You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/language/learn-ql/intro-to-data-flow.rst
+4-3Lines changed: 4 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,10 +1,11 @@
1
-
Introduction to data flow analysis with CodeQL
2
-
##############################################
1
+
About data flow analysis
2
+
########################
3
+
4
+
Data flow analysis is used to compute the possible values that a variable can hold at various points in a program, determining how those values propagate through the program and where they are used.
3
5
4
6
Overview
5
7
********
6
8
7
-
Data flow analysis computes the possible values that a variable can hold at various points in a program, determining how those values propagate through the program and where they are used.
8
9
Many CodeQL security queries implement data flow analysis, which can highlight the fate of potentially malicious or insecure data that can cause vulnerabilities in your code base.
9
10
These queries help you understand if data is used in an insecure way, whether dangerous arguments are passed to functions, or whether sensitive data can leak.
10
11
As well as highlighting potential security issues, you can also use data flow analysis to understand other aspects of how a program behaves, by finding, for example, uses of uninitialized variables and resource leaks.
Copy file name to clipboardExpand all lines: docs/language/learn-ql/locations.rst
+3Lines changed: 3 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -3,6 +3,9 @@ Locations and strings for QL entities
3
3
4
4
.. Not sure how much of this topic needs to change, and what the title should be
5
5
6
+
CodeQL includes mechanisms for extracting the location of elements in a codebase. Use these mechanisms when writing custom CodeQL queries and libraries to help display information to users.
Copy file name to clipboardExpand all lines: docs/language/learn-ql/writing-queries/debugging-queries.rst
+7-4Lines changed: 7 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,5 +1,10 @@
1
-
Query writing: common performance issues
2
-
========================================
1
+
Troubleshooting query performance
2
+
=================================
3
+
4
+
Improve the performance of your CodeQL queries by following a few simple guidelines.
5
+
6
+
About query performance
7
+
-----------------------
3
8
4
9
This topic offers some simple tips on how to avoid common problems that can affect the performance of your queries.
5
10
Before reading the tips below, it is worth reiterating a few important points about CodeQL and the QL language:
@@ -19,9 +24,7 @@ Eliminate cartesian products
19
24
The performance of a predicate can often be judged by considering roughly how many results it has.
20
25
One way of creating badly performing predicates is by using two variables without relating them in any way, or only relating them using a negation.
21
26
This leads to computing the `Cartesian product <https://en.wikipedia.org/wiki/Cartesian_product>`__ between the sets of possible values for each variable, potentially generating a huge table of results.
22
-
23
27
This can occur if you don't specify restrictions on your variables.
24
-
25
28
For instance, consider the following predicate that checks whether a Java method ``m`` may access a field ``f``::
Copy file name to clipboardExpand all lines: docs/language/learn-ql/writing-queries/introduction-to-queries.rst
+9-7Lines changed: 9 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,14 +1,17 @@
1
-
Introduction to query files
2
-
###########################
1
+
About CodeQL queries
2
+
####################
3
+
4
+
CodeQL queries are used to analyze code for issues related to security, correctness, maintainability, and readability.
3
5
4
6
Overview
5
7
********
6
8
7
-
Queries are programs written with CodeQL. They are designed to highlight issues related to the security, correctness, maintainability, and readability of a code base. You can also write custom queries to find specific issues relevant to your own project. Three important types of query are:
9
+
CodeQL includes queries to find the relevant and interesting problems for a each supported language. You can also write custom queries to find specific issues relevant to your own project.
10
+
11
+
The important types of query are:
8
12
9
13
- **Alert queries**: queries that highlight issues in specific locations in your code.
10
14
- **Path queries**: queries that describe the flow of information between a source and a sink in your code.
11
-
- **Metric queries**: queries that compute statistics for your code.
12
15
13
16
You can add custom queries to `custom query packs <https://lgtm.com/help/lgtm/about-queries#what-are-query-packs>`__ to analyze your projects in `LGTM <https://lgtm.com>`__, use them to analyze a database with the `CodeQL CLI <https://help.semmle.com/codeql/codeql-cli.html>`__, or you can contribute to the standard CodeQL queries in our `open source repository on GitHub <https://github.com/semmle/ql>`__.
