From b32fb1d9611f83e87ec32ea4deb59f184fa3e528 Mon Sep 17 00:00:00 2001 From: Felicity Chapman Date: Wed, 15 May 2024 12:43:40 +0100 Subject: [PATCH] Fix another couple of links --- .../analyzing-data-flow-in-cpp-new.rst | 2 +- .../codeql-language-guides/analyzing-data-flow-in-cpp.rst | 2 +- .../analyzing-data-flow-in-csharp.rst | 2 +- .../analyzing-data-flow-in-java.rst | 2 +- .../analyzing-data-flow-in-javascript-and-typescript.rst | 2 +- .../analyzing-data-flow-in-python.rst | 2 +- .../analyzing-data-flow-in-ruby.rst | 2 +- .../analyzing-data-flow-in-swift.rst | 2 +- .../customizing-library-models-for-java-and-kotlin.rst | 2 +- .../data-flow-cheat-sheet-for-javascript.rst | 2 +- .../using-flow-labels-for-precise-data-flow-analysis.rst | 2 +- docs/codeql/codeql-overview/codeql-glossary.rst | 2 +- .../writing-codeql-queries/about-data-flow-analysis.rst | 2 +- .../writing-codeql-queries/creating-path-queries.rst | 2 +- .../debugging-data-flow-queries-using-partial-flow.rst | 8 ++++---- docs/codeql/writing-codeql-queries/introduction-to-ql.rst | 8 ++++---- 16 files changed, 22 insertions(+), 22 deletions(-) diff --git a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-cpp-new.rst b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-cpp-new.rst index 0232d64b8de..e6575e7488f 100644 --- a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-cpp-new.rst +++ b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-cpp-new.rst @@ -408,7 +408,7 @@ Exercise 4 Further reading --------------- -- `Exploring data flow with path queries `__ in the GitHub documentation +- `Exploring data flow with path queries `__ in the GitHub documentation. .. include:: ../reusables/cpp-further-reading.rst diff --git a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-cpp.rst b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-cpp.rst index a37b3668d08..2642c84680c 100644 --- a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-cpp.rst +++ b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-cpp.rst @@ -380,7 +380,7 @@ Exercise 4 Further reading --------------- -- `Exploring data flow with path queries `__ in the GitHub documentation +- `Exploring data flow with path queries `__ in the GitHub documentation. .. include:: ../reusables/cpp-further-reading.rst diff --git a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-csharp.rst b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-csharp.rst index 5750891774f..f6c018c0f86 100644 --- a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-csharp.rst +++ b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-csharp.rst @@ -541,7 +541,7 @@ This can be adapted from the ``SystemUriFlow`` class: Further reading --------------- -- `Exploring data flow with path queries `__ in the GitHub documentation +- `Exploring data flow with path queries `__ in the GitHub documentation. .. include:: ../reusables/csharp-further-reading.rst diff --git a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-java.rst b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-java.rst index b71dd43ef74..1a352d4e4ec 100644 --- a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-java.rst +++ b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-java.rst @@ -362,7 +362,7 @@ Exercise 4 Further reading --------------- -- `Exploring data flow with path queries `__ in the GitHub documentation +- `Exploring data flow with path queries `__ in the GitHub documentation. .. include:: ../reusables/java-further-reading.rst diff --git a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-javascript-and-typescript.rst b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-javascript-and-typescript.rst index dc5956da644..1dfcd0b713b 100644 --- a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-javascript-and-typescript.rst +++ b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-javascript-and-typescript.rst @@ -557,7 +557,7 @@ Exercise 4 Further reading --------------- -- `Exploring data flow with path queries `__ in the GitHub documentation +- `Exploring data flow with path queries `__ in the GitHub documentation. .. include:: ../reusables/java-further-reading.rst diff --git a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-python.rst b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-python.rst index 3aeff566b9c..8adbfb09a5c 100644 --- a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-python.rst +++ b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-python.rst @@ -359,7 +359,7 @@ This data flow configuration tracks data flow from environment variables to open Further reading --------------- -- `Exploring data flow with path queries `__ in the GitHub documentation +- `Exploring data flow with path queries `__ in the GitHub documentation. .. include:: ../reusables/python-further-reading.rst diff --git a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-ruby.rst b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-ruby.rst index db2fea67c8a..44428000875 100644 --- a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-ruby.rst +++ b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-ruby.rst @@ -376,7 +376,7 @@ The following global data-flow query finds calls to ``File.open`` where the file Further reading --------------- -- `Exploring data flow with path queries `__ in the GitHub documentation +- `Exploring data flow with path queries `__ in the GitHub documentation. .. include:: ../reusables/ruby-further-reading.rst diff --git