From 32b3e416b36f8be92414a4534f2d157f1e2152e5 Mon Sep 17 00:00:00 2001 From: Felicity Chapman Date: Fri, 10 Sep 2021 06:54:36 +0100 Subject: [PATCH 01/12] Update version numbers for LGTM E 1.28 --- docs/codeql/conf.py | 6 +++--- docs/codeql/support/conf.py | 9 ++++++--- docs/codeql/support/framework-support.rst | 2 +- docs/codeql/support/language-support.rst | 3 +-- 4 files changed, 11 insertions(+), 9 deletions(-) diff --git a/docs/codeql/conf.py b/docs/codeql/conf.py index 68d0a012610..662a3f44b66 100644 --- a/docs/codeql/conf.py +++ b/docs/codeql/conf.py @@ -55,12 +55,12 @@ def setup(sphinx): sphinx.add_lexer("ql", QLLexer()) # The version of CodeQL for the current release you're documenting, acts as replacement for -# |version| and |release| +# |version| and |release|. Not currently used except in LGTM Enterprise support info. # The short X.Y version. -version = u'3.0' +# version = u'3.0' # The full version, including alpha/beta/rc tags. -release = u'3.0' +# release = u'3.0' # The language for content autogenerated by Sphinx. Refer to documentation # for a list of supported languages. diff --git a/docs/codeql/support/conf.py b/docs/codeql/support/conf.py index 3d2f5d6cf81..040ef112d30 100644 --- a/docs/codeql/support/conf.py +++ b/docs/codeql/support/conf.py @@ -41,9 +41,12 @@ project = u'Supported languages and frameworks for LGTM Enterprise' # The version info for this project, if different from version and release in main conf.py file. # The short X.Y version. -version = u'1.27' -# The full version, including alpha/beta/rc tags. -release = u'1.27' + +# LGTM Enterprise release +release = u'1.28' + +# CodeQL CLI version used by LGTM Enterprise release +version = u'2.5.9' # -- Project-specifc options for HTML output ---------------------------------------------- diff --git a/docs/codeql/support/framework-support.rst b/docs/codeql/support/framework-support.rst index d04293adfe5..8f9664cf63e 100644 --- a/docs/codeql/support/framework-support.rst +++ b/docs/codeql/support/framework-support.rst @@ -1,7 +1,7 @@ Frameworks and libraries ######################## -The libraries and queries in version |version| have been explicitly checked against the libraries and frameworks listed below. +LGTM Enterprise |release| includes CodeQL CLI |version|. The CodeQL libraries and queries used by this version of LGTM Enterprise have been explicitly checked against the libraries and frameworks listed below. .. pull-quote:: diff --git a/docs/codeql/support/language-support.rst b/docs/codeql/support/language-support.rst index b716b802427..034d5db23f0 100644 --- a/docs/codeql/support/language-support.rst +++ b/docs/codeql/support/language-support.rst @@ -1,8 +1,7 @@ Languages and compilers ####################### -CodeQL and LGTM version |version| support analysis of the following languages compiled by the following compilers. -(CodeQL was previously known as QL.) +LGTM Enterprise |release| includes CodeQL CLI |version|. LGTM Enterprise supports analysis of the following languages compiled by the following compilers. Note that where there are several versions or dialects of a language, the supported variants are listed. If your code requires a particular version of a compiler, check that this version is included below. From 3b3350e64830e7f77240a820398e36c8766dc25d Mon Sep 17 00:00:00 2001 From: Felicity Chapman Date: Fri, 10 Sep 2021 08:04:07 +0100 Subject: [PATCH 02/12] Correct the Qllexer path for slides --- docs/codeql/ql-training/conf.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/codeql/ql-training/conf.py b/docs/codeql/ql-training/conf.py index c61e16d447b..0443e854c99 100644 --- a/docs/codeql/ql-training/conf.py +++ b/docs/codeql/ql-training/conf.py @@ -47,7 +47,7 @@ import sys import os def setup(sphinx): - sys.path.insert(0, os.path.abspath(os.path.join(os.path.dirname(os.path.abspath(__file__)), os.path.pardir, 'global-sphinx-files'))) + sys.path.insert(0, os.path.abspath('docs/codeql')) from qllexer import QLLexer sphinx.add_lexer("ql", QLLexer()) @@ -86,11 +86,11 @@ htmlhelp_basename = 'CodeQL training' # built documents. # # The short X.Y version. -version = u'1.24' +# version = u'1.24' # The full version, including alpha/beta/rc tags. -release = u'1.24' -copyright = u'2019 Semmle Ltd' -author = u'Semmle Ltd' +# release = u'1.24' +# copyright = u'2019 Semmle Ltd' +# author = u'Semmle Ltd' # The language for content autogenerated by Sphinx. Refer to documentation # for a list of supported languages. From 05d83e487db860ef7dab729e2ec2da1f256b0e7b Mon Sep 17 00:00:00 2001 From: Felicity Chapman Date: Wed, 15 Sep 2021 17:08:55 +0100 Subject: [PATCH 03/12] Update all links to CodeQL microsite --- docs/codeql/ql-training/cpp/bad-overflow-guard.rst | 4 ++-- docs/codeql/ql-training/cpp/control-flow-cpp.rst | 4 ++-- docs/codeql/ql-training/cpp/data-flow-cpp.rst | 4 ++-- docs/codeql/ql-training/cpp/global-data-flow-cpp.rst | 2 +- docs/codeql/ql-training/cpp/intro-ql-cpp.rst | 12 ++++++------ docs/codeql/ql-training/cpp/snprintf.rst | 2 +- docs/codeql/ql-training/java/apache-struts-java.rst | 2 +- docs/codeql/ql-training/java/data-flow-java.rst | 2 +- .../ql-training/java/global-data-flow-java.rst | 2 +- docs/codeql/ql-training/java/intro-ql-java.rst | 12 ++++++------ .../codeql/ql-training/java/query-injection-java.rst | 4 ++-- .../slide-snippets/abstract-syntax-tree.rst | 6 +++--- .../ql-training/slide-snippets/database-note.rst | 2 +- .../ql-training/slide-snippets/intro-ql-general.rst | 4 ++-- .../ql-training/slide-snippets/local-data-flow.rst | 8 ++++---- docs/codeql/ql-training/template.rst | 2 +- 16 files changed, 36 insertions(+), 36 deletions(-) diff --git a/docs/codeql/ql-training/cpp/bad-overflow-guard.rst b/docs/codeql/ql-training/cpp/bad-overflow-guard.rst index b0d892a3a48..7ce4d68bfdb 100644 --- a/docs/codeql/ql-training/cpp/bad-overflow-guard.rst +++ b/docs/codeql/ql-training/cpp/bad-overflow-guard.rst @@ -11,7 +11,7 @@ Setup For this example you should download: -- `CodeQL for Visual Studio Code `__ +- `CodeQL for Visual Studio Code `__ - `ChakraCore database `__ .. note:: @@ -149,7 +149,7 @@ Let’s look for overflow guards of the form ``v + b < v``, using the classes - a ``RelationalOperation``: the overflow comparison check. - a ``Variable``: used as an argument to both the addition and comparison. - - The ``where`` part of the query ties these three variables together using `predicates `__ defined in the `standard CodeQL for C/C++ library `__. + - The ``where`` part of the query ties these three variables together using `predicates `__ defined in the `standard CodeQL for C/C++ library `__. CodeQL query: bad overflow guards ================================= diff --git a/docs/codeql/ql-training/cpp/control-flow-cpp.rst b/docs/codeql/ql-training/cpp/control-flow-cpp.rst index fe478bd4edc..c44e2ea0b74 100644 --- a/docs/codeql/ql-training/cpp/control-flow-cpp.rst +++ b/docs/codeql/ql-training/cpp/control-flow-cpp.rst @@ -13,7 +13,7 @@ Setup For this example you should download: -- `CodeQL for Visual Studio Code `__ +- `CodeQL for Visual Studio Code `__ - `ChakraCore database `__ .. note:: @@ -222,7 +222,7 @@ A ``GuardCondition`` is a ``Boolean`` condition that controls one or more basic Further materials ================= -- CodeQL for C/C++: https://help.semmle.com/QL/learn-ql/ql/cpp/ql-for-cpp.html +- CodeQL for C/C++: https://codeql.github.com/docs/codeql-language-guides/codeql-for-cpp/ - API reference: https://codeql.github.com/codeql-standard-libraries/cpp .. rst-class:: end-slide diff --git a/docs/codeql/ql-training/cpp/data-flow-cpp.rst b/docs/codeql/ql-training/cpp/data-flow-cpp.rst index 855ccb40ccb..426c6d4563d 100644 --- a/docs/codeql/ql-training/cpp/data-flow-cpp.rst +++ b/docs/codeql/ql-training/cpp/data-flow-cpp.rst @@ -11,7 +11,7 @@ Setup For this example you should download: -- `CodeQL for Visual Studio Code `__ +- `CodeQL for Visual Studio Code `__ - `dotnet/coreclr database `__ .. note:: @@ -139,7 +139,7 @@ Define a subclass of ``DataFlow::Node`` representing “source” nodes, that is .. note:: - Note the scoping of the `don’t-care variable `__ “_” in this example: the body of the characteristic predicate is equivalent to: + Note the scoping of the `don’t-care variable `__ “_” in this example: the body of the characteristic predicate is equivalent to: .. code-block:: ql diff --git a/docs/codeql/ql-training/cpp/global-data-flow-cpp.rst b/docs/codeql/ql-training/cpp/global-data-flow-cpp.rst index 8fb3f64b534..7be2a07c4af 100644 --- a/docs/codeql/ql-training/cpp/global-data-flow-cpp.rst +++ b/docs/codeql/ql-training/cpp/global-data-flow-cpp.rst @@ -11,7 +11,7 @@ Setup For this example you should download: -- `CodeQL for Visual Studio Code `__ +- `CodeQL for Visual Studio Code `__ - `dotnet/coreclr database `__ .. note:: diff --git a/docs/codeql/ql-training/cpp/intro-ql-cpp.rst b/docs/codeql/ql-training/cpp/intro-ql-cpp.rst index 4753aa4a493..0c08f77dba2 100644 --- a/docs/codeql/ql-training/cpp/intro-ql-cpp.rst +++ b/docs/codeql/ql-training/cpp/intro-ql-cpp.rst @@ -11,7 +11,7 @@ Setup For this example you should download: -- `CodeQL for Visual Studio Code `__ +- `CodeQL for Visual Studio Code `__ - `exiv2 database `__ .. note:: @@ -68,7 +68,7 @@ A simple CodeQL query We are going to write a simple query which finds “if statements” with empty “then” blocks, so we can highlight the results like those on the previous slide. The query can be run in the `query console on LGTM `__, or in your `IDE `__. - A `query `__ consists of a “select” clause that indicates what results should be returned. Typically it will also provide a “from” clause to declare some variables, and a “where” clause to state conditions over those variables. For more information on the structure of query files (including links to useful topics in the `QL language reference `__), see `About CodeQL queries `__. + A `query `__ consists of a “select” clause that indicates what results should be returned. Typically it will also provide a “from” clause to declare some variables, and a “where” clause to state conditions over those variables. For more information on the structure of query files (including links to useful topics in the `QL language reference `__), see `About CodeQL queries `__. In our example here, the first line of the query imports the `CodeQL library for C/C++ `__, which defines concepts like ``IfStmt`` and ``Block``. The query proper starts by declaring two variables–ifStmt and block. These variables represent sets of values in the database, according to the type of each of the variables. For example, ifStmt has the type IfStmt, which means it represents the set of all if statements in the program. @@ -108,9 +108,9 @@ Each query library also implicitly defines a module. Queries are always contained in query files with the file extension ``.ql``. - Parts of queries can be lifted into `library files `__ with the extension ``.qll``. Definitions within such libraries can be brought into scope using ``import`` statements, and similarly QLL files can import each other’s definitions using “import” statements. + Parts of queries can be lifted into `library files `__ with the extension ``.qll``. Definitions within such libraries can be brought into scope using ``import`` statements, and similarly QLL files can import each other’s definitions using “import” statements. - Logic can be encapsulated as user-defined `predicates `__ and `classes `__, and organized into `modules `__. Each QLL file implicitly defines a module, but QL and QLL files can also contain explicit module definitions, as we will see later. + Logic can be encapsulated as user-defined `predicates `__ and `classes `__, and organized into `modules `__. Each QLL file implicitly defines a module, but QL and QLL files can also contain explicit module definitions, as we will see later. Predicates ========== @@ -131,7 +131,7 @@ A predicate allows you to pull out and name parts of a query. .. note:: - A `predicate `__ takes zero or more parameters, and its body is a condition on those parameters. The predicate may (or may not) hold. Predicates may also be `recursive `__, simply by referring to themselves (directly or indirectly). + A `predicate `__ takes zero or more parameters, and its body is a condition on those parameters. The predicate may (or may not) hold. Predicates may also be `recursive `__, simply by referring to themselves (directly or indirectly). You can imagine a predicate to be a self-contained from-where-select statement, that produces an intermediate relation, or table. In this case, the ``isEmpty`` predicate will be the set of all blocks which are empty. @@ -154,7 +154,7 @@ Member predicates are inherited and can be overridden. .. note:: - `Classes `__ model sets of values from the database. A class has one or more supertypes, and inherits `member predicates `__ (methods) from each of them. Each value in a class must be in every supertype, but additional conditions can be stated in a so-called **characteristic predicate**, which looks a bit like a zero-argument constructor. + `Classes `__ model sets of values from the database. A class has one or more supertypes, and inherits `member predicates `__ (methods) from each of them. Each value in a class must be in every supertype, but additional conditions can be stated in a so-called **characteristic predicate**, which looks a bit like a zero-argument constructor. In the example, declaring a variable “EmptyBlock e” will allow it to range over only those blocks that have zero statements. diff --git a/docs/codeql/ql-training/cpp/snprintf.rst b/docs/codeql/ql-training/cpp/snprintf.rst index 1591531460e..657f5f29675 100644 --- a/docs/codeql/ql-training/cpp/snprintf.rst +++ b/docs/codeql/ql-training/cpp/snprintf.rst @@ -11,7 +11,7 @@ Setup For this example you should download: -- `CodeQL for Visual Studio Code `__ +- `CodeQL for Visual Studio Code `__ - `rsyslog database `__ .. note:: diff --git a/docs/codeql/ql-training/java/apache-struts-java.rst b/docs/codeql/ql-training/java/apache-struts-java.rst index 670e9066dc8..e1de94f5e6a 100644 --- a/docs/codeql/ql-training/java/apache-struts-java.rst +++ b/docs/codeql/ql-training/java/apache-struts-java.rst @@ -15,7 +15,7 @@ Setup For this example you should download: -- `CodeQL for Visual Studio Code `__ +- `CodeQL for Visual Studio Code `__ - `Apache Struts database `__ .. note:: diff --git a/docs/codeql/ql-training/java/data-flow-java.rst b/docs/codeql/ql-training/java/data-flow-java.rst index 85ff8688758..98cb02db1db 100644 --- a/docs/codeql/ql-training/java/data-flow-java.rst +++ b/docs/codeql/ql-training/java/data-flow-java.rst @@ -11,7 +11,7 @@ Setup For this example you should download: -- `CodeQL for Visual Studio Code `__ +- `CodeQL for Visual Studio Code `__ - `VIVO Vitro database `__ .. note:: diff --git a/docs/codeql/ql-training/java/global-data-flow-java.rst b/docs/codeql/ql-training/java/global-data-flow-java.rst index 3e5029a754f..d54710cda79 100644 --- a/docs/codeql/ql-training/java/global-data-flow-java.rst +++ b/docs/codeql/ql-training/java/global-data-flow-java.rst @@ -11,7 +11,7 @@ Setup For this example you should download: -- `CodeQL for Visual Studio Code `__ +- `CodeQL for Visual Studio Code `__ - `Apache Struts database `__ .. note:: diff --git a/docs/codeql/ql-training/java/intro-ql-java.rst b/docs/codeql/ql-training/java/intro-ql-java.rst index fb415d078bc..72de876ddae 100644 --- a/docs/codeql/ql-training/java/intro-ql-java.rst +++ b/docs/codeql/ql-training/java/intro-ql-java.rst @@ -11,7 +11,7 @@ Setup For this example you should download: -- `CodeQL for Visual Studio Code `__ +- `CodeQL for Visual Studio Code `__ - `Apache Struts database `__ .. note:: @@ -68,7 +68,7 @@ A simple CodeQL query We are going to write a simple query which finds “if statements” with empty “then” blocks, so we can highlight the results like those on the previous slide. The query can be run in the `query console on LGTM `__, or in your `IDE `__. - A `query `__ consists of a “select” clause that indicates what results should be returned. Typically it will also provide a “from” clause to declare some variables, and a “where” clause to state conditions over those variables. For more information on the structure of query files (including links to useful topics in the `QL language reference `__), see `About CodeQL queries `__. + A `query `__ consists of a “select” clause that indicates what results should be returned. Typically it will also provide a “from” clause to declare some variables, and a “where” clause to state conditions over those variables. For more information on the structure of query files (including links to useful topics in the `QL language reference `__), see `About CodeQL queries `__. In our example here, the first line of the query imports the `CodeQL library for Java `__, which defines concepts like ``IfStmt`` and ``Block``. The query proper starts by declaring two variables–ifStmt and block. These variables represent sets of values in the database, according to the type of each of the variables. For example, ``ifStmt`` has the type ``IfStmt``, which means it represents the set of all if statements in the program. @@ -107,9 +107,9 @@ Each query library also implicitly defines a module. Queries are always contained in query files with the file extension ``.ql``. - Parts of queries can be lifted into `library files `__ with the extension ``.qll``. Definitions within such libraries can be brought into scope using “import” statements, and similarly QLL files can import each other’s definitions using “import” statements. + Parts of queries can be lifted into `library files `__ with the extension ``.qll``. Definitions within such libraries can be brought into scope using “import” statements, and similarly QLL files can import each other’s definitions using “import” statements. - Logic can be encapsulated as user-defined `predicates `__ and `classes `__, and organized into `modules `__. Each QLL file implicitly defines a module, but QL and QLL files can also contain explicit module definitions, as we will see later. + Logic can be encapsulated as user-defined `predicates `__ and `classes `__, and organized into `modules `__. Each QLL file implicitly defines a module, but QL and QLL files can also contain explicit module definitions, as we will see later. Predicates ========== @@ -130,7 +130,7 @@ A predicate allows you to pull out and name parts of a query. .. note:: - A `predicate `__ takes zero or more parameters, and its body is a condition on those parameters. The predicate may (or may not) hold. Predicates may also be `recursive `__, simply by referring to themselves (directly or indirectly). + A `predicate `__ takes zero or more parameters, and its body is a condition on those parameters. The predicate may (or may not) hold. Predicates may also be `recursive `__, simply by referring to themselves (directly or indirectly). You can imagine a predicate to be a self-contained from-where-select statement, that produces an intermediate relation, or table. In this case, the ``isEmpty`` predicate will be the set of all blocks which are empty. @@ -154,7 +154,7 @@ Member predicates are inherited and can be overridden. .. note:: - `Classes `__ model sets of values from the database. A class has one or more supertypes, and inherits `member predicates `__ (methods) from each of them. Each value in a class must be in every supertype, but additional conditions can be stated in a so-called **characteristic predicate**, which looks a bit like a zero-argument constructor. + `Classes `__ model sets of values from the database. A class has one or more supertypes, and inherits `member predicates `__ (methods) from each of them. Each value in a class must be in every supertype, but additional conditions can be stated in a so-called **characteristic predicate**, which looks a bit like a zero-argument constructor. In the example, declaring a variable “EmptyBlock e” will allow it to range over only those blocks that have zero statements. diff --git a/docs/codeql/ql-training/java/query-injection-java.rst b/docs/codeql/ql-training/java/query-injection-java.rst index 92e0930d9bf..7bad1e3cbee 100644 --- a/docs/codeql/ql-training/java/query-injection-java.rst +++ b/docs/codeql/ql-training/java/query-injection-java.rst @@ -11,7 +11,7 @@ Setup For this example you should download: -- `CodeQL for Visual Studio Code `__ +- `CodeQL for Visual Studio Code `__ - `VIVO Vitro database `__ .. note:: @@ -84,7 +84,7 @@ Let’s start by looking for calls to methods with names of the form ``sparql*Qu - a ``MethodAccess``: the call to a SPARQL query method - a ``Method``: the SPARQL query method. - - The ``where`` part of the query ties these variables together using `predicates `__ defined in the `standard CodeQL library for Java `__. + - The ``where`` part of the query ties these variables together using `predicates `__ defined in the `standard CodeQL library for Java `__. CodeQL query: find string concatenation ======================================= diff --git a/docs/codeql/ql-training/slide-snippets/abstract-syntax-tree.rst b/docs/codeql/ql-training/slide-snippets/abstract-syntax-tree.rst index 09b8cf86a01..adae6c8841f 100644 --- a/docs/codeql/ql-training/slide-snippets/abstract-syntax-tree.rst +++ b/docs/codeql/ql-training/slide-snippets/abstract-syntax-tree.rst @@ -39,9 +39,9 @@ The basic representation of an analyzed program is an *abstract syntax tree (AST The following topics contain overviews of the important AST classes and CodeQL libraries for C/C++, C#, and Java: - - `CodeQL library for C/C++ `__ - - `CodeQL library for C# `__ - - `CodeQL library for Java `__ + - `CodeQL library for C/C++ `__ + - `CodeQL library for C# `__ + - `CodeQL library for Java `__ Database representations of ASTs diff --git a/docs/codeql/ql-training/slide-snippets/database-note.rst b/docs/codeql/ql-training/slide-snippets/database-note.rst index b35a1f1b9f4..2b6bcce75ab 100644 --- a/docs/codeql/ql-training/slide-snippets/database-note.rst +++ b/docs/codeql/ql-training/slide-snippets/database-note.rst @@ -4,6 +4,6 @@ You can download the database as a zip file by clicking the link on the slide ab #. Add the unzipped database to Visual Studio Code #. Upgrade the database if necessary -For further information, see `Analyzing your projects `__ in the CodeQL for Visual Studio Code help. +For further information, see `Analyzing your projects `__ in the CodeQL for Visual Studio Code help. Note that results generated in the query console are likely to differ to those generated in CodeQL for Visual Studio Code as LGTM.com analyzes the most recent revisions of each project that has been added–the CodeQL database available to download above is based on an historical version of the codebase. \ No newline at end of file diff --git a/docs/codeql/ql-training/slide-snippets/intro-ql-general.rst b/docs/codeql/ql-training/slide-snippets/intro-ql-general.rst index f07f5907c15..5ffe6b1dae3 100644 --- a/docs/codeql/ql-training/slide-snippets/intro-ql-general.rst +++ b/docs/codeql/ql-training/slide-snippets/intro-ql-general.rst @@ -103,7 +103,7 @@ Analysis overview CodeQL analysis works by extracting a queryable database from your project. For compiled languages, the tools observe an ordinary build of the source code. Each time a compiler is invoked to process a source file, a copy of that file is made, and all relevant information about the source code (syntactic data about the abstract syntax tree, semantic data like name binding and type information, data on the operation of the C preprocessor, etc.) is collected. For interpreted languages, the extractor gathers similar information by running directly on the source code. Multi-language code bases are analyzed one language at a time. - Once the extraction finishes, all this information is collected into a single `CodeQL database `__, which is then ready to query, possibly on a different machine. A copy of the source files, made at the time the database was created, is also included in the CodeQL database so analysis results can be displayed at the correct location in the code. The database schema is (source) language specific. + Once the extraction finishes, all this information is collected into a single `CodeQL database `__, which is then ready to query, possibly on a different machine. A copy of the source files, made at the time the database was created, is also included in the CodeQL database so analysis results can be displayed at the correct location in the code. The database schema is (source) language specific. Queries are written in QL and usually depend on one or more of the `standard CodeQL libraries `__ (and of course you can write your own custom libraries). They are compiled into an efficiently executable format by the QL compiler and then run on a CodeQL database by the QL evaluator, either on a remote worker machine or locally on a developer’s machine. @@ -124,7 +124,7 @@ QL is: .. note:: - QL is the high-level, object-oriented logic language that underpins all CodeQL libraries and analyses. You can learn lots more about QL by visiting the `QL language reference `__. + QL is the high-level, object-oriented logic language that underpins all CodeQL libraries and analyses. You can learn lots more about QL by visiting the `QL language reference `__. The key features of QL are: - All common logic connectives are available, including quantifiers like ``exist``, which can also introduce new variables. diff --git a/docs/codeql/ql-training/slide-snippets/local-data-flow.rst b/docs/codeql/ql-training/slide-snippets/local-data-flow.rst index f0d1dfa546f..8041c077190 100644 --- a/docs/codeql/ql-training/slide-snippets/local-data-flow.rst +++ b/docs/codeql/ql-training/slide-snippets/local-data-flow.rst @@ -70,7 +70,7 @@ Local vs global data flow For further information, see: - - `About data flow analysis `__ + - `About data flow analysis `__ .. rst-class:: background2 @@ -111,8 +111,8 @@ So all references will need to be qualified (that is, ``DataFlow::Node``) A **module** is a way of organizing QL code by grouping together related predicates, classes, and (sub-)modules. They can be either explicitly declared or implicit. A query library implicitly declares a module with the same name as the QLL file. - For further information on libraries and modules in QL, see the chapter on `Modules `__ in the QL language reference. - For further information on importing QL libraries and modules, see the chapter on `Name resolution `__ in the QL language reference. + For further information on libraries and modules in QL, see the chapter on `Modules `__ in the QL language reference. + For further information on importing QL libraries and modules, see the chapter on `Name resolution <>`__ in the QL language reference. Data flow graph =============== @@ -131,7 +131,7 @@ Data flow graph The ``DataFlow::Node`` class is shared between both the local and global data flow graphs–the primary difference is the edges, which in the “global” case can link different functions. - ``localFlowStep`` is the “single step” flow relation–that is, it describes single edges in the local data flow graph. ``localFlow`` represents the `transitive `__ closure of this relation–in other words, it contains every pair of nodes where the second node is reachable from the first in the data flow graph. + ``localFlowStep`` is the “single step” flow relation–that is, it describes single edges in the local data flow graph. ``localFlow`` represents the `transitive `__ closure of this relation–in other words, it contains every pair of nodes where the second node is reachable from the first in the data flow graph. The data flow graph is separate from the `AST `__, to allow for flexibility in how data flow is modeled. There are a small number of data flow node types–expression nodes, parameter nodes, uninitialized variable nodes, and definition by reference nodes. Each node provides mapping functions to and from the relevant AST (for example ``Expr``, ``Parameter`` etc.) or symbol table (for example ``Variable``) classes. diff --git a/docs/codeql/ql-training/template.rst b/docs/codeql/ql-training/template.rst index 4a5b9b32341..a292f50537f 100644 --- a/docs/codeql/ql-training/template.rst +++ b/docs/codeql/ql-training/template.rst @@ -36,7 +36,7 @@ Setup For this example you should download: -- `CodeQL for Visual