Merge pull request #10496 from aeisenberg/aeisenberg/merge-rc3.7-into-main

Aeisenberg/merge rc3.7 into main

cpp/ql/lib/CHANGELOG.md

@@ -1,3 +1,5 @@
+## 0.3.5
+
 ## 0.3.4
 
 ### Deprecated APIs

cpp/ql/lib/change-notes/released/0.3.5.md

@@ -0,0 +1 @@
+## 0.3.5

cpp/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.3.4
+lastReleaseVersion: 0.3.5

cpp/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 0.3.5-dev
+version: 0.3.6-dev
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp

cpp/ql/src/CHANGELOG.md

@@ -1,3 +1,5 @@
+## 0.3.4
+
 ## 0.3.3
 
 ### Minor Analysis Improvements

cpp/ql/src/Likely Bugs/Memory Management/UsingExpiredStackAddress.ql

@@ -163,19 +163,46 @@ TGlobalAddress globalAddress(Instruction instr) {
   result = globalAddress(instr.(PointerOffsetInstruction).getLeft())
 }
 
-/** Gets a `StoreInstruction` that may be executed after executing `store`. */
-pragma[inline]
-StoreInstruction getAStoreStrictlyAfter(StoreInstruction store) {
-  exists(IRBlock block, int index1, int index2 |
-    block.getInstruction(index1) = store and
-    block.getInstruction(index2) = result and
-    index2 > index1
+/**
+ * Gets a first `StoreInstruction` that writes to address `globalAddress` reachable
+ * from `block`.
+ */
+StoreInstruction getFirstStore(IRBlock block, TGlobalAddress globalAddress) {
+  1 = getStoreRank(result, block, globalAddress)
+  or
+  not exists(getStoreRank(_, block, globalAddress)) and
+  result = getFirstStore(block.getASuccessor(), globalAddress)
+}
+
+/**
+ * Gets the rank of `store` in block `block` (i.e., a rank of `1` means that it is the
+ * first `store` to write to `globalAddress`, a rank of `2` means it's the second, etc.)
+ */
+int getStoreRank(StoreInstruction store, IRBlock block, TGlobalAddress globalAddress) {
+  blockStoresToAddress(block, _, store, globalAddress) and
+  store =
+    rank[result](StoreInstruction anotherStore, int i |
+      blockStoresToAddress(_, i, anotherStore, globalAddress)
+    |
+      anotherStore order by i
+    )
+}
+
+/**
+ * Gets a next subsequent `StoreInstruction` to write to `globalAddress`
+ * after `store` has done so.
+ */
+StoreInstruction getANextStoreTo(StoreInstruction store, TGlobalAddress globalAddress) {
+  exists(IRBlock block, int rnk |
+    rnk = getStoreRank(store, block, globalAddress) and
+    rnk + 1 = getStoreRank(result, block, globalAddress)
   )
   or
-  exists(IRBlock block1, IRBlock block2 |
-    store.getBlock() = block1 and
-    result.getBlock() = block2 and
-    block1.getASuccessor+() = block2
+  exists(IRBlock block, int rnk, IRBlock succ |
+    rnk = getStoreRank(store, block, globalAddress) and
+    not rnk + 1 = getStoreRank(_, block, globalAddress) and
+    succ = block.getASuccessor() and
+    result = getFirstStore(succ, globalAddress)
   )
 }
 
@@ -192,7 +219,7 @@ predicate stackAddressEscapes(
     stackPointerFlowsToUse(store.getSourceValue(), vai)
   ) and
   // Ensure there's no subsequent store that overrides the global address.
-  not globalAddress = globalAddress(getAStoreStrictlyAfter(store).getDestinationAddress())
+  not exists(getANextStoreTo(store, globalAddress))
 }
 
 predicate blockStoresToAddress(

cpp/ql/src/change-notes/released/0.3.4.md

@@ -0,0 +1 @@
+## 0.3.4

cpp/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.3.3
+lastReleaseVersion: 0.3.4

cpp/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 0.3.4-dev
+version: 0.3.5-dev
 groups: 
   - cpp
   - queries

cpp/ql/test/query-tests/Likely Bugs/Memory Management/UsingExpiredStackAddress/UsingExpiredStackAddress.expected

