|
1 | 1 | # Contributing to CodeQL |
2 | 2 |
|
3 | | -We welcome contributions to our standard library and standard checks. Got an idea for a new check, or how to improve an existing query? Then please go ahead and open a pull request! |
| 3 | +We welcome contributions to our CodeQL libraries and queries. Got an idea for a new check, or how to improve an existing query? Then please go ahead and open a pull request! |
4 | 4 |
|
5 | | -Before we accept your pull request, we require that you have agreed to our Contributor License Agreement, this is not something that you need to do before you submit your pull request, but until you've done so, we will be unable to accept your contribution. |
| 5 | +There is lots of useful documentation to help you write queries, ranging from information about query file structure to tutorials for specific target languages. For more information on the documentation available, see [Writing CodeQL queries](https://help.semmle.com/QL/learn-ql/writing-queries/writing-queries.html) on [help.semmle.com](https://help.semmle.com). |
6 | 6 |
|
7 | | -## Adding a new query |
8 | 7 |
|
9 | | -If you have an idea for a query that you would like to share with other Semmle users, please open a pull request to add it to this repository. |
10 | | -Follow the steps below to help other users understand what your query does, and to ensure that your query is consistent with the other Semmle queries. |
| 8 | +## Submitting a new experimental query |
11 | 9 |
|
12 | | -1. **Consult the documentation for query writers** |
| 10 | +If you have an idea for a query that you would like to share with other CodeQL users, please open a pull request to add it to this repository. New queries start out in a `<language>/ql/src/experimental` directory, to which they can be merged when they meet the following requirements. |
13 | 11 |
|
14 | | - There is lots of useful documentation to help you write queries, ranging from information about query file structure to tutorials for specific target languages. For more information on the documentation available, see [Writing CodeQL queries](https://help.semmle.com/QL/learn-ql/writing-queries/writing-queries.html) on [help.semmle.com](https://help.semmle.com). |
| 12 | +1. **Directory structure** |
15 | 13 |
|
16 | | -2. **Format your code correctly** |
| 14 | + There are five language-specific query directories in this repository: |
17 | 15 |
|
18 | | - All of Semmle's standard queries and libraries are uniformly formatted for clarity and consistency, so we strongly recommend that all contributions follow the same formatting guidelines. If you use CodeQL for VS Code, you can autoformat your query in the [Editor](https://help.semmle.com/codeql/codeql-for-vscode/reference/editor.html#autoformatting). For more information, see the [CodeQL style guide](https://github.com/Semmle/ql/blob/master/docs/ql-style-guide.md). |
| 16 | + * C/C++: `cpp/ql/src` |
| 17 | + * C#: `csharp/ql/src` |
| 18 | + * Java: `java/ql/src` |
| 19 | + * JavaScript: `javascript/ql/src` |
| 20 | + * Python: `python/ql/src` |
19 | 21 |
|
20 | | -3. **Make sure your query has the correct metadata** |
| 22 | + Each language-specific directory contains further subdirectories that group queries based on their `@tags` or purpose. |
| 23 | + - Experimental queries and libraries are stored in the `experimental` subdirectory within each language-specific directory in the [CodeQL repository](https://github.com/Semmle/ql). For example, experimental Java queries and libraries are stored in `java/ql/src/experimental` and any corresponding tests in `java/ql/test/experimental`. |
| 24 | + - The structure of an `experimental` subdirectory mirrors the structure of its parent directory. |
| 25 | + - Select or create an appropriate directory in `experimental` based on the existing directory structure of `experimental` or its parent directory. |
21 | 26 |
|
22 | | - Query metadata is used by Semmle's analysis to identify your query and make sure the query results are displayed properly. |
23 | | - The most important metadata to include are the `@name`, `@description`, and the `@kind`. |
24 | | - Other metadata properties (`@precision`, `@severity`, and `@tags`) are usually added after the query has been reviewed by Semmle staff. |
25 | | - For more information on writing query metadata, see the [Query metadata style guide](https://github.com/Semmle/ql/blob/master/docs/query-metadata-style-guide.md). |
| 27 | +2. **Query metadata** |
26 | 28 |
|
