Manual merge main

cpp/ql/lib/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.12.2
+
+No user-facing changes.
+
 ## 0.12.1
 
 ### New Features

cpp/ql/lib/change-notes/released/0.12.2.md

@@ -0,0 +1,3 @@
+## 0.12.2
+
+No user-facing changes.

cpp/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.12.1
+lastReleaseVersion: 0.12.2

cpp/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 0.12.1
+version: 0.12.2
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp

cpp/ql/src/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.9.1
+
+No user-facing changes.
+
 ## 0.9.0
 
 ### Breaking Changes

cpp/ql/src/change-notes/released/0.9.1.md

@@ -0,0 +1,3 @@
+## 0.9.1
+
+No user-facing changes.

cpp/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.9.0
+lastReleaseVersion: 0.9.1

cpp/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 0.9.0
+version: 0.9.1
 groups:
   - cpp
   - queries

csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 1.7.5
+
+No user-facing changes.
+
 ## 1.7.4
 
 No user-facing changes.

csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.5.md

@@ -0,0 +1,3 @@
+## 1.7.5
+
+No user-facing changes.

csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.4
+lastReleaseVersion: 1.7.5

csharp/ql/campaigns/Solorigate/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.7.4
+version: 1.7.5
 groups:
   - csharp
   - solorigate

csharp/ql/campaigns/Solorigate/src/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 1.7.5
+
+No user-facing changes.
+
 ## 1.7.4
 
 No user-facing changes.

csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.5.md

@@ -0,0 +1,3 @@
+## 1.7.5
+
+No user-facing changes.

csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.4
+lastReleaseVersion: 1.7.5

csharp/ql/campaigns/Solorigate/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.7.4
+version: 1.7.5
 groups:
   - csharp
   - solorigate

csharp/ql/lib/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.8.5
+
+No user-facing changes.
+
 ## 0.8.4
 
 No user-facing changes.

csharp/ql/lib/change-notes/released/0.8.5.md

@@ -0,0 +1,3 @@
+## 0.8.5
+
+No user-facing changes.

csharp/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.4
+lastReleaseVersion: 0.8.5

csharp/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 0.8.4
+version: 0.8.5
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp

csharp/ql/src/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.8.5
+
+No user-facing changes.
+
 ## 0.8.4
 
 ### Minor Analysis Improvements

csharp/ql/src/change-notes/released/0.8.5.md

@@ -0,0 +1,3 @@
+## 0.8.5
+
+No user-facing changes.

csharp/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.4
+lastReleaseVersion: 0.8.5

csharp/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 0.8.4
+version: 0.8.5
 groups:
   - csharp
   - queries

go/ql/consistency-queries/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.0.4
+
+No user-facing changes.
+
 ## 0.0.3
 
 No user-facing changes.

go/ql/consistency-queries/change-notes/released/0.0.4.md

@@ -0,0 +1,3 @@
+## 0.0.4
+
+No user-facing changes.

go/ql/consistency-queries/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.3
+lastReleaseVersion: 0.0.4

go/ql/consistency-queries/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql-go-consistency-queries
-version: 0.0.3
+version: 0.0.4
 groups:
   - go
   - queries

go/ql/lib/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.7.5
+
+No user-facing changes.
+
 ## 0.7.4
 
 ### Bug Fixes

go/ql/lib/change-notes/released/0.7.5.md

@@ -0,0 +1,3 @@
+## 0.7.5
+
+No user-facing changes.

go/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.4
+lastReleaseVersion: 0.7.5

go/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/go-all
-version: 0.7.4
+version: 0.7.5
 groups: go
 dbscheme: go.dbscheme
 extractor: go

go/ql/src/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.7.5
+
+No user-facing changes.
+
 ## 0.7.4
 
 No user-facing changes.

go/ql/src/change-notes/released/0.7.5.md

@@ -0,0 +1,3 @@
+## 0.7.5
+
+No user-facing changes.

go/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.4
+lastReleaseVersion: 0.7.5

go/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/go-queries
-version: 0.7.4
+version: 0.7.5
 groups:
   - go
   - queries

java/ql/automodel/src/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.0.10
+
+No user-facing changes.
+
 ## 0.0.9
 
 No user-facing changes.

java/ql/automodel/src/change-notes/released/0.0.10.md

@@ -0,0 +1,3 @@
+## 0.0.10
+
+No user-facing changes.

java/ql/automodel/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.9
+lastReleaseVersion: 0.0.10

java/ql/automodel/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/java-automodel-queries
-version: 0.0.9
+version: 0.0.10
 groups:
     - java
     - automodel

java/ql/lib/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.8.5
+
+No user-facing changes.
+
 ## 0.8.4
 
