From fbfafbfdd44007ed4e95be5684177f1953e17a32 Mon Sep 17 00:00:00 2001 From: Tamas Vajk Date: Thu, 19 Oct 2023 15:48:57 +0200 Subject: [PATCH 01/13] C#: Remove `netstandard.library.ref` from the references --- .../DependencyManager.cs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs index 25bbd1c83f7..68019c10594 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs @@ -268,7 +268,8 @@ namespace Semmle.Extraction.CSharp.DependencyFetching "runtime.win-x64.microsoft.netcore.app", // Internal implementation packages not meant for direct consumption: - "runtime." + "runtime.", + "netstandard.library.ref" }; RemoveNugetPackageReference(runtimePackagePrefixes); } From fc1fc05d164c899ab52b7b61820f031729c530d2 Mon Sep 17 00:00:00 2001 From: Tamas Vajk Date: Fri, 20 Oct 2023 09:22:14 +0200 Subject: [PATCH 02/13] C#: Rework .net framework reference removal --- .../DependencyManager.cs | 43 +++++++++++++++---- 1 file changed, 35 insertions(+), 8 deletions(-) diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs index 68019c10594..648cabdc762 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs @@ -99,6 +99,8 @@ namespace Semmle.Extraction.CSharp.DependencyFetching var existsNetCoreRefNugetPackage = false; var existsNetFrameworkRefNugetPackage = false; + var existsNetstandardLibRefNugetPackage = false; + var existsNetstandardLibNugetPackage = false; // Find DLLs in the .Net / Asp.Net Framework // This block needs to come after the nuget restore, because the nuget restore might fetch the .NET Core/Framework reference assemblies. @@ -106,8 +108,13 @@ namespace Semmle.Extraction.CSharp.DependencyFetching { existsNetCoreRefNugetPackage = IsNugetPackageAvailable("microsoft.netcore.app.ref"); existsNetFrameworkRefNugetPackage = IsNugetPackageAvailable("microsoft.netframework.referenceassemblies"); + existsNetstandardLibRefNugetPackage = IsNugetPackageAvailable("netstandard.library.ref"); + existsNetstandardLibNugetPackage = IsNugetPackageAvailable("netstandard.library"); - if (existsNetCoreRefNugetPackage || existsNetFrameworkRefNugetPackage) + if (existsNetCoreRefNugetPackage + || existsNetFrameworkRefNugetPackage + || existsNetstandardLibRefNugetPackage + || existsNetstandardLibNugetPackage) { progressMonitor.LogInfo("Found .NET Core/Framework DLLs in NuGet packages. Not adding installation directory."); } @@ -125,7 +132,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching UseReference(filename); } - RemoveUnnecessaryNugetPackages(existsNetCoreRefNugetPackage, existsNetFrameworkRefNugetPackage); + RemoveUnnecessaryNugetPackages(existsNetCoreRefNugetPackage, existsNetFrameworkRefNugetPackage, existsNetstandardLibRefNugetPackage, existsNetstandardLibNugetPackage); ResolveConflicts(); // Output the findings @@ -160,7 +167,8 @@ namespace Semmle.Extraction.CSharp.DependencyFetching DateTime.Now - startTime); } - private void RemoveUnnecessaryNugetPackages(bool existsNetCoreRefNugetPackage, bool existsNetFrameworkRefNugetPackage) + private void RemoveUnnecessaryNugetPackages(bool existsNetCoreRefNugetPackage, bool existsNetFrameworkRefNugetPackage, + bool existsNetstandardLibRefNugetPackage, bool existsNetstandardLibNugetPackage) { RemoveNugetAnalyzerReferences(); RemoveRuntimeNugetPackageReferences(); @@ -172,10 +180,30 @@ namespace Semmle.Extraction.CSharp.DependencyFetching RemoveNugetPackageReference("microsoft.aspnetcore.app.ref"); } - if (existsNetCoreRefNugetPackage && existsNetFrameworkRefNugetPackage) + // Multiple packages are available, we keep only one: + if (existsNetCoreRefNugetPackage) { - // Multiple packages are available, we keep only one: - RemoveNugetPackageReference("microsoft.netframework.referenceassemblies."); + if (existsNetFrameworkRefNugetPackage) + RemoveNugetPackageReference("microsoft.netframework.referenceassemblies."); + + if (existsNetstandardLibRefNugetPackage) + RemoveNugetPackageReference("netstandard.library.ref"); + + if (existsNetstandardLibNugetPackage) + RemoveNugetPackageReference("netstandard.library"); + } + else if (existsNetFrameworkRefNugetPackage) + { + if (existsNetstandardLibRefNugetPackage) + RemoveNugetPackageReference("netstandard.library.ref"); + + if (existsNetstandardLibNugetPackage) + RemoveNugetPackageReference("netstandard.library"); + } + else if (existsNetstandardLibRefNugetPackage) + { + if (existsNetstandardLibNugetPackage) + RemoveNugetPackageReference("netstandard.library"); } // TODO: There could be multiple `microsoft.netframework.referenceassemblies` packages, @@ -268,8 +296,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching "runtime.win-x64.microsoft.netcore.app", // Internal implementation packages not meant for direct consumption: - "runtime.", - "netstandard.library.ref" + "runtime." }; RemoveNugetPackageReference(runtimePackagePrefixes); } From 36f1070b930c3d330536ccb832dd9d185d521743 Mon Sep 17 00:00:00 2001 From: Tamas Vajk Date: Fri, 20 Oct 2023 09:42:00 +0200 Subject: [PATCH 03/13] Adjust expected test files --- .../posix-only/standalone_dependencies/Assemblies.expected | 1 - .../windows-only/standalone_dependencies/Assemblies.expected | 1 - 2 files changed, 2 deletions(-) diff --git a/csharp/ql/integration-tests/posix-only/standalone_dependencies/Assemblies.expected b/csharp/ql/integration-tests/posix-only/standalone_dependencies/Assemblies.expected index eebdb8558eb..6c99dc08de7 100644 --- a/csharp/ql/integration-tests/posix-only/standalone_dependencies/Assemblies.expected +++ b/csharp/ql/integration-tests/posix-only/standalone_dependencies/Assemblies.expected @@ -168,6 +168,5 @@ | /microsoft.netcore.app.ref/7.0.2/ref/net7.0/WindowsBase.dll | | /microsoft.netcore.app.ref/7.0.2/ref/net7.0/mscorlib.dll | | /microsoft.netcore.app.ref/7.0.2/ref/net7.0/netstandard.dll | -| /netstandard.library/2.0.3/build/netstandard2.0/ref/System.ComponentModel.Composition.dll | | /newtonsoft.json/12.0.1/lib/portable-net45+win8+wp8+wpa81/Newtonsoft.Json.dll | | /nunit/3.13.3/lib/netstandard2.0/nunit.framework.dll | diff --git a/csharp/ql/integration-tests/windows-only/standalone_dependencies/Assemblies.expected b/csharp/ql/integration-tests/windows-only/standalone_dependencies/Assemblies.expected index 1eae4e66233..ef691089afb 100644 --- a/csharp/ql/integration-tests/windows-only/standalone_dependencies/Assemblies.expected +++ b/csharp/ql/integration-tests/windows-only/standalone_dependencies/Assemblies.expected @@ -212,6 +212,5 @@ | /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/UIAutomationTypes.dll | | /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/WindowsBase.dll | | /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/WindowsFormsIntegration.dll | -| /netstandard.library/2.0.3/build/netstandard2.0/ref/System.ComponentModel.Composition.dll | | /newtonsoft.json/12.0.1/lib/portable-net45+win8+wp8+wpa81/Newtonsoft.Json.dll | | /nunit/3.13.3/lib/netstandard2.0/nunit.framework.dll | From 3f1e145d2c27a568bfee25370cd0b71c9cf1fbbd Mon Sep 17 00:00:00 2001 From: Tamas Vajk Date: Fri, 20 Oct 2023 14:35:25 +0200 Subject: [PATCH 04/13] C#: Rework .net framework reference removal --- .../DependencyManager.cs | 48 +++++++++++-------- 1 file changed, 28 insertions(+), 20 deletions(-) diff --git a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs index 648cabdc762..2021411be0f 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs @@ -180,30 +180,38 @@ namespace Semmle.Extraction.CSharp.DependencyFetching RemoveNugetPackageReference("microsoft.aspnetcore.app.ref"); } - // Multiple packages are available, we keep only one: - if (existsNetCoreRefNugetPackage) + // Multiple dotnet framework packages could be present. We keep only one. + // The order of the packages is important, we're keeping the first one that is present in the nuget cache. + var packagesInPrioOrder = new (bool isPresent, string prefix)[] { - if (existsNetFrameworkRefNugetPackage) - RemoveNugetPackageReference("microsoft.netframework.referenceassemblies."); + // net7.0, ... net5.0, netcoreapp3.1, netcoreapp3.0 + (existsNetCoreRefNugetPackage, "microsoft.netcore.app.ref"), + // net48, ..., net20 + (existsNetFrameworkRefNugetPackage, "microsoft.netframework.referenceassemblies."), + // netstandard2.1 + (existsNetstandardLibRefNugetPackage, "netstandard.library.ref"), + // netstandard2.0 + (existsNetstandardLibNugetPackage, "netstandard.library") + }; - if (existsNetstandardLibRefNugetPackage) - RemoveNugetPackageReference("netstandard.library.ref"); - - if (existsNetstandardLibNugetPackage) - RemoveNugetPackageReference("netstandard.library"); - } - else if (existsNetFrameworkRefNugetPackage) + for (var i = 0; i < packagesInPrioOrder.Length; i++) { - if (existsNetstandardLibRefNugetPackage) - RemoveNugetPackageReference("netstandard.library.ref"); + var (isPresent, _) = packagesInPrioOrder[i]; + if (!isPresent) + { + continue; + } - if (existsNetstandardLibNugetPackage) - RemoveNugetPackageReference("netstandard.library"); - } - else if (existsNetstandardLibRefNugetPackage) - { - if (existsNetstandardLibNugetPackage) - RemoveNugetPackageReference("netstandard.library"); + // Package is present, remove all the lower priority packages: + for (var j = i + 1; j < packagesInPrioOrder.Length; j++) + { + var (otherIsPresent, otherPrefix) = packagesInPrioOrder[j]; + if (otherIsPresent) + { + RemoveNugetPackageReference(otherPrefix); + } + } + break; } // TODO: There could be multiple `microsoft.netframework.referenceassemblies` packages, From 6ad8a4db1c098892e2c4eae4570ac2f64307b23b Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Thu, 26 Oct 2023 21:00:41 +0200 Subject: [PATCH 05/13] C#: Only use `getTypeRef` when there is not already a type available --- .../lib/semmle/code/csharp/AnnotatedType.qll | 16 ++-- .../ql/lib/semmle/code/csharp/Attribute.qll | 7 +- csharp/ql/lib/semmle/code/csharp/Callable.qll | 14 +++- csharp/ql/lib/semmle/code/csharp/Event.qll | 7 +- csharp/ql/lib/semmle/code/csharp/Generics.qll | 27 ++++++- csharp/ql/lib/semmle/code/csharp/Member.qll | 7 +- csharp/ql/lib/semmle/code/csharp/Property.qll | 14 +++- csharp/ql/lib/semmle/code/csharp/Stmt.qll | 7 +- csharp/ql/lib/semmle/code/csharp/Type.qll | 73 ++++++++++++++++--- csharp/ql/lib/semmle/code/csharp/TypeRef.qll | 9 +-- .../ql/lib/semmle/code/csharp/Unification.qll | 4 +- csharp/ql/lib/semmle/code/csharp/Using.qll | 7 +- csharp/ql/lib/semmle/code/csharp/Variable.qll | 21 +++++- .../lib/semmle/code/csharp/exprs/Creation.qll | 7 +- .../ql/lib/semmle/code/csharp/exprs/Expr.qll | 7 +- 15 files changed, 187 insertions(+), 40 deletions(-) diff --git a/csharp/ql/lib/semmle/code/csharp/AnnotatedType.qll b/csharp/ql/lib/semmle/code/csharp/AnnotatedType.qll index 83bffc9b2a8..b45b743c40c 100644 --- a/csharp/ql/lib/semmle/code/csharp/AnnotatedType.qll +++ b/csharp/ql/lib/semmle/code/csharp/AnnotatedType.qll @@ -251,15 +251,21 @@ private int getElementTypeFlags(@has_type_annotation element) { result = strictsum(int b | type_annotation(element, b) | b) } +private predicate specificTypeParameterNullability( + TypeParameterConstraints constraints, Type type, @nullability n +) { + specific_type_parameter_nullability(constraints, type, n) + or + specific_type_parameter_nullability(constraints, getTypeRef(type), n) +} + private Annotations::Nullability getTypeParameterNullability( TypeParameterConstraints constraints, Type type ) { - if specific_type_parameter_nullability(constraints, getTypeRef(type), _) - then - specific_type_parameter_nullability(constraints, getTypeRef(type), - Annotations::getNullability(result)) + if specificTypeParameterNullability(constraints, type, _) + then specificTypeParameterNullability(constraints, type, Annotations::getNullability(result)) else ( - specific_type_parameter_constraints(constraints, getTypeRef(type)) and + type = constraints.getATypeConstraint() and result instanceof Annotations::NoNullability ) } diff --git a/csharp/ql/lib/semmle/code/csharp/Attribute.qll b/csharp/ql/lib/semmle/code/csharp/Attribute.qll index 13769295428..f60ffcd6a40 100644 --- a/csharp/ql/lib/semmle/code/csharp/Attribute.qll +++ b/csharp/ql/lib/semmle/code/csharp/Attribute.qll @@ -62,7 +62,12 @@ private string getAttributeName(Attribute a) { */ class Attribute extends TopLevelExprParent, @attribute { /** Gets the type of this attribute. */ - Class getType() { attributes(this, _, getTypeRef(result), _) } + Class getType() { + attributes(this, _, result, _) + or + not attributes(this, _, any(Type t), _) and + attributes(this, _, getTypeRef(result), _) + } /** Gets the element that this attribute is attached to. */ Attributable getTarget() { attributes(this, _, _, result) } diff --git a/csharp/ql/lib/semmle/code/csharp/Callable.qll b/csharp/ql/lib/semmle/code/csharp/Callable.qll index 00091f66ddc..6c9fd828132 100644 --- a/csharp/ql/lib/semmle/code/csharp/Callable.qll +++ b/csharp/ql/lib/semmle/code/csharp/Callable.qll @@ -236,7 +236,12 @@ class Method extends Callable, Virtualizable, Attributable, @method { override ValueOrRefType getDeclaringType() { methods(this, _, result, _, _) } - override Type getReturnType() { methods(this, _, _, getTypeRef(result), _) } + override Type getReturnType() { + methods(this, _, _, result, _) + or + not methods(this, _, _, any(Type t), _) and + methods(this, _, _, getTypeRef(result), _) + } override Method getUnboundDeclaration() { methods(this, _, _, _, result) } @@ -453,7 +458,12 @@ class Operator extends Callable, Member, Attributable, Overridable, @operator { override ValueOrRefType getDeclaringType() { operators(this, _, _, result, _, _) } - override Type getReturnType() { operators(this, _, _, _, getTypeRef(result), _) } + override Type getReturnType() { + operators(this, _, _, _, result, _) + or + not operators(this, _, _, _, any(Type t), _) and + operators(this, _, _, _, getTypeRef(result), _) + } override Operator getUnboundDeclaration() { operators(this, _, _, _, _, result) } diff --git a/csharp/ql/lib/semmle/code/csharp/Event.qll b/csharp/ql/lib/semmle/code/csharp/Event.qll index 810cffa927a..a7079952478 100644 --- a/csharp/ql/lib/semmle/code/csharp/Event.qll +++ b/csharp/ql/lib/semmle/code/csharp/Event.qll @@ -23,7 +23,12 @@ class Event extends DeclarationWithAccessors, @event { override ValueOrRefType getDeclaringType() { events(this, _, result, _, _) } - override DelegateType getType() { events(this, _, _, getTypeRef(result), _) } + override DelegateType getType() { + events(this, _, _, result, _) + or + not events(this, _, _, any(Type t), _) and + events(this, _, _, getTypeRef(result), _) + } /** Gets an `add` or `remove` accessor of this event, if any. */ EventAccessor getAnEventAccessor() { result.getDeclaration() = this } diff --git a/csharp/ql/lib/semmle/code/csharp/Generics.qll b/csharp/ql/lib/semmle/code/csharp/Generics.qll index 51c1dbc19fd..ce9c94daaab 100644 --- a/csharp/ql/lib/semmle/code/csharp/Generics.qll +++ b/csharp/ql/lib/semmle/code/csharp/Generics.qll @@ -261,7 +261,11 @@ class TypeParameter extends DotNet::TypeParameter, Type, @type_parameter { */ class TypeParameterConstraints extends Element, @type_parameter_constraints { /** Gets a specific type constraint, if any. */ - Type getATypeConstraint() { specific_type_parameter_constraints(this, getTypeRef(result)) } + Type getATypeConstraint() { + specific_type_parameter_constraints(this, result) + or + specific_type_parameter_constraints(this, getTypeRef(result)) + } /** Gets an annotated specific type constraint, if any. */ AnnotatedType getAnAnnotatedTypeConstraint() { result.appliesToTypeConstraint(this) } @@ -413,9 +417,19 @@ class ConstructedType extends ValueOrRefType, ConstructedGeneric { override Location getALocation() { result = this.getUnboundDeclaration().getALocation() } - override Type getTypeArgument(int n) { type_arguments(getTypeRef(result), n, this) } + override Type getTypeArgument(int n) { + type_arguments(result, n, this) + or + not type_arguments(any(Type t), n, this) and + type_arguments(getTypeRef(result), n, this) + } - override UnboundGenericType getUnboundGeneric() { constructed_generic(this, getTypeRef(result)) } + override UnboundGenericType getUnboundGeneric() { + constructed_generic(this, result) + or + not constructed_generic(this, any(Type t)) and + constructed_generic(this, getTypeRef(result)) + } final override Type getChild(int n) { result = this.getTypeArgument(n) } @@ -587,7 +601,12 @@ class UnboundGenericMethod extends Method, UnboundGeneric { class ConstructedMethod extends Method, ConstructedGeneric { override Location getALocation() { result = this.getUnboundDeclaration().getALocation() } - override Type getTypeArgument(int n) { type_arguments(getTypeRef(result), n, this) } + override Type getTypeArgument(int n) { + type_arguments(result, n, this) + or + not type_arguments(any(Type t), n, this) and + type_arguments(getTypeRef(result), n, this) + } override UnboundGenericMethod getUnboundGeneric() { constructed_generic(this, result) } diff --git a/csharp/ql/lib/semmle/code/csharp/Member.qll b/csharp/ql/lib/semmle/code/csharp/Member.qll index eb62a2f0b5c..a884f314c15 100644 --- a/csharp/ql/lib/semmle/code/csharp/Member.qll +++ b/csharp/ql/lib/semmle/code/csharp/Member.qll @@ -215,7 +215,12 @@ class Overridable extends Declaration, TOverridable { * to members that can be declared on an interface, i.e. methods, properties, * indexers and events. */ - Interface getExplicitlyImplementedInterface() { explicitly_implements(this, getTypeRef(result)) } + Interface getExplicitlyImplementedInterface() { + explicitly_implements(this, result) + or + not explicitly_implements(this, any(Interface i)) and + explicitly_implements(this, getTypeRef(result)) + } /** * Holds if this member implements an interface member explicitly. diff --git a/csharp/ql/lib/semmle/code/csharp/Property.qll b/csharp/ql/lib/semmle/code/csharp/Property.qll index 15c707321c8..bb127b48f2a 100644 --- a/csharp/ql/lib/semmle/code/csharp/Property.qll +++ b/csharp/ql/lib/semmle/code/csharp/Property.qll @@ -120,7 +120,12 @@ class Property extends DotNet::Property, DeclarationWithGetSetAccessors, @proper override ValueOrRefType getDeclaringType() { properties(this, _, result, _, _) } - override Type getType() { properties(this, _, _, getTypeRef(result), _) } + override Type getType() { + properties(this, _, _, result, _) + or + not properties(this, _, _, any(Type t), _) and + properties(this, _, _, getTypeRef(result), _) + } /** * Holds if this property is automatically implemented. For example, `P1` @@ -260,7 +265,12 @@ class Indexer extends DeclarationWithGetSetAccessors, Parameterizable, @indexer override ValueOrRefType getDeclaringType() { indexers(this, _, result, _, _) } - override Type getType() { indexers(this, _, _, getTypeRef(result), _) } + override Type getType() { + indexers(this, _, _, result, _) + or + not indexers(this, _, _, any(Type t), _) and + indexers(this, _, _, getTypeRef(result), _) + } override IndexerAccess getAnAccess() { result.getTarget() = this } diff --git a/csharp/ql/lib/semmle/code/csharp/Stmt.qll b/csharp/ql/lib/semmle/code/csharp/Stmt.qll index 451f993db1f..334afa4b944 100644 --- a/csharp/ql/lib/semmle/code/csharp/Stmt.qll +++ b/csharp/ql/lib/semmle/code/csharp/Stmt.qll @@ -984,7 +984,12 @@ class CatchClause extends Stmt, @catch { * } * ``` */ - ExceptionClass getCaughtExceptionType() { catch_type(this, getTypeRef(result), _) } + ExceptionClass getCaughtExceptionType() { + catch_type(this, result, _) + or + not catch_type(this, any(Type t), _) and + catch_type(this, getTypeRef(result), _) + } /** * Gets the `catch` filter clause, if any. For example, the filter expression diff --git a/csharp/ql/lib/semmle/code/csharp/Type.qll b/csharp/ql/lib/semmle/code/csharp/Type.qll index 797196d2cc4..f262688d277 100644 --- a/csharp/ql/lib/semmle/code/csharp/Type.qll +++ b/csharp/ql/lib/semmle/code/csharp/Type.qll @@ -110,9 +110,16 @@ class ValueOrRefType extends DotNet::ValueOrRefType, Type, Attributable, @value_ parent_namespace_declaration(this, result) } + private Class getExplicitBaseClass() { + extend(this, result) + or + not extend(this, any(Class c)) and + extend(this, getTypeRef(result)) + } + /** Gets the immediate base class of this class, if any. */ final Class getBaseClass() { - extend(this, getTypeRef(result)) + result = this.getExplicitBaseClass() or not extend(this, _) and not isObjectClass(this) and @@ -122,7 +129,11 @@ class ValueOrRefType extends DotNet::ValueOrRefType, Type, Attributable, @value_ } /** Gets an immediate base interface of this type, if any. */ - Interface getABaseInterface() { implement(this, getTypeRef(result)) } + Interface getABaseInterface() { + implement(this, result) + or + implement(this, getTypeRef(result)) + } /** Gets an immediate base type of this type, if any. */ override ValueOrRefType getABaseType() { @@ -672,7 +683,12 @@ class Enum extends ValueType, @enum_type { * } * ``` */ - IntegralType getUnderlyingType() { enum_underlying_type(this, getTypeRef(result)) } + IntegralType getUnderlyingType() { + enum_underlying_type(this, result) + or + not enum_underlying_type(this, any(Type t)) and + enum_underlying_type(this, getTypeRef(result)) + } /** * Gets an `enum` constant declared in this `enum`, for example `Even` @@ -855,7 +871,12 @@ class Interface extends RefType, @interface_type { */ class DelegateType extends RefType, Parameterizable, @delegate_type { /** Gets the return type of this delegate. */ - Type getReturnType() { delegate_return_type(this, getTypeRef(result)) } + Type getReturnType() { + delegate_return_type(this, result) + or + not delegate_return_type(this, any(Type t)) and + delegate_return_type(this, getTypeRef(result)) + } /** Gets the annotated return type of this delegate. */ AnnotatedType getAnnotatedReturnType() { result.appliesTo(this) } @@ -939,7 +960,12 @@ class UnmanagedCallingConvention extends CallingConvention { */ class FunctionPointerType extends Type, Parameterizable, @function_pointer_type { /** Gets the return type of this function pointer. */ - Type getReturnType() { function_pointer_return_type(this, getTypeRef(result)) } + Type getReturnType() { + function_pointer_return_type(this, result) + or + not function_pointer_return_type(this, any(Type t)) and + function_pointer_return_type(this, getTypeRef(result)) + } /** Gets the calling convention. */ CallingConvention getCallingConvention() { @@ -950,6 +976,9 @@ class FunctionPointerType extends Type, Parameterizable, @function_pointer_type /** Gets the unmanaged calling convention at index `i`. */ Type getUnmanagedCallingConvention(int i) { + has_unmanaged_calling_conventions(this, i, result) + or + not has_unmanaged_calling_conventions(this, i, any(Type t)) and has_unmanaged_calling_conventions(this, i, getTypeRef(result)) } @@ -979,7 +1008,12 @@ class NullableType extends ValueType, ConstructedType, @nullable_type { * Gets the underlying value type of this nullable type. * For example `int` in `int?