Merge branch 'main' into typealiastests

2026-04-24 16:25:15 +02:00 · 2023-03-13 09:38:54 +00:00
parent 8d666d00c2 9a5dbd078e
commit 0d1be2294c
10 changed files with 1001 additions and 6 deletions
--- a/6
+++ b/6
@@ -2,9 +2,9 @@
 /csharp/ @github/codeql-csharp
 /go/ @github/codeql-go
 /java/ @github/codeql-java
-/javascript/ @github/codeql-dynamic
-/python/ @github/codeql-dynamic
-/ruby/ @github/codeql-dynamic
+/javascript/ @github/codeql-javascript
+/python/ @github/codeql-python
+/ruby/ @github/codeql-ruby
 /swift/ @github/codeql-swift
 /misc/codegen/ @github/codeql-swift
 /java/kotlin-extractor/ @github/codeql-kotlin
--- a/javascript/extractor/src/com/semmle/js/extractor/AutoBuild.java
+++ b/javascript/extractor/src/com/semmle/js/extractor/AutoBuild.java
@@ -1234,7 +1234,8 @@ protected DependencyInstallationResult preparePackagesAndDependencies(Set<Path>
      ParseResultInfo loc = extractor.extract(f, state);
      if (!extractor.getConfig().isExterns() && (loc == null || loc.getLinesOfCode() != 0)) seenCode = true;
      if (!extractor.getConfig().isExterns()) seenFiles = true;
-      for (ParseError err : loc.getParseErrors()) {
+      List<ParseError> errors = loc == null ? Collections.emptyList() : loc.getParseErrors();
+      for (ParseError err : errors) {
        String msg = "A parse error occurred: " + StringUtil.escapeMarkdown(err.getMessage())
            + ". Check the syntax of the file. If the file is invalid, correct the error or [exclude](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/customizing-code-scanning) the file from analysis.";
        // file, relative to the source root
--- a/misc/codegen/templates/ql_db.mustache
+++ b/misc/codegen/templates/ql_db.mustache
@@ -5,6 +5,14 @@ module Raw {
    {{#final}}override string toString() { result = "{{name}}" }{{/final}}

    {{#properties}}
+    /**
+     * {{>ql_property_doc}}     *
+    {{#has_description}}
+    {{#description}}
+     * {{.}}
+    {{/description}}
+    {{/has_description}}
+     */
    {{type}} {{getter}}({{#is_repeated}}int index{{/is_repeated}}) {
      {{tablename}}({{#tableparams}}{{^first}}, {{/first}}{{param}}{{/tableparams}})
    }
--- a/swift/ql/.generated.list
+++ b/swift/ql/.generated.list
@@ -385,7 +385,7 @@ ql/lib/codeql/swift/generated/OtherAvailabilitySpec.qll 0e26a203b26ff0581b7396b0
 ql/lib/codeql/swift/generated/ParentChild.qll adf8af53ce18086eb28e5fe204ad2089f2ab516622c16055ccfdd1335f5ac72b 6f7464ecd8ca04b6aa261139b36a162e5b0636237d514b8431ef4f97a1c603dc
 ql/lib/codeql/swift/generated/PlatformVersionAvailabilitySpec.qll f82d9ca416fe8bd59b5531b65b1c74c9f317b3297a6101544a11339a1cffce38 7f5c6d3309e66c134107afe55bae76dfc9a72cb7cdd6d4c3706b6b34cee09fa0
 ql/lib/codeql/swift/generated/PureSynthConstructors.qll 173c0dd59396a1de26fe870e3bc2766c46de689da2a4d8807cb62023bbce1a98 173c0dd59396a1de26fe870e3bc2766c46de689da2a4d8807cb62023bbce1a98
-ql/lib/codeql/swift/generated/Raw.qll 6fe6560ff3533df93afa67dd98494ce985f1e8e402c0a608b7c163d0473f87e8 b6f5a443c25d094b224bdea6a6eced4293391af7f5a702bc4978bca29c84b6b4
+ql/lib/codeql/swift/generated/Raw.qll 30813233f18677b073e78713fbf144cd6e85a2fcafcd7bb29573f1ac1915784e 7c63093ca4f7643567151516341f4ba74f935813928b6af274b19d44d0f24941
