hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-19 22:14:01 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into http

Browse Source
This commit is contained in:
Geoffrey White
2025-02-10 09:07:34 +00:00
parent f9f5d2c3c2 0b2e307f9a
commit 2c85353b7e
220 changed files with 48555 additions and 47627 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
actions/ql/lib/change-notes/2025-01-07-trusted-owner-ext.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: feature
---
* The "Unpinned tag for a non-immutable Action in workflow" query (`actions/unpinned-tag`) now supports expanding the trusted action owner list using data extensions (`extensible: trustedActionsOwnerDataModel`). If you trust an Action publisher, you can include the owner name/organization in a model pack to add it to the allow list for this query. This addition will prevent security alerts when using unpinned tags for Actions published by that owner. For more information on creating a model pack, see [Creating a CodeQL Model Pack](https://docs.github.com/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-and-working-with-codeql-packs#creating-a-codeql-model-pack).

4
actions/ql/lib/codeql/actions/Bash.qll
View File

@@ -81,7 +81,9 @@ class BashShellScript extends ShellScript {
"qstr:" + k + ":" + i + ":" + j + ":" + quotedStr.length() + ":" +
quotedStr.regexpReplaceAll("[^a-zA-Z0-9]", "")
)
)
) and
// Only do this for strings that might otherwise disrupt subsequent parsing
quotedStr.regexpMatch("[\"'].*[$\n\r'\"" + Bash::separator() + "].*[\"']")
}
private predicate rankedQuotedStringReplacements(int i, string old, string new) {

9
actions/ql/lib/codeql/actions/config/Config.qll
View File

@@ -126,6 +126,15 @@ predicate vulnerableActionsDataModel(
*/
predicate immutableActionsDataModel(string action) { Extensions::immutableActionsDataModel(action) }
/**
* MaD models for trusted actions owners
* Fields:
* - owner: owner name
*/
predicate trustedActionsOwnerDataModel(string owner) {
Extensions::trustedActionsOwnerDataModel(owner)
}
/**
* MaD models for untrusted git commands
* Fields:

5
actions/ql/lib/codeql/actions/config/ConfigExtensions.qll
View File

@@ -63,6 +63,11 @@ extensible predicate vulnerableActionsDataModel(
*/
extensible predicate immutableActionsDataModel(string action);
/**
* Holds for trusted Actions owners.
*/
extensible predicate trustedActionsOwnerDataModel(string owner);
/**
* Holds for git commands that may introduce untrusted data when called on an attacker controlled branch.
*/

8
actions/ql/lib/ext/config/trusted_actions_owner.yml Normal file
View File

@@ -0,0 +1,8 @@
extensions:
- addsTo:
pack: codeql/actions-all
extensible: trustedActionsOwnerDataModel
data:
- ["actions"]
- ["github"]
- ["advanced-security"]

4
actions/ql/src/Security/CWE-077/EnvPathInjectionMedium.ql
View File

@@ -2,9 +2,9 @@
* @name PATH Enviroment Variable built from user-controlled sources
* @description Building the PATH environment variable from user-controlled sources may alter the execution of following system commands
* @kind path-problem
* @problem.severity warning
* @problem.severity error
* @security-severity 5.0
* @precision high
* @precision medium
* @id actions/envpath-injection/medium
* @tags actions
* security

4
actions/ql/src/Security/CWE-077/EnvVarInjectionMedium.ql
View File

@@ -2,9 +2,9 @@
* @name Enviroment Variable built from user-controlled sources
* @description Building an environment variable from user-controlled sources may alter the execution of following system commands
* @kind path-problem
* @problem.severity warning
* @problem.severity error
* @security-severity 5.0
* @precision high
* @precision medium
* @id actions/envvar-injection/medium
* @tags actions
* security

3
actions/ql/src/Security/CWE-275/MissingActionsPermissions.ql
View File

@@ -3,11 +3,12 @@
* @description Workflows should contain permissions to provide a clear understanding has permissions to run the workflow.
* @kind problem
* @security-severity 5.0
* @problem.severity recommendation
* @problem.severity warning
* @precision high
* @id actions/missing-workflow-permissions
* @tags actions
* maintainability
* security
* external/cwe/cwe-275
*/

3
actions/ql/src/Security/CWE-312/ExcessiveSecretsExposure.ql
View File

@@ -2,7 +2,8 @@
* @name Excessive Secrets Exposure
* @description All organization and repository secrets are passed to the workflow runner.
* @kind problem
* @problem.severity recommendation
* @precision high
* @problem.severity warning
* @id actions/excessive-secrets-exposure
* @tags actions
* security

4
actions/ql/src/Security/CWE-829/ArtifactPoisoningMedium.ql
View File

@@ -2,8 +2,8 @@
* @name Artifact poisoning
* @description An attacker may be able to poison the workflow's artifacts and influence on consequent steps.
* @kind path-problem
* @problem.severity warning
* @precision high
* @problem.severity error
* @precision medium
* @security-severity 5.0
* @id actions/artifact-poisoning/medium
* @tags actions

2
actions/ql/src/Security/CWE-829/UnpinnedActionsTag.md
View File

@@ -24,4 +24,4 @@ Pinning an action to a full length commit SHA is currently the only way to use a
## References
- [Using third-party actions](https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions#using-third-party-actions)
- [Using third-party actions](https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions#using-third-party-actions)

21
actions/ql/src/Security/CWE-829/UnpinnedActionsTag.ql
View File

@@ -3,8 +3,8 @@
* @description Using a tag for a non-immutable Action that is not pinned to a commit can lead to executing an untrusted Action through a supply chain attack.
* @kind problem
* @security-severity 5.0
* @problem.severity recommendation
* @precision high
* @problem.severity warning
* @precision medium
* @id actions/unpinned-tag
* @tags security
* actions
@@ -17,14 +17,15 @@ import codeql.actions.security.UseOfUnversionedImmutableAction
bindingset[version]
private predicate isPinnedCommit(string version) { version.regexpMatch("^[A-Fa-f0-9]{40}$") }
bindingset[repo]
private predicate isTrustedOrg(string repo) {
repo.matches(["actions", "github", "advanced-security"] + "/%")
bindingset[nwo]
private predicate isTrustedOwner(string nwo) {
// Gets the segment before the first '/' in the name with owner(nwo) string
trustedActionsOwnerDataModel(nwo.substring(0, nwo.indexOf("/")))
}
from UsesStep uses, string repo, string version, Workflow workflow, string name
from UsesStep uses, string nwo, string version, Workflow workflow, string name
where
uses.getCallee() = repo and
uses.getCallee() = nwo and
uses.getEnclosingWorkflow() = workflow and
(
workflow.getName() = name
@@ -32,9 +33,9 @@ where
not exists(workflow.getName()) and workflow.getLocation().getFile().getBaseName() = name
) and
uses.getVersion() = version and
not isTrustedOrg(repo) and
not isTrustedOwner(nwo) and
not isPinnedCommit(version) and
not isImmutableAction(uses, repo)
not isImmutableAction(uses, nwo)
select uses.getCalleeNode(),
"Unpinned 3rd party Action '" + name + "' step $@ uses '" + repo + "' with ref '" + version +
"Unpinned 3rd party Action '" + name + "' step $@ uses '" + nwo + "' with ref '" + version +
"', not a pinned commit hash", uses, uses.toString()

20
actions/ql/src/change-notes/2025-02-06-curate-suites.md Normal file
View File

@@ -0,0 +1,20 @@
---
category: breaking
---
* The following queries have been removed from the `code-scanning` and `security-extended` suites.
Any existing alerts for these queries will be closed automatically.
* `actions/if-expression-always-true/critical`
* `actions/if-expression-always-true/high`
* `actions/unnecessary-use-of-advanced-config`
* The following query has been moved from the `code-scanning` suite to the `security-extended`
suite. Any existing alerts for this query will be closed automatically unless the analysis is
configured to use the `security-extended` suite.
* `actions/unpinned-tag`
* The following queries have been added to the `security-extended` suite.
* `actions/unversioned-immutable-action`
* `actions/envpath-injection/medium`
* `actions/envvar-injection/medium`
* `actions/code-injection/medium`
* `actions/artifact-poisoning/medium`
* `actions/untrusted-checkout/medium`

1
actions/ql/src/codeql-suites/actions-ccr.qls Normal file
View File

@@ -0,0 +1 @@
[]

13
actions/ql/src/codeql-suites/actions-code-scanning.qls
View File

@@ -1,11 +1,4 @@
- description: Standard Code Scanning queries for GitHub Actions
- queries: '.'
- include:
problem.severity:
- error
- recommendation
- exclude:
tags contain:
- experimental
- debug
- internal
- queries: .
- apply: code-scanning-selectors.yml
from: codeql/suite-helpers

4
actions/ql/src/codeql-suites/actions-security-extended.qls
View File

@@ -1,2 +1,4 @@
- description: Security-extended queries for GitHub Actions
- import: codeql-suites/actions-code-scanning.qls
- queries: .
- apply: security-extended-selectors.yml
from: codeql/suite-helpers

0
actions/ql/src/Security/CWE-074/OutputClobberingHigh.ql → actions/ql/src/experimental/Security/CWE-074/OutputClobberingHigh.ql
View File

0
actions/ql/src/Security/CWE-078/CommandInjectionCritical.ql → actions/ql/src/experimental/Security/CWE-078/CommandInjectionCritical.ql
View File

0
actions/ql/src/Security/CWE-078/CommandInjectionMedium.ql → actions/ql/src/experimental/Security/CWE-078/CommandInjectionMedium.ql
View File

0
actions/ql/src/Security/CWE-088/ArgumentInjectionCritical.md → actions/ql/src/experimental/Security/CWE-088/ArgumentInjectionCritical.md
View File

0
actions/ql/src/Security/CWE-088/ArgumentInjectionCritical.ql → actions/ql/src/experimental/Security/CWE-088/ArgumentInjectionCritical.ql
View File

0
actions/ql/src/Security/CWE-088/ArgumentInjectionMedium.md → actions/ql/src/experimental/Security/CWE-088/ArgumentInjectionMedium.md
View File

0
actions/ql/src/Security/CWE-088/ArgumentInjectionMedium.ql → actions/ql/src/experimental/Security/CWE-088/ArgumentInjectionMedium.ql
View File

0
actions/ql/src/Security/CWE-200/SecretExfiltration.ql → actions/ql/src/experimental/Security/CWE-200/SecretExfiltration.ql
View File

0
actions/ql/src/Security/CWE-284/CodeExecutionOnSelfHostedRunner.ql → actions/ql/src/experimental/Security/CWE-284/CodeExecutionOnSelfHostedRunner.ql
View File

0
actions/ql/src/Security/CWE-829/ArtifactPoisoningPathTraversal.ql → actions/ql/src/experimental/Security/CWE-829/ArtifactPoisoningPathTraversal.ql
View File

0
actions/ql/src/Security/CWE-918/RequestForgery.ql → actions/ql/src/experimental/Security/CWE-918/RequestForgery.ql
View File

18
actions/ql/test/library-tests/.github/workflows/many_strings.yml vendored Normal file
View File

@@ -0,0 +1,18 @@
on:
workflow_run:
workflows: ["Prev"]
types:
- completed
jobs:
Test:
runs-on: ubuntu-latest
steps:
- run: |
# Avoid choking on large chunks of data containing quotes
echo '["string1", "string2", "string3", "string4", "string5", "string6", "string7", "string8", "string9", "string10", "string11", "string12", "string13", "string14", "string15", "string16", "string17", "string18", "string19", "string20", "string21", "string22", "string23", "string24", "string25", "string26", "string27", "string28", "string29", "string30", "string31", "string32", "string33", "string34", "string35", "string36", "string37", "string38", "string39", "string40", "string41", "string42", "string43", "string44", "string45", "string46", "string47", "string48", "string49", "string50", "string51", "string52", "string53", "string54", "string55", "string56", "string57", "string58", "string59", "string60", "string61", "string62", "string63", "string64", "string65", "string66", "string67", "string68", "string69", "string70", "string71", "string72", "string73", "string74", "string75", "string76", "string77", "string78", "string79", "string80", "string81", "string82", "string83", "string84", "string85", "string86", "string87", "string88", "string89", "string90", "string91", "string92", "string93", "string94", "string95", "string96", "string97", "string98", "string99", "string100"]'
echo "['string1', 'string2', 'string3', 'string4', 'string5', 'string6', 'string7', 'string8', 'string9', 'string10', 'string11', 'string12', 'string13', 'string14', 'string15', 'string16', 'string17', 'string18', 'string19', 'string20', 'string21', 'string22', 'string23', 'string24', 'string25', 'string26', 'string27', 'string28', 'string29', 'string30', 'string31', 'string32', 'string33', 'string34', 'string35', 'string36', 'string37', 'string38', 'string39', 'string40', 'string41', 'string42', 'string43', 'string44', 'string45', 'string46', 'string47', 'string48', 'string49', 'string50', 'string51', 'string52', 'string53', 'string54', 'string55', 'string56', 'string57', 'string58', 'string59', 'string60', 'string61', 'string62', 'string63', 'string64', 'string65', 'string66', 'string67', 'string68', 'string69', 'string70', 'string71', 'string72', 'string73', 'string74', 'string75', 'string76', 'string77', 'string78', 'string79', 'string80', 'string81', 'string82', 'string83', 'string84', 'string85', 'string86', 'string87', 'string88', 'string89', 'string90', 'string91', 'string92', 'string93', 'string94', 'string95', 'string96', 'string97', 'string98', 'string99', 'string100']"
# Same as above but where each line has an unbalanced internal quote near the end
echo '["string1", "string2", "string3", "string4", "string5", "string6", "string7", "string8", "string9", "string10", "string11", "string12", "string13", "string14", "string15", "string16", "string17", "string18", "string19", "string20", "string21", "string22", "string23", "string24", "string25", "string26", "string27", "string28", "string29", "string30", "string31", "string32", "string33", "string34", "string35", "string36", "string37", "string38", "string39", "string40", "string41", "string42", "string43", "string44", "string45", "string46", "string47", "string48", "string49", "string50", "string51", "string52", "string53", "string54", "string55", "string56", "string57", "string58", "string59", "string60", "string61", "string62", "string63", "string64", "string65", "string66", "string67", "string68", "string69", "string70", "string71", "string72", "string73", "string74", "string75", "string76", "string77", "string78", "string79", "string80", "string81", "string82", "string83", "string84", "string85", "string86", "string87", "string88", "string89", "string90", "string91", "string92", "string93", "string94", "string95", "string96", "string97", "string98", "string99", "string100"]"'
echo "['string1', 'string2', 'string3', 'string4', 'string5', 'string6', 'string7', 'string8', 'string9', 'string10', 'string11', 'string12', 'string13', 'string14', 'string15', 'string16', 'string17', 'string18', 'string19', 'string20', 'string21', 'string22', 'string23', 'string24', 'string25', 'string26', 'string27', 'string28', 'string29', 'string30', 'string31', 'string32', 'string33', 'string34', 'string35', 'string36', 'string37', 'string38', 'string39', 'string40', 'string41', 'string42', 'string43', 'string44', 'string45', 'string46', 'string47', 'string48', 'string49', 'string50', 'string51', 'string52', 'string53', 'string54', 'string55', 'string56', 'string57', 'string58', 'string59', 'string60', 'string61', 'string62', 'string63', 'string64', 'string65', 'string66', 'string67', 'string68', 'string69', 'string70', 'string71', 'string72', 'string73', 'string74', 'string75', 'string76', 'string77', 'string78', 'string79', 'string80', 'string81', 'string82', 'string83', 'string84', 'string85', 'string86', 'string87', 'string88', 'string89', 'string90', 'string91', 'string92', 'string93', 'string94', 'string95', 'string96', 'string97', 'string98', 'string99', 'string100']'"

