github
diff --git a/‎.github/workflows/ql-for-ql-tests.yml
Lines changed: 58 additions & 4 deletions b/‎.github/workflows/ql-for-ql-tests.yml
Lines changed: 58 additions & 4 deletions
diff --git a/‎.github/workflows/ruby-build.yml
Lines changed: 3 additions & 19 deletions b/‎.github/workflows/ruby-build.yml
Lines changed: 3 additions & 19 deletions
diff --git a/‎cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowImplConsistency.qll
Lines changed: 12 additions & 0 deletions b/‎cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowImplConsistency.qll
Lines changed: 12 additions & 0 deletions
diff --git a/‎cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplConsistency.qll
Lines changed: 12 additions & 0 deletions b/‎cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplConsistency.qll
Lines changed: 12 additions & 0 deletions
diff --git a/‎cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImplConsistency.qll
Lines changed: 12 additions & 0 deletions b/‎cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImplConsistency.qll
Lines changed: 12 additions & 0 deletions
diff --git a/‎cpp/ql/src/Security/CWE/CWE-290/AuthenticationBypass.ql
Lines changed: 13 additions & 65 deletions b/‎cpp/ql/src/Security/CWE/CWE-290/AuthenticationBypass.ql
Lines changed: 13 additions & 65 deletions
diff --git a/‎cpp/ql/test/library-tests/ir/ir/PrintAST.expected
Lines changed: 29 additions & 28 deletions b/‎cpp/ql/test/library-tests/ir/ir/PrintAST.expected
Lines changed: 29 additions & 28 deletions
diff --git a/‎cpp/ql/test/library-tests/ir/ir/bad_asts.cpp
Lines changed: 1 addition & 7 deletions b/‎cpp/ql/test/library-tests/ir/ir/bad_asts.cpp
Lines changed: 1 addition & 7 deletions
@@ -33,19 +33,73 @@ jobs:
             ~/.cargo/registry
             ~/.cargo/git
             ql/target
-          key: ${{ runner.os }}-${{ steps.os_version.outputs.version }}-qltest-cargo-${{ hashFiles('ql/**/Cargo.lock') }}
+          key: ${{ runner.os }}-${{ steps.os_version.outputs.version }}-qltest-cargo-${{ hashFiles('ql/rust-toolchain.toml', 'ql/**/Cargo.lock') }}
       - name: Build extractor
         run: |
           cd ql;
           codeqlpath=$(dirname ${{ steps.find-codeql.outputs.codeql-path }});
           env "PATH=$PATH:$codeqlpath" ./scripts/create-extractor-pack.sh
+      - name: Cache compilation cache
+        id: query-cache
+        uses: ./.github/actions/cache-query-compilation
+        with: 
+          key: ql-for-ql-tests
       - name: Run QL tests
         run: |
-          "${CODEQL}" test run --check-databases --check-unused-labels --check-repeated-labels --check-redefined-labels --check-use-before-definition --search-path "${{ github.workspace }}/ql/extractor-pack" --consistency-queries ql/ql/consistency-queries ql/ql/test
+          "${CODEQL}" test run --check-databases --check-unused-labels --check-repeated-labels --check-redefined-labels --check-use-before-definition --search-path "${{ github.workspace }}/ql/extractor-pack" --consistency-queries ql/ql/consistency-queries --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}" ql/ql/test
         env:
           CODEQL: ${{ steps.find-codeql.outputs.codeql-path }}
-      - name: Check QL formatting
+
+  other-os: 
+    strategy:
+      matrix:
+        os: [macos-latest, windows-latest]
+    needs: [qltest]
+    runs-on: ${{ matrix.os }}
+    steps:
+      - uses: actions/checkout@v3
+      - name: Install GNU tar 
+        if: runner.os == 'macOS'
+        run: |
+          brew install gnu-tar
+          echo "/usr/local/opt/gnu-tar/libexec/gnubin" >> $GITHUB_PATH
+      - name: Find codeql
+        id: find-codeql
+        uses: github/codeql-action/init@77a8d2d10c0b403a8b4aadbd223dc489ecd22683
+        with:
+          languages: javascript # does not matter
+      - uses: ./.github/actions/os-version
+        id: os_version
+      - uses: actions/cache@v3
+        with:
+          path: |
+            ~/.cargo/registry
+            ~/.cargo/git
+            ql/target
+          key: ${{ runner.os }}-${{ steps.os_version.outputs.version }}-qltest-cargo-${{ hashFiles('ql/rust-toolchain.toml', 'ql/**/Cargo.lock') }}
+      - name: Build extractor
+        if: runner.os != 'Windows'
+        run: |
+          cd ql;
+          codeqlpath=$(dirname ${{ steps.find-codeql.outputs.codeql-path }});
+          env "PATH=$PATH:$codeqlpath" ./scripts/create-extractor-pack.sh
+      - name: Build extractor (Windows)
+        if: runner.os == 'Windows'
+        shell: pwsh
         run: |
-          find ql/ql/src "(" -name "*.ql" -or -name "*.qll" ")" -print0 | xargs -0 "${CODEQL}" query format --check-only
+          cd ql;
+          $Env:PATH += ";$(dirname ${{ steps.find-codeql.outputs.codeql-path }})"
+          pwsh ./scripts/create-extractor-pack.ps1
+      - name: Run a single QL tests - Unix
+        if: runner.os != 'Windows'
+        run: |
+          "${CODEQL}" test run --check-databases --search-path "${{ github.workspace }}/ql/extractor-pack" ql/ql/test/queries/style/DeadCode/DeadCode.qlref
         env:
           CODEQL: ${{ steps.find-codeql.outputs.codeql-path }}
+      - name: Run a single QL tests - Windows
+        if: runner.os == 'Windows'
+        shell: pwsh
+        run: |
+          $Env:PATH += ";$(dirname ${{ steps.find-codeql.outputs.codeql-path }})"
+          codeql test run --check-databases --search-path "${{ github.workspace }}/ql/extractor-pack" ql/ql/test/queries/style/DeadCode/DeadCode.qlref
+      
@@ -205,11 +205,6 @@ jobs:
       - name: Fetch CodeQL
         uses: ./.github/actions/fetch-codeql
 
-      - uses: actions/checkout@v3
-        with:
-          repository: Shopify/example-ruby-app
-          ref: 67a0decc5eb550f3a9228eda53925c3afd40dfe9
-
       - name: Download Ruby bundle
         uses: actions/download-artifact@v3
         with:
@@ -218,26 +213,15 @@ jobs:
       - name: Unzip Ruby bundle
         shell: bash
         run: unzip -q -d "${{ runner.temp }}/ruby-bundle" "${{ runner.temp }}/codeql-ruby-bundle.zip"
-      - name: Prepare test files
-        shell: bash
-        run: |
-          echo "import codeql.ruby.AST select count(File f)" > "test.ql"
-          echo "| 4 |" > "test.expected"
-          echo 'name: sample-tests
-          version: 0.0.0
-          dependencies:
-            codeql/ruby-all: "*"
-          extractor: ruby
-          tests: .
-          ' > qlpack.yml
+
       - name: Run QL test
         shell: bash
         run: |
-          codeql test run --search-path "${{ runner.temp }}/ruby-bundle" --additional-packs "${{ runner.temp }}/ruby-bundle" .
+          codeql test run --search-path "${{ runner.temp }}/ruby-bundle" --additional-packs "${{ runner.temp }}/ruby-bundle" ruby/ql/test/library-tests/ast/constants/
       - name: Create database
         shell: bash
         run: |
-          codeql database create --search-path "${{ runner.temp }}/ruby-bundle" --language ruby --source-root . ../database
+          codeql database create --search-path "${{ runner.temp }}/ruby-bundle" --language ruby --source-root ruby/ql/test/library-tests/ast/constants/ ../database
       - name: Analyze database
         shell: bash
         run: |
 
