Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Migrate Actions queries to public repo #18321

Merged
merged 855 commits into from
Dec 19, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
855 commits
Select commit Hold shift + click to select a range
42b487b
Match callers and callees when root is not the repo root
Sep 10, 2024
bd0c762
Refactor: Do not use PRHeadCheckoutStep on any dependency of TaintTra…
Sep 10, 2024
147da50
Use Taint Tracking to track PR refs to checkout's ref argument
Sep 10, 2024
a9a297a
Update tests
Sep 10, 2024
ef41db3
Extract simple reference expression from ORed disjuncts
Sep 10, 2024
25a2107
Update tests
Sep 10, 2024
321e550
Bump qlpack versions
Sep 10, 2024
b199fdc
Add new models for file listing actions
Sep 11, 2024
15bb4d8
Add new test for flow through matrix
Sep 11, 2024
5fe81dd
Update tests
Sep 11, 2024
370d3ad
Merge pull request #80 from github/list_files
Sep 11, 2024
48a0fd5
Bump qlpack versions
Sep 11, 2024
69818c5
Remove bindingset from DataFlow's compatibleTypes
Sep 12, 2024
3a39058
Bump qlpack versions
Sep 12, 2024
69b9542
Add help file for SecretsInArtifacts query
Sep 17, 2024
92f3b16
Bump qlpack versions
Sep 17, 2024
4f075f3
feat: Improve sanitizer checks
Sep 19, 2024
db328f0
Improve Association check
Sep 19, 2024
eca3205
Merge pull request #83 from github/fix_82
Sep 19, 2024
c3d7af8
Bump qlpack versions
Sep 19, 2024
dac930d
Merge branch 'master' of https://github.com/github/codeql-actions
Sep 19, 2024
c20e407
Modify UnpinnedActionsTag report node
Sep 20, 2024
d3c1db5
Merge pull request #84 from github/report_unpin_node
ghsecuritylab Sep 20, 2024
e9dfd9c
Bump qlpack versions
Sep 20, 2024
116d83d
Improve reusable workflow calls
Sep 20, 2024
59592cc
Merge pull request #85 from github/improve_reusable_workflow_calls
ghsecuritylab Sep 20, 2024
a1e44bc
Bump qlpack versions
Sep 20, 2024
d44e7ae
Cross remote Reusable Workflow analysis
Sep 22, 2024
b685a8d
Merge pull request #86 from github/analyze_reusable_workflows
Sep 22, 2024
1dd7c3d
Bump qlpack versions
Sep 22, 2024
df59e6f
Consider a Reusable Workflow privileged if a caller is
Sep 23, 2024
5e74f89
Merge pull request #87 from github/reusable_workflow_priv_checks
Sep 23, 2024
269c1de
Bump qlpack versions
Sep 23, 2024
53f82d3
Control Checks in Run/Uses steps also protect Jobs that depend on them
Sep 23, 2024
610dcaf
Bump qlpack versions
Sep 23, 2024
2bfb156
d /Users/pwntester/src/github.com/github/codeql-actions/ql
Sep 23, 2024
fe06c9e
d /Users/pwntester/src/github.com/github/codeql-actions/ql
Sep 24, 2024
abd49d5
Improve privilege workflow detection
Sep 24, 2024
090d22f
Add GetRepoRoot helper function
Sep 24, 2024
ffbddb1
Simplify Callable/call match
Sep 24, 2024
ef549ef
Add Outputs nodes as CFG/DFG nodes
Sep 24, 2024
7c2386b
Simplify callable/call matches
Sep 24, 2024
4fc9e3f
Add Composite action's outputs as a return node
Sep 24, 2024
e8a667f
Add new tests
Sep 24, 2024
f095622
Update expected test results
Sep 24, 2024
f26e41d
Merge pull request #88 from github/DFG/composite_actions
Sep 24, 2024
0d55b4e
Bump qlpack versions
Sep 24, 2024
356c200
Composite Action steps's getEnclosingJob should return the calling job
Sep 24, 2024
43b61eb
Bump qlpack versions
Sep 24, 2024
153fb49
Update tests
Sep 24, 2024
b1ddbc9
Improve Control Checks
Sep 25, 2024
e147a0b
Bump qlpack versions
Sep 25, 2024
16f1a53
Add new sources for github.event.changes
Sep 25, 2024
62162a5
Merge pull request #89 from github/change_sources
Sep 25, 2024
71960b3
Bump qlpack versions
Sep 25, 2024
010ad35
Add new sources and summary steps
Sep 27, 2024
27752c7
Merge pull request #90 from github/regexp_actions
Sep 27, 2024
26f829e
Bump qlpack versions
Sep 27, 2024
86c1d9c
Improve artifact poisoning query
Sep 27, 2024
65d09b3
Merge pull request #91 from github/fix/artpoison
Sep 27, 2024
9d26a8d
Improve path checks for Artifact and Cache poisoning queries
Sep 27, 2024
2e6f004
Merge pull request #92 from github/fix/direct_cache_poison
Sep 27, 2024
1a5a304
Bump qlpack versions
Sep 27, 2024
294ebe5
Merge branch 'master' of https://github.com/github/codeql-actions
Sep 27, 2024
4fffde2
Add remote flow sources as a mutable ref source for untrusted checkouts
Sep 27, 2024
05d4b3c
Merge pull request #93 from github/ppe_from_rfs
Sep 27, 2024
1b3b47b
Bump qlpack versions
Sep 27, 2024
f2c5a14
Fix: ControlChecks protects/dominates only work with Steps. A sink ca…
Sep 28, 2024
fce300e
Merge pull request #94 from github/fix/sanitizer_scalar_value
Sep 28, 2024
4edfdb4
Bump qlpack versions
Sep 28, 2024
c10d5a1
Rename help-file to match .ql file
RasmusWL Sep 30, 2024
e0a2eb9
fix: Repository checks do not protect workflow_run triggered jobs
Sep 30, 2024
7e89c04
Merge pull request #96 from github/fix/repo_control_check
Sep 30, 2024
c7fde2a
Bump qlpack versions
Sep 30, 2024
726392c
Suppress `actions/cache-poisoning/code-injection` alerts covered by `…
RasmusWL Oct 1, 2024
4274673
Merge pull request #95 from github/rasmuswl/fix-qhelp-file
Oct 1, 2024
853fdf0
Merge pull request #97 from github/rasmuswl/avoid-duplicate-code-inje…
Oct 1, 2024
ef37e3c
Bump qlpack versions
Oct 1, 2024
4b74ade
Account for branches filter as a way to prevent workflow_run to trigg…
Oct 2, 2024
2727bf5
Add improved Bash script parser
Oct 2, 2024
a5075e5
Change queries to use the new bash parser
Oct 2, 2024
c582463
Add new Argument Injection sinks
Oct 2, 2024
8052696
Add new Poisonable step for bun
Oct 2, 2024
6b98a5b
Update tests
Oct 2, 2024
531f3d4
Add tests for new bash parser
Oct 2, 2024
cd1827e
Merge pull request #98 from github/improve_arginj
Oct 2, 2024
68da482
Bump qlpack versions
Oct 2, 2024
7d2cbc1
Improve Bash script parser
Oct 3, 2024
a630291
Merge pull request #99 from github/bash_parser
Oct 3, 2024
5494f7f
Bump qlpack versions
Oct 3, 2024
350b354
remmove leftover comments
Oct 3, 2024
0c9b808
Make Argument Injection queries experimental
Oct 3, 2024
c90690d
Merge pull request #100 from github/arginj_exp
Oct 3, 2024
a3cf876
Bump qlpack versions
Oct 3, 2024
860eda9
Improve control checks to better account for toctou issues
Oct 4, 2024
742602d
Merge pull request #101 from github/control_checks/toctou_split
Oct 4, 2024
b7aba1f
Bump qlpack versions
Oct 4, 2024
6a99845
Remove old code to handle redirections to GITHUB_ENV
Oct 10, 2024
898507e
Update publish.yml
Oct 11, 2024
d4a24df
Refactor FlowSteps
Oct 11, 2024
d558ff8
New Command sources for git and GITHUB_EVENT_PATH
Oct 11, 2024
ee25f35
Refactor of Bash functions
Oct 11, 2024
1e749ae
Add new poisonable step
Oct 11, 2024
99e92af
Update tests
Oct 11, 2024
ba5e1ed
Merge pull request #102 from github/moar_poisonable_steps
Oct 11, 2024
48fa296
Bump qlpack versions
Oct 11, 2024
c7b57b5
Merge command and file store steps
Oct 13, 2024
a09acb5
Better parsing of Bash script commands
Oct 13, 2024
be87ecc
Refactor Script support
Oct 14, 2024
7fa77e2
Delete test script
Oct 14, 2024
3b95ae0
Bump QLPacks versions
Oct 14, 2024
ff17d1d
Add CmdI test
Oct 14, 2024
2e5379f
Update expected tests
Oct 14, 2024
e2e1ddd
Move arg injection sinks to ShellScript class
Oct 15, 2024
b49cd3b
Better handling of EnvVar Injection and Argument Injection
Oct 16, 2024
c5c3cd1
Clean imports
Oct 16, 2024
09f1fd1
Bump qlpack versions
Oct 16, 2024
b072cfa
Add pwsh as the default shell for windows runners
Oct 17, 2024
6bf3eb7
Add sh as a bash-compatible POSIX shell
Oct 17, 2024
a1047d1
Add new control checks using octokit/request-action
Oct 17, 2024
8323819
New sources for octokit/request-action
Oct 17, 2024
c44c3ba
Update tests
Oct 17, 2024
7cba2e0
Bump qlpack versions
Oct 17, 2024
325727e
recommend to add octokit to trusted orgs
KyFaSt Oct 17, 2024
cf9b853
unversioned immutable actions wip
KyFaSt Oct 17, 2024
e550834
update unpinned actions tag test
KyFaSt Oct 18, 2024
2d5cd1a
WIP. todo: modify help text in query to be helpful, write qlhelp file…
KyFaSt Oct 18, 2024
e03ba55
Account for checkout path on Untrusted Checkout Critical
Oct 19, 2024
fc5a670
Add github.event.sender.login as an Actor source
Oct 19, 2024
229d42b
Add sonar-scanner-action as a poisonable step
Oct 21, 2024
6dbbfa9
Bump qlpack versions
Oct 21, 2024
023e8cb
factor semver to separate function
KyFaSt Oct 22, 2024
da10ee7
Add workflow_dispatch and scheduled to the list of privileged and ext…
Oct 22, 2024
9a7e33b
Merge pull request #103 from github/new_events
Oct 22, 2024
54338f4
Bump qlpack versions
Oct 22, 2024
02c5f74
New gh CLI sources
Oct 22, 2024
8f350d9
Merge pull request #104 from github/new_gh_sources
Oct 22, 2024
42d4bb5
Better identification of checkout of untrusted code depending on the …
Oct 22, 2024
0cacb6f
Bump qlpack versions
Oct 22, 2024
0738a66
Add trigger event checks for all checkout models
Oct 23, 2024
a057b9d
Add poisonable step for azure/powershell
Oct 23, 2024
b2a3aaa
Bump qlpack versions
Oct 23, 2024
d1d92ae
Create getATriggerEvent for Steps and refactor the code to use it
Oct 23, 2024
6298f25
Bump qlpack versions
Oct 23, 2024
c9bb42a
Enforce a checkout kind of trigger to consider gh pr/gh api ... pulls…
Oct 23, 2024
fef37b6
Remove pull_request from context event map so that accesss to github.…
Oct 23, 2024
315ffdf
Improve env var injection sanitizers
Oct 23, 2024
43211d3
Update tests
Oct 23, 2024
9a0795c
Bump qlpack versions
Oct 23, 2024
674afc5
Improve labelgate accuracy
Oct 23, 2024
ae6309d
Account for tar -C option to specify path
Oct 23, 2024
b6a26e7
