hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 21:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3146 from jf205/tidy-up-docs-prep

Browse Source 
CodeQL docs: tidy up 'docs-preparation' branch following pre-migration work
This commit is contained in:
James Fletcher
2020-03-30 11:10:28 +01:00
committed by GitHub
parent 55f9034712 0f0dc3c2ae
commit 675144cd3d
26 changed files with 134 additions and 161 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
docs/language/learn-ql/beginner/ql-tutorials.rst
View File

@@ -6,8 +6,14 @@ Solve puzzles to learn the basics of QL before you analyze code with CodeQL. The
Before starting these tutorials, you can read the :doc:`Introduction to QL <../introduction-to-ql>` for a description of the language and some simple examples.
.. toctree::
:hidden:
find-the-thief
catch-the-fire-starter
crown-the-rightful-heir
cross-the-river
- :doc:`Find the thief <find-the-thief>`:Take on the role of a detective to find the thief in this fictional village. You will learn how to use logical connectives, quantifiers, and aggregates in QL along the way.
- :doc:`Catch the fire starter <catch-the-fire-starter>`: Learn about QL predicates and classes to solve your second mystery as a QL detective.
- :doc:`Crown the rightful heir <crown-the-rightful-heir>`: This is a QL detective puzzle that shows you how to use recursion in QL to write more complex queries.
- :doc:`Cross the river <cross-the-river>`: Use common QL features to write a query that finds a solution to the "River crossing" logic puzzle.

4
docs/language/learn-ql/cobol/introduce-libraries-cobol.rst
View File

@@ -145,7 +145,7 @@ SQL
Calls to the SQL system through ``EXEC SQL`` are represented by the class
`SqlStmt <https://help.semmle.com/qldoc/cobol/semmle/cobol/Sql.qll/type.Sql$SqlStmt.html>`__ and its subclasses.
What next?
----------
Further reading
---------------
- Find out more about QL in the `QL language handbook <https://help.semmle.com/QL/ql-handbook/index.html>`__ and `QL language specification <https://help.semmle.com/QL/ql-spec/language.html>`__.

4
docs/language/learn-ql/cpp/conversions-classes.rst
View File

@@ -220,8 +220,8 @@ That completes the query.
There is a similar built-in `query <https://lgtm.com/rules/2158670642/>`__ on LGTM.com that finds classes in a C/C++ project with virtual functions but no virtual destructor. You can take a look at the code for this query by clicking **Open in query console** at the top of that page.
What next?
----------
Further reading
---------------
- Explore other ways of querying classes using examples from the `C/C++ cookbook <https://help.semmle.com/wiki/label/CBCPP/class>`__.
- Take a look at the :doc:`Analyzing data flow in C and C++ <dataflow>` tutorial.

6
docs/language/learn-ql/cpp/dataflow.rst
View File

@@ -1,7 +1,7 @@
Analyzing data flow in C and C++
================================
You can use data-flow analysis to track the flow of potentially malicious or insecure data that can cause vulnerabilities in your codebase.
You can use data flow analysis to track the flow of potentially malicious or insecure data that can cause vulnerabilities in your codebase.
About data flow
---------------
@@ -295,8 +295,8 @@ Exercise 3: Write a class that represents flow sources from ``getenv``. (`Answer
Exercise 4: Using the answers from 2 and 3, write a query which finds all global data flows from ``getenv`` to ``gethostbyname``. (`Answer <#exercise-4>`__)
What next?
----------
Further reading
---------------
- Try the worked examples in the following topics: :doc:`Refining a query to account for edge cases <private-field-initialization>` and :doc:`Detecting a potential buffer overflow <zero-space-terminator>`.
- Find out more about QL in the `QL language handbook <https://help.semmle.com/QL/ql-handbook/index.html>`__ and `QL language specification <https://help.semmle.com/QL/ql-spec/language.html>`__.

