Merge pull request #284 from github/hvitved/instanceof-test

hvitved · web-flow · commit 8ce7fdc59a60 · 2021-09-07T13:01:43.000+02:00
Use `instanceof` base classes
diff --git a/.devcontainer/post_attach.sh b/.devcontainer/post_attach.sh
@@ -3,7 +3,7 @@ set -xe
 
 echo "Check installed CodeQL version"
 CURRENT_CODEQL_BIN=$(readlink -e /usr/local/bin/codeql || echo "")
-LATEST=$(gh release list --repo https://github.com/github/codeql-cli-binaries | cut -f 1 | sort --version-sort | tail -1)
+LATEST=$(gh release list --repo https://github.com/github/codeql-cli-binaries | cut -f 1 | grep -v beta | sort --version-sort | tail -1)
 
 BASE_DIR=/home/vscode/codeql-binaries
 mkdir -p "${BASE_DIR}"
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -75,7 +75,7 @@ jobs:
       - uses: actions/checkout@v2
       - name: Fetch CodeQL
         run: |
-          LATEST=$(gh release list --repo https://github.com/github/codeql-cli-binaries | cut -f 1 | sort --version-sort | tail -1)
+          LATEST=$(gh release list --repo https://github.com/github/codeql-cli-binaries | cut -f 1 | grep -v beta | sort --version-sort | tail -1)
           gh release download --repo https://github.com/github/codeql-cli-binaries --pattern codeql-linux64.zip "$LATEST"
           unzip -q codeql-linux64.zip
         env:
@@ -185,7 +185,7 @@ jobs:
       - name: Fetch CodeQL
         shell: bash
         run: |
-          LATEST=$(gh release list --repo https://github.com/github/codeql-cli-binaries | cut -f 1 | sort --version-sort | tail -1)
+          LATEST=$(gh release list --repo https://github.com/github/codeql-cli-binaries | cut -f 1 | grep -v beta | sort --version-sort | tail -1)
           gh release download --repo https://github.com/github/codeql-cli-binaries --pattern codeql.zip "$LATEST"
           unzip -q codeql.zip
         env:
diff --git a/.github/workflows/dataset_measure.yml b/.github/workflows/dataset_measure.yml
@@ -25,7 +25,7 @@ jobs:
 
       - name: Fetch CodeQL
         run: |
-          LATEST=$(gh release list --repo https://github.com/github/codeql-cli-binaries | cut -f 1 | sort --version-sort | tail -1)
+          LATEST=$(gh release list --repo https://github.com/github/codeql-cli-binaries | cut -f 1 | grep -v beta | sort --version-sort | tail -1)
           gh release download --repo https://github.com/github/codeql-cli-binaries --pattern codeql-linux64.zip "$LATEST"
           unzip -q codeql-linux64.zip
         env:
diff --git a/.github/workflows/qhelp.yml b/.github/workflows/qhelp.yml
@@ -23,7 +23,7 @@ jobs:
 
       - name: Fetch CodeQL
         run: |
-          LATEST=$(gh release list --repo https://github.com/github/codeql-cli-binaries | cut -f 1 | sort --version-sort | tail -1)
+          LATEST=$(gh release list --repo https://github.com/github/codeql-cli-binaries | cut -f 1 | grep -v beta | sort --version-sort | tail -1)
           gh release download --repo https://github.com/github/codeql-cli-binaries --pattern codeql-linux64.zip "$LATEST"
           unzip -q codeql-linux64.zip
         env:
diff --git a/ql/lib/codeql/ruby/Concepts.qll b/ql/lib/codeql/ruby/Concepts.qll
@@ -16,13 +16,9 @@ private import codeql.ruby.dataflow.RemoteFlowSources
  * Extend this class to refine existing API models. If you want to model new APIs,
  * extend `SqlExecution::Range` instead.
  */
-class SqlExecution extends DataFlow::Node {
-  SqlExecution::Range range;
-
-  SqlExecution() { this = range }
-
+class SqlExecution extends DataFlow::Node instanceof SqlExecution::Range {
   /** Gets the argument that specifies the SQL statements to be executed. */
-  DataFlow::Node getSql() { result = range.getSql() }
+  DataFlow::Node getSql() { result = super.getSql() }
 }
 
 /** Provides a class for modeling new SQL execution APIs. */
@@ -46,26 +42,23 @@ module SqlExecution {
  * Extend this class to refine existing API models. If you want to model new APIs,
  * extend `Escaping::Range` instead.
  */
-class Escaping extends DataFlow::Node {
-  Escaping::Range range;
-
+class Escaping extends DataFlow::Node instanceof Escaping::Range {
   Escaping() {
-    this = range and
     // escapes that don't have _both_ input/output defined are not valid
-    exists(range.getAnInput()) and
-    exists(range.getOutput())
+    exists(super.getAnInput()) and
+    exists(super.getOutput())
   }
 
   /** Gets an input that will be escaped. */
-  DataFlow::Node getAnInput() { result = range.getAnInput() }
+  DataFlow::Node getAnInput() { result = super.getAnInput() }
 
   /** Gets the output that contains the escaped data. */
-  DataFlow::Node getOutput() { result = range.getOutput() }
+  DataFlow::Node getOutput() { result = super.getOutput() }
 
   /**
    * Gets the context that this function escapes for, such as `html`, or `url`.
    */
-  string getKind() { result = range.getKind() }
+  string getKind() { result = super.getKind() }
 }
 
 /** Provides a class for modeling new escaping APIs. */
@@ -103,7 +96,7 @@ module Escaping {
  * `<p>{}</p>`.
  */
 class HtmlEscaping extends Escaping {
-  HtmlEscaping() { range.getKind() = Escaping::getHtmlKind() }
+  HtmlEscaping() { super.getKind() = Escaping::getHtmlKind() }
 }
 
 /** Provides classes for modeling HTTP-related APIs. */
@@ -116,29 +109,25 @@ module HTTP {
      * Extend this class to refine existing API models. If you want to model new APIs,
      * extend `RouteSetup::Range` instead.
      */
-    class RouteSetup extends DataFlow::Node {
-      RouteSetup::Range range;
-
-      RouteSetup() { this = range }
-
+    class RouteSetup extends DataFlow::Node instanceof RouteSetup::Range {
       /** Gets the URL pattern for this route, if it can be statically determined. */
-      string getUrlPattern() { result = range.getUrlPattern() }
+      string getUrlPattern() { result = super.getUrlPattern() }
 
       /**
        * Gets a function that will handle incoming requests for this route, if any.
        *
        * NOTE: This will be modified in the near future to have a `RequestHandler` result, instead of a `Method`.
        */
-      Method getARequestHandler() { result = range.getARequestHandler() }
+      Method getARequestHandler() { result = super.getARequestHandler() }
 
       /**
        * Gets a parameter that will receive parts of the url when handling incoming
        * requests for this route, if any. These automatically become a `RemoteFlowSource`.
        */
-      Parameter getARoutedParameter() { result = range.getARoutedParameter() }
+      Parameter getARoutedParameter() { result = super.getARoutedParameter() }
 
       /** Gets a string that identifies the framework used for this route setup. */
-      string getFramework() { result = range.getFramework() }
+      string getFramework() { result = super.getFramework() }
     }
 
     /** Provides a class for modeling new HTTP routing APIs. */
@@ -185,19 +174,15 @@ module HTTP {
      * Extend this class to refine existing API models. If you want to model new APIs,
      * extend `RequestHandler::Range` instead.
      */
-    class RequestHandler extends Method {
-      RequestHandler::Range range;
-
-      RequestHandler() { this = range }
-
+    class RequestHandler extends Method instanceof RequestHandler::Range {
       /**
        * Gets a parameter that could receive parts of the url when handling incoming
        * requests, if any. These automatically become a `RemoteFlowSource`.
        */
-      Parameter getARoutedParameter() { result = range.getARoutedParameter() }
+      Parameter getARoutedParameter() { result = super.getARoutedParameter() }
 
       /** Gets a string that identifies the framework used for this route setup. */
-      string getFramework() { result = range.getFramework() }
+      string getFramework() { result = super.getFramework() }
     }
 
     /** Provides a class for modeling new HTTP request handlers. */
@@ -253,16 +238,12 @@ module HTTP {
      * Extend this class to refine existing API models. If you want to model new APIs,
      * extend `HttpResponse::Range` instead.
      */
-    class HttpResponse extends DataFlow::Node {
-      HttpResponse::Range range;
-
-      HttpResponse() { this = range }
-
+    class HttpResponse extends DataFlow::Node instanceof HttpResponse::Range {
       /** Gets the data-flow node that specifies the body of this HTTP response. */
-      DataFlow::Node getBody() { result = range.getBody() }
+      DataFlow::Node getBody() { result = super.getBody() }
 
       /** Gets the mimetype of this HTTP response, if it can be statically determined. */
-      string getMimetype() { result = range.getMimetype() }
+      string getMimetype() { result = super.getMimetype() }
     }
 
     /** Provides a class for modeling new HTTP response APIs. */
@@ -308,13 +289,9 @@ module HTTP {
      * Extend this class to refine existing API models. If you want to model new APIs,
      * extend `HttpRedirectResponse::Range` instead.
      */
-    class HttpRedirectResponse extends HttpResponse {
-      override HttpRedirectResponse::Range range;
-
-      HttpRedirectResponse() { this = range }
-
+    class HttpRedirectResponse extends HttpResponse instanceof HttpRedirectResponse::Range {
       /** Gets the data-flow node that specifies the location of this HTTP redirect response. */
-      DataFlow::Node getRedirectLocation() { result = range.getRedirectLocation() }
+      DataFlow::Node getRedirectLocation() { result = super.getRedirectLocation() }
     }
 
     /** Provides a class for modeling new HTTP redirect response APIs. */
diff --git a/ql/lib/codeql/ruby/ast/Variable.qll b/ql/lib/codeql/ruby/ast/Variable.qll
@@ -52,26 +52,20 @@ class LocalVariable extends Variable, TLocalVariable {
 }
 
 /** A global variable. */
-class GlobalVariable extends VariableReal, TGlobalVariable {
-  override GlobalVariable::Range range;
-
+class GlobalVariable extends VariableReal, TGlobalVariable instanceof GlobalVariable::Range {
   final override GlobalVariableAccess getAnAccess() { result.getVariable() = this }
 }
 
 /** An instance variable. */
-class InstanceVariable extends VariableReal, TInstanceVariable {
-  override InstanceVariable::Range range;
-
+class InstanceVariable extends VariableReal, TInstanceVariable instanceof InstanceVariable::Range {
   /** Holds is this variable is a class instance variable. */
-  final predicate isClassInstanceVariable() { range.isClassInstanceVariable() }
+  final predicate isClassInstanceVariable() { super.isClassInstanceVariable() }
 
   final override InstanceVariableAccess getAnAccess() { result.getVariable() = this }
 }
 
 /** A class variable. */
-class ClassVariable extends VariableReal, TClassVariable {
-  override ClassVariable::Range range;
-
+class ClassVariable extends VariableReal, TClassVariable instanceof ClassVariable::Range {
   final override ClassVariableAccess getAnAccess() { result.getVariable() = this }
 }
 
diff --git a/ql/lib/codeql/ruby/ast/internal/Variable.qll b/ql/lib/codeql/ruby/ast/internal/Variable.qll
@@ -400,24 +400,22 @@ module LocalVariable {
   }
 }
 
-class VariableReal extends Variable, TVariableReal {
-  VariableReal::Range range;
+class VariableReal extends Variable, TVariableReal instanceof VariableReal::Range {
+  final override string getName() { result = VariableReal::Range.super.getName() }
 
-  VariableReal() { range = this }
+  final override Location getLocation() { result = VariableReal::Range.super.getLocation() }
 
-  final override string getName() { result = range.getName() }
-
-  final override Location getLocation() { result = range.getLocation() }
-
-  final override Scope getDeclaringScope() { toGenerated(result) = range.getDeclaringScope() }
+  final override Scope getDeclaringScope() {
+    toGenerated(result) = VariableReal::Range.super.getDeclaringScope()
+  }
 }
 
-class LocalVariableReal extends VariableReal, LocalVariable, TLocalVariableReal {
-  override LocalVariable::Range range;
-
+class LocalVariableReal extends VariableReal, LocalVariable, TLocalVariableReal instanceof LocalVariable::Range {
   final override LocalVariableAccessReal getAnAccess() { result.getVariable() = this }
 
-  final override VariableAccess getDefiningAccess() { result = range.getDefiningAccess() }
+  final override VariableAccess getDefiningAccess() {
+    result = LocalVariable::Range.super.getDefiningAccess()
+  }
 }
 
 class LocalVariableSynth extends LocalVariable, TLocalVariableSynth {
diff --git a/ql/lib/codeql/ruby/controlflow/ControlFlowGraph.qll b/ql/lib/codeql/ruby/controlflow/ControlFlowGraph.qll
@@ -9,9 +9,7 @@ private import internal.Splitting
 private import internal.Completion
 
 /** An AST node with an associated control-flow graph. */
-class CfgScope extends Scope {
-  CfgScope() { this instanceof CfgScope::Range_ }
-
+class CfgScope extends Scope instanceof CfgScope::Range_ {
   /** Gets the CFG scope that this scope is nested under, if any. */
   final CfgScope getOuterCfgScope() {
     exists(AstNode parent |
