Go: Add library overview.

Also deprecated the `httpOrHttps` predicate, which was now only used in one place and seemed a little pointless anyway.

change-notes/1.24/analysis-javascript.md

@@ -10,15 +10,16 @@
 - The analysis of sanitizer guards has improved, leading to fewer false-positive results from the security queries.
 
 * Support for the following frameworks and libraries has been improved:
-  - [react](https://www.npmjs.com/package/react)
-  - [typeahead.js](https://www.npmjs.com/package/typeahead.js)
-  - [Handlebars](https://www.npmjs.com/package/handlebars)
   - [Electron](https://electronjs.org/)
+  - [Handlebars](https://www.npmjs.com/package/handlebars)
+  - [Koa](https://www.npmjs.com/package/koa)
   - [Node.js](https://nodejs.org/)
   - [Socket.IO](https://socket.io/)
-  - [ws](https://github.com/websockets/ws)
   - [WebSocket](https://developer.mozilla.org/en-US/docs/Web/API/WebSockets_API)
-  - [Koa](https://www.npmjs.com/package/koa)
+  - [http2](https://nodejs.org/api/http2.html)
+  - [react](https://www.npmjs.com/package/react)
+  - [typeahead.js](https://www.npmjs.com/package/typeahead.js)
+  - [ws](https://github.com/websockets/ws)
 
 ## New queries
 

docs/language/learn-ql/go/ql-for-go.rst

@@ -1,10 +1,18 @@
 CodeQL for Go
 =============
 
+.. toctree::
+   :glob:
+   :hidden:
+
+   introduce-libraries
+
 This page provides an overview of the CodeQL for Go documentation that is currently available.
 
 -  `Basic Go query <https://lgtm.com/help/lgtm/console/ql-go-basic-example>`__ describes how to write and run queries using LGTM.
 
+-  :doc:`Introducing the CodeQL libraries for Go <introduce-libraries>` introduces the standard libraries used to write queries for Go code. There is an extensive CodeQL library for analyzing Go code. This tutorial briefly summarizes the most important classes and predicates provided by this library.
+
 
 Other resources
 ---------------

javascript/ql/src/semmle/javascript/frameworks/HTTP.qll

@@ -119,8 +119,11 @@ module HTTP {
   }
 
   /**
+   * DEPRECATED: Use `http` or `https` directly as appropriate.
+   *
    * Gets the string `http` or `https`.
    */
+  deprecated
   string httpOrHttps() { result = "http" or result = "https" }
 
   /**

javascript/ql/src/semmle/javascript/frameworks/NodeJSLib.qll

@@ -42,7 +42,18 @@ module NodeJSLib {
    * Holds if `call` is an invocation of `http.createServer` or `https.createServer`.
    */
   predicate isCreateServer(CallExpr call) {
-    call = DataFlow::moduleMember(HTTP::httpOrHttps(), "createServer").getAnInvocation().asExpr()
+    exists(string pkg, string fn |
+      pkg = "http" and fn = "createServer"
+      or
+      pkg = "https" and fn = "createServer"
+      or
+      // http2 compatibility API
+      pkg = "http2" and fn = "createServer"
+      or
+      pkg = "http2" and fn = "createSecureServer"
+    |
+      call = DataFlow::moduleMember(pkg, fn).getAnInvocation().asExpr()
+    )
   }
 
   /**
@@ -356,10 +367,12 @@ module NodeJSLib {
   /** An expression that is passed as `http.request({ auth: <expr> }, ...)`. */
   class Credentials extends CredentialsExpr {
     Credentials() {
-      this = DataFlow::moduleMember(HTTP::httpOrHttps(), "request")
-            .getACall()
-            .getOptionArgument(0, "auth")
-            .asExpr()
+      exists(string http | http = "http" or http = "https" |
+        this = DataFlow::moduleMember(http, "request")
+              .getACall()
+              .getOptionArgument(0, "auth")
+              .asExpr()
+      )
     }
 
     override string getCredentialsKind() { result = "credentials" }
@@ -881,7 +894,6 @@ module NodeJSLib {
     override string getSourceType() { result = "NodeJSClientRequest error event" }
   }
 
-
   /**
    * An NodeJS EventEmitter instance.
    * Events dispatched on this EventEmitter will be handled by event handlers registered on this EventEmitter.