4
docs/language/learn-ql/cpp/expressions-types.rst
View File

@@ -129,8 +129,8 @@ We can find assignments inside the loop body using similar code with the predica
Note that we replaced ``e.getEnclosingStmt()`` with ``e.getEnclosingStmt().getParentStmt*()``, to find an assignment expression that is deeply nested inside the loop body. The transitive closure modifier ``*`` here indicates that ``Stmt.getParentStmt()`` may be followed zero or more times, rather than just once, giving us the statement, its parent statement, its parent's parent statement etc.
What next?
----------
Further reading
---------------
- Explore other ways of finding types and statements using examples from the C/C++ cookbook for `types <https://help.semmle.com/wiki/label/CBCPP/type>`__ and `statements <https://help.semmle.com/wiki/label/CBCPP/statement>`__.
- Take a look at the :doc:`Conversions and classes in C and C++ <conversions-classes>` and :doc:`Analyzing data flow in C and C++ <dataflow>` tutorials.

4
docs/language/learn-ql/cpp/function-classes.rst
View File

@@ -89,8 +89,8 @@ Note that we could have used ``Declaration.getName()``, but ``Declaration.getQua
The LGTM version of this query is considerably more complicated, but if you look carefully you will find that its structure is the same. See `Non-constant format string <https://lgtm.com/rules/2152810612/>`__ and click **Open in query console** at the top of the page.
What next?
----------
Further reading
---------------
- Explore other ways of finding functions using examples from the `C/C++ cookbook <https://help.semmle.com/wiki/label/CBCPP/function>`__.
- Take a look at some other tutorials: :doc:`Expressions, types and statements in C and C++ <introduce-libraries-cpp>`, :doc:`Conversions and classes in C and C++ <conversions-classes>`, and :doc:`Analyzing data flow in C and C++ <dataflow>`.

4
docs/language/learn-ql/cpp/introduce-libraries-cpp.rst
View File

@@ -520,8 +520,8 @@ This table lists `Preprocessor <https://help.semmle.com/qldoc/cpp/semmle/code/cp
+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
What next?
----------
Further reading
---------------
- Experiment with the worked examples in the CodeQL for C/C++ topics: :doc:`Functions in C and C++ <function-classes>`, :doc:`Expressions, types, and statements in C and C++ <expressions-types>`, :doc:`Conversions and classes in C and C++ <conversions-classes>`, and :doc:`Analyzing data flow in C and C++ <dataflow>`.
- Find out more about QL in the `QL language handbook <https://help.semmle.com/QL/ql-handbook/index.html>`__ and `QL language specification <https://help.semmle.com/QL/ql-spec/language.html>`__.

4
docs/language/learn-ql/cpp/private-field-initialization.rst
View File

@@ -146,8 +146,8 @@ Finally we can simplify the query by using the transitive closure operator. In t
`See this in the query console <https://lgtm.com/query/1505896968215/>`__
What next?
----------
Further reading
---------------
- Take a look at another example: :doc:`Detecting a potential buffer overflow <zero-space-terminator>`.
- Find out more about QL in the `QL language handbook <https://help.semmle.com/QL/ql-handbook/index.html>`__ and `QL language specification <https://help.semmle.com/QL/ql-spec/language.html>`__.

