зеркало из https://github.com/github/codeql.git
Deprecate the CodeQL for VS Code docs in favour of docs.github.com version
This commit is contained in:
Ben Ahmady
Родитель
17e0cc5648
Коммит
8cba276b87
|
|
@ -4,6 +4,8 @@ We welcome contributions to our CodeQL libraries and queries. Got an idea for a
|
|||
|
||||
There is lots of useful documentation to help you write queries, ranging from information about query file structure to tutorials for specific target languages. For more information on the documentation available, see [CodeQL queries](https://codeql.github.com/docs/writing-codeql-queries/codeql-queries) on [codeql.github.com](https://codeql.github.com).
|
||||
|
||||
Note that the CodeQL for Visual Studio Code documentation has been migrated to https://docs.github.com/en/code-security/codeql-for-vs-code/, but you can still contribute to it via a different repository. For more information, see [Contributing to GitHub Docs documentation](https://docs.github.com/en/contributing)."
|
||||
|
||||
## Change notes
|
||||
|
||||
Any nontrivial user-visible change to a query pack or library pack should have a change note. For details on how to add a change note for your change, see [this guide](docs/change-notes.md).
|
||||
|
|
@ -43,7 +45,7 @@ If you have an idea for a query that you would like to share with other CodeQL u
|
|||
|
||||
3. **Formatting**
|
||||
|
||||
- The queries and libraries must be autoformatted, for example using the "Format Document" command in [CodeQL for Visual Studio Code](https://codeql.github.com/docs/codeql-for-visual-studio-code/about-codeql-for-visual-studio-code).
|
||||
- The queries and libraries must be autoformatted, for example using the "Format Document" command in [CodeQL for Visual Studio Code](https://docs.github.com/en/code-security/codeql-for-vs-code/).
|
||||
|
||||
If you prefer, you can either:
|
||||
1. install the [pre-commit framework](https://pre-commit.com/) and install the configured hooks on this repo via `pre-commit install`, or
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ This open source repository contains the standard CodeQL libraries and queries t
|
|||
|
||||
## How do I learn CodeQL and run queries?
|
||||
|
||||
There is [extensive documentation](https://codeql.github.com/docs/) on getting started with writing CodeQL using the [CodeQL extension for Visual Studio Code](https://codeql.github.com/docs/codeql-for-visual-studio-code/) and the [CodeQL CLI](https://codeql.github.com/docs/codeql-cli/).
|
||||
There is [extensive documentation](https://codeql.github.com/docs/) on getting started with writing CodeQL using the [CodeQL extension for Visual Studio Code](https://docs.github.com/en/code-security/codeql-for-vs-code/) and the [CodeQL CLI](https://codeql.github.com/docs/codeql-cli/).
|
||||
|
||||
## Contributing
|
||||
|
||||
|
|
|
|||
|
|
@ -5,6 +5,8 @@
|
|||
About CodeQL for Visual Studio Code
|
||||
=================================================
|
||||
|
||||
.. include:: ../reusables/deprecation-note.rst
|
||||
|
||||
CodeQL for Visual Studio Code is an extension that lets you write, run, and test CodeQL queries in Visual Studio Code.
|
||||
|
||||
Features
|
||||
|
|
|
|||
|
|
@ -5,6 +5,8 @@
|
|||
About telemetry in CodeQL for Visual Studio Code
|
||||
=================================================
|
||||
|
||||
.. include:: ../reusables/deprecation-note.rst
|
||||
|
||||
If you specifically opt in to permit GitHub to do so, GitHub will collect usage data and metrics for the purposes of helping the core developers to improve the CodeQL extension for VS Code.
|
||||
|
||||
This data will not be shared with any parties outside of GitHub. IP addresses and installation IDs will be retained for a maximum of 30 days. Anonymous data will be retained for a maximum of 180 days.