`. */ - Type getUnderlyingType() { nullable_underlying_type(this, getTypeRef(result)) } + Type getUnderlyingType() { + nullable_underlying_type(this, result) + or + not nullable_underlying_type(this, any(Type t)) and + nullable_underlying_type(this, getTypeRef(result)) + } override UnboundGenericStruct getUnboundGeneric() { result.hasQualifiedName("System", "Nullable<>") @@ -1021,7 +1055,12 @@ class ArrayType extends DotNet::ArrayType, RefType, @array_type { predicate isMultiDimensional() { this.getRank() > 1 } /** Gets the element type of this array, for example `int` in `int[]`. */ - override Type getElementType() { array_element_type(this, _, _, getTypeRef(result)) } + override Type getElementType() { + array_element_type(this, _, _, result) + or + not array_element_type(this, _, _, any(Type t)) and + array_element_type(this, _, _, getTypeRef(result)) + } /** Holds if this array type has the same shape (dimension and rank) as `that` array type. */ predicate hasSameShapeAs(ArrayType that) { @@ -1076,7 +1115,12 @@ class ArrayType extends DotNet::ArrayType, RefType, @array_type { * A pointer type, for example `char*`. */ class PointerType extends DotNet::PointerType, Type, @pointer_type { - override Type getReferentType() { pointer_referent_type(this, getTypeRef(result)) } + override Type getReferentType() { + pointer_referent_type(this, result) + or + not pointer_referent_type(this, any(Type t)) and + pointer_referent_type(this, getTypeRef(result)) + } override string toStringWithTypes() { result = DotNet::PointerType.super.toStringWithTypes() } @@ -1134,7 +1178,12 @@ class UnknownType extends Type, @unknown_type { */ class TupleType extends ValueType, @tuple_type { /** Gets the underlying type of this tuple, which is of type `System.ValueTuple`. */ - Struct getUnderlyingType() { tuple_underlying_type(this, getTypeRef(result)) } + Struct getUnderlyingType() { + tuple_underlying_type(this, result) + or + not tuple_underlying_type(this, any(Type t)) and + tuple_underlying_type(this, getTypeRef(result)) + } /** * Gets the `n`th element of this tuple, indexed from 0. @@ -1196,7 +1245,11 @@ class TypeMention extends @type_mention { Type type; @type_mention_parent parent; - TypeMention() { type_mention(this, getTypeRef(type), parent) } + TypeMention() { + type_mention(this, type, parent) + or + type_mention(this, getTypeRef(type), parent) + } /** Gets the type being mentioned. */ Type getType() { result = type } diff --git a/csharp/ql/lib/semmle/code/csharp/TypeRef.qll b/csharp/ql/lib/semmle/code/csharp/TypeRef.qll index f13168dd20d..c2cf8eb545c 100644 --- a/csharp/ql/lib/semmle/code/csharp/TypeRef.qll +++ b/csharp/ql/lib/semmle/code/csharp/TypeRef.qll @@ -8,10 +8,13 @@ import csharp /** A typeref is a reference to a type in some assembly. */ private class TypeRef extends @typeref { + /** Gets the name of type being referenced. */ string getName() { typerefs(this, result) } + /** Gets a textual representation of this type reference. */ string toString() { result = this.getName() } + /** Gets the type being referenced. */ Type getReferencedType() { typeref_type(this, result) or @@ -27,8 +30,4 @@ private class TypeRef extends @typeref { * This is used for extensionals that can be supplied * as either type references or types. */ -@type_or_ref getTypeRef(Type type) { - result = type - or - result.(TypeRef).getReferencedType() = type -} +TypeRef getTypeRef(Type type) { result.getReferencedType() = type } diff --git a/csharp/ql/lib/semmle/code/csharp/Unification.qll b/csharp/ql/lib/semmle/code/csharp/Unification.qll index 1e01aebfb42..30a94efbe6f 100644 --- a/csharp/ql/lib/semmle/code/csharp/Unification.qll +++ b/csharp/ql/lib/semmle/code/csharp/Unification.qll @@ -15,7 +15,7 @@ module Gvn { * but only if the enclosing type is not a `GenericType`. */ string getNameNested(Type t) { - exists(string name | name = t.getName() | + exists(string name | name = t.getUndecoratedName() | if not t instanceof NestedType or t.(NestedType).getDeclaringType() instanceof GenericType then result = name else result = getNameNested(t.(NestedType).getDeclaringType()) + "+" + name @@ -267,7 +267,7 @@ module Gvn { or this.isDeclaringTypeAt(i) and j = 1 and result = "." else ( - j = 0 and result = name.prefix(name.length() - children - 1) + "<" + j = 0 and result = name + "<" or j in [1 .. 2 * children - 1] and if j % 2 = 0 diff --git a/csharp/ql/lib/semmle/code/csharp/Using.qll b/csharp/ql/lib/semmle/code/csharp/Using.qll index ed51ce34213..384cd1cc01f 100644 --- a/csharp/ql/lib/semmle/code/csharp/Using.qll +++ b/csharp/ql/lib/semmle/code/csharp/Using.qll @@ -64,7 +64,12 @@ class UsingStaticDirective extends UsingDirective, @using_static_directive { * Gets the target of this type `using` directive, for example * `System.Console` in `using static System.Console`. */ - ValueOrRefType getTarget() { using_static_directives(this, getTypeRef(result)) } + ValueOrRefType getTarget() { + using_static_directives(this, result) + or + not using_static_directives(this, any(Type t)) and + using_static_directives(this, getTypeRef(result)) + } override string toString() { result = "using static ...;" } diff --git a/csharp/ql/lib/semmle/code/csharp/Variable.qll b/csharp/ql/lib/semmle/code/csharp/Variable.qll index 13254c90867..2057ef7da50 100644 --- a/csharp/ql/lib/semmle/code/csharp/Variable.qll +++ b/csharp/ql/lib/semmle/code/csharp/Variable.qll @@ -195,7 +195,12 @@ class Parameter extends DotNet::Parameter, LocalScopeVariable, Attributable, Top override string getName() { params(this, result, _, _, _, _, _) } - override Type getType() { params(this, _, getTypeRef(result), _, _, _, _) } + override Type getType() { + params(this, _, result, _, _, _, _) + or + not params(this, _, any(Type t), _, _, _, _) and + params(this, _, getTypeRef(result), _, _, _, _) + } override Location getALocation() { param_location(this, result) } @@ -341,7 +346,12 @@ class LocalVariable extends LocalScopeVariable, @local_variable { override string getName() { localvars(this, _, result, _, _, _) } - override Type getType() { localvars(this, _, _, _, getTypeRef(result), _) } + override Type getType() { + localvars(this, _, _, _, result, _) + or + not localvars(this, _, _, _, any(Type t), _) and + localvars(this, _, _, _, getTypeRef(result), _) + } override Location getALocation() { localvar_location(this, result) } @@ -423,7 +433,12 @@ class Field extends Variable, AssignableMember, Attributable, TopLevelExprParent override string getName() { fields(this, _, result, _, _, _) } - override Type getType() { fields(this, _, _, _, getTypeRef(result), _) } + override Type getType() { + fields(this, _, _, _, result, _) + or + not fields(this, _, _, _, any(Type t), _) and + fields(this, _, _, _, getTypeRef(result), _) + } override Location getALocation() { field_location(this, result) } diff --git a/csharp/ql/lib/semmle/code/csharp/exprs/Creation.qll b/csharp/ql/lib/semmle/code/csharp/exprs/Creation.qll index 2f090d3fd06..0e16e0da9c3 100644 --- a/csharp/ql/lib/semmle/code/csharp/exprs/Creation.qll +++ b/csharp/ql/lib/semmle/code/csharp/exprs/Creation.qll @@ -438,7 +438,12 @@ class LambdaExpr extends AnonymousFunctionExpr, @lambda_expr { predicate hasExplicitReturnType() { lambda_expr_return_type(this, _) } /** Gets the explicit return type of this lambda expression, if any. */ - Type getExplicitReturnType() { lambda_expr_return_type(this, getTypeRef(result)) } + Type getExplicitReturnType() { + lambda_expr_return_type(this, result) + or + not lambda_expr_return_type(this, any(Type t)) and + lambda_expr_return_type(this, getTypeRef(result)) + } override string toString() { result = "(...) => ..." } diff --git a/csharp/ql/lib/semmle/code/csharp/exprs/Expr.qll b/csharp/ql/lib/semmle/code/csharp/exprs/Expr.qll index 4251a7ae8b6..2dae913e89b 100644 --- a/csharp/ql/lib/semmle/code/csharp/exprs/Expr.qll +++ b/csharp/ql/lib/semmle/code/csharp/exprs/Expr.qll @@ -42,7 +42,12 @@ class Expr extends DotNet::Expr, ControlFlowElement, @expr { override Location getALocation() { expr_location(this, result) } /** Gets the type of this expression. */ - override Type getType() { expressions(this, _, getTypeRef(result)) } + override Type getType() { + expressions(this, _, result) + or + not expressions(this, _, any(Type t)) and + expressions(this, _, getTypeRef(result)) + } /** Gets the annotated type of this expression. */ final AnnotatedType getAnnotatedType() { result.appliesTo(this) } From 464199002165b76d978a35e02ac7420b38f3d524 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Mon, 30 Oct 2023 11:05:53 +0000 Subject: [PATCH 06/13] Release preparation for version 2.15.2 --- cpp/ql/lib/CHANGELOG.md | 15 +++++++++++++++ .../2023-09-04-more-floating-point-types.md | 4 ---- .../2023-10-12-additional-call-targets.md | 4 ---- .../lib/change-notes/2023-10-20-implicit-this.md | 4 ---- .../2023-10-24-remove-getlocation-from-folder.md | 4 ---- cpp/ql/lib/change-notes/released/0.11.0.md | 14 ++++++++++++++ cpp/ql/lib/codeql-pack.release.yml | 2 +- cpp/ql/lib/qlpack.yml | 2 +- cpp/ql/src/CHANGELOG.md | 4 ++++ cpp/ql/src/change-notes/released/0.8.2.md | 3 +++ cpp/ql/src/codeql-pack.release.yml | 2 +- cpp/ql/src/qlpack.yml | 2 +- csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md | 4 ++++ .../Solorigate/lib/change-notes/released/1.7.2.md | 3 +++ .../Solorigate/lib/codeql-pack.release.yml | 2 +- csharp/ql/campaigns/Solorigate/lib/qlpack.yml | 2 +- csharp/ql/campaigns/Solorigate/src/CHANGELOG.md | 4 ++++ .../Solorigate/src/change-notes/released/1.7.2.md | 3 +++ .../Solorigate/src/codeql-pack.release.yml | 2 +- csharp/ql/campaigns/Solorigate/src/qlpack.yml | 2 +- csharp/ql/lib/CHANGELOG.md | 4 ++++ csharp/ql/lib/change-notes/released/0.8.2.md | 3 +++ csharp/ql/lib/codeql-pack.release.yml | 2 +- csharp/ql/lib/qlpack.yml | 2 +- csharp/ql/src/CHANGELOG.md | 4 ++++ csharp/ql/src/change-notes/released/0.8.2.md | 3 +++ csharp/ql/src/codeql-pack.release.yml | 2 +- csharp/ql/src/qlpack.yml | 2 +- go/ql/consistency-queries/CHANGELOG.md | 3 +++ .../change-notes/released/0.0.1.md | 3 +++ go/ql/consistency-queries/codeql-pack.release.yml | 2 ++ go/ql/consistency-queries/qlpack.yml | 2 +- go/ql/lib/CHANGELOG.md | 10 ++++++++++ .../2023-10-25-reflectedxss-cookie-sanitizer.md | 4 ---- .../0.7.2.md} | 11 ++++++++--- go/ql/lib/codeql-pack.release.yml | 2 +- go/ql/lib/qlpack.yml | 2 +- go/ql/src/CHANGELOG.md | 6 ++++++ .../0.7.2.md} | 7 ++++--- go/ql/src/codeql-pack.release.yml | 2 +- go/ql/src/qlpack.yml | 2 +- java/ql/automodel/src/CHANGELOG.md | 4 ++++ .../automodel/src/change-notes/released/0.0.7.md | 3 +++ java/ql/automodel/src/codeql-pack.release.yml | 2 +- java/ql/automodel/src/qlpack.yml | 2 +- java/ql/lib/CHANGELOG.md | 13 +++++++++++++ java/ql/lib/change-notes/2023-10-17-new-models.md | 8 -------- .../change-notes/2023-10-23-spring-6-models.md | 4 ---- .../0.8.2.md} | 13 ++++++++++--- java/ql/lib/codeql-pack.release.yml | 2 +- java/ql/lib/qlpack.yml | 2 +- java/ql/src/CHANGELOG.md | 7 +++++++ ...16-spring-disabled-csrf-protection-improved.md | 4 ---- .../0.8.2.md} | 8 +++++--- java/ql/src/codeql-pack.release.yml | 2 +- java/ql/src/qlpack.yml | 2 +- javascript/ql/lib/CHANGELOG.md | 4 ++++ javascript/ql/lib/change-notes/released/0.8.2.md | 3 +++ javascript/ql/lib/codeql-pack.release.yml | 2 +- javascript/ql/lib/qlpack.yml | 2 +- javascript/ql/src/CHANGELOG.md | 6 ++++++ .../0.8.2.md} | 7 ++++--- javascript/ql/src/codeql-pack.release.yml | 2 +- javascript/ql/src/qlpack.yml | 2 +- misc/suite-helpers/CHANGELOG.md | 4 ++++ misc/suite-helpers/change-notes/released/0.7.2.md | 3 +++ misc/suite-helpers/codeql-pack.release.yml | 2 +- misc/suite-helpers/qlpack.yml | 2 +- python/ql/lib/CHANGELOG.md | 7 +++++++ .../lib/change-notes/2023-10-17-contextmanager.md | 4 ---- .../0.11.2.md} | 8 +++++--- python/ql/lib/codeql-pack.release.yml | 2 +- python/ql/lib/qlpack.yml | 2 +- python/ql/src/CHANGELOG.md | 4 ++++ python/ql/src/change-notes/released/0.9.2.md | 3 +++ python/ql/src/codeql-pack.release.yml | 2 +- python/ql/src/qlpack.yml | 2 +- ruby/ql/lib/CHANGELOG.md | 4 ++++ ruby/ql/lib/change-notes/released/0.8.2.md | 3 +++ ruby/ql/lib/codeql-pack.release.yml | 2 +- ruby/ql/lib/qlpack.yml | 2 +- ruby/ql/src/CHANGELOG.md | 4 ++++ ruby/ql/src/change-notes/released/0.8.2.md | 3 +++ ruby/ql/src/codeql-pack.release.yml | 2 +- ruby/ql/src/qlpack.yml | 2 +- shared/controlflow/CHANGELOG.md | 4 ++++ shared/controlflow/change-notes/released/0.1.2.md | 3 +++ shared/controlflow/codeql-pack.release.yml | 2 +- shared/controlflow/qlpack.yml | 2 +- shared/dataflow/CHANGELOG.md | 6 ++++++ .../0.1.2.md} | 7 ++++--- shared/dataflow/codeql-pack.release.yml | 2 +- shared/dataflow/qlpack.yml | 2 +- shared/mad/CHANGELOG.md | 4 ++++ shared/mad/change-notes/released/0.2.2.md | 3 +++ shared/mad/codeql-pack.release.yml | 2 +- shared/mad/qlpack.yml | 2 +- .../2023-10-05-initial.md => CHANGELOG.md} | 7 ++++--- .../rangeanalysis/change-notes/released/0.0.1.md | 5 +++++ shared/rangeanalysis/codeql-pack.release.yml | 2 ++ shared/rangeanalysis/qlpack.yml | 2 +- shared/regex/CHANGELOG.md | 4 ++++ shared/regex/change-notes/released/0.2.2.md | 3 +++ shared/regex/codeql-pack.release.yml | 2 +- shared/regex/qlpack.yml | 2 +- shared/ssa/CHANGELOG.md | 4 ++++ shared/ssa/change-notes/released/0.2.2.md | 3 +++ shared/ssa/codeql-pack.release.yml | 2 +- shared/ssa/qlpack.yml | 2 +- shared/threat-models/CHANGELOG.md | 3 +++ .../threat-models/change-notes/released/0.0.1.md | 3 +++ shared/threat-models/codeql-pack.release.yml | 2 ++ shared/threat-models/qlpack.yml | 2 +- shared/tutorial/CHANGELOG.md | 4 ++++ shared/tutorial/change-notes/released/0.2.2.md | 3 +++ shared/tutorial/codeql-pack.release.yml | 2 +- shared/tutorial/qlpack.yml | 2 +- shared/typetracking/CHANGELOG.md | 4 ++++ .../typetracking/change-notes/released/0.2.2.md | 3 +++ shared/typetracking/codeql-pack.release.yml | 2 +- shared/typetracking/qlpack.yml | 2 +- shared/typos/CHANGELOG.md | 4 ++++ shared/typos/change-notes/released/0.2.2.md | 3 +++ shared/typos/codeql-pack.release.yml | 2 +- shared/typos/qlpack.yml | 2 +- shared/util/CHANGELOG.md | 6 ++++++ .../2023-10-13-filepath-normalization.md | 4 ---- shared/util/change-notes/released/0.2.2.md | 5 +++++ shared/util/codeql-pack.release.yml | 2 +- shared/util/qlpack.yml | 2 +- shared/yaml/CHANGELOG.md | 4 ++++ shared/yaml/change-notes/released/0.2.2.md | 3 +++ shared/yaml/codeql-pack.release.yml | 2 +- shared/yaml/qlpack.yml | 2 +- swift/ql/lib/CHANGELOG.md | 14 ++++++++++++++ .../2023-08-31-open-existential-expr.md | 5 ----- .../lib/change-notes/2023-10-05-regex-models.md | 5 ----- .../change-notes/2023-10-06-autoclosure-cfg.md | 5 ----- .../change-notes/2023-10-13-rawrepresentable.md | 5 ----- .../change-notes/2023-10-16-collection-content.md | 5 ----- swift/ql/lib/change-notes/2023-10-16-string.md | 5 ----- swift/ql/lib/change-notes/2023-10-16-substring.md | 5 ----- .../2023-10-18-unspecified-element-children.md | 5 ----- .../change-notes/2023-10-27-variable-capture.md | 4 ---- swift/ql/lib/change-notes/released/0.3.2.md | 13 +++++++++++++ swift/ql/lib/codeql-pack.release.yml | 2 +- swift/ql/lib/qlpack.yml | 2 +- swift/ql/src/CHANGELOG.md | 4 ++++ swift/ql/src/change-notes/released/0.3.2.md | 3 +++ swift/ql/src/codeql-pack.release.yml | 2 +- swift/ql/src/qlpack.yml | 2 +- 151 files changed, 392 insertions(+), 175 deletions(-) delete mode 100644 cpp/ql/lib/change-notes/2023-09-04-more-floating-point-types.md delete mode 100644 cpp/ql/lib/change-notes/2023-10-12-additional-call-targets.md delete mode 100644 cpp/ql/lib/change-notes/2023-10-20-implicit-this.md delete mode 100644 cpp/ql/lib/change-notes/2023-10-24-remove-getlocation-from-folder.md create mode 100644 cpp/ql/lib/change-notes/released/0.11.0.md create mode 100644 cpp/ql/src/change-notes/released/0.8.2.md create mode 100644 csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.2.md create mode 100644 csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.2.md create mode 100644 csharp/ql/lib/change-notes/released/0.8.2.md create mode 100644 csharp/ql/src/change-notes/released/0.8.2.md create mode 100644 go/ql/consistency-queries/CHANGELOG.md create mode 100644 go/ql/consistency-queries/change-notes/released/0.0.1.md create mode 100644 go/ql/consistency-queries/codeql-pack.release.yml delete mode 100644 go/ql/lib/change-notes/2023-10-25-reflectedxss-cookie-sanitizer.md rename go/ql/lib/change-notes/{2023-10-20-enclosing-callable-for-external-files.md => released/0.7.2.md} (69%) rename go/ql/src/change-notes/{2023-10-27-incorrect-integer-conversion-guards.md => released/0.7.2.md} (77%) create mode 100644 java/ql/automodel/src/change-notes/released/0.0.7.md delete mode 100644 java/ql/lib/change-notes/2023-10-17-new-models.md delete mode 100644 java/ql/lib/change-notes/2023-10-23-spring-6-models.md rename java/ql/lib/change-notes/{2023-10-24-java-renames.md => released/0.8.2.md} (66%) delete mode 100644 java/ql/src/change-notes/2023-10-16-spring-disabled-csrf-protection-improved.md rename java/ql/src/change-notes/{2023-10-20-lines-of-code.md => released/0.8.2.md} (59%) create mode 100644 javascript/ql/lib/change-notes/released/0.8.2.md rename javascript/ql/src/change-notes/{2023-10-26-express-rate-limit.md => released/0.8.2.md} (63%) create mode 100644 misc/suite-helpers/change-notes/released/0.7.2.md delete mode 100644 python/ql/lib/change-notes/2023-10-17-contextmanager.md rename python/ql/lib/change-notes/{2023-09-29-allow-namespace-packages.md => released/0.11.2.md} (60%) create mode 100644 python/ql/src/change-notes/released/0.9.2.md create mode 100644 ruby/ql/lib/change-notes/released/0.8.2.md create mode 100644 ruby/ql/src/change-notes/released/0.8.2.md create mode 100644 shared/controlflow/change-notes/released/0.1.2.md rename shared/dataflow/change-notes/{2023-10-27-partialflow-api.md => released/0.1.2.md} (93%) create mode 100644 shared/mad/change-notes/released/0.2.2.md rename shared/rangeanalysis/{change-notes/2023-10-05-initial.md => CHANGELOG.md} (62%) create mode 100644 shared/rangeanalysis/change-notes/released/0.0.1.md create mode 100644 shared/rangeanalysis/codeql-pack.release.yml create mode 100644 shared/regex/change-notes/released/0.2.2.md create mode 100644 shared/ssa/change-notes/released/0.2.2.md create mode 100644 shared/threat-models/CHANGELOG.md create mode 100644 shared/threat-models/change-notes/released/0.0.1.md create mode 100644 shared/threat-models/codeql-pack.release.yml create mode 100644 shared/tutorial/change-notes/released/0.2.2.md create mode 100644 shared/typetracking/change-notes/released/0.2.2.md create mode 100644 shared/typos/change-notes/released/0.2.2.md delete mode 100644 shared/util/change-notes/2023-10-13-filepath-normalization.md create mode 100644 shared/util/change-notes/released/0.2.2.md create mode 100644 shared/yaml/change-notes/released/0.2.2.md delete mode 100644 swift/ql/lib/change-notes/2023-08-31-open-existential-expr.md delete mode 100644 swift/ql/lib/change-notes/2023-10-05-regex-models.md delete mode 100644 swift/ql/lib/change-notes/2023-10-06-autoclosure-cfg.md delete mode 100644 swift/ql/lib/change-notes/2023-10-13-rawrepresentable.md delete mode 100644 swift/ql/lib/change-notes/2023-10-16-collection-content.md delete mode 100644 swift/ql/lib/change-notes/2023-10-16-string.md delete mode 100644 swift/ql/lib/change-notes/2023-10-16-substring.md delete mode 100644 swift/ql/lib/change-notes/2023-10-18-unspecified-element-children.md delete mode 100644 swift/ql/lib/change-notes/2023-10-27-variable-capture.md create mode 100644 swift/ql/lib/change-notes/released/0.3.2.md create mode 100644 swift/ql/src/change-notes/released/0.3.2.md diff --git a/cpp/ql/lib/CHANGELOG.md b/cpp/ql/lib/CHANGELOG.md index 5dec13e72b5..c458d28ec7d 100644 --- a/cpp/ql/lib/CHANGELOG.md +++ b/cpp/ql/lib/CHANGELOG.md @@ -1,3 +1,18 @@ +## 0.11.0 + +### Breaking Changes + +* The `Container` and `Folder` classes now derive from `ElementBase` instead of `Locatable`, and no longer expose the `getLocation` predicate. Use `getURL` instead. + +### New Features + +* Added a new class `AdditionalCallTarget` for specifying additional call targets. + +### Minor Analysis Improvements + +* More field accesses are identified as `ImplicitThisFieldAccess`. +* Added support for new floating-point types in C23 and C++23. + ## 0.10.1 ### Minor Analysis Improvements diff --git a/cpp/ql/lib/change-notes/2023-09-04-more-floating-point-types.md b/cpp/ql/lib/change-notes/2023-09-04-more-floating-point-types.md deleted file mode 100644 index 9c30d6eddd8..00000000000 --- a/cpp/ql/lib/change-notes/2023-09-04-more-floating-point-types.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added support for new floating-point types in C23 and C++23. diff --git a/cpp/ql/lib/change-notes/2023-10-12-additional-call-targets.md b/cpp/ql/lib/change-notes/2023-10-12-additional-call-targets.md deleted file mode 100644 index f87fba1f172..00000000000 --- a/cpp/ql/lib/change-notes/2023-10-12-additional-call-targets.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: feature ---- -* Added a new class `AdditionalCallTarget` for specifying additional call targets. diff --git a/cpp/ql/lib/change-notes/2023-10-20-implicit-this.md b/cpp/ql/lib/change-notes/2023-10-20-implicit-this.md deleted file mode 100644 index 7d915e15849..00000000000 --- a/cpp/ql/lib/change-notes/2023-10-20-implicit-this.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* More field accesses are identified as `ImplicitThisFieldAccess`. diff --git a/cpp/ql/lib/change-notes/2023-10-24-remove-getlocation-from-folder.md b/cpp/ql/lib/change-notes/2023-10-24-remove-getlocation-from-folder.md deleted file mode 100644 index f2b168949a6..00000000000 --- a/cpp/ql/lib/change-notes/2023-10-24-remove-getlocation-from-folder.