Merge pull request #14282 from github/saritai/update-language-display-names

Update language display names
This commit is contained in:
Sarita Iyer 2023-09-29 11:15:56 -04:00 коммит произвёл GitHub
Родитель 81e4cddf9f f29063bca3
Коммит 178b5c1c30
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
22 изменённых файлов: 87 добавлений и 75 удалений

Просмотреть файл

@ -1,9 +1,9 @@
.. _abstract-syntax-tree-classes-for-working-with-java-programs:
Abstract syntax tree classes for working with Java programs
===========================================================
Abstract syntax tree classes for working with Java and Kotlin programs
======================================================================
CodeQL has a large selection of classes for representing the abstract syntax tree of Java programs.
CodeQL has a large selection of classes for representing the abstract syntax tree of Java and Kotlin programs.
.. include:: ../reusables/abstract-syntax-tree.rst

Просмотреть файл

@ -1,9 +1,9 @@
.. _analyzing-data-flow-in-java:
Analyzing data flow in Java
===========================
Analyzing data flow in Java and Kotlin
======================================
You can use CodeQL to track the flow of data through a Java program to its use.
You can use CodeQL to track the flow of data through a Java/Kotlin program to its use.
.. include:: ../reusables/kotlin-beta-note.rst
@ -12,7 +12,7 @@ You can use CodeQL to track the flow of data through a Java program to its use.
About this article
------------------
This article describes how data flow analysis is implemented in the CodeQL libraries for Java and includes examples to help you write your own data flow queries.
This article describes how data flow analysis is implemented in the CodeQL libraries for Java/Kotlin and includes examples to help you write your own data flow queries.
The following sections describe how to use the libraries for local data flow, global data flow, and taint tracking.
For a more general introduction to modeling data flow, see ":ref:`About data flow analysis <about-data-flow-analysis>`."

