Merge pull request github#220 from max/example-queries

Add example queries

Makefile

@@ -95,7 +95,7 @@ ql/src/go.dbscheme.stats: ql/src/go.dbscheme
 	odasa collectStats --dbscheme $^ --db build/stats-project/revision/working/db-go --outputFile $@
 
 test: all extractor build/testdb/check-upgrade-path
-	codeql test run ql/test --search-path . --additional-packs .
+	codeql test run ql/test --search-path . --additional-packs ql
 	cd extractor; go test -mod=vendor ./... | grep -vF "[no test files]"
 
 .PHONY: build/testdb/check-upgrade-path

ql/examples/.project

@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+	<name>go-examples</name>
+	<comment></comment>
+	<projects>
+	</projects>
+	<buildSpec>
+	</buildSpec>
+	<natures>
+		<nature>com.semmle.plugin.qdt.core.qlnature</nature>
+	</natures>
+</projectDescription>

ql/examples/.qlpath

@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<ns2:qlpath xmlns:ns2="https://semmle.com/schemas/qlpath">
+    <librarypath>
+        <path kind="WORKSPACE">/go-queries</path>
+    </librarypath>
+    <dbscheme kind="WORKSPACE">/go-queries/go.dbscheme</dbscheme>
+    <defaultImports>
+        <defaultImport>go</defaultImport>
+    </defaultImports>
+</ns2:qlpath>

ql/examples/qlpack.yml

@@ -0,0 +1,3 @@
+name: codeql-go-examples
+version: 0.0.0
+libraryPathDependencies: codeql-go

ql/examples/queries.xml

@@ -0,0 +1 @@
+<queries language="go"/>

ql/examples/snippets/calltobuiltin.ql

@@ -0,0 +1,15 @@
+/**
+ * @name Call to built-in function
+ * @description Finds calls to the built-in `len` function.
+ * @id go/examples/calltolen
+ * @tags call
+ *       function
+ *       len
+ *       built-in
+ */
+
+import go
+
+from DataFlow::CallNode call
+where call = Builtin::len().getACall()
+select call

ql/examples/snippets/calltofunction.ql

@@ -0,0 +1,16 @@
+/**
+ * @name Call to library function
+ * @description Finds calls to "fmt.Println".
+ * @id go/examples/calltoprintln
+ * @tags call
+ *       function
+ *       println
+ */
+
+import go
+
+from Function println, DataFlow::CallNode call
+where
+  println.hasQualifiedName("fmt", "Println") and
+  call = println.getACall()
+select call

ql/examples/snippets/calltomethod.ql

@@ -0,0 +1,18 @@
+/**
+ * @name Call to method
+ * @description Finds calls to the `Get` method of type `Header` from the `net/http` package.
+ * @id go/examples/calltoheaderget
+ * @tags call
+ *       function
+ *       net/http
+ *       Header
+ *       strings
+ */
+
+import go
+
+from Method get, DataFlow::CallNode call
+where
+  get.hasQualifiedName("net/http", "Header", "Get") and
+  call = get.getACall()
+select call

ql/examples/snippets/constant.ql

@@ -0,0 +1,14 @@
+/**
+ * @name Compile-time constant
+ * @description Finds compile-time constants with value zero.
+ * @id go/examples/zeroconstant
+ * @tags expression
+ *       numeric value
+ *       constant
+ */
+
+import go
+
+from DataFlow::Node zero
+where zero.getNumericValue() = 0
+select zero

ql/examples/snippets/emptythen.ql

@@ -0,0 +1,18 @@
+/**
+ * @name If statements with empty then branch
+ * @description Finds 'if' statements where the 'then' branch is
+ *              an empty block statement
+ * @id go/examples/emptythen
+ * @tags if
+ *       then
+ *       empty
+ *       conditional
+ *       branch
+ *       statement
+ */
+
+import go
+
+from IfStmt i
+where i.getThen().getNumStmt() = 0
+select i

ql/examples/snippets/fieldread.ql

@@ -0,0 +1,15 @@
+/**
+ * @name Field read
+ * @description Finds code that reads `Request.Method`.
+ * @id go/examples/readofrequestmethod
+ * @tags field
+ *       read
+ */
+
+import go
+
+from Field reqm, Read read
+where
+  reqm.hasQualifiedName("net/http", "Request", "Method") and
+  read = reqm.getARead()
+select read

