You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: CONTRIBUTING.md
+7-7Lines changed: 7 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,4 +1,4 @@
1
-
# Contributing to QL
1
+
# Contributing to CodeQL
2
2
3
3
We welcome contributions to our standard library and standard checks. Got an idea for a new check, or how to improve an existing query? Then please go ahead and open a pull request!
4
4
@@ -9,13 +9,13 @@ Before we accept your pull request, we require that you have agreed to our Contr
9
9
If you have an idea for a query that you would like to share with other Semmle users, please open a pull request to add it to this repository.
10
10
Follow the steps below to help other users understand what your query does, and to ensure that your query is consistent with the other Semmle queries.
11
11
12
-
1.**Consult the QL documentation for query writers**
12
+
1.**Consult the documentation for query writers**
13
13
14
-
There is lots of useful documentation to help you write QL, ranging from information about query file structure to language-specific tutorials. For more information on the documentation available, see [Writing QL queries](https://help.semmle.com/QL/learn-ql/writing-queries/writing-queries.html) on [help.semmle.com](https://help.semmle.com).
14
+
There is lots of useful documentation to help you write queries, ranging from information about query file structure to tutorials for specific target languages. For more information on the documentation available, see [Writing CodeQL queries](https://help.semmle.com/QL/learn-ql/writing-queries/writing-queries.html) on [help.semmle.com](https://help.semmle.com).
15
15
16
-
2.**Format your QL correctly**
16
+
2.**Format your code correctly**
17
17
18
-
All of Semmle's standard QL queries and libraries are uniformly formatted for clarity and consistency, so we strongly recommend that all QL contributions follow the same formatting guidelines. If you use QL for Eclipse, you can auto-format your query in the [QL editor](https://help.semmle.com/ql-for-eclipse/Content/WebHelp/ql-editor.html). For more information, see the [QL style guide](https://github.com/Semmle/ql/blob/master/docs/ql-style-guide.md).
18
+
All of Semmle's standard queries and libraries are uniformly formatted for clarity and consistency, so we strongly recommend that all contributions follow the same formatting guidelines. If you use QL for Eclipse, you can auto-format your query in the [QL editor](https://help.semmle.com/ql-for-eclipse/Content/WebHelp/ql-editor.html). For more information, see the [CodeQL style guide](https://github.com/Semmle/ql/blob/master/docs/ql-style-guide.md).
19
19
20
20
3.**Make sure your query has the correct metadata**
21
21
@@ -29,7 +29,7 @@ Follow the steps below to help other users understand what your query does, and
29
29
The `select` statement of your query must be compatible with the query type (determined by the `@kind` metadata property) for alert or path results to be displayed correctly in LGTM and QL for Eclipse.
30
30
For more information on `select` statement format, see [Introduction to query files](https://help.semmle.com/QL/learn-ql/writing-queries/introduction-to-queries.html#select-clause) on help.semmle.com.
31
31
32
-
5.**Save your query in a `.ql` file in correct language directory in this repository**
32
+
5.**Save your query in a `.ql` file in the correct language directory in this repository**
33
33
34
34
There are five language-specific directories in this repository:
35
35
@@ -54,7 +54,7 @@ repositories, which might be made public. We might also use this information
54
54
to contact you in relation to your contributions, as well as in the
55
55
normal course of software development. We also store records of your
56
56
CLA agreements. Under GDPR legislation, we do this
57
-
on the basis of our legitimate interest in creating the QL product.
57
+
on the basis of our legitimate interest in creating the CodeQL product.
58
58
59
59
Please do get in touch ([email protected]) if you have any questions about
This open source repository contains the standard QL libraries and queries that power [LGTM](https://lgtm.com), and the other products that [Semmle](https://semmle.com) makes available to its customers worldwide.
3
+
This open source repository contains the standard CodeQL libraries and queries that power [LGTM](https://lgtm.com), and the other products that [Semmle](https://semmle.com) makes available to its customers worldwide.
4
4
5
-
## How do I learn QL and run queries?
5
+
## How do I learn CodeQL and run queries?
6
6
7
-
There is [extensive documentation](https://help.semmle.com/QL/learn-ql/) on getting started with writing QL.
8
-
You can use the [interactive query console](https://lgtm.com/help/lgtm/using-query-console) on LGTM.com or the [QL for Eclipse](https://lgtm.com/help/lgtm/running-queries-ide) plugin to try out your queries on any open-source project that's currently being analyzed.
7
+
There is [extensive documentation](https://help.semmle.com/QL/learn-ql/) on getting started with writing CodeQL.
8
+
You can use the [interactive query console](https://lgtm.com/help/lgtm/using-query-console) on LGTM.com or the [QL for Eclipse](https://lgtm.com/help/lgtm/running-queries-ide) plugin to try out your queries on any opensource project that's currently being analyzed.