Просмотреть файл

@ -1,9 +1,11 @@
.. _annotations-in-java:
Annotations in Java
===================
Annotations in Java and Kotlin
==============================
CodeQL databases of Java projects contain information about all annotations attached to program elements.
CodeQL databases of Java/Kotlin projects contain information about all annotations attached to program elements.
.. include:: ../reusables/kotlin-beta-note.rst
About working with annotations
------------------------------
@ -15,7 +17,7 @@ Annotations are represented by these CodeQL classes:
- The class ``AnnotationElement`` represents an annotation element, that is, a member of an annotation type.
- The class ``Annotation`` represents an annotation such as ``@Override``; annotation values can be accessed through member predicate ``getValue``.
For example, the Java standard library defines an annotation ``SuppressWarnings`` that instructs the compiler not to emit certain kinds of warnings:
For example, the Java/Kotlin standard library defines an annotation ``SuppressWarnings`` that instructs the compiler not to emit certain kinds of warnings:
.. code-block:: java
@ -101,7 +103,7 @@ As a first step, let's write a query that finds all ``@Override`` annotations. A
where ann.getType().hasQualifiedName("java.lang", "Override")
select ann
As always, it is a good idea to try this query on a CodeQL database for a Java project to make sure it actually produces some results. On the earlier example, it should find the annotation on ``Sub1.m``. Next, we encapsulate the concept of an ``@Override`` annotation as a CodeQL class:
As always, it is a good idea to try this query on a CodeQL database for a Java/Kotlin project to make sure it actually produces some results. On the earlier example, it should find the annotation on ``Sub1.m``. Next, we encapsulate the concept of an ``@Override`` annotation as a CodeQL class:
::
@ -185,7 +187,7 @@ For more information about the class ``Call``, see ":doc:`Navigating the call gr
Improvements
~~~~~~~~~~~~
The Java standard library provides another annotation type ``java.lang.SupressWarnings`` that can be used to suppress certain categories of warnings. In particular, it can be used to turn off warnings about calls to deprecated methods. Therefore, it makes sense to improve our query to ignore calls to deprecated methods from inside methods that are marked with ``@SuppressWarnings("deprecation")``.
The Java/Kotlin standard library provides another annotation type ``java.lang.SupressWarnings`` that can be used to suppress certain categories of warnings. In particular, it can be used to turn off warnings about calls to deprecated methods. Therefore, it makes sense to improve our query to ignore calls to deprecated methods from inside methods that are marked with ``@SuppressWarnings("deprecation")``.
For instance, consider this slightly updated example:

Просмотреть файл

@ -133,7 +133,7 @@ Further reading
.. Article-specific substitutions for the reusables used in docs/codeql/reusables/vs-code-basic-instructions
.. |language-text| replace:: Java
.. |language-text| replace:: Java/Kotlin
.. |language-code| replace:: ``java``

Просмотреть файл

@ -1,7 +1,7 @@
.. _basic-query-for-javascript-code:
Basic query for JavaScript code
===============================
Basic query for JavaScript and TypeScript code
===============================================
Learn to write and run a simple CodeQL query using Visual Studio Code with the CodeQL extension.
@ -10,7 +10,7 @@ Learn to write and run a simple CodeQL query using Visual Studio Code with the C
About the query
---------------
In JavaScript, any expression can be turned into an expression statement. While this is sometimes convenient, it can be dangerous. For example, imagine a programmer wants to assign a new value to a variable ``x`` by means of an assignment ``x = 42``. However, they accidentally type two equals signs, producing the comparison statement ``x == 42``. This is valid JavaScript, so no error is generated. The statement simply compares ``x`` to ``42``, and then discards the result of the comparison.
In JavaScript and TypeScript, any expression can be turned into an expression statement. While this is sometimes convenient, it can be dangerous. For example, imagine a programmer wants to assign a new value to a variable ``x`` by means of an assignment ``x = 42``. However, they accidentally type two equals signs, producing the comparison statement ``x == 42``. This is valid JavaScript, so no error is generated. The statement simply compares ``x`` to ``42``, and then discards the result of the comparison.
The query you will run finds instances of this problem. The query searches for expressions ``e`` that are pure—that is, their evaluation does not lead to any side effects—but appear as an expression statement.
@ -50,7 +50,7 @@ After the initial ``import`` statement, this simple query comprises three parts
+---------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------+
| Query part | Purpose | Details |
+===============================================================+===================================================================================================================+========================================================================================================================+
| ``import javascript`` | Imports the standard CodeQL libraries for JavaScript. | Every query begins with one or more ``import`` statements. |
| ``import javascript`` | Imports the standard CodeQL libraries for JavaScript and TypeScript. | Every query begins with one or more ``import`` statements. |
+---------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------+
