hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #20327 from michaelnebel/go/ql4ql

Browse Source 
Go: Fix some Ql4Ql violations.
This commit is contained in:
Michael Nebel
2025-09-02 11:45:26 +02:00
committed by GitHub
parent 39d3741a91 55e5281429
commit 9a88e38d6f
3 changed files with 163 additions and 174 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
go/ql/lib/semmle/go/StringOps.qll
View File

@@ -306,11 +306,12 @@ module StringOps {
*/
class StringFormatCall extends DataFlow::CallNode {
string fmt;
Range f;
StringFormatCall() {
this = f.getACall() and
fmt = this.getArgument(f.getFormatStringIndex()).getStringValue() and
exists(Range f |
this = f.getACall() and
fmt = this.getArgument(f.getFormatStringIndex()).getStringValue()
) and
fmt.regexpMatch(getFormatComponentRegex() + "*")
}

4
go/ql/lib/semmle/go/dataflow/internal/DataFlowUtil.qll
View File

@@ -367,7 +367,7 @@ module BarrierGuard<guardChecksSig/3 guardChecks> {
}
/**
* Holds if `guard` marks a point in the control-flow graph where this node
* Holds if `guard` marks a point in the control-flow graph where `g`
* is known to validate `nd`, which is represented by `ap`.
*
* This predicate exists to enforce a good join order in `getAGuardedNode`.
@@ -378,7 +378,7 @@ module BarrierGuard<guardChecksSig/3 guardChecks> {
}
/**
* Holds if `guard` marks a point in the control-flow graph where this node
* Holds if `guard` marks a point in the control-flow graph where `g`
* is known to validate `nd`.
*/
private predicate guards(Node g, ControlFlow::ConditionGuardNode guard, Node nd) {

326
go/ql/src/experimental/IntegerOverflow/RangeAnalysis.qll
View File

@@ -74,7 +74,7 @@ float getAnUpperBound(Expr expr) {
result = getAnUpperBound(greater.asExpr()) + bias
)
else
//If not, find the coresponding `SsaDefinition`, then call `getAnSsaUpperBound` on it.
//If not, find the corresponding `SsaDefinition`, then call `getAnSsaUpperBound` on it.
result = getAnSsaUpperBound(v.getDefinition())
)
)
@@ -231,7 +231,7 @@ float getALowerBound(Expr expr) {
result = lbs - bias
)
else
//find coresponding SSA definition and calls `getAnSsaLowerBound` on it.
//find corresponding SSA definition and calls `getAnSsaLowerBound` on it.
result = getAnSsaLowerBound(v.getDefinition())
)
)
@@ -347,91 +347,85 @@ float getALowerBound(Expr expr) {
* Gets a possible upper bound of SSA definition `def`.
*/
float getAnSsaUpperBound(SsaDefinition def) {
if recursiveSelfDef(def)
then none()
else (
if def instanceof SsaExplicitDefinition
then
exists(SsaExplicitDefinition explicitDef | explicitDef = def |
//SSA definition coresponding to a `SimpleAssignStmt`
if explicitDef.getInstruction() instanceof IR::AssignInstruction
not recursiveSelfDef(def) and
(
def instanceof SsaExplicitDefinition and
exists(SsaExplicitDefinition explicitDef | explicitDef = def |
//SSA definition corresponding to a `SimpleAssignStmt`
if explicitDef.getInstruction() instanceof IR::AssignInstruction
then
exists(IR::AssignInstruction assignInstr, SimpleAssignStmt simpleAssign |
assignInstr = explicitDef.getInstruction() and
assignInstr.getRhs().(IR::EvalInstruction).getExpr() = simpleAssign.getRhs() and
result = getAnUpperBound(simpleAssign.getRhs())
)
or
//SSA definition corresponding to a ValueSpec(used in a variable declaration)
exists(IR::AssignInstruction declInstr, ValueSpec vs, int i, Expr init |
declInstr = explicitDef.getInstruction() and
declInstr = IR::initInstruction(vs, i) and
init = vs.getInit(i) and
result = getAnUpperBound(init)
)
or
//SSA definition corresponding to an `AddAssignStmt` (x += y) or `SubAssignStmt` (x -= y)
exists(
IR::AssignInstruction assignInstr, SsaExplicitDefinition prevDef,
CompoundAssignStmt compoundAssign, float prevBound, float delta
|
assignInstr = explicitDef.getInstruction() and
getAUse(prevDef) = compoundAssign.getLhs() and
assignInstr = IR::assignInstruction(compoundAssign, 0) and
prevBound = getAnSsaUpperBound(prevDef) and
(
compoundAssign instanceof AddAssignStmt and
delta = getAnUpperBound(compoundAssign.getRhs()) and
result = addRoundingUp(prevBound, delta)
or
compoundAssign instanceof SubAssignStmt and
delta = getALowerBound(compoundAssign.getRhs()) and
result = addRoundingUp(prevBound, -delta)
)
)
else
//SSA definition corresponding to an `IncDecStmt`
if explicitDef.getInstruction() instanceof IR::IncDecInstruction
then
exists(IR::AssignInstruction assignInstr, SimpleAssignStmt simpleAssign |
assignInstr = explicitDef.getInstruction() and
assignInstr.getRhs().(IR::EvalInstruction).getExpr() = simpleAssign.getRhs() and
result = getAnUpperBound(simpleAssign.getRhs())
)
or
//SSA definition coresponding to a ValueSpec(used in a variable declaration)
exists(IR::AssignInstruction declInstr, ValueSpec vs, int i, Expr init |
declInstr = explicitDef.getInstruction() and
declInstr = IR::initInstruction(vs, i) and
init = vs.getInit(i) and
result = getAnUpperBound(init)
)
or
//SSA definition coresponding to an `AddAssignStmt` (x += y) or `SubAssignStmt` (x -= y)
exists(
IR::AssignInstruction assignInstr, SsaExplicitDefinition prevDef,
CompoundAssignStmt compoundAssign, float prevBound, float delta
|
assignInstr = explicitDef.getInstruction() and
getAUse(prevDef) = compoundAssign.getLhs() and
assignInstr = IR::assignInstruction(compoundAssign, 0) and
prevBound = getAnSsaUpperBound(prevDef) and
if compoundAssign instanceof AddAssignStmt
then
delta = getAnUpperBound(compoundAssign.getRhs()) and
result = addRoundingUp(prevBound, delta)
else
if compoundAssign instanceof SubAssignStmt
then
delta = getALowerBound(compoundAssign.getRhs()) and
result = addRoundingUp(prevBound, -delta)
else none()
)
else
//SSA definition coresponding to an `IncDecStmt`
if explicitDef.getInstruction() instanceof IR::IncDecInstruction
then
exists(IncDecStmt incOrDec, IR::IncDecInstruction instr, float exprLB |
instr = explicitDef.getInstruction() and
exprLB = getAnUpperBound(incOrDec.getOperand()) and
instr.getRhs().(IR::EvalIncDecRhsInstruction).getStmt() = incOrDec and
(
//IncStmt(x++)
exists(IncStmt inc |
inc = incOrDec and
result = addRoundingUp(exprLB, 1)
)
or
//DecStmt(x--)
exists(DecStmt dec |
dec = incOrDec and
result = addRoundingUp(exprLB, -1)
)
exists(IncDecStmt incOrDec, IR::IncDecInstruction instr, float exprLB |
instr = explicitDef.getInstruction() and
exprLB = getAnUpperBound(incOrDec.getOperand()) and
instr.getRhs().(IR::EvalIncDecRhsInstruction).getStmt() = incOrDec and
(
//IncStmt(x++)
exists(IncStmt inc |
inc = incOrDec and
result = addRoundingUp(exprLB, 1)
)
or
//DecStmt(x--)
exists(DecStmt dec |
dec = incOrDec and
result = addRoundingUp(exprLB, -1)
)
)
else
//SSA definition coreponding to the init of the parameter
if explicitDef.getInstruction() instanceof IR::InitParameterInstruction
then
exists(IR::InitParameterInstruction instr, Parameter p |
instr = explicitDef.getInstruction() and
IR::initParamInstruction(p) = instr and
result = typeMaxValue(p.getType())
)
else none()
)
else
//this SSA definition is a phi node.
if def instanceof SsaPhiNode
then
exists(SsaPhiNode phi |
phi = def and
result = getAnSsaUpperBound(phi.getAnInput().getDefinition())
)
else (
//SSA definition coreponding to the init of the parameter
explicitDef.getInstruction() instanceof IR::InitParameterInstruction and
exists(IR::InitParameterInstruction instr, Parameter p |
instr = explicitDef.getInstruction() and
IR::initParamInstruction(p) = instr and
result = typeMaxValue(p.getType())
)
)
else none()
)
or
//this SSA definition is a phi node.
def instanceof SsaPhiNode and
exists(SsaPhiNode phi |
phi = def and
result = getAnSsaUpperBound(phi.getAnInput().getDefinition())
)
)
}
@@ -439,91 +433,85 @@ float getAnSsaUpperBound(SsaDefinition def) {
* Gets a possible lower bound of SSA definition `def`.
*/
float getAnSsaLowerBound(SsaDefinition def) {
if recursiveSelfDef(def)
then none()
else (
if def instanceof SsaExplicitDefinition
then
exists(SsaExplicitDefinition explicitDef | explicitDef = def |
if explicitDef.getInstruction() instanceof IR::AssignInstruction
not recursiveSelfDef(def) and
(
def instanceof SsaExplicitDefinition and
exists(SsaExplicitDefinition explicitDef | explicitDef = def |
if explicitDef.getInstruction() instanceof IR::AssignInstruction
then
//SimpleAssignStmt
exists(IR::AssignInstruction assignInstr, SimpleAssignStmt simpleAssign |
assignInstr = explicitDef.getInstruction() and
assignInstr.getRhs().(IR::EvalInstruction).getExpr() = simpleAssign.getRhs() and
result = getALowerBound(simpleAssign.getRhs())
)
or
//ValueSpec
exists(IR::AssignInstruction declInstr, ValueSpec vs, int i, Expr init |
declInstr = explicitDef.getInstruction() and
declInstr = IR::initInstruction(vs, i) and
init = vs.getInit(i) and
result = getALowerBound(init)
)
or
//AddAssignStmt(x += y)
exists(
IR::AssignInstruction assignInstr, SsaExplicitDefinition prevDef,
CompoundAssignStmt compoundAssign, float prevBound, float delta
|
assignInstr = explicitDef.getInstruction() and
getAUse(prevDef) = compoundAssign.getLhs() and
assignInstr = IR::assignInstruction(compoundAssign, 0) and
prevBound = getAnSsaLowerBound(prevDef) and
(
compoundAssign instanceof AddAssignStmt and
delta = getALowerBound(compoundAssign.getRhs()) and
result = addRoundingDown(prevBound, delta)
or
compoundAssign instanceof SubAssignStmt and
delta = getAnUpperBound(compoundAssign.getRhs()) and
result = addRoundingDown(prevBound, -delta)
)
)
else
//IncDecStmt
if explicitDef.getInstruction() instanceof IR::IncDecInstruction
then
//SimpleAssignStmt
exists(IR::AssignInstruction assignInstr, SimpleAssignStmt simpleAssign |
assignInstr = explicitDef.getInstruction() and
assignInstr.getRhs().(IR::EvalInstruction).getExpr() = simpleAssign.getRhs() and
result = getALowerBound(simpleAssign.getRhs())
)
or
//ValueSpec
exists(IR::AssignInstruction declInstr, ValueSpec vs, int i, Expr init |
declInstr = explicitDef.getInstruction() and
declInstr = IR::initInstruction(vs, i) and
init = vs.getInit(i) and
result = getALowerBound(init)
)
or
//AddAssignStmt(x += y)
exists(
IR::AssignInstruction assignInstr, SsaExplicitDefinition prevDef,
CompoundAssignStmt compoundAssign, float prevBound, float delta
|
assignInstr = explicitDef.getInstruction() and
getAUse(prevDef) = compoundAssign.getLhs() and
assignInstr = IR::assignInstruction(compoundAssign, 0) and
prevBound = getAnSsaLowerBound(prevDef) and
if compoundAssign instanceof AddAssignStmt
then
delta = getALowerBound(compoundAssign.getRhs()) and
result = addRoundingDown(prevBound, delta)
else
if compoundAssign instanceof SubAssignStmt
then
delta = getAnUpperBound(compoundAssign.getRhs()) and
result = addRoundingDown(prevBound, -delta)
else none()
)
else
//IncDecStmt
if explicitDef.getInstruction() instanceof IR::IncDecInstruction
then
exists(IncDecStmt incOrDec, IR::IncDecInstruction instr, float exprLB |
instr = explicitDef.getInstruction() and
exprLB = getALowerBound(incOrDec.getOperand()) and
instr.getRhs().(IR::EvalIncDecRhsInstruction).getStmt() = incOrDec and
(
//IncStmt(x++)
exists(IncStmt inc |
inc = incOrDec and
result = addRoundingDown(exprLB, 1)
)
or
//DecStmt(x--)
exists(DecStmt dec |
dec = incOrDec and
result = addRoundingDown(exprLB, -1)
)
exists(IncDecStmt incOrDec, IR::IncDecInstruction instr, float exprLB |
instr = explicitDef.getInstruction() and
exprLB = getALowerBound(incOrDec.getOperand()) and
instr.getRhs().(IR::EvalIncDecRhsInstruction).getStmt() = incOrDec and
(
//IncStmt(x++)
exists(IncStmt inc |
inc = incOrDec and
result = addRoundingDown(exprLB, 1)
)
or
//DecStmt(x--)
exists(DecStmt dec |
dec = incOrDec and
result = addRoundingDown(exprLB, -1)
)
)
else
//init of the function parameter
if explicitDef.getInstruction() instanceof IR::InitParameterInstruction
then
exists(IR::InitParameterInstruction instr, Parameter p |
instr = explicitDef.getInstruction() and
IR::initParamInstruction(p) = instr and
result = typeMinValue(p.getType())
)
else none()
)
else
//phi node
if def instanceof SsaPhiNode
then
exists(SsaPhiNode phi |
phi = def and
result = getAnSsaLowerBound(phi.getAnInput().getDefinition())
)
else (
//init of the function parameter
explicitDef.getInstruction() instanceof IR::InitParameterInstruction and
exists(IR::InitParameterInstruction instr, Parameter p |
instr = explicitDef.getInstruction() and
IR::initParamInstruction(p) = instr and
result = typeMinValue(p.getType())
)
)
else none()
)
or
//phi node
def instanceof SsaPhiNode and
exists(SsaPhiNode phi |
phi = def and
result = getAnSsaLowerBound(phi.getAnInput().getDefinition())
)
)
}
@@ -533,13 +521,13 @@ float getAnSsaLowerBound(SsaDefinition def) {
* The structure of this function needs to be same as `getAnSsaLowerBound`
*/
predicate ssaDependsOnSsa(SsaDefinition nextDef, SsaDefinition prevDef) {
//SSA definition coresponding to a `SimpleAssignStmt`
//SSA definition corresponding to a `SimpleAssignStmt`
exists(SimpleAssignStmt simpleAssign |
nextDef.(SsaExplicitDefinition).getInstruction() = IR::assignInstruction(simpleAssign, _) and
ssaDependsOnExpr(prevDef, simpleAssign.getRhs())
)
or
//SSA definition coresponding to a `ValueSpec`(used in variable declaration)
//SSA definition corresponding to a `ValueSpec`(used in variable declaration)
exists(IR::AssignInstruction declInstr, ValueSpec vs, int i, Expr init |
declInstr = nextDef.(SsaExplicitDefinition).getInstruction() and
declInstr = IR::initInstruction(vs, i) and
@@ -547,7 +535,7 @@ predicate ssaDependsOnSsa(SsaDefinition nextDef, SsaDefinition prevDef) {
ssaDependsOnExpr(prevDef, init)
)
or
//SSA definition coresponding to a `AddAssignStmt` or `SubAssignStmt`
//SSA definition corresponding to a `AddAssignStmt` or `SubAssignStmt`
exists(CompoundAssignStmt compoundAssign |
(compoundAssign instanceof AddAssignStmt or compoundAssign instanceof SubAssignStmt) and
nextDef.(SsaExplicitDefinition).getInstruction() = IR::assignInstruction(compoundAssign, 0) and
@@ -557,7 +545,7 @@ predicate ssaDependsOnSsa(SsaDefinition nextDef, SsaDefinition prevDef) {
)
)
or
//SSA definition coresponding to a `IncDecStmt`
//SSA definition corresponding to a `IncDecStmt`
exists(IncDecStmt incDec |
nextDef
.(SsaExplicitDefinition)
@@ -569,7 +557,7 @@ predicate ssaDependsOnSsa(SsaDefinition nextDef, SsaDefinition prevDef) {
ssaDependsOnExpr(prevDef, incDec.getOperand())
)
or
//if `nextDef` coresponding to the init of a parameter, there is no coresponding `prevDef`
//if `nextDef` corresponding to the init of a parameter, there is no corresponding `prevDef`
//if `nextDef` is a phi node and `prevDef` is one of the input of the phi node, then `nextDef` depends on `prevDef` directly.
exists(SsaPhiNode phi | nextDef = phi and phi.getAnInput().getDefinition() = prevDef)
}