Merge pull request #1842 from jf205/add-java-slides/sd-3762

docs: add rst versions of java training slides

Author: Felicity Chapman

docs/language/ql-training-rst/_static-training/java-data-flow-code-example.svg

@@ -134,7 +134,7 @@
 {% endblock %}
 </head>
 <body style="opacity: 0">
-  <div class="wrapper" id="wrapper">
+
 <slides class="layout-widescreen" id="slides">
 
 <!--  {% include "title_slide.html" %} -->
@@ -146,7 +146,7 @@
   <slide class="backdrop"></slide>
 
 </slides>
-</div>
+
 
 
 <!--[if IE]>

docs/language/ql-training-rst/_static-training/java-expression-ast.svg

@@ -285,7 +285,8 @@ slides > slide.current .gdbar {
 }
 /* line 112, ../scss/default.scss */
 slides > slide.next {
-  display: block;
+  /*display: block;*/
+  display: none;
   opacity: 0;
   pointer-events: none;
 }
@@ -407,7 +408,7 @@ slides.layout-faux-widescreen > slide.current {
 /* line 238, ../scss/default.scss */
 slides.layout-widescreen > slide.next,
 slides.layout-faux-widescreen > slide.next {
-  display: block;
+  /*display: block;*/
   opacity: 0;
   pointer-events: none;
 }
@@ -744,11 +745,7 @@ table tr:nth-child(odd) {
 table th {
   color: white;
   font-size: 1em;
-  background: url('data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4gPHN2ZyB2ZXJzaW9uPSIxLjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+PGRlZnM+PGxpbmVhckdyYWRpZW50IGlkPSJncmFkIiBncmFkaWVudFVuaXRzPSJvYmplY3RCb3VuZGluZ0JveCIgeDE9IjAuNSIgeTE9IjAuMCIgeDI9IjAuNSIgeTI9IjEuMCI+PHN0b3Agb2Zmc2V0PSI0MCUiIHN0b3AtY29sb3I9IiM0Mzg3ZmQiLz48c3RvcCBvZmZzZXQ9IjgwJSIgc3RvcC1jb2xvcj0iIzJhN2NkZiIvPjwvbGluZWFyR3JhZGllbnQ+PC9kZWZzPjxyZWN0IHg9IjAiIHk9IjAiIHdpZHRoPSIxMDAlIiBoZWlnaHQ9IjEwMCUiIGZpbGw9InVybCgjZ3JhZCkiIC8+PC9zdmc+IA==') no-repeat;
-  background: -webkit-gradient(linear, 50% 0%, 50% 100%, color-stop(40%, #4387fd), color-stop(80%, #2a7cdf)) no-repeat;
-  background: -moz-linear-gradient(top, #4387fd 40%, #2a7cdf 80%) no-repeat;
-  background: -webkit-linear-gradient(top, #4387fd 40%, #2a7cdf 80%) no-repeat;
-  background: linear-gradient(to bottom, #4387fd 40%, #2a7cdf 80%) no-repeat;
+  background: grey;
 }
 /* line 494, ../scss/default.scss */
 table td, table th {
@@ -758,17 +755,16 @@ table td, table th {
 /* line 499, ../scss/default.scss */
 table td.highlight {
   color: #515151;
-  background: url('data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4gPHN2ZyB2ZXJzaW9uPSIxLjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+PGRlZnM+PGxpbmVhckdyYWRpZW50IGlkPSJncmFkIiBncmFkaWVudFVuaXRzPSJvYmplY3RCb3VuZGluZ0JveCIgeDE9IjAuNSIgeTE9IjAuMCIgeDI9IjAuNSIgeTI9IjEuMCI+PHN0b3Agb2Zmc2V0PSI0MCUiIHN0b3AtY29sb3I9IiNmZmQxNGQiLz48c3RvcCBvZmZzZXQ9IjgwJSIgc3RvcC1jb2xvcj0iI2Y2YzAwMCIvPjwvbGluZWFyR3JhZGllbnQ+PC9kZWZzPjxyZWN0IHg9IjAiIHk9IjAiIHdpZHRoPSIxMDAlIiBoZWlnaHQ9IjEwMCUiIGZpbGw9InVybCgjZ3JhZCkiIC8+PC9zdmc+IA==') no-repeat;
-  background: -webkit-gradient(linear, 50% 0%, 50% 100%, color-stop(40%, #ffd14d), color-stop(80%, #f6c000)) no-repeat;
-  background: -moz-linear-gradient(top, #ffd14d 40%, #f6c000 80%) no-repeat;
-  background: -webkit-linear-gradient(top, #ffd14d 40%, #f6c000 80%) no-repeat;
-  background: linear-gradient(to bottom, #ffd14d 40%, #f6c000 80%) no-repeat;
+  background: grey;
 }
 /* line 504, ../scss/default.scss */
 table.rows {
   border-bottom: none;
   border-right: 1px solid #797979;
 }
+table td {
+  background: white;
+}
 
 /* line 510, ../scss/default.scss */
 q {
@@ -1013,18 +1009,24 @@ article.smaller q:before, article.smaller q:after {
   background-image: -webkit-radial-gradient(50% 50%, #b1dfff 0%, #4387fd 600px);
   background-image: radial-gradient(50% 50%, #b1dfff 0%, #4387fd 600px);
 }
+
+/* the popup class is used to display the speaker notes when 'presenter' view 
+   is enabled. This view is not currently optimal, so certain selectors have been commented-out,
+   with a view to improving the styles at a later date */
+
+
 /* line 684, ../scss/default.scss */
-.with-notes.popup slide.next {
+/*.with-notes.popup slide.next {
   -moz-transform: translate3d(570px, 80px, 0) scale(0.35);
   -ms-transform: translate3d(570px, 80px, 0) scale(0.35);
   -webkit-transform: translate3d(570px, 80px, 0) scale(0.35);
   transform: translate3d(570px, 80px, 0) scale(0.35);
   opacity: 1 !important;
-}
+}*/
 /* line 688, ../scss/default.scss */
-.with-notes.popup slide.next .note {
+/*.with-notes.popup slide.next .note {
   display: none !important;
-}
+}*/
 /* line 694, ../scss/default.scss */
 .with-notes.popup .note {
   width: 109%;
@@ -1168,7 +1170,7 @@ article.smaller q:before, article.smaller q:after {
 
 /* Clickable/tappable areas */
 /* line 773, ../scss/default.scss */
-.slide-area {
+/*.slide-area {
   z-index: 1000;
   position: absolute;
   left: 0;
@@ -1179,7 +1181,7 @@ article.smaller q:before, article.smaller q:after {
   top: 50%;
   cursor: pointer;
   margin-top: -350px;
-}
+}*/
 
 /* line 790, ../scss/default.scss */
 #prev-slide-area {
@@ -1469,6 +1471,15 @@ hgroup .pre {
   color: white;
 }
 
+.subheading {
+  position: absolute;
+  top: 62.5%;
+}
+
+.subheading p {
+  position: relative;
+}
+
 /* purple background slides (new section)*/
 
 .background2 {  
@@ -1593,7 +1604,7 @@ p.first.admonition-title {
   width: inherit;
 }
 
-/* images */
+/********* images ************/
 /* general styles to scale and centre images*/
 
 .image-box {
@@ -1606,7 +1617,7 @@ img {
   margin: auto;
 }
 
-/* deck-specific styles for individual images*/
+/********* deck-specific styles for individual images *********/
 /* intro to ql */
 img.analysis {
   width: 90%;
@@ -1619,6 +1630,26 @@ img.analysis {
   right: -10%;
 }
 
+.java-expression-ast {
+  background-image: url("../../java-expression-ast.svg");
+  background-size: cover;
+}
+
+/* java data flow code example */
+
+.java-data-flow-code-example {
+  background-image: url("../../java-data-flow-code-example.svg");
+  background-size: cover;
+}
+
+/* extra global data flow slies*/
+
+.mismatched-calls-and-returns {
+  background-image: url("../../mismatched-calls-and-returns.svg");
+  background-size: cover;
+}
+
+/******* Other custom styles *******/
 /* custom styles for lists*/
 
 ol {

docs/language/ql-training-rst/_static-training/mismatched-calls-and-returns.svg

@@ -24,7 +24,11 @@ For this example you should download:
 
    You can query the project in `the query console <https://lgtm.com/query/project:2034240708/lang:cpp/>`__ on LGTM.com.
 
-   Note that results generated in the query console are likely to differ to those generated in the QL plugin as LGTM.com analyzes the most recent revisions of each project that has been added–the snapshot available to download above is based on an historical version of the code base.
+   .. insert snapshot-note.rst to explain differences between snapshot available to download and the version available in the query console.
+
+   .. include:: ../slide-snippets/snapshot-note.rst
+
+   .. resume slides
 
 Checking for overflow in C
 ==========================

docs/language/ql-training-rst/_static-training/slides-semmle-2/layout.html

@@ -26,7 +26,11 @@ For this example you should download:
 
    You can query the project in `the query console <https://lgtm.com/query/project:2034240708/lang:cpp/>`__ on LGTM.com.
 