Studio Code `__ +- `CodeQL for Visual Studio Code `__ - A CodeQL database .. note:: From c36292bfd09c4afd2cd3e382dda0d41e050e89c9 Mon Sep 17 00:00:00 2001 From: james Date: Thu, 16 Sep 2021 17:03:29 +0100 Subject: [PATCH 04/12] a few more links --- docs/codeql/ql-training/conf.py | 2 +- docs/codeql/ql-training/cpp/bad-overflow-guard.rst | 4 ++-- docs/codeql/ql-training/cpp/control-flow-cpp.rst | 2 +- docs/codeql/ql-training/cpp/intro-ql-cpp.rst | 2 +- .../ql-training/slide-snippets/abstract-syntax-tree.rst | 6 +++--- docs/codeql/ql-training/slide-snippets/database-note.rst | 2 +- 6 files changed, 9 insertions(+), 9 deletions(-) diff --git a/docs/codeql/ql-training/conf.py b/docs/codeql/ql-training/conf.py index 0443e854c99..7514f9798f1 100644 --- a/docs/codeql/ql-training/conf.py +++ b/docs/codeql/ql-training/conf.py @@ -47,7 +47,7 @@ import sys import os def setup(sphinx): - sys.path.insert(0, os.path.abspath('docs/codeql')) + sys.path.insert(0, os.path.join(os.path.dirname( __file__ ), '..')) from qllexer import QLLexer sphinx.add_lexer("ql", QLLexer()) diff --git a/docs/codeql/ql-training/cpp/bad-overflow-guard.rst b/docs/codeql/ql-training/cpp/bad-overflow-guard.rst index 7ce4d68bfdb..8912a4259ce 100644 --- a/docs/codeql/ql-training/cpp/bad-overflow-guard.rst +++ b/docs/codeql/ql-training/cpp/bad-overflow-guard.rst @@ -16,7 +16,7 @@ For this example you should download: .. note:: - For the examples in this presentation, we will be analyzing `ChakraCore `__. + For the examples in this presentation, we will be analyzing `ChakraCore `__. You can query the project in `the query console `__ on LGTM.com. @@ -229,4 +229,4 @@ The final query .. literalinclude:: ../query-examples/cpp/bad-overflow-guard-3.ql :language: ql -This query finds a single result in our historic database, which was `a genuine bug in ChakraCore `__. +This query finds a single result in our historic database, which was `a genuine bug in ChakraCore `__. diff --git a/docs/codeql/ql-training/cpp/control-flow-cpp.rst b/docs/codeql/ql-training/cpp/control-flow-cpp.rst index c44e2ea0b74..f02c5232d42 100644 --- a/docs/codeql/ql-training/cpp/control-flow-cpp.rst +++ b/docs/codeql/ql-training/cpp/control-flow-cpp.rst @@ -18,7 +18,7 @@ For this example you should download: .. note:: - For the examples in this presentation, we will be analyzing `ChakraCore `__. + For the examples in this presentation, we will be analyzing `ChakraCore `__. You can query the project in `the query console `__ on LGTM.com. diff --git a/docs/codeql/ql-training/cpp/intro-ql-cpp.rst b/docs/codeql/ql-training/cpp/intro-ql-cpp.rst index 0c08f77dba2..3298e4d3706 100644 --- a/docs/codeql/ql-training/cpp/intro-ql-cpp.rst +++ b/docs/codeql/ql-training/cpp/intro-ql-cpp.rst @@ -110,7 +110,7 @@ Each query library also implicitly defines a module. Parts of queries can be lifted into `library files `__ with the extension ``.qll``. Definitions within such libraries can be brought into scope using ``import`` statements, and similarly QLL files can import each other’s definitions using “import” statements. - Logic can be encapsulated as user-defined `predicates `__ and `classes `__, and organized into `modules `__. Each QLL file implicitly defines a module, but QL and QLL files can also contain explicit module definitions, as we will see later. + Logic can be encapsulated as user-defined `predicates `__ and `classes `__, and organized into `modules `__. Each QLL file implicitly defines a module, but QL and QLL files can also contain explicit module definitions, as we will see later. Predicates ========== diff --git a/docs/codeql/ql-training/slide-snippets/abstract-syntax-tree.rst b/docs/codeql/ql-training/slide-snippets/abstract-syntax-tree.rst index adae6c8841f..3e990d94b01 100644 --- a/docs/codeql/ql-training/slide-snippets/abstract-syntax-tree.rst +++ b/docs/codeql/ql-training/slide-snippets/abstract-syntax-tree.rst @@ -65,6 +65,6 @@ Entity types are rarely used directly, the usual pattern is to define a class th For example, the database schemas for C/++, C#, and Java CodeQL databases are here: - - https://github.com/github/codeql/blob/main/cpp/ql/src/semmlecode.cpp.dbscheme - - https://github.com/github/codeql/blob/main/csharp/ql/src/semmlecode.csharp.dbscheme - - https://github.com/github/codeql/blob/main/java/ql/src/config/semmlecode.dbscheme \ No newline at end of file + - https://github.com/github/codeql/blob/main/cpp/ql/lib/semmlecode.cpp.dbscheme + - https://github.com/github/codeql/blob/main/csharp/ql/lib/semmlecode.csharp.dbscheme + - https://github.com/github/codeql/blob/main/java/ql/lib/config/semmlecode.dbscheme \ No newline at end of file diff --git a/docs/codeql/ql-training/slide-snippets/database-note.rst b/docs/codeql/ql-training/slide-snippets/database-note.rst index 2b6bcce75ab..909f56e3585 100644 --- a/docs/codeql/ql-training/slide-snippets/database-note.rst +++ b/docs/codeql/ql-training/slide-snippets/database-note.rst @@ -4,6 +4,6 @@ You can download the database as a zip file by clicking the link on the slide ab #. Add the unzipped database to Visual Studio Code #. Upgrade the database if necessary -For further information, see `Analyzing your projects `__ in the CodeQL for Visual Studio Code help. +For further information, see `Analyzing your projects `__ in the CodeQL for Visual Studio Code help. Note that results generated in the query console are likely to differ to those generated in CodeQL for Visual Studio Code as LGTM.com analyzes the most recent revisions of each project that has been added–the CodeQL database available to download above is based on an historical version of the codebase. \ No newline at end of file From e906ded0d1729b166dcd22701781a072f41ac2e3 Mon Sep 17 00:00:00 2001 From: james Date: Fri, 17 Sep 2021 08:48:26 +0100 Subject: [PATCH 05/12] remove java class --- ...ract-syntax-tree-classes-for-working-with-java-programs.rst | 3 --- 1 file changed, 3 deletions(-) diff --git a/docs/codeql/codeql-language-guides/abstract-syntax-tree-classes-for-working-with-java-programs.rst b/docs/codeql/codeql-language-guides/abstract-syntax-tree-classes-for-working-with-java-programs.rst index 1664b8407dc..83bce3652b9 100644 --- a/docs/codeql/codeql-language-guides/abstract-syntax-tree-classes-for-working-with-java-programs.rst +++ b/docs/codeql/codeql-language-guides/abstract-syntax-tree-classes-for-working-with-java-programs.rst @@ -252,8 +252,6 @@ Miscellaneous +=====================================+====================+============================================================================+ | ``(int) f`` | CastExpr_ | | +-------------------------------------+--------------------+----------------------------------------------------------------------------+ -| ``(23 + 42)`` | ParExpr_ | | -+-------------------------------------+--------------------+----------------------------------------------------------------------------+ | ``o instanceof String`` | InstanceOfExpr_ | | +-------------------------------------+--------------------+----------------------------------------------------------------------------+ | `Expr`_ ``?