Compare commits

...

307 Commits

Author SHA1 Message Date
Arthur Baars
5a2f66a221 CI: add Windows support to fetch-codeql action 2022-08-01 14:28:44 +02:00
Rasmus Wriedt Larsen
1737d08145 Merge pull request #9579 from yoff/python/more-logic-tests
Python: Improve `BarrierGuard`
2022-08-01 11:36:11 +02:00
AlexDenisov
b5d4a2d462 Merge pull request #9926 from github/redsun82/swift-extract-module-type
Swift: extract `ModuleType`
2022-08-01 10:33:33 +02:00
AlexDenisov
ed67fb0933 Merge pull request #9927 from github/redsun82/swift-pcm-inconsistencies-workaround
Swift: append clang module names in trap keys
2022-08-01 10:33:18 +02:00
Jeroen Ketema
b50f4bc1a8 Merge pull request #9903 from jketema/builtin
C++: Support additional compiler builtin operations
2022-07-29 17:20:19 +02:00
Paolo Tranquilli
4ce100f9a3 Swift: append clang module names in trap keys
We have found out there can be separate declarations (`VarDecl` or
`AccessorDecl`) which are effectively the same (with equal mangled name)
but come from different clang modules. This is the case for example
for glibc constants like `L_SET` that appear in both `SwiftGlibc` and
`CDispatch`.

In this patch, we simply avoid full deduplication in that case by
appending the module name to the trap key for non-swift modules.

A more solid solution should be found in the future.
2022-07-29 16:56:51 +02:00
Paolo Tranquilli
45e14c96f2 Swift: extract ModuleType 2022-07-29 16:48:45 +02:00
Paolo Tranquilli
13f2cf9003 Merge pull request #9922 from github/redsun82/swift-precompiled-modules-are-not-extracted
Swift: extract precompiled swiftmodule files
2022-07-29 16:43:34 +02:00
Paolo Tranquilli
daf1fa3c31 Swift: lock built swiftmodule traps in main
This should cover `-merge-modules` mode.

Dumping of the configuration to the target files was moved to a
separate pair of header/source files, as now it is also done in
`SwiftOutputRewrite.cpp`.
2022-07-29 16:27:55 +02:00
Paolo Tranquilli
405d0fcd54 Merge branch 'main' into redsun82/swift-precompiled-modules-are-not-extracted 2022-07-29 15:57:52 +02:00
Tony Torralba
593ce01362 Merge pull request #9908 from atorralba/atorralba/xml-inline-exp-test
Java: Add support for XML InlineExpectationsTest
2022-07-29 14:49:19 +02:00
AlexDenisov
48e93b3654 Merge pull request #9925 from github/alexdenisov/pcm-var-dedup
Swift: do not deduplicate PCM variables (as the mangler crashes there sometimes)
2022-07-29 14:30:41 +02:00
AlexDenisov
22c5b7af4f Merge pull request #9921 from github/alexdenisov/type-alias-mangling
Swift: mangle TypeAliasDecls differently
2022-07-29 14:30:28 +02:00
Alex Denisov
34edb2537f Swift: mangle TypeAliasDecls differently 2022-07-29 14:12:02 +02:00
Alex Denisov
5b1fe56d5f Swift: do not deduplicate PCM variables (as the mangler crashes there sometimes) 2022-07-29 14:06:18 +02:00
Tony Torralba
ec03ebbbfc Add spurious and missing test cases 2022-07-29 13:44:25 +02:00
Tony Torralba
6091f0dbce Use camelCase for XML acronym 2022-07-29 13:44:11 +02:00
Paolo Tranquilli
099ab0e0c2 Swift: readd .trap suffix to swiftmodule trap files 2022-07-29 12:26:33 +02:00
Paolo Tranquilli
604328ea5f Swift: strip suffix from swiftmodule trap files 2022-07-29 12:25:11 +02:00
Paolo Tranquilli
652230d021 Merge branch 'main' into redsun82/swift-precompiled-modules-are-not-extracted 2022-07-29 12:21:15 +02:00
Paolo Tranquilli
69633948ce Merge pull request #9920 from github/alexdenisov/colocate-pcms
Swift: put all the PCM traps into the same place
2022-07-29 12:20:58 +02:00
Paolo Tranquilli
065fecc57e Swift: extract precompiled swiftmodule files
Previously we were not extracting any `swiftmodule` file that was not
a system or a built-in one. This was done to avoid re-extracting
`swiftmodule` files that were built previously in the same build, but it
turned out to be too eager, as there are legitimate cases where a
non-system, non-built-in precompiled swift module can be used. An
example of that is the `PackageDescription` module used in Swift
Package Manager manifest files (`Package.swift`).

We now relax the test and trigger module extraction on all loaded
modules that do not have source files (we trigger source file extraction
for those). The catch, is that we also create empty trap files for
current output `swiftmodule` files (including possible alias locations
set up by XCode).

This means that if a following extractor run loads a previously built
`swiftmodule` file, although it will trigger module extraction, this
will however be skipped as it will find its target file already present
(this is done via the `TargetFile` semantics).
2022-07-29 11:10:03 +02:00
Alex Denisov
50e1ffda64 Swift: put all the PCM traps into the same place 2022-07-29 10:19:13 +02:00
Jeroen Ketema
a27b1ee33a C++: Improve ErrorExpr documentation to match current practise 2022-07-29 09:08:56 +02:00
Jeroen Ketema
5a59354d73 C++: Minor clean up of the builtin operations qldoc 2022-07-29 09:08:56 +02:00
Jeroen Ketema
bce253920c C++: Fix __builtin_shuffle qldoc 2022-07-29 09:08:56 +02:00
Jeroen Ketema
afdd21eab7 C++: Update DB scheme stats file 2022-07-29 09:08:56 +02:00
Jeroen Ketema
295ecbb401 C++: Add upgrade and downgrade scripts for new builtins 2022-07-29 09:08:56 +02:00
Jeroen Ketema
1806b8933f C++: Add change note for newly added builtins 2022-07-29 09:08:56 +02:00
Jeroen Ketema
20b66eaf34 C++: Support __builtin_shuffle builtin
While here write gcc instead of GNU, which is more accurate.
2022-07-29 09:08:56 +02:00
Jeroen Ketema
81e687ea98 C++: Support __builtin_bit_cast builtin 2022-07-29 09:08:56 +02:00
Jeroen Ketema
a85d3f9b7f C++: Support __has_unique_object_representations builtin 2022-07-29 09:08:56 +02:00
Jeroen Ketema
0c03935437 C++: Support __is_aggregate builtin
Fix some whitespace issues while here.
2022-07-29 09:08:56 +02:00
Jeroen Ketema
c4283dd23f C++: Support __is_assignable builtin
While here fix the documentation of `__is_trivially_assignable` and
`__is_nothrow_assignable`.
2022-07-29 09:08:56 +02:00
AlexDenisov
9876c391fa Merge pull request #9915 from github/redsun82/swift-fixes
Swift: small dispatcher fixes
2022-07-29 08:22:54 +02:00
Chris Smowton
e140d2ab4f Merge pull request #9824 from smowton/smowton/admin/wildcard-substitution-test
Add test for Java wildcard substitution
2022-07-28 17:07:41 +01:00
Paolo Tranquilli
985237ab2d Swift: small dispatcher fixes
File extraction was not using named trap keys, and `emitDebugInfo` was
using `std::forward` when it should not.
2022-07-28 17:05:52 +02:00
Chris Smowton
1737ed50ba Add test cases for wildcard lowering of array types 2022-07-28 15:52:00 +01:00
Chris Smowton
8cd2aeb65d Accept test changes 2022-07-28 15:52:00 +01:00
Chris Smowton
7475f84ea5 Fix type-parameter-out-of-scope test 2022-07-28 15:51:59 +01:00
Chris Smowton
e7f275382e Add test for Java wildcard substitution 2022-07-28 15:51:59 +01:00
Paolo Tranquilli
8a36a2b563 Merge pull request #9912 from github/redsun82/swift-human-readable-trap-prefixes
Swift: make trap key prefixes readable
2022-07-28 14:34:57 +02:00
Paolo Tranquilli
ddf715e6a9 Merge pull request #9911 from github/redsun82/swift-deduplicate-vardecls
Swift: deduplicate `VarDecl`
2022-07-28 14:31:59 +02:00
Paolo Tranquilli
d547a417c9 Swift: accept new test results 2022-07-28 12:57:12 +02:00
Paolo Tranquilli
cb006900cd Merge branch 'main' into redsun82/swift-deduplicate-vardecls 2022-07-28 12:55:31 +02:00
Paolo Tranquilli
7d7966e711 Swift: make trap key prefixes readable
This replaces numeric tag-based prefixes with the actual tag name.
While this means in general slightly larger trap files, it aids
debugging them for a human.

In the future we can make this conditional on some kind of trap debug
option, but for the moment it does not seem detrimental.
2022-07-28 12:43:30 +02:00
Paolo Tranquilli
b491884996 Merge pull request #9910 from github/redsun82/swift-no-cleanup-on-integration-tests
Swift: add `--no-cleanup` to integration tests
2022-07-28 12:41:53 +02:00
Paolo Tranquilli
76ea63ffbe Swift: deduplicate VarDecl
Deduplication of `ConcreteVarDecl` is triggered only if its
`DeclContext` is not local. This avoids a mangled name conflict.

Also added more thourough tests for `ConcreteVarDecl` and `ParamDecl`.
2022-07-28 12:28:52 +02:00
Paolo Tranquilli
ab1370cc8f Swift: add --no-cleanup to integration tests 2022-07-28 11:19:45 +02:00
Paolo Tranquilli
e43755b34f Merge pull request #9905 from github/redsun82/cfg-order
Control Flow: extend ordering
2022-07-28 10:25:49 +02:00
Paolo Tranquilli
9b26921cb6 Control flow: add order disambuigation customization 2022-07-28 09:11:42 +02:00
Tony Torralba
7ca955a0e6 Add support for XML InlineExpectationsTest 2022-07-27 17:23:10 +02:00
Paolo Tranquilli
ebf650c0c0 Control Flow: add more ordering for edges 2022-07-27 15:01:17 +02:00
Anders Schack-Mulligen
70e6db3ce1 Merge pull request #9902 from aschackmull/java/junit5-assertnotnull
Java: Add support for JUnit5 assertions in the nullness queries.
2022-07-27 13:52:01 +02:00
Chris Smowton
9e7fc1731f Merge pull request #9898 from smowton/smowton/fix/kotlin-super-calls
Kotlin: implement super-method calls
2022-07-27 11:31:36 +01:00
Tony Torralba
e179126abb Merge pull request #9129 from atorralba/atorralba/get-underlying-expr
Java: Add Expr::getUnderlyingExpr predicate
2022-07-27 11:42:28 +02:00
Anders Schack-Mulligen
cc423af8f1 Java: Add support for JUnit5 assertions in the nullness queries. 2022-07-27 10:20:47 +02:00
Anders Schack-Mulligen
f2670bcd61 Merge pull request #9900 from github/workflow/coverage/update
Update CSV framework coverage reports
2022-07-27 09:14:28 +02:00
AlexDenisov
f9bdca3079 Merge pull request #9818 from github/redsun82/swift-file-label-caching
Swift: cache file labels
2022-07-27 09:12:20 +02:00
github-actions[bot]
30accecd8a Add changed framework coverage reports 2022-07-27 00:19:16 +00:00
Chris Smowton
5086841b46 Kotlin: implement super-method calls
If we only look at the dispatch receiver, these show up like `this` references rather than `super` references, preventing flow through super-calls. The super-interface case requires properly noting that interface methods with a body get a `default` modifier in order to avoid QL discarding the method as a possible callee.
2022-07-26 17:03:46 +01:00
Paolo Tranquilli
42f462504e Merge branch 'main' into redsun82/swift-file-label-caching 2022-07-26 15:20:27 +02:00
Tony Torralba
edc8f6f0f2 Merge pull request #9894 from atorralba/atorralba/scanner_models
Java: Add CSV models for java.util.Scanner
2022-07-26 12:00:08 +02:00
Tony Torralba
33f5620782 Add more models 2022-07-26 11:06:11 +02:00
Tony Torralba
c56e0f7c0d Add change note 2022-07-26 10:50:34 +02:00
Tony Torralba
95db81658b Add CSV models for java.util.Scanner 2022-07-26 10:42:24 +02:00
Andrew Eisenberg
43ae5d4285 Merge pull request #9838 from github/aeisenberg/python-local-ref-def
Move python contextual queries to lib folders
2022-07-25 09:00:32 -07:00
Chris Smowton
3f6925e7be Merge pull request #9875 from smowton/smowton/fix/charat-naming
Kotlin: Special-case String.charAt naming
2022-07-25 16:10:13 +01:00
Chris Smowton
715b0b3fb8 Accept test changes 2022-07-25 15:17:14 +01:00
Chris Smowton
3af2e71932 Merge pull request #9874 from smowton/smowton/fix/kotlin-for-loop-iterators
Kotlin: fix for-loop iterators over primitive or wildcard types
2022-07-25 15:02:49 +01:00
Jeroen Ketema
8cd0a9d245 Merge pull request #9735 from jketema/inline-yolo
C++: Remove `pragma[noinline]` from `ResolveGlobalVariable.ql`
2022-07-25 11:25:26 +02:00
Nick Rolfe
a61ec78f03 Merge pull request #9883 from github/nickrolfe/trap-buffering
Ruby/QL: speed up trap writing by putting BufWriter in front of GzEncoder
2022-07-25 08:48:54 +01:00
Paolo Tranquilli
fe73601a4e Merge pull request #9805 from github/redsun82/swift-type-repr-collapse
Swift: collapse `TypeRepr` hierarchy
2022-07-25 09:31:41 +02:00
Harry Maclean
681e58c8e0 Merge pull request #9850 from hmac/hmac/arel
Ruby: Model Arel.sql
2022-07-25 12:09:18 +12:00
Harry Maclean
cb3ebeedf9 Merge pull request #9696 from thiggy1342/experimental-strong-params
RB: Experimental strong params query
2022-07-25 12:08:55 +12:00
Harry Maclean
db41ce5f76 Merge pull request #9605 from thiggy1342/experimental-manually-check-request-verb
RB: Experimental query to manually check request verb
2022-07-25 12:08:11 +12:00
thiggy1342
6cfde70898 Merge branch 'main' into experimental-strong-params 2022-07-22 20:41:33 -04:00
thiggy1342
b4d762fb21 Merge branch 'main' into experimental-manually-check-request-verb 2022-07-22 20:41:23 -04:00
thiggy1342
0c0ba925a7 this one should have no tag 2022-07-22 18:44:03 +00:00
thiggy1342
f39ca1aad2 correct cwe tagged 2022-07-22 18:36:25 +00:00
Robert Marsh
0a35f97074 Merge pull request #9872 from jketema/return-join
C++: Fix join-order problem in `cpp/return-stack-allocated-memory`
2022-07-22 14:32:10 -04:00
thiggy1342
c2710fb038 Update ruby/ql/src/change-notes/2022-07-21-check-http-verb.md
Co-authored-by: Harry Maclean <hmac@github.com>
2022-07-22 13:52:00 -04:00
thiggy1342
2c095cf166 Update ruby/ql/src/change-notes/2022-07-21-weak-params.md
Co-authored-by: Harry Maclean <hmac@github.com>
2022-07-22 13:51:38 -04:00
Jeroen Ketema
a9d95a9418 C++: Remove pragma[noinline] from ResolveGlobalVariable.ql 2022-07-22 17:59:27 +02:00
Jeroen Ketema
23c19311fb Merge pull request #9700 from jketema/resolve-global-variable
C++: Ensure only one `Variable` exists for every global variable
2022-07-22 17:57:21 +02:00
Nick Rolfe
4767d5a1ba Ruby/QL: speed up trap writing by putting BufWriter in front of GzEncoder 2022-07-22 15:37:53 +01:00
Arthur Baars
43266b75a1 Merge pull request #9866 from aibaars/encoding
Ruby: handle magic coding: comments
2022-07-22 14:33:46 +02:00
Taus
5f9a03f103 Merge pull request #9880 from github/nickrolfe/ql-ql-extractor-cleanup
QL: sync Ruby extractor changes
2022-07-22 14:15:04 +02:00
Paolo Tranquilli
77401ded4e Swift: reflow comment 2022-07-22 13:54:32 +02:00
Arthur Baars
d44bf326f0 Update ruby/extractor/src/main.rs
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
2022-07-22 13:36:22 +02:00
Paolo Tranquilli
7e67338fb5 Update swift/extractor/infra/SwiftDispatcher.h
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
2022-07-22 13:34:11 +02:00
thiggy1342
871b6515d5 Merge branch 'main' into experimental-manually-check-request-verb 2022-07-21 18:47:07 -04:00
thiggy1342
1842bde879 add change note 2022-07-21 22:13:53 +00:00
thiggy1342
c1a6ca5f94 add change note 2022-07-21 22:11:14 +00:00
thiggy1342
486a394a7f Update ruby/ql/src/experimental/weak-params/WeakParams.ql
Co-authored-by: Harry Maclean <hmac@github.com>
2022-07-21 17:26:09 -04:00
thiggy1342
8fabc06d37 fix test assertion 2022-07-21 21:25:44 +00:00
thiggy1342
cc958dc171 Update ruby/ql/src/experimental/manually-check-http-verb/ManuallyCheckHttpVerb.ql
Co-authored-by: Harry Maclean <hmac@github.com>
2022-07-21 17:19:33 -04:00
Arthur Baars
1399610bd4 Merge branch 'main' into encoding 2022-07-21 21:21:17 +02:00
Nick Rolfe
5f96c92fac QL: sync Ruby extractor changes 2022-07-21 17:38:33 +01:00
Nick Rolfe
ed0325f162 Merge pull request #9878 from github/nickrolfe/extractor-cleanup
Ruby: some extractor refactoring
2022-07-21 17:18:24 +01:00
Arthur Baars
7be106d7bb Ruby: handle magic coding: comments 2022-07-21 16:33:18 +02:00
Arthur Baars
27be3dff54 Merge pull request #9868 from aibaars/update-tree-sitter-ruby-3
Ruby: update tree-sitter-ruby
2022-07-21 16:08:32 +02:00
Nick Rolfe
8dae85e1b1 Ruby: avoid repeated construction of table name strings 2022-07-21 12:21:06 +01:00
Nick Rolfe
0a8ecd3cf7 Ruby: compute path string only once 2022-07-21 10:44:30 +01:00
Nick Rolfe
388c9ffb74 Ruby: separate trap-writer into its own module 2022-07-21 10:44:00 +01:00
Jeroen Ketema
ad8335d6f3 C++: Fix join-order problem in cpp/return-stack-allocated-memory
Before on Abseil:
```
Evaluated relational algebra for predicate #select#cpe#12356#fffff@3ffb21o1 with tuple counts:
         1235939  ~0%    {2} r1 = SCAN functions OUTPUT In.0, In.0
         1235939  ~0%    {2} r2 = JOIN r1 WITH functions ON FIRST 1 OUTPUT Lhs.1, Lhs.0
        33500841  ~0%    {2} r3 = JOIN r2 WITH DataFlowUtil::Node::getEnclosingCallable#dispred#f0820431#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1
          280683  ~3%    {3} r4 = JOIN r3 WITH MustFlow::MkLocalPathNode#0227f5a1#fff ON FIRST 1 OUTPUT Rhs.2, Lhs.1, Lhs.0
           40970  ~2%    {4} r5 = JOIN r4 WITH MustFlow::MustFlowConfiguration::hasFlowPath#dispred#f0820431#fff#cpe#23_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.0
           40970  ~0%    {5} r6 = JOIN r5 WITH MustFlow::MkLocalPathNode#0227f5a1#fff_20#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3, Lhs.0
           40970  ~1%    {5} r7 = JOIN r6 WITH DataFlowUtil::Cached::TInstructionNode#47741e1f#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3, Lhs.4
           40970  ~1%    {5} r8 = JOIN r7 WITH project#Instruction::VariableAddressInstruction#class#577b6a83#ff ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2, Lhs.3, Lhs.4
           40970  ~0%    {6} r9 = JOIN r8 WITH SSAConstruction::Cached::getInstructionAst#2b11997e#ff ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2, Lhs.3, Lhs.4, Rhs.1
           40970  ~2%    {7} r10 = JOIN r9 WITH SSAConstruction::Cached::getInstructionAst#2b11997e#ff ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2, Lhs.3, Lhs.4, Lhs.5, Rhs.1
               0  ~0%    {6} r11 = JOIN r10 WITH Instruction::Instruction::getEnclosingFunction#dispred#f0820431#3#ff ON FIRST 2 OUTPUT Rhs.1, Lhs.2, Lhs.3, Lhs.4, Lhs.5, Lhs.6
               0  ~0%    {5} r12 = JOIN r11 WITH functions ON FIRST 1 OUTPUT Lhs.5, Lhs.1, Lhs.2, Lhs.3, Lhs.4
               0  ~0%    {5} r13 = JOIN r12 WITH Element::ElementBase::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.1, Lhs.3, Lhs.2, Lhs.4, Rhs.1
                         return r13
```

After:
```
Evaluated relational algebra for predicate #select#cpe#12356#fffff@1dbc97kv with tuple counts:
        40970  ~0%    {2} r1 = SCAN MustFlow::MustFlowConfiguration::hasFlowPath#dispred#f0820431#fff#cpe#23 OUTPUT In.1, In.0
        40970  ~0%    {3} r2 = JOIN r1 WITH MustFlow::MkLocalPathNode#0227f5a1#fff_20#join_rhs ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Rhs.1
        40970  ~7%    {4} r3 = JOIN r2 WITH MustFlow::MkLocalPathNode#0227f5a1#fff_20#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.0, Lhs.1, Lhs.2
        40970  ~2%    {4} r4 = JOIN r3 WITH DataFlowUtil::Cached::TInstructionNode#47741e1f#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3
        40970  ~2%    {4} r5 = JOIN r4 WITH project#Instruction::VariableAddressInstruction#class#577b6a83#ff ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2, Lhs.3
        40970  ~0%    {5} r6 = JOIN r5 WITH SSAConstruction::Cached::getInstructionAst#2b11997e#ff ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2, Lhs.3, Rhs.1
        40970  ~1%    {6} r7 = JOIN r6 WITH SSAConstruction::Cached::getInstructionAst#2b11997e#ff ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2, Lhs.3, Lhs.4, Rhs.1
        40970  ~0%    {6} r8 = JOIN r7 WITH Instruction::Instruction::getEnclosingFunction#dispred#f0820431#3#ff ON FIRST 1 OUTPUT Lhs.3, Rhs.1, Lhs.1, Lhs.2, Lhs.4, Lhs.5
            0  ~0%    {5} r9 = JOIN r8 WITH DataFlowUtil::Node::getEnclosingCallable#dispred#f0820431#fb ON FIRST 2 OUTPUT Lhs.5, Lhs.2, Lhs.3, Lhs.0, Lhs.4
            0  ~0%    {5} r10 = JOIN r9 WITH Element::ElementBase::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.3, Lhs.1, Lhs.2, Lhs.4, Rhs.1
                      return r10
```
2022-07-21 11:27:02 +02:00
Jeroen Ketema
466eb4a845 Merge pull request #9870 from jketema/exec-tainted-join
C++: Fix join-order problem in `cpp/command-line-injection`
2022-07-21 11:22:02 +02:00
Cornelius Riemenschneider
a437fcbbcc Merge pull request #9705 from github/criemen/csharp-lua-tracing
C#: Implement correct behavior for `dotnet build` tracing
2022-07-21 11:01:33 +02:00
Chris Smowton
9593ceeda5 Kotlin: Special-case String.charAt naming
In the Kotlin universe this is called `get` so that Kotlin programmers can use the `[]` operator on `String`s.
2022-07-21 09:17:08 +01:00
Chris Smowton
1cbe26a54f Kotlin: fix for-loop iterators over primitive or wildcard types
Array<*> can't be queried for an argument type, and IntArray doesn't have an argument at all; both were previously causing the extractor to fail to extract the whole file due to throwing an exception.
2022-07-21 09:13:55 +01:00
Harry Maclean
4d0f6a0b96 Merge pull request #9788 from thiggy1342/add-activerecord-annotate
RB: Add ActiveRecord::Relation#annotate to sqlFragmentArgument()
2022-07-21 15:37:03 +12:00
thiggy1342
a10370f813 Merge branch 'main' into experimental-manually-check-request-verb 2022-07-20 16:33:36 -04:00
thiggy1342
b3f2159a7e Merge branch 'main' into experimental-strong-params 2022-07-20 16:33:32 -04:00
thiggy1342
17c80336f5 Merge branch 'main' into add-activerecord-annotate 2022-07-20 16:33:30 -04:00
Arthur Baars
8d80e0332e Ruby: update tree-sitter-ruby 2022-07-20 18:16:30 +02:00
Aditya Sharad
a1d9228a66 Merge pull request #9831 from adityasharad/docs/supported-frameworks-changelog-links
Docs: Update supported languages page with links to CLI and pack information
2022-07-20 07:36:37 -07:00
Jeroen Ketema
694d6395d5 C++: Fix join-order problem in cpp/command-line-injection
Before on Abseil Linux:
```
Evaluated relational algebra for predicate ExecTainted::ExecState#class#91000ffb#fff@41084cm7 with tuple counts:
        40879811  ~0%    {2} r1 = SCAN DataFlowUtil::Node::getLocation#dispred#f0820431#ff OUTPUT In.1, In.0
        40879811  ~0%    {2} r2 = JOIN r1 WITH Location::Location::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.1, Rhs.1
            7527  ~3%    {3} r3 = JOIN r2 WITH ExecTainted::interestingConcatenation#91000ffb#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0
            7527  ~0%    {4} r4 = JOIN r3 WITH DataFlowUtil::Node::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Lhs.0, Rhs.1
            7527  ~0%    {5} r5 = JOIN r4 WITH DataFlowUtil::Node::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Lhs.0, Lhs.3, Rhs.1
            7527  ~0%    {6} r6 = JOIN r5 WITH DataFlowUtil::Node::getLocation#dispred#f0820431#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.0, Lhs.3, Lhs.4
            7527  ~0%    {3} r7 = JOIN r6 WITH Location::Location::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT ((((((("ExecState (" ++ Rhs.1) ++ " | ") ++ Lhs.4) ++ ", ") ++ Lhs.1) ++ " | ") ++ Lhs.5 ++ ")"), Lhs.3, Lhs.2
                         return r7
```

After:
```
Evaluated relational algebra for predicate ExecTainted::ExecState#class#91000ffb#fff@1ffe61ps with tuple counts:
        7527  ~0%    {3} r1 = JOIN ExecTainted::interestingConcatenation#91000ffb#ff WITH DataFlowUtil::Node::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Rhs.1
        7527  ~0%    {4} r2 = JOIN r1 WITH DataFlowUtil::Node::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2, Rhs.1
        7527  ~1%    {5} r3 = JOIN r2 WITH DataFlowUtil::Node::getLocation#dispred#f0820431#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0, Lhs.2, Lhs.3
        7527  ~0%    {5} r4 = JOIN r3 WITH Location::Location::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.1, Lhs.2, Lhs.3, Lhs.4, Rhs.1
        7527  ~4%    {6} r5 = JOIN r4 WITH DataFlowUtil::Node::getLocation#dispred#f0820431#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.0, Lhs.1, Lhs.2, Lhs.3, Lhs.4
        7527  ~0%    {3} r6 = JOIN r5 WITH Location::Location::toString#dispred#f0820431#ff ON FIRST 1 OUTPUT ((((((("ExecState (" ++ Rhs.1) ++ " | ") ++ Lhs.3) ++ ", ") ++ Lhs.5) ++ " | ") ++ Lhs.4 ++ ")"), Lhs.1, Lhs.2
                     return r6
```
2022-07-20 16:27:47 +02:00
thiggy1342
8c55a15fa6 Merge branch 'main' into experimental-manually-check-request-verb 2022-07-20 10:27:40 -04:00
thiggy1342
6f74a2609c Merge branch 'main' into experimental-strong-params 2022-07-20 10:26:49 -04:00
thiggy1342
f54fc1a88d Merge branch 'main' into add-activerecord-annotate 2022-07-20 10:26:44 -04:00
Jeroen Ketema
c2b7300709 Merge pull request #9848 from geoffw0/stringlengthconflation5
Swift: More improvements for the string length conflation query
2022-07-20 14:05:05 +02:00
Cornelius Riemenschneider
e9e5d948b3 C#: Implement proper dotnet build handling in the Lua tracing config.
For proper C# tracing, `dotnet build` needs the parameter
/p:UseSharedCompilation=false. However, we can't pass that to the other
subcommands of `dotnet`, therefore we need to figure out which subcommand
of `dotnet` is being invoked.
2022-07-20 10:11:36 +00:00
Cornelius Riemenschneider
ca819573f5 Merge pull request #9862 from github/adityasharad/codeql-cli-2.10.1-mergeback
Merge codeql-cli-2.10.1 into main
2022-07-20 10:42:34 +02:00
Paolo Tranquilli
3527897eff Swift: make type optional in TypeRepr
A type representation may not have a type in unresolved things, which
for example pop up in inactive `#if` clauses.
2022-07-20 09:13:34 +02:00
Aditya Sharad
7620a6f653 Docs: Update supported languages page with links to CLI and pack information
Include links to the CLI changelog, CLI releases, bundle releases,
pack changelogs, and pack source.

Clarify that this support information applies to the current version of
the CLI, bundle, query packs, and library packs.
2022-07-19 14:58:27 -07:00
Asger F
aa53841466 Merge pull request #9828 from github/post-release-prep/codeql-cli-2.10.1
Post-release preparation for codeql-cli-2.10.1
2022-07-19 19:49:50 +02:00
Henti Smith
018a76bb17 Merge pull request #9857 from github/henti/new_actions_predicates
Added Workflow.getName and Step.GetId
2022-07-19 16:12:54 +01:00
Henti Smith
dcc76ddf36 Apply suggestions from code review
Co-authored-by: Henry Mercer <henrymercer@github.com>
2022-07-19 15:53:12 +01:00
Henti Smith
0828474192 Added Workflow::getName and Step::GetId 2022-07-19 15:34:10 +01:00
thiggy1342
43a9b8960e Merge branch 'main' into experimental-manually-check-request-verb 2022-07-19 10:29:48 -04:00
thiggy1342
cf23d338f3 Merge branch 'main' into experimental-strong-params 2022-07-19 10:29:36 -04:00
thiggy1342
6bc2fe513d Merge branch 'main' into add-activerecord-annotate 2022-07-19 10:29:24 -04:00
Asger F
b9bdee6651 Merge branch 'main' into post-release-prep/codeql-cli-2.10.1 2022-07-19 16:24:35 +02:00
Cornelius Riemenschneider
03bf9eb166 Merge pull request #9837 from github/aeisenberg/definitions.ql
Move definitions.ql back to src
2022-07-19 14:43:10 +02:00
Taus
bfe90413e2 Merge pull request #9847 from alexet/alexet/fix-predicate-binding
Python: Fix binding incorrect predicate.
2022-07-19 13:59:13 +02:00
Arthur Baars
dcbd82907f Merge pull request #9845 from aibaars/skip-dotgit
Ruby: skip .git folder
2022-07-19 11:58:43 +02:00
Harry Maclean
ec1d1eb547 Ruby: Add change note 2022-07-19 14:33:51 +12:00
thiggy1342
962155fd61 fix changenotes 2022-07-19 00:33:04 +00:00
thiggy1342
9586259706 style tweak for checking multiple method names 2022-07-19 00:29:30 +00:00
thiggy1342
304203ad2f fix path problem output 2022-07-19 00:25:50 +00:00
Harry Maclean
7b8603c89b Ruby: Model Arel.sql 2022-07-19 11:27:15 +12:00
alexet
f9b6ca76e5 Python: Fix binding incorrect predicate. 2022-07-18 16:28:19 +01:00
thiggy1342
fc00e56058 Merge branch 'main' into experimental-manually-check-request-verb 2022-07-18 10:58:13 -04:00
Arthur Baars
c9e5206396 Ruby: skip .git folder 2022-07-18 15:26:38 +02:00
Geoffrey White
541df9b550 Swift: Remove TODO comment. We have a test for this problem now. 2022-07-18 14:26:12 +01:00
Geoffrey White
336548f746 Swift: Improve comments. 2022-07-18 14:24:16 +01:00
Geoffrey White
9474e63faf Swift: Clean up isSink (4 - move common code out). 2022-07-18 14:24:15 +01:00
Geoffrey White
b136790efd Swift: Clean up isSink (3 - rename f -> funcDecl and move that out as well; in the other two cases this variable didn't exist, now it does). 2022-07-18 14:24:14 +01:00
Geoffrey White
0bd94a6307 Swift: Clean up isSink (2 - rename methodName -> funcName and move that out as well). 2022-07-18 14:24:13 +01:00
Geoffrey White
4854679a40 Swift: Clean up isSink (1 - move common variables to an outer exists). 2022-07-18 14:24:13 +01:00
Geoffrey White
39fb714ad1 Swift: Add test with substring declared differently. 2022-07-18 14:24:12 +01:00
Paolo Tranquilli
e1bd4a78ff Merge branch 'main' into redsun82/swift-type-repr-collapse 2022-07-18 14:05:43 +02:00
Paolo Tranquilli
10b7b1f183 Merge branch 'main' into redsun82/swift-file-label-caching 2022-07-18 14:02:57 +02:00
Paolo Tranquilli
410167671f Merge pull request #9795 from github/redsun82/swift-extraction
Swift: extract more entities
2022-07-18 13:37:43 +02:00
Nick Rolfe
eebba36b18 Merge pull request #9708 from github/nickrolfe/pathname
Ruby: model the standard library's `Pathname` class
2022-07-18 11:29:30 +01:00
Paolo Tranquilli
98fc8812fc Merge 'main' into redsun82/swift-extraction 2022-07-18 11:55:21 +02:00
Paolo Tranquilli
c779936ee8 Swift: commit forgotten files 2022-07-18 11:19:40 +02:00
Paolo Tranquilli
c08c3955d6 Swift: add UnresolvedPatternExpr test 2022-07-18 10:37:54 +02:00
Paolo Tranquilli
78fc356feb Swift: address review comments 2022-07-18 10:29:20 +02:00
Nick Rolfe
dbd6607875 Ruby: use ASCII dash in comment
Co-authored-by: Harry Maclean <hmac@github.com>
2022-07-18 08:54:58 +01:00
Harry Maclean
cc5f59f313 Merge pull request #9138 from hmac/hmac/array-inclusion-guard-local-flow
Ruby: Make StringArrayInclusion more sensitive
2022-07-18 10:11:49 +12:00
yo-h
d4443592eb Merge pull request #9776 from raulgarciamsft/azure-sdk-client-encryption-version
New queries to detect unsafe client side encryption in Azure Storage
2022-07-16 14:59:51 -04:00
Raul Garcia
6b17890e4f Fixing warning on usage of a deprecated feature. 2022-07-16 08:30:06 -07:00
Raul Garcia
eefa659503 Update java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql
Co-authored-by: yo-h <55373593+yo-h@users.noreply.github.com>
2022-07-16 08:23:59 -07:00
Raul Garcia
fe789c8aa9 Update java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql
Co-authored-by: yo-h <55373593+yo-h@users.noreply.github.com>
2022-07-16 08:22:18 -07:00
Andrew Eisenberg
b897a40228 Move python contextual queries to lib folders
This will ensure that python projects can use jump to ref/def in
vscode when the core libraries are not installed.
2022-07-15 13:12:17 -07:00
Andrew Eisenberg
2f50549184 Move definitions.ql back to src 2022-07-15 11:48:15 -07:00
thiggy1342
a1df1d1119 Merge branch 'main' into experimental-strong-params 2022-07-15 11:17:57 -04:00
thiggy1342
ee1c09329f Merge branch 'main' into add-activerecord-annotate 2022-07-15 11:17:48 -04:00
Aditya Sharad
d50816a284 Merge pull request #9802 from adityasharad/docs/language-pack-changelogs
Docs: Add links from query help to query pack changelog for each language
2022-07-14 08:52:50 -07:00
github-actions[bot]
0ee476129a Post-release preparation for codeql-cli-2.10.1 2022-07-14 14:38:49 +00:00
Paolo Tranquilli
5e74df3882 Swift: cache file paths
This required a bit of a generalization of `TrapLabelStore` to not
work only with pointers.
2022-07-14 16:32:33 +02:00
Aditya Sharad
d13f9d5d71 Update docs/codeql/query-help/javascript.rst
Co-authored-by: Felicity Chapman <felicitymay@github.com>
2022-07-14 07:29:29 -07:00
Paolo Tranquilli
7fbe4f8547 Merge pull request #9815 from github/redsun82/swift-exclusive-file
Swift: trap output rework
2022-07-14 16:23:44 +02:00
thiggy1342
592ce3ec58 Merge branch 'main' into add-activerecord-annotate 2022-07-14 09:55:25 -04:00
Paolo Tranquilli
22ff8c2c7e Swift: remove redundant braces 2022-07-14 15:40:48 +02:00
Paolo Tranquilli
3e06455ac1 Swift: delete TargetFile's move assignment 2022-07-14 15:39:36 +02:00
Anders Schack-Mulligen
21066d277f Merge pull request #9819 from github/workflow/coverage/update
Update CSV framework coverage reports
2022-07-14 15:13:37 +02:00
Erik Krogh Kristensen
5ba4f6dae8 Merge pull request #9826 from erik-krogh/combineWork
QL: rewrite the QL-for-QL workflow to just do everything in one go
2022-07-14 14:24:31 +02:00
Erik Krogh Kristensen
a7a9428dc1 split the sarif file into languages 2022-07-14 13:20:52 +02:00
Erik Krogh Kristensen
47c9b446f0 exclude upgrade scripts from QL-for-QL 2022-07-14 13:01:40 +02:00
Erik Krogh Kristensen
380070f2e4 rewrite the QL-for-QL workflow to just do everything in one go 2022-07-14 12:54:27 +02:00
Erik Krogh Kristensen
33fdcf1e4f Merge pull request #9794 from erik-krogh/unusedVue
JS: exclude variables in .vue files form js/unused-local-variable
2022-07-14 10:57:06 +02:00
Asger F
855d4c2ea1 Merge pull request #9718 from asgerf/js/case-sensitive-middleware
JS: Add 'case sensitive middleware' query
2022-07-14 10:47:58 +02:00
Erik Krogh Kristensen
43a82004b2 Merge pull request #9798 from erik-krogh/backtrackers
JS: use small steps in TypeBackTracker correctly
2022-07-14 10:28:07 +02:00
Asger F
18c5a8c8da Merge branch 'main' into js/case-sensitive-middleware 2022-07-14 09:38:35 +02:00
Asger F
da8123072d Apply suggestions from doc review
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
2022-07-14 09:38:10 +02:00
Paolo Tranquilli
f1144b9672 Swift: small TypeRepr visit rewording 2022-07-14 06:18:51 +02:00
Paolo Tranquilli
d748cb483d Swift: include cleanup
Fix a problem with `sstream` not being transitively included on macOS.
2022-07-14 06:10:12 +02:00
Paolo Tranquilli
4c53c341f6 Swift: make TargetFile::good() a class invariant
Fallible initialization has been moved to a factory function, and
`commit` has been moved to the destructor.
2022-07-14 06:02:35 +02:00
thiggy1342
62a10e20b2 Merge branch 'main' into experimental-manually-check-request-verb 2022-07-13 20:28:09 -04:00
thiggy1342
8ca7d7d775 update change note 2022-07-14 00:22:38 +00:00
thiggy1342
9d277027a3 Merge branch 'main' into experimental-strong-params 2022-07-13 20:19:50 -04:00
thiggy1342
3dd61cadf4 formatting query 2022-07-14 00:19:36 +00:00
github-actions[bot]
9a186ba5d2 Add changed framework coverage reports 2022-07-14 00:18:56 +00:00
thiggy1342
ee79834cc8 formatting in qhelp 2022-07-14 00:15:39 +00:00
thiggy1342
ae634367c9 add qhelp file 2022-07-14 00:11:52 +00:00
thiggy1342
2cc703387b use taint config for data flow 2022-07-14 00:11:52 +00:00
thiggy1342
f5301aa478 Merge branch 'main' into add-activerecord-annotate 2022-07-13 14:35:44 -04:00
Raul Garcia
f7c47b6c75 Update python/ql/src/experimental/Security/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.py
Co-authored-by: Taus <tausbn@github.com>
2022-07-13 08:34:48 -07:00
Paolo Tranquilli
f7dca4d70f Swift: trap output rework
Firstly, this change reworks how inter-process races are resolved.
Moreover some responsability reorganization has led to merging
`TrapArena` and `TrapOutput` again into a `TrapDomain` class.

A `TargetFile` class is introduced, that is successfully created
only for the first process that starts processing a given trap output
file. From then on `TargetFile` simply wraps around `<<` stream
operations, dumping them to a temporary file. When `TargetFile::commit`
is called, the temporary file is moved on to the actual target trap
file.

Processes that lose the race can now just ignore the unneeded
extraction and go on, while previously all processes would carry out
all extractions overwriting each other at the end.

Some of the file system logic contained in `SwiftExtractor.cpp` has been
moved to this class, and two TODOs are solved:
* introducing a better inter process file collision avoidance strategy
* better error handling for trap output operations: if unable to write
  to the trap file (or carry out other basic file operations), we just
  abort.

The changes to `ExprVisitor` and `StmtVisitor` are due to wanting to
hide the raw `TrapDomain::createLabel` from them, and bring more
funcionality under the generic caching/dispatching mechanism.
2022-07-13 11:19:57 +02:00
Harry Maclean
1fa2144716 Ruby: Update test fixtures 2022-07-13 21:02:08 +12:00
Erik Krogh Kristensen
fd10947ca0 use small steps in TypeBackTracker correctly 2022-07-13 10:29:57 +02:00
Harry Maclean
49aab51893 Ruby: Make helper predicate private 2022-07-13 18:20:27 +12:00
Harry Maclean
ea95e2e1d0 Ruby: Use InclusionTests library in barrier guards 2022-07-13 18:20:27 +12:00
Harry Maclean
b9fc82a741 Ruby: Test both old and new-style barrier guards 2022-07-13 18:20:25 +12:00
Harry Maclean
4cfaa86d5d Ruby: Update new-style barrier-guard 2022-07-13 18:20:14 +12:00
Harry Maclean
5f17d8370c Ruby: Small change to isArrayExpr 2022-07-13 18:20:14 +12:00
Harry Maclean
63dcce9a31 Ruby: Refactor isArrayConstant 2022-07-13 18:20:14 +12:00
Harry Maclean
b5a3d3c488 Ruby: Extract isArrayConstant
This predicate might be useful elsewhere.
2022-07-13 18:20:14 +12:00
Harry Maclean
301914d80c Ruby: Add an extra barrier guard test 2022-07-13 18:20:14 +12:00
Harry Maclean
706d1d2eee Ruby: Make StringArrayInclusion more sensitive
We now recognise the following pattern as a barrier guard for `x`:

    values = ["foo", "bar"]

    if values.include? x
      sink x
    end
2022-07-13 18:20:12 +12:00
Raul Garcia
0dbb03f732 Adding CVE information. 2022-07-12 21:49:19 -07:00
thiggy1342
7df7b92d86 Merge branch 'main' into experimental-manually-check-request-verb 2022-07-12 20:36:34 -04:00
thiggy1342
7129002573 tweak tests more 2022-07-13 00:33:58 +00:00
thiggy1342
b3f1a513d1 Update tests 2022-07-13 00:25:43 +00:00
thiggy1342
9a0a9491da Merge branch 'main' into add-activerecord-annotate 2022-07-12 20:13:56 -04:00
thiggy1342
2566ae9889 Merge branch 'main' into experimental-strong-params 2022-07-12 20:12:51 -04:00
thiggy1342
db5f63b208 add tests 2022-07-12 23:14:16 +00:00
thiggy1342
7facc63699 remove predicate 2022-07-12 22:59:48 +00:00
thiggy1342
74d6061082 Merge branch 'main' into experimental-manually-check-request-verb 2022-07-12 17:15:54 -04:00
Raul Garcia
a4adf06713 Addressing feedback for the qhelp file. 2022-07-12 13:51:12 -07:00
Raul Garcia
d929b1338b Addressing API::Node feedback for all predicates 2022-07-12 11:55:06 -07:00
Raul Garcia
64343e00f4 Update java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql
Co-authored-by: Chris Smowton <smowton@github.com>
2022-07-12 08:14:25 -07:00
Raul Garcia
8a48708014 Update java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql
Co-authored-by: Chris Smowton <smowton@github.com>
2022-07-12 08:14:13 -07:00
Raul Garcia
2bac181094 Update java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql
Co-authored-by: Chris Smowton <smowton@github.com>
2022-07-12 08:13:53 -07:00
Raul Garcia
a4e35a97ea Update java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql
Co-authored-by: Chris Smowton <smowton@github.com>
2022-07-12 08:13:38 -07:00
Raul Garcia
a51d713925 Update java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql
Co-authored-by: Chris Smowton <smowton@github.com>
2022-07-12 08:13:12 -07:00
Paolo Tranquilli
48c71c9407 Swift: add comment about TypeRepr in ASTNode fetching 2022-07-12 12:10:22 +02:00
Paolo Tranquilli
033b239b22 Swift: collapse TypeRepr hierarchy
Now `TypeRepr` is a final class in the AST, which is more or less just
a type with a location in code.

As the frontend does not provide a direct way to get a type from a
type representation, this information must be provided when fetching
the label of a type repr.

This meant:
* removing the type repr field from `EnumIsCaseExpr`: this is a virtual
  AST node introduced in place of some kinds of `IsEpxr`. The type
  repr is still available from the `ConditionalCheckedCastExpr` wrapped
  by this virtual node, and we will rebuild the original `IsExpr` with
  the IPA layer.
* some logic to get the type of keypath roots has been added to
  `KeyPathExpr`. This was done to keep the `TypeRepr` to `Type` relation
  total in the DB, but goes against the design of a dumb extractor. The
  logic could be moved to QL in the future
* in the control flow library, `TypeRepr` children are now ignored. As
  far as I can tell, there is no runtime evaluation going on in
  `TypeRepr`s, so it does not make much sense to have control flow
  through them.
2022-07-12 10:49:14 +02:00
Paolo Tranquilli
47a4cac8ee Merge branch 'main' into redsun82/swift-extraction 2022-07-12 09:29:10 +02:00
Raul Garcia
d5791e2d56 Addressing feedback from the PR 2022-07-11 15:45:15 -07:00
Aditya Sharad
02e11b7ee9 Docs: Add links from query help to query pack changelog for each language 2022-07-11 13:59:38 -07:00
Raul Garcia
ac05577966 Making various changes based on the feedback. Pending: 2 non-trivial fixes for Java & Python. 2022-07-11 13:25:35 -07:00
Raul Garcia
e5702d0e15 Update python/ql/src/experimental/Security/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql
Co-authored-by: Taus <tausbn@github.com>
2022-07-11 13:07:37 -07:00
Raul Garcia
7fc9ae6c49 Update python/ql/src/experimental/Security/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql
Co-authored-by: Taus <tausbn@github.com>
2022-07-11 13:07:20 -07:00
Raul Garcia
5d89a5d164 Update csharp/ql/src/experimental/Security Features/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql
Co-authored-by: Taus <tausbn@github.com>
2022-07-11 08:42:50 -07:00
Raul Garcia
156bc34cda Update UnsafeUsageOfClientSideEncryptionVersion.qhelp 2022-07-11 08:41:05 -07:00
thiggy1342
ad7c3e7217 Merge branch 'main' into experimental-manually-check-request-verb 2022-07-11 10:20:07 -04:00
thiggy1342
539fbbc126 Merge branch 'main' into experimental-strong-params 2022-07-11 10:20:00 -04:00
Paolo Tranquilli
39406436bf Swift: extract IfConfigDecl
This also adds `UnresolvedDeclRefExpr` tests, as `IfConfigDecl`
consistently introduces those.
2022-07-11 15:11:13 +02:00
Erik Krogh Kristensen
9ed7aa9fae exclude variables in .vue files form js/unused-local-variable 2022-07-11 12:52:23 +02:00
Chris Smowton
74641ccfee Simplify test for no-arg constructor 2022-07-11 11:01:19 +01:00
Paolo Tranquilli
7d5dd384c3 Swift: extract UnresolvedPatternExpr 2022-07-11 10:59:00 +02:00
Paolo Tranquilli
7c3cadc9b6 Swift: extract OpenedArchetypeType 2022-07-11 10:48:21 +02:00
thiggy1342
e8e8da1b31 fix lib test expect for ActionController 2022-07-08 19:01:01 +00:00
thiggy1342
5d3232c614 refactor to use data flow 2022-07-08 18:53:24 +00:00
thiggy1342
96e66c4a50 move tests 2022-07-08 18:39:04 +00:00
thiggy1342
0435105d16 Merge remote-tracking branch 'upstream/main' into experimental-strong-params 2022-07-08 18:36:09 +00:00
thiggy1342
6aab970a9e refactor query to use cfg and dataflow 2022-07-08 18:32:54 +00:00
thiggy1342
bd50fd7f1e format fix 2022-07-08 17:20:41 +00:00
thiggy1342
11e39aa030 Add changelog 2022-07-07 21:40:16 +00:00
thiggy1342
940254d251 update framework tests 2022-07-07 19:39:59 +00:00
thiggy1342
b4869158f2 expand query tests for cwe-089 2022-07-07 19:23:57 +00:00
thiggy1342
2f1cfa816f Add annotate arguments as sqli sink 2022-07-07 19:23:06 +00:00
Raul Garcia
f8994d04d6 Clean up 2022-07-07 11:49:05 -07:00
Raul Garcia
01da877d0e Moving the new query to experimental. It was added to the wrong folder initially. 2022-07-06 14:07:14 -07:00
Raul Garcia
dd1a9a22e3 Update UnsafeUsageOfClientSideEncryptionVersion.qhelp 2022-07-05 13:58:38 -07:00
Raul Garcia
f5c6b45014 Update UnsafeUsageOfClientSideEncryptionVersion.qhelp 2022-07-05 13:58:11 -07:00
Raul Garcia
56060e0610 Update csharp/ql/src/experimental/Security Features/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.qhelp
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
2022-07-05 13:57:28 -07:00
Raul Garcia
e43e5810cf New queries to detect unsafe client side encryption in Azure Storage 2022-07-01 17:08:35 -07:00
Nick Rolfe
02dd933e5f Ruby: move Pathname from core to stdlib 2022-06-30 10:08:25 +01:00
Nick Rolfe
5db2f9a768 Merge remote-tracking branch 'origin/main' into nickrolfe/pathname 2022-06-29 13:16:49 +01:00
Nick Rolfe
c1302a90e0 Ruby: use MaD for more precise Pathname flow summaries 2022-06-29 13:16:18 +01:00
yoff
6087bc6888 Merge branch 'main' into python/more-logic-tests 2022-06-28 22:16:38 +02:00
Jeroen Ketema
a7956ad422 C++: Add change note 2022-06-28 15:32:43 +02:00
Jeroen Ketema
82c9b8b494 C++: Ensure only one Variable exists for every global variable
Depending on the extraction order, before this change there might be multiple
`GlobalVariable`s per declared global variable. See the tests in
`cpp/ql/test/library-tests/variables/global`. This change ensures that only one
of those `GlobalVariable`s is visible to the user if we can locate a unique
definition. If not, the old situation persists.

Note that an exception needs to be made for templated variables. Here, the
definition refers to the non-instantiated template, while a declaration that
is not a definition refers to an instantiation. In case the instantiation refers
to a template parameter, the mangled names of the template and the instantiation
will be identical. This happens for example in the following case:
```
template <typename T>
T x = T(42);           // Uninstantiated templated variable

template <typename T>
class C {
  T y = x<T>;          // Instantiation using a template parameter
};
```
Since the uninstantiated template and the instantiation are two different
entities, we do not unify them as described above.
2022-06-28 15:32:43 +02:00
Asger F
c33690381e JS: Add explicit 'this' 2022-06-28 10:21:44 +02:00
Asger F
c1a2e2abe0 JS: Rename to isLikelyCaseSensitiveRegExp 2022-06-28 10:21:33 +02:00
Asger F
fd28397056 JS: Fix typo 2022-06-28 10:10:23 +02:00
Asger F
9cf48fc804 JS: Clarify that strings are case insensitive by default 2022-06-28 10:09:56 +02:00
Asger F
b1251f0c63 JS: invertCase -> toOtherCase 2022-06-28 10:07:57 +02:00
yoff
1788507571 python: add qldoc 2022-06-27 21:00:12 +00:00
Rasmus Lerchedahl Petersen
a1fe8a5b2b python: handle not in BarrierGuard
in the program
```python
if not is_safe(path):
  return
```
the last node in the `ConditionBlock` is `not is_safe(path)`,
so it would never match "a call to is_safe".
Thus, guards inside `not` would not be part of `GuardNode`
(nor `BarrierGuard`). Now they can.
2022-06-27 20:10:47 +00:00
Rasmus Lerchedahl Petersen
882000afb3 python: not is confusing our logic
- added `is_unsafe`
- added "negated version" of two tests.
These versions do not use `not` and the analysis gets the taint right.
2022-06-27 20:10:47 +00:00
Asger F
3c9e743495 JS: Add change note 2022-06-27 16:16:38 +02:00
Asger F
17d139c87d JS: Add qhelp 2022-06-27 16:14:30 +02:00
Nick Rolfe
280c959dc8 Merge branch 'main' into nickrolfe/pathname 2022-06-27 11:11:17 +01:00
Asger F
d92430b0e7 JS: Fix FP from char class 2022-06-27 09:08:37 +02:00
Asger F
9e4116618a JS: Add CaseSensitiveMiddlewarePath query 2022-06-27 09:08:37 +02:00
Nick Rolfe
c1515db09c Ruby: modeling of some file-related concepts for the Pathname class 2022-06-24 14:14:07 +01:00
Nick Rolfe
03d0f66247 Ruby: add flow summaries for Pathname class 2022-06-24 14:14:06 +01:00
thiggy1342
6ea1aad5fc more style fixes 2022-06-23 22:57:51 -04:00
thiggy1342
ce2edd4b28 style tweaks 2022-06-24 02:46:48 +00:00
thiggy1342
ca074e2275 add qhelp file 2022-06-24 02:19:06 +00:00
thiggy1342
cf36333082 forgot to finish this test 2022-06-24 02:18:48 +00:00
thiggy1342
45dd38df6e polish up dataflow query 2022-06-24 01:50:20 +00:00
thiggy1342
e838b83f5f attempt to introduce dataflow tracking 2022-06-23 02:21:47 +00:00
thiggy1342
995f365568 just check string literal 2022-06-22 02:17:01 +00:00
thiggy1342
c767f241ad narrow query scope 2022-06-22 02:12:23 +00:00
thiggy1342
f6c4b5c44b Merge branch 'experimental-manually-check-request-verb' of https://github.com/thiggy1342/codeql into experimental-manually-check-request-verb 2022-06-21 21:27:39 +00:00
thiggy1342
990747cd22 Limit findings to just those called in Controllers 2022-06-21 21:27:18 +00:00
thiggy1342
53729f99c5 restrict findings to just controller classes 2022-06-21 20:28:29 +00:00
thiggy1342
bbe17b3667 Merge branch 'experimental-strong-params' of https://github.com/thiggy1342/codeql into experimental-strong-params 2022-06-21 19:31:18 +00:00
thiggy1342
83b720d730 first draft of weak params query 2022-06-21 19:28:53 +00:00
thiggy1342
3478e7e910 first draft of weak params query 2022-06-18 20:43:58 +00:00
thiggy1342
0456870136 Merge branch 'main' into experimental-manually-check-request-verb 2022-06-18 15:21:53 -04:00
thiggy1342
ecb2114b7b replace duplicate post with put 2022-06-18 19:21:17 +00:00
thiggy1342
8b36191023 drop precision to low for now 2022-06-18 18:38:58 +00:00
thiggy1342
059c4d38ad refine query to use appropriate types 2022-06-18 18:26:45 +00:00
thiggy1342
8aa2602d9e trying to hone in on eq comparison and include? 2022-06-18 03:09:04 +00:00
thiggy1342
6bef71ea2c tweaks to tests 2022-06-14 02:17:12 +00:00
thiggy1342
7bdec98e6f draft tests 2022-06-14 02:13:15 +00:00
thiggy1342
c012c235c6 rough draft of check request verb query 2022-06-14 01:45:02 +00:00
Tony Torralba
9c941dc7ab Add Kotlin test for UnsafeAndroidAccess 2022-05-25 10:56:18 +02:00
Tony Torralba
f0b90b391f Add Kotlin test for CleartextStorageSharedPrefs 2022-05-25 10:56:18 +02:00
Tony Torralba
85fab20086 Add Expr::getUnderlyingExpr predicate 2022-05-25 10:56:18 +02:00
399 changed files with 17958 additions and 5091 deletions

View File

@@ -13,6 +13,11 @@ runs:
shell: bash shell: bash
run: echo "GA_CODEQL_CLI_PLATFORM=osx64" >> $GITHUB_ENV run: echo "GA_CODEQL_CLI_PLATFORM=osx64" >> $GITHUB_ENV
- name: Select platform - Windows
if: runner.os == 'Windows'
shell: bash
run: echo "GA_CODEQL_CLI_PLATFORM=win64" >> $GITHUB_ENV
- name: Fetch CodeQL - name: Fetch CodeQL
shell: bash shell: bash
run: | run: |

View File

@@ -10,9 +10,10 @@ env:
CARGO_TERM_COLOR: always CARGO_TERM_COLOR: always
jobs: jobs:
queries: analyze:
runs-on: ubuntu-latest runs-on: ubuntu-latest-xl
steps: steps:
### Build the queries ###
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- name: Find codeql - name: Find codeql
id: find-codeql id: find-codeql
@@ -48,11 +49,7 @@ jobs:
name: query-pack-zip name: query-pack-zip
path: ${{ runner.temp }}/query-pack.zip path: ${{ runner.temp }}/query-pack.zip
extractors: ### Build the extractor ###
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Cache entire extractor - name: Cache entire extractor
id: cache-extractor id: cache-extractor
uses: actions/cache@v3 uses: actions/cache@v3
@@ -96,15 +93,8 @@ jobs:
ql/target/release/ql-extractor ql/target/release/ql-extractor
ql/target/release/ql-extractor.exe ql/target/release/ql-extractor.exe
retention-days: 1 retention-days: 1
package:
runs-on: ubuntu-latest
needs: ### Package the queries and extractor ###
- extractors
- queries
steps:
- uses: actions/checkout@v3
- uses: actions/download-artifact@v3 - uses: actions/download-artifact@v3
with: with:
name: query-pack-zip name: query-pack-zip
@@ -132,16 +122,8 @@ jobs:
name: codeql-ql-pack name: codeql-ql-pack
path: codeql-ql.zip path: codeql-ql.zip
retention-days: 1 retention-days: 1
analyze:
runs-on: ubuntu-latest
strategy:
matrix:
folder: [cpp, csharp, java, javascript, python, ql, ruby, swift, go]
needs: ### Run the analysis ###
- package
steps:
- name: Download pack - name: Download pack
uses: actions/download-artifact@v3 uses: actions/download-artifact@v3
with: with:
@@ -161,14 +143,11 @@ jobs:
env: env:
PACK: ${{ runner.temp }}/pack PACK: ${{ runner.temp }}/pack
- name: Checkout repository
uses: actions/checkout@v3
- name: Create CodeQL config file - name: Create CodeQL config file
run: | run: |
echo "paths:" > ${CONF}
echo " - ${FOLDER}" >> ${CONF}
echo "paths-ignore:" >> ${CONF} echo "paths-ignore:" >> ${CONF}
echo " - ql/ql/test" >> ${CONF} echo " - ql/ql/test" >> ${CONF}
echo " - \"*/ql/lib/upgrades/\"" >> ${CONF}
echo "disable-default-queries: true" >> ${CONF} echo "disable-default-queries: true" >> ${CONF}
echo "packs:" >> ${CONF} echo "packs:" >> ${CONF}
echo " - codeql/ql" >> ${CONF} echo " - codeql/ql" >> ${CONF}
@@ -176,7 +155,6 @@ jobs:
cat ${CONF} cat ${CONF}
env: env:
CONF: ./ql-for-ql-config.yml CONF: ./ql-for-ql-config.yml
FOLDER: ${{ matrix.folder }}
- name: Initialize CodeQL - name: Initialize CodeQL
uses: github/codeql-action/init@aa93aea877e5fb8841bcb1193f672abf6e9f2980 uses: github/codeql-action/init@aa93aea877e5fb8841bcb1193f672abf6e9f2980
with: with:
@@ -187,39 +165,24 @@ jobs:
- name: Perform CodeQL Analysis - name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@aa93aea877e5fb8841bcb1193f672abf6e9f2980 uses: github/codeql-action/analyze@aa93aea877e5fb8841bcb1193f672abf6e9f2980
with: with:
category: "ql-for-ql-${{ matrix.folder }}" category: "ql-for-ql"
- name: Copy sarif file to CWD - name: Copy sarif file to CWD
run: cp ../results/ql.sarif ./${{ matrix.folder }}.sarif run: cp ../results/ql.sarif ./ql-for-ql.sarif
- name: Fixup the $scema in sarif # Until https://github.com/microsoft/sarif-vscode-extension/pull/436/ is part in a stable release - name: Fixup the $scema in sarif # Until https://github.com/microsoft/sarif-vscode-extension/pull/436/ is part in a stable release
run: | run: |
sed -i 's/\$schema.*/\$schema": "https:\/\/raw.githubusercontent.com\/oasis-tcs\/sarif-spec\/master\/Schemata\/sarif-schema-2.1.0",/' ${{ matrix.folder }}.sarif sed -i 's/\$schema.*/\$schema": "https:\/\/raw.githubusercontent.com\/oasis-tcs\/sarif-spec\/master\/Schemata\/sarif-schema-2.1.0",/' ql-for-ql.sarif
- name: Sarif as artifact - name: Sarif as artifact
uses: actions/upload-artifact@v3 uses: actions/upload-artifact@v3
with: with:
name: ${{ matrix.folder }}.sarif name: ql-for-ql.sarif
path: ${{ matrix.folder }}.sarif path: ql-for-ql.sarif
- name: Split out the sarif file into langs
combine:
runs-on: ubuntu-latest
needs:
- analyze
steps:
- uses: actions/checkout@v3
- name: Make a folder for artifacts.
run: mkdir -p results
- name: Download all sarif files
uses: actions/download-artifact@v3
with:
path: results
- uses: actions/setup-node@v3
with:
node-version: 16
- name: Combine all sarif files
run: | run: |
node ./ql/scripts/merge-sarif.js results/**/*.sarif combined.sarif mkdir split-sarif
- name: Upload combined sarif file node ./ql/scripts/split-sarif.js ql-for-ql.sarif split-sarif
- name: Upload langs as artifacts
uses: actions/upload-artifact@v3 uses: actions/upload-artifact@v3
with: with:
name: combined.sarif name: ql-for-ql-langs
path: combined.sarif path: split-sarif
retention-days: 1

View File

@@ -0,0 +1,17 @@
class Expr extends @expr {
string toString() { none() }
}
class Location extends @location_expr {
string toString() { none() }
}
predicate isExprWithNewBuiltin(Expr expr) {
exists(int kind | exprs(expr, kind, _) | 330 <= kind and kind <= 334)
}
from Expr expr, int kind, int kind_new, Location location
where
exprs(expr, kind, location) and
if isExprWithNewBuiltin(expr) then kind_new = 0 else kind_new = kind
select expr, kind_new, location

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

View File

@@ -0,0 +1,3 @@
description: Add new builtin operations
compatibility: partial
exprs.rel: run exprs.qlo

View File

@@ -0,0 +1,4 @@
---
category: fix
---
* Under certain circumstances a variable declaration that is not also a definition could be associated with a `Variable` that did not have the definition as a `VariableDeclarationEntry`. This is now fixed, and a unique `Variable` will exist that has both the declaration and the definition as a `VariableDeclarationEntry`.

View File

@@ -0,0 +1,4 @@
---
category: feature
---
* Added subclasses of `BuiltInOperations` for `__builtin_bit_cast`, `__builtin_shuffle`, `__has_unique_object_representations`, `__is_aggregate`, and `__is_assignable`.

View File

@@ -1,5 +1,5 @@
name: codeql/cpp-all name: codeql/cpp-all
version: 0.3.1 version: 0.3.2-dev
groups: cpp groups: cpp
dbscheme: semmlecode.cpp.dbscheme dbscheme: semmlecode.cpp.dbscheme
extractor: cpp extractor: cpp

View File

@@ -6,6 +6,7 @@
import semmle.code.cpp.Location import semmle.code.cpp.Location
private import semmle.code.cpp.Enclosing private import semmle.code.cpp.Enclosing
private import semmle.code.cpp.internal.ResolveClass private import semmle.code.cpp.internal.ResolveClass
private import semmle.code.cpp.internal.ResolveGlobalVariable
/** /**
* Get the `Element` that represents this `@element`. * Get the `Element` that represents this `@element`.
@@ -28,9 +29,12 @@ Element mkElement(@element e) { unresolveElement(result) = e }
pragma[inline] pragma[inline]
@element unresolveElement(Element e) { @element unresolveElement(Element e) {
not result instanceof @usertype and not result instanceof @usertype and
not result instanceof @variable and
result = e result = e
or or
e = resolveClass(result) e = resolveClass(result)
or
e = resolveGlobalVariable(result)
} }
/** /**

View File

@@ -6,6 +6,7 @@ import semmle.code.cpp.Element
import semmle.code.cpp.exprs.Access import semmle.code.cpp.exprs.Access
import semmle.code.cpp.Initializer import semmle.code.cpp.Initializer
private import semmle.code.cpp.internal.ResolveClass private import semmle.code.cpp.internal.ResolveClass
private import semmle.code.cpp.internal.ResolveGlobalVariable
/** /**
* A C/C++ variable. For example, in the following code there are four * A C/C++ variable. For example, in the following code there are four
@@ -32,6 +33,8 @@ private import semmle.code.cpp.internal.ResolveClass
* can have multiple declarations. * can have multiple declarations.
*/ */
class Variable extends Declaration, @variable { class Variable extends Declaration, @variable {
Variable() { isVariable(underlyingElement(this)) }
override string getAPrimaryQlClass() { result = "Variable" } override string getAPrimaryQlClass() { result = "Variable" }
/** Gets the initializer of this variable, if any. */ /** Gets the initializer of this variable, if any. */

View File

@@ -121,7 +121,7 @@ class BuiltInNoOp extends BuiltInOperation, @noopexpr {
/** /**
* A C/C++ `__builtin_offsetof` built-in operation (used by some implementations * A C/C++ `__builtin_offsetof` built-in operation (used by some implementations
* of `offsetof`). The operation retains its semantics even in the presence * of `offsetof`). The operation retains its semantics even in the presence
* of an overloaded `operator &`). This is a GNU/Clang extension. * of an overloaded `operator &`). This is a gcc/clang extension.
* ``` * ```
* struct S { * struct S {
* int a, b; * int a, b;
@@ -479,8 +479,7 @@ class BuiltInOperationBuiltInTypesCompatibleP extends BuiltInOperation, @typesco
/** /**
* A clang `__builtin_shufflevector` expression. * A clang `__builtin_shufflevector` expression.
* *
* It outputs a permutation of elements from one or two input vectors. * It outputs a permutation of elements from one or two input vectors. See
* Please see
* https://releases.llvm.org/3.7.0/tools/clang/docs/LanguageExtensions.html#langext-builtin-shufflevector * https://releases.llvm.org/3.7.0/tools/clang/docs/LanguageExtensions.html#langext-builtin-shufflevector
* for more information. * for more information.
* ``` * ```
@@ -494,11 +493,29 @@ class BuiltInOperationBuiltInShuffleVector extends BuiltInOperation, @builtinshu
override string getAPrimaryQlClass() { result = "BuiltInOperationBuiltInShuffleVector" } override string getAPrimaryQlClass() { result = "BuiltInOperationBuiltInShuffleVector" }
} }
/**
* A gcc `__builtin_shuffle` expression.
*
* It outputs a permutation of elements from one or two input vectors.
* See https://gcc.gnu.org/onlinedocs/gcc/Vector-Extensions.html
* for more information.
* ```
* // Concatenate every other element of 4-element vectors V1 and V2.
* M = {0, 2, 4, 6};
* V3 = __builtin_shuffle(V1, V2, M);
* ```
*/
class BuiltInOperationBuiltInShuffle extends BuiltInOperation, @builtinshuffle {
override string toString() { result = "__builtin_shuffle" }
override string getAPrimaryQlClass() { result = "BuiltInOperationBuiltInShuffle" }
}
/** /**
* A clang `__builtin_convertvector` expression. * A clang `__builtin_convertvector` expression.
* *
* Allows for conversion of vectors of equal element count and compatible * Allows for conversion of vectors of equal element count and compatible
* element types. Please see * element types. See
* https://releases.llvm.org/3.7.0/tools/clang/docs/LanguageExtensions.html#builtin-convertvector * https://releases.llvm.org/3.7.0/tools/clang/docs/LanguageExtensions.html#builtin-convertvector
* for more information. * for more information.
* ``` * ```
@@ -612,13 +629,10 @@ class BuiltInOperationIsTriviallyDestructible extends BuiltInOperation, @istrivi
* The `__is_trivially_assignable` built-in operation (used by some * The `__is_trivially_assignable` built-in operation (used by some
* implementations of the `<type_traits>` header). * implementations of the `<type_traits>` header).
* *
* Returns `true` if the assignment operator `C::operator =(const C& c)` is * Returns `true` if the assignment operator `C::operator =(const D& d)` is
* trivial. * trivial (i.e., it will not call any operation that is non-trivial).
* ``` * ```
* template<typename T> * bool v = __is_trivially_assignable(MyType1, MyType2);
* struct is_trivially_assignable
* : public integral_constant<bool, __is_trivially_assignable(T) >
* { };
* ``` * ```
*/ */
class BuiltInOperationIsTriviallyAssignable extends BuiltInOperation, @istriviallyassignableexpr { class BuiltInOperationIsTriviallyAssignable extends BuiltInOperation, @istriviallyassignableexpr {
@@ -631,10 +645,10 @@ class BuiltInOperationIsTriviallyAssignable extends BuiltInOperation, @istrivial
* The `__is_nothrow_assignable` built-in operation (used by some * The `__is_nothrow_assignable` built-in operation (used by some
* implementations of the `<type_traits>` header). * implementations of the `<type_traits>` header).
* *
* Returns true if there exists a `C::operator =(const C& c) nothrow` * Returns true if there exists a `C::operator =(const D& d) nothrow`
* assignment operator (i.e, with an empty exception specification). * assignment operator (i.e, with an empty exception specification).
* ``` * ```
* bool v = __is_nothrow_assignable(MyType); * bool v = __is_nothrow_assignable(MyType1, MyType2);
* ``` * ```
*/ */
class BuiltInOperationIsNothrowAssignable extends BuiltInOperation, @isnothrowassignableexpr { class BuiltInOperationIsNothrowAssignable extends BuiltInOperation, @isnothrowassignableexpr {
@@ -643,15 +657,30 @@ class BuiltInOperationIsNothrowAssignable extends BuiltInOperation, @isnothrowas
override string getAPrimaryQlClass() { result = "BuiltInOperationIsNothrowAssignable" } override string getAPrimaryQlClass() { result = "BuiltInOperationIsNothrowAssignable" }
} }
/**
* The `__is_assignable` built-in operation (used by some implementations
* of the `<type_traits>` header).
*
* Returns true if there exists a `C::operator =(const D& d)` assignment
* operator.
* ```
* bool v = __is_assignable(MyType1, MyType2);
* ```
*/
class BuiltInOperationIsAssignable extends BuiltInOperation, @isassignable {
override string toString() { result = "__is_assignable" }
override string getAPrimaryQlClass() { result = "BuiltInOperationIsAssignable" }
}
/** /**
* The `__is_standard_layout` built-in operation (used by some implementations * The `__is_standard_layout` built-in operation (used by some implementations
* of the `<type_traits>` header). * of the `<type_traits>` header).
* *
* Returns `true` if the type is a primitive type, or a `class`, `struct` or * Returns `true` if the type is a primitive type, or a `class`, `struct` or
* `union` WITHOUT (1) virtual functions or base classes, (2) reference member * `union` without (1) virtual functions or base classes, (2) reference member
* variable or (3) multiple occurrences of base `class` objects, among other * variable, or (3) multiple occurrences of base `class` objects, among other
* restrictions. Please see * restrictions. See https://en.cppreference.com/w/cpp/named_req/StandardLayoutType
* https://en.cppreference.com/w/cpp/named_req/StandardLayoutType
* for more information. * for more information.
* ``` * ```
* bool v = __is_standard_layout(MyType); * bool v = __is_standard_layout(MyType);
@@ -682,7 +711,7 @@ class BuiltInOperationIsTriviallyCopyable extends BuiltInOperation, @istrivially
* the `<type_traits>` header). * the `<type_traits>` header).
* *
* Returns `true` if the type is a scalar type, a reference type or an array of * Returns `true` if the type is a scalar type, a reference type or an array of
* literal types, among others. Please see * literal types, among others. See
* https://en.cppreference.com/w/cpp/named_req/LiteralType * https://en.cppreference.com/w/cpp/named_req/LiteralType
* for more information. * for more information.
* *
@@ -803,7 +832,7 @@ class BuiltInOperationHasFinalizer extends BuiltInOperation, @hasfinalizerexpr {
* The `__is_delegate` built-in operation. This is a Microsoft extension. * The `__is_delegate` built-in operation. This is a Microsoft extension.
* *
* Returns `true` if the function has been declared as a `delegate`, used in * Returns `true` if the function has been declared as a `delegate`, used in
* message forwarding. Please see * message forwarding. See
* https://docs.microsoft.com/en-us/cpp/extensions/delegate-cpp-component-extensions * https://docs.microsoft.com/en-us/cpp/extensions/delegate-cpp-component-extensions
* for more information. * for more information.
*/ */
@@ -816,7 +845,7 @@ class BuiltInOperationIsDelegate extends BuiltInOperation, @isdelegateexpr {
/** /**
* The `__is_interface_class` built-in operation. This is a Microsoft extension. * The `__is_interface_class` built-in operation. This is a Microsoft extension.
* *
* Returns `true` if the type has been declared as an `interface`. Please see * Returns `true` if the type has been declared as an `interface`. See
* https://docs.microsoft.com/en-us/cpp/extensions/interface-class-cpp-component-extensions * https://docs.microsoft.com/en-us/cpp/extensions/interface-class-cpp-component-extensions
* for more information. * for more information.
*/ */
@@ -829,7 +858,7 @@ class BuiltInOperationIsInterfaceClass extends BuiltInOperation, @isinterfacecla
/** /**
* The `__is_ref_array` built-in operation. This is a Microsoft extension. * The `__is_ref_array` built-in operation. This is a Microsoft extension.
* *
* Returns `true` if the object passed in is a _platform array_. Please see * Returns `true` if the object passed in is a _platform array_. See
* https://docs.microsoft.com/en-us/cpp/extensions/arrays-cpp-component-extensions * https://docs.microsoft.com/en-us/cpp/extensions/arrays-cpp-component-extensions
* for more information. * for more information.
* ``` * ```
@@ -846,7 +875,7 @@ class BuiltInOperationIsRefArray extends BuiltInOperation, @isrefarrayexpr {
/** /**
* The `__is_ref_class` built-in operation. This is a Microsoft extension. * The `__is_ref_class` built-in operation. This is a Microsoft extension.
* *
* Returns `true` if the type is a _reference class_. Please see * Returns `true` if the type is a _reference class_. See
* https://docs.microsoft.com/en-us/cpp/extensions/classes-and-structs-cpp-component-extensions * https://docs.microsoft.com/en-us/cpp/extensions/classes-and-structs-cpp-component-extensions
* for more information. * for more information.
* ``` * ```
@@ -900,7 +929,7 @@ class BuiltInOperationIsSimpleValueClass extends BuiltInOperation, @issimplevalu
/** /**
* The `__is_value_class` built-in operation. This is a Microsoft extension. * The `__is_value_class` built-in operation. This is a Microsoft extension.
* *
* Returns `true` if passed a value type. Please see * Returns `true` if passed a value type. See
* https://docs.microsoft.com/en-us/cpp/extensions/classes-and-structs-cpp-component-extensions * https://docs.microsoft.com/en-us/cpp/extensions/classes-and-structs-cpp-component-extensions
* For more information. * For more information.
* ``` * ```
@@ -933,7 +962,7 @@ class BuiltInOperationIsFinal extends BuiltInOperation, @isfinalexpr {
} }
/** /**
* The `__builtin_choose_expr` expression. This is a GNU/Clang extension. * The `__builtin_choose_expr` expression. This is a gcc/clang extension.
* *
* The expression functions similarly to the ternary `?:` operator, except * The expression functions similarly to the ternary `?:` operator, except
* that it is evaluated at compile-time. * that it is evaluated at compile-time.
@@ -978,3 +1007,50 @@ class BuiltInComplexOperation extends BuiltInOperation, @builtincomplex {
/** Gets the operand corresponding to the imaginary part of the complex number. */ /** Gets the operand corresponding to the imaginary part of the complex number. */
Expr getImaginaryOperand() { this.hasChild(result, 1) } Expr getImaginaryOperand() { this.hasChild(result, 1) }
} }
/**
* A C++ `__is_aggregate` built-in operation (used by some implementations of the
* `<type_traits>` header).
*
* Returns `true` if the type has is an aggregate type.
* ```
* std::integral_constant<bool, __is_aggregate(_Tp)> ia;
* ```
*/
class BuiltInOperationIsAggregate extends BuiltInOperation, @isaggregate {
override string toString() { result = "__is_aggregate" }
override string getAPrimaryQlClass() { result = "BuiltInOperationIsAggregate" }
}
/**
* A C++ `__has_unique_object_representations` built-in operation (used by some
* implementations of the `<type_traits>` header).
*
* Returns `true` if the type is trivially copyable and if the object representation
* is unique for two objects with the same value.
* ```
* bool v = __has_unique_object_representations(MyType);
* ```
*/
class BuiltInOperationHasUniqueObjectRepresentations extends BuiltInOperation,
@hasuniqueobjectrepresentations {
override string toString() { result = "__has_unique_object_representations" }
override string getAPrimaryQlClass() { result = "BuiltInOperationHasUniqueObjectRepresentations" }
}
/**
* A C/C++ `__builtin_bit_cast` built-in operation (used by some implementations
* of `std::bit_cast`).
*
* Performs a bit cast from a value to a type.
* ```
* __builtin_bit_cast(Type, value);
* ```
*/
class BuiltInBitCast extends BuiltInOperation, @builtinbitcast {
override string toString() { result = "__builtin_bit_cast" }
override string getAPrimaryQlClass() { result = "BuiltInBitCast" }
}

View File

@@ -596,9 +596,12 @@ class ParenthesisExpr extends Conversion, @parexpr {
} }
/** /**
* A C/C++ expression that has not been resolved. * A C/C++ expression that could not be resolved, or that can no longer be
* represented due to a database upgrade or downgrade.
* *
* It is assigned `ErroneousType` as its type. * If the expression could not be resolved, it has type `ErroneousType`. In the
* case of a database upgrade or downgrade, the original type from before the
* upgrade or downgrade is kept if that type can be represented.
*/ */
class ErrorExpr extends Expr, @errorexpr { class ErrorExpr extends Expr, @errorexpr {
override string toString() { result = "<error expr>" } override string toString() { result = "<error expr>" }

View File

@@ -0,0 +1,57 @@
private predicate hasDefinition(@globalvariable g) {
exists(@var_decl vd | var_decls(vd, g, _, _, _) | var_def(vd))
}
private predicate onlyOneCompleteGlobalVariableExistsWithMangledName(@mangledname name) {
strictcount(@globalvariable g | hasDefinition(g) and mangled_name(g, name)) = 1
}
/** Holds if `g` is a unique global variable with a definition named `name`. */
private predicate isGlobalWithMangledNameAndWithDefinition(@mangledname name, @globalvariable g) {
hasDefinition(g) and
mangled_name(g, name) and
onlyOneCompleteGlobalVariableExistsWithMangledName(name)
}
/** Holds if `g` is a global variable without a definition named `name`. */
private predicate isGlobalWithMangledNameAndWithoutDefinition(@mangledname name, @globalvariable g) {
not hasDefinition(g) and
mangled_name(g, name)
}
/**
* Holds if `incomplete` is a global variable without a definition, and there exists
* a unique global variable `complete` with the same name that does have a definition.
*/
private predicate hasTwinWithDefinition(@globalvariable incomplete, @globalvariable complete) {
exists(@mangledname name |
not variable_instantiation(incomplete, complete) and
isGlobalWithMangledNameAndWithoutDefinition(name, incomplete) and
isGlobalWithMangledNameAndWithDefinition(name, complete)
)
}
import Cached
cached
private module Cached {
/**
* If `v` is a global variable without a definition, and there exists a unique
* global variable with the same name that does have a definition, then the
* result is that unique global variable. Otherwise, the result is `v`.
*/
cached
@variable resolveGlobalVariable(@variable v) {
hasTwinWithDefinition(v, result)
or
not hasTwinWithDefinition(v, _) and
result = v
}
cached
predicate isVariable(@variable v) {
not v instanceof @globalvariable
or
v = resolveGlobalVariable(_)
}
}

View File

@@ -1650,6 +1650,11 @@ case @expr.kind of
| 327 = @co_await | 327 = @co_await
| 328 = @co_yield | 328 = @co_yield
| 329 = @temp_init | 329 = @temp_init
| 330 = @isassignable
| 331 = @isaggregate
| 332 = @hasuniqueobjectrepresentations
| 333 = @builtinbitcast
| 334 = @builtinshuffle
; ;
@var_args_expr = @vastartexpr @var_args_expr = @vastartexpr
@@ -1711,6 +1716,11 @@ case @expr.kind of
| @isfinalexpr | @isfinalexpr
| @builtinchooseexpr | @builtinchooseexpr
| @builtincomplex | @builtincomplex
| @isassignable
| @isaggregate
| @hasuniqueobjectrepresentations
| @builtinbitcast
| @builtinshuffle
; ;
new_allocated_type( new_allocated_type(

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

View File

@@ -0,0 +1,2 @@
description: Add new builtin operations
compatibility: backwards

View File

@@ -74,13 +74,12 @@ class ReturnStackAllocatedMemoryConfig extends MustFlowConfiguration {
from from
MustFlowPathNode source, MustFlowPathNode sink, VariableAddressInstruction var, MustFlowPathNode source, MustFlowPathNode sink, VariableAddressInstruction var,
ReturnStackAllocatedMemoryConfig conf, Function f ReturnStackAllocatedMemoryConfig conf
where where
conf.hasFlowPath(source, sink) and conf.hasFlowPath(pragma[only_bind_into](source), pragma[only_bind_into](sink)) and
source.getNode().asInstruction() = var and source.getNode().asInstruction() = var and
// Only raise an alert if we're returning from the _same_ callable as the on that // Only raise an alert if we're returning from the _same_ callable as the on that
// declared the stack variable. // declared the stack variable.
var.getEnclosingFunction() = pragma[only_bind_into](f) and var.getEnclosingFunction() = sink.getNode().getEnclosingCallable()
sink.getNode().getEnclosingCallable() = pragma[only_bind_into](f)
select sink.getNode(), source, sink, "May return stack-allocated memory from $@.", var.getAst(), select sink.getNode(), source, sink, "May return stack-allocated memory from $@.", var.getAst(),
var.getAst().toString() var.getAst().toString()

View File

@@ -77,7 +77,7 @@ class ExecState extends DataFlow::FlowState {
ExecState() { ExecState() {
this = this =
"ExecState (" + fst.getLocation() + " | " + fst + ", " + snd.getLocation() + " | " + snd + ")" and "ExecState (" + fst.getLocation() + " | " + fst + ", " + snd.getLocation() + " | " + snd + ")" and
interestingConcatenation(fst, snd) interestingConcatenation(pragma[only_bind_into](fst), pragma[only_bind_into](snd))
} }
DataFlow::Node getFstNode() { result = fst } DataFlow::Node getFstNode() { result = fst }

View File

@@ -1,5 +1,5 @@
name: codeql/cpp-queries name: codeql/cpp-queries
version: 0.3.0 version: 0.3.1-dev
groups: groups:
- cpp - cpp
- queries - queries

View File

@@ -1,4 +1,4 @@
// semmle-extractor-options: --clang
struct mystruct { struct mystruct {
int f1; int f1;
int f2; int f2;
@@ -13,3 +13,6 @@ void f(void) {
int i2 = edg_offsetof(struct mystruct,f2); int i2 = edg_offsetof(struct mystruct,f2);
} }
void g(void) {
double f = __builtin_bit_cast(double,42l);
}

View File

@@ -13,3 +13,6 @@
| edg.c:13:14:13:45 | (size_t)... | 0 | 0 | | edg.c:13:14:13:45 | (size_t)... | 0 | 0 |
| edg.c:13:14:13:45 | __INTADDR__ | 1 | 1 | | edg.c:13:14:13:45 | __INTADDR__ | 1 | 1 |
| edg.c:13:43:13:44 | f2 | 0 | 0 | | edg.c:13:43:13:44 | f2 | 0 | 0 |
| edg.c:17:16:17:45 | __builtin_bit_cast | 1 | 1 |
| edg.c:17:16:17:45 | double | 0 | 0 |
| edg.c:17:42:17:44 | 42 | 1 | 1 |

View File

@@ -296,3 +296,20 @@
| ms.cpp:255:24:255:43 | a_struct | | <none> | | ms.cpp:255:24:255:43 | a_struct | | <none> |
| ms.cpp:256:24:256:49 | __is_final | a_final_struct | 1 | | ms.cpp:256:24:256:49 | __is_final | a_final_struct | 1 |
| ms.cpp:256:24:256:49 | a_final_struct | | <none> | | ms.cpp:256:24:256:49 | a_final_struct | | <none> |
| ms.cpp:258:29:258:62 | __is_assignable | a_struct,a_struct | 1 |
| ms.cpp:258:29:258:62 | a_struct | | <none> |
| ms.cpp:258:29:258:62 | a_struct | | <none> |
| ms.cpp:259:29:259:59 | __is_assignable | a_struct,empty | 0 |
| ms.cpp:259:29:259:59 | a_struct | | <none> |
| ms.cpp:259:29:259:59 | empty | | <none> |
| ms.cpp:260:29:260:57 | __is_assignable | a_struct,int | 0 |
| ms.cpp:260:29:260:57 | a_struct | | <none> |
| ms.cpp:260:29:260:57 | int | | <none> |
| ms.cpp:262:28:262:51 | __is_aggregate | a_struct | 1 |
| ms.cpp:262:28:262:51 | a_struct | | <none> |
| ms.cpp:263:28:263:46 | __is_aggregate | int | 0 |
| ms.cpp:263:28:263:46 | int | | <none> |
| ms.cpp:265:49:265:88 | __has_unique_object_representations | int | 1 |
| ms.cpp:265:49:265:88 | int | | <none> |
| ms.cpp:266:49:266:90 | __has_unique_object_representations | float | 0 |
| ms.cpp:266:49:266:90 | float | | <none> |

View File

@@ -254,5 +254,14 @@ void f(void) {
bool b_is_final1 = __is_final(a_struct); bool b_is_final1 = __is_final(a_struct);
bool b_is_final2 = __is_final(a_final_struct); bool b_is_final2 = __is_final(a_final_struct);
}
bool b_is_assignable1 = __is_assignable(a_struct,a_struct);
bool b_is_assignable2 = __is_assignable(a_struct,empty);
bool b_is_assignable3 = __is_assignable(a_struct,int);
bool b_is_aggregate1 = __is_aggregate(a_struct);
bool b_is_aggregate2 = __is_aggregate(int);
bool b_has_unique_object_representations1 = __has_unique_object_representations(int);
bool b_has_unique_object_representations2 = __has_unique_object_representations(float);
}

View File

@@ -4,11 +4,7 @@
| c.c:6:5:6:6 | ls | array of 4 {int} | 1 | | c.c:6:5:6:6 | ls | array of 4 {int} | 1 |
| c.c:8:5:8:7 | iss | array of 4 {array of 2 {int}} | 1 | | c.c:8:5:8:7 | iss | array of 4 {array of 2 {int}} | 1 |
| c.c:12:11:12:11 | i | typedef {int} as "int_alias" | 1 | | c.c:12:11:12:11 | i | typedef {int} as "int_alias" | 1 |
| c.h:4:12:4:13 | ks | array of {int} | 1 |
| c.h:8:12:8:14 | iss | array of {array of 2 {int}} | 1 |
| c.h:10:12:10:12 | i | int | 1 |
| d.cpp:3:7:3:8 | xs | array of {int} | 1 | | d.cpp:3:7:3:8 | xs | array of {int} | 1 |
| d.h:3:14:3:15 | xs | array of 2 {int} | 1 |
| file://:0:0:0:0 | (unnamed parameter 0) | reference to {const {struct __va_list_tag}} | 1 | | file://:0:0:0:0 | (unnamed parameter 0) | reference to {const {struct __va_list_tag}} | 1 |
| file://:0:0:0:0 | (unnamed parameter 0) | rvalue reference to {struct __va_list_tag} | 1 | | file://:0:0:0:0 | (unnamed parameter 0) | rvalue reference to {struct __va_list_tag} | 1 |
| file://:0:0:0:0 | fp_offset | unsigned int | 1 | | file://:0:0:0:0 | fp_offset | unsigned int | 1 |

View File

@@ -1,2 +1,4 @@
| vector_types2.cpp:10:15:10:42 | __builtin_shuffle |
| vector_types2.cpp:11:15:11:45 | __builtin_shuffle |
| vector_types.cpp:31:13:31:49 | __builtin_shufflevector | | vector_types.cpp:31:13:31:49 | __builtin_shufflevector |
| vector_types.cpp:58:10:58:52 | __builtin_convertvector | | vector_types.cpp:58:10:58:52 | __builtin_convertvector |

View File

@@ -13,6 +13,12 @@
| file://:0:0:0:0 | gp_offset | gp_offset | file://:0:0:0:0 | unsigned int | 4 | | file://:0:0:0:0 | gp_offset | gp_offset | file://:0:0:0:0 | unsigned int | 4 |
| file://:0:0:0:0 | overflow_arg_area | overflow_arg_area | file://:0:0:0:0 | void * | 8 | | file://:0:0:0:0 | overflow_arg_area | overflow_arg_area | file://:0:0:0:0 | void * | 8 |
| file://:0:0:0:0 | reg_save_area | reg_save_area | file://:0:0:0:0 | void * | 8 | | file://:0:0:0:0 | reg_save_area | reg_save_area | file://:0:0:0:0 | void * | 8 |
| vector_types2.cpp:5:7:5:7 | a | a | vector_types2.cpp:2:13:2:15 | v4i | 16 |
| vector_types2.cpp:6:7:6:7 | b | b | vector_types2.cpp:2:13:2:15 | v4i | 16 |
| vector_types2.cpp:7:7:7:12 | mask_1 | mask_1 | vector_types2.cpp:2:13:2:15 | v4i | 16 |
| vector_types2.cpp:8:7:8:12 | mask_2 | mask_2 | vector_types2.cpp:2:13:2:15 | v4i | 16 |
| vector_types2.cpp:10:7:10:11 | res_1 | res_1 | vector_types2.cpp:2:13:2:15 | v4i | 16 |
| vector_types2.cpp:11:7:11:11 | res_2 | res_2 | vector_types2.cpp:2:13:2:15 | v4i | 16 |
| vector_types.cpp:9:21:9:21 | x | x | vector_types.cpp:6:15:6:17 | v4f | 16 | | vector_types.cpp:9:21:9:21 | x | x | vector_types.cpp:6:15:6:17 | v4f | 16 |
| vector_types.cpp:14:18:14:20 | lhs | lhs | vector_types.cpp:6:15:6:17 | v4f | 16 | | vector_types.cpp:14:18:14:20 | lhs | lhs | vector_types.cpp:6:15:6:17 | v4f | 16 |
| vector_types.cpp:14:27:14:29 | rhs | rhs | vector_types.cpp:6:15:6:17 | v4f | 16 | | vector_types.cpp:14:27:14:29 | rhs | rhs | vector_types.cpp:6:15:6:17 | v4f | 16 |

View File

@@ -0,0 +1,12 @@
// semmle-extractor-options: --gnu --gnu_version 80000
typedef int v4i __attribute__((vector_size (16)));
void f() {
v4i a = {1,2,3,4};
v4i b = {5,6,7,8};
v4i mask_1 = {3,0,1,2};
v4i mask_2 = {3,5,4,2};
v4i res_1 = __builtin_shuffle(a, mask_1);
v4i res_2 = __builtin_shuffle(a, b, mask_2);
}

View File

@@ -1,5 +1,5 @@
name: codeql/csharp-solorigate-all name: codeql/csharp-solorigate-all
version: 1.2.1 version: 1.2.2-dev
groups: groups:
- csharp - csharp
- solorigate - solorigate

View File

@@ -1,5 +1,5 @@
name: codeql/csharp-solorigate-queries name: codeql/csharp-solorigate-queries
version: 1.2.1 version: 1.2.2-dev
groups: groups:
- csharp - csharp
- solorigate - solorigate

View File

@@ -1,5 +1,5 @@
name: codeql/csharp-all name: codeql/csharp-all
version: 0.3.1 version: 0.3.2-dev
groups: csharp groups: csharp
dbscheme: semmlecode.csharp.dbscheme dbscheme: semmlecode.csharp.dbscheme
extractor: csharp extractor: csharp

View File

@@ -881,7 +881,12 @@ import Cached
* graph is restricted to nodes from `RelevantNode`. * graph is restricted to nodes from `RelevantNode`.
*/ */
module TestOutput { module TestOutput {
abstract class RelevantNode extends Node { } abstract class RelevantNode extends Node {
/**
* Gets a string used to resolve ties in node and edge ordering.
*/
string getOrderDisambuigation() { result = "" }
}
query predicate nodes(RelevantNode n, string attr, string val) { query predicate nodes(RelevantNode n, string attr, string val) {
attr = "semmle.order" and attr = "semmle.order" and
@@ -894,7 +899,8 @@ module TestOutput {
p p
order by order by
l.getFile().getBaseName(), l.getFile().getAbsolutePath(), l.getStartLine(), l.getFile().getBaseName(), l.getFile().getAbsolutePath(), l.getStartLine(),
l.getStartColumn(), l.getEndLine(), l.getEndColumn(), p.toString() l.getStartColumn(), l.getEndLine(), l.getEndColumn(), p.toString(),
p.getOrderDisambuigation()
) )
).toString() ).toString()
} }
@@ -916,7 +922,8 @@ module TestOutput {
s s
order by order by
l.getFile().getBaseName(), l.getFile().getAbsolutePath(), l.getStartLine(), l.getFile().getBaseName(), l.getFile().getAbsolutePath(), l.getStartLine(),
l.getStartColumn(), l.getEndLine(), l.getEndColumn(), t.toString() l.getStartColumn(), l.getEndLine(), l.getEndColumn(), t.toString(), s.toString(),
s.getOrderDisambuigation()
) )
).toString() ).toString()
} }

View File

@@ -0,0 +1,44 @@
{
SymmetricKey aesKey = new SymmetricKey(kid: "symencryptionkey");
// BAD: Using the outdated client side encryption version V1_0
BlobEncryptionPolicy uploadPolicy = new BlobEncryptionPolicy(key: aesKey, keyResolver: null);
BlobRequestOptions uploadOptions = new BlobRequestOptions() { EncryptionPolicy = uploadPolicy };
MemoryStream stream = new MemoryStream(buffer);
blob.UploadFromStream(stream, length: size, accessCondition: null, options: uploadOptions);
}
var client = new BlobClient(myConnectionString, new SpecializedBlobClientOptions()
{
// BAD: Using an outdated SDK that does not support client side encryption version V2_0
ClientSideEncryption = new ClientSideEncryptionOptions()
{
KeyEncryptionKey = myKey,
KeyResolver = myKeyResolver,
KeyWrapAlgorihm = myKeyWrapAlgorithm
}
});
var client = new BlobClient(myConnectionString, new SpecializedBlobClientOptions()
{
// BAD: Using the outdated client side encryption version V1_0
ClientSideEncryption = new ClientSideEncryptionOptions(ClientSideEncryptionVersion.V1_0)
{
KeyEncryptionKey = myKey,
KeyResolver = myKeyResolver,
KeyWrapAlgorihm = myKeyWrapAlgorithm
}
});
var client = new BlobClient(myConnectionString, new SpecializedBlobClientOptions()
{
// GOOD: Using client side encryption version V2_0
ClientSideEncryption = new ClientSideEncryptionOptions(ClientSideEncryptionVersion.V2_0)
{
KeyEncryptionKey = myKey,
KeyResolver = myKeyResolver,
KeyWrapAlgorihm = myKeyWrapAlgorithm
}
});

View File

@@ -0,0 +1,29 @@
<!DOCTYPE qhelp PUBLIC "-//Semmle//qhelp//EN" "qhelp.dtd">
<qhelp>
<overview>
<p>Azure Storage .NET, Java, and Python SDKs support encryption on the client with a customer-managed key that is maintained in Azure Key Vault or another key store.</p>
<p>Current release versions of the Azure Storage SDKs use cipher block chaining (CBC mode) for client-side encryption (referred to as <code>v1</code>).</p>
</overview>
<recommendation>
<p>Consider switching to <code>v2</code> client-side encryption.</p>
</recommendation>
<example>
<sample src="UnsafeUsageOfClientSideEncryptionVersion.cs" />
</example>
<references>
<li>
<a href="http://aka.ms/azstorageclientencryptionblog">Azure Storage Client Encryption Blog.</a>
</li>
<li>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30187">CVE-2022-30187</a>
</li>
</references>
</qhelp>

View File

@@ -0,0 +1,81 @@
/**
* @name Unsafe usage of v1 version of Azure Storage client-side encryption (CVE-2022-30187).
* @description Unsafe usage of v1 version of Azure Storage client-side encryption, please refer to http://aka.ms/azstorageclientencryptionblog
* @kind problem
* @tags security
* cryptography
* external/cwe/cwe-327
* @id cs/azure-storage/unsafe-usage-of-client-side-encryption-version
* @problem.severity error
* @precision high
*/
import csharp
/**
* Holds if `oc` is creating an object of type `c` = `Azure.Storage.ClientSideEncryptionOptions`
* and `e` is the `version` argument to the constructor
*/
predicate isCreatingAzureClientSideEncryptionObject(ObjectCreation oc, Class c, Expr e) {
exists(Parameter p | p.hasName("version") |
c.hasQualifiedName("Azure.Storage.ClientSideEncryptionOptions") and
oc.getTarget() = c.getAConstructor() and
e = oc.getArgumentForParameter(p)
)
}
/**
* Holds if `oc` is an object creation of the outdated type `c` = `Microsoft.Azure.Storage.Blob.BlobEncryptionPolicy`
*/
predicate isCreatingOutdatedAzureClientSideEncryptionObject(ObjectCreation oc, Class c) {
c.hasQualifiedName("Microsoft.Azure.Storage.Blob.BlobEncryptionPolicy") and
oc.getTarget() = c.getAConstructor()
}
/**
* Holds if the Azure.Storage assembly for `c` is a version known to support
* version 2+ for client-side encryption
*/
predicate doesAzureStorageAssemblySupportSafeClientSideEncryption(Assembly asm) {
exists(int versionCompare |
versionCompare = asm.getVersion().compareTo("12.12.0.0") and
versionCompare >= 0
) and
asm.getName() = "Azure.Storage.Common"
}
/**
* Holds if the Azure.Storage assembly for `c` is a version known to support
* version 2+ for client-side encryption and if the argument for the constructor `version`
* is set to a secure value.
*/
predicate isObjectCreationArgumentSafeAndUsingSafeVersionOfAssembly(Expr versionExpr, Assembly asm) {
// Check if the Azure.Storage assembly version has the fix
doesAzureStorageAssemblySupportSafeClientSideEncryption(asm) and
// and that the version argument for the constructor is guaranteed to be Version2
isExprAnAccessToSafeClientSideEncryptionVersionValue(versionExpr)
}
/**
* Holds if the expression `e` is an access to a safe version of the enum `ClientSideEncryptionVersion`
* or an equivalent numeric value
*/
predicate isExprAnAccessToSafeClientSideEncryptionVersionValue(Expr e) {
exists(EnumConstant ec |
ec.hasQualifiedName("Azure.Storage.ClientSideEncryptionVersion.V2_0") and
ec.getAnAccess() = e
)
}
from Expr e, Class c, Assembly asm
where
asm = c.getLocation() and
(
exists(Expr e2 |
isCreatingAzureClientSideEncryptionObject(e, c, e2) and
not isObjectCreationArgumentSafeAndUsingSafeVersionOfAssembly(e2, asm)
)
or
isCreatingOutdatedAzureClientSideEncryptionObject(e, c)
)
select e, "Unsafe usage of v1 version of Azure Storage client-side encryption."

View File

@@ -1,5 +1,5 @@
name: codeql/csharp-queries name: codeql/csharp-queries
version: 0.3.0 version: 0.3.1-dev
groups: groups:
- csharp - csharp
- queries - queries

View File

@@ -2,7 +2,54 @@ function RegisterExtractorPack(id)
local extractor = GetPlatformToolsDirectory() .. local extractor = GetPlatformToolsDirectory() ..
'Semmle.Extraction.CSharp.Driver' 'Semmle.Extraction.CSharp.Driver'
if OperatingSystem == 'windows' then extractor = extractor .. '.exe' end if OperatingSystem == 'windows' then extractor = extractor .. '.exe' end
function DotnetMatcherBuild(compilerName, compilerPath, compilerArguments,
_languageId)
if compilerName ~= 'dotnet' and compilerName ~= 'dotnet.exe' then
return nil
end
-- The dotnet CLI has the following usage instructions:
-- dotnet [sdk-options] [command] [command-options] [arguments]
-- we are interested in dotnet build, which has the following usage instructions:
-- dotnet [options] build [<PROJECT | SOLUTION>...]
-- For now, parse the command line as follows:
-- Everything that starts with `-` (or `/`) will be ignored.
-- The first non-option argument is treated as the command.
-- if that's `build`, we append `/p:UseSharedCompilation=false` to the command line,
-- otherwise we do nothing.
local match = false
local argv = compilerArguments.argv
if OperatingSystem == 'windows' then
-- let's hope that this split matches the escaping rules `dotnet` applies to command line arguments
-- or, at least, that it is close enough
argv =
NativeArgumentsToArgv(compilerArguments.nativeArgumentPointer)
end
for i, arg in ipairs(argv) do
-- dotnet options start with either - or / (both are legal)
local firstCharacter = string.sub(arg, 1, 1)
if not (firstCharacter == '-') and not (firstCharacter == '/') then
Log(1, 'Dotnet subcommand detected: %s', arg)
if arg == 'build' then match = true end
break
end
end
if match then
return {
order = ORDER_REPLACE,
invocation = BuildExtractorInvocation(id, compilerPath,
compilerPath,
compilerArguments, nil, {
'/p:UseSharedCompilation=false'
})
}
end
return nil
end
local windowsMatchers = { local windowsMatchers = {
DotnetMatcherBuild,
CreatePatternMatcher({'^dotnet%.exe$'}, MatchCompilerName, extractor, { CreatePatternMatcher({'^dotnet%.exe$'}, MatchCompilerName, extractor, {
prepend = {'--dotnetexec', '--cil'}, prepend = {'--dotnetexec', '--cil'},
order = ORDER_BEFORE order = ORDER_BEFORE
@@ -10,22 +57,21 @@ function RegisterExtractorPack(id)
CreatePatternMatcher({'^csc.*%.exe$'}, MatchCompilerName, extractor, { CreatePatternMatcher({'^csc.*%.exe$'}, MatchCompilerName, extractor, {
prepend = {'--compiler', '"${compiler}"', '--cil'}, prepend = {'--compiler', '"${compiler}"', '--cil'},
order = ORDER_BEFORE order = ORDER_BEFORE
}), }),
CreatePatternMatcher({'^fakes.*%.exe$', 'moles.*%.exe'}, CreatePatternMatcher({'^fakes.*%.exe$', 'moles.*%.exe'},
MatchCompilerName, nil, {trace = false}) MatchCompilerName, nil, {trace = false})
} }
local posixMatchers = { local posixMatchers = {
CreatePatternMatcher({'^mcs%.exe$', '^csc%.exe$'}, MatchCompilerName, DotnetMatcherBuild,
extractor, {
prepend = {'--compiler', '"${compiler}"', '--cil'},
order = ORDER_BEFORE
}),
CreatePatternMatcher({'^mono', '^dotnet$'}, MatchCompilerName, CreatePatternMatcher({'^mono', '^dotnet$'}, MatchCompilerName,
extractor, { extractor, {
prepend = {'--dotnetexec', '--cil'}, prepend = {'--dotnetexec', '--cil'},
order = ORDER_BEFORE order = ORDER_BEFORE
}),
CreatePatternMatcher({'^mcs%.exe$', '^csc%.exe$'}, MatchCompilerName,
extractor, {
prepend = {'--compiler', '"${compiler}"', '--cil'},
order = ORDER_BEFORE
}), function(compilerName, compilerPath, compilerArguments, _languageId) }), function(compilerName, compilerPath, compilerArguments, _languageId)
if MatchCompilerName('^msbuild$', compilerName, compilerPath, if MatchCompilerName('^msbuild$', compilerName, compilerPath,
compilerArguments) or compilerArguments) or
@@ -49,7 +95,6 @@ function RegisterExtractorPack(id)
else else
return posixMatchers return posixMatchers
end end
end end
-- Return a list of minimum supported versions of the configuration file format -- Return a list of minimum supported versions of the configuration file format

View File

@@ -11,14 +11,17 @@ CodeQL.
Languages and compilers Languages and compilers
####################### #######################
CodeQL supports the following languages and compilers. The current versions of the CodeQL CLI (`changelog <https://github.com/github/codeql-cli-binaries/blob/main/CHANGELOG.md>`__, `releases <https://github.com/github/codeql-cli-binaries/releases>`__),
CodeQL library packs (`source <https://github.com/github/codeql/tree/codeql-cli/latest>`__),
and CodeQL bundle (`releases <https://github.com/github/codeql-action/releases>`__)
support the following languages and compilers.
.. include:: ../support/reusables/versions-compilers.rst .. include:: ../support/reusables/versions-compilers.rst
Frameworks and libraries Frameworks and libraries
######################## ########################
The libraries and queries in the current version of CodeQL have been explicitly checked against the libraries and frameworks listed below. The current versions of the CodeQL library and query packs (`source <https://github.com/github/codeql/tree/codeql-cli/latest>`__) have been explicitly checked against the libraries and frameworks listed below.
.. pull-quote:: .. pull-quote::

View File

@@ -3,7 +3,9 @@ CodeQL query help for C and C++
.. include:: ../reusables/query-help-overview.rst .. include:: ../reusables/query-help-overview.rst
For shorter queries that you can use as building blocks when writing your own queries, see the `example queries in the CodeQL repository <https://github.com/github/codeql/tree/main/cpp/ql/examples>`__. These queries are published in the CodeQL query pack ``codeql/cpp-queries`` (`changelog <https://github.com/github/codeql/tree/codeql-cli/latest/cpp/ql/src/CHANGELOG.md>`__, `source <https://github.com/github/codeql/tree/codeql-cli/latest/cpp/ql/src>`__).
For shorter queries that you can use as building blocks when writing your own queries, see the `example queries in the CodeQL repository <https://github.com/github/codeql/tree/codeql-cli/latest/cpp/ql/examples>`__.
.. include:: toc-cpp.rst .. include:: toc-cpp.rst

View File

@@ -3,6 +3,8 @@ CodeQL query help for C#
.. include:: ../reusables/query-help-overview.rst .. include:: ../reusables/query-help-overview.rst
For shorter queries that you can use as building blocks when writing your own queries, see the `example queries in the CodeQL repository <https://github.com/github/codeql/tree/main/csharp/ql/examples>`__. These queries are published in the CodeQL query pack ``codeql/csharp-queries`` (`changelog <https://github.com/github/codeql/tree/codeql-cli/latest/csharp/ql/src/CHANGELOG.md>`__, `source <https://github.com/github/codeql/tree/codeql-cli/latest/csharp/ql/src>`__).
For shorter queries that you can use as building blocks when writing your own queries, see the `example queries in the CodeQL repository <https://github.com/github/codeql/tree/codeql-cli/latest/csharp/ql/examples>`__.
.. include:: toc-csharp.rst .. include:: toc-csharp.rst

View File

@@ -3,6 +3,8 @@ CodeQL query help for Go
.. include:: ../reusables/query-help-overview.rst .. include:: ../reusables/query-help-overview.rst
For shorter queries that you can use as building blocks when writing your own queries, see the `example queries in the CodeQL repository <https://github.com/github/codeql/tree/main/go/ql/examples>`__. These queries are published in the CodeQL query pack ``codeql/go-queries`` (`changelog <https://github.com/github/codeql/tree/codeql-cli/latest/go/ql/src/CHANGELOG.md>`__, `source <https://github.com/github/codeql/tree/codeql-cli/latest/go/ql/src>`__).
For shorter queries that you can use as building blocks when writing your own queries, see the `example queries in the CodeQL repository <https://github.com/github/codeql/tree/codeql-cli/latest/go/ql/examples>`__.
.. include:: toc-go.rst .. include:: toc-go.rst

View File

@@ -3,6 +3,8 @@ CodeQL query help for Java
.. include:: ../reusables/query-help-overview.rst .. include:: ../reusables/query-help-overview.rst
For shorter queries that you can use as building blocks when writing your own queries, see the `example queries in the CodeQL repository <https://github.com/github/codeql/tree/main/java/ql/examples>`__. These queries are published in the CodeQL query pack ``codeql/java-queries`` (`changelog <https://github.com/github/codeql/tree/codeql-cli/latest/java/ql/src/CHANGELOG.md>`__, `source <https://github.com/github/codeql/tree/codeql-cli/latest/java/ql/src>`__).
For shorter queries that you can use as building blocks when writing your own queries, see the `example queries in the CodeQL repository <https://github.com/github/codeql/tree/codeql-cli/latest/java/ql/examples>`__.
.. include:: toc-java.rst .. include:: toc-java.rst

View File

@@ -3,6 +3,8 @@ CodeQL query help for JavaScript
.. include:: ../reusables/query-help-overview.rst .. include:: ../reusables/query-help-overview.rst
For shorter queries that you can use as building blocks when writing your own queries, see the `example queries in the CodeQL repository <https://github.com/github/codeql/tree/main/javascript/ql/examples>`__. These queries are published in the CodeQL query pack ``codeql/javascript-queries`` (`changelog <https://github.com/github/codeql/tree/codeql-cli/latest/javascript/ql/src/CHANGELOG.md>`__, `source <https://github.com/github/codeql/tree/codeql-cli/latest/javascript/ql/src>`__).
For shorter queries that you can use as building blocks when writing your own queries, see the `example queries in the CodeQL repository <https://github.com/github/codeql/tree/codeql-cli/latest/javascript/ql/examples>`__.
.. include:: toc-javascript.rst .. include:: toc-javascript.rst

View File

@@ -3,6 +3,8 @@ CodeQL query help for Python
.. include:: ../reusables/query-help-overview.rst .. include:: ../reusables/query-help-overview.rst
For shorter queries that you can use as building blocks when writing your own queries, see the `example queries in the CodeQL repository <https://github.com/github/codeql/tree/main/python/ql/examples>`__. These queries are published in the CodeQL query pack ``codeql/python-queries`` (`changelog <https://github.com/github/codeql/tree/codeql-cli/latest/python/ql/src/CHANGELOG.md>`__, `source <https://github.com/github/codeql/tree/codeql-cli/latest/python/ql/src>`__).
For shorter queries that you can use as building blocks when writing your own queries, see the `example queries in the CodeQL repository <https://github.com/github/codeql/tree/codeql-cli/latest/python/ql/examples>`__.
.. include:: toc-python.rst .. include:: toc-python.rst

View File

@@ -3,6 +3,8 @@ CodeQL query help for Ruby
.. include:: ../reusables/query-help-overview.rst .. include:: ../reusables/query-help-overview.rst
For shorter queries that you can use as building blocks when writing your own queries, see the `example queries in the CodeQL repository <https://github.com/github/codeql/tree/main/ruby/ql/examples>`__. These queries are published in the CodeQL query pack ``codeql/ruby-queries`` (`changelog <https://github.com/github/codeql/tree/codeql-cli/latest/ruby/ql/src/CHANGELOG.md>`__, `source <https://github.com/github/codeql/tree/codeql-cli/latest/ruby/ql/src>`__).
For shorter queries that you can use as building blocks when writing your own queries, see the `example queries in the CodeQL repository <https://github.com/github/codeql/tree/codeql-cli/latest/ruby/ql/examples>`__.
.. include:: toc-ruby.rst .. include:: toc-ruby.rst

View File

@@ -1,6 +1,10 @@
C and C++ built-in support C and C++ built-in support
================================ ================================
Provided by the current versions of the
CodeQL query pack ``codeql/cpp-queries`` (`changelog <https://github.com/github/codeql/tree/codeql-cli/latest/cpp/ql/src/CHANGELOG.md>`__, `source <https://github.com/github/codeql/tree/codeql-cli/latest/cpp/ql/src>`__)
and the CodeQL library pack ``codeql/cpp-all`` (`changelog <https://github.com/github/codeql/tree/codeql-cli/latest/cpp/ql/lib/CHANGELOG.md>`__, `source <https://github.com/github/codeql/tree/codeql-cli/latest/cpp/ql/lib>`__).
.. csv-table:: .. csv-table::
:header-rows: 1 :header-rows: 1
:class: fullWidthTable :class: fullWidthTable
@@ -14,6 +18,10 @@ C and C++ built-in support
C# built-in support C# built-in support
================================ ================================
Provided by the current versions of the
CodeQL query pack ``codeql/csharp-queries`` (`changelog <https://github.com/github/codeql/tree/codeql-cli/latest/csharp/ql/src/CHANGELOG.md>`__, `source <https://github.com/github/codeql/tree/codeql-cli/latest/csharp/ql/src>`__)
and the CodeQL library pack ``codeql/csharp-all`` (`changelog <https://github.com/github/codeql/tree/codeql-cli/latest/csharp/ql/lib/CHANGELOG.md>`__, `source <https://github.com/github/codeql/tree/codeql-cli/latest/csharp/ql/lib>`__).
.. csv-table:: .. csv-table::
:header-rows: 1 :header-rows: 1
:class: fullWidthTable :class: fullWidthTable
@@ -33,6 +41,10 @@ C# built-in support
Go built-in support Go built-in support
================================ ================================
Provided by the current versions of the
CodeQL query pack ``codeql/go-queries`` (`changelog <https://github.com/github/codeql/tree/codeql-cli/latest/go/ql/src/CHANGELOG.md>`__, `source <https://github.com/github/codeql/tree/codeql-cli/latest/go/ql/src>`__)
and the CodeQL library pack ``codeql/go-all`` (`changelog <https://github.com/github/codeql/tree/codeql-cli/latest/go/ql/lib/CHANGELOG.md>`__, `source <https://github.com/github/codeql/tree/codeql-cli/latest/go/ql/lib>`__).
.. csv-table:: .. csv-table::
:header-rows: 1 :header-rows: 1
:class: fullWidthTable :class: fullWidthTable
@@ -84,6 +96,10 @@ Go built-in support
Java built-in support Java built-in support
================================== ==================================
Provided by the current versions of the
CodeQL query pack ``codeql/java-queries`` (`changelog <https://github.com/github/codeql/tree/codeql-cli/latest/java/ql/src/CHANGELOG.md>`__, `source <https://github.com/github/codeql/tree/codeql-cli/latest/java/ql/src>`__)
and the CodeQL library pack ``codeql/java-all`` (`changelog <https://github.com/github/codeql/tree/codeql-cli/latest/java/ql/lib/CHANGELOG.md>`__, `source <https://github.com/github/codeql/tree/codeql-cli/latest/java/ql/lib>`__).
.. csv-table:: .. csv-table::
:header-rows: 1 :header-rows: 1
:class: fullWidthTable :class: fullWidthTable
@@ -113,6 +129,10 @@ Java built-in support
JavaScript and TypeScript built-in support JavaScript and TypeScript built-in support
======================================================= =======================================================
Provided by the current versions of the
CodeQL query pack ``codeql/javascript-queries`` (`changelog <https://github.com/github/codeql/tree/codeql-cli/latest/javascript/ql/src/CHANGELOG.md>`__, `source <https://github.com/github/codeql/tree/codeql-cli/latest/javascript/ql/src>`__)
and the CodeQL library pack ``codeql/javascript-all`` (`changelog <https://github.com/github/codeql/tree/codeql-cli/latest/javascript/ql/lib/CHANGELOG.md>`__, `source <https://github.com/github/codeql/tree/codeql-cli/latest/javascript/ql/lib>`__).
.. csv-table:: .. csv-table::
:header-rows: 1 :header-rows: 1
:class: fullWidthTable :class: fullWidthTable
@@ -156,6 +176,10 @@ JavaScript and TypeScript built-in support
Python built-in support Python built-in support
==================================== ====================================
Provided by the current versions of the
CodeQL query pack ``codeql/python-queries`` (`changelog <https://github.com/github/codeql/tree/codeql-cli/latest/python/ql/src/CHANGELOG.md>`__, `source <https://github.com/github/codeql/tree/codeql-cli/latest/python/ql/src>`__)
and the CodeQL library pack ``codeql/python-all`` (`changelog <https://github.com/github/codeql/tree/codeql-cli/latest/python/ql/lib/CHANGELOG.md>`__, `source <https://github.com/github/codeql/tree/codeql-cli/latest/python/ql/lib>`__).
.. csv-table:: .. csv-table::
:header-rows: 1 :header-rows: 1
:class: fullWidthTable :class: fullWidthTable

View File

@@ -1,5 +1,5 @@
name: codeql/go-all name: codeql/go-all
version: 0.2.1 version: 0.2.2-dev
groups: go groups: go
dbscheme: go.dbscheme dbscheme: go.dbscheme
extractor: go extractor: go

View File

@@ -1,5 +1,5 @@
name: codeql/go-queries name: codeql/go-queries
version: 0.2.1 version: 0.2.2-dev
groups: groups:
- go - go
- queries - queries

View File

@@ -36,7 +36,7 @@ java.lang,13,,58,,,,,,,,,,,8,,,,,4,,,1,,,,,,,,,,,,,,,46,12
java.net,10,3,7,,,,,,,,,,,,,,10,,,,,,,,,,,,,,,,,,,3,7, java.net,10,3,7,,,,,,,,,,,,,,10,,,,,,,,,,,,,,,,,,,3,7,
java.nio,15,,6,,13,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,6, java.nio,15,,6,,13,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,6,
java.sql,11,,,,,,,,,4,,,,,,,,,,,,,,,,7,,,,,,,,,,,, java.sql,11,,,,,,,,,4,,,,,,,,,,,,,,,,7,,,,,,,,,,,,
java.util,44,,438,,,,,,,,,,,34,,,,,,5,2,,1,2,,,,,,,,,,,,,24,414 java.util,44,,458,,,,,,,,,,,34,,,,,,5,2,,1,2,,,,,,,,,,,,,36,422
javax.faces.context,2,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,7,, javax.faces.context,2,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,7,,
javax.jms,,9,57,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,57, javax.jms,,9,57,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,57,
javax.json,,,123,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,23 javax.json,,,123,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,23
1 package sink source summary sink:bean-validation sink:create-file sink:groovy sink:header-splitting sink:information-leak sink:intent-start sink:jdbc-url sink:jexl sink:jndi-injection sink:ldap sink:logging sink:mvel sink:ognl-injection sink:open-url sink:pending-intent-sent sink:regex-use[-1] sink:regex-use[0] sink:regex-use[] sink:regex-use[f-1] sink:regex-use[f1] sink:regex-use[f] sink:set-hostname-verifier sink:sql sink:url-open-stream sink:url-redirect sink:write-file sink:xpath sink:xslt sink:xss source:android-external-storage-dir source:android-widget source:contentprovider source:remote summary:taint summary:value
36 java.net 10 3 7 10 3 7
37 java.nio 15 6 13 2 6
38 java.sql 11 4 7
39 java.util 44 438 458 34 5 2 1 2 24 36 414 422
40 javax.faces.context 2 7 2 7
41 javax.jms 9 57 9 57
42 javax.json 123 100 23

View File

@@ -15,9 +15,9 @@ Java framework & library support
`Apache HttpComponents <https://hc.apache.org/>`_,"``org.apache.hc.core5.*``, ``org.apache.http``",5,136,28,,,3,,,,25 `Apache HttpComponents <https://hc.apache.org/>`_,"``org.apache.hc.core5.*``, ``org.apache.http``",5,136,28,,,3,,,,25
`Google Guava <https://guava.dev/>`_,``com.google.common.*``,,728,39,,6,,,,, `Google Guava <https://guava.dev/>`_,``com.google.common.*``,,728,39,,6,,,,,
`JSON-java <https://github.com/stleary/JSON-java>`_,``org.json``,,236,,,,,,,, `JSON-java <https://github.com/stleary/JSON-java>`_,``org.json``,,236,,,,,,,,
Java Standard Library,``java.*``,3,549,130,28,,,7,,,10 Java Standard Library,``java.*``,3,569,130,28,,,7,,,10
Java extensions,"``javax.*``, ``jakarta.*``",63,609,32,,,4,,1,1,2 Java extensions,"``javax.*``, ``jakarta.*``",63,609,32,,,4,,1,1,2
`Spring <https://spring.io/>`_,``org.springframework.*``,29,476,101,,,,19,14,,29 `Spring <https://spring.io/>`_,``org.springframework.*``,29,476,101,,,,19,14,,29
Others,"``androidx.slice``, ``cn.hutool.core.codec``, ``com.esotericsoftware.kryo.io``, ``com.esotericsoftware.kryo5.io``, ``com.fasterxml.jackson.core``, ``com.fasterxml.jackson.databind``, ``com.opensymphony.xwork2.ognl``, ``com.rabbitmq.client``, ``com.unboundid.ldap.sdk``, ``com.zaxxer.hikari``, ``flexjson``, ``groovy.lang``, ``groovy.util``, ``jodd.json``, ``kotlin.jvm.internal``, ``net.sf.saxon.s9api``, ``ognl``, ``okhttp3``, ``org.apache.commons.codec``, ``org.apache.commons.jexl2``, ``org.apache.commons.jexl3``, ``org.apache.commons.logging``, ``org.apache.commons.ognl``, ``org.apache.directory.ldap.client.api``, ``org.apache.ibatis.jdbc``, ``org.apache.log4j``, ``org.apache.logging.log4j``, ``org.apache.shiro.codec``, ``org.apache.shiro.jndi``, ``org.codehaus.groovy.control``, ``org.dom4j``, ``org.hibernate``, ``org.jboss.logging``, ``org.jdbi.v3.core``, ``org.jooq``, ``org.mvel2``, ``org.scijava.log``, ``org.slf4j``, ``org.xml.sax``, ``org.xmlpull.v1``, ``play.mvc``, ``ratpack.core.form``, ``ratpack.core.handling``, ``ratpack.core.http``, ``ratpack.exec``, ``ratpack.form``, ``ratpack.func``, ``ratpack.handling``, ``ratpack.http``, ``ratpack.util``, ``retrofit2``",65,395,932,,,,14,18,,3 Others,"``androidx.slice``, ``cn.hutool.core.codec``, ``com.esotericsoftware.kryo.io``, ``com.esotericsoftware.kryo5.io``, ``com.fasterxml.jackson.core``, ``com.fasterxml.jackson.databind``, ``com.opensymphony.xwork2.ognl``, ``com.rabbitmq.client``, ``com.unboundid.ldap.sdk``, ``com.zaxxer.hikari``, ``flexjson``, ``groovy.lang``, ``groovy.util``, ``jodd.json``, ``kotlin.jvm.internal``, ``net.sf.saxon.s9api``, ``ognl``, ``okhttp3``, ``org.apache.commons.codec``, ``org.apache.commons.jexl2``, ``org.apache.commons.jexl3``, ``org.apache.commons.logging``, ``org.apache.commons.ognl``, ``org.apache.directory.ldap.client.api``, ``org.apache.ibatis.jdbc``, ``org.apache.log4j``, ``org.apache.logging.log4j``, ``org.apache.shiro.codec``, ``org.apache.shiro.jndi``, ``org.codehaus.groovy.control``, ``org.dom4j``, ``org.hibernate``, ``org.jboss.logging``, ``org.jdbi.v3.core``, ``org.jooq``, ``org.mvel2``, ``org.scijava.log``, ``org.slf4j``, ``org.xml.sax``, ``org.xmlpull.v1``, ``play.mvc``, ``ratpack.core.form``, ``ratpack.core.handling``, ``ratpack.core.http``, ``ratpack.exec``, ``ratpack.form``, ``ratpack.func``, ``ratpack.handling``, ``ratpack.http``, ``ratpack.util``, ``retrofit2``",65,395,932,,,,14,18,,3
Totals,,217,6410,1474,117,6,10,107,33,1,84 Totals,,217,6430,1474,117,6,10,107,33,1,84

View File

@@ -888,6 +888,10 @@ open class KotlinFileExtractor(
if (shortName.nameInDB != shortName.kotlinName) { if (shortName.nameInDB != shortName.kotlinName) {
tw.writeKtFunctionOriginalNames(methodId, shortName.kotlinName) tw.writeKtFunctionOriginalNames(methodId, shortName.kotlinName)
} }
if (f.hasInterfaceParent() && f.body != null) {
addModifiers(id, "default") // The actual output class file may or may not have this modifier, depending on the -Xjvm-default setting.
}
} }
tw.writeHasLocation(id, locId) tw.writeHasLocation(id, locId)
@@ -1386,7 +1390,8 @@ open class KotlinFileExtractor(
dispatchReceiver: IrExpression?, dispatchReceiver: IrExpression?,
extensionReceiver: IrExpression?, extensionReceiver: IrExpression?,
typeArguments: List<IrType> = listOf(), typeArguments: List<IrType> = listOf(),
extractClassTypeArguments: Boolean = false) { extractClassTypeArguments: Boolean = false,
superQualifierSymbol: IrClassSymbol? = null) {
val locId = tw.getLocation(callsite) val locId = tw.getLocation(callsite)
@@ -1404,7 +1409,8 @@ open class KotlinFileExtractor(
dispatchReceiver?.let { { callId -> extractExpressionExpr(dispatchReceiver, enclosingCallable, callId, -1, enclosingStmt) } }, dispatchReceiver?.let { { callId -> extractExpressionExpr(dispatchReceiver, enclosingCallable, callId, -1, enclosingStmt) } },
extensionReceiver?.let { { argParent -> extractExpressionExpr(extensionReceiver, enclosingCallable, argParent, 0, enclosingStmt) } }, extensionReceiver?.let { { argParent -> extractExpressionExpr(extensionReceiver, enclosingCallable, argParent, 0, enclosingStmt) } },
typeArguments, typeArguments,
extractClassTypeArguments extractClassTypeArguments,
superQualifierSymbol
) )
} }
@@ -1424,7 +1430,8 @@ open class KotlinFileExtractor(
extractDispatchReceiver: ((Label<out DbExpr>) -> Unit)?, extractDispatchReceiver: ((Label<out DbExpr>) -> Unit)?,
extractExtensionReceiver: ((Label<out DbExpr>) -> Unit)?, extractExtensionReceiver: ((Label<out DbExpr>) -> Unit)?,
typeArguments: List<IrType> = listOf(), typeArguments: List<IrType> = listOf(),
extractClassTypeArguments: Boolean = false) { extractClassTypeArguments: Boolean = false,
superQualifierSymbol: IrClassSymbol? = null) {
val callTarget = syntacticCallTarget.target.realOverrideTarget val callTarget = syntacticCallTarget.target.realOverrideTarget
val id = tw.getFreshIdLabel<DbMethodaccess>() val id = tw.getFreshIdLabel<DbMethodaccess>()
@@ -1483,6 +1490,8 @@ open class KotlinFileExtractor(
if (callTarget.shouldExtractAsStatic) { if (callTarget.shouldExtractAsStatic) {
extractStaticTypeAccessQualifier(callTarget, id, locId, enclosingCallable, enclosingStmt) extractStaticTypeAccessQualifier(callTarget, id, locId, enclosingCallable, enclosingStmt)
} else if (superQualifierSymbol != null) {
extractSuperAccess(superQualifierSymbol.typeWith(), enclosingCallable, id, -1, enclosingStmt, locId)
} else if (extractDispatchReceiver != null) { } else if (extractDispatchReceiver != null) {
extractDispatchReceiver(id) extractDispatchReceiver(id)
} }
@@ -1744,7 +1753,7 @@ open class KotlinFileExtractor(
else else
listOf() listOf()
extractRawMethodAccess(syntacticCallTarget, c, callable, parent, idx, enclosingStmt, (0 until c.valueArgumentsCount).map { c.getValueArgument(it) }, c.dispatchReceiver, c.extensionReceiver, typeArgs, extractClassTypeArguments) extractRawMethodAccess(syntacticCallTarget, c, callable, parent, idx, enclosingStmt, (0 until c.valueArgumentsCount).map { c.getValueArgument(it) }, c.dispatchReceiver, c.extensionReceiver, typeArgs, extractClassTypeArguments, c.superQualifierSymbol)
} }
fun extractSpecialEnumFunction(fnName: String){ fun extractSpecialEnumFunction(fnName: String){
@@ -2124,7 +2133,13 @@ open class KotlinFileExtractor(
} }
isFunction(target, "kotlin", "(some array type)", { isArrayType(it) }, "iterator") && c.origin == IrStatementOrigin.FOR_LOOP_ITERATOR -> { isFunction(target, "kotlin", "(some array type)", { isArrayType(it) }, "iterator") && c.origin == IrStatementOrigin.FOR_LOOP_ITERATOR -> {
findTopLevelFunctionOrWarn("kotlin.jvm.internal.iterator", "kotlin.jvm.internal.ArrayIteratorKt", c)?.let { iteratorFn -> findTopLevelFunctionOrWarn("kotlin.jvm.internal.iterator", "kotlin.jvm.internal.ArrayIteratorKt", c)?.let { iteratorFn ->
extractRawMethodAccess(iteratorFn, c, callable, parent, idx, enclosingStmt, listOf(c.dispatchReceiver), null, null, listOf((c.dispatchReceiver!!.type as IrSimpleType).arguments.first().typeOrNull!!)) val typeArgs = (c.dispatchReceiver!!.type as IrSimpleType).arguments.map {
when(it) {
is IrTypeProjection -> it.type
else -> pluginContext.irBuiltIns.anyNType
}
}
extractRawMethodAccess(iteratorFn, c, callable, parent, idx, enclosingStmt, listOf(c.dispatchReceiver), null, null, typeArgs)
} }
} }
isFunction(target, "kotlin", "(some array type)", { isArrayType(it) }, "get") && c.origin == IrStatementOrigin.GET_ARRAY_ELEMENT -> { isFunction(target, "kotlin", "(some array type)", { isArrayType(it) }, "get") && c.origin == IrStatementOrigin.GET_ARRAY_ELEMENT -> {
@@ -3060,6 +3075,17 @@ open class KotlinFileExtractor(
} }
} }
private fun extractSuperAccess(irType: IrType, callable: Label<out DbCallable>, parent: Label<out DbExprparent>, idx: Int, enclosingStmt: Label<out DbStmt>, locId: Label<out DbLocation>) =
tw.getFreshIdLabel<DbSuperaccess>().also {
val type = useType(irType)
tw.writeExprs_superaccess(it, type.javaResult.id, parent, idx)
tw.writeExprsKotlinType(it, type.kotlinResult.id)
tw.writeHasLocation(it, locId)
tw.writeCallableEnclosingExpr(it, callable)
tw.writeStatementEnclosingExpr(it, enclosingStmt)
extractTypeAccessRecursive(irType, locId, it, 0)
}
private fun extractThisAccess(e: IrGetValue, exprParent: ExprParent, callable: Label<out DbCallable>) { private fun extractThisAccess(e: IrGetValue, exprParent: ExprParent, callable: Label<out DbCallable>) {
val containingDeclaration = declarationStack.peek() val containingDeclaration = declarationStack.peek()
val locId = tw.getLocation(e) val locId = tw.getLocation(e)
@@ -4014,7 +4040,7 @@ open class KotlinFileExtractor(
/** /**
* Extracts a single wildcard type access expression with no enclosing callable and statement. * Extracts a single wildcard type access expression with no enclosing callable and statement.
*/ */
private fun extractWildcardTypeAccess(type: TypeResults, location: Label<DbLocation>, parent: Label<out DbExprparent>, idx: Int): Label<out DbExpr> { private fun extractWildcardTypeAccess(type: TypeResults, location: Label<out DbLocation>, parent: Label<out DbExprparent>, idx: Int): Label<out DbExpr> {
val id = tw.getFreshIdLabel<DbWildcardtypeaccess>() val id = tw.getFreshIdLabel<DbWildcardtypeaccess>()
tw.writeExprs_wildcardtypeaccess(id, type.javaResult.id, parent, idx) tw.writeExprs_wildcardtypeaccess(id, type.javaResult.id, parent, idx)
tw.writeExprsKotlinType(id, type.kotlinResult.id) tw.writeExprsKotlinType(id, type.kotlinResult.id)
@@ -4025,7 +4051,7 @@ open class KotlinFileExtractor(
/** /**
* Extracts a single type access expression with no enclosing callable and statement. * Extracts a single type access expression with no enclosing callable and statement.
*/ */
private fun extractTypeAccess(type: TypeResults, location: Label<DbLocation>, parent: Label<out DbExprparent>, idx: Int): Label<out DbExpr> { private fun extractTypeAccess(type: TypeResults, location: Label<out DbLocation>, parent: Label<out DbExprparent>, idx: Int): Label<out DbExpr> {
// TODO: elementForLocation allows us to give some sort of // TODO: elementForLocation allows us to give some sort of
// location, but a proper location for the type access will // location, but a proper location for the type access will
// require upstream changes // require upstream changes
@@ -4051,7 +4077,7 @@ open class KotlinFileExtractor(
* `extractTypeAccessRecursive` if the argument is invariant. * `extractTypeAccessRecursive` if the argument is invariant.
* No enclosing callable and statement is extracted, this is useful for type access extraction in field declarations. * No enclosing callable and statement is extracted, this is useful for type access extraction in field declarations.
*/ */
private fun extractWildcardTypeAccessRecursive(t: IrTypeArgument, location: Label<DbLocation>, parent: Label<out DbExprparent>, idx: Int) { private fun extractWildcardTypeAccessRecursive(t: IrTypeArgument, location: Label<out DbLocation>, parent: Label<out DbExprparent>, idx: Int) {
val typeLabels by lazy { TypeResults(getTypeArgumentLabel(t), TypeResult(fakeKotlinType(), "TODO", "TODO")) } val typeLabels by lazy { TypeResults(getTypeArgumentLabel(t), TypeResult(fakeKotlinType(), "TODO", "TODO")) }
when (t) { when (t) {
is IrStarProjection -> extractWildcardTypeAccess(typeLabels, location, parent, idx) is IrStarProjection -> extractWildcardTypeAccess(typeLabels, location, parent, idx)
@@ -4071,7 +4097,7 @@ open class KotlinFileExtractor(
* Extracts a type access expression and its child type access expressions in case of a generic type. Nested generics are also handled. * Extracts a type access expression and its child type access expressions in case of a generic type. Nested generics are also handled.
* No enclosing callable and statement is extracted, this is useful for type access extraction in field declarations. * No enclosing callable and statement is extracted, this is useful for type access extraction in field declarations.
*/ */
private fun extractTypeAccessRecursive(t: IrType, location: Label<DbLocation>, parent: Label<out DbExprparent>, idx: Int, typeContext: TypeContext = TypeContext.OTHER): Label<out DbExpr> { private fun extractTypeAccessRecursive(t: IrType, location: Label<out DbLocation>, parent: Label<out DbExprparent>, idx: Int, typeContext: TypeContext = TypeContext.OTHER): Label<out DbExpr> {
val typeAccessId = extractTypeAccess(useType(t, typeContext), location, parent, idx) val typeAccessId = extractTypeAccess(useType(t, typeContext), location, parent, idx)
if (t is IrSimpleType) { if (t is IrSimpleType) {
t.arguments.forEachIndexed { argIdx, arg -> t.arguments.forEachIndexed { argIdx, arg ->

View File

@@ -51,6 +51,8 @@ private val specialFunctions = mapOf(
makeDescription(FqName("java.lang.Number"), "toFloat") to "floatValue", makeDescription(FqName("java.lang.Number"), "toFloat") to "floatValue",
makeDescription(StandardNames.FqNames.number.toSafe(), "toDouble") to "doubleValue", makeDescription(StandardNames.FqNames.number.toSafe(), "toDouble") to "doubleValue",
makeDescription(FqName("java.lang.Number"), "toDouble") to "doubleValue", makeDescription(FqName("java.lang.Number"), "toDouble") to "doubleValue",
makeDescription(StandardNames.FqNames.string.toSafe(), "get") to "charAt",
makeDescription(FqName("java.lang.String"), "get") to "charAt",
) )
private val specialFunctionShortNames = specialFunctions.keys.map { it.functionName }.toSet() private val specialFunctionShortNames = specialFunctions.keys.map { it.functionName }.toSet()

View File

@@ -12,6 +12,8 @@ Type getAMentionedType(RefType type) {
result = getAMentionedType(type).(InstantiatedType).getATypeArgument() result = getAMentionedType(type).(InstantiatedType).getATypeArgument()
or or
result = getAMentionedType(type).(NestedType).getEnclosingType() result = getAMentionedType(type).(NestedType).getEnclosingType()
or
result = getAMentionedType(type).(Wildcard).getATypeBound().getType()
} }
Type getATypeUsedInClass(RefType type) { Type getATypeUsedInClass(RefType type) {

View File

@@ -0,0 +1,4 @@
---
category: feature
---
* The QL predicate `Expr::getUnderlyingExpr` has been added. It can be used to look through casts and not-null expressions and obtain the underlying expression to which they apply.

View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Added data flow models for `java.util.Scanner`.

View File

@@ -0,0 +1,5 @@
---
category: minorAnalysis
---
* The JUnit5 version of `AssertNotNull` is now recognized, which removes
related false positives in the nullness queries.

View File

@@ -1,5 +1,5 @@
name: codeql/java-all name: codeql/java-all
version: 0.3.1 version: 0.3.2-dev
groups: java groups: java
dbscheme: config/semmlecode.dbscheme dbscheme: config/semmlecode.dbscheme
extractor: java extractor: java

View File

@@ -100,6 +100,18 @@ class Expr extends ExprParent, @expr {
/** Holds if this expression is parenthesized. */ /** Holds if this expression is parenthesized. */
predicate isParenthesized() { isParenthesized(this, _) } predicate isParenthesized() { isParenthesized(this, _) }
/**
* Gets the underlying expression looking through casts and not-nulls, if any.
* Otherwise just gets this expression.
*/
Expr getUnderlyingExpr() {
if this instanceof CastingExpr or this instanceof NotNullExpr
then
result = this.(CastingExpr).getExpr().getUnderlyingExpr() or
result = this.(NotNullExpr).getExpr().getUnderlyingExpr()
else result = this
}
} }
/** /**

View File

@@ -244,8 +244,26 @@ private class ContainerFlowSummaries extends SummaryModelCsv {
"java.util;Properties;true;getProperty;(String);;Argument[-1].MapValue;ReturnValue;value;manual", "java.util;Properties;true;getProperty;(String);;Argument[-1].MapValue;ReturnValue;value;manual",
"java.util;Properties;true;getProperty;(String,String);;Argument[-1].MapValue;ReturnValue;value;manual", "java.util;Properties;true;getProperty;(String,String);;Argument[-1].MapValue;ReturnValue;value;manual",
"java.util;Properties;true;getProperty;(String,String);;Argument[1];ReturnValue;value;manual", "java.util;Properties;true;getProperty;(String,String);;Argument[1];ReturnValue;value;manual",
"java.util;Scanner;true;next;(Pattern);;Argument[-1];ReturnValue;taint;manual", "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual",
"java.util;Scanner;true;next;(String);;Argument[-1];ReturnValue;taint;manual", "java.util;Scanner;true;findInLine;;;Argument[-1];ReturnValue;taint;manual",
"java.util;Scanner;true;findWithinHorizon;;;Argument[-1];ReturnValue;taint;manual",
"java.util;Scanner;true;findWithinHorizon;;;Argument[-1];ReturnValue;taint;manual",
"java.util;Scanner;true;next;;;Argument[-1];ReturnValue;taint;manual",
"java.util;Scanner;true;nextBigDecimal;;;Argument[-1];ReturnValue;taint;manual",
"java.util;Scanner;true;nextBigInteger;;;Argument[-1];ReturnValue;taint;manual",
"java.util;Scanner;true;nextBoolean;;;Argument[-1];ReturnValue;taint;manual",
"java.util;Scanner;true;nextByte;;;Argument[-1];ReturnValue;taint;manual",
"java.util;Scanner;true;nextDouble;;;Argument[-1];ReturnValue;taint;manual",
"java.util;Scanner;true;nextFloat;;;Argument[-1];ReturnValue;taint;manual",
"java.util;Scanner;true;nextInt;;;Argument[-1];ReturnValue;taint;manual",
"java.util;Scanner;true;nextLine;;;Argument[-1];ReturnValue;taint;manual",
"java.util;Scanner;true;nextLong;;;Argument[-1];ReturnValue;taint;manual",
"java.util;Scanner;true;nextShort;;;Argument[-1];ReturnValue;taint;manual",
"java.util;Scanner;true;reset;;;Argument[-1];ReturnValue;value;manual",
"java.util;Scanner;true;skip;;;Argument[-1];ReturnValue;value;manual",
"java.util;Scanner;true;useDelimiter;;;Argument[-1];ReturnValue;value;manual",
"java.util;Scanner;true;useLocale;;;Argument[-1];ReturnValue;value;manual",
"java.util;Scanner;true;useRadix;;;Argument[-1];ReturnValue;value;manual",
"java.util;SortedMap;true;headMap;(Object);;Argument[-1].MapKey;ReturnValue.MapKey;value;manual", "java.util;SortedMap;true;headMap;(Object);;Argument[-1].MapKey;ReturnValue.MapKey;value;manual",
"java.util;SortedMap;true;headMap;(Object);;Argument[-1].MapValue;ReturnValue.MapValue;value;manual", "java.util;SortedMap;true;headMap;(Object);;Argument[-1].MapValue;ReturnValue.MapValue;value;manual",
"java.util;SortedMap;true;subMap;(Object,Object);;Argument[-1].MapKey;ReturnValue.MapKey;value;manual", "java.util;SortedMap;true;subMap;(Object,Object);;Argument[-1].MapKey;ReturnValue.MapKey;value;manual",

View File

@@ -2,7 +2,8 @@
* A library providing uniform access to various assertion frameworks. * A library providing uniform access to various assertion frameworks.
* *
* Currently supports `org.junit.Assert`, `junit.framework.*`, * Currently supports `org.junit.Assert`, `junit.framework.*`,
* `com.google.common.base.Preconditions`, and `java.util.Objects`. * `org.junit.jupiter.api.Assertions`, `com.google.common.base.Preconditions`,
* and `java.util.Objects`.
*/ */
import java import java
@@ -17,7 +18,11 @@ private newtype AssertKind =
private predicate assertionMethod(Method m, AssertKind kind) { private predicate assertionMethod(Method m, AssertKind kind) {
exists(RefType junit | exists(RefType junit |
m.getDeclaringType() = junit and m.getDeclaringType() = junit and
(junit.hasQualifiedName("org.junit", "Assert") or junit.hasQualifiedName("junit.framework", _)) (
junit.hasQualifiedName("org.junit", "Assert") or
junit.hasQualifiedName("junit.framework", _) or
junit.hasQualifiedName("org.junit.jupiter.api", "Assertions")
)
| |
m.hasName("assertNotNull") and kind = AssertKindNotNull() m.hasName("assertNotNull") and kind = AssertKindNotNull()
or or

View File

@@ -51,7 +51,7 @@ private predicate sharedPreferencesInput(DataFlow::Node editor, Expr input) {
exists(MethodAccess m | exists(MethodAccess m |
m.getMethod() instanceof PutSharedPreferenceMethod and m.getMethod() instanceof PutSharedPreferenceMethod and
input = m.getArgument(1) and input = m.getArgument(1) and
editor.asExpr() = m.getQualifier() editor.asExpr() = m.getQualifier().getUnderlyingExpr()
) )
} }
@@ -61,7 +61,7 @@ private predicate sharedPreferencesInput(DataFlow::Node editor, Expr input) {
*/ */
private predicate sharedPreferencesStore(DataFlow::Node editor, MethodAccess m) { private predicate sharedPreferencesStore(DataFlow::Node editor, MethodAccess m) {
m.getMethod() instanceof StoreSharedPreferenceMethod and m.getMethod() instanceof StoreSharedPreferenceMethod and
editor.asExpr() = m.getQualifier() editor.asExpr() = m.getQualifier().getUnderlyingExpr()
} }
/** Flow from `SharedPreferences.Editor` to either a setter or a store method. */ /** Flow from `SharedPreferences.Editor` to either a setter or a store method. */

View File

@@ -75,6 +75,8 @@ private predicate webViewLoadUrl(Argument urlArg, WebViewRef webview) {
loadUrl.getArgument(0) = urlArg and loadUrl.getArgument(0) = urlArg and
loadUrl.getMethod() instanceof WebViewLoadUrlMethod loadUrl.getMethod() instanceof WebViewLoadUrlMethod
| |
webview.getAnAccess() = DataFlow::exprNode(loadUrl.getQualifier().getUnderlyingExpr())
or
webview.getAnAccess() = DataFlow::getInstanceArgument(loadUrl) webview.getAnAccess() = DataFlow::getInstanceArgument(loadUrl)
or or
// `webview` is received as a parameter of an event method in a custom `WebViewClient`, // `webview` is received as a parameter of an event method in a custom `WebViewClient`,
@@ -82,8 +84,9 @@ private predicate webViewLoadUrl(Argument urlArg, WebViewRef webview) {
exists(WebViewClientEventMethod eventMethod, MethodAccess setWebClient | exists(WebViewClientEventMethod eventMethod, MethodAccess setWebClient |
setWebClient.getMethod() instanceof WebViewSetWebViewClientMethod and setWebClient.getMethod() instanceof WebViewSetWebViewClientMethod and
setWebClient.getArgument(0).getType() = eventMethod.getDeclaringType() and setWebClient.getArgument(0).getType() = eventMethod.getDeclaringType() and
loadUrl.getQualifier() = eventMethod.getWebViewParameter().getAnAccess() loadUrl.getQualifier().getUnderlyingExpr() = eventMethod.getWebViewParameter().getAnAccess()
| |
webview.getAnAccess() = DataFlow::exprNode(setWebClient.getQualifier().getUnderlyingExpr()) or
webview.getAnAccess() = DataFlow::getInstanceArgument(setWebClient) webview.getAnAccess() = DataFlow::getInstanceArgument(setWebClient)
) )
) )

View File

@@ -0,0 +1,46 @@
// BAD: Using an outdated SDK that does not support client side encryption version V2_0
new EncryptedBlobClientBuilder()
.blobClient(blobClient)
.key(resolver.buildAsyncKeyEncryptionKey(keyid).block(), keyWrapAlgorithm)
.buildEncryptedBlobClient()
.uploadWithResponse(new BlobParallelUploadOptions(data)
.setMetadata(metadata)
.setHeaders(headers)
.setTags(tags)
.setTier(tier)
.setRequestConditions(requestConditions)
.setComputeMd5(computeMd5)
.setParallelTransferOptions(parallelTransferOptions),
timeout, context);
// BAD: Using the deprecatedd client side encryption version V1_0
new EncryptedBlobClientBuilder(EncryptionVersion.V1)
.blobClient(blobClient)
.key(resolver.buildAsyncKeyEncryptionKey(keyid).block(), keyWrapAlgorithm)
.buildEncryptedBlobClient()
.uploadWithResponse(new BlobParallelUploadOptions(data)
.setMetadata(metadata)
.setHeaders(headers)
.setTags(tags)
.setTier(tier)
.setRequestConditions(requestConditions)
.setComputeMd5(computeMd5)
.setParallelTransferOptions(parallelTransferOptions),
timeout, context);
// GOOD: Using client side encryption version V2_0
new EncryptedBlobClientBuilder(EncryptionVersion.V2)
.blobClient(blobClient)
.key(resolver.buildAsyncKeyEncryptionKey(keyid).block(), keyWrapAlgorithm)
.buildEncryptedBlobClient()
.uploadWithResponse(new BlobParallelUploadOptions(data)
.setMetadata(metadata)
.setHeaders(headers)
.setTags(tags)
.setTier(tier)
.setRequestConditions(requestConditions)
.setComputeMd5(computeMd5)
.setParallelTransferOptions(parallelTransferOptions),
timeout, context);

View File

@@ -0,0 +1,29 @@
<!DOCTYPE qhelp PUBLIC "-//Semmle//qhelp//EN" "qhelp.dtd">
<qhelp>
<overview>
<p>Azure Storage .NET, Java, and Python SDKs support encryption on the client with a customer-managed key that is maintained in Azure Key Vault or another key store.</p>
<p>The Azure Storage SDK version 12.18.0 or later supports version <code>V2</code> for client-side encryption. All previous versions of Azure Storage SDK only support client-side encryption <code>V1</code> which is unsafe.</p>
</overview>
<recommendation>
<p>Consider switching to <code>V2</code> client-side encryption.</p>
</recommendation>
<example>
<sample src="UnsafeUsageOfClientSideEncryptionVersion.java" />
</example>
<references>
<li>
<a href="http://aka.ms/azstorageclientencryptionblog">Azure Storage Client Encryption Blog.</a>
</li>
<li>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30187">CVE-2022-30187</a>
</li>
</references>
</qhelp>

View File

@@ -0,0 +1,92 @@
/**
* @name Unsafe usage of v1 version of Azure Storage client-side encryption (CVE-2022-30187).
* @description Unsafe usage of v1 version of Azure Storage client-side encryption, please refer to http://aka.ms/azstorageclientencryptionblog
* @kind problem
* @tags security
* cryptography
* external/cwe/cwe-327
* @id java/azure-storage/unsafe-client-side-encryption-in-use
* @problem.severity error
* @precision high
*/
import java
import semmle.code.java.dataflow.DataFlow
/**
* Holds if `call` is an object creation for a class `EncryptedBlobClientBuilder`
* that takes no arguments, which means that it is using V1 encryption.
*/
predicate isCreatingOutdatedAzureClientSideEncryptionObject(Call call, Class c) {
exists(string package, string type, Constructor constructor |
c.hasQualifiedName(package, type) and
c.getAConstructor() = constructor and
call.getCallee() = constructor and
(
type = "EncryptedBlobClientBuilder" and
package = "com.azure.storage.blob.specialized.cryptography" and
constructor.hasNoParameters()
or
type = "BlobEncryptionPolicy" and package = "com.microsoft.azure.storage.blob"
)
)
}
/**
* Holds if `call` is an object creation for a class `EncryptedBlobClientBuilder`
* that takes `versionArg` as the argument specifying the encryption version.
*/
predicate isCreatingAzureClientSideEncryptionObjectNewVersion(Call call, Class c, Expr versionArg) {
exists(string package, string type, Constructor constructor |
c.hasQualifiedName(package, type) and
c.getAConstructor() = constructor and
call.getCallee() = constructor and
type = "EncryptedBlobClientBuilder" and
package = "com.azure.storage.blob.specialized.cryptography" and
versionArg = call.getArgument(0)
)
}
/**
* A dataflow config that tracks `EncryptedBlobClientBuilder.version` argument initialization.
*/
private class EncryptedBlobClientBuilderSafeEncryptionVersionConfig extends DataFlow::Configuration {
EncryptedBlobClientBuilderSafeEncryptionVersionConfig() {
this = "EncryptedBlobClientBuilderSafeEncryptionVersionConfig"
}
override predicate isSource(DataFlow::Node source) {
exists(FieldRead fr, Field f | fr = source.asExpr() |
f.getAnAccess() = fr and
f.hasQualifiedName("com.azure.storage.blob.specialized.cryptography", "EncryptionVersion",
"V2")
)
}
override predicate isSink(DataFlow::Node sink) {
isCreatingAzureClientSideEncryptionObjectNewVersion(_, _, sink.asExpr())
}
}
/**
* Holds if `call` is an object creation for a class `EncryptedBlobClientBuilder`
* that takes `versionArg` as the argument specifying the encryption version, and that version is safe.
*/
predicate isCreatingSafeAzureClientSideEncryptionObject(Call call, Class c, Expr versionArg) {
isCreatingAzureClientSideEncryptionObjectNewVersion(call, c, versionArg) and
exists(EncryptedBlobClientBuilderSafeEncryptionVersionConfig config, DataFlow::Node sink |
sink.asExpr() = versionArg
|
config.hasFlow(_, sink)
)
}
from Expr e, Class c
where
exists(Expr argVersion |
isCreatingAzureClientSideEncryptionObjectNewVersion(e, c, argVersion) and
not isCreatingSafeAzureClientSideEncryptionObject(e, c, argVersion)
)
or
isCreatingOutdatedAzureClientSideEncryptionObject(e, c)
select e, "Unsafe usage of v1 version of Azure Storage client-side encryption."

View File

@@ -1,5 +1,5 @@
name: codeql/java-queries name: codeql/java-queries
version: 0.3.0 version: 0.3.1-dev
groups: groups:
- java - java
- queries - queries

View File

@@ -20,3 +20,15 @@ private class KtExpectationComment extends KtComment, ExpectationComment {
override string getContents() { result = this.getText().suffix(2).trim() } override string getContents() { result = this.getText().suffix(2).trim() }
} }
private class XmlExpectationComment extends ExpectationComment instanceof XMLComment {
override string getContents() { result = this.(XMLComment).getText().trim() }
override Location getLocation() { result = this.(XMLComment).getLocation() }
override predicate hasLocationInfo(string path, int sl, int sc, int el, int ec) {
this.(XMLComment).hasLocationInfo(path, sl, sc, el, ec)
}
override string toString() { result = this.(XMLComment).toString() }
}

View File

@@ -0,0 +1,9 @@
| test.kt:5:14:5:14 | hasNext(...) |
| test.kt:5:14:5:14 | iterator(...) |
| test.kt:5:14:5:14 | next(...) |
| test.kt:6:14:6:14 | hasNext(...) |
| test.kt:6:14:6:14 | iterator(...) |
| test.kt:6:14:6:14 | next(...) |
| test.kt:7:14:7:14 | hasNext(...) |
| test.kt:7:14:7:14 | iterator(...) |
| test.kt:7:14:7:14 | next(...) |

View File

@@ -0,0 +1,11 @@
fun test(x: Array<String>, y: Array<*>, z: IntArray): Int {
var ret = 0
for (el in x) { ret += 1 }
for (el in y) { ret += 1 }
for (el in z) { ret += 1 }
return ret
}

View File

@@ -0,0 +1,4 @@
import java
from MethodAccess ma
select ma

View File

@@ -14,8 +14,8 @@ calls
| test.kt:22:15:22:33 | setter(...) | test.kt:12:1:25:1 | user | test.kt:0:0:0:0 | TestKt | file:///!unknown-binary-location/Generic.class:0:0:0:0 | setter | file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic<? super String> | | test.kt:22:15:22:33 | setter(...) | test.kt:12:1:25:1 | user | test.kt:0:0:0:0 | TestKt | file:///!unknown-binary-location/Generic.class:0:0:0:0 | setter | file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic<? super String> |
| test.kt:23:15:23:22 | getter(...) | test.kt:12:1:25:1 | user | test.kt:0:0:0:0 | TestKt | file:///!unknown-binary-location/Generic.class:0:0:0:0 | getter | file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic<? super String> | | test.kt:23:15:23:22 | getter(...) | test.kt:12:1:25:1 | user | test.kt:0:0:0:0 | TestKt | file:///!unknown-binary-location/Generic.class:0:0:0:0 | getter | file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic<? super String> |
constructors constructors
| Generic2.class:0:0:0:0 | Generic2<? extends String> | Generic2.class:0:0:0:0 | Generic2<? extends String> | Generic2<? extends String>(java.lang.String) | ? extends String | void | Test.java:1:7:1:14 | Generic2 | Test.java:3:10:3:17 | Generic2 | | Generic2.class:0:0:0:0 | Generic2<? extends String> | Generic2.class:0:0:0:0 | Generic2<? extends String> | Generic2<? extends String>(<nulltype>) | <nulltype> | void | Test.java:1:7:1:14 | Generic2 | Test.java:3:10:3:17 | Generic2 |
| Generic2.class:0:0:0:0 | Generic2<? super String> | Generic2.class:0:0:0:0 | Generic2<? super String> | Generic2<? super String>(java.lang.Object) | ? super String | void | Test.java:1:7:1:14 | Generic2 | Test.java:3:10:3:17 | Generic2 | | Generic2.class:0:0:0:0 | Generic2<? super String> | Generic2.class:0:0:0:0 | Generic2<? super String> | Generic2<? super String>(java.lang.String) | String | void | Test.java:1:7:1:14 | Generic2 | Test.java:3:10:3:17 | Generic2 |
| Generic2.class:0:0:0:0 | Generic2<String> | Generic2.class:0:0:0:0 | Generic2<String> | Generic2<String>(java.lang.String) | String | void | Test.java:1:7:1:14 | Generic2 | Test.java:3:10:3:17 | Generic2 | | Generic2.class:0:0:0:0 | Generic2<String> | Generic2.class:0:0:0:0 | Generic2<String> | Generic2<String>(java.lang.String) | String | void | Test.java:1:7:1:14 | Generic2 | Test.java:3:10:3:17 | Generic2 |
| Test.java:1:7:1:14 | Generic2 | Test.java:3:10:3:17 | Generic2 | Generic2(java.lang.Object) | T | void | Test.java:1:7:1:14 | Generic2 | Test.java:3:10:3:17 | Generic2 | | Test.java:1:7:1:14 | Generic2 | Test.java:3:10:3:17 | Generic2 | Generic2(java.lang.Object) | T | void | Test.java:1:7:1:14 | Generic2 | Test.java:3:10:3:17 | Generic2 |
| Test.java:14:14:14:17 | Test | Test.java:14:14:14:17 | Test | Test() | No parameters | void | Test.java:14:14:14:17 | Test | Test.java:14:14:14:17 | Test | | Test.java:14:14:14:17 | Test | Test.java:14:14:14:17 | Test | Test() | No parameters | void | Test.java:14:14:14:17 | Test | Test.java:14:14:14:17 | Test |
@@ -34,14 +34,14 @@ refTypes
| test.kt:1:1:10:1 | Generic | | test.kt:1:1:10:1 | Generic |
| test.kt:1:15:1:15 | T | | test.kt:1:15:1:15 | T |
#select #select
| Generic2.class:0:0:0:0 | Generic2<? extends String> | Generic2.class:0:0:0:0 | getter | getter() | No parameters | ? extends String | Test.java:1:7:1:14 | Generic2 | Test.java:9:5:9:10 | getter | | Generic2.class:0:0:0:0 | Generic2<? extends String> | Generic2.class:0:0:0:0 | getter | getter() | No parameters | String | Test.java:1:7:1:14 | Generic2 | Test.java:9:5:9:10 | getter |
| Generic2.class:0:0:0:0 | Generic2<? extends String> | Generic2.class:0:0:0:0 | identity | identity(java.lang.String) | ? extends String | ? extends String | Test.java:1:7:1:14 | Generic2 | Test.java:8:5:8:12 | identity | | Generic2.class:0:0:0:0 | Generic2<? extends String> | Generic2.class:0:0:0:0 | identity | identity(<nulltype>) | <nulltype> | String | Test.java:1:7:1:14 | Generic2 | Test.java:8:5:8:12 | identity |
| Generic2.class:0:0:0:0 | Generic2<? extends String> | Generic2.class:0:0:0:0 | identity2 | identity2(java.lang.String) | ? extends String | ? extends String | Test.java:1:7:1:14 | Generic2 | Test.java:7:5:7:13 | identity2 | | Generic2.class:0:0:0:0 | Generic2<? extends String> | Generic2.class:0:0:0:0 | identity2 | identity2(<nulltype>) | <nulltype> | String | Test.java:1:7:1:14 | Generic2 | Test.java:7:5:7:13 | identity2 |
| Generic2.class:0:0:0:0 | Generic2<? extends String> | Generic2.class:0:0:0:0 | setter | setter(java.lang.String) | ? extends String | void | Test.java:1:7:1:14 | Generic2 | Test.java:10:8:10:13 | setter | | Generic2.class:0:0:0:0 | Generic2<? extends String> | Generic2.class:0:0:0:0 | setter | setter(<nulltype>) | <nulltype> | void | Test.java:1:7:1:14 | Generic2 | Test.java:10:8:10:13 | setter |
| Generic2.class:0:0:0:0 | Generic2<? super String> | Generic2.class:0:0:0:0 | getter | getter() | No parameters | ? super String | Test.java:1:7:1:14 | Generic2 | Test.java:9:5:9:10 | getter | | Generic2.class:0:0:0:0 | Generic2<? super String> | Generic2.class:0:0:0:0 | getter | getter() | No parameters | Object | Test.java:1:7:1:14 | Generic2 | Test.java:9:5:9:10 | getter |
| Generic2.class:0:0:0:0 | Generic2<? super String> | Generic2.class:0:0:0:0 | identity | identity(java.lang.Object) | ? super String | ? super String | Test.java:1:7:1:14 | Generic2 | Test.java:8:5:8:12 | identity | | Generic2.class:0:0:0:0 | Generic2<? super String> | Generic2.class:0:0:0:0 | identity | identity(java.lang.String) | String | Object | Test.java:1:7:1:14 | Generic2 | Test.java:8:5:8:12 | identity |
| Generic2.class:0:0:0:0 | Generic2<? super String> | Generic2.class:0:0:0:0 | identity2 | identity2(java.lang.Object) | ? super String | ? super String | Test.java:1:7:1:14 | Generic2 | Test.java:7:5:7:13 | identity2 | | Generic2.class:0:0:0:0 | Generic2<? super String> | Generic2.class:0:0:0:0 | identity2 | identity2(java.lang.String) | String | Object | Test.java:1:7:1:14 | Generic2 | Test.java:7:5:7:13 | identity2 |
| Generic2.class:0:0:0:0 | Generic2<? super String> | Generic2.class:0:0:0:0 | setter | setter(java.lang.Object) | ? super String | void | Test.java:1:7:1:14 | Generic2 | Test.java:10:8:10:13 | setter | | Generic2.class:0:0:0:0 | Generic2<? super String> | Generic2.class:0:0:0:0 | setter | setter(java.lang.String) | String | void | Test.java:1:7:1:14 | Generic2 | Test.java:10:8:10:13 | setter |
| Generic2.class:0:0:0:0 | Generic2<String> | Generic2.class:0:0:0:0 | getter | getter() | No parameters | String | Test.java:1:7:1:14 | Generic2 | Test.java:9:5:9:10 | getter | | Generic2.class:0:0:0:0 | Generic2<String> | Generic2.class:0:0:0:0 | getter | getter() | No parameters | String | Test.java:1:7:1:14 | Generic2 | Test.java:9:5:9:10 | getter |
| Generic2.class:0:0:0:0 | Generic2<String> | Generic2.class:0:0:0:0 | identity | identity(java.lang.String) | String | String | Test.java:1:7:1:14 | Generic2 | Test.java:8:5:8:12 | identity | | Generic2.class:0:0:0:0 | Generic2<String> | Generic2.class:0:0:0:0 | identity | identity(java.lang.String) | String | String | Test.java:1:7:1:14 | Generic2 | Test.java:8:5:8:12 | identity |
| Generic2.class:0:0:0:0 | Generic2<String> | Generic2.class:0:0:0:0 | identity2 | identity2(java.lang.String) | String | String | Test.java:1:7:1:14 | Generic2 | Test.java:7:5:7:13 | identity2 | | Generic2.class:0:0:0:0 | Generic2<String> | Generic2.class:0:0:0:0 | identity2 | identity2(java.lang.String) | String | String | Test.java:1:7:1:14 | Generic2 | Test.java:7:5:7:13 | identity2 |

View File

@@ -8,7 +8,7 @@ reflection.kt:
