mirror of
https://github.com/github/codeql.git
synced 2026-04-28 02:05:14 +02:00
Merge remote-tracking branch 'upstream/main' into igfoo/mb
This commit is contained in:
Ian Lynagh
@@ -231,7 +231,7 @@ Accesses
|
||||
+--------------------------------+---------------------+
|
||||
| ``a[i]`` | ArrayAccess_ |
|
||||
+--------------------------------+---------------------+
|
||||
| ``f(...)`` | MethodAccess_ |
|
||||
| ``f(...)`` | MethodCall_ |
|
||||
+--------------------------------+ |
|
||||
| ``e.m(...)`` | |
|
||||
+--------------------------------+---------------------+
|
||||
@@ -374,7 +374,7 @@ Further reading
|
||||
.. _ThisAccess: https://codeql.github.com/codeql-standard-libraries/java/semmle/code/java/Expr.qll/type.Expr$ThisAccess.html
|
||||
.. _SuperAccess: https://codeql.github.com/codeql-standard-libraries/java/semmle/code/java/Expr.qll/type.Expr$SuperAccess.html
|
||||
.. _ArrayAccess: https://codeql.github.com/codeql-standard-libraries/java/semmle/code/java/Expr.qll/type.Expr$ArrayAccess.html
|
||||
.. _MethodAccess: https://codeql.github.com/codeql-standard-libraries/java/semmle/code/java/Expr.qll/type.Expr$MethodAccess.html
|
||||
.. _MethodCall: https://codeql.github.com/codeql-standard-libraries/java/semmle/code/java/Expr.qll/type.Expr$MethodCall.html
|
||||
.. _WildcardTypeAccess: https://codeql.github.com/codeql-standard-libraries/java/semmle/code/java/Expr.qll/type.Expr$WildcardTypeAccess.html
|
||||
.. _FieldAccess: https://codeql.github.com/codeql-standard-libraries/java/semmle/code/java/Expr.qll/type.Expr$FieldAccess.html
|
||||
.. _CastExpr: https://codeql.github.com/codeql-standard-libraries/java/semmle/code/java/Expr.qll/type.Expr$CastExpr.html
|
||||
|
||||
@@ -42,11 +42,11 @@ Running a quick query
|
||||
|
||||
.. code-block:: ql
|
||||
|
||||
from MethodAccess ma
|
||||
from MethodCall mc
|
||||
where
|
||||
ma.getMethod().hasName("equals") and
|
||||
ma.getArgument(0).(StringLiteral).getValue() = ""
|
||||
select ma, "This comparison to empty string is inefficient, use isEmpty() instead."
|
||||
mc.getMethod().hasName("equals") and
|
||||
mc.getArgument(0).(StringLiteral).getValue() = ""
|
||||
select mc, "This comparison to empty string is inefficient, use isEmpty() instead."
|
||||
|
||||
Note that CodeQL treats Java and Kotlin as part of the same language, so even though this query starts with ``import java``, it will work for both Java and Kotlin code.
|
||||
|
||||
@@ -55,7 +55,7 @@ Running a quick query
|
||||
.. image:: ../images/codeql-for-visual-studio-code/basic-java-query-results-1.png
|
||||
:align: center
|
||||
|
||||
If any matching code is found, click a link in the ``ma`` column to view the ``.equals`` expression in the code viewer.
|
||||
If any matching code is found, click a link in the ``mc`` column to view the ``.equals`` expression in the code viewer.
|
||||
|
||||
.. image:: ../images/codeql-for-visual-studio-code/basic-java-query-results-2.png
|
||||
:align: center
|
||||
@@ -72,15 +72,15 @@ After the initial ``import`` statement, this simple query comprises three parts
|
||||
+==================================================================================================+===================================================================================================================+===================================================================================================+
|
||||
| ``import java`` | Imports the standard CodeQL libraries for Java and Kotlin. | Every query begins with one or more ``import`` statements. |
|
||||
+--------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------+
|
||||
| ``from MethodAccess ma`` | Defines the variables for the query. | We use: |
|
||||
| ``from MethodCall mc`` | Defines the variables for the query. | We use: |
|
||||
| | Declarations are of the form: | |
|
||||
| | ``<type> <variable name>`` | - a ``MethodAccess`` variable for call expressions |
|
||||
| | ``<type> <variable name>`` | - a ``MethodCall`` variable for call expressions |
|
||||
+--------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------+
|
||||
| ``where ma.getMethod().hasName("equals") and ma.getArgument(0).(StringLiteral).getValue() = ""`` | Defines a condition on the variables. | ``ma.getMethod().hasName("equals")`` restricts ``ma`` to only calls to methods call ``equals``. |
|
||||
| ``where mc.getMethod().hasName("equals") and mc.getArgument(0).(StringLiteral).getValue() = ""`` | Defines a condition on the variables. | ``mc.getMethod().hasName("equals")`` restricts ``mc`` to only calls to methods call ``equals``. |
|
||||
| | | |
|
||||
| | | ``ma.getArgument(0).(StringLiteral).getValue() = ""`` says the argument must be literal ``""``. |
|
||||
| | | ``mc.getArgument(0).(StringLiteral).getValue() = ""`` says the argument must be literal ``""``. |
|
||||
+--------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------+
|
||||
| ``select ma, "This comparison to empty string is inefficient, use isEmpty() instead."`` | Defines what to report for each match. | Reports the resulting ``.equals`` expression with a string that explains the problem. |
|
||||
| ``select mc, "This comparison to empty string is inefficient, use isEmpty() instead."`` | Defines what to report for each match. | Reports the resulting ``.equals`` expression with a string that explains the problem. |
|
||||
| | | |
|
||||
| | ``select`` statements for queries that are used to find instances of poor coding practice are always in the form: | |
|
||||
| | ``select <program element>, "<alert message>"`` | |
|
||||
@@ -110,16 +110,16 @@ In this case, it is not possible to simply use ``o.isEmpty()`` instead, as ``o``
|
||||
|
||||
.. code-block:: ql
|
||||
|
||||
ma.getQualifier().getType() instanceof TypeString
|
||||
mc.getQualifier().getType() instanceof TypeString
|
||||
|
||||
The ``where`` clause is now:
|
||||
|
||||
.. code-block:: ql
|
||||
|
||||
where
|
||||
ma.getQualifier().getType() instanceof TypeString and
|
||||
ma.getMethod().hasName("equals") and
|
||||
ma.getArgument(0).(StringLiteral).getValue() = ""
|
||||
mc.getQualifier().getType() instanceof TypeString and
|
||||
mc.getMethod().hasName("equals") and
|
||||
mc.getArgument(0).(StringLiteral).getValue() = ""
|
||||
|
||||
#. Re-run the query.
|
||||
|
||||
@@ -141,4 +141,4 @@ Further reading
|
||||
|
||||
.. |image-quick-query| image:: ../images/codeql-for-visual-studio-code/quick-query-tab-java.png
|
||||
|
||||
.. |result-col-1| replace:: The first column corresponds to the expression ``ma`` and is linked to the location in the source code of the project where ``ma`` occurs.
|
||||
.. |result-col-1| replace:: The first column corresponds to the expression ``mc`` and is linked to the location in the source code of the project where ``mc`` occurs.
|
||||
@@ -8,7 +8,7 @@ CodeQL has classes for identifying code that calls other code, and code that can
|
||||
Call graph classes
|
||||
------------------
|
||||
|
||||
The CodeQL library for Java/Kotlin provides two abstract classes for representing a program's call graph: ``Callable`` and ``Call``. The former is simply the common superclass of ``Method`` and ``Constructor``, the latter is a common superclass of ``MethodAccess``, ``ClassInstanceExpression``, ``ThisConstructorInvocationStmt`` and ``SuperConstructorInvocationStmt``. Simply put, a ``Callable`` is something that can be invoked, and a ``Call`` is something that invokes a ``Callable``.
|
||||
The CodeQL library for Java/Kotlin provides two abstract classes for representing a program's call graph: ``Callable`` and ``Call``. The former is simply the common superclass of ``Method`` and ``Constructor``, the latter is a common superclass of ``MethodCall``, ``ClassInstanceExpression``, ``ThisConstructorInvocationStmt`` and ``SuperConstructorInvocationStmt``. Simply put, a ``Callable`` is something that can be invoked, and a ``Call`` is something that invokes a ``Callable``.
|
||||
|
||||
For example, in the following program all callables and calls have been annotated with comments:
|
||||
|
||||
|
||||
@@ -113,7 +113,7 @@ To identify these cases, we can create two CodeQL classes that represent, respec
|
||||
}
|
||||
|
||||
/** class representing calls to java.util.Collection.toArray(T[]) */
|
||||
class CollectionToArrayCall extends MethodAccess {
|
||||
class CollectionToArrayCall extends MethodCall {
|
||||
CollectionToArrayCall() {
|
||||
exists(CollectionToArray m |
|
||||
this.getMethod().getSourceDeclaration().overridesOrInstantiates*(m)
|
||||
@@ -210,7 +210,7 @@ Now we want to identify all calls to ``Collection.contains``, including any meth
|
||||
|
||||
.. code-block:: ql
|
||||
|
||||
class JavaUtilCollectionContainsCall extends MethodAccess {
|
||||
class JavaUtilCollectionContainsCall extends MethodCall {
|
||||
JavaUtilCollectionContainsCall() {
|
||||
exists(JavaUtilCollectionContains jucc |
|
||||
this.getMethod().getSourceDeclaration().overrides*(jucc)
|
||||
@@ -297,7 +297,7 @@ Adding these three improvements, our final query becomes:
|
||||
}
|
||||
}
|
||||
|
||||
class JavaUtilCollectionContainsCall extends MethodAccess {
|
||||
class JavaUtilCollectionContainsCall extends MethodCall {
|
||||
JavaUtilCollectionContainsCall() {
|
||||
exists(JavaUtilCollectionContains jucc |
|
||||
this.getMethod().getSourceDeclaration().overrides*(jucc)
|
||||
|
||||
@@ -133,13 +133,11 @@ A range check is a formula that looks like:
|
||||
|
||||
<expression> in <range>
|
||||
|
||||
You can use a range check formula to check whether a numeric expression is in a given
|
||||
It holds if there is at least one value in ``<expression>`` that is also in the given
|
||||
:ref:`range <ranges>`. For example, ``x in [2.1 .. 10.5]`` holds if the variable ``x`` is
|
||||
between the values ``2.1`` and ``10.5`` (including ``2.1`` and ``10.5`` themselves).
