Merge pull request #17585 from hvitved/shared/cfg-scope-no-first-consistency

Shared: Add CFG consistency check for scopes with missing entry points

csharp/ql/lib/semmle/code/csharp/controlflow/internal/ControlFlowGraphImpl.qll

@@ -15,11 +15,19 @@ class CfgScope extends Element, @top_level_exprorstmt_parent {
   CfgScope() {
     this.getFile().fromSource() and
     (
-      this instanceof Callable
+      this =
+        any(Callable c |
+          c.(Constructor).hasInitializer()
+          or
+          InitializerSplitting::constructorInitializes(c, _)
+          or
+          c.hasBody()
+        )
       or
       // For now, static initializer values have their own scope. Eventually, they
       // should be treated like instance initializers.
-      this.(Assignable).(Modifiable).isStatic()
+      this.(Assignable).(Modifiable).isStatic() and
+      expr_parent_top_level_adjusted2(_, _, this)
     )
   }
 }

ql/.gitignore

@@ -3,5 +3,4 @@ target
 .cache
 ql/test/**/*.testproj
 ql/test/**/*.actual
-ql/test/**/CONSISTENCY
 work

ruby/.gitignore

@@ -3,5 +3,4 @@ extractor/target
 .cache
 ql/test/**/*.testproj
 ql/test/**/*.actual
-ql/test/**/CONSISTENCY
 .codeql

ruby/ql/consistency-queries/CfgConsistency.ql

@@ -1,4 +1,5 @@
-import codeql.ruby.controlflow.internal.ControlFlowGraphImpl::Consistency
+import codeql.ruby.controlflow.internal.ControlFlowGraphImpl::Consistency as Consistency
+import Consistency
 import codeql.ruby.AST
 import codeql.ruby.CFG
 import codeql.ruby.controlflow.internal.Completion
@@ -19,3 +20,14 @@ query predicate nonPostOrderExpr(Expr e, string cls) {
     c instanceof NormalCompletion
   )
 }
+
+query predicate scopeNoFirst(CfgScope scope) {
+  Consistency::scopeNoFirst(scope) and
+  not scope = any(StmtSequence seq | not exists(seq.getAStmt())) and
+  not scope =
+    any(Callable c |
+      not exists(c.getAParameter()) and
+      not c.(BodyStmt).hasEnsure() and
+      not exists(c.(BodyStmt).getARescue())
+    )
+}

rust/ql/consistency-queries/CfgConsistency.ql

@@ -1,5 +1,7 @@
 import rust
-import codeql.rust.controlflow.internal.ControlFlowGraphImpl::Consistency
+import codeql.rust.controlflow.internal.ControlFlowGraphImpl::Consistency as Consistency
+import Consistency
+import codeql.rust.controlflow.ControlFlowGraph
 import codeql.rust.controlflow.internal.ControlFlowGraphImpl as CfgImpl
 import codeql.rust.controlflow.internal.Completion
 
@@ -17,3 +19,9 @@ query predicate nonPostOrderExpr(Expr e, string cls) {
     c instanceof NormalCompletion
   )
 }
+
+query predicate scopeNoFirst(CfgScope scope) {
+  Consistency::scopeNoFirst(scope) and
+  not scope = any(Function f | not exists(f.getBody())) and
+  not scope = any(ClosureExpr c | not exists(c.getBody()))
+}

rust/ql/test/library-tests/controlflow/Cfg.ql

@@ -1,7 +1,3 @@
-/**
- * @id rust/controlflow/cfg
- */
-
 import rust
 import codeql.rust.controlflow.ControlFlowGraph
 import TestUtils

shared/controlflow/codeql/controlflow/Cfg.qll

@@ -1387,9 +1387,13 @@ module Make<LocationSig Location, InputSig<Location> Input> {
       strictcount(sk.getListOrder()) > 1
     }
 
+    /** Holds if `n` has multiple textual representations. */
     query predicate multipleToString(Node n, string s) {
       s = strictconcat(n.toString(), ",") and
       strictcount(n.toString()) > 1
     }
+
+    /** Holds if CFG scope `scope` lacks an initial AST node. */
+    query predicate scopeNoFirst(CfgScope scope) { not scopeFirst(scope, _) }
   }
 }