 ### Minor Analysis Improvements

java/ql/lib/change-notes/released/0.8.5.md

@@ -0,0 +1,3 @@
+## 0.8.5
+
+No user-facing changes.

java/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.4
+lastReleaseVersion: 0.8.5

java/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/java-all
-version: 0.8.4
+version: 0.8.5
 groups: java
 dbscheme: config/semmlecode.dbscheme
 extractor: java

java/ql/lib/semmle/code/java/security/TempDirLocalInformationDisclosureQuery.qll

@@ -212,6 +212,9 @@ abstract class MethodCallInsecureFileCreation extends MethodCall {
    * Gets the dataflow node representing the file system entity created.
    */
   DataFlow::Node getNode() { result.asExpr() = this }
+
+  /** Holds if this node is a source. */
+  predicate isSource() { any() }
 }
 
 /** DEPRECATED: Alias for `MethodCallInsecureFileCreation`. */

java/ql/src/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.8.5
+
+No user-facing changes.
+
 ## 0.8.4
 
 No user-facing changes.

java/ql/src/change-notes/released/0.8.5.md

@@ -0,0 +1,3 @@
+## 0.8.5
+
+No user-facing changes.

java/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.4
+lastReleaseVersion: 0.8.5

java/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/java-queries
-version: 0.8.4
+version: 0.8.5
 groups:
   - java
   - queries

javascript/extractor/lib/typescript/src/ast_extractor.ts

@@ -192,7 +192,7 @@ export function augmentAst(ast: AugmentedSourceFile, code: string, project: Proj
         }
 
         if (typeChecker != null) {
-            if (isTypedNode(node)) {
+            if (isTypedNode(node) && !typeTable.skipExtractingTypes) {
                 let contextualType = isContextuallyTypedNode(node)
                     ? typeChecker.getContextualType(node)
                     : null;

javascript/extractor/lib/typescript/src/main.ts

@@ -554,7 +554,7 @@ function handleOpenProjectCommand(command: OpenProjectCommand) {
     let program = project.program;
     let typeChecker = program.getTypeChecker();
 
-    let shouldReportDiagnostics = getEnvironmentVariable("SEMMLE_TYPESCRIPT_REPORT_DIAGNOSTICS", Boolean, false);
+    let shouldReportDiagnostics = getEnvironmentVariable("SEMMLE_TYPESCRIPT_REPORT_DIAGNOSTICS", v => v.trim().toLowerCase() === "true", false);
     let diagnostics = shouldReportDiagnostics
         ? program.getSemanticDiagnostics().filter(d => d.category === ts.DiagnosticCategory.Error)
         : [];
@@ -807,7 +807,8 @@ function handleGetMetadataCommand(command: GetMetadataCommand) {
 
 function reset() {
     state = new State();
-    state.typeTable.restrictedExpansion = getEnvironmentVariable("SEMMLE_TYPESCRIPT_NO_EXPANSION", Boolean, true);
+    state.typeTable.restrictedExpansion = getEnvironmentVariable("SEMMLE_TYPESCRIPT_NO_EXPANSION", v => v.trim().toLowerCase() === "true", true);
+    state.typeTable.skipExtractingTypes = getEnvironmentVariable("CODEQL_EXTRACTOR_JAVASCRIPT_OPTION_SKIP_TYPES", v => v.trim().toLowerCase() === "true", false);
 }
 
 function getEnvironmentVariable<T>(name: string, parse: (x: string) => T, defaultValue: T) {
@@ -886,6 +887,7 @@ if (process.argv.length > 2) {
     if (argument === "--version") {
         console.log("parser-wrapper with TypeScript " + ts.version);
     } else if (pathlib.basename(argument) === "tsconfig.json") {
+        reset();
         handleOpenProjectCommand({
             command: "open-project",
             tsConfig: argument,
@@ -895,7 +897,7 @@ if (process.argv.length > 2) {
             virtualSourceRoot: null,
         });
         for (let sf of state.project.program.getSourceFiles()) {
-            if (pathlib.basename(sf.fileName) === "lib.d.ts") continue;
+            if (/lib\..*\.d\.ts/.test(pathlib.basename(sf.fileName)) || pathlib.basename(sf.fileName) === "lib.d.ts") continue;
             handleParseCommand({
                 command: "parse",
                 filename: sf.fileName,

javascript/extractor/lib/typescript/src/type_table.ts

@@ -383,6 +383,11 @@ export class TypeTable {
    */
   public restrictedExpansion = false;
 
