From 23e3062c3b39f7ce4729afbc4e954041ddf7790f Mon Sep 17 00:00:00 2001 From: Erik Krogh Kristensen Date: Tue, 22 Jun 2021 12:07:47 +0000 Subject: [PATCH 1/8] add `toUnicode` as a build-in --- ql/src/codeql_ql/ast/internal/Builtins.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ql/src/codeql_ql/ast/internal/Builtins.qll b/ql/src/codeql_ql/ast/internal/Builtins.qll index 1f9638ed63c..d276acba5df 100644 --- a/ql/src/codeql_ql/ast/internal/Builtins.qll +++ b/ql/src/codeql_ql/ast/internal/Builtins.qll @@ -42,7 +42,7 @@ predicate isBuiltinMember(string sig) { "string string.toLowerCase()", "string string.toUpperCase()", "string string.trim()", "int date.daysTo(date)", "int date.getDay()", "int date.getHours()", "int date.getMinutes()", "int date.getMonth()", "int date.getSeconds()", "int date.getYear()", - "string date.toString()", "string date.toISO()" + "string date.toString()", "string date.toISO()", "string int.toUnicode()" ] } From f71881ef78bd14de59a8ac8fb01361cafd5e7813 Mon Sep 17 00:00:00 2001 From: Anders Schack-Mulligen Date: Wed, 13 Oct 2021 08:28:27 +0000 Subject: [PATCH 2/8] Add work folder to gitignore. --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 656da73bace..489f83d969e 100644 --- a/.gitignore +++ b/.gitignore @@ -5,3 +5,4 @@ extractor-pack ql/test/**/*.testproj ql/test/**/*.actual ql/test/**/CONSISTENCY +work From d99d02994a17f17de5aef11575bc206fa51af859 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 13 Oct 2021 10:09:08 +0100 Subject: [PATCH 3/8] Update README.md I needed the rust-analyzer extension to get anywhere in VSCode. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 13516cdafb1..4d5dc441da1 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ Under development. ## Building the tools from source -[Install Rust](https://www.rust-lang.org/tools/install), then run: +[Install Rust](https://www.rust-lang.org/tools/install) (if using VSCode, you may also want the `rust-analyzer` extension), then run: ```bash cargo build --release From 7bd0bf990883c5a371de82d003c0b373dcff9363 Mon Sep 17 00:00:00 2001 From: Anders Schack-Mulligen Date: Wed, 13 Oct 2021 09:47:10 +0000 Subject: [PATCH 4/8] Add missing extends Formula --- ql/src/codeql_ql/ast/Ast.qll | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ql/src/codeql_ql/ast/Ast.qll b/ql/src/codeql_ql/ast/Ast.qll index 4d8da8d8ee5..ad75d29dd59 100644 --- a/ql/src/codeql_ql/ast/Ast.qll +++ b/ql/src/codeql_ql/ast/Ast.qll @@ -771,7 +771,7 @@ class NewTypeBranch extends TNewTypeBranch, TypeDeclaration { * or a member call `foo.bar()`, * or a special call to `none()` or `any()`. */ -class Call extends TCall, Expr { +class Call extends TCall, Expr, Formula { /** Gets the `i`th argument of this call. */ Expr getArgument(int i) { none() // overriden in sublcasses. @@ -1014,7 +1014,7 @@ class Conjunction extends TConjunction, AstNode, Formula { } /** An `or` formula, with 2 or more operands. */ -class Disjunction extends TDisjunction, AstNode { +class Disjunction extends TDisjunction, AstNode, Formula { Generated::Disjunction disj; Disjunction() { this = TDisjunction(disj) } From 825c1c440720359752fd0ad069411f76c06ae2d7 Mon Sep 17 00:00:00 2001 From: Erik Krogh Kristensen Date: Wed, 13 Oct 2021 11:53:52 +0200 Subject: [PATCH 5/8] disable windows CI --- .github/workflows/build.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index f0037bdbbe5..fe1cb88e5f9 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -14,7 +14,8 @@ jobs: strategy: fail-fast: false matrix: - os: [ubuntu-latest, macos-latest, windows-latest] + os: [ubuntu-latest, macos-latest] + #os: [ubuntu-latest, macos-latest, windows-latest] runs-on: ${{ matrix.os }} From 256af31b38db86de7ea868f51dd776ec3c8b5668 Mon Sep 17 00:00:00 2001 From: Erik Krogh Kristensen Date: Wed, 13 Oct 2021 12:05:17 +0200 Subject: [PATCH 6/8] disable windows part 2 --- .github/workflows/build.