Ruby keyword arguments are represented differently than positional
arguments in the MaD format: they are represented as `Method[key:]`. The
framework endpoints query also returns the name as `key:`, so we can
detect these and format them as such.
This moves the creation of possible method argument options from the
view to the languages. This allows differentiating between the
languages, for example by using `Argument[self]` for Ruby instead of
`Argument[this]`.
This removes the `disabled` prop from the `Dropdown` component. This is
already included in the default HTML props of the `select` component,
so it's not necessary to add it again.
This prevents the creation of duplicate query pack names when creating a
query in the following ways:
- When you have selected a folder, the query pack name will include the
name of the folder. This should prevent duplicate query pack names
when creating queries in different folders.
- When the folder name includes `codeql` or `queries`, we will not
add `codeql-extra-queries-` since that would be redundant.
- After generating the query pack name, we will resolve all qlpacks and
check if one with this name already exists. If it does, we will start
adding an index to the name until we find a unique name.
This will change the skeleton query wizard to detect existing query
packs when creating a skeleton query. This allows the user to create a
query in an existing query pack that is not named
`codeql-custom-queries-{language}`.
This fixes a bug where the method row would not scroll into view when
revealing a method. The problem was that the `DataGridRow` component
on which the `ref` was set is a `display: contents` element, which
does not have a visual representation in the DOM. Therefore, it wasn't
possible to scroll the method row into view. This fixes it by moving
the ref to the `DataGridCell` component of the first column, which is
a normal element.
We shouldn't be directly using the `extLogger` if we have access to the
app logger (either directly or by passing it in as a parameter). This
removes all imports of `extLogger` from the model editor directory.
This adds the ability to generate Ruby models from a database. It uses
the `GenerateModel.ql` query to do this. The query will essentially
return data in the data extensions format, so this will just parse it
and return it as `ModeledMethod` objects.
This adds the current version of the queries for Ruby to the model
editor included queries. This makes it work without needing to check out
a separate branch of the CodeQL repository/submodule. I've removed most
commented out code from the queries, but the other parts should match.
This only makes Ruby available in the model editor when the following
is set in the settings.json (workspace or user) file:
```json5
{
"codeQL.model.enableRuby": true,
}
```
Make the minimum changes necessary for prototype Ruby support in the
model editor.
This consists of:
- Reading/writing modelled methods from/to data extensions in the
dynamic languages format
- Special-casing Ruby in a few places where Java/C# was previously
assumed.
This will use the MaD's definition of a method signature when decoding
BQRS files. This will allow us to change the method signature definition
for dynamic languages.
Before, if you had selected a folder or file within for example
`codeql-custom-queries-java` and selected `java` as the language, it
would create a nested folder within `codeql-custom-queries-java` with
the name `codeql-custom-queries-java`. This is unexpected for the user,
who would expect a new query to be created within
`codeql-custom-queries-java`. This fixes that by checking for this
specific condition. It does not fix it for all scenarios, such as where
the selected file/folder is nested multiple levels deep within the
`codeql-custom-queries-java` folder.
This will change the behavior of the "Create new query" command to
create the new query in the same folder as the first selected item in
the queries panel. If no items are selected, the behavior is the same
as before.
I've used events to communicate the selection from the queries panel to
the local queries module. This is some more code and some extra
complexity, but it ensures that we don't have a dependency from the
local queries module to the queries panel module. This makes testing
easier.
This changes the skeleton query wizard to not prompt for database
download after creating a query by default. Instead, it will show a
message with a button to download a database which will launch the same
prompt.
This will change the "Create new query" command to use the selected
language when creating a new query. If no language is selected, it will
still prompt the user to pick a language.
When calling for example `showAndLogExceptionWithTelemetry`, the stack
trace would be sent to Application Insights, but there was no way to
see the stack trace from within VS Code. This will add the stack trace
to the log by returning it from `fullMessageWithStack` and using it in
the appropriate places.
It is possible to open the model editor without opening a folder, but
this gave an unhelpful error message. This commit adds a more helpful
error message.
When a local query fails (for example, if it is cancelled), it may still
have an evaluation log. We weren't generating evaluation log summaries
in these cases, so the options to view the summary text and to use the
evaluation log viewer would not be available. This fixes it by also
trying to generate the summary in the case of a failed query.
This will ensure that when "Show Evaluator Log (Raw JSON)" is used on a
cancelled query history item, we will still show it if it exists. This
changes the error messages on other cases to be more specific.
This will add the `QueryOutputDir` to the `InitialQueryInfo` and
populate it when creating a local query history item. This will allow us
to open the results directory or show the evaluator log without a
completed query.
This changes the usage data provider tree items to keep a reference to
the method and usage instead of only including their properties in the
tree item. This makes it easier to find the original method and usage
when revealing an item in the tree. It also removes the `getParent` call
in `getTreeItem`.
The main reason for this fix is to ensure
`codeQLModelEditor.jumpToMethod` gets the correct `usage` argument.
It received the tree item before, but now we can actually pass the
usage that was clicked on.
When the GitHub API returns an error for a missing default branch, we
will now show a custom error message. This custom error message includes
a link to the page to create the branch. The error is detected using the
`errors` field on the response that is now being returned.
This makes it possible to decode source maps containing references to
code that is not part of the extension. If it finds any such references,
it will simply not decode the source map and use the original stack
trace instead.
`logFileLocation` was not set after a query finishes running. I don't
know when this bug was introduced. I think it goes as far back as
the refactor to remove the old query server.
This creates new tree item types for methods and usages such that these
can contain references to their parent and children. This allows us to
easily find the parent of a usage and to find the children of a method.
This removes an expensive `find` call in `getParent`.
When opening a library group in the model editor, unmodeled methods
would always be marked as unsaved, even if there were no changes. This
was because the `ModelKindDropdown` component did not properly take into
account that the `kind` for an unmodeled method should be an empty
string. It would always try setting it to `undefined`, which would cause
the method to be marked as unsaved. This fixes it by checking if there
are valid kinds before setting the kind to the first one.
This improves the immutability of the modeling store state by using
TypeScript's readonly types to ensure that state can only be modified
from within the modeling store or when it's copied. This mostly consists
of adding `readonly` to properties and arrays, but this also adds a
`DeepReadonly` type to use in `postMessage` arguments to ensure that
readonly objects can be passed in. `postMessage` will never modify the
objects, so this is safe.
The purpose of this change is to add a command that clears the cache except for predicates marked `cached`.
In contrast, the existing "VSCode: Clear Cache" command clears everything (`--mode=brutal`).
This calls into the query server's `evaluation/trimCache` method;
however, its existing behaviour is to do a database cleanup with `--mode=gentle`.
This is not well documented, and `--mode=normal` would give the desired behaviour.
Accordingly, this approach is dependent on separately changing the backend behaviour to `--mode=normal`.
Other possible amendments to this commit would be to not touch the legacy client
(replacing required methods by failing promises, since the legacy server is fully deprecated already),
or to have less duplication (by introducing more arguments — however,
I'm applying the rule of thumb that >3 copy-pastes are required for the introduction of a deduplicating abstraction).
This fixes a bug where the validation of modeled methods would not
consider the kind of the modeled method, and would therefore give an
error when there was e.g. a neutral sink and a non-neutral summary.
When using the "CodeQL: Install pack dependencies" command, we would
show packs that are located in the package cache or distribution. Since
there are no dependencies to install for these packs, these options are
not useful.
This will filter out any packs that are not in the workspace folders
when showing the quick pick. This should exclude most packs if you are
in a workspace without the `codeql` submodule and should be a lot more
intuitive in those cases. If you are in a workspace with the `codeql`
submodule, it will still show all the packs.
This will change the add button in the method modeling panel to only be
disabled if there is exactly 1 unmodeled method and there are no
unmodeled methods. This should be more intuitive for users since they
are able to see in 1 screen that there is an unmodeled method.
This will respect the user's `saveBeforeStart` setting when running a
variant analysis. This re-uses the existing `saveBeforeStart` function
that is used when running local queries. The default behavior if the
setting is not set is to save all open named files.
This sorts the methods in the methods usages panel the same as in the
model editor. Since this is dependent on the mode, we need to keep track
of the mode in the modeling store, so this also adds a mode field to the
db state.
This fixes three bugs related to the modeling store and view states:
- In the model editor view, when `setModeledMethods` was called, it
would do it on the active database, instead of the database that the
view was showing. This should not result in any visible bugs since the
active database is always the one that is being shown (in theory), but
I can imagine that it could cause issues if showing multiple model
editors next to each other.
- In the method modeling panel, the "reveal in editor" button would
always show the already active model editor. Therefore, if you had
multiple open and were still viewing the method of the first one, it
would always show the second one.
- In the method modeling panel, the same bug would cause the incorrect
modeled methods to be updated.
When selecting a method that has no modeled methods, the modeling state
would not contain an entry for the method signature. This would cause
the `modeledMethods` to be `undefined`, which is not allowed according
to its type.
This change sets the `fullMessage` of the
`showAndLogExceptionWithTelemetry` to include the stack trace. This
makes it possible to find the source of the error rather than only
knowing that a specific error occurred. If the error does not have a
stack trace (which should be rare) the message will be the same as
before.
This converts all remaining extension host code to handle multiple
models per method. The only place where we're using the legacy format
is in the webview and in the boundary between the webview and the
extension host.
This switches all places where we're retrieving some model configuration
to use the `ModelConfig` or `ModelConfigListener` types. This makes it
much easier to mock these settings in tests.
This also adds a listener to the `ModelEditorView` to send the new view
state when any of the settings is changed. This should make it easier
to test settings changes in the model editor without having to re-open
the model editor.
This updates the method modeling panel's view state when the
`codeQL.model.showMultipleModels` setting changes. This will ensure that
the setting updates without needing to restart VS Code since this view
is much harder to restart than the model editor.
This adds a view state to the method modeling panel similar to the
model editor. This will be used to send the state of the show multiple
models feature flag to the webview so this can be used to selectively
show/hide components in the method modeling panel.
This will change the input/output types for modeled methods in the
`modeled-method-fs.ts` file to take in multiple models per method. This
removes the need for conversion functions between this file and
`yaml.ts` files. Instead, the conversion functions are done when calling
any functions defined in `modeled-method-fs.ts` files.
This changes YAML parsing/creating functions for the model editor to
handle multiple models per method. The changes in the actual YAML
handling are fairly small because the format itself already supports
multiple models per method.
I've introduced a few helper functions to convert between the old and
new types. This should only be necessary while we're in the middle of
the transition to the new types and can be removed later. For now,
we'll just take the first model in the array when converting from the
new to the old type. This is a change in the behavior since currently
we always take the last model in the array but this behavior is
undocumented and unsupported, so it should be fine to change it.
Use it for `MultiCancellationToken`. And ensure that adding a
cancellation requested listener to the `MultiCancellationToken` will
forward any cancellation requests to all constituent tokens.
This will reveal a method for which "Review in editor" is clicked in the
model editor view: it will expand the group (library/package) in which
the method is located, scroll to the method, and highlight the method.
If the user clicks anywhere on the page, the highlight will be removed,
but the group will remain expanded.
This will call a method on the correct model editor view when the user
clicks on "Review in editor". This does not yet do anything to the view;
this will be added in a follow-up commit.
This is used for registering which model editor views are currently
active. This will be used to determine which view to send the "reveal
method" command to. It can also be used in the future to limit the
number of instances of the model editor that can be opened for a
database.
This uses the same pattern as variant analyses with a separate interface
for the view to avoid having circular dependencies.
This is a cancellation token that cancels when any of its constituent
cancellation tokens are cancelled.
This token is used to fix a bug in Find Definitions. Previously, when
clicking `CTRL` (or `CMD` on macs) inside a source file in an archive
and hovering over a token, this will automatically invoke the
definitions finder (in preparation for navigating to the definition).
The only way to cancel is to move down to the message popup and click
cancel there.
However, this is a bug. What _should_ happen is that if a user moves
their mouse away from the token, the operation should cancel.
The underlying problem is that the extension was only listening to the
cancellation token from inside `getLocationsForUriString` the
cancellation token used by the Language Server protocol to cancel
operations in flight was being ignored.
This fix will ensure we are listening to _both_ cancellation tokens
and cancel the query if either are cancelled.
This will change the `AbstractWebview` to dispose its tracked objects
(using `this.push`) when the panel is disposed rather than when the
view is disposed. This makes `this.push` actually useful in a view.
Before, the objects would only get disposed when the extension itself
was disposed.
Previously, if there was an explicit restart of the query server (eg-
by changing a configuration setting), then the query server process
would be started twice: once by the `close` handler and once by the
restart command.
By adding the `removeAllListeners` to the dispose method, we ensure that
when the query server shuts down gracefully, there won't be a `close`
listener that is going to restart it a second time if there is a
different way of restarting it.
It seems like Node's native `fetch` implementation isn't quite working
right with Octokit and MSW. This switches to using `node-fetch` like
we're already doing for all other requests (e.g. downloading databases).