| ``from Expr e`` | Defines the variables for the query. | ``e`` is declared as a variable that ranges over expressions. |
| | Declarations are of the form: | |

Просмотреть файл

@ -10,7 +10,7 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat
.. pull-quote:: Enabling Kotlin support
CodeQL treats Java and Kotlin as parts of the same language, so to enable Kotlin support you should enable ``java`` as a language.
CodeQL treats Java and Kotlin as parts of the same language, so to enable Kotlin support you should enable ``java-kotlin`` as a language.
.. toctree::
:hidden:
@ -26,22 +26,22 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat
working-with-source-locations
abstract-syntax-tree-classes-for-working-with-java-programs
- :doc:`Basic query for Java code <basic-query-for-java-code>`: Learn to write and run a simple CodeQL query.
- :doc:`Basic query for Java and Kotlin code <basic-query-for-java-code>`: Learn to write and run a simple CodeQL query.
- :doc:`CodeQL library for Java <codeql-library-for-java>`: When analyzing Java code, you can use the large collection of classes in the CodeQL library for Java.
- :doc:`CodeQL library for Java and Kotlin <codeql-library-for-java>`: When analyzing Java/Kotlin code, you can use the large collection of classes in the CodeQL library for Java/Kotlin.
- :doc:`Analyzing data flow in Java <analyzing-data-flow-in-java>`: You can use CodeQL to track the flow of data through a Java program to its use.
- :doc:`Analyzing data flow in Java and Kotlin <analyzing-data-flow-in-java>`: You can use CodeQL to track the flow of data through a Java/Kotlin program to its use.
- :doc:`Java types <types-in-java>`: You can use CodeQL to find out information about data types used in Java code. This allows you to write queries to identify specific type-related issues.
- :doc:`Java and Kotlin types <types-in-java>`: You can use CodeQL to find out information about data types used in Java/Kotlin code. This allows you to write queries to identify specific type-related issues.
- :doc:`Overflow-prone comparisons in Java <overflow-prone-comparisons-in-java>`: You can use CodeQL to check for comparisons in Java code where one side of the comparison is prone to overflow.
- :doc:`Overflow-prone comparisons in Java and Kotlin <overflow-prone-comparisons-in-java>`: You can use CodeQL to check for comparisons in Java/Kotlin code where one side of the comparison is prone to overflow.
- :doc:`Navigating the call graph <navigating-the-call-graph>`: CodeQL has classes for identifying code that calls other code, and code that can be called from elsewhere. This allows you to find, for example, methods that are never used.
- :doc:`Annotations in Java <annotations-in-java>`: CodeQL databases of Java projects contain information about all annotations attached to program elements.
- :doc:`Annotations in Java and Kotlin <annotations-in-java>`: CodeQL databases of Java/Kotlin projects contain information about all annotations attached to program elements.
- :doc:`Javadoc <javadoc>`: You can use CodeQL to find errors in Javadoc comments in Java code.
- :doc:`Working with source locations <working-with-source-locations>`: You can use the location of entities within Java code to look for potential errors. Locations allow you to deduce the presence, or absence, of white space which, in some cases, may indicate a problem.
- :doc:`Working with source locations <working-with-source-locations>`: You can use the location of entities within Java/Kotlin code to look for potential errors. Locations allow you to deduce the presence, or absence, of white space which, in some cases, may indicate a problem.
- :doc:`Abstract syntax tree classes for working with Java programs <abstract-syntax-tree-classes-for-working-with-java-programs>`: CodeQL has a large selection of classes for representing the abstract syntax tree of Java programs.
- :doc:`Abstract syntax tree classes for working with Java and Kotlin programs <abstract-syntax-tree-classes-for-working-with-java-programs>`: CodeQL has a large selection of classes for representing the abstract syntax tree of Java/Kotlin programs.

Просмотреть файл

@ -1,9 +1,9 @@
.. _codeql-for-javascript:
CodeQL for JavaScript
=====================
CodeQL for JavaScript and TypeScript
====================================
Experiment and learn how to write effective and efficient queries for CodeQL databases generated from JavaScript codebases.
Experiment and learn how to write effective and efficient queries for CodeQL databases generated from JavaScript and TypeScript codebases.
.. toctree::
:hidden:
@ -18,7 +18,7 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat
abstract-syntax-tree-classes-for-working-with-javascript-and-typescript-programs
data-flow-cheat-sheet-for-javascript
- :doc:`Basic query for JavaScript code <basic-query-for-javascript-code>`: Learn to write and run a simple CodeQL query.
- :doc:`Basic query for JavaScript and TypeScript code <basic-query-for-javascript-code>`: Learn to write and run a simple CodeQL query.
- :doc:`CodeQL library for JavaScript <codeql-library-for-javascript>`: When you're analyzing a JavaScript program, you can make use of the large collection of classes in the CodeQL library for JavaScript.

Просмотреть файл

@ -1,14 +1,16 @@
.. _codeql-library-for-java:
CodeQL library for Java
=======================
CodeQL library for Java and Kotlin
==================================
When you're analyzing a Java program, you can make use of the large collection of classes in the CodeQL library for Java.
When you're analyzing a Java/Kotlin program, you can make use of the large collection of classes in the CodeQL library for Java/Kotlin.
About the CodeQL library for Java
---------------------------------
.. include:: ../reusables/kotlin-beta-note.rst
There is an extensive library for analyzing CodeQL databases extracted from Java projects. The classes in this library present the data from a database in an object-oriented form and provide abstractions and predicates to help you with common analysis tasks.
About the CodeQL library for Java and Kotlin
--------------------------------------------
There is an extensive library for analyzing CodeQL databases extracted from Java/Kotlin projects. The classes in this library present the data from a database in an object-oriented form and provide abstractions and predicates to help you with common analysis tasks.
The library is implemented as a set of QL modules, that is, files with the extension ``.qll``. The module ``java.qll`` imports all the core Java library modules, so you can include the complete library by beginning your query with:
@ -27,7 +29,7 @@ The rest of this article briefly summarizes the most important classes and predi
Summary of the library classes
------------------------------
The most important classes in the standard Java library can be grouped into five main categories:
The most important classes in the standard Java/Kotlin library can be grouped into five main categories:
#. Classes for representing program elements (such as classes and methods)
#. Classes for representing AST nodes (such as statements and expressions)
@ -192,7 +194,7 @@ The wildcards ``? extends Number`` and ``? super Float`` are represented by clas
For dealing with generic methods, there are classes ``GenericMethod``, ``ParameterizedMethod`` and ``RawMethod``, which are entirely analogous to the like-named classes for representing generic types.
For more information on working with types, see the :doc:`Types in Java <types-in-java>`.
For more information on working with types, see the :doc:`Types in Java and Kotlin <types-in-java>`.
Variables
~~~~~~~~~
@ -206,7 +208,7 @@ Class ``Variable`` represents a variable `in the Java sense <https://docs.oracle
Abstract syntax tree
--------------------
Classes in this category represent abstract syntax tree (AST) nodes, that is, statements (class ``Stmt``) and expressions (class ``Expr``). For a full list of expression and statement types available in the standard QL library, see ":doc:`Abstract syntax tree classes for working with Java programs <abstract-syntax-tree-classes-for-working-with-java-programs>`."
Classes in this category represent abstract syntax tree (AST) nodes, that is, statements (class ``Stmt``) and expressions (class ``Expr``). For a full list of expression and statement types available in the standard QL library, see ":doc:`Abstract syntax tree classes for working with Java and Kotlin programs <abstract-syntax-tree-classes-for-working-with-java-programs>`."
Both ``Expr`` and ``Stmt`` provide member predicates for exploring the abstract syntax tree of a program:
@ -254,12 +256,12 @@ Finally, here is a query that finds method bodies:
As these examples show, the parent node of an expression is not always an expression: it may also be a statement, for example, an ``IfStmt``. Similarly, the parent node of a statement is not always a statement: it may also be a method or a constructor. To capture this, the QL Java library provides two abstract class ``ExprParent`` and ``StmtParent``, the former representing any node that may be the parent node of an expression, and the latter any node that may be the parent node of a statement.
For more information on working with AST classes, see the :doc:`article on overflow-prone comparisons in Java <overflow-prone-comparisons-in-java>`.
For more information on working with AST classes, see the :doc:`article on overflow-prone comparisons in Java and Kotlin <overflow-prone-comparisons-in-java>`.
Metadata
--------
Java programs have several kinds of metadata, in addition to the program code proper. In particular, there are `annotations <https://docs.oracle.com/javase/tutorial/java/annotations/>`__ and `Javadoc <https://en.wikipedia.org/wiki/Javadoc>`__ comments. Since this metadata is interesting both for enhancing code analysis and as an analysis subject in its own right, the QL library defines classes for accessing it.
Java/Kotlin programs have several kinds of metadata, in addition to the program code proper. In particular, there are `annotations <https://docs.oracle.com/javase/tutorial/java/annotations/>`__ and `Javadoc <https://en.wikipedia.org/wiki/Javadoc>`__ comments. Since this metadata is interesting both for enhancing code analysis and as an analysis subject in its own right, the QL library defines classes for accessing it.
For annotations, class ``Annotatable`` is a superclass of all program elements that can be annotated. This includes packages, reference types, fields, methods, constructors, and local variable declarations. For every such element, its predicate ``getAnAnnotation`` allows you to retrieve any annotations the element may have. For example, the following query finds all annotations on constructors:
@ -344,7 +346,7 @@ Most large projects include some methods with a very high cyclomatic complexity.
Call graph
----------
CodeQL databases generated from Java code bases include precomputed information about the program's call graph, that is, which methods or constructors a given call may dispatch to at runtime.
CodeQL databases generated from Java and Kotlin code bases include precomputed information about the program's call graph, that is, which methods or constructors a given call may dispatch to at runtime.
The class ``Callable``, introduced above, includes both methods and constructors. Call expressions are abstracted using class ``Call``, which includes method calls, ``new`` expressions, and explicit constructor calls using ``this`` or ``super``.