9
9
10
10
## Contributing
11
11
12
-
We welcome contributions to our standard library and standard checks. Do you have an idea for a new check, or how to improve an existing query? Then please go ahead and open a pull request! Before you do, though, please take the time to read our [contributing guidelines](CONTRIBUTING.md). You can also consult our [style guides](https://github.com/Semmle/ql/tree/master/docs) to learn how to format your QL for consistency and clarity, how to write query metadata, and how to write query help documentation for your query.
12
+
We welcome contributions to our standard library and standard checks. Do you have an idea for a new check, or how to improve an existing query? Then please go ahead and open a pull request! Before you do, though, please take the time to read our [contributing guidelines](CONTRIBUTING.md). You can also consult our [style guides](https://github.com/Semmle/ql/tree/master/docs) to learn how to format your code for consistency and clarity, how to write query metadata, and how to write query help documentation for your query.
13
13
14
14
## License
15
15
16
-
The QL queries in this repository are licensed under [Apache License 2.0](LICENSE) by [Semmle](https://semmle.com).
16
+
The code in this repository is licensed under [Apache License 2.0](LICENSE) by [Semmle](https://semmle.com).
| Hard-coded Japanese era start date (`cpp/japanese-era/exact-era-date`) | reliability, japanese-era | This query is a combination of two old queries that were identical in purpose but separate as an implementation detail. This new query replaces Hard-coded Japanese era start date in call (`cpp/japanese-era/constructor-or-method-with-exact-era-date`) and Hard-coded Japanese era start date in struct (`cpp/japanese-era/struct-with-exact-era-date`). |
12
+
| Signed overflow check (`cpp/signed-overflow-check`) | correctness, reliability | Finds overflow checks that rely on signed integer addition to overflow, which has undefined behavior. Example: `a + b < a`. |
12
13
13
14
## Changes to existing queries
14
15
@@ -23,8 +24,10 @@ The following changes in version 1.23 affect C/C++ analysis in all applications.
23
24
| Too many arguments to formatting function (`cpp/too-many-format-arguments`) | Fewer false positive results | Fixed false positives resulting from mistmatching declarations of a formatting function. |
24
25
| Unclear comparison precedence (`cpp/comparison-precedence`) | Fewer false positive results | False positives involving template classes and functions have been fixed. |
25
26
| Comparison of narrow type with wide type in loop condition (`cpp/comparison-with-wider-type`) | Higher precision | The precision of this query has been increased to "high" as the alerts from this query have proved to be valuable on real-world projects. With this precision, results are now displayed by default in LGTM. |
27
+
| Non-constant format string (`cpp/non-constant-format`) | Fewer false positive results | Fixed false positives resulting from mistmatching declarations of a formatting function. |
28
+
| Wrong type of arguments to formatting function (`cpp/wrong-type-format-argument`) | More correct results and fewer false positive results | This query now understands explicitly specified argument numbers in format strings, such as the `1$` in `%1$s`. |
26
29
27
-
## Changes to QL libraries
30
+
## Changes to libraries
28
31
29
32
* The data-flow library has been extended with a new feature to aid debugging.
30
33
Instead of specifying `isSink(Node n) { any() }` on a configuration to
@@ -39,14 +42,25 @@ The following changes in version 1.23 affect C/C++ analysis in all applications.
39
42
definition of `x` when `x` is a variable of pointer type. It no longer
40
43
considers deep paths such as `f(&x.myField)` to be definitions of `x`. These
41
44
changes are in line with the user expectations we've observed.
45
+
* The data-flow library now makes it easier to specify barriers/sanitizers
46
+
arising from guards by overriding the predicate
47
+
`isBarrierGuard`/`isSanitizerGuard` on data-flow and taint-tracking
48
+
configurations respectively.
42
49
* There is now a `DataFlow::localExprFlow` predicate and a
43
50
`TaintTracking::localExprTaint` predicate to make it easy to use the most
44
51
common case of local data flow and taint: from one `Expr` to another.
45
52
* The member predicates of the `FunctionInput` and `FunctionOutput` classes have been renamed for
46
53
clarity (e.g. `isOutReturnPointer()` to `isReturnValueDeref()`). The existing member predicates
47
54
have been deprecated, and will be removed in a future release. Code that uses the old member
48
55
predicates should be updated to use the corresponding new member predicate.
56
+
* The predicates `Declaration.hasStdName()` and `Declaration.hasGlobalOrStdName`
57
+
have been added, simplifying handling of C++ standard library functions.
49
58
* The control-flow graph is now computed in QL, not in the extractor. This can
50
59
lead to regressions (or improvements) in how queries are optimized because
51
60
optimization in QL relies on static size estimates, and the control-flow edge
52
61
relations will now have different size estimates than before.
