profile
viewpoint
Max Schaefer max-schaefer @Semmle and @github Oxford, UK

github/codeql-go 57

The CodeQL extractor and libraries for Go.

max-schaefer/codeql-go 0

The CodeQL extractor and libraries for Go.

max-schaefer/govim 0

govim is a Go development plugin for Vim8, written in Go

max-schaefer/pannellum 0

Pannellum is a lightweight, free, and open source panorama viewer for the web.

max-schaefer/ql 0

The standard QL libraries and queries that power LGTM.com and other Semmle Products

max-schaefer/serialize-to-js 0

serialize objects to javascript

max-schaefer/test-repo 0

A repository for testing various features of LGTM.com

push eventmax-schaefer/codeql-go

Shati Patel

commit sha 6b0f8a408809f4b733b0a08247d7d1f1381381ff

Mention cookbook queries in 1.24 changenotes

view details

Max Schaefer

commit sha c47f9da0f9d83602522905bfaac98e821fb04782

Merge pull request #241 from shati/cookbook-changenotes Mention Go cookbook queries in 1.24 change notes

view details

push time in 3 hours

push eventgithub/codeql-go

Shati Patel

commit sha 6b0f8a408809f4b733b0a08247d7d1f1381381ff

Mention cookbook queries in 1.24 changenotes

view details

Max Schaefer

commit sha c47f9da0f9d83602522905bfaac98e821fb04782

Merge pull request #241 from shati/cookbook-changenotes Mention Go cookbook queries in 1.24 change notes

view details

push time in 3 hours

push eventmax-schaefer/ql

Max Schaefer

commit sha bad4f369b91091bc01e4816f587701be31264613

JavaScript: Distinguish `{lo}` and `{lo,}` in the regular expression parser.

view details

push time in 9 hours

create barnchmax-schaefer/codeql-go

branch : update-data-flow

created branch time in 9 hours

pull request commentgithub/codeql-go

Add library overview

Comments addressed; here in an updated preview.

Unfortunately now that I've increased their resolution, the PNGs are huge.

max-schaefer

comment created time in 9 hours

push eventmax-schaefer/codeql-go

Max Schaefer

commit sha ec9ba8aa7ff3462de1752473545de49fedae9d99

Address review comments.

view details

push time in 10 hours

push eventmax-schaefer/codeql-go

Max Schaefer

commit sha 5cd4c1112b05d07411134c4321312941ae8bfbc7

Address review comments.

view details

push time in 10 hours

Pull request review commentSemmle/ql

JavaScript: Distinguish `{lo}` and `{lo,}` in the regular expression parser.

+/a{1}/;+/a{1,}/;+/a{1,5}/;

Apparently we treat a missing lower bound as zero, which is not how v8 handles it. That is, however, orthogonal to this PR.

max-schaefer

comment created time in 10 hours

push eventmax-schaefer/ql

Max Schaefer

commit sha cd1b5ca2cc7e5ce71859044a2af830118ae2066f

JavaScript: Distinguish `{lo}` and `{lo,}` in the regular expression parser.

view details

push time in 10 hours

Pull request review commentSemmle/ql

JavaScript: Distinguish `{lo}` and `{lo,}` in the regular expression parser.

+/a{1}/;+/a{1,}/;+/a{1,5}/;

And indeed I'm wrong, we are more lenient than the ECMAScript standard. Yay, us!

max-schaefer

comment created time in 10 hours

Pull request review commentSemmle/ql

JavaScript: Distinguish `{lo}` and `{lo,}` in the regular expression parser.

+/a{1}/;+/a{1,}/;+/a{1,5}/;

But I may be wrong, let me check...

max-schaefer

comment created time in 10 hours

Pull request review commentSemmle/ql

JavaScript: Distinguish `{lo}` and `{lo,}` in the regular expression parser.

+/a{1}/;+/a{1,}/;+/a{1,5}/;

That's a syntax error, I believe.

max-schaefer

comment created time in 10 hours

push eventmax-schaefer/codeql-go

Max Schaefer

commit sha f60b5daf9487cce6319808166b2220fe30354610

Apply suggestions from code review Co-Authored-By: Shati Patel <42641846+shati-patel@users.noreply.github.com> Co-Authored-By: Sauyon Lee <sauyon@github.com>

view details

push time in 10 hours

Pull request review commentgithub/codeql-go

Add library overview

+Introducing the CodeQL libraries for Go+=======================================++Overview+--------++CodeQL ships with an extensive library for analyzing Go code.  The classes in this library present+the data from a CodeQL database in an object-oriented form and provide abstractions and predicates+to help you with common analysis tasks.++The library is implemented as a set of QL modules, that is, files with the extension ``.qll``. The+module ``go.qll`` imports most other standard library modules, so you can include the complete+library by beginning your query with:++.. code-block:: ql++   import go++Broadly speaking, the CodeQL library for Go provides two views of a Go code base: at the `syntactic+level`, source code is represented as an `abstract syntax tree+<https://wikipedia.org/wiki/Abstract_syntax_tree>`__ (AST), while at the `data-flow level` it is+represented as a `data-flow graph <https://en.wikipedia.org/wiki/Data-flow_analysis>`__ (DFG). In+between, there is also an intermediate representation of the program as a control-flow graph (CFG),+though this representation is rarely useful on its own and mostly used to construct the higher-level+DFG representation.++The AST representation captures the syntactic structure of the program. You can use it to reason+about syntactic properties such as the nesting of statements within each other, but also about the+types of expressions and which variable a name refers to.++The DFG, on the other hand, provides an approximation of how data flows through variables and+operations at runtime. It is used, for example, by the security queries to model the way+user-controlled input can propagate through the program. Additionally, the DFG contains information+about which function may be invoked by a given call (taking virtual dispatch through interfaces into+account), as well as control-flow information about the order in which different operations may be+executed at runtime.++The rest of this tutorial briefly summarizes the most important classes and predicates provided by+this library, including references to the `detailed API documentation+<https://help.semmle.com/qldoc/go/>`__ where applicable. We start by giving an overview of the AST+representation, followed by an explanation of names and entities, which are used to represent+name-binding information, and of types and type information. Then we move on to control flow and the+data-flow graph, and finally the call graph and a few advanced topics.++Abstract syntax+---------------++The AST presents the program as a hierarchical structure of nodes, each of which corresponds to a+syntactic element of the program source text. For example, there is an AST node for each expression+and each statement in the program. These AST nodes are arranged into a parent-child relationship+reflecting the nesting of syntactic elements and the order in which inner elements appear in+enclosing ones.++For example, this is the AST for the expression ``(x + y) * z``:++|ast|++It is composed of six AST nodes, representing ``x``, ``y``, ``x + y``, ``(x + y)``, ``z`` and the+entire expression ``(x + y) * z``, respectively. The AST nodes representing ``x`` and ``y`` are+children of the AST node representing ``x + y``, ``x`` being the zeroth child and ``y`` being the+first child, reflecting their order in the program text. Similarly, ``x + y`` is the only child of+``(x + y)``, which is the zeroth child of ``(x + y) * z``, whose first child is ``z``.++All AST nodes belong to class `AstNode+<https://help.semmle.com/qldoc/go/semmle/go/AST.qll/type.AST$AstNode.html>`__, which defines generic+tree traversal predicates:++-  ``getChild(i)``: returns the ``i``\ th child of this AST node.+-  ``getAChild()``: returns any child of this AST node.+-  ``getParent()``: returns the parent node of this AST node, if any.++These predicates should only be used to perform generic AST traversal. To access children of+specific AST node types, the specialized predicates introduced below should be used instead. In+particular, queries should not rely on the numeric indices of child nodes relative to their parent+nodes: these are considered an implementation detail that may change between versions of the+library.++The predicate ``toString()`` in class ``AstNode`` nodes gives a short description of the AST node,+usually just indicating what kind of node it is. The ``toString()`` predicate does `not` provide+access to the source text corresponding to an AST node. The source text is not stored in the+dataset, and hence is not directly accessible to CodeQL queries.++The predicate ``getLocation()`` in class ``AstNode`` returns a `Location+<https://help.semmle.com/qldoc/go/semmle/go/Locations.qll/type.Locations$Location.html>`__ entity+describing the source location of the program element represented by the AST node. You can use its+member predicates ``getFile()``, ``getStartLine()``, ``getStartColumn``, ``getEndLine()``, and+``getEndColumn()`` to obtain information about its file, start line and column, and end line and+column.++The most important subclasses of `AstNode+<https://help.semmle.com/qldoc/go/semmle/go/AST.qll/type.AST$AstNode.html>`__ are `Stmt+<https://help.semmle.com/qldoc/go/semmle/go/Stmt.qll/type.Stmt$Stmt.html>`__ and `Expr+<https://help.semmle.com/qldoc/go/semmle/go/Expr.qll/type.Expr$Expr.html>`__, which represent+statements and expressions, respectively. This section briefly discusses some of their more+important subclasses and predicates. For a full reference of all the subclasses of `Stmt+<https://help.semmle.com/qldoc/go/semmle/go/Stmt.qll/type.Stmt$Stmt.html>`__ and `Expr+<https://help.semmle.com/qldoc/go/semmle/go/Expr.qll/type.Expr$Expr.html>`__ and their API, see+`Stmt.qll <https://help.semmle.com/qldoc/go/semmle/go/Stmt.qll/module.Stmt.html>`__ and `Expr.qll+<https://help.semmle.com/qldoc/go/semmle/go/Expr.qll/module.Expr.html>`__.++Statements+~~~~~~~~~~++- ``ExprStmt``: an expression statement; use ``getExpr()`` to access the expression itself+- ``Assignment``: an assignment statement; use ``getLhs(i)`` to access the ``i``\ th left-hand side+  and ``getRhs(i)`` to access the ``i``\ th right-hand side; if there is only a single left-hand side+  you can use ``getLhs()`` instead, and similar for the right-hand side++  - ``SimpleAssignStmt``: an assignment statement that does not involve a compound operator++    - ``AssignStmt``: a plain assignment statement of the form ``lhs = rhs``+    - ``DefineStmt``: a short-hand variable declaration of the form ``lhs := rhs``++  - ``CompoundAssignStmt``: an assignment statement with a compound operator, such as ``lhs += rhs``++- ``IncStmt``, ``DecStmt``: an increment statement or a decrement statement, respectively; use+  ``getExpr()`` to access the expression being incremented or decremented+- ``BlockStmt``: a block of statements between curly braces; use ``getStmt(i)`` to access the+  ``i``\ th statement in a block+- ``IfStmt``: an ``if`` statement; use ``getInit()``, ``getCond()``, ``getThen()``, and+  ``getElse()`` to access the (optional) init statement, the condition being checked, the "then"+  branch to evaluate if the condition is true, and the (optional) "else" branch to evaluate+  otherwise, respectively+- ``LoopStmt``: a loop; use ``getBody()`` to access its body++  - ``ForStmt``: a ``for`` statement; use ``getInit()``, ``getCond()``, and ``getPost()`` to access+    the init statement, loop condition and post statement, respectively, all of which are optional++  - ``RangeStmt``: a ``range`` statement; use ``getDomain()`` to access the iteration domain, and+    ``getKey()`` and ``getValue()`` to access the expressions to which successive keys and values+    are assigned, if any++- ``GoStmt``: a ``go`` statement; use ``getCall()`` to access the call expression that is evaluated+  in the new goroutine+- ``DeferStmt``: a ``defer`` statement; use ``getCall()`` to access the call expression being+  deferred+- ``SendStmt``: a send statement; use ``getChannel()`` and ``getValue()`` to access the channel and+  the value being sent over the channel, respectively+- ``ReturnStmt``: a ``return`` statement; use ``getExpr(i)`` to access the ``i``\ th returned+  expression; if there is only a single returned expression you can use ``getExpr()`` instead+- ``BranchStmt``: a statement that interrupts structured control flow; use ``getLabel()`` to get the+  optional target label++  - ``BreakStmt``: a ``break`` statement+  - ``ContinueStmt``: a ``continue`` statement+  - ``FallthroughStmt``: a ``fallthrough`` statement at the end of a switch case+  - ``GotoStmt``: a ``goto`` statement++- ``DeclStmt``: a declaration statement, use ``getDecl()`` to access the declaration in this+  statement; note that one rarely needs to deal with declaration statements directly, since+  reasoning about the entities they declare is usually easier+- ``SwitchStmt``: a ``switch`` statement; use ``getInit()`` to access the (optional) init statement,+  and ``getCase(i)`` to access the ``i``\ th ``case`` or ``default`` clause++  - ``ExprSwitchStmt``: a ``switch`` statement examining the value of an expression

It has not; excellent catch!