@@ -64,6 +64,10 @@ edges
 | test.cpp:201:5:201:17 | EnterFunction: maybe_deref_p | test.cpp:201:5:201:17 | VariableAddress: maybe_deref_p |
 | test.cpp:210:3:210:9 | Call: call to escape1 | test.cpp:201:5:201:17 | EnterFunction: maybe_deref_p |
 | test.cpp:210:3:210:9 | Call: call to escape1 | test.cpp:201:5:201:17 | VariableAddress: maybe_deref_p |
+| test.cpp:234:3:234:13 | Store: ... = ... | test.cpp:238:3:238:9 | Call: call to escape2 |
+| test.cpp:238:3:238:9 | Call: call to escape2 | test.cpp:239:17:239:17 | Load: p |
+| test.cpp:263:3:263:13 | Store: ... = ... | test.cpp:267:3:267:9 | Call: call to escape3 |
+| test.cpp:267:3:267:9 | Call: call to escape3 | test.cpp:268:17:268:17 | Load: p |
 #select
 | test.cpp:15:16:15:16 | Load: p | test.cpp:10:3:10:13 | Store: ... = ... | test.cpp:15:16:15:16 | Load: p | Stack variable $@ escapes $@ and is used after it has expired. | test.cpp:9:7:9:7 | x | x | test.cpp:10:3:10:13 | Store: ... = ... | here |
 | test.cpp:24:16:24:16 | Load: p | test.cpp:10:3:10:13 | Store: ... = ... | test.cpp:24:16:24:16 | Load: p | Stack variable $@ escapes $@ and is used after it has expired. | test.cpp:9:7:9:7 | x | x | test.cpp:10:3:10:13 | Store: ... = ... | here |
@@ -90,3 +94,5 @@ edges
 | test.cpp:180:14:180:19 | Load: * ... | test.cpp:154:3:154:22 | Store: ... = ... | test.cpp:180:14:180:19 | Load: * ... | Stack variable $@ escapes $@ and is used after it has expired. | test.cpp:133:7:133:8 | b2 | b2 | test.cpp:154:3:154:22 | Store: ... = ... | here |
 | test.cpp:181:13:181:20 | Load: access to array | test.cpp:155:3:155:21 | Store: ... = ... | test.cpp:181:13:181:20 | Load: access to array | Stack variable $@ escapes $@ and is used after it has expired. | test.cpp:134:7:134:8 | b3 | b3 | test.cpp:155:3:155:21 | Store: ... = ... | here |
 | test.cpp:182:14:182:19 | Load: * ... | test.cpp:156:3:156:25 | Store: ... = ... | test.cpp:182:14:182:19 | Load: * ... | Stack variable $@ escapes $@ and is used after it has expired. | test.cpp:134:7:134:8 | b3 | b3 | test.cpp:156:3:156:25 | Store: ... = ... | here |
+| test.cpp:239:17:239:17 | Load: p | test.cpp:234:3:234:13 | Store: ... = ... | test.cpp:239:17:239:17 | Load: p | Stack variable $@ escapes $@ and is used after it has expired. | test.cpp:232:7:232:7 | x | x | test.cpp:234:3:234:13 | Store: ... = ... | here |
+| test.cpp:268:17:268:17 | Load: p | test.cpp:263:3:263:13 | Store: ... = ... | test.cpp:268:17:268:17 | Load: p | Stack variable $@ escapes $@ and is used after it has expired. | test.cpp:260:7:260:7 | x | x | test.cpp:263:3:263:13 | Store: ... = ... | here |

cpp/ql/test/query-tests/Likely Bugs/Memory Management/UsingExpiredStackAddress/test.cpp

@@ -209,4 +209,61 @@ int maybe_deref_p(bool b) {
 int field_indirect_maybe_bad(bool b) {
   escape1();
   return maybe_deref_p(b);
+}
+
+// These next tests cover subsequent stores to the same address in the same basic block.
+
+static struct S100 s102;
+
+void not_escape1() {
+  int x;
+  s102.p = &x;
+  s102.p = nullptr;
+}
+
+void calls_not_escape1() {
+  not_escape1();
+  int x = *s102.p; // GOOD
+}
+
+static struct S100 s103;
+
+void escape2() {
+  int x;
+  s103.p = nullptr;
+  s103.p = &x;
+}
+
+void calls_escape2() {
+  escape2();
+  int x = *s103.p; // BAD
+}
+
+bool unknown();
+static struct S100 s104;
+
+void not_escape2() {
+  int x;
+  s104.p = &x;
+  if(unknown()) { }
+  s104.p = nullptr;
+}
+
+void calls_not_escape2() {
+  not_escape2();
+  int x = *s104.p; // GOOD
+}
+
+static struct S100 s105;
+
+void escape3() {
+  int x;
+  s105.p = nullptr;
+  if(unknown()) { }
+  s105.p = &x;
+}
+
+void calls_escape3() {
+  escape3();
+  int x = *s105.p; // BAD
 }

csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md

@@ -1,3 +1,5 @@
+## 1.2.5
+
 ## 1.2.4
 
 ## 1.2.3

csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.2.5.md

@@ -0,0 +1 @@
+## 1.2.5

csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.2.4
+lastReleaseVersion: 1.2.5

csharp/ql/campaigns/Solorigate/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.2.5-dev
+version: 1.2.6-dev
 groups:
     - csharp
     - solorigate

csharp/ql/campaigns/Solorigate/src/CHANGELOG.md

@@ -1,3 +1,5 @@
+## 1.2.5
+
 ## 1.2.4
 
 ## 1.2.3

csharp/ql/campaigns/Solorigate/src/change-notes/released/1.2.5.md

@@ -0,0 +1 @@
+## 1.2.5

csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.2.4
+lastReleaseVersion: 1.2.5

csharp/ql/campaigns/Solorigate/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.2.5-dev
+version: 1.2.6-dev
 groups:
     - csharp
     - solorigate

csharp/ql/lib/CHANGELOG.md

@@ -1,3 +1,5 @@
+## 0.3.5
+
 ## 0.3.4
 
 ### Deprecated APIs

csharp/ql/lib/change-notes/released/0.3.5.md

@@ -0,0 +1 @@
+## 0.3.5

csharp/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.3.4
+lastReleaseVersion: 0.3.5

csharp/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 0.3.5-dev
+version: 0.3.6-dev
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp

csharp/ql/src/CHANGELOG.md

@@ -1,3 +1,5 @@
+## 0.3.4
+
 ## 0.3.3
 
 ### Minor Analysis Improvements

csharp/ql/src/change-notes/released/0.3.4.md

@@ -0,0 +1 @@
+## 0.3.4

csharp/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.3.3
+lastReleaseVersion: 0.3.4

