hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-11 18:14:01 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into compwidertype2

Browse Source
This commit is contained in:
Geoffrey White
2026-04-10 13:58:35 +01:00
committed by GitHub
parent 201af3fffc dfa8d72dd3
commit bcf612e6fe
151 changed files with 2001 additions and 650 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.pre-commit-config.yaml
View File

@@ -7,9 +7,9 @@ repos:
rev: v3.2.0
hooks:
- id: trailing-whitespace
exclude: /test/.*$(?<!\.qlref)|.*\.patch$|.*\.qll?$
exclude: /test([^/]*)/.*$(?<!\.qlref)|.*\.patch$|.*\.qll?$
- id: end-of-file-fixer
exclude: Cargo.lock$|/test/.*$(?<!\.qlref)|.*\.patch$|.*\.qll?$
exclude: Cargo.lock$|/test([^/]*)/.*$(?<!\.qlref)|.*\.patch$|.*\.qll?$
- repo: https://github.com/pre-commit/mirrors-clang-format
rev: v17.0.6

5
MODULE.bazel
View File

@@ -27,7 +27,7 @@ bazel_dep(name = "abseil-cpp", version = "20260107.1", repo_name = "absl")
bazel_dep(name = "nlohmann_json", version = "3.11.3", repo_name = "json")
bazel_dep(name = "fmt", version = "12.1.0-codeql.1")
bazel_dep(name = "rules_kotlin", version = "2.2.2-codeql.1")
bazel_dep(name = "gazelle", version = "0.47.0")
bazel_dep(name = "gazelle", version = "0.50.0")
bazel_dep(name = "rules_dotnet", version = "0.21.5-codeql.1")
bazel_dep(name = "googletest", version = "1.17.0.bcr.2")
bazel_dep(name = "rules_rust", version = "0.69.0")
@@ -242,6 +242,7 @@ use_repo(
"kotlin-compiler-2.2.0-Beta1",
"kotlin-compiler-2.2.20-Beta2",
"kotlin-compiler-2.3.0",
"kotlin-compiler-2.3.20",
"kotlin-compiler-embeddable-1.8.0",
"kotlin-compiler-embeddable-1.9.0-Beta",
"kotlin-compiler-embeddable-1.9.20-Beta",
@@ -252,6 +253,7 @@ use_repo(
"kotlin-compiler-embeddable-2.2.0-Beta1",
"kotlin-compiler-embeddable-2.2.20-Beta2",
"kotlin-compiler-embeddable-2.3.0",
"kotlin-compiler-embeddable-2.3.20",
"kotlin-stdlib-1.8.0",
"kotlin-stdlib-1.9.0-Beta",
"kotlin-stdlib-1.9.20-Beta",
@@ -262,6 +264,7 @@ use_repo(
"kotlin-stdlib-2.2.0-Beta1",
"kotlin-stdlib-2.2.20-Beta2",
"kotlin-stdlib-2.3.0",
"kotlin-stdlib-2.3.20",
)
go_sdk = use_extension("@rules_go//go:extensions.bzl", "go_sdk")

6
actions/ql/src/Security/CWE-829/ArtifactPoisoningCritical.ql
View File

@@ -20,6 +20,6 @@ from ArtifactPoisoningFlow::PathNode source, ArtifactPoisoningFlow::PathNode sin
where
ArtifactPoisoningFlow::flowPath(source, sink) and
event = getRelevantEventInPrivilegedContext(sink.getNode())
select sink.getNode(), source, sink,
"Potential artifact poisoning in $@, which may be controlled by an external user ($@).", sink,
sink.getNode().toString(), event, event.getName()
select source.getNode(), source, sink,
"Potential artifact poisoning; the artifact being consumed has contents that may be controlled by an external user ($@).",
event, event.getName()

5
actions/ql/src/Security/CWE-829/ArtifactPoisoningMedium.ql
View File

@@ -20,6 +20,5 @@ from ArtifactPoisoningFlow::PathNode source, ArtifactPoisoningFlow::PathNode sin
where
ArtifactPoisoningFlow::flowPath(source, sink) and
inNonPrivilegedContext(sink.getNode().asExpr())
select sink.getNode(), source, sink,
"Potential artifact poisoning in $@, which may be controlled by an external user.", sink,
sink.getNode().toString()
select source.getNode(), source, sink,
"Potential artifact poisoning; the artifact being consumed has contents that may be controlled by an external user."

4
actions/ql/src/change-notes/2026-04-02-alert-msg-poisoning.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: majorAnalysis
---
* Fixed alert messages in `actions/artifact-poisoning/critical` and `actions/artifact-poisoning/medium` as they previously included a redundant placeholder in the alert message that would on occasion contain a long block of yml that makes the alert difficult to understand. Also clarify the wording to make it clear that it is not the artifact that is being poisoned, but instead a potentially untrusted artifact that is consumed. Also change the alert location to be the source, to align more with other queries reporting an artifact (e.g. zipslip) which is more useful.

36
actions/ql/test/query-tests/Security/CWE-829/ArtifactPoisoningCritical.expected
View File

