Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

JS: Add migration guide and change note #18427

Merged
merged 6 commits into from
Jan 9, 2025

Conversation

asgerf
Copy link
Contributor

@asgerf asgerf commented Jan 7, 2025

Adds a migration guide, change notes linking to the guide, and qldoc to the Configuration classes also linking to the guide.

The sphinx CI job is broken, but the docs can be generated locally by the sphinx build target. Alternatively, they can be seen by downloading and opening this HTML file locally.

@asgerf asgerf force-pushed the jss/change-note branch 3 times, most recently from df0cccb to 439ed22 Compare January 7, 2025 15:19
@asgerf asgerf marked this pull request as ready for review January 8, 2025 09:29
@Copilot Copilot bot review requested due to automatic review settings January 8, 2025 09:29
@asgerf asgerf requested a review from a team as a code owner January 8, 2025 09:29

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot reviewed 2 out of 6 changed files in this pull request and generated no comments.

Files not reviewed (4)
  • docs/codeql/codeql-language-guides/codeql-for-javascript.rst: Language not supported
  • docs/codeql/codeql-language-guides/migrating-javascript-dataflow-queries.rst: Language not supported
  • javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll: Language not supported
  • javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll: Language not supported

Tip: Copilot code review supports C#, Go, Java, JavaScript, Markdown, Python, Ruby and TypeScript, with more languages coming soon. Learn more

Copy link
Contributor

@erik-krogh erik-krogh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I used various LLMs to find typos and other grammar mistakes, they found a lot (that I would also have missed).

  • o1 from OpenAI was great, and always gave me great feedback.
  • Claude 3.5 gave me a few suggestions that all turned out to be incorrect, but I only started using it after o1 was done.
  • Gemeni 2.0 Flash was shit. It produced a massive list of sentences that should be corrected, but the "correction" was most of the time just a copy of the original.

I'll read the text myself now, and see whether I have comments on the substance.

@erik-krogh erik-krogh self-requested a review January 8, 2025 10:47
asgerf and others added 2 commits January 8, 2025 12:26
Co-authored-by: Erik Krogh Kristensen <[email protected]>
Copy link
Contributor

@erik-krogh erik-krogh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

Two optional comments.

Comment on lines 100 to 101
- The ``isSanitizer`` predicate should be renamed to ``isBarrier``.
- The ``isAdditionalTaintStep`` predicate should be renamed to ``isAdditionalFlowStep``.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe specify that it's the predicates from the old class-style configuration that's being referred to.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Clarified a bit, PTAL

Comment on lines 109 to 110
class MyConfig extends TaintTracking::Configuration {
predicate isSanitizer(DataFlow::Node node) { ... }
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe insert a charpred here, just to make it more realistic?

@asgerf asgerf merged commit 1997e0a into github:js/shared-dataflow-branch Jan 9, 2025
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants