Merge branch 'main' into js/hoist-in-block

Author: asgerf

cpp/ql/lib/semmle/code/cpp/commons/Buffer.qll

@@ -49,7 +49,11 @@ private Class getRootType(FieldAccess fa) {
   exists(VariableAccess root |
     root = fa.getQualifier+() and
     not exists(root.getQualifier()) and
-    result = root.getUnspecifiedType()
+    // We strip the type because the root may be a pointer. For example `p` in:
+    // struct S { char buffer[10]; };
+    // S* p = ...;
+    // strcpy(p->buffer, "abc");
+    result = root.getUnspecifiedType().stripType()
   )
 }
 

cpp/ql/test/library-tests/blocks/c/code_blocks.expected

@@ -1,15 +1,15 @@
-| blocks.c:17:11:17:33 | ^ { ... } | file://:0:0:0:0 | ..(^)(..) | block of {function returning {void} with arguments ()} | blocks.c:17:11:17:11 | <unnamed> | file://:0:0:0:0 | void | void |  |
-| blocks.c:20:11:20:28 | ^ { ... } | file://:0:0:0:0 | ..(^)(..) | block of {function returning {void} with arguments ()} | blocks.c:20:11:20:11 | <unnamed> | file://:0:0:0:0 | void | void |  |
-| blocks.c:23:11:23:21 | ^ { ... } | file://:0:0:0:0 | ..(^)(..) | block of {function returning {void} with arguments ()} | blocks.c:23:11:23:11 | <unnamed> | file://:0:0:0:0 | void | void |  |
-| blocks.c:27:8:27:37 | ^ { ... } | file://:0:0:0:0 | ..(^)(..) | block of {function returning {void} with arguments (int,char)} | blocks.c:27:11:27:11 | <unnamed> | file://:0:0:0:0 | void | void | y(int), z(char) |
-| blocks.c:31:8:31:51 | ^ { ... } | file://:0:0:0:0 | ..(^)(..) | block of {function returning {void} with arguments (int,char)} | blocks.c:31:11:31:11 | <unnamed> | file://:0:0:0:0 | void | void | y(int), z(char) |
-| blocks.c:35:8:35:49 | ^ { ... } | file://:0:0:0:0 | ..(^)(..) | block of {function returning {double} with arguments (int,char)} | blocks.c:35:11:35:11 | <unnamed> | file://:0:0:0:0 | double | double | y(int), z(char) |
-| blocks.c:39:8:39:75 | ^ { ... } | file://:0:0:0:0 | ..(^)(..) | block of {function returning {double} with arguments (int,char)} | blocks.c:39:11:39:11 | <unnamed> | file://:0:0:0:0 | double | double | y(int), z(char) |
-| blocks.c:43:8:43:54 | ^ { ... } | file://:0:0:0:0 | ..(^)(..) | block of {function returning {char} with arguments (int,char)} | blocks.c:43:11:43:11 | <unnamed> | file://:0:0:0:0 | char | char | y(int), z(char) |
-| blocks.c:47:8:47:64 | ^ { ... } | file://:0:0:0:0 | ..(^)(..) | block of {function returning {pointer to {const {char}}} with arguments (int,char)} | blocks.c:47:11:47:11 | <unnamed> | file://:0:0:0:0 | const char * | pointer to {const {char}} | y(int), z(char) |
-| blocks.c:51:8:51:73 | ^ { ... } | file://:0:0:0:0 | ..(^)(..) | block of {function returning {pointer to {const {pointer to {const {char}}}}} with arguments (int,char)} | blocks.c:51:11:51:11 | <unnamed> | file://:0:0:0:0 | const char *const * | pointer to {const {pointer to {const {char}}}} | y(int), z(char) |
-| blocks.c:63:16:65:2 | ^ { ... } | file://:0:0:0:0 | ..(^)(..) | block of {function returning {int} with arguments ()} | blocks.c:63:16:63:16 | <unnamed> | file://:0:0:0:0 | int | int |  |
-| blocks.c:69:19:69:39 | ^ { ... } | file://:0:0:0:0 | ..(^)(..) | block of {function returning {int} with arguments ()} | blocks.c:69:22:69:22 | <unnamed> | file://:0:0:0:0 | int | int |  |
-| blocks.c:74:60:74:111 | ^ { ... } | file://:0:0:0:0 | ..(^)(..) | block of {function returning {typedef {pointer to {function returning {int} with arguments (char)}} as "pointerToFunctionThatReturnsIntWithCharArg"} with arguments (float)} | blocks.c:74:62:74:62 | <unnamed> | file://:0:0:0:0 | ..(*)(..) | pointer to {function returning {int} with arguments (char)} | x(float) |
-| blocks.c:79:7:79:9 | ^ { ... } | file://:0:0:0:0 | ..(^)(..) | block of {function returning {void} with arguments ()} | blocks.c:79:7:79:7 | <unnamed> | file://:0:0:0:0 | void | void |  |
-| blocks.c:80:7:80:9 | ^ { ... } | file://:0:0:0:0 | ..(^)(..) | block of {function returning {void} with arguments ()} | blocks.c:80:7:80:7 | <unnamed> | file://:0:0:0:0 | void | void |  |
+| blocks.c:17:11:17:33 | ^ { ... } | file://:0:0:0:0 | ..(^)(..) | block of {function returning {void} with arguments ()} | blocks.c:17:11:17:11 | (unnamed codeblock) | file://:0:0:0:0 | void | void |  |
+| blocks.c:20:11:20:28 | ^ { ... } | file://:0:0:0:0 | ..(^)(..) | block of {function returning {void} with arguments ()} | blocks.c:20:11:20:11 | (unnamed codeblock) | file://:0:0:0:0 | void | void |  |
+| blocks.c:23:11:23:21 | ^ { ... } | file://:0:0:0:0 | ..(^)(..) | block of {function returning {void} with arguments ()} | blocks.c:23:11:23:11 | (unnamed codeblock) | file://:0:0:0:0 | void | void |  |
+| blocks.c:27:8:27:37 | ^ { ... } | file://:0:0:0:0 | ..(^)(..) | block of {function returning {void} with arguments (int,char)} | blocks.c:27:11:27:11 | (unnamed codeblock) | file://:0:0:0:0 | void | void | y(int), z(char) |
+| blocks.c:31:8:31:51 | ^ { ... } | file://:0:0:0:0 | ..(^)(..) | block of {function returning {void} with arguments (int,char)} | blocks.c:31:11:31:11 | (unnamed codeblock) | file://:0:0:0:0 | void | void | y(int), z(char) |
+| blocks.c:35:8:35:49 | ^ { ... } | file://:0:0:0:0 | ..(^)(..) | block of {function returning {double} with arguments (int,char)} | blocks.c:35:11:35:11 | (unnamed codeblock) | file://:0:0:0:0 | double | double | y(int), z(char) |
+| blocks.c:39:8:39:75 | ^ { ... } | file://:0:0:0:0 | ..(^)(..) | block of {function returning {double} with arguments (int,char)} | blocks.c:39:11:39:11 | (unnamed codeblock) | file://:0:0:0:0 | double | double | y(int), z(char) |
+| blocks.c:43:8:43:54 | ^ { ... } | file://:0:0:0:0 | ..(^)(..) | block of {function returning {char} with arguments (int,char)} | blocks.c:43:11:43:11 | (unnamed codeblock) | file://:0:0:0:0 | char | char | y(int), z(char) |
+| blocks.c:47:8:47:64 | ^ { ... } | file://:0:0:0:0 | ..(^)(..) | block of {function returning {pointer to {const {char}}} with arguments (int,char)} | blocks.c:47:11:47:11 | (unnamed codeblock) | file://:0:0:0:0 | const char * | pointer to {const {char}} | y(int), z(char) |
+| blocks.c:51:8:51:73 | ^ { ... } | file://:0:0:0:0 | ..(^)(..) | block of {function returning {pointer to {const {pointer to {const {char}}}}} with arguments (int,char)} | blocks.c:51:11:51:11 | (unnamed codeblock) | file://:0:0:0:0 | const char *const * | pointer to {const {pointer to {const {char}}}} | y(int), z(char) |
+| blocks.c:63:16:65:2 | ^ { ... } | file://:0:0:0:0 | ..(^)(..) | block of {function returning {int} with arguments ()} | blocks.c:63:16:63:16 | (unnamed codeblock) | file://:0:0:0:0 | int | int |  |
+| blocks.c:69:19:69:39 | ^ { ... } | file://:0:0:0:0 | ..(^)(..) | block of {function returning {int} with arguments ()} | blocks.c:69:22:69:22 | (unnamed codeblock) | file://:0:0:0:0 | int | int |  |
+| blocks.c:74:60:74:111 | ^ { ... } | file://:0:0:0:0 | ..(^)(..) | block of {function returning {typedef {pointer to {function returning {int} with arguments (char)}} as "pointerToFunctionThatReturnsIntWithCharArg"} with arguments (float)} | blocks.c:74:62:74:62 | (unnamed codeblock) | file://:0:0:0:0 | ..(*)(..) | pointer to {function returning {int} with arguments (char)} | x(float) |
+| blocks.c:79:7:79:9 | ^ { ... } | file://:0:0:0:0 | ..(^)(..) | block of {function returning {void} with arguments ()} | blocks.c:79:7:79:7 | (unnamed codeblock) | file://:0:0:0:0 | void | void |  |
+| blocks.c:80:7:80:9 | ^ { ... } | file://:0:0:0:0 | ..(^)(..) | block of {function returning {void} with arguments ()} | blocks.c:80:7:80:7 | (unnamed codeblock) | file://:0:0:0:0 | void | void |  |

cpp/ql/test/library-tests/blocks/capture/capture.expected

@@ -1,4 +1,4 @@
-| capture.c:18:23:20:6 | ^ { ... } | capture.c:19:27:19:27 | x | capture.c:6:5:6:5 | x | capture.c:18:23:18:23 | <unnamed> |
-| capture.c:18:23:20:6 | ^ { ... } | capture.c:19:30:19:30 | y | capture.c:13:17:13:17 | y | capture.c:18:23:18:23 | <unnamed> |
-| capture.c:22:23:25:6 | ^ { ... } | capture.c:23:9:23:9 | x | capture.c:6:5:6:5 | x | capture.c:22:23:22:23 | <unnamed> |
-| capture.c:22:23:25:6 | ^ { ... } | capture.c:24:9:24:9 | y | capture.c:13:17:13:17 | y | capture.c:22:23:22:23 | <unnamed> |
+| capture.c:18:23:20:6 | ^ { ... } | capture.c:19:27:19:27 | x | capture.c:6:5:6:5 | x | capture.c:18:23:18:23 | (unnamed codeblock) |
+| capture.c:18:23:20:6 | ^ { ... } | capture.c:19:30:19:30 | y | capture.c:13:17:13:17 | y | capture.c:18:23:18:23 | (unnamed codeblock) |
+| capture.c:22:23:25:6 | ^ { ... } | capture.c:23:9:23:9 | x | capture.c:6:5:6:5 | x | capture.c:22:23:22:23 | (unnamed codeblock) |
+| capture.c:22:23:25:6 | ^ { ... } | capture.c:24:9:24:9 | y | capture.c:13:17:13:17 | y | capture.c:22:23:22:23 | (unnamed codeblock) |

cpp/ql/test/library-tests/blocks/cpp/code_blocks.expected

@@ -1,9 +1,9 @@
-| blocks.cpp:17:11:17:33 | ^ { ... } | file://:0:0:0:0 | ..(^)(..) | block of {function returning {void} with arguments ()} | blocks.cpp:17:11:17:11 | <unnamed> | file://:0:0:0:0 | void | void |  |
-| blocks.cpp:20:11:20:28 | ^ { ... } | file://:0:0:0:0 | ..(^)(..) | block of {function returning {void} with arguments ()} | blocks.cpp:20:11:20:11 | <unnamed> | file://:0:0:0:0 | void | void |  |
-| blocks.cpp:23:11:23:21 | ^ { ... } | file://:0:0:0:0 | ..(^)(..) | block of {function returning {void} with arguments ()} | blocks.cpp:23:11:23:11 | <unnamed> | file://:0:0:0:0 | void | void |  |
-| blocks.cpp:27:8:27:37 | ^ { ... } | file://:0:0:0:0 | ..(^)(..) | block of {function returning {void} with arguments (int,char)} | blocks.cpp:27:11:27:11 | <unnamed> | file://:0:0:0:0 | void | void | y(int), z(char) |
-| blocks.cpp:31:8:31:51 | ^ { ... } | file://:0:0:0:0 | ..(^)(..) | block of {function returning {void} with arguments (int,char)} | blocks.cpp:31:11:31:11 | <unnamed> | file://:0:0:0:0 | void | void | y(int), z(char) |
-| blocks.cpp:35:8:35:49 | ^ { ... } | file://:0:0:0:0 | ..(^)(..) | block of {function returning {char} with arguments (int,char)} | blocks.cpp:35:11:35:11 | <unnamed> | file://:0:0:0:0 | char | char | y(int), z(char) |
-| blocks.cpp:39:8:39:75 | ^ { ... } | file://:0:0:0:0 | ..(^)(..) | block of {function returning {char} with arguments (int,char)} | blocks.cpp:39:11:39:11 | <unnamed> | file://:0:0:0:0 | char | char | y(int), z(char) |
-| blocks.cpp:43:8:43:54 | ^ { ... } | file://:0:0:0:0 | ..(^)(..) | block of {function returning {char} with arguments (int,char)} | blocks.cpp:43:11:43:11 | <unnamed> | file://:0:0:0:0 | char | char | y(int), z(char) |
-| blocks.cpp:57:14:57:30 | ^ { ... } | file://:0:0:0:0 | ..(^)(..) | block of {function returning {int} with arguments ()} | blocks.cpp:57:14:57:14 | <unnamed> | file://:0:0:0:0 | int | int |  |
+| blocks.cpp:17:11:17:33 | ^ { ... } | file://:0:0:0:0 | ..(^)(..) | block of {function returning {void} with arguments ()} | blocks.cpp:17:11:17:11 | (unnamed codeblock) | file://:0:0:0:0 | void | void |  |
+| blocks.cpp:20:11:20:28 | ^ { ... } | file://:0:0:0:0 | ..(^)(..) | block of {function returning {void} with arguments ()} | blocks.cpp:20:11:20:11 | (unnamed codeblock) | file://:0:0:0:0 | void | void |  |
+| blocks.cpp:23:11:23:21 | ^ { ... } | file://:0:0:0:0 | ..(^)(..) | block of {function returning {void} with arguments ()} | blocks.cpp:23:11:23:11 | (unnamed codeblock) | file://:0:0:0:0 | void | void |  |
+| blocks.cpp:27:8:27:37 | ^ { ... } | file://:0:0:0:0 | ..(^)(..) | block of {function returning {void} with arguments (int,char)} | blocks.cpp:27:11:27:11 | (unnamed codeblock) | file://:0:0:0:0 | void | void | y(int), z(char) |
+| blocks.cpp:31:8:31:51 | ^ { ... } | file://:0:0:0:0 | ..(^)(..) | block of {function returning {void} with arguments (int,char)} | blocks.cpp:31:11:31:11 | (unnamed codeblock) | file://:0:0:0:0 | void | void | y(int), z(char) |
+| blocks.cpp:35:8:35:49 | ^ { ... } | file://:0:0:0:0 | ..(^)(..) | block of {function returning {char} with arguments (int,char)} | blocks.cpp:35:11:35:11 | (unnamed codeblock) | file://:0:0:0:0 | char | char | y(int), z(char) |
+| blocks.cpp:39:8:39:75 | ^ { ... } | file://:0:0:0:0 | ..(^)(..) | block of {function returning {char} with arguments (int,char)} | blocks.cpp:39:11:39:11 | (unnamed codeblock) | file://:0:0:0:0 | char | char | y(int), z(char) |
+| blocks.cpp:43:8:43:54 | ^ { ... } | file://:0:0:0:0 | ..(^)(..) | block of {function returning {char} with arguments (int,char)} | blocks.cpp:43:11:43:11 | (unnamed codeblock) | file://:0:0:0:0 | char | char | y(int), z(char) |
+| blocks.cpp:57:14:57:30 | ^ { ... } | file://:0:0:0:0 | ..(^)(..) | block of {function returning {int} with arguments ()} | blocks.cpp:57:14:57:14 | (unnamed codeblock) | file://:0:0:0:0 | int | int |  |

csharp/documentation/library-coverage/coverage.csv

@@ -48,5 +48,5 @@ MySql.Data.MySqlClient,48,,,,,,,,,,,,48,,,,,,,,,,
 Newtonsoft.Json,,,91,,,,,,,,,,,,,,,,,,,73,18
 ServiceStack,194,,7,27,,,,,75,,,,92,,,,,,,,,7,
 SourceGenerators,,,5,,,,,,,,,,,,,,,,,,,,5
-System,54,47,10819,,6,5,5,,,4,1,,33,2,,6,15,17,4,3,,5512,5307
+System,54,47,10864,,6,5,5,,,4,1,,33,2,,6,15,17,4,3,,5547,5317
 Windows.Security.Cryptography.Core,1,,,,,,,1,,,,,,,,,,,,,,,

csharp/documentation/library-coverage/coverage.rst

@@ -8,7 +8,7 @@ C# framework & library support
 
    Framework / library,Package,Flow sources,Taint & value steps,Sinks (total),`CWE-079` :sub:`Cross-site scripting`
    `ServiceStack <https://servicestack.net/>`_,"``ServiceStack.*``, ``ServiceStack``",,7,194,
-   System,"``System.*``, ``System``",47,10819,54,5
+   System,"``System.*``, ``System``",47,10864,54,5
    Others,"``Amazon.Lambda.APIGatewayEvents``, ``Amazon.Lambda.Core``, ``Dapper``, ``ILCompiler``, ``ILLink.RoslynAnalyzer``, ``ILLink.Shared``, ``ILLink.Tasks``, ``Internal.IL``, ``Internal.Pgo``, ``Internal.TypeSystem``, ``JsonToItemsTaskFactory``, ``Microsoft.Android.Build``, ``Microsoft.Apple.Build``, ``Microsoft.ApplicationBlocks.Data``, ``Microsoft.AspNetCore.Components``, ``Microsoft.AspNetCore.Http``, ``Microsoft.AspNetCore.Mvc``, ``Microsoft.AspNetCore.WebUtilities``, ``Microsoft.CSharp``, ``Microsoft.Diagnostics.Tools.Pgo``, ``Microsoft.DotNet.Build.Tasks``, ``Microsoft.DotNet.PlatformAbstractions``, ``Microsoft.EntityFrameworkCore``, ``Microsoft.Extensions.Caching.Distributed``, ``Microsoft.Extensions.Caching.Memory``, ``Microsoft.Extensions.Configuration``, ``Microsoft.Extensions.DependencyInjection``, ``Microsoft.Extensions.DependencyModel``, ``Microsoft.Extensions.Diagnostics.Metrics``, ``Microsoft.Extensions.FileProviders``, ``Microsoft.Extensions.FileSystemGlobbing``, ``Microsoft.Extensions.Hosting``, ``Microsoft.Extensions.Http``, ``Microsoft.Extensions.Logging``, ``Microsoft.Extensions.Options``, ``Microsoft.Extensions.Primitives``, ``Microsoft.Interop``, ``Microsoft.JSInterop``, ``Microsoft.NET.Build.Tasks``, ``Microsoft.NET.Sdk.WebAssembly``, ``Microsoft.NET.WebAssembly.Webcil``, ``Microsoft.VisualBasic``, ``Microsoft.WebAssembly.Build.Tasks``, ``Microsoft.Win32``, ``Mono.Linker``, ``MySql.Data.MySqlClient``, ``Newtonsoft.Json``, ``SourceGenerators``, ``Windows.Security.Cryptography.Core``",61,2075,152,4
-   Totals,,108,12901,400,9
+   Totals,,108,12946,400,9
 

java/ql/lib/semmle/code/java/security/CommandLineQuery.qll

@@ -59,12 +59,15 @@ module InputToArgumentToExecFlowConfig implements DataFlow::ConfigSig {
     any(CommandInjectionAdditionalTaintStep s).step(n1, n2)
   }
 
-  // It's valid to use diff-informed data flow for this configuration because
-  // the location of the selected element in the query is contained inside the
-  // location of the sink. The query, as a predicate, is used negated in
-  // another query, but that's only to prevent overlapping results between two
-  // queries.
+  // The query, as a predicate, is used negated in another query, but that's
+  // only to prevent overlapping results between two queries.
   predicate observeDiffInformedIncrementalMode() { any() }
+
+  // All queries use the argument as the primary location and do not use the
+  // sink as an associated location.
+  Location getASelectedSinkLocation(DataFlow::Node sink) {
+    exists(Expr argument | argumentToExec(argument, sink) | result = argument.getLocation())
+  }
 }
 
 /**

java/ql/lib/semmle/code/java/security/WebviewDebuggingEnabledQuery.qll

@@ -46,6 +46,12 @@ module WebviewDebugEnabledConfig implements DataFlow::ConfigSig {
   }
 
   predicate observeDiffInformedIncrementalMode() { any() }
+
+  Location getASelectedSourceLocation(DataFlow::Node source) {
+    // This module is only used in `WebviewDebuggingEnabled.ql`, which doesn't
+    // select the source in any "$@" column.
+    none()
+  }
 }
 
 /**

javascript/extractor/src/com/semmle/js/extractor/JSExtractor.java

@@ -56,8 +56,10 @@ public Pair<Label, ParseResultInfo> extract(
 
     SourceType sourceType = establishSourceType(source, true);
 
+    String extension = textualExtractor.getLocationManager().getSourceFileExtension();
+
     JSParser.Result parserRes =
-        JSParser.parse(config, sourceType, source, textualExtractor.getMetrics());
+        JSParser.parse(config, sourceType, extension, source, textualExtractor.getMetrics());
 
     // Check if we guessed wrong with the regex in `establishSourceType`, (which could
     // happen due to a block-comment line starting with '  import').
@@ -74,7 +76,7 @@ public Pair<Label, ParseResultInfo> extract(
       if (wrongGuess) {
         sourceType = SourceType.SCRIPT;
         parserRes =
-          JSParser.parse(config, sourceType, source, textualExtractor.getMetrics());
+          JSParser.parse(config, sourceType, extension, source, textualExtractor.getMetrics());
       }
     }
 

javascript/extractor/src/com/semmle/js/parser/JSParser.java

@@ -68,9 +68,9 @@ public List<ParseError> getErrors() {
   }
 
   public static Result parse(
-      ExtractorConfig config, SourceType sourceType, String source, ExtractionMetrics metrics) {
+      ExtractorConfig config, SourceType sourceType, String extension, String source, ExtractionMetrics metrics) {
     metrics.startPhase(ExtractionPhase.JSParser_parse);
-    Result result = JcornWrapper.parse(config, sourceType, source);
+    Result result = JcornWrapper.parse(config, sourceType, extension, source);
     metrics.stopPhase(ExtractionPhase.JSParser_parse);
     return result;
   }