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: breaking ---- -* The `Container` and `Folder` classes now derive from `ElementBase` instead of `Locatable`, and no longer expose the `getLocation` predicate. Use `getURL` instead. diff --git a/cpp/ql/lib/change-notes/released/0.11.0.md b/cpp/ql/lib/change-notes/released/0.11.0.md new file mode 100644 index 00000000000..1e8ddaff040 --- /dev/null +++ b/cpp/ql/lib/change-notes/released/0.11.0.md @@ -0,0 +1,14 @@ +## 0.11.0 + +### Breaking Changes + +* The `Container` and `Folder` classes now derive from `ElementBase` instead of `Locatable`, and no longer expose the `getLocation` predicate. Use `getURL` instead. + +### New Features + +* Added a new class `AdditionalCallTarget` for specifying additional call targets. + +### Minor Analysis Improvements + +* More field accesses are identified as `ImplicitThisFieldAccess`. +* Added support for new floating-point types in C23 and C++23. diff --git a/cpp/ql/lib/codeql-pack.release.yml b/cpp/ql/lib/codeql-pack.release.yml index af7510b3cd6..fce68697d68 100644 --- a/cpp/ql/lib/codeql-pack.release.yml +++ b/cpp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.10.1 +lastReleaseVersion: 0.11.0 diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index 06ce6589b7b..90a71eb72af 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 0.10.2-dev +version: 0.11.0 groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/src/CHANGELOG.md b/cpp/ql/src/CHANGELOG.md index b5fba0867ac..487feb533c4 100644 --- a/cpp/ql/src/CHANGELOG.md +++ b/cpp/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.8.2 + +No user-facing changes. + ## 0.8.1 ### New Queries diff --git a/cpp/ql/src/change-notes/released/0.8.2.md b/cpp/ql/src/change-notes/released/0.8.2.md new file mode 100644 index 00000000000..11c1f6119a5 --- /dev/null +++ b/cpp/ql/src/change-notes/released/0.8.2.md @@ -0,0 +1,3 @@ +## 0.8.2 + +No user-facing changes. diff --git a/cpp/ql/src/codeql-pack.release.yml b/cpp/ql/src/codeql-pack.release.yml index 2f693f95ba6..404110129dc 100644 --- a/cpp/ql/src/codeql-pack.release.yml +++ b/cpp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.1 +lastReleaseVersion: 0.8.2 diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index ae91e0bd858..70d2ef73c8c 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-queries -version: 0.8.2-dev +version: 0.8.2 groups: - cpp - queries diff --git a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md index 6d013d8ce69..8e37908e0fc 100644 --- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.2 + +No user-facing changes. + ## 1.7.1 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.2.md b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.2.md new file mode 100644 index 00000000000..b950385c16d --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.2.md @@ -0,0 +1,3 @@ +## 1.7.2 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml index 7bdec0d85c7..39bbba86c19 100644 --- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.1 +lastReleaseVersion: 1.7.2 diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml index ab51dd17629..139a71e8b7b 100644 --- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-all -version: 1.7.2-dev +version: 1.7.2 groups: - csharp - solorigate diff --git a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md index 6d013d8ce69..8e37908e0fc 100644 --- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.2 + +No user-facing changes. + ## 1.7.1 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.2.md b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.2.md new file mode 100644 index 00000000000..b950385c16d --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.2.md @@ -0,0 +1,3 @@ +## 1.7.2 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml index 7bdec0d85c7..39bbba86c19 100644 --- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.1 +lastReleaseVersion: 1.7.2 diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml index a7e94bb3774..434e3037ac6 100644 --- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-queries -version: 1.7.2-dev +version: 1.7.2 groups: - csharp - solorigate diff --git a/csharp/ql/lib/CHANGELOG.md b/csharp/ql/lib/CHANGELOG.md index 8c7b2cd062c..71fbec9d4fe 100644 --- a/csharp/ql/lib/CHANGELOG.md +++ b/csharp/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.8.2 + +No user-facing changes. + ## 0.8.1 ### Minor Analysis Improvements diff --git a/csharp/ql/lib/change-notes/released/0.8.2.md b/csharp/ql/lib/change-notes/released/0.8.2.md new file mode 100644 index 00000000000..11c1f6119a5 --- /dev/null +++ b/csharp/ql/lib/change-notes/released/0.8.2.md @@ -0,0 +1,3 @@ +## 0.8.2 + +No user-facing changes. diff --git a/csharp/ql/lib/codeql-pack.release.yml b/csharp/ql/lib/codeql-pack.release.yml index 2f693f95ba6..404110129dc 100644 --- a/csharp/ql/lib/codeql-pack.release.yml +++ b/csharp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.1 +lastReleaseVersion: 0.8.2 diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index 2ac975f1003..10cdf042be0 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 0.8.2-dev +version: 0.8.2 groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/src/CHANGELOG.md b/csharp/ql/src/CHANGELOG.md index e1d837bb40b..7246cba39cb 100644 --- a/csharp/ql/src/CHANGELOG.md +++ b/csharp/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.8.2 + +No user-facing changes. + ## 0.8.1 ### Minor Analysis Improvements diff --git a/csharp/ql/src/change-notes/released/0.8.2.md b/csharp/ql/src/change-notes/released/0.8.2.md new file mode 100644 index 00000000000..11c1f6119a5 --- /dev/null +++ b/csharp/ql/src/change-notes/released/0.8.2.md @@ -0,0 +1,3 @@ +## 0.8.2 + +No user-facing changes. diff --git a/csharp/ql/src/codeql-pack.release.yml b/csharp/ql/src/codeql-pack.release.yml index 2f693f95ba6..404110129dc 100644 --- a/csharp/ql/src/codeql-pack.release.yml +++ b/csharp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.1 +lastReleaseVersion: 0.8.2 diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index 54fe066d096..6e6e3d3c6ec 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-queries -version: 0.8.2-dev +version: 0.8.2 groups: - csharp - queries diff --git a/go/ql/consistency-queries/CHANGELOG.md b/go/ql/consistency-queries/CHANGELOG.md new file mode 100644 index 00000000000..59b60bad0f3 --- /dev/null +++ b/go/ql/consistency-queries/CHANGELOG.md @@ -0,0 +1,3 @@ +## 0.0.1 + +No user-facing changes. diff --git a/go/ql/consistency-queries/change-notes/released/0.0.1.md b/go/ql/consistency-queries/change-notes/released/0.0.1.md new file mode 100644 index 00000000000..59b60bad0f3 --- /dev/null +++ b/go/ql/consistency-queries/change-notes/released/0.0.1.md @@ -0,0 +1,3 @@ +## 0.0.1 + +No user-facing changes. diff --git a/go/ql/consistency-queries/codeql-pack.release.yml b/go/ql/consistency-queries/codeql-pack.release.yml new file mode 100644 index 00000000000..c6933410b71 --- /dev/null +++ b/go/ql/consistency-queries/codeql-pack.release.yml @@ -0,0 +1,2 @@ +--- +lastReleaseVersion: 0.0.1 diff --git a/go/ql/consistency-queries/qlpack.yml b/go/ql/consistency-queries/qlpack.yml index 01232241fc1..6b5870aa406 100644 --- a/go/ql/consistency-queries/qlpack.yml +++ b/go/ql/consistency-queries/qlpack.yml @@ -1,5 +1,5 @@ name: codeql-go-consistency-queries -version: 0.0.0 +version: 0.0.1 groups: - go - queries diff --git a/go/ql/lib/CHANGELOG.md b/go/ql/lib/CHANGELOG.md index 20567a56d40..62d802b584a 100644 --- a/go/ql/lib/CHANGELOG.md +++ b/go/ql/lib/CHANGELOG.md @@ -1,3 +1,13 @@ +## 0.7.2 + +### Minor Analysis Improvements + +* Added [Request.Cookie](https://pkg.go.dev/net/http#Request.Cookie) to reflected XSS sanitizers. + +### Bug Fixes + +* Fixed a bug where data flow nodes in files that are not in the project being analyzed (such as libraries) and are not contained within a function were not given an enclosing `Callable`. Note that for nodes that are not contained within a function, the enclosing callable is considered to be the file itself. This may cause some minor changes to results. + ## 0.7.1 ### Minor Analysis Improvements diff --git a/go/ql/lib/change-notes/2023-10-25-reflectedxss-cookie-sanitizer.md b/go/ql/lib/change-notes/2023-10-25-reflectedxss-cookie-sanitizer.md deleted file mode 100644 index efb8faee097..00000000000 --- a/go/ql/lib/change-notes/2023-10-25-reflectedxss-cookie-sanitizer.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added [Request.Cookie](https://pkg.go.dev/net/http#Request.Cookie) to reflected XSS sanitizers. \ No newline at end of file diff --git a/go/ql/lib/change-notes/2023-10-20-enclosing-callable-for-external-files.md b/go/ql/lib/change-notes/released/0.7.2.md similarity index 69% rename from go/ql/lib/change-notes/2023-10-20-enclosing-callable-for-external-files.md rename to go/ql/lib/change-notes/released/0.7.2.md index 59a646c2c8c..1124a5c1ecd 100644 --- a/go/ql/lib/change-notes/2023-10-20-enclosing-callable-for-external-files.md +++ b/go/ql/lib/change-notes/released/0.7.2.md @@ -1,4 +1,9 @@ ---- -category: fix ---- +## 0.7.2 + +### Minor Analysis Improvements + +* Added [Request.Cookie](https://pkg.go.dev/net/http#Request.Cookie) to reflected XSS sanitizers. + +### Bug Fixes + * Fixed a bug where data flow nodes in files that are not in the project being analyzed (such as libraries) and are not contained within a function were not given an enclosing `Callable`. Note that for nodes that are not contained within a function, the enclosing callable is considered to be the file itself. This may cause some minor changes to results. diff --git a/go/ql/lib/codeql-pack.release.yml b/go/ql/lib/codeql-pack.release.yml index e007a9aec3e..fee171e9685 100644 --- a/go/ql/lib/codeql-pack.release.yml +++ b/go/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.1 +lastReleaseVersion: 0.7.2 diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml index ddc9956180c..5ad8bf980c9 100644 --- a/go/ql/lib/qlpack.yml +++ b/go/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-all -version: 0.7.2-dev +version: 0.7.2 groups: go dbscheme: go.dbscheme extractor: go diff --git a/go/ql/src/CHANGELOG.md b/go/ql/src/CHANGELOG.md index 7ceadcda745..9770cc59b48 100644 --- a/go/ql/src/CHANGELOG.md +++ b/go/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.7.2 + +### Minor Analysis Improvements + +* The query `go/incorrect-integer-conversion` now correctly recognizes more guards of the form `if val <= x` to protect a conversion `uintX(val)`. + ## 0.7.1 ### Minor Analysis Improvements diff --git a/go/ql/src/change-notes/2023-10-27-incorrect-integer-conversion-guards.md b/go/ql/src/change-notes/released/0.7.2.md similarity index 77% rename from go/ql/src/change-notes/2023-10-27-incorrect-integer-conversion-guards.md rename to go/ql/src/change-notes/released/0.7.2.md index 2c5f163879f..e80b0ffa52a 100644 --- a/go/ql/src/change-notes/2023-10-27-incorrect-integer-conversion-guards.md +++ b/go/ql/src/change-notes/released/0.7.2.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- +## 0.7.2 + +### Minor Analysis Improvements + * The query `go/incorrect-integer-conversion` now correctly recognizes more guards of the form `if val <= x` to protect a conversion `uintX(val)`. diff --git a/go/ql/src/codeql-pack.release.yml b/go/ql/src/codeql-pack.release.yml index e007a9aec3e..fee171e9685 100644 --- a/go/ql/src/codeql-pack.release.yml +++ b/go/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.1 +lastReleaseVersion: 0.7.2 diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml index 99573ffaa5d..9309b1db4ed 100644 --- a/go/ql/src/qlpack.yml +++ b/go/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-queries -version: 0.7.2-dev +version: 0.7.2 groups: - go - queries diff --git a/java/ql/automodel/src/CHANGELOG.md b/java/ql/automodel/src/CHANGELOG.md index 89d062a2a24..88b3b77ee45 100644 --- a/java/ql/automodel/src/CHANGELOG.md +++ b/java/ql/automodel/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.7 + +No user-facing changes. + ## 0.0.6 No user-facing changes. diff --git a/java/ql/automodel/src/change-notes/released/0.0.7.md b/java/ql/automodel/src/change-notes/released/0.0.7.md new file mode 100644 index 00000000000..84da6f18c42 --- /dev/null +++ b/java/ql/automodel/src/change-notes/released/0.0.7.md @@ -0,0 +1,3 @@ +## 0.0.7 + +No user-facing changes. diff --git a/java/ql/automodel/src/codeql-pack.release.yml b/java/ql/automodel/src/codeql-pack.release.yml index cf398ce02aa..a2a5484910b 100644 --- a/java/ql/automodel/src/codeql-pack.release.yml +++ b/java/ql/automodel/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.6 +lastReleaseVersion: 0.0.7 diff --git a/java/ql/automodel/src/qlpack.yml b/java/ql/automodel/src/qlpack.yml index a157feb9ebe..6bf7e6eed82 100644 --- a/java/ql/automodel/src/qlpack.yml +++ b/java/ql/automodel/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-automodel-queries -version: 0.0.7-dev +version: 0.0.7 groups: - java - automodel diff --git a/java/ql/lib/CHANGELOG.md b/java/ql/lib/CHANGELOG.md index aad04cf36de..0bfe85bbcf6 100644 --- a/java/ql/lib/CHANGELOG.md +++ b/java/ql/lib/CHANGELOG.md @@ -1,3 +1,16 @@ +## 0.8.2 + +### Minor Analysis Improvements + +* Java classes `MethodAccess`, `LValue` and `RValue` were renamed to `MethodCall`, `VarWrite` and `VarRead` respectively, along with related predicates and class names. The old names remain usable for the time being but are deprecated and should be replaced. +* New class `NewClassExpr` was added to represent specifically an explicit `new ClassName(...)` invocation, in contrast to `ClassInstanceExpr` which also includes expressions that implicitly instantiate classes, such as defining a lambda or taking a method reference. +* Added up to date models related to Spring Framework 6's `org.springframework.http.ResponseEntity`. +* Added models for the following packages: + + * com.alibaba.fastjson2 + * javax.management + * org.apache.http.client.utils + ## 0.8.1 ### New Features diff --git a/java/ql/lib/change-notes/2023-10-17-new-models.md b/java/ql/lib/change-notes/2023-10-17-new-models.md deleted file mode 100644 index 2b1c5ae4247..00000000000 --- a/java/ql/lib/change-notes/2023-10-17-new-models.md +++ /dev/null @@ -1,8 +0,0 @@ ---- -category: minorAnalysis ---- -* Added models for the following packages: - - * com.alibaba.fastjson2 - * javax.management - * org.apache.http.client.utils diff --git a/java/ql/lib/change-notes/2023-10-23-spring-6-models.md b/java/ql/lib/change-notes/2023-10-23-spring-6-models.md deleted file mode 100644 index 8c4f9f938f2..00000000000 --- a/java/ql/lib/change-notes/2023-10-23-spring-6-models.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added up to date models related to Spring Framework 6's `org.springframework.http.ResponseEntity`. diff --git a/java/ql/lib/change-notes/2023-10-24-java-renames.md b/java/ql/lib/change-notes/released/0.8.2.md similarity index 66% rename from java/ql/lib/change-notes/2023-10-24-java-renames.md rename to java/ql/lib/change-notes/released/0.8.2.md index e6aebad211c..15436016ac2 100644 --- a/java/ql/lib/change-notes/2023-10-24-java-renames.md +++ b/java/ql/lib/change-notes/released/0.8.2.md @@ -1,5 +1,12 @@ ---- -category: minorAnalysis ---- +## 0.8.2 + +### Minor Analysis Improvements + * Java classes `MethodAccess`, `LValue` and `RValue` were renamed to `MethodCall`, `VarWrite` and `VarRead` respectively, along with related predicates and class names. The old names remain usable for the time being but are deprecated and should be replaced. * New class `NewClassExpr` was added to represent specifically an explicit `new ClassName(...)` invocation, in contrast to `ClassInstanceExpr` which also includes expressions that implicitly instantiate classes, such as defining a lambda or taking a method reference. +* Added up to date models related to Spring Framework 6's `org.springframework.http.ResponseEntity`. +* Added models for the following packages: + + * com.alibaba.fastjson2 + * javax.management + * org.apache.http.client.utils diff --git a/java/ql/lib/codeql-pack.release.yml b/java/ql/lib/codeql-pack.release.yml index 2f693f95ba6..404110129dc 100644 --- a/java/ql/lib/codeql-pack.release.yml +++ b/java/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.1 +lastReleaseVersion: 0.8.2 diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index 2261427469e..d53723702ac 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 0.8.2-dev +version: 0.8.2 groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/src/CHANGELOG.md b/java/ql/src/CHANGELOG.md index c0a6261d914..264532fc787 100644 --- a/java/ql/src/CHANGELOG.md +++ b/java/ql/src/CHANGELOG.md @@ -1,3 +1,10 @@ +## 0.8.2 + +### Minor Analysis Improvements + +* java/summary/lines-of-code now gives the total number of lines of Java and Kotlin code, and is the only query tagged `lines-of-code`. java/summary/lines-of-code-java and java/summary/lines-of-code-kotlin give the per-language counts. +* The query `java/spring-disabled-csrf-protection` has been improved to detect more ways of disabling CSRF in Spring. + ## 0.8.1 ### Minor Analysis Improvements diff --git a/java/ql/src/change-notes/2023-10-16-spring-disabled-csrf-protection-improved.md b/java/ql/src/change-notes/2023-10-16-spring-disabled-csrf-protection-improved.md deleted file mode 100644 index 94462f0f8c3..00000000000 --- a/java/ql/src/change-notes/2023-10-16-spring-disabled-csrf-protection-improved.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The query `java/spring-disabled-csrf-protection` has been improved to detect more ways of disabling CSRF in Spring. diff --git a/java/ql/src/change-notes/2023-10-20-lines-of-code.md b/java/ql/src/change-notes/released/0.8.2.md similarity index 59% rename from java/ql/src/change-notes/2023-10-20-lines-of-code.md rename to java/ql/src/change-notes/released/0.8.2.md index b6b49aba7f9..eca4e923e25 100644 --- a/java/ql/src/change-notes/2023-10-20-lines-of-code.md +++ b/java/ql/src/change-notes/released/0.8.2.md @@ -1,4 +1,6 @@ ---- -category: minorAnalysis ---- +## 0.8.2 + +### Minor Analysis Improvements + * java/summary/lines-of-code now gives the total number of lines of Java and Kotlin code, and is the only query tagged `lines-of-code`. java/summary/lines-of-code-java and java/summary/lines-of-code-kotlin give the per-language counts. +* The query `java/spring-disabled-csrf-protection` has been improved to detect more ways of disabling CSRF in Spring. diff --git a/java/ql/src/codeql-pack.release.yml b/java/ql/src/codeql-pack.release.yml index 2f693f95ba6..404110129dc 100644 --- a/java/ql/src/codeql-pack.release.yml +++ b/java/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.1 +lastReleaseVersion: 0.8.2 diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index 1491aeaf8a5..bc71d4bb054 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-queries -version: 0.8.2-dev +version: 0.8.2 groups: - java - queries diff --git a/javascript/ql/lib/CHANGELOG.md b/javascript/ql/lib/CHANGELOG.md index 53155773c3d..b72e86cd41d 100644 --- a/javascript/ql/lib/CHANGELOG.md +++ b/javascript/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.8.2 + +No user-facing changes. + ## 0.8.1 ### Minor Analysis Improvements diff --git a/javascript/ql/lib/change-notes/released/0.8.2.md b/javascript/ql/lib/change-notes/released/0.8.2.md new file mode 100644 index 00000000000..11c1f6119a5 --- /dev/null +++ b/javascript/ql/lib/change-notes/released/0.8.2.md @@ -0,0 +1,3 @@ +## 0.8.2 + +No user-facing changes. diff --git a/javascript/ql/lib/codeql-pack.release.yml b/javascript/ql/lib/codeql-pack.release.yml index 2f693f95ba6..404110129dc 100644 --- a/javascript/ql/lib/codeql-pack.release.yml +++ b/javascript/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.1 +lastReleaseVersion: 0.8.2 diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index ebd48dfeffa..8180fb4d440 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-all -version: 0.8.2-dev +version: 0.8.2 groups: javascript dbscheme: semmlecode.javascript.dbscheme extractor: javascript diff --git a/javascript/ql/src/CHANGELOG.md b/javascript/ql/src/CHANGELOG.md index 1effcdfa16d..922190dac29 100644 --- a/javascript/ql/src/CHANGELOG.md +++ b/javascript/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.8.2 + +### Minor Analysis Improvements + +* Added modeling for importing `express-rate-limit` using a named import. + ## 0.8.1 ### Minor Analysis Improvements diff --git a/javascript/ql/src/change-notes/2023-10-26-express-rate-limit.md b/javascript/ql/src/change-notes/released/0.8.2.md similarity index 63% rename from javascript/ql/src/change-notes/2023-10-26-express-rate-limit.md rename to javascript/ql/src/change-notes/released/0.8.2.md index 28804e97908..a3d132b9000 100644 --- a/javascript/ql/src/change-notes/2023-10-26-express-rate-limit.md +++ b/javascript/ql/src/change-notes/released/0.8.2.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- +## 0.8.2 + +### Minor Analysis Improvements + * Added modeling for importing `express-rate-limit` using a named import. diff --git a/javascript/ql/src/codeql-pack.release.yml b/javascript/ql/src/codeql-pack.release.yml index 2f693f95ba6..404110129dc 100644 --- a/javascript/ql/src/codeql-pack.release.yml +++ b/javascript/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.1 +lastReleaseVersion: 0.8.2 diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml index 3cba824d8f7..72b45ca13d8 100644 --- a/javascript/ql/src/qlpack.yml +++ b/javascript/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-queries -version: 0.8.2-dev +version: 0.8.2 groups: - javascript - queries diff --git a/misc/suite-helpers/CHANGELOG.md b/misc/suite-helpers/CHANGELOG.md index a3fe08e3d49..f81fff6a15d 100644 --- a/misc/suite-helpers/CHANGELOG.md +++ b/misc/suite-helpers/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.7.2 + +No user-facing changes. + ## 0.7.1 No user-facing changes. diff --git a/misc/suite-helpers/change-notes/released/0.7.2.md b/misc/suite-helpers/change-notes/released/0.7.2.md new file mode 100644 index 00000000000..8693d609ec7 --- /dev/null +++ b/misc/suite-helpers/change-notes/released/0.7.2.md @@ -0,0 +1,3 @@ +## 0.7.2 + +No user-facing changes. diff --git a/misc/suite-helpers/codeql-pack.release.yml b/misc/suite-helpers/codeql-pack.release.yml index e007a9aec3e..fee171e9685 100644 --- a/misc/suite-helpers/codeql-pack.release.yml +++ b/misc/suite-helpers/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.1 +lastReleaseVersion: 0.7.2 diff --git a/misc/suite-helpers/qlpack.yml b/misc/suite-helpers/qlpack.yml index e8285dc5fcc..6de31f4d421 100644 --- a/misc/suite-helpers/qlpack.yml +++ b/misc/suite-helpers/qlpack.yml @@ -1,4 +1,4 @@ name: codeql/suite-helpers -version: 0.7.2-dev +version: 0.7.2 groups: shared warnOnImplicitThis: true diff --git a/python/ql/lib/CHANGELOG.md b/python/ql/lib/CHANGELOG.md index e3d2d5574a0..c3739b0bfc1 100644 --- a/python/ql/lib/CHANGELOG.md +++ b/python/ql/lib/CHANGELOG.md @@ -1,3 +1,10 @@ +## 0.11.2 + +### Minor Analysis Improvements + +* Added support for functions decorated with `contextlib.contextmanager`. +* Namespace packages in the form of regular packages with missing `__init__.py`-files are now allowed. This enables the analysis to resolve modules and functions inside such packages. + ## 0.11.1 ### Minor Analysis Improvements diff --git a/python/ql/lib/change-notes/2023-10-17-contextmanager.md b/python/ql/lib/change-notes/2023-10-17-contextmanager.md deleted file mode 100644 index dabd03a7257..00000000000 --- a/python/ql/lib/change-notes/2023-10-17-contextmanager.