Merge remote-tracking branch 'upstream/main' into pointermodels

cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll

@@ -6,6 +6,7 @@ private import semmle.code.cpp.ir.internal.IRCppLanguage
 private import SsaInternals as Ssa
 private import DataFlowImplCommon as DataFlowImplCommon
 private import codeql.util.Unit
+private import Node0ToString
 
 cached
 private module Cached {
@@ -138,11 +139,7 @@ abstract class InstructionNode0 extends Node0Impl {
 
   override DataFlowType getType() { result = getInstructionType(instr, _) }
 
-  override string toStringImpl() {
-    if instr.(InitializeParameterInstruction).getIRVariable() instanceof IRThisVariable
-    then result = "this"
-    else result = instr.getAst().toString()
-  }
+  override string toStringImpl() { result = instructionToString(instr) }
 
   override Location getLocationImpl() {
     if exists(instr.getAst().getLocation())
@@ -187,11 +184,7 @@ abstract class OperandNode0 extends Node0Impl {
 
   override DataFlowType getType() { result = getOperandType(op, _) }
 
-  override string toStringImpl() {
-    if op.getDef().(InitializeParameterInstruction).getIRVariable() instanceof IRThisVariable
-    then result = "this"
-    else result = op.getDef().getAst().toString()
-  }
+  override string toStringImpl() { result = operandToString(op) }
 
   override Location getLocationImpl() {
     if exists(op.getDef().getAst().getLocation())

cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll

@@ -15,6 +15,7 @@ private import ModelUtil
 private import SsaInternals as Ssa
 private import DataFlowImplCommon as DataFlowImplCommon
 private import codeql.util.Unit
+private import Node0ToString
 
 /**
  * The IR dataflow graph consists of the following nodes:
@@ -486,10 +487,13 @@ class Node extends TIRDataFlowNode {
 }
 
 private string toExprString(Node n) {
-  result = n.asExpr(0).toString()
-  or
-  not exists(n.asExpr()) and
-  result = n.asIndirectExpr(0, 1).toString() + " indirection"
+  not isDebugMode() and
+  (
+    result = n.asExpr(0).toString()
+    or
+    not exists(n.asExpr()) and
+    result = n.asIndirectExpr(0, 1).toString() + " indirection"
+  )
 }
 
 /**

cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DebugPrinting.qll

@@ -0,0 +1,9 @@
+/**
+ * This file activates debugging mode for dataflow node printing.
+ */
+
+private import Node0ToString
+
+private class DebugNode0ToString extends Node0ToString {
+  final override predicate isDebugMode() { any() }
+}

cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/Node0ToString.qll

@@ -0,0 +1,75 @@
+/**
+ * This file contains the abstract class that serves as the base class for
+ * dataflow node printing.
+ *
+ * By default, a non-debug string is produced. However, a debug-friendly
+ * string can be produced by importing `DebugPrinting.qll`.
+ */
+
+private import semmle.code.cpp.ir.IR
+private import codeql.util.Unit
+
+/**
+ * A class to control whether a debugging version of instructions and operands
+ * should be printed as part of the `toString` output of dataflow nodes.
+ *
+ * To enable debug printing import the `DebugPrinting.ql` file. By default,
+ * non-debug output will be used.
+ */
+class Node0ToString extends Unit {
+  abstract predicate isDebugMode();
+
+  private string normalInstructionToString(Instruction i) {
+    not this.isDebugMode() and
+    if i.(InitializeParameterInstruction).getIRVariable() instanceof IRThisVariable
+    then result = "this"
+    else result = i.getAst().toString()
+  }
+
+  private string normalOperandToString(Operand op) {
+    not this.isDebugMode() and
+    if op.getDef().(InitializeParameterInstruction).getIRVariable() instanceof IRThisVariable
+    then result = "this"
+    else result = op.getDef().getAst().toString()
+  }
+
+  /**
+   * Gets the string that should be used by `InstructionNode.toString`
+   */
+  string instructionToString(Instruction i) {
+    if this.isDebugMode()
+    then result = i.getDumpString()
+    else result = this.normalInstructionToString(i)
+  }
+
+  /**
+   * Gets the string that should be used by `OperandNode.toString`.
+   */
+  string operandToString(Operand op) {
+    if this.isDebugMode()
+    then result = op.getDumpString() + " @ " + op.getUse().getResultId()
+    else result = this.normalOperandToString(op)
+  }
+}
+
+private class NoDebugNode0ToString extends Node0ToString {
+  final override predicate isDebugMode() { none() }
+}
+
+/**
+ * Gets the string that should be used by `OperandNode.toString`.
+ */
+string operandToString(Operand op) { result = any(Node0ToString nts).operandToString(op) }
+
+/**
+ * Gets the string that should be used by `InstructionNode.toString`
+ */
+string instructionToString(Instruction i) { result = any(Node0ToString nts).instructionToString(i) }
+
+/**
+ * Holds if debugging mode is enabled.
+ *
+ * In debug mode the `toString` on dataflow nodes is more expensive to compute,
+ * but gives more precise information about the different dataflow nodes.
+ */
+predicate isDebugMode() { any(Node0ToString nts).isDebugMode() }

csharp/ql/lib/change-notes/2023-06-22-aws-lambda-models.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Additional support for `Amazon.Lambda` SDK