`` `Expr`_ ``:`` `Expr`_ | ConditionalExpr_ | | @@ -378,7 +376,6 @@ Further reading .. _WildcardTypeAccess: https://codeql.github.com/codeql-standard-libraries/java/semmle/code/java/Expr.qll/type.Expr$WildcardTypeAccess.html .. _FieldAccess: https://codeql.github.com/codeql-standard-libraries/java/semmle/code/java/Expr.qll/type.Expr$FieldAccess.html .. _CastExpr: https://codeql.github.com/codeql-standard-libraries/java/semmle/code/java/Expr.qll/type.Expr$CastExpr.html -.. _ParExpr: https://codeql.github.com/codeql-standard-libraries/java/semmle/code/java/Expr.qll/type.Expr$ParExpr.html .. _InstanceOfExpr: https://codeql.github.com/codeql-standard-libraries/java/semmle/code/java/Expr.qll/type.Expr$InstanceOfExpr.html .. _ConditionalExpr: https://codeql.github.com/codeql-standard-libraries/java/semmle/code/java/Expr.qll/type.Expr$ConditionalExpr.html .. _TypeLiteral: https://codeql.github.com/codeql-standard-libraries/java/semmle/code/java/Expr.qll/type.Expr$TypeLiteral.html From 23e4ad1abbf5c0c97ef45c47d02ce1b090351650 Mon Sep 17 00:00:00 2001 From: james Date: Fri, 24 Sep 2021 14:46:14 +0100 Subject: [PATCH 06/12] update one more link --- docs/codeql/support/ql-training.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/codeql/support/ql-training.rst b/docs/codeql/support/ql-training.rst index bb4dc9a3f2e..7335dcc390d 100644 --- a/docs/codeql/support/ql-training.rst +++ b/docs/codeql/support/ql-training.rst @@ -25,7 +25,7 @@ When you have selected a presentation, use |arrow-r| and |arrow-l| to navigate b Press **p** to view the additional notes on slides that have an information icon |info| in the top right corner, and press **f** to enter full-screen mode. The presentations contain a number of query examples. -We recommend that you download `CodeQL for Visual Studio Code `__ and add the example database for each presentation so that you can find the bugs mentioned in the slides. +We recommend that you download `CodeQL for Visual Studio Code `__ and add the example database for each presentation so that you can find the bugs mentioned in the slides. .. pull-quote:: From e664711f474782869aefc76b675f950dd754802b Mon Sep 17 00:00:00 2001 From: james Date: Fri, 24 Sep 2021 14:56:48 +0100 Subject: [PATCH 07/12] make links to slide decks relative --- docs/codeql/support/ql-training.rst | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/docs/codeql/support/ql-training.rst b/docs/codeql/support/ql-training.rst index 7335dcc390d..1c2123a1f51 100644 --- a/docs/codeql/support/ql-training.rst +++ b/docs/codeql/support/ql-training.rst @@ -39,23 +39,23 @@ We recommend that you download `CodeQL for Visual Studio Code `__–an introduction to variant analysis and CodeQL for C/C++ programmers. -- `Example: Bad overflow guard `__–an example of iterative query development to find bad overflow guards in a C++ project. -- `Program representation: CodeQL for C/C++ `__–information on how CodeQL analysis represents C/C++ programs. -- `Introduction to local data flow `__–an introduction to analyzing local data flow in C/C++ using CodeQL, including an example demonstrating how to develop a query to find a real CVE. -- `Exercise: snprintf overflow `__–an example demonstrating how to develop a data flow query. -- `Introduction to global data flow `__–an introduction to analyzing global data flow in C/C++ using CodeQL. -- `Analyzing control flow: CodeQL for C/C++ `__–an introduction to analyzing control flow in C/C++ using CodeQL. +- `Introduction to variant analysis: CodeQL for C/C++ `__–an introduction to variant analysis and CodeQL for C/C++ programmers. +- `Example: Bad overflow guard `__–an example of iterative query development to find bad overflow guards in a C++ project. +- `Program representation: CodeQL for C/C++ `__–information on how CodeQL analysis represents C/C++ programs. +- `Introduction to local data flow `__–an introduction to analyzing local data flow in C/C++ using CodeQL, including an example demonstrating how to develop a query to find a real CVE. +- `Exercise: snprintf overflow `__–an example demonstrating how to develop a data flow query. +- `Introduction to global data flow `__–an introduction to analyzing global data flow in C/C++ using CodeQL. +- `Analyzing control flow: CodeQL for C/C++ `__–an introduction to analyzing control flow in C/C++ using CodeQL. CodeQL and variant analysis for Java ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -- `Introduction to variant analysis: CodeQL for Java `__–an introduction to variant analysis and CodeQL for Java programmers. -- `Example: Query injection `__–an example of iterative query development to find unsanitized SPARQL injections in a Java project. -- `Program representation: CodeQL for Java `__–information on how CodeQL analysis represents Java programs. -- `Introduction to local data flow `__–an introduction to analyzing local data flow in Java using CodeQL, including an example demonstrating how to develop a query to find a real CVE. -- `Exercise: Apache Struts `__–an example demonstrating how to develop a data flow query. -- `Introduction to global data flow `__–an introduction to analyzing global data flow in Java using CodeQL. +- `Introduction to variant analysis: CodeQL for Java `__–an introduction to variant analysis and CodeQL for Java programmers. +- `Example: Query injection `__–an example of iterative query development to find unsanitized SPARQL injections in a Java project. +- `Program representation: CodeQL for Java `__–information on how CodeQL analysis represents Java programs. +- `Introduction to local data flow `__–an introduction to analyzing local data flow in Java using CodeQL, including an example demonstrating how to develop a query to find a real CVE. +- `Exercise: Apache Struts `__–an example demonstrating how to develop a data flow query. +- `Introduction to global data flow `__–an introduction to analyzing global data flow in Java using CodeQL. Further reading ~~~~~~~~~~~~~~~ From 1adc5c2a5b510d67176568539a16d95a92354915 Mon Sep 17 00:00:00 2001 From: james Date: Fri, 24 Sep 2021 17:00:59 +0100 Subject: [PATCH 08/12] update links correctly --- docs/codeql/support/ql-training.rst | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/docs/codeql/support/ql-training.rst b/docs/codeql/support/ql-training.rst index 1c2123a1f51..172a6ea38e9 100644 --- a/docs/codeql/support/ql-training.rst +++ b/docs/codeql/support/ql-training.rst @@ -39,23 +39,23 @@ We recommend that you download `CodeQL for Visual Studio Code `__–an introduction to variant analysis and CodeQL for C/C++ programmers. -- `Example: Bad overflow guard `__–an example of iterative query development to find bad overflow guards in a C++ project. -- `Program representation: CodeQL for C/C++ `__–information on how CodeQL analysis represents C/C++ programs. -- `Introduction to local data flow `__–an introduction to analyzing local data flow in C/C++ using CodeQL, including an example demonstrating how to develop a query to find a real CVE. -- `Exercise: snprintf overflow `__–an example demonstrating how to develop a data flow query. -- `Introduction