hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-18 21:44:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into basicquery

Browse Source
This commit is contained in:
Geoffrey White
2025-09-30 14:19:00 +01:00
parent dba4b5e5a9 a286631018
commit 771d9345b5
264 changed files with 6018 additions and 1312 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@@ -76,3 +76,6 @@ node_modules/
# some upgrade/downgrade checks create these files
**/upgrades/*/*.dbscheme.stats
**/downgrades/*/*.dbscheme.stats
# Mergetool files
*.orig

4
actions/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 0.4.18
No user-facing changes.
## 0.4.17
No user-facing changes.

3
actions/ql/lib/change-notes/released/0.4.18.md Normal file
View File

@@ -0,0 +1,3 @@
## 0.4.18
No user-facing changes.

2
actions/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.4.17
lastReleaseVersion: 0.4.18

2
actions/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/actions-all
version: 0.4.18-dev
version: 0.4.19-dev
library: true
warnOnImplicitThis: true
dependencies:

4
actions/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 0.6.10
No user-facing changes.
## 0.6.9
### Minor Analysis Improvements

3
actions/ql/src/change-notes/released/0.6.10.md Normal file
View File

@@ -0,0 +1,3 @@
## 0.6.10
No user-facing changes.

2
actions/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.6.9
lastReleaseVersion: 0.6.10

2
actions/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/actions-queries
version: 0.6.10-dev
version: 0.6.11-dev
library: false
warnOnImplicitThis: true
groups: [actions, queries]

4
cpp/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 5.6.1
No user-facing changes.
## 5.6.0
### Deprecated APIs

3
cpp/ql/lib/change-notes/released/5.6.1.md Normal file
View File

@@ -0,0 +1,3 @@
## 5.6.1
No user-facing changes.

2
cpp/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 5.6.0
lastReleaseVersion: 5.6.1

2
cpp/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/cpp-all
version: 5.6.1-dev
version: 5.6.2-dev
groups: cpp
dbscheme: semmlecode.cpp.dbscheme
extractor: cpp

4
cpp/ql/lib/semmle/code/cpp/dataflow/internal/FlowSummaryImpl.qll
View File

@@ -104,7 +104,9 @@ private module StepsInput implements Impl::Private::StepsInputSig {
result.getStaticCallTarget().getUnderlyingCallable() = sc
}
Node getSourceNode(Input::SourceBase source, Impl::Private::SummaryComponent sc) { none() }
DataFlowCallable getSourceNodeEnclosingCallable(Input::SourceBase source) { none() }
Node getSourceNode(Input::SourceBase source, Impl::Private::SummaryComponentStack s) { none() }
Node getSinkNode(Input::SinkBase sink, Impl::Private::SummaryComponent sc) { none() }
}

4
cpp/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 1.5.1
No user-facing changes.
## 1.5.0
### Major Analysis Improvements

3
cpp/ql/src/change-notes/released/1.5.1.md Normal file
View File

@@ -0,0 +1,3 @@
## 1.5.1
No user-facing changes.

2
cpp/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.5.0
lastReleaseVersion: 1.5.1

2
cpp/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/cpp-queries
version: 1.5.1-dev
version: 1.5.2-dev
groups:
- cpp
- queries

1
cpp/ql/test/library-tests/permissive/accesses.expected
View File

@@ -1 +0,0 @@
| permissive.cpp:6:5:6:7 | str |

1
cpp/ql/test/library-tests/permissive/calls.expected
View File

@@ -1 +0,0 @@
| permissive.cpp:6:3:6:3 | call to f | permissive.cpp:2:13:2:13 | f |

8
cpp/ql/test/library-tests/permissive/permissive.cpp
View File

@@ -1,8 +0,0 @@
// semmle-extractor-options: --edg --permissive
static void f(char* foo) {}
static void g(void) {
const char* str = "foo";
f(str);
}

4
csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 1.7.49
No user-facing changes.
## 1.7.48
No user-facing changes.

3
csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.49.md Normal file
View File

@@ -0,0 +1,3 @@
## 1.7.49
No user-facing changes.

2
csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.7.48
lastReleaseVersion: 1.7.49

2
csharp/ql/campaigns/Solorigate/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/csharp-solorigate-all
version: 1.7.49-dev
version: 1.7.50-dev
groups:
- csharp
- solorigate

4
csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 1.7.49
No user-facing changes.
## 1.7.48
No user-facing changes.

3
csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.49.md Normal file
View File

@@ -0,0 +1,3 @@
## 1.7.49
No user-facing changes.

2
csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.7.48
lastReleaseVersion: 1.7.49

2
csharp/ql/campaigns/Solorigate/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/csharp-solorigate-queries
version: 1.7.49-dev
version: 1.7.50-dev
groups:
- csharp
- solorigate

4
csharp/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 5.2.5
No user-facing changes.
## 5.2.4
No user-facing changes.

3
csharp/ql/lib/change-notes/released/5.2.5.md Normal file
View File

@@ -0,0 +1,3 @@
## 5.2.5
No user-facing changes.

2
csharp/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 5.2.4
lastReleaseVersion: 5.2.5

2
csharp/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/csharp-all
version: 5.2.5-dev
version: 5.2.6-dev
groups: csharp
dbscheme: semmlecode.csharp.dbscheme
extractor: csharp

6
csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll
View File

@@ -183,7 +183,7 @@ private module TypesInput implements Impl::Private::TypesInputSig {
)
}
DataFlowType getSourceType(Input::SourceBase source, Impl::Private::SummaryComponent sc) {
DataFlowType getSourceType(Input::SourceBase source, Impl::Private::SummaryComponentStack s) {
none()
}
@@ -195,7 +195,9 @@ private module StepsInput implements Impl::Private::StepsInputSig {
sc = viableCallable(result).asSummarizedCallable()
}
Node getSourceNode(Input::SourceBase source, Impl::Private::SummaryComponent sc) { none() }
DataFlowCallable getSourceNodeEnclosingCallable(Input::SourceBase source) { none() }
Node getSourceNode(Input::SourceBase source, Impl::Private::SummaryComponentStack s) { none() }
Node getSinkNode(Input::SinkBase sink, Impl::Private::SummaryComponent sc) { none() }
}

7
csharp/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,10 @@
## 1.4.1
### Minor Analysis Improvements
* The modeling of null guards based on complex pattern expressions has been improved, which in turn improves the query `cs/dereferenced-value-may-be-null` by removing false positives.
* The query `cs/xmldoc/missing-summary` has been removed from the `code-quality` suite, to align with other languages.
## 1.4.0
### Deprecated Queries

4
csharp/ql/src/change-notes/2025-09-16-code-quality-doc-query.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Remove the query `cs/xmldoc/missing-summary` from the `code-quality` suite (align with other languages).

8
csharp/ql/src/change-notes/2025-09-17-nullguard-pattern.md → csharp/ql/src/change-notes/released/1.4.1.md
View File

@@ -1,4 +1,6 @@
---
category: minorAnalysis
---
## 1.4.1
### Minor Analysis Improvements
* The modeling of null guards based on complex pattern expressions has been improved, which in turn improves the query `cs/dereferenced-value-may-be-null` by removing false positives.
* The query `cs/xmldoc/missing-summary` has been removed from the `code-quality` suite, to align with other languages.

2
csharp/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.4.0
lastReleaseVersion: 1.4.1

2
csharp/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/csharp-queries
version: 1.4.1-dev
version: 1.4.2-dev
groups:
- csharp
- queries

176
docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.23.1.rst Normal file
View File

