Merge branch 'main' into rdmarsh2/swift/array-content-flow

Author: rdmarsh2

cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlow.qll

@@ -429,5 +429,22 @@ module MergePathGraph3<
   /**
    * Provides the query predicates needed to include a graph in a path-problem query.
    */
-  module PathGraph = Merged::PathGraph;
+  module PathGraph implements PathGraphSig<PathNode> {
+    /** Holds if `(a,b)` is an edge in the graph of data flow path explanations. */
+    query predicate edges(PathNode a, PathNode b) { Merged::PathGraph::edges(a, b) }
+
+    /** Holds if `n` is a node in the graph of data flow path explanations. */
+    query predicate nodes(PathNode n, string key, string val) {
+      Merged::PathGraph::nodes(n, key, val)
+    }
+
+    /**
+     * Holds if `(arg, par, ret, out)` forms a subpath-tuple, that is, flow through
+     * a subpath between `par` and `ret` with the connecting edges `arg -> par` and
+     * `ret -> out` is summarized as the edge `arg -> out`.
+     */
+    query predicate subpaths(PathNode arg, PathNode par, PathNode ret, PathNode out) {
+      Merged::PathGraph::subpaths(arg, par, ret, out)
+    }
+  }
 }

cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlow.qll

@@ -429,5 +429,22 @@ module MergePathGraph3<
   /**
    * Provides the query predicates needed to include a graph in a path-problem query.
    */
-  module PathGraph = Merged::PathGraph;
+  module PathGraph implements PathGraphSig<PathNode> {
+    /** Holds if `(a,b)` is an edge in the graph of data flow path explanations. */
+    query predicate edges(PathNode a, PathNode b) { Merged::PathGraph::edges(a, b) }
+
+    /** Holds if `n` is a node in the graph of data flow path explanations. */
+    query predicate nodes(PathNode n, string key, string val) {
+      Merged::PathGraph::nodes(n, key, val)
+    }
+
+    /**
+     * Holds if `(arg, par, ret, out)` forms a subpath-tuple, that is, flow through
+     * a subpath between `par` and `ret` with the connecting edges `arg -> par` and
+     * `ret -> out` is summarized as the edge `arg -> out`.
+     */
+    query predicate subpaths(PathNode arg, PathNode par, PathNode ret, PathNode out) {
+      Merged::PathGraph::subpaths(arg, par, ret, out)
+    }
+  }
 }

csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlow.qll

@@ -429,5 +429,22 @@ module MergePathGraph3<
   /**
    * Provides the query predicates needed to include a graph in a path-problem query.
    */
-  module PathGraph = Merged::PathGraph;
+  module PathGraph implements PathGraphSig<PathNode> {
+    /** Holds if `(a,b)` is an edge in the graph of data flow path explanations. */
+    query predicate edges(PathNode a, PathNode b) { Merged::PathGraph::edges(a, b) }
+
+    /** Holds if `n` is a node in the graph of data flow path explanations. */
+    query predicate nodes(PathNode n, string key, string val) {
+      Merged::PathGraph::nodes(n, key, val)
+    }
+
+    /**
+     * Holds if `(arg, par, ret, out)` forms a subpath-tuple, that is, flow through
+     * a subpath between `par` and `ret` with the connecting edges `arg -> par` and
+     * `ret -> out` is summarized as the edge `arg -> out`.
+     */
+    query predicate subpaths(PathNode arg, PathNode par, PathNode ret, PathNode out) {
+      Merged::PathGraph::subpaths(arg, par, ret, out)
+    }
+  }
 }

docs/codeql/writing-codeql-queries/catch-the-fire-starter.rst

@@ -168,16 +168,16 @@ Exercise 1
    predicate isSouthern(Person p) { p.getLocation() = "south" }
 
    class Southerner extends Person {
-   /* the characteristic predicate */
-   Southerner() { isSouthern(this) }
+     /* the characteristic predicate */
+     Southerner() { isSouthern(this) }
    }
 
    class Child extends Person {
-   /* the characteristic predicate */
-   Child() { this.getAge() < 10 }
+     /* the characteristic predicate */
+     Child() { this.getAge() < 10 }
 
-   /* a member predicate */
-   override predicate isAllowedIn(string region) { region = this.getLocation() }
+     /* a member predicate */
+     override predicate isAllowedIn(string region) { region = this.getLocation() }
    }
 
    from Southerner s
@@ -194,16 +194,16 @@ Exercise 2
    predicate isSouthern(Person p) { p.getLocation() = "south" }
 
    class Southerner extends Person {
-   /* the characteristic predicate */
-   Southerner() { isSouthern(this) }
+     /* the characteristic predicate */
+     Southerner() { isSouthern(this) }
    }
 
    class Child extends Person {
-   /* the characteristic predicate */
-   Child() { this.getAge() < 10 }
+     /* the characteristic predicate */
+     Child() { this.getAge() < 10 }
 
-   /* a member predicate */
-   override predicate isAllowedIn(string region) { region = this.getLocation() }
+     /* a member predicate */
+     override predicate isAllowedIn(string region) { region = this.getLocation() }
    }
 
    predicate isBald(Person p) { not exists(string c | p.getHairColor() = c) }

docs/codeql/writing-codeql-queries/crown-the-rightful-heir.rst

@@ -183,8 +183,8 @@ Exercise 1
 
    from Person p
    where
-   not p.isDeceased() and
-   p = relativeOf("King Basil")
+     not p.isDeceased() and
+     p = relativeOf("King Basil")
    select p
 
 Exercise 2
@@ -197,14 +197,14 @@ Exercise 2
    Person relativeOf(Person p) { parentOf*(result) = parentOf*(p) }
 
    predicate hasCriminalRecord(Person p) {
-   p = "Hester" or
-   p = "Hugh" or
-   p = "Charlie"
+     p = "Hester" or
+     p = "Hugh" or
+     p = "Charlie"
    }
 
    from Person p
    where
-   not p.isDeceased() and
-   p = relativeOf("King Basil") and
-   not hasCriminalRecord(p)
+     not p.isDeceased() and
+     p = relativeOf("King Basil") and
+     not hasCriminalRecord(p)
    select p

docs/codeql/writing-codeql-queries/find-the-thief.rst

@@ -307,14 +307,14 @@ Exercise 1
 
    from Person t
    where
-   /* 1 */ t.getHeight() > 150 and
-   /* 2 */ not t.getHairColor() = "blond" and
-   /* 3 */ exists (string c | t.getHairColor() = c) and
-   /* 4 */ not t.getAge() < 30 and
-   /* 5 */ t.getLocation() = "east" and
-   /* 6 */ (t.getHairColor() = "black" or t.getHairColor() = "brown") and
-   /* 7 */ not (t.getHeight() > 180 and t.getHeight() < 190) and
-   /* 8 */ exists(Person p | p.getAge() > t.getAge())
+     /* 1 */ t.getHeight() > 150 and
+     /* 2 */ not t.getHairColor() = "blond" and
+     /* 3 */ exists (string c | t.getHairColor() = c) and
+     /* 4 */ not t.getAge() < 30 and
+     /* 5 */ t.getLocation() = "east" and
+     /* 6 */ (t.getHairColor() = "black" or t.getHairColor() = "brown") and
+     /* 7 */ not (t.getHeight() > 180 and t.getHeight() < 190) and
+     /* 8 */ exists(Person p | p.getAge() > t.getAge())
    select t
 
 Exercise 2
@@ -326,16 +326,16 @@ Exercise 2
 
    from Person t
    where
-   /* 1 */ t.getHeight() > 150 and
-   /* 2 */ not t.getHairColor() = "blond" and
-   /* 3 */ exists (string c | t.getHairColor() = c) and
-   /* 4 */ not t.getAge() < 30 and
-   /* 5 */ t.getLocation() = "east" and
-   /* 6 */ (t.getHairColor() = "black" or t.getHairColor() = "brown") and
-   /* 7 */ not (t.getHeight() > 180 and t.getHeight() < 190) and
-   /* 8 */ exists(Person p | p.getAge() > t.getAge()) and
-   /* 9 */ not t = max(Person p | | p order by p.getHeight()) and
-   /* 10 */ t.getHeight() < avg(float i | exists(Person p | p.getHeight() = i) | i) and
-   /* 11 */ t = max(Person p | p.getLocation() = "east" | p order by p.getAge())
+     /* 1 */ t.getHeight() > 150 and
+     /* 2 */ not t.getHairColor() = "blond" and
+     /* 3 */ exists (string c | t.getHairColor() = c) and
+     /* 4 */ not t.getAge() < 30 and
+     /* 5 */ t.getLocation() = "east" and
+     /* 6 */ (t.getHairColor() = "black" or t.getHairColor() = "brown") and
+     /* 7 */ not (t.getHeight() > 180 and t.getHeight() < 190) and
+     /* 8 */ exists(Person p | p.getAge() > t.getAge()) and
+     /* 9 */ not t = max(Person p | | p order by p.getHeight()) and
+     /* 10 */ t.getHeight() < avg(float i | exists(Person p | p.getHeight() = i) | i) and
+     /* 11 */ t = max(Person p | p.getLocation() = "east" | p order by p.getAge())
    select "The thief is " + t + "!"
    

go/ql/lib/semmle/go/dataflow/internal/DataFlow.qll

@@ -429,5 +429,22 @@ module MergePathGraph3<
   /**
    * Provides the query predicates needed to include a graph in a path-problem query.
    */
-  module PathGraph = Merged::PathGraph;
+  module PathGraph implements PathGraphSig<PathNode> {
+    /** Holds if `(a,b)` is an edge in the graph of data flow path explanations. */
+    query predicate edges(PathNode a, PathNode b) { Merged::PathGraph::edges(a, b) }
+
+    /** Holds if `n` is a node in the graph of data flow path explanations. */
+    query predicate nodes(PathNode n, string key, string val) {
+      Merged::PathGraph::nodes(n, key, val)
+    }
+
+    /**
+     * Holds if `(arg, par, ret, out)` forms a subpath-tuple, that is, flow through
+     * a subpath between `par` and `ret` with the connecting edges `arg -> par` and
+     * `ret -> out` is summarized as the edge `arg -> out`.
+     */
+    query predicate subpaths(PathNode arg, PathNode par, PathNode ret, PathNode out) {
+      Merged::PathGraph::subpaths(arg, par, ret, out)
+    }
+  }
 }

java/kotlin-extractor/src/main/kotlin/utils/Logger.kt

@@ -46,12 +46,22 @@ class LogMessage(private val kind: String, private val message: String) {
     private fun escape(str: String): String {
         return str.replace("\\", "\\\\")
                   .replace("\"", "\\\"")
-                  .replace("/", "\\/")
-                  .replace("\b", "\\b")
+                  .replace("\u0000", "\\u0000")
+                  .replace("\u0001", "\\u0001")
+                  .replace("\u0002", "\\u0002")
+                  .replace("\u0003", "\\u0003")
+                  .replace("\u0004", "\\u0004")
+                  .replace("\u0005", "\\u0005")
+                  .replace("\u0006", "\\u0006")
+                  .replace("\u0007", "\\u0007")
+                  .replace("\u0008", "\\b")
+                  .replace("\u0009", "\\t")
+                  .replace("\u000A", "\\n")
+                  .replace("\u000B", "\\u000B")
                   .replace("\u000C", "\\f")
-                  .replace("\n", "\\n")
-                  .replace("\r", "\\r")
-                  .replace("\t", "\\t")
+                  .replace("\u000D", "\\r")
+                  .replace("\u000E", "\\u000E")
+                  .replace("\u000F", "\\u000F")
     }
 
     fun toJsonLine(): String {

java/ql/lib/change-notes/2023-07-12-add-models-for-struts2-framework.md

@@ -0,0 +1,5 @@
+---
+category: minorAnalysis
+---
+* Added models for the Struts 2 framework.
+

java/ql/lib/change-notes/2023-07-12-improve-sources-for-the-struts2-framework.md

@@ -0,0 +1,5 @@
+---
+category: minorAnalysis
+---
+* Improved the modeling of Struts 2 sources of untrusted data by tainting the whole object graph of the objects unmarshaled from an HTTP request.
+