hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into redsun82/go-internal-tests

Browse Source
This commit is contained in:
Paolo Tranquilli
2025-07-02 16:21:26 +02:00
committed by GitHub
parent fa14f9540b d17c931939
commit 72bfbacaaf
122 changed files with 50315 additions and 7591 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
actions/ql/src/Security/CWE-077/EnvPathInjectionCritical.md
View File

@@ -1,6 +1,4 @@
# Environment Path Injection
## Description
## Overview
GitHub Actions allow to define the system PATH variable by writing to a file pointed to by the `GITHUB_PATH` environment variable. Writing to this file appends a directory to the system PATH variable and automatically makes it available to all subsequent actions in the current job.
@@ -12,11 +10,11 @@ echo "$HOME/.local/bin" >> $GITHUB_PATH
If an attacker can control the contents of the system PATH, they are able to influence what commands are run in subsequent steps of the same job.
## Recommendations
## Recommendation
Do not allow untrusted data to influence the system PATH: Avoid using untrusted data sources (e.g., artifact content) to define the system PATH.
## Examples
## Example
### Incorrect Usage
@@ -36,4 +34,4 @@ If an attacker can manipulate the value being set, such as through artifact down
## References
- [Workflow commands for GitHub Actions](https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/workflow-commands-for-github-actions)
- GitHub Docs: [Workflow commands for GitHub Actions](https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/workflow-commands-for-github-actions).

10
actions/ql/src/Security/CWE-077/EnvPathInjectionMedium.md
View File

@@ -1,6 +1,4 @@
# Environment Path Injection
## Description
## Overview
GitHub Actions allow to define the system PATH variable by writing to a file pointed to by the `GITHUB_PATH` environment variable. Writing to this file appends a directory to the system PATH variable and automatically makes it available to all subsequent actions in the current job.
@@ -12,11 +10,11 @@ echo "$HOME/.local/bin" >> $GITHUB_PATH
If an attacker can control the contents of the system PATH, they are able to influence what commands are run in subsequent steps of the same job.
## Recommendations
## Recommendation
Do not allow untrusted data to influence the system PATH: Avoid using untrusted data sources (e.g., artifact content) to define the system PATH.
## Examples
## Example
### Incorrect Usage
@@ -36,4 +34,4 @@ If an attacker can manipulate the value being set, such as through artifact down
## References
- [Workflow commands for GitHub Actions](https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/workflow-commands-for-github-actions)
- GitHub Docs: [Workflow commands for GitHub Actions](https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/workflow-commands-for-github-actions).

12
actions/ql/src/Security/CWE-077/EnvVarInjectionCritical.md
View File

@@ -1,6 +1,4 @@
# Environment Variable Injection
## Description
## Overview
GitHub Actions allow to define environment variables by writing to a file pointed to by the `GITHUB_ENV` environment variable:
@@ -37,7 +35,7 @@ steps:
If an attacker can control the values assigned to environment variables and there is no sanitization in place, the attacker will be able to inject additional variables by injecting new lines or `{delimiters}`.
## Recommendations
## Recommendation
1. **Do not allow untrusted data to influence environment variables**:
@@ -64,7 +62,7 @@ If an attacker can control the values assigned to environment variables and ther
} >> "$GITHUB_ENV"
```
## Examples
## Example
### Example of Vulnerability
@@ -113,5 +111,5 @@ An attacker is be able to run arbitrary code by injecting environment variables
## References
- [Workflow commands for GitHub Actions](https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/workflow-commands-for-github-actions)
- [GitHub Actions Exploitation: Repo Jacking and Environment Manipulation](https://www.synacktiv.com/publications/github-actions-exploitation-repo-jacking-and-environment-manipulation)
- GitHub Docs: [Workflow commands for GitHub Actions](https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/workflow-commands-for-github-actions).
- Synacktiv: [GitHub Actions Exploitation: Repo Jacking and Environment Manipulation](https://www.synacktiv.com/publications/github-actions-exploitation-repo-jacking-and-environment-manipulation).

12
actions/ql/src/Security/CWE-077/EnvVarInjectionMedium.md
View File

@@ -1,6 +1,4 @@
# Environment Variable Injection
## Description
## Overview
GitHub Actions allow to define environment variables by writing to a file pointed to by the `GITHUB_ENV` environment variable:
@@ -37,7 +35,7 @@ steps:
If an attacker can control the values assigned to environment variables and there is no sanitization in place, the attacker will be able to inject additional variables by injecting new lines or `{delimiters}`.
## Recommendations
## Recommendation
1. **Do not allow untrusted data to influence environment variables**:
@@ -64,7 +62,7 @@ If an attacker can control the values assigned to environment variables and ther
} >> "$GITHUB_ENV"
```
## Examples
## Example
### Example of Vulnerability
@@ -113,5 +111,5 @@ An attacker would be able to run arbitrary code by injecting environment variabl
## References
- [Workflow commands for GitHub Actions](https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/workflow-commands-for-github-actions)
- [GitHub Actions Exploitation: Repo Jacking and Environment Manipulation](https://www.synacktiv.com/publications/github-actions-exploitation-repo-jacking-and-environment-manipulation)
- GitHub Docs: [Workflow commands for GitHub Actions](https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/workflow-commands-for-github-actions).
- Synacktiv: [GitHub Actions Exploitation: Repo Jacking and Environment Manipulation](https://www.synacktiv.com/publications/github-actions-exploitation-repo-jacking-and-environment-manipulation).

8
actions/ql/src/Security/CWE-094/CodeInjectionCritical.md
View File

@@ -1,18 +1,16 @@
# Code Injection in GitHub Actions
## Description
## Overview
Using user-controlled input in GitHub Actions may lead to code injection in contexts like _run:_ or _script:_.
Code injection in GitHub Actions may allow an attacker to exfiltrate any secrets used in the workflow and the temporary GitHub repository authorization token. The token may have write access to the repository, allowing an attacker to make changes to the repository.
## Recommendations
## Recommendation
The best practice to avoid code injection vulnerabilities in GitHub workflows is to set the untrusted input value of the expression to an intermediate environment variable and then use the environment variable using the native syntax of the shell/script interpreter (that is, not _${{ env.VAR }}_).
It is also recommended to limit the permissions of any tokens used by a workflow such as the GITHUB_TOKEN.
## Examples
## Example
### Incorrect Usage

8
actions/ql/src/Security/CWE-094/CodeInjectionMedium.md
View File

@@ -1,18 +1,16 @@
# Code Injection in GitHub Actions
## Description
## Overview
Using user-controlled input in GitHub Actions may lead to code injection in contexts like _run:_ or _script:_.
Code injection in GitHub Actions may allow an attacker to exfiltrate any secrets used in the workflow and the temporary GitHub repository authorization token. The token may have write access to the repository, allowing an attacker to make changes to the repository.
## Recommendations
## Recommendation
The best practice to avoid code injection vulnerabilities in GitHub workflows is to set the untrusted input value of the expression to an intermediate environment variable and then use the environment variable using the native syntax of the shell/script interpreter (that is, not _${{ env.VAR }}_).
It is also recommended to limit the permissions of any tokens used by a workflow such as the GITHUB_TOKEN.
## Examples
## Example
### Incorrect Usage

8
actions/ql/src/Security/CWE-1395/UseOfKnownVulnerableAction.md
View File

@@ -1,13 +1,11 @@
# Use of Actions with known vulnerabilities
## Description
## Overview
The security of the workflow and the repository could be compromised by GitHub Actions workflows that utilize GitHub Actions with known vulnerabilities.
## Recommendations
## Recommendation
Either remove the component from the workflow or upgrade it to a version that is not vulnerable.
## References
- [GitHub Docs: Keeping your actions up to date with Dependabot](https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot)
- GitHub Docs: [Keeping your actions up to date with Dependabot](https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot).

21
actions/ql/src/Security/CWE-275/MissingActionsPermissions.md
View File

@@ -1,12 +1,21 @@
# Actions Job and Workflow Permissions are not set
## Description
## Overview
If a GitHub Actions job or workflow has no explicit permissions set, then the repository permissions are used. Repositories created under organizations inherit the organization permissions. The organizations or repositories created before February 2023 have the default permissions set to read-write. Often these permissions do not adhere to the principle of least privilege and can be reduced to read-only, leaving the `write` permission only to a specific types as `issues: write` or `pull-requests: write`.
## Recommendations
## Recommendation
Add the `permissions` key to the job or the root of workflow (in this case it is applied to all jobs in the workflow that do not have their own `permissions` key) and assign the least privileges required to complete the task:
Add the `permissions` key to the job or the root of workflow (in this case it is applied to all jobs in the workflow that do not have their own `permissions` key) and assign the least privileges required to complete the task.
## Example
### Incorrect Usage
```yaml
name: "My workflow"
# No permissions block
```
### Correct Usage
```yaml
name: "My workflow"
@@ -27,4 +36,4 @@ jobs:
## References
- [Assigning permissions to jobs](https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/assigning-permissions-to-jobs)
- GitHub Docs: [Assigning permissions to jobs](https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/assigning-permissions-to-jobs).

10
actions/ql/src/Security/CWE-285/ImproperAccessControl.md
View File

@@ -1,14 +1,12 @@
# Improper Access Control
## Description
## Overview
Sometimes labels are used to approve GitHub Actions. An authorization check may not be properly implemented, allowing an attacker to mutate the code after it has been reviewed and approved by label.
## Recommendations
## Recommendation
When using labels, make sure that the code cannot be modified after it has been reviewed and the label has been set.
## Examples
## Example
### Incorrect Usage
@@ -57,4 +55,4 @@ jobs:
## References
- [Events that trigger workflows](https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows#pull_request_target)
- GitHub Docs: [Events that trigger workflows](https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows#pull_request_target).

12
actions/ql/src/Security/CWE-312/ExcessiveSecretsExposure.md
View File

@@ -1,14 +1,12 @@
# Excessive Secrets Exposure
## Description
## Overview
When the workflow runner cannot determine what secrets are needed to run the workflow, it will pass all the available secrets to the runner including organization and repository secrets. This violates the least privileged principle and increases the impact of a potential vulnerability affecting the workflow.
## Recommendations
## Recommendation
Only pass those secrets that are needed by the workflow. Avoid using expressions such as `toJSON(secrets)` or dynamically accessed secrets such as `secrets[format('GH_PAT_%s', matrix.env)]` since the workflow will need to receive all secrets to decide at runtime which one needs to be used.
## Examples
## Example
### Incorrect Usage
@@ -48,5 +46,5 @@ env:
## References
- [Using secrets in GitHub Actions](https://docs.github.com/en/actions/security-for-github-actions/security-guides/using-secrets-in-github-actions#using-encrypted-secrets-in-a-workflow)
- [Job uses all secrets](https://github.com/boostsecurityio/poutine/blob/main/docs/content/en/rules/job_all_secrets.md)
- GitHub Docs: [Using secrets in GitHub Actions](https://docs.github.com/en/actions/security-for-github-actions/security-guides/using-secrets-in-github-actions#using-encrypted-secrets-in-a-workflow).
- poutine: [Job uses all secrets](https://github.com/boostsecurityio/poutine/blob/main/docs/content/en/rules/job_all_secrets.md).

8
actions/ql/src/Security/CWE-312/SecretsInArtifacts.md
View File

@@ -1,6 +1,4 @@
# Storage of sensitive information in GitHub Actions artifact
## Description
## Overview
Sensitive information included in a GitHub Actions artifact can allow an attacker to access the sensitive information if the artifact is published.
@@ -10,6 +8,8 @@ Only store information that is meant to be publicly available in a GitHub Action
## Example
### Incorrect Usage
The following example uses `actions/checkout` to checkout code which stores the GITHUB_TOKEN in the \`.git/config\` file and then stores the contents of the \`.git\` repository into the artifact:
```yaml
@@ -28,6 +28,8 @@ jobs:
path: .
```
### Correct Usage
The issue has been fixed below, where the `actions/upload-artifact` uses a version (v4+) which does not include hidden files or directories into the artifact.
```yaml

10
actions/ql/src/Security/CWE-312/UnmaskedSecretExposure.md
View File

@@ -1,14 +1,12 @@
# Unmasked Secret Exposure
## Description
## Overview
Secrets derived from other secrets are not known to the workflow runner, and therefore are not masked unless explicitly registered.
## Recommendations
## Recommendation
Avoid defining non-plain secrets. For example, do not define a new secret containing a JSON object and then read properties out of it from the workflow, since these read values will not be masked by the workflow runner.
## Examples
## Example
### Incorrect Usage
@@ -34,4 +32,4 @@ Avoid defining non-plain secrets. For example, do not define a new secret contai
## References
- [Using secrets in GitHub Actions](https://docs.github.com/en/actions/security-for-github-actions/security-guides/using-secrets-in-github-actions#using-encrypted-secrets-in-a-workflow)
- GitHub Docs: [Using secrets in GitHub Actions](https://docs.github.com/en/actions/security-for-github-actions/security-guides/using-secrets-in-github-actions#using-encrypted-secrets-in-a-workflow).

14
actions/ql/src/Security/CWE-349/CachePoisoningViaCodeInjection.md
View File

@@ -1,6 +1,4 @@
# Cache Poisoning in GitHub Actions
## Description
## Overview
GitHub Actions cache poisoning is a technique that allows an attacker to inject malicious content into the Action's cache from unprivileged workflow, potentially leading to code execution in privileged workflows.
@@ -23,7 +21,7 @@ In GitHub Actions, cache scopes are primarily determined by the branch structure
Due to the above design, if something is cached in the context of the default branch (e.g., `main`), it becomes accessible to any feature branch derived from `main`.
## Recommendations
## Recommendation
1. Avoid using caching in workflows that handle sensitive operations like releases.
2. If caching must be used:
@@ -34,7 +32,7 @@ Due to the above design, if something is cached in the context of the default br
4. Never run untrusted code in the context of the default branch.
5. Sign the cache value cryptographically and verify the signature before usage.
## Examples
## Example
### Incorrect Usage
@@ -78,6 +76,6 @@ jobs:
## References
- [The Monsters in Your Build Cache GitHub Actions Cache Poisoning](https://adnanthekhan.com/2024/05/06/the-monsters-in-your-build-cache-github-actions-cache-poisoning/)
- [GitHub Actions Caching Documentation](https://docs.github.com/en/actions/using-workflows/caching-dependencies-to-speed-up-workflows)
- [Cache Poisoning in GitHub Actions](https://scribesecurity.com/blog/github-cache-poisoning/)
- Adnan Khan's Blog: [The Monsters in Your Build Cache GitHub Actions Cache Poisoning](https://adnanthekhan.com/2024/05/06/the-monsters-in-your-build-cache-github-actions-cache-poisoning/).
- GitHub Docs: [GitHub Actions Caching Documentation](https://docs.github.com/en/actions/using-workflows/caching-dependencies-to-speed-up-workflows).
- Scribe Security Blog: [Cache Poisoning in GitHub Actions](https://scribesecurity.com/blog/github-cache-poisoning/).

