hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 10:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #11433 from github/8441-general-changes

Browse Source 
LGTM deprecation: miscellaneous changes
This commit is contained in:
Felicity Chapman
2022-11-29 09:06:31 +00:00
committed by GitHub
parent 434c5ea188 59b6d657cc
commit 9780990836
25 changed files with 29 additions and 268 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.github/ISSUE_TEMPLATE/ql---general.md vendored
View File

@@ -10,5 +10,5 @@ assignees: ''
**Description of the issue**
<!-- Please explain briefly what is the problem.
If it is about an LGTM project, please include its URL.-->
If it is about a GitHub project, please include its URL. -->

4
cpp/ql/lib/definitions.qll
View File

@@ -12,8 +12,8 @@ import IDEContextual
*
* In some cases it is preferable to modify locations (the
* `hasLocationInfo()` predicate) so that they are short, and
* non-overlapping with other locations that might be highlighted in
* the LGTM interface.
* non-overlapping with other locations that might be reported as
* code scanning alerts on GitHub.
*
* We need to give locations that may not be in the database, so
* we use `hasLocationInfo()` rather than `getLocation()`.

4
cpp/ql/src/Likely Bugs/RedundantNullCheckSimple.ql
View File

@@ -12,8 +12,8 @@
*/
/*
* Note: this query is not assigned a precision yet because we don't want it on
* LGTM until its performance is well understood.
* Note: this query is not assigned a precision yet because we don't want it
* to be included in query suites until its performance is well understood.
*/
import cpp

2
cpp/ql/src/Metrics/Dependencies/ExternalDependencies.qll
View File

@@ -52,7 +52,7 @@ class Library extends LibraryT {
// The versions reported for C/C++ dependencies are just the versions that
// happen to be installed on the system where the build takes place.
// Reporting those versions is likely to cause misunderstandings, both for
// people reading them and for the vulnerability checker of lgtm.
// people reading them and for vulnerability checkers.
result = "unknown"
}

4
docs/codeql/codeql-overview/supported-languages-and-frameworks.rst
View File

@@ -16,7 +16,7 @@ CodeQL library packs (`source <https://github.com/github/codeql/tree/codeql-cli/
and CodeQL bundle (`releases <https://github.com/github/codeql-action/releases>`__)
support the following languages and compilers.
.. include:: ../support/reusables/versions-compilers.rst
.. include:: ../reusables/supported-versions-compilers.rst
Frameworks and libraries
########################
@@ -31,4 +31,4 @@ The current versions of the CodeQL library and query packs (`source <https://git
For example, by extending the data flow libraries to include data sources
and sinks for additional libraries or frameworks.
.. include:: ../support/reusables/frameworks.rst
.. include:: ../reusables/supported-frameworks.rst

4
docs/codeql/codeql-overview/system-requirements.rst
View File

@@ -10,8 +10,8 @@ System requirements for running the latest version of CodeQL.
Supported platforms
#######################
.. include:: ../support/reusables/platforms.rst
.. include:: ../reusables/supported-platforms.rst
.. include:: ../reusables/kotlin-beta-note.rst
Additional software requirements

1
docs/codeql/ql-language-reference/annotations.rst
View File

@@ -433,7 +433,6 @@ The ``bindingset`` annotation takes a comma-separated list of variables.
(for characteristic predicates and member predicates) and ``result`` (for predicates that return a result).
For more information, see ":ref:`predicate-binding`."
- When you annotate a class, each variable must be ``this`` or a field in the class.
Binding sets for classes are supported from release 2.3.0 of the CodeQL CLI, and release 1.26 of LGTM Enterprise.
.. Links to use in substitutions

4
docs/codeql/ql-language-reference/expressions.rst
View File

@@ -117,8 +117,6 @@ The values of the contained expressions need to be of :ref:`compatible types <ty
Furthermore, at least one of the set elements has to be of a type that is a supertype of the types of all
the other contained expressions.
Set literals are supported from release 2.1.0 of the CodeQL CLI, and release 1.24 of LGTM Enterprise.
.. index:: super
.. _super:
@@ -341,8 +339,6 @@ The following aggregates are available in QL:
where x in [-5 .. 5] and x != 0
select unique(int y | y = x or y = x.abs() | y)
The ``unique`` aggregate is supported from release 2.1.0 of the CodeQL CLI, and release 1.24 of LGTM Enterprise.
Evaluation of aggregates
========================

