Merge branch 'main' into rails/render_locals_shared

Author: alexrford

README.md

@@ -10,6 +10,8 @@ There is [extensive documentation](https://codeql.github.com/docs/) on getting s
 
 We welcome contributions to our standard library and standard checks. Do you have an idea for a new check, or how to improve an existing query? Then please go ahead and open a pull request! Before you do, though, please take the time to read our [contributing guidelines](CONTRIBUTING.md). You can also consult our [style guides](https://github.com/github/codeql/tree/main/docs) to learn how to format your code for consistency and clarity, how to write query metadata, and how to write query help documentation for your query.
 
+For information on contributing to CodeQL documentation, see the "[contributing guide](docs/codeql/CONTRIBUTING.md)" for docs.
+
 ## License
 
 The code in this repository is licensed under the [MIT License](LICENSE) by [GitHub](https://github.com).

cpp/ql/lib/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.5.1
+
+No user-facing changes.
+
 ## 0.5.0
 
 ### Breaking Changes

cpp/ql/lib/change-notes/released/0.5.1.md

@@ -0,0 +1,3 @@
+## 0.5.1
+
+No user-facing changes.

cpp/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.5.0
+lastReleaseVersion: 0.5.1

cpp/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 0.5.1-dev
+version: 0.5.2-dev
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp

cpp/ql/src/CHANGELOG.md

@@ -1,3 +1,9 @@
+## 0.5.1
+
+### Minor Analysis Improvements
+
+* The `cpp/no-space-for-terminator` and `cpp/uncontrolled-allocation-size` queries have been enhanced with heuristic detection of allocations. These queries now find more results.
+
 ## 0.5.0
 
 ### Minor Analysis Improvements

cpp/ql/src/change-notes/2023-01-05-heuristic-allocations.md renamed to cpp/ql/src/change-notes/released/0.5.1.md

@@ -1,4 +1,5 @@
----
-category: minorAnalysis
----
+## 0.5.1
+
+### Minor Analysis Improvements
+
 * The `cpp/no-space-for-terminator` and `cpp/uncontrolled-allocation-size` queries have been enhanced with heuristic detection of allocations. These queries now find more results.

cpp/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.5.0
+lastReleaseVersion: 0.5.1

cpp/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 0.5.1-dev
+version: 0.5.2-dev
 groups: 
   - cpp
   - queries

csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 1.4.1
+
+No user-facing changes.
+
 ## 1.4.0
 
 No user-facing changes.

csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.4.1.md

@@ -0,0 +1,3 @@
+## 1.4.1
+
+No user-facing changes.

csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.4.0
+lastReleaseVersion: 1.4.1

csharp/ql/campaigns/Solorigate/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.4.1-dev
+version: 1.4.2-dev
 groups:
     - csharp
     - solorigate

csharp/ql/campaigns/Solorigate/src/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 1.4.1
+
+No user-facing changes.
+
 ## 1.4.0
 
 No user-facing changes.

csharp/ql/campaigns/Solorigate/src/change-notes/released/1.4.1.md

@@ -0,0 +1,3 @@
+## 1.4.1
+
+No user-facing changes.

csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.4.0
+lastReleaseVersion: 1.4.1

csharp/ql/campaigns/Solorigate/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.4.1-dev
+version: 1.4.2-dev
 groups:
     - csharp
     - solorigate

csharp/ql/lib/CHANGELOG.md

@@ -1,3 +1,18 @@
+## 0.5.1
+
+### Major Analysis Improvements
+
+* Added library support for generic attributes (also for CIL extracted attributes).
+* `cil.ConstructedType::getName` was changed to include printing of the type arguments.
+
+### Minor Analysis Improvements
+
+* Attributes on methods in CIL are now extracted (Bugfix).
+* Support for `static virtual` and `static abstract` interface members.
+* Support for *operators* in interface definitions. 
+* C# 11: Added support for the unsigned right shift `>>>` and unsigned right shift assignment `>>>=` operators.
+* Query id's have been aligned such that they are prefixed with `cs` instead of `csharp`.
+
 ## 0.5.0
 
 ### Minor Analysis Improvements

csharp/ql/lib/change-notes/2023-01-03-genericattributes.md

@@ -0,0 +1,14 @@
+## 0.5.1
+
+### Major Analysis Improvements
+
+* Added library support for generic attributes (also for CIL extracted attributes).
+* `cil.ConstructedType::getName` was changed to include printing of the type arguments.
+
+### Minor Analysis Improvements
+
+* Attributes on methods in CIL are now extracted (Bugfix).
+* Support for `static virtual` and `static abstract` interface members.
+* Support for *operators* in interface definitions. 
+* C# 11: Added support for the unsigned right shift `>>>` and unsigned right shift assignment `>>>=` operators.
+* Query id's have been aligned such that they are prefixed with `cs` instead of `csharp`.

