Merge branch 'main' into automated-subclass-models

python/ql/src/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.9.4
+
+No user-facing changes.
+
 ## 0.9.3
 
 ### Minor Analysis Improvements

python/ql/src/change-notes/released/0.9.4.md

@@ -0,0 +1,3 @@
+## 0.9.4
+
+No user-facing changes.

python/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.9.3
+lastReleaseVersion: 0.9.4

python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidationQuery.qll

@@ -12,13 +12,18 @@ import semmle.python.dataflow.new.internal.TaintTrackingPrivate
 import semmle.python.dataflow.new.RemoteFlowSources
 import UnicodeBypassValidationCustomizations::UnicodeBypassValidation
 
+abstract private class ValidationState extends string {
+  bindingset[this]
+  ValidationState() { any() }
+}
+
 /** A state signifying that a logical validation has not been performed. */
-class PreValidation extends DataFlow::FlowState {
+class PreValidation extends ValidationState {
   PreValidation() { this = "PreValidation" }
 }
 
 /** A state signifying that a logical validation has been performed. */
-class PostValidation extends DataFlow::FlowState {
+class PostValidation extends ValidationState {
   PostValidation() { this = "PostValidation" }
 }
 
@@ -29,7 +34,7 @@ class PostValidation extends DataFlow::FlowState {
  * to track the requirement that a logical validation has been performed before the Unicode Transformation.
  */
 private module UnicodeBypassValidationConfig implements DataFlow::StateConfigSig {
-  class FlowState = DataFlow::FlowState;
+  class FlowState = ValidationState;
 
   predicate isSource(DataFlow::Node source, FlowState state) {
     source instanceof RemoteFlowSource and state instanceof PreValidation

python/ql/src/meta/alerts/RemoteFlowSourcesReach.ql

@@ -16,15 +16,13 @@ private import semmle.python.dataflow.new.RemoteFlowSources
 private import meta.MetaMetrics
 private import semmle.python.dataflow.new.internal.PrintNode
 
-class RemoteFlowSourceReach extends TaintTracking::Configuration {
-  RemoteFlowSourceReach() { this = "RemoteFlowSourceReach" }
-
-  override predicate isSource(DataFlow::Node node) {
+module RemoteFlowSourceReachConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node node) {
     node instanceof RemoteFlowSource and
     not node.getLocation().getFile() instanceof IgnoredFile
   }
 
-  override predicate isSink(DataFlow::Node node) {
+  predicate isSink(DataFlow::Node node) {
     not node.getLocation().getFile() instanceof IgnoredFile
     // We could try to reduce the number of sinks in this configuration, by only
     // allowing something that is on one end of a localFlowStep, readStep or storeStep,
@@ -37,6 +35,8 @@ class RemoteFlowSourceReach extends TaintTracking::Configuration {
   }
 }
 
-from RemoteFlowSourceReach cfg, DataFlow::Node reachable
-where cfg.hasFlow(_, reachable)
+module RemoteFlowSourceReachFlow = TaintTracking::Global<RemoteFlowSourceReachConfig>;
+
+from DataFlow::Node reachable
+where RemoteFlowSourceReachFlow::flow(_, reachable)
 select reachable, prettyNode(reachable)

python/ql/src/meta/analysis-quality/TTCallGraph.ql

@@ -3,7 +3,6 @@
  * @kind problem
  * @problem.severity recommendation
  * @id py/meta/type-tracking-call-graph
- * @tags meta
  * @precision very-low
  */
 

python/ql/src/meta/analysis-quality/TTCallGraphMissing.ql

@@ -3,7 +3,6 @@
  * @kind problem
  * @problem.severity recommendation
  * @id py/meta/call-graph-missing
- * @tags meta
  * @precision very-low
  */
 

python/ql/src/meta/analysis-quality/TTCallGraphNew.ql

@@ -3,7 +3,6 @@
  * @kind problem
  * @problem.severity recommendation
  * @id py/meta/call-graph-new
- * @tags meta
  * @precision very-low
  */
 

python/ql/src/meta/analysis-quality/TTCallGraphNewAmbiguous.ql

@@ -3,7 +3,6 @@
  * @kind problem
  * @problem.severity recommendation
  * @id py/meta/call-graph-new-ambiguous
- * @tags meta
  * @precision very-low
  */
 

python/ql/src/meta/analysis-quality/TTCallGraphShared.ql

@@ -3,7 +3,6 @@
  * @kind problem
  * @problem.severity recommendation
  * @id py/meta/call-graph-shared
- * @tags meta
  * @precision very-low
  */
 

python/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/python-queries
-version: 0.9.4-dev
+version: 0.9.5-dev
 groups:
   - python
   - queries