30
docs/language/learn-ql/cpp/ql-for-cpp.rst
View File

@@ -1,11 +1,10 @@
CodeQL for C/C++
================
CodeQL for C and C++
====================
Learn how to write queries using the standard CodeQL libraries for C and C++.
Experiment and learn how to write effective and efficient queries for CodeQL databases generated from C and C++ codebases.
.. toctree::
:maxdepth: 1
:hidden:
introduce-libraries-cpp
function-classes
@@ -18,10 +17,25 @@ Learn how to write queries using the standard CodeQL libraries for C and C++.
range-analysis
value-numbering-hash-cons
Other resources
---------------
.. TODO: Rename the cookbooks: C/C++ cookbook, or C/C++ CodeQL cookbook, or CodeQL cookbook for C/C++, or...?
- `Basic C/C++ query <https://lgtm.com/help/lgtm/console/ql-cpp-basic-example>`__: Learn to write and run a simple CodeQL query using LGTM.
- :doc:`CodeQL library for C and C++ <introduce-libraries-cpp>`: When analyzing C or C++ code, you can use the large collection of classes in the CodeQL library for C and C++.
- :doc:`Functions in C and C++ <function-classes>`: You can use CodeQL to explore functions in C and C++ code.
- :doc:`Expressions, types, and statements in C and C++ <expressions-types>`: You can use CodeQL to explore expressions, types, and statements in C and C++ code to find, for example, incorrect assignments.
- :doc:`Conversions and classes in C and C++ <conversions-classes>`: You can use the standard CodeQL libraries for C and C++ to detect when the type of an expression is changed.
- :doc:`Analyzing data flow in C and C++ <dataflow>`: You can use data flow analysis to track the flow of potentially malicious or insecure data that can cause vulnerabilities in your codebase.
- :doc:`Refining a query to account for edge cases <private-field-initialization>`: You can improve the results generated by a CodeQL query by adding conditions to remove false positive results caused by common edge cases.
- :doc:`Detecting a potential buffer overflow <zero-space-terminator>`: You can use CodeQL to detect potential buffer overflows by checking for allocations equal to ``strlen`` in C and C++.
Further reading
---------------
- For examples of how to query common C/C++ elements, see the `C/C++ cookbook <https://help.semmle.com/wiki/display/CBCPP>`__.
- For the queries used in LGTM, display a `C/C++ query <https://lgtm.com/search?q=language%3Acpp&t=rules>`__ and click **Open in query console** to see the code used to find alerts.

11
docs/language/learn-ql/cpp/zero-space-terminator.rst
View File

@@ -1,12 +1,7 @@
Detecting a potential buffer overflow
=====================================
You can use CodeQL to detect potential buffer overflows by checking for allocations equal to ``strlen`` in C and C++.
Overview
--------
This topic describes how a C/C++ query for detecting a potential buffer overflow was developed. For a full overview of the topics available for learning to write queries for C/C++ code, see :doc:`CodeQL for C/C++ <ql-for-cpp>`.
You can use CodeQL to detect potential buffer overflows by checking for allocations equal to ``strlen`` in C and C++. This topic describes how a C/C++ query for detecting a potential buffer overflow was developed.
Problem—detecting memory allocation that omits space for a null termination character
-------------------------------------------------------------------------------------
@@ -226,8 +221,8 @@ The completed query will now identify cases where the result of ``strlen`` is st
where malloc.getAllocatedSize() instanceof StrlenCall
select malloc, "This allocation does not include space to null-terminate the string."
What next?
----------
Further reading
---------------
- Find out more about QL in the `QL language handbook <https://help.semmle.com/QL/ql-handbook/index.html>`__ and `QL language specification <https://help.semmle.com/QL/ql-spec/language.html>`__.
- Learn more about the query console in `Using the query console <https://lgtm.com/help/lgtm/using-query-console>`__.

1
docs/language/learn-ql/csharp/dataflow.rst
View File

@@ -8,7 +8,6 @@ About this article
This article describes how data flow analysis is implemented in the CodeQL libraries for C# and includes examples to help you write your own data flow queries.
The following sections describe how to use the libraries for local data flow, global data flow, and taint tracking.
For a more general introduction to modeling data flow, see :doc:`About data flow analysis <../intro-to-data-flow>`.
Local data flow

6
docs/language/learn-ql/csharp/introduce-libraries-csharp.rst
View File

@@ -1,7 +1,7 @@
CodeQL libraries for C#
=======================
CodeQL library for C#
=====================
When you're analyzing a C# program, you can make use of the large collection of classes in the CodeQL libraries for C#.
When you're analyzing a C# program, you can make use of the large collection of classes in the CodeQL library for C#.
About the CodeQL libraries for C#
---------------------------------

