-
Notifications
You must be signed in to change notification settings - Fork 2k
Add 'View DFG' queries #21356
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Closed
Closed
Add 'View DFG' queries #21356
Changes from 7 commits
Commits
Show all changes
85 commits
Select commit
Hold shift + click to select a range
9a048c9
Prepare to share PrintGraph.qll with DFG viewer
asgerf dc2c8f3
Update PrintCfg queries to use new interface
asgerf 2017f84
Add getOrderDisambiguation to signature and use it
asgerf 71f4436
Move PrintGraph to codeql.util
asgerf aa587c0
Refactor 'getASuccessor' to edges/3
asgerf 61ae276
Add PrintDfg.qll
asgerf c236ace
Add 'View DFG' queries for JS, Java, Ruby, C#, Rust
asgerf 2698b44
C++: Add simple range analysis test with repeated if-else statements
paldepind 09fb85d
C++: Include the actual number of lower/upper bounds for added contex…
paldepind 0521eb4
C++: Divide nr of bounds between branches for phi nodes
paldepind 0050ed6
C++: Improve clarity in comment
paldepind dfe4486
C++: Fix typo
paldepind d2ffb00
C++: Add more tests for modified years with and without leap year che…
bdrodes e6c5266
C++: Refactor leap year logic for UncheckedLeapYearAfterYearModificat…
bdrodes 9b2161b
C++. Accept test changes. One false positive introduced, and one fals…
bdrodes 84aaafd
C++: Correct false positive. Only TimeConversionFunction that do not …
bdrodes 24c1a61
C++: Accept test changes.
bdrodes cfd00a6
C++: Add missing DateTime models for PTIME_FIELDS and TIME_FIELDS
bdrodes 59e8c3b
C++: Accept test changes (removing false negative)
bdrodes 04426ae
C++: Add change note.
bdrodes 6d1f5c8
C++: Addressing Copilot PR suggestions.
bdrodes b6a4b1b
C++: Change log missing .md extension.
bdrodes 2311d2a
C++: Updating comment per PR reveiw suggestions.
bdrodes 7dcd0a4
C++: misc comment clean up per PR suggestions. Unified additional flo…
bdrodes 38d67c6
Update cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearMod…
bdrodes 2fce632
Update cpp/ql/lib/change-notes/2026-02-06-UncheckedLeapYearAfterModif…
bdrodes 9efa4d9
C++ Suggested code clean up.
bdrodes 9c9c157
Update cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearMod…
bdrodes b8d8611
Update cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearMod…
bdrodes 35b4b75
Apply suggestion from @geoffw0
bdrodes 3b17084
Apply suggestion from @geoffw0
bdrodes 0839f43
Apply suggestion from @geoffw0
bdrodes f846daf
C++: Removing unnecessary post update node.
bdrodes ddb116e
Update cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearMod…
bdrodes ca433e0
Update cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearMod…
bdrodes cb16d0b
Apply suggestion from @geoffw0
bdrodes 6748a1f
Update cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearMod…
bdrodes 7f1d04b
Update cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearMod…
bdrodes 49c2e09
Apply suggestion from @bdrodes
bdrodes cab1081
Address more non-ascii characters.
geoffw0 1cb3b62
C++: Fixing FP in unit tests.