to global data flow `__–an introduction to analyzing global data flow in C/C++ using CodeQL. -- `Analyzing control flow: CodeQL for C/C++ `__–an introduction to analyzing control flow in C/C++ using CodeQL. +- `Introduction to variant analysis: CodeQL for C/C++ <../../QL/ql-training/cpp/intro-ql-cpp.html>`__–an introduction to variant analysis and CodeQL for C/C++ programmers. +- `Example: Bad overflow guard <../../QL/ql-training/cpp/bad-overflow-guard.html>`__–an example of iterative query development to find bad overflow guards in a C++ project. +- `Program representation: CodeQL for C/C++ <../../QL/ql-training/cpp/program-representation-cpp.html>`__–information on how CodeQL analysis represents C/C++ programs. +- `Introduction to local data flow <../../QL/ql-training/cpp/data-flow-cpp.html>`__–an introduction to analyzing local data flow in C/C++ using CodeQL, including an example demonstrating how to develop a query to find a real CVE. +- `Exercise: snprintf overflow <../../QL/ql-training/cpp/snprintf.html>`__–an example demonstrating how to develop a data flow query. +- `Introduction to global data flow <../../QL/ql-training/cpp/global-data-flow-cpp.html>`__–an introduction to analyzing global data flow in C/C++ using CodeQL. +- `Analyzing control flow: CodeQL for C/C++ <../../QL/ql-training/cpp/control-flow-cpp.html>`__–an introduction to analyzing control flow in C/C++ using CodeQL. CodeQL and variant analysis for Java ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -- `Introduction to variant analysis: CodeQL for Java `__–an introduction to variant analysis and CodeQL for Java programmers. -- `Example: Query injection `__–an example of iterative query development to find unsanitized SPARQL injections in a Java project. -- `Program representation: CodeQL for Java `__–information on how CodeQL analysis represents Java programs. -- `Introduction to local data flow `__–an introduction to analyzing local data flow in Java using CodeQL, including an example demonstrating how to develop a query to find a real CVE. -- `Exercise: Apache Struts `__–an example demonstrating how to develop a data flow query. -- `Introduction to global data flow `__–an introduction to analyzing global data flow in Java using CodeQL. +- `Introduction to variant analysis: CodeQL for Java <../../QL/ql-training/java/intro-ql-java.html>`__–an introduction to variant analysis and CodeQL for Java programmers. +- `Example: Query injection <../../QL/ql-training/java/query-injection-java.html>`__–an example of iterative query development to find unsanitized SPARQL injections in a Java project. +- `Program representation: CodeQL for Java <../../QL/ql-training/java/program-representation-java.html>`__–information on how CodeQL analysis represents Java programs. +- `Introduction to local data flow <../../QL/ql-training/java/data-flow-java.html>`__–an introduction to analyzing local data flow in Java using CodeQL, including an example demonstrating how to develop a query to find a real CVE. +- `Exercise: Apache Struts <../../QL/ql-training/java/apache-struts-java.html>`__–an example demonstrating how to develop a data flow query. +- `Introduction to global data flow <../../QL/ql-training/java/global-data-flow-java.html>`__–an introduction to analyzing global data flow in Java using CodeQL. Further reading ~~~~~~~~~~~~~~~ From a3c1975a84f6535baf56fa2ae97f1ccb56cb4de7 Mon Sep 17 00:00:00 2001 From: Felicity Chapman Date: Mon, 27 Sep 2021 16:35:22 +0100 Subject: [PATCH 09/12] Update links to match those on the staging site --- docs/codeql/support/ql-training.rst | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/docs/codeql/support/ql-training.rst b/docs/codeql/support/ql-training.rst index 172a6ea38e9..6eb8019e5c9 100644 --- a/docs/codeql/support/ql-training.rst +++ b/docs/codeql/support/ql-training.rst @@ -39,25 +39,25 @@ We recommend that you download `CodeQL for Visual Studio Code `__–an introduction to variant analysis and CodeQL for C/C++ programmers. -- `Example: Bad overflow guard <../../QL/ql-training/cpp/bad-overflow-guard.html>`__–an example of iterative query development to find bad overflow guards in a C++ project. -- `Program representation: CodeQL for C/C++ <../../QL/ql-training/cpp/program-representation-cpp.html>`__–information on how CodeQL analysis represents C/C++ programs. -- `Introduction to local data flow <../../QL/ql-training/cpp/data-flow-cpp.html>`__–an introduction to analyzing local data flow in C/C++ using CodeQL, including an example demonstrating how to develop a query to find a real CVE. -- `Exercise: snprintf overflow <../../QL/ql-training/cpp/snprintf.html>`__–an example demonstrating how to develop a data flow query. -- `Introduction to global data flow <../../QL/ql-training/cpp/global-data-flow-cpp.html>`__–an introduction to analyzing global data flow in C/C++ using CodeQL. -- `Analyzing control flow: CodeQL for C/C++ <../../QL/ql-training/cpp/control-flow-cpp.html>`__–an introduction to analyzing control flow in C/C++ using CodeQL. +- `Introduction to variant analysis: CodeQL for C/C++ `__–an introduction to variant analysis and CodeQL for C/C++ programmers. +- `Example: Bad overflow guard `__–an example of iterative query development to find bad overflow guards in a C++ project. +- `Program representation: CodeQL for C/C++ `__–information on how CodeQL analysis represents C/C++ programs. +- `Introduction to local data flow `__–an introduction to analyzing local data flow in C/C++ using CodeQL, including an example demonstrating how to develop a query to find a real CVE. +- `Exercise: snprintf overflow `__–an example demonstrating how to develop a data flow query. +- `Introduction to global data flow `__–an introduction to analyzing global data flow in C/C++ using CodeQL. +- `Analyzing control flow: CodeQL for C/C++ `__–an introduction to analyzing control flow in C/C++ using CodeQL. CodeQL and variant analysis for Java ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -- `Introduction to variant analysis: CodeQL for Java <../../QL/ql-training/java/intro-ql-java.html>`__–an introduction to variant analysis and CodeQL for Java programmers. -- `Example: Query injection <../../QL/ql-training/java/query-injection-java.html>`__–an example of iterative query development to find unsanitized SPARQL injections in a Java project. -- `Program representation: CodeQL for Java <../../QL/ql-training/java/program-representation-java.html>`__–information on how CodeQL analysis represents Java programs. -- `Introduction to local data flow <../../QL/ql-training/java/data-flow-java.html>`__–an introduction to analyzing local data flow in Java using CodeQL, including an example demonstrating how to develop a query to find a real CVE. -- `Exercise: Apache Struts <../../QL/ql-training/java/apache-struts-java.html>`__–an example demonstrating how to develop a data flow query. -- `Introduction to global data flow <../../QL/ql-training/java/global-data-flow-java.html>`__–an introduction to analyzing global data flow in Java using CodeQL. +- `Introduction to variant analysis: CodeQL for