add support for libraryPathDependencies in qlpacks

erik-krogh · erik-krogh · commit 9a73c363899e · 2021-10-17T14:51:00.000+02:00
diff --git a/ql/src/codeql_ql/ast/Ast.qll b/ql/src/codeql_ql/ast/Ast.qll
@@ -2309,6 +2309,8 @@ module YAML {
       )
     }
 
+    YAMLListItem getListItem() { toQL(result).getParent() = yamle }
+
     /** Gets the value of this YAML entry. */
     YAMLValue getValue() {
       exists(QL::YamlKeyvaluepair pair |
@@ -2421,7 +2423,7 @@ module YAML {
         deps.getLocation().getFile() = file and entry.getLocation().getFile() = file
       |
         deps.isRoot() and
-        deps.getKey().getQualifiedName() = "dependencies" and
+        deps.getKey().getQualifiedName() = ["dependencies", "libraryPathDependencies"] and
         entry.getLocation().getStartLine() = 1 + deps.getLocation().getStartLine() and
         entry.getLocation().getStartColumn() > deps.getLocation().getStartColumn()
       )
@@ -2436,8 +2438,11 @@ module YAML {
 
     predicate hasDependency(string name, string version) {
       exists(YAMLEntry entry | this.isADependency(entry) |
-        entry.getKey().getQualifiedName() = name and
+        entry.getKey().getQualifiedName().trim() = name and
         entry.getValue().getValue() = version
+        or
+        name = entry.getListItem().getValue().getValue().trim() and
+        version = "\"*\""
       )
     }
 
@@ -2459,7 +2464,7 @@ module YAML {
      */
     QLPack getADependency() {
       exists(string name | this.hasDependency(name, _) |
-        result.getName().replaceAll("-", "/") = name
+        result.getName().replaceAll("-", "/") = name.replaceAll("-", "/")
       )
     }
 

Original file line number	Diff line number	Diff line change
`@@ -2309,6 +2309,8 @@ module YAML {`
`2309`	`2309`	`)`
`2310`	`2310`	`}`
`2311`	`2311`
	`2312`	`+ YAMLListItem getListItem() { toQL(result).getParent() = yamle }`
	`2313`	`+`
`2312`	`2314`	`/** Gets the value of this YAML entry. */`
`2313`	`2315`	`YAMLValue getValue() {`
`2314`	`2316`	`exists(QL::YamlKeyvaluepair pair \|`
`@@ -2421,7 +2423,7 @@ module YAML {`
`2421`	`2423`	`deps.getLocation().getFile() = file and entry.getLocation().getFile() = file`
`2422`	`2424`	`\|`
`2423`	`2425`	`deps.isRoot() and`
`2424`		`- deps.getKey().getQualifiedName() = "dependencies" and`
	`2426`	`+ deps.getKey().getQualifiedName() = ["dependencies", "libraryPathDependencies"] and`
`2425`	`2427`	`entry.getLocation().getStartLine() = 1 + deps.getLocation().getStartLine() and`
`2426`	`2428`	`entry.getLocation().getStartColumn() > deps.getLocation().getStartColumn()`
`2427`	`2429`	`)`
`@@ -2436,8 +2438,11 @@ module YAML {`
`2436`	`2438`
`2437`	`2439`	`predicate hasDependency(string name, string version) {`
`2438`	`2440`	`exists(YAMLEntry entry \| this.isADependency(entry) \|`
`2439`		`- entry.getKey().getQualifiedName() = name and`
	`2441`	`+ entry.getKey().getQualifiedName().trim() = name and`
`2440`	`2442`	`entry.getValue().getValue() = version`
	`2443`	`+ or`
	`2444`	`+ name = entry.getListItem().getValue().getValue().trim() and`
	`2445`	`+ version = "\"*\""`
`2441`	`2446`	`)`
`2442`	`2447`	`}`
`2443`	`2448`
`@@ -2459,7 +2464,7 @@ module YAML {`
`2459`	`2464`	`*/`
`2460`	`2465`	`QLPack getADependency() {`
`2461`	`2466`	`exists(string name \| this.hasDependency(name, _) \|`
`2462`		`- result.getName().replaceAll("-", "/") = name`
	`2467`	`+ result.getName().replaceAll("-", "/") = name.replaceAll("-", "/")`
`2463`	`2468`	`)`
`2464`	`2469`	`}`
`2465`	`2470`