@@ -0,0 +1,176 @@
.. _codeql-cli-2.23.1:
==========================
CodeQL 2.23.1 (2025-09-23)
==========================
.. contents:: Contents
:depth: 2
:local:
:backlinks: none
This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog <https://github.blog/tag/code-scanning/>`__, `relevant GitHub Changelog updates <https://github.blog/changelog/label/code-scanning/>`__, `changes in the CodeQL extension for Visual Studio Code <https://marketplace.visualstudio.com/items/GitHub.vscode-codeql/changelog>`__, and the `CodeQL Action changelog <https://github.com/github/codeql-action/blob/main/CHANGELOG.md>`__.
Security Coverage
-----------------
CodeQL 2.23.1 runs a total of 478 security queries when configured with the Default suite (covering 166 CWE). The Extended suite enables an additional 135 queries (covering 35 more CWE). 3 security queries have been added with this release.
CodeQL CLI
----------
New Features
~~~~~~~~~~~~
* CodeQL now adds the sources and sinks of path alerts to the :code:`relatedLocations` property of SARIF results if they are not included as the primary location or within the alert message. This means that path alerts will show on PRs if a source or sink is added or modified, even for queries that don't follow the common convention of selecting the sink as the primary location and mentioning the source in the alert message.
* CodeQL now populates file coverage information for GitHub Actions on
\ `the tool status page for code scanning <https://docs.github.com/en/code-security/code-scanning/managing-your-code-scanning-configuration/about-the-tool-status-page#viewing-the-tool-status-page-for-a-repository>`__.
Query Packs
-----------
Bug Fixes
~~~~~~~~~
C/C++
"""""
* The predicate :code:`occurenceCount` in the file module :code:`MagicConstants` has been deprecated. Use :code:`occurrenceCount` instead.
* The predicate :code:`additionalAdditionOrSubstractionCheckForLeapYear` in the file module :code:`LeapYear` has been deprecated. Use :code:`additionalAdditionOrSubtractionCheckForLeapYear` instead.
C#
""
* The message for :code:`csharp/diagnostic/database-quality` has been updated to include detailed database health metrics. Additionally, the threshold for reporting database health issues has been lowered from 95% to 85% (if any metric falls below this percentage). These changes are visible on the tool status page.
Java/Kotlin
"""""""""""
* The message for :code:`java/diagnostic/database-quality` has been updated to include detailed database health metrics. Additionally, the threshold for reporting database health issues has been lowered from 95% to 85% (if any metric falls below this percentage). These changes are visible on the tool status page.
Rust
""""
* The message for :code:`rust/diagnostic/database-quality` has been updated to include detailed database health metrics. These changes are visible on the tool status page.
Major Analysis Improvements
~~~~~~~~~~~~~~~~~~~~~~~~~~~
C/C++
"""""
* The queries :code:`cpp/wrong-type-format-argument`, :code:`cpp/comparison-with-wider-type`, :code:`cpp/integer-multiplication-cast-to-long`, :code:`cpp/implicit-function-declaration` and :code:`cpp/suspicious-add-sizeof` have had their precisions reduced from :code:`high` to :code:`medium`. They will also now give alerts for projects built with :code:`build-mode: none`.
* The queries :code:`cpp/wrong-type-format-argument`, :code:`cpp/comparison-with-wider-type`, :code:`cpp/integer-multiplication-cast-to-long` and :code:`cpp/suspicious-add-sizeof` are no longer included in the :code:`code-scanning` suite.
Java/Kotlin
"""""""""""
* The implementation of :code:`java/dereferenced-value-may-be-null` has been completely replaced with a new general control-flow reachability library. This improves precision by reducing false positives. However, since the entire calculation has been reworked, there can be small corner cases where precision regressions might occur and new false positives may occur, but these cases should be rare.
JavaScript/TypeScript
"""""""""""""""""""""
* Added support for TypeScript 5.9
* Added support for :code:`import defer` syntax in JavaScript and TypeScript.
Minor Analysis Improvements
~~~~~~~~~~~~~~~~~~~~~~~~~~~
C#
""
* The query :code:`cs/call-to-object-tostring` has been improved to remove false positives for enum types.
JavaScript/TypeScript
"""""""""""""""""""""
* Data flow is now tracked through the :code:`Promise.try` and :code:`Array.prototype.with` functions.
* Query :code:`js/index-out-of-bounds` no longer produces a false-positive when a strictly-less-than check overrides a previous less-than-or-equal test.
* The query :code:`js/remote-property-injection` now detects property injection vulnerabilities through object enumeration patterns such as :code:`Object.keys()`.
* The query "Permissive CORS configuration" (:code:`js/cors-permissive-configuration`) has been promoted from experimental and is now part of the default security suite. Thank you to @maikypedia who `submitted the original experimental query <https://github.com/github/codeql/pull/14342>`__!
Python
""""""
* The queries :code:`py/missing-call-to-init`, :code:`py/missing-calls-to-del`, :code:`py/multiple-calls-to-init`, and :code:`py/multiple-calls-to-del` queries have been modernized; no longer relying on outdated libraries, producing more precise results with more descriptive alert messages, and improved documentation.
GitHub Actions
""""""""""""""
* Actions analysis now reports file coverage information on the CodeQL status page.
Deprecated Queries
~~~~~~~~~~~~~~~~~~
C#
""
* The query :code:`cs/captured-foreach-variable` has been deprecated as the semantics of capturing a 'foreach' variable and using it outside the loop has been stable since C# version 5.
New Queries
~~~~~~~~~~~
Rust
""""
* Added a new query, :code:`rust/request-forgery`, for detecting server-side request forgery vulnerabilities.
Language Libraries
------------------
Minor Analysis Improvements
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Golang
""""""
* The second argument of the :code:`CreateTemp` function, from the :code:`os` package, is no longer a path-injection sink due to proper sanitization by Go.
* The query "Uncontrolled data used in path expression" (:code:`go/path-injection`) now detects sanitizing a path by adding :code:`os.PathSeparator` or ``\`` to the beginning.
Java/Kotlin
"""""""""""
* Improved support for various assertion libraries, in particular JUnit. This affects the control-flow graph slightly, and in turn affects several queries (mainly quality queries). Most queries should see improved precision (new true positives and fewer false positives), in particular :code:`java/constant-comparison`, :code:`java/index-out-of-bounds`, :code:`java/dereferenced-value-may-be-null`, and :code:`java/useless-null-check`. Some medium precision queries like :code:`java/toctou-race-condition` and :code:`java/unreleased-lock` may see mixed result changes (both slight improvements and slight regressions).
* Added taint flow model for :code:`java.crypto.KDF`.
* Added taint flow model for :code:`java.lang.ScopedValue`.
JavaScript/TypeScript
"""""""""""""""""""""
* Added modeling for promisification libraries :code:`@gar/promisify`, :code:`es6-promisify`, :code:`util.promisify`, :code:`thenify-all`, :code:`call-me-maybe`, :code:`@google-cloud/promisify`, and :code:`util-promisify`.
* Data flow is now tracked through promisified user-defined functions.
Swift
"""""
* Updated to allow analysis of Swift 6.1.3.
Rust
""""
* Added cryptography related models for the :code:`cookie` and :code:`biscotti` crates.
Deprecated APIs
~~~~~~~~~~~~~~~
C/C++
"""""
* The predicate :code:`getAContructorCall` in the class :code:`SslContextClass` has been deprecated. Use :code:`getAConstructorCall` instead.
New Features
~~~~~~~~~~~~
C/C++
"""""
* Added predicates :code:`getTransitiveNumberOfVlaDimensionStmts`, :code:`getTransitiveVlaDimensionStmt`, and :code:`getParentVlaDecl` to :code:`VlaDeclStmt` for handling :code:`VlaDeclStmt`\ s whose base type is defined in terms of another :code:`VlaDeclStmt` via a :code:`typedef`.
Java/Kotlin
"""""""""""
* The Java extractor and QL libraries now support Java 25.
* Added support for Java 25 compact source files (JEP 512). The new predicate :code:`Class.isImplicit()` identifies classes that are implicitly declared when using compact source files, and the new predicate :code:`CompilationUnit.isCompactSourceFile()` identifies compilation units that contain compact source files.
* Added support for Java 25 module import declarations.
* Add :code:`ModuleImportDeclaration` class.

1
docs/codeql/codeql-overview/codeql-changelog/index.rst
View File

@@ -11,6 +11,7 @@ A list of queries for each suite and language `is available here <https://docs.g
.. toctree::
:maxdepth: 1
codeql-cli-2.23.1
codeql-cli-2.23.0
codeql-cli-2.22.4
codeql-cli-2.22.3

68
go/extractor/util/registryproxy.go
View File

@@ -4,6 +4,7 @@ import (
"encoding/json"
"fmt"
"log/slog"
"net/url"
"os"
"os/exec"
"strings"
@@ -14,6 +15,7 @@ const PROXY_PORT = "CODEQL_PROXY_PORT"
const PROXY_CA_CERTIFICATE = "CODEQL_PROXY_CA_CERTIFICATE"
const PROXY_URLS = "CODEQL_PROXY_URLS"
const GOPROXY_SERVER = "goproxy_server"
const GIT_SOURCE = "git_source"
type RegistryConfig struct {
Type string `json:"type"`
@@ -26,9 +28,11 @@ var proxy_address string
// The path to the temporary file that stores the proxy certificate, if any.
var proxy_cert_file string
// An array of registry configurations that are relevant to Go.
// This excludes other registry configurations that may be available, but are not relevant to Go.
var proxy_configs []RegistryConfig
// An array of goproxy server URLs.
var goproxy_servers []string
// An array of Git URLs.
var git_sources []string
// Stores the environment variables that we wish to pass on to `go` commands.
var proxy_vars []string = nil
@@ -53,7 +57,13 @@ func getEnvVars() []string {
if proxy_host, proxy_host_set := os.LookupEnv(PROXY_HOST); proxy_host_set && proxy_host != "" {
if proxy_port, proxy_port_set := os.LookupEnv(PROXY_PORT); proxy_port_set && proxy_port != "" {
proxy_address = fmt.Sprintf("http://%s:%s", proxy_host, proxy_port)
result = append(result, fmt.Sprintf("HTTP_PROXY=%s", proxy_address), fmt.Sprintf("HTTPS_PROXY=%s", proxy_address))
result = append(
result,
fmt.Sprintf("HTTP_PROXY=%s", proxy_address),
fmt.Sprintf("HTTPS_PROXY=%s", proxy_address),
fmt.Sprintf("http_proxy=%s", proxy_address),
fmt.Sprintf("https_proxy=%s", proxy_address),
)
slog.Info("Found private registry proxy", slog.String("proxy_address", proxy_address))
}
@@ -91,20 +101,49 @@ func getEnvVars() []string {
// filter others out at this point.
for _, cfg := range val {
if cfg.Type == GOPROXY_SERVER {
proxy_configs = append(proxy_configs, cfg)
goproxy_servers = append(goproxy_servers, cfg.URL)
slog.Info("Found GOPROXY server", slog.String("url", cfg.URL))
} else if cfg.Type == GIT_SOURCE {
parsed, err := url.Parse(cfg.URL)
if err == nil && parsed.Hostname() != "" {
git_source := parsed.Hostname() + parsed.Path + "*"
git_sources = append(git_sources, git_source)
slog.Info("Found Git source", slog.String("source", git_source))
} else {
slog.Warn("Not a valid URL for Git source", slog.String("url", cfg.URL))
}
}
}
if len(proxy_configs) > 0 {
goprivate := []string{}
if len(goproxy_servers) > 0 {
goproxy_val := "https://proxy.golang.org,direct"
for _, cfg := range proxy_configs {
goproxy_val = cfg.URL + "," + goproxy_val
for _, url := range goproxy_servers {
goproxy_val = url + "," + goproxy_val
}
result = append(result, fmt.Sprintf("GOPROXY=%s", goproxy_val), "GOPRIVATE=", "GONOPROXY=")
result = append(result, fmt.Sprintf("GOPROXY=%s", goproxy_val), "GONOPROXY=")
}
if len(git_sources) > 0 {
goprivate = append(goprivate, git_sources...)
if proxy_cert_file != "" {
slog.Info("Configuring `git` to use proxy certificate", slog.String("path", proxy_cert_file))
cmd := exec.Command("git", "config", "--global", "http.sslCAInfo", proxy_cert_file)
out, cmdErr := cmd.CombinedOutput()
slog.Info(string(out))
if cmdErr != nil {
slog.Error("Failed to configure `git` to accept the certificate file", slog.String("error", cmdErr.Error()))
}
}
}
result = append(result, fmt.Sprintf("GOPRIVATE=%s", strings.Join(goprivate, ",")))
}
}
@@ -113,11 +152,6 @@ func getEnvVars() []string {
// Applies private package proxy related environment variables to `cmd`.
func ApplyProxyEnvVars(cmd *exec.Cmd) {
slog.Debug(
"Applying private registry proxy environment variables",
slog.String("cmd_args", strings.Join(cmd.Args, " ")),
)
// If we haven't done so yet, check whether the proxy environment variables are set
// and extract information from them.
if !proxy_vars_checked {
@@ -131,4 +165,10 @@ func ApplyProxyEnvVars(cmd *exec.Cmd) {
if proxy_vars != nil {
cmd.Env = append(os.Environ(), proxy_vars...)
}
slog.Debug(
"Applying private registry proxy environment variables",
slog.String("cmd_args", strings.Join(cmd.Args, " ")),
slog.String("proxy_vars", strings.Join(proxy_vars, ",")),
)
}

28
go/extractor/util/registryproxy_test.go
View File

@@ -47,3 +47,31 @@ func TestParseRegistryConfigs(t *testing.T) {
t.Fatalf("Expected `URL` to be `https://proxy.example.com/mod`, but got `%s`", first.URL)
}
}
func TestParseRegistryConfigsMultiple(t *testing.T) {
multiple := parseRegistryConfigsSuccess(t, "[{ \"type\": \"git_source\", \"url\": \"https://github.com/github\" }, { \"type\": \"goproxy_server\", \"url\": \"https://proxy.example.com/mod\" }]")
if len(multiple) != 2 {
t.Fatalf("Expected `parseRegistryConfigs` to return two configurations, but got %d.", len(multiple))
}
first := multiple[0]
if first.Type != "git_source" {
t.Fatalf("Expected `Type` to be `git_source`, but got `%s`", first.Type)
}
if first.URL != "https://github.com/github" {
t.Fatalf("Expected `URL` to be `https://github.com/github`, but got `%s`", first.URL)
}
second := multiple[1]
if second.Type != "goproxy_server" {
t.Fatalf("Expected `Type` to be `goproxy_server`, but got `%s`", second.Type)
}
if second.URL != "https://proxy.example.com/mod" {
t.Fatalf("Expected `URL` to be `https://proxy.example.com/mod`, but got `%s`", second.URL)
}
}

4
go/ql/consistency-queries/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 1.0.32
No user-facing changes.
## 1.0.31
No user-facing changes.

3
go/ql/consistency-queries/change-notes/released/1.0.32.md Normal file
View File

@@ -0,0 +1,3 @@
## 1.0.32
No user-facing changes.

2
go/ql/consistency-queries/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.0.31
lastReleaseVersion: 1.0.32

2
go/ql/consistency-queries/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql-go-consistency-queries
version: 1.0.32-dev
version: 1.0.33-dev
groups:
- go
- queries

4
go/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 4.3.5
No user-facing changes.
## 4.3.4
### Minor Analysis Improvements

3
go/ql/lib/change-notes/released/4.3.5.md Normal file
View File

@@ -0,0 +1,3 @@
## 4.3.5
No user-facing changes.

2
go/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 4.3.4
lastReleaseVersion: 4.3.5

2
go/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/go-all
version: 4.3.5-dev
version: 4.3.6-dev
groups: go
dbscheme: go.dbscheme
extractor: go

4
go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll
View File

@@ -117,7 +117,9 @@ private module StepsInput implements Impl::Private::StepsInputSig {
)
}
Node getSourceNode(Input::SourceBase source, Impl::Private::SummaryComponent sc) { none() }
DataFlowCallable getSourceNodeEnclosingCallable(Input::SourceBase source) { none() }
Node getSourceNode(Input::SourceBase source, Impl::Private::SummaryComponentStack s) { none() }
Node getSinkNode(Input::SinkBase sink, Impl::Private::SummaryComponent sc) { none() }
}

4
go/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 1.4.6
No user-facing changes.
## 1.4.5
No user-facing changes.

6
go/ql/src/InconsistentCode/MistypedExponentiation.ql
View File

@@ -13,12 +13,16 @@
import go
private Expr getConstantInitialiser(Expr e) {
exists(DeclaredConstant c | e = c.getAReference() | result = c.getInit())
}
/** Holds if `e` is not 0 and is either an octal or hexadecimal literal, or the number one. */
predicate maybeXorBitPattern(Expr e) {
// 0 makes no sense as an xor bit pattern
not e.getNumericValue() = 0 and
// include octal and hex literals
e.(IntLit).getText().matches("0%")
[e, getConstantInitialiser(e)].(IntLit).getText().matches("0%")
or
e.getNumericValue() = 1
}

3
go/ql/src/change-notes/released/1.4.6.md Normal file
View File

@@ -0,0 +1,3 @@
## 1.4.6
No user-facing changes.

2
go/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.4.5
lastReleaseVersion: 1.4.6

2
go/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/go-queries
version: 1.4.6-dev
version: 1.4.7-dev
groups:
- go
- queries

7
go/ql/test/query-tests/InconsistentCode/MistypedExponentiation/main.go
View File

@@ -22,6 +22,13 @@ func main() {
mask := (((1 << 10) - 1) ^ 7) // OK
const (
c1 = 0x1234
c2 = 0x5678
)
fmt.Println(c1 ^ c2) // OK
// This is not ok, but isn't detected because the multiplication binds tighter
// than the xor operator and so the query doesn't see a constant on the left
// hand side of ^.

4
java/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 7.7.1
No user-facing changes.
## 7.7.0
### New Features

3
java/ql/lib/change-notes/released/7.7.1.md Normal file
View File

@@ -0,0 +1,3 @@
## 7.7.1
No user-facing changes.

2
java/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 7.7.0
lastReleaseVersion: 7.7.1

2
java/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/java-all
version: 7.7.1-dev
version: 7.7.2-dev
groups: java
dbscheme: config/semmlecode.dbscheme
extractor: java

38
java/ql/lib/semmle/code/java/Overlay.qll
View File

@@ -88,7 +88,45 @@ private string baseConfigLocatable(@configLocatable el) {
not isOverlay() and result = getRawFileForConfig(el)
}
overlay[local]
private predicate overlayConfigExtracted(string file) {
isOverlay() and
exists(@configLocatable el | file = getRawFileForConfig(el))
}
overlay[discard_entity]
private predicate discardBaseConfigLocatable(@configLocatable el) {
overlayChangedFiles(baseConfigLocatable(el))
or
// The config extractor is currently not incremental and may extract more
// property files than those included in overlayChangedFiles.
overlayConfigExtracted(baseConfigLocatable(el))
}
/**
* An `@xmllocatable` that should be discarded in the base variant if its file is
* extracted in the overlay variant.
*/
overlay[local]
abstract class DiscardableXmlLocatable extends @xmllocatable {
/** Gets the raw file for an xmllocatable in base. */
string getRawFileInBase() { not isOverlay() and result = getRawFile(this) }
/** Gets a textual representation of this discardable xmllocatable. */
string toString() { none() }
}
overlay[local]
private predicate overlayXmlExtracted(string file) {
isOverlay() and
exists(@xmllocatable el | not files(el, _) and not xmlNs(el, _, _, _) and file = getRawFile(el))
}
overlay[discard_entity]
private predicate discardXmlLocatable(@xmllocatable el) {
overlayChangedFiles(el.(DiscardableXmlLocatable).getRawFileInBase())
or
// The XML extractor is currently not incremental and may extract more
// XML files than those included in overlayChangedFiles.
overlayXmlExtracted(el.(DiscardableXmlLocatable).getRawFileInBase())
}

6
java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll
View File

@@ -132,7 +132,7 @@ private module TypesInput implements Impl::Private::TypesInputSig {
exists(rk)
}
DataFlowType getSourceType(Input::SourceBase source, Impl::Private::SummaryComponent sc) {
DataFlowType getSourceType(Input::SourceBase source, Impl::Private::SummaryComponentStack s) {
none()
}
@@ -144,7 +144,9 @@ private module StepsInput implements Impl::Private::StepsInputSig {
sc = viableCallable(result).asSummarizedCallable()
}
Node getSourceNode(Input::SourceBase source, Impl::Private::SummaryComponent sc) { none() }
DataFlowCallable getSourceNodeEnclosingCallable(Input::SourceBase source) { none() }
Node getSourceNode(Input::SourceBase source, Impl::Private::SummaryComponentStack s) { none() }
Node getSinkNode(Input::SinkBase sink, Impl::Private::SummaryComponent sc) { none() }
}

10
java/ql/lib/semmle/code/xml/XML.qll
View File

@@ -71,12 +71,12 @@ private module Input implements InputSig<File, Location> {
import Make<File, Location, Input>
private class DiscardableXmlAttribute extends DiscardableLocatable, @xmlattribute { }
private class DiscardableXmlAttribute extends DiscardableXmlLocatable, @xmlattribute { }
private class DiscardableXmlElement extends DiscardableLocatable, @xmlelement { }
private class DiscardableXmlElement extends DiscardableXmlLocatable, @xmlelement { }
private class DiscardableXmlComment extends DiscardableLocatable, @xmlcomment { }
private class DiscardableXmlComment extends DiscardableXmlLocatable, @xmlcomment { }
private class DiscardableXmlCharacters extends DiscardableLocatable, @xmlcharacters { }
private class DiscardableXmlCharacters extends DiscardableXmlLocatable, @xmlcharacters { }
private class DiscardableXmlDtd extends DiscardableLocatable, @xmldtd { }
private class DiscardableXmlDtd extends DiscardableXmlLocatable, @xmldtd { }

4
java/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 1.8.1
No user-facing changes.
## 1.8.0
### Major Analysis Improvements

3
java/ql/src/change-notes/released/1.8.1.md Normal file
View File

@@ -0,0 +1,3 @@
## 1.8.1
No user-facing changes.

2
java/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.8.0
lastReleaseVersion: 1.8.1

2
java/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/java-queries
version: 1.8.1-dev
version: 1.8.2-dev
groups:
- java
- queries

8
javascript/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,11 @@
## 2.6.12
### Minor Analysis Improvements
* Added modeling of `GraphQLObjectType` resolver function parameters as remote sources.
* Support for the [graphql](https://www.npmjs.com/package/graphql) library has been improved. Data flow from GraphQL query sources and variables to resolver function parameters is now tracked.
* Added support for the `aws-sdk` and `@aws-sdk/client-dynamodb`, `@aws-sdk/client-athena`, `@aws-sdk/client-s3`, and `@aws-sdk/client-rds-data` packages.
## 2.6.11
### Minor Analysis Improvements

4
javascript/ql/lib/change-notes/2025-07-28-dynamodb.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Added support for the `aws-sdk` and `@aws-sdk/client-dynamodb`, `@aws-sdk/client-athena`, `@aws-sdk/client-s3`, and `@aws-sdk/client-rds-data` packages.

4
javascript/ql/lib/change-notes/2025-09-17-graphql-enhance.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Support for the [graphql](https://www.npmjs.com/package/graphql) library has been improved. Data flow from GraphQL query sources and variables to resolver function parameters is now tracked.

4
javascript/ql/lib/change-notes/2025-09-19-graphql-type-object.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Added modeling of `GraphQLObjectType` resolver function parameters as remote sources.

7
javascript/ql/lib/change-notes/released/2.6.12.md Normal file
View File

@@ -0,0 +1,7 @@
## 2.6.12
### Minor Analysis Improvements
* Added modeling of `GraphQLObjectType` resolver function parameters as remote sources.
* Support for the [graphql](https://www.npmjs.com/package/graphql) library has been improved. Data flow from GraphQL query sources and variables to resolver function parameters is now tracked.
* Added support for the `aws-sdk` and `@aws-sdk/client-dynamodb`, `@aws-sdk/client-athena`, `@aws-sdk/client-s3`, and `@aws-sdk/client-rds-data` packages.

2
javascript/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 2.6.11
lastReleaseVersion: 2.6.12

2
javascript/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/javascript-all
version: 2.6.12-dev
version: 2.6.13-dev
groups: javascript
dbscheme: semmlecode.javascript.dbscheme
extractor: javascript

4
javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll
View File

@@ -150,7 +150,9 @@ private module FlowSummaryStepInput implements Private::StepsInputSig {
)
}
DataFlow::Node getSourceNode(SourceBase source, Private::SummaryComponent sc) { none() }
DataFlowCallable getSourceNodeEnclosingCallable(SourceBase source) { none() }
DataFlow::Node getSourceNode(SourceBase source, Private::SummaryComponentStack s) { none() }
DataFlow::Node getSinkNode(SinkBase sink, Private::SummaryComponent sc) { none() }
}

34
javascript/ql/lib/semmle/javascript/frameworks/Express.qll
View File

@@ -781,6 +781,40 @@ module Express {
override RouteHandler getRouteHandler() { result = response.getRouteHandler() }
}
/**
* A call to `res.json()` or `res.jsonp()`.
*
* This sets the `content-type` header.
*/
private class ResponseJsonCall extends DataFlow::MethodCallNode, Http::HeaderDefinition {
private ResponseSource response;
ResponseJsonCall() { this = response.ref().getAMethodCall(["json", "jsonp"]) }
override RouteHandler getRouteHandler() { result = response.getRouteHandler() }
override string getAHeaderName() { result = "content-type" }
override predicate defines(string headerName, string headerValue) {
// Note: for `jsonp` the actual content-type header will be `text/javascript` or similar, but to avoid
// generating a spurious HTML injection sink, we treat it as `application/json` here.
headerName = "content-type" and headerValue = "application/json"
}
}
/**
* An argument passed to the `json` or `jsonp` method of an HTTP response object.
*/
private class ResponseJsonCallArgument extends Http::ResponseSendArgument {
ResponseJsonCall call;
ResponseJsonCallArgument() { this = call.getArgument(0) }
override RouteHandler getRouteHandler() { result = call.getRouteHandler() }
override HeaderDefinition getAnAssociatedHeaderDefinition() { result = call }
}
/**
* An invocation of the `cookie` method on an HTTP response object.
*/

6
javascript/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 2.1.1
No user-facing changes.
## 2.1.0
### Major Analysis Improvements
@@ -10,7 +14,7 @@
* Data flow is now tracked through the `Promise.try` and `Array.prototype.with` functions.
* Query `js/index-out-of-bounds` no longer produces a false-positive when a strictly-less-than check overrides a previous less-than-or-equal test.
* The query `js/remote-property-injection` now detects property injection vulnerabilities through object enumeration patterns such as `Object.keys()`.
* The query "Permissive CORS configuration" (`js/cors-permissive-configuration`) has been promoted from experimental and is now part of the default security suite.
* The query "Permissive CORS configuration" (`js/cors-permissive-configuration`) has been promoted from experimental and is now part of the default security suite. Thank you to @maikypedia who [submitted the original experimental query](https://github.com/github/codeql/pull/14342)!
## 2.0.3

2
javascript/ql/src/change-notes/released/2.1.0.md
View File

@@ -10,4 +10,4 @@
* Data flow is now tracked through the `Promise.try` and `Array.prototype.with` functions.
* Query `js/index-out-of-bounds` no longer produces a false-positive when a strictly-less-than check overrides a previous less-than-or-equal test.
* The query `js/remote-property-injection` now detects property injection vulnerabilities through object enumeration patterns such as `Object.keys()`.
* The query "Permissive CORS configuration" (`js/cors-permissive-configuration`) has been promoted from experimental and is now part of the default security suite.
* The query "Permissive CORS configuration" (`js/cors-permissive-configuration`) has been promoted from experimental and is now part of the default security suite. Thank you to @maikypedia who [submitted the original experimental query](https://github.com/github/codeql/pull/14342)!

3
javascript/ql/src/change-notes/released/2.1.1.md Normal file
View File

@@ -0,0 +1,3 @@
## 2.1.1
No user-facing changes.

2
javascript/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 2.1.0
lastReleaseVersion: 2.1.1

2
javascript/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/javascript-queries
version: 2.1.1-dev
version: 2.1.2-dev
groups:
- javascript
- queries

10
javascript/ql/test/library-tests/frameworks/Express/src/json.js Normal file
View File

@@ -0,0 +1,10 @@
const express = require('express');
const app = express();
app.get('/test/json', function(req, res) {
res.json(req.query.data);
});
app.get('/test/jsonp', function(req, res) {
res.jsonp(req.query.data);
});

85
javascript/ql/test/library-tests/frameworks/Express/tests.expected
View File

@@ -131,6 +131,12 @@ test_isRequest
| src/inheritedFromNode.js:4:24:4:26 | req |
| src/inheritedFromNode.js:4:24:4:26 | req |
| src/inheritedFromNode.js:7:2:7:4 | req |
| src/json.js:4:32:4:34 | req |
| src/json.js:4:32:4:34 | req |
| src/json.js:5:14:5:16 | req |
| src/json.js:8:33:8:35 | req |
| src/json.js:8:33:8:35 | req |
| src/json.js:9:15:9:17 | req |
| src/middleware-flow.js:5:20:5:22 | req |
| src/middleware-flow.js:5:20:5:22 | req |
| src/middleware-flow.js:6:5:6:7 | req |
@@ -201,6 +207,8 @@ test_RouteSetup
| src/express.js:65:1:69:2 | app.get ... es);\\n}) | src/express.js:2:11:2:19 | express() | false |
| src/express.js:71:1:75:2 | app.get ... es);\\n}) | src/express.js:2:11:2:19 | express() | false |
| src/inheritedFromNode.js:4:1:8:2 | app.pos ... url;\\n}) | src/inheritedFromNode.js:2:11:2:19 | express() | false |
| src/json.js:4:1:6:2 | app.get ... ta);\\n}) | src/json.js:2:13:2:21 | express() | false |
| src/json.js:8:1:10:2 | app.get ... ta);\\n}) | src/json.js:2:13:2:21 | express() | false |
| src/middleware-flow.js:13:5:13:25 | router. ... tallDb) | src/middleware-flow.js:2:13:2:21 | express() | true |
| src/middleware-flow.js:17:5:21:6 | router. ... \\n }) | src/middleware-flow.js:2:13:2:21 | express() | false |
| src/middleware-flow.js:39:1:43:2 | unrelat ... .db;\\n}) | src/middleware-flow.js:37:22:37:30 | express() | false |
@@ -345,6 +353,14 @@ test_isResponse
| src/inheritedFromNode.js:4:29:4:31 | res |
| src/inheritedFromNode.js:5:2:5:4 | res |
| src/inheritedFromNode.js:6:2:6:4 | res |
| src/json.js:4:37:4:39 | res |
| src/json.js:4:37:4:39 | res |
| src/json.js:5:5:5:7 | res |
| src/json.js:5:5:5:28 | res.jso ... y.data) |
| src/json.js:8:38:8:40 | res |
| src/json.js:8:38:8:40 | res |
| src/json.js:9:5:9:7 | res |
| src/json.js:9:5:9:29 | res.jso ... y.data) |
| src/middleware-flow.js:5:25:5:27 | res |
| src/middleware-flow.js:17:30:17:32 | res |
| src/middleware-flow.js:23:23:23:25 | res |
@@ -575,6 +591,12 @@ test_RequestExpr
| src/inheritedFromNode.js:4:24:4:26 | req | src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} |
| src/inheritedFromNode.js:4:24:4:26 | req | src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} |
| src/inheritedFromNode.js:7:2:7:4 | req | src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} |
| src/json.js:4:32:4:34 | req | src/json.js:4:23:6:1 | functio ... ata);\\n} |
| src/json.js:4:32:4:34 | req | src/json.js:4:23:6:1 | functio ... ata);\\n} |
| src/json.js:5:14:5:16 | req | src/json.js:4:23:6:1 | functio ... ata);\\n} |
| src/json.js:8:33:8:35 | req | src/json.js:8:24:10:1 | functio ... ata);\\n} |
| src/json.js:8:33:8:35 | req | src/json.js:8:24:10:1 | functio ... ata);\\n} |
| src/json.js:9:15:9:17 | req | src/json.js:8:24:10:1 | functio ... ata);\\n} |
| src/middleware-flow.js:5:20:5:22 | req | src/middleware-flow.js:5:1:10:1 | functio ... xt();\\n} |
| src/middleware-flow.js:5:20:5:22 | req | src/middleware-flow.js:5:1:10:1 | functio ... xt();\\n} |
| src/middleware-flow.js:6:5:6:7 | req | src/middleware-flow.js:5:1:10:1 | functio ... xt();\\n} |
@@ -627,6 +649,7 @@ test_appCreation
| src/express4.js:2:11:2:19 | express() |
| src/express.js:2:11:2:19 | express() |
| src/inheritedFromNode.js:2:11:2:19 | express() |
| src/json.js:2:13:2:21 | express() |
| src/middleware-flow.js:2:13:2:21 | express() |
| src/middleware-flow.js:37:22:37:30 | express() |
| src/params.js:2:11:2:19 | express() |
@@ -651,6 +674,8 @@ test_ResponseBody
| src/express.js:61:12:61:25 | req.params.foo | src/express.js:59:23:63:1 | functio ... res);\\n} |
| src/express.js:67:12:67:25 | req.params.foo | src/express.js:65:27:69:1 | functio ... res);\\n} |
| src/express.js:73:12:73:19 | req.path | src/express.js:71:23:75:1 | functio ... res);\\n} |
| src/json.js:5:14:5:27 | req.query.data | src/json.js:4:23:6:1 | functio ... ata);\\n} |
| src/json.js:9:15:9:28 | req.query.data | src/json.js:8:24:10:1 | functio ... ata);\\n} |
| src/params.js:8:18:8:22 | value | src/params.js:4:18:12:1 | (req, r ... }\\n} |
| src/params.js:15:12:15:18 | "Hello" | src/params.js:14:24:16:1 | functio ... lo");\\n} |
test_ResponseExpr
@@ -820,6 +845,14 @@ test_ResponseExpr
| src/inheritedFromNode.js:4:29:4:31 | res | src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} |
| src/inheritedFromNode.js:5:2:5:4 | res | src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} |
| src/inheritedFromNode.js:6:2:6:4 | res | src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} |
| src/json.js:4:37:4:39 | res | src/json.js:4:23:6:1 | functio ... ata);\\n} |
| src/json.js:4:37:4:39 | res | src/json.js:4:23:6:1 | functio ... ata);\\n} |
| src/json.js:5:5:5:7 | res | src/json.js:4:23:6:1 | functio ... ata);\\n} |
| src/json.js:5:5:5:28 | res.jso ... y.data) | src/json.js:4:23:6:1 | functio ... ata);\\n} |
| src/json.js:8:38:8:40 | res | src/json.js:8:24:10:1 | functio ... ata);\\n} |
| src/json.js:8:38:8:40 | res | src/json.js:8:24:10:1 | functio ... ata);\\n} |
| src/json.js:9:5:9:7 | res | src/json.js:8:24:10:1 | functio ... ata);\\n} |
| src/json.js:9:5:9:29 | res.jso ... y.data) | src/json.js:8:24:10:1 | functio ... ata);\\n} |
| src/middleware-flow.js:5:25:5:27 | res | src/middleware-flow.js:5:1:10:1 | functio ... xt();\\n} |
| src/middleware-flow.js:17:30:17:32 | res | src/middleware-flow.js:17:24:21:5 | (req, r ... ;\\n } |
| src/middleware-flow.js:23:23:23:25 | res | src/middleware-flow.js:23:17:23:41 | (req, r ... q.db; } |
@@ -940,6 +973,8 @@ test_RouteHandler
| src/express.js:65:27:69:1 | functio ... res);\\n} | src/express.js:65:36:65:38 | req | src/express.js:65:41:65:43 | res |
| src/express.js:71:23:75:1 | functio ... res);\\n} | src/express.js:71:32:71:34 | req | src/express.js:71:37:71:39 | res |
| src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} | src/inheritedFromNode.js:4:24:4:26 | req | src/inheritedFromNode.js:4:29:4:31 | res |
| src/json.js:4:23:6:1 | functio ... ata);\\n} | src/json.js:4:32:4:34 | req | src/json.js:4:37:4:39 | res |
| src/json.js:8:24:10:1 | functio ... ata);\\n} | src/json.js:8:33:8:35 | req | src/json.js:8:38:8:40 | res |
| src/middleware-flow.js:5:1:10:1 | functio ... xt();\\n} | src/middleware-flow.js:5:20:5:22 | req | src/middleware-flow.js:5:25:5:27 | res |
| src/middleware-flow.js:17:24:21:5 | (req, r ... ;\\n } | src/middleware-flow.js:17:25:17:27 | req | src/middleware-flow.js:17:30:17:32 | res |
| src/middleware-flow.js:23:17:23:41 | (req, r ... q.db; } | src/middleware-flow.js:23:18:23:20 | req | src/middleware-flow.js:23:23:23:25 | res |
@@ -972,6 +1007,8 @@ test_HeaderDefinition
| src/express.js:66:3:66:42 | res.hea ... plain") | src/express.js:65:27:69:1 | functio ... res);\\n} |
| src/express.js:72:3:72:41 | res.hea ... /html") | src/express.js:71:23:75:1 | functio ... res);\\n} |
| src/inheritedFromNode.js:6:2:6:16 | res.setHeader() | src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} |
| src/json.js:5:5:5:28 | res.jso ... y.data) | src/json.js:4:23:6:1 | functio ... ata);\\n} |
| src/json.js:9:5:9:29 | res.jso ... y.data) | src/json.js:8:24:10:1 | functio ... ata);\\n} |
| src/responseExprs.js:19:5:19:16 | res.append() | src/responseExprs.js:16:30:42:1 | functio ... }\\n} |
| src/responseExprs.js:37:5:37:28 | f(res.a ... ppend() | src/responseExprs.js:16:30:42:1 | functio ... }\\n} |
| src/responseExprs.js:37:7:37:18 | res.append() | src/responseExprs.js:16:30:42:1 | functio ... }\\n} |
@@ -1036,6 +1073,8 @@ test_RouteHandlerExpr
| src/express.js:65:27:69:1 | functio ... res);\\n} | src/express.js:65:1:69:2 | app.get ... es);\\n}) | true |
| src/express.js:71:23:75:1 | functio ... res);\\n} | src/express.js:71:1:75:2 | app.get ... es);\\n}) | true |
| src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} | src/inheritedFromNode.js:4:1:8:2 | app.pos ... url;\\n}) | true |
| src/json.js:4:23:6:1 | functio ... ata);\\n} | src/json.js:4:1:6:2 | app.get ... ta);\\n}) | true |
| src/json.js:8:24:10:1 | functio ... ata);\\n} | src/json.js:8:1:10:2 | app.get ... ta);\\n}) | true |
| src/middleware-flow.js:13:16:13:24 | installDb | src/middleware-flow.js:13:5:13:25 | router. ... tallDb) | false |
| src/middleware-flow.js:17:24:21:5 | (req, r ... ;\\n } | src/middleware-flow.js:17:5:21:6 | router. ... \\n }) | true |
| src/middleware-flow.js:27:23:27:32 | routers[p] | src/middleware-flow.js:27:9:27:33 | router. ... ers[p]) | true |
@@ -1068,6 +1107,7 @@ test_isRouterCreation
| src/express4.js:2:11:2:19 | express() |
| src/express.js:2:11:2:19 | express() |
| src/inheritedFromNode.js:2:11:2:19 | express() |
| src/json.js:2:13:2:21 | express() |
| src/middleware-flow.js:2:13:2:21 | express() |
| src/middleware-flow.js:37:22:37:30 | express() |
| src/params.js:2:11:2:19 | express() |
@@ -1111,6 +1151,8 @@ test_RequestInputAccess
| src/express.js:67:12:67:25 | req.params.foo | parameter | src/express.js:65:27:69:1 | functio ... res);\\n} |
| src/express.js:73:12:73:19 | req.path | url | src/express.js:71:23:75:1 | functio ... res);\\n} |
| src/inheritedFromNode.js:7:2:7:8 | req.url | url | src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} |
| src/json.js:5:14:5:27 | req.query.data | parameter | src/json.js:4:23:6:1 | functio ... ata);\\n} |
| src/json.js:9:15:9:28 | req.query.data | parameter | src/json.js:8:24:10:1 | functio ... ata);\\n} |
| src/params.js:4:35:4:39 | value | parameter | src/params.js:4:18:12:1 | (req, r ... }\\n} |
| src/params.js:5:17:5:28 | req.query.xx | parameter | src/params.js:4:18:12:1 | (req, r ... }\\n} |
| src/params.js:6:17:6:24 | req.body | body | src/params.js:4:18:12:1 | (req, r ... }\\n} |
@@ -1125,6 +1167,8 @@ test_ResponseSendArgument
| src/express.js:61:12:61:25 | req.params.foo | src/express.js:59:23:63:1 | functio ... res);\\n} |
| src/express.js:67:12:67:25 | req.params.foo | src/express.js:65:27:69:1 | functio ... res);\\n} |
| src/express.js:73:12:73:19 | req.path | src/express.js:71:23:75:1 | functio ... res);\\n} |
| src/json.js:5:14:5:27 | req.query.data | src/json.js:4:23:6:1 | functio ... ata);\\n} |
| src/json.js:9:15:9:28 | req.query.data | src/json.js:8:24:10:1 | functio ... ata);\\n} |
| src/params.js:8:18:8:22 | value | src/params.js:4:18:12:1 | (req, r ... }\\n} |
| src/params.js:15:12:15:18 | "Hello" | src/params.js:14:24:16:1 | functio ... lo");\\n} |
test_RouteSetup_getRouter
@@ -1182,6 +1226,8 @@ test_RouteSetup_getRouter
| src/express.js:65:1:69:2 | app.get ... es);\\n}) | src/express.js:2:11:2:19 | express() |
| src/express.js:71:1:75:2 | app.get ... es);\\n}) | src/express.js:2:11:2:19 | express() |
| src/inheritedFromNode.js:4:1:8:2 | app.pos ... url;\\n}) | src/inheritedFromNode.js:2:11:2:19 | express() |
| src/json.js:4:1:6:2 | app.get ... ta);\\n}) | src/json.js:2:13:2:21 | express() |
| src/json.js:8:1:10:2 | app.get ... ta);\\n}) | src/json.js:2:13:2:21 | express() |
| src/middleware-flow.js:13:5:13:25 | router. ... tallDb) | src/middleware-flow.js:2:13:2:21 | express() |
| src/middleware-flow.js:17:5:21:6 | router. ... \\n }) | src/middleware-flow.js:2:13:2:21 | express() |
| src/middleware-flow.js:27:9:27:33 | router. ... ers[p]) | src/middleware-flow.js:2:13:2:21 | express() |
@@ -1226,6 +1272,8 @@ test_RouteSetup_getServer
| src/express.js:65:1:69:2 | app.get ... es);\\n}) | src/express.js:2:11:2:19 | express() |
| src/express.js:71:1:75:2 | app.get ... es);\\n}) | src/express.js:2:11:2:19 | express() |
| src/inheritedFromNode.js:4:1:8:2 | app.pos ... url;\\n}) | src/inheritedFromNode.js:2:11:2:19 | express() |
| src/json.js:4:1:6:2 | app.get ... ta);\\n}) | src/json.js:2:13:2:21 | express() |
| src/json.js:8:1:10:2 | app.get ... ta);\\n}) | src/json.js:2:13:2:21 | express() |
| src/middleware-flow.js:13:5:13:25 | router. ... tallDb) | src/middleware-flow.js:2:13:2:21 | express() |
| src/middleware-flow.js:17:5:21:6 | router. ... \\n }) | src/middleware-flow.js:2:13:2:21 | express() |
| src/middleware-flow.js:39:1:43:2 | unrelat ... .db;\\n}) | src/middleware-flow.js:37:22:37:30 | express() |
@@ -1266,6 +1314,8 @@ test_StandardRouteHandler
| src/express.js:65:27:69:1 | functio ... res);\\n} | src/express.js:2:11:2:19 | express() | src/express.js:65:36:65:38 | req | src/express.js:65:41:65:43 | res |
| src/express.js:71:23:75:1 | functio ... res);\\n} | src/express.js:2:11:2:19 | express() | src/express.js:71:32:71:34 | req | src/express.js:71:37:71:39 | res |
| src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} | src/inheritedFromNode.js:2:11:2:19 | express() | src/inheritedFromNode.js:4:24:4:26 | req | src/inheritedFromNode.js:4:29:4:31 | res |
| src/json.js:4:23:6:1 | functio ... ata);\\n} | src/json.js:2:13:2:21 | express() | src/json.js:4:32:4:34 | req | src/json.js:4:37:4:39 | res |
| src/json.js:8:24:10:1 | functio ... ata);\\n} | src/json.js:2:13:2:21 | express() | src/json.js:8:33:8:35 | req | src/json.js:8:38:8:40 | res |
| src/middleware-flow.js:5:1:10:1 | functio ... xt();\\n} | src/middleware-flow.js:2:13:2:21 | express() | src/middleware-flow.js:5:20:5:22 | req | src/middleware-flow.js:5:25:5:27 | res |
| src/middleware-flow.js:17:24:21:5 | (req, r ... ;\\n } | src/middleware-flow.js:2:13:2:21 | express() | src/middleware-flow.js:17:25:17:27 | req | src/middleware-flow.js:17:30:17:32 | res |
| src/middleware-flow.js:39:23:43:1 | (req, r ... s.db;\\n} | src/middleware-flow.js:37:22:37:30 | express() | src/middleware-flow.js:39:24:39:26 | req | src/middleware-flow.js:39:29:39:31 | res |
@@ -1322,6 +1372,8 @@ test_HeaderDefinition_defines
| src/express.js:60:3:60:47 | res.hea ... n/xml") | content-type | application/xml |
| src/express.js:66:3:66:42 | res.hea ... plain") | content-type | text/plain |
| src/express.js:72:3:72:41 | res.hea ... /html") | content-type | text/html |
| src/json.js:5:5:5:28 | res.jso ... y.data) | content-type | application/json |
| src/json.js:9:5:9:29 | res.jso ... y.data) | content-type | application/json |
test_RouteHandlerExpr_getBody
| src/advanced-routehandler-registration.js:51:9:51:60 | (req, r ... tever") | src/advanced-routehandler-registration.js:51:9:51:60 | (req, r ... tever") |
| src/advanced-routehandler-registration.js:64:9:64:53 | (req, r ... q, res) | src/advanced-routehandler-registration.js:64:9:64:53 | (req, r ... q, res) |
@@ -1346,6 +1398,8 @@ test_RouteHandlerExpr_getBody
| src/express.js:65:27:69:1 | functio ... res);\\n} | src/express.js:65:27:69:1 | functio ... res);\\n} |
| src/express.js:71:23:75:1 | functio ... res);\\n} | src/express.js:71:23:75:1 | functio ... res);\\n} |
| src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} | src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} |
| src/json.js:4:23:6:1 | functio ... ata);\\n} | src/json.js:4:23:6:1 | functio ... ata);\\n} |
| src/json.js:8:24:10:1 | functio ... ata);\\n} | src/json.js:8:24:10:1 | functio ... ata);\\n} |
| src/middleware-flow.js:13:16:13:24 | installDb | src/middleware-flow.js:5:1:10:1 | functio ... xt();\\n} |
| src/middleware-flow.js:17:24:21:5 | (req, r ... ;\\n } | src/middleware-flow.js:17:24:21:5 | (req, r ... ;\\n } |
| src/middleware-flow.js:39:23:43:1 | (req, r ... s.db;\\n} | src/middleware-flow.js:39:23:43:1 | (req, r ... s.db;\\n} |
@@ -1466,6 +1520,8 @@ test_RouteSetup_getARouteHandler
| src/express.js:65:1:69:2 | app.get ... es);\\n}) | src/express.js:65:27:69:1 | functio ... res);\\n} |
| src/express.js:71:1:75:2 | app.get ... es);\\n}) | src/express.js:71:23:75:1 | functio ... res);\\n} |
| src/inheritedFromNode.js:4:1:8:2 | app.pos ... url;\\n}) | src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} |
| src/json.js:4:1:6:2 | app.get ... ta);\\n}) | src/json.js:4:23:6:1 | functio ... ata);\\n} |
| src/json.js:8:1:10:2 | app.get ... ta);\\n}) | src/json.js:8:24:10:1 | functio ... ata);\\n} |
| src/middleware-flow.js:13:5:13:25 | router. ... tallDb) | src/middleware-flow.js:5:1:10:1 | functio ... xt();\\n} |
| src/middleware-flow.js:17:5:21:6 | router. ... \\n }) | src/middleware-flow.js:17:24:21:5 | (req, r ... ;\\n } |
| src/middleware-flow.js:27:9:27:33 | router. ... ers[p]) | src/middleware-flow.js:23:17:23:41 | (req, r ... q.db; } |
@@ -1526,6 +1582,8 @@ test_RouteSetup_getRequestMethod
| src/express.js:65:1:69:2 | app.get ... es);\\n}) | GET |
| src/express.js:71:1:75:2 | app.get ... es);\\n}) | GET |
| src/inheritedFromNode.js:4:1:8:2 | app.pos ... url;\\n}) | POST |
| src/json.js:4:1:6:2 | app.get ... ta);\\n}) | GET |
| src/json.js:8:1:10:2 | app.get ... ta);\\n}) | GET |
| src/middleware-flow.js:17:5:21:6 | router. ... \\n }) | GET |
| src/middleware-flow.js:27:9:27:33 | router. ... ers[p]) | GET |
| src/middleware-flow.js:39:1:43:2 | unrelat ... .db;\\n}) | GET |
@@ -1699,6 +1757,12 @@ test_RouteHandler_getARequestExpr
| src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} | src/inheritedFromNode.js:4:24:4:26 | req |
| src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} | src/inheritedFromNode.js:4:24:4:26 | req |
| src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} | src/inheritedFromNode.js:7:2:7:4 | req |
| src/json.js:4:23:6:1 | functio ... ata);\\n} | src/json.js:4:32:4:34 | req |
| src/json.js:4:23:6:1 | functio ... ata);\\n} | src/json.js:4:32:4:34 | req |
| src/json.js:4:23:6:1 | functio ... ata);\\n} | src/json.js:5:14:5:16 | req |
| src/json.js:8:24:10:1 | functio ... ata);\\n} | src/json.js:8:33:8:35 | req |
| src/json.js:8:24:10:1 | functio ... ata);\\n} | src/json.js:8:33:8:35 | req |
| src/json.js:8:24:10:1 | functio ... ata);\\n} | src/json.js:9:15:9:17 | req |
| src/middleware-flow.js:5:1:10:1 | functio ... xt();\\n} | src/middleware-flow.js:5:20:5:22 | req |
| src/middleware-flow.js:5:1:10:1 | functio ... xt();\\n} | src/middleware-flow.js:5:20:5:22 | req |
| src/middleware-flow.js:5:1:10:1 | functio ... xt();\\n} | src/middleware-flow.js:6:5:6:7 | req |
@@ -1909,6 +1973,14 @@ test_RouteHandler_getAResponseExpr
| src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} | src/inheritedFromNode.js:4:29:4:31 | res |
| src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} | src/inheritedFromNode.js:5:2:5:4 | res |
| src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} | src/inheritedFromNode.js:6:2:6:4 | res |
| src/json.js:4:23:6:1 | functio ... ata);\\n} | src/json.js:4:37:4:39 | res |
| src/json.js:4:23:6:1 | functio ... ata);\\n} | src/json.js:4:37:4:39 | res |
| src/json.js:4:23:6:1 | functio ... ata);\\n} | src/json.js:5:5:5:7 | res |
| src/json.js:4:23:6:1 | functio ... ata);\\n} | src/json.js:5:5:5:28 | res.jso ... y.data) |
| src/json.js:8:24:10:1 | functio ... ata);\\n} | src/json.js:8:38:8:40 | res |
| src/json.js:8:24:10:1 | functio ... ata);\\n} | src/json.js:8:38:8:40 | res |
| src/json.js:8:24:10:1 | functio ... ata);\\n} | src/json.js:9:5:9:7 | res |
| src/json.js:8:24:10:1 | functio ... ata);\\n} | src/json.js:9:5:9:29 | res.jso ... y.data) |
| src/middleware-flow.js:5:1:10:1 | functio ... xt();\\n} | src/middleware-flow.js:5:25:5:27 | res |
| src/middleware-flow.js:17:24:21:5 | (req, r ... ;\\n } | src/middleware-flow.js:17:30:17:32 | res |
| src/middleware-flow.js:23:17:23:41 | (req, r ... q.db; } | src/middleware-flow.js:23:23:23:25 | res |
@@ -2041,6 +2113,8 @@ test_RouteSetup_getRouteHandlerExpr
| src/express.js:65:1:69:2 | app.get ... es);\\n}) | 0 | src/express.js:65:27:69:1 | functio ... res);\\n} |
| src/express.js:71:1:75:2 | app.get ... es);\\n}) | 0 | src/express.js:71:23:75:1 | functio ... res);\\n} |
| src/inheritedFromNode.js:4:1:8:2 | app.pos ... url;\\n}) | 0 | src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} |
| src/json.js:4:1:6:2 | app.get ... ta);\\n}) | 0 | src/json.js:4:23:6:1 | functio ... ata);\\n} |
| src/json.js:8:1:10:2 | app.get ... ta);\\n}) | 0 | src/json.js:8:24:10:1 | functio ... ata);\\n} |
| src/middleware-flow.js:13:5:13:25 | router. ... tallDb) | 0 | src/middleware-flow.js:13:16:13:24 | installDb |
| src/middleware-flow.js:17:5:21:6 | router. ... \\n }) | 0 | src/middleware-flow.js:17:24:21:5 | (req, r ... ;\\n } |
| src/middleware-flow.js:27:9:27:33 | router. ... ers[p]) | 0 | src/middleware-flow.js:27:23:27:32 | routers[p] |
@@ -2073,6 +2147,8 @@ test_HeaderDefinition_getAHeaderName
| src/express.js:60:3:60:47 | res.hea ... n/xml") | content-type |
| src/express.js:66:3:66:42 | res.hea ... plain") | content-type |
| src/express.js:72:3:72:41 | res.hea ... /html") | content-type |
| src/json.js:5:5:5:28 | res.jso ... y.data) | content-type |
| src/json.js:9:5:9:29 | res.jso ... y.data) | content-type |
test_RouteHandlerExpr_getAsSubRouter
| src/csurf-example.js:13:17:13:19 | api | src/csurf-example.js:30:16:30:35 | new express.Router() |
| src/express2.js:6:9:6:14 | router | src/express2.js:2:14:2:23 | e.Router() |
@@ -2089,6 +2165,8 @@ test_RouteHandler_getAResponseHeader
| src/express.js:65:27:69:1 | functio ... res);\\n} | content-type | src/express.js:66:3:66:42 | res.hea ... plain") |
| src/express.js:71:23:75:1 | functio ... res);\\n} | access-control-allow-credentials | src/express.js:12:3:12:54 | arg.hea ... , true) |
| src/express.js:71:23:75:1 | functio ... res);\\n} | content-type | src/express.js:72:3:72:41 | res.hea ... /html") |
| src/json.js:4:23:6:1 | functio ... ata);\\n} | content-type | src/json.js:5:5:5:28 | res.jso ... y.data) |
| src/json.js:8:24:10:1 | functio ... ata);\\n} | content-type | src/json.js:9:5:9:29 | res.jso ... y.data) |
test_RouteSetup_getARouteHandlerExpr
| src/advanced-routehandler-registration.js:10:3:10:24 | app.get ... es0[p]) | src/advanced-routehandler-registration.js:10:14:10:23 | routes0[p] |
| src/advanced-routehandler-registration.js:19:3:19:18 | app.use(handler) | src/advanced-routehandler-registration.js:19:11:19:17 | handler |
@@ -2149,6 +2227,8 @@ test_RouteSetup_getARouteHandlerExpr
| src/express.js:65:1:69:2 | app.get ... es);\\n}) | src/express.js:65:27:69:1 | functio ... res);\\n} |
| src/express.js:71:1:75:2 | app.get ... es);\\n}) | src/express.js:71:23:75:1 | functio ... res);\\n} |
| src/inheritedFromNode.js:4:1:8:2 | app.pos ... url;\\n}) | src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} |
| src/json.js:4:1:6:2 | app.get ... ta);\\n}) | src/json.js:4:23:6:1 | functio ... ata);\\n} |
| src/json.js:8:1:10:2 | app.get ... ta);\\n}) | src/json.js:8:24:10:1 | functio ... ata);\\n} |
| src/middleware-flow.js:13:5:13:25 | router. ... tallDb) | src/middleware-flow.js:13:16:13:24 | installDb |
| src/middleware-flow.js:17:5:21:6 | router. ... \\n }) | src/middleware-flow.js:17:24:21:5 | (req, r ... ;\\n } |
| src/middleware-flow.js:27:9:27:33 | router. ... ers[p]) | src/middleware-flow.js:27:23:27:32 | routers[p] |
@@ -2181,6 +2261,7 @@ test_RouterDefinition_RouterDefinition
| src/express4.js:2:11:2:19 | express() |
| src/express.js:2:11:2:19 | express() |
| src/inheritedFromNode.js:2:11:2:19 | express() |
| src/json.js:2:13:2:21 | express() |
| src/middleware-flow.js:2:13:2:21 | express() |
| src/middleware-flow.js:37:22:37:30 | express() |
| src/params.js:2:11:2:19 | express() |
@@ -2216,6 +2297,8 @@ test_RouterDefinition_getARouteHandler
| src/express.js:2:11:2:19 | express() | src/express.js:65:27:69:1 | functio ... res);\\n} |
| src/express.js:2:11:2:19 | express() | src/express.js:71:23:75:1 | functio ... res);\\n} |
| src/inheritedFromNode.js:2:11:2:19 | express() | src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} |
| src/json.js:2:13:2:21 | express() | src/json.js:4:23:6:1 | functio ... ata);\\n} |
| src/json.js:2:13:2:21 | express() | src/json.js:8:24:10:1 | functio ... ata);\\n} |
| src/middleware-flow.js:2:13:2:21 | express() | src/middleware-flow.js:5:1:10:1 | functio ... xt();\\n} |
| src/middleware-flow.js:2:13:2:21 | express() | src/middleware-flow.js:17:24:21:5 | (req, r ... ;\\n } |
| src/middleware-flow.js:37:22:37:30 | express() | src/middleware-flow.js:39:23:43:1 | (req, r ... s.db;\\n} |
@@ -2334,6 +2417,8 @@ test_RouteSetup_getLastRouteHandlerExpr
| src/express.js:65:1:69:2 | app.get ... es);\\n}) | src/express.js:65:27:69:1 | functio ... res);\\n} |
| src/express.js:71:1:75:2 | app.get ... es);\\n}) | src/express.js:71:23:75:1 | functio ... res);\\n} |
| src/inheritedFromNode.js:4:1:8:2 | app.pos ... url;\\n}) | src/inheritedFromNode.js:4:15:8:1 | functio ... .url;\\n} |
| src/json.js:4:1:6:2 | app.get ... ta);\\n}) | src/json.js:4:23:6:1 | functio ... ata);\\n} |
| src/json.js:8:1:10:2 | app.get ... ta);\\n}) | src/json.js:8:24:10:1 | functio ... ata);\\n} |
| src/middleware-flow.js:13:5:13:25 | router. ... tallDb) | src/middleware-flow.js:13:16:13:24 | installDb |
| src/middleware-flow.js:17:5:21:6 | router. ... \\n }) | src/middleware-flow.js:17:24:21:5 | (req, r ... ;\\n } |
| src/middleware-flow.js:27:9:27:33 | router. ... ers[p]) | src/middleware-flow.js:27:23:27:32 | routers[p] |

