diff --git a/docs/codeql/README.rst b/docs/codeql/README.rst index c7ea08519da..d27fe2189d2 100644 --- a/docs/codeql/README.rst +++ b/docs/codeql/README.rst @@ -8,7 +8,7 @@ The CodeQL documentation in this repository is written in reStructuredText and c HTML using Sphinx. For more information on writing in reStructuredText, -see http://docutils.sourceforge.net/rst.html. +see https://docutils.sourceforge.io/rst.html. For more information on Sphinx, see https://www.sphinx-doc.org. @@ -99,7 +99,7 @@ generates html slide shows in the ```` directory when run from the ``ql-training`` source directory. For more information about creating slides for QL training and variant analysis -examples, see the `template slide deck `__. +examples, see the `template slide deck `__. Viewing the current version of the CodeQL documentation ******************************************************* diff --git a/docs/codeql/codeql-language-guides/abstract-syntax-tree-classes-for-working-with-java-programs.rst b/docs/codeql/codeql-language-guides/abstract-syntax-tree-classes-for-working-with-java-programs.rst index 1664b8407dc..83bce3652b9 100644 --- a/docs/codeql/codeql-language-guides/abstract-syntax-tree-classes-for-working-with-java-programs.rst +++ b/docs/codeql/codeql-language-guides/abstract-syntax-tree-classes-for-working-with-java-programs.rst @@ -252,8 +252,6 @@ Miscellaneous +=====================================+====================+============================================================================+ | ``(int) f`` | CastExpr_ | | +-------------------------------------+--------------------+----------------------------------------------------------------------------+ -| ``(23 + 42)`` | ParExpr_ | | -+-------------------------------------+--------------------+----------------------------------------------------------------------------+ | ``o instanceof String`` | InstanceOfExpr_ | | +-------------------------------------+--------------------+----------------------------------------------------------------------------+ | `Expr`_ ``?`` `Expr`_ ``:`` `Expr`_ | ConditionalExpr_ | | @@ -378,7 +376,6 @@ Further reading .. _WildcardTypeAccess: https://codeql.github.com/codeql-standard-libraries/java/semmle/code/java/Expr.qll/type.Expr$WildcardTypeAccess.html .. _FieldAccess: https://codeql.github.com/codeql-standard-libraries/java/semmle/code/java/Expr.qll/type.Expr$FieldAccess.html .. _CastExpr: https://codeql.github.com/codeql-standard-libraries/java/semmle/code/java/Expr.qll/type.Expr$CastExpr.html -.. _ParExpr: https://codeql.github.com/codeql-standard-libraries/java/semmle/code/java/Expr.qll/type.Expr$ParExpr.html .. _InstanceOfExpr: https://codeql.github.com/codeql-standard-libraries/java/semmle/code/java/Expr.qll/type.Expr$InstanceOfExpr.html .. _ConditionalExpr: https://codeql.github.com/codeql-standard-libraries/java/semmle/code/java/Expr.qll/type.Expr$ConditionalExpr.html .. _TypeLiteral: https://codeql.github.com/codeql-standard-libraries/java/semmle/code/java/Expr.qll/type.Expr$TypeLiteral.html diff --git a/docs/codeql/conf.py b/docs/codeql/conf.py index 68d0a012610..662a3f44b66 100644 --- a/docs/codeql/conf.py +++ b/docs/codeql/conf.py @@ -55,12 +55,12 @@ def setup(sphinx): sphinx.add_lexer("ql", QLLexer()) # The version of CodeQL for the current release you're documenting, acts as replacement for -# |version| and |release| +# |version| and |release|. Not currently used except in LGTM Enterprise support info. # The short X.Y version. -version = u'3.0' +# version = u'3.0' # The full version, including alpha/beta/rc tags. -release = u'3.0' +# release = u'3.0' # The language for content autogenerated by Sphinx. Refer to documentation # for a list of supported languages. diff --git a/docs/codeql/ql-training/conf.py b/docs/codeql/ql-training/conf.py index c61e16d447b..1c36b806de1 100644 --- a/docs/codeql/ql-training/conf.py +++ b/docs/codeql/ql-training/conf.py @@ -47,7 +47,7 @@ import sys import os def setup(sphinx): - sys.path.insert(0, os.path.abspath(os.path.join(os.path.dirname(os.path.abspath(__file__)), os.path.pardir, 'global-sphinx-files'))) + sys.path.insert(0, os.path.join(os.path.dirname(__file__), os.path.pardir)) from qllexer import QLLexer sphinx.add_lexer("ql", QLLexer()) @@ -86,11 +86,11 @@ htmlhelp_basename = 'CodeQL training' # built documents. # # The short X.Y version. -version = u'1.24' +# version = u'1.24' # The full version, including alpha/beta/rc tags. -release = u'1.24' -copyright = u'2019 Semmle Ltd' -author = u'Semmle Ltd' +# release = u'1.24' +# copyright = u'2019 Semmle Ltd' +# author = u'Semmle Ltd' # The language for content autogenerated by Sphinx. Refer to documentation # for a list of supported languages. diff --git a/docs/codeql/ql-training/cpp/bad-overflow-guard.rst b/docs/codeql/ql-training/cpp/bad-overflow-guard.rst index b0d892a3a48..8912a4259ce 100644 --- a/docs/codeql/ql-training/cpp/bad-overflow-guard.rst +++ b/docs/codeql/ql-training/cpp/bad-overflow-guard.rst @@ -11,12 +11,12 @@ Setup For this example you should download: -- `CodeQL for Visual Studio Code `__ +- `CodeQL for Visual Studio Code `__ - `ChakraCore database `__ .. note:: - For the examples in this presentation, we will be analyzing `ChakraCore `__. + For the examples in this presentation, we will be analyzing `ChakraCore `__. You can query the project in `the query console `__ on LGTM.com. @@ -149,7 +149,7 @@ Let’s look for overflow guards of the form ``v + b < v``, using the classes - a ``RelationalOperation``: the overflow comparison check. - a ``Variable``: used as an argument to both the addition and comparison. - - The ``where`` part of the query ties these three variables together using `predicates `__ defined in the `standard CodeQL for C/C++ library `__. + - The ``where`` part of the query ties these three variables together using `predicates `__ defined in the `standard CodeQL for C/C++ library `__. CodeQL query: bad overflow guards ================================= @@ -229,4 +229,4 @@ The final query .. literalinclude:: ../query-examples/cpp/bad-overflow-guard-3.ql :language: ql -This query finds a single result in our historic database, which was `a genuine bug in ChakraCore `__. +This query finds a single result in our historic database, which was `a genuine bug in ChakraCore `__. diff --git a/docs/codeql/ql-training/cpp/control-flow-cpp.rst b/docs/codeql/ql-training/cpp/control-flow-cpp.rst index fe478bd4edc..f02c5232d42 100644 --- a/docs/codeql/ql-training/cpp/control-flow-cpp.rst +++ b/docs/codeql/ql-training/cpp/control-flow-cpp.rst @@ -13,12 +13,12 @@ Setup For this example you should download: -- `CodeQL for Visual Studio Code `__ +- `CodeQL for Visual Studio Code `__ - `ChakraCore database `__ .. note:: - For the examples in this presentation, we will be analyzing `ChakraCore `__. + For the examples in this presentation, we will be analyzing `ChakraCore `__. You can query the project in `the query console `__ on LGTM.com. @@ -222,7 +222,7 @@ A ``GuardCondition`` is a ``Boolean`` condition that controls one or more basic Further materials ================= -- CodeQL for C/C++: https://help.semmle.com/QL/learn-ql/ql/cpp/ql-for-cpp.html +- CodeQL for C/C++: https://codeql.github.com/docs/codeql-language-guides/codeql-for-cpp/ - API reference: https://codeql.github.com/codeql-standard-libraries/cpp .. rst-class:: end-slide diff --git a/docs/codeql/ql-training/cpp/data-flow-cpp.rst b/docs/codeql/ql-training/cpp/data-flow-cpp.rst index 855ccb40ccb..426c6d4563d 100644 --- a/docs/codeql/ql-training/cpp/data-flow-cpp.rst +++ b/docs/codeql/ql-training/cpp/data-flow-cpp.rst @@ -11,7 +11,7 @@ Setup For this example you should download: -- `CodeQL for Visual Studio Code `__ +- `CodeQL for Visual Studio Code `__ - `dotnet/coreclr database `__ .. note:: @@ -139,7 +139,7 @@ Define a subclass of ``DataFlow::Node`` representing “source” nodes, that is .. note:: - Note the scoping of the `don’t-care variable `__ “_” in this example: the body of the characteristic predicate is equivalent to: + Note the scoping of the `don’t-care variable `__ “_” in this example: the body of the characteristic predicate is equivalent to: .. code-block:: ql diff --git a/docs/codeql/ql-training/cpp/global-data-flow-cpp.rst b/docs/codeql/ql-training/cpp/global-data-flow-cpp.rst index 8fb3f64b534..7be2a07c4af 100644 --- a/docs/codeql/ql-training/cpp/global-data-flow-cpp.rst +++ b/docs/codeql/ql-training/cpp/global-data-flow-cpp.rst @@ -11,7 +11,7 @@ Setup For this example you should download: -- `CodeQL for Visual Studio Code `__ +- `CodeQL for Visual Studio Code `__ - `dotnet/coreclr database `__ .. note:: diff --git a/docs/codeql/ql-training/cpp/intro-ql-cpp.rst b/docs/codeql/ql-training/cpp/intro-ql-cpp.rst index 4753aa4a493..3298e4d3706 100644 --- a/docs/codeql/ql-training/cpp/intro-ql-cpp.rst +++ b/docs/codeql/ql-training/cpp/intro-ql-cpp.rst @@ -11,7 +11,7 @@ Setup For this example you should download: -- `CodeQL for Visual Studio Code `__ +- `CodeQL for Visual Studio Code `__ - `exiv2 database `__ .. note:: @@ -68,7 +68,7 @@ A simple CodeQL query We are going to write a simple query which finds “if statements” with empty “then” blocks, so we can highlight the results like those on the previous slide. The query can be run in the `query console on LGTM `__, or in your `IDE `__. - A `query `__ consists of a “select” clause that indicates what results should be returned. Typically it will also provide a “from” clause to declare some variables, and a “where” clause to state conditions over those variables. For more information on the structure of query files (including links to useful topics in the `QL language reference `__), see `About CodeQL queries `__. + A `query `__ consists of a “select” clause that indicates what results should be returned. Typically it will also provide a “from” clause to declare some variables, and a “where” clause to state conditions over those variables. For more information on the structure of query files (including links to useful topics in the `QL language reference `__), see `About CodeQL queries `__. In our example here, the first line of the query imports the `CodeQL library for C/C++ `__, which defines concepts like ``IfStmt`` and ``Block``. The query proper starts by declaring two variables–ifStmt and block. These variables represent sets of values in the database, according to the type of each of the variables. For example, ifStmt has the type IfStmt, which means it represents the set of all if statements in the program. @@ -108,9 +108,9 @@ Each query library also implicitly defines a module. Queries are always contained in query files with the file extension ``.ql``. - Parts of queries can be lifted into `library files `__ with the extension ``.qll``. Definitions within such libraries can be brought into scope using ``import`` statements, and similarly QLL files can import each other’s definitions using “import” statements. + Parts of queries can be lifted into `library files `__ with the extension ``.qll``. Definitions within such libraries can be brought into scope using ``import`` statements, and similarly QLL files can import each other’s definitions using “import” statements. - Logic can be encapsulated as user-defined `predicates `__ and `classes `__, and organized into `modules `__. Each QLL file implicitly defines a module, but QL and QLL files can also contain explicit module definitions, as we will see later. + Logic can be encapsulated as user-defined `predicates `__ and `classes `__, and organized into `modules `__. Each QLL file implicitly defines a module, but QL and QLL files can also contain explicit module definitions, as we will see later. Predicates ========== @@ -131,7 +131,7 @@ A predicate allows you to pull out and name parts of a query. .. note:: - A `predicate `__ takes zero or more parameters, and its body is a condition on those parameters. The predicate may (or may not) hold. Predicates may also be `recursive `__, simply by referring to themselves (directly or indirectly). + A `predicate `__ takes zero or more parameters, and its body is a condition on those parameters. The predicate may (or may not) hold. Predicates may also be `recursive `__, simply by referring to themselves (directly or indirectly). You can imagine a predicate to be a self-contained from-where-select statement, that produces an intermediate relation, or table. In this case, the ``isEmpty`` predicate will be the set of all blocks which are empty. @@ -154,7 +154,7 @@ Member predicates are inherited and can be overridden. .. note:: - `Classes `__ model sets of values from the database. A class has one or more supertypes, and inherits `member predicates `__ (methods) from each of them. Each value in a class must be in every supertype, but additional conditions can be stated in a so-called **characteristic predicate**, which looks a bit like a zero-argument constructor. + `Classes `__ model sets of values from the database. A class has one or more supertypes, and inherits `member predicates `__ (methods) from each of them. Each value in a class must be in every supertype, but additional conditions can be stated in a so-called **characteristic predicate**, which looks a bit like a zero-argument constructor. In the example, declaring a variable “EmptyBlock e” will allow it to range over only those blocks that have zero statements. diff --git a/docs/codeql/ql-training/cpp/snprintf.rst b/docs/codeql/ql-training/cpp/snprintf.rst index 1591531460e..657f5f29675 100644 --- a/docs/codeql/ql-training/cpp/snprintf.rst +++ b/docs/codeql/ql-training/cpp/snprintf.rst @@ -11,7 +11,7 @@ Setup For this example you should download: -- `CodeQL for Visual Studio Code `__ +- `CodeQL for Visual Studio Code `__ - `rsyslog database `__ .. note:: diff --git a/docs/codeql/ql-training/java/apache-struts-java.rst b/docs/codeql/ql-training/java/apache-struts-java.rst index 670e9066dc8..e85276e14f0 100644 --- a/docs/codeql/ql-training/java/apache-struts-java.rst +++ b/docs/codeql/ql-training/java/apache-struts-java.rst @@ -15,7 +15,7 @@ Setup For this example you should download: -- `CodeQL for Visual Studio Code `__ +- `CodeQL for Visual Studio Code `__ - `Apache Struts database `__ .. note:: @@ -134,4 +134,4 @@ Model answer, step 4 and sink.getNode() instanceof UnsafeDeserializationSink select sink.getNode().(UnsafeDeserializationSink).getMethodAccess(), source, sink, "Unsafe deserialization of $@.", source, "user input" -More full-featured version: https://github.com/github/security-lab/tree/main/CodeQL_Queries/java/Apache_Struts_CVE-2017-9805 \ No newline at end of file +More full-featured version: https://github.com/github/securitylab/tree/main/CodeQL_Queries/java/Apache_Struts_CVE-2017-9805 diff --git a/docs/codeql/ql-training/java/data-flow-java.rst b/docs/codeql/ql-training/java/data-flow-java.rst index 85ff8688758..98cb02db1db 100644 --- a/docs/codeql/ql-training/java/data-flow-java.rst +++ b/docs/codeql/ql-training/java/data-flow-java.rst @@ -11,7 +11,7 @@ Setup For this example you should download: -- `CodeQL for Visual Studio Code `__ +- `CodeQL for Visual Studio Code `__ - `VIVO Vitro database `__ .. note:: diff --git a/docs/codeql/ql-training/java/global-data-flow-java.rst b/docs/codeql/ql-training/java/global-data-flow-java.rst index 3e5029a754f..2c1827a937c 100644 --- a/docs/codeql/ql-training/java/global-data-flow-java.rst +++ b/docs/codeql/ql-training/java/global-data-flow-java.rst @@ -11,7 +11,7 @@ Setup For this example you should download: -- `CodeQL for Visual Studio Code `__ +- `CodeQL for Visual Studio Code `__ - `Apache Struts database `__ .. note:: @@ -54,7 +54,7 @@ Code injection in Apache struts .. note:: More details on the CVE can be found here: https://securitylab.github.com/research/apache-struts-CVE-2018-11776 and - https://github.com/github/security-lab/tree/main/CodeQL_Queries/java/Apache_Struts_CVE-2018-11776 + https://github.com/github/securitylab/tree/main/CodeQL_Queries/java/Apache_Struts_CVE-2018-11776 More details on OGNL can be found here: https://commons.apache.org/proper/commons-ognl/ diff --git a/docs/codeql/ql-training/java/intro-ql-java.rst b/docs/codeql/ql-training/java/intro-ql-java.rst index fb415d078bc..72de876ddae 100644 --- a/docs/codeql/ql-training/java/intro-ql-java.rst +++ b/docs/codeql/ql-training/java/intro-ql-java.rst @@ -11,7 +11,7 @@ Setup For this example you should download: -- `CodeQL for Visual Studio Code `__ +- `CodeQL for Visual Studio Code `__ - `Apache Struts database `__ .. note:: @@ -68,7 +68,7 @@ A simple CodeQL query We are going to write a simple query which finds “if statements” with empty “then” blocks, so we can highlight the results like those on the previous slide. The query can be run in the `query console on LGTM `__, or in your `IDE `__. - A `query `__ consists of a “select” clause that indicates what results should be returned. Typically it will also provide a “from” clause to declare some variables, and a “where” clause to state conditions over those variables. For more information on the structure of query files (including links to useful topics in the `QL language reference `__), see `About CodeQL queries `__. + A `query `__ consists of a “select” clause that indicates what results should be returned. Typically it will also provide a “from” clause to declare some variables, and a “where” clause to state conditions over those variables. For more information on the structure of query files (including links to useful topics in the `QL language reference `__), see `About CodeQL queries `__. In our example here, the first line of the query imports the `CodeQL library for Java `__, which defines concepts like ``IfStmt`` and ``Block``. The query proper starts by declaring two variables–ifStmt and block. These variables represent sets of values in the database, according to the type of each of the variables. For example, ``ifStmt`` has the type ``IfStmt``, which means it represents the set of all if statements in the program. @@ -107,9 +107,9 @@ Each query library also implicitly defines a module. Queries are always contained in query files with the file extension ``.ql``. - Parts of queries can be lifted into `library files `__ with the extension ``.qll``. Definitions within such libraries can be brought into scope using “import” statements, and similarly QLL files can import each other’s definitions using “import” statements. + Parts of queries can be lifted into `library files `__ with the extension ``.qll``. Definitions within such libraries can be brought into scope using “import” statements, and similarly QLL files can import each other’s definitions using “import” statements. - Logic