csharp/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 0.3.4-dev
+version: 0.3.5-dev
 groups: 
   - csharp
   - queries

csharp/tools/tracing-config.lua

@@ -38,26 +38,12 @@ function RegisterExtractorPack(id)
                     match = true
                     break
                 end
-                if arg == 'run' then
-                    -- for `dotnet run`, we need to make sure that `-p:UseSharedCompilation=false` is
-                    -- not passed in as an argument to the program that is run
-                    match = true
-                    needsSeparator = true
-                end
-            end
-            if arg == '--' then
-                needsSeparator = false
-                break
             end
         end
         if match then
-            local injections = { '-p:UseSharedCompilation=false' }
-            if needsSeparator then
-                table.insert(injections, '--')
-            end
             return {
                 order = ORDER_REPLACE,
-                invocation = BuildExtractorInvocation(id, compilerPath, compilerPath, compilerArguments, nil, injections)
+                invocation = BuildExtractorInvocation(id, compilerPath, compilerPath, compilerArguments, nil, { '-p:UseSharedCompilation=false' })
             }
         end
         return nil

docs/codeql/codeql-cli/about-codeql-workspaces.rst

@@ -12,16 +12,17 @@ The main benefit of a CodeQL workspace is that it makes it easier for you to dev
 In most cases, you should store the CodeQL workspace and the CodeQL packs contained in it in one git repository. This makes it easier to share your CodeQL development environment.
 
 The ``codeql-workspace.yml`` file
-----------------------------------
+---------------------------------
 
-A CodeQL workspace is defined by a ``codeql-workspace.yml`` yaml file. This file contains a ``provide`` block, and optionally an ``ignore`` block.
+A CodeQL workspace is defined by a ``codeql-workspace.yml`` yaml file. This file contains a ``provide`` block, and optionally ``ignore`` and ``registries`` blocks.
 
 * The ``provide`` block contains a list of glob patterns that define the CodeQL packs that are available in the workspace.
 * The ``ignore`` block contains a list of glob patterns that define CodeQL packs that are not available in the workspace.
+* The ``registries`` block contains a list of GHES URLs and package patterns that control which container registry is used for publishing CodeQL packs. For more information, see :ref:`Working with CodeQL packs on GitHub Enterprise Server <working-with-codeql-packs-on-ghes>`.
 
 Each entry in the ``provide`` or ``ignore`` section must map to the location of a ``qlpack.yml`` file. All glob patterns are defined relative to the directory that contains the workspace file. For a list of patterns accepted in this file, see "`@actions/glob <https://github.com/actions/toolkit/tree/main/packages/glob#patterns>`__ ."
 
-For example, the following ``codeql-workspace.yml`` file defines a workspace that contains all the CodeQL packs recursively found in the ``codeql-packs`` directory, except for the packs in the ``experimental`` directory:
+For example, the following ``codeql-workspace.yml`` file defines a workspace that contains all the CodeQL packs recursively found in the ``codeql-packs`` directory, except for the packs in the ``experimental`` directory. The ``registries`` block specifies that ``codeql/*`` packs should be downloaded from https://ghcr.io/v2/, which is GitHub's default container registry. All other packs should be downloaded from and published to the regsitry at ``GHE_HOSTNAME``.
 
 .. code-block:: yaml
 
@@ -30,6 +31,13 @@ For example, the following ``codeql-workspace.yml`` file defines a workspace tha
     ignore:
       - "*/codeql-packs/**/experimental/**/qlpack.yml"
 
+    registries:
+     - packages: 'codeql/*'
+       url: https://ghcr.io/v2/
+
+     - packages: '*'
+       url: https://containers.GHE_HOSTNAME/v2/
+
 To verify that your ``codeql-workspace.yml`` file includes the CodeQL packs that you expect, run the ``codeql pack ls`` command in the same directory as your workspace. The result of the command is a list of all CodeQL packs in the workspace.
 
 .. _source-dependencies:

docs/codeql/codeql-cli/creating-codeql-databases.rst

@@ -11,11 +11,11 @@ or download them from GitHub.com.
 CodeQL analysis relies on extracting relational data from your code, and
 using it to build a :ref:`CodeQL database <codeql-database>`. CodeQL
 databases contain all of the important information about a codebase, which can
-be analyzed by executing CodeQL queries against it. GitHub creates and 
+be analyzed by executing CodeQL queries against it. GitHub creates and
 stores CodeQL databases for a large number of open-source projects. For more information,
 see ":ref:`Downloading CodeQL databases from GitHub.com <downloading-codeql-databases-from-github-com>`."
 
-You can also create CodeQL databases yourself using the CodeQL CLI. 
+You can also create CodeQL databases yourself using the CodeQL CLI.
 Before you generate a CodeQL database, you need to:
 
 - Install and set up the CodeQL CLI. For more information, see
@@ -214,12 +214,12 @@ commands that you can specify for compiled languages.
 
      codeql database create cpp-database --language=cpp --command=make
 
-- C# project built using ``dotnet build``::
+- C# project built using ``dotnet build``:
 
-     It is a good idea to add `/t:rebuild` to ensure that all code will be built, or do a
-     prior `dotnet clean` (code that is not built will not be included in the CodeQL database):
+  It is a good idea to add `/t:rebuild` to ensure that all code will be built, or do a
+  prior `dotnet clean` (code that is not built will not be included in the CodeQL database)::
 
-     codeql database create csharp-database --language=csharp --command='dotnet build /t:rebuild' 
+     codeql database create csharp-database --language=csharp --command='dotnet build /t:rebuild'
 
 - Go project built using the ``CODEQL_EXTRACTOR_GO_BUILD_TRACING=on`` environment variable::
 
@@ -391,9 +391,9 @@ Downloading databases from GitHub.com
 -------------------------------------
 
 .. include:: ../reusables/download-github-database.rst
-   
+
 Before running an analysis with the CodeQL CLI, you must unzip the databases.
-   
+
 Further reading
 ---------------
 

docs/codeql/codeql-cli/creating-codeql-query-suites.rst

@@ -118,8 +118,10 @@ typically a query metadata property. The value can be:
 
 To match a constraint, a metadata value must match one of the strings or
 regular expressions. When there is more than one metadata key, each key must be matched.
-For more information about query metadata properties, see ":ref:`Metadata for CodeQL queries
-<metadata-for-codeql-queries>`."
+The standard metadata keys available to match on are: ``description``, ``id``, ``kind``,
+``name``, ``tags``, ``precision``, and ``problem.severity``.
+For more information about query metadata properties, see
+":ref:`Metadata for CodeQL queries <metadata-for-codeql-queries>`."
 
 In addition to metadata tags, the keys in the constraint block can also be:
 
@@ -131,8 +133,37 @@ In addition to metadata tags, the keys in the constraint block can also be:
 - ``tags contain all``---each of the given match strings must match one of the
   components of the ``@tags`` metadata property.
 
-Examples
-~~~~~~~~
+Examples of filtering which queries are run
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+A common use case is to create a query suite that runs all queries in a CodeQL pack,
+except for a few specific queries that the user does not want to run. In general, we
+recommend filtering on the query ``id``, which is a unique and stable identifier for
+each query. The following three query suite definitions are semantically identical and
+filter by the query ``id``:
+
+This filter matches all the queries in the default suite of ``codeql/cpp-queries``, except for the two queries with the excluded identifiers::
+
+   - qlpack: codeql/cpp-queries
+   - exclude:
+       id:
+         - cpp/cleartext-transmission
+         - cpp/cleartext-storage-file
+
+In this example, a separate ``exclude`` instruction is used for each query::
+
+   - qlpack: codeql/cpp-queries
+   - exclude:
+       id: cpp/cleartext-transmission
+   - exclude:
+       id: cpp/cleartext-storage-file
+
+In this example, a regular expression excludes the same two queries. It would also exclude any future queries added to the suite with identifiers that begin: ``cpp/cleartext-``::
+
+   - qlpack: codeql/cpp-queries
+   - exclude:
+       id:
+         - /^cpp\/cleartext-.*/
 
 To define a suite that selects all queries in the default suite of the
 ``codeql/cpp-queries`` CodeQL pack, and then refines them to only include
@@ -150,6 +181,15 @@ and ``@precision high`` from the ``my-custom-queries`` directory, use::
        kind: problem
        precision: very-high
 
+Note that the following query suite definition behaves differently from the definition above. This definition selects queries that are ``@kind problem`` *or*
+are ``@precision very-high``::
+
+   - queries: my-custom-queries
+   - include:
+       kind: problem
+   - include:
+       precision: very-high
+
 To create a suite that selects all queries with ``@kind problem`` from the
 ``my-custom-queries`` directory except those with ``@problem.severity
 recommendation``, use::
@@ -172,6 +212,15 @@ use::
        - high
        - very-high
 
+.. pull-quote::
+
+    Tip
+
+    You can use the ``codeql resolve queries /path/to/suite.qls`` command to see
+    which queries are selected by a query suite definition. For more information,
+    see the `resolve queries <../../codeql-cli/manual/resolve-queries>`__
+    reference documentation.
+
 Reusing existing query suite definitions
 -----------------------------------------
 
@@ -208,14 +257,8 @@ Existing query suite definitions can be reused by specifying:
   conditions, saved in a ``.yml`` file, to multiple query definitions. For more
   information, see the `example <#example>`__ below.
 
-- An ``eval`` instruction---performs the same function as an ``import``
-  instruction, but takes a full suite definition as the argument, rather than the
-  path to a ``.qls`` file on disk.
-
-To see what queries are included in a query suite, you can run the ``codeql resolve queries my-suite.qls`` command.
-
-Example
-~~~~~~~
+Reusability Examples
+~~~~~~~~~~~~~~~~~~~~
 
 To use the same conditions in multiple query suite definitions, create a
 separate ``.yml`` file containing your instructions. For example, save the
@@ -252,6 +295,30 @@ instruction::
     from: my-org/my-custom-instructions
     version: ^1.2.3 # optional
 
+A common use case for an ``import`` instruction is to apply a further filter to queries from another
+query suite. For example, this suite will further filter the ``cpp-security-and-quality`` suite
+and exclude ``low`` and ``medium`` precision queries::
+
+    - import: codeql-suites/cpp-security-and-quality.qls
+      from: codeql/cpp-queries
+    - exclude:
+        precision:
+          - low
+          - medium
+
+If you want to ``include`` queries imported from another suite, the syntax is a little different::
+
+    - import: codeql-suites/cpp-security-and-quality.qls
+      from: codeql/cpp-queries
+    - exclude: {}
+    - include:
+        precision:
+          - very-high
+          - high
+
+Notice the empty ``exclude`` instruction. This is required to ensure that the subsequent ``include``
+instruction is able to filter queries from the imported suite.
+
 Naming a query suite
 --------------------
 

docs/codeql/codeql-cli/publishing-and-using-codeql-packs.rst

@@ -74,6 +74,8 @@ The ``analyze`` command will run the default suite of any specified CodeQL packs
 
    codeql <database> analyze <scope>/<pack> <scope>/<other-pack>
 
+.. _working-with-codeql-packs-on-ghes:
+
 Working with CodeQL packs on GitHub Enterprise Server
 -----------------------------------------------------
 