|
||||
|
|
|
|||
|
|
@ -5,6 +5,8 @@
|
|||
Analyzing your projects
|
||||
=================================================
|
||||
|
||||
.. include:: ../reusables/deprecation-note.rst
|
||||
|
||||
You can run queries on CodeQL databases and view the results in Visual Studio Code. This article explains how to get a CodeQL database and analyze it on your local machine. For information on running analysis at scale across many CodeQL databases, see ":ref:`Running CodeQL queries at scale with multi-repository variant analysis <running-codeql-queries-at-scale-with-mrva>`."
|
||||
|
||||
Choosing a database
|
||||
|
|
|
|||
|
|
@ -5,6 +5,8 @@
|
|||
Customizing settings
|
||||
====================
|
||||
|
||||
.. include:: ../reusables/deprecation-note.rst
|
||||
|
||||
You can edit the settings for the CodeQL extension to suit your needs.
|
||||
|
||||
About CodeQL extension settings
|
||||
|
|
|
|||
|
|
@ -5,6 +5,8 @@
|
|||
Exploring data flow with path queries
|
||||
=====================================
|
||||
|
||||
.. include:: ../reusables/deprecation-note.rst
|
||||
|
||||
You can run CodeQL queries in VS Code to help you track the flow of data through a program, highlighting areas that are potential security vulnerabilities.
|
||||
|
||||
About path queries
|
||||
|
|
|
|||
|
|
@ -5,6 +5,8 @@
|
|||
Exploring the structure of your source code
|
||||
=================================================
|
||||
|
||||
.. include:: ../reusables/deprecation-note.rst
|
||||
|
||||
You can use the AST viewer to display the abstract syntax tree of a CodeQL database.
|
||||
|
||||
About the abstract syntax tree
|
||||
|
|
|
|||
|
|
@ -3,6 +3,8 @@
|
|||
CodeQL for Visual Studio Code
|
||||
=============================
|
||||
|
||||
.. include:: ../reusables/deprecation-note.rst
|
||||
|
||||
The CodeQL extension for Visual Studio Code adds rich language support for CodeQL and allows you to easily find problems in codebases.
|
||||
|
||||
- :doc:`About CodeQL for Visual Studio Code
|
||||
|
|
|
|||
|
|
@ -5,6 +5,8 @@
|
|||
Running CodeQL queries at scale with multi-repository variant analysis
|
||||
======================================================================
|
||||
|
||||
.. include:: ../reusables/deprecation-note.rst
|
||||
|
||||
.. include:: ../reusables/beta-note-mrva.rst
|
||||
|
||||
About multi-repository variant analysis
|
||||
|
|
|
|||
|
|
@ -5,6 +5,8 @@
|
|||
Setting up CodeQL in Visual Studio Code
|
||||
=================================================
|
||||
|
||||
.. include:: ../reusables/deprecation-note.rst
|
||||
|
||||
You can install and configure the CodeQL extension in Visual Studio Code.
|
||||
|
||||
.. include:: ../reusables/license-note.rst
|
||||
|
|
|
|||
|
|
@ -5,6 +5,8 @@
|
|||
Testing CodeQL queries in Visual Studio Code
|
||||
============================================
|
||||
|
||||
.. include:: ../reusables/deprecation-note.rst
|
||||
|
||||
You can run unit tests for CodeQL queries using the Visual Studio Code extension. When you are sure that your query finds the results you want to identify, you can use variant analysis to run it at scale. For information on running analysis at scale across many CodeQL databases, see ":ref:`Running CodeQL queries at scale with multi-repository variant analysis <running-codeql-queries-at-scale-with-mrva>`."
|
||||
|
||||
About testing queries in VS Code
|
||||
|
|
|
|||
|
|
@ -5,6 +5,8 @@
|
|||
Troubleshooting CodeQL for Visual Studio Code
|
||||
=============================================
|
||||
|
||||
.. include:: ../reusables/deprecation-note.rst
|
||||
|
||||
This article explains how to debug problems with the analysis of CodeQL databases that are stored on your local
|
||||
machine. For information on troubleshooting variant analysis, which runs on GitHub.com, see
|
||||
":ref:`Troubleshooting variant analysis <troubleshooting-variant-analysis>`."