csharp/ql/lib/ext/Amazon.Lambda.model.yml

@@ -0,0 +1,31 @@
+extensions:
+  - addsTo:
+      pack: codeql/csharp-all
+      extensible: sourceModel
+    data:
+      - ["Amazon.Lambda.APIGatewayEvents","APIGatewayHttpApiV2ProxyRequest",true,"get_Headers","()","","ReturnValue","remote","manual"]
+      - ["Amazon.Lambda.APIGatewayEvents","APIGatewayHttpApiV2ProxyRequest",true,"get_Body","()","","ReturnValue","remote","manual"]
+      - ["Amazon.Lambda.APIGatewayEvents","APIGatewayHttpApiV2ProxyRequest",true,"get_RawPath","()","","ReturnValue","remote","manual"]
+      - ["Amazon.Lambda.APIGatewayEvents","APIGatewayHttpApiV2ProxyRequest",true,"get_RawQueryString","()","","ReturnValue","remote","manual"]
+      - ["Amazon.Lambda.APIGatewayEvents","APIGatewayHttpApiV2ProxyRequest",true,"get_Cookies","()","","ReturnValue","remote","manual"]
+      - ["Amazon.Lambda.APIGatewayEvents","APIGatewayHttpApiV2ProxyRequest",true,"get_PathParameters","()","","ReturnValue","remote","manual"]
+
+  - addsTo:
+      pack: codeql/csharp-all
+      extensible: sinkModel
+    data:
+      - ["Amazon.Lambda.Core","ILambdaLogger",true,"Log","(System.String)","","Argument[0]","log-injection","manual"]
+      - ["Amazon.Lambda.Core","ILambdaLogger",true,"LogLine","(System.String)","","Argument[0]","log-injection","manual"]
+      - ["Amazon.Lambda.Core","ILambdaLogger",true,"LogTrace","(System.String)","","Argument[0]","log-injection","manual"]
+      - ["Amazon.Lambda.Core","ILambdaLogger",true,"LogDebug","(System.String)","","Argument[0]","log-injection","manual"]
+      - ["Amazon.Lambda.Core","ILambdaLogger",true,"LogInformation","(System.String)","","Argument[0]","log-injection","manual"]
+      - ["Amazon.Lambda.Core","ILambdaLogger",true,"LogWarning","(System.String)","","Argument[0]","log-injection","manual"]
+      - ["Amazon.Lambda.Core","ILambdaLogger",true,"LogError","(System.String)","","Argument[0]","log-injection","manual"]
+      - ["Amazon.Lambda.Core","ILambdaLogger",true,"LogCritical","(System.String)","","Argument[0]","log-injection","manual"]
+      - ["Amazon.Lambda.Core","ILambdaLogger",true,"Log","(System.String,System.String)","","Argument[1]","log-injection","manual"]
+      - ["Amazon.Lambda.Core","ILambdaLogger",true,"Log","(Amazon.Lambda.Core.LogLevel,System.String)","","Argument[1]","log-injection","manual"]
+
+  - addsTo:
+      pack: codeql/csharp-all
+      extensible: summaryModel
+    data: []

csharp/ql/test/library-tests/frameworks/Aws/lambda.cs

@@ -0,0 +1,42 @@
+using System.Net;
+using System.Collections.Generic;
+
+using Amazon.Lambda.Core;
+using Amazon.Lambda.APIGatewayEvents;
+
+
+namespace LambdaTests {
+    public class Functions {
+        public APIGatewayProxyResponse Get(APIGatewayHttpApiV2ProxyRequest request, ILambdaContext context) {
+            string body = request.Body;  // source
+            string cookie = request.Cookies[0];  // source
+
+            string rawpath = request.RawPath;  // source
+            string rawquery = request.RawQueryString;  // source
+            request.PathParameters.TryGetValue("x", out var pathparameter);  // source
+
+            string header = request.Headers["test"];  // source
+            request.Headers.TryGetValue("test", out var header2);  // source
+
+
+            return new APIGatewayProxyResponse {
+                StatusCode = 200
+            };
+        }
+
+        public void Logging(ILambdaContext context, string data)
+        {
+            // logging
+            context.Logger.Log($"Log Data :: {data}");
+            context.Logger.LogLine($"Log Data :: {data}");
+            context.Logger.Log("Information", $"Log Data :: {data}");
+            context.Logger.Log(LogLevel.Information, $"Log Data :: {data}");
+            context.Logger.LogTrace($"Log Data :: {data}");
+            context.Logger.LogDebug($"Log Data :: {data}");
+            context.Logger.LogInformation($"Log Data :: {data}");
+            context.Logger.LogWarning($"Log Data :: {data}");
+            context.Logger.LogError($"Log Data :: {data}");
+            context.Logger.LogCritical($"Log Data :: {data}");
+        }
+    }
+}

csharp/ql/test/library-tests/frameworks/Aws/lambda.expected

@@ -0,0 +1,19 @@
+awsRemoteSources
+| lambda.cs:11:27:11:38 | access to property Body |
+| lambda.cs:12:29:12:43 | access to property Cookies |
+| lambda.cs:14:30:14:44 | access to property RawPath |
+| lambda.cs:15:31:15:52 | access to property RawQueryString |
+| lambda.cs:16:13:16:34 | access to property PathParameters |
+| lambda.cs:18:29:18:43 | access to property Headers |
+| lambda.cs:19:13:19:27 | access to property Headers |
+awsLoggingSinks
+| lambda.cs:30:32:30:52 | $"..." |
+| lambda.cs:31:36:31:56 | $"..." |
+| lambda.cs:32:47:32:67 | $"..." |
+| lambda.cs:33:54:33:74 | $"..." |
+| lambda.cs:34:37:34:57 | $"..." |
+| lambda.cs:35:37:35:57 | $"..." |
+| lambda.cs:36:43:36:63 | $"..." |
+| lambda.cs:37:39:37:59 | $"..." |
+| lambda.cs:38:37:38:57 | $"..." |
+| lambda.cs:39:40:39:60 | $"..." |

csharp/ql/test/library-tests/frameworks/Aws/lambda.ql

@@ -0,0 +1,6 @@
+import csharp
+import semmle.code.csharp.dataflow.internal.ExternalFlow
+
+query predicate awsRemoteSources(DataFlow::ExprNode node) { sourceNode(node, "remote") }
+
+query predicate awsLoggingSinks(DataFlow::ExprNode node) { sinkNode(node, "log-injection") }

csharp/ql/test/library-tests/frameworks/Aws/options

@@ -0,0 +1,3 @@
+semmle-extractor-options: /nostdlib /noconfig
+semmle-extractor-options: --load-sources-from-project:${testdir}/../../../resources/stubs/Amazon.Lambda.Core/2.2.0/Amazon.Lambda.Core.csproj
+semmle-extractor-options: --load-sources-from-project:${testdir}/../../../resources/stubs/Amazon.Lambda.APIGatewayEvents/2.7.0/Amazon.Lambda.APIGatewayEvents.csproj

csharp/ql/test/resources/stubs/Amazon.Lambda.APIGatewayEvents/2.7.0/Amazon.Lambda.APIGatewayEvents.cs

@@ -0,0 +1,282 @@
+// This file contains auto-generated code.
+// Generated from `Amazon.Lambda.APIGatewayEvents, Version=1.0.0.0, Culture=neutral, PublicKeyToken=885c28607f98e604`.
+namespace Amazon
+{
+    namespace Lambda
+    {
+        namespace APIGatewayEvents
+        {
+            public class APIGatewayCustomAuthorizerContext : System.Collections.Generic.Dictionary<string, object>
+            {
+                public bool? BoolKey { get => throw null; set { } }
+                public System.Collections.Generic.Dictionary<string, string> Claims { get => throw null; set { } }
+                public APIGatewayCustomAuthorizerContext() => throw null;
+                public int? NumKey { get => throw null; set { } }
+                public string PrincipalId { get => throw null; set { } }
+                public string StringKey { get => throw null; set { } }
+            }
+            public class APIGatewayCustomAuthorizerContextOutput : System.Collections.Generic.Dictionary<string, object>
+            {
+                public bool? BoolKey { get => throw null; set { } }
+                public APIGatewayCustomAuthorizerContextOutput() => throw null;
+                public int? NumKey { get => throw null; set { } }
+                public string StringKey { get => throw null; set { } }
+            }
+            public class APIGatewayCustomAuthorizerPolicy
+            {
+                public APIGatewayCustomAuthorizerPolicy() => throw null;
+                public class IAMPolicyStatement
+                {
+                    public System.Collections.Generic.HashSet<string> Action { get => throw null; set { } }
+                    public IAMPolicyStatement() => throw null;
+                    public string Effect { get => throw null; set { } }
+                    public System.Collections.Generic.HashSet<string> Resource { get => throw null; set { } }
+                }
+                public System.Collections.Generic.List<Amazon.Lambda.APIGatewayEvents.APIGatewayCustomAuthorizerPolicy.IAMPolicyStatement> Statement { get => throw null; set { } }
+                public string Version { get => throw null; set { } }
+            }
+            public class APIGatewayCustomAuthorizerRequest
+            {
+                public string AuthorizationToken { get => throw null; set { } }
+                public APIGatewayCustomAuthorizerRequest() => throw null;
+                public System.Collections.Generic.IDictionary<string, string> Headers { get => throw null; set { } }
+                public string HttpMethod { get => throw null; set { } }
+                public string MethodArn { get => throw null; set { } }
+                public string Path { get => throw null; set { } }
+                public System.Collections.Generic.IDictionary<string, string> PathParameters { get => throw null; set { } }
+                public System.Collections.Generic.IDictionary<string, string> QueryStringParameters { get => throw null; set { } }
+                public Amazon.Lambda.APIGatewayEvents.APIGatewayProxyRequest.ProxyRequestContext RequestContext { get => throw null; set { } }
+                public System.Collections.Generic.IDictionary<string, string> StageVariables { get => throw null; set { } }
+                public string Type { get => throw null; set { } }
+            }
+            public class APIGatewayCustomAuthorizerResponse
+            {
+                public Amazon.Lambda.APIGatewayEvents.APIGatewayCustomAuthorizerContextOutput Context { get => throw null; set { } }
+                public APIGatewayCustomAuthorizerResponse() => throw null;
+                public Amazon.Lambda.APIGatewayEvents.APIGatewayCustomAuthorizerPolicy PolicyDocument { get => throw null; set { } }
+                public string PrincipalID { get => throw null; set { } }
+                public string UsageIdentifierKey { get => throw null; set { } }
+            }
+            public class APIGatewayCustomAuthorizerV2IamResponse
+            {
+                public System.Collections.Generic.Dictionary<string, object> Context { get => throw null; set { } }
+                public APIGatewayCustomAuthorizerV2IamResponse() => throw null;
+                public Amazon.Lambda.APIGatewayEvents.APIGatewayCustomAuthorizerPolicy PolicyDocument { get => throw null; set { } }
+                public string PrincipalID { get => throw null; set { } }
+            }
+            public class APIGatewayCustomAuthorizerV2Request
+            {
+                public System.Collections.Generic.List<string> Cookies { get => throw null; set { } }
+                public APIGatewayCustomAuthorizerV2Request() => throw null;
+                public System.Collections.Generic.Dictionary<string, string> Headers { get => throw null; set { } }
+                public System.Collections.Generic.List<string> IdentitySource { get => throw null; set { } }
+                public System.Collections.Generic.Dictionary<string, string> PathParameters { get => throw null; set { } }
+                public System.Collections.Generic.Dictionary<string, string> QueryStringParameters { get => throw null; set { } }
+                public string RawPath { get => throw null; set { } }
+                public string RawQueryString { get => throw null; set { } }
+                public Amazon.Lambda.APIGatewayEvents.APIGatewayHttpApiV2ProxyRequest.ProxyRequestContext RequestContext { get => throw null; set { } }
+                public string RouteArn { get => throw null; set { } }
+                public string RouteKey { get => throw null; set { } }
+                public System.Collections.Generic.Dictionary<string, string> StageVariables { get => throw null; set { } }
+                public string Type { get => throw null; set { } }
+            }
+            public class APIGatewayCustomAuthorizerV2SimpleResponse
+            {
+                public System.Collections.Generic.Dictionary<string, object> Context { get => throw null; set { } }
+                public APIGatewayCustomAuthorizerV2SimpleResponse() => throw null;
+                public bool IsAuthorized { get => throw null; set { } }
+            }
+            public class APIGatewayHttpApiV2ProxyRequest
+            {
+                public class AuthorizerDescription
+                {
+                    public class CognitoIdentityDescription
+                    {
+                        public System.Collections.Generic.IList<string> AMR { get => throw null; set { } }
+                        public CognitoIdentityDescription() => throw null;
+                        public string IdentityId { get => throw null; set { } }
+                        public string IdentityPoolId { get => throw null; set { } }
+                    }
+                    public AuthorizerDescription() => throw null;
+                    public Amazon.Lambda.APIGatewayEvents.APIGatewayHttpApiV2ProxyRequest.AuthorizerDescription.IAMDescription IAM { get => throw null; set { } }
+                    public class IAMDescription
+                    {
+                        public string AccessKey { get => throw null; set { } }
+                        public string AccountId { get => throw null; set { } }
+                        public string CallerId { get => throw null; set { } }
+                        public Amazon.Lambda.APIGatewayEvents.APIGatewayHttpApiV2ProxyRequest.AuthorizerDescription.CognitoIdentityDescription CognitoIdentity { get => throw null; set { } }
+                        public IAMDescription() => throw null;
+                        public string PrincipalOrgId { get => throw null; set { } }
+                        public string UserARN { get => throw null; set { } }
+                        public string UserId { get => throw null; set { } }
+                    }
+                    public Amazon.Lambda.APIGatewayEvents.APIGatewayHttpApiV2ProxyRequest.AuthorizerDescription.JwtDescription Jwt { get => throw null; set { } }
+                    public class JwtDescription
+                    {
+                        public System.Collections.Generic.IDictionary<string, string> Claims { get => throw null; set { } }
+                        public JwtDescription() => throw null;
+                        public string[] Scopes { get => throw null; set { } }
+                    }
+                    public System.Collections.Generic.IDictionary<string, object> Lambda { get => throw null; set { } }
+                }
+                public string Body { get => throw null; set { } }
+                public class ClientCertValidity
+                {
+                    public ClientCertValidity() => throw null;
+                    public string NotAfter { get => throw null; set { } }
+                    public string NotBefore { get => throw null; set { } }
+                }
+                public string[] Cookies { get => throw null; set { } }
+                public APIGatewayHttpApiV2ProxyRequest() => throw null;
+                public System.Collections.Generic.IDictionary<string, string> Headers { get => throw null; set { } }
+                public class HttpDescription
+                {
+                    public HttpDescription() => throw null;
+                    public string Method { get => throw null; set { } }
+                    public string Path { get => throw null; set { } }
+                    public string Protocol { get => throw null; set { } }
+                    public string SourceIp { get => throw null; set { } }
+                    public string UserAgent { get => throw null; set { } }
+                }
+                public bool IsBase64Encoded { get => throw null; set { } }
+                public System.Collections.Generic.IDictionary<string, string> PathParameters { get => throw null; set { } }
+                public class ProxyRequestAuthentication
+                {
+                    public Amazon.Lambda.APIGatewayEvents.APIGatewayHttpApiV2ProxyRequest.ProxyRequestClientCert ClientCert { get => throw null; set { } }
+                    public ProxyRequestAuthentication() => throw null;
+                }
+                public class ProxyRequestClientCert
+                {
+                    public string ClientCertPem { get => throw null; set { } }
+                    public ProxyRequestClientCert() => throw null;
+                    public string IssuerDN { get => throw null; set { } }
+                    public string SerialNumber { get => throw null; set { } }
+                    public string SubjectDN { get => throw null; set { } }
+                    public Amazon.Lambda.APIGatewayEvents.APIGatewayHttpApiV2ProxyRequest.ClientCertValidity Validity { get => throw null; set { } }
+                }
+                public class ProxyRequestContext
+                {
+                    public string AccountId { get => throw null; set { } }
+                    public string ApiId { get => throw null; set { } }
+                    public Amazon.Lambda.APIGatewayEvents.APIGatewayHttpApiV2ProxyRequest.ProxyRequestAuthentication Authentication { get => throw null; set { } }
+                    public Amazon.Lambda.APIGatewayEvents.APIGatewayHttpApiV2ProxyRequest.AuthorizerDescription Authorizer { get => throw null; set { } }
+                    public ProxyRequestContext() => throw null;
+                    public string DomainName { get => throw null; set { } }
+                    public string DomainPrefix { get => throw null; set { } }
+                    public Amazon.Lambda.APIGatewayEvents.APIGatewayHttpApiV2ProxyRequest.HttpDescription Http { get => throw null; set { } }
+                    public string RequestId { get => throw null; set { } }
+                    public string RouteId { get => throw null; set { } }
+                    public string RouteKey { get => throw null; set { } }
+                    public string Stage { get => throw null; set { } }
+                    public string Time { get => throw null; set { } }
+                    public long TimeEpoch { get => throw null; set { } }
+                }
+                public System.Collections.Generic.IDictionary<string, string> QueryStringParameters { get => throw null; set { } }
+                public string RawPath { get => throw null; set { } }
+                public string RawQueryString { get => throw null; set { } }
+                public Amazon.Lambda.APIGatewayEvents.APIGatewayHttpApiV2ProxyRequest.ProxyRequestContext RequestContext { get => throw null; set { } }
+                public string RouteKey { get => throw null; set { } }
+                public System.Collections.Generic.IDictionary<string, string> StageVariables { get => throw null; set { } }
+                public string Version { get => throw null; set { } }
+            }
+            public class APIGatewayHttpApiV2ProxyResponse
+            {
+                public string Body { get => throw null; set { } }
+                public string[] Cookies { get => throw null; set { } }
+                public APIGatewayHttpApiV2ProxyResponse() => throw null;
+                public System.Collections.Generic.IDictionary<string, string> Headers { get => throw null; set { } }
+                public bool IsBase64Encoded { get => throw null; set { } }
+                public void SetHeaderValues(string headerName, string value, bool append) => throw null;
+                public void SetHeaderValues(string headerName, System.Collections.Generic.IEnumerable<string> values, bool append) => throw null;
+                public int StatusCode { get => throw null; set { } }
+            }
+            public class APIGatewayProxyRequest
+            {
+                public string Body { get => throw null; set { } }
+                public class ClientCertValidity
+                {
+                    public ClientCertValidity() => throw null;
+                    public string NotAfter { get => throw null; set { } }
+                    public string NotBefore { get => throw null; set { } }
+                }
+                public APIGatewayProxyRequest() => throw null;
+                public System.Collections.Generic.IDictionary<string, string> Headers { get => throw null; set { } }
+                public string HttpMethod { get => throw null; set { } }
+                public bool IsBase64Encoded { get => throw null; set { } }
+                public System.Collections.Generic.IDictionary<string, System.Collections.Generic.IList<string>> MultiValueHeaders { get => throw null; set { } }
+                public System.Collections.Generic.IDictionary<string, System.Collections.Generic.IList<string>> MultiValueQueryStringParameters { get => throw null; set { } }
+                public string Path { get => throw null; set { } }
+                public System.Collections.Generic.IDictionary<string, string> PathParameters { get => throw null; set { } }
+                public class ProxyRequestClientCert
+                {
+                    public string ClientCertPem { get => throw null; set { } }
+                    public ProxyRequestClientCert() => throw null;
+                    public string IssuerDN { get => throw null; set { } }
+                    public string SerialNumber { get => throw null; set { } }
+                    public string SubjectDN { get => throw null; set { } }
+                    public Amazon.Lambda.APIGatewayEvents.APIGatewayProxyRequest.ClientCertValidity Validity { get => throw null; set { } }
+                }
+                public class ProxyRequestContext
+                {
+                    public string AccountId { get => throw null; set { } }
+                    public string ApiId { get => throw null; set { } }
+                    public Amazon.Lambda.APIGatewayEvents.APIGatewayCustomAuthorizerContext Authorizer { get => throw null; set { } }
+                    public long ConnectedAt { get => throw null; set { } }
+                    public string ConnectionId { get => throw null; set { } }
+                    public ProxyRequestContext() => throw null;
+                    public string DomainName { get => throw null; set { } }
+                    public string DomainPrefix { get => throw null; set { } }
+                    public string Error { get => throw null; set { } }
+                    public string EventType { get => throw null; set { } }
+                    public string ExtendedRequestId { get => throw null; set { } }
+                    public string HttpMethod { get => throw null; set { } }
+                    public Amazon.Lambda.APIGatewayEvents.APIGatewayProxyRequest.RequestIdentity Identity { get => throw null; set { } }
+                    public string IntegrationLatency { get => throw null; set { } }
+                    public string MessageDirection { get => throw null; set { } }
+                    public string MessageId { get => throw null; set { } }
+                    public string OperationName { get => throw null; set { } }
+                    public string Path { get => throw null; set { } }
+                    public string RequestId { get => throw null; set { } }
+                    public string RequestTime { get => throw null; set { } }
+                    public long RequestTimeEpoch { get => throw null; set { } }
+                    public string ResourceId { get => throw null; set { } }
+                    public string ResourcePath { get => throw null; set { } }
+                    public string RouteKey { get => throw null; set { } }
+                    public string Stage { get => throw null; set { } }
+                    public string Status { get => throw null; set { } }
+                }
+                public System.Collections.Generic.IDictionary<string, string> QueryStringParameters { get => throw null; set { } }
+                public Amazon.Lambda.APIGatewayEvents.APIGatewayProxyRequest.ProxyRequestContext RequestContext { get => throw null; set { } }
+                public class RequestIdentity
+                {
+                    public string AccessKey { get => throw null; set { } }
+                    public string AccountId { get => throw null; set { } }
+                    public string ApiKey { get => throw null; set { } }
+                    public string ApiKeyId { get => throw null; set { } }
+                    public string Caller { get => throw null; set { } }
+                    public Amazon.Lambda.APIGatewayEvents.APIGatewayProxyRequest.ProxyRequestClientCert ClientCert { get => throw null; set { } }
+                    public string CognitoAuthenticationProvider { get => throw null; set { } }
+                    public string CognitoAuthenticationType { get => throw null; set { } }
+                    public string CognitoIdentityId { get => throw null; set { } }
+                    public string CognitoIdentityPoolId { get => throw null; set { } }
+                    public RequestIdentity() => throw null;
+                    public string SourceIp { get => throw null; set { } }
+                    public string User { get => throw null; set { } }
+                    public string UserAgent { get => throw null; set { } }
+                    public string UserArn { get => throw null; set { } }
+                }
+                public string Resource { get => throw null; set { } }
+                public System.Collections.Generic.IDictionary<string, string> StageVariables { get => throw null; set { } }
+            }
+            public class APIGatewayProxyResponse
+            {
+                public string Body { get => throw null; set { } }
+                public APIGatewayProxyResponse() => throw null;
+                public System.Collections.Generic.IDictionary<string, string> Headers { get => throw null; set { } }
+                public bool IsBase64Encoded { get => throw null; set { } }
+                public System.Collections.Generic.IDictionary<string, System.Collections.Generic.IList<string>> MultiValueHeaders { get => throw null; set { } }
+                public int StatusCode { get => throw null; set { } }
+            }
+        }
+    }
+}

csharp/ql/test/resources/stubs/Amazon.Lambda.APIGatewayEvents/2.7.0/Amazon.Lambda.APIGatewayEvents.csproj

@@ -0,0 +1,12 @@
+<Project Sdk="Microsoft.NET.Sdk">
+  <PropertyGroup>
+    <TargetFramework>net8.0</TargetFramework>
+    <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
+    <OutputPath>bin\</OutputPath>
+    <AppendTargetFrameworkToOutputPath>false</AppendTargetFrameworkToOutputPath>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="../../_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj" />
+  </ItemGroup>
+</Project>

csharp/ql/test/resources/stubs/Amazon.Lambda.Core/2.2.0/Amazon.Lambda.Core.cs

@@ -0,0 +1,81 @@
+// This file contains auto-generated code.
+// Generated from `Amazon.Lambda.Core, Version=1.0.0.0, Culture=neutral, PublicKeyToken=885c28607f98e604`.
+namespace Amazon
+{
+    namespace Lambda
+    {
+        namespace Core
+        {
+            public interface IClientApplication
+            {
+                string AppPackageName { get; }
+                string AppTitle { get; }
+                string AppVersionCode { get; }
+                string AppVersionName { get; }
+                string InstallationId { get; }
+            }
+            public interface IClientContext
+            {
+                Amazon.Lambda.Core.IClientApplication Client { get; }
+                System.Collections.Generic.IDictionary<string, string> Custom { get; }
+                System.Collections.Generic.IDictionary<string, string> Environment { get; }
+            }
+            public interface ICognitoIdentity
+            {
+                string IdentityId { get; }
+                string IdentityPoolId { get; }
+            }
+            public interface ILambdaContext
+            {
+                string AwsRequestId { get; }
+                Amazon.Lambda.Core.IClientContext ClientContext { get; }
+                string FunctionName { get; }
+                string FunctionVersion { get; }
+                Amazon.Lambda.Core.ICognitoIdentity Identity { get; }
+                string InvokedFunctionArn { get; }
+                Amazon.Lambda.Core.ILambdaLogger Logger { get; }
+                string LogGroupName { get; }
+                string LogStreamName { get; }
+                int MemoryLimitInMB { get; }
+                System.TimeSpan RemainingTime { get; }
+            }
+            public interface ILambdaLogger
+            {
+                void Log(string message);
+                virtual void Log(string level, string message) => throw null;
+                virtual void Log(Amazon.Lambda.Core.LogLevel level, string message) => throw null;
+                virtual void LogCritical(string message) => throw null;
+                virtual void LogDebug(string message) => throw null;
+                virtual void LogError(string message) => throw null;
+                virtual void LogInformation(string message) => throw null;
+                void LogLine(string message);
+                virtual void LogTrace(string message) => throw null;
+                virtual void LogWarning(string message) => throw null;
+            }
+            public interface ILambdaSerializer
+            {
+                T Deserialize<T>(System.IO.Stream requestStream);
+                void Serialize<T>(T response, System.IO.Stream responseStream);
+            }
+            public static class LambdaLogger
+            {
+                public static void Log(string message) => throw null;
+            }
+            [System.AttributeUsage((System.AttributeTargets)65, AllowMultiple = false)]
+            public sealed class LambdaSerializerAttribute : System.Attribute
+            {
+                public LambdaSerializerAttribute(System.Type serializerType) => throw null;
+                public System.Type SerializerType { get => throw null; set { } }
+            }
+            public enum LogLevel
+            {
+                Trace = 0,
+                Debug = 1,
+                Information = 2,
+                Warning = 3,
+                Error = 4,
+                Critical = 5,
+            }
+        }
+    }
+}

csharp/ql/test/resources/stubs/Amazon.Lambda.Core/2.2.0/Amazon.Lambda.Core.csproj

@@ -0,0 +1,12 @@
+<Project Sdk="Microsoft.NET.Sdk">
+  <PropertyGroup>
+    <TargetFramework>net8.0</TargetFramework>
+    <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
+    <OutputPath>bin\</OutputPath>
+    <AppendTargetFrameworkToOutputPath>false</AppendTargetFrameworkToOutputPath>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="../../_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj" />
+  </ItemGroup>
+</Project>