This updates the model editor queries to the version that will be merged
into the CodeQL repository. There are some slight changes to the output
format, so we slightly need to change the BQRS decoding of those
queries.
The queries themselves were copied from the two PRs with some minor
additions at the end since these were changes in core CodeQL library
files.
After the upgrade to the correct types for js-yaml, the return type
of `load` is correctly typed as `unknown`. This means that we can't
use the return value directly, but need to validate it first.
This adds such validation by generating a JSON schema for a newly
created typed. The JSON schema generation is very similar to how we do
it in https://github.com/github/codeql-variant-analysis-action.
Before this change and starting with CLI v2.14.3, if you wanted to run
a variant analysis query and the pack it is contained in has at least
one query that contains an extensible predicate, this would be an error.
The reason is that v2.14.3 introduced deep validation for data
extensions. We are not copying the query that contains an extensible
predicate to the synthetic pack we are generating. This means that deep
validation will fail because there will be extensions that target the
missing extensible predicate.
This change avoids the problem by copying any query files that contain
extensible predicates to the synthetic pack. It uses the internal
`generate extensible-predicate-metadata` command to discover which
query files contain extensible predicates and copies them.
* Don't download artifacts for repos with no results
* Remove getVariantAnalysisRepoResult requests for repos with no results
* Run fix-scenario-file-numbering for mrva-problem-query-success scenario
* Update CHANGELOG
When running tests using `--runTestsByPath <some-path>`, the tests were
being run twice because jest-runner-vscode
[resolves test paths](0c98dc12ad/packages/jest-runner-vscode/src/runner.ts (L57-L66)),
while the original arguments were also still passed to Jest. So, the
arguments Jest would receive would look something like
`test/vscode-tests/no-workspace/databases/local-databases/locations.test.ts /Users/koesie10/github/vscode-codeql/extensions/ql-vscode/test/vscode-tests/no-workspace/databases/local-databases/locations.test.ts`
which would cause Jest to run the tests twice. This fixes this by
resolving the paths to their absolute paths, and then removing any
duplicates.
This commit fixes a bug in the extension where the qhelp preview was not
being refreshed after the first time the preview was rendered. The
reason is that vscode will not refresh the markdown preview unless the
original file with the markdown in it is already open in the editor.
This fix will briefly open the raw markdown, refresh the preview and
close the raw markdown.
An upcoming change in the CLI will require that the extensible
predicates that are targeted by a data extension needs to be available
in order for the `resolve extensions` command to succeed.
There are a handful of tests that are failing with this new CLI. This
change will update the tests so that the `codeql/java-all` pack is
available in the tests and ensures they pass.
pick 2db42e3e Pull out createDataExtensionYamls into yaml.ts
pick 52f7cac0 Move saveModeledMethods to a separate file
pick ba27230e Move loadModeledMethods to a separate file
pick c512a11e Split out listModelFiles from loadModeledMethods
pick 752cf8ab Add some tests of listModelFiles
This removes the call type as shown for an unmodelable method. We still
need to decide how to show this information, so this may be added back
in later.
* Move code-tour.ts to /code-tour
* Move qlpack-generator.ts to /local-queries
* Move query-status.ts to /query-history
* Move skeleton-query-wizard.ts to /local-queries
* Add version constraint for Check errors
* Refactor parts of the ideserver out of extension.ts
* Give visibility information to the ide-server.
This allows it to report errors on visible files
eagerly.
This adds a refresh button to the data extensions editor when the
framework mode feature flag is enabled. If you are using framework mode,
you can have multiple tabs of the data extensions editor open in which
you are modeling the library separately from the application. When you
save the library in framework mode, the application mode will not
refresh and show that these calls have been modeled. Rather than using
apply, which might also save all modeled methods, you can now use the
refresh button to refresh the external API usages and whether they are
supported.
This excludes methods defined in tests in framework mode, significantly
cutting down on the number of methods shown that would need to be
modeled.
For C#, this just checks that the file is not a test file, as defined
by the QL library.
For Java, this makes a copy of the internal
[`ModelExclusions.qll`](249f9f863d/java/ql/lib/semmle/code/java/dataflow/internal/ModelExclusions.qll)
file to avoid the use of internal modules. This module will tell us
whether a method is "interesting" to model or not. Not all of the checks
in this module need to happen for framework mode, but these checks might
be useful for telling a user whether a method is interesting to model
in application mode.
This makes the method name and parameters in framework mode a link to
the definition of the method. In framework mode, the `usages` contains
1 element, which is the location of the definition of the method.
Therefore, we can simply use `jumpToUsage` to jump to the definition.
Similar to https://github.com/github/vscode-codeql/pull/2553, this
changes the C# query to correctly report the name of nested types. I
couldn't find a `nestedName` method for C#, so this adds one in the
`AutomodelVsCode` library.
C# seems to use `+` as a separator for nested types, as reported by
`getQualifiedName()`:
```
GitHub.Nested.MyFirstClass+NestedClass
```
The `getApiName()` will now report:
```
GitHub.Nested#MyFirstClass+NestedClass.Test()
```
Adds a command to run all queries in a certain folder.
This uses the existing `runQueries` command, which lets you run multiple queries against the selected local database.
We don't have a corresponding command for running multiple variant analysis queries, so I haven't implemented that.
This changes the Java `CallableMethod.getApiName()` to use `nestedName`
instead of `getSourceDeclaration`. `getSourceDeclaration` would return a
`RefType`, on which the `toString()` method returns its `getName`().
However, for nested types this wouldn't work and wouldn't include the
enclosing type. This fixes it by using `nestedName` which matches the
method that is also used for determining whether a type matches an
extensible predicate.
* Add version constraint for quick-eval-count
* Add quick eval count context.
* Add support for running quick-eval-count from the command pallete
* Adjust name for quick-eval-count-queries
* Add changenote for quick-eval-count.
* QuickEval:Address review comments
* Fix rebase conflict in changelog
This refactors the data extensions editor queries to use a new
`AutomodelVsCode` module. This module is based on the `ExternalApi`
module, but is more general and can be used for retrieving public
methods from the source as well. The actual conditions are now in the
queries themselves.
This reduces the duplicated module in the framework mode query and will
mean that when we update the `ExternalApi` module, we will just have to
port it to the `AutomodelVsCode` module, and not to the `ExternalApi`
and a separate framework mode query.
This changes the sorting of the methods sent to LLM to match the order
shown in the data extensions editor. This will ensure that the methods
which are shown first in the data extensions editor are also modeled
first.
This will allow users to override the default directory in which
extension packs are created by using the
`codeQL.dataExtensions.extensionsDirectory` setting. This setting can be
overriden per language, so the user could create the following
configuration to set the extension pack setting for Java only:
```json
"[java]": {
"codeQL.dataExtensions.extensionsDirectory": "/Users/user/github/vscode-codeql-starter/codeql-custom-queries-java",
}
```
This will remove the user input for a model file and will instead create
1 model file per library (JAR/DLL). The model filename will be based on
the JAR/DLL name, but will remove the version number and the file
extension. It will also normalize the name.
These files will be created automatically, and the editor now also reads
in all files contained in an extension pack to read the modeled methods.
This could result in duplicates if the user has created a different file
to contain the same modeled methods, but this is an edge-case that we're
explicitly not handling.
The `logging` part of `common` was exported in `common/index.ts` and
could be imported by importing `common`. I don't think this makes a lot
of sense, so I removed it.
The `common/logging/index.ts` also contained exports of the
`common/logging/vscode` directory, which means that importing
`common/logging` automatically brings in the `vscode` module. This
removes that export, so now there are two separate imports needed for
importing the common part and the `vscode` specific part. This should
make it easier to keep them separate and be more explicit about what
you're importing.
This will change how extension packs are named in the data extensions
editor. Before, the user had to pick a workspace folder and a name for
the extension pack. Now, the workspace folder will be picked
automatically if we can detect it (i.e. it follows the naming structure
we expect), or the user will still need to select it. The extension pack
name is always auto-generated based on the database name and the
database language.
This adds a new `codeQL.dataExtensions.disableAutoNameExtensionPack`
setting to disable this behavior while we are still working on changing
how the data extensions editor works.
This adds a new library column to the data extensions editor containing
the JAR or DLL file the method is defined in. This will be used to group
methods by library in the future. For now, it just shows in a column.
See https://github.com/github/vscode-codeql/pull/2490#discussion_r1226437598
for more explanation. This will make the class more useful for future usecases
where we don't want the behaviour of only calling update when there isn't
another refresh scheduled. I also think it doesn't negatively affect other
users such as the query test discovery. The effect should be that we'll see
more updates to the UI. These updates will get overwritten quickly, but they
are all genuine snapshots of the filesystem at the point the discovery process
ran, so they aren't incorrect, or aren't more incorrect than continuing to show
the old state before any discovery ran.
To increase the use of the `app` logger, this replaces the direct use of
`extLogger` by the `app.logger` where possible. This should not change
the behavior since the `extLogger` is the logger used by the `app`.
This moves the `showAndLog` family of functions to the `common/logging`
directory. It explicitly moves the `showAndLogExceptionWithTelemetry`
function to the `common/vscode/logging.ts` file because it still has a
dependency on the `telemetryListener`, which depends on the `vscode`
module.
It seems like some CLI tests are hanging and only completing after 6
hours when they run into the default timeout. This updates the timeout
to 30 minutes. All CLI tests should complete in 30 minutes, so this
should ensure that they are cancelled when they are stuck.
This moves the Webview HTML generation used by `AbstractWebview` out of
`interface-utils.ts` and into a new file `webview-html.ts` in the
`common/vscode` directory.
When packaging an extension pack, unscoped extension pack names are not
allowed and calling `codeql pack bundle` will fail with an error. This
command will be called when running a variant analysis, so these packs
will not work for a variant analysis.
To improve the user experience, we now only allow scoped extension pack
names. This means that the user will now have to enter a scope when
creating a new extension pack.
This option was used to ignore source archives for `.testproj`
databases. It is only set to `true` or `false` when creating the
database and could not be changed, so I don't think we need this option.
It can simply be derived from the database URI. This simplifies handling
of databases a bit.
This moves the `refresh` method from `DatabaseItem` to `DatabaseManager`
and makes it private. This makes the `DatabaseItem` interface smaller
and more focused and ensures that `refresh` cannot be called from
outside of the `DatabaseManager`.
This will allow us to implement specific behavior on the
`DatabaseItemImpl` which is not available on the `DatabaseItem`. This
will allow us to make the surface area of the `DatabaseItem` smaller.
Generated variant analysis packs will use the original name
of the pack that the query is located in. This is to support
some future work where we do extra validation of data extensions.
If the query is not in a pack, the default name is used.
This adds a warning when the user is using an unsupported version of the
CodeQL CLI. The warning is shown once per session, and only if the
version is older than the oldest supported version.
When the user filters the repositories, the buttons should reflect that
the results are filtered and that the user is not exporting or copying
all the results. If the user has selected repositories, the buttons
should still say that they are exporting selected results.
This changes the text of the export/copy buttons on a variant analysis
when at least one repository is selected. This makes it more clear that
the user is only exporting/copying the results of the selected
repositories.
The compare view typically works by matching the results sets of
queries. It only allows the results sets of queries with identical
names to be compared.
Manually run queries use `#select` as the default result set. However,
quick eval queries use a different, generated, name. Therefore, these
two kinds of queries cannot be compared.
This commit changes the heuristics so that if there are no identical;y
named results sets, the first result set of each query that is prefixed
with `#` is used (this is the default result set).
It also makes a slightly nicer error message if there are no comparable
results sets.
The data extensions editor was always setting the `provenance` field of
MaD to `manual`. This will change the `provenance` to be either
`editor-manual` (for models which were added by the user),
`df-generated` (for models generated by the dataflow generator), and
`df-manual` (for models generated and then edited). This makes it easier
to trace the origin of a model.
This will change the data extensions editor generator to resolve the
queries based on the `modelgenerator` tag. This removes the requirement
of having a `ql` folder in the workspace.
I chose to use the path instead of the `id` for now to avoid having to
resolve the query 4 times. This also avoids the need to map the language
names to the language ID in the tag (i.e. `csharp` -> `cs`).
* Log stdout when servers are terminated with errors.
This logs the last stdout chunk (probabaly the last line) if things
went wrong. This can sometimes be useful for debugging.
It also prints the signal when killed by a signal
(rather than printing null)
* Restart/Abort the queryserver if the process dies.
This cancels any running tasks and gives a limited number of restarts.
* Update extensions/ql-vscode/src/codeql-cli/cli.ts
Co-authored-by: Andrew Eisenberg <aeisenberg@github.com>
* Update extensions/ql-vscode/src/query-server/query-server-client.ts
Co-authored-by: Andrew Eisenberg <aeisenberg@github.com>
---------
Co-authored-by: Andrew Eisenberg <aeisenberg@github.com>
`url.parse` is deprecated and should be replaced by the WHATWG URL API,
so this makes that change. The `protocol` and `host` properties are
unchanged, so no other changes are needed.