|
||||
|
|
|
|||
|
|
@ -5,6 +5,8 @@
|
|||
Troubleshooting variant analysis
|
||||
================================
|
||||
|
||||
.. include:: ../reusables/deprecation-note.rst
|
||||
|
||||
.. include:: ../reusables/beta-note-mrva.rst
|
||||
|
||||
This article explains how to debug problems with variant analysis, that is, analysis run using GitHub Actions
|
||||
|
|
|
|||
|
|
@ -5,6 +5,8 @@
|
|||
Using the CodeQL model editor
|
||||
=============================
|
||||
|
||||
.. include:: ../reusables/deprecation-note.rst
|
||||
|
||||
.. include:: ../reusables/beta-note-model-pack-editor-vsc.rst
|
||||
|
||||
You can view, write, and edit CodeQL packs in Visual Studio Code using the CodeQL extension. The model editor is designed to help you model external dependencies of your codebase that are not supported by the standard CodeQL Libraries.
|
||||
|
|
|
|||
|
|
@ -5,6 +5,8 @@
|
|||
Working with CodeQL packs in Visual Studio Code
|
||||
===============================================
|
||||
|
||||
.. include:: ../reusables/deprecation-note.rst
|
||||
|
||||
.. include:: ../reusables/beta-note-package-management.rst
|
||||
|
||||
You can view, write, and edit all types of CodeQL packs in Visual Studio Code using the CodeQL extension.
|
||||
|
|
|
|||
|
|
@ -73,7 +73,7 @@ The CodeQL examples in this article are only excerpts and are not meant to repre
|
|||
Abstract syntax
|
||||
---------------
|
||||
|
||||
The abstract syntax tree (AST) represents the elements of the source code organized into a tree. The `AST viewer <https://codeql.github.com/docs/codeql-for-visual-studio-code/exploring-the-structure-of-your-source-code/>`__
|
||||
The abstract syntax tree (AST) represents the elements of the source code organized into a tree. The `AST viewer <https://docs.github.com/en/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/exploring-the-structure-of-your-source-code>`__
|
||||
in Visual Studio Code shows the AST nodes, including the relevant CodeQL classes and predicates.
|
||||
|
||||
All CodeQL AST classes inherit from the `AstNode` class, which provides the following member predicates
|
||||
|
|
|
|||
|
|
@ -70,8 +70,8 @@ Query execution
|
|||
After you've created a CodeQL database, one or more queries are executed
|
||||
against it. CodeQL queries are written in a specially-designed object-oriented
|
||||
query language called QL. You can run the queries checked out from the CodeQL
|
||||
repo (or custom queries that you've written yourself) using the :ref:`CodeQL
|
||||
for VS Code extension <codeql-for-visual-studio-code>` or the `CodeQL CLI
|
||||
repo (or custom queries that you've written yourself) using the `CodeQL
|
||||
for VS Code extension <https://docs.github.com/en/code-security/codeql-for-vs-code/>` or the `CodeQL CLI
|
||||
<https://docs.github.com/en/code-security/codeql-cli>`__. For more information about queries, see ":ref:`About CodeQL queries <about-codeql-queries>`."
|
||||
|
||||
.. _interpret-query-results:
|
||||
|
|
|
|||
|
|
@ -82,7 +82,7 @@ Bug Fixes
|
|||
Python
|
||||
""""""
|
||||
|
||||
* The `View AST functionality <https://codeql.github.com/docs/codeql-for-visual-studio-code/exploring-the-structure-of-your-source-code/>`__ no longer prints detailed information about regular expressions, greatly improving performance.
|
||||
* The `View AST functionality <https://docs.github.com/en/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/exploring-the-structure-of-your-source-code>`__ no longer prints detailed information about regular expressions, greatly improving performance.
|
||||
|
||||
Minor Analysis Improvements
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
|
|
|||
|
|
@ -53,5 +53,5 @@ CodeQL for Visual Studio Code
|
|||
|
||||
You can analyze CodeQL databases in Visual Studio Code using the CodeQL
|
||||
extension, which provides an enhanced environment for writing and running custom
|
||||
queries and viewing the results. For more information, see ":ref:`CodeQL
|
||||
for Visual Studio Code <codeql-for-visual-studio-code>`."
