docs: address review comments

Author: james

docs/language/ql-training-rst/_static-training/slides-semmle-2/static/theme/css/default.css

@@ -1009,6 +1009,12 @@ article.smaller q:before, article.smaller q:after {
   background-image: -webkit-radial-gradient(50% 50%, #b1dfff 0%, #4387fd 600px);
   background-image: radial-gradient(50% 50%, #b1dfff 0%, #4387fd 600px);
 }
+
+/* the popup class is used to display the speaker notes when 'presenter' view 
+   is enabled. This view is not currently optimal, so certain selectors have been commented-out,
+   with a view to improving the styles at a later date */
+
+
 /* line 684, ../scss/default.scss */
 /*.with-notes.popup slide.next {
   -moz-transform: translate3d(570px, 80px, 0) scale(0.35);

docs/language/ql-training-rst/cpp/bad-overflow-guard.rst

@@ -24,7 +24,11 @@ For this example you should download:
 
    You can query the project in `the query console <https://lgtm.com/query/project:2034240708/lang:cpp/>`__ on LGTM.com.
 
-   Note that results generated in the query console are likely to differ to those generated in the QL plugin as LGTM.com analyzes the most recent revisions of each project that has been added–the snapshot available to download above is based on an historical version of the code base.
+   .. insert snapshot-note.rst to explain differences between snapshot available to download and the version available in the query console.
+
+   .. include:: ../slide-snippets/snapshot-note.rst
+
+   .. resume slides
 
 Checking for overflow in C
 ==========================

docs/language/ql-training-rst/cpp/control-flow-cpp.rst

@@ -26,7 +26,11 @@ For this example you should download:
 
    You can query the project in `the query console <https://lgtm.com/query/project:2034240708/lang:cpp/>`__ on LGTM.com.
 
-   Note that results generated in the query console are likely to differ to those generated in the QL plugin as LGTM.com analyzes the most recent revisions of each project that has been added–the snapshot available to download above is based on an historical version of the code base.
+   .. insert snapshot-note.rst to explain differences between snapshot available to download and the version available in the query console.
+
+   .. include:: ../slide-snippets/snapshot-note.rst
+
+   .. resume slides
 
 
 .. rst-class:: agenda

docs/language/ql-training-rst/cpp/data-flow-cpp.rst

@@ -24,7 +24,11 @@ For this example you should download:
 
    You can query the project in `the query console <https://lgtm.com/query/projects:1505958977333/lang:cpp/>`__ on LGTM.com.
 
-   Note that results generated in the query console are likely to differ to those generated in the QL plugin as LGTM.com analyzes the most recent revisions of each project that has been added–the snapshot available to download above is based on an historical version of the code base.
+   .. insert snapshot-note.rst to explain differences between snapshot available to download and the version available in the query console.
+
+   .. include:: ../slide-snippets/snapshot-note.rst
+
+   .. resume slides
 
 .. rst-class:: agenda
 
@@ -112,7 +116,7 @@ We need something better.
 
   Here, ``DMLOut`` and ``ExtOut`` are macros that expand to formatting calls. The format specifier is not constant, in the sense that the format argument is not a string literal. However, it is clearly one of two possible constants, both with the same number of format specifiers.
 
-  What we need is a way to determine whether the format argument is ever set to something that is, not constant.
+  What we need is a way to determine whether the format argument is ever set to something that is not constant.
 
 .. include general data flow slides
 

docs/language/ql-training-rst/cpp/global-data-flow-cpp.rst

@@ -24,7 +24,11 @@ For this example you should download:
 
    You can query the project in `the query console <https://lgtm.com/query/projects:1505958977333/lang:cpp/>`__ on LGTM.com.
 
-   Note that results generated in the query console are likely to differ to those generated in the QL plugin as LGTM.com analyzes the most recent revisions of each project that has been added–the snapshot available to download above is based on an historical version of the code base.
+   .. insert snapshot-note.rst to explain differences between snapshot available to download and the version available in the query console.
+
+   .. include:: ../slide-snippets/snapshot-note.rst
+
+   .. resume slides
 
 .. rst-class:: agenda
 

docs/language/ql-training-rst/cpp/intro-ql-cpp.rst

@@ -24,7 +24,11 @@ For this example you should download:
 
    You can also query the project in `the query console <https://lgtm.com/query/project:1506532406873/lang:cpp/>`__ on LGTM.com.
 
