Skip to content

Commit 0125ecf

Browse files
Merge branch 'main' into Token_validation
2 parents 7572414 + 6a0e480 commit 0125ecf

File tree

77 files changed

+1861
-540
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

77 files changed

+1861
-540
lines changed

cpp/ql/src/Architecture/General Class-Level Information/HubClasses.ql

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -12,5 +12,5 @@ import cpp
1212

1313
from Class c
1414
where c.fromSource()
15-
select c as Class, c.getMetrics().getAfferentCoupling() as AfferentCoupling,
16-
c.getMetrics().getEfferentSourceCoupling() as EfferentCoupling order by AfferentCoupling desc
15+
select c as Class, c.getMetrics().getAfferentCoupling() as afferentCoupling,
16+
c.getMetrics().getEfferentSourceCoupling() as efferentCoupling order by afferentCoupling desc

go/ql/lib/semmle/go/Concepts.qll

Lines changed: 35 additions & 75 deletions
Original file line numberDiff line numberDiff line change
@@ -16,16 +16,12 @@ import semmle.go.concepts.GeneratedFile
1616
* Extend this class to refine existing API models. If you want to model new APIs,
1717
* extend `SystemCommandExecution::Range` instead.
1818
*/
19-
class SystemCommandExecution extends DataFlow::Node {
20-
SystemCommandExecution::Range self;
21-
22-
SystemCommandExecution() { this = self }
23-
19+
class SystemCommandExecution extends DataFlow::Node instanceof SystemCommandExecution::Range {
2420
/** Gets the argument that specifies the command to be executed. */
25-
DataFlow::Node getCommandName() { result = self.getCommandName() }
21+
DataFlow::Node getCommandName() { result = super.getCommandName() }
2622

2723
/** Holds if this node is sanitized whenever it follows `--` in an argument list. */
28-
predicate doubleDashIsSanitizing() { self.doubleDashIsSanitizing() }
24+
predicate doubleDashIsSanitizing() { super.doubleDashIsSanitizing() }
2925
}
3026

3127
/** Provides a class for modeling new system-command execution APIs. */
@@ -52,22 +48,18 @@ module SystemCommandExecution {
5248
* Extend this class to refine existing API models. If you want to model new APIs,
5349
* extend `TemplateInstantiation::Range` instead.
5450
*/
55-
class TemplateInstantiation extends DataFlow::Node {
56-
TemplateInstantiation::Range self;
57-
58-
TemplateInstantiation() { this = self }
59-
51+
class TemplateInstantiation extends DataFlow::Node instanceof TemplateInstantiation::Range {
6052
/**
6153
* Gets the argument to this template instantiation that is the template being
6254
* instantiated.
6355
*/
64-
DataFlow::Node getTemplateArgument() { result = self.getTemplateArgument() }
56+
DataFlow::Node getTemplateArgument() { result = super.getTemplateArgument() }
6557

6658
/**
6759
* Gets an argument to this template instantiation that is data being inserted
6860
* into the template.
6961
*/
70-
DataFlow::Node getADataArgument() { result = self.getADataArgument() }
62+
DataFlow::Node getADataArgument() { result = super.getADataArgument() }
7163
}
7264

7365
/** Provides a class for modeling new template-instantiation APIs. */
@@ -100,13 +92,9 @@ module TemplateInstantiation {
10092
* Extend this class to refine existing API models. If you want to model new APIs,
10193
* extend `FileSystemAccess::Range` instead.
10294
*/
103-
class FileSystemAccess extends DataFlow::Node {
104-
FileSystemAccess::Range self;
105-
106-
FileSystemAccess() { this = self }
107-
95+
class FileSystemAccess extends DataFlow::Node instanceof FileSystemAccess::Range {
10896
/** Gets an argument to this file system access that is interpreted as a path. */
109-
DataFlow::Node getAPathArgument() { result = self.getAPathArgument() }
97+
DataFlow::Node getAPathArgument() { result = super.getAPathArgument() }
11098
}
11199

112100
/** Provides a class for modeling new file-system access APIs. */
@@ -125,17 +113,13 @@ module FileSystemAccess {
125113
}
126114

127115
/** A function that escapes meta-characters to prevent injection attacks. */
128-
class EscapeFunction extends Function {
129-
EscapeFunction::Range self;
130-
131-
EscapeFunction() { this = self }
132-
116+
class EscapeFunction extends Function instanceof EscapeFunction::Range {
133117
/**
134118
* The context that this function escapes for.
135119
*
136120
* Currently, this can be "js", "html", or "url".
137121
*/
138-
string kind() { result = self.kind() }
122+
string kind() { result = super.kind() }
139123
}
140124

141125
/** Provides a class for modeling new escape-function APIs. */
@@ -161,7 +145,7 @@ module EscapeFunction {
161145
* JavaScript string literal.
162146
*/
163147
class JsEscapeFunction extends EscapeFunction {
164-
JsEscapeFunction() { self.kind() = "js" }
148+
JsEscapeFunction() { super.kind() = "js" }
165149
}
166150

167151
/**
@@ -170,15 +154,15 @@ class JsEscapeFunction extends EscapeFunction {
170154
* `<p>{}</p>`.
171155
*/
172156
class HtmlEscapeFunction extends EscapeFunction {
173-
HtmlEscapeFunction() { self.kind() = "html" }
157+
HtmlEscapeFunction() { super.kind() = "html" }
174158
}
175159

176160
/**
177161
* A function that escapes a string so it can be safely included as part
178162
* of a URL.
179163
*/
180164
class UrlEscapeFunction extends EscapeFunction {
181-
UrlEscapeFunction() { self.kind() = "url" }
165+
UrlEscapeFunction() { super.kind() = "url" }
182166
}
183167

184168
/**
@@ -187,27 +171,23 @@ class UrlEscapeFunction extends EscapeFunction {
187171
* Extend this class to refine existing API models. If you want to model new APIs,
188172
* extend `RegexpPattern::Range` instead.
189173
*/
190-
class RegexpPattern extends DataFlow::Node {
191-
RegexpPattern::Range self;
192-
193-
RegexpPattern() { this = self }
194-
174+
class RegexpPattern extends DataFlow::Node instanceof RegexpPattern::Range {
195175
/**
196176
* Gets the node where this pattern is parsed as a part of a regular
197177
* expression.
198178
*/
199-
DataFlow::Node getAParse() { result = self.getAParse() }
179+
DataFlow::Node getAParse() { result = super.getAParse() }
200180

201181
/**
202182
* Gets this regexp pattern as a string.
203183
*/
204-
string getPattern() { result = self.getPattern() }
184+
string getPattern() { result = super.getPattern() }
205185

206186
/**
207187
* Gets a use of this pattern, either as itself in an argument to a function or as a compiled
208188
* regexp object.
209189
*/
210-
DataFlow::Node getAUse() { result = self.getAUse() }
190+
DataFlow::Node getAUse() { result = super.getAUse() }
211191
}
212192

213193
/** Provides a class for modeling new regular-expression APIs. */
@@ -244,15 +224,11 @@ module RegexpPattern {
244224
* Extend this class to refine existing API models. If you want to model new APIs,
245225
* extend `RegexpMatchFunction::Range` instead.
246226
*/
247-
class RegexpMatchFunction extends Function {
248-
RegexpMatchFunction::Range self;
249-
250-
RegexpMatchFunction() { this = self }
251-
227+
class RegexpMatchFunction extends Function instanceof RegexpMatchFunction::Range {
252228
/**
253229
* Gets the function input that is the regexp being matched.
254230
*/
255-
FunctionInput getRegexpArg() { result = self.getRegexpArg() }
231+
FunctionInput getRegexpArg() { result = super.getRegexpArg() }
256232

257233
/**
258234
* Gets the regexp pattern that is used in the call to this function `call`.
@@ -264,12 +240,12 @@ class RegexpMatchFunction extends Function {
264240
/**
265241
* Gets the function input that is the string being matched against.
266242
*/
267-
FunctionInput getValue() { result = self.getValue() }
243+
FunctionInput getValue() { result = super.getValue() }
268244