4
actions/ql/test/library-tests/commands.expected
View File

@@ -25,6 +25,10 @@
| .github/workflows/expression_nodes.yml:16:9:20:6 | Run Step | LINE 2 echo '${{github.event.issue.body}}' |
| .github/workflows/expression_nodes.yml:16:9:20:6 | Run Step | LINE 3 echo '${{ github.event.comment.body }}' |
| .github/workflows/expression_nodes.yml:20:9:21:47 | Run Step | LINE 1 echo '${{ github.event.comment.body }}' echo '${{github.event.issue.body}}' |
| .github/workflows/many_strings.yml:11:9:18:1211 | Run Step | echo "['string1', 'string2', 'string3', 'string4', 'string5', 'string6', 'string7', 'string8', 'string9', 'string10', 'string11', 'string12', 'string13', 'string14', 'string15', 'string16', 'string17', 'string18', 'string19', 'string20', 'string21', 'string22', 'string23', 'string24', 'string25', 'string26', 'string27', 'string28', 'string29', 'string30', 'string31', 'string32', 'string33', 'string34', 'string35', 'string36', 'string37', 'string38', 'string39', 'string40', 'string41', 'string42', 'string43', 'string44', 'string45', 'string46', 'string47', 'string48', 'string49', 'string50', 'string51', 'string52', 'string53', 'string54', 'string55', 'string56', 'string57', 'string58', 'string59', 'string60', 'string61', 'string62', 'string63', 'string64', 'string65', 'string66', 'string67', 'string68', 'string69', 'string70', 'string71', 'string72', 'string73', 'string74', 'string75', 'string76', 'string77', 'string78', 'string79', 'string80', 'string81', 'string82', 'string83', 'string84', 'string85', 'string86', 'string87', 'string88', 'string89', 'string90', 'string91', 'string92', 'string93', 'string94', 'string95', 'string96', 'string97', 'string98', 'string99', 'string100']" |
| .github/workflows/many_strings.yml:11:9:18:1211 | Run Step | echo "['string1', 'string2', 'string3', 'string4', 'string5', 'string6', 'string7', 'string8', 'string9', 'string10', 'string11', 'string12', 'string13', 'string14', 'string15', 'string16', 'string17', 'string18', 'string19', 'string20', 'string21', 'string22', 'string23', 'string24', 'string25', 'string26', 'string27', 'string28', 'string29', 'string30', 'string31', 'string32', 'string33', 'string34', 'string35', 'string36', 'string37', 'string38', 'string39', 'string40', 'string41', 'string42', 'string43', 'string44', 'string45', 'string46', 'string47', 'string48', 'string49', 'string50', 'string51', 'string52', 'string53', 'string54', 'string55', 'string56', 'string57', 'string58', 'string59', 'string60', 'string61', 'string62', 'string63', 'string64', 'string65', 'string66', 'string67', 'string68', 'string69', 'string70', 'string71', 'string72', 'string73', 'string74', 'string75', 'string76', 'string77', 'string78', 'string79', 'string80', 'string81', 'string82', 'string83', 'string84', 'string85', 'string86', 'string87', 'string88', 'string89', 'string90', 'string91', 'string92', 'string93', 'string94', 'string95', 'string96', 'string97', 'string98', 'string99', 'string100']'" |
| .github/workflows/many_strings.yml:11:9:18:1211 | Run Step | echo '["string1", "string2", "string3", "string4", "string5", "string6", "string7", "string8", "string9", "string10", "string11", "string12", "string13", "string14", "string15", "string16", "string17", "string18", "string19", "string20", "string21", "string22", "string23", "string24", "string25", "string26", "string27", "string28", "string29", "string30", "string31", "string32", "string33", "string34", "string35", "string36", "string37", "string38", "string39", "string40", "string41", "string42", "string43", "string44", "string45", "string46", "string47", "string48", "string49", "string50", "string51", "string52", "string53", "string54", "string55", "string56", "string57", "string58", "string59", "string60", "string61", "string62", "string63", "string64", "string65", "string66", "string67", "string68", "string69", "string70", "string71", "string72", "string73", "string74", "string75", "string76", "string77", "string78", "string79", "string80", "string81", "string82", "string83", "string84", "string85", "string86", "string87", "string88", "string89", "string90", "string91", "string92", "string93", "string94", "string95", "string96", "string97", "string98", "string99", "string100"]"' |
| .github/workflows/many_strings.yml:11:9:18:1211 | Run Step | echo '["string1", "string2", "string3", "string4", "string5", "string6", "string7", "string8", "string9", "string10", "string11", "string12", "string13", "string14", "string15", "string16", "string17", "string18", "string19", "string20", "string21", "string22", "string23", "string24", "string25", "string26", "string27", "string28", "string29", "string30", "string31", "string32", "string33", "string34", "string35", "string36", "string37", "string38", "string39", "string40", "string41", "string42", "string43", "string44", "string45", "string46", "string47", "string48", "string49", "string50", "string51", "string52", "string53", "string54", "string55", "string56", "string57", "string58", "string59", "string60", "string61", "string62", "string63", "string64", "string65", "string66", "string67", "string68", "string69", "string70", "string71", "string72", "string73", "string74", "string75", "string76", "string77", "string78", "string79", "string80", "string81", "string82", "string83", "string84", "string85", "string86", "string87", "string88", "string89", "string90", "string91", "string92", "string93", "string94", "string95", "string96", "string97", "string98", "string99", "string100"]' |
| .github/workflows/multiline2.yml:11:9:15:6 | Run Step | echo "CHANGELOGEOF" |
| .github/workflows/multiline2.yml:11:9:15:6 | Run Step | echo "changelog< |
| .github/workflows/multiline2.yml:11:9:15:6 | Run Step | echo -e "$FILTERED_CHANGELOG" |

35
actions/ql/test/library-tests/test.expected
View File

File diff suppressed because one or more lines are too long

2
actions/ql/test/query-tests/Security/CWE-074/OutputClobberingHigh.qlref
View File

@@ -1 +1 @@
Security/CWE-074/OutputClobberingHigh.ql
experimental/Security/CWE-074/OutputClobberingHigh.ql

2
actions/ql/test/query-tests/Security/CWE-078/CommandInjectionCritical.qlref
View File

@@ -1 +1 @@
Security/CWE-078/CommandInjectionCritical.ql
experimental/Security/CWE-078/CommandInjectionCritical.ql

2
actions/ql/test/query-tests/Security/CWE-078/CommandInjectionMedium.qlref
View File

@@ -1 +1 @@
Security/CWE-078/CommandInjectionMedium.ql
experimental/Security/CWE-078/CommandInjectionMedium.ql

2
actions/ql/test/query-tests/Security/CWE-088/ArgumentInjectionCritical.qlref
View File

@@ -1 +1 @@
Security/CWE-088/ArgumentInjectionCritical.ql
experimental/Security/CWE-088/ArgumentInjectionCritical.ql

2
actions/ql/test/query-tests/Security/CWE-088/ArgumentInjectionMedium.qlref
View File

@@ -1 +1 @@
Security/CWE-088/ArgumentInjectionMedium.ql
experimental/Security/CWE-088/ArgumentInjectionMedium.ql

2
actions/ql/test/query-tests/Security/CWE-200/SecretExfiltration.qlref
View File

@@ -1,2 +1,2 @@
Security/CWE-200/SecretExfiltration.ql
experimental/Security/CWE-200/SecretExfiltration.ql

2
actions/ql/test/query-tests/Security/CWE-284/CodeExecutionOnSelfHostedRunner.qlref
View File

@@ -1,2 +1,2 @@
Security/CWE-284/CodeExecutionOnSelfHostedRunner.ql
experimental/Security/CWE-284/CodeExecutionOnSelfHostedRunner.ql

2
actions/ql/test/query-tests/Security/CWE-829/ArtifactPoisoningPathTraversal.qlref
View File

@@ -1,2 +1,2 @@
Security/CWE-829/ArtifactPoisoningPathTraversal.ql
experimental/Security/CWE-829/ArtifactPoisoningPathTraversal.ql

2
actions/ql/test/query-tests/Security/CWE-918/RequestForgery.qlref
View File

@@ -1 +1 @@
Security/CWE-918/RequestForgery.ql
experimental/Security/CWE-918/RequestForgery.ql

1
cpp/ql/src/codeql-suites/cpp-ccr.qls Normal file
View File

@@ -0,0 +1 @@
[]

4
csharp/ql/lib/change-notes/2025-02-03-blazor-routing-parameters.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Blazor `[Parameter]` fields bound to a variable from the route specified in the `@page` directive are now modeled as remote flow sources.

135
csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/aspnetcore/Components.qll Normal file
View File

@@ -0,0 +1,135 @@
/** Provides classes for working with `Microsoft.AspNetCore.Components` */
import csharp
import semmle.code.csharp.frameworks.Microsoft
import semmle.code.csharp.frameworks.microsoft.AspNetCore
/** The `Microsoft.AspNetCore.Components` namespace */
class MicrosoftAspNetCoreComponentsNamespace extends Namespace {
MicrosoftAspNetCoreComponentsNamespace() {
this.getParentNamespace() instanceof MicrosoftAspNetCoreNamespace and
this.hasName("Components")
}
}
/**
* A class in the `Microsoft.AspNetCore.Components` namespace.
*/
private class MicrosoftAspNetCoreComponentsClass extends Class {
MicrosoftAspNetCoreComponentsClass() {
this.getNamespace() instanceof MicrosoftAspNetCoreComponentsNamespace
}
}
/** The `Microsoft.AspNetCore.Components.CascadingParameterAttributeBase` class. */
class MicrosoftAspNetCoreComponentsCascadingParameterAttributeBaseClass extends MicrosoftAspNetCoreComponentsClass
{
MicrosoftAspNetCoreComponentsCascadingParameterAttributeBaseClass() {
this.hasName("CascadingParameterAttributeBase")
}
}
/** The `Microsoft.AspNetCore.Components.ComponentBase` class. */
class MicrosoftAspNetCoreComponentsComponentBaseClass extends MicrosoftAspNetCoreComponentsClass {
MicrosoftAspNetCoreComponentsComponentBaseClass() { this.hasName("ComponentBase") }
}
/** The `Microsoft.AspNetCore.Components.IComponent` interface. */
class MicrosoftAspNetCoreComponentsIComponentInterface extends Interface {
MicrosoftAspNetCoreComponentsIComponentInterface() {
this.getNamespace() instanceof MicrosoftAspNetCoreComponentsNamespace and
this.hasName("IComponent")
}
}
/** The `Microsoft.AspNetCore.Components.RouteAttribute` attribute. */
private class MicrosoftAspNetCoreComponentsRouteAttribute extends Attribute {
MicrosoftAspNetCoreComponentsRouteAttribute() {
this.getType().getNamespace() instanceof MicrosoftAspNetCoreComponentsNamespace and
this.getType().hasName("RouteAttribute")
}
}
/** The `Microsoft.AspNetCore.Components.ParameterAttribute` attribute. */
private class MicrosoftAspNetCoreComponentsParameterAttribute extends Attribute {
MicrosoftAspNetCoreComponentsParameterAttribute() {
this.getType().getNamespace() instanceof MicrosoftAspNetCoreComponentsNamespace and
this.getType().hasName("ParameterAttribute")
}
}
/** An ASP.NET Core (Blazor) component. */
class MicrosoftAspNetCoreComponentsComponent extends Class {
MicrosoftAspNetCoreComponentsComponent() {
this.getABaseType+() instanceof MicrosoftAspNetCoreComponentsComponentBaseClass or
this.getABaseType+() instanceof MicrosoftAspNetCoreComponentsIComponentInterface
}
/** Gets a property whose value cascades down the component hierarchy. */
Property getACascadingParameterProperty() {
result = this.getAProperty() and
result.getAnAttribute().getType().getBaseClass() instanceof
MicrosoftAspNetCoreComponentsCascadingParameterAttributeBaseClass
}
/** Gets the url for the route from the `Microsoft.AspNetCore.Components.RouteAttribute` of the component. */
private string getRouteAttributeUrl() {
exists(MicrosoftAspNetCoreComponentsRouteAttribute a | a = this.getAnAttribute() |
result = a.getArgument(0).getValue()
)
}
/**
* Gets a route parameter from the `Microsoft.AspNetCore.Components.RouteAttribute` of the component.
*
* A route parameter is defined in the URL by wrapping its name in a pair of { braces } when adding a component's @page declaration.
* There are various extensions that can be added next to the parameter name, such as `:int` or `?` to make the parameter optional.
* Optionally, the parameter name can start with a `*` to make it a catch-all parameter.
*
* An example of a route parameter is `@page "/counter/{id:int}/{other?}/{*rest}"`, from this we're getting the `id`, `other` and `rest` parameters.
*/
pragma[nomagic]
private string getARouteParameter() {
exists(string s |
s = this.getRouteAttributeUrl().splitAt("{").regexpCapture("\\*?([^:?}]+)[:?}](.*)", 1) and
result = s.toLowerCase()
)
}
/** Gets a property attributed with `[Parameter]` attribute. */
pragma[nomagic]
private Property getAParameterProperty(string name) {
result = this.getAProperty() and
result.getAnAttribute() instanceof MicrosoftAspNetCoreComponentsParameterAttribute and
name = result.getName().toLowerCase()
}
/** Gets a property whose value is populated from route parameters. */
Property getARouteParameterProperty() {
exists(string name | name = this.getARouteParameter() |
result = this.getAParameterProperty(name)
)
}
}
private module Sources {
private import semmle.code.csharp.security.dataflow.flowsources.Remote
/**
* A property with a `[Parameter]` attribute in an ASP.NET Core component which
* is populated from a route parameter.
*/
private class AspNetCoreComponentRouteParameterFlowSource extends AspNetRemoteFlowSource,
DataFlow::ExprNode
{
AspNetCoreComponentRouteParameterFlowSource() {
exists(MicrosoftAspNetCoreComponentsComponent c, Property p |
p = c.getARouteParameterProperty()
|
this.asExpr() = p.getGetter().getACall()
)
}
override string getSourceType() { result = "ASP.NET Core component route parameter" }
}
}

