remove lgtm from presentations

2026-04-26 17:25:19 +02:00 · 2023-07-19 09:33:13 +01:00
parent ff78ac98d2
commit 70076fd3f0
13 changed files with 15 additions and 200 deletions
--- a/docs/codeql/ql-training/cpp/bad-overflow-guard.rst
+++ b/docs/codeql/ql-training/cpp/bad-overflow-guard.rst
@@ -9,22 +9,7 @@ CodeQL for C/C++
 Setup
 =====

-For this example you should download:
-
- `CodeQL for Visual Studio Code <https://codeql.github.com/docs/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code/>`__
- `ChakraCore database <https://downloads.lgtm.com/snapshots/cpp/microsoft/chakracore/ChakraCore-revision-2017-April-12--18-13-26.zip>`__
-
-.. note::
-
-   For the examples in this presentation, we will be analyzing `ChakraCore <https://github.com/Chakra-Core/ChakraCore/>`__.
-
-   You can query the project in `the query console <https://lgtm.com/query/project:2034240708/lang:cpp/>`__ on LGTM.com.
-
-   .. insert database-note.rst to explain differences between database available to download and the version available in the query console.
-
-   .. include:: ../slide-snippets/database-note.rst
-
-   .. resume slides
+For this example you need to set up `CodeQL for Visual Studio Code <https://codeql.github.com/docs/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code/>`__ and download the CodeQL database for `ChakraCore <https://github.com/Chakra-Core/ChakraCore/>`__ from GitHub.

 Checking for overflow in C
 ==========================
--- a/docs/codeql/ql-training/cpp/control-flow-cpp.rst
+++ b/docs/codeql/ql-training/cpp/control-flow-cpp.rst
@@ -11,22 +11,7 @@ CodeQL for C/C++
 Setup
 =====

-For this example you should download:
-
- `CodeQL for Visual Studio Code <https://codeql.github.com/docs/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code/>`__
- `ChakraCore database <https://downloads.lgtm.com/snapshots/cpp/microsoft/chakracore/ChakraCore-revision-2017-April-12--18-13-26.zip>`__
-
-.. note::
-
-   For the examples in this presentation, we will be analyzing `ChakraCore <https://github.com/Chakra-Core/ChakraCore/>`__.
-
-   You can query the project in `the query console <https://lgtm.com/query/project:2034240708/lang:cpp/>`__ on LGTM.com.
-
-   .. insert database-note.rst to explain differences between database available to download and the version available in the query console.
-
-   .. include:: ../slide-snippets/database-note.rst
-
-   .. resume slides
+For this example you need to set up `CodeQL for Visual Studio Code <https://codeql.github.com/docs/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code/>`__ and download the CodeQL database for `ChakraCore <https://github.com/Chakra-Core/ChakraCore/>`__ from GitHub.


 .. rst-class:: agenda
--- a/docs/codeql/ql-training/cpp/data-flow-cpp.rst
+++ b/docs/codeql/ql-training/cpp/data-flow-cpp.rst
@@ -9,22 +9,7 @@ Finding string formatting vulnerabilities in C/C++
 Setup
 =====

-For this example you should download:
-
- `CodeQL for Visual Studio Code <https://codeql.github.com/docs/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code/>`__
- `dotnet/coreclr database <http://downloads.lgtm.com/snapshots/cpp/dotnet/coreclr/dotnet_coreclr_fbe0c77.zip>`__
-
-.. note::
-
-   For the examples in this presentation, we will be analyzing `dotnet/coreclr <https://github.com/dotnet/coreclr>`__.
-
-   You can query the project in `the query console <https://lgtm.com/query/projects:1505958977333/lang:cpp/>`__ on LGTM.com.
-
-   .. insert database-note.rst to explain differences between database available to download and the version available in the query console.
-
-   .. include:: ../slide-snippets/database-note.rst
-
-   .. resume slides
+For this example you need to set up `CodeQL for Visual Studio Code <https://codeql.github.com/docs/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code/>`__ and download the CodeQL database for `dotnet/coreclr <https://github.com/dotnet/coreclr>`__ from GitHub.

 .. rst-class:: agenda

--- a/docs/codeql/ql-training/cpp/global-data-flow-cpp.rst
+++ b/docs/codeql/ql-training/cpp/global-data-flow-cpp.rst
@@ -9,22 +9,7 @@ CodeQL for C/C++
 Setup
 =====

-For this example you should download:
-
- `CodeQL for Visual Studio Code <https://codeql.github.com/docs/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code/>`__
- `dotnet/coreclr database <http://downloads.lgtm.com/snapshots/cpp/dotnet/coreclr/dotnet_coreclr_fbe0c77.zip>`__
-
-.. note::
-
-   For the examples in this presentation, we will be analyzing `dotnet/coreclr <https://github.com/dotnet/coreclr>`__.
-
-   You can query the project in `the query console <https://lgtm.com/query/projects:1505958977333/lang:cpp/>`__ on LGTM.com.
-
-   .. insert database-note.rst to explain differences between database available to download and the version available in the query console.
-
-   .. include:: ../slide-snippets/database-note.rst
-
-   .. resume slides
+For this example you need to set up `CodeQL for Visual Studio Code <https://codeql.github.com/docs/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code/>`__ and download the CodeQL database for `dotnet/coreclr <https://github.com/dotnet/coreclr>`__ from GitHub.

 .. rst-class:: agenda

--- a/docs/codeql/ql-training/cpp/intro-ql-cpp.rst
+++ b/docs/codeql/ql-training/cpp/intro-ql-cpp.rst
@@ -9,22 +9,7 @@ CodeQL for C/C++
 Setup
 =====

-For this example you should download:
-
- `CodeQL for Visual Studio Code <https://codeql.github.com/docs/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code/>`__
- `exiv2 database <http://downloads.lgtm.com/snapshots/cpp/exiv2/Exiv2_exiv2_b090f4d.zip>`__
-
-.. note::
-
-   For this example, we will be analyzing `exiv2 <https://github.com/Exiv2/exiv2>`__.
-
-   You can also query the project in `the query console <https://lgtm.com/query/project:1506532406873/lang:cpp/>`__ on LGTM.com.
-
-   .. insert database-note.rst to explain differences between database available to download and the version available in the query console.
-
-   .. include:: ../slide-snippets/database-note.rst
-
-   .. resume slides
+For this example you need to set up `CodeQL for Visual Studio Code <https://codeql.github.com/docs/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code/>`__ and download the CodeQL database for `exiv2 <https://github.com/Exiv2/exiv2>`__ from GitHub.

 .. Include language-agnostic section here

@@ -66,7 +51,7 @@ A simple CodeQL query

 .. note::

-   We are going to write a simple query which finds “if statements” with empty “then” blocks, so we can highlight the results like those on the previous slide. The query can be run in the `query console on LGTM <https://lgtm.com/query>`__, or in your `IDE <https://lgtm.com/help/lgtm/running-queries-ide>`__.
+   We are going to write a simple query which finds “if statements” with empty “then” blocks, so we can highlight the results like those on the previous slide.

   A `query <https://codeql.github.com/docs/ql-language-reference/queries/>`__ consists of a “select” clause that indicates what results should be returned. Typically it will also provide a “from” clause to declare some variables, and a “where” clause to state conditions over those variables. For more information on the structure of query files (including links to useful topics in the `QL language reference <https://codeql.github.com/docs/ql-language-reference/>`__), see `About CodeQL queries <https://codeql.github.com/docs/writing-codeql-queries/about-codeql-queries/>`__.