can be encapsulated as user-defined `predicates `__ and `classes `__, and organized into `modules `__. Each QLL file implicitly defines a module, but QL and QLL files can also contain explicit module definitions, as we will see later. + Logic can be encapsulated as user-defined `predicates `__ and `classes `__, and organized into `modules `__. Each QLL file implicitly defines a module, but QL and QLL files can also contain explicit module definitions, as we will see later. Predicates ========== @@ -130,7 +130,7 @@ A predicate allows you to pull out and name parts of a query. .. note:: - A `predicate `__ takes zero or more parameters, and its body is a condition on those parameters. The predicate may (or may not) hold. Predicates may also be `recursive `__, simply by referring to themselves (directly or indirectly). + A `predicate `__ takes zero or more parameters, and its body is a condition on those parameters. The predicate may (or may not) hold. Predicates may also be `recursive `__, simply by referring to themselves (directly or indirectly). You can imagine a predicate to be a self-contained from-where-select statement, that produces an intermediate relation, or table. In this case, the ``isEmpty`` predicate will be the set of all blocks which are empty. @@ -154,7 +154,7 @@ Member predicates are inherited and can be overridden. .. note:: - `Classes `__ model sets of values from the database. A class has one or more supertypes, and inherits `member predicates `__ (methods) from each of them. Each value in a class must be in every supertype, but additional conditions can be stated in a so-called **characteristic predicate**, which looks a bit like a zero-argument constructor. + `Classes `__ model sets of values from the database. A class has one or more supertypes, and inherits `member predicates `__ (methods) from each of them. Each value in a class must be in every supertype, but additional conditions can be stated in a so-called **characteristic predicate**, which looks a bit like a zero-argument constructor. In the example, declaring a variable “EmptyBlock e” will allow it to range over only those blocks that have zero statements. diff --git a/docs/codeql/ql-training/java/query-injection-java.rst b/docs/codeql/ql-training/java/query-injection-java.rst index 92e0930d9bf..7bad1e3cbee 100644 --- a/docs/codeql/ql-training/java/query-injection-java.rst +++ b/docs/codeql/ql-training/java/query-injection-java.rst @@ -11,7 +11,7 @@ Setup For this example you should download: -- `CodeQL for Visual Studio Code `__ +- `CodeQL for Visual Studio Code `__ - `VIVO Vitro database `__ .. note:: @@ -84,7 +84,7 @@ Let’s start by looking for calls to methods with names of the form ``sparql*Qu - a ``MethodAccess``: the call to a SPARQL query method - a ``Method``: the SPARQL query method. - - The ``where`` part of the query ties these variables together using `predicates `__ defined in the `standard CodeQL library for Java `__. + - The ``where`` part of the query ties these variables together using `predicates `__ defined in the `standard CodeQL library for Java `__. CodeQL query: find string concatenation ======================================= diff --git a/docs/codeql/ql-training/slide-snippets/abstract-syntax-tree.rst b/docs/codeql/ql-training/slide-snippets/abstract-syntax-tree.rst index 09b8cf86a01..3e990d94b01 100644 --- a/docs/codeql/ql-training/slide-snippets/abstract-syntax-tree.rst +++ b/docs/codeql/ql-training/slide-snippets/abstract-syntax-tree.rst @@ -39,9 +39,9 @@ The basic representation of an analyzed program is an *abstract syntax tree (AST The following topics contain overviews of the important AST classes and CodeQL libraries for C/C++, C#, and Java: - - `CodeQL library for C/C++ `__ - - `CodeQL library for C# `__ - - `CodeQL library for Java `__ + - `CodeQL library for C/C++ `__ + - `CodeQL library for C# `__ + - `CodeQL library for Java `__ Database representations of ASTs @@ -65,6 +65,6 @@ Entity types are rarely used directly, the usual pattern is to define a class th For example, the database schemas for C/++, C#, and Java CodeQL databases are here: - - https://github.com/github/codeql/blob/main/cpp/ql/src/semmlecode.cpp.dbscheme - - https://github.com/github/codeql/blob/main/csharp/ql/src/semmlecode.csharp.dbscheme - - https://github.com/github/codeql/blob/main/java/ql/src/config/semmlecode.dbscheme \ No newline at end of file + - https://github.com/github/codeql/blob/main/cpp/ql/lib/semmlecode.cpp.dbscheme + - https://github.com/github/codeql/blob/main/csharp/ql/lib/semmlecode.csharp.dbscheme + - https://github.com/github/codeql/blob/main/java/ql/lib/config/semmlecode.dbscheme \ No newline at end of file diff --git a/docs/codeql/ql-training/slide-snippets/database-note.rst b/docs/codeql/ql-training/slide-snippets/database-note.rst index b35a1f1b9f4..909f56e3585 100644 --- a/docs/codeql/ql-training/slide-snippets/database-note.rst +++ b/docs/codeql/ql-training/slide-snippets/database-note.rst @@ -4,6 +4,6 @@ You can download the database as a zip file by clicking the link on the slide ab #. Add the unzipped database to Visual Studio Code #. Upgrade the database if necessary -For further information, see `Analyzing your projects `__ in the CodeQL for Visual Studio Code help. +For further information, see `Analyzing your projects `__ in the CodeQL for Visual Studio Code help. Note that results generated in the query console are likely to differ to those generated in CodeQL for Visual Studio Code as LGTM.com analyzes the most recent revisions of each project that has been added–the CodeQL database available to download above is based on an historical version of the codebase. \ No newline at end of file diff --git a/docs/codeql/ql-training/slide-snippets/intro-ql-general.rst b/docs/codeql/ql-training/slide-snippets/intro-ql-general.rst index f07f5907c15..5ffe6b1dae3 100644 --- a/docs/codeql/ql-training/slide-snippets/intro-ql-general.rst +++ b/docs/codeql/ql-training/slide-snippets/intro-ql-general.rst @@ -103,7 +103,7 @@ Analysis overview CodeQL analysis works by extracting a queryable database from your project. For compiled languages, the tools observe an ordinary build of the source code. Each time a compiler is invoked to process a source file, a copy of that file is made, and all relevant information about the source code (syntactic data about the abstract syntax tree, semantic data like name binding and type information, data on the operation of the C preprocessor, etc.) is collected. For interpreted languages, the extractor gathers similar information by running directly on the source code. Multi-language code bases are analyzed one language at a time. - Once the extraction finishes, all this information is collected into a single `CodeQL database `__, which is then ready to query, possibly on a different machine. A copy of the source files, made at the time the database was created, is also included in the CodeQL database so analysis results can be displayed at the correct location in the code. The database schema is (source) language specific. + Once the extraction finishes, all this information is collected into a single `CodeQL database `__, which is then ready to query, possibly on a different machine. A copy of the source files, made at the time the database was created, is also included in the CodeQL database so analysis results can be displayed at the correct location in the code. The database schema is (source) language specific. Queries are written in QL and usually depend on one or more of the `standard CodeQL libraries `__ (and of course you can write your own custom libraries). They are compiled into an efficiently executable format by the QL compiler and then run on a CodeQL database by the QL evaluator, either on a remote worker machine or locally on a developer’s machine. @@ -124,7 +124,7 @@ QL is: .. note:: - QL is the high-level, object-oriented logic language that underpins all CodeQL libraries and analyses. You can learn lots more about QL by visiting the `QL language reference `__. + QL is the high-level, object-oriented logic language that underpins all CodeQL libraries and analyses. You can learn lots more about QL by visiting the `QL language reference `__. The key features of QL are: - All common logic connectives are available, including quantifiers like ``exist``, which can also introduce new variables. diff --git a/docs/codeql/ql-training/slide-snippets/local-data-flow.rst b/docs/codeql/ql-training/slide-snippets/local-data-flow.rst index f0d1dfa546f..b023eb213e4 100644 --- a/docs/codeql/ql-training/slide-snippets/local-data-flow.rst +++ b/docs/codeql/ql-training/slide-snippets/local-data-flow.rst @@ -70,7 +70,7 @@ Local vs global data flow For further information, see: - - `About data flow analysis `__ + - `About data flow analysis `__ .. rst-class:: background2 @@ -111,8 +111,8 @@ So all references will need to be qualified (that is, ``DataFlow::Node``) A **module** is a way of organizing QL code by grouping together related predicates, classes, and (sub-)modules. They can be either explicitly declared or implicit. A query library implicitly declares a module with the same name as the QLL file. - For further information on libraries and modules in QL, see the chapter on `Modules `__ in the QL language reference. - For further