From 49c2398bda48a0d94f8c420a59bc0e0d3ee3626b Mon Sep 17 00:00:00 2001 From: Shati Patel Date: Tue, 19 Nov 2019 15:06:26 +0000 Subject: [PATCH] QL docs: Update links to blog/demos --- docs/language/learn-ql/ql-training.rst | 5 ++--- docs/language/learn-ql/writing-queries/path-queries.rst | 2 +- docs/language/ql-training/cpp/snprintf.rst | 2 +- docs/language/ql-training/java/apache-struts-java.rst | 4 ++-- docs/language/ql-training/java/global-data-flow-java.rst | 4 ++-- 5 files changed, 8 insertions(+), 9 deletions(-) diff --git a/docs/language/learn-ql/ql-training.rst b/docs/language/learn-ql/ql-training.rst index 0972df7719a5..70aeb21f69ad 100644 --- a/docs/language/learn-ql/ql-training.rst +++ b/docs/language/learn-ql/ql-training.rst @@ -6,7 +6,7 @@ CodeQL and variant analysis `Variant analysis `__ is the process of using a known vulnerability as a seed to find similar problems in your code. Security engineers typically perform variant analysis to identify possible vulnerabilities and to ensure that these threats are properly fixed across multiple code bases. -`CodeQL `__ is the code analysis engine that underpins LGTM, Semmle's community driven security analysis platform. Together, CodeQL and LGTM provide continuous monitoring and scalable variant analysis for your projects, even if you don’t have your own team of dedicated security engineers. You can read more about using CodeQL and LGTM in variant analysis in the `Semmle blog `__. +`CodeQL `__ is the code analysis engine that underpins LGTM, Semmle's community driven security analysis platform. Together, CodeQL and LGTM provide continuous monitoring and scalable variant analysis for your projects, even if you don’t have your own team of dedicated security engineers. You can read more about using CodeQL and LGTM in variant analysis on the `Security Lab research page `__. CodeQL is easy to learn, and exploring code using CodeQL is the most efficient way to perform variant analysis. @@ -62,5 +62,4 @@ More resources - If you are completely new to CodeQL, look at our introductory topics in :doc:`Learning CodeQL `. - To find more detailed information about how to write queries for specific languages, visit the links in :ref:`Writing CodeQL queries `. -- To read more about how CodeQL queries have been used in Semmle's security research, and to read about new CodeQL developments, visit the `Semmle blog `__. -- Find more examples of queries written by Semmle's own security researchers in the `Semmle Demos repository `__ on GitHub. +- To see examples of CodeQL queries that have been used to find security vulnerabilities and bugs in open-source software projects, visit the `GitHub Security Lab website `__ and the associated `repository `__. \ No newline at end of file diff --git a/docs/language/learn-ql/writing-queries/path-queries.rst b/docs/language/learn-ql/writing-queries/path-queries.rst index 4cd2c775294d..7b3d52515c35 100644 --- a/docs/language/learn-ql/writing-queries/path-queries.rst +++ b/docs/language/learn-ql/writing-queries/path-queries.rst @@ -37,7 +37,7 @@ The easiest way to get started writing your own path query is to modify one of t - `JavaScript path queries `__ - `Python path queries `__ -The Security lab researchers have used path queries to find security vulnerabilities in various open source projects. To see articles describing how these queries were written, as well as other posts describing other aspects of security research such as exploiting vulnerabilities, see the `GitHub Security Lab website `__. +The Security Lab researchers have used path queries to find security vulnerabilities in various open source projects. To see articles describing how these queries were written, as well as other posts describing other aspects of security research such as exploiting vulnerabilities, see the `GitHub Security Lab website `__. Constructing a path query ========================= diff --git a/docs/language/ql-training/cpp/snprintf.rst b/docs/language/ql-training/cpp/snprintf.rst index c15bf74d2866..3b76f1a4ce20 100644 --- a/docs/language/ql-training/cpp/snprintf.rst +++ b/docs/language/ql-training/cpp/snprintf.rst @@ -65,7 +65,7 @@ RCE in rsyslog } - Disclosed as `CVE-2018-1000140 `__. -- Blog post: `https://blog.semmle.com/librelp-buffer-overflow-cve-2018-1000140/ `__. +- Blog post: https://securitylab.github.com/research/librelp-buffer-overflow-cve-2018-1000140 Finding the RCE yourself ======================== diff --git a/docs/language/ql-training/java/apache-struts-java.rst b/docs/language/ql-training/java/apache-struts-java.rst index be071d41562b..c21ad4608ca0 100644 --- a/docs/language/ql-training/java/apache-struts-java.rst +++ b/docs/language/ql-training/java/apache-struts-java.rst @@ -58,7 +58,7 @@ RCE in Apache Struts - Disclosed as `CVE-2017-9805 `__ -- Blog post: https://blog.semmle.com/apache-struts-vulnerability-cve-2017-9805/ +- Blog post: https://securitylab.github.com/research/apache-struts-vulnerability-cve-2017-9805 Finding the RCE yourself ======================== @@ -134,4 +134,4 @@ Model answer, step 4 and sink.getNode() instanceof UnsafeDeserializationSink select sink.getNode().(UnsafeDeserializationSink).getMethodAccess(), source, sink, "Unsafe deserialization of $@.", source, "user input" -More full-featured version: https://github.com/Semmle/demos/tree/master/ql_demos/java/Apache_Struts_CVE-2017-9805 \ No newline at end of file +More full-featured version: https://github.com/github/security-lab/tree/master/CodeQL_Queries/java/Apache_Struts_CVE-2017-9805 \ No newline at end of file diff --git a/docs/language/ql-training/java/global-data-flow-java.rst b/docs/language/ql-training/java/global-data-flow-java.rst index 9edacde93c3d..d65fd6133c5e 100644 --- a/docs/language/ql-training/java/global-data-flow-java.rst +++ b/docs/language/ql-training/java/global-data-flow-java.rst @@ -53,8 +53,8 @@ Code injection in Apache struts .. note:: - More details on the CVE can be found here: https://blog.semmle.com/apache-struts-CVE-2018-11776/ and - https://github.com/Semmle/demos/tree/master/ql_demos/java/Apache_Struts_CVE-2018-11776 + More details on the CVE can be found here: https://securitylab.github.com/research/apache-struts-CVE-2018-11776 and + https://github.com/github/security-lab/tree/master/CodeQL_Queries/java/Apache_Struts_CVE-2018-11776 More details on OGNL can be found here: https://commons.apache.org/proper/commons-ognl/