3
csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsources/Remote.qll
View File

@@ -26,7 +26,8 @@ abstract class RemoteFlowSource extends SourceNode {
* A module for importing frameworks that defines remote flow sources.
*/
private module RemoteFlowSources {
private import semmle.code.csharp.frameworks.ServiceStack
private import semmle.code.csharp.frameworks.ServiceStack as ServiceStack
private import semmle.code.csharp.frameworks.microsoft.aspnetcore.Components as Blazor
}
/** A data flow source of remote user input (ASP.NET). */

28
csharp/ql/src/Telemetry/DatabaseQuality.qll
View File

@@ -4,33 +4,7 @@
*/
import csharp
signature module StatsSig {
int getNumberOfOk();
int getNumberOfNotOk();
string getOkText();
string getNotOkText();
}
module ReportStats<StatsSig Stats> {
predicate numberOfOk(string key, int value) {
value = Stats::getNumberOfOk() and
key = "Number of " + Stats::getOkText()
}
predicate numberOfNotOk(string key, int value) {
value = Stats::getNumberOfNotOk() and
key = "Number of " + Stats::getNotOkText()
}
predicate percentageOfOk(string key, float value) {
value = Stats::getNumberOfOk() * 100.0 / (Stats::getNumberOfOk() + Stats::getNumberOfNotOk()) and
key = "Percentage of " + Stats::getOkText()
}
}
import codeql.util.ReportStats
module CallTargetStats implements StatsSig {
int getNumberOfOk() { result = count(Call c | exists(c.getTarget())) }

1
csharp/ql/src/codeql-suites/csharp-ccr.qls Normal file
View File

@@ -0,0 +1 @@
[]

10
csharp/ql/test/library-tests/dataflow/delegates/DelegateFlow.ql
View File

@@ -4,19 +4,19 @@ import semmle.code.csharp.dataflow.internal.DataFlowDispatch
query predicate delegateCall(DelegateLikeCall dc, Callable c) { c = dc.getARuntimeTarget() }
private class LocatableDataFlowCallOption extends DataFlowCallOption {
private class LocatableCallOption extends CallOption {
Location getLocation() {
this = TDataFlowCallNone() and
this = TCallNone() and
result instanceof EmptyLocation
or
exists(DataFlowCall call |
this = TDataFlowCallSome(call) and
this = TCallSome(call) and
result = call.getLocation()
)
}
}
private class LocatableDataFlowCall extends TDataFlowCall {
private class LocatableCall extends TDataFlowCall {
string toString() { result = this.(DataFlowCall).toString() }
Location getLocation() {
@@ -28,7 +28,7 @@ private class LocatableDataFlowCall extends TDataFlowCall {
}
query predicate viableLambda(
LocatableDataFlowCall call, LocatableDataFlowCallOption lastCall, DataFlowCallable target
LocatableCall call, LocatableCallOption lastCall, DataFlowCallable target
) {
target = viableCallableLambda(call, lastCall)
}

6
csharp/ql/test/library-tests/dataflow/functionpointers/FunctionPointerFlow.ql
View File

@@ -4,13 +4,13 @@ import semmle.code.csharp.dataflow.internal.DataFlowDispatch
query predicate fptrCall(FunctionPointerCall dc, Callable c) { c = dc.getARuntimeTarget() }
private class LocatableDataFlowCallOption extends DataFlowCallOption {
private class LocatableDataFlowCallOption extends CallOption {
Location getLocation() {
this = TDataFlowCallNone() and
this = TCallNone() and
result instanceof EmptyLocation
or
exists(DataFlowCall call |
this = TDataFlowCallSome(call) and
this = TCallSome(call) and
result = call.getLocation()
)
}

124
csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/Components_MyInput_razor.g.cs Normal file
View File

@@ -0,0 +1,124 @@
// <auto-generated/>
#pragma warning disable 1591
namespace BlazorTest.Components
{
#line default
using global::System;
using global::System.Collections.Generic;
using global::System.Linq;
using global::System.Threading.Tasks;
using global::Microsoft.AspNetCore.Components;
#nullable restore
using System.Net.Http
#nullable disable
;
#nullable restore
using System.Net.Http.Json
#nullable disable
;
#nullable restore
using Microsoft.AspNetCore.Components.Forms
#nullable disable
;
#nullable restore
using Microsoft.AspNetCore.Components.Routing
#nullable disable
;
#nullable restore
using Microsoft.AspNetCore.Components.Web
#nullable disable
;
#nullable restore
using static Microsoft.AspNetCore.Components.Web.RenderMode
#nullable disable
;
#nullable restore
using Microsoft.AspNetCore.Components.Web.Virtualization
#nullable disable
;
#nullable restore
using Microsoft.JSInterop
#nullable disable
;
#nullable restore
using BlazorTest
#nullable disable
;
#nullable restore
using BlazorTest.Components
#line default
#line hidden
#nullable disable
;
[global::BlazorTest.Components.MyInput.__PrivateComponentRenderModeAttribute]
#nullable restore
public partial class MyInput : global::Microsoft.AspNetCore.Components.ComponentBase
#nullable disable
{
#pragma warning disable 1998
protected override void BuildRenderTree(global::Microsoft.AspNetCore.Components.Rendering.RenderTreeBuilder __builder)
{
__builder.OpenElement(0, "input");
__builder.AddAttribute(1, "value", global::Microsoft.AspNetCore.Components.BindConverter.FormatValue(
#nullable restore
Param1
#line default
#line hidden
#nullable disable
));
__builder.AddAttribute(2, "onchange", global::Microsoft.AspNetCore.Components.EventCallback.Factory.CreateBinder(this, global::Microsoft.AspNetCore.Components.CompilerServices.RuntimeHelpers.CreateInferredBindSetter(callback: __value =>
{
Param1 = __value; return global::Microsoft.AspNetCore.Components.CompilerServices.RuntimeHelpers.InvokeAsynchronousDelegate(callback:
#nullable restore
Fire
#line default
#line hidden
#nullable disable
);
}, value: Param1), Param1));
__builder.SetUpdatesAttributeName("value");
__builder.CloseElement();
}
#pragma warning restore 1998
#nullable restore
[Parameter]
public string? Param1 { get; set; } = "";
[Parameter]
public EventCallback<string?> ValueChanged { get; set; }
[Parameter]
public EventCallback<string?> Param1Changed { get; set; }
private void Fire()
{
ValueChanged.InvokeAsync(Param1);
Param1Changed.InvokeAsync(Param1);
}
#line default
#line hidden
#nullable disable
private sealed class __PrivateComponentRenderModeAttribute : global::Microsoft.AspNetCore.Components.RenderModeAttribute
{
private static global::Microsoft.AspNetCore.Components.IComponentRenderMode ModeImpl => InteractiveServer
;
public override global::Microsoft.AspNetCore.Components.IComponentRenderMode Mode => ModeImpl;
}
}
}
#pragma warning restore 1591

115
csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/Components_MyOutput_razor.g.cs Normal file
View File

@@ -0,0 +1,115 @@
// <auto-generated/>
#pragma warning disable 1591
namespace BlazorTest.Components
{
#line default
using global::System;
using global::System.Collections.Generic;
using global::System.Linq;
using global::System.Threading.Tasks;
using global::Microsoft.AspNetCore.Components;
#nullable restore
using System.Net.Http
#nullable disable
;
#nullable restore
using System.Net.Http.Json
#nullable disable
;
#nullable restore
using Microsoft.AspNetCore.Components.Forms
#nullable disable
;
#nullable restore
using Microsoft.AspNetCore.Components.Routing
#nullable disable
;
#nullable restore
using Microsoft.AspNetCore.Components.Web
#nullable disable
;
#nullable restore
using static Microsoft.AspNetCore.Components.Web.RenderMode
#nullable disable
;
#nullable restore
using Microsoft.AspNetCore.Components.Web.Virtualization
#nullable disable
;
#nullable restore
using Microsoft.JSInterop
#nullable disable
;
#nullable restore
using BlazorTest
#nullable disable
;
#nullable restore
using BlazorTest.Components
#line default
#line hidden
#nullable disable
;
[global::BlazorTest.Components.MyOutput.__PrivateComponentRenderModeAttribute]
#nullable restore
public partial class MyOutput : global::Microsoft.AspNetCore.Components.ComponentBase
#nullable disable
{
#pragma warning disable 1998
protected override void BuildRenderTree(global::Microsoft.AspNetCore.Components.Rendering.RenderTreeBuilder __builder)
{
__builder.OpenElement(0, "div");
__builder.OpenElement(1, "p");
__builder.AddContent(2, "Value from InputText: ");
__builder.AddContent(3,
#nullable restore
Value
#line default
#line hidden
#nullable disable
);
__builder.CloseElement();
__builder.AddMarkupContent(4, "\n ");
__builder.OpenElement(5, "p");
__builder.AddContent(6, "Raw value from InputText: ");
__builder.AddContent(7,
#nullable restore
new MarkupString(Value)
#line default
#line hidden
#nullable disable
);
__builder.CloseElement();
__builder.CloseElement();
}
#pragma warning restore 1998
#nullable restore
[Parameter]
public string Value { get; set; } = "";
#line default
#line hidden
#nullable disable
private sealed class __PrivateComponentRenderModeAttribute : global::Microsoft.AspNetCore.Components.RenderModeAttribute
{
private static global::Microsoft.AspNetCore.Components.IComponentRenderMode ModeImpl => InteractiveServer
;
public override global::Microsoft.AspNetCore.Components.IComponentRenderMode Mode => ModeImpl;
}
}
}
#pragma warning restore 1591

567
csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/Components_Pages_TestPage_razor.g.cs Normal file
View File