information on importing QL libraries and modules, see the chapter on `Name resolution `__ in the QL language reference. + For further information on libraries and modules in QL, see the chapter on `Modules `__ in the QL language reference. + For further information on importing QL libraries and modules, see the chapter on `Name resolution `__ in the QL language reference. Data flow graph =============== @@ -131,7 +131,7 @@ Data flow graph The ``DataFlow::Node`` class is shared between both the local and global data flow graphs–the primary difference is the edges, which in the “global” case can link different functions. - ``localFlowStep`` is the “single step” flow relation–that is, it describes single edges in the local data flow graph. ``localFlow`` represents the `transitive `__ closure of this relation–in other words, it contains every pair of nodes where the second node is reachable from the first in the data flow graph. + ``localFlowStep`` is the “single step” flow relation–that is, it describes single edges in the local data flow graph. ``localFlow`` represents the `transitive `__ closure of this relation–in other words, it contains every pair of nodes where the second node is reachable from the first in the data flow graph. The data flow graph is separate from the `AST `__, to allow for flexibility in how data flow is modeled. There are a small number of data flow node types–expression nodes, parameter nodes, uninitialized variable nodes, and definition by reference nodes. Each node provides mapping functions to and from the relevant AST (for example ``Expr``, ``Parameter`` etc.) or symbol table (for example ``Variable``) classes. diff --git a/docs/codeql/ql-training/template.rst b/docs/codeql/ql-training/template.rst index 4a5b9b32341..0fc0a740a66 100644 --- a/docs/codeql/ql-training/template.rst +++ b/docs/codeql/ql-training/template.rst @@ -36,7 +36,7 @@ Setup For this example you should download: -- `CodeQL for Visual Studio Code `__ +- `CodeQL for Visual Studio Code `__ - A CodeQL database .. note:: @@ -159,7 +159,7 @@ Specify the language to apply syntax highlighting and the lines of the fragment Further details =============== -- For more information on writing in reStructuredText, see http://docutils.sourceforge.net/rst.html. +- For more information on writing in reStructuredText, see https://docutils.sourceforge.io/rst.html. - For more information on Sphinx, see https://www.sphinx-doc.org. diff --git a/docs/codeql/support/conf.py b/docs/codeql/support/conf.py index 3d2f5d6cf81..9e650e30193 100644 --- a/docs/codeql/support/conf.py +++ b/docs/codeql/support/conf.py @@ -41,9 +41,12 @@ project = u'Supported languages and frameworks for LGTM Enterprise' # The version info for this project, if different from version and release in main conf.py file. # The short X.Y version. -version = u'1.27' -# The full version, including alpha/beta/rc tags. -release = u'1.27' + +# LGTM Enterprise release +release = u'1.28' + +# CodeQL CLI version used by LGTM Enterprise release +version = u'2.5.9' # -- Project-specifc options for HTML output ---------------------------------------------- @@ -66,9 +69,9 @@ html_theme_options = {'font_size': '16px', 'body_text': '#333', 'link': '#2F1695', 'link_hover': '#2F1695', - 'font_family': 'Inter,-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Segoe UI Symbol;', 'show_powered_by': False, 'nosidebar':True, + 'head_font_family': '-apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji"', } html_favicon = '../images/site/favicon.ico' diff --git a/docs/codeql/support/framework-support.rst b/docs/codeql/support/framework-support.rst index d04293adfe5..8f9664cf63e 100644 --- a/docs/codeql/support/framework-support.rst +++ b/docs/codeql/support/framework-support.rst @@ -1,7 +1,7 @@ Frameworks and libraries ######################## -The libraries and queries in version |version| have been explicitly checked against the libraries and frameworks listed below. +LGTM Enterprise |release| includes CodeQL CLI |version|. The CodeQL libraries and queries used by this version of LGTM Enterprise have been explicitly checked against the libraries and frameworks listed below. .. pull-quote:: diff --git a/docs/codeql/support/language-support.rst b/docs/codeql/support/language-support.rst index b716b802427..034d5db23f0 100644 --- a/docs/codeql/support/language-support.rst +++ b/docs/codeql/support/language-support.rst @@ -1,8 +1,7 @@ Languages and compilers ####################### -CodeQL and LGTM version |version| support analysis of the following languages compiled by the following compilers. -(CodeQL was previously known as QL.) +LGTM Enterprise |release| includes CodeQL