max-schaefer

comment created time in 10 hours

Pull request review commentgithub/codeql-go

Add library overview

+Introducing the CodeQL libraries for Go+=======================================++Overview+--------++CodeQL ships with an extensive library for analyzing Go code.  The classes in this library present+the data from a CodeQL database in an object-oriented form and provide abstractions and predicates+to help you with common analysis tasks.++The library is implemented as a set of QL modules, that is, files with the extension ``.qll``. The+module ``go.qll`` imports most other standard library modules, so you can include the complete+library by beginning your query with:++.. code-block:: ql++   import go++Broadly speaking, the CodeQL library for Go provides two views of a Go code base: at the `syntactic+level`, source code is represented as an `abstract syntax tree+<https://wikipedia.org/wiki/Abstract_syntax_tree>`__ (AST), while at the `data-flow level` it is+represented as a `data-flow graph <https://en.wikipedia.org/wiki/Data-flow_analysis>`__ (DFG). In+between, there is also an intermediate representation of the program as a control-flow graph (CFG),+though this representation is rarely useful on its own and mostly used to construct the higher-level+DFG representation.++The AST representation captures the syntactic structure of the program. You can use it to reason+about syntactic properties such as the nesting of statements within each other, but also about the+types of expressions and which variable a name refers to.++The DFG, on the other hand, provides an approximation of how data flows through variables and+operations at runtime. It is used, for example, by the security queries to model the way+user-controlled input can propagate through the program. Additionally, the DFG contains information+about which function may be invoked by a given call (taking virtual dispatch through interfaces into+account), as well as control-flow information about the order in which different operations may be+executed at runtime.++The rest of this tutorial briefly summarizes the most important classes and predicates provided by+this library, including references to the `detailed API documentation+<https://help.semmle.com/qldoc/go/>`__ where applicable. We start by giving an overview of the AST+representation, followed by an explanation of names and entities, which are used to represent+name-binding information, and of types and type information. Then we move on to control flow and the+data-flow graph, and finally the call graph and a few advanced topics.++Abstract syntax+---------------++The AST presents the program as a hierarchical structure of nodes, each of which corresponds to a+syntactic element of the program source text. For example, there is an AST node for each expression+and each statement in the program. These AST nodes are arranged into a parent-child relationship+reflecting the nesting of syntactic elements and the order in which inner elements appear in+enclosing ones.++For example, this is the AST for the expression ``(x + y) * z``:++|ast|++It is composed of six AST nodes, representing ``x``, ``y``, ``x + y``, ``(x + y)``, ``z`` and the+entire expression ``(x + y) * z``, respectively. The AST nodes representing ``x`` and ``y`` are+children of the AST node representing ``x + y``, ``x`` being the zeroth child and ``y`` being the+first child, reflecting their order in the program text. Similarly, ``x + y`` is the only child of+``(x + y)``, which is the zeroth child of ``(x + y) * z``, whose first child is ``z``.++All AST nodes belong to class `AstNode+<https://help.semmle.com/qldoc/go/semmle/go/AST.qll/type.AST$AstNode.html>`__, which defines generic+tree traversal predicates:++-  ``getChild(i)``: returns the ``i``\ th child of this AST node.+-  ``getAChild()``: returns any child of this AST node.+-  ``getParent()``: returns the parent node of this AST node, if any.++These predicates should only be used to perform generic AST traversal. To access children of+specific AST node types, the specialized predicates introduced below should be used instead. In+particular, queries should not rely on the numeric indices of child nodes relative to their parent+nodes: these are considered an implementation detail that may change between versions of the+library.++The predicate ``toString()`` in class ``AstNode`` nodes gives a short description of the AST node,+usually just indicating what kind of node it is. The ``toString()`` predicate does `not` provide+access to the source text corresponding to an AST node. The source text is not stored in the+dataset, and hence is not directly accessible to CodeQL queries.++The predicate ``getLocation()`` in class ``AstNode`` returns a `Location+<https://help.semmle.com/qldoc/go/semmle/go/Locations.qll/type.Locations$Location.html>`__ entity+describing the source location of the program element represented by the AST node. You can use its+member predicates ``getFile()``, ``getStartLine()``, ``getStartColumn``, ``getEndLine()``, and+``getEndColumn()`` to obtain information about its file, start line and column, and end line and+column.++The most important subclasses of `AstNode+<https://help.semmle.com/qldoc/go/semmle/go/AST.qll/type.AST$AstNode.html>`__ are `Stmt+<https://help.semmle.com/qldoc/go/semmle/go/Stmt.qll/type.Stmt$Stmt.html>`__ and `Expr+<https://help.semmle.com/qldoc/go/semmle/go/Expr.qll/type.Expr$Expr.html>`__, which represent+statements and expressions, respectively. This section briefly discusses some of their more+important subclasses and predicates. For a full reference of all the subclasses of `Stmt+<https://help.semmle.com/qldoc/go/semmle/go/Stmt.qll/type.Stmt$Stmt.html>`__ and `Expr+<https://help.semmle.com/qldoc/go/semmle/go/Expr.qll/type.Expr$Expr.html>`__ and their API, see+`Stmt.qll <https://help.semmle.com/qldoc/go/semmle/go/Stmt.qll/module.Stmt.html>`__ and `Expr.qll+<https://help.semmle.com/qldoc/go/semmle/go/Expr.qll/module.Expr.html>`__.++Statements+~~~~~~~~~~++- ``ExprStmt``: an expression statement; use ``getExpr()`` to access the expression itself+- ``Assignment``: an assignment statement; use ``getLhs(i)`` to access the ``i``\ th left-hand side+  and ``getRhs(i)`` to access the ``i``\ th right-hand side; if there is only a single left-hand side+  you can use ``getLhs()`` instead, and similar for the right-hand side++  - ``SimpleAssignStmt``: an assignment statement that does not involve a compound operator++    - ``AssignStmt``: a plain assignment statement of the form ``lhs = rhs``+    - ``DefineStmt``: a short-hand variable declaration of the form ``lhs := rhs``++  - ``CompoundAssignStmt``: an assignment statement with a compound operator, such as ``lhs += rhs``++- ``IncStmt``, ``DecStmt``: an increment statement or a decrement statement, respectively; use+  ``getExpr()`` to access the expression being incremented or decremented

I agree; I'll just change it.

max-schaefer

comment created time in 10 hours

Pull request review commentgithub/codeql-go

Add library overview

+Introducing the CodeQL libraries for Go+=======================================++Overview+--------++CodeQL ships with an extensive library for analyzing Go code.  The classes in this library present+the data from a CodeQL database in an object-oriented form and provide abstractions and predicates+to help you with common analysis tasks.++The library is implemented as a set of QL modules, that is, files with the extension ``.qll``. The+module ``go.qll`` imports most other standard library modules, so you can include the complete+library by beginning your query with:++.. code-block:: ql++   import go++Broadly speaking, the CodeQL library for Go provides two views of a Go code base: at the `syntactic+level`, source code is represented as an `abstract syntax tree+<https://wikipedia.org/wiki/Abstract_syntax_tree>`__ (AST), while at the `data-flow level` it is+represented as a `data-flow graph <https://en.wikipedia.org/wiki/Data-flow_analysis>`__ (DFG). In+between, there is also an intermediate representation of the program as a control-flow graph (CFG),+though this representation is rarely useful on its own and mostly used to construct the higher-level+DFG representation.++The AST representation captures the syntactic structure of the program. You can use it to reason+about syntactic properties such as the nesting of statements within each other, but also about the+types of expressions and which variable a name refers to.++The DFG, on the other hand, provides an approximation of how data flows through variables and+operations at runtime. It is used, for example, by the security queries to model the way+user-controlled input can propagate through the program. Additionally, the DFG contains information+about which function may be invoked by a given call (taking virtual dispatch through interfaces into+account), as well as control-flow information about the order in which different operations may be+executed at runtime.++The rest of this tutorial briefly summarizes the most important classes and predicates provided by+this library, including references to the `detailed API documentation+<https://help.semmle.com/qldoc/go/>`__ where applicable. We start by giving an overview of the AST+representation, followed by an explanation of names and entities, which are used to represent+name-binding information, and of types and type information. Then we move on to control flow and the+data-flow graph, and finally the call graph and a few advanced topics.++Abstract syntax+---------------++The AST presents the program as a hierarchical structure of nodes, each of which corresponds to a+syntactic element of the program source text. For example, there is an AST node for each expression+and each statement in the program. These AST nodes are arranged into a parent-child relationship+reflecting the nesting of syntactic elements and the order in which inner elements appear in+enclosing ones.++For example, this is the AST for the expression ``(x + y) * z``:++|ast|++It is composed of six AST nodes, representing ``x``, ``y``, ``x + y``, ``(x + y)``, ``z`` and the+entire expression ``(x + y) * z``, respectively. The AST nodes representing ``x`` and ``y`` are+children of the AST node representing ``x + y``, ``x`` being the zeroth child and ``y`` being the+first child, reflecting their order in the program text. Similarly, ``x + y`` is the only child of

Great suggestions, thanks!

max-schaefer

comment created time in 10 hours

Pull request review commentgithub/codeql-go

Add library overview

+Introducing the CodeQL libraries for Go+=======================================++Overview+--------++CodeQL ships with an extensive library for analyzing Go code.  The classes in this library present+the data from a CodeQL database in an object-oriented form and provide abstractions and predicates+to help you with common analysis tasks.++The library is implemented as a set of QL modules, that is, files with the extension ``.qll``. The+module ``go.qll`` imports most other standard library modules, so you can include the complete+library by beginning your query with:++.. code-block:: ql++   import go++Broadly speaking, the CodeQL library for Go provides two views of a Go code base: at the `syntactic+level`, source code is represented as an `abstract syntax tree+<https://wikipedia.org/wiki/Abstract_syntax_tree>`__ (AST), while at the `data-flow level` it is+represented as a `data-flow graph <https://en.wikipedia.org/wiki/Data-flow_analysis>`__ (DFG). In+between, there is also an intermediate representation of the program as a control-flow graph (CFG),+though this representation is rarely useful on its own and mostly used to construct the higher-level+DFG representation.++The AST representation captures the syntactic structure of the program. You can use it to reason+about syntactic properties such as the nesting of statements within each other, but also about the+types of expressions and which variable a name refers to.++The DFG, on the other hand, provides an approximation of how data flows through variables and+operations at runtime. It is used, for example, by the security queries to model the way+user-controlled input can propagate through the program. Additionally, the DFG contains information+about which function may be invoked by a given call (taking virtual dispatch through interfaces into+account), as well as control-flow information about the order in which different operations may be+executed at runtime.

Good idea.

max-schaefer

comment created time in 11 hours

push eventmax-schaefer/ql

Taus Brock-Nannestad

commit sha 1d94f6d303e98a43e11e8b05640d6496cf67603b

Python: Fix several bad join orders. Performance on `taers232c/GAMADV-X` (which exhibited pathological behaviour in the most recent dist upgrade) went from ~670s to ~313s on `py/hardcoded-credentials`. There are still a few tuple counts in the 10-100 million range, but this commit takes care of all of the ones that numbered in the billions. (A single tuple count in the 100-1000 million range remains, but it appears to be less critical, taking only two seconds to calculate.)

view details

Taus Brock-Nannestad

commit sha 851d69299607fa279709bb0d59019513993fe2bb

Python: Remove manual TC from `ssaShortCut`. This caused a massive slowdown on certain snapshots.

view details

Erik Krogh Kristensen

commit sha 649464912513b4c6d4d4e9a4e8d26717eb447627

fix a number of FPs in js/exception-xss

view details

Asger Feldthaus

commit sha dde0f868b3fb2785e7983fa9243abe60e94dc86f

TS: Handle monorepos by rewriting package.json

view details

Asger Feldthaus

commit sha 71b540755d1be28a3d16243e06c47f0dcf81d622

TS: Print TypeScript semantic errors in log

view details

Asger Feldthaus

commit sha 21eecc4c9c0d69319583b81e33ec3a5199ec1d01

JS: Make return type class for installDependencies()

view details

Asger Feldthaus

commit sha 303bac971062f65254328725893eada549ca469e

TS: Guess main file location

view details

Asger Feldthaus

commit sha a220268ad8e5527af8493c9a43249f5f2a7e4887

TS: Install deps under scratch dir

view details

Asger Feldthaus

commit sha 5719b44fa567cd9e532f3c37435c76dd989cdc6f

TS: Add some documentation

view details

Asger Feldthaus

commit sha 7e8fb1428e666bfa901663d6c12591239d8fa60f

TS: Support tsconfig.json extending from ./node_modules

view details

Asger Feldthaus

commit sha dc30dcf1f875fdbcb98ac68865a8444c0e46d67a

TS: Only require SCRATCH_DIR when installing dependencies

view details

Asger Feldthaus

commit sha 852b90a6c9a876deaf9a5149a548e4eb8c62504e

TS: Be compatible with odasa/qltest

view details

Jonas Jensen

commit sha ed3ed5f1b6e0408a6305d43d686db4621e5304bd

C++: Test to show lack of flow to crement operands

view details

Jonas Jensen

commit sha c5950d2c9db698aa582f47ad12c37195e0f1f3fd

C++: IR: Result of `x` in `x++` is now the Load Previously, the `Load` would be associated with the `CrementOperation` rather than its operand, which gave surprising results when mapping taint sinks back to `Expr`. The changes in `raw_ir.expected` are to add `Copy` operations on the `x++` in code like `y = x++`. This is now needed because the result that `x++` would otherwise have (the Load) no longer belongs to the `++` expression. Copies are inserted to ensure that all expressions are associated with an `Instruction` result. The changes in `*aliased_ssa_ir.expected` appear to be just wobble.

view details

Jonas Jensen

commit sha 53b1068a9f1cba99fb88f7f432fc5cc9b1731fe2

C++: Unshare code between assignment types This commit undoes the code sharing between `TranslatedAssignExpr` (`=`) and `TranslatedAssignOperation` (`+=`, `<<=`, ...). In the next commit, when we change how the `Load` works on the LHS of `TranslatedAssignOperation`, these classes will become so different that sharing is no longer helpful.

view details

Jonas Jensen

commit sha 9a45c5570dfa4f3385bb1917c8fee91c6c571884

C++: Move Load from AssignmentOperation to its LHS This is analogous to what was done for `CrementOperation`.

view details

Asger Feldthaus

commit sha fc04e06456386cfd114dcec05c6d7dd6e5396c44

TS: Allow .js extensions in cross package imports

view details

Asger Feldthaus

commit sha 542ce816dc06860352ac1d8833594082715cd109

TS: Simplify string equality check

view details

Asger Feldthaus

commit sha 804aef507fcf9d96b829dbb7c4b47b34fb40845a

TS: Remove unneeded alias PackageLocationMap

view details

Asger Feldthaus

commit sha 3ca5a3dbe4fc2e655839ecbbb385f34b46427057

TS: Document nodeModulesRex

view details

push time in 11 hours

push eventmax-schaefer/ql

Henning Makholm

commit sha 3ec11a1089a3af7b52a338ee92d41bcd78b748f6

Don't chain to ./codeql in .codeqlmanifest.json This entry in `.codeqlmanifest.json` was intended to allow unpacking the CodeQL CLI as a subdirectory of `ql`, and things would Just Work. However, it is not necessary anymore because recent releases of the CLI will search their own directory as a fallback _independently_ of the parent directory. On the contrary, removing this link will make internal testing easier because you then run a test build of the CLI with `--search-path` pointing to the `ql` checkout without inadvertently making extractors in a _different_ build that is unpacked there visible.

view details

Jonas Jensen

commit sha 8054cde9fca57bbf4f5edf5d953dba9ac612c1e6

WIP: Switch on IR

view details

Jonas Jensen

commit sha 24396905a5360e8e6e1263229899aeed6711800c

WIP: Try to reduce ambiguous value numbers This is not enough to get genome/breakdancer working.

view details

Mathias Vorreiter Pedersen

commit sha 04c5f1cbb4d31f9cb46ad0b7dda6d9a71b9aad3a

C++: Perf fix for value numbering

view details

Mathias Vorreiter Pedersen

commit sha cb510edcf0008a55f7a154e4034d456563993cc7

C++: Sync up identical files and restore imports

view details

Mathias Vorreiter Pedersen

commit sha 57613d5507dcdfa686a276165aace5d70b937a82

C++: Reintroduce the type in TConstantValueNumber to avoid giving constant with different signed-ness the same value number. Instead filter those with more than one type out.

view details

Mathias Vorreiter Pedersen

commit sha ed7888c6129817b05ca47fa7f84cd4e8c74c7a94

C++: Sync identical files

view details

Robert Marsh

commit sha 0f58887396462368b77c55e57aafe0f23d2bd087

C++: unique value number for filtered instructions Instructions that are removed from the normal value numbering recursion because they have a duplicated type or AST element get unique value numbers rather than going unnumbered. This ensures comparisons of value numbers using `!=` hold for filtered instructions.

view details

Robert Marsh

commit sha b4ff1216cceff4aeff58c139898b9c6fdec8409c

C++: sync identical files

view details

Jonas Jensen

commit sha 928bdbacb0e8ed3e06c537c39b6f6f7cca7c6bc4

C++: Change import order for stable cache checksum Without this fix, running the full LGTM suite would get the IR evaluated twice. That's because we have multiple IPA types and constructors with the same name (like `TInstruction` and `MkIRFunction`), and the QL compiler chooses how to disambiguate those names differently depending on import order. I've tested that the IR is only evaluated once now by running the whole suite on a tiny project (jbj/magicrescue) and looking at the output of perl -ne 'print if /^RESULTS IN:/ .. /^\[/ and not /^\[/' runSnapshotQueries-debug.log | sort |uniq -c |sort -n |less

view details

Mathias Vorreiter Pedersen

commit sha 121c5e436d75edd9124dacb5e80da2a9263a1d7d

C++: Check that there is only one overlap

view details

Max Schaefer

commit sha f181111886ba1722db5d236e968940fc8d5b4fd7

JavaScript: Add model of `http2` compatibility API. Also deprecated the `httpOrHttps` predicate, which was now only used in one place and seemed a little pointless anyway.

view details

Max Schaefer

commit sha ad83a8946ca644d3523833fb8483cd10e23e333f

JavaScript: Sort lines in change notes.

view details

Nick Rolfe

commit sha d2a0037ad0279a7ca9444e32cd5c2e48d0b35eb8

Merge pull request #2833 from hmakholm/pr/ql-codeql Don't chain to ./codeql in .codeqlmanifest.json

view details

semmle-qlci

commit sha 8d21692cafaa1517dfaf9943c9967c59dc84db90

Merge pull request #2845 from max-schaefer/js/http2 Approved by esbena

view details

Mathias Vorreiter Pedersen

commit sha 4a7b865dc0c21716c9da5264e980eb01a946d3df

C++: Move overlap fix into SSAConstruction

view details

Mathias Vorreiter Pedersen

commit sha 8b8a8cae5be0d845b6b04894ba9a810e67df1e95

C++/C#: Sync identical files

view details

Robert Marsh

commit sha f3c788d1e9b9101eeb12bf10a2fa5694a51acaa3

Merge pull request #2843 from jbj/ValueNumbering-import-order C++: Change import order for stable cache checksum

view details

Robert Marsh

commit sha 7abd289d7d8bf2607981061d6440a329ecd971cf

C++: reinclude IRType in total load value numbers

view details

Dave Bartolomeo

commit sha 867581df9146a75a93601b466bf120530a2778ad

Merge pull request #2844 from MathiasVP/value-numbering-performance-fix-2 C++: Ensure that there is just one overlap for an operand in value numbering

view details

push time in 11 hours

push eventmax-schaefer/ql

Max Schaefer

commit sha e81005c06683fe06600a9977968c76dd005e5767

JavaScript: Distinguish `{lo}` and `{lo,}` in the regular expression parser.

view details

push time in 11 hours

create barnchmax-schaefer/ql

branch : js/regexp-bounded-quantifier-fix

created branch time in 3 days

PR opened github/codeql-go

Reviewers
Add library overview

This adds a general overview of the Go library like we have for the other languages. While writing the overview, I also noticed two naming inconsistencies which are fixed in the first two commits.

At the moment this is not hooked up to our Sphinx build yet, but I have a PR in the works to make it so. Meanwhile, here is what the overview will look like when rendered as HTML (internal link).

+704 -22

0 comment

19 changed files

pr created time in 3 days

create barnchSemmle/ql

branch : go-library-overview

created branch time in 3 days

create barnchmax-schaefer/ql

branch : go-library-overview

created branch time in 3 days

create barnchmax-schaefer/codeql-go

branch : introduce-libraries-html

created branch time in 3 days

delete branch max-schaefer/codeql-go

delete branch : introduce-libraries-html

delete time in 3 days

push eventmax-schaefer/codeql-go

Max Schaefer

commit sha 422a6557bba02bfb67385543f318164958a206bf

Add files via upload

view details

push time in 3 days

create barnchmax-schaefer/codeql-go

branch : introduce-libraries-html

created branch time in 3 days

create barnchmax-schaefer/codeql-go

branch : library-overview

created branch time in 3 days

fork max-schaefer/codeql-go

The CodeQL extractor and libraries for Go.

fork in 3 days

pull request commentSemmle/ql

JavaScript: Add model of `http2` compatibility API.

Conflicts fixed.

max-schaefer

comment created time in 3 days

push eventmax-schaefer/ql

Taus Brock-Nannestad

commit sha 1d94f6d303e98a43e11e8b05640d6496cf67603b

Python: Fix several bad join orders. Performance on `taers232c/GAMADV-X` (which exhibited pathological behaviour in the most recent dist upgrade) went from ~670s to ~313s on `py/hardcoded-credentials`. There are still a few tuple counts in the 10-100 million range, but this commit takes care of all of the ones that numbered in the billions. (A single tuple count in the 100-1000 million range remains, but it appears to be less critical, taking only two seconds to calculate.)

view details

Taus Brock-Nannestad

commit sha 851d69299607fa279709bb0d59019513993fe2bb

Python: Remove manual TC from `ssaShortCut`. This caused a massive slowdown on certain snapshots.

view details

Erik Krogh Kristensen

commit sha 649464912513b4c6d4d4e9a4e8d26717eb447627

fix a number of FPs in js/exception-xss

view details

Asger Feldthaus

commit sha dde0f868b3fb2785e7983fa9243abe60e94dc86f

TS: Handle monorepos by rewriting package.json

view details

Asger Feldthaus

commit sha 71b540755d1be28a3d16243e06c47f0dcf81d622

TS: Print TypeScript semantic errors in log

view details

Asger Feldthaus

commit sha 21eecc4c9c0d69319583b81e33ec3a5199ec1d01

JS: Make return type class for installDependencies()

view details

Asger Feldthaus

commit sha 303bac971062f65254328725893eada549ca469e

TS: Guess main file location

view details

Asger Feldthaus

commit sha a220268ad8e5527af8493c9a43249f5f2a7e4887

TS: Install deps under scratch dir

view details

Asger Feldthaus

commit sha 5719b44fa567cd9e532f3c37435c76dd989cdc6f

TS: Add some documentation

view details

Asger Feldthaus

commit sha 7e8fb1428e666bfa901663d6c12591239d8fa60f

TS: Support tsconfig.json extending from ./node_modules

view details

Asger Feldthaus

commit sha dc30dcf1f875fdbcb98ac68865a8444c0e46d67a

TS: Only require SCRATCH_DIR when installing dependencies

view details

Asger Feldthaus

commit sha 852b90a6c9a876deaf9a5149a548e4eb8c62504e

TS: Be compatible with odasa/qltest

view details

Jonas Jensen

commit sha ed3ed5f1b6e0408a6305d43d686db4621e5304bd

C++: Test to show lack of flow to crement operands

view details

Jonas Jensen

commit sha c5950d2c9db698aa582f47ad12c37195e0f1f3fd

C++: IR: Result of `x` in `x++` is now the Load Previously, the `Load` would be associated with the `CrementOperation` rather than its operand, which gave surprising results when mapping taint sinks back to `Expr`. The changes in `raw_ir.expected` are to add `Copy` operations on the `x++` in code like `y = x++`. This is now needed because the result that `x++` would otherwise have (the Load) no longer belongs to the `++` expression. Copies are inserted to ensure that all expressions are associated with an `Instruction` result. The changes in `*aliased_ssa_ir.expected` appear to be just wobble.

view details

Jonas Jensen

commit sha 53b1068a9f1cba99fb88f7f432fc5cc9b1731fe2

C++: Unshare code between assignment types This commit undoes the code sharing between `TranslatedAssignExpr` (`=`) and `TranslatedAssignOperation` (`+=`, `<<=`, ...). In the next commit, when we change how the `Load` works on the LHS of `TranslatedAssignOperation`, these classes will become so different that sharing is no longer helpful.

view details

Jonas Jensen

commit sha 9a45c5570dfa4f3385bb1917c8fee91c6c571884

C++: Move Load from AssignmentOperation to its LHS This is analogous to what was done for `CrementOperation`.

view details

Asger Feldthaus

commit sha fc04e06456386cfd114dcec05c6d7dd6e5396c44

TS: Allow .js extensions in cross package imports

view details

Asger Feldthaus

commit sha 542ce816dc06860352ac1d8833594082715cd109

TS: Simplify string equality check

view details

Asger Feldthaus

commit sha 804aef507fcf9d96b829dbb7c4b47b34fb40845a

TS: Remove unneeded alias PackageLocationMap

view details

Asger Feldthaus

commit sha 3ca5a3dbe4fc2e655839ecbbb385f34b46427057

TS: Document nodeModulesRex

view details

push time in 3 days

push eventmax-schaefer/ql

Taus Brock-Nannestad

commit sha 1d94f6d303e98a43e11e8b05640d6496cf67603b

Python: Fix several bad join orders. Performance on `taers232c/GAMADV-X` (which exhibited pathological behaviour in the most recent dist upgrade) went from ~670s to ~313s on `py/hardcoded-credentials`. There are still a few tuple counts in the 10-100 million range, but this commit takes care of all of the ones that numbered in the billions. (A single tuple count in the 100-1000 million range remains, but it appears to be less critical, taking only two seconds to calculate.)

view details

Taus Brock-Nannestad

commit sha 851d69299607fa279709bb0d59019513993fe2bb

Python: Remove manual TC from `ssaShortCut`. This caused a massive slowdown on certain snapshots.

view details

Erik Krogh Kristensen

commit sha 649464912513b4c6d4d4e9a4e8d26717eb447627

fix a number of FPs in js/exception-xss

view details

Asger Feldthaus

commit sha dde0f868b3fb2785e7983fa9243abe60e94dc86f

TS: Handle monorepos by rewriting package.json

view details

Asger Feldthaus

commit sha 71b540755d1be28a3d16243e06c47f0dcf81d622

TS: Print TypeScript semantic errors in log

view details

Asger Feldthaus

commit sha 21eecc4c9c0d69319583b81e33ec3a5199ec1d01

JS: Make return type class for installDependencies()

view details

Asger Feldthaus

commit sha 303bac971062f65254328725893eada549ca469e

TS: Guess main file location

view details

Asger Feldthaus

commit sha a220268ad8e5527af8493c9a43249f5f2a7e4887

TS: Install deps under scratch dir

view details

Asger Feldthaus

commit sha 5719b44fa567cd9e532f3c37435c76dd989cdc6f

TS: Add some documentation

view details

Asger Feldthaus

commit sha 7e8fb1428e666bfa901663d6c12591239d8fa60f

TS: Support tsconfig.json extending from ./node_modules

view details

Asger Feldthaus

commit sha dc30dcf1f875fdbcb98ac68865a8444c0e46d67a

TS: Only require SCRATCH_DIR when installing dependencies

view details

Asger Feldthaus

commit sha 852b90a6c9a876deaf9a5149a548e4eb8c62504e

TS: Be compatible with odasa/qltest

view details

Jonas Jensen

commit sha ed3ed5f1b6e0408a6305d43d686db4621e5304bd

C++: Test to show lack of flow to crement operands

view details

Jonas Jensen

commit sha c5950d2c9db698aa582f47ad12c37195e0f1f3fd

C++: IR: Result of `x` in `x++` is now the Load Previously, the `Load` would be associated with the `CrementOperation` rather than its operand, which gave surprising results when mapping taint sinks back to `Expr`. The changes in `raw_ir.expected` are to add `Copy` operations on the `x++` in code like `y = x++`. This is now needed because the result that `x++` would otherwise have (the Load) no longer belongs to the `++` expression. Copies are inserted to ensure that all expressions are associated with an `Instruction` result. The changes in `*aliased_ssa_ir.expected` appear to be just wobble.

view details

Jonas Jensen

commit sha 53b1068a9f1cba99fb88f7f432fc5cc9b1731fe2

C++: Unshare code between assignment types This commit undoes the code sharing between `TranslatedAssignExpr` (`=`) and `TranslatedAssignOperation` (`+=`, `<<=`, ...). In the next commit, when we change how the `Load` works on the LHS of `TranslatedAssignOperation`, these classes will become so different that sharing is no longer helpful.

view details

Jonas Jensen

commit sha 9a45c5570dfa4f3385bb1917c8fee91c6c571884

C++: Move Load from AssignmentOperation to its LHS This is analogous to what was done for `CrementOperation`.

view details

Asger Feldthaus

commit sha fc04e06456386cfd114dcec05c6d7dd6e5396c44

TS: Allow .js extensions in cross package imports

view details

Asger Feldthaus

commit sha 542ce816dc06860352ac1d8833594082715cd109

TS: Simplify string equality check

view details

Asger Feldthaus

commit sha 804aef507fcf9d96b829dbb7c4b47b34fb40845a

TS: Remove unneeded alias PackageLocationMap

view details

Asger Feldthaus

commit sha 3ca5a3dbe4fc2e655839ecbbb385f34b46427057

TS: Document nodeModulesRex

view details

push time in 3 days

PR opened Semmle/ql

JavaScript: Add model of `http2` compatibility API. JS

Also deprecated the httpOrHttps predicate, which was now only used in one place and seemed a little pointless anyway.

Evaluation shows four new results on react. These true (though probably not exploitable) positives were the original motivation for this PR. Performance could look happier, but considering the very minor changes in this PR I'm inclined to attribute this to an acute case of the wobbles; let me know if you disagree, I'd be happy to rerun selected projects.

+34 -11

0 comment

5 changed files

pr created time in 3 days

push eventmax-schaefer/ql

Max Schaefer

commit sha 46f8dda86bce610e4eedb15fd7ff64592249f7e5

JavaScript: Add model of `http2` compatibility API. Also deprecated the `httpOrHttps` predicate, which was now only used in one place and seemed a little pointless anyway.

view details

Max Schaefer

commit sha 7277ebe2cf94c07c75bc8add5f630760bfa099c8

JavaScript: Sort lines in change notes.

view details

push time in 3 days

push eventmax-schaefer/ql

Max Schaefer

commit sha d9271b20b57b06c1b7d9211b80ce189cc9e4c56a

JavaScript: Add model of `http2` compatibility API. Also deprecated the `httpOrHttps` predicate, which was now only used in one place and seemed a little pointless anyway.

view details

push time in 3 days

create barnchmax-schaefer/ql

branch : js/portals-graph

created branch time in 3 days

push eventgithub/codeql-go

Sauyon Lee

commit sha 92025ad9bdc1a53bc084127a97b59d2640ad5729

Add a RuneLit alias for CharLit Also change the doc comment on CharLit to RuneLit

view details

Max Schaefer

commit sha 9379f74308d390cd2efe60ba8aacf6c5254ab427

Merge pull request #24 from sauyon/runelit Add a RuneLit alias for CharLit

view details

push time in 4 days

PR merged github/codeql-go

Add a RuneLit alias for CharLit

Also change the doc comment on CharLit to RuneLit.

+3 -1

0 comment

1 changed file

sauyon

pr closed time in 4 days

push eventgithub/codeql-go

Sauyon Lee

commit sha 74bb4f707dca03555ee59a476755c7caa7182002

Make rune literal string value its value

view details

Sauyon Lee

commit sha eb990c9de729306b37553bf9567965eb42e8fff6

BadRedirectCheck: Use new rune literal string values

view details

Sauyon Lee

commit sha 01f4bfe4b82f239f205fd17b8d22e6c2ce36423f

Makefile: Use codeql to create stats database

view details

Sauyon Lee

commit sha 1262935085089f7dd563d2130c2195a218f5ab0c

Update stats

view details

Sauyon Lee

commit sha dc9d790bd3fd7306c26ee672de2b8e909053a82a

Makefile: Make better use of built-in variables

view details

Sauyon Lee

commit sha bf2b6555860f8b66e65cfb36bd7858125a274634

Makefile: make all target build extractor instead of tools

view details

Sauyon Lee

commit sha ed3971af472f056f1321103fb779f1aa149effa8

Makefile: make tools-ARCH no longer build the tokenizer

view details

Max Schaefer

commit sha 69eae987d167dce9d186ff6d57b5571a5cef3f10

Merge pull request #240 from sauyon/rune-literal-string-value Make rune literal string value its value

view details

Max Schaefer

commit sha c7d29311e69915405b47776d18c54d462d0edd89

Merge pull request #232 from sauyon/makefile-improvements Makefile improvements

view details

push time in 4 days

PR merged github/codeql-go

Implement Actions CI
+77 -48

2 comments

4 changed files

sauyon

pr closed time in 5 days

push eventgithub/codeql-go

Sauyon Lee

commit sha 22029410f0f6818a2ed2fff197eefe5bc20e2b7e

Create an action workflow for CodeQL tests

view details

Sauyon Lee

commit sha fdb7852cf63a0fbfde2fe054b121478b82e2362f

Force git not to mangle line endings for files relevant to tests

view details

Sauyon Lee

commit sha 1365da2224280d95e3afd6c1b4ebc806a0cecce5

examples/variable: Select declaration as well as the variable This makes the test platform-independent

view details

Max Schaefer

commit sha cb1d2935d4e0516d9adfa09cc4d7f8fe0a38bd28

Merge pull request #23 from github/sauyon-actions-1 Implement Actions CI

view details

push time in 5 days

Pull request review commentgithub/codeql-go

Implement Actions CI

 class Entity extends @object {   string getName() { objects(this, _, result) }    /** Gets the package in which this entity is declared, if any. */-  Package getPackage() { result.getScope() = this.getScope() }+  Package getPackage() { result.getScope() = this.getScope().getOuterScope*() }

Is this change necessary to get the tests passing? If not I'd prefer to put it into a different PR.

sauyon

comment created time in 5 days

Pull request review commentgithub/codeql-go

Implement Actions CI

 $(addprefix tools/osx64/,$(BINARIES)): tools-win64: $(addsuffix .exe,$(addprefix tools/win64/,$(BINARIES))) tools/tokenizer.jar  $(addsuffix .exe,$(addprefix tools/win64/,$(BINARIES))):-	env GOOS=windows GOARCH=amd64 go build -mod=vendor -o $@ ./extractor/cli/$(basename $(notdir $@))+	GOOS=windows GOARCH=amd64 go build -mod=vendor -o $@ ./extractor/cli/$(basename $(notdir $@))

I assume this was an accidental revert? I think it will break the distribution build.

sauyon

comment created time in 5 days

pull request commentgithub/codeql-go

Implement Actions CI

How should I fix this?

Perhaps try selecting err.getDeclaration() in addition to err? That should eliminate the non-source results and make the test platform-independent.

sauyon

comment created time in 7 days

push eventgithub/codeql-go

Sauyon Lee

commit sha 5417102c37fa8b9b99b7bba6da6647e73fa319c7

Rename the go module to github.com/github/codeql-go

view details

Sauyon Lee

commit sha 677ed6ebf4530d039eb239971fb01475ef7e2cc9

Fix tests to use codeql-go repository name

view details

Max Schaefer

commit sha acd27cdee6027309ed564c2633e367bf63880435

Merge pull request #238 from sauyon/semmle-to-github Rename the go module to github.com/github/codeql-go

view details

push time in 7 days

create barnchmax-schaefer/ql

branch : js/http2

created branch time in 7 days

push eventgithub/codeql-go

Sauyon Lee

commit sha 9a9561bb12598c9b30099d7d848127de858d910e

Remove vendored path prefix of vendored packages

view details

Sauyon Lee

commit sha 2cb61911c3b2c52aeff0500c7ca897a2c9dfc664

Package tests: Limit to specific packages

view details

Sauyon Lee

commit sha 5dbebe44f54db7571169d6566491620e57127483

Package tests: also select raw database path

view details

Sauyon Lee

commit sha 559ac8f0d2421ec86a82bb25053c8e0022558a77

Fix squirrel test build

view details

Sauyon Lee

commit sha 6300fdf85e5d25ecd3f1735cee60e603666ade66

Remove accidentally added CleartextStorage tests

view details

Sauyon Lee

commit sha e4d228fa0ff39f2acc48fc9b2a8e7273bcf71b7d

Fix CleartextStorage tests

view details

Sauyon Lee

commit sha 1a21c14f2f3f619a6ab72f0e9c3bff83403f2d8e

Remove build ignore from HardcodedCredentials example

view details

Max Schaefer

commit sha d6f3005e0ebe9e340732e5c8af32cd9506f194cc

Merge branch '235-head'

view details

push time in 10 days

PR opened Semmle/ql

JavaScript: Teach `resolveMainModule` to try adding extensions. JS

If a package.json leaves off the extension of its main module, we previously weren't able to find it.

An evaluation on big-apps.slugs suggests a slight slowdown overall, but nothing dramatic, and I suspect it may not be real anyway: A2Z-F15 showed a 6% slowdown first, which turned into a 3% speedup on rerunning, so it may just have been worker load. Should have run with DPMs.

I doubt this affects many queries, so I didn't include a change note, but I'm happy to be convinced otherwise.