4
docs/codeql/ql-language-reference/ql-language-specification.rst
View File

@@ -1356,9 +1356,7 @@ Set literals can be of any type, but the types within a set literal have to be c
The values of a set literal expression are all the values of all the contained element expressions.
Set literals are supported from release 2.1.0 of the CodeQL CLI, and release 1.24 of LGTM Enterprise.
Since release 2.7.1 of the CodeQL CLI, and release 1.30 of LGTM Enterprise, a trailing comma is allowed in a set literal.
Since release 2.7.1 of the CodeQL CLI, a trailing comma is allowed in a set literal.
Disambiguation of expressions
-----------------------------

2
docs/codeql/ql-training/template.rst
View File

@@ -41,7 +41,7 @@ For this example you should download:
.. note::
Some notes about the project, perhaps a link to the project page on LGTM.
Some notes about the project.
.. Agenda slide. Explaining what is to be covered in the presentation

0
docs/codeql/support/reusables/frameworks.rst → docs/codeql/reusables/supported-frameworks.rst
View File

0
docs/codeql/support/reusables/platforms.rst → docs/codeql/reusables/supported-platforms.rst
View File

2
docs/codeql/support/reusables/versions-compilers.rst → docs/codeql/reusables/supported-versions-compilers.rst
View File

@@ -37,4 +37,4 @@
.. [7] JSX and Flow code, YAML, JSON, HTML, and XML files may also be analyzed with JavaScript files.
.. [8] The extractor requires Python 3 to run. To analyze Python 2.7 you should install both versions of Python.
.. [9] Requires glibc 2.17.
.. [10] TypeScript analysis is performed by running the JavaScript extractor with TypeScript enabled. This is the default for LGTM.
.. [10] TypeScript analysis is performed by running the JavaScript extractor with TypeScript enabled. This is the default.

101
docs/codeql/support/conf.py
View File

@@ -1,101 +0,0 @@
# -*- coding: utf-8 -*-
#
# CodeQL analysis support for LGTM Enterprise docs build configuration file.
#
# This file is execfile()d with the current directory set to its
# containing dir.
#
# Note that not all possible configuration values are present in this
# autogenerated file.
#
# All configuration values have a default; values that are commented out
# serve to show the default.
# For details of all possible config values,
# see https://www.sphinx-doc.org/en/master/usage/configuration.html
##############################################################################
#
# Modified 22032021.
# The configuration values below are specific to the supported languages and frameworks project
# To amend html_theme_options, update version/release number, or add more sphinx extensions,
# refer to code/documentation/ql-documentation/global-sphinx-files/global-conf.py
##############################################################################
# -- Project-specific configuration -----------------------------------
# Set QL as the default language for highlighting code. Set to none to disable
# syntax highlighting. If omitted or left blank, it defaults to Python 3.
highlight_language = 'none'
# The name of the Pygments (syntax highlighting) style to use.
pygments_style = 'sphinx'
# The master toctree document.
master_doc = 'index'
# Project-specific information.
project = u'Supported languages and frameworks for LGTM Enterprise'
# The version info for this project, if different from version and release in main conf.py file.
# The short X.Y version.
# LGTM Enterprise release
release = u'1.30'
# CodeQL CLI version used by LGTM Enterprise release
version = u'2.7.6'
# -- Project-specifc options for HTML output ----------------------------------------------
# The name for this set of Sphinx documents. If None, it defaults to
# "<project> v<release> documentation".
html_title = 'Supported languages and frameworks'
# Output file base name for HTML help builder.
htmlhelp_basename = 'Supported languages and frameworks'
# Add any paths that contain templates here, relative to this directory.
templates_path = ['../_templates']
# Add any paths that contain custom static files (such as style sheets) here,
# relative to this directory. They are copied after the builtin static files,
# so a file named "default.css" will overwrite the builtin "default.css".
html_static_path = ['../_static']
html_theme_options = {'font_size': '16px',
'body_text': '#333',
'link': '#2F1695',
'link_hover': '#2F1695',
'show_powered_by': False,
'nosidebar':True,
'head_font_family': '-apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji"',
}
html_favicon = '../images/site/favicon.ico'
# -- Currently unused, but potentially useful, configs--------------------------------------
# Add any paths that contain custom themes here, relative to this directory.
#html_theme_path = []
# A shorter title for the navigation bar. Default is the same as html_title.
#html_short_title = None
# The name of an image file (relative to this directory) to place at the top
# of the sidebar.
#html_logo = None
# Custom sidebar templates, maps document names to template names.
#html_sidebars = {}
# Add any extra paths that contain custom files (such as robots.txt or
# .htaccess) here, relative to this directory. These files are copied
# directly to the root of the documentation.
#html_extra_path = []
# List of patterns, relative to source directory, that match files and
# directories to ignore when looking for source files.
exclude_patterns = ['read-me-project.rst', 'reusables/*']

