hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 01:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into badalloc

Browse Source
This commit is contained in:
Geoffrey White
2025-04-14 09:36:59 +01:00
parent 10ad5780b5 86313715a4
commit c821f27309
225 changed files with 4488 additions and 1262 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.bazelversion
View File

@@ -1 +1 @@
8.0.0
8.1.1

45
actions/extractor/tools/autobuild-impl.ps1
View File

@@ -1,27 +1,34 @@
if (($null -ne $env:LGTM_INDEX_INCLUDE) -or ($null -ne $env:LGTM_INDEX_EXCLUDE) -or ($null -ne $env:LGTM_INDEX_FILTERS)) {
Write-Output 'Path filters set. Passing them through to the JavaScript extractor.'
} else {
Write-Output 'No path filters set. Using the default filters.'
# Note: We're adding the `reusable_workflows` subdirectories to proactively
# record workflows that were called cross-repo, check them out locally,
# and enable an interprocedural analysis across the workflow files.
# These workflows follow the convention `.github/reusable_workflows/<nwo>/*.ya?ml`
$DefaultPathFilters = @(
'exclude:**/*',
'include:.github/workflows/*.yml',
'include:.github/workflows/*.yaml',
'include:.github/reusable_workflows/**/*.yml',
'include:.github/reusable_workflows/**/*.yaml',
'include:**/action.yml',
'include:**/action.yaml'
)
# Note: We're adding the `reusable_workflows` subdirectories to proactively
# record workflows that were called cross-repo, check them out locally,
# and enable an interprocedural analysis across the workflow files.
# These workflows follow the convention `.github/reusable_workflows/<nwo>/*.ya?ml`
$DefaultPathFilters = @(
'exclude:**/*',
'include:.github/workflows/*.yml',
'include:.github/workflows/*.yaml',
'include:.github/reusable_workflows/**/*.yml',
'include:.github/reusable_workflows/**/*.yaml',
'include:**/action.yml',
'include:**/action.yaml'
)
if ($null -ne $env:LGTM_INDEX_FILTERS) {
Write-Output 'LGTM_INDEX_FILTERS set. Using the default filters together with the user-provided filters, and passing through to the JavaScript extractor.'
# Begin with the default path inclusions only,
# followed by the user-provided filters.
# If the user provided `paths`, those patterns override the default inclusions
# (because `LGTM_INDEX_FILTERS` will begin with `exclude:**/*`).
# If the user provided `paths-ignore`, those patterns are excluded.
$PathFilters = ($DefaultPathFilters -join "`n") + "`n" + $env:LGTM_INDEX_FILTERS
$env:LGTM_INDEX_FILTERS = $PathFilters
} else {
Write-Output 'LGTM_INDEX_FILTERS not set. Using the default filters, and passing through to the JavaScript extractor.'
$env:LGTM_INDEX_FILTERS = $DefaultPathFilters -join "`n"
}
# Find the JavaScript extractor directory via `codeql resolve extractor`.
$CodeQL = Join-Path $env:CODEQL_DIST 'codeql.exe'
$env:CODEQL_EXTRACTOR_JAVASCRIPT_ROOT = &$CodeQL resolve extractor --language javascript
$env:CODEQL_EXTRACTOR_JAVASCRIPT_ROOT = &"$CodeQL" resolve extractor --language javascript
if ($LASTEXITCODE -ne 0) {
throw 'Failed to resolve JavaScript extractor.'
}
@@ -40,7 +47,7 @@ $env:CODEQL_EXTRACTOR_JAVASCRIPT_SOURCE_ARCHIVE_DIR = $env:CODEQL_EXTRACTOR_ACTI
$env:CODEQL_EXTRACTOR_JAVASCRIPT_TRAP_DIR = $env:CODEQL_EXTRACTOR_ACTIONS_TRAP_DIR
$env:CODEQL_EXTRACTOR_JAVASCRIPT_WIP_DATABASE = $env:CODEQL_EXTRACTOR_ACTIONS_WIP_DATABASE
&$JavaScriptAutoBuild
&"$JavaScriptAutoBuild"
if ($LASTEXITCODE -ne 0) {
throw "JavaScript autobuilder failed."
}

3
actions/extractor/tools/autobuild.cmd
View File

@@ -1,3 +1,4 @@
@echo off
rem All of the work is done in the PowerShell script
powershell.exe %~dp0autobuild-impl.ps1
echo "Running PowerShell script at '%~dp0autobuild-impl.ps1'"
powershell.exe -File "%~dp0autobuild-impl.ps1"

22
actions/extractor/tools/autobuild.sh
View File

@@ -17,16 +17,28 @@ include:**/action.yaml
END
)
if [ -n "${LGTM_INDEX_INCLUDE:-}" ] || [ -n "${LGTM_INDEX_EXCLUDE:-}" ] || [ -n "${LGTM_INDEX_FILTERS:-}" ] ; then
echo "Path filters set. Passing them through to the JavaScript extractor."
if [ -n "${LGTM_INDEX_FILTERS:-}" ]; then
echo "LGTM_INDEX_FILTERS set. Using the default filters together with the user-provided filters, and passing through to the JavaScript extractor."
# Begin with the default path inclusions only,
# followed by the user-provided filters.
# If the user provided `paths`, those patterns override the default inclusions
# (because `LGTM_INDEX_FILTERS` will begin with `exclude:**/*`).
# If the user provided `paths-ignore`, those patterns are excluded.
PATH_FILTERS="$(cat << END
${DEFAULT_PATH_FILTERS}
${LGTM_INDEX_FILTERS}
END
)"
LGTM_INDEX_FILTERS="${PATH_FILTERS}"
export LGTM_INDEX_FILTERS
else
echo "No path filters set. Using the default filters."
echo "LGTM_INDEX_FILTERS not set. Using the default filters, and passing through to the JavaScript extractor."
LGTM_INDEX_FILTERS="${DEFAULT_PATH_FILTERS}"
export LGTM_INDEX_FILTERS
fi
# Find the JavaScript extractor directory via `codeql resolve extractor`.
CODEQL_EXTRACTOR_JAVASCRIPT_ROOT="$($CODEQL_DIST/codeql resolve extractor --language javascript)"
CODEQL_EXTRACTOR_JAVASCRIPT_ROOT="$("${CODEQL_DIST}/codeql" resolve extractor --language javascript)"
export CODEQL_EXTRACTOR_JAVASCRIPT_ROOT
echo "Found JavaScript extractor at '${CODEQL_EXTRACTOR_JAVASCRIPT_ROOT}'."
@@ -42,4 +54,4 @@ env CODEQL_EXTRACTOR_JAVASCRIPT_DIAGNOSTIC_DIR="${CODEQL_EXTRACTOR_ACTIONS_DIAGN
CODEQL_EXTRACTOR_JAVASCRIPT_SOURCE_ARCHIVE_DIR="${CODEQL_EXTRACTOR_ACTIONS_SOURCE_ARCHIVE_DIR}" \
CODEQL_EXTRACTOR_JAVASCRIPT_TRAP_DIR="${CODEQL_EXTRACTOR_ACTIONS_TRAP_DIR}" \
CODEQL_EXTRACTOR_JAVASCRIPT_WIP_DATABASE="${CODEQL_EXTRACTOR_ACTIONS_WIP_DATABASE}" \
${JAVASCRIPT_AUTO_BUILD}
"${JAVASCRIPT_AUTO_BUILD}"

5
actions/ql/integration-tests/filters-default/actions.ql Normal file
View File

@@ -0,0 +1,5 @@
import actions
from AstNode n
where n instanceof Workflow or n instanceof CompositeAction
select n

6
actions/ql/integration-tests/filters/actions.default-filters.expected Normal file
View File

@@ -0,0 +1,6 @@
| src/.github/action.yaml:1:1:11:32 | name: ' ... action' |
| src/.github/actions/action-name/action.yml:1:1:11:32 | name: ' ... action' |
| src/.github/workflows/workflow.yml:1:1:12:33 | name: A workflow |
| src/action.yml:1:1:11:32 | name: ' ... action' |
| src/excluded/action.yml:1:1:11:32 | name: ' ... action' |
| src/included/action.yml:1:1:11:32 | name: ' ... action' |

2
actions/ql/integration-tests/filters/actions.paths-and-paths-ignore.expected Normal file
View File

@@ -0,0 +1,2 @@
| src/included/action.yml:1:1:11:32 | name: ' ... action' |
| src/included/unreachable-workflow.yml:1:1:12:33 | name: A ... orkflow |

5
actions/ql/integration-tests/filters/actions.paths-ignore-only.expected Normal file
View File

@@ -0,0 +1,5 @@
| src/.github/action.yaml:1:1:11:32 | name: ' ... action' |
| src/.github/actions/action-name/action.yml:1:1:11:32 | name: ' ... action' |
| src/.github/workflows/workflow.yml:1:1:12:33 | name: A workflow |
| src/action.yml:1:1:11:32 | name: ' ... action' |
| src/included/action.yml:1:1:11:32 | name: ' ... action' |