 ql/lib/codeql/swift/generated/Synth.qll af02e0b49fe7b488592687996cc74d9525d4e3fbc9d324820b310b356f4d2612 5c740a660721173e9e4e45eb701d373ca19ff14d61cdaea309b65871e0deea90
 ql/lib/codeql/swift/generated/SynthConstructors.qll a1b3ca33017f82124286ccad317a05484fee144fb9c3cdd2e500ce38e5efcec4 a1b3ca33017f82124286ccad317a05484fee144fb9c3cdd2e500ce38e5efcec4
 ql/lib/codeql/swift/generated/UnknownFile.qll 0fcf9beb8de79440bcdfff4bb6ab3dd139bd273e6c32754e05e6a632651e85f6 0fcf9beb8de79440bcdfff4bb6ab3dd139bd273e6c32754e05e6a632651e85f6
--- a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPrivate.qll
+++ b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPrivate.qll
@@ -400,6 +400,19 @@ private module ReturnNodes {
    override ReturnKind getKind() { result instanceof NormalReturnKind }
  }

+  /**
+   * A data-flow node that represents the `self` value in a constructor being
+   * implicitly returned as the newly-constructed object
+   */
+  class SelfReturnNode extends InoutReturnNodeImpl {
+    SelfReturnNode() {
+      exit.getScope() instanceof ConstructorDecl and
+      param instanceof SelfParamDecl
+    }
+
+    override ReturnKind getKind() { result instanceof NormalReturnKind }
+  }
+
  class InoutReturnNodeImpl extends ReturnNode, TInoutReturnNode, NodeImpl {
    ParamDecl param;
    ControlFlowNode exit;
--- a/swift/ql/lib/codeql/swift/generated/Raw.qll
+++ b/swift/ql/lib/codeql/swift/generated/Raw.qll
--- a/swift/ql/test/library-tests/dataflow/dataflow/DataFlow.expected
+++ b/swift/ql/test/library-tests/dataflow/dataflow/DataFlow.expected
@@ -1,6 +1,7 @@
 edges
 | file://:0:0:0:0 | [summary param] this in signum() :  | file://:0:0:0:0 | [summary] to write: return (return) in signum() :  |
 | file://:0:0:0:0 | self [a, x] :  | file://:0:0:0:0 | .a [x] :  |
+| file://:0:0:0:0 | self [str] :  | file://:0:0:0:0 | .str :  |
 | file://:0:0:0:0 | self [x] :  | file://:0:0:0:0 | .x :  |
 | file://:0:0:0:0 | self [x] :  | file://:0:0:0:0 | .x :  |
 | file://:0:0:0:0 | value :  | file://:0:0:0:0 | [post] self [x] :  |
@@ -155,8 +156,25 @@ edges
 | test.swift:472:20:472:20 | cx [x] :  | test.swift:472:20:472:23 | .x :  |
 | test.swift:472:20:472:23 | .x :  | test.swift:473:15:473:15 | z1 |
 | test.swift:479:14:479:21 | call to source() :  | test.swift:479:13:479:21 | call to +(_:) |
+| test.swift:488:9:488:9 | self [str] :  | file://:0:0:0:0 | self [str] :  |
+| test.swift:489:10:489:13 | s :  | test.swift:490:13:490:13 | s :  |
+| test.swift:490:7:490:7 | [post] self [str] :  | test.swift:489:5:491:5 | self[return] [str] :  |
+| test.swift:490:13:490:13 | s :  | test.swift:490:7:490:7 | [post] self [str] :  |
+| test.swift:495:17:498:5 | self[return] [str] :  | test.swift:503:13:503:41 | call to Self.init(contentsOfFile:) [str] :  |
+| test.swift:496:7:496:7 | [post] self [str] :  | test.swift:495:17:498:5 | self[return] [str] :  |
+| test.swift:496:7:496:7 | [post] self [str] :  | test.swift:497:17:497:17 | self [str] :  |
+| test.swift:496:20:496:28 | call to source3() :  | test.swift:489:10:489:13 | s :  |
+| test.swift:496:20:496:28 | call to source3() :  | test.swift:496:7:496:7 | [post] self [str] :  |
+| test.swift:497:17:497:17 | self [str] :  | test.swift:497:17:497:17 | .str |
+| test.swift:502:13:502:33 | call to MyClass.init(s:) [str] :  | test.swift:488:9:488:9 | self [str] :  |