This will make both the `askForLanguage` and `findLanguage` functions
return a `QueryLanguage` instead of a `string`. This will make it harder
to make mistakes when using these functions.
There are also some other changes with regards to `QueryLanguage` such
that we never need to use `as QueryLanguage` explicitly anymore, except
for the new `isQueryLanguage` function. The only remaining place that I
know of where we're using a `string` to represent the `QueryLanguage`
is in a database item's language, but this is harder to change and may
be relied upon by language authors.
This will suppress showing the same error message when monitoring the
variant analysis fails multiple times in a row. This is useful when
e.g. the internet is disconnected or the endpoint is non-functional for
any other reason.
This will show the error message at least once, and then only show it
if there has been a successful attempt in between or when the error
message is different. This should result in a much less noisy
experience.
For `@kind problem` queries, it seems like the BQRS contains four
result sets: `edges`, `nodes`, `subpaths`, and `#select`. The user is
probably interested in the results of `#select` since that contains the
direct result of the query. This changes the extraction of raw (BQRS)
results to always prefer `#select` over any other result set. If it
can't find a result set named `#select`, it will fall back to the first
result set in the BQRS like before.
After some bit of refactoring, the templates are no longer being
passed to the CFG viewer and this is preventing the viewer from
running.
This change fixes it.
An internal option to help library authours to run and debug
the find references and find dependencies contetextual queries
without relying on the implicit cache.
I initially started defining an enum, but I'm not able to import it in package.json,
where the list of options is defined (under `codeQL.createQuery.autogenerateQlPacks`).
This was only a problem for the new test UI, because the third-party Test Explorer extension we used before must have had this filter in its implementation.
When running "Create Query", if the user escapes out of the language quickpick we don't need to throw an error. Instead we can just show a `UserCancellationException` notice.
We were only clearing the pack cache when a pack file was modified. When
using a script to create a new pack, the pack file is created at once
without a change event firing. This will change the behavior to also
clear the pack cache when a pack file is created or deleted.
And add tests to check this.
I've had to adapt the existing `findExistingDatabaseItem` method
so receive params so that I'm better able to send it a language
and a list of database items.
Offer non-codespace users the option to configure their storage folder for skeleton packs.
Suggested here:
https://github.com/github/vscode-codeql/pull/2310#issuecomment-1507428217
At the moment we're choosing to create our skeleton packs in the first
folder in the workspace.
This is fine for the codespace template because we can control the
folder structure in that repo.
For users outside of this we'd like to offer them the option to choose
where to save their skeleton packs.
After some testing of the wizard with a single rooted workspace
(`github/code-scanning`) we discovered a general VSCode extension
bug whereby after we download a database, we don't select it.
This isn't an issue in the wizard, but it does affect us as it means
we'll generate the QL pack, download the db for you but then you won't
know that we haven't selected your database.
So let's make sure our flow works for this case by explicitly selecting
the database once it's downloaded.
We've noticed by testing that we need to set the current database item
before we call `addDatabaseSourceArchiveFolder()`. Once that method is
called, the call to `setCurrentDatabaseItem()` is ignored.
We've had to make some changes to the openDatabase() method to select
a database item by default, since most places where we call `openDatabase()`
also immediately select the item.
There is one exception [1] in the test-runner.ts file, where we set the
current database item under special conditions.
For this reason, we've made the behaviour configurable and tried to add
some descriptive naming to the params so that it's easy to understand
what the config is doing.
[1]: 4170e7f7a7/extensions/ql-vscode/src/test-runner.ts (L120-L124)
This removes the link to the model file when it does not exist. It will
still show the filename of the model file. When clicking on "Apply", it
will refresh whether the model file exists after writing the file.
This fixes an issue where we would download a database every time
we create a new QL pack. Sometimes, a database is already available
so let's always check for it, regardless of the existence of a QL
pack.
This will filter the extension packs shown to the user when selecting an
extension pack to use in the data extension editor to only include the
extension packs that are compatible with the language of the database
item.
Unfortunately, this required quite some changes to the tests to ensure
the extension packs are actually setup properly since it's now reading
the extension pack files.
This will add the extension pack name to the data extensions editor and
allow the user to click on it to go to the folder of the extension pack
in the explorer panel.
This adds the model filename to the data extensions editor and will also
allow the user to go to the model file by clicking on the filename.
This also updates the general UI to be somewhat more compact by moving
the modeled percentages to be below the header in 1 line.
When you have just created a model file using the quick picker/input
box, the data extension editor will try to read it and fail with an
error message. This adds a check to ensure the model file exists and if
it doesn't, it will not try to read in the file.
This should always be safe since the model file picker will only allow
you to select existing files.
This will not allow the user to open the data extensions editor for a
database if it is not one of the supported languages. The supported
languages is a list of `string` rather than a list of `QueryLanguage`
because a database item's language is also a `string`.
There were still some places where we were hardcoding Java in the data
extension editor. This changes these places to use the database item
language instead.
This commit addresses various test flakiness:
1. Bump timeouts for queries tests
2. Add a dispose handler to queryserver-client. This will help us during
tests because if there is a test that timesout while a query is
running, the query's progress callback won't be invoked. We will
still get a timeout error in the first test, but the second test will
not get a spurious error.
3. Handle a disposed query server in `deregisterDatabase`. This method
will remove the database from the currently running query server.
If there is no query server, then there is nothing to remove. So,
this error is safe to ignore.
4. Explicitly `end()` a connection `ServerProcess`. I'm not 100% sure if
this is necessary, but it seems like it prevents responses from being
handled and erroring out.
5. Better handling of ideServer restarts. Previously, if you quickly
called `CodeQL: Restart Query Server` twice in a row, you would get
an error from the ideServer restart. Restart fails if the server is
not already started. So, in this case just call a start.
We've made an exception to fetch the parent folder when we're
in the vscode-codeql-starter workspace.
We'd like to make this more specific so that it doesn't interfere
with other repos.
When running Create Query in the codespaces-codeql repo, it successfully
creates codeql-custom-queries-xxx as a subfolder of the first workspace
folder, and then adds a database. After the database gets added, we get
prompted with this message:
```
We've noticed you don't have a CodeQL pack available to analyze this
database. Can we set up a query pack for you?
```
which would try to create another QL pack.
Since we're no longer pushing QL packs as top level folders in the
workspace when we use the new "Create Query" flow, we also need to adapt
the original flow to take into account subfolders.
Just as a reminder, the original flow is:
- Be in the codespace template
- Download a database from GitHub
- The extension will offer to create a QL pack for the database
The new flow:
- Run the "Create Query" command
- Choose a language
- Create a QL pack
- Download a database for it
In the new flow the last step of downloading a database would trigger
the extension to offer to create a QL pack.
Let's fix this by detecting subfolders as well and exiting early.
This sets a default timeout of 3 minutes on CLI integration tests. This
is because these tests call into the CLI and execute queries, so these
are expected to take a lot longer than the default 5 seconds. This
allows us to remove all the individual `jest.setTimeout` calls with
different values from the test files.
Set the CLI version in the telemetry listener whenever the version
changes.
A few things to note here:
1. In `CliServer::getVersion()`, avoid calling `supportsPerQueryEvalLog`
directly. This avoids a recursive call to `CliServer::getVersion()`.
Currently, it's always safe to do this, but I thought that it would
be good to avoid recursion here in case we change things in the
future.
2. Now, we are sending the CLI version with all telemetry events.
This adds the external API query text to the extension directly to avoid
users having to copy the query to their local `codeql` submodule or
having to checkout a specific branch.
This is a temporary solution until the queries are stabilized. Once they
are, we will upstream these to `github/codeql` and use them like other
contextual queries.
Since this is just a temporary solution, this is not the prettiest code
and is not intended to be a long-term solution. It does not do proper
caching and will create a new temporary directory for every query run.
The performance hit of this is acceptable and expected.
When we create a skeleton query, we check whether you already have an
existing database with the same name (e.g. `github/codeql`). If we can't
find one, we also check for an existing database with the same language.
If we find one, we select it instead of downloading a new database.
Here we're filtering out databases with errors.
In the original flow for creating skeleton packs, we were starting out
by choosing a database (e.g. github/codeql) and having the extension
create the QL pack for us.
At that point, we were storing the QL pack together with the database in
the extension storage because we weren't interested in committing it to
the repo.
This means we weren't able to see it in the file explorer so in order to
make it visible, we decided to push it as a top-level folder in the
workspace.
Hindsight is 20/20.
Let's change this original flow by just creating the folder in the
workspace storage instead of the extension storage (which will make it
visible in the file explorer) and stop pushing it as an extra top level
folder in the workspace.
NB: For this flow, we exit early in the `createSkeletonPacks` method if
the folder already exists so we don't need to check this again.
This adds the CLI version to telemetry command-usage events.
Note that the CLI server is created after the telemetry listener is
created. The first few telemetry events may have a "not-set" value for
the CLI version.
This changes the kind input from a text field to a dropdown in the data
extensions editor. The supported values for each extensible predicate
are based on what is currently in-scope for the documentation. Other
kinds are not supported.
The supported kinds are now stored on the
`extensiblePredicateDefinitions` to make it easier to add new kinds in
the future.
We now use `fsPath` instead of `path`.
Note: I haven't yet fixed the tests, nor checked manually on mac/linux
Tangential change: we now use the `dirname` method, instead of manually splitting paths to get a parent folder.
The `getFirstStoragePath()` method would break on windows:
```
Path contains invalid characters: /c:/git-repo/codespaces-codeql (codeQL.createSkeletonQuery)
```
This makes sense, since we're looking to get the parent folder by splitting for `/`.
In windows, paths use `\` instead of `/`.
So let's detect the platform and add a test for this case.
To be consistent with other database item search methods, we're renaming
ours:
`digForDatabaseItem` -> `findDatabaseItemByNwo`
and
`digForDatabaseItemSameLanguage` -> `findDatabaseItemByLanguage`
At the moment, we're always deciding which database to download for the
user for an example query.
We'd like to give them a chance to change the database, so here we're
adding a step where we're showing the user a selection box with the
suggested database pre-filled.
They can choose to type in a different database before continuing the
skeleton generation process.
We'd like to select an existing database for our query, if on is
already downloaded and matches the query language.
Previously we were re-using the database if the language and name
matched (e.g. the name would be `github/codeql`).
When we try to determine the next file name for our example query,
we only look at `example<n>.ql` files.
e.g. if the files in the folder are:
- `example.ql`
- `example2.ql`
- `MyQuery.ql`
we will create an `example3.ql` file.
Previously we were counting all existing `.ql` files.
We've now added more tests and pushed the total duration over 5 seconds
for all the tests in this file.
This limitation seems to be a recent development where files with tests
that last longer than 5 seconds start failing in jest.
We're bumping the timeout limit to 40 seconds for now.
We initially defined the default database to download as one from the
`github/codeql` repo as it was convenient.
However, this repo doesn't have a lot of vulnerabilities to discover.
Let's use repos that are in our MRVA top 10 list to allow users to
write more interesting queries.
We set up the "Create Query" command with the assumption that
the first folder in the workspace is the parent folder.
This is true for the `codespaces-codeql` repo where we expect
to use this command.
However, for the `vscode-codeql-starter` repo, the top level
folders are QL packs:
- codeql-custom-queries-cpp
- codeql-custom-queries-ruby
... etc.
In order to make the command work for people using the starter
repo, we'll need to introduce a check for these QL packs when
we decide the storage path.
The end goal is to replace the starter workspace completely
with the codespaces-codeql repo, so this code can be removed
in the future when we retire the repo.
Until then, the command will need this to be able to work in
both starter workspaces.
We offer `github/codeql` as a repo to use for downloading databases
for our skeleton pack.
Once the repo is specified, the user is prompted to choose a language.
At this point, we already know what language the user wants, so let's
change the `downloadGitHubDatabase` and `convertGithubNwoToDatabaseUrl`
methods to accept a language parameter.
We check if the language is in the list of languages received in the
response. If it isn't, we still prompt the user.
This will be triggered by a "Create Query" command.
It will:
- prompt the user for a language
- create a skeleton pack based on the language chosen
- download a database for the QL pack
- open the new query file
If the skeleton pack already exists, we just create a new query file
in the existing folder.
If the database is already downloaded, we just re-use it.
We introduced this QlPackGenerator a while ago. It always creates an `example.ql` query file as part of the skeleton pack.
We'd like to set the name of the query file, since we'll allow the user to create queries multiple times in the same skeleton pack folder.
The folder will be named `codeql-custom-queries-${language}` and will first receive an `example.ql` file.
If the user then tries to create a new query for the same language, we'll just create an `example2.ql`, `example3.ql` etc. file in the existing folder.
We'll use this to check whether a database for our ql pack already exists.