@@ -91,13 +93,17 @@ For example, the following ``qlconfig.yml`` file associates all packs with the C
 .. code-block:: yaml
 
    registries:
-   - packages: 'codeql/*'
+   - packages:
+     - 'codeql/*'
+     - 'other-org/*'
      url: https://ghcr.io/v2/
    - packages: '*'
      url: https://containers.GHE_HOSTNAME/v2/
 
 The CodeQL CLI will determine which registry to use for a given package name by finding the first item in the ``registries`` list with a ``packages`` property that matches that package name.
-This means that you'll generally want to define the most specific package name patterns first.
+This means that you'll generally want to define the most specific package name patterns first. The ``packages`` property may be a single package name, a glob pattern, or a YAML list of package names and glob patterns.
+
+The ``registries`` list can also be placed inside of a ``codeql-workspace.yml`` file. Doing so will allow you to define the registries to be used within a specific workspace, so that it can be shared amongst other CodeQL users of the workspace. The ``registries`` list in the ``codeql-workspace.yml`` will be merged with and take precedence over the list in the global ``qlconfig.yml``. For more information about ``codeql-workspace.yml``, see :ref:`About CodeQL workspaces <about-codeql-workspaces>`.
 
 You can now use ``codeql pack publish``, ``codeql pack download``, and ``codeql database analyze`` to manage packs on GitHub Enterprise Server.
 

docs/codeql/ql-language-reference/ql-language-specification.rst

@@ -143,7 +143,7 @@ Module definitions
 
 A QL module definition has the following syntax:
 
-:: 
+::
 
    module ::= annotation* "module" modulename "{" moduleBody "}"
 
@@ -179,7 +179,7 @@ An import directive refers to a module identifier:
 
    import ::= annotations "import" importModuleId ("as" modulename)?
 
-   qualId ::= simpleId | qualId "." simpleId 
+   qualId ::= simpleId | qualId "." simpleId
 
    importModuleId ::= qualId
                   | importModuleId "::" simpleId
@@ -251,7 +251,7 @@ With the exception of class domain types and character types (which cannot be re
 
    type ::= (moduleId "::")? classname | dbasetype | "boolean" | "date" | "float" | "int" | "string"
 
-   moduleId ::= simpleId | moduleId "::" simpleId 
+   moduleId ::= simpleId | moduleId "::" simpleId
 
 A type reference is resolved to a type as follows:
 
@@ -581,7 +581,7 @@ An integer literal is a possibly negated sequence of decimal digits (``0`` throu
    0
    42
    123
-   -2147483648 
+   -2147483648
 
 Float literals (float)
 ~~~~~~~~~~~~~~~~~~~~~~
@@ -743,7 +743,7 @@ it is parsed as part of the first declaration.
 Inheriting QLDoc
 ~~~~~~~~~~~~~~~~
 
-If no QLDoc is provided then it may be inherited. 
+If no QLDoc is provided then it may be inherited.
 
 In the case of an alias then it may be inherited from the right-hand side of the alias.
 
@@ -801,7 +801,7 @@ The body of a predicate is of one of three forms:
 ::
 
    optbody ::= ";"
-           |  "{" formula "}" 
+           |  "{" formula "}"
            |  "=" literalId "(" (predicateRef "/" int ("," predicateRef "/" int)*)? ")" "(" (exprs)? ")"
 
 In the first form, with just a semicolon, the predicate is said to not have a body. In the second form, the body of the predicate is the given formula (see "`Formulas <#formulas>`__"). In the third form, the body is a higher-order relation.
@@ -856,7 +856,7 @@ Each member of a class is either a *character*, a predicate, or a field:
 ::
 
    member ::= character | predicate | field
-   character ::= qldoc? annotations classname "(" ")" "{" formula "}" 
+   character ::= qldoc? annotations classname "(" ")" "{" formula "}"
    field ::= qldoc? annotations var_decl ";"
 
 Characters
@@ -907,7 +907,7 @@ A valid class may not inherit from two different classes that include a field wi
 
 A valid field must override another field if it is annotated ``override``.
 
-When field ``f`` overrides field ``g`` the type of ``f`` must be a subtype of the type of ``g``. ``f`` may not be a final field. 
+When field ``f`` overrides field ``g`` the type of ``f`` must be a subtype of the type of ``g``. ``f`` may not be a final field.
 