javascript/ql/test/library-tests/frameworks/NodeJSLib/createServer.js

@@ -1,3 +1,4 @@
 var https = require('https');
 https.createServer(function (req, res) {});
 https.createServer(o, function (req, res) {});
+require('http2').createServer((req, res) => {});

javascript/ql/test/library-tests/frameworks/NodeJSLib/tests.expected

@@ -1,6 +1,7 @@
 test_isCreateServer
 | createServer.js:2:1:2:42 | https.c ... es) {}) |
 | createServer.js:3:1:3:45 | https.c ... es) {}) |
+| createServer.js:4:1:4:47 | require ...  => {}) |
 | src/http.js:4:14:10:2 | http.cr ... foo;\\n}) |
 | src/http.js:12:1:16:2 | http.cr ... r");\\n}) |
 | src/http.js:57:1:57:31 | http.cr ... dler()) |
@@ -51,6 +52,7 @@ test_HeaderDefinition
 test_RouteSetup_getServer
 | createServer.js:2:1:2:42 | https.c ... es) {}) | createServer.js:2:1:2:42 | https.c ... es) {}) |
 | createServer.js:3:1:3:45 | https.c ... es) {}) | createServer.js:3:1:3:45 | https.c ... es) {}) |
+| createServer.js:4:1:4:47 | require ...  => {}) | createServer.js:4:1:4:47 | require ...  => {}) |
 | src/http.js:4:14:10:2 | http.cr ... foo;\\n}) | src/http.js:4:14:10:2 | http.cr ... foo;\\n}) |
 | src/http.js:12:1:16:2 | http.cr ... r");\\n}) | src/http.js:12:1:16:2 | http.cr ... r");\\n}) |
 | src/http.js:57:1:57:31 | http.cr ... dler()) | src/http.js:57:1:57:31 | http.cr ... dler()) |
@@ -72,6 +74,7 @@ test_HeaderDefinition_getAHeaderName
 test_ServerDefinition
 | createServer.js:2:1:2:42 | https.c ... es) {}) |
 | createServer.js:3:1:3:45 | https.c ... es) {}) |
+| createServer.js:4:1:4:47 | require ...  => {}) |
 | src/http.js:4:14:10:2 | http.cr ... foo;\\n}) |
 | src/http.js:12:1:16:2 | http.cr ... r");\\n}) |
 | src/http.js:57:1:57:31 | http.cr ... dler()) |
@@ -103,6 +106,7 @@ test_RouteHandler_getAResponseExpr
 test_ServerDefinition_getARouteHandler
 | createServer.js:2:1:2:42 | https.c ... es) {}) | createServer.js:2:20:2:41 | functio ... res) {} |
 | createServer.js:3:1:3:45 | https.c ... es) {}) | createServer.js:3:23:3:44 | functio ... res) {} |
+| createServer.js:4:1:4:47 | require ...  => {}) | createServer.js:4:31:4:46 | (req, res) => {} |
 | src/http.js:4:14:10:2 | http.cr ... foo;\\n}) | src/http.js:4:32:10:1 | functio ... .foo;\\n} |
 | src/http.js:12:1:16:2 | http.cr ... r");\\n}) | src/http.js:12:19:16:1 | functio ... ar");\\n} |
 | src/http.js:57:1:57:31 | http.cr ... dler()) | src/http.js:55:12:55:30 | function(req,res){} |
@@ -120,6 +124,7 @@ test_ResponseSendArgument
 test_RouteSetup_getARouteHandler
 | createServer.js:2:1:2:42 | https.c ... es) {}) | createServer.js:2:20:2:41 | functio ... res) {} |
 | createServer.js:3:1:3:45 | https.c ... es) {}) | createServer.js:3:23:3:44 | functio ... res) {} |
+| createServer.js:4:1:4:47 | require ...  => {}) | createServer.js:4:31:4:46 | (req, res) => {} |
 | src/http.js:4:14:10:2 | http.cr ... foo;\\n}) | src/http.js:4:32:10:1 | functio ... .foo;\\n} |
 | src/http.js:12:1:16:2 | http.cr ... r");\\n}) | src/http.js:12:19:16:1 | functio ... ar");\\n} |
 | src/http.js:57:1:57:31 | http.cr ... dler()) | src/http.js:55:12:55:30 | function(req,res){} |
@@ -147,6 +152,7 @@ test_RemoteFlowSources
 test_RouteHandler
 | createServer.js:2:20:2:41 | functio ... res) {} | createServer.js:2:1:2:42 | https.c ... es) {}) |
 | createServer.js:3:23:3:44 | functio ... res) {} | createServer.js:3:1:3:45 | https.c ... es) {}) |
+| createServer.js:4:31:4:46 | (req, res) => {} | createServer.js:4:1:4:47 | require ...  => {}) |
 | src/http.js:4:32:10:1 | functio ... .foo;\\n} | src/http.js:4:14:10:2 | http.cr ... foo;\\n}) |
 | src/http.js:12:19:16:1 | functio ... ar");\\n} | src/http.js:12:1:16:2 | http.cr ... r");\\n}) |
 | src/http.js:55:12:55:30 | function(req,res){} | src/http.js:57:1:57:31 | http.cr ... dler()) |