hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-19 05:54:00 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into redsun82/cargo-upgrade

Browse Source
This commit is contained in:
Paolo Tranquilli
2025-02-28 10:41:37 +01:00
parent 0f91323100 3c7fe264d1
commit d11bbdb5a7
125 changed files with 1693 additions and 1603 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
actions/ql/extensions/immutable-actions-list/ext/immutable_actions.yml Normal file
View File

@@ -0,0 +1,28 @@
extensions:
- addsTo:
pack: codeql/actions-all
extensible: immutableActionsDataModel
data:
- ["actions/checkout"]
- ["actions/cache"]
- ["actions/setup-node"]
- ["actions/upload-artifact"]
- ["actions/setup-python"]
- ["actions/download-artifact"]
- ["actions/github-script"]
- ["actions/setup-java"]
- ["actions/setup-go"]
- ["actions/upload-pages-artifact"]
- ["actions/deploy-pages"]
- ["actions/setup-dotnet"]
- ["actions/stale"]
- ["actions/labeler"]
- ["actions/create-github-app-token"]
- ["actions/configure-pages"]
- ["github/codeql-action/analyze"]
- ["github/codeql-action/autobuild"]
- ["github/codeql-action/init"]
- ["github/codeql-action/resolve-environment"]
- ["github/codeql-action/start-proxy"]
- ["github/codeql-action/upload-sarif"]
- ["octokit/request-action"]

14
actions/ql/extensions/immutable-actions-list/qlpack.yml Normal file
View File

@@ -0,0 +1,14 @@
# Model pack containing the list of known immutable actions. The Immutable Actions feature is not
# yet released, so this pack will only be used within GitHub. Once the feature is available to
# customers, we will move the contents of this pack back into the standard library pack.
name: codeql/immutable-actions-list
version: 0.0.1-dev
library: true
warnOnImplicitThis: true
extensionTargets:
# We expect to need this model pack even after GA of Actions analysis, so make it compatible with
# all future prereleases plus 1.x.x. We should be able to remove this back before we need to
# bump the major version to 2.
codeql/actions-all: ">=0.4.3 <2.0.0"
dataExtensions:
- ext/**/*.yml

24
actions/ql/lib/ext/config/immutable_actions.yml
View File

@@ -2,21 +2,9 @@ extensions:
- addsTo:
pack: codeql/actions-all
extensible: immutableActionsDataModel
data:
- ["actions/checkout"]
- ["actions/cache"]
- ["actions/setup-node"]
- ["actions/upload-artifact"]
- ["actions/setup-python"]
- ["actions/download-artifact"]
- ["actions/github-script"]
- ["actions/setup-java"]
- ["actions/setup-go"]
- ["actions/upload-pages-artifact"]
- ["actions/deploy-pages"]
- ["actions/setup-dotnet"]
- ["actions/stale"]
- ["actions/labeler"]
- ["actions/create-github-app-token"]
- ["actions/configure-pages"]
- ["octokit/request-action"]
# Since the Immutable Actions feature is not yet available to customers, we won't alert about
# any unversioned immutable action references for now. Within GitHub, we'll include the
# `codeql/immutable-actions-list` model pack, which will provide the necessary list of actions
# for internal use. Once the feature is available to customers, we'll move that list back into
# this file.
data: []

2
actions/ql/lib/ext/config/trusted_actions_owner.yml
View File

@@ -5,4 +5,4 @@ extensions:
data:
- ["actions"]
- ["github"]
- ["advanced-security"]
- ["advanced-security"]

7
actions/ql/src/change-notes/2025-02-27-immutable-actions-list.md Normal file
View File

@@ -0,0 +1,7 @@
---
category: fix
---
* The `actions/unversioned-immutable-action` query will no longer report any alerts, since the
Immutable Actions feature is not yet available for customer use. The query remains in the
default Code Scanning suites for use internal to GitHub. Once the Immutable Actions feature is
available, the query will be updated to report alerts again.

4
actions/ql/test/qlpack.yml
View File

@@ -3,6 +3,10 @@ groups: [codeql, test]
dependencies:
codeql/actions-all: ${workspace}
codeql/actions-queries: ${workspace}
# Use the `immutable-actions-list` model pack so that we have some actual data to test against.
# We can remove this dependency when we incorporate the data from that model pack back into the
# standard library pack.
codeql/immutable-actions-list: ${workspace}
extractor: actions
tests: .
warnOnImplicitThis: true

2
codeql-workspace.yml
View File

@@ -17,7 +17,7 @@ provide:
- "misc/legacy-support/*/qlpack.yml"
- "misc/suite-helpers/qlpack.yml"
- ".github/codeql/extensions/**/codeql-pack.yml"
- "actions/ql/extensions/**/qlpack.yml"
versionPolicies:
default:
requireChangeNotes: true

4
go/.gitignore vendored Normal file
View File

@@ -0,0 +1,4 @@
# artifacts of running `make test`
data/
lock
size

4
go/ql/lib/change-notes/2025-02-25-go-database-rqlite-sources.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Added `database` source models for the `github.com/rqlite/gorqlite` package.

4
go/ql/lib/change-notes/2025-02-27-go-version-1-24.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: majorAnalysis
---
* Go 1.24 is now supported. This includes the new language feature of generic type aliases.

4
go/ql/lib/change-notes/2025-02-27-haslocationinfo-deprecated.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: deprecated
---
* The member predicate `hasLocationInfo` has been deprecated on the following classes: `BasicBlock`, `Callable`, `Content`, `ContentSet`, `ControlFlow::Node`, `DataFlowCallable`, `DataFlow::Node`, `Entity`, `GVN`, `HtmlTemplate::TemplateStmt`, `IR:WriteTarget`, `SourceSinkInterpretationInput::SourceOrSinkElement`, `SourceSinkInterpretationInput::InterpretNode`, `SsaVariable`, `SsaDefinition`, `SsaWithFields`, `StringOps::ConcatenationElement`, `Type`, and `VariableWithFields`. Use `getLocation()` instead.

19
go/ql/lib/ext/github.com.rqlite.gorqlite.model.yml
View File

@@ -3,8 +3,21 @@ extensions:
pack: codeql/go-all
extensible: packageGrouping
data:
- ["gorqlite", "github.com/kanikanema/gorqlite"]
- ["gorqlite", "github.com/rqlite/gorqlite"]
- ["gorqlite", "github.com/raindog308/gorqlite"]
- addsTo:
pack: codeql/go-all
extensible: sourceModel
data:
- ["group:gorqlite", "Connection", True, "Query", "", "", "ReturnValue[0]", "database", "manual"]
- ["group:gorqlite", "Connection", True, "QueryContext", "", "", "ReturnValue[0]", "database", "manual"]
- ["group:gorqlite", "Connection", True, "QueryOne", "", "", "ReturnValue[0]", "database", "manual"]
- ["group:gorqlite", "Connection", True, "QueryOneContext", "", "", "ReturnValue[0]", "database", "manual"]
- ["group:gorqlite", "Connection", True, "QueryOneParameterized", "", "", "ReturnValue[0]", "database", "manual"]
- ["group:gorqlite", "Connection", True, "QueryOneParameterizedContext", "", "", "ReturnValue[0]", "database", "manual"]
- ["group:gorqlite", "Connection", True, "QueryParameterized", "", "", "ReturnValue[0]", "database", "manual"]
- ["group:gorqlite", "Connection", True, "QueryParameterizedContext", "", "", "ReturnValue[0]", "database", "manual"]
- addsTo:
pack: codeql/go-all
extensible: sinkModel
@@ -33,3 +46,9 @@ extensions:
- ["group:gorqlite", "Connection", True, "WriteOneParameterizedContext", "", "", "Argument[1]", "sql-injection", "manual"]
- ["group:gorqlite", "Connection", True, "WriteParameterized", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:gorqlite", "Connection", True, "WriteParameterizedContext", "", "", "Argument[1]", "sql-injection", "manual"]
- addsTo:
pack: codeql/go-all
extensible: summaryModel
data:
- ["group:gorqlite", "QueryResult", True, "Map", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"]
- ["group:gorqlite", "QueryResult", True, "Slice", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"]

17
go/ql/lib/semmle/go/DiagnosticsReporting.qll
View File

@@ -1,7 +1,6 @@
/** Provides classes for working with errors and warnings recorded during extraction. */
import go
private import semmle.go.internal.Locations
/** Gets the SARIF severity level that indicates an error. */
private int getErrorSeverity() { result = 2 }
@@ -20,18 +19,10 @@ private class Diagnostic extends @diagnostic {
string getMessage() { diagnostics(this, _, _, result, _, _) }
/** Gets the file that this error is associated with, if any. */
File getFile() { this.hasLocationInfo(result.getAbsolutePath(), _, _, _, _) }
File getFile() { result = this.getLocation().getFile() }
/**
* Holds if this element is at the specified location.
* The location spans column `startcolumn` of line `startline` to
* column `endcolumn` of line `endline` in file `filepath`.
* For more information, see
* [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
*/
predicate hasLocationInfo(string path, int sl, int sc, int el, int ec) {
getDiagnosticLocation(this).hasLocationInfo(path, sl, sc, el, ec)
}
/** Gets the location for this error. */
Location getLocation() { diagnostics(this, _, _, _, _, result) }
string toString() { result = this.getMessage() }
}
@@ -68,7 +59,7 @@ predicate reportableDiagnostics(Diagnostic d, string msg, int sev) {
exists(File f | f = d.getFile() |
exists(f.getAChild()) and
msg =
"Extraction failed in " + d.getFile().getRelativePath() + " with error " +
"Extraction failed in " + f.getRelativePath() + " with error " +
removeAbsolutePaths(d.getMessage())
)
or

23
go/ql/lib/semmle/go/Locations.qll
View File

@@ -1,7 +1,6 @@
/** Provides classes for working with locations and program elements that have locations. */
import go
private import internal.Locations
/**
* A location as given by a file, a start line, a start column,
@@ -11,21 +10,21 @@ private import internal.Locations
*
* For more information about locations see [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
*/
class DbLocation extends TDbLocation {
class Location extends @location {
/** Gets the file for this location. */
File getFile() { dbLocationInfo(this, result, _, _, _, _) }
File getFile() { locations_default(this, result, _, _, _, _) }
/** Gets the 1-based line number (inclusive) where this location starts. */
int getStartLine() { dbLocationInfo(this, _, result, _, _, _) }
int getStartLine() { locations_default(this, _, result, _, _, _) }
/** Gets the 1-based column number (inclusive) where this location starts. */
int getStartColumn() { dbLocationInfo(this, _, _, result, _, _) }
int getStartColumn() { locations_default(this, _, _, result, _, _) }
/** Gets the 1-based line number (inclusive) where this location ends. */
int getEndLine() { dbLocationInfo(this, _, _, _, result, _) }
int getEndLine() { locations_default(this, _, _, _, result, _) }
/** Gets the 1-based column number (inclusive) where this location ends. */
int getEndColumn() { dbLocationInfo(this, _, _, _, _, result) }
int getEndColumn() { locations_default(this, _, _, _, _, result) }
/** Gets the number of lines covered by this location. */
int getNumLines() { result = this.getEndLine() - this.getStartLine() + 1 }
@@ -48,22 +47,22 @@ class DbLocation extends TDbLocation {
predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
exists(File f |
dbLocationInfo(this, f, startline, startcolumn, endline, endcolumn) and
exists(File f | locations_default(this, f, startline, startcolumn, endline, endcolumn) |
filepath = f.getAbsolutePath()
)
}
}
final class Location = LocationImpl;
/** A program element with a location. */
class Locatable extends @locatable {
/** Gets the file this program element comes from. */
File getFile() { result = this.getLocation().getFile() }
/** Gets this element's location. */
final DbLocation getLocation() { result = getLocatableLocation(this) }
final Location getLocation() {
has_location(this, result) or
xmllocations(this, result)
}
/** Gets the number of lines covered by this element. */
int getNumLines() { result = this.getLocation().getNumLines() }

48
go/ql/lib/semmle/go/Scopes.qll
View File

@@ -144,36 +144,34 @@ class Entity extends @object {
/** Gets a textual representation of this entity. */
string toString() { result = this.getName() }
private predicate hasRealLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
// take the location of the declaration if there is one
this.getDeclaration().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) or
any(CaseClause cc | this = cc.getImplicitlyDeclaredVariable())
.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
/** Gets the location of this entity. */
Location getLocation() {
result = this.getDeclaration().getLocation()
or
result = any(CaseClause cc | this = cc.getImplicitlyDeclaredVariable()).getLocation()
}
/**
* DEPRECATED: Use `getLocation()` instead.
*
* Holds if this element is at the specified location.
* The location spans column `startcolumn` of line `startline` to
* column `endcolumn` of line `endline` in file `filepath`.
* For more information, see
* [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
*/
predicate hasLocationInfo(
deprecated predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
// take the location of the declaration if there is one
if this.hasRealLocationInfo(_, _, _, _, _)
then this.hasRealLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
else (
// otherwise fall back on dummy location
filepath = "" and
startline = 0 and
startcolumn = 0 and
endline = 0 and
endcolumn = 0
)
this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
or
// otherwise fall back on dummy location
not exists(this.getLocation()) and
filepath = "" and
startline = 0 and
startcolumn = 0 and
endline = 0 and
endcolumn = 0
}
}
@@ -680,16 +678,22 @@ class Callable extends TCallable {
result = this.asFuncLit().getName()
}
/** Gets the location of this callable. */
Location getLocation() {
result = this.asFunction().getLocation() or result = this.asFuncLit().getLocation()
}
/**
* DEPRECATED: Use `getLocation()` instead.
*
* Holds if this element is at the specified location.
* The location spans column `sc` of line `sl` to
* column `ec` of line `el` in file `fp`.
* For more information, see
* [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
*/
predicate hasLocationInfo(string fp, int sl, int sc, int el, int ec) {
this.asFunction().hasLocationInfo(fp, sl, sc, el, ec) or
this.asFuncLit().hasLocationInfo(fp, sl, sc, el, ec)
deprecated predicate hasLocationInfo(string fp, int sl, int sc, int el, int ec) {
this.getLocation().hasLocationInfo(fp, sl, sc, el, ec)
}
}

11
go/ql/lib/semmle/go/StringOps.qll
View File

@@ -548,20 +548,25 @@ module StringOps {
else result = "concatenation element"
}
/** Gets the location of this element. */
Location getLocation() { result = this.asNode().getLocation() }
/**
* DEPRECATED: Use `getLocation()` instead.
*
* Holds if this element is at the specified location.
* The location spans column `startcolumn` of line `startline` to
* column `endcolumn` of line `endline` in file `filepath`.
* For more information, see
* [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
*/
predicate hasLocationInfo(
deprecated predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
this.asNode().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
or
// use dummy location for elements that don't have a corresponding node
not exists(this.asNode()) and
not exists(this.getLocation()) and
filepath = "" and
startline = 0 and
startcolumn = 0 and

11
go/ql/lib/semmle/go/Types.qll
View File

@@ -144,19 +144,24 @@ class Type extends @type {
*/
string toString() { result = this.getName() }
/** Gets the location of this type. */
Location getLocation() { result = this.getEntity().getLocation() }
/**
* DEPRECATED: Use `getLocation()` instead.
*
* Holds if this element is at the specified location.
* The location spans column `startcolumn` of line `startline` to
* column `endcolumn` of line `endline` in file `filepath`.
* For more information, see
* [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
*/
predicate hasLocationInfo(
deprecated predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
this.getEntity().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
or
not exists(this.getEntity()) and
not exists(this.getLocation()) and
filepath = "" and
startline = 0 and
startcolumn = 0 and

9
go/ql/lib/semmle/go/VariableWithFields.qll
View File

@@ -183,16 +183,21 @@ class VariableWithFields extends TVariableWithFields {
*/
string getElement() { this = TVariableElementStep(_, result) }
/** Gets the location of this variable with fields. */
Location getLocation() { result = this.getBaseVariable().getLocation() }
/**
* DEPRECATED: Use `getLocation()` instead.
*
* Holds if this element is at the specified location.
* The location spans column `startcolumn` of line `startline` to
* column `endcolumn` of line `endline` in file `filepath`.
* For more information, see
* [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
*/
predicate hasLocationInfo(
deprecated predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
this.getBaseVariable().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
}

9
go/ql/lib/semmle/go/controlflow/BasicBlocks.qll
View File

@@ -114,17 +114,22 @@ class BasicBlock extends TControlFlowNode {
/** Gets a textual representation of this basic block. */
string toString() { result = "basic block" }
/** Gets the source location for this element. */
Location getLocation() { result = this.getFirstNode().getLocation() }
/**
* DEPRECATED: Use `getLocation()` instead.
*
* Holds if this basic block is at the specified location.
* The location spans column `startcolumn` of line `startline` to
* column `endcolumn` of line `endline` in file `filepath`.
* For more information, see
* [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
*/
predicate hasLocationInfo(
deprecated predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
this.getFirstNode().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
}

18
go/ql/lib/semmle/go/controlflow/ControlFlowGraph.qll
View File

@@ -77,23 +77,31 @@ module ControlFlow {
Root getRoot() { none() }
/** Gets the file to which this node belongs. */
File getFile() { this.hasLocationInfo(result.getAbsolutePath(), _, _, _, _) }
File getFile() { result = this.getLocation().getFile() }
/**
* Gets a textual representation of this control flow node.
*/
string toString() { result = "control-flow node" }
/** Gets the source location for this element. */
Location getLocation() { none() }
/**
* DEPRECATED: Use `getLocation()` instead.
*
* Holds if this element is at the specified location.
* The location spans column `startcolumn` of line `startline` to
* column `endcolumn` of line `endline` in file `filepath`.
* For more information, see
* [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
*/
predicate hasLocationInfo(
deprecated predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
or
not exists(this.getLocation()) and
filepath = "" and
startline = 0 and
startcolumn = 0 and
@@ -244,11 +252,7 @@ module ControlFlow {
override string toString() { result = cond + " is " + outcome }
override predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
cond.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
override Location getLocation() { result = cond.getLocation() }
}
/**

18
go/ql/lib/semmle/go/controlflow/ControlFlowGraphImpl.qll
View File

@@ -418,11 +418,7 @@ class SkipNode extends ControlFlow::Node, MkSkipNode {
override string toString() { result = "skip" }
override predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
skip.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
override Location getLocation() { result = skip.getLocation() }
}
/**
@@ -437,11 +433,7 @@ class EntryNode extends ControlFlow::Node, MkEntryNode {
override string toString() { result = "entry" }
override predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
root.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
override Location getLocation() { result = root.getLocation() }
}
/**
@@ -456,11 +448,7 @@ class ExitNode extends ControlFlow::Node, MkExitNode {
override string toString() { result = "exit" }
override predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
root.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
override Location getLocation() { result = root.getLocation() }
}
/**

228
go/ql/lib/semmle/go/controlflow/IR.qll
View File

@@ -218,11 +218,7 @@ module IR {
override string toString() { result = e.toString() }
override predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
e.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
override Location getLocation() { result = e.getLocation() }
}
/**
@@ -364,11 +360,7 @@ module IR {
override string toString() { result = "implicit read of field " + field.toString() }
override predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
e.getBase().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
override Location getLocation() { result = e.getBase().getLocation() }
}
/**
@@ -483,11 +475,7 @@ module IR {
override string toString() { result = "init of " + elt }
override predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
elt.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
override Location getLocation() { result = elt.getLocation() }
}
/**
@@ -644,11 +632,7 @@ module IR {
override string toString() { result = "element index" }
override predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
elt.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
override Location getLocation() { result = elt.getLocation() }
}
/**
@@ -682,11 +666,7 @@ module IR {
override string toString() { result = "assignment to " + this.getLhs() }
override predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
this.getLhs().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
override Location getLocation() { result = this.getLhs().getLocation() }
}
/** An instruction computing the value of the right-hand side of a compound assignment. */
@@ -704,11 +684,7 @@ module IR {
override string toString() { result = assgn.toString() }
override predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
assgn.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
override Location getLocation() { result = assgn.getLocation() }
}
/**
@@ -792,11 +768,7 @@ module IR {
override string toString() { result = s + "[" + i + "]" }
override predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
s.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
override Location getLocation() { result = s.getLocation() }
}
/**
@@ -840,11 +812,7 @@ module IR {
override string toString() { result = "zero value for " + v }
override predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
v.getDeclaration().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
override Location getLocation() { result = v.getDeclaration().getLocation() }
}
/**
@@ -859,11 +827,7 @@ module IR {
override string toString() { result = fd.toString() }
override predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
fd.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
override Location getLocation() { result = fd.getLocation() }
}
/**
@@ -878,11 +842,7 @@ module IR {
override string toString() { result = defer.toString() }
override predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
defer.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
override Location getLocation() { result = defer.getLocation() }
}
/**
@@ -897,11 +857,7 @@ module IR {
override string toString() { result = go.toString() }
override predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
go.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
override Location getLocation() { result = go.getLocation() }
}
/**
@@ -918,11 +874,7 @@ module IR {
override string toString() { result = ids.toString() }
override predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
ids.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
override Location getLocation() { result = ids.getLocation() }
}
/**
@@ -943,11 +895,7 @@ module IR {
override string toString() { result = "rhs of " + ids }
override predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
ids.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
override Location getLocation() { result = ids.getLocation() }
}
/**
@@ -975,11 +923,7 @@ module IR {
override string toString() { result = "1" }
override predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
ids.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
override Location getLocation() { result = ids.getLocation() }
}
/**
@@ -1014,11 +958,7 @@ module IR {
override string toString() { result = ret.toString() }
override predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
ret.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
override Location getLocation() { result = ret.getLocation() }
}
/**
@@ -1048,11 +988,7 @@ module IR {
override string toString() { result = "implicit write of " + var }
override predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
ret.getResult(i).hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
override Location getLocation() { result = ret.getResult(i).getLocation() }
}
/**
@@ -1072,11 +1008,7 @@ module IR {
override string toString() { result = "implicit read of " + var }
override predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
var.getDeclaration().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
override Location getLocation() { result = var.getDeclaration().getLocation() }
}
/**
@@ -1091,11 +1023,7 @@ module IR {
override string toString() { result = sel.toString() }
override predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
sel.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
override Location getLocation() { result = sel.getLocation() }
}
/**
@@ -1110,11 +1038,7 @@ module IR {
override string toString() { result = send.toString() }
override predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
send.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
override Location getLocation() { result = send.getLocation() }
}
/**
@@ -1131,11 +1055,7 @@ module IR {
override string toString() { result = "initialization of " + parm }
override predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
parm.getDeclaration().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
override Location getLocation() { result = parm.getDeclaration().getLocation() }
}
/**
@@ -1152,11 +1072,7 @@ module IR {
override string toString() { result = "argument corresponding to " + parm }
override predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
parm.getDeclaration().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
override Location getLocation() { result = parm.getDeclaration().getLocation() }
}
/**
@@ -1173,11 +1089,7 @@ module IR {
override string toString() { result = "initialization of " + res }
override predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
res.getDeclaration().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
override Location getLocation() { result = res.getDeclaration().getLocation() }
}
/**
@@ -1197,11 +1109,7 @@ module IR {
override string toString() { result = "next key-value pair in range" }
override predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
rs.getDomain().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
override Location getLocation() { result = rs.getDomain().getLocation() }
}
/**
@@ -1226,11 +1134,7 @@ module IR {
override string toString() { result = "true" }
override predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
stmt.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
override Location getLocation() { result = stmt.getLocation() }
}
/**
@@ -1259,11 +1163,7 @@ module IR {
override string toString() { result = "case " + cc.getExpr(i) }
override predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
cc.getExpr(i).hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
override Location getLocation() { result = cc.getExpr(i).getLocation() }
}
/**
@@ -1305,11 +1205,7 @@ module IR {
override string toString() { result = "implicit type switch variable declaration" }
override predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
cc.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
override Location getLocation() { result = cc.getLocation() }
}
/**
@@ -1335,11 +1231,7 @@ module IR {
override string toString() { result = "0" }
override predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
slice.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
override Location getLocation() { result = slice.getLocation() }
}
/**
@@ -1357,11 +1249,7 @@ module IR {
override string toString() { result = "len" }
override predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
slice.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
override Location getLocation() { result = slice.getLocation() }
}
/**
@@ -1379,11 +1267,7 @@ module IR {
override string toString() { result = "cap" }
override predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
slice.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
override Location getLocation() { result = slice.getLocation() }
}
/**
@@ -1406,11 +1290,7 @@ module IR {
override string toString() { result = "implicit dereference" }
override predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
e.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
override Location getLocation() { result = e.getLocation() }
}
/** A representation of the target of a write instruction. */
@@ -1438,17 +1318,29 @@ module IR {
/** Gets a textual representation of this target. */
string toString() { result = "write target" }
/** Gets the source location for this element. */
Location getLocation() { none() }
/**
* DEPRECATED: Use `getLocation()` instead.
*
* Holds if this element is at the specified location.
* The location spans column `startcolumn` of line `startline` to
* column `endcolumn` of line `endline` in file `filepath`.
* For more information, see
* [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
*/
predicate hasLocationInfo(
deprecated predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
or
not exists(this.getLocation()) and
filepath = "" and
startline = 0 and
startcolumn = 0 and
endline = 0 and
endcolumn = 0
}
}
@@ -1501,11 +1393,7 @@ module IR {
override string toString() { result = this.getName() }
override predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
loc.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
override Location getLocation() { result = loc.getLocation() }
}
/** A reference to a field, used as the target of a write. */
@@ -1545,14 +1433,10 @@ module IR {
result = "field " + w.(InitLiteralStructFieldInstruction).getFieldName()
}
override predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
exists(SelectorExpr sel | this = MkLhs(_, sel) |
sel.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
)
override Location getLocation() {
exists(SelectorExpr sel | this = MkLhs(_, sel) | result = sel.getLocation())
or
w.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
result = w.(InitLiteralStructFieldInstruction).getLocation()
}
}
@@ -1582,14 +1466,10 @@ module IR {
override string toString() { result = "element" }
override predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
exists(IndexExpr idx | this = MkLhs(_, idx) |
idx.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
)
override Location getLocation() {
exists(IndexExpr idx | this = MkLhs(_, idx) | result = idx.getLocation())
or
w.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
result = w.(InitLiteralElementInstruction).getLocation()
}
}
@@ -1613,11 +1493,7 @@ module IR {
override string toString() { result = lhs.toString() }
override predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
lhs.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
override Location getLocation() { result = lhs.getLocation() }
}
/**

13
go/ql/lib/semmle/go/dataflow/GlobalValueNumbering.qll
View File

@@ -300,7 +300,9 @@ class GVN extends GvnBase {
// just an arbitrary way to pick an expression with this `GVN`.
result =
min(DataFlow::Node e, string f, int l, int c, string k |
e = this.getANode() and e.hasLocationInfo(f, l, c, _, _) and k = e.getNodeKind()
e = this.getANode() and
e.getLocation().hasLocationInfo(f, l, c, _, _) and
k = e.getNodeKind()
|
e order by f, l, c, k
)
@@ -309,17 +311,22 @@ class GVN extends GvnBase {
/** Gets a textual representation of this element. */
string toString() { result = this.exampleNode().toString() }
/** Gets the location of this element. */
Location getLocation() { result = this.exampleNode().getLocation() }
/**
* DEPRECATED: Use `getLocation()` instead.
*
* Holds if this element is at the specified location.
* The location spans column `startcolumn` of line `startline` to
* column `endcolumn` of line `endline` in file `filepath`.
* For more information, see
* [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
*/
predicate hasLocationInfo(
deprecated predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
this.exampleNode().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
}

61
go/ql/lib/semmle/go/dataflow/SSA.qll
View File

@@ -85,17 +85,22 @@ class SsaVariable extends TSsaDefinition {
/** Gets a textual representation of this element. */
string toString() { result = this.getDefinition().prettyPrintRef() }
/** Gets the location of this SSA variable. */
Location getLocation() { result = this.getDefinition().getLocation() }
/**
* DEPRECATED: Use `getLocation()` instead.
*
* Holds if this element is at the specified location.
* The location spans column `startcolumn` of line `startline` to
* column `endcolumn` of line `endline` in file `filepath`.
* For more information, see
* [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
*/
predicate hasLocationInfo(
deprecated predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
this.getDefinition().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
}
@@ -144,16 +149,23 @@ class SsaDefinition extends TSsaDefinition {
/** Gets a textual representation of this element. */
string toString() { result = this.prettyPrintDef() }
/** Gets the source location for this element. */
abstract Location getLocation();
/**
* DEPRECATED: Use `getLocation()` instead.
*
* Holds if this element is at the specified location.
* The location spans column `startcolumn` of line `startline` to
* column `endcolumn` of line `endline` in file `filepath`.
* For more information, see
* [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
*/
abstract predicate hasLocationInfo(
deprecated predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
);
) {
this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
}
/**
@@ -177,16 +189,14 @@ class SsaExplicitDefinition extends SsaDefinition, TExplicitDef {
override SsaSourceVariable getSourceVariable() { this = TExplicitDef(_, _, result) }
override string prettyPrintRef() {
exists(int l, int c | this.hasLocationInfo(_, l, c, _, _) | result = "def@" + l + ":" + c)
exists(Location loc | loc = this.getLocation() |
result = "def@" + loc.getStartLine() + ":" + loc.getStartColumn()
)
}
override string prettyPrintDef() { result = "definition of " + this.getSourceVariable() }
override predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
this.getInstruction().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
override Location getLocation() { result = this.getInstruction().getLocation() }
}
/** Provides a helper predicate for working with explicit SSA definitions. */
@@ -209,16 +219,12 @@ abstract class SsaImplicitDefinition extends SsaDefinition {
abstract string getKind();
override string prettyPrintRef() {
exists(int l, int c | this.hasLocationInfo(_, l, c, _, _) |
result = this.getKind() + "@" + l + ":" + c
exists(Location loc | loc = this.getLocation() |
result = this.getKind() + "@" + loc.getStartLine() + ":" + loc.getStartColumn()
)
}
override predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
this.getBasicBlock().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
override Location getLocation() { result = this.getBasicBlock().getLocation() }
}
/**
@@ -241,11 +247,9 @@ class SsaVariableCapture extends SsaImplicitDefinition, TCapture {
override string prettyPrintDef() { result = "capture variable " + this.getSourceVariable() }
override predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
override Location getLocation() {
exists(ReachableBasicBlock bb, int i | this.definesAt(bb, i, _) |
bb.getNode(i).hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
result = bb.getNode(i).getLocation()
)
}
}
@@ -291,11 +295,7 @@ class SsaPhiNode extends SsaPseudoDefinition, TPhi {
result = this.getSourceVariable() + " = phi(" + this.ppInputs() + ")"
}
override predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
this.getBasicBlock().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
override Location getLocation() { result = this.getBasicBlock().getLocation() }
}
/**
@@ -383,17 +383,22 @@ class SsaWithFields extends TSsaWithFields {
)
}
/** Gets the location of this SSA variable with fields. */
Location getLocation() { result = this.getBaseVariable().getLocation() }
/**
* DEPRECATED: Use `getLocation()` instead.
*
* Holds if this element is at the specified location.
* The location spans column `startcolumn` of line `startline` to
* column `endcolumn` of line `endline` in file `filepath`.
* For more information, see
* [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
*/
predicate hasLocationInfo(
deprecated predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
this.getBaseVariable().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
}

65
go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll
View File

@@ -78,9 +78,7 @@ module Private {
result = this.getSummaryNode().getSummarizedCallable()
}
override predicate hasLocationInfo(string fp, int sl, int sc, int el, int ec) {
this.getSummarizedCallable().hasLocationInfo(fp, sl, sc, el, ec)
}
override Location getLocation() { result = this.getSummarizedCallable().getLocation() }
override string toString() { result = this.getSummaryNode().toString() }
@@ -140,45 +138,38 @@ module Public {
/** Gets a textual representation of this element. */
string toString() { result = "data-flow node" } // overridden in subclasses
/** Gets the location of this node. */
Location getLocation() { none() }
/**
* DEPRECATED: Use `getLocation()` instead.
*
* Holds if this element is at the specified location.
* The location spans column `startcolumn` of line `startline` to
* column `endcolumn` of line `endline` in file `filepath`.
* For more information, see
* [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
*/
predicate hasLocationInfo(
deprecated predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
filepath = "" and
startline = 0 and
startcolumn = 0 and
endline = 0 and
endcolumn = 0
}
/** Gets the location of this node. */
Location getLocation() {
exists(string filepath, int startline, int startcolumn, int endline, int endcolumn |
this.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) and
result.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
)
this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
/** Gets the file in which this node appears. */
File getFile() { this.hasLocationInfo(result.getAbsolutePath(), _, _, _, _) }
File getFile() { result = this.getLocation().getFile() }
/** Gets the start line of the location of this node. */
int getStartLine() { this.hasLocationInfo(_, result, _, _, _) }
int getStartLine() { result = this.getLocation().getStartLine() }
/** Gets the start column of the location of this node. */
int getStartColumn() { this.hasLocationInfo(_, _, result, _, _) }
int getStartColumn() { result = this.getLocation().getStartColumn() }
/** Gets the end line of the location of this node. */
int getEndLine() { this.hasLocationInfo(_, _, _, result, _) }
int getEndLine() { result = this.getLocation().getEndLine() }
/** Gets the end column of the location of this node. */
int getEndColumn() { this.hasLocationInfo(_, _, _, _, result) }
int getEndColumn() { result = this.getLocation().getEndColumn() }
/**
* Gets an upper bound on the type of this node.
@@ -262,11 +253,7 @@ module Public {
override string toString() { result = insn.toString() }
override predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
insn.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
override Location getLocation() { result = insn.getLocation() }
}
/**
@@ -312,11 +299,7 @@ module Public {
override string toString() { result = ssa.toString() }
override predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
ssa.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
override Location getLocation() { result = ssa.getLocation() }
}
private module FunctionNode {
@@ -408,11 +391,7 @@ module Public {
override string toString() { result = "function " + func.getName() }
override predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
func.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
override Location getLocation() { result = func.getLocation() }
override ResultNode getAResult() {
result.getRoot() = this.getFunction().(DeclaredFunction).getFuncDecl()
@@ -464,11 +443,7 @@ module Public {
override string toString() { result = "[]type{args}" }
override predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
call.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
override Location getLocation() { result = call.getLocation() }
}
/**
@@ -1077,11 +1052,7 @@ module Public {
override string toString() { result = "slice element node" }
override predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
si.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
override Location getLocation() { result = si.getLocation() }
/** Gets the `SliceNode` which this node relates to. */
SliceNode getSliceNode() { result = DataFlow::instructionNode(si) }