While there are other methods that search for a database item by URI, we
only have a language chosen by the user and an nwo ("github/codeql").
So let's introduce a way to search for the db based on the information we
have.
We plan to ask the user to choose a language, before attempting
to download a corresponding database for them.
The functionality already exists, so let's re-use it.
This was nested in a method that included prompting the user for a
github repo.
We'd like to re-use this to download a database of our choice from
GitHub, based on which language a user chooses.
This will allow a user to create a new model file in an existing data
extension when opening the data extension editor. There is some
validation on the name of the model file, which depends on reading in
the qlpack.
This adds a pickable model filename from an existing extension pack to
the data extensions editor. This allows the user to edit one of their
existing data extensions. This does not yet add the ability to create
new extension packs and/or new model files.
This uses the `codeql resolve extensions` command to get the list of
available model files. This should be available in all CLI versions
which the data extensions editor supports.
The data extension editor was only using the default data extensions
found in the `ql` submodule to find external API calls. This will add
support for using data extensions found in the workspace.
Rather than using the `codeQL.runningQueries.useExtensionPacks` setting,
this will always include data extensions since the editor doesn't make
sense to use without data extensions. We will also forbid the user from
opening this view unless they are using a CLI which supports data
extension packs.
We were using a single-use class for generating the flow model, while we
are actually able to do it using two functions. This is more in line
with our existing codebase.
This fixes the "Webview is disposed" error which occurs when the user
closes the variant analysis webview while the extension is still
activating. We will now check whether the webview is disposed before
restoring the view.
This was pointed out by CodeQL: when calling `setState` and using
`this.props`, it may not be up-to-date because `setState` may run
concurrently. Therefore, we should use the `setState` callback variant
to ensure we get the latest props.
This refactors the code a bit to ensure we're not using `this.props`
anywhere, including in the `getResultSets` function which is called
in the `setState` callback.
When updating to React 18, we removed the loading step from the updating
of the state of the result view since React would batch the updates
anyway. However, this caused a bug where the result view would be empty
when switching between queries. This is because the result view would
retain the old selected result set name. This would not happen
previously because React would re-render the view at least once, which
would cause the result view to be unmounted and re-created.
This fixes it by resetting the selected result set if we can't find the
result set in the new result sets.
The default Storybook Babel config did not recognize the `public`
keyword in our custom errors (e.g. `ExhaustivityCheckingError`
and `RedactableError`). To fix this, we can use Storybook's V7 mode to
supply a custom Babel config. This fixes the compilation error.
See: https://storybook.js.org/docs/react/configure/babel
This adds tests for the external API query and retrieving of results. It
does not use the "real" CLI integration, but instead mocks the CLI
server and query runner.
To make mocking easier and require less type casting, I've narrowed some
of the arguments of some other functions. They now use `Pick` to only
require the properties they need.
The version of ts-jest we were using was given a warning that it did
not support TypeScript 5, even though it was working fine. The latest
version of ts-jest adds official support for TypeScript and removes the
warning.
This loads in the existing data extension YAML file for the selected
database. It only supports the filename we save it to, and will not load
it from any other data extension YAML files.
This adds the ability to save the modeled methods in the data extensions
editor to a YAML file named after the database name. It will save it to
the `ql` submodule for now. Support for data extension packs will be
added later.
This updates the view of the data extensions editor to show a table of
possible sources/sinks/flow summaries that can be edited. It's not yet
possible to save the changes or load the existing file.
This upgrades Storybook to an alpha version to ensure we can start
Storybook when using TypeScript 5.0. This is temporary until we can
upgrade to Storybook 7 or to a released version of 6.5.17.
This adds a really simple regression unit test for the results view
which checks that the results view can render a SARIF file. This is
in preparation for the upgrade to React 18 to ensure that we don't
break the basic functionality of the results view.
This will improve the error message shown when monitoring fails. Instead
of showing "Error while monitoring variant analysis: Not Found", this
will now show "Error while monitoring variant analysis "Empty block
(javascript) [29/3/2023 10:45:10]: Not Found". This should make it
easier for the user to figure out which query history item is
problematic.
We're not using the full query history item label here because that
would require access to the query history item, which we don't yet have
here. Adding it here would add a dependency on the query history, which
seems undesirable.
We were ignoring errors coming from `vsce publish` and this was causing
the workflow to succeed even when the publish failed. This will remove
the `||` and let the workflow fail if the publish fails.
The `glob` package now uses promises in version 9, so we don't need the
separate `glob-promise` package anymore.
This also updates one call site to use `cwd` instead of `join` to
avoid possible issues due to a breaking change in version 8 which treats
Windows path separators differently. By changing the `cwd`, we should
not run into these issues.
Removing the `resolutions` of `glob-parent` did not change the
`package-lock.json`, so this does not have any effect on the package
version we are using.
We introduced this change to help with reducing flakiness in CI [1].
This has a slightly different effect locally, where every failed test
will output three times.
This in turn makes it harder to read, especially when you have multiple
failing tests.
Since the original intent for this behaviour was to be used in CI, I'm
proposing we disable it when the CI env variable isn't set.
I've opted to set it for all jobs involving tests, just for consistency.
I'm happy to limit it to just the places where it's required.
[1]: https://github.com/github/vscode-codeql/pull/2059
This adds support for detecting the `CommandManager.execute` method in
the unique command use query.
This may not be the best way to implement this. There's a method
`hasUnderlyingType` on `this.getReceiver().getType()`, but I couldn't
really figure out how to get it recognize `CommandManager`. It might be
possible if we can construct the type of `CommandManager`, but this will
probably include the filepath to the `CommandManager` class, which might
not neccessarily be something we want: moving the `CommandManager` class
should not require updating the query. I'm very happy to hear other
suggestions.
The `commandRunner` name doesn't really make sense since it doesn't
"run" a command, but rather registers a command. This renames it
to `registerCommandWithErrorHandling` and moves it to the
`common/vscode` directory.
The `codeQL.checkForUpdatesToCLI` command is registered pre-activation,
and we don't really want to create the command manager before
activation, so this will just add the correct type without registering
it using the command manager.
The command manager types didn't fully support commands defined with
`Partial` because it deduced that the command function was `undefined`
when the function was not defined. However, if the command is not
present, the command registration will not be called. This fixes the
types by specifying that the command definition will never be
`undefined`.
This class seems to have been introduced at some point to reduce the
dependency on VS Code from the test UI service. However, none of its
methods are being used anymore, and by using typed commands we have
already reduced the dependency on VS Code. Therefore, we can simply
remove this class.
We attempted to specify exactly which URI we're expecting here.
However, `Uri.parse` behaves differently in the test than it does in
the code so we've inadvertently created a flakey test [1]. The URI we
generate in the test has a `scheme: 'c'` while the one in the code has
a `scheme: 'C'` property.
This only happens on windows, not ubuntu.
Let's narrow the comparison to just the path of the URI.
[1]: https://github.com/github/vscode-codeql/actions/runs/4478429334/jobs/7871178529#step:7:231
Some of the methods in the `DatabaseUI` were public because they were
used in the `extension.ts` file. We have moved these method calls into
this file, so they do not need to be public anymore. We can also get rid
of the separation between some of these methods, so I've moved them into
the function that calls them.
Now that we fixed our expectation in the previous commit, we could see we
were stubbing this to false instead of true.
So now the test is checking the right scenario.
Our expectation was quite narrow: we expect to not call an `openFolder`
command. We didn't specify any params for it, which might mean this
expectation wasn't working like it should.
Let's just check that `executeCommand` isn't called at all.
The local query commands are using a separate logger, and this is not
supported by the command manager because it is quite specific to this
extension. Therefore, we create a separate command manager which uses
a different logger to separate the commands.
We're running this at the extension start-up. We don't want it to block the extension
from completing activation, so let's swallow any errors from the code tour and output
them, instead of letting this affect the rest of the extension activation.
When opening https://github.com/github/codespaces-codeql/ in a
codespace, it's easy to miss the prompt that tells you to open the
tutorial.code-workspace file.
In fact people actively dismiss the alert to get it out of the way.
If you miss that prompt, you end up with a single-rooted workspace,
which causes various other problems.
While there is an open issue to allow VS Code to open a default
workspace [1], there doesn't seem to have been any progress on it
in the last two years.
So we're taking matters into our own hands and forcing the extension
to open the tutorial workspace, if it detects it.
This will only happen if the following three conditions are met:
- the .tours folder exists
- the tutorial.code-workspace file exists
- the CODESPACES_TEMPLATE setting hasn't been set
NB: the `CODESPACES_TEMPLATE` setting can only be found if the
tutorial.code-workspace has already been opened. So it's a good
indicator that we're in the folder, but the user has ignored the prompt.
[1]: https://github.com/microsoft/vscode-remote-release/issues/3665
The local databases UI was essentially the only class which was defining
methods using assignment to a class property rather than using function
definitions and binding them. This switches it to use function
definitions and binding, which is more consistent with the rest of the
codebase.
This change allows the `codeQL.runningQueries.useExtensionPacks`
setting to be respected when running variant analysis queries. When
set to `all`, before uploading the generated query pack, all extension
packs in the workspace will be injected as dependencies into the qlpack
file.
In the results view, `setState` was used to set some state, and then
`loadResults` was called to set some other state. However, `setState`
is asynchronous, so the `this.state` in `loadResults` was not the state
that was set before the call.
This commit fixes it by combining the two `setState` calls into one. The
logic was hard to follow, so I'm not sure if this is the correct fix.
The `shouldKeepOldResultsWhileRendering` state seems to be unnecessary
now since everything is being done in `setState` call, but I'm not sure
about that.
The version of `@primer/react` we were using didn't have the correct
types for the `ThemeProvider`. By upgrading these packages to their
latest versions, all types are correct.
This enables React strict mode which will print extra warnings to the
console when we use certain constructs incorrectly. This does not affect
production builds.
See https://beta.reactjs.org/reference/react/StrictMode
The extension Webpack config does not use `babel-loader`, so we can
remove it as a direct dependency. `babel-loader` is still included in
our `node_modules` because Storybook depends on it, but the version is
now completely managed by Storybook rather than us.
This will make the progress options passed to `withProgress` optional by
moving it to be the second argument and setting a default value for the
`location`. This will make it much easier to use from a variety of
commands.
This removes the `args` from the `ProgressTask` passed to
`withProgress`. The `args` is only used by the
`commandRunnerWithProgress` and can easily be replaced by an anonymous
function that passes the `args` instead. This will simplify the
`ProgressTask` interface and make it easier to use.
The `commandRunnerWithProgress` implementation isn't actually any
different from `commandRunner`, except for the call to `withProgress`
and support for an `outputLogger` argument. Therefore, this will simply
make `commandRunnerWithProgress` a wrapper around `commandRunner`,
removing quite some duplication in the process.
If the user requests that extension packs be included in their MRVA run,
then do the following:
1. Search the workspace for all extension packs
2. Add each extension pack as an explicit and direct dependency on
the generated pack.
It is ok to use `*` as a dependency since we are guaranteed that
exactly one version of each injected extension pack dependency is
available when the pack is being compiled.
If we find multiple paths to an extension pack of the same name, this
is an error since it is ambiguous which path to use.
This will add a check to ensure that `showAndLogExceptionWithTelemetry`
is not called when downloading packs. This expectation is placed before
the check for `showAndLogInformationMessage` so that when the test
fails, the error message will be shown.
We are no longer including our dependencies in the VSIX package, so we
can tell VSCE that we don't want it to look at dependencies using
`--no-dependencies`. If we do this, VSCE doesn't require the
`node_modules` directory anymore and we can skip that step, which will
make building significantly faster.
I've confirmed that there are no changes between the two options by
building the extension both without and with the change. This is the
diff of the two outputs (using `diff -r`):
```diff
diff --color -r vscode-codeql-1.8.0-dev.2023.3.8.15.10.13/extension/package.json vscode-codeql-old/extension/package.json
7c7
< "version": "1.8.0-dev.2023.3.8.15.10.13",
---
> "version": "1.8.0-dev.2023.3.8.15.6.51",
diff --color -r vscode-codeql-1.8.0-dev.2023.3.8.15.10.13/extension.vsixmanifest vscode-codeql-old/extension.vsixmanifest
4c4
< <Identity Language="en-US" Id="vscode-codeql" Version="1.8.0-dev.2023.3.8.15.10.13" Publisher="GitHub" />
---
> <Identity Language="en-US" Id="vscode-codeql" Version="1.8.0-dev.2023.3.8.15.6.51" Publisher="GitHub" />
```
The only difference is the version number, which is expected.
When deleting a query history item and the "next" query is still
running, the `completedQuery` is `undefined`. This commit fixes it by
using optional chaining to ensure that the `completedQuery` is defined
before accessing its `successful` property.
This is definitely not a perfect solution since we're essentially just
moving the place where we're casting. However, because we have manually
made the types similar, this provides some type assurances where there
were none before. This also has the cast in only one place, which makes
it easier to find and fix in the future.