269245
/**
270246
* Gets the function output that is the Boolean result of the match function.
271247
*/
272-
FunctionOutput getResult() { result = self.getResult() }
248+
FunctionOutput getResult() { result = super.getResult() }
273249
}
274250

275251
/** Provides a class for modeling new regular-expression matcher APIs. */
@@ -304,15 +280,11 @@ module RegexpMatchFunction {
304280
* Extend this class to refine existing API models. If you want to model new APIs,
305281
* extend `RegexpReplaceFunction::Range` instead.
306282
*/
307-
class RegexpReplaceFunction extends Function {
308-
RegexpReplaceFunction::Range self;
309-
310-
RegexpReplaceFunction() { this = self }
311-
283+
class RegexpReplaceFunction extends Function instanceof RegexpReplaceFunction::Range {
312284
/**
313285
* Gets the function input that is the regexp that matches text to replace.
314286
*/
315-
FunctionInput getRegexpArg() { result = self.getRegexpArg() }
287+
FunctionInput getRegexpArg() { result = super.getRegexpArg() }
316288

317289
/**
318290
* Gets the regexp pattern that is used to match patterns to replace in the call to this function
@@ -326,13 +298,13 @@ class RegexpReplaceFunction extends Function {
326298
* Gets the function input corresponding to the source value, that is, the value that is having
327299
* its contents replaced.
328300
*/
329-
FunctionInput getSource() { result = self.getSource() }
301+
FunctionInput getSource() { result = super.getSource() }
330302

331303
/**
332304
* Gets the function output corresponding to the result, that is, the value after replacement has
333305
* occurred.
334306
*/
335-
FunctionOutput getResult() { result = self.getResult() }
307+
FunctionOutput getResult() { result = super.getResult() }
336308
}
337309

338310
/** Provides a class for modeling new regular-expression replacer APIs. */
@@ -369,13 +341,9 @@ module RegexpReplaceFunction {
369341
* Extend this class to refine existing API models. If you want to model new APIs,
370342
* extend `LoggerCall::Range` instead.
371343
*/
372-
class LoggerCall extends DataFlow::Node {
373-
LoggerCall::Range self;
374-
375-
LoggerCall() { this = self }
376-
344+
class LoggerCall extends DataFlow::Node instanceof LoggerCall::Range {
377345
/** Gets a node that is a part of the logged message. */
378-
DataFlow::Node getAMessageComponent() { result = self.getAMessageComponent() }
346+
DataFlow::Node getAMessageComponent() { result = super.getAMessageComponent() }
379347
}
380348

381349
/** Provides a class for modeling new logging APIs. */
@@ -398,19 +366,15 @@ module LoggerCall {
398366
* Extend this class to refine existing API models. If you want to model new APIs,
399367
* extend `MarshalingFunction::Range` instead.
400368
*/
401-
class MarshalingFunction extends Function {
402-
MarshalingFunction::Range self;
403-
404-
MarshalingFunction() { this = self }
405-
369+
class MarshalingFunction extends Function instanceof MarshalingFunction::Range {
406370
/** Gets an input that is encoded by this function. */
407-
FunctionInput getAnInput() { result = self.getAnInput() }
371+
FunctionInput getAnInput() { result = super.getAnInput() }
408372

409373
/** Gets the output that contains the encoded data produced by this function. */
410-
FunctionOutput getOutput() { result = self.getOutput() }
374+
FunctionOutput getOutput() { result = super.getOutput() }
411375

412376
/** Gets an identifier for the format this function encodes into, such as "JSON". */
413-
string getFormat() { result = self.getFormat() }
377+
string getFormat() { result = super.getFormat() }
414378
}
415379

416380
/** Provides a class for modeling new marshaling APIs. */
@@ -439,19 +403,15 @@ module MarshalingFunction {
439403
* Extend this class to refine existing API models. If you want to model new APIs,
440404
* extend `UnmarshalingFunction::Range` instead.
441405
*/
442-
class UnmarshalingFunction extends Function {
443-
UnmarshalingFunction::Range self;
444-
445-
UnmarshalingFunction() { this = self }
446-
406+
class UnmarshalingFunction extends Function instanceof UnmarshalingFunction::Range {
447407
/** Gets an input that is decoded by this function. */
448-
FunctionInput getAnInput() { result = self.getAnInput() }
408+
FunctionInput getAnInput() { result = super.getAnInput() }
449409