30
go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll
View File

@@ -301,35 +301,27 @@ class DataFlowCallable extends TDataFlowCallable {
result = "Summary: " + this.asSummarizedCallable().toString()
}
/** Gets the location of this callable. */
Location getLocation() {
result = this.asCallable().getLocation() or
result = this.asFileScope().getLocation() or
result = this.asSummarizedCallable().getLocation()
}
/**
* DEPRECATED: Use `getLocation()` instead.
*
* Holds if this callable is at the specified location.
* The location spans column `startcolumn` of line `startline` to
* column `endcolumn` of line `endline` in file `filepath`.
* For more information, see
* [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
*/
predicate hasLocationInfo(
deprecated predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
this.asCallable().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) or
this.asFileScope().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) or
this.asSummarizedCallable()
.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
/** Gets the location of this callable. */
Location getLocation() {
result = getCallableLocation(this.asCallable()) or
result = this.asFileScope().getLocation() or
result = getCallableLocation(this.asSummarizedCallable())
}
}
private Location getCallableLocation(Callable c) {
exists(string filepath, int startline, int startcolumn, int endline, int endcolumn |
c.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) and
result.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
)
}
/** A function call relevant for data flow. */

37
go/ql/lib/semmle/go/dataflow/internal/DataFlowUtil.qll
View File

@@ -170,17 +170,29 @@ class Content extends TContent {
/** Gets a textual representation of this element. */
abstract string toString();
/** Gets the location of this element. */
Location getLocation() { none() }
/**
* DEPRECATED: Use `getLocation()` instead.
*
* Holds if this element is at the specified location.
* The location spans column `startcolumn` of line `startline` to
* column `endcolumn` of line `endline` in file `filepath`.
* For more information, see
* [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
*/
predicate hasLocationInfo(
deprecated predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
or
not exists(this.getLocation()) and
filepath = "" and
startline = 0 and
startcolumn = 0 and
endline = 0 and
endcolumn = 0
}
/**
@@ -202,9 +214,7 @@ class FieldContent extends Content, TFieldContent {
override string toString() { result = f.toString() }
override predicate hasLocationInfo(string path, int sl, int sc, int el, int ec) {
f.getDeclaration().hasLocationInfo(path, sl, sc, el, ec)
}
override Location getLocation() { result = f.getDeclaration().getLocation() }
}
/** A reference through the contents of some collection-like container. */
@@ -277,26 +287,31 @@ class ContentSet instanceof TContentSet {
/** Gets a textual representation of this content set. */
string toString() {
exists(Content c | this = TOneContent(c) | result = c.toString())
result = this.asOneContent().toString()
or
this = TAllContent() and result = "all content"
}
/**
* Gets the location of this content set, if it contains only one `Content`.
*/
Location getLocation() { result = this.asOneContent().getLocation() }
/**
* DEPRECATED: Use `getLocation()` instead.
*
* Holds if this element is at the specified location.
* The location spans column `startcolumn` of line `startline` to
* column `endcolumn` of line `endline` in file `filepath`.
* For more information, see
* [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
*/
predicate hasLocationInfo(
deprecated predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
exists(Content c | this = TOneContent(c) |
c.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
)
this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
or
this = TAllContent() and
not exists(this.getLocation()) and
filepath = "" and
startline = 0 and
startcolumn = 0 and

36
go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll
View File

@@ -222,16 +222,17 @@ module SourceSinkInterpretationInput implements
/** Gets the location of this element. */
Location getLocation() {
exists(string fp, int sl, int sc, int el, int ec |
this.hasLocationInfo(fp, sl, sc, el, ec) and
result.hasLocationInfo(fp, sl, sc, el, ec)
)
result = this.asEntity().getLocation() or
result = this.asAstNode().getLocation()
}
/** Holds if this element is at the specified location. */
predicate hasLocationInfo(string fp, int sl, int sc, int el, int ec) {
this.asEntity().hasLocationInfo(fp, sl, sc, el, ec) or
this.asAstNode().hasLocationInfo(fp, sl, sc, el, ec)
/**
* DEPRECATED: Use `getLocation()` instead.
*
* Holds if this element is at the specified location.
*/
deprecated predicate hasLocationInfo(string fp, int sl, int sc, int el, int ec) {
this.getLocation().hasLocationInfo(fp, sl, sc, el, ec)
}
}
@@ -280,17 +281,18 @@ module SourceSinkInterpretationInput implements
}
/** Gets the location of this node. */
predicate hasLocationInfo(string fp, int sl, int sc, int el, int ec) {
this.asElement().hasLocationInfo(fp, sl, sc, el, ec)
or
this.asNode().hasLocationInfo(fp, sl, sc, el, ec)
Location getLocation() {
result = this.asElement().getLocation() or
result = this.asNode().getLocation()
}
Location getLocation() {
exists(string fp, int sl, int sc, int el, int ec |
this.hasLocationInfo(fp, sl, sc, el, ec) and
result.hasLocationInfo(fp, sl, sc, el, ec)
)
/**
* DEPRECATED: Use `getLocation()` instead.
*
* Gets the location of this node.
*/
deprecated predicate hasLocationInfo(string fp, int sl, int sc, int el, int ec) {
this.getLocation().hasLocationInfo(fp, sl, sc, el, ec)
}
}

12
go/ql/lib/semmle/go/frameworks/GoMicro.qll
View File

@@ -35,7 +35,7 @@ module GoMicro {
*/
class ProtocMessageType extends Type {
ProtocMessageType() {
this.hasLocationInfo(any(ProtocGeneratedFile f).getAbsolutePath(), _, _, _, _) and
this.getLocation().getFile() instanceof ProtocGeneratedFile and
exists(MethodDecl md |
md.getName() = "ProtoMessage" and
this = md.getReceiverDecl().getTypeExpr().getAChild().(TypeName).getType()
@@ -51,7 +51,7 @@ module GoMicro {
ServiceInterfaceType() {
this = definedType.getUnderlyingType() and
definedType.hasLocationInfo(any(ProtocGeneratedFile f).getAbsolutePath(), _, _, _, _)
definedType.getLocation().getFile() instanceof ProtocGeneratedFile
}
/**
@@ -75,7 +75,7 @@ module GoMicro {
ServiceServerType() {
this.implements(any(ServiceInterfaceType i)) and
this.getName().regexpMatch("(?i).*Handler") and
this.hasLocationInfo(any(ProtocGeneratedFile f).getAbsolutePath(), _, _, _, _)
this.getLocation().getFile() instanceof ProtocGeneratedFile
}
}
@@ -86,7 +86,7 @@ module GoMicro {
ClientServiceType() {
this.implements(any(ServiceInterfaceType i)) and
this.getName().regexpMatch("(?i).*Service") and
this.hasLocationInfo(any(ProtocGeneratedFile f).getAbsolutePath(), _, _, _, _)
this.getLocation().getFile() instanceof ProtocGeneratedFile
}
}
@@ -97,7 +97,7 @@ module GoMicro {
ServiceRegisterHandler() {
this.getName().regexpMatch("(?i)register" + any(ServiceServerType c).getName()) and
this.getParameterType(0) instanceof GoMicroServerType and
this.hasLocationInfo(any(ProtocGeneratedFile f).getAbsolutePath(), _, _, _, _)
this.getLocation().getFile() instanceof ProtocGeneratedFile
}
}
@@ -128,7 +128,7 @@ module GoMicro {
this.getName().regexpMatch("(?i)new" + any(ClientServiceType c).getName()) and
this.getParameterType(0) instanceof StringType and
this.getParameterType(1) instanceof GoMicroClientType and
this.hasLocationInfo(any(ProtocGeneratedFile f).getAbsolutePath(), _, _, _, _)
this.getLocation().getFile() instanceof ProtocGeneratedFile
}
}

35
go/ql/lib/semmle/go/frameworks/Gorqlite.qll Normal file
View File

@@ -0,0 +1,35 @@
/**
* Provides classes modeling security-relevant aspects of the `gorqlite` package.
*/
import go
/**
* Provides classes modeling security-relevant aspects of the `gorqlite` package.
*/
module Gorqlite {
private string packagePath() {
result =
package([
"github.com/rqlite/gorqlite", "github.com/raindog308/gorqlite",
"github.com/kanikanema/gorqlite"
], "")
}
// These are expressed using TaintTracking::FunctionModel because varargs functions don't work with Models-as-Data summaries yet.
private class QueryResultScan extends TaintTracking::FunctionModel, Method {
FunctionInput inp;
FunctionOutput outp;
QueryResultScan() {
// signature: func (qr *QueryResult) Scan(dest ...interface{}) error
this.hasQualifiedName(packagePath(), "QueryResult", "Scan") and
inp.isReceiver() and
outp.isParameter(_)
}
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
input = inp and output = outp
}
}
}

14
go/ql/lib/semmle/go/frameworks/Twirp.qll
View File

@@ -37,9 +37,7 @@ module Twirp {
/** A type representing a protobuf message. */
class ProtobufMessageType extends Type {
ProtobufMessageType() {
this.hasLocationInfo(any(ProtobufGeneratedFile f).getAbsolutePath(), _, _, _, _)
}
ProtobufMessageType() { this.getLocation().getFile() instanceof ProtobufGeneratedFile }
}
/** An interface type representing a Twirp service. */
@@ -48,7 +46,7 @@ module Twirp {
ServiceInterfaceType() {
definedType.getUnderlyingType() = this and
definedType.hasLocationInfo(any(ServicesGeneratedFile f).getAbsolutePath(), _, _, _, _)
definedType.getLocation().getFile() instanceof ServicesGeneratedFile
}
/** Gets the name of the interface. */
@@ -68,7 +66,7 @@ module Twirp {
p.implements(i) and
this = p.getBaseType() and
this.getName().regexpMatch("(?i)" + i.getName() + "(protobuf|json)client") and
this.hasLocationInfo(any(ServicesGeneratedFile f).getAbsolutePath(), _, _, _, _)
this.getLocation().getFile() instanceof ServicesGeneratedFile
)
}
}
@@ -79,7 +77,7 @@ module Twirp {
exists(ServiceInterfaceType i |
this.implements(i) and
this.getName().regexpMatch("(?i)" + i.getName() + "server") and
this.hasLocationInfo(any(ServicesGeneratedFile f).getAbsolutePath(), _, _, _, _)
this.getLocation().getFile() instanceof ServicesGeneratedFile
)
}
}
@@ -90,7 +88,7 @@ module Twirp {
this.getName().regexpMatch("(?i)new" + any(ServiceClientType c).getName()) and
this.getParameterType(0) instanceof StringType and
this.getParameterType(1).getName() = "HTTPClient" and
this.hasLocationInfo(any(ServicesGeneratedFile f).getAbsolutePath(), _, _, _, _)
this.getLocation().getFile() instanceof ServicesGeneratedFile
}
}
@@ -103,7 +101,7 @@ module Twirp {
ServerConstructor() {
this.getName().regexpMatch("(?i)new" + any(ServiceServerType c).getName()) and
this.getParameterType(0) = any(ServiceInterfaceType i).getDefinedType() and
this.hasLocationInfo(any(ServicesGeneratedFile f).getAbsolutePath(), _, _, _, _)
this.getLocation().getFile() instanceof ServicesGeneratedFile
}
}

41
go/ql/lib/semmle/go/frameworks/stdlib/HtmlTemplate.qll
View File

@@ -66,7 +66,7 @@ module HtmlTemplate {
string getBody() { result = text.regexpCapture("(?s)\\{\\{(.*)\\}\\}", 1) } // matches the inside of the curly bracket delimiters
/** Gets the file in which this statement appears. */
File getFile() { this.hasLocationInfo(result.getAbsolutePath(), _, _, _, _) }
File getFile() { result = this.getLocation().getFile() }
/** Gets a textual representation of this statement. */
string toString() { result = "HTML template statement" }
@@ -74,17 +74,22 @@ module HtmlTemplate {
/** Get the HTML element that contains this template statement. */
HTML::TextNode getEnclosingTextNode() { result = parent }
/** Gets the location of this template statement. */
Location getLocation() { result = parent.getLocation() }
/**
* DEPRECATED: Use `getLocation()` instead.
*
* Holds if this element is at the specified location.
* The location spans column `startcolumn` of line `startline` to
* column `endcolumn` of line `endline` in file `filepath`.
* For more information, see
* [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
*/
predicate hasLocationInfo(
deprecated predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
parent.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
}
@@ -114,7 +119,7 @@ module HtmlTemplate {
}
/** Gets the file in which this read appears. */
File getFile() { this.hasLocationInfo(result.getAbsolutePath(), _, _, _, _) }
File getFile() { result = this.getLocation().getFile() }
/** Gets a textual representation of this statement. */
string toString() { result = "HTML template read of " + text }
@@ -122,17 +127,21 @@ module HtmlTemplate {
/** Get the HTML element that contains this template read. */
HTML::TextNode getEnclosingTextNode() { result = parent.getEnclosingTextNode() }
/**
* Holds if this element is at the specified location.
* The location spans column `startcolumn` of line `startline` to
* column `endcolumn` of line `endline` in file `filepath`.
* For more information, see
* [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
*/
predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
parent.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
/** Gets the location of this template statement. */
Location getLocation() { result = parent.getLocation() }
// /**
// * DEPRECATED: Use `getLocation()` instead.
// *
// * Holds if this element is at the specified location.
// * The location spans column `startcolumn` of line `startline` to
// * column `endcolumn` of line `endline` in file `filepath`.
// * For more information, see
// * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
// */
// predicate hasLocationInfo(
// string filepath, int startline, int startcolumn, int endline, int endcolumn
// ) {
// this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
// }
}
}

150
go/ql/lib/semmle/go/internal/Locations.qll
View File

@@ -1,150 +0,0 @@
/** Provides classes for working with locations and program elements that have locations. */
import go
// Should _not_ be cached, as that would require the data flow stage to be evaluated
// in order to evaluate the AST stage. Ideally, we would cache each injector separately,
// but that's not possible. Instead, we cache all predicates that need the injectors
// to be tuple numbered.
newtype TLocation =
TDbLocation(@location loc) or
TSynthLocation(string filepath, int startline, int startcolumn, int endline, int endcolumn) {
any(DataFlow::Node n).hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) and
// avoid overlap with existing DB locations
not existingDBLocation(filepath, startline, startcolumn, endline, endcolumn)
}
pragma[nomagic]
private predicate existingDBLocation(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
exists(File f |
locations_default(_, f, startline, startcolumn, endline, endcolumn) and
f.getAbsolutePath() = filepath
)
}
/**
* A location as given by a file, a start line, a start column,
* an end line, and an end column.
*
* For more information about locations see [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
*/
abstract class LocationImpl extends TLocation {
/** Gets the file for this location. */
abstract File getFile();
/** Gets the 1-based line number (inclusive) where this location starts. */
abstract int getStartLine();
/** Gets the 1-based column number (inclusive) where this location starts. */
abstract int getStartColumn();
/** Gets the 1-based line number (inclusive) where this location ends. */
abstract int getEndLine();
/** Gets the 1-based column number (inclusive) where this location ends. */
abstract int getEndColumn();
/** Gets the number of lines covered by this location. */
int getNumLines() { result = this.getEndLine() - this.getStartLine() + 1 }
/** Gets a textual representation of this element. */
string toString() {
exists(string filepath, int startline, int startcolumn, int endline, int endcolumn |
this.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) and
result = filepath + "@" + startline + ":" + startcolumn + ":" + endline + ":" + endcolumn
)
}
/**
* Holds if this element is at the specified location.
* The location spans column `startcolumn` of line `startline` to
* column `endcolumn` of line `endline` in file `filepath`.
* For more information, see
* [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
*/
abstract predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
);
}
class DbLocationImpl extends LocationImpl instanceof DbLocation {
private @location loc;
DbLocationImpl() { this = TDbLocation(loc) }
override File getFile() { result = DbLocation.super.getFile() }
override int getStartLine() { result = DbLocation.super.getStartLine() }
override int getStartColumn() { result = DbLocation.super.getStartColumn() }
override int getEndLine() { result = DbLocation.super.getEndLine() }
override int getEndColumn() { result = DbLocation.super.getEndColumn() }
override predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
DbLocation.super.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
}
class SynthLocationImpl extends LocationImpl, TSynthLocation {
override File getFile() { synthLocationInfo(this, result.getAbsolutePath(), _, _, _, _) }
override int getStartLine() { synthLocationInfo(this, _, result, _, _, _) }
override int getStartColumn() { synthLocationInfo(this, _, _, result, _, _) }
override int getEndLine() { synthLocationInfo(this, _, _, _, result, _) }
override int getEndColumn() { synthLocationInfo(this, _, _, _, _, result) }
override predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
synthLocationInfo(this, filepath, startline, startcolumn, endline, endcolumn)
}
}
cached
private module Cached {
cached
DbLocation getLocatableLocation(@locatable l) {
exists(@location loc |
has_location(l, loc) or
xmllocations(l, loc)
|
result = TDbLocation(loc)
)
}
cached
DbLocation getDiagnosticLocation(@diagnostic d) {
exists(@location loc |
diagnostics(d, _, _, _, _, loc) and
result = TDbLocation(loc)
)
}
cached
predicate dbLocationInfo(
DbLocation l, File f, int startline, int startcolumn, int endline, int endcolumn
) {
exists(@location loc |
l = TDbLocation(loc) and
locations_default(loc, f, startline, startcolumn, endline, endcolumn)
)
}
}
import Cached
cached
private predicate synthLocationInfo(
SynthLocationImpl l, string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
l = TSynthLocation(filepath, startline, startcolumn, endline, endcolumn)
}

11
go/ql/src/InconsistentCode/WhitespaceContradictsPrecedence.ql
View File

@@ -72,11 +72,14 @@ predicate interestingNesting(BinaryExpr inner, BinaryExpr outer) {
/** Gets the number of whitespace characters around the operator `op` of `be`. */
int getWhitespaceAroundOperator(BinaryExpr be, string op) {
exists(string file, int line, int left, int right |
be.getLeftOperand().hasLocationInfo(file, _, _, line, left) and
be.getRightOperand().hasLocationInfo(file, line, right, _, _) and
exists(Location left, Location right |
be.getLeftOperand().getLocation() = left and
be.getRightOperand().getLocation() = right and
left.getFile() = right.getFile() and
left.getStartLine() = right.getStartLine()
|
op = be.getOperator() and
result = (right - left - op.length() - 1) / 2
result = (right.getStartColumn() - left.getEndColumn() - op.length() - 1) / 2
)
}

3
go/ql/test/experimental/CWE-522-DecompressionBombs/DecompressionBombTest.ql
View File

@@ -10,8 +10,7 @@ module TestDecompressionBombs implements TestSig {
predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "hasValueFlow" and
exists(DataFlow::Node sink | Flow::flowTo(sink) |
sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
sink.getLocation() = location and
element = sink.toString() and
value = "\"" + sink.toString() + "\""
)

9
go/ql/test/experimental/frameworks/CleverGo/HeaderWrite.ql
View File

@@ -8,8 +8,7 @@ module HttpHeaderWriteTest implements TestSig {
predicate hasActualResult(Location location, string element, string tag, string value) {
// Dynamic key-value header:
exists(Http::HeaderWrite hw |
hw.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
hw.getLocation() = location and
(
element = hw.getName().toString() and
value = hw.getName().toString() and
@@ -23,8 +22,7 @@ module HttpHeaderWriteTest implements TestSig {
or
// Static key, dynamic value header:
exists(Http::HeaderWrite hw |
hw.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
hw.getLocation() = location and
(
element = hw.getHeaderName().toString() and
value = hw.getHeaderName() and
@@ -38,8 +36,7 @@ module HttpHeaderWriteTest implements TestSig {
or
// Static key, static value header:
exists(Http::HeaderWrite hw |
hw.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
hw.getLocation() = location and
(
element = hw.getHeaderName().toString() and
value = hw.getHeaderName() and

3
go/ql/test/experimental/frameworks/CleverGo/HttpRedirect.ql
View File

@@ -8,8 +8,7 @@ module HttpRedirectTest implements TestSig {
predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "redirectUrl" and
exists(Http::Redirect rd |
rd.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
rd.getLocation() = location and
element = rd.getUrl().toString() and
value = rd.getUrl().toString()
)

3
go/ql/test/experimental/frameworks/CleverGo/HttpResponseBody.ql
View File

@@ -7,8 +7,7 @@ module HttpResponseBodyTest implements TestSig {
predicate hasActualResult(Location location, string element, string tag, string value) {
exists(Http::ResponseBody rd |
rd.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
rd.getLocation() = location and
(
element = rd.getAContentType().toString() and
value = rd.getAContentType().toString() and

3
go/ql/test/experimental/frameworks/CleverGo/RemoteSources.ql
View File

@@ -14,8 +14,7 @@ module RemoteFlowSourceTest implements TestSig {
|
element = arg.toString() and
value = "" and
arg.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn())
arg.getLocation() = location
)
}
}

9
go/ql/test/experimental/frameworks/Fiber/HeaderWrite.ql
View File

@@ -8,8 +8,7 @@ module HttpHeaderWriteTest implements TestSig {
predicate hasActualResult(Location location, string element, string tag, string value) {
// Dynamic key-value header:
exists(Http::HeaderWrite hw |
hw.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
hw.getLocation() = location and
(
element = hw.getName().toString() and
value = hw.getName().toString() and
@@ -23,8 +22,7 @@ module HttpHeaderWriteTest implements TestSig {
or
// Static key, dynamic value header:
exists(Http::HeaderWrite hw |
hw.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
hw.getLocation() = location and
(
element = hw.getHeaderName().toString() and
value = hw.getHeaderName() and
@@ -38,8 +36,7 @@ module HttpHeaderWriteTest implements TestSig {
or
// Static key, static value header:
exists(Http::HeaderWrite hw |
hw.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
hw.getLocation() = location and
(
element = hw.getHeaderName().toString() and
value = hw.getHeaderName() and

3
go/ql/test/experimental/frameworks/Fiber/Redirect.ql
View File

@@ -8,8 +8,7 @@ module HttpRedirectTest implements TestSig {
predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "redirectUrl" and
exists(Http::Redirect rd |
rd.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
rd.getLocation() = location and
element = rd.getUrl().toString() and
value = rd.getUrl().toString()
)

3
go/ql/test/experimental/frameworks/Fiber/RemoteFlowSources.ql
View File

@@ -14,8 +14,7 @@ module RemoteFlowSourceTest implements TestSig {
|
element = arg.toString() and
value = "" and
arg.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn())
arg.getLocation() = location
)
}
}

3
go/ql/test/experimental/frameworks/Fiber/ResponseBody.ql
View File

@@ -7,8 +7,7 @@ module HttpResponseBodyTest implements TestSig {
predicate hasActualResult(Location location, string element, string tag, string value) {
exists(Http::ResponseBody rd |
rd.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
rd.getLocation() = location and
(
element = rd.getAContentType().toString() and
value = rd.getAContentType().toString() and

8
go/ql/test/extractor-tests/diagnostics/Diagnostics.ql
View File

@@ -1,5 +1,4 @@
import go
private import semmle.go.internal.Locations
bindingset[path]
string baseName(string path) { result = path.regexpCapture(".*(/|\\\\)([^/\\\\]+)(/|\\\\)?$", 2) }
@@ -31,12 +30,7 @@ class Diagnostic extends @diagnostic {
diagnostic_for(this, c, fileNum, idx)
}
DbLocation getLocation() {
exists(@location loc |
diagnostics(this, _, _, _, _, loc) and
result = TDbLocation(loc)
)
}
Location getLocation() { diagnostics(this, _, _, _, _, result) }
// string getTag() {
// diagnostics(this, _, result, _, _, _)

2
go/ql/test/library-tests/semmle/go/Function/TypeParamType.ql
View File

@@ -1,7 +1,7 @@
import go
query predicate numberOfTypeParameters(TypeParamParentEntity parent, int n) {
exists(string file | file != "" | parent.hasLocationInfo(file, _, _, _, _)) and
exists(parent.getLocation().getFile()) and
n = strictcount(TypeParamType tpt | tpt.getParent() = parent)
}

3
go/ql/test/library-tests/semmle/go/Function/isVariadic.ql
View File

@@ -7,8 +7,7 @@ module FunctionIsVariadicTest implements TestSig {
predicate hasActualResult(Location location, string element, string tag, string value) {
exists(CallExpr ce |
ce.getTarget().isVariadic() and
ce.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
ce.getLocation() = location and
element = ce.toString() and
value = "" and
tag = "isVariadic"

24
go/ql/test/library-tests/semmle/go/GoModExpr/GoModExprs.ql
View File

@@ -5,9 +5,9 @@ import go
* that contains the substring "`kind`,`dep`,`ver`".
*/
predicate metadata(Locatable l, string kind, string mod, string dep, string ver) {
exists(string f, int line, Comment c, string text |
l.hasLocationInfo(f, line, _, _, _) and
c.hasLocationInfo(f, line, _, _, _)
exists(Comment c, string text |
l.getFile() = c.getFile() and
l.getLocation().getStartLine() = c.getLocation().getStartLine()
|
text = c.getText().regexpFind("\\b([^,\\s]+,[^,]+,[^,]+,[^,\\s]+)", _, _) and
kind = text.regexpCapture("([^,]+),([^,]+),([^,]+),([^,]+)", 1) and
@@ -19,27 +19,27 @@ predicate metadata(Locatable l, string kind, string mod, string dep, string ver)
query predicate missingRequire(string mod, string dep, string ver, int line) {
exists(Locatable l | metadata(l, "RequireLine", mod, dep, ver) |
l.hasLocationInfo(_, line, _, _, _)
line = l.getLocation().getStartLine()
) and
not exists(GoModRequireLine req |
req.getModulePath() = mod and
req.getPath() = dep and
req.getVersion() = ver and
metadata(req, "RequireLine", mod, dep, ver) and
req.hasLocationInfo(_, line, _, _, _)
line = req.getLocation().getStartLine()
)
}
query predicate missingExclude(string mod, string dep, string ver, int line) {
exists(Locatable l | metadata(l, "ExcludeLine", mod, dep, ver) |
l.hasLocationInfo(_, line, _, _, _)
line = l.getLocation().getStartLine()
) and
not exists(GoModExcludeLine exc |
exc.getModulePath() = mod and
exc.getPath() = dep and
exc.getVersion() = ver and
metadata(exc, "ExcludeLine", mod, dep, ver) and
exc.hasLocationInfo(_, line, _, _, _)
line = exc.getLocation().getStartLine()
)
}
@@ -48,9 +48,9 @@ query predicate missingExclude(string mod, string dep, string ver, int line) {
* that contains the substring "ReplaceLine,`mod`,`dep`,`dver`,`rep`,`rver`".
*/
predicate repmetadata(Locatable l, string mod, string dep, string dver, string rep, string rver) {
exists(string f, int line, Comment c, string text |
l.hasLocationInfo(f, line, _, _, _) and
c.hasLocationInfo(f, line, _, _, _)
exists(Comment c, string text |
l.getFile() = c.getFile() and
l.getLocation().getStartLine() = c.getLocation().getStartLine()
|
text = c.getText().regexpFind("\\b(ReplaceLine,[^,]*,[^,]*,[^,]*,[^,]*,[^,\\s]*)", _, _) and
mod = text.regexpCapture("ReplaceLine,([^,]*),([^,]*),([^,]*),([^,]*),([^,]*)", 1) and
@@ -65,7 +65,7 @@ query predicate missingReplace(
string mod, string dep, string dver, string rep, string rver, int line
) {
exists(Locatable l | repmetadata(l, mod, dep, dver, rep, rver) |
l.hasLocationInfo(_, line, _, _, _)
line = l.getLocation().getStartLine()
) and
not exists(GoModReplaceLine repl |
(
@@ -85,6 +85,6 @@ query predicate missingReplace(
repl.getOriginalPath() = dep and
repl.getReplacementPath() = rep and
repmetadata(repl, mod, dep, dver, rep, rver) and
repl.hasLocationInfo(_, line, _, _, _)
line = repl.getLocation().getStartLine()
)
}

9
go/ql/test/library-tests/semmle/go/Types/Aliases.ql
View File

@@ -5,17 +5,16 @@ int countDecls(Entity e) { result = count(Ident decl | decl = e.getDeclaration()
query predicate entities(string fp, Entity e, int c, Type ty) {
c = countDecls(e) and
ty = e.getType() and
exists(DbLocation loc |
exists(Location loc |
loc = e.getDeclaration().getLocation() and
fp = loc.getFile().getBaseName() and
fp = "aliases.go"
)
}
from string fp, FuncDecl decl, SignatureType sig
from FuncDecl decl, SignatureType sig
where
decl.hasLocationInfo(fp, _, _, _, _) and
decl.getFile().getAbsolutePath().matches("%aliases.go%") and
decl.getName() = ["F", "G", "H"] and
sig = decl.getType() and
fp.matches("%aliases.go%")
sig = decl.getType()
select decl.getName(), sig.pp()

3
go/ql/test/library-tests/semmle/go/Types/ImplementsComparable.ql
View File

@@ -11,8 +11,7 @@ module ImplementsComparableTest implements TestSig {
ts.getName().matches("testComparable%") and
ts.getATypeParameterDecl().getTypeConstraint().implementsComparable()
|
ts.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
ts.getLocation() = location and
element = ts.getName() and
value = ""
)

3
go/ql/test/library-tests/semmle/go/Types/SignatureType_isVariadic.ql
View File

@@ -7,8 +7,7 @@ module SignatureTypeIsVariadicTest implements TestSig {
predicate hasActualResult(Location location, string element, string tag, string value) {
exists(FuncDef fd |
fd.isVariadic() and
fd.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
fd.getLocation() = location and
element = fd.toString() and
value = "" and
tag = "isVariadic"

6
go/ql/test/library-tests/semmle/go/aliases/MethodDefs/test.ql
View File

@@ -11,11 +11,7 @@ class EntityWithDeclInfo extends TEntityWithDeclInfo {
string toString() { result = e.toString() + " (" + nDecls + " declaration sites)" }
predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
e.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
Location getLocation() { result = e.getLocation() }
}
query predicate distinctDefinedFs(int ct) { ct = count(DeclaredFunction e | e.toString() = "F") }

6
go/ql/test/library-tests/semmle/go/aliases/defsuses/test.ql
View File

@@ -11,11 +11,7 @@ class EntityWithDeclInfo extends TEntityWithDeclInfo {
result = e.toString() + " (" + count(e.getDeclaration()) + " declaration sites)"
}
predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
e.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
Location getLocation() { result = e.getLocation() }
}
query predicate lowLevelDefs(Ident i, EntityWithDeclInfo ewrapped) {

3
go/ql/test/library-tests/semmle/go/concepts/HTTP/Handler.ql
View File

@@ -9,8 +9,7 @@ module HttpHandler implements TestSig {
exists(Http::RequestHandler h, DataFlow::Node check |
element = h.toString() and value = check.toString()
|
h.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
h.getLocation() = location and
h.guardedBy(check)
)
}

3
go/ql/test/library-tests/semmle/go/concepts/LoggerCall/LoggerCall.ql
View File

@@ -8,8 +8,7 @@ module LoggerTest implements TestSig {
predicate hasActualResult(Location location, string element, string tag, string value) {
exists(LoggerCall log |
log.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
log.getLocation() = location and
element = log.toString() and
value = log.getAMessageComponent().toString() and
tag = "logger"

6
go/ql/test/library-tests/semmle/go/dataflow/CallGraph/getACallee.ql
View File

@@ -5,9 +5,9 @@ import go
* that contains the substring `key: val`.
*/
string metadata(Locatable l, string key) {
exists(string f, int line, Comment c, string kv |
l.hasLocationInfo(f, line, _, _, _) and
c.hasLocationInfo(f, line, _, _, _) and
exists(Comment c, string kv |
l.getFile() = c.getFile() and
l.getLocation().getStartLine() = c.getLocation().getStartLine() and
kv = c.getText().regexpFind("\\b(\\w+: \\S+)", _, _) and
key = kv.regexpCapture("(\\w+): (\\S+)", 1) and
result = kv.regexpCapture("(\\w+): (\\S+)", 2)

6
go/ql/test/library-tests/semmle/go/dataflow/CallGraph/viableCallee.ql
View File

@@ -6,9 +6,9 @@ import semmle.go.dataflow.internal.DataFlowDispatch
* that contains the substring `key: val`.
*/
string metadata(Locatable l, string key) {
exists(string f, int line, Comment c, string kv |
l.hasLocationInfo(f, line, _, _, _) and
c.hasLocationInfo(f, line, _, _, _) and
exists(Comment c, string kv |
l.getFile() = c.getFile() and
l.getLocation().getStartLine() = c.getLocation().getStartLine() and
kv = c.getText().regexpFind("\\b(\\w+: \\S+)", _, _) and
key = kv.regexpCapture("(\\w+): (\\S+)", 1) and
result = kv.regexpCapture("(\\w+): (\\S+)", 2)

3
go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_I1_subtypes_false.ql
View File

@@ -17,8 +17,7 @@ module FlowTest implements TestSig {
predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "I1[f]" and
exists(DataFlow::Node sink | Flow::flowTo(sink) |
sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
sink.getLocation() = location and
element = sink.toString() and
value = ""
)

3
go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_I1_subtypes_true.ql
View File

@@ -17,8 +17,7 @@ module FlowTest implements TestSig {
predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "I1[t]" and
exists(DataFlow::Node sink | Flow::flowTo(sink) |
sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
sink.getLocation() = location and
element = sink.toString() and
value = ""
)

3
go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_I2_subtypes_false.ql
View File

@@ -17,8 +17,7 @@ module FlowTest implements TestSig {
predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "I2[f]" and
exists(DataFlow::Node sink | Flow::flowTo(sink) |
sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
sink.getLocation() = location and
element = sink.toString() and
value = ""
)