 Select clauses
 ~~~~~~~~~~~~~~
@@ -976,8 +976,8 @@ There are several kinds of expressions:
         |   binop
         |   cast
         |   primary
-        
-   primary ::= eparen 
+
+   primary ::= eparen
            |   literal
            |   variable
            |   super_expr
@@ -1086,7 +1086,7 @@ A super expression has the following syntax:
 
 ::
 
-   super_expr ::= "super" | type "." "super" 
+   super_expr ::= "super" | type "." "super"
 
 For a super expression to be valid, the ``this`` keyword must have a type and value in the typing environment. The type of the expression is the same as the type of ``this`` in the typing environment.
 
@@ -1146,11 +1146,11 @@ A valid call with results *resolves* to a set of predicates. The ways a call can
 -  If the call has no receiver and the predicate name is a selection identifier, then the qualifier is resolved as a module (see "`Module resolution <#module-resolution>`__"). The identifier is then resolved in the exported predicate environment of the qualifier module.
 
 -  If the call has a super expression as the receiver, then it resolves to a member predicate in a class that the enclosing class inherits from:
-    -  If the super expression is unqualified and there is a single class that the current class inherits from, then the super-class is that class. 
+    -  If the super expression is unqualified and there is a single class that the current class inherits from, then the super-class is that class.
     -  If the super expression is unqualified and there are multiple classes that the current class inherits from, then the super-class is the domain type.
-    -  Otherwise, the super-class is the class named by the qualifier of the super expression. 
+    -  Otherwise, the super-class is the class named by the qualifier of the super expression.
 
-   The predicate is resolved by looking up its name and arity in the exported predicate environment of the super-class. 
+   The predicate is resolved by looking up its name and arity in the exported predicate environment of the super-class.
 
 -  If the type of the receiver is the same as the enclosing class, the predicate is resolved by looking up its name and arity in the visible predicate environment of the class.
 
@@ -1209,15 +1209,15 @@ The rank expression must be present if the aggregate id is ``rank``; otherwise i
 Apart from the presence or absence of the rank variable, all other reduced forms of an aggregation are equivalent to a full form using the following steps:
 
 -  If the formula is omitted, then it is taken to be ``any()``.
--  If there are no aggregation expressions, then either: 
+-  If there are no aggregation expressions, then either:
 
-   - The aggregation id is ``count`` or ``strictcount`` and the expression is taken to be ``1``. 
+   - The aggregation id is ``count`` or ``strictcount`` and the expression is taken to be ``1``.
    - There must be precisely one variable declaration, and the aggregation expression is taken to be a reference to that variable.
 
 -  If the aggregation id is ``concat`` or ``strictconcat`` and it has a single expression then the second expression is taken to be ``""``.
--  If the ``monotonicAggregates`` language pragma is not enabled, or the original formula and variable declarations are both omitted, then the aggregate is transformed as follows: 
+-  If the ``monotonicAggregates`` language pragma is not enabled, or the original formula and variable declarations are both omitted, then the aggregate is transformed as follows:
 
-   - For each aggregation expression ``expr_i``, a fresh variable ``v_i`` is declared with the same type as the expression in addition to the original variable declarations. 
+   - For each aggregation expression ``expr_i``, a fresh variable ``v_i`` is declared with the same type as the expression in addition to the original variable declarations.
    - The new range is the conjunction of the original range and a term ``v_i = expr_i`` for each aggregation expression ``expr_i``.
    - Each original aggregation expression ``expr_i`` is replaced by a new aggregation expression ``v_i``.
 
@@ -1303,11 +1303,11 @@ Expression pragmas can be used to guide optimization.
 The values of an expression pragma are the values of the contained expression.
 
 The type `only_bind_out` hints that uses of the result of the expression pragma should not be used to guide the evaluation of the result of the contained expression.
-When checking to see that all values are bound the compiler does not assume that if the result of the expression pragma is bound then the result of the contained 
+When checking to see that all values are bound the compiler does not assume that if the result of the expression pragma is bound then the result of the contained
 expression is bound.
 
 The type `only_bind_into` hints that uses of the contained expression should not be used to guide the evaluation of the result of the expression pragma.
-When checking to see that all values are bound the compiler does not assume that if the result of the contained expression is bound then the result of the 
+When checking to see that all values are bound the compiler does not assume that if the result of the contained expression is bound then the result of the
 expression pragma is bound.
 
 Ranges
@@ -1481,7 +1481,7 @@ A comparison formula is two expressions separated by a comparison operator:
 ::
 
    comparison ::= expr compop expr
-   compop ::= "=" | "!=" | "<" | ">" | "<=" | ">="      
+   compop ::= "=" | "!=" | "<" | ">" | "<=" | ">="
 
 A comparison formula matches if there is one value of the left expression that is in the given ordering with one of the values of the right expression. The ordering used is specified in "`Ordering <#ordering>`__." If one of the values is an integer and the other is a float value, then the integer is converted to a float value before the comparison.
 