@@ -0,0 +1,567 @@
// <auto-generated/>
#pragma warning disable 1591
namespace BlazorTest.Components.Pages
{
#line default
using global::System;
using global::System.Collections.Generic;
using global::System.Linq;
using global::System.Threading.Tasks;
using global::Microsoft.AspNetCore.Components;
#nullable restore
using System.Net.Http
#nullable disable
;
#nullable restore
using System.Net.Http.Json
#nullable disable
;
#nullable restore
using Microsoft.AspNetCore.Components.Forms
#nullable disable
;
#nullable restore
using Microsoft.AspNetCore.Components.Routing
#nullable disable
;
#nullable restore
using Microsoft.AspNetCore.Components.Web
#nullable disable
;
#nullable restore
using static Microsoft.AspNetCore.Components.Web.RenderMode
#nullable disable
;
#nullable restore
using Microsoft.AspNetCore.Components.Web.Virtualization
#nullable disable
;
#nullable restore
using Microsoft.JSInterop
#nullable disable
;
#nullable restore
using BlazorTest
#nullable disable
;
#nullable restore
using BlazorTest.Components
#line default
#line hidden
#nullable disable
;
[global::Microsoft.AspNetCore.Components.RouteAttribute(
// language=Route,Component
#nullable restore
"/"
#line default
#line hidden
#nullable disable
)]
[global::Microsoft.AspNetCore.Components.RouteAttribute(
// language=Route,Component
#nullable restore
"/test/{urlParam?}"
#line default
#line hidden
#nullable disable
)]
[global::BlazorTest.Components.Pages.TestPage.__PrivateComponentRenderModeAttribute]
#nullable restore
public partial class TestPage : global::Microsoft.AspNetCore.Components.ComponentBase
#nullable disable
{
#pragma warning disable 1998
protected override void BuildRenderTree(global::Microsoft.AspNetCore.Components.Rendering.RenderTreeBuilder __builder)
{
__builder.OpenComponent<global::Microsoft.AspNetCore.Components.Web.PageTitle>(0);
__builder.AddAttribute(1, "ChildContent", (global::Microsoft.AspNetCore.Components.RenderFragment)((__builder2) =>
{
__builder2.AddContent(2, "TestPage");
}
));
__builder.CloseComponent();
__builder.AddMarkupContent(3, "\n\n");
__builder.OpenElement(4, "div");
__builder.AddMarkupContent(5, "<h3>Route parameter</h3>\n ");
__builder.OpenElement(6, "p");
__builder.AddContent(7, "Go to: ");
__builder.OpenElement(8, "a");
__builder.AddAttribute(9, "href", "/test/" + (
#nullable restore
XssUrl
#line default
#line hidden
#nullable disable
));
__builder.AddContent(10, "/test/");
__builder.AddContent(11,
#nullable restore
XssUrl
#line default
#line hidden
#nullable disable
);
__builder.CloseElement();
__builder.CloseElement();
__builder.AddMarkupContent(12, "\n ");
__builder.OpenElement(13, "p");
__builder.AddContent(14, "Parameter from URL: ");
__builder.AddContent(15,
#nullable restore
UrlParam
#line default
#line hidden
#nullable disable
);
__builder.CloseElement();
__builder.AddMarkupContent(16, "\n ");
__builder.OpenElement(17, "p");
__builder.AddContent(18, "Raw parameter from URL: ");
__builder.AddContent(19,
#nullable restore
(MarkupString)UrlParam
#line default
#line hidden
#nullable disable
);
__builder.CloseElement();
__builder.CloseElement();
__builder.AddMarkupContent(20, "\n\n<hr>\n\n");
__builder.OpenElement(21, "div");
__builder.AddMarkupContent(22, "<h3>Query parameter</h3>\n ");
__builder.OpenElement(23, "p");
__builder.AddContent(24, "Go to: ");
__builder.OpenElement(25, "a");
__builder.AddAttribute(26, "href", "/test/?qs=" + (
#nullable restore
XssUrl
#line default
#line hidden
#nullable disable
));
__builder.AddContent(27, "/test/?qs=");
__builder.AddContent(28,
#nullable restore
XssUrl
#line default
#line hidden
#nullable disable
);
__builder.CloseElement();
__builder.CloseElement();
__builder.AddMarkupContent(29, "\n ");
__builder.OpenElement(30, "p");
__builder.AddContent(31, "Parameter from query string: ");
__builder.AddContent(32,
#nullable restore
QueryParam
#line default
#line hidden
#nullable disable
);
__builder.CloseElement();
__builder.AddMarkupContent(33, "\n ");
__builder.OpenElement(34, "p");
__builder.AddContent(35, "Raw parameter from query string: ");
__builder.AddContent(36,
#nullable restore
new MarkupString(QueryParam)
#line default
#line hidden
#nullable disable
);
__builder.CloseElement();
__builder.CloseElement();
__builder.AddMarkupContent(37, "\n\n<hr>\n\n");
__builder.OpenElement(38, "div");
__builder.AddMarkupContent(39, "<h3>Bind InputText component</h3>\n ");
__builder.OpenComponent<global::Microsoft.AspNetCore.Components.Forms.InputText>(40);
__builder.AddComponentParameter(41, nameof(global::Microsoft.AspNetCore.Components.Forms.InputText.
#nullable restore
Value
#line default
#line hidden
#nullable disable
), global::Microsoft.AspNetCore.Components.CompilerServices.RuntimeHelpers.TypeCheck<global::System.String>(
#nullable restore
InputValue1
#line default
#line hidden
#nullable disable
));
__builder.AddComponentParameter(42, nameof(global::Microsoft.AspNetCore.Components.Forms.InputText.ValueChanged), global::Microsoft.AspNetCore.Components.CompilerServices.RuntimeHelpers.TypeCheck<global::Microsoft.AspNetCore.Components.EventCallback<global::System.String>>(global::Microsoft.AspNetCore.Components.EventCallback.Factory.Create<global::System.String>(this, global::Microsoft.AspNetCore.Components.CompilerServices.RuntimeHelpers.CreateInferredEventCallback(this, __value => InputValue1 = __value, InputValue1))));
__builder.AddComponentParameter(43, nameof(global::Microsoft.AspNetCore.Components.Forms.InputText.ValueExpression), global::Microsoft.AspNetCore.Components.CompilerServices.RuntimeHelpers.TypeCheck<global::System.Linq.Expressions.Expression<global::System.Func<global::System.String>>>(() => InputValue1));
__builder.CloseComponent();
__builder.AddMarkupContent(44, "\n ");
__builder.OpenElement(45, "p");
__builder.AddContent(46, "Value from InputText: ");
__builder.AddContent(47,
#nullable restore
InputValue1
#line default
#line hidden
#nullable disable
);
__builder.CloseElement();
__builder.AddMarkupContent(48, "\n ");
__builder.OpenElement(49, "p");
__builder.AddContent(50, "Raw value from InputText: ");
__builder.AddContent(51,
#nullable restore
new MarkupString(InputValue1)
#line default
#line hidden
#nullable disable
);
__builder.CloseElement();
__builder.CloseElement();
__builder.AddMarkupContent(52, "\n\n<hr>\n\n");
__builder.OpenElement(53, "div");
__builder.AddMarkupContent(54, "<h3>Bind input element</h3>\n ");
__builder.OpenElement(55, "input");
__builder.AddAttribute(56, "value", global::Microsoft.AspNetCore.Components.BindConverter.FormatValue(
#nullable restore
InputValue2
#line default
#line hidden
#nullable disable
));
__builder.AddAttribute(57, "onchange", global::Microsoft.AspNetCore.Components.EventCallback.Factory.CreateBinder(this, __value => InputValue2 = __value, InputValue2));
__builder.SetUpdatesAttributeName("value");
__builder.CloseElement();
__builder.AddMarkupContent(58, "\n ");
__builder.OpenElement(59, "p");
__builder.AddContent(60, "Value from InputText: ");
__builder.AddContent(61,
#nullable restore
InputValue2
#line default
#line hidden
#nullable disable
);
__builder.CloseElement();
__builder.AddMarkupContent(62, "\n ");
__builder.OpenElement(63, "p");
__builder.AddContent(64, "Raw value from InputText: ");
__builder.AddContent(65,
#nullable restore
new MarkupString(InputValue2)
#line default
#line hidden
#nullable disable
);
__builder.CloseElement();
__builder.CloseElement();
__builder.AddMarkupContent(66, "\n\n<hr>\n\n");
__builder.OpenElement(67, "div");
__builder.AddMarkupContent(68, "<h3>Bind through object property</h3>\n ");
__builder.OpenElement(69, "input");
__builder.AddAttribute(70, "value", global::Microsoft.AspNetCore.Components.BindConverter.FormatValue(
#nullable restore
Container1.Value
#line default
#line hidden
#nullable disable
));
__builder.AddAttribute(71, "onchange", global::Microsoft.AspNetCore.Components.EventCallback.Factory.CreateBinder(this, __value => Container1.Value = __value, Container1.Value));
__builder.SetUpdatesAttributeName("value");
__builder.CloseElement();
__builder.AddMarkupContent(72, "\n ");
__builder.OpenElement(73, "p");
__builder.AddContent(74, "Value from InputText: ");
__builder.AddContent(75,
#nullable restore
Container1.Value
#line default
#line hidden
#nullable disable
);
__builder.CloseElement();
__builder.AddMarkupContent(76, "\n ");
__builder.OpenElement(77, "p");
__builder.AddContent(78, "Raw value from InputText: ");
__builder.AddContent(79,
#nullable restore
new MarkupString(Container1.Value)
#line default
#line hidden
#nullable disable
);
__builder.CloseElement();
__builder.CloseElement();
__builder.AddMarkupContent(80, "\n\n<hr>\n\n");
__builder.OpenElement(81, "div");
__builder.AddMarkupContent(82, "<h3>Input component with custom event</h3>\n ");
__builder.OpenComponent<global::BlazorTest.Components.MyInput>(83);
__builder.AddComponentParameter(84, nameof(global::BlazorTest.Components.MyInput.
#nullable restore
Param1
#line default
#line hidden
#nullable disable
), global::Microsoft.AspNetCore.Components.CompilerServices.RuntimeHelpers.TypeCheck<global::System.String>(
#nullable restore
InputValue3
#line default
#line hidden
#nullable disable
));
__builder.AddComponentParameter(85, nameof(global::BlazorTest.Components.MyInput.
#nullable restore
ValueChanged
#line default
#line hidden
#nullable disable
), global::Microsoft.AspNetCore.Components.CompilerServices.RuntimeHelpers.TypeCheck<global::Microsoft.AspNetCore.Components.EventCallback<global::System.String>>(global::Microsoft.AspNetCore.Components.EventCallback.Factory.Create<global::System.String>(this,
#nullable restore
MyInputChanged
#line default
#line hidden
#nullable disable
)));
__builder.CloseComponent();
__builder.AddMarkupContent(86, "\n ");
__builder.OpenElement(87, "p");
__builder.AddContent(88, "Value from InputText: ");
__builder.AddContent(89,
#nullable restore
InputValue3
#line default
#line hidden
#nullable disable
);
__builder.CloseElement();
__builder.AddMarkupContent(90, "\n ");
__builder.OpenElement(91, "p");
__builder.AddContent(92, "Raw value from InputText: ");
__builder.AddContent(93,
#nullable restore
new MarkupString(InputValue3)
#line default
#line hidden
#nullable disable
);
__builder.CloseElement();
__builder.CloseElement();
__builder.AddMarkupContent(94, "\n\n<hr>\n\n");
__builder.OpenElement(95, "div");
__builder.AddMarkupContent(96, "<h3>Input component with binding</h3>\n ");
__builder.OpenComponent<global::BlazorTest.Components.MyInput>(97);
__builder.AddComponentParameter(98, nameof(global::BlazorTest.Components.MyInput.
#nullable restore
Param1
#line default
#line hidden
#nullable disable
), global::Microsoft.AspNetCore.Components.CompilerServices.RuntimeHelpers.TypeCheck<global::System.String>(
#nullable restore
InputValue4
#line default
#line hidden
#nullable disable
));
__builder.AddComponentParameter(99, nameof(global::BlazorTest.Components.MyInput.Param1Changed), global::Microsoft.AspNetCore.Components.CompilerServices.RuntimeHelpers.TypeCheck<global::Microsoft.AspNetCore.Components.EventCallback<global::System.String>>(global::Microsoft.AspNetCore.Components.EventCallback.Factory.Create<global::System.String>(this, global::Microsoft.AspNetCore.Components.CompilerServices.RuntimeHelpers.CreateInferredEventCallback(this, __value => InputValue4 = __value, InputValue4))));
__builder.CloseComponent();
__builder.AddMarkupContent(100, "\n ");
__builder.OpenElement(101, "p");
__builder.AddContent(102, "Value from InputText: ");
__builder.AddContent(103,
#nullable restore
InputValue4
#line default
#line hidden
#nullable disable
);
__builder.CloseElement();
__builder.AddMarkupContent(104, "\n ");
__builder.OpenElement(105, "p");
__builder.AddContent(106, "Raw value from InputText: ");
__builder.AddContent(107,
#nullable restore
new MarkupString(InputValue4)
#line default
#line hidden
#nullable disable
);
__builder.CloseElement();
__builder.CloseElement();
__builder.AddMarkupContent(108, "\n\n<hr>\n\n");
__builder.OpenElement(109, "div");
__builder.AddMarkupContent(110, "<h3>Input, Output components</h3>\n ");
__builder.OpenComponent<global::BlazorTest.Components.MyInput>(111);
__builder.AddComponentParameter(112, nameof(global::BlazorTest.Components.MyInput.
#nullable restore
Param1
#line default
#line hidden
#nullable disable
), global::Microsoft.AspNetCore.Components.CompilerServices.RuntimeHelpers.TypeCheck<global::System.String>(
#nullable restore
InputValue5
#line default
#line hidden
#nullable disable
));
__builder.AddComponentParameter(113, nameof(global::BlazorTest.Components.MyInput.Param1Changed), global::Microsoft.AspNetCore.Components.CompilerServices.RuntimeHelpers.TypeCheck<global::Microsoft.AspNetCore.Components.EventCallback<global::System.String>>(global::Microsoft.AspNetCore.Components.EventCallback.Factory.Create<global::System.String>(this, global::Microsoft.AspNetCore.Components.CompilerServices.RuntimeHelpers.CreateInferredEventCallback(this, __value => InputValue5 = __value, InputValue5))));
__builder.CloseComponent();
__builder.AddMarkupContent(114, "\n ");
__builder.OpenComponent<global::BlazorTest.Components.MyOutput>(115);
__builder.AddComponentParameter(116, nameof(global::BlazorTest.Components.MyOutput.
#nullable restore
Value
#line default
#line hidden
#nullable disable
), global::Microsoft.AspNetCore.Components.CompilerServices.RuntimeHelpers.TypeCheck<global::System.String>(
#nullable restore
InputValue5
#line default
#line hidden
#nullable disable
));
__builder.CloseComponent();
__builder.CloseElement();
__builder.AddMarkupContent(117, "\n\n<hr>\n\n");
__builder.OpenElement(118, "div");
__builder.AddMarkupContent(119, "<h3>Bind InputText, Output component</h3>\n ");
__builder.OpenComponent<global::Microsoft.AspNetCore.Components.Forms.InputText>(120);
__builder.AddComponentParameter(121, nameof(global::Microsoft.AspNetCore.Components.Forms.InputText.
#nullable restore
Value
#line default
#line hidden
#nullable disable
), global::Microsoft.AspNetCore.Components.CompilerServices.RuntimeHelpers.TypeCheck<global::System.String>(
#nullable restore
InputValue6
#line default
#line hidden
#nullable disable
));
__builder.AddComponentParameter(122, nameof(global::Microsoft.AspNetCore.Components.Forms.InputText.ValueChanged), global::Microsoft.AspNetCore.Components.CompilerServices.RuntimeHelpers.TypeCheck<global::Microsoft.AspNetCore.Components.EventCallback<global::System.String>>(global::Microsoft.AspNetCore.Components.EventCallback.Factory.Create<global::System.String>(this, global::Microsoft.AspNetCore.Components.CompilerServices.RuntimeHelpers.CreateInferredEventCallback(this, __value => InputValue6 = __value, InputValue6))));
__builder.AddComponentParameter(123, nameof(global::Microsoft.AspNetCore.Components.Forms.InputText.ValueExpression), global::Microsoft.AspNetCore.Components.CompilerServices.RuntimeHelpers.TypeCheck<global::System.Linq.Expressions.Expression<global::System.Func<global::System.String>>>(() => InputValue6));
__builder.CloseComponent();
__builder.AddMarkupContent(124, "\n ");
__builder.OpenComponent<global::BlazorTest.Components.MyOutput>(125);
__builder.AddComponentParameter(126, nameof(global::BlazorTest.Components.MyOutput.
#nullable restore
Value
#line default
#line hidden
#nullable disable
), global::Microsoft.AspNetCore.Components.CompilerServices.RuntimeHelpers.TypeCheck<global::System.String>(
#nullable restore
InputValue6
#line default
#line hidden
#nullable disable
));
__builder.CloseComponent();
__builder.CloseElement();
}
#pragma warning restore 1998
#nullable restore
public class Container
{
public string? Value { get; set; } = "";
}
private const string XssUrl = "<b>aaaa<%2Fb>";
private const string XssUrl2 = "<b>aaaa</b>";
[Parameter]
public string UrlParam { get; set; } = "";
[SupplyParameterFromQuery(Name = "qs")]
public string QueryParam { get; set; } = "";
public string InputValue1 { get; set; } = "";
public string InputValue2 { get; set; } = "";
public string InputValue3 { get; set; } = "";
public string InputValue4 { get; set; } = "";
public string InputValue5 { get; set; } = "";
public string InputValue6 { get; set; } = "";
public Container Container1 { get; set; } = new Container();
protected override void OnInitialized()
{
InputValue1 = XssUrl2;
InputValue2 = XssUrl2;
Container1.Value = XssUrl2;
InputValue3 = XssUrl2;
InputValue4 = XssUrl2;
InputValue5 = XssUrl2;
InputValue6 = XssUrl2;
}
private void MyInputChanged(string value)
{
InputValue3 = value;
}
#line default
#line hidden
#nullable disable
private sealed class __PrivateComponentRenderModeAttribute : global::Microsoft.AspNetCore.Components.RenderModeAttribute
{
private static global::Microsoft.AspNetCore.Components.IComponentRenderMode ModeImpl => InteractiveServer
;
public override global::Microsoft.AspNetCore.Components.IComponentRenderMode Mode => ModeImpl;
}
}
}
#pragma warning restore 1591