18
docs/language/learn-ql/csharp/ql-for-csharp.rst
View File

@@ -1,29 +1,21 @@
CodeQL for C#
=============
You can use CodeQL to explore C# programs and quickly find variants of security vulnerabilities and bugs.
Experiment and learn how to write effective and efficient queries for CodeQL databases generated from C# codebases.
.. toctree::
:glob:
:hidden:
introduce-libraries-csharp
dataflow
These topics provide an overview of the CodeQL libraries for C# and show examples of how to use them.
- `Basic C# query <https://lgtm.com/help/lgtm/console/ql-csharp-basic-example>`__: Learn to write and run a simple CodeQL query using LGTM.
- `Basic C# query <https://lgtm.com/help/lgtm/console/ql-csharp-basic-example>`__ describes how to write and run queries using LGTM.
- :doc:`CodeQL library for C# <introduce-libraries-csharp>`: When you're analyzing a C# program, you can make use of the large collection of classes in the CodeQL library for C#.
- :doc:`Introducing the CodeQL libraries for C# <introduce-libraries-csharp>` introduces the standard libraries used to write queries for C# code.
- :doc:`Analyzing data flow in C# <dataflow>`: You can use CodeQL to track the flow of data through a C# program to its use.
.. raw:: html
<!-- Working with generic types and methods(generics) - how to query generic types and methods. -->
- :doc:`Analyzing data flow in C# <dataflow>` demonstrates how to write queries using the standard data flow and taint tracking libraries for C#.
Other resources
Further reading
---------------
- For examples of how to query common C# elements, see the `C# cookbook <https://help.semmle.com/wiki/display/CBCSHARP>`__.

5
docs/language/learn-ql/go/ql-for-go.rst
View File

@@ -1,10 +1,9 @@
CodeQL for Go
=============
This page provides an overview of the CodeQL for Go documentation that is currently available.
- `Basic Go query <https://lgtm.com/help/lgtm/console/ql-go-basic-example>`__ describes how to write and run queries using LGTM.
Experiment and learn how to write effective and efficient queries for CodeQL databases generated from Go codebases.
- `Basic Go query <https://lgtm.com/help/lgtm/console/ql-go-basic-example>`__: Learn to write and run a simple CodeQL query using LGTM.
Other resources
---------------

73
docs/language/learn-ql/index.rst
View File

@@ -15,55 +15,13 @@ CodeQL is based on a powerful query language called QL. The following topics hel
If you've previously used QL, you may notice slight changes in terms we use to describe some important concepts. For more information, see our note about :doc:`Recent terminology changes <terminology-note>`.
.. toctree::
:hidden:
terminology-note
.. _getting-started:
Getting started
***************
If you are new to QL, start by looking at the following topics:
.. toctree::
:maxdepth: 1
introduction-to-ql
about-ql
beginner/ql-tutorials
CodeQL training and variant analysis examples
*********************************************
To start learning how to use CodeQL for variant analysis for code written in a specific language, see:
.. toctree::
:maxdepth: -1
ql-training
.. _writing-ql-queries:
Writing CodeQL queries
**********************
To learn more about writing your own queries, see:
.. toctree::
:maxdepth: 3
:includehidden:
writing-queries/writing-queries
For more information on using CodeQL to query code written in a specific language, see:
.. toctree::
:maxdepth: 2
:includehidden:
cpp/ql-for-cpp
csharp/ql-for-csharp
cobol/ql-for-cobol
@@ -71,29 +29,16 @@ For more information on using CodeQL to query code written in a specific languag
java/ql-for-java
javascript/ql-for-javascript
python/ql-for-python
Technical information
*********************
For more technical information see:
ql-training
technical-info
.. toctree::
:maxdepth: 2
:includehidden:
:hidden:
terminology-note
technical-info
Further reading
***************
Reference topics
****************
For a more comprehensive guide to the query language itself, see the following reference topics:
- `QL language handbook <https://help.semmle.com/QL/ql-handbook/index.html>`__—a description of important concepts in QL.
- `QL language specification <https://help.semmle.com/QL/ql-spec/language.html>`__—a formal specification of QL.
Search
******
.. * :ref:`genindex` remove index for the time being as we currently have no tags
* :ref:`search`
- `QL language handbook <https://help.semmle.com/QL/ql-handbook/index.html>`__: A description of important concepts in QL.
- `QL language specification <https://help.semmle.com/QL/ql-spec/language.html>`__: A formal specification of QL.