19
docs/codeql/support/framework-support.rst
View File

@@ -1,19 +0,0 @@
Frameworks and libraries
########################
LGTM Enterprise |release| includes CodeQL CLI |version|. The CodeQL libraries and queries used by this version of LGTM Enterprise have been explicitly checked against the libraries and frameworks listed below.
.. pull-quote::
Note
For details of framework and library support in the most recent release of the CodeQL CLI, see `Supported languages and frameworks <https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/>`__ in the CodeQL CLI documentation.
.. pull-quote::
Tip
If you're interested in other libraries or frameworks, you can extend the analysis to cover them.
For example, by extending the data flow libraries to include data sources and sinks for additional libraries or frameworks.
.. include:: reusables/frameworks.rst

19
docs/codeql/support/index.rst
View File

@@ -1,19 +0,0 @@
Supported languages and frameworks
##################################
These pages describe the languages and frameworks supported in the latest enterprise release of CodeQL and LGTM. (CodeQL was previously known as QL.)
Users of `LGTM.com <https://lgtm.com/>`_ may find that additional features are supported because it's updated more frequently.
For details see:
.. toctree::
language-support.rst
framework-support.rst
For details of the CodeQL libraries, see `CodeQL standard libraries <https://codeql.github.com/codeql-standard-libraries/>`_.
.. toctree::
:hidden:
ql-training

16
docs/codeql/support/language-support.rst
View File

@@ -1,16 +0,0 @@
Languages and compilers
#######################
LGTM Enterprise |release| includes CodeQL CLI |version|. LGTM Enterprise supports analysis of the following languages compiled by the following compilers.
.. pull-quote::
Note
For details of language and compiler support in the most recent release of the CodeQL CLI, see `Supported languages and frameworks <https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/>`__ in the CodeQL CLI documentation.
Note that where there are several versions or dialects of a language, the supported variants are listed.
If your code requires a particular version of a compiler, check that this version is included below.
If you have any questions about language and compiler support, you can find help on the `GitHub Security Lab discussions board <https://github.com/github/securitylab/discussions>`__.
.. include:: reusables/versions-compilers.rst