14
actions/ql/src/Security/CWE-349/CachePoisoningViaDirectCache.md
View File

@@ -1,6 +1,4 @@
# Cache Poisoning in GitHub Actions
## Description
## Overview
GitHub Actions cache poisoning is a technique that allows an attacker to inject malicious content into the Action's cache from unprivileged workflow, potentially leading to code execution in privileged workflows.
@@ -23,7 +21,7 @@ In GitHub Actions, cache scopes are primarily determined by the branch structure
Due to the above design, if something is cached in the context of the default branch (e.g., `main`), it becomes accessible to any feature branch derived from `main`.
## Recommendations
## Recommendation
1. Avoid using caching in workflows that handle sensitive operations like releases.
2. If caching must be used:
@@ -34,7 +32,7 @@ Due to the above design, if something is cached in the context of the default br
4. Never run untrusted code in the context of the default branch.
5. Sign the cache value cryptographically and verify the signature before usage.
## Examples
## Example
### Incorrect Usage
@@ -123,6 +121,6 @@ jobs:
## References
- [The Monsters in Your Build Cache GitHub Actions Cache Poisoning](https://adnanthekhan.com/2024/05/06/the-monsters-in-your-build-cache-github-actions-cache-poisoning/)
- [GitHub Actions Caching Documentation](https://docs.github.com/en/actions/using-workflows/caching-dependencies-to-speed-up-workflows)
- [Cache Poisoning in GitHub Actions](https://scribesecurity.com/blog/github-cache-poisoning/)
- Adnan Khan's Blog: [The Monsters in Your Build Cache GitHub Actions Cache Poisoning](https://adnanthekhan.com/2024/05/06/the-monsters-in-your-build-cache-github-actions-cache-poisoning/).
- GitHub Docs: [GitHub Actions Caching Documentation](https://docs.github.com/en/actions/using-workflows/caching-dependencies-to-speed-up-workflows).
- Scribe Security Blog: [Cache Poisoning in GitHub Actions](https://scribesecurity.com/blog/github-cache-poisoning/).

14
actions/ql/src/Security/CWE-349/CachePoisoningViaPoisonableStep.md
View File

@@ -1,6 +1,4 @@
# Cache Poisoning in GitHub Actions
## Description
## Overview
GitHub Actions cache poisoning is a technique that allows an attacker to inject malicious content into the Action's cache from unprivileged workflow, potentially leading to code execution in privileged workflows.
@@ -23,7 +21,7 @@ In GitHub Actions, cache scopes are primarily determined by the branch structure
Due to the above design, if something is cached in the context of the default branch (e.g., `main`), it becomes accessible to any feature branch derived from `main`.
## Recommendations
## Recommendation
1. Avoid using caching in workflows that handle sensitive operations like releases.
2. If caching must be used:
@@ -34,7 +32,7 @@ Due to the above design, if something is cached in the context of the default br
4. Never run untrusted code in the context of the default branch.
5. Sign the cache value cryptographically and verify the signature before usage.
## Examples
## Example
### Incorrect Usage
@@ -80,6 +78,6 @@ jobs:
## References
- [The Monsters in Your Build Cache GitHub Actions Cache Poisoning](https://adnanthekhan.com/2024/05/06/the-monsters-in-your-build-cache-github-actions-cache-poisoning/)
- [GitHub Actions Caching Documentation](https://docs.github.com/en/actions/using-workflows/caching-dependencies-to-speed-up-workflows)
- [Cache Poisoning in GitHub Actions](https://scribesecurity.com/blog/github-cache-poisoning/)
- Adnan Khan's Blog: [The Monsters in Your Build Cache GitHub Actions Cache Poisoning](https://adnanthekhan.com/2024/05/06/the-monsters-in-your-build-cache-github-actions-cache-poisoning/).
- GitHub Docs: [GitHub Actions Caching Documentation](https://docs.github.com/en/actions/using-workflows/caching-dependencies-to-speed-up-workflows).
- Scribe Security Blog: [Cache Poisoning in GitHub Actions](https://scribesecurity.com/blog/github-cache-poisoning/).

10
actions/ql/src/Security/CWE-367/UntrustedCheckoutTOCTOUCritical.md
View File

@@ -1,17 +1,15 @@
# Untrusted Checkout TOCTOU (Time-of-check to time-of-use)
## Description
## Overview
Untrusted Checkout is protected by a security check but the checked-out branch can be changed after the check.
## Recommendations
## Recommendation
Verify that the code has not been modified after the security check. This may be achieved differently depending on the type of check:
- Deployment Environment Approval: Make sure to use a non-mutable reference to the code to be executed. For example use a `sha` instead of a `ref`.
- Label Gates: Make sure to use a non-mutable reference to the code to be executed. For example use a `sha` instead of a `ref`.
## Examples
## Example
### Incorrect Usage (Deployment Environment Approval)
@@ -99,4 +97,4 @@ jobs:
## References
- [ActionsTOCTOU](https://github.com/AdnaneKhan/ActionsTOCTOU)
- [ActionsTOCTOU](https://github.com/AdnaneKhan/ActionsTOCTOU).

10
actions/ql/src/Security/CWE-367/UntrustedCheckoutTOCTOUHigh.md
View File

@@ -1,17 +1,15 @@
# Untrusted Checkout TOCTOU (Time-of-check to time-of-use)
## Description
## Overview
Untrusted Checkout is protected by a security check but the checked-out branch can be changed after the check.
## Recommendations
## Recommendation
Verify that the code has not been modified after the security check. This may be achieved differently depending on the type of check:
- Deployment Environment Approval: Make sure to use a non-mutable reference to the code to be executed. For example use a `sha` instead of a `ref`.
- Label Gates: Make sure to use a non-mutable reference to the code to be executed. For example use a `sha` instead of a `ref`.
## Examples
## Example
### Incorrect Usage (Deployment Environment Approval)
@@ -99,4 +97,4 @@ jobs:
## References
- [ActionsTOCTOU](https://github.com/AdnaneKhan/ActionsTOCTOU)
- [ActionsTOCTOU](https://github.com/AdnaneKhan/ActionsTOCTOU).

8
actions/ql/src/Security/CWE-571/ExpressionIsAlwaysTrueCritical.md
View File

@@ -1,6 +1,4 @@
# If Condition Always Evaluates to True
## Description
## Overview
GitHub Workflow Expressions (`${{ ... }}`) used in the `if` condition of jobs or steps must not contain extra characters or spaces. Otherwise, the condition is invariably evaluated to `true`.
@@ -14,7 +12,7 @@ To avoid the vulnerability where an `if` condition always evaluates to `true`, i
2. Avoid multiline or spaced-out conditional expressions that might inadvertently introduce unwanted characters or formatting.
3. Test the workflow to ensure the `if` conditions behave as expected under different scenarios.
## Examples
## Example
### Correct Usage
@@ -60,4 +58,4 @@ To avoid the vulnerability where an `if` condition always evaluates to `true`, i
## References
- [Expression Always True Github Issue](https://github.com/actions/runner/issues/1173)
- GitHub actions/runner Issues: [Expression Always True](https://github.com/actions/runner/issues/1173).

8
actions/ql/src/Security/CWE-571/ExpressionIsAlwaysTrueHigh.md
View File

@@ -1,6 +1,4 @@
# If Condition Always Evaluates to True
## Description
## Overview
GitHub Workflow Expressions (`${{ ... }}`) used in the `if` condition of jobs or steps must not contain extra characters or spaces. Otherwise, the condition is invariably evaluated to `true`.
@@ -14,7 +12,7 @@ To avoid the vulnerability where an `if` condition always evaluates to `true`, i
2. Avoid multiline or spaced-out conditional expressions that might inadvertently introduce unwanted characters or formatting.
3. Test the workflow to ensure the `if` conditions behave as expected under different scenarios.
## Examples
## Example
### Correct Usage
@@ -60,4 +58,4 @@ To avoid the vulnerability where an `if` condition always evaluates to `true`, i
## References
- [Expression Always True Github Issue](https://github.com/actions/runner/issues/1173)
- GitHub actions/runner Issues: [Expression Always True](https://github.com/actions/runner/issues/1173).

10
actions/ql/src/Security/CWE-829/ArtifactPoisoningCritical.md
View File

@@ -1,16 +1,14 @@
# Artifact poisoning
## Description
## Overview
The workflow downloads artifacts that may be poisoned by an attacker in previously triggered workflows. If the contents of these artifacts are not correctly extracted, stored and verified, they may lead to repository compromise if untrusted code gets executed in a privileged job.
## Recommendations
## Recommendation
- Always consider artifacts content as untrusted.
- Extract the contents of artifacts to a temporary folder so they cannot override existing files.
- Verify the contents of the artifacts downloaded. If an artifact is expected to contain a numeric value, verify it before using it.
## Examples
## Example
### Incorrect Usage
@@ -69,4 +67,4 @@ jobs:
## References
- [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)
- GitHub Security Lab Research: [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/).

10
actions/ql/src/Security/CWE-829/ArtifactPoisoningMedium.md
View File

@@ -1,16 +1,14 @@
# Artifact poisoning
## Description
## Overview
The workflow downloads artifacts that may be poisoned by an attacker in previously triggered workflows. If the contents of these artifacts are not correctly extracted, stored and verified, they may lead to repository compromise if untrusted code gets executed in a privileged job.
## Recommendations
## Recommendation
- Always consider artifacts content as untrusted.
- Extract the contents of artifacts to a temporary folder so they cannot override existing files.
- Verify the contents of the artifacts downloaded. If an artifact is expected to contain a numeric value, verify it before using it.
## Examples
## Example
### Incorrect Usage
@@ -69,4 +67,4 @@ jobs:
## References
- [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)
- GitHub Security Lab Research: [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/).

10
actions/ql/src/Security/CWE-829/UnpinnedActionsTag.md
View File

@@ -1,14 +1,12 @@
# Unpinned tag for 3rd party Action in workflow
## Description
## Overview
Using a tag for a 3rd party Action that is not pinned to a commit can lead to executing an untrusted Action through a supply chain attack.
## Recommendations
## Recommendation
Pinning an action to a full length commit SHA is currently the only way to use a non-immutable action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
## Examples
## Example
### Incorrect Usage
@@ -24,4 +22,4 @@ Pinning an action to a full length commit SHA is currently the only way to use a
## References
- [Using third-party actions](https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions#using-third-party-actions)
- GitHub Docs: [Using third-party actions](https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions#using-third-party-actions).

10
actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.md
View File

@@ -1,10 +1,8 @@
# Execution of Untrusted Checked-out Code
## Description
## Overview
GitHub workflows can be triggered through various repository events, including incoming pull requests (PRs) or comments on Issues/PRs. A potentially dangerous misuse of the triggers such as `pull_request_target` or `issue_comment` followed by an explicit checkout of untrusted code (Pull Request HEAD) may lead to repository compromise if untrusted code gets executed in a privileged job.
## Recommendations
## Recommendation
- Avoid using `pull_request_target` unless necessary.
- Employ unprivileged `pull_request` workflows followed by `workflow_run` for privileged operations.
@@ -14,7 +12,7 @@ The best practice is to handle the potentially untrusted pull request via the **
The artifacts downloaded from the first workflow should be considered untrusted and must be verified.
## Examples
## Example
### Incorrect Usage
@@ -134,4 +132,4 @@ jobs:
## References
- [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)
- GitHub Security Lab Research: [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/).

10
actions/ql/src/Security/CWE-829/UntrustedCheckoutHigh.md
View File

@@ -1,10 +1,8 @@
# Execution of Untrusted Checked-out Code
## Description
## Overview
GitHub workflows can be triggered through various repository events, including incoming pull requests (PRs) or comments on Issues/PRs. A potentially dangerous misuse of the triggers such as `pull_request_target` or `issue_comment` followed by an explicit checkout of untrusted code (Pull Request HEAD) may lead to repository compromise if untrusted code gets executed in a privileged job.
## Recommendations
## Recommendation
- Avoid using `pull_request_target` unless necessary.
- Employ unprivileged `pull_request` workflows followed by `workflow_run` for privileged operations.
@@ -14,7 +12,7 @@ The best practice is to handle the potentially untrusted pull request via the **
The artifacts downloaded from the first workflow should be considered untrusted and must be verified.
## Examples
## Example
### Incorrect Usage
@@ -134,4 +132,4 @@ jobs:
## References
- [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)
- GitHub Security Lab Research: [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/).

10
actions/ql/src/Security/CWE-829/UntrustedCheckoutMedium.md
View File

@@ -1,10 +1,8 @@
# Execution of Untrusted Checked-out Code
## Description
## Overview
GitHub workflows can be triggered through various repository events, including incoming pull requests (PRs) or comments on Issues/PRs. A potentially dangerous misuse of the triggers such as `pull_request_target` or `issue_comment` followed by an explicit checkout of untrusted code (Pull Request HEAD) may lead to repository compromise if untrusted code gets executed in a privileged job.
## Recommendations
## Recommendation
- Avoid using `pull_request_target` unless necessary.
- Employ unprivileged `pull_request` workflows followed by `workflow_run` for privileged operations.
@@ -14,7 +12,7 @@ The best practice is to handle the potentially untrusted pull request via the **
The artifacts downloaded from the first workflow should be considered untrusted and must be verified.
## Examples
## Example
### Incorrect Usage
@@ -134,4 +132,4 @@ jobs:
## References
- [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)
- GitHub Security Lab Research: [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/).

8
actions/ql/src/Violations Of Best Practice/CodeQL/UnnecessaryUseOfAdvancedConfig.md
View File

@@ -1,13 +1,11 @@
# Unneccesary use of advanced configuration
## Description
## Overview
The CodeQL workflow does not use any custom settings and could be simplified by switching to the CodeQL default setup.
## Recommendations
## Recommendation
If there is no reason to have a custom configuration switch to the CodeQL default setup.
## References
- [GitHub Docs: Configuring Default Setup for a repository](https://docs.github.com/en/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning#configuring-default-setup-for-a-repository)
- GitHub Docs: [Configuring Default Setup for a repository](https://docs.github.com/en/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning#configuring-default-setup-for-a-repository).

16
actions/ql/src/experimental/Security/CWE-088/ArgumentInjectionCritical.md
View File

@@ -1,18 +1,16 @@
# Argument Injection in GitHub Actions
## Description
## Overview
Passing user-controlled arguments to certain commands in the context of `Run` steps may lead to arbitrary code execution.
Argument injection in GitHub Actions may allow an attacker to exfiltrate any secrets used in the workflow and the temporary GitHub repository authorization token. The token may have write access to the repository, allowing the attacker to make changes to the repository.
## Recommendations
## Recommendation
When possible avoid passing user-controlled data to commands which may spawn new processes using some of their arguments.
It is also recommended to limit the permissions of any tokens used by a workflow such as the GITHUB_TOKEN.
## Examples
## Example
### Incorrect Usage
@@ -35,7 +33,7 @@ An attacker may set the body of an Issue comment to `BAR/g;1e whoami;#` and the
## References
- [Common Weakness Enumeration: CWE-88](https://cwe.mitre.org/data/definitions/88.html).
- [Argument Injection Explained](https://sonarsource.github.io/argument-injection-vectors/explained/)
- [Argument Injection Vectors](https://sonarsource.github.io/argument-injection-vectors/)
- [GTFOBins](https://gtfobins.github.io/)
- Common Weakness Enumeration: [CWE-88](https://cwe.mitre.org/data/definitions/88.html).
- [Argument Injection Vectors](https://sonarsource.github.io/argument-injection-vectors/).
- Argument Injection Vectors: [Argument Injection Explained](https://sonarsource.github.io/argument-injection-vectors/explained/).
- [GTFOBins](https://gtfobins.github.io/).

16
actions/ql/src/experimental/Security/CWE-088/ArgumentInjectionMedium.md
View File

@@ -1,18 +1,16 @@
# Argument Injection in GitHub Actions
## Description
## Overview
Passing user-controlled arguments to certain commands in the context of `Run` steps may lead to arbitrary code execution.
Argument injection in GitHub Actions may allow an attacker to exfiltrate any secrets used in the workflow and the temporary GitHub repository authorization token. The token may have write access to the repository, allowing the attacker to make changes to the repository.
## Recommendations
## Recommendation
When possible avoid passing user-controlled data to commands which may spawn new processes using some of their arguments.
It is also recommended to limit the permissions of any tokens used by a workflow such as the GITHUB_TOKEN.
## Examples
## Example
### Incorrect Usage
@@ -35,7 +33,7 @@ An attacker may set the body of an Issue comment to `BAR|g;1e whoami;#` and the
## References
- [Common Weakness Enumeration: CWE-88](https://cwe.mitre.org/data/definitions/88.html).
- [Argument Injection Explained](https://sonarsource.github.io/argument-injection-vectors/explained/)
- [Argument Injection Vectors](https://sonarsource.github.io/argument-injection-vectors/)
- [GTFOBins](https://gtfobins.github.io/)
- Common Weakness Enumeration: [CWE-88](https://cwe.mitre.org/data/definitions/88.html).
- [Argument Injection Vectors](https://sonarsource.github.io/argument-injection-vectors/).
- Argument Injection Vectors: [Argument Injection Explained](https://sonarsource.github.io/argument-injection-vectors/explained/).
- [GTFOBins](https://gtfobins.github.io/).

10
actions/ql/src/experimental/Security/CWE-829/UnversionedImmutableAction.md
View File

@@ -1,14 +1,12 @@
# Unversioned Immutable Action
## Description
## Overview
This action is eligible for Immutable Actions, a new GitHub feature that is currently only available for internal users. Immutable Actions are released as packages in the GitHub package registry instead of resolved from a pinned SHA at the repository. The Immutable Action provides the same immutability as pinning the version to a SHA but with improved readability and additional security guarantees.
## Recommendations
## Recommendation
For internal users: when using [immutable actions](https://github.com/github/package-registry-team/blob/main/docs/immutable-actions/immutable-actions-howto.md) use the full semantic version of the action. This will ensure that the action is resolved to the exact version stored in the GitHub package registry.
## Examples
## Example
### Incorrect Usage
@@ -25,4 +23,4 @@ For internal users: when using [immutable actions](https://github.com/github/pac
## References
- [Consuming immutable actions]()
- [Consuming immutable actions]().

3
config/dbscheme-fragments.json
View File

@@ -1,11 +1,13 @@
{
"files": [
"cpp/ql/lib/semmlecode.cpp.dbscheme",
"javascript/ql/lib/semmlecode.javascript.dbscheme",
"python/ql/lib/semmlecode.python.dbscheme",
"ruby/ql/lib/ruby.dbscheme",
"ql/ql/src/ql.dbscheme"
],
"fragments": [
"/*- Compilations -*/",
"/*- External data -*/",
"/*- Files and folders -*/",
"/*- Diagnostic messages -*/",
@@ -21,6 +23,7 @@
"/*- DEPRECATED: Snapshot date -*/",
"/*- DEPRECATED: Duplicate code -*/",
"/*- DEPRECATED: Version control data -*/",
"/*- C++ dbscheme -*/",
"/*- JavaScript-specific part -*/",
"/*- Ruby dbscheme -*/",
"/*- Erb dbscheme -*/",

2428
cpp/downgrades/5491582ac8511726e12fae3e2399000f9201cd9a/old.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

2451
cpp/downgrades/5491582ac8511726e12fae3e2399000f9201cd9a/semmlecode.cpp.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

2
cpp/downgrades/5491582ac8511726e12fae3e2399000f9201cd9a/upgrade.properties Normal file
View File

@@ -0,0 +1,2 @@
description: Remove unused external_package tables from the dbscheme
compatibility: full

9
cpp/downgrades/801b2f03360d78c85f51fbad9b75956fa8d58b00/functions.ql Normal file
View File

@@ -0,0 +1,9 @@
class Function extends @function {
string toString() { none() }
}
from Function f, string n, int k, int new_k
where
functions(f, n, k) and
if builtin_functions(f) then new_k = 6 else new_k = k
select f, n, new_k

2433
cpp/downgrades/801b2f03360d78c85f51fbad9b75956fa8d58b00/old.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

2428
cpp/downgrades/801b2f03360d78c85f51fbad9b75956fa8d58b00/semmlecode.cpp.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

4
cpp/downgrades/801b2f03360d78c85f51fbad9b75956fa8d58b00/upgrade.properties Normal file
View File

@@ -0,0 +1,4 @@
description: Move builtin function identification to its own table
compatibility: full
functions.rel: run functions.qlo
builtin_functions.rel: delete

2451
cpp/downgrades/827dbc206ea55377e032a8a934c8903fedc50fa0/old.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

2475
cpp/downgrades/827dbc206ea55377e032a8a934c8903fedc50fa0/semmlecode.cpp.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

2
cpp/downgrades/827dbc206ea55377e032a8a934c8903fedc50fa0/upgrade.properties Normal file
View File

@@ -0,0 +1,2 @@
description: sync dbscheme and delete svn tables
compatibility: full

1
cpp/ql/integration-tests/header-variant-tests/clang-pch/b.c
View File

@@ -4,4 +4,3 @@
int main() {
return ONE + TWO + THREE + FOUR;
}
// semmle-extractor-options: --clang -include-pch ${testdir}/clang-pch.testproj/a.pch -Iextra_dummy_path

4
cpp/ql/lib/change-notes/2025-06-24-float16 copy.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* The analysis of C/C++ code targeting 64-bit Arm platforms has been improved. This includes support for the Arm-specific builtin functions, support for the `arm_neon.h` header and Neon vector types, and support for the `fp8` scalar type. The `arm_sve.h` header and scalable vectors are only partially supported at this point.

19
cpp/ql/lib/semmle/code/cpp/Function.qll
View File

@@ -282,9 +282,12 @@ class Function extends Declaration, ControlFlowNode, AccessHolder, @function {
* definition, if possible.)
*/
override Location getLocation() {
if exists(this.getDefinition())
then result = this.getDefinitionLocation()
else result = this.getADeclarationLocation()
if this instanceof BuiltInFunction
then result instanceof UnknownLocation // a dummy location for the built-in function
else
if exists(this.getDefinition())
then result = this.getDefinitionLocation()
else result = this.getADeclarationLocation()
}
/** Gets a child declaration of this function. */
@@ -896,17 +899,9 @@ class FunctionTemplateSpecialization extends Function {
* A GCC built-in function. For example: `__builtin___memcpy_chk`.
*/
class BuiltInFunction extends Function {
BuiltInFunction() { functions(underlyingElement(this), _, 6) }
/** Gets a dummy location for the built-in function. */
override Location getLocation() {
suppressUnusedThis(this) and
result instanceof UnknownLocation
}
BuiltInFunction() { builtin_functions(underlyingElement(this)) }
}
private predicate suppressUnusedThis(Function f) { any() }
/**
* A C++ user-defined literal [N4140 13.5.8].
*/

2
cpp/ql/lib/semmle/code/cpp/Location.qll
View File

@@ -8,7 +8,7 @@ import semmle.code.cpp.File
/**
* A location of a C/C++ artifact.
*/
class Location extends @location {
class Location extends @location_default {
/** Gets the container corresponding to this location. */
pragma[nomagic]
Container getContainer() { this.fullLocationInfo(result, _, _, _, _) }

4
cpp/ql/lib/semmle/code/cpp/exprs/Call.qll
View File

@@ -504,6 +504,8 @@ class VacuousDestructorCall extends Expr, @vacuous_destructor_call {
*/
class ConstructorInit extends Expr, @ctorinit {
override string getAPrimaryQlClass() { result = "ConstructorInit" }
override string toString() { result = "constructor init" }
}
/**
@@ -512,6 +514,8 @@ class ConstructorInit extends Expr, @ctorinit {
*/
class ConstructorBaseInit extends ConstructorInit, ConstructorCall {
override string getAPrimaryQlClass() { result = "ConstructorBaseInit" }
override string toString() { result = "call to " + this.getTarget().getName() }
}
/**

294
cpp/ql/lib/semmlecode.cpp.dbscheme
View File

@@ -1,3 +1,4 @@
/*- Compilations -*/
/**
* An invocation of the compiler. Note that more than one file may be
@@ -138,6 +139,7 @@ compilation_finished(
float elapsed_seconds : float ref
);
/*- External data -*/
/**
* External data, loaded from CSV files during snapshot creation. See
@@ -145,69 +147,75 @@ compilation_finished(
* for more information.
*/
externalData(
int id : @externalDataElement,
string path : string ref,
int column: int ref,
string value : string ref
int id : @externalDataElement,
string path : string ref,
int column: int ref,
string value : string ref
);
/*- Source location prefix -*/
/**
* The source location of the snapshot.
*/
sourceLocationPrefix(string prefix : string ref);
/**
* Information about packages that provide code used during compilation.
* The `id` is just a unique identifier.
* The `namespace` is typically the name of the package manager that
* provided the package (e.g. "dpkg" or "yum").
* The `package_name` is the name of the package, and `version` is its
* version (as a string).
*/
external_packages(
unique int id: @external_package,
string namespace : string ref,
string package_name : string ref,
string version : string ref
);
/*- Files and folders -*/
/**
* Holds if File `fileid` was provided by package `package`.
* The location of an element.
* The location spans column `startcolumn` of line `startline` to
* column `endcolumn` of line `endline` in file `file`.
* For more information, see
* [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
*/
header_to_external_package(
int fileid : @file ref,
int package : @external_package ref
locations_default(
unique int id: @location_default,
int file: @file ref,
int beginLine: int ref,
int beginColumn: int ref,
int endLine: int ref,
int endColumn: int ref
);
/*
* Version history
*/
files(
unique int id: @file,
string name: string ref
);
svnentries(
unique int id : @svnentry,
string revision : string ref,
string author : string ref,
date revisionDate : date ref,
int changeSize : int ref
)
folders(
unique int id: @folder,
string name: string ref
);
svnaffectedfiles(
int id : @svnentry ref,
int file : @file ref,
string action : string ref
)
@container = @file | @folder
svnentrymsg(
unique int id : @svnentry ref,
string message : string ref
)
containerparent(
int parent: @container ref,
unique int child: @container ref
);
svnchurn(
int commit : @svnentry ref,
int file : @file ref,
int addedLines : int ref,
int deletedLines : int ref
)
/*- Lines of code -*/
numlines(
int element_id: @sourceline ref,
int num_lines: int ref,
int num_code: int ref,
int num_comment: int ref
);
/*- Diagnostic messages -*/
diagnostics(
unique int id: @diagnostic,
int severity: int ref,
string error_tag: string ref,
string error_message: string ref,
string full_error_message: string ref,
int location: @location_default ref
);
/*- C++ dbscheme -*/
/*
* C++ dbscheme
@@ -218,61 +226,9 @@ extractor_version(
string frontend_version: string ref
)
@location = @location_default ;
/**
* The location of an element.
* The location spans column `startcolumn` of line `startline` to
* column `endcolumn` of line `endline` in file `file`.
* For more information, see
* [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
*/
locations_default(
/** The location of an element that is not an expression or a statement. */
unique int id: @location_default,
int container: @container ref,
int startLine: int ref,
int startColumn: int ref,
int endLine: int ref,
int endColumn: int ref
);
/** An element for which line-count information is available. */
@sourceline = @file | @function | @variable | @enumconstant | @xmllocatable;
numlines(
int element_id: @sourceline ref,
int num_lines: int ref,
int num_code: int ref,
int num_comment: int ref
);
diagnostics(
unique int id: @diagnostic,
int severity: int ref,
string error_tag: string ref,
string error_message: string ref,
string full_error_message: string ref,
int location: @location ref
);
files(
unique int id: @file,
string name: string ref
);
folders(
unique int id: @folder,
string name: string ref
);
@container = @folder | @file
containerparent(
int parent: @container ref,
unique int child: @container ref
);
fileannotations(
int id: @file ref,
int kind: int ref,
@@ -298,7 +254,7 @@ case @macroinvocation.kind of
macroinvocations(
unique int id: @macroinvocation,
int macro_id: @ppd_define ref,
int location: @location ref,
int location: @location_default ref,
int kind: int ref
);
@@ -313,7 +269,7 @@ macroparent(
// to which a macro invocation is bound
macrolocationbind(
int id: @macroinvocation ref,
int location: @location ref
int location: @location_default ref
);
#keyset[invocation, argument_index]
@@ -332,12 +288,13 @@ macro_argument_expanded(
/*
case @function.kind of
1 = @normal_function
0 = @unknown_function
| 1 = @normal_function
| 2 = @constructor
| 3 = @destructor
| 4 = @conversion_function
| 5 = @operator
| 6 = @builtin_function // GCC built-in functions, e.g. __builtin___memcpy_chk
// ... 6 = @builtin_function deprecated // GCC built-in functions, e.g. __builtin___memcpy_chk
| 7 = @user_defined_literal
| 8 = @deduction_guide
;
@@ -349,6 +306,10 @@ functions(
int kind: int ref
);
builtin_functions(
int id: @function ref
)
function_entry_point(
int id: @function ref,
unique int entry_point: @stmt ref
@@ -419,7 +380,7 @@ fun_decls(
int function: @function ref,
int type_id: @type ref,
string name: string ref,
int location: @location ref
int location: @location_default ref
);
fun_def(unique int id: @fun_decl ref);
fun_specialized(unique int id: @fun_decl ref);
@@ -471,7 +432,7 @@ var_decls(
int variable: @variable ref,
int type_id: @type ref,
string name: string ref,
int location: @location ref
int location: @location_default ref
);
var_def(unique int id: @var_decl ref);
var_specialized(int id: @var_decl ref);
@@ -488,7 +449,7 @@ var_requires(
type_decls(
unique int id: @type_decl,
int type_id: @type ref,
int location: @location ref
int location: @location_default ref
);
type_def(unique int id: @type_decl ref);
type_decl_top(
@@ -502,8 +463,8 @@ type_requires(
namespace_decls(
unique int id: @namespace_decl,
int namespace_id: @namespace ref,
int location: @location ref,
int bodylocation: @location ref
int location: @location_default ref,
int bodylocation: @location_default ref
);
case @using.kind of
@@ -515,7 +476,7 @@ case @using.kind of
usings(
unique int id: @using,
int element_id: @element ref,
int location: @location ref,
int location: @location_default ref,
int kind: int ref
);
@@ -529,7 +490,7 @@ static_asserts(
unique int id: @static_assert,
int condition : @expr ref,
string message : string ref,
int location: @location ref,
int location: @location_default ref,
int enclosing : @element ref
);
@@ -585,7 +546,7 @@ enumconstants(
int index: int ref,
int type_id: @type ref,
string name: string ref,
int location: @location ref
int location: @location_default ref
);
@variable = @localscopevariable | @globalvariable | @membervariable;
@@ -889,7 +850,7 @@ is_proxy_class_for(
type_mentions(
unique int id: @type_mention,
int type_id: @type ref,
int location: @location ref,
int location: @location_default ref,
// a_symbol_reference_kind from the frontend.
int kind: int ref
);
@@ -946,7 +907,7 @@ template_template_argument_value(
concept_templates(
unique int concept_id: @concept_template,
string name: string ref,
int location: @location ref
int location: @location_default ref
);
concept_instantiation(
unique int to: @concept_id ref,
@@ -1050,7 +1011,7 @@ attributes(
int kind: int ref,
string name: string ref,
string name_space: string ref,
int location: @location ref
int location: @location_default ref
);
case @attribute.kind of
@@ -1067,7 +1028,7 @@ attribute_args(
int kind: int ref,
int attribute: @attribute ref,
int index: int ref,
int location: @location ref
int location: @location_default ref
);
case @attribute_arg.kind of
@@ -1156,7 +1117,7 @@ derivations(
int sub: @type ref,
int index: int ref,
int super: @type ref,
int location: @location ref
int location: @location_default ref
);
derspecifiers(
@@ -1190,7 +1151,7 @@ frienddecls(
unique int id: @frienddecl,
int type_id: @type ref,
int decl_id: @declaration ref,
int location: @location ref
int location: @location_default ref
);
@declaredtype = @usertype ;
@@ -1247,7 +1208,7 @@ frienddecls(
comments(
unique int id: @comment,
string contents: string ref,
int location: @location ref
int location: @location_default ref
);
commentbinding(
@@ -1369,7 +1330,7 @@ namequalifiers(
unique int id: @namequalifier,
unique int qualifiableelement: @namequalifiableelement ref,
int qualifyingelement: @namequalifyingelement ref,
int location: @location ref
int location: @location_default ref
);
varbind(
@@ -1638,7 +1599,7 @@ initialisers(
unique int init: @initialiser,
int var: @accessible ref,
unique int expr: @expr ref,
int location: @location ref
int location: @location_default ref
);
braced_initialisers(
@@ -1657,7 +1618,7 @@ expr_ancestor(
exprs(
unique int id: @expr,
int kind: int ref,
int location: @location ref
int location: @location_default ref
);
expr_reuse(
@@ -2131,7 +2092,7 @@ lambda_capture(
int field: @membervariable ref,
boolean captured_by_reference: boolean ref,
boolean is_implicit: boolean ref,
int location: @location ref
int location: @location_default ref
);
@funbindexpr = @routineexpr
@@ -2159,7 +2120,7 @@ fold(
stmts(
unique int id: @stmt,
int kind: int ref,
int location: @location ref
int location: @location_default ref
);
case @stmt.kind of
@@ -2344,7 +2305,7 @@ jumpinfo(
preprocdirects(
unique int id: @preprocdirect,
int kind: int ref,
int location: @location ref
int location: @location_default ref
);
case @preprocdirect.kind of
0 = @ppd_if
@@ -2400,76 +2361,73 @@ link_parent(
int link_target : @link_target ref
);
/* XML Files */
/*- XML Files -*/
xmlEncoding(unique int id: @file ref, string encoding: string ref);
xmlEncoding(
unique int id: @file ref,
string encoding: string ref
);
xmlDTDs(
unique int id: @xmldtd,
string root: string ref,
string publicId: string ref,
string systemId: string ref,
int fileid: @file ref
unique int id: @xmldtd,
string root: string ref,
string publicId: string ref,
string systemId: string ref,
int fileid: @file ref
);
xmlElements(
unique int id: @xmlelement,
string name: string ref,
int parentid: @xmlparent ref,
int idx: int ref,
int fileid: @file ref
unique int id: @xmlelement,
string name: string ref,
int parentid: @xmlparent ref,
int idx: int ref,
int fileid: @file ref
);
xmlAttrs(
unique int id: @xmlattribute,
int elementid: @xmlelement ref,
string name: string ref,
string value: string ref,
int idx: int ref,
int fileid: @file ref
unique int id: @xmlattribute,
int elementid: @xmlelement ref,
string name: string ref,
string value: string ref,
int idx: int ref,
int fileid: @file ref
);
xmlNs(
int id: @xmlnamespace,
string prefixName: string ref,
string URI: string ref,
int fileid: @file ref
int id: @xmlnamespace,
string prefixName: string ref,
string URI: string ref,
int fileid: @file ref
);
xmlHasNs(
int elementId: @xmlnamespaceable ref,
int nsId: @xmlnamespace ref,
int fileid: @file ref
int elementId: @xmlnamespaceable ref,
int nsId: @xmlnamespace ref,
int fileid: @file ref
);
xmlComments(
unique int id: @xmlcomment,
string text: string ref,
int parentid: @xmlparent ref,
int fileid: @file ref
unique int id: @xmlcomment,
string text: string ref,
int parentid: @xmlparent ref,
int fileid: @file ref
);
xmlChars(
unique int id: @xmlcharacters,
string text: string ref,
int parentid: @xmlparent ref,
int idx: int ref,
int isCDATA: int ref,
int fileid: @file ref
unique int id: @xmlcharacters,
string text: string ref,
int parentid: @xmlparent ref,
int idx: int ref,
int isCDATA: int ref,
int fileid: @file ref
);
@xmlparent = @file | @xmlelement;
@xmlnamespaceable = @xmlelement | @xmlattribute;
xmllocations(
int xmlElement: @xmllocatable ref,
int location: @location_default ref
int xmlElement: @xmllocatable ref,
int location: @location_default ref
);
@xmllocatable = @xmlcharacters
| @xmlelement
| @xmlcomment
| @xmlattribute
| @xmldtd
| @file
| @xmlnamespace;
@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace;