2
csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/options Normal file
View File

@@ -0,0 +1,2 @@
semmle-extractor-options: --load-sources-from-project:${testdir}/../../../../../resources/stubs/_frameworks/Microsoft.AspNetCore.App/Microsoft.AspNetCore.App.csproj
semmle-extractor-options: /nostdlib /noconfig

4
csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/remoteFlowSource.expected Normal file
View File

@@ -0,0 +1,4 @@
| Components_Pages_TestPage_razor.g.cs:126:1:126:8 | access to property UrlParam | ASP.NET Core component route parameter |
| Components_Pages_TestPage_razor.g.cs:138:15:138:22 | access to property UrlParam | ASP.NET Core component route parameter |
| Components_Pages_TestPage_razor.g.cs:176:1:176:10 | access to property QueryParam | external |
| Components_Pages_TestPage_razor.g.cs:188:18:188:27 | access to property QueryParam | external |

7
csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/remoteFlowSource.ql Normal file
View File

@@ -0,0 +1,7 @@
import semmle.code.csharp.security.dataflow.flowsources.Remote
from RemoteFlowSource source, File f
where
source.getLocation().getFile() = f and
f.fromSource()
select source, source.getSourceType()

1
docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.19.2.rst
View File

@@ -74,6 +74,7 @@ Golang
* Added member predicates :code:`StructTag.hasOwnFieldWithTag` and :code:`Field.getTag`, which enable CodeQL queries to examine struct field tags.
* Added member predicate :code:`InterfaceType.hasPrivateMethodWithQualifiedName`, which enables CodeQL queries to distinguish interfaces with matching non-exported method names that are declared in different packages, and are therefore incompatible.
* Local source models with the :code:`stdin` source kind have been added for the variable :code:`os.Stdin` and the functions :code:`fmt.Scan`, :code:`fmt.Scanf` and :code:`fmt.Scanln`. You can optionally include threat models as appropriate when using the CodeQL CLI and in GitHub code scanning. For more information, see `Analyzing your code with CodeQL queries <https://docs.github.com/code-security/codeql-cli/getting-started-with-the-codeql-cli/analyzing-your-code-with-codeql-queries#including-model-packs-to-add-potential-sources-of-tainted-data%3E>`__ and `Customizing your advanced setup for code scanning <https://docs.github.com/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#extending-codeql-coverage-with-threat-models>`__.
Python
""""""

8
docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.20.1.rst
View File

@@ -56,8 +56,8 @@ Python
* The Server Side Template Injection query (:code:`py/template-injection`), originally contributed to the experimental query pack by @porcupineyhairs, has been promoted to the main query suite. This query finds instances of templates for a template engine such as Jinja being constructed with user input.
Actions
"""""""
GitHub Actions
""""""""""""""
* Initial public preview release
@@ -149,8 +149,8 @@ Python
* Added support for parameter annotations in API graphs. This means that in a function definition such as :code:`def foo(x: Bar): ...`, you can now use the :code:`getInstanceFromAnnotation()` method to step from :code:`Bar` to :code:`x`. In addition to this, the :code:`getAnInstance` method now also includes instances arising from parameter annotations.
Actions
"""""""
GitHub Actions
""""""""""""""
* Initial public preview release

223
docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.20.4.rst Normal file
View File

@@ -0,0 +1,223 @@
.. _codeql-cli-2.20.4:
==========================
CodeQL 2.20.4 (2025-02-06)
==========================
.. contents:: Contents
:depth: 2
:local:
:backlinks: none
This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog <https://github.blog/tag/code-scanning/>`__, `relevant GitHub Changelog updates <https://github.blog/changelog/label/code-scanning/>`__, `changes in the CodeQL extension for Visual Studio Code <https://marketplace.visualstudio.com/items/GitHub.vscode-codeql/changelog>`__, and the `CodeQL Action changelog <https://github.com/github/codeql-action/blob/main/CHANGELOG.md>`__.
Security Coverage
-----------------
CodeQL 2.20.4 runs a total of 454 security queries when configured with the Default suite (covering 168 CWE). The Extended suite enables an additional 128 queries (covering 34 more CWE).
CodeQL CLI
----------
Bug Fixes
~~~~~~~~~
* Fixed a bug where CodeQL for Java would fail with an SSL exception while trying to download :code:`maven`.
New Features
~~~~~~~~~~~~
* Using the :code:`actions` language (for analysis of GitHub Actions workflows) no longer requires the :code:`CODEQL_ENABLE_EXPERIMENTAL_FEATURES` environment variable to be set. Support for analysis of GitHub Actions workflows remains in public preview.
Miscellaneous
~~~~~~~~~~~~~
* The build of the `logback-core <https://logback.qos.ch/>`__ library that is used for logging in the CodeQL CLI has been updated to version 1.3.15.
Query Packs
-----------
Bug Fixes
~~~~~~~~~
JavaScript/TypeScript
"""""""""""""""""""""
* Fixed a bug that would occur when TypeScript code was found in an HTML-like file, such as a :code:`.vue` file,
but where it could not be associated with any :code:`tsconfig.json` file. Previously the embedded code was not extracted in this case, but should now be extracted properly.
Major Analysis Improvements
~~~~~~~~~~~~~~~~~~~~~~~~~~~
JavaScript/TypeScript
"""""""""""""""""""""
* Improved support for NestJS applications that make use of dependency injection with custom providers.
Calls to methods on an injected service should now be resolved properly.
* TypeScript extraction is now better at analyzing projects where the main :code:`tsconfig.json` file does not include any source files, but references other :code:`tsconfig.json`\ -like files that do include source files.
* The :code:`js/incorrect-suffix-check` query now recognises some good patterns of the form :code:`origin.indexOf("." + allowedOrigin)` that were previously falsely flagged.
* Added a new threat model kind called :code:`view-component-input`, which can enabled with `advanced setup <https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#extending-codeql-coverage-with-threat-models>`__.
When enabled, all React props, Vue props, and input fields in an Angular component are seen as taint sources, even if none of the corresponding instantiation sites appear to pass in a tainted value.
Some users may prefer this as a "defense in depth" option but note that it may result in false positives.
Regardless of whether the threat model is enabled, CodeQL will propagate taint from the instantiation sites of such components into the components themselves.
Minor Analysis Improvements
~~~~~~~~~~~~~~~~~~~~~~~~~~~
C/C++
"""""
* The "Wrong type of arguments to formatting function" query (:code:`cpp/wrong-type-format-argument`) now produces fewer FPs if the formatting function has multiple definitions.
* The "Call to memory access function may overflow buffer" query (:code:`cpp/overflow-buffer`) now produces fewer FPs involving non-static member variables.
C#
""
* All *experimental* queries have been deprecated. The queries are instead available as part of the *default* query suite in `CodeQL-Community-Packs <https://github.com/GitHubSecurityLab/CodeQL-Community-Packs>`__.
Java/Kotlin
"""""""""""
* All *experimental* queries have been deprecated. The queries are instead available as part of the *default* query suite in `CodeQL-Community-Packs <https://github.com/GitHubSecurityLab/CodeQL-Community-Packs>`__.
Language Libraries
------------------
Bug Fixes
~~~~~~~~~
GitHub Actions
""""""""""""""
* Fixed data for vulnerable versions of :code:`actions/download-artifact` and :code:`rlespinasse/github-slug-action` (following GHSA-cxww-7g56-2vh6 and GHSA-6q4m-7476-932w).
* Improved :code:`untrustedGhCommandDataModel` regex for :code:`gh pr view` and Bash taint analysis in GitHub Actions.
Breaking Changes
~~~~~~~~~~~~~~~~
C/C++
"""""
* Deleted the deprecated :code:`getAllocatorCall` predicate from :code:`DeleteOrDeleteArrayExpr`, use :code:`getDeallocatorCall` instead.
C#
""
* Deleted the deprecated :code:`getInstanceType` predicate from the :code:`UnboundGenericType` class.
* Deleted the deprecated :code:`getElement` predicate from the :code:`Node` class in :code:`ControlFlowGraph.qll`, use :code:`getAstNode` instead.
Golang
""""""
* Deleted the deprecated :code:`describeBitSize` predicate from :code:`IncorrectIntegerConversionLib.qll`
Java/Kotlin
"""""""""""
* Deleted the deprecated :code:`isLValue` and :code:`isRValue` predicates from the :code:`VarAccess` class, use :code:`isVarWrite` and :code:`isVarRead` respectively instead.
* Deleted the deprecated :code:`getRhs` predicate from the :code:`VarWrite` class, use :code:`getASource` instead.
* Deleted the deprecated :code:`LValue` and :code:`RValue` classes, use :code:`VarWrite` and :code:`VarRead` respectively instead.
* Deleted a lot of deprecated classes ending in ``*Access``, use the corresponding ``*Call`` classes instead.
* Deleted a lot of deprecated predicates ending in ``*Access``, use the corresponding ``*Call`` predicates instead.
* Deleted the deprecated :code:`EnvInput` and :code:`DatabaseInput` classes from :code:`FlowSources.qll`, use the threat models feature instead.
* Deleted some deprecated API predicates from :code:`SensitiveApi.qll`, use the Sink classes from that file instead.
Python
""""""
* Deleted the old deprecated TypeTracking library.
* Deleted the deprecated :code:`classRef` predicate from the :code:`FieldStorage` module, use :code:`subclassRef` instead.
* Deleted a lot of deprecated modules and predicates from :code:`Stdlib.qll`, use API-graphs directly instead.
Ruby
""""
* Deleted the deprecated :code:`getCallNode` predicate from :code:`API::Node`, use :code:`asCall()` instead.
* Deleted the deprecated :code:`getASubclass`, :code:`getAnImmediateSubclass`, :code:`getASuccessor`, :code:`getAPredecessor`, :code:`getASuccessor`, :code:`getDepth`, and :code:`getPath` predicates from :code:`API::Node`.
* Deleted the deprecated :code:`Root`, :code:`Use`, and :code:`Def` classes from :code:`ApiGraphs.qll`.
* Deleted the deprecated :code:`Label` module from :code:`ApiGraphs.qll`.
* Deleted the deprecated :code:`getAUse`, :code:`getAnImmediateUse`, :code:`getARhs`, and :code:`getAValueReachingRhs` predicates from :code:`API::Node`, use :code:`getAValueReachableFromSource`, :code:`asSource`, :code:`asSink`, and :code:`getAValueReachingSink` instead.
* Deleted the deprecated :code:`getAVariable` predicate from the :code:`ExprNode` class, use :code:`getVariable` instead.
* Deleted the deprecated :code:`getAPotentialFieldAccessMethod` predicate from the :code:`ActiveRecordModelClass` class.
* Deleted the deprecated :code:`ActiveRecordModelClassMethodCall` class from :code:`ActiveRecord.qll`, use :code:`ActiveRecordModelClass.getClassNode().trackModule().getMethod()` instead.
* Deleted the deprecated :code:`PotentiallyUnsafeSqlExecutingMethodCall` class from :code:`ActiveRecord.qll`, use the :code:`SqlExecution` concept instead.
* Deleted the deprecated :code:`ModelClass` and :code:`ModelInstance` classes from :code:`ActiveResource.qll`, use :code:`ModelClassNode` and :code:`ModelClassNode.getAnInstanceReference()` instead.
* Deleted the deprecated :code:`Collection` class from :code:`ActiveResource.qll`, use :code:`CollectionSource` instead.
* Deleted the deprecated :code:`ServiceInstantiation` and :code:`ClientInstantiation` classes from :code:`Twirp.qll`.
* Deleted a lot of deprecated dataflow modules from ``*Query.qll`` files.
* Deleted the old deprecated TypeTracking library.
Swift
"""""
* Deleted the deprecated :code:`ArrayContent` class from the dataflow library, use :code:`CollectionContent` instead.
* Deleted the deprecated :code:`getOptionsInput`, :code:`getRegexInput`, and :code:`getStringInput` predicates from the regexp library, use :code:`getAnOptionsInput`, :code:`getRegexInputNode`, and :code:`getStringInputNode` instead.
Major Analysis Improvements
~~~~~~~~~~~~~~~~~~~~~~~~~~~
JavaScript/TypeScript
"""""""""""""""""""""
* Added new XSS sink where :code:`innerHTML` or :code:`outerHTML` is assigned to with the Angular Renderer2 API, plus modeled this API as a general attribute setter
Minor Analysis Improvements
~~~~~~~~~~~~~~~~~~~~~~~~~~~
C#
""
* C# 13: Added MaD models for some overload implementations using :code:`ReadOnlySpan` parameters (like :code:`String.Format(System.String, System.ReadOnlySpan<System.Object>))`).
* C# 13: Added support for the overload resolution priority attribute (:code:`OverloadResolutionPriority`). Usages of the attribute and the corresponding priority can be found using the QL class :code:`SystemRuntimeCompilerServicesOverloadResolutionPriorityAttribute`.
* C# 13: Added support for partial properties and indexers.
Golang
""""""
* Models-as-data models using "Parameter", "Parameter[n]" or "Parameter[n1..n2]" as the output now work correctly.
* By implementing :code:`ImplicitFieldReadNode` it is now possible to declare a dataflow node that reads any content (fields, array members, map keys and values). For example, this is appropriate for modelling a serialization method that flattens a potentially deep data structure into a string or byte array.
* The :code:`Template.Execute[Template]` methods of the :code:`text/template` package now correctly convey taint from any nested fields to their result. This may produce more results from any taint-tracking query when the :code:`text/template` package is in use.
* Added the `rs cors <https://github.com/rs/cors>`__ library to the CorsMisconfiguration.ql query
Java/Kotlin
"""""""""""
* We now allow classes which don't have any JAX-RS annotations to inherit JAX-RS annotations from superclasses or interfaces. This is not allowed in the JAX-RS specification, but some implementations, like Apache CXF, allow it. This may lead to more alerts being found.
Python
""""""
* Additional data flow models for the builtin functions :code:`map`, :code:`filter`, :code:`zip`, and :code:`enumerate` have been added.
New Features
~~~~~~~~~~~~
C/C++
"""""
* A new predicate :code:`getOffsetInClass` was added to the :code:`Field` class, which computes the byte offset of a field relative to a given :code:`Class`.
* New classes :code:`PreprocessorElifdef` and :code:`PreprocessorElifndef` were introduced, which represents the C23/C++23 :code:`#elifdef` and :code:`#elifndef` preprocessor directives.
* A new class :code:`TypeLibraryImport` was introduced, which represents the :code:`#import` preprocessor directive as used by the Microsoft Visual C++ for importing type libraries.
Shared Libraries
----------------
Breaking Changes
~~~~~~~~~~~~~~~~
Dataflow Analysis
"""""""""""""""""
* Deleted the deprecated :code:`Make` and :code:`MakeWithState` modules, use :code:`Global` and :code:`GlobalWithState` instead.
* Deleted the deprecated :code:`hasFlow`, :code:`hasFlowPath`, :code:`hasFlowTo`, and :code:`hasFlowToExpr` predicates, use :code:`flow`, :code:`flowPath`, :code:`flowTo`, and :code:`flowToExpr` respectively instead.
Control Flow Analysis
"""""""""""""""""""""
* Added a basic block construction as part of the library. This is currently considered an internal unstable API. The input signature to the control flow graph now requires two additional predicates: :code:`idOfAstNode` and
:code:`idOfCfgScope`.
Type Trackers
"""""""""""""
* Deleted the deprecated :code:`ConsistencyChecks` module.

1
docs/codeql/codeql-overview/codeql-changelog/index.rst
View File

@@ -11,6 +11,7 @@ A list of queries for each suite and language `is available here <https://docs.g
.. toctree::
:maxdepth: 1
codeql-cli-2.20.4
codeql-cli-2.20.3
codeql-cli-2.20.2
codeql-cli-2.20.1

2
docs/codeql/ql-language-reference/modules.rst
View File

@@ -444,7 +444,7 @@ The other built-in operations are:
* bitwise operations: ``.bitAnd(BigInt)``, ``.bitOr(BigInt)``,
``.bitXor(BigInt)``, ``.bitShiftLeft(int)``, ``.bitShiftRightSigned(int)``,
``.bitNot()``, ``.bitLength()``,
* aggregates: ``min``, ``max``, (``strict``)\ ``sum``, (``strict``)\ ``count``, ``avg``,
* aggregates: ``min``, ``max``, (``strict``)\ ``sum``, (``strict``)\ ``count``,
``rank``, ``unique``, ``any``.
* other: ``.pow(int)``, ``.abs()``, ``.gcd(BigInt)``, ``.minimum(BigInt)``,
``.maximum(BigInt)``.

5
docs/codeql/ql-language-reference/ql-language-specification.rst
View File

@@ -1445,7 +1445,8 @@ The number and types of the aggregation expressions are restricted as follows:
- A ``max``, ``min``, ``rank`` or ``unique`` aggregation must have a single expression.
- The type of the expression in a ``max``, ``min`` or ``rank`` aggregation without an ordering directive expression must be an orderable type.
- A ``count`` or ``strictcount`` aggregation must not have an expression.
- A ``sum``, ``strictsum`` or ``avg`` aggregation must have a single aggregation expression, which must have a type which is a subtype of ``float`` or ``QlBuiltins::BigInt``.
- A ``sum`` or ``strictsum`` aggregation must have a single aggregation expression, which must have a type which is a subtype of ``float`` or ``QlBuiltins::BigInt``.
- An ``avg`` aggregation must have a single aggregation expression, which must have a type which is a subtype of ``float``.
- A ``concat`` or ``strictconcat`` aggregation must have two expressions. Both expressions must have types which are subtypes of ``string``.
The type of a ``count``, ``strictcount`` aggregation is ``int``. The type of an ``avg`` aggregation is ``float``. The type of a ``concat`` or ``strictconcat`` aggregation is ``string``. The type of a ``sum`` or ``strictsum`` aggregation is ``int`` if the aggregation expression is a subtype of ``int``; otherwise it is ``QlBuiltins::BigInt`` if the aggregation expression is a subtype of ``QlBuiltins::BigInt``; otherwise it is ``float``. The type of a ``rank``, ``min`` or ``max`` aggregation is the type of the single expression.
@@ -1464,7 +1465,7 @@ If the aggregation id is ``max``, ``min`` or ``rank`` and there was no ordering
The values of the aggregation expression are given by applying the aggregation function to each set of tuples obtained by picking exactly one aggregation tuple for each range tuple.
- If the aggregation id is ``avg``, and the set is non-empty, then the resulting value is the average of the value for the aggregation variable in each tuple in the set, weighted by the number of tuples in the set, after converting the value to its appropriate base type of ``float`` or ``QlBuiltins::BigInt``, then converting the final result to ``float``.
- If the aggregation id is ``avg``, and the set is non-empty, then the resulting value is the average of the aggregation variable's value in each tuple in the set, converted to ``float`` and weighted by the number of tuples in the set.
- If the aggregation id is ``count``, then the resulting value is the number of tuples in the set. If there are no tuples in the set, then the value is the integer ``0``.

2
docs/codeql/reusables/supported-versions-compilers.rst
View File

@@ -24,7 +24,7 @@
JavaScript,ECMAScript 2022 or lower,Not applicable,"``.js``, ``.jsx``, ``.mjs``, ``.es``, ``.es6``, ``.htm``, ``.html``, ``.xhtm``, ``.xhtml``, ``.vue``, ``.hbs``, ``.ejs``, ``.njk``, ``.json``, ``.yaml``, ``.yml``, ``.raml``, ``.xml`` [7]_"
Python [8]_,"2.7, 3.5, 3.6, 3.7, 3.8, 3.9, 3.10, 3.11, 3.12, 3.13",Not applicable,``.py``
Ruby [9]_,"up to 3.3",Not applicable,"``.rb``, ``.erb``, ``.gemspec``, ``Gemfile``"
Swift [10]_,"Swift 5.4-5.10","Swift compiler","``.swift``"
Swift [10]_,"Swift 5.4-6.0","Swift compiler","``.swift``"
TypeScript [11]_,"2.6-5.7",Standard TypeScript compiler,"``.ts``, ``.tsx``, ``.mts``, ``.cts``"
.. container:: footnote-group

2
go/extractor/go.mod
View File

@@ -9,7 +9,7 @@ toolchain go1.23.1
// when adding or removing dependencies, run
// bazel mod tidy
require (
golang.org/x/mod v0.22.0
golang.org/x/mod v0.23.0
golang.org/x/tools v0.29.0
)

4
go/extractor/go.sum
View File

@@ -1,7 +1,7 @@
github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
golang.org/x/mod v0.22.0 h1:D4nJWe9zXqHOmWqj4VMOJhvzj7bEZg4wEYa759z1pH4=
golang.org/x/mod v0.22.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
golang.org/x/mod v0.23.0 h1:Zb7khfcRGKk+kqfxFaP5tZqCnDZMjC5VtUBs87Hr6QM=
golang.org/x/mod v0.23.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
golang.org/x/tools v0.29.0 h1:Xx0h3TtM9rzQpQuR4dKLrdglAmCEN5Oi+P74JdhdzXE=

9
go/ql/src/codeql-suites/go-ccr.qls Normal file
View File

@@ -0,0 +1,9 @@
- queries: .
- include:
id:
- go/unhandled-writable-file-close
- go/unexpected-nil-value
- go/negative-length-check
- go/redundant-recover
- go/missing-error-check
- go/index-out-of-bounds

28
java/ql/integration-tests/java/buildless-maven-existing-settings-xml/maven-fetches.expected
View File

@@ -11,23 +11,23 @@ Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferst
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/jackson-bom/2.14.1/jackson-bom-2.14.1.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/jackson-parent/2.14/jackson-parent-2.14.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/oss-parent/48/oss-parent-48.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/github/ferstl/depgraph-maven-plugin/4.0.3/depgraph-maven-plugin-4.0.3.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/github/ferstl/depgraph-maven-plugin/4.0.3/depgraph-maven-plugin-4.0.3.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/github/ferstl/depgraph-maven-plugin/4.0.3-CodeQL/depgraph-maven-plugin-4.0.3-CodeQL.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/github/ferstl/depgraph-maven-plugin/4.0.3-CodeQL/depgraph-maven-plugin-4.0.3-CodeQL.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/errorprone/error_prone_annotations/2.11.0/error_prone_annotations-2.11.0.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/errorprone/error_prone_annotations/2.11.0/error_prone_annotations-2.11.0.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/errorprone/error_prone_parent/2.11.0/error_prone_parent-2.11.0.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/errorprone/error_prone_annotations/2.36.0/error_prone_annotations-2.36.0.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/errorprone/error_prone_annotations/2.36.0/error_prone_annotations-2.36.0.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/errorprone/error_prone_parent/2.36.0/error_prone_parent-2.36.0.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/guava/failureaccess/1.0.2/failureaccess-1.0.2.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/guava/failureaccess/1.0.2/failureaccess-1.0.2.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/guava/guava-parent/26.0-android/guava-parent-26.0-android.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/guava/guava-parent/31.1-jre/guava-parent-31.1-jre.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/guava/guava/31.1-jre/guava-31.1-jre.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/guava/guava/31.1-jre/guava-31.1-jre.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/guava/guava-parent/33.4.0-jre/guava-parent-33.4.0-jre.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/guava/guava/33.4.0-jre/guava-33.4.0-jre.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/guava/guava/33.4.0-jre/guava-33.4.0-jre.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/j2objc/j2objc-annotations/3.0.0/j2objc-annotations-3.0.0.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/j2objc/j2objc-annotations/3.0.0/j2objc-annotations-3.0.0.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/javax/annotation/javax.annotation-api/1.2/javax.annotation-api-1.2.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/javax/annotation/javax.annotation-api/1.2/javax.annotation-api-1.2.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/net/java/jvnet-parent/3/jvnet-parent-3.pom
@@ -49,8 +49,8 @@ Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferst
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/shared/maven-common-artifact-filters/3.3.2/maven-common-artifact-filters-3.3.2.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/shared/maven-common-artifact-filters/3.3.2/maven-common-artifact-filters-3.3.2.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/shared/maven-shared-components/37/maven-shared-components-37.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/checkerframework/checker-qual/3.12.0/checker-qual-3.12.0.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/checkerframework/checker-qual/3.12.0/checker-qual-3.12.0.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/checkerframework/checker-qual/3.43.0/checker-qual-3.43.0.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/checkerframework/checker-qual/3.43.0/checker-qual-3.43.0.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-classworlds/2.5.2/plexus-classworlds-2.5.2.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-classworlds/2.6.0/plexus-classworlds-2.6.0.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-classworlds/2.6.0/plexus-classworlds-2.6.0.pom

2
java/ql/integration-tests/java/buildless-maven-timeout/diagnostics.expected
View File

@@ -83,7 +83,7 @@
}
}
{
"markdownMessage": "Running the Maven plugin `com.github.ferstl:depgraph-maven-plugin:4.0.3:graph` failed. This means precise dependency information will be unavailable, and so dependencies will be guessed based on Java package names. Consider investigating why this plugin fails to run.",
"markdownMessage": "Running the Maven plugin `com.github.ferstl:depgraph-maven-plugin:4.0.3-CodeQL:graph` failed. This means precise dependency information will be unavailable, and so dependencies will be guessed based on Java package names. Consider investigating why this plugin fails to run.",
"severity": "note",
"source": {
"extractorName": "java",

2
java/ql/integration-tests/java/buildless-maven-tolerate-unavailable-dependency/diagnostics.expected
View File

@@ -97,7 +97,7 @@
}
}
{
"markdownMessage": "Running the Maven plugin `com.github.ferstl:depgraph-maven-plugin:4.0.3:graph` yielded an artifact transfer exception. This means some dependency information will be unavailable, and so some dependencies will be guessed based on Java package names. Consider investigating why this plugin encountered errors retrieving dependencies.",
"markdownMessage": "Running the Maven plugin `com.github.ferstl:depgraph-maven-plugin:4.0.3-CodeQL:graph` yielded an artifact transfer exception. This means some dependency information will be unavailable, and so some dependencies will be guessed based on Java package names. Consider investigating why this plugin encountered errors retrieving dependencies.",
"severity": "note",
"source": {
"extractorName": "java",

28
java/ql/integration-tests/java/buildless-maven/maven-fetches.expected
View File