@@ -45,6 +45,16 @@ module Consistency {
     ) {
       none()
     }
+
+    /** Holds if `(c, pos, p)` should be excluded from the consistency test `uniqueParameterNodeAtPosition`. */
+    predicate uniqueParameterNodeAtPositionExclude(DataFlowCallable c, ParameterPosition pos, Node p) {
+      none()
+    }
+
+    /** Holds if `(c, pos, p)` should be excluded from the consistency test `uniqueParameterNodePosition`. */
+    predicate uniqueParameterNodePositionExclude(DataFlowCallable c, ParameterPosition pos, Node p) {
+      none()
+    }
   }
 
   private class RelevantNode extends Node {
@@ -246,6 +256,7 @@ module Consistency {
   query predicate uniqueParameterNodeAtPosition(
     DataFlowCallable c, ParameterPosition pos, Node p, string msg
   ) {
+    not any(ConsistencyConfiguration conf).uniqueParameterNodeAtPositionExclude(c, pos, p) and
     isParameterNode(p, c, pos) and
     not exists(unique(Node p0 | isParameterNode(p0, c, pos))) and
     msg = "Parameters with overlapping positions."
@@ -254,6 +265,7 @@ module Consistency {
   query predicate uniqueParameterNodePosition(
     DataFlowCallable c, ParameterPosition pos, Node p, string msg
   ) {
+    not any(ConsistencyConfiguration conf).uniqueParameterNodePositionExclude(c, pos, p) and
     isParameterNode(p, c, pos) and
     not exists(unique(ParameterPosition pos0 | isParameterNode(p, c, pos0))) and
     msg = "Parameter node with multiple positions."
 
@@ -45,6 +45,16 @@ module Consistency {
     ) {
       none()
     }
+
+    /** Holds if `(c, pos, p)` should be excluded from the consistency test `uniqueParameterNodeAtPosition`. */
+    predicate uniqueParameterNodeAtPositionExclude(DataFlowCallable c, ParameterPosition pos, Node p) {
+      none()
+    }
+
+    /** Holds if `(c, pos, p)` should be excluded from the consistency test `uniqueParameterNodePosition`. */
+    predicate uniqueParameterNodePositionExclude(DataFlowCallable c, ParameterPosition pos, Node p) {
+      none()
+    }
   }
 
   private class RelevantNode extends Node {
@@ -246,6 +256,7 @@ module Consistency {
   query predicate uniqueParameterNodeAtPosition(
     DataFlowCallable c, ParameterPosition pos, Node p, string msg
   ) {
+    not any(ConsistencyConfiguration conf).uniqueParameterNodeAtPositionExclude(c, pos, p) and
     isParameterNode(p, c, pos) and
     not exists(unique(Node p0 | isParameterNode(p0, c, pos))) and
     msg = "Parameters with overlapping positions."
@@ -254,6 +265,7 @@ module Consistency {
   query predicate uniqueParameterNodePosition(
     DataFlowCallable c, ParameterPosition pos, Node p, string msg
   ) {
+    not any(ConsistencyConfiguration conf).uniqueParameterNodePositionExclude(c, pos, p) and
     isParameterNode(p, c, pos) and
     not exists(unique(ParameterPosition pos0 | isParameterNode(p, c, pos0))) and
     msg = "Parameter node with multiple positions."
 
@@ -45,6 +45,16 @@ module Consistency {
     ) {
       none()
     }
+
+    /** Holds if `(c, pos, p)` should be excluded from the consistency test `uniqueParameterNodeAtPosition`. */
+    predicate uniqueParameterNodeAtPositionExclude(DataFlowCallable c, ParameterPosition pos, Node p) {
+      none()
+    }
+
+    /** Holds if `(c, pos, p)` should be excluded from the consistency test `uniqueParameterNodePosition`. */
+    predicate uniqueParameterNodePositionExclude(DataFlowCallable c, ParameterPosition pos, Node p) {
+      none()
+    }
   }
 
   private class RelevantNode extends Node {
@@ -246,6 +256,7 @@ module Consistency {
   query predicate uniqueParameterNodeAtPosition(
     DataFlowCallable c, ParameterPosition pos, Node p, string msg
   ) {
+    not any(ConsistencyConfiguration conf).uniqueParameterNodeAtPositionExclude(c, pos, p) and
     isParameterNode(p, c, pos) and
     not exists(unique(Node p0 | isParameterNode(p0, c, pos))) and
     msg = "Parameters with overlapping positions."
@@ -254,6 +265,7 @@ module Consistency {
   query predicate uniqueParameterNodePosition(
     DataFlowCallable c, ParameterPosition pos, Node p, string msg
   ) {
+    not any(ConsistencyConfiguration conf).uniqueParameterNodePositionExclude(c, pos, p) and
     isParameterNode(p, c, pos) and
     not exists(unique(ParameterPosition pos0 | isParameterNode(p, c, pos0))) and
     msg = "Parameter node with multiple positions."
 
@@ -15,76 +15,24 @@
 import semmle.code.cpp.ir.dataflow.internal.DefaultTaintTrackingImpl
 import TaintedWithPath
 
+string getATopLevelDomain() {
+  result =
+    [
+      "com", "ru", "net", "org", "de", "jp", "uk", "br", "pl", "in", "it", "fr", "au", "info", "nl",
+      "cn", "ir", "es", "cz", "biz", "ca", "eu", "ua", "kr", "za", "co", "gr", "ro", "se", "tw",
+      "vn", "mx", "ch", "tr", "at", "be", "hu", "tv", "dk", "me", "ar", "us", "no", "sk", "fi",
+      "id", "cl", "nz", "by", "xyz", "pt", "ie", "il", "kz", "my", "hk", "lt", "cc", "sg", "io",
+      "edu", "gov"
+    ]
+}
+
 predicate hardCodedAddressOrIP(StringLiteral txt) {
   exists(string s | s = txt.getValueText() |
     // Hard-coded ip addresses, such as 127.0.0.1
     s.regexpMatch("\"[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+\"") or
     // Hard-coded addresses such as www.mycompany.com
-    s.matches("\"www.%\"") or
-    s.matches("\"http:%\"") or
-    s.matches("\"https:%\"") or
-    s.matches("\"%.com\"") or
-    s.matches("\"%.ru\"") or
-    s.matches("\"%.net\"") or
-    s.matches("\"%.org\"") or
-    s.matches("\"%.de\"") or
-    s.matches("\"%.jp\"") or
-    s.matches("\"%.uk\"") or
-    s.matches("\"%.br\"") or
-    s.matches("\"%.pl\"") or
-    s.matches("\"%.in\"") or
-    s.matches("\"%.it\"") or
-    s.matches("\"%.fr\"") or
-    s.matches("\"%.au\"") or
-    s.matches("\"%.info\"") or
-    s.matches("\"%.nl\"") or
-    s.matches("\"%.cn\"") or
-    s.matches("\"%.ir\"") or
-    s.matches("\"%.es\"") or
-    s.matches("\"%.cz\"") or
-    s.matches("\"%.biz\"") or
-    s.matches("\"%.ca\"") or
-    s.matches("\"%.eu\"") or
-    s.matches("\"%.ua\"") or
-    s.matches("\"%.kr\"") or
-    s.matches("\"%.za\"") or
-    s.matches("\"%.co\"") or
-    s.matches("\"%.gr\"") or
-    s.matches("\"%.ro\"") or
-    s.matches("\"%.se\"") or
-    s.matches("\"%.tw\"") or
-    s.matches("\"%.vn\"") or
-    s.matches("\"%.mx\"") or
-    s.matches("\"%.ch\"") or
-    s.matches("\"%.tr\"") or
-    s.matches("\"%.at\"") or
-    s.matches("\"%.be\"") or
-    s.matches("\"%.hu\"") or
-    s.matches("\"%.tv\"") or
-    s.matches("\"%.dk\"") or
-    s.matches("\"%.me\"") or
-    s.matches("\"%.ar\"") or
-    s.matches("\"%.us\"") or
-    s.matches("\"%.no\"") or
-    s.matches("\"%.sk\"") or
-    s.matches("\"%.fi\"") or
-    s.matches("\"%.id\"") or
-    s.matches("\"%.cl\"") or
-    s.matches("\"%.nz\"") or
-    s.matches("\"%.by\"") or
-    s.matches("\"%.xyz\"") or
-    s.matches("\"%.pt\"") or
-    s.matches("\"%.ie\"") or
-    s.matches("\"%.il\"") or
-    s.matches("\"%.kz\"") or
-    s.matches("\"%.my\"") or
-    s.matches("\"%.hk\"") or
-    s.matches("\"%.lt\"") or
-    s.matches("\"%.cc\"") or
-    s.matches("\"%.sg\"") or
-    s.matches("\"%.io\"") or
-    s.matches("\"%.edu\"") or
-    s.matches("\"%.gov\"")
+    s.regexpMatch("\"(www\\.|http:|https:).*\"") or
+    s.regexpMatch("\".*\\.(" + strictconcat(getATopLevelDomain(), "|") + ")\"")
   )
 }
 
 
@@ -207,34 +207,35 @@ bad_asts.cpp:
 #   27|                 Type = [SpecifiedType] const Point
 #   27|                 ValueCategory = lvalue
 #   28|     getStmt(1): [ReturnStmt] return ...
-#   30| [TopLevelFunction] void Bad::errorExpr()
-#   30|   <params>: 
-#   30|   getEntryPoint(): [BlockStmt] { ... }
-#   31|     getStmt(0): [DeclStmt] declaration
-#   31|       getDeclarationEntry(0): [VariableDeclarationEntry] definition of intref
-#   31|           Type = [LValueReferenceType] int &
-#   31|         getVariable().getInitializer(): [Initializer] initializer for intref
-#   31|           getExpr(): [ErrorExpr] <error expr>
-#   31|               Type = [ErroneousType] error
-#   31|               ValueCategory = prvalue
-#   32|     getStmt(1): [DeclStmt] declaration
-#   32|       getDeclarationEntry(0): [VariableDeclarationEntry] definition of x
-#   32|           Type = [IntType] int
-#   32|         getVariable().getInitializer(): [Initializer] initializer for x
-#   32|           getExpr(): [ErrorExpr] <error expr>
-#   32|               Type = [ErroneousType] error
-#   32|               ValueCategory = prvalue
-#   33|     getStmt(2): [ExprStmt] ExprStmt
-#   33|       getExpr(): [AssignExpr] ... = ...
-#   33|           Type = [IntType] int
-#   33|           ValueCategory = lvalue
-#   33|         getLValue(): [VariableAccess] x
-#   33|             Type = [IntType] int
-#   33|             ValueCategory = lvalue
-#   33|         getRValue(): [ErrorExpr] <error expr>
-#   33|             Type = [ErroneousType] error
-#   33|             ValueCategory = prvalue(load)
-#   34|     getStmt(3): [ReturnStmt] return ...
+bad_stmts.cpp:
+#    5| [TopLevelFunction] void Bad::errorExpr()
+#    5|   <params>: 
+#    5|   getEntryPoint(): [BlockStmt] { ... }
+#    6|     getStmt(0): [DeclStmt] declaration
+#    6|       getDeclarationEntry(0): [VariableDeclarationEntry] definition of intref
+#    6|           Type = [LValueReferenceType] int &
+#    6|         getVariable().getInitializer(): [Initializer] initializer for intref
+#    6|           getExpr(): [ErrorExpr] <error expr>
+#    6|               Type = [ErroneousType] error
+#    6|               ValueCategory = prvalue
+#    7|     getStmt(1): [DeclStmt] declaration
+#    7|       getDeclarationEntry(0): [VariableDeclarationEntry] definition of x
+#    7|           Type = [IntType] int
+#    7|         getVariable().getInitializer(): [Initializer] initializer for x
+#    7|           getExpr(): [ErrorExpr] <error expr>
+#    7|               Type = [ErroneousType] error
+#    7|               ValueCategory = prvalue
+#    8|     getStmt(2): [ExprStmt] ExprStmt
+#    8|       getExpr(): [AssignExpr] ... = ...
+#    8|           Type = [IntType] int
+#    8|           ValueCategory = lvalue
+#    8|         getLValue(): [VariableAccess] x
+#    8|             Type = [IntType] int
+#    8|             ValueCategory = lvalue
+#    8|         getRValue(): [ErrorExpr] <error expr>
+#    8|             Type = [ErroneousType] error
+#    8|             ValueCategory = prvalue(load)
+#    9|     getStmt(3): [ReturnStmt] return ...
 clang.cpp:
 #    5| [TopLevelFunction] int* globalIntAddress()
 #    5|   <params>: 
 
@@ -1,4 +1,4 @@
-// semmle-extractor-options: -std=c++17 --expect_errors
+// semmle-extractor-options: -std=c++17
 
 // Test cases that illustrate known bad ASTs that we have to work around in IR generation.
 namespace Bad {
@@ -26,10 +26,4 @@ namespace Bad {
   void CallCopyConstructor(const Point& a) {
     Point b = a;  // Copy constructor contains literal expressions with no values.
   }
-
-  void errorExpr() {
-    int &intref = 0;
-    int x = 0[0];
-    x = 1[1];
-  }
 }