mirror of
https://github.com/github/codeql.git
synced 2026-06-03 04:40:14 +02:00
Compare commits
7 Commits
copilot/co
...
post-relea
| Author | SHA1 | Date | |
|---|---|---|---|
|
cfb18c2477 | ||
|
|
1a82a682e9 | ||
|
|
8b6f969cdb | ||
|
|
f4da0df3c7 | ||
|
|
9bc0c1b1ab | ||
|
|
fe7b2b9d4f | ||
|
|
44a914e40f |
@@ -1,3 +1,9 @@
|
||||
## 0.4.37
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The GitHub Actions analysis now recognizes more Bash regex checks that restrict a value to alphanumeric characters, include regexes like `^[0-9a-zA-Z]{40}([0-9a-zA-Z]{24})?$` which check for a sha1 or sha256 hash. This may reduce false positive results where command output is validated with grouped or optional alphanumeric patterns before being used.
|
||||
|
||||
## 0.4.36
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The GitHub Actions analysis now recognizes more Bash regex checks that restrict a value to alphanumeric characters, include regexes like `^[0-9a-zA-Z]{40}([0-9a-zA-Z]{24})?$` which check for a sha1 or sha256 hash. This may reduce false positive results where command output is validated with grouped or optional alphanumeric patterns before being used.
|
||||
## 0.4.37
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The GitHub Actions analysis now recognizes more Bash regex checks that restrict a value to alphanumeric characters, include regexes like `^[0-9a-zA-Z]{40}([0-9a-zA-Z]{24})?$` which check for a sha1 or sha256 hash. This may reduce false positive results where command output is validated with grouped or optional alphanumeric patterns before being used.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.4.36
|
||||
lastReleaseVersion: 0.4.37
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/actions-all
|
||||
version: 0.4.37-dev
|
||||
version: 0.4.38-dev
|
||||
library: true
|
||||
warnOnImplicitThis: true
|
||||
dependencies:
|
||||
|
||||
@@ -1,3 +1,22 @@
|
||||
## 0.6.29
|
||||
|
||||
### Query Metadata Changes
|
||||
|
||||
* Reversed adjustment of the name of `actions/untrusted-checkout/high`, but kept the portion of the previous change for the word "trusted" to "privileged". Added a missing "a" to phrasing in `actions/untrusted-checkout/high` and `actions/untrusted-checkout/medium`.
|
||||
|
||||
### Major Analysis Improvements
|
||||
|
||||
* Adjusted `actions/untrusted-checkout/critical` to align more with other untrusted resource queries, where the alert location is the location where the artifact is obtained from (the checkout point). This aligns with the other 2 related queries. This will cause the same alerts to re-open for closed alerts of this query.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Altered the alert message for clarity for queries: `actions/untrusted-checkout/critical`, `actions/untrusted-checkout/high`.
|
||||
* The `actions/unpinned-tag` query now recognizes 64-character SHA-256 commit hashes as properly pinned references, in addition to 40-character SHA-1 hashes.
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* Adjusted (minor) help file descriptions for queries: `actions/untrusted-checkout/critical`, `actions/untrusted-checkout/high`, `actions/untrusted-checkout/medium`. Clarified wording on in minor point, added one more listed resource and added one more recommendation for things to check.
|
||||
|
||||
## 0.6.28
|
||||
|
||||
### Query Metadata Changes
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: majorAnalysis
|
||||
---
|
||||
* Adjusted `actions/untrusted-checkout/critical` to align more with other untrusted resource queries, where the alert location is the location where the artifact is obtained from (the checkout point). This aligns with the other 2 related queries. This will cause the same alerts to re-open for closed alerts of this query.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The `actions/unpinned-tag` query now recognizes 64-character SHA-256 commit hashes as properly pinned references, in addition to 40-character SHA-1 hashes.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Altered the alert message for clarity for queries: `actions/untrusted-checkout/critical`, `actions/untrusted-checkout/high`.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: fix
|
||||
---
|
||||
* Adjusted (minor) help file descriptions for queries: `actions/untrusted-checkout/critical`, `actions/untrusted-checkout/high`, `actions/untrusted-checkout/medium`. Clarified wording on in minor point, added one more listed resource and added one more recommendation for things to check.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: queryMetadata
|
||||
---
|
||||
* Reversed adjustment of the name of `actions/untrusted-checkout/high`, but kept the portion of the previous change for the word "trusted" to "privileged". Added a missing "a" to phrasing in `actions/untrusted-checkout/high` and `actions/untrusted-checkout/medium`.
|
||||
18
actions/ql/src/change-notes/released/0.6.29.md
Normal file
18
actions/ql/src/change-notes/released/0.6.29.md
Normal file
@@ -0,0 +1,18 @@
|
||||
## 0.6.29
|
||||
|
||||
### Query Metadata Changes
|
||||
|
||||
* Reversed adjustment of the name of `actions/untrusted-checkout/high`, but kept the portion of the previous change for the word "trusted" to "privileged". Added a missing "a" to phrasing in `actions/untrusted-checkout/high` and `actions/untrusted-checkout/medium`.
|
||||
|
||||
### Major Analysis Improvements
|
||||
|
||||
* Adjusted `actions/untrusted-checkout/critical` to align more with other untrusted resource queries, where the alert location is the location where the artifact is obtained from (the checkout point). This aligns with the other 2 related queries. This will cause the same alerts to re-open for closed alerts of this query.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Altered the alert message for clarity for queries: `actions/untrusted-checkout/critical`, `actions/untrusted-checkout/high`.
|
||||
* The `actions/unpinned-tag` query now recognizes 64-character SHA-256 commit hashes as properly pinned references, in addition to 40-character SHA-1 hashes.
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* Adjusted (minor) help file descriptions for queries: `actions/untrusted-checkout/critical`, `actions/untrusted-checkout/high`, `actions/untrusted-checkout/medium`. Clarified wording on in minor point, added one more listed resource and added one more recommendation for things to check.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.6.28
|
||||
lastReleaseVersion: 0.6.29
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/actions-queries
|
||||
version: 0.6.29-dev
|
||||
version: 0.6.30-dev
|
||||
library: false
|
||||
warnOnImplicitThis: true
|
||||
groups: [actions, queries]
|
||||
|
||||
@@ -1,3 +1,19 @@
|
||||
## 10.2.0
|
||||
|
||||
### Deprecated APIs
|
||||
|
||||
* The `UsingAliasTypedefType` class has been deprecated. Use `TypeAliasType` instead.
|
||||
|
||||
### New Features
|
||||
|
||||
* Added a `getOriginalTemplate` predicate to `TemplateClass`, `TemplateFunction`, `TemplateVariable`, and `AliasTemplateType`, which yields the class member template the template was generated from. The predicates only have results for templates that are members of class template instantiations.
|
||||
* Added `AliasTemplateType` and `AliasTemplateInstantiationType` classes, representing C++ alias templates and their instantiations.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added flow source models for `scanf_s` and related functions.
|
||||
* Added a `Call` column to `LocalFlowSourceFunction::hasLocalFlowSource` and `RemoteFlowSourceFunction::hasRemoteFlowSource`. The old predicates without a `Call` column continue to be supported.
|
||||
|
||||
## 10.1.1
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
@@ -30,6 +30,8 @@ class Options extends string {
|
||||
predicate overrideReturnsNull(Call call) {
|
||||
// Used in CVS:
|
||||
call.(FunctionCall).getTarget().hasGlobalName("Xstrdup")
|
||||
or
|
||||
CustomOptions::overrideReturnsNull(call) // old Options.qll
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -43,6 +45,8 @@ class Options extends string {
|
||||
// Used in CVS:
|
||||
call.(FunctionCall).getTarget().hasGlobalName("Xstrdup") and
|
||||
nullValue(call.getArgument(0))
|
||||
or
|
||||
CustomOptions::returnsNull(call) // old Options.qll
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -61,6 +65,8 @@ class Options extends string {
|
||||
f.hasGlobalOrStdName([
|
||||
"exit", "_exit", "_Exit", "abort", "__assert_fail", "longjmp", "__builtin_unreachable"
|
||||
])
|
||||
or
|
||||
CustomOptions::exits(f) // old Options.qll
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -73,7 +79,8 @@ class Options extends string {
|
||||
* runtime, the program's behavior is undefined)
|
||||
*/
|
||||
predicate exprExits(Expr e) {
|
||||
e.(AssumeExpr).getChild(0).(CompileTimeConstantInt).getIntValue() = 0
|
||||
e.(AssumeExpr).getChild(0).(CompileTimeConstantInt).getIntValue() = 0 or
|
||||
CustomOptions::exprExits(e) // old Options.qll
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -81,7 +88,10 @@ class Options extends string {
|
||||
*
|
||||
* By default holds only for `fgets`.
|
||||
*/
|
||||
predicate alwaysCheckReturnValue(Function f) { f.hasGlobalOrStdName("fgets") }
|
||||
predicate alwaysCheckReturnValue(Function f) {
|
||||
f.hasGlobalOrStdName("fgets") or
|
||||
CustomOptions::alwaysCheckReturnValue(f) // old Options.qll
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if it is reasonable to ignore the return value of function
|
||||
@@ -97,6 +107,8 @@ class Options extends string {
|
||||
// common way of sleeping using select:
|
||||
fc.getTarget().hasGlobalName("select") and
|
||||
fc.getArgument(0).getValue() = "0"
|
||||
or
|
||||
CustomOptions::okToIgnoreReturnValue(fc) // old Options.qll
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -98,3 +98,57 @@ class CustomMutexType extends MutexType {
|
||||
*/
|
||||
override predicate unlockAccess(FunctionCall fc, Expr arg) { none() }
|
||||
}
|
||||
|
||||
/**
|
||||
* DEPRECATED: customize `CustomOptions.overrideReturnsNull` instead.
|
||||
*
|
||||
* This predicate is required to support backwards compatibility for
|
||||
* older `Options.qll` files. It should not be removed or modified by
|
||||
* end users.
|
||||
*/
|
||||
predicate overrideReturnsNull(Call call) { none() }
|
||||
|
||||
/**
|
||||
* DEPRECATED: customize `CustomOptions.returnsNull` instead.
|
||||
*
|
||||
* This predicate is required to support backwards compatibility for
|
||||
* older `Options.qll` files. It should not be removed or modified by
|
||||
* end users.
|
||||
*/
|
||||
predicate returnsNull(Call call) { none() }
|
||||
|
||||
/**
|
||||
* DEPRECATED: customize `CustomOptions.exits` instead.
|
||||
*
|
||||
* This predicate is required to support backwards compatibility for
|
||||
* older `Options.qll` files. It should not be removed or modified by
|
||||
* end users.
|
||||
*/
|
||||
predicate exits(Function f) { none() }
|
||||
|
||||
/**
|
||||
* DEPRECATED: customize `CustomOptions.exprExits` instead.
|
||||
*
|
||||
* This predicate is required to support backwards compatibility for
|
||||
* older `Options.qll` files. It should not be removed or modified by
|
||||
* end users.
|
||||
*/
|
||||
predicate exprExits(Expr e) { none() }
|
||||
|
||||
/**
|
||||
* DEPRECATED: customize `CustomOptions.alwaysCheckReturnValue` instead.
|
||||
*
|
||||
* This predicate is required to support backwards compatibility for
|
||||
* older `Options.qll` files. It should not be removed or modified by
|
||||
* end users.
|
||||
*/
|
||||
predicate alwaysCheckReturnValue(Function f) { none() }
|
||||
|
||||
/**
|
||||
* DEPRECATED: customize `CustomOptions.okToIgnoreReturnValue` instead.
|
||||
*
|
||||
* This predicate is required to support backwards compatibility for
|
||||
* older `Options.qll` files. It should not be removed or modified by
|
||||
* end users.
|
||||
*/
|
||||
predicate okToIgnoreReturnValue(FunctionCall fc) { none() }
|
||||
|
||||
@@ -1,5 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added flow source models for `scanf_s` and related functions.
|
||||
* Added a `Call` column to `LocalFlowSourceFunction::hasLocalFlowSource` and `RemoteFlowSourceFunction::hasRemoteFlowSource`. The old predicates without a `Call` column continue to be supported.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: feature
|
||||
---
|
||||
* Added `AliasTemplateType` and `AliasTemplateInstantiationType` classes, representing C++ alias templates and their instantiations.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: deprecated
|
||||
---
|
||||
* The `UsingAliasTypedefType` class has been deprecated. Use `TypeAliasType` instead.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: feature
|
||||
---
|
||||
* Added a `getOriginalTemplate` predicate to `TemplateClass`, `TemplateFunction`, `TemplateVariable`, and `AliasTemplateType`, which yields the class member template the template was generated from. The predicates only have results for templates that are members of class template instantiations.
|
||||
@@ -1,15 +0,0 @@
|
||||
---
|
||||
category: breaking
|
||||
---
|
||||
* Removed the deprecated `overrideReturnsNull` predicate from `Options.qll`. Use `CustomOptions.overrideReturnsNull` instead.
|
||||
* Removed the deprecated `returnsNull` predicate from `Options.qll`. Use `CustomOptions.returnsNull` instead.
|
||||
* Removed the deprecated `exits` predicate from `Options.qll`. Use `CustomOptions.exits` instead.
|
||||
* Removed the deprecated `exprExits` predicate from `Options.qll`. Use `CustomOptions.exprExits` instead.
|
||||
* Removed the deprecated `alwaysCheckReturnValue` predicate from `Options.qll`. Use `CustomOptions.alwaysCheckReturnValue` instead.
|
||||
* Removed the deprecated `okToIgnoreReturnValue` predicate from `Options.qll`. Use `CustomOptions.okToIgnoreReturnValue` instead.
|
||||
* Removed the deprecated `semmle.code.cpp.Member`. Import `semmle.code.cpp.Element` and/or `semmle.code.cpp.Type` directly.
|
||||
* Removed the deprecated `UnknownDefaultLocation` class. Use `UnknownLocation` instead.
|
||||
* Removed the deprecated `UnknownExprLocation` class. Use `UnknownLocation` instead.
|
||||
* Removed the deprecated `UnknownStmtLocation` class. Use `UnknownLocation` instead.
|
||||
* Removed the deprecated `TemplateParameter` class. Use `TypeTemplateParameter` instead.
|
||||
* Support for class resolution across link targets has been removed for databases which were created with CodeQL versions before 1.23.0.
|
||||
15
cpp/ql/lib/change-notes/released/10.2.0.md
Normal file
15
cpp/ql/lib/change-notes/released/10.2.0.md
Normal file
@@ -0,0 +1,15 @@
|
||||
## 10.2.0
|
||||
|
||||
### Deprecated APIs
|
||||
|
||||
* The `UsingAliasTypedefType` class has been deprecated. Use `TypeAliasType` instead.
|
||||
|
||||
### New Features
|
||||
|
||||
* Added a `getOriginalTemplate` predicate to `TemplateClass`, `TemplateFunction`, `TemplateVariable`, and `AliasTemplateType`, which yields the class member template the template was generated from. The predicates only have results for templates that are members of class template instantiations.
|
||||
* Added `AliasTemplateType` and `AliasTemplateInstantiationType` classes, representing C++ alias templates and their instantiations.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added flow source models for `scanf_s` and related functions.
|
||||
* Added a `Call` column to `LocalFlowSourceFunction::hasLocalFlowSource` and `RemoteFlowSourceFunction::hasRemoteFlowSource`. The old predicates without a `Call` column continue to be supported.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 10.1.1
|
||||
lastReleaseVersion: 10.2.0
|
||||
|
||||
@@ -32,6 +32,7 @@ import semmle.code.cpp.Class
|
||||
import semmle.code.cpp.Struct
|
||||
import semmle.code.cpp.Union
|
||||
import semmle.code.cpp.Enum
|
||||
import semmle.code.cpp.Member
|
||||
import semmle.code.cpp.Field
|
||||
import semmle.code.cpp.Function
|
||||
import semmle.code.cpp.MemberFunction
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/cpp-all
|
||||
version: 10.1.2-dev
|
||||
version: 10.2.1-dev
|
||||
groups: cpp
|
||||
dbscheme: semmlecode.cpp.dbscheme
|
||||
extractor: cpp
|
||||
|
||||
@@ -148,3 +148,28 @@ class UnknownLocation extends Location {
|
||||
this.getFile().getAbsolutePath() = "" and locations_default(this, _, 0, 0, 0, 0)
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* A dummy location which is used when something doesn't have a location in
|
||||
* the source code but needs to have a `Location` associated with it.
|
||||
*
|
||||
* DEPRECATED: use `UnknownLocation`
|
||||
*/
|
||||
deprecated class UnknownDefaultLocation extends UnknownLocation { }
|
||||
|
||||
/**
|
||||
* A dummy location which is used when an expression doesn't have a
|
||||
* location in the source code but needs to have a `Location` associated
|
||||
* with it.
|
||||
*
|
||||
* DEPRECATED: use `UnknownLocation`
|
||||
*/
|
||||
deprecated class UnknownExprLocation extends UnknownLocation { }
|
||||
|
||||
/**
|
||||
* A dummy location which is used when a statement doesn't have a location
|
||||
* in the source code but needs to have a `Location` associated with it.
|
||||
*
|
||||
* DEPRECATED: use `UnknownLocation`
|
||||
*/
|
||||
deprecated class UnknownStmtLocation extends UnknownLocation { }
|
||||
|
||||
6
cpp/ql/lib/semmle/code/cpp/Member.qll
Normal file
6
cpp/ql/lib/semmle/code/cpp/Member.qll
Normal file
@@ -0,0 +1,6 @@
|
||||
/**
|
||||
* DEPRECATED: import `semmle.code.cpp.Element` and/or `semmle.code.cpp.Type` directly as required.
|
||||
*/
|
||||
|
||||
import semmle.code.cpp.Element
|
||||
import semmle.code.cpp.Type
|
||||
@@ -35,6 +35,13 @@ class NonTypeTemplateParameter extends Literal, TemplateParameterImpl {
|
||||
override string getAPrimaryQlClass() { result = "NonTypeTemplateParameter" }
|
||||
}
|
||||
|
||||
/**
|
||||
* A C++ `typename` (or `class`) template parameter.
|
||||
*
|
||||
* DEPRECATED: Use `TypeTemplateParameter` instead.
|
||||
*/
|
||||
deprecated class TemplateParameter = TypeTemplateParameter;
|
||||
|
||||
/**
|
||||
* A C++ `typename` (or `class`) template parameter.
|
||||
*
|
||||
|
||||
@@ -1,5 +1,59 @@
|
||||
import semmle.code.cpp.Type
|
||||
|
||||
/** For upgraded databases without mangled name info. */
|
||||
pragma[noinline]
|
||||
private string getTopLevelClassName(@usertype c) {
|
||||
not mangled_name(_, _, _) and
|
||||
isClass(c) and
|
||||
usertypes(c, result, _) and
|
||||
not namespacembrs(_, c) and // not in a namespace
|
||||
not member(_, _, c) and // not in some structure
|
||||
not class_instantiation(c, _) // not a template instantiation
|
||||
}
|
||||
|
||||
/**
|
||||
* For upgraded databases without mangled name info.
|
||||
* Holds if `d` is a unique complete class named `name`.
|
||||
*/
|
||||
pragma[noinline]
|
||||
private predicate existsCompleteWithName(string name, @usertype d) {
|
||||
not mangled_name(_, _, _) and
|
||||
is_complete(d) and
|
||||
name = getTopLevelClassName(d) and
|
||||
onlyOneCompleteClassExistsWithName(name)
|
||||
}
|
||||
|
||||
/** For upgraded databases without mangled name info. */
|
||||
pragma[noinline]
|
||||
private predicate onlyOneCompleteClassExistsWithName(string name) {
|
||||
not mangled_name(_, _, _) and
|
||||
strictcount(@usertype c | is_complete(c) and getTopLevelClassName(c) = name) = 1
|
||||
}
|
||||
|
||||
/**
|
||||
* For upgraded databases without mangled name info.
|
||||
* Holds if `c` is an incomplete class named `name`.
|
||||
*/
|
||||
pragma[noinline]
|
||||
private predicate existsIncompleteWithName(string name, @usertype c) {
|
||||
not mangled_name(_, _, _) and
|
||||
not is_complete(c) and
|
||||
name = getTopLevelClassName(c)
|
||||
}
|
||||
|
||||
/**
|
||||
* For upgraded databases without mangled name info.
|
||||
* Holds if `c` is an incomplete class, and there exists a unique complete class `d`
|
||||
* with the same name.
|
||||
*/
|
||||
private predicate oldHasCompleteTwin(@usertype c, @usertype d) {
|
||||
not mangled_name(_, _, _) and
|
||||
exists(string name |
|
||||
existsIncompleteWithName(name, c) and
|
||||
existsCompleteWithName(name, d)
|
||||
)
|
||||
}
|
||||
|
||||
pragma[noinline]
|
||||
private @mangledname getClassMangledName(@usertype c) {
|
||||
isClass(c) and
|
||||
@@ -49,7 +103,10 @@ private module Cached {
|
||||
@usertype resolveClass(@usertype c) {
|
||||
hasCompleteTwin(c, result)
|
||||
or
|
||||
oldHasCompleteTwin(c, result)
|
||||
or
|
||||
not hasCompleteTwin(c, _) and
|
||||
not oldHasCompleteTwin(c, _) and
|
||||
result = c
|
||||
}
|
||||
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.6.4
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.6.3
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
3
cpp/ql/src/change-notes/released/1.6.4.md
Normal file
3
cpp/ql/src/change-notes/released/1.6.4.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 1.6.4
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.6.3
|
||||
lastReleaseVersion: 1.6.4
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/cpp-queries
|
||||
version: 1.6.4-dev
|
||||
version: 1.6.5-dev
|
||||
groups:
|
||||
- cpp
|
||||
- queries
|
||||
|
||||
@@ -1,14 +1,14 @@
|
||||
| file://:0:0:0:0 | E<C>'s friend | loop.cpp:5:26:5:26 | E<D> |
|
||||
| file://:0:0:0:0 | E<C>'s friend | loop.cpp:5:26:5:26 | E<T> |
|
||||
| file://:0:0:0:0 | E<C>'s friend | loop.cpp:5:26:5:29 | E<D> |
|
||||
| file://:0:0:0:0 | E<C>'s friend | loop.cpp:10:26:10:26 | F<D> |
|
||||
| file://:0:0:0:0 | E<C>'s friend | loop.cpp:10:26:10:26 | F<T> |
|
||||
| file://:0:0:0:0 | E<C>'s friend | loop.cpp:10:26:10:29 | F<D> |
|
||||
| file://:0:0:0:0 | E<D>'s friend | loop.cpp:5:26:5:26 | E<C> |
|
||||
| file://:0:0:0:0 | E<D>'s friend | loop.cpp:5:26:5:26 | E<T> |
|
||||
| file://:0:0:0:0 | E<D>'s friend | loop.cpp:5:26:5:29 | E<C> |
|
||||
| file://:0:0:0:0 | E<D>'s friend | loop.cpp:10:26:10:26 | F<D> |
|
||||
| file://:0:0:0:0 | E<D>'s friend | loop.cpp:10:26:10:26 | F<T> |
|
||||
| file://:0:0:0:0 | E<D>'s friend | loop.cpp:10:26:10:29 | F<D> |
|
||||
| file://:0:0:0:0 | F<D>'s friend | loop.cpp:5:26:5:26 | E<C> |
|
||||
| file://:0:0:0:0 | F<D>'s friend | loop.cpp:5:26:5:26 | E<D> |
|
||||
| file://:0:0:0:0 | F<D>'s friend | loop.cpp:5:26:5:26 | E<T> |
|
||||
| file://:0:0:0:0 | F<D>'s friend | loop.cpp:5:26:5:29 | E<C> |
|
||||
| file://:0:0:0:0 | F<D>'s friend | loop.cpp:5:26:5:29 | E<D> |
|
||||
| loop.cpp:6:5:6:5 | E<T>'s friend | loop.cpp:5:26:5:26 | E<T> |
|
||||
| loop.cpp:7:5:7:5 | E<T>'s friend | loop.cpp:7:36:7:36 | F<U> |
|
||||
| loop.cpp:11:5:11:5 | F<T>'s friend | loop.cpp:11:36:11:36 | E<U> |
|
||||
|
||||
@@ -664,7 +664,7 @@ namespace Semmle.Extraction.CSharp
|
||||
// Find the (possibly unbound) original extension method that maps to this implementation (if any).
|
||||
var unboundDeclaration = extensions.SelectMany(e => e.GetMembers())
|
||||
.OfType<IMethodSymbol>()
|
||||
.FirstOrDefault(m => SymbolEqualityComparer.Default.Equals(m.AssociatedExtensionImplementation?.ConstructedFrom, method.ConstructedFrom));
|
||||
.FirstOrDefault(m => SymbolEqualityComparer.Default.Equals(m.AssociatedExtensionImplementation, method.ConstructedFrom));
|
||||
|
||||
var isFullyConstructed = method.IsBoundGenericMethod();
|
||||
if (isFullyConstructed && unboundDeclaration?.ContainingType is INamedTypeSymbol extensionType)
|
||||
|
||||
@@ -69,7 +69,6 @@ namespace Semmle.Extraction.CSharp.Entities
|
||||
}
|
||||
|
||||
Overrides(trapFile);
|
||||
ExtractRefReturn(trapFile, Symbol, this);
|
||||
|
||||
if (Symbol.FromSource() && !HasBody)
|
||||
{
|
||||
|
||||
@@ -4,7 +4,7 @@ source https://api.nuget.org/v3/index.json
|
||||
# behave like nuget in choosing transitive dependency versions
|
||||
strategy: max
|
||||
|
||||
nuget Basic.CompilerLog.Util 0.9.39
|
||||
nuget Basic.CompilerLog.Util 0.9.25
|
||||
nuget Mono.Posix.NETStandard
|
||||
nuget Newtonsoft.Json
|
||||
nuget NuGet.Versioning
|
||||
@@ -12,7 +12,7 @@ nuget xunit
|
||||
nuget xunit.runner.visualstudio
|
||||
nuget xunit.runner.utility
|
||||
nuget Microsoft.NET.Test.Sdk
|
||||
nuget Microsoft.CodeAnalysis.CSharp 5.3.0
|
||||
nuget Microsoft.CodeAnalysis 5.3.0
|
||||
nuget Microsoft.Build 18.6.3
|
||||
nuget Microsoft.CodeAnalysis.CSharp 5.0.0
|
||||
nuget Microsoft.CodeAnalysis 5.0.0
|
||||
nuget Microsoft.Build 18.0.2
|
||||
nuget Microsoft.VisualStudio.SolutionPersistence
|
||||
|
||||
100
csharp/paket.lock
generated
100
csharp/paket.lock
generated
@@ -3,42 +3,45 @@ STRATEGY: MAX
|
||||
RESTRICTION: == net10.0
|
||||
NUGET
|
||||
remote: https://api.nuget.org/v3/index.json
|
||||
Basic.CompilerLog.Util (0.9.39)
|
||||
Basic.CompilerLog.Util (0.9.25)
|
||||
MessagePack (>= 3.1.4)
|
||||
Microsoft.Bcl.Memory (>= 10.0.7)
|
||||
Microsoft.Bcl.Memory (>= 9.0.10)
|
||||
Microsoft.CodeAnalysis (>= 4.8)
|
||||
Microsoft.CodeAnalysis.CSharp (>= 4.8)
|
||||
Microsoft.CodeAnalysis.VisualBasic (>= 4.8)
|
||||
Microsoft.Extensions.ObjectPool (>= 10.0.7)
|
||||
MSBuild.StructuredLogger (>= 2.3.178)
|
||||
Microsoft.Extensions.ObjectPool (>= 9.0.10)
|
||||
MSBuild.StructuredLogger (>= 2.3.71)
|
||||
NaturalSort.Extension (>= 4.4)
|
||||
NuGet.Versioning (>= 6.14)
|
||||
Humanizer.Core (3.0.10)
|
||||
MessagePack (3.1.6)
|
||||
MessagePack.Annotations (>= 3.1.6)
|
||||
MessagePackAnalyzer (>= 3.1.6)
|
||||
MessagePack (3.1.4)
|
||||
MessagePack.Annotations (>= 3.1.4)
|
||||
MessagePackAnalyzer (>= 3.1.4)
|
||||
Microsoft.NET.StringTools (>= 17.11.4)
|
||||
MessagePack.Annotations (3.1.6)
|
||||
MessagePackAnalyzer (3.1.6)
|
||||
MessagePack.Annotations (3.1.4)
|
||||
MessagePackAnalyzer (3.1.4)
|
||||
Microsoft.Bcl.AsyncInterfaces (10.0.8)
|
||||
Microsoft.Bcl.Memory (10.0.8)
|
||||
Microsoft.Build (18.6.3)
|
||||
Microsoft.Build.Framework (>= 18.6.3)
|
||||
System.Configuration.ConfigurationManager (>= 10.0.3)
|
||||
System.Diagnostics.EventLog (>= 10.0.3)
|
||||
System.Reflection.MetadataLoadContext (>= 10.0.3)
|
||||
System.Security.Cryptography.ProtectedData (>= 10.0.3)
|
||||
Microsoft.Build.Framework (18.6.3)
|
||||
Microsoft.NET.StringTools (>= 18.6.3)
|
||||
Microsoft.Build.Utilities.Core (18.6.3)
|
||||
Microsoft.Build.Framework (>= 18.6.3)
|
||||
System.Configuration.ConfigurationManager (>= 10.0.3)
|
||||
System.Diagnostics.EventLog (>= 10.0.3)
|
||||
System.Security.Cryptography.ProtectedData (>= 10.0.3)
|
||||
Microsoft.CodeAnalysis (5.3)
|
||||
Microsoft.Build (18.0.2)
|
||||
Microsoft.Build.Framework (>= 18.0.2)
|
||||
Microsoft.NET.StringTools (>= 18.0.2)
|
||||
System.Configuration.ConfigurationManager (>= 9.0)
|
||||
System.Diagnostics.EventLog (>= 9.0)
|
||||
System.Reflection.MetadataLoadContext (>= 9.0)
|
||||
System.Security.Cryptography.ProtectedData (>= 9.0.6)
|
||||
Microsoft.Build.Framework (18.4)
|
||||
Microsoft.Build.Utilities.Core (18.4)
|
||||
Microsoft.Build.Framework (>= 18.4)
|
||||
Microsoft.NET.StringTools (>= 18.4)
|
||||
System.Configuration.ConfigurationManager (>= 10.0.1)
|
||||
System.Diagnostics.EventLog (>= 10.0.1)
|
||||
System.Security.Cryptography.ProtectedData (>= 10.0.1)
|
||||
Microsoft.CodeAnalysis (5.0)
|
||||
Humanizer.Core (>= 2.14.1)
|
||||
Microsoft.Bcl.AsyncInterfaces (>= 9.0)
|
||||
Microsoft.CodeAnalysis.Analyzers (>= 5.3.0-2.25625.1)
|
||||
Microsoft.CodeAnalysis.CSharp.Workspaces (5.3)
|
||||
Microsoft.CodeAnalysis.VisualBasic.Workspaces (5.3)
|
||||
Microsoft.CodeAnalysis.Analyzers (>= 3.11)
|
||||
Microsoft.CodeAnalysis.CSharp.Workspaces (5.0)
|
||||
Microsoft.CodeAnalysis.VisualBasic.Workspaces (5.0)
|
||||
System.Buffers (>= 4.6)
|
||||
System.Collections.Immutable (>= 9.0)
|
||||
System.Composition (>= 9.0)
|
||||
@@ -51,36 +54,36 @@ NUGET
|
||||
System.Threading.Channels (>= 8.0)
|
||||
System.Threading.Tasks.Extensions (>= 4.6)
|
||||
Microsoft.CodeAnalysis.Analyzers (5.3)
|
||||
Microsoft.CodeAnalysis.Common (5.3)
|
||||
Microsoft.CodeAnalysis.Analyzers (>= 5.3.0-2.25625.1)
|
||||
Microsoft.CodeAnalysis.CSharp (5.3)
|
||||
Microsoft.CodeAnalysis.Analyzers (>= 5.3.0-2.25625.1)
|
||||
Microsoft.CodeAnalysis.Common (5.3)
|
||||
Microsoft.CodeAnalysis.CSharp.Workspaces (5.3)
|
||||
Microsoft.CodeAnalysis.Common (5.0)
|
||||
Microsoft.CodeAnalysis.Analyzers (>= 3.11)
|
||||
Microsoft.CodeAnalysis.CSharp (5.0)
|
||||
Microsoft.CodeAnalysis.Analyzers (>= 3.11)
|
||||
Microsoft.CodeAnalysis.Common (5.0)
|
||||
Microsoft.CodeAnalysis.CSharp.Workspaces (5.0)
|
||||
Humanizer.Core (>= 2.14.1)
|
||||
Microsoft.CodeAnalysis.Analyzers (>= 5.3.0-2.25625.1)
|
||||
Microsoft.CodeAnalysis.Common (5.3)
|
||||
Microsoft.CodeAnalysis.CSharp (5.3)
|
||||
Microsoft.CodeAnalysis.Workspaces.Common (5.3)
|
||||
Microsoft.CodeAnalysis.Analyzers (>= 3.11)
|
||||
Microsoft.CodeAnalysis.Common (5.0)
|
||||
Microsoft.CodeAnalysis.CSharp (5.0)
|
||||
Microsoft.CodeAnalysis.Workspaces.Common (5.0)
|
||||
System.Composition (>= 9.0)
|
||||
Microsoft.CodeAnalysis.VisualBasic (5.3)
|
||||
Microsoft.CodeAnalysis.Analyzers (>= 5.3.0-2.25625.1)
|
||||
Microsoft.CodeAnalysis.Common (5.3)
|
||||
Microsoft.CodeAnalysis.VisualBasic.Workspaces (5.3)
|
||||
Microsoft.CodeAnalysis.VisualBasic (5.0)
|
||||
Microsoft.CodeAnalysis.Analyzers (>= 3.11)
|
||||
Microsoft.CodeAnalysis.Common (5.0)
|
||||
Microsoft.CodeAnalysis.VisualBasic.Workspaces (5.0)
|
||||
Humanizer.Core (>= 2.14.1)
|
||||
Microsoft.CodeAnalysis.Analyzers (>= 5.3.0-2.25625.1)
|
||||
Microsoft.CodeAnalysis.Common (5.3)
|
||||
Microsoft.CodeAnalysis.VisualBasic (5.3)
|
||||
Microsoft.CodeAnalysis.Workspaces.Common (5.3)
|
||||
Microsoft.CodeAnalysis.Analyzers (>= 3.11)
|
||||
Microsoft.CodeAnalysis.Common (5.0)
|
||||
Microsoft.CodeAnalysis.VisualBasic (5.0)
|
||||
Microsoft.CodeAnalysis.Workspaces.Common (5.0)
|
||||
System.Composition (>= 9.0)
|
||||
Microsoft.CodeAnalysis.Workspaces.Common (5.3)
|
||||
Microsoft.CodeAnalysis.Workspaces.Common (5.0)
|
||||
Humanizer.Core (>= 2.14.1)
|
||||
Microsoft.CodeAnalysis.Analyzers (>= 5.3.0-2.25625.1)
|
||||
Microsoft.CodeAnalysis.Common (5.3)
|
||||
Microsoft.CodeAnalysis.Analyzers (>= 3.11)
|
||||
Microsoft.CodeAnalysis.Common (5.0)
|
||||
System.Composition (>= 9.0)
|
||||
Microsoft.CodeCoverage (18.5.1)
|
||||
Microsoft.Extensions.ObjectPool (10.0.8)
|
||||
Microsoft.NET.StringTools (18.6.3)
|
||||
Microsoft.NET.StringTools (18.4)
|
||||
Microsoft.NET.Test.Sdk (18.5.1)
|
||||
Microsoft.CodeCoverage (>= 18.5.1)
|
||||
Microsoft.TestPlatform.TestHost (>= 18.5.1)
|
||||
@@ -94,6 +97,7 @@ NUGET
|
||||
MSBuild.StructuredLogger (2.3.204)
|
||||
Microsoft.Build.Framework (>= 17.5)
|
||||
Microsoft.Build.Utilities.Core (>= 17.5)
|
||||
NaturalSort.Extension (4.4.1)
|
||||
Newtonsoft.Json (13.0.4)
|
||||
NuGet.Versioning (7.6)
|
||||
System.Buffers (4.6.1)
|
||||
|
||||
31
csharp/paket.main.bzl
generated
31
csharp/paket.main.bzl
generated
File diff suppressed because one or more lines are too long
@@ -1,3 +1,7 @@
|
||||
## 1.7.68
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.7.67
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -0,0 +1,3 @@
|
||||
## 1.7.68
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.7.67
|
||||
lastReleaseVersion: 1.7.68
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-solorigate-all
|
||||
version: 1.7.68-dev
|
||||
version: 1.7.69-dev
|
||||
groups:
|
||||
- csharp
|
||||
- solorigate
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.7.68
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.7.67
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -0,0 +1,3 @@
|
||||
## 1.7.68
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.7.67
|
||||
lastReleaseVersion: 1.7.68
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-solorigate-queries
|
||||
version: 1.7.68-dev
|
||||
version: 1.7.69-dev
|
||||
groups:
|
||||
- csharp
|
||||
- solorigate
|
||||
|
||||
@@ -22,6 +22,7 @@
|
||||
| [...]/csharp/tools/[...]/Microsoft.Win32.Primitives.dll |
|
||||
| [...]/csharp/tools/[...]/Microsoft.Win32.Registry.dll |
|
||||
| [...]/csharp/tools/[...]/Mono.Posix.NETStandard.dll |
|
||||
| [...]/csharp/tools/[...]/NaturalSort.Extension.dll |
|
||||
| [...]/csharp/tools/[...]/Newtonsoft.Json.dll |
|
||||
| [...]/csharp/tools/[...]/NuGet.Versioning.dll |
|
||||
| [...]/csharp/tools/[...]/StructuredLogger.dll |
|
||||
|
||||
@@ -1,3 +1,10 @@
|
||||
## 6.0.2
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Full support for C# 14 / .NET 10. All new language features are now supported by the extractor. The QL library and data flow analysis now support the new C# 14 language constructs and include generated Models as Data (MaD) models for the .NET 10 runtime.
|
||||
* C# 14: Added support for user-defined instance increment/decrement operators.
|
||||
|
||||
## 6.0.1
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* C# 14: Added support for user-defined instance increment/decrement operators.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Improved call target resolution for ref-return properties and indexers.
|
||||
@@ -1,4 +1,6 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
## 6.0.2
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Full support for C# 14 / .NET 10. All new language features are now supported by the extractor. The QL library and data flow analysis now support the new C# 14 language constructs and include generated Models as Data (MaD) models for the .NET 10 runtime.
|
||||
* C# 14: Added support for user-defined instance increment/decrement operators.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 6.0.1
|
||||
lastReleaseVersion: 6.0.2
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-all
|
||||
version: 6.0.2-dev
|
||||
version: 6.0.3-dev
|
||||
groups: csharp
|
||||
dbscheme: semmlecode.csharp.dbscheme
|
||||
extractor: csharp
|
||||
|
||||
@@ -766,16 +766,7 @@ class PropertyCall extends AccessorCall, PropertyAccessExpr {
|
||||
}
|
||||
|
||||
override Accessor getWriteTarget() {
|
||||
this instanceof AssignableWrite and
|
||||
exists(Property p | p = this.getProperty() |
|
||||
result = p.getSetter()
|
||||
or
|
||||
result =
|
||||
any(Getter g |
|
||||
g = p.getGetter() and
|
||||
g.getAnnotatedReturnType().isRef()
|
||||
)
|
||||
)
|
||||
this instanceof AssignableWrite and result = this.getProperty().getSetter()
|
||||
}
|
||||
|
||||
override Expr getArgument(int i) {
|
||||
@@ -810,16 +801,7 @@ class IndexerCall extends AccessorCall, IndexerAccessExpr {
|
||||
}
|
||||
|
||||
override Accessor getWriteTarget() {
|
||||
this instanceof AssignableWrite and
|
||||
exists(Indexer i | i = this.getIndexer() |
|
||||
result = i.getSetter()
|
||||
or
|
||||
result =
|
||||
any(Getter g |
|
||||
g = i.getGetter() and
|
||||
g.getAnnotatedReturnType().isRef()
|
||||
)
|
||||
)
|
||||
this instanceof AssignableWrite and result = this.getIndexer().getSetter()
|
||||
}
|
||||
|
||||
override Expr getArgument(int i) {
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.7.4
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.7.3
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
3
csharp/ql/src/change-notes/released/1.7.4.md
Normal file
3
csharp/ql/src/change-notes/released/1.7.4.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 1.7.4
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.7.3
|
||||
lastReleaseVersion: 1.7.4
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-queries
|
||||
version: 1.7.4-dev
|
||||
version: 1.7.5-dev
|
||||
groups:
|
||||
- csharp
|
||||
- queries
|
||||
|
||||
@@ -227,7 +227,7 @@ returnTypes
|
||||
| NullableRefTypes.cs:107:26:107:36 | ReturnsRef5 | readonly MyClass! |
|
||||
| NullableRefTypes.cs:108:26:108:36 | ReturnsRef6 | readonly MyClass! |
|
||||
| NullableRefTypes.cs:110:10:110:20 | Parameters1 | Void! |
|
||||
| NullableRefTypes.cs:113:32:113:44 | get_RefProperty | ref MyClass! |
|
||||
| NullableRefTypes.cs:113:32:113:44 | get_RefProperty | MyClass! |
|
||||
| NullableRefTypes.cs:116:7:116:23 | <object initializer> | Void |
|
||||
| NullableRefTypes.cs:116:7:116:23 | ToStringWithTypes | Void! |
|
||||
| NullableRefTypes.cs:136:7:136:24 | <object initializer> | Void |
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
class SBCS
|
||||
class SBCS
|
||||
{
|
||||
string sbcs = "<22>";
|
||||
string sbcs = "<22>";
|
||||
}
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
| indexers.cs:24:21:24:24 | Item | indexers.cs:62:22:62:29 | access to indexer | indexers.cs:26:13:26:15 | get_Item |
|
||||
| indexers.cs:24:21:24:24 | Item | indexers.cs:65:25:65:32 | access to indexer | indexers.cs:34:13:34:15 | set_Item |
|
||||
| indexers.cs:143:24:143:27 | Item | indexers.cs:156:13:156:16 | access to indexer | indexers.cs:145:13:145:15 | get_Item |
|
||||
| indexers.cs:143:24:143:27 | Item | indexers.cs:157:21:157:24 | access to indexer | indexers.cs:145:13:145:15 | get_Item |
|
||||
@@ -1,8 +0,0 @@
|
||||
import csharp
|
||||
|
||||
from IndexerCall ic, Indexer i, Accessor target
|
||||
where
|
||||
ic.getIndexer() = i and
|
||||
ic.getTarget() = target and
|
||||
i.fromSource()
|
||||
select i, ic, target
|
||||
@@ -360,57 +360,3 @@ indexers.cs:
|
||||
# 130| 4: [BlockStmt] {...}
|
||||
# 130| 0: [ReturnStmt] return ...;
|
||||
# 130| 0: [IntLiteral] 0
|
||||
# 134| 5: [RefStruct] S
|
||||
# 136| 6: [Field] x
|
||||
# 136| -1: [TypeMention] int
|
||||
# 138| 7: [InstanceConstructor] S
|
||||
#-----| 2: (Parameters)
|
||||
# 138| 0: [Parameter] v
|
||||
# 138| -1: [TypeMention] int
|
||||
# 139| 4: [BlockStmt] {...}
|
||||
# 140| 0: [ExprStmt] ...;
|
||||
# 140| 0: [AssignExpr] ... = ...
|
||||
# 140| 0: [FieldAccess] access to field x
|
||||
# 140| 1: [RefExpr] ref ...
|
||||
# 140| 0: [ParameterAccess] access to parameter v
|
||||
# 143| 8: [Indexer] Item
|
||||
# 143| -1: [TypeMention] int
|
||||
#-----| 1: (Parameters)
|
||||
# 143| 0: [Parameter] i
|
||||
# 143| -1: [TypeMention] int
|
||||
# 145| 3: [Getter] get_Item
|
||||
#-----| 2: (Parameters)
|
||||
# 143| 0: [Parameter] i
|
||||
# 145| 4: [BlockStmt] {...}
|
||||
# 145| 0: [ReturnStmt] return ...;
|
||||
# 145| 0: [RefExpr] ref ...
|
||||
# 145| 0: [FieldAccess] access to field x
|
||||
# 149| 6: [Class] TestRefReturns
|
||||
# 151| 6: [Method] M
|
||||
# 151| -1: [TypeMention] Void
|
||||
# 152| 4: [BlockStmt] {...}
|
||||
# 153| 0: [LocalVariableDeclStmt] ... ...;
|
||||
# 153| 0: [LocalVariableDeclAndInitExpr] Int32 a = ...
|
||||
# 153| -1: [TypeMention] int
|
||||
# 153| 0: [LocalVariableAccess] access to local variable a
|
||||
# 153| 1: [IntLiteral] 0
|
||||
# 155| 1: [LocalVariableDeclStmt] ... ...;
|
||||
# 155| 0: [LocalVariableDeclAndInitExpr] S s = ...
|
||||
# 155| -1: [TypeMention] S
|
||||
# 155| 0: [LocalVariableAccess] access to local variable s
|
||||
# 155| 1: [ObjectCreation] object creation of type S
|
||||
# 155| -1: [TypeMention] S
|
||||
# 155| 0: [LocalVariableAccess] access to local variable a
|
||||
# 156| 2: [ExprStmt] ...;
|
||||
# 156| 0: [AssignExpr] ... = ...
|
||||
# 156| 0: [IndexerCall] access to indexer
|
||||
# 156| -1: [LocalVariableAccess] access to local variable s
|
||||
# 156| 0: [IntLiteral] 0
|
||||
# 156| 1: [IntLiteral] 1
|
||||
# 157| 3: [LocalVariableDeclStmt] ... ...;
|
||||
# 157| 0: [LocalVariableDeclAndInitExpr] Int32 x = ...
|
||||
# 157| -1: [TypeMention] int
|
||||
# 157| 0: [LocalVariableAccess] access to local variable x
|
||||
# 157| 1: [IndexerCall] access to indexer
|
||||
# 157| -1: [LocalVariableAccess] access to local variable s
|
||||
# 157| 0: [IntLiteral] 0
|
||||
|
||||
@@ -130,31 +130,4 @@ namespace Indexers
|
||||
get { return 0; }
|
||||
}
|
||||
}
|
||||
|
||||
public ref struct S
|
||||
{
|
||||
private ref int x;
|
||||
|
||||
public S(ref int v)
|
||||
{
|
||||
x = ref v;
|
||||
}
|
||||
|
||||
public ref int this[int i]
|
||||
{
|
||||
get { return ref x; }
|
||||
}
|
||||
}
|
||||
|
||||
public class TestRefReturns
|
||||
{
|
||||
public void M()
|
||||
{
|
||||
int a = 0;
|
||||
|
||||
S s = new S(ref a);
|
||||
s[0] = 1;
|
||||
var x = s[0];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -246,50 +246,3 @@ properties.cs:
|
||||
# 133| 0: [FieldAccess] access to field Prop.field
|
||||
# 133| 1: [ParameterAccess] access to parameter value
|
||||
# 130| 7: [Field] Prop.field
|
||||
# 137| 11: [RefStruct] S
|
||||
# 139| 6: [Field] x
|
||||
# 139| -1: [TypeMention] int
|
||||
# 141| 7: [InstanceConstructor] S
|
||||
#-----| 2: (Parameters)