It seems that when we added the CSP policy to the webview, we did not
take into account that `d3-graphviz` uses `@hpcc-js/wasm` to load
Graphviz as a WASM module. This commit adds `'wasm-unsafe-eval'` to the
CSP policy to allow this.
- Add a new config that toggles between using all data extensions or
none.
- If using all data extensions, then before a query evaluation, run a
`codeql resolve qlpacks` command with the new `--kind` option. This
will return a list of extension packs in the workspace.
- Pass these packs to the cli before evaluation/
- This will only work with CLI v2.12.3 (not yet released) or later.
- Also include some CLI tests to ensure this works.
2023-02-10 15:51:07 -08:00
895 changed files with 149961 additions and 56296 deletions
@@ -67,10 +67,7 @@ members of the project's leadership.
## Attribution
This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
[homepage]: https://www.contributor-covenant.org
This Code of Conduct is adapted from the [Contributor Covenant, version 1.4](https://www.contributor-covenant.org/version/1/4/code-of-conduct.html).
For answers to common questions about this code of conduct, see
https://www.contributor-covenant.org/faq
[the Contributor Covenant FAQ](https://www.contributor-covenant.org/faq). For more about Contributor Covenant, see [the Contributor Covenant website](https://www.contributor-covenant.org).
Hi there! We're thrilled that you'd like to contribute to this project. Your help is essential for keeping it great.
@@ -23,7 +23,9 @@ Please note that this project is released with a [Contributor Code of Conduct][c
Here are a few things you can do that will increase the likelihood of your pull request being accepted:
* Follow the [style guide][style].
* Write tests. Tests that don't require the VS Code API are located [here](extensions/ql-vscode/test). Integration tests that do require the VS Code API are located [here](extensions/ql-vscode/src/vscode-tests).
* Write tests:
* [Tests that don't require the VS Code API are located here](extensions/ql-vscode/test).
* [Integration tests that do require the VS Code API are located here](extensions/ql-vscode/src/vscode-tests).
* Keep your change as focused as possible. If there are multiple changes you would like to make that are not dependent upon each other, consider submitting them as separate pull requests.
* Write a [good commit message](https://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html).
@@ -93,214 +95,7 @@ More information about Storybook can be found inside the **Overview** page once
### Testing
We have several types of tests:
* Unit tests: these live in the `tests/unit-tests/` directory
* View tests: these live in `src/view/variant-analysis/__tests__/`
* VSCode integration tests:
*`test/vscode-tests/activated-extension` tests: These are intended to cover functionality that require the full extension to be activated but don't require the CLI. This suite is not run against multiple versions of the CLI in CI.
*`test/vscode-tests/no-workspace` tests: These are intended to cover functionality around not having a workspace. The extension is not activated in these tests.
*`test/vscode-tests/minimal-workspace` tests: These are intended to cover functionality that need a workspace but don't require the full extension to be activated.
* CLI integration tests: these live in `test/vscode-tests/cli-integration`
* These tests are intended to cover functionality that is related to the integration between the CodeQL CLI and the extension. These tests are run against each supported versions of the CLI in CI.
The CLI integration tests require an instance of the CodeQL CLI to run so they will require some extra setup steps. When adding new tests to our test suite, please be mindful of whether they need to be in the cli-integration folder. If the tests don't depend on the CLI, they are better suited to being a VSCode integration test.
Any test data you're using (sample projects, config files, etc.) must go in a `test/vscode-tests/*/data` directory. When you run the tests, the test runner will copy the data directory to `out/vscode-tests/*/data`.
#### Running the tests
Pre-requisites:
1. Run `npm run build`.
2. You will need to have `npm run watch` running in the background.
##### 1. From the terminal
Then, from the `extensions/ql-vscode` directory, use the appropriate command to run the tests:
* Unit tests: `npm run test:unit`
* View Tests: `npm test:view`
* VSCode integration tests: `npm run test:vscode-integration`
###### CLI integration tests
The CLI integration tests require the CodeQL standard libraries in order to run so you will need to clone a local copy of the `github/codeql` repository.
1. Set the `TEST_CODEQL_PATH` environment variable: running from a terminal, you _must_ set the `TEST_CODEQL_PATH` variable to point to a checkout of the `github/codeql` repository. The appropriate CLI version will be downloaded as part of the test.
2. Run your test command:
```shell
cd extensions/ql-vscode && npm run test:cli-integration
```
##### 2. From VSCode
Alternatively, you can run the tests inside of VSCode. There are several VSCode launch configurations defined that run the unit and integration tests.
You will need to run tests using a task from inside of VS Code, under the "Run and Debug" view:
* Unit tests: run the _Launch Unit Tests - React_ task
* View Tests: run the _Launch Unit Tests_ task
* VSCode integration tests: run the _Launch Unit Tests - No Workspace_ and _Launch Unit Tests - Minimal Workspace_ tasks
###### CLI integration tests
The CLI integration tests require the CodeQL standard libraries in order to run so you will need to clone a local copy of the `github/codeql` repository.
1. Set the `TEST_CODEQL_PATH` environment variable: running from a terminal, you _must_ set the `TEST_CODEQL_PATH` variable to point to a checkout of the `github/codeql` repository. The appropriate CLI version will be downloaded as part of the test.
2. Set the codeql path in VSCode's launch configuration: open `launch.json` and under the _Launch Integration Tests - With CLI_ section, uncomment the `"${workspaceRoot}/../codeql"` line. If you've cloned the `github/codeql` repo to a different path, replace the value with the correct path.
3. Run the VSCode task from the "Run and Debug" view called _Launch Integration Tests - With CLI_.
#### Running a single test
##### 1. From the terminal
The easiest way to run a single test is to change the `it` of the test to `it.only` and then run the test command with some additional options
to only run tests for this specific file. For example, to run the test `test/vscode-tests/cli-integration/run-queries.test.ts`:
```shell
npm run test:cli-integration -- --runTestsByPath test/vscode-tests/cli-integration/run-queries.test.ts
```
You can also use the `--testNamePattern` option to run a specific test within a file. For example, to run the test `test/vscode-tests/cli-integration/run-queries.test.ts`:
```shell
npm run test:cli-integration -- --runTestsByPath test/vscode-tests/cli-integration/run-queries.test.ts --testNamePattern "should create a QueryEvaluationInfo"
```
##### 2. From VSCode
Alternatively, you can run a single test inside VSCode. To do so, install the [Jest Runner](https://marketplace.visualstudio.com/items?itemName=firsttris.vscode-jest-runner) extension. Then,
you will have quicklinks to run a single test from within test files. To run a single unit or integration test, click the "Run" button. Debugging a single test is currently only supported
for unit tests by default. To debug integration tests, open the `.vscode/settings.json` file and uncomment the `jestrunner.debugOptions` lines. This will allow you to debug integration tests.
Please make sure to revert this change before committing; with this setting enabled, it is not possible to debug unit tests.
Without the Jest Runner extension, you can also use the "Launch Selected Unit Test (vscode-codeql)" launch configuration to run a single unit test.
#### Using a mock GitHub API server
Multi-Repo Variant Analyses (MRVA) rely on the GitHub API. In order to make development and testing easy, we have functionality that allows us to intercept requests to the GitHub API and provide mock responses.
##### Using a pre-recorded test scenario
To run a mock MRVA scenario, follow these steps:
1. Enable the mock GitHub API server by adding the following in your VS Code user settings (which can be found by running the `Preferences: Open User Settings (JSON)` VS Code command):
```json
"codeQL.mockGitHubApiServer":{
"enabled":true
}
```
1. Run the `CodeQL: Mock GitHub API Server: Load Scenario` command from the command pallet, and choose one of the scenarios to load.
1. Execute a normal MRVA. At this point you should see the scenario being played out, rather than an actual MRVA running.
1. Once you're done, you can stop using the mock scenario with `CodeQL: Mock GitHub API Server: Unload Scenario`
If you want to replay the same scenario you should unload and reload it so requests are replayed from the start.
##### Recording a new test scenario
To record a new mock MRVA scenario, follow these steps:
1. Enable the mock GitHub API server by adding the following in your VS Code user settings (which can be found by running the `Preferences: Open User Settings (JSON)` VS Code command):
```json
"codeQL.mockGitHubApiServer":{
"enabled":true
}
```
1. Run the `CodeQL: Mock GitHub API Server: Start Scenario Recording` VS Code command from the command pallet.
1. Execute a normal MRVA.
1. Once what you wanted to record is done (e.g. the MRVA has finished), then run the `CodeQL: Mock GitHub API Server: Save Scenario` command from the command pallet.
1. The scenario should then be available for replaying.
If you want to cancel recording, run the `CodeQL: Mock GitHub API Server: Cancel Scenario Recording` command.
Once the scenario has been recorded, it's often useful to remove some of the requests to speed up the replay, particularly ones that fetch the variant analysis status. Once some of the request files have manually been removed, the [fix-scenario-file-numbering script](./extensions/ql-vscode/scripts/fix-scenario-file-numbering.ts) can be used to update the number of the files. See the script file for details on how to use.
#### Scenario data location
Pre-recorded scenarios are stored in `./src/mocks/scenarios`. However, it's possible to configure the location, by setting the `codeQL.mockGitHubApiServer.scenariosPath` configuration property in the VS Code user settings.
## Releasing (write access required)
1. Go through [our test plan](/extensions/ql-vscode/docs/test-plan.md) to ensure that the extension is working as expected.
1. Double-check the `CHANGELOG.md` contains all desired change comments and has the version to be released with date at the top.
* Go through all recent PRs and make sure they are properly accounted for.
* Make sure all changelog entries have links back to their PR(s) if appropriate.
* For picking the new version number, we default to increasing the patch version number, but make our own judgement about whether a change is big enough to warrant a minor version bump. Common reasons for a minor bump could include:
* Making substantial new features available to all users. This can include lifting a feature flag.
* Breakage in compatibility with recent versions of the CLI.
* Minimum required version of VS Code is increased.
* New telemetry events are added.
* Deprecation or removal of commands.
* Accumulation of many changes, none of which are individually big enough to warrant a minor bump, but which together are. This does not include changes which are purely internal to the extension, such as refactoring, or which are only available behind a feature flag.
1. Double-check that the node version we're using matches the one used for VS Code. If it doesn't, you will then need to update the node version in the following files:
*`.nvmrc` - this will enable `nvm` to automatically switch to the correct node version when you're in the project folder
*`.github/workflows/main.yml` - all the "node-version: <version>" settings
*`.github/workflows/release.yml` - the "node-version: <version>" setting
1. Double-check that the extension `package.json` and `package-lock.json` have the version you intend to release. If you are doing a patch release (as opposed to minor or major version) this should already be correct.
1. Create a PR for this release:
* This PR will contain any missing bits from steps 1 and 2. Most of the time, this will just be updating `CHANGELOG.md` with today's date.
* Create a new branch for the release named after the new version. For example: `v1.3.6`
* Create a new commit with a message the same as the branch name.
* Create a PR for this branch.
* Wait for the PR to be merged into `main`
1. Switch to `main` and add a new tag on the `main` branch with your new version (named after the release), e.g.
```bash
git checkout main
git tag v1.3.6
```
If you've accidentally created a badly named tag, you can delete it via
```bash
git tag -d badly-named-tag
```
1. Push the new tag up:
a. If you're using a fork of the repo:
```bash
git push upstream refs/tags/v1.3.6
```
b. If you're working straight in this repo:
```bash
git push origin refs/tags/v1.3.6
```
This will trigger [a release build](https://github.com/github/vscode-codeql/releases) on Actions.
* **IMPORTANT** Make sure you are on the `main` branch and your local checkout is fully updated when you add the tag.
* If you accidentally add the tag to the wrong ref, you can just force push it to the right one later.
1. Monitor the status of the release build in the `Release` workflow in the Actions tab.
* DO NOT approve the "publish" stages of the workflow yet.
1. Download the VSIX from the draft GitHub release at the top of [the releases page](https://github.com/github/vscode-codeql/releases) that is created when the release build finishes.
1. Unzip the `.vsix` and inspect its `package.json` to make sure the version is what you expect,
or look at the source if there's any doubt the right code is being shipped.
1. Install the `.vsix` file into your vscode IDE and ensure the extension can load properly. Run a single command (like run query, or add database).
1. Go to the actions tab of the vscode-codeql repository and select the [Release workflow](https://github.com/github/vscode-codeql/actions?query=workflow%3ARelease).
- If there is an authentication failure when publishing, be sure to check that the authentication keys haven't expired. See below.
1. Approve the deployments of the correct Release workflow. This will automatically publish to Open VSX and VS Code Marketplace.
1. Go to the draft GitHub release in [the releases tab of the repository](https://github.com/github/vscode-codeql/releases), click 'Edit', add some summary description, and publish it.
