs/codeql/images/codeql-for-visual-studio-code/variant-analysis-code-search-language.png
+++ b/docs/codeql/images/codeql-for-visual-studio-code/variant-analysis-code-search-language.png
--- a/docs/codeql/ql-language-reference/formulas.rst
+++ b/docs/codeql/ql-language-reference/formulas.rst
@@ -164,6 +164,38 @@ If the call resolves to a predicate without result, then the call is a formula.
 It is also possible to call a predicate with result. This kind of call is an
 expression in QL, instead of a formula. For more information, see ":ref:`calls-with-result`."

+Member predicates only apply to members of a particular class and calls to
+member predicates have a receiver of a matching type. Syntactically, if a call
+contains a dot, then the expression before the dot specifies the receiver of
+the call. For instance, ``x`` is the receiver for the call ``x.isEven()``.
+
+For calls to member predicates of the enclosing class on the member itself
+(i.e., the value of ``this``), the receiver may be omitted syntactically. In
+this case we say the call has an implicit this receiver. For instance, in the
+following example the ``isEven()`` call in ``isOdd()`` is a member predicate
+call with an implicit this receiver and the call is equivalent to
+``this.isEven()``:
+
+.. code-block:: ql
+
+  class OneTwoThree extends int {
+    OneTwoThree() { this = 1 or this = 2 or this = 3 }
+
+    predicate isEven() { this = 2 }
+
+    predicate isOdd() { not isEven() }
+  }
+
+Use of implicit this receivers can make it harder to spot predicates that introduce
+cartesian products by failing to relate the implicit ``this`` variable with
+other variables, which can negatively affect query performance. For more
+information on cartesian products, see ":ref:`Troubleshooting query performance
+<troubleshooting-query-performance>`".
+
+It is possible to enable warnings about implicit this receivers for `CodeQL packs
+<https://docs.github.com/en/code-security/codeql-cli/codeql-cli-reference/about-codeql-packs#warnonimplicitthis>`__
+through the ``warnOnImplicitThis`` property.
+
 .. _parenthesized-formulas:

 Parenthesized formulas