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added support for functions decorated with `contextlib.contextmanager`. diff --git a/python/ql/lib/change-notes/2023-09-29-allow-namespace-packages.md b/python/ql/lib/change-notes/released/0.11.2.md similarity index 60% rename from python/ql/lib/change-notes/2023-09-29-allow-namespace-packages.md rename to python/ql/lib/change-notes/released/0.11.2.md index 6c064920b51..b9742da3fe0 100644 --- a/python/ql/lib/change-notes/2023-09-29-allow-namespace-packages.md +++ b/python/ql/lib/change-notes/released/0.11.2.md @@ -1,4 +1,6 @@ ---- -category: minorAnalysis ---- +## 0.11.2 + +### Minor Analysis Improvements + +* Added support for functions decorated with `contextlib.contextmanager`. * Namespace packages in the form of regular packages with missing `__init__.py`-files are now allowed. This enables the analysis to resolve modules and functions inside such packages. diff --git a/python/ql/lib/codeql-pack.release.yml b/python/ql/lib/codeql-pack.release.yml index 924f56c785a..965b515cf93 100644 --- a/python/ql/lib/codeql-pack.release.yml +++ b/python/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.11.1 +lastReleaseVersion: 0.11.2 diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml index 5f7b50cc851..f264b8da2eb 100644 --- a/python/ql/lib/qlpack.yml +++ b/python/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-all -version: 0.11.2-dev +version: 0.11.2 groups: python dbscheme: semmlecode.python.dbscheme extractor: python diff --git a/python/ql/src/CHANGELOG.md b/python/ql/src/CHANGELOG.md index 2d64d52f78b..0360df4c4c5 100644 --- a/python/ql/src/CHANGELOG.md +++ b/python/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.9.2 + +No user-facing changes. + ## 0.9.1 No user-facing changes. diff --git a/python/ql/src/change-notes/released/0.9.2.md b/python/ql/src/change-notes/released/0.9.2.md new file mode 100644 index 00000000000..50442967c67 --- /dev/null +++ b/python/ql/src/change-notes/released/0.9.2.md @@ -0,0 +1,3 @@ +## 0.9.2 + +No user-facing changes. diff --git a/python/ql/src/codeql-pack.release.yml b/python/ql/src/codeql-pack.release.yml index 6789dcd18b7..e1eda519435 100644 --- a/python/ql/src/codeql-pack.release.yml +++ b/python/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.9.1 +lastReleaseVersion: 0.9.2 diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml index 69ece304b76..faae2e2c3d3 100644 --- a/python/ql/src/qlpack.yml +++ b/python/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-queries -version: 0.9.2-dev +version: 0.9.2 groups: - python - queries diff --git a/ruby/ql/lib/CHANGELOG.md b/ruby/ql/lib/CHANGELOG.md index b531f75ca94..69474dff6bf 100644 --- a/ruby/ql/lib/CHANGELOG.md +++ b/ruby/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.8.2 + +No user-facing changes. + ## 0.8.1 ### Minor Analysis Improvements diff --git a/ruby/ql/lib/change-notes/released/0.8.2.md b/ruby/ql/lib/change-notes/released/0.8.2.md new file mode 100644 index 00000000000..11c1f6119a5 --- /dev/null +++ b/ruby/ql/lib/change-notes/released/0.8.2.md @@ -0,0 +1,3 @@ +## 0.8.2 + +No user-facing changes. diff --git a/ruby/ql/lib/codeql-pack.release.yml b/ruby/ql/lib/codeql-pack.release.yml index 2f693f95ba6..404110129dc 100644 --- a/ruby/ql/lib/codeql-pack.release.yml +++ b/ruby/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.1 +lastReleaseVersion: 0.8.2 diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml index f1cdda21fe7..272e3a5ba34 100644 --- a/ruby/ql/lib/qlpack.yml +++ b/ruby/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-all -version: 0.8.2-dev +version: 0.8.2 groups: ruby extractor: ruby dbscheme: ruby.dbscheme diff --git a/ruby/ql/src/CHANGELOG.md b/ruby/ql/src/CHANGELOG.md index 947a4b45d51..fa5327383b0 100644 --- a/ruby/ql/src/CHANGELOG.md +++ b/ruby/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.8.2 + +No user-facing changes. + ## 0.8.1 ### New Queries diff --git a/ruby/ql/src/change-notes/released/0.8.2.md b/ruby/ql/src/change-notes/released/0.8.2.md new file mode 100644 index 00000000000..11c1f6119a5 --- /dev/null +++ b/ruby/ql/src/change-notes/released/0.8.2.md @@ -0,0 +1,3 @@ +## 0.8.2 + +No user-facing changes. diff --git a/ruby/ql/src/codeql-pack.release.yml b/ruby/ql/src/codeql-pack.release.yml index 2f693f95ba6..404110129dc 100644 --- a/ruby/ql/src/codeql-pack.release.yml +++ b/ruby/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.1 +lastReleaseVersion: 0.8.2 diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml index 5c39f44f0a7..74905491a99 100644 --- a/ruby/ql/src/qlpack.yml +++ b/ruby/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-queries -version: 0.8.2-dev +version: 0.8.2 groups: - ruby - queries diff --git a/shared/controlflow/CHANGELOG.md b/shared/controlflow/CHANGELOG.md index ea568563760..4b349473918 100644 --- a/shared/controlflow/CHANGELOG.md +++ b/shared/controlflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.1.2 + +No user-facing changes. + ## 0.1.1 No user-facing changes. diff --git a/shared/controlflow/change-notes/released/0.1.2.md b/shared/controlflow/change-notes/released/0.1.2.md new file mode 100644 index 00000000000..9b0e2e7d717 --- /dev/null +++ b/shared/controlflow/change-notes/released/0.1.2.md @@ -0,0 +1,3 @@ +## 0.1.2 + +No user-facing changes. diff --git a/shared/controlflow/codeql-pack.release.yml b/shared/controlflow/codeql-pack.release.yml index 92d1505475f..6abd14b1ef8 100644 --- a/shared/controlflow/codeql-pack.release.yml +++ b/shared/controlflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.1 +lastReleaseVersion: 0.1.2 diff --git a/shared/controlflow/qlpack.yml b/shared/controlflow/qlpack.yml index 11b94aac7fb..f52e2be7607 100644 --- a/shared/controlflow/qlpack.yml +++ b/shared/controlflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/controlflow -version: 0.1.2-dev +version: 0.1.2 groups: shared library: true dependencies: diff --git a/shared/dataflow/CHANGELOG.md b/shared/dataflow/CHANGELOG.md index 0a46c80290f..b09685bca27 100644 --- a/shared/dataflow/CHANGELOG.md +++ b/shared/dataflow/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.1.2 + +### Bug Fixes + +* The API for debugging flow using partial flow has changed slightly. Instead of using `module Partial = FlowExploration` and choosing between `Partial::partialFlow` and `Partial::partialFlowRev`, you now choose between `module Partial = FlowExplorationFwd` and `module Partial = FlowExplorationRev`, and then always use `Partial::partialFlow`. + ## 0.1.1 No user-facing changes. diff --git a/shared/dataflow/change-notes/2023-10-27-partialflow-api.md b/shared/dataflow/change-notes/released/0.1.2.md similarity index 93% rename from shared/dataflow/change-notes/2023-10-27-partialflow-api.md rename to shared/dataflow/change-notes/released/0.1.2.md index 267e2980252..b53a47e34b2 100644 --- a/shared/dataflow/change-notes/2023-10-27-partialflow-api.md +++ b/shared/dataflow/change-notes/released/0.1.2.md @@ -1,4 +1,5 @@ ---- -category: fix ---- +## 0.1.2 + +### Bug Fixes + * The API for debugging flow using partial flow has changed slightly. Instead of using `module Partial = FlowExploration` and choosing between `Partial::partialFlow` and `Partial::partialFlowRev`, you now choose between `module Partial = FlowExplorationFwd` and `module Partial = FlowExplorationRev`, and then always use `Partial::partialFlow`. diff --git a/shared/dataflow/codeql-pack.release.yml b/shared/dataflow/codeql-pack.release.yml index 92d1505475f..6abd14b1ef8 100644 --- a/shared/dataflow/codeql-pack.release.yml +++ b/shared/dataflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.1 +lastReleaseVersion: 0.1.2 diff --git a/shared/dataflow/qlpack.yml b/shared/dataflow/qlpack.yml index b5f082df407..7527fd76d9e 100644 --- a/shared/dataflow/qlpack.yml +++ b/shared/dataflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/dataflow -version: 0.1.2-dev +version: 0.1.2 groups: shared library: true dependencies: diff --git a/shared/mad/CHANGELOG.md b/shared/mad/CHANGELOG.md index 8b83d14599d..21731cd39e3 100644 --- a/shared/mad/CHANGELOG.md +++ b/shared/mad/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.2 + +No user-facing changes. + ## 0.2.1 No user-facing changes. diff --git a/shared/mad/change-notes/released/0.2.2.md b/shared/mad/change-notes/released/0.2.2.md new file mode 100644 index 00000000000..98e69fd0772 --- /dev/null +++ b/shared/mad/change-notes/released/0.2.2.md @@ -0,0 +1,3 @@ +## 0.2.2 + +No user-facing changes. diff --git a/shared/mad/codeql-pack.release.yml b/shared/mad/codeql-pack.release.yml index df29a726bcc..16a06790aa8 100644 --- a/shared/mad/codeql-pack.release.yml +++ b/shared/mad/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.1 +lastReleaseVersion: 0.2.2 diff --git a/shared/mad/qlpack.yml b/shared/mad/qlpack.yml index 84e0167aa07..1c3ab80e508 100644 --- a/shared/mad/qlpack.yml +++ b/shared/mad/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/mad -version: 0.2.2-dev +version: 0.2.2 groups: shared library: true dependencies: null diff --git a/shared/rangeanalysis/change-notes/2023-10-05-initial.md b/shared/rangeanalysis/CHANGELOG.md similarity index 62% rename from shared/rangeanalysis/change-notes/2023-10-05-initial.md rename to shared/rangeanalysis/CHANGELOG.md index 910b6962a93..c2ca7d0664f 100644 --- a/shared/rangeanalysis/change-notes/2023-10-05-initial.md +++ b/shared/rangeanalysis/CHANGELOG.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- +## 0.0.1 + +### Minor Analysis Improvements + * Initial release. Moves the range analysis library into its own qlpack. diff --git a/shared/rangeanalysis/change-notes/released/0.0.1.md b/shared/rangeanalysis/change-notes/released/0.0.1.md new file mode 100644 index 00000000000..c2ca7d0664f --- /dev/null +++ b/shared/rangeanalysis/change-notes/released/0.0.1.md @@ -0,0 +1,5 @@ +## 0.0.1 + +### Minor Analysis Improvements + +* Initial release. Moves the range analysis library into its own qlpack. diff --git a/shared/rangeanalysis/codeql-pack.release.yml b/shared/rangeanalysis/codeql-pack.release.yml new file mode 100644 index 00000000000..c6933410b71 --- /dev/null +++ b/shared/rangeanalysis/codeql-pack.release.yml @@ -0,0 +1,2 @@ +--- +lastReleaseVersion: 0.0.1 diff --git a/shared/rangeanalysis/qlpack.yml b/shared/rangeanalysis/qlpack.yml index fbe05924c5a..4f0abfe5f25 100644 --- a/shared/rangeanalysis/qlpack.yml +++ b/shared/rangeanalysis/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rangeanalysis -version: 0.0.1-dev +version: 0.0.1 groups: shared library: true dependencies: diff --git a/shared/regex/CHANGELOG.md b/shared/regex/CHANGELOG.md index e9e382e822f..de288a996f4 100644 --- a/shared/regex/CHANGELOG.md +++ b/shared/regex/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.2 + +No user-facing changes. + ## 0.2.1 No user-facing changes. diff --git a/shared/regex/change-notes/released/0.2.2.md b/shared/regex/change-notes/released/0.2.2.md new file mode 100644 index 00000000000..98e69fd0772 --- /dev/null +++ b/shared/regex/change-notes/released/0.2.2.md @@ -0,0 +1,3 @@ +## 0.2.2 + +No user-facing changes. diff --git a/shared/regex/codeql-pack.release.yml b/shared/regex/codeql-pack.release.yml index df29a726bcc..16a06790aa8 100644 --- a/shared/regex/codeql-pack.release.yml +++ b/shared/regex/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.1 +lastReleaseVersion: 0.2.2 diff --git a/shared/regex/qlpack.yml b/shared/regex/qlpack.yml index 7f71bac0795..a107c4e04f5 100644 --- a/shared/regex/qlpack.yml +++ b/shared/regex/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/regex -version: 0.2.2-dev +version: 0.2.2 groups: shared library: true dependencies: diff --git a/shared/ssa/CHANGELOG.md b/shared/ssa/CHANGELOG.md index 14f5315d943..d5da42bc097 100644 --- a/shared/ssa/CHANGELOG.md +++ b/shared/ssa/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.2 + +No user-facing changes. + ## 0.2.1 No user-facing changes. diff --git a/shared/ssa/change-notes/released/0.2.2.md b/shared/ssa/change-notes/released/0.2.2.md new file mode 100644 index 00000000000..98e69fd0772 --- /dev/null +++ b/shared/ssa/change-notes/released/0.2.2.md @@ -0,0 +1,3 @@ +## 0.2.2 + +No user-facing changes. diff --git a/shared/ssa/codeql-pack.release.yml b/shared/ssa/codeql-pack.release.yml index df29a726bcc..16a06790aa8 100644 --- a/shared/ssa/codeql-pack.release.yml +++ b/shared/ssa/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.1 +lastReleaseVersion: 0.2.2 diff --git a/shared/ssa/qlpack.yml b/shared/ssa/qlpack.yml index 2b7f36f8a0b..5a562f22a45 100644 --- a/shared/ssa/qlpack.yml +++ b/shared/ssa/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ssa -version: 0.2.2-dev +version: 0.2.2 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/threat-models/CHANGELOG.md b/shared/threat-models/CHANGELOG.md new file mode 100644 index 00000000000..59b60bad0f3 --- /dev/null +++ b/shared/threat-models/CHANGELOG.md @@ -0,0 +1,3 @@ +## 0.0.1 + +No user-facing changes. diff --git a/shared/threat-models/change-notes/released/0.0.1.md b/shared/threat-models/change-notes/released/0.0.1.md new file mode 100644 index 00000000000..59b60bad0f3 --- /dev/null +++ b/shared/threat-models/change-notes/released/0.0.1.md @@ -0,0 +1,3 @@ +## 0.0.1 + +No user-facing changes. diff --git a/shared/threat-models/codeql-pack.release.yml b/shared/threat-models/codeql-pack.release.yml new file mode 100644 index 00000000000..c6933410b71 --- /dev/null +++ b/shared/threat-models/codeql-pack.release.yml @@ -0,0 +1,2 @@ +--- +lastReleaseVersion: 0.0.1 diff --git a/shared/threat-models/qlpack.yml b/shared/threat-models/qlpack.yml index 71be8835aa7..d0a098b44f5 100644 --- a/shared/threat-models/qlpack.yml +++ b/shared/threat-models/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/threat-models -version: 0.0.0-dev +version: 0.0.1 library: true groups: shared dataExtensions: diff --git a/shared/tutorial/CHANGELOG.md b/shared/tutorial/CHANGELOG.md index 00fd8e38eb7..8f74494a95a 100644 --- a/shared/tutorial/CHANGELOG.md +++ b/shared/tutorial/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.2 + +No user-facing changes. + ## 0.2.1 No user-facing changes. diff --git a/shared/tutorial/change-notes/released/0.2.2.md b/shared/tutorial/change-notes/released/0.2.2.md new file mode 100644 index 00000000000..98e69fd0772 --- /dev/null +++ b/shared/tutorial/change-notes/released/0.2.2.md @@ -0,0 +1,3 @@ +## 0.2.2 + +No user-facing changes. diff --git a/shared/tutorial/codeql-pack.release.yml b/shared/tutorial/codeql-pack.release.yml index df29a726bcc..16a06790aa8 100644 --- a/shared/tutorial/codeql-pack.release.yml +++ b/shared/tutorial/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.1 +lastReleaseVersion: 0.2.2 diff --git a/shared/tutorial/qlpack.yml b/shared/tutorial/qlpack.yml index e946d9ff8d2..2202de7903b 100644 --- a/shared/tutorial/qlpack.yml +++ b/shared/tutorial/qlpack.yml @@ -1,7 +1,7 @@ name: codeql/tutorial description: Library for the CodeQL detective tutorials, helping new users learn to write CodeQL queries. -version: 0.2.2-dev +version: 0.2.2 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/typetracking/CHANGELOG.md b/shared/typetracking/CHANGELOG.md index d38fa8cd134..573bebe6351 100644 --- a/shared/typetracking/CHANGELOG.md +++ b/shared/typetracking/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.2 + +No user-facing changes. + ## 0.2.1 No user-facing changes. diff --git a/shared/typetracking/change-notes/released/0.2.2.md b/shared/typetracking/change-notes/released/0.2.2.md new file mode 100644 index 00000000000..98e69fd0772 --- /dev/null +++ b/shared/typetracking/change-notes/released/0.2.2.md @@ -0,0 +1,3 @@ +## 0.2.2 + +No user-facing changes. diff --git a/shared/typetracking/codeql-pack.release.yml b/shared/typetracking/codeql-pack.release.yml index df29a726bcc..16a06790aa8 100644 --- a/shared/typetracking/codeql-pack.release.yml +++ b/shared/typetracking/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.1 +lastReleaseVersion: 0.2.2 diff --git a/shared/typetracking/qlpack.yml b/shared/typetracking/qlpack.yml index 57ceec740c1..d129cb1c023 100644 --- a/shared/typetracking/qlpack.yml +++ b/shared/typetracking/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typetracking -version: 0.2.2-dev +version: 0.2.2 groups: shared library: true dependencies: diff --git a/shared/typos/CHANGELOG.md b/shared/typos/CHANGELOG.md index 86271e826fc..69aa575c51f 100644 --- a/shared/typos/CHANGELOG.md +++ b/shared/typos/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.2 + +No user-facing changes. + ## 0.2.1 No user-facing changes. diff --git a/shared/typos/change-notes/released/0.2.2.md b/shared/typos/change-notes/released/0.2.2.md new file mode 100644 index 00000000000..98e69fd0772 --- /dev/null +++ b/shared/typos/change-notes/released/0.2.2.md @@ -0,0 +1,3 @@ +## 0.2.2 + +No user-facing changes. diff --git a/shared/typos/codeql-pack.release.yml b/shared/typos/codeql-pack.release.yml index df29a726bcc..16a06790aa8 100644 --- a/shared/typos/codeql-pack.release.yml +++ b/shared/typos/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.1 +lastReleaseVersion: 0.2.2 diff --git a/shared/typos/qlpack.yml b/shared/typos/qlpack.yml index adf718c55f3..0ae042ad2bb 100644 --- a/shared/typos/qlpack.yml +++ b/shared/typos/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typos -version: 0.2.2-dev +version: 0.2.2 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/util/CHANGELOG.md b/shared/util/CHANGELOG.md index 389870529d1..47848666e35 100644 --- a/shared/util/CHANGELOG.md +++ b/shared/util/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.2.2 + +### New Features + +* Added `FilePath` API for normalizing filepaths. + ## 0.2.1 No user-facing changes. diff --git a/shared/util/change-notes/2023-10-13-filepath-normalization.md b/shared/util/change-notes/2023-10-13-filepath-normalization.md deleted file mode 100644 index 3ffdadc85b3..00000000000 --- a/shared/util/change-notes/2023-10-13-filepath-normalization.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: feature ---- -* Added `FilePath` API for normalizing filepaths. \ No newline at end of file diff --git a/shared/util/change-notes/released/0.2.2.md b/shared/util/change-notes/released/0.2.2.md new file mode 100644 index 00000000000..1a9e2b9e6a1 --- /dev/null +++ b/shared/util/change-notes/released/0.2.2.md @@ -0,0 +1,5 @@ +## 0.2.2 + +### New Features + +* Added `FilePath` API for normalizing filepaths. diff --git a/shared/util/codeql-pack.release.yml b/shared/util/codeql-pack.release.yml index df29a726bcc..16a06790aa8 100644 --- a/shared/util/codeql-pack.release.yml +++ b/shared/util/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.1 +lastReleaseVersion: 0.2.2 diff --git a/shared/util/qlpack.yml b/shared/util/qlpack.yml index 0e4352a879b..98af9491fd8 100644 --- a/shared/util/qlpack.yml +++ b/shared/util/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/util -version: 0.2.2-dev +version: 0.2.2 groups: shared library: true dependencies: null diff --git a/shared/yaml/CHANGELOG.md b/shared/yaml/CHANGELOG.md index f7309a0c5e8..fe6a5127bce 100644 --- a/shared/yaml/CHANGELOG.md +++ b/shared/yaml/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.2 + +No user-facing changes. + ## 0.2.1 No user-facing changes. diff --git a/shared/yaml/change-notes/released/0.2.2.md b/shared/yaml/change-notes/released/0.2.2.md new file mode 100644 index 00000000000..98e69fd0772 --- /dev/null +++ b/shared/yaml/change-notes/released/0.2.2.md @@ -0,0 +1,3 @@ +## 0.2.2 + +No user-facing changes. diff --git a/shared/yaml/codeql-pack.release.yml b/shared/yaml/codeql-pack.release.yml index df29a726bcc..16a06790aa8 100644 --- a/shared/yaml/codeql-pack.release.yml +++ b/shared/yaml/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.1 +lastReleaseVersion: 0.2.2 diff --git a/shared/yaml/qlpack.yml b/shared/yaml/qlpack.yml index 4ecff12de0e..da2ef273d9c 100644 --- a/shared/yaml/qlpack.yml +++ b/shared/yaml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/yaml -version: 0.2.2-dev +version: 0.2.2 groups: shared library: true warnOnImplicitThis: true diff --git a/swift/ql/lib/CHANGELOG.md b/swift/ql/lib/CHANGELOG.md index c6e233b82b6..a73f4d6a778 100644 --- a/swift/ql/lib/CHANGELOG.md +++ b/swift/ql/lib/CHANGELOG.md @@ -1,3 +1,17 @@ +## 0.3.2 + +### Minor Analysis Improvements + +* Improved support for flow through captured variables that properly adheres to inter-procedural control flow. +* Added children of `UnspecifiedElement`, which will be present only in certain downgraded databases. +* Collection content is now automatically read at taint flow sinks. This removes the need to define an `allowImplicitRead` predicate on data flow configurations where the sink might be an array, set or similar type with tainted contents. Where that step had not been defined, taint may find additional results now. +* Added taint models for `StringProtocol.appendingFormat` and `String.decodeCString`. +* Added taint flow models for members of `Substring`. +* Added taint flow models for `RawRepresentable`. +* The contents of autoclosure function parameters are now included in the control flow graph and data flow libraries. +* Added models of `StringProtocol` and `NSString` methods that evaluate regular expressions. +* Flow through 'open existential expressions', implicit expressions created by the compiler when a method is called on a protocol. This may apply, for example, when the method is a modelled taint source. + ## 0.3.1 ### Minor Analysis Improvements diff --git a/swift/ql/lib/change-notes/2023-08-31-open-existential-expr.md b/swift/ql/lib/change-notes/2023-08-31-open-existential-expr.md deleted file mode 100644 index 5d2a67ea711..00000000000 --- a/swift/ql/lib/change-notes/2023-08-31-open-existential-expr.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- - -* Flow through 'open existential expressions', implicit expressions created by the compiler when a method is called on a protocol. This may apply, for example, when the method is a modelled taint source. diff --git a/swift/ql/lib/change-notes/2023-10-05-regex-models.md b/swift/ql/lib/change-notes/2023-10-05-regex-models.md deleted file mode 100644 index 5e20981492c..00000000000 --- a/swift/ql/lib/change-notes/2023-10-05-regex-models.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- - -* Added models of `StringProtocol` and `NSString` methods that evaluate regular expressions. diff --git a/swift/ql/lib/change-notes/2023-10-06-autoclosure-cfg.md b/swift/ql/lib/change-notes/2023-10-06-autoclosure-cfg.md deleted file mode 100644 index a8d118b5984..00000000000 --- a/swift/ql/lib/change-notes/2023-10-06-autoclosure-cfg.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- - -* The contents of autoclosure function parameters are now included in the control flow graph and data flow libraries. diff --git a/swift/ql/lib/change-notes/2023-10-13-rawrepresentable.md b/swift/ql/lib/change-notes/2023-10-13-rawrepresentable.md deleted file mode 100644 index 114afd58ab8..00000000000 --- a/swift/ql/lib/change-notes/2023-10-13-rawrepresentable.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- - -* Added taint flow models for `RawRepresentable`. diff --git a/swift/ql/lib/change-notes/2023-10-16-collection-content.md b/swift/ql/lib/change-notes/2023-10-16-collection-content.md deleted file mode 100644 index c2e50f53dcf..00000000000 --- a/swift/ql/lib/change-notes/2023-10-16-collection-content.