+| test.swift:502:13:502:33 | call to MyClass.init(s:) [str] :  | test.swift:502:13:502:35 | .str |
+| test.swift:502:24:502:32 | call to source3() :  | test.swift:489:10:489:13 | s :  |
+| test.swift:502:24:502:32 | call to source3() :  | test.swift:502:13:502:33 | call to MyClass.init(s:) [str] :  |
+| test.swift:503:13:503:41 | call to Self.init(contentsOfFile:) [str] :  | test.swift:488:9:488:9 | self [str] :  |
+| test.swift:503:13:503:41 | call to Self.init(contentsOfFile:) [str] :  | test.swift:503:13:503:43 | .str |
 nodes
 | file://:0:0:0:0 | .a [x] :  | semmle.label | .a [x] :  |
+| file://:0:0:0:0 | .str :  | semmle.label | .str :  |
 | file://:0:0:0:0 | .x :  | semmle.label | .x :  |
 | file://:0:0:0:0 | .x :  | semmle.label | .x :  |
 | file://:0:0:0:0 | [post] self [x] :  | semmle.label | [post] self [x] :  |
@@ -164,6 +182,7 @@ nodes
 | file://:0:0:0:0 | [summary param] this in signum() :  | semmle.label | [summary param] this in signum() :  |
 | file://:0:0:0:0 | [summary] to write: return (return) in signum() :  | semmle.label | [summary] to write: return (return) in signum() :  |
 | file://:0:0:0:0 | self [a, x] :  | semmle.label | self [a, x] :  |
+| file://:0:0:0:0 | self [str] :  | semmle.label | self [str] :  |
 | file://:0:0:0:0 | self [x] :  | semmle.label | self [x] :  |
 | file://:0:0:0:0 | self [x] :  | semmle.label | self [x] :  |
 | file://:0:0:0:0 | value :  | semmle.label | value :  |
@@ -328,6 +347,21 @@ nodes
 | test.swift:479:13:479:21 | call to +(_:) | semmle.label | call to +(_:) |
 | test.swift:479:14:479:21 | call to source() :  | semmle.label | call to source() :  |
 | test.swift:480:14:480:21 | call to source() | semmle.label | call to source() |
+| test.swift:488:9:488:9 | self [str] :  | semmle.label | self [str] :  |
+| test.swift:489:5:491:5 | self[return] [str] :  | semmle.label | self[return] [str] :  |
+| test.swift:489:10:489:13 | s :  | semmle.label | s :  |
+| test.swift:490:7:490:7 | [post] self [str] :  | semmle.label | [post] self [str] :  |
+| test.swift:490:13:490:13 | s :  | semmle.label | s :  |
+| test.swift:495:17:498:5 | self[return] [str] :  | semmle.label | self[return] [str] :  |
+| test.swift:496:7:496:7 | [post] self [str] :  | semmle.label | [post] self [str] :  |
+| test.swift:496:20:496:28 | call to source3() :  | semmle.label | call to source3() :  |
+| test.swift:497:17:497:17 | .str | semmle.label | .str |
+| test.swift:497:17:497:17 | self [str] :  | semmle.label | self [str] :  |
+| test.swift:502:13:502:33 | call to MyClass.init(s:) [str] :  | semmle.label | call to MyClass.init(s:) [str] :  |
+| test.swift:502:13:502:35 | .str | semmle.label | .str |
+| test.swift:502:24:502:32 | call to source3() :  | semmle.label | call to source3() :  |
+| test.swift:503:13:503:41 | call to Self.init(contentsOfFile:) [str] :  | semmle.label | call to Self.init(contentsOfFile:) [str] :  |
+| test.swift:503:13:503:43 | .str | semmle.label | .str |
 subpaths
 | test.swift:75:21:75:22 | &... :  | test.swift:65:16:65:28 | arg1 :  | test.swift:65:1:70:1 | arg2[return] :  | test.swift:75:31:75:32 | [post] &... :  |
 | test.swift:114:19:114:19 | arg :  | test.swift:109:9:109:14 | arg :  | test.swift:110:12:110:12 | arg :  | test.swift:114:12:114:22 | call to ... :  |
