search

github / codeql

CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
https://codeql.github.com
MIT License
7.69k stars 1.54k forks source link

Broken Links for FlowExploration #12761

Open WhatTheFuzz opened 1 year ago

WhatTheFuzz commented 1 year ago

Broken Links for Documentation on FlowExploration

I'm trying to search the documentation for doing a partial flow analysis. That sent me on the hunt for FlowExploration, but it seems the site is 404'ing for C++ and Java.

https://codeql.github.com/codeql-standard-libraries/cpp/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll/module.DataFlowImpl$FlowExploration.html

https://codeql.github.com/codeql-standard-libraries/java/semmle/code/java/dataflow/internal/DataFlowImpl.qll/module.DataFlowImpl$FlowExploration.html

The following link recreates the search that I performed to look for the documentation, which points to the pages with the broken links:

https://codeql.github.com/codeql-standard-libraries/search.html?addsearch=flowexploration

MathiasVP commented 1 year ago

Hi @WhatTheFuzz,

Thanks for raising this issue! I guess there are two issues here:

  1. The search functionality is linking to non-existent pages
  2. The documentation for FlowExploration is missing

We'll fix the first issue right away (looks like a few files had changed and had to be re-indexed). Unfortunately, that won't solve the second issue. We'll work on getting that fixed!

In the meantime, if it's any help, I found myself explaining the new API for FlowExploration recently to an internal developer, and maybe this explanation will be beneficial to you as well? In any case, here it is:

Let’s say you have a configuration module MyConfig implements DataFlow::ConfigSig { ... } and you instantiate it to create a dataflow module like:

module MyDataFlow = TaintTracking::Global<MyConfig>;

you can then create a dataflow module for partial flow like this:

int myExplorationLimit() { result = 10 }

module MyPartialDataFlow = MyDataFlow::FlowExploration<myExplorationLimit/0>;

and using it like you’d normally use the MyDataFlow module:

from MyPartialDataFlow::PartialPathNode source, MyPartialDataFlow::PartialPathNode n, int dist
where MyPartialDataFlow::partialFlow(source, n, dist)
select n.getNode(), source, n, "n is " + dist + " interprocedural flow steps away from source"
MathiasVP commented 1 year ago

We'll fix the first issue right away (looks like a few files had changed and had to be re-indexed). Unfortunately, that won't solve the second issue. We'll work on getting that fixed!

The index has now been updated, and those 404 links should no longer show up in the search 🙂. We'll keep working on actually getting those FlowExploration pages included again. I will let you know once this has been resolved.

WhatTheFuzz commented 1 year ago

Thank you for the follow up! I appreciate the example as well.