You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/language/learn-ql/cpp/ql-for-cpp.rst
+22-8Lines changed: 22 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,11 +1,10 @@
1
-
CodeQL for C/C++
2
-
================
1
+
CodeQL for C and C++
2
+
====================
3
3
4
-
5
-
Learn how to write queries using the standard CodeQL libraries for C and C++.
4
+
Experiment and learn how to write effective and efficient queries for CodeQL databases generated from C and C++ codebases.
6
5
7
6
.. toctree::
8
-
:maxdepth:1
7
+
:hidden:
9
8
10
9
introduce-libraries-cpp
11
10
function-classes
@@ -18,10 +17,25 @@ Learn how to write queries using the standard CodeQL libraries for C and C++.
18
17
range-analysis
19
18
value-numbering-hash-cons
20
19
21
-
Other resources
22
-
---------------
23
20
24
-
.. TODO: Rename the cookbooks: C/C++ cookbook, or C/C++ CodeQL cookbook, or CodeQL cookbook for C/C++, or...?
21
+
- `Basic C/C++ query <https://lgtm.com/help/lgtm/console/ql-cpp-basic-example>`__: Learn to write and run a simple CodeQL query using LGTM.
22
+
23
+
- :doc:`CodeQL library for C and C++ <introduce-libraries-cpp>`: When analyzing C or C++ code, you can use the large collection of classes in the CodeQL library for C and C++.
24
+
25
+
- :doc:`Functions in C and C++ <function-classes>`: You can use CodeQL to explore functions in C and C++ code.
26
+
27
+
- :doc:`Expressions, types, and statements in C and C++ <expressions-types>`: You can use CodeQL to explore expressions, types, and statements in C and C++ code to find, for example, incorrect assignments.
28
+
29
+
- :doc:`Conversions and classes in C and C++ <conversions-classes>`: You can use the standard CodeQL libraries for C and C++ to detect when the type of an expression is changed.
30
+
31
+
- :doc:`Analyzing data flow in C and C++ <dataflow>`: You can use data flow analysis to track the flow of potentially malicious or insecure data that can cause vulnerabilities in your codebase.
32
+
33
+
- :doc:`Refining a query to account for edge cases <private-field-initialization>`: You can improve the results generated by a CodeQL query by adding conditions to remove false positive results caused by common edge cases.
34
+
35
+
- :doc:`Detecting a potential buffer overflow <zero-space-terminator>`: You can use CodeQL to detect potential buffer overflows by checking for allocations equal to ``strlen`` in C and C++.
36
+
37
+
Further reading
38
+
---------------
25
39
26
40
- For examples of how to query common C/C++ elements, see the `C/C++ cookbook <https://help.semmle.com/wiki/display/CBCPP>`__.
27
41
- For the queries used in LGTM, display a `C/C++ query <https://lgtm.com/search?q=language%3Acpp&t=rules>`__ and click **Open in query console** to see the code used to find alerts.
Copy file name to clipboardExpand all lines: docs/language/learn-ql/csharp/ql-for-csharp.rst
+5-13Lines changed: 5 additions & 13 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,29 +1,21 @@
1
1
CodeQL for C#
2
2
=============
3
3
4
-
You can use CodeQL to explore C# programs and quickly find variants of security vulnerabilities and bugs.
4
+
Experiment and learn how to write effective and efficient queries for CodeQL databases generated from C# codebases.
5
5
6
6
.. toctree::
7
-
:glob:
8
7
:hidden:
9
8
10
9
introduce-libraries-csharp
11
10
dataflow
12
11
13
-
These topics provide an overview of the CodeQL libraries for C# and show examples of how to use them.
12
+
- `Basic C# query <https://lgtm.com/help/lgtm/console/ql-csharp-basic-example>`__: Learn to write and run a simple CodeQL query using LGTM.
14
13
15
-
- `Basic C# query <https://lgtm.com/help/lgtm/console/ql-csharp-basic-example>`__ describes how to write and run queries using LGTM.
14
+
- :doc:`CodeQL library for C# <introduce-libraries-csharp>`: When you're analyzing a C# program, you can make use of the large collection of classes in the CodeQL library for C#.
16
15
17
-
- :doc:`Introducing the CodeQL libraries for C# <introduce-libraries-csharp>` introduces the standard libraries used to write queries for C# code.
16
+
- :doc:`Analyzing data flow in C# <dataflow>`: You can use CodeQL to track the flow of data through a C# program to its use.
