You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/language/learn-ql/advanced/constraining-types.rst
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -8,7 +8,7 @@ Type constraint methods
8
8
9
9
Note
10
10
11
-
The examples below use the CodeQL library for Java. All CodeQL libraries support using these methods to constrain variables, the only difference is in the names of the classes used.
11
+
The examples below use the CodeQL library for Java. All libraries support using these methods to constrain variables, the only difference is in the names of the classes used.
12
12
13
13
There are several ways of imposing type constraints on variables:
Copy file name to clipboardExpand all lines: docs/language/learn-ql/database.rst
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -17,7 +17,7 @@ For a Java program, two key tables are:
17
17
18
18
The CodeQL library defines classes to provide a layer of abstraction over each of these tables (and the related auxiliary tables): ``Expr`` and ``Stmt``.
19
19
20
-
Most classes in the CodeQL library are similar: they are abstractions over one or more database tables. Looking at one of the CodeQL libraries illustrates this:
20
+
Most classes in the library are similar: they are abstractions over one or more database tables. Looking at one of the libraries illustrates this:
Copy file name to clipboardExpand all lines: docs/language/learn-ql/intro-to-data-flow.rst
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -58,9 +58,9 @@ Computing an accurate and complete data flow graph presents several challenges:
58
58
- Aliasing between variables can result in a single write changing the value that multiple pointers point to.
59
59
- The data flow graph can be very large and slow to compute.
60
60
61
-
To overcome these potential problems, two kinds of data flow are modeled in the CodeQL libraries:
61
+
To overcome these potential problems, two kinds of data flow are modeled in the libraries:
62
62
63
-
- Local data flow, concerning the data flow within a single function. When reasoning about local, you only considers edges between data flow nodes belonging to the same function.It is generally sufficiently fast, efficient and precise for many queries, and it is usually possible to compute the local data flow for all functions in a CodeQL database.
63
+
- Local data flow, concerning the data flow within a single function. When reasoning about local data flow, you only consider edges between data flow nodes belonging to the same function.It is generally sufficiently fast, efficient and precise for many queries, and it is usually possible to compute the local data flow for all functions in a CodeQL database.
64
64
65
65
- Global data flow, effectively considers the data flow within an entire program, by calculating data flow between functions and through object properties. Computing global data flow is typically more time and energy intensive than local data flow, therefore queries should be refined to look for more specific sources and sinks.
66
66
@@ -69,7 +69,7 @@ Many CodeQL queries contain examples of both local and global data flow analysis
69
69
Normal data flow vs taint tracking
70
70
**********************************
71
71
72
-
In the standard CodeQL libraries, we make a distinction between 'normal' data flow and taint tracking.
72
+
In the standard libraries, we make a distinction between 'normal' data flow and taint tracking.
73
73
The normal data flow libraries are used to analyze the information flow in which data values are preserved at each step.
74
74
75
75
For example, if you are tracking an insecure object ``x`` (which might be some untrusted or potentially malicious data), a step in the program may 'change' its value. So, in a simple process such as ``y = x + 1``, a normal data flow analysis will highlight the use of ``x``, but not ``y``.
Copy file name to clipboardExpand all lines: docs/language/learn-ql/introduction-to-ql.rst
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,7 +1,7 @@
1
1
Introduction to QL
2
2
==================
3
3
4
-
QL is a powerful query language that underlies CodeQL, which is used to analyze code.
4
+
QL is the powerful query language that underlies CodeQL, which is used to analyze code.
5
5
Queries written with CodeQL can find errors and uncover variants of important security vulnerabilities.
6
6
Visit Semmle's `security research page <https://lgtm.com/security>`__ to read about examples of vulnerabilities that we have recently found in open source projects.
Copy file name to clipboardExpand all lines: docs/language/learn-ql/writing-queries/introduction-to-queries.rst
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -30,7 +30,7 @@ For information on how to format your code when contributing queries to the GitH
30
30
Basic query structure
31
31
*********************
32
32
33
-
`Queries <https://help.semmle.com/QL/ql-handbook/queries.html>`__ written with CodeQL have the file extension ``.ql``, and contain a ``select`` clause. Many of the existing CodeQL queries include additional optional information, and have the following structure::
33
+
`Queries <https://help.semmle.com/QL/ql-handbook/queries.html>`__ written with CodeQL have the file extension ``.ql``, and contain a ``select`` clause. Many of the existing queries include additional optional information, and have the following structure::
34
34
35
35
/**
36
36
*
@@ -85,9 +85,9 @@ When writing your own alert queries, you would typically import the standard lib
85
85
- JavaScript/TypeScript: ``javascript``
86
86
- Python: ``python``
87
87
88
-
There are also CodeQL libraries containing commonly used predicates, types, and other modules associated with different analyses, including data flow, control flow, and taint-tracking. In order to calculate path graphs, path queries require you to import a data flow library into the query file. See :doc:`Constructing path queries <path-queries>` for further information.