@@ -1565,7 +1565,7 @@ Aliases define new names for existing QL entities.
    alias ::= qldoc? annotations "predicate" literalId "=" predicateRef "/" int ";"
          |   qldoc? annotations "class" classname "=" type ";"
          |   qldoc? annotations "module" modulename "=" moduleId ";"
-       
+
 
 An alias introduces a binding from the new name to the entity referred to by the right-hand side in the current module's declared predicate, type, or module environment respectively.
 
@@ -1956,13 +1956,13 @@ Each layer of the stratification is *populated* in order. To populate a layer, e
 -  To populate a predicate that has a formula as a body, find each named tuple ``t`` that has the following properties:
 
      - The tuple matches the body formula.
-     - The variables should be the predicate's arguments.  
+     - The variables should be the predicate's arguments.
      - If the predicate has a result, then the tuples should additionally have a value for ``result``.
      - If the predicate is a member predicate or characteristic predicate of a class ``C`` then the tuples should additionally have a value for ``this`` and each visible field on the class.
      - The values corresponding to the arguments should all be a member of the declared types of the arguments.
      - The values corresponding to ``result`` should all be a member of the result type.
      - The values corresponding to the fields should all be a member of the declared types of the fields.
-     - If the predicate is a member predicate of a class ``C`` and not a characteristic predicate, then the tuples should additionally extend some tuple in ``C.class``. 
+     - If the predicate is a member predicate of a class ``C`` and not a characteristic predicate, then the tuples should additionally extend some tuple in ``C.class``.
      - If the predicate is a characteristic predicate of a class ``C``, then there should be a tuple ``t'`` in ``C.extends`` such that for each visible field in ``C``, any field that is equal to or overrides a field in ``t'`` should have the same value in ``t``. ``this`` should also map to the same value in ``t`` and ``t'``.
 
    For each such tuple remove any components that correspond to fields and add it to the predicate in the store.
@@ -1981,7 +1981,7 @@ Each layer of the stratification is *populated* in order. To populate a layer, e
 
 -  To populate the type ``C.C`` for a class ``C``, if ``C`` has a characteristic predicate, then add all tuples from that predicate to the store. Otherwise add all tuples ``t`` such that:
 
-     - The variables of ``t`` should be ``this`` and the visible fields of ``C``.  
+     - The variables of ``t`` should be ``this`` and the visible fields of ``C``.
      - The values corresponding to the fields should all be a member of the declared types of the fields.
      - If the predicate is a characteristic predicate of a class ``C``, then there should be a tuple ``t'`` in ``C.extends`` such that for each visible field in ``C``, any field that is equal to or overrides a field in ``t'`` should have the same value in ``t``. ``this`` should also map to the same value in ``t`` and ``t'``.
 
@@ -2016,7 +2016,7 @@ The complete grammar for QL is as follows:
 
    import ::= annotations "import" importModuleId ("as" modulename)?
 
-   qualId ::= simpleId | qualId "." simpleId 
+   qualId ::= simpleId | qualId "." simpleId
 
    importModuleId ::= qualId
                   | importModuleId "::" simpleId
@@ -2055,18 +2055,18 @@ The complete grammar for QL is as follows:
    head ::= ("predicate" | type) predicateName "(" var_decls ")"
 
    optbody ::= ";"
-           |  "{" formula "}" 
+           |  "{" formula "}"
            |  "=" literalId "(" (predicateRef "/" int ("," predicateRef "/" int)*)? ")" "(" (exprs)? ")"
 
    class ::= qldoc? annotations "class" classname "extends" type ("," type)* "{" member* "}"
 
    member ::= character | predicate | field
 
-   character ::= qldoc? annotations classname "(" ")" "{" formula "}" 
+   character ::= qldoc? annotations classname "(" ")" "{" formula "}"
 
    field ::= qldoc? annotations var_decl ";"
 
-   moduleId ::= simpleId | moduleId "::" simpleId 
+   moduleId ::= simpleId | moduleId "::" simpleId
 
    type ::= (moduleId "::")? classname | dbasetype | "boolean" | "date" | "float" | "int" | "string"
 
@@ -2075,7 +2075,7 @@ The complete grammar for QL is as follows:
    alias ::= qldoc? annotations "predicate" literalId "=" predicateRef "/" int ";"
          |  qldoc? annotations "class" classname "=" type ";"
          |  qldoc? annotations "module" modulename "=" moduleId ";"
-         
+
    var_decls ::= (var_decl ("," var_decl)*)?
 
    var_decl ::= type lowerId
@@ -2091,7 +2091,7 @@ The complete grammar for QL is as follows:
            |   instanceof
            |   inrange
            |   call
-           
+
    fparen ::= "(" formula ")"
 
    disjunction ::= formula "or" formula
@@ -2111,7 +2111,7 @@ The complete grammar for QL is as follows:
 
    comparison ::= expr compop expr
 
-   compop ::= "=" | "!=" | "<" | ">" | "<=" | ">="      
+   compop ::= "=" | "!=" | "<" | ">" | "<=" | ">="
 
    instanceof ::= expr "instanceof" type
 
@@ -2129,7 +2129,7 @@ The complete grammar for QL is as follows:
         |   primary
 
 
-   primary ::= eparen 
+   primary ::= eparen
            |   literal
            |   variable
            |   super_expr
@@ -2158,7 +2158,7 @@ The complete grammar for QL is as follows:
 
    variable ::= varname | "this" | "result"
 
-   super_expr ::= "super" | type "." "super" 
+   super_expr ::= "super" | type "." "super"
 
    cast ::= "(" type ")" expr
 