4
misc/suite-helpers/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 1.0.32
No user-facing changes.
## 1.0.31
No user-facing changes.

3
misc/suite-helpers/change-notes/released/1.0.32.md Normal file
View File

@@ -0,0 +1,3 @@
## 1.0.32
No user-facing changes.

2
misc/suite-helpers/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.0.31
lastReleaseVersion: 1.0.32

2
misc/suite-helpers/qlpack.yml
View File

@@ -1,4 +1,4 @@
name: codeql/suite-helpers
version: 1.0.32-dev
version: 1.0.33-dev
groups: shared
warnOnImplicitThis: true

6
python/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,9 @@
## 4.0.16
### Minor Analysis Improvements
* Data flow tracking through global variables now supports nested field access patterns such as `global_var.obj.field`. This improves the precision of taint tracking analysis when data flows through complex global variable structures.
## 4.0.15
No user-facing changes.

9
python/ql/lib/change-notes/2025-08-11-jump-step-global-nested.md → python/ql/lib/change-notes/released/4.0.16.md
View File

@@ -1,4 +1,5 @@
---
category: minorAnalysis
---
* Data flow tracking through global variables now supports nested field access patterns such as `global_var.obj.field`. This improves the precision of taint tracking analysis when data flows through complex global variable structures.
## 4.0.16
### Minor Analysis Improvements
* Data flow tracking through global variables now supports nested field access patterns such as `global_var.obj.field`. This improves the precision of taint tracking analysis when data flows through complex global variable structures.

2
python/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 4.0.15
lastReleaseVersion: 4.0.16

2
python/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/python-all
version: 4.0.16-dev
version: 4.0.17-dev
groups: python
dbscheme: semmlecode.python.dbscheme
extractor: python

4
python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImpl.qll
View File

@@ -105,7 +105,9 @@ private module StepsInput implements Impl::Private::StepsInputSig {
])
}
Node getSourceNode(Input::SourceBase source, Impl::Private::SummaryComponent sc) { none() }
DataFlowCallable getSourceNodeEnclosingCallable(Input::SourceBase source) { none() }
Node getSourceNode(Input::SourceBase source, Impl::Private::SummaryComponentStack s) { none() }
Node getSinkNode(Input::SinkBase sink, Impl::Private::SummaryComponent sc) { none() }
}

8
python/ql/lib/semmle/python/regexp/RegexTreeView.qll
View File

@@ -964,7 +964,7 @@ module Impl implements RegexTreeViewSig {
* ```
*/
class RegExpPositiveLookahead extends RegExpLookahead {
RegExpPositiveLookahead() { re.positiveLookaheadAssertionGroup(start, end) }
RegExpPositiveLookahead() { re.positiveLookaheadAssertionGroup(start, end, _, _) }
override string getPrimaryQLClass() { result = "RegExpPositiveLookahead" }
}
@@ -979,7 +979,7 @@ module Impl implements RegexTreeViewSig {
* ```
*/
additional class RegExpNegativeLookahead extends RegExpLookahead {
RegExpNegativeLookahead() { re.negativeLookaheadAssertionGroup(start, end) }
RegExpNegativeLookahead() { re.negativeLookaheadAssertionGroup(start, end, _, _) }
override string getPrimaryQLClass() { result = "RegExpNegativeLookahead" }
}
@@ -1006,7 +1006,7 @@ module Impl implements RegexTreeViewSig {
* ```
*/
class RegExpPositiveLookbehind extends RegExpLookbehind {
RegExpPositiveLookbehind() { re.positiveLookbehindAssertionGroup(start, end) }
RegExpPositiveLookbehind() { re.positiveLookbehindAssertionGroup(start, end, _, _) }
override string getPrimaryQLClass() { result = "RegExpPositiveLookbehind" }
}
@@ -1021,7 +1021,7 @@ module Impl implements RegexTreeViewSig {
* ```
*/
additional class RegExpNegativeLookbehind extends RegExpLookbehind {
RegExpNegativeLookbehind() { re.negativeLookbehindAssertionGroup(start, end) }
RegExpNegativeLookbehind() { re.negativeLookbehindAssertionGroup(start, end, _, _) }
override string getPrimaryQLClass() { result = "RegExpNegativeLookbehind" }
}

70
python/ql/lib/semmle/python/regexp/internal/ParseRegExp.qll
View File

@@ -554,9 +554,9 @@ class RegExp extends Expr instanceof StringLiteral {
or
this.negativeAssertionGroup(start, end)
or
this.positiveLookaheadAssertionGroup(start, end)
this.positiveLookaheadAssertionGroup(start, end, _, _)
or
this.positiveLookbehindAssertionGroup(start, end)
this.positiveLookbehindAssertionGroup(start, end, _, _)
}
/** Holds if an empty group is found between `start` and `end`. */
@@ -572,7 +572,7 @@ class RegExp extends Expr instanceof StringLiteral {
or
this.negativeAssertionGroup(start, end)
or
this.positiveLookaheadAssertionGroup(start, end)
this.positiveLookaheadAssertionGroup(start, end, _, _)
}
private predicate emptyMatchAtEndGroup(int start, int end) {
@@ -580,7 +580,7 @@ class RegExp extends Expr instanceof StringLiteral {
or
this.negativeAssertionGroup(start, end)
or
this.positiveLookbehindAssertionGroup(start, end)
this.positiveLookbehindAssertionGroup(start, end, _, _)
}
private predicate negativeAssertionGroup(int start, int end) {
@@ -593,32 +593,40 @@ class RegExp extends Expr instanceof StringLiteral {
)
}
/** Holds if a negative lookahead is found between `start` and `end` */
predicate negativeLookaheadAssertionGroup(int start, int end) {
exists(int in_start | this.negative_lookahead_assertion_start(start, in_start) |
this.groupContents(start, end, in_start, _)
)
/**
* Holds if a negative lookahead is found between `start` and `end`, with contents
* between `in_start` and `in_end`.
*/
predicate negativeLookaheadAssertionGroup(int start, int end, int in_start, int in_end) {
this.negative_lookahead_assertion_start(start, in_start) and
this.groupContents(start, end, in_start, in_end)
}
/** Holds if a negative lookbehind is found between `start` and `end` */
predicate negativeLookbehindAssertionGroup(int start, int end) {
exists(int in_start | this.negative_lookbehind_assertion_start(start, in_start) |
this.groupContents(start, end, in_start, _)
)
/**
* Holds if a negative lookbehind is found between `start` and `end`, with contents
* between `in_start` and `in_end`.
*/
predicate negativeLookbehindAssertionGroup(int start, int end, int in_start, int in_end) {
this.negative_lookbehind_assertion_start(start, in_start) and
this.groupContents(start, end, in_start, in_end)
}
/** Holds if a positive lookahead is found between `start` and `end` */
predicate positiveLookaheadAssertionGroup(int start, int end) {
exists(int in_start | this.lookahead_assertion_start(start, in_start) |
this.groupContents(start, end, in_start, _)
)
/**
* Holds if a positive lookahead is found between `start` and `end`, with contents
* between `in_start` and `in_end`.
*/
predicate positiveLookaheadAssertionGroup(int start, int end, int in_start, int in_end) {
this.lookahead_assertion_start(start, in_start) and
this.groupContents(start, end, in_start, in_end)
}
/** Holds if a positive lookbehind is found between `start` and `end` */
predicate positiveLookbehindAssertionGroup(int start, int end) {
exists(int in_start | this.lookbehind_assertion_start(start, in_start) |
this.groupContents(start, end, in_start, _)
)
/**
* Holds if a positive lookbehind is found between `start` and `end`, with contents
* between `in_start` and `in_end`.
*/
predicate positiveLookbehindAssertionGroup(int start, int end, int in_start, int in_end) {
this.lookbehind_assertion_start(start, in_start) and
this.groupContents(start, end, in_start, in_end)
}
private predicate group_start(int start, int end) {
@@ -1049,6 +1057,13 @@ class RegExp extends Expr instanceof StringLiteral {
or
this.alternationOption(x, y, start, end)
)
or
// Lookbehind assertions can potentially match the start of the string
(
this.positiveLookbehindAssertionGroup(_, _, start, _) or
this.negativeLookbehindAssertionGroup(_, _, start, _)
) and
this.item(start, end)
}
/** A part of the regex that may match the end of the string. */
@@ -1074,6 +1089,13 @@ class RegExp extends Expr instanceof StringLiteral {
or
this.alternationOption(x, y, start, end)
)
or
// Lookahead assertions can potentially match the end of the string
(
this.positiveLookaheadAssertionGroup(_, _, _, end) or
this.negativeLookaheadAssertionGroup(_, _, _, end)
) and
this.item(start, end)
}
/**

8
python/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,11 @@
## 1.6.6
### Minor Analysis Improvements
- The queries that check for unmatchable `$` and `^` in regular expressions did not account correctly for occurrences inside lookahead and lookbehind assertions. These occurrences are now handled correctly, eliminating this source of false positives.
* The `py/inheritance/signature-mismatch` query has been modernized. It produces more precise results and more descriptive alert messages.
* The `py/inheritance/incorrect-overriding-signature` query has been deprecated. Its results have been consolidated into the `py/inheritance/signature-mismatch` query.
## 1.6.5
### Minor Analysis Improvements

5
python/ql/src/change-notes/2025-08-19-signature-mismatch.md
View File

@@ -1,5 +0,0 @@
---
category: minorAnalysis
---
* The `py/inheritance/signature-mismatch` query has been modernized. It produces more precise results and more descriptive alert messages.
* The `py/inheritance/incorrect-overriding-signature` query has been deprecated. Its results have been consolidated into the `py/inheritance/signature-mismatch` query.

7
python/ql/src/change-notes/released/1.6.6.md Normal file
View File

@@ -0,0 +1,7 @@
## 1.6.6
### Minor Analysis Improvements
- The queries that check for unmatchable `$` and `^` in regular expressions did not account correctly for occurrences inside lookahead and lookbehind assertions. These occurrences are now handled correctly, eliminating this source of false positives.
* The `py/inheritance/signature-mismatch` query has been modernized. It produces more precise results and more descriptive alert messages.
* The `py/inheritance/incorrect-overriding-signature` query has been deprecated. Its results have been consolidated into the `py/inheritance/signature-mismatch` query.

2
python/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.6.5
lastReleaseVersion: 1.6.6

Some files were not shown because too many files have changed in this diff Show More