88
+
There are also libraries containing commonly used predicates, types, and other modules associated with different analyses, including data flow, control flow, and taint-tracking. In order to calculate path graphs, path queries require you to import a data flow library into the query file. See :doc:`Constructing path queries <path-queries>` for further information.
89
89
90
-
You can explore the contents of all the standard CodeQL libraries in the `CodeQL library reference documentation <https://help.semmle.com/wiki/display/QL/QL+standard+libraries>`__, using `QL for Eclipse <https://help.semmle.com/ql-for-eclipse/Content/WebHelp/standard-queries.html>`__, or in the `GitHub repository <https://github.com/semmle/ql>`__.
90
+
You can explore the contents of all the standard libraries in the `CodeQL library reference documentation <https://help.semmle.com/wiki/display/QL/QL+standard+libraries>`__, using `QL for Eclipse <https://help.semmle.com/ql-for-eclipse/Content/WebHelp/z-queries.html>`__, or in the `GitHub repository <https://github.com/semmle/ql>`__.
Copy file name to clipboardExpand all lines: docs/language/learn-ql/writing-queries/path-queries.rst
+4-4Lines changed: 4 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,7 +6,7 @@ Overview
6
6
7
7
Security researchers are particularly interested in the way that information flows in a program. Many vulnerabilities are caused by seemingly benign data flowing to unexpected locations, and being used in a malicious way.
8
8
Path queries written with CodeQL are particularly useful for analyzing data flow as they can be used to track the path taken by a variable from its possible starting points (``source``) to its possible end points (``sink``).
9
-
To model paths with CodeQL, your query must provide information about the ``source`` and the ``sink``, as well as the data flow steps that link them.
9
+
To model paths, your query must provide information about the ``source`` and the ``sink``, as well as the data flow steps that link them.
10
10
11
11
This topic provides information on how to structure a path query file so you can explore the paths associated with the results of data flow analysis.
12
12
@@ -18,7 +18,7 @@ This topic provides information on how to structure a path query file so you can
18
18
19
19
20
20
To learn more about modeling data flow with CodeQL, see :doc:`Introduction to data flow <../intro-to-data-flow>`.
21
-
For more language-specific information on analyzing data flow see:
21
+
For more language-specific information on analyzing data flow, see:
22
22
23
23
- :doc:`Analyzing data flow in C/C++ <../cpp/dataflow>`
24
24
- :doc:`Analyzing data flow in C# <../csharp/dataflow>`
@@ -103,7 +103,7 @@ Generating path explanations
103
103
In order to generate path explanations, your query needs to compute a `path graph <https://en.wikipedia.org/wiki/Path_graph>`__.
104
104
To do this you need to define a `query predicate <https://help.semmle.com/QL/ql-handbook/queries.html#query-predicates>`__ called ``edges`` in your query.
105
105
This predicate defines the edge relations of the graph you are computing, and it is used to compute the paths related to each result that your query generates.
106
-
You can import a predefined ``edges`` predicate from a path graph module in one of the standard CodeQL data flow libraries. In addition to the path graph module, the data flow libraries contain the other ``classes``, ``predicates``, and ``modules`` that are commonly used in data flow analysis. The import statement to use depends on the language that you are analyzing.
106
+
You can import a predefined ``edges`` predicate from a path graph module in one of the standard data flow libraries. In addition to the path graph module, the data flow libraries contain the other ``classes``, ``predicates``, and ``modules`` that are commonly used in data flow analysis. The import statement to use depends on the language that you are analyzing.
107
107
108
108
For C/C++, C#. Java, and JavaScript you would use::
109
109
@@ -115,7 +115,7 @@ For Python, the ``Paths`` module contains the ``edges`` predicate::
115
115
116
116
import semmle.python.security.Paths
117
117
118
-
You can also import libraries specifically designed to implement data flow analysis in various common frameworks and environments, and many additional libraries are included with CodeQL. To see examples of the different libraries used in data flow analysis, see the links to the built-in queries above or browse the `standard CodeQL libraries <https://help.semmle.com/wiki/display/QL/QL+standard+libraries>`__.
118
+
You can also import libraries specifically designed to implement data flow analysis in various common frameworks and environments, and many additional libraries are included with CodeQL. To see examples of the different libraries used in data flow analysis, see the links to the built-in queries above or browse the `standard libraries <https://help.semmle.com/wiki/display/QL/QL+standard+libraries>`__.
119
119
120
120
For all languages, you can also optionally define a ``nodes`` query predicate, which specifies the nodes of the path graph that you are interested in. If ``nodes`` is defined, only edges with endpoints defined by these nodes are selected. If ``nodes`` is not defined, you select all possible endpoints of ``edges``.
0 commit comments