18
17
19
-
.. raw:: html
20
-
21
-
<!-- Working with generic types and methods(generics) - how to query generic types and methods. -->
22
-
23
-
- :doc:`Analyzing data flow in C# <dataflow>` demonstrates how to write queries using the standard data flow and taint tracking libraries for C#.
24
-
25
-
26
-
Other resources
18
+
Further reading
27
19
---------------
28
20
29
21
- For examples of how to query common C# elements, see the `C# cookbook <https://help.semmle.com/wiki/display/CBCSHARP>`__.
Copy file name to clipboardExpand all lines: docs/language/learn-ql/java/ql-for-java.rst
+12-14Lines changed: 12 additions & 14 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,10 +1,9 @@
1
1
CodeQL for Java
2
2
===============
3
3
4
-
You can use CodeQL to explore Java programs and quickly find variants of security vulnerabilities and bugs.
4
+
Experiment and learn how to write effective and efficient queries for CodeQL databases generated from Java codebases.
5
5
6
6
.. toctree::
7
-
:glob:
8
7
:hidden:
9
8
10
9
introduce-libraries-java
@@ -17,29 +16,28 @@ You can use CodeQL to explore Java programs and quickly find variants of securit
17
16
source-locations
18
17
ast-class-reference
19
18
20
-
These topics provide an overview of the CodeQL libraries for Java and show examples of how to use them.
19
+
- `Basic Java query <https://lgtm.com/help/lgtm/console/ql-java-basic-example>`__: Learn to write and run a simple CodeQL query using LGTM.
21
20
22
-
- `Basic Java query <https://lgtm.com/help/lgtm/console/ql-java-basic-example>`__ describes how to write and run queries using LGTM.
21
+
- :doc:`CodeQL library for Java <introduce-libraries-java>`: When analyzing C or C++ code, you can use the large collection of classes in the CodeQL library for C and C++.
23
22
24
-
- :doc:`CodeQL libraries for Java <introduce-libraries-java>` introduces the standard libraries used to write queries for Java code.
23
+
- :doc:`Analyzing data flow in Java <dataflow>`: You can use CodeQL to track the flow of data through a Java program to its use.
25
24
26
-
- :doc:`Analyzing data flow in Java <dataflow>` demonstrates how to write queries using the standard data flow and taint tracking libraries for Java.
25
+
- :doc:`Java types <types-class-hierarchy>`: You can use CodeQL to find out information about data types used in Java code. This allows you to write queries to identify specific type-related issues.
27
26
28
-
- :doc:`Types in Java <types-class-hierarchy>` introduces the classes for representing a program's class hierarchy by means of examples.
27
+
- :doc:`Overflow-prone comparisons in Java <expressions-statements>`: You can use CodeQL to check for comparisons in Java code where one side of the comparison is prone to overflow.
29
28
30
-
- :doc:`Expressions and statements in Java <expressions-statements>` introduces the classes for representing a program's syntactic structure by means of examples.
29
+
- :doc:`Navigating the call graph <call-graph>`: CodeQL has classes for identifying code that calls other code, and code that can be called from elsewhere. This allows you to find, for example, methods that are never used.
31
30
32
-
- :doc:`Navigating the call graph <call-graph>` is a worked example of how to write a query that navigates a program's call graph to find unused methods.
31
+
- :doc:`Annotations in Java <annotations>`: CodeQL databases of Java projects contain information about all annotations attached to program elements.
33
32
34
-
- :doc:`Annotations in Java <annotations>` introduces the classes for representing annotations by means of examples.
33
+
- :doc:`Javadoc <javadoc>`: You can use CodeQL to find errors in Javadoc comments in Java code.
35
34
36
-
- :doc:`Javadoc <javadoc>` introduces the classes for representing Javadoc comments by means of examples.
35
+
- :doc:`Working with source locations <source-locations>`: You can use the ___location of entities within Java code to look for potential errors. Locations allow you to deduce the presence, or absence, of white space which, in some cases, may indicate a problem.
37
36
38
-
- :doc:`Working with source locations <source-locations>` is a worked example of how to write a query that uses the ___location information provided in the database for finding likely bugs.
37
+
- :doc:`lasses for working with Java code <ast-class-reference>`: CodeQL has a large selection of classes for working with Java statements and expressions.
39
38
40
-
- :doc:`AST class reference <ast-class-reference>` gives an overview of all AST classes in the standard CodeQL library for Java.