1. Confirm the new release is marked as the latest release at <https://github.com/github/vscode-codeql/releases>.
1. If documentation changes need to be published, notify documentation team that release has been made.
1. Review and merge the version bump PR that is automatically created by Actions.
## Secrets and authentication for publishing
Repository administrators, will need to manage the authentication keys for publishing to the VS Code marketplace and Open VSX. Each requires an authentication token. The VS Code marketplace token expires yearly.
To regenerate the Open VSX token:
1. Log in to the [user settings page on Open VSX](https://open-vsx.org/user-settings/namespaces).
1. Make sure you are a member of the GitHub namespace.
1. Go to the [Access Tokens](https://open-vsx.org/user-settings/tokens) page and generate a new token.
1. Update the secret in the `publish-open-vsx` environment in the project settings.
To regenerate the VSCode Marketplace token, please see our internal documentation. Note that Azure DevOps PATs expire every 90 days and must be regenerated.
[Information about testing can be found here](./docs/testing.md).
@@ -7,7 +7,7 @@ The extension is released. You can download it from the [Visual Studio Marketpla
To see what has changed in the last few versions of the extension, see the [Changelog](https://github.com/github/vscode-codeql/blob/main/extensions/ql-vscode/CHANGELOG.md).
[](https://github.com/github/vscode-codeql/actions?query=workflow%3A%22Build+Extension%22+branch%3Amaster)
@@ -15,6 +15,7 @@ To see what has changed in the last few versions of the extension, see the [Chan
* Shows the flow of data through the results of path queries, which is essential for triaging security results.
* Provides an easy way to run queries from the large, open source repository of [CodeQL security queries](https://github.com/github/codeql).
* Adds IntelliSense to support you writing and editing your own CodeQL query and library files.
* Supports you running CodeQL queries against thousands of repositories on GitHub using multi-repository variant analysis.
## Project goals and scope
@@ -24,8 +25,8 @@ This project will track new feature development in CodeQL and, whenever appropri
This extension depends on the following two extensions for required functionality. They will be installed automatically when you install VS Code CodeQL.
The CodeQL for VS Code extension defines the version of Node.js that it is intended to run with. This Node.js version is used when running most CI and unit tests.
When running in production (i.e. as an extension for a VS Code application) it will use the Node.js version provided by VS Code. This can mean a different Node.js version is used by different users with different versions of VS Code.
We should make sure the CodeQL for VS Code extension works with the Node.js version supplied by all versions of VS Code that we support.
## Checking the version of Node.js supplied by VS Code
You can find this info by seleting "About Visual Studio Code" from the top menu.
## Updating the Node.js version
The following files will need to be updated:
-`extensions/ql-vscode/.nvmrc` - this will enable nvm to automatically switch to the correct Node
version when you're in the project folder. It will also change the Node version the GitHub Actions
workflows use.
-`extensions/ql-vscode/package.json` - the "engines.node: '[VERSION]'" setting
-`extensions/ql-vscode/package.json` - the "@types/node: '[VERSION]'" dependency
Then run `npm install` to update the `extensions/ql-vscode/package-lock.json` file.
## Node.js version used in tests
Unit tests will use whatever version of Node.js is installed locally. In CI this will be the version specified in the workflow.
Integration tests download a copy of VS Code and then will use whatever version of Node.js is provided by VS Code. Our integration tests are currently pinned to an older version of VS Code. See [VS Code version used in tests](./vscode-version.md#vs-code-version-used-in-tests) for more information.
1. Run the ["Run CLI tests" workflow](https://github.com/github/vscode-codeql/actions/workflows/cli-test.yml) and make sure the tests are green. If there were no merges between the time the workflow ran (it runs daily), and the release, you can skip this step.
1. Double-check the `CHANGELOG.md` contains all desired change comments and has the version to be released with date at the top.
* Go through all recent PRs and make sure they are properly accounted for.
* Make sure all changelog entries have links back to their PR(s) if appropriate.
* For picking the new version number, we default to increasing the patch version number, but make our own judgement about whether a change is big enough to warrant a minor version bump. Common reasons for a minor bump could include:
* Making substantial new features available to all users. This can include lifting a feature flag.
* Breakage in compatibility with recent versions of the CLI.
* Minimum required version of VS Code is increased.
* New telemetry events are added.
* Deprecation or removal of commands.
* Accumulation of many changes, none of which are individually big enough to warrant a minor bump, but which together are. This does not include changes which are purely internal to the extension, such as refactoring, or which are only available behind a feature flag.
1. Double-check that the node version we're using matches the one used for VS Code. See the [Node.js version instructions](./node-version.md) for more information.
1. Double-check that the extension `package.json` and `package-lock.json` have the version you intend to release. If you are doing a patch release (as opposed to minor or major version) this should already be correct.
1. Create a PR for this release:
* This PR will contain any missing bits from steps 1, 2 and 3. Most of the time, this will just be updating `CHANGELOG.md` with today's date.
* Create a new branch for the release named after the new version. For example: `v1.3.6`
* Create a new commit with a message the same as the branch name.
* Create a PR for this branch.
* Wait for the PR to be merged into `main`
1. Switch to `main` branch and pull latest changes
1. Lock the `main` branch.
* Go to the [branch protection rules for the `main` branch](https://github.com/github/vscode-codeql/settings/branch_protection_rules/16447115)
* Select "Lock branch"
* Click "Save changes"
1. Ensure that no PRs have been merged since the release PR that you merged. If there were, you might need to unlock `main` temporarily and update the CHANGELOG again.
1. Build the extension `npm run build` and install it on your VS Code using "Install from VSIX".
1. Go through [our test plan](./test-plan.md) to ensure that the extension is working as expected.
1. Switch to `main` and add a new tag on the `main` branch with your new version (named after the release), e.g.
```bash
git checkout main
git tag v1.3.6
```
If you've accidentally created a badly named tag, you can delete it via
```bash
git tag -d badly-named-tag
```
1. Unlock the main branch
* Go to the [branch protection rules for the `main` branch](https://github.com/github/vscode-codeql/settings/branch_protection_rules/16447115)
* Deselect "Lock branch"
* Click "Save changes"
1. Push the new tag up:
a. If you're using a fork of the repo:
```bash
git push upstream refs/tags/v1.3.6
```
b. If you're working straight in this repo:
```bash
git push origin refs/tags/v1.3.6
```
This will trigger [a release build](https://github.com/github/vscode-codeql/releases) on Actions.
* **IMPORTANT** Make sure you are on the `main` branch and your local checkout is fully updated when you add the tag.
* If you accidentally add the tag to the wrong ref, you can just force push it to the right one later.
1. Monitor the status of the release build in the `Release` workflow in the Actions tab.
* DO NOT approve the "publish" stages of the workflow yet.
1. Download the VSIX from the draft GitHub release at the top of [the releases page](https://github.com/github/vscode-codeql/releases) that is created when the release build finishes.
1. Unzip the `.vsix` and inspect its `package.json` to make sure the version is what you expect,
or look at the source if there's any doubt the right code is being shipped.
1. Install the `.vsix` file into your vscode IDE and ensure the extension can load properly. Run a single command (like run query, or add database).
1. Go to the actions tab of the vscode-codeql repository and select the [Release workflow](https://github.com/github/vscode-codeql/actions?query=workflow%3ARelease).
* If there is an authentication failure when publishing, be sure to check that the authentication keys haven't expired. See below.
1. Approve the deployments of the correct Release workflow. This will automatically publish to Open VSX and VS Code Marketplace.
1. Go to the draft GitHub release in [the releases tab of the repository](https://github.com/github/vscode-codeql/releases), click 'Edit', add some summary description, and publish it.
1. Confirm the new release is marked as the latest release at <https://github.com/github/vscode-codeql/releases>.
1. If documentation changes need to be published, notify documentation team that release has been made.
1. Review and merge the version bump PR that is automatically created by Actions.
## Secrets and authentication for publishing
Repository administrators, will need to manage the authentication keys for publishing to the VS Code marketplace and Open VSX. Each requires an authentication token. The VS Code marketplace token expires yearly.
To regenerate the Open VSX token:
1. Log in to the [user settings page on Open VSX](https://open-vsx.org/user-settings/namespaces).
1. Make sure you are a member of the GitHub namespace.
1. Go to the [Access Tokens](https://open-vsx.org/user-settings/tokens) page and generate a new token.
1. Update the secret in the `publish-open-vsx` environment in the project settings.
To regenerate the VSCode Marketplace token, please see our internal documentation. Note that Azure DevOps PATs expire every 90 days and must be regenerated.
@@ -11,20 +11,67 @@ We don't need to test features (and permutations of features) that are covered b
## Before releasing the VS Code extension
- Go through the required test cases listed below
- Run at least one local query and MRVA using the existing version of the extension (to generate "old" query history items).
- Go through the required test cases listed below.
- Check major PRs since the previous release for specific one-off things to test. Based on that, you might want to
choose to go through some of the Optional Test Cases.
- Run a query using the existing version of the extension (to generate an "old" query history item)
## Required Test Cases
### Pre-requisites
### Local databases
- Flip the `codeQL.canary` flag. This will enable MRVA in the extension.
#### Test case 1: Download a database from GitHub
### Test Case 1: MRVA - Running a problem path query and viewing results
1. Click "Download Database from GitHub" and enter `angular-cn/ng-nice` and select the javascript language if prompted
1. Open the [UnsafeJQueryPlugin query](https://github.com/github/codeql/blob/main/javascript/ql/src/Security/CWE-079/UnsafeJQueryPlugin.ql).
#### Test case 2: Import a database from an archive
1. Obtain a javascript database for `babel/babel`
- You can do `gh api "/repos/babel/babel/code-scanning/codeql/databases/javascript" -H "Accept: application/zip" > babel.zip` to fetch a database from GitHub.
2. Click "Choose Database from Archive" and select the file you just downloaded above.
### Local queries
#### Test case 1: Running a path problem query and viewing results
1. Open the [javascript UnsafeJQueryPlugin query](https://github.com/github/codeql/blob/main/javascript/ql/src/Security/CWE-079/UnsafeJQueryPlugin.ql).
2. Select the `angular-cn/ng-nice` database (or download it if you don't have one already)
3. Run a local query.
4. Once the query completes:
- Check that the result messages are rendered
- Check that the paths can be opened and paths are rendered correctly
- Check that alert locations can be clicked on
#### Test case 2: Running a problem query and viewing results
1. Open the [javascript ReDoS query](https://github.com/github/codeql/blob/main/javascript/ql/src/Performance/ReDoS.ql).
2. Select the `babel/babel` database (or download it if you don't have one already)
3. Run a local query.
4. Once the query completes:
- Check that the result messages are rendered
- Check that alert locations can be clicked on
#### Test case 3: Running a non-problem query and viewing results
1. Open the [cpp FunLinesOfCode query](https://github.com/github/codeql/blob/main/cpp/ql/src/Metrics/Functions/FunLinesOfCode.ql).
2. Select the `google/brotli` database (or download it if you don't have one already)
3. Run a local query.
4. Once the query completes:
- Check that the results table is rendered
- Check that result locations can be clicked on
#### Test case 4: Can use AST viewer
1. Click on any code location from a previous query to open a source file from a database
2. Open the AST viewing panel and click "View AST"
3. Once the AST is computed:
- Check that it can be navigated
### MRVA
#### Test Case 1: Running a path problem query and viewing results
1. Open the [javascript UnsafeJQueryPlugin query](https://github.com/github/codeql/blob/main/javascript/ql/src/Security/CWE-079/UnsafeJQueryPlugin.ql).
2. Run a MRVA against the following repo list:
```json
@@ -51,56 +98,122 @@ choose to go through some of the Optional Test Cases.
6. Once the query completes:
- Check that the query history item is updated to show the query status as "complete"
### Test Case 2: MRVA - Running a problem query and viewing results
#### Test Case 2: Running a problem query and viewing results
1. Open the [ReDoS query](https://github.com/github/codeql/blob/main/javascript/ql/src/Performance/ReDoS.ql).
1. Open the [javascript ReDoS query](https://github.com/github/codeql/blob/main/javascript/ql/src/Performance/ReDoS.ql).
2. Run a MRVA against the "Top 10" repositories.
3. Check that there is a notification message.
3. Check that a notification message pops up and the results view is opened.
4. Check the query history. It should:
- Show that an item has been added to the query history
- The item should be marked as "in progress".
5. Once the query starts:
- Check that a notification is shown with a link to the results view
5. Once the query completes:
- Check that the results are rendered with an alert message and a highlighted code snippet:
1. Open the [FunLinesOfCode query](https://github.com/github/codeql/blob/main/cpp/ql/src/Metrics/Functions/FunLinesOfCode.ql).
#### Test Case 3: Running a non-problem query and viewing results
1. Open the [cpp FunLinesOfCode query](https://github.com/github/codeql/blob/main/cpp/ql/src/Metrics/Functions/FunLinesOfCode.ql).
