From 1d64355dda6780e12d7212f3ae5174b0fe4bc7ca Mon Sep 17 00:00:00 2001 From: Kasper Svendsen Date: Tue, 17 Jun 2025 12:18:15 +0200 Subject: [PATCH] Overlay: Add overlay annotations to shared libraries --- shared/controlflow/codeql/controlflow/BasicBlock.qll | 2 ++ shared/controlflow/codeql/controlflow/Cfg.qll | 2 ++ shared/dataflow/codeql/dataflow/DataFlow.qll | 2 ++ shared/dataflow/codeql/dataflow/TaintTracking.qll | 2 ++ shared/dataflow/codeql/dataflow/VariableCapture.qll | 2 ++ .../codeql/dataflow/internal/AccessPathSyntax.qll | 2 ++ .../codeql/dataflow/internal/ContentDataFlowImpl.qll | 2 ++ shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll | 5 +++++ .../codeql/dataflow/internal/DataFlowImplCommon.qll | 8 ++++++++ .../codeql/dataflow/internal/DataFlowImplConsistency.qll | 2 ++ .../codeql/dataflow/internal/DataFlowImplStage1.qll | 3 +++ .../dataflow/codeql/dataflow/internal/FlowSummaryImpl.qll | 2 ++ .../dataflow/codeql/dataflow/test/ProvenancePathGraph.qll | 2 ++ shared/mad/codeql/mad/ModelValidation.qll | 2 ++ shared/mad/codeql/mad/dynamic/GraphExport.qll | 2 ++ .../mad/modelgenerator/internal/ModelGeneratorImpl.qll | 2 ++ .../codeql/mad/modelgenerator/internal/ModelPrinting.qll | 3 +++ shared/quantum/codeql/quantum/experimental/Model.qll | 2 ++ .../codeql/rangeanalysis/ModulusAnalysis.qll | 2 ++ .../rangeanalysis/codeql/rangeanalysis/RangeAnalysis.qll | 2 ++ .../codeql/rangeanalysis/internal/RangeUtils.qll | 3 +++ shared/regex/codeql/regex/HostnameRegexp.qll | 2 ++ shared/regex/codeql/regex/MissingRegExpAnchor.qll | 2 ++ shared/regex/codeql/regex/OverlyLargeRangeQuery.qll | 2 ++ shared/regex/codeql/regex/RegexTreeView.qll | 2 ++ shared/regex/codeql/regex/nfa/BadTagFilterQuery.qll | 2 ++ shared/regex/codeql/regex/nfa/ExponentialBackTracking.qll | 2 ++ shared/regex/codeql/regex/nfa/NfaUtils.qll | 2 ++ shared/regex/codeql/regex/nfa/RegexpMatching.qll | 2 ++ shared/regex/codeql/regex/nfa/SuperlinearBackTracking.qll | 3 +++ shared/ssa/codeql/ssa/Ssa.qll | 2 ++ shared/threat-models/codeql/threatmodels/ThreatModels.qll | 2 ++ shared/typeflow/codeql/typeflow/TypeFlow.qll | 2 ++ shared/typeflow/codeql/typeflow/UniversalFlow.qll | 2 ++ shared/typeflow/codeql/typeflow/internal/TypeFlowImpl.qll | 3 +++ .../codeql/typeinference/internal/TypeInference.qll | 4 ++++ shared/typetracking/codeql/typetracking/TypeTracking.qll | 2 ++ .../codeql/typetracking/internal/SummaryTypeTracker.qll | 2 ++ .../codeql/typetracking/internal/TypeTrackingImpl.qll | 4 ++++ shared/typos/codeql/typos/TypoDatabase.qll | 3 +++ shared/util/codeql/util/AlertFiltering.qll | 2 ++ shared/util/codeql/util/Boolean.qll | 2 ++ shared/util/codeql/util/DenseRank.qll | 2 ++ shared/util/codeql/util/Either.qll | 2 ++ shared/util/codeql/util/FilePath.qll | 2 ++ shared/util/codeql/util/FileSystem.qll | 2 ++ shared/util/codeql/util/Location.qll | 2 ++ shared/util/codeql/util/Numbers.qll | 2 ++ shared/util/codeql/util/Option.qll | 2 ++ shared/util/codeql/util/ReportStats.qll | 1 + shared/util/codeql/util/Strings.qll | 3 +++ shared/util/codeql/util/Unit.qll | 2 ++ shared/util/codeql/util/Void.qll | 2 ++ shared/util/codeql/util/suppression/AlertSuppression.qll | 3 +++ .../codeql/util/test/ExternalLocationPostProcessing.qll | 1 + shared/xml/codeql/xml/Xml.qll | 2 ++ shared/yaml/codeql/serverless/ServerLess.qll | 2 ++ shared/yaml/codeql/yaml/Yaml.qll | 2 ++ 58 files changed, 135 insertions(+) diff --git a/shared/controlflow/codeql/controlflow/BasicBlock.qll b/shared/controlflow/codeql/controlflow/BasicBlock.qll index 9c26b18c0938..132920e329fb 100644 --- a/shared/controlflow/codeql/controlflow/BasicBlock.qll +++ b/shared/controlflow/codeql/controlflow/BasicBlock.qll @@ -5,6 +5,8 @@ * INTERNAL use only. This is an experimental API subject to change without * notice. */ +overlay[local?] +module; private import codeql.util.Location diff --git a/shared/controlflow/codeql/controlflow/Cfg.qll b/shared/controlflow/codeql/controlflow/Cfg.qll index bb49cc8d8aee..c9d7d4147347 100644 --- a/shared/controlflow/codeql/controlflow/Cfg.qll +++ b/shared/controlflow/codeql/controlflow/Cfg.qll @@ -2,6 +2,8 @@ * Provides a shared interface and implementation for constructing control-flow graphs * (CFGs) from abstract syntax trees (ASTs). */ +overlay[local?] +module; private import