|
||||
queries and viewing the results. For more information, see "`CodeQL
|
||||
for Visual Studio Code <https://docs.github.com/en/code-security/codeql-for-vs-code/>`."
|
||||
|
|
@ -9,7 +9,7 @@ CodeQL for C/C++
|
|||
Setup
|
||||
=====
|
||||
|
||||
For this example you need to set up `CodeQL for Visual Studio Code <https://codeql.github.com/docs/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code/>`__ and download the CodeQL database for `ChakraCore <https://github.com/Chakra-Core/ChakraCore/>`__ from GitHub.
|
||||
For this example you need to set up `CodeQL for Visual Studio Code <https://docs.github.com/en/code-security/codeql-for-vs-code/>`__ and download the CodeQL database for `ChakraCore <https://github.com/Chakra-Core/ChakraCore/>`__ from GitHub.
|
||||
|
||||
Checking for overflow in C
|
||||
==========================
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@ CodeQL for C/C++
|
|||
Setup
|
||||
=====
|
||||
|
||||
For this example you need to set up `CodeQL for Visual Studio Code <https://codeql.github.com/docs/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code/>`__ and download the CodeQL database for `ChakraCore <https://github.com/Chakra-Core/ChakraCore/>`__ from GitHub.
|
||||
For this example you need to set up `CodeQL for Visual Studio Code <https://docs.github.com/en/code-security/codeql-for-vs-code/>`__ and download the CodeQL database for `ChakraCore <https://github.com/Chakra-Core/ChakraCore/>`__ from GitHub.
|
||||
|
||||
|
||||
.. rst-class:: agenda
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ Finding string formatting vulnerabilities in C/C++
|
|||
Setup
|
||||
=====
|
||||
|
||||
For this example you need to set up `CodeQL for Visual Studio Code <https://codeql.github.com/docs/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code/>`__ and download the CodeQL database for `dotnet/coreclr <https://github.com/dotnet/coreclr>`__ from GitHub.
|
||||
For this example you need to set up `CodeQL for Visual Studio Code <https://docs.github.com/en/code-security/codeql-for-vs-code/>`__ and download the CodeQL database for `dotnet/coreclr <https://github.com/dotnet/coreclr>`__ from GitHub.
|
||||
|
||||
.. rst-class:: agenda
|
||||
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ CodeQL for C/C++
|
|||
Setup
|
||||
=====
|
||||
|
||||
For this example you need to set up `CodeQL for Visual Studio Code <https://codeql.github.com/docs/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code/>`__ and download the CodeQL database for `dotnet/coreclr <https://github.com/dotnet/coreclr>`__ from GitHub.
|
||||
For this example you need to set up `CodeQL for Visual Studio Code <https://docs.github.com/en/code-security/codeql-for-vs-code/>`__ and download the CodeQL database for `dotnet/coreclr <https://github.com/dotnet/coreclr>`__ from GitHub.
|
||||
|
||||
.. rst-class:: agenda
|
||||
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ CodeQL for C/C++
|
|||
Setup
|
||||
=====
|
||||
|
||||
For this example you need to set up `CodeQL for Visual Studio Code <https://codeql.github.com/docs/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code/>`__ and download the CodeQL database for `exiv2 <https://github.com/Exiv2/exiv2>`__ from GitHub.
|
||||
For this example you need to set up `CodeQL for Visual Studio Code <https://docs.github.com/en/code-security/codeql-for-vs-code/>`__ and download the CodeQL database for `exiv2 <https://github.com/Exiv2/exiv2>`__ from GitHub.
|
||||
|
||||
.. Include language-agnostic section here
|
||||
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ CodeQL for C/C++
|
|||
Setup
|
||||
=====
|
||||
|
||||
For this example you need to set up `CodeQL for Visual Studio Code <https://codeql.github.com/docs/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code/>`__ and download the CodeQL database for `rsyslog <https://github.com/rsyslog/rsyslog>`__ from GitHub.
