Merge branch 'main' into smaller-join-in-get-root-cause

Author: MathiasVP

.bazelrc

@@ -0,0 +1,3 @@
+build --copt="-std=c++17"
+
+try-import %workspace%/local.bazelrc

.bazelversion

@@ -0,0 +1 @@
+5.0.0

.github/actions/fetch-codeql/action.yml

@@ -3,12 +3,22 @@ description: Fetches the latest version of CodeQL
 runs:
   using: composite
   steps:
+    - name: Select platform - Linux
+      if: runner.os == 'Linux'
+      shell: bash
+      run: echo "GA_CODEQL_CLI_PLATFORM=linux64" >> $GITHUB_ENV
+
+    - name: Select platform - MacOS
+      if: runner.os == 'MacOS'
+      shell: bash
+      run: echo "GA_CODEQL_CLI_PLATFORM=osx64" >> $GITHUB_ENV
+
     - name: Fetch CodeQL
       shell: bash
       run: |
         LATEST=$(gh release list --repo https://github.com/github/codeql-cli-binaries | cut -f 1 | grep -v beta | sort --version-sort | tail -1)
-        gh release download --repo https://github.com/github/codeql-cli-binaries --pattern codeql-linux64.zip "$LATEST"
-        unzip -q -d "${RUNNER_TEMP}" codeql-linux64.zip
+        gh release download --repo https://github.com/github/codeql-cli-binaries --pattern codeql-$GA_CODEQL_CLI_PLATFORM.zip "$LATEST"
+        unzip -q -d "${RUNNER_TEMP}" codeql-$GA_CODEQL_CLI_PLATFORM.zip
         echo "${RUNNER_TEMP}/codeql" >> "${GITHUB_PATH}"
       env:
         GITHUB_TOKEN: ${{ github.token }}

.github/workflows/swift-qltest.yml

@@ -0,0 +1,51 @@
+name: "Swift: Run QL Tests"
+
+on:
+  pull_request:
+    paths:
+      - "swift/**"
+      - .github/workflows/swift-qltest.yml
+    branches:
+      - main
+defaults:
+  run:
+    working-directory: swift
+
+jobs:
+  qlformat:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: ./.github/actions/fetch-codeql
+      - name: Check QL formatting
+        run: find ql "(" -name "*.ql" -or -name "*.qll" ")" -print0 | xargs -0 codeql query format --check-only
+  qltest:
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        os : [ubuntu-20.04, macos-latest]
+    steps:
+      - uses: actions/checkout@v2
+      - uses: ./.github/actions/fetch-codeql
+      - name: Install bazelisk - Linux
+        if: runner.os == 'Linux'
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y wget
+          wget https://github.com/bazelbuild/bazelisk/releases/download/v1.11.0/bazelisk-linux-amd64
+          mv bazelisk-linux-amd64 /usr/local/bin/bazel
+          chmod +x /usr/local/bin/bazel
+      - name: Install bazelisk - macOS
+        if: runner.os == 'MacOS'
+        run: |
+          brew install bazelisk
+      - name: Build Swift extractor
+        run: |
+          bazel run //swift:create-extractor-pack
+      - name: Run QL tests
+        run: |
+          codeql test run --threads=0 --ram 5000 --search-path "${{ github.workspace }}/swift/extractor-pack" --check-databases --check-unused-labels --check-repeated-labels --check-redefined-labels --check-use-before-definition ql/test
+        env:
+          GITHUB_TOKEN: ${{ github.token }}
+

.gitignore

@@ -31,5 +31,8 @@ csharp/extractor/Semmle.Extraction.CSharp.Driver/Properties/launchSettings.json
 # Compiled class file
 *.class
 
-# links create by bazel
+# links created by bazel
 /bazel-*
+
+# CLion project files
+/.clwb

BUILD.bazel

@@ -1,2 +1,12 @@
 # Please notice that any bazel targets and definitions in this repository are currently experimental
 # and for internal use only.
+
+workspace(name = "codeql")
+
+load("//misc/bazel:workspace.bzl", "codeql_workspace")
+
+codeql_workspace()
+
+load("//misc/bazel:workspace_deps.bzl", "codeql_workspace_deps")
+
+codeql_workspace_deps()

WORKSPACE.bazel

@@ -383,7 +383,8 @@
     "csharp/ql/test/TestUtilities/InlineExpectationsTest.qll",
     "java/ql/test/TestUtilities/InlineExpectationsTest.qll",
     "python/ql/test/TestUtilities/InlineExpectationsTest.qll",
-    "ruby/ql/test/TestUtilities/InlineExpectationsTest.qll"
+    "ruby/ql/test/TestUtilities/InlineExpectationsTest.qll",
+    "ql/ql/test/TestUtilities/InlineExpectationsTest.qll"
   ],
   "C++ ExternalAPIs": [
     "cpp/ql/src/Security/CWE/CWE-020/ExternalAPIs.qll",

config/identical-files.json

@@ -84,6 +84,7 @@ private int fileHeaderLimit(File f) {
     fc = fileFirstComment(f) and
     result =
       min(int line |
+        // code ending the initial comments
         exists(DeclarationEntry de, Location l |
           l = de.getLocation() and
           l.getFile() = f and
@@ -105,7 +106,13 @@ private int fileHeaderLimit(File f) {
           line > fc
         )
         or
+        // end of the file
         line = f.getMetrics().getNumberOfLines()
+        or
+        // rarely, we've seen extremely long sequences of initial comments
+        // (and/or limitations in the above constraints) cause an overflow of
+        // the maximum string length. So don't look past 1000 lines regardless.
+        line = 1000
       )
   )
 }

cpp/ql/lib/semmle/code/cpp/AutogeneratedFile.qll

@@ -5047,6 +5047,7 @@ private module FlowExploration {
     )
   }
 
+  pragma[nomagic]
   private predicate revPartialPathStep(
     PartialPathNodeRev mid, NodeEx node, FlowState state, TRevSummaryCtx1 sc1, TRevSummaryCtx2 sc2,
     TRevSummaryCtx3 sc3, RevPartialAccessPath ap, Configuration config