+  /**
+   * If set to true, skip extracting types.
+   */
+  public skipExtractingTypes = false;
+
   private virtualSourceRoot: VirtualSourceRoot;
 
   /**
@@ -1240,8 +1245,15 @@ export class TypeTable {
       let indexOnStack = stack.length;
       stack.push(id);
 
+      /** Indicates if a type contains no type variables, is a type variable, or strictly contains type variables. */
+      const enum TypeVarDepth {
+        noTypeVar = 0,
+        isTypeVar = 1,
+        containsTypeVar = 2,
+      }
+
       for (let symbol of type.getProperties()) {
-        let propertyType = this.tryGetTypeOfSymbol(symbol);
+        let propertyType = typeTable.tryGetTypeOfSymbol(symbol);
         if (propertyType == null) continue;
         traverseType(propertyType);
       }
@@ -1267,13 +1279,6 @@ export class TypeTable {
 
       return lowlinkTable.get(id);
 
-      /** Indicates if a type contains no type variables, is a type variable, or strictly contains type variables. */
-      const enum TypeVarDepth {
-        noTypeVar = 0,
-        isTypeVar = 1,
-        containsTypeVar = 2,
-      }
-
       function traverseType(type: ts.Type): TypeVarDepth {
         if (isTypeVariable(type)) return TypeVarDepth.isTypeVar;
         let depth = TypeVarDepth.noTypeVar;

javascript/ql/lib/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.8.5
+
+No user-facing changes.
+
 ## 0.8.4
 
 ### Minor Analysis Improvements

javascript/ql/lib/change-notes/released/0.8.5.md

@@ -0,0 +1,3 @@
+## 0.8.5
+
+No user-facing changes.

javascript/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.4
+lastReleaseVersion: 0.8.5

javascript/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/javascript-all
-version: 0.8.4
+version: 0.8.5
 groups: javascript
 dbscheme: semmlecode.javascript.dbscheme
 extractor: javascript

javascript/ql/src/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.8.5
+
+No user-facing changes.
+
 ## 0.8.4
 
 ### Minor Analysis Improvements

javascript/ql/src/change-notes/released/0.8.5.md

@@ -0,0 +1,3 @@
+## 0.8.5
+
+No user-facing changes.

javascript/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.4
+lastReleaseVersion: 0.8.5

javascript/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/javascript-queries
-version: 0.8.4
+version: 0.8.5
 groups:
   - javascript
   - queries

misc/bazel/cmake/setup.cmake

@@ -5,8 +5,12 @@ if (CREATE_COMPILATION_DATABASE_LINK)
     set(CMAKE_EXPORT_COMPILE_COMMANDS 1)
 endif ()
 
+if (NOT DEFINED BAZEL_BIN)
+    set(BAZEL_BIN "bazelisk")
+endif ()
+
 macro(bazel)
-    execute_process(COMMAND bazel ${ARGN}
+    execute_process(COMMAND ${BAZEL_BIN} ${ARGN}
             COMMAND_ERROR_IS_FATAL ANY
             OUTPUT_STRIP_TRAILING_WHITESPACE
             WORKING_DIRECTORY ${PROJECT_SOURCE_DIR})

misc/suite-helpers/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.7.5
+
+No user-facing changes.
+
 ## 0.7.4
 
 No user-facing changes.

misc/suite-helpers/change-notes/released/0.7.5.md

@@ -0,0 +1,3 @@
+## 0.7.5
+
+No user-facing changes.

misc/suite-helpers/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.4
+lastReleaseVersion: 0.7.5

misc/suite-helpers/qlpack.yml

@@ -1,4 +1,4 @@
 name: codeql/suite-helpers
-version: 0.7.4
+version: 0.7.5
 groups: shared
 warnOnImplicitThis: true

python/ql/lib/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.11.5
+
+No user-facing changes.
+
 ## 0.11.4
 
 ### Minor Analysis Improvements

python/ql/lib/change-notes/released/0.11.5.md

@@ -0,0 +1,3 @@
+## 0.11.5
+
+No user-facing changes.

python/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.11.4
+lastReleaseVersion: 0.11.5

python/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/python-all
-version: 0.11.4
+version: 0.11.5
 groups: python
 dbscheme: semmlecode.python.dbscheme
 extractor: python

python/ql/src/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.9.5
+
+No user-facing changes.
+
 ## 0.9.4
 
 No user-facing changes.

python/ql/src/change-notes/released/0.9.5.md

@@ -0,0 +1,3 @@
+## 0.9.5
+
+No user-facing changes.