-   Note that results generated in the query console are likely to differ to those generated in the QL plugin as LGTM.com analyzes the most recent revisions of each project that has been added–the snapshot available to download above is based on an historical version of the code base.
+   .. insert snapshot-note.rst to explain differences between snapshot available to download and the version available in the query console.
+
+   .. include:: ../slide-snippets/snapshot-note.rst
+
+   .. resume slides
 
 .. Include language-agnostic section here
 

docs/language/ql-training-rst/cpp/program-representation-cpp.rst

@@ -19,68 +19,11 @@ Agenda
 - Variables
 - Functions
 
-Abstract syntax trees
-=====================
-
-The basic representation of an analyzed program is an *abstract syntax tree (AST)*.
-
-.. container:: column-left
-
-   .. code-block:: cpp
-   
-     try {
-         ...
-     } catch (AnException e) {
-     }
-
-.. container:: ast-graph
-   
-      .. graphviz::
-         
-            digraph {
-            graph [ dpi = 1000 ]
-            node [shape=polygon,sides=4,color=blue4,style="filled,rounded",   fontname=consolas,fontcolor=white]
-            a [label=<TryStmt>]
-            b [label=<CatchBlock>]
-            c [label=<...>,color=white,fontcolor=black]
-            d [label=<Parameter>]
-            e [label=<...>,color=white,fontcolor=black]
-            f [label=<...>,color=white,fontcolor=black]
-            g [label=<...>,color=white,fontcolor=black]
-    
-            a -> {b, c}
-            b -> {d, e}
-            d -> {f, g}
-         }
+.. insert abstract-syntax-tree.rst
 
+.. include:: ../slide-snippets/abstract-syntax-tree.rst
 
-
-.. note::
-
-  When writing queries in QL it is important to have in mind the underlying representation of the program which is stored in the database. Typically queries make use of the “AST” representation of the program–a tree structure where program elements are nested within other program elements.
-
-  The “Introducing the C/C++ libraries” help topic contains a more complete overview of important AST classes and the rest of the C++ QL libraries: https://help.semmle.com/QL/learn-ql/ql/cpp/introduce-libraries-cpp.html 
-
-Database representations of ASTs
-================================
-
-AST nodes and other program elements are encoded in the database as *entity values*. Entities are implemented as integers, but in QL they are opaque–all one can do with them is to check their equality.
-
-Each entity belongs to an entity type. Entity types have names starting with “@” and are defined in the database schema (not in QL).
-
-Properties of AST nodes and their relationships to each other are encoded by database relations, which are predicates defined in the database (not in QL).
-
-Entity types are rarely used directly, the usual pattern is to define a QL class that extends the type and exposes properties of its entities through member predicates.
-
-.. note::
-
-  ASTs are a typical example of the kind of data representation one finds in object-oriented programming, with data-carrying nodes that reference each other. At first glance, QL, which can only work with atomic values, does not seem to be well suited for working with this kind of data. However, ultimately all that we require of the nodes in an AST is that they have an identity. The relationships among nodes, usually implemented by reference-valued object fields in other languages, can just as well (and arguably more naturally) be represented as relations over nodes. Attaching data (such as strings or numbers) to nodes can also be represented with relations over nodes and primitive values. All we need is a way for relations to reference nodes. This is achieved in QL (as in other database languages) by means of *entity values* (or entities, for short), which are opaque atomic values, implemented as integers under the hood.
-
-  It is the job of the extractor to create entity values for all AST nodes and populate database relations that encode the relationship between AST nodes and any values associated with them. These relations are *extensional*, that is, explicitly stored in the database, unlike the relations described by QL predicates, which we also refer to as *intensional* relations. Entity values belong to *entity types*, whose name starts with “@” to set them apart from primitive types and classes.
-
-  The interface between entity types and extensional relations on the one hand and QL predicates and classes on the other hand is provided by the *database schema*, which defines the available entity types and the schema of each extensional relation, that is, how many columns the relation has, and which entity type or primitive type the values in each column come from. QL programs can refer to entity types and extensional relations just as they would refer to QL classes and predicates, with the restriction that entity types cannot be directly selected in a “select” clause, since they do not have a well-defined string representation.
-
-  For example, the database schema for C++ snapshot databases is here: https://github.com/Semmle/ql/blob/master/cpp/ql/src/semmlecode.cpp.dbscheme 
+.. resume slides
 
 AST QL classes
 ==============
@@ -93,10 +36,6 @@ Important AST classes include:
 
 These three (and all other AST classes) are subclasses of ``Element``.
 