@@ -360,6 +394,10 @@ subpaths
 | test.swift:303:15:303:16 | ...! :  | file://:0:0:0:0 | [summary param] this in signum() :  | file://:0:0:0:0 | [summary] to write: return (return) in signum() :  | test.swift:303:15:303:25 | call to signum() |
 | test.swift:468:12:468:12 | x :  | test.swift:462:9:462:9 | value :  | file://:0:0:0:0 | [post] self [x] :  | test.swift:468:5:468:5 | [post] cx [x] :  |
 | test.swift:472:20:472:20 | cx [x] :  | test.swift:462:9:462:9 | self [x] :  | file://:0:0:0:0 | .x :  | test.swift:472:20:472:23 | .x :  |
+| test.swift:496:20:496:28 | call to source3() :  | test.swift:489:10:489:13 | s :  | test.swift:490:7:490:7 | [post] self [str] :  | test.swift:496:7:496:7 | [post] self [str] :  |
+| test.swift:502:13:502:33 | call to MyClass.init(s:) [str] :  | test.swift:488:9:488:9 | self [str] :  | file://:0:0:0:0 | .str :  | test.swift:502:13:502:35 | .str |
+| test.swift:502:24:502:32 | call to source3() :  | test.swift:489:10:489:13 | s :  | test.swift:489:5:491:5 | self[return] [str] :  | test.swift:502:13:502:33 | call to MyClass.init(s:) [str] :  |
+| test.swift:503:13:503:41 | call to Self.init(contentsOfFile:) [str] :  | test.swift:488:9:488:9 | self [str] :  | file://:0:0:0:0 | .str :  | test.swift:503:13:503:43 | .str |
 #select
 | test.swift:7:15:7:15 | t1 | test.swift:6:19:6:26 | call to source() :  | test.swift:7:15:7:15 | t1 | result |
 | test.swift:9:15:9:15 | t1 | test.swift:6:19:6:26 | call to source() :  | test.swift:9:15:9:15 | t1 | result |
@@ -414,3 +452,6 @@ subpaths
 | test.swift:473:15:473:15 | z1 | test.swift:259:12:259:19 | call to source() :  | test.swift:473:15:473:15 | z1 | result |
 | test.swift:479:13:479:21 | call to +(_:) | test.swift:479:14:479:21 | call to source() :  | test.swift:479:13:479:21 | call to +(_:) | result |
 | test.swift:480:14:480:21 | call to source() | test.swift:480:14:480:21 | call to source() | test.swift:480:14:480:21 | call to source() | result |
+| test.swift:497:17:497:17 | .str | test.swift:496:20:496:28 | call to source3() :  | test.swift:497:17:497:17 | .str | result |
+| test.swift:502:13:502:35 | .str | test.swift:502:24:502:32 | call to source3() :  | test.swift:502:13:502:35 | .str | result |
+| test.swift:503:13:503:43 | .str | test.swift:496:20:496:28 | call to source3() :  | test.swift:503:13:503:43 | .str | result |
--- a/swift/ql/test/library-tests/dataflow/dataflow/FlowConfig.qll
+++ b/swift/ql/test/library-tests/dataflow/dataflow/FlowConfig.qll
@@ -15,7 +15,7 @@ class TestConfiguration extends DataFlow::Configuration {

  override predicate isSink(DataFlow::Node sink) {
    exists(CallExpr sinkCall |
-      sinkCall.getStaticTarget().getName() = ["sink(arg:)", "sink(opt:)"] and
+      sinkCall.getStaticTarget().getName() = ["sink(arg:)", "sink(opt:)", "sink(str:)"] and
      sinkCall.getAnArgument().getExpr() = sink.asExpr()
    )
  }
--- a/swift/ql/test/library-tests/dataflow/dataflow/LocalFlow.expected
+++ b/swift/ql/test/library-tests/dataflow/dataflow/LocalFlow.expected
@@ -391,3 +391,32 @@
 | test.swift:474:11:474:15 | SSA def(z2) | test.swift:475:15:475:15 | z2 |
 | test.swift:474:20:474:23 | .x | test.swift:474:11:474:15 | SSA def(z2) |