@@ -203,6 +188,3 @@ Model answer: redundant if-statement

 .. literalinclude:: ../query-examples/cpp/empty-if-cpp-model.ql

-.. note::
-
-  You can explore the results generated when this query is run on exiv2 in LGTM `here <https://lgtm.com/query/4641433299746527262/>`__.
--- a/docs/codeql/ql-training/cpp/snprintf.rst
+++ b/docs/codeql/ql-training/cpp/snprintf.rst
@@ -9,22 +9,7 @@ CodeQL for C/C++
 Setup
 =====

-For this example you should download:
-
- `CodeQL for Visual Studio Code <https://codeql.github.com/docs/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code/>`__
- `rsyslog database <https://downloads.lgtm.com/snapshots/cpp/rsyslog/rsyslog/rsyslog-all-revision-2018-April-27--14-12-31.zip>`__
-
-.. note::
-
-   For this example, we will be analyzing `rsyslog <https://github.com/rsyslog/rsyslog>`__.
-
-   You can also query the project in `the query console <https://lgtm.com/query/project:1506087977050/lang:cpp/>`__ on LGTM.com.
-
-   .. insert database-note.rst to explain differences between database available to download and the version available in the query console.
-
-   .. include:: ../slide-snippets/database-note.rst
-
-   .. resume slides
+For this example you need to set up `CodeQL for Visual Studio Code <https://codeql.github.com/docs/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code/>`__ and download the CodeQL database for `rsyslog <https://github.com/rsyslog/rsyslog>`__ from GitHub.

 ``snprintf``
 ============
@@ -94,8 +79,6 @@ Model answer

 .. rst-class:: build

- More full-featured version: `https://lgtm.com/rules/1505913226124 <https://lgtm.com/rules/1505913226124>`__.
-
 .. note::

  The regular expression for matching the format string uses the “(?s)” directive to ensure that “.” also matches any newline characters embedded in the string.
--- a/docs/codeql/ql-training/java/apache-struts-java.rst
+++ b/docs/codeql/ql-training/java/apache-struts-java.rst
@@ -13,22 +13,7 @@ Exercise: Apache Struts
 Setup
 =====

-For this example you should download:
-
- `CodeQL for Visual Studio Code <https://codeql.github.com/docs/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code/>`__
- `Apache Struts database <https://downloads.lgtm.com/snapshots/java/apache/struts/apache-struts-7fd1622-CVE-2018-11776.zip>`__
-
-.. note::
-
-   For this example, we will be analyzing `Apache Struts <https://github.com/apache/struts>`__.
-
-   You can also query the project in `the query console <https://lgtm.com/query/project:1878521151/lang:java/>`__ on LGTM.com.
-
-   .. insert database-note.rst to explain differences between database available to download and the version available in the query console.
-
-   .. include:: ../slide-snippets/database-note.rst
-
-   .. resume slides
+For this example you need to set up `CodeQL for Visual Studio Code <https://codeql.github.com/docs/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code/>`__ and download the CodeQL database for `Apache Struts <https://github.com/apache/struts>`__ from GitHub.

 Unsafe deserialization in Struts
 ================================
@@ -45,7 +30,7 @@ which is intended to populate the ``target`` object with data from the reader, u
 RCE in Apache Struts
 ====================

- Vulnerable code looked like this (`original <https://lgtm.com/projects/g/apache/struts/snapshot/b434c23f95e0f9d5bde789bfa07f8fc1d5a8951d/files/plugins/rest/src/main/java/org/apache/struts2/rest/handler/XStreamHandler.java?sort=name&dir=ASC&mode=heatmap#L45>`__):
+- Vulnerable code looked like this:

   .. code-block:: java
   
--- a/docs/codeql/ql-training/java/data-flow-java.rst
+++ b/docs/codeql/ql-training/java/data-flow-java.rst
@@ -9,22 +9,7 @@ Finding SPARQL injection vulnerabilities in Java
 Setup
 =====

-For this example you should download:
-
- `CodeQL for Visual Studio Code <https://codeql.github.com/docs/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code/>`__
- `VIVO Vitro database <http://downloads.lgtm.com/snapshots/java/vivo-project/Vitro/vivo-project_Vitro_java-srcVersion_47ae42c01954432c3c3b92d5d163551ce367f510-dist_odasa-lgtm-2019-04-23-7ceff95-linux64.zip>`__
-
-.. note::
-
-   For this example, we will be analyzing `VIVO Vitro <https://github.com/vivo-project/Vitro>`__.
-
-   You can also query the project in `the query console <https://lgtm.com/query/project:14040005/lang:java/>`__ on LGTM.com.
-
-   .. insert database-note.rst to explain differences between database available to download and the version available in the query console.
-
-   .. include:: ../slide-snippets/database-note.rst
-
-   .. resume slides
+For this example you need to set up `CodeQL for Visual Studio Code <https://codeql.github.com/docs/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code/>`__ and download the CodeQL database for `VIVO Vitro <https://github.com/vivo-project/Vitro>`__ from GitHub.