codeql.util.Location private import codeql.util.FileSystem diff --git a/shared/dataflow/codeql/dataflow/DataFlow.qll b/shared/dataflow/codeql/dataflow/DataFlow.qll index 93327f5ad6a3..3483287e3b39 100644 --- a/shared/dataflow/codeql/dataflow/DataFlow.qll +++ b/shared/dataflow/codeql/dataflow/DataFlow.qll @@ -3,6 +3,8 @@ * adds a global analysis, mainly exposed through the `Global` and `GlobalWithState` * modules. */ +overlay[local?] +module; private import codeql.util.Location diff --git a/shared/dataflow/codeql/dataflow/TaintTracking.qll b/shared/dataflow/codeql/dataflow/TaintTracking.qll index 24aea44320e0..bd4b4ecd6ca5 100644 --- a/shared/dataflow/codeql/dataflow/TaintTracking.qll +++ b/shared/dataflow/codeql/dataflow/TaintTracking.qll @@ -2,6 +2,8 @@ * Provides modules for performing local (intra-procedural) and * global (inter-procedural) taint-tracking analyses. */ +overlay[local?] +module; private import DataFlow as DF private import internal.DataFlowImpl diff --git a/shared/dataflow/codeql/dataflow/VariableCapture.qll b/shared/dataflow/codeql/dataflow/VariableCapture.qll index c2c84b7f0f87..4df415f90ad9 100644 --- a/shared/dataflow/codeql/dataflow/VariableCapture.qll +++ b/shared/dataflow/codeql/dataflow/VariableCapture.qll @@ -2,6 +2,8 @@ * Provides a module for synthesizing data-flow nodes and related step relations * for supporting flow through captured variables. */ +overlay[local?] +module; private import codeql.util.Boolean private import codeql.util.Unit diff --git a/shared/dataflow/codeql/dataflow/internal/AccessPathSyntax.qll b/shared/dataflow/codeql/dataflow/internal/AccessPathSyntax.qll index 17b979e42a66..78b6db4090a5 100644 --- a/shared/dataflow/codeql/dataflow/internal/AccessPathSyntax.qll +++ b/shared/dataflow/codeql/dataflow/internal/AccessPathSyntax.qll @@ -5,6 +5,8 @@ * This file is used by the shared data flow library and by the JavaScript libraries * (which does not use the shared data flow libraries). */ +overlay[local?] +module; /** * Convenience-predicate for extracting two capture groups at once. diff --git a/shared/dataflow/codeql/dataflow/internal/ContentDataFlowImpl.qll b/shared/dataflow/codeql/dataflow/internal/ContentDataFlowImpl.qll index 1eaa84505419..baf473efff16 100644 --- a/shared/dataflow/codeql/dataflow/internal/ContentDataFlowImpl.qll +++ b/shared/dataflow/codeql/dataflow/internal/ContentDataFlowImpl.qll @@ -22,6 +22,8 @@ * steps, followed by 0 or more stores, with value-preserving steps allowed in * between all other steps. */ +overlay[local?] +module; private import codeql.dataflow.DataFlow private import codeql.util.Boolean diff --git a/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll b/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll index a13c71f554cc..9b0e353dc095 100644 --- a/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll +++ b/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll @@ -3,6 +3,8 @@ * * Provides an implementation of global (interprocedural) data flow. */ +overlay[local?] +module; private import codeql.util.Unit private import codeql.util.Option @@ -792,6 +794,7 @@ module MakeImpl Lang> { innercc = getCallContextCall(call, inner) } + overlay[caller] pragma[inline] predicate fwdFlowIn( Call call, ArgNd arg, Callable inner, ParamNd p, Cc outercc, CcCall innercc, @@ -2321,6 +2324,7 @@ module MakeImpl Lang> { * For more information, see * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). */ + overlay[caller] pragma[inline] deprecated final predicate hasLocationInfo( string filepath, int startline, int startcolumn, int endline, int endcolumn @@ -2524,6 +2528,7 @@ module MakeImpl Lang> { class ApHeadContent = Unit; + overlay[caller] pragma[inline] ApHeadContent getHeadContent(Ap ap) { exists(result) and ap = true } diff --git a/shared/dataflow/codeql/dataflow/internal/DataFlowImplCommon.qll b/shared/dataflow/codeql/dataflow/internal/DataFlowImplCommon.qll index 845da27aae7a..b2bdc0c12e67 100644 --- a/shared/dataflow/codeql/dataflow/internal/DataFlowImplCommon.qll +++ b/shared/dataflow/codeql/dataflow/internal/DataFlowImplCommon.qll @@ -1,3 +1,6 @@ +overlay[local?] +module; + private import codeql.dataflow.DataFlow private import codeql.typetracking.TypeTracking as Tt private import codeql.util.Location @@ -674,6 +677,7 @@ module