python/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.9.4
+lastReleaseVersion: 0.9.5

python/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/python-queries
-version: 0.9.4
+version: 0.9.5
 groups:
   - python
   - queries

ruby/ql/lib/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.8.5
+
+No user-facing changes.
+
 ## 0.8.4
 
 ### Minor Analysis Improvements

ruby/ql/lib/change-notes/released/0.8.5.md

@@ -0,0 +1,3 @@
+## 0.8.5
+
+No user-facing changes.

ruby/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.4
+lastReleaseVersion: 0.8.5

ruby/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/ruby-all
-version: 0.8.4
+version: 0.8.5
 groups: ruby
 extractor: ruby
 dbscheme: ruby.dbscheme

ruby/ql/src/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.8.5
+
+No user-facing changes.
+
 ## 0.8.4
 
 No user-facing changes.

ruby/ql/src/change-notes/released/0.8.5.md

@@ -0,0 +1,3 @@
+## 0.8.5
+
+No user-facing changes.

ruby/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.4
+lastReleaseVersion: 0.8.5

ruby/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/ruby-queries
-version: 0.8.4
+version: 0.8.5
 groups:
   - ruby
   - queries

shared/controlflow/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.1.5
+
+No user-facing changes.
+
 ## 0.1.4
 
 No user-facing changes.

shared/controlflow/change-notes/released/0.1.5.md

@@ -0,0 +1,3 @@
+## 0.1.5
+
+No user-facing changes.

shared/controlflow/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.1.4
+lastReleaseVersion: 0.1.5

shared/controlflow/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/controlflow
-version: 0.1.4
+version: 0.1.5
 groups: shared
 library: true
 dependencies:

shared/dataflow/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.1.5
+
+No user-facing changes.
+
 ## 0.1.4
 
 No user-facing changes.

shared/dataflow/change-notes/released/0.1.5.md

@@ -0,0 +1,3 @@
+## 0.1.5
+
+No user-facing changes.

shared/dataflow/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.1.4
+lastReleaseVersion: 0.1.5

shared/dataflow/codeql/dataflow/DataFlow.qll

@@ -589,6 +589,9 @@ module DataFlowMake<InputSig Lang> {
 
     /** Gets the underlying `Node`. */
     Node getNode();
+
+    /** Holds if this node is a source. */
+    predicate isSource();
   }
 
   signature module PathGraphSig<PathNodeSig PathNode> {
@@ -650,6 +653,15 @@ module DataFlowMake<InputSig Lang> {
         result = this.asPathNode1().getNode() or
         result = this.asPathNode2().getNode()
       }
+
+      predicate isSource(){
+        this.asPathNode1().isSource() or
+        this.asPathNode2().isSource()
+      }
+
+      PathNode getASuccessor(){
+        none()
+      }
     }
 
     /**
@@ -721,6 +733,16 @@ module DataFlowMake<InputSig Lang> {
 
       /** Gets the underlying `Node`. */
       Node getNode() { result = super.getNode() }
+
+      predicate isSource(){
+        this.asPathNode1().isSource() or
+        this.asPathNode2().isSource() or
+        this.asPathNode3().isSource()
+      }
+
+      PathNode getASuccessor(){
+        none()
+      }
     }
 
     /**

shared/dataflow/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/dataflow
-version: 0.1.4
+version: 0.1.5
 groups: shared
 library: true
 dependencies:

shared/mad/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.2.5
+
+No user-facing changes.
+
 ## 0.2.4
 
 No user-facing changes.

shared/mad/change-notes/released/0.2.5.md

@@ -0,0 +1,3 @@
+## 0.2.5
+
+No user-facing changes.

shared/mad/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.2.4
+lastReleaseVersion: 0.2.5

shared/mad/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/mad
-version: 0.2.4
+version: 0.2.5
 groups: shared
 library: true
 dependencies: null

shared/rangeanalysis/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.0.4
+
+No user-facing changes.
+
 ## 0.0.3
 
 No user-facing changes.

shared/rangeanalysis/change-notes/released/0.0.4.md

@@ -0,0 +1,3 @@
+## 0.0.4
+
+No user-facing changes.

shared/rangeanalysis/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.3
+lastReleaseVersion: 0.0.4

shared/rangeanalysis/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/rangeanalysis
-version: 0.0.3
+version: 0.0.4
 groups: shared
 library: true
 dependencies:

shared/regex/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.2.5
+
+No user-facing changes.
+
 ## 0.2.4
 
 No user-facing changes.

shared/regex/change-notes/released/0.2.5.md

@@ -0,0 +1,3 @@
+## 0.2.5
+
+No user-facing changes.