Skip to content

JS: Add migration guide and change note #18427

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
asgerf merged 6 commits into from
Jan 9, 2025
Merged

JS: Add migration guide and change note #18427

asgerf merged 6 commits into from
Jan 9, 2025

Conversation

@asgerf
Copy link
Contributor

@asgerf asgerf commented Jan 7, 2025
edited
Loading

Adds a migration guide, change notes linking to the guide, and qldoc to the Configuration classes also linking to the guide.

The sphinx CI job is broken, but the docs can be generated locally by the sphinx build target. Alternatively, they can be seen by downloading and opening this HTML file locally.

@asgerf asgerf force-pushed the jss/change-note branch 3 times, most recently from df0cccb to 439ed22 Compare January 7, 2025 15:19
@asgerf asgerf marked this pull request as ready for review January 8, 2025 09:29
Copilot AI review requested due to automatic review settings January 8, 2025 09:29
@asgerf asgerf requested a review from a team as a code owner January 8, 2025 09:29
Copilot AI reviewed Jan 8, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot reviewed 2 out of 6 changed files in this pull request and generated no comments.

Files not reviewed (4)
  • docs/codeql/codeql-language-guides/codeql-for-javascript.rst: Language not supported
  • docs/codeql/codeql-language-guides/migrating-javascript-dataflow-queries.rst: Language not supported
  • javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll: Language not supported
  • javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll: Language not supported

Tip: Copilot code review supports C#, Go, Java, JavaScript, Markdown, Python, Ruby and TypeScript, with more languages coming soon. Learn more

erik-krogh
erik-krogh reviewed Jan 8, 2025
View reviewed changes
Copy link
Contributor

@erik-krogh erik-krogh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I used various LLMs to find typos and other grammar mistakes, they found a lot (that I would also have missed).

  • o1 from OpenAI was great, and always gave me great feedback.
  • Claude 3.5 gave me a few suggestions that all turned out to be incorrect, but I only started using it after o1 was done.
  • Gemeni 2.0 Flash was shit. It produced a massive list of sentences that should be corrected, but the "correction" was most of the time just a copy of the original.

I'll read the text myself now, and see whether I have comments on the substance.

@erik-krogh erik-krogh self-requested a review January 8, 2025 10:47
asgerf and others added 2 commits January 8, 2025 12:26
@asgerf @erik-krogh
Apply suggestions from code review
26d85d5 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
@asgerf @erik-krogh
Update docs/codeql/codeql-language-guides/migrating-javascript-datafl…
ecccc7c 
…ow-queries.rst

Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
erik-krogh
erik-krogh approved these changes Jan 8, 2025
View reviewed changes
Copy link
Contributor

@erik-krogh erik-krogh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

Two optional comments.

docs/codeql/codeql-language-guides/migrating-javascript-dataflow-queries.rst Outdated
Comment on lines 100 to 101
- The ``isSanitizer`` predicate should be renamed to ``isBarrier``.
- The ``isAdditionalTaintStep`` predicate should be renamed to ``isAdditionalFlowStep``.
Copy link
Contributor

@erik-krogh erik-krogh Jan 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe specify that it's the predicates from the old class-style configuration that's being referred to.

Copy link
Contributor Author

@asgerf asgerf Jan 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Clarified a bit, PTAL

docs/codeql/codeql-language-guides/migrating-javascript-dataflow-queries.rst
Comment on lines 109 to 110
class MyConfig extends TaintTracking::Configuration {
predicate isSanitizer(DataFlow::Node node) { ... }
Copy link
Contributor

@erik-krogh erik-krogh Jan 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe insert a charpred here, just to make it more realistic?

@asgerf asgerf merged commit 1997e0a into github:js/shared-dataflow-branch Jan 9, 2025
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@erik-krogh erik-krogh erik-krogh approved these changes

Assignees

No one assigned

Labels

documentation JS

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@asgerf @erik-krogh