MakeImplCommon Lang> { class CcCall = CallContextCall; + overlay[caller] pragma[inline] predicate matchesCall(CcCall cc, Call call) { cc = Input2::getSpecificCallContextCall(call, _) or @@ -885,6 +889,7 @@ module MakeImplCommon Lang> { pragma[nomagic] private Callable getEnclosingCallable0() { nodeEnclosingCallable(this.projectToNode(), result) } + overlay[caller] pragma[inline] Callable getEnclosingCallable() { pragma[only_bind_out](this).getEnclosingCallable0() = pragma[only_bind_into](result) @@ -899,6 +904,7 @@ module MakeImplCommon Lang> { isTopType(result) and this.isImplicitReadNode(_) } + overlay[caller] pragma[inline] Type getType() { pragma[only_bind_out](this).getType0() = pragma[only_bind_into](result) } @@ -2410,12 +2416,14 @@ module MakeImplCommon Lang> { * predicate ensures that joins go from `n` to the result instead of the other * way around. */ + overlay[caller] pragma[inline] Callable getNodeEnclosingCallable(Node n) { nodeEnclosingCallable(pragma[only_bind_out](n), pragma[only_bind_into](result)) } /** Gets the type of `n` used for type pruning. */ + overlay[caller] pragma[inline] Type getNodeDataFlowType(Node n) { nodeType(pragma[only_bind_out](n), pragma[only_bind_into](result)) diff --git a/shared/dataflow/codeql/dataflow/internal/DataFlowImplConsistency.qll b/shared/dataflow/codeql/dataflow/internal/DataFlowImplConsistency.qll index 7721a5df0445..83abd41f5e6e 100644 --- a/shared/dataflow/codeql/dataflow/internal/DataFlowImplConsistency.qll +++ b/shared/dataflow/codeql/dataflow/internal/DataFlowImplConsistency.qll @@ -2,6 +2,8 @@ * Provides consistency queries for checking invariants in the language-specific * data-flow classes and predicates. */ +overlay[local?] +module; private import codeql.dataflow.DataFlow as DF private import codeql.dataflow.TaintTracking as TT diff --git a/shared/dataflow/codeql/dataflow/internal/DataFlowImplStage1.qll b/shared/dataflow/codeql/dataflow/internal/DataFlowImplStage1.qll index f9eaea566cd8..07147fc56673 100644 --- a/shared/dataflow/codeql/dataflow/internal/DataFlowImplStage1.qll +++ b/shared/dataflow/codeql/dataflow/internal/DataFlowImplStage1.qll @@ -4,6 +4,8 @@ * Provides an implementation of a fast initial pruning of global * (interprocedural) data flow reachability (Stage 1). */ +overlay[local?] +module; private import codeql.util.Unit private import codeql.util.Location @@ -1784,6 +1786,7 @@ module MakeImplStage1 Lang> { * For more information, see * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). */ + overlay[caller] pragma[inline] deprecated predicate hasLocationInfo( string filepath, int startline, int startcolumn, int endline, int endcolumn diff --git a/shared/dataflow/codeql/dataflow/internal/FlowSummaryImpl.qll b/shared/dataflow/codeql/dataflow/internal/FlowSummaryImpl.qll index 244cc5731976..97872f41f875 100644 --- a/shared/dataflow/codeql/dataflow/internal/FlowSummaryImpl.qll +++ b/shared/dataflow/codeql/dataflow/internal/FlowSummaryImpl.qll @@ -1,6 +1,8 @@ /** * Provides classes and predicates for defining flow summaries. */ +overlay[local?] +module; private import codeql.dataflow.DataFlow as DF private import codeql.util.Location diff --git a/shared/dataflow/codeql/dataflow/test/ProvenancePathGraph.qll b/shared/dataflow/codeql/dataflow/test/ProvenancePathGraph.qll index 2171c9096434..4a5e92fd5897 100644 --- a/shared/dataflow/codeql/dataflow/test/ProvenancePathGraph.qll +++ b/shared/dataflow/codeql/dataflow/test/ProvenancePathGraph.qll @@ -5,6 +5,8 @@ * In addition to the `PathGraph`, a `query predicate models` is provided to * list the contents of the referenced MaD rows. */ +overlay[local?] +module; private import codeql.dataflow.DataFlow as DF diff --git a/shared/mad/codeql/mad/ModelValidation.qll b/shared/mad/codeql/mad/ModelValidation.qll index 4c1d6793d652..98b2a212c316 100644 --- a/shared/mad/codeql/mad/ModelValidation.qll +++ b/shared/mad/codeql/mad/ModelValidation.qll @@ -1,6 +1,8 @@ /** * Provides classes and predicates related to validating models-as-data rows. */ +overlay[local?] +module; /** Provides predicates for determining if a model exists for a given `kind`. */ signature module KindValidationConfigSig { diff --git a/shared/mad/codeql/mad/dynamic/GraphExport.qll b/shared/mad/codeql/mad/dynamic/GraphExport.qll index