Просмотреть файл

@ -3,12 +3,14 @@
:orphan:
:nosearch:
Customizing Library Models for Java
===================================
Customizing Library Models for Java and Kotlin
==============================================
.. include:: ../reusables/beta-note-customizing-library-models.rst
The Java analysis can be customized by adding library models (summaries, sinks and sources) in data extension files.
.. include:: ../reusables/kotlin-beta-note.rst
The Java/Kotlin analysis can be customized by adding library models (summaries, sinks and sources) in data extension files.
A model is a definition of a behavior of a library element, such as a method, that is used to improve the data flow analysis precision by identifying more results.
Most of the security related queries are taint tracking queries that try to find paths from a source of untrusted input to a sink that represents a vulnerability. Sources are the starting points of a taint tracking data flow analysis, and sinks are the end points of a taint tracking data flow analysis.
@ -30,7 +32,7 @@ A data extension file for Java is a YAML file in the form:
Data extensions contribute to the extensible predicates defined in the CodeQL library. For more information on how to define data extensions and extensible predicates as well as how to wire them up, see the :ref:`data-extensions` documentation.
The CodeQL library for Java exposes the following extensible predicates:
The CodeQL library for Java/Kotlin exposes the following extensible predicates:
- **sourceModel**\(package, type, subtypes, name, signature, ext, output, kind, provenance). This is used for **source** models.
- **sinkModel**\(package, type, subtypes, name, signature, ext, input, kind, provenance). This is used for **sink** models.
@ -48,7 +50,7 @@ Example: Taint sink in the **java.sql** package
In this example we will show how to model the argument of the **execute** method as a SQL injection sink.
This is the **execute** method in the **Statement** class, which is located in the **java.sql** package.
Note that this sink is already added to the CodeQL Java analysis.
Note that this sink is already added to the CodeQL Java/Kotlin analysis.
.. code-block:: java
@ -89,7 +91,7 @@ Example: Taint source from the **java.net** package
----------------------------------------------------
In this example we show how to model the return value from the **getInputStream** method as a **remote** source.
This is the **getInputStream** method in the **Socket** class, which is located in the **java.net** package.
Note that this source is already added to the CodeQL Java analysis.
Note that this source is already added to the CodeQL Java/Kotlin analysis.
.. code-block:: java
@ -130,7 +132,7 @@ Example: Add flow through the **concat** method
------------------------------------------------
In this example we show how to model flow through a method for a simple case.
This pattern covers many of the cases where we need to define flow through a method.
Note that the flow through the **concat** method is already added to the CodeQL Java analysis.
Note that the flow through the **concat** method is already added to the CodeQL Java/Kotlin analysis.
.. code-block:: java
@ -178,7 +180,7 @@ Example: Add flow through the **map** method
---------------------------------------------
In this example, we will see a more complex example of modeling flow through a method.
This pattern shows how to model flow through higher order methods and collection types.
Note that the flow through the **map** method is already added to the CodeQL Java analysis.
Note that the flow through the **map** method is already added to the CodeQL Java/Kotlin analysis.
.. code-block:: java
@ -238,7 +240,7 @@ Example: Add a **neutral** method
----------------------------------
In this example we will show how to model the **now** method as being neutral with respect to flow.
A neutral model is used to define that there is no flow through a method.
Note that the neutral model for the **now** method is already added to the CodeQL Java analysis.
Note that the neutral model for the **now** method is already added to the CodeQL Java/Kotlin analysis.
.. code-block:: java

Просмотреть файл

@ -8,7 +8,7 @@ CodeQL has classes for identifying code that calls other code, and code that can
Call graph classes
------------------
The CodeQL library for Java provides two abstract classes for representing a program's call graph: ``Callable`` and ``Call``. The former is simply the common superclass of ``Method`` and ``Constructor``, the latter is a common superclass of ``MethodAccess``, ``ClassInstanceExpression``, ``ThisConstructorInvocationStmt`` and ``SuperConstructorInvocationStmt``. Simply put, a ``Callable`` is something that can be invoked, and a ``Call`` is something that invokes a ``Callable``.
The CodeQL library for Java/Kotlin provides two abstract classes for representing a program's call graph: ``Callable`` and ``Call``. The former is simply the common superclass of ``Method`` and ``Constructor``, the latter is a common superclass of ``MethodAccess``, ``ClassInstanceExpression``, ``ThisConstructorInvocationStmt`` and ``SuperConstructorInvocationStmt``. Simply put, a ``Callable`` is something that can be invoked, and a ``Call`` is something that invokes a ``Callable``.
For example, in the following program all callables and calls have been annotated with comments:
@ -88,7 +88,7 @@ This simple query typically returns a large number of results.
We have to use ``polyCalls`` instead of ``calls`` here: we want to be reasonably sure that ``callee`` is not called, either directly or via overriding.
Running this query on a typical Java project results in lots of hits in the Java standard library. This makes sense, since no single client program uses every method of the standard library. More generally, we may want to exclude methods and constructors from compiled libraries. We can use the predicate ``fromSource`` to check whether a compilation unit is a source file, and refine our query:
Running this query on a typical Java/Kotlin project results in lots of hits in the Java/Kotlin standard library. This makes sense, since no single client program uses every method of the standard library. More generally, we may want to exclude methods and constructors from compiled libraries. We can use the predicate ``fromSource`` to check whether a compilation unit is a source file, and refine our query:
.. code-block:: ql