3
go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_I2_subtypes_true.ql
View File

@@ -17,8 +17,7 @@ module FlowTest implements TestSig {
predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "I2[t]" and
exists(DataFlow::Node sink | Flow::flowTo(sink) |
sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
sink.getLocation() = location and
element = sink.toString() and
value = ""
)

3
go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_IEmbedI1_subtypes_true.ql
View File

@@ -17,8 +17,7 @@ module FlowTest implements TestSig {
predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "IEmbedI1[t]" and
exists(DataFlow::Node sink | Flow::flowTo(sink) |
sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
sink.getLocation() = location and
element = sink.toString() and
value = ""
)

3
go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_IEmbedI2_subtypes_true.ql
View File

@@ -17,8 +17,7 @@ module FlowTest implements TestSig {
predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "IEmbedI2[t]" and
exists(DataFlow::Node sink | Flow::flowTo(sink) |
sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
sink.getLocation() = location and
element = sink.toString() and
value = ""
)

3
go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_PImplEmbedI1_subtypes_true.ql
View File

@@ -17,8 +17,7 @@ module FlowTest implements TestSig {
predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "PImplEmbedI1[t]" and
exists(DataFlow::Node sink | Flow::flowTo(sink) |
sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
sink.getLocation() = location and
element = sink.toString() and
value = ""
)

3
go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_PImplEmbedI2_subtypes_true.ql
View File

@@ -17,8 +17,7 @@ module FlowTest implements TestSig {
predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "PImplEmbedI2[t]" and
exists(DataFlow::Node sink | Flow::flowTo(sink) |
sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
sink.getLocation() = location and
element = sink.toString() and
value = ""
)

3
go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_S1_subtypes_false.ql
View File

@@ -17,8 +17,7 @@ module FlowTest implements TestSig {
predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "S1[f]" and
exists(DataFlow::Node sink | Flow::flowTo(sink) |
sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
sink.getLocation() = location and
element = sink.toString() and
value = ""
)

3
go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_S1_subtypes_true.ql
View File

@@ -17,8 +17,7 @@ module FlowTest implements TestSig {
predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "S1[t]" and
exists(DataFlow::Node sink | Flow::flowTo(sink) |
sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
sink.getLocation() = location and
element = sink.toString() and
value = ""
)

3
go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_SEmbedI1_subtypes_true.ql
View File

@@ -17,8 +17,7 @@ module FlowTest implements TestSig {
predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "SEmbedI1[t]" and
exists(DataFlow::Node sink | Flow::flowTo(sink) |
sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
sink.getLocation() = location and
element = sink.toString() and
value = ""
)

3
go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_SEmbedI2_subtypes_true.ql
View File

@@ -17,8 +17,7 @@ module FlowTest implements TestSig {
predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "SEmbedI2[t]" and
exists(DataFlow::Node sink | Flow::flowTo(sink) |
sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
sink.getLocation() = location and
element = sink.toString() and
value = ""
)

3
go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_SEmbedP1_subtypes_true.ql
View File

@@ -17,8 +17,7 @@ module FlowTest implements TestSig {
predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "SEmbedP1[t]" and
exists(DataFlow::Node sink | Flow::flowTo(sink) |
sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
sink.getLocation() = location and
element = sink.toString() and
value = ""
)

3
go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_SEmbedP2_subtypes_true.ql
View File

@@ -17,8 +17,7 @@ module FlowTest implements TestSig {
predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "SEmbedP2[t]" and
exists(DataFlow::Node sink | Flow::flowTo(sink) |
sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
sink.getLocation() = location and
element = sink.toString() and
value = ""
)

3
go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_SEmbedPtrP1_subtypes_true.ql
View File

@@ -17,8 +17,7 @@ module FlowTest implements TestSig {
predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "SEmbedPtrP1[t]" and
exists(DataFlow::Node sink | Flow::flowTo(sink) |
sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
sink.getLocation() = location and
element = sink.toString() and
value = ""
)

3
go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_SEmbedPtrP2_subtypes_true.ql
View File

@@ -17,8 +17,7 @@ module FlowTest implements TestSig {
predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "SEmbedPtrP2[t]" and
exists(DataFlow::Node sink | Flow::flowTo(sink) |
sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
sink.getLocation() = location and
element = sink.toString() and
value = ""
)

3
go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_SEmbedPtrS1_subtypes_true.ql
View File

@@ -17,8 +17,7 @@ module FlowTest implements TestSig {
predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "SEmbedPtrS1[t]" and
exists(DataFlow::Node sink | Flow::flowTo(sink) |
sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
sink.getLocation() = location and
element = sink.toString() and
value = ""
)

3
go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_SEmbedPtrS2_subtypes_true.ql
View File

@@ -17,8 +17,7 @@ module FlowTest implements TestSig {
predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "SEmbedPtrS2[t]" and
exists(DataFlow::Node sink | Flow::flowTo(sink) |
sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
sink.getLocation() = location and
element = sink.toString() and
value = ""
)

3
go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_SEmbedS1_subtypes_true.ql
View File

@@ -17,8 +17,7 @@ module FlowTest implements TestSig {
predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "SEmbedS1[t]" and
exists(DataFlow::Node sink | Flow::flowTo(sink) |
sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
sink.getLocation() = location and
element = sink.toString() and
value = ""
)

3
go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_SEmbedS2_subtypes_true.ql
View File

@@ -17,8 +17,7 @@ module FlowTest implements TestSig {
predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "SEmbedS2[t]" and
exists(DataFlow::Node sink | Flow::flowTo(sink) |
sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
sink.getLocation() = location and
element = sink.toString() and
value = ""
)

3
go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_SImplEmbedI1_subtypes_true.ql
View File

@@ -17,8 +17,7 @@ module FlowTest implements TestSig {
predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "SImplEmbedI1[t]" and
exists(DataFlow::Node sink | Flow::flowTo(sink) |
sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
sink.getLocation() = location and
element = sink.toString() and
value = ""
)

3
go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_SImplEmbedI2_subtypes_true.ql
View File

@@ -17,8 +17,7 @@ module FlowTest implements TestSig {
predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "SImplEmbedI2[t]" and
exists(DataFlow::Node sink | Flow::flowTo(sink) |
sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
sink.getLocation() = location and
element = sink.toString() and
value = ""
)

3
go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_SImplEmbedS1_subtypes_true.ql
View File

@@ -17,8 +17,7 @@ module FlowTest implements TestSig {
predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "SImplEmbedS1[t]" and
exists(DataFlow::Node sink | Flow::flowTo(sink) |
sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
sink.getLocation() = location and
element = sink.toString() and
value = ""
)

3
go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_SImplEmbedS2_subtypes_true.ql
View File

@@ -17,8 +17,7 @@ module FlowTest implements TestSig {
predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "SImplEmbedS2[t]" and
exists(DataFlow::Node sink | Flow::flowTo(sink) |
sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
sink.getLocation() = location and
element = sink.toString() and
value = ""
)

3
go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/ql_I1.ql
View File

@@ -27,8 +27,7 @@ module FlowTest implements TestSig {
predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "ql_I1" and
exists(DataFlow::Node sink | Flow::flowTo(sink) |
sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
sink.getLocation() = location and
element = sink.toString() and
value = ""
)

3
go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/ql_P1.ql
View File

@@ -37,8 +37,7 @@ module FlowTest implements TestSig {
predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "ql_P1" and
exists(DataFlow::Node sink | Flow::flowTo(sink) |
sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
sink.getLocation() = location and
element = sink.toString() and
value = ""
)

3
go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/ql_S1.ql
View File

@@ -37,8 +37,7 @@ module FlowTest implements TestSig {
predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "ql_S1" and
exists(DataFlow::Node sink | Flow::flowTo(sink) |
sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
sink.getLocation() = location and
element = sink.toString() and
value = ""
)

3
go/ql/test/library-tests/semmle/go/dataflow/PromotedMethods/DataFlowConfig.ql
View File

@@ -11,8 +11,7 @@ module PromotedMethodsTest implements TestSig {
predicate hasActualResult(Location location, string element, string tag, string value) {
exists(DataFlow::Node source, DataFlow::Node sink | ValueFlow::flow(source, sink) |
sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
sink.getLocation() = location and
element = sink.toString() and
value = source.getEnclosingCallable().getName() and
tag = "promotedmethods"

3
go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/commandargs/test.ql
View File

@@ -7,8 +7,7 @@ module SourceTest implements TestSig {
predicate hasActualResult(Location location, string element, string tag, string value) {
exists(ActiveThreatModelSource s |
s.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
s.getLocation() = location and
element = s.toString() and
value = "" and
tag = "source"

3
go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/source.ql
View File

@@ -7,8 +7,7 @@ module SourceTest implements TestSig {
predicate hasActualResult(Location location, string element, string tag, string value) {
exists(ActiveThreatModelSource s |
s.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
s.getLocation() = location and
element = s.toString() and
value = "" and
tag = "source"

84
go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_rqlite_gorqlite.go Normal file
View File

@@ -0,0 +1,84 @@
package test
//go:generate depstubber -vendor github.com/rqlite/gorqlite Connection,QueryResult
import (
"context"
"github.com/rqlite/gorqlite"
)
func parameterize(query string) gorqlite.ParameterizedStatement {
return gorqlite.ParameterizedStatement{
Query: query,
Arguments: []interface{}{},
}
}
func test_rqlite_gorqlite(conn *gorqlite.Connection, ctx context.Context, query []string) {
v1, err := conn.Query(query) // $ source
if err != nil {
return
}
sink(v1) // $ hasTaintFlow="v1"
v2, err := conn.QueryContext(ctx, query) // $ source
if err != nil {
return
}
sink(v2) // $ hasTaintFlow="v2"
v3, err := conn.QueryOne(query[0]) // $ source
if err != nil {
return
}
r3, err := v3.Slice()
if err != nil {
return
}
sink(r3) // $ hasTaintFlow="r3"
v4, err := conn.QueryOneContext(ctx, query[0]) // $ source
if err != nil {
return
}
var r41, r42, r43 string
v4.Scan(&r41, &r42, &r43)
v5, err := conn.QueryOneParameterized(parameterize(query[0])) // $ source
if err != nil {
return
}
r5, err := v5.Map()
r5Name := r5["name"]
sink(r5Name) // $ hasTaintFlow="r5Name"
v6, err := conn.QueryOneParameterizedContext(ctx, parameterize(query[0])) // $ source
if err != nil {
return
}
sink(v6) // $ hasTaintFlow="v6"
v7, err := conn.QueryParameterized([]gorqlite.ParameterizedStatement{parameterize(query[0])}) // $ source
if err != nil {
return
}
sink(v7) // $ hasTaintFlow="v7"
v8, err := conn.QueryParameterizedContext(ctx, []gorqlite.ParameterizedStatement{parameterize(query[0])}) // $ source
if err != nil {
return
}
sink(v8) // $ hasTaintFlow="v8"
}

205
go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/rqlite/gorqlite/stub.go generated vendored Normal file
View File