14
17
@@ -78,7 +81,7 @@ When writing your own alert queries, you would typically import the standard lib
78
81
79
82
- C/C++: ``cpp``
80
83
- C#: ``csharp``
81
-
- COBOL: ``cobol``
84
+
- Go: ``go``
82
85
- Java: ``java``
83
86
- JavaScript/TypeScript: ``javascript``
84
87
- Python: ``python``
@@ -87,11 +90,10 @@ There are also libraries containing commonly used predicates, types, and other m
87
90
88
91
You can explore the contents of all the standard libraries in the `CodeQL library reference documentation <https://help.semmle.com/QL/ql-libraries.html>`__ or in the `GitHub repository <https://github.com/semmle/ql>`__.
89
92
90
-
91
93
Optional CodeQL classes and predicates
92
94
--------------------------------------
93
95
94
-
You can customize your analysis by defining your own predicates and classes in the query. See `Defining a predicate <https://help.semmle.com/QL/ql-handbook/predicates.html#defining-a-predicate>`__ and `Defining a class <https://help.semmle.com/QL/ql-handbook/types.html#defining-a-class>`__ for further details.
96
+
You can customize your analysis by defining your own predicates and classes in the query. For further information, see `Defining a predicate <https://help.semmle.com/QL/ql-handbook/predicates.html#defining-a-predicate>`__ and `Defining a class <https://help.semmle.com/QL/ql-handbook/types.html#defining-a-class>`__.
Copy file name to clipboardExpand all lines: docs/language/learn-ql/writing-queries/query-help.rst
+4-2Lines changed: 4 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,5 +1,7 @@
1
-
Query help reference
2
-
********************
1
+
Query help files
2
+
****************
3
+
4
+
Query help files tell users the purpose of a query, and recommend how to solve the potential problem the query finds.
3
5
4
6
This topic provides detailed information on the structure of query help files.
5
7
For more information about how to write useful query help in a style that is consistent with the standard CodeQL queries, see the `Query help style guide <https://github.com/Semmle/ql/blob/master/docs/query-help-style-guide.md>`__ on GitHub.
Copy file name to clipboardExpand all lines: docs/language/learn-ql/writing-queries/query-metadata.rst
+7-2Lines changed: 7 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,5 +1,10 @@
1
-
Query metadata
2
-
==============
1
+
Metadata for CodeQL queries
2
+
===========================
3
+
4
+
Metadata is used to tell users important information about CodeQL queries. You must include the correct query metadata in a query to be able to view query results in source code.
5
+
6
+
About query metadata
7
+
--------------------
3
8
4
9
Any query that is run as part of an analysis includes a number of properties, known as query metadata. Metadata is included at the top of each query file as the content of a `QLDoc <https://help.semmle.com/QL/ql-spec/qldoc.html>`__ comment.
5
10
For alerts and path queries, this metadata tells LGTM and the CodeQL `extension for VS Code <https://help.semmle.com/codeql/codeql-for-vscode.html>`__ how to handle the query and display its results correctly.
Copy file name to clipboardExpand all lines: docs/language/learn-ql/writing-queries/select-statement.rst
+7-2Lines changed: 7 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,5 +1,10 @@
1
-
Defining 'select' statements
2
-
============================
1
+
Defining the results of a query
2
+
===============================
3
+
4
+
You can control how analysis results are displayed in source code by modifying a query's ``select`` statement.
5
+
6
+
About query results
7
+
-------------------
3
8
4
9
The information contained in the results of a query is controlled by the ``select`` statement. Part of the process of developing a useful query is to make the results clear and easy for other users to understand.
5
10
When you write your own queries in the query console or in the CodeQL `extension for VS Code <https://help.semmle.com/codeql/codeql-for-vscode.html>`__ there are no constraints on what can be selected.
0 commit comments