 | test.swift:479:14:479:21 | call to source() | test.swift:479:13:479:21 | call to +(_:) |
+| test.swift:487:7:487:7 | SSA def(self) | test.swift:487:7:487:7 | self[return] |
+| test.swift:487:7:487:7 | self | test.swift:487:7:487:7 | SSA def(self) |
+| test.swift:488:9:488:9 | self | test.swift:488:9:488:9 | SSA def(self) |
+| test.swift:488:9:488:9 | self | test.swift:488:9:488:9 | SSA def(self) |
+| test.swift:488:9:488:9 | self | test.swift:488:9:488:9 | SSA def(self) |
+| test.swift:488:9:488:9 | value | test.swift:488:9:488:9 | SSA def(value) |
+| test.swift:489:5:489:5 | SSA def(self) | test.swift:490:7:490:7 | self |
+| test.swift:489:5:489:5 | self | test.swift:489:5:489:5 | SSA def(self) |
+| test.swift:489:10:489:13 | SSA def(s) | test.swift:490:13:490:13 | s |
+| test.swift:489:10:489:13 | s | test.swift:489:10:489:13 | SSA def(s) |
+| test.swift:490:7:490:7 | [post] self | test.swift:489:5:491:5 | self[return] |
+| test.swift:490:7:490:7 | self | test.swift:489:5:491:5 | self[return] |
+| test.swift:495:17:495:17 | SSA def(self) | test.swift:496:7:496:7 | self |
+| test.swift:495:17:495:17 | self | test.swift:495:17:495:17 | SSA def(self) |
+| test.swift:496:7:496:7 | [post] self | test.swift:497:17:497:17 | self |
+| test.swift:496:7:496:7 | self | test.swift:497:17:497:17 | self |
+| test.swift:497:17:497:17 | [post] self | test.swift:495:17:498:5 | self[return] |
+| test.swift:497:17:497:17 | self | test.swift:495:17:498:5 | self[return] |
+| test.swift:501:21:501:27 | SSA def(path) | test.swift:503:37:503:37 | path |
+| test.swift:501:21:501:27 | path | test.swift:501:21:501:27 | SSA def(path) |
+| test.swift:506:7:506:7 | SSA def(self) | test.swift:506:7:506:7 | self[return] |
+| test.swift:506:7:506:7 | self | test.swift:506:7:506:7 | SSA def(self) |
+| test.swift:507:3:507:3 | SSA def(self) | test.swift:507:3:507:40 | self[return] |
+| test.swift:507:3:507:3 | self | test.swift:507:3:507:3 | SSA def(self) |
+| test.swift:507:27:507:38 | SSA def(n) | test.swift:507:3:507:40 | n[return] |
+| test.swift:507:31:507:38 | call to source() | test.swift:507:27:507:38 | SSA def(n) |
+| test.swift:513:7:513:7 | SSA def(n) | test.swift:514:36:514:36 | n |
+| test.swift:513:11:513:11 | 0 | test.swift:513:7:513:7 | SSA def(n) |
+| test.swift:514:36:514:36 | n | test.swift:514:35:514:36 | &... |
--- a/swift/ql/test/library-tests/dataflow/dataflow/test.swift
+++ b/swift/ql/test/library-tests/dataflow/dataflow/test.swift
@@ -479,3 +479,37 @@ func testIdentityArithmetic() {
  sink(arg: +source()) // $ flow=479
  sink(arg: (source())) // $ flow=480
 }
+
+func sink(str: String) {}
+
+func source3() -> String { return "" }
+
+class MyClass {
+    var str: String
+    init(s: String) {
+      str = s
+    }
+}
+
+extension MyClass {
+    convenience init(contentsOfFile: String) {
+      self.init(s: source3()) 
+      sink(str: str) // $ flow=496
+    }
+}
+
+func extensionInits(path: String) {
+  sink(str: MyClass(s: source3()).str) // $ flow=502
+  sink(str: MyClass(contentsOfFile: path).str) // $ flow=496
+}
+
+class InoutConstructorClass {
+  init(_ n : inout Int) { n = source() }
+}
+
+func sink(arg: InoutConstructorClass) {}
+
+func inoutConstructor() {
+  var n = 0
+  sink(arg: InoutConstructorClass(&n))
+}