swift/ql/test/query-tests/Security/CWE-327/BrokenCryptoAlgorithm.qlref.disabled

@@ -1 +0,0 @@
-queries/Security/CWE-327/BrokenCryptoAlgorithm.ql

swift/ql/test/query-tests/Security/CWE-327/test_commoncrypto.swift

@@ -1,217 +0,0 @@
-// --- stubs ---
-
-struct Data {
-	func withUnsafeBytes<ResultType>(
-		_ body: (UnsafeRawBufferPointer) throws -> ResultType
-		) rethrows -> ResultType { return 0 as! ResultType }
-	mutating func withUnsafeMutableBytes<ResultType>(
-		_ body: (UnsafeMutableRawBufferPointer) throws -> ResultType
-		) rethrows -> ResultType { return 0 as! ResultType }
-}
-
-// --- CommonCryptor ---
-// (real world projects will import the CommonCryptor headers which get
-//  converted to Swift by the compiler; the following is an approximation
-//  of that derived from QL queries and the CommonCryptor header files)
-
-var kCCSuccess : Int = 0
-typealias CCCryptorStatus = Int32
-
-typealias CCCryptorRef = OpaquePointer
-
-var kCCEncrypt : Int = 0
-var kCCDecrypt : Int = 1
-typealias CCOperation = UInt32
-
-var kCCAlgorithmAES128 : Int = 0
-var kCCAlgorithmAES : Int = 0
-var kCCAlgorithmDES : Int = 1
-var kCCAlgorithm3DES : Int = 2
-var kCCAlgorithmCAST : Int = 3
-var kCCAlgorithmRC4 : Int = 4
-var kCCAlgorithmRC2 : Int = 5
-var kCCAlgorithmBlowfish : Int = 6
-typealias CCAlgorithm = UInt32
-
-var kCCOptionPKCS7Padding : Int = 1
-var kCCOptionECBMode : Int = 2
-typealias CCOptions = UInt32
-
-var kCCModeECB : Int = 1
-var kCCModeCBC : Int = 2
-var kCCModeCFB : Int = 3
-var kCCModeCTR : Int = 4
-var kCCModeOFB : Int = 7
-var kCCModeRC4 : Int = 9
-var kCCModeCFB8 : Int = 10
-typealias CCMode = UInt32
-
-typealias CCPadding = UInt32
-
-typealias CCModeOptions = UInt32
-
-func CCCryptorCreate(
-	_ op: CCOperation,
-	_ alg: CCAlgorithm,
-	_ options: CCOptions,
-	_ key: UnsafeRawPointer?,
-	_ keyLength: Int,
-	_ iv: UnsafeRawPointer?,
-	_ cryptorRef: UnsafeMutablePointer<CCCryptorRef?>?
-	) -> CCCryptorStatus { return 0 }
-
-func CCCryptorCreateFromData(
-	_ op: CCOperation,
-	_ alg: CCAlgorithm,
-	_ options: CCOptions,
-	_ key: UnsafeRawPointer?,
-	_ keyLength: Int,
-	_ iv: UnsafeRawPointer?,
-	_ data: UnsafeRawPointer?,
-	_ dataLength: Int,
-	_ cryptorRef: UnsafeMutablePointer<CCCryptorRef?>?,
-	_ dataUsed: UnsafeMutablePointer<Int>?
-	) -> CCCryptorStatus { return 0 }
-
-func CCCryptorCreateWithMode(
-	_ op: CCOperation,
-	_ mode: CCMode,
-	_ alg: CCAlgorithm,
-	_ padding: CCPadding,
-	_ iv: UnsafeRawPointer?,
-	_ key: UnsafeRawPointer?,
-	_ keyLength: Int,
-	_ tweak: UnsafeRawPointer?,
-	_ tweakLength: Int,
-	_ numRounds: Int32,
-	_ options: CCModeOptions,
-	_ cryptorRef: UnsafeMutablePointer<CCCryptorRef?>?
-	) -> CCCryptorStatus { return 0 }
-
-func CCCryptorUpdate(
-	_ cryptorRef: CCCryptorRef?,
-	_ dataIn: UnsafeRawPointer?,
-	_ dataInLength: Int,
-	_ dataOut: UnsafeMutableRawPointer?,
-	_ dataOutAvailable: Int,
-	_ dataOutMoved: UnsafeMutablePointer<Int>?
-	) -> CCCryptorStatus { return 0 }
-
-func CCCryptorFinal(
-	_ cryptorRef: CCCryptorRef?,
-	_ dataOut: UnsafeMutableRawPointer?,
-	_ dataOutAvailable: Int,
-	_ dataOutMoved: UnsafeMutablePointer<Int>?
-	) -> CCCryptorStatus { return 0 }
-
-func CCCrypt(
-	_ op: CCOperation,
-	_ alg: CCAlgorithm,
-	_ options: CCOptions,
-	_ key: UnsafeRawPointer?,
-	_ keyLength: Int,
-	_ iv: UnsafeRawPointer?,
-	_ dataIn: UnsafeRawPointer?,
-	_ dataInLength: Int,
-	_ dataOut: UnsafeMutableRawPointer?,
-	_ dataOutAvailable: Int,
-	_ dataOutMoved: UnsafeMutablePointer<Int>?
-	) -> CCCryptorStatus { return 0 }
-
-// --- tests ---
-
-func cond() -> Bool { return true }
-
-func test_commoncrypto1(key: Data, iv: Data, dataIn: Data, dataOut: inout Data) {
-	// semi-realistic test case
-	var myCryptor: CCCryptorRef?
-	var dataOutWritten = 0
-
-	key.withUnsafeBytes({
-		keyPtr in
-		iv.withUnsafeBytes({
-			// create the cryptor object
-			ivPtr in
-			let result1 = CCCryptorCreate(
-				CCOperation(kCCEncrypt),
-				CCAlgorithm(kCCAlgorithm3DES), // BAD [NOT DETECTED]
-				CCOptions(0),
-				keyPtr.baseAddress!,
-				keyPtr.count,
-				ivPtr.baseAddress!,
-				&myCryptor
-			)
-			guard result1 == CCCryptorStatus(kCCSuccess) else {
-				return // fail
-			}
-
-			dataIn.withUnsafeBytes({
-				dataInPtr in
-				dataOut.withUnsafeMutableBytes({
-					dataOutPtr in
-					// encrypt data
-					while (cond()) {
-						let result2 = CCCryptorUpdate(
-							myCryptor,
-							dataInPtr.baseAddress!,
-							dataInPtr.count,
-							dataOutPtr.baseAddress!,
-							dataOutPtr.count,
-							&dataOutWritten)