4
docs/language/learn-ql/java/dataflow.rst
View File

@@ -253,8 +253,8 @@ Exercise 3: Write a class that represents flow sources from ``java.lang.System.g
Exercise 4: Using the answers from 2 and 3, write a query which finds all global data flows from ``getenv`` to ``java.net.URL``. (`Answer <#exercise-4>`__)
What next?
----------
Further reading
---------------
- Try the worked examples in these articles: :doc:`Navigating the call graph <call-graph>` and :doc:`Working with source locations <source-locations>`.
- Find out more about QL in the `QL language handbook <https://help.semmle.com/QL/ql-handbook/index.html>`__ and `QL language specification <https://help.semmle.com/QL/ql-spec/language.html>`__.

26
docs/language/learn-ql/java/ql-for-java.rst
View File

@@ -1,10 +1,9 @@
CodeQL for Java
===============
You can use CodeQL to explore Java programs and quickly find variants of security vulnerabilities and bugs.
Experiment and learn how to write effective and efficient queries for CodeQL databases generated from Java codebases.
.. toctree::
:glob:
:hidden:
introduce-libraries-java
@@ -17,29 +16,28 @@ You can use CodeQL to explore Java programs and quickly find variants of securit
source-locations
ast-class-reference
These topics provide an overview of the CodeQL libraries for Java and show examples of how to use them.
- `Basic Java query <https://lgtm.com/help/lgtm/console/ql-java-basic-example>`__: Learn to write and run a simple CodeQL query using LGTM.
- `Basic Java query <https://lgtm.com/help/lgtm/console/ql-java-basic-example>`__ describes how to write and run queries using LGTM.
- :doc:`CodeQL library for Java <introduce-libraries-java>`: When analyzing C or C++ code, you can use the large collection of classes in the CodeQL library for C and C++.
- :doc:`CodeQL libraries for Java <introduce-libraries-java>` introduces the standard libraries used to write queries for Java code.
- :doc:`Analyzing data flow in Java <dataflow>`: You can use CodeQL to track the flow of data through a Java program to its use.
- :doc:`Analyzing data flow in Java <dataflow>` demonstrates how to write queries using the standard data flow and taint tracking libraries for Java.
- :doc:`Java types <types-class-hierarchy>`: You can use CodeQL to find out information about data types used in Java code. This allows you to write queries to identify specific type-related issues.
- :doc:`Types in Java <types-class-hierarchy>` introduces the classes for representing a program's class hierarchy by means of examples.
- :doc:`Overflow-prone comparisons in Java <expressions-statements>`: You can use CodeQL to check for comparisons in Java code where one side of the comparison is prone to overflow.
- :doc:`Expressions and statements in Java <expressions-statements>` introduces the classes for representing a program's syntactic structure by means of examples.
- :doc:`Navigating the call graph <call-graph>`: CodeQL has classes for identifying code that calls other code, and code that can be called from elsewhere. This allows you to find, for example, methods that are never used.
- :doc:`Navigating the call graph <call-graph>` is a worked example of how to write a query that navigates a program's call graph to find unused methods.
- :doc:`Annotations in Java <annotations>`: CodeQL databases of Java projects contain information about all annotations attached to program elements.
- :doc:`Annotations in Java <annotations>` introduces the classes for representing annotations by means of examples.
- :doc:`Javadoc <javadoc>`: You can use CodeQL to find errors in Javadoc comments in Java code.
- :doc:`Javadoc <javadoc>` introduces the classes for representing Javadoc comments by means of examples.
- :doc:`Working with source locations <source-locations>`: You can use the location of entities within Java code to look for potential errors. Locations allow you to deduce the presence, or absence, of white space which, in some cases, may indicate a problem.
- :doc:`Working with source locations <source-locations>` is a worked example of how to write a query that uses the location information provided in the database for finding likely bugs.
- :doc:`lasses for working with Java code <ast-class-reference>`: CodeQL has a large selection of classes for working with Java statements and expressions.
- :doc:`AST class reference <ast-class-reference>` gives an overview of all AST classes in the standard CodeQL library for Java.
Other resources
Further reading
---------------
- For examples of how to query common Java elements, see the `Java cookbook <https://help.semmle.com/wiki/display/CBJAVA>`__.