-   Note that results generated in the query console are likely to differ to those generated in the QL plugin as LGTM.com analyzes the most recent revisions of each project that has been added–the snapshot available to download above is based on an historical version of the code base.
+   .. insert snapshot-note.rst to explain differences between snapshot available to download and the version available in the query console.
+
+   .. include:: ../slide-snippets/snapshot-note.rst
+
+   .. resume slides
 
 
 .. rst-class:: agenda

docs/language/ql-training-rst/_static-training/slides-semmle-2/static/theme/css/default.css

@@ -24,7 +24,11 @@ For this example you should download:
 
    You can query the project in `the query console <https://lgtm.com/query/projects:1505958977333/lang:cpp/>`__ on LGTM.com.
 
-   Note that results generated in the query console are likely to differ to those generated in the QL plugin as LGTM.com analyzes the most recent revisions of each project that has been added–the snapshot available to download above is based on an historical version of the code base.
+   .. insert snapshot-note.rst to explain differences between snapshot available to download and the version available in the query console.
+
+   .. include:: ../slide-snippets/snapshot-note.rst
+
+   .. resume slides
 
 .. rst-class:: agenda
 
@@ -114,162 +118,11 @@ We need something better.
 
   What we need is a way to determine whether the format argument is ever set to something that is not constant.
 
-Data flow analysis
-==================
-
-- Models flow of data through the program.
-- Implemented in the module ``semmle.code.cpp.dataflow.DataFlow``.
-- Class ``DataFlow::Node`` represents program elements that have a value, such as expressions and function parameters.
-
-  - Nodes of the data flow graph.
-
-- Various predicated represent flow between these nodes.
-  
-  - Edges of the data flow graph.
-
-.. note::
-
-  The solution here is to use *data flow*. Data flow is, as the name suggests, about tracking the flow of data through the program. It helps answers questions like: *does this expression ever hold a value that originates from a particular other place in the program*?
-
-  We can visualize the data flow problem as one of finding paths through a directed graph, where the nodes of the graph are elements in the program, and the edges represent the flow of data between those elements. If a path exists, then the data flows between those two edges.
-
-Data flow graphs
-================
-
-.. container:: column-left
-
-   Example:
-
-   .. code-block:: cpp
-
-      int func(int, tainted) {
-         int x = tainted;
-         if (someCondition) {
-           int y = x;
-           callFoo(y);
-         } else {
-           return x;
-         }
-         return -1;
-      }
- 
-.. container:: column-right
-
-  Data flow graph:
-   
-      .. graphviz::
-         
-            digraph {
-            graph [ dpi = 1000 ]
-            node [shape=polygon,sides=4,color=blue4,style="filled,rounded",   fontname=consolas,fontcolor=white]
-            a [label=<tainted<BR /><FONT POINT-SIZE="10">ParameterNode</FONT>>]
-            b [label=<tainted<BR /><FONT POINT-SIZE="10">ExprNode</FONT>>]
-            c [label=<x<BR /><FONT POINT-SIZE="10">ExprNode</FONT>>]
-            d [label=<x<BR /><FONT POINT-SIZE="10">ExprNode</FONT>>]
-            e [label=<y<BR /><FONT POINT-SIZE="10">ExprNode</FONT>>]
-   
-            a -> b
-            b -> {c, d}
-            c -> e
-   
-         }
-
-Local vs global data flow
-=========================
-
-- Local (“intra-procedural”) data flow models flow within one function; feasible to compute for all functions in a snapshot
-- Global (“inter-procedural”) data flow models flow across function calls; not feasible to compute for all functions in a snapshot
-- Different APIs, so discussed separately
-- This slide deck focuses on the former.
-
-.. note::
-
-  For further information, see:
-
-  - `Introduction to data flow analysis in QL <https://help.semmle.com/QL/learn-ql/ql/intro-to-data-flow.html>`__
-  - `Analyzing data flow in C/C++ <https://help.semmle.com/QL/learn-ql/ql/cpp/dataflow.html>`__
-
-.. rst-class:: background2
-
-Local data flow
-===============
-
-Importing data flow
-===================
-
-To use the data flow library, add the following import:
-
-.. code-block:: ql
-
-   import semmle.code.cpp.dataflow.DataFlow
-
-**Note**: this library contains an explicit “module” declaration:
-
-.. code-block:: ql
-
-   module DataFlow {
-     class Node extends ... { ... }
-     predicate localFlow(Node source, Node sink) {
-               localFlowStep*(source, sink)
-            }
-     ... 
-   }
-
-So all references will need to be qualified (that is, ``DataFlow::Node``)
-
-.. note::
-
-  A **query library** is file with the extension ``.qll``. Query libraries do not contain a query clause, but may contain modules, classes, and predicates. For example, the `C/C++ data flow library <https://help.semmle.com/qldoc/cpp/semmle/code/cpp/dataflow/DataFlow.qll/module.DataFlow.html>`__ is contained in the ``semmle/code/cpp/dataflow/DataFlow.qll`` QLL file, and can be imported as shown above.
-
-  A **module** is a way of organizing QL code by grouping together related predicates, classes, and (sub-)modules. They can be either explicitly declared or implicit. A query library implicitly declares a module with the same name as the QLL file.
-
-  For further information on libraries and modules in QL, see the chapter on `Modules <https://help.semmle.com/QL/ql-handbook/modules.html>`__ in the QL language handbook.
-
-  For further information on importing QL libraries and modules, see the chapter on `Name resolution <https://help.semmle.com/QL/ql-handbook/name-resolution.html>`__ in the QL language handbook.
-
-Data flow graph
-===============
-
-- Class ``DataFlow::Node`` represents data flow graph nodes
-- Predicate ``DataFlow::localFlowStep`` represents local data flow graph edges, ``DataFlow::localFlow`` is its transitive closure
-- Data flow graph nodes are *not* AST nodes, but they correspond to AST nodes, and there are predicates for mapping between them:
-
-  - ``Expr Node.asExpr()``
-  - ``Parameter Node.asParameter()``
-  - ``DataFlow::Node DataFlow::exprNode(Expr e)``
-  - ``DataFlow::Node DataFlow::parameterNode(Parameter p)``
-  - ``etc.``
-
-.. note::
-
-  The ``DataFlow::Node`` class is shared between both the local and global data flow graphs–the primary difference is the edges, which in the “global” case can link different functions.
-
-  ``localFlowStep`` is the “single step” flow relation–that is, it describes single edges in the local data flow graph. ``localFlow`` represents the `transitive <https://help.semmle.com/QL/ql-handbook/recursion.html#transitive-closures>`__ closure of this relation–in other words, it contains every pair of nodes where the second node is reachable from the first in the data flow graph.
-
-  The data flow graph is separate from the `AST <https://en.wikipedia.org/wiki/Abstract_syntax_tree>`__, to allow for flexibility in how data flow is modeled. There are a small number of data flow node types–expression nodes, parameter nodes, uninitialized variable nodes, and definition by reference nodes. Each node provides mapping functions to and from the relevant AST (for example ``Expr``, ``Parameter`` etc.) or symbol table (for example ``Variable``) classes.
-
-Taint tracking
-==============
-
-- Usually, we want to generalise slightly by not only considering plain data flow, but also “taint” propagation, that is, whether a value is influenced by or derived from another.
-
-- Examples:
-
-  .. code-block:: cpp
-  
-    sink = source;        // source -> sink: data and taint
-    strcat(sink, source); // source -> sink: taint, not data
-
-- Library ``semmle.code.cpp.dataflow.TaintTracking`` provides predicates for tracking taint:
-
-  - ``TaintTracking::localTaintStep`` represents one (local) taint step 
-  - ``TaintTracking::localTaint`` is its transitive closure.
-
-.. note::
+.. include general data flow slides
 
-  Taint tracking can be thought of as another type of data flow graph. It usually extends the standard data flow graph for a problem by adding edges between nodes where one one node influences or *taints* another.
+.. include:: ../slide-snippets/local-data-flow.rst
 
-  The `API <https://help.semmle.com/qldoc/cpp/semmle/code/cpp/dataflow/TaintTracking.qll/module.TaintTracking.html>`__ is almost identical to that of the local data flow. All we need to do to switch to taint tracking is ``import semmle.code.cpp.dataflow.TaintTracking`` instead of ``semmle.code.cpp.dataflow.DataFlow``, and instead of using ``localFlow``, we use ``localTaint``.
+.. resume language-specific slides
 
 Exercise: source nodes
 ======================
@@ -343,4 +196,4 @@ Beyond local data flow
 - Results are still underwhelming.
 - Dealing with parameter passing becomes cumbersome.
 - Instead, let’s turn the problem around and find user-controlled data that flows into a ``printf`` format argument, potentially through calls.
-- This needs :doc:`global data flow <global-data-flow-cpp>`.
+- This needs :doc:`global data flow <global-data-flow-cpp>`.