a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-swift.rst b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-swift.rst index 63e4927352c..b1e7a1593e8 100644 --- a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-swift.rst +++ b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-swift.rst @@ -284,7 +284,7 @@ The following global taint-tracking query finds places where a value from a remo Further reading --------------- -- `Exploring data flow with path queries `__ in the GitHub documentation +- `Exploring data flow with path queries `__ in the GitHub documentation. .. include:: ../reusables/swift-further-reading.rst diff --git a/docs/codeql/codeql-language-guides/customizing-library-models-for-java-and-kotlin.rst b/docs/codeql/codeql-language-guides/customizing-library-models-for-java-and-kotlin.rst index 0b653c1d612..ec396d2932b 100644 --- a/docs/codeql/codeql-language-guides/customizing-library-models-for-java-and-kotlin.rst +++ b/docs/codeql/codeql-language-guides/customizing-library-models-for-java-and-kotlin.rst @@ -16,7 +16,7 @@ This article contains reference material about how to define custom models for s The best way to create your own models is using the CodeQL model editor in the CodeQL extension for Visual Studio Code. The model editor automatically guides you through the process of defining models, displaying the properties you need to define and the options available. You can save the resulting models as data extension files in CodeQL model packs and use them without worrying about the syntax. -For more information, see `Using the CodeQL model editor `__ in the GitHub documentation +For more information, see `Using the CodeQL model editor `__ in the GitHub documentation. About data extensions diff --git a/docs/codeql/codeql-language-guides/data-flow-cheat-sheet-for-javascript.rst b/docs/codeql/codeql-language-guides/data-flow-cheat-sheet-for-javascript.rst index f006e51efe4..60d66ba1644 100644 --- a/docs/codeql/codeql-language-guides/data-flow-cheat-sheet-for-javascript.rst +++ b/docs/codeql/codeql-language-guides/data-flow-cheat-sheet-for-javascript.rst @@ -254,7 +254,7 @@ Troubleshooting Further reading --------------- -- `Exploring data flow with path queries `__ in the GitHub documentation +- `Exploring data flow with path queries `__ in the GitHub documentation. .. include:: ../reusables/javascript-further-reading.rst diff --git a/docs/codeql/codeql-language-guides/using-flow-labels-for-precise-data-flow-analysis.rst b/docs/codeql/codeql-language-guides/using-flow-labels-for-precise-data-flow-analysis.rst index 4ee1ab6719c..8e5d3c4285b 100644 --- a/docs/codeql/codeql-language-guides/using-flow-labels-for-precise-data-flow-analysis.rst +++ b/docs/codeql/codeql-language-guides/using-flow-labels-for-precise-data-flow-analysis.rst @@ -405,7 +405,7 @@ string may be an absolute path and whether it may contain ``..`` components. Further reading --------------- -- `Exploring data flow with path queries `__ in the GitHub documentation +- `Exploring data flow with path queries `__ in the GitHub documentation. .. include:: ../reusables/javascript-further-reading.rst diff --git a/docs/codeql/codeql-overview/codeql-glossary.rst b/docs/codeql/codeql-overview/codeql-glossary.rst index f86b5346e2c..daf0d9c2532 100644 --- a/docs/codeql/codeql-overview/codeql-glossary.rst +++ b/docs/codeql/codeql-overview/codeql-glossary.rst @@ -61,7 +61,7 @@ The DIL format may change without warning between CLI releases. When you specify the ``--dump-dil`` option for ``codeql query compile``, CodeQL prints DIL to standard output for the queries it compiles. You can also view results in DIL format when you run queries in VS Code. -For more information, see ":ref:`Analyzing your projects `" in the CodeQL for VS Code help. +For more information, see `Running CodeQL queries `__ in the GitHub documentation. .. _extractor: diff --git a/docs/codeql/writing-codeql-queries/about-data-flow-analysis.rst b/docs/codeql/writing-codeql-queries/about-data-flow-analysis.rst index 98f5cf215e9..61290e095b2 100644 --- a/docs/codeql/writing-codeql-queries/about-data-flow-analysis.rst +++ b/docs/codeql/writing-codeql-queries/about-data-flow-analysis.rst @@ -85,4 +85,4 @@ These flow steps are modeled in the taint-tracking library using predicates that Further reading *************** -- `Exploring data flow with path queries `__ in the GitHub documentation +- `Exploring data flow with path queries `__ in the GitHub documentation. diff --git a/docs/codeql/writing-codeql-queries/creating-path-queries.rst b/docs/codeql/writing-codeql-queries/creating-path-queries.rst index 3f20a1110be..036083d2912 100644 --- a/docs/codeql/writing-codeql-queries/creating-path-queries.rst +++ b/docs/codeql/writing-codeql-queries/creating-path-queries.rst @@ -180,5 +180,5 @@ The alert message defined in the final column in the ``select`` statement can be Further reading *************** -- `Exploring data flow with path queries `__ in the GitHub documentation +- `Exploring data flow with path queries `__ in the GitHub documentation. - `CodeQL repository `__ diff --git a/docs/codeql/writing-codeql-queries/debugging-data-flow-queries-using-partial-flow.rst b/docs/codeql/writing-codeql-queries/debugging-data-flow-queries-using-partial-flow.rst index 53fe4e46a3e..477562685a5 100644 --- a/docs/codeql/writing-codeql-queries/debugging-data-flow-queries-using-partial-flow.rst +++ b/docs/codeql/writing-codeql-queries/debugging-data-flow-queries-using-partial-flow.rst @@ -34,12 +34,12 @@ The same query can be slightly simplified by rewriting it without :ref:`path exp select sink, "Sink is reached from $@.", source.getNode(), "here" If a data-flow query that you have written doesn't produce the results you expect it to, there may be a problem with your query. -You can try to debug the potential problem by following the steps described below. +You can try to debug the potential problem by following the steps described below. Checking sources and sinks -------------------------- -Initially, you should make sure that the source and sink definitions contain what you expect. If either the source or sink is empty then there can never be any data flow. The easiest way to check this is using quick evaluation in CodeQL for VS Code. Select the text ``node instanceof MySource``, right-click, and choose "CodeQL: Quick Evaluation". This will evaluate the highlighted text, which in this case means the set of sources. For more information, see :ref:`Analyzing your projects ` in the CodeQL for VS Code help. +Initially, you should make sure that the source and sink definitions contain what you expect. If either the source or sink is empty then there can never be any data flow. The easiest way to check this is using quick evaluation in CodeQL for VS Code. Select the text ``node instanceof MySource``, right-click, and choose "CodeQL: Quick Evaluation". This will evaluate the highlighted text, which in this case means the set of sources. For more information, see `Running CodeQL queries `__ in the GitHub documentation. If both source and sink definitions look good then we will need to look for missing flow steps. @@ -106,9 +106,9 @@ To do quick evaluations of partial flow it is often easiest to add a predicate t If you are focusing on a single source then the ``src`` column is superfluous. You may of course also add other columns of interest based on ``n``, but including the enclosing callable and the distance to the source at the very least is generally recommended, as they can be useful columns to sort on to better inspect the results. -If you see a large number of partial flow results, you can focus them in a couple of ways: +If you see a large number of partial flow results, you can focus them in a couple of ways: -- If flow travels a long distance following an expected path, that can result in a lot of uninteresting flow being included in the exploration radius. To reduce the amount of uninteresting flow, you can replace the source definition with a suitable ``node`` that appears along the path and restart the partial flow exploration from that point. +- If flow travels a long distance following an expected path, that can result in a lot of uninteresting flow being included in the exploration radius. To reduce the amount of uninteresting flow, you can replace the source definition with a suitable ``node`` that appears along the path and restart the partial flow exploration from that point. - Creative use of barriers can be used to cut off flow paths that are uninteresting. This also reduces the number of partial flow results to explore while debugging. Further reading diff --git a/docs/codeql/writing-codeql-queries/introduction-to-ql.rst b/docs/codeql/writing-codeql-queries/introduction-to-ql.rst index 203f590f761..01de71d49d4 100644 --- a/docs/codeql/writing-codeql-queries/introduction-to-ql.rst +++ b/docs/codeql/writing-codeql-queries/introduction-to-ql.rst @@ -1,6 +1,6 @@ .. _introduction-to-ql: -Introduction to QL +Introduction to QL ================== Work through some simple exercises and examples to learn about the basics of QL and CodeQL. @@ -109,12 +109,12 @@ Example CodeQL queries ---------------------- The previous examples used the primitive types built in to QL. Although we chose a project to query, we didn't use the information in that project's database. -The following example queries *do* use these databases and give you an idea of how to use CodeQL to analyze projects. +The following example queries *do* use these databases and give you an idea of how to use CodeQL to analyze projects. Queries using the CodeQL libraries can find errors and uncover variants of important security vulnerabilities in codebases. Visit `GitHub Security Lab `__ to read about examples of vulnerabilities that we have recently found in open source projects. -Before you can run the following examples, you will need to install the CodeQL extension for Visual Studio Code. For more information, see :ref:`Setting up CodeQL in Visual Studio Code `. You will also need to import and select a database in the corresponding programming language. For more information about obtaining CodeQL databases, see `Managing CodeQL databases `__ in the CodeQL for VS Code documentation. +Before you can run the following examples, you will need to install the CodeQL extension for Visual Studio Code. For more information, see `Installing CodeQL for Visual Studio Code `__ in the GitHub documentation. You will also need to import and select a database in the corresponding programming language. To import the CodeQL library for a specific programming language, type ``import `` at the start of the query. @@ -166,7 +166,7 @@ Exercise 1 from string s where s = "lgtm" select s.length() - + There is often more than one way to define a query. For example, we can also write the above query in the shorter form: .. code-block:: ql