4
docs/language/learn-ql/javascript/dataflow.rst
View File

@@ -464,8 +464,8 @@ Hint: array indices are properties with numeric names; you can use regular expre
Exercise 4: Using the answers from 2 and 3, write a query which finds all global data flows from array elements of the result of a call to the ``tagName`` argument to the
``createElement`` function. (`Answer <#exercise-4>`__)
What next?
----------
Further reading
---------------
- Find out more about QL in the `QL language handbook <https://help.semmle.com/QL/ql-handbook/index.html>`__ and `QL language specification <https://help.semmle.com/QL/ql-spec/language.html>`__.
- Learn more about the query console in `Using the query console <https://lgtm.com/help/lgtm/using-query-console>`__.

6
docs/language/learn-ql/javascript/introduce-libraries-js.rst
View File

@@ -1,7 +1,7 @@
CodeQL libraries for JavaScript
===============================
CodeQL library for JavaScript
=============================
You can use the extensive libraries described in this article to analyze databases generated from JavaScript codebases. Using these libraries makes it easier for you to write queries.
When you're analyzing a JavaScript program, you can make use of the large collection of classes in the CodeQL library for JavaScript.
Overview
--------

6
docs/language/learn-ql/javascript/introduce-libraries-ts.rst
View File

@@ -1,7 +1,7 @@
CodeQL libraries for TypeScript
===============================
CodeQL library for TypeScript
=============================
You can use libraries to analyze databases generated from TypeScript codebases. Using these libraries makes it easier for you to write queries.
When you're analyzing a TypeScript program, you can make use of the large collection of classes in the CodeQL library for TypeScript.
Overview
--------

17
docs/language/learn-ql/javascript/ql-for-javascript.rst
View File

@@ -4,7 +4,6 @@ CodeQL for JavaScript
Experiment and learn how to write effective and efficient queries for CodeQL databases generated from JavaScript codebases.
.. toctree::
:glob:
:hidden:
introduce-libraries-js
@@ -15,21 +14,21 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat
ast-class-reference
dataflow-cheat-sheet
These documents provide an overview of the CodeQL libraries for JavaScript and TypeScript and show examples of how to use them.
- `Basic JavaScript query <https://lgtm.com/help/lgtm/console/ql-javascript-basic-example>`__: Learn to write and run a simple CodeQL query using LGTM.
- `Basic JavaScript query <https://lgtm.com/help/lgtm/console/ql-javascript-basic-example>`__ describes how to write and run queries using LGTM.
- :doc:`CodeQL library for JavaScript <introduce-libraries-js>`: When you're analyzing a JavaScript program, you can make use of the large collection of classes in the CodeQL library for JavaScript.
- :doc:`CodeQL libraries for JavaScript <introduce-libraries-js>` introduces the standard libraries used to write queries for JavaScript code. There is an extensive CodeQL library for analyzing JavaScript code. This tutorial briefly summarizes the most important classes and predicates provided by this library.
- :doc:`CodeQL library for TypeScript <introduce-libraries-ts>`: When you're analyzing a TypeScript program, you can make use of the large collection of classes in the CodeQL library for TypeScript.
- :doc:`CodeQL libraries for TypeScript <introduce-libraries-ts>` introduces the standard libraries used to write queries for TypeScript code.
- :doc:`Analyzing data flow in JavaScript and TypeScript <dataflow>`: This topic describes how data flow analysis is implemented in the CodeQL libraries for JavaScript/TypeScript and includes examples to help you write your own data flow queries.
- :doc:`Analyzing data flow in JavaScript and TypeScript <dataflow>` demonstrates how to write queries using the standard data flow and taint tracking libraries for JavaScript/TypeScript.
- :doc:`Using flow labels for precise data flow analysis <flow-labels>`: You can associate flow labels with each value tracked by the flow analysis to determine whether the flow contains potential vulnerabilities.
- :doc:`Using flow labels for precise data flow analysis <flow-labels>` shows a more advanced example of data flow analysis using flow labels.
- :doc:`Using type tracking for API modeling <type-tracking>`: You can track data through an API by creating a model using the CodeQL type-tracking library for JavaScript.
- :doc:`Abstract syntax tree classes for JavaScript and TypeScript <ast-class-reference>` gives an overview of all AST classes in the standard CodeQL library for JavaScript.
- :doc:`Abstract syntax tree classes for JavaScript and TypeScript <ast-class-reference>`: CodeQL has a large selection of classes for working with JavaScript and TypeScript statements and expressions.
- :doc:`Data flow cheat sheet for JavaScript <dataflow-cheat-sheet>` lists parts of the CodeQL libraries that are commonly used for variant analysis and in data flow queries.
- :doc:`Data flow cheat sheet for JavaScript <dataflow-cheat-sheet>`: This article describes parts of the JavaScript libraries commonly used for variant analysis and in data flow queries.
Further reading
---------------