2. Run a MRVA against a single repository (e.g. `google/brotli`).
3. Once the query starts:
- Open the query results
3. Check that a notification message pops up and the results view is opened.
4. Check the query history. It should:
- Show that an item has been added to the query history
- The item should be marked as "in progress".
5. Once the query completes:
- Check that the results show up in a table:
### Test Case 4: MRVA - Interacting with query history
#### Test Case 4: Interacting with query history
1. Click a history item (for MRVA):
- Check that exporting results works
- Check that sorting results works
- Check that copying repo lists works
2. Open the query results directory:
2. Click "Open Results Directory":
- Check that the correct directory is opened and there are results in it
3. View logs
3. Click "View Logs":
- Check that the correct workflow is opened
### Test Case 5: MRVA - Canceling a variant analysis run
#### Test Case 5: Canceling a variant analysis run
Run one of the above MRVAs, but cancel it from within VS Code:
- Check that the query is canceled and the query history item is updated.
- Check that the workflow run is also canceled.
- Check that any available results are visible in VS Code.
### Test Case 6: MRVA - Change to a different colour theme
### CodeQL Model Editor
Open one of the above MRVAs, try changing to a different colour theme and check that everything looks sensible.
#### Test Case 1: Opening the model editor
1. Download the `sofastack/sofa-jraft` java database from GitHub.
2. Open the Model Editor with the "CodeQL: Open CodeQL Model Editor" command from the command palette.
- Check that the editor loads and shows methods to model.
- Check that methods are grouped per library (e.g. `rocksdbjni@7.7.3` or `asm@6.0`)
- Check that the "Open source" link works.
- Check that the 'View' button works and the Method Usage panel highlight the correct method and usage
- Check that the Method Modeling panel shows the correct method and modeling state
#### Test Case 2: Model methods
1. Expand one of the libraries.
- Change the model type and check that the other dropdowns change.
- Check that the method modeling panel updates accordingly
2. Save the modeled methods.
3. Click "Open extension pack"
- Check that the file explorer opens a directory with a "models" directory
4. Open the ".model.yml" file corresponding to the library that was changed.
- Check that the file contains entries for the methods that were modeled.
#### Test Case 3: Model with AI
Note that this test requires the feature flag: `codeQL.model.llmGeneration`
1. Click "Model with AI".
- Check that rows change to "Thinking".
- Check that results come back and rows get filled out.
#### Test Case 4: Model as dependency
Note that this test requires the feature flag: `codeQL.model.flowGeneration`
1. Click "Model as dependency"
- Check that grouping are now per package (e.g. `com.alipay.sofa.rraft.option` or `com.google.protobuf`)
2. Click "Generate".
- Check that rows are filled out.
### General
#### Test case 1: Change to a different colour theme
Open at least one of the above MRVAs and at least one local query, then try changing to a different colour theme and check that everything looks sensible.
Are there any components that are not showing up?
## Optional Test Cases
These are mostly aimed at MRVA, but some of them are also applicable to non-MRVA queries.
### Modeling Flow
### Selecting repositories to run on
1. Check that a method can have multiple models:
- Add a couple of new models for one method in the model editor
- Save and check that the modeling file (use the 'open extension pack' button to open it) shows multiple methods
- Check that the Method Modeling Panel shows the correct multiple models
- Check that you can browse through different models in the Method Modeling Panel
- Check that a 'duplicated classification' error appears in both model editor and modeling panel when a duplicate modeling occurs
- Check that a 'conflicting classification' error appears when a neutral model type is paired with a model of the same kind
- Check that clicking on the error highlights the correct modeling in both the editor and the modeling panel
2. Check the Method Usage Panel
- Check that the Method Usage Panel opens and jumps to the correct usage when clicking on 'View' in the model editor
- Check that the first and following usages are opening when clicking on a usage
- Check that the usage icon color turns green when saving a newly modeled method
- Check that the usage icon color turns red when saving a newly unmodeld method
3. Check the Method Modeling Panel
- Check that the 'Start modeling' button opens a new model editor
- Check that it refreshes the blank state when a model editor is opened/closed
- Check that when modeling in the editor the modeling panel updates accordingly
- Check that when modeling in the modeling panel the model editor updates accordingly
### Selecting MRVA repositories to run on
#### Test case 1: Running a query on a single repository
@@ -130,7 +243,7 @@ These are mostly aimed at MRVA, but some of them are also applicable to non-MRVA
4. The org contains private repositories that are inaccessible
2. The org does not exist
### Using different types of controller repos
### Using different types of controller repos for MRVA
#### Test case 1: Running a query when the controller repository is public
@@ -235,6 +348,7 @@ with this since it has quite a limited number of actions you can do.
This requires running a MRVA query and seeing the results view.
<!-- markdownlint-disable-next-line MD024 -->
#### Test case 1: When variant analysis state is "pending"
1. Can open a results view
@@ -260,10 +374,9 @@ This requires running a MRVA query and seeing the results view.
2. When the file does not exist
7. Can open query text
8. Can sort repos
1. By name
2. By results
3. By stars
4. By last updated
1. Alphabetically
2. By number of results
3. By popularity
9. Can filter repos
10. Shows correct statistics
1. Total number of results
@@ -323,6 +436,7 @@ This requires running a MRVA query and seeing the results view.
1. Make changes via config file (ensure JSON schema is helping out)
1. Close and re-open VS Code (ensure lists are there)
1. Collapse/expand tree nodes
1. Create a new list, right click and select "Add repositories with GitHub Code Search". Enter the language 'python' and the query "UserMixin". This should show a rate limiting notification after a while but eventually populate the list with roughly 770 items.
* Unit tests: these live in the `tests/unit-tests/` directory
* View tests: these live in `src/view/variant-analysis/__tests__/`
* VSCode integration tests:
*`test/vscode-tests/activated-extension` tests: These are intended to cover functionality that require the full extension to be activated but don't require the CLI. This suite is not run against multiple versions of the CLI in CI.
*`test/vscode-tests/no-workspace` tests: These are intended to cover functionality around not having a workspace. The extension is not activated in these tests.
*`test/vscode-tests/minimal-workspace` tests: These are intended to cover functionality that need a workspace but don't require the full extension to be activated.
* CLI integration tests: these live in `test/vscode-tests/cli-integration`
* These tests are intended to cover functionality that is related to the integration between the CodeQL CLI and the extension. These tests are run against each supported versions of the CLI in CI.
The CLI integration tests require an instance of the CodeQL CLI to run so they will require some extra setup steps. When adding new tests to our test suite, please be mindful of whether they need to be in the cli-integration folder. If the tests don't depend on the CLI, they are better suited to being a VSCode integration test.
Any test data you're using (sample projects, config files, etc.) must go in a `test/vscode-tests/*/data` directory. When you run the tests, the test runner will copy the data directory to `out/vscode-tests/*/data`.
## Running the tests
Pre-requisites:
1. Run `npm run build`.
2. You will need to have `npm run watch` running in the background.
### 1. From the terminal
Then, from the `extensions/ql-vscode` directory, use the appropriate command to run the tests:
* Unit tests: `npm run test:unit`
* View Tests: `npm run test:view`
* VSCode integration tests: `npm run test:vscode-integration`
#### Running CLI integration tests from the terminal
The CLI integration tests require the CodeQL standard libraries in order to run so you will need to clone a local copy of the `github/codeql` repository.
1. Set the `TEST_CODEQL_PATH` environment variable: running from a terminal, you _must_ set the `TEST_CODEQL_PATH` variable to point to a checkout of the `github/codeql` repository. The appropriate CLI version will be downloaded as part of the test.
2. Run your test command:
```shell
cd extensions/ql-vscode && npm run test:cli-integration
```
### 2. From VSCode
Alternatively, you can run the tests inside of VSCode. There are several VSCode launch configurations defined that run the unit and integration tests.
You will need to run tests using a task from inside of VS Code, under the "Run and Debug" view:
* Unit tests: run the _Launch Unit Tests_ task
* View Tests: run the _Launch Unit Tests - React_ task
* VSCode integration tests: run the _Launch Unit Tests - No Workspace_ and _Launch Unit Tests - Minimal Workspace_ tasks
#### Running CLI integration tests from VSCode
The CLI integration tests require the CodeQL standard libraries in order to run so you will need to clone a local copy of the `github/codeql` repository.
1. Set the `TEST_CODEQL_PATH` environment variable: running from a terminal, you _must_ set the `TEST_CODEQL_PATH` variable to point to a checkout of the `github/codeql` repository. The appropriate CLI version will be downloaded as part of the test.
2. Set the codeql path in VSCode's launch configuration: open `launch.json` and under the _Launch Integration Tests - With CLI_ section, uncomment the `"${workspaceRoot}/../codeql"` line. If you've cloned the `github/codeql` repo to a different path, replace the value with the correct path.
3. Run the VSCode task from the "Run and Debug" view called _Launch Integration Tests - With CLI_.
## Running a single test
### 1. Running a single test from the terminal
The easiest way to run a single test is to change the `it` of the test to `it.only` and then run the test command with some additional options
to only run tests for this specific file. For example, to run the test `test/vscode-tests/cli-integration/run-queries.test.ts`:
```shell
npm run test:cli-integration -- --runTestsByPath test/vscode-tests/cli-integration/run-queries.test.ts
```
You can also use the `--testNamePattern` option to run a specific test within a file. For example, to run the test `test/vscode-tests/cli-integration/run-queries.test.ts`:
```shell
npm run test:cli-integration -- --runTestsByPath test/vscode-tests/cli-integration/run-queries.test.ts --testNamePattern "should create a QueryEvaluationInfo"
```
### 2. Running a single test from VSCode
Alternatively, you can run a single test inside VSCode. To do so, install the [Jest Runner](https://marketplace.visualstudio.com/items?itemName=firsttris.vscode-jest-runner) extension. Then,
you will have quicklinks to run a single test from within test files. To run a single unit or integration test, click the "Run" button. Debugging a single test is currently only supported
for unit tests by default. To debug integration tests, open the `.vscode/settings.json` file and uncomment the `jestrunner.debugOptions` lines. This will allow you to debug integration tests.
Please make sure to revert this change before committing; with this setting enabled, it is not possible to debug unit tests.
Without the Jest Runner extension, you can also use the "Launch Selected Unit Test (vscode-codeql)" launch configuration to run a single unit test.
## Using a mock GitHub API server
Multi-Repo Variant Analyses (MRVA) rely on the GitHub API. In order to make development and testing easy, we have functionality that allows us to intercept requests to the GitHub API and provide mock responses.
### Using a pre-recorded test scenario
To run a mock MRVA scenario, follow these steps:
1. Enable the mock GitHub API server by adding the following in your VS Code user settings (which can be found by running the `Preferences: Open User Settings (JSON)` VS Code command):
```json
"codeQL.mockGitHubApiServer":{
"enabled":true
}
```
1. Run the `CodeQL: Mock GitHub API Server: Load Scenario` command from the command pallet, and choose one of the scenarios to load.
1. Execute a normal MRVA. At this point you should see the scenario being played out, rather than an actual MRVA running.
1. Once you're done, you can stop using the mock scenario with `CodeQL: Mock GitHub API Server: Unload Scenario`
If you want to replay the same scenario you should unload and reload it so requests are replayed from the start.
### Recording a new test scenario
To record a new mock MRVA scenario, follow these steps:
1. Enable the mock GitHub API server by adding the following in your VS Code user settings (which can be found by running the `Preferences: Open User Settings (JSON)` VS Code command):
```json
"codeQL.mockGitHubApiServer":{
"enabled":true
}
```
1. Run the `CodeQL: Mock GitHub API Server: Start Scenario Recording` VS Code command from the command pallet.
1. Execute a normal MRVA.
1. Once what you wanted to record is done (e.g. the MRVA has finished), then run the `CodeQL: Mock GitHub API Server: Save Scenario` command from the command pallet.
1. The scenario should then be available for replaying.
If you want to cancel recording, run the `CodeQL: Mock GitHub API Server: Cancel Scenario Recording` command.
Once the scenario has been recorded, it's often useful to remove some of the requests to speed up the replay, particularly ones that fetch the variant analysis status. Once some of the request files have manually been removed, the [fix-scenario-file-numbering script](../extensions/ql-vscode/scripts/fix-scenario-file-numbering.ts) can be used to update the number of the files. See the script file for details on how to use.
### Scenario data location
Pre-recorded scenarios are stored in `./src/common/mock-gh-api/scenarios`. However, it's possible to configure the location, by setting the `codeQL.mockGitHubApiServer.scenariosPath` configuration property in the VS Code user settings.
The CodeQL for VS Code extension specifies the versions of VS Code that it is compatible with. VS Code will only offer to install and upgrade the extension when this version range is satisfied.
## Where is the VS Code version specified
1. Hard limit in [`package.json`](https://github.com/github/vscode-codeql/blob/606bfd7f877d9fffe4ff83b78015ab15f8840b12/extensions/ql-vscode/package.json#L16)
This is the value that VS Code understands and respects. If a user does not meet this version requirement then VS Code will not offer to install the CodeQL for VS Code extension, and if the extension is already installed then it will silently refuse to upgrade the extension.