# 46| 0: [TypeAccess] String # 46| 0: [TypeAccess] String
# 47| 5: [BlockStmt] { ... } # 47| 5: [BlockStmt] { ... }
# 47| 0: [ReturnStmt] return ... # 47| 0: [ReturnStmt] return ...
# 47| 0: [MethodAccess] get(...) # 47| 0: [MethodAccess] charAt(...)
# 47| -1: [ExtensionReceiverAccess] this # 47| -1: [ExtensionReceiverAccess] this
# 47| 0: [SubExpr] ... - ... # 47| 0: [SubExpr] ... - ...
# 47| 0: [MethodAccess] length(...) # 47| 0: [MethodAccess] length(...)

View File

@@ -0,0 +1,5 @@
public class Test {
public char f(String s) { return s.charAt(0); }
}

View File

@@ -0,0 +1,2 @@
| Test.java:3:36:3:46 | charAt(...) |
| test.kt:2:20:2:23 | charAt(...) |

View File

@@ -0,0 +1,2 @@
fun f(x: String) = x[0]

View File

@@ -0,0 +1,4 @@
import java
from MethodAccess ma
select ma

View File

@@ -0,0 +1,2 @@
| test.kt:31:17:31:24 | source(...) | test.kt:31:15:31:25 | f(...) |
| test.kt:32:17:32:24 | source(...) | test.kt:32:15:32:25 | g(...) |

View File

@@ -0,0 +1,36 @@
open class A {
open fun f(x: String) = x
}
interface B {
fun g(x: String) = x
}
interface C {
fun g(x: String) = x
}
class User : A(), B, C {
override fun f(x: String) = super.f(x)
override fun g(x: String) = super<B>.g(x)
fun source() = "tainted"
fun sink(s: String) { }
fun test() {
sink(this.f(source()))
sink(this.g(source()))
}
}

View File

@@ -0,0 +1,18 @@
import java
import semmle.code.java.dataflow.DataFlow
class Config extends DataFlow::Configuration {
Config() { this = "abc" }
override predicate isSource(DataFlow::Node n) {
n.asExpr().(MethodAccess).getMethod().getName() = "source"
}
override predicate isSink(DataFlow::Node n) {
n.asExpr().(Argument).getCall().getCallee().getName() = "sink"
}
}
from Config c, DataFlow::Node n1, DataFlow::Node n2
where c.hasFlow(n1, n2)
select n1, n2

View File

@@ -0,0 +1,328 @@
package generatedtest;
import java.io.File;
import java.io.InputStream;
import java.math.BigDecimal;
import java.math.BigInteger;
import java.nio.channels.ReadableByteChannel;
import java.nio.charset.Charset;
import java.nio.file.Path;
import java.util.Scanner;
import java.util.regex.Pattern;
// Test case generated by GenerateFlowTestCase.ql
public class Test {
Object source() {
return null;
}
void sink(Object o) {}
public void test() throws Exception {
{
// "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual"
Scanner out = null;
File in = (File) source();
out = new Scanner(in);
sink(out); // $ hasTaintFlow
}
{
// "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual"
Scanner out = null;
File in = (File) source();
out = new Scanner(in, (Charset) null);
sink(out); // $ hasTaintFlow
}
{
// "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual"
Scanner out = null;
File in = (File) source();
out = new Scanner(in, (String) null);
sink(out); // $ hasTaintFlow
}
{
// "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual"
Scanner out = null;
InputStream in = (InputStream) source();
out = new Scanner(in);
sink(out); // $ hasTaintFlow
}
{
// "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual"
Scanner out = null;
InputStream in = (InputStream) source();
out = new Scanner(in, (Charset) null);
sink(out); // $ hasTaintFlow
}
{
// "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual"
Scanner out = null;
InputStream in = (InputStream) source();
out = new Scanner(in, (String) null);
sink(out); // $ hasTaintFlow
}
{
// "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual"
Scanner out = null;
Path in = (Path) source();
out = new Scanner(in);
sink(out); // $ hasTaintFlow
}
{
// "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual"
Scanner out = null;
Path in = (Path) source();
out = new Scanner(in, (Charset) null);
sink(out); // $ hasTaintFlow
}
{
// "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual"
Scanner out = null;
Path in = (Path) source();
out = new Scanner(in, (String) null);
sink(out); // $ hasTaintFlow
}
{
// "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual"
Scanner out = null;
Readable in = (Readable) source();
out = new Scanner(in);
sink(out); // $ hasTaintFlow
}
{
// "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual"
Scanner out = null;
ReadableByteChannel in = (ReadableByteChannel) source();
out = new Scanner(in);
sink(out); // $ hasTaintFlow
}
{
// "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual"
Scanner out = null;
ReadableByteChannel in = (ReadableByteChannel) source();
out = new Scanner(in, (Charset) null);
sink(out); // $ hasTaintFlow
}
{
// "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual"
Scanner out = null;
ReadableByteChannel in = (ReadableByteChannel) source();
out = new Scanner(in, (String) null);
sink(out); // $ hasTaintFlow
}
{
// "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual"
Scanner out = null;
String in = (String) source();
out = new Scanner(in);
sink(out); // $ hasTaintFlow
}
{
// "java.util;Scanner;true;findInLine;;;Argument[-1];ReturnValue;taint;manual"
String out = null;
Scanner in = (Scanner) source();
out = in.findInLine((Pattern) null);
sink(out); // $ hasTaintFlow
}
{
// "java.util;Scanner;true;findInLine;;;Argument[-1];ReturnValue;taint;manual"
String out = null;
Scanner in = (Scanner) source();
out = in.findInLine((String) null);
sink(out); // $ hasTaintFlow
}
{
// "java.util;Scanner;true;findWithinHorizon;;;Argument[-1];ReturnValue;taint;manual"
String out = null;
Scanner in = (Scanner) source();
out = in.findWithinHorizon((Pattern) null, 0);
sink(out); // $ hasTaintFlow
}
{
// "java.util;Scanner;true;findWithinHorizon;;;Argument[-1];ReturnValue;taint;manual"
String out = null;
Scanner in = (Scanner) source();
out = in.findWithinHorizon((String) null, 0);
sink(out); // $ hasTaintFlow
}
{
// "java.util;Scanner;true;next;;;Argument[-1];ReturnValue;taint;manual"
String out = null;
Scanner in = (Scanner) source();
out = in.next((Pattern) null);
sink(out); // $ hasTaintFlow
}
{
// "java.util;Scanner;true;next;;;Argument[-1];ReturnValue;taint;manual"
String out = null;
Scanner in = (Scanner) source();
out = in.next((String) null);
sink(out); // $ hasTaintFlow
}
{
// "java.util;Scanner;true;next;;;Argument[-1];ReturnValue;taint;manual"
String out = null;
Scanner in = (Scanner) source();
out = in.next();
sink(out); // $ hasTaintFlow
}
{
// "java.util;Scanner;true;nextBigDecimal;;;Argument[-1];ReturnValue;taint;manual"
BigDecimal out = null;
Scanner in = (Scanner) source();
out = in.nextBigDecimal();
sink(out); // $ hasTaintFlow
}
{
// "java.util;Scanner;true;nextBigInteger;;;Argument[-1];ReturnValue;taint;manual"
BigInteger out = null;
Scanner in = (Scanner) source();
out = in.nextBigInteger();
sink(out); // $ hasTaintFlow
}
{
// "java.util;Scanner;true;nextBigInteger;;;Argument[-1];ReturnValue;taint;manual"
BigInteger out = null;
Scanner in = (Scanner) source();
out = in.nextBigInteger(0);
sink(out); // $ hasTaintFlow
}
{
// "java.util;Scanner;true;nextBoolean;;;Argument[-1];ReturnValue;taint;manual"
boolean out = false;
Scanner in = (Scanner) source();
out = in.nextBoolean();
sink(out); // $ hasTaintFlow
}
{
// "java.util;Scanner;true;nextByte;;;Argument[-1];ReturnValue;taint;manual"
byte out = 0;
Scanner in = (Scanner) source();
out = in.nextByte();
sink(out); // $ hasTaintFlow
}
{
// "java.util;Scanner;true;nextByte;;;Argument[-1];ReturnValue;taint;manual"
byte out = 0;
Scanner in = (Scanner) source();
out = in.nextByte(0);
sink(out); // $ hasTaintFlow
}
{
// "java.util;Scanner;true;nextDouble;;;Argument[-1];ReturnValue;taint;manual"
double out = 0;
Scanner in = (Scanner) source();
out = in.nextDouble();
sink(out); // $ hasTaintFlow
}
{
// "java.util;Scanner;true;nextFloat;;;Argument[-1];ReturnValue;taint;manual"
float out = 0;
Scanner in = (Scanner) source();
out = in.nextFloat();
sink(out); // $ hasTaintFlow
}
{
// "java.util;Scanner;true;nextInt;;;Argument[-1];ReturnValue;taint;manual"
int out = 0;
Scanner in = (Scanner) source();
out = in.nextInt();
sink(out); // $ hasTaintFlow
}
{
// "java.util;Scanner;true;nextInt;;;Argument[-1];ReturnValue;taint;manual"
int out = 0;
Scanner in = (Scanner) source();
out = in.nextInt(0);
sink(out); // $ hasTaintFlow
}
{
// "java.util;Scanner;true;nextLine;;;Argument[-1];ReturnValue;taint;manual"
String out = null;
Scanner in = (Scanner) source();
out = in.nextLine();
sink(out); // $ hasTaintFlow
}
{
// "java.util;Scanner;true;nextLong;;;Argument[-1];ReturnValue;taint;manual"
long out = 0;
Scanner in = (Scanner) source();
out = in.nextLong();
sink(out); // $ hasTaintFlow
}
{
// "java.util;Scanner;true;nextLong;;;Argument[-1];ReturnValue;taint;manual"
long out = 0;
Scanner in = (Scanner) source();
out = in.nextLong(0);
sink(out); // $ hasTaintFlow
}
{
// "java.util;Scanner;true;nextShort;;;Argument[-1];ReturnValue;taint;manual"
short out = 0;
Scanner in = (Scanner) source();
out = in.nextShort();
sink(out); // $ hasTaintFlow
}
{
// "java.util;Scanner;true;nextShort;;;Argument[-1];ReturnValue;taint;manual"
short out = 0;
Scanner in = (Scanner) source();
out = in.nextShort(0);
sink(out); // $ hasTaintFlow
}
{
// "java.util;Scanner;true;reset;;;Argument[-1];ReturnValue;value;manual"
Scanner out = null;
Scanner in = (Scanner) source();
out = in.reset();
sink(out); // $ hasValueFlow
}
{
// "java.util;Scanner;true;skip;;;Argument[-1];ReturnValue;value;manual"
Scanner out = null;
Scanner in = (Scanner) source();
out = in.skip((Pattern) null);
sink(out); // $ hasValueFlow
}
{
// "java.util;Scanner;true;skip;;;Argument[-1];ReturnValue;value;manual"
Scanner out = null;
Scanner in = (Scanner) source();
out = in.skip((String) null);
sink(out); // $ hasValueFlow
}
{
// "java.util;Scanner;true;useDelimiter;;;Argument[-1];ReturnValue;value;manual"
Scanner out = null;
Scanner in = (Scanner) source();
out = in.useDelimiter((Pattern) null);
sink(out); // $ hasValueFlow
}
{
// "java.util;Scanner;true;useDelimiter;;;Argument[-1];ReturnValue;value;manual"
Scanner out = null;
Scanner in = (Scanner) source();
out = in.useDelimiter((String) null);
sink(out); // $ hasValueFlow
}
{
// "java.util;Scanner;true;useLocale;;;Argument[-1];ReturnValue;value;manual"
Scanner out = null;
Scanner in = (Scanner) source();
out = in.useLocale(null);
sink(out); // $ hasValueFlow
}
{
// "java.util;Scanner;true;useRadix;;;Argument[-1];ReturnValue;value;manual"
Scanner out = null;
Scanner in = (Scanner) source();
out = in.useRadix(0);
sink(out); // $ hasValueFlow
}
}
}

View File

@@ -0,0 +1,2 @@
import java
import TestUtilities.InlineFlowTest

View File

@@ -0,0 +1,20 @@
import java.util.List;
public class Lib<T> {
public void takesVar(T t) { }
public void takesInvar(List<T> lt) { }
public void takesUnbound(List<?> lt) { }
public void takesExtends(List<? extends T> lt) { }
public void takesSuper(List<? super T> lt) { }
public T returnsVar() { return null; }
public List<T> returnsInvar() { return null; }
public List<?> returnsUnbound() { return null; }
public List<? extends T> returnsExtends() { return null; }
public List<? super T> returnsSuper() { return null; }
public void takesArray(T[] ts) { }
public T[] returnsArray() { return null; }
}

View File

@@ -0,0 +1,12 @@
public class User {
public static void test(Lib<CharSequence> invarLib, Lib<? extends CharSequence> extendsLib, Lib<? super CharSequence> superLib, Lib<?> unboundLib) {
invarLib.takesVar(null);
extendsLib.takesVar(null);
superLib.takesVar(null);
unboundLib.takesVar(null);
}
}

View File

@@ -0,0 +1,64 @@
| Lib.class:0:0:0:0 | Lib<? extends CharSequence> | Lib.class:0:0:0:0 | returnsArray | CharSequence[] |
| Lib.class:0:0:0:0 | Lib<? extends CharSequence> | Lib.class:0:0:0:0 | returnsExtends | List<? extends CharSequence> |
| Lib.class:0:0:0:0 | Lib<? extends CharSequence> | Lib.class:0:0:0:0 | returnsInvar | List<? extends CharSequence> |
| Lib.class:0:0:0:0 | Lib<? extends CharSequence> | Lib.class:0:0:0:0 | returnsSuper | List<?> |
| Lib.class:0:0:0:0 | Lib<? extends CharSequence> | Lib.class:0:0:0:0 | returnsUnbound | List<?> |
| Lib.class:0:0:0:0 | Lib<? extends CharSequence> | Lib.class:0:0:0:0 | returnsVar | CharSequence |
| Lib.class:0:0:0:0 | Lib<? extends CharSequence> | Lib.class:0:0:0:0 | takesArray | <nulltype>[] |
| Lib.class:0:0:0:0 | Lib<? extends CharSequence> | Lib.class:0:0:0:0 | takesExtends | List<? extends CharSequence> |
| Lib.class:0:0:0:0 | Lib<? extends CharSequence> | Lib.class:0:0:0:0 | takesInvar | List<? extends CharSequence> |
| Lib.class:0:0:0:0 | Lib<? extends CharSequence> | Lib.class:0:0:0:0 | takesSuper | List<?> |
| Lib.class:0:0:0:0 | Lib<? extends CharSequence> | Lib.class:0:0:0:0 | takesUnbound | List<?> |
| Lib.class:0:0:0:0 | Lib<? extends CharSequence> | Lib.class:0:0:0:0 | takesVar | <nulltype> |
| Lib.class:0:0:0:0 | Lib<? super CharSequence> | Lib.class:0:0:0:0 | returnsArray | Object[] |
| Lib.class:0:0:0:0 | Lib<? super CharSequence> | Lib.class:0:0:0:0 | returnsExtends | List<?> |
| Lib.class:0:0:0:0 | Lib<? super CharSequence> | Lib.class:0:0:0:0 | returnsInvar | List<? super CharSequence> |
| Lib.class:0:0:0:0 | Lib<? super CharSequence> | Lib.class:0:0:0:0 | returnsSuper | List<? super CharSequence> |
| Lib.class:0:0:0:0 | Lib<? super CharSequence> | Lib.class:0:0:0:0 | returnsUnbound | List<?> |
| Lib.class:0:0:0:0 | Lib<? super CharSequence> | Lib.class:0:0:0:0 | returnsVar | Object |
| Lib.class:0:0:0:0 | Lib<? super CharSequence> | Lib.class:0:0:0:0 | takesArray | CharSequence[] |
| Lib.class:0:0:0:0 | Lib<? super CharSequence> | Lib.class:0:0:0:0 | takesExtends | List<?> |
| Lib.class:0:0:0:0 | Lib<? super CharSequence> | Lib.class:0:0:0:0 | takesInvar | List<? super CharSequence> |
| Lib.class:0:0:0:0 | Lib<? super CharSequence> | Lib.class:0:0:0:0 | takesSuper | List<? super CharSequence> |
| Lib.class:0:0:0:0 | Lib<? super CharSequence> | Lib.class:0:0:0:0 | takesUnbound | List<?> |
| Lib.class:0:0:0:0 | Lib<? super CharSequence> | Lib.class:0:0:0:0 | takesVar | CharSequence |
| Lib.class:0:0:0:0 | Lib<?> | Lib.class:0:0:0:0 | returnsArray | Object[] |
| Lib.class:0:0:0:0 | Lib<?> | Lib.class:0:0:0:0 | returnsExtends | List<? extends Object> |
| Lib.class:0:0:0:0 | Lib<?> | Lib.class:0:0:0:0 | returnsInvar | List<?> |
| Lib.class:0:0:0:0 | Lib<?> | Lib.class:0:0:0:0 | returnsSuper | List<?> |
| Lib.class:0:0:0:0 | Lib<?> | Lib.class:0:0:0:0 | returnsUnbound | List<?> |
| Lib.class:0:0:0:0 | Lib<?> | Lib.class:0:0:0:0 | returnsVar | Object |
| Lib.class:0:0:0:0 | Lib<?> | Lib.class:0:0:0:0 | takesArray | <nulltype>[] |
| Lib.class:0:0:0:0 | Lib<?> | Lib.class:0:0:0:0 | takesExtends | List<? extends Object> |
| Lib.class:0:0:0:0 | Lib<?> | Lib.class:0:0:0:0 | takesInvar | List<?> |
| Lib.class:0:0:0:0 | Lib<?> | Lib.class:0:0:0:0 | takesSuper | List<?> |
| Lib.class:0:0:0:0 | Lib<?> | Lib.class:0:0:0:0 | takesUnbound | List<?> |
| Lib.class:0:0:0:0 | Lib<?> | Lib.class:0:0:0:0 | takesVar | <nulltype> |
| Lib.class:0:0:0:0 | Lib<CharSequence> | Lib.class:0:0:0:0 | returnsArray | CharSequence[] |
| Lib.class:0:0:0:0 | Lib<CharSequence> | Lib.class:0:0:0:0 | returnsExtends | List<? extends CharSequence> |
| Lib.class:0:0:0:0 | Lib<CharSequence> | Lib.class:0:0:0:0 | returnsInvar | List<CharSequence> |
| Lib.class:0:0:0:0 | Lib<CharSequence> | Lib.class:0:0:0:0 | returnsSuper | List<? super CharSequence> |
| Lib.class:0:0:0:0 | Lib<CharSequence> | Lib.class:0:0:0:0 | returnsUnbound | List<?> |
| Lib.class:0:0:0:0 | Lib<CharSequence> | Lib.class:0:0:0:0 | returnsVar | CharSequence |
| Lib.class:0:0:0:0 | Lib<CharSequence> | Lib.class:0:0:0:0 | takesArray | CharSequence[] |
| Lib.class:0:0:0:0 | Lib<CharSequence> | Lib.class:0:0:0:0 | takesExtends | List<? extends CharSequence> |
| Lib.class:0:0:0:0 | Lib<CharSequence> | Lib.class:0:0:0:0 | takesInvar | List<CharSequence> |
| Lib.class:0:0:0:0 | Lib<CharSequence> | Lib.class:0:0:0:0 | takesSuper | List<? super CharSequence> |
| Lib.class:0:0:0:0 | Lib<CharSequence> | Lib.class:0:0:0:0 | takesUnbound | List<?> |
| Lib.class:0:0:0:0 | Lib<CharSequence> | Lib.class:0:0:0:0 | takesVar | CharSequence |
| Lib.java:3:14:3:16 | Lib | Lib.java:5:15:5:22 | takesVar | T |
| Lib.java:3:14:3:16 | Lib | Lib.java:6:15:6:24 | takesInvar | List<T> |
| Lib.java:3:14:3:16 | Lib | Lib.java:7:15:7:26 | takesUnbound | List<?> |
| Lib.java:3:14:3:16 | Lib | Lib.java:8:15:8:26 | takesExtends | List<? extends T> |
| Lib.java:3:14:3:16 | Lib | Lib.java:9:15:9:24 | takesSuper | List<? super T> |
| Lib.java:3:14:3:16 | Lib | Lib.java:11:12:11:21 | returnsVar | T |
| Lib.java:3:14:3:16 | Lib | Lib.java:12:18:12:29 | returnsInvar | List<T> |
| Lib.java:3:14:3:16 | Lib | Lib.java:13:18:13:31 | returnsUnbound | List<?> |
| Lib.java:3:14:3:16 | Lib | Lib.java:14:28:14:41 | returnsExtends | List<? extends T> |
| Lib.java:3:14:3:16 | Lib | Lib.java:15:26:15:37 | returnsSuper | List<? super T> |
| Lib.java:3:14:3:16 | Lib | Lib.java:17:15:17:24 | takesArray | T[] |
| Lib.java:3:14:3:16 | Lib | Lib.java:18:14:18:25 | returnsArray | T[] |
| User.java:1:14:1:17 | User | User.java:3:22:3:25 | test | Lib<? extends CharSequence> |
| User.java:1:14:1:17 | User | User.java:3:22:3:25 | test | Lib<? super CharSequence> |
| User.java:1:14:1:17 | User | User.java:3:22:3:25 | test | Lib<?> |
| User.java:1:14:1:17 | User | User.java:3:22:3:25 | test | Lib<CharSequence> |

View File

@@ -0,0 +1,7 @@
import java
Type notVoid(Type t) { result = t and not result instanceof VoidType }
from Callable c
where c.getSourceDeclaration().fromSource()
select c.getDeclaringType(), c, notVoid([c.getAParamType(), c.getReturnType()]).toString()

View File

@@ -0,0 +1,3 @@
public class Test {
}

View File

@@ -0,0 +1,2 @@
| test.xml:4:5:4:32 | attribute=value | Unexpected result: hasXmlResult= |
| test.xml:5:29:5:52 | $ hasXmlResult | Missing result:hasXmlResult= |

View File

@@ -0,0 +1,17 @@
import semmle.code.xml.XML
import TestUtilities.InlineExpectationsTest
class XmlTest extends InlineExpectationsTest {
XmlTest() { this = "XmlTest" }
override string getARelevantTag() { result = "hasXmlResult" }
override predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "hasXmlResult" and
exists(XMLAttribute a |
a.getLocation() = location and
element = a.toString() and
value = ""
)
}
}

View File

@@ -0,0 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<document>
<element attribute="value">Text</element> <!-- $ hasXmlResult -->
<element attribute="value">Text</element> <!-- Missing -->
<element>Text</element> <!-- $ hasXmlResult --> <!-- Spurious -->
</document>

View File

@@ -0,0 +1,11 @@
import android.app.Activity
import android.content.Context
import android.content.SharedPreferences
class CleartextStorageSharedPrefsTestKt : Activity() {
fun testSetSharedPrefs1(context: Context, name: String, password: String) {
val sharedPrefs = context.getSharedPreferences("user_prefs", Context.MODE_PRIVATE);
sharedPrefs.edit().putString("name", name).apply(); // Safe
sharedPrefs.edit().putString("password", password).apply(); // $ hasCleartextStorageSharedPrefs
}
}

View File

@@ -1 +1,2 @@
// semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/google-android-9.0.0 // semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/google-android-9.0.0
// codeql-extractor-kotlin-options: ${testdir}/../../../stubs/google-android-9.0.0

View File

@@ -44,6 +44,7 @@
<activity android:name=".UnsafeActivity3" android:exported="true" /> <activity android:name=".UnsafeActivity3" android:exported="true" />
<activity android:name=".UnsafeActivity4" android:exported="true" /> <activity android:name=".UnsafeActivity4" android:exported="true" />
<activity android:name=".UnsafeActivityKt" android:exported="true" />
<receiver android:name=".UnsafeAndroidBroadcastReceiver" android:exported="true" /> <receiver android:name=".UnsafeAndroidBroadcastReceiver" android:exported="true" />
</application> </application>

View File

@@ -0,0 +1,20 @@
package com.example.app
import android.app.Activity
import android.os.Bundle
import android.webkit.WebSettings
import android.webkit.WebView
import android.webkit.WebViewClient
class UnsafeActivityKt : Activity() {
override fun onCreate(savedInstanceState : Bundle) {
val wv = findViewById<WebView>(-1)
// Implicit not-nulls happening here
wv.settings.setJavaScriptEnabled(true)
wv.settings.setAllowFileAccessFromFileURLs(true)
val thisUrl : String = intent.extras.getString("url")
wv.loadUrl(thisUrl) // $ hasUnsafeAndroidAccess
}
}

View File

@@ -1 +1,2 @@
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/android //semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/google-android-9.0.0
//codeql-extractor-kotlin-options: ${testdir}/../../../stubs/google-android-9.0.0

View File

@@ -1,5 +1,5 @@
name: codeql/javascript-all name: codeql/javascript-all
version: 0.2.1 version: 0.2.2-dev
groups: javascript groups: javascript
dbscheme: semmlecode.javascript.dbscheme dbscheme: semmlecode.javascript.dbscheme
extractor: javascript extractor: javascript

View File

@@ -28,6 +28,9 @@ module Actions {
/** Gets the `jobs` mapping from job IDs to job definitions in this workflow. */ /** Gets the `jobs` mapping from job IDs to job definitions in this workflow. */
YAMLMapping getJobs() { result = this.lookup("jobs") } YAMLMapping getJobs() { result = this.lookup("jobs") }
/** Gets the name of the workflow. */
string getName() { result = this.lookup("name").(YAMLString).getValue() }
/** Gets the name of the workflow file. */ /** Gets the name of the workflow file. */
string getFileName() { result = this.getFile().getBaseName() } string getFileName() { result = this.getFile().getBaseName() }
@@ -129,6 +132,9 @@ module Actions {
/** Gets the value of the `if` field in this step, if any. */ /** Gets the value of the `if` field in this step, if any. */
StepIf getIf() { result.getStep() = this } StepIf getIf() { result.getStep() = this }
/** Gets the ID of this step, if any. */
string getId() { result = this.lookup("id").(YAMLString).getValue() }
} }
/** /**

Some files were not shown because too many files have changed in this diff Show More