e28c82f47ab3..b666a96fb67a 100644 --- a/shared/mad/codeql/mad/dynamic/GraphExport.qll +++ b/shared/mad/codeql/mad/dynamic/GraphExport.qll @@ -1,6 +1,8 @@ /** * Contains predicates for converting an arbitrary graph to a set of `typeModel` rows. */ +overlay[local?] +module; private import codeql.util.Location diff --git a/shared/mad/codeql/mad/modelgenerator/internal/ModelGeneratorImpl.qll b/shared/mad/codeql/mad/modelgenerator/internal/ModelGeneratorImpl.qll index 829bf267c226..51dafc2cc96a 100644 --- a/shared/mad/codeql/mad/modelgenerator/internal/ModelGeneratorImpl.qll +++ b/shared/mad/codeql/mad/modelgenerator/internal/ModelGeneratorImpl.qll @@ -4,6 +4,8 @@ * Provides classes and predicates related to capturing summary, source, * and sink models of the Standard or a 3rd party library. */ +overlay[local?] +module; private import codeql.dataflow.DataFlow private import codeql.dataflow.TaintTracking as Tt diff --git a/shared/mad/codeql/mad/modelgenerator/internal/ModelPrinting.qll b/shared/mad/codeql/mad/modelgenerator/internal/ModelPrinting.qll index d4fbd9062b63..a5f9145714bf 100644 --- a/shared/mad/codeql/mad/modelgenerator/internal/ModelPrinting.qll +++ b/shared/mad/codeql/mad/modelgenerator/internal/ModelPrinting.qll @@ -1,3 +1,6 @@ +overlay[local?] +module; + signature module ModelPrintingLangSig { /** * A class of callables. diff --git a/shared/quantum/codeql/quantum/experimental/Model.qll b/shared/quantum/codeql/quantum/experimental/Model.qll index e7bbe65d3115..b782eae07fa2 100644 --- a/shared/quantum/codeql/quantum/experimental/Model.qll +++ b/shared/quantum/codeql/quantum/experimental/Model.qll @@ -1,6 +1,8 @@ /** * A language-independent library for reasoning about cryptography. */ +overlay[local?] +module; import codeql.util.Location diff --git a/shared/rangeanalysis/codeql/rangeanalysis/ModulusAnalysis.qll b/shared/rangeanalysis/codeql/rangeanalysis/ModulusAnalysis.qll index db3377ff3cc1..f7864a01f446 100644 --- a/shared/rangeanalysis/codeql/rangeanalysis/ModulusAnalysis.qll +++ b/shared/rangeanalysis/codeql/rangeanalysis/ModulusAnalysis.qll @@ -3,6 +3,8 @@ * an expression, `b` is a `Bound` (typically zero or the value of an SSA * variable), and `v` is an integer in the range `[0 .. m-1]`. */ +overlay[local?] +module; /* * The main recursion has base cases in both `ssaModulus` (for guarded reads) and `exprModulus` diff --git a/shared/rangeanalysis/codeql/rangeanalysis/RangeAnalysis.qll b/shared/rangeanalysis/codeql/rangeanalysis/RangeAnalysis.qll index 445ec9f0b8d3..1d17ad8346c4 100644 --- a/shared/rangeanalysis/codeql/rangeanalysis/RangeAnalysis.qll +++ b/shared/rangeanalysis/codeql/rangeanalysis/RangeAnalysis.qll @@ -8,6 +8,8 @@ * If an inferred bound relies directly on a condition, then this condition is * reported as the reason for the bound. */ +overlay[local?] +module; /* * This library tackles range analysis as a flow problem. Consider e.g.: diff --git a/shared/rangeanalysis/codeql/rangeanalysis/internal/RangeUtils.qll b/shared/rangeanalysis/codeql/rangeanalysis/internal/RangeUtils.qll index d6eeb781f391..1592102bc8e6 100644 --- a/shared/rangeanalysis/codeql/rangeanalysis/internal/RangeUtils.qll +++ b/shared/rangeanalysis/codeql/rangeanalysis/internal/RangeUtils.qll @@ -1,3 +1,6 @@ +overlay[local?] +module; + private import codeql.rangeanalysis.RangeAnalysis private import codeql.util.Location diff --git a/shared/regex/codeql/regex/HostnameRegexp.qll b/shared/regex/codeql/regex/HostnameRegexp.qll index fc77b9b56e2e..7d97d71ccef9 100644 --- a/shared/regex/codeql/regex/HostnameRegexp.qll +++ b/shared/regex/codeql/regex/HostnameRegexp.qll @@ -2,6 +2,8 @@ * Provides predicates for reasoning about regular expressions * that match URLs and hostname patterns. */ +overlay[local?] +module; private import RegexTreeView diff --git a/shared/regex/codeql/regex/MissingRegExpAnchor.qll b/shared/regex/codeql/regex/MissingRegExpAnchor.qll index c4fe642b790d..722d1baafd6c 100644 --- a/shared/regex/codeql/regex/MissingRegExpAnchor.qll +++ b/shared/regex/codeql/regex/MissingRegExpAnchor.qll @@ -2,6 +2,8 @@ * Provides predicates for reasoning about regular expressions * without anchors. */ +overlay[local?] +module; private import RegexTreeView import HostnameRegexp as HostnameShared diff --git a/shared/regex/codeql/regex/OverlyLargeRangeQuery.qll