7
docs/language/learn-ql/javascript/type-tracking.rst
View File

@@ -1,8 +1,7 @@
Using type tracking for API modeling
====================================
You can track data through an API by creating a model
using the CodeQL type-tracking library for JavaScript.
You can track data through an API by creating a model using the CodeQL type-tracking library for JavaScript.
Overview
--------
@@ -519,8 +518,8 @@ Type tracking is used in a few places in the standard libraries:
- The `Firebase <https://help.semmle.com/qldoc/javascript/semmle/javascript/frameworks/Firebase.qll/module.Firebase$Firebase.html>`__ and
`Socket.io <https://help.semmle.com/qldoc/javascript/semmle/javascript/frameworks/SocketIO.qll/module.SocketIO$SocketIO.html>`__ models use type tracking to track objects coming from their respective APIs.
What next?
----------
Further reading
---------------
- Find out more about QL in the `QL language handbook <https://help.semmle.com/QL/ql-handbook/index.html>`__ and `QL language specification <https://help.semmle.com/QL/ql-spec/language.html>`__.
- Learn more about the query console in `Using the query console <https://lgtm.com/help/lgtm/using-query-console>`__.

25
docs/language/learn-ql/python/ql-for-python.rst
View File

@@ -1,11 +1,10 @@
CodeQL for Python
=================
Experiment and learn how to write effective and efficient queries for CodeQL databases generated from Python code bases.
Experiment and learn how to write effective and efficient queries for CodeQL databases generated from Python codebases.
.. toctree::
:glob:
:maxdepth: 2
:hidden:
introduce-libraries-python
functions
@@ -14,3 +13,23 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat
control-flow
taint-tracking
- `Basic Python query <https://lgtm.com/help/lgtm/console/ql-python-basic-example>`__ : Learn to write and run a simple CodeQL query using LGTM.
- :doc:`CodeQL library for Python <introduce-libraries-python>`: When you need to analyze a Python program, you can make use of the large collection of classes in the CodeQL library for Python.
- :doc:`Functions in Python <functions>`: You can use syntactic classes from the standard CodeQL library to find Python functions and identify calls to them.
- :doc:`Expressions and statements in Python <statements-expressions>`: You can use syntactic classes from the CodeQL library to explore how Python expressions and statements are used in a codebase.
- :doc:`Analyzing control flow in Python <control-flow>`: You can write CodeQL queries to explore the control-flow graph of a Python program, for example, to discover unreachable code or mutually exclusive blocks of code.
- :doc:`Pointer analysis and type inference in Python <pointsto-type-infer>`: At runtime, each Python expression has a value with an associated type. You can learn how an expression behaves at runtime by using type-inference classes from the standard CodeQL library.
- :doc:`Analyzing data flow and tracking tainted data in Python <taint-tracking>`: You can use CodeQL to track the flow of data through a Python program. Tracking user-controlled, or tainted, data is a key technique for security researchers.
Further reading
---------------
- For examples of how to query common Python elements, see the `JavaScript cookbook <https://help.semmle.com/wiki/display/CBPython>`__.
- For the queries used in LGTM, display a `Python query <https://lgtm.com/search?q=language%3APython&t=rules>`__ and click **Open in query console** to see the code used to find alerts.
- For more information about the library for JavaScript see the `CodeQL library for Python <https://help.semmle.com/qldoc/python/>`__.