@@ -0,0 +1,205 @@
// Code generated by depstubber. DO NOT EDIT.
// This is a simple stub for github.com/rqlite/gorqlite, strictly for use in testing.
// See the LICENSE file for information about the licensing of the original library.
// Source: github.com/rqlite/gorqlite (exports: Connection,QueryResult; functions: )
// Package gorqlite is a stub of github.com/rqlite/gorqlite, generated by depstubber.
package gorqlite
import (
context "context"
)
type Connection struct {
ID string
}
func (_ *Connection) Close() {}
func (_ *Connection) ConsistencyLevel() (string, error) {
return "", nil
}
func (_ *Connection) Leader() (string, error) {
return "", nil
}
func (_ *Connection) Peers() ([]string, error) {
return nil, nil
}
func (_ *Connection) Query(_ []string) ([]QueryResult, error) {
return nil, nil
}
func (_ *Connection) QueryContext(_ context.Context, _ []string) ([]QueryResult, error) {
return nil, nil
}
func (_ *Connection) QueryOne(_ string) (QueryResult, error) {
return QueryResult{}, nil
}
func (_ *Connection) QueryOneContext(_ context.Context, _ string) (QueryResult, error) {
return QueryResult{}, nil
}
func (_ *Connection) QueryOneParameterized(_ ParameterizedStatement) (QueryResult, error) {
return QueryResult{}, nil
}
func (_ *Connection) QueryOneParameterizedContext(_ context.Context, _ ParameterizedStatement) (QueryResult, error) {
return QueryResult{}, nil
}
func (_ *Connection) QueryParameterized(_ []ParameterizedStatement) ([]QueryResult, error) {
return nil, nil
}
func (_ *Connection) QueryParameterizedContext(_ context.Context, _ []ParameterizedStatement) ([]QueryResult, error) {
return nil, nil
}
func (_ *Connection) Queue(_ []string) (int64, error) {
return 0, nil
}
func (_ *Connection) QueueContext(_ context.Context, _ []string) (int64, error) {
return 0, nil
}
func (_ *Connection) QueueOne(_ string) (int64, error) {
return 0, nil
}
func (_ *Connection) QueueOneContext(_ context.Context, _ string) (int64, error) {
return 0, nil
}
func (_ *Connection) QueueOneParameterized(_ ParameterizedStatement) (int64, error) {
return 0, nil
}
func (_ *Connection) QueueOneParameterizedContext(_ context.Context, _ ParameterizedStatement) (int64, error) {
return 0, nil
}
func (_ *Connection) QueueParameterized(_ []ParameterizedStatement) (int64, error) {
return 0, nil
}
func (_ *Connection) QueueParameterizedContext(_ context.Context, _ []ParameterizedStatement) (int64, error) {
return 0, nil
}
func (_ *Connection) Request(_ []string) ([]RequestResult, error) {
return nil, nil
}
func (_ *Connection) RequestContext(_ context.Context, _ []string) ([]RequestResult, error) {
return nil, nil
}
func (_ *Connection) RequestParameterized(_ []ParameterizedStatement) ([]RequestResult, error) {
return nil, nil
}
func (_ *Connection) RequestParameterizedContext(_ context.Context, _ []ParameterizedStatement) ([]RequestResult, error) {
return nil, nil
}
func (_ *Connection) SetConsistencyLevel(_ interface{}) error {
return nil
}
func (_ *Connection) SetExecutionWithTransaction(_ bool) error {
return nil
}
func (_ *Connection) Write(_ []string) ([]WriteResult, error) {
return nil, nil
}
func (_ *Connection) WriteContext(_ context.Context, _ []string) ([]WriteResult, error) {
return nil, nil
}
func (_ *Connection) WriteOne(_ string) (WriteResult, error) {
return WriteResult{}, nil
}
func (_ *Connection) WriteOneContext(_ context.Context, _ string) (WriteResult, error) {
return WriteResult{}, nil
}
func (_ *Connection) WriteOneParameterized(_ ParameterizedStatement) (WriteResult, error) {
return WriteResult{}, nil
}
func (_ *Connection) WriteOneParameterizedContext(_ context.Context, _ ParameterizedStatement) (WriteResult, error) {
return WriteResult{}, nil
}
func (_ *Connection) WriteParameterized(_ []ParameterizedStatement) ([]WriteResult, error) {
return nil, nil
}
func (_ *Connection) WriteParameterizedContext(_ context.Context, _ []ParameterizedStatement) ([]WriteResult, error) {
return nil, nil
}
type ParameterizedStatement struct {
Query string
Arguments []interface{}
}
type QueryResult struct {
Err error
Timing float64
}
func (_ *QueryResult) Columns() []string {
return nil
}
func (_ *QueryResult) Map() (map[string]interface{}, error) {
return nil, nil
}
func (_ *QueryResult) Next() bool {
return false
}
func (_ *QueryResult) NumRows() int64 {
return 0
}
func (_ *QueryResult) RowNumber() int64 {
return 0
}
func (_ *QueryResult) Scan(_ ...interface{}) error {
return nil
}
func (_ *QueryResult) Slice() ([]interface{}, error) {
return nil, nil
}
func (_ *QueryResult) Types() []string {
return nil
}
type RequestResult struct {
Err error
Query *QueryResult
Write *WriteResult
}
type WriteResult struct {
Err error
Timing float64
RowsAffected int64
LastInsertID int64
}

3
go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/environment/test.ql
View File

@@ -7,8 +7,7 @@ module SourceTest implements TestSig {
predicate hasActualResult(Location location, string element, string tag, string value) {
exists(ActiveThreatModelSource s |
s.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
s.getLocation() = location and
element = s.toString() and
value = "" and
tag = "source"

3
go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/file/test.ql
View File

@@ -7,8 +7,7 @@ module SourceTest implements TestSig {
predicate hasActualResult(Location location, string element, string tag, string value) {
exists(ActiveThreatModelSource s |
s.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
s.getLocation() = location and
element = s.toString() and
value = "" and
tag = "source"

3
go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/stdin/source.ql
View File

@@ -7,8 +7,7 @@ module SourceTest implements TestSig {
predicate hasActualResult(Location location, string element, string tag, string value) {
exists(ActiveThreatModelSource s |
s.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
s.getLocation() = location and
element = s.toString() and
value = "" and
tag = "source"

9
go/ql/test/library-tests/semmle/go/frameworks/Afero/Query.ql
View File

@@ -8,8 +8,7 @@ module FileSystemAccessTest implements TestSig {
predicate hasActualResult(Location location, string element, string tag, string value) {
exists(FileSystemAccess fsa |
fsa.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
fsa.getLocation() = location and
element = fsa.getAPathArgument().toString() and
value = fsa.getAPathArgument().toString() and
tag = "FileSystemAccess"
@@ -18,14 +17,12 @@ module FileSystemAccessTest implements TestSig {
exists(DataFlow::Node succ, DataFlow::Node pred |
any(Afero::AdditionalTaintStep adts).step(pred, succ)
|
succ.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
succ.getLocation() = location and
element = succ.toString() and
value = succ.asExpr().(StructLit).getType().getName() and
tag = "succ"
or
pred.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
pred.getLocation() = location and
element = pred.toString() and
value = pred.toString() and
tag = "pred"

10
go/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/QueryString.ql
View File

@@ -9,8 +9,7 @@ module SqlTest implements TestSig {
predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "query" and
exists(SQL::Query q, SQL::QueryString qs | qs = q.getAQueryString() |
q.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
q.getLocation() = location and
element = q.toString() and
value = qs.toString()
)
@@ -24,8 +23,7 @@ module QueryString implements TestSig {
tag = "querystring" and
element = "" and
exists(SQL::QueryString qs | not exists(SQL::Query q | qs = q.getAQueryString()) |
qs.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
qs.getLocation() = location and
value = qs.toString()
)
}
@@ -48,9 +46,7 @@ module TaintFlow implements TestSig {
tag = "flowfrom" and
element = "" and
exists(DataFlow::Node fromNode, DataFlow::Node toNode |
toNode
.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
toNode.getLocation() = location and
Flow::flow(fromNode, toNode) and
value = fromNode.asExpr().(StringLit).getValue()
)

3
go/ql/test/library-tests/semmle/go/frameworks/CouchbaseV1/test.ql
View File

@@ -12,8 +12,7 @@ module SqlInjectionTest implements TestSig {
exists(DataFlow::Node sink | SqlInjection::Flow::flowTo(sink) |
element = sink.toString() and
value = sink.toString() and
sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn())
sink.getLocation() = location
)
}
}

13
go/ql/test/library-tests/semmle/go/frameworks/ElazarlGoproxy/test.ql
View File

@@ -10,8 +10,7 @@ module RemoteFlowSourceTest implements TestSig {
tag = "remoteflowsource" and
value = element and
exists(RemoteFlowSource src | value = "\"" + src.toString() + "\"" |
src.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn())
src.getLocation() = location
)
}
}
@@ -24,8 +23,7 @@ module HeaderWriteTest implements TestSig {
exists(Http::HeaderWrite hw, string name, string val | element = hw.toString() |
hw.definesHeader(name, val) and
value = name + ":" + val and
hw.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn())
hw.getLocation() = location
)
}
}
@@ -35,8 +33,7 @@ module LoggerTest implements TestSig {
predicate hasActualResult(Location location, string element, string tag, string value) {
exists(LoggerCall log |
log.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
log.getLocation() = location and
element = log.toString() and
value = log.getAMessageComponent().toString() and
tag = "logger"
@@ -64,9 +61,7 @@ module TaintFlow implements TestSig {
value = "" and
element = "" and
exists(DataFlow::Node toNode |
toNode
.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
toNode.getLocation() = location and
Flow::flowTo(toNode)
)
}

3
go/ql/test/library-tests/semmle/go/frameworks/Fasthttp/EscapeFunction.ql
View File

@@ -6,8 +6,7 @@ module FasthttpTest implements TestSig {
predicate hasActualResult(Location location, string element, string tag, string value) {
exists(EscapeFunction ef, DataFlow::CallNode cn | cn = ef.getACall() |
cn.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
cn.getLocation() = location and
element = cn.getArgument(1).toString() and
value = cn.getArgument(1).toString() and
tag = "Sanitizer"

4
go/ql/test/library-tests/semmle/go/frameworks/Fasthttp/FileSystemAccess.ql
View File

@@ -8,9 +8,7 @@ module FasthttpFileSystemAccessTest implements TestSig {
exists(FileSystemAccess fileSystemAccess, DataFlow::Node aPathArgument |
aPathArgument = fileSystemAccess.getAPathArgument()
|
aPathArgument
.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
aPathArgument.getLocation() = location and
element = aPathArgument.toString() and
value = aPathArgument.toString() and
tag = "FileSystemAccess"

3
go/ql/test/library-tests/semmle/go/frameworks/Fasthttp/OpenRedirect.ql
View File

@@ -7,8 +7,7 @@ module FasthttpTest implements TestSig {
predicate hasActualResult(Location location, string element, string tag, string value) {
exists(OpenUrlRedirect::Sink s |
s.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
s.getLocation() = location and
element = s.toString() and
value = s.toString() and
tag = "OpenRedirect"

4
go/ql/test/library-tests/semmle/go/frameworks/Fasthttp/RemoteFlowSources.ql
View File

@@ -6,9 +6,7 @@ module FasthttpTest implements TestSig {
predicate hasActualResult(Location location, string element, string tag, string value) {
exists(RemoteFlowSource source |
source
.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
source.getLocation() = location and
element = source.toString() and
value = "\"" + source.toString() + "\"" and
tag = "RemoteFlowSource"

4
go/ql/test/library-tests/semmle/go/frameworks/Fasthttp/SSRF.ql
View File

@@ -7,9 +7,7 @@ module FasthttpTest implements TestSig {
predicate hasActualResult(Location location, string element, string tag, string value) {
exists(RequestForgery::Sink ssrfSink |
ssrfSink
.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
ssrfSink.getLocation() = location and
element = ssrfSink.toString() and
value = ssrfSink.toString() and
tag = "SsrfSink"

Some files were not shown because too many files have changed in this diff Show More