Java `__–an introduction to variant analysis and CodeQL for Java programmers. +- `Example: Query injection `__–an example of iterative query development to find unsanitized SPARQL injections in a Java project. +- `Program representation: CodeQL for Java `__–information on how CodeQL analysis represents Java programs. +- `Introduction to local data flow `__–an introduction to analyzing local data flow in Java using CodeQL, including an example demonstrating how to develop a query to find a real CVE. +- `Exercise: Apache Struts `__–an example demonstrating how to develop a data flow query. +- `Introduction to global data flow `__–an introduction to analyzing global data flow in Java using CodeQL. Further reading ~~~~~~~~~~~~~~~ -- `GitHub Security Lab `__ \ No newline at end of file +- `GitHub Security Lab `__ From 3c17ac424d5adc0774f328c6f6e3bf2c75a59564 Mon Sep 17 00:00:00 2001 From: shati-patel <42641846+shati-patel@users.noreply.github.com> Date: Mon, 27 Sep 2021 18:27:30 +0100 Subject: [PATCH 10/12] Docs: Fix some broken/redirected links --- docs/codeql/README.rst | 4 ++-- docs/codeql/ql-training/java/apache-struts-java.rst | 2 +- docs/codeql/ql-training/java/global-data-flow-java.rst | 2 +- docs/codeql/ql-training/template.rst | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/codeql/README.rst b/docs/codeql/README.rst index c7ea08519da..d27fe2189d2 100644 --- a/docs/codeql/README.rst +++ b/docs/codeql/README.rst @@ -8,7 +8,7 @@ The CodeQL documentation in this repository is written in reStructuredText and c HTML using Sphinx. For more information on writing in reStructuredText, -see http://docutils.sourceforge.net/rst.html. +see https://docutils.sourceforge.io/rst.html. For more information on Sphinx, see https://www.sphinx-doc.org. @@ -99,7 +99,7 @@ generates html slide shows in the ```` directory when run from the ``ql-training`` source directory. For more information about creating slides for QL training and variant analysis -examples, see the `template slide deck `__. +examples, see the `template slide deck `__. Viewing the current version of the CodeQL documentation ******************************************************* diff --git a/docs/codeql/ql-training/java/apache-struts-java.rst b/docs/codeql/ql-training/java/apache-struts-java.rst index e1de94f5e6a..e85276e14f0 100644 --- a/docs/codeql/ql-training/java/apache-struts-java.rst +++ b/docs/codeql/ql-training/java/apache-struts-java.rst @@ -134,4 +134,4 @@ Model answer, step 4 and sink.getNode() instanceof UnsafeDeserializationSink select sink.getNode().(UnsafeDeserializationSink).getMethodAccess(), source, sink, "Unsafe deserialization of $@.", source, "user input" -More full-featured version: https://github.com/github/security-lab/tree/main/CodeQL_Queries/java/Apache_Struts_CVE-2017-9805 \ No newline at end of file +More full-featured version: https://github.com/github/securitylab/tree/main/CodeQL_Queries/java/Apache_Struts_CVE-2017-9805 diff --git a/docs/codeql/ql-training/java/global-data-flow-java.rst b/docs/codeql/ql-training/java/global-data-flow-java.rst index d54710cda79..2c1827a937c 100644 --- a/docs/codeql/ql-training/java/global-data-flow-java.rst +++ b/docs/codeql/ql-training/java/global-data-flow-java.rst @@ -54,7 +54,7 @@ Code injection in Apache struts .. note:: More details on the CVE can be found here: https://securitylab.github.com/research/apache-struts-CVE-2018-11776 and - https://github.com/github/security-lab/tree/main/CodeQL_Queries/java/Apache_Struts_CVE-2018-11776 + https://github.com/github/securitylab/tree/main/CodeQL_Queries/java/Apache_Struts_CVE-2018-11776 More details on OGNL can be found here: https://commons.apache.org/proper/commons-ognl/ diff --git a/docs/codeql/ql-training/template.rst b/docs/codeql/ql-training/template.rst index a292f50537f..0fc0a740a66 100644 --- a/docs/codeql/ql-training/template.rst +++ b/docs/codeql/ql-training/template.rst @@ -159,7 +159,7 @@ Specify the language to apply syntax highlighting and the lines of the fragment Further details =============== -- For more information on writing in reStructuredText, see http://docutils.sourceforge.net/rst.html. +- For more information on writing in reStructuredText, see https://docutils.sourceforge.io/rst.html. - For more information on Sphinx, see https://www.sphinx-doc.org. From 31c34870ef5de7ea1f21bd3d8e7844c83b4e86fe Mon Sep 17 00:00:00 2001 From: shati-patel <42641846+shati-patel@users.noreply.github.com> Date: Mon, 27 Sep 2021 18:27:57 +0100 Subject: [PATCH 11/12] Fix warning about "Anonymous hyperlink mismatch" --- docs/codeql/ql-training/slide-snippets/local-data-flow.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/codeql/ql-training/slide-snippets/local-data-flow.rst b/docs/codeql/ql-training/slide-snippets/local-data-flow.rst index 8041c077190..b023eb213e4 100644 --- a/docs/codeql/ql-training/slide-snippets/local-data-flow.rst +++ b/docs/codeql/ql-training/slide-snippets/local-data-flow.rst @@ -112,7 +112,7 @@ So all references will need to be qualified (that is, ``DataFlow::Node``) A **module** is a way of organizing QL code by grouping together related predicates, classes, and (sub-)modules. They can be either explicitly declared or implicit. A query library implicitly declares a module with the same name as the QLL file. For further information on libraries and modules in QL, see the chapter on `Modules `__ in the QL language reference. - For further information on importing QL libraries and modules, see the chapter on `Name resolution <>`__ in the QL language reference. + For further information on importing QL libraries and modules, see the chapter on `Name resolution `__ in the QL language reference. Data flow graph =============== From 64fcbe05c3ea6c71255f90d47debafa6ecc149bb Mon Sep 17 00:00:00 2001 From: shati-patel <42641846+shati-patel@users.noreply.github.com> Date: Mon, 27 Sep 2021 18:50:59 +0100 Subject: [PATCH 12/12] Docs: Fix inconsistencies in sphinx config files --- docs/codeql/ql-training/conf.py | 2 +- docs/codeql/support/conf.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/codeql/ql-training/conf.py b/docs/codeql/ql-training/conf.py index 7514f9798f1..1c36b806de1 100644 --- a/docs/codeql/ql-training/conf.py +++ b/docs/codeql/ql-training/conf.py @@ -47,7 +47,7 @@ import sys import os def setup(sphinx): - sys.path.insert(0, os.path.join(os.path.dirname( __file__ ), '..')) + sys.path.insert(0, os.path.join(os.path.dirname(__file__), os.path.pardir)) from qllexer import QLLexer sphinx.add_lexer("ql", QLLexer()) diff --git a/docs/codeql/support/conf.py b/docs/codeql/support/conf.py index 040ef112d30..9e650e30193 100644 --- a/docs/codeql/support/conf.py +++ b/docs/codeql/support/conf.py @@ -69,9 +69,9 @@ html_theme_options = {'font_size': '16px', 'body_text': '#333', 'link': '#2F1695', 'link_hover': '#2F1695', - 'font_family': 'Inter,-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Segoe UI Symbol;', 'show_powered_by': False, 'nosidebar':True, + 'head_font_family': '-apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji"', } html_favicon = '../images/site/favicon.ico'