41
39
42
-
Other resources
40
+
Further reading
43
41
---------------
44
42
45
43
- For examples of how to query common Java elements, see the `Java cookbook <https://help.semmle.com/wiki/display/CBJAVA>`__.
Copy file name to clipboardExpand all lines: docs/language/learn-ql/javascript/introduce-libraries-js.rst
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,7 +1,7 @@
1
-
CodeQL libraries for JavaScript
2
-
===============================
1
+
CodeQL library for JavaScript
2
+
=============================
3
3
4
-
You can use the extensive libraries described in this article to analyze databases generated from JavaScript codebases. Using these libraries makes it easier for you to write queries.
4
+
When you're analyzing a JavaScript program, you can make use of the large collection of classes in the CodeQL library for JavaScript.
Copy file name to clipboardExpand all lines: docs/language/learn-ql/javascript/ql-for-javascript.rst
+8-9Lines changed: 8 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,7 +4,6 @@ CodeQL for JavaScript
4
4
Experiment and learn how to write effective and efficient queries for CodeQL databases generated from JavaScript codebases.
5
5
6
6
.. toctree::
7
-
:glob:
8
7
:hidden:
9
8
10
9
introduce-libraries-js
@@ -15,21 +14,21 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat
15
14
ast-class-reference
16
15
dataflow-cheat-sheet
17
16
18
-
These documents provide an overview of the CodeQL libraries for JavaScript and TypeScript and show examples of how to use them.
17
+
- `Basic JavaScript query <https://lgtm.com/help/lgtm/console/ql-javascript-basic-example>`__: Learn to write and run a simple CodeQL query using LGTM.
19
18
20
-
- `Basic JavaScript query <https://lgtm.com/help/lgtm/console/ql-javascript-basic-example>`__ describes how to write and run queries using LGTM.
19
+
- :doc:`CodeQL library for JavaScript <introduce-libraries-js>`: When you're analyzing a JavaScript program, you can make use of the large collection of classes in the CodeQL library for JavaScript.
21
20
22
-
- :doc:`CodeQL libraries for JavaScript<introduce-libraries-js>` introduces the standard libraries used to write queries for JavaScript code. There is an extensive CodeQL library for analyzing JavaScript code. This tutorial briefly summarizes the most important classes and predicates provided by this library.
21
+
- :doc:`CodeQL library for TypeScript<introduce-libraries-ts>`: When you're analyzing a TypeScript program, you can make use of the large collection of classes in the CodeQL library for TypeScript.
23
22
24
-
- :doc:`CodeQL libraries for TypeScript <introduce-libraries-ts>` introduces the standard libraries used to write queries for TypeScript code.
23
+
- :doc:`Analyzing data flow in JavaScript and TypeScript <dataflow>`: This topic describes how data flow analysis is implemented in the CodeQL libraries for JavaScript/TypeScript and includes examples to help you write your own data flow queries.
25
24
26
-
- :doc:`Analyzing data flow in JavaScript and TypeScript <dataflow>` demonstrates how to write queries using the standard data flow and taint tracking libraries for JavaScript/TypeScript.
25
+
- :doc:`Using flow labels for precise data flow analysis <flow-labels>`: You can associate flow labels with each value tracked by the flow analysis to determine whether the flow contains potential vulnerabilities.
27
26
28
-
- :doc:`Using flow labels for precise data flow analysis <flow-labels>` shows a more advanced example of data flow analysis using flow labels.
27
+
- :doc:`Using type tracking for API modeling <type-tracking>`: You can track data through an API by creating a model using the CodeQL type-tracking library for JavaScript.
29
28
30
-
- :doc:`Abstract syntax tree classes for JavaScript and TypeScript <ast-class-reference>` gives an overview of all AST classes in the standard CodeQL library for JavaScript.
29
+
- :doc:`Abstract syntax tree classes for JavaScript and TypeScript <ast-class-reference>`: CodeQL has a large selection of classes for working with JavaScript and TypeScript statements and expressions.
31
30
32
-
- :doc:`Data flow cheat sheet for JavaScript <dataflow-cheat-sheet>` lists parts of the CodeQL libraries that are commonly used for variant analysis and in data flow queries.
31
+
- :doc:`Data flow cheat sheet for JavaScript <dataflow-cheat-sheet>`: This article describes parts of the JavaScript libraries commonly used for variant analysis and in data flow queries.
0 commit comments