|
| 1 | +## Contributing |
| 2 | + |
| 3 | +Hi there! We're thrilled that you'd like to contribute to this project. Your help is essential for keeping it great. |
| 4 | + |
| 5 | +Contributions to this project are [released](https://help.github.com/articles/github-terms-of-service/#6-contributions-under-repository-license) to the public under the [project's open source license](LICENSE). |
| 6 | + |
| 7 | +Please note that this project is released with a [Contributor Code of Conduct](CODE_OF_CONDUCT.md). By participating in this project you agree to abide by its terms. |
| 8 | + |
| 9 | +## Building and testing |
| 10 | + |
| 11 | +See [Developer information](docs/HOWTO.md) for information on building the Ruby extractor. There is no need to rebuild the extractor if you are only developing queries. |
| 12 | + |
| 13 | +1. Install the CodeQL CLI as described in [Getting started with the CodeQL CLI](https://codeql.github.com/docs/codeql-cli/getting-started-with-the-codeql-cli/). |
| 14 | + |
| 15 | +2. Ensure that `<extraction-root>/codeql` is in your `PATH`. |
| 16 | + |
| 17 | +3. Clone this repository into `<extraction-root>/codeql-ruby` and change to this directory. |
| 18 | + |
| 19 | +4. To run all tests in a directory and its subdirectories, run `codeql test run <directory>`, for example `codeql test run ql/test/query-tests/security`. |
| 20 | + |
| 21 | +6. To run an individual test, run `codeql test run <filename>`, where `<filename>` is a `.ql` or `.qlref` file, for example `codeql test run ql/test/query-tests/security/cwe-078/CommandInjection.qlref`. |
| 22 | + |
| 23 | +## Adding a new query |
| 24 | + |
| 25 | +If you have an idea for a query that you would like to share with other CodeQL users, please open a pull request to add it to this repository. |
| 26 | +Follow the steps below to help other users understand what your query does, and to ensure that your query is consistent with the other CodeQL queries. |
| 27 | + |
| 28 | +1. **Consult the documentation for query writers** |
| 29 | + |
| 30 | + There is lots of useful documentation to help you write CodeQL queries, ranging from information about query file structure to language-specific tutorials. For more information on the documentation available, see [Writing CodeQL queries](https://codeql.github.com/docs/writing-codeql-queries/) and the [CodeQL documentation](https://codeql.github.com/docs). |
| 31 | + |
| 32 | +2. **Format your code correctly** |
| 33 | + |
| 34 | + All of the standard CodeQL queries and libraries are uniformly formatted for clarity and consistency, so we strongly recommend that all contributions follow the same formatting guidelines. If you use the CodeQL extension for Visual Studio Code, you can auto-format your query using the [Format Document command](https://help.semmle.com/codeql/codeql-for-vscode/procedures/about-codeql-for-vscode.html). For more information, see the [QL style guide](https://github.com/github/codeql/blob/main/docs/ql-style-guide.md). |
| 35 | + |
| 36 | +3. **Make sure your query has the correct metadata** |
| 37 | + |
| 38 | + Query metadata is used to identify your query and make sure the query results are displayed properly. |
| 39 | + The most important metadata to include are the `@name`, `@description`, and the `@kind`. |
| 40 | + Other metadata properties (`@precision`, `@severity`, and `@tags`) are usually added after the query has been reviewed by the maintainers. |
| 41 | + For more information on writing query metadata, see the [Query metadata style guide](https://github.com/github/codeql/blob/main/docs/query-metadata-style-guide.md). |
| 42 | + |
| 43 | +4. **Make sure the `select` statement is compatible with the query type** |
| 44 | + |
| 45 | + The `select` statement of your query must be compatible with the query type (determined by the `@kind` metadata property) for alert or path results to be displayed correctly in LGTM and Visual Studio Code. |
| 46 | + For more information on `select` statement format, see [About CodeQL queries](https://codeql.github.com/docs/writing-codeql-queries/about-codeql-queries/#select-clause) on the [CodeQL documentation](https://codeql.github.com/docs) site. |
| 47 | + |
| 48 | +5. **Write a query help file** |
| 49 | + |
| 50 | + Query help files explain the purpose of your query to other users. Write your query help in a `.qhelp` file and save it in the same directory as your new query. |
| 51 | + For more information on writing query help, see the [Query help style guide](https://github.com/github/codeql/blob/main/docs/query-help-style-guide.md). |
| 52 | + |
| 53 | +6. **Maintain backwards compatibility** |
| 54 | + |
| 55 | +The standard CodeQL libraries must evolve in a backwards compatible manner. If any backwards incompatible changes need to be made, the existing API must first be marked as deprecated. This is done by adding a `deprecated` annotation along with a QLDoc reference to the replacement API. Only after at least one full release cycle has elapsed may the old API be removed. |
| 56 | + |
| 57 | +In addition to contributions to our standard queries and libraries, we also welcome contributions of a more experimental nature, which do not need to fulfill all the requirements listed above. See the guidelines for [experimental queries and libraries](ql/docs/experimental.md) for details. |
| 58 | + |
| 59 | +## Resources |
| 60 | + |
| 61 | +- [How to Contribute to Open Source](https://opensource.guide/how-to-contribute/) |
| 62 | +- [Using Pull Requests](https://help.github.com/articles/about-pull-requests/) |
| 63 | +- [GitHub Help](https://help.github.com) |
| 64 | +- [A Note About Git Commit Messages](http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html) |
0 commit comments