Merge branch 'main' into python/captured-variables-for-typetracking

Author: yoff

cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll

@@ -3031,6 +3031,17 @@ module Impl<FullStateConfigSig Config> {
       this instanceof PathNodeSinkGroup
     }
 
+    private string ppType() {
+      this instanceof PathNodeSink and result = ""
+      or
+      this.(PathNodeMid).getAp() instanceof AccessPathNil and result = ""
+      or
+      exists(DataFlowType t | t = this.(PathNodeMid).getAp().getHead().getContainerType() |
+        // The `concat` becomes "" if `ppReprType` has no result.
+        result = concat(" : " + ppReprType(t))
+      )
+    }
+
     private string ppAp() {
       this instanceof PathNodeSink and result = ""
       or
@@ -3046,14 +3057,14 @@ module Impl<FullStateConfigSig Config> {
     }
 
     /** Gets a textual representation of this element. */
-    string toString() { result = this.getNodeEx().toString() + this.ppAp() }
+    string toString() { result = this.getNodeEx().toString() + this.ppType() + this.ppAp() }
 
     /**
      * Gets a textual representation of this element, including a textual
      * representation of the call context.
      */
     string toStringWithContext() {
-      result = this.getNodeEx().toString() + this.ppAp() + this.ppCtx()
+      result = this.getNodeEx().toString() + this.ppType() + this.ppAp() + this.ppCtx()
     }
 
     /**
@@ -3998,14 +4009,14 @@ module Impl<FullStateConfigSig Config> {
      */
     class PartialPathNode extends TPartialPathNode {
       /** Gets a textual representation of this element. */
-      string toString() { result = this.getNodeEx().toString() + this.ppAp() }
+      string toString() { result = this.getNodeEx().toString() + this.ppType() + this.ppAp() }
 
       /**
        * Gets a textual representation of this element, including a textual
        * representation of the call context.
        */
       string toStringWithContext() {
-        result = this.getNodeEx().toString() + this.ppAp() + this.ppCtx()
+        result = this.getNodeEx().toString() + this.ppType() + this.ppAp() + this.ppCtx()
       }
 
       /**
@@ -4046,6 +4057,19 @@ module Impl<FullStateConfigSig Config> {
        */
       int getSinkDistance() { result = distSink(this.getNodeEx().getEnclosingCallable()) }
 
+      private string ppType() {
+        this instanceof PartialPathNodeRev and result = ""
+        or
+        this.(PartialPathNodeFwd).getAp() instanceof PartialAccessPathNil and result = ""
+        or
+        exists(DataFlowType t |
+          t = this.(PartialPathNodeFwd).getAp().(PartialAccessPathCons).getType()
+        |
+          // The `concat` becomes "" if `ppReprType` has no result.
+          result = concat(" : " + ppReprType(t))
+        )
+      }
+
       private string ppAp() {
         exists(string s |
           s = this.(PartialPathNodeFwd).getAp().toString() or

cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll

@@ -3031,6 +3031,17 @@ module Impl<FullStateConfigSig Config> {
       this instanceof PathNodeSinkGroup
     }
 
+    private string ppType() {
+      this instanceof PathNodeSink and result = ""
+      or
+      this.(PathNodeMid).getAp() instanceof AccessPathNil and result = ""
+      or
+      exists(DataFlowType t | t = this.(PathNodeMid).getAp().getHead().getContainerType() |
+        // The `concat` becomes "" if `ppReprType` has no result.
+        result = concat(" : " + ppReprType(t))
+      )
+    }
+
     private string ppAp() {
       this instanceof PathNodeSink and result = ""
       or
@@ -3046,14 +3057,14 @@ module Impl<FullStateConfigSig Config> {
     }
 
     /** Gets a textual representation of this element. */
-    string toString() { result = this.getNodeEx().toString() + this.ppAp() }
+    string toString() { result = this.getNodeEx().toString() + this.ppType() + this.ppAp() }
 
     /**
      * Gets a textual representation of this element, including a textual
      * representation of the call context.
      */
     string toStringWithContext() {
-      result = this.getNodeEx().toString() + this.ppAp() + this.ppCtx()
+      result = this.getNodeEx().toString() + this.ppType() + this.ppAp() + this.ppCtx()
     }
 
     /**
@@ -3998,14 +4009,14 @@ module Impl<FullStateConfigSig Config> {
      */
     class PartialPathNode extends TPartialPathNode {
       /** Gets a textual representation of this element. */
-      string toString() { result = this.getNodeEx().toString() + this.ppAp() }
+      string toString() { result = this.getNodeEx().toString() + this.ppType() + this.ppAp() }
 
       /**
        * Gets a textual representation of this element, including a textual
        * representation of the call context.
        */
       string toStringWithContext() {
-        result = this.getNodeEx().toString() + this.ppAp() + this.ppCtx()
+        result = this.getNodeEx().toString() + this.ppType() + this.ppAp() + this.ppCtx()
       }
 
       /**
@@ -4046,6 +4057,19 @@ module Impl<FullStateConfigSig Config> {
        */
       int getSinkDistance() { result = distSink(this.getNodeEx().getEnclosingCallable()) }
 
+      private string ppType() {
+        this instanceof PartialPathNodeRev and result = ""
+        or
+        this.(PartialPathNodeFwd).getAp() instanceof PartialAccessPathNil and result = ""
+        or
+        exists(DataFlowType t |
+          t = this.(PartialPathNodeFwd).getAp().(PartialAccessPathCons).getType()
+        |
+          // The `concat` becomes "" if `ppReprType` has no result.
+          result = concat(" : " + ppReprType(t))
+        )
+      }
+
       private string ppAp() {
         exists(string s |
           s = this.(PartialPathNodeFwd).getAp().toString() or

csharp/documentation/library-coverage/coverage.csv

@@ -1,28 +1,28 @@
-package,sink,source,summary,sink:code,sink:encryption-decryptor,sink:encryption-encryptor,sink:encryption-keyprop,sink:encryption-symmetrickey,sink:html,sink:remote,sink:sql,sink:xss,source:file,source:local,source:remote,summary:taint,summary:value
-Dapper,55,,,,,,,,,,55,,,,,,
-JsonToItemsTaskFactory,,,7,,,,,,,,,,,,,7,
-Microsoft.ApplicationBlocks.Data,28,,,,,,,,,,28,,,,,,
-Microsoft.CSharp,,,24,,,,,,,,,,,,,24,
-Microsoft.EntityFrameworkCore,6,,,,,,,,,,6,,,,,,
-Microsoft.Extensions.Caching.Distributed,,,15,,,,,,,,,,,,,15,
-Microsoft.Extensions.Caching.Memory,,,46,,,,,,,,,,,,,45,1
-Microsoft.Extensions.Configuration,,,83,,,,,,,,,,,,,80,3
-Microsoft.Extensions.DependencyInjection,,,62,,,,,,,,,,,,,62,
-Microsoft.Extensions.DependencyModel,,,12,,,,,,,,,,,,,12,
-Microsoft.Extensions.FileProviders,,,16,,,,,,,,,,,,,16,
-Microsoft.Extensions.FileSystemGlobbing,,,15,,,,,,,,,,,,,13,2
-Microsoft.Extensions.Hosting,,,17,,,,,,,,,,,,,16,1
-Microsoft.Extensions.Http,,,10,,,,,,,,,,,,,10,
-Microsoft.Extensions.Logging,,,37,,,,,,,,,,,,,37,
-Microsoft.Extensions.Options,,,8,,,,,,,,,,,,,8,
-Microsoft.Extensions.Primitives,,,63,,,,,,,,,,,,,63,
-Microsoft.Interop,,,27,,,,,,,,,,,,,27,
-Microsoft.NET.Build.Tasks,,,1,,,,,,,,,,,,,1,
-Microsoft.NETCore.Platforms.BuildTasks,,,4,,,,,,,,,,,,,4,
-Microsoft.VisualBasic,,,10,,,,,,,,,,,,,5,5
-Microsoft.Win32,,,8,,,,,,,,,,,,,8,
-MySql.Data.MySqlClient,48,,,,,,,,,,48,,,,,,
-Newtonsoft.Json,,,91,,,,,,,,,,,,,73,18
-ServiceStack,194,,7,27,,,,,,75,92,,,,,7,
-System,65,8,12154,,8,8,9,,4,,33,3,1,3,4,10163,1991
-Windows.Security.Cryptography.Core,1,,,,,,,1,,,,,,,,,
+package,sink,source,summary,sink:code,sink:encryption-decryptor,sink:encryption-encryptor,sink:encryption-keyprop,sink:encryption-symmetrickey,sink:html,sink:remote,sink:sql,sink:xss,source:file,source:file-write,source:local,source:remote,summary:taint,summary:value
+Dapper,55,,,,,,,,,,55,,,,,,,
+JsonToItemsTaskFactory,,,7,,,,,,,,,,,,,,7,
+Microsoft.ApplicationBlocks.Data,28,,,,,,,,,,28,,,,,,,
+Microsoft.CSharp,,,24,,,,,,,,,,,,,,24,
+Microsoft.EntityFrameworkCore,6,,,,,,,,,,6,,,,,,,
+Microsoft.Extensions.Caching.Distributed,,,15,,,,,,,,,,,,,,15,
+Microsoft.Extensions.Caching.Memory,,,46,,,,,,,,,,,,,,45,1
+Microsoft.Extensions.Configuration,,,83,,,,,,,,,,,,,,80,3
+Microsoft.Extensions.DependencyInjection,,,62,,,,,,,,,,,,,,62,
+Microsoft.Extensions.DependencyModel,,,12,,,,,,,,,,,,,,12,
+Microsoft.Extensions.FileProviders,,,16,,,,,,,,,,,,,,16,
+Microsoft.Extensions.FileSystemGlobbing,,,15,,,,,,,,,,,,,,13,2
+Microsoft.Extensions.Hosting,,,17,,,,,,,,,,,,,,16,1
+Microsoft.Extensions.Http,,,10,,,,,,,,,,,,,,10,
+Microsoft.Extensions.Logging,,,37,,,,,,,,,,,,,,37,
+Microsoft.Extensions.Options,,,8,,,,,,,,,,,,,,8,
+Microsoft.Extensions.Primitives,,,63,,,,,,,,,,,,,,63,
+Microsoft.Interop,,,27,,,,,,,,,,,,,,27,
+Microsoft.NET.Build.Tasks,,,1,,,,,,,,,,,,,,1,
+Microsoft.NETCore.Platforms.BuildTasks,,,4,,,,,,,,,,,,,,4,
+Microsoft.VisualBasic,,,10,,,,,,,,,,,,,,5,5
+Microsoft.Win32,,,8,,,,,,,,,,,,,,8,
+MySql.Data.MySqlClient,48,,,,,,,,,,48,,,,,,,
+Newtonsoft.Json,,,91,,,,,,,,,,,,,,73,18
+ServiceStack,194,,7,27,,,,,,75,92,,,,,,7,
+System,65,25,12154,,8,8,9,,4,,33,3,1,17,3,4,10163,1991
+Windows.Security.Cryptography.Core,1,,,,,,,1,,,,,,,,,,

csharp/documentation/library-coverage/coverage.rst

@@ -8,7 +8,7 @@ C# framework & library support
 
    Framework / library,Package,Flow sources,Taint & value steps,Sinks (total),`CWE-079` :sub:`Cross-site scripting`
    `ServiceStack <https://servicestack.net/>`_,"``ServiceStack.*``, ``ServiceStack``",,7,194,
-   System,"``System.*``, ``System``",8,12154,65,7
+   System,"``System.*``, ``System``",25,12154,65,7
    Others,"``Dapper``, ``JsonToItemsTaskFactory``, ``Microsoft.ApplicationBlocks.Data``, ``Microsoft.CSharp``, ``Microsoft.EntityFrameworkCore``, ``Microsoft.Extensions.Caching.Distributed``, ``Microsoft.Extensions.Caching.Memory``, ``Microsoft.Extensions.Configuration``, ``Microsoft.Extensions.DependencyInjection``, ``Microsoft.Extensions.DependencyModel``, ``Microsoft.Extensions.FileProviders``, ``Microsoft.Extensions.FileSystemGlobbing``, ``Microsoft.Extensions.Hosting``, ``Microsoft.Extensions.Http``, ``Microsoft.Extensions.Logging``, ``Microsoft.Extensions.Options``, ``Microsoft.Extensions.Primitives``, ``Microsoft.Interop``, ``Microsoft.NET.Build.Tasks``, ``Microsoft.NETCore.Platforms.BuildTasks``, ``Microsoft.VisualBasic``, ``Microsoft.Win32``, ``MySql.Data.MySqlClient``, ``Newtonsoft.Json``, ``Windows.Security.Cryptography.Core``",,556,138,
-   Totals,,8,12717,397,7
+   Totals,,25,12717,397,7
 

csharp/ql/integration-tests/all-platforms/diag_dotnet_incompatible/diagnostics.expected

@@ -1,7 +1,4 @@
 {
-  "attributes": {},
-  "helpLinks": [],
-  "internal": false,
   "markdownMessage": "CodeQL found some projects which cannot be built with .NET Core:\n\n- `test.csproj`",
   "severity": "warning",
   "source": {
@@ -16,9 +13,6 @@
   }
 }
 {
-  "attributes": {},
-  "helpLinks": [],
-  "internal": false,
   "markdownMessage": "CodeQL was unable to build the following projects using MSBuild:\n\n- `test.csproj`\n\nSet up a [manual build command](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages).",
   "severity": "error",
   "source": {

csharp/ql/integration-tests/all-platforms/diag_missing_project_files/diagnostics.expected

@@ -1,7 +1,4 @@
 {
-  "attributes": {},
-  "helpLinks": [],
-  "internal": false,
   "markdownMessage": "CodeQL was unable to build the following projects using MSBuild:\n\n- `test.sln`\n\nSet up a [manual build command](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages).",
   "severity": "error",
   "source": {
@@ -16,9 +13,6 @@
   }
 }
 {
-  "attributes": {},
-  "helpLinks": [],
-  "internal": false,
   "markdownMessage": "Some project files were not found when CodeQL built your project:\n\n- `Example.csproj`\n- `Example.Test.csproj`\n\nThis may lead to subsequent failures. You can check for common causes for missing project files:\n\n- Ensure that the project is built using the [intended operating system](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idruns-on) and that filenames on case-sensitive platforms are correctly specified.\n- If your repository uses Git submodules, ensure that those are [checked out](https://github.com/actions/checkout#usage) before the CodeQL Action is run.\n- If you auto-generate some project files as part of your build process, ensure that these are generated before the CodeQL Action is run.",
   "severity": "error",
   "source": {

csharp/ql/integration-tests/all-platforms/diag_missing_xamarin_sdk/diagnostics.expected

@@ -1,7 +1,4 @@
 {
-  "attributes": {},
-  "helpLinks": [],
-  "internal": false,
   "markdownMessage": "CodeQL was unable to build the following projects using .NET Core:\n\n- `test.csproj`\n\nSet up a [manual build command](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages).",
   "severity": "error",
   "source": {
@@ -16,9 +13,6 @@
   }
 }
 {
-  "attributes": {},
-  "helpLinks": [],
-  "internal": false,
   "markdownMessage": "CodeQL was unable to build the following projects using MSBuild:\n\n- `test.csproj`\n\nSet up a [manual build command](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages).",
   "severity": "error",
   "source": {
@@ -33,9 +27,6 @@
   }
 }
 {
-  "attributes": {},
-  "helpLinks": [],
-  "internal": false,
   "markdownMessage": "[Configure your workflow](https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-xamarin-applications) for this SDK before running CodeQL.",
   "severity": "error",
   "source": {

csharp/ql/integration-tests/all-platforms/dotnet_run/test.py

@@ -1,4 +1,3 @@
-import os
 from create_database_utils import *
 from diagnostics_test_utils import *
 
@@ -22,35 +21,35 @@ def check_build_out(msg, s):
 # no arguments, but `--`
 s = run_codeql_database_create_stdout(['dotnet clean', 'rm -rf test-db', 'dotnet run --'], "test2-db")
 check_build_out("Default reply", s)
-check_diagnostics(diagnostics_dir="test2-db/diagnostic")
+check_diagnostics(test_db="test2-db")
 
 # one argument, no `--`
 s = run_codeql_database_create_stdout(['dotnet clean', 'rm -rf test2-db', 'dotnet run hello'], "test3-db")
 check_build_out("Default reply", s)
-check_diagnostics(diagnostics_dir="test3-db/diagnostic")
+check_diagnostics(test_db="test3-db")
 
 # one argument, but `--`
 s = run_codeql_database_create_stdout(['dotnet clean', 'rm -rf test3-db', 'dotnet run -- hello'], "test4-db")
 check_build_out("Default reply", s)
-check_diagnostics(diagnostics_dir="test4-db/diagnostic")
+check_diagnostics(test_db="test4-db")
 
 # two arguments, no `--`
 s = run_codeql_database_create_stdout(['dotnet clean', 'rm -rf test4-db', 'dotnet run hello world'], "test5-db")
 check_build_out("hello, world", s)
-check_diagnostics(diagnostics_dir="test5-db/diagnostic")
+check_diagnostics(test_db="test5-db")
 
 # two arguments, and `--`
 s = run_codeql_database_create_stdout(['dotnet clean', 'rm -rf test5-db', 'dotnet run -- hello world'], "test6-db")
 check_build_out("hello, world", s)
-check_diagnostics(diagnostics_dir="test6-db/diagnostic")
+check_diagnostics(test_db="test6-db")
 
 # shared compilation enabled; tracer should override by changing the command
 # to `dotnet run -p:UseSharedCompilation=true -p:UseSharedCompilation=false -- hello world`
 s = run_codeql_database_create_stdout(['dotnet clean', 'rm -rf test6-db', 'dotnet run -p:UseSharedCompilation=true -- hello world'], "test7-db")
 check_build_out("hello, world", s)
-check_diagnostics(diagnostics_dir="test7-db/diagnostic")
+check_diagnostics(test_db="test7-db")
 
 # option passed into `dotnet run`
 s = run_codeql_database_create_stdout(['dotnet clean', 'rm -rf test7-db', 'dotnet build', 'dotnet run --no-build hello world'], "test8-db")
 check_build_out("hello, world", s)
-check_diagnostics(diagnostics_dir="test8-db/diagnostic")
+check_diagnostics(test_db="test8-db")

csharp/ql/integration-tests/posix-only/diag_autobuild_script/diagnostics.expected

@@ -1,7 +1,4 @@
 {
-  "attributes": {},
-  "helpLinks": [],
-  "internal": false,
   "markdownMessage": "CodeQL attempted to build your project using a script located at `build.sh`, which failed.\n\nSet up a [manual build command](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages).",
   "severity": "error",
   "source": {
@@ -16,9 +13,6 @@
   }
 }
 {
-  "attributes": {},
-  "helpLinks": [],
-  "internal": false,
   "markdownMessage": "CodeQL could not find any project or solution files in your repository.\n\nSet up a [manual build command](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages).",
   "severity": "error",
   "source": {

csharp/ql/integration-tests/posix-only/diag_multiple_scripts/diagnostics.expected

@@ -1,7 +1,4 @@
 {
-  "attributes": {},
-  "helpLinks": [],
-  "internal": false,
   "markdownMessage": "CodeQL could not find any project or solution files in your repository.\n\nSet up a [manual build command](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages).",
   "severity": "error",
   "source": {
@@ -16,9 +13,6 @@
   }
 }
 {
-  "attributes": {},
-  "helpLinks": [],
-  "internal": false,
   "markdownMessage": "CodeQL found multiple potential build scripts for your project and attempted to run `build.sh`, which failed. This may not be the right build script for your project.\n\nSet up a [manual build command](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages).",
   "severity": "error",
   "source": {