4268
cpp/ql/lib/semmlecode.cpp.dbscheme.stats
View File

File diff suppressed because it is too large Load Diff

7
cpp/ql/lib/upgrades/5491582ac8511726e12fae3e2399000f9201cd9a/builtin_functions.ql Normal file
View File

@@ -0,0 +1,7 @@
class Function extends @function {
string toString() { none() }
}
from Function f
where functions(f, _, 6)
select f

9
cpp/ql/lib/upgrades/5491582ac8511726e12fae3e2399000f9201cd9a/functions.ql Normal file
View File

@@ -0,0 +1,9 @@
class Function extends @function {
string toString() { none() }
}
from Function f, string n, int k, int new_k
where
functions(f, n, k) and
if k = 6 then new_k = 1 else new_k = k
select f, n, new_k

2428
cpp/ql/lib/upgrades/5491582ac8511726e12fae3e2399000f9201cd9a/old.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

2433
cpp/ql/lib/upgrades/5491582ac8511726e12fae3e2399000f9201cd9a/semmlecode.cpp.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

4
cpp/ql/lib/upgrades/5491582ac8511726e12fae3e2399000f9201cd9a/upgrade.properties Normal file
View File

@@ -0,0 +1,4 @@
description: Move builtin function identification to its own table
compatibility: full
functions.rel: run functions.qlo
builtin_functions.rel: run builtin_functions.qlo

2451
cpp/ql/lib/upgrades/827dbc206ea55377e032a8a934c8903fedc50fa0/old.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

2428
cpp/ql/lib/upgrades/827dbc206ea55377e032a8a934c8903fedc50fa0/semmlecode.cpp.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

4
cpp/ql/lib/upgrades/827dbc206ea55377e032a8a934c8903fedc50fa0/upgrade.properties Normal file
View File

@@ -0,0 +1,4 @@
description: Remove unused external_package tables from the dbscheme
compatibility: full
external_packages.rel: delete
header_to_external_package.rel: delete

2475
cpp/ql/lib/upgrades/e70d0b653187b93d9688f21c9db46bb1cd46ab78/old.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

2451
cpp/ql/lib/upgrades/e70d0b653187b93d9688f21c9db46bb1cd46ab78/semmlecode.cpp.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

6
cpp/ql/lib/upgrades/e70d0b653187b93d9688f21c9db46bb1cd46ab78/upgrade.properties Normal file
View File

@@ -0,0 +1,6 @@
description: sync dbscheme and delete svn tables
compatibility: full
svnentries.rel: delete
svnaffectedfiles.rel: delete
svnentrymsg.rel: delete
svnchurn.rel: delete

29
cpp/ql/src/Critical/GlobalUseBeforeInit.ql
View File

@@ -21,13 +21,29 @@ predicate initFunc(GlobalVariable v, Function f) {
)
}
/** Holds if `v` has an initializer in function `f` that dominates `node`. */
predicate dominatingInitInFunc(GlobalVariable v, Function f, ControlFlowNode node) {
exists(VariableAccess initAccess |
v.getAnAccess() = initAccess and
initAccess.isUsedAsLValue() and
initAccess.getEnclosingFunction() = f and
dominates(initAccess, node)
)
}
predicate safeAccess(VariableAccess access) {
// it is safe if the variable access is part of a `sizeof` expression
exists(SizeofExprOperator e | e.getAChild*() = access)
}
predicate useFunc(GlobalVariable v, Function f) {
exists(VariableAccess access |
v.getAnAccess() = access and
access.isRValue() and
access.getEnclosingFunction() = f
) and
not initFunc(v, f)
access.getEnclosingFunction() = f and
not safeAccess(access) and
not dominatingInitInFunc(v, f, access)
)
}
predicate uninitialisedBefore(GlobalVariable v, Function f) {
@@ -38,12 +54,14 @@ predicate uninitialisedBefore(GlobalVariable v, Function f) {
exists(Call call, Function g |
uninitialisedBefore(v, g) and
call.getEnclosingFunction() = g and
(not functionInitialises(f, v) or locallyUninitialisedAt(v, call)) and
(not functionInitialises(g, v) or locallyUninitialisedAt(v, call)) and
resolvedCall(call, f)
)
}
predicate functionInitialises(Function f, GlobalVariable v) {
initFunc(v, f)
or
exists(Call call |
call.getEnclosingFunction() = f and
initialisedBy(v, call)
@@ -60,7 +78,8 @@ predicate locallyUninitialisedAt(GlobalVariable v, Call call) {
exists(Call mid |
locallyUninitialisedAt(v, mid) and not initialisedBy(v, mid) and callPair(mid, call)
)
)
) and
not dominatingInitInFunc(v, call.getEnclosingFunction(), call)
}
predicate initialisedBy(GlobalVariable v, Call call) {

16
cpp/ql/src/Metrics/Dependencies/ExternalDependencies.qll
View File

@@ -26,12 +26,6 @@ private newtype LibraryT =
LibraryTElement(LibraryElement lib, string name, string version) {
lib.getName() = name and
lib.getVersion() = version
} or
LibraryTExternalPackage(@external_package ep, string name, string version) {
exists(string package_name |
external_packages(ep, _, package_name, version) and
name = package_name
)
}
/**
@@ -41,10 +35,7 @@ class Library extends LibraryT {
string name;
string version;
Library() {
this = LibraryTElement(_, name, version) or
this = LibraryTExternalPackage(_, name, version)
}
Library() { this = LibraryTElement(_, name, version) }
string getName() { result = name }
@@ -63,11 +54,6 @@ class Library extends LibraryT {
this = LibraryTElement(lib, _, _) and
result = lib.getAFile()
)
or
exists(@external_package ep |
this = LibraryTExternalPackage(ep, _, _) and
header_to_external_package(unresolveElement(result), ep)
)
}
}

4
cpp/ql/src/change-notes/2025-07-01-global-vars-ubi-query-fixes.md.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Fixed a number of false positives and false negatives in `cpp/global-use-before-init`. Note that this query is not part of any of the default query suites.

2
cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected
View File

@@ -4717,7 +4717,7 @@ WARNING: module 'TaintTracking' has been deprecated and may be removed in future
| stl.h:292:30:292:40 | call to allocator | stl.h:292:21:292:41 | noexcept(...) | TAINT |
| stl.h:292:30:292:40 | call to allocator | stl.h:292:21:292:41 | noexcept(...) | TAINT |
| stl.h:292:30:292:40 | call to allocator | stl.h:292:21:292:41 | noexcept(...) | TAINT |
| stl.h:292:53:292:63 | 0 | stl.h:292:46:292:64 | (no string representation) | TAINT |
| stl.h:292:53:292:63 | 0 | stl.h:292:46:292:64 | constructor init | TAINT |
| stl.h:396:3:396:3 | this | stl.h:396:36:396:43 | constructor init of field first [pre-this] | |
| stl.h:396:3:396:3 | this | stl.h:396:36:396:43 | constructor init of field first [pre-this] | |
| stl.h:396:3:396:3 | this | stl.h:396:36:396:43 | constructor init of field first [pre-this] | |

6
cpp/ql/test/library-tests/ir/ir/PrintAST.expected
View File

@@ -15134,7 +15134,7 @@ ir.cpp:
# 1506| [Constructor] void Inheritance_Test_A::Inheritance_Test_A()
# 1506| <params>:
# 1506| <initializations>:
# 1506| getInitializer(0): (no string representation)
# 1506| getInitializer(0): [ConstructorInit] constructor init
# 1506| Type = [Struct] Inheritance_Test_B
# 1506| ValueCategory = prvalue
# 1506| getInitializer(1): [ConstructorFieldInit] constructor init of field x
@@ -17205,7 +17205,7 @@ ir.cpp:
# 1785| getExpr(): [ReferenceDereferenceExpr] (reference dereference)
# 1785| Type = [SpecifiedType] const CopyConstructorTestNonVirtualClass
# 1785| ValueCategory = lvalue
# 1785| getInitializer(1): (no string representation)
# 1785| getInitializer(1): [ConstructorInit] constructor init
# 1785| Type = [VirtualBaseClass] CopyConstructorWithBitwiseCopyClass
# 1785| ValueCategory = prvalue
# 1785| getEntryPoint(): [BlockStmt] { ... }
@@ -17254,7 +17254,7 @@ ir.cpp:
# 1792| getExpr(): [ReferenceDereferenceExpr] (reference dereference)
# 1792| Type = [SpecifiedType] const CopyConstructorTestVirtualClass
# 1792| ValueCategory = lvalue
# 1792| getInitializer(1): (no string representation)
# 1792| getInitializer(1): [ConstructorInit] constructor init
# 1792| Type = [VirtualBaseClass] CopyConstructorWithBitwiseCopyClass
# 1792| ValueCategory = prvalue
# 1792| getEntryPoint(): [BlockStmt] { ... }

1
cpp/ql/test/library-tests/ptr_to_member/segfault/exprs.expected
View File

@@ -4,6 +4,7 @@
| file://:0:0:0:0 | uls | file://:0:0:0:0 | unsigned long |
| segfault.cpp:25:46:25:65 | call to S | file://:0:0:0:0 | void |
| segfault.cpp:25:46:25:65 | call to S | file://:0:0:0:0 | void |
| segfault.cpp:25:46:25:65 | constructor init | segfault.cpp:22:8:22:8 | S<T> |
| segfault.cpp:25:48:25:55 | __second | segfault.cpp:15:7:15:11 | tuple |
| segfault.cpp:25:48:25:55 | __second | segfault.cpp:15:7:15:11 | tuple |
| segfault.cpp:25:48:25:55 | __second | segfault.cpp:15:7:15:11 | tuple |

3
cpp/ql/test/query-tests/Critical/GlobalUseBeforeInit/GlobalUseBeforeInit.expected
View File

@@ -1 +1,2 @@
| test.cpp:27:5:27:6 | f1 | The variable $@ is used in this function but may not be initialized when it is called. | test.cpp:14:5:14:5 | b | b |
| test.cpp:28:5:28:6 | f1 | The variable $@ is used in this function but may not be initialized when it is called. | test.cpp:14:5:14:5 | b | b |
| test.cpp:39:5:39:8 | main | The variable $@ is used in this function but may not be initialized when it is called. | test.cpp:14:5:14:5 | b | b |

12
cpp/ql/test/query-tests/Critical/GlobalUseBeforeInit/test.cpp
View File

@@ -12,6 +12,7 @@ int vfprintf (FILE *, const char *, va_list);
int a = 1;
int b;
int *c;
int my_printf(const char * fmt, ...)
{
@@ -31,8 +32,15 @@ int f1()
return 0;
}
void f2() {
my_printf("%d\n", b); // GOOD
}
int main()
{
int b = f1();
unsigned size = sizeof(*c); // GOOD
my_printf("%d\n", b); // BAD
b = f1();
f2();
return 0;
}
}

39
csharp/ql/src/codeql-suites/csharp-security-and-quality.qls
View File

@@ -1,24 +1,7 @@
- description: Security-and-quality queries for C#
- queries: .
- include:
kind:
- problem
- path-problem
precision:
- high
- very-high
tags contain:
- security
- include:
kind:
- problem
- path-problem
precision: medium
problem.severity:
- error
- warning
tags contain:
- security
- apply: security-and-frozen-quality-selectors.yml
from: codeql/suite-helpers
- include:
id:
- cs/asp/response-write
@@ -123,21 +106,3 @@
- cs/wrong-compareto-signature
- cs/wrong-equals-signature
- cs/xmldoc/missing-summary
- include:
kind:
- diagnostic
- include:
kind:
- metric
tags contain:
- summary
- exclude:
deprecated: //
- exclude:
query path:
- /^experimental\/.*/
- Metrics/Summaries/FrameworkCoverage.ql
- exclude:
tags contain:
- modeleditor
- modelgenerator

1
docs/codeql/query-help/rust-cwe.md
View File

@@ -5,3 +5,4 @@ An overview of CWE coverage for Rust in the latest release of CodeQL.
## Overview
<!-- autogenerated CWE coverage table will be added below -->

8
docs/query-help-style-guide.md
View File

@@ -100,7 +100,7 @@ Note, if any code words are included in the `overview` and `recommendation` sect
## Including references
You should include one or more references, formatted as an unordered list (`- ...` or `* ...`) in Markdown or with `<li> ... </li>` for each item in XML, to provide further information about the problem that your query is designed to find. References can be of the following types:
You should include one or more references, formatted as an unordered list (`- ...` or `* ...`) in Markdown or with `<li> ... </li>` for each item in XML, to provide further information about the problem that your query is designed to find. Each reference should end in a full stop. References can be of the following types:
### Books
@@ -124,7 +124,7 @@ If you are citing an academic paper, we recommend adopting the reference style o
If you are citing a website, please use the following format, without breadcrumb trails:
>\<Name of website>: \<Name of page or anchor>
>\<Name of website>: \<Name of page or anchor>.
For example:
@@ -242,8 +242,8 @@ tab width settings cannot be taken into account.
## References
* Java SE Documentation: [Compound Statements](https://www.oracle.com/java/technologies/javase/codeconventions-statements.html#15395)
* Wikipedia: [Indentation style](https://en.wikipedia.org/wiki/Indentation_style)
* Java SE Documentation: [Compound Statements](https://www.oracle.com/java/technologies/javase/codeconventions-statements.html#15395).
* Wikipedia: [Indentation style](https://en.wikipedia.org/wiki/Indentation_style).
````
### XML example

26
go/ql/src/codeql-suites/go-security-and-quality.qls
View File

@@ -1,4 +1,28 @@
- description: Security-and-quality queries for Go
- queries: .
- apply: security-and-quality-selectors.yml
- apply: security-and-frozen-quality-selectors.yml
from: codeql/suite-helpers
- include:
id:
- go/comparison-of-identical-expressions
- go/constant-length-comparison
- go/duplicate-branches
- go/duplicate-condition
- go/duplicate-switch-case
- go/impossible-interface-nil-check
- go/inconsistent-loop-direction
- go/index-out-of-bounds
- go/missing-error-check
- go/mistyped-exponentiation
- go/negative-length-check
- go/redundant-assignment
- go/redundant-operation
- go/redundant-recover
- go/shift-out-of-range
- go/unexpected-nil-value
- go/unhandled-writable-file-close
- go/unreachable-statement
- go/useless-assignment-to-field
- go/useless-assignment-to-local
- go/useless-expression
- go/whitespace-contradicts-precedence

4
java/ql/src/Performance/StringReplaceAllWithNonRegex.md
View File

@@ -1,7 +1,3 @@
# Use of `String#replaceAll` with a first argument which is not a regular expression
Using `String#replaceAll` is less performant than `String#replace` when the first argument is not a regular expression.
## Overview
The `String#replaceAll` method is designed to work with regular expressions as its first parameter. When you use a simple string without any regex patterns (like special characters or syntax), it's more efficient to use `String#replace` instead. This is because `replaceAll` has to compile the input as a regular expression first, which adds unnecessary overhead when you are just replacing literal text.

8
java/ql/src/Violations of Best Practice/Undesirable Calls/DoNotCallFinalize.md
View File

@@ -8,6 +8,8 @@ Avoid calling `finalize()` in application code. Allow the JVM to determine a gar
## Example
### Incorrect Usage
```java
class LocalCache {
private Collection<File> cacheFiles = ...;
@@ -19,9 +21,10 @@ void main() {
// ...
cache.finalize(); // NON_COMPLIANT
}
```
### Correct Usage
```java
import java.lang.AutoCloseable;
import java.lang.Override;
@@ -43,10 +46,9 @@ void main() {
// ...
}
}
```
# Implementation Notes
## Implementation Notes
This rule ignores `super.finalize()` calls that occur within `finalize()` overrides since calling the superclass finalizer is required when overriding `finalize()`. Also, although overriding `finalize()` is not recommended, this rule only alerts on direct calls to `finalize()` and does not alert on method declarations overriding `finalize()`.

40
java/ql/src/codeql-suites/java-security-and-quality.qls
View File

@@ -1,24 +1,7 @@
- description: Security-and-quality queries for Java
- queries: .
- include:
kind:
- problem
- path-problem
precision:
- high
- very-high
tags contain:
- security
- include:
kind:
- problem
- path-problem
precision: medium
problem.severity:
- error
- warning
tags contain:
- security
- apply: security-and-frozen-quality-selectors.yml
from: codeql/suite-helpers
- include:
id:
- java/abs-of-random
@@ -143,22 +126,3 @@
- java/wrong-object-serialization-signature
- java/wrong-readresolve-signature
- java/wrong-swing-event-adapter-signature
- include:
kind:
- diagnostic
- include:
kind:
- metric
tags contain:
- summary
- exclude:
deprecated: //
- exclude:
query path:
- /^experimental\/.*/
- Metrics/Summaries/FrameworkCoverage.ql
- /Diagnostics/Internal/.*/
- exclude:
tags contain:
- modeleditor
- modelgenerator

34
javascript/ql/src/codeql-suites/javascript-security-and-quality.qls
View File

@@ -1,24 +1,7 @@
- description: Security-and-quality queries for JavaScript
- queries: .
- include:
kind:
- problem
- path-problem
precision:
- high
- very-high
tags contain:
- security
- include:
kind:
- problem
- path-problem
precision: medium
problem.severity:
- error
- warning
tags contain:
- security
- apply: security-and-frozen-quality-selectors.yml
from: codeql/suite-helpers
- include:
id:
- js/node/assignment-to-exports-variable
@@ -123,16 +106,3 @@
- js/diagnostics/successfully-extracted-files
- js/summary/lines-of-code
- js/summary/lines-of-user-code
- include:
kind:
- diagnostic
- include:
kind:
- metric
tags contain:
- summary
- exclude:
deprecated: //
- exclude:
query path:
- /^experimental\/.*/

2
misc/scripts/generate-code-scanning-query-list.py
View File

@@ -30,7 +30,7 @@ arguments = parser.parse_args()
assert hasattr(arguments, "ignore_missing_query_packs")
# Define which languages and query packs to consider
languages = [ "actions", "cpp", "csharp", "go", "java", "javascript", "python", "ruby", "swift" ]
languages = [ "actions", "cpp", "csharp", "go", "java", "javascript", "python", "ruby", "rust", "swift" ]
packs = [ "code-scanning", "security-and-quality", "security-extended", "security-experimental", "code-quality"]
class CodeQL:

2
misc/scripts/shared-code-metrics.py
View File

@@ -11,7 +11,7 @@ import json
import yaml
# To add more languages, add them to this list:
languages = ['cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ql', 'ruby', 'swift']
languages = ['cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ql', 'ruby', 'rust', 'swift']
repo_location = Path(__file__).parent.parent.parent

5
misc/suite-helpers/security-and-frozen-quality-selectors.yml Normal file
View File

@@ -0,0 +1,5 @@
- description: Selectors for selecting the non-quality queries for the security-and-quality queries for a language
- apply: security-extended-selectors.yml
- exclude:
tags contain:
- 'model-generator'

126
python/ql/src/codeql-suites/python-security-and-quality.qls
View File

@@ -1,4 +1,128 @@
- description: Security-and-quality queries for Python
- queries: .
- apply: security-and-quality-selectors.yml
- apply: security-and-frozen-quality-selectors.yml
from: codeql/suite-helpers
- include:
id:
- py/asserts-tuple
- py/attribute-shadows-method
- py/call-to-non-callable
- py/call/wrong-arguments
- py/call/wrong-named-argument
- py/call/wrong-named-class-argument
- py/call/wrong-number-class-arguments
- py/catch-base-exception
- py/commented-out-code
- py/comparison-missing-self
- py/comparison-of-constants
- py/comparison-of-identical-expressions
- py/comparison-using-is
- py/conflicting-attributes
- py/constant-conditional-expression
- py/cyclic-import
- py/deprecated-slice-method
- py/duplicate-key-dict-literal
- py/empty-except
- py/encoding-error
- py/equals-hash-mismatch
- py/exit-from-finally
- py/explicit-call-to-delete
- py/explicit-return-in-init
- py/file-not-closed
- py/hash-unhashable-value
- py/illegal-raise
- py/implicit-string-concatenation-in-list
- py/import-and-import-from
- py/import-deprecated-module
- py/import-of-mutable-attribute
- py/import-own-module
- py/imprecise-assert
- py/incomplete-ordering
- py/inconsistent-equality
- py/inconsistent-mro
- py/ineffectual-statement
- py/inheritance/incorrect-overridden-signature
- py/inheritance/incorrect-overriding-signature
- py/inheritance/signature-mismatch
- py/init-calls-subclass
- py/init-method-is-generator
- py/iter-returns-non-iterator
- py/iter-returns-non-self
- py/iteration-string-and-sequence
- py/leaking-list-comprehension
- py/loop-variable-capture
- py/member-test-non-container
- py/mismatched-multiple-assignment
- py/missing-call-to-delete
- py/missing-call-to-init
- py/missing-equals
- py/mixed-returns
- py/mixed-tuple-returns
- py/modification-of-default-value
- py/modification-of-locals
- py/multiple-calls-to-delete
- py/multiple-calls-to-init
- py/multiple-definition
- py/mutable-descriptor
- py/nested-loops-with-same-variable
- py/nested-loops-with-same-variable-reused
- py/non-iterable-in-for-loop
- py/not-named-cls
- py/not-named-self
- py/old-style-octal-literal
- py/overly-complex-delete
- py/overwritten-inherited-attribute
- py/percent-format/not-mapping
- py/percent-format/unsupported-character
- py/percent-format/wrong-arguments
- py/polluting-import
- py/print-during-import
- py/procedure-return-value-used
- py/property-in-old-style-class
- py/pythagorean
- py/raise-not-implemented
- py/raises-tuple
- py/redundant-assignment
- py/redundant-comparison
- py/redundant-else
- py/redundant-global-declaration
- py/regex/backspace-escape
- py/regex/duplicate-in-character-class
- py/regex/incomplete-special-group
- py/regex/unmatchable-caret
- py/regex/unmatchable-dollar
- py/repeated-import
- py/return-or-yield-outside-function
- py/should-use-with
- py/side-effect-in-assert
- py/slots-in-old-style-class
- py/special-method-wrong-signature
- py/str-format/missing-argument
- py/str-format/missing-named-argument
- py/str-format/mixed-fields
- py/str-format/surplus-argument
- py/str-format/surplus-named-argument
- py/super-in-old-style
- py/super-not-enclosing-class
- py/syntax-error
- py/test-equals-none
- py/truncated-division
- py/undefined-export
- py/undefined-placeholder-variable
- py/unexpected-raise-in-special-method
- py/unguarded-next-in-generator
- py/uninitialized-local-variable
- py/unnecessary-delete
- py/unnecessary-lambda
- py/unnecessary-pass
- py/unreachable-except
- py/unreachable-statement
- py/unsafe-cyclic-import
- py/unused-exception-object
- py/unused-global-variable
- py/unused-import
- py/unused-local-variable
- py/unused-loop-variable
- py/use-of-apply
- py/use-of-exit-or-quit
- py/useless-except

19
ruby/ql/lib/codeql/ruby/ast/internal/Literal.qll
View File

@@ -579,12 +579,27 @@ abstract class StringlikeLiteralImpl extends Expr, TStringlikeLiteral {
)
}
pragma[nomagic]
private StringComponentImpl getComponentImplRestricted(int n) {
result = this.getComponentImpl(n) and
strictsum(int length, int i | length = this.getComponentImpl(i).getValue().length() | length) <
10000
}
// 0 components results in the empty string
// if all interpolations have a known string value, we will get a result
// if all interpolations have a known string value, we will get a result, unless the
// combined length exceeds 10,000 characters
language[monotonicAggregates]
final string getStringValue() {
not exists(this.getComponentImpl(_)) and
result = ""
or
result =
concat(StringComponentImpl c, int i | c = this.getComponentImpl(i) | c.getValue() order by i)
strictconcat(StringComponentImpl c, int i |
c = this.getComponentImplRestricted(i)
|
c.getValue() order by i
)
}
}

7
ruby/ql/src/codeql-suites/ruby-security-and-quality.qls
View File

@@ -1,4 +1,9 @@
