Rename ContextExpression to SimpleReferenceExpression

Author: Alvaro Muñoz

ql/lib/codeql/actions/Ast.qll

@@ -226,20 +226,20 @@ class Run extends Step instanceof RunImpl {
   Expression getAnScriptExpr() { result = super.getAnScriptExpr() }
 }
 
-abstract class ContextExpression extends AstNode instanceof ContextExpressionImpl {
+abstract class SimpleReferenceExpression extends AstNode instanceof SimpleReferenceExpressionImpl {
   string getFieldName() { result = super.getFieldName() }
 
   AstNode getTarget() { result = super.getTarget() }
 }
 
-class StepsExpression extends ContextExpression instanceof StepsExpressionImpl { }
+class StepsExpression extends SimpleReferenceExpression instanceof StepsExpressionImpl { }
 
-class NeedsExpression extends ContextExpression instanceof NeedsExpressionImpl { }
+class NeedsExpression extends SimpleReferenceExpression instanceof NeedsExpressionImpl { }
 
-class JobsExpression extends ContextExpression instanceof JobsExpressionImpl { }
+class JobsExpression extends SimpleReferenceExpression instanceof JobsExpressionImpl { }
 
-class InputsExpression extends ContextExpression instanceof InputsExpressionImpl { }
+class InputsExpression extends SimpleReferenceExpression instanceof InputsExpressionImpl { }
 
-class EnvExpression extends ContextExpression instanceof EnvExpressionImpl { }
+class EnvExpression extends SimpleReferenceExpression instanceof EnvExpressionImpl { }
 
-class MatrixExpression extends ContextExpression instanceof MatrixExpressionImpl { }
+class MatrixExpression extends SimpleReferenceExpression instanceof MatrixExpressionImpl { }

ql/lib/codeql/actions/ast/internal/Ast.qll

@@ -19,24 +19,18 @@ int partialLineLengthSum(string text, int i) {
   result = sum(int j, int length | j in [0 .. i] and length = lineLength(text, j) | length)
 }
 
-/**
- * Holds if `${{ e }}` is a GitHub Actions expression evaluated within this YAML string.
- * See https://docs.github.com/en/free-pro-team@latest/actions/reference/context-and-expression-syntax-for-github-actions.
- * Only finds simple expressions like `${{ github.event.comment.body }}`, where the expression contains only alphanumeric characters, underscores, dots, or dashes.
- * Does not identify more complicated expressions like `${{ fromJSON(env.time) }}`, or ${{ format('{{Hello {0}!}}', github.event.head_commit.author.name) }}
- */
-string getASimpleReferenceExpression(YamlString s, int offset) {
+string getADelimitedExpression(YamlString s, int offset) {
   // We use `regexpFind` to obtain *all* matches of `${{...}}`,
   // not just the last (greedy match) or first (reluctant match).
   result =
     s.getValue()
-        .regexpFind("\\$\\{\\{\\s*[A-Za-z0-9'\"_\\[\\]\\*\\(\\)\\.\\-]+\\s*\\}\\}", _, offset)
-        .regexpCapture("(\\$\\{\\{\\s*[A-Za-z0-9'\"_\\[\\]\\*\\((\\)\\.\\-]+\\s*\\}\\})", 1)
+        .regexpFind("\\$\\{\\{\\s*.*\\s*\\}\\}", _, offset)
+        .regexpCapture("(\\$\\{\\{\\s*.*\\s*\\}\\})", 1)
 }
 
 private newtype TAstNode =
   TExpressionNode(YamlNode key, YamlScalar value, string raw, int exprOffset) {
-    raw = getASimpleReferenceExpression(value, exprOffset) and
+    raw = getADelimitedExpression(value, exprOffset) and
     exists(YamlMapping m |
       (
         exists(int i | value = m.getValueNode(i) and key = m.getKeyNode(i))
@@ -789,11 +783,29 @@ class RunImpl extends StepImpl {
   }
 }
 
+/**
+ * Holds if `${{ e }}` is a GitHub Actions expression evaluated within this YAML string.
+ * See https://docs.github.com/en/free-pro-team@latest/actions/reference/context-and-expression-syntax-for-github-actions.
+ * Only finds simple expressions like `${{ github.event.comment.body }}`, where the expression contains only alphanumeric characters, underscores, dots, or dashes.
+ * Does not identify more complicated expressions like `${{ fromJSON(env.time) }}`, or ${{ format('{{Hello {0}!}}', github.event.head_commit.author.name) }}
+ */
+bindingset[s]
+string getASimpleReferenceExpression(string s, int offset) {
+  // We use `regexpFind` to obtain *all* matches of `${{...}}`,
+  // not just the last (greedy match) or first (reluctant match).
+  result =
+    s.trim()
+        .regexpFind("[A-Za-z0-9'\"_\\[\\]\\*\\(\\)\\.\\-]+", _, offset)
+        .regexpCapture("([A-Za-z0-9'\"_\\[\\]\\*\\(\\)\\.\\-]+)", 1)
+}
+
 /**
  * A ${{}} expression accessing a context variable such as steps, needs, jobs, env, inputs, or matrix.
  * https://docs.github.com/en/actions/learn-github-actions/contexts#context-availability
  */
-abstract class ContextExpressionImpl extends ExpressionImpl {
+abstract class SimpleReferenceExpressionImpl extends ExpressionImpl {
+  SimpleReferenceExpressionImpl() { exists(getASimpleReferenceExpression(expression, _)) }
+
   abstract string getFieldName();
 
   abstract AstNodeImpl getTarget();
@@ -829,7 +841,7 @@ private string wrapRegexp(string regex) {
  * https://docs.github.com/en/actions/learn-github-actions/contexts#context-availability
  * e.g. `${{ steps.changed-files.outputs.all_changed_files }}`
  */
-class StepsExpressionImpl extends ContextExpressionImpl {
+class StepsExpressionImpl extends SimpleReferenceExpressionImpl {
   string stepId;
   string fieldName;
 
@@ -842,7 +854,7 @@ class StepsExpressionImpl extends ContextExpressionImpl {
   override string getFieldName() { result = fieldName }
 
   override AstNodeImpl getTarget() {
-    this.getLocation().getFile() = result.getLocation().getFile() and
+    this.getEnclosingJob() = result.getEnclosingJob() and
     result.(StepImpl).getId() = stepId
   }
 }
@@ -852,7 +864,7 @@ class StepsExpressionImpl extends ContextExpressionImpl {
  * https://docs.github.com/en/actions/learn-github-actions/contexts#context-availability
  * e.g. `${{ needs.job1.outputs.foo}}`
  */
-class NeedsExpressionImpl extends ContextExpressionImpl {
+class NeedsExpressionImpl extends SimpleReferenceExpressionImpl {
   JobImpl neededJob;
   string fieldName;
 
@@ -866,7 +878,10 @@ class NeedsExpressionImpl extends ContextExpressionImpl {
   override string getFieldName() { result = fieldName }
 
   override AstNodeImpl getTarget() {
-    this.getEnclosingJob().getANeededJob() = neededJob and
+    (
+      this.getEnclosingJob().getANeededJob() = neededJob or
+      this.getEnclosingJob() = neededJob
+    ) and
     (
       // regular jobs
       neededJob.getOutputs() = result
@@ -882,7 +897,7 @@ class NeedsExpressionImpl extends ContextExpressionImpl {
  * https://docs.github.com/en/actions/learn-github-actions/contexts#context-availability
  * e.g. `${{ jobs.job1.outputs.foo}}` (within reusable workflows)
  */
-class JobsExpressionImpl extends ContextExpressionImpl {
+class JobsExpressionImpl extends SimpleReferenceExpressionImpl {
   string jobId;
   string fieldName;
 
@@ -908,7 +923,7 @@ class JobsExpressionImpl extends ContextExpressionImpl {
  * https://docs.github.com/en/actions/learn-github-actions/contexts#context-availability
  * e.g. `${{ inputs.foo }}`
  */
-class InputsExpressionImpl extends ContextExpressionImpl {
+class InputsExpressionImpl extends SimpleReferenceExpressionImpl {
   string fieldName;
 
   InputsExpressionImpl() {
@@ -933,7 +948,7 @@ class InputsExpressionImpl extends ContextExpressionImpl {
  * https://docs.github.com/en/actions/learn-github-actions/contexts#context-availability
  * e.g. `${{ env.foo }}`
  */
-class EnvExpressionImpl extends ContextExpressionImpl {
+class EnvExpressionImpl extends SimpleReferenceExpressionImpl {
   string fieldName;
 
   EnvExpressionImpl() {
@@ -956,7 +971,7 @@ class EnvExpressionImpl extends ContextExpressionImpl {
  * https://docs.github.com/en/actions/learn-github-actions/contexts#context-availability
  * e.g. `${{ matrix.foo }}`
  */
-class MatrixExpressionImpl extends ContextExpressionImpl {
+class MatrixExpressionImpl extends SimpleReferenceExpressionImpl {
   string fieldName;
 
   MatrixExpressionImpl() {

ql/lib/codeql/actions/dataflow/internal/DataFlowPrivate.qll

@@ -271,7 +271,7 @@ predicate jumpStep(Node nodeFrom, Node nodeTo) { none() }
  * Holds if a Expression reads a field from a job (needs/jobs), step (steps) output via a read of `c` (fieldname)
  */
 predicate ctxFieldReadStep(Node node1, Node node2, ContentSet c) {
-  exists(ContextExpression access |
+  exists(SimpleReferenceExpression access |
     (
       access instanceof NeedsExpression or
       access instanceof StepsExpression or