hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 01:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into LoadClassNoSignatureCheck

Browse Source
This commit is contained in:
masterofnow
2023-11-14 09:22:30 +08:00
committed by GitHub
parent 532f6a5b0c c14d4042e0
commit 7d774f1a51
157 changed files with 14598 additions and 809 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/SemanticSSA.qll
View File

@@ -22,8 +22,6 @@ class SemSsaExplicitUpdate extends SemSsaVariable {
SemSsaExplicitUpdate() { Specific::explicitUpdate(this, sourceExpr) }
final SemExpr getSourceExpr() { result = sourceExpr }
final SemExpr getDefiningExpr() { result = sourceExpr }
}

2
cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/analysis/ConstantAnalysis.qll
View File

@@ -14,7 +14,7 @@ private predicate constantIntegerExpr(SemExpr e, int val) {
// Copy of another constant
exists(SemSsaExplicitUpdate v, SemExpr src |
e = v.getAUse() and
src = v.getSourceExpr() and
src = v.getDefiningExpr() and
constantIntegerExpr(src, val)
)
or

27
cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/analysis/RangeAnalysisConstantSpecific.qll
View File

@@ -22,30 +22,7 @@ module CppLangImplConstant implements LangSig<Sem, FloatDelta> {
predicate hasConstantBound(SemExpr e, float bound, boolean upper) { none() }
/**
* Holds if `e >= bound + delta` (if `upper = false`) or `e <= bound + delta` (if `upper = true`).
* Holds if `e2 >= e1 + delta` (if `upper = false`) or `e2 <= e1 + delta` (if `upper = true`).
*/
predicate hasBound(SemExpr e, SemExpr bound, float delta, boolean upper) { none() }
/**
* Holds if the value of `dest` is known to be `src + delta`.
*/
predicate additionalValueFlowStep(SemExpr dest, SemExpr src, float delta) { none() }
/**
* Gets the type that range analysis should use to track the result of the specified expression,
* if a type other than the original type of the expression is to be used.
*
* This predicate is commonly used in languages that support immutable "boxed" types that are
* actually references but whose values can be tracked as the type contained in the box.
*/
SemType getAlternateType(SemExpr e) { none() }
/**
* Gets the type that range analysis should use to track the result of the specified source
* variable, if a type other than the original type of the expression is to be used.
*
* This predicate is commonly used in languages that support immutable "boxed" types that are
* actually references but whose values can be tracked as the type contained in the box.
*/
SemType getAlternateTypeForSsaVariable(SemSsaVariable var) { none() }
predicate additionalBoundFlowStep(SemExpr e2, SemExpr e1, float delta, boolean upper) { none() }
}

17
cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/analysis/RangeAnalysisImpl.qll
View File

@@ -1,7 +1,6 @@
private import RangeAnalysisConstantSpecific
private import RangeAnalysisRelativeSpecific
private import semmle.code.cpp.rangeanalysis.new.internal.semantic.analysis.FloatDelta
private import RangeUtils
private import semmle.code.cpp.rangeanalysis.new.internal.semantic.SemanticExpr
private import semmle.code.cpp.rangeanalysis.new.internal.semantic.SemanticCFG
private import semmle.code.cpp.rangeanalysis.new.internal.semantic.SemanticGuard
@@ -88,12 +87,18 @@ module Sem implements Semantic {
class AddressType = SemAddressType;
SemType getExprType(SemExpr e) { result = e.getSemType() }
SemType getSsaType(SemSsaVariable var) { result = var.getType() }
class SsaVariable = SemSsaVariable;
class SsaPhiNode = SemSsaPhiNode;
class SsaExplicitUpdate = SemSsaExplicitUpdate;
predicate additionalValueFlowStep(SemExpr dest, SemExpr src, int delta) { none() }
predicate conversionCannotOverflow(Type fromType, Type toType) {
SemanticType::conversionCannotOverflow(fromType, toType)
}
@@ -101,7 +106,7 @@ module Sem implements Semantic {
module SignAnalysis implements SignAnalysisSig<Sem> {
private import SignAnalysisCommon as SA
import SA::SignAnalysis<FloatDelta, Util>
import SA::SignAnalysis<FloatDelta>
}
module ConstantBounds implements BoundSig<SemLocation, Sem, FloatDelta> {
@@ -164,18 +169,16 @@ private module ModulusAnalysisInstantiated implements ModulusAnalysisSig<Sem> {
class ModBound = AllBounds::SemBound;
private import codeql.rangeanalysis.ModulusAnalysis as MA
import MA::ModulusAnalysis<SemLocation, Sem, FloatDelta, AllBounds, Util>
import MA::ModulusAnalysis<SemLocation, Sem, FloatDelta, AllBounds>
}
module Util = RangeUtil<FloatDelta, CppLangImplConstant>;
module ConstantStage =
RangeStage<SemLocation, Sem, FloatDelta, ConstantBounds, FloatOverflow, CppLangImplConstant,
SignAnalysis, ModulusAnalysisInstantiated, Util>;
SignAnalysis, ModulusAnalysisInstantiated>;
module RelativeStage =
RangeStage<SemLocation, Sem, FloatDelta, RelativeBounds, FloatOverflow, CppLangImplRelative,
SignAnalysis, ModulusAnalysisInstantiated, Util>;
SignAnalysis, ModulusAnalysisInstantiated>;
private newtype TSemReason =
TSemNoReason() or

27
cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/analysis/RangeAnalysisRelativeSpecific.qll
View File

@@ -54,30 +54,7 @@ module CppLangImplRelative implements LangSig<Sem, FloatDelta> {
predicate hasConstantBound(SemExpr e, float bound, boolean upper) { none() }
/**
* Holds if `e >= bound + delta` (if `upper = false`) or `e <= bound + delta` (if `upper = true`).
* Holds if `e2 >= e1 + delta` (if `upper = false`) or `e2 <= e1 + delta` (if `upper = true`).
*/
predicate hasBound(SemExpr e, SemExpr bound, float delta, boolean upper) { none() }
/**
* Holds if the value of `dest` is known to be `src + delta`.
*/
predicate additionalValueFlowStep(SemExpr dest, SemExpr src, float delta) { none() }
/**
* Gets the type that range analysis should use to track the result of the specified expression,
* if a type other than the original type of the expression is to be used.
*
* This predicate is commonly used in languages that support immutable "boxed" types that are
* actually references but whose values can be tracked as the type contained in the box.
*/
SemType getAlternateType(SemExpr e) { none() }
/**
* Gets the type that range analysis should use to track the result of the specified source
* variable, if a type other than the original type of the expression is to be used.
*
* This predicate is commonly used in languages that support immutable "boxed" types that are
* actually references but whose values can be tracked as the type contained in the box.
*/
SemType getAlternateTypeForSsaVariable(SemSsaVariable var) { none() }
predicate additionalBoundFlowStep(SemExpr e2, SemExpr e1, float delta, boolean upper) { none() }
}

136
cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/analysis/RangeUtils.qll
View File

@@ -1,136 +0,0 @@
/**
* Provides utility predicates for range analysis.
*/
private import semmle.code.cpp.rangeanalysis.new.internal.semantic.Semantic
private import RangeAnalysisRelativeSpecific
private import codeql.rangeanalysis.RangeAnalysis
private import RangeAnalysisImpl
private import ConstantAnalysis
module RangeUtil<DeltaSig D, LangSig<Sem, D> Lang> implements UtilSig<Sem, D> {
/**
* Gets an expression that equals `v - d`.
*/
private SemExpr semSsaRead(SemSsaVariable v, D::Delta delta) {
// There are various language-specific extension points that can be removed once we no longer
// expect to match the original Java implementation's results exactly.
result = v.getAUse() and delta = D::fromInt(0)
or
exists(D::Delta d1, SemConstantIntegerExpr c |
result.(SemAddExpr).hasOperands(semSsaRead(v, d1), c) and
delta = D::fromFloat(D::toFloat(d1) - c.getIntValue())
)
or
exists(SemSubExpr sub, D::Delta d1, SemConstantIntegerExpr c |
result = sub and
sub.getLeftOperand() = semSsaRead(v, d1) and
sub.getRightOperand() = c and
delta = D::fromFloat(D::toFloat(d1) + c.getIntValue())
)
or
result = v.(SemSsaExplicitUpdate).getSourceExpr() and
delta = D::fromFloat(0)
or
result.(SemCopyValueExpr).getOperand() = semSsaRead(v, delta)
or
result.(SemStoreExpr).getOperand() = semSsaRead(v, delta)
}
/**
* Gets a condition that tests whether `v` equals `e + delta`.
*
* If the condition evaluates to `testIsTrue`:
* - `isEq = true` : `v == e + delta`
* - `isEq = false` : `v != e + delta`
*/
pragma[nomagic]
SemGuard semEqFlowCond(
SemSsaVariable v, SemExpr e, D::Delta delta, boolean isEq, boolean testIsTrue
) {
exists(boolean eqpolarity |
result.isEquality(semSsaRead(v, delta), e, eqpolarity) and
(testIsTrue = true or testIsTrue = false) and
eqpolarity.booleanXor(testIsTrue).booleanNot() = isEq
)
or
exists(boolean testIsTrue0 |
semImplies_v2(result, testIsTrue, semEqFlowCond(v, e, delta, isEq, testIsTrue0), testIsTrue0)
)
}
/**
* Holds if `v` is an `SsaExplicitUpdate` that equals `e + delta`.
*/
predicate semSsaUpdateStep(SemSsaExplicitUpdate v, SemExpr e, D::Delta delta) {
exists(SemExpr defExpr | defExpr = v.getSourceExpr() |
defExpr.(SemCopyValueExpr).getOperand() = e and delta = D::fromFloat(0)
or
defExpr.(SemStoreExpr).getOperand() = e and delta = D::fromFloat(0)
or
defExpr.(SemAddOneExpr).getOperand() = e and delta = D::fromFloat(1)
or
defExpr.(SemSubOneExpr).getOperand() = e and delta = D::fromFloat(-1)
or
e = defExpr and
not (
defExpr instanceof SemCopyValueExpr or
defExpr instanceof SemStoreExpr or
defExpr instanceof SemAddOneExpr or
defExpr instanceof SemSubOneExpr
) and
delta = D::fromFloat(0)
)
}
/**
* Holds if `e1 + delta` equals `e2`.
*/
predicate semValueFlowStep(SemExpr e2, SemExpr e1, D::Delta delta) {
e2.(SemCopyValueExpr).getOperand() = e1 and delta = D::fromFloat(0)
or
e2.(SemStoreExpr).getOperand() = e1 and delta = D::fromFloat(0)
or
e2.(SemAddOneExpr).getOperand() = e1 and delta = D::fromFloat(1)
or
e2.(SemSubOneExpr).getOperand() = e1 and delta = D::fromFloat(-1)
or
Lang::additionalValueFlowStep(e2, e1, delta)
or
exists(SemExpr x | e2.(SemAddExpr).hasOperands(e1, x) |
D::fromInt(x.(SemConstantIntegerExpr).getIntValue()) = delta
)
or
exists(SemExpr x, SemSubExpr sub |
e2 = sub and
sub.getLeftOperand() = e1 and
sub.getRightOperand() = x
|
D::fromInt(-x.(SemConstantIntegerExpr).getIntValue()) = delta
)
}
/**
* Gets the type used to track the specified expression's range information.
*
* Usually, this just `e.getSemType()`, but the language can override this to track immutable boxed
* primitive types as the underlying primitive type.
*/
SemType getTrackedType(SemExpr e) {
result = Lang::getAlternateType(e)
or
not exists(Lang::getAlternateType(e)) and result = e.getSemType()
}
/**
* Gets the type used to track the specified source variable's range information.
*
* Usually, this just `e.getType()`, but the language can override this to track immutable boxed
* primitive types as the underlying primitive type.
*/
SemType getTrackedTypeForSsaVariable(SemSsaVariable var) {
result = Lang::getAlternateTypeForSsaVariable(var)
or
not exists(Lang::getAlternateTypeForSsaVariable(var)) and result = var.getType()
}
}

13
cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/analysis/SignAnalysisCommon.qll
View File

@@ -11,10 +11,9 @@ private import RangeAnalysisImpl
private import SignAnalysisSpecific as Specific
private import semmle.code.cpp.rangeanalysis.new.internal.semantic.Semantic
private import ConstantAnalysis
private import RangeUtils
private import Sign
module SignAnalysis<DeltaSig D, UtilSig<Sem, D> Utils> {
module SignAnalysis<DeltaSig D> {
private import codeql.rangeanalysis.internal.RangeUtils::MakeUtils<Sem, D>
/**
@@ -39,7 +38,7 @@ module SignAnalysis<DeltaSig D, UtilSig<Sem, D> Utils> {
/** An SSA definition whose sign is determined by the sign of that definitions source expression. */
private class ExplicitSignDef extends FlowSignDef instanceof SemSsaExplicitUpdate {
final override Sign getSign() { result = semExprSign(super.getSourceExpr()) }
final override Sign getSign() { result = semExprSign(super.getDefiningExpr()) }
}
/** An SSA Phi definition, whose sign is the union of the signs of its inputs. */
@@ -148,7 +147,7 @@ module SignAnalysis<DeltaSig D, UtilSig<Sem, D> Utils> {
not this instanceof ConstantSignExpr and
(
// Only track numeric types.
Utils::getTrackedType(this) instanceof SemNumericType
Sem::getExprType(this) instanceof SemNumericType
or
// Unless the language says to track this expression anyway.
Specific::trackUnknownNonNumericExpr(this)
@@ -203,7 +202,7 @@ module SignAnalysis<DeltaSig D, UtilSig<Sem, D> Utils> {
/** An expression of an unsigned type. */
private class UnsignedExpr extends FlowSignExpr {
UnsignedExpr() { Utils::getTrackedType(this) instanceof SemUnsignedIntegerType }
UnsignedExpr() { Sem::getExprType(this) instanceof SemUnsignedIntegerType }
override Sign getSignRestriction() {
result = TPos() or
@@ -276,7 +275,7 @@ module SignAnalysis<DeltaSig D, UtilSig<Sem, D> Utils> {
override SemUnboxExpr cast;
UnboxSignExpr() {
exists(SemType fromType | fromType = Utils::getTrackedType(cast.getOperand()) |
exists(SemType fromType | fromType = Sem::getExprType(cast.getOperand()) |
// Only numeric source types are handled here.
fromType instanceof SemNumericType
)
@@ -471,7 +470,7 @@ module SignAnalysis<DeltaSig D, UtilSig<Sem, D> Utils> {
Sign semExprSign(SemExpr e) {
exists(Sign s | s = e.(SignExpr).getSign() |
if
Utils::getTrackedType(e) instanceof SemUnsignedIntegerType and
Sem::getExprType(e) instanceof SemUnsignedIntegerType and
s = TNeg() and
not Specific::ignoreTypeRestrictions(e)
then result = TPos()

5
cpp/ql/test/library-tests/ir/modulus-analysis/ModulusAnalysis.ql
View File

@@ -2,7 +2,6 @@ import cpp
import codeql.rangeanalysis.ModulusAnalysis
import semmle.code.cpp.rangeanalysis.new.internal.semantic.Semantic
import semmle.code.cpp.rangeanalysis.new.internal.semantic.SemanticLocation
import semmle.code.cpp.rangeanalysis.new.internal.semantic.analysis.RangeUtils
import semmle.code.cpp.rangeanalysis.new.internal.semantic.analysis.FloatDelta
import semmle.code.cpp.rangeanalysis.new.internal.semantic.analysis.RangeAnalysisRelativeSpecific
import semmle.code.cpp.rangeanalysis.new.internal.semantic.analysis.RangeAnalysisImpl
@@ -10,9 +9,7 @@ import semmle.code.cpp.rangeanalysis.new.internal.semantic.SemanticExprSpecific
import semmle.code.cpp.ir.IR as IR
import TestUtilities.InlineExpectationsTest
module ModulusAnalysisInstantiated =
ModulusAnalysis<SemLocation, Sem, FloatDelta, ConstantBounds,
RangeUtil<FloatDelta, CppLangImplRelative>>;
module ModulusAnalysisInstantiated = ModulusAnalysis<SemLocation, Sem, FloatDelta, ConstantBounds>;
module ModulusAnalysisTest implements TestSig {
string getARelevantTag() { result = "mod" }

4
cpp/ql/test/library-tests/ir/sign-analysis/SignAnalysis.ql
View File

@@ -1,15 +1,13 @@
import cpp
import semmle.code.cpp.rangeanalysis.new.internal.semantic.analysis.SignAnalysisCommon
import semmle.code.cpp.rangeanalysis.new.internal.semantic.Semantic
import semmle.code.cpp.rangeanalysis.new.internal.semantic.analysis.RangeUtils
import semmle.code.cpp.rangeanalysis.new.internal.semantic.analysis.FloatDelta
import semmle.code.cpp.rangeanalysis.new.internal.semantic.analysis.RangeAnalysisRelativeSpecific
import semmle.code.cpp.rangeanalysis.new.internal.semantic.SemanticExprSpecific
import semmle.code.cpp.ir.IR as IR
import TestUtilities.InlineExpectationsTest
module SignAnalysisInstantiated =
SignAnalysis<FloatDelta, RangeUtil<FloatDelta, CppLangImplRelative>>;
module SignAnalysisInstantiated = SignAnalysis<FloatDelta>;
module SignAnalysisTest implements TestSig {
string getARelevantTag() { result = "sign" }

14
cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/UnboundedWrite.expected
View File

@@ -1,4 +1,16 @@
edges
subpaths
| main.cpp:6:27:6:30 | argv indirection | main.cpp:10:20:10:23 | argv indirection |
| main.cpp:10:20:10:23 | argv indirection | tests.cpp:618:32:618:35 | argv indirection |
| tests.cpp:613:19:613:24 | source indirection | tests.cpp:615:17:615:22 | source indirection |
| tests.cpp:618:32:618:35 | argv indirection | tests.cpp:643:9:643:15 | access to array indirection |
| tests.cpp:643:9:643:15 | access to array indirection | tests.cpp:613:19:613:24 | source indirection |
nodes
| main.cpp:6:27:6:30 | argv indirection | semmle.label | argv indirection |
| main.cpp:10:20:10:23 | argv indirection | semmle.label | argv indirection |
| tests.cpp:613:19:613:24 | source indirection | semmle.label | source indirection |
| tests.cpp:615:17:615:22 | source indirection | semmle.label | source indirection |
| tests.cpp:618:32:618:35 | argv indirection | semmle.label | argv indirection |
| tests.cpp:643:9:643:15 | access to array indirection | semmle.label | access to array indirection |
subpaths
#select
| tests.cpp:615:2:615:7 | call to strcpy | main.cpp:6:27:6:30 | argv indirection | tests.cpp:615:17:615:22 | source indirection | This 'call to strcpy' with input from $@ may overflow the destination. | main.cpp:6:27:6:30 | argv indirection | a command-line argument |

10
cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/tests.cpp
View File

@@ -407,7 +407,7 @@ void test15()
{
if (ptr[5] == ' ') // GOOD
{
// ...
break;
}
}
}
@@ -608,6 +608,13 @@ int test23() {
return sizeof(buffer) / sizeof(buffer[101]); // GOOD
}
char* strcpy(char *, const char *);
void test24(char* source) {
char buffer[100];
strcpy(buffer, source); // BAD
}
int tests_main(int argc, char *argv[])
{
long long arr17[19];
@@ -633,6 +640,7 @@ int tests_main(int argc, char *argv[])
test21(argc == 0);
test22(argc == 0, argv[0]);
test23();
test24(argv[0]);
return 0;
}

4
go/ql/lib/change-notes/2023-10-31-add-gin-cors-framework.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Added the [gin cors](https://github.com/gin-contrib/cors) library to the CorsMisconfiguration.ql query

1
go/ql/lib/go.qll
View File

@@ -41,6 +41,7 @@ import semmle.go.frameworks.Email
import semmle.go.frameworks.Encoding
import semmle.go.frameworks.Fiber
import semmle.go.frameworks.Gin
import semmle.go.frameworks.GinCors
import semmle.go.frameworks.Glog
import semmle.go.frameworks.GoKit
import semmle.go.frameworks.GoMicro

139
go/ql/lib/semmle/go/frameworks/GinCors.qll Normal file
View File

@@ -0,0 +1,139 @@
/**
* Provides classes for modeling the `github.com/gin-contrib/cors` package.
*/
import go
/**
* Provides classes for modeling the `github.com/gin-contrib/cors` package.
*/
module GinCors {
/** Gets the package name `github.com/gin-gonic/gin`. */
string packagePath() { result = package("github.com/gin-contrib/cors", "") }
/**
* A new function create a new gin Handler that passed to gin as middleware
*/
class New extends Function {
New() { exists(Function f | f.hasQualifiedName(packagePath(), "New") | this = f) }
}
/**
* A write to the value of Access-Control-Allow-Credentials header
*/
class AllowCredentialsWrite extends DataFlow::ExprNode {
DataFlow::Node base;
AllowCredentialsWrite() {
exists(Field f, Write w |
f.hasQualifiedName(packagePath(), "Config", "AllowCredentials") and
w.writesField(base, f, this) and
this.getType() instanceof BoolType
)
}
/**
* Get config struct holding header values
*/
DataFlow::Node getBase() { result = base }
/**
* Get config variable holding header values
*/
GinConfig getConfig() {
exists(GinConfig gc |
(
gc.getV().getBaseVariable().getDefinition().(SsaExplicitDefinition).getRhs() =
base.asInstruction() or
gc.getV().getAUse() = base
) and
result = gc
)
}
}
/**
* A write to the value of Access-Control-Allow-Origins header
*/
class AllowOriginsWrite extends DataFlow::ExprNode {
DataFlow::Node base;
AllowOriginsWrite() {
exists(Field f, Write w |
f.hasQualifiedName(packagePath(), "Config", "AllowOrigins") and
w.writesField(base, f, this) and
this.asExpr() instanceof SliceLit
)
}
/**
* Get config struct holding header values
*/
DataFlow::Node getBase() { result = base }
/**
* Get config variable holding header values
*/
GinConfig getConfig() {
exists(GinConfig gc |
(
gc.getV().getBaseVariable().getDefinition().(SsaExplicitDefinition).getRhs() =
base.asInstruction() or
gc.getV().getAUse() = base
) and
result = gc
)
}
}
/**
* A write to the value of Access-Control-Allow-Origins of value "*", overriding AllowOrigins
*/
class AllowAllOriginsWrite extends DataFlow::ExprNode {
DataFlow::Node base;
AllowAllOriginsWrite() {
exists(Field f, Write w |
f.hasQualifiedName(packagePath(), "Config", "AllowAllOrigins") and
w.writesField(base, f, this) and
this.getType() instanceof BoolType
)
}
/**
* Get config struct holding header values
*/
DataFlow::Node getBase() { result = base }
/**
* Get config variable holding header values
*/
GinConfig getConfig() {
exists(GinConfig gc |
(
gc.getV().getBaseVariable().getDefinition().(SsaExplicitDefinition).getRhs() =
base.asInstruction() or
gc.getV().getAUse() = base
) and
result = gc
)
}
}
/**
* A variable of type Config that holds the headers to be set.
*/
class GinConfig extends Variable {
SsaWithFields v;
GinConfig() {
this = v.getBaseVariable().getSourceVariable() and
exists(Type t | t.hasQualifiedName(packagePath(), "Config") | v.getType() = t)
}
/**
* Get variable declaration of GinConfig
*/
SsaWithFields getV() { result = v }
}
}

31
go/ql/src/experimental/CWE-287/ImproperLdapAuth.qhelp Normal file
View File

@@ -0,0 +1,31 @@
<!DOCTYPE qhelp PUBLIC "-//Semmle//qhelp//EN" "qhelp.dtd">
<qhelp>
<overview>
<p>
If an LDAP connection uses user-supplied data as password, anonymous bind could be caused using an empty password
to result in a successful authentication.
</p>
</overview>
<recommendation>
<p>Don't use user-supplied data as password while establishing an LDAP connection.
</p>
</recommendation>
<example>
<p>In the following examples, the code accepts a bind password via a HTTP request in variable <code>
bindPassword</code>. The code builds a LDAP query whose authentication depends on user supplied data.</p>
<sample src="examples/LdapAuthBad.go" />
<p>In the following examples, the code accepts a bind password via a HTTP request in variable <code>
bindPassword</code>. The function ensures that the password provided is not empty before binding. </p>
<sample src="examples/LdapAuthGood.go" />
</example>
<references>
<li>MITRE: <a href="https://cwe.mitre.org/data/definitions/287.html">CWE-287: Improper Authentication</a>.</li>
</references>
</qhelp>

19
go/ql/src/experimental/CWE-287/ImproperLdapAuth.ql Normal file
View File

@@ -0,0 +1,19 @@
/**
* @name Improper LDAP Authentication
* @description A user-controlled query carries no authentication
* @kind path-problem
* @problem.severity warning
* @id go/improper-ldap-auth
* @tags security
* experimental
* external/cwe/cwe-287
*/
import go
import ImproperLdapAuthCustomizations
import ImproperLdapAuth::Flow::PathGraph
from ImproperLdapAuth::Flow::PathNode source, ImproperLdapAuth::Flow::PathNode sink
where ImproperLdapAuth::Flow::flowPath(source, sink)
select sink.getNode(), source, sink, "LDAP binding password depends on a $@.", source.getNode(),
"user-provided value"

84
go/ql/src/experimental/CWE-287/ImproperLdapAuthCustomizations.qll Normal file
View File

@@ -0,0 +1,84 @@
import go
import semmle.go.dataflow.barrierguardutil.RegexpCheck
module ImproperLdapAuth {
/**
* A sink that is vulnerable to improper LDAP Authentication vulnerabilities.
*/
abstract class LdapAuthSink extends DataFlow::Node { }
/**
* A sanitizer function that prevents improper LDAP Authentication attacks.
*/
abstract class LdapSanitizer extends DataFlow::Node { }
/**
* A vulnerable argument to `go-ldap` or `ldap`'s `bind` function (Only v2).
*/
private class GoLdapBindSink extends LdapAuthSink {
GoLdapBindSink() {
exists(Method meth |
meth.hasQualifiedName("gopkg.in/ldap.v2", "Conn", "Bind") and
this = meth.getACall().getArgument(1)
)
}
}
/**
* A call to a regexp match function, considered as a barrier guard for sanitizing untrusted URLs.
*
* This is overapproximate: we do not attempt to reason about the correctness of the regexp.
*/
class RegexpCheckAsBarrierGuard extends RegexpCheckBarrier, LdapSanitizer { }
/**
* An empty string.
*/
class EmptyString extends DataFlow::Node {
EmptyString() { this.asExpr().getStringValue() = "" }
}
private predicate equalityAsSanitizerGuard(DataFlow::Node g, Expr e, boolean outcome) {
exists(DataFlow::Node nonConstNode, DataFlow::Node constNode, DataFlow::EqualityTestNode eq |
g = eq and
nonConstNode = eq.getAnOperand() and
not nonConstNode.isConst() and
constNode = eq.getAnOperand() and
constNode.isConst() and
e = nonConstNode.asExpr() and
(
// If `constNode` is not an empty string a comparison is considered a sanitizer
not constNode instanceof EmptyString and outcome = eq.getPolarity()
or
// If `constNode` is an empty string a not comparison is considered a sanitizer
constNode instanceof EmptyString and outcome = eq.getPolarity().booleanNot()
)
)
}
/**
* An equality check comparing a data-flow node against a constant string, considered as
* a barrier guard for sanitizing untrusted user input.
*/
class EqualityAsSanitizerGuard extends LdapSanitizer {
EqualityAsSanitizerGuard() {
this = DataFlow::BarrierGuard<equalityAsSanitizerGuard/3>::getABarrierNode()
}
}
private module Config implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) {
source instanceof UntrustedFlowSource or source instanceof EmptyString
}
predicate isSink(DataFlow::Node sink) { sink instanceof LdapAuthSink }
predicate isBarrier(DataFlow::Node node) { node instanceof LdapSanitizer }
}
/**
* Tracks taint flow for reasoning about improper ldap auth vulnerabilities
* with sinks which are not sanitized by string comparisons.
*/
module Flow = TaintTracking::Global<Config>;
}

22
go/ql/src/experimental/CWE-287/examples/LdapAuthBad.go Normal file
View File

@@ -0,0 +1,22 @@
package main
import (
"fmt"
"log"
)
func bad() interface{} {
bindPassword := req.URL.Query()["password"][0]
// Connect to the LDAP server
l, err := ldap.Dial("tcp", fmt.Sprintf("%s:%d", "ldap.example.com", 389))
if err != nil {
log.Fatalf("Failed to connect to LDAP server: %v", err)
}
defer l.Close()
err = l.Bind("cn=admin,dc=example,dc=com", bindPassword)
if err != nil {
log.Fatalf("LDAP bind failed: %v", err)
}
}

24
go/ql/src/experimental/CWE-287/examples/LdapAuthGood.go Normal file
View File

@@ -0,0 +1,24 @@
package main
import (
"fmt"
"log"
)
func good() interface{} {
bindPassword := req.URL.Query()["password"][0]
// Connect to the LDAP server
l, err := ldap.Dial("tcp", fmt.Sprintf("%s:%d", "ldap.example.com", 389))
if err != nil {
log.Fatalf("Failed to connect to LDAP server: %v", err)
}
defer l.Close()
if bindPassword != "" {
err = l.Bind("cn=admin,dc=example,dc=com", bindPassword)
if err != nil {
log.Fatalf("LDAP bind failed: %v", err)
}
}
}

64
go/ql/src/experimental/CWE-942/CorsMisconfiguration.ql
View File

@@ -69,22 +69,53 @@ module UntrustedToAllowOriginHeaderConfig implements DataFlow::ConfigSig {
predicate isSink(DataFlow::Node sink) { isSinkHW(sink, _) }
}
module UntrustedToAllowOriginConfigConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { source instanceof UntrustedFlowSource }
additional predicate isSinkWrite(DataFlow::Node sink, GinCors::AllowOriginsWrite w) { sink = w }
predicate isSink(DataFlow::Node sink) { isSinkWrite(sink, _) }
}
/**
* Tracks taint flowfor reasoning about when an `UntrustedFlowSource` flows to
* a `HeaderWrite` that writes an `Access-Control-Allow-Origin` header's value.
*/
module UntrustedToAllowOriginHeaderFlow = TaintTracking::Global<UntrustedToAllowOriginHeaderConfig>;
/**
* Tracks taint flowfor reasoning about when an `UntrustedFlowSource` flows to
* a `AllowOriginsWrite` that writes an `Access-Control-Allow-Origin` header's value.
*/
module UntrustedToAllowOriginConfigFlow = TaintTracking::Global<UntrustedToAllowOriginConfigConfig>;
/**
* Holds if the provided `allowOriginHW` HeaderWrite's parent ResponseWriter
* also has another HeaderWrite that sets a `Access-Control-Allow-Credentials`
* header to `true`.
*/
predicate allowCredentialsIsSetToTrue(AllowOriginHeaderWrite allowOriginHW) {
predicate allowCredentialsIsSetToTrue(DataFlow::ExprNode allowOriginHW) {
exists(AllowCredentialsHeaderWrite allowCredentialsHW |
allowCredentialsHW.getHeaderValue().toLowerCase() = "true"
|
allowOriginHW.getResponseWriter() = allowCredentialsHW.getResponseWriter()
allowOriginHW.(AllowOriginHeaderWrite).getResponseWriter() =
allowCredentialsHW.getResponseWriter()
)
or
exists(GinCors::AllowCredentialsWrite allowCredentialsGin |
allowCredentialsGin.getExpr().getBoolValue() = true
|
allowCredentialsGin.getConfig() = allowOriginHW.(GinCors::AllowOriginsWrite).getConfig() and
not exists(GinCors::AllowAllOriginsWrite allowAllOrigins |
allowAllOrigins.getExpr().getBoolValue() = true and
allowCredentialsGin.getConfig() = allowAllOrigins.getConfig()
)
or
allowCredentialsGin.getBase() = allowOriginHW.(GinCors::AllowOriginsWrite).getBase() and
not exists(GinCors::AllowAllOriginsWrite allowAllOrigins |
allowAllOrigins.getExpr().getBoolValue() = true and
allowCredentialsGin.getBase() = allowAllOrigins.getBase()
)
)
}
@@ -93,10 +124,13 @@ predicate allowCredentialsIsSetToTrue(AllowOriginHeaderWrite allowOriginHW) {
* UntrustedFlowSource.
* The `message` parameter is populated with the warning message to be returned by the query.
*/
predicate flowsFromUntrustedToAllowOrigin(AllowOriginHeaderWrite allowOriginHW, string message) {
predicate flowsFromUntrustedToAllowOrigin(DataFlow::ExprNode allowOriginHW, string message) {
exists(DataFlow::Node sink |
UntrustedToAllowOriginHeaderFlow::flowTo(sink) and
UntrustedToAllowOriginHeaderConfig::isSinkHW(sink, allowOriginHW)
or
UntrustedToAllowOriginConfigFlow::flowTo(sink) and
UntrustedToAllowOriginConfigConfig::isSinkWrite(sink, allowOriginHW)
|
message =
headerAllowOrigin() + " header is set to a user-defined value, and " +
@@ -108,11 +142,23 @@ predicate flowsFromUntrustedToAllowOrigin(AllowOriginHeaderWrite allowOriginHW,
* Holds if the provided `allowOriginHW` HeaderWrite is for a `Access-Control-Allow-Origin`
* header and the value is set to `null`.
*/
predicate allowOriginIsNull(AllowOriginHeaderWrite allowOriginHW, string message) {
allowOriginHW.getHeaderValue().toLowerCase() = "null" and
predicate allowOriginIsNull(DataFlow::ExprNode allowOriginHW, string message) {
allowOriginHW.(AllowOriginHeaderWrite).getHeaderValue().toLowerCase() = "null" and
message =
headerAllowOrigin() + " header is set to `" + allowOriginHW.getHeaderValue() + "`, and " +
headerAllowCredentials() + " is set to `true`"
headerAllowOrigin() + " header is set to `" +
allowOriginHW.(AllowOriginHeaderWrite).getHeaderValue() + "`, and " + headerAllowCredentials()
+ " is set to `true`"
or
allowOriginHW
.(GinCors::AllowOriginsWrite)
.asExpr()
.(SliceLit)
.getAnElement()
.getStringValue()
.toLowerCase() = "null" and
message =
headerAllowOrigin() + " header is set to `" + "null" + "`, and " + headerAllowCredentials() +
" is set to `true`"
}
/**
@@ -170,7 +216,7 @@ module FromUntrustedFlow = TaintTracking::Global<FromUntrustedConfig>;
/**
* Holds if the provided `allowOriginHW` is also destination of a `UntrustedFlowSource`.
*/
predicate flowsToGuardedByCheckOnUntrusted(AllowOriginHeaderWrite allowOriginHW) {
predicate flowsToGuardedByCheckOnUntrusted(DataFlow::ExprNode allowOriginHW) {
exists(DataFlow::Node sink, ControlFlow::ConditionGuardNode cgn |
FromUntrustedFlow::flowTo(sink) and FromUntrustedConfig::isSinkCgn(sink, cgn)
|
@@ -178,7 +224,7 @@ predicate flowsToGuardedByCheckOnUntrusted(AllowOriginHeaderWrite allowOriginHW)
)
}
from AllowOriginHeaderWrite allowOriginHW, string message
from DataFlow::ExprNode allowOriginHW, string message
where
allowCredentialsIsSetToTrue(allowOriginHW) and
(

14
go/ql/test/experimental/CWE-287/ImproperLdapAuth.expected Normal file
View File

@@ -0,0 +1,14 @@
edges
| ImproperLdapAuth.go:18:18:18:24 | selection of URL | ImproperLdapAuth.go:18:18:18:32 | call to Query |
| ImproperLdapAuth.go:18:18:18:32 | call to Query | ImproperLdapAuth.go:28:23:28:34 | bindPassword |
| ImproperLdapAuth.go:87:18:87:19 | "" | ImproperLdapAuth.go:97:23:97:34 | bindPassword |
nodes
| ImproperLdapAuth.go:18:18:18:24 | selection of URL | semmle.label | selection of URL |
| ImproperLdapAuth.go:18:18:18:32 | call to Query | semmle.label | call to Query |
| ImproperLdapAuth.go:28:23:28:34 | bindPassword | semmle.label | bindPassword |
| ImproperLdapAuth.go:87:18:87:19 | "" | semmle.label | "" |
| ImproperLdapAuth.go:97:23:97:34 | bindPassword | semmle.label | bindPassword |
subpaths
#select
| ImproperLdapAuth.go:28:23:28:34 | bindPassword | ImproperLdapAuth.go:18:18:18:24 | selection of URL | ImproperLdapAuth.go:28:23:28:34 | bindPassword | LDAP binding password depends on a $@. | ImproperLdapAuth.go:18:18:18:24 | selection of URL | user-provided value |
| ImproperLdapAuth.go:97:23:97:34 | bindPassword | ImproperLdapAuth.go:87:18:87:19 | "" | ImproperLdapAuth.go:97:23:97:34 | bindPassword | LDAP binding password depends on a $@. | ImproperLdapAuth.go:87:18:87:19 | "" | user-provided value |

108
go/ql/test/experimental/CWE-287/ImproperLdapAuth.go Normal file
View File

@@ -0,0 +1,108 @@
package main
//go:generate depstubber -vendor gopkg.in/ldap.v2 Conn Dial
import (
"fmt"
"log"
"net/http"
"regexp"
ldap "gopkg.in/ldap.v2"
)
func bad(w http.ResponseWriter, req *http.Request) (interface{}, error) {
ldapServer := "ldap.example.com"
ldapPort := 389
bindDN := "cn=admin,dc=example,dc=com"
bindPassword := req.URL.Query()["password"][0]
// Connect to the LDAP server
l, err := ldap.Dial("tcp", fmt.Sprintf("%s:%d", ldapServer, ldapPort))
if err != nil {
return fmt.Errorf("Failed to connect to LDAP server: %v", err), err
}
defer l.Close()
// BAD: user input is not sanetized
err = l.Bind(bindDN, bindPassword)
if err != nil {
return fmt.Errorf("LDAP bind failed: %v", err), err
}
return nil, nil
}
func good1(w http.ResponseWriter, req *http.Request) (interface{}, error) {
ldapServer := "ldap.example.com"
ldapPort := 389
bindDN := "cn=admin,dc=example,dc=com"
bindPassword := req.URL.Query()["password"][0]
// Connect to the LDAP server
l, err := ldap.Dial("tcp", fmt.Sprintf("%s:%d", ldapServer, ldapPort))
if err != nil {
return fmt.Errorf("Failed to connect to LDAP server: %v", err), err
}
defer l.Close()
hasEmptyInput, _ := regexp.MatchString("^\\s*$", bindPassword)
// GOOD : bindPassword is not empty
if !hasEmptyInput {
l.Bind(bindDN, bindPassword)
}
if err != nil {
return fmt.Errorf("LDAP bind failed: %v", err), err
}
return nil, nil
}
func good2(w http.ResponseWriter, req *http.Request) (interface{}, error) {
ldapServer := "ldap.example.com"
ldapPort := 389
bindDN := "cn=admin,dc=example,dc=com"
bindPassword := req.URL.Query()["password"][0]
// Connect to the LDAP server
l, err := ldap.Dial("tcp", fmt.Sprintf("%s:%d", ldapServer, ldapPort))
if err != nil {
return fmt.Errorf("Failed to connect to LDAP server: %v", err), err
}
defer l.Close()
// GOOD : bindPassword is not empty
if bindPassword != "" {
l.Bind(bindDN, bindPassword)
return nil, err
}
return nil, nil
}
func bad2(req *http.Request) {
// LDAP server details
ldapServer := "ldap.example.com"
ldapPort := 389
bindDN := "cn=admin,dc=example,dc=com"
// BAD : empty password
bindPassword := ""
// Connect to the LDAP server
l, err := ldap.Dial("tcp", fmt.Sprintf("%s:%d", ldapServer, ldapPort))
if err != nil {
log.Fatalf("Failed to connect to LDAP server: %v", err)
}
defer l.Close()
// BAD : bindPassword is empty
err = l.Bind(bindDN, bindPassword)
if err != nil {
log.Fatalf("LDAP bind failed: %v", err)
}
}
func main() {
bad(nil, nil)
good1(nil, nil)
good2(nil, nil)
bad2(nil)
}

1
go/ql/test/experimental/CWE-287/ImproperLdapAuth.qlref Normal file
View File

@@ -0,0 +1 @@
experimental/CWE-287/ImproperLdapAuth.ql

7
go/ql/test/experimental/CWE-287/go.mod Normal file
View File

@@ -0,0 +1,7 @@
module main
go 1.19
require gopkg.in/ldap.v2 v2.5.1
require gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d // indirect

185
go/ql/test/experimental/CWE-287/vendor/gopkg.in/ldap.v2/stub.go generated vendored Normal file
View File

@@ -0,0 +1,185 @@
// Code generated by depstubber. DO NOT EDIT.
// This is a simple stub for gopkg.in/ldap.v2, strictly for use in testing.
// See the LICENSE file for information about the licensing of the original library.
// Source: gopkg.in/ldap.v2 (exports: Conn; functions: Dial)
// Package ldap is a stub of gopkg.in/ldap.v2, generated by depstubber.
package ldap
import (
tls "crypto/tls"
time "time"
)
type AddRequest struct {
DN string
Attributes []Attribute
}
func (_ *AddRequest) Attribute(_ string, _ []string) {}
type Attribute struct {
Type string
Vals []string
}
type Conn struct {
Debug interface{}
}
func (_ *Conn) Add(_ *AddRequest) error {
return nil
}
func (_ *Conn) Bind(_ string, _ string) error {
return nil
}
func (_ *Conn) Close() {}
func (_ *Conn) Compare(_ string, _ string, _ string) (bool, error) {
return false, nil
}
func (_ *Conn) Del(_ *DelRequest) error {
return nil
}
func (_ *Conn) Modify(_ *ModifyRequest) error {
return nil
}
func (_ *Conn) PasswordModify(_ *PasswordModifyRequest) (*PasswordModifyResult, error) {
return nil, nil
}
func (_ *Conn) Search(_ *SearchRequest) (*SearchResult, error) {
return nil, nil
}
func (_ *Conn) SearchWithPaging(_ *SearchRequest, _ uint32) (*SearchResult, error) {
return nil, nil
}
func (_ *Conn) SetTimeout(_ time.Duration) {}
func (_ *Conn) SimpleBind(_ *SimpleBindRequest) (*SimpleBindResult, error) {
return nil, nil
}
func (_ *Conn) Start() {}
func (_ *Conn) StartTLS(_ *tls.Config) error {
return nil
}
type Control interface {
Encode() interface{}
GetControlType() string
String() string
}
type DelRequest struct {
DN string
Controls []Control
}
func Dial(_ string, _ string) (*Conn, error) {
return nil, nil
}
type Entry struct {
DN string
Attributes []*EntryAttribute
}
func (_ *Entry) GetAttributeValue(_ string) string {
return ""
}
func (_ *Entry) GetAttributeValues(_ string) []string {
return nil
}
func (_ *Entry) GetRawAttributeValue(_ string) []byte {
return nil
}
func (_ *Entry) GetRawAttributeValues(_ string) [][]byte {
return nil
}
func (_ *Entry) PrettyPrint(_ int) {}
func (_ *Entry) Print() {}
type EntryAttribute struct {
Name string
Values []string
ByteValues [][]byte
}
func (_ *EntryAttribute) PrettyPrint(_ int) {}
func (_ *EntryAttribute) Print() {}
type ModifyRequest struct {
DN string
AddAttributes []PartialAttribute
DeleteAttributes []PartialAttribute
ReplaceAttributes []PartialAttribute
}
func (_ *ModifyRequest) Add(_ string, _ []string) {}
func (_ *ModifyRequest) Delete(_ string, _ []string) {}
func (_ *ModifyRequest) Replace(_ string, _ []string) {}
type PartialAttribute struct {
Type string
Vals []string
}
type PasswordModifyRequest struct {
UserIdentity string
OldPassword string
NewPassword string
}
type PasswordModifyResult struct {
GeneratedPassword string
}
type SearchRequest struct {
BaseDN string
Scope int
DerefAliases int
SizeLimit int
TimeLimit int
TypesOnly bool
Filter string
Attributes []string
Controls []Control
}
type SearchResult struct {
Entries []*Entry
Referrals []string
Controls []Control
}
func (_ *SearchResult) PrettyPrint(_ int) {}
func (_ *SearchResult) Print() {}
type SimpleBindRequest struct {
Username string
Password string
Controls []Control
}
type SimpleBindResult struct {
Controls []Control
}

6
go/ql/test/experimental/CWE-287/vendor/modules.txt vendored Normal file
View File

@@ -0,0 +1,6 @@
# gopkg.in/ldap.v2 v2.5.1
## explicit
gopkg.in/ldap.v2
# gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d
## explicit
gopkg.in/asn1-ber.v1

106
go/ql/test/experimental/CWE-942/CorsGin.go Normal file
View File

@@ -0,0 +1,106 @@
package main
import (
"net/http"
"time"
"github.com/gin-contrib/cors"
"github.com/gin-gonic/gin"
)
/*
** Function is vulnerable due to AllowAllOrigins = true aka Access-Control-Allow-Origin: null
*/
func vunlnerable() {
router := gin.Default()
// CORS for https://foo.com and null
// - PUT and PATCH methods
// - Origin header
// - Credentials share
// - Preflight requests cached for 12 hours
config_vulnerable := cors.Config{
AllowMethods: []string{"PUT", "PATCH"},
AllowHeaders: []string{"Origin"},
ExposeHeaders: []string{"Content-Length"},
AllowCredentials: true,
MaxAge: 12 * time.Hour,
}
config_vulnerable.AllowOrigins = []string{"null", "https://foo.com"}
router.Use(cors.New(config_vulnerable))
router.GET("/", func(c *gin.Context) {
c.String(http.StatusOK, "hello world")
})
router.Run()
}
/*
** Function is safe due to hardcoded origin and AllowCredentials: true
*/
func safe() {
router := gin.Default()
// CORS for https://foo.com origin, allowing:
// - PUT and PATCH methods
// - Origin header
// - Credentials share
// - Preflight requests cached for 12 hours
config_safe := cors.Config{
AllowMethods: []string{"PUT", "PATCH"},
AllowHeaders: []string{"Origin"},
ExposeHeaders: []string{"Content-Length"},
AllowCredentials: true,
MaxAge: 12 * time.Hour,
}
config_safe.AllowOrigins = []string{"https://foo.com"}
router.Use(cors.New(config_safe))
router.GET("/", func(c *gin.Context) {
c.String(http.StatusOK, "hello world")
})
router.Run()
}
/*
** Function is safe due to AllowAllOrigins = true aka Access-Control-Allow-Origin: *
*/
func AllowAllTrue() {
router := gin.Default()
// CORS for "*" origin, allowing:
// - PUT and PATCH methods
// - Origin header
// - Credentials share
// - Preflight requests cached for 12 hours
config_allowall := cors.Config{
AllowMethods: []string{"PUT", "PATCH"},
AllowHeaders: []string{"Origin"},
ExposeHeaders: []string{"Content-Length"},
AllowCredentials: true,
MaxAge: 12 * time.Hour,
}
config_allowall.AllowOrigins = []string{"null"}
config_allowall.AllowAllOrigins = true
router.Use(cors.New(config_allowall))
router.GET("/", func(c *gin.Context) {
c.String(http.StatusOK, "hello world")
})
router.Run()
}
func NoVariableVulnerable() {
router := gin.Default()
// CORS for https://foo.com origin, allowing:
// - PUT and PATCH methods
// - Origin header
// - Credentials share
// - Preflight requests cached for 12 hours
router.Use(cors.New(cors.Config{
AllowMethods: []string{"GET", "POST"},
AllowHeaders: []string{"Origin"},
ExposeHeaders: []string{"Content-Length"},
AllowOrigins: []string{"null", "https://foo.com"},
AllowCredentials: true,
MaxAge: 12 * time.Hour,
}))
router.GET("/", func(c *gin.Context) {
c.String(http.StatusOK, "hello world")
})
router.Run()
}

2
go/ql/test/experimental/CWE-942/CorsMisconfiguration.expected
View File

@@ -1,3 +1,5 @@
| CorsGin.go:28:35:28:69 | slice literal | access-control-allow-origin header is set to `null`, and access-control-allow-credentials is set to `true` |
| CorsGin.go:98:21:98:55 | slice literal | access-control-allow-origin header is set to `null`, and access-control-allow-credentials is set to `true` |
| CorsMisconfiguration.go:26:4:26:56 | call to Set | access-control-allow-origin header is set to `null`, and access-control-allow-credentials is set to `true` |
| CorsMisconfiguration.go:32:4:32:42 | call to Set | access-control-allow-origin header is set to `null`, and access-control-allow-credentials is set to `true` |
| CorsMisconfiguration.go:53:4:53:44 | call to Set | access-control-allow-origin header is set to a user-defined value, and access-control-allow-credentials is set to `true` |

6
go/ql/test/experimental/CWE-942/CorsMisconfiguration.go
View File

@@ -191,9 +191,9 @@ func main() {
// })
http.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) {
// OK-ish: the input origin header is validated against a whitelist.
if origin := req.Header.Get("Origin"); cors[origin] {
if origin := req.Header.Get("Origin"); cors_map[origin] {
w.Header().Set("Access-Control-Allow-Origin", origin)
} else if len(origin) > 0 && cors["*"] {
} else if len(origin) > 0 && cors_map["*"] {
w.Header().Set("Access-Control-Allow-Origin", origin)
}
@@ -219,7 +219,7 @@ func main() {
}
var (
cors = map[string]bool{"*": true}
cors_map = map[string]bool{"*": true}
)
func GetAllowOrigin() []string {

35
go/ql/test/experimental/CWE-942/go.mod Normal file
View File

@@ -0,0 +1,35 @@
module corsmiconfiguration/test
go 1.21
require (
github.com/gin-contrib/cors v1.4.0
github.com/gin-gonic/gin v1.9.1
)
require (
github.com/bytedance/sonic v1.9.1 // indirect
github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 // indirect
github.com/gabriel-vasile/mimetype v1.4.2 // indirect
github.com/gin-contrib/sse v0.1.0 // indirect
github.com/go-playground/locales v0.14.1 // indirect
github.com/go-playground/universal-translator v0.18.1 // indirect
github.com/go-playground/validator/v10 v10.14.0 // indirect
github.com/goccy/go-json v0.10.2 // indirect
github.com/json-iterator/go v1.1.12 // indirect
github.com/klauspost/cpuid/v2 v2.2.4 // indirect
github.com/leodido/go-urn v1.2.4 // indirect
github.com/mattn/go-isatty v0.0.19 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/pelletier/go-toml/v2 v2.0.8 // indirect
github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
github.com/ugorji/go/codec v1.2.11 // indirect
golang.org/x/arch v0.3.0 // indirect
golang.org/x/crypto v0.9.0 // indirect
golang.org/x/net v0.10.0 // indirect
golang.org/x/sys v0.8.0 // indirect
golang.org/x/text v0.9.0 // indirect
google.golang.org/protobuf v1.30.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
)

43
go/ql/test/experimental/CWE-942/vendor/github.com/gin-contrib/cors/stub.go generated vendored Normal file
View File

@@ -0,0 +1,43 @@
// Code generated by depstubber. DO NOT EDIT.
// This is a simple stub for github.com/gin-contrib/cors, strictly for use in testing.
// See the LICENSE file for information about the licensing of the original library.
// Source: github.com/gin-contrib/cors (exports: Config; functions: New)
// Package cors is a stub of github.com/gin-contrib/cors, generated by depstubber.
package cors
import (
time "time"
"github.com/gin-gonic/gin"
)
type Config struct {
AllowAllOrigins bool
AllowOrigins []string
AllowOriginFunc func(string) bool
AllowMethods []string
AllowHeaders []string
AllowCredentials bool
ExposeHeaders []string
MaxAge time.Duration
AllowWildcard bool
AllowBrowserExtensions bool
AllowWebSockets bool
AllowFiles bool
}
func (_ Config) Validate() error {
return nil
}
func (_ *Config) AddAllowHeaders(_ ...string) {}
func (_ *Config) AddAllowMethods(_ ...string) {}
func (_ *Config) AddExposeHeaders(_ ...string) {}
func New(_ Config) gin.HandlerFunc {
return nil
}

719
go/ql/test/experimental/CWE-942/vendor/github.com/gin-gonic/gin/stub.go generated vendored Normal file
View File

@@ -0,0 +1,719 @@
// Code generated by depstubber. DO NOT EDIT.
// This is a simple stub for github.com/gin-gonic/gin, strictly for use in testing.
// See the LICENSE file for information about the licensing of the original library.
// Source: github.com/gin-gonic/gin (exports: Context,Engine; functions: Default)
// Package gin is a stub of github.com/gin-gonic/gin, generated by depstubber.
package gin
import (
bufio "bufio"
template "html/template"
io "io"
multipart "mime/multipart"
net "net"
http "net/http"
template0 "text/template"
time "time"
)
type Context struct {
Request *http.Request
Writer ResponseWriter
Params Params
Keys map[string]interface{}
Errors interface{}
Accepted []string
}
func (_ *Context) Abort() {}
func (_ *Context) AbortWithError(_ int, _ error) *Error {
return nil
}
func (_ *Context) AbortWithStatus(_ int) {}
func (_ *Context) AbortWithStatusJSON(_ int, _ interface{}) {}
func (_ *Context) AddParam(_ string, _ string) {}
func (_ *Context) AsciiJSON(_ int, _ interface{}) {}
func (_ *Context) Bind(_ interface{}) error {
return nil
}
func (_ *Context) BindHeader(_ interface{}) error {
return nil
}
func (_ *Context) BindJSON(_ interface{}) error {
return nil
}
func (_ *Context) BindQuery(_ interface{}) error {
return nil
}
func (_ *Context) BindTOML(_ interface{}) error {
return nil
}
func (_ *Context) BindUri(_ interface{}) error {
return nil
}
func (_ *Context) BindWith(_ interface{}, _ interface{}) error {
return nil
}
func (_ *Context) BindXML(_ interface{}) error {
return nil
}
func (_ *Context) BindYAML(_ interface{}) error {
return nil
}
func (_ *Context) ClientIP() string {
return ""
}
func (_ *Context) ContentType() string {
return ""
}
func (_ *Context) Cookie(_ string) (string, error) {
return "", nil
}
func (_ *Context) Copy() *Context {
return nil
}
func (_ *Context) Data(_ int, _ string, _ []byte) {}
func (_ *Context) DataFromReader(_ int, _ int64, _ string, _ io.Reader, _ map[string]string) {}
func (_ *Context) Deadline() (time.Time, bool) {
return time.Time{}, false
}
func (_ *Context) DefaultPostForm(_ string, _ string) string {
return ""
}
func (_ *Context) DefaultQuery(_ string, _ string) string {
return ""
}
func (_ *Context) Done() <-chan struct{} {
return nil
}
func (_ *Context) Err() error {
return nil
}
func (_ *Context) Error(_ error) *Error {
return nil
}
func (_ *Context) File(_ string) {}
func (_ *Context) FileAttachment(_ string, _ string) {}
func (_ *Context) FileFromFS(_ string, _ http.FileSystem) {}
func (_ *Context) FormFile(_ string) (*multipart.FileHeader, error) {
return nil, nil
}
func (_ *Context) FullPath() string {
return ""
}
func (_ *Context) Get(_ string) (interface{}, bool) {
return nil, false
}
func (_ *Context) GetBool(_ string) bool {
return false
}
func (_ *Context) GetDuration(_ string) time.Duration {
return 0
}
func (_ *Context) GetFloat64(_ string) float64 {
return 0
}
func (_ *Context) GetHeader(_ string) string {
return ""
}
func (_ *Context) GetInt(_ string) int {
return 0
}
func (_ *Context) GetInt64(_ string) int64 {
return 0
}
func (_ *Context) GetPostForm(_ string) (string, bool) {
return "", false
}
func (_ *Context) GetPostFormArray(_ string) ([]string, bool) {
return nil, false
}
func (_ *Context) GetPostFormMap(_ string) (map[string]string, bool) {
return nil, false
}
func (_ *Context) GetQuery(_ string) (string, bool) {
return "", false
}
func (_ *Context) GetQueryArray(_ string) ([]string, bool) {
return nil, false
}
func (_ *Context) GetQueryMap(_ string) (map[string]string, bool) {
return nil, false
}
func (_ *Context) GetRawData() ([]byte, error) {
return nil, nil
}
func (_ *Context) GetString(_ string) string {
return ""
}
func (_ *Context) GetStringMap(_ string) map[string]interface{} {
return nil
}
func (_ *Context) GetStringMapString(_ string) map[string]string {
return nil
}
func (_ *Context) GetStringMapStringSlice(_ string) map[string][]string {
return nil
}
func (_ *Context) GetStringSlice(_ string) []string {
return nil
}
func (_ *Context) GetTime(_ string) time.Time {
return time.Time{}
}
func (_ *Context) GetUint(_ string) uint {
return 0
}
func (_ *Context) GetUint64(_ string) uint64 {
return 0
}
func (_ *Context) HTML(_ int, _ string, _ interface{}) {}
func (_ *Context) Handler() HandlerFunc {
return nil
}
func (_ *Context) HandlerName() string {
return ""
}
func (_ *Context) HandlerNames() []string {
return nil
}
func (_ *Context) Header(_ string, _ string) {}
func (_ *Context) IndentedJSON(_ int, _ interface{}) {}
func (_ *Context) IsAborted() bool {
return false
}
func (_ *Context) IsWebsocket() bool {
return false
}
func (_ *Context) JSON(_ int, _ interface{}) {}
func (_ *Context) JSONP(_ int, _ interface{}) {}
func (_ *Context) MultipartForm() (*multipart.Form, error) {
return nil, nil
}
func (_ *Context) MustBindWith(_ interface{}, _ interface{}) error {
return nil
}
func (_ *Context) MustGet(_ string) interface{} {
return nil
}
func (_ *Context) Negotiate(_ int, _ Negotiate) {}
func (_ *Context) NegotiateFormat(_ ...string) string {
return ""
}
func (_ *Context) Next() {}
func (_ *Context) Param(_ string) string {
return ""
}
func (_ *Context) PostForm(_ string) string {
return ""
}
func (_ *Context) PostFormArray(_ string) []string {
return nil
}
func (_ *Context) PostFormMap(_ string) map[string]string {
return nil
}
func (_ *Context) ProtoBuf(_ int, _ interface{}) {}
func (_ *Context) PureJSON(_ int, _ interface{}) {}
func (_ *Context) Query(_ string) string {
return ""
}
func (_ *Context) QueryArray(_ string) []string {
return nil
}
func (_ *Context) QueryMap(_ string) map[string]string {
return nil
}
func (_ *Context) Redirect(_ int, _ string) {}
func (_ *Context) RemoteIP() string {
return ""
}
func (_ *Context) Render(_ int, _ interface{}) {}
func (_ *Context) SSEvent(_ string, _ interface{}) {}
func (_ *Context) SaveUploadedFile(_ *multipart.FileHeader, _ string) error {
return nil
}
func (_ *Context) SecureJSON(_ int, _ interface{}) {}
func (_ *Context) Set(_ string, _ interface{}) {}
func (_ *Context) SetAccepted(_ ...string) {}
func (_ *Context) SetCookie(_ string, _ string, _ int, _ string, _ string, _ bool, _ bool) {}
func (_ *Context) SetSameSite(_ http.SameSite) {}
func (_ *Context) ShouldBind(_ interface{}) error {
return nil
}
func (_ *Context) ShouldBindBodyWith(_ interface{}, _ interface{}) error {
return nil
}
func (_ *Context) ShouldBindHeader(_ interface{}) error {
return nil
}
func (_ *Context) ShouldBindJSON(_ interface{}) error {
return nil
}
func (_ *Context) ShouldBindQuery(_ interface{}) error {
return nil
}
func (_ *Context) ShouldBindTOML(_ interface{}) error {
return nil
}
func (_ *Context) ShouldBindUri(_ interface{}) error {
return nil
}
func (_ *Context) ShouldBindWith(_ interface{}, _ interface{}) error {
return nil
}
func (_ *Context) ShouldBindXML(_ interface{}) error {
return nil
}
func (_ *Context) ShouldBindYAML(_ interface{}) error {
return nil
}
func (_ *Context) Status(_ int) {}
func (_ *Context) Stream(_ func(io.Writer) bool) bool {
return false
}
func (_ *Context) String(_ int, _ string, _ ...interface{}) {}
func (_ *Context) TOML(_ int, _ interface{}) {}
func (_ *Context) Value(_ interface{}) interface{} {
return nil
}
func (_ *Context) XML(_ int, _ interface{}) {}
func (_ *Context) YAML(_ int, _ interface{}) {}
func Default() *Engine {
return nil
}
type Engine struct {
RouterGroup RouterGroup
RedirectTrailingSlash bool
RedirectFixedPath bool
HandleMethodNotAllowed bool
ForwardedByClientIP bool
AppEngine bool
UseRawPath bool
UnescapePathValues bool
RemoveExtraSlash bool
RemoteIPHeaders []string
TrustedPlatform string
MaxMultipartMemory int64
UseH2C bool
ContextWithFallback bool
HTMLRender interface{}
FuncMap template0.FuncMap
}
func (_ *Engine) Any(_ string, _ ...HandlerFunc) IRoutes {
return nil
}
func (_ *Engine) BasePath() string {
return ""
}
func (_ *Engine) DELETE(_ string, _ ...HandlerFunc) IRoutes {
return nil
}
func (_ *Engine) Delims(_ string, _ string) *Engine {
return nil
}
func (_ *Engine) GET(_ string, _ ...HandlerFunc) IRoutes {
return nil
}
func (_ *Engine) Group(_ string, _ ...HandlerFunc) *RouterGroup {
return nil
}
func (_ *Engine) HEAD(_ string, _ ...HandlerFunc) IRoutes {
return nil
}
func (_ *Engine) Handle(_ string, _ string, _ ...HandlerFunc) IRoutes {
return nil
}
func (_ *Engine) HandleContext(_ *Context) {}
func (_ *Engine) Handler() http.Handler {
return nil
}
func (_ *Engine) LoadHTMLFiles(_ ...string) {}
func (_ *Engine) LoadHTMLGlob(_ string) {}
func (_ *Engine) Match(_ []string, _ string, _ ...HandlerFunc) IRoutes {
return nil
}
func (_ *Engine) NoMethod(_ ...HandlerFunc) {}
func (_ *Engine) NoRoute(_ ...HandlerFunc) {}
func (_ *Engine) OPTIONS(_ string, _ ...HandlerFunc) IRoutes {
return nil
}
func (_ *Engine) PATCH(_ string, _ ...HandlerFunc) IRoutes {
return nil
}
func (_ *Engine) POST(_ string, _ ...HandlerFunc) IRoutes {
return nil
}
func (_ *Engine) PUT(_ string, _ ...HandlerFunc) IRoutes {
return nil
}
func (_ *Engine) Routes() RoutesInfo {
return nil
}
func (_ *Engine) Run(_ ...string) error {
return nil
}
func (_ *Engine) RunFd(_ int) error {
return nil
}
func (_ *Engine) RunListener(_ net.Listener) error {
return nil
}
func (_ *Engine) RunTLS(_ string, _ string, _ string) error {
return nil
}
func (_ *Engine) RunUnix(_ string) error {
return nil
}
func (_ *Engine) SecureJsonPrefix(_ string) *Engine {
return nil
}
func (_ *Engine) ServeHTTP(_ http.ResponseWriter, _ *http.Request) {}
func (_ *Engine) SetFuncMap(_ template0.FuncMap) {}
func (_ *Engine) SetHTMLTemplate(_ *template.Template) {}
func (_ *Engine) SetTrustedProxies(_ []string) error {
return nil
}
func (_ *Engine) Static(_ string, _ string) IRoutes {
return nil
}
func (_ *Engine) StaticFS(_ string, _ http.FileSystem) IRoutes {
return nil
}
func (_ *Engine) StaticFile(_ string, _ string) IRoutes {
return nil
}
func (_ *Engine) StaticFileFS(_ string, _ string, _ http.FileSystem) IRoutes {
return nil
}
func (_ *Engine) Use(_ ...HandlerFunc) IRoutes {
return nil
}
type Error struct {
Err error
Type ErrorType
Meta interface{}
}
func (_ Error) Error() string {
return ""
}
func (_ *Error) IsType(_ ErrorType) bool {
return false
}
func (_ *Error) JSON() interface{} {
return nil
}
func (_ *Error) MarshalJSON() ([]byte, error) {
return nil, nil
}
func (_ *Error) SetMeta(_ interface{}) *Error {
return nil
}
func (_ *Error) SetType(_ ErrorType) *Error {
return nil
}
func (_ *Error) Unwrap() error {
return nil
}
type ErrorType uint64
type HandlerFunc func(*Context)
type HandlersChain []HandlerFunc
func (_ HandlersChain) Last() HandlerFunc {
return nil
}
type IRoutes interface {
Any(_ string, _ ...HandlerFunc) IRoutes
DELETE(_ string, _ ...HandlerFunc) IRoutes
GET(_ string, _ ...HandlerFunc) IRoutes
HEAD(_ string, _ ...HandlerFunc) IRoutes
Handle(_ string, _ string, _ ...HandlerFunc) IRoutes
Match(_ []string, _ string, _ ...HandlerFunc) IRoutes
OPTIONS(_ string, _ ...HandlerFunc) IRoutes
PATCH(_ string, _ ...HandlerFunc) IRoutes
POST(_ string, _ ...HandlerFunc) IRoutes
PUT(_ string, _ ...HandlerFunc) IRoutes
Static(_ string, _ string) IRoutes
StaticFS(_ string, _ http.FileSystem) IRoutes
StaticFile(_ string, _ string) IRoutes
StaticFileFS(_ string, _ string, _ http.FileSystem) IRoutes
Use(_ ...HandlerFunc) IRoutes
}
type Negotiate struct {
Offered []string
HTMLName string
HTMLData interface{}
JSONData interface{}
XMLData interface{}
YAMLData interface{}
Data interface{}
TOMLData interface{}
}
type Param struct {
Key string
Value string
}
type Params []Param
func (_ Params) ByName(_ string) string {
return ""
}
func (_ Params) Get(_ string) (string, bool) {
return "", false
}
type ResponseWriter interface {
CloseNotify() <-chan bool
Flush()
Header() http.Header
Hijack() (net.Conn, *bufio.ReadWriter, error)
Pusher() http.Pusher
Size() int
Status() int
Write(_ []byte) (int, error)
WriteHeader(_ int)
WriteHeaderNow()
WriteString(_ string) (int, error)
Written() bool
}
type RouteInfo struct {
Method string
Path string
Handler string
HandlerFunc HandlerFunc
}
type RouterGroup struct {
Handlers HandlersChain
}
func (_ *RouterGroup) Any(_ string, _ ...HandlerFunc) IRoutes {
return nil
}
func (_ *RouterGroup) BasePath() string {
return ""
}
func (_ *RouterGroup) DELETE(_ string, _ ...HandlerFunc) IRoutes {
return nil
}
func (_ *RouterGroup) GET(_ string, _ ...HandlerFunc) IRoutes {
return nil
}
func (_ *RouterGroup) Group(_ string, _ ...HandlerFunc) *RouterGroup {
return nil
}
func (_ *RouterGroup) HEAD(_ string, _ ...HandlerFunc) IRoutes {
return nil
}
func (_ *RouterGroup) Handle(_ string, _ string, _ ...HandlerFunc) IRoutes {
return nil
}
func (_ *RouterGroup) Match(_ []string, _ string, _ ...HandlerFunc) IRoutes {
return nil
}
func (_ *RouterGroup) OPTIONS(_ string, _ ...HandlerFunc) IRoutes {
return nil
}
func (_ *RouterGroup) PATCH(_ string, _ ...HandlerFunc) IRoutes {
return nil
}
func (_ *RouterGroup) POST(_ string, _ ...HandlerFunc) IRoutes {
return nil
}
func (_ *RouterGroup) PUT(_ string, _ ...HandlerFunc) IRoutes {
return nil
}
func (_ *RouterGroup) Static(_ string, _ string) IRoutes {
return nil
}
func (_ *RouterGroup) StaticFS(_ string, _ http.FileSystem) IRoutes {
return nil
}
func (_ *RouterGroup) StaticFile(_ string, _ string) IRoutes {
return nil
}
func (_ *RouterGroup) StaticFileFS(_ string, _ string, _ http.FileSystem) IRoutes {
return nil
}
func (_ *RouterGroup) Use(_ ...HandlerFunc) IRoutes {
return nil
}
type RoutesInfo []RouteInfo

78
go/ql/test/experimental/CWE-942/vendor/modules.txt vendored Normal file
View File

@@ -0,0 +1,78 @@
# github.com/gin-contrib/cors v1.4.0
## explicit
github.com/gin-contrib/cors
# github.com/gin-gonic/gin v1.9.1
## explicit
github.com/gin-gonic/gin
# github.com/bytedance/sonic v1.9.1
## explicit
github.com/bytedance/sonic
# github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311
## explicit
github.com/chenzhuoyu/base64x
# github.com/gabriel-vasile/mimetype v1.4.2
## explicit
github.com/gabriel-vasile/mimetype
# github.com/gin-contrib/sse v0.1.0
## explicit
github.com/gin-contrib/sse
# github.com/go-playground/locales v0.14.1
## explicit
github.com/go-playground/locales
# github.com/go-playground/universal-translator v0.18.1
## explicit
github.com/go-playground/universal-translator
# github.com/go-playground/validator/v10 v10.14.0
## explicit
github.com/go-playground/validator/v10
# github.com/goccy/go-json v0.10.2
## explicit
github.com/goccy/go-json
# github.com/json-iterator/go v1.1.12
## explicit
github.com/json-iterator/go
# github.com/klauspost/cpuid/v2 v2.2.4
## explicit
github.com/klauspost/cpuid/v2
# github.com/leodido/go-urn v1.2.4
## explicit
github.com/leodido/go-urn
# github.com/mattn/go-isatty v0.0.19
## explicit
github.com/mattn/go-isatty
# github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd
## explicit
github.com/modern-go/concurrent
# github.com/modern-go/reflect2 v1.0.2
## explicit
github.com/modern-go/reflect2
# github.com/pelletier/go-toml/v2 v2.0.8
## explicit
github.com/pelletier/go-toml/v2
# github.com/twitchyliquid64/golang-asm v0.15.1
## explicit
github.com/twitchyliquid64/golang-asm
# github.com/ugorji/go/codec v1.2.11
## explicit
github.com/ugorji/go/codec
# golang.org/x/arch v0.3.0
## explicit
golang.org/x/arch
# golang.org/x/crypto v0.9.0
## explicit
golang.org/x/crypto
# golang.org/x/net v0.10.0
## explicit
golang.org/x/net
# golang.org/x/sys v0.8.0
## explicit
golang.org/x/sys
# golang.org/x/text v0.9.0
## explicit
golang.org/x/text
# google.golang.org/protobuf v1.30.0
## explicit
google.golang.org/protobuf
# gopkg.in/yaml.v3 v3.0.1
## explicit
gopkg.in/yaml.v3

5
java/ql/integration-tests/all-platforms/java/android-sample-kotlin-build-script-no-wrapper/test.py
View File

@@ -2,9 +2,6 @@ import sys
from create_database_utils import *
if "JAVA_HOME_11_X64" in os.environ:
os.environ["JAVA_HOME"] = os.environ["JAVA_HOME_11_X64"]
sep = ";" if platform.system() == "Windows" else ":"
os.environ["PATH"] = "".join([os.path.join(os.environ["JAVA_HOME"], "bin"), sep, os.environ["PATH"]])
try_use_java11()
run_codeql_database_create([], lang="java")

5
java/ql/integration-tests/all-platforms/java/android-sample-kotlin-build-script/test.py
View File

@@ -2,9 +2,6 @@ import sys
from create_database_utils import *
if "JAVA_HOME_11_X64" in os.environ:
os.environ["JAVA_HOME"] = os.environ["JAVA_HOME_11_X64"]
sep = ";" if platform.system() == "Windows" else ":"
os.environ["PATH"] = "".join([os.path.join(os.environ["JAVA_HOME"], "bin"), sep, os.environ["PATH"]])
try_use_java11()
run_codeql_database_create([], lang="java")

5
java/ql/integration-tests/all-platforms/java/android-sample-no-wrapper/test.py
View File

@@ -2,9 +2,6 @@ import sys
from create_database_utils import *
if "JAVA_HOME_11_X64" in os.environ:
os.environ["JAVA_HOME"] = os.environ["JAVA_HOME_11_X64"]
sep = ";" if platform.system() == "Windows" else ":"
os.environ["PATH"] = "".join([os.path.join(os.environ["JAVA_HOME"], "bin"), sep, os.environ["PATH"]])
try_use_java11()
run_codeql_database_create([], lang="java")

6
java/ql/integration-tests/all-platforms/java/android-sample-old-style-kotlin-build-script-no-wrapper/test.py
View File

@@ -1,10 +1,6 @@
import sys
from create_database_utils import *
if "JAVA_HOME_11_X64" in os.environ:
os.environ["JAVA_HOME"] = os.environ["JAVA_HOME_11_X64"]
sep = ";" if platform.system() == "Windows" else ":"
os.environ["PATH"] = "".join([os.path.join(os.environ["JAVA_HOME"], "bin"), sep, os.environ["PATH"]])
try_use_java11()
run_codeql_database_create([], lang="java")

5
java/ql/integration-tests/all-platforms/java/android-sample-old-style-kotlin-build-script/test.py
View File

@@ -2,9 +2,6 @@ import sys
from create_database_utils import *
if "JAVA_HOME_11_X64" in os.environ:
os.environ["JAVA_HOME"] = os.environ["JAVA_HOME_11_X64"]
sep = ";" if platform.system() == "Windows" else ":"
os.environ["PATH"] = "".join([os.path.join(os.environ["JAVA_HOME"], "bin"), sep, os.environ["PATH"]])
try_use_java11()
run_codeql_database_create([], lang="java")

5
java/ql/integration-tests/all-platforms/java/android-sample-old-style-no-wrapper/test.py
View File

@@ -2,9 +2,6 @@ import sys
from create_database_utils import *
if "JAVA_HOME_11_X64" in os.environ:
os.environ["JAVA_HOME"] = os.environ["JAVA_HOME_11_X64"]
sep = ";" if platform.system() == "Windows" else ":"
os.environ["PATH"] = "".join([os.path.join(os.environ["JAVA_HOME"], "bin"), sep, os.environ["PATH"]])
try_use_java11()
run_codeql_database_create([], lang="java")

5
java/ql/integration-tests/all-platforms/java/android-sample-old-style/test.py
View File

@@ -2,9 +2,6 @@ import sys
from create_database_utils import *
if "JAVA_HOME_11_X64" in os.environ:
os.environ["JAVA_HOME"] = os.environ["JAVA_HOME_11_X64"]
sep = ";" if platform.system() == "Windows" else ":"
os.environ["PATH"] = "".join([os.path.join(os.environ["JAVA_HOME"], "bin"), sep, os.environ["PATH"]])
try_use_java11()
run_codeql_database_create([], lang="java")

5
java/ql/integration-tests/all-platforms/java/android-sample/test.py
View File

@@ -2,9 +2,6 @@ import sys
from create_database_utils import *
if "JAVA_HOME_11_X64" in os.environ:
os.environ["JAVA_HOME"] = os.environ["JAVA_HOME_11_X64"]
sep = ";" if platform.system() == "Windows" else ":"
os.environ["PATH"] = "".join([os.path.join(os.environ["JAVA_HOME"], "bin"), sep, os.environ["PATH"]])
try_use_java11()
run_codeql_database_create([], lang="java")

3
java/ql/integration-tests/all-platforms/java/diagnostics/java-version-too-old/skip-on-platform-osx-arm Normal file
View File

@@ -0,0 +1,3 @@
2023-11-08:
There is no Java 8 build available for OSX Arm, therefore this test fails.

1
java/ql/lib/semmle/code/java/dataflow/NullGuards.qll
View File

@@ -6,7 +6,6 @@ import java
import SSA
private import semmle.code.java.controlflow.internal.GuardsLogic
private import semmle.code.java.frameworks.apache.Collections
private import RangeUtils
private import IntegerGuards
/** Gets an expression that is always `null`. */

40
java/ql/lib/semmle/code/java/dataflow/RangeAnalysis.qll
View File

@@ -241,6 +241,10 @@ module Sem implements Semantic {
AddressType() { none() }
}
Type getExprType(Expr e) { result = e.getType() }
Type getSsaType(SsaVariable var) { result = var.getSourceVariable().getType() }
final private class FinalSsaVariable = SSA::SsaVariable;
class SsaVariable extends FinalSsaVariable {
@@ -255,6 +259,8 @@ module Sem implements Semantic {
Expr getDefiningExpr() { result = super.getDefiningExpr() }
}
predicate additionalValueFlowStep = RU::additionalValueFlowStep/3;
predicate conversionCannotOverflow = safeCast/2;
}
@@ -279,7 +285,7 @@ module Modulus implements ModulusAnalysisSig<Sem> {
class ModBound = Bound;
private import codeql.rangeanalysis.ModulusAnalysis as Mod
import Mod::ModulusAnalysis<Location, Sem, IntDelta, Bounds, Utils>
import Mod::ModulusAnalysis<Location, Sem, IntDelta, Bounds>
}
module IntDelta implements DeltaSig {
@@ -330,7 +336,7 @@ module JavaLangImpl implements LangSig<Sem, IntDelta> {
/**
* Holds if `e2 >= e1 + delta` (if `upper = false`) or `e2 <= e1 + delta` (if `upper = true`).
*/
predicate hasBound(Sem::Expr e2, Sem::Expr e1, int delta, boolean upper) {
predicate additionalBoundFlowStep(Sem::Expr e2, Sem::Expr e1, int delta, boolean upper) {
exists(RandomDataSource rds |
e2 = rds.getOutput() and
(
@@ -360,37 +366,9 @@ module JavaLangImpl implements LangSig<Sem, IntDelta> {
predicate ignoreExprBound(Sem::Expr e) { none() }
predicate additionalValueFlowStep(Sem::Expr dest, Sem::Expr src, int delta) { none() }
Sem::Type getAlternateType(Sem::Expr e) { none() }
Sem::Type getAlternateTypeForSsaVariable(Sem::SsaVariable var) { none() }
predicate javaCompatibility() { any() }
}
module Utils implements UtilSig<Sem, IntDelta> {
private import RangeUtils as RU
Sem::Guard semEqFlowCond(
Sem::SsaVariable v, Sem::Expr e, int delta, boolean isEq, boolean testIsTrue
) {
result = RU::eqFlowCond(v, e, delta, isEq, testIsTrue)
}
predicate semSsaUpdateStep(Sem::SsaExplicitUpdate v, Sem::Expr e, int delta) {
RU::ssaUpdateStep(v, e, delta)
}
predicate semValueFlowStep = RU::valueFlowStep/3;
Sem::Type getTrackedTypeForSsaVariable(Sem::SsaVariable var) {
result = var.getSourceVariable().getType()
}
Sem::Type getTrackedType(Sem::Expr e) { result = e.getType() }
}
module Bounds implements BoundSig<Location, Sem, IntDelta> {
class SemBound = Bound;
@@ -408,7 +386,7 @@ module Overflow implements OverflowSig<Sem, IntDelta> {
}
module Range =
RangeStage<Location, Sem, IntDelta, Bounds, Overflow, JavaLangImpl, SignInp, Modulus, Utils>;
RangeStage<Location, Sem, IntDelta, Bounds, Overflow, JavaLangImpl, SignInp, Modulus>;
predicate bounded = Range::semBounded/5;

84
java/ql/lib/semmle/code/java/dataflow/RangeUtils.qll
View File

@@ -15,10 +15,16 @@ private predicate backEdge = U::backEdge/3;
predicate ssaRead = U::ssaRead/2;
predicate ssaUpdateStep = U::ssaUpdateStep/3;
predicate valueFlowStep = U::valueFlowStep/3;
predicate guardDirectlyControlsSsaRead = U::guardDirectlyControlsSsaRead/3;
predicate guardControlsSsaRead = U::guardControlsSsaRead/3;
predicate eqFlowCond = U::eqFlowCond/5;
/**
* Holds if `v` is an input to `phi` that is not along a back edge, and the
* only other input to `phi` is a `null` value.
@@ -156,89 +162,13 @@ class ConstantStringExpr extends Expr {
string getStringValue() { constantStringExpr(this, result) }
}
/**
* Gets a condition that tests whether `v` equals `e + delta`.
*
* If the condition evaluates to `testIsTrue`:
* - `isEq = true` : `v == e + delta`
* - `isEq = false` : `v != e + delta`
*/
Guard eqFlowCond(SsaVariable v, Expr e, int delta, boolean isEq, boolean testIsTrue) {
exists(boolean eqpolarity |
result.isEquality(ssaRead(v, delta), e, eqpolarity) and
(testIsTrue = true or testIsTrue = false) and
eqpolarity.booleanXor(testIsTrue).booleanNot() = isEq
)
or
exists(boolean testIsTrue0 |
implies_v2(result, testIsTrue, eqFlowCond(v, e, delta, isEq, testIsTrue0), testIsTrue0)
)
}
/**
* Holds if `v` is an `SsaExplicitUpdate` that equals `e + delta`.
*/
predicate ssaUpdateStep(SsaExplicitUpdate v, Expr e, int delta) {
v.getDefiningExpr().(VariableAssign).getSource() = e and delta = 0
or
v.getDefiningExpr().(PostIncExpr).getExpr() = e and delta = 1
or
v.getDefiningExpr().(PreIncExpr).getExpr() = e and delta = 1
or
v.getDefiningExpr().(PostDecExpr).getExpr() = e and delta = -1
or
v.getDefiningExpr().(PreDecExpr).getExpr() = e and delta = -1
or
v.getDefiningExpr().(AssignOp) = e and delta = 0
}
/**
* Holds if `e1 + delta` equals `e2`.
*/
predicate valueFlowStep(Expr e2, Expr e1, int delta) {
e2.(AssignExpr).getSource() = e1 and delta = 0
or
e2.(PlusExpr).getExpr() = e1 and delta = 0
or
e2.(PostIncExpr).getExpr() = e1 and delta = 0
or
e2.(PostDecExpr).getExpr() = e1 and delta = 0
or
e2.(PreIncExpr).getExpr() = e1 and delta = 1
or
e2.(PreDecExpr).getExpr() = e1 and delta = -1
or
predicate additionalValueFlowStep(Expr e2, Expr e1, int delta) {
exists(ArrayCreationExpr a |
arrayLengthDef(e2, a) and
a.getDimension(0) = e1 and
delta = 0
)
or
exists(Expr x |
e2.(AddExpr).hasOperands(e1, x)
or
exists(AssignAddExpr add | add = e2 |
add.getDest() = e1 and add.getRhs() = x
or
add.getDest() = x and add.getRhs() = e1
)
|
x.(ConstantIntegerExpr).getIntValue() = delta
)
or
exists(Expr x |
exists(SubExpr sub |
e2 = sub and
sub.getLeftOperand() = e1 and
sub.getRightOperand() = x
)
or
exists(AssignSubExpr sub |
e2 = sub and
sub.getDest() = e1 and
sub.getRhs() = x
)
|
x.(ConstantIntegerExpr).getIntValue() = -delta
)
}

8
java/ql/test/library-tests/dataflow/modulus-analysis/ModulusAnalysis.expected
View File

@@ -4,9 +4,11 @@
| ModulusAnalysis.java:4:5:4:22 | ...=... | 0 | 43 | 0 |
| ModulusAnalysis.java:4:5:4:22 | c2 | 0 | 43 | 0 |
| ModulusAnalysis.java:4:20:4:21 | 43 | 0 | 43 | 0 |
| ModulusAnalysis.java:7:13:7:22 | eq | SSA init(i) | 3 | 0 |
| ModulusAnalysis.java:7:18:7:18 | i | SSA init(i) | 0 | 0 |
| ModulusAnalysis.java:7:18:7:22 | ... + ... | SSA init(i) | 3 | 0 |
| ModulusAnalysis.java:7:22:7:22 | 3 | 0 | 3 | 0 |
| ModulusAnalysis.java:9:13:9:29 | mul | 0 | 3 | 42 |
| ModulusAnalysis.java:9:19:9:20 | eq | SSA def(eq) | 0 | 0 |
| ModulusAnalysis.java:9:19:9:20 | eq | SSA init(i) | 3 | 0 |
| ModulusAnalysis.java:9:19:9:25 | ... * ... | 0 | 0 | 42 |
@@ -14,6 +16,7 @@
| ModulusAnalysis.java:9:24:9:25 | c1 | 0 | 42 | 0 |
| ModulusAnalysis.java:9:24:9:25 | c1 | SSA init(this.c1) | 0 | 0 |
| ModulusAnalysis.java:9:29:9:29 | 3 | 0 | 3 | 0 |
| ModulusAnalysis.java:11:13:11:21 | seven | 0 | 7 | 0 |
| ModulusAnalysis.java:11:21:11:21 | 7 | 0 | 7 | 0 |
| ModulusAnalysis.java:12:13:12:15 | mul | 0 | 3 | 42 |
| ModulusAnalysis.java:12:13:12:15 | mul | SSA def(mul) | 0 | 0 |
@@ -24,6 +27,7 @@
| ModulusAnalysis.java:13:32:13:34 | mul | 0 | 3 | 42 |
| ModulusAnalysis.java:13:32:13:34 | mul | 0 | 7 | 43 |
| ModulusAnalysis.java:13:32:13:34 | mul | SSA def(mul) | 0 | 0 |
| ModulusAnalysis.java:16:13:18:23 | j | 0 | 3 | 4 |
| ModulusAnalysis.java:16:17:18:23 | ...?...:... | 0 | 3 | 4 |
| ModulusAnalysis.java:17:15:17:15 | i | SSA init(i) | 0 | 0 |
| ModulusAnalysis.java:17:15:17:19 | ... * ... | 0 | 0 | 4 |
@@ -66,6 +70,7 @@
| ModulusAnalysis.java:26:32:26:36 | ... - ... | SSA init(x) | 35 | 42 |
| ModulusAnalysis.java:26:36:26:36 | y | 0 | 7 | 42 |
| ModulusAnalysis.java:26:36:26:36 | y | SSA init(y) | 0 | 0 |
| ModulusAnalysis.java:29:13:29:35 | l | 0 | 1 | 4 |
| ModulusAnalysis.java:29:17:29:26 | arr.length | SSA impl upd[untracked](arr.length) | 0 | 0 |
| ModulusAnalysis.java:29:17:29:30 | ... * ... | 0 | 0 | 4 |
| ModulusAnalysis.java:29:17:29:35 | ... - ... | 0 | 1 | 4 |
@@ -104,12 +109,14 @@
| ModulusAnalysis.java:49:25:49:25 | 3 | 0 | 3 | 0 |
| ModulusAnalysis.java:50:32:50:32 | x | 0 | 3 | 16 |
| ModulusAnalysis.java:50:32:50:32 | x | SSA init(x) | 0 | 0 |
| ModulusAnalysis.java:56:18:56:22 | i | 0 | 0 | 0 |
| ModulusAnalysis.java:56:22:56:22 | 0 | 0 | 0 | 0 |
| ModulusAnalysis.java:56:25:56:25 | i | SSA phi(i) | 0 | 0 |
| ModulusAnalysis.java:56:29:56:31 | cap | SSA init(cap) | 0 | 0 |
| ModulusAnalysis.java:56:34:56:34 | i | SSA phi(i) | 0 | 0 |
| ModulusAnalysis.java:56:34:56:36 | ...++ | SSA phi(i) | 0 | 0 |
| ModulusAnalysis.java:57:32:57:32 | i | SSA phi(i) | 0 | 0 |
| ModulusAnalysis.java:59:18:59:22 | j | 0 | 0 | 0 |
| ModulusAnalysis.java:59:22:59:22 | 0 | 0 | 0 | 0 |
| ModulusAnalysis.java:59:25:59:25 | j | SSA phi(j) | 0 | 0 |
| ModulusAnalysis.java:59:29:59:31 | cap | SSA init(cap) | 0 | 0 |
@@ -117,6 +124,7 @@
| ModulusAnalysis.java:59:34:59:39 | ...+=... | SSA phi(j) | 1 | 0 |
| ModulusAnalysis.java:59:39:59:39 | 1 | 0 | 1 | 0 |
| ModulusAnalysis.java:60:32:60:32 | j | SSA phi(j) | 0 | 0 |
| ModulusAnalysis.java:62:18:62:22 | k | 0 | 0 | 0 |
| ModulusAnalysis.java:62:22:62:22 | 0 | 0 | 0 | 0 |
| ModulusAnalysis.java:62:25:62:25 | k | 0 | 0 | 3 |
| ModulusAnalysis.java:62:25:62:25 | k | SSA def(k) | 0 | 3 |

12
java/ql/test/library-tests/dataflow/range-analysis/RangeAnalysis.expected
View File

@@ -59,6 +59,7 @@
| A.java:12:16:12:20 | ... + ... | SSA init(y) | 1 | upper | NoReason |
| A.java:12:20:12:20 | 1 | 0 | 1 | lower | NoReason |
| A.java:12:20:12:20 | 1 | 0 | 1 | upper | NoReason |
| A.java:13:13:13:23 | sum | SSA init(y) | 400 | upper | NoReason |
| A.java:13:19:13:19 | x | 0 | 400 | upper | ... > ... |
| A.java:13:19:13:19 | x | SSA init(x) | 0 | lower | NoReason |
| A.java:13:19:13:19 | x | SSA init(x) | 0 | upper | NoReason |
@@ -72,6 +73,17 @@
| A.java:15:13:15:13 | y | SSA init(y) | 0 | upper | NoReason |
| A.java:15:17:15:19 | 300 | 0 | 300 | lower | NoReason |
| A.java:15:17:15:19 | 300 | 0 | 300 | upper | NoReason |
| A.java:16:15:16:25 | sum | 0 | 603 | lower | ... > ... |
| A.java:16:15:16:25 | sum | 0 | 799 | upper | ... != ... |
| A.java:16:15:16:25 | sum | 0 | 799 | upper | ... > ... |
| A.java:16:15:16:25 | sum | SSA init(x) | 301 | lower | ... != ... |
| A.java:16:15:16:25 | sum | SSA init(x) | 301 | lower | NoReason |
| A.java:16:15:16:25 | sum | SSA init(x) | 399 | upper | ... != ... |
| A.java:16:15:16:25 | sum | SSA init(x) | 399 | upper | NoReason |
| A.java:16:15:16:25 | sum | SSA init(y) | 302 | lower | ... != ... |
| A.java:16:15:16:25 | sum | SSA init(y) | 302 | lower | NoReason |
| A.java:16:15:16:25 | sum | SSA init(y) | 400 | upper | ... != ... |
| A.java:16:15:16:25 | sum | SSA init(y) | 400 | upper | NoReason |
| A.java:16:21:16:21 | x | 0 | 302 | lower | ... > ... |
| A.java:16:21:16:21 | x | 0 | 400 | upper | ... > ... |
| A.java:16:21:16:21 | x | SSA init(x) | 0 | lower | NoReason |

12
shared/rangeanalysis/codeql/rangeanalysis/ModulusAnalysis.qll
View File

@@ -14,8 +14,7 @@ private import codeql.util.Location
private import RangeAnalysis
module ModulusAnalysis<
LocationSig Location, Semantic Sem, DeltaSig D, BoundSig<Location, Sem, D> Bounds,
UtilSig<Sem, D> U>
LocationSig Location, Semantic Sem, DeltaSig D, BoundSig<Location, Sem, D> Bounds>
{
private import internal.RangeUtils::MakeUtils<Sem, D>
@@ -30,11 +29,11 @@ module ModulusAnalysis<
*/
pragma[nomagic]
private predicate valueFlowStepSsa(Sem::SsaVariable v, SsaReadPosition pos, Sem::Expr e, int delta) {
U::semSsaUpdateStep(v, e, D::fromInt(delta)) and pos.hasReadOfVar(v)
ssaUpdateStep(v, e, D::fromInt(delta)) and pos.hasReadOfVar(v)
or
exists(Sem::Guard guard, boolean testIsTrue |
hasReadOfVarInlineLate(pos, v) and
guard = U::semEqFlowCond(v, e, D::fromInt(delta), true, testIsTrue) and
guard = eqFlowCond(v, e, D::fromInt(delta), true, testIsTrue) and
guardDirectlyControlsSsaRead(guard, pos, testIsTrue)
)
}
@@ -254,13 +253,12 @@ module ModulusAnalysis<
or
exists(Sem::SsaVariable v, SsaReadPositionBlock bb |
ssaModulus(v, bb, b, val, mod) and
e = v.getAUse() and
bb.getBlock() = e.getBasicBlock()
bb.getAnSsaRead(v) = e
)
or
exists(Sem::Expr mid, int val0, int delta |
exprModulus(mid, b, val0, mod) and
U::semValueFlowStep(e, mid, D::fromInt(delta)) and
valueFlowStep(e, mid, D::fromInt(delta)) and
val = remainder(val0 + delta, mod)
)
or

150
shared/rangeanalysis/codeql/rangeanalysis/RangeAnalysis.qll
View File

@@ -188,6 +188,12 @@ signature module Semantic {
class AddressType extends Type;
/** Gets the type of an SSA variable. */
Type getSsaType(SsaVariable var);
/** Gets the type of an expression. */
Type getExprType(Expr e);
class SsaVariable {
Expr getAUse();
@@ -203,6 +209,11 @@ signature module Semantic {
Expr getDefiningExpr();
}
/**
* Holds if the value of `dest` is known to be `src + delta`.
*/
predicate additionalValueFlowStep(Expr dest, Expr src, int delta);
predicate conversionCannotOverflow(Type fromType, Type toType);
}
@@ -265,9 +276,9 @@ signature module LangSig<Semantic Sem, DeltaSig D> {
predicate hasConstantBound(Sem::Expr e, D::Delta bound, boolean upper);
/**
* Holds if `e >= bound + delta` (if `upper = false`) or `e <= bound + delta` (if `upper = true`).
* Holds if `e2 >= e1 + delta` (if `upper = false`) or `e2 <= e1 + delta` (if `upper = true`).
*/
predicate hasBound(Sem::Expr e, Sem::Expr bound, D::Delta delta, boolean upper);
predicate additionalBoundFlowStep(Sem::Expr e2, Sem::Expr e1, D::Delta delta, boolean upper);
/**
* Ignore the bound on this expression.
@@ -277,58 +288,9 @@ signature module LangSig<Semantic Sem, DeltaSig D> {
*/
predicate ignoreExprBound(Sem::Expr e);
/**
* Holds if the value of `dest` is known to be `src + delta`.
*/
predicate additionalValueFlowStep(Sem::Expr dest, Sem::Expr src, D::Delta delta);
/**
* Gets the type that range analysis should use to track the result of the specified expression,
* if a type other than the original type of the expression is to be used.
*
* This predicate is commonly used in languages that support immutable "boxed" types that are
* actually references but whose values can be tracked as the type contained in the box.
*/
Sem::Type getAlternateType(Sem::Expr e);
/**
* Gets the type that range analysis should use to track the result of the specified source
* variable, if a type other than the original type of the expression is to be used.
*
* This predicate is commonly used in languages that support immutable "boxed" types that are
* actually references but whose values can be tracked as the type contained in the box.
*/
Sem::Type getAlternateTypeForSsaVariable(Sem::SsaVariable var);
default predicate javaCompatibility() { none() }
}
signature module UtilSig<Semantic Sem, DeltaSig DeltaParam> {
Sem::Guard semEqFlowCond(
Sem::SsaVariable v, Sem::Expr e, DeltaParam::Delta delta, boolean isEq, boolean testIsTrue
);
predicate semSsaUpdateStep(Sem::SsaExplicitUpdate v, Sem::Expr e, DeltaParam::Delta delta);
predicate semValueFlowStep(Sem::Expr e2, Sem::Expr e1, DeltaParam::Delta delta);
/**
* Gets the type used to track the specified source variable's range information.
*
* Usually, this just `e.getType()`, but the language can override this to track immutable boxed
* primitive types as the underlying primitive type.
*/
Sem::Type getTrackedTypeForSsaVariable(Sem::SsaVariable var);
/**
* Gets the type used to track the specified expression's range information.
*
* Usually, this just `e.getSemType()`, but the language can override this to track immutable boxed
* primitive types as the underlying primitive type.
*/
Sem::Type getTrackedType(Sem::Expr e);
}
signature module BoundSig<LocationSig Location, Semantic Sem, DeltaSig D> {
class SemBound {
string toString();
@@ -352,11 +314,10 @@ signature module OverflowSig<Semantic Sem, DeltaSig D> {
module RangeStage<
LocationSig Location, Semantic Sem, DeltaSig D, BoundSig<Location, Sem, D> Bounds,
OverflowSig<Sem, D> OverflowParam, LangSig<Sem, D> LangParam, SignAnalysisSig<Sem> SignAnalysis,
ModulusAnalysisSig<Sem> ModulusAnalysisParam, UtilSig<Sem, D> UtilParam>
ModulusAnalysisSig<Sem> ModulusAnalysisParam>
{
private import Bounds
private import LangParam
private import UtilParam
private import D
private import OverflowParam
private import SignAnalysis
@@ -401,8 +362,8 @@ module RangeStage<
*/
private class SafeCastExpr extends ConvertOrBoxExpr {
SafeCastExpr() {
Sem::conversionCannotOverflow(getTrackedType(pragma[only_bind_into](this.getOperand())),
pragma[only_bind_out](getTrackedType(this)))
Sem::conversionCannotOverflow(Sem::getExprType(pragma[only_bind_into](this.getOperand())),
pragma[only_bind_out](Sem::getExprType(this)))
}
}
@@ -412,14 +373,14 @@ module RangeStage<
private class NarrowingCastExpr extends ConvertOrBoxExpr {
NarrowingCastExpr() {
not this instanceof SafeCastExpr and
typeBound(getTrackedType(this), _, _)
typeBound(Sem::getExprType(this), _, _)
}
/** Gets the lower bound of the resulting type. */
float getLowerBound() { typeBound(getTrackedType(this), result, _) }
float getLowerBound() { typeBound(Sem::getExprType(this), result, _) }
/** Gets the upper bound of the resulting type. */
float getUpperBound() { typeBound(getTrackedType(this), _, result) }
float getUpperBound() { typeBound(Sem::getExprType(this), _, result) }
}
cached
@@ -447,7 +408,7 @@ module RangeStage<
*/
cached
predicate possibleReason(Sem::Guard guard) {
guard = boundFlowCond(_, _, _, _, _) or guard = semEqFlowCond(_, _, _, _, _)
guard = boundFlowCond(_, _, _, _, _) or guard = eqFlowCond(_, _, _, _, _)
}
}
@@ -582,8 +543,8 @@ module RangeStage<
) and
(
if
getTrackedTypeForSsaVariable(v) instanceof Sem::IntegerType or
getTrackedTypeForSsaVariable(v) instanceof Sem::AddressType
Sem::getSsaType(v) instanceof Sem::IntegerType or
Sem::getSsaType(v) instanceof Sem::AddressType
then
upper = true and strengthen = -1
or
@@ -609,7 +570,7 @@ module RangeStage<
testIsTrue0)
)
or
result = semEqFlowCond(v, e, delta, true, testIsTrue) and
result = eqFlowCond(v, e, delta, true, testIsTrue) and
(upper = true or upper = false)
or
// guard that tests whether `v2` is bounded by `e + delta + d1 - d2` and
@@ -630,7 +591,7 @@ module RangeStage<
Sem::SsaVariable v1, Sem::SsaVariable v2, float delta
) {
exists(Sem::Guard guardEq, D::Delta d1, D::Delta d2, boolean eqIsTrue |
guardEq = semEqFlowCond(v1, ssaRead(v2, d1), d2, true, eqIsTrue) and
guardEq = eqFlowCond(v1, ssaRead(v2, d1), d2, true, eqIsTrue) and
delta = D::toFloat(d2) - D::toFloat(d1) and
guardEq.directlyControls(result, eqIsTrue)
)
@@ -675,7 +636,7 @@ module RangeStage<
Sem::SsaVariable v, SsaReadPosition pos, Sem::Expr e, D::Delta delta, boolean upper,
SemReason reason
) {
semSsaUpdateStep(v, e, delta) and
ssaUpdateStep(v, e, delta) and
pos.hasReadOfVar(v) and
(upper = true or upper = false) and
reason = TSemNoReason()
@@ -692,10 +653,10 @@ module RangeStage<
private predicate unequalFlowStepIntegralSsa(
Sem::SsaVariable v, SsaReadPosition pos, Sem::Expr e, D::Delta delta, SemReason reason
) {
getTrackedTypeForSsaVariable(v) instanceof Sem::IntegerType and
Sem::getSsaType(v) instanceof Sem::IntegerType and
exists(Sem::Guard guard, boolean testIsTrue |
pos.hasReadOfVar(v) and
guard = semEqFlowCond(v, e, delta, false, testIsTrue) and
guard = eqFlowCond(v, e, delta, false, testIsTrue) and
guardDirectlyControlsSsaRead(guard, pos, testIsTrue) and
reason = TSemCondReason(guard)
)
@@ -703,12 +664,12 @@ module RangeStage<
/** Holds if `e >= 1` as determined by sign analysis. */
private predicate strictlyPositiveIntegralExpr(Sem::Expr e) {
semStrictlyPositive(e) and getTrackedType(e) instanceof Sem::IntegerType
semStrictlyPositive(e) and Sem::getExprType(e) instanceof Sem::IntegerType
}
/** Holds if `e <= -1` as determined by sign analysis. */
private predicate strictlyNegativeIntegralExpr(Sem::Expr e) {
semStrictlyNegative(e) and getTrackedType(e) instanceof Sem::IntegerType
semStrictlyNegative(e) and Sem::getExprType(e) instanceof Sem::IntegerType
}
/**
@@ -717,7 +678,7 @@ module RangeStage<
* - `upper = false` : `e2 >= e1 + delta`
*/
private predicate boundFlowStep(Sem::Expr e2, Sem::Expr e1, D::Delta delta, boolean upper) {
semValueFlowStep(e2, e1, delta) and
valueFlowStep(e2, e1, delta) and
(upper = true or upper = false)
or
e2.(SafeCastExpr).getOperand() = e1 and
@@ -766,7 +727,7 @@ module RangeStage<
delta = D::fromInt(0) and
upper = false
or
hasBound(e2, e1, delta, upper)
additionalBoundFlowStep(e2, e1, delta, upper)
}
/** Holds if `e2 = e1 * factor` and `factor > 0`. */
@@ -790,7 +751,7 @@ module RangeStage<
* therefore only valid for non-negative numbers.
*/
private predicate boundFlowStepDiv(Sem::Expr e2, Sem::Expr e1, D::Delta factor) {
getTrackedType(e2) instanceof Sem::IntegerType and
Sem::getExprType(e2) instanceof Sem::IntegerType and
exists(Sem::ConstantIntegerExpr c, D::Delta k |
k = D::fromInt(c.getIntValue()) and D::toFloat(k) > 0
|
@@ -833,11 +794,9 @@ module RangeStage<
)
or
exists(D::Delta d, SemReason r1, SemReason r2 |
boundedSsa(pragma[only_bind_into](v), pragma[only_bind_into](b), pragma[only_bind_into](d),
pragma[only_bind_into](pos), upper, fromBackEdge, origdelta, r2)
boundedSsa(v, b, d, pos, upper, fromBackEdge, origdelta, r2)
or
boundedPhi(pragma[only_bind_into](v), pragma[only_bind_into](b), pragma[only_bind_into](d),
upper, fromBackEdge, origdelta, r2)
boundedPhi(v, b, d, upper, fromBackEdge, origdelta, r2)
|
unequalIntegralSsa(v, b, d, pos, r1) and
(
@@ -861,32 +820,12 @@ module RangeStage<
) {
exists(Sem::Expr e, D::Delta d1, D::Delta d2 |
unequalFlowStepIntegralSsa(v, pos, e, d1, reason) and
boundedUpper(e, b, d2) and
boundedLower(e, b, d2) and
bounded(e, b, d2, true, _, _, _) and
bounded(e, b, d2, false, _, _, _) and
delta = D::fromFloat(D::toFloat(d1) + D::toFloat(d2))
)
}
/**
* Holds if `b + delta` is an upper bound for `e`.
*
* This predicate only exists to prevent a bad standard order in `unequalIntegralSsa`.
*/
pragma[nomagic]
private predicate boundedUpper(Sem::Expr e, SemBound b, D::Delta delta) {
bounded(e, b, delta, true, _, _, _)
}
/**
* Holds if `b + delta` is a lower bound for `e`.
*
* This predicate only exists to prevent a bad standard order in `unequalIntegralSsa`.
*/
pragma[nomagic]
private predicate boundedLower(Sem::Expr e, SemBound b, D::Delta delta) {
bounded(e, b, delta, false, _, _, _)
}
/** Weakens a delta to lie in the range `[-1..1]`. */
bindingset[delta, upper]
private D::Delta weakenDelta(boolean upper, D::Delta delta) {
@@ -1149,7 +1088,7 @@ module RangeStage<
(
expr instanceof Sem::NegateExpr or
expr instanceof Sem::PreDecExpr or
getTrackedType(expr.(Sem::DivExpr)) instanceof Sem::FloatingPointType
Sem::getExprType(expr.(Sem::DivExpr)) instanceof Sem::FloatingPointType
)
or
positively = true and
@@ -1193,8 +1132,7 @@ module RangeStage<
or
exists(Sem::SsaVariable v, SsaReadPositionBlock bb |
boundedSsa(v, b, delta, bb, upper, fromBackEdge, origdelta, reason) and
e = v.getAUse() and
bb.getBlock() = e.getBasicBlock()
bb.getAnSsaRead(v) = e
)
or
exists(Sem::Expr mid, D::Delta d1, D::Delta d2 |
@@ -1350,8 +1288,8 @@ module RangeStage<
Sem::AddExpr add, boolean upper, SemBound b, boolean isLeft, D::Delta delta,
boolean fromBackEdge, D::Delta origdelta, SemReason reason
) {
// `semValueFlowStep` already handles the case where one of the operands is a constant.
not semValueFlowStep(add, _, _) and
// `valueFlowStep` already handles the case where one of the operands is a constant.
not valueFlowStep(add, _, _) and
(
isLeft = true and
bounded(add.getLeftOperand(), b, delta, upper, fromBackEdge, origdelta, reason)
@@ -1370,8 +1308,8 @@ module RangeStage<
Sem::SubExpr sub, boolean upper, SemBound b, D::Delta delta, boolean fromBackEdge,
D::Delta origdelta, SemReason reason
) {
// `semValueFlowStep` already handles the case where one of the operands is a constant.
not semValueFlowStep(sub, _, _) and
// `valueFlowStep` already handles the case where one of the operands is a constant.
not valueFlowStep(sub, _, _) and
bounded(sub.getLeftOperand(), b, delta, upper, fromBackEdge, origdelta, reason)
}
@@ -1386,8 +1324,8 @@ module RangeStage<
private predicate boundedSubOperandRight(
Sem::SubExpr sub, boolean upper, D::Delta delta, boolean fromBackEdge
) {
// `semValueFlowStep` already handles the case where one of the operands is a constant.
not semValueFlowStep(sub, _, _) and
// `valueFlowStep` already handles the case where one of the operands is a constant.
not valueFlowStep(sub, _, _) and
bounded(sub.getRightOperand(), any(SemZeroBound zb), delta, upper.booleanNot(), fromBackEdge, _,
_)
}

76
shared/rangeanalysis/codeql/rangeanalysis/internal/RangeUtils.qll
View File

@@ -37,6 +37,82 @@ module MakeUtils<Semantic Lang, DeltaSig D> {
result.(CopyValueExpr).getOperand() = ssaRead(v, delta)
}
/**
* Gets a condition that tests whether `v` equals `e + delta`.
*
* If the condition evaluates to `testIsTrue`:
* - `isEq = true` : `v == e + delta`
* - `isEq = false` : `v != e + delta`
*/
pragma[nomagic]
Guard eqFlowCond(SsaVariable v, Expr e, D::Delta delta, boolean isEq, boolean testIsTrue) {
exists(boolean eqpolarity |
result.isEquality(ssaRead(v, delta), e, eqpolarity) and
(testIsTrue = true or testIsTrue = false) and
eqpolarity.booleanXor(testIsTrue).booleanNot() = isEq
)
or
exists(boolean testIsTrue0 |
implies_v2(result, testIsTrue, eqFlowCond(v, e, delta, isEq, testIsTrue0), testIsTrue0)
)
}
/**
* Holds if `v` is an `SsaExplicitUpdate` that equals `e + delta`.
*/
predicate ssaUpdateStep(SsaExplicitUpdate v, Expr e, D::Delta delta) {
exists(Expr defExpr | defExpr = v.getDefiningExpr() |
defExpr.(CopyValueExpr).getOperand() = e and delta = D::fromFloat(0)
or
defExpr.(PostIncExpr).getOperand() = e and delta = D::fromFloat(1)
or
defExpr.(PreIncExpr).getOperand() = e and delta = D::fromFloat(1)
or
defExpr.(PostDecExpr).getOperand() = e and delta = D::fromFloat(-1)
or
defExpr.(PreDecExpr).getOperand() = e and delta = D::fromFloat(-1)
or
e = defExpr and
not (
defExpr instanceof CopyValueExpr or
defExpr instanceof PostIncExpr or
defExpr instanceof PreIncExpr or
defExpr instanceof PostDecExpr or
defExpr instanceof PreDecExpr
) and
delta = D::fromFloat(0)
)
}
/**
* Holds if `e1 + delta` equals `e2`.
*/
predicate valueFlowStep(Expr e2, Expr e1, D::Delta delta) {
e2.(CopyValueExpr).getOperand() = e1 and delta = D::fromFloat(0)
or
e2.(PostIncExpr).getOperand() = e1 and delta = D::fromFloat(0)
or
e2.(PostDecExpr).getOperand() = e1 and delta = D::fromFloat(0)
or
e2.(PreIncExpr).getOperand() = e1 and delta = D::fromFloat(1)
or
e2.(PreDecExpr).getOperand() = e1 and delta = D::fromFloat(-1)
or
additionalValueFlowStep(e2, e1, D::toInt(delta))
or
exists(Expr x | e2.(AddExpr).hasOperands(e1, x) |
D::fromInt(x.(ConstantIntegerExpr).getIntValue()) = delta
)
or
exists(Expr x, SubExpr sub |
e2 = sub and
sub.getLeftOperand() = e1 and
sub.getRightOperand() = x
|
D::fromInt(-x.(ConstantIntegerExpr).getIntValue()) = delta
)
}
private newtype TSsaReadPosition =
TSsaReadPositionBlock(BasicBlock bb) {
exists(SsaVariable v | v.getAUse().getBasicBlock() = bb)

26
swift/downgrades/04ef9ecaa9e06a587f252f147462861e3d32846a/downgrade.ql Normal file
View File

@@ -0,0 +1,26 @@
class Element extends @element {
string toString() { none() }
}
query predicate new_unspecified_elements(Element e, string property, string error) {
unspecified_elements(e, property, error)
or
error = "Parameter packs removed during database downgrade. Please update your CodeQL code." and
property = "" and
(
pack_element_exprs(e, _) or
pack_expansion_exprs(e, _) or
pack_element_types(e, _) or
pack_expansion_types(e, _, _) or
pack_types(e) or
element_archetype_types(e)
)
}
query predicate new_unspecified_element_children(Element e, int index, Element child) {
unspecified_element_children(e, index, child)
or
pack_element_exprs(e, child) and index = 0
or
pack_expansion_exprs(e, child) and index = 0
}

2693
swift/downgrades/04ef9ecaa9e06a587f252f147462861e3d32846a/old.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

2642
swift/downgrades/04ef9ecaa9e06a587f252f147462861e3d32846a/swift.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

14
swift/downgrades/04ef9ecaa9e06a587f252f147462861e3d32846a/upgrade.properties Normal file
View File

@@ -0,0 +1,14 @@
description: Removes types and expressions related to parameter packs
compatibility: partial
unspecified_elements.rel: run downgrade.ql new_unspecified_elements
unspecified_element_children.rel: run downgrade.ql new_unspecified_element_children
pack_element_exprs.rel: delete
pack_expansion_exprs.rel: delete
pack_element_types.rel: delete
pack_expansion_types.rel: delete
pack_types.rel: delete
pack_type_elements.rel: delete
element_archetype_types.rel: delete

42
swift/extractor/infra/SwiftTagTraits.h
View File

@@ -126,8 +126,8 @@ MAP(swift::Expr, ExprTag)
MAP(swift::AutoClosureExpr, AutoClosureExprTag)
MAP(swift::InOutExpr, InOutExprTag)
MAP(swift::VarargExpansionExpr, VarargExpansionExprTag)
MAP(swift::PackExpansionExpr, void) // TODO (introduced in 5.8)
MAP(swift::PackElementExpr, void) // TODO (introduced in 5.8)
MAP(swift::PackExpansionExpr, PackExpansionExprTag)
MAP(swift::PackElementExpr, PackElementExprTag)
MAP(swift::DynamicTypeExpr, DynamicTypeExprTag)
MAP(swift::RebindSelfInConstructorExpr, RebindSelfInInitializerExprTag)
MAP(swift::OpaqueValueExpr, OpaqueValueExprTag)
@@ -217,7 +217,7 @@ MAP(swift::Decl, DeclTag)
MAP(swift::StructDecl, StructDeclTag)
MAP(swift::ClassDecl, ClassDeclTag)
MAP(swift::ProtocolDecl, ProtocolDeclTag)
MAP(swift::BuiltinTupleDecl, void) // TODO (introduced in 5.8)
MAP(swift::BuiltinTupleDecl, void) // TODO, experimental
MAP(swift::OpaqueTypeDecl, OpaqueTypeDeclTag)
MAP(swift::TypeAliasDecl, TypeAliasDeclTag)
MAP(swift::GenericTypeParamDecl, GenericTypeParamDeclTag)
@@ -288,10 +288,8 @@ MAP(swift::TypeBase, TypeTag)
MAP(swift::BuiltinUnsafeValueBufferType, BuiltinUnsafeValueBufferTypeTag)
MAP(swift::BuiltinDefaultActorStorageType, BuiltinDefaultActorStorageTypeTag)
MAP(swift::BuiltinVectorType, BuiltinVectorTypeTag)
#if CODEQL_SWIFT_VERSION_GE(5, 9)
MAP(swift::BuiltinPackIndexType, void) // TODO: (introduced in 5.9)
MAP(swift::BuiltinNonDefaultDistributedActorStorageType, void) // TODO: (introduced in 5.9)
#endif
MAP(swift::BuiltinPackIndexType, void) // SIL type, cannot really appear in the frontend run
MAP(swift::BuiltinNonDefaultDistributedActorStorageType, void) // Does not appear in AST/SIL, only used during IRGen
MAP(swift::TupleType, TupleTypeTag)
MAP(swift::ReferenceStorageType, ReferenceStorageTypeTag)
MAP(swift::WeakStorageType, WeakStorageTypeTag)
@@ -304,7 +302,7 @@ MAP(swift::TypeBase, TypeTag)
MAP(swift::StructType, StructTypeTag)
MAP(swift::ClassType, ClassTypeTag)
MAP(swift::ProtocolType, ProtocolTypeTag)
MAP(swift::BuiltinTupleType, void) // TODO (introduced in 5.8)
MAP(swift::BuiltinTupleType, void) // TODO, experimental
MAP(swift::BoundGenericType, BoundGenericTypeTag)
MAP(swift::BoundGenericClassType, BoundGenericClassTypeTag)
MAP(swift::BoundGenericEnumType, BoundGenericEnumTypeTag)
@@ -319,33 +317,29 @@ MAP(swift::TypeBase, TypeTag)
MAP(swift::ArchetypeType, ArchetypeTypeTag)
MAP(swift::PrimaryArchetypeType, PrimaryArchetypeTypeTag)
MAP(swift::OpaqueTypeArchetypeType, OpaqueTypeArchetypeTypeTag)
MAP(swift::LocalArchetypeType, OpenedArchetypeTypeTag) // TODO (introduced in 5.8)
MAP(swift::LocalArchetypeType, LocalArchetypeTypeTag)
MAP(swift::OpenedArchetypeType, OpenedArchetypeTypeTag)
MAP(swift::ElementArchetypeType, void) // TODO (introduced in 5.8)
MAP(swift::PackArchetypeType, void) // TODO (introduced in 5.8)
MAP(swift::ElementArchetypeType, ElementArchetypeTypeTag)
MAP(swift::PackArchetypeType, PackArchetypeTypeTag)
MAP(swift::GenericTypeParamType, GenericTypeParamTypeTag)
MAP(swift::DependentMemberType, DependentMemberTypeTag)
MAP(swift::AnyFunctionType, AnyFunctionTypeTag)
MAP(swift::FunctionType, FunctionTypeTag)
MAP(swift::GenericFunctionType, GenericFunctionTypeTag)
MAP(swift::SILFunctionType, void) // SIL types cannot really appear in the frontend run)
MAP(swift::SILBlockStorageType, void) // SIL types cannot really appear in the frontend run)
MAP(swift::SILBoxType, void) // SIL types cannot really appear in the frontend run)
MAP(swift::SILMoveOnlyWrappedType, void) // SIL types cannot really appear in the frontend run)
MAP(swift::SILTokenType, void) // SIL types cannot really appear in the frontend run)
#if CODEQL_SWIFT_VERSION_GE(5, 9)
MAP(swift::SILPackType, void) // TODO: (introduced in 5.9)
#endif
MAP(swift::SILFunctionType, void) // SIL types cannot really appear in the frontend run
MAP(swift::SILBlockStorageType, void) // SIL types cannot really appear in the frontend run
MAP(swift::SILBoxType, void) // SIL types cannot really appear in the frontend run
MAP(swift::SILMoveOnlyWrappedType, void) // SIL types cannot really appear in the frontend run
MAP(swift::SILTokenType, void) // SIL types cannot really appear in the frontend run
MAP(swift::SILPackType, void) // SIL types cannot really appear in the frontend run
MAP(swift::ProtocolCompositionType, ProtocolCompositionTypeTag)
MAP(swift::ParameterizedProtocolType, ParameterizedProtocolTypeTag)
MAP(swift::ExistentialType, ExistentialTypeTag)
MAP(swift::LValueType, LValueTypeTag)
MAP(swift::InOutType, InOutTypeTag)
MAP(swift::PackType, void) // experimental variadic generics
MAP(swift::PackExpansionType, void) // experimental variadic generics
#if CODEQL_SWIFT_VERSION_GE(5, 9)
MAP(swift::PackElementType, void) // TODO: (introduced in 5.9)
#endif
MAP(swift::PackType, PackTypeTag)
MAP(swift::PackExpansionType, PackExpansionTypeTag)
MAP(swift::PackElementType, PackElementTypeTag)
MAP(swift::TypeVariableType, void) // created during type checking and only used for constraint checking
MAP(swift::SugarType, SugarTypeTag)
MAP(swift::ParenType, ParenTypeTag)

37
swift/extractor/mangler/SwiftMangler.cpp
View File

@@ -138,7 +138,12 @@ void SwiftMangler::indexExtensions(llvm::ArrayRef<swift::Decl*> siblings) {
}
SwiftMangledName SwiftMangler::visitGenericTypeParamDecl(const swift::GenericTypeParamDecl* decl) {
return visitValueDecl(decl, /*force=*/true) << '_' << decl->getDepth() << '_' << decl->getIndex();
auto ret = visitValueDecl(decl, /*force=*/true);
if (decl->isParameterPack()) {
ret << "each_";
}
ret << '_' << decl->getDepth() << '_' << decl->getIndex();
return ret;
}
SwiftMangledName SwiftMangler::visitAssociatedTypeDecl(const swift::AssociatedTypeDecl* decl) {
@@ -259,6 +264,9 @@ SwiftMangledName SwiftMangler::visitGenericFunctionType(const swift::GenericFunc
SwiftMangledName SwiftMangler::visitGenericTypeParamType(const swift::GenericTypeParamType* type) {
auto ret = initMangled(type);
if (type->isParameterPack()) {
ret << "each_";
}
if (auto decl = type->getDecl()) {
ret << fetch(decl);
} else {
@@ -376,6 +384,33 @@ SwiftMangledName SwiftMangler::visitParametrizedProtocolType(
return ret;
}
SwiftMangledName SwiftMangler::visitPackArchetypeType(const swift::PackArchetypeType* type) {
return visitArchetypeType(type) << "...";
}
SwiftMangledName SwiftMangler::visitPackType(const swift::PackType* type) {
auto ret = initMangled(type);
for (auto element : type->getElementTypes()) {
ret << fetch(element);
}
return ret;
}
SwiftMangledName SwiftMangler::visitPackElementType(const swift::PackElementType* type) {
auto ret = initMangled(type);
ret << fetch(type->getPackType());
ret << '_' << type->getLevel();
return ret;
}
SwiftMangledName SwiftMangler::visitPackExpansionType(const swift::PackExpansionType* type) {
auto ret = initMangled(type);
ret << fetch(type->getPatternType());
ret << '_';
ret << fetch(type->getCountType());
return ret;
}
namespace {
template <typename E>
UntypedTrapLabel fetchLabel(SwiftDispatcher& dispatcher, const E* e) {

4
swift/extractor/mangler/SwiftMangler.h
View File

@@ -100,6 +100,10 @@ class SwiftMangler : private swift::TypeVisitor<SwiftMangler, SwiftMangledName>,
SwiftMangledName visitUnboundGenericType(const swift::UnboundGenericType* type);
SwiftMangledName visitReferenceStorageType(const swift::ReferenceStorageType* type);
SwiftMangledName visitParametrizedProtocolType(const swift::ParameterizedProtocolType* type);
SwiftMangledName visitPackArchetypeType(const swift::PackArchetypeType* type);
SwiftMangledName visitPackType(const swift::PackType* type);
SwiftMangledName visitPackElementType(const swift::PackElementType* type);
SwiftMangledName visitPackExpansionType(const swift::PackExpansionType* type);
private:
std::unordered_map<const swift::Decl*, unsigned> preloadedExtensionIndexes;

14
swift/extractor/translators/ExprTranslator.cpp
View File

@@ -643,4 +643,18 @@ codeql::SingleValueStmtExpr ExprTranslator::translateSingleValueStmtExpr(
return entry;
}
codeql::PackExpansionExpr ExprTranslator::translatePackExpansionExpr(
const swift::PackExpansionExpr& expr) {
auto entry = createExprEntry(expr);
entry.pattern_expr = dispatcher.fetchLabel(expr.getPatternExpr());
return entry;
}
codeql::PackElementExpr ExprTranslator::translatePackElementExpr(
const swift::PackElementExpr& expr) {
auto entry = createExprEntry(expr);
entry.sub_expr = dispatcher.fetchLabel(expr.getPackRefExpr());
return entry;
}
} // namespace codeql

2
swift/extractor/translators/ExprTranslator.h
View File

@@ -120,6 +120,8 @@ class ExprTranslator : public AstTranslatorBase<ExprTranslator> {
const swift::AppliedPropertyWrapperExpr& expr);
codeql::RegexLiteralExpr translateRegexLiteralExpr(const swift::RegexLiteralExpr& expr);
codeql::SingleValueStmtExpr translateSingleValueStmtExpr(const swift::SingleValueStmtExpr& expr);
codeql::PackExpansionExpr translatePackExpansionExpr(const swift::PackExpansionExpr& expr);
codeql::PackElementExpr translatePackElementExpr(const swift::PackElementExpr& expr);
private:
void fillClosureExpr(const swift::AbstractClosureExpr& expr, codeql::ClosureExpr& entry);

36
swift/extractor/translators/TypeTranslator.cpp
View File

@@ -267,4 +267,40 @@ codeql::ParameterizedProtocolType TypeTranslator::translateParameterizedProtocol
entry.args = dispatcher.fetchRepeatedLabels(type.getArgs());
return entry;
}
codeql::PackArchetypeType TypeTranslator::translatePackArchetypeType(
const swift::PackArchetypeType& type) {
auto entry = createTypeEntry(type);
fillArchetypeType(type, entry);
return entry;
}
codeql::ElementArchetypeType TypeTranslator::translateElementArchetypeType(
const swift::ElementArchetypeType& type) {
auto entry = createTypeEntry(type);
fillArchetypeType(type, entry);
return entry;
}
codeql::PackType TypeTranslator::translatePackType(const swift::PackType& type) {
auto entry = createTypeEntry(type);
entry.elements = dispatcher.fetchRepeatedLabels(type.getElementTypes());
return entry;
}
codeql::PackElementType TypeTranslator::translatePackElementType(
const swift::PackElementType& type) {
auto entry = createTypeEntry(type);
entry.pack_type = dispatcher.fetchLabel(type.getPackType());
return entry;
}
codeql::PackExpansionType TypeTranslator::translatePackExpansionType(
const swift::PackExpansionType& type) {
auto entry = createTypeEntry(type);
entry.pattern_type = dispatcher.fetchLabel(type.getPatternType());
entry.count_type = dispatcher.fetchLabel(type.getCountType());
return entry;
}
} // namespace codeql

6
swift/extractor/translators/TypeTranslator.h
View File

@@ -77,6 +77,12 @@ class TypeTranslator : public TypeTranslatorBase<TypeTranslator> {
codeql::UnresolvedType translateUnresolvedType(const swift::UnresolvedType& type);
codeql::ParameterizedProtocolType translateParameterizedProtocolType(
const swift::ParameterizedProtocolType& type);
codeql::PackArchetypeType translatePackArchetypeType(const swift::PackArchetypeType& type);
codeql::ElementArchetypeType translateElementArchetypeType(
const swift::ElementArchetypeType& type);
codeql::PackType translatePackType(const swift::PackType& type);
codeql::PackElementType translatePackElementType(const swift::PackElementType& type);
codeql::PackExpansionType translatePackExpansionType(const swift::PackExpansionType& type);
private:
void fillType(const swift::TypeBase& type, codeql::Type& entry);

49
swift/ql/.generated.list generated
View File

@@ -179,6 +179,10 @@ lib/codeql/swift/elements/expr/OptionalTryExprConstructor.qll 750601dd562ae374d1
lib/codeql/swift/elements/expr/OtherInitializerRefExprConstructor.qll 0e83793435d321a66b71247ab4527bf4ffb91489ed7d63f265a1d04bbb76784e 64b071e317aaf5c56c8234137e006cf3fa54ae0ea7de9db2a22328eded51e439
lib/codeql/swift/elements/expr/OverloadedDeclRefExpr.qll e45df795384b11946aecdb9145342fe36fb420d5d82ad0a3ee09b980488de0ee 88c5a5c13033e19eac593128a468ef6f9f39f4122c9acd758e90515431844de8
lib/codeql/swift/elements/expr/OverloadedDeclRefExprConstructor.qll 708d21e199ca1cbf9286d9cebdd1fe32dc49aa24607dcaad227cf58e041fddce 1108216769f70b4145108750c383301bbcbb9923e2a93b18cbecb9f16eefe111
lib/codeql/swift/elements/expr/PackElementExpr.qll cace495a688254a82e25c020129c1ffb798889388bc930fb89a70677cf590825 2221a6a097cfeefa06f169dbb01033db685ebbf6a11d5a8c2e9dbb0c5a93b260
lib/codeql/swift/elements/expr/PackElementExprConstructor.qll 935b6291a3bff156b281f69cbac14180cff52a02bebc43277d8e5b954bc46317 5d84cec9fc385e4c3f73c96137b0225cff577c4a4ebad57b01809478ac3d0b74
lib/codeql/swift/elements/expr/PackExpansionExpr.qll ce8a9e48de369922e42dcf1ccd428996ba77c241b5b2f997a00d33967b1ad1ac 49b0225292c19be93c6d7dc44949d686f9dd71dbd014d8badeaaa8acfc51a746
lib/codeql/swift/elements/expr/PackExpansionExprConstructor.qll 17eacc2f5aae97d57a2c332178404b076e2ef3170bb5d72205b693823a67e5f3 897def6d150414b6d33b284f8cbf31bfc4ad62c9ceac3ddc930682afb009aa4e
lib/codeql/swift/elements/expr/ParenExprConstructor.qll 4e335d3bcf9140a00da2df4850d894fa1ddfbd1ff9585f8ce03fd2dc78cf7616 507bb6b8f0980f87552f9cbaa7b2fc566e9756fac81fa9ae9b8cfe52c2e20bd2
lib/codeql/swift/elements/expr/PointerToPointerExpr.qll eaa402580a8a1756627f3b58bf820ccf8bbaad9c13f3a5e8b3984b9f47f5f78a 6dfc9d4aa5724af1dfb0d407ac46539c8e3f46cea82d8c3ffdc9ca51c48b3e50
lib/codeql/swift/elements/expr/PointerToPointerExprConstructor.qll 264432cb994355fe784f0747a2aac425d9cb50e45c7909f2088912114b41cf5c 22b94c03e9f3c0f071a21cab5eb8c3f4e2cfab455fbd83fdf69156eeec394a4b
@@ -303,6 +307,8 @@ lib/codeql/swift/elements/type/DependentMemberTypeConstructor.qll 45f45f997cfb82
lib/codeql/swift/elements/type/DictionaryType.qll 9404a6710b73518222058f82eccb67b6ba78b882af5258005e639021992d3e0a 07071c2cf22fd7c0af4780dfb3e4fb61300b1e2dc40c6722a01aeebfc5f49a5e
lib/codeql/swift/elements/type/DictionaryTypeConstructor.qll 2d85029082d8a5dda34ff3a3939ce5e908026ed7e7d3438f43de5e9dc20510d2 d8e3f431c1624431fb656f733388e692fb10b755dfcd856faeeb5d4c8e6d269c
lib/codeql/swift/elements/type/DynamicSelfTypeConstructor.qll 5b3da6f88918249f0afe7da0673c0333c53d548c1a8eb40c1ae4349654f3c272 1940db8f33a83e686345d9cffd9114f852d7caf951932b33cb9d93e3a9ba5620
lib/codeql/swift/elements/type/ElementArchetypeType.qll 966e67e1a9e4f576a9f4cdb25721a99ad835f2321eb127df95045e4897a10dcc e4d222f633117169074143025607e5efeb3eb94a705138087615a56e7154229b
lib/codeql/swift/elements/type/ElementArchetypeTypeConstructor.qll a37e38f4b824dd96c04e1ae37776d3b04001dbb9f9da011ac11bb8aaf2c5e9e2 31c1a8a6ff976efeceec2edcd7090e20911d0c691cad6527b81f1650e68ef2c3
lib/codeql/swift/elements/type/EnumType.qll 0f34be791e7feaaddaa2512e12e6078f9149277bf69233809f354e59fc8ff373 e7f2bc38959e8b7b108677fedce7818a41236d1ff19b80851e554e3cd65562c0
lib/codeql/swift/elements/type/EnumTypeConstructor.qll 42082a8131a1d23a3fc57f03470a2709fdd01fd492cc3ca53637ad0a1b22a80f 0eab43c0f7d7f415493ea776f857e91d64df60442737cb818361c9634c74ae48
lib/codeql/swift/elements/type/ErrorType.qll c338876a8174715bccd532b9457daed307ed91dd045230e0472cb1d8145e1ccd c126bb7e48bb3508a1f05c780145ab11a16cee9626ce7bbdcd40f07eecb54351
@@ -320,6 +326,7 @@ lib/codeql/swift/elements/type/GenericTypeParamTypeConstructor.qll b126ac4e7efcc
lib/codeql/swift/elements/type/InOutType.qll 5c2a61486308ba06d596ae18c81faddfe21d480800f1553c50527301428472bd 0f77e3ae3d1f79ce46b035c57c98348dee042f8c320804c502b5e748257506e6
lib/codeql/swift/elements/type/InOutTypeConstructor.qll 40550fd07551bc7c1692e08f1cb0692defca613c3c6403719efc5998eb1f1bfd 775f16224a455e336da239a179f84581b345803b9576aca119aeb3eef583d739
lib/codeql/swift/elements/type/LValueTypeConstructor.qll e3ab6ebb6191a2553bd4a483067acf7131862bc7235af2da74c35e2250300da8 cfa65d0f22416408ee1e5e5af440166fe5f5b39ae9bf1b9ae92bd9f9f2954b76
lib/codeql/swift/elements/type/LocalArchetypeType.qll 2cd1758b796425c7d5b59061dc54462b989e849087c50501178eca8a1d5b3cf2 79f6e00c912ad846def29cb94835937cb73b05a95587f50dd83fc56f1599359e
lib/codeql/swift/elements/type/MetatypeType.qll 5cad191a66cf56a87d9877747af431dee7b3a8b365a15749f73c100695675d4c 5fdaf2d4ff3f88d59bea1f00b9e36d7552afd0a9470e4d3c2284356e0322aeae
lib/codeql/swift/elements/type/MetatypeTypeConstructor.qll 7011a1307524477b7e3b43e2efb2ebcbdc7fec258455c95d3c2525cb8857bf3c b56938e2d9cd814b2fa3de569f091f42e716b399e73e024e405eb211f65a944c
lib/codeql/swift/elements/type/ModuleType.qll 30da0005552aac311337d001bb9d3026f1df920b6974eb58818afc8a536a2803 48663fe7144942c8aeb45fe80102877ce887a62fa42c4adf428f9c263bdde97f
@@ -331,6 +338,14 @@ lib/codeql/swift/elements/type/OpenedArchetypeType.qll e5802469d4428262c52967dee
lib/codeql/swift/elements/type/OpenedArchetypeTypeConstructor.qll 729a7f0545d9aa3449e92f60f1ff780188135c861cdd119a678569d27684f4c0 e6f51320aec9202d97695228b684cd35ed5f26cdc8576621ad74ca0a5f707fc6
lib/codeql/swift/elements/type/OptionalType.qll d1d1465bea4bac4d1d4fb0b499b858daf8a23fcd1e60d82ea813a3d864118ddb 1ba347068c75fae0f12923273fbc4d4a9feae5c57857ea406904d116b94513e8
lib/codeql/swift/elements/type/OptionalTypeConstructor.qll 648493a385d8a95b665fff776f52e23ecdc2a4baa355328fbb218a1510ff807f 4249552ad87c3e474e32c89e6bf6302d7de5d15980c550f97ec8576a5801770b
lib/codeql/swift/elements/type/PackArchetypeType.qll bd8c927df0938085a38a3ee51b1e5f4fdb4d7750b065e39ee7cbfbb7cca9114e 3370c26996ffc38c21040a0753fb02a52213b1d3edda658877b73ecaa7986012
lib/codeql/swift/elements/type/PackArchetypeTypeConstructor.qll 11ceeb4d0d337cde182804dc1b56f24ae624b74b55f62979c166172b53497a11 b46528bc0673a80a3d5ce29c358105b876967b73ae4a5596e6d7cf82e2292144
lib/codeql/swift/elements/type/PackElementType.qll c95e705d5c6a9f600d36bdcbe3b819216be9ecff5d6430da40a62d275cd00926 8b569c7c1ed4abff8a8985c8b30eb16d99917a2b69eee63bac32a4a84fb3d0f4
lib/codeql/swift/elements/type/PackElementTypeConstructor.qll aa8aabd646e9167a55d1fc830ae16199d0a2c883eb5a635f8c2058baaede6360 3e6285bdfbc3cd4c4a583515b7805cec458db2e0f80572656b735e57f3bdfc4a
lib/codeql/swift/elements/type/PackExpansionType.qll 1e5923d11afdfa89eee557cda2cff963b27c5eb420d437d4462d4c316cfa7c3b 91c1fb4ff8b3e01714b7c291722a1c6f544b0f8a650c4c1a01051bd598b311a3
lib/codeql/swift/elements/type/PackExpansionTypeConstructor.qll c8b73f03d6e3a8af0363db3be62cfef755a51285d0e1696e1fb72b0b0238595c 72b8509a2481f3def5cc4f47a7d3feae9cc44b2599b09d645fc21569a00a4f60
lib/codeql/swift/elements/type/PackType.qll 0bae7a6df5d217d8b2b7310a2738024a1e87c95f1c046fc0d5f8d8e7426d6c69 64998374519079c04a6c483c7c7f1480fabe04f0302424b5f55d28d3d0e232bf
lib/codeql/swift/elements/type/PackTypeConstructor.qll cafa01460fc2eefb816105a65954b48aaf042507ed358149c0b4a0fa9d160099 318b11d4e2582187d0adc2386ff8e02fa79cdcf62dfb88285943e41d846bc8b3
lib/codeql/swift/elements/type/ParameterizedProtocolType.qll efbce54d0b606c96c19675c43db94ab38190e21c977f270aba86889bce44fee9 017d8b2768045db8b1d529c7d9152163e087e6fca7e6cecef07c79b2a5c387d7
lib/codeql/swift/elements/type/ParameterizedProtocolTypeConstructor.qll 989c2a4bfe3739447f1d177bb35e9322ee4246c49f5e78f9fb51090eb5446c73 6cb94da1c1a6b301a41b08e7f60148550578caec1093724867c0efd27463e28a
lib/codeql/swift/elements/type/ParenType.qll 8f52dbc5fd5e872344cd42beefe7bc7bd9a3ced04ae8b023b93eb85ceb9d62a0 5684664d68e1c52f16389ce691fc36456f92b057c5923ec525b02b10f7994ed1
@@ -362,7 +377,7 @@ lib/codeql/swift/elements/type/UnresolvedTypeConstructor.qll 7f75d489b4d7ce65cae
lib/codeql/swift/elements/type/VariadicSequenceTypeConstructor.qll fc74a5a2a2effa28ef24509b20ee4373d97cf6e8c71840121bb031c6adedf584 c9b2effc1d01c13c5e6a74a111122fa79a2f6554dda3cb016d68ba397e566ec4
lib/codeql/swift/elements/type/WeakStorageType.qll edd13dd97b53040684409e187c1f975bcada6807c919e1345d8977144dbebb6f 9434c044d264a7f5f503a6422c106c9b8fedf74aaae314174473a29ea6ed17b9
lib/codeql/swift/elements/type/WeakStorageTypeConstructor.qll 5fdce3716aba6318522174a2c455a63480970222ae81c732fb19c6dd3ae2d271 60ea79d6943e129deba0deccb566cf9d73f78398b0f7f0212674d91287d6b2ae
lib/codeql/swift/elements.qll 5e5910ada6cf0cdd5b7665a355f5dcdc855680716971ad324f8b5b6dae280805 5e5910ada6cf0cdd5b7665a355f5dcdc855680716971ad324f8b5b6dae280805
lib/codeql/swift/elements.qll a9890434db7f1271edd3e61aebb2ddb170c3a71c22892d2d84a6d99dddbdbecf a9890434db7f1271edd3e61aebb2ddb170c3a71c22892d2d84a6d99dddbdbecf
lib/codeql/swift/generated/AstNode.qll e00d6a46b16891778531a73722ae0b5842f849328e24aebe88bc30ac9fe438c2 40eaa0072d3ffecbff48d2baf88111daa86ef0f937abf24f032f2495739ef661
lib/codeql/swift/generated/AvailabilityInfo.qll e90fbfc3ec6830390e12a4695698d6efd8da4fa6a8a4189f466489a6dd103586 d9545da9e5d0c160679a4147001b4b1c664d9cb85ae1a169dd639c35046d274d
lib/codeql/swift/generated/AvailabilitySpec.qll 469bbd39d38dc68f1f6fb2e0766cc25b2f813c804fec44962910d5f7777632a2 57a953a8d5cf7031283393af1b3cfbc7f5941c9062e77950b32e5b5c6ae6b191
@@ -378,12 +393,12 @@ lib/codeql/swift/generated/KeyPathComponent.qll 55629a20538d7e8f4f4d4c7484e8bcfd
lib/codeql/swift/generated/Locatable.qll 41f040643ea146c8044be49fddea89bdd79efd2469617c863a4b2da0b1af3364 9a964dcbc7f5ffce2ee006ce0c9a9a99a988976fcd0446af2ba1b202911d7396
lib/codeql/swift/generated/Location.qll 5b37ecde83a871ef2089cf33e4743fc02d9cf8c676aafd9f157c59ffdb776d6b 076d8d3d2313931e8287d196854acf259700124d9c8bc591a6d36017f314260a
lib/codeql/swift/generated/OtherAvailabilitySpec.qll 31f3667ab0dc5f93230ba876b4101898d2a5a4af306925082305eff3ad9c9c0e 31f3667ab0dc5f93230ba876b4101898d2a5a4af306925082305eff3ad9c9c0e
lib/codeql/swift/generated/ParentChild.qll 2d5086238b13be9399e479a912df76c6a29bb9a556fca377a214abe21d5128e3 f1347a812f99168987c9842a6e73168ea56e15afa7b1c370008d8347fbeffc11
lib/codeql/swift/generated/ParentChild.qll 2c655423a5efa7fe26070bf2272de0067c3288a37e6f8f7c85da46971e82ee1b e5dbf27a8efc0c4b9e2a53fd52ecd8afc3281a0a34386f6c900cd61ab4acaa83
lib/codeql/swift/generated/PlatformVersionAvailabilitySpec.qll 3483726f6db9d978e40db75068d6a9ecad8f7c06516157fce783b26424bea729 864fedf2901de91f662a6d75a2eb7e26ed1a2a1a875a2b3c4e699dc7e7c4605e
lib/codeql/swift/generated/PureSynthConstructors.qll 40f5c0c573ce12f16322d9efb12306750f672254cbc36a200c298cb08e504229 40f5c0c573ce12f16322d9efb12306750f672254cbc36a200c298cb08e504229
lib/codeql/swift/generated/Raw.qll 00582f74242803b3aac75448945443ed0578954c5620fb143cc6074b48616e6d b25e950dbc171c6a0cf086593e89daf177dcf24a314a4280b2cb63d24b5526ee
lib/codeql/swift/generated/Synth.qll 0e299d5d910589d82be11fc503640d425ea20478b8a5802347fbc575075dd53c dc87a4f03bb1ead4ef6676e6fd1b53b38b9ec6904b5113f24eb7a778f089490a
lib/codeql/swift/generated/SynthConstructors.qll 191a563ddd524a5267f15ff4c619570c51f827f17f41651966782af0f1791d3a 191a563ddd524a5267f15ff4c619570c51f827f17f41651966782af0f1791d3a
lib/codeql/swift/generated/Raw.qll 84fc2268f5a038e58c353d940624bb738d9a195dec5a130c4844f3f9d6a0d43c 1bb8ea3ed529d61c41302b2ea65d35155ed4fd4d3fc7764e361fc108ffd30a4f
lib/codeql/swift/generated/Synth.qll 345d99dfbb3b26173edece42dd9c00b7b49b0890e254915dc8ad393997fec1c5 fe1697b2c9dfe39ecc7e71915803773518c906c969c59ccb34252ee3d4719c5a
lib/codeql/swift/generated/SynthConstructors.qll d63f29c58f85bf4d77a31ce325a54dc972b3ceecb3fb61b8ddbb296318be4827 d63f29c58f85bf4d77a31ce325a54dc972b3ceecb3fb61b8ddbb296318be4827
lib/codeql/swift/generated/UnknownFile.qll 5922b351b55d5becac0c1ad67b8d601bcc9499dce9ee4093b607101e7e299104 5922b351b55d5becac0c1ad67b8d601bcc9499dce9ee4093b607101e7e299104
lib/codeql/swift/generated/UnknownLocation.qll 67b8605ff5aaa0f3a8588fee2527eba5ec4e322562159c9af3d53486b7954ee9 67b8605ff5aaa0f3a8588fee2527eba5ec4e322562159c9af3d53486b7954ee9
lib/codeql/swift/generated/UnspecifiedElement.qll 01182fee4d5c86b551e89c79d0d645f5e85c0aeeeae9dcafcbd7721c3eb3cc14 cb95ab2b13da080ada10e0a3bd1b00577541c4bfe699cbd19ef45f1e00e7c651
@@ -523,6 +538,8 @@ lib/codeql/swift/generated/expr/OptionalEvaluationExpr.qll 7435962be227d3b0e1635
lib/codeql/swift/generated/expr/OptionalTryExpr.qll 4bcae12d1fe2b486cedb08d41a4ccb213000563473cc76d13c081f13bed8d308 4bcae12d1fe2b486cedb08d41a4ccb213000563473cc76d13c081f13bed8d308
lib/codeql/swift/generated/expr/OtherInitializerRefExpr.qll d5318afb118b57a03226b484f87beeb6fe7b7415be72b15379725b955e243bb3 eb643b84efca0aefd4a7fc62d87539d8708414897564e95146845072f2d5d172
lib/codeql/swift/generated/expr/OverloadedDeclRefExpr.qll f262634d517c21ccf10bfbeb7c608399c55a27525fe53dccf19bf8feb39519ff 9505c4f6297809a9fb18891d997260bf1f34b6e50aadc94baa96ad3bd12cfb42
lib/codeql/swift/generated/expr/PackElementExpr.qll c89a2e6d296b4e6cc385dd486d3912e5212c5e778cf407aa04883d962955d365 d9c80eb183a07cd3160b2fb85d516fc393be116711cf6797240c4a9e7589d37c
lib/codeql/swift/generated/expr/PackExpansionExpr.qll cce34db99377ab3d6ca42c5e91b64f9af3cb9b4d63331f58420c770758ffa212 cbe677b2585d4de0256f91b0b46611be55a6b05438bc970bd9f4f87a2d01eb9b
lib/codeql/swift/generated/expr/ParenExpr.qll 87f305ccbce6a890500466ff25b7dee80635dddff660c69d73c565599583106e 87f305ccbce6a890500466ff25b7dee80635dddff660c69d73c565599583106e
lib/codeql/swift/generated/expr/PointerToPointerExpr.qll 5514a03c4e5187f93a0eef74ef58077f9273d15be26026f4cbf25fedcfa7b52e 5514a03c4e5187f93a0eef74ef58077f9273d15be26026f4cbf25fedcfa7b52e
lib/codeql/swift/generated/expr/PostfixUnaryExpr.qll 9beeca201a7ddb271bd4cf9e702bb50bbc2811293af4560c87560b2e080a6b85 9beeca201a7ddb271bd4cf9e702bb50bbc2811293af4560c87560b2e080a6b85
@@ -617,6 +634,7 @@ lib/codeql/swift/generated/type/ClassType.qll c4f908e15706b4760fad7c6626964e76bc
lib/codeql/swift/generated/type/DependentMemberType.qll 05d690bf9c37d20a68de066a5aa6de44f9799a9ab1e93907bbfce1ed192c6b92 908bf9f5060accf211186e59da0d35aa73312004649e7a46e3fc7ea093bd4885
lib/codeql/swift/generated/type/DictionaryType.qll 7a0d33b541b3ff46b63f6c3405c0736280b7f53b582df35048eac6068e3251ab 897b3949a05b709ce33f1323e99af665a4399a42b88dc2ef7e4415bbd5d36b51
lib/codeql/swift/generated/type/DynamicSelfType.qll 346780613b5480a392840a89d70708f44962d4b8ae560dafb83c89b388d350f3 e4611b7e5451bc2941acae559d184a372f86a2294b6d38ba30d3f380c201062a
lib/codeql/swift/generated/type/ElementArchetypeType.qll 5e5649299a0aa9aea5307e5f8576dcd1e1a2f4e7eb669f372e93ab94d489e3f8 5e5649299a0aa9aea5307e5f8576dcd1e1a2f4e7eb669f372e93ab94d489e3f8
lib/codeql/swift/generated/type/EnumType.qll d9d2649c2295cefb8c74f17c91c342aa6a636e75b8e0b455117935e467e7ad86 d9d2649c2295cefb8c74f17c91c342aa6a636e75b8e0b455117935e467e7ad86
lib/codeql/swift/generated/type/ErrorType.qll e99d713127b17aef9b18267547fee9d4e837e8e1307ca5e988077f5329522989 e99d713127b17aef9b18267547fee9d4e837e8e1307ca5e988077f5329522989
lib/codeql/swift/generated/type/ExistentialMetatypeType.qll 5fc22de223dff7f90a8d3a560e657c2fbb55eb7d4e029d22b2b41954377b3c13 5fc22de223dff7f90a8d3a560e657c2fbb55eb7d4e029d22b2b41954377b3c13
@@ -626,13 +644,18 @@ lib/codeql/swift/generated/type/GenericFunctionType.qll 2c72c0767002e24bbaa9d8de
lib/codeql/swift/generated/type/GenericTypeParamType.qll ce940f7d71ec77ba58366eea68f363bd0a495c397dd15549b26f7f3f82700f71 ce940f7d71ec77ba58366eea68f363bd0a495c397dd15549b26f7f3f82700f71
lib/codeql/swift/generated/type/InOutType.qll 7d595f57cafc7d7704c790baaa3924e1fad5f80b698ebbf4c3debd59a8493322 bcc1383cde976cf35998ae13da5943dc896b400cfb308240f365e3650b853422
lib/codeql/swift/generated/type/LValueType.qll 6b8b506fde0f264ad1ce788f45f0ebab52e28066116a4d92ea04d13e551cdf08 f73fc353cb1a18aebd03f12da0cb44a9be272cdb6ba8542507063ab1254e4127
lib/codeql/swift/generated/type/LocalArchetypeType.qll a0b7a867593745830895954acc6bca7f8390d0dab540d2c5b936d7f04bfbdb1e 44d245ff294ff253b47ab5fdeeede320bc5e23799f2f865573c92c6438a48c63
lib/codeql/swift/generated/type/MetatypeType.qll f6ae98c0c52c083e0732fbe2c3f497153e2ed6fd7477dd4b19075d1763f5f513 f6ae98c0c52c083e0732fbe2c3f497153e2ed6fd7477dd4b19075d1763f5f513
lib/codeql/swift/generated/type/ModuleType.qll 45fde60ae05849bc33c3c389d34e4367988d0cdbc33f36c8b42427264cd64da1 a9e299bbaceb71774d99dddaff05bcc5fc78e36b386e7284bc8373b57be74862
lib/codeql/swift/generated/type/NominalOrBoundGenericNominalType.qll de12f9b730f069542da0573896d608bdb8bc4d9b5e98afb771f348c4840cd079 a62e1cb5c752fc1d91188151d750c7d032c6af817bd4a45d4ef12199bd305a1f
lib/codeql/swift/generated/type/NominalType.qll 9b765cae4ad3732134960cd9ff19df755145011de927a4cb01deb9a42e7ade28 7d02b10cf5893495b295bdd2fd609b1feef1b7880a2c68aca1943c8028f4187f
lib/codeql/swift/generated/type/OpaqueTypeArchetypeType.qll 7cd43404233b58e233fba86400d26648d06c0f1d26733b6daf464ed28243a965 5a9eafdde36f5cc5de7e2c48e436bbf60ceda97c550c8e98c6eb0bab80e0d65e
lib/codeql/swift/generated/type/OpenedArchetypeType.qll c97ef576b15c18eaaa1a71c6f78ac3c2078ad9263244414a104d451234827dc9 c97ef576b15c18eaaa1a71c6f78ac3c2078ad9263244414a104d451234827dc9
lib/codeql/swift/generated/type/OpenedArchetypeType.qll 986f622aec1ab18eec626bdf7d4a7e48e88a0dc0845ccbc02aae4fe35dda771e 986f622aec1ab18eec626bdf7d4a7e48e88a0dc0845ccbc02aae4fe35dda771e
lib/codeql/swift/generated/type/OptionalType.qll 525ecb5f994735b1290009d3934719b4d11afb4e730e8fd2e199745ba70a9598 525ecb5f994735b1290009d3934719b4d11afb4e730e8fd2e199745ba70a9598
lib/codeql/swift/generated/type/PackArchetypeType.qll 73a2974a6b92744477d3e43450917eb6db7508f9a188f5f094e799ffcfc13957 73a2974a6b92744477d3e43450917eb6db7508f9a188f5f094e799ffcfc13957
lib/codeql/swift/generated/type/PackElementType.qll 6ce22bf74e1691aca208370fac94ee3d1831f8b4b16a2ca5d8fae60d54ee5d41 d9c53c1ab666f31c1d9bbeec709c1f922408a9f324ef4eda4c95d84498fa0b67
lib/codeql/swift/generated/type/PackExpansionType.qll ad4d052f52148fa81a598847af3835eacbc055ec520de5dbc5db9495506166da f6d2f065e6be68cef3cd8205420b91ba9178dd19d560c8b3dbe5607d21374936
lib/codeql/swift/generated/type/PackType.qll 96ec5ad1e2d0077ac4b26af7d44d2042f985735da1638369dbab8c15997e3cf5 d2bdbc9bf9e1a7840138d54b40eb3910b0352097445b84dd00442141e2973b96
lib/codeql/swift/generated/type/ParameterizedProtocolType.qll ba347b008dd5b77e7587217e9c00a1477184a2f211ad6873ea7c3477160fef76 83c4d0ea852fa9cd8e3495c457642089f9a7de4229606063129b051300a38392
lib/codeql/swift/generated/type/ParenType.qll 7d98f57af014c5956bd3d938e0bf0f730eca91c03d9fab27fd6f8f64ed3bd807 961701cfa859b5ec8e3408de572992b56cc626d1c85c970d5f71379ba653e047
lib/codeql/swift/generated/type/PrimaryArchetypeType.qll 549961500a6ba752c3beed184ea21b038182ccfaefddf752b296bc0c0a5a834b 549961500a6ba752c3beed184ea21b038182ccfaefddf752b296bc0c0a5a834b
@@ -826,6 +849,10 @@ test/extractor-tests/generated/expr/OpenExistentialExpr/OpenExistentialExpr_getT
test/extractor-tests/generated/expr/OptionalEvaluationExpr/MISSING_SOURCE.txt 66846d526b0bc4328735c3c4dd9c390a9325da5b5dfd42ec07622f9c7108a7d7 66846d526b0bc4328735c3c4dd9c390a9325da5b5dfd42ec07622f9c7108a7d7
test/extractor-tests/generated/expr/OptionalTryExpr/MISSING_SOURCE.txt 66846d526b0bc4328735c3c4dd9c390a9325da5b5dfd42ec07622f9c7108a7d7 66846d526b0bc4328735c3c4dd9c390a9325da5b5dfd42ec07622f9c7108a7d7
test/extractor-tests/generated/expr/OtherInitializerRefExpr/MISSING_SOURCE.txt 66846d526b0bc4328735c3c4dd9c390a9325da5b5dfd42ec07622f9c7108a7d7 66846d526b0bc4328735c3c4dd9c390a9325da5b5dfd42ec07622f9c7108a7d7
test/extractor-tests/generated/expr/PackExpansionExpr/PackElementExpr.ql cd0a90689c84e4c0b0ed0b2175e269d9f7b3cc5ec37dc6dc8911000561b40d9d 7f505eca22c08b51af8f0b3722e4cfb5359d5b85f152845c6ee8049cbd0b8708
test/extractor-tests/generated/expr/PackExpansionExpr/PackElementExpr_getType.ql 44fd25a08560015c6657bf345d945ada3c22eb661685c48132e246302d2f7a3d 8b2ac56ea6943fa87da59ca4c3bc0ef3cbf2690c263277b3583dcf9032a1edcc
test/extractor-tests/generated/expr/PackExpansionExpr/PackExpansionExpr.ql e6d88ab4016e070f620396d9a66b601761bf44182dc3691b8ca362475abecf2b f740b618d2daae07da25ee4c8618c0dabbf806c9c48aa71c9d342da14d98b4f9
test/extractor-tests/generated/expr/PackExpansionExpr/PackExpansionExpr_getType.ql 0c6d5c4faa424c1c134b191b334acf091bc3466c0d4be7c9757d0cc0212393aa a6a82c1aef73658e58bd67416cef111a8a7901c72931554fe0125bef97adb0f8
test/extractor-tests/generated/expr/PostfixUnaryExpr/PostfixUnaryExpr.ql 7687a79d05efbbae7ce68780cb946cb500ed79c5e03aa0f3c132d0b98b6efe80 f23082710afb2bc247acab84b669540664461f0ec04a946125f17586640dfba8
test/extractor-tests/generated/expr/PostfixUnaryExpr/PostfixUnaryExpr_getArgument.ql 3b0e6f81599e5565bb78aff753932776c933fefdc8dc49e57db9f5b4164017f6 43031a3d0baa58f69b89a8a5d69f1a40ffeeaddc8a630d241e107de63ea54532
test/extractor-tests/generated/expr/PostfixUnaryExpr/PostfixUnaryExpr_getType.ql fa909883140fe89084c289c18ebc681402c38d0f37159d01f043f62de80521fc 4cd748e201e9374e589eaa0e3cc10310a1378bba15272a327d5cf54dbd526e8f
@@ -912,6 +939,16 @@ test/extractor-tests/generated/type/OpenedArchetypeType/OpenedArchetypeType.ql d
test/extractor-tests/generated/type/OpenedArchetypeType/OpenedArchetypeType_getProtocol.ql c208618d6bd7d4759581f06fad2b452077a0d865b4fb4288eff591fc7b16cd67 3bd6b8e1d1bc14bd27144a8356e07520d36ea21b6ea4adb61e84a2013e8701fc
test/extractor-tests/generated/type/OpenedArchetypeType/OpenedArchetypeType_getSuperclass.ql bb7fc71b2d84e8c5492bb4c61492dabbce898bfb680979aadd88c4de44ea5af7 acae343087222e8eb7e4dfa0e256097d9592a9668afcb5706bcba5548afc0770
test/extractor-tests/generated/type/OptionalType/MISSING_SOURCE.txt 66846d526b0bc4328735c3c4dd9c390a9325da5b5dfd42ec07622f9c7108a7d7 66846d526b0bc4328735c3c4dd9c390a9325da5b5dfd42ec07622f9c7108a7d7
test/extractor-tests/generated/type/PackType/ElementArchetypeType.ql 443fb5f7b0c2a44a8330b0be19fcf50ac0096e8c49958ef1d39ff10382f23b58 159a4091066152d7e004b1f83760a1ace8687c8ae4f7fd6652cc290866f4341d
test/extractor-tests/generated/type/PackType/ElementArchetypeType_getProtocol.ql 42d8b99fef2305be5ac4da035f9cf3bc97e8a1233b55a363457d2bb4be084c3f 5bfdc26bce14b93d8cd022a207c5fedf8ba88675acbb5be7d23154b7f944128f
test/extractor-tests/generated/type/PackType/ElementArchetypeType_getSuperclass.ql 1b207ac5c655099e466a5282d86d79b1189d3533430ce612b2fca490f202d7f5 289436799aae5f8fce3fbb93aa9a8a4bbf5a4b430f5f798f08e8e7e69512e942
test/extractor-tests/generated/type/PackType/PackArchetypeType.ql 98c97dc0cde7e9ab3cb3f0527f653ef0bad8ad1f1579aa3d19a40320397e0cfe 62779a553b24839a7ad4bc128c3b8d2cc5c9ed4f2c24ad62cd681df1a587d367
test/extractor-tests/generated/type/PackType/PackArchetypeType_getProtocol.ql 4e61f6dc6396f8477b13a4c67a795074c1d7a636765895364d771aabcdae6c04 08e0a65b94e9d95593019159d892f4685c329d22ae32de315f1fdde1075b3640
test/extractor-tests/generated/type/PackType/PackArchetypeType_getSuperclass.ql 7521c115885b3db747a59210598d86e1ab3d40f4639fec9bd4e7345153d3f540 ba9aa0337af8962f78b320ae7dc36ddbe48dba16203093689e9e42523e0c21b1
test/extractor-tests/generated/type/PackType/PackElementType.ql b95e486d70aa8e11f06eb60d21f7b5d95be6b323632515a98d5ac9b7df5a537d 7608c97191298077921fe73992ec96c6a6bb53d8ab19767881984aecb987f5ad
test/extractor-tests/generated/type/PackType/PackExpansionType.ql fac2913e5e10240e9f3dc964223414418b0809b2bc62a6436f6be5b0eeddcfe3 f1e8571aae588717bcfce6d6fd78bf6ccb2d5b91815fa0fbfd868fc1eff5613d
test/extractor-tests/generated/type/PackType/PackType.ql f5c2e10bcc8e5c3c9fc81d2ec777200c320ab71c3a3d4b378845cc0d3dfeef1e 308874e103bf1b01f89e5a311fa553b37e7e859312d5e6d7428e5546ad239ef6
test/extractor-tests/generated/type/PackType/PackType_getElement.ql da17d8ddad4f584ae2fed2d284522750ebe754f957f30ef86839f47308a1af83 8be7b8de45dbfd01497fccf642ed63e53e05fb23deb22189f0c64ef5bedc570a
test/extractor-tests/generated/type/ParameterizedProtocolType/ParameterizedProtocolType.ql dad743465b62dca457d64ff04bde24027050edb6d80054738f59e6026fbb00d7 119d085d65930b0b286ccdb8dc3aecb7eb46133e9f4ea18a6733751713b8ae5c
test/extractor-tests/generated/type/ParameterizedProtocolType/ParameterizedProtocolType_getArg.ql 8d10c3c858dedba47f227ebc92745916a248cd040ad944b80bf0d7a19af229d3 a29e2e0df269034c4f1fbd8f6de6d5898e895ad8b90628d5c869a45b596b53fc
test/extractor-tests/generated/type/ParenType/MISSING_SOURCE.txt 66846d526b0bc4328735c3c4dd9c390a9325da5b5dfd42ec07622f9c7108a7d7 66846d526b0bc4328735c3c4dd9c390a9325da5b5dfd42ec07622f9c7108a7d7

37
swift/ql/.gitattributes generated vendored
View File

@@ -181,6 +181,10 @@
/lib/codeql/swift/elements/expr/OtherInitializerRefExprConstructor.qll linguist-generated
/lib/codeql/swift/elements/expr/OverloadedDeclRefExpr.qll linguist-generated
/lib/codeql/swift/elements/expr/OverloadedDeclRefExprConstructor.qll linguist-generated
/lib/codeql/swift/elements/expr/PackElementExpr.qll linguist-generated
/lib/codeql/swift/elements/expr/PackElementExprConstructor.qll linguist-generated
/lib/codeql/swift/elements/expr/PackExpansionExpr.qll linguist-generated
/lib/codeql/swift/elements/expr/PackExpansionExprConstructor.qll linguist-generated
/lib/codeql/swift/elements/expr/ParenExprConstructor.qll linguist-generated
/lib/codeql/swift/elements/expr/PointerToPointerExpr.qll linguist-generated
/lib/codeql/swift/elements/expr/PointerToPointerExprConstructor.qll linguist-generated
@@ -305,6 +309,8 @@
/lib/codeql/swift/elements/type/DictionaryType.qll linguist-generated
/lib/codeql/swift/elements/type/DictionaryTypeConstructor.qll linguist-generated
/lib/codeql/swift/elements/type/DynamicSelfTypeConstructor.qll linguist-generated
/lib/codeql/swift/elements/type/ElementArchetypeType.qll linguist-generated
/lib/codeql/swift/elements/type/ElementArchetypeTypeConstructor.qll linguist-generated
/lib/codeql/swift/elements/type/EnumType.qll linguist-generated
/lib/codeql/swift/elements/type/EnumTypeConstructor.qll linguist-generated
/lib/codeql/swift/elements/type/ErrorType.qll linguist-generated
@@ -322,6 +328,7 @@
/lib/codeql/swift/elements/type/InOutType.qll linguist-generated
/lib/codeql/swift/elements/type/InOutTypeConstructor.qll linguist-generated
/lib/codeql/swift/elements/type/LValueTypeConstructor.qll linguist-generated
/lib/codeql/swift/elements/type/LocalArchetypeType.qll linguist-generated
/lib/codeql/swift/elements/type/MetatypeType.qll linguist-generated
/lib/codeql/swift/elements/type/MetatypeTypeConstructor.qll linguist-generated
/lib/codeql/swift/elements/type/ModuleType.qll linguist-generated
@@ -333,6 +340,14 @@
/lib/codeql/swift/elements/type/OpenedArchetypeTypeConstructor.qll linguist-generated
/lib/codeql/swift/elements/type/OptionalType.qll linguist-generated
/lib/codeql/swift/elements/type/OptionalTypeConstructor.qll linguist-generated
/lib/codeql/swift/elements/type/PackArchetypeType.qll linguist-generated
/lib/codeql/swift/elements/type/PackArchetypeTypeConstructor.qll linguist-generated
/lib/codeql/swift/elements/type/PackElementType.qll linguist-generated
/lib/codeql/swift/elements/type/PackElementTypeConstructor.qll linguist-generated
/lib/codeql/swift/elements/type/PackExpansionType.qll linguist-generated
/lib/codeql/swift/elements/type/PackExpansionTypeConstructor.qll linguist-generated
/lib/codeql/swift/elements/type/PackType.qll linguist-generated
/lib/codeql/swift/elements/type/PackTypeConstructor.qll linguist-generated
/lib/codeql/swift/elements/type/ParameterizedProtocolType.qll linguist-generated
/lib/codeql/swift/elements/type/ParameterizedProtocolTypeConstructor.qll linguist-generated
/lib/codeql/swift/elements/type/ParenType.qll linguist-generated
@@ -525,6 +540,8 @@
/lib/codeql/swift/generated/expr/OptionalTryExpr.qll linguist-generated
/lib/codeql/swift/generated/expr/OtherInitializerRefExpr.qll linguist-generated
/lib/codeql/swift/generated/expr/OverloadedDeclRefExpr.qll linguist-generated
/lib/codeql/swift/generated/expr/PackElementExpr.qll linguist-generated
/lib/codeql/swift/generated/expr/PackExpansionExpr.qll linguist-generated
/lib/codeql/swift/generated/expr/ParenExpr.qll linguist-generated
/lib/codeql/swift/generated/expr/PointerToPointerExpr.qll linguist-generated
/lib/codeql/swift/generated/expr/PostfixUnaryExpr.qll linguist-generated
@@ -619,6 +636,7 @@
/lib/codeql/swift/generated/type/DependentMemberType.qll linguist-generated
/lib/codeql/swift/generated/type/DictionaryType.qll linguist-generated
/lib/codeql/swift/generated/type/DynamicSelfType.qll linguist-generated
/lib/codeql/swift/generated/type/ElementArchetypeType.qll linguist-generated
/lib/codeql/swift/generated/type/EnumType.qll linguist-generated
/lib/codeql/swift/generated/type/ErrorType.qll linguist-generated
/lib/codeql/swift/generated/type/ExistentialMetatypeType.qll linguist-generated
@@ -628,6 +646,7 @@
/lib/codeql/swift/generated/type/GenericTypeParamType.qll linguist-generated
/lib/codeql/swift/generated/type/InOutType.qll linguist-generated
/lib/codeql/swift/generated/type/LValueType.qll linguist-generated
/lib/codeql/swift/generated/type/LocalArchetypeType.qll linguist-generated
/lib/codeql/swift/generated/type/MetatypeType.qll linguist-generated
/lib/codeql/swift/generated/type/ModuleType.qll linguist-generated
/lib/codeql/swift/generated/type/NominalOrBoundGenericNominalType.qll linguist-generated
@@ -635,6 +654,10 @@
/lib/codeql/swift/generated/type/OpaqueTypeArchetypeType.qll linguist-generated
/lib/codeql/swift/generated/type/OpenedArchetypeType.qll linguist-generated
/lib/codeql/swift/generated/type/OptionalType.qll linguist-generated
/lib/codeql/swift/generated/type/PackArchetypeType.qll linguist-generated
/lib/codeql/swift/generated/type/PackElementType.qll linguist-generated
/lib/codeql/swift/generated/type/PackExpansionType.qll linguist-generated
/lib/codeql/swift/generated/type/PackType.qll linguist-generated
/lib/codeql/swift/generated/type/ParameterizedProtocolType.qll linguist-generated
/lib/codeql/swift/generated/type/ParenType.qll linguist-generated
/lib/codeql/swift/generated/type/PrimaryArchetypeType.qll linguist-generated
@@ -828,6 +851,10 @@
/test/extractor-tests/generated/expr/OptionalEvaluationExpr/MISSING_SOURCE.txt linguist-generated
/test/extractor-tests/generated/expr/OptionalTryExpr/MISSING_SOURCE.txt linguist-generated
/test/extractor-tests/generated/expr/OtherInitializerRefExpr/MISSING_SOURCE.txt linguist-generated
/test/extractor-tests/generated/expr/PackExpansionExpr/PackElementExpr.ql linguist-generated
/test/extractor-tests/generated/expr/PackExpansionExpr/PackElementExpr_getType.ql linguist-generated
/test/extractor-tests/generated/expr/PackExpansionExpr/PackExpansionExpr.ql linguist-generated
/test/extractor-tests/generated/expr/PackExpansionExpr/PackExpansionExpr_getType.ql linguist-generated
/test/extractor-tests/generated/expr/PostfixUnaryExpr/PostfixUnaryExpr.ql linguist-generated
/test/extractor-tests/generated/expr/PostfixUnaryExpr/PostfixUnaryExpr_getArgument.ql linguist-generated
/test/extractor-tests/generated/expr/PostfixUnaryExpr/PostfixUnaryExpr_getType.ql linguist-generated
@@ -914,6 +941,16 @@
/test/extractor-tests/generated/type/OpenedArchetypeType/OpenedArchetypeType_getProtocol.ql linguist-generated
/test/extractor-tests/generated/type/OpenedArchetypeType/OpenedArchetypeType_getSuperclass.ql linguist-generated
/test/extractor-tests/generated/type/OptionalType/MISSING_SOURCE.txt linguist-generated
/test/extractor-tests/generated/type/PackType/ElementArchetypeType.ql linguist-generated
/test/extractor-tests/generated/type/PackType/ElementArchetypeType_getProtocol.ql linguist-generated
/test/extractor-tests/generated/type/PackType/ElementArchetypeType_getSuperclass.ql linguist-generated
/test/extractor-tests/generated/type/PackType/PackArchetypeType.ql linguist-generated
/test/extractor-tests/generated/type/PackType/PackArchetypeType_getProtocol.ql linguist-generated
/test/extractor-tests/generated/type/PackType/PackArchetypeType_getSuperclass.ql linguist-generated
/test/extractor-tests/generated/type/PackType/PackElementType.ql linguist-generated
/test/extractor-tests/generated/type/PackType/PackExpansionType.ql linguist-generated
/test/extractor-tests/generated/type/PackType/PackType.ql linguist-generated
/test/extractor-tests/generated/type/PackType/PackType_getElement.ql linguist-generated
/test/extractor-tests/generated/type/ParameterizedProtocolType/ParameterizedProtocolType.ql linguist-generated
/test/extractor-tests/generated/type/ParameterizedProtocolType/ParameterizedProtocolType_getArg.ql linguist-generated
/test/extractor-tests/generated/type/ParenType/MISSING_SOURCE.txt linguist-generated

4
swift/ql/lib/change-notes/2023-11-09-parameter-packs.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: majorAnalysis
---
* AST and types related to parameter packs are now extracted

18
swift/ql/lib/codeql/swift/controlflow/internal/ControlFlowGraphImpl.qll
View File

@@ -1426,6 +1426,24 @@ module Exprs {
}
}
/** Control-flow for Pack Expansion. See the QLDoc for `PackExpansionExpr` for details. */
private class PackExpansionExprTree extends AstStandardPostOrderTree {
override PackExpansionExpr ast;
final override ControlFlowElement getChildElement(int i) {
i = 0 and result.asAstNode() = ast.getPatternExpr().getFullyConverted()
}
}
/** Control-flow for Pack Expansion. See the QLDoc for `PackElementExpr` for details. */
private class PackElementExprTree extends AstStandardPostOrderTree {
override PackElementExpr ast;
final override ControlFlowElement getChildElement(int i) {
i = 0 and result.asAstNode() = ast.getSubExpr().getFullyUnresolved()
}
}
private class OpaqueValueExprTree extends AstLeafTree {
override OpaqueValueExpr ast;
}

8
swift/ql/lib/codeql/swift/elements.qll generated
View File

@@ -155,6 +155,8 @@ import codeql.swift.elements.expr.OptionalEvaluationExpr
import codeql.swift.elements.expr.OptionalTryExpr
import codeql.swift.elements.expr.OtherInitializerRefExpr
import codeql.swift.elements.expr.OverloadedDeclRefExpr
import codeql.swift.elements.expr.PackElementExpr
import codeql.swift.elements.expr.PackExpansionExpr
import codeql.swift.elements.expr.ParenExpr
import codeql.swift.elements.expr.PointerToPointerExpr
import codeql.swift.elements.expr.PostfixUnaryExpr
@@ -248,6 +250,7 @@ import codeql.swift.elements.type.ClassType
import codeql.swift.elements.type.DependentMemberType
import codeql.swift.elements.type.DictionaryType
import codeql.swift.elements.type.DynamicSelfType
import codeql.swift.elements.type.ElementArchetypeType
import codeql.swift.elements.type.EnumType
import codeql.swift.elements.type.ErrorType
import codeql.swift.elements.type.ExistentialMetatypeType
@@ -257,6 +260,7 @@ import codeql.swift.elements.type.GenericFunctionType
import codeql.swift.elements.type.GenericTypeParamType
import codeql.swift.elements.type.InOutType
import codeql.swift.elements.type.LValueType
import codeql.swift.elements.type.LocalArchetypeType
import codeql.swift.elements.type.MetatypeType
import codeql.swift.elements.type.ModuleType
import codeql.swift.elements.type.NominalOrBoundGenericNominalType
@@ -264,6 +268,10 @@ import codeql.swift.elements.type.NominalType
import codeql.swift.elements.type.OpaqueTypeArchetypeType
import codeql.swift.elements.type.OpenedArchetypeType
import codeql.swift.elements.type.OptionalType
import codeql.swift.elements.type.PackArchetypeType
import codeql.swift.elements.type.PackElementType
import codeql.swift.elements.type.PackExpansionType
import codeql.swift.elements.type.PackType
import codeql.swift.elements.type.ParameterizedProtocolType
import codeql.swift.elements.type.ParenType
import codeql.swift.elements.type.PrimaryArchetypeType

8
swift/ql/lib/codeql/swift/elements/expr/PackElementExpr.qll generated Normal file
View File

@@ -0,0 +1,8 @@
// generated by codegen/codegen.py, remove this comment if you wish to edit this file
/**
* This module provides a hand-modifiable wrapper around the generated class `PackElementExpr`.
*/
private import codeql.swift.generated.expr.PackElementExpr
class PackElementExpr extends Generated::PackElementExpr { }

14
swift/ql/lib/codeql/swift/elements/expr/PackElementExprConstructor.qll generated Normal file
View File

@@ -0,0 +1,14 @@
// generated by codegen/codegen.py, remove this comment if you wish to edit this file
/**
* This module defines the hook used internally to tweak the characteristic predicate of
* `PackElementExpr` synthesized instances.
* INTERNAL: Do not use.
*/
private import codeql.swift.generated.Raw
/**
* The characteristic predicate of `PackElementExpr` synthesized instances.
* INTERNAL: Do not use.
*/
predicate constructPackElementExpr(Raw::PackElementExpr id) { any() }

8
swift/ql/lib/codeql/swift/elements/expr/PackExpansionExpr.qll generated Normal file
View File

@@ -0,0 +1,8 @@
// generated by codegen/codegen.py, remove this comment if you wish to edit this file
/**
* This module provides a hand-modifiable wrapper around the generated class `PackExpansionExpr`.
*/
private import codeql.swift.generated.expr.PackExpansionExpr
class PackExpansionExpr extends Generated::PackExpansionExpr { }

14
swift/ql/lib/codeql/swift/elements/expr/PackExpansionExprConstructor.qll generated Normal file
View File

@@ -0,0 +1,14 @@
// generated by codegen/codegen.py, remove this comment if you wish to edit this file
/**
* This module defines the hook used internally to tweak the characteristic predicate of
* `PackExpansionExpr` synthesized instances.
* INTERNAL: Do not use.
*/
private import codeql.swift.generated.Raw
/**
* The characteristic predicate of `PackExpansionExpr` synthesized instances.
* INTERNAL: Do not use.
*/
predicate constructPackExpansionExpr(Raw::PackExpansionExpr id) { any() }

8
swift/ql/lib/codeql/swift/elements/type/ElementArchetypeType.qll generated Normal file
View File

@@ -0,0 +1,8 @@
// generated by codegen/codegen.py, remove this comment if you wish to edit this file
/**
* This module provides a hand-modifiable wrapper around the generated class `ElementArchetypeType`.
*/
private import codeql.swift.generated.type.ElementArchetypeType
class ElementArchetypeType extends Generated::ElementArchetypeType { }

14
swift/ql/lib/codeql/swift/elements/type/ElementArchetypeTypeConstructor.qll generated Normal file
View File

@@ -0,0 +1,14 @@
// generated by codegen/codegen.py, remove this comment if you wish to edit this file
/**
* This module defines the hook used internally to tweak the characteristic predicate of
* `ElementArchetypeType` synthesized instances.
* INTERNAL: Do not use.
*/
private import codeql.swift.generated.Raw
/**
* The characteristic predicate of `ElementArchetypeType` synthesized instances.
* INTERNAL: Do not use.
*/
predicate constructElementArchetypeType(Raw::ElementArchetypeType id) { any() }

8
swift/ql/lib/codeql/swift/elements/type/LocalArchetypeType.qll generated Normal file
View File

@@ -0,0 +1,8 @@
// generated by codegen/codegen.py, remove this comment if you wish to edit this file
/**
* This module provides a hand-modifiable wrapper around the generated class `LocalArchetypeType`.
*/
private import codeql.swift.generated.type.LocalArchetypeType
class LocalArchetypeType extends Generated::LocalArchetypeType { }

8
swift/ql/lib/codeql/swift/elements/type/PackArchetypeType.qll generated Normal file
View File

@@ -0,0 +1,8 @@
// generated by codegen/codegen.py, remove this comment if you wish to edit this file
/**
* This module provides a hand-modifiable wrapper around the generated class `PackArchetypeType`.
*/
private import codeql.swift.generated.type.PackArchetypeType
class PackArchetypeType extends Generated::PackArchetypeType { }

14
swift/ql/lib/codeql/swift/elements/type/PackArchetypeTypeConstructor.qll generated Normal file
View File

@@ -0,0 +1,14 @@
// generated by codegen/codegen.py, remove this comment if you wish to edit this file
/**
* This module defines the hook used internally to tweak the characteristic predicate of
* `PackArchetypeType` synthesized instances.
* INTERNAL: Do not use.
*/
private import codeql.swift.generated.Raw
/**
* The characteristic predicate of `PackArchetypeType` synthesized instances.
* INTERNAL: Do not use.
*/
predicate constructPackArchetypeType(Raw::PackArchetypeType id) { any() }

8
swift/ql/lib/codeql/swift/elements/type/PackElementType.qll generated Normal file
View File

@@ -0,0 +1,8 @@
// generated by codegen/codegen.py, remove this comment if you wish to edit this file
/**
* This module provides a hand-modifiable wrapper around the generated class `PackElementType`.
*/
private import codeql.swift.generated.type.PackElementType
class PackElementType extends Generated::PackElementType { }

14
swift/ql/lib/codeql/swift/elements/type/PackElementTypeConstructor.qll generated Normal file
View File

@@ -0,0 +1,14 @@
// generated by codegen/codegen.py, remove this comment if you wish to edit this file
/**
* This module defines the hook used internally to tweak the characteristic predicate of
* `PackElementType` synthesized instances.
* INTERNAL: Do not use.
*/
private import codeql.swift.generated.Raw
/**
* The characteristic predicate of `PackElementType` synthesized instances.
* INTERNAL: Do not use.
*/
predicate constructPackElementType(Raw::PackElementType id) { any() }

8
swift/ql/lib/codeql/swift/elements/type/PackExpansionType.qll generated Normal file
View File

@@ -0,0 +1,8 @@
// generated by codegen/codegen.py, remove this comment if you wish to edit this file
/**
* This module provides a hand-modifiable wrapper around the generated class `PackExpansionType`.
*/
private import codeql.swift.generated.type.PackExpansionType
class PackExpansionType extends Generated::PackExpansionType { }

14
swift/ql/lib/codeql/swift/elements/type/PackExpansionTypeConstructor.qll generated Normal file
View File

@@ -0,0 +1,14 @@
// generated by codegen/codegen.py, remove this comment if you wish to edit this file
/**
* This module defines the hook used internally to tweak the characteristic predicate of
* `PackExpansionType` synthesized instances.
* INTERNAL: Do not use.
*/
private import codeql.swift.generated.Raw
/**
* The characteristic predicate of `PackExpansionType` synthesized instances.
* INTERNAL: Do not use.
*/
predicate constructPackExpansionType(Raw::PackExpansionType id) { any() }

8
swift/ql/lib/codeql/swift/elements/type/PackType.qll generated Normal file
View File

@@ -0,0 +1,8 @@
// generated by codegen/codegen.py, remove this comment if you wish to edit this file
/**
* This module provides a hand-modifiable wrapper around the generated class `PackType`.
*/
private import codeql.swift.generated.type.PackType
class PackType extends Generated::PackType { }

14
swift/ql/lib/codeql/swift/elements/type/PackTypeConstructor.qll generated Normal file
View File

@@ -0,0 +1,14 @@
// generated by codegen/codegen.py, remove this comment if you wish to edit this file
/**
* This module defines the hook used internally to tweak the characteristic predicate of
* `PackType` synthesized instances.
* INTERNAL: Do not use.
*/
private import codeql.swift.generated.Raw
/**
* The characteristic predicate of `PackType` synthesized instances.
* INTERNAL: Do not use.
*/
predicate constructPackType(Raw::PackType id) { any() }

4
swift/ql/lib/codeql/swift/frameworks/StandardLibrary/NsString.qll
View File

@@ -103,8 +103,8 @@ private class NsStringSummaries extends SummaryModelCsv {
";NSString;true;data(using:);;;Argument[-1];ReturnValue;taint",
";NSString;true;data(using:allowLossyConversion:);;;Argument[-1];ReturnValue;taint",
";NSString;true;path(withComponents:);;;Argument[0].CollectionElement;ReturnValue;taint",
";NSString;true;completePath(into:caseSensitive:matchesInto:filterTypes:);;;Argument[-1];Argument[0];taint",
";NSString;true;completePath(into:caseSensitive:matchesInto:filterTypes:);;;Argument[-1];Argument[2];taint",
";NSString;true;completePath(into:caseSensitive:matchesInto:filterTypes:);;;Argument[-1];Argument[0].CollectionElement;taint",
";NSString;true;completePath(into:caseSensitive:matchesInto:filterTypes:);;;Argument[-1];Argument[2].CollectionElement.CollectionElement;taint",
";NSString;true;getFileSystemRepresentation(_:maxLength:);;;Argument[-1];Argument[0];taint",
";NSString;true;appendingPathComponent(_:);;;Argument[-1..0];ReturnValue;taint",
";NSString;true;appendingPathComponent(_:conformingTo:);;;Argument[-1..0];ReturnValue;taint",

23
swift/ql/lib/codeql/swift/frameworks/StandardLibrary/NsUrl.qll
View File

@@ -3,13 +3,34 @@
*/
import swift
private import codeql.swift.dataflow.DataFlow
private import codeql.swift.dataflow.ExternalFlow
private import codeql.swift.dataflow.FlowSteps
/**
* A content implying that, if an `NSURL` is tainted, then all its fields are tainted.
*/
private class NSUrlFieldsInheritTaint extends TaintInheritingContent,
DataFlow::Content::FieldContent
{
NSUrlFieldsInheritTaint() {
this.getField().getEnclosingDecl().asNominalTypeDecl().getFullName() = "NSURL"
}
}
/**
* A model for `NSURL` members that permit taint flow.
*/
private class NsUrlSummaries extends SummaryModelCsv {
override predicate row(string row) {
row = ";NSURL;true;init(string:);(String);;Argument[0];ReturnValue.OptionalSome;taint"
row =
[
";NSURL;true;init(string:);(String);;Argument[0];ReturnValue.OptionalSome;taint",
";NSURL;true;appendingPathComponent(_:);;;Argument[-1..0];ReturnValue;taint",
";NSURL;true;appendingPathComponent(_:isDirectory:);;;Argument[-1..0];ReturnValue;taint",
";NSURL;true;appendingPathComponent(_:conformingTo:);;;Argument[-1..0];ReturnValue;taint",
";NSURL;true;appendingPathExtension(_:);;;Argument[-1..0];ReturnValue;taint",
";NSURL;true;appendingPathExtension(for:);;;Argument[-1];ReturnValue;taint",
]
}
}

4
swift/ql/lib/codeql/swift/frameworks/StandardLibrary/String.qll
View File

@@ -45,8 +45,8 @@ private class StringSummaries extends SummaryModelCsv {
";StringProtocol;true;applyingTransform(_:reverse:);;;Argument[-1];ReturnValue;taint",
";StringProtocol;true;cString(using:);;;Argument[-1];ReturnValue;taint",
";StringProtocol;true;capitalized(with:);;;Argument[-1];ReturnValue;taint",
";StringProtocol;true;completePath(into:caseSensitive:matchesInto:filterTypes:);;;Argument[-1];Argument[0].OptionalSome.CollectionElement;taint",
";StringProtocol;true;completePath(into:caseSensitive:matchesInto:filterTypes:);;;Argument[-1];Argument[2].OptionalSome.CollectionElement.CollectionElement;taint",
";StringProtocol;true;completePath(into:caseSensitive:matchesInto:filterTypes:);;;Argument[-1];Argument[0].CollectionElement;taint",
";StringProtocol;true;completePath(into:caseSensitive:matchesInto:filterTypes:);;;Argument[-1];Argument[2].CollectionElement.CollectionElement;taint",
";StringProtocol;true;components(separatedBy:);;;Argument[-1];ReturnValue;taint",
";StringProtocol;true;data(using:allowLossyConversion:);;;Argument[-1];ReturnValue;taint",
";StringProtocol;true;folding(options:locale:);;;Argument[-1];ReturnValue;taint",

7
swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Url.qll
View File

@@ -15,8 +15,8 @@ class UrlDecl extends StructDecl {
/**
* A content implying that, if a `URL` is tainted, then all its fields are tainted.
*/
private class UriFieldsInheritTaint extends TaintInheritingContent, DataFlow::Content::FieldContent {
UriFieldsInheritTaint() {
private class UrlFieldsInheritTaint extends TaintInheritingContent, DataFlow::Content::FieldContent {
UrlFieldsInheritTaint() {
this.getField().getEnclosingDecl().asNominalTypeDecl() instanceof UrlDecl
}
}
@@ -106,6 +106,8 @@ private class UrlSummaries extends SummaryModelCsv {
";URL;true;init(dataRepresentation:relativeTo:isAbsolute:);;;Argument[0];ReturnValue;taint",
";URL;true;init(dataRepresentation:relativeTo:isAbsolute:);;;Argument[1].OptionalSome;ReturnValue;taint",
";URL;true;init(_:strategy:);;;Argument[0];ReturnValue;taint",
";URL;true;init(filePath:);;;Argument[0];ReturnValue.OptionalSome;taint",
";URL;true;init(filePath:isDirectory:);;;Argument[0];ReturnValue.OptionalSome;taint",
";URL;true;init(filePath:directoryHint:);;;Argument[0];ReturnValue.OptionalSome;taint",
";URL;true;init(filePath:directoryHint:relativeTo:);;;Argument[0];ReturnValue;taint",
";URL;true;init(filePath:directoryHint:relativeTo:);;;Argument[2].OptionalSome;ReturnValue;taint",
@@ -126,6 +128,7 @@ private class UrlSummaries extends SummaryModelCsv {
";URL;true;appendingPathComponent(_:conformingTo:);;;Argument[-1..0];ReturnValue;taint",
";URL;true;appendPathExtension(_:);;;Argument[-1..0];Argument[-1];taint",
";URL;true;appendingPathExtension(_:);;;Argument[-1..0];ReturnValue;taint",
";URL;true;appendingPathExtension(for:);;;Argument[-1];ReturnValue;taint",
";URL;true;deletingLastPathComponent();;;Argument[-1];ReturnValue;taint",
";URL;true;deletingPathExtension();;;Argument[-1];ReturnValue;taint",
";URL;true;bookmarkData(options:includingResourceValuesForKeys:relativeTo:);;;Argument[-1];ReturnValue;taint",

149
swift/ql/lib/codeql/swift/generated/ParentChild.qll generated
View File

@@ -1697,6 +1697,44 @@ private module Impl {
)
}
private Element getImmediateChildOfPackElementExpr(
PackElementExpr e, int index, string partialPredicateCall
) {
exists(int b, int bExpr, int n, int nSubExpr |
b = 0 and
bExpr = b + 1 + max(int i | i = -1 or exists(getImmediateChildOfExpr(e, i, _)) | i) and
n = bExpr and
nSubExpr = n + 1 and
(
none()
or
result = getImmediateChildOfExpr(e, index - b, partialPredicateCall)
or
index = n and result = e.getImmediateSubExpr() and partialPredicateCall = "SubExpr()"
)
)
}
private Element getImmediateChildOfPackExpansionExpr(
PackExpansionExpr e, int index, string partialPredicateCall
) {
exists(int b, int bExpr, int n, int nPatternExpr |
b = 0 and
bExpr = b + 1 + max(int i | i = -1 or exists(getImmediateChildOfExpr(e, i, _)) | i) and
n = bExpr and
nPatternExpr = n + 1 and
(
none()
or
result = getImmediateChildOfExpr(e, index - b, partialPredicateCall)
or
index = n and
result = e.getImmediatePatternExpr() and
partialPredicateCall = "PatternExpr()"
)
)
}
private Element getImmediateChildOfPropertyWrapperValuePlaceholderExpr(
PropertyWrapperValuePlaceholderExpr e, int index, string partialPredicateCall
) {
@@ -4041,6 +4079,49 @@ private module Impl {
)
}
private Element getImmediateChildOfPackElementType(
PackElementType e, int index, string partialPredicateCall
) {
exists(int b, int bType, int n |
b = 0 and
bType = b + 1 + max(int i | i = -1 or exists(getImmediateChildOfType(e, i, _)) | i) and
n = bType and
(
none()
or
result = getImmediateChildOfType(e, index - b, partialPredicateCall)
)
)
}
private Element getImmediateChildOfPackExpansionType(
PackExpansionType e, int index, string partialPredicateCall
) {
exists(int b, int bType, int n |
b = 0 and
bType = b + 1 + max(int i | i = -1 or exists(getImmediateChildOfType(e, i, _)) | i) and
n = bType and
(
none()
or
result = getImmediateChildOfType(e, index - b, partialPredicateCall)
)
)
}
private Element getImmediateChildOfPackType(PackType e, int index, string partialPredicateCall) {
exists(int b, int bType, int n |
b = 0 and
bType = b + 1 + max(int i | i = -1 or exists(getImmediateChildOfType(e, i, _)) | i) and
n = bType and
(
none()
or
result = getImmediateChildOfType(e, index - b, partialPredicateCall)
)
)
}
private Element getImmediateChildOfParameterizedProtocolType(
ParameterizedProtocolType e, int index, string partialPredicateCall
) {
@@ -4611,6 +4692,22 @@ private module Impl {
)
}
private Element getImmediateChildOfLocalArchetypeType(
LocalArchetypeType e, int index, string partialPredicateCall
) {
exists(int b, int bArchetypeType, int n |
b = 0 and
bArchetypeType =
b + 1 + max(int i | i = -1 or exists(getImmediateChildOfArchetypeType(e, i, _)) | i) and
n = bArchetypeType and
(
none()
or
result = getImmediateChildOfArchetypeType(e, index - b, partialPredicateCall)
)
)
}
private Element getImmediateChildOfNominalType(
NominalType e, int index, string partialPredicateCall
) {
@@ -4649,8 +4746,8 @@ private module Impl {
)
}
private Element getImmediateChildOfOpenedArchetypeType(
OpenedArchetypeType e, int index, string partialPredicateCall
private Element getImmediateChildOfPackArchetypeType(
PackArchetypeType e, int index, string partialPredicateCall
) {
exists(int b, int bArchetypeType, int n |
b = 0 and
@@ -4775,6 +4872,22 @@ private module Impl {
)
}
private Element getImmediateChildOfElementArchetypeType(
ElementArchetypeType e, int index, string partialPredicateCall
) {
exists(int b, int bLocalArchetypeType, int n |
b = 0 and
bLocalArchetypeType =
b + 1 + max(int i | i = -1 or exists(getImmediateChildOfLocalArchetypeType(e, i, _)) | i) and
n = bLocalArchetypeType and
(
none()
or
result = getImmediateChildOfLocalArchetypeType(e, index - b, partialPredicateCall)
)
)
}
private Element getImmediateChildOfEnumType(EnumType e, int index, string partialPredicateCall) {
exists(int b, int bNominalType, int n |
b = 0 and
@@ -4789,6 +4902,22 @@ private module Impl {
)
}
private Element getImmediateChildOfOpenedArchetypeType(
OpenedArchetypeType e, int index, string partialPredicateCall
) {
exists(int b, int bLocalArchetypeType, int n |
b = 0 and
bLocalArchetypeType =
b + 1 + max(int i | i = -1 or exists(getImmediateChildOfLocalArchetypeType(e, i, _)) | i) and
n = bLocalArchetypeType and
(
none()
or
result = getImmediateChildOfLocalArchetypeType(e, index - b, partialPredicateCall)
)
)
}
private Element getImmediateChildOfOptionalType(
OptionalType e, int index, string partialPredicateCall
) {
@@ -4993,6 +5122,10 @@ private module Impl {
or
result = getImmediateChildOfOverloadedDeclRefExpr(e, index, partialAccessor)
or
result = getImmediateChildOfPackElementExpr(e, index, partialAccessor)
or
result = getImmediateChildOfPackExpansionExpr(e, index, partialAccessor)
or
result = getImmediateChildOfPropertyWrapperValuePlaceholderExpr(e, index, partialAccessor)
or
result = getImmediateChildOfRebindSelfInInitializerExpr(e, index, partialAccessor)
@@ -5239,6 +5372,12 @@ private module Impl {
or
result = getImmediateChildOfModuleType(e, index, partialAccessor)
or
result = getImmediateChildOfPackElementType(e, index, partialAccessor)
or
result = getImmediateChildOfPackExpansionType(e, index, partialAccessor)
or
result = getImmediateChildOfPackType(e, index, partialAccessor)
or
result = getImmediateChildOfParameterizedProtocolType(e, index, partialAccessor)
or
result = getImmediateChildOfProtocolCompositionType(e, index, partialAccessor)
@@ -5297,7 +5436,7 @@ private module Impl {
or
result = getImmediateChildOfOpaqueTypeArchetypeType(e, index, partialAccessor)
or
result = getImmediateChildOfOpenedArchetypeType(e, index, partialAccessor)
result = getImmediateChildOfPackArchetypeType(e, index, partialAccessor)
or
result = getImmediateChildOfPrimaryArchetypeType(e, index, partialAccessor)
or
@@ -5311,8 +5450,12 @@ private module Impl {
or
result = getImmediateChildOfClassType(e, index, partialAccessor)
or
result = getImmediateChildOfElementArchetypeType(e, index, partialAccessor)
or
result = getImmediateChildOfEnumType(e, index, partialAccessor)
or
result = getImmediateChildOfOpenedArchetypeType(e, index, partialAccessor)
or
result = getImmediateChildOfOptionalType(e, index, partialAccessor)
or
result = getImmediateChildOfProtocolType(e, index, partialAccessor)

124
swift/ql/lib/codeql/swift/generated/Raw.qll generated
View File

@@ -1523,6 +1523,52 @@ module Raw {
}
}
/**
* INTERNAL: Do not use.
* A pack element expression is a child of PackExpansionExpr.
*
* In the following example, `each t` on the second line is the pack element expression:
* ```
* func makeTuple<each T>(_ t: repeat each T) -> (repeat each T) {
* return (repeat each t)
* }
* ```
*
* More details:
* https://github.com/apple/swift-evolution/blob/main/proposals/0393-parameter-packs.md
*/
class PackElementExpr extends @pack_element_expr, Expr {
override string toString() { result = "PackElementExpr" }
/**
* Gets the sub expression of this pack element expression.
*/
Expr getSubExpr() { pack_element_exprs(this, result) }
}
/**
* INTERNAL: Do not use.
* A pack expansion expression.
*
* In the following example, `repeat each t` on the second line is the pack expansion expression:
* ```
* func makeTuple<each T>(_ t: repeat each T) -> (repeat each T) {
* return (repeat each t)
* }
* ```
*
* More details:
* https://github.com/apple/swift-evolution/blob/main/proposals/0393-parameter-packs.md
*/
class PackExpansionExpr extends @pack_expansion_expr, Expr {
override string toString() { result = "PackExpansionExpr" }
/**
* Gets the pattern expression of this pack expansion expression.
*/
Expr getPatternExpr() { pack_expansion_exprs(this, result) }
}
/**
* INTERNAL: Do not use.
* A placeholder substituting property initializations with `=` when the property has a property
@@ -3066,6 +3112,59 @@ module Raw {
ModuleDecl getModule() { module_types(this, result) }
}
/**
* INTERNAL: Do not use.
* A type of PackElementExpr, see PackElementExpr for more information.
*/
class PackElementType extends @pack_element_type, Type {
override string toString() { result = "PackElementType" }
/**
* Gets the pack type of this pack element type.
*/
Type getPackType() { pack_element_types(this, result) }
}
/**
* INTERNAL: Do not use.
* A type of PackExpansionExpr, see PackExpansionExpr for more information.
*/
class PackExpansionType extends @pack_expansion_type, Type {
override string toString() { result = "PackExpansionType" }
/**
* Gets the pattern type of this pack expansion type.
*/
Type getPatternType() { pack_expansion_types(this, result, _) }
/**
* Gets the count type of this pack expansion type.
*/
Type getCountType() { pack_expansion_types(this, _, result) }
}
/**
* INTERNAL: Do not use.
* An actual type of a pack expression at the instatiation point.
*
* In the following example, PackType will appear around `makeTuple` call site as `Pack{String, Int}`:
* ```
* func makeTuple<each T>(_ t: repeat each T) -> (repeat each T) { ... }
* makeTuple("A", 2)
* ```
*
* More details:
* https://github.com/apple/swift-evolution/blob/main/proposals/0393-parameter-packs.md
*/
class PackType extends @pack_type, Type {
override string toString() { result = "PackType" }
/**
* Gets the `index`th element of this pack type (0-based).
*/
Type getElement(int index) { pack_type_elements(this, index, result) }
}
/**
* INTERNAL: Do not use.
* A sugar type of the form `P<X>` with `P` a protocol.
@@ -3390,6 +3489,11 @@ module Raw {
Type getValueType() { dictionary_types(this, _, result) }
}
/**
* INTERNAL: Do not use.
*/
class LocalArchetypeType extends @local_archetype_type, ArchetypeType { }
/**
* INTERNAL: Do not use.
*/
@@ -3412,9 +3516,10 @@ module Raw {
/**
* INTERNAL: Do not use.
* An archetype type of PackType.
*/
class OpenedArchetypeType extends @opened_archetype_type, ArchetypeType {
override string toString() { result = "OpenedArchetypeType" }
class PackArchetypeType extends @pack_archetype_type, ArchetypeType {
override string toString() { result = "PackArchetypeType" }
}
/**
@@ -3469,6 +3574,14 @@ module Raw {
override string toString() { result = "ClassType" }
}
/**
* INTERNAL: Do not use.
* An archetype type of PackElementType.
*/
class ElementArchetypeType extends @element_archetype_type, LocalArchetypeType {
override string toString() { result = "ElementArchetypeType" }
}
/**
* INTERNAL: Do not use.
*/
@@ -3476,6 +3589,13 @@ module Raw {
override string toString() { result = "EnumType" }
}
/**
* INTERNAL: Do not use.
*/
class OpenedArchetypeType extends @opened_archetype_type, LocalArchetypeType {
override string toString() { result = "OpenedArchetypeType" }
}
/**
* INTERNAL: Do not use.
*/

216
swift/ql/lib/codeql/swift/generated/Synth.qll generated
View File

@@ -537,6 +537,14 @@ module Synth {
* INTERNAL: Do not use.
*/
TOverloadedDeclRefExpr(Raw::OverloadedDeclRefExpr id) { constructOverloadedDeclRefExpr(id) } or
/**
* INTERNAL: Do not use.
*/
TPackElementExpr(Raw::PackElementExpr id) { constructPackElementExpr(id) } or
/**
* INTERNAL: Do not use.
*/
TPackExpansionExpr(Raw::PackExpansionExpr id) { constructPackExpansionExpr(id) } or
/**
* INTERNAL: Do not use.
*/
@@ -891,6 +899,10 @@ module Synth {
* INTERNAL: Do not use.
*/
TDynamicSelfType(Raw::DynamicSelfType id) { constructDynamicSelfType(id) } or
/**
* INTERNAL: Do not use.
*/
TElementArchetypeType(Raw::ElementArchetypeType id) { constructElementArchetypeType(id) } or
/**
* INTERNAL: Do not use.
*/
@@ -951,6 +963,22 @@ module Synth {
* INTERNAL: Do not use.
*/
TOptionalType(Raw::OptionalType id) { constructOptionalType(id) } or
/**
* INTERNAL: Do not use.
*/
TPackArchetypeType(Raw::PackArchetypeType id) { constructPackArchetypeType(id) } or
/**
* INTERNAL: Do not use.
*/
TPackElementType(Raw::PackElementType id) { constructPackElementType(id) } or
/**
* INTERNAL: Do not use.
*/
TPackExpansionType(Raw::PackExpansionType id) { constructPackExpansionType(id) } or
/**
* INTERNAL: Do not use.
*/
TPackType(Raw::PackType id) { constructPackType(id) } or
/**
* INTERNAL: Do not use.
*/
@@ -1174,11 +1202,12 @@ module Synth {
TKeyPathApplicationExpr or TKeyPathDotExpr or TKeyPathExpr or TLazyInitializationExpr or
TLiteralExpr or TLookupExpr or TMakeTemporarilyEscapableExpr or TObjCSelectorExpr or
TOneWayExpr or TOpaqueValueExpr or TOpenExistentialExpr or TOptionalEvaluationExpr or
TOtherInitializerRefExpr or TOverloadedDeclRefExpr or
TPropertyWrapperValuePlaceholderExpr or TRebindSelfInInitializerExpr or TSequenceExpr or
TSingleValueStmtExpr or TSuperRefExpr or TTapExpr or TTupleElementExpr or TTupleExpr or
TTypeExpr or TUnresolvedDeclRefExpr or TUnresolvedDotExpr or TUnresolvedMemberExpr or
TUnresolvedPatternExpr or TUnresolvedSpecializeExpr or TVarargExpansionExpr;
TOtherInitializerRefExpr or TOverloadedDeclRefExpr or TPackElementExpr or
TPackExpansionExpr or TPropertyWrapperValuePlaceholderExpr or
TRebindSelfInInitializerExpr or TSequenceExpr or TSingleValueStmtExpr or TSuperRefExpr or
TTapExpr or TTupleElementExpr or TTupleExpr or TTypeExpr or TUnresolvedDeclRefExpr or
TUnresolvedDotExpr or TUnresolvedMemberExpr or TUnresolvedPatternExpr or
TUnresolvedSpecializeExpr or TVarargExpansionExpr;
/**
* INTERNAL: Do not use.
@@ -1276,7 +1305,8 @@ module Synth {
/**
* INTERNAL: Do not use.
*/
class TArchetypeType = TOpaqueTypeArchetypeType or TOpenedArchetypeType or TPrimaryArchetypeType;
class TArchetypeType =
TLocalArchetypeType or TOpaqueTypeArchetypeType or TPackArchetypeType or TPrimaryArchetypeType;
/**
* INTERNAL: Do not use.
@@ -1293,6 +1323,11 @@ module Synth {
TBuiltinRawPointerType or TBuiltinRawUnsafeContinuationType or
TBuiltinUnsafeValueBufferType or TBuiltinVectorType;
/**
* INTERNAL: Do not use.
*/
class TLocalArchetypeType = TElementArchetypeType or TOpenedArchetypeType;
/**
* INTERNAL: Do not use.
*/
@@ -1329,8 +1364,9 @@ module Synth {
class TType =
TAnyFunctionType or TAnyGenericType or TAnyMetatypeType or TBuiltinType or
TDependentMemberType or TDynamicSelfType or TErrorType or TExistentialType or TInOutType or
TLValueType or TModuleType or TParameterizedProtocolType or TProtocolCompositionType or
TReferenceStorageType or TSubstitutableType or TSugarType or TTupleType or TUnresolvedType;
TLValueType or TModuleType or TPackElementType or TPackExpansionType or TPackType or
TParameterizedProtocolType or TProtocolCompositionType or TReferenceStorageType or
TSubstitutableType or TSugarType or TTupleType or TUnresolvedType;
/**
* INTERNAL: Do not use.
@@ -2304,6 +2340,22 @@ module Synth {
result = TOverloadedDeclRefExpr(e)
}
/**
* INTERNAL: Do not use.
* Converts a raw element to a synthesized `TPackElementExpr`, if possible.
*/
cached
TPackElementExpr convertPackElementExprFromRaw(Raw::Element e) { result = TPackElementExpr(e) }
/**
* INTERNAL: Do not use.
* Converts a raw element to a synthesized `TPackExpansionExpr`, if possible.
*/
cached
TPackExpansionExpr convertPackExpansionExprFromRaw(Raw::Element e) {
result = TPackExpansionExpr(e)
}
/**
* INTERNAL: Do not use.
* Converts a raw element to a synthesized `TParenExpr`, if possible.
@@ -2946,6 +2998,15 @@ module Synth {
cached
TDynamicSelfType convertDynamicSelfTypeFromRaw(Raw::Element e) { result = TDynamicSelfType(e) }
/**
* INTERNAL: Do not use.
* Converts a raw element to a synthesized `TElementArchetypeType`, if possible.
*/
cached
TElementArchetypeType convertElementArchetypeTypeFromRaw(Raw::Element e) {
result = TElementArchetypeType(e)
}
/**
* INTERNAL: Do not use.
* Converts a raw element to a synthesized `TEnumType`, if possible.
@@ -3054,6 +3115,38 @@ module Synth {
cached
TOptionalType convertOptionalTypeFromRaw(Raw::Element e) { result = TOptionalType(e) }
/**
* INTERNAL: Do not use.
* Converts a raw element to a synthesized `TPackArchetypeType`, if possible.
*/
cached
TPackArchetypeType convertPackArchetypeTypeFromRaw(Raw::Element e) {
result = TPackArchetypeType(e)
}
/**
* INTERNAL: Do not use.
* Converts a raw element to a synthesized `TPackElementType`, if possible.
*/
cached
TPackElementType convertPackElementTypeFromRaw(Raw::Element e) { result = TPackElementType(e) }
/**
* INTERNAL: Do not use.
* Converts a raw element to a synthesized `TPackExpansionType`, if possible.
*/
cached
TPackExpansionType convertPackExpansionTypeFromRaw(Raw::Element e) {
result = TPackExpansionType(e)
}
/**
* INTERNAL: Do not use.
* Converts a raw element to a synthesized `TPackType`, if possible.
*/
cached
TPackType convertPackTypeFromRaw(Raw::Element e) { result = TPackType(e) }
/**
* INTERNAL: Do not use.
* Converts a raw element to a synthesized `TParameterizedProtocolType`, if possible.
@@ -3663,6 +3756,10 @@ module Synth {
or
result = convertOverloadedDeclRefExprFromRaw(e)
or
result = convertPackElementExprFromRaw(e)
or
result = convertPackExpansionExprFromRaw(e)
or
result = convertPropertyWrapperValuePlaceholderExprFromRaw(e)
or
result = convertRebindSelfInInitializerExprFromRaw(e)
@@ -3976,9 +4073,11 @@ module Synth {
*/
cached
TArchetypeType convertArchetypeTypeFromRaw(Raw::Element e) {
result = convertLocalArchetypeTypeFromRaw(e)
or
result = convertOpaqueTypeArchetypeTypeFromRaw(e)
or
result = convertOpenedArchetypeTypeFromRaw(e)
result = convertPackArchetypeTypeFromRaw(e)
or
result = convertPrimaryArchetypeTypeFromRaw(e)
}
@@ -4025,6 +4124,17 @@ module Synth {
result = convertBuiltinVectorTypeFromRaw(e)
}
/**
* INTERNAL: Do not use.
* Converts a raw DB element to a synthesized `TLocalArchetypeType`, if possible.
*/
cached
TLocalArchetypeType convertLocalArchetypeTypeFromRaw(Raw::Element e) {
result = convertElementArchetypeTypeFromRaw(e)
or
result = convertOpenedArchetypeTypeFromRaw(e)
}
/**
* INTERNAL: Do not use.
* Converts a raw DB element to a synthesized `TNominalOrBoundGenericNominalType`, if possible.
@@ -4127,6 +4237,12 @@ module Synth {
or
result = convertModuleTypeFromRaw(e)
or
result = convertPackElementTypeFromRaw(e)
or
result = convertPackExpansionTypeFromRaw(e)
or
result = convertPackTypeFromRaw(e)
or
result = convertParameterizedProtocolTypeFromRaw(e)
or
result = convertProtocolCompositionTypeFromRaw(e)
@@ -5120,6 +5236,22 @@ module Synth {
e = TOverloadedDeclRefExpr(result)
}
/**
* INTERNAL: Do not use.
* Converts a synthesized `TPackElementExpr` to a raw DB element, if possible.
*/
cached
Raw::Element convertPackElementExprToRaw(TPackElementExpr e) { e = TPackElementExpr(result) }
/**
* INTERNAL: Do not use.
* Converts a synthesized `TPackExpansionExpr` to a raw DB element, if possible.
*/
cached
Raw::Element convertPackExpansionExprToRaw(TPackExpansionExpr e) {
e = TPackExpansionExpr(result)
}
/**
* INTERNAL: Do not use.
* Converts a synthesized `TParenExpr` to a raw DB element, if possible.
@@ -5762,6 +5894,15 @@ module Synth {
cached
Raw::Element convertDynamicSelfTypeToRaw(TDynamicSelfType e) { e = TDynamicSelfType(result) }
/**
* INTERNAL: Do not use.
* Converts a synthesized `TElementArchetypeType` to a raw DB element, if possible.
*/
cached
Raw::Element convertElementArchetypeTypeToRaw(TElementArchetypeType e) {
e = TElementArchetypeType(result)
}
/**
* INTERNAL: Do not use.
* Converts a synthesized `TEnumType` to a raw DB element, if possible.
@@ -5870,6 +6011,38 @@ module Synth {
cached
Raw::Element convertOptionalTypeToRaw(TOptionalType e) { e = TOptionalType(result) }
/**
* INTERNAL: Do not use.
* Converts a synthesized `TPackArchetypeType` to a raw DB element, if possible.
*/
cached
Raw::Element convertPackArchetypeTypeToRaw(TPackArchetypeType e) {
e = TPackArchetypeType(result)
}
/**
* INTERNAL: Do not use.
* Converts a synthesized `TPackElementType` to a raw DB element, if possible.
*/
cached
Raw::Element convertPackElementTypeToRaw(TPackElementType e) { e = TPackElementType(result) }
/**
* INTERNAL: Do not use.
* Converts a synthesized `TPackExpansionType` to a raw DB element, if possible.
*/
cached
Raw::Element convertPackExpansionTypeToRaw(TPackExpansionType e) {
e = TPackExpansionType(result)
}
/**
* INTERNAL: Do not use.
* Converts a synthesized `TPackType` to a raw DB element, if possible.
*/
cached
Raw::Element convertPackTypeToRaw(TPackType e) { e = TPackType(result) }
/**
* INTERNAL: Do not use.
* Converts a synthesized `TParameterizedProtocolType` to a raw DB element, if possible.
@@ -6479,6 +6652,10 @@ module Synth {
or
result = convertOverloadedDeclRefExprToRaw(e)
or
result = convertPackElementExprToRaw(e)
or
result = convertPackExpansionExprToRaw(e)
or
result = convertPropertyWrapperValuePlaceholderExprToRaw(e)
or
result = convertRebindSelfInInitializerExprToRaw(e)
@@ -6792,9 +6969,11 @@ module Synth {
*/
cached
Raw::Element convertArchetypeTypeToRaw(TArchetypeType e) {
result = convertLocalArchetypeTypeToRaw(e)
or
result = convertOpaqueTypeArchetypeTypeToRaw(e)
or
result = convertOpenedArchetypeTypeToRaw(e)
result = convertPackArchetypeTypeToRaw(e)
or
result = convertPrimaryArchetypeTypeToRaw(e)
}
@@ -6841,6 +7020,17 @@ module Synth {
result = convertBuiltinVectorTypeToRaw(e)
}
/**
* INTERNAL: Do not use.
* Converts a synthesized `TLocalArchetypeType` to a raw DB element, if possible.
*/
cached
Raw::Element convertLocalArchetypeTypeToRaw(TLocalArchetypeType e) {
result = convertElementArchetypeTypeToRaw(e)
or
result = convertOpenedArchetypeTypeToRaw(e)
}
/**
* INTERNAL: Do not use.
* Converts a synthesized `TNominalOrBoundGenericNominalType` to a raw DB element, if possible.
@@ -6943,6 +7133,12 @@ module Synth {
or
result = convertModuleTypeToRaw(e)
or
result = convertPackElementTypeToRaw(e)
or
result = convertPackExpansionTypeToRaw(e)
or
result = convertPackTypeToRaw(e)
or
result = convertParameterizedProtocolTypeToRaw(e)
or
result = convertProtocolCompositionTypeToRaw(e)

7
swift/ql/lib/codeql/swift/generated/SynthConstructors.qll generated
View File

@@ -122,6 +122,8 @@ import codeql.swift.elements.expr.OptionalEvaluationExprConstructor
import codeql.swift.elements.expr.OptionalTryExprConstructor
import codeql.swift.elements.expr.OtherInitializerRefExprConstructor
import codeql.swift.elements.expr.OverloadedDeclRefExprConstructor
import codeql.swift.elements.expr.PackElementExprConstructor
import codeql.swift.elements.expr.PackExpansionExprConstructor
import codeql.swift.elements.expr.ParenExprConstructor
import codeql.swift.elements.expr.PointerToPointerExprConstructor
import codeql.swift.elements.expr.PostfixUnaryExprConstructor
@@ -204,6 +206,7 @@ import codeql.swift.elements.type.ClassTypeConstructor
import codeql.swift.elements.type.DependentMemberTypeConstructor
import codeql.swift.elements.type.DictionaryTypeConstructor
import codeql.swift.elements.type.DynamicSelfTypeConstructor
import codeql.swift.elements.type.ElementArchetypeTypeConstructor
import codeql.swift.elements.type.EnumTypeConstructor
import codeql.swift.elements.type.ErrorTypeConstructor
import codeql.swift.elements.type.ExistentialMetatypeTypeConstructor
@@ -218,6 +221,10 @@ import codeql.swift.elements.type.ModuleTypeConstructor
import codeql.swift.elements.type.OpaqueTypeArchetypeTypeConstructor
import codeql.swift.elements.type.OpenedArchetypeTypeConstructor
import codeql.swift.elements.type.OptionalTypeConstructor
import codeql.swift.elements.type.PackArchetypeTypeConstructor
import codeql.swift.elements.type.PackElementTypeConstructor
import codeql.swift.elements.type.PackExpansionTypeConstructor
import codeql.swift.elements.type.PackTypeConstructor
import codeql.swift.elements.type.ParameterizedProtocolTypeConstructor
import codeql.swift.elements.type.ParenTypeConstructor
import codeql.swift.elements.type.PrimaryArchetypeTypeConstructor

53
swift/ql/lib/codeql/swift/generated/expr/PackElementExpr.qll generated Normal file
View File

@@ -0,0 +1,53 @@
// generated by codegen/codegen.py
/**
* This module provides the generated definition of `PackElementExpr`.
* INTERNAL: Do not import directly.
*/
private import codeql.swift.generated.Synth
private import codeql.swift.generated.Raw
import codeql.swift.elements.expr.Expr
module Generated {
/**
* A pack element expression is a child of PackExpansionExpr.
*
* In the following example, `each t` on the second line is the pack element expression:
* ```
* func makeTuple<each T>(_ t: repeat each T) -> (repeat each T) {
* return (repeat each t)
* }
* ```
*
* More details:
* https://github.com/apple/swift-evolution/blob/main/proposals/0393-parameter-packs.md
* INTERNAL: Do not reference the `Generated::PackElementExpr` class directly.
* Use the subclass `PackElementExpr`, where the following predicates are available.
*/
class PackElementExpr extends Synth::TPackElementExpr, Expr {
override string getAPrimaryQlClass() { result = "PackElementExpr" }
/**
* Gets the sub expression of this pack element expression.
*
* This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the
* behavior of both the `Immediate` and non-`Immediate` versions.
*/
Expr getImmediateSubExpr() {
result =
Synth::convertExprFromRaw(Synth::convertPackElementExprToRaw(this)
.(Raw::PackElementExpr)
.getSubExpr())
}
/**
* Gets the sub expression of this pack element expression.
*/
final Expr getSubExpr() {
exists(Expr immediate |
immediate = this.getImmediateSubExpr() and
if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve()
)
}
}
}

53
swift/ql/lib/codeql/swift/generated/expr/PackExpansionExpr.qll generated Normal file
View File

@@ -0,0 +1,53 @@
// generated by codegen/codegen.py
/**
* This module provides the generated definition of `PackExpansionExpr`.
* INTERNAL: Do not import directly.
*/
private import codeql.swift.generated.Synth
private import codeql.swift.generated.Raw
import codeql.swift.elements.expr.Expr
module Generated {
/**
* A pack expansion expression.
*
* In the following example, `repeat each t` on the second line is the pack expansion expression:
* ```
* func makeTuple<each T>(_ t: repeat each T) -> (repeat each T) {
* return (repeat each t)
* }
* ```
*
* More details:
* https://github.com/apple/swift-evolution/blob/main/proposals/0393-parameter-packs.md
* INTERNAL: Do not reference the `Generated::PackExpansionExpr` class directly.
* Use the subclass `PackExpansionExpr`, where the following predicates are available.
*/
class PackExpansionExpr extends Synth::TPackExpansionExpr, Expr {
override string getAPrimaryQlClass() { result = "PackExpansionExpr" }
/**
* Gets the pattern expression of this pack expansion expression.
*
* This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the
* behavior of both the `Immediate` and non-`Immediate` versions.
*/
Expr getImmediatePatternExpr() {
result =
Synth::convertExprFromRaw(Synth::convertPackExpansionExprToRaw(this)
.(Raw::PackExpansionExpr)
.getPatternExpr())
}
/**
* Gets the pattern expression of this pack expansion expression.
*/
final Expr getPatternExpr() {
exists(Expr immediate |
immediate = this.getImmediatePatternExpr() and
if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve()
)
}
}
}

20
swift/ql/lib/codeql/swift/generated/type/ElementArchetypeType.qll generated Normal file
View File

@@ -0,0 +1,20 @@
// generated by codegen/codegen.py
/**
* This module provides the generated definition of `ElementArchetypeType`.
* INTERNAL: Do not import directly.
*/
private import codeql.swift.generated.Synth
private import codeql.swift.generated.Raw
import codeql.swift.elements.type.LocalArchetypeType
module Generated {
/**
* An archetype type of PackElementType.
* INTERNAL: Do not reference the `Generated::ElementArchetypeType` class directly.
* Use the subclass `ElementArchetypeType`, where the following predicates are available.
*/
class ElementArchetypeType extends Synth::TElementArchetypeType, LocalArchetypeType {
override string getAPrimaryQlClass() { result = "ElementArchetypeType" }
}
}

17
swift/ql/lib/codeql/swift/generated/type/LocalArchetypeType.qll generated Normal file
View File

@@ -0,0 +1,17 @@
// generated by codegen/codegen.py
/**
* This module provides the generated definition of `LocalArchetypeType`.
* INTERNAL: Do not import directly.
*/
private import codeql.swift.generated.Synth
private import codeql.swift.generated.Raw
import codeql.swift.elements.type.ArchetypeType
module Generated {
/**
* INTERNAL: Do not reference the `Generated::LocalArchetypeType` class directly.
* Use the subclass `LocalArchetypeType`, where the following predicates are available.
*/
class LocalArchetypeType extends Synth::TLocalArchetypeType, ArchetypeType { }
}

4
swift/ql/lib/codeql/swift/generated/type/OpenedArchetypeType.qll generated
View File

@@ -6,14 +6,14 @@
private import codeql.swift.generated.Synth
private import codeql.swift.generated.Raw
import codeql.swift.elements.type.ArchetypeType
import codeql.swift.elements.type.LocalArchetypeType
module Generated {
/**
* INTERNAL: Do not reference the `Generated::OpenedArchetypeType` class directly.
* Use the subclass `OpenedArchetypeType`, where the following predicates are available.
*/
class OpenedArchetypeType extends Synth::TOpenedArchetypeType, ArchetypeType {
class OpenedArchetypeType extends Synth::TOpenedArchetypeType, LocalArchetypeType {
override string getAPrimaryQlClass() { result = "OpenedArchetypeType" }
}
}

20
swift/ql/lib/codeql/swift/generated/type/PackArchetypeType.qll generated Normal file
View File

@@ -0,0 +1,20 @@
// generated by codegen/codegen.py
/**
* This module provides the generated definition of `PackArchetypeType`.
* INTERNAL: Do not import directly.
*/
private import codeql.swift.generated.Synth
private import codeql.swift.generated.Raw
import codeql.swift.elements.type.ArchetypeType
module Generated {
/**
* An archetype type of PackType.
* INTERNAL: Do not reference the `Generated::PackArchetypeType` class directly.
* Use the subclass `PackArchetypeType`, where the following predicates are available.
*/
class PackArchetypeType extends Synth::TPackArchetypeType, ArchetypeType {
override string getAPrimaryQlClass() { result = "PackArchetypeType" }
}
}

43
swift/ql/lib/codeql/swift/generated/type/PackElementType.qll generated Normal file
View File

@@ -0,0 +1,43 @@
// generated by codegen/codegen.py
/**
* This module provides the generated definition of `PackElementType`.
* INTERNAL: Do not import directly.
*/
private import codeql.swift.generated.Synth
private import codeql.swift.generated.Raw
import codeql.swift.elements.type.Type
module Generated {
/**
* A type of PackElementExpr, see PackElementExpr for more information.
* INTERNAL: Do not reference the `Generated::PackElementType` class directly.
* Use the subclass `PackElementType`, where the following predicates are available.
*/
class PackElementType extends Synth::TPackElementType, Type {
override string getAPrimaryQlClass() { result = "PackElementType" }
/**
* Gets the pack type of this pack element type.
*
* This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the
* behavior of both the `Immediate` and non-`Immediate` versions.
*/
Type getImmediatePackType() {
result =
Synth::convertTypeFromRaw(Synth::convertPackElementTypeToRaw(this)
.(Raw::PackElementType)
.getPackType())
}
/**
* Gets the pack type of this pack element type.
*/
final Type getPackType() {
exists(Type immediate |
immediate = this.getImmediatePackType() and
if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve()
)
}
}
}

66
swift/ql/lib/codeql/swift/generated/type/PackExpansionType.qll generated Normal file
View File

@@ -0,0 +1,66 @@
// generated by codegen/codegen.py
/**
* This module provides the generated definition of `PackExpansionType`.
* INTERNAL: Do not import directly.
*/
private import codeql.swift.generated.Synth
private import codeql.swift.generated.Raw
import codeql.swift.elements.type.Type
module Generated {
/**
* A type of PackExpansionExpr, see PackExpansionExpr for more information.
* INTERNAL: Do not reference the `Generated::PackExpansionType` class directly.
* Use the subclass `PackExpansionType`, where the following predicates are available.
*/
class PackExpansionType extends Synth::TPackExpansionType, Type {
override string getAPrimaryQlClass() { result = "PackExpansionType" }
/**
* Gets the pattern type of this pack expansion type.
*
* This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the
* behavior of both the `Immediate` and non-`Immediate` versions.
*/
Type getImmediatePatternType() {
result =
Synth::convertTypeFromRaw(Synth::convertPackExpansionTypeToRaw(this)
.(Raw::PackExpansionType)
.getPatternType())
}
/**
* Gets the pattern type of this pack expansion type.
*/
final Type getPatternType() {
exists(Type immediate |
immediate = this.getImmediatePatternType() and
if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve()
)
}
/**
* Gets the count type of this pack expansion type.
*
* This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the
* behavior of both the `Immediate` and non-`Immediate` versions.
*/
Type getImmediateCountType() {
result =
Synth::convertTypeFromRaw(Synth::convertPackExpansionTypeToRaw(this)
.(Raw::PackExpansionType)
.getCountType())
}
/**
* Gets the count type of this pack expansion type.
*/
final Type getCountType() {
exists(Type immediate |
immediate = this.getImmediateCountType() and
if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve()
)
}
}
}

62
swift/ql/lib/codeql/swift/generated/type/PackType.qll generated Normal file
View File

@@ -0,0 +1,62 @@
// generated by codegen/codegen.py
/**
* This module provides the generated definition of `PackType`.
* INTERNAL: Do not import directly.
*/
private import codeql.swift.generated.Synth
private import codeql.swift.generated.Raw
import codeql.swift.elements.type.Type
module Generated {
/**
* An actual type of a pack expression at the instatiation point.
*
* In the following example, PackType will appear around `makeTuple` call site as `Pack{String, Int}`:
* ```
* func makeTuple<each T>(_ t: repeat each T) -> (repeat each T) { ... }
* makeTuple("A", 2)
* ```
*
* More details:
* https://github.com/apple/swift-evolution/blob/main/proposals/0393-parameter-packs.md
* INTERNAL: Do not reference the `Generated::PackType` class directly.
* Use the subclass `PackType`, where the following predicates are available.
*/
class PackType extends Synth::TPackType, Type {
override string getAPrimaryQlClass() { result = "PackType" }
/**
* Gets the `index`th element of this pack type (0-based).
*
* This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the
* behavior of both the `Immediate` and non-`Immediate` versions.
*/
Type getImmediateElement(int index) {
result =
Synth::convertTypeFromRaw(Synth::convertPackTypeToRaw(this)
.(Raw::PackType)
.getElement(index))
}
/**
* Gets the `index`th element of this pack type (0-based).
*/
final Type getElement(int index) {
exists(Type immediate |
immediate = this.getImmediateElement(index) and
if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve()
)
}
/**
* Gets any of the elements of this pack type.
*/
final Type getAnElement() { result = this.getElement(_) }
/**
* Gets the number of elements of this pack type.
*/
final int getNumberOfElements() { result = count(int i | exists(this.getElement(i))) }
}
}

45
swift/ql/lib/codeql/swift/security/PathInjectionExtensions.qll
View File

@@ -61,6 +61,41 @@ private class EnumConstructorPathInjectionSink extends PathInjectionSink {
}
}
/**
* A string that might be a label for a path argument.
*/
pragma[inline]
private predicate pathLikeHeuristic(string label) {
label =
[
"atFile", "atPath", "atDirectory", "toFile", "toPath", "toDirectory", "inFile", "inPath",
"inDirectory", "contentsOfFile", "contentsOfPath", "contentsOfDirectory", "filePath",
"directory", "directoryPath"
]
}
/**
* A path injection sink that is determined by imprecise methods.
*/
private class HeuristicPathInjectionSink extends PathInjectionSink {
HeuristicPathInjectionSink() {
// by parameter name
exists(CallExpr ce, int ix, ParamDecl pd |
pathLikeHeuristic(pragma[only_bind_into](pd.getName())) and
pd.getType().getUnderlyingType().getName() = ["String", "NSString"] and
pd = ce.getStaticTarget().getParam(ix) and
this.asExpr() = ce.getArgument(ix).getExpr()
)
or
// by argument name
exists(Argument a |
pathLikeHeuristic(pragma[only_bind_into](a.getLabel())) and
a.getExpr().getType().getUnderlyingType().getName() = ["String", "NSString"] and
this.asExpr() = a.getExpr()
)
}
}
private class DefaultPathInjectionBarrier extends PathInjectionBarrier {
DefaultPathInjectionBarrier() {
// This is a simplified implementation.
@@ -87,7 +122,14 @@ private class PathInjectionSinks extends SinkModelCsv {
override predicate row(string row) {
row =
[
";Data;true;init(contentsOf:options:);;;Argument[0];path-injection",
";Data;true;write(to:options:);;;Argument[0];path-injection",
";NSData;true;init(contentsOfFile:);;;Argument[0];path-injection",
";NSData;true;init(contentsOfFile:options:);;;Argument[0];path-injection",
";NSData;true;init(contentsOf:);;;Argument[0];path-injection",
";NSData;true;init(contentsOf:options:);;;Argument[0];path-injection",
";NSData;true;init(contentsOfMappedFile:);;;Argument[0];path-injection",
";NSData;true;dataWithContentsOfMappedFile(_:);;;Argument[0];path-injection",
";NSData;true;write(to:atomically:);;;Argument[0];path-injection",
";NSData;true;write(to:options:);;;Argument[0];path-injection",
";NSData;true;write(toFile:atomically:);;;Argument[0];path-injection",
@@ -118,12 +160,14 @@ private class PathInjectionSinks extends SinkModelCsv {
";FileManager;true;fileExists(atPath:);;;Argument[0];path-injection",
";FileManager;true;fileExists(atPath:isDirectory:);;;Argument[0];path-injection",
";FileManager;true;setAttributes(_:ofItemAtPath:);;;Argument[1];path-injection",
";FileManager;true;attributesOfItem(atPath:);;;Argument[0];path-injection",
";FileManager;true;contents(atPath:);;;Argument[0];path-injection",
";FileManager;true;contentsEqual(atPath:andPath:);;;Argument[0..1];path-injection",
";FileManager;true;changeCurrentDirectoryPath(_:);;;Argument[0];path-injection",
";FileManager;true;unmountVolume(at:options:completionHandler:);;;Argument[0];path-injection",
// Deprecated FileManager methods:
";FileManager;true;changeFileAttributes(_:atPath:);;;Argument[1];path-injection",
";FileManager;true;fileAttributes(atPath:traverseLink:);;;Argument[0];path-injection",
";FileManager;true;directoryContents(atPath:);;;Argument[0];path-injection",
";FileManager;true;createDirectory(atPath:attributes:);;;Argument[0];path-injection",
";FileManager;true;createSymbolicLink(atPath:pathContent:);;;Argument[0..1];path-injection",
@@ -146,6 +190,7 @@ private class PathInjectionSinks extends SinkModelCsv {
";ArchiveByteStream;true;withFileStream(path:mode:options:permissions:_:);;;Argument[0];path-injection",
";Bundle;true;init(url:);;;Argument[0];path-injection",
";Bundle;true;init(path:);;;Argument[0];path-injection",
";NSURL;writeBookmarkData(_:to:options:);;;Argument[1];path-injection",
// GRDB
";Database;true;init(path:description:configuration:);;;Argument[0];path-injection",
";DatabasePool;true;init(path:configuration:);;;Argument[0];path-injection",

59
swift/ql/lib/swift.dbscheme generated
View File

@@ -761,6 +761,8 @@ arguments( //dir=expr
| @optional_evaluation_expr
| @other_initializer_ref_expr
| @overloaded_decl_ref_expr
| @pack_element_expr
| @pack_expansion_expr
| @property_wrapper_value_placeholder_expr
| @rebind_self_in_initializer_expr
| @sequence_expr
@@ -1116,6 +1118,16 @@ overloaded_decl_ref_expr_possible_declarations( //dir=expr
int possible_declaration: @value_decl_or_none ref
);
pack_element_exprs( //dir=expr
unique int id: @pack_element_expr,
int sub_expr: @expr_or_none ref
);
pack_expansion_exprs( //dir=expr
unique int id: @pack_expansion_expr,
int pattern_expr: @expr_or_none ref
);
property_wrapper_value_placeholder_exprs( //dir=expr
unique int id: @property_wrapper_value_placeholder_expr,
int placeholder: @opaque_value_expr_or_none ref
@@ -2005,6 +2017,9 @@ while_stmts( //dir=stmt
| @in_out_type
| @l_value_type
| @module_type
| @pack_element_type
| @pack_expansion_type
| @pack_type
| @parameterized_protocol_type
| @protocol_composition_type
| @reference_storage_type
@@ -2125,6 +2140,28 @@ module_types( //dir=type
int module: @module_decl_or_none ref
);
pack_element_types( //dir=type
unique int id: @pack_element_type,
int pack_type: @type_or_none ref
);
pack_expansion_types( //dir=type
unique int id: @pack_expansion_type,
int pattern_type: @type_or_none ref,
int count_type: @type_or_none ref
);
pack_types( //dir=type
unique int id: @pack_type
);
#keyset[id, index]
pack_type_elements( //dir=type
int id: @pack_type ref,
int index: int ref,
int element: @type_or_none ref
);
parameterized_protocol_types( //dir=type
unique int id: @parameterized_protocol_type,
int base: @protocol_type_or_none ref
@@ -2199,8 +2236,9 @@ unresolved_types( //dir=type
;
@archetype_type =
@opaque_type_archetype_type
| @opened_archetype_type
@local_archetype_type
| @opaque_type_archetype_type
| @pack_archetype_type
| @primary_archetype_type
;
@@ -2359,6 +2397,11 @@ dictionary_types( //dir=type
int value_type: @type_or_none ref
);
@local_archetype_type =
@element_archetype_type
| @opened_archetype_type
;
@nominal_type =
@class_type
| @enum_type
@@ -2371,8 +2414,8 @@ opaque_type_archetype_types( //dir=type
int declaration: @opaque_type_decl_or_none ref
);
opened_archetype_types( //dir=type
unique int id: @opened_archetype_type
pack_archetype_types( //dir=type
unique int id: @pack_archetype_type
);
primary_archetype_types( //dir=type
@@ -2411,10 +2454,18 @@ class_types( //dir=type
unique int id: @class_type
);
element_archetype_types( //dir=type
unique int id: @element_archetype_type
);
enum_types( //dir=type
unique int id: @enum_type
);
opened_archetype_types( //dir=type
unique int id: @opened_archetype_type
);
optional_types( //dir=type
unique int id: @optional_type
);

Some files were not shown because too many files have changed in this diff Show More