|
||||
For this example you need to set up `CodeQL for Visual Studio Code <https://docs.github.com/en/code-security/codeql-for-vs-code/>`__ and download the CodeQL database for `rsyslog <https://github.com/rsyslog/rsyslog>`__ from GitHub.
|
||||
|
||||
``snprintf``
|
||||
============
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ Exercise: Apache Struts
|
|||
Setup
|
||||
=====
|
||||
|
||||
For this example you need to set up `CodeQL for Visual Studio Code <https://codeql.github.com/docs/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code/>`__ and download the CodeQL database for `Apache Struts <https://github.com/apache/struts>`__ from GitHub.
|
||||
For this example you need to set up `CodeQL for Visual Studio Code <https://docs.github.com/en/code-security/codeql-for-vs-code/>`__ and download the CodeQL database for `Apache Struts <https://github.com/apache/struts>`__ from GitHub.
|
||||
|
||||
Unsafe deserialization in Struts
|
||||
================================
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ Finding SPARQL injection vulnerabilities in Java
|
|||
Setup
|
||||
=====
|
||||
|
||||
For this example you need to set up `CodeQL for Visual Studio Code <https://codeql.github.com/docs/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code/>`__ and download the CodeQL database for `VIVO Vitro <https://github.com/vivo-project/Vitro>`__ from GitHub.
|
||||
For this example you need to set up `CodeQL for Visual Studio Code <https://docs.github.com/en/code-security/codeql-for-vs-code/>`__ and download the CodeQL database for `VIVO Vitro <https://github.com/vivo-project/Vitro>`__ from GitHub.
|
||||
|
||||
.. rst-class:: agenda
|
||||
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ CodeQL for Java
|
|||
Setup
|
||||
=====
|
||||
|
||||
For this example you need to set up `CodeQL for Visual Studio Code <https://codeql.github.com/docs/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code/>`__ and download the CodeQL database for `Apache Struts <https://github.com/apache/struts>`__ from GitHub.
|
||||
For this example you need to set up `CodeQL for Visual Studio Code <https://docs.github.com/en/code-security/codeql-for-vs-code/>`__ and download the CodeQL database for `Apache Struts <https://github.com/apache/struts>`__ from GitHub.
|
||||
|
||||
.. rst-class:: agenda
|
||||
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ CodeQL for Java
|
|||
Setup
|
||||
=====
|
||||
|
||||
For this example you need to set up `CodeQL for Visual Studio Code <https://codeql.github.com/docs/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code/>`__ and download the CodeQL database for `Apache Struts <https://github.com/apache/struts>`__ from GitHub.
|
||||
For this example you need to set up `CodeQL for Visual Studio Code <https://docs.github.com/en/code-security/codeql-for-vs-code/>`__ and download the CodeQL database for `Apache Struts <https://github.com/apache/struts>`__ from GitHub.
|
||||
|
||||
.. Include language-agnostic section here
|
||||
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ CodeQL for Java
|
|||
Setup
|
||||
=====
|
||||
|
||||
For this example you need to set up `CodeQL for Visual Studio Code <https://codeql.github.com/docs/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code/>`__ and download the CodeQL database for `VIVO Vitro <https://github.com/vivo-project/Vitro>`__ from GitHub.
|
||||
For this example you need to set up `CodeQL for Visual Studio Code <https://docs.github.com/en/code-security/codeql-for-vs-code/>`__ and download the CodeQL database for `VIVO Vitro <https://github.com/vivo-project/Vitro>`__ from GitHub.
|
||||
|
||||
SQL injection
|
||||
=============
|
||||
|
|
|
|||
|
|
@ -36,7 +36,7 @@ Setup
|
|||
|
||||
For this example you should download:
|
||||
|
||||
- `CodeQL for Visual Studio Code <https://codeql.github.com/docs/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code/>`__
|
||||
- `CodeQL for Visual Studio Code <https://docs.github.com/en/code-security/codeql-for-vs-code/>`__
|
||||
- A CodeQL database
|
||||
|
||||
.. note::
|
||||
|
|
|
|||
|
|
@ -0,0 +1,6 @@
|
|||
.. pull-quote::
|
||||
|
||||
Note
|
||||
|
||||
This documentation has been migrated to docs.github.com/en/code-security/codeql-for-vs-code. This version is no longer maintained, and it will be removed on TODOCS.