2
actions/ql/integration-tests/filters/actions.paths-only.expected Normal file
View File

@@ -0,0 +1,2 @@
| src/included/action.yml:1:1:11:32 | name: ' ... action' |
| src/included/unreachable-workflow.yml:1:1:12:33 | name: A ... orkflow |

5
actions/ql/integration-tests/filters/actions.ql Normal file
View File

@@ -0,0 +1,5 @@
import actions
from AstNode n
where n instanceof Workflow or n instanceof CompositeAction
select n

4
actions/ql/integration-tests/filters/codeql-config.paths-and-paths-ignore.yml Normal file
View File

@@ -0,0 +1,4 @@
paths:
- 'included'
paths-ignore:
- 'excluded'

2
actions/ql/integration-tests/filters/codeql-config.paths-ignore-only.yml Normal file
View File

@@ -0,0 +1,2 @@
paths-ignore:
- 'excluded'

2
actions/ql/integration-tests/filters/codeql-config.paths-only.yml Normal file
View File

@@ -0,0 +1,2 @@
paths:
- 'included'

6
actions/ql/integration-tests/filters/source_archive.default-filters.expected Normal file
View File

@@ -0,0 +1,6 @@
src/.github/action.yaml
src/.github/actions/action-name/action.yml
src/.github/workflows/workflow.yml
src/action.yml
src/excluded/action.yml
src/included/action.yml

3
actions/ql/integration-tests/filters/source_archive.paths-and-paths-ignore.expected Normal file
View File

@@ -0,0 +1,3 @@
src/included/action.yml
src/included/not-an-action.yml
src/included/unreachable-workflow.yml

5
actions/ql/integration-tests/filters/source_archive.paths-ignore-only.expected Normal file
View File

@@ -0,0 +1,5 @@
src/.github/action.yaml
src/.github/actions/action-name/action.yml
src/.github/workflows/workflow.yml
src/action.yml
src/included/action.yml

3
actions/ql/integration-tests/filters/source_archive.paths-only.expected Normal file
View File

@@ -0,0 +1,3 @@
src/included/action.yml
src/included/not-an-action.yml
src/included/unreachable-workflow.yml

11
actions/ql/integration-tests/filters/src/.github/action.yaml vendored Normal file
View File

@@ -0,0 +1,11 @@
name: 'A composite action'
description: 'Do something'
runs:
using: "composite"
steps:
- name: Print
run: echo "Hello world"
shell: bash
- name: Checkout
uses: actions/checkout@v4

11
actions/ql/integration-tests/filters/src/.github/actions/action-name/action.yml vendored Normal file
View File

@@ -0,0 +1,11 @@
name: 'A composite action'
description: 'Do something'
runs:
using: "composite"
steps:
- name: Print
run: echo "Hello world"
shell: bash
- name: Checkout
uses: actions/checkout@v4

12
actions/ql/integration-tests/filters/src/.github/unreachable-workflow.yml vendored Normal file
View File

@@ -0,0 +1,12 @@
name: An unreachable workflow
on:
push:
branches:
- main
jobs:
job:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4

12
actions/ql/integration-tests/filters/src/.github/workflows/workflow.yml vendored Normal file
View File

@@ -0,0 +1,12 @@
name: A workflow
on:
push:
branches:
- main
jobs:
job:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4

11
actions/ql/integration-tests/filters/src/action.yml Normal file
View File

@@ -0,0 +1,11 @@
name: 'A composite action'
description: 'Do something'
runs:
using: "composite"
steps:
- name: Print
run: echo "Hello world"
shell: bash
- name: Checkout
uses: actions/checkout@v4

11
actions/ql/integration-tests/filters/src/excluded/action.yml Normal file
View File

@@ -0,0 +1,11 @@
name: 'A composite action'
description: 'Do something'
runs:
using: "composite"
steps:
- name: Print
run: echo "Hello world"
shell: bash
- name: Checkout
uses: actions/checkout@v4

12
actions/ql/integration-tests/filters/src/excluded/unreachable-workflow.yml Normal file
View File

@@ -0,0 +1,12 @@
name: An unreachable workflow
on:
push:
branches:
- main
jobs:
job:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4

11
actions/ql/integration-tests/filters/src/included/action.yml Normal file
View File

@@ -0,0 +1,11 @@
name: 'A composite action'
description: 'Do something'
runs:
using: "composite"
steps:
- name: Print
run: echo "Hello world"
shell: bash
- name: Checkout
uses: actions/checkout@v4

1
actions/ql/integration-tests/filters/src/included/not-an-action.yml Normal file
View File

@@ -0,0 +1 @@
name: 'Not an action, just a YAML file'

12
actions/ql/integration-tests/filters/src/included/unreachable-workflow.yml Normal file
View File

@@ -0,0 +1,12 @@
name: An unreachable workflow
on:
push:
branches:
- main
jobs:
job:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4

12
actions/ql/integration-tests/filters/src/unreachable-workflow.yml Normal file
View File

@@ -0,0 +1,12 @@
name: An unreachable workflow
on:
push:
branches:
- main
jobs:
job:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4

18
actions/ql/integration-tests/filters/test.py Executable file
View File

@@ -0,0 +1,18 @@
import pytest
@pytest.mark.ql_test(expected=".default-filters.expected")
def test_default_filters(codeql, actions, check_source_archive):
check_source_archive.expected_suffix = ".default-filters.expected"
codeql.database.create(source_root="src")
@pytest.mark.ql_test(expected=".paths-only.expected")
def test_config_paths_only(codeql, actions):
codeql.database.create(source_root="src", codescanning_config="codeql-config.paths-only.yml")
@pytest.mark.ql_test(expected=".paths-ignore-only.expected")
def test_config_paths_ignore_only(codeql, actions):
codeql.database.create(source_root="src", codescanning_config="codeql-config.paths-ignore-only.yml")
@pytest.mark.ql_test(expected=".paths-and-paths-ignore.expected")
def test_config_paths_and_paths_ignore(codeql, actions):
codeql.database.create(source_root="src", codescanning_config="codeql-config.paths-and-paths-ignore.yml")

24
cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll
View File

@@ -465,7 +465,7 @@ private predicate isFunctionConstructedFrom(Function f, Function templateFunc) {
}
/** Gets the fully templated version of `f`. */
private Function getFullyTemplatedFunction(Function f) {
Function getFullyTemplatedFunction(Function f) {
not f.isFromUninstantiatedTemplate(_) and
(
exists(Class c, Class templateClass, int i |
@@ -559,12 +559,15 @@ private string getTypeName(Type t, boolean needsSpace) {
/**
* Gets a type name for the `n`'th parameter of `f` without any template
* arguments. The result may be a string representing a type for which the
* typedefs have been resolved.
* arguments.
*
* If `canonical = false` then the result may be a string representing a type
* for which the typedefs have been resolved. If `canonical = true` then the
* result will be a string representing a type without resolving `typedefs`.
*/
bindingset[f]
pragma[inline_late]
string getParameterTypeWithoutTemplateArguments(Function f, int n) {
string getParameterTypeWithoutTemplateArguments(Function f, int n, boolean canonical) {
exists(string s, string base, string specifiers, Type t |
t = f.getParameter(n).getType() and
// The name of the string can either be the possibly typedefed name
@@ -572,14 +575,19 @@ string getParameterTypeWithoutTemplateArguments(Function f, int n) {
// `getTypeName(t, _)` is almost equal to `t.resolveTypedefs().getName()`,
// except that `t.resolveTypedefs()` doesn't have a result when the
// resulting type doesn't appear in the database.
s = [t.getName(), getTypeName(t, _)] and
(
s = t.getName() and canonical = true
or
s = getTypeName(t, _) and canonical = false
) and
parseAngles(s, base, _, specifiers) and
result = base + specifiers
)
or
f.isVarargs() and
n = f.getNumberOfParameters() and
result = "..."
result = "..." and
canonical = true
}
/**
@@ -590,7 +598,7 @@ private string getTypeNameWithoutFunctionTemplates(Function f, int n, int remain
exists(Function templateFunction |
templateFunction = getFullyTemplatedFunction(f) and
remaining = templateFunction.getNumberOfTemplateArguments() and
result = getParameterTypeWithoutTemplateArguments(templateFunction, n)
result = getParameterTypeWithoutTemplateArguments(templateFunction, n, _)
)
or
exists(string mid, TypeTemplateParameter tp, Function templateFunction |
@@ -627,7 +635,7 @@ private string getTypeNameWithoutClassTemplates(Function f, int n, int remaining
}
/** Gets the string representation of the `i`'th parameter of `c`. */
private string getParameterTypeName(Function c, int i) {
string getParameterTypeName(Function c, int i) {
result = getTypeNameWithoutClassTemplates(c, i, 0)
}

46
cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll
View File

@@ -371,7 +371,7 @@ private class PrimaryArgumentNode extends ArgumentNode, OperandNode {
PrimaryArgumentNode() { exists(CallInstruction call | op = call.getAnArgumentOperand()) }
override predicate argumentOf(DataFlowCall call, ArgumentPosition pos) {
op = call.getArgumentOperand(pos.(DirectPosition).getIndex())
op = call.getArgumentOperand(pos.(DirectPosition).getArgumentIndex())
}
}
@@ -410,8 +410,16 @@ class ParameterPosition = Position;
class ArgumentPosition = Position;
abstract class Position extends TPosition {
/** Gets a textual representation of this position. */
abstract string toString();
/**
* Gets the argument index of this position. The qualifier of a call has
* argument index `-1`.
*/
abstract int getArgumentIndex();
/** Gets the indirection index of this position. */
abstract int getIndirectionIndex();
}
@@ -428,7 +436,7 @@ class DirectPosition extends Position, TDirectPosition {
result = index.toString()
}
int getIndex() { result = index }
override int getArgumentIndex() { result = index }
final override int getIndirectionIndex() { result = 0 }
}
@@ -445,16 +453,29 @@ class IndirectionPosition extends Position, TIndirectionPosition {
else result = repeatStars(indirectionIndex) + argumentIndex.toString()
}
int getArgumentIndex() { result = argumentIndex }
override int getArgumentIndex() { result = argumentIndex }
final override int getIndirectionIndex() { result = indirectionIndex }
}
newtype TPosition =
TDirectPosition(int argumentIndex) { exists(any(CallInstruction c).getArgument(argumentIndex)) } or
TDirectPosition(int argumentIndex) {
exists(any(CallInstruction c).getArgument(argumentIndex))
or
// Handle the rare case where there is a function definition but no call to
// the function.
exists(any(Cpp::Function f).getParameter(argumentIndex))
} or
TIndirectionPosition(int argumentIndex, int indirectionIndex) {
Ssa::hasIndirectOperand(any(CallInstruction call).getArgumentOperand(argumentIndex),
indirectionIndex)
or
// Handle the rare case where there is a function definition but no call to
// the function.
exists(Cpp::Function f, Cpp::Parameter p |
p = f.getParameter(argumentIndex) and
indirectionIndex = [1 .. Ssa::getMaxIndirectionsForType(p.getUnspecifiedType()) - 1]
)
}
private newtype TReturnKind =
@@ -501,6 +522,15 @@ class ReturnKind extends TReturnKind {
/** Gets a textual representation of this return kind. */
abstract string toString();
/** Holds if this `ReturnKind` is generated from a `return` statement. */
abstract predicate isNormalReturn();
/**
* Holds if this `ReturnKind` is generated from a write to the parameter with
* index `argumentIndex`
*/
abstract predicate isIndirectReturn(int argumentIndex);
}
/**
@@ -514,6 +544,10 @@ class NormalReturnKind extends ReturnKind, TNormalReturnKind {
override int getIndirectionIndex() { result = indirectionIndex }
override string toString() { result = "indirect return" }
override predicate isNormalReturn() { any() }
override predicate isIndirectReturn(int argumentIndex) { none() }
}
/**
@@ -528,6 +562,10 @@ private class IndirectReturnKind extends ReturnKind, TIndirectReturnKind {
override int getIndirectionIndex() { result = indirectionIndex }
override string toString() { result = "indirect outparam[" + argumentIndex.toString() + "]" }
override predicate isNormalReturn() { none() }
override predicate isIndirectReturn(int argumentIndex_) { argumentIndex_ = argumentIndex }
}
/** A data flow node that occurs as the result of a `ReturnStmt`. */

6
cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll
View File

@@ -1445,7 +1445,7 @@ private class ExplicitParameterInstructionNode extends AbstractExplicitParameter
ExplicitParameterInstructionNode() { exists(instr.getParameter()) }
override predicate isSourceParameterOf(Function f, ParameterPosition pos) {
f.getParameter(pos.(DirectPosition).getIndex()) = instr.getParameter()
f.getParameter(pos.(DirectPosition).getArgumentIndex()) = instr.getParameter()
}
override string toStringImpl() { result = instr.getParameter().toString() }
@@ -1460,7 +1460,7 @@ class ThisParameterInstructionNode extends AbstractExplicitParameterNode,
ThisParameterInstructionNode() { instr.getIRVariable() instanceof IRThisVariable }
override predicate isSourceParameterOf(Function f, ParameterPosition pos) {
pos.(DirectPosition).getIndex() = -1 and
pos.(DirectPosition).getArgumentIndex() = -1 and
instr.getEnclosingFunction() = f
}
@@ -1494,7 +1494,7 @@ private class DirectBodyLessParameterNode extends AbstractExplicitParameterNode,
override predicate isSourceParameterOf(Function f, ParameterPosition pos) {
this.getFunction() = f and
f.getParameter(pos.(DirectPosition).getIndex()) = p
f.getParameter(pos.(DirectPosition).getArgumentIndex()) = p
}
override Parameter getParameter() { result = p }

4
cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/TaintTrackingUtil.qll
View File

@@ -229,11 +229,11 @@ private module SpeculativeTaintFlow {
not exists(DataFlowDispatch::viableCallable(call)) and
src.(DataFlowPrivate::ArgumentNode).argumentOf(call, argpos)
|
not argpos.(DirectPosition).getIndex() = -1 and
not argpos.(DirectPosition).getArgumentIndex() = -1 and
sink.(PostUpdateNode)
.getPreUpdateNode()
.(DataFlowPrivate::ArgumentNode)
.argumentOf(call, any(DirectPosition qualpos | qualpos.getIndex() = -1))
.argumentOf(call, any(DirectPosition qualpos | qualpos.getArgumentIndex() = -1))
or
sink.(DataFlowPrivate::OutNode).getCall() = call
)

6
csharp/ql/integration-tests/all-platforms/diag_missing_project_files/test.py
View File

@@ -1,2 +1,8 @@
import pytest
import runs_on
# Skipping the test on macos-15, as we're running into trouble.
@pytest.mark.only_if(not runs_on.macos_15)
def test(codeql, csharp):
codeql.database.create(_assert_failure=True)

7
csharp/ql/integration-tests/posix/standalone_dependencies_no_framework/test.py
View File

@@ -3,8 +3,11 @@ import pytest
import os
# Skipping the test on the ARM runners, as we're running into trouble with Mono and nuget.
@pytest.mark.only_if(runs_on.linux or (runs_on.macos and runs_on.x86_64))
# Skipping the test on the ARM runners and macos-15, as we're running into trouble with Mono and nuget.
@pytest.mark.only_if(
runs_on.linux
or (runs_on.macos and runs_on.x86_64 and not runs_on.macos_15)
)
def test(codeql, csharp):
os.environ["CODEQL_EXTRACTOR_CSHARP_BUILDLESS_DOTNET_FRAMEWORK_REFERENCES"] = (
"/non-existent-path"

7
csharp/ql/integration-tests/posix/standalone_dependencies_nuget with_space/test.py
View File

@@ -3,8 +3,11 @@ import runs_on
import pytest
# Skipping the test on the ARM runners, as we're running into trouble with Mono and nuget.
@pytest.mark.only_if(runs_on.linux or (runs_on.macos and runs_on.x86_64))
# Skipping the test on the ARM runners and macos-15, as we're running into trouble with Mono and nuget.
@pytest.mark.only_if(
runs_on.linux
or (runs_on.macos and runs_on.x86_64 and not runs_on.macos_15)
)
def test(codeql, csharp):
# making sure we're not doing any fallback restore:
os.environ["CODEQL_EXTRACTOR_CSHARP_BUILDLESS_NUGET_FEEDS_CHECK_FALLBACK_TIMEOUT"] = "1"

7
csharp/ql/integration-tests/posix/standalone_dependencies_nuget/test.py
View File

@@ -2,7 +2,10 @@ import runs_on
import pytest
# Skipping the test on the ARM runners, as we're running into trouble with Mono and nuget.
@pytest.mark.only_if(runs_on.linux or (runs_on.macos and runs_on.x86_64))
# Skipping the test on the ARM runners and macos-15, as we're running into trouble with Mono and nuget.
@pytest.mark.only_if(
runs_on.linux
or (runs_on.macos and runs_on.x86_64 and not runs_on.macos_15)
)
def test(codeql, csharp):
codeql.database.create(build_mode="none")

5
csharp/ql/integration-tests/posix/standalone_dependencies_nuget_no_sources/test.py
View File

@@ -3,6 +3,9 @@ import pytest
# Skipping the test on the ARM runners, as we're running into trouble with Mono and nuget.
@pytest.mark.only_if(runs_on.linux or (runs_on.macos and runs_on.x86_64))
@pytest.mark.only_if(
runs_on.linux
or (runs_on.macos and runs_on.x86_64 and not runs_on.macos_15)
)
def test(codeql, csharp):
codeql.database.create(source_root="proj", build_mode="none")

10
csharp/ql/src/utils/modelgenerator/internal/CaptureModels.qll
View File

@@ -22,10 +22,16 @@ module ModelGeneratorInput implements ModelGeneratorInputSig<Location, CsharpDat
class Callable = CS::Callable;
class NodeExtended extends CS::DataFlow::Node {
Callable getAsExprEnclosingCallable() { result = this.asExpr().getEnclosingCallable() }
class NodeExtended = CS::DataFlow::Node;
Callable getAsExprEnclosingCallable(NodeExtended node) {
result = node.asExpr().getEnclosingCallable()
}
Callable getEnclosingCallable(NodeExtended node) { result = node.getEnclosingCallable() }
Parameter asParameter(NodeExtended node) { result = node.asParameter() }
/**
* Holds if any of the parameters of `api` are `System.Func<>`.
*/

2
docs/codeql/codeql-language-guides/codeql-for-actions.rst
View File

@@ -12,6 +12,6 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat
codeql-library-for-actions
customizing-library-models-for-actions
- :doc:`CodeQL library for GitHub Actions <codeql-library-for-actions>`: When you're analyzing a Ruby program, you can make use of the large collection of classes in the CodeQL library for GitHub Actions.
- :doc:`CodeQL library for GitHub Actions <codeql-library-for-actions>`: When you're analyzing GitHub Actions code, you can make use of the large collection of classes in the CodeQL library for GitHub Actions.
- :doc:`Customizing library models for GitHub Actions <customizing-library-models-for-actions>`: You can model frameworks and libraries that your codebase depends on using data extensions and publish them as CodeQL model packs.

25
docs/codeql/codeql-language-guides/codeql-library-for-actions.rst
View File

@@ -95,7 +95,7 @@ to all AST classes:
* - ``getAChildNode()``
- Gets a child node of this node.
* - ``getParentNode()``
- Gets the parent of this `AstNode`, if this node is not a root node.
- Gets the parent of this ``AstNode``, if this node is not a root node.
* - ``getATriggerEvent()``
- Gets an Actions trigger event that can start the enclosing Actions workflow, if any.
@@ -104,9 +104,9 @@ Workflows
~~~~~~~~~
A workflow is a configurable automated process made up of one or more jobs,
defined in a workflow YAML file in the `.github/workflows` directory of a GitHub repository.
defined in a workflow YAML file in the ``.github/workflows`` directory of a GitHub repository.
In the CodeQL AST library, a `Workflow` is an `AstNode` representing the mapping at the top level of an Actions YAML workflow file.
In the CodeQL AST library, a ``Workflow`` is an ``AstNode`` representing the mapping at the top level of an Actions YAML workflow file.
See the GitHub Actions documentation on `workflows <https://docs.github.com/en/actions/writing-workflows/about-workflows>`__ and `workflow syntax <https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions>`__ for more information.
@@ -116,16 +116,17 @@ See the GitHub Actions documentation on `workflows <https://docs.github.com/en/a
* - CodeQL class
- Description and selected predicates
* - ``Workflow``
- An Actions workflow, defined as a mapping at the top level of a workflow YAML file in `.github/workflows`. See https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions.
- `getAJob()` - Gets a job within the `jobs` mapping of this workflow.
- `getEnv()` - Gets an `env` mapping within this workflow declaring workflow-level environment variables, if any.
- `getJob(string jobId)` - Gets a job within the `jobs` mapping of this workflow with the given job ID.
- `getOn()` - Gets the `on` mapping defining the events that trigger this workflow.
- `getPermissions()` - Gets a `permissions` mapping within this workflow declaring workflow-level token permissions, if any.
- `getStrategy()` - Gets a `strategy` mapping for the jobs in this workflow, if any.
- `getName()` - Gets the name of this workflow, if defined within the workflow.
- An Actions workflow, defined as a mapping at the top level of a workflow YAML file in ``.github/workflows``. See https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions.
The following example lists all jobs in a workflow with the name declaration `name: test`:
- ``getAJob()`` - Gets a job within the ``jobs`` mapping of this workflow.
- ``getEnv()`` - Gets an ``env`` mapping within this workflow declaring workflow-level environment variables, if any.
- ``getJob(string jobId)`` - Gets a job within the ``jobs`` mapping of this workflow with the given job ID.
- ``getOn()`` - Gets the ``on`` mapping defining the events that trigger this workflow.
- ``getPermissions()`` - Gets a ``permissions`` mapping within this workflow declaring workflow-level token permissions, if any.
- ``getStrategy()`` - Gets a ``strategy`` mapping for the jobs in this workflow, if any.
- ``getName()`` - Gets the name of this workflow, if defined within the workflow.
The following example lists all jobs in a workflow with the name declaration ``name: test``:
.. code-block:: ql

2
docs/codeql/codeql-language-guides/customizing-library-models-for-actions.rst
View File

@@ -1,6 +1,6 @@
.. _customizing-library-models-for-actions:
Customizing Library Models for GitHub Actions
Customizing library models for GitHub Actions
=============================================
.. include:: ../reusables/beta-note-customizing-library-models.rst

2
docs/codeql/codeql-language-guides/customizing-library-models-for-ruby.rst
View File

@@ -1,7 +1,7 @@
.. _customizing-library-models-for-ruby:
Customizing Library Models for Ruby
Customizing library models for Ruby
===================================
.. include:: ../reusables/beta-note-customizing-library-models.rst

2
docs/codeql/codeql-language-guides/index.rst
View File

@@ -7,9 +7,9 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat
.. toctree::
codeql-for-actions
codeql-for-cpp
codeql-for-csharp
codeql-for-actions
codeql-for-go
codeql-for-java
codeql-for-javascript

2
docs/codeql/query-help/index.rst
View File

@@ -29,9 +29,9 @@ For a full list of the CWEs covered by these queries, see ":doc:`CodeQL CWE cove
:hidden:
:titlesonly:
actions
cpp
csharp
actions
go
java
javascript

4
docs/codeql/reusables/supported-frameworks.rst
View File

@@ -54,8 +54,8 @@ and the CodeQL library pack ``codeql/actions-all`` (`changelog <https://github.c
:align: left
Name, Category
`GitHub Actions workflow YAML files <https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions>`, Workflows
`GitHub Actions action metadata YAML files <https://docs.github.com/en/actions/sharing-automations/creating-actions/metadata-syntax-for-github-actions>`, Actions
`GitHub Actions workflow YAML files <https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions>`__, Workflows
`GitHub Actions action metadata YAML files <https://docs.github.com/en/actions/sharing-automations/creating-actions/metadata-syntax-for-github-actions>`__, Actions
Go built-in support
================================

4
go/documentation/library-coverage/coverage.csv
View File

@@ -56,7 +56,7 @@ github.com/gobuffalo/envy,,7,,,,,,,,,,,,,,,,,,,,7,,,,,
github.com/gobwas/ws,,2,,,,,,,,,,,,,,,,,,,,,,2,,,
github.com/gofiber/fiber,5,,,,,,,,4,,,,,,,,,1,,,,,,,,,
github.com/gogf/gf-jwt,1,,,,1,,,,,,,,,,,,,,,,,,,,,,
github.com/gogf/gf/database/gdb,51,,,,,,,,,,,,,,51,,,,,,,,,,,,
github.com/gogf/gf/database/gdb,51,39,21,,,,,,,,,,,,51,,,,,,39,,,,,21,
github.com/going/toolkit/xmlpath,2,,,,,,,,,,,,,,,,,,2,,,,,,,,
github.com/golang-jwt/jwt,3,,11,,2,1,,,,,,,,,,,,,,,,,,,,11,
github.com/golang/glog,90,,,,,,90,,,,,,,,,,,,,,,,,,,,
@@ -94,7 +94,7 @@ github.com/sendgrid/sendgrid-go/helpers/mail,,,1,,,,,,,,,,,,,,,,,,,,,,,1,
github.com/sirupsen/logrus,145,,,,,,145,,,,,,,,,,,,,,,,,,,,
github.com/spf13/afero,34,,,,,,,,34,,,,,,,,,,,,,,,,,,
github.com/square/go-jose,3,,4,,2,1,,,,,,,,,,,,,,,,,,,,4,
github.com/uptrace/bun,63,,,,,,,,,,,,,,63,,,,,,,,,,,,
github.com/uptrace/bun,63,8,,,,,,,,,,,,,63,,,,,,8,,,,,,
github.com/valyala/fasthttp,35,50,5,,,,,,8,,,,17,8,,2,,,,,,,,50,,5,
go.mongodb.org/mongo-driver/mongo,14,11,5,,,,,14,,,,,,,,,,,,,11,,,,,5,
go.uber.org/zap,33,,11,,,,33,,,,,,,,,,,,,,,,,,,11,
1 package sink source summary sink:command-injection sink:credentials-key sink:jwt sink:log-injection sink:nosql-injection sink:path-injection sink:regex-use[0] sink:regex-use[1] sink:regex-use[c] sink:request-forgery sink:request-forgery[TCP Addr + Port] sink:sql-injection sink:url-redirection sink:url-redirection[0] sink:url-redirection[receiver] sink:xpath-injection source:commandargs source:database source:environment source:file source:remote source:stdin summary:taint summary:value
56 github.com/gobwas/ws 2 2
57 github.com/gofiber/fiber 5 4 1
58 github.com/gogf/gf-jwt 1 1
59 github.com/gogf/gf/database/gdb 51 39 21 51 39 21
60 github.com/going/toolkit/xmlpath 2 2
61 github.com/golang-jwt/jwt 3 11 2 1 11
62 github.com/golang/glog 90 90
94 github.com/sirupsen/logrus 145 145
95 github.com/spf13/afero 34 34
96 github.com/square/go-jose 3 4 2 1 4
97 github.com/uptrace/bun 63 8 63 8
98 github.com/valyala/fasthttp 35 50 5 8 17 8 2 50 5
99 go.mongodb.org/mongo-driver/mongo 14 11 5 14 11 5
100 go.uber.org/zap 33 11 33 11

6
go/documentation/library-coverage/coverage.rst
View File

@@ -8,7 +8,7 @@ Go framework & library support
Framework / library,Package,Flow sources,Taint & value steps,Sinks (total)
`Afero <https://github.com/spf13/afero>`_,``github.com/spf13/afero*``,,,34
`Bun <https://bun.uptrace.dev/>`_,``github.com/uptrace/bun*``,,,63
`Bun <https://bun.uptrace.dev/>`_,``github.com/uptrace/bun*``,8,,63
`CleverGo <https://github.com/clevergo/clevergo>`_,"``clevergo.tech/clevergo*``, ``github.com/clevergo/clevergo*``",,,2
`Couchbase official client(gocb) <https://github.com/couchbase/gocb>`_,"``github.com/couchbase/gocb*``, ``gopkg.in/couchbase/gocb*``",44,96,16
`Couchbase unofficial client <http://www.github.com/couchbase/go-couchbase>`_,``github.com/couchbaselabs/gocb*``,22,48,8
@@ -22,7 +22,7 @@ Go framework & library support
`Go kit <https://gokit.io/>`_,``github.com/go-kit/kit*``,,,1
`Go-spew <https://github.com/davecgh/go-spew>`_,``github.com/davecgh/go-spew/spew*``,,,9
`GoDotEnv <https://github.com/joho/godotenv>`_,``github.com/joho/godotenv*``,4,,
`GoFrame <https://goframe.org/en/>`_,``github.com/gogf/gf*``,,,51
`GoFrame <https://goframe.org/en/>`_,``github.com/gogf/gf*``,39,21,51
`Gokogiri <https://github.com/moovweb/gokogiri>`_,"``github.com/jbowtie/gokogiri*``, ``github.com/moovweb/gokogiri*``",,,10
`Iris <https://www.iris-go.com/>`_,``github.com/kataras/iris*``,,,14
`Kubernetes <https://kubernetes.io/>`_,"``k8s.io/api*``, ``k8s.io/apimachinery*``",,57,
@@ -74,5 +74,5 @@ Go framework & library support
`yaml <https://gopkg.in/yaml.v3>`_,``gopkg.in/yaml*``,,9,
`zap <https://go.uber.org/zap>`_,``go.uber.org/zap*``,,11,33
Others,``github.com/kanikanema/gorqlite``,8,2,24
Totals,,641,1048,1556
Totals,,688,1069,1556

4
go/extractor/go.mod
View File

@@ -10,7 +10,7 @@ toolchain go1.24.0
// bazel mod tidy
require (
golang.org/x/mod v0.24.0
golang.org/x/tools v0.31.0
golang.org/x/tools v0.32.0
)
require golang.org/x/sync v0.12.0 // indirect
require golang.org/x/sync v0.13.0 // indirect

8
go/extractor/go.sum
View File

@@ -2,7 +2,7 @@ github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
golang.org/x/mod v0.24.0 h1:ZfthKaKaT4NrhGVZHO1/WDTwGES4De8KtWO0SIbNJMU=
golang.org/x/mod v0.24.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww=
golang.org/x/sync v0.12.0 h1:MHc5BpPuC30uJk597Ri8TV3CNZcTLu6B6z4lJy+g6Jw=
golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
golang.org/x/tools v0.31.0 h1:0EedkvKDbh+qistFTd0Bcwe/YLh4vHwWEkiI0toFIBU=
golang.org/x/tools v0.31.0/go.mod h1:naFTU+Cev749tSJRXJlna0T3WxKvb1kWEx15xA4SdmQ=
golang.org/x/sync v0.13.0 h1:AauUjRAJ9OSnvULf/ARrrVywoJDy0YS2AwQ98I37610=
golang.org/x/sync v0.13.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
golang.org/x/tools v0.32.0 h1:Q7N1vhpkQv7ybVzLFtTjvQya2ewbwNDZzUgfXGqtMWU=
golang.org/x/tools v0.32.0/go.mod h1:ZxrU41P/wAbZD8EDa6dDCa6XfpkhJ7HFMjHJXfBDu8s=

2
go/extractor/toolchain/toolchain.go
View File

@@ -259,7 +259,7 @@ func GetPkgsInfo(patterns []string, includingDeps bool, extractTests bool, flags
break
}
if decErr != nil {
log.Printf("Error decoding output of go list -json: %s", err.Error())
log.Printf("Error decoding output of go list -json: %s", decErr.Error())
return nil, decErr
}
pkgAbsDir, err := filepath.Abs(pkgInfo.Dir)

2
go/ql/test/experimental/CWE-285/vendor/modules.txt vendored
View File

@@ -1,3 +1,3 @@
# github.com/msteinert/pam v1.0.0
## explicit
github.com/msteinert/pam
github.com/msteinert/pam

2
go/ql/test/experimental/CWE-321-V2/vendor/modules.txt vendored
View File

@@ -1,6 +1,6 @@
# github.com/go-jose/go-jose/v3 v3.0.0
## explicit
github.com/go-jose/go-jose/v3
github.com/go-jose/go-jose/v3/jwt
# github.com/golang-jwt/jwt/v5 v5.0.0
## explicit
github.com/golang-jwt/jwt/v5

11
go/ql/test/experimental/CWE-522-DecompressionBombs/vendor/modules.txt vendored
View File

@@ -3,13 +3,20 @@
github.com/DataDog/zstd
# github.com/dsnet/compress v0.0.1
## explicit
github.com/dsnet/compress
github.com/dsnet/compress/bzip2
github.com/dsnet/compress/flate
# github.com/golang/snappy v0.0.4
## explicit
github.com/golang/snappy
# github.com/klauspost/compress v1.16.6
## explicit
github.com/klauspost/compress
github.com/klauspost/compress/zstd
github.com/klauspost/compress/snappy
github.com/klauspost/compress/s2
github.com/klauspost/compress/zlib
github.com/klauspost/compress/zip
github.com/klauspost/compress/flate
github.com/klauspost/compress/gzip
# github.com/klauspost/pgzip v1.2.6
## explicit
github.com/klauspost/pgzip

2
go/ql/test/library-tests/semmle/go/concepts/LoggerCall/vendor/github.com/golang/glog/stub.go generated vendored
View File

@@ -7,8 +7,6 @@
// Package glog is a stub of github.com/golang/glog, generated by depstubber.
package glog
import ()
func Error(_ ...interface{}) {}
func ErrorDepth(_ int, _ ...interface{}) {}

2
go/ql/test/library-tests/semmle/go/concepts/LoggerCall/vendor/k8s.io/klog/stub.go generated vendored
View File

@@ -7,8 +7,6 @@
// Package klog is a stub of k8s.io/klog, generated by depstubber.
package klog
import ()
func Error(_ ...interface{}) {}
func ErrorDepth(_ int, _ ...interface{}) {}

5
go/ql/test/library-tests/semmle/go/concepts/LoggerCall/vendor/modules.txt vendored
View File

@@ -1,14 +1,9 @@
# github.com/github/depstubber v0.0.0-20200916130315-f3217697abd4
## explicit
# github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b
## explicit
github.com/golang/glog
# github.com/sirupsen/logrus v1.7.0
## explicit
github.com/sirupsen/logrus
# golang.org/x/sys v0.0.0-20191026070338-33540a1f6037
golang.org/x/sys/unix
golang.org/x/sys/windows
# k8s.io/klog v1.0.0
## explicit
k8s.io/klog

6
go/ql/test/library-tests/semmle/go/frameworks/Beego/vendor/modules.txt vendored
View File

@@ -1,6 +1,10 @@
# github.com/astaxie/beego v1.12.3
## explicit
github.com/astaxie/beego
github.com/astaxie/beego/context
github.com/astaxie/beego/logs
github.com/astaxie/beego/utils
# github.com/beego/beego/v2 v2.1.2
## explicit
github.com/beego/beego/v2
github.com/beego/beego/v2/server/web
github.com/beego/beego/v2/server/web/context

1
go/ql/test/library-tests/semmle/go/frameworks/ElazarlGoproxy/vendor/modules.txt vendored
View File

@@ -3,3 +3,4 @@
github.com/elazarl/goproxy
# github.com/github/depstubber v0.0.0-20201214172518-12c3da4b7c9d
## explicit
github.com/github/depstubber

2
go/ql/test/library-tests/semmle/go/frameworks/Email/vendor/github.com/sendgrid/sendgrid-go/helpers/mail/stub.go generated vendored
View File

@@ -7,8 +7,6 @@
// Package mail is a stub of github.com/sendgrid/sendgrid-go/helpers/mail, generated by depstubber.
package mail
import ()
type Asm struct {
GroupID int
GroupsToDisplay []int

2
go/ql/test/library-tests/semmle/go/frameworks/Email/vendor/modules.txt vendored
View File

@@ -1,3 +1,3 @@
# github.com/sendgrid/sendgrid-go v3.5.0+incompatible
## explicit
github.com/sendgrid/sendgrid-go
github.com/sendgrid/sendgrid-go/helpers/mail

1
go/ql/test/library-tests/semmle/go/frameworks/Gin/vendor/modules.txt vendored
View File

@@ -1,3 +1,4 @@
# github.com/gin-gonic/gin v1.6.2
## explicit
github.com/gin-gonic/gin
github.com/gin-gonic/gin/binding

7
go/ql/test/library-tests/semmle/go/frameworks/GoMicro/vendor/modules.txt vendored
View File

@@ -1,6 +1,11 @@
# go-micro.dev/v4 v4.10.2
## explicit
go-micro.dev/v4
go-micro.dev/v4/api
go-micro.dev/v4/client
go-micro.dev/v4/server
# google.golang.org/protobuf v1.28.1
## explicit
google.golang.org/protobuf
google.golang.org/protobuf/proto
google.golang.org/protobuf/reflect/protoreflect
google.golang.org/protobuf/runtime/protoimpl

2
go/ql/test/library-tests/semmle/go/frameworks/Iris/vendor/modules.txt vendored
View File

@@ -1,6 +1,6 @@
# github.com/kataras/iris/v12 v12.2.5
## explicit
github.com/kataras/iris/v12
github.com/kataras/iris/v12/context
# github.com/Shopify/goreferrer v0.0.0-20220729165902-8cddb4f5de06
## explicit
github.com/Shopify/goreferrer

2
go/ql/test/library-tests/semmle/go/frameworks/K8sIoApiCoreV1/vendor/k8s.io/api/core/v1/stub.go generated vendored
View File

@@ -7,8 +7,6 @@
// Package core is a stub of k8s.io/api/core/v1, generated by depstubber.
package core
import ()
type Secret struct {
TypeMeta interface{}
ObjectMeta interface{}

2
go/ql/test/library-tests/semmle/go/frameworks/K8sIoApiCoreV1/vendor/k8s.io/apimachinery/pkg/runtime/stub.go generated vendored
View File

@@ -7,8 +7,6 @@
// Package runtime is a stub of k8s.io/apimachinery/pkg/runtime, generated by depstubber.
package runtime
import ()
type ProtobufMarshaller interface {
MarshalTo(_ []byte) (int, error)
}

5
go/ql/test/library-tests/semmle/go/frameworks/K8sIoApiCoreV1/vendor/modules.txt vendored
View File

@@ -1,6 +1,7 @@
# k8s.io/api v0.20.0
## explicit
k8s.io/api
k8s.io/api/core/v1
k8s.io/apimachinery/pkg/runtime
# k8s.io/apimachinery v0.20.0
## explicit
k8s.io/apimachinery
k8s.io/apimachinery/pkg/runtime

2
go/ql/test/library-tests/semmle/go/frameworks/K8sIoApimachineryPkgRuntime/vendor/k8s.io/apimachinery/pkg/runtime/schema/stub.go generated vendored
View File

@@ -7,8 +7,6 @@
// Package schema is a stub of k8s.io/apimachinery/pkg/runtime/schema, generated by depstubber.
package schema
import ()
type GroupKind struct {
Group string
Kind string

4
go/ql/test/library-tests/semmle/go/frameworks/K8sIoApimachineryPkgRuntime/vendor/modules.txt vendored
View File

@@ -1,3 +1,5 @@
# k8s.io/apimachinery v0.19.4
## explicit
k8s.io/apimachinery
k8s.io/apimachinery/pkg/conversion
k8s.io/apimachinery/pkg/runtime
k8s.io/apimachinery/pkg/runtime/schema

2
go/ql/test/library-tests/semmle/go/frameworks/K8sIoClientGo/vendor/modules.txt vendored
View File

@@ -18,7 +18,7 @@ golang.org/x/oauth2
golang.org/x/time
# k8s.io/client-go v0.19.0
## explicit
k8s.io/client-go
k8s.io/client-go/kubernetes/typed/core/v1
# k8s.io/utils v0.0.0-20201110183641-67b214c5f920
## explicit
k8s.io/utils

7
go/ql/test/library-tests/semmle/go/frameworks/NoSQL/vendor/modules.txt vendored
View File

@@ -1,6 +1,3 @@
# go.mongodb.org/mongo-driver v1.3.2
## explicit
go.mongodb.org/mongo-driver
# github.com/couchbase/gocb/v2 v2.2.0
## explicit
github.com/couchbase/gocb/v2
@@ -10,6 +7,10 @@ github.com/google/uuid
# github.com/opentracing/opentracing-go v1.2.0
## explicit
github.com/opentracing/opentracing-go
# go.mongodb.org/mongo-driver v1.3.2
## explicit
go.mongodb.org/mongo-driver/bson
go.mongodb.org/mongo-driver/mongo
# gopkg.in/couchbase/gocb.v1 v1.6.7
## explicit
gopkg.in/couchbase/gocb.v1

4
go/ql/test/library-tests/semmle/go/frameworks/Revel/vendor/modules.txt vendored
View File

@@ -3,7 +3,9 @@
github.com/go-stack/stack
# github.com/revel/modules v1.0.0
## explicit
github.com/revel/modules
github.com/revel/modules/orm/gorp/app/controllers
github.com/revel/modules/static/app/controllers
# github.com/revel/revel v1.0.0
## explicit
github.com/revel/revel
github.com/revel/revel/logger

3
go/ql/test/library-tests/semmle/go/frameworks/SQL/gogf/vendor/modules.txt vendored
View File

@@ -1,6 +1,7 @@
# github.com/gogf/gf v1.16.9
## explicit
github.com/gogf/gf
github.com/gogf/gf/database/gdb
github.com/gogf/gf/frame/g
# github.com/BurntSushi/toml v0.3.1
## explicit
github.com/BurntSushi/toml

2
go/ql/test/library-tests/semmle/go/frameworks/SQL/pg.go
View File

@@ -1,7 +1,7 @@
package main
//go:generate depstubber -vendor github.com/go-pg/pg Conn,DB,Tx Q
//go:generate depstubber -vendor github.com/go-pg/pg/orm Query Q
//go:generate depstubber -vendor github.com/go-pg/pg/orm Query,Formatter Q
//go:generate depstubber -vendor github.com/go-pg/pg/v9 Conn,DB,Tx Q
import (

45
go/ql/test/library-tests/semmle/go/frameworks/SQL/vendor/github.com/go-pg/pg/orm/stub.go generated vendored
View File

@@ -2,7 +2,7 @@
// This is a simple stub for github.com/go-pg/pg/orm, strictly for use in testing.
// See the LICENSE file for information about the licensing of the original library.
// Source: github.com/go-pg/pg/orm (exports: Query, Formatter; functions: Q)
// Source: github.com/go-pg/pg/orm (exports: Query,Formatter; functions: Q)
// Package orm is a stub of github.com/go-pg/pg/orm, generated by depstubber.
package orm
@@ -94,6 +94,34 @@ func (_ *Field) Value(_ reflect.Value) reflect.Value {
return reflect.Value{}
}
type Formatter struct{}
func (_ Formatter) Append(_ []byte, _ string, _ ...interface{}) []byte {
return nil
}
func (_ Formatter) AppendBytes(_ []byte, _ []byte, _ ...interface{}) []byte {
return nil
}
func (_ Formatter) FormatQuery(_ []byte, _ string, _ ...interface{}) []byte {
return nil
}
func (_ Formatter) Param(_ string) interface{} {
return nil
}
func (_ Formatter) String() string {
return ""
}
func (_ Formatter) WithParam(_ string, _ interface{}) Formatter {
return Formatter{}
}
func (_ *Formatter) SetParam(_ string, _ interface{}) {}
type Method struct {
Index int
}
@@ -491,18 +519,3 @@ type TableModel interface {
Table() *Table
Value() reflect.Value
}
type Formatter struct {
}
func (f Formatter) Append(dst []byte, src string, params ...interface{}) []byte {
return nil
}
func (f Formatter) AppendBytes(dst, src []byte, params ...interface{}) []byte {
return nil
}
func (f Formatter) FormatQuery(dst []byte, query string, params ...interface{}) []byte {
return nil
}

2
go/ql/test/library-tests/semmle/go/frameworks/Spew/vendor/modules.txt vendored
View File

@@ -1,6 +1,6 @@
# github.com/davecgh/go-spew v1.1.1
## explicit
github.com/davecgh/go-spew
github.com/davecgh/go-spew/spew
# github.com/github/depstubber v0.0.0-20200916130315-f3217697abd4
## explicit
github.com/github/depstubber

45
go/ql/test/library-tests/semmle/go/frameworks/SystemCommandExecutors/vendor/github.com/codeskyblue/go-sh/stub.go generated vendored
View File

@@ -1,10 +1,11 @@
// Code generated by depstubber. DO NOT EDIT.
// This is a simple stub for github.com/codeskyblue/go-sh, strictly for use in testing.
// See the LICENSE file for information about the licensing of the original library.
// Source: github.com/codeskyblue/go-sh (exports: ; functions: Command,InteractiveSession)
// Package go_sh is a stub of github.com/codeskyblue/go-sh, generated by depstubber.
package go_sh
// Package go_pkg is a stub of github.com/codeskyblue/go-sh, generated by depstubber.
package go_pkg
import (
io "io"
@@ -32,15 +33,11 @@ type Session struct {
func (_ *Session) Alias(_ string, _ string, _ ...string) {}
func (_ *Session) Call(_ string, _ ...interface{}) interface {
Error() string
} {
func (_ *Session) Call(_ string, _ ...interface{}) error {
return nil
}
func (_ *Session) CombinedOutput() ([]uint8, interface {
Error() string
}) {
func (_ *Session) CombinedOutput() ([]byte, error) {
return nil, nil
}
@@ -50,15 +47,11 @@ func (_ *Session) Command(_ string, _ ...interface{}) *Session {
func (_ *Session) Kill(_ os.Signal) {}
func (_ *Session) Output() ([]uint8, interface {
Error() string
}) {
func (_ *Session) Output() ([]byte, error) {
return nil, nil
}
func (_ *Session) Run() interface {
Error() string
} {
func (_ *Session) Run() error {
return nil
}
@@ -82,9 +75,7 @@ func (_ *Session) SetTimeout(_ time.Duration) *Session {
return nil
}
func (_ *Session) Start() interface {
Error() string
} {
func (_ *Session) Start() error {
return nil
}
@@ -92,32 +83,22 @@ func (_ *Session) Test(_ string, _ string) bool {
return false
}
func (_ *Session) UnmarshalJSON(_ interface{}) interface {
Error() string
} {
func (_ *Session) UnmarshalJSON(_ interface{}) error {
return nil
}
func (_ *Session) UnmarshalXML(_ interface{}) interface {
Error() string
} {
func (_ *Session) UnmarshalXML(_ interface{}) error {
return nil
}
func (_ *Session) Wait() interface {
Error() string
} {
func (_ *Session) Wait() error {
return nil
}
func (_ *Session) WaitTimeout(_ time.Duration) interface {
Error() string
} {
func (_ *Session) WaitTimeout(_ time.Duration) error {
return nil
}
func (_ *Session) WriteStdout(_ string) interface {
Error() string
} {
func (_ *Session) WriteStdout(_ string) error {
return nil
}

67
go/ql/test/library-tests/semmle/go/frameworks/SystemCommandExecutors/vendor/golang.org/x/crypto/ssh/stub.go generated vendored
View File

@@ -1,6 +1,7 @@
// Code generated by depstubber. DO NOT EDIT.
// This is a simple stub for golang.org/x/crypto/ssh, strictly for use in testing.
// See the LICENSE file for information about the licensing of the original library.
// Source: golang.org/x/crypto/ssh (exports: Session; functions: )
// Package ssh is a stub of golang.org/x/crypto/ssh, generated by depstubber.
@@ -16,102 +17,70 @@ type Session struct {
Stderr io.Writer
}
func (_ *Session) Close() interface {
Error() string
} {
func (_ *Session) Close() error {
return nil
}
func (_ *Session) CombinedOutput(_ string) ([]uint8, interface {
Error() string
}) {
func (_ *Session) CombinedOutput(_ string) ([]byte, error) {
return nil, nil
}
func (_ *Session) Output(_ string) ([]uint8, interface {
Error() string
}) {
func (_ *Session) Output(_ string) ([]byte, error) {
return nil, nil
}
func (_ *Session) RequestPty(_ string, _ int, _ int, _ TerminalModes) interface {
Error() string
} {
func (_ *Session) RequestPty(_ string, _ int, _ int, _ TerminalModes) error {
return nil
}
func (_ *Session) RequestSubsystem(_ string) interface {
Error() string
} {
func (_ *Session) RequestSubsystem(_ string) error {
return nil
}
func (_ *Session) Run(_ string) interface {
Error() string
} {
func (_ *Session) Run(_ string) error {
return nil
}
func (_ *Session) SendRequest(_ string, _ bool, _ []uint8) (bool, interface {
Error() string
}) {
func (_ *Session) SendRequest(_ string, _ bool, _ []byte) (bool, error) {
return false, nil
}
func (_ *Session) Setenv(_ string, _ string) interface {
Error() string
} {
func (_ *Session) Setenv(_ string, _ string) error {
return nil
}
func (_ *Session) Shell() interface {
Error() string
} {
func (_ *Session) Shell() error {
return nil
}
func (_ *Session) Signal(_ Signal) interface {
Error() string
} {
func (_ *Session) Signal(_ Signal) error {
return nil
}
func (_ *Session) Start(_ string) interface {
Error() string
} {
func (_ *Session) Start(_ string) error {
return nil
}
func (_ *Session) StderrPipe() (io.Reader, interface {
Error() string
}) {
func (_ *Session) StderrPipe() (io.Reader, error) {
return nil, nil
}
func (_ *Session) StdinPipe() (io.WriteCloser, interface {
Error() string
}) {
func (_ *Session) StdinPipe() (io.WriteCloser, error) {
return nil, nil
}
func (_ *Session) StdoutPipe() (io.Reader, interface {
Error() string
}) {
func (_ *Session) StdoutPipe() (io.Reader, error) {
return nil, nil
}
func (_ *Session) Wait() interface {
Error() string
} {
func (_ *Session) Wait() error {
return nil
}
func (_ *Session) WindowChange(_ int, _ int) interface {
Error() string
} {
func (_ *Session) WindowChange(_ int, _ int) error {
return nil
}
type Signal string
type TerminalModes map[uint8]uint32
type TerminalModes map[byte]uint32

2
go/ql/test/library-tests/semmle/go/frameworks/SystemCommandExecutors/vendor/modules.txt vendored
View File

@@ -3,4 +3,4 @@
github.com/codeskyblue/go-sh
# golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59
## explicit
golang.org/x/crypto
golang.org/x/crypto/ssh

2
go/ql/test/library-tests/semmle/go/frameworks/WebSocket/vendor/modules.txt vendored
View File

@@ -9,7 +9,7 @@ github.com/gorilla/websocket
github.com/sacOO7/gowebsocket
# golang.org/x/net v0.0.0-20200505041828-1ed23360d12c
## explicit
golang.org/x/net
golang.org/x/net/websocket
# nhooyr.io/websocket v1.8.5
## explicit
nhooyr.io/websocket

1
go/ql/test/library-tests/semmle/go/frameworks/Zap/vendor/modules.txt vendored
View File

@@ -1,3 +1,4 @@
# go.uber.org/zap v1.16.0
## explicit
go.uber.org/zap
go.uber.org/zap/zapcore

2
go/ql/test/query-tests/Security/CWE-020/IncompleteHostnameRegexp/vendor/modules.txt vendored
View File

@@ -1,5 +1,3 @@
# github.com/elazarl/goproxy v0.0.0-20201021153353-00ad82a08272
## explicit
github.com/elazarl/goproxy
# github.com/github/depstubber v0.0.0-20201214172518-12c3da4b7c9d
## explicit

2
go/ql/test/query-tests/Security/CWE-079/vendor/modules.txt vendored
View File

@@ -6,7 +6,7 @@ github.com/gobwas/ws
github.com/gorilla/websocket
# golang.org/x/net v0.0.0-20200505041828-1ed23360d12c
## explicit
golang.org/x/net
golang.org/x/net/websocket
# nhooyr.io/websocket v1.8.5
## explicit
nhooyr.io/websocket

2
go/ql/test/query-tests/Security/CWE-089/vendor/go.mongodb.org/mongo-driver/bson/primitive/stub.go generated vendored
View File

@@ -7,8 +7,6 @@
// Package primitive is a stub of go.mongodb.org/mongo-driver/bson/primitive, generated by depstubber.
package primitive
import ()
type D []E
func (_ D) Map() M {

4
go/ql/test/query-tests/Security/CWE-089/vendor/modules.txt vendored
View File

@@ -3,4 +3,6 @@
github.com/Masterminds/squirrel
# go.mongodb.org/mongo-driver v1.3.3
## explicit
go.mongodb.org/mongo-driver
go.mongodb.org/mongo-driver/bson
go.mongodb.org/mongo-driver/mongo
go.mongodb.org/mongo-driver/mongo/options

2
go/ql/test/query-tests/Security/CWE-312/vendor/github.com/golang/glog/stub.go generated vendored
View File

@@ -7,6 +7,4 @@
// Package glog is a stub of github.com/golang/glog, generated by depstubber.
package glog
import ()
func Info(_ ...interface{}) {}

2
go/ql/test/query-tests/Security/CWE-312/vendor/k8s.io/klog/stub.go generated vendored
View File

@@ -7,6 +7,4 @@
// Package klog is a stub of k8s.io/klog, generated by depstubber.
package klog
import ()
func Info(_ ...interface{}) {}

5
go/ql/test/query-tests/Security/CWE-312/vendor/modules.txt vendored
View File

@@ -9,7 +9,8 @@ github.com/sirupsen/logrus
k8s.io/klog
# github.com/golang/protobuf v1.4.2
## explicit
github.com/golang/protobuf
github.com/golang/protobuf/proto
# google.golang.org/protobuf v1.23.0
## explicit
google.golang.org/protobuf
google.golang.org/protobuf/reflect/protoreflect
google.golang.org/protobuf/runtime/protoimpl

2
go/ql/test/query-tests/Security/CWE-347/vendor/modules.txt vendored
View File

@@ -3,7 +3,7 @@
github.com/gin-gonic/gin
# github.com/go-jose/go-jose/v3 v3.0.0
## explicit
github.com/go-jose/go-jose/v3
github.com/go-jose/go-jose/v3/jwt
# github.com/golang-jwt/jwt/v5 v5.0.0
## explicit
github.com/golang-jwt/jwt/v5

2
go/ql/test/query-tests/Security/CWE-640/vendor/github.com/sendgrid/sendgrid-go/helpers/mail/stub.go generated vendored
View File

@@ -7,8 +7,6 @@
// Package mail is a stub of github.com/sendgrid/sendgrid-go/helpers/mail, generated by depstubber.
package mail
import ()
type Asm struct {
GroupID int
GroupsToDisplay []int

2
go/ql/test/query-tests/Security/CWE-640/vendor/modules.txt vendored
View File

@@ -1,3 +1,3 @@
# github.com/sendgrid/sendgrid-go v3.5.0+incompatible
## explicit
github.com/sendgrid/sendgrid-go
github.com/sendgrid/sendgrid-go/helpers/mail

2
go/ql/test/query-tests/Security/CWE-643/vendor/github.com/antchfx/htmlquery/stub.go generated vendored
View File

@@ -7,8 +7,6 @@
// Package htmlquery is a stub of github.com/antchfx/htmlquery, generated by depstubber.
package htmlquery
import ()
func Find(_ interface{}, _ string) []interface{} {
return nil
}

2
go/ql/test/query-tests/Security/CWE-643/vendor/github.com/antchfx/jsonquery/stub.go generated vendored
View File

@@ -7,8 +7,6 @@
// Package jsonquery is a stub of github.com/antchfx/jsonquery, generated by depstubber.
package jsonquery
import ()
func Find(_ *Node, _ string) []*Node {
return nil
}

6
go/ql/test/query-tests/Security/CWE-643/vendor/modules.txt vendored
View File

@@ -1,6 +1,7 @@
# github.com/ChrisTrenkamp/goxpath v0.0.0-20190607011252-c5096ec8773d
## explicit
github.com/ChrisTrenkamp/goxpath
github.com/ChrisTrenkamp/goxpath/tree
# github.com/antchfx/htmlquery v1.2.2
## explicit
github.com/antchfx/htmlquery
@@ -18,10 +19,11 @@ github.com/antchfx/xpath
github.com/go-xmlpath/xmlpath
# github.com/jbowtie/gokogiri v0.0.0-20190301021639-37f655d3078f
## explicit
github.com/jbowtie/gokogiri
github.com/jbowtie/gokogiri/xml
github.com/jbowtie/gokogiri/xpath
# github.com/lestrrat-go/libxml2 v0.0.0-20231124114421-99c71026c2f5
## explicit
github.com/lestrrat-go/libxml2
github.com/lestrrat-go/libxml2/parser
# github.com/santhosh-tekuri/xpathparser v1.0.0
## explicit
github.com/santhosh-tekuri/xpathparser

6
go/ql/test/query-tests/Security/CWE-798/vendor/modules.txt vendored
View File

@@ -6,7 +6,7 @@ github.com/appleboy/gin-jwt/v2
github.com/cristalhq/jwt/v3
# github.com/go-kit/kit v0.12.0
## explicit
github.com/go-kit/kit
github.com/go-kit/kit/auth/jwt
# github.com/gogf/gf-jwt/v2 v2.0.1
## explicit
github.com/gogf/gf-jwt/v2
@@ -18,13 +18,13 @@ github.com/golang-jwt/jwt/v4
github.com/iris-contrib/middleware/jwt
# github.com/kataras/iris/v12 v12.2.0
## explicit
github.com/kataras/iris/v12
github.com/kataras/iris/v12/middleware/jwt
# github.com/kataras/jwt v0.1.8
## explicit
github.com/kataras/jwt
# github.com/lestrrat/go-jwx v0.9.1
## explicit
github.com/lestrrat/go-jwx
github.com/lestrrat/go-jwx/jwk
# github.com/square/go-jose/v3 v3.0.0-20200630053402-0a67ce9b0693
## explicit
github.com/square/go-jose/v3

2
go/ql/test/query-tests/Security/CWE-918/vendor/modules.txt vendored
View File

@@ -9,7 +9,7 @@ github.com/gorilla/websocket
github.com/sacOO7/gowebsocket
# golang.org/x/net v0.0.0-20200421231249-e086a090c8fd
## explicit
golang.org/x/net
golang.org/x/net/websocket
# nhooyr.io/websocket v1.8.5
## explicit
nhooyr.io/websocket

2
go/ql/test/query-tests/filters/ClassifyFiles/vendor/github.com/onsi/ginkgo/stub.go generated vendored
View File

@@ -7,8 +7,6 @@
// Package ginkgo is a stub of github.com/onsi/ginkgo, generated by depstubber.
package ginkgo
import ()
func Fail(_ string, _ ...int) {}
type GinkgoTestingT interface {

2
go/ql/test/query-tests/filters/ClassifyFiles/vendor/github.com/onsi/gomega/stub.go generated vendored
View File

@@ -7,6 +7,4 @@
// Package gomega is a stub of github.com/onsi/gomega, generated by depstubber.
package gomega
import ()
func RegisterFailHandler(_ interface{}) {}

8
java/ql/integration-tests/java/buildless-inherit-trust-store/test.py
View File

@@ -1,10 +1,16 @@
import subprocess
import os
import runs_on
def test(codeql, java, cwd):
# This serves the "repo" directory on https://locahost:4443
repo_server_process = subprocess.Popen(["python3", "../server.py"], cwd="repo")
command = ["python3", "../server.py"]
if runs_on.github_actions and runs_on.posix:
# On GitHub Actions, we saw the server timing out while running in parallel with other tests
# we work around that by running it with higher permissions
command = ["sudo"] + command
repo_server_process = subprocess.Popen(command, cwd="repo")
certspath = cwd / "jdk8_shipped_cacerts_plus_cert_pem"
# If we override MAVEN_OPTS, we'll break cross-test maven isolation, so we need to append to it instead
maven_opts = os.environ["MAVEN_OPTS"] + f" -Djavax.net.ssl.trustStore={certspath}"

5
java/ql/integration-tests/java/buildless-snapshot-repository/test.py
View File

@@ -6,8 +6,9 @@ def test(codeql, java):
# This serves the "repo" directory on http://localhost:9427
command = ["python3", "-m", "http.server", "9427", "-b", "localhost"]
if runs_on.github_actions and runs_on.posix:
# On GitHub Actions, we try to run the server with higher priority
command = ["sudo", "nice", "-n", "10"] + command
# On GitHub Actions, we saw the server timing out while running in parallel with other tests
# we work around that by running it with higher permissions
command = ["sudo"] + command
repo_server_process = subprocess.Popen(
command, cwd="repo"
)

Some files were not shown because too many files have changed in this diff Show More