Merge branch 'main' into http

Author: geoffw0

MODULE.bazel

@@ -243,7 +243,7 @@ use_repo(
 )
 
 go_sdk = use_extension("@rules_go//go:extensions.bzl", "go_sdk")
-go_sdk.download(version = "1.23.1")
+go_sdk.download(version = "1.24.0")
 
 go_deps = use_extension("@gazelle//:extensions.bzl", "go_deps")
 go_deps.from_file(go_mod = "//go/extractor:go.mod")

go/actions/test/action.yml

@@ -4,7 +4,7 @@ inputs:
   go-test-version:
     description: Which Go version to use for running the tests
     required: false
-    default: "~1.23.1"
+    default: "~1.24.0"
   run-code-checks:
     description: Whether to run formatting, code and qhelp generation checks
     required: false

go/extractor/autobuilder/build-environment.go

@@ -12,7 +12,7 @@ import (
 )
 
 var minGoVersion = util.NewSemVer("1.11")
-var maxGoVersion = util.NewSemVer("1.23")
+var maxGoVersion = util.NewSemVer("1.24")
 
 type versionInfo struct {
 	goModVersion util.SemVer // The version of Go found in the go directive in the `go.mod` file.

go/extractor/extractor.go

@@ -477,6 +477,12 @@ func extractObjects(tw *trap.Writer, scope *types.Scope, scopeLabel trap.Label)
 			}
 			// Populate type parameter parents for named types.
 			if typeNameObj, ok := obj.(*types.TypeName); ok {
+				// `types.TypeName` represents a type with a name: a defined
+				// type, an alias type, a type parameter, or a predeclared
+				// type such as `int` or `error`. We can distinguish these
+				// using `typeNameObj.Type()`, except that we need to be
+				// careful with alias types because before Go 1.24 they would
+				// return the underlying type.
 				if tp, ok := typeNameObj.Type().(*types.Named); ok && !typeNameObj.IsAlias() {
 					populateTypeParamParents(tp.TypeParams(), obj)
 				} else if tp, ok := typeNameObj.Type().(*types.Alias); ok {

go/extractor/go.mod

@@ -1,8 +1,8 @@
 module github.com/github/codeql-go/extractor
 
-go 1.23
+go 1.24
 
-toolchain go1.23.1
+toolchain go1.24.0
 
 // when updating this, run
 //    bazel run @rules_go//go -- mod tidy

go/extractor/project/project.go

@@ -193,7 +193,7 @@ func findGoModFiles(root string) []string {
 }
 
 // A regular expression for the Go toolchain version syntax.
-var toolchainVersionRe *regexp.Regexp = regexp.MustCompile(`(?m)^([0-9]+\.[0-9]+\.[0-9]+)$`)
+var toolchainVersionRe *regexp.Regexp = regexp.MustCompile(`(?m)^([0-9]+\.[0-9]+(\.[0-9]+|rc[0-9]+))$`)
 
 // Returns true if the `go.mod` file specifies a Go language version, that version is `1.21` or greater, and
 // there is no `toolchain` directive, and the Go language version is not a valid toolchain version.

go/ql/lib/change-notes/2025-01-09-model-stdlib-1.24.md

@@ -0,0 +1,5 @@
+---
+category: minorAnalysis
+---
+* Taint models have been added for the `weak` package, which was added in Go 1.24.
+* Taint models have been added for the interfaces `TextAppender` and `BinaryAppender` in the `encoding` package, which were added in Go 1.24.

go/ql/lib/ext/encoding.model.yml

@@ -3,7 +3,11 @@ extensions:
       pack: codeql/go-all
       extensible: summaryModel
     data:
+      - ["encoding", "BinaryAppender", True, "AppendBinary", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"]
+      - ["encoding", "BinaryAppender", True, "AppendBinary", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
       - ["encoding", "BinaryMarshaler", True, "MarshalBinary", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"]
       - ["encoding", "BinaryUnmarshaler", True, "UnmarshalBinary", "", "", "Argument[0]", "Argument[receiver]", "taint", "manual"]
+      - ["encoding", "TextAppender", True, "AppendText", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"]
+      - ["encoding", "TextAppender", True, "AppendText", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
       - ["encoding", "TextMarshaler", True, "MarshalText", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"]
       - ["encoding", "TextUnmarshaler", True, "UnmarshalText", "", "", "Argument[0]", "Argument[receiver]", "taint", "manual"]

go/ql/lib/ext/weak.model.yml

@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: codeql/go-all
+      extensible: summaryModel
+    data:
+      - ["weak", "", False, "Make", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
+      - ["weak", "Pointer", False, "Value", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"]

go/ql/test/library-tests/semmle/go/Function/TypeParamType.expected

@@ -63,18 +63,62 @@ numberOfTypeParameters
 | internal/bytealg.HashStrRev | 0 | T | interface { string \| []uint8 } |
 | internal/bytealg.IndexRabinKarp | 0 | T | interface { string \| []uint8 } |
 | internal/bytealg.LastIndexRabinKarp | 0 | T | interface { string \| []uint8 } |
+| internal/poll.ignoringEINTR2 | 0 | T | interface { } |
 | internal/runtime/atomic.Pointer.CompareAndSwap | 0 | T | interface { } |
 | internal/runtime/atomic.Pointer.CompareAndSwapNoWB | 0 | T | interface { } |
 | internal/runtime/atomic.Pointer.Load | 0 | T | interface { } |
 | internal/runtime/atomic.Pointer.Store | 0 | T | interface { } |
 | internal/runtime/atomic.Pointer.StoreNoWB | 0 | T | interface { } |
+| internal/sync.HashTrieMap.All | 0 | K | comparable |
+| internal/sync.HashTrieMap.All | 1 | V | interface { } |
+| internal/sync.HashTrieMap.CompareAndDelete | 0 | K | comparable |
+| internal/sync.HashTrieMap.CompareAndDelete | 1 | V | interface { } |
+| internal/sync.HashTrieMap.CompareAndSwap | 0 | K | comparable |
+| internal/sync.HashTrieMap.CompareAndSwap | 1 | V | interface { } |
+| internal/sync.HashTrieMap.Delete | 0 | K | comparable |
+| internal/sync.HashTrieMap.Load | 0 | K | comparable |
+| internal/sync.HashTrieMap.Load | 1 | V | interface { } |
+| internal/sync.HashTrieMap.LoadAndDelete | 0 | K | comparable |
+| internal/sync.HashTrieMap.LoadAndDelete | 1 | V | interface { } |
+| internal/sync.HashTrieMap.LoadOrStore | 0 | K | comparable |
+| internal/sync.HashTrieMap.LoadOrStore | 1 | V | interface { } |
+| internal/sync.HashTrieMap.Range | 0 | K | comparable |
+| internal/sync.HashTrieMap.Range | 1 | V | interface { } |
+| internal/sync.HashTrieMap.Store | 0 | K | comparable |
+| internal/sync.HashTrieMap.Store | 1 | V | interface { } |
+| internal/sync.HashTrieMap.Swap | 0 | K | comparable |
+| internal/sync.HashTrieMap.Swap | 1 | V | interface { } |
+| internal/sync.HashTrieMap.find | 0 | K | comparable |
+| internal/sync.HashTrieMap.find | 1 | V | interface { } |
+| internal/sync.HashTrieMap.iter | 0 | K | comparable |
+| internal/sync.HashTrieMap.iter | 1 | V | interface { } |
+| internal/sync.entry | 0 | K | comparable |
+| internal/sync.entry | 1 | V | interface { } |
+| internal/sync.entry.compareAndDelete | 0 | K | comparable |
+| internal/sync.entry.compareAndDelete | 1 | V | interface { } |
+| internal/sync.entry.compareAndSwap | 0 | K | comparable |
+| internal/sync.entry.compareAndSwap | 1 | V | interface { } |
+| internal/sync.entry.loadAndDelete | 0 | K | comparable |
+| internal/sync.entry.loadAndDelete | 1 | V | interface { } |
+| internal/sync.entry.lookup | 0 | K | comparable |
+| internal/sync.entry.lookup | 1 | V | interface { } |
+| internal/sync.entry.lookupWithValue | 0 | K | comparable |
+| internal/sync.entry.lookupWithValue | 1 | V | interface { } |
+| internal/sync.entry.swap | 0 | K | comparable |
+| internal/sync.entry.swap | 1 | V | interface { } |
+| internal/sync.newEntryNode | 0 | K | comparable |
+| internal/sync.newEntryNode | 1 | V | interface { } |
 | iter.Pull | 0 | V | interface { } |
 | iter.Pull2 | 0 | K | interface { } |
 | iter.Pull2 | 1 | V | interface { } |
 | iter.Seq | 0 | V | interface { } |
 | iter.Seq2 | 0 | K | interface { } |
 | iter.Seq2 | 1 | V | interface { } |
+| os.doInRoot | 0 | T | interface { } |
+| os.ignoringEINTR2 | 0 | T | interface { } |
 | reflect.rangeNum | 1 | N | interface { int64 \| uint64 } |
+| runtime.AddCleanup | 0 | T | interface { } |
+| runtime.AddCleanup | 1 | S | interface { } |
 | runtime.fandbits | 0 | F | floaty |
 | runtime.fmax | 0 | F | floaty |
 | runtime.fmin | 0 | F | floaty |