bdrodes 0f3bd28
chore: upgrade Bazel to 9.0.0
redsun82 2b4afa3
feat: add rules_cc and rules_java module dependencies
redsun82 46d76f4
feat: add Python 3.12 toolchain registration
redsun82 f4b9021
feat: add rules_cc to autoload configuration
redsun82 dd6da08
refactor: migrate Starlark files to explicit rules_cc imports
redsun82 8bf9f23
refactor: migrate BUILD files to explicit rules_cc imports
redsun82 05490b9
refactor: migrate BUILD files to explicit rules_java imports
redsun82 29b0616
refactor: migrate C++ runfiles API from bazel_tools to rules_cc
redsun82 06a077b
fix: disable Android SDK auto-detection for Bazel 9 compatibility
redsun82 d4ed4f5
fix: upgrade rules_kotlin to 2.2.2 for Windows compatibility
redsun82 c584895
fix: sort use_repo alphabetically in rules_kotlin MODULE.bazel
redsun82 782c05f
address review
redsun82 5bd670c
Python: Add overlay annotations to AST classes
tausbn 7aea5b6
Python: Fix broken queries
tausbn d108ce8
Python: Simple dataflow annotations
tausbn 474535b
Python: `LocalSources.qll` annotations
tausbn c7f4787
Python: `DataFlowPublic.qll` annotations
tausbn d76b786
Python: `DataFlowPrivate.qll` annotations
tausbn 972b637
Python: `DataFlowDispatch.qll` annotations
tausbn 24e134a
Python: Fix `frameworks/data/warnings.ql`
tausbn 876fe05
Python: Add more `overlay[caller]` to `Flow.qll`
tausbn b9e8e5a
Python: Fix bad join in `OutgoingRequestCall`
tausbn 2d6dec9
Python: Fix bad join in `missing_imported_module`
tausbn 47c77ef
Python: Fix bad join in `returnStep`
tausbn 16de6a7
Python: Add change note
tausbn d43969a
Accept MaD sanitizers for queries with MaD sinks
owen-mc e6fe4bf
Change how sql-injection barriers are accepted
owen-mc 6341535
Improve Mysql2 test
owen-mc 3e83a53
Move Mysql2 flow model to MaD and remove ql sanitizer
owen-mc 0200e12
Reinstate Mysql2 sanitizer in MaD
owen-mc 01a9b61
Improve Sqlite3 test
owen-mc d7c8b9a
Move SQLite3 flow model to MaD and remove ql sanitizer
owen-mc b4ec560
Reinstate SQLite3 sanitizer in MaD
owen-mc fb21533
Remove Shellwords sanitizer in ql
owen-mc 5b3737e
Model flow through Shellwords escape and shellescape
owen-mc 23ac9fc
Add MaD barriers for Shellwords.escape and shellescape
owen-mc f4cacc3
Reinstate ql model for `String#shellescape`
owen-mc 36848cf
Add change note
owen-mc 1ee2534
Update other test in same folder
owen-mc 8925535
Update taintstep test for models becoming MaD
owen-mc 03e4dfd
Use postprocessing queries for unrelated test
owen-mc b01efe1
C++: Update expected test results after extractor changes
jketema b6614c0
fixup JS
asgerf 7b83da4
Update some tests
asgerf File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,53 @@ | ||
| /** | ||
| * @name Print DFG | ||
| * @description Produces a representation of a file's Data Flow Graph. | ||
| * This query is used by the VS Code extension. | ||
| * @id cs/print-dfg | ||
| * @kind graph | ||
| * @tags ide-contextual-queries/print-dfg | ||
| */ | ||
|
|
||
| import csharp | ||
| private import semmle.code.csharp.dataflow.internal.DataFlowImplSpecific as DF | ||
| private import semmle.code.csharp.dataflow.internal.TaintTrackingImplSpecific as TT | ||
| private import codeql.dataflow.PrintDfg | ||
| private import MakePrintDfg<Location, DF::CsharpDataFlow, TT::CsharpTaintTracking> | ||
|
|
||
| external string selectedSourceFile(); | ||
|
|
||
| private predicate selectedSourceFileAlias = selectedSourceFile/0; | ||
|
|
||
| external int selectedSourceLine(); | ||
|
|
||
| private predicate selectedSourceLineAlias = selectedSourceLine/0; | ||
|
|
||
| external int selectedSourceColumn(); | ||
|
|
||
| private predicate selectedSourceColumnAlias = selectedSourceColumn/0; | ||
|
|
||
| module ViewDfgQueryInput implements ViewGraphQueryInputSig<File> { | ||
| predicate selectedSourceFile = selectedSourceFileAlias/0; | ||
|
|
||
| predicate selectedSourceLine = selectedSourceLineAlias/0; | ||
|
|
||
| predicate selectedSourceColumn = selectedSourceColumnAlias/0; | ||
|
|
||
| predicate callableSpan( | ||
| DF::CsharpDataFlow::DataFlowCallable callable, File file, int startLine, int startColumn, | ||
| int endLine, int endColumn | ||
| ) { | ||
| exists(Callable c | | ||
| c = callable.asCallable(_) and | ||
| file = c.getFile() and | ||
| callable.getLocation().getStartLine() = startLine and | ||
| callable.getLocation().getStartColumn() = startColumn and | ||
| exists(Location loc | | ||
| loc.getEndLine() = endLine and | ||
| loc.getEndColumn() = endColumn and | ||
| loc = c.getBody().getLocation() | ||
| ) | ||
| ) | ||
| } | ||
| } | ||
|
|
||
| import ViewGraphQuery<File, ViewDfgQueryInput> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,50 @@ | ||
| /** | ||
| * @name Print DFG | ||
| * @description Produces a representation of a file's Data Flow Graph. | ||
| * This query is used by the VS Code extension. | ||
| * @id java/print-cfg | ||
| * @kind graph | ||
| * @tags ide-contextual-queries/print-dfg | ||
| */ | ||
|
|
||
| import java | ||
| private import semmle.code.java.dataflow.internal.DataFlowImplSpecific as DF | ||
| private import semmle.code.java.dataflow.internal.TaintTrackingImplSpecific as TT | ||
| private import codeql.dataflow.PrintDfg | ||
| private import MakePrintDfg<Location, DF::JavaDataFlow, TT::JavaTaintTracking> | ||
|
|
||
| external string selectedSourceFile(); | ||
|
|
||
| private predicate selectedSourceFileAlias = selectedSourceFile/0; | ||
|
|
||
| external int selectedSourceLine(); | ||
|
|
||
| private predicate selectedSourceLineAlias = selectedSourceLine/0; | ||
|
|
||
| external int selectedSourceColumn(); | ||
|
|
||
| private predicate selectedSourceColumnAlias = selectedSourceColumn/0; | ||
|
|
||
| module ViewDfgQueryInput implements ViewGraphQueryInputSig<File> { | ||
| predicate selectedSourceFile = selectedSourceFileAlias/0; | ||
|
|
||
| predicate selectedSourceLine = selectedSourceLineAlias/0; | ||
|
|
||
| predicate selectedSourceColumn = selectedSourceColumnAlias/0; | ||
|
|
||
| predicate callableSpan( | ||
| DF::JavaDataFlow::DataFlowCallable callable, File file, int startLine, int startColumn, | ||
| int endLine, int endColumn | ||
| ) { | ||
| file = callable.asCallable().getFile() and | ||
| callable.getLocation().getStartLine() = startLine and | ||
| callable.getLocation().getStartColumn() = startColumn and | ||
| exists(Location loc | | ||
| loc.getEndLine() = endLine and | ||
| loc.getEndColumn() = endColumn and | ||
| loc = callable.asCallable().getBody().getLocation() | ||
| ) | ||
| } | ||
| } | ||
|
|
||
| import ViewGraphQuery<File, ViewDfgQueryInput> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,48 @@ | ||
| /** | ||
| * @name Print DFG | ||
| * @description Produces a representation of a file's Data Flow Graph. | ||
| * This query is used by the VS Code extension. | ||
| * @id js/print-dfg | ||
| * @kind graph | ||
| * @tags ide-contextual-queries/print-dfg | ||
| */ | ||
|
|
||
| private import javascript | ||
| private import semmle.javascript.dataflow.internal.sharedlib.DataFlowArg | ||
| private import codeql.dataflow.PrintDfg | ||
| import MakePrintDfg<Location, JSDataFlow, JSTaintFlow> | ||
|
|
||
| external string selectedSourceFile(); | ||
|
|
||
| private predicate selectedSourceFileAlias = selectedSourceFile/0; | ||
Check warningCode scanning / CodeQL Dead code Warning
This code is never used, and it's not publicly exported.
|
||
|
|
||
| external int selectedSourceLine(); | ||
Check warningCode scanning / CodeQL Dead code Warning
This code is never used, and it's not publicly exported.
|
||
|
|
||
| private predicate selectedSourceLineAlias = selectedSourceLine/0; | ||
Check warningCode scanning / CodeQL Dead code Warning
This code is never used, and it's not publicly exported.
|
||
|
|
||
| external int selectedSourceColumn(); | ||
Check warningCode scanning / CodeQL Dead code Warning
This code is never used, and it's not publicly exported.
|
||
|
|
||
| private predicate selectedSourceColumnAlias = selectedSourceColumn/0; | ||
Check warningCode scanning / CodeQL Dead code Warning
This code is never used, and it's not publicly exported.
|
||
|
|
||
| module ViewCfgQueryInput implements ViewGraphQueryInputSig<File> { | ||
|
||
| predicate selectedSourceFile = selectedSourceFileAlias/0; | ||
|
|
||
| predicate selectedSourceLine = selectedSourceLineAlias/0; | ||
|
|
||
| predicate selectedSourceColumn = selectedSourceColumnAlias/0; | ||
|
|
||
| /** | ||
| * Holds if `callable` spans column `startColumn` of line `startLine` to | ||
| * column `endColumn` of line `endLine` in `file`. | ||
| */ | ||
| predicate callableSpan( | ||
| JSDataFlow::DataFlowCallable callable, File file, int startLine, int startColumn, int endLine, | ||
| int endColumn | ||
| ) { | ||
| callable | ||
| .getLocation() | ||
| .hasLocationInfo(file.getAbsolutePath(), startLine, startColumn, endLine, endColumn) | ||
| } | ||
| } | ||
|
|
||
| import ViewGraphQuery<File, ViewGraphInput> | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,44 @@ | ||
| /** | ||
| * @name Print DFG | ||
| * @description Produces a representation of a file's Data Flow Graph. | ||
| * This query is used by the VS Code extension. | ||
| * @id rb/print-dfg | ||
| * @kind graph | ||
| * @tags ide-contextual-queries/print-dfg | ||
| */ | ||
|
|
||
| private import codeql.Locations | ||
| private import codeql.ruby.dataflow.internal.DataFlowImplSpecific as DF | ||
| private import codeql.ruby.dataflow.internal.TaintTrackingImplSpecific as TT | ||
| private import codeql.dataflow.PrintDfg | ||
| private import MakePrintDfg<Location, DF::RubyDataFlow, TT::RubyTaintTracking> | ||
|
|
||
| external string selectedSourceFile(); | ||
|
|
||
| private predicate selectedSourceFileAlias = selectedSourceFile/0; | ||
|
|
||
| external int selectedSourceLine(); | ||
|
|
||
| private predicate selectedSourceLineAlias = selectedSourceLine/0; | ||
|
|
||
| external int selectedSourceColumn(); | ||
|
|
||
| private predicate selectedSourceColumnAlias = selectedSourceColumn/0; | ||
|
|
||
| module ViewDfgQueryInput implements ViewGraphQueryInputSig<File> { | ||
| predicate selectedSourceFile = selectedSourceFileAlias/0; | ||
|
|
||
| predicate selectedSourceLine = selectedSourceLineAlias/0; | ||
|
|
||
| predicate selectedSourceColumn = selectedSourceColumnAlias/0; | ||
|
|
||
| predicate callableSpan( | ||
| DF::RubyDataFlow::DataFlowCallable callable, File file, int startLine, int startColumn, | ||
| int endLine, int endColumn | ||
| ) { | ||
| file = callable.asCfgScope().getFile() and | ||
| callable.getLocation().hasLocationInfo(_, startLine, startColumn, endLine, endColumn) | ||
| } | ||
| } | ||
|
|
||
| import ViewGraphQuery<File, ViewDfgQueryInput> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,44 @@ | ||
| /** | ||
| * @name Print DFG | ||
| * @description Produces a representation of a file's Data Flow Graph. | ||
| * This query is used by the VS Code extension. | ||
| * @id rust/print-dfg | ||
| * @kind graph | ||
| * @tags ide-contextual-queries/print-dfg | ||
| */ | ||
|
|
||
| private import rust | ||
| private import codeql.rust.dataflow.internal.DataFlowImpl as DF | ||
| private import codeql.rust.dataflow.internal.TaintTrackingImpl as TT | ||
| private import codeql.dataflow.PrintDfg | ||
| private import MakePrintDfg<Location, DF::RustDataFlow, TT::RustTaintTracking> | ||
|
|
||
| external string selectedSourceFile(); | ||
|
|
||
| private predicate selectedSourceFileAlias = selectedSourceFile/0; | ||
|
|
||
| external int selectedSourceLine(); | ||
|
|
||
| private predicate selectedSourceLineAlias = selectedSourceLine/0; | ||
|
|
||
| external int selectedSourceColumn(); | ||
|
|
||
| private predicate selectedSourceColumnAlias = selectedSourceColumn/0; | ||
|
|
||
| private module ViewDfgQueryInput implements ViewGraphQueryInputSig<File> { | ||
| predicate selectedSourceFile = selectedSourceFileAlias/0; | ||
|
|
||
| predicate selectedSourceLine = selectedSourceLineAlias/0; | ||
|
|
||
| predicate selectedSourceColumn = selectedSourceColumnAlias/0; | ||
|
|
||
| predicate callableSpan( | ||
| DF::RustDataFlow::DataFlowCallable callable, File file, int startLine, int startColumn, | ||
| int endLine, int endColumn | ||
| ) { | ||
| file = callable.asCfgScope().getFile() and | ||
| callable.getLocation().hasLocationInfo(_, startLine, startColumn, endLine, endColumn) | ||
| } | ||
| } | ||
|
|
||
| import ViewGraphQuery<File, ViewDfgQueryInput> |
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Check warning
Code scanning / CodeQL
Dead code Warning