github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Merge pull request #11416 from github/edoardo/mergeback-3.8 

Merge `rc/3.8` into `main`
This commit is contained in:
Edoardo Pirovano 2022-11-24 15:05:28 +00:00 коммит произвёл GitHub
Родитель 03737543d4 8eeba92a47
Коммит 9071acea01
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
15 изменённых файлов: 120 добавлений и 58 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

4
docs/codeql/codeql-cli/creating-codeql-databases.rst
Просмотреть файл

@ -168,7 +168,9 @@ generate a database, therefore the build method must be available to the CLI.
Detecting the build system
~~~~~~~~~~~~~~~~~~~~~~~~~~
The CodeQL CLI includes autobuilders for C/C++, C#, Go, and Java code. CodeQL
.. include:: ../reusables/kotlin-beta-note.rst
The CodeQL CLI includes autobuilders for C/C++, C#, Go, Java and Kotlin code. CodeQL
autobuilders allow you to build projects for compiled languages without
specifying any build commands. When an autobuilder is invoked, CodeQL examines
the source for evidence of a build system and attempts to run the optimal set of

2
docs/codeql/codeql-for-visual-studio-code/working-with-codeql-packs-in-visual-studio-code.rst
Просмотреть файл

@ -30,7 +30,7 @@ You can then use the CodeQL CLI to publish your pack to share with others. For m
Viewing CodeQL packs and their dependencies in Visual Studio Code
-----------------------------------------------------------------
To download a CodeQL pack that someone else has created, run the **CodeQL: Download Packs** command from the Command Palette.
You can download all the core CodeQL query packs, or enter the full name of a specific pack to download. For example, to download the core queries for analyzing Java, enter ``codeql/java-queries``.
You can download all the core CodeQL query packs, or enter the full name of a specific pack to download. For example, to download the core queries for analyzing Java or Kotlin, enter ``codeql/java-queries``.
Whether you have downloaded a CodeQL pack or created your own, you can open the ``qlpack.yml`` file in the root of a CodeQL pack directory in Visual Studio Code and view the dependencies section to see what libraries the pack depends on.

4
docs/codeql/codeql-language-guides/abstract-syntax-tree-classes-for-working-with-java-programs.rst
Просмотреть файл

@ -7,6 +7,10 @@ CodeQL has a large selection of classes for representing the abstract syntax tre
.. include:: ../reusables/abstract-syntax-tree.rst
.. include:: ../reusables/kotlin-beta-note.rst
.. include:: ../reusables/kotlin-java-differences.rst
Statement classes
-----------------

4
docs/codeql/codeql-language-guides/analyzing-data-flow-in-java.rst
Просмотреть файл

@ -5,6 +5,10 @@ Analyzing data flow in Java
You can use CodeQL to track the flow of data through a Java program to its use.
.. include:: ../reusables/kotlin-beta-note.rst
.. include:: ../reusables/kotlin-java-differences.rst
About this article
------------------

110
docs/codeql/codeql-language-guides/basic-query-for-java-code.rst
Просмотреть файл

@ -1,18 +1,33 @@
.. _basic-query-for-java-code:
Basic query for Java code
=========================
Basic query for Java and Kotlin code
====================================
Learn to write and run a simple CodeQL query using LGTM.
About the query
---------------
The query we're going to run performs a basic search of the code for ``if`` statements that are redundant, in the sense that they have an empty then branch. For example, code such as:
The query we're going to run searches for inefficient tests for empty strings. For example, Java code such as:
.. code-block:: java
if (error) { }
public class TestJava {
void myJavaFun(String s) {
boolean b = s.equals("");
}
}
or Kotlin code such as:
.. code-block:: kotlin
void myKotlinFun(s: String) {
var b = s.equals("")
}
In either case, replacing ``s.equals("")`` with ``s.isEmpty()``
would be more efficient.
Running the query
-----------------
@ -37,10 +52,13 @@ Running the query
import java
from IfStmt ifstmt, Block block
where ifstmt.getThen() = block and
block.getNumStmt() = 0
select ifstmt, "This 'if' statement is redundant."
from MethodAccess ma
where
ma.getMethod().hasName("equals") and
ma.getArgument(0).(StringLiteral).getValue() = ""
select ma, "This comparison to empty string is inefficient, use isEmpty() instead."
Note that CodeQL treats Java and Kotlin as part of the same language, so even though this query starts with ``import java``, it will work for both Java and Kotlin code.
LGTM checks whether your query compiles and, if all is well, the **Run** button changes to green to indicate that you can go ahead and run the query.
@ -57,9 +75,9 @@ Running the query
Your query is always run against the most recently analyzed commit to the selected project.
The query will take a few moments to return results. When the query completes, the results are displayed below the project name. The query results are listed in two columns, corresponding to the two expressions in the ``select`` clause of the query. The first column corresponds to the expression ``ifstmt`` and is linked to the location in the source code of the project where ``ifstmt`` occurs. The second column is the alert message.
The query will take a few moments to return results. When the query completes, the results are displayed below the project name. The query results are listed in two columns, corresponding to the two expressions in the ``select`` clause of the query. The first column corresponds to the expression ``ma`` and is linked to the location in the source code of the project where ``ma`` occurs. The second column is the alert message.
`Example query results <https://lgtm.com/query/3235645104630320782/>`__
`Example query results <https://lgtm.com/query/6863787472564633674/>`__
.. pull-quote::
@ -67,34 +85,33 @@ Running the query
An ellipsis (…) at the bottom of the table indicates that the entire list is not displayed—click it to show more results.
#. If any matching code is found, click a link in the ``ifstmt`` column to view the ``if`` statement in the code viewer.
#. If any matching code is found, click a link in the ``ma`` column to view the ``.equals`` expression in the code viewer.
The matching ``if`` statement is highlighted with a yellow background in the code viewer. If any code in the file also matches a query from the standard query library for that language, you will see a red alert message at the appropriate point within the code.
The matching ``.equals`` expression is highlighted with a yellow background in the code viewer. If any code in the file also matches a query from the standard query library for that language, you will see a red alert message at the appropriate point within the code.
About the query structure
~~~~~~~~~~~~~~~~~~~~~~~~~
After the initial ``import`` statement, this simple query comprises three parts that serve similar purposes to the FROM, WHERE, and SELECT parts of an SQL query.
+---------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------+
| Query part | Purpose | Details |
+===============================================================+===================================================================================================================+========================================================================================================================+
| ``import java`` | Imports the standard CodeQL libraries for Java. | Every query begins with one or more ``import`` statements. |
+---------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------+
| ``from IfStmt ifstmt, Block block`` | Defines the variables for the query. | We use: |
| | Declarations are of the form: | |
| | ``<type> <variable name>`` | - an ``IfStmt`` variable for ``if`` statements |
| | | - a ``Block`` variable for the then block |
+---------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------+
| ``where ifstmt.getThen() = block and block.getNumStmt() = 0`` | Defines a condition on the variables. | ``ifstmt.getThen() = block`` relates the two variables. The block must be the ``then`` branch of the ``if`` statement. |
| | | |
| | | ``block.getNumStmt() = 0`` states that the block must be empty (that is, it contains no statements). |
+---------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------+
| ``select ifstmt, "This 'if' statement is redundant."`` | Defines what to report for each match. | Reports the resulting ``if`` statement with a string that explains the problem. |
| | | |
| | ``select`` statements for queries that are used to find instances of poor coding practice are always in the form: | |
| | ``select <program element>, "<alert message>"`` | |
+---------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------+
+--------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------+
| Query part | Purpose | Details |
+==================================================================================================+===================================================================================================================+===================================================================================================+
| ``import java`` | Imports the standard CodeQL libraries for Java and Kotlin. | Every query begins with one or more ``import`` statements. |
+--------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------+
| ``from MethodAccess ma`` | Defines the variables for the query. | We use: |
| | Declarations are of the form: | |
| | ``<type> <variable name>`` | - a ``MethodAccess`` variable for call expressions |
+--------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------+
| ``where ma.getMethod().hasName("equals") and ma.getArgument(0).(StringLiteral).getValue() = ""`` | Defines a condition on the variables. | ``ma.getMethod().hasName("equals")`` restricts ``ma`` to only calls to methods call ``equals``. |
| | | |
| | | ``ma.getArgument(0).(StringLiteral).getValue() = ""`` says the argument must be literal ``""``. |
+--------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------+
| ``select ma, "This comparison to empty string is inefficient, use isEmpty() instead."`` | Defines what to report for each match. | Reports the resulting ``.equals`` expression with a string that explains the problem. |
| | | |
| | ``select`` statements for queries that are used to find instances of poor coding practice are always in the form: | |
| | ``select <program element>, "<alert message>"`` | |
+--------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------+
Extend the query
----------------
@ -104,41 +121,38 @@ Query writing is an inherently iterative process. You write a simple query and t
Remove false positive results
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Browsing the results of our basic query shows that it could be improved. Among the results you are likely to find examples of ``if`` statements with an ``else`` branch, where an empty ``then`` branch does serve a purpose. For example:
Browsing the results of our basic query shows that it could be improved. For example, you may find results for code like:
.. code-block:: java
if (...) {
...
} else if ("-verbose".equals(option)) {
// nothing to do - handled earlier
} else {
error("unrecognized option");
}
public class TestJava {
void myJavaFun(Object o) {
boolean b = o.equals("");
}
}
In this case, identifying the ``if`` statement with the empty ``then`` branch as redundant is a false positive. One solution to this is to modify the query to ignore empty ``then`` branches if the ``if`` statement has an ``else`` branch.
To exclude ``if`` statements that have an ``else`` branch:
In this case, it is not possible to simply use ``o.isEmpty()`` instead, as ``o`` has type ``Object`` rather than ``String``. One solution to this is to modify the query to only return results where the expression being tested has type ``String``:
#. Extend the where clause to include the following extra condition:
.. code-block:: ql
and not exists(ifstmt.getElse())
ma.getQualifier().getType() instanceof TypeString
The ``where`` clause is now:
.. code-block:: ql
where ifstmt.getThen() = block and
block.getNumStmt() = 0 and
not exists(ifstmt.getElse())
where
ma.getQualifier().getType() instanceof TypeString and
ma.getMethod().hasName("equals") and
ma.getArgument(0).(StringLiteral).getValue() = ""
#. Click **Run**.
There are now fewer results because ``if`` statements with an ``else`` branch are no longer included.
There are now fewer results because ``.equals`` expressions with different types are no longer included.
`See this in the query console <https://lgtm.com/query/6382189874776576029/>`__
`See this in the query console <https://lgtm.com/query/3716567543394265485/>`__
Further reading
---------------

