Merge branch 'main' into convert

Author: geoffw0

.gitignore

@@ -76,3 +76,6 @@ node_modules/
 # some upgrade/downgrade checks create these files
 **/upgrades/*/*.dbscheme.stats
 **/downgrades/*/*.dbscheme.stats
+
+# Mergetool files
+*.orig

docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.23.1.rst

@@ -126,7 +126,7 @@ Golang
 """"""
 
 *   The second argument of the :code:`CreateTemp` function, from the :code:`os` package, is no longer a path-injection sink due to proper sanitization by Go.
-*   The query "Uncontrolled data used in path expression" (:code:`go/path-injection`) now detects sanitizing a path by adding :code:`os.PathSeparator` or :code:`\ ` to the beginning.
+*   The query "Uncontrolled data used in path expression" (:code:`go/path-injection`) now detects sanitizing a path by adding :code:`os.PathSeparator` or :code:``\`` to the beginning.
 
 Java/Kotlin
 """""""""""

javascript/ql/src/CHANGELOG.md

@@ -10,7 +10,7 @@
 * Data flow is now tracked through the `Promise.try` and `Array.prototype.with` functions.
 * Query `js/index-out-of-bounds` no longer produces a false-positive when a strictly-less-than check overrides a previous less-than-or-equal test.
 * The query `js/remote-property-injection` now detects property injection vulnerabilities through object enumeration patterns such as `Object.keys()`. 
-* The query "Permissive CORS configuration" (`js/cors-permissive-configuration`) has been promoted from experimental and is now part of the default security suite.
+* The query "Permissive CORS configuration" (`js/cors-permissive-configuration`) has been promoted from experimental and is now part of the default security suite. Thank you to @maikypedia who [submitted the original experimental query](https://github.com/github/codeql/pull/14342)!
 
 ## 2.0.3
 

javascript/ql/src/change-notes/released/2.1.0.md

@@ -10,4 +10,4 @@
 * Data flow is now tracked through the `Promise.try` and `Array.prototype.with` functions.
 * Query `js/index-out-of-bounds` no longer produces a false-positive when a strictly-less-than check overrides a previous less-than-or-equal test.
 * The query `js/remote-property-injection` now detects property injection vulnerabilities through object enumeration patterns such as `Object.keys()`. 
-* The query "Permissive CORS configuration" (`js/cors-permissive-configuration`) has been promoted from experimental and is now part of the default security suite.
+* The query "Permissive CORS configuration" (`js/cors-permissive-configuration`) has been promoted from experimental and is now part of the default security suite. Thank you to @maikypedia who [submitted the original experimental query](https://github.com/github/codeql/pull/14342)!

rust/ql/lib/codeql/rust/controlflow/internal/ControlFlowGraphImpl.qll

@@ -77,7 +77,7 @@ class CallableScopeTree extends StandardTree, PreOrderTree, PostOrderTree, Scope
 
   override AstNode getChildNode(int i) {
     i = 0 and
-    result = this.getParamList().getSelfParam()
+    result = this.getSelfParam()
     or
     result = this.getParam(i - 1)
     or

rust/ql/lib/codeql/rust/elements/internal/CallImpl.qll

@@ -102,7 +102,7 @@ module Impl {
       f = resolvePath(path) and
       path.getSegment().getIdentifier().getText() = methodName and
       exists(SelfParam self |
-        self = f.getParamList().getSelfParam() and
+        self = f.getSelfParam() and
         if self.isRef() then selfIsRef = true else selfIsRef = false
       )
     )

rust/ql/lib/codeql/rust/elements/internal/CallableImpl.qll

@@ -17,5 +17,25 @@ module Impl {
    */
   class Callable extends Generated::Callable {
     override Param getParam(int index) { result = this.getParamList().getParam(index) }
+
+    /**
+     * Gets the self parameter of this callable, if it exists.
+     */
+    SelfParam getSelfParam() { result = this.getParamList().getSelfParam() }
+
+    /**
+     * Holds if `getSelfParam()` exists.
+     */
+    predicate hasSelfParam() { exists(this.getSelfParam()) }
+
+    /**
+     * Gets the number of parameters of this callable, including `self` if it exists.
+     */
+    int getNumberOfParamsInclSelf() {
+      exists(int arr |
+        arr = this.getNumberOfParams() and
+        if this.hasSelfParam() then result = arr + 1 else result = arr
+      )
+    }
   }
 }

rust/ql/lib/codeql/rust/elements/internal/UnionImpl.qll

@@ -21,6 +21,13 @@ module Impl {
    * ```
    */
   class Union extends Generated::Union {
+    /** Gets the struct field named `name`, if any. */
+    pragma[nomagic]
+    StructField getStructField(string name) {
+      result = this.getStructFieldList().getAField() and
+      result.getName().getText() = name
+    }
+
     override string toStringImpl() { result = "union " + this.getName().getText() }
   }
 }

rust/ql/lib/codeql/rust/elements/internal/VariableImpl.qll

@@ -109,7 +109,7 @@ module Impl {
       text = name.getText() and
       // exclude self parameters from functions without a body as these are
       // trait method declarations without implementations
-      not exists(Function f | not f.hasBody() and f.getParamList().getSelfParam() = sp)
+      not exists(Function f | not f.hasBody() and f.getSelfParam() = sp)
     )
     or
     exists(IdentPat pat |

rust/ql/lib/codeql/rust/internal/PathResolution.qll

@@ -4,6 +4,7 @@
 
 private import rust
 private import codeql.rust.elements.internal.generated.ParentChild
+private import codeql.rust.elements.internal.CallExprImpl::Impl as CallExprImpl
 private import codeql.rust.internal.CachedStages
 private import codeql.rust.frameworks.stdlib.Builtins as Builtins
 private import codeql.util.Option
@@ -604,7 +605,13 @@ private class EnumItemNode extends TypeItemNode instanceof Enum {
   }
 }
 
-private class VariantItemNode extends ItemNode instanceof Variant {
+/** An item that can be referenced with arguments. */
+abstract class ParameterizableItemNode extends ItemNode {
+  /** Gets the arity this item. */
+  abstract int getArity();
+}
+
+private class VariantItemNode extends ParameterizableItemNode instanceof Variant {
   override string getName() { result = Variant.super.getName().getText() }
 
   override Namespace getNamespace() {
@@ -617,6 +624,8 @@ private class VariantItemNode extends ItemNode instanceof Variant {
 
   override Visibility getVisibility() { result = super.getEnum().getVisibility() }
 
+  override int getArity() { result = super.getFieldList().(TupleFieldList).getNumberOfFields() }
+
   override predicate hasCanonicalPath(Crate c) { this.hasCanonicalPathPrefix(c) }
 
   bindingset[c]
@@ -638,7 +647,7 @@ private class VariantItemNode extends ItemNode instanceof Variant {
   }
 }
 
-class FunctionItemNode extends AssocItemNode instanceof Function {
+class FunctionItemNode extends AssocItemNode, ParameterizableItemNode instanceof Function {
   override string getName() { result = Function.super.getName().getText() }
 
   override predicate hasImplementation() { Function.super.hasImplementation() }
@@ -648,6 +657,8 @@ class FunctionItemNode extends AssocItemNode instanceof Function {
   override TypeParam getTypeParam(int i) { result = super.getGenericParamList().getTypeParam(i) }
 
   override Visibility getVisibility() { result = Function.super.getVisibility() }
+
+  override int getArity() { result = super.getNumberOfParamsInclSelf() }
 }
 
 abstract class ImplOrTraitItemNode extends ItemNode {
@@ -712,8 +723,10 @@ final class ImplItemNode extends ImplOrTraitItemNode instanceof Impl {
   TypeParamItemNode getBlanketImplementationTypeParam() { result = this.resolveSelfTy() }
 
   /**
-   * Holds if this impl block is a blanket implementation. That is, the
+   * Holds if this impl block is a [blanket implementation][1]. That is, the
    * implementation targets a generic parameter of the impl block.
+   *
+   * [1]: https://doc.rust-lang.org/book/ch10-02-traits.html#using-trait-bounds-to-conditionally-implement-methods
    */
   predicate isBlanketImplementation() { exists(this.getBlanketImplementationTypeParam()) }
 
@@ -865,7 +878,7 @@ private class ImplItemNodeImpl extends ImplItemNode {
   TraitItemNode resolveTraitTyCand() { result = resolvePathCand(this.getTraitPath()) }
 }
 
-private class StructItemNode extends TypeItemNode instanceof Struct {
+private class StructItemNode extends TypeItemNode, ParameterizableItemNode instanceof Struct {
   override string getName() { result = Struct.super.getName().getText() }
 
   override Namespace getNamespace() {
@@ -877,6 +890,8 @@ private class StructItemNode extends TypeItemNode instanceof Struct {
 
   override Visibility getVisibility() { result = Struct.super.getVisibility() }
 
+  override int getArity() { result = super.getFieldList().(TupleFieldList).getNumberOfFields() }
+
   override TypeParam getTypeParam(int i) { result = super.getGenericParamList().getTypeParam(i) }
 
   override predicate hasCanonicalPath(Crate c) { this.hasCanonicalPathPrefix(c) }
@@ -1687,6 +1702,14 @@ private ItemNode resolvePathCand(RelevantPath path) {
     or
     not pathUsesNamespace(path, _) and
     not path = any(MacroCall mc).getPath()
+  ) and
+  (
+    not path = CallExprImpl::getFunctionPath(_)
+    or
+    exists(CallExpr ce |
+      path = CallExprImpl::getFunctionPath(ce) and
+      result.(ParameterizableItemNode).getArity() = ce.getNumberOfArgs()
+    )
   )
 }