 .. rst-class:: agenda

--- a/docs/codeql/ql-training/java/global-data-flow-java.rst
+++ b/docs/codeql/ql-training/java/global-data-flow-java.rst
@@ -9,22 +9,7 @@ CodeQL for Java
 Setup
 =====

-For this example you should download:
-
- `CodeQL for Visual Studio Code <https://codeql.github.com/docs/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code/>`__
- `Apache Struts database <https://downloads.lgtm.com/snapshots/java/apache/struts/apache-struts-7fd1622-CVE-2018-11776.zip>`__
-
-.. note::
-
-   For this example, we will be analyzing `Apache Struts <https://github.com/apache/struts>`__.
-
-   You can also query the project in `the query console <https://lgtm.com/query/project:1878521151/lang:java/>`__ on LGTM.com.
-
-   .. insert database-note.rst to explain differences between database available to download and the version available in the query console.
-
-   .. include:: ../slide-snippets/database-note.rst
-
-   .. resume slides
+For this example you need to set up `CodeQL for Visual Studio Code <https://codeql.github.com/docs/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code/>`__ and download the CodeQL database for `Apache Struts <https://github.com/apache/struts>`__ from GitHub.

 .. rst-class:: agenda

--- a/docs/codeql/ql-training/java/intro-ql-java.rst
+++ b/docs/codeql/ql-training/java/intro-ql-java.rst
@@ -9,22 +9,7 @@ CodeQL for Java
 Setup
 =====

-For this example you should download:
-
- `CodeQL for Visual Studio Code <https://codeql.github.com/docs/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code/>`__
- `Apache Struts database <https://downloads.lgtm.com/snapshots/java/apache/struts/apache-struts-7fd1622-CVE-2018-11776.zip>`__
-
-.. note::
-
-   For this example, we will be analyzing `Apache Struts <https://github.com/apache/struts>`__.
-
-   You can also query the project in `the query console <https://lgtm.com/query/project:1878521151/lang:java/>`__ on LGTM.com.
-
-   .. insert database-note.rst to explain differences between database available to download and the version available in the query console.
-
-   .. include:: ../slide-snippets/database-note.rst
-
-   .. resume slides
+For this example you need to set up `CodeQL for Visual Studio Code <https://codeql.github.com/docs/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code/>`__ and download the CodeQL database for `Apache Struts <https://github.com/apache/struts>`__ from GitHub.

 .. Include language-agnostic section here

@@ -66,7 +51,7 @@ A simple CodeQL query

 .. note::

-   We are going to write a simple query which finds “if statements” with empty “then” blocks, so we can highlight the results like those on the previous slide. The query can be run in the `query console on LGTM <https://lgtm.com/query>`__, or in your `IDE <https://lgtm.com/help/lgtm/running-queries-ide>`__.
+   We are going to write a simple query which finds “if statements” with empty “then” blocks, so we can highlight the results like those on the previous slide.

   A `query <https://codeql.github.com/docs/ql-language-reference/queries/>`__ consists of a “select” clause that indicates what results should be returned. Typically it will also provide a “from” clause to declare some variables, and a “where” clause to state conditions over those variables. For more information on the structure of query files (including links to useful topics in the `QL language reference <https://codeql.github.com/docs/ql-language-reference/>`__), see `About CodeQL queries <https://codeql.github.com/docs/writing-codeql-queries/about-codeql-queries/>`__.

