Merge branch 'main' into experimental-archive-api

Author: thiggy1342

csharp/ql/src/utils/model-generator/CaptureSinkModels.ql

@@ -1,6 +1,6 @@
 /**
  * @name Capture sink models.
- * @description Finds public methods that act as sinks as they flow into a a known sink.
+ * @description Finds public methods that act as sinks as they flow into a known sink.
  * @kind diagnostic
  * @id cs/utils/model-generator/sink-models
  * @tags model-generator

java/ql/src/utils/model-generator/CaptureSinkModels.ql

@@ -1,6 +1,6 @@
 /**
  * @name Capture sink models.
- * @description Finds public methods that act as sinks as they flow into a a known sink.
+ * @description Finds public methods that act as sinks as they flow into a known sink.
  * @kind diagnostic
  * @id java/utils/model-generator/sink-models
  * @tags model-generator

javascript/ql/src/meta/alerts/LibraryInputs.ql

@@ -0,0 +1,14 @@
+/**
+ * @name Library inputs
+ * @description An input coming from the client of a library
+ * @kind problem
+ * @problem.severity recommendation
+ * @id js/meta/alerts/library-inputs
+ * @tags meta
+ * @precision very-low
+ */
+
+import javascript
+import semmle.javascript.PackageExports
+
+select getALibraryInputParameter(), "Library input"

swift/ql/lib/codeql/swift/dataflow/internal/TaintTrackingPublic.qll

@@ -20,3 +20,10 @@ predicate localExprTaint(DataFlowExpr e1, DataFlowExpr e2) {
 }
 
 predicate localTaintStep = localTaintStepCached/2;
+
+/**
+ * Holds if default `TaintTracking::Configuration`s should allow implicit reads
+ * of `c` at sinks and inputs to additional taint steps.
+ */
+bindingset[node]
+predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::Content c) { none() }

swift/ql/src/queries/placeholder.ql

@@ -0,0 +1,9 @@
+/**
+ * @kind problem
+ * @id swift/placeholder
+ */
+
+import swift
+
+from IntegerLiteralExpr lit
+select lit, "A literal"