5
docs/language/learn-ql/ql-training.rst
View File

@@ -57,9 +57,8 @@ CodeQL and variant analysis for Java
- `Exercise: Apache Struts <../ql-training/java/apache-struts-java.html>`__an example demonstrating how to develop a data flow query.
- `Introduction to global data flow <../ql-training/java/global-data-flow-java.html>`__an introduction to analyzing global data flow in Java using CodeQL.
More resources
~~~~~~~~~~~~~~
Further reading
~~~~~~~~~~~~~~~
- If you are completely new to CodeQL, look at our introductory topics in :doc:`Learning CodeQL <index>`.
- To find more detailed information about how to write queries for specific languages, visit the links in :ref:`Writing CodeQL queries <writing-ql-queries>`.
- To see examples of CodeQL queries that have been used to find security vulnerabilities and bugs in open source software projects, visit the `GitHub Security Lab website <https://securitylab.github.com/research>`__ and the associated `repository <https://github.com/github/security-lab>`__.

2
docs/language/learn-ql/writing-queries/query-metadata.rst
View File

@@ -1,7 +1,7 @@
Metadata for CodeQL queries
===========================
Metadata is used to tell users important information about CodeQL queries. You must include the correct query metadata in a query to be able to view query results in source code.
Metadata tells users important information about CodeQL queries. You must include the correct query metadata in a query to be able to view query results in source code.
About query metadata
--------------------

13
docs/language/learn-ql/writing-queries/writing-queries.rst
View File

@@ -4,7 +4,7 @@ CodeQL queries
CodeQL queries are used in code scanning analyses to find problems in source code, including potential security vulnerabilities.
.. toctree::
:maxdepth: 1
:hidden:
introduction-to-queries
query-metadata
@@ -13,4 +13,13 @@ CodeQL queries are used in code scanning analyses to find problems in source cod
../locations
../intro-to-data-flow
path-queries
debugging-queries
debugging-queries
- :doc:`About CodeQL queries <introduction-to-queries>`: CodeQL queries are used to analyze code for issues related to security, correctness, maintainability, and readability.
- :doc:`Metadata for CodeQL queries <query-metadata>`: Metadata tells users important information about CodeQL queries. You must include the correct query metadata in a query to be able to view query results in source code.
- :doc:`Query help files <query-help>`: Query help files tell users the purpose of a query, and recommend how to solve the potential problem the query finds.
- :doc:`Defining the results of a query <select-statement>`: You can control how analysis results are displayed in source code by modifying a query's ``select`` statement.
- :doc:`Providing locations in CodeQL queries <../locations>`: CodeQL includes mechanisms for extracting the location of elements in a codebase. Use these mechanisms when writing custom CodeQL queries and libraries to help display information to users.
- :doc:`About data flow analysis <../intro-to-data-flow>`: Data flow analysis is used to compute the possible values that a variable can hold at various points in a program, determining how those values propagate through the program and where they are used.
- :doc:`Creating path queries <path-queries>`: You can create path queries to visualize the flow of information through a codebase.
- :doc:`trouble shooting query performance <debugging-queries>`: Improve the performance of your CodeQL queries by following a few simple guidelines.