63
docs/codeql/support/ql-training.rst
View File

@@ -1,63 +0,0 @@
CodeQL training and variant analysis examples
=============================================
CodeQL and variant analysis
---------------------------
Variant analysis is the process of using a known vulnerability as a seed to find similar problems in your code. Security engineers typically perform variant analysis to identify possible vulnerabilities and to ensure that these threats are properly fixed across multiple code bases.
CodeQL is the code analysis engine that underpins LGTM, the community driven security analysis platform. Together, CodeQL and LGTM provide continuous monitoring and scalable variant analysis for your projects, even if you dont have your own team of dedicated security engineers. You can read more about using CodeQL and LGTM in variant analysis on the `Security Lab research page <https://securitylab.github.com/research>`__.
CodeQL is easy to learn, and exploring code using CodeQL is the most efficient way to perform variant analysis.
Learning CodeQL for variant analysis
------------------------------------
Start learning how to use CodeQL in variant analysis for a specific language by looking at the topics below. Each topic links to a short presentation on CodeQL, its libraries, or an example variant discovered using CodeQL.
.. |arrow-l| unicode:: U+2190
.. |arrow-r| unicode:: U+2192
.. |info| unicode:: U+24D8
When you have selected a presentation, use |arrow-r| and |arrow-l| to navigate between slides.
Press **p** to view the additional notes on slides that have an information icon |info| in the top right corner, and press **f** to enter full-screen mode.
The presentations contain a number of query examples.
We recommend that you download `CodeQL for Visual Studio Code <https://codeql.github.com/docs/codeql-for-visual-studio-code/>`__ and add the example database for each presentation so that you can find the bugs mentioned in the slides.
.. pull-quote::
Information
The presentations listed below are used in CodeQL and variant analysis training sessions run by GitHub engineers.
Therefore, be aware that the slides are designed to be presented by an instructor.
If you are using the slides without an instructor, please use the additional notes to help guide you through the examples.
CodeQL and variant analysis for C/C++
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `Introduction to variant analysis: CodeQL for C/C++ </QL/ql-training/cpp/intro-ql-cpp.html>`__an introduction to variant analysis and CodeQL for C/C++ programmers.
- `Example: Bad overflow guard </QL/ql-training/cpp/bad-overflow-guard.html>`__an example of iterative query development to find bad overflow guards in a C++ project.
- `Program representation: CodeQL for C/C++ </QL/ql-training/cpp/program-representation-cpp.html>`__information on how CodeQL analysis represents C/C++ programs.
- `Introduction to local data flow </QL/ql-training/cpp/data-flow-cpp.html>`__an introduction to analyzing local data flow in C/C++ using CodeQL, including an example demonstrating how to develop a query to find a real CVE.
- `Exercise: snprintf overflow </QL/ql-training/cpp/snprintf.html>`__an example demonstrating how to develop a data flow query.
- `Introduction to global data flow </QL/ql-training/cpp/global-data-flow-cpp.html>`__an introduction to analyzing global data flow in C/C++ using CodeQL.
- `Analyzing control flow: CodeQL for C/C++ </QL/ql-training/cpp/control-flow-cpp.html>`__an introduction to analyzing control flow in C/C++ using CodeQL.
CodeQL and variant analysis for Java
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `Introduction to variant analysis: CodeQL for Java </QL/ql-training/java/intro-ql-java.html>`__an introduction to variant analysis and CodeQL for Java programmers.
- `Example: Query injection </QL/ql-training/java/query-injection-java.html>`__an example of iterative query development to find unsanitized SPARQL injections in a Java project.
- `Program representation: CodeQL for Java </QL/ql-training/java/program-representation-java.html>`__information on how CodeQL analysis represents Java programs.
- `Introduction to local data flow </QL/ql-training/java/data-flow-java.html>`__an introduction to analyzing local data flow in Java using CodeQL, including an example demonstrating how to develop a query to find a real CVE.
- `Exercise: Apache Struts </QL/ql-training/java/apache-struts-java.html>`__an example demonstrating how to develop a data flow query.
- `Introduction to global data flow </QL/ql-training/java/global-data-flow-java.html>`__an introduction to analyzing global data flow in Java using CodeQL.
Further reading
~~~~~~~~~~~~~~~
- `GitHub Security Lab <https://securitylab.github.com/research>`__

15
docs/codeql/support/read-me-project.rst
View File

@@ -1,15 +0,0 @@
Publishing this project for a new version
#########################################
To update this project for a new version:
1. Check with the language teams that all information in the ``ql/change-notes/support/`` directory is ready.
2. Open the ``global-conf.py`` file in the ``global-sphinx-files`` directory and change the following variables
to the correct value(s) if necessary:
* ``version =``
* ``release = ``
* If it's the first release of the year, ``copyright =``
