Merge remote-tracking branch 'upstream/main' into mathiasvp/replace-ast-with-ir-use-usedataflow

Author: jketema

.github/workflows/compile-queries.yml

@@ -24,21 +24,21 @@ jobs:
         run: |
           MERGE_BASE=$(git merge-base --fork-point origin/$BASE_BRANCH)
           echo "merge-base=$MERGE_BASE" >> $GITHUB_ENV
-      - name: Calculate merge-base - branch
-        if: ${{ github.event_name != 'pull_request' }}
-        # using github.sha instead, since we're directly on a branch, and not in a PR
-        run: |
-          MERGE_BASE=${{ github.sha }}
-          echo "merge-base=$MERGE_BASE" >> $GITHUB_ENV
-      - name: Cache CodeQL query compilation
+      - name: Read CodeQL query compilation - PR
+        if: ${{ github.event_name == 'pull_request' }}
         uses: actions/cache@v3
         with:
           path: '*/ql/src/.cache'
-          # current GH HEAD first, merge-base second, generic third
-          key: codeql-stable-compile-${{ github.sha }}
+          key: codeql-compile-pr-${{ github.sha }} # deliberately not using the `compile-compile-main` keys here.
           restore-keys: |
-            codeql-stable-compile-${{ env.merge-base }}
-            codeql-stable-compile-
+            codeql-compile-main-${{ env.merge-base }}
+            codeql-compile-main-
+      - name: Fill CodeQL query compilation cache - main
+        if: ${{ github.event_name != 'pull_request' }}
+        uses: actions/cache@v3
+        with:
+          path: '*/ql/src/.cache'
+          key: codeql-compile-main-${{ github.sha }} # just fill on main
       - name: Setup CodeQL
         uses: ./.github/actions/fetch-codeql
         with:

.github/workflows/swift.yml

@@ -51,12 +51,14 @@ jobs:
       - uses: actions/checkout@v3
       - uses: ./swift/actions/create-extractor-pack
       - uses: ./swift/actions/run-quick-tests
+      - uses: ./swift/actions/print-unextracted
   build-and-test-linux:
     runs-on: ubuntu-20.04
     steps:
       - uses: actions/checkout@v3
       - uses: ./swift/actions/create-extractor-pack
       - uses: ./swift/actions/run-quick-tests
+      - uses: ./swift/actions/print-unextracted
   qltests-linux:
     needs: build-and-test-linux
     runs-on: ubuntu-latest

cpp/ql/src/Likely Bugs/Format/TooManyFormatArguments.ql

@@ -13,11 +13,18 @@
 
 import cpp
 
-from FormatLiteral fl, FormattingFunctionCall ffc, int expected, int given
+from FormatLiteral fl, FormattingFunctionCall ffc, int expected, int given, string ffcName
 where
   ffc = fl.getUse() and
   expected = fl.getNumArgNeeded() and
   given = ffc.getNumFormatArgument() and
   expected < given and
-  fl.specsAreKnown()
-select ffc, "Format expects " + expected.toString() + " arguments but given " + given.toString()
+  fl.specsAreKnown() and
+  (
+    if ffc.isInMacroExpansion()
+    then ffcName = ffc.getTarget().getName() + " (in a macro expansion)"
+    else ffcName = ffc.getTarget().getName()
+  )
+select ffc,
+  "Format for " + ffcName + " expects " + expected.toString() + " arguments but given " +
+    given.toString()

cpp/ql/src/Likely Bugs/Format/WrongNumberOfFormatArguments.ql

@@ -16,11 +16,18 @@
 
 import cpp
 
-from FormatLiteral fl, FormattingFunctionCall ffc, int expected, int given
+from FormatLiteral fl, FormattingFunctionCall ffc, int expected, int given, string ffcName
 where
   ffc = fl.getUse() and
   expected = fl.getNumArgNeeded() and
   given = ffc.getNumFormatArgument() and
   expected > given and
-  fl.specsAreKnown()
-select ffc, "Format expects " + expected.toString() + " arguments but given " + given.toString()
+  fl.specsAreKnown() and
+  (
+    if ffc.isInMacroExpansion()
+    then ffcName = ffc.getTarget().getName() + " (in a macro expansion)"
+    else ffcName = ffc.getTarget().getName()
+  )
+select ffc,
+  "Format for " + ffcName + " expects " + expected.toString() + " arguments but given " +
+    given.toString()

cpp/ql/test/query-tests/Likely Bugs/Format/WrongNumberOfFormatArguments/TooManyFormatArguments.expected

@@ -1,14 +1,14 @@
-| a.c:18:3:18:25 | call to myMultiplyDefinedPrintf | Format expects 1 arguments but given 2 |
-| b.c:15:3:15:25 | call to myMultiplyDefinedPrintf | Format expects 1 arguments but given 2 |
-| c.c:7:3:7:25 | call to myMultiplyDefinedPrintf | Format expects 1 arguments but given 2 |
-| custom_printf.cpp:31:5:31:12 | call to myPrintf | Format expects 2 arguments but given 3 |
-| macros.cpp:12:2:12:31 | call to printf | Format expects 2 arguments but given 3 |
-| macros.cpp:16:2:16:30 | call to printf | Format expects 2 arguments but given 3 |
-| test.c:7:2:7:7 | call to printf | Format expects 0 arguments but given 1 |
-| test.c:21:2:21:7 | call to printf | Format expects 2 arguments but given 3 |
-| test.c:27:3:27:8 | call to printf | Format expects 2 arguments but given 3 |
-| test.c:31:3:31:8 | call to printf | Format expects 1 arguments but given 3 |
-| test.c:32:3:32:8 | call to printf | Format expects 1 arguments but given 2 |
-| test.c:39:3:39:8 | call to printf | Format expects 2 arguments but given 5 |
-| test.c:40:3:40:8 | call to printf | Format expects 2 arguments but given 4 |
-| test.c:41:3:41:8 | call to printf | Format expects 2 arguments but given 3 |
+| a.c:18:3:18:25 | call to myMultiplyDefinedPrintf | Format for myMultiplyDefinedPrintf expects 1 arguments but given 2 |
+| b.c:15:3:15:25 | call to myMultiplyDefinedPrintf | Format for myMultiplyDefinedPrintf expects 1 arguments but given 2 |
+| c.c:7:3:7:25 | call to myMultiplyDefinedPrintf | Format for myMultiplyDefinedPrintf expects 1 arguments but given 2 |
+| custom_printf.cpp:31:5:31:12 | call to myPrintf | Format for myPrintf expects 2 arguments but given 3 |
+| macros.cpp:12:2:12:31 | call to printf | Format for printf (in a macro expansion) expects 2 arguments but given 3 |
+| macros.cpp:16:2:16:30 | call to printf | Format for printf (in a macro expansion) expects 2 arguments but given 3 |
+| test.c:7:2:7:7 | call to printf | Format for printf expects 0 arguments but given 1 |
+| test.c:21:2:21:7 | call to printf | Format for printf expects 2 arguments but given 3 |
+| test.c:27:3:27:8 | call to printf | Format for printf expects 2 arguments but given 3 |
+| test.c:31:3:31:8 | call to printf | Format for printf expects 1 arguments but given 3 |
+| test.c:32:3:32:8 | call to printf | Format for printf expects 1 arguments but given 2 |
+| test.c:39:3:39:8 | call to printf | Format for printf expects 2 arguments but given 5 |
+| test.c:40:3:40:8 | call to printf | Format for printf expects 2 arguments but given 4 |
+| test.c:41:3:41:8 | call to printf | Format for printf expects 2 arguments but given 3 |

cpp/ql/test/query-tests/Likely Bugs/Format/WrongNumberOfFormatArguments/WrongNumberOfFormatArguments.expected

@@ -1,11 +1,12 @@
-| a.c:16:3:16:25 | call to myMultiplyDefinedPrintf | Format expects 1 arguments but given 0 |
-| b.c:13:3:13:25 | call to myMultiplyDefinedPrintf | Format expects 1 arguments but given 0 |
-| c.c:5:3:5:25 | call to myMultiplyDefinedPrintf | Format expects 1 arguments but given 0 |
-| custom_printf.cpp:29:5:29:12 | call to myPrintf | Format expects 2 arguments but given 1 |
-| macros.cpp:14:2:14:37 | call to printf | Format expects 4 arguments but given 3 |
-| macros.cpp:21:2:21:36 | call to printf | Format expects 4 arguments but given 3 |
-| test.c:9:2:9:7 | call to printf | Format expects 1 arguments but given 0 |
-| test.c:12:2:12:7 | call to printf | Format expects 2 arguments but given 1 |
-| test.c:15:2:15:7 | call to printf | Format expects 3 arguments but given 2 |
-| test.c:19:2:19:7 | call to printf | Format expects 2 arguments but given 1 |
-| test.c:29:3:29:8 | call to printf | Format expects 2 arguments but given 1 |
+| a.c:16:3:16:25 | call to myMultiplyDefinedPrintf | Format for myMultiplyDefinedPrintf expects 1 arguments but given 0 |
+| b.c:13:3:13:25 | call to myMultiplyDefinedPrintf | Format for myMultiplyDefinedPrintf expects 1 arguments but given 0 |
+| c.c:5:3:5:25 | call to myMultiplyDefinedPrintf | Format for myMultiplyDefinedPrintf expects 1 arguments but given 0 |
+| custom_printf.cpp:29:5:29:12 | call to myPrintf | Format for myPrintf expects 2 arguments but given 1 |
+| macros.cpp:14:2:14:37 | call to printf | Format for printf (in a macro expansion) expects 4 arguments but given 3 |
+| macros.cpp:21:2:21:36 | call to printf | Format for printf (in a macro expansion) expects 4 arguments but given 3 |
+| macros.cpp:32:2:32:25 | call to printf | Format for printf (in a macro expansion) expects 1 arguments but given 0 |
+| test.c:9:2:9:7 | call to printf | Format for printf expects 1 arguments but given 0 |
+| test.c:12:2:12:7 | call to printf | Format for printf expects 2 arguments but given 1 |
+| test.c:15:2:15:7 | call to printf | Format for printf expects 3 arguments but given 2 |
+| test.c:19:2:19:7 | call to printf | Format for printf expects 2 arguments but given 1 |
+| test.c:29:3:29:8 | call to printf | Format for printf expects 2 arguments but given 1 |

cpp/ql/test/query-tests/Likely Bugs/Format/WrongNumberOfFormatArguments/macros.cpp

@@ -13,10 +13,21 @@ void testMacros(int a, int b, int c)
 	GOODPRINTF("%i %i %i\n", a, b, c); // GOOD
 	GOODPRINTF("%i %i %i %i\n", a, b, c); // BAD: too few format arguments
 
-	BADPRINTF("%i %i\n", a, b, 0); // BAD: too many format arguments
+	BADPRINTF("%i %i\n", a, b, 0); // DUBIOUS: too many format arguments
 		// ^ here there are too many format arguments, but the design of the Macro forces the user
 		//   to do this, and the extra argument is harmlessly ignored in practice.  Reporting these
 		//   results can be extremely noisy (e.g. in openldap).
 	BADPRINTF("%i %i %i\n", a, b, c); // GOOD
 	BADPRINTF("%i %i %i %i\n", a, b, c); // BAD: too few format arguments
 }
+
+#define DOTHING(x) \
+	printf("doing thing: " #x); x
+
+void testMacros2()
+{
+	int x;
+
+	DOTHING(x++); // GOOD
+	DOTHING(printf("%i", x)); // BAD: the printf inside the macro has too few format arguments
+}

java/ql/lib/semmle/code/java/security/Encryption.qll

@@ -88,6 +88,22 @@ class KeyPairGenerator extends RefType {
   KeyPairGenerator() { this.hasQualifiedName("java.security", "KeyPairGenerator") }
 }
 
+/** The `init` method declared in `javax.crypto.KeyGenerator`. */
+class KeyGeneratorInitMethod extends Method {
+  KeyGeneratorInitMethod() {
+    this.getDeclaringType() instanceof KeyGenerator and
+    this.hasName("init")
+  }
+}
+
+/** The `initialize` method declared in `java.security.KeyPairGenerator`. */
+class KeyPairGeneratorInitMethod extends Method {
+  KeyPairGeneratorInitMethod() {
+    this.getDeclaringType() instanceof KeyPairGenerator and
+    this.hasName("initialize")
+  }
+}
+
 /** The `verify` method of the class `javax.net.ssl.HostnameVerifier`. */
 class HostnameVerifierVerify extends Method {
   HostnameVerifierVerify() {
@@ -367,8 +383,8 @@ class JavaSecuritySignature extends JavaSecurityAlgoSpec {
   override Expr getAlgoSpec() { result = this.(ConstructorCall).getArgument(0) }
 }
 
-/** A method call to the Java class `java.security.KeyPairGenerator`. */
-class JavaSecurityKeyPairGenerator extends JavaxCryptoAlgoSpec {
+/** A call to the `getInstance` method declared in `java.security.KeyPairGenerator`. */
+class JavaSecurityKeyPairGenerator extends JavaSecurityAlgoSpec {
   JavaSecurityKeyPairGenerator() {
     exists(Method m | m.getAReference() = this |
       m.getDeclaringType() instanceof KeyPairGenerator and
@@ -378,3 +394,53 @@ class JavaSecurityKeyPairGenerator extends JavaxCryptoAlgoSpec {
 
   override Expr getAlgoSpec() { result = this.(MethodAccess).getArgument(0) }
 }
+
+/** The Java class `java.security.AlgorithmParameterGenerator`. */
+class AlgorithmParameterGenerator extends RefType {
+  AlgorithmParameterGenerator() {
+    this.hasQualifiedName("java.security", "AlgorithmParameterGenerator")
+  }
+}
+
+/** The `init` method declared in `java.security.AlgorithmParameterGenerator`. */
+class AlgoParamGeneratorInitMethod extends Method {
+  AlgoParamGeneratorInitMethod() {
+    this.getDeclaringType() instanceof AlgorithmParameterGenerator and
+    this.hasName("init")
+  }
+}
+
+/** A call to the `getInstance` method declared in `java.security.AlgorithmParameterGenerator`. */
+class JavaSecurityAlgoParamGenerator extends JavaSecurityAlgoSpec {
+  JavaSecurityAlgoParamGenerator() {
+    exists(Method m | m.getAReference() = this |
+      m.getDeclaringType() instanceof AlgorithmParameterGenerator and
+      m.getName() = "getInstance"
+    )
+  }
+
+  override Expr getAlgoSpec() { result = this.(MethodAccess).getArgument(0) }
+}
+
+/** An implementation of the `java.security.spec.AlgorithmParameterSpec` interface. */
+abstract class AlgorithmParameterSpec extends RefType { }
+
+/** The Java class `java.security.spec.ECGenParameterSpec`. */
+class EcGenParameterSpec extends AlgorithmParameterSpec {
+  EcGenParameterSpec() { this.hasQualifiedName("java.security.spec", "ECGenParameterSpec") }
+}
+
+/** The Java class `java.security.spec.RSAKeyGenParameterSpec`. */
+class RsaKeyGenParameterSpec extends AlgorithmParameterSpec {
+  RsaKeyGenParameterSpec() { this.hasQualifiedName("java.security.spec", "RSAKeyGenParameterSpec") }
+}
+
+/** The Java class `java.security.spec.DSAGenParameterSpec`. */
+class DsaGenParameterSpec extends AlgorithmParameterSpec {
+  DsaGenParameterSpec() { this.hasQualifiedName("java.security.spec", "DSAGenParameterSpec") }
+}
+
+/** The Java class `javax.crypto.spec.DHGenParameterSpec`. */
+class DhGenParameterSpec extends AlgorithmParameterSpec {
+  DhGenParameterSpec() { this.hasQualifiedName("javax.crypto.spec", "DHGenParameterSpec") }
+}