Просмотреть файл

@ -1,9 +1,11 @@
.. _overflow-prone-comparisons-in-java:
Overflow-prone comparisons in Java
==================================
Overflow-prone comparisons in Java and Kotlin
=============================================
You can use CodeQL to check for comparisons in Java code where one side of the comparison is prone to overflow.
You can use CodeQL to check for comparisons in Java/Kotlin code where one side of the comparison is prone to overflow.
.. include:: ../reusables/kotlin-beta-note.rst
About this article
------------------

Просмотреть файл

@ -1,9 +1,11 @@
.. _types-in-java:
Types in Java
=============
Types in Java and Kotlin
========================
You can use CodeQL to find out information about data types used in Java code. This allows you to write queries to identify specific type-related issues.
You can use CodeQL to find out information about data types used in Java/Kotlin code. This allows you to write queries to identify specific type-related issues.
.. include:: ../reusables/kotlin-beta-note.rst
About working with Java types
-----------------------------

Просмотреть файл

@ -3,7 +3,9 @@
Working with source locations
=============================
You can use the location of entities within Java code to look for potential errors. Locations allow you to deduce the presence, or absence, of white space which, in some cases, may indicate a problem.
You can use the location of entities within Java/Kotlin code to look for potential errors. Locations allow you to deduce the presence, or absence, of white space which, in some cases, may indicate a problem.
.. include:: ../reusables/kotlin-beta-note.rst
About source locations
----------------------
@ -175,7 +177,7 @@ Now we can extend our query to discard results where the outer and the inner exp
wsinner > wsouter
select outer, "Whitespace around nested operators contradicts precedence."
Notice that we again use ``getOp``, this time to determine whether two binary expressions have the same operator. Running our improved query now finds the Java standard library bug described in the Overview. It also flags up the following suspicious code in `Hadoop HBase <https://hbase.apache.org/>`__:
Notice that we again use ``getOp``, this time to determine whether two binary expressions have the same operator. Running our improved query now finds the Java/Kotlin standard library bug described in the Overview. It also flags up the following suspicious code in `Hadoop HBase <https://hbase.apache.org/>`__:
.. code-block:: java

Просмотреть файл

@ -1,4 +1,4 @@
# CWE coverage for Java
# CWE coverage for Java and Kotlin
An overview of CWE coverage for Java in the latest release of CodeQL.

Просмотреть файл

@ -1,5 +1,5 @@
CodeQL query help for Java
==========================
CodeQL query help for Java and Kotlin
=====================================
.. include:: ../reusables/query-help-overview.rst

Просмотреть файл

@ -1,6 +1,6 @@
# CWE coverage for JavaScript
# CWE coverage for JavaScript and TypeScript
An overview of CWE coverage for JavaScript in the latest release of CodeQL.
An overview of CWE coverage for JavaScript and TypeScript in the latest release of CodeQL.
## Overview

Просмотреть файл

@ -1,5 +1,5 @@
CodeQL query help for JavaScript
================================
CodeQL query help for JavaScript and TypeScript
===============================================
.. include:: ../reusables/query-help-overview.rst