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- - -* Collection content is now automatically read at taint flow sinks. This removes the need to define an `allowImplicitRead` predicate on data flow configurations where the sink might be an array, set or similar type with tainted contents. Where that step had not been defined, taint may find additional results now. diff --git a/swift/ql/lib/change-notes/2023-10-16-string.md b/swift/ql/lib/change-notes/2023-10-16-string.md deleted file mode 100644 index 9cb138f8c5e..00000000000 --- a/swift/ql/lib/change-notes/2023-10-16-string.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- - -* Added taint models for `StringProtocol.appendingFormat` and `String.decodeCString`. diff --git a/swift/ql/lib/change-notes/2023-10-16-substring.md b/swift/ql/lib/change-notes/2023-10-16-substring.md deleted file mode 100644 index be494a12184..00000000000 --- a/swift/ql/lib/change-notes/2023-10-16-substring.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- - -* Added taint flow models for members of `Substring`. diff --git a/swift/ql/lib/change-notes/2023-10-18-unspecified-element-children.md b/swift/ql/lib/change-notes/2023-10-18-unspecified-element-children.md deleted file mode 100644 index 917dba31551..00000000000 --- a/swift/ql/lib/change-notes/2023-10-18-unspecified-element-children.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- - -* Added children of `UnspecifiedElement`, which will be present only in certain downgraded databases. diff --git a/swift/ql/lib/change-notes/2023-10-27-variable-capture.md b/swift/ql/lib/change-notes/2023-10-27-variable-capture.md deleted file mode 100644 index 94c7201c30b..00000000000 --- a/swift/ql/lib/change-notes/2023-10-27-variable-capture.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Improved support for flow through captured variables that properly adheres to inter-procedural control flow. \ No newline at end of file diff --git a/swift/ql/lib/change-notes/released/0.3.2.md b/swift/ql/lib/change-notes/released/0.3.2.md new file mode 100644 index 00000000000..82c7fa90403 --- /dev/null +++ b/swift/ql/lib/change-notes/released/0.3.2.md @@ -0,0 +1,13 @@ +## 0.3.2 + +### Minor Analysis Improvements + +* Improved support for flow through captured variables that properly adheres to inter-procedural control flow. +* Added children of `UnspecifiedElement`, which will be present only in certain downgraded databases. +* Collection content is now automatically read at taint flow sinks. This removes the need to define an `allowImplicitRead` predicate on data flow configurations where the sink might be an array, set or similar type with tainted contents. Where that step had not been defined, taint may find additional results now. +* Added taint models for `StringProtocol.appendingFormat` and `String.decodeCString`. +* Added taint flow models for members of `Substring`. +* Added taint flow models for `RawRepresentable`. +* The contents of autoclosure function parameters are now included in the control flow graph and data flow libraries. +* Added models of `StringProtocol` and `NSString` methods that evaluate regular expressions. +* Flow through 'open existential expressions', implicit expressions created by the compiler when a method is called on a protocol. This may apply, for example, when the method is a modelled taint source. diff --git a/swift/ql/lib/codeql-pack.release.yml b/swift/ql/lib/codeql-pack.release.yml index bb106b1cb63..18c64250f42 100644 --- a/swift/ql/lib/codeql-pack.release.yml +++ b/swift/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.3.1 +lastReleaseVersion: 0.3.2 diff --git a/swift/ql/lib/qlpack.yml b/swift/ql/lib/qlpack.yml index 1f1bf6861b2..c3ec3196fb3 100644 --- a/swift/ql/lib/qlpack.yml +++ b/swift/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-all -version: 0.3.2-dev +version: 0.3.2 groups: swift extractor: swift dbscheme: swift.dbscheme diff --git a/swift/ql/src/CHANGELOG.md b/swift/ql/src/CHANGELOG.md index 03ca56f798e..19e0e84c665 100644 --- a/swift/ql/src/CHANGELOG.md +++ b/swift/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.3.2 + +No user-facing changes. + ## 0.3.1 ### Minor Analysis Improvements diff --git a/swift/ql/src/change-notes/released/0.3.2.md b/swift/ql/src/change-notes/released/0.3.2.md new file mode 100644 index 00000000000..b4dc17f03ec --- /dev/null +++ b/swift/ql/src/change-notes/released/0.3.2.md @@ -0,0 +1,3 @@ +## 0.3.2 + +No user-facing changes. diff --git a/swift/ql/src/codeql-pack.release.yml b/swift/ql/src/codeql-pack.release.yml index bb106b1cb63..18c64250f42 100644 --- a/swift/ql/src/codeql-pack.release.yml +++ b/swift/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.3.1 +lastReleaseVersion: 0.3.2 diff --git a/swift/ql/src/qlpack.yml b/swift/ql/src/qlpack.yml index 8803b4d6084..faa56e6c5bc 100644 --- a/swift/ql/src/qlpack.yml +++ b/swift/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-queries -version: 0.3.2-dev +version: 0.3.2 groups: - swift - queries From 55df481e5c9e3d7dd3db92adcf64d9be64a6aabe Mon Sep 17 00:00:00 2001 From: Ian Lynagh Date: Fri, 29 Sep 2023 18:55:15 +0100 Subject: [PATCH 07/13] Kotlin: Add support for JavaBinarySourceElement sources --- .../src/main/kotlin/utils/ClassNames.kt | 4 ++++ .../utils/versions/v_1_5_0/JavaBinarySourceElement.kt | 11 +++++++++++ .../v_1_9_255-SNAPSHOT/JavaBinarySourceElement.kt | 3 +++ 3 files changed, 18 insertions(+) create mode 100644 java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_5_0/JavaBinarySourceElement.kt create mode 100644 java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_9_255-SNAPSHOT/JavaBinarySourceElement.kt diff --git a/java/kotlin-extractor/src/main/kotlin/utils/ClassNames.kt b/java/kotlin-extractor/src/main/kotlin/utils/ClassNames.kt index bc9ee17debf..5a14abebf0a 100644 --- a/java/kotlin-extractor/src/main/kotlin/utils/ClassNames.kt +++ b/java/kotlin-extractor/src/main/kotlin/utils/ClassNames.kt @@ -3,6 +3,7 @@ package com.github.codeql import com.github.codeql.utils.getJvmName import com.github.codeql.utils.versions.* import com.intellij.openapi.vfs.StandardFileSystems +import org.jetbrains.kotlin.fir.java.JavaBinarySourceElement import org.jetbrains.kotlin.load.java.sources.JavaSourceElement import org.jetbrains.kotlin.load.java.structure.impl.classFiles.BinaryJavaClass import org.jetbrains.kotlin.load.kotlin.VirtualFileKotlinClass @@ -80,6 +81,9 @@ fun getIrClassVirtualFile(irClass: IrClass): VirtualFile? { is BinaryJavaClass -> return element.virtualFile } } + is JavaBinarySourceElement -> { + return cSource.javaClass.virtualFile + } is KotlinJvmBinarySourceElement -> { val binaryClass = cSource.binaryClass when(binaryClass) { diff --git a/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_5_0/JavaBinarySourceElement.kt b/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_5_0/JavaBinarySourceElement.kt new file mode 100644 index 00000000000..2a5f9cf2a97 --- /dev/null +++ b/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_5_0/JavaBinarySourceElement.kt @@ -0,0 +1,11 @@ +package org.jetbrains.kotlin.fir.java + +import org.jetbrains.kotlin.descriptors.SourceElement +import org.jetbrains.kotlin.load.java.structure.impl.classFiles.BinaryJavaClass + +/* +We need this class to exist, but the compiler will never give us an +instance of it. +*/ +abstract class JavaBinarySourceElement private constructor(val javaClass: BinaryJavaClass): SourceElement { +} diff --git a/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_9_255-SNAPSHOT/JavaBinarySourceElement.kt b/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_9_255-SNAPSHOT/JavaBinarySourceElement.kt new file mode 100644 index 00000000000..80167cbcc8f --- /dev/null +++ b/java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_9_255-SNAPSHOT/JavaBinarySourceElement.kt @@ -0,0 +1,3 @@ +/* +The compiler provides this class, so we don't have to do anything. +*/ From 535d1e25658e994ff9689b8bd3b51f3c90998f04 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Mon, 30 Oct 2023 11:49:26 +0000 Subject: [PATCH 08/13] C++: Define indirect instructions (and operands) using a 'Node0Impl' column instead of an instruction (or operand). --- .../cpp/ir/dataflow/internal/DataFlowUtil.qll | 251 +++++++++++------- 1 file changed, 156 insertions(+), 95 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll index 992e995094e..20bdf7afe45 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll @@ -44,11 +44,12 @@ private newtype TIRDataFlowNode = TIndirectArgumentOutNode(ArgumentOperand operand, int indirectionIndex) { Ssa::isModifiableByCall(operand, indirectionIndex) } or - TRawIndirectOperand(Operand op, int indirectionIndex) { - Ssa::hasRawIndirectOperand(op, indirectionIndex) + TRawIndirectOperand0(Node0Impl node, int indirectionIndex) { + Ssa::hasRawIndirectOperand(node.asOperand(), indirectionIndex) } or - TRawIndirectInstruction(Instruction instr, int indirectionIndex) { - Ssa::hasRawIndirectInstruction(instr, indirectionIndex) + TRawIndirectInstruction0(Node0Impl node, int indirectionIndex) { + not exists(node.asOperand()) and + Ssa::hasRawIndirectInstruction(node.asInstruction(), indirectionIndex) } or TFinalParameterNode(Parameter p, int indirectionIndex) { exists(Ssa::FinalParameterUse use | @@ -918,48 +919,146 @@ Type getTypeImpl(Type t, int indirectionIndex) { result instanceof UnknownType } -/** - * INTERNAL: Do not use. - * - * A node that represents the indirect value of an operand in the IR - * after `index` number of loads. - */ -class RawIndirectOperand extends Node, TRawIndirectOperand { - Operand operand; - int indirectionIndex; +private module RawIndirectNodes { + /** + * INTERNAL: Do not use. + * + * A node that represents the indirect value of an operand in the IR + * after `index` number of loads. + */ + private class RawIndirectOperand0 extends Node, TRawIndirectOperand0 { + Node0Impl node; + int indirectionIndex; - RawIndirectOperand() { this = TRawIndirectOperand(operand, indirectionIndex) } + RawIndirectOperand0() { this = TRawIndirectOperand0(node, indirectionIndex) } - /** Gets the underlying instruction. */ - Operand getOperand() { result = operand } + /** Gets the underlying instruction. */ + Operand getOperand() { result = node.asOperand() } - /** Gets the underlying indirection index. */ - int getIndirectionIndex() { result = indirectionIndex } + /** Gets the underlying indirection index. */ + int getIndirectionIndex() { result = indirectionIndex } - override Declaration getFunction() { result = this.getOperand().getDef().getEnclosingFunction() } + override Declaration getFunction() { + result = this.getOperand().getDef().getEnclosingFunction() + } - override Declaration getEnclosingCallable() { result = this.getFunction() } + override Declaration getEnclosingCallable() { result = this.getFunction() } - override DataFlowType getType() { - exists(int sub, DataFlowType type, boolean isGLValue | - type = getOperandType(operand, isGLValue) and - if isGLValue = true then sub = 1 else sub = 0 - | - result = getTypeImpl(type.getUnspecifiedType(), indirectionIndex - sub) - ) + override DataFlowType getType() { + exists(int sub, DataFlowType type, boolean isGLValue | + type = getOperandType(this.getOperand(), isGLValue) and + if isGLValue = true then sub = 1 else sub = 0 + | + result = getTypeImpl(type.getUnspecifiedType(), indirectionIndex - sub) + ) + } + + final override Location getLocationImpl() { + if exists(this.getOperand().getLocation()) + then result = this.getOperand().getLocation() + else result instanceof UnknownDefaultLocation + } + + override string toStringImpl() { + result = operandNode(this.getOperand()).toStringImpl() + " indirection" + } } - final override Location getLocationImpl() { - if exists(this.getOperand().getLocation()) - then result = this.getOperand().getLocation() - else result instanceof UnknownDefaultLocation + /** + * INTERNAL: Do not use. + * + * A node that represents the indirect value of an instruction in the IR + * after `index` number of loads. + */ + private class RawIndirectInstruction0 extends Node, TRawIndirectInstruction0 { + Node0Impl node; + int indirectionIndex; + + RawIndirectInstruction0() { this = TRawIndirectInstruction0(node, indirectionIndex) } + + /** Gets the underlying instruction. */ + Instruction getInstruction() { result = node.asInstruction() } + + /** Gets the underlying indirection index. */ + int getIndirectionIndex() { result = indirectionIndex } + + override Declaration getFunction() { result = this.getInstruction().getEnclosingFunction() } + + override Declaration getEnclosingCallable() { result = this.getFunction() } + + override DataFlowType getType() { + exists(int sub, DataFlowType type, boolean isGLValue | + type = getInstructionType(this.getInstruction(), isGLValue) and + if isGLValue = true then sub = 1 else sub = 0 + | + result = getTypeImpl(type.getUnspecifiedType(), indirectionIndex - sub) + ) + } + + final override Location getLocationImpl() { + if exists(this.getInstruction().getLocation()) + then result = this.getInstruction().getLocation() + else result instanceof UnknownDefaultLocation + } + + override string toStringImpl() { + result = instructionNode(this.getInstruction()).toStringImpl() + " indirection" + } } - override string toStringImpl() { - result = operandNode(this.getOperand()).toStringImpl() + " indirection" + /** + * INTERNAL: Do not use. + * + * A node that represents the indirect value of an operand in the IR + * after a number of loads. + */ + class RawIndirectOperand extends Node { + int indirectionIndex; + Operand operand; + + RawIndirectOperand() { + exists(Node0Impl node | operand = node.asOperand() | + this = TRawIndirectOperand0(node, indirectionIndex) + or + this = TRawIndirectInstruction0(node, indirectionIndex) + ) + } + + /** Gets the operand associated with this node. */ + Operand getOperand() { result = operand } + + /** Gets the underlying indirection index. */ + int getIndirectionIndex() { result = indirectionIndex } + } + + /** + * INTERNAL: Do not use. + * + * A node that represents the indirect value of an instruction in the IR + * after a number of loads. + */ + class RawIndirectInstruction extends Node { + int indirectionIndex; + Instruction instr; + + RawIndirectInstruction() { + exists(Node0Impl node | instr = node.asInstruction() | + this = TRawIndirectOperand0(node, indirectionIndex) + or + this = TRawIndirectInstruction0(node, indirectionIndex) + ) + } + + /** Gets the instruction associated with this node. */ + Instruction getInstruction() { result = instr } + + /** Gets the underlying indirection index. */ + int getIndirectionIndex() { result = indirectionIndex } } } +import RawIndirectNodes + /** * INTERNAL: do not use. * @@ -1021,48 +1120,6 @@ class UninitializedNode extends Node { LocalVariable getLocalVariable() { result = v } } -/** - * INTERNAL: Do not use. - * - * A node that represents the indirect value of an instruction in the IR - * after `index` number of loads. - */ -class RawIndirectInstruction extends Node, TRawIndirectInstruction { - Instruction instr; - int indirectionIndex; - - RawIndirectInstruction() { this = TRawIndirectInstruction(instr, indirectionIndex) } - - /** Gets the underlying instruction. */ - Instruction getInstruction() { result = instr } - - /** Gets the underlying indirection index. */ - int getIndirectionIndex() { result = indirectionIndex } - - override Declaration getFunction() { result = this.getInstruction().getEnclosingFunction() } - - override Declaration getEnclosingCallable() { result = this.getFunction() } - - override DataFlowType getType() { - exists(int sub, DataFlowType type, boolean isGLValue | - type = getInstructionType(instr, isGLValue) and - if isGLValue = true then sub = 1 else sub = 0 - | - result = getTypeImpl(type.getUnspecifiedType(), indirectionIndex - sub) - ) - } - - final override Location getLocationImpl() { - if exists(this.getInstruction().getLocation()) - then result = this.getInstruction().getLocation() - else result instanceof UnknownDefaultLocation - } - - override string toStringImpl() { - result = instructionNode(this.getInstruction()).toStringImpl() + " indirection" - } -} - private module GetConvertedResultExpression { private import semmle.code.cpp.ir.implementation.raw.internal.TranslatedExpr private import semmle.code.cpp.ir.implementation.raw.internal.InstructionTag @@ -1600,26 +1657,29 @@ private module Cached { predicate localFlowStep(Node nodeFrom, Node nodeTo) { simpleLocalFlowStep(nodeFrom, nodeTo) } private predicate indirectionOperandFlow(RawIndirectOperand nodeFrom, Node nodeTo) { - // Reduce the indirection count by 1 if we're passing through a `LoadInstruction`. - exists(int ind, LoadInstruction load | - hasOperandAndIndex(nodeFrom, load.getSourceAddressOperand(), ind) and - nodeHasInstruction(nodeTo, load, ind - 1) - ) - or - // If an operand flows to an instruction, then the indirection of - // the operand also flows to the indirection of the instruction. - exists(Operand operand, Instruction instr, int indirectionIndex | - simpleInstructionLocalFlowStep(operand, instr) and - hasOperandAndIndex(nodeFrom, operand, pragma[only_bind_into](indirectionIndex)) and - hasInstructionAndIndex(nodeTo, instr, pragma[only_bind_into](indirectionIndex)) - ) - or - // If there's indirect flow to an operand, then there's also indirect - // flow to the operand after applying some pointer arithmetic. - exists(PointerArithmeticInstruction pointerArith, int indirectionIndex | - hasOperandAndIndex(nodeFrom, pointerArith.getAnOperand(), - pragma[only_bind_into](indirectionIndex)) and - hasInstructionAndIndex(nodeTo, pointerArith, pragma[only_bind_into](indirectionIndex)) + nodeFrom != nodeTo and + ( + // Reduce the indirection count by 1 if we're passing through a `LoadInstruction`. + exists(int ind, LoadInstruction load | + hasOperandAndIndex(nodeFrom, load.getSourceAddressOperand(), ind) and + nodeHasInstruction(nodeTo, load, ind - 1) + ) + or + // If an operand flows to an instruction, then the indirection of + // the operand also flows to the indirection of the instruction. + exists(Operand operand, Instruction instr, int indirectionIndex | + simpleInstructionLocalFlowStep(operand, instr) and + hasOperandAndIndex(nodeFrom, operand, pragma[only_bind_into](indirectionIndex)) and + hasInstructionAndIndex(nodeTo, instr, pragma[only_bind_into](indirectionIndex)) + ) + or + // If there's indirect flow to an operand, then there's also indirect + // flow to the operand after applying some pointer arithmetic. + exists(PointerArithmeticInstruction pointerArith, int indirectionIndex | + hasOperandAndIndex(nodeFrom, pointerArith.getAnOperand(), + pragma[only_bind_into](indirectionIndex)) and + hasInstructionAndIndex(nodeTo, pointerArith, pragma[only_bind_into](indirectionIndex)) + ) ) } @@ -1645,6 +1705,7 @@ private module Cached { private predicate indirectionInstructionFlow( RawIndirectInstruction nodeFrom, IndirectOperand nodeTo ) { + nodeFrom != nodeTo and // If there's flow from an instruction to an operand, then there's also flow from the // indirect instruction to the indirect operand. exists(Operand operand, Instruction instr, int indirectionIndex | From a077b70d66c0e977098933a766ccbbaedf1a0eb2 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Mon, 30 Oct 2023 11:49:32 +0000 Subject: [PATCH 09/13] C++: Accept test changes. --- .../dataflow/fields/ir-path-flow.expected | 42 ------------------- 1 file changed, 42 deletions(-) diff --git a/cpp/ql/test/library-tests/dataflow/fields/ir-path-flow.expected b/cpp/ql/test/library-tests/dataflow/fields/ir-path-flow.expected index f6284e9713a..0f5ccbe3f7e 100644 --- a/cpp/ql/test/library-tests/dataflow/fields/ir-path-flow.expected +++ b/cpp/ql/test/library-tests/dataflow/fields/ir-path-flow.expected @@ -83,7 +83,6 @@ edges | A.cpp:152:10:152:10 | d indirection [b] | A.cpp:152:10:152:13 | b | | A.cpp:153:10:153:10 | d indirection [b indirection, c] | A.cpp:153:13:153:13 | b indirection [c] | | A.cpp:153:13:153:13 | b indirection [c] | A.cpp:153:10:153:16 | c | -| A.cpp:153:13:153:13 | b indirection [c] | A.cpp:153:13:153:13 | b indirection [c] | | A.cpp:154:10:154:10 | b indirection [c] | A.cpp:154:10:154:13 | c | | A.cpp:159:12:159:18 | new | A.cpp:160:29:160:29 | b | | A.cpp:160:18:160:60 | call to MyList [head] | A.cpp:161:38:161:39 | l1 indirection [head] | @@ -97,10 +96,8 @@ edges | A.cpp:162:38:162:39 | l2 indirection [next indirection, head] | A.cpp:162:18:162:40 | call to MyList [next indirection, next indirection, head] | | A.cpp:162:38:162:39 | l2 indirection [next indirection, head] | A.cpp:181:32:181:35 | next indirection [next indirection, head] | | A.cpp:165:10:165:11 | l3 indirection [next indirection, next indirection, head] | A.cpp:165:14:165:17 | next indirection [next indirection, head] | -| A.cpp:165:14:165:17 | next indirection [next indirection, head] | A.cpp:165:14:165:17 | next indirection [next indirection, head] | | A.cpp:165:14:165:17 | next indirection [next indirection, head] | A.cpp:165:20:165:23 | next indirection [head] | | A.cpp:165:20:165:23 | next indirection [head] | A.cpp:165:10:165:29 | head | -| A.cpp:165:20:165:23 | next indirection [head] | A.cpp:165:20:165:23 | next indirection [head] | | A.cpp:167:44:167:44 | l indirection [next indirection, head] | A.cpp:167:47:167:50 | next indirection [head] | | A.cpp:167:44:167:44 | l indirection [next indirection, next indirection, head] | A.cpp:167:47:167:50 | next indirection [next indirection, head] | | A.cpp:167:47:167:50 | next indirection [head] | A.cpp:169:12:169:12 | l indirection [head] | @@ -121,7 +118,6 @@ edges | B.cpp:8:25:8:26 | b1 indirection [elem1] | B.cpp:44:16:44:17 | b1 indirection [elem1] | | B.cpp:9:10:9:11 | b2 indirection [box1 indirection, elem1] | B.cpp:9:14:9:17 | box1 indirection [elem1] | | B.cpp:9:14:9:17 | box1 indirection [elem1] | B.cpp:9:10:9:24 | elem1 | -| B.cpp:9:14:9:17 | box1 indirection [elem1] | B.cpp:9:14:9:17 | box1 indirection [elem1] | | B.cpp:15:15:15:27 | new | B.cpp:16:37:16:37 | e | | B.cpp:16:16:16:38 | call to Box1 [elem2] | B.cpp:17:25:17:26 | b1 indirection [elem2] | | B.cpp:16:37:16:37 | e | B.cpp:16:16:16:38 | call to Box1 [elem2] | @@ -131,7 +127,6 @@ edges | B.cpp:17:25:17:26 | b1 indirection [elem2] | B.cpp:44:16:44:17 | b1 indirection [elem2] | | B.cpp:19:10:19:11 | b2 indirection [box1 indirection, elem2] | B.cpp:19:14:19:17 | box1 indirection [elem2] | | B.cpp:19:14:19:17 | box1 indirection [elem2] | B.cpp:19:10:19:24 | elem2 | -| B.cpp:19:14:19:17 | box1 indirection [elem2] | B.cpp:19:14:19:17 | box1 indirection [elem2] | | B.cpp:33:16:33:17 | e1 | B.cpp:35:7:35:22 | ... = ... | | B.cpp:33:26:33:27 | e2 | B.cpp:36:7:36:22 | ... = ... | | B.cpp:35:7:35:22 | ... = ... | B.cpp:35:13:35:17 | this indirection [post update] [elem1] | @@ -196,17 +191,12 @@ edges | D.cpp:58:20:58:23 | box indirection [post update] [elem] | D.cpp:58:15:58:17 | boxfield indirection [post update] [box indirection, elem] | | D.cpp:59:5:59:7 | this indirection [boxfield indirection, box indirection, elem] | D.cpp:63:8:63:10 | this indirection [boxfield indirection, box indirection, elem] | | D.cpp:63:8:63:10 | this indirection [boxfield indirection, box indirection, elem] | D.cpp:64:10:64:17 | this indirection [boxfield indirection, box indirection, elem] | -| D.cpp:64:10:64:17 | boxfield indirection [box indirection, elem] | D.cpp:64:10:64:17 | boxfield indirection [box indirection, elem] | | D.cpp:64:10:64:17 | boxfield indirection [box indirection, elem] | D.cpp:64:20:64:22 | box indirection [elem] | | D.cpp:64:10:64:17 | this indirection [boxfield indirection, box indirection, elem] | D.cpp:64:10:64:17 | boxfield indirection [box indirection, elem] | | D.cpp:64:20:64:22 | box indirection [elem] | D.cpp:64:10:64:28 | elem | -| D.cpp:64:20:64:22 | box indirection [elem] | D.cpp:64:20:64:22 | box indirection [elem] | | E.cpp:19:27:19:27 | p indirection [data, buffer indirection] | E.cpp:21:10:21:10 | p indirection [data, buffer indirection] | | E.cpp:21:10:21:10 | p indirection [data, buffer indirection] | E.cpp:21:13:21:16 | data indirection [buffer indirection] | | E.cpp:21:13:21:16 | data indirection [buffer indirection] | E.cpp:21:18:21:23 | buffer indirection | -| E.cpp:21:13:21:16 | data indirection [buffer indirection] | E.cpp:21:18:21:23 | buffer indirection | -| E.cpp:21:18:21:23 | buffer indirection | E.cpp:21:18:21:23 | buffer indirection | -| E.cpp:21:18:21:23 | buffer indirection | E.cpp:21:18:21:23 | buffer indirection | | E.cpp:28:21:28:23 | argument_source output argument | E.cpp:31:10:31:12 | raw indirection | | E.cpp:29:21:29:29 | argument_source output argument | E.cpp:29:24:29:29 | b indirection [post update] [buffer indirection] | | E.cpp:29:24:29:29 | b indirection [post update] [buffer indirection] | E.cpp:32:10:32:10 | b indirection [buffer indirection] | @@ -214,9 +204,6 @@ edges | E.cpp:30:23:30:26 | p indirection [post update] [data, buffer indirection] | E.cpp:33:18:33:19 | & ... indirection [data, buffer indirection] | | E.cpp:30:28:30:33 | data indirection [post update] [buffer indirection] | E.cpp:30:23:30:26 | p indirection [post update] [data, buffer indirection] | | E.cpp:32:10:32:10 | b indirection [buffer indirection] | E.cpp:32:13:32:18 | buffer indirection | -| E.cpp:32:10:32:10 | b indirection [buffer indirection] | E.cpp:32:13:32:18 | buffer indirection | -| E.cpp:32:13:32:18 | buffer indirection | E.cpp:32:13:32:18 | buffer indirection | -| E.cpp:32:13:32:18 | buffer indirection | E.cpp:32:13:32:18 | buffer indirection | | E.cpp:33:18:33:19 | & ... indirection [data, buffer indirection] | E.cpp:19:27:19:27 | p indirection [data, buffer indirection] | | aliasing.cpp:9:3:9:22 | ... = ... | aliasing.cpp:9:6:9:7 | s indirection [post update] [m1] | | aliasing.cpp:9:6:9:7 | s indirection [post update] [m1] | aliasing.cpp:25:17:25:19 | pointerSetter output argument [m1] | @@ -311,11 +298,9 @@ edges | arrays.cpp:43:8:43:8 | o indirection [indirect indirection, arr, data] | arrays.cpp:43:10:43:17 | indirect indirection [arr, data] | | arrays.cpp:43:8:43:25 | access to array indirection [data] | arrays.cpp:43:27:43:30 | data | | arrays.cpp:43:10:43:17 | indirect indirection [arr, data] | arrays.cpp:43:8:43:25 | access to array indirection [data] | -| arrays.cpp:43:10:43:17 | indirect indirection [arr, data] | arrays.cpp:43:10:43:17 | indirect indirection [arr, data] | | arrays.cpp:44:8:44:8 | o indirection [indirect indirection, arr, data] | arrays.cpp:44:10:44:17 | indirect indirection [arr, data] | | arrays.cpp:44:8:44:25 | access to array indirection [data] | arrays.cpp:44:27:44:30 | data | | arrays.cpp:44:10:44:17 | indirect indirection [arr, data] | arrays.cpp:44:8:44:25 | access to array indirection [data] | -| arrays.cpp:44:10:44:17 | indirect indirection [arr, data] | arrays.cpp:44:10:44:17 | indirect indirection [arr, data] | | arrays.cpp:48:3:48:40 | ... = ... | arrays.cpp:48:22:48:25 | access to array indirection [post update] [data] | | arrays.cpp:48:5:48:12 | o indirection [post update] [indirect indirection, ptr indirection, data] | arrays.cpp:49:8:49:8 | o indirection [indirect indirection, ptr indirection, data] | | arrays.cpp:48:5:48:12 | o indirection [post update] [indirect indirection, ptr indirection, data] | arrays.cpp:50:8:50:8 | o indirection [indirect indirection, ptr indirection, data] | @@ -325,13 +310,11 @@ edges | arrays.cpp:49:8:49:8 | o indirection [indirect indirection, ptr indirection, data] | arrays.cpp:49:10:49:17 | indirect indirection [ptr indirection, data] | | arrays.cpp:49:8:49:25 | access to array indirection [data] | arrays.cpp:49:27:49:30 | data | | arrays.cpp:49:10:49:17 | indirect indirection [ptr indirection, data] | arrays.cpp:49:8:49:25 | access to array indirection [data] | -| arrays.cpp:49:10:49:17 | indirect indirection [ptr indirection, data] | arrays.cpp:49:10:49:17 | indirect indirection [ptr indirection, data] | | arrays.cpp:49:10:49:17 | indirect indirection [ptr indirection, data] | arrays.cpp:49:20:49:22 | ptr indirection [data] | | arrays.cpp:49:20:49:22 | ptr indirection [data] | arrays.cpp:49:8:49:25 | access to array indirection [data] | | arrays.cpp:50:8:50:8 | o indirection [indirect indirection, ptr indirection, data] | arrays.cpp:50:10:50:17 | indirect indirection [ptr indirection, data] | | arrays.cpp:50:8:50:25 | access to array indirection [data] | arrays.cpp:50:27:50:30 | data | | arrays.cpp:50:10:50:17 | indirect indirection [ptr indirection, data] | arrays.cpp:50:8:50:25 | access to array indirection [data] | -| arrays.cpp:50:10:50:17 | indirect indirection [ptr indirection, data] | arrays.cpp:50:10:50:17 | indirect indirection [ptr indirection, data] | | arrays.cpp:50:10:50:17 | indirect indirection [ptr indirection, data] | arrays.cpp:50:20:50:22 | ptr indirection [data] | | arrays.cpp:50:20:50:22 | ptr indirection [data] | arrays.cpp:50:8:50:25 | access to array indirection [data] | | by_reference.cpp:11:48:11:52 | value | by_reference.cpp:12:5:12:16 | ... = ... | @@ -411,13 +394,11 @@ edges | by_reference.cpp:110:8:110:12 | outer indirection [inner_nested, a] | by_reference.cpp:110:14:110:25 | inner_nested indirection [a] | | by_reference.cpp:110:14:110:25 | inner_nested indirection [a] | by_reference.cpp:110:27:110:27 | a | | by_reference.cpp:111:8:111:12 | outer indirection [inner_ptr indirection, a] | by_reference.cpp:111:14:111:22 | inner_ptr indirection [a] | -| by_reference.cpp:111:14:111:22 | inner_ptr indirection [a] | by_reference.cpp:111:14:111:22 | inner_ptr indirection [a] | | by_reference.cpp:111:14:111:22 | inner_ptr indirection [a] | by_reference.cpp:111:25:111:25 | a | | by_reference.cpp:112:8:112:12 | outer indirection [a] | by_reference.cpp:112:14:112:14 | a | | by_reference.cpp:114:8:114:13 | pouter indirection [inner_nested, a] | by_reference.cpp:114:16:114:27 | inner_nested indirection [a] | | by_reference.cpp:114:16:114:27 | inner_nested indirection [a] | by_reference.cpp:114:29:114:29 | a | | by_reference.cpp:115:8:115:13 | pouter indirection [inner_ptr indirection, a] | by_reference.cpp:115:16:115:24 | inner_ptr indirection [a] | -| by_reference.cpp:115:16:115:24 | inner_ptr indirection [a] | by_reference.cpp:115:16:115:24 | inner_ptr indirection [a] | | by_reference.cpp:115:16:115:24 | inner_ptr indirection [a] | by_reference.cpp:115:27:115:27 | a | | by_reference.cpp:116:8:116:13 | pouter indirection [a] | by_reference.cpp:116:16:116:16 | a | | by_reference.cpp:122:21:122:38 | taint_inner_a_ref output argument [a] | by_reference.cpp:122:27:122:38 | outer indirection [post update] [inner_nested, a] | @@ -435,13 +416,11 @@ edges | by_reference.cpp:130:8:130:12 | outer indirection [inner_nested, a] | by_reference.cpp:130:14:130:25 | inner_nested indirection [a] | | by_reference.cpp:130:14:130:25 | inner_nested indirection [a] | by_reference.cpp:130:27:130:27 | a | | by_reference.cpp:131:8:131:12 | outer indirection [inner_ptr indirection, a] | by_reference.cpp:131:14:131:22 | inner_ptr indirection [a] | -| by_reference.cpp:131:14:131:22 | inner_ptr indirection [a] | by_reference.cpp:131:14:131:22 | inner_ptr indirection [a] | | by_reference.cpp:131:14:131:22 | inner_ptr indirection [a] | by_reference.cpp:131:25:131:25 | a | | by_reference.cpp:132:8:132:12 | outer indirection [a] | by_reference.cpp:132:14:132:14 | a | | by_reference.cpp:134:8:134:13 | pouter indirection [inner_nested, a] | by_reference.cpp:134:16:134:27 | inner_nested indirection [a] | | by_reference.cpp:134:16:134:27 | inner_nested indirection [a] | by_reference.cpp:134:29:134:29 | a | | by_reference.cpp:135:8:135:13 | pouter indirection [inner_ptr indirection, a] | by_reference.cpp:135:16:135:24 | inner_ptr indirection [a] | -| by_reference.cpp:135:16:135:24 | inner_ptr indirection [a] | by_reference.cpp:135:16:135:24 | inner_ptr indirection [a] | | by_reference.cpp:135:16:135:24 | inner_ptr indirection [a] | by_reference.cpp:135:27:135:27 | a | | by_reference.cpp:136:8:136:13 | pouter indirection [a] | by_reference.cpp:136:16:136:16 | a | | clearning.cpp:32:3:32:25 | ... = ... | clearning.cpp:32:6:32:6 | s indirection [post update] [x indirection] | @@ -460,9 +439,6 @@ edges | clearning.cpp:54:5:54:5 | s indirection [post update] [x indirection] | clearning.cpp:55:8:55:8 | s indirection [x indirection] | | clearning.cpp:54:5:54:5 | x indirection | clearning.cpp:54:3:54:7 | ... ++ indirection | | clearning.cpp:55:8:55:8 | s indirection [x indirection] | clearning.cpp:55:10:55:10 | x indirection | -| clearning.cpp:55:8:55:8 | s indirection [x indirection] | clearning.cpp:55:10:55:10 | x indirection | -| clearning.cpp:55:10:55:10 | x indirection | clearning.cpp:55:10:55:10 | x indirection | -| clearning.cpp:55:10:55:10 | x indirection | clearning.cpp:55:10:55:10 | x indirection | | clearning.cpp:60:3:60:22 | ... = ... | clearning.cpp:60:7:60:7 | s indirection [post update] [x indirection] | | clearning.cpp:60:7:60:7 | s indirection [post update] [x indirection] | clearning.cpp:61:3:61:3 | s indirection [x indirection] | | clearning.cpp:60:11:60:20 | call to user_input | clearning.cpp:60:3:60:22 | ... = ... | @@ -474,9 +450,6 @@ edges | clearning.cpp:61:5:61:5 | s indirection [post update] [x indirection] | clearning.cpp:62:8:62:8 | s indirection [x indirection] | | clearning.cpp:61:5:61:5 | x indirection | clearning.cpp:61:3:61:7 | ... ++ indirection | | clearning.cpp:62:8:62:8 | s indirection [x indirection] | clearning.cpp:62:10:62:10 | x indirection | -| clearning.cpp:62:8:62:8 | s indirection [x indirection] | clearning.cpp:62:10:62:10 | x indirection | -| clearning.cpp:62:10:62:10 | x indirection | clearning.cpp:62:10:62:10 | x indirection | -| clearning.cpp:62:10:62:10 | x indirection | clearning.cpp:62:10:62:10 | x indirection | | clearning.cpp:74:20:74:22 | argument_source output argument | clearning.cpp:74:20:74:22 | s indirection [post update] [val indirection] | | clearning.cpp:74:20:74:22 | s indirection [post update] [val indirection] | clearning.cpp:76:8:76:8 | s indirection [val indirection] | | clearning.cpp:76:8:76:8 | s indirection [val indirection] | clearning.cpp:76:7:76:12 | * ... | @@ -620,14 +593,12 @@ edges | conflated.cpp:54:13:54:13 | next indirection [post update] [y] | conflated.cpp:54:7:54:10 | ll indirection [post update] [next indirection, y] | | conflated.cpp:54:17:54:26 | call to user_input | conflated.cpp:54:3:54:28 | ... = ... | | conflated.cpp:55:8:55:9 | ll indirection [next indirection, y] | conflated.cpp:55:12:55:15 | next indirection [y] | -| conflated.cpp:55:12:55:15 | next indirection [y] | conflated.cpp:55:12:55:15 | next indirection [y] | | conflated.cpp:55:12:55:15 | next indirection [y] | conflated.cpp:55:18:55:18 | y | | conflated.cpp:60:3:60:28 | ... = ... | conflated.cpp:60:13:60:13 | next indirection [post update] [y] | | conflated.cpp:60:7:60:10 | ll indirection [post update] [next indirection, y] | conflated.cpp:61:8:61:9 | ll indirection [next indirection, y] | | conflated.cpp:60:13:60:13 | next indirection [post update] [y] | conflated.cpp:60:7:60:10 | ll indirection [post update] [next indirection, y] | | conflated.cpp:60:17:60:26 | call to user_input | conflated.cpp:60:3:60:28 | ... = ... | | conflated.cpp:61:8:61:9 | ll indirection [next indirection, y] | conflated.cpp:61:12:61:15 | next indirection [y] | -| conflated.cpp:61:12:61:15 | next indirection [y] | conflated.cpp:61:12:61:15 | next indirection [y] | | conflated.cpp:61:12:61:15 | next indirection [y] | conflated.cpp:61:18:61:18 | y | | constructors.cpp:18:9:18:9 | this indirection [a_] | constructors.cpp:18:22:18:23 | this indirection [a_] | | constructors.cpp:18:22:18:23 | a_ | constructors.cpp:18:9:18:9 | a indirection | @@ -672,42 +643,36 @@ edges | qualifiers.cpp:22:23:22:23 | call to getInner indirection [post update] [a] | qualifiers.cpp:22:5:22:9 | getInner output argument [inner indirection, a] | | qualifiers.cpp:22:27:22:36 | call to user_input | qualifiers.cpp:22:5:22:38 | ... = ... | | qualifiers.cpp:23:10:23:14 | outer indirection [inner indirection, a] | qualifiers.cpp:23:16:23:20 | inner indirection [a] | -| qualifiers.cpp:23:16:23:20 | inner indirection [a] | qualifiers.cpp:23:16:23:20 | inner indirection [a] | | qualifiers.cpp:23:16:23:20 | inner indirection [a] | qualifiers.cpp:23:23:23:23 | a | | qualifiers.cpp:27:5:27:9 | getInner output argument [inner indirection, a] | qualifiers.cpp:28:10:28:14 | outer indirection [inner indirection, a] | | qualifiers.cpp:27:11:27:18 | setA output argument [a] | qualifiers.cpp:27:5:27:9 | getInner output argument [inner indirection, a] | | qualifiers.cpp:27:28:27:37 | call to user_input | qualifiers.cpp:9:21:9:25 | value | | qualifiers.cpp:27:28:27:37 | call to user_input | qualifiers.cpp:27:11:27:18 | setA output argument [a] | | qualifiers.cpp:28:10:28:14 | outer indirection [inner indirection, a] | qualifiers.cpp:28:16:28:20 | inner indirection [a] | -| qualifiers.cpp:28:16:28:20 | inner indirection [a] | qualifiers.cpp:28:16:28:20 | inner indirection [a] | | qualifiers.cpp:28:16:28:20 | inner indirection [a] | qualifiers.cpp:28:23:28:23 | a | | qualifiers.cpp:32:17:32:21 | getInner output argument [inner indirection, a] | qualifiers.cpp:33:10:33:14 | outer indirection [inner indirection, a] | | qualifiers.cpp:32:23:32:30 | pointerSetA output argument [a] | qualifiers.cpp:32:17:32:21 | getInner output argument [inner indirection, a] | | qualifiers.cpp:32:35:32:44 | call to user_input | qualifiers.cpp:12:40:12:44 | value | | qualifiers.cpp:32:35:32:44 | call to user_input | qualifiers.cpp:32:23:32:30 | pointerSetA output argument [a] | | qualifiers.cpp:33:10:33:14 | outer indirection [inner indirection, a] | qualifiers.cpp:33:16:33:20 | inner indirection [a] | -| qualifiers.cpp:33:16:33:20 | inner indirection [a] | qualifiers.cpp:33:16:33:20 | inner indirection [a] | | qualifiers.cpp:33:16:33:20 | inner indirection [a] | qualifiers.cpp:33:23:33:23 | a | | qualifiers.cpp:37:19:37:35 | referenceSetA output argument [a] | qualifiers.cpp:37:20:37:24 | getInner output argument [inner indirection, a] | | qualifiers.cpp:37:20:37:24 | getInner output argument [inner indirection, a] | qualifiers.cpp:38:10:38:14 | outer indirection [inner indirection, a] | | qualifiers.cpp:37:38:37:47 | call to user_input | qualifiers.cpp:13:42:13:46 | value | | qualifiers.cpp:37:38:37:47 | call to user_input | qualifiers.cpp:37:19:37:35 | referenceSetA output argument [a] | | qualifiers.cpp:38:10:38:14 | outer indirection [inner indirection, a] | qualifiers.cpp:38:16:38:20 | inner indirection [a] | -| qualifiers.cpp:38:16:38:20 | inner indirection [a] | qualifiers.cpp:38:16:38:20 | inner indirection [a] | | qualifiers.cpp:38:16:38:20 | inner indirection [a] | qualifiers.cpp:38:23:38:23 | a | | qualifiers.cpp:42:5:42:40 | ... = ... | qualifiers.cpp:42:25:42:25 | * ... indirection [post update] [a] | | qualifiers.cpp:42:7:42:11 | getInner output argument [inner indirection, a] | qualifiers.cpp:43:10:43:14 | outer indirection [inner indirection, a] | | qualifiers.cpp:42:25:42:25 | * ... indirection [post update] [a] | qualifiers.cpp:42:7:42:11 | getInner output argument [inner indirection, a] | | qualifiers.cpp:42:29:42:38 | call to user_input | qualifiers.cpp:42:5:42:40 | ... = ... | | qualifiers.cpp:43:10:43:14 | outer indirection [inner indirection, a] | qualifiers.cpp:43:16:43:20 | inner indirection [a] | -| qualifiers.cpp:43:16:43:20 | inner indirection [a] | qualifiers.cpp:43:16:43:20 | inner indirection [a] | | qualifiers.cpp:43:16:43:20 | inner indirection [a] | qualifiers.cpp:43:23:43:23 | a | | qualifiers.cpp:47:5:47:42 | ... = ... | qualifiers.cpp:47:27:47:27 | call to getInner indirection [post update] [a] | | qualifiers.cpp:47:6:47:11 | getInner output argument [inner indirection, a] | qualifiers.cpp:48:10:48:14 | outer indirection [inner indirection, a] | | qualifiers.cpp:47:27:47:27 | call to getInner indirection [post update] [a] | qualifiers.cpp:47:6:47:11 | getInner output argument [inner indirection, a] | | qualifiers.cpp:47:31:47:40 | call to user_input | qualifiers.cpp:47:5:47:42 | ... = ... | | qualifiers.cpp:48:10:48:14 | outer indirection [inner indirection, a] | qualifiers.cpp:48:16:48:20 | inner indirection [a] | -| qualifiers.cpp:48:16:48:20 | inner indirection [a] | qualifiers.cpp:48:16:48:20 | inner indirection [a] | | qualifiers.cpp:48:16:48:20 | inner indirection [a] | qualifiers.cpp:48:23:48:23 | a | | realistic.cpp:53:9:53:66 | ... = ... | realistic.cpp:53:35:53:43 | userInput indirection [post update] [bufferLen] | | realistic.cpp:53:13:53:15 | foo indirection [post update] [bar, baz indirection, userInput, bufferLen] | realistic.cpp:61:21:61:23 | foo indirection [bar, baz indirection, userInput, bufferLen] | @@ -717,7 +682,6 @@ edges | realistic.cpp:53:47:53:66 | call to user_input | realistic.cpp:53:9:53:66 | ... = ... | | realistic.cpp:61:21:61:23 | foo indirection [bar, baz indirection, userInput, bufferLen] | realistic.cpp:61:21:61:30 | access to array indirection [baz indirection, userInput, bufferLen] | | realistic.cpp:61:21:61:30 | access to array indirection [baz indirection, userInput, bufferLen] | realistic.cpp:61:32:61:34 | baz indirection [userInput, bufferLen] | -| realistic.cpp:61:32:61:34 | baz indirection [userInput, bufferLen] | realistic.cpp:61:32:61:34 | baz indirection [userInput, bufferLen] | | realistic.cpp:61:32:61:34 | baz indirection [userInput, bufferLen] | realistic.cpp:61:37:61:45 | userInput indirection [bufferLen] | | realistic.cpp:61:37:61:45 | userInput indirection [bufferLen] | realistic.cpp:61:14:61:55 | bufferLen | | simple.cpp:18:9:18:9 | this indirection [a_] | simple.cpp:18:22:18:23 | this indirection [a_] | @@ -796,7 +760,6 @@ edges | struct_init.c:31:8:31:12 | outer indirection [nestedAB, a] | struct_init.c:31:14:31:21 | nestedAB indirection [a] | | struct_init.c:31:14:31:21 | nestedAB indirection [a] | struct_init.c:31:23:31:23 | a | | struct_init.c:33:8:33:12 | outer indirection [pointerAB indirection, a] | struct_init.c:33:14:33:22 | pointerAB indirection [a] | -| struct_init.c:33:14:33:22 | pointerAB indirection [a] | struct_init.c:33:14:33:22 | pointerAB indirection [a] | | struct_init.c:33:14:33:22 | pointerAB indirection [a] | struct_init.c:33:25:33:25 | a | | struct_init.c:36:10:36:24 | & ... indirection [a] | struct_init.c:14:24:14:25 | ab indirection [a] | | struct_init.c:36:11:36:15 | outer indirection [nestedAB, a] | struct_init.c:36:10:36:24 | & ... indirection [a] | @@ -808,7 +771,6 @@ edges | struct_init.c:43:5:43:7 | & ... indirection [a] | struct_init.c:41:23:44:3 | definition of outer indirection [post update] [pointerAB indirection, a] | | struct_init.c:46:10:46:14 | outer indirection [pointerAB indirection, a] | struct_init.c:46:16:46:24 | pointerAB indirection [a] | | struct_init.c:46:16:46:24 | pointerAB indirection [a] | struct_init.c:14:24:14:25 | ab indirection [a] | -| struct_init.c:46:16:46:24 | pointerAB indirection [a] | struct_init.c:46:16:46:24 | pointerAB indirection [a] | nodes | A.cpp:23:10:23:10 | c | semmle.label | c | | A.cpp:25:7:25:17 | ... = ... | semmle.label | ... = ... | @@ -1019,7 +981,6 @@ nodes | E.cpp:21:10:21:10 | p indirection [data, buffer indirection] | semmle.label | p indirection [data, buffer indirection] | | E.cpp:21:13:21:16 | data indirection [buffer indirection] | semmle.label | data indirection [buffer indirection] | | E.cpp:21:18:21:23 | buffer indirection | semmle.label | buffer indirection | -| E.cpp:21:18:21:23 | buffer indirection | semmle.label | buffer indirection | | E.cpp:28:21:28:23 | argument_source output argument | semmle.label | argument_source output argument | | E.cpp:29:21:29:29 | argument_source output argument | semmle.label | argument_source output argument | | E.cpp:29:24:29:29 | b indirection [post update] [buffer indirection] | semmle.label | b indirection [post update] [buffer indirection] | @@ -1029,7 +990,6 @@ nodes | E.cpp:31:10:31:12 | raw indirection | semmle.label | raw indirection | | E.cpp:32:10:32:10 | b indirection [buffer indirection] | semmle.label | b indirection [buffer indirection] | | E.cpp:32:13:32:18 | buffer indirection | semmle.label | buffer indirection | -| E.cpp:32:13:32:18 | buffer indirection | semmle.label | buffer indirection | | E.cpp:33:18:33:19 | & ... indirection [data, buffer indirection] | semmle.label | & ... indirection [data, buffer indirection] | | aliasing.cpp:9:3:9:22 | ... = ... | semmle.label | ... = ... | | aliasing.cpp:9:6:9:7 | s indirection [post update] [m1] | semmle.label | s indirection [post update] [m1] | @@ -1277,7 +1237,6 @@ nodes | clearning.cpp:54:5:54:5 | x indirection | semmle.label | x indirection | | clearning.cpp:55:8:55:8 | s indirection [x indirection] | semmle.label | s indirection [x indirection] | | clearning.cpp:55:10:55:10 | x indirection | semmle.label | x indirection | -| clearning.cpp:55:10:55:10 | x indirection | semmle.label | x indirection | | clearning.cpp:60:3:60:22 | ... = ... | semmle.label | ... = ... | | clearning.cpp:60:7:60:7 | s indirection [post update] [x indirection] | semmle.label | s indirection [post update] [x indirection] | | clearning.cpp:60:11:60:20 | call to user_input | semmle.label | call to user_input | @@ -1288,7 +1247,6 @@ nodes | clearning.cpp:61:5:61:5 | x indirection | semmle.label | x indirection | | clearning.cpp:62:8:62:8 | s indirection [x indirection] | semmle.label | s indirection [x indirection] | | clearning.cpp:62:10:62:10 | x indirection | semmle.label | x indirection | -| clearning.cpp:62:10:62:10 | x indirection | semmle.label | x indirection | | clearning.cpp:74:20:74:22 | argument_source output argument | semmle.label | argument_source output argument | | clearning.cpp:74:20:74:22 | s indirection [post update] [val indirection] | semmle.label | s indirection [post update] [val indirection] | | clearning.cpp:76:7:76:12 | * ... | semmle.label | * ... | From b4958e7d58c514c0ab41e97be91d87b9df4bda35 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Mon, 30 Oct 2023 12:44:30 +0000 Subject: [PATCH 10/13] C++: Accept path changes. --- .../ArrayAccessProductFlow.expected | 1 - .../semmle/ExecTainted/ExecTainted.expected | 2 -- .../SAMATE/OverrunWriteProductFlow.expected | 3 --- .../Security/CWE/CWE-611/XXE.expected | 18 ------------------ 4 files changed, 24 deletions(-) diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/array-access/ArrayAccessProductFlow.expected b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/array-access/ArrayAccessProductFlow.expected index 15a601b27f0..c46629218fd 100644 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/array-access/ArrayAccessProductFlow.expected +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/array-access/ArrayAccessProductFlow.expected @@ -29,7 +29,6 @@ edges | test.cpp:69:10:69:10 | arr indirection [post update] [p] | test.cpp:70:5:70:7 | arr indirection [p] | | test.cpp:69:14:69:19 | call to malloc | test.cpp:69:5:69:25 | ... = ... | | test.cpp:70:5:70:7 | arr indirection [p] | test.cpp:67:10:67:19 | mk_array_p indirection [p] | -| test.cpp:70:5:70:7 | arr indirection [p] | test.cpp:70:5:70:7 | arr indirection [p] | | test.cpp:76:20:76:29 | call to mk_array_p indirection [p] | test.cpp:79:9:79:11 | arr indirection [p] | | test.cpp:76:20:76:29 | call to mk_array_p indirection [p] | test.cpp:83:9:83:11 | arr indirection [p] | | test.cpp:79:9:79:11 | arr indirection [p] | test.cpp:79:14:79:14 | p | diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-078/semmle/ExecTainted/ExecTainted.