CLI |version|. LGTM Enterprise supports analysis of the following languages compiled by the following compilers. Note that where there are several versions or dialects of a language, the supported variants are listed. If your code requires a particular version of a compiler, check that this version is included below. diff --git a/docs/codeql/support/ql-training.rst b/docs/codeql/support/ql-training.rst index bb4dc9a3f2e..6eb8019e5c9 100644 --- a/docs/codeql/support/ql-training.rst +++ b/docs/codeql/support/ql-training.rst @@ -25,7 +25,7 @@ When you have selected a presentation, use |arrow-r| and |arrow-l| to navigate b Press **p** to view the additional notes on slides that have an information icon |info| in the top right corner, and press **f** to enter full-screen mode. The presentations contain a number of query examples. -We recommend that you download `CodeQL for Visual Studio Code `__ and add the example database for each presentation so that you can find the bugs mentioned in the slides. +We recommend that you download `CodeQL for Visual Studio Code `__ and add the example database for each presentation so that you can find the bugs mentioned in the slides. .. pull-quote:: @@ -39,25 +39,25 @@ We recommend that you download `CodeQL for Visual Studio Code `__–an introduction to variant analysis and CodeQL for C/C++ programmers. -- `Example: Bad overflow guard `__–an example of iterative query development to find bad overflow guards in a C++ project. -- `Program representation: CodeQL for C/C++ `__–information on how CodeQL analysis represents C/C++ programs. -- `Introduction to local data flow `__–an introduction to analyzing local data flow in C/C++ using CodeQL, including an example demonstrating how to develop a query to find a real CVE. -- `Exercise: snprintf overflow `__–an example demonstrating how to develop a data flow query. -- `Introduction to global data flow `__–an introduction to analyzing global data flow in C/C++ using CodeQL. -- `Analyzing control flow: CodeQL for C/C++ `__–an introduction to analyzing control flow in C/C++ using CodeQL. +- `Introduction to variant analysis: CodeQL for C/C++ `__–an introduction to variant analysis and CodeQL for C/C++ programmers. +- `Example: Bad overflow guard `__–an example of iterative query development to find bad overflow guards in a C++ project. +- `Program representation: CodeQL for C/C++ `__–information on how CodeQL analysis represents C/C++ programs. +- `Introduction to local data flow `__–an introduction to analyzing local data flow in C/C++ using CodeQL, including an example demonstrating how to develop a query to find a real CVE. +- `Exercise: snprintf overflow `__–an example demonstrating how to develop a data flow query. +- `Introduction to global data flow `__–an introduction to analyzing global data flow in C/C++ using CodeQL. +- `Analyzing control flow: CodeQL for C/C++ `__–an introduction to analyzing control flow in C/C++ using CodeQL. CodeQL and variant analysis for Java ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -- `Introduction to variant analysis: CodeQL for Java `__–an introduction to variant analysis and CodeQL for Java programmers. -- `Example: Query injection `__–an example of iterative query development to find unsanitized SPARQL injections in a Java project. -- `Program representation: CodeQL for Java `__–information on how CodeQL analysis represents Java programs. -- `Introduction to local data flow `__–an introduction to analyzing local data flow in Java using CodeQL, including an example demonstrating how to develop a query to find a real CVE. -- `Exercise: Apache Struts `__–an example demonstrating how to develop a data flow query. -- `Introduction to global data flow `__–an introduction to analyzing global data flow in Java using CodeQL. +- `Introduction to variant analysis: CodeQL for Java `__–an introduction to variant analysis and CodeQL for Java programmers. +- `Example: Query injection `__–an example of iterative query development to find unsanitized SPARQL injections in a Java project. +- `Program representation: CodeQL for Java `__–information on how CodeQL analysis represents Java programs. +- `Introduction to local data flow `__–an introduction to analyzing local data flow in Java using CodeQL, including an example demonstrating how to develop a query to find a real CVE. +- `Exercise: Apache Struts `__–an example demonstrating how to develop a data flow query. +- `Introduction to global data flow `__–an introduction to analyzing global data flow in Java using CodeQL. Further reading ~~~~~~~~~~~~~~~ -- `GitHub Security Lab `__ \ No newline at end of file +- `GitHub Security Lab `__