+17 -3

0 comment

6 changed files

pr created time in 13 days

push eventmax-schaefer/ql

Max Schaefer

commit sha e21c24c60e269c51db3a5bad5d7cdbb6c1eaab2b

JavaScript: Add failing test case.

view details

Max Schaefer

commit sha 43e4ed1e18e886be12da7abd7a96f30820a304ab

JavaScript: Teach `resolveMainModule` to try adding extensions.

view details

push time in 13 days

create barnchmax-schaefer/ql

branch : js/compare-jump-to-def

created branch time in 14 days

push eventmax-schaefer/ql

Max Schaefer

commit sha 394de6647b8bf80a5232a6d95ae3c61a9a67c389

JavaScript: Teach `resolveMainModule` to try adding extensions.

view details

push time in 14 days

create barnchmax-schaefer/ql

branch : java/portals

created branch time in 14 days

push eventmax-schaefer/ql

Erik Krogh Kristensen

commit sha ec5896abbab4effa8c82283badea921c9fa086e8

add additional data-flow edges to data-flow related to promises

view details

Erik Krogh Kristensen

commit sha c50de3a7e81982ea99bde25f6b377088f2546c6c

update expected output of tests

view details

Grzegorz Golawski

commit sha 7570fa9137965f806e53792bc61855286f8daca1

Query to detect LDAP injections in Java JNDI and UnboundID sinks JNDI, UnboundID and Spring LDAP sanitizers

view details

Grzegorz Golawski

commit sha c01aa3d2ee465309d9310478dcceedbb61a3dc02

Query to detect LDAP injections in Java Spring LDAP sink

view details

Grzegorz Golawski

commit sha 3e86dd11825157c0d2ad7ca4d4aeb01950876645

Query to detect LDAP injections in Java Apache LDAP API sink

view details

Erik Krogh Kristensen

commit sha d09bce5cd7f42b0ec6f4791878e8d7397ac9e5b9

custom load/store steps to implement promise flow

view details

Grzegorz Golawski

commit sha b7325232d7e367dce31013653e6264b6fb16ae3b

Query to detect LDAP injections in Java Consider DNs as injection points as well Add more taint steps

view details

Erik Krogh Kristensen

commit sha 830100d2ed7a956ce9b67f8d48a7b43520bdfa72

support interprocedural flow with custom load/store steps

view details

Erik Krogh Kristensen

commit sha e08fc08337d309fc8bc4ada749515f15ae7552ca

don't use pseudo-properties for resolved promise data-flow

view details

Erik Krogh Kristensen

commit sha a76ab39a39392fcb737e7414d66acb093dbc4134

no longer need for .getALocalSource() in custom load/store

view details

Erik Krogh Kristensen

commit sha 9998059d59a722a7777cbc2300658876f96f38d2

add pragma to fix performance (same issue as in #2512)

view details

Erik Krogh Kristensen

commit sha 06e898f53b96d581d2eedacfe5a972d3db37a4f8

only use .getALocalSource in copyPropertyStep

view details

Erik Krogh Kristensen

commit sha 6ad62e32e0b97229806f051631bd8cf9e556cbf2

copyPropertyStep works interprocedurally

view details

Erik Krogh Kristensen

commit sha a25c5d70904cb06fdf108e49fcb166435a07e7bd

outlining a predicate to give hints about join ordering

view details

Grzegorz Golawski

commit sha 8cec46342f6e945069e189b5a032f0e036968e9f

Query to detect LDAP injections in Java Refactoring

view details

Grzegorz Golawski

commit sha 95723b08e137c435f8209fbf6798f985243f7399

Query to detect LDAP injections in Java Add help

view details

Grzegorz Golawski

commit sha 00ee3d2549623735d39ec61cbf15abea3adda417

Query to detect LDAP injections in Java Cleanup

view details

Erik Krogh Kristensen

commit sha b3b132c66d45f930d2d6391dfe609c91bd6eb987

Merge remote-tracking branch 'upstream/master' into ExceptionalPromise

view details

Erik Krogh Kristensen

commit sha ffbd0f6632002e180900b1871863bb012cf7031a

update expected test output

view details

Erik Krogh Kristensen

commit sha ad813ef86c26268f0e4043bedc6a83f098163ef1

add flowsTo to the use of isAdditionalLoadStep

view details

push time in 14 days

create barnchmax-schaefer/ql

branch : js/resolveMainModule-extensions

created branch time in 16 days

push eventSemmle/ql

Anders Schack-Mulligen

commit sha 18a8c2b2206fb9442fbe7df31ad5e3756ef46181

Java: Add qlpack.yml in upgrades.

view details

Max Schaefer

commit sha 7855a0b657d391fcd52499d38eda3b8f5d8d03de

Merge pull request #2732 from aschackmull/java/upgrades-qlpack Java: Add qlpack.yml in upgrades.

view details

push time in 17 days

PR merged Semmle/ql

Java: Add qlpack.yml in upgrades. Java

It looks like this file is necessary for codeql to find the upgrades.

+2 -0

0 comment

1 changed file

aschackmull

pr closed time in 17 days

create barnchmax-schaefer/ql

branch : portals-fixes

created branch time in 18 days

create barnchmax-schaefer/ql

branch : string-break

created branch time in 18 days

Pull request review commentSemmle/ql

TS: Handle monorepos by rewriting package.json

 public static String getExtractorRoot() {     }     return env;   }++  public static String getScratchDir() {+    String env = Env.systemEnv().get(CODEQL_EXTRACTOR_JAVASCRIPT_SCRATCH_DIR_ENV_VAR);+    if (env == null) {+      throw new UserError(CODEQL_EXTRACTOR_JAVASCRIPT_SCRATCH_DIR_ENV_VAR + " must be set");

I'm not sure I understand. Do you mean that LGTM sets LGTM_WORKSPACE to CODEQL_EXTRACTOR_LANG_SCRATCH_DIR? But who sets the latter? LGTM doesn't use CodeQL.

asgerf

comment created time in 18 days

push eventmax-schaefer/ql

Erik Krogh Kristensen

commit sha 110302678c054e546fb3ba176bdfc9b85f65c357

add model for EventEmitter in NodeJS, and base the Electron::IPC model on top of the new EventEmitter model

view details

Erik Krogh Kristensen

commit sha 60a825cf660117b441dd9b06d38a9912b6990fcd

fix tabs and spaces

view details

Erik Krogh Kristensen

commit sha 72cf14989a0f22188d04681af387794b3a1992d5

update expected output of test

view details

Erik Krogh Kristensen

commit sha 59bafab6c349fb67a3919611f627d0335c70e7f9

update test to not use private class

view details

Erik Krogh Kristensen

commit sha e5d465da9a613453958f9ceb50943075fc95a34f

documentation fixes from @max-schaefer Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>

view details

Erik Krogh Kristensen

commit sha c4fd80d12bf02828c79cfc939c9b60954b26ea0d

some review feedback

view details

Erik Krogh Kristensen

commit sha 267c4c07ed3aa5a32327899a19f058d54fb1ffa8

refactor EventEmitter model to use the ::Range pattern

view details

Erik Krogh Kristensen

commit sha e818f4c08b61d32887983d4c71c28a471a9c3dd6

refactored some duplicated methods into the abstract class, and specialized the type of emitter in NodeJS EventEmitter dispatch/registration

view details

Erik Krogh Kristensen

commit sha c19d8ecb7300f1b5d17a6f62119f9b0108e053de

refactorizations and preparations for SocketIO implementation

view details

Erik Krogh Kristensen

commit sha fed93029966b1d93736e37e10b4fb8db52751246

uppercase E in Electron Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>

view details

Erik Krogh Kristensen

commit sha 0a8a2ecc611caed635c943fd940a04a325f8ac94

make EventEmitter classses non final, and add a comment about extending EventEmitter::Range

view details

Erik Krogh Kristensen

commit sha 2e5b7273ab28c0529aad602187686eaef96a44f7

changes based on review feedback.

view details

Mathias Vorreiter Pedersen

commit sha 006c8bb0cdeeeb3103903f914068a9b0bb29992e

C++: Remove abstract classes from unary operations

view details

Mathias Vorreiter Pedersen

commit sha cb22702908273c39ee01623c03bb4193520cf990

C++: Added update script

view details

Mathias Vorreiter Pedersen

commit sha 1b29e6c0827269e62017eb17c2324c4991973c1c

Remove @prefix_crement_oper_expr and @postfix_crement_oper_expr clauses Co-Authored-By: Jonas Jensen <jbj@github.com>

view details

Mathias Vorreiter Pedersen

commit sha 46421efcefb67cda48cb82c08195a4fb3a1ef120

C++: Rename crement operations

view details

Mathias Vorreiter Pedersen

commit sha 6998336fb98671820cbc1962ab71a9302e7844fa

C++: Format .dbscheme file

view details

Mathias Vorreiter Pedersen

commit sha 11a545e08e8ccf7f9092a5ad21afcc476be1dce1

C++: Removed abstract classes from binary and assignment operations

view details

Mathias Vorreiter Pedersen

commit sha bb282f403e944a78eedf528d0c04b06ae1fac924

Fix comments Co-Authored-By: Jonas Jensen <jbj@github.com>

view details

Mathias Vorreiter Pedersen

commit sha c9fe3e4d2d0a901c0f4cd368f454c1ff9eb68170

C++: Updated upgrade script

view details

push time in 18 days

push eventgithub/codeql-go

Max Schaefer

commit sha 69a91b537fbe589182504f2b42a1578b8ee921ec

Add change note for autobuilder changes https://git.semmle.com/Semmle/go/pull/210 did not include a change note.

view details

push time in 18 days

push eventgithub/codeql-go

Sauyon Lee

commit sha c76684851f9d65b67dfc29f03c028f5b3907ac78

autobuilder: run make if Makefile exists

view details

Sauyon Lee

commit sha 53e5ebba2018d3572103f61b053e86321b16221b

autobuilder: Run build tools if relevant files exist

view details

Sauyon Lee

commit sha 4e5fd46bc64ba608ee75bb293eb998c5f1e6203d

autobuilder: Close stdin of subprocesses This fixes issues where build programs were prompting for input, causing the build to hang indefinitely.

view details

Sauyon Lee

commit sha 82635a46ade4112d23f01f673ada7af9db569b82

OpenUrlRedirect: only make some parts of the URL untrusted

view details

Sauyon Lee

commit sha abfdd7ee1e5873c9a6a8fc416dfeecf3bbae0132

OpenUrlRedirect: make functions like isValidRedirect barrier guards

view details

Sauyon Lee

commit sha 260b33be7ec92d7eedfb6388b25de8e2be8ee1e7

OpenUrlRedirect: Add untrusted methods Also use more up-to-date data-flow APIs

view details

Sauyon Lee

commit sha 30d2fb0b7f6d811e8b372222728743978cdbf585

TaintTracking: Make functionModelStep take a FunctionModel This makes using only some function models easier.

view details

Sauyon Lee

commit sha e17f5487809bab6ad6cff39cdf330f74f5266836

Add DataFlow2

view details

Sauyon Lee

commit sha a2b5bb85abbdf122444b3821ace2680793e1f78d

OpenUrlRedirect: Fix test compilation

view details

Sauyon Lee

commit sha 9af436566f079642f71d6d5adae8188346cefad6

OpenUrlRedirect: Use a data-flow configuration to track whole URLs

view details

Sauyon Lee

commit sha 3eee780fddfb992af97f38d4e0fadd54514a8e43

TaintTracking: minor functionNodeStep call improvement Co-Authored-By: Max Schaefer <max@semmle.com>

view details

Sauyon Lee

commit sha d2e5322b94a416fc4cd8a93bde86eb1779b2e1c5

Apply review comments

view details

Sauyon Lee

commit sha 478f906d7af6104e24040f5117cca0cd80f3cb68

HTTP: Use Field.getQualifiedName in UserControlledRequestField Also autoformat.

view details

Sauyon Lee

commit sha 41d04f3d965ded20c917054edac2e9e1f5a3c1e4

Revert "Add DataFlow2" This reverts commit 6a0203f33303847d9e7006ca67b1dba31428748b.

view details

Sauyon Lee

commit sha 7676a56af644c6d273fd01b4bcb43439c7d89765

Makefile: Make extractor-common extractor target

view details

Max Schaefer

commit sha be183596c884f3b758c9ce5a0fceb09f7337f4a2

Merge pull request #211 from sauyon/open-redirect-fps OpenUrlRedirect: resolve some FPs

view details

Max Schaefer

commit sha 8bb769b4f9ab910ea53a1c45303f9265958a68eb

Merge pull request #228 from sauyon/codeql-test Makefile: Make extractor-common extractor target

view details

Max Schaefer

commit sha ef60f1cbf7ffb251eeda2a30ada260b52f527cab

Merge pull request #210 from sauyon/autobuilder-run-make autobuilder: run build if relevant files exist

view details

push time in 19 days

delete branch max-schaefer/ql

delete branch : unify-xml-qlls

delete time in 19 days

delete branch max-schaefer/ql

delete branch : js/fix-16

delete time in 19 days

delete branch max-schaefer/ql

delete branch : js/fix-17

delete time in 19 days

delete branch max-schaefer/ql

delete branch : js/generalise-alert-suppression

delete time in 19 days

Pull request review commentSemmle/ql

TS: Handle monorepos by rewriting package.json

 public static String getExtractorRoot() {     }     return env;   }++  public static String getScratchDir() {+    String env = Env.systemEnv().get(CODEQL_EXTRACTOR_JAVASCRIPT_SCRATCH_DIR_ENV_VAR);+    if (env == null) {+      throw new UserError(CODEQL_EXTRACTOR_JAVASCRIPT_SCRATCH_DIR_ENV_VAR + " must be set");

Will this work on LGTM? I don't think it sets that environment variable, does it? However, LGTM_WORKSPACE looks like a suitable alternative and is used by a few of the other autobuilders.

asgerf

comment created time in 19 days

Pull request review commentSemmle/ql

TS: Handle monorepos by rewriting package.json

 import * as ts from "./typescript"; import { TypeTable } from "./type_table";+import * as pathlib from "path";+import { VirtualSourceRoot } from "./virtual_source_root";++/**+ * Extracts the package name from the prefix of an import string.+ */+const packageNameRex = /^(?:@[\w.-]+[/\\])?\w[\w.-]*(?=[/\\]|$)/;

Can import paths contain double slashes?

asgerf

comment created time in 19 days

Pull request review commentSemmle/ql

TS: Handle monorepos by rewriting package.json

 private boolean verifyYarnInstallation() {     }   } -  protected void installDependencies(Set<Path> filesToExtract) {+  /**+   * Returns an existing file named <code>dir/stem.ext</code> where <code>ext</code> is any+   * of the given extensions, or <code>null</code> if no such file exists.+   */+  private static Path tryResolveWithExtensions(Path dir, String stem, Iterable<String> extensions) {+    for (String ext : extensions) {+      Path path = dir.resolve(stem + ext);+      if (Files.exists(dir.resolve(path))) {+        return path;+      }+    }+    return null;+  }+  +  /**+   * Returns an existing file named <code>dir/stem.ext</code> where <code>ext</code> is any TypeScript or JavaScript extension,+   * or <code>null</code> if no such file exists.+   */+  private static Path tryResolveTypeScriptOrJavaScriptFile(Path dir, String stem) {+    Path resolved = tryResolveWithExtensions(dir, stem, FileType.TYPESCRIPT.getExtensions());+    if (resolved != null) return resolved;+    return tryResolveWithExtensions(dir, stem, FileType.JS.getExtensions());+  }+  +  /**+   * Gets a child of a JSON object as a string, or <code>null</code>.+   */+  private String getChildAsString(JsonObject obj, String name) {+     JsonElement child = obj.get(name);+     if (child instanceof JsonPrimitive && ((JsonPrimitive)child).isString()) {+       return child.getAsString();+     }+     return null;+  }++  /**+   * Installs dependencies for use by the TypeScript type checker.+   * <p>+   * Some packages must be downloaded while others exist within the same repo ("monorepos")+   * but are not in a location where TypeScript would look for it.+   * <p>+   * Downloaded packages are intalled under <tt>SCRATCH_DIR</tt>, in a mirrored directory hierarchy+   * we call the "virtual source root".+   * Each <tt>package.json</tt> file is rewritten and copied to the virtual source root,+   * where <tt>yarn install</tt> is invoked.+   * <p>+   * Packages that exists within the repo are stripped from the dependencies+   * before installation, so they are not downloaded. Since they are part of the main source tree,+   * these packages are not mirrored under the virtual source root.+   * Instead, an explicit package location mapping is passed to the TypeScript parser wrapper.+   * <p>+   * The TypeScript parser wrapper then overrides module resolution so packages can be found+   * under the virtual source root and via that package location mapping.+   */+  protected DependencyInstallationResult installDependencies(Set<Path> filesToExtract) {     if (!verifyYarnInstallation()) {-      return;+      return DependencyInstallationResult.empty;     }+    +    final Path sourceRoot = Paths.get(".").toAbsolutePath();+    final Path virtualSourceRoot = Paths.get(EnvironmentVariables.getScratchDir()).toAbsolutePath();++    // Read all package.json files and index them by name.+    Map<Path, JsonObject> packageJsonFiles = new LinkedHashMap<>();+    Map<String, Path> packagesInRepo = new LinkedHashMap<>();+    Map<String, Path> packageMainFile = new LinkedHashMap<>();     for (Path file : filesToExtract) {       if (file.getFileName().toString().equals("package.json")) {-        System.out.println("Installing dependencies from " + file);-        ProcessBuilder pb =-            new ProcessBuilder(-                Arrays.asList(-                    "yarn",-                    "install",-                    "--non-interactive",-                    "--ignore-scripts",-                    "--ignore-platform",-                    "--ignore-engines",-                    "--ignore-optional",-                    "--no-default-rc",-                    "--no-bin-links",-                    "--pure-lockfile"));-        pb.directory(file.getParent().toFile());-        pb.redirectOutput(Redirect.INHERIT);-        pb.redirectError(Redirect.INHERIT);         try {-          pb.start().waitFor(this.installDependenciesTimeout, TimeUnit.MILLISECONDS);-        } catch (IOException | InterruptedException ex) {-          throw new ResourceError("Could not install dependencies from " + file, ex);+          String text = new WholeIO().read(file);+          JsonElement json = new JsonParser().parse(text);+          if (!(json instanceof JsonObject)) continue;+          JsonObject jsonObject = (JsonObject) json;+          file = file.toAbsolutePath();+          packageJsonFiles.put(file, jsonObject);++          String name = getChildAsString(jsonObject, "name");+          if (name != null) {+            packagesInRepo.put(name, file);+          }+        } catch (JsonParseException e) {+          System.err.println("Could not parse JSON file: " + file);+          System.err.println(e);+          // Continue without the malformed package.json file+        }+      }+    }++    // Process all package.json files now that we know the names of all local packages.+    // - remove dependencies on local packages+    // - guess the main file for each package+    // Note that we ignore optional dependencies during installation, so "optionalDependencies"+    // is ignored here as well.+    final List<String> dependencyFields =+        Arrays.asList("dependencies", "devDependencies", "peerDependencies");+    packageJsonFiles.forEach(+        (path, packageJson) -> {+          Path relativePath = sourceRoot.relativize(path);+          for (String dependencyField : dependencyFields) {+            JsonElement dependencyElm = packageJson.get(dependencyField);+            if (!(dependencyElm instanceof JsonObject)) continue;+            JsonObject dependencyObj = (JsonObject) dependencyElm;+            List<String> propsToRemove = new ArrayList<>();+            for (String packageName : dependencyObj.keySet()) {+              if (packagesInRepo.containsKey(packageName)) {+                // Remove dependency on local package+                propsToRemove.add(packageName);+              } else {+                // Remove file dependency on a package that don't exist in the checkout.+                String dependecy = getChildAsString(dependencyObj, packageName);

(And uses below.)

asgerf

comment created time in 19 days

Pull request review commentSemmle/ql

TS: Handle monorepos by rewriting package.json

 private boolean verifyYarnInstallation() {     }   } -  protected void installDependencies(Set<Path> filesToExtract) {+  /**+   * Returns an existing file named <code>dir/stem.ext</code> where <code>ext</code> is any+   * of the given extensions, or <code>null</code> if no such file exists.+   */+  private static Path tryResolveWithExtensions(Path dir, String stem, Iterable<String> extensions) {+    for (String ext : extensions) {+      Path path = dir.resolve(stem + ext);+      if (Files.exists(dir.resolve(path))) {+        return path;+      }+    }+    return null;+  }+  +  /**+   * Returns an existing file named <code>dir/stem.ext</code> where <code>ext</code> is any TypeScript or JavaScript extension,+   * or <code>null</code> if no such file exists.+   */+  private static Path tryResolveTypeScriptOrJavaScriptFile(Path dir, String stem) {+    Path resolved = tryResolveWithExtensions(dir, stem, FileType.TYPESCRIPT.getExtensions());+    if (resolved != null) return resolved;+    return tryResolveWithExtensions(dir, stem, FileType.JS.getExtensions());+  }+  +  /**+   * Gets a child of a JSON object as a string, or <code>null</code>.+   */+  private String getChildAsString(JsonObject obj, String name) {+     JsonElement child = obj.get(name);+     if (child instanceof JsonPrimitive && ((JsonPrimitive)child).isString()) {+       return child.getAsString();+     }+     return null;+  }++  /**+   * Installs dependencies for use by the TypeScript type checker.+   * <p>+   * Some packages must be downloaded while others exist within the same repo ("monorepos")+   * but are not in a location where TypeScript would look for it.+   * <p>+   * Downloaded packages are intalled under <tt>SCRATCH_DIR</tt>, in a mirrored directory hierarchy+   * we call the "virtual source root".+   * Each <tt>package.json</tt> file is rewritten and copied to the virtual source root,+   * where <tt>yarn install</tt> is invoked.+   * <p>+   * Packages that exists within the repo are stripped from the dependencies+   * before installation, so they are not downloaded. Since they are part of the main source tree,+   * these packages are not mirrored under the virtual source root.+   * Instead, an explicit package location mapping is passed to the TypeScript parser wrapper.+   * <p>+   * The TypeScript parser wrapper then overrides module resolution so packages can be found+   * under the virtual source root and via that package location mapping.+   */+  protected DependencyInstallationResult installDependencies(Set<Path> filesToExtract) {     if (!verifyYarnInstallation()) {-      return;+      return DependencyInstallationResult.empty;     }+    +    final Path sourceRoot = Paths.get(".").toAbsolutePath();+    final Path virtualSourceRoot = Paths.get(EnvironmentVariables.getScratchDir()).toAbsolutePath();++    // Read all package.json files and index them by name.+    Map<Path, JsonObject> packageJsonFiles = new LinkedHashMap<>();+    Map<String, Path> packagesInRepo = new LinkedHashMap<>();+    Map<String, Path> packageMainFile = new LinkedHashMap<>();     for (Path file : filesToExtract) {       if (file.getFileName().toString().equals("package.json")) {-        System.out.println("Installing dependencies from " + file);-        ProcessBuilder pb =-            new ProcessBuilder(-                Arrays.asList(-                    "yarn",-                    "install",-                    "--non-interactive",-                    "--ignore-scripts",-                    "--ignore-platform",-                    "--ignore-engines",-                    "--ignore-optional",-                    "--no-default-rc",-                    "--no-bin-links",-                    "--pure-lockfile"));-        pb.directory(file.getParent().toFile());-        pb.redirectOutput(Redirect.INHERIT);-        pb.redirectError(Redirect.INHERIT);         try {-          pb.start().waitFor(this.installDependenciesTimeout, TimeUnit.MILLISECONDS);-        } catch (IOException | InterruptedException ex) {-          throw new ResourceError("Could not install dependencies from " + file, ex);+          String text = new WholeIO().read(file);+          JsonElement json = new JsonParser().parse(text);+          if (!(json instanceof JsonObject)) continue;+          JsonObject jsonObject = (JsonObject) json;+          file = file.toAbsolutePath();+          packageJsonFiles.put(file, jsonObject);++          String name = getChildAsString(jsonObject, "name");+          if (name != null) {+            packagesInRepo.put(name, file);+          }+        } catch (JsonParseException e) {+          System.err.println("Could not parse JSON file: " + file);+          System.err.println(e);+          // Continue without the malformed package.json file+        }+      }+    }++    // Process all package.json files now that we know the names of all local packages.+    // - remove dependencies on local packages+    // - guess the main file for each package+    // Note that we ignore optional dependencies during installation, so "optionalDependencies"+    // is ignored here as well.+    final List<String> dependencyFields =+        Arrays.asList("dependencies", "devDependencies", "peerDependencies");+    packageJsonFiles.forEach(+        (path, packageJson) -> {+          Path relativePath = sourceRoot.relativize(path);+          for (String dependencyField : dependencyFields) {+            JsonElement dependencyElm = packageJson.get(dependencyField);+            if (!(dependencyElm instanceof JsonObject)) continue;+            JsonObject dependencyObj = (JsonObject) dependencyElm;+            List<String> propsToRemove = new ArrayList<>();+            for (String packageName : dependencyObj.keySet()) {+              if (packagesInRepo.containsKey(packageName)) {+                // Remove dependency on local package+                propsToRemove.add(packageName);+              } else {+                // Remove file dependency on a package that don't exist in the checkout.
                // Remove file dependency on a package that doesn't exist in the checkout.
asgerf

comment created time in 19 days

Pull request review commentSemmle/ql

TS: Handle monorepos by rewriting package.json

+import * as pathlib from "path";+import * as ts from "./typescript";++/**+ * Mapping from the source root to the virtual source root.+ */+export class VirtualSourceRoot {+  constructor(+    private sourceRoot: string,++    /**+     * Directory whose folder structure mirrors the real source root, but with `node_modules` installed,+     * or undefined if no virtual source root exists.+     */+    private virtualSourceRoot: string,+  ) {}++  /**+   * Maps a path under the real source root to the corresonding path in the virtual source root.
   * Maps a path under the real source root to the corresponding path in the virtual source root.
asgerf

comment created time in 19 days

Pull request review commentSemmle/ql

TS: Handle monorepos by rewriting package.json

 private boolean verifyYarnInstallation() {     }   } -  protected void installDependencies(Set<Path> filesToExtract) {+  /**+   * Returns an existing file named <code>dir/stem.ext</code> where <code>ext</code> is any

(just to clarify that the extensions include dots)

asgerf

comment created time in 19 days

Pull request review commentSemmle/ql

TS: Handle monorepos by rewriting package.json

 private boolean verifyYarnInstallation() {     }   } -  protected void installDependencies(Set<Path> filesToExtract) {+  /**+   * Returns an existing file named <code>dir/stem.ext</code> where <code>ext</code> is any+   * of the given extensions, or <code>null</code> if no such file exists.+   */+  private static Path tryResolveWithExtensions(Path dir, String stem, Iterable<String> extensions) {+    for (String ext : extensions) {+      Path path = dir.resolve(stem + ext);+      if (Files.exists(dir.resolve(path))) {+        return path;+      }+    }+    return null;+  }+  +  /**+   * Returns an existing file named <code>dir/stem.ext</code> where <code>ext</code> is any TypeScript or JavaScript extension,+   * or <code>null</code> if no such file exists.+   */+  private static Path tryResolveTypeScriptOrJavaScriptFile(Path dir, String stem) {+    Path resolved = tryResolveWithExtensions(dir, stem, FileType.TYPESCRIPT.getExtensions());+    if (resolved != null) return resolved;+    return tryResolveWithExtensions(dir, stem, FileType.JS.getExtensions());+  }+  +  /**+   * Gets a child of a JSON object as a string, or <code>null</code>.+   */+  private String getChildAsString(JsonObject obj, String name) {+     JsonElement child = obj.get(name);+     if (child instanceof JsonPrimitive && ((JsonPrimitive)child).isString()) {+       return child.getAsString();+     }+     return null;+  }++  /**+   * Installs dependencies for use by the TypeScript type checker.+   * <p>+   * Some packages must be downloaded while others exist within the same repo ("monorepos")+   * but are not in a location where TypeScript would look for it.+   * <p>+   * Downloaded packages are intalled under <tt>SCRATCH_DIR</tt>, in a mirrored directory hierarchy+   * we call the "virtual source root".+   * Each <tt>package.json</tt> file is rewritten and copied to the virtual source root,+   * where <tt>yarn install</tt> is invoked.+   * <p>+   * Packages that exists within the repo are stripped from the dependencies+   * before installation, so they are not downloaded. Since they are part of the main source tree,+   * these packages are not mirrored under the virtual source root.+   * Instead, an explicit package location mapping is passed to the TypeScript parser wrapper.+   * <p>+   * The TypeScript parser wrapper then overrides module resolution so packages can be found+   * under the virtual source root and via that package location mapping.+   */+  protected DependencyInstallationResult installDependencies(Set<Path> filesToExtract) {     if (!verifyYarnInstallation()) {-      return;+      return DependencyInstallationResult.empty;     }+    +    final Path sourceRoot = Paths.get(".").toAbsolutePath();+    final Path virtualSourceRoot = Paths.get(EnvironmentVariables.getScratchDir()).toAbsolutePath();++    // Read all package.json files and index them by name.+    Map<Path, JsonObject> packageJsonFiles = new LinkedHashMap<>();+    Map<String, Path> packagesInRepo = new LinkedHashMap<>();+    Map<String, Path> packageMainFile = new LinkedHashMap<>();     for (Path file : filesToExtract) {       if (file.getFileName().toString().equals("package.json")) {-        System.out.println("Installing dependencies from " + file);-        ProcessBuilder pb =-            new ProcessBuilder(-                Arrays.asList(-                    "yarn",-                    "install",-                    "--non-interactive",-                    "--ignore-scripts",-                    "--ignore-platform",-                    "--ignore-engines",-                    "--ignore-optional",-                    "--no-default-rc",-                    "--no-bin-links",-                    "--pure-lockfile"));-        pb.directory(file.getParent().toFile());-        pb.redirectOutput(Redirect.INHERIT);-        pb.redirectError(Redirect.INHERIT);         try {-          pb.start().waitFor(this.installDependenciesTimeout, TimeUnit.MILLISECONDS);-        } catch (IOException | InterruptedException ex) {-          throw new ResourceError("Could not install dependencies from " + file, ex);+          String text = new WholeIO().read(file);+          JsonElement json = new JsonParser().parse(text);+          if (!(json instanceof JsonObject)) continue;+          JsonObject jsonObject = (JsonObject) json;+          file = file.toAbsolutePath();+          packageJsonFiles.put(file, jsonObject);++          String name = getChildAsString(jsonObject, "name");+          if (name != null) {+            packagesInRepo.put(name, file);+          }+        } catch (JsonParseException e) {+          System.err.println("Could not parse JSON file: " + file);+          System.err.println(e);+          // Continue without the malformed package.json file+        }+      }+    }++    // Process all package.json files now that we know the names of all local packages.+    // - remove dependencies on local packages+    // - guess the main file for each package+    // Note that we ignore optional dependencies during installation, so "optionalDependencies"+    // is ignored here as well.+    final List<String> dependencyFields =+        Arrays.asList("dependencies", "devDependencies", "peerDependencies");+    packageJsonFiles.forEach(+        (path, packageJson) -> {+          Path relativePath = sourceRoot.relativize(path);+          for (String dependencyField : dependencyFields) {+            JsonElement dependencyElm = packageJson.get(dependencyField);+            if (!(dependencyElm instanceof JsonObject)) continue;+            JsonObject dependencyObj = (JsonObject) dependencyElm;+            List<String> propsToRemove = new ArrayList<>();+            for (String packageName : dependencyObj.keySet()) {+              if (packagesInRepo.containsKey(packageName)) {+                // Remove dependency on local package+                propsToRemove.add(packageName);+              } else {+                // Remove file dependency on a package that don't exist in the checkout.+                String dependecy = getChildAsString(dependencyObj, packageName);
                String dependency = getChildAsString(dependencyObj, packageName);
asgerf

comment created time in 19 days

Pull request review commentSemmle/ql

TS: Handle monorepos by rewriting package.json

 private boolean verifyYarnInstallation() {     }   } -  protected void installDependencies(Set<Path> filesToExtract) {+  /**+   * Returns an existing file named <code>dir/stem.ext</code> where <code>ext</code> is any
   * Returns an existing file named <code>dir/stem.ext</code> where <code>.ext</code> is any
asgerf

comment created time in 19 days

Pull request review commentSemmle/ql

TS: Handle monorepos by rewriting package.json

 private void setupFilters() {     // include .eslintrc files and package.json files
    // include .eslintrc files, package.json files, and tsconfig.json files
asgerf

comment created time in 19 days

Pull request review commentSemmle/ql

TS: Handle monorepos by rewriting package.json

+import * as pathlib from "path";+import * as ts from "./typescript";++/**+ * Mapping from the source root to the virtual source root.

Perhaps say "real source root" here, since that's the terminology used below? Also, would it perhaps be worth briefly outlining what these two roots are and how they relate to each other? (Perhaps something like the comment on line 12 below.)

asgerf

comment created time in 19 days

Pull request review commentSemmle/ql

TS: Handle monorepos by rewriting package.json

+import * as pathlib from "path";+import * as ts from "./typescript";++/**+ * Mapping from the source root to the virtual source root.+ */+export class VirtualSourceRoot {+  constructor(+    private sourceRoot: string,++    /**+     * Directory whose folder structure mirrors the real source root, but with `node_modules` installed,+     * or undefined if no virtual source root exists.+     */+    private virtualSourceRoot: string,+  ) {}++  /**+   * Maps a path under the real source root to the corresonding path in the virtual source root.+   */+  public toVirtualPath(path: string) {+    if (!this.virtualSourceRoot) return null;+    let relative = pathlib.relative(this.sourceRoot, path);+    if (relative.startsWith('..') || pathlib.isAbsolute(relative)) return null;+    return pathlib.join(this.virtualSourceRoot, relative);+  }++  /**+   * Maps a path under the real source root to the corresonding path in the virtual source root.
   * Maps a path under the real source root to the corresponding path in the virtual source root.
asgerf

comment created time in 19 days

Pull request review commentSemmle/ql

TS: Handle monorepos by rewriting package.json

 function parseSingleFile(filename: string): {ast: ts.SourceFile, code: string} {     return {ast, code}; } +/**+ * Matches a path segment referencing a package in a node_modules folder, and extracts+ * two capture groups: the package name, and the relative path in the package.+ *+ * For example `lib/node_modules/@foo/bar/src/index.js` extracts the capture groups [`@foo/bar`, `src/index.js`].+ */+const nodeModulesRex = /[/\\]node_modules[/\\]((?:@[\w.-]+[/\\])?\w[\w.-]*)[/\\](.*)/;+ function handleOpenProjectCommand(command: OpenProjectCommand) {     Error.stackTraceLimit = Infinity;     let tsConfigFilename = String(command.tsConfig);     let tsConfig = ts.readConfigFile(tsConfigFilename, ts.sys.readFile);     let basePath = pathlib.dirname(tsConfigFilename); +    let packageEntryPoints = new Map(command.packageEntryPoints);+    let packageJsonFiles = new Map(command.packageJsonFiles);+    let virtualSourceRoot = new VirtualSourceRoot(process.cwd(), process.env["CODEQL_EXTRACTOR_JAVASCRIPT_SCRATCH_DIR"]);++    /**+     * Rewrites path segments of form `node_modules/PACK/suffix` to be relative to+     * the location of package PACK in the source tree, if it exists.+     */+    function redirectNodeModulesPath(path: string) {+        let nodeModulesMatch = nodeModulesRex.exec(path);+        if (nodeModulesMatch == null) return null;+        let packageName = nodeModulesMatch[1];+        let packageJsonFile = packageJsonFiles.get(packageName);+        if (packageJsonFile == null) return null;+        let packageDir = pathlib.dirname(packageJsonFile);+        let suffix = nodeModulesMatch[2];+        let finalPath = pathlib.join(packageDir, suffix);+        if (!ts.sys.fileExists(finalPath)) return null;+        return finalPath;+    }++    /**+     * Create the host passed to the tsconfig.json parser.+     *+     * We override its file system access in case there is an "extends"+     * clause pointing into "./node_modules", which must be redirected to+     * the location of an installed package or a checked-in package.+     */     let parseConfigHost: ts.ParseConfigHost = {         useCaseSensitiveFileNames: true,-        readDirectory: ts.sys.readDirectory,-        fileExists: (path: string) => fs.existsSync(path),-        readFile: ts.sys.readFile,+        readDirectory: ts.sys.readDirectory, // No need to override traversal/glob matching+        fileExists: (path: string) => {+            return ts.sys.fileExists(path)+                || virtualSourceRoot.toVirtualPathIfFileExists(path) != null+                || redirectNodeModulesPath(path) != null;+        },+        readFile: (path: string) => {+            if (!ts.sys.fileExists(path)) {+                let virtualPath = virtualSourceRoot.toVirtualPathIfFileExists(path);+                if (virtualPath != null) return ts.sys.readFile(virtualPath);+                virtualPath = redirectNodeModulesPath(path);+                if (virtualPath != null) return ts.sys.readFile(virtualPath);+            }+            return ts.sys.readFile(path);+        }     };     let config = ts.parseJsonConfigFileContent(tsConfig.config, parseConfigHost, basePath);-    let project = new Project(tsConfigFilename, config, state.typeTable);+    let project = new Project(tsConfigFilename, config, state.typeTable, packageEntryPoints, virtualSourceRoot);     project.load();      state.project = project;     let program = project.program;     let typeChecker = program.getTypeChecker(); +    let diagnostics = program.getSemanticDiagnostics()+        .filter(d => d.category === ts.DiagnosticCategory.Error);+    console.warn('TypeScript: reported ' + diagnostics.length + ' semantic errors.');+    for (let diagnostic of diagnostics) {+        let text = diagnostic.messageText;+        if (typeof text !== 'string') {

Would it be worth adding a text && check? I'm sure it won't happen in practice, but since all we do with text is to log it the console it doesn't seem worth crashing the extractor if it should happen somehow.

asgerf

comment created time in 19 days

push eventgithub/codeql-go

Max Schaefer

commit sha ebea811a8319c4fd963d80f48fa80772b67f8fbd

Add example queries.

view details

Max Schaefer

commit sha c30b1d98ea6272b9bbba9b709d9598cbe094b17c

Address review comments.

view details

Sauyon Lee

commit sha 6e4880bc534a8a81819face7687a414f35534823

Merge pull request #220 from max/example-queries Add example queries

view details

push time in 24 days

push eventgithub/codeql-go

Sauyon Lee

commit sha 1eb9466de24fbed8d1783d83d9aac9fddd97c0de

Use codeql for testing and add binary cross compilation support Also add support for building the extractor inside this repository so that users can build and use the extractor, and an up-to-date version can be used for testing.

view details

Sauyon Lee

commit sha 52fe0afa483f26d087985ea396831f4ab23c23c6

Makefile: Delete entire test db in clean

view details

Sauyon Lee

commit sha 32fa033a55898f2df129b5ee62a6f43484dfa5f6

Makefile: Add exe suffix back to tools/bin targets

view details

Max Schaefer

commit sha 5eb95c7895f081d9cc6c16998c7427ccb464d543

Add support for taint-getter/setter summaries in data flow.

view details

Max Schaefer

commit sha fe56c207a3f6f4c50d03c6be15b265f7bda73893

Make ImpossibleInterfaceNilCheck more robust. It no longer flags alerts that may be simply caused by missing type information.

view details

Sauyon Lee

commit sha 3a53269a52e32d0fe49a70b65302071ffdead5c2

Merge pull request #223 from max/update-dataflow Add support for taint-getter/setter summaries in data flow.

view details

Sauyon Lee

commit sha 2bd88d5b61eecc950c36410257b9c2092c1ab2ee

Merge pull request #225 from max/impossible-interface-nil-check-robustness Make ImpossibleInterfaceNilCheck more robust.

view details

Max Schaefer

commit sha 9507a22f48b45a7efabb5532ffdb003e39fbe476

Merge pull request #213 from sauyon/codeql-test Use codeql for testing and add binary cross compilation support

view details

push time in 24 days

issue closedSemmle/ql

General issue - Have a question about DataFlow

Hi there, thanks for this great work.

I have a question regarding DataFlow for these three cases below:

This is the CodeQL query to find a Path:

/** @kind path-problem */

import javascript
import DataFlow
import DataFlow::PathGraph

class ExampleTaint extends TaintTracking::Configuration {
  ExampleTaint() { this = "Example" }

  override predicate isSource(Node node) {
    exists(DeclStmt ds, VariableDeclarator d |
      d = ds.getADecl() and
      d.getBindingPattern().getAVariable().getName() = "source" and
      node = exprNode(d.getInit())
    )
  }

  override predicate isSink(Node node) {
    exists(FunctionNode f |
      f.getName() = "sink" and
      node = f.getParameter(0)
    )
  }
}

from ExampleTaint cfg, PathNode source, PathNode sink
where cfg.hasFlowPath(source, sink)
select sink, source, sink, "Source is at $@.", source, "here"

To the first example, a Path is found:

// index.js
const sink = require('./lib.js');
const source = 'source'; // Step. 1

sink(source);  // Step. 2
// lib.js
module.exports = function sink(val) { // Step. 3
  console.log(val);
};

To the second example, no Path is found:

// index.js
const fn = require('./lib.js');
const sink = fn();
const source = 'source';

sink(source); 
// lib.js
module.exports = function fn() { // a function returning another function
  function sink(val) {
    console.log(val);
  }

  return sink;
};

I'm not sure if CodeQL could find a Path if intermediate routes containing a function returning another function. Or, should I miss something?

Thank you! 😊

closed time in 25 days

qazbnm456

issue closedSemmle/ql

General issue: File miscopied

Description of the issue

<!-- Please explain briefly what is the problem. If it is about an LGTM project, please include its URL.-->

We got some alerts in a PR: https://lgtm.com/projects/g/SVG-Edit/svgedit/rev/pr-c469b4193046b98831816d978aff220d2dfff101 and going to the specific file at https://lgtm.com/projects/g/SVG-Edit/svgedit/snapshot/91d20867e2d731f2667684ca9e70a0f9657eee97/files/cypress/support/ui-test-helper.js?sort=name&dir=ASC&mode=heatmap shows some extra code at the end. However, if you visit the file itself, even from the link at lgtm, i.e., to https://github.com/SVG-Edit/svgedit/tree/ba8e94fb3649193b7ed2ac1930e22a228777ec8d/cypress/support/ui-test-helper.js , it doesn't show those extra lines of code that LGTM's retrieval script has apparently mistakenly added.

closed time in 25 days

brettz9

issue closedgithub/codeql-go

Not tracking taints inside a struct

Code:

package main


import (
	"database/sql"
	"net/http"
	"fmt"
)


type RequestStruct struct {
	Id         int64  `db:"id"`
	Category   []string  `db:"category"`
}


func handler(db *sql.DB, req *http.Request) {

	RequestData := &RequestStruct{
		Id: 	  1,
		Category: req.URL.Query()["category"],
	}

	q := fmt.Sprintf("SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='%s' ORDER BY PRICE",
		RequestData.Category)
	db.Query(q)

	q2 := fmt.Sprintf("SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='%s' ORDER BY PRICE",
		req.URL.Query()["category"])
	db.Query(q2)
}

Expected result:

This query depends on  a user-provided value . 	test.go:26:11
This query depends on  a user-provided value . 	test.go:30:11

Actual result:

This query depends on  a user-provided value . 	test.go:30:11

closed time in 25 days

RicterZ

issue commentgithub/codeql-go

Not tracking taints inside a struct

Many thanks for your report and especially the test case, which was immensely helpful! This should be fixed by https://github.com/github/codeql-go/commit/a2879dc754a0c7e3abb945644519ccdefabd5258 and the surrounding commits.

RicterZ

comment created time in 25 days

push eventgithub/codeql-go

Max Schaefer

commit sha 1d33a619d96624a0de238616977967045ea376d3

Add failing test case.

view details

Max Schaefer

commit sha 8fc414b93f74e1a9286f96b94b272d50e45c3af9

Autoformat.

view details

Max Schaefer

commit sha ef964632bea7f72b68ebdcda603de69edf50cbd9

Remove `CallExpr.getQualifier()` and its single, pointless, use.

view details

Max Schaefer

commit sha 39b28a4969f6a936f860fc8ef79b7e21bac0f004

Make `CallNode.getReceiver()` less syntactic.

view details

Max Schaefer

commit sha efc5f10f0789fdb6994782cffccfeebf2cb12e0d

Streamline definition of `UserControlledRequestField`.

view details

Max Schaefer

commit sha ba9d2fb2eb25f558b75b0a628c96e9025639dd60

Add IR instructions to model implicit pointer dereferences.

view details

Max Schaefer

commit sha a2879dc754a0c7e3abb945644519ccdefabd5258

Model implicit dereferences in data flow.

view details

Max Schaefer

commit sha 9f897132f2cbdf62e3089474609ea0ca82348290

Update HTTP library.

view details

Max Schaefer

commit sha 64049d8f3d0e15c1c4d813b1bbe2689f2864f878

Make taint tracking less syntactic.

view details

Max Schaefer

commit sha 44b9bcf7a121530bef6a72bd01c045bce59f7c07

Autoformat.

view details

Max Schaefer

commit sha a4f5ad7412dd137e1480de7a8654ed6aa8b16850

Refactor implementation of `SliceNode`.

view details

Max Schaefer

commit sha f42a2b060cd0eff5fd0b26147eb67ea1faf07aa3

Take implicit dereferences in index and slice expressions into account as well.

view details

Max Schaefer

commit sha 6671b61fd36e10265983683797a957bfcbd6277d

Model panic from out-of-bounds index expression.

view details

Max Schaefer

commit sha baeae0f69c02fb849890a82da080bb7e5acd0d93

Add a few variants to test.

view details

Max Schaefer

commit sha d78ba06a8dbad1e7f37595ce50d52d485b56d0c3

Add change note.

view details

Max Schaefer

commit sha 5895c6ac69a13a553e9219edb8c20fac3d4c17bb

Fix typo. Co-Authored-By: Sauyon Lee <sauyon@github.com>

view details

Max Schaefer

commit sha 47104a3db8913f3cc38ebcf1382c8477f7e45657

Add explanatory comment.

view details

Sauyon Lee

commit sha a6a8375ae5c2116ca7b1de1a11c5e109470a1a37

Merge pull request #224 from max/make-implicit-deref-explicit Make implicit dereferences explicit

view details

push time in 25 days

create barnchgithub/codeql-go

branch : codeql-test

created branch time in a month

delete branch github/codeql-go

delete branch : sort-change-notes

delete time in a month

delete branch github/codeql-go

delete branch : cleanup

delete time in a month

PR merged github/codeql-go

Reviewers
Minor fixes

Five unrelated fixes, one per commit:

  • Remove DeclaredEntity.getDecl(), which is an unfortunate almost-clash with Entity.getDeclaration() but means something different.
  • Entities now have locations, so you can click on them in the IDE if they have a declaration. If they don't, the location is a dummy location that isn't clickable. (This commit unfortunately leads to many unwieldy .expected diffs.)
  • Location.toString() now agrees with the format qltest produces.
  • Field is now a subtype of Variable in QL, which it already was in the dbscheme.
  • There is now a utility predicate Field.hasQualifiedName analogous to Method.hasQualifiedName.

Dist-compare didn't show any differences in performance or results.

+295 -279

0 comment

19 changed files

max-schaefer

pr closed time in a month

push eventgithub/codeql-go

Max Schaefer

commit sha ad432965db99b1a2c3f2442f57c867cab7f2a484

Remove `DeclaredEntity.getDecl()`. It's not particularly useful except for functions, and the name is easy to confuse with `Entity.getDeclaration()`. Instead we now have `getFuncDecl()` just for functions, and a bit more API on `Function` to avoid its use where possible.

view details

Max Schaefer

commit sha 2558e67c2b5d798409999f49d83e8215398a9725

Give entities a location.

view details

Max Schaefer

commit sha 4ee8f08bf546810b584727fab876284afc16c05f

Adjust `Location.toString()` to match what other parts of the toolchain print.

view details

Max Schaefer

commit sha e5e6f730817d52552bf08551fde367a63aa58c3d

Make Field extend Variable.

view details

Max Schaefer

commit sha d8b97afcab20430e4a7fa4f68531babcea0fa613

Implement Field.hasQualifiedName.

view details

Sauyon Lee

commit sha fe23f8846876aece700d00b48d43d8938f524f56

Merge pull request #221 from max/cleanup Minor fixes

view details

push time in a month

pull request commentgithub/vscode-codeql-starter

Update CodeQL submodule

This was done as part of an LGTM.com distribution upgrade.

igfoo

comment created time in a month

PullRequestEvent

PR closed github/codeql-go

Reviewers
Minor fixes

Five unrelated fixes, one per commit:

  • Remove DeclaredEntity.getDecl(), which is an unfortunate almost-clash with Entity.getDeclaration() but means something different.
  • Entities now have locations, so you can click on them in the IDE if they have a declaration. If they don't, the location is a dummy location that isn't clickable. (This commit unfortunately leads to many unwieldy .expected diffs.)
  • Location.toString() now agrees with the format qltest produces.
  • Field is now a subtype of Variable in QL, which it already was in the dbscheme.
  • There is now a utility predicate Field.hasQualifiedName analogous to Method.hasQualifiedName.

Dist-compare didn't show any differences in performance or results.

+295 -279

0 comment

19 changed files

max-schaefer

pr closed time in a month

PR opened github/codeql-go

Reviewers
Minor fixes

Five unrelated fixes, one per commit:

  • Remove DeclaredEntity.getDecl(), which is an unfortunate almost-clash with Entity.getDeclaration() but means something different.
  • Entities now have locations, so you can click on them in the IDE if they have a declaration. If they don't, the location is a dummy location that isn't clickable. (This commit unfortunately leads to many unwieldy .expected diffs.)
  • Location.toString() now agrees with the format qltest produces.
  • Field is now a subtype of Variable in QL, which it already was in the dbscheme.
  • There is now a utility predicate Field.hasQualifiedName analogous to Method.hasQualifiedName.

Dist-compare didn't show any differences in performance or results.

+295 -279

0 comment

19 changed files

pr created time in a month

create barnchgithub/codeql-go

branch : cleanup

created branch time in a month

push eventgithub/codeql-go

Max Schaefer

commit sha e7514bf133c487a8d10641657a15151bd5676736

Add new test cases for CFG construction.

view details

Max Schaefer

commit sha 1cafec56adcf250d8f0874c0833ad8679c4dd4c5

Add condition guard nodes for some switch statements. We now create condition guard nodes for `cond1` and `cond2` in ``` switch { case cond1: s1 case cond2: s2 default: s3 } ``` to record the fact that `cond1` is known to be true at `s1` and false at `cond2`, and that `cond2` is known to be true at `s2` and false at `default`.

view details

Max Schaefer

commit sha 98c7c4a255b1f80eb791a16550b9a7950e5b5f68

Autoformat.

view details

Max Schaefer

commit sha e86201829e44ec9abd741107a2466df2f0b831b2

Add an explanatory comment.

view details

Max Schaefer

commit sha 24f9fce7a1d43dc6eb7c4faf826601ef76b1eeb8

Rename `MkCaseNode` as suggested.

view details

Sauyon Lee

commit sha 471d8430250cc33d9127967ba7669d425a8390d2

Merge pull request #222 from max/switch-guard-nodes Switch guard nodes

view details

push time in a month

PR opened github/codeql-go

Sort lines in change notes.
+2 -2

0 comment

1 changed file

pr created time in a month

create barnchgithub/codeql-go

branch : sort-change-notes

created branch time in a month

more