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-078/semmle/ExecTainted/ExecTainted.expected index 64e99a6c629..094234a77be 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-078/semmle/ExecTainted/ExecTainted.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-078/semmle/ExecTainted/ExecTainted.expected @@ -2,11 +2,9 @@ edges | test.cpp:15:27:15:30 | argv indirection | test.cpp:22:45:22:52 | userName indirection | | test.cpp:22:13:22:20 | sprintf output argument | test.cpp:23:12:23:19 | command1 indirection | | test.cpp:22:45:22:52 | userName indirection | test.cpp:22:13:22:20 | sprintf output argument | -| test.cpp:22:45:22:52 | userName indirection | test.cpp:22:45:22:52 | userName indirection | | test.cpp:47:21:47:26 | call to getenv indirection | test.cpp:50:35:50:43 | envCflags indirection | | test.cpp:50:11:50:17 | sprintf output argument | test.cpp:51:10:51:16 | command indirection | | test.cpp:50:35:50:43 | envCflags indirection | test.cpp:50:11:50:17 | sprintf output argument | -| test.cpp:50:35:50:43 | envCflags indirection | test.cpp:50:35:50:43 | envCflags indirection | | test.cpp:62:9:62:16 | fread output argument | test.cpp:64:20:64:27 | filename indirection | | test.cpp:64:11:64:17 | strncat output argument | test.cpp:65:10:65:16 | command indirection | | test.cpp:64:20:64:27 | filename indirection | test.cpp:64:11:64:17 | strncat output argument | diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-119/SAMATE/OverrunWriteProductFlow.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-119/SAMATE/OverrunWriteProductFlow.expected index c2d7723194d..c9fd98569cc 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-119/SAMATE/OverrunWriteProductFlow.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-119/SAMATE/OverrunWriteProductFlow.expected @@ -4,7 +4,6 @@ edges | test.cpp:18:10:18:15 | str indirection [post update] [string] | test.cpp:19:5:19:7 | str indirection [string] | | test.cpp:18:19:18:24 | call to malloc | test.cpp:18:5:18:30 | ... = ... | | test.cpp:19:5:19:7 | str indirection [string] | test.cpp:16:11:16:21 | mk_string_t indirection [string] | -| test.cpp:19:5:19:7 | str indirection [string] | test.cpp:19:5:19:7 | str indirection [string] | | test.cpp:39:21:39:31 | call to mk_string_t indirection [string] | test.cpp:42:13:42:15 | str indirection [string] | | test.cpp:39:21:39:31 | call to mk_string_t indirection [string] | test.cpp:72:17:72:19 | str indirection [string] | | test.cpp:39:21:39:31 | call to mk_string_t indirection [string] | test.cpp:80:17:80:19 | str indirection [string] | @@ -16,7 +15,6 @@ edges | test.cpp:90:10:90:15 | str indirection [post update] [string] | test.cpp:91:5:91:7 | str indirection [string] | | test.cpp:90:19:90:24 | call to malloc | test.cpp:90:5:90:34 | ... = ... | | test.cpp:91:5:91:7 | str indirection [string] | test.cpp:88:11:88:30 | mk_string_t_plus_one indirection [string] | -| test.cpp:91:5:91:7 | str indirection [string] | test.cpp:91:5:91:7 | str indirection [string] | | test.cpp:96:21:96:40 | call to mk_string_t_plus_one indirection [string] | test.cpp:99:13:99:15 | str indirection [string] | | test.cpp:96:21:96:40 | call to mk_string_t_plus_one indirection [string] | test.cpp:129:17:129:19 | str indirection [string] | | test.cpp:96:21:96:40 | call to mk_string_t_plus_one indirection [string] | test.cpp:137:17:137:19 | str indirection [string] | @@ -26,7 +24,6 @@ edges | test.cpp:147:5:147:34 | ... = ... | test.cpp:147:10:147:15 | str indirection [post update] [string] | | test.cpp:147:10:147:15 | str indirection [post update] [string] | test.cpp:148:5:148:7 | str indirection [string] | | test.cpp:147:19:147:24 | call to malloc | test.cpp:147:5:147:34 | ... = ... | -| test.cpp:148:5:148:7 | str indirection [string] | test.cpp:148:5:148:7 | str indirection [string] | | test.cpp:148:5:148:7 | str indirection [string] | test.cpp:152:13:152:15 | str indirection [string] | | test.cpp:148:5:148:7 | str indirection [string] | test.cpp:154:13:154:15 | str indirection [string] | | test.cpp:148:5:148:7 | str indirection [string] | test.cpp:156:13:156:15 | str indirection [string] | diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-611/XXE.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-611/XXE.expected index f24a5f8d04a..20f1faa1bf9 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-611/XXE.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-611/XXE.expected @@ -22,31 +22,19 @@ edges | tests5.cpp:88:2:88:2 | p indirection | tests5.cpp:89:2:89:2 | p indirection | | tests.cpp:15:23:15:43 | call to XercesDOMParser | tests.cpp:17:2:17:2 | p indirection | | tests.cpp:28:23:28:43 | call to XercesDOMParser | tests.cpp:31:2:31:2 | p indirection | -| tests.cpp:35:23:35:43 | call to XercesDOMParser | tests.cpp:37:2:37:2 | (AbstractDOMParser *)... indirection | | tests.cpp:35:23:35:43 | call to XercesDOMParser | tests.cpp:37:2:37:2 | p indirection | -| tests.cpp:37:2:37:2 | (AbstractDOMParser *)... indirection | tests.cpp:37:2:37:2 | p indirection | | tests.cpp:37:2:37:2 | p indirection | tests.cpp:37:2:37:2 | p indirection | -| tests.cpp:37:2:37:2 | p indirection | tests.cpp:38:2:38:2 | (AbstractDOMParser *)... indirection | | tests.cpp:37:2:37:2 | p indirection | tests.cpp:38:2:38:2 | p indirection | -| tests.cpp:38:2:38:2 | (AbstractDOMParser *)... indirection | tests.cpp:38:2:38:2 | p indirection | | tests.cpp:38:2:38:2 | p indirection | tests.cpp:38:2:38:2 | p indirection | | tests.cpp:38:2:38:2 | p indirection | tests.cpp:39:2:39:2 | p indirection | -| tests.cpp:51:23:51:43 | call to XercesDOMParser | tests.cpp:53:2:53:2 | (AbstractDOMParser *)... indirection | | tests.cpp:51:23:51:43 | call to XercesDOMParser | tests.cpp:53:2:53:2 | p indirection | -| tests.cpp:53:2:53:2 | (AbstractDOMParser *)... indirection | tests.cpp:53:2:53:2 | p indirection | | tests.cpp:53:2:53:2 | p indirection | tests.cpp:53:2:53:2 | p indirection | -| tests.cpp:53:2:53:2 | p indirection | tests.cpp:55:2:55:2 | (AbstractDOMParser *)... indirection | | tests.cpp:53:2:53:2 | p indirection | tests.cpp:55:2:55:2 | p indirection | -| tests.cpp:55:2:55:2 | (AbstractDOMParser *)... indirection | tests.cpp:55:2:55:2 | p indirection | | tests.cpp:55:2:55:2 | p indirection | tests.cpp:55:2:55:2 | p indirection | | tests.cpp:55:2:55:2 | p indirection | tests.cpp:56:2:56:2 | p indirection | -| tests.cpp:55:2:55:2 | p indirection | tests.cpp:57:2:57:2 | (AbstractDOMParser *)... indirection | | tests.cpp:55:2:55:2 | p indirection | tests.cpp:57:2:57:2 | p indirection | -| tests.cpp:57:2:57:2 | (AbstractDOMParser *)... indirection | tests.cpp:57:2:57:2 | p indirection | | tests.cpp:57:2:57:2 | p indirection | tests.cpp:57:2:57:2 | p indirection | -| tests.cpp:57:2:57:2 | p indirection | tests.cpp:59:2:59:2 | (AbstractDOMParser *)... indirection | | tests.cpp:57:2:57:2 | p indirection | tests.cpp:59:2:59:2 | p indirection | -| tests.cpp:59:2:59:2 | (AbstractDOMParser *)... indirection | tests.cpp:59:2:59:2 | p indirection | | tests.cpp:59:2:59:2 | p indirection | tests.cpp:59:2:59:2 | p indirection | | tests.cpp:59:2:59:2 | p indirection | tests.cpp:60:2:60:2 | p indirection | | tests.cpp:66:23:66:43 | call to XercesDOMParser | tests.cpp:69:2:69:2 | p indirection | @@ -104,25 +92,19 @@ nodes | tests.cpp:28:23:28:43 | call to XercesDOMParser | semmle.label | call to XercesDOMParser | | tests.cpp:31:2:31:2 | p indirection | semmle.label | p indirection | | tests.cpp:35:23:35:43 | call to XercesDOMParser | semmle.label | call to XercesDOMParser | -| tests.cpp:37:2:37:2 | (AbstractDOMParser *)... indirection | semmle.label | (AbstractDOMParser *)... indirection | | tests.cpp:37:2:37:2 | p indirection | semmle.label | p indirection | | tests.cpp:37:2:37:2 | p indirection | semmle.label | p indirection | -| tests.cpp:38:2:38:2 | (AbstractDOMParser *)... indirection | semmle.label | (AbstractDOMParser *)... indirection | | tests.cpp:38:2:38:2 | p indirection | semmle.label | p indirection | | tests.cpp:38:2:38:2 | p indirection | semmle.label | p indirection | | tests.cpp:39:2:39:2 | p indirection | semmle.label | p indirection | | tests.cpp:51:23:51:43 | call to XercesDOMParser | semmle.label | call to XercesDOMParser | -| tests.cpp:53:2:53:2 | (AbstractDOMParser *)... indirection | semmle.label | (AbstractDOMParser *)... indirection | | tests.cpp:53:2:53:2 | p indirection | semmle.label | p indirection | | tests.cpp:53:2:53:2 | p indirection | semmle.label | p indirection | -| tests.cpp:55:2:55:2 | (AbstractDOMParser *)... indirection | semmle.label | (AbstractDOMParser *)... indirection | | tests.cpp:55:2:55:2 | p indirection | semmle.label | p indirection | | tests.cpp:55:2:55:2 | p indirection | semmle.label | p indirection | | tests.cpp:56:2:56:2 | p indirection | semmle.label | p indirection | -| tests.cpp:57:2:57:2 | (AbstractDOMParser *)... indirection | semmle.label | (AbstractDOMParser *)... indirection | | tests.cpp:57:2:57:2 | p indirection | semmle.label | p indirection | | tests.cpp:57:2:57:2 | p indirection | semmle.label | p indirection | -| tests.cpp:59:2:59:2 | (AbstractDOMParser *)... indirection | semmle.label | (AbstractDOMParser *)... indirection | | tests.cpp:59:2:59:2 | p indirection | semmle.label | p indirection | | tests.cpp:59:2:59:2 | p indirection | semmle.label | p indirection | | tests.cpp:60:2:60:2 | p indirection | semmle.label | p indirection | From 2b939fdf08b36392d471b4d7f5439dbb2ab662ef Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Mon, 30 Oct 2023 16:06:51 +0000 Subject: [PATCH 11/13] Post-release preparation for codeql-cli-2.15.2 --- cpp/ql/lib/qlpack.yml | 2 +- cpp/ql/src/qlpack.yml | 2 +- csharp/ql/campaigns/Solorigate/lib/qlpack.yml | 2 +- csharp/ql/campaigns/Solorigate/src/qlpack.yml | 2 +- csharp/ql/lib/qlpack.yml | 2 +- csharp/ql/src/qlpack.yml | 2 +- go/ql/consistency-queries/qlpack.yml | 2 +- go/ql/lib/qlpack.yml | 2 +- go/ql/src/qlpack.yml | 2 +- java/ql/automodel/src/qlpack.yml | 2 +- java/ql/lib/qlpack.yml | 2 +- java/ql/src/qlpack.yml | 2 +- javascript/ql/lib/qlpack.yml | 2 +- javascript/ql/src/qlpack.yml | 2 +- misc/suite-helpers/qlpack.yml | 2 +- python/ql/lib/qlpack.yml | 2 +- python/ql/src/qlpack.yml | 2 +- ruby/ql/lib/qlpack.yml | 2 +- ruby/ql/src/qlpack.yml | 2 +- shared/controlflow/qlpack.yml | 2 +- shared/dataflow/qlpack.yml | 2 +- shared/mad/qlpack.yml | 2 +- shared/rangeanalysis/qlpack.yml | 2 +- shared/regex/qlpack.yml | 2 +- shared/ssa/qlpack.yml | 2 +- shared/threat-models/qlpack.yml | 2 +- shared/tutorial/qlpack.yml | 2 +- shared/typetracking/qlpack.yml | 2 +- shared/typos/qlpack.yml | 2 +- shared/util/qlpack.yml | 2 +- shared/yaml/qlpack.yml | 2 +- swift/ql/lib/qlpack.yml | 2 +- swift/ql/src/qlpack.yml | 2 +- 33 files changed, 33 insertions(+), 33 deletions(-) diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index 90a71eb72af..28a3d13cd58 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 0.11.0 +version: 0.11.1-dev groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index 70d2ef73c8c..7f07ad77a21 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-queries -version: 0.8.2 +version: 0.8.3-dev groups: - cpp - queries diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml index 139a71e8b7b..2adbcb7101e 100644 --- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-all -version: 1.7.2 +version: 1.7.3-dev groups: - csharp - solorigate diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml index 434e3037ac6..2b213c24246 100644 --- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-queries -version: 1.7.2 +version: 1.7.3-dev groups: - csharp - solorigate diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index 10cdf042be0..574de8bf003 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 0.8.2 +version: 0.8.3-dev groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index 6e6e3d3c6ec..667ca875601 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-queries -version: 0.8.2 +version: 0.8.3-dev groups: - csharp - queries diff --git a/go/ql/consistency-queries/qlpack.yml b/go/ql/consistency-queries/qlpack.yml index 6b5870aa406..2b0a52a185e 100644 --- a/go/ql/consistency-queries/qlpack.yml +++ b/go/ql/consistency-queries/qlpack.yml @@ -1,5 +1,5 @@ name: codeql-go-consistency-queries -version: 0.0.1 +version: 0.0.2-dev groups: - go - queries diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml index 5ad8bf980c9..8069dc5d797 100644 --- a/go/ql/lib/qlpack.yml +++ b/go/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-all -version: 0.7.2 +version: 0.7.3-dev groups: go dbscheme: go.dbscheme extractor: go diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml index 9309b1db4ed..44d31df731b 100644 --- a/go/ql/src/qlpack.yml +++ b/go/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-queries -version: 0.7.2 +version: 0.7.3-dev groups: - go - queries diff --git a/java/ql/automodel/src/qlpack.yml b/java/ql/automodel/src/qlpack.yml index 6bf7e6eed82..23b4a9e7e32 100644 --- a/java/ql/automodel/src/qlpack.yml +++ b/java/ql/automodel/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-automodel-queries -version: 0.0.7 +version: 0.0.8-dev groups: - java - automodel diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index d53723702ac..d081d963060 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 0.8.2 +version: 0.8.3-dev groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index bc71d4bb054..9a8ff49eefd 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-queries -version: 0.8.2 +version: 0.8.3-dev groups: - java - queries diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index 8180fb4d440..5842cd19576 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-all -version: 0.8.2 +version: 0.8.3-dev groups: javascript dbscheme: semmlecode.javascript.dbscheme extractor: javascript diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml index 72b45ca13d8..8ac34dd2fed 100644 --- a/javascript/ql/src/qlpack.yml +++ b/javascript/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-queries -version: 0.8.2 +version: 0.8.3-dev groups: - javascript - queries diff --git a/misc/suite-helpers/qlpack.yml b/misc/suite-helpers/qlpack.yml index 6de31f4d421..a9421fb41ba 100644 --- a/misc/suite-helpers/qlpack.yml +++ b/misc/suite-helpers/qlpack.yml @@ -1,4 +1,4 @@ name: codeql/suite-helpers -version: 0.7.2 +version: 0.7.3-dev groups: shared warnOnImplicitThis: true diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml index f264b8da2eb..d6c26871000 100644 --- a/python/ql/lib/qlpack.yml +++ b/python/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-all -version: 0.11.2 +version: 0.11.3-dev groups: python dbscheme: semmlecode.python.dbscheme extractor: python diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml index faae2e2c3d3..3545c0cde79 100644 --- a/python/ql/src/qlpack.yml +++ b/python/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-queries -version: 0.9.2 +version: 0.9.3-dev groups: - python - queries diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml index 272e3a5ba34..58c41f1c48c 100644 --- a/ruby/ql/lib/qlpack.yml +++ b/ruby/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-all -version: 0.8.2 +version: 0.8.3-dev groups: ruby extractor: ruby dbscheme: ruby.dbscheme diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml index 74905491a99..61a7f4b8433 100644 --- a/ruby/ql/src/qlpack.yml +++ b/ruby/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-queries -version: 0.8.2 +version: 0.8.3-dev groups: - ruby - queries diff --git a/shared/controlflow/qlpack.yml b/shared/controlflow/qlpack.yml index f52e2be7607..cfd0a23d6fd 100644 --- a/shared/controlflow/qlpack.yml +++ b/shared/controlflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/controlflow -version: 0.1.2 +version: 0.1.3-dev groups: shared library: true dependencies: diff --git a/shared/dataflow/qlpack.yml b/shared/dataflow/qlpack.yml index 7527fd76d9e..c86f4e2827a 100644 --- a/shared/dataflow/qlpack.yml +++ b/shared/dataflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/dataflow -version: 0.1.2 +version: 0.1.3-dev groups: shared library: true dependencies: diff --git a/shared/mad/qlpack.yml b/shared/mad/qlpack.yml index 1c3ab80e508..bb409ee82f8 100644 --- a/shared/mad/qlpack.yml +++ b/shared/mad/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/mad -version: 0.2.2 +version: 0.2.3-dev groups: shared library: true dependencies: null diff --git a/shared/rangeanalysis/qlpack.yml b/shared/rangeanalysis/qlpack.yml index 4f0abfe5f25..d3ea91c2053 100644 --- a/shared/rangeanalysis/qlpack.yml +++ b/shared/rangeanalysis/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rangeanalysis -version: 0.0.1 +version: 0.0.2-dev groups: shared library: true dependencies: diff --git a/shared/regex/qlpack.yml b/shared/regex/qlpack.yml index a107c4e04f5..45593edb1fc 100644 --- a/shared/regex/qlpack.yml +++ b/shared/regex/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/regex -version: 0.2.2 +version: 0.2.3-dev groups: shared library: true dependencies: diff --git a/shared/ssa/qlpack.yml b/shared/ssa/qlpack.yml index 5a562f22a45..dfaee0ad8b4 100644 --- a/shared/ssa/qlpack.yml +++ b/shared/ssa/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ssa -version: 0.2.2 +version: 0.2.3-dev groups: shared library: true warnOnImplicitThis: true diff --git a/shared/threat-models/qlpack.yml b/shared/threat-models/qlpack.yml index d0a098b44f5..8bf6774202c 100644 --- a/shared/threat-models/qlpack.yml +++ b/shared/threat-models/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/threat-models -version: 0.0.1 +version: 0.0.2-dev library: true groups: shared dataExtensions: diff --git a/shared/tutorial/qlpack.yml b/shared/tutorial/qlpack.yml index 2202de7903b..b35e04be888 100644 --- a/shared/tutorial/qlpack.yml +++ b/shared/tutorial/qlpack.yml @@ -1,7 +1,7 @@ name: codeql/tutorial description: Library for the CodeQL detective tutorials, helping new users learn to write CodeQL queries. -version: 0.2.2 +version: 0.2.3-dev groups: shared library: true warnOnImplicitThis: true diff --git a/shared/typetracking/qlpack.yml b/shared/typetracking/qlpack.yml index d129cb1c023..0755439b4bc 100644 --- a/shared/typetracking/qlpack.yml +++ b/shared/typetracking/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typetracking -version: 0.2.2 +version: 0.2.3-dev groups: shared library: true dependencies: diff --git a/shared/typos/qlpack.yml b/shared/typos/qlpack.yml index 0ae042ad2bb..4e7ade7b781 100644 --- a/shared/typos/qlpack.yml +++ b/shared/typos/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typos -version: 0.2.2 +version: 0.2.3-dev groups: shared library: true warnOnImplicitThis: true diff --git a/shared/util/qlpack.yml b/shared/util/qlpack.yml index 98af9491fd8..9a0d20f61b6 100644 --- a/shared/util/qlpack.yml +++ b/shared/util/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/util -version: 0.2.2 +version: 0.2.3-dev groups: shared library: true dependencies: null diff --git a/shared/yaml/qlpack.yml b/shared/yaml/qlpack.yml index da2ef273d9c..72bb02d1ebb 100644 --- a/shared/yaml/qlpack.yml +++ b/shared/yaml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/yaml -version: 0.2.2 +version: 0.2.3-dev groups: shared library: true warnOnImplicitThis: true diff --git a/swift/ql/lib/qlpack.yml b/swift/ql/lib/qlpack.yml index c3ec3196fb3..bef323df50c 100644 --- a/swift/ql/lib/qlpack.yml +++ b/swift/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-all -version: 0.3.2 +version: 0.3.3-dev groups: swift extractor: swift dbscheme: swift.dbscheme diff --git a/swift/ql/src/qlpack.yml b/swift/ql/src/qlpack.yml index faa56e6c5bc..556d751397f 100644 --- a/swift/ql/src/qlpack.yml +++ b/swift/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-queries -version: 0.3.2 +version: 0.3.3-dev groups: - swift - queries From c8706e2ad716ff418baa164a86b9a195579db3d0 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 30 Oct 2023 15:55:46 +0000 Subject: [PATCH 12/13] Swift: Add some annotations to the clarify UnsafeJSEval.swift test. --- .../Security/CWE-094/UnsafeJsEval.swift | 28 +++++++++---------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/swift/ql/test/query-tests/Security/CWE-094/UnsafeJsEval.swift b/swift/ql/test/query-tests/Security/CWE-094/UnsafeJsEval.swift index 437559f2acf..863e859761a 100644 --- a/swift/ql/test/query-tests/Security/CWE-094/UnsafeJsEval.swift +++ b/swift/ql/test/query-tests/Security/CWE-094/UnsafeJsEval.swift @@ -224,7 +224,7 @@ func testUIWebView() { let webview = UIWebView() testAsync { string in - _ = await webview.stringByEvaluatingJavaScript(from: string) + _ = await webview.stringByEvaluatingJavaScript(from: string) // BAD [NOT DETECTED] } } @@ -232,7 +232,7 @@ func testWebView() { let webview = WebView() testAsync { string in - _ = await webview.stringByEvaluatingJavaScript(from: string) + _ = await webview.stringByEvaluatingJavaScript(from: string) // BAD [NOT DETECTED] } } @@ -240,22 +240,22 @@ func testWKWebView() { let webview = WKWebView() testAsync { string in - _ = try await webview.evaluateJavaScript(string) + _ = try await webview.evaluateJavaScript(string) // BAD [NOT DETECTED] } testAsync { string in - await webview.evaluateJavaScript(string) { _, _ in } + await webview.evaluateJavaScript(string) { _, _ in } // BAD [NOT DETECTED] } testAsync { string in - await webview.evaluateJavaScript(string, in: nil, in: WKContentWorld.defaultClient) { _ in } + await webview.evaluateJavaScript(string, in: nil, in: WKContentWorld.defaultClient) { _ in } // BAD [NOT DETECTED] } testAsync { string in - _ = try await webview.evaluateJavaScript(string, contentWorld: .defaultClient) + _ = try await webview.evaluateJavaScript(string, contentWorld: .defaultClient) // BAD [NOT DETECTED] } testAsync { string in - await webview.callAsyncJavaScript(string, in: nil, in: .defaultClient) { _ in () } + await webview.callAsyncJavaScript(string, in: nil, in: .defaultClient) { _ in () } // BAD [NOT DETECTED] } testAsync { string in - _ = try await webview.callAsyncJavaScript(string, contentWorld: WKContentWorld.defaultClient) + _ = try await webview.callAsyncJavaScript(string, contentWorld: WKContentWorld.defaultClient) // BAD [NOT DETECTED] } } @@ -263,10 +263,10 @@ func testWKUserContentController() { let ctrl = WKUserContentController() testSync { string in - ctrl.addUserScript(WKUserScript(source: string, injectionTime: .atDocumentStart, forMainFrameOnly: false)) + ctrl.addUserScript(WKUserScript(source: string, injectionTime: .atDocumentStart, forMainFrameOnly: false)) // BAD (multiple sources) } testSync { string in - ctrl.addUserScript(WKUserScript(source: string, injectionTime: .atDocumentEnd, forMainFrameOnly: true, in: .defaultClient)) + ctrl.addUserScript(WKUserScript(source: string, injectionTime: .atDocumentEnd, forMainFrameOnly: true, in: .defaultClient)) // BAD (multiple sources) } } @@ -274,10 +274,10 @@ func testJSContext() { let ctx = JSContext() testSync { string in - _ = ctx.evaluateScript(string) + _ = ctx.evaluateScript(string) // BAD (multiple sources) } testSync { string in - _ = ctx.evaluateScript(string, withSourceURL: URL(string: "https://example.com")) + _ = ctx.evaluateScript(string, withSourceURL: URL(string: "https://example.com")) // BAD (multiple sources) } } @@ -288,7 +288,7 @@ func testJSEvaluateScript() { defer { JSStringRelease(jsstr) } _ = JSEvaluateScript( /*ctx:*/ OpaquePointer(bitPattern: 0), - /*script:*/ jsstr, + /*script:*/ jsstr, // BAD (multiple sources) /*thisObject:*/ OpaquePointer(bitPattern: 0), /*sourceURL:*/ OpaquePointer(bitPattern: 0), /*startingLineNumber:*/ 0, @@ -302,7 +302,7 @@ func testJSEvaluateScript() { defer { JSStringRelease(jsstr) } _ = JSEvaluateScript( /*ctx:*/ OpaquePointer(bitPattern: 0), - /*script:*/ jsstr, + /*script:*/ jsstr, // BAD (multiple sources) /*thisObject:*/ OpaquePointer(bitPattern: 0), /*sourceURL:*/ OpaquePointer(bitPattern: 0), /*startingLineNumber:*/ 0, From b259a0ff6a12565a672e5617fada1cd23eefd740 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 30 Oct 2023 16:04:47 +0000 Subject: [PATCH 13/13] Swift: get rid of getRemoteData() in the tests, it's obfuscating results. --- .../Security/CWE-094/UnsafeJsEval.expected | 74 +++++++++++-------- .../Security/CWE-094/UnsafeJsEval.swift | 40 +++++----- 2 files changed, 62 insertions(+), 52 deletions(-) diff --git a/swift/ql/test/query-tests/Security/CWE-094/UnsafeJsEval.expected b/swift/ql/test/query-tests/Security/CWE-094/UnsafeJsEval.expected index da56e96c094..65c4c5eb2c1 100644 --- a/swift/ql/test/query-tests/Security/CWE-094/UnsafeJsEval.expected +++ b/swift/ql/test/query-tests/Security/CWE-094/UnsafeJsEval.expected @@ -1,9 +1,4 @@ edges -| UnsafeJsEval.swift:165:10:165:37 | try ... | UnsafeJsEval.swift:201:21:201:35 | call to getRemoteData() | -| UnsafeJsEval.swift:165:14:165:37 | call to String.init(contentsOf:) | UnsafeJsEval.swift:165:10:165:37 | try ... | -| UnsafeJsEval.swift:201:21:201:35 | call to getRemoteData() | UnsafeJsEval.swift:205:7:205:7 | remoteString | -| UnsafeJsEval.swift:201:21:201:35 | call to getRemoteData() | UnsafeJsEval.swift:208:7:208:39 | ... .+(_:_:) ... | -| UnsafeJsEval.swift:201:21:201:35 | call to getRemoteData() | UnsafeJsEval.swift:211:24:211:37 | .utf8 | | UnsafeJsEval.swift:204:7:204:66 | try! ... | UnsafeJsEval.swift:265:13:265:13 | string | | UnsafeJsEval.swift:204:7:204:66 | try! ... | UnsafeJsEval.swift:268:13:268:13 | string | | UnsafeJsEval.swift:204:7:204:66 | try! ... | UnsafeJsEval.swift:276:13:276:13 | string | @@ -11,20 +6,23 @@ edges | UnsafeJsEval.swift:204:7:204:66 | try! ... | UnsafeJsEval.swift:285:13:285:13 | string | | UnsafeJsEval.swift:204:7:204:66 | try! ... | UnsafeJsEval.swift:299:13:299:13 | string | | UnsafeJsEval.swift:204:12:204:66 | call to String.init(contentsOf:) | UnsafeJsEval.swift:204:7:204:66 | try! ... | -| UnsafeJsEval.swift:205:7:205:7 | remoteString | UnsafeJsEval.swift:265:13:265:13 | string | -| UnsafeJsEval.swift:205:7:205:7 | remoteString | UnsafeJsEval.swift:268:13:268:13 | string | -| UnsafeJsEval.swift:205:7:205:7 | remoteString | UnsafeJsEval.swift:276:13:276:13 | string | -| UnsafeJsEval.swift:205:7:205:7 | remoteString | UnsafeJsEval.swift:279:13:279:13 | string | -| UnsafeJsEval.swift:205:7:205:7 | remoteString | UnsafeJsEval.swift:285:13:285:13 | string | -| UnsafeJsEval.swift:205:7:205:7 | remoteString | UnsafeJsEval.swift:299:13:299:13 | string | -| UnsafeJsEval.swift:208:7:208:39 | ... .+(_:_:) ... | UnsafeJsEval.swift:265:13:265:13 | string | -| UnsafeJsEval.swift:208:7:208:39 | ... .+(_:_:) ... | UnsafeJsEval.swift:268:13:268:13 | string | -| UnsafeJsEval.swift:208:7:208:39 | ... .+(_:_:) ... | UnsafeJsEval.swift:276:13:276:13 | string | -| UnsafeJsEval.swift:208:7:208:39 | ... .+(_:_:) ... | UnsafeJsEval.swift:279:13:279:13 | string | -| UnsafeJsEval.swift:208:7:208:39 | ... .+(_:_:) ... | UnsafeJsEval.swift:285:13:285:13 | string | -| UnsafeJsEval.swift:208:7:208:39 | ... .+(_:_:) ... | UnsafeJsEval.swift:299:13:299:13 | string | -| UnsafeJsEval.swift:211:19:211:41 | call to Data.init(_:) | UnsafeJsEval.swift:214:24:214:24 | remoteData | -| UnsafeJsEval.swift:211:24:211:37 | .utf8 | UnsafeJsEval.swift:211:19:211:41 | call to Data.init(_:) | +| UnsafeJsEval.swift:205:7:205:35 | try! ... | UnsafeJsEval.swift:265:13:265:13 | string | +| UnsafeJsEval.swift:205:7:205:35 | try! ... | UnsafeJsEval.swift:268:13:268:13 | string | +| UnsafeJsEval.swift:205:7:205:35 | try! ... | UnsafeJsEval.swift:276:13:276:13 | string | +| UnsafeJsEval.swift:205:7:205:35 | try! ... | UnsafeJsEval.swift:279:13:279:13 | string | +| UnsafeJsEval.swift:205:7:205:35 | try! ... | UnsafeJsEval.swift:285:13:285:13 | string | +| UnsafeJsEval.swift:205:7:205:35 | try! ... | UnsafeJsEval.swift:299:13:299:13 | string | +| UnsafeJsEval.swift:205:12:205:35 | call to String.init(contentsOf:) | UnsafeJsEval.swift:205:7:205:35 | try! ... | +| UnsafeJsEval.swift:208:7:208:58 | ... .+(_:_:) ... | UnsafeJsEval.swift:265:13:265:13 | string | +| UnsafeJsEval.swift:208:7:208:58 | ... .+(_:_:) ... | UnsafeJsEval.swift:268:13:268:13 | string | +| UnsafeJsEval.swift:208:7:208:58 | ... .+(_:_:) ... | UnsafeJsEval.swift:276:13:276:13 | string | +| UnsafeJsEval.swift:208:7:208:58 | ... .+(_:_:) ... | UnsafeJsEval.swift:279:13:279:13 | string | +| UnsafeJsEval.swift:208:7:208:58 | ... .+(_:_:) ... | UnsafeJsEval.swift:285:13:285:13 | string | +| UnsafeJsEval.swift:208:7:208:58 | ... .+(_:_:) ... | UnsafeJsEval.swift:299:13:299:13 | string | +| UnsafeJsEval.swift:208:30:208:53 | call to String.init(contentsOf:) | UnsafeJsEval.swift:208:7:208:58 | ... .+(_:_:) ... | +| UnsafeJsEval.swift:211:19:211:60 | call to Data.init(_:) | UnsafeJsEval.swift:214:24:214:24 | remoteData | +| UnsafeJsEval.swift:211:24:211:56 | .utf8 | UnsafeJsEval.swift:211:19:211:60 | call to Data.init(_:) | +| UnsafeJsEval.swift:211:30:211:53 | call to String.init(contentsOf:) | UnsafeJsEval.swift:211:24:211:56 | .utf8 | | UnsafeJsEval.swift:214:7:214:49 | call to String.init(decoding:as:) | UnsafeJsEval.swift:265:13:265:13 | string | | UnsafeJsEval.swift:214:7:214:49 | call to String.init(decoding:as:) | UnsafeJsEval.swift:268:13:268:13 | string | | UnsafeJsEval.swift:214:7:214:49 | call to String.init(decoding:as:) | UnsafeJsEval.swift:276:13:276:13 | string | @@ -56,15 +54,15 @@ edges | UnsafeJsEval.swift:301:61:301:73 | .baseAddress | UnsafeJsEval.swift:301:31:301:84 | call to JSStringCreateWithUTF8CString(_:) | | UnsafeJsEval.swift:318:24:318:87 | call to String.init(contentsOf:) | UnsafeJsEval.swift:320:44:320:74 | ... .+(_:_:) ... | nodes -| UnsafeJsEval.swift:165:10:165:37 | try ... | semmle.label | try ... | -| UnsafeJsEval.swift:165:14:165:37 | call to String.init(contentsOf:) | semmle.label | call to String.init(contentsOf:) | -| UnsafeJsEval.swift:201:21:201:35 | call to getRemoteData() | semmle.label | call to getRemoteData() | | UnsafeJsEval.swift:204:7:204:66 | try! ... | semmle.label | try! ... | | UnsafeJsEval.swift:204:12:204:66 | call to String.init(contentsOf:) | semmle.label | call to String.init(contentsOf:) | -| UnsafeJsEval.swift:205:7:205:7 | remoteString | semmle.label | remoteString | -| UnsafeJsEval.swift:208:7:208:39 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... | -| UnsafeJsEval.swift:211:19:211:41 | call to Data.init(_:) | semmle.label | call to Data.init(_:) | -| UnsafeJsEval.swift:211:24:211:37 | .utf8 | semmle.label | .utf8 | +| UnsafeJsEval.swift:205:7:205:35 | try! ... | semmle.label | try! ... | +| UnsafeJsEval.swift:205:12:205:35 | call to String.init(contentsOf:) | semmle.label | call to String.init(contentsOf:) | +| UnsafeJsEval.swift:208:7:208:58 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... | +| UnsafeJsEval.swift:208:30:208:53 | call to String.init(contentsOf:) | semmle.label | call to String.init(contentsOf:) | +| UnsafeJsEval.swift:211:19:211:60 | call to Data.init(_:) | semmle.label | call to Data.init(_:) | +| UnsafeJsEval.swift:211:24:211:56 | .utf8 | semmle.label | .utf8 | +| UnsafeJsEval.swift:211:30:211:53 | call to String.init(contentsOf:) | semmle.label | call to String.init(contentsOf:) | | UnsafeJsEval.swift:214:7:214:49 | call to String.init(decoding:as:) | semmle.label | call to String.init(decoding:as:) | | UnsafeJsEval.swift:214:24:214:24 | remoteData | semmle.label | remoteData | | UnsafeJsEval.swift:265:13:265:13 | string | semmle.label | string | @@ -99,16 +97,28 @@ nodes | UnsafeJsEval.swift:320:44:320:74 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... | subpaths #select -| UnsafeJsEval.swift:266:22:266:107 | call to WKUserScript.init(source:injectionTime:forMainFrameOnly:) | UnsafeJsEval.swift:165:14:165:37 | call to String.init(contentsOf:) | UnsafeJsEval.swift:266:22:266:107 | call to WKUserScript.init(source:injectionTime:forMainFrameOnly:) | Evaluation of uncontrolled JavaScript from a remote source. | | UnsafeJsEval.swift:266:22:266:107 | call to WKUserScript.init(source:injectionTime:forMainFrameOnly:) | UnsafeJsEval.swift:204:12:204:66 | call to String.init(contentsOf:) | UnsafeJsEval.swift:266:22:266:107 | call to WKUserScript.init(source:injectionTime:forMainFrameOnly:) | Evaluation of uncontrolled JavaScript from a remote source. | -| UnsafeJsEval.swift:269:22:269:124 | call to WKUserScript.init(source:injectionTime:forMainFrameOnly:in:) | UnsafeJsEval.swift:165:14:165:37 | call to String.init(contentsOf:) | UnsafeJsEval.swift:269:22:269:124 | call to WKUserScript.init(source:injectionTime:forMainFrameOnly:in:) | Evaluation of uncontrolled JavaScript from a remote source. | +| UnsafeJsEval.swift:266:22:266:107 | call to WKUserScript.init(source:injectionTime:forMainFrameOnly:) | UnsafeJsEval.swift:205:12:205:35 | call to String.init(contentsOf:) | UnsafeJsEval.swift:266:22:266:107 | call to WKUserScript.init(source:injectionTime:forMainFrameOnly:) | Evaluation of uncontrolled JavaScript from a remote source. | +| UnsafeJsEval.swift:266:22:266:107 | call to WKUserScript.init(source:injectionTime:forMainFrameOnly:) | UnsafeJsEval.swift:208:30:208:53 | call to String.init(contentsOf:) | UnsafeJsEval.swift:266:22:266:107 | call to WKUserScript.init(source:injectionTime:forMainFrameOnly:) | Evaluation of uncontrolled JavaScript from a remote source. | +| UnsafeJsEval.swift:266:22:266:107 | call to WKUserScript.init(source:injectionTime:forMainFrameOnly:) | UnsafeJsEval.swift:211:30:211:53 | call to String.init(contentsOf:) | UnsafeJsEval.swift:266:22:266:107 | call to WKUserScript.init(source:injectionTime:forMainFrameOnly:) | Evaluation of uncontrolled JavaScript from a remote source. | | UnsafeJsEval.swift:269:22:269:124 | call to WKUserScript.init(source:injectionTime:forMainFrameOnly:in:) | UnsafeJsEval.swift:204:12:204:66 | call to String.init(contentsOf:) | UnsafeJsEval.swift:269:22:269:124 | call to WKUserScript.init(source:injectionTime:forMainFrameOnly:in:) | Evaluation of uncontrolled JavaScript from a remote source. | -| UnsafeJsEval.swift:277:26:277:26 | string | UnsafeJsEval.swift:165:14:165:37 | call to String.init(contentsOf:) | UnsafeJsEval.swift:277:26:277:26 | string | Evaluation of uncontrolled JavaScript from a remote source. | +| UnsafeJsEval.swift:269:22:269:124 | call to WKUserScript.init(source:injectionTime:forMainFrameOnly:in:) | UnsafeJsEval.swift:205:12:205:35 | call to String.init(contentsOf:) | UnsafeJsEval.swift:269:22:269:124 | call to WKUserScript.init(source:injectionTime:forMainFrameOnly:in:) | Evaluation of uncontrolled JavaScript from a remote source. | +| UnsafeJsEval.swift:269:22:269:124 | call to WKUserScript.init(source:injectionTime:forMainFrameOnly:in:) | UnsafeJsEval.swift:208:30:208:53 | call to String.init(contentsOf:) | UnsafeJsEval.swift:269:22:269:124 | call to WKUserScript.init(source:injectionTime:forMainFrameOnly:in:) | Evaluation of uncontrolled JavaScript from a remote source. | +| UnsafeJsEval.swift:269:22:269:124 | call to WKUserScript.init(source:injectionTime:forMainFrameOnly:in:) | UnsafeJsEval.swift:211:30:211:53 | call to String.init(contentsOf:) | UnsafeJsEval.swift:269:22:269:124 | call to WKUserScript.init(source:injectionTime:forMainFrameOnly:in:) | Evaluation of uncontrolled JavaScript from a remote source. | | UnsafeJsEval.swift:277:26:277:26 | string | UnsafeJsEval.swift:204:12:204:66 | call to String.init(contentsOf:) | UnsafeJsEval.swift:277:26:277:26 | string | Evaluation of uncontrolled JavaScript from a remote source. | -| UnsafeJsEval.swift:280:26:280:26 | string | UnsafeJsEval.swift:165:14:165:37 | call to String.init(contentsOf:) | UnsafeJsEval.swift:280:26:280:26 | string | Evaluation of uncontrolled JavaScript from a remote source. | +| UnsafeJsEval.swift:277:26:277:26 | string | UnsafeJsEval.swift:205:12:205:35 | call to String.init(contentsOf:) | UnsafeJsEval.swift:277:26:277:26 | string | Evaluation of uncontrolled JavaScript from a remote source. | +| UnsafeJsEval.swift:277:26:277:26 | string | UnsafeJsEval.swift:208:30:208:53 | call to String.init(contentsOf:) | UnsafeJsEval.swift:277:26:277:26 | string | Evaluation of uncontrolled JavaScript from a remote source. | +| UnsafeJsEval.swift:277:26:277:26 | string | UnsafeJsEval.swift:211:30:211:53 | call to String.init(contentsOf:) | UnsafeJsEval.swift:277:26:277:26 | string | Evaluation of uncontrolled JavaScript from a remote source. | | UnsafeJsEval.swift:280:26:280:26 | string | UnsafeJsEval.swift:204:12:204:66 | call to String.init(contentsOf:) | UnsafeJsEval.swift:280:26:280:26 | string | Evaluation of uncontrolled JavaScript from a remote source. | -| UnsafeJsEval.swift:291:17:291:17 | jsstr | UnsafeJsEval.swift:165:14:165:37 | call to String.init(contentsOf:) | UnsafeJsEval.swift:291:17:291:17 | jsstr | Evaluation of uncontrolled JavaScript from a remote source. | +| UnsafeJsEval.swift:280:26:280:26 | string | UnsafeJsEval.swift:205:12:205:35 | call to String.init(contentsOf:) | UnsafeJsEval.swift:280:26:280:26 | string | Evaluation of uncontrolled JavaScript from a remote source. | +| UnsafeJsEval.swift:280:26:280:26 | string | UnsafeJsEval.swift:208:30:208:53 | call to String.init(contentsOf:) | UnsafeJsEval.swift:280:26:280:26 | string | Evaluation of uncontrolled JavaScript from a remote source. | +| UnsafeJsEval.swift:280:26:280:26 | string | UnsafeJsEval.swift:211:30:211:53 | call to String.init(contentsOf:) | UnsafeJsEval.swift:280:26:280:26 | string | Evaluation of uncontrolled JavaScript from a remote source. | | UnsafeJsEval.swift:291:17:291:17 | jsstr | UnsafeJsEval.swift:204:12:204:66 | call to String.init(contentsOf:) | UnsafeJsEval.swift:291:17:291:17 | jsstr | Evaluation of uncontrolled JavaScript from a remote source. | -| UnsafeJsEval.swift:305:17:305:17 | jsstr | UnsafeJsEval.swift:165:14:165:37 | call to String.init(contentsOf:) | UnsafeJsEval.swift:305:17:305:17 | jsstr | Evaluation of uncontrolled JavaScript from a remote source. | +| UnsafeJsEval.swift:291:17:291:17 | jsstr | UnsafeJsEval.swift:205:12:205:35 | call to String.init(contentsOf:) | UnsafeJsEval.swift:291:17:291:17 | jsstr | Evaluation of uncontrolled JavaScript from a remote source. | +| UnsafeJsEval.swift:291:17:291:17 | jsstr | UnsafeJsEval.swift:208:30:208:53 | call to String.init(contentsOf:) | UnsafeJsEval.swift:291:17:291:17 | jsstr | Evaluation of uncontrolled JavaScript from a remote source. | +| UnsafeJsEval.swift:291:17:291:17 | jsstr | UnsafeJsEval.swift:211:30:211:53 | call to String.init(contentsOf:) | UnsafeJsEval.swift:291:17:291:17 | jsstr | Evaluation of uncontrolled JavaScript from a remote source. | | UnsafeJsEval.swift:305:17:305:17 | jsstr | UnsafeJsEval.swift:204:12:204:66 | call to String.init(contentsOf:) | UnsafeJsEval.swift:305:17:305:17 | jsstr | Evaluation of uncontrolled JavaScript from a remote source. | +| UnsafeJsEval.swift:305:17:305:17 | jsstr | UnsafeJsEval.swift:205:12:205:35 | call to String.init(contentsOf:) | UnsafeJsEval.swift:305:17:305:17 | jsstr | Evaluation of uncontrolled JavaScript from a remote source. | +| UnsafeJsEval.swift:305:17:305:17 | jsstr | UnsafeJsEval.swift:208:30:208:53 | call to String.init(contentsOf:) | UnsafeJsEval.swift:305:17:305:17 | jsstr | Evaluation of uncontrolled JavaScript from a remote source. | +| UnsafeJsEval.swift:305:17:305:17 | jsstr | UnsafeJsEval.swift:211:30:211:53 | call to String.init(contentsOf:) | UnsafeJsEval.swift:305:17:305:17 | jsstr | Evaluation of uncontrolled JavaScript from a remote source. | | UnsafeJsEval.swift:320:44:320:74 | ... .+(_:_:) ... | UnsafeJsEval.swift:318:24:318:87 | call to String.init(contentsOf:) | UnsafeJsEval.swift:320:44:320:74 | ... .+(_:_:) ... | Evaluation of uncontrolled JavaScript from a remote source. | diff --git a/swift/ql/test/query-tests/Security/CWE-094/UnsafeJsEval.swift b/swift/ql/test/query-tests/Security/CWE-094/UnsafeJsEval.swift index 863e859761a..83d691d5f03 100644 --- a/swift/ql/test/query-tests/Security/CWE-094/UnsafeJsEval.swift +++ b/swift/ql/test/query-tests/Security/CWE-094/UnsafeJsEval.swift @@ -159,65 +159,65 @@ extension String { // --- tests --- -func getRemoteData() -> String { - let url = URL(string: "http://example.com/") - do { - return try String(contentsOf: url!) - } catch { - return "" - } -} + + + + + + + + func testAsync(_ sink: @escaping (String) async throws -> ()) { Task { let localString = "console.log('localString')" let localStringFragment = "'localStringFragment'" - let remoteString = getRemoteData() + let url = URL(string: "http://example.com/") try! await sink(localString) // GOOD: the HTML data is local try! await sink(try String(contentsOf: URL(string: "http://example.com/")!)) // BAD [NOT DETECTED - TODO]: HTML contains remote input, may access local secrets - try! await sink(remoteString) // BAD [NOT DETECTED - TODO] + try! await sink(try! String(contentsOf: url!)) // BAD [NOT DETECTED - TODO] try! await sink("console.log(" + localStringFragment + ")") // GOOD: the HTML data is local - try! await sink("console.log(" + remoteString + ")") // BAD [NOT DETECTED - TODO] + try! await sink("console.log(" + (try! String(contentsOf: url!)) + ")") // BAD [NOT DETECTED - TODO] let localData = Data(localString.utf8) - let remoteData = Data(remoteString.utf8) + let remoteData = Data((try! String(contentsOf: url!)).utf8) try! await sink(String(decoding: localData, as: UTF8.self)) // GOOD: the data is local try! await sink(String(decoding: remoteData, as: UTF8.self)) // BAD [NOT DETECTED - TODO]: the data is remote try! await sink("console.log(" + String(Int(localStringFragment) ?? 0) + ")") // GOOD: Primitive conversion - try! await sink("console.log(" + String(Int(remoteString) ?? 0) + ")") // GOOD: Primitive conversion + try! await sink("console.log(" + String(Int(try! String(contentsOf: url!)) ?? 0) + ")") // GOOD: Primitive conversion try! await sink("console.log(" + (localStringFragment.count != 0 ? "1" : "0") + ")") // GOOD: Primitive conversion - try! await sink("console.log(" + (remoteString.count != 0 ? "1" : "0") + ")") // GOOD: Primitive conversion + try! await sink("console.log(" + ((try! String(contentsOf: url!)).count != 0 ? "1" : "0") + ")") // GOOD: Primitive conversion } } func testSync(_ sink: @escaping (String) -> ()) { let localString = "console.log('localString')" let localStringFragment = "'localStringFragment'" - let remoteString = getRemoteData() + let url = URL(string: "http://example.com/") sink(localString) // GOOD: the HTML data is local sink(try! String(contentsOf: URL(string: "http://example.com/")!)) // BAD: HTML contains remote input, may access local secrets - sink(remoteString) // BAD + sink(try! String(contentsOf: url!)) // BAD sink("console.log(" + localStringFragment + ")") // GOOD: the HTML data is local - sink("console.log(" + remoteString + ")") // BAD + sink("console.log(" + (try! String(contentsOf: url!)) + ")") // BAD let localData = Data(localString.utf8) - let remoteData = Data(remoteString.utf8) + let remoteData = Data((try! String(contentsOf: url!)).utf8) sink(String(decoding: localData, as: UTF8.self)) // GOOD: the data is local sink(String(decoding: remoteData, as: UTF8.self)) // BAD: the data is remote sink("console.log(" + String(Int(localStringFragment) ?? 0) + ")") // GOOD: Primitive conversion - sink("console.log(" + String(Int(remoteString) ?? 0) + ")") // GOOD: Primitive conversion + sink("console.log(" + String(Int(try! String(contentsOf: url!)) ?? 0) + ")") // GOOD: Primitive conversion sink("console.log(" + (localStringFragment.count != 0 ? "1" : "0") + ")") // GOOD: Primitive conversion - sink("console.log(" + (remoteString.count != 0 ? "1" : "0") + ")") // GOOD: Primitive conversion + sink("console.log(" + ((try! String(contentsOf: url!)).count != 0 ? "1" : "0") + ")") // GOOD: Primitive conversion } func testUIWebView() {