hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-22 23:35:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into blockon

Browse Source
This commit is contained in:
Geoffrey White
2025-04-04 17:35:00 +01:00
parent d1ef2b50fb 49c2f97cc8
commit c783549b5c
1056 changed files with 43590 additions and 11427 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.bazelrc
View File

@@ -37,5 +37,6 @@ build --java_language_version=17
build --tool_java_language_version=17
build --tool_java_runtime_version=remotejdk_17
build --java_runtime_version=remotejdk_17
build --@rules_python//python/config_settings:python_version=3.12
try-import %workspace%/local.bazelrc

2
.bazelrc.internal
View File

@@ -8,3 +8,5 @@ common --registry=https://bcr.bazel.build
# its implementation packages without providing any code itself.
# We either can depend on internal implementation details, or turn of strict deps.
common --@rules_dotnet//dotnet/settings:strict_deps=false
build --@rules_python//python/config_settings:python_version=3.12

2
.github/workflows/build-ripunzip.yml vendored
View File

@@ -17,7 +17,7 @@ jobs:
strategy:
fail-fast: false
matrix:
os: [ubuntu-20.04, macos-13, windows-2019]
os: [ubuntu-22.04, macos-13, windows-2019]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v4

22
.github/workflows/go-tests-rtjo.yml vendored Normal file
View File

@@ -0,0 +1,22 @@
name: "Go: Run RTJO Tests"
on:
pull_request:
types:
- labeled
permissions:
contents: read
jobs:
test-linux:
if: "github.repository_owner == 'github' && github.event.label.name == 'Run: RTJO Language Tests'"
name: RTJO Test Linux (Ubuntu)
runs-on: ubuntu-latest-xl
steps:
- name: Check out code
uses: actions/checkout@v4
- name: Run tests
uses: ./go/actions/test
with:
run-code-checks: true
dynamic-join-order-mode: all

40
.github/workflows/ruby-qltest-rtjo.yml vendored Normal file
View File

@@ -0,0 +1,40 @@
name: "Ruby: Run RTJO Language Tests"
on:
pull_request:
types:
- opened
- synchronize
- reopened
- labeled
env:
CARGO_TERM_COLOR: always
defaults:
run:
working-directory: ruby
permissions:
contents: read
jobs:
qltest-rtjo:
if: "github.repository_owner == 'github' && github.event.label.name == 'Run: RTJO Language Tests'"
runs-on: ubuntu-latest-xl
strategy:
fail-fast: false
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/fetch-codeql
- uses: ./ruby/actions/create-extractor-pack
- name: Cache compilation cache
id: query-cache
uses: ./.github/actions/cache-query-compilation
with:
key: ruby-qltest
- name: Run QL tests
run: |
codeql test run --dynamic-join-order-mode=all --threads=0 --ram 50000 --search-path "${{ github.workspace }}" --check-databases --check-undefined-labels --check-unused-labels --check-repeated-labels --check-redefined-labels --check-use-before-definition --consistency-queries ql/consistency-queries ql/test --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}"
env:
GITHUB_TOKEN: ${{ github.token }}

2
.pre-commit-config.yaml
View File

@@ -72,7 +72,7 @@ repos:
- id: rust-codegen
name: Run Rust checked in code generation
files: ^misc/codegen/|^rust/(prefix\.dbscheme|schema/|codegen/|.*/generated/|ql/lib/(rust\.dbscheme$|codeql/rust/elements)|\.generated.list)
files: ^misc/codegen/|^rust/(prefix\.dbscheme|schema/|codegen/|.*/generated/|ql/lib/(rust\.dbscheme$|codeql/rust/elements)|\.generated.list|ast-generator/)
language: system
entry: bazel run //rust/codegen -- --quiet
pass_filenames: false

3
CODEOWNERS
View File

@@ -14,6 +14,9 @@
/java/ql/test-kotlin1/ @github/codeql-kotlin
/java/ql/test-kotlin2/ @github/codeql-kotlin
# Experimental CodeQL cryptography
**/experimental/quantum/ @github/ps-codeql
# CodeQL tools and associated docs
/docs/codeql/codeql-cli/ @github/codeql-cli-reviewers
/docs/codeql/codeql-for-visual-studio-code/ @github/codeql-vscode-reviewers

455
Cargo.lock generated
View File

@@ -18,13 +18,10 @@ dependencies = [
]
[[package]]
name = "always-assert"
version = "0.2.0"
name = "allocator-api2"
version = "0.2.21"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a1078fa1ce1e34b1872d8611ad921196d76bdd7027e949fbe31231abde201892"
dependencies = [
"tracing",
]
checksum = "683d7910e743518b0e34f1186f92494becacb047c7b6bf616c96772180fef923"
[[package]]
name = "android-tzdata"
@@ -93,9 +90,9 @@ dependencies = [
[[package]]
name = "anyhow"
version = "1.0.96"
version = "1.0.97"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6b964d184e89d9b6b67dd2715bc8e74cf3107fb2b529990c90cf517326150bf4"
checksum = "dcfed56ad506cb2c684a14971b8861fdc3baaaae314b9e5f9bb532cbe3ba7a4f"
[[package]]
name = "argfile"
@@ -170,6 +167,15 @@ dependencies = [
"cfg_aliases",
]
[[package]]
name = "boxcar"
version = "0.2.11"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6740c6e2fc6360fa57c35214c7493826aee95993926092606f27c983b40837be"
dependencies = [
"loom",
]
[[package]]
name = "bstr"
version = "1.11.3"
@@ -253,9 +259,9 @@ checksum = "613afe47fcd5fac7ccf1db93babcb082c5994d996f20b8b159f2ad1658eb5724"
[[package]]
name = "chalk-derive"
version = "0.99.0"
version = "0.100.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "572583d9b97f9d277e5c7607f8239a30e2e04d3ed3b47c87d1cb2152ae724073"
checksum = "ab2d131019373f0d0d1f2af0abd4f719739f6583c1b33965112455f643a910af"
dependencies = [
"proc-macro2",
"quote",
@@ -265,9 +271,9 @@ dependencies = [
[[package]]
name = "chalk-ir"
version = "0.99.0"
version = "0.100.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e60e0ef9c81dce1336a9ed3c76f08775f5b623151d96d85ba45f7b10de76d1c7"
checksum = "4f114996bda14c0213f014a4ef31a7867dcf5f539a3900477fc6b20138e7a17b"
dependencies = [
"bitflags 2.8.0",
"chalk-derive",
@@ -275,9 +281,9 @@ dependencies = [
[[package]]
name = "chalk-recursive"
version = "0.99.0"
version = "0.100.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5a06350d614e22b03a69b8105e3541614450a7ea48bc58ecc6c6bd92731a3995"
checksum = "551e956e031c09057c7b21f17d48d91de99c9b6b6e34bceaf5e7202d71021268"
dependencies = [
"chalk-derive",
"chalk-ir",
@@ -288,9 +294,9 @@ dependencies = [
[[package]]
name = "chalk-solve"
version = "0.99.0"
version = "0.100.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0e428761e9b55bee516bfe2457caed8b6d1b86353f92ae825bbe438a36ce91e8"
checksum = "cd7ca50181156ce649efe8e5dd00580f573651554e4dcd11afa4e2ac93f53324"
dependencies = [
"chalk-derive",
"chalk-ir",
@@ -304,9 +310,9 @@ dependencies = [
[[package]]
name = "chrono"
version = "0.4.39"
version = "0.4.40"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7e36cc9d416881d2e24f9a963be5fb1cd90966419ac844274161d10488b3e825"
checksum = "1a7964611d71df112cb1730f2ee67324fcf4d0fc6606acbbe9bfe06df124637c"
dependencies = [
"android-tzdata",
"iana-time-zone",
@@ -314,14 +320,14 @@ dependencies = [
"num-traits",
"serde",
"wasm-bindgen",
"windows-targets 0.52.6",
"windows-link",
]
[[package]]
name = "clap"
version = "4.5.31"
version = "4.5.35"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "027bb0d98429ae334a8698531da7077bdf906419543a35a55c2cb1b66437d767"
checksum = "d8aa86934b44c19c50f87cc2790e19f54f7a67aedb64101c2e1a2e5ecfb73944"
dependencies = [
"clap_builder",
"clap_derive",
@@ -329,9 +335,9 @@ dependencies = [
[[package]]
name = "clap_builder"
version = "4.5.31"
version = "4.5.35"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5589e0cba072e0f3d23791efac0fd8627b49c829c196a492e88168e6a669d863"
checksum = "2414dbb2dd0695280da6ea9261e327479e9d37b0630f6b53ba2a11c60c679fd9"
dependencies = [
"anstream",
"anstyle",
@@ -341,11 +347,11 @@ dependencies = [
[[package]]
name = "clap_derive"
version = "4.5.28"
version = "4.5.32"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bf4ced95c6f4a675af3da73304b9ac4ed991640c36374e4b46795c49e17cf1ed"
checksum = "09176aae279615badda0765c0c0b3f6ed53f4709118af73cf4655d85d1530cd7"
dependencies = [
"heck 0.5.0",
"heck",
"proc-macro2",
"quote",
"syn",
@@ -505,6 +511,15 @@ dependencies = [
"crossbeam-utils",
]
[[package]]
name = "crossbeam-queue"
version = "0.3.12"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0f58bbc28f91df819d0aa2a2c00cd19754769c2fad90579b3592b1c9ba7a3115"
dependencies = [
"crossbeam-utils",
]
[[package]]
name = "crossbeam-utils"
version = "0.8.21"
@@ -559,6 +574,20 @@ dependencies = [
"parking_lot_core",
]
[[package]]
name = "dashmap"
version = "6.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5041cc499144891f3790297212f32a74fb938e5136a14943f338ef9e0ae276cf"
dependencies = [
"cfg-if",
"crossbeam-utils",
"hashbrown 0.14.5",
"lock_api",
"once_cell",
"parking_lot_core",
]
[[package]]
name = "deranged"
version = "0.3.11"
@@ -583,9 +612,9 @@ checksum = "92773504d58c093f6de2459af4af33faa518c13451eb8f2b5698ed3d36e7c813"
[[package]]
name = "either"
version = "1.14.0"
version = "1.15.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b7914353092ddf589ad78f25c5c1c21b7f80b0ff8621e7c814c3485b5306da9d"
checksum = "48c757948c5ede0e46177b7add2e67155f70e33c07fea8284df6576da70b3719"
[[package]]
name = "ena"
@@ -714,6 +743,12 @@ version = "1.0.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1"
[[package]]
name = "foldhash"
version = "0.1.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d9c4f5dac5e15c24eb999c26181a6ca40b39fe946cbe4c263c7209467bc83af2"
[[package]]
name = "fs-err"
version = "2.11.0"
@@ -738,6 +773,19 @@ version = "0.4.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7ab85b9b05e3978cc9a9cf8fea7f01b494e1a09ed3037e16ba39edc7a29eb61a"
[[package]]
name = "generator"
version = "0.8.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cc6bd114ceda131d3b1d665eba35788690ad37f5916457286b32ab6fd3c438dd"
dependencies = [
"cfg-if",
"libc",
"log 0.4.25",
"rustversion",
"windows",
]
[[package]]
name = "getrandom"
version = "0.3.1"
@@ -786,12 +834,20 @@ name = "hashbrown"
version = "0.15.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bf151400ff0baff5465007dd2f3e717f3fe502074ca563069ce3a6629d07b289"
dependencies = [
"allocator-api2",
"equivalent",
"foldhash",
]
[[package]]
name = "heck"
version = "0.4.1"
name = "hashlink"
version = "0.10.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "95505c38b4572b2d910cecb0281560f54b440a19336cbbcb27bf6ce6adc6f5a8"
checksum = "7382cf6263419f2d8df38c55d7da83da5c18aef87fc7a7fc1fb1e344edfe14c1"
dependencies = [
"hashbrown 0.15.2",
]
[[package]]
name = "heck"
@@ -831,7 +887,7 @@ dependencies = [
"iana-time-zone-haiku",
"js-sys",
"wasm-bindgen",
"windows-core",
"windows-core 0.52.0",
]
[[package]]
@@ -1027,6 +1083,19 @@ version = "0.4.25"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "04cbf5b083de1c7e0222a7a51dbfdba1cbe1c6ab0b15e29fff3f6c077fd9cd9f"
[[package]]
name = "loom"
version = "0.7.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "419e0dc8046cb947daa77eb95ae174acfbddb7673b4151f56d1eed8e93fbfaca"
dependencies = [
"cfg-if",
"generator",
"scoped-tls",
"tracing",
"tracing-subscriber",
]
[[package]]
name = "lz4_flex"
version = "0.11.3"
@@ -1271,6 +1340,12 @@ version = "0.2.16"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3b3cff922bd51709b605d9ead9aa71031d81447142d828eb4a6eba76fe619f9b"
[[package]]
name = "portable-atomic"
version = "1.11.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "350e9b48cbc6b0e028b0473b114454c6316e57336ee184ceab6e53f72c178b3e"
[[package]]
name = "powerfmt"
version = "0.2.0"
@@ -1288,9 +1363,9 @@ dependencies = [
[[package]]
name = "proc-macro2"
version = "1.0.93"
version = "1.0.94"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "60946a68e5f9d28b0dc1c21bb8a97ee7d018a8b322fa57838ba31cc878e22d99"
checksum = "a31971752e70b8b2686d7e46ec17fb38dad4051d94024c88df49b667caea9c84"
dependencies = [
"unicode-ident",
]
@@ -1310,18 +1385,18 @@ dependencies = [
[[package]]
name = "quote"
version = "1.0.38"
version = "1.0.40"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0e4dccaaaf89514f546c693ddc140f729f958c247918a13380cccc6078391acc"
checksum = "1885c039570dc00dcb4ff087a89e185fd56bae234ddc7f056a945bf36467248d"
dependencies = [
"proc-macro2",
]
[[package]]
name = "ra-ap-rustc_abi"
version = "0.97.0"
version = "0.100.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3829c3355d1681ffeaf1450ec71edcdace6820fe2e86469d8fc1ad45e2c96460"
checksum = "f1651b0f7e8c3eb7c27a88f39d277e69c32bfe58e3be174d286c1a24d6a7a4d8"
dependencies = [
"bitflags 2.8.0",
"ra-ap-rustc_hashes",
@@ -1331,18 +1406,18 @@ dependencies = [
[[package]]
name = "ra-ap-rustc_hashes"
version = "0.97.0"
version = "0.100.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1bd4d6d4c434bec08e02370a4f64a4985312097215a62e82d0f757f3a98e502e"
checksum = "2bcd85e93dc0ea850bcfe7957a115957df799ccbc9eea488bdee5ec6780d212b"
dependencies = [
"rustc-stable-hash",
]
[[package]]
name = "ra-ap-rustc_index"
version = "0.97.0"
version = "0.100.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bad6fc4bd7522e31096e2de5b0351144fe0684b608791ee26c842bf2da1b19ae"
checksum = "62b295fc0640cd9fe0ecab872ee4a17a96f90a3998ec9f0c4765e9b8415c12cc"
dependencies = [
"ra-ap-rustc_index_macros",
"smallvec",
@@ -1350,9 +1425,9 @@ dependencies = [
[[package]]
name = "ra-ap-rustc_index_macros"
version = "0.97.0"
version = "0.100.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cfb234e1f84b92be45276c3025bee18789e9bc95bec8789bec961e78edb01c52"
checksum = "c675f4257023aa933882906f13802cae287e88cc39ab13cbb96809083db0c801"
dependencies = [
"proc-macro2",
"quote",
@@ -1361,9 +1436,9 @@ dependencies = [
[[package]]
name = "ra-ap-rustc_lexer"
version = "0.97.0"
version = "0.100.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7a3a40bd11dc43d1cb110e730b80620cf8102f4cca8920a02b65954da0ed931f"
checksum = "c8358702c2a510ea84ba5801ddc047d9ad9520902cfb0e6173277610cdce2c9c"
dependencies = [
"memchr",
"unicode-properties",
@@ -1372,9 +1447,9 @@ dependencies = [
[[package]]
name = "ra-ap-rustc_parse_format"
version = "0.97.0"
version = "0.100.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5feb877478994cb4c0c0c7a5116a352eefc0634aefc8636feb00a893fa5b7135"
checksum = "b98f402011d46732c35c47bfd111dec0495747fef2ec900ddee7fe15d78449a7"
dependencies = [
"ra-ap-rustc_index",
"ra-ap-rustc_lexer",
@@ -1382,9 +1457,9 @@ dependencies = [
[[package]]
name = "ra-ap-rustc_pattern_analysis"
version = "0.97.0"
version = "0.100.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a76774d35934d464c4115908cde16f76a4f7e540fe1eea6b79336c556e37bdd3"
checksum = "bef3ff73fa4653252ffe1d1e9177a446f49ef46d97140e4816b7ff2dad59ed53"
dependencies = [
"ra-ap-rustc_index",
"rustc-hash 2.1.1",
@@ -1395,20 +1470,22 @@ dependencies = [
[[package]]
name = "ra_ap_base_db"
version = "0.0.266"
version = "0.0.270"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5d8e4a327f1a8ace5afced54ebaa1a34f8cf0bb535a28aefb8300e8ea49a7d6e"
checksum = "4baa9734d254af14fd603528ad594650dea601b1764492bd39988da38598ae67"
dependencies = [
"dashmap 5.5.3",
"la-arena",
"lz4_flex",
"ra_ap_cfg",
"ra_ap_intern",
"ra_ap_salsa",
"ra_ap_query-group-macro",
"ra_ap_span",
"ra_ap_stdx",
"ra_ap_syntax",
"ra_ap_vfs",
"rustc-hash 2.1.1",
"salsa",
"semver",
"tracing",
"triomphe",
@@ -1416,9 +1493,9 @@ dependencies = [
[[package]]
name = "ra_ap_cfg"
version = "0.0.266"
version = "0.0.270"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4d974450788b1f90243c5f2231875ed4d7087444975c0190a1c2cb02c3ed465d"
checksum = "0ef2ba45636c5e585040c0c4bee640737a6001b08309f1a25ca78cf04abfbf90"
dependencies = [
"ra_ap_intern",
"ra_ap_tt",
@@ -1428,15 +1505,15 @@ dependencies = [
[[package]]
name = "ra_ap_edition"
version = "0.0.266"
version = "0.0.270"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c3b1b961a84cb09a4e06e44d06b2e77bcf546d0c2623df9545ba9cc694880989"
checksum = "8955c1484d5e7274f755187788ba0d51eb149f870c69cdf0d87c3b7edea20ea0"
[[package]]
name = "ra_ap_hir"
version = "0.0.266"
version = "0.0.270"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ff0672e35a6cf12333cb6b9e3fd18aba4bc724fa7c7b24c3253df4730be1f9c3"
checksum = "a51d7955beff2212701b149bea36d4cf2dc0f5cd129652c9bcf0cb5c0b021078"
dependencies = [
"arrayvec",
"either",
@@ -1460,14 +1537,14 @@ dependencies = [
[[package]]
name = "ra_ap_hir_def"
version = "0.0.266"
version = "0.0.270"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fde2fb9361257e31e73e63eb2d07445ea3fd4cd1e7bae7f45e7ba82bcfcde29a"
checksum = "e5c97e617e4c585d24b3d4f668861452aedddfbe0262f4c53235dcea77e62f9b"
dependencies = [
"arrayvec",
"bitflags 2.8.0",
"cov-mark",
"dashmap",
"dashmap 5.5.3",
"drop_bomb",
"either",
"fst",
@@ -1483,12 +1560,14 @@ dependencies = [
"ra_ap_hir_expand",
"ra_ap_intern",
"ra_ap_mbe",
"ra_ap_query-group-macro",
"ra_ap_span",
"ra_ap_stdx",
"ra_ap_syntax",
"ra_ap_tt",
"rustc-hash 2.1.1",
"rustc_apfloat",
"salsa",
"smallvec",
"text-size",
"tracing",
@@ -1497,9 +1576,9 @@ dependencies = [
[[package]]
name = "ra_ap_hir_expand"
version = "0.0.266"
version = "0.0.270"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1823b649710bf1829c894f774dfe66acb33a3e5bc7409ff7836cd19f6e09c250"
checksum = "be57c0d7e3f2180dd8ea584b11447f34060eadc06f0f6d559e2a790f6e91b6c5"
dependencies = [
"cov-mark",
"either",
@@ -1511,12 +1590,14 @@ dependencies = [
"ra_ap_intern",
"ra_ap_mbe",
"ra_ap_parser",
"ra_ap_query-group-macro",
"ra_ap_span",
"ra_ap_stdx",
"ra_ap_syntax",
"ra_ap_syntax-bridge",
"ra_ap_tt",
"rustc-hash 2.1.1",
"salsa",
"smallvec",
"tracing",
"triomphe",
@@ -1524,9 +1605,9 @@ dependencies = [
[[package]]
name = "ra_ap_hir_ty"
version = "0.0.266"
version = "0.0.270"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "72a591a02787bd2e938c25fceb1f831d0929b9c08726e6d831f85c4a9fba04b5"
checksum = "f260f35748f3035b46a8afcdebda7cb75d95c24750105fad86101d09a9d387c8"
dependencies = [
"arrayvec",
"bitflags 2.8.0",
@@ -1535,6 +1616,7 @@ dependencies = [
"chalk-recursive",
"chalk-solve",
"cov-mark",
"dashmap 5.5.3",
"either",
"ena",
"indexmap 2.7.0",
@@ -1543,18 +1625,19 @@ dependencies = [
"nohash-hasher",
"oorandom",
"ra-ap-rustc_abi",
"ra-ap-rustc_hashes",
"ra-ap-rustc_index",
"ra-ap-rustc_pattern_analysis",
"ra_ap_base_db",
"ra_ap_hir_def",
"ra_ap_hir_expand",
"ra_ap_intern",
"ra_ap_query-group-macro",
"ra_ap_span",
"ra_ap_stdx",
"ra_ap_syntax",
"rustc-hash 2.1.1",
"rustc_apfloat",
"salsa",
"scoped-tls",
"smallvec",
"tracing",
@@ -1564,14 +1647,15 @@ dependencies = [
[[package]]
name = "ra_ap_ide_db"
version = "0.0.266"
version = "0.0.270"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c74386061453edc3ebfd52141c7c3cde109a7427faff9792a303c3c09a762a01"
checksum = "0426263be26e27cb55a3b9ef88b120511b66fe7d9b418a2473d6d5f3ac2fe0a6"
dependencies = [
"arrayvec",
"bitflags 2.8.0",
"cov-mark",
"crossbeam-channel",
"dashmap 5.5.3",
"either",
"fst",
"indexmap 2.7.0",
@@ -1583,22 +1667,25 @@ dependencies = [
"ra_ap_hir",
"ra_ap_parser",
"ra_ap_profile",
"ra_ap_query-group-macro",
"ra_ap_span",
"ra_ap_stdx",
"ra_ap_syntax",
"ra_ap_vfs",
"rayon",
"rustc-hash 2.1.1",
"salsa",
"tracing",
"triomphe",
]
[[package]]
name = "ra_ap_intern"
version = "0.0.266"
version = "0.0.270"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8239ffde688b558a4335f03d14fa42dcebb203f452367830554b18e17ff1c683"
checksum = "f6ea8c9615b3b0688cf557e7310dbd9432f43860c8ea766d54f4416cbecf3571"
dependencies = [
"dashmap",
"dashmap 5.5.3",
"hashbrown 0.14.5",
"rustc-hash 2.1.1",
"triomphe",
@@ -1606,9 +1693,9 @@ dependencies = [
[[package]]
name = "ra_ap_load-cargo"
version = "0.0.266"
version = "0.0.270"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "01dd50ca287042b06ca3cc62b60e6891bacee3886d39381d26f9f966e509b1c7"
checksum = "570907e16725c13a678bfd8050ce8839af2831da042a0878b75ee8c41b0f7b0c"
dependencies = [
"anyhow",
"crossbeam-channel",
@@ -1628,9 +1715,9 @@ dependencies = [
[[package]]
name = "ra_ap_mbe"
version = "0.0.266"
version = "0.0.270"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c193592a0d1dcd315cf8c60f25d37a15c6b50c2b58bfbc6eac38b123e45c8c21"
checksum = "e893fe03b04b30c9b5a339ac2bf39ce32ac9c05a8b50121b7d89ce658346e164"
dependencies = [
"arrayvec",
"cov-mark",
@@ -1649,9 +1736,9 @@ dependencies = [
[[package]]
name = "ra_ap_parser"
version = "0.0.266"
version = "0.0.270"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b380f96951dd56b8231eeb47884fea12c57b8515ac748eedd590b26cd156681c"
checksum = "6fd9a264120968b14a66b6ba756cd7f99435385b5dbc2f0a611cf3a12221c385"
dependencies = [
"drop_bomb",
"ra-ap-rustc_lexer",
@@ -1661,18 +1748,18 @@ dependencies = [
[[package]]
name = "ra_ap_paths"
version = "0.0.266"
version = "0.0.270"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0801105582f532bc59a2b5714a30966c4cf9bd3e5b66f4161763c1d974d2c7d5"
checksum = "f47817351651e36b56ff3afc483b41600053c9cb7e67d945467c0abe93416032"
dependencies = [
"camino",
]
[[package]]
name = "ra_ap_proc_macro_api"
version = "0.0.266"
version = "0.0.270"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "da377b243e376b82819f875c1c6624125d27b682a740bd4cafc30b4f496d0ffa"
checksum = "d96da3b8b9f6b813a98f5357eef303905450741f47ba90adaab8a5371b748416"
dependencies = [
"indexmap 2.7.0",
"ra_ap_intern",
@@ -1689,9 +1776,9 @@ dependencies = [
[[package]]
name = "ra_ap_profile"
version = "0.0.266"
version = "0.0.270"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4d6d1391bee4f86e56385438a2dcb739cbb96bd0fbf49799a492332d57e6db62"
checksum = "13637377287c84f88a628e40229d271ef0081c0d683956bd99a6c8278a4f8b14"
dependencies = [
"cfg-if",
"libc",
@@ -1701,9 +1788,9 @@ dependencies = [
[[package]]
name = "ra_ap_project_model"
version = "0.0.266"
version = "0.0.270"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e8b1ac2712d5f6a20197b360890031e64b4ea097b511f50e2cb8ab1a0e24f577"
checksum = "053c5207a638fc7a752c7a454bc952b28b0d02f0bf9f6d7ec785ec809579d8fa"
dependencies = [
"anyhow",
"cargo_metadata",
@@ -1726,71 +1813,54 @@ dependencies = [
]
[[package]]
name = "ra_ap_salsa"
version = "0.0.266"
name = "ra_ap_query-group-macro"
version = "0.0.270"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bc3a0a272f50e2ab831452bd3f4e7f8a571ccf01282d76f4a078f661135ed0ce"
checksum = "0f1a38f07b442e47a234cbe2e8fd1b8a41ff0cc5123cb1cf994c5ce20edb5bd6"
dependencies = [
"indexmap 2.7.0",
"itertools 0.12.1",
"lock_api",
"oorandom",
"parking_lot",
"ra_ap_salsa-macros",
"rustc-hash 2.1.1",
"smallvec",
"tracing",
"triomphe",
]
[[package]]
name = "ra_ap_salsa-macros"
version = "0.0.266"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d5d59b47a54fd5468ce0dc03b146afd0932ae0f3d05a5c15ca78d29d5e85bc31"
dependencies = [
"heck 0.4.1",
"heck",
"proc-macro2",
"quote",
"salsa",
"syn",
]
[[package]]
name = "ra_ap_span"
version = "0.0.266"
version = "0.0.270"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f10dbdd611d2546be7c400934007865e85bb37570566c715edb3aac76367a782"
checksum = "8818680c6f7da3b32cb2bb0992940b24264b1aa90203aa94812e09ab34d362d1"
dependencies = [
"hashbrown 0.14.5",
"la-arena",
"ra_ap_salsa",
"ra_ap_stdx",
"ra_ap_syntax",
"ra_ap_vfs",
"rustc-hash 2.1.1",
"salsa",
"text-size",
]
[[package]]
name = "ra_ap_stdx"
version = "0.0.266"
version = "0.0.270"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b7d5c58fcda9b35d61e23f334b2b11221abf53e7f5e4344fc7eb1de18b2cbf68"
checksum = "f1c10bee1b03fc48083862c13cf06bd3ed17760463ecce2734103a2f511e5ed4"
dependencies = [
"always-assert",
"crossbeam-channel",
"itertools 0.12.1",
"jod-thread",
"libc",
"miow",
"tracing",
"windows-sys 0.59.0",
]
[[package]]
name = "ra_ap_syntax"
version = "0.0.266"
version = "0.0.270"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "75334f45a8095223823ef1d2789c085460b7b9368c63a6430d46f6f2b9bd5cb5"
checksum = "92bc32f3946fc5fcbdc79e61b7e26a8c2a3a56f3ef6ab27c7d298a9e21a462f2"
dependencies = [
"cov-mark",
"either",
@@ -1808,9 +1878,9 @@ dependencies = [
[[package]]
name = "ra_ap_syntax-bridge"
version = "0.0.266"
version = "0.0.270"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b331a50f90ae587d230b1b55b3852ebf67ab740dec33c1a4b0900005037e77c2"
checksum = "a42052c44c98c122c37aac476260c8f19d8fec495edc9c05835307c9ae86194d"
dependencies = [
"ra_ap_intern",
"ra_ap_parser",
@@ -1824,9 +1894,9 @@ dependencies = [
[[package]]
name = "ra_ap_toolchain"
version = "0.0.266"
version = "0.0.270"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8d56e1b3a34eac0448e54afccf63a6b7699ef14a734b2f1b340246ccdd00c0d3"
checksum = "75996e70b3a0c68cd5157ba01f018964c7c6a5d7b209047d449b393139d0b57f"
dependencies = [
"camino",
"home",
@@ -1834,9 +1904,9 @@ dependencies = [
[[package]]
name = "ra_ap_tt"
version = "0.0.266"
version = "0.0.270"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4b974b1211e0b1e17e44b1f256ca1b4a3734d4d98f43ba09ee0a8476fc3a5b83"
checksum = "0e4ee31e93bfabe83e6720b7469db88d7ad7ec5c59a1f011efec4aa1327ffc5c"
dependencies = [
"arrayvec",
"ra-ap-rustc_lexer",
@@ -1847,9 +1917,9 @@ dependencies = [
[[package]]
name = "ra_ap_vfs"
version = "0.0.266"
version = "0.0.270"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2b004e20f901dae213cb1673111a2b56fec4f0d1c4c894b62668a0f69ce25065"
checksum = "f6aac1e277ac70bb073f40f8a3fc44e4b1bb9e4d4b1d0e0bd2f8269543560f80"
dependencies = [
"crossbeam-channel",
"fst",
@@ -1863,9 +1933,9 @@ dependencies = [
[[package]]
name = "ra_ap_vfs-notify"
version = "0.0.266"
version = "0.0.270"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "95f9e8df03407d76e044f99ef45fafd686d775508aa7d1ba836e9eca58b833a3"
checksum = "cd95285146049621ee8f7a512c982a008bf036321fcc9b01a95c1ad7e6aeae57"
dependencies = [
"crossbeam-channel",
"notify",
@@ -2030,12 +2100,59 @@ dependencies = [
"smallvec",
]
[[package]]
name = "rustversion"
version = "1.0.20"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "eded382c5f5f786b989652c49544c4877d9f015cc22e145a5ea8ea66c2921cd2"
[[package]]
name = "ryu"
version = "1.0.19"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6ea1a2d0a644769cc99faa24c3ad26b379b786fe7c36fd3c546254801650e6dd"
[[package]]
name = "salsa"
version = "0.19.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "dd55c6549513b2a42884dae31e3d4f4ac8a6cc51062e68e24d162133889f327c"
dependencies = [
"boxcar",
"crossbeam-queue",
"dashmap 6.1.0",
"hashbrown 0.15.2",
"hashlink",
"indexmap 2.7.0",
"parking_lot",
"portable-atomic",
"rayon",
"rustc-hash 2.1.1",
"salsa-macro-rules",
"salsa-macros",
"smallvec",
"tracing",
]
[[package]]
name = "salsa-macro-rules"
version = "0.19.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2619b4b451beab0a7e4364ff1e6f31950e7e418888fd9bf2f28889671563166a"
[[package]]
name = "salsa-macros"
version = "0.19.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4be57a99b3896e8d26850428a6874fb86849e2db874e1db3528e5cee4337d277"
dependencies = [
"heck",
"proc-macro2",
"quote",
"syn",
"synstructure",
]
[[package]]
name = "same-file"
version = "1.0.6"
@@ -2068,18 +2185,18 @@ dependencies = [
[[package]]
name = "serde"
version = "1.0.218"
version = "1.0.219"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e8dfc9d19bdbf6d17e22319da49161d5d0108e4188e8b680aef6299eed22df60"
checksum = "5f0e2c6ed6606019b4e29e69dbaba95b11854410e5347d525002456dbbb786b6"
dependencies = [
"serde_derive",
]
[[package]]
name = "serde_derive"
version = "1.0.218"
version = "1.0.219"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f09503e191f4e797cb8aac08e9a4a4695c5edf6a2e70e376d961ddd5c969f82b"
checksum = "5b0276cf7f2c73365f7157c8123c21cd9a50fbbd844757af28ca1f5925fc2a00"
dependencies = [
"proc-macro2",
"quote",
@@ -2088,9 +2205,9 @@ dependencies = [
[[package]]
name = "serde_json"
version = "1.0.139"
version = "1.0.140"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "44f86c3acccc9c65b153fe1b85a3be07fe5515274ec9f0653b4a0875731c72a6"
checksum = "20068b6e96dc6c9bd23e01df8827e6c7e1f2fddd43c21810382803c136b99373"
dependencies = [
"itoa",
"memchr",
@@ -2201,9 +2318,9 @@ checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f"
[[package]]
name = "syn"
version = "2.0.98"
version = "2.0.100"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "36147f1a48ae0ec2b5b3bc5b537d267457555a10dc06f3dbc8cb11ba3006d3b1"
checksum = "b09a44accad81e1ba1cd74a32461ba89dee89095ba17b32f5d03683b1b1fc2a0"
dependencies = [
"proc-macro2",
"quote",
@@ -2636,6 +2753,16 @@ version = "0.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
[[package]]
name = "windows"
version = "0.58.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "dd04d41d93c4992d421894c18c8b43496aa748dd4c081bac0dc93eb0489272b6"
dependencies = [
"windows-core 0.58.0",
"windows-targets 0.52.6",
]
[[package]]
name = "windows-core"
version = "0.52.0"
@@ -2645,6 +2772,66 @@ dependencies = [
"windows-targets 0.52.6",
]
[[package]]
name = "windows-core"
version = "0.58.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6ba6d44ec8c2591c134257ce647b7ea6b20335bf6379a27dac5f1641fcf59f99"
dependencies = [
"windows-implement",
"windows-interface",
"windows-result",
"windows-strings",
"windows-targets 0.52.6",
]
[[package]]
name = "windows-implement"
version = "0.58.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2bbd5b46c938e506ecbce286b6628a02171d56153ba733b6c741fc627ec9579b"
dependencies = [
"proc-macro2",
"quote",
"syn",
]
[[package]]
name = "windows-interface"
version = "0.58.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "053c4c462dc91d3b1504c6fe5a726dd15e216ba718e84a0e46a88fbe5ded3515"
dependencies = [
"proc-macro2",
"quote",
"syn",
]
[[package]]
name = "windows-link"
version = "0.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "76840935b766e1b0a05c0066835fb9ec80071d4c09a16f6bd5f7e655e3c14c38"
[[package]]
name = "windows-result"
version = "0.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1d1043d8214f791817bab27572aaa8af63732e11bf84aa21a45a78d6c317ae0e"
dependencies = [
"windows-targets 0.52.6",
]
[[package]]
name = "windows-strings"
version = "0.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4cd9b125c486025df0eabcb585e62173c6c9eddcec5d117d3b6e8c30e2ee4d10"
dependencies = [
"windows-result",
"windows-targets 0.52.6",
]
[[package]]
name = "windows-sys"
version = "0.48.0"

54
MODULE.bazel
View File

@@ -71,13 +71,13 @@ use_repo(
tree_sitter_extractors_deps = use_extension("//misc/bazel/3rdparty:tree_sitter_extractors_extension.bzl", "r")
use_repo(
tree_sitter_extractors_deps,
"vendor_ts__anyhow-1.0.96",
"vendor_ts__anyhow-1.0.97",
"vendor_ts__argfile-0.2.1",
"vendor_ts__chalk-ir-0.99.0",
"vendor_ts__chrono-0.4.39",
"vendor_ts__clap-4.5.31",
"vendor_ts__chalk-ir-0.100.0",
"vendor_ts__chrono-0.4.40",
"vendor_ts__clap-4.5.32",
"vendor_ts__dunce-1.0.5",
"vendor_ts__either-1.14.0",
"vendor_ts__either-1.15.0",
"vendor_ts__encoding-0.2.33",
"vendor_ts__figment-0.10.19",
"vendor_ts__flate2-1.1.0",
@@ -88,31 +88,31 @@ use_repo(
"vendor_ts__mustache-0.9.0",
"vendor_ts__num-traits-0.2.19",
"vendor_ts__num_cpus-1.16.0",
"vendor_ts__proc-macro2-1.0.93",
"vendor_ts__quote-1.0.38",
"vendor_ts__ra_ap_base_db-0.0.266",
"vendor_ts__ra_ap_cfg-0.0.266",
"vendor_ts__ra_ap_hir-0.0.266",
"vendor_ts__ra_ap_hir_def-0.0.266",
"vendor_ts__ra_ap_hir_expand-0.0.266",
"vendor_ts__ra_ap_hir_ty-0.0.266",
"vendor_ts__ra_ap_ide_db-0.0.266",
"vendor_ts__ra_ap_intern-0.0.266",
"vendor_ts__ra_ap_load-cargo-0.0.266",
"vendor_ts__ra_ap_parser-0.0.266",
"vendor_ts__ra_ap_paths-0.0.266",
"vendor_ts__ra_ap_project_model-0.0.266",
"vendor_ts__ra_ap_span-0.0.266",
"vendor_ts__ra_ap_stdx-0.0.266",
"vendor_ts__ra_ap_syntax-0.0.266",
"vendor_ts__ra_ap_vfs-0.0.266",
"vendor_ts__proc-macro2-1.0.94",
"vendor_ts__quote-1.0.40",
"vendor_ts__ra_ap_base_db-0.0.270",
"vendor_ts__ra_ap_cfg-0.0.270",
"vendor_ts__ra_ap_hir-0.0.270",
"vendor_ts__ra_ap_hir_def-0.0.270",
"vendor_ts__ra_ap_hir_expand-0.0.270",
"vendor_ts__ra_ap_hir_ty-0.0.270",
"vendor_ts__ra_ap_ide_db-0.0.270",
"vendor_ts__ra_ap_intern-0.0.270",
"vendor_ts__ra_ap_load-cargo-0.0.270",
"vendor_ts__ra_ap_parser-0.0.270",
"vendor_ts__ra_ap_paths-0.0.270",
"vendor_ts__ra_ap_project_model-0.0.270",
"vendor_ts__ra_ap_span-0.0.270",
"vendor_ts__ra_ap_stdx-0.0.270",
"vendor_ts__ra_ap_syntax-0.0.270",
"vendor_ts__ra_ap_vfs-0.0.270",
"vendor_ts__rand-0.9.0",
"vendor_ts__rayon-1.10.0",
"vendor_ts__regex-1.11.1",
"vendor_ts__serde-1.0.218",
"vendor_ts__serde_json-1.0.139",
"vendor_ts__serde-1.0.219",
"vendor_ts__serde_json-1.0.140",
"vendor_ts__serde_with-3.12.0",
"vendor_ts__syn-2.0.98",
"vendor_ts__syn-2.0.100",
"vendor_ts__toml-0.8.20",
"vendor_ts__tracing-0.1.41",
"vendor_ts__tracing-flame-0.2.0",
@@ -155,7 +155,7 @@ use_repo(csharp_main_extension, "paket.main")
pip = use_extension("@rules_python//python/extensions:pip.bzl", "pip")
pip.parse(
hub_name = "codegen_deps",
python_version = "3.11",
python_version = "3.12",
requirements_lock = "//misc/codegen:requirements_lock.txt",
)
use_repo(pip, "codegen_deps")

7
actions/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,10 @@
## 0.4.6
### Bug Fixes
* The query `actions/code-injection/medium` now produces alerts for injection
vulnerabilities on `pull_request` events.
## 0.4.5
No user-facing changes.

6
actions/ql/lib/change-notes/released/0.4.6.md Normal file
View File

@@ -0,0 +1,6 @@
## 0.4.6
### Bug Fixes
* The query `actions/code-injection/medium` now produces alerts for injection
vulnerabilities on `pull_request` events.

2
actions/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.4.5
lastReleaseVersion: 0.4.6

10
actions/ql/lib/codeql/actions/config/Config.qll
View File

@@ -154,3 +154,13 @@ predicate untrustedGitCommandDataModel(string cmd_regex, string flag) {
predicate untrustedGhCommandDataModel(string cmd_regex, string flag) {
Extensions::untrustedGhCommandDataModel(cmd_regex, flag)
}
/**
* MaD models for permissions needed by actions
* Fields:
* - action: action name, e.g. `actions/checkout`
* - permission: permission name, e.g. `contents: read`
*/
predicate actionsPermissionsDataModel(string action, string permission) {
Extensions::actionsPermissionsDataModel(action, permission)
}

11
actions/ql/lib/codeql/actions/config/ConfigExtensions.qll
View File

@@ -77,3 +77,14 @@ extensible predicate untrustedGitCommandDataModel(string cmd_regex, string flag)
* Holds for gh commands that may introduce untrusted data
*/
extensible predicate untrustedGhCommandDataModel(string cmd_regex, string flag);
/**
* Holds if `action` needs `permission` to run.
* - 'action' is the name of the action without any version information.
* E.g. for the action selector `actions/checkout@v2`, `action` is `actions/checkout`.
* - `permission` is of the form `scope-name: read|write`, for example `contents: read`.
* - see https://github.com/actions/checkout?tab=readme-ov-file#recommended-permissions
* for an example of recommended permissions.
* - see https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/controlling-permissions-for-github_token for documentation of token permissions.
*/
extensible predicate actionsPermissionsDataModel(string action, string permission);

37
actions/ql/lib/ext/config/actions_permissions.yml Normal file
View File

@@ -0,0 +1,37 @@
extensions:
- addsTo:
pack: codeql/actions-all
extensible: actionsPermissionsDataModel
data:
- ["actions/checkout", "contents: read"]
- ["actions/setup-node", "contents: read"]
- ["actions/setup-python", "contents: read"]
- ["actions/setup-java", "contents: read"]
- ["actions/setup-go", "contents: read"]
- ["actions/setup-dotnet", "contents: read"]
- ["actions/labeler", "contents: read"]
- ["actions/labeler", "pull-requests: write"]
- ["actions/attest", "id-token: write"]
- ["actions/attest", "attestations: write"]
# No permissions needed for actions/add-to-project
- ["actions/dependency-review-action", "contents: read"]
- ["actions/attest-sbom", "id-token: write"]
- ["actions/attest-sbom", "attestations: write"]
- ["actions/stale", "contents: write"]
- ["actions/stale", "issues: write"]
- ["actions/stale", "pull-requests: write"]
- ["actions/attest-build-provenance", "id-token: write"]
- ["actions/attest-build-provenance", "attestations: write"]
- ["actions/jekyll-build-pages", "contents: read"]
- ["actions/jekyll-build-pages", "pages: write"]
- ["actions/jekyll-build-pages", "id-token: write"]
- ["actions/publish-action", "contents: write"]
- ["actions/versions-package-tools", "contents: read"]
- ["actions/versions-package-tools", "actions: read"]
- ["actions/reusable-workflows", "contents: read"]
- ["actions/reusable-workflows", "actions: read"]
# TODO: Add permissions for actions/download-artifact
# TODO: Add permissions for actions/upload-artifact
# TODO: Add permissions for actions/cache

3
actions/ql/lib/ext/config/context_event_map.yml
View File

@@ -30,6 +30,9 @@ extensions:
- ["pull_request_review_comment", "github.event.review"]
- ["pull_request_review_comment", "github.head_ref"]
- ["pull_request_review_comment", "github.event.changes"]
- ["pull_request", "github.event.pull_request"]
- ["pull_request", "github.head_ref"]
- ["pull_request", "github.event.changes"]
- ["pull_request_target", "github.event.pull_request"]
- ["pull_request_target", "github.head_ref"]
- ["pull_request_target", "github.event.changes"]

1
actions/ql/lib/ext/config/externally_triggereable_events.yml
View File

@@ -12,6 +12,7 @@ extensions:
- ["pull_request_comment"]
- ["pull_request_review"]
- ["pull_request_review_comment"]
- ["pull_request"]
- ["pull_request_target"]
- ["workflow_run"] # depending on branch filter
- ["workflow_call"] # depending on caller

2
actions/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/actions-all
version: 0.4.6-dev
version: 0.4.7-dev
library: true
warnOnImplicitThis: true
dependencies:

15
actions/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,11 @@
## 0.5.3
### Bug Fixes
* Fixed typos in the query and alert titles for the queries
`actions/envpath-injection/critical`, `actions/envpath-injection/medium`,
`actions/envvar-injection/critical`, and `actions/envvar-injection/medium`.
## 0.5.2
No user-facing changes.
@@ -7,9 +15,10 @@ No user-facing changes.
### Bug Fixes
* The `actions/unversioned-immutable-action` query will no longer report any alerts, since the
Immutable Actions feature is not yet available for customer use. The query remains in the
default Code Scanning suites for use internal to GitHub. Once the Immutable Actions feature is
available, the query will be updated to report alerts again.
Immutable Actions feature is not yet available for customer use. The query has also been moved
to the experimental folder and will not be used in code scanning unless it is explicitly added
to a code scanning configuration. Once the Immutable Actions feature is available, the query will
be updated to report alerts again.
## 0.5.0

2
actions/ql/src/Security/CWE-1395/UseOfKnownVulnerableAction.ql
View File

@@ -1,5 +1,5 @@
/**
* @name Use of a known vulnerable action.
* @name Use of a known vulnerable action
* @description The workflow is using an action with known vulnerabilities.
* @kind problem
* @problem.severity error

21
actions/ql/src/Security/CWE-275/MissingActionsPermissions.ql
View File

@@ -14,7 +14,19 @@
import actions
from Job job
Step stepInJob(Job job) { result = job.(LocalJob).getAStep() }
string jobNeedsPermission(Job job) {
actionsPermissionsDataModel(stepInJob(job).(UsesStep).getCallee(), result)
}
/** Gets a suggestion for the minimal token permissions for `job`, as a JSON string. */
string permissionsForJob(Job job) {
result =
"{" + concat(string permission | permission = jobNeedsPermission(job) | permission, ", ") + "}"
}
from Job job, string permissions
where
not exists(job.getPermissions()) and
not exists(job.getEnclosingWorkflow().getPermissions()) and
@@ -22,5 +34,8 @@ where
exists(Event e |
e = job.getATriggerEvent() and
not e.getName() = "workflow_call"
)
select job, "Actions Job or Workflow does not set permissions"
) and
permissions = permissionsForJob(job)
select job,
"Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: "
+ permissions

2
actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql
View File

@@ -1,5 +1,5 @@
/**
* @name Checkout of untrusted code in trusted context
* @name Checkout of untrusted code in a privileged context
* @description Privileged workflows have read/write access to the base repository and access to secrets.
* By explicitly checking out and running the build script from a fork the untrusted code is running in an environment
* that is able to push to the base repository and to access secrets.

4
actions/ql/src/change-notes/2025-02-04-suggest-actions-permissions.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: fix
---
* Alerts produced by the query `actions/missing-workflow-permissions` now include a minimal set of recommended permissions in the alert message, based on well-known actions seen within the workflow file.

9
actions/ql/src/change-notes/2025-03-13-environment-query-names.md → actions/ql/src/change-notes/released/0.5.3.md
View File

@@ -1,6 +1,7 @@
---
category: fix
---
## 0.5.3
### Bug Fixes
* Fixed typos in the query and alert titles for the queries
`actions/envpath-injection/critical`, `actions/envpath-injection/medium`,
`actions/envvar-injection/critical`, and `actions/envvar-injection/medium`.
`actions/envvar-injection/critical`, and `actions/envvar-injection/medium`.

2
actions/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.5.2
lastReleaseVersion: 0.5.3

0
actions/ql/src/codeql-suites/actions-ccr.qls → actions/ql/src/codeql-suites/actions-code-quality.qls
View File

2
actions/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/actions-queries
version: 0.5.3-dev
version: 0.5.4-dev
library: false
warnOnImplicitThis: true
groups: [actions, queries]

2
actions/ql/test/query-tests/Security/CWE-094/CodeInjectionCritical.expected
View File

@@ -400,6 +400,7 @@ nodes
| .github/workflows/level0.yml:44:20:44:49 | github.event.issue.body | semmle.label | github.event.issue.body |
| .github/workflows/level0.yml:69:35:69:66 | github.event.comment.body | semmle.label | github.event.comment.body |
| .github/workflows/level1.yml:37:38:37:81 | github.event.workflow_run.head_branch | semmle.label | github.event.workflow_run.head_branch |
| .github/workflows/priv_pull_request.yml:14:21:14:57 | github.event.pull_request.body | semmle.label | github.event.pull_request.body |
| .github/workflows/pull_request_review.yml:7:19:7:56 | github.event.pull_request.title | semmle.label | github.event.pull_request.title |
| .github/workflows/pull_request_review.yml:8:19:8:55 | github.event.pull_request.body | semmle.label | github.event.pull_request.body |
| .github/workflows/pull_request_review.yml:9:19:9:61 | github.event.pull_request.head.label | semmle.label | github.event.pull_request.head.label |
@@ -629,6 +630,7 @@ nodes
| .github/workflows/test19.yml:124:9:129:6 | Run Step: title3 [title] | semmle.label | Run Step: title3 [title] |
| .github/workflows/test19.yml:125:14:128:50 | TITLE=$(gh issue view "$ISSUE_NUMBER" --json title,author)\nTITLE=$(echo $TITLE \| jq -r '.title')\necho "title=$TITLE" >> "$GITHUB_OUTPUT"\n | semmle.label | TITLE=$(gh issue view "$ISSUE_NUMBER" --json title,author)\nTITLE=$(echo $TITLE \| jq -r '.title')\necho "title=$TITLE" >> "$GITHUB_OUTPUT"\n |
| .github/workflows/test19.yml:129:21:129:52 | steps.title3.outputs.title | semmle.label | steps.title3.outputs.title |
| .github/workflows/test20.yml:15:54:15:94 | github.event.pull_request.head.ref | semmle.label | github.event.pull_request.head.ref |
| .github/workflows/test21.yml:22:35:22:73 | github.event.head_commit.message | semmle.label | github.event.head_commit.message |
| .github/workflows/test21.yml:23:36:23:74 | github.event.head_commit.message | semmle.label | github.event.head_commit.message |
| .github/workflows/test21.yml:24:50:24:88 | github.event.head_commit.message | semmle.label | github.event.head_commit.message |

3
actions/ql/test/query-tests/Security/CWE-094/CodeInjectionMedium.expected
View File

@@ -400,6 +400,7 @@ nodes
| .github/workflows/level0.yml:44:20:44:49 | github.event.issue.body | semmle.label | github.event.issue.body |
| .github/workflows/level0.yml:69:35:69:66 | github.event.comment.body | semmle.label | github.event.comment.body |
| .github/workflows/level1.yml:37:38:37:81 | github.event.workflow_run.head_branch | semmle.label | github.event.workflow_run.head_branch |
| .github/workflows/priv_pull_request.yml:14:21:14:57 | github.event.pull_request.body | semmle.label | github.event.pull_request.body |
| .github/workflows/pull_request_review.yml:7:19:7:56 | github.event.pull_request.title | semmle.label | github.event.pull_request.title |
| .github/workflows/pull_request_review.yml:8:19:8:55 | github.event.pull_request.body | semmle.label | github.event.pull_request.body |
| .github/workflows/pull_request_review.yml:9:19:9:61 | github.event.pull_request.head.label | semmle.label | github.event.pull_request.head.label |
@@ -629,6 +630,7 @@ nodes
| .github/workflows/test19.yml:124:9:129:6 | Run Step: title3 [title] | semmle.label | Run Step: title3 [title] |
| .github/workflows/test19.yml:125:14:128:50 | TITLE=$(gh issue view "$ISSUE_NUMBER" --json title,author)\nTITLE=$(echo $TITLE \| jq -r '.title')\necho "title=$TITLE" >> "$GITHUB_OUTPUT"\n | semmle.label | TITLE=$(gh issue view "$ISSUE_NUMBER" --json title,author)\nTITLE=$(echo $TITLE \| jq -r '.title')\necho "title=$TITLE" >> "$GITHUB_OUTPUT"\n |
| .github/workflows/test19.yml:129:21:129:52 | steps.title3.outputs.title | semmle.label | steps.title3.outputs.title |
| .github/workflows/test20.yml:15:54:15:94 | github.event.pull_request.head.ref | semmle.label | github.event.pull_request.head.ref |
| .github/workflows/test21.yml:22:35:22:73 | github.event.head_commit.message | semmle.label | github.event.head_commit.message |
| .github/workflows/test21.yml:23:36:23:74 | github.event.head_commit.message | semmle.label | github.event.head_commit.message |
| .github/workflows/test21.yml:24:50:24:88 | github.event.head_commit.message | semmle.label | github.event.head_commit.message |
@@ -706,6 +708,7 @@ subpaths
| .github/workflows/inter-job2.yml:45:20:45:53 | needs.job1.outputs.job_output | .github/workflows/inter-job2.yml:22:9:26:6 | Uses Step: source | .github/workflows/inter-job2.yml:45:20:45:53 | needs.job1.outputs.job_output | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/inter-job2.yml:45:20:45:53 | needs.job1.outputs.job_output | ${{needs.job1.outputs.job_output}} |
| .github/workflows/inter-job4.yml:44:20:44:53 | needs.job1.outputs.job_output | .github/workflows/inter-job4.yml:22:9:26:6 | Uses Step: source | .github/workflows/inter-job4.yml:44:20:44:53 | needs.job1.outputs.job_output | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/inter-job4.yml:44:20:44:53 | needs.job1.outputs.job_output | ${{needs.job1.outputs.job_output}} |
| .github/workflows/inter-job5.yml:45:20:45:53 | needs.job1.outputs.job_output | .github/workflows/inter-job5.yml:45:20:45:53 | needs.job1.outputs.job_output | .github/workflows/inter-job5.yml:45:20:45:53 | needs.job1.outputs.job_output | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/inter-job5.yml:45:20:45:53 | needs.job1.outputs.job_output | ${{needs.job1.outputs.job_output}} |
| .github/workflows/priv_pull_request.yml:14:21:14:57 | github.event.pull_request.body | .github/workflows/priv_pull_request.yml:14:21:14:57 | github.event.pull_request.body | .github/workflows/priv_pull_request.yml:14:21:14:57 | github.event.pull_request.body | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/priv_pull_request.yml:14:21:14:57 | github.event.pull_request.body | ${{ github.event.pull_request.body }} |
| .github/workflows/push.yml:7:19:7:57 | github.event.commits[11].message | .github/workflows/push.yml:7:19:7:57 | github.event.commits[11].message | .github/workflows/push.yml:7:19:7:57 | github.event.commits[11].message | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/push.yml:7:19:7:57 | github.event.commits[11].message | ${{ github.event.commits[11].message }} |
| .github/workflows/push.yml:8:19:8:62 | github.event.commits[11].author.email | .github/workflows/push.yml:8:19:8:62 | github.event.commits[11].author.email | .github/workflows/push.yml:8:19:8:62 | github.event.commits[11].author.email | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/push.yml:8:19:8:62 | github.event.commits[11].author.email | ${{ github.event.commits[11].author.email }} |
| .github/workflows/push.yml:9:19:9:61 | github.event.commits[11].author.name | .github/workflows/push.yml:9:19:9:61 | github.event.commits[11].author.name | .github/workflows/push.yml:9:19:9:61 | github.event.commits[11].author.name | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/push.yml:9:19:9:61 | github.event.commits[11].author.name | ${{ github.event.commits[11].author.name }} |

13
actions/ql/test/query-tests/Security/CWE-275/.github/workflows/perms6.yml vendored Normal file
View File

@@ -0,0 +1,13 @@
on:
workflow_call:
workflow_dispatch:
jobs:
build:
name: Build and test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/jekyll-build-pages

10
actions/ql/test/query-tests/Security/CWE-275/.github/workflows/perms7.yml vendored Normal file
View File

@@ -0,0 +1,10 @@
on:
workflow_call:
workflow_dispatch:
jobs:
build:
name: Build and test
runs-on: ubuntu-latest
steps:
- uses: actions/add-to-project@v2

8
actions/ql/test/query-tests/Security/CWE-275/MissingActionsPermissions.expected
View File

@@ -1,3 +1,5 @@
| .github/workflows/perms1.yml:6:5:9:32 | Job: build | Actions Job or Workflow does not set permissions |
| .github/workflows/perms2.yml:6:5:10:2 | Job: build | Actions Job or Workflow does not set permissions |
| .github/workflows/perms5.yml:7:5:10:32 | Job: build | Actions Job or Workflow does not set permissions |
| .github/workflows/perms1.yml:6:5:9:32 | Job: build | Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read} |
| .github/workflows/perms2.yml:6:5:10:2 | Job: build | Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read} |
| .github/workflows/perms5.yml:7:5:10:32 | Job: build | Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read} |
| .github/workflows/perms6.yml:7:5:11:39 | Job: build | Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read, id-token: write, pages: write} |
| .github/workflows/perms7.yml:7:5:10:38 | Job: build | Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {} |

35
config/sync-files.py
View File

@@ -58,7 +58,19 @@ def file_checksum(filename):
with open(filename, 'rb') as file_handle:
return hashlib.sha1(file_handle.read()).hexdigest()
def check_group(group_name, files, master_file_picker, emit_error):
def accept_prefix(line1, line2):
suffix = line2.removeprefix(line1)
return not suffix or suffix.lstrip().startswith("//")
def equivalent_lines(lines1, lines2):
if len(lines1) != len(lines2):
return False
for line1, line2 in zip(lines1, lines2):
if not accept_prefix(line1, line2) and not accept_prefix(line2, line1):
return False
return True
def check_group(group_name, files, master_file_picker, emit_error, accept_prefix):
extant_files = [f for f in files if path.isfile(f)]
if len(extant_files) == 0:
emit_error(__file__, 0, "No files found from group '" + group_name + "'.")
@@ -70,11 +82,23 @@ def check_group(group_name, files, master_file_picker, emit_error):
return
checksums = {file_checksum(f) for f in extant_files}
if len(checksums) == 1 and len(extant_files) == len(files):
same_lengths = len(extant_files) == len(files)
if len(checksums) == 1 and same_lengths:
# All files are present and identical.
return
# In this case we also consider files indentical, if
# (1) The group only containts two files.
# (2) The lines of one file are the same as the lines of another file
# modulo comments.
if accept_prefix and same_lengths and len(extant_files) == 2:
with open(extant_files[0], 'r') as f1:
file1_lines = [l.strip('\n\r') for l in f1.readlines()]
with open(extant_files[1], 'r') as f2:
file2_lines = [l.strip('\n\r') for l in f2.readlines()]
if equivalent_lines(file1_lines, file2_lines):
return
master_file = master_file_picker(extant_files)
if master_file is None:
emit_error(__file__, 0,
@@ -139,9 +163,10 @@ def sync_identical_files(emit_error):
raise Exception("Bad command line or file not found")
chdir_repo_root()
load_if_exists('.', 'config/identical-files.json')
file_groups.update(csharp_test_files())
for group_name, files in csharp_test_files().items():
check_group(group_name, files, master_file_picker, emit_error, True)
for group_name, files in file_groups.items():
check_group(group_name, files, master_file_picker, emit_error)
check_group(group_name, files, master_file_picker, emit_error, False)
def main():
sync_identical_files(emit_local_error)

6
cpp/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,9 @@
## 4.1.0
### New Features
* Added `Node.asUncertainDefinition` and `Node.asCertainDefinition` to the `DataFlow::Node` class for querying whether a definition overwrites the entire destination buffer.
## 4.0.3
No user-facing changes.

5
cpp/ql/lib/change-notes/2025-03-31-calling-convention.md Normal file
View File

@@ -0,0 +1,5 @@
---
category: feature
---
* Calling conventions explicitly specified on function declarations (`__cdecl`, `__stdcall`, `__fastcall`, etc.) are now represented as specifiers of those declarations.
* A new class `CallingConventionSpecifier` extending the `Specifier` class was introduced, which represents explicitly specified calling conventions.

9
cpp/ql/lib/change-notes/2025-03-13-ascertaindef.md → cpp/ql/lib/change-notes/released/4.1.0.md
View File

@@ -1,4 +1,5 @@
---
category: feature
---
* Added `Node.asUncertainDefinition` and `Node.asCertainDefinition` to the `DataFlow::Node` class for querying whether a definition overwrites the entire destination buffer.
## 4.1.0
### New Features
* Added `Node.asUncertainDefinition` and `Node.asCertainDefinition` to the `DataFlow::Node` class for querying whether a definition overwrites the entire destination buffer.

2
cpp/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 4.0.3
lastReleaseVersion: 4.1.0

2
cpp/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/cpp-all
version: 4.0.4-dev
version: 4.1.1-dev
groups: cpp
dbscheme: semmlecode.cpp.dbscheme
extractor: cpp

12
cpp/ql/lib/semmle/code/cpp/Specifier.qll
View File

@@ -97,6 +97,18 @@ class AccessSpecifier extends Specifier {
override string getAPrimaryQlClass() { result = "AccessSpecifier" }
}
/**
* A C/C++ calling convention specifier: `cdecl`, `fastcall`, `stdcall`, `thiscall`,
* `vectorcall`, or `clrcall`.
*/
class CallingConventionSpecifier extends Specifier {
CallingConventionSpecifier() {
this.hasName(["cdecl", "fastcall", "stdcall", "thiscall", "vectorcall", "clrcall"])
}
override string getAPrimaryQlClass() { result = "CallingConventionSpecifier" }
}
/**
* An attribute introduced by GNU's `__attribute__((name))` syntax,
* Microsoft's `__declspec(name)` syntax, Microsoft's `[name]` syntax, the

140
cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll
View File

@@ -1834,7 +1834,47 @@ module IteratorFlow {
private module IteratorSsa = SsaImpl::Make<Location, SsaInput>;
private class Def extends IteratorSsa::DefinitionExt {
private module DataFlowIntegrationInput implements IteratorSsa::DataFlowIntegrationInputSig {
private import codeql.util.Void
class Expr extends Instruction {
Expr() {
exists(IRBlock bb, int i |
SsaInput::variableRead(bb, i, _, true) and
this = bb.getInstruction(i)
)
}
predicate hasCfgNode(SsaInput::BasicBlock bb, int i) { bb.getInstruction(i) = this }
}
predicate ssaDefHasSource(IteratorSsa::WriteDefinition def) { none() }
predicate allowFlowIntoUncertainDef(IteratorSsa::UncertainWriteDefinition def) { any() }
class Guard extends Void {
predicate controlsBranchEdge(
SsaInput::BasicBlock bb1, SsaInput::BasicBlock bb2, boolean branch
) {
none()
}
}
predicate guardDirectlyControlsBlock(Guard guard, SsaInput::BasicBlock bb, boolean branch) {
none()
}
predicate supportBarrierGuardsOnPhiEdges() { none() }
}
private module DataFlowIntegrationImpl =
IteratorSsa::DataFlowIntegration<DataFlowIntegrationInput>;
private class IteratorSynthNode extends DataFlowIntegrationImpl::SsaNode {
IteratorSynthNode() { not this.asDefinition() instanceof IteratorSsa::WriteDefinition }
}
private class Def extends IteratorSsa::Definition {
final override Location getLocation() { result = this.getImpl().getLocation() }
/**
@@ -1842,7 +1882,7 @@ module IteratorFlow {
* and is a definition (or use) of the variable `sv`.
*/
predicate hasIndexInBlock(IRBlock block, int index, SourceVariable sv) {
super.definesAt(sv, block, index, _)
super.definesAt(sv, block, index)
}
private Ssa::DefImpl getImpl() {
@@ -1859,46 +1899,15 @@ module IteratorFlow {
int getIndirectionIndex() { result = this.getImpl().getIndirectionIndex() }
}
private class PhiNode extends IteratorSsa::DefinitionExt {
PhiNode() {
this instanceof IteratorSsa::PhiNode or
this instanceof IteratorSsa::PhiReadNode
}
SsaIteratorNode getNode() { result.getIteratorFlowNode() = this }
}
cached
private module IteratorSsaCached {
cached
predicate adjacentDefRead(IRBlock bb1, int i1, SourceVariable sv, IRBlock bb2, int i2) {
IteratorSsa::adjacentDefReadExt(_, sv, bb1, i1, bb2, i2)
or
exists(PhiNode phi |
IteratorSsa::lastRefRedefExt(_, sv, bb1, i1, phi) and
phi.definesAt(sv, bb2, i2, _)
)
}
cached
Node getAPriorDefinition(IteratorSsa::DefinitionExt next) {
exists(IRBlock bb, int i, SourceVariable sv, IteratorSsa::DefinitionExt def |
IteratorSsa::lastRefRedefExt(pragma[only_bind_into](def), pragma[only_bind_into](sv),
pragma[only_bind_into](bb), pragma[only_bind_into](i), next) and
nodeToDefOrUse(result, sv, bb, i, _)
)
}
}
/** The set of nodes necessary for iterator flow. */
class IteratorFlowNode instanceof PhiNode {
class IteratorFlowNode instanceof IteratorSynthNode {
/** Gets a textual representation of this node. */
string toString() { result = super.toString() }
/** Gets the type of this node. */
DataFlowType getType() {
exists(Ssa::SourceVariable sv |
super.definesAt(sv, _, _, _) and
super.getSourceVariable() = sv and
result = sv.getType()
)
}
@@ -1910,60 +1919,33 @@ module IteratorFlow {
Location getLocation() { result = super.getBasicBlock().getLocation() }
}
private import IteratorSsaCached
private predicate defToNode(Node node, Def def, boolean uncertain) {
(
nodeHasOperand(node, def.getValue().asOperand(), def.getIndirectionIndex())
or
nodeHasInstruction(node, def.getValue().asInstruction(), def.getIndirectionIndex())
) and
uncertain = false
private predicate defToNode(Node node, Def def) {
nodeHasOperand(node, def.getValue().asOperand(), def.getIndirectionIndex())
or
nodeHasInstruction(node, def.getValue().asInstruction(), def.getIndirectionIndex())
}
private predicate nodeToDefOrUse(
Node node, SourceVariable sv, IRBlock bb, int i, boolean uncertain
) {
exists(Def def |
def.hasIndexInBlock(bb, i, sv) and
defToNode(node, def, uncertain)
bindingset[result, v]
pragma[inline_late]
private DataFlowIntegrationImpl::Node fromDfNode(Node n, SourceVariable v) {
result = n.(SsaIteratorNode).getIteratorFlowNode()
or
exists(Ssa::UseImpl use, IRBlock bb, int i |
result.(DataFlowIntegrationImpl::ExprNode).getExpr().hasCfgNode(bb, i) and
use.hasIndexInBlock(bb, i, v) and
use.getNode() = n
)
or
useToNode(bb, i, sv, node) and
uncertain = false
}
private predicate useToNode(IRBlock bb, int i, SourceVariable sv, Node nodeTo) {
exists(PhiNode phi |
phi.definesAt(sv, bb, i, _) and
nodeTo = phi.getNode()
)
or
exists(Ssa::UseImpl use |
use.hasIndexInBlock(bb, i, sv) and
nodeTo = use.getNode()
)
defToNode(n, result.(DataFlowIntegrationImpl::SsaDefinitionNode).getDefinition())
}
/**
* Holds if `nodeFrom` flows to `nodeTo` in a single step.
*/
predicate localFlowStep(Node nodeFrom, Node nodeTo) {
exists(
Node nFrom, SourceVariable sv, IRBlock bb1, int i1, IRBlock bb2, int i2, boolean uncertain
|
adjacentDefRead(bb1, i1, sv, bb2, i2) and
nodeToDefOrUse(nFrom, sv, bb1, i1, uncertain) and
useToNode(bb2, i2, sv, nodeTo)
|
if uncertain = true
then
nodeFrom =
[
nFrom,
getAPriorDefinition(any(IteratorSsa::DefinitionExt next | next.definesAt(sv, bb1, i1, _)))
]
else nFrom = nodeFrom
exists(SourceVariable v |
nodeFrom != nodeTo and
DataFlowIntegrationImpl::localFlowStep(v, fromDfNode(nodeFrom, v), fromDfNode(nodeTo, v), _)
)
}
}

16
cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll
View File

@@ -956,8 +956,6 @@ class GlobalDef extends Definition {
private module SsaImpl = SsaImplCommon::Make<Location, SsaInput>;
private module DataFlowIntegrationInput implements SsaImpl::DataFlowIntegrationInputSig {
private import codeql.util.Void
class Expr extends Instruction {
Expr() {
exists(IRBlock bb, int i |
@@ -977,13 +975,7 @@ private module DataFlowIntegrationInput implements SsaImpl::DataFlowIntegrationI
)
}
predicate ssaDefAssigns(SsaImpl::WriteDefinition def, Expr value) { none() }
class Parameter extends Void {
Location getLocation() { none() }
}
predicate ssaDefInitializesParam(SsaImpl::WriteDefinition def, Parameter p) { none() }
predicate ssaDefHasSource(SsaImpl::WriteDefinition def) { none() }
predicate allowFlowIntoUncertainDef(SsaImpl::UncertainWriteDefinition def) { any() }
@@ -1007,9 +999,11 @@ private module DataFlowIntegrationInput implements SsaImpl::DataFlowIntegrationI
}
}
predicate guardControlsBlock(Guard guard, SsaInput::BasicBlock bb, boolean branch) {
predicate guardDirectlyControlsBlock(Guard guard, SsaInput::BasicBlock bb, boolean branch) {
guard.(IRGuards::IRGuardCondition).controls(bb, branch)
}
predicate keepAllPhiInputBackEdges() { any() }
}
private module DataFlowIntegrationImpl = SsaImpl::DataFlowIntegration<DataFlowIntegrationInput>;
@@ -1075,7 +1069,7 @@ module BarrierGuard<guardChecksNodeSig/3 guardChecksNode> {
bindingset[result, v]
pragma[inline_late]
DataFlowIntegrationImpl::Node fromDfNode(Node n, SourceVariable v) {
private DataFlowIntegrationImpl::Node fromDfNode(Node n, SourceVariable v) {
result = n.(SsaSynthNode).getSynthNode()
or
exists(UseImpl use, IRBlock bb, int i |

7
cpp/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,10 @@
## 1.3.7
### Minor Analysis Improvements
* Fixed a bug in the models for Microsoft's Active Template Library (ATL).
* The query "Use of basic integral type" (`cpp/jpl-c/basic-int-types`) no longer produces alerts for the standard fixed width integer types (`int8_t`, `uint8_t`, etc.), and the `_Bool` and `bool` types.
## 1.3.6
No user-facing changes.

4
cpp/ql/src/Diagnostics/ExtractionWarnings.ql
View File

@@ -14,5 +14,5 @@ where
or
warning instanceof ExtractionUnknownProblem
select warning,
"Extraction failed in " + warning.getFile() + " with warning " + warning.getProblemMessage(),
warning.getSeverity()
"Extraction failed in " + warning.getFile() + " with warning " +
warning.getProblemMessage().replaceAll("$", "$$"), warning.getSeverity()

5
cpp/ql/src/Diagnostics/Internal/ExtractionErrors.ql
View File

@@ -17,5 +17,6 @@ from ExtractionError error
where
error instanceof ExtractionUnknownError or
exists(error.getFile().getRelativePath())
select error, "Extraction failed in " + error.getFile() + " with error " + error.getErrorMessage(),
error.getSeverity()
select error,
"Extraction failed in " + error.getFile() + " with error " +
error.getErrorMessage().replaceAll("$", "$$"), error.getSeverity()

4
cpp/ql/src/change-notes/2025-03-14-mad-atl-fix.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Fixed a bug in the models for Microsoft's Active Template Library (ATL).

10
cpp/ql/src/change-notes/2025-03-11-basic-int-types.md → cpp/ql/src/change-notes/released/1.3.7.md
View File

@@ -1,4 +1,6 @@
---
category: minorAnalysis
---
* The query "Use of basic integral type" (`cpp/jpl-c/basic-int-types`) no longer produces alerts for the standard fixed width integer types (`int8_t`, `uint8_t`, etc.), and the `_Bool` and `bool` types.
## 1.3.7
### Minor Analysis Improvements
* Fixed a bug in the models for Microsoft's Active Template Library (ATL).
* The query "Use of basic integral type" (`cpp/jpl-c/basic-int-types`) no longer produces alerts for the standard fixed width integer types (`int8_t`, `uint8_t`, etc.), and the `_Bool` and `bool` types.

2
cpp/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.3.6
lastReleaseVersion: 1.3.7

0
cpp/ql/src/codeql-suites/cpp-ccr.qls → cpp/ql/src/codeql-suites/cpp-code-quality.qls
View File

2
cpp/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/cpp-queries
version: 1.3.7-dev
version: 1.3.8-dev
groups:
- cpp
- queries

7
cpp/ql/test/library-tests/calling-convention/calling-convention.expected Normal file
View File

@@ -0,0 +1,7 @@
| test.cpp:4:21:4:35 | definition of thiscall_method | thiscall |
| test.cpp:7:14:7:23 | definition of func_cdecl | cdecl |
| test.cpp:9:16:9:27 | definition of func_stdcall | stdcall |
| test.cpp:11:17:11:29 | definition of func_fastcall | fastcall |
| test.cpp:13:20:13:34 | definition of func_vectorcall | vectorcall |
| test.cpp:15:13:15:25 | definition of func_overload | cdecl |
| test.cpp:16:15:16:27 | definition of func_overload | stdcall |

5
cpp/ql/test/library-tests/calling-convention/calling-convention.ql Normal file
View File

@@ -0,0 +1,5 @@
import cpp
from FunctionDeclarationEntry func, CallingConventionSpecifier ccs
where ccs.hasName(func.getASpecifier())
select func, func.getASpecifier()

16
cpp/ql/test/library-tests/calling-convention/test.cpp Normal file
View File

@@ -0,0 +1,16 @@
// semmle-extractor-options: --microsoft
struct call_conventions {
void __thiscall thiscall_method() {}
};
void __cdecl func_cdecl() {}
void __stdcall func_stdcall() {}
void __fastcall func_fastcall() {}
void __vectorcall func_vectorcall() {}
int __cdecl func_overload() {}
int __stdcall func_overload(int x) {}

22
cpp/ql/test/library-tests/dataflow/dataflow-tests/localFlow-ir.expected
View File

@@ -68,31 +68,23 @@
| test.cpp:10:8:10:9 | t2 | test.cpp:11:7:11:8 | [input] SSA phi read(t2) |
| test.cpp:10:8:10:9 | t2 | test.cpp:11:7:11:8 | [input] SSA phi(*t2) |
| test.cpp:10:8:10:9 | t2 | test.cpp:13:10:13:11 | t2 |
| test.cpp:11:7:11:8 | [input] SSA phi read(t2) | test.cpp:15:3:15:6 | SSA phi read(t2) |
| test.cpp:11:7:11:8 | [input] SSA phi(*t2) | test.cpp:15:3:15:6 | SSA phi(*t2) |
| test.cpp:11:7:11:8 | [input] SSA phi read(t2) | test.cpp:15:8:15:9 | t2 |
| test.cpp:11:7:11:8 | [input] SSA phi(*t2) | test.cpp:15:8:15:9 | t2 |
| test.cpp:11:7:11:8 | t1 | test.cpp:21:8:21:9 | t1 |
| test.cpp:12:5:12:10 | ... = ... | test.cpp:13:10:13:11 | t2 |
| test.cpp:12:10:12:10 | 0 | test.cpp:12:5:12:10 | ... = ... |
| test.cpp:13:5:13:8 | [input] SSA phi read(t2) | test.cpp:15:3:15:6 | SSA phi read(t2) |
| test.cpp:13:5:13:8 | [input] SSA phi(*t2) | test.cpp:15:3:15:6 | SSA phi(*t2) |
| test.cpp:13:10:13:11 | t2 | test.cpp:13:5:13:8 | [input] SSA phi read(t2) |
| test.cpp:13:10:13:11 | t2 | test.cpp:13:5:13:8 | [input] SSA phi(*t2) |
| test.cpp:15:3:15:6 | SSA phi read(t2) | test.cpp:15:8:15:9 | t2 |
| test.cpp:15:3:15:6 | SSA phi(*t2) | test.cpp:15:8:15:9 | t2 |
| test.cpp:13:10:13:11 | t2 | test.cpp:15:8:15:9 | t2 |
| test.cpp:13:10:13:11 | t2 | test.cpp:15:8:15:9 | t2 |
| test.cpp:15:8:15:9 | t2 | test.cpp:23:15:23:16 | [input] SSA phi read(*t2) |
| test.cpp:15:8:15:9 | t2 | test.cpp:23:15:23:16 | [input] SSA phi read(t2) |
| test.cpp:17:3:17:8 | ... = ... | test.cpp:21:8:21:9 | t1 |
| test.cpp:17:8:17:8 | 0 | test.cpp:17:3:17:8 | ... = ... |
| test.cpp:21:8:21:9 | t1 | test.cpp:23:15:23:16 | [input] SSA phi read(t1) |
| test.cpp:21:8:21:9 | t1 | test.cpp:23:15:23:16 | [input] SSA phi(*t1) |
| test.cpp:21:8:21:9 | t1 | test.cpp:23:19:23:19 | SSA phi read(t1) |
| test.cpp:21:8:21:9 | t1 | test.cpp:23:19:23:19 | SSA phi(*t1) |
| test.cpp:23:15:23:16 | 0 | test.cpp:23:15:23:16 | 0 |
| test.cpp:23:15:23:16 | 0 | test.cpp:23:15:23:16 | [input] SSA phi(*i) |
| test.cpp:23:15:23:16 | 0 | test.cpp:23:19:23:19 | SSA phi(*i) |
| test.cpp:23:15:23:16 | [input] SSA phi read(*t2) | test.cpp:23:19:23:19 | SSA phi read(*t2) |
| test.cpp:23:15:23:16 | [input] SSA phi read(i) | test.cpp:23:19:23:19 | SSA phi read(i) |
| test.cpp:23:15:23:16 | [input] SSA phi read(t1) | test.cpp:23:19:23:19 | SSA phi read(t1) |
| test.cpp:23:15:23:16 | [input] SSA phi read(t2) | test.cpp:23:19:23:19 | SSA phi read(t2) |
| test.cpp:23:15:23:16 | [input] SSA phi(*i) | test.cpp:23:19:23:19 | SSA phi(*i) |
| test.cpp:23:15:23:16 | [input] SSA phi(*t1) | test.cpp:23:19:23:19 | SSA phi(*t1) |
| test.cpp:23:19:23:19 | SSA phi read(*t2) | test.cpp:24:10:24:11 | t2 |
| test.cpp:23:19:23:19 | SSA phi read(i) | test.cpp:23:19:23:19 | i |
| test.cpp:23:19:23:19 | SSA phi read(t1) | test.cpp:23:23:23:24 | t1 |

127
cpp/ql/test/library-tests/preprocessor/preprocessor/pp.cpp
View File

@@ -10,7 +10,7 @@
// semmle-extractor-options: -I${testdir}/more_headers/ "-U SOME_SYM"
#undef BAR
#define SCARY(a,aa,aaah) /* we ignore a */ (aa /* but we take aa */) /* and we ignore aaa */
#define LOG(fmt, ...) printf("Warning: %s", fmt, __VA__ARGS__)
#define LOG(fmt, ...) printf("Warning: %s", fmt, __VA__ARGS__)
#include "pp.h"
#if 0
@@ -59,7 +59,7 @@ public:
#else
#define IN_TEMPLATE
#endif
static int val;
};
@@ -71,7 +71,128 @@ templateClassContext<int> tcci;
#define BAR
#if defined(BAR) && \
#if defined(BAR) &&\
defined(BAR)
#warning BAR defined
#endif
#if defined MACROTHREE/**hello*/ && /*world*/\
/*hw*/ (defined(MACROONE)) /* macroone */
#endif
#if defined SIMPLE_COMMENT //this comment \
(defined(SIMPLE_COMMENT)) spans over multiple lines
#endif
#if defined(FOO) &&\
defined(BAR)
#define CONDITIONAL_MACRO_1 1
#endif
#if defined(FOO) && \
defined(BAR) && \
!defined(BAZ)
#define CONDITIONAL_MACRO_2 2
#endif
#define FOO 8
#define BAR 2
#define BAZ 4
#if ((FOO / BAR) \
== 4) && ((BAZ \
* QUX) \
> 10)
#define CONDITIONAL_MACRO_3 3
#endif
// Testing \t spaced PreprocessorIf
#if defined(FOO) && \
defined(BAR) && \
defined(BAZ)
#define CONDITIONAL_MACRO_4 4
#endif
#if defined /* //test */ SIMPLE_COMMENT //this comment \
(defined(SIMPLE_COMMENT)) spans over multiple lines
#endif
#warning foo \
#warning foo \
\
/* a comment */
#warning foo \
\
#warning foo \
\
// a comment
#define FOO 8
#define BAR 2
#define BAZ 4
#if ((FOO / BAR) \
== 4) && ((BAZ \
/** comment */ \
* QUX) \
/** comment */ \
> 10)
#define CONDITIONAL_MACRO_3 3
#endif
#define X 1
#define Y 2
#if defined(X) && \
/*this is a comment*/ defined(Y) \
// another comment
#endif
#warning FOO\
\
\
\
BAR
#warning foo \
\
/* comment */ \
\
#if/** */A/* ... */&&B
#endif
#if/** */ /**/ A
#endif
#if \
\
A && B
#endif
#ifdef /*
*/ FOOBAR
#warning a
#else
#warning b
#endif
#if /*
//test
*/ FOOBAR
#endif
#if/*...*//*...*/A
#endif

55
cpp/ql/test/library-tests/preprocessor/preprocessor/preproc.expected
View File

@@ -33,17 +33,64 @@
| pp.cpp:0:0:0:0 | pp.cpp | 50 | 2 | 50 | 48 | Macro | MACRO_TEMPLATECLASSCONTEXT_REFERENCED | 5 |
| pp.cpp:0:0:0:0 | pp.cpp | 54 | 3 | 54 | 39 | Macro | MACRO_TEMPLATEMETHODCONTEXT | 6 |
| pp.cpp:0:0:0:0 | pp.cpp | 57 | 1 | 57 | 21 | PreprocessorIfdef | INSTANTIATION | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 59 | 1 | 59 | 6 | PreprocessorElse | N/A | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 59 | 1 | 59 | 6 | PreprocessorElse | | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 60 | 3 | 60 | 21 | Macro | IN_TEMPLATE | |
| pp.cpp:0:0:0:0 | pp.cpp | 61 | 1 | 61 | 7 | PreprocessorEndif | N/A | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 61 | 1 | 61 | 7 | PreprocessorEndif | | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 69 | 1 | 69 | 21 | Macro | INSTANTIATION | |
| pp.cpp:0:0:0:0 | pp.cpp | 72 | 1 | 72 | 11 | Macro | BAR | |
| pp.cpp:0:0:0:0 | pp.cpp | 74 | 1 | 74 | 21 | PreprocessorIf | defined(BAR) && \\ | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 74 | 1 | 75 | 14 | PreprocessorIf | defined(BAR) && defined(BAR) | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 76 | 1 | 76 | 20 | PreprocessorWarning | BAR defined | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 77 | 1 | 77 | 6 | PreprocessorEndif | N/A | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 79 | 1 | 80 | 26 | PreprocessorIf | defined MACROTHREE && (defined(MACROONE)) | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 81 | 1 | 81 | 6 | PreprocessorEndif | N/A | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 83 | 1 | 83 | 26 | PreprocessorIf | defined SIMPLE_COMMENT | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 85 | 1 | 85 | 6 | PreprocessorEndif | N/A | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 87 | 1 | 88 | 16 | PreprocessorIf | defined(FOO) && defined(BAR) | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 90 | 1 | 90 | 6 | PreprocessorEndif | N/A | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 92 | 1 | 94 | 17 | PreprocessorIf | defined(FOO) && defined(BAR) && !defined(BAZ) | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 96 | 1 | 96 | 6 | PreprocessorEndif | N/A | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 98 | 1 | 98 | 13 | Macro | FOO | 8 |
| pp.cpp:0:0:0:0 | pp.cpp | 99 | 1 | 99 | 13 | Macro | BAR | 2 |
| pp.cpp:0:0:0:0 | pp.cpp | 100 | 1 | 100 | 13 | Macro | BAZ | 4 |
| pp.cpp:0:0:0:0 | pp.cpp | 101 | 1 | 104 | 8 | PreprocessorIf | ((FOO / BAR) == 4) && ((BAZ * QUX) > 10) | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 106 | 1 | 106 | 6 | PreprocessorEndif | N/A | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 109 | 1 | 111 | 13 | PreprocessorIf | defined(FOO) && defined(BAR) && defined(BAZ) | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 112 | 1 | 112 | 29 | Macro | CONDITIONAL_MACRO_4 | 4 |
| pp.cpp:0:0:0:0 | pp.cpp | 113 | 1 | 113 | 6 | PreprocessorEndif | N/A | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 116 | 1 | 116 | 39 | PreprocessorIf | defined SIMPLE_COMMENT | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 118 | 1 | 118 | 6 | PreprocessorEndif | N/A | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 120 | 1 | 120 | 12 | PreprocessorWarning | foo | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 122 | 1 | 122 | 12 | PreprocessorWarning | foo | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 126 | 1 | 126 | 12 | PreprocessorWarning | foo | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 129 | 1 | 129 | 12 | PreprocessorWarning | foo | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 134 | 1 | 134 | 13 | Macro | FOO | 8 |
| pp.cpp:0:0:0:0 | pp.cpp | 135 | 1 | 135 | 13 | Macro | BAR | 2 |
| pp.cpp:0:0:0:0 | pp.cpp | 136 | 1 | 136 | 13 | Macro | BAZ | 4 |
| pp.cpp:0:0:0:0 | pp.cpp | 137 | 1 | 142 | 8 | PreprocessorIf | ((FOO / BAR) == 4) && ((BAZ * QUX) > 10) | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 144 | 1 | 144 | 6 | PreprocessorEndif | N/A | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 146 | 1 | 146 | 11 | Macro | X | 1 |
| pp.cpp:0:0:0:0 | pp.cpp | 147 | 1 | 147 | 11 | Macro | Y | 2 |
| pp.cpp:0:0:0:0 | pp.cpp | 148 | 1 | 149 | 36 | PreprocessorIf | defined(X) && defined(Y) | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 151 | 1 | 151 | 6 | PreprocessorEndif | N/A | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 153 | 1 | 157 | 3 | PreprocessorWarning | FOO BAR | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 160 | 1 | 160 | 12 | PreprocessorWarning | foo | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 166 | 1 | 166 | 22 | PreprocessorIf | A &&B | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 167 | 1 | 167 | 6 | PreprocessorEndif | N/A | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 170 | 1 | 170 | 20 | PreprocessorIf | A | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 171 | 1 | 171 | 6 | PreprocessorEndif | N/A | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 173 | 1 | 175 | 6 | PreprocessorIf | A && B | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 176 | 1 | 176 | 6 | PreprocessorEndif | N/A | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 179 | 1 | 183 | 9 | PreprocessorIfdef | FOOBAR | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 185 | 1 | 185 | 5 | PreprocessorElse | N/A | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 186 | 1 | 186 | 10 | PreprocessorWarning | b | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 187 | 1 | 187 | 6 | PreprocessorEndif | N/A | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 190 | 1 | 194 | 9 | PreprocessorIf | FOOBAR | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 195 | 1 | 195 | 6 | PreprocessorEndif | N/A | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 197 | 1 | 197 | 18 | PreprocessorIf | A | N/A |
| pp.cpp:0:0:0:0 | pp.cpp | 198 | 1 | 198 | 6 | PreprocessorEndif | N/A | N/A |
| pp.h:0:0:0:0 | pp.h | 1 | 1 | 1 | 12 | PreprocessorPragma | once | N/A |
| pp.h:0:0:0:0 | pp.h | 2 | 1 | 2 | 29 | PreprocessorWarning | "This should happen" | N/A |
| pp.h:0:0:0:0 | pp.h | 3 | 1 | 3 | 27 | PreprocessorLine | 33 "emerald_city.h" | N/A |
| pp.h:0:0:0:0 | pp.h | 3 | 1 | 3 | 27 | PreprocessorLine | 33 "emerald_city.h" | N/A |
| pp.h:0:0:0:0 | pp.h | 4 | 1 | 4 | 30 | PreprocessorPragma | byte_order(big_endian) | N/A |
| pp.h:0:0:0:0 | pp.h | 5 | 1 | 5 | 33 | PreprocessorWarning | "Not in Kansas any more" | N/A |
| pp.h:0:0:0:0 | pp.h | 7 | 1 | 11 | 8 | Macro | MULTILINE | world a long |

4
cpp/ql/test/library-tests/specifiers2/specifiers2.expected
View File

@@ -27,7 +27,7 @@
| Function | cpp20.cpp:62:8:62:8 | operator= | operator= | extern, inline, is_constexpr, public |
| Function | cpp20.cpp:62:8:62:8 | operator= | operator= | extern, inline, is_constexpr, public |
| Function | cpp20.cpp:64:5:64:21 | TestExplicitBool4 | TestExplicitBool4 | explicit, extern, public |
| Function | file://:0:0:0:0 | TestExplicitBool | TestExplicitBool | explicit, has_trailing_return_type |
| Function | file://:0:0:0:0 | TestExplicitBool | TestExplicitBool | explicit |
| Function | file://:0:0:0:0 | operator delete | operator delete | extern |
| Function | file://:0:0:0:0 | operator new | operator new | extern |
| Function | specifiers2.c:11:6:11:6 | f | f | c_linkage, extern |
@@ -67,6 +67,8 @@
| Function | specifiers2pp.cpp:63:19:63:34 | member_constexpr | member_constexpr | const, declared_constexpr, inline, is_constexpr, private |
| Function | specifiers2pp.cpp:64:19:64:40 | member_const_constexpr | member_const_constexpr | const, declared_constexpr, inline, is_constexpr, private |
| FunctionDeclarationEntry | cpp20.cpp:11:14:11:24 | declaration of TestExplict | TestExplict | explicit |
| FunctionDeclarationEntry | cpp20.cpp:23:1:23:1 | declaration of TestExplicitBool | TestExplicitBool | has_trailing_return_type |
| FunctionDeclarationEntry | cpp20.cpp:24:1:24:16 | definition of TestExplicitBool | TestExplicitBool | has_trailing_return_type |
| FunctionDeclarationEntry | cpp20.cpp:40:23:40:23 | definition of TestExplicitBool2 | TestExplicitBool2 | explicit |
| FunctionDeclarationEntry | cpp20.cpp:51:5:51:5 | definition of TestExplicitBool3 | TestExplicitBool3 | explicit |
| FunctionDeclarationEntry | cpp20.cpp:51:5:51:21 | declaration of TestExplicitBool3 | TestExplicitBool3 | explicit |

1
cpp/ql/test/query-tests/Diagnostics/ExtractionErrors.expected
View File

@@ -1,2 +1,3 @@
| containserror.cpp:9:14:9:14 | Recoverable extraction error: 'x' has already been declared in the current scope | Extraction failed in containserror.cpp with error "containserror.cpp", line 9: error: "x" has already been declared in the current scope\n \tconst char *x = "Foo2 $$@ bar2 $$@ baz2";\n \t ^\n\n | 2 |
| doesnotcompile.cpp:4:2:4:2 | Recoverable extraction error: identifier 'This' is undefined | Extraction failed in doesnotcompile.cpp with error "doesnotcompile.cpp", line 4: error: identifier "This" is undefined\n \tThis is not correct C/C++ code.\n \t^\n\n | 2 |
| doesnotcompile.cpp:4:10:4:10 | Recoverable extraction error: expected a ';' | Extraction failed in doesnotcompile.cpp with error "doesnotcompile.cpp", line 4: error: expected a ";"\n \tThis is not correct C/C++ code.\n \t ^\n\n | 2 |

1
cpp/ql/test/query-tests/Diagnostics/ExtractionWarnings.expected
View File

@@ -1,2 +1,3 @@
| containserror.cpp:9:14:9:14 | Recoverable extraction error: 'x' has already been declared in the current scope | Extraction failed in containserror.cpp with warning "containserror.cpp", line 9: error: "x" has already been declared in the current scope\n \tconst char *x = "Foo2 $$@ bar2 $$@ baz2";\n \t ^\n\n | 1 |
| doesnotcompile.cpp:4:2:4:2 | Recoverable extraction error: identifier 'This' is undefined | Extraction failed in doesnotcompile.cpp with warning "doesnotcompile.cpp", line 4: error: identifier "This" is undefined\n \tThis is not correct C/C++ code.\n \t^\n\n | 1 |
| doesnotcompile.cpp:4:10:4:10 | Recoverable extraction error: expected a ';' | Extraction failed in doesnotcompile.cpp with warning "doesnotcompile.cpp", line 4: error: expected a ";"\n \tThis is not correct C/C++ code.\n \t ^\n\n | 1 |

2
cpp/ql/test/query-tests/Diagnostics/Info.expected
View File

@@ -1,4 +1,4 @@
| containserror.cpp:0:0:0:0 | containserror.cpp | containserror.cpp | fromSource, normalTermination |
| containserror.cpp:0:0:0:0 | containserror.cpp | containserror.cpp | ExtractionProblem (severity 1), fromSource, normalTermination |
| containswarning.cpp:0:0:0:0 | containswarning.cpp | containswarning.cpp | fromSource, normalTermination |
| doesnotcompile.cpp:0:0:0:0 | doesnotcompile.cpp | doesnotcompile.cpp | ExtractionProblem (severity 1), fromSource, normalTermination |
| file://:0:0:0:0 | | | |

5
cpp/ql/test/query-tests/Diagnostics/containserror.cpp
View File

@@ -3,3 +3,8 @@
void containserror() {
#error An error!
}
void error_with_placeholder() {
const char *x = "Foo1 $@ bar1 $@ baz1";
const char *x = "Foo2 $@ bar2 $@ baz2";
}

14
csharp/documentation/library-coverage/coverage.csv
View File

@@ -8,20 +8,20 @@ ILLink.Shared,,,37,,,,,,,,,,,,,,,,,,,11,26
ILLink.Tasks,,,5,,,,,,,,,,,,,,,,,,,4,1
Internal.IL,,,54,,,,,,,,,,,,,,,,,,,28,26
Internal.Pgo,,,9,,,,,,,,,,,,,,,,,,,2,7
Internal.TypeSystem,,,345,,,,,,,,,,,,,,,,,,,205,140
Internal.TypeSystem,,,342,,,,,,,,,,,,,,,,,,,205,137
Microsoft.ApplicationBlocks.Data,28,,,,,,,,,,,,28,,,,,,,,,,
Microsoft.AspNetCore.Components,2,4,2,,,,,,,2,,,,,,,,,4,,,1,1
Microsoft.AspNetCore.Http,,,1,,,,,,,,,,,,,,,,,,,1,
Microsoft.AspNetCore.Mvc,,,2,,,,,,,,,,,,,,,,,,,,2
Microsoft.AspNetCore.WebUtilities,,,2,,,,,,,,,,,,,,,,,,,2,
Microsoft.CSharp,,,2,,,,,,,,,,,,,,,,,,,2,
Microsoft.Diagnostics.Tools.Pgo,,,23,,,,,,,,,,,,,,,,,,,,23
Microsoft.Diagnostics.Tools.Pgo,,,21,,,,,,,,,,,,,,,,,,,,21
Microsoft.DotNet.Build.Tasks,,,11,,,,,,,,,,,,,,,,,,,9,2
Microsoft.DotNet.PlatformAbstractions,,,1,,,,,,,,,,,,,,,,,,,1,
Microsoft.EntityFrameworkCore,6,,12,,,,,,,,,,6,,,,,,,,,,12
Microsoft.Extensions.Caching.Distributed,,,3,,,,,,,,,,,,,,,,,,,,3
Microsoft.Extensions.Caching.Memory,,,37,,,,,,,,,,,,,,,,,,,5,32
Microsoft.Extensions.Configuration,,3,123,,,,,,,,,,,,,3,,,,,,40,83
Microsoft.Extensions.Configuration,,3,118,,,,,,,,,,,,,3,,,,,,41,77
Microsoft.Extensions.DependencyInjection,,,209,,,,,,,,,,,,,,,,,,,15,194
Microsoft.Extensions.DependencyModel,,1,57,,,,,,,,,,,,,1,,,,,,13,44
Microsoft.Extensions.Diagnostics.Metrics,,,14,,,,,,,,,,,,,,,,,,,1,13
@@ -31,16 +31,16 @@ Microsoft.Extensions.Hosting,,,61,,,,,,,,,,,,,,,,,,,29,32
Microsoft.Extensions.Http,,,9,,,,,,,,,,,,,,,,,,,7,2
Microsoft.Extensions.Logging,,,107,,,,,,,,,,,,,,,,,,,26,81
Microsoft.Extensions.Options,,,174,,,,,,,,,,,,,,,,,,,48,126
Microsoft.Extensions.Primitives,,,76,,,,,,,,,,,,,,,,,,,67,9
Microsoft.Extensions.Primitives,,,75,,,,,,,,,,,,,,,,,,,68,7
Microsoft.Interop,,,216,,,,,,,,,,,,,,,,,,,71,145
Microsoft.JSInterop,2,,,,,,,,,,2,,,,,,,,,,,,
Microsoft.NET.Build.Tasks,,,5,,,,,,,,,,,,,,,,,,,3,2
Microsoft.VisualBasic,,,13,,,,,,,,,,,,,,,,,,,1,12
Microsoft.VisualBasic,,,6,,,,,,,,,,,,,,,,,,,1,5
Microsoft.Win32,,4,2,,,,,,,,,,,,,,,,,,4,,2
Mono.Linker,,,280,,,,,,,,,,,,,,,,,,,129,151
Mono.Linker,,,278,,,,,,,,,,,,,,,,,,,130,148
MySql.Data.MySqlClient,48,,,,,,,,,,,,48,,,,,,,,,,
Newtonsoft.Json,,,91,,,,,,,,,,,,,,,,,,,73,18
ServiceStack,194,,7,27,,,,,75,,,,92,,,,,,,,,7,
SourceGenerators,,,5,,,,,,,,,,,,,,,,,,,,5
System,54,47,12241,,6,5,5,,,4,1,,33,2,,6,15,17,4,3,,5941,6300
System,54,47,12111,,6,5,5,,,4,1,,33,2,,6,15,17,4,3,,5993,6118
Windows.Security.Cryptography.Core,1,,,,,,,1,,,,,,,,,,,,,,,
1 package sink source summary sink:code-injection sink:encryption-decryptor sink:encryption-encryptor sink:encryption-keyprop sink:encryption-symmetrickey sink:file-content-store sink:html-injection sink:js-injection sink:log-injection sink:sql-injection source:commandargs source:database source:environment source:file source:file-write source:remote source:stdin source:windows-registry summary:taint summary:value
8 ILLink.Tasks 5 4 1
9 Internal.IL 54 28 26
10 Internal.Pgo 9 2 7
11 Internal.TypeSystem 345 342 205 140 137
12 Microsoft.ApplicationBlocks.Data 28 28
13 Microsoft.AspNetCore.Components 2 4 2 2 4 1 1
14 Microsoft.AspNetCore.Http 1 1
15 Microsoft.AspNetCore.Mvc 2 2
16 Microsoft.AspNetCore.WebUtilities 2 2
17 Microsoft.CSharp 2 2
18 Microsoft.Diagnostics.Tools.Pgo 23 21 23 21
19 Microsoft.DotNet.Build.Tasks 11 9 2
20 Microsoft.DotNet.PlatformAbstractions 1 1
21 Microsoft.EntityFrameworkCore 6 12 6 12
22 Microsoft.Extensions.Caching.Distributed 3 3
23 Microsoft.Extensions.Caching.Memory 37 5 32
24 Microsoft.Extensions.Configuration 3 123 118 3 40 41 83 77
25 Microsoft.Extensions.DependencyInjection 209 15 194
26 Microsoft.Extensions.DependencyModel 1 57 1 13 44
27 Microsoft.Extensions.Diagnostics.Metrics 14 1 13
31 Microsoft.Extensions.Http 9 7 2
32 Microsoft.Extensions.Logging 107 26 81
33 Microsoft.Extensions.Options 174 48 126
34 Microsoft.Extensions.Primitives 76 75 67 68 9 7
35 Microsoft.Interop 216 71 145
36 Microsoft.JSInterop 2 2
37 Microsoft.NET.Build.Tasks 5 3 2
38 Microsoft.VisualBasic 13 6 1 12 5
39 Microsoft.Win32 4 2 4 2
40 Mono.Linker 280 278 129 130 151 148
41 MySql.Data.MySqlClient 48 48
42 Newtonsoft.Json 91 73 18
43 ServiceStack 194 7 27 75 92 7
44 SourceGenerators 5 5
45 System 54 47 12241 12111 6 5 5 4 1 33 2 6 15 17 4 3 5941 5993 6300 6118
46 Windows.Security.Cryptography.Core 1 1

6
csharp/documentation/library-coverage/coverage.rst
View File

@@ -8,7 +8,7 @@ C# framework & library support
Framework / library,Package,Flow sources,Taint & value steps,Sinks (total),`CWE-079` :sub:`Cross-site scripting`
`ServiceStack <https://servicestack.net/>`_,"``ServiceStack.*``, ``ServiceStack``",,7,194,
System,"``System.*``, ``System``",47,12241,54,5
Others,"``Amazon.Lambda.APIGatewayEvents``, ``Amazon.Lambda.Core``, ``Dapper``, ``ILCompiler``, ``ILLink.RoslynAnalyzer``, ``ILLink.Shared``, ``ILLink.Tasks``, ``Internal.IL``, ``Internal.Pgo``, ``Internal.TypeSystem``, ``Microsoft.ApplicationBlocks.Data``, ``Microsoft.AspNetCore.Components``, ``Microsoft.AspNetCore.Http``, ``Microsoft.AspNetCore.Mvc``, ``Microsoft.AspNetCore.WebUtilities``, ``Microsoft.CSharp``, ``Microsoft.Diagnostics.Tools.Pgo``, ``Microsoft.DotNet.Build.Tasks``, ``Microsoft.DotNet.PlatformAbstractions``, ``Microsoft.EntityFrameworkCore``, ``Microsoft.Extensions.Caching.Distributed``, ``Microsoft.Extensions.Caching.Memory``, ``Microsoft.Extensions.Configuration``, ``Microsoft.Extensions.DependencyInjection``, ``Microsoft.Extensions.DependencyModel``, ``Microsoft.Extensions.Diagnostics.Metrics``, ``Microsoft.Extensions.FileProviders``, ``Microsoft.Extensions.FileSystemGlobbing``, ``Microsoft.Extensions.Hosting``, ``Microsoft.Extensions.Http``, ``Microsoft.Extensions.Logging``, ``Microsoft.Extensions.Options``, ``Microsoft.Extensions.Primitives``, ``Microsoft.Interop``, ``Microsoft.JSInterop``, ``Microsoft.NET.Build.Tasks``, ``Microsoft.VisualBasic``, ``Microsoft.Win32``, ``Mono.Linker``, ``MySql.Data.MySqlClient``, ``Newtonsoft.Json``, ``SourceGenerators``, ``Windows.Security.Cryptography.Core``",60,2272,152,4
Totals,,107,14520,400,9
System,"``System.*``, ``System``",47,12111,54,5
Others,"``Amazon.Lambda.APIGatewayEvents``, ``Amazon.Lambda.Core``, ``Dapper``, ``ILCompiler``, ``ILLink.RoslynAnalyzer``, ``ILLink.Shared``, ``ILLink.Tasks``, ``Internal.IL``, ``Internal.Pgo``, ``Internal.TypeSystem``, ``Microsoft.ApplicationBlocks.Data``, ``Microsoft.AspNetCore.Components``, ``Microsoft.AspNetCore.Http``, ``Microsoft.AspNetCore.Mvc``, ``Microsoft.AspNetCore.WebUtilities``, ``Microsoft.CSharp``, ``Microsoft.Diagnostics.Tools.Pgo``, ``Microsoft.DotNet.Build.Tasks``, ``Microsoft.DotNet.PlatformAbstractions``, ``Microsoft.EntityFrameworkCore``, ``Microsoft.Extensions.Caching.Distributed``, ``Microsoft.Extensions.Caching.Memory``, ``Microsoft.Extensions.Configuration``, ``Microsoft.Extensions.DependencyInjection``, ``Microsoft.Extensions.DependencyModel``, ``Microsoft.Extensions.Diagnostics.Metrics``, ``Microsoft.Extensions.FileProviders``, ``Microsoft.Extensions.FileSystemGlobbing``, ``Microsoft.Extensions.Hosting``, ``Microsoft.Extensions.Http``, ``Microsoft.Extensions.Logging``, ``Microsoft.Extensions.Options``, ``Microsoft.Extensions.Primitives``, ``Microsoft.Interop``, ``Microsoft.JSInterop``, ``Microsoft.NET.Build.Tasks``, ``Microsoft.VisualBasic``, ``Microsoft.Win32``, ``Mono.Linker``, ``MySql.Data.MySqlClient``, ``Newtonsoft.Json``, ``SourceGenerators``, ``Windows.Security.Cryptography.Core``",60,2252,152,4
Totals,,107,14370,400,9

1460
csharp/downgrades/66044cfa5bbf2ecfabd06ead25e91db2bdd79764/old.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

1459
csharp/downgrades/66044cfa5bbf2ecfabd06ead25e91db2bdd79764/semmlecode.csharp.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

39
csharp/downgrades/66044cfa5bbf2ecfabd06ead25e91db2bdd79764/string_interpol_insert.ql Normal file
View File

@@ -0,0 +1,39 @@
class Expr extends @expr {
string toString() { none() }
}
class TypeOrRef extends @type_or_ref {
string toString() { none() }
}
class InterpolatedStringInsertExpr extends Expr, @interpolated_string_insert_expr { }
private predicate remove_expr(Expr e) {
exists(InterpolatedStringInsertExpr ie |
e = ie
or
// Alignment
expr_parent(e, 1, ie)
or
// Format
expr_parent(e, 2, ie)
)
}
query predicate new_expressions(Expr e, int kind, TypeOrRef t) {
expressions(e, kind, t) and
// Remove the syntheetic intert expression and previously un-extracted children
not remove_expr(e)
}
query predicate new_expr_parent(Expr e, int child, Expr parent) {
expr_parent(e, child, parent) and
not remove_expr(e) and
not remove_expr(parent)
or
// Use the string interpolation as parent instead of the synthetic insert expression
exists(InterpolatedStringInsertExpr ie |
expr_parent(e, 0, ie) and
expr_parent(ie, child, parent)
)
}

4
csharp/downgrades/66044cfa5bbf2ecfabd06ead25e91db2bdd79764/upgrade.properties Normal file
View File

@@ -0,0 +1,4 @@
description: Remove `interpolated_string_insert_expr` kind.
compatibility: backwards
expressions.rel: run string_interpol_insert.qlo new_expressions
expr_parent.rel: run string_interpol_insert.qlo new_expr_parent

48
csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs
View File

@@ -1,14 +1,22 @@
using System;
using System.Diagnostics;
using System.Collections.Generic;
using System.IO;
using System.Security.Cryptography.X509Certificates;
using Semmle.Util;
using Semmle.Util.Logging;
using Newtonsoft.Json;
namespace Semmle.Extraction.CSharp.DependencyFetching
{
public class DependabotProxy : IDisposable
{
/// <summary>
/// Represents configurations for package registries.
/// </summary>
/// <param name="Type">The type of package registry.</param>
/// <param name="URL">The URL of the package registry.</param>
public record class RegistryConfig(string Type, string URL);
private readonly string host;
private readonly string port;
@@ -17,6 +25,10 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
/// </summary>
internal string Address { get; }
/// <summary>
/// The URLs of package registries that are configured for the proxy.
/// </summary>
internal HashSet<string> RegistryURLs { get; }
/// <summary>
/// The path to the temporary file where the certificate is stored.
/// </summary>
internal string? CertificatePath { get; private set; }
@@ -67,6 +79,39 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
result.Certificate = X509Certificate2.CreateFromPem(cert);
}
// Try to obtain the list of private registry URLs.
var registryURLs = Environment.GetEnvironmentVariable(EnvironmentVariableNames.ProxyURLs);
if (!string.IsNullOrWhiteSpace(registryURLs))
{
try
{
// The value of the environment variable should be a JSON array of objects, such as:
// [ { "type": "nuget_feed", "url": "https://nuget.pkg.github.com/org/index.json" } ]
var array = JsonConvert.DeserializeObject<List<RegistryConfig>>(registryURLs);
if (array is not null)
{
foreach (RegistryConfig config in array)
{
// The array contains all configured private registries, not just ones for C#.
// We ignore the non-C# ones here.
if (!config.Type.Equals("nuget_feed"))
{
logger.LogDebug($"Ignoring registry at '{config.URL}' since it is not of type 'nuget_feed'.");
continue;
}
logger.LogInfo($"Found private registry at '{config.URL}'");
result.RegistryURLs.Add(config.URL);
}
}
}
catch (JsonException ex)
{
logger.LogError($"Unable to parse '{EnvironmentVariableNames.ProxyURLs}': {ex.Message}");
}
}
return result;
}
@@ -75,6 +120,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
this.host = host;
this.port = port;
this.Address = $"http://{this.host}:{this.port}";
this.RegistryURLs = new HashSet<string>();
}
public void Dispose()

6
csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNet.cs
View File

@@ -2,7 +2,6 @@
using System.Collections.Generic;
using System.IO;
using System.Linq;
using Newtonsoft.Json.Linq;
using Semmle.Util;
@@ -77,6 +76,11 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
args += " /p:EnableWindowsTargeting=true";
}
if (restoreSettings.ExtraArgs is not null)
{
args += $" {restoreSettings.ExtraArgs}";
}
return args;
}

5
csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/EnvironmentVariableNames.cs
View File

@@ -89,5 +89,10 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
/// Contains the certificate used by the Dependabot proxy.
/// </summary>
public const string ProxyCertificate = "CODEQL_PROXY_CA_CERTIFICATE";
/// <summary>
/// Contains the URLs of private nuget registries as a JSON array.
/// </summary>
public const string ProxyURLs = "CODEQL_PROXY_URLS";
}
}

2
csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/IDotNet.cs
View File

@@ -17,7 +17,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
IList<string> GetNugetFeedsFromFolder(string folderPath);
}
public record class RestoreSettings(string File, string PackageDirectory, bool ForceDotnetRefAssemblyFetching, string? PathToNugetConfig = null, bool ForceReevaluation = false, bool TargetWindows = false);
public record class RestoreSettings(string File, string PackageDirectory, bool ForceDotnetRefAssemblyFetching, string? ExtraArgs = null, string? PathToNugetConfig = null, bool ForceReevaluation = false, bool TargetWindows = false);
public partial record class RestoreResult(bool Success, IList<string> Output)
{

154
csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs
View File

@@ -103,13 +103,14 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
compilationInfoContainer.CompilationInfos.Add(("NuGet feed responsiveness checked", checkNugetFeedResponsiveness ? "1" : "0"));
HashSet<string>? explicitFeeds = null;
HashSet<string>? allFeeds = null;
try
{
if (checkNugetFeedResponsiveness && !CheckFeeds(out explicitFeeds))
if (checkNugetFeedResponsiveness && !CheckFeeds(out explicitFeeds, out allFeeds))
{
// todo: we could also check the reachability of the inherited nuget feeds, but to use those in the fallback we would need to handle authentication too.
var unresponsiveMissingPackageLocation = DownloadMissingPackagesFromSpecificFeeds(explicitFeeds);
var unresponsiveMissingPackageLocation = DownloadMissingPackagesFromSpecificFeeds([], explicitFeeds);
return unresponsiveMissingPackageLocation is null
? []
: [unresponsiveMissingPackageLocation];
@@ -156,7 +157,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
var restoredProjects = RestoreSolutions(out var container);
var projects = fileProvider.Projects.Except(restoredProjects);
RestoreProjects(projects, out var containers);
RestoreProjects(projects, allFeeds, out var containers);
var dependencies = containers.Flatten(container);
@@ -166,11 +167,11 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
.ToList();
assemblyLookupLocations.UnionWith(paths.Select(p => new AssemblyLookupLocation(p)));
LogAllUnusedPackages(dependencies);
var usedPackageNames = GetAllUsedPackageDirNames(dependencies);
var missingPackageLocation = checkNugetFeedResponsiveness
? DownloadMissingPackagesFromSpecificFeeds(explicitFeeds)
: DownloadMissingPackages();
? DownloadMissingPackagesFromSpecificFeeds(usedPackageNames, explicitFeeds)
: DownloadMissingPackages(usedPackageNames);
if (missingPackageLocation is not null)
{
@@ -260,8 +261,33 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
/// Populates dependencies with the relative paths to the assets files generated by the restore.
/// </summary>
/// <param name="projects">A list of paths to project files.</param>
private void RestoreProjects(IEnumerable<string> projects, out ConcurrentBag<DependencyContainer> dependencies)
private void RestoreProjects(IEnumerable<string> projects, HashSet<string>? configuredSources, out ConcurrentBag<DependencyContainer> dependencies)
{
// Conservatively, we only set this to a non-null value if a Dependabot proxy is enabled.
// This ensures that we continue to get the old behaviour where feeds are taken from
// `nuget.config` files instead of the command-line arguments.
string? extraArgs = null;
if (this.dependabotProxy is not null)
{
// If the Dependabot proxy is configured, then our main goal is to make `dotnet` aware
// of the private registry feeds. However, since providing them as command-line arguments
// to `dotnet` ignores other feeds that may be configured, we also need to add the feeds
// we have discovered from analysing `nuget.config` files.
var sources = configuredSources ?? new();
this.dependabotProxy.RegistryURLs.ForEach(url => sources.Add(url));
// Add package sources. If any are present, they override all sources specified in
// the configuration file(s).
var feedArgs = new StringBuilder();
foreach (string source in sources)
{
feedArgs.Append($" -s {source}");
}
extraArgs = feedArgs.ToString();
}
var successCount = 0;
var nugetSourceFailures = 0;
ConcurrentBag<DependencyContainer> collectedDependencies = [];
@@ -276,7 +302,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
foreach (var project in projectGroup)
{
logger.LogInfo($"Restoring project {project}...");
var res = dotnet.Restore(new(project, PackageDirectory.DirInfo.FullName, ForceDotnetRefAssemblyFetching: true, TargetWindows: isWindows));
var res = dotnet.Restore(new(project, PackageDirectory.DirInfo.FullName, ForceDotnetRefAssemblyFetching: true, extraArgs, TargetWindows: isWindows));
assets.AddDependenciesRange(res.AssetsFilePaths);
lock (sync)
{
@@ -297,21 +323,21 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
compilationInfoContainer.CompilationInfos.Add(("Failed project restore with package source error", nugetSourceFailures.ToString()));
}
private AssemblyLookupLocation? DownloadMissingPackagesFromSpecificFeeds(HashSet<string>? feedsFromNugetConfigs)
private AssemblyLookupLocation? DownloadMissingPackagesFromSpecificFeeds(IEnumerable<string> usedPackageNames, HashSet<string>? feedsFromNugetConfigs)
{
var reachableFallbackFeeds = GetReachableFallbackNugetFeeds(feedsFromNugetConfigs);
if (reachableFallbackFeeds.Count > 0)
{
return DownloadMissingPackages(fallbackNugetFeeds: reachableFallbackFeeds);
return DownloadMissingPackages(usedPackageNames, fallbackNugetFeeds: reachableFallbackFeeds);
}
logger.LogWarning("Skipping download of missing packages from specific feeds as no fallback Nuget feeds are reachable.");
return null;
}
private AssemblyLookupLocation? DownloadMissingPackages(IEnumerable<string>? fallbackNugetFeeds = null)
private AssemblyLookupLocation? DownloadMissingPackages(IEnumerable<string> usedPackageNames, IEnumerable<string>? fallbackNugetFeeds = null)
{
var alreadyDownloadedPackages = GetRestoredPackageDirectoryNames(PackageDirectory.DirInfo);
var alreadyDownloadedPackages = usedPackageNames.Select(p => p.ToLowerInvariant());
var alreadyDownloadedLegacyPackages = GetRestoredLegacyPackageNames();
var notYetDownloadedPackages = new HashSet<PackageReference>(fileContent.AllPackages);
@@ -418,17 +444,23 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
return nugetConfig;
}
private void LogAllUnusedPackages(DependencyContainer dependencies)
private IEnumerable<string> GetAllUsedPackageDirNames(DependencyContainer dependencies)
{
var allPackageDirectories = GetAllPackageDirectories();
logger.LogInfo($"Restored {allPackageDirectories.Count} packages");
logger.LogInfo($"Found {dependencies.Packages.Count} packages in project.assets.json files");
allPackageDirectories
.Where(package => !dependencies.Packages.Contains(package))
var usage = allPackageDirectories.Select(package => (package, isUsed: dependencies.Packages.Contains(package)));
usage
.Where(package => !package.isUsed)
.Order()
.ForEach(package => logger.LogDebug($"Unused package: {package}"));
.ForEach(package => logger.LogDebug($"Unused package: {package.package}"));
return usage
.Where(package => package.isUsed)
.Select(package => package.package);
}
private ICollection<string> GetAllPackageDirectories()
@@ -674,10 +706,42 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
return (timeoutMilliSeconds, tryCount);
}
private bool CheckFeeds(out HashSet<string> explicitFeeds)
/// <summary>
/// Checks that we can connect to all Nuget feeds that are explicitly configured in configuration files
/// as well as any private package registry feeds that are configured.
/// </summary>
/// <param name="explicitFeeds">Outputs the set of explicit feeds.</param>
/// <param name="allFeeds">Outputs the set of all feeds (explicit and inherited).</param>
/// <returns>True if all feeds are reachable or false otherwise.</returns>
private bool CheckFeeds(out HashSet<string> explicitFeeds, out HashSet<string> allFeeds)
{
logger.LogInfo("Checking Nuget feeds...");
(explicitFeeds, var allFeeds) = GetAllFeeds();
(explicitFeeds, allFeeds) = GetAllFeeds();
HashSet<string> feedsToCheck = explicitFeeds;
// If private package registries are configured for C#, then check those
// in addition to the ones that are configured in `nuget.config` files.
this.dependabotProxy?.RegistryURLs.ForEach(url => feedsToCheck.Add(url));
var allFeedsReachable = this.CheckSpecifiedFeeds(feedsToCheck);
var inheritedFeeds = allFeeds.Except(explicitFeeds).ToHashSet();
if (inheritedFeeds.Count > 0)
{
logger.LogInfo($"Inherited Nuget feeds (not checked for reachability): {string.Join(", ", inheritedFeeds.OrderBy(f => f))}");
compilationInfoContainer.CompilationInfos.Add(("Inherited Nuget feed count", inheritedFeeds.Count.ToString()));
}
return allFeedsReachable;
}
/// <summary>
/// Checks that we can connect to the specified Nuget feeds.
/// </summary>
/// <param name="feeds">The set of package feeds to check.</param>
/// <returns>True if all feeds are reachable or false otherwise.</returns>
private bool CheckSpecifiedFeeds(HashSet<string> feeds)
{
logger.LogInfo("Checking that Nuget feeds are reachable...");
var excludedFeeds = EnvironmentVariables.GetURLs(EnvironmentVariableNames.ExcludedNugetFeedsFromResponsivenessCheck)
.ToHashSet();
@@ -689,7 +753,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
var (initialTimeout, tryCount) = GetFeedRequestSettings(isFallback: false);
var allFeedsReachable = explicitFeeds.All(feed => excludedFeeds.Contains(feed) || IsFeedReachable(feed, initialTimeout, tryCount));
var allFeedsReachable = feeds.All(feed => excludedFeeds.Contains(feed) || IsFeedReachable(feed, initialTimeout, tryCount));
if (!allFeedsReachable)
{
logger.LogWarning("Found unreachable Nuget feed in C# analysis with build-mode 'none'. This may cause missing dependencies in the analysis.");
@@ -704,14 +768,6 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
}
compilationInfoContainer.CompilationInfos.Add(("All Nuget feeds reachable", allFeedsReachable ? "1" : "0"));
var inheritedFeeds = allFeeds.Except(explicitFeeds).ToHashSet();
if (inheritedFeeds.Count > 0)
{
logger.LogInfo($"Inherited Nuget feeds (not checked for reachability): {string.Join(", ", inheritedFeeds.OrderBy(f => f))}");
compilationInfoContainer.CompilationInfos.Add(("Inherited Nuget feed count", inheritedFeeds.Count.ToString()));
}
return allFeedsReachable;
}
@@ -760,23 +816,33 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
}
// todo: this could be improved.
// We don't have to get the feeds from each of the folders from below, it would be enought to check the folders that recursively contain the others.
var allFeeds = nugetConfigs
.Select(config =>
{
try
HashSet<string>? allFeeds = null;
if (nugetConfigs.Count > 0)
{
// We don't have to get the feeds from each of the folders from below, it would be enought to check the folders that recursively contain the others.
allFeeds = nugetConfigs
.Select(config =>
{
return new FileInfo(config).Directory?.FullName;
}
catch (Exception exc)
{
logger.LogWarning($"Failed to get directory of '{config}': {exc}");
}
return null;
})
.Where(folder => folder != null)
.SelectMany(folder => GetFeeds(() => dotnet.GetNugetFeedsFromFolder(folder!)))
.ToHashSet();
try
{
return new FileInfo(config).Directory?.FullName;
}
catch (Exception exc)
{
logger.LogWarning($"Failed to get directory of '{config}': {exc}");
}
return null;
})
.Where(folder => folder != null)
.SelectMany(folder => GetFeeds(() => dotnet.GetNugetFeedsFromFolder(folder!)))
.ToHashSet();
}
else
{
// If we haven't found any `nuget.config` files, then obtain a list of feeds from the root source directory.
allFeeds = GetFeeds(() => dotnet.GetNugetFeedsFromFolder(this.fileProvider.SourceDir.FullName)).ToHashSet();
}
logger.LogInfo($"Found {allFeeds.Count} Nuget feeds (with inherited ones) in nuget.config files: {string.Join(", ", allFeeds.OrderBy(f => f))}");

3
csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/SourceGenerators/DotnetSourceGeneratorWrapper/DotnetSourceGeneratorWrapper.cs
View File

@@ -37,7 +37,8 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
{
try
{
var relativePathToCsProj = Path.GetRelativePath(sourceDir, csprojFile);
var relativePathToCsProj = Path.GetRelativePath(sourceDir, csprojFile)
.Replace('\\', '/'); // Ensure we're generating the same hash regardless of the OS
var name = FileUtils.ComputeHash($"{relativePathToCsProj}\n{this.GetType().Name}");
using var tempDir = new TemporaryDirectory(Path.Join(FileUtils.GetTemporaryWorkingDirectory(out _), "source-generator"), "source generator temporary", logger);
var analyzerConfigPath = Path.Combine(tempDir.DirInfo.FullName, $"{name}.txt");

9
csharp/extractor/Semmle.Extraction.CSharp/CodeAnalysisExtensions/SymbolExtensions.cs
View File

@@ -29,6 +29,15 @@ namespace Semmle.Extraction.CSharp
symbol is null ? (AnnotatedTypeSymbol?)null : new AnnotatedTypeSymbol(symbol, NullableAnnotation.None);
}
internal static class AnnotatedTypeSymbolExtensions
{
/// <summary>
/// Returns true if the type is a string type.
/// </summary>
public static bool IsStringType(this AnnotatedTypeSymbol? type) =>
type.HasValue && type.Value.Symbol?.SpecialType == SpecialType.System_String;
}
internal static class SymbolExtensions
{
/// <summary>

2
csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Binary.cs
View File

@@ -18,7 +18,7 @@ namespace Semmle.Extraction.CSharp.Entities.Expressions
{
// If this is a "+" expression we might need to wrap the child expressions
// in ToString calls
return Kind == ExprKind.ADD
return Kind == ExprKind.ADD && Type.IsStringType()
? ImplicitToString.Create(cx, node, this, child)
: Create(cx, node, this, child);
}

7
csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/ImplicitToString.cs
View File

@@ -39,16 +39,13 @@ namespace Semmle.Extraction.CSharp.Entities.Expressions
Context.TrapWriter.Writer.expr_call(this, target);
}
private static bool IsStringType(AnnotatedTypeSymbol? type) =>
type.HasValue && type.Value.Symbol?.SpecialType == SpecialType.System_String;
/// <summary>
/// Creates a new expression, adding a compiler generated `ToString` call if required.
/// </summary>
public static Expression Create(Context cx, ExpressionSyntax node, Expression parent, int child)
public static Expression Create(Context cx, ExpressionSyntax node, IExpressionParentEntity parent, int child)
{
var info = new ExpressionNodeInfo(cx, node, parent, child);
return CreateFromNode(info.SetImplicitToString(IsStringType(parent.Type) && !IsStringType(info.Type)));
return CreateFromNode(info.SetImplicitToString(!info.Type.IsStringType()));
}
/// <summary>

11
csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/InterpolatedString.cs
View File

@@ -1,5 +1,4 @@
using System.IO;
using Microsoft.CodeAnalysis;
using Microsoft.CodeAnalysis.CSharp;
using Microsoft.CodeAnalysis.CSharp.Syntax;
using Semmle.Extraction.Kinds;
@@ -21,15 +20,7 @@ namespace Semmle.Extraction.CSharp.Entities.Expressions
{
case SyntaxKind.Interpolation:
var interpolation = (InterpolationSyntax)c;
var exp = interpolation.Expression;
if (Context.GetTypeInfo(exp).Type is ITypeSymbol type && !type.ImplementsIFormattable())
{
ImplicitToString.Create(Context, exp, this, child++);
}
else
{
Create(Context, exp, this, child++);
}
new InterpolatedStringInsert(Context, interpolation, this, child++);
break;
case SyntaxKind.InterpolatedStringText:
// Create a string literal

41
csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/InterpolatedStringInsert.cs Normal file
View File

@@ -0,0 +1,41 @@
using Microsoft.CodeAnalysis;
using Microsoft.CodeAnalysis.CSharp.Syntax;
using Semmle.Extraction.Kinds;
namespace Semmle.Extraction.CSharp.Entities.Expressions
{
internal class InterpolatedStringInsert : Expression
{
public InterpolatedStringInsert(Context cx, InterpolationSyntax syntax, Expression parent, int child) :
base(new ExpressionInfo(cx, null, cx.CreateLocation(syntax.GetLocation()), ExprKind.INTERPOLATED_STRING_INSERT, parent, child, isCompilerGenerated: false, null))
{
var exp = syntax.Expression;
if (parent.Type.IsStringType() &&
cx.GetTypeInfo(exp).Type is ITypeSymbol type &&
!type.ImplementsIFormattable())
{
ImplicitToString.Create(cx, exp, this, 0);
}
else
{
Create(cx, exp, this, 0);
}
// Hardcode the child number of the optional alignment clause to 1 and format clause to 2.
// This simplifies the logic in QL.
if (syntax.AlignmentClause?.Value is ExpressionSyntax alignment)
{
Create(cx, alignment, this, 1);
}
if (syntax.FormatClause is InterpolationFormatClauseSyntax format)
{
var f = format.FormatStringToken.ValueText;
var t = AnnotatedTypeSymbol.CreateNotAnnotated(cx.Compilation.GetSpecialType(SpecialType.System_String));
new Expression(new ExpressionInfo(cx, t, cx.CreateLocation(format.GetLocation()), ExprKind.UTF16_STRING_LITERAL, this, 2, isCompilerGenerated: false, f));
}
}
}
}

1
csharp/extractor/Semmle.Extraction.CSharp/Kinds/ExprKind.cs
View File

@@ -132,6 +132,7 @@ namespace Semmle.Extraction.Kinds
UTF8_STRING_LITERAL = 135,
COLLECTION = 136,
SPREAD_ELEMENT = 137,
INTERPOLATED_STRING_INSERT = 138,
DEFINE_SYMBOL = 999,
}
}

4
csharp/extractor/Semmle.Extraction.Tests/DotNet.cs
View File

@@ -123,7 +123,7 @@ namespace Semmle.Extraction.Tests
var dotnet = MakeDotnet(dotnetCliInvoker);
// Execute
var res = dotnet.Restore(new("myproject.csproj", "mypackages", false, "myconfig.config"));
var res = dotnet.Restore(new("myproject.csproj", "mypackages", false, null, "myconfig.config"));
// Verify
var lastArgs = dotnetCliInvoker.GetLastArgs();
@@ -141,7 +141,7 @@ namespace Semmle.Extraction.Tests
var dotnet = MakeDotnet(dotnetCliInvoker);
// Execute
var res = dotnet.Restore(new("myproject.csproj", "mypackages", false, "myconfig.config", true));
var res = dotnet.Restore(new("myproject.csproj", "mypackages", false, null, "myconfig.config", true));
// Verify
var lastArgs = dotnetCliInvoker.GetLastArgs();

2
csharp/paket.dependencies
View File

@@ -4,7 +4,7 @@ source https://api.nuget.org/v3/index.json
# behave like nuget in choosing transitive dependency versions
strategy: max
nuget Basic.CompilerLog.Util
nuget Basic.CompilerLog.Util 0.9.8
nuget Mono.Posix.NETStandard
nuget Newtonsoft.Json
nuget xunit

12
csharp/paket.lock generated
View File

@@ -3,12 +3,12 @@ STRATEGY: MAX
RESTRICTION: == net9.0
NUGET
remote: https://api.nuget.org/v3/index.json
Basic.CompilerLog.Util (0.9.4)
Basic.CompilerLog.Util (0.9.8)
MessagePack (>= 2.5.187)
Microsoft.CodeAnalysis (>= 4.11)
Microsoft.CodeAnalysis.CSharp (>= 4.11)
Microsoft.CodeAnalysis.VisualBasic (>= 4.11)
Microsoft.Extensions.ObjectPool (>= 9.0)
Microsoft.CodeAnalysis (>= 4.12)
Microsoft.CodeAnalysis.CSharp (>= 4.12)
Microsoft.CodeAnalysis.VisualBasic (>= 4.12)
Microsoft.Extensions.ObjectPool (>= 9.0.2)
MSBuild.StructuredLogger (>= 2.2.243)
System.Buffers (>= 4.6)
Humanizer.Core (2.14.1)
@@ -96,7 +96,7 @@ NUGET
System.Reflection.Metadata (>= 8.0)
System.Threading.Channels (>= 7.0)
Microsoft.CodeCoverage (17.12)
Microsoft.Extensions.ObjectPool (9.0)
Microsoft.Extensions.ObjectPool (9.0.3)
Microsoft.NET.StringTools (17.12.6)
Microsoft.NET.Test.Sdk (17.12)
Microsoft.CodeCoverage (>= 17.12)

4
csharp/paket.main.bzl generated
View File

File diff suppressed because one or more lines are too long

4
csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 1.7.37
No user-facing changes.
## 1.7.36
No user-facing changes.

3
csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.37.md Normal file
View File

@@ -0,0 +1,3 @@
## 1.7.37
No user-facing changes.

2
csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.7.36
lastReleaseVersion: 1.7.37

2
csharp/ql/campaigns/Solorigate/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/csharp-solorigate-all
version: 1.7.37-dev
version: 1.7.38-dev
groups:
- csharp
- solorigate

4
csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 1.7.37
No user-facing changes.
## 1.7.36
No user-facing changes.

3
csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.37.md Normal file
View File

@@ -0,0 +1,3 @@
## 1.7.37
No user-facing changes.

2
csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.7.36
lastReleaseVersion: 1.7.37

2
csharp/ql/campaigns/Solorigate/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/csharp-solorigate-queries
version: 1.7.37-dev
version: 1.7.38-dev
groups:
- csharp
- solorigate

24
csharp/ql/consistency-queries/DataFlowConsistency.ql
View File

@@ -34,30 +34,18 @@ private module Input implements InputSig<Location, CsharpDataFlow> {
n instanceof FlowSummaryNode
or
n.asExpr().(ObjectCreation).hasInitializer()
or
exists(
n.(PostUpdateNode).getPreUpdateNode().asExprAtNode(LocalFlow::getPostUpdateReverseStep(_))
)
}
predicate argHasPostUpdateExclude(ArgumentNode n) {
n instanceof FlowSummaryNode
or
not exists(LocalFlow::getAPostUpdateNodeForArg(n.getControlFlowNode()))
or
n instanceof ParamsArgumentNode
}
predicate postHasUniquePreExclude(PostUpdateNode n) {
exists(ControlFlow::Nodes::ExprNode e, ControlFlow::Nodes::ExprNode arg |
e = LocalFlow::getAPostUpdateNodeForArg(arg) and
e != arg and
n = TExprPostUpdateNode(e)
)
}
predicate uniquePostUpdateExclude(Node n) {
exists(ControlFlow::Nodes::ExprNode e, ControlFlow::Nodes::ExprNode arg |
e = LocalFlow::getAPostUpdateNodeForArg(arg) and
e != arg and
n.asExpr() = arg.getExpr()
)
or
n.asExpr() = any(Expr e | not exprMayHavePostUpdateNode(e))
}
predicate reverseReadExclude(Node n) { n.asExpr() = any(AwaitExpr ae).getExpr() }

4
csharp/ql/integration-tests/all-platforms/blazor/BlazorTest/Components/Pages/TestPage.razor
View File

@@ -81,6 +81,10 @@
<MyOutput Value="@InputValue6" />
</div>
<div>
<MyOutput Value="@QueryParam" />
</div>
@code {
public class Container

18
csharp/ql/integration-tests/all-platforms/blazor/XSS.expected Normal file
View File

@@ -0,0 +1,18 @@
#select
| BlazorTest/Components/MyOutput.razor:5:53:5:57 | access to property Value | BlazorTest/Components/Pages/TestPage.razor:85:23:85:32 | access to property QueryParam : String | BlazorTest/Components/MyOutput.razor:5:53:5:57 | access to property Value | $@ flows to here and is written to HTML or JavaScript. | BlazorTest/Components/Pages/TestPage.razor:85:23:85:32 | access to property QueryParam : String | User-provided value |
| BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | $@ flows to here and is written to HTML or JavaScript. | BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | User-provided value |
| BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | $@ flows to here and is written to HTML or JavaScript. | BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | User-provided value |
edges
| BlazorTest/Components/Pages/TestPage.razor:85:23:85:32 | access to property QueryParam : String | BlazorTest/obj/Debug/net9.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_TestPage_razor.g.cs:569:16:577:13 | call to method TypeCheck<String> : String | provenance | Src:MaD:2 MaD:3 |
| BlazorTest/obj/Debug/net9.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_TestPage_razor.g.cs:569:16:577:13 | call to method TypeCheck<String> : String | BlazorTest/Components/MyOutput.razor:5:53:5:57 | access to property Value | provenance | Sink:MaD:1 |
models
| 1 | Sink: Microsoft.AspNetCore.Components; MarkupString; false; MarkupString; (System.String); ; Argument[0]; html-injection; manual |
| 2 | Source: Microsoft.AspNetCore.Components; SupplyParameterFromQueryAttribute; false; ; ; Attribute.Getter; ReturnValue; remote; manual |
| 3 | Summary: Microsoft.AspNetCore.Components.CompilerServices; RuntimeHelpers; false; TypeCheck<T>; (T); ; Argument[0]; ReturnValue; value; manual |
nodes
| BlazorTest/Components/MyOutput.razor:5:53:5:57 | access to property Value | semmle.label | access to property Value |
| BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | semmle.label | access to property UrlParam |
| BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | semmle.label | access to property QueryParam |
| BlazorTest/Components/Pages/TestPage.razor:85:23:85:32 | access to property QueryParam : String | semmle.label | access to property QueryParam : String |
| BlazorTest/obj/Debug/net9.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_TestPage_razor.g.cs:569:16:577:13 | call to method TypeCheck<String> : String | semmle.label | call to method TypeCheck<String> : String |
subpaths

2
csharp/ql/integration-tests/all-platforms/blazor/XSS.qlref Normal file
View File

@@ -0,0 +1,2 @@
query: Security Features/CWE-079/XSS.ql
postprocess: utils/test/PrettyPrintModels.ql

4
csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/BlazorTest/Components/Pages/TestPage.razor
View File

@@ -81,6 +81,10 @@
<MyOutput Value="@InputValue6" />
</div>
<div>
<MyOutput Value="@QueryParam" />
</div>
@code {
public class Container

18
csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/XSS.expected Normal file
View File

@@ -0,0 +1,18 @@
#select
| BlazorTest/Components/MyOutput.razor:5:53:5:57 | access to property Value | BlazorTest/Components/Pages/TestPage.razor:85:23:85:32 | access to property QueryParam : String | BlazorTest/Components/MyOutput.razor:5:53:5:57 | access to property Value | $@ flows to here and is written to HTML or JavaScript. | BlazorTest/Components/Pages/TestPage.razor:85:23:85:32 | access to property QueryParam : String | User-provided value |
| BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | $@ flows to here and is written to HTML or JavaScript. | BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | User-provided value |
| BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | $@ flows to here and is written to HTML or JavaScript. | BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | User-provided value |
edges
| BlazorTest/Components/Pages/TestPage.razor:85:23:85:32 | access to property QueryParam : String | test-db/working/razor/AC613014E59A413B9538FF8068364499/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_TestPage_razor.g.cs:569:16:577:13 | call to method TypeCheck<String> : String | provenance | Src:MaD:2 MaD:3 |
| test-db/working/razor/AC613014E59A413B9538FF8068364499/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_TestPage_razor.g.cs:569:16:577:13 | call to method TypeCheck<String> : String | BlazorTest/Components/MyOutput.razor:5:53:5:57 | access to property Value | provenance | Sink:MaD:1 |
models
| 1 | Sink: Microsoft.AspNetCore.Components; MarkupString; false; MarkupString; (System.String); ; Argument[0]; html-injection; manual |
| 2 | Source: Microsoft.AspNetCore.Components; SupplyParameterFromQueryAttribute; false; ; ; Attribute.Getter; ReturnValue; remote; manual |
| 3 | Summary: Microsoft.AspNetCore.Components.CompilerServices; RuntimeHelpers; false; TypeCheck<T>; (T); ; Argument[0]; ReturnValue; value; manual |
nodes
| BlazorTest/Components/MyOutput.razor:5:53:5:57 | access to property Value | semmle.label | access to property Value |
| BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | semmle.label | access to property UrlParam |
| BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | semmle.label | access to property QueryParam |
| BlazorTest/Components/Pages/TestPage.razor:85:23:85:32 | access to property QueryParam : String | semmle.label | access to property QueryParam : String |
| test-db/working/razor/AC613014E59A413B9538FF8068364499/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_TestPage_razor.g.cs:569:16:577:13 | call to method TypeCheck<String> : String | semmle.label | call to method TypeCheck<String> : String |
subpaths

2
csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/XSS.qlref Normal file
View File

@@ -0,0 +1,2 @@
query: Security Features/CWE-079/XSS.ql
postprocess: utils/test/PrettyPrintModels.ql

4
csharp/ql/integration-tests/all-platforms/blazor_net_8/BlazorTest/Components/Pages/TestPage.razor
View File

@@ -81,6 +81,10 @@
<MyOutput Value="@InputValue6" />
</div>
<div>
<MyOutput Value="@QueryParam" />
</div>
@code {
public class Container

18
csharp/ql/integration-tests/all-platforms/blazor_net_8/XSS.expected Normal file
View File

@@ -0,0 +1,18 @@
#select
| BlazorTest/Components/MyOutput.razor:5:53:5:57 | access to property Value | BlazorTest/Components/Pages/TestPage.razor:85:23:85:32 | access to property QueryParam : String | BlazorTest/Components/MyOutput.razor:5:53:5:57 | access to property Value | $@ flows to here and is written to HTML or JavaScript. | BlazorTest/Components/Pages/TestPage.razor:85:23:85:32 | access to property QueryParam : String | User-provided value |
| BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | $@ flows to here and is written to HTML or JavaScript. | BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | User-provided value |
| BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | $@ flows to here and is written to HTML or JavaScript. | BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | User-provided value |
edges
| BlazorTest/Components/Pages/TestPage.razor:85:23:85:32 | access to property QueryParam : String | BlazorTest/obj/Debug/net8.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_TestPage_razor.g.cs:497:59:505:13 | call to method TypeCheck<String> : String | provenance | Src:MaD:2 MaD:3 |
| BlazorTest/obj/Debug/net8.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_TestPage_razor.g.cs:497:59:505:13 | call to method TypeCheck<String> : String | BlazorTest/Components/MyOutput.razor:5:53:5:57 | access to property Value | provenance | Sink:MaD:1 |
models
| 1 | Sink: Microsoft.AspNetCore.Components; MarkupString; false; MarkupString; (System.String); ; Argument[0]; html-injection; manual |
| 2 | Source: Microsoft.AspNetCore.Components; SupplyParameterFromQueryAttribute; false; ; ; Attribute.Getter; ReturnValue; remote; manual |
| 3 | Summary: Microsoft.AspNetCore.Components.CompilerServices; RuntimeHelpers; false; TypeCheck<T>; (T); ; Argument[0]; ReturnValue; value; manual |
nodes
| BlazorTest/Components/MyOutput.razor:5:53:5:57 | access to property Value | semmle.label | access to property Value |
| BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | semmle.label | access to property UrlParam |
| BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | semmle.label | access to property QueryParam |
| BlazorTest/Components/Pages/TestPage.razor:85:23:85:32 | access to property QueryParam : String | semmle.label | access to property QueryParam : String |
| BlazorTest/obj/Debug/net8.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_TestPage_razor.g.cs:497:59:505:13 | call to method TypeCheck<String> : String | semmle.label | call to method TypeCheck<String> : String |
subpaths

2
csharp/ql/integration-tests/all-platforms/blazor_net_8/XSS.qlref Normal file
View File

@@ -0,0 +1,2 @@
query: Security Features/CWE-079/XSS.ql
postprocess: utils/test/PrettyPrintModels.ql

Some files were not shown because too many files have changed in this diff Show More