@@ -11,23 +11,23 @@ Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferst
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/jackson-bom/2.14.1/jackson-bom-2.14.1.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/jackson-parent/2.14/jackson-parent-2.14.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/oss-parent/48/oss-parent-48.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/github/ferstl/depgraph-maven-plugin/4.0.3/depgraph-maven-plugin-4.0.3.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/github/ferstl/depgraph-maven-plugin/4.0.3/depgraph-maven-plugin-4.0.3.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/github/ferstl/depgraph-maven-plugin/4.0.3-CodeQL/depgraph-maven-plugin-4.0.3-CodeQL.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/github/ferstl/depgraph-maven-plugin/4.0.3-CodeQL/depgraph-maven-plugin-4.0.3-CodeQL.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/errorprone/error_prone_annotations/2.11.0/error_prone_annotations-2.11.0.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/errorprone/error_prone_annotations/2.11.0/error_prone_annotations-2.11.0.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/errorprone/error_prone_parent/2.11.0/error_prone_parent-2.11.0.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/errorprone/error_prone_annotations/2.36.0/error_prone_annotations-2.36.0.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/errorprone/error_prone_annotations/2.36.0/error_prone_annotations-2.36.0.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/errorprone/error_prone_parent/2.36.0/error_prone_parent-2.36.0.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/guava/failureaccess/1.0.2/failureaccess-1.0.2.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/guava/failureaccess/1.0.2/failureaccess-1.0.2.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/guava/guava-parent/26.0-android/guava-parent-26.0-android.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/guava/guava-parent/31.1-jre/guava-parent-31.1-jre.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/guava/guava/31.1-jre/guava-31.1-jre.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/guava/guava/31.1-jre/guava-31.1-jre.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/guava/guava-parent/33.4.0-jre/guava-parent-33.4.0-jre.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/guava/guava/33.4.0-jre/guava-33.4.0-jre.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/guava/guava/33.4.0-jre/guava-33.4.0-jre.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/j2objc/j2objc-annotations/3.0.0/j2objc-annotations-3.0.0.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/j2objc/j2objc-annotations/3.0.0/j2objc-annotations-3.0.0.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/javax/annotation/javax.annotation-api/1.2/javax.annotation-api-1.2.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/javax/annotation/javax.annotation-api/1.2/javax.annotation-api-1.2.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/net/java/jvnet-parent/3/jvnet-parent-3.pom
@@ -49,8 +49,8 @@ Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferst
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/shared/maven-common-artifact-filters/3.3.2/maven-common-artifact-filters-3.3.2.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/shared/maven-common-artifact-filters/3.3.2/maven-common-artifact-filters-3.3.2.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/shared/maven-shared-components/37/maven-shared-components-37.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/checkerframework/checker-qual/3.12.0/checker-qual-3.12.0.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/checkerframework/checker-qual/3.12.0/checker-qual-3.12.0.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/checkerframework/checker-qual/3.43.0/checker-qual-3.43.0.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/checkerframework/checker-qual/3.43.0/checker-qual-3.43.0.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-classworlds/2.5.2/plexus-classworlds-2.5.2.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-classworlds/2.6.0/plexus-classworlds-2.6.0.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-classworlds/2.6.0/plexus-classworlds-2.6.0.pom

28
java/ql/src/Telemetry/DatabaseQuality.qll
View File

@@ -4,33 +4,7 @@
*/
import java
signature module StatsSig {
int getNumberOfOk();
int getNumberOfNotOk();
string getOkText();
string getNotOkText();
}
module ReportStats<StatsSig Stats> {
predicate numberOfOk(string key, int value) {
value = Stats::getNumberOfOk() and
key = "Number of " + Stats::getOkText()
}
predicate numberOfNotOk(string key, int value) {
value = Stats::getNumberOfNotOk() and
key = "Number of " + Stats::getNotOkText()
}
predicate percentageOfOk(string key, float value) {
value = Stats::getNumberOfOk() * 100.0 / (Stats::getNumberOfOk() + Stats::getNumberOfNotOk()) and
key = "Percentage of " + Stats::getOkText()
}
}
import codeql.util.ReportStats
module CallTargetStats implements StatsSig {
int getNumberOfOk() { result = count(Call c | exists(c.getCallee())) }

1
java/ql/src/codeql-suites/java-ccr.qls Normal file
View File

@@ -0,0 +1 @@
[]

21
javascript/extractor/src/com/semmle/js/extractor/CFGExtractor.java
View File

@@ -586,14 +586,6 @@ public class CFGExtractor {
public static List<Identifier> of(Program p) {
return of(p.getBody());
}
public static List<Identifier> of(IFunction fn) {
Node body = fn.getBody();
if (body instanceof BlockStatement) return of(((BlockStatement) body).getBody());
// if the body of the function is missing or is an expression, then there are
// no hoisted functions
return Collections.emptyList();
}
}
/**
@@ -1096,8 +1088,6 @@ public class CFGExtractor {
if (nd.hasRest()) paramsAndDefaults.add((Expression) nd.getRest());
Node entry = getEntryNode(nd);
List<Identifier> fns = HoistedFunDecls.of(nd);
hoistedFns.addAll(fns);
// if this is the constructor of a class without a superclass, we need to
// initialise all fields before running the body of the constructor
@@ -1117,7 +1107,7 @@ public class CFGExtractor {
if (firstField != null) fst = Collections.singleton(First.of(firstField));
fst =
visitSequence(
nd instanceof FunctionDeclaration ? null : nd.getId(), paramsAndDefaults, fns, fst);
nd instanceof FunctionDeclaration ? null : nd.getId(), paramsAndDefaults, fst);
writeSuccessors(entry, fst);
this.ctxt.pop();
@@ -1255,9 +1245,12 @@ public class CFGExtractor {
@Override
public Void visit(BlockStatement nd, SuccessorInfo i) {
if (nd.getBody().isEmpty()) writeSuccessors(nd, i.getAllSuccessors());
else writeSuccessor(nd, First.of(nd.getBody().get(0)));
visitSequence(nd.getBody(), i.getAllSuccessors());
// Hoist function declarations in a block statement to the top of the block.
// This reflects non-standard behaviour implemented by most engines.
// See also: ECMAScript "B.3.2 Block-Level Function Declarations Web Legacy Compatibility Semantics".
List<Identifier> hoisted = HoistedFunDecls.of(nd.getBody());
hoistedFns.addAll(hoisted);
writeSuccessors(nd, visitSequence(hoisted, nd.getBody(), i.getAllSuccessors()));
return null;
}

2
javascript/extractor/src/com/semmle/js/extractor/Main.java
View File

@@ -42,7 +42,7 @@ public class Main {
* A version identifier that should be updated every time the extractor changes in such a way that
* it may produce different tuples for the same file under the same {@link ExtractorConfig}.
*/
public static final String EXTRACTOR_VERSION = "2025-01-21";
public static final String EXTRACTOR_VERSION = "2025-02-03";
public static final Pattern NEWLINE = Pattern.compile("\n");

2
javascript/extractor/tests/cfg/output/trap/classexpr3.js.trap
View File

@@ -163,12 +163,12 @@ hasLocation(#20044,#20028)
#20045=*
exit_cfg_node(#20045,#20030)
hasLocation(#20045,#20028)
successor(#20035,#20036)
successor(#20036,#20038)
successor(#20040,#20039)
successor(#20039,#20037)
successor(#20038,#20040)
successor(#20037,#20045)
successor(#20035,#20036)
successor(#20033,#20035)
successor(#20044,#20033)
successor(#20029,#20030)

2
javascript/extractor/tests/cfg/output/trap/classexpr4.js.trap
View File

@@ -184,12 +184,12 @@ hasLocation(#20050,#20034)
#20051=*
exit_cfg_node(#20051,#20036)
hasLocation(#20051,#20034)
successor(#20041,#20042)
successor(#20042,#20044)
successor(#20046,#20045)
successor(#20045,#20043)
successor(#20044,#20046)
successor(#20043,#20051)
successor(#20041,#20042)
successor(#20039,#20041)
successor(#20050,#20039)
successor(#20035,#20036)

4
javascript/extractor/tests/cfg/output/trap/fields.js.trap
View File

@@ -671,7 +671,6 @@ exit_cfg_node(#20215,#20188)
#20216=@"loc,{#10000},16,4,16,3"
locations_default(#20216,#10000,16,4,16,3)
hasLocation(#20215,#20216)
successor(#20192,#20194)
successor(#20203,#20205)
successor(#20205,#20215)
successor(#20198,#20202)
@@ -680,6 +679,7 @@ successor(#20207,#20203)
successor(#20200,#20209)
successor(#20194,#20196)
successor(#20196,#20198)
successor(#20192,#20194)
successor(#20213,#20192)
successor(#20187,#20188)
successor(#20185,#20180)
@@ -729,9 +729,9 @@ exit_cfg_node(#20227,#20146)
#20228=@"loc,{#10000},4,4,4,3"
locations_default(#20228,#10000,4,4,4,3)
hasLocation(#20227,#20228)
successor(#20150,#20152)
successor(#20152,#20154)
successor(#20154,#20227)
successor(#20150,#20152)
successor(#20225,#20158)
successor(#20145,#20146)
successor(#20143,#20164)

10
javascript/extractor/tests/cfg/output/trap/tst.js.trap
View File

@@ -1425,30 +1425,30 @@ successor(#20455,#20457)
successor(#20457,#20461)
successor(#20432,#20434)
successor(#20434,#20436)
successor(#20436,#20438)
successor(#20438,#20442)
successor(#20442,#20440)
successor(#20440,#20443)
successor(#20436,#20438)
successor(#20414,#20416)
successor(#20416,#20420)
successor(#20420,#20418)
successor(#20418,#20422)
successor(#20418,#20432)
successor(#20424,#20418)
successor(#20422,#20424)
successor(#20416,#20420)
successor(#20425,#20429)
successor(#20430,#20432)
successor(#20429,#20430)
successor(#20392,#20394)
successor(#20394,#20412)
successor(#20396,#20400)
successor(#20401,#20403)
successor(#20403,#20409)
successor(#20411,#20407)
successor(#20409,#20411)
successor(#20407,#20412)
successor(#20407,#20405)
successor(#20405,#20412)
successor(#20401,#20403)
successor(#20400,#20401)
successor(#20412,#20414)
successor(#20371,#20392)
@@ -1462,7 +1462,6 @@ exit_cfg_node(#20468,#20371)
#20469=@"loc,{#10000},18,2,18,1"
locations_default(#20469,#10000,18,2,18,1)
hasLocation(#20468,#20469)
successor(#20379,#20383)
successor(#20383,#20381)
successor(#20381,#20384)
successor(#20381,#20468)
@@ -1481,6 +1480,7 @@ successor(#20391,#20381)
successor(#20384,#20387)
successor(#20387,#20386)
successor(#20386,#20388)
successor(#20379,#20383)
successor(#20377,#20379)
successor(#20466,#20377)
successor(#20365,#20367)
@@ -1504,7 +1504,6 @@ exit_cfg_node(#20475,#20322)
#20476=@"loc,{#10000},10,2,10,1"
locations_default(#20476,#10000,10,2,10,1)
hasLocation(#20475,#20476)
successor(#20328,#20330)
successor(#20356,#20358)
successor(#20358,#20359)
successor(#20359,#20361)
@@ -1539,6 +1538,7 @@ successor(#20330,#20334)
successor(#20335,#20332)
successor(#20334,#20335)
successor(#20332,#20336)
successor(#20328,#20330)
successor(#20474,#20328)
successor(#20373,#20322)
successor(#20324,#20373)

2
javascript/extractor/tests/es2015/output/trap/array_pattern_with_rest.js.trap
View File

@@ -235,7 +235,6 @@ hasLocation(#20074,#20072)
#20075=*
exit_cfg_node(#20075,#20051)
hasLocation(#20075,#20048)
successor(#20058,#20060)
successor(#20070,#20068)
successor(#20068,#20075)
successor(#20060,#20067)
@@ -243,6 +242,7 @@ successor(#20064,#20066)
successor(#20066,#20062)
successor(#20067,#20064)
successor(#20062,#20070)
successor(#20058,#20060)
successor(#20056,#20058)
successor(#20074,#20056)
successor(#20052,#20051)

2
javascript/extractor/tests/es2015/output/trap/arrowfn.js.trap
View File

@@ -509,11 +509,11 @@ exit_cfg_node(#20163,#20143)
#20164=@"loc,{#10000},3,40,3,39"
locations_default(#20164,#10000,3,40,3,39)
hasLocation(#20163,#20164)
successor(#20146,#20148)
successor(#20148,#20152)
successor(#20154,#20150)
successor(#20152,#20154)
successor(#20150,#20163)
successor(#20146,#20148)
successor(#20161,#20146)
successor(#20141,#20143)
successor(#20139,#20160)

4
javascript/extractor/tests/es2015/output/trap/class_accessors.js.trap
View File

@@ -434,7 +434,6 @@ exit_cfg_node(#20134,#20101)
#20135=@"loc,{#10000},7,4,7,3"
locations_default(#20135,#10000,7,4,7,3)
hasLocation(#20134,#20135)
successor(#20107,#20109)
successor(#20109,#20115)
successor(#20119,#20117)
successor(#20117,#20111)
@@ -442,6 +441,7 @@ successor(#20116,#20113)
successor(#20115,#20116)
successor(#20113,#20119)
successor(#20111,#20134)
successor(#20107,#20109)
successor(#20105,#20107)
successor(#20132,#20105)
successor(#20100,#20101)
@@ -457,11 +457,11 @@ exit_cfg_node(#20138,#20086)
#20139=@"loc,{#10000},4,4,4,3"
locations_default(#20139,#10000,4,4,4,3)
hasLocation(#20138,#20139)
successor(#20090,#20096)
successor(#20097,#20094)
successor(#20096,#20097)
successor(#20094,#20092)
successor(#20092,#20138)
successor(#20090,#20096)
successor(#20136,#20090)
successor(#20085,#20086)
successor(#20083,#20100)

2
javascript/extractor/tests/es2015/output/trap/class_ctor.js.trap
View File

@@ -246,13 +246,13 @@ exit_cfg_node(#20076,#20054)
#20077=@"loc,{#10000},4,4,4,3"
locations_default(#20077,#10000,4,4,4,3)
hasLocation(#20076,#20077)
successor(#20060,#20062)
successor(#20062,#20068)
successor(#20070,#20064)
successor(#20069,#20066)
successor(#20068,#20069)
successor(#20066,#20070)
successor(#20064,#20076)
successor(#20060,#20062)
successor(#20058,#20060)
successor(#20074,#20058)
successor(#20053,#20054)

2
javascript/extractor/tests/es2015/output/trap/class_extends.js.trap
View File

@@ -159,12 +159,12 @@ hasLocation(#20042,#20026)
#20043=*
exit_cfg_node(#20043,#20028)
hasLocation(#20043,#20026)
successor(#20033,#20034)
successor(#20034,#20036)
successor(#20038,#20037)
successor(#20037,#20035)
successor(#20036,#20038)
successor(#20035,#20043)
successor(#20033,#20034)
successor(#20031,#20033)
successor(#20042,#20031)
successor(#20027,#20028)

2
javascript/extractor/tests/es2015/output/trap/class_extends2.js.trap
View File

@@ -261,12 +261,12 @@ hasLocation(#20075,#20059)
#20076=*
exit_cfg_node(#20076,#20061)
hasLocation(#20076,#20059)
successor(#20066,#20067)
successor(#20067,#20069)
successor(#20071,#20070)
successor(#20070,#20068)
successor(#20069,#20071)
successor(#20068,#20076)
successor(#20066,#20067)
successor(#20064,#20066)
successor(#20075,#20064)
successor(#20060,#20061)