@@ -2167,7 +2167,7 @@ The complete grammar for QL is as follows:
    aggregation ::= aggid ("[" expr "]")? "(" var_decls ("|" (formula)? ("|" as_exprs ("order" "by" aggorderbys)?)?)? ")"
                |   aggid ("[" expr "]")? "(" as_exprs ("order" "by" aggorderbys)? ")"
                |   "unique" "(" var_decls "|" (formula)? ("|" as_exprs)? ")"
- 
+
    expression_pragma ::= "pragma" "[" expression_pragma_type "]" "(" expr ")"
 
    expression_pragma_type ::= "only_bind_out" | "only_bind_into"
@@ -2182,9 +2182,9 @@ The complete grammar for QL is as follows:
 
    callwithresults ::= predicateRef (closure)? "(" (exprs)? ")"
                    |   primary "." predicateName (closure)? "(" (exprs)? ")"
-                   
+
    range ::= "[" expr ".." expr "]"
-   
+
    setliteral ::= "[" expr ("," expr)* ","? "]"
 
    simpleId ::= lowerId | upperId

docs/codeql/reusables/download-github-database.rst

@@ -7,7 +7,7 @@ For example, to check for CodeQL databases using the `GitHub CLI <https://cli.gi
 
 This command returns information about any CodeQL databases that are available for a repository, including the language the database represents, and when the database was last updated. If no CodeQL databases are available, the response is empty.
 
-When you have confirmed that a CodeQL database exists for the language you are interested in, you can download it using the following command:: 
+When you have confirmed that a CodeQL database exists for the language you are interested in, you can download it using the following command::
 
    gh api /repos/<owner>/<repo>/code-scanning/codeql/databases/<language> -H 'Accept: application/zip' > path/to/local/database.zip
 

go/ql/lib/CHANGELOG.md

@@ -1,3 +1,5 @@
+## 0.2.5
+
 ## 0.2.4
 
 ### Minor Analysis Improvements

go/ql/lib/change-notes/released/0.2.5.md

@@ -0,0 +1 @@
+## 0.2.5

go/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.2.4
+lastReleaseVersion: 0.2.5

go/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/go-all
-version: 0.2.5-dev
+version: 0.2.6-dev
 groups: go
 dbscheme: go.dbscheme
 extractor: go

go/ql/src/CHANGELOG.md

@@ -1,3 +1,5 @@
+## 0.2.5
+
 ## 0.2.4
 
 ## 0.2.3

go/ql/src/change-notes/released/0.2.5.md

@@ -0,0 +1 @@
+## 0.2.5

go/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.2.4
+lastReleaseVersion: 0.2.5

go/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/go-queries
-version: 0.2.5-dev
+version: 0.2.6-dev
 groups:
   - go
   - queries

java/ql/lib/CHANGELOG.md

@@ -1,3 +1,5 @@
+## 0.3.5
+
 ## 0.3.4
 
 ### Deprecated APIs

java/ql/lib/change-notes/released/0.3.5.md

@@ -0,0 +1 @@
+## 0.3.5

java/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.3.4
+lastReleaseVersion: 0.3.5

java/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/java-all
-version: 0.3.5-dev
+version: 0.3.6-dev
 groups: java
 dbscheme: config/semmlecode.dbscheme
 extractor: java

java/ql/src/CHANGELOG.md

@@ -1,3 +1,5 @@
+## 0.3.4
+
 ## 0.3.3
 
 ### New Queries

java/ql/src/change-notes/released/0.3.4.md

@@ -0,0 +1 @@
+## 0.3.4

java/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.3.3
+lastReleaseVersion: 0.3.4

java/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/java-queries
-version: 0.3.4-dev
+version: 0.3.5-dev
 groups: 
   - java
   - queries

javascript/ql/lib/CHANGELOG.md

@@ -1,3 +1,5 @@
+## 0.2.5
+
 ## 0.2.4
 
 ### Deprecated APIs

javascript/ql/lib/change-notes/released/0.2.5.md

@@ -0,0 +1 @@
+## 0.2.5

javascript/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.2.4
+lastReleaseVersion: 0.2.5

javascript/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/javascript-all
-version: 0.2.5-dev
+version: 0.2.6-dev
 groups: javascript
 dbscheme: semmlecode.javascript.dbscheme
 extractor: javascript

javascript/ql/src/CHANGELOG.md

@@ -1,3 +1,5 @@
+## 0.3.4
+
 ## 0.3.3
 
 ### New Queries

javascript/ql/src/change-notes/released/0.3.4.md

@@ -0,0 +1 @@
+## 0.3.4

javascript/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.3.3
+lastReleaseVersion: 0.3.4

javascript/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/javascript-queries
-version: 0.3.4-dev
+version: 0.3.5-dev
 groups: 
   - javascript
   - queries

python/ql/lib/CHANGELOG.md

@@ -1,3 +1,5 @@
+## 0.5.5
+
 ## 0.5.4
 
 ### Deprecated APIs

python/ql/lib/change-notes/released/0.5.5.md

@@ -0,0 +1 @@
+## 0.5.5

python/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.5.4
+lastReleaseVersion: 0.5.5

python/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/python-all
-version: 0.5.5-dev
+version: 0.5.6-dev
 groups: python
 dbscheme: semmlecode.python.dbscheme
 extractor: python

python/ql/src/CHANGELOG.md

@@ -1,3 +1,5 @@
+## 0.4.3
+
 ## 0.4.2
 
 ### New Queries

python/ql/src/change-notes/released/0.4.3.md

@@ -0,0 +1 @@
+## 0.4.3

python/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.2
+lastReleaseVersion: 0.4.3

python/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/python-queries
-version: 0.4.3-dev
+version: 0.4.4-dev
 groups: 
   - python
   - queries

ruby/ql/lib/CHANGELOG.md

@@ -1,3 +1,5 @@
+## 0.3.5
+
 ## 0.3.4
 
 ### Deprecated APIs

ruby/ql/lib/change-notes/released/0.3.5.md

@@ -0,0 +1 @@
+## 0.3.5

ruby/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.3.4
+lastReleaseVersion: 0.3.5

ruby/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/ruby-all
-version: 0.3.5-dev
+version: 0.3.6-dev
 groups: ruby
 extractor: ruby
 dbscheme: ruby.dbscheme

ruby/ql/src/CHANGELOG.md

@@ -1,3 +1,5 @@
+## 0.3.4
+
 ## 0.3.3
 
 ### New Queries

ruby/ql/src/change-notes/released/0.3.4.md

@@ -0,0 +1 @@
+## 0.3.4

ruby/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.3.3
+lastReleaseVersion: 0.3.4

ruby/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/ruby-queries
-version: 0.3.4-dev
+version: 0.3.5-dev
 groups: 
   - ruby
   - queries