|
||||
|
||||
|
|
@ -20,7 +20,7 @@ This topic provides information on how to structure a path query file so you can
|
|||
|
||||
Note
|
||||
|
||||
The alerts generated by path queries are included in the results generated using the `CodeQL CLI <https://docs.github.com/en/code-security/codeql-cli>`__ and in `code scanning <https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-alerts#about-alert-details>`__. You can also view the path explanations generated by your path query in the :ref:`CodeQL extension for VS Code <codeql-for-visual-studio-code>`.
|
||||
The alerts generated by path queries are included in the results generated using the `CodeQL CLI <https://docs.github.com/en/code-security/codeql-cli>`__ and in `code scanning <https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-alerts#about-alert-details>`__. You can also view the path explanations generated by your path query in the `CodeQL extension for VS Code <https://docs.github.com/en/code-security/codeql-for-vs-code/>`.
|
||||
|
||||
|
||||
To learn more about modeling data flow with CodeQL, see ":doc:`About data flow analysis <about-data-flow-analysis>`."
|
||||
|
|
@ -171,7 +171,7 @@ Select clauses for path queries consist of four 'columns', with the following st
|
|||
select element, source, sink, string
|
||||
|
||||
The ``element`` and ``string`` columns represent the location of the alert and the alert message respectively, as explained in ":doc:`About CodeQL queries <about-codeql-queries>`." The second and third columns, ``source`` and ``sink``, are nodes on the path graph selected by the query.
|
||||
Each result generated by your query is displayed at a single location in the same way as an alert query. Additionally, each result also has an associated path, which can be viewed in the :ref:`CodeQL extension for VS Code <codeql-for-visual-studio-code>`.
|
||||
Each result generated by your query is displayed at a single location in the same way as an alert query. Additionally, each result also has an associated path, which can be viewed in the `CodeQL extension for VS Code <https://docs.github.com/en/code-security/codeql-for-vs-code/>`.
|
||||
|
||||
The ``element`` that you select in the first column depends on the purpose of the query and the type of issue that it is designed to find. This is particularly important for security issues. For example, if you believe the ``source`` value to be globally invalid or malicious it may be best to display the alert at the ``source``. In contrast, you should consider displaying the alert at the ``sink`` if you believe it is the element that requires sanitization.
|
||||
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ About query results
|
|||
-------------------
|
||||
|
||||
The information contained in the results of a query is controlled by the ``select`` statement. Part of the process of developing a useful query is to make the results clear and easy for other users to understand.
|
||||
When you write your own queries in the CodeQL :ref:`extension for VS Code <codeql-for-visual-studio-code>` there are no constraints on what can be selected.
|
||||
When you write your own queries in the CodeQL `extension for VS Code <https://docs.github.com/en/code-security/codeql-for-vs-code/>` there are no constraints on what can be selected.
|
||||
However, if you want to use a query to create alerts for code scanning or generate valid analysis results using the `CodeQL CLI <https://docs.github.com/en/code-security/codeql-cli>`__, you'll need to make the ``select`` statement report results in the required format.
|
||||
You must also ensure that the query has the appropriate metadata properties defined.
|
||||
This topic explains how to write your select statement to generate helpful analysis results.