1. Soft limit in [`extension.ts`](https://github.com/github/vscode-codeql/blob/606bfd7f877d9fffe4ff83b78015ab15f8840b12/extensions/ql-vscode/src/extension.ts#L307)
This value is used internally by the CodeQL for VS Code extension and is used to provide a warning to users without blocking them from installing or upgrading. If the extension detects that this version range is not met it will output a warning message to the user prompting them to upgrade their VS Code version to ge the latest features of CodeQL.
## When to update the VS Code version
Generally we should aim to support as wide a range of VS Code versions as we can, so unless there is a reason to do so we do not update the minimum VS Code version requirement.
Reasons for updating the minimum VS Code version include:
- A new feature is included in VS Code. We may want to ensure that it is available to use so we do not have to provide an alternative code path.
- A breaking change has happened in VS Code, and it is not possible to support both new and old versions.
Also consider what percentage of our users are using each VS Code version. This information is available in our telemetry.
## How to update the VS Code version
To provide a good experience to users, it is recommented to update the `MIN_VERSION` in `extension.ts` first and release, and then update the `vscode` version in `package.json` and release again. By stagging this update across two releases it gives users on older VS Code versions a chance to upgrade before it silently refuses to upgrade them.
## VS Code version used in tests
Our integration tests are currently pinned to use an older version of VS Code due to <https://github.com/github/vscode-codeql/issues/2402>.
This version is specified in [`jest-runner-vscode.config.base.js`](https://github.com/github/vscode-codeql/blob/d93f2b67c84e79737b0ce4bb74e31558b5f5166e/extensions/ql-vscode/test/vscode-tests/jest-runner-vscode.config.base.js#L17).
Until this is resolved this will limit us updating our minimum supported version of VS Code.
- Sorted result set filenames now include a hash of the result set name instead of the full name. [#2955](https://github.com/github/vscode-codeql/pull/2955)
- The "Install Pack Dependencies" will now only list CodeQL packs located in the workspace. [#2960](https://github.com/github/vscode-codeql/pull/2960)
- Fix a bug where the "View Query Log" action for a query history item was not working. [#2984](https://github.com/github/vscode-codeql/pull/2984)
- Add a command to sort items in the databases view by language. [#2993](https://github.com/github/vscode-codeql/pull/2993)
- Fix not being able to open the results directory or evaluator log for a cancelled local query run. [#2996](https://github.com/github/vscode-codeql/pull/2996)
- Fix empty row in alert path when the SARIF location was empty. [#3018](https://github.com/github/vscode-codeql/pull/3018)
## 1.9.2 - 12 October 2023
- Fix a bug where the query to Find Definitions in database source files would not be cancelled appropriately. [#2885](https://github.com/github/vscode-codeql/pull/2885)
- It is now possible to show the language of query history items using the `%l` specifier in the `codeQL.queryHistory.format` setting. Note that this only works for queries run after this upgrade, and older items will show `unknown` as a language. [#2892](https://github.com/github/vscode-codeql/pull/2892)
- Increase the required version of VS Code to 1.82.0. [#2877](https://github.com/github/vscode-codeql/pull/2877)
- Fix a bug where the query server was restarted twice after configuration changes. [#2884](https://github.com/github/vscode-codeql/pull/2884).
- Add support for the `telemetry.telemetryLevel` setting. For more information, see the [telemetry documentation](https://codeql.github.com/docs/codeql-for-visual-studio-code/about-telemetry-in-codeql-for-visual-studio-code). [#2824](https://github.com/github/vscode-codeql/pull/2824).
- Add a "CodeQL: Trim Cache" command that clears the evaluation cache of a database except for predicates annotated with the `cached` keyword. Its purpose is to get accurate performance measurements when tuning the final stage of a query, like a data-flow configuration. This is equivalent to the `codeql database cleanup --mode=normal` CLI command. In contrast, the existing "CodeQL: Clear Cache" command clears the entire cache. CodeQL CLI v2.15.1 or later is required. [#2928](https://github.com/github/vscode-codeql/pull/2928)
- Fix syntax highlighting directly after import statements with instantiation arguments. [#2792](https://github.com/github/vscode-codeql/pull/2792)
- The `debug.saveBeforeStart` setting is now respected when running variant analyses. [#2950](https://github.com/github/vscode-codeql/pull/2950)
- The 'open database' button of the model editor was renamed to 'open source'. Also, it's now only available if the source archive is available as a workspace folder. [#2945](https://github.com/github/vscode-codeql/pull/2945)
## 1.9.1 - 29 September 2023
- Add warning when using a VS Code version older than 1.82.0. [#2854](https://github.com/github/vscode-codeql/pull/2854)
- Fix a bug when parsing large evaluation log summaries. [#2858](https://github.com/github/vscode-codeql/pull/2858)
- Right-align and format numbers in raw result tables. [#2864](https://github.com/github/vscode-codeql/pull/2864)
- Remove rate limit warning notifications when using Code Search to add repositories to a variant analysis list. [#2812](https://github.com/github/vscode-codeql/pull/2812)
## 1.9.0 - 19 September 2023
- Release the [CodeQL model editor](https://codeql.github.com/docs/codeql/codeql-for-visual-studio-code/using-the-codeql-model-editor) to create CodeQL model packs for Java frameworks. Open the editor using the "CodeQL: Open CodeQL Model Editor (Beta)" command. [#2823](https://github.com/github/vscode-codeql/pull/2823)
## 1.8.12 - 11 September 2023
- Fix a bug where variant analysis queries would fail for queries in the `codeql/java-queries` query pack. [#2786](https://github.com/github/vscode-codeql/pull/2786)
## 1.8.11 - 7 September 2023
- Update how variant analysis results are displayed. For queries with ["path-problem" or "problem" `@kind`](https://codeql.github.com/docs/writing-codeql-queries/metadata-for-codeql-queries/#metadata-properties), you can choose to display the results as rendered alerts or as a table of raw results. For queries with any other `@kind`, the results are displayed as a table. [#2745](https://github.com/github/vscode-codeql/pull/2745) & [#2749](https://github.com/github/vscode-codeql/pull/2749)
- When running variant analyses, don't download artifacts for repositories with no results. [#2736](https://github.com/github/vscode-codeql/pull/2736)
- Group the extension settings, so that they're easier to find in the Settings UI. [#2706](https://github.com/github/vscode-codeql/pull/2706)
## 1.8.10 - 15 August 2023
- Add a code lens to make the `CodeQL: Open Referenced File` command more discoverable. Click the "Open referenced file" prompt in a `.qlref` file to jump to the referenced `.ql` file. [#2704](https://github.com/github/vscode-codeql/pull/2704)
## 1.8.9 - 3 August 2023
- Remove "last updated" information and sorting from variant analysis results view. [#2637](https://github.com/github/vscode-codeql/pull/2637)
- Links to code on GitHub now include column numbers as well as line numbers. [#2406](https://github.com/github/vscode-codeql/pull/2406)
- No longer highlight trailing commas for jump to definition. [#2615](https://github.com/github/vscode-codeql/pull/2615)
- Fix a bug where the QHelp preview page was not being refreshed after changes to the underlying `.qhelp` file. [#2660](https://github.com/github/vscode-codeql/pull/2660)
## 1.8.8 - 17 July 2023
- Remove support for CodeQL CLI versions older than 2.9.4. [#2610](https://github.com/github/vscode-codeql/pull/2610)
- Implement syntax highlighting for the `additional` and `default` keywords. [#2609](https://github.com/github/vscode-codeql/pull/2609)
## 1.8.7 - 29 June 2023
- Show a run button on the file tab for query files, that will start a local query. This button will only show when a local database is selected in the extension. [#2544](https://github.com/github/vscode-codeql/pull/2544)
- Add a `CodeQL: Quick Evaluation Count` command to generate the count summary statistics of the results set
without spending the time to compute locations and strings. [#2475](https://github.com/github/vscode-codeql/pull/2475)
## 1.8.6 - 14 June 2023
- Add repositories to a variant analysis list with GitHub Code Search. [#2439](https://github.com/github/vscode-codeql/pull/2439) and [#2476](https://github.com/github/vscode-codeql/pull/2476)
## 1.8.5 - 6 June 2023
- Add settings `codeQL.variantAnalysis.defaultResultsFilter` and `codeQL.variantAnalysis.defaultResultsSort` for configuring how variant analysis results are filtered and sorted in the results view. The default is to show all repositories, and to sort by the number of results. [#2392](https://github.com/github/vscode-codeql/pull/2392)
- Fix bug to ensure error messages have complete stack trace in message logs. [#2425](https://github.com/github/vscode-codeql/pull/2425)
- Fix bug where the `CodeQL: Compare Query` command did not work for comparing quick-eval queries. [#2422](https://github.com/github/vscode-codeql/pull/2422)
- Update text of copy and export buttons in variant analysis results view to clarify that they only copy/export the selected/filtered results. [#2427](https://github.com/github/vscode-codeql/pull/2427)
- Add warning when using unsupported CodeQL CLI version. [#2428](https://github.com/github/vscode-codeql/pull/2428)
- Retry variant analysis results download if connection times out. [#2440](https://github.com/github/vscode-codeql/pull/2440)
## 1.8.4 - 3 May 2023
- Avoid repeated error messages when unable to monitor a variant analysis. [#2396](https://github.com/github/vscode-codeql/pull/2396)
- Fix bug where a variant analysis didn't display the `#select` results set correctly when the [query metadata](https://codeql.github.com/docs/writing-codeql-queries/about-codeql-queries/#query-metadata) didn't exactly match the query results. [#2395](https://github.com/github/vscode-codeql/pull/2395)
- On the variant analysis results page, show the count of successful analyses instead of completed analyses, and indicate the reason why analyses were not successful. [#2349](https://github.com/github/vscode-codeql/pull/2349)
- Fix bug where the "CodeQL: Set Current Database" command didn't always select the database. [#2384](https://github.com/github/vscode-codeql/pull/2384)
## 1.8.3 - 26 April 2023
- Added ability to filter repositories for a variant analysis to only those that have results [#2343](https://github.com/github/vscode-codeql/pull/2343)
- Add new configuration option to allow downloading databases from http, non-secure servers. [#2332](https://github.com/github/vscode-codeql/pull/2332)
- Remove title actions from the query history panel that depended on history items being selected. [#2350](https://github.com/github/vscode-codeql/pull/2350)
## 1.8.2 - 12 April 2023
- Fix bug where users could end up with the managed CodeQL CLI getting uninstalled during upgrades and not reinstalled. [#2294](https://github.com/github/vscode-codeql/pull/2294)
- Fix bug that was causing code flows to not get updated when switching between results. [#2288](https://github.com/github/vscode-codeql/pull/2288)
- Restart the CodeQL language server whenever the _CodeQL: Restart Query Server_ command is invoked. This avoids bugs where the CLI version changes to support new language features, but the language server is not updated. [#2238](https://github.com/github/vscode-codeql/pull/2238)
- Avoid requiring a manual restart of the query server when the [external CLI config file](https://docs.github.com/en/code-security/codeql-cli/using-the-codeql-cli/specifying-command-options-in-a-codeql-configuration-file#using-a-codeql-configuration-file) changes. [#2289](https://github.com/github/vscode-codeql/pull/2289)
## 1.8.1 - 23 March 2023
- Show data flow paths of a variant analysis in a new tab. [#2172](https://github.com/github/vscode-codeql/pull/2172) & [#2182](https://github.com/github/vscode-codeql/pull/2182)
- Show labels of entities in exported CSV results. [#2170](https://github.com/github/vscode-codeql/pull/2170)
## 1.8.0 - 9 March 2023
- Send telemetry about unhandled errors happening within the extension. [#2125](https://github.com/github/vscode-codeql/pull/2125)
- Enable collection of telemetry concerning interactions with UI elements, including buttons, links, and other inputs. [#2114](https://github.com/github/vscode-codeql/pull/2114)
@@ -28,7 +28,7 @@ For information about other configurations, see the separate [CodeQL help](https
1. [Run a query](#running-a-query).
---
<!-- markdownlint-disable-next-line MD024 -->
## Quick start: Installing and configuring the extension
### Installing the extension
@@ -71,6 +71,7 @@ in the starter workspace directory.
If you're using your own clone of the CodeQL standard libraries, you can do a `git pull` from where you have the libraries checked out.
<!-- markdownlint-disable-next-line MD024 -->
## Quick start: Using CodeQL
You can find all the commands contributed by the extension in the Command Palette (**Ctrl+Shift+P** or **Cmd+Shift+P**) by typing `CodeQL`, many of them are also accessible through the interface, and via keyboard shortcuts.
// If there are more requests to come, increment the index.
requestIndex++;
}
returnjsonResponse(request.response.body,{
status: request.response.status,
});
},
);
}
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