|
||||
|
||||
Note that ``<expression> in <range>`` is equivalent to ``<expression> = <range>``.
|
||||
Both formulas check whether the set of values denoted by ``<expression>`` is the same as the
|
||||
set of values denoted by ``<range>``.
|
||||
|
||||
.. _calls:
|
||||
|
||||
|
||||
@@ -9,12 +9,12 @@
|
||||
Ubuntu 24.04","x86-64"
|
||||
Windows,"Windows 10 / Windows Server 2019
|
||||
|
||||
Windows 11 / Windows Server 2022","x86-64"
|
||||
macOS,"macOS 13 Ventura
|
||||
Windows 11 / Windows Server 2022/2025","x86-64"
|
||||
macOS,"macOS 14 Sonoma
|
||||
|
||||
macOS 14 Sonoma
|
||||
macOS 15 Sequoia
|
||||
|
||||
macOS 15 Sequoia","x86-64, arm64 (Apple Silicon) [1]_"
|
||||
macOS 26 Tahoe","x86-64, arm64 (Apple Silicon) [1]_"
|
||||
|
||||
.. container:: footnote-group
|
||||
|
||||
|
||||
@@ -4,9 +4,9 @@
|
||||
:stub-columns: 1
|
||||
|
||||
Language,Variants,Compilers,Extensions
|
||||
C/C++,"C89, C99, C11, C17, C23, C++98, C++03, C++11, C++14, C++17, C++20, C++23 [1]_ [2]_ [3]_","Clang (including clang-cl [4]_ and armclang) extensions (up to Clang 19.1.0),
|
||||
C/C++,"C89, C99, C11, C17, C23, C++98, C++03, C++11, C++14, C++17, C++20, C++23 [1]_ [2]_ [3]_","Clang (including clang-cl [4]_ and armclang) extensions (up to Clang 21),
|
||||
|
||||
GNU extensions (up to GCC 15.0),
|
||||
GNU extensions (up to GCC 15),
|
||||
|
||||
Microsoft extensions (up to VS 2022),
|
||||
|
||||
@@ -15,13 +15,13 @@
|
||||
|
||||
.NET Core up to 3.1
|
||||
|
||||
.NET 5, .NET 6, .NET 7, .NET 8, .NET 9","``.sln``, ``.csproj``, ``.cs``, ``.cshtml``, ``.xaml``"
|
||||
.NET 5, .NET 6, .NET 7, .NET 8, .NET 9","``.sln``, ``.slnx``, ``.csproj``, ``.cs``, ``.cshtml``, ``.xaml``"
|
||||
GitHub Actions,"Not applicable",Not applicable,"``.github/workflows/*.yml``, ``.github/workflows/*.yaml``, ``**/action.yml``, ``**/action.yaml``"
|
||||
Go (aka Golang), "Go up to 1.25", "Go 1.11 or more recent", ``.go``
|
||||
Java,"Java 7 to 25 [6]_","javac (OpenJDK and Oracle JDK),
|
||||
|
||||
Eclipse compiler for Java (ECJ) [7]_",``.java``
|
||||
Kotlin,"Kotlin 1.6.0 to 2.2.2\ *x*","kotlinc",``.kt``
|
||||
Kotlin,"Kotlin 1.6.0 [15]_ to 2.2.2\ *x*","kotlinc",``.kt``
|
||||
JavaScript,ECMAScript 2022 or lower,Not applicable,"``.js``, ``.jsx``, ``.mjs``, ``.es``, ``.es6``, ``.htm``, ``.html``, ``.xhtm``, ``.xhtml``, ``.vue``, ``.hbs``, ``.ejs``, ``.njk``, ``.json``, ``.yaml``, ``.yml``, ``.raml``, ``.xml`` [8]_"
|
||||
Python [9]_,"2.7, 3.5, 3.6, 3.7, 3.8, 3.9, 3.10, 3.11, 3.12, 3.13",Not applicable,``.py``
|
||||
Ruby [10]_,"up to 3.3",Not applicable,"``.rb``, ``.erb``, ``.gemspec``, ``Gemfile``"
|
||||
@@ -45,3 +45,4 @@
|
||||
.. [12] Support for the analysis of Swift requires macOS.
|
||||
.. [13] Embedded Swift is not supported.
|
||||
.. [14] TypeScript analysis is performed by running the JavaScript extractor with TypeScript enabled. This is the default.
|
||||
.. [15] Support for Kotlin versions 1.6 and 1.7 is deprecated and will be removed in release 2.24.1.
|
||||
|
||||
Reference in New Issue
Block a user