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ QL also supports recursion and aggregates. This allows you to write complex recu
|
|||
Running a query
|
||||
---------------
|
||||
|
||||
You can try out the following examples and exercises using :ref:`CodeQL for VS Code <codeql-for-visual-studio-code>` or the `CodeQL template <https://github.com/codespaces/new?template_repository=github/codespaces-codeql>`__ on GitHub Codespaces.
|
||||
You can try out the following examples and exercises using `CodeQL for VS Code <https://docs.github.com/en/code-security/codeql-for-vs-code/>` or the `CodeQL template <https://github.com/codespaces/new?template_repository=github/codespaces-codeql>`__ on GitHub Codespaces.
|
||||
|
||||
Here is an example of a basic query:
|
||||
|
||||
|
|
@ -114,7 +114,7 @@ The following example queries *do* use these databases and give you an idea of h
|
|||
Queries using the CodeQL libraries can find errors and uncover variants of important security vulnerabilities in codebases.
|
||||
Visit `GitHub Security Lab <https://securitylab.github.com/>`__ to read about examples of vulnerabilities that we have recently found in open source projects.
|
||||
|
||||
Before you can run the following examples, you will need to install the CodeQL extension for Visual Studio Code. For more information, see :ref:`Setting up CodeQL in Visual Studio Code <setting-up-codeql-in-visual-studio-code>`. You will also need to import and select a database in the corresponding programming language. For more information about obtaining CodeQL databases, see `Analyzing your projects <https://codeql.github.com/docs/codeql-for-visual-studio-code/analyzing-your-projects/#choosing-a-database>`__ in the CodeQL for VS Code documentation.
|
||||
Before you can run the following examples, you will need to install the CodeQL extension for Visual Studio Code. For more information, see :ref:`Setting up CodeQL in Visual Studio Code <setting-up-codeql-in-visual-studio-code>`. You will also need to import and select a database in the corresponding programming language. For more information about obtaining CodeQL databases, see `Managing CodeQL databases <https://docs.github.com/en/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/managing-codeql-databases>`__ in the CodeQL for VS Code documentation.
|
||||
|
||||
To import the CodeQL library for a specific programming language, type ``import <language>`` at the start of the query.
|
||||
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ About query metadata
|
|||
--------------------
|
||||
|
||||
Any query that is run as part of an analysis includes a number of properties, known as query metadata. Metadata is included at the top of each query file as the content of a QLDoc comment.
|
||||
This metadata tells the CodeQL :ref:`extension for VS Code <codeql-for-visual-studio-code>` and the `Code scanning feature in GitHub <https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-with-codeql>`__ how to handle the query and display its results correctly.
|
||||
This metadata tells the CodeQL `extension for VS Code <https://docs.github.com/en/code-security/codeql-for-vs-code/>` and the `Code scanning feature in GitHub <https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-with-codeql>`__ how to handle the query and display its results correctly.
|
||||
It also gives other users information about what the query results mean. For more information on query metadata, see the `query metadata style guide <https://github.com/github/codeql/blob/main/docs/query-metadata-style-guide.md>`__ in our `open source repository <https://github.com/github/codeql>`__ on GitHub.
|
||||
|
||||
.. pull-quote::
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
## Introduction
|
||||
|
||||
This document describes how to format the code you contribute to this repository. It covers aspects such as layout, white-space, naming, and documentation. Adhering to consistent standards makes code easier to read and maintain. Of course, these are only guidelines, and can be overridden as the need arises on a case-by-case basis. Where existing code deviates from these guidelines, prefer consistency with the surrounding code.
|
||||
Note, if you use [CodeQL for Visual Studio Code](https://codeql.github.com/docs/codeql-for-visual-studio-code/about-codeql-for-visual-studio-code/), you can autoformat your query in the editor.
|
||||
Note, if you use [CodeQL for Visual Studio Code](https://docs.github.com/en/code-security/codeql-for-vs-code/), you can autoformat your query in the editor.
|
||||
|
||||
Words in *italic* are defined in the [Glossary](#glossary).
|
||||
|
||||
|
|
|
|||
|
|
@ -45,7 +45,7 @@ The process must begin with the first step and must conclude with the final step
|
|||
- Understand [the evaluation model of QL](https://codeql.github.com/docs/ql-language-reference/evaluation-of-ql-programs/). It's more similar to SQL than to any mainstream programming language.
|
||||
- Most performance tuning in QL boils down to computing as few tuples (rows of data) as possible. As a mental model, think of predicate evaluation as enumerating all combinations of parameters that satisfy the predicate body. This includes the implicit parameters `this` and `result`.