- description: Security-and-quality queries for Ruby
- queries: .
- apply: security-and-quality-selectors.yml
- apply: security-and-frozen-quality-selectors.yml
from: codeql/suite-helpers
- include:
id:
- rb/database-query-in-loop
- rb/uninitialized-local-variable
- rb/useless-assignment-to-local

15
ruby/ql/src/queries/variables/UninitializedLocal.md
View File

@@ -1,6 +1,4 @@
# Method call on `nil`
## Description
## Overview
In Ruby, it is not necessary to explicitly initialize variables.
If a local variable has not been explicitly initialized, it will have the value `nil`. If this happens unintentionally, though, the variable will not represent an object with the expected methods, and a method call on the variable will raise a `NoMethodError`.
@@ -11,7 +9,9 @@ This can be achieved by using a safe navigation or adding a check for `nil`.
Note: You do not need to explicitly initialize the variable, if you can make the program deal with the possible `nil` value. In particular, initializing the variable to `nil` will have no effect, as this is already the value of the variable. If `nil` is the only possible default value, you need to handle the `nil` value instead of initializing the variable.
## Examples
## Example
### Incorrect Usage
In the following code, the call to `create_file` may fail and then the call `f.close` will raise a `NoMethodError` since `f` will be `nil` at that point.
@@ -24,6 +24,8 @@ ensure
end
```
### Correct Usage
We can fix this by using safe navigation:
```ruby
def dump(x)
@@ -36,6 +38,5 @@ end
## References
- https://www.rubyguides.com/: [Nil](https://www.rubyguides.com/2018/01/ruby-nil/)
- https://ruby-doc.org/: [NoMethodError](https://ruby-doc.org/core-2.6.5/NoMethodError.html)
- RubyGuides: [Everything You Need To Know About Nil](https://www.rubyguides.com/2018/01/ruby-nil/).
- Ruby-Doc.org: [NoMethodError](https://ruby-doc.org/core-2.6.5/NoMethodError.html).

3633
rust/downgrades/8e9b0c516ae822286689672d1020707020128a19/old.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

3638
rust/downgrades/8e9b0c516ae822286689672d1020707020128a19/rust.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

2
rust/downgrades/8e9b0c516ae822286689672d1020707020128a19/upgrade.properties Normal file
View File

@@ -0,0 +1,2 @@
description: Revert making `@assoc_item` and `@extern_item` subtypes of `@item`
compatibility: full

2
rust/extractor/src/generated/.generated.list generated
View File

@@ -1,2 +1,2 @@
mod.rs 4bcb9def847469aae9d8649461546b7c21ec97cf6e63d3cf394e339915ce65d7 4bcb9def847469aae9d8649461546b7c21ec97cf6e63d3cf394e339915ce65d7
top.rs d80090945fca0c60a08bee4c904b376f5c164a5df6c632c11d744a3c7926be31 d80090945fca0c60a08bee4c904b376f5c164a5df6c632c11d744a3c7926be31
top.rs 409eb2e5fb18cb360a7d255fc2d7926a78bcd2d3c9f8dcdfce0419cea49d1489 409eb2e5fb18cb360a7d255fc2d7926a78bcd2d3c9f8dcdfce0419cea49d1489

1386
rust/extractor/src/generated/top.rs generated
View File

File diff suppressed because it is too large Load Diff

17
rust/extractor/src/translate/base.rs
View File

@@ -164,23 +164,6 @@ impl Emission<ast::MacroCall> for Translator<'_> {
self.extract_macro_call_expanded(node, label);
}
}
// TODO: remove the manually written Label conversions. These can be auto-generated by
// ch
// anging the base class of AssocItem from AstNode to Item
impl From<Label<generated::AssocItem>> for Label<generated::Item> {
fn from(value: Label<generated::AssocItem>) -> Self {
// SAFETY: this is safe because every concrete instance of `@assoc_item` is also an instance of `@item`
unsafe { Self::from_untyped(value.as_untyped()) }
}
}
// TODO: remove the manually written Label conversions. These can be auto-generated by
// changing the base class of ExternItem from AstNode to Item
impl From<Label<generated::ExternItem>> for Label<generated::Item> {
fn from(value: Label<generated::ExternItem>) -> Self {
// SAFETY: this is safe because every concrete instance of `@extern_item` is also an instance of `@item`
unsafe { Self::from_untyped(value.as_untyped()) }
}
}
// see https://github.com/tokio-rs/tracing/issues/2730
macro_rules! dispatch_to_tracing {

34
rust/ql/.generated.list generated
View File

@@ -21,7 +21,7 @@ lib/codeql/rust/elements/AsmPiece.qll 8650bf07246fac95533876db66178e4b30ed3210de
lib/codeql/rust/elements/AsmRegOperand.qll 27abfffe1fc99e243d9b915f9a9694510133e5f72100ec0df53796d27a45de0c 8919ab83081dae2970adb6033340c6a18751ffd6a8157cf8c55916ac4253c791
lib/codeql/rust/elements/AsmRegSpec.qll 77483fc3d1de8761564e2f7b57ecf1300d67de50b66c11144bb4e3e0059ebfd6 521f8dd0af859b7eef6ab2edab2f422c9ff65aa11bad065cfba2ec082e0c786b
lib/codeql/rust/elements/AsmSym.qll ba29b59ae2a4aa68bdc09e61b324fd26e8b7e188af852345676fc5434d818eef 10ba571059888f13f71ac5e75d20b58f3aa6eecead0d4c32a7617018c7c72e0e
lib/codeql/rust/elements/AssocItem.qll 89e547c3ce2f49b5eb29063c5d9263a52810838a8cfb30b25bee108166be65a1 238fc6f33c18e02ae023af627afa2184fa8e6055d78ab0936bd1b6180bccb699
lib/codeql/rust/elements/AssocItem.qll 7a65365df8ae0603f892b6d9a27372ad81d06945abd408a2f25a6595a6ea3b6e 24bc6dd8485bcd7d236067cb37bda1300a891009d0a739681aee218449304ed2
lib/codeql/rust/elements/AssocItemList.qll 5d2660e199e59647e3a8b6234531428f6e0a236ed2ced3c9fede13e7f83a5ba5 a2a8e87ab8978f77a70e4c0a8cc7322c522fc4a7a05116646a2b97a2f47428a4
lib/codeql/rust/elements/AssocTypeArg.qll 6ceeec7a0ec78a6f8b2e74c0798d4727ad350cebde954b4ffe442b06e08eb4aa d615f5cd696892518387d20f04dae240fb10ee7c9577028fb6f2a51cd9f5b9e4
lib/codeql/rust/elements/AstNode.qll 5ee6355afb1cafd6dfe408b8c21836a1ba2aeb709fb618802aa09f9342646084 dee708f19c1b333cbd9609819db3dfdb48a0c90d26266c380f31357b1e2d6141
@@ -39,7 +39,7 @@ lib/codeql/rust/elements/CastExpr.qll 2fe1f36ba31fa29de309baf0a665cfcae67b61c733
lib/codeql/rust/elements/ClosureBinder.qll 02c8e83bf07deaf7bf0233b76623ec7f1837be8b77fe7e1c23544edc7d85e3c4 2b114d9a6dede694324aebe3dac80a802d139cfacd39beb0f12b5b0a46ee6390
lib/codeql/rust/elements/ClosureExpr.qll 67e2a106e9154c90367b129987e574d2a9ecf5b297536627e43706675d35eaed d6a381132ddd589c5a7ce174f50f9620041ddf690e15a65ebfb05ff7e7c02de7
lib/codeql/rust/elements/Comment.qll fedad50575125e9a64a8a8776a8c1dbf1e76df990f01849d9f0955f9d74cb2a6 8eb1afad1e1007a4f0090fdac65d81726b23eda6517d067fd0185f70f17635ab
lib/codeql/rust/elements/Const.qll fd2959d036f47fabcbde9a21c3e173b105168f4944c3cea7c3e8ba4c1f5d6052 c3bde2a8ce4425bd2e20a8a9f96ecf049747935b99a10d35b29ba942e8e44e63
lib/codeql/rust/elements/Const.qll 5f4d11e01162a06127ba56519efd66d1ecfb5de7c1792fc1c283a56cf2127373 8c618ac774267d25db70cc05a080f8a408dc23ab7e88c0fc543eda8b4d4cb995
lib/codeql/rust/elements/ConstArg.qll 01865b3be4790c627a062c59ea608462931abcb2f94a132cf265318664fd1251 a2c6bbf63dbfa999e511b6941143a51c9392477d8ccd25e081f85475936ff558
lib/codeql/rust/elements/ConstBlockPat.qll a25f42b84dbeb33e10955735ef53b8bb7e3258522d6d1a9068f19adaf1af89d9 eeb816d2b54db77a1e7bb70e90b68d040a0cd44e9d44455a223311c3615c5e6e
lib/codeql/rust/elements/ConstParam.qll 87776586f7ff562ff3c71373f45cf70486f9a832613a0aaac943311c451cc057 67a31616688106d5130951f2162e5229bff0fde08ff647943663cac427d7048b
@@ -52,7 +52,7 @@ lib/codeql/rust/elements/Expr.qll e5d65e805ccf440d64d331e55df4c4144ab8c8f63f3673
lib/codeql/rust/elements/ExprStmt.qll 00ac4c7d0192b9e8b0f28d5ae59c27729ff5a831ca11938ea3e677a262337a64 7cc02aa5346cd7c50d75ca63cd6501097b0a3979eb2ed838adff114fe17d35a3
lib/codeql/rust/elements/ExternBlock.qll 96c70d0761ec385fe17aa7228e15fd1711949d5abba5877a1c2f4c180d202125 38ad458868a368d437b2dda44307d788a85c887f45ea76c99adbfc9a53f14d81
lib/codeql/rust/elements/ExternCrate.qll 776cf8ef7e6611ebb682f20bb8cf47b24cc8fe08ba0b0cf892c19c95a1ecec3e 1a74eb2974d93c1a8beb9a4f5e3432bb50b6bcdd6e450d1f966534edbdff9cd0
lib/codeql/rust/elements/ExternItem.qll 0d895c2c37f64237b23542a84033fed81a23d732e1cb8c109aa18ecde67bf959 56087151b9461253a6ecc50e165c7e32eca70af334bfc1b884a230302721c2b3
lib/codeql/rust/elements/ExternItem.qll 24301f14e9b7dda6eb5263ba46ae806eedd5901c114399e712a86164b8f03002 0cbb368952bda103c75eba504a7f2840da7d9d17bd64e087184055de2fa6f862
lib/codeql/rust/elements/ExternItemList.qll eceb0fcd3a6f9d87fa044da1da112ce96b75c8e0f0897d51e44c5822a3e430dc 2255f1121d7cec4e29401ad08b728f02a920a82da48f16b6bb86c5056775be31
lib/codeql/rust/elements/FieldExpr.qll 8102cd659f9059cf6af2a22033cfcd2aae9c35204b86f7d219a05f1f8de54b3b f818169dddf5102095ae1410583615f80031376a08b5307d0c464e79953c3975
lib/codeql/rust/elements/FieldList.qll 72f3eace2f0c0600b1ad059819ae756f1feccd15562e0449a3f039a680365462 50e4c01df7b801613688b06bb47ccc36e6c8c7fa2e50cc62cb4705c9abf5ee31
@@ -64,7 +64,7 @@ lib/codeql/rust/elements/FormatArgsArg.qll a2c23cd512d44dd60b7d65eba52cc3adf6e2f
lib/codeql/rust/elements/FormatArgsExpr.qll 8127cbe4082f7acc3d8a05298c2c9bea302519b8a6cd2d158a83c516d18fc487 88cf9b3bedd69a1150968f9a465c904bbb6805da0e0b90cfd1fc0dab1f6d9319
lib/codeql/rust/elements/FormatArgument.qll f6fe17ee1481c353dd42edae8b5fa79aeb99dff25b4842ec9a6f267b1837d1e3 5aed19c2daf2383b89ad7fd527375641cff26ddee7afddb89bc0d18d520f4034
lib/codeql/rust/elements/FormatTemplateVariableAccess.qll ff3218a1dda30c232d0ecd9d1c60bbb9f3973456ef0bee1d1a12ad14b1e082b5 e4316291c939800d8b34d477d92be9404a30d52b7eee37302aef3d3205cf4ae0
lib/codeql/rust/elements/Function.qll 61fafe4bc91c997e9fb64f2770fc6682d333c61df3283fac58163df14a500430 ca7cb756942ccd01f961f3e959c7fddabeaabb72c4226ca756a6a30a4b1a4c48
lib/codeql/rust/elements/Function.qll a5d1654003137bcfd5b0bdfaf73778f6316521dd896aaa58b95422f795e2d674 e13ad1cc560525d94917fb5a0c9605e022d3f2e33042933a1c7141556ca75ce8
lib/codeql/rust/elements/GenericArg.qll 5f8666af395208f8ad2044063788fa2c0c317cc0201d1ffc8c6ade62da82867c 174025826d3f4d6bf714be043acfea323701988bae134bd5a8b908b1ba1d3850
lib/codeql/rust/elements/GenericArgList.qll dcf274db517b0e8f19e4545d77f86cdd4066ff2805e68c808d0bb5750b49f569 1055a82929e850264e501b367ef4d314a3e6bb8943ec95f4284d157fb4d0092f
lib/codeql/rust/elements/GenericParam.qll 87adf96aac385f2a182008a7b90aad46cf46d70134364123871afb43e5ea2590 be82f1986b263053d7b894a8998ddb59543200a2aa8df5a44c217b8773f60307
@@ -91,7 +91,7 @@ lib/codeql/rust/elements/Locatable.qll 2855efa4a469b54e0ca85daa89309a8b991cded6f
lib/codeql/rust/elements/LoopExpr.qll ee171177650fa23eef102a9580765f4b6073a1cc41bab1ec31ad4f84ffe6c2c9 bfcf0cca4dc944270d9748a202829a38c64dfae167c0d3a4202788ceb9daf5f6
lib/codeql/rust/elements/LoopingExpr.qll 7ad7d4bbfd05adc0bb9b4ca90ff3377b8298121ca5360ffb45d5a7a1e20fe37a 964168b2045ee9bad827bba53f10a64d649b3513f2d1e3c17a1b1f11d0fc7f3a
lib/codeql/rust/elements/MacroBlockExpr.qll fb81f067a142053b122e2875a15719565024cfb09326faf12e0f1017307deb58 3ee94ef7e56bd07a8f9304869b0a7b69971b02abbee46d0bebcacb4031760282
lib/codeql/rust/elements/MacroCall.qll 7e456de5b506ea6d4ca20a55f75734ede9202f31529c111df3ed3eab1a9b83e5 cc0f45aaeaab4d32ad133c18ad8000316cbcfa62062bd31b6a0e690df7bb76bc
lib/codeql/rust/elements/MacroCall.qll 452aee152b655cdd5a69bf973977072f000a6451f626469a3f7313f0468ffc18 a8652d0de1c6c2118d683d5465ba4115dd4c65031896440269a2a0522d90fceb
lib/codeql/rust/elements/MacroDef.qll 5bcf2bba7ba40879fe47370bfeb65b23c67c463be20535327467338a1e2e04bb c3d28416fc08e5d79149fccd388fea2bc3097bce074468a323383056404926db
lib/codeql/rust/elements/MacroExpr.qll 640554f4964def19936a16ce88a03fb12f74ec2bcfe38b88d32742b79f85d909 a284fb66e012664a33a4e9c8fd3e38d3ffd588fccd6b16b02270da55fc025f7a
lib/codeql/rust/elements/MacroItems.qll f2d80ff23634ac6bc3e96e8d73154587f9d24edb56654b5c0ae426124d2709ea f794f751b77fc50d7cc3069c93c22dd3a479182edce15c1b22c8da31d2e30a12
@@ -143,7 +143,7 @@ lib/codeql/rust/elements/SelfParam.qll e36b54cdc57529935910b321c336783e9e2662c76
lib/codeql/rust/elements/SlicePat.qll f48f13bb13378cc68f935d5b09175c316f3e81f50ef6a3ac5fdbfbfb473d6fc1 4c8df0b092274f37028e287a949f1a287f7505b7c2c36ee8d5f47fb8365d278a
lib/codeql/rust/elements/SliceTypeRepr.qll 730e4d0eeefb9b2284e15b41cd0afc3cbe2556120484df424c8e5242afd852f9 100772263b08f498ce8db203ba572be4e92edd361df7c0e9bd7b20c7ac2820fb
lib/codeql/rust/elements/SourceFile.qll 0b6a3e58767c07602b19975009a2ad53ecf1fd721302af543badb643c1fbb6c4 511d5564aab70b1fcd625e07f3d7e3ceb0c4811a5740de64a55a9a728ba8d32c