3. Commit your changes. The output of the ``doc/sphinx`` PR check should be correct for the new version and ready to publish.

8
docs/codeql/writing-codeql-queries/metadata-for-codeql-queries.rst
View File

@@ -9,7 +9,7 @@ About query metadata
--------------------
Any query that is run as part of an analysis includes a number of properties, known as query metadata. Metadata is included at the top of each query file as the content of a QLDoc comment.
This metadata tells LGTM and the CodeQL :ref:`extension for VS Code <codeql-for-visual-studio-code>` how to handle the query and display its results correctly.
This metadata tells the CodeQL :ref:`extension for VS Code <codeql-for-visual-studio-code>` and the `Code scanning feature in GitHub <https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-with-codeql>`__ how to handle the query and display its results correctly.
It also gives other users information about what the query results mean. For more information on query metadata, see the `query metadata style guide <https://github.com/github/codeql/blob/main/docs/query-metadata-style-guide.md>`__ in our `open source repository <https://github.com/github/codeql>`__ on GitHub.
.. pull-quote::
@@ -28,7 +28,7 @@ The following properties are supported by all query files:
+=======================+===========================+=======================================================================================================================================================================================================================================================================================================================================================================+
| ``@description`` | ``<text>`` | A sentence or short paragraph to describe the purpose of the query and *why* the result is useful or important. The description is written in plain text, and uses single quotes (``'``) to enclose code elements. |
+-----------------------+---------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``@id`` | ``<text>`` | A sequence of words composed of lowercase letters or digits, delimited by ``/`` or ``-``, identifying and classifying the query. Each query must have a **unique** ID. To ensure this, it may be helpful to use a fixed structure for each ID. For example, the standard LGTM queries have the following format: ``<language>/<brief-description>``. |
| ``@id`` | ``<text>`` | A sequence of words composed of lowercase letters or digits, delimited by ``/`` or ``-``, identifying and classifying the query. Each query must have a **unique** ID. To ensure this, it may be helpful to use a fixed structure for each ID. For example, the standard CodeQL queries have the following format: ``<language>/<brief-description>``. |
+-----------------------+---------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``@kind`` | | ``problem`` | Identifies the query is an alert (``@kind problem``) or a path (``@kind path-problem``). For more information on these query types, see ":doc:`About CodeQL queries <about-codeql-queries>`." |
| | | ``path-problem`` | |
@@ -40,12 +40,12 @@ The following properties are supported by all query files:
| | | ``readability`` | |
| | | ``security`` | |
+-----------------------+---------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``@precision`` | | ``low`` | Indicates the percentage of query results that are true positives (as opposed to false positive results). This, along with the ``@problem.severity`` property, determines whether the results are displayed by default on LGTM. |
| ``@precision`` | | ``low`` | Indicates the percentage of query results that are true positives (as opposed to false positive results). This, along with the ``@problem.severity`` property, determines how the results are displayed on GitHub. |
| | | ``medium`` | |
| | | ``high`` | |
| | | ``very-high`` | |
+-----------------------+---------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``@problem.severity`` | | ``error`` | Defines the level of severity of any alerts generated by a non-security query. This, along with the ``@precision`` property, determines whether the results are displayed by default on LGTM. |
| ``@problem.severity`` | | ``error`` | Defines the level of severity of any alerts generated by a non-security query. This, along with the ``@precision`` property, determines how the results are displayed on GitHub. |
| | | ``warning`` | |
| | | ``recommendation`` | |
+-----------------------+---------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

8
docs/codeql/writing-codeql-queries/providing-locations-in-codeql-queries.rst
View File

@@ -11,7 +11,7 @@ CodeQL includes mechanisms for extracting the location of elements in a codebase
About locations
---------------
When displaying information to the user, LGTM needs to be able to extract location information from the results of a query. In order to do this, all QL classes which can provide location information should do this by using one of the following mechanisms:
When displaying information to the user, applications need to be able to extract location information from the results of a query. In order to do this, all QL classes which can provide location information should do this by using one of the following mechanisms:
- `Providing URLs <#providing-urls>`__
- `Providing location information <#providing-location-information>`__
