From fdf77ad2b99ff13205320e0a1ea624049c93c4f1 Mon Sep 17 00:00:00 2001 From: Felicity Chapman Date: Fri, 14 Jan 2022 15:07:29 +0000 Subject: [PATCH 1/4] Update version numbers for LGTM 1.29 --- docs/codeql/support/conf.py | 9 ++++++--- docs/codeql/support/framework-support.rst | 2 +- docs/codeql/support/language-support.rst | 3 +-- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/docs/codeql/support/conf.py b/docs/codeql/support/conf.py index 3d2f5d6cf81..b4000e35b95 100644 --- a/docs/codeql/support/conf.py +++ b/docs/codeql/support/conf.py @@ -41,9 +41,12 @@ project = u'Supported languages and frameworks for LGTM Enterprise' # The version info for this project, if different from version and release in main conf.py file. # The short X.Y version. -version = u'1.27' -# The full version, including alpha/beta/rc tags. -release = u'1.27' + +# LGTM Enterprise release +release = u'1.29' + +# CodeQL CLI version used by LGTM Enterprise release +version = u'2.6.4' # -- Project-specifc options for HTML output ---------------------------------------------- diff --git a/docs/codeql/support/framework-support.rst b/docs/codeql/support/framework-support.rst index d04293adfe5..8f9664cf63e 100644 --- a/docs/codeql/support/framework-support.rst +++ b/docs/codeql/support/framework-support.rst @@ -1,7 +1,7 @@ Frameworks and libraries ######################## -The libraries and queries in version |version| have been explicitly checked against the libraries and frameworks listed below. +LGTM Enterprise |release| includes CodeQL CLI |version|. The CodeQL libraries and queries used by this version of LGTM Enterprise have been explicitly checked against the libraries and frameworks listed below. .. pull-quote:: diff --git a/docs/codeql/support/language-support.rst b/docs/codeql/support/language-support.rst index b716b802427..034d5db23f0 100644 --- a/docs/codeql/support/language-support.rst +++ b/docs/codeql/support/language-support.rst @@ -1,8 +1,7 @@ Languages and compilers ####################### -CodeQL and LGTM version |version| support analysis of the following languages compiled by the following compilers. -(CodeQL was previously known as QL.) +LGTM Enterprise |release| includes CodeQL CLI |version|. LGTM Enterprise supports analysis of the following languages compiled by the following compilers. Note that where there are several versions or dialects of a language, the supported variants are listed. If your code requires a particular version of a compiler, check that this version is included below. From e7dde79d50809dcb3ff00b9eae199c13c2e636f7 Mon Sep 17 00:00:00 2001 From: Felicity Chapman Date: Mon, 17 Jan 2022 17:14:58 +0000 Subject: [PATCH 2/4] Add note and link to main CodeQL CLI docs --- docs/codeql/support/framework-support.rst | 6 ++++++ docs/codeql/support/language-support.rst | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/docs/codeql/support/framework-support.rst b/docs/codeql/support/framework-support.rst index 8f9664cf63e..a99bc084a72 100644 --- a/docs/codeql/support/framework-support.rst +++ b/docs/codeql/support/framework-support.rst @@ -3,6 +3,12 @@ Frameworks and libraries LGTM Enterprise |release| includes CodeQL CLI |version|. The CodeQL libraries and queries used by this version of LGTM Enterprise have been explicitly checked against the libraries and frameworks listed below. +.. pull-quote:: + + Note + + For details of language and compiler support in the most recent release of the CodeQL CLI, see `Supported languages and frameworks `__ in the CodeQL CLI documentation. + .. pull-quote:: Tip diff --git a/docs/codeql/support/language-support.rst b/docs/codeql/support/language-support.rst index 034d5db23f0..49b90693a7c 100644 --- a/docs/codeql/support/language-support.rst +++ b/docs/codeql/support/language-support.rst @@ -3,6 +3,12 @@ Languages and compilers LGTM Enterprise |release| includes CodeQL CLI |version|. LGTM Enterprise supports analysis of the following languages compiled by the following compilers. +.. pull-quote:: + + Note + + For details of language and compiler support in the most recent release of the CodeQL CLI, see `Supported languages and frameworks `__ in the CodeQL CLI documentation. + Note that where there are several versions or dialects of a language, the supported variants are listed. If your code requires a particular version of a compiler, check that this version is included below. If you have any questions about language and compiler support, you can find help on the `GitHub Security Lab discussions board `__. From e0110bd25ee3054a5852297fd733192d0002a803 Mon Sep 17 00:00:00 2001 From: Felicity Chapman Date: Mon, 17 Jan 2022 17:20:00 +0000 Subject: [PATCH 3/4] FIx typo in new note --- docs/codeql/support/framework-support.