lib/codeql/rust/elements/Static.qll a6d73152ddecb53a127aa3a4139f97007cd77b46203691c287600aa7200b8beb 547197e794803b3ea0c0e220f050980adec815a16fdef600f98ff795aa77f677
lib/codeql/rust/elements/Static.qll 9dca6d4fb80fb4ead49a3de89bec2b02bae6f96fbc2601dde35a2aa69a9bfdb0 70f67bc75d7799dab04ea7a7fd13286bb76bbe514be16d23149c59dfb31fd0c9
lib/codeql/rust/elements/Stmt.qll 532b12973037301246daf7d8c0177f734202f43d9261c7a4ca6f5080eea8ca64 b838643c4f2b4623d2c816cddad0e68ca3e11f2879ab7beaece46f489ec4b1f3
lib/codeql/rust/elements/StmtList.qll e874859ce03672d0085e47e0ca5e571b92b539b31bf0d5a8802f9727bef0c6b0 e5fe83237f713cdb57c446a6e1c20f645c2f49d9f5ef2c984032df83acb3c0de
lib/codeql/rust/elements/Struct.qll 297d3ea732fc7fbb8b8fb5479c1873ce84705146853ff752c84a6f70af12b923 3df0e5fd50a910a0b5611c3a860a1d7c318f6925c3a0727006d91840caf04812
@@ -166,7 +166,7 @@ lib/codeql/rust/elements/TupleFieldList.qll b67cd2dec918d09e582467e5db7a38c8fa18
lib/codeql/rust/elements/TuplePat.qll 028cdea43868b0fdd2fc4c31ff25b6bbb40813e8aaccf72186051a280db7632e 38c56187971671e6a9dd0c6ccccb2ee4470aa82852110c6b89884496eb4abc64
lib/codeql/rust/elements/TupleStructPat.qll da398a23eb616bf7dd586b2a87f4ab00f28623418f081cd7b1cc3de497ef1819 6573bf3f8501c30af3aeb23d96db9f5bea7ab73e2b7ef3473095c03e96c20a5c
lib/codeql/rust/elements/TupleTypeRepr.qll 1ac5abf6281ea31680a4098407fbe55459d08f92a50dec20d1f8b93d498eee41 6d9625cce4e4abf6b6e6c22e47880fbd23740d07b621137bd7fa0a2ee13badd9
lib/codeql/rust/elements/TypeAlias.qll 7c06232b50df4b6d9066e18a7286f6f0986df6b3994838923c3b2cd0898bb937 d4e61091e396b6cbbfbc9731a58154d81ef986ccf0f306e64962661c468b2889
lib/codeql/rust/elements/TypeAlias.qll b59f24488f0d7de8d4046a9e0ca1e1f54d1d5c11e035898b11ab97e151fc600f 7b25c9e14c8bb310cec796824904fcefced2cc486d55e981b80b7620e73dd2d7
lib/codeql/rust/elements/TypeArg.qll e91dbb399d2ab7cf7af9dd5f743a551d0bf91dba3cfb76cea9e2d42ada0f9f2e c67d64e20e35a9bba5092651e0f82c75ba53b8c165e823bc81d67975107ae375
lib/codeql/rust/elements/TypeBound.qll a1645f31a789995af85b1db236caece180013cc2e28e1c50b792dc0d4ab0854e 14a68ebef2149bc657ba1f18606ef8cf9b7cc3e6113b50bc038c168eb6cfd11c
lib/codeql/rust/elements/TypeBoundList.qll 61a861e89b3de23801c723531cd3331a61214817a230aaae74d91cb60f0e096f d54e3d830bb550c5ba082ccd09bc0dc4e6e44e8d11066a7afba5a7172aa687a8
@@ -479,7 +479,7 @@ lib/codeql/rust/elements/internal/generated/AsmPiece.qll 17f425727781cdda3a2ec59
lib/codeql/rust/elements/internal/generated/AsmRegOperand.qll e1412c7a9135669cb3e07f82dcf2bebc2ea28958d9ffb9520ae48d299344997c d81f18570703c9eb300241bd1900b7969d12d71cec0a3ce55c33f7d586600c24
lib/codeql/rust/elements/internal/generated/AsmRegSpec.qll 73a24744f62dd6dfa28a0978087828f009fb0619762798f5e0965003fff1e8ec fdb8fd2f89b64086a2ca873c683c02a68d088bb01007d534617d0b7f67fde2cb
lib/codeql/rust/elements/internal/generated/AsmSym.qll 476ee9ad15db015c43633072175bca3822af30c379ee10eb8ffc091c88d573f6 9f24baf36506eb959e9077dc5ba1cddbc4d93e3d8cba6e357dff5f9780d1e492
lib/codeql/rust/elements/internal/generated/AssocItem.qll fad035ba1dab733489690538fbb94ac85072b96b6c2f3e8bcd58a129b9707a26 d9988025b12b8682be83ce9df8c31ce236214683fc50facd4a658f68645248cb
lib/codeql/rust/elements/internal/generated/AssocItem.qll 188fd2aaaef11cc926cf202adc64f294988fe2b3ec768d586d260c23877bbe21 58332ddaeff27fa80ce329d3964f4cc05f2cc807eb2a7a4cd6c26e90442e7f3a
lib/codeql/rust/elements/internal/generated/AssocItemList.qll 52900dcf32ef749a3bd285b4a01ff337df3c52255fe2698c9c1547c40652f3b9 10709dd626a527c37186b02c4ea738a9edb6c9e97b87370de206d3eb9941575b
lib/codeql/rust/elements/internal/generated/AssocTypeArg.qll a93a42278263bb0c9692aca507108e25f99292aef2a9822501b31489c4ce620d afd9559e0c799988ef7ff1957a5a9ebc4fb92c6e960cbe7fecf12a0a484fef08
lib/codeql/rust/elements/internal/generated/AstNode.qll 1cbfae6a732a1de54b56669ee69d875b0e1d15e58d9aa621df9337c59db5619d 37e16a0c70ae69c5dc1b6df241b9acca96a6326d6cca15456699c44a81c93666
@@ -497,7 +497,7 @@ lib/codeql/rust/elements/internal/generated/CastExpr.qll ddc20054b0b339ad4d40298
lib/codeql/rust/elements/internal/generated/ClosureBinder.qll ab199df96f525a083a0762fd654cd098802033c79700a593bb204a9a0c69ec01 86b33543e0886715830cfcdaca43b555a242a4f12a4caa18b88732d5afb584bd
lib/codeql/rust/elements/internal/generated/ClosureExpr.qll 34149bf82f107591e65738221e1407ec1dc9cc0dfb10ae7f761116fda45162de fd2fbc9a87fc0773c940db64013cf784d5e4137515cc1020e2076da329f5a952
lib/codeql/rust/elements/internal/generated/Comment.qll cd1ef861e3803618f9f78a4ac00516d50ecfecdca1c1d14304dc5327cbe07a3b 8b67345aeb15beb5895212228761ea3496297846c93fd2127b417406ae87c201
lib/codeql/rust/elements/internal/generated/Const.qll e923b540d1dc26cc59766ecd938b8e18f3c73097a73eeaeed3513c8fca7ac3a8 2261a0c46f4252124c40600e7fb2e5743f0e66d58cedc5768fe57393191a9504
lib/codeql/rust/elements/internal/generated/Const.qll 3e606f0198b6461a94964dba7a4d386408f01651d75378eeab251dfceccf49c8 20fe276cded4764bdb1cd50de956bea88d7cd731909c0b84b4abb972b3094959
lib/codeql/rust/elements/internal/generated/ConstArg.qll c52bf746f2dc89b8d71b8419736707bfcbb09cca424c3ba76e888e2add415bf6 89309a9df4fde23cfd3d8492908ccec4d90cc8457d35c507ef81371a369941b4
lib/codeql/rust/elements/internal/generated/ConstBlockPat.qll 7526d83ee9565d74776f42db58b1a2efff6fb324cfc7137f51f2206fee815d79 0ab3c22908ff790e7092e576a5df3837db33c32a7922a513a0f5e495729c1ac5
lib/codeql/rust/elements/internal/generated/ConstParam.qll 2e24198f636e4932c79f28c324f395ae5f61f713795ed4543e920913898e2815 5abe6d3df395c679c28a7720479bad455c53bc5ade9133f1ff113ea54dc66c11
@@ -510,7 +510,7 @@ lib/codeql/rust/elements/internal/generated/Expr.qll 5fa34f2ed21829a1509417440da
lib/codeql/rust/elements/internal/generated/ExprStmt.qll d1112230015fbeb216b43407a268dc2ccd0f9e0836ab2dca4800c51b38fa1d7d 4a80562dcc55efa5e72c6c3b1d6747ab44fe494e76faff2b8f6e9f10a4b08b5b
lib/codeql/rust/elements/internal/generated/ExternBlock.qll e7faac92297a53ac6e0420eec36255a54f360eeb962bf663a00da709407832dd 5ff32c54ec7097d43cc3311492090b9b90f411eead3bc849f258858f29405e81
lib/codeql/rust/elements/internal/generated/ExternCrate.qll f1a64a1c2f5b07b1186c6259374251d289e59e2d274e95a2ecff7c70e7cbe799 fd9b5b61d49121f54dd739f87efaea1a37c5f438c8e98290b1227223808e24c5
lib/codeql/rust/elements/internal/generated/ExternItem.qll d069798a4d11ec89750aea0c7137b0ccf1e7e15572871f0ea69ef26865a93a5e 92d4c613bdca802a2e9220e042d69cd5f4e8e151200a8b45b1dc333cc9d8a5c9
lib/codeql/rust/elements/internal/generated/ExternItem.qll 08c02dbc8a96df25725ccec69ef5e19089ae03faea2efb86be892077ea1bc8ab 8afe7b6a87445dde4ce2c790ad05c2ccf771996d10625e6fc100113f219e8e32
lib/codeql/rust/elements/internal/generated/ExternItemList.qll cb3ec330f70b760393af8ca60929ad5cca2f3863f7655d3f144719ab55184f33 e6829b21b275c7c59f27056501fee7a2d3462ed6a6682d9b37d3c0f0f11d16b8
lib/codeql/rust/elements/internal/generated/ExtractorStep.qll 61cd504a1aab98b1c977ee8cff661258351d11ca1fec77038c0a17d359f5810e 5e57b50f3e8e3114a55159fb11a524c6944363f5f8a380abccc8b220dedc70ca
lib/codeql/rust/elements/internal/generated/FieldExpr.qll d6077fcc563702bb8d626d2fda60df171023636f98b4a345345e131da1a03dfc 03f9eb65abfab778e6d2c7090c08fe75c38c967302f5a9fa96ab0c24e954929d
@@ -523,7 +523,7 @@ lib/codeql/rust/elements/internal/generated/FormatArgsArg.qll c762a4af8609472e28
lib/codeql/rust/elements/internal/generated/FormatArgsExpr.qll 8aed8715a27d3af3de56ded4610c6792a25216b1544eb7e57c8b0b37c14bd9c1 590a2b0063d2ecd00bbbd1ce29603c8fd69972e34e6daddf309c915ce4ec1375
lib/codeql/rust/elements/internal/generated/FormatArgument.qll cd05153276e63e689c95d5537fbc7d892615f62e110323759ef02e23a7587407 be2a4531b498f01625effa4c631d51ee8857698b00cfb829074120a0f2696d57
lib/codeql/rust/elements/internal/generated/FormatTemplateVariableAccess.qll a6175214fad445df9234b3ee9bf5147da75baf82473fb8d384b455e3add0dac1 a928db0ff126b2e54a18f5c488232abd1bd6c5eda24591d3c3bb80c6ee71c770
lib/codeql/rust/elements/internal/generated/Function.qll befc4220bef166531e52625b08642f129115ae918a70021d69874dc794e41be7 e6433f67000eb5f3e02b209d7ee8018fea30abed9e7c491fa1fbbd9d998e98ae
lib/codeql/rust/elements/internal/generated/Function.qll 695dbc61e1c4d67a75e438f30fffcaa4a251be629093428b6b7afba053342fb6 ddc34f1da6b4b2ac64d60028822c7cfc72da133dd08ad2490bd2dcae9d91e074
lib/codeql/rust/elements/internal/generated/GenericArg.qll 908dadf36a631bc9f4423ab473d1344ed882c7f3f85ac169d82e0099ff6337d4 c6ef5358db3a0318987962a51cbe6b77ae9c0e39c1312a059306e40e86db7eb8
lib/codeql/rust/elements/internal/generated/GenericArgList.qll b8cd936bba6f28344e28c98acf38acb8ef43af6ecf8367d79ed487e5b9da17cb 8b14331261e49d004807285b02fca190aafd62bfb9378b05c7d9c1e95525fe7b
lib/codeql/rust/elements/internal/generated/GenericParam.qll 85ac027a42b3300febc9f7ede1098d3ffae7bac571cba6391bc00f9061780324 806cb9d1b0e93442bef180e362c4abc055ab31867ff34bac734b89d32bd82aa1
@@ -550,7 +550,7 @@ lib/codeql/rust/elements/internal/generated/Locatable.qll c897dc1bdd4dfcb6ded83a
lib/codeql/rust/elements/internal/generated/LoopExpr.qll db6bc87e795c9852426ec661fa2c2c54106805897408b43a67f5b82fb4657afd 1492866ccf8213469be85bbdbcae0142f4e2a39df305d4c0d664229ecd1ebdb9
lib/codeql/rust/elements/internal/generated/LoopingExpr.qll 0792c38d84b8c68114da2bbdfef32ef803b696cb0fd06e10e101756d5c46976c 111fe961fad512722006323c3f2a075fddf59bd3eb5c7afc349835fcec8eb102
lib/codeql/rust/elements/internal/generated/MacroBlockExpr.qll 778376cdfa4caaa9df0b9c21bda5ff0f1037b730aa43efb9fb0a08998ef3999b 6df39efe7823ce590ef6f4bdfa60957ba067205a77d94ac089b2c6a7f6b7b561
lib/codeql/rust/elements/internal/generated/MacroCall.qll 74501c9687d6f216091d8cd3033613cd5f5c4aedbf75b594a2e2d1e438a74445 1de4d8bec211a7b1b12ff21505e17a4c381ccfa8f775049e2a6c8b3616efa993
lib/codeql/rust/elements/internal/generated/MacroCall.qll 1a7ee9c782ebc9ab0a807762aabebc9e0a7ef10c6eb945679737598630b20af2 782a437654cb316355c020e89d50b07c93ba7817715fa5d42a9e807cf12d1a43
lib/codeql/rust/elements/internal/generated/MacroDef.qll 90393408d9e10ff6167789367c30f9bfe1d3e8ac3b83871c6cb30a8ae37eef47 f022d1df45bc9546cb9fd7059f20e16a3acfaae2053bbd10075fe467c96e2379
lib/codeql/rust/elements/internal/generated/MacroExpr.qll 5a86ae36a28004ce5e7eb30addf763eef0f1c614466f4507a3935b0dab2c7ce3 11c15e8ebd36455ec9f6b7819134f6b22a15a3644678ca96b911ed0eb1181873
lib/codeql/rust/elements/internal/generated/MacroItems.qll bf10b946e9addb8dd7cef032ebc4480492ab3f9625edbabe69f41dcb81d448fe f6788fe1022e1d699056111d47e0f815eb1fa2826c3b6a6b43c0216d82d3904b
@@ -577,7 +577,7 @@ lib/codeql/rust/elements/internal/generated/ParamList.qll eaa0cd4402d3665013d47e
lib/codeql/rust/elements/internal/generated/ParenExpr.qll 812d2ff65079277f39f15c084657a955a960a7c1c0e96dd60472a58d56b945eb eb8c607f43e1fcbb41f37a10de203a1db806690e10ff4f04d48ed874189cb0eb
lib/codeql/rust/elements/internal/generated/ParenPat.qll 24f9dc7fce75827d6fddb856cd48f80168143151b27295c0bab6db5a06567a09 ebadbc6f5498e9ed754b39893ce0763840409a0721036a25b56e1ead7dcc09aa
lib/codeql/rust/elements/internal/generated/ParenTypeRepr.qll 03f5c5b96a37adeb845352d7fcea3e098da9050e534972d14ac0f70d60a2d776 ed3d6e5d02086523087adebce4e89e35461eb95f2a66d1d4100fe23fc691b126
lib/codeql/rust/elements/internal/generated/ParentChild.qll ff51da9dd3d1f739057f764f46244fb361c950bf7d1f61007e33d92581ec45e1 bebe239202e79d5a31e29f42f5e9d88139cf07e0fb2541fdd95b8e65154d2776
lib/codeql/rust/elements/internal/generated/ParentChild.qll 3657258593982c34cb5934cf51fe21a0749af3161890b43c20f2b327d89ecf77 83509d01d5735e297057327be7fbb837a4633604cf6641ba34bb4825798187da
lib/codeql/rust/elements/internal/generated/ParenthesizedArgList.qll d901fdc8142a5b8847cc98fc2afcfd16428b8ace4fbffb457e761b5fd3901a77 5dbb0aea5a13f937da666ccb042494af8f11e776ade1459d16b70a4dd193f9fb
lib/codeql/rust/elements/internal/generated/Pat.qll 3605ac062be2f294ee73336e9669027b8b655f4ad55660e1eab35266275154ee 7f9400db2884d336dd1d21df2a8093759c2a110be9bf6482ce8e80ae0fd74ed4
lib/codeql/rust/elements/internal/generated/Path.qll 9b12afb46fc5a9ad3a811b05472621bbecccb900c47504feb7f29d96b28421ca bcacbffc36fb3e0c9b26523b5963af0ffa9fd6b19f00a2a31bdb2316071546bd
@@ -592,7 +592,7 @@ lib/codeql/rust/elements/internal/generated/PtrTypeRepr.qll 8d0ea4f6c7f8203340bf