ql/examples/snippets/fieldwrite.ql

@@ -0,0 +1,15 @@
+/**
+ * @name Field write
+ * @description Finds assignments to field `Status` of type `Response` from package `net/http`.
+ * @id go/examples/responsestatus
+ * @tags net/http
+ *       field write
+ */
+
+import go
+
+from Field status, Write write
+where
+  status.hasQualifiedName("net/http", "Response", "Status") and
+  write = status.getAWrite()
+select write, write.getRhs()

ql/examples/snippets/function.ql

@@ -0,0 +1,13 @@
+/**
+ * @name Function
+ * @description Finds functions called "main".
+ * @id go/examples/mainfunction
+ * @tags function
+ *       main
+ */
+
+import go
+
+from Function main
+where main.getName() = "main"
+select main

ql/examples/snippets/nilcheck.ql

@@ -0,0 +1,15 @@
+/**
+ * @name Comparison with nil
+ * @description Finds comparisons with nil.
+ * @id go/examples/nilcheck
+ * @tags comparison
+ *       nil
+ */
+
+import go
+
+from DataFlow::EqualityTestNode eq, DataFlow::Node nd, DataFlow::Node nil
+where
+  nil = Builtin::nil().getARead() and
+  eq.eq(_, nd, nil)
+select eq

ql/examples/snippets/param.ql

@@ -0,0 +1,12 @@
+/**
+ * @name Parameter
+ * @description Finds parameters of type "ResponseWriter" from package "net/http".
+ * @id go/examples/responseparam
+ * @tags parameter
+ */
+
+import go
+
+from Parameter req
+where req.getType().hasQualifiedName("net/http", "ResponseWriter")
+select req

ql/examples/snippets/pointertype.ql

@@ -0,0 +1,15 @@
+/**
+ * @name Type
+ * @description Finds pointer type `*Request` from package `net/http`.
+ * @id go/examples/requestptrtype
+ * @tags net/http
+ *       type
+ */
+
+import go
+
+from Type reqtp, PointerType reqptrtp
+where
+  reqtp.hasQualifiedName("net/http", "Request") and
+  reqptrtp.getBaseType() = reqtp
+select reqptrtp

ql/examples/snippets/receiver.ql

@@ -0,0 +1,12 @@
+/**
+ * @name Receiver variable
+ * @description Finds receiver variables of pointer type.
+ * @id go/examples/pointerreceiver
+ * @tags receiver variable
+ */
+
+import go
+
+from ReceiverVariable recv
+where recv.getType() instanceof PointerType
+select recv

ql/examples/snippets/result.ql

@@ -0,0 +1,12 @@
+/**
+ * @name Result variable
+ * @description Finds result variables of type "error".
+ * @id go/examples/errresult
+ * @tags result variable
+ */
+
+import go
+
+from ResultVariable err
+where err.getType() = Builtin::error().getType()
+select err

ql/examples/snippets/type.ql

@@ -0,0 +1,13 @@
+/**
+ * @name Type
+ * @description Finds type `Request` from package `net/http`.
+ * @id go/examples/requesttype
+ * @tags net/http
+ *       type
+ */
+
+import go
+
+from Type request
+where request.hasQualifiedName("net/http", "Request")
+select request

ql/examples/snippets/typeinfo.ql

@@ -0,0 +1,16 @@
+/**
+ * @name Type information
+ * @description Finds code elements of type `*Request` from package `net/http`.
+ * @id go/examples/requests
+ * @tags net/http
+ *       types
+ */
+
+import go
+
+from Type reqtp, PointerType reqptrtp, DataFlow::Node req
+where
+  reqtp.hasQualifiedName("net/http", "Request") and
+  reqptrtp.getBaseType() = reqtp and
+  req.getType() = reqptrtp
+select req

ql/examples/snippets/updateinloop.ql

@@ -0,0 +1,13 @@
+/**
+ * @name Increment statements in loops
+ * @description Finds increment statements that are nested in a loop
+ * @id go/examples/updateinloop
+ * @tags nesting
+ *       increment
+ */
+
+import go
+
+from IncStmt s, LoopStmt l
+where s.getParent+() = l
+select s, l

ql/examples/snippets/variable.ql

@@ -0,0 +1,13 @@
+/**
+ * @name Variable
+ * @description Finds variables called "err".
+ * @id go/examples/errvariable
+ * @tags variable
+ *       err
+ */
+
+import go
+
+from Variable err
+where err.getName() = "err"
+select err

ql/examples/snippets/varread.ql

@@ -0,0 +1,14 @@
+/**
+ * @name Variable read
+ * @description Finds code that reads a variable called `err`.
+ * @id go/examples/readoferr
+ * @tags variable read
+ */
+
+import go
+
+from Variable err, Read read
+where
+  err.getName() = "err" and
+  read = err.getARead()
+select read

ql/examples/snippets/varwrite.ql

@@ -0,0 +1,14 @@
+/**
+ * @name Variable write
+ * @description Finds assignments to variables named "err".
+ * @id go/examples/errwrite
+ * @tags variable write
+ */
+
+import go
+
+from Variable err, Write write
+where
+  err.getName() = "err" and
+  write = err.getAWrite()
+select write, write.getRhs()

ql/examples/snippets/zerocheck.ql

@@ -0,0 +1,16 @@
+/**
+ * @name Comparison with zero
+ * @description Finds comparisons between an unsigned value and zero.
+ * @id go/examples/unsignedgez
+ * @tags comparison
+ *       unsigned
+ */
+
+import go
+
+from DataFlow::RelationalComparisonNode cmp, DataFlow::Node unsigned, DataFlow::Node zero
+where
+  zero.getNumericValue() = 0 and
+  unsigned.getType().getUnderlyingType() instanceof UnsignedIntegerType and
+  cmp.leq(_, zero, unsigned, 0)
+select cmp, unsigned

ql/test/example-tests/snippets/calltobuiltin.expected

@@ -0,0 +1 @@
+| main.go:15:41:15:52 | call to len |

ql/test/example-tests/snippets/calltobuiltin.qlref

@@ -0,0 +1 @@
+snippets/calltobuiltin.ql

ql/test/example-tests/snippets/calltofunction.expected

@@ -0,0 +1 @@
+| main.go:14:2:14:29 | call to Println |

ql/test/example-tests/snippets/calltofunction.qlref

@@ -0,0 +1 @@
+snippets/calltofunction.ql

ql/test/example-tests/snippets/calltomethod.expected

@@ -0,0 +1 @@
+| main.go:19:2:19:22 | call to Get |

ql/test/example-tests/snippets/calltomethod.qlref

@@ -0,0 +1 @@
+snippets/calltomethod.ql

ql/test/example-tests/snippets/constant.expected

@@ -0,0 +1,4 @@
+| main.go:11:18:11:26 | ...-... |
+| main.go:15:56:15:59 | zero |
+| main.go:35:9:35:9 | 0 |
+| main.go:46:11:46:11 | 0 |

ql/test/example-tests/snippets/constant.qlref

@@ -0,0 +1 @@
+snippets/constant.ql

ql/test/example-tests/snippets/emptythen.expected

@@ -0,0 +1 @@
+| main.go:30:2:31:2 | if statement |

ql/test/example-tests/snippets/emptythen.qlref

@@ -0,0 +1 @@
+snippets/emptythen.ql

ql/test/example-tests/snippets/fieldread.expected

@@ -0,0 +1 @@
+| main.go:20:5:20:14 | selection of Method |

ql/test/example-tests/snippets/fieldread.qlref

@@ -0,0 +1 @@
+snippets/fieldread.ql

ql/test/example-tests/snippets/fieldwrite.expected

@@ -0,0 +1 @@
+| main.go:23:3:23:13 | assignment to field Status | main.go:23:17:23:21 | "200" |

ql/test/example-tests/snippets/fieldwrite.qlref

@@ -0,0 +1 @@
+snippets/fieldwrite.ql

ql/test/example-tests/snippets/function.expected

@@ -0,0 +1,2 @@
+| file://:0:0:0:0 | main |
+| main.go:13:6:13:9 | main |

ql/test/example-tests/snippets/function.qlref

@@ -0,0 +1 @@
+snippets/function.ql