27 | | -4. **Make sure the `select` statement is compatible with the query type** |
| 29 | + - The query `@id` must conform to all the requirements in the [guide on query metadata](docs/query-metadata-style-guide.md#query-id-id). In particular, it must not clash with any other queries in the repository, and it must start with the appropriate language-specific prefix. |
| 30 | + - The query must have a `@name` and `@description` to explain its purpose. |
| 31 | + - The query must have a `@kind` and `@problem.severity` as required by CodeQL tools. |
28 | 32 |
|
29 | | - The `select` statement of your query must be compatible with the query type (determined by the `@kind` metadata property) for alert or path results to be displayed correctly in LGTM and CodeQL for VS Code. |
30 | | - For more information on `select` statement format, see [Introduction to query files](https://help.semmle.com/QL/learn-ql/writing-queries/introduction-to-queries.html#select-clause) on help.semmle.com. |
| 33 | + For details, see the [guide on query metadata](docs/query-metadata-style-guide.md). |
31 | 34 |
|
32 | | -5. **Save your query in a `.ql` file in the correct language directory in this repository** |
| 35 | + Make sure the `select` statement is compatible with the query `@kind`. See [Introduction to query files](https://help.semmle.com/QL/learn-ql/writing-queries/introduction-to-queries.html#select-clause) on help.semmle.com. |
33 | 36 |
|
34 | | - There are five language-specific directories in this repository: |
35 | | - |
36 | | - * C/C++: `ql/cpp/ql/src` |
37 | | - * C#: `ql/csharp/ql/src` |
38 | | - * Java: `ql/java/ql/src` |
39 | | - * JavaScript: `ql/javascript/ql/src` |
40 | | - * Python: `ql/python/ql/src` |
| 37 | +3. **Formatting** |
41 | 38 |
|
42 | | - Each language-specific directory contains further subdirectories that group queries based on their `@tags` properties or purpose. Select the appropriate subdirectory for your new query, or create a new one if necessary. |
| 39 | + - The queries and libraries must be [autoformatted](https://help.semmle.com/codeql/codeql-for-vscode/reference/editor.html#autoformatting). |
43 | 40 |
|
44 | | -6. **Write a query help file** |
| 41 | +4. **Compilation** |
45 | 42 |
|
46 | | - Query help files explain the purpose of your query to other users. Write your query help in a `.qhelp` file and save it in the same directory as your new query. |
47 | | - For more information on writing query help, see the [Query help style guide](https://github.com/Semmle/ql/blob/master/docs/query-help-style-guide.md). |
| 43 | + - Compilation of the query and any associated libraries and tests must be resilient to future development of the [supported](docs/supported-queries.md) libraries. This means that the functionality cannot use internal libraries, cannot depend on the output of `getAQlClass`, and cannot make use of regexp matching on `toString`. |
| 44 | + - The query and any associated libraries and tests must not cause any compiler warnings to be emitted (such as use of deprecated functionality or missing `override` annotations). |
| 45 | + |
| 46 | +5. **Results** |
| 47 | + |
| 48 | + - The query must have at least one true positive result on some revision of a real project. |
| 49 | + |
| 50 | +6. **Contributor License Agreement** |
| 51 | + |
| 52 | + - The contributor can satisfy the [CLA](#contributor-license-agreement). |
| 53 | + |
| 54 | +Experimental queries and libraries may not be actively maintained as the [supported](docs/supported-queries.md) libraries evolve. They may also be changed in backwards-incompatible ways or may be removed entirely in the future without deprecation warnings. |
| 55 | + |
| 56 | +After the experimental query is merged, we welcome pull requests to improve it. Before a query can be moved out of the `experimental` subdirectory, it must satisfy [the requirements for being a supported query](docs/supported-queries.md). |
48 | 57 |
|
49 | 58 | ## Using your personal data |
50 | 59 |
|
51 | 60 | If you contribute to this project, we will record your name and email |
52 | 61 | address (as provided by you with your contributions) as part of the code |
53 | | -repositories, which might be made public. We might also use this information |
| 62 | +repositories, which are public. We might also use this information |
54 | 63 | to contact you in relation to your contributions, as well as in the |
55 | 64 | normal course of software development. We also store records of your |
56 | 65 | CLA agreements. Under GDPR legislation, we do this |
|
0 commit comments