@@ -201,7 +186,3 @@ Model answer: redundant if-statement
 ====================================

 .. literalinclude:: ../query-examples/java/empty-if-java-model.ql
-
-.. note::
-
-  You can explore the results generated when this query is run on apache/struts in LGTM `here <https://lgtm.com/query/1269550358355690774/>`__.
--- a/docs/codeql/ql-training/java/query-injection-java.rst
+++ b/docs/codeql/ql-training/java/query-injection-java.rst
@@ -9,22 +9,7 @@ CodeQL for Java
 Setup
 =====

-For this example you should download:
-
- `CodeQL for Visual Studio Code <https://codeql.github.com/docs/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code/>`__
- `VIVO Vitro database <http://downloads.lgtm.com/snapshots/java/vivo-project/Vitro/vivo-project_Vitro_java-srcVersion_47ae42c01954432c3c3b92d5d163551ce367f510-dist_odasa-lgtm-2019-04-23-7ceff95-linux64.zip>`__
-
-.. note::
-
-   For this example, we will be analyzing `VIVO Vitro <https://github.com/vivo-project/Vitro>`__.
-
-   You can also query the project in `the query console <https://lgtm.com/query/project:14040005/lang:java/>`__ on LGTM.com.
-   
-   .. insert database-note.rst to explain differences between database available to download and the version available in the query console.
-
-   .. include:: ../slide-snippets/database-note.rst
-
-   .. resume slides
+For this example you need to set up `CodeQL for Visual Studio Code <https://codeql.github.com/docs/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code/>`__ and download the CodeQL database for `VIVO Vitro <https://github.com/vivo-project/Vitro>`__ from GitHub.

 SQL injection
 =============
--- a/docs/codeql/ql-training/slide-snippets/database-note.rst
+++ b/docs/codeql/ql-training/slide-snippets/database-note.rst
@@ -1,9 +0,0 @@
-You can download the database as a zip file by clicking the link on the slide above. To use the database in CodeQL for Visual Studio Code:
-
-#. Unzip the file
-#. Add the unzipped database to Visual Studio Code
-#. Upgrade the database if necessary
-
-For further information, see `Analyzing your projects <https://codeql.github.com/docs/codeql-for-visual-studio-code/analyzing-your-projects/>`__ in the CodeQL for Visual Studio Code help.
-
-Note that results generated in the query console are likely to differ to those generated in CodeQL for Visual Studio Code as LGTM.com analyzes the most recent revisions of each project that has been added–the CodeQL database available to download above is based on an historical version of the codebase.
--- a/docs/codeql/ql-training/slide-snippets/intro-ql-general.rst
+++ b/docs/codeql/ql-training/slide-snippets/intro-ql-general.rst
@@ -107,7 +107,7 @@ Analysis overview

  Queries are written in QL and usually depend on one or more of the `standard CodeQL libraries <https://github.com/github/codeql>`__ (and of course you can write your own custom libraries). They are compiled into an efficiently executable format by the QL compiler and then run on a CodeQL database by the QL evaluator, either on a remote worker machine or locally on a developer’s machine.

-  Query results can be interpreted and presented in a variety of ways, including displaying them in an `IDE extension <https://lgtm.com/help/lgtm/running-queries-ide>`__ such as CodeQL for Visual Studio Code, or in a web dashboard as on `LGTM <https://lgtm.com/help/lgtm/about-lgtm>`__.
+  Query results can be interpreted and presented in a variety of ways, including displaying them in CodeQL for Visual Studio Code.

 Introducing QL
 ==============
@@ -131,5 +131,3 @@ QL is:
  - The language is declarative–the user focuses on stating what they would like to find, and leaves the details of how to evaluate the query to the engine. 
  - The object-oriented layer allows us to develop rich standard libraries for program analysis. These model the common AST node types, control flow and name lookup, and define further layers on top–for example control flow or data flow analysis. The `standard CodeQL libraries and queries <https://github.com/github/codeql>`__ ship as source and can be inspected by the user, and new abstractions are readily defined.
  - The database generated by the CodeQL tools is treated as read-only; queries cannot insert new data into it, though they can inspect its contents in various ways.
-
-  You can start writing running queries on open source projects in the `query console <https://lgtm.com/query>`__ on LGTM.com. You can also download CodeQL databases from LGTM.com to query locally, by `running queries in your IDE <https://lgtm.com/help/lgtm/running-queries-ide>`__.