csharp/ql/lib/change-notes/2023-01-03-queryids.md

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.5.0
+lastReleaseVersion: 0.5.1

csharp/ql/lib/change-notes/2023-01-11-unsigned-right-shift.md

@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 0.5.1-dev
+version: 0.5.2-dev
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp

csharp/ql/lib/change-notes/2023-01-16-virtualizable-operators.md

@@ -39,6 +39,11 @@ module Public {
       )
       or
       exists(ReturnKind rk | this = TReturnSummaryComponent(rk) and result = "return (" + rk + ")")
+      or
+      exists(SummaryComponent::SyntheticGlobal sg |
+        this = TSyntheticGlobalSummaryComponent(sg) and
+        result = "synthetic global (" + sg + ")"
+      )
     }
   }
 
@@ -159,41 +164,41 @@ module Public {
     SummaryComponentStack return(ReturnKind rk) { result = singleton(SummaryComponent::return(rk)) }
   }
 
-  private predicate noComponentSpecificCsv(SummaryComponent sc) {
-    not exists(getComponentSpecificCsv(sc))
+  private predicate noComponentSpecific(SummaryComponent sc) {
+    not exists(getComponentSpecific(sc))
   }
 
   /** Gets a textual representation of this component used for flow summaries. */
-  private string getComponentCsv(SummaryComponent sc) {
-    result = getComponentSpecificCsv(sc)
+  private string getComponent(SummaryComponent sc) {
+    result = getComponentSpecific(sc)
     or
-    noComponentSpecificCsv(sc) and
+    noComponentSpecific(sc) and
     (
       exists(ArgumentPosition pos |
         sc = TParameterSummaryComponent(pos) and
-        result = "Parameter[" + getArgumentPositionCsv(pos) + "]"
+        result = "Parameter[" + getArgumentPosition(pos) + "]"
       )
       or
       exists(ParameterPosition pos |
         sc = TArgumentSummaryComponent(pos) and
-        result = "Argument[" + getParameterPositionCsv(pos) + "]"
+        result = "Argument[" + getParameterPosition(pos) + "]"
       )
       or
       sc = TReturnSummaryComponent(getReturnValueKind()) and result = "ReturnValue"
     )
   }
 
   /** Gets a textual representation of this stack used for flow summaries. */
-  string getComponentStackCsv(SummaryComponentStack stack) {
+  string getComponentStack(SummaryComponentStack stack) {
     exists(SummaryComponent head, SummaryComponentStack tail |
       head = stack.head() and
       tail = stack.tail() and
-      result = getComponentStackCsv(tail) + "." + getComponentCsv(head)
+      result = getComponentStack(tail) + "." + getComponent(head)
     )
     or
     exists(SummaryComponent c |
       stack = TSingletonSummaryComponentStack(c) and
-      result = getComponentCsv(c)
+      result = getComponent(c)
     )
   }
 
@@ -1217,8 +1222,8 @@ module Private {
         c.relevantSummary(input, output, preservesValue) and
         csv =
           c.getCallableCsv() // Callable information
-            + getComponentStackCsv(input) + ";" // input
-            + getComponentStackCsv(output) + ";" // output
+            + getComponentStack(input) + ";" // input
+            + getComponentStack(output) + ";" // output
             + renderKind(preservesValue) + ";" // kind
             + renderProvenance(c) // provenance
       )

csharp/ql/lib/change-notes/2023-01-18-cilmethodattributes.md

@@ -178,7 +178,7 @@ SummaryComponent interpretComponentSpecific(AccessPathToken c) {
 }
 
 /** Gets the textual representation of the content in the format used for flow summaries. */
-private string getContentSpecificCsv(Content c) {
+private string getContentSpecific(Content c) {
   c = TElementContent() and result = "Element"
   or
   exists(Field f | c = TFieldContent(f) and result = "Field[" + f.getQualifiedName() + "]")
@@ -189,8 +189,8 @@ private string getContentSpecificCsv(Content c) {
 }
 
 /** Gets the textual representation of a summary component in the format used for flow summaries. */
-string getComponentSpecificCsv(SummaryComponent sc) {
-  exists(Content c | sc = TContentSummaryComponent(c) and result = getContentSpecificCsv(c))
+string getComponentSpecific(SummaryComponent sc) {
+  exists(Content c | sc = TContentSummaryComponent(c) and result = getContentSpecific(c))
   or
   sc = TWithoutContentSummaryComponent(_) and result = "WithoutElement"
   or
@@ -204,15 +204,15 @@ string getComponentSpecificCsv(SummaryComponent sc) {
 }
 
 /** Gets the textual representation of a parameter position in the format used for flow summaries. */
-string getParameterPositionCsv(ParameterPosition pos) {
+string getParameterPosition(ParameterPosition pos) {
   result = pos.getPosition().toString()
   or
   pos.isThisParameter() and
   result = "this"
 }
 
 /** Gets the textual representation of an argument position in the format used for flow summaries. */
-string getArgumentPositionCsv(ArgumentPosition pos) {
+string getArgumentPosition(ArgumentPosition pos) {
   result = pos.getPosition().toString()
   or
   pos.isQualifier() and

csharp/ql/lib/change-notes/released/0.5.1.md

@@ -1,3 +1,7 @@
+## 0.5.1
+
+No user-facing changes.
+
 ## 0.5.0
 
 ### New Queries

csharp/ql/lib/codeql-pack.release.yml

@@ -0,0 +1,3 @@
+## 0.5.1
+
+No user-facing changes.

csharp/ql/lib/qlpack.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.5.0
+lastReleaseVersion: 0.5.1

csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll

@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 0.5.1-dev
+version: 0.5.2-dev
 groups: 
   - csharp
   - queries

csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImplSpecific.qll

@@ -0,0 +1,18 @@
+# Contributing to CodeQL docs
+
+We welcome contributions to our CodeQL docs. Want to improve existing docs or add new information you think would be helpful? Then please go ahead and open a pull request!
+
+## Contributing to CodeQL docs on `codeql.github.com`
+
+To make changes to the documentation on [codeql.github.com](https://codeql.github.com/docs/codeql-overview/), you can make changes to the documentation files using the GitHub UI, a codespace, or a local text editor, and then open a pull request for review. For more information about the format and structure of the CodeQL documentation on [codeql.github.com](https://codeql.github.com/docs/codeql-overview/), please see the [README](docs/codeql/README.rst).
+
+## Contributing to CodeQL CLI docs on `docs.github.com`
+
+We are in the process of moving all documentation about the CodeQL CLI from [github/codeql](docs/codeql) to the public [github/docs](https://github.com/github/docs) repository so that this documentation is published on the [GitHub Docs](https://docs.github.com/en/code-security/code-scanning) site. This includes all articles that are currently published under "[Using the CodeQL CLI](https://codeql.github.com/docs/codeql-cli/using-the-codeql-cli/)" and "[CodeQL CLI reference](https://codeql.github.com/docs/codeql-cli/codeql-cli-reference/)" categories on the CodeQL microsite. This will make it easier for code scanning users to find information about using CodeQL to query their codebases.
+
+**Note**: For a brief time, we will have source files for CodeQL CLI documentation in two locations. During this period we will not accept changes to the old files in the `codeql` repository, only to the new files in the `docs` repository. 
+
+To contribute to these docs, which are located in the [`code-scanning`](https://github.com/github/docs/tree/main/content/code-security/code-scanning) directory, please refer to the [CONTRIBUTING.md](CONTRIBUTING.md) file in the `docs` repository.
+
+
+

csharp/ql/src/CHANGELOG.md

@@ -12,6 +12,8 @@ see https://docutils.sourceforge.io/rst.html.
 
 For more information on Sphinx, see https://www.sphinx-doc.org.
 
+For information on contributing to CodeQL documentation, see the `contributing guide </CONTRIBUTING.md>`__.
+
 Project structure
 *****************
 

csharp/ql/src/change-notes/released/0.5.1.md

@@ -1,3 +1,7 @@
+## 0.4.1
+
+No user-facing changes.
+
 ## 0.4.0
 
 ### Breaking Changes

csharp/ql/src/codeql-pack.release.yml

@@ -0,0 +1,3 @@
+## 0.4.1
+
+No user-facing changes.

csharp/ql/src/qlpack.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.0
+lastReleaseVersion: 0.4.1

docs/codeql/CONTRIBUTING.md

@@ -1,5 +1,5 @@
 name: codeql/go-all
-version: 0.4.1-dev
+version: 0.4.2-dev
 groups: go
 dbscheme: go.dbscheme
 extractor: go