Merge branch 'main' into redsun82/rust-tweaks

Author: Paolo Tranquilli

csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll

@@ -731,11 +731,9 @@ module LocalFlow {
     or
     node2 = node1.(LocalFunctionCreationNode).getAnAccess(true)
     or
-    node1 =
-      unique(FlowSummaryNode n1 |
-        FlowSummaryImpl::Private::Steps::summaryLocalStep(n1.getSummaryNode(),
-          node2.(FlowSummaryNode).getSummaryNode(), true, _)
-      )
+    FlowSummaryImpl::Private::Steps::summaryLocalMustFlowStep(node1
+          .(FlowSummaryNode)
+          .getSummaryNode(), node2.(FlowSummaryNode).getSummaryNode())
   }
 }
 

csharp/ql/src/Likely Bugs/ThreadUnsafeICryptoTransform.ql

@@ -52,6 +52,7 @@ class ICryptoTransform extends ValueOrRefType {
 }
 
 from UnsafeField field
+where field.fromSource()
 select field,
   "Static field '" + field.getName() +
     "' contains a 'System.Security.Cryptography.ICryptoTransform' that could be used in an unsafe way."

csharp/ql/src/Telemetry/DatabaseQuality.qll

@@ -68,24 +68,36 @@ module CallTargetStats implements StatsSig {
     )
   }
 
-  private predicate isInitializedWithCollectionInitializer(PropertyCall c) {
+  private predicate isInitializedWithObjectOrCollectionInitializer(PropertyCall c) {
     exists(Property p, AssignExpr assign |
       p = c.getProperty() and
       assign = c.getParent() and
       assign.getLValue() = c and
-      assign.getRValue() instanceof CollectionInitializer
+      assign.getRValue() instanceof ObjectOrCollectionInitializer
     )
   }
 
+  private predicate isEventFieldAccess(EventCall c) {
+    exists(Event e | c.getEvent() = e |
+      forall(Accessor a | e.getAnAccessor() = a | a.isCompilerGenerated())
+    )
+  }
+
+  private predicate isTypeParameterInstantiation(ObjectCreation e) {
+    e.getType() instanceof TypeParameter
+  }
+
   additional predicate isNotOkCall(Call c) {
     not exists(c.getTarget()) and
     not c instanceof DelegateCall and
     not c instanceof DynamicExpr and
     not isNoSetterPropertyCallInConstructor(c) and
     not isNoSetterPropertyInitialization(c) and
     not isAnonymousObjectMemberDeclaration(c) and
-    not isInitializedWithCollectionInitializer(c) and
-    not c.getParent+() instanceof NameOfExpr
+    not isInitializedWithObjectOrCollectionInitializer(c) and
+    not c.getParent+() instanceof NameOfExpr and
+    not isEventFieldAccess(c) and
+    not isTypeParameterInstantiation(c)
   }
 
   int getNumberOfNotOk() { result = count(Call c | isNotOkCall(c)) }

csharp/ql/test/query-tests/Telemetry/DatabaseQuality/IsNotOkayCall.expected

@@ -0,0 +1,4 @@
+| Quality.cs:26:19:26:26 | access to indexer | Call without target $@. | Quality.cs:26:19:26:26 | access to indexer | access to indexer |
+| Quality.cs:29:21:29:27 | access to indexer | Call without target $@. | Quality.cs:29:21:29:27 | access to indexer | access to indexer |
+| Quality.cs:32:9:32:21 | access to indexer | Call without target $@. | Quality.cs:32:9:32:21 | access to indexer | access to indexer |
+| Quality.cs:34:21:34:25 | object creation of type null | Call without target $@. | Quality.cs:34:21:34:25 | object creation of type null | object creation of type null |

csharp/ql/test/query-tests/Telemetry/DatabaseQuality/NoTarget.expected

@@ -4,4 +4,12 @@
 | Quality.cs:15:24:15:34 | access to property MyProperty3 | Call without target $@. | Quality.cs:15:24:15:34 | access to property MyProperty3 | access to property MyProperty3 |
 | Quality.cs:15:24:15:46 | access to property MyProperty2 | Call without target $@. | Quality.cs:15:24:15:46 | access to property MyProperty2 | access to property MyProperty2 |
 | Quality.cs:19:13:19:23 | access to property MyProperty4 | Call without target $@. | Quality.cs:19:13:19:23 | access to property MyProperty4 | access to property MyProperty4 |
-| Quality.cs:24:16:24:26 | access to property MyProperty2 | Call without target $@. | Quality.cs:24:16:24:26 | access to property MyProperty2 | access to property MyProperty2 |
+| Quality.cs:20:13:20:23 | access to property MyProperty6 | Call without target $@. | Quality.cs:20:13:20:23 | access to property MyProperty6 | access to property MyProperty6 |
+| Quality.cs:23:9:23:14 | access to event Event1 | Call without target $@. | Quality.cs:23:9:23:14 | access to event Event1 | access to event Event1 |
+| Quality.cs:23:9:23:30 | delegate call | Call without target $@. | Quality.cs:23:9:23:30 | delegate call | delegate call |
+| Quality.cs:26:19:26:26 | access to indexer | Call without target $@. | Quality.cs:26:19:26:26 | access to indexer | access to indexer |
+| Quality.cs:29:21:29:27 | access to indexer | Call without target $@. | Quality.cs:29:21:29:27 | access to indexer | access to indexer |
+| Quality.cs:32:9:32:21 | access to indexer | Call without target $@. | Quality.cs:32:9:32:21 | access to indexer | access to indexer |
+| Quality.cs:34:21:34:25 | object creation of type null | Call without target $@. | Quality.cs:34:21:34:25 | object creation of type null | object creation of type null |
+| Quality.cs:38:16:38:26 | access to property MyProperty2 | Call without target $@. | Quality.cs:38:16:38:26 | access to property MyProperty2 | access to property MyProperty2 |
+| Quality.cs:50:20:50:26 | object creation of type T | Call without target $@. | Quality.cs:50:20:50:26 | object creation of type T | object creation of type T |

csharp/ql/test/query-tests/Telemetry/DatabaseQuality/Quality.cs

@@ -16,13 +16,43 @@ public Test()
 
         new Test()
         {
-            MyProperty4 = { 1, 2, 3 }
+            MyProperty4 = { 1, 2, 3 },
+            MyProperty6 = { [1] = "" }
         };
+
+        Event1.Invoke(this, 5);
+
+        var str = "abcd";
+        var sub = str[..3];         // TODO: this is not an indexer call, but rather a `str.Substring(0, 3)` call.
+
+        Span<int> sp = null;
+        var slice = sp[..3];        // TODO: this is not an indexer call, but rather a `sp.Slice(0, 3)` call.
+
+        Span<byte> guidBytes = stackalloc byte[16];
+        guidBytes[08] = 1;          // TODO: this indexer call has no target, because the target is a `ref` returning getter.
+
+        new MyList([new(), new Test()]);        // TODO: the `new()` call has no target, which is unexpected, as we know at compile time, that this is a `new Test()` call.
     }
 
     public int MyProperty1 { get; }
     public int MyProperty2 { get; } = 42;
     public Test MyProperty3 { get; set; }
     public List<int> MyProperty4 { get; }
     static int MyProperty5 { get; }
+    public Dictionary<int, string> MyProperty6 { get; }
+
+    public event EventHandler<int> Event1;
+
+    class Gen<T> where T : new()
+    {
+        public static T Factory()
+        {
+            return new T();
+        }
+    }
+
+    class MyList
+    {
+        public MyList(IEnumerable<Test> init) { }
+    }
 }

go/ql/lib/change-notes/2024-11-17-fix-missing-promoted-fields-and-methods-name-clash.md

@@ -0,0 +1,4 @@
+---
+category: fix
+---
+* Fixed a bug which meant that promoted fields and methods were missing when the embedded parent was not promoted due to a name clash.

go/ql/lib/semmle/go/Types.qll

@@ -496,14 +496,15 @@ class StructType extends @structtype, CompositeType {
   Field getFieldOfEmbedded(Field embeddedParent, string name, int depth, boolean isEmbedded) {
     // embeddedParent is a field of 'this' at depth 'depth - 1'
     this.hasFieldCand(_, embeddedParent, depth - 1, true) and
-    // embeddedParent's type has the result field
-    exists(StructType embeddedType, Type fieldType |
-      fieldType = embeddedParent.getType().getUnderlyingType() and
-      pragma[only_bind_into](embeddedType) =
-        [fieldType, fieldType.(PointerType).getBaseType().getUnderlyingType()]
-    |
-      result = embeddedType.getOwnField(name, isEmbedded)
-    )
+    // embeddedParent's type has the result field. Note that it is invalid Go
+    // to have an embedded field with a named type whose underlying type is a
+    // pointer, so we don't have to have
+    // `lookThroughPointerType(embeddedParent.getType().getUnderlyingType())`.
+    result =
+      lookThroughPointerType(embeddedParent.getType())
+          .getUnderlyingType()
+          .(StructType)
+          .getOwnField(name, isEmbedded)
   }
 
   /**
@@ -523,8 +524,12 @@ class StructType extends @structtype, CompositeType {
   private predicate hasFieldCand(string name, Field f, int depth, boolean isEmbedded) {
     f = this.getOwnField(name, isEmbedded) and depth = 0
     or
-    not this.hasOwnField(_, name, _, _) and
-    f = this.getFieldOfEmbedded(_, name, depth, isEmbedded)
+    f = this.getFieldOfEmbedded(_, name, depth, isEmbedded) and
+    // If this is a cyclic field and this is not the first time we see this embedded field
+    // then don't include it as a field candidate to avoid non-termination.
+    not exists(Type t | lookThroughPointerType(t) = lookThroughPointerType(f.getType()) |
+      this.hasOwnField(_, name, t, _)
+    )
   }
 
   private predicate hasMethodCand(string name, Method m, int depth) {
@@ -541,15 +546,7 @@ class StructType extends @structtype, CompositeType {
   predicate hasField(string name, Type tp) {
     exists(int mindepth |
       mindepth = min(int depth | this.hasFieldCand(name, _, depth, _)) and
-      tp = unique(Field f | f = this.getFieldCand(name, mindepth, _)).getType()
-    )
-  }
-
-  private Field getFieldCand(string name, int depth, boolean isEmbedded) {
-    result = this.getOwnField(name, isEmbedded) and depth = 0
-    or
-    exists(Type embedded | this.hasEmbeddedField(embedded, depth - 1) |
-      result = embedded.getUnderlyingType().(StructType).getOwnField(name, isEmbedded)
+      tp = unique(Field f | this.hasFieldCand(name, f, mindepth, _)).getType()
     )
   }
 
@@ -564,9 +561,9 @@ class StructType extends @structtype, CompositeType {
    * The depth of a field `f` declared in this type is zero.
    */
   Field getFieldAtDepth(string name, int depth) {
-    depth = min(int depthCand | exists(this.getFieldCand(name, depthCand, _))) and
-    result = this.getFieldCand(name, depth, _) and
-    strictcount(this.getFieldCand(name, depth, _)) = 1
+    depth = min(int depthCand | this.hasFieldCand(name, _, depthCand, _)) and
+    this.hasFieldCand(name, result, depth, _) and
+    strictcount(Field f | this.hasFieldCand(name, f, depth, _)) = 1
   }
 
   Method getMethodAtDepth(string name, int depth) {

go/ql/test/library-tests/semmle/go/Types/Field_getPackage.expected

@@ -13,8 +13,8 @@
 | depth.go:19:2:19:2 | f | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types |
 | embedded.go:4:2:4:2 | A | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types |
 | embedded.go:8:3:8:5 | Baz | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types |
-| embedded.go:13:2:13:4 | Qux | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types |
-| embedded.go:14:2:14:4 | Baz | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types |
+| embedded.go:12:2:12:4 | Qux | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types |
+| embedded.go:13:2:13:4 | Baz | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types |
 | generic.go:4:2:4:11 | valueField | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types |
 | generic.go:5:2:5:13 | pointerField | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types |
 | generic.go:6:2:6:11 | arrayField | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types |
@@ -26,6 +26,7 @@
 | generic.go:21:2:21:9 | mapField | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types |
 | generic.go:25:2:25:12 | structField | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types |
 | generic.go:29:2:29:13 | pointerField | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types |
+| main.go:18:7:18:15 | NameClash | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types |
 | pkg1/embedding.go:19:23:19:26 | base | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1 |
 | pkg1/embedding.go:22:27:22:30 | base | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1 |
 | pkg1/embedding.go:25:24:25:31 | embedder | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1 |
@@ -36,20 +37,22 @@
 | pkg1/promotedStructs.go:14:2:14:7 | PField | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1 |
 | pkg1/promotedStructs.go:22:22:22:22 | S | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1 |
 | pkg1/promotedStructs.go:25:22:25:22 | P | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1 |
-| pkg1/tst.go:4:2:4:2 | f | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1 |
-| pkg1/tst.go:5:2:5:4 | Foo | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1 |
-| pkg1/tst.go:6:2:6:4 | Bar | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1 |
-| pkg1/tst.go:10:2:10:4 | Foo | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1 |
-| pkg1/tst.go:11:2:11:4 | Bar | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1 |
-| pkg1/tst.go:15:3:15:5 | Foo | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1 |
-| pkg1/tst.go:16:3:16:5 | Bar | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1 |
-| pkg1/tst.go:20:3:20:5 | Foo | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1 |
-| pkg1/tst.go:21:2:21:4 | Bar | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1 |
-| pkg1/tst.go:25:2:25:4 | val | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1 |
-| pkg1/tst.go:26:2:26:5 | flag | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1 |
-| pkg1/tst.go:30:2:30:5 | flag | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1 |
+| pkg1/tst.go:6:2:6:2 | f | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1 |
+| pkg1/tst.go:7:2:7:4 | Foo | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1 |
+| pkg1/tst.go:8:2:8:4 | Bar | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1 |
+| pkg1/tst.go:12:2:12:4 | Foo | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1 |
+| pkg1/tst.go:13:2:13:4 | Bar | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1 |
+| pkg1/tst.go:17:3:17:5 | Foo | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1 |
+| pkg1/tst.go:18:3:18:5 | Bar | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1 |
+| pkg1/tst.go:22:3:22:5 | Foo | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1 |
+| pkg1/tst.go:23:2:23:4 | Bar | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1 |
+| pkg1/tst.go:27:2:27:4 | val | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1 |
+| pkg1/tst.go:28:2:28:5 | flag | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1 |
+| pkg1/tst.go:32:2:32:5 | flag | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1 |
+| pkg1/tst.go:62:7:62:15 | NameClash | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1 |
 | pkg2/tst.go:4:2:4:2 | g | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg2 |
 | pkg2/tst.go:8:2:8:2 | g | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg2 |
+| pkg2/tst.go:17:2:17:8 | NCField | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg2 |
 | struct_tags.go:4:2:4:7 | field1 | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types |
 | struct_tags.go:5:2:5:7 | field2 | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types |
 | struct_tags.go:9:2:9:7 | field1 | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types |