2
javascript/extractor/tests/es2015/output/trap/class_method.js.trap
View File

@@ -253,11 +253,11 @@ exit_cfg_node(#20076,#20050)
#20077=@"loc,{#10000},4,4,4,3"
locations_default(#20077,#10000,4,4,4,3)
hasLocation(#20076,#20077)
successor(#20054,#20060)
successor(#20061,#20058)
successor(#20060,#20061)
successor(#20058,#20056)
successor(#20056,#20076)
successor(#20054,#20060)
successor(#20074,#20054)
successor(#20049,#20050)
successor(#20047,#20064)

2
javascript/extractor/tests/es2015/output/trap/class_static.js.trap
View File

@@ -243,9 +243,9 @@ exit_cfg_node(#20073,#20048)
#20074=@"loc,{#10000},4,4,4,3"
locations_default(#20074,#10000,4,4,4,3)
hasLocation(#20073,#20074)
successor(#20052,#20056)
successor(#20056,#20054)
successor(#20054,#20073)
successor(#20052,#20056)
successor(#20071,#20052)
successor(#20047,#20048)
successor(#20045,#20061)

2
javascript/extractor/tests/es2015/output/trap/delegating_yield.js.trap
View File

@@ -171,11 +171,11 @@ hasLocation(#20054,#20052)
#20055=*
exit_cfg_node(#20055,#20037)
hasLocation(#20055,#20034)
successor(#20041,#20043)
successor(#20043,#20049)
successor(#20049,#20047)
successor(#20047,#20045)
successor(#20045,#20055)
successor(#20041,#20043)
successor(#20054,#20041)
successor(#20038,#20037)
successor(#20051,#20038)

8
javascript/extractor/tests/es2015/output/trap/destructuring.js.trap
View File

@@ -822,7 +822,6 @@ hasLocation(#20266,#20267)
#20268=*
exit_cfg_node(#20268,#20230)
hasLocation(#20268,#20173)
successor(#20247,#20249)
successor(#20262,#20260)
successor(#20260,#20268)
successor(#20249,#20259)
@@ -832,6 +831,7 @@ successor(#20257,#20258)
successor(#20255,#20251)
successor(#20259,#20253)
successor(#20251,#20262)
successor(#20247,#20249)
successor(#20237,#20240)
successor(#20245,#20242)
successor(#20244,#20245)
@@ -849,21 +849,20 @@ exit_cfg_node(#20270,#20177)
#20271=@"loc,{#10000},8,2,8,1"
locations_default(#20271,#10000,8,2,8,1)
hasLocation(#20270,#20271)
successor(#20190,#20192)
successor(#20203,#20205)
successor(#20205,#20209)
successor(#20209,#20211)
successor(#20212,#20207)
successor(#20211,#20212)
successor(#20207,#20213)
successor(#20205,#20209)
successor(#20213,#20217)
successor(#20218,#20220)
successor(#20220,#20226)
successor(#20229,#20222)
successor(#20228,#20224)
successor(#20226,#20228)
successor(#20224,#20229)
successor(#20222,#20270)
successor(#20218,#20220)
successor(#20217,#20218)
successor(#20192,#20202)
successor(#20196,#20198)
@@ -872,6 +871,7 @@ successor(#20201,#20194)
successor(#20198,#20199)
successor(#20202,#20196)
successor(#20194,#20203)
successor(#20190,#20192)
successor(#20185,#20187)
successor(#20188,#20190)
successor(#20187,#20188)

4
javascript/extractor/tests/es2015/output/trap/forof.js.trap
View File

@@ -436,7 +436,6 @@ exit_cfg_node(#20140,#20118)
#20141=@"loc,{#10000},7,2,7,1"
locations_default(#20141,#10000,7,2,7,1)
hasLocation(#20140,#20141)
successor(#20124,#20128)
successor(#20128,#20126)
successor(#20126,#20130)
successor(#20126,#20140)
@@ -444,6 +443,7 @@ successor(#20134,#20126)
successor(#20130,#20133)
successor(#20133,#20132)
successor(#20132,#20134)
successor(#20124,#20128)
successor(#20138,#20124)
successor(#20094,#20096)
successor(#20098,#20092)
@@ -451,13 +451,13 @@ successor(#20097,#20098)
successor(#20096,#20097)
successor(#20092,#20101)
successor(#20092,#20118)
successor(#20105,#20109)
successor(#20109,#20113)
successor(#20117,#20114)
successor(#20116,#20117)
successor(#20114,#20111)
successor(#20113,#20116)
successor(#20111,#20092)
successor(#20105,#20109)
successor(#20101,#20104)
successor(#20104,#20103)
successor(#20103,#20105)

6
javascript/extractor/tests/es2015/output/trap/let.js.trap
View File

@@ -673,8 +673,6 @@ hasLocation(#20210,#20211)
#20212=*
exit_cfg_node(#20212,#20001)
hasLocation(#20212,#20135)
successor(#20137,#20140)
successor(#20146,#20150)
successor(#20195,#20199)
successor(#20200,#20197)
successor(#20199,#20200)
@@ -705,7 +703,6 @@ hasLocation(#20214,#20161)
successor(#20214,#20195)
successor(#20160,#20213)
successor(#20160,#20214)
successor(#20173,#20177)
successor(#20183,#20189)
successor(#20192,#20185)
successor(#20191,#20187)
@@ -716,14 +713,17 @@ successor(#20177,#20181)
successor(#20182,#20179)
successor(#20181,#20182)
successor(#20179,#20183)
successor(#20173,#20177)
successor(#20150,#20154)
successor(#20155,#20152)
successor(#20154,#20155)
successor(#20152,#20156)
successor(#20146,#20150)
successor(#20140,#20144)
successor(#20145,#20142)
successor(#20144,#20145)
successor(#20142,#20146)
successor(#20137,#20140)
successor(#20210,#20137)
numlines(#10000,12,12,0)
filetype(#10000,"javascript")

2
javascript/extractor/tests/es2015/output/trap/nested_import.js.trap
View File

@@ -352,13 +352,13 @@ hasLocation(#20107,#20033)
successor(#20107,#20105)
successor(#20080,#20106)
successor(#20080,#20107)
successor(#20083,#20089)
successor(#20097,#20101)
successor(#20102,#20099)
successor(#20101,#20102)
successor(#20099,#20105)
successor(#20089,#20094)
successor(#20094,#20097)
successor(#20083,#20089)
successor(#20071,#20078)
successor(#20075,#20071)
successor(#20103,#20075)

2
javascript/extractor/tests/es2015/output/trap/new_target.js.trap
View File

@@ -167,11 +167,11 @@ hasLocation(#20054,#20052)
#20055=*
exit_cfg_node(#20055,#20037)
hasLocation(#20055,#20034)
successor(#20041,#20049)
successor(#20049,#20047)
successor(#20047,#20045)
successor(#20045,#20043)
successor(#20043,#20055)
successor(#20041,#20049)
successor(#20054,#20041)
successor(#20038,#20037)
successor(#20051,#20038)

2
javascript/extractor/tests/es2015/output/trap/odasa-2593.js.trap
View File

@@ -189,13 +189,13 @@ hasLocation(#20058,#20056)
#20059=*
exit_cfg_node(#20059,#20039)
hasLocation(#20059,#20036)
successor(#20043,#20045)
successor(#20048,#20052)
successor(#20054,#20050)
successor(#20052,#20054)
successor(#20050,#20059)
successor(#20045,#20047)
successor(#20047,#20048)
successor(#20043,#20045)
successor(#20058,#20043)
successor(#20040,#20039)
successor(#20055,#20040)

2
javascript/extractor/tests/es2015/output/trap/properties.js.trap
View File

@@ -403,9 +403,9 @@ exit_cfg_node(#20126,#20112)
#20127=@"loc,{#10000},5,27,5,26"
locations_default(#20127,#10000,5,27,5,26)
hasLocation(#20126,#20127)
successor(#20116,#20120)
successor(#20120,#20118)
successor(#20118,#20126)
successor(#20116,#20120)
successor(#20124,#20116)
successor(#20111,#20112)
successor(#20109,#20088)

4
javascript/extractor/tests/es2015/output/trap/super_call.js.trap
View File

@@ -332,12 +332,12 @@ hasLocation(#20098,#20082)
#20099=*
exit_cfg_node(#20099,#20084)
hasLocation(#20099,#20082)
successor(#20089,#20090)
successor(#20090,#20092)
successor(#20094,#20093)
successor(#20093,#20091)
successor(#20092,#20094)
successor(#20091,#20099)
successor(#20089,#20090)
successor(#20087,#20089)
successor(#20098,#20087)
successor(#20083,#20084)
@@ -353,7 +353,6 @@ exit_cfg_node(#20102,#20064)
#20103=@"loc,{#10000},4,4,4,3"
locations_default(#20103,#10000,4,4,4,3)
hasLocation(#20102,#20103)
successor(#20068,#20078)
successor(#20080,#20072)
successor(#20079,#20076)
successor(#20078,#20079)
@@ -361,6 +360,7 @@ successor(#20076,#20074)
successor(#20074,#20080)
successor(#20072,#20070)
successor(#20070,#20102)
successor(#20068,#20078)
successor(#20100,#20068)
successor(#20063,#20064)
successor(#20061,#20083)

2
javascript/extractor/tests/es2015/output/trap/super_ctor.js.trap
View File

@@ -233,11 +233,11 @@ exit_cfg_node(#20073,#20056)
#20074=@"loc,{#10000},4,4,4,3"
locations_default(#20074,#10000,4,4,4,3)
hasLocation(#20073,#20074)
successor(#20060,#20062)
successor(#20062,#20066)
successor(#20067,#20064)
successor(#20066,#20067)
successor(#20064,#20073)
successor(#20060,#20062)
successor(#20071,#20060)
successor(#20055,#20056)
successor(#20053,#20048)

2
javascript/extractor/tests/es2015/output/trap/templates.js.trap
View File

@@ -729,7 +729,6 @@ exit_cfg_node(#20221,#20157)
#20222=@"loc,{#10000},3,2,3,1"
locations_default(#20222,#10000,3,2,3,1)
hasLocation(#20221,#20222)
successor(#20166,#20172)
successor(#20179,#20173)
successor(#20178,#20175)
successor(#20177,#20178)
@@ -738,6 +737,7 @@ successor(#20173,#20170)
successor(#20172,#20177)
successor(#20170,#20168)
successor(#20168,#20221)
successor(#20166,#20172)
successor(#20164,#20166)
successor(#20162,#20164)
successor(#20220,#20162)

2
javascript/extractor/tests/es2015/output/trap/unknown_meta_property.js.trap
View File

@@ -138,9 +138,9 @@ hasLocation(#20044,#20042)
#20045=*
exit_cfg_node(#20045,#20031)
hasLocation(#20045,#20028)
successor(#20035,#20037)
successor(#20037,#20039)
successor(#20039,#20045)
successor(#20035,#20037)
successor(#20044,#20035)
successor(#20032,#20031)
successor(#20041,#20032)

2
javascript/extractor/tests/es2015/output/trap/yield.js.trap
View File

@@ -287,7 +287,6 @@ hasLocation(#20090,#20088)
#20091=*
exit_cfg_node(#20091,#20061)
hasLocation(#20091,#20058)
successor(#20066,#20068)
successor(#20074,#20078)
successor(#20080,#20086)
successor(#20086,#20084)
@@ -309,6 +308,7 @@ successor(#20068,#20072)
successor(#20073,#20070)
successor(#20072,#20073)
successor(#20070,#20074)
successor(#20066,#20068)
successor(#20090,#20066)
successor(#20062,#20061)
successor(#20087,#20062)

2
javascript/extractor/tests/es2015/output/trap/yield2.js.trap
View File

@@ -137,9 +137,9 @@ exit_cfg_node(#20043,#20029)
#20044=@"loc,{#10000},3,2,3,1"
locations_default(#20044,#10000,3,2,3,1)
hasLocation(#20043,#20044)
successor(#20034,#20036)
successor(#20036,#20038)
successor(#20038,#20043)
successor(#20034,#20036)
successor(#20042,#20034)
successor(#20031,#20029)
successor(#20039,#20031)

2
javascript/extractor/tests/es2016/output/trap/usestrict.js.trap
View File

@@ -148,9 +148,9 @@ hasLocation(#20046,#20044)
#20047=*
exit_cfg_node(#20047,#20029)
hasLocation(#20047,#20027)
successor(#20036,#20038)
successor(#20038,#20040)
successor(#20040,#20047)
successor(#20036,#20038)
successor(#20033,#20036)
successor(#20035,#20033)
successor(#20046,#20035)

6
javascript/extractor/tests/es2017/output/trap/async-await.js.trap
View File

@@ -333,18 +333,18 @@ exit_cfg_node(#20107,#20073)
#20108=@"loc,{#10000},7,2,7,1"
locations_default(#20108,#10000,7,2,7,1)
hasLocation(#20107,#20108)
successor(#20080,#20082)
successor(#20082,#20084)
successor(#20084,#20086)
successor(#20086,#20090)
successor(#20090,#20088)
successor(#20088,#20091)
successor(#20088,#20107)
successor(#20084,#20086)
successor(#20091,#20095)
successor(#20096,#20100)
successor(#20100,#20098)
successor(#20098,#20107)
successor(#20096,#20100)
successor(#20095,#20096)
successor(#20080,#20082)
successor(#20078,#20080)
successor(#20105,#20078)
successor(#20075,#20071)

2
javascript/extractor/tests/esnext/output/trap/async-generators.js.trap
View File

@@ -303,7 +303,6 @@ exit_cfg_node(#20099,#20076)
#20100=@"loc,{#10000},6,2,6,1"
locations_default(#20100,#10000,6,2,6,1)
hasLocation(#20099,#20100)
successor(#20082,#20088)
successor(#20088,#20086)
successor(#20086,#20084)
successor(#20084,#20089)
@@ -312,6 +311,7 @@ successor(#20093,#20084)
successor(#20089,#20092)
successor(#20092,#20091)
successor(#20091,#20093)
successor(#20082,#20088)
successor(#20097,#20082)
successor(#20069,#20076)
#20101=*

Some files were not shown because too many files have changed in this diff Show More