Merge branch 'main' into regexpParse

Author: erik-krogh

config/identical-files.json

@@ -409,5 +409,12 @@
     "java/ql/src/Metrics/Files/CommentedOutCodeReferences.qhelp",
     "javascript/ql/src/Comments/CommentedOutCodeReferences.qhelp",
     "python/ql/src/Lexical/CommentedOutCodeReferences.qhelp"
+  ],
+  "IDE Contextual Queries": [
+    "cpp/ql/src/IDEContextual.qll",
+    "csharp/ql/src/IDEContextual.qll",
+    "java/ql/src/IDEContextual.qll",
+    "javascript/ql/src/IDEContextual.qll",
+    "python/ql/src/analysis/IDEContextual.qll"
   ]
 }

cpp/ql/src/IDEContextual.qll

@@ -0,0 +1,22 @@
+/**
+ * Provides shared predicates related to contextual queries in the code viewer.
+ */
+
+import semmle.files.FileSystem
+
+/**
+ * Returns the `File` matching the given source file name as encoded by the VS
+ * Code extension.
+ */
+cached
+File getFileBySourceArchiveName(string name) {
+  // The name provided for a file in the source archive by the VS Code extension
+  // has some differences from the absolute path in the database:
+  // 1. colons are replaced by underscores
+  // 2. there's a leading slash, even for Windows paths: "C:/foo/bar" ->
+  //    "/C_/foo/bar"
+  // 3. double slashes in UNC prefixes are replaced with a single slash
+  // We can handle 2 and 3 together by unconditionally adding a leading slash
+  // before replacing double slashes.
+  name = ("/" + result.getAbsolutePath().replaceAll(":", "_")).replaceAll("//", "/")
+}

cpp/ql/src/Likely Bugs/Leap Year/UncheckedReturnValueForTimeFunctions.ql

@@ -50,10 +50,12 @@ class SafeTimeGatheringFunction extends Function {
 class TimeConversionFunction extends Function {
   TimeConversionFunction() {
     this.getQualifiedName() =
-      ["FileTimeToSystemTime", "SystemTimeToFileTime", "SystemTimeToTzSpecificLocalTime",
-          "SystemTimeToTzSpecificLocalTimeEx", "TzSpecificLocalTimeToSystemTime",
-          "TzSpecificLocalTimeToSystemTimeEx", "RtlLocalTimeToSystemTime",
-          "RtlTimeToSecondsSince1970", "_mkgmtime"]
+      [
+        "FileTimeToSystemTime", "SystemTimeToFileTime", "SystemTimeToTzSpecificLocalTime",
+        "SystemTimeToTzSpecificLocalTimeEx", "TzSpecificLocalTimeToSystemTime",
+        "TzSpecificLocalTimeToSystemTimeEx", "RtlLocalTimeToSystemTime",
+        "RtlTimeToSecondsSince1970", "_mkgmtime"
+      ]
   }
 }
 

cpp/ql/src/definitions.qll

@@ -4,6 +4,7 @@
  */
 
 import cpp
+import IDEContextual
 
 /**
  * Any element that might be the source or target of a jump-to-definition
@@ -207,11 +208,3 @@ Top definitionOf(Top e, string kind) {
   // later on.
   strictcount(result.getLocation()) < 10
 }
-
-/**
- * Returns an appropriately encoded version of a filename `name`
- * passed by the VS Code extension in order to coincide with the
- * output of `.getFile()` on locatable entities.
- */
-cached
-File getEncodedFile(string name) { result.getAbsolutePath().replaceAll(":", "_") = name }

cpp/ql/src/experimental/semmle/code/cpp/security/PrivateCleartextWrite.qll

@@ -7,7 +7,6 @@ import semmle.code.cpp.dataflow.TaintTracking
 import experimental.semmle.code.cpp.security.PrivateData
 import semmle.code.cpp.security.FileWrite
 import semmle.code.cpp.security.BufferWrite
-import semmle.code.cpp.dataflow.TaintTracking
 
 module PrivateCleartextWrite {
   /**

cpp/ql/src/localDefinitions.ql

@@ -12,5 +12,5 @@ import definitions
 external string selectedSourceFile();
 
 from Top e, Top def, string kind
-where def = definitionOf(e, kind) and e.getFile() = getEncodedFile(selectedSourceFile())
+where def = definitionOf(e, kind) and e.getFile() = getFileBySourceArchiveName(selectedSourceFile())
 select e, def, kind

cpp/ql/src/localReferences.ql

@@ -12,5 +12,6 @@ import definitions
 external string selectedSourceFile();
 
 from Top e, Top def, string kind
-where def = definitionOf(e, kind) and def.getFile() = getEncodedFile(selectedSourceFile())
+where
+  def = definitionOf(e, kind) and def.getFile() = getFileBySourceArchiveName(selectedSourceFile())
 select e, def, kind

cpp/ql/src/printAst.ql

@@ -22,6 +22,6 @@ class Cfg extends PrintASTConfiguration {
    * Print All functions from the selected file.
    */
   override predicate shouldPrintFunction(Function func) {
-    func.getFile() = getEncodedFile(selectedSourceFile())
+    func.getFile() = getFileBySourceArchiveName(selectedSourceFile())
   }
 }

cpp/ql/src/semmle/code/cpp/commons/Strcat.qll

@@ -9,12 +9,14 @@ import cpp
 class StrcatFunction extends Function {
   StrcatFunction() {
     getName() =
-      ["strcat", // strcat(dst, src)
-          "strncat", // strncat(dst, src, max_amount)
-          "wcscat", // wcscat(dst, src)
-          "_mbscat", // _mbscat(dst, src)
-          "wcsncat", // wcsncat(dst, src, max_amount)
-          "_mbsncat", // _mbsncat(dst, src, max_amount)
-          "_mbsncat_l"] // _mbsncat_l(dst, src, max_amount, locale)
+      [
+        "strcat", // strcat(dst, src)
+        "strncat", // strncat(dst, src, max_amount)
+        "wcscat", // wcscat(dst, src)
+        "_mbscat", // _mbscat(dst, src)
+        "wcsncat", // wcsncat(dst, src, max_amount)
+        "_mbsncat", // _mbsncat(dst, src, max_amount)
+        "_mbsncat_l" // _mbsncat_l(dst, src, max_amount, locale)
+      ]
   }
 }

cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowUtil.qll

@@ -677,6 +677,11 @@ private predicate exprToExprStep_nocfg(Expr fromExpr, Expr toExpr) {
       exists(DataFlowFunction f, FunctionInput inModel, FunctionOutput outModel |
         f.hasDataFlow(inModel, outModel) and
         (
+          exists(int iIn |
+            inModel.isParameterDeref(iIn) and
+            call.passesByReference(iIn, fromExpr)
+          )
+          or
           exists(int iIn |
             inModel.isParameter(iIn) and
             fromExpr = call.getArgument(iIn)