Merge branch 'master' of github.com:github/codeql into SharedDataflow_Classes

Author: yoff

.codeqlmanifest.json

@@ -1,5 +1,6 @@
 { "provide": [ "*/ql/src/qlpack.yml",
                "*/ql/test/qlpack.yml",
+               "*/ql/examples/qlpack.yml",
                "*/upgrades/qlpack.yml",
                "misc/legacy-support/*/qlpack.yml",
                "misc/suite-helpers/qlpack.yml" ] }

.vscode/settings.json

@@ -0,0 +1,3 @@
+{
+    "omnisharp.autoStart": false
+}

change-notes/1.25/analysis-csharp.md

@@ -28,27 +28,51 @@ The following changes in version 1.25 affect C# analysis in all applications.
   such as `A<int>.B`, no longer are considered unbound generics. (Such nested types do,
   however, still have relevant `.getSourceDeclaration()`s, for example `A<>.B`.)
 * The data-flow library has been improved, which affects most security queries by potentially
-  adding more results. Flow through methods now takes nested field reads/writes into account.
-  For example, the library is able to track flow from `"taint"` to `Sink()` via the method
-  `GetF2F1()` in
-  ```csharp
-  class C1
-  {
-      string F1;
-  }
-
-  class C2
-  {
-      C1 F2;
-  
-      string GetF2F1() => F2.F1; // Nested field read
-
-      void M()
-      {
-          F2 = new C1() { F1 = "taint" };
-          Sink(GetF2F1()); // NEW: "taint" reaches here
-      }
-  }
-  ```
+  adding more results:
+  - Flow through methods now takes nested field reads/writes into account.
+    For example, the library is able to track flow from `"taint"` to `Sink()` via the method
+    `GetF2F1()` in
+    ```csharp
+    class C1
+    {
+        string F1;
+    }
+
+    class C2
+    {
+        C1 F2;
+
+        string GetF2F1() => F2.F1; // Nested field read
+
+        void M()
+        {
+            F2 = new C1() { F1 = "taint" };
+            Sink(GetF2F1()); // NEW: "taint" reaches here
+        }
+    }
+    ```
+  - Flow through collections is now modeled precisely. For example, instead of modeling an array
+    store `a[i] = x` as a taint-step from `x` to `a`, we now model it as a data-flow step that
+    stores `x` into `a`. To get the value back out, a matching read step must be taken.
+
+    For source-code based data-flow analysis, the following constructs are modeled as stores into
+    collections:
+    - Direct array assignments, `a[i] = x`.
+    - Array initializers, `new [] { x }`.
+    - C# 6-style array initializers, `new C() { Array = { [i] = x } }`.
+    - Call arguments that match a `params` parameter, where the C# compiler creates an array under-the-hood.
+    - `yield return` statements.
+
+    The following source-code constructs read from a collection:
+    - Direct array reads, `a[i]`.
+    - `foreach` statements.
+
+    For calls out to library code, existing flow summaries have been refined to precisely
+    capture how they interact with collection contents. For example, a call to
+    `System.Collections.Generic.List<T>.Add(T)` stores the value of the argument into the
+    qualifier, and a call to `System.Collections.Generic.List<T>.get_Item(int)` (that is, an
+    indexer call) reads contents out of the qualifier. Moreover, the effect of
+    collection-clearing methods such as `System.Collections.Generic.List<T>.Clear()` is now
+    also modeled.
 
 ## Changes to autobuilder

change-notes/1.25/analysis-javascript.md

@@ -6,8 +6,10 @@
   - [Promise](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Promise)
   - [bluebird](http://bluebirdjs.com/)
   - [express](https://www.npmjs.com/package/express)
+  - [execa](https://www.npmjs.com/package/execa)
   - [fancy-log](https://www.npmjs.com/package/fancy-log)
   - [fastify](https://www.npmjs.com/package/fastify)
+  - [foreground-child](https://www.npmjs.com/package/foreground-child)
   - [fstream](https://www.npmjs.com/package/fstream)
   - [jGrowl](https://github.com/stanlemon/jGrowl)
   - [jQuery](https://jquery.com/)
@@ -17,6 +19,7 @@
   - [mssql](https://www.npmjs.com/package/mssql)
   - [mysql](https://www.npmjs.com/package/mysql)
   - [npmlog](https://www.npmjs.com/package/npmlog)
+  - [opener](https://www.npmjs.com/package/opener)
   - [pg](https://www.npmjs.com/package/pg)
   - [sequelize](https://www.npmjs.com/package/sequelize)
   - [spanner](https://www.npmjs.com/package/spanner)

cpp/ql/examples/qlpack.yml

@@ -0,0 +1,3 @@
+name: codeql-cpp-examples
+version: 0.0.0
+libraryPathDependencies: codeql-cpp

cpp/ql/src/codeql-suites/cpp-lgtm-full.qls

@@ -9,3 +9,10 @@
     tags contain:
       - ide-contextual-queries/local-definitions
       - ide-contextual-queries/local-references
+- query: Metrics/Dependencies/ExternalDependencies.ql
+- query: Metrics/Dependencies/ExternalDependenciesSourceLinks.ql
+- query: Metrics/Files/FLinesOfCode.ql
+- query: Metrics/Files/FLinesOfCommentedOutCode.ql
+- query: Metrics/Files/FLinesOfComments.ql
+- query: Metrics/Files/FLinesOfDuplicatedCode.ql
+- query: Metrics/Files/FNumberOfTests.ql

cpp/ql/src/semmle/code/cpp/Variable.qll

@@ -582,7 +582,7 @@ class TemplateVariable extends Variable {
  *   float a;
  * }
  *
- * template<type T>
+ * template<typename T>
  * void myTemplateFunction() {
  *   T b;
  * }

csharp/.vscode/extensions.json

@@ -0,0 +1,9 @@
+{
+    "recommendations": [
+        "github.vscode-codeql",
+        "ms-dotnettools.csharp",
+        "formulahendry.dotnet-test-explorer",
+        "hbenl.vscode-test-explorer"
+    ],
+    "unwantedRecommendations": []
+}

csharp/.vscode/settings.json

@@ -0,0 +1,7 @@
+{
+    "dotnet-test-explorer.enableTelemetry": false,
+    "dotnet-test-explorer.testProjectPath": "**/*Tests.@(csproj|vbproj|fsproj)",
+    "dotnet-test-explorer.testArguments": "/property:GenerateTargetFrameworkAttribute=false",
+    "csharp.supressBuildAssetsNotification": true,
+    "csharp.suppressDotnetRestoreNotification": true
+}

csharp/.vscode/tasks.json

@@ -0,0 +1,53 @@
+{
+    "version": "2.0.0",
+    "tasks": [
+        {
+            "label": "dotnet build",
+            "command": "dotnet",
+            "type": "shell",
+            "args": [
+                "build",
+                // Ask dotnet build to generate full paths for file names.
+                "/property:GenerateFullPaths=true",
+                // Do not generate summary otherwise it leads to duplicate errors in Problems panel
+                "/consoleloggerparameters:NoSummary"
+            ],
+            "group": "build",
+            "presentation": {
+                "reveal": "always"
+            },
+            "problemMatcher": "$msCompile"
+        },
+        {
+            "label": "dotnet rebuild",
+            "command": "dotnet",
+            "type": "shell",
+            "args": [
+                "build",
+                "--no-incremental",
+                "/property:GenerateFullPaths=true",
+                "/consoleloggerparameters:NoSummary"
+            ],
+            "group": "build",
+            "presentation": {
+                "reveal": "always"
+            },
+            "problemMatcher": "$msCompile"
+        },
+        {
+            "label": "dotnet test",
+            "command": "dotnet",
+            "type": "shell",
+            "args": [
+                "test",
+                "/property:GenerateFullPaths=true",
+                "/consoleloggerparameters:NoSummary"
+            ],
+            "group": "test",
+            "presentation": {
+                "reveal": "always"
+            },
+            "problemMatcher": "$msCompile"
+        }
+    ]
+}