62
+
* Support has been added for non-type template arguments. This means that the
63
+
return type of `Declaration::getTemplateArgument()` and
64
+
`Declaration::getATemplateArgument` have changed to `Locatable`. See the
65
+
documentation for `Declaration::getTemplateArgument()` and
66
+
`Declaration::getTemplateArgumentKind()` for details.
| Deserialization of untrusted data (`cs/unsafe-deserialization-untrusted-input`) | security, external/cwe/cwe-502 | Finds flow of untrusted input to calls to unsafe deserializers. |
11
13
| Unsafe year argument for 'DateTime' constructor (`cs/unsafe-year-construction`) | reliability, date-time | Finds incorrect manipulation of `DateTime` values, which could lead to invalid dates. |
| Mishandling the Japanese era start date (`cs/mishandling-japanese-era`) | reliability, date-time | Finds hard-coded Japanese era start dates that could be invalid. |
13
16
14
17
## Changes to existing queries
@@ -24,7 +27,7 @@ The following changes in version 1.23 affect C# analysis in all applications.
24
27
25
28
*`nameof` expressions are now extracted correctly when the name is a namespace.
26
29
27
-
## Changes to QL libraries
30
+
## Changes to libraries
28
31
29
32
* The new class `NamespaceAccess` models accesses to namespaces, for example in `nameof` expressions.
30
33
* The data-flow library now makes it easier to specify barriers/sanitizers
@@ -43,5 +46,7 @@ The following changes in version 1.23 affect C# analysis in all applications.
43
46
* There is now a `DataFlow::localExprFlow` predicate and a
44
47
`TaintTracking::localExprTaint` predicate to make it easy to use the most
45
48
common case of local data flow and taint: from one `Expr` to another.
49
+
* Data is now tracked through null-coalescing expressions (`??`).
50
+
* A new library `semmle.code.csharp.Unification` has been added. This library exposes two predicates `unifiable` and `subsumes` for calculating type unification and type subsumption, respectively.
Copy file name to clipboardExpand all lines: change-notes/1.23/analysis-java.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -19,7 +19,7 @@ The following changes in version 1.23 affect Java analysis in all applications.
19
19
| Query built without neutralizing special characters (`java/concatenated-sql-query`) | More results | The query now identifies arguments to `Statement.executeLargeUpdate` and `Connection.prepareCall` as SQL expressions sinks. |
20
20
| Useless comparison test (`java/constant-comparison`) | Fewer false positives | Additional overflow check patterns are now recognized and no longer reported. |
21
21
22
-
## Changes to QL libraries
22
+
## Changes to libraries
23
23
24
24
* The data-flow library has been extended with a new feature to aid debugging.
25
25
Instead of specifying `isSink(Node n) { any() }` on a configuration to
* The call graph has been improved to resolve method calls in more cases. This may produce more security alerts.
14
16
15
-
* TypeScript 3.6 features are supported.
16
-
17
+
* TypeScript 3.6 and 3.7 features are now supported.
17
18
18
19
## New queries
19
20
@@ -26,6 +27,7 @@
26
27
| Use of returnless function (`js/use-of-returnless-function`) | maintainability, correctness | Highlights calls where the return value is used, but the callee never returns a value. Results are shown on LGTM by default. |
27
28
| Useless regular expression character escape (`js/useless-regexp-character-escape`) | correctness, security, external/cwe/cwe-20 | Highlights regular expression strings with useless character escapes, indicating a possible violation of [CWE-20](https://cwe.mitre.org/data/definitions/20.html). Results are shown on LGTM by default. |
28
29
| Unreachable method overloads (`js/unreachable-method-overloads`) | correctness, typescript | Highlights method overloads that are impossible to use from client code. Results are shown on LGTM by default. |
30
+
| Ignoring result from pure array method (`js/ignore-array-result`) | maintainability, correctness | Highlights calls to array methods without side effects where the return value is ignored. Results are shown on LGTM by default. |
29
31
30
32
## Changes to existing queries
31
33
@@ -44,8 +46,9 @@
44
46
| Stored cross-site scripting (`js/stored-xss`) | Fewer false-positive results | The query now recognizes more sanitizers. |
45
47
| Uncontrolled command line (`js/command-line-injection`) | More results | This query now treats responses from servers as untrusted. |
46
48
| Uncontrolled data used in path expression (`js/path-injection`) | Fewer false-positive results | This query now recognizes calls to Express `sendFile` as safe in some cases. |
49
+
| Unknown directive (`js/unknown-directive`) | Fewer false positive results | This query no longer flags uses of ":", which is sometimes used like a directive. |
47
50
48
-
## Changes to QL libraries
51
+
## Changes to libraries
49
52
50
53
*`Expr.getDocumentation()` now handles chain assignments.
0 commit comments