Merge tag 'codeql-cli/latest'

Compatible with the latest released version of the CodeQL CLI

cpp/ql/lib/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.7.4
+
+No user-facing changes.
+
 ## 0.7.3
 
 ### Minor Analysis Improvements

cpp/ql/lib/change-notes/released/0.7.4.md

@@ -0,0 +1,3 @@
+## 0.7.4
+
+No user-facing changes.

cpp/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.3
+lastReleaseVersion: 0.7.4

cpp/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 0.7.3
+version: 0.7.4
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp

cpp/ql/src/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.6.4
+
+No user-facing changes.
+
 ## 0.6.3
 
 ### New Queries

cpp/ql/src/change-notes/released/0.6.4.md

@@ -0,0 +1,3 @@
+## 0.6.4
+
+No user-facing changes.

cpp/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.3
+lastReleaseVersion: 0.6.4

cpp/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 0.6.3
+version: 0.6.4
 groups: 
   - cpp
   - queries

csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 1.5.4
+
+No user-facing changes.
+
 ## 1.5.3
 
 No user-facing changes.

csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.5.4.md

@@ -0,0 +1,3 @@
+## 1.5.4
+
+No user-facing changes.

csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.5.3
+lastReleaseVersion: 1.5.4

csharp/ql/campaigns/Solorigate/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.5.3
+version: 1.5.4
 groups:
     - csharp
     - solorigate

csharp/ql/campaigns/Solorigate/src/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 1.5.4
+
+No user-facing changes.
+
 ## 1.5.3
 
 No user-facing changes.

csharp/ql/campaigns/Solorigate/src/change-notes/released/1.5.4.md

@@ -0,0 +1,3 @@
+## 1.5.4
+
+No user-facing changes.

csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.5.3
+lastReleaseVersion: 1.5.4

csharp/ql/campaigns/Solorigate/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.5.3
+version: 1.5.4
 groups:
     - csharp
     - solorigate

csharp/ql/lib/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.6.4
+
+No user-facing changes.
+
 ## 0.6.3
 
 ### Major Analysis Improvements

csharp/ql/lib/change-notes/released/0.6.4.md

@@ -0,0 +1,3 @@
+## 0.6.4
+
+No user-facing changes.

csharp/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.3
+lastReleaseVersion: 0.6.4

csharp/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 0.6.3
+version: 0.6.4
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp

csharp/ql/src/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.6.4
+
+No user-facing changes.
+
 ## 0.6.3
 
 No user-facing changes.

csharp/ql/src/change-notes/released/0.6.4.md

@@ -0,0 +1,3 @@
+## 0.6.4
+
+No user-facing changes.

csharp/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.3
+lastReleaseVersion: 0.6.4

csharp/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 0.6.3
+version: 0.6.4
 groups: 
   - csharp
   - queries

docs/codeql/ql-language-reference/formulas.rst

@@ -164,6 +164,38 @@ If the call resolves to a predicate without result, then the call is a formula.
 It is also possible to call a predicate with result. This kind of call is an
 expression in QL, instead of a formula. For more information, see ":ref:`calls-with-result`."
 
+Member predicates only apply to members of a particular class and calls to
+member predicates have a receiver of a matching type. Syntactically, if a call
+contains a dot, then the expression before the dot specifies the receiver of
+the call. For instance, ``x`` is the receiver for the call ``x.isEven()``.
+
+For calls to member predicates of the enclosing class on the member itself
+(i.e., the value of ``this``), the receiver may be omitted syntactically. In
+this case we say the call has an implicit this receiver. For instance, in the
+following example the ``isEven()`` call in ``isOdd()`` is a member predicate
+call with an implicit this receiver and the call is equivalent to
+``this.isEven()``:
+
+.. code-block:: ql
+
+  class OneTwoThree extends int {
+    OneTwoThree() { this = 1 or this = 2 or this = 3 }
+
+    predicate isEven() { this = 2 }
+
+    predicate isOdd() { not isEven() }
+  }
+
+Use of implicit this receivers can make it harder to spot predicates that introduce
+cartesian products by failing to relate the implicit ``this`` variable with
+other variables, which can negatively affect query performance. For more
+information on cartesian products, see ":ref:`Troubleshooting query performance
+<troubleshooting-query-performance>`".
+
+It is possible to enable warnings about implicit this receivers for `CodeQL packs
+<https://docs.github.com/en/code-security/codeql-cli/codeql-cli-reference/about-codeql-packs#warnonimplicitthis>`__
+through the ``warnOnImplicitThis`` property.
+
 .. _parenthesized-formulas:
 
 Parenthesized formulas

go/ql/lib/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.5.4
+
+No user-facing changes.
+
 ## 0.5.3
 
 No user-facing changes.

go/ql/lib/change-notes/released/0.5.4.md

@@ -0,0 +1,3 @@
+## 0.5.4
+
+No user-facing changes.

go/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.5.3
+lastReleaseVersion: 0.5.4

go/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/go-all
-version: 0.5.3
+version: 0.5.4
 groups: go
 dbscheme: go.dbscheme
 extractor: go

go/ql/src/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.5.4
+
+No user-facing changes.
+
 ## 0.5.3
 
 No user-facing changes.

go/ql/src/change-notes/released/0.5.4.md

@@ -0,0 +1,3 @@
+## 0.5.4
+
+No user-facing changes.

go/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.5.3
+lastReleaseVersion: 0.5.4

go/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/go-queries
-version: 0.5.3
+version: 0.5.4
 groups:
   - go
   - queries

java/downgrades/ecfcf050952e54b1155fc89525db84af6ad34aaf/upgrade.properties

@@ -0,0 +1,2 @@
+description: Remove ENUM_ENTRIES
+compatibility: full

java/kotlin-extractor/src/main/kotlin/KotlinFileExtractor.kt

@@ -1701,12 +1701,13 @@ open class KotlinFileExtractor(
 
     private fun extractSyntheticBody(b: IrSyntheticBody, callable: Label<out DbCallable>) {
         with("synthetic body", b) {
-            when (b.kind) {
+            val kind = b.kind
-                IrSyntheticBodyKind.ENUM_VALUES -> tw.writeKtSyntheticBody(callable, 1)
+            when {
-                IrSyntheticBodyKind.ENUM_VALUEOF -> tw.writeKtSyntheticBody(callable, 2)
+                kind == IrSyntheticBodyKind.ENUM_VALUES -> tw.writeKtSyntheticBody(callable, 1)
+                kind == IrSyntheticBodyKind.ENUM_VALUEOF -> tw.writeKtSyntheticBody(callable, 2)
+                kind == kind_ENUM_ENTRIES -> tw.writeKtSyntheticBody(callable, 3)
                 else -> {
-                    // TODO: Support IrSyntheticBodyKind.ENUM_ENTRIES
+                    logger.errorElement("Unhandled synthetic body kind " + kind, b)
-                    logger.errorElement("Unhandled synthetic body kind " + b.kind.javaClass, b)
                 }
             }
         }
@@ -5316,7 +5317,10 @@ open class KotlinFileExtractor(
     private fun extractTypeAccessRecursive(t: IrType, location: Label<out DbLocation>, parent: Label<out DbExprparent>, idx: Int, typeContext: TypeContext = TypeContext.OTHER): Label<out DbExpr> {
         val typeAccessId = extractTypeAccess(useType(t, typeContext), location, parent, idx)
         if (t is IrSimpleType) {
-            t.arguments.forEachIndexed { argIdx, arg ->
+            // From 1.9, the list might change when we call erase,
+            // so we make a copy that it is safe to iterate over.
+            val argumentsCopy = t.arguments.toList()
+            argumentsCopy.forEachIndexed { argIdx, arg ->
                 extractWildcardTypeAccessRecursive(arg, location, typeAccessId, argIdx)
             }
         }

java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_4_32/SyntheticBodyKind.kt

@@ -0,0 +1,6 @@
+package com.github.codeql.utils.versions
+
+import org.jetbrains.kotlin.ir.expressions.IrSyntheticBodyKind
+
+val kind_ENUM_ENTRIES: IrSyntheticBodyKind? = null
+

java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/SyntheticBodyKind.kt

@@ -0,0 +1,6 @@
+package com.github.codeql.utils.versions
+
+import org.jetbrains.kotlin.ir.expressions.IrSyntheticBodyKind
+
+val kind_ENUM_ENTRIES: IrSyntheticBodyKind? = IrSyntheticBodyKind.ENUM_ENTRIES
+

java/ql/lib/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.6.4
+
+No user-facing changes.
+
 ## 0.6.3
 
 ### New Features

java/ql/lib/change-notes/released/0.6.4.md

@@ -0,0 +1,3 @@
+## 0.6.4
+
+No user-facing changes.

java/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.3
+lastReleaseVersion: 0.6.4

java/ql/lib/config/semmlecode.dbscheme

@@ -1219,6 +1219,7 @@ ktSyntheticBody(
   int kind: int ref
   // 1: ENUM_VALUES
   // 2: ENUM_VALUEOF
+  // 3: ENUM_ENTRIES
 )
 
 ktLocalFunction(

java/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/java-all
-version: 0.6.3
+version: 0.6.4
 groups: java
 dbscheme: config/semmlecode.dbscheme
 extractor: java

java/ql/lib/upgrades/7cbc85b1f3ecda39661ad4806dedbd0973d2c4c0/upgrade.properties

@@ -0,0 +1,2 @@
+description: Add ENUM_ENTRIES
+compatibility: full

java/ql/src/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.6.4
+
+No user-facing changes.
+
 ## 0.6.3
 
 ### Minor Analysis Improvements

java/ql/src/change-notes/released/0.6.4.md

@@ -0,0 +1,3 @@
+## 0.6.4
+
+No user-facing changes.

java/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.3
+lastReleaseVersion: 0.6.4

java/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/java-queries
-version: 0.6.3
+version: 0.6.4
 groups: 
   - java
   - queries

javascript/ql/lib/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.6.4
+
+No user-facing changes.
+
 ## 0.6.3
 
 ### Major Analysis Improvements

javascript/ql/lib/change-notes/released/0.6.4.md

@@ -0,0 +1,3 @@
+## 0.6.4
+
+No user-facing changes.

javascript/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.3
+lastReleaseVersion: 0.6.4

javascript/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/javascript-all
-version: 0.6.3
+version: 0.6.4
 groups: javascript
 dbscheme: semmlecode.javascript.dbscheme
 extractor: javascript

javascript/ql/src/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.6.4
+
+No user-facing changes.
+
 ## 0.6.3
 
 ### Minor Analysis Improvements

javascript/ql/src/change-notes/released/0.6.4.md

@@ -0,0 +1,3 @@
+## 0.6.4
+
+No user-facing changes.

javascript/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.3
+lastReleaseVersion: 0.6.4

javascript/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/javascript-queries
-version: 0.6.3
+version: 0.6.4
 groups: 
   - javascript
   - queries

misc/suite-helpers/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.5.4
+
+No user-facing changes.
+
 ## 0.5.3
 
 No user-facing changes.

misc/suite-helpers/change-notes/released/0.5.4.md

@@ -0,0 +1,3 @@
+## 0.5.4
+
+No user-facing changes.

misc/suite-helpers/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.5.3
+lastReleaseVersion: 0.5.4

misc/suite-helpers/qlpack.yml

@@ -1,3 +1,3 @@
 name: codeql/suite-helpers
-version: 0.5.3
+version: 0.5.4
 groups: shared

python/ql/lib/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.9.4
+
+No user-facing changes.
+
 ## 0.9.3
 
 No user-facing changes.

python/ql/lib/change-notes/released/0.9.4.md

@@ -0,0 +1,3 @@
+## 0.9.4
+
+No user-facing changes.

python/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.9.3
+lastReleaseVersion: 0.9.4

python/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/python-all
-version: 0.9.3
+version: 0.9.4
 groups: python
 dbscheme: semmlecode.python.dbscheme
 extractor: python

python/ql/src/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.7.4
+
+No user-facing changes.
+
 ## 0.7.3
 
 ### Bug Fixes

python/ql/src/change-notes/released/0.7.4.md

@@ -0,0 +1,3 @@
+## 0.7.4
+
+No user-facing changes.

python/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.3
+lastReleaseVersion: 0.7.4

python/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/python-queries
-version: 0.7.3
+version: 0.7.4
 groups: 
   - python
   - queries

ruby/ql/lib/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.6.4
+
+No user-facing changes.
+
 ## 0.6.3
 
 ### Minor Analysis Improvements

ruby/ql/lib/change-notes/released/0.6.4.md

@@ -0,0 +1,3 @@
+## 0.6.4
+
+No user-facing changes.

ruby/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.3
+lastReleaseVersion: 0.6.4

ruby/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/ruby-all
-version: 0.6.3
+version: 0.6.4
 groups: ruby
 extractor: ruby
 dbscheme: ruby.dbscheme

ruby/ql/src/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.6.4
+
+No user-facing changes.
+
 ## 0.6.3
 
 ### Minor Analysis Improvements

ruby/ql/src/change-notes/released/0.6.4.md

@@ -0,0 +1,3 @@
+## 0.6.4
+
+No user-facing changes.

ruby/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.3
+lastReleaseVersion: 0.6.4

ruby/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/ruby-queries
-version: 0.6.3
+version: 0.6.4
 groups: 
   - ruby
   - queries

shared/regex/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.0.15
+
+No user-facing changes.
+
 ## 0.0.14
 
 No user-facing changes.

shared/regex/change-notes/released/0.0.15.md

@@ -0,0 +1,3 @@
+## 0.0.15
+
+No user-facing changes.

shared/regex/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.14
+lastReleaseVersion: 0.0.15

shared/regex/codeql/regex/nfa/NfaUtils.qll

@@ -451,7 +451,15 @@ module Make<RegexTreeViewSig TreeImpl> {
       }
 
       bindingset[char]
-      override predicate matches(string char) { not hasChildThatMatches(cc, char) }
+      override predicate matches(string char) {
+        not hasChildThatMatches(cc, char) and
+        (
+          // detect unsupported char classes that doesn't match anything (e.g. `\p{L}` in ruby), and don't report any matches
+          hasChildThatMatches(cc, _)
+          or
+          not exists(cc.getAChild()) // [^] still matches everything
+        )
+      }
     }
 
     /**
@@ -536,7 +544,9 @@ module Make<RegexTreeViewSig TreeImpl> {
 
       bindingset[char]
       override predicate matches(string char) {
-        not classEscapeMatches(charClass.toLowerCase(), char)
+        not classEscapeMatches(charClass.toLowerCase(), char) and
+        // detect unsupported char classes (e.g. `\p{L}` in ruby), and don't report any matches
+        classEscapeMatches(charClass.toLowerCase(), _)
       }
     }
 

shared/regex/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/regex
-version: 0.0.14
+version: 0.0.15
 groups: shared
 library: true
 dependencies:

shared/ssa/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.0.19
+
+No user-facing changes.
+
 ## 0.0.18
 
 No user-facing changes.

shared/ssa/change-notes/released/0.0.19.md

@@ -0,0 +1,3 @@
+## 0.0.19
+
+No user-facing changes.

shared/ssa/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.18
+lastReleaseVersion: 0.0.19

shared/ssa/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/ssa
-version: 0.0.18
+version: 0.0.19
 groups: shared
 library: true
 warnOnImplicitThis: true

shared/tutorial/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.0.12
+
+No user-facing changes.
+
 ## 0.0.11
 
 No user-facing changes.

shared/tutorial/change-notes/released/0.0.12.md

@@ -0,0 +1,3 @@
+## 0.0.12
+
+No user-facing changes.

shared/tutorial/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.11
+lastReleaseVersion: 0.0.12

shared/tutorial/qlpack.yml

@@ -1,6 +1,6 @@
 name: codeql/tutorial
 description: Library for the CodeQL detective tutorials, helping new users learn to write CodeQL queries.
-version: 0.0.11
+version: 0.0.12
 groups: shared
 library: true
 warnOnImplicitThis: true

shared/typetracking/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.0.12
+
+No user-facing changes.
+
 ## 0.0.11
 
 No user-facing changes.

shared/typetracking/change-notes/released/0.0.12.md

@@ -0,0 +1,3 @@
+## 0.0.12
+
+No user-facing changes.

shared/typetracking/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.11
+lastReleaseVersion: 0.0.12

shared/typetracking/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/typetracking
-version: 0.0.11
+version: 0.0.12
 groups: shared
 library: true
 dependencies:

shared/typos/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.0.19
+
+No user-facing changes.
+
 ## 0.0.18
 
 No user-facing changes.

shared/typos/change-notes/released/0.0.19.md

@@ -0,0 +1,3 @@
+## 0.0.19
+
+No user-facing changes.

shared/typos/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.18
+lastReleaseVersion: 0.0.19

shared/typos/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/typos
-version: 0.0.18
+version: 0.0.19
 groups: shared
 library: true
 warnOnImplicitThis: true