Merge branch 'main' into fix/thread-resource-arithmetic

Author: ebickle

.github/dependabot.yml

@@ -19,11 +19,8 @@ updates:
         update-types: ['version-update:semver-patch', 'version-update:semver-minor']
 
   - package-ecosystem: "gomod"
-    directory: "go"
+    directory: "go/extractor"
     schedule:
       interval: "daily"
-    allow:
-      - dependency-name: "golang.org/x/mod"
-      - dependency-name: "golang.org/x/tools"
     reviewers:
       - "github/codeql-go"

config/identical-files.json

@@ -498,22 +498,6 @@
     "ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModelsExtensions.qll",
     "python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModelsExtensions.qll"
   ],
-  "TaintedFormatStringQuery Ruby/JS": [
-    "javascript/ql/lib/semmle/javascript/security/dataflow/TaintedFormatStringQuery.qll",
-    "ruby/ql/lib/codeql/ruby/security/TaintedFormatStringQuery.qll"
-  ],
-  "TaintedFormatStringCustomizations Ruby/JS": [
-    "javascript/ql/lib/semmle/javascript/security/dataflow/TaintedFormatStringCustomizations.qll",
-    "ruby/ql/lib/codeql/ruby/security/TaintedFormatStringCustomizations.qll"
-  ],
-  "HttpToFileAccessQuery JS/Ruby": [
-    "javascript/ql/lib/semmle/javascript/security/dataflow/HttpToFileAccessQuery.qll",
-    "ruby/ql/lib/codeql/ruby/security/HttpToFileAccessQuery.qll"
-  ],
-  "HttpToFileAccessCustomizations JS/Ruby": [
-    "javascript/ql/lib/semmle/javascript/security/dataflow/HttpToFileAccessCustomizations.qll",
-    "ruby/ql/lib/codeql/ruby/security/HttpToFileAccessCustomizations.qll"
-  ],
   "Typo database": [
     "javascript/ql/src/Expressions/TypoDatabase.qll",
     "ql/ql/src/codeql_ql/style/TypoDatabase.qll"

cpp/ql/lib/CHANGELOG.md

@@ -1,3 +1,13 @@
+## 0.10.0
+
+### Minor Analysis Improvements
+
+* Functions that do not return due to calling functions that don't return (e.g. `exit`) are now detected as
+ non-returning in the IR and dataflow.
+* Treat functions that reach the end of the function as returning in the IR.
+  They used to be treated as unreachable but it is allowed in C. 
+* The `DataFlow::asDefiningArgument` predicate now takes its argument from the range starting at `1` instead of `2`. Queries that depend on the single-parameter version of `DataFlow::asDefiningArgument` should have their arguments updated accordingly.
+
 ## 0.9.3
 
 No user-facing changes.

cpp/ql/lib/change-notes/2023-09-06-as-defining-argument-off-by-one-fix.md

@@ -0,0 +1,9 @@
+## 0.10.0
+
+### Minor Analysis Improvements
+
+* Functions that do not return due to calling functions that don't return (e.g. `exit`) are now detected as
+ non-returning in the IR and dataflow.
+* Treat functions that reach the end of the function as returning in the IR.
+  They used to be treated as unreachable but it is allowed in C. 
+* The `DataFlow::asDefiningArgument` predicate now takes its argument from the range starting at `1` instead of `2`. Queries that depend on the single-parameter version of `DataFlow::asDefiningArgument` should have their arguments updated accordingly.

cpp/ql/lib/change-notes/2023-09-07-return-from-end.md

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.9.3
+lastReleaseVersion: 0.10.0

cpp/ql/lib/change-notes/2023-09-08-more-unreachble.md

@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 0.10.0-dev
+version: 0.10.1-dev
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp

cpp/ql/lib/change-notes/released/0.10.0.md

@@ -73,6 +73,10 @@ private int isSource(Expr bufferExpr, Element why) {
   )
 }
 
+/** Same as `getBufferSize`, but with the `why` column projected away to prevent large duplications. */
+pragma[nomagic]
+int getBufferSizeProj(Expr bufferExpr) { result = getBufferSize(bufferExpr, _) }
+
 /**
  * Get the size in bytes of the buffer pointed to by an expression (if this can be determined).
  */
@@ -87,15 +91,14 @@ int getBufferSize(Expr bufferExpr, Element why) {
     why = bufferVar and
     parentPtr = bufferExpr.(VariableAccess).getQualifier() and
     parentPtr.getTarget().getUnspecifiedType().(PointerType).getBaseType() = parentClass and
-    result = getBufferSize(parentPtr, _) + bufferSize - parentClass.getSize()
+    result = getBufferSizeProj(parentPtr) + bufferSize - parentClass.getSize()
   |
     if exists(bufferVar.getType().getSize())
     then bufferSize = bufferVar.getType().getSize()
     else bufferSize = 0
   )
   or
   // dataflow (all sources must be the same size)
-  result = unique(Expr def | DataFlow::localExprFlowStep(def, bufferExpr) | getBufferSize(def, _)) and
-  // find reason
+  result = unique(Expr def | DataFlow::localExprFlowStep(def, bufferExpr) | getBufferSizeProj(def)) and
   exists(Expr def | DataFlow::localExprFlowStep(def, bufferExpr) | exists(getBufferSize(def, why)))
 }