-						guard result2 == CCCryptorStatus(kCCSuccess) else {
-							return // fail
-						}
-					}
-
-					// finish
-					let result3 = CCCryptorFinal(
-						myCryptor,
-						dataOutPtr.baseAddress!,
-						dataOutPtr.count,
-						&dataOutWritten)
-					guard result3 == CCCryptorStatus(kCCSuccess) else {
-						return // fail
-					}
-				})
-			})
-		})
-	})
-}
-
-func test_commoncrypto2(
-	key: UnsafeRawPointer, keyLen: Int,
-	iv: UnsafeRawPointer,
-	dataIn: UnsafeRawPointer, dataInLen: Int,
-	dataOut: UnsafeMutableRawPointer, dataOutAvail: Int) {
-	var myCryptor: CCCryptorRef?
-	var dataOutWritten = 0
-
-	// algorithms
-	_ = CCCrypt(CCOperation(kCCEncrypt), CCAlgorithm(kCCAlgorithmAES128), 0, key, keyLen, iv, dataIn, dataInLen, dataOut, dataOutAvail, nil)
-	_ = CCCrypt(CCOperation(kCCEncrypt), CCAlgorithm(kCCAlgorithmAES), 0, key, keyLen, iv, dataIn, dataInLen, dataOut, dataOutAvail, nil)
-	_ = CCCrypt(CCOperation(kCCEncrypt), CCAlgorithm(kCCAlgorithmDES), 0, key, keyLen, iv, dataIn, dataInLen, dataOut, dataOutAvail, nil) // BAD [NOT DETECTED]
-	_ = CCCrypt(CCOperation(kCCEncrypt), CCAlgorithm(kCCAlgorithm3DES), 0, key, keyLen, iv, dataIn, dataInLen, dataOut, dataOutAvail, nil) // BAD [NOT DETECTED]
-	_ = CCCrypt(CCOperation(kCCEncrypt), CCAlgorithm(kCCAlgorithmCAST), 0, key, keyLen, iv, dataIn, dataInLen, dataOut, dataOutAvail, nil)
-	_ = CCCrypt(CCOperation(kCCEncrypt), CCAlgorithm(kCCAlgorithmRC4), 0, key, keyLen, iv, dataIn, dataInLen, dataOut, dataOutAvail, nil) // BAD [NOT DETECTED]
-	_ = CCCrypt(CCOperation(kCCEncrypt), CCAlgorithm(kCCAlgorithmRC2), 0, key, keyLen, iv, dataIn, dataInLen, dataOut, dataOutAvail, nil) // BAD [NOT DETECTED]
-	_ = CCCrypt(CCOperation(kCCEncrypt), CCAlgorithm(kCCAlgorithmBlowfish), 0, key, keyLen, iv, dataIn, dataInLen, dataOut, dataOutAvail, nil)
-	_ = CCCryptorCreate(CCOperation(kCCEncrypt), CCAlgorithm(kCCAlgorithm3DES), 0, key, keyLen, iv, &myCryptor) // BAD [NOT DETECTED]
-	_ = CCCryptorCreateFromData(CCOperation(kCCEncrypt), CCAlgorithm(kCCAlgorithm3DES), 0, key, keyLen, iv, dataIn, dataInLen, &myCryptor, &dataOutWritten) // BAD [NOT DETECTED]
-	_ = CCCryptorCreateFromData(CCOperation(kCCDecrypt), CCAlgorithm(kCCAlgorithm3DES), 0, key, keyLen, iv, dataIn, dataInLen, &myCryptor, &dataOutWritten) // BAD [NOT DETECTED]
-
-	// block modes (the default is CBC)
-	_ = CCCrypt(CCOperation(kCCEncrypt), CCAlgorithm(kCCAlgorithmAES), CCOptions(0), key, keyLen, iv, dataIn, dataInLen, dataOut, dataOutAvail, nil)
-	_ = CCCrypt(CCOperation(kCCEncrypt), CCAlgorithm(kCCAlgorithmAES), CCOptions(kCCOptionPKCS7Padding), key, keyLen, iv, dataIn, dataInLen, dataOut, dataOutAvail, nil)
-	_ = CCCrypt(CCOperation(kCCEncrypt), CCAlgorithm(kCCAlgorithmAES), CCOptions(kCCOptionECBMode), key, keyLen, iv, dataIn, dataInLen, dataOut, dataOutAvail, nil) // BAD [NOT DETECTED]
-	_ = CCCryptorCreate(CCOperation(kCCEncrypt), CCAlgorithm(kCCAlgorithm3DES), CCOptions(kCCOptionECBMode), key, keyLen, iv, &myCryptor) // BAD [NOT DETECTED]
-	_ = CCCryptorCreateFromData(CCOperation(kCCEncrypt), CCAlgorithm(kCCAlgorithm3DES), CCOptions(kCCOptionECBMode), key, keyLen, iv, dataIn, dataInLen, &myCryptor, &dataOutWritten) // BAD [NOT DETECTED]
-
-	// modes
-	_ = CCCryptorCreateWithMode(CCOperation(kCCAlgorithmAES), CCMode(kCCModeECB), CCAlgorithm(kCCAlgorithm3DES), CCPadding(0), iv, key, keyLen, nil, 0, 0, CCModeOptions(0), &myCryptor) // BAD [NOT DETECTED]
-	_ = CCCryptorCreateWithMode(CCOperation(kCCAlgorithmAES), CCMode(kCCModeCBC), CCAlgorithm(kCCAlgorithm3DES), CCPadding(0), iv, key, keyLen, nil, 0, 0, CCModeOptions(0), &myCryptor)
-	_ = CCCryptorCreateWithMode(CCOperation(kCCAlgorithmAES), CCMode(kCCModeCFB), CCAlgorithm(kCCAlgorithm3DES), CCPadding(0), iv, key, keyLen, nil, 0, 0, CCModeOptions(0), &myCryptor)
-	_ = CCCryptorCreateWithMode(CCOperation(kCCAlgorithmAES), CCMode(kCCModeCTR), CCAlgorithm(kCCAlgorithm3DES), CCPadding(0), iv, key, keyLen, nil, 0, 0, CCModeOptions(0), &myCryptor)
-	_ = CCCryptorCreateWithMode(CCOperation(kCCAlgorithmAES), CCMode(kCCModeOFB), CCAlgorithm(kCCAlgorithm3DES), CCPadding(0), iv, key, keyLen, nil, 0, 0, CCModeOptions(0), &myCryptor)
-	_ = CCCryptorCreateWithMode(CCOperation(kCCAlgorithmAES), CCMode(kCCModeRC4), CCAlgorithm(kCCAlgorithm3DES), CCPadding(0), iv, key, keyLen, nil, 0, 0, CCModeOptions(0), &myCryptor)
-	_ = CCCryptorCreateWithMode(CCOperation(kCCAlgorithmAES), CCMode(kCCModeCFB8), CCAlgorithm(kCCAlgorithm3DES), CCPadding(0), iv, key, keyLen, nil, 0, 0, CCModeOptions(0), &myCryptor)
-}