b/shared/regex/codeql/regex/OverlyLargeRangeQuery.qll index 57d7d365611b..88645a2abde1 100644 --- a/shared/regex/codeql/regex/OverlyLargeRangeQuery.qll +++ b/shared/regex/codeql/regex/OverlyLargeRangeQuery.qll @@ -1,6 +1,8 @@ /** * Classes and predicates for working with suspicious character ranges. */ +overlay[local?] +module; private import RegexTreeView diff --git a/shared/regex/codeql/regex/RegexTreeView.qll b/shared/regex/codeql/regex/RegexTreeView.qll index 03d8fcfcbcd6..7a37a2eaceb9 100644 --- a/shared/regex/codeql/regex/RegexTreeView.qll +++ b/shared/regex/codeql/regex/RegexTreeView.qll @@ -1,6 +1,8 @@ /** * This file contains a `RegexTreeViewSig` module describing the syntax tree of regular expressions. */ +overlay[local?] +module; /** * A signature describing the syntax tree of regular expressions. diff --git a/shared/regex/codeql/regex/nfa/BadTagFilterQuery.qll b/shared/regex/codeql/regex/nfa/BadTagFilterQuery.qll index 0d040bc6f64c..a38229da4971 100644 --- a/shared/regex/codeql/regex/nfa/BadTagFilterQuery.qll +++ b/shared/regex/codeql/regex/nfa/BadTagFilterQuery.qll @@ -1,6 +1,8 @@ /** * Provides predicates for reasoning about bad tag filter vulnerabilities. */ +overlay[local?] +module; private import NfaUtils as NfaUtils private import RegexpMatching as RM diff --git a/shared/regex/codeql/regex/nfa/ExponentialBackTracking.qll b/shared/regex/codeql/regex/nfa/ExponentialBackTracking.qll index 450ee807089d..23f764973715 100644 --- a/shared/regex/codeql/regex/nfa/ExponentialBackTracking.qll +++ b/shared/regex/codeql/regex/nfa/ExponentialBackTracking.qll @@ -61,6 +61,8 @@ * * Lastly we ensure that any state reached by repeating `n` copies of `w` has * a suffix `x` (possible empty) that is most likely __not__ accepted. */ +overlay[local?] +module; private import NfaUtils as NfaUtils private import codeql.regex.RegexTreeView diff --git a/shared/regex/codeql/regex/nfa/NfaUtils.qll b/shared/regex/codeql/regex/nfa/NfaUtils.qll index d074081b6ac2..e1be49796e00 100644 --- a/shared/regex/codeql/regex/nfa/NfaUtils.qll +++ b/shared/regex/codeql/regex/nfa/NfaUtils.qll @@ -1,6 +1,8 @@ /** * A shared library for creating and reasoning about NFA's. */ +overlay[local?] +module; private import codeql.regex.RegexTreeView private import codeql.util.Numbers diff --git a/shared/regex/codeql/regex/nfa/RegexpMatching.qll b/shared/regex/codeql/regex/nfa/RegexpMatching.qll index fae1cea5f8c1..85c21b355a4b 100644 --- a/shared/regex/codeql/regex/nfa/RegexpMatching.qll +++ b/shared/regex/codeql/regex/nfa/RegexpMatching.qll @@ -2,6 +2,8 @@ * Provides predicates for reasoning about which strings are matched by a regular expression, * and for testing which capture groups are filled when a particular regexp matches a string. */ +overlay[local?] +module; private import NfaUtils as NfaUtils private import codeql.regex.RegexTreeView diff --git a/shared/regex/codeql/regex/nfa/SuperlinearBackTracking.qll b/shared/regex/codeql/regex/nfa/SuperlinearBackTracking.qll index 6eb18aeeebc9..2faac9b02117 100644 --- a/shared/regex/codeql/regex/nfa/SuperlinearBackTracking.qll +++ b/shared/regex/codeql/regex/nfa/SuperlinearBackTracking.qll @@ -34,6 +34,8 @@ * It has the same suffix detection issue as the `js/redos` query, which can cause false positives. * It also doesn't find all transitions in the product automaton, which can cause false negatives. */ +overlay[local?] +module; private import NfaUtils as NfaUtils private import codeql.regex.RegexTreeView @@ -99,6 +101,7 @@ module Make { /** * Holds if the tuple `(r1, r2, r3)` might be on path from a start-state to an end-state in the product automaton. */ + overlay[caller] pragma[inline] predicate isFeasibleTuple(State r1, State r2, State r3) { // The first element is either inside a repetition (or the start state itself) diff --git a/shared/ssa/codeql/ssa/Ssa.qll b/shared/ssa/codeql/ssa/Ssa.qll index 4734cf7e414b..d9a017920171 100644 --- a/shared/ssa/codeql/ssa/Ssa.qll +++ b/shared/ssa/codeql/ssa/Ssa.qll @@ -2,6 +2,8 @@ * Provides a language-independent implementation of static single assignment * (SSA) form. */ +overlay[local?] +module; private import codeql.util.Location private import codeql.util.Unit diff --git a/shared/threat-models/codeql/threatmodels/ThreatModels.qll b/shared/threat-models/codeql/threatmodels/ThreatModels.qll index 19dfd0d1a656..dbb220c46e67 100644 --- a/shared/threat-models/codeql/threatmodels/ThreatModels.qll +++ b/shared/threat-models/codeql/threatmodels/ThreatModels.qll @@ -4,6 +4,8 @@ * This module provides extensible predicates for configuring which kinds of MaD models * are applicable to generic queries. */ +overlay[local?] +module; /** * Holds configuration entries to specify which threat models are enabled. diff --git a/shared/typeflow/codeql/typeflow/TypeFlow.qll b/shared/typeflow/codeql/typeflow/TypeFlow.qll index a2ae213ecb7f..52a911974091 100644 --- a/shared/typeflow/codeql/typeflow/TypeFlow.qll +++ b/shared/typeflow/codeql/typeflow/TypeFlow.qll @@ -7,6 +7,8 @@ * type has a subtype or if an inferred upper bound passed through at least one * explicit or implicit cast that lost type information. */ +overlay[local?] +module; private import codeql.util.Location diff --git a/shared/typeflow/codeql/typeflow/UniversalFlow.qll b/shared/typeflow/codeql/typeflow/UniversalFlow.qll index 75b210f8cebb..e5f07690a183 100644 --- a/shared/typeflow/codeql/typeflow/UniversalFlow.qll +++ b/shared/typeflow/codeql/typeflow/UniversalFlow.qll @@ -25,6 +25,8 @@ * that subsequently calculated properties hold under the assumption that the * value is not null. */ +overlay[local?] +module; private import codeql.util.Location private import codeql.util.Unit diff --git a/shared/typeflow/codeql/typeflow/internal/TypeFlowImpl.qll b/shared/typeflow/codeql/typeflow/internal/TypeFlowImpl.qll index f17b809ca32d..437e1ab31992 100644 --- a/shared/typeflow/codeql/typeflow/internal/TypeFlowImpl.qll +++ b/shared/typeflow/codeql/typeflow/internal/TypeFlowImpl.qll @@ -1,3 +1,6 @@ +overlay[local?] +module; + private import codeql.typeflow.TypeFlow private import codeql.typeflow.UniversalFlow as UniversalFlow private import codeql.util.Location diff --git a/shared/typeinference/codeql/typeinference/internal/TypeInference.qll b/shared/typeinference/codeql/typeinference/internal/TypeInference.qll index ca79740a2ceb..29cc9c0ef9f9 100644 --- a/shared/typeinference/codeql/typeinference/internal/TypeInference.qll +++ b/shared/typeinference/codeql/typeinference/internal/TypeInference.qll @@ -8,6 +8,8 @@ * the `TypePath` type, and `Make2`, which (using `TypePath` in the input * signature) constructs the `Matching` module. */ +overlay[local?] +module; private import codeql.util.Location @@ -729,6 +731,7 @@ module Make1 Input1> { ) } + overlay[caller] pragma[inline] predicate baseTypeMentionHasNonTypeParameterAt( Type sub, TypeMention baseMention, TypePath path, Type t @@ -736,6 +739,7 @@ module Make1 Input1> { not t = sub.getATypeParameter() and baseTypeMentionHasTypeAt(sub, baseMention, path, t) } + overlay[caller] pragma[inline] predicate baseTypeMentionHasTypeParameterAt( Type sub, TypeMention baseMention, TypePath path, TypeParameter tp diff --git a/shared/typetracking/codeql/typetracking/TypeTracking.qll b/shared/typetracking/codeql/typetracking/TypeTracking.qll index 7a411adb6333..da5b129241a7 100644 --- a/shared/typetracking/codeql/typetracking/TypeTracking.qll +++ b/shared/typetracking/codeql/typetracking/TypeTracking.qll @@ -2,6 +2,8 @@ * Provides classes and predicates for simple data-flow reachability suitable * for tracking types. */ +overlay[local?] +module; private import codeql.util.Location diff --git a/shared/typetracking/codeql/typetracking/internal/SummaryTypeTracker.qll b/shared/typetracking/codeql/typetracking/internal/SummaryTypeTracker.qll index b942446d43ba..36dce0d081e4 100644 --- a/shared/typetracking/codeql/typetracking/internal/SummaryTypeTracker.qll +++ b/shared/typetracking/codeql/typetracking/internal/SummaryTypeTracker.qll @@ -3,6 +3,8 @@ * To use this, you must implement the `Input` signature. You can then use the predicates in the `Output` * signature to implement the predicates of the same names inside `TypeTrackerSpecific.qll`. */ +overlay[local?] +module; /** The classes and predicates needed to generate type-tracking steps from summaries. */ signature module Input { diff --git a/shared/typetracking/codeql/typetracking/internal/TypeTrackingImpl.qll b/shared/typetracking/codeql/typetracking/internal/TypeTrackingImpl.qll index b36edca04e7c..b74f803131fa 100644 --- a/shared/typetracking/codeql/typetracking/internal/TypeTrackingImpl.qll +++ b/shared/typetracking/codeql/typetracking/internal/TypeTrackingImpl.qll @@ -2,6 +2,8 @@ * Provides classes and predicates for simple data-flow reachability suitable * for tracking types. */ +overlay[local?] +module; private import codeql.util.Boolean private import codeql.util.Option @@ -510,6 +512,7 @@ module TypeTracking I> { * } * ``` */ + overlay[caller] pragma[inline] TypeTracker smallstep(Node nodeFrom, Node nodeTo) { result = this.smallstepNoSimpleLocalFlowStep(nodeFrom, nodeTo) @@ -654,6 +657,7 @@ module TypeTracking I> { * } * ``` */ + overlay[caller] pragma[inline] TypeBackTracker smallstep(Node nodeFrom, Node nodeTo) { result = this.smallstepNoSimpleLocalFlowStep(nodeFrom, nodeTo) diff --git a/shared/typos/codeql/typos/TypoDatabase.qll b/shared/typos/codeql/typos/TypoDatabase.qll index a41f003a8c0c..7f1a8c2a3e73 100644 --- a/shared/typos/codeql/typos/TypoDatabase.qll +++ b/shared/typos/codeql/typos/TypoDatabase.qll @@ -1,3 +1,6 @@ +overlay[local?] +module; + /** * Holds if `wrong` is a common misspelling of `right`. * diff --git a/shared/util/codeql/util/AlertFiltering.qll b/shared/util/codeql/util/AlertFiltering.qll index 97acd803f01e..1bc366c0416d 100644 --- a/shared/util/codeql/util/AlertFiltering.qll +++ b/shared/util/codeql/util/AlertFiltering.qll @@ -2,6 +2,8 @@ * Provides the `restrictAlertsTo` extensible predicate to restrict alerts to specific source * locations, and the `AlertFilteringImpl` parameterized module to apply the filtering. */ +overlay[local?] +module; private import codeql.util.Location diff --git a/shared/util/codeql/util/Boolean.qll b/shared/util/codeql/util/Boolean.qll index b58dc9a308f3..0f35421c408a 100644 --- a/shared/util/codeql/util/Boolean.qll +++ b/shared/util/codeql/util/Boolean.qll @@ -1,4 +1,6 @@ /** Provides the `Boolean` class. */ +overlay[local?] +module; /** * A utility class that is equivalent to `boolean`. diff --git a/shared/util/codeql/util/DenseRank.qll b/shared/util/codeql/util/DenseRank.qll index 0dccbbd48803..89ab865e9595 100644 --- a/shared/util/codeql/util/DenseRank.qll +++ b/shared/util/codeql/util/DenseRank.qll @@ -2,6 +2,8 @@ * Provides modules for computing dense `rank`s. See the `DenseRank` module * below for a more detailed explanation. */ +overlay[local?] +module; /** Provides the input to `DenseRank`. */ signature module DenseRankInputSig { diff --git a/shared/util/codeql/util/Either.qll b/shared/util/codeql/util/Either.qll index d514b9eaed58..a6796f99f38b 100644 --- a/shared/util/codeql/util/Either.qll +++ b/shared/util/codeql/util/Either.qll @@ -1,4 +1,6 @@ /** Provides a module for constructing a union `Either` type. */ +overlay[local?] +module; /** A type with `toString`. */ private signature class TypeWithToString { diff --git a/shared/util/codeql/util/FilePath.qll b/shared/util/codeql/util/FilePath.qll index 1b047f3c91ce..ff62ce6ee5e3 100644 --- a/shared/util/codeql/util/FilePath.qll +++ b/shared/util/codeql/util/FilePath.qll @@ -1,4 +1,6 @@ /** Provides a utility for normalizing filepaths. */ +overlay[local?] +module; /** * A filepath that should be normalized. diff --git a/shared/util/codeql/util/FileSystem.qll b/shared/util/codeql/util/FileSystem.qll index 2b120faaacea..fe724190f746 100644 --- a/shared/util/codeql/util/FileSystem.qll +++ b/shared/util/codeql/util/FileSystem.qll @@ -1,4 +1,6 @@ /** Provides classes for working with files and folders. */ +overlay[local?] +module; /** Provides the input specification of the files and folders implementation. */ signature module InputSig { diff --git a/shared/util/codeql/util/Location.qll b/shared/util/codeql/util/Location.qll index 8faa1ee4eeb9..c592f2c55564 100644 --- a/shared/util/codeql/util/Location.qll +++ b/shared/util/codeql/util/Location.qll @@ -1,4 +1,6 @@ /** Provides classes for working with locations. */ +overlay[local?] +module; /** * A location as given by a file, a start line, a start column, diff --git a/shared/util/codeql/util/Numbers.qll b/shared/util/codeql/util/Numbers.qll index 050f3c023f11..126307d41b4e 100644 --- a/shared/util/codeql/util/Numbers.qll +++ b/shared/util/codeql/util/Numbers.qll @@ -2,6 +2,8 @@ * Provides predicates for working with numeric values and their string * representations. */ +overlay[local?] +module; /** * Gets the integer value of `binary` when interpreted as binary. `binary` must diff --git a/shared/util/codeql/util/Option.qll b/shared/util/codeql/util/Option.qll index 8ba4d8e840bc..65a5e8724526 100644 --- a/shared/util/codeql/util/Option.qll +++ b/shared/util/codeql/util/Option.qll @@ -1,4 +1,6 @@ /** Provides a module for constructing optional versions of types. */ +overlay[local?] +module; /** A type with `toString`. */ private signature class TypeWithToString { diff --git a/shared/util/codeql/util/ReportStats.qll b/shared/util/codeql/util/ReportStats.qll index 03f381b5b9b3..947eff548e75 100644 --- a/shared/util/codeql/util/ReportStats.qll +++ b/shared/util/codeql/util/ReportStats.qll @@ -1,6 +1,7 @@ /** * Provides the `ReportStats` module for reporting database quality statistics. */ +overlay[local?] module; signature module StatsSig { diff --git a/shared/util/codeql/util/Strings.qll b/shared/util/codeql/util/Strings.qll index 6b8b6f2fb1d0..c82c23a9988b 100644 --- a/shared/util/codeql/util/Strings.qll +++ b/shared/util/codeql/util/Strings.qll @@ -1,3 +1,6 @@ +overlay[local?] +module; + private import Numbers /** diff --git a/shared/util/codeql/util/Unit.qll b/shared/util/codeql/util/Unit.qll index a0db9d7030f7..27e890788ff9 100644 --- a/shared/util/codeql/util/Unit.qll +++ b/shared/util/codeql/util/Unit.qll @@ -1,4 +1,6 @@ /** Provides the `Unit` class. */ +overlay[local?] +module; /** The unit type. */ private newtype TUnit = TMkUnit() diff --git a/shared/util/codeql/util/Void.qll b/shared/util/codeql/util/Void.qll index 886687b54602..28501cb9aca6 100644 --- a/shared/util/codeql/util/Void.qll +++ b/shared/util/codeql/util/Void.qll @@ -1,4 +1,6 @@ /** Provides the empty `Void` class. */ +overlay[local?] +module; /** The empty void type. */ private newtype TVoid = TMkVoid() { none() } diff --git a/shared/util/codeql/util/suppression/AlertSuppression.qll b/shared/util/codeql/util/suppression/AlertSuppression.qll index fad8d96566c0..722791148679 100644 --- a/shared/util/codeql/util/suppression/AlertSuppression.qll +++ b/shared/util/codeql/util/suppression/AlertSuppression.qll @@ -1,3 +1,6 @@ +overlay[local?] +module; + signature class AstNode { predicate hasLocationInfo( string filepath, int startline, int startcolumn, int endline, int endcolumn diff --git a/shared/util/codeql/util/test/ExternalLocationPostProcessing.qll b/shared/util/codeql/util/test/ExternalLocationPostProcessing.qll index 2ebd2b452828..4515bdabc79a 100644 --- a/shared/util/codeql/util/test/ExternalLocationPostProcessing.qll +++ b/shared/util/codeql/util/test/ExternalLocationPostProcessing.qll @@ -6,6 +6,7 @@ * VS Code, but prevents the "Location is outside of test directory" warning * when executed through `codeql test run`. */ +overlay[local?] module; external private predicate queryResults(string relation, int row, int column, string data); diff --git a/shared/xml/codeql/xml/Xml.qll b/shared/xml/codeql/xml/Xml.qll index 02d0ffc66fda..9620b156719e 100644 --- a/shared/xml/codeql/xml/Xml.qll +++ b/shared/xml/codeql/xml/Xml.qll @@ -1,6 +1,8 @@ /** * Provides classes and predicates for working with XML files and their content. */ +overlay[local?] +module; private import codeql.util.Location private import codeql.util.FileSystem diff --git a/shared/yaml/codeql/serverless/ServerLess.qll b/shared/yaml/codeql/serverless/ServerLess.qll index a0322ad47a12..009b50c7d1ca 100644 --- a/shared/yaml/codeql/serverless/ServerLess.qll +++ b/shared/yaml/codeql/serverless/ServerLess.qll @@ -2,6 +2,8 @@ * Provides classes and predicates for working with serverless handlers. * E.g. [AWS](https://docs.aws.amazon.com/lambda/latest/dg/nodejs-handler.html) or [serverless](https://npmjs.com/package/serverless) */ +overlay[local?] +module; /** * Provides the input for the `ServerLess` module. diff --git a/shared/yaml/codeql/yaml/Yaml.qll b/shared/yaml/codeql/yaml/Yaml.qll index 1467fd09d137..153ff5979c8e 100644 --- a/shared/yaml/codeql/yaml/Yaml.qll +++ b/shared/yaml/codeql/yaml/Yaml.qll @@ -4,6 +4,8 @@ * YAML documents are represented as abstract syntax trees whose nodes * are either YAML values or alias nodes referring to another YAML value. */ +overlay[local?] +module; /** Provides the input specification of YAML implementation. */ signature module InputSig {