|
||||
# 141| 0: [Parameter] v
|
||||
# 141| -1: [TypeMention] int
|
||||
# 142| 4: [BlockStmt] {...}
|
||||
# 143| 0: [ExprStmt] ...;
|
||||
# 143| 0: [AssignExpr] ... = ...
|
||||
# 143| 0: [FieldAccess] access to field x
|
||||
# 143| 1: [RefExpr] ref ...
|
||||
# 143| 0: [ParameterAccess] access to parameter v
|
||||
# 146| 8: [Property] Prop
|
||||
# 146| -1: [TypeMention] int
|
||||
# 148| 3: [Getter] get_Prop
|
||||
# 148| 4: [BlockStmt] {...}
|
||||
# 148| 0: [ReturnStmt] return ...;
|
||||
# 148| 0: [RefExpr] ref ...
|
||||
# 148| 0: [FieldAccess] access to field x
|
||||
# 152| 12: [Class] TestRefReturns
|
||||
# 154| 6: [Method] M
|
||||
# 154| -1: [TypeMention] Void
|
||||
# 155| 4: [BlockStmt] {...}
|
||||
# 156| 0: [LocalVariableDeclStmt] ... ...;
|
||||
# 156| 0: [LocalVariableDeclAndInitExpr] Int32 a = ...
|
||||
# 156| -1: [TypeMention] int
|
||||
# 156| 0: [LocalVariableAccess] access to local variable a
|
||||
# 156| 1: [IntLiteral] 0
|
||||
# 158| 1: [LocalVariableDeclStmt] ... ...;
|
||||
# 158| 0: [LocalVariableDeclAndInitExpr] S s = ...
|
||||
# 158| -1: [TypeMention] S
|
||||
# 158| 0: [LocalVariableAccess] access to local variable s
|
||||
# 158| 1: [ObjectCreation] object creation of type S
|
||||
# 158| -1: [TypeMention] S
|
||||
# 158| 0: [LocalVariableAccess] access to local variable a
|
||||
# 159| 2: [ExprStmt] ...;
|
||||
# 159| 0: [AssignExpr] ... = ...
|
||||
# 159| 0: [PropertyCall] access to property Prop
|
||||
# 159| -1: [LocalVariableAccess] access to local variable s
|
||||
# 159| 1: [IntLiteral] 1
|
||||
# 160| 3: [LocalVariableDeclStmt] ... ...;
|
||||
# 160| 0: [LocalVariableDeclAndInitExpr] Int32 x = ...
|
||||
# 160| -1: [TypeMention] int
|
||||
# 160| 0: [LocalVariableAccess] access to local variable x
|
||||
# 160| 1: [PropertyCall] access to property Prop
|
||||
# 160| -1: [LocalVariableAccess] access to local variable s
|
||||
|
||||
@@ -1,6 +1,5 @@
|
||||
| Prop.field |
|
||||
| caption |
|
||||
| next |
|
||||
| x |
|
||||
| y |
|
||||
| z |
|
||||
|
||||
@@ -1,8 +0,0 @@
|
||||
| properties.cs:12:23:12:29 | Caption | properties.cs:29:13:29:28 | access to property Caption | properties.cs:17:13:17:15 | set_Caption |
|
||||
| properties.cs:12:23:12:29 | Caption | properties.cs:30:24:30:39 | access to property Caption | properties.cs:15:13:15:15 | get_Caption |
|
||||
| properties.cs:57:20:57:20 | X | properties.cs:61:13:61:13 | access to property X | properties.cs:57:37:57:39 | set_X |
|
||||
| properties.cs:58:20:58:20 | Y | properties.cs:62:13:62:13 | access to property Y | properties.cs:58:37:58:39 | set_Y |
|
||||
| properties.cs:70:28:70:28 | X | properties.cs:82:46:82:51 | access to property X | properties.cs:70:32:70:34 | get_X |
|
||||
| properties.cs:71:28:71:28 | Y | properties.cs:83:39:83:44 | access to property Y | properties.cs:74:13:74:15 | set_Y |
|
||||
| properties.cs:146:24:146:27 | Prop | properties.cs:159:13:159:18 | access to property Prop | properties.cs:148:13:148:15 | get_Prop |
|
||||
| properties.cs:146:24:146:27 | Prop | properties.cs:160:21:160:26 | access to property Prop | properties.cs:148:13:148:15 | get_Prop |
|
||||
@@ -1,8 +0,0 @@
|
||||
import csharp
|
||||
|
||||
from PropertyCall pc, Property p, Accessor target
|
||||
where
|
||||
pc.getProperty() = p and
|
||||
pc.getTarget() = target and
|
||||
p.fromSource()
|
||||
select p, pc, target
|
||||
@@ -133,31 +133,4 @@ namespace Properties
|
||||
set { field = value; }
|
||||
}
|
||||
}
|
||||
|
||||
public ref struct S
|
||||
{
|
||||
private ref int x;
|
||||
|
||||
public S(ref int v)
|
||||
{
|
||||
x = ref v;
|
||||
}
|
||||
|
||||
public ref int Prop
|
||||
{
|
||||
get { return ref x; }
|
||||
}
|
||||
}
|
||||
|
||||
public class TestRefReturns
|
||||
{
|
||||
public void M()
|
||||
{
|
||||
int a = 0;
|
||||
|
||||
S s = new S(ref a);
|
||||
s.Prop = 1;
|
||||
var x = s.Prop;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,2 +1,3 @@
|
||||
| Quality.cs:26:19:26:26 | access to indexer | Call without target $@. | Quality.cs:26:19:26:26 | access to indexer | access to indexer |
|
||||
| Quality.cs:29:21:29:27 | access to indexer | Call without target $@. | Quality.cs:29:21:29:27 | access to indexer | access to indexer |
|
||||
| Quality.cs:32:9:32:21 | access to indexer | Call without target $@. | Quality.cs:32:9:32:21 | access to indexer | access to indexer |
|
||||
|
||||
@@ -9,5 +9,6 @@
|
||||
| Quality.cs:23:9:23:30 | delegate call | Call without target $@. | Quality.cs:23:9:23:30 | delegate call | delegate call |
|
||||
| Quality.cs:26:19:26:26 | access to indexer | Call without target $@. | Quality.cs:26:19:26:26 | access to indexer | access to indexer |
|
||||
| Quality.cs:29:21:29:27 | access to indexer | Call without target $@. | Quality.cs:29:21:29:27 | access to indexer | access to indexer |
|
||||
| Quality.cs:32:9:32:21 | access to indexer | Call without target $@. | Quality.cs:32:9:32:21 | access to indexer | access to indexer |
|
||||
| Quality.cs:38:16:38:26 | access to property MyProperty2 | Call without target $@. | Quality.cs:38:16:38:26 | access to property MyProperty2 | access to property MyProperty2 |
|
||||
| Quality.cs:50:20:50:26 | object creation of type T | Call without target $@. | Quality.cs:50:20:50:26 | object creation of type T | object creation of type T |
|
||||
|
||||
@@ -29,7 +29,7 @@ public class Test
|
||||
var slice = sp[..3]; // TODO: this is not an indexer call, but rather a `sp.Slice(0, 3)` call.
|
||||
|
||||
Span<byte> guidBytes = stackalloc byte[16];
|
||||
guidBytes[08] = 1;
|
||||
guidBytes[08] = 1; // TODO: this indexer call has no target, because the target is a `ref` returning getter.
|
||||
|
||||
new MyList([new(), new Test()]);
|
||||
}
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.0.51
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.0.50
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -0,0 +1,3 @@
|
||||
## 1.0.51
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.0.50
|
||||
lastReleaseVersion: 1.0.51
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql-go-consistency-queries
|
||||
version: 1.0.51-dev
|
||||
version: 1.0.52-dev
|
||||
groups:
|
||||
- go
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 7.1.2
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 7.1.1
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
3
go/ql/lib/change-notes/released/7.1.2.md
Normal file
3
go/ql/lib/change-notes/released/7.1.2.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 7.1.2
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 7.1.1
|
||||
lastReleaseVersion: 7.1.2
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/go-all
|
||||
version: 7.1.2-dev
|
||||
version: 7.1.3-dev
|
||||
groups: go
|
||||
dbscheme: go.dbscheme
|
||||
extractor: go
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.6.4
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.6.3
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
3
go/ql/src/change-notes/released/1.6.4.md
Normal file
3
go/ql/src/change-notes/released/1.6.4.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 1.6.4
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.6.3
|
||||
lastReleaseVersion: 1.6.4
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/go-queries
|
||||
version: 1.6.4-dev
|
||||
version: 1.6.5-dev
|
||||
groups:
|
||||
- go
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,9 @@
|
||||
## 9.1.2
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added LLM-generated source and sink models for `org.apache.avro`.
|
||||
|
||||
## 9.1.1
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
## 9.1.2
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added LLM-generated source and sink models for `org.apache.avro`.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 9.1.1
|
||||
lastReleaseVersion: 9.1.2
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/java-all
|
||||
version: 9.1.2-dev
|
||||
version: 9.1.3-dev
|
||||
groups: java
|
||||
dbscheme: config/semmlecode.dbscheme
|
||||
extractor: java
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.11.4
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.11.3
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
3
java/ql/src/change-notes/released/1.11.4.md
Normal file
3
java/ql/src/change-notes/released/1.11.4.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 1.11.4
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.11.3
|
||||
lastReleaseVersion: 1.11.4
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/java-queries
|
||||
version: 1.11.4-dev
|
||||
version: 1.11.5-dev
|
||||
groups:
|
||||
- java
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,9 @@
|
||||
## 2.7.2
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The sensitive data heuristics used to identify code that handles passwords and private data have been improved. Most of the changes permit more variations of established patterns, thereby finding more sensitive data. Queries that use the sensitive data library (for example `js/clear-text-logging`) may find more correct results and fewer false positive results after these changes.
|
||||
|
||||
## 2.7.1
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
## 2.7.2
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The sensitive data heuristics used to identify code that handles passwords and private data have been improved. Most of the changes permit more variations of established patterns, thereby finding more sensitive data. Queries that use the sensitive data library (for example `js/clear-text-logging`) may find more correct results and fewer false positive results after these changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 2.7.1
|
||||
lastReleaseVersion: 2.7.2
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/javascript-all
|
||||
version: 2.7.2-dev
|
||||
version: 2.7.3-dev
|
||||
groups: javascript
|
||||
dbscheme: semmlecode.javascript.dbscheme
|
||||
extractor: javascript
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 2.3.11
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 2.3.10
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
3
javascript/ql/src/change-notes/released/2.3.11.md
Normal file
3
javascript/ql/src/change-notes/released/2.3.11.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 2.3.11
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 2.3.10
|
||||
lastReleaseVersion: 2.3.11
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user