|
||||
- The major libraries in CodeQL are _cached_ and will only be computed once for the entire suite of queries. The first query that needs a cached _stage_ will trigger its evaluation. This means that query authors should usually only look at the run time of the last stage of evaluation.
|
||||
- In [the settings for the VSCode extension](https://codeql.github.com/docs/codeql-for-visual-studio-code/customizing-settings/), check the box "Running Queries: Debug" (`codeQL.runningQueries.debug`). Then find "CodeQL Query Server" in the VSCode Output panel (View -> Output) and capture the output when running the query. That output contains timing and tuple counts for all computed predicates.
|
||||
- In [the settings for the VSCode extension](https://docs.github.com/en/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/customizing-settings), check the box "Running Queries: Debug" (`codeQL.runningQueries.debug`). Then find "CodeQL Query Server" in the VSCode Output panel (View -> Output) and capture the output when running the query. That output contains timing and tuple counts for all computed predicates.
|
||||
- To clear the entire cache, invoke "CodeQL: Clear Cache" from the VSCode command palette.
|
||||
|
||||
6. **Make sure your query has the correct metadata**
|
||||
|
|
|
|||
|
|
@ -33,7 +33,7 @@ Follow the steps below to help other users understand what your query does, and
|
|||
|
||||
2. **Format your code correctly**
|
||||
|
||||
All of the standard CodeQL queries and libraries are uniformly formatted for clarity and consistency, so we strongly recommend that all contributions follow the same formatting guidelines. If you use the CodeQL extension for Visual Studio Code, you can auto-format your query using the [Format Document command](https://codeql.github.com/docs/codeql-for-visual-studio-code/about-codeql-for-visual-studio-code/). For more information, see the [QL style guide](https://github.com/github/codeql/blob/main/docs/ql-style-guide.md).
|
||||
All of the standard CodeQL queries and libraries are uniformly formatted for clarity and consistency, so we strongly recommend that all contributions follow the same formatting guidelines. If you use the CodeQL extension for Visual Studio Code, you can auto-format your query using the [Format Document command](https://docs.github.com/en/code-security/codeql-for-vs-code/). For more information, see the [QL style guide](https://github.com/github/codeql/blob/main/docs/ql-style-guide.md).
|
||||
|
||||
3. **Make sure your query has the correct metadata**
|
||||
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ Experimental queries and libraries may not be actively maintained as the standar
|
|||
|
||||
3. **Formatting**
|
||||
|
||||
- The queries and libraries must be [autoformatted](https://codeql.github.com/docs/codeql-for-visual-studio-code/about-codeql-for-visual-studio-code/).
|
||||
- The queries and libraries must be [autoformatted](https://docs.github.com/en/code-security/codeql-for-vs-code/).
|
||||
|
||||
4. **Compilation**
|
||||
|
||||
|
|
|
|||
|
|
@ -277,7 +277,7 @@ No user-facing changes.
|
|||
|
||||
### Bug Fixes
|
||||
|
||||
* The [View AST functionality](https://codeql.github.com/docs/codeql-for-visual-studio-code/exploring-the-structure-of-your-source-code/) no longer prints detailed information about regular expressions, greatly improving performance.
|
||||
* The [View AST functionality](https://docs.github.com/en/code-security/codeql-for-vs-code/) no longer prints detailed information about regular expressions, greatly improving performance.
|
||||
|
||||
## 0.0.8
|
||||
|
||||
|
|
|
|||
|
|
@ -2,4 +2,4 @@
|
|||
|
||||
### Bug Fixes
|
||||
|
||||
* The [View AST functionality](https://codeql.github.com/docs/codeql-for-visual-studio-code/exploring-the-structure-of-your-source-code/) no longer prints detailed information about regular expressions, greatly improving performance.
|
||||
* The [View AST functionality](https://docs.github.com/en/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/exploring-the-structure-of-your-source-code) no longer prints detailed information about regular expressions, greatly improving performance.
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче