Merge branch 'main' into orm

2025-12-17 17:23:36 +01:00 · 2022-03-01 12:01:54 +01:00
parent 98c60a706e 94cb5c2be4
commit cd58c12bbe
108 changed files with 4343 additions and 1908 deletions
--- a/python/ql/lib/CHANGELOG.md
+++ b/python/ql/lib/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 0.0.10
+
+### Deprecated APIs
+
+* The old points-to based modeling has been deprecated. Use the new type-tracking/API-graphs based modeling instead.
+
 ## 0.0.9

 ## 0.0.8
--- a/python/ql/lib/change-notes/2022-02-25-regex-group-characters.md
+++ b/python/ql/lib/change-notes/2022-02-25-regex-group-characters.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The regular expression parser now groups sequences of normal characters. This reduces the number of instances of `RegExpNormalChar`.
--- a/python/ql/lib/change-notes/2022-01-19-deprecate-old-library-modeling.md
+++ b/python/ql/lib/change-notes/2022-01-19-deprecate-old-library-modeling.md
@@ -1,4 +1,5 @@
---
-category: deprecated
---
+## 0.0.10
+
+### Deprecated APIs
+
 * The old points-to based modeling has been deprecated. Use the new type-tracking/API-graphs based modeling instead.
--- a/python/ql/lib/codeql-pack.release.yml
+++ b/python/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.9
+lastReleaseVersion: 0.0.10
--- a/python/ql/lib/qlpack.yml
+++ b/python/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/python-all
-version: 0.0.10-dev
+version: 0.0.11-dev
 groups: python
 dbscheme: semmlecode.python.dbscheme
 extractor: python
--- a/python/ql/lib/semmle/python/RegexTreeView.qll
+++ b/python/ql/lib/semmle/python/RegexTreeView.qll
@@ -39,7 +39,12 @@ newtype TRegExpParent =
  /** A special character */
  TRegExpSpecialChar(Regex re, int start, int end) { re.specialCharacter(start, end, _) } or
  /** A normal character */
-  TRegExpNormalChar(Regex re, int start, int end) { re.normalCharacter(start, end) } or
+  TRegExpNormalChar(Regex re, int start, int end) {
+    re.normalCharacterSequence(start, end)
+    or
+    re.escapedCharacter(start, end) and
+    not re.specialCharacter(start, end, _)
+  } or
  /** A back reference */
  TRegExpBackRef(Regex re, int start, int end) { re.backreference(start, end) }

--- a/python/ql/lib/semmle/python/regex.qll
+++ b/python/ql/lib/semmle/python/regex.qll
@@ -427,6 +427,7 @@ abstract class RegexString extends Expr {
  }

  predicate normalCharacter(int start, int end) {
+    end = start + 1 and
    this.character(start, end) and
    not this.specialCharacter(start, end, _)
  }
@@ -446,6 +447,49 @@ abstract class RegexString extends Expr {
    )
  }

+  /**
+   * Holds if the range [start:end) consists of only 'normal' characters.
+   */
+  predicate normalCharacterSequence(int start, int end) {
+    // a normal character inside a character set is interpreted on its own
+    this.normalCharacter(start, end) and
+    this.inCharSet(start)
+    or
+    // a maximal run of normal characters is considered as one constant
+    exists(int s, int e |
+      e = max(int i | this.normalCharacterRun(s, i)) and
+      not this.inCharSet(s)
+    |
+      // 'abc' can be considered one constant, but
+      // 'abc+' has to be broken up into 'ab' and 'c+',
+      // as the qualifier only applies to 'c'.
+      if this.qualifier(e, _, _, _)
+      then
+        end = e and start = e - 1
+        or
+        end = e - 1 and start = s and start < end
+      else (
+        end = e and
+        start = s
+      )
+    )
+  }
+
+  private predicate normalCharacterRun(int start, int end) {
+    (
+      this.normalCharacterRun(start, end - 1)
+      or
+      start = end - 1 and not this.normalCharacter(start - 1, start)
+    ) and
+    this.normalCharacter(end - 1, end)
+  }
+
+  private predicate characterItem(int start, int end) {
+    this.normalCharacterSequence(start, end) or
+    this.escapedCharacter(start, end) or
+    this.specialCharacter(start, end, _)
+  }
+
  /** Whether the text in the range start,end is a group */
  predicate group(int start, int end) {
    this.groupContents(start, end, _, _)
@@ -717,7 +761,7 @@ abstract class RegexString extends Expr {
  string getBackrefName(int start, int end) { this.named_backreference(start, end, result) }

  private predicate baseItem(int start, int end) {
-    this.character(start, end) and
+    this.characterItem(start, end) and
    not exists(int x, int y | this.charSet(x, y) and x <= start and y >= end)
    or
    this.group(start, end)
@@ -837,14 +881,14 @@ abstract class RegexString extends Expr {
  }

  private predicate item_start(int start) {
-    this.character(start, _) or
+    this.characterItem(start, _) or
    this.isGroupStart(start) or
    this.charSet(start, _) or
    this.backreference(start, _)
  }

  private predicate item_end(int end) {
-    this.character(_, end)
+    this.characterItem(_, end)
    or
    exists(int endm1 | this.isGroupEnd(endm1) and end = endm1 + 1)
    or
@@ -953,7 +997,7 @@ abstract class RegexString extends Expr {
   */
  predicate firstItem(int start, int end) {
    (
-      this.character(start, end)
+      this.characterItem(start, end)
      or
      this.qualifiedItem(start, end, _, _)
      or
@@ -968,7 +1012,7 @@ abstract class RegexString extends Expr {
   */
  predicate lastItem(int start, int end) {
    (
-      this.character(start, end)
+      this.characterItem(start, end)
      or
      this.qualifiedItem(start, end, _, _)
      or