diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index e074b1c2079..f22bc016c19 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -15,7 +15,7 @@ Follow the steps below to help other users understand what your query does, and 2. **Format your code correctly** - All of Semmle's standard queries and libraries are uniformly formatted for clarity and consistency, so we strongly recommend that all contributions follow the same formatting guidelines. If you use QL for Eclipse, you can auto-format your query in the [QL editor](https://help.semmle.com/ql-for-eclipse/Content/WebHelp/ql-editor.html). For more information, see the [CodeQL style guide](https://github.com/Semmle/ql/blob/master/docs/ql-style-guide.md). + All of Semmle's standard queries and libraries are uniformly formatted for clarity and consistency, so we strongly recommend that all contributions follow the same formatting guidelines. If you use CodeQL for VS Code, you can autoformat your query in the [Editor](https://help.semmle.com/codeql/codeql-for-vscode/reference/editor.html#autoformatting). For more information, see the [CodeQL style guide](https://github.com/Semmle/ql/blob/master/docs/ql-style-guide.md). 3. **Make sure your query has the correct metadata** @@ -26,7 +26,7 @@ Follow the steps below to help other users understand what your query does, and 4. **Make sure the `select` statement is compatible with the query type** - The `select` statement of your query must be compatible with the query type (determined by the `@kind` metadata property) for alert or path results to be displayed correctly in LGTM and QL for Eclipse. + The `select` statement of your query must be compatible with the query type (determined by the `@kind` metadata property) for alert or path results to be displayed correctly in LGTM and CodeQL for VS Code. For more information on `select` statement format, see [Introduction to query files](https://help.semmle.com/QL/learn-ql/writing-queries/introduction-to-queries.html#select-clause) on help.semmle.com. 5. **Save your query in a `.ql` file in the correct language directory in this repository** diff --git a/change-notes/1.23/analysis-java.md b/change-notes/1.23/analysis-java.md index ad1f2248912..e6355407dbd 100644 --- a/change-notes/1.23/analysis-java.md +++ b/change-notes/1.23/analysis-java.md @@ -7,6 +7,7 @@ The following changes in version 1.23 affect Java analysis in all applications. | **Query** | **Tags** | **Purpose** | |-----------------------------|-----------|--------------------------------------------------------------------| | Continue statement that does not continue (`java/continue-in-false-loop`) | correctness | Finds `continue` statements in `do { ... } while (false)` loops. Results are shown on LGTM by default. | +| Disabled Netty HTTP header validation (`java/netty-http-response-splitting`) | security, external/cwe/cwe-113 | Finds response-splitting vulnerabilities due to Netty HTTP header validation being disabled. Results are shown on LGTM by default. | ## Changes to existing queries diff --git a/docs/language/learn-ql/ql-training.rst b/docs/language/learn-ql/ql-training.rst index 70aeb21f69a..fcb14476d88 100644 --- a/docs/language/learn-ql/ql-training.rst +++ b/docs/language/learn-ql/ql-training.rst @@ -25,7 +25,7 @@ When you have selected a presentation, use |arrow-r| and |arrow-l| to navigate b Press **p** to view the additional notes on slides that have an information icon |info| in the top right corner, and press **f** to enter full-screen mode. The presentations contain a number of query examples. -We recommend that you download `QL for Eclipse `__ and import the example database for each presentation so that you can find the bugs mentioned in the slides. +We recommend that you download `CodeQL for Visual Studio Code `__ and add the example database for each presentation so that you can find the bugs mentioned in the slides. .. pull-quote:: diff --git a/docs/language/ql-training/cpp/intro-ql-cpp.rst b/docs/language/ql-training/cpp/intro-ql-cpp.rst index 72fa57308f4..6beff0b708e 100644 --- a/docs/language/ql-training/cpp/intro-ql-cpp.rst +++ b/docs/language/ql-training/cpp/intro-ql-cpp.rst @@ -106,7 +106,7 @@ Each query library also implicitly defines a module. .. note:: - Queries are always contained in query files with the file extension ``.ql``. `Quick queries `__, run in `QL for Eclipse `__, are no exception: the quick query window maintains a temporary query file in the background. + Queries are always contained in query files with the file extension ``.ql``. Parts of queries can be lifted into `library files `__ with the extension ``.qll``. Definitions within such libraries can be brought into scope using ``import`` statements, and similarly QLL files can import each other’s definitions using “import” statements. diff --git a/docs/language/ql-training/template.rst b/docs/language/ql-training/template.rst index 21c5abef144..4a5b9b32341 100644 --- a/docs/language/ql-training/template.rst +++ b/docs/language/ql-training/template.rst @@ -27,7 +27,7 @@ Template slide deck Second subheading -.. Set up slide. Include link to QL4E snapshots required for examples +.. Set up slide. Include link to CodeQL databases required for examples .. rst-class:: setup @@ -36,8 +36,8 @@ Setup For this example you should download: -- `QL for Eclipse `__ -- A snapshot +- `CodeQL for Visual Studio Code `__ +- A CodeQL database .. note:: diff --git a/docs/ql-style-guide.md b/docs/ql-style-guide.md index 9e926c0b07e..a22085f50b7 100644 --- a/docs/ql-style-guide.md +++ b/docs/ql-style-guide.md @@ -3,7 +3,7 @@ ## Introduction This document describes how to format the code you contribute to this repository. It covers aspects such as layout, white-space, naming, and documentation. Adhering to consistent standards makes code easier to read and maintain. Of course, these are only guidelines, and can be overridden as the need arises on a case-by-case basis. Where existing code deviates from these guidelines, prefer consistency with the surrounding code. -Note, if you use QL for Eclipse, you can auto-format your query in the [QL editor](https://help.semmle.com/ql-for-eclipse/Content/WebHelp/ql-editor.html). +Note, if you use CodeQL for VS Code, you can autoformat your query in the [Editor](https://help.semmle.com/codeql/codeql-for-vscode/reference/editor.html#autoformatting). Words in *italic* are defined in the [Glossary](#glossary).