Merge branch 'main' into jeongsoolee09/add-getIndirectionIndex

Author: jeongsoolee09

config/add-overlay-annotations.py

@@ -199,6 +199,7 @@ def annotate_as_appropriate(filename, lines):
     # as overlay[local?].  It is not clear that these heuristics are exactly what we want,
     # but they seem to work well enough for now (as determined by speed and accuracy numbers).
     if (filename.endswith("Test.qll") or
+        re.search(r"go/ql/lib/semmle/go/security/[^/]+[.]qll$", filename.replace(os.sep, "/")) or
         ((filename.endswith("Query.qll") or filename.endswith("Config.qll")) and
          any("implements DataFlow::ConfigSig" in line for line in lines))):
         return None

csharp/ql/consistency-queries/CfgConsistency.ql

@@ -1,63 +1,5 @@
 import csharp
 import semmle.code.csharp.controlflow.internal.Completion
-import semmle.code.csharp.controlflow.internal.PreBasicBlocks
 import ControlFlow
 import semmle.code.csharp.controlflow.internal.ControlFlowGraphImpl::Consistency
 import semmle.code.csharp.controlflow.internal.Splitting
-
-private predicate splitBB(ControlFlow::BasicBlock bb) {
-  exists(ControlFlow::Node first |
-    first = bb.getFirstNode() and
-    first.isJoin() and
-    strictcount(first.getAPredecessor().getAstNode()) = 1
-  )
-}
-
-private class RelevantBasicBlock extends ControlFlow::BasicBlock {
-  RelevantBasicBlock() { not splitBB(this) }
-}
-
-predicate bbStartInconsistency(ControlFlowElement cfe) {
-  exists(RelevantBasicBlock bb | bb.getFirstNode() = cfe.getAControlFlowNode()) and
-  not cfe = any(PreBasicBlock bb).getFirstElement()
-}
-
-predicate bbSuccInconsistency(ControlFlowElement pred, ControlFlowElement succ) {
-  exists(RelevantBasicBlock predBB, RelevantBasicBlock succBB |
-    predBB.getLastNode() = pred.getAControlFlowNode() and
-    succBB = predBB.getASuccessor() and
-    succBB.getFirstNode() = succ.getAControlFlowNode()
-  ) and
-  not exists(PreBasicBlock predBB, PreBasicBlock succBB |
-    predBB.getLastNode() = pred and
-    succBB = predBB.getASuccessor() and
-    succBB.getFirstElement() = succ
-  )
-}
-
-predicate bbIntraSuccInconsistency(ControlFlowElement pred, ControlFlowElement succ) {
-  exists(ControlFlow::BasicBlock bb, int i |
-    pred.getAControlFlowNode() = bb.getNode(i) and
-    succ.getAControlFlowNode() = bb.getNode(i + 1)
-  ) and
-  not exists(PreBasicBlock bb |
-    bb.getLastNode() = pred and
-    bb.getASuccessor().getFirstElement() = succ
-  ) and
-  not exists(PreBasicBlock bb, int i |
-    bb.getNode(i) = pred and
-    bb.getNode(i + 1) = succ
-  )
-}
-
-query predicate preBasicBlockConsistency(ControlFlowElement cfe1, ControlFlowElement cfe2, string s) {
-  bbStartInconsistency(cfe1) and
-  cfe2 = cfe1 and
-  s = "start inconsistency"
-  or
-  bbSuccInconsistency(cfe1, cfe2) and
-  s = "succ inconsistency"
-  or
-  bbIntraSuccInconsistency(cfe1, cfe2) and
-  s = "intra succ inconsistency"
-}

csharp/ql/lib/semmle/code/csharp/controlflow/internal/PreBasicBlocks.qll

@@ -9,15 +9,15 @@ toolchain go1.26.0
 // when adding or removing dependencies, run
 //    bazel mod tidy
 require (
-	golang.org/x/mod v0.33.0
-	golang.org/x/tools v0.42.0
+	golang.org/x/mod v0.34.0
+	golang.org/x/tools v0.43.0
 )
 
 require github.com/stretchr/testify v1.11.1
 
 require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	golang.org/x/sync v0.19.0 // indirect
+	golang.org/x/sync v0.20.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

go/extractor/go.mod

@@ -6,12 +6,12 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
 github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
-golang.org/x/mod v0.33.0 h1:tHFzIWbBifEmbwtGz65eaWyGiGZatSrT9prnU8DbVL8=
-golang.org/x/mod v0.33.0/go.mod h1:swjeQEj+6r7fODbD2cqrnje9PnziFuw4bmLbBZFrQ5w=
-golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4=
-golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
-golang.org/x/tools v0.42.0 h1:uNgphsn75Tdz5Ji2q36v/nsFSfR/9BRFvqhGBaJGd5k=
-golang.org/x/tools v0.42.0/go.mod h1:Ma6lCIwGZvHK6XtgbswSoWroEkhugApmsXyrUmBhfr0=
+golang.org/x/mod v0.34.0 h1:xIHgNUUnW6sYkcM5Jleh05DvLOtwc6RitGHbDk4akRI=
+golang.org/x/mod v0.34.0/go.mod h1:ykgH52iCZe79kzLLMhyCUzhMci+nQj+0XkbXpNYtVjY=
+golang.org/x/sync v0.20.0 h1:e0PTpb7pjO8GAtTs2dQ6jYa5BWYlMuX047Dco/pItO4=
+golang.org/x/sync v0.20.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0=
+golang.org/x/tools v0.43.0 h1:12BdW9CeB3Z+J/I/wj34VMl8X+fEXBxVR90JeMX5E7s=
+golang.org/x/tools v0.43.0/go.mod h1:uHkMso649BX2cZK6+RpuIPXS3ho2hZo4FVwfoy1vIk0=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=

go/extractor/go.sum

@@ -8,5 +8,7 @@
  * `FileSystemAccess`, or the `Source` and `Sink` classes associated with the security queries
  * to model frameworks that are not covered by the standard library.
  */
+overlay[local?]
+module;
 
 import go

go/ql/lib/Customizations.qll

@@ -1,6 +1,8 @@
 /**
  * Provides classes for working with Go programs.
  */
+overlay[local?]
+module;
 
 import Customizations
 import semmle.go.Architectures

go/ql/lib/go.qll

@@ -2,6 +2,8 @@
  * Provides classes and predicates related to contextual queries
  * in the code viewer.
  */
+overlay[local?]
+module;
 
 import go
 private import codeql.util.FileSystem

go/ql/lib/ideContextual.qll

@@ -1,6 +1,8 @@
 /**
  * Provides classes for working with AST nodes.
  */
+overlay[local]
+module;
 
 import go
 

go/ql/lib/semmle/go/AST.qll

@@ -1,4 +1,6 @@
 /** Provides classes for working with architectures. */
+overlay[local]
+module;
 
 import go