@@ -55,21 +55,21 @@ nodes
| .github/workflows/test25.yml:39:14:40:45 | ./gradlew buildScanPublishPrevious\n | semmle.label | ./gradlew buildScanPublishPrevious\n |
subpaths
#select
| .github/workflows/artifactpoisoning11.yml:38:11:38:77 | ./sonarcloud-data/x.py build -j$(nproc) --compiler gcc --skip-build | .github/workflows/artifactpoisoning11.yml:13:9:32:6 | Uses Step | .github/workflows/artifactpoisoning11.yml:38:11:38:77 | ./sonarcloud-data/x.py build -j$(nproc) --compiler gcc --skip-build | Potential artifact poisoning in $@, which may be controlled by an external user ($@). | .github/workflows/artifactpoisoning11.yml:38:11:38:77 | ./sonarcloud-data/x.py build -j$(nproc) --compiler gcc --skip-build | ./sonarcloud-data/x.py build -j$(nproc) --compiler gcc --skip-build | .github/workflows/artifactpoisoning11.yml:4:3:4:14 | workflow_run | workflow_run |
| .github/workflows/artifactpoisoning12.yml:38:11:38:25 | python foo/x.py | .github/workflows/artifactpoisoning12.yml:13:9:32:6 | Uses Step | .github/workflows/artifactpoisoning12.yml:38:11:38:25 | python foo/x.py | Potential artifact poisoning in $@, which may be controlled by an external user ($@). | .github/workflows/artifactpoisoning12.yml:38:11:38:25 | python foo/x.py | python foo/x.py | .github/workflows/artifactpoisoning12.yml:4:3:4:14 | workflow_run | workflow_run |
| .github/workflows/artifactpoisoning21.yml:19:14:20:21 | sh foo/cmd\n | .github/workflows/artifactpoisoning21.yml:13:9:18:6 | Uses Step | .github/workflows/artifactpoisoning21.yml:19:14:20:21 | sh foo/cmd\n | Potential artifact poisoning in $@, which may be controlled by an external user ($@). | .github/workflows/artifactpoisoning21.yml:19:14:20:21 | sh foo/cmd\n | sh foo/cmd\n | .github/workflows/artifactpoisoning21.yml:4:3:4:14 | workflow_run | workflow_run |
| .github/workflows/artifactpoisoning22.yml:18:14:18:19 | sh cmd | .github/workflows/artifactpoisoning22.yml:13:9:17:6 | Uses Step | .github/workflows/artifactpoisoning22.yml:18:14:18:19 | sh cmd | Potential artifact poisoning in $@, which may be controlled by an external user ($@). | .github/workflows/artifactpoisoning22.yml:18:14:18:19 | sh cmd | sh cmd | .github/workflows/artifactpoisoning22.yml:4:3:4:14 | workflow_run | workflow_run |
| .github/workflows/artifactpoisoning31.yml:19:14:19:22 | ./foo/cmd | .github/workflows/artifactpoisoning31.yml:13:9:15:6 | Run Step | .github/workflows/artifactpoisoning31.yml:19:14:19:22 | ./foo/cmd | Potential artifact poisoning in $@, which may be controlled by an external user ($@). | .github/workflows/artifactpoisoning31.yml:19:14:19:22 | ./foo/cmd | ./foo/cmd | .github/workflows/artifactpoisoning31.yml:4:3:4:14 | workflow_run | workflow_run |
| .github/workflows/artifactpoisoning32.yml:17:14:18:20 | ./bar/cmd\n | .github/workflows/artifactpoisoning32.yml:13:9:16:6 | Run Step | .github/workflows/artifactpoisoning32.yml:17:14:18:20 | ./bar/cmd\n | Potential artifact poisoning in $@, which may be controlled by an external user ($@). | .github/workflows/artifactpoisoning32.yml:17:14:18:20 | ./bar/cmd\n | ./bar/cmd\n | .github/workflows/artifactpoisoning32.yml:4:3:4:14 | workflow_run | workflow_run |
| .github/workflows/artifactpoisoning33.yml:17:14:18:20 | ./bar/cmd\n | .github/workflows/artifactpoisoning33.yml:13:9:16:6 | Run Step | .github/workflows/artifactpoisoning33.yml:17:14:18:20 | ./bar/cmd\n | Potential artifact poisoning in $@, which may be controlled by an external user ($@). | .github/workflows/artifactpoisoning33.yml:17:14:18:20 | ./bar/cmd\n | ./bar/cmd\n | .github/workflows/artifactpoisoning33.yml:4:3:4:14 | workflow_run | workflow_run |
| .github/workflows/artifactpoisoning34.yml:20:14:22:23 | npm install\nnpm run lint\n | .github/workflows/artifactpoisoning34.yml:13:9:16:6 | Run Step | .github/workflows/artifactpoisoning34.yml:20:14:22:23 | npm install\nnpm run lint\n | Potential artifact poisoning in $@, which may be controlled by an external user ($@). | .github/workflows/artifactpoisoning34.yml:20:14:22:23 | npm install\nnpm run lint\n | npm install\nnpm run lint\n | .github/workflows/artifactpoisoning34.yml:4:3:4:14 | workflow_run | workflow_run |
| .github/workflows/artifactpoisoning41.yml:22:14:22:22 | ./foo/cmd | .github/workflows/artifactpoisoning41.yml:13:9:21:6 | Run Step | .github/workflows/artifactpoisoning41.yml:22:14:22:22 | ./foo/cmd | Potential artifact poisoning in $@, which may be controlled by an external user ($@). | .github/workflows/artifactpoisoning41.yml:22:14:22:22 | ./foo/cmd | ./foo/cmd | .github/workflows/artifactpoisoning41.yml:4:3:4:14 | workflow_run | workflow_run |
| .github/workflows/artifactpoisoning42.yml:22:14:22:18 | ./cmd | .github/workflows/artifactpoisoning42.yml:13:9:21:6 | Run Step | .github/workflows/artifactpoisoning42.yml:22:14:22:18 | ./cmd | Potential artifact poisoning in $@, which may be controlled by an external user ($@). | .github/workflows/artifactpoisoning42.yml:22:14:22:18 | ./cmd | ./cmd | .github/workflows/artifactpoisoning42.yml:4:3:4:14 | workflow_run | workflow_run |
| .github/workflows/artifactpoisoning71.yml:17:14:18:40 | sed -f config foo.md > bar.md\n | .github/workflows/artifactpoisoning71.yml:9:9:16:6 | Uses Step | .github/workflows/artifactpoisoning71.yml:17:14:18:40 | sed -f config foo.md > bar.md\n | Potential artifact poisoning in $@, which may be controlled by an external user ($@). | .github/workflows/artifactpoisoning71.yml:17:14:18:40 | sed -f config foo.md > bar.md\n | sed -f config foo.md > bar.md\n | .github/workflows/artifactpoisoning71.yml:4:5:4:16 | workflow_run | workflow_run |
| .github/workflows/artifactpoisoning81.yml:31:14:31:27 | python test.py | .github/workflows/artifactpoisoning81.yml:28:9:31:6 | Uses Step | .github/workflows/artifactpoisoning81.yml:31:14:31:27 | python test.py | Potential artifact poisoning in $@, which may be controlled by an external user ($@). | .github/workflows/artifactpoisoning81.yml:31:14:31:27 | python test.py | python test.py | .github/workflows/artifactpoisoning81.yml:3:5:3:23 | pull_request_target | pull_request_target |
| .github/workflows/artifactpoisoning92.yml:28:9:29:6 | Uses Step | .github/actions/download-artifact-2/action.yaml:6:7:25:4 | Uses Step | .github/workflows/artifactpoisoning92.yml:28:9:29:6 | Uses Step | Potential artifact poisoning in $@, which may be controlled by an external user ($@). | .github/workflows/artifactpoisoning92.yml:28:9:29:6 | Uses Step | Uses Step | .github/workflows/artifactpoisoning92.yml:3:3:3:14 | workflow_run | workflow_run |
| .github/workflows/artifactpoisoning92.yml:29:14:29:26 | make snapshot | .github/actions/download-artifact-2/action.yaml:6:7:25:4 | Uses Step | .github/workflows/artifactpoisoning92.yml:29:14:29:26 | make snapshot | Potential artifact poisoning in $@, which may be controlled by an external user ($@). | .github/workflows/artifactpoisoning92.yml:29:14:29:26 | make snapshot | make snapshot | .github/workflows/artifactpoisoning92.yml:3:3:3:14 | workflow_run | workflow_run |
| .github/workflows/artifactpoisoning96.yml:18:14:18:24 | npm install | .github/workflows/artifactpoisoning96.yml:13:9:18:6 | Uses Step | .github/workflows/artifactpoisoning96.yml:18:14:18:24 | npm install | Potential artifact poisoning in $@, which may be controlled by an external user ($@). | .github/workflows/artifactpoisoning96.yml:18:14:18:24 | npm install | npm install | .github/workflows/artifactpoisoning96.yml:2:3:2:14 | workflow_run | workflow_run |
| .github/workflows/artifactpoisoning101.yml:17:14:19:59 | PR_NUMBER=$(./get_pull_request_number.sh pr_number.txt)\necho "PR_NUMBER=$PR_NUMBER" >> $GITHUB_OUTPUT \n | .github/workflows/artifactpoisoning101.yml:10:9:16:6 | Uses Step | .github/workflows/artifactpoisoning101.yml:17:14:19:59 | PR_NUMBER=$(./get_pull_request_number.sh pr_number.txt)\necho "PR_NUMBER=$PR_NUMBER" >> $GITHUB_OUTPUT \n | Potential artifact poisoning in $@, which may be controlled by an external user ($@). | .github/workflows/artifactpoisoning101.yml:17:14:19:59 | PR_NUMBER=$(./get_pull_request_number.sh pr_number.txt)\necho "PR_NUMBER=$PR_NUMBER" >> $GITHUB_OUTPUT \n | PR_NUMBER=$(./get_pull_request_number.sh pr_number.txt)\necho "PR_NUMBER=$PR_NUMBER" >> $GITHUB_OUTPUT \n | .github/workflows/artifactpoisoning101.yml:4:3:4:21 | pull_request_target | pull_request_target |
| .github/workflows/test18.yml:36:15:40:58 | Uses Step | .github/workflows/test18.yml:12:15:33:12 | Uses Step | .github/workflows/test18.yml:36:15:40:58 | Uses Step | Potential artifact poisoning in $@, which may be controlled by an external user ($@). | .github/workflows/test18.yml:36:15:40:58 | Uses Step | Uses Step | .github/workflows/test18.yml:3:5:3:16 | workflow_run | workflow_run |
| .github/workflows/test25.yml:39:14:40:45 | ./gradlew buildScanPublishPrevious\n | .github/workflows/test25.yml:22:9:32:6 | Uses Step: downloadBuildScan | .github/workflows/test25.yml:39:14:40:45 | ./gradlew buildScanPublishPrevious\n | Potential artifact poisoning in $@, which may be controlled by an external user ($@). | .github/workflows/test25.yml:39:14:40:45 | ./gradlew buildScanPublishPrevious\n | ./gradlew buildScanPublishPrevious\n | .github/workflows/test25.yml:2:3:2:14 | workflow_run | workflow_run |
| .github/actions/download-artifact-2/action.yaml:6:7:25:4 | Uses Step | .github/actions/download-artifact-2/action.yaml:6:7:25:4 | Uses Step | .github/workflows/artifactpoisoning92.yml:28:9:29:6 | Uses Step | Potential artifact poisoning; the artifact being consumed has contents that may be controlled by an external user ($@). | .github/workflows/artifactpoisoning92.yml:3:3:3:14 | workflow_run | workflow_run |
| .github/actions/download-artifact-2/action.yaml:6:7:25:4 | Uses Step | .github/actions/download-artifact-2/action.yaml:6:7:25:4 | Uses Step | .github/workflows/artifactpoisoning92.yml:29:14:29:26 | make snapshot | Potential artifact poisoning; the artifact being consumed has contents that may be controlled by an external user ($@). | .github/workflows/artifactpoisoning92.yml:3:3:3:14 | workflow_run | workflow_run |
| .github/workflows/artifactpoisoning11.yml:13:9:32:6 | Uses Step | .github/workflows/artifactpoisoning11.yml:13:9:32:6 | Uses Step | .github/workflows/artifactpoisoning11.yml:38:11:38:77 | ./sonarcloud-data/x.py build -j$(nproc) --compiler gcc --skip-build | Potential artifact poisoning; the artifact being consumed has contents that may be controlled by an external user ($@). | .github/workflows/artifactpoisoning11.yml:4:3:4:14 | workflow_run | workflow_run |
| .github/workflows/artifactpoisoning12.yml:13:9:32:6 | Uses Step | .github/workflows/artifactpoisoning12.yml:13:9:32:6 | Uses Step | .github/workflows/artifactpoisoning12.yml:38:11:38:25 | python foo/x.py | Potential artifact poisoning; the artifact being consumed has contents that may be controlled by an external user ($@). | .github/workflows/artifactpoisoning12.yml:4:3:4:14 | workflow_run | workflow_run |
| .github/workflows/artifactpoisoning21.yml:13:9:18:6 | Uses Step | .github/workflows/artifactpoisoning21.yml:13:9:18:6 | Uses Step | .github/workflows/artifactpoisoning21.yml:19:14:20:21 | sh foo/cmd\n | Potential artifact poisoning; the artifact being consumed has contents that may be controlled by an external user ($@). | .github/workflows/artifactpoisoning21.yml:4:3:4:14 | workflow_run | workflow_run |
| .github/workflows/artifactpoisoning22.yml:13:9:17:6 | Uses Step | .github/workflows/artifactpoisoning22.yml:13:9:17:6 | Uses Step | .github/workflows/artifactpoisoning22.yml:18:14:18:19 | sh cmd | Potential artifact poisoning; the artifact being consumed has contents that may be controlled by an external user ($@). | .github/workflows/artifactpoisoning22.yml:4:3:4:14 | workflow_run | workflow_run |
| .github/workflows/artifactpoisoning31.yml:13:9:15:6 | Run Step | .github/workflows/artifactpoisoning31.yml:13:9:15:6 | Run Step | .github/workflows/artifactpoisoning31.yml:19:14:19:22 | ./foo/cmd | Potential artifact poisoning; the artifact being consumed has contents that may be controlled by an external user ($@). | .github/workflows/artifactpoisoning31.yml:4:3:4:14 | workflow_run | workflow_run |
| .github/workflows/artifactpoisoning32.yml:13:9:16:6 | Run Step | .github/workflows/artifactpoisoning32.yml:13:9:16:6 | Run Step | .github/workflows/artifactpoisoning32.yml:17:14:18:20 | ./bar/cmd\n | Potential artifact poisoning; the artifact being consumed has contents that may be controlled by an external user ($@). | .github/workflows/artifactpoisoning32.yml:4:3:4:14 | workflow_run | workflow_run |
| .github/workflows/artifactpoisoning33.yml:13:9:16:6 | Run Step | .github/workflows/artifactpoisoning33.yml:13:9:16:6 | Run Step | .github/workflows/artifactpoisoning33.yml:17:14:18:20 | ./bar/cmd\n | Potential artifact poisoning; the artifact being consumed has contents that may be controlled by an external user ($@). | .github/workflows/artifactpoisoning33.yml:4:3:4:14 | workflow_run | workflow_run |
| .github/workflows/artifactpoisoning34.yml:13:9:16:6 | Run Step | .github/workflows/artifactpoisoning34.yml:13:9:16:6 | Run Step | .github/workflows/artifactpoisoning34.yml:20:14:22:23 | npm install\nnpm run lint\n | Potential artifact poisoning; the artifact being consumed has contents that may be controlled by an external user ($@). | .github/workflows/artifactpoisoning34.yml:4:3:4:14 | workflow_run | workflow_run |
| .github/workflows/artifactpoisoning41.yml:13:9:21:6 | Run Step | .github/workflows/artifactpoisoning41.yml:13:9:21:6 | Run Step | .github/workflows/artifactpoisoning41.yml:22:14:22:22 | ./foo/cmd | Potential artifact poisoning; the artifact being consumed has contents that may be controlled by an external user ($@). | .github/workflows/artifactpoisoning41.yml:4:3:4:14 | workflow_run | workflow_run |
| .github/workflows/artifactpoisoning42.yml:13:9:21:6 | Run Step | .github/workflows/artifactpoisoning42.yml:13:9:21:6 | Run Step | .github/workflows/artifactpoisoning42.yml:22:14:22:18 | ./cmd | Potential artifact poisoning; the artifact being consumed has contents that may be controlled by an external user ($@). | .github/workflows/artifactpoisoning42.yml:4:3:4:14 | workflow_run | workflow_run |
| .github/workflows/artifactpoisoning71.yml:9:9:16:6 | Uses Step | .github/workflows/artifactpoisoning71.yml:9:9:16:6 | Uses Step | .github/workflows/artifactpoisoning71.yml:17:14:18:40 | sed -f config foo.md > bar.md\n | Potential artifact poisoning; the artifact being consumed has contents that may be controlled by an external user ($@). | .github/workflows/artifactpoisoning71.yml:4:5:4:16 | workflow_run | workflow_run |
| .github/workflows/artifactpoisoning81.yml:28:9:31:6 | Uses Step | .github/workflows/artifactpoisoning81.yml:28:9:31:6 | Uses Step | .github/workflows/artifactpoisoning81.yml:31:14:31:27 | python test.py | Potential artifact poisoning; the artifact being consumed has contents that may be controlled by an external user ($@). | .github/workflows/artifactpoisoning81.yml:3:5:3:23 | pull_request_target | pull_request_target |
| .github/workflows/artifactpoisoning96.yml:13:9:18:6 | Uses Step | .github/workflows/artifactpoisoning96.yml:13:9:18:6 | Uses Step | .github/workflows/artifactpoisoning96.yml:18:14:18:24 | npm install | Potential artifact poisoning; the artifact being consumed has contents that may be controlled by an external user ($@). | .github/workflows/artifactpoisoning96.yml:2:3:2:14 | workflow_run | workflow_run |
| .github/workflows/artifactpoisoning101.yml:10:9:16:6 | Uses Step | .github/workflows/artifactpoisoning101.yml:10:9:16:6 | Uses Step | .github/workflows/artifactpoisoning101.yml:17:14:19:59 | PR_NUMBER=$(./get_pull_request_number.sh pr_number.txt)\necho "PR_NUMBER=$PR_NUMBER" >> $GITHUB_OUTPUT \n | Potential artifact poisoning; the artifact being consumed has contents that may be controlled by an external user ($@). | .github/workflows/artifactpoisoning101.yml:4:3:4:21 | pull_request_target | pull_request_target |
| .github/workflows/test18.yml:12:15:33:12 | Uses Step | .github/workflows/test18.yml:12:15:33:12 | Uses Step | .github/workflows/test18.yml:36:15:40:58 | Uses Step | Potential artifact poisoning; the artifact being consumed has contents that may be controlled by an external user ($@). | .github/workflows/test18.yml:3:5:3:16 | workflow_run | workflow_run |
| .github/workflows/test25.yml:22:9:32:6 | Uses Step: downloadBuildScan | .github/workflows/test25.yml:22:9:32:6 | Uses Step: downloadBuildScan | .github/workflows/test25.yml:39:14:40:45 | ./gradlew buildScanPublishPrevious\n | Potential artifact poisoning; the artifact being consumed has contents that may be controlled by an external user ($@). | .github/workflows/test25.yml:2:3:2:14 | workflow_run | workflow_run |

4
cpp/ql/lib/change-notes/2026-04-07-autoconf.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: feature
---
* Added a subclass `AutoconfConfigureTestFile` of `ConfigurationTestFile` that represents files created by GNU autoconf configure scripts to test the build configuration.

7
cpp/ql/lib/semmle/code/cpp/ConfigurationTestFile.qll
View File

@@ -42,3 +42,10 @@ class MesonPrivateTestFile extends ConfigurationTestFile {
)
}
}
/**
* A file created by a GNU autoconf configure script to test the system configuration.
*/
class AutoconfConfigureTestFile extends ConfigurationTestFile {
AutoconfConfigureTestFile() { this.getBaseName().regexpMatch("conftest[0-9]*\\.c(pp)?") }
}

2
cpp/ql/test/query-tests/Likely Bugs/Likely Typos/ExprHasNoEffect/autoconf/ExprHasNoEffect.expected Normal file
View File

@@ -0,0 +1,2 @@
| conftest.c.c:4:3:4:8 | call to strlen | This expression has no effect (because $@ has no external side effects). | conftest.h:3:8:3:13 | strlen | strlen |
| conftest_abc.c:4:3:4:8 | call to strlen | This expression has no effect (because $@ has no external side effects). | conftest.h:3:8:3:13 | strlen | strlen |

1
cpp/ql/test/query-tests/Likely Bugs/Likely Typos/ExprHasNoEffect/autoconf/ExprHasNoEffect.qlref Normal file
View File

@@ -0,0 +1 @@
Likely Bugs/Likely Typos/ExprHasNoEffect.ql

6
cpp/ql/test/query-tests/Likely Bugs/Likely Typos/ExprHasNoEffect/autoconf/conftest.c Normal file
View File

@@ -0,0 +1,6 @@
#include "conftest.h"
int main2() {
strlen(""); // GOOD: conftest files are ignored
return 0;
}

6
cpp/ql/test/query-tests/Likely Bugs/Likely Typos/ExprHasNoEffect/autoconf/conftest.c.c Normal file
View File

@@ -0,0 +1,6 @@
#include "conftest.h"
int main3() {
strlen(""); // BAD: not a `conftest` file, as `conftest` is not directly followed by the extension or a sequence of numbers.
return 0;
}

6
cpp/ql/test/query-tests/Likely Bugs/Likely Typos/ExprHasNoEffect/autoconf/conftest.cpp Normal file
View File

@@ -0,0 +1,6 @@
#include "conftest.h"
int main4() {
strlen(""); // GOOD: conftest files are ignored
return 0;
}

3
cpp/ql/test/query-tests/Likely Bugs/Likely Typos/ExprHasNoEffect/autoconf/conftest.h Normal file
View File

@@ -0,0 +1,3 @@
typedef long long size_t;
size_t strlen(const char *s);

6
cpp/ql/test/query-tests/Likely Bugs/Likely Typos/ExprHasNoEffect/autoconf/conftest123.c Normal file
View File

@@ -0,0 +1,6 @@
#include "conftest.h"
int main5() {
strlen(""); // GOOD: conftest files are ignored
return 0;
}

6
cpp/ql/test/query-tests/Likely Bugs/Likely Typos/ExprHasNoEffect/autoconf/conftest_abc.c Normal file
View File

@@ -0,0 +1,6 @@
#include "conftest.h"
int main1() {
strlen(""); // BAD: not a `conftest` file, as `conftest` is not directly followed by the extension or a sequence of numbers.
return 0;
}

2
csharp/ql/lib/Linq/Helpers.qll
View File

@@ -77,7 +77,7 @@ predicate missedAllOpportunity(ForeachStmtGenericEnumerable fes) {
// The then case of the if assigns false to something and breaks out of the loop.
exists(Assignment a, BoolLiteral bl |
a = is.getThen().getAChild*() and
bl = a.getRValue() and
bl = a.getRightOperand() and
bl.toString() = "false"
) and
is.getThen().getAChild*() instanceof BreakStmt

4
csharp/ql/lib/change-notes/2026-04-01-getlrvalue.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: deprecated
---
* The predicates `get[L|R]Value` in the class `Assignment` have been deprecated. Use `get[Left|Right]Operand` instead.

2
csharp/ql/lib/definitions.qll
View File

@@ -96,7 +96,7 @@ private class MethodUse extends Use, QualifiableExpr {
private class AccessUse extends Access, Use {
AccessUse() {
not this.getTarget().(Parameter).getCallable() instanceof Accessor and
not this = any(LocalVariableDeclAndInitExpr d).getLValue() and
not this = any(LocalVariableDeclAndInitExpr d).getLeftOperand() and
not this.isImplicit() and
not this instanceof MethodAccess and // handled by `MethodUse`
not this instanceof TypeAccess and // handled by `TypeMentionUse`

16
csharp/ql/lib/semmle/code/csharp/Assignable.qll
View File

@@ -235,7 +235,7 @@ private class RefArg extends AssignableAccess {
module AssignableInternal {
private predicate tupleAssignmentDefinition(AssignExpr ae, Expr leaf) {
exists(TupleExpr te |
ae.getLValue() = te and
ae.getLeftOperand() = te and
te.getAnArgument+() = leaf and
// `leaf` is either an assignable access or a local variable declaration
not leaf instanceof TupleExpr
@@ -249,8 +249,8 @@ module AssignableInternal {
*/
private predicate tupleAssignmentPair(AssignExpr ae, Expr left, Expr right) {
tupleAssignmentDefinition(ae, _) and
left = ae.getLValue() and
right = ae.getRValue()
left = ae.getLeftOperand() and
right = ae.getRightOperand()
or
exists(TupleExpr l, TupleExpr r, int i | tupleAssignmentPair(ae, l, r) |
left = l.getArgument(i) and
@@ -291,7 +291,7 @@ module AssignableInternal {
cached
newtype TAssignableDefinition =
TAssignmentDefinition(Assignment a) {
not a.getLValue() instanceof TupleExpr and
not a.getLeftOperand() instanceof TupleExpr and
not a instanceof AssignCallOperation and
not a instanceof AssignCoalesceExpr
} or
@@ -358,7 +358,7 @@ module AssignableInternal {
// Not defined by dispatch in order to avoid too conservative negative recursion error
cached
AssignableAccess getTargetAccess(AssignableDefinition def) {
def = TAssignmentDefinition(any(Assignment a | a.getLValue() = result))
def = TAssignmentDefinition(any(Assignment a | a.getLeftOperand() = result))
or
def = TTupleAssignmentDefinition(_, result)
or
@@ -381,8 +381,8 @@ module AssignableInternal {
tupleAssignmentPair(ae, ac, result)
)
or
exists(Assignment ass | ac = ass.getLValue() |
result = ass.getRValue() and
exists(Assignment ass | ac = ass.getLeftOperand() |
result = ass.getRightOperand() and
not ass instanceof AssignOperation
)
or
@@ -527,7 +527,7 @@ module AssignableDefinitions {
Assignment getAssignment() { result = a }
override Expr getSource() {
result = a.getRValue() and
result = a.getRightOperand() and
not a instanceof AddOrRemoveEventExpr
}

24
csharp/ql/lib/semmle/code/csharp/Conversion.qll
View File

@@ -232,14 +232,9 @@ private module Identity {
*/
pragma[nomagic]
private predicate convTypeArguments(Type fromTypeArgument, Type toTypeArgument, int i) {
exists(int j |
fromTypeArgument = getTypeArgumentRanked(_, _, i) and
toTypeArgument = getTypeArgumentRanked(_, _, j) and
i <= j and
j <= i
|
convIdentity(fromTypeArgument, toTypeArgument)
)
fromTypeArgument = getTypeArgumentRanked(_, _, pragma[only_bind_into](i)) and
toTypeArgument = getTypeArgumentRanked(_, _, pragma[only_bind_into](i)) and
convIdentity(fromTypeArgument, toTypeArgument)
}
pragma[nomagic]
@@ -929,19 +924,16 @@ private module Variance {
private predicate convTypeArguments(
TypeArgument fromTypeArgument, TypeArgument toTypeArgument, int i, TVariance v
) {
exists(int j |
fromTypeArgument = getTypeArgumentRanked(_, _, i, _) and
toTypeArgument = getTypeArgumentRanked(_, _, j, _) and
i <= j and
j <= i
|
fromTypeArgument = getTypeArgumentRanked(_, _, pragma[only_bind_into](i), _) and
toTypeArgument = getTypeArgumentRanked(_, _, pragma[only_bind_into](i), _) and
(
convIdentity(fromTypeArgument, toTypeArgument) and
v = TNone()
or
convRefTypeTypeArgumentOut(fromTypeArgument, toTypeArgument, j) and
convRefTypeTypeArgumentOut(fromTypeArgument, toTypeArgument, i) and
v = TOut()
or
convRefTypeTypeArgumentIn(toTypeArgument, fromTypeArgument, j) and
convRefTypeTypeArgumentIn(toTypeArgument, fromTypeArgument, i) and
v = TIn()
)
}

4
csharp/ql/lib/semmle/code/csharp/PrintAst.qll
View File

@@ -343,10 +343,10 @@ final class AssignmentNode extends ControlFlowElementNode {
result.(TypeMentionNode).getTarget() = controlFlowElement
or
childIndex = 0 and
result.(ElementNode).getElement() = assignment.getLValue()
result.(ElementNode).getElement() = assignment.getLeftOperand()
or
childIndex = 1 and
result.(ElementNode).getElement() = assignment.getRValue()
result.(ElementNode).getElement() = assignment.getRightOperand()
}
}

4
csharp/ql/lib/semmle/code/csharp/Property.qll
View File

@@ -535,8 +535,8 @@ class Setter extends Accessor, @setter {
exists(AssignExpr assign |
this.getStatementBody().getNumberOfStmts() = 1 and
assign.getParent() = this.getStatementBody().getAChild() and
assign.getLValue() = result.getAnAccess() and
assign.getRValue() = accessToValue()
assign.getLeftOperand() = result.getAnAccess() and
assign.getRightOperand() = accessToValue()
)
}

6
csharp/ql/lib/semmle/code/csharp/controlflow/Guards.qll
View File

@@ -136,7 +136,7 @@ private module GuardsInput implements
IdExpr() { this instanceof AssignExpr or this instanceof CastExpr }
Expr getEqualChildExpr() {
result = this.(AssignExpr).getRValue()
result = this.(AssignExpr).getRightOperand()
or
result = this.(CastExpr).getExpr()
}
@@ -836,7 +836,7 @@ module Internal {
/** Holds if expression `e2` is a `null` value whenever `e1` is. */
predicate nullValueImpliedUnary(Expr e1, Expr e2) {
e1 = e2.(AssignExpr).getRValue()
e1 = e2.(AssignExpr).getRightOperand()
or
e1 = e2.(Cast).getExpr()
or
@@ -923,7 +923,7 @@ module Internal {
/** Holds if expression `e2` is a non-`null` value whenever `e1` is. */
predicate nonNullValueImpliedUnary(Expr e1, Expr e2) {
e1 = e2.(CastExpr).getExpr() or
e1 = e2.(AssignExpr).getRValue() or
e1 = e2.(AssignExpr).getRightOperand() or
e1 = e2.(NullCoalescingOperation).getAnOperand()
}

2
csharp/ql/lib/semmle/code/csharp/controlflow/internal/ControlFlowGraphImpl.qll
View File

@@ -521,7 +521,7 @@ module Expressions {
// ```
// need special treatment, because the accesses `[0]`, `[1]`, and `[2]`
// have no qualifier.
this = any(MemberInitializer mi).getLValue()
this = any(MemberInitializer mi).getLeftOperand()
) and
not exists(AssignableDefinitions::OutRefDefinition def | def.getTargetAccess() = this)
}

2
csharp/ql/lib/semmle/code/csharp/dataflow/Nullness.qll
View File

@@ -31,7 +31,7 @@ private Expr maybeNullExpr(Expr reason) {
or
result instanceof AsExpr and reason = result
or
result.(AssignExpr).getRValue() = maybeNullExpr(reason)
result.(AssignExpr).getRightOperand() = maybeNullExpr(reason)
or
result.(CastExpr).getExpr() = maybeNullExpr(reason)
or

4
csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImplSpecific.qll
View File

@@ -29,4 +29,8 @@ module CsharpDataFlow implements InputSig<Location> {
predicate neverSkipInPathGraph(Node n) {
exists(n.(AssignableDefinitionNode).getDefinition().getTargetAccess())
}
DataFlowType getSourceContextParameterNodeType(Node p) {
exists(p) and result.isSourceContextParameterType()
}
}

35
csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll
View File

@@ -528,7 +528,7 @@ module LocalFlow {
e2 =
any(AssignExpr ae |
ae.getParent() = any(ControlFlowElement cfe | not cfe instanceof ExprStmt) and
e1 = ae.getRValue()
e1 = ae.getRightOperand()
)
or
e1 = e2.(ObjectCreation).getInitializer()
@@ -554,7 +554,7 @@ module LocalFlow {
e2 = we
)
or
exists(AssignExpr ae | ae.getLValue().(TupleExpr) = e2 and ae.getRValue() = e1)
exists(AssignExpr ae | ae.getLeftOperand().(TupleExpr) = e2 and ae.getRightOperand() = e1)
or
exists(ControlFlowElement cfe | cfe = e2.(TupleExpr).(PatternExpr).getPatternMatch() |
cfe.(IsExpr).getExpr() = e1
@@ -795,7 +795,7 @@ private predicate fieldOrPropertyStore(ContentSet c, Expr src, Expr q, boolean p
q = we and
mi = we.getInitializer().getAMemberInitializer() and
f = mi.getInitializedMember() and
src = mi.getRValue() and
src = mi.getRightOperand() and
postUpdate = false
)
or
@@ -804,7 +804,7 @@ private predicate fieldOrPropertyStore(ContentSet c, Expr src, Expr q, boolean p
mi = q.(ObjectInitializer).getAMemberInitializer() and
q.getParent() instanceof ObjectCreation and
f = mi.getInitializedMember() and
src = mi.getRValue() and
src = mi.getRightOperand() and
postUpdate = false
)
or
@@ -879,8 +879,8 @@ private predicate arrayStore(Expr src, Expr a, boolean postUpdate) {
// Member initializer, `new C { Array = { [i] = src } }`
exists(MemberInitializer mi |
mi = a.(ObjectInitializer).getAMemberInitializer() and
mi.getLValue() instanceof ArrayAccess and
mi.getRValue() = src and
mi.getLeftOperand() instanceof ArrayAccess and
mi.getRightOperand() = src and
postUpdate = false
)
}
@@ -1179,7 +1179,8 @@ private module Cached {
cached
newtype TDataFlowType =
TGvnDataFlowType(Gvn::GvnType t) or
TDelegateDataFlowType(Callable lambda) { lambdaCreationExpr(_, lambda) }
TDelegateDataFlowType(Callable lambda) { lambdaCreationExpr(_, lambda) } or
TSourceContextParameterType()
}
import Cached
@@ -2394,6 +2395,8 @@ class DataFlowType extends TDataFlowType {
Callable asDelegate() { this = TDelegateDataFlowType(result) }
predicate isSourceContextParameterType() { this = TSourceContextParameterType() }
/**
* Gets an expression that creates a delegate of this type.
*
@@ -2412,6 +2415,9 @@ class DataFlowType extends TDataFlowType {
result = this.asGvnType().toString()
or
result = this.asDelegate().toString()
or
this.isSourceContextParameterType() and
result = "<source context parameter type>"
}
}
@@ -2469,6 +2475,11 @@ private predicate compatibleTypesDelegateLeft(DataFlowType dt1, DataFlowType dt2
)
}
pragma[nomagic]
private predicate compatibleTypesSourceContextParameterTypeLeft(DataFlowType dt1, DataFlowType dt2) {
dt1.isSourceContextParameterType() and not exists(dt2.asDelegate())
}
/**
* Holds if `t1` and `t2` are compatible, that is, whether data can flow from
* a node of type `t1` to a node of type `t2`.
@@ -2499,6 +2510,10 @@ predicate compatibleTypes(DataFlowType dt1, DataFlowType dt2) {
compatibleTypesDelegateLeft(dt2, dt1)
or
dt1.asDelegate() = dt2.asDelegate()
or
compatibleTypesSourceContextParameterTypeLeft(dt1, dt2)
or
compatibleTypesSourceContextParameterTypeLeft(dt2, dt1)
}
pragma[nomagic]
@@ -2511,6 +2526,8 @@ predicate typeStrongerThan(DataFlowType t1, DataFlowType t2) {
uselessTypebound(t2)
or
compatibleTypesDelegateLeft(t1, t2)
or
compatibleTypesSourceContextParameterTypeLeft(t1, t2)
}
/**
@@ -2582,7 +2599,7 @@ module PostUpdateNodes {
call.getExpr() = init.(CollectionInitializer).getAnElementInitializer()
or
// E.g. `new Dictionary<int, string>() { [0] = "a", [1] = "b" }`
call.getExpr() = init.(ObjectInitializer).getAMemberInitializer().getLValue()
call.getExpr() = init.(ObjectInitializer).getAMemberInitializer().getLeftOperand()
)
}
@@ -2795,7 +2812,7 @@ predicate additionalLambdaFlowStep(Node nodeFrom, Node nodeTo, boolean preserves
preservesValue = true
or
exists(AddEventExpr aee |
nodeFrom.asExpr() = aee.getRValue() and
nodeFrom.asExpr() = aee.getRightOperand() and
nodeTo.asExpr().(EventRead).getTarget() = aee.getTarget() and
preservesValue = false
)

2
csharp/ql/lib/semmle/code/csharp/dataflow/internal/SsaImpl.qll
View File

@@ -337,7 +337,7 @@ private module CallGraph {
pred = succ.(DelegateCreation).getArgument()
or
exists(AddEventExpr ae | succ.(EventAccess).getTarget() = ae.getTarget() |
pred = ae.getRValue()
pred = ae.getRightOperand()
)
}

16
csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/RangeUtils.qll
View File

@@ -21,7 +21,7 @@ private module Impl {
/** Holds if SSA definition `def` equals `e + delta`. */
predicate ssaUpdateStep(ExplicitDefinition def, ExprNode e, int delta) {
exists(ControlFlow::Node cfn | cfn = def.getControlFlowNode() |
e = cfn.(ExprNode::Assignment).getRValue() and
e = cfn.(ExprNode::Assignment).getRightOperand() and
delta = 0 and
not cfn instanceof ExprNode::AssignOperation
or
@@ -39,7 +39,7 @@ private module Impl {
/** Holds if `e1 + delta` equals `e2`. */
predicate valueFlowStep(ExprNode e2, ExprNode e1, int delta) {
e2.(ExprNode::AssignExpr).getRValue() = e1 and delta = 0
e2.(ExprNode::AssignExpr).getRightOperand() = e1 and delta = 0
or
e2.(ExprNode::UnaryPlusExpr).getOperand() = e1 and delta = 0
or
@@ -207,13 +207,13 @@ module ExprNode {
override CS::Assignment e;
/** Gets the left operand of this assignment. */
ExprNode getLValue() {
result = unique(ExprNode res | hasChild(e, e.getLValue(), this, res) | res)
ExprNode getLeftOperand() {
result = unique(ExprNode res | hasChild(e, e.getLeftOperand(), this, res) | res)
}
/** Gets the right operand of this assignment. */
ExprNode getRValue() {
result = unique(ExprNode res | hasChild(e, e.getRValue(), this, res) | res)
ExprNode getRightOperand() {
result = unique(ExprNode res | hasChild(e, e.getRightOperand(), this, res) | res)
}
}
@@ -225,6 +225,10 @@ module ExprNode {
/** A compound assignment operation. */
class AssignOperation extends Assignment, BinaryOperation {
override CS::AssignOperation e;
override ExprNode getLeftOperand() { result = Assignment.super.getLeftOperand() }
override ExprNode getRightOperand() { result = Assignment.super.getRightOperand() }
}
/** A unary operation. */

4
csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/SignAnalysisSpecific.qll
View File

@@ -168,7 +168,7 @@ private module Impl {
/** Returned an expression that is assigned to `f`. */
ExprNode getAssignedValueToField(Field f) {
result.getExpr() in [
f.getAnAssignedValue(), any(AssignOperation a | a.getLValue() = f.getAnAccess())
f.getAnAssignedValue(), any(AssignOperation a | a.getLeftOperand() = f.getAnAccess())
]
}
@@ -231,7 +231,7 @@ private module Impl {
/** Returns a sub expression of `e` for expression types where the sign depends on the child. */
ExprNode getASubExprWithSameSign(ExprNode e) {
exists(Expr e_, Expr child | hasChild(e_, child, e, result) |
child = e_.(AssignExpr).getRValue() or
child = e_.(AssignExpr).getRightOperand() or
child = e_.(UnaryPlusExpr).getOperand() or
child = e_.(PostIncrExpr).getOperand() or
child = e_.(PostDecrExpr).getOperand() or

2
csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/SsaUtils.qll
View File

@@ -55,5 +55,5 @@ ExprNode ssaRead(Definition v, int delta) {
or
v.(ExplicitDefinition).getControlFlowNode().(ExprNode::Assignment) = result and delta = 0
or
result.(ExprNode::AssignExpr).getRValue() = ssaRead(v, delta)
result.(ExprNode::AssignExpr).getRightOperand() = ssaRead(v, delta)
}

2
csharp/ql/lib/semmle/code/csharp/dispatch/Dispatch.qll
View File

@@ -1348,7 +1348,7 @@ private module Internal {
any(DynamicMemberAccess dma | this = TDispatchDynamicEventAccess(_, dma, _)).getQualifier()
}
override Expr getArgument(int i) { i = 0 and result = this.getCall().getRValue() }
override Expr getArgument(int i) { i = 0 and result = this.getCall().getRightOperand() }
}
/** A call to a constructor using dynamic types. */

2
csharp/ql/lib/semmle/code/csharp/exprs/Access.qll
View File

@@ -112,7 +112,7 @@ class BaseAccess extends Access, @base_access_expr {
class MemberAccess extends Access, QualifiableExpr, @member_access_expr {
override predicate hasImplicitThisQualifier() {
QualifiableExpr.super.hasImplicitThisQualifier() and
not exists(MemberInitializer mi | mi.getLValue() = this)
not exists(MemberInitializer mi | mi.getLeftOperand() = this)
}
override Member getQualifiedDeclaration() { result = this.getTarget() }

32
csharp/ql/lib/semmle/code/csharp/exprs/Assignment.qll
View File

@@ -20,14 +20,22 @@ class Assignment extends BinaryOperation, @assign_expr {
expr_parent(_, 1, this)
}
/** Gets the left operand of this assignment. */
Expr getLValue() { result = this.getLeftOperand() }
/**
* DEPRECATED: Use `getLeftOperand` instead.
*
* Gets the left operand of this assignment.
*/
deprecated Expr getLValue() { result = this.getLeftOperand() }
/** Gets the right operand of this assignment. */
Expr getRValue() { result = this.getRightOperand() }
/**
* DEPRECATED: Use `getRightOperand` instead.
*
* Gets the right operand of this assignment.
*/
deprecated Expr getRValue() { result = this.getRightOperand() }
/** Gets the variable being assigned to, if any. */
Variable getTargetVariable() { result.getAnAccess() = this.getLValue() }
Variable getTargetVariable() { result.getAnAccess() = this.getLeftOperand() }
override string getOperator() { none() }
}
@@ -40,7 +48,12 @@ class LocalVariableDeclAndInitExpr extends LocalVariableDeclExpr, Assignment {
override LocalVariable getTargetVariable() { result = this.getVariable() }
override LocalVariableAccess getLValue() { result = Assignment.super.getLValue() }
/**
* DEPRECATED: Use `getLeftOperand` instead.
*/
deprecated override LocalVariableAccess getLValue() { result = this.getLeftOperand() }
override LocalVariableAccess getLeftOperand() { result = Assignment.super.getLeftOperand() }
override string toString() { result = LocalVariableDeclExpr.super.toString() + " = ..." }
@@ -223,9 +236,12 @@ deprecated class AssignUnsighedRightShiftExpr = AssignUnsignedRightShiftExpr;
*/
class AddOrRemoveEventExpr extends AssignOperation, @assign_event_expr {
/** Gets the event targeted by this event assignment. */
Event getTarget() { result = this.getLValue().getTarget() }
Event getTarget() { result = this.getLeftOperand().getTarget() }
override EventAccess getLValue() { result = this.getChild(0) }
/**
* DEPRECATED: Use `getLeftOperand` instead.
*/
deprecated override EventAccess getLValue() { result = this.getLeftOperand() }
override EventAccess getLeftOperand() { result = this.getChild(0) }
}

6
csharp/ql/lib/semmle/code/csharp/exprs/Call.qll
View File

@@ -773,7 +773,7 @@ class EventCall extends AccessorCall, EventAccessExpr {
override EventAccessor getTarget() {
exists(Event e, AddOrRemoveEventExpr aoree |
e = this.getEvent() and
aoree.getLValue() = this
aoree.getLeftOperand() = this
|
aoree instanceof AddEventExpr and result = e.getAddEventAccessor()
or
@@ -784,8 +784,8 @@ class EventCall extends AccessorCall, EventAccessExpr {
override Expr getArgument(int i) {
i = 0 and
exists(AddOrRemoveEventExpr aoree |
aoree.getLValue() = this and
result = aoree.getRValue()
aoree.getLeftOperand() = this and
result = aoree.getRightOperand()
)
}

2
csharp/ql/lib/semmle/code/csharp/exprs/Creation.qll
View File

@@ -95,7 +95,7 @@ class MemberInitializer extends AssignExpr {
MemberInitializer() { this.getParent() instanceof ObjectInitializer }
/** Gets the initialized member. */
Member getInitializedMember() { result.getAnAccess() = this.getLValue() }
Member getInitializedMember() { result.getAnAccess() = this.getLeftOperand() }
override string getAPrimaryQlClass() { result = "MemberInitializer" }
}

2
csharp/ql/lib/semmle/code/csharp/exprs/Expr.qll
View File

@@ -1099,7 +1099,7 @@ class QualifiableExpr extends Expr, @qualifiable_expr {
}
private Expr getAnAssignOrForeachChild() {
result = any(AssignExpr e).getLValue()
result = any(AssignExpr e).getLeftOperand()
or
result = any(ForeachStmt fs).getVariableDeclTuple()
or

2
csharp/ql/lib/semmle/code/csharp/frameworks/Moq.qll
View File

@@ -41,6 +41,6 @@ class ReturnedByMockObject extends ObjectCreation {
* Gets a value used to initialize a member of this object creation.
*/
Expr getAMemberInitializationValue() {
result = this.getInitializer().(ObjectInitializer).getAMemberInitializer().getRValue()
result = this.getInitializer().(ObjectInitializer).getAMemberInitializer().getRightOperand()
}
}

4
csharp/ql/lib/semmle/code/csharp/frameworks/Sql.qll
View File

@@ -17,14 +17,14 @@ abstract class SqlExpr extends Expr {
class CommandTextAssignmentSqlExpr extends SqlExpr, AssignExpr {
CommandTextAssignmentSqlExpr() {
exists(Property p, SystemDataIDbCommandInterface i, Property text |
p = this.getLValue().(PropertyAccess).getTarget() and
p = this.getLeftOperand().(PropertyAccess).getTarget() and
text = i.getCommandTextProperty()
|
p.overridesOrImplementsOrEquals(text)
)
}
override Expr getSql() { result = this.getRValue() }
override Expr getSql() { result = this.getRightOperand() }
}
/** A construction of an unknown `IDbCommand` object. */

20
csharp/ql/lib/semmle/code/csharp/security/auth/SecureCookies.qll
View File

@@ -100,20 +100,20 @@ Expr getAValueForCookiePolicyProp(string prop) {
Expr getAValueForProp(ObjectCreation create, Assignment a, string prop) {
// values set in object init
exists(MemberInitializer init, Expr src, PropertyAccess pa |
a.getLValue() = pa and
a.getLeftOperand() = pa and
pa.getTarget().hasName(prop) and
init = create.getInitializer().(ObjectInitializer).getAMemberInitializer() and
init.getLValue() = pa and
DataFlow::localExprFlow(src, init.getRValue()) and
init.getLeftOperand() = pa and
DataFlow::localExprFlow(src, init.getRightOperand()) and
result = src
)
or
// values set on var that create is assigned to
exists(Expr src, PropertyAccess pa |
a.getLValue() = pa and
a.getLeftOperand() = pa and
pa.getTarget().hasName(prop) and
DataFlow::localExprFlow(create, pa.getQualifier()) and
DataFlow::localExprFlow(src, a.getRValue()) and
DataFlow::localExprFlow(src, a.getRightOperand()) and
result = src
)
}
@@ -138,15 +138,15 @@ private module OnAppendCookieTrackingConfig<propertyName/0 getPropertyName> impl
exists(PropertyWrite pw, Assignment delegateAssign, Callable c |
pw.getProperty().getName() = "OnAppendCookie" and
pw.getProperty().getDeclaringType() instanceof MicrosoftAspNetCoreBuilderCookiePolicyOptions and
delegateAssign.getLValue() = pw and
delegateAssign.getLeftOperand() = pw and
(
exists(LambdaExpr lambda |
delegateAssign.getRValue() = lambda and
delegateAssign.getRightOperand() = lambda and
lambda = c
)
or
exists(DelegateCreation delegate |
delegateAssign.getRValue() = delegate and
delegateAssign.getRightOperand() = delegate and
delegate.getArgument().(CallableAccess).getTarget() = c
)
) and
@@ -159,9 +159,9 @@ private module OnAppendCookieTrackingConfig<propertyName/0 getPropertyName> impl
exists(PropertyWrite pw, Assignment a |
pw.getProperty().getDeclaringType() instanceof MicrosoftAspNetCoreHttpCookieOptions and
pw.getProperty().getName() = getPropertyName() and
a.getLValue() = pw and
a.getLeftOperand() = pw and
exists(Expr val |
DataFlow::localExprFlow(val, a.getRValue()) and
DataFlow::localExprFlow(val, a.getRightOperand()) and
val.getValue() = "true"
) and
sink.asExpr() = pw.getQualifier()

6
csharp/ql/lib/semmle/code/csharp/security/dataflow/UnsafeDeserializationQuery.qll
View File

@@ -126,16 +126,16 @@ private module TypeNameTrackingConfig implements DataFlow::ConfigSig {
or
node1.getType() instanceof TypeNameHandlingEnum and
exists(PropertyWrite pw, Property p, Assignment a |
a.getLValue() = pw and
a.getLeftOperand() = pw and
pw.getProperty() = p and
p.getDeclaringType() instanceof JsonSerializerSettingsClass and
p.hasName("TypeNameHandling") and
(
node1.asExpr() = a.getRValue() and
node1.asExpr() = a.getRightOperand() and
node2.asExpr() = pw.getQualifier()
or
exists(ObjectInitializer oi |
node1.asExpr() = oi.getAMemberInitializer().getRValue() and
node1.asExpr() = oi.getAMemberInitializer().getRightOperand() and
node2.asExpr() = oi
)
)

10
csharp/ql/lib/semmle/code/csharp/security/xml/InsecureXMLQuery.qll
View File

@@ -84,15 +84,15 @@ private Expr getAValueForProp(ObjectCreation create, string prop) {
// values set in object init
exists(MemberInitializer init |
init = create.getInitializer().(ObjectInitializer).getAMemberInitializer() and
init.getLValue().(PropertyAccess).getTarget().hasName(prop) and
result = init.getRValue()
init.getLeftOperand().(PropertyAccess).getTarget().hasName(prop) and
result = init.getRightOperand()
)
or
// values set on var that create is assigned to
exists(Assignment propAssign |
DataFlow::localExprFlow(create, propAssign.getLValue().(PropertyAccess).getQualifier()) and
propAssign.getLValue().(PropertyAccess).getTarget().hasName(prop) and
result = propAssign.getRValue()
DataFlow::localExprFlow(create, propAssign.getLeftOperand().(PropertyAccess).getQualifier()) and
propAssign.getLeftOperand().(PropertyAccess).getTarget().hasName(prop) and
result = propAssign.getRightOperand()
)
}

6
csharp/ql/src/Dead Code/NonAssignedFields.ql
View File

@@ -84,9 +84,9 @@ where
not f.getDeclaringType() instanceof Enum and
not f.getType() instanceof Struct and
not exists(Assignment ae, Field g |
ae.getLValue().(FieldAccess).getTarget() = g and
ae.getLeftOperand().(FieldAccess).getTarget() = g and
g.getUnboundDeclaration() = f and
not ae.getRValue() instanceof NullLiteral
not ae.getRightOperand() instanceof NullLiteral
) and
not exists(MethodCall mc, int i, Field g |
exists(Parameter p | mc.getTarget().getParameter(i) = p | p.isOut() or p.isRef()) and
@@ -101,7 +101,7 @@ where
not init instanceof NullLiteral
) and
not exists(AssignOperation ua, Field g |
ua.getLValue().(FieldAccess).getTarget() = g and
ua.getLeftOperand().(FieldAccess).getTarget() = g and
g.getUnboundDeclaration() = f
) and
not exists(MutatorOperation op |

18
csharp/ql/src/Language Abuse/ForeachCapture.ql
View File

@@ -60,16 +60,16 @@ module LambdaDataFlow {
}
Element getAssignmentTarget(Expr e) {
exists(Assignment a | a.getRValue() = e |
result = a.getLValue().(PropertyAccess).getTarget() or
result = a.getLValue().(FieldAccess).getTarget() or
result = a.getLValue().(LocalVariableAccess).getTarget() or
result = a.getLValue().(EventAccess).getTarget()
exists(Assignment a | a.getRightOperand() = e |
result = a.getLeftOperand().(PropertyAccess).getTarget() or
result = a.getLeftOperand().(FieldAccess).getTarget() or
result = a.getLeftOperand().(LocalVariableAccess).getTarget() or
result = a.getLeftOperand().(EventAccess).getTarget()
)
or
exists(AddEventExpr aee |
e = aee.getRValue() and
result = aee.getLValue().getTarget()
e = aee.getRightOperand() and
result = aee.getLeftOperand().getTarget()
)
or
result = getCollectionAssignmentTarget(e)
@@ -97,8 +97,8 @@ Element getCollectionAssignmentTarget(Expr e) {
// Store values using indexer
exists(IndexerAccess ia, AssignExpr ae |
ia.getQualifier() = result.(Variable).getAnAccess() and
ia = ae.getLValue() and
e = ae.getRValue()
ia = ae.getLeftOperand() and
e = ae.getRightOperand()
)
}

2
csharp/ql/src/Language Abuse/MissedTernaryOpportunity.ql
View File

@@ -15,7 +15,7 @@ import csharp
import semmle.code.csharp.commons.StructuralComparison
private Expr getAssignedExpr(Stmt stmt) {
result = stmt.stripSingletonBlocks().(ExprStmt).getExpr().(AssignExpr).getLValue()
result = stmt.stripSingletonBlocks().(ExprStmt).getExpr().(AssignExpr).getLeftOperand()
}
from IfStmt is, string what

5
csharp/ql/src/Likely Bugs/Collections/WriteOnlyContainer.ql
View File

@@ -23,9 +23,10 @@ where
) and
forex(Access a | a = v.getAnAccess() |
a = any(ModifierMethodCall m).getQualifier() or
a = any(AssignExpr ass | ass.getRValue() instanceof ObjectCreation).getLValue() or
a = any(AssignExpr ass | ass.getRightOperand() instanceof ObjectCreation).getLeftOperand() or
a =
any(LocalVariableDeclAndInitExpr ass | ass.getRValue() instanceof ObjectCreation).getLValue()
any(LocalVariableDeclAndInitExpr ass | ass.getRightOperand() instanceof ObjectCreation)
.getLeftOperand()
) and
not v = any(ForeachStmt fs).getVariable() and
not v = any(BindingPatternExpr vpe).getVariableDeclExpr().getVariable() and

6
csharp/ql/src/Likely Bugs/SelfAssignment.ql
View File

@@ -19,7 +19,7 @@ private predicate candidate(AssignExpr ae) {
not ae instanceof MemberInitializer and
// Enum field initializers are never self assignments. `enum E { A = 42 }`
not ae.getParent().(Field).getDeclaringType() instanceof Enum and
forall(Expr e | e = ae.getLValue().getAChildExpr*() |
forall(Expr e | e = ae.getLeftOperand().getAChildExpr*() |
// Non-trivial property accesses may have side-effects,
// so these are not considered
e instanceof PropertyAccess implies e instanceof TrivialPropertyAccess
@@ -28,7 +28,7 @@ private predicate candidate(AssignExpr ae) {
private predicate selfAssignExpr(AssignExpr ae) {
candidate(ae) and
sameGvn(ae.getLValue(), ae.getRValue())
sameGvn(ae.getLeftOperand(), ae.getRightOperand())
}
private Declaration getDeclaration(Expr e) {
@@ -40,5 +40,5 @@ private Declaration getDeclaration(Expr e) {
}
from AssignExpr ae, Declaration target
where selfAssignExpr(ae) and target = getDeclaration(ae.getLValue())
where selfAssignExpr(ae) and target = getDeclaration(ae.getLeftOperand())
select ae, "This assignment assigns $@ to itself.", target, target.getName()

2
csharp/ql/src/Linq/BadMultipleIteration.ql
View File

@@ -50,7 +50,7 @@ predicate potentiallyConsumingAccess(VariableAccess va) {
Expr sequenceSource(IEnumerableSequence seq) {
result = seq.getInitializer()
or
exists(Assignment a | a.getLValue() = seq.getAnAccess() and result = a.getRValue())
exists(Assignment a | a.getLeftOperand() = seq.getAnAccess() and result = a.getRightOperand())
}
from IEnumerableSequence seq, VariableAccess va

4
csharp/ql/src/Performance/StringConcatenationInLoop.ql
View File

@@ -24,7 +24,7 @@ class StringCat extends AddExpr {
*/
predicate isSelfConcatAssignExpr(AssignExpr e, Variable v) {
exists(VariableAccess use |
stringCatContains(e.getRValue(), use) and
stringCatContains(e.getRightOperand(), use) and
use.getTarget() = e.getTargetVariable() and
v = use.getTarget()
)
@@ -41,7 +41,7 @@ predicate stringCatContains(StringCat expr, Expr child) {
* where `v` is a simple variable (and not, for example, a property).
*/
predicate isConcatExpr(AssignAddExpr e, Variable v) {
e.getLValue().getType() instanceof StringType and
e.getLeftOperand().getType() instanceof StringType and
v = e.getTargetVariable()
}

10
csharp/ql/src/Security Features/CWE-1004/CookieWithoutHttpOnly.ql
View File

@@ -27,8 +27,8 @@ predicate cookieAppendHttpOnlyByDefault() {
predicate httpOnlyFalse(ObjectCreation oc) {
exists(Assignment a |
getAValueForProp(oc, a, "HttpOnly") = a.getRValue() and
a.getRValue().getValue() = "false"
getAValueForProp(oc, a, "HttpOnly") = a.getRightOperand() and
a.getRightOperand().getValue() = "false"
)
}
@@ -100,8 +100,8 @@ predicate nonHttpOnlyCookieBuilderAssignment(Assignment a, Expr val) {
MicrosoftAspNetCoreAuthenticationCookiesCookieAuthenticationOptions
) and
pw.getProperty().getName() = "HttpOnly" and
a.getLValue() = pw and
DataFlow::localExprFlow(val, a.getRValue())
a.getLeftOperand() = pw and
DataFlow::localExprFlow(val, a.getRightOperand())
)
}
@@ -111,7 +111,7 @@ where
nonHttpOnlyCookieCall(httpOnlySink)
or
exists(Assignment a |
httpOnlySink = a.getRValue() and
httpOnlySink = a.getRightOperand() and
nonHttpOnlyCookieBuilderAssignment(a, _)
)
)

4
csharp/ql/src/Security Features/CWE-327/InsecureSQLConnection.ql
View File

@@ -35,8 +35,8 @@ module InsecureSqlConnectionConfig implements DataFlow::ConfigSig {
) and
not exists(MemberInitializer mi |
mi = oc.getInitializer().(ObjectInitializer).getAMemberInitializer() and
mi.getLValue().(PropertyAccess).getTarget().getName() = "Encrypt" and
mi.getRValue().(BoolLiteral).getValue() = "true"
mi.getLeftOperand().(PropertyAccess).getTarget().getName() = "Encrypt" and
mi.getRightOperand().(BoolLiteral).getValue() = "true"
)
)
}

10
csharp/ql/src/Security Features/CWE-614/CookieWithoutSecure.ql
View File

@@ -31,8 +31,8 @@ predicate cookieAppendSecureByDefault() {
predicate secureFalse(ObjectCreation oc) {
exists(Assignment a |
getAValueForProp(oc, a, "Secure") = a.getRValue() and
a.getRValue().getValue() = "false"
getAValueForProp(oc, a, "Secure") = a.getRightOperand() and
a.getRightOperand().getValue() = "false"
)
}
@@ -96,8 +96,8 @@ predicate insecureSecurePolicyAssignment(Assignment a, Expr val) {
MicrosoftAspNetCoreAuthenticationCookiesCookieAuthenticationOptions
) and
pw.getProperty().getName() = "SecurePolicy" and
a.getLValue() = pw and
DataFlow::localExprFlow(val, a.getRValue()) and
a.getLeftOperand() = pw and
DataFlow::localExprFlow(val, a.getRightOperand()) and
val.getValue() = "2" // None
)
}
@@ -107,7 +107,7 @@ where
insecureCookieCall(secureSink)
or
exists(Assignment a |
secureSink = a.getRValue() and
secureSink = a.getRightOperand() and
insecureSecurePolicyAssignment(a, _)
)
select secureSink, "Cookie attribute 'Secure' is not set to true."

6
csharp/ql/src/Security Features/CookieWithOverlyBroadDomain.ql
View File

@@ -14,11 +14,11 @@ import csharp
from Assignment a, PropertyAccess pa
where
a.getLValue() = pa and
a.getLeftOperand() = pa and
pa.getTarget().hasName("Domain") and
pa.getTarget().getDeclaringType().hasFullyQualifiedName("System.Web", "HttpCookie") and
(
a.getRValue().getValue().regexpReplaceAll("[^.]", "").length() < 2 or
a.getRValue().getValue().matches(".%")
a.getRightOperand().getValue().regexpReplaceAll("[^.]", "").length() < 2 or
a.getRightOperand().getValue().matches(".%")
)
select a, "Overly broad domain for cookie."

4
csharp/ql/src/Security Features/CookieWithOverlyBroadPath.ql
View File

@@ -14,8 +14,8 @@ import csharp
from Assignment a, PropertyAccess pa
where
a.getLValue() = pa and
a.getLeftOperand() = pa and
pa.getTarget().hasName("Path") and
pa.getTarget().getDeclaringType().hasFullyQualifiedName("System.Web", "HttpCookie") and
a.getRValue().getValue() = "/"
a.getRightOperand().getValue() = "/"
select a, "Overly broad path for cookie."

4
csharp/ql/src/Security Features/HeaderCheckingDisabled.ql
View File

@@ -17,12 +17,12 @@ from Element l
where
// header checking is disabled programmatically in the code
exists(Assignment a, PropertyAccess pa |
a.getLValue() = pa and
a.getLeftOperand() = pa and
pa.getTarget().hasName("EnableHeaderChecking") and
pa.getTarget()
.getDeclaringType()
.hasFullyQualifiedName("System.Web.Configuration", "HttpRuntimeSection") and
a.getRValue().getValue() = "false" and
a.getRightOperand().getValue() = "false" and
a = l
)
or

8
csharp/ql/src/Security Features/InsecureRandomness.ql
View File

@@ -89,10 +89,10 @@ module Random {
e = any(SensitiveLibraryParameter v).getAnAssignedArgument()
or
// Assignment operation, e.g. += or similar
exists(AssignOperation ao | ao.getRValue() = e |
ao.getLValue() = any(SensitiveVariable v).getAnAccess() or
ao.getLValue() = any(SensitiveProperty v).getAnAccess() or
ao.getLValue() = any(SensitiveLibraryParameter v).getAnAccess()
exists(AssignOperation ao | ao.getRightOperand() = e |
ao.getLeftOperand() = any(SensitiveVariable v).getAnAccess() or
ao.getLeftOperand() = any(SensitiveProperty v).getAnAccess() or
ao.getLeftOperand() = any(SensitiveLibraryParameter v).getAnAccess()
)
)
}

2
csharp/ql/src/Security Features/InsufficientKeySize.ql
View File

@@ -20,7 +20,7 @@ predicate incorrectUseOfRC2(Assignment e, string msg) {
.getDeclaringType()
.hasFullyQualifiedName("System.Security.Cryptography", "RC2CryptoServiceProvider")
) and
e.getRValue().getValue().toInt() < 128 and
e.getRightOperand().getValue().toInt() < 128 and
msg = "Key size should be at least 128 bits for RC2 encryption."
}

4
csharp/ql/src/Security Features/PersistentCookie.ql
View File

@@ -52,8 +52,8 @@ class FutureDateExpr extends MethodCall {
from Assignment a, PropertyAccess pa, FutureDateExpr fde
where
a.getLValue() = pa and
a.getRValue() = fde and
a.getLeftOperand() = pa and
a.getRightOperand() = fde and
pa.getTarget().hasName("Expires") and
pa.getTarget().getDeclaringType().hasFullyQualifiedName("System.Web", "HttpCookie") and
(fde.timeIsNotClear() or fde.getTimeInSecond() > 300) // 5 minutes max

8
csharp/ql/src/Telemetry/DatabaseQuality.qll
View File

@@ -27,7 +27,7 @@ module CallTargetStats implements StatsSig {
p = c.getProperty() and
not p.getAnAccessor() instanceof Setter and
assign = c.getParent() and
assign.getLValue() = c and
assign.getLeftOperand() = c and
assign.getParent() instanceof Property
)
}
@@ -36,7 +36,7 @@ module CallTargetStats implements StatsSig {
exists(Property p, AssignExpr assign |
p = c.getProperty() and
assign = c.getParent() and
assign.getLValue() = c and
assign.getLeftOperand() = c and
assign.getParent() instanceof ObjectInitializer and
assign.getParent().getParent() instanceof AnonymousObjectCreation
)
@@ -46,8 +46,8 @@ module CallTargetStats implements StatsSig {
exists(Property p, AssignExpr assign |
p = c.getProperty() and
assign = c.getParent() and
assign.getLValue() = c and
assign.getRValue() instanceof ObjectOrCollectionInitializer
assign.getLeftOperand() = c and
assign.getRightOperand() instanceof ObjectOrCollectionInitializer
)
}

4
csharp/ql/src/experimental/Security Features/CWE-759/HashWithoutSalt.ql
View File

@@ -187,10 +187,10 @@ module HashWithoutSaltConfig implements DataFlow::ConfigSig {
or
// a salt or key is included in subclasses of `KeyedHashAlgorithm`
exists(MethodCall mc, Assignment a, ObjectCreation oc |
a.getRValue() = oc and
a.getRightOperand() = oc and
oc.getObjectType().getABaseType+() instanceof KeyedHashAlgorithm and
mc.getTarget() instanceof HashMethod and
a.getLValue() = mc.getQualifier().(VariableAccess).getTarget().getAnAccess() and
a.getLeftOperand() = mc.getQualifier().(VariableAccess).getTarget().getAnAccess() and
mc.getArgument(0) = node.asExpr()
)
}

2
csharp/ql/test/library-tests/assignments/AssignOperation.ql
View File

@@ -1,4 +1,4 @@
import csharp
from AssignOperation ao
select ao, ao.getLValue(), ao.getRValue()
select ao, ao.getLeftOperand(), ao.getRightOperand()

4
csharp/ql/test/library-tests/conversion/pointer/Pointer.ql
View File

@@ -1,5 +1,5 @@
import csharp
from Assignment a
select a.getLocation(), a.getLValue().getType().toString(), a.getRValue().getType().toString(),
a.getRValue().toString()
select a.getLocation(), a.getLeftOperand().getType().toString(),
a.getRightOperand().getType().toString(), a.getRightOperand().toString()

2
csharp/ql/test/library-tests/csharp10/lambda.ql
View File

@@ -3,7 +3,7 @@ import csharp
private predicate getLambda(
LocalVariableDeclAndInitExpr e, string type, LocalVariable v, LambdaExpr lexp
) {
lexp = e.getRValue() and
lexp = e.getRightOperand() and
v = e.getTargetVariable() and
type = e.getType().toStringWithTypes()
}

4
csharp/ql/test/library-tests/csharp11/operators.ql
View File

@@ -14,8 +14,8 @@ query predicate assignbitwise(
AssignBitwiseOperation op, Expr left, Expr right, string name, string qlclass
) {
op.getFile().getStem() = "Operators" and
left = op.getLValue() and
right = op.getRValue() and
left = op.getLeftOperand() and
right = op.getRightOperand() and
name = op.getOperator() and
qlclass = op.getAPrimaryQlClass()
}

2
csharp/ql/test/library-tests/csharp6/MemberInitializer.ql
View File

@@ -12,7 +12,7 @@ query predicate indexerCalls(IndexerCall indexer, int arg, Expr value) {
query predicate elementAssignments(
ElementWrite write, Assignment assignment, int index, Expr indexer
) {
write = assignment.getLValue() and indexer = write.getIndex(index)
write = assignment.getLeftOperand() and indexer = write.getIndex(index)
}
query predicate arrayQualifiers(ElementAccess access, Expr qualifier) {

2
csharp/ql/test/library-tests/enums/Enums11.ql
View File

@@ -6,7 +6,7 @@ import csharp
from Expr e
where
exists(Assignment a | a.getRValue() = e |
exists(Assignment a | a.getRightOperand() = e |
a.getParent().(Field).getDeclaringType() instanceof Enum
)
select e, e.getValue()

2
csharp/ql/test/library-tests/expressions/AddEventExpr1.ql
View File

@@ -9,5 +9,5 @@ where
c.hasName("LoginDialog") and
e.getEnclosingCallable() = c and
e.getTarget().hasName("Click") and
e.getLValue().getQualifier().(FieldAccess).getTarget().hasName("OkButton")
e.getLeftOperand().getQualifier().(FieldAccess).getTarget().hasName("OkButton")
select c, e

2
csharp/ql/test/library-tests/expressions/AnonymousMethod1.ql
View File

@@ -6,7 +6,7 @@ import csharp
from Assignment assign, AnonymousMethodExpr e
where
assign.getLValue().(VariableAccess).getTarget().hasName("f7") and
assign.getLeftOperand().(VariableAccess).getTarget().hasName("f7") and
e.getParent+() = assign and
e.getNumberOfParameters() = 1 and
e.getParameter(0).getType() instanceof IntType and

2
csharp/ql/test/library-tests/expressions/AnonymousMethod2.ql
View File

@@ -6,7 +6,7 @@ import csharp
from Assignment assign, AnonymousMethodExpr e, Parameter p, ParameterAccess pa
where
assign.getLValue().(VariableAccess).getTarget().hasName("f7") and
assign.getLeftOperand().(VariableAccess).getTarget().hasName("f7") and
e.getParent+() = assign and
e.getNumberOfParameters() = 1 and
p = e.getParameter(0) and

2
csharp/ql/test/library-tests/expressions/AnonymousMethod3.ql
View File

@@ -6,7 +6,7 @@ import csharp
from Assignment assign, AnonymousMethodExpr e
where
assign.getLValue().(VariableAccess).getTarget().hasName("f7") and
assign.getLeftOperand().(VariableAccess).getTarget().hasName("f7") and
e.getParent+() = assign and
e.getNumberOfParameters() = 1 and
e.getType().(DelegateType).getReturnType() instanceof IntType

2
csharp/ql/test/library-tests/expressions/AnonymousMethod4.ql
View File

@@ -6,7 +6,7 @@ import csharp
from Assignment assign, AnonymousMethodExpr e
where
assign.getLValue().(VariableAccess).getTarget().hasName("f8") and
assign.getLeftOperand().(VariableAccess).getTarget().hasName("f8") and
e.getParent+() = assign and
e.hasNoParameters()
select e, e

2
csharp/ql/test/library-tests/expressions/AnonymousMethod5.ql
View File

@@ -6,7 +6,7 @@ import csharp
from Assignment assign, AnonymousMethodExpr e, LocalVariableAccess va
where
assign.getLValue().(VariableAccess).getTarget().hasName("f8") and
assign.getLeftOperand().(VariableAccess).getTarget().hasName("f8") and
e.getParent+() = assign and
e.hasNoParameters() and
va.getEnclosingStmt().getParent+() = e.getBody() and

6
csharp/ql/test/library-tests/expressions/AnonymousObjectCreation1.ql
View File

@@ -6,11 +6,11 @@ import csharp
from Assignment assign, AnonymousObjectCreation o, Assignment a, Property p
where
assign.getLValue().(VariableAccess).getTarget().hasName("list2") and
assign.getLeftOperand().(VariableAccess).getTarget().hasName("list2") and
o.getParent+() = assign and
o.getInitializer().getMemberInitializer(0) = a and
a.getRValue().getValue() = "2" and
p = a.getLValue().(PropertyAccess).getTarget() and
a.getRightOperand().getValue() = "2" and
p = a.getLeftOperand().(PropertyAccess).getTarget() and
p.hasName("i") and
p.getDeclaringType() = o.getObjectType()
select o

6
csharp/ql/test/library-tests/expressions/AnonymousObjectCreation2.ql
View File

@@ -6,11 +6,11 @@ import csharp
from Assignment assign, AnonymousObjectCreation o, Assignment a, Property p
where
assign.getLValue().(VariableAccess).getTarget().hasName("contacts2") and
assign.getLeftOperand().(VariableAccess).getTarget().hasName("contacts2") and
o.getParent+() = assign and
o.getInitializer().getMemberInitializer(0) = a and
a.getRValue().getValue() = "Chris Smith" and
p = a.getLValue().(PropertyAccess).getTarget() and
a.getRightOperand().getValue() = "Chris Smith" and
p = a.getLeftOperand().(PropertyAccess).getTarget() and
p.hasName("Name") and
p.getDeclaringType() = o.getObjectType()
select o, p.getType().toString()

6
csharp/ql/test/library-tests/expressions/AnonymousObjectCreation3.ql
View File

@@ -6,11 +6,11 @@ import csharp
from Assignment assign, AnonymousObjectCreation o, Assignment a, Property p
where
assign.getLValue().(VariableAccess).getTarget().hasName("contacts2") and
assign.getLeftOperand().(VariableAccess).getTarget().hasName("contacts2") and
o.getParent+() = assign and
o.getInitializer().getMemberInitializer(1) = a and
a.getRValue() instanceof ArrayCreation and
p = a.getLValue().(PropertyAccess).getTarget() and
a.getRightOperand() instanceof ArrayCreation and
p = a.getLeftOperand().(PropertyAccess).getTarget() and
p.hasName("PhoneNumbers") and
p.getDeclaringType() = o.getObjectType()
select o, p.getType().getName()

2
csharp/ql/test/library-tests/expressions/AnonymousObjectCreation4.ql
View File

@@ -8,7 +8,7 @@ from
Assignment assign, AnonymousObjectCreation o, Assignment a, AnonymousObjectCreation p,
Assignment b
where
assign.getLValue().(VariableAccess).getTarget().hasName("contacts2") and
assign.getLeftOperand().(VariableAccess).getTarget().hasName("contacts2") and
o.getParent+() = assign and
o.getInitializer().getMemberInitializer(1) = a and
p.getParent+() = assign and

4
csharp/ql/test/library-tests/expressions/ArrayCreation1.ql
View File

@@ -6,8 +6,8 @@ import csharp
from Assignment a, ArrayCreation e, ArrayInitializer i
where
a.getLValue().(VariableAccess).getTarget().hasName("is1") and
e = a.getRValue() and
a.getLeftOperand().(VariableAccess).getTarget().hasName("is1") and
e = a.getRightOperand() and
not e.isImplicitlyTyped() and
i = e.getInitializer() and
e.isImplicitlySized() and

4
csharp/ql/test/library-tests/expressions/ArrayCreation10.ql
View File

@@ -6,9 +6,9 @@ import csharp
from Assignment a, ArrayCreation e, CastExpr cast
where
a.getLValue().(VariableAccess).getTarget().hasName("os") and
a.getLeftOperand().(VariableAccess).getTarget().hasName("os") and
e.getEnclosingCallable().hasName("MainElementAccess") and
e = a.getRValue() and
e = a.getRightOperand() and
not e.isImplicitlyTyped() and
e.isImplicitlySized() and
e.getArrayType().getDimension() = 1 and

4
csharp/ql/test/library-tests/expressions/ArrayCreation2.ql
View File

@@ -6,8 +6,8 @@ import csharp
from Assignment a, ArrayCreation e, ArrayInitializer i
where
a.getLValue().(VariableAccess).getTarget().hasName("is2") and
e = a.getRValue() and
a.getLeftOperand().(VariableAccess).getTarget().hasName("is2") and
e = a.getRightOperand() and
not e.isImplicitlyTyped() and
i = e.getInitializer() and
e.getNumberOfLengthArguments() = 2 and

4
csharp/ql/test/library-tests/expressions/ArrayCreation3.ql
View File

@@ -6,8 +6,8 @@ import csharp
from Assignment a, ArrayCreation e
where
a.getLValue().(VariableAccess).getTarget().hasName("is3") and
e = a.getRValue() and
a.getLeftOperand().(VariableAccess).getTarget().hasName("is3") and
e = a.getRightOperand() and
not e.isImplicitlyTyped() and
not e.hasInitializer() and
e.getNumberOfLengthArguments() = 1 and

4
csharp/ql/test/library-tests/expressions/ArrayCreation4.ql
View File

@@ -6,8 +6,8 @@ import csharp
from Assignment a, ArrayCreation e
where
a.getLValue().(VariableAccess).getTarget().hasName("is4") and
e = a.getRValue() and
a.getLeftOperand().(VariableAccess).getTarget().hasName("is4") and
e = a.getRightOperand() and
not e.isImplicitlyTyped() and
not e.hasInitializer() and
e.getNumberOfLengthArguments() = 2 and

4
csharp/ql/test/library-tests/expressions/ArrayCreation5.ql
View File

@@ -6,8 +6,8 @@ import csharp
from Assignment a, ArrayCreation e, int i
where
a.getLValue().(VariableAccess).getTarget().hasName("is5") and
e = a.getRValue() and
a.getLeftOperand().(VariableAccess).getTarget().hasName("is5") and
e = a.getRightOperand() and
e.isImplicitlyTyped() and
e.isImplicitlySized() and
e.getArrayType().getDimension() = 1 and

4
csharp/ql/test/library-tests/expressions/ArrayCreation6.ql
View File

@@ -6,8 +6,8 @@ import csharp
from Assignment a, ArrayCreation e
where
a.getLValue().(VariableAccess).getTarget().hasName("is6") and
e = a.getRValue() and
a.getLeftOperand().(VariableAccess).getTarget().hasName("is6") and
e = a.getRightOperand() and
e.isImplicitlyTyped() and
e.isImplicitlySized() and
e.getArrayType().getDimension() = 1 and

4
csharp/ql/test/library-tests/expressions/ArrayCreation7.ql
View File

@@ -6,8 +6,8 @@ import csharp
from Assignment a, ArrayCreation e
where
a.getLValue().(VariableAccess).getTarget().hasName("is7") and
e = a.getRValue() and
a.getLeftOperand().(VariableAccess).getTarget().hasName("is7") and
e = a.getRightOperand() and
e.isImplicitlyTyped() and
e.isImplicitlySized() and
e.getArrayType().getDimension() = 1 and

4
csharp/ql/test/library-tests/expressions/ArrayCreation8.ql
View File

@@ -6,8 +6,8 @@ import csharp
from Assignment a, ArrayCreation e
where
a.getLValue().(VariableAccess).getTarget().hasName("contacts2") and
e = a.getRValue() and
a.getLeftOperand().(VariableAccess).getTarget().hasName("contacts2") and
e = a.getRightOperand() and
e.isImplicitlyTyped() and
e.isImplicitlySized() and
e.getArrayType().getDimension() = 1 and

4
csharp/ql/test/library-tests/expressions/ArrayCreation9.ql
View File

@@ -6,8 +6,8 @@ import csharp
from Assignment a, ArrayCreation e
where
a.getLValue().(VariableAccess).getTarget().hasName("t") and
e = a.getRValue() and
a.getLeftOperand().(VariableAccess).getTarget().hasName("t") and
e = a.getRightOperand() and
e.isImplicitlyTyped() and
e.isImplicitlySized() and
e.getArrayType().getDimension() = 1 and

2
csharp/ql/test/library-tests/expressions/Lambda1.ql
View File

@@ -6,7 +6,7 @@ import csharp
from Assignment assign, LambdaExpr e
where
assign.getLValue().(VariableAccess).getTarget().hasName("f1") and
assign.getLeftOperand().(VariableAccess).getTarget().hasName("f1") and
e.getParent+() = assign and
e.getNumberOfParameters() = 1 and
e.getParameter(0).getType() instanceof ShortType and

2
csharp/ql/test/library-tests/expressions/Lambda2.ql
View File

@@ -6,7 +6,7 @@ import csharp
from Assignment assign, LambdaExpr e
where
assign.getLValue().(VariableAccess).getTarget().hasName("f2") and
assign.getLeftOperand().(VariableAccess).getTarget().hasName("f2") and
e.getParent+() = assign and
e.getNumberOfParameters() = 1 and
e.getParameter(0).getType() instanceof IntType and

2
csharp/ql/test/library-tests/expressions/Lambda3.ql
View File

@@ -6,7 +6,7 @@ import csharp
from Assignment assign, LambdaExpr e
where
assign.getLValue().(VariableAccess).getTarget().hasName("f3") and
assign.getLeftOperand().(VariableAccess).getTarget().hasName("f3") and
e.getParent+() = assign and
e.getNumberOfParameters() = 1 and
e.getParameter(0).getType() instanceof IntType and

2
csharp/ql/test/library-tests/expressions/Lambda4.ql
View File

@@ -6,7 +6,7 @@ import csharp
from Assignment assign, LambdaExpr e
where
assign.getLValue().(VariableAccess).getTarget().hasName("f4") and
assign.getLeftOperand().(VariableAccess).getTarget().hasName("f4") and
e.getParent+() = assign and
e.getNumberOfParameters() = 1 and
e.getParameter(0).getType() instanceof IntType and

2
csharp/ql/test/library-tests/expressions/Lambda5.ql
View File

@@ -6,7 +6,7 @@ import csharp
from Assignment assign, LambdaExpr e
where
assign.getLValue().(VariableAccess).getTarget().hasName("f5") and
assign.getLeftOperand().(VariableAccess).getTarget().hasName("f5") and
e.getParent+() = assign and
e.getNumberOfParameters() = 2 and
e.getParameter(0).getType() instanceof IntType and

2
csharp/ql/test/library-tests/expressions/Lambda6.ql
View File

@@ -6,7 +6,7 @@ import csharp
from Assignment assign, LambdaExpr e
where
assign.getLValue().(VariableAccess).getTarget().hasName("f6") and
assign.getLeftOperand().(VariableAccess).getTarget().hasName("f6") and
e.getParent+() = assign and
e.getNumberOfParameters() = 0 and
e.getType().(DelegateType).hasName("Unit") and

2
csharp/ql/test/library-tests/expressions/ObjectCreation10.ql
View File

@@ -6,7 +6,7 @@ import csharp
from Assignment a, CollectionInitializer i
where
a.getLValue().(VariableAccess).getTarget().hasName("list1") and
a.getLeftOperand().(VariableAccess).getTarget().hasName("list1") and
i.getParent+() = a and
i.getElementInitializer(0).getArgument(0) instanceof AssignExpr
select i.getAChild+()

2
csharp/ql/test/library-tests/expressions/ObjectCreation11.ql
View File

@@ -6,7 +6,7 @@ import csharp
from Assignment a, CollectionInitializer i, AnonymousObjectCreation o
where
a.getLValue().(VariableAccess).getTarget().hasName("list2") and
a.getLeftOperand().(VariableAccess).getTarget().hasName("list2") and
i.getParent+() = a and
i.getElementInitializer(0).getArgument(0) = o
select i, o

8
csharp/ql/test/library-tests/expressions/ObjectCreation4.ql
View File

@@ -15,9 +15,9 @@ where
cc.hasName("Point") and
i = e.getInitializer() and
a = i.getMemberInitializer(0) and
a.getLValue().(PropertyAccess).getTarget().hasName("X") and
a.getRValue().getValue() = "0" and
a.getLeftOperand().(PropertyAccess).getTarget().hasName("X") and
a.getRightOperand().getValue() = "0" and
b = i.getMemberInitializer(1) and
b.getLValue().(PropertyAccess).getTarget().hasName("Y") and
b.getRValue().getValue() = "1"
b.getLeftOperand().(PropertyAccess).getTarget().hasName("Y") and
b.getRightOperand().getValue() = "1"
select e, i, a, b

8
csharp/ql/test/library-tests/expressions/ObjectCreation5.ql
View File

@@ -15,10 +15,10 @@ where
cc.hasName("Point") and
i = e.getInitializer() and
a = i.getMemberInitializer(0) and
a.getLValue().(PropertyAccess).getTarget().hasName("X") and
a.getRValue().getValue() = "2" and
a.getLeftOperand().(PropertyAccess).getTarget().hasName("X") and
a.getRightOperand().getValue() = "2" and
b = i.getMemberInitializer(1) and
b.getLValue().(PropertyAccess).getTarget().hasName("Y") and
b.getRValue().getValue() = "3" and
b.getLeftOperand().(PropertyAccess).getTarget().hasName("Y") and
b.getRightOperand().getValue() = "3" and
i.getNumberOfMemberInitializers() = 2
select i, a, b

8
csharp/ql/test/library-tests/expressions/ObjectCreation6.ql
View File

@@ -15,10 +15,10 @@ where
cc.hasName("Rectangle") and
i = e.getInitializer() and
a = i.getMemberInitializer(0) and
a.getLValue().(PropertyAccess).getTarget().hasName("P1") and
a.getRValue() instanceof ObjectCreation and
a.getLeftOperand().(PropertyAccess).getTarget().hasName("P1") and
a.getRightOperand() instanceof ObjectCreation and
b = i.getMemberInitializer(1) and
b.getLValue().(PropertyAccess).getTarget().hasName("P2") and
b.getRValue() instanceof ObjectCreation and
b.getLeftOperand().(PropertyAccess).getTarget().hasName("P2") and
b.getRightOperand() instanceof ObjectCreation and
i.getNumberOfMemberInitializers() = 2
select i, a, b

8
csharp/ql/test/library-tests/expressions/ObjectCreation7.ql
View File

@@ -15,10 +15,10 @@ where
cc.hasName("Rectangle2") and
i = e.getInitializer() and
a = i.getMemberInitializer(0) and
a.getLValue().(PropertyAccess).getTarget().hasName("P1") and
a.getRValue() instanceof ObjectInitializer and
a.getLeftOperand().(PropertyAccess).getTarget().hasName("P1") and
a.getRightOperand() instanceof ObjectInitializer and
b = i.getMemberInitializer(1) and
b.getLValue().(PropertyAccess).getTarget().hasName("P2") and
b.getRValue() instanceof ObjectInitializer and
b.getLeftOperand().(PropertyAccess).getTarget().hasName("P2") and
b.getRightOperand() instanceof ObjectInitializer and
i.getNumberOfMemberInitializers() = 2
select m, e

2
csharp/ql/test/library-tests/expressions/RemoveEventExpr1.ql
View File

@@ -9,5 +9,5 @@ where
c.hasName("LoginDialog") and
e.getEnclosingCallable() = c and
e.getTarget().hasName("Click") and
e.getLValue().getQualifier().(FieldAccess).getTarget().hasName("CancelButton")
e.getLeftOperand().getQualifier().(FieldAccess).getTarget().hasName("CancelButton")
select c, e

Some files were not shown because too many files have changed in this diff Show More