Merge branch 'main' into marcono1234/deprecate-StringLiteral-getRepresentedString

Author: Marcono1234

docs/codeql/support/reusables/frameworks.rst

@@ -171,6 +171,7 @@ Python built-in support
    multidict, Utility library
    yarl, Utility library
    aioch, Database
+   asyncpg, Database
    clickhouse-driver, Database
    mysql-connector-python, Database
    mysql-connector, Database

java/change-notes/2021-10-29-optional-lambda-flow.md

@@ -0,0 +1,2 @@
+lgtm,codescanning
+* Added data flow models for lambda methods on `java.util.Optional`.

java/ql/lib/semmle/code/java/Expr.qll

@@ -298,18 +298,15 @@ class CompileTimeConstantExpr extends Expr {
    *
    * Note that this does not handle the following cases:
    *
-   * - values of type `long`,
-   * - `char` literals.
+   * - values of type `long`.
    */
   cached
   int getIntValue() {
     exists(IntegralType t | this.getType() = t | t.getName().toLowerCase() != "long") and
     (
-      exists(string lit | lit = this.(Literal).getValue() |
-        // `char` literals may get parsed incorrectly, so disallow.
-        not this instanceof CharacterLiteral and
-        result = lit.toInt()
-      )
+      result = this.(IntegerLiteral).getIntValue()
+      or
+      result = this.(CharacterLiteral).getCodePointValue()
       or
       exists(CastExpr cast, int val |
         cast = this and val = cast.getExpr().(CompileTimeConstantExpr).getIntValue()
@@ -719,6 +716,22 @@ class DoubleLiteral extends Literal, @doubleliteral {
 /** A character literal. For example, `'\n'`. */
 class CharacterLiteral extends Literal, @characterliteral {
   override string getAPrimaryQlClass() { result = "CharacterLiteral" }
+
+  /**
+   * Gets a string which consists of the single character represented by
+   * this literal.
+   *
+   * Unicode surrogate characters (U+D800 to U+DFFF) have the replacement character
+   * U+FFFD as result instead.
+   */
+  override string getValue() { result = super.getValue() }
+
+  /**
+   * Gets the Unicode code point value of the character represented by
+   * this literal. The result is the same as if the Java code had cast
+   * the character to an `int`.
+   */
+  int getCodePointValue() { result.toUnicode() = this.getValue() }
 }
 
 /**

java/ql/lib/semmle/code/java/Type.qll

@@ -1123,7 +1123,10 @@ predicate erasedHaveIntersection(RefType t1, RefType t2) {
   t2 = erase(_)
 }
 
-/** An integral type, which may be either a primitive or a boxed type. */
+/**
+ * An integral type, which may be either a primitive or a boxed type.
+ * This includes the types `char` and `Character`.
+ */
 class IntegralType extends Type {
   IntegralType() {
     exists(string name |

java/ql/lib/semmle/code/java/frameworks/Optional.qll

@@ -7,13 +7,22 @@ private class OptionalModel extends SummaryModelCsv {
     s =
       [
         "java.util;Optional;false;filter;;;Element of Argument[-1];Element of ReturnValue;value",
+        "java.util;Optional;false;filter;;;Element of Argument[-1];Parameter[0] of Argument[0];value",
+        "java.util;Optional;false;flatMap;;;Element of Argument[-1];Parameter[0] of Argument[0];value",
+        "java.util;Optional;false;flatMap;;;ReturnValue of Argument[0];ReturnValue;value",
         "java.util;Optional;false;get;;;Element of Argument[-1];ReturnValue;value",
+        "java.util;Optional;false;ifPresent;;;Element of Argument[-1];Parameter[0] of Argument[0];value",
+        "java.util;Optional;false;ifPresentOrElse;;;Element of Argument[-1];Parameter[0] of Argument[0];value",
+        "java.util;Optional;false;map;;;Element of Argument[-1];Parameter[0] of Argument[0];value",
+        "java.util;Optional;false;map;;;ReturnValue of Argument[0];Element of ReturnValue;value",
         "java.util;Optional;false;of;;;Argument[0];Element of ReturnValue;value",
         "java.util;Optional;false;ofNullable;;;Argument[0];Element of ReturnValue;value",
         "java.util;Optional;false;or;;;Element of Argument[-1];Element of ReturnValue;value",
+        "java.util;Optional;false;or;;;ReturnValue of Argument[0];ReturnValue;value",
         "java.util;Optional;false;orElse;;;Element of Argument[-1];ReturnValue;value",
         "java.util;Optional;false;orElse;;;Argument[0];ReturnValue;value",
         "java.util;Optional;false;orElseGet;;;Element of Argument[-1];ReturnValue;value",
+        "java.util;Optional;false;orElseGet;;;ReturnValue of Argument[0];ReturnValue;value",
         "java.util;Optional;false;orElseThrow;;;Element of Argument[-1];ReturnValue;value",
         "java.util;Optional;false;stream;;;Element of Argument[-1];Element of ReturnValue;value"
       ]

java/ql/test/library-tests/constants/constants/Values.java

@@ -16,7 +16,7 @@ void values(final int notConstant) {
         int binary_literal = 0b101010; //42
         int negative_binary_literal = -0b101010; //-42
         int binary_literal_underscores = 0b1_0101_0; //42
-        char char_literal = '*'; //Not handled
+        char char_literal = '*'; //42
         long long_literal = 42L; //Not handled
         boolean boolean_literal = true; //true
         Integer boxed_int = new Integer(42); //Not handled
@@ -30,7 +30,7 @@ void values(final int notConstant) {
         byte downcast_byte_4 = (byte) 214; // -42
         byte downcast_byte_5 = (byte) (-214); // 42
         short downcast_short = (short) 32768; // -32768
-        int cast_of_non_constant = (int) '*'; //Not handled
+        int cast_of_non_constant = (int) '*'; //42
         long cast_to_long = (long) 42; //Not handled
 
         int unary_plus = +42; //42

java/ql/test/library-tests/constants/getIntValue.expected

@@ -9,6 +9,7 @@
 | constants/Values.java:16:30:16:37 | 0b101010 | 42 |
 | constants/Values.java:17:39:17:47 | -... | -42 |
 | constants/Values.java:18:42:18:51 | 0b1_0101_0 | 42 |
+| constants/Values.java:19:29:19:31 | '*' | 42 |
 | constants/Values.java:25:20:25:27 | (...)... | 42 |
 | constants/Values.java:26:25:26:33 | (...)... | 42 |
 | constants/Values.java:27:32:27:43 | (...)... | -42 |
@@ -17,6 +18,7 @@
 | constants/Values.java:30:32:30:41 | (...)... | -42 |
 | constants/Values.java:31:32:31:44 | (...)... | 42 |
 | constants/Values.java:32:32:32:44 | (...)... | -32768 |
+| constants/Values.java:33:36:33:44 | (...)... | 42 |
 | constants/Values.java:36:26:36:28 | +... | 42 |
 | constants/Values.java:39:27:39:29 | -... | -42 |
 | constants/Values.java:43:27:43:28 | ~... | -1 |

java/ql/test/library-tests/literals/charLiterals/CharLiterals.java

@@ -13,6 +13,7 @@ public class CharLiterals {
 		'\\',
 		'\'',
 		'\123', // octal escape sequence for 'S'
+		// CodeQL uses U+FFFD for unpaired surrogates, see https://github.com/github/codeql/issues/6611
 		'\uD800', // high surrogate
 		'\uDC00', // low surrogate
 		// Using Unicode escapes (which are handled during pre-processing)

java/ql/test/library-tests/literals/charLiterals/charLiterals.expected

@@ -1,20 +1,20 @@
-| CharLiterals.java:5:3:5:5 | 'a' | a |
-| CharLiterals.java:6:3:6:10 | '\\u0061' | a |
-| CharLiterals.java:7:3:7:10 | '\\u0000' | \u0000 |
-| CharLiterals.java:8:3:8:10 | '\\uFFFF' | \uffff |
-| CharLiterals.java:9:3:9:10 | '\\ufFfF' | \uffff |
-| CharLiterals.java:10:3:10:6 | '\\0' | \u0000 |
-| CharLiterals.java:11:3:11:6 | '\\n' | \n |
-| CharLiterals.java:12:3:12:5 | '"' | " |
-| CharLiterals.java:13:3:13:6 | '\\\\' | \\ |
-| CharLiterals.java:14:3:14:6 | '\\'' | ' |
-| CharLiterals.java:15:3:15:8 | '\\123' | S |
-| CharLiterals.java:16:3:16:10 | '\\uD800' | \ufffd |
-| CharLiterals.java:17:3:17:10 | '\\uDC00' | \ufffd |
-| CharLiterals.java:19:3:19:16 | '\\u005C\\u005C' | \\ |
-| CharLiterals.java:20:3:20:16 | '\\u005C\\u0027' | ' |
-| CharLiterals.java:21:8:21:15 | 7a\\u0027 | a |
-| CharLiterals.java:26:4:26:6 | 'a' | a |
-| CharLiterals.java:27:4:27:6 | 'a' | a |
-| CharLiterals.java:32:3:32:5 | 'a' | a |
-| CharLiterals.java:32:9:32:11 | 'b' | b |
+| CharLiterals.java:5:3:5:5 | 'a' | a | 97 |
+| CharLiterals.java:6:3:6:10 | '\\u0061' | a | 97 |
+| CharLiterals.java:7:3:7:10 | '\\u0000' | \u0000 | 0 |
+| CharLiterals.java:8:3:8:10 | '\\uFFFF' | \uffff | 65535 |
+| CharLiterals.java:9:3:9:10 | '\\ufFfF' | \uffff | 65535 |
+| CharLiterals.java:10:3:10:6 | '\\0' | \u0000 | 0 |
+| CharLiterals.java:11:3:11:6 | '\\n' | \n | 10 |
+| CharLiterals.java:12:3:12:5 | '"' | " | 34 |
+| CharLiterals.java:13:3:13:6 | '\\\\' | \\ | 92 |
+| CharLiterals.java:14:3:14:6 | '\\'' | ' | 39 |
+| CharLiterals.java:15:3:15:8 | '\\123' | S | 83 |
+| CharLiterals.java:17:3:17:10 | '\\uD800' | \ufffd | 65533 |
+| CharLiterals.java:18:3:18:10 | '\\uDC00' | \ufffd | 65533 |
+| CharLiterals.java:20:3:20:16 | '\\u005C\\u005C' | \\ | 92 |
+| CharLiterals.java:21:3:21:16 | '\\u005C\\u0027' | ' | 39 |
+| CharLiterals.java:22:8:22:15 | 7a\\u0027 | a | 97 |
+| CharLiterals.java:27:4:27:6 | 'a' | a | 97 |
+| CharLiterals.java:28:4:28:6 | 'a' | a | 97 |
+| CharLiterals.java:33:3:33:5 | 'a' | a | 97 |
+| CharLiterals.java:33:9:33:11 | 'b' | b | 98 |

java/ql/test/library-tests/literals/charLiterals/charLiterals.ql

@@ -1,4 +1,4 @@
 import semmle.code.java.Expr
 
 from CharacterLiteral lit
-select lit, lit.getValue()
+select lit, lit.getValue(), lit.getCodePointValue()