Просмотреть файл

@ -74,7 +74,7 @@ When writing your own alert queries, you would typically import the standard lib
- :ref:`CodeQL library guide for C and C++ <codeql-library-for-cpp>`
- :ref:`CodeQL library guide for C# <codeql-library-for-csharp>`
- :ref:`CodeQL library guide for Go <codeql-library-for-go>`
- :ref:`CodeQL library guide for Java <codeql-library-for-java>`
- :ref:`CodeQL library guide for Java and Kotlin <codeql-library-for-java>`
- :ref:`CodeQL library guide for JavaScript <codeql-library-for-javascript>`
- :ref:`CodeQL library guide for Python <codeql-library-for-python>`
- :ref:`CodeQL library guide for Ruby <codeql-library-for-ruby>`

Просмотреть файл

@ -18,7 +18,7 @@ See the following tutorials for more information about analyzing data flow in sp
- ":ref:`Analyzing data flow in C/C++ <analyzing-data-flow-in-cpp>`"
- ":ref:`Analyzing data flow in C# <analyzing-data-flow-in-csharp>`"
- ":ref:`Analyzing data flow in Java <analyzing-data-flow-in-java>`"
- ":ref:`Analyzing data flow in Java/Kotlin <analyzing-data-flow-in-java>`"
- ":ref:`Analyzing data flow in JavaScript/TypeScript <analyzing-data-flow-in-javascript-and-typescript>`"
- ":ref:`Analyzing data flow in Python <analyzing-data-flow-in-python>`"
- ":ref:`Analyzing data flow in Ruby <analyzing-data-flow-in-ruby>`"

Просмотреть файл

@ -28,7 +28,7 @@ For more language-specific information on analyzing data flow, see:
- ":ref:`Analyzing data flow in C/C++ <analyzing-data-flow-in-cpp>`"
- ":ref:`Analyzing data flow in C# <analyzing-data-flow-in-csharp>`"
- ":ref:`Analyzing data flow in Java <analyzing-data-flow-in-java>`"
- ":ref:`Analyzing data flow in Java/Kotlin <analyzing-data-flow-in-java>`"
- ":ref:`Analyzing data flow in JavaScript/TypeScript <analyzing-data-flow-in-javascript-and-typescript>`"
- ":ref:`Analyzing data flow in Python <analyzing-data-flow-in-python>`"
- ":ref:`Analyzing data flow in Ruby <analyzing-data-flow-in-ruby>`"
@ -123,7 +123,7 @@ Declaring sources and sinks
You must provide information about the ``source`` and ``sink`` in your path query. These are objects that correspond to the nodes of the paths that you are exploring.
The name and the type of the ``source`` and the ``sink`` must be declared in the ``from`` statement of the query, and the types must be compatible with the nodes of the graph computed by the ``edges`` predicate.
If you are querying C/C++, C#, Go, Java, JavaScript, Python, or Ruby code (and you have used ``import MyFlow::PathGraph`` in your query), the definitions of the ``source`` and ``sink`` are accessed via the module resulting from the application of the ``Global<..>`` module in the data flow library. You should declare both of these objects in the ``from`` statement.
If you are querying C/C++, C#, Go, Java/Kotlin, JavaScript/TypeScript, Python, or Ruby code (and you have used ``import MyFlow::PathGraph`` in your query), the definitions of the ``source`` and ``sink`` are accessed via the module resulting from the application of the ``Global<..>`` module in the data flow library. You should declare both of these objects in the ``from`` statement.
For example:
.. code-block:: ql

Просмотреть файл

@ -15,7 +15,7 @@ For more information about how to write useful query help in a style that is con
You can access the query help for CodeQL queries by visiting `CodeQL query help <https://codeql.github.com/codeql-query-help>`__.
You can also access the raw query help files in the `GitHub repository <https://github.com/github/codeql>`__.
For example, see the `JavaScript security queries <https://github.com/github/codeql/tree/main/javascript/ql/src/Security>`__ and `C/C++ critical queries <https://github.com/github/codeql/tree/main/cpp/ql/src/Critical>`__.
For example, see the `JavaScript/TypeScript security queries <https://github.com/github/codeql/tree/main/javascript/ql/src/Security>`__ and `C/C++ critical queries <https://github.com/github/codeql/tree/main/cpp/ql/src/Critical>`__.
Overview
========

Просмотреть файл

@ -70,7 +70,7 @@ You must specify an `@id` property for your query. It must be unique and should
* C and C++: `cpp`
* C#: `cs`
* Go: `go`
* Java: `java`
* Java and Kotlin: `java`
* JavaScript and TypeScript: `js`
* Python: `py`