hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-30 07:36:34 +01:00
Code Issues Packages Projects Releases Wiki Activity

update links to query help and libraries landing pages

Browse Source
This commit is contained in:
james
2020-12-02 17:36:48 +00:00
parent 8c4c6501ee
commit b62d01a74f
2 changed files with 5 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
docs/codeql/writing-codeql-queries/creating-path-queries.rst
View File

@@ -34,13 +34,7 @@ For more language-specific information on analyzing data flow, see:
Path query examples
*******************
The easiest way to get started writing your own path query is to modify one of the existing queries. Visit the links below to see all the built-in path queries:
- `C/C++ path queries <https://help.semmle.com/wiki/label/CCPPOBJ/path-problem>`__
- `C# path queries <https://help.semmle.com/wiki/label/CSHARP/path-problem>`__
- `Java path queries <https://help.semmle.com/wiki/label/java/path-problem>`__
- `JavaScript path queries <https://help.semmle.com/wiki/label/js/path-problem>`__
- `Python path queries <https://help.semmle.com/wiki/label/python/path-problem>`__
The easiest way to get started writing your own path query is to modify one of the existing queries. For more information, see the `CodeQL query help <https://codeql.github.com/codeql-query-help>`__.
The Security Lab researchers have used path queries to find security vulnerabilities in various open source projects. To see articles describing how these queries were written, as well as other posts describing other aspects of security research such as exploiting vulnerabilities, see the `GitHub Security Lab website <https://securitylab.github.com/research>`__.
@@ -120,7 +114,7 @@ For Python, the ``Paths`` module contains the ``edges`` predicate::
import semmle.python.security.Paths
You can also import libraries specifically designed to implement data flow analysis in various common frameworks and environments, and many additional libraries are included with CodeQL. To see examples of the different libraries used in data flow analysis, see the links to the built-in queries above or browse the `standard libraries <https://help.semmle.com/QL/ql-libraries.html>`__.
You can also import libraries specifically designed to implement data flow analysis in various common frameworks and environments, and many additional libraries are included with CodeQL. To see examples of the different libraries used in data flow analysis, see the links to the built-in queries above or browse the `standard libraries <https://codeql.github.com/codeql-standard-libraries>`__.
For all languages, you can also optionally define a ``nodes`` query predicate, which specifies the nodes of the path graph that you are interested in. If ``nodes`` is defined, only edges with endpoints defined by these nodes are selected. If ``nodes`` is not defined, you select all possible endpoints of ``edges``.
@@ -133,7 +127,7 @@ You can also define your own ``edges`` predicate in the body of your query. It s
/** Logical conditions which hold if `(a,b)` is an edge in the data flow graph */
}
For more examples of how to define an ``edges`` predicate, visit the `standard CodeQL libraries <https://help.semmle.com/QL/ql-libraries.html>`__ and search for ``edges``.
For more examples of how to define an ``edges`` predicate, visit the `standard CodeQL libraries <https://codeql.github.com/codeql-standard-libraries>`__ and search for ``edges``.
Declaring sources and sinks
***************************
@@ -159,7 +153,7 @@ If you are querying Python code (and you have used ``import semmle.python.securi
from TaintedPathSource source, TaintedPathSink sink
You can extend your query by adding different sources and sinks by either defining them in the query, or by importing predefined sources and sinks for specific frameworks and libraries. See the `Python path queries <https://help.semmle.com/wiki/label/python/path-problem>`__ for further details.
You can extend your query by adding different sources and sinks by either defining them in the query, or by importing predefined sources and sinks for specific frameworks and libraries. For more information, see the `CodeQL query help for Python <https://codeql.github.com/codeql-query-help/python>`__.
Defining flow conditions
************************

2
docs/codeql/writing-codeql-queries/query-help-files.rst
View File

@@ -13,7 +13,7 @@ For more information about how to write useful query help in a style that is con
Note
You can access the query help for CodeQL queries by visiting the `Built-in query pages <https://help.semmle.com/wiki/display/QL/Built-in+queries>`__.
You can access the query help for CodeQL queries by visiting `CodeQL query help <https://codeql.github.com/codeql-query-help>`__.
You can also access the raw query help files in the `GitHub repository <https://github.com/github/codeql>`__.
For example, see the `JavaScript security queries <https://github.com/github/codeql/tree/main/javascript/ql/src/Security>`__ and `C/C++ critical queries <https://github.com/github/codeql/tree/main/cpp/ql/src/Critical>`__.