hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 16:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'rc/1.22' into 1.22-mergeback-master

Browse Source 
Conflicts resolved in favour of master:
	docs/language/learn-ql/cpp/conversions-classes.rst
	docs/language/learn-ql/cpp/function-classes.rst
	docs/language/learn-ql/cpp/introduce-libraries-cpp.rst
	docs/language/learn-ql/csharp/ql-for-csharp.rst
	docs/language/learn-ql/javascript/introduce-libraries-ts.rst
	docs/language/learn-ql/python/introduce-libraries-python.rst
	docs/language/ql-training/cpp/bad-overflow-guard.rst
	docs/language/ql-training/cpp/control-flow-cpp.rst
	docs/language/ql-training/cpp/global-data-flow-cpp.rst
	docs/language/ql-training/cpp/intro-ql-cpp.rst
	docs/language/ql-training/cpp/program-representation-cpp.rst
	docs/language/ql-training/cpp/snprintf.rst
	docs/language/ql-training/index.rst
	docs/language/ql-training/java/global-data-flow-java.rst
	docs/language/ql-training/java/intro-ql-java.rst
	docs/language/ql-training/java/program-representation-java.rst
	docs/language/ql-training/java/query-injection-java.rst
This commit is contained in:
Felicity Chapman
2019-11-11 10:18:43 +00:00
parent b0fecbce28 aa05908d19
commit b3c3677cbf
27 changed files with 57 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/language/learn-ql/java/call-graph.rst
View File

@@ -78,6 +78,8 @@ Given this API, we can easily write a query that finds methods that are not call
`See this in the query console <https://lgtm.com/query/665280012/>`__. This simple query typically returns a large number of results.
.. pull-quote::
Note
We have to use ``polyCalls`` instead of ``calls`` here: we want to be reasonably sure that ``callee`` is not called, either directly or via overriding.

2
docs/language/learn-ql/java/expressions-statements.rst
View File

@@ -18,6 +18,8 @@ Specifically, consider the following code snippet:
If ``l`` is bigger than 2\ :sup:`31`\ - 1 (the largest positive value of type ``int``), then this loop will never terminate: ``i`` will start at zero, being incremented all the way up to 2\ :sup:`31`\ - 1, which is still smaller than ``l``. When it is incremented once more, an arithmetic overflow occurs, and ``i`` becomes -2\ :sup:`31`\, which also is smaller than ``l``! Eventually, ``i`` will reach zero again, and the cycle repeats.
.. pull-quote::
More about overflow
All primitive numeric types have a maximum value, beyond which they will wrap around to their lowest possible value (called an "overflow"). For ``int``, this maximum value is 2\ :sup:`31`\ - 1. Type ``long`` can accommodate larger values up to a maximum of 2\ :sup:`63`\ - 1. In this example, this means that ``l`` can take on a value that is higher than the maximum for type ``int``; ``i`` will never be able to reach this value, instead overflowing and returning to a low value.

12
docs/language/learn-ql/java/introduce-libraries-java.rst
View File

@@ -14,6 +14,10 @@ The library is implemented as a set of QL modules, that is, files with the exten
The rest of this topic briefly summarizes the most important classes and predicates provided by this library.
.. pull-quote::
Note
The example queries in this topic illustrate the types of results returned by different library classes. The results themselves are not interesting but can be used as the basis for developing a more complex query. The tutorial topics show how you can take a simple query and fine-tune it to find precisely the results you're interested in.
Summary of the library classes
@@ -315,7 +319,11 @@ Class ``Javadoc`` represents an entire Javadoc comment as a tree of ``JavadocEle
`See this in the query console <https://lgtm.com/query/670490015/>`__. None of the LGTM.com demo projects uses the ``@author`` tag on private fields.
Note that on line 5 we used ``getParent+`` to capture tags that are nested at any depth within the Javadoc comment.
.. pull-quote::
Note
On line 5 we used ``getParent+`` to capture tags that are nested at any depth within the Javadoc comment.
For more information on working with Javadoc, see the :doc:`tutorial on Javadoc <javadoc>`.
@@ -369,7 +377,7 @@ Conversely, ``Callable.getAReference`` returns a ``Call`` that refers to it. So
where not exists(c.getAReference())
select c
`See this in the query console <https://lgtm.com/query/666680036/>`__. The LGTM.com demo projects all appear to have many methods that are not called directly, but this is unlikely to be the whole story. To explore this area further, see `Navigating the call graph <call-graph>`__.
`See this in the query console <https://lgtm.com/query/666680036/>`__. The LGTM.com demo projects all appear to have many methods that are not called directly, but this is unlikely to be the whole story. To explore this area further, see :doc:`Navigating the call graph <call-graph>`.
For more information about callables and calls, see the :doc:`call graph tutorial <call-graph>`.

2
docs/language/learn-ql/java/types-class-hierarchy.rst
View File

@@ -32,6 +32,8 @@ To determine ancestor types (including immediate super types, and also *their* s
`See this in the query console <https://lgtm.com/query/674620010/>`__. If this query were run on the example snippet above, the query would return ``A``, ``I``, and ``java.lang.Object``.
.. pull-quote::
Tip
If you want to see the location of ``B`` as well as ``A``, you can replace ``B.getASupertype+()`` with ``B.getASupertype*()`` and re-run the query.