hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 19:55:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add reusable for other resources and make 'Further reading' section

Browse Source
This commit is contained in:
Felicity Chapman
2020-02-18 12:16:33 +00:00
parent 38e40622f1
commit 8ab4cebc9b
7 changed files with 40 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
docs/language/learn-ql/python/control-flow.rst
View File

@@ -108,8 +108,8 @@ Combining these conditions we get:
`See this in the query console <https://lgtm.com/query/671000028/>`__. This typically gives a very large number of results, because it is a common occurrence in normal control flow. It is, however, an example of the sort of control-flow analysis that is possible. Control-flow analyses such as this are an important aid to data flow analysis which is covered in the next tutorial.
What next?
----------
Further reading
---------------
- Experiment with the worked examples in the tutorial topic :doc:`Taint tracking and data flow analysis in Python <taint-tracking>`.
- Find out more about QL in the `QL language handbook <https://help.semmle.com/QL/ql-handbook/index.html>`__ and `QL language specification <https://help.semmle.com/QL/ql-spec/language.html>`__.
- ":doc:`Analyzing data flow and tracking tainted data in Python <taint-tracking>`"
.. include:: ../../reusables/python-other-resources.rst

11
docs/language/learn-ql/python/functions.rst
View File

@@ -78,8 +78,11 @@ The ``Call`` class represents calls in Python. The ``Call.getFunc()`` predicate
Due to the dynamic nature of Python, this query will select any call of the form ``eval(...)`` regardless of whether it is a call to the built-in function ``eval`` or not.
In a later tutorial we will see how to use the type-inference library to find calls to the built-in function ``eval`` regardless of name of the variable called.
What next?
----------
Further reading
---------------
- Experiment with the worked examples in the following tutorial topics: :doc:`Statements and expressions <statements-expressions>`, :doc:`Control flow <control-flow>`, and :doc:`Points-to analysis and type inference <pointsto-type-infer>`.
- Find out more about QL in the `QL language handbook <https://help.semmle.com/QL/ql-handbook/index.html>`__ and `QL language specification <https://help.semmle.com/QL/ql-spec/language.html>`__.
- ":doc:`Expressions and statements in Python <statements-expressions>`"
- ":doc:`Pointer analysis and type inference in Python <pointsto-type-infer>`"
- ":doc:`Analyzing control flow in Python <control-flow>`"
- ":doc:`Analyzing data flow and tracking tainted data in Python <taint-tracking>`"
.. include:: ../../reusables/python-other-resources.rst

12
docs/language/learn-ql/python/introduce-libraries-python.rst
View File

@@ -329,8 +329,12 @@ Summary
These classes are explained in more detail in :doc:`Tutorial: Taint tracking and data flow analysis in Python <taint-tracking>`.
What next?
----------
Further reading
---------------
- Experiment with the worked examples in the following tutorial topics: :doc:`Functions <functions>`, :doc:`Statements and expressions <statements-expressions>`, :doc:`Control flow <control-flow>`, :doc:`Points-to analysis and type inference <pointsto-type-infer>`, and :doc:`Taint tracking and data flow analysis in Python <taint-tracking>`.
- Find out more about QL in the `QL language handbook <https://help.semmle.com/QL/ql-handbook/index.html>`__ and `QL language specification <https://help.semmle.com/QL/ql-spec/language.html>`__.
- ":doc:`Functions in Python <functions>`"
- ":doc:`Expressions and statements in Python <statements-expressions>`"
- ":doc:`Pointer analysis and type inference in Python <pointsto-type-infer>`"
- ":doc:`Analyzing control flow in Python <control-flow>`"
- ":doc:`Analyzing data flow and tracking tainted data in Python <taint-tracking>`"
.. include:: ../../reusables/python-other-resources.rst

9
docs/language/learn-ql/python/pointsto-type-infer.rst
View File

@@ -227,8 +227,9 @@ Then we can use ``Value.getACall()`` to identify calls to the ``eval`` function,
`See this in the query console <https://lgtm.com/query/535131812579637425/>`__. This accurately identifies calls to the builtin ``eval`` function even when they are referred to using an alternative name. Any false positive results with calls to other ``eval`` functions, reported by the original query, have been eliminated.
What next?
----------
Further reading
---------------
- Find out more about QL in the `QL language handbook <https://help.semmle.com/QL/ql-handbook/index.html>`__ and `QL language specification <https://help.semmle.com/QL/ql-spec/language.html>`__.
- Read a description of the CodeQL database in :doc:`What's in a CodeQL database? <../database>`
- ":doc:`Analyzing control flow in Python <control-flow>`"
- ":doc:`Analyzing data flow and tracking tainted data in Python <taint-tracking>`"
.. include:: ../../reusables/python-other-resources.rst

11
docs/language/learn-ql/python/statements-expressions.rst
View File

@@ -273,8 +273,11 @@ Here is the relevant part of the class hierarchy:
- ``Class``
- ``Function``
What next?
----------
Further reading
---------------
- Experiment with the worked examples in the following tutorial topics: :doc:`Control flow <control-flow>` and :doc:`Points-to analysis and type inference <pointsto-type-infer>`.
- Find out more about QL in the `QL language handbook <https://help.semmle.com/QL/ql-handbook/index.html>`__ and `QL language specification <https://help.semmle.com/QL/ql-spec/language.html>`__.
- ":doc:`Functions in Python <functions>`"
- ":doc:`Pointer analysis and type inference in Python <pointsto-type-infer>`"
- ":doc:`Analyzing control flow in Python <control-flow>`"
- ":doc:`Analyzing data flow and tracking tainted data in Python <taint-tracking>`"
.. include:: ../../reusables/python-other-resources.rst

10
docs/language/learn-ql/python/taint-tracking.rst
View File

@@ -253,8 +253,10 @@ which defines the simplest possible taint kind class, ``HardcodedValue``, and cu
}
}
What next?
----------
Further reading
---------------
- Experiment with the worked examples in the following tutorial topics: :doc:`Control flow <control-flow>` and :doc:`Points-to analysis and type inference <pointsto-type-infer>`.
- Find out more about QL in the `QL language handbook <https://help.semmle.com/QL/ql-handbook/index.html>`__ and `QL language specification <https://help.semmle.com/QL/ql-spec/language.html>`__.
- ":doc:`Pointer analysis and type inference in Python <pointsto-type-infer>`"
- ":doc:`Analyzing control flow in Python <control-flow>`"
- ":doc:`Analyzing data flow and tracking tainted data in Python <taint-tracking>`"
.. include:: ../../reusables/python-other-resources.rst