13
docs/codeql/codeql-language-guides/codeql-for-java.rst
Просмотреть файл

@ -1,9 +1,16 @@
.. _codeql-for-java:
CodeQL for Java
===============
CodeQL for Java and Kotlin
==========================
Experiment and learn how to write effective and efficient queries for CodeQL databases generated from Java codebases.
Experiment and learn how to write effective and efficient queries for CodeQL databases generated from Java and Kotlin codebases.
.. include:: ../reusables/kotlin-beta-note.rst
.. pull-quote:: Enabling Kotlin support
CodeQL treats Java and Kotlin as parts of the same language, so to enable Kotlin support you should enable ``java`` as a language.
.. toctree::
:hidden:

2
docs/codeql/codeql-overview/system-requirements.rst
Просмотреть файл

@ -11,6 +11,8 @@ Supported platforms
#######################
.. include:: ../support/reusables/platforms.rst
.. include:: ../reusables/kotlin-beta-note.rst
Additional software requirements
################################

2
docs/codeql/query-help/codeql-cwe-coverage.rst
Просмотреть файл

@ -3,6 +3,8 @@ CodeQL CWE coverage
You can view the full coverage of MITRE's Common Weakness Enumeration (CWE) or coverage by language for the latest release of CodeQL.
.. include:: ../reusables/kotlin-beta-note.rst
About CWEs
##########

4
docs/codeql/query-help/index.rst
Просмотреть файл

@ -6,11 +6,13 @@ View the query help for the queries included in the ``code-scanning``, ``securit
- :doc:`CodeQL query help for C and C++ <cpp>`
- :doc:`CodeQL query help for C# <csharp>`
- :doc:`CodeQL query help for Go <go>`
- :doc:`CodeQL query help for Java <java>`
- :doc:`CodeQL query help for Java and Kotlin <java>`
- :doc:`CodeQL query help for JavaScript <javascript>`
- :doc:`CodeQL query help for Python <python>`
- :doc:`CodeQL query help for Ruby <ruby>`
.. include:: ../reusables/kotlin-beta-note.rst
.. pull-quote:: Information
Each query help article includes:

2
docs/codeql/reusables/extractors.rst
Просмотреть файл

@ -10,7 +10,7 @@
- ``csharp``
* - Go
- ``go``
* - Java
* - Java/Kotlin
- ``java``
* - JavaScript/TypeScript
- ``javascript``

4
docs/codeql/reusables/kotlin-beta-note.rst Normal file
Просмотреть файл

@ -0,0 +1,4 @@
.. pull-quote:: Note
CodeQL analysis for Kotlin is currently in beta. During the beta, analysis of Kotlin code,
and the accompanying documentation, will not be as comprehensive as for other languages.

20
docs/codeql/reusables/kotlin-java-differences.rst Normal file
Просмотреть файл

@ -0,0 +1,20 @@
Writing CodeQL queries for Kotlin versus Java analysis
------------------------------------------------------
Generally you use the same classes to write queries for Kotlin and for Java. You use the same libraries such as DataFlow, TaintTracking, or SSA, and the same classes such as ``MethodAccess`` or ``Class`` for both languages. When you want to access Kotlin-specific elements (such as a ``WhenExpr``) youll need to use Kotlin-specific CodeQL classes.
There are however some important cases where writing queries for Kotlin can produce surprising results compared to writing queries for Java, as CodeQL works with the JVM bytecode representation of the Kotlin source code.
Be careful when you model code elements that dont exist in Java, such as ``NotNullExpr (expr!!)``, because they could interact in unexpected ways with common predicates. For example, ``MethodAccess.getQualifier()`` returns a ``NotNullExpr`` instead of a ``VarAccess`` in the following Kotlin code:
.. code-block:: kotlin
someVar!!.someMethodCall()
In that specific case, you can use the predicate ``Expr.getUnderlyingExpr()``. This goes directly to the underlying ``VarAccess`` to produce a more similar behavior to that in Java.
Nullable elements (``?``) can also produce unexpected behavior. To avoid a ``NullPointerException``, Kotlin may inline calls like ``expr.toString()`` to ``String.valueOf(expr)`` when ``expr`` is nullable. Make sure that you write CodeQL around the extracted code, which may not exactly match the code as written in the codebase.
Another example is that if-else expressions in Kotlin are translated into ``WhenExprs`` in CodeQL, instead of the more typical ``IfStmt`` seen in Java.
In general, you can debug these issues with the AST (you can use the ``CodeQL: View AST`` command from Visual Studio Codes CodeQL extension, or run the ``PrintAst.ql`` query) and see exactly what CodeQL is extracting from your code.

4
docs/codeql/support/reusables/frameworks.rst
Просмотреть файл

@ -93,9 +93,11 @@ and the CodeQL library pack ``codeql/go-all`` (`changelog <https://github.com/gi
`yaml <https://gopkg.in/yaml.v3>`_, Serialization
`zap <https://go.uber.org/zap>`_, Logging library
Java built-in support
Java and Kotlin built-in support
==================================
.. include:: ../reusables/kotlin-beta-note.rst
Provided by the current versions of the
CodeQL query pack ``codeql/java-queries`` (`changelog <https://github.com/github/codeql/tree/codeql-cli/latest/java/ql/src/CHANGELOG.md>`__, `source <https://github.com/github/codeql/tree/codeql-cli/latest/java/ql/src>`__)
and the CodeQL library pack ``codeql/java-all`` (`changelog <https://github.com/github/codeql/tree/codeql-cli/latest/java/ql/lib/CHANGELOG.md>`__, `source <https://github.com/github/codeql/tree/codeql-cli/latest/java/ql/lib>`__).

1
swift/extractor/SwiftExtractor.cpp
Просмотреть файл

@ -46,7 +46,6 @@ static void archiveFile(const SwiftExtractorConfiguration& config, swift::Source
if (ec) {
std::cerr << "Cannot archive source file " << srcFilePath << " -> " << dstFilePath << ": "
<< ec.message() << "\n";
std::abort();
}
}

2
swift/extractor/remapping/SwiftOpenInterception.macOS.cpp
Просмотреть файл

@ -61,7 +61,7 @@ void finalizeRemapping(
}
auto hash = originalHashFile(original);
auto hashed = scratchDir / hash;
if (!hash.empty() && fs::exists(hashed)) {
if (!hash.empty() && fs::exists(patched)) {
std::error_code ec;
fs::create_symlink(/* target */ patched, /* symlink */ hashed, ec);
if (ec) {