@@ -49,7 +49,7 @@ A custom URL can be provided by defining a QL predicate returning ``string`` wit
File URLs
^^^^^^^^^
LGTM supports the display of URLs which define a line and column in a source file.
The CodeQL extension for Visual Studio Code and the code scanning views in GitHub support the display of URLs which define a line and column in a source file.
The schema is ``file://``, which is followed by the absolute path to a file, followed by four numbers separated by colons. The numbers denote start line, start column, end line and end column. Both line and column numbers are **1-based**, for example:
@@ -57,12 +57,12 @@ The schema is ``file://``, which is followed by the absolute path to a file, fol
- ``file:///opt/src/my/file.java:1:1:2:1`` denotes the location that starts at the beginning of the file and extends to the first character of the second line (the range is inclusive).
- ``file:///opt/src/my/file.java:1:0:1:0`` is taken, by convention, to denote the entire first line of the file.
By convention, the location of an entire file may also be denoted by a ``file://`` URL without trailing numbers. Optionally, the location within a file can be denoted using three numbers to define the start line number, character offset and character length of the location respectively. Results of these types are not displayed in LGTM.
By convention, the location of an entire file may also be denoted by a ``file://`` URL without trailing numbers. Optionally, the location within a file can be denoted using three numbers to define the start line number, character offset and character length of the location respectively. Results of these types are not displayed as code scanning alerts.
Other types of URL
^^^^^^^^^^^^^^^^^^
The following, less-common types of URL are valid but are not supported by LGTM and will be omitted from any results:
The following, less-common types of URL are valid but are not interpreted as code scanning alerts and will be omitted from any results:
- **HTTP URLs** are supported in some client applications. For an example, see the code snippet above.
- **Folder URLs** can be useful, for example to provide folder-level metrics. They may use a file URL, for example ``file:///opt/src:0:0:0:0``, but they may also start with a scheme of ``folder://``, and no trailing numbers, for example ``folder:///opt/src``.

2
go/ql/src/Security/CWE-601/BadRedirectCheck.qhelp
View File

@@ -7,7 +7,7 @@ Redirect URLs should be checked to ensure that user input cannot cause a site to
to arbitrary domains. This is often done with a check that the redirect URL begins with a slash,
which most of the time is an absolute redirect on the same host. However, browsers interpret URLs
beginning with <code>//</code> or <code>/\</code> as absolute URLs. For example, a redirect to
<code>//lgtm.com</code> will redirect to <code>https://lgtm.com</code>. Thus, redirect checks must
<code>//example.com</code> will redirect to <code>https://example.com</code>. Thus, redirect checks must
also check the second character of redirect URLs.
</p>
</overview>

7
python/ql/src/Imports/SyntaxError.qhelp
View File

@@ -26,9 +26,10 @@ However, it is worth investigating why a module containing a syntax error
was able to persist and address that problem as well.
</p>
<p>If you suspect that the syntax error is caused by the analysis using the
wrong version of Python, consider specifying the version explicitly. For
LGTM.com, you can customize extraction using an <code>lgtm.yml</code> file as
described <a href="https://lgtm.com/help/lgtm/python-extraction">here</a>.
wrong version of Python, consider specifying the version explicitly. When
you run code scanning using the CodeQL action, you can configure the Python
version to use. For more information, see
<a href="https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#analyzing-python-dependencies">Analyzing Python dependencies</a>.
</p>
</recommendation>
<references>

4
ruby/ql/lib/codeql/Locations.qll
View File

@@ -6,7 +6,7 @@ import files.FileSystem
* A location as given by a file, a start line, a start column,
* an end line, and an end column.
*
* For more information about locations see [LGTM locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
* For more information about locations see [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
*/
class Location extends @location {
/** Gets the file for this location. */
@@ -40,7 +40,7 @@ class Location extends @location {
* The location spans column `startcolumn` of line `startline` to
* column `endcolumn` of line `endline` in file `filepath`.
* For more information, see
* [LGTM locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
* [Providing locations in CodeQL queries](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
*/
predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn

2
ruby/ql/lib/codeql/ruby/printAst.qll
View File

@@ -70,7 +70,7 @@ class PrintAstNode extends TPrintNode {
* Holds if this node is at the specified location. The location spans column
* `startcolumn` of line `startline` to column `endcolumn` of line `endline`
* in file `filepath`. For more information, see
* [LGTM locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
* [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
*/
predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn