Merge remote-tracking branch 'upstream/main' into references

Author: geoffw0

csharp/codeql-extractor.yml

@@ -4,6 +4,10 @@ version: 1.22.1
 column_kind: "utf16"
 extra_env_vars:
   DOTNET_GENERATE_ASPNET_CERTIFICATE: "false"
+github_api_languages:
+  - C#
+scc_languages:
+  - C#
 file_types:
   - name: cs
     display_name: C# sources

go/Makefile

@@ -1,4 +1,4 @@
-all: extractor ql/lib/go.dbscheme install-deps
+all: extractor ql/lib/go.dbscheme
 
 ifeq ($(OS),Windows_NT)
 EXE = .exe
@@ -36,9 +36,6 @@ autoformat:
 check-formatting:
 	test -z "$$(find . -path '**/vendor' -prune -or -type f -iname '*.go' ! -empty -print0 | xargs -0 grep -L "//\s*autoformat-ignore" | xargs gofmt -l)"
 
-install-deps:
-	bash scripts/install-deps.sh $(CODEQL_LOCK_MODE)
-
 ifeq ($(QHELP_OUT_DIR),)
 # If not otherwise specified, compile qhelp to markdown in place
 QHELP_OUT_DIR := ql/src
@@ -75,7 +72,7 @@ tools-win64: $(addsuffix .exe,$(addprefix tools/win64/,$(BINARIES)))
 $(addsuffix .exe,$(addprefix tools/win64/,$(BINARIES))):
 	env GOOS=windows GOARCH=amd64 go build -mod=vendor -o $@ ./extractor/cli/$(basename $(@F))
 
-.PHONY: extractor-common extractor extractor-full install-deps
+.PHONY: extractor-common extractor extractor-full
 extractor-common: codeql-extractor.yml LICENSE ql/lib/go.dbscheme \
 	tools/tokenizer.jar $(CODEQL_TOOLS)
 	rm -rf $(EXTRACTOR_PACK_OUT)

go/README.md

@@ -9,17 +9,6 @@ It contains two major components:
   - static analysis libraries and queries written in [CodeQL](https://codeql.github.com/docs/) that can be
     used to analyze such a database to find coding mistakes or security vulnerabilities.
 
-## Installation
-
-Clone this repository.
-
-Run `scripts/install-deps.sh`. This will ensure that the necessary external CodeQL packs are
-downloaded to your machine. You will need to re-run this script whenever you pull new commits from
-the repo.
-
-If you want to use the CodeQL extension for Visual Studio Code, import this repository into your VS
-Code workspace.
-
 ## Usage
 
 To analyze a Go codebase, either use the [CodeQL command-line

go/codeql-extractor.yml

@@ -6,6 +6,10 @@ pull_request_triggers:
   - "**/glide.yaml"
   - "**/Gopkg.toml"
 column_kind: "utf8"
+github_api_languages:
+  - Go
+scc_languages:
+  - Go
 file_types:
   - name: go
     display_name: Go

go/ql/lib/change-notes/2022-12-16-implicit-read-flowstates.md renamed to go/ql/lib/change-notes/2022-11-16-implicit-read-flowstates.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The predicate `getNumParameter` on `FuncTypeExpr` has been changed to actually give the number of parameters. It previously gave the number of parameter declarations. `getNumParameterDecl` has been introduced to preserve this functionality.

go/ql/lib/change-notes/2022-12-15-getnumparameter-changed.md

@@ -194,24 +194,27 @@ class DeclParent extends @declparent, AstNode {
 }
 
 /**
- * An AST node whose children include fields.
+ * An AST node whose children include field declarations.
+ *
+ * A field declaration can be in a struct, a function (for parameter or result
+ * variables), or an interface (in which case it is a method or embedding spec).
  */
 class FieldParent extends @fieldparent, AstNode {
   /**
-   * Gets the `i`th field of this node.
+   * Gets the `i`th field declaration of this node.
    *
-   * Note that the precise indices of fields are considered an implementation detail
-   * and are subject to change without notice.
+   * Note that the precise indices of field declarations are considered an
+   * implementation detail and are subject to change without notice.
    */
   FieldBase getField(int i) { fields(result, this, i) }
 
   /**
-   * Gets a child field of this node in the AST.
+   * Gets a child field declaration of this node in the AST.
    */
   FieldBase getAField() { result = this.getField(_) }
 
   /**
-   * Gets the number of child fields of this node.
+   * Gets the number of child field declarations of this node.
    */
   int getNumFields() { result = count(this.getAField()) }
 }

go/ql/lib/semmle/go/AST.qll

@@ -416,8 +416,35 @@ class AliasSpec extends @aliasspec, TypeSpec { }
 class TypeDefSpec extends @typedefspec, TypeSpec { }
 
 /**
- * A field declaration, of a struct, a function (in which case this is a parameter or result variable),
- * or an interface (in which case this is a method or embedding spec).
+ * A field declaration, in a struct, a function (for parameter or result
+ * variables), or an interface (in which case this is a method or embedding
+ * spec).
+ *
+ * Examples:
+ *
+ * ```go
+ * Name string `json:"name"`
+ * s string
+ * x, y int
+ * p *Point
+ * Close() error
+ * io.Reader
+ * ~int | float32
+ * ```
+ * as in the following code:
+ * ```go
+ * struct {
+ *   io.Reader
+ *   Name string `json:"name"`
+ *   x, y int
+ * }
+ * func (p *Point) f(s string) (x, y int) { }
+ * type MyInterface interface {
+ *   Close() error
+ *   io.Reader
+ *   ~int32 | float32
+ * }
+ * ```
  */
 class FieldBase extends @field, ExprParent {
   /**
@@ -433,6 +460,22 @@ class FieldBase extends @field, ExprParent {
 
 /**
  * A field declaration in a struct type.
+ *
+ * Examples:
+ *
+ * ```go
+ * Name string `json:"name"`
+ * x, y int
+ * ```
+ *
+ * as in the following code:
+ *
+ * ```go
+ * struct {
+ *   Name string `json:"name"`
+ *   x, y int
+ * }
+ * ```
  */
 class FieldDecl extends FieldBase, Documentable, ExprParent {
   StructTypeExpr st;
@@ -464,6 +507,20 @@ class FieldDecl extends FieldBase, Documentable, ExprParent {
 
 /**
  * An embedded field declaration in a struct.
+ *
+ * Examples:
+ *
+ * ```go
+ * io.Reader
+ * ```
+ *
+ * as in the following code:
+ *
+ * ```go
+ * struct {
+ *   io.Reader
+ * }
+ * ```
  */
 class EmbeddedFieldDecl extends FieldDecl {
   EmbeddedFieldDecl() { not exists(this.getNameExpr(_)) }
@@ -473,6 +530,20 @@ class EmbeddedFieldDecl extends FieldDecl {
 
 /**
  * A function parameter or result variable declaration.
+ *
+ * Examples:
+ *
+ * ```go
+ * s string
+ * x, y int
+ * ```
+ *
+ * as in the following code:
+ *
+ * ```go
+ * func f(s string, x, y int) { }
+ * func g() (s string, x, y int){ return }
+ * ```
  */
 class ParameterOrResultDecl extends FieldBase, Documentable, ExprParent {
   int rawIndex;
@@ -507,6 +578,19 @@ class ParameterOrResultDecl extends FieldBase, Documentable, ExprParent {
 
 /**
  * A parameter declaration.
+ *
+ * Examples:
+ *
+ * ```go
+ * s string
+ * x, y int
+ * ```
+ *
+ * as in the following code:
+ *
+ * ```go
+ * func f(s string, x, y int) { }
+ * ```
  */
 class ParameterDecl extends ParameterOrResultDecl {
   ParameterDecl() { rawIndex >= 0 }
@@ -524,6 +608,20 @@ class ParameterDecl extends ParameterOrResultDecl {
 
 /**
  * A receiver declaration in a function declaration.
+ *
+ * Examples:
+ *
+ * ```go
+ * p *Point
+ * r io.Reader
+ * ```
+ *
+ * as in the following code:
+ *
+ * ```go
+ * func (p *Point) f() { }
+ * func (r io.Reader) g() { }
+ * ```
  */
 class ReceiverDecl extends FieldBase, Documentable, ExprParent {
   FuncDecl fd;
@@ -547,6 +645,22 @@ class ReceiverDecl extends FieldBase, Documentable, ExprParent {
 
 /**
  * A result variable declaration.
+ *
+ * Examples:
+ *
+ * ```go
+ * error
+ * r io.Reader
+ * x, y int
+ * ```
+ *
+ * as in the following code:
+ *
+ * ```go
+ * func f(error) { return nil }
+ * func g(r io.Reader) { return nil }
+ * func h(x, y int) { return }
+ * ```
  */
 class ResultVariableDecl extends ParameterOrResultDecl {
   ResultVariableDecl() { rawIndex < 0 }
@@ -564,6 +678,22 @@ class ResultVariableDecl extends ParameterOrResultDecl {
 
 /**
  * A type parameter declaration in a type specification.
+ *
+ * Examples:
+ *
+ * ```go
+ * S, T comparable
+ * U any
+ * K ~int32 | float32
+ * _ any
+ * ```
+ *
+ * as in the following code:
+ *
+ * ```go
+ * type GenericStruct[S, T comparable, U any, K ~int32 | float32, _ any] struct { }
+ * func GenericFunction[S, T comparable, U any, K ~int32 | float32, _ any]() {}
+ * ```
  */
 class TypeParamDecl extends @typeparamdecl, Documentable, ExprParent {
   TypeParamDecl() { typeparamdecls(this, _, _) }
@@ -615,6 +745,24 @@ class TypeParamDecl extends @typeparamdecl, Documentable, ExprParent {
 
 /**
  * A method or embedding specification in an interface type expression.
+ *
+ * Examples:
+ *
+ * ```go
+ * Close() error
+ * io.Reader
+ * ~int32 | float32
+ * ```
+ *
+ * as in the following code:
+ *
+ * ```go
+ * type MyInterface interface {
+ *   Close() error
+ *   io.Reader
+ *   ~int32 | float32
+ * }
+ * ```
  */
 class InterfaceMemberSpec extends FieldBase, Documentable, ExprParent {
   InterfaceTypeExpr ite;
@@ -636,6 +784,20 @@ class InterfaceMemberSpec extends FieldBase, Documentable, ExprParent {
 
 /**
  * A method specification in an interface.
+ *
+ * Examples:
+ *
+ * ```go
+ * Close() error
+ * ```
+ *
+ * as in the following code:
+ *
+ * ```go
+ * type MyInterface interface {
+ *   Close() error
+ * }
+ * ```
  */
 class MethodSpec extends InterfaceMemberSpec {
   Expr name;
@@ -654,6 +816,22 @@ class MethodSpec extends InterfaceMemberSpec {
 
 /**
  * An embedding specification in an interface.
+ *
+ * Examples:
+ *
+ * ```go
+ * io.Reader
+ * ~int32 | float32
+ * ```
+ *
+ * as in the following code:
+ *
+ * ```go
+ * type MyInterface interface {
+ *   io.Reader
+ *   ~int32 | float32
+ * }
+ * ```
  */
 class EmbeddingSpec extends InterfaceMemberSpec {
   EmbeddingSpec() { not exists(this.getChildExpr(1)) }