-.. note::
-
-  The “Introducing the C/C++ libraries” help topic contains a more complete overview of important AST classes and the rest of the C++ QL libraries: https://help.semmle.com/QL/learn-ql/ql/cpp/introduce-libraries-cpp.html 
-
 Symbol table
 ============
 
@@ -108,10 +47,6 @@ The database also includes information about the symbol table associated with a
 
 - ``Type``: built-in and user-defined types
 
-.. note::
-
-  The “Introducing the C/C++ libraries” help topic contains a more complete overview of important symbol table classes and the rest of the C++ QL libraries: https://help.semmle.com/QL/learn-ql/ql/cpp/introduce-libraries-cpp.html 
-
 Working with variables
 ======================
 

docs/language/ql-training-rst/cpp/snprintf.rst

@@ -24,7 +24,11 @@ For this example you should download:
 
    You can also query the project in `the query console <https://lgtm.com/query/project:1506087977050/lang:cpp/>`__ on LGTM.com.
 
-   Note that results generated in the query console are likely to differ to those generated in the QL plugin as LGTM.com analyzes the most recent revisions of each project that has been added–the snapshot available to download above is based on an historical version of the code base.
+   .. insert snapshot-note.rst to explain differences between snapshot available to download and the version available in the query console.
+
+   .. include:: ../slide-snippets/snapshot-note.rst
+
+   .. resume slides
 
 ``snprintf``
 ============

docs/language/ql-training-rst/java/apache-struts-java.rst

@@ -28,19 +28,23 @@ For this example you should download:
 
    You can also query the project in `the query console <https://lgtm.com/query/project:1878521151/lang:java/>`__ on LGTM.com.
 
-   Note that results generated in the query console are likely to differ to those generated in the QL plugin as LGTM.com analyzes the most recent revisions of each project that has been added–the snapshot available to download above is based on an historical version of the code base.
+   .. insert snapshot-note.rst to explain differences between snapshot available to download and the version available in the query console.
+
+   .. include:: ../slide-snippets/snapshot-note.rst
+
+   .. resume slides
 
 Unsafe deserialization in Struts
 ================================
 
-Apache Struts provides a ContentTypeHandler interface, which can be implemented for specific content types. It defines the following interface method:
+Apache Struts provides a ``ContentTypeHandler`` interface, which can be implemented for specific content types. It defines the following interface method:
 
 .. code-block:: java
 
   void toObject(Reader in, Object target);
 
 
-which is intended to populate the “target” object with data from the reader, usually through deserialization. However, the in parameter should be considered untrusted, and should not be deserialized without sanitization.
+which is intended to populate the ``target`` object with data from the reader, usually through deserialization. However, the ``in`` parameter should be considered untrusted, and should not be deserialized without sanitization.
 
 RCE in Apache Struts
 ====================
@@ -85,6 +89,7 @@ Model answer, step 1
   import java
 
   /** The interface `org.apache.struts2.rest.handler.ContentTypeHandler`. */
+
   class ContentTypeHandler extends RefType {
     ContentTypeHandler() {
       this.hasQualifiedName("org.apache.struts2.rest.handler", "ContentTypeHandler")

docs/language/ql-training-rst/java/data-flow-java.rst

@@ -24,7 +24,11 @@ For this example you should download:
 
    You can also query the project in `the query console <https://lgtm.com/query/project:14040005/lang:java/>`__ on LGTM.com.
 
-   Note that results generated in the query console are likely to differ to those generated in the QL plugin as LGTM.com analyzes the most recent revisions of each project that has been added–the snapshot available to download above is based on an historical version of the code base.
+   .. insert snapshot-note.rst to explain differences between snapshot available to download and the version available in the query console.
+
+   .. include:: ../slide-snippets/snapshot-note.rst
+
+   .. resume slides
 
 .. rst-class:: agenda
 
@@ -54,15 +58,15 @@ Motivation
 
   If you have completed the “Example: Query injection” slide deck which was part of the previous course, this example will look familiar to you.
 
-  To understand the scope of this vulnerability, consider what would happen if a malicious user could provide the following as the content of the individualURI variable:
+  To understand the scope of this vulnerability, consider what would happen if a malicious user could provide the following as the content of the ``individualURI`` variable:
 
   ``“http://vivoweb.org/ontology/core#FacultyMember> ?p ?o . FILTER regex("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!", "(.*a){50}") } #``
 
 
 Example: SPARQL injection
 =========================
 
-We can write a simple query that finds string concatenations that occur in calls SPARQL query APIs.
+We can write a simple query that finds string concatenations that occur in calls to SPARQL query APIs.
 
 .. rst-class:: build
 
@@ -80,7 +84,7 @@ Query finds a CVE reported by Semmle (CVE-2019-6986), plus one other result, but
 
   - String concatenation occurs on a different line in the same method.
   - String concatenation occurs in a different method.
-  - String concatenation occurs through StringBuilders or similar.
+  - String concatenation occurs through ``StringBuilders`` or similar.
   - Entirety of user input is provided as the query.
 
 We want to improve our query to catch more of these cases.