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/codeql/support/framework-support.rst b/docs/codeql/support/framework-support.rst index a99bc084a72..d12b1a96c8f 100644 --- a/docs/codeql/support/framework-support.rst +++ b/docs/codeql/support/framework-support.rst @@ -7,7 +7,7 @@ LGTM Enterprise |release| includes CodeQL CLI |version|. The CodeQL libraries an Note - For details of language and compiler support in the most recent release of the CodeQL CLI, see `Supported languages and frameworks `__ in the CodeQL CLI documentation. + For details of framework and library support in the most recent release of the CodeQL CLI, see `Supported languages and frameworks `__ in the CodeQL CLI documentation. .. pull-quote:: From 51e8b4c7edbbf4226283da1e703db1eaa46343ff Mon Sep 17 00:00:00 2001 From: Felicity Chapman Date: Wed, 19 Jan 2022 14:26:52 +0000 Subject: [PATCH 4/4] Port changes from main to rc/3.3 to avoid regression --- docs/codeql/support/ql-training.rst | 30 ++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/docs/codeql/support/ql-training.rst b/docs/codeql/support/ql-training.rst index bb4dc9a3f2e..6eb8019e5c9 100644 --- a/docs/codeql/support/ql-training.rst +++ b/docs/codeql/support/ql-training.rst @@ -25,7 +25,7 @@ When you have selected a presentation, use |arrow-r| and |arrow-l| to navigate b Press **p** to view the additional notes on slides that have an information icon |info| in the top right corner, and press **f** to enter full-screen mode. The presentations contain a number of query examples. -We recommend that you download `CodeQL for Visual Studio Code `__ and add the example database for each presentation so that you can find the bugs mentioned in the slides. +We recommend that you download `CodeQL for Visual Studio Code `__ and add the example database for each presentation so that you can find the bugs mentioned in the slides. .. pull-quote:: @@ -39,25 +39,25 @@ We recommend that you download `CodeQL for Visual Studio Code `__–an introduction to variant analysis and CodeQL for C/C++ programmers. -- `Example: Bad overflow guard `__–an example of iterative query development to find bad overflow guards in a C++ project. -- `Program representation: CodeQL for C/C++ `__–information on how CodeQL analysis represents C/C++ programs. -- `Introduction to local data flow `__–an introduction to analyzing local data flow in C/C++ using CodeQL, including an example demonstrating how to develop a query to find a real CVE. -- `Exercise: snprintf overflow `__–an example demonstrating how to develop a data flow query. -- `Introduction to global data flow `__–an introduction to analyzing global data flow in C/C++ using CodeQL. -- `Analyzing control flow: CodeQL for C/C++ `__–an introduction to analyzing control flow in C/C++ using CodeQL. +- `Introduction to variant analysis: CodeQL for C/C++ `__–an introduction to variant analysis and CodeQL for C/C++ programmers. +- `Example: Bad overflow guard `__–an example of iterative query development to find bad overflow guards in a C++ project. +- `Program representation: CodeQL for C/C++ `__–information on how CodeQL analysis represents C/C++ programs. +- `Introduction to local data flow `__–an introduction to analyzing local data flow in C/C++ using CodeQL, including an example demonstrating how to develop a query to find a real CVE. +- `Exercise: snprintf overflow `__–an example demonstrating how to develop a data flow query. +- `Introduction to global data flow `__–an introduction to analyzing global data flow in C/C++ using CodeQL. +- `Analyzing control flow: CodeQL for C/C++ `__–an introduction to analyzing control flow in C/C++ using CodeQL. CodeQL and variant analysis for Java ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -- `Introduction to variant analysis: CodeQL for Java `__–an introduction to variant analysis and CodeQL for Java programmers. -- `Example: Query injection `__–an example of iterative query development to find unsanitized SPARQL injections in a Java project. -- `Program representation: CodeQL for Java `__–information on how CodeQL analysis represents Java programs. -- `Introduction to local data flow `__–an introduction to analyzing local data flow in Java using CodeQL, including an example demonstrating how to develop a query to find a real CVE. -- `Exercise: Apache Struts `__–an example demonstrating how to develop a data flow query. -- `Introduction to global data flow `__–an introduction to analyzing global data flow in Java using CodeQL. +- `Introduction to variant analysis: CodeQL for Java `__–an introduction to variant analysis and CodeQL for Java programmers. +- `Example: Query injection `__–an example of iterative query development to find unsanitized SPARQL injections in a Java project. +- `Program representation: CodeQL for Java `__–information on how CodeQL analysis represents Java programs. +- `Introduction to local data flow `__–an introduction to analyzing local data flow in Java using CodeQL, including an example demonstrating how to develop a query to find a real CVE. +- `Exercise: Apache Struts `__–an example demonstrating how to develop a data flow query. +- `Introduction to global data flow `__–an introduction to analyzing global data flow in Java using CodeQL. Further reading ~~~~~~~~~~~~~~~ -- `GitHub Security Lab `__ \ No newline at end of file +- `GitHub Security Lab `__