This is achieved by splitting the query into two pieces: (1) trace flow from indefinitely large object creation to len(...) calls, then (2) considering those particular len(...) calls as taint propagators, trace taint from the same sources all the way to an allocation call. This is more accurate than the previous solution, which considered any len(...) call to propagate taint, potentially confusing an array that stored a large value in one of its cells for an array which is itself of large size.
Previously, invoking `make autoformat` would run a command of this form:
```sh
... | grep \\.go$ | ...
```
Note that the `$` is not escaped. This probably wasn't intended, even though it happens to work anyway, since the shell doesn't try to expand lone `$`s.
More problematically, invoking `make check-formatting` would run a command of this form:
```sh
... | grep \\.go| ...
```
Note that the `$` is gone, so it matches `.go` anywhere in the file name. In particular, it matches `ql/test/library-tests/semmle/go/frameworks/Protobuf/vendor/google.golang.org/protobuf/LICENSE`, which I think is responsible for the somewhat mysterious "expected 'package', found Copyright" errors we've been seeing from CI.
This PR fixes both targets to run
```sh
... | grep '\.go$' | ...
```
Because of the single quotes we only need a single backslash, and the `$` gets left alone.
Turns out gofmt doesn't actually return 1 when it finds problems, only when it finds source files which don't compile (all of which are now excluded).
This also fixes existing overlooked inconsistencies as a result of this mistake.
Use
```sh
make autoformat
```
to format all `.ql` and `.qll` files under `ql/src`.
Use
```sh
make AUTOFORMAT=--check-only autoformat
```
to check that all `.ql` and `.qll` files under `ql/src` are correctly formatted and fail if they are not.
Also add support for building the extractor inside this repository
so that users can build and use the extractor, and an up-to-date
version can be used for testing.