lib/codeql/rust/elements/internal/generated/PureSynthConstructors.qll e5b8e69519012bbaae29dcb82d53f7f7ecce368c0358ec27ef6180b228a0057f e5b8e69519012bbaae29dcb82d53f7f7ecce368c0358ec27ef6180b228a0057f
lib/codeql/rust/elements/internal/generated/RangeExpr.qll 23cca03bf43535f33b22a38894f70d669787be4e4f5b8fe5c8f7b964d30e9027 18624cef6c6b679eeace2a98737e472432e0ead354cca02192b4d45330f047c9
lib/codeql/rust/elements/internal/generated/RangePat.qll 80826a6a6868a803aa2372e31c52a03e1811a3f1f2abdb469f91ca0bfdd9ecb6 34ee1e208c1690cba505dff2c588837c0cd91e185e2a87d1fe673191962276a9
lib/codeql/rust/elements/internal/generated/Raw.qll 3a9cae2d26ce5ceda0e76fccdcd92450a7605a68e3206c8a40e04c7052feac5a 10857ddd4f6b2ddb53de01200640de30982e8b67d25161e7335c53309d7aa3c5
lib/codeql/rust/elements/internal/generated/Raw.qll f5b37458fb9c16829da761323deab22b440c3cb5bf915e07ee3eb2315251020e 0198c8d6ac310f107e4685f6dc0bd2eb58800af41ab4ac4c15c42d8d575f4b0a
lib/codeql/rust/elements/internal/generated/RefExpr.qll 7d995884e3dc1c25fc719f5d7253179344d63650e217e9ff6530285fe7a57f64 f2c3c12551deea4964b66553fb9b6423ee16fec53bd63db4796191aa60dc6c66
lib/codeql/rust/elements/internal/generated/RefPat.qll 456ede39837463ee22a630ec7ab6c8630d3664a8ea206fcc6e4f199e92fa564c 5622062765f32930465ba6b170e986706f159f6070f48adee3c20e24e8df4e05
lib/codeql/rust/elements/internal/generated/RefTypeRepr.qll 5b0663a6d234572fb3e467e276d019415caa95ef006438cc59b7af4e1783161e 0e27c8a8f0e323c0e4d6db01fca821bf07c0864d293cdf96fa891b10820c1e4b
@@ -606,7 +606,7 @@ lib/codeql/rust/elements/internal/generated/SelfParam.qll 076c583f7f34e29aaaf331
lib/codeql/rust/elements/internal/generated/SlicePat.qll 722b1bd47a980ac9c91d018133b251c65ee817682e06708ad130031fbd01379b 7e0ce13b9de2040d2ef9d0948aab3f39e5fdc28d38c40bfbee590e2125dbe41c
lib/codeql/rust/elements/internal/generated/SliceTypeRepr.qll 6f4f9d7e29784ce95dc6f9fcdf044909d55c7282c732a81b0108dc4000e96b48 a188436cd6d4d071fd45b943d9778e46ee9a465940bdd1a2903269b4b7a01e21
lib/codeql/rust/elements/internal/generated/SourceFile.qll 4bc95c88b49868d1da1a887b35e43ae81e51a69407e79463f5e8824801859380 5641581d70241c0d0d0426976968576ebbef10c183f0371583b243e4e5bbf576
lib/codeql/rust/elements/internal/generated/Static.qll 34a4cdb9f4a93414499a30aeeaad1b3388f2341c982af5688815c3b0a0e9c57b 3c8354336eff68d580b804600df9abf49ee5ee10ec076722089087820cefe731
lib/codeql/rust/elements/internal/generated/Static.qll 1a6c87d3c5602e3d02268ebe2463a4ac64614ad25e8966a9bdb9c0ef58991365 cc1fe16d70cdce41a12e41a8f80cc38bdd7efa49c1544e35342fcf3cd26b8219
lib/codeql/rust/elements/internal/generated/Stmt.qll 8473ff532dd5cc9d7decaddcd174b94d610f6ca0aec8e473cc051dad9f3db917 6ef7d2b5237c2dbdcacbf7d8b39109d4dc100229f2b28b5c9e3e4fbf673ba72b
lib/codeql/rust/elements/internal/generated/StmtList.qll 816aebf8f56e179f5f0ba03e80d257ee85459ea757392356a0af6dbd0cd9ef5e 6aa51cdcdc8d93427555fa93f0e84afdfbbd4ffc8b8d378ae4a22b5b6f94f48b
lib/codeql/rust/elements/internal/generated/Struct.qll 999da1b46e40d6e03fd2338fea02429462877c329c5d1338618cbd886a81567e daa7ff7bd32c554462e0a1502d8319cb5e734e056d0564e06596e416e2b88e9d
@@ -618,7 +618,7 @@ lib/codeql/rust/elements/internal/generated/StructFieldList.qll 5da528a51a6a5db9
lib/codeql/rust/elements/internal/generated/StructPat.qll c76fa005c2fd0448a8803233e1e8818c4123301eb66ac5cf69d0b9eaafc61e98 6e0dffccdce24bca20e87d5ba0f0995c9a1ae8983283e71e7dbfcf6fffc67a58
lib/codeql/rust/elements/internal/generated/StructPatField.qll 5b5c7302dbc4a902ca8e69ff31875c867e295a16a626ba3cef29cd0aa248f179 4e192a0df79947f5cb0d47fdbbba7986137a6a40a1be92ae119873e2fad67edf
lib/codeql/rust/elements/internal/generated/StructPatFieldList.qll 1a95a1bd9f64fb18e9571657cf2d02a8b13c747048a1f0f74baf31b91f0392ad fc274e414ff4ed54386046505920de92755ad0b4d39a7523cdffa4830bd53b37
lib/codeql/rust/elements/internal/generated/Synth.qll ebacd7cf6d7fb784cc77b75032608a622627e6f5e635aa70707df167ce3dc510 0e8ed9d5185afde22d263f3745e5029f23a1041690a80d0df916470823abdf43
lib/codeql/rust/elements/internal/generated/Synth.qll 4390996606c436cb34201d7dba9821a0d775d1707e54fbbe24cbf788d1d1d948 8e8077a387c69f7f5e3bdb2754654625c233283eb39eab33a72bde536f139a16
lib/codeql/rust/elements/internal/generated/SynthConstructors.qll bcc7f617b775ac0c7f04b1cc333ed7cc0bd91f1fabc8baa03c824d1df03f6076 bcc7f617b775ac0c7f04b1cc333ed7cc0bd91f1fabc8baa03c824d1df03f6076
lib/codeql/rust/elements/internal/generated/Token.qll 77a91a25ca5669703cf3a4353b591cef4d72caa6b0b9db07bb9e005d69c848d1 2fdffc4882ed3a6ca9ac6d1fb5f1ac5a471ca703e2ffdc642885fa558d6e373b
lib/codeql/rust/elements/internal/generated/TokenTree.qll 1a3c4f5f30659738641abdd28cb793dab3cfde484196b59656fc0a2767e53511 de2ebb210c7759ef7a6f7ee9f805e1cac879221287281775fc80ba34a5492edf
@@ -631,7 +631,7 @@ lib/codeql/rust/elements/internal/generated/TupleFieldList.qll fb76d1a3953263618
lib/codeql/rust/elements/internal/generated/TuplePat.qll 4e13b509e1c9dd1581a9dc50d38e0a6e36abc1254ea9c732b5b3e6503335afeb 298028df9eb84e106e625ed09d6b20038ad47bfc2faf634a0ffea50b17b5805d
lib/codeql/rust/elements/internal/generated/TupleStructPat.qll 6539d0edbdc16e7df849514d51980d4cd1a2c9cbb58ca9e5273851f96df4eb36 45a13bae5220d5737cbd04713a17af5b33d8bb4cfdf17ddd64b298ab0c1eea24
lib/codeql/rust/elements/internal/generated/TupleTypeRepr.qll 1756cdbad56d634bf4726bc39c768386754e62650492d7d6344012038236a05b 3ac0997a47f95f28cc70c782173ce345fcb5b073be10f3c0b414d1df8443e04c
lib/codeql/rust/elements/internal/generated/TypeAlias.qll 76f2ed5427077a5a4723285410740aeba01886ff1499d603cfeb735fc58ec580 b713c0ee40c959dff01b0f936552e6253634bb5ae152315f0949ecc88cb0dcce
lib/codeql/rust/elements/internal/generated/TypeAlias.qll 0d0c97d9e9213b8f0390b3456737d4611701a570b9943bb20b348c4efc8e4693 a83c701c0d8914e01517dfa9253a12be962f0a7ed2f75fbaae25a13432db403f
lib/codeql/rust/elements/internal/generated/TypeArg.qll 80245e4b52bef30e5033d4c765c72531324385deea1435dc623290271ff05b1d 097926e918dcd897ea1609010c5490dbf45d4d8f4cffb9166bcadf316a2f1558
lib/codeql/rust/elements/internal/generated/TypeBound.qll fa5cf5370c3f69e687b5fc888d2ca29d0a45bd0824d1159a202eafae29e70601 e3bc6a1e5c0af374c60e83396c5b0ceda499fabd300c25017ae7d4d5b234b264
lib/codeql/rust/elements/internal/generated/TypeBoundList.qll c5d43dc27075a0d5370ba4bc56b4e247357af5d2989625deff284e7846a3a48b c33c87d080e6eb6df01e98b8b0031d780472fcaf3a1ed156a038669c0e05bf0a

4
rust/ql/lib/change-notes/2025-06-25-item-reorg.md.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* `AssocItem` and `ExternItem` are now proper subclasses of `Item`.

2
rust/ql/lib/codeql/rust/elements/AssocItem.qll generated
View File

@@ -4,7 +4,7 @@
*/
private import internal.AssocItemImpl
import codeql.rust.elements.AstNode
import codeql.rust.elements.Item
/**
* An associated item in a `Trait` or `Impl`.

1
rust/ql/lib/codeql/rust/elements/Const.qll generated
View File

@@ -8,7 +8,6 @@ import codeql.rust.elements.AssocItem
import codeql.rust.elements.Attr
import codeql.rust.elements.Expr
import codeql.rust.elements.GenericParamList
import codeql.rust.elements.Item
import codeql.rust.elements.Name
import codeql.rust.elements.TypeRepr
import codeql.rust.elements.Visibility

2
rust/ql/lib/codeql/rust/elements/ExternItem.qll generated
View File

@@ -4,7 +4,7 @@
*/
private import internal.ExternItemImpl
import codeql.rust.elements.AstNode
import codeql.rust.elements.Item
/**
* An item inside an extern block.

1
rust/ql/lib/codeql/rust/elements/Function.qll generated
View File

@@ -10,7 +10,6 @@ import codeql.rust.elements.BlockExpr
import codeql.rust.elements.Callable
import codeql.rust.elements.ExternItem
import codeql.rust.elements.GenericParamList
import codeql.rust.elements.Item
import codeql.rust.elements.Name
import codeql.rust.elements.RetTypeRepr
import codeql.rust.elements.Visibility

1
rust/ql/lib/codeql/rust/elements/MacroCall.qll generated
View File

@@ -8,7 +8,6 @@ import codeql.rust.elements.AssocItem
import codeql.rust.elements.AstNode
import codeql.rust.elements.Attr
import codeql.rust.elements.ExternItem
import codeql.rust.elements.Item
import codeql.rust.elements.Path
import codeql.rust.elements.TokenTree

1
rust/ql/lib/codeql/rust/elements/Static.qll generated
View File

@@ -7,7 +7,6 @@ private import internal.StaticImpl
import codeql.rust.elements.Attr
import codeql.rust.elements.Expr
import codeql.rust.elements.ExternItem
import codeql.rust.elements.Item
import codeql.rust.elements.Name
import codeql.rust.elements.TypeRepr
import codeql.rust.elements.Visibility

1
rust/ql/lib/codeql/rust/elements/TypeAlias.qll generated
View File

@@ -8,7 +8,6 @@ import codeql.rust.elements.AssocItem
import codeql.rust.elements.Attr
import codeql.rust.elements.ExternItem
import codeql.rust.elements.GenericParamList
import codeql.rust.elements.Item
import codeql.rust.elements.Name
import codeql.rust.elements.TypeBoundList
import codeql.rust.elements.TypeRepr

4
rust/ql/lib/codeql/rust/elements/internal/generated/AssocItem.qll generated
View File

@@ -6,7 +6,7 @@
private import codeql.rust.elements.internal.generated.Synth
private import codeql.rust.elements.internal.generated.Raw
import codeql.rust.elements.internal.AstNodeImpl::Impl as AstNodeImpl
import codeql.rust.elements.internal.ItemImpl::Impl as ItemImpl
/**
* INTERNAL: This module contains the fully generated definition of `AssocItem` and should not
@@ -24,5 +24,5 @@ module Generated {
* INTERNAL: Do not reference the `Generated::AssocItem` class directly.
* Use the subclass `AssocItem`, where the following predicates are available.
*/
class AssocItem extends Synth::TAssocItem, AstNodeImpl::AstNode { }
class AssocItem extends Synth::TAssocItem, ItemImpl::Item { }
}

3
rust/ql/lib/codeql/rust/elements/internal/generated/Const.qll generated
View File

@@ -10,7 +10,6 @@ import codeql.rust.elements.internal.AssocItemImpl::Impl as AssocItemImpl
import codeql.rust.elements.Attr
import codeql.rust.elements.Expr
import codeql.rust.elements.GenericParamList
import codeql.rust.elements.internal.ItemImpl::Impl as ItemImpl
import codeql.rust.elements.Name
import codeql.rust.elements.TypeRepr
import codeql.rust.elements.Visibility
@@ -31,7 +30,7 @@ module Generated {
* INTERNAL: Do not reference the `Generated::Const` class directly.
* Use the subclass `Const`, where the following predicates are available.
*/
class Const extends Synth::TConst, AssocItemImpl::AssocItem, ItemImpl::Item {
class Const extends Synth::TConst, AssocItemImpl::AssocItem {
override string getAPrimaryQlClass() { result = "Const" }
/**

4
rust/ql/lib/codeql/rust/elements/internal/generated/ExternItem.qll generated
View File

@@ -6,7 +6,7 @@
private import codeql.rust.elements.internal.generated.Synth
private import codeql.rust.elements.internal.generated.Raw
import codeql.rust.elements.internal.AstNodeImpl::Impl as AstNodeImpl
import codeql.rust.elements.internal.ItemImpl::Impl as ItemImpl
/**
* INTERNAL: This module contains the fully generated definition of `ExternItem` and should not
@@ -26,5 +26,5 @@ module Generated {
* INTERNAL: Do not reference the `Generated::ExternItem` class directly.
* Use the subclass `ExternItem`, where the following predicates are available.
*/
class ExternItem extends Synth::TExternItem, AstNodeImpl::AstNode { }
class ExternItem extends Synth::TExternItem, ItemImpl::Item { }
}

3
rust/ql/lib/codeql/rust/elements/internal/generated/Function.qll generated
View File

@@ -12,7 +12,6 @@ import codeql.rust.elements.BlockExpr
import codeql.rust.elements.internal.CallableImpl::Impl as CallableImpl
import codeql.rust.elements.internal.ExternItemImpl::Impl as ExternItemImpl
import codeql.rust.elements.GenericParamList
import codeql.rust.elements.internal.ItemImpl::Impl as ItemImpl
import codeql.rust.elements.Name
import codeql.rust.elements.RetTypeRepr
import codeql.rust.elements.Visibility
@@ -38,7 +37,7 @@ module Generated {
* Use the subclass `Function`, where the following predicates are available.
*/
class Function extends Synth::TFunction, AssocItemImpl::AssocItem, ExternItemImpl::ExternItem,
ItemImpl::Item, CallableImpl::Callable
CallableImpl::Callable
{
override string getAPrimaryQlClass() { result = "Function" }

Some files were not shown because too many files have changed in this diff Show More