Merge branch 'am0o0-python-codeExec' of https://github.com/amammad/codeql into am0o0-python-codeExec

Author: am0o0

.bazelrc

@@ -14,6 +14,10 @@ build:linux --cxxopt=-std=c++20
 build:macos --cxxopt=-std=c++20 --cpu=darwin_x86_64
 build:windows --cxxopt=/std:c++20 --cxxopt=/Zc:preprocessor
 
+# this requires developer mode, but is required to have pack installer functioning
+startup --windows_enable_symlinks
+common --enable_runfiles
+
 common --registry=file:///%workspace%/misc/bazel/registry
 common --registry=https://bcr.bazel.build
 

.github/workflows/buildifier.yml

@@ -24,5 +24,5 @@ jobs:
           extra_args: >
             buildifier --all-files 2>&1 ||
             (
-              echo -e "In order to format all bazel files, please run:\n  bazel run //:buildifier"; exit 1
+              echo -e "In order to format all bazel files, please run:\n  bazel run //misc/bazel:buildifier"; exit 1
             )

.pre-commit-config.yaml

@@ -26,7 +26,14 @@ repos:
         name: Format bazel files
         files: \.(bazel|bzl)
         language: system
-        entry: bazel run //:buildifier
+        entry: bazel run //misc/bazel:buildifier
+        pass_filenames: false
+
+      - id: go-gen
+        name: Check checked in generated files in go
+        files: ^go/.*
+        language: system
+        entry: bazel run //go:gen
         pass_filenames: false
 
       - id: codeql-format

BUILD.bazel

@@ -1,9 +0,0 @@
-load("@buildifier_prebuilt//:rules.bzl", "buildifier")
-
-buildifier(
-    name = "buildifier",
-    exclude_patterns = [
-        "./.git/*",
-    ],
-    lint_mode = "fix",
-)

CONTRIBUTING.md

@@ -4,6 +4,8 @@ We welcome contributions to our CodeQL libraries and queries. Got an idea for a
 
 There is lots of useful documentation to help you write queries, ranging from information about query file structure to tutorials for specific target languages. For more information on the documentation available, see [CodeQL queries](https://codeql.github.com/docs/writing-codeql-queries/codeql-queries) on [codeql.github.com](https://codeql.github.com).
 
+Note that the CodeQL for Visual Studio Code documentation has been migrated to https://docs.github.com/en/code-security/codeql-for-vs-code/, but you can still contribute to it via a different repository. For more information, see [Contributing to GitHub Docs documentation](https://docs.github.com/en/contributing)."
+
 ## Change notes
 
 Any nontrivial user-visible change to a query pack or library pack should have a change note. For details on how to add a change note for your change, see [this guide](docs/change-notes.md).
@@ -43,7 +45,7 @@ If you have an idea for a query that you would like to share with other CodeQL u
 
 3. **Formatting**
 
-    - The queries and libraries must be autoformatted, for example using the "Format Document" command in [CodeQL for Visual Studio Code](https://codeql.github.com/docs/codeql-for-visual-studio-code/about-codeql-for-visual-studio-code).
+    - The queries and libraries must be autoformatted, for example using the "Format Document" command in [CodeQL for Visual Studio Code](https://docs.github.com/en/code-security/codeql-for-vs-code/).
 
     If you prefer, you can either:
     1. install the [pre-commit framework](https://pre-commit.com/) and install the configured hooks on this repo via `pre-commit install`, or

MODULE.bazel

@@ -13,14 +13,16 @@ local_path_override(
 
 # see https://registry.bazel.build/ for a list of available packages
 
-bazel_dep(name = "platforms", version = "0.0.8")
+bazel_dep(name = "platforms", version = "0.0.9")
+bazel_dep(name = "rules_go", version = "0.47.0")
 bazel_dep(name = "rules_pkg", version = "0.10.1")
 bazel_dep(name = "rules_nodejs", version = "6.0.3")
 bazel_dep(name = "rules_python", version = "0.31.0")
 bazel_dep(name = "bazel_skylib", version = "1.5.0")
 bazel_dep(name = "abseil-cpp", version = "20240116.0", repo_name = "absl")
 bazel_dep(name = "nlohmann_json", version = "3.11.3", repo_name = "json")
 bazel_dep(name = "fmt", version = "10.0.0")
+bazel_dep(name = "gazelle", version = "0.36.0")
 
 bazel_dep(name = "buildifier_prebuilt", version = "6.4.0", dev_dependency = True)
 