450410
/** Gets the output that contains the decoded data produced by this function. */
451-
FunctionOutput getOutput() { result = self.getOutput() }
411+
FunctionOutput getOutput() { result = super.getOutput() }
452412

453413
/** Gets an identifier for the format this function decodes from, such as "JSON". */
454-
string getFormat() { result = self.getFormat() }
414+
string getFormat() { result = super.getFormat() }
455415
}
456416

457417
/** Provides a class for modeling new unmarshaling APIs. */

go/ql/lib/semmle/go/StringOps.qll

Lines changed: 8 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -12,28 +12,24 @@ module StringOps {
1212
* Extend this class to refine existing API models. If you want to model new APIs,
1313
* extend `StringOps::HasPrefix::Range` instead.
1414
*/
15-
class HasPrefix extends DataFlow::Node {
16-
HasPrefix::Range range;
17-
18-
HasPrefix() { range = this }
19-
15+
class HasPrefix extends DataFlow::Node instanceof HasPrefix::Range {
2016
/**
2117
* Gets the `A` in `strings.HasPrefix(A, B)`.
2218
*/
23-
DataFlow::Node getBaseString() { result = range.getBaseString() }
19+
DataFlow::Node getBaseString() { result = super.getBaseString() }
2420

2521
/**
2622
* Gets the `B` in `strings.HasPrefix(A, B)`.
2723
*/
28-
DataFlow::Node getSubstring() { result = range.getSubstring() }
24+
DataFlow::Node getSubstring() { result = super.getSubstring() }
2925

3026
/**
3127
* Gets the polarity of the check.
3228
*
3329
* If the polarity is `false` the check returns `true` if the string does not start
3430
* with the given substring.
3531
*/
36-
boolean getPolarity() { result = range.getPolarity() }
32+
boolean getPolarity() { result = super.getPolarity() }
3733
}
3834

3935
class StartsWith = HasPrefix;
@@ -241,25 +237,21 @@ module StringOps {
241237
* Extend this class to refine existing API models. If you want to model new APIs,
242238
* extend `StringOps::Concatenation::Range` instead.
243239
*/
244-
class Concatenation extends DataFlow::Node {
245-
Concatenation::Range self;
246-
247-
Concatenation() { this = self }
248-
240+
class Concatenation extends DataFlow::Node instanceof Concatenation::Range {
249241
/**
250242
* Gets the `n`th operand of this string concatenation, if there is a data-flow node for it.
251243
*/
252-
DataFlow::Node getOperand(int n) { result = self.getOperand(n) }
244+
DataFlow::Node getOperand(int n) { result = super.getOperand(n) }
253245

254246
/**
255247
* Gets the string value of the `n`th operand of this string concatenation, if it is a constant.
256248
*/
257-
string getOperandStringValue(int n) { result = self.getOperandStringValue(n) }
249+
string getOperandStringValue(int n) { result = super.getOperandStringValue(n) }
258250

259251
/**
260252
* Gets the number of operands of this string concatenation.
261253
*/
262-
int getNumOperand() { result = self.getNumOperand() }
254+
int getNumOperand() { result = super.getNumOperand() }
263255
}
264256

265257
/** Provides predicates and classes for working with string concatenations. */

go/ql/lib/semmle/go/concepts/GeneratedFile.qll

Lines changed: 1 addition & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -43,8 +43,4 @@ module GeneratedFile {
4343
* Extend this class to refine existing API models. If you want to model new APIs,
4444
* extend `GeneratedFile::Range` instead.
4545
*/
46-
class GeneratedFile extends File {
47-
GeneratedFile::Range self;
48-
49-
GeneratedFile() { this = self }
50-
}
46+
class GeneratedFile extends File instanceof GeneratedFile::Range { }

0 commit comments

Comments
 (0)