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index fe1cb88e5f9..f93fe6aa520 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -74,10 +74,10 @@ jobs: with: name: extractor-ubuntu-latest path: linux64 - - uses: actions/download-artifact@v2 - with: - name: extractor-windows-latest - path: win64 +# - uses: actions/download-artifact@v2 +# with: +# name: extractor-windows-latest +# path: win64 - uses: actions/download-artifact@v2 with: name: extractor-macos-latest From 754bf84abecce301ff6d1644c4305359d9585097 Mon Sep 17 00:00:00 2001 From: Philip Ginsbach Date: Wed, 13 Oct 2021 11:03:15 +0100 Subject: [PATCH 7/8] suggest replacing 'this instanceof ...' in constructor with non-extending subtypes --- .../style/suggestInstanceofExtension.ql | 47 +++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 ql/src/queries/style/suggestInstanceofExtension.ql diff --git a/ql/src/queries/style/suggestInstanceofExtension.ql b/ql/src/queries/style/suggestInstanceofExtension.ql new file mode 100644 index 00000000000..465a0b2083b --- /dev/null +++ b/ql/src/queries/style/suggestInstanceofExtension.ql @@ -0,0 +1,47 @@ +/** + * @name Suggest using non-extending subtype relationships. + * @description Non-extending subtypes ("instanceof extensions") are generally preferrable to instanceof expressions in characteristic predicates. + * @kind problem + * @problem.severity warning + * @id ql/suggest-instanceof-extension + * @tags maintainability + * @precision medium + */ + +import ql + +InstanceOf instanceofInCharPred(Class c) { + result = c.getCharPred().getBody() + or + exists(Conjunction conj | + conj = c.getCharPred().getBody() and + result = conj.getAnOperand() + ) +} + +predicate instanceofThisInCharPred(Class c, TypeExpr type) { + exists(InstanceOf instanceOf | + instanceOf = instanceofInCharPred(c) and + instanceOf.getExpr() instanceof ThisAccess and + type = instanceOf.getType() + ) +} + +predicate classWithInstanceofThis(Class c, TypeExpr type) { + instanceofThisInCharPred(c, type) and + exists(ClassPredicate classPred | + classPred = c.getAClassPredicate() and + exists(MemberCall call, InlineCast cast | + call.getEnclosingPredicate() = classPred and + cast = call.getBase() and + cast.getBase() instanceof ThisAccess and + cast.getTypeExpr().getResolvedType() = type.getResolvedType() + ) + ) +} + +from Class c, TypeExpr type, string message +where + classWithInstanceofThis(c, type) and + message = "consider defining $@ as non-extending subtype of $@" +select c, message, c, c.getName(), type, type.getResolvedType().getName() From 79c51625a8998734a87a8fdf18bc329e03fa1d21 Mon Sep 17 00:00:00 2001 From: Erik Krogh Kristensen Date: Wed, 13 Oct 2021 12:10:02 +0200 Subject: [PATCH 8/8] disable windows part 3 --- .github/workflows/build.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index f93fe6aa520..d4759f095fe 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -85,10 +85,9 @@ jobs: - run: | mkdir -p ql cp -r codeql-extractor.yml tools ql/src/ql.dbscheme.stats ql/ - mkdir -p ql/tools/{linux64,osx64,win64} + mkdir -p ql/tools/{linux64,osx64} cp linux64/ql-extractor ql/tools/linux64/extractor cp osx64/ql-extractor ql/tools/osx64/extractor - cp win64/ql-extractor.exe ql/tools/win64/extractor.exe chmod +x ql/tools/{linux64,osx64}/extractor zip -rq codeql-ql.zip ql - uses: actions/upload-artifact@v2