@@ -52,6 +54,9 @@ node.toolchain(
 )
 use_repo(node, "nodejs", "nodejs_toolchains")
 
+go_sdk = use_extension("@rules_go//go:extensions.bzl", "go_sdk")
+go_sdk.download(version = "1.22.2")
+
 register_toolchains(
     "@nodejs_toolchains//:all",
 )

README.md

@@ -4,7 +4,7 @@ This open source repository contains the standard CodeQL libraries and queries t
 
 ## How do I learn CodeQL and run queries?
 
-There is [extensive documentation](https://codeql.github.com/docs/) on getting started with writing CodeQL using the [CodeQL extension for Visual Studio Code](https://codeql.github.com/docs/codeql-for-visual-studio-code/) and the [CodeQL CLI](https://codeql.github.com/docs/codeql-cli/).
+There is extensive documentation about the [CodeQL language](https://codeql.github.com/docs/), writing CodeQL using the [CodeQL extension for Visual Studio Code](https://docs.github.com/en/code-security/codeql-for-vs-code/) and using the [CodeQL CLI](https://docs.github.com/en/code-security/codeql-cli).
 
 ## Contributing
 

cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll

@@ -9,6 +9,7 @@ private import semmle.code.cpp.models.interfaces.PartialFlow as PartialFlow
 private import semmle.code.cpp.models.interfaces.FunctionInputsAndOutputs as FIO
 private import semmle.code.cpp.ir.internal.IRCppLanguage
 private import semmle.code.cpp.ir.dataflow.internal.ModelUtil
+private import semmle.code.cpp.ir.implementation.raw.internal.TranslatedInitialization
 private import DataFlowPrivate
 import SsaInternalsCommon
 
@@ -104,8 +105,8 @@ predicate hasRawIndirectInstruction(Instruction instr, int indirectionIndex) {
 cached
 private newtype TDefImpl =
   TDefAddressImpl(BaseIRVariable v) or
-  TDirectDefImpl(BaseSourceVariableInstruction base, Operand address, int indirectionIndex) {
-    isDef(_, _, address, base, _, indirectionIndex)
+  TDirectDefImpl(Operand address, int indirectionIndex) {
+    isDef(_, _, address, _, _, indirectionIndex)
   } or
   TGlobalDefImpl(GlobalLikeVariable v, IRFunction f, int indirectionIndex) {
     // Represents the initial "definition" of a global variable when entering
@@ -115,8 +116,8 @@ private newtype TDefImpl =
 
 cached
 private newtype TUseImpl =
-  TDirectUseImpl(BaseSourceVariableInstruction base, Operand operand, int indirectionIndex) {
-    isUse(_, operand, base, _, indirectionIndex) and
+  TDirectUseImpl(Operand operand, int indirectionIndex) {
+    isUse(_, operand, _, _, indirectionIndex) and
     not isDef(true, _, operand, _, _, _)
   } or
   TGlobalUse(GlobalLikeVariable v, IRFunction f, int indirectionIndex) {
@@ -210,19 +211,11 @@ abstract class DefImpl extends TDefImpl {
    */
   abstract int getIndirection();
 
-  /**
-   * Gets the instruction that computes the base of this definition or use.
-   * This is always a `VariableAddressInstruction` or an `CallInstruction`.
-   */
-  abstract BaseSourceVariableInstruction getBase();
-
   /**
    * Gets the base source variable (i.e., the variable without
    * any indirection) of this definition or use.
    */
-  final BaseSourceVariable getBaseSourceVariable() {
-    this.getBase().getBaseSourceVariable() = result
-  }
+  abstract BaseSourceVariable getBaseSourceVariable();
 
   /** Gets the variable that is defined or used. */
   SourceVariable getSourceVariable() {
@@ -282,19 +275,11 @@ abstract class UseImpl extends TUseImpl {
   /** Gets the indirection index of this use. */
   final int getIndirectionIndex() { result = indirectionIndex }
 
-  /**
-   * Gets the instruction that computes the base of this definition or use.
-   * This is always a `VariableAddressInstruction` or an `CallInstruction`.
-   */
-  abstract BaseSourceVariableInstruction getBase();
-
   /**
    * Gets the base source variable (i.e., the variable without
    * any indirection) of this definition or use.
    */
-  final BaseSourceVariable getBaseSourceVariable() {
-    this.getBase().getBaseSourceVariable() = result
-  }
+  abstract BaseSourceVariable getBaseSourceVariable();
 
   /** Gets the variable that is defined or used. */
   SourceVariable getSourceVariable() {
@@ -329,6 +314,17 @@ private predicate sourceVariableHasBaseAndIndex(SourceVariable v, BaseSourceVari
   v.getIndirection() = ind
 }
 
+/**
+ * Gets the instruction that computes the address that's used to
+ * initialize `v`.
+ */
+private Instruction getInitializationTargetAddress(IRVariable v) {
+  exists(TranslatedVariableInitialization init |
+    init.getIRVariable() = v and
+    result = init.getTargetAddress()
+  )
+}
+
 /** An initial definition of an `IRVariable`'s address. */
 private class DefAddressImpl extends DefImpl, TDefAddressImpl {
   BaseIRVariable v;
@@ -347,8 +343,15 @@ private class DefAddressImpl extends DefImpl, TDefAddressImpl {
   final override Node0Impl getValue() { none() }
 
   final override predicate hasIndexInBlock(IRBlock block, int index) {
-    block = v.getIRVariable().getEnclosingIRFunction().getEntryBlock() and
-    index = 0
+    exists(IRVariable var | var = v.getIRVariable() |
+      block.getInstruction(index) = getInitializationTargetAddress(var)
+      or
+      // If there is no translatated element that does initialization of the
+      // variable we place the SSA definition at the entry block of the function.
+      not exists(getInitializationTargetAddress(var)) and
+      block = var.getEnclosingIRFunction().getEntryBlock() and
+      index = 0
+    )
   }
 
   override Cpp::Location getLocation() { result = v.getIRVariable().getLocation() }
@@ -358,14 +361,13 @@ private class DefAddressImpl extends DefImpl, TDefAddressImpl {
     result.getIndirection() = 0
   }
 
-  final override BaseSourceVariableInstruction getBase() { none() }
+  final override BaseSourceVariable getBaseSourceVariable() { result = v }
 }
 
 private class DirectDef extends DefImpl, TDirectDefImpl {
   Operand address;
-  BaseSourceVariableInstruction base;
 
-  DirectDef() { this = TDirectDefImpl(base, address, indirectionIndex) }
+  DirectDef() { this = TDirectDefImpl(address, indirectionIndex) }
 
   override Cpp::Location getLocation() { result = this.getAddressOperand().getUse().getLocation() }
 
@@ -377,30 +379,36 @@ private class DirectDef extends DefImpl, TDirectDefImpl {
 
   override Operand getAddressOperand() { result = address }
 
-  override BaseSourceVariableInstruction getBase() { result = base }
+  private BaseSourceVariableInstruction getBase() {
+    isDef(_, _, address, result, _, indirectionIndex)
+  }
+
+  override BaseSourceVariable getBaseSourceVariable() {
+    result = this.getBase().getBaseSourceVariable()
+  }
 
-  override int getIndirection() { isDef(_, _, address, base, result, indirectionIndex) }
+  override int getIndirection() { isDef(_, _, address, _, result, indirectionIndex) }
 
-  override Node0Impl getValue() { isDef(_, result, address, base, _, _) }
+  override Node0Impl getValue() { isDef(_, result, address, _, _, _) }
 
-  override predicate isCertain() { isDef(true, _, address, base, _, indirectionIndex) }
+  override predicate isCertain() { isDef(true, _, address, _, _, indirectionIndex) }
 }
 
 private class DirectUseImpl extends UseImpl, TDirectUseImpl {
   Operand operand;
-  BaseSourceVariableInstruction base;
 
-  DirectUseImpl() { this = TDirectUseImpl(base, operand, indirectionIndex) }
+  DirectUseImpl() { this = TDirectUseImpl(operand, indirectionIndex) }
 
   override string toString() { result = "Use of " + this.getSourceVariable() }
 
   final override predicate hasIndexInBlock(IRBlock block, int index) {
     // See the comment in `ssa0`'s `OperandBasedUse` for an explanation of this
     // predicate's implementation.
-    if base.getAst() = any(Cpp::PostfixCrementOperation c).getOperand()
+    if this.getBase().getAst() = any(Cpp::PostfixCrementOperation c).getOperand()
     then
-      exists(Operand op, int indirection |
+      exists(Operand op, int indirection, Instruction base |
         indirection = this.getIndirection() and
+        base = this.getBase() and
         op =
           min(Operand cand, int i |
             isUse(_, cand, base, indirection, indirectionIndex) and
@@ -413,15 +421,19 @@ private class DirectUseImpl extends UseImpl, TDirectUseImpl {
     else operand.getUse() = block.getInstruction(index)
   }
 
-  final override BaseSourceVariableInstruction getBase() { result = base }
+  private BaseSourceVariableInstruction getBase() { isUse(_, operand, result, _, indirectionIndex) }
+
+  override BaseSourceVariable getBaseSourceVariable() {
+    result = this.getBase().getBaseSourceVariable()
+  }
 
   final Operand getOperand() { result = operand }
 
   final override Cpp::Location getLocation() { result = operand.getLocation() }
 
-  override int getIndirection() { isUse(_, operand, base, result, indirectionIndex) }
+  override int getIndirection() { isUse(_, operand, _, result, indirectionIndex) }
 
-  override predicate isCertain() { isUse(true, operand, base, _, indirectionIndex) }
+  override predicate isCertain() { isUse(true, operand, _, _, indirectionIndex) }
 
   override Node getNode() { nodeHasOperand(result, operand, indirectionIndex) }
 }
@@ -480,13 +492,7 @@ class FinalParameterUse extends UseImpl, TFinalParameterUse {
     result instanceof UnknownDefaultLocation
   }
 
-  override BaseSourceVariableInstruction getBase() {
-    exists(InitializeParameterInstruction init |
-      init.getParameter() = p and
-      // This is always a `VariableAddressInstruction`
-      result = init.getAnOperand().getDef()
-    )
-  }
+  override BaseIRVariable getBaseSourceVariable() { result.getIRVariable().getAst() = p }
 }
 
 /**
@@ -572,8 +578,8 @@ class GlobalUse extends UseImpl, TGlobalUse {
     )
   }
 
-  override SourceVariable getSourceVariable() {
-    sourceVariableIsGlobal(result, global, f, this.getIndirection())
+  override BaseSourceVariable getBaseSourceVariable() {
+    baseSourceVariableIsGlobal(result, global, f)
   }
 
   final override Cpp::Location getLocation() { result = f.getLocation() }
@@ -590,8 +596,6 @@ class GlobalUse extends UseImpl, TGlobalUse {
   Type getUnderlyingType() { result = global.getUnderlyingType() }
 
   override predicate isCertain() { any() }
-
-  override BaseSourceVariableInstruction getBase() { none() }
 }
 
 /**
@@ -621,8 +625,8 @@ class GlobalDefImpl extends DefImpl, TGlobalDefImpl {
   }
 
   /** Gets the global variable associated with this definition. */
-  override SourceVariable getSourceVariable() {
-    sourceVariableIsGlobal(result, global, f, this.getIndirection())
+  override BaseSourceVariable getBaseSourceVariable() {
+    baseSourceVariableIsGlobal(result, global, f)
   }
 
   override int getIndirection() { result = indirectionIndex }
@@ -645,8 +649,6 @@ class GlobalDefImpl extends DefImpl, TGlobalDefImpl {
   override string toString() { result = "Def of " + this.getSourceVariable() }
 
   override Location getLocation() { result = f.getLocation() }
-
-  override BaseSourceVariableInstruction getBase() { none() }
 }
 
 /**
@@ -959,11 +961,10 @@ predicate fromPhiNode(SsaPhiNode nodeFrom, Node nodeTo) {
   )
 }
 
-private predicate sourceVariableIsGlobal(
-  SourceVariable sv, GlobalLikeVariable global, IRFunction func, int indirectionIndex
+private predicate baseSourceVariableIsGlobal(
+  BaseIRVariable base, GlobalLikeVariable global, IRFunction func
 ) {
-  exists(IRVariable irVar, BaseIRVariable base |
-    sourceVariableHasBaseAndIndex(sv, base, indirectionIndex) and
+  exists(IRVariable irVar |
     irVar = base.getIRVariable() and
     irVar.getEnclosingIRFunction() = func and
     global = irVar.getAst() and

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedElement.qll

@@ -830,6 +830,12 @@ newtype TTranslatedElement =
       not ignoreExpr(dc)
     )
   } or
+  // The set of destructors to invoke after a handler for a `try` statement. These
+  // need to be special cased because the destructors need to run following an
+  // `ExceptionEdge`, but not following a `GotoEdge` edge.
+  TTranslatedDestructorsAfterHandler(Handler handler) {
+    exists(handler.getAnImplicitDestructorCall())
+  } or
   // A precise side effect of an argument to a `Call`
   TTranslatedArgumentExprSideEffect(Call call, Expr expr, int n, SideEffectOpcode opcode) {
     not ignoreExpr(expr) and