New azure models
Oct 23, 2024
dbcf113
Bump qlpack versions
Oct 23, 2024
c9b1cd2
add workflow to catch some ineligible wildcards and eligible latest v…
KyFaSt Oct 24, 2024
1c6d346
change ql message
KyFaSt Oct 24, 2024
df0c1e2
stub out qlhelp
KyFaSt Oct 24, 2024
f8be8e7
Merge branch 'master' into immutable-actions
KyFaSt Oct 24, 2024
f716222
remove octokit from trusted orgs for now - reduce PR scope
KyFaSt Oct 24, 2024
030c08e
update expected from example originating from main branch merge
KyFaSt Oct 24, 2024
40ec9d6
update existing tests to accomdate for trips from octokit2 example ad…
KyFaSt Oct 24, 2024
6802cd2
Improve checkout trigger events checks
Oct 25, 2024
d8f7981
Improve extraction of Output/Env assignments
Oct 25, 2024
922ae57
Fix LabelIf ControlCheck so that it recognizes checks not at the begi…
Oct 25, 2024
e6e1704
Update tests
Oct 25, 2024
fe9c908
Bump qlpack versions
Oct 25, 2024
6136a98
Add getEvent to RemoteFlowSource for events able to trigger the source
Oct 28, 2024
e34835f
fix: AstNode.getATriggerEvent()
Oct 28, 2024
62d9302
chore: remove leftover commented out code
Oct 28, 2024
792e855
fix: remove context 2 events mappings
Oct 28, 2024
18137f5
fix: take trigger events into consideration
Oct 28, 2024
aecb478
Bump qlpack versions
Oct 28, 2024
0ad7f08
fix: do not require github.event.workflow_run.id as an argument for g…
Oct 28, 2024
31a9346
feat: show trigger event on query results
Oct 29, 2024
24a3df0
tests: new tests for Code Injection
Oct 29, 2024
ee7e50c
Bump qlpack versions
Oct 29, 2024
8711930
feat: Add trigger event to cache poisoning queries
Oct 29, 2024
58f0602
fix: count(text.splitAt()) does not account for all lines, use max(te…
Oct 29, 2024
fcc7efb
Bump qlpack versions
Oct 29, 2024
685c9e9
Bump qlpack versions
Oct 29, 2024
f76d4d6
tests: update tests
Oct 29, 2024
263582c
feat: Add sanitizers for bash test commands
Oct 30, 2024
a2f162e
Bump qlpack versions
Oct 30, 2024
0157bf3
fix: improve JS require/import poisonable step to account for cwd
Oct 30, 2024
ebd45ac
feat: add source model for peter-murra/issue-forms-body-parser
Oct 31, 2024
d85ca10
fix: account for tojson(expr) expressions
Oct 31, 2024
0211902
models: add models for zentered/issue-forms-parser
Oct 31, 2024
45b7547
chore: clean up partial.ql debug query
Oct 31, 2024
c6048a6
tests: Update tests
Oct 31, 2024
230b2ff
Bump qlpack versions
Oct 31, 2024
0b7de6e
add rule to detect if default setup would be more appropriate
boveus Oct 31, 2024
ea20e9b
fix: Add versioned python binaries to poisonable steps
Nov 3, 2024
80f2b24
Bump qlpack versions
Nov 3, 2024
db6f174
query: split if expression is always true query
Nov 4, 2024
55476af
Merge pull request #107 from github/query_if
Nov 4, 2024
4f62573
Bump qlpack versions
Nov 4, 2024
ae6856a
models: add new control check model
Nov 4, 2024
5bf02e7
Update ql/src/Security/CWE-829/UnpinnedActionsTag.ql
KyFaSt Nov 4, 2024
0e94777
Merge branch 'master' into immutable-actions
KyFaSt Nov 4, 2024
686e30a
add qlhelp
boveus Nov 6, 2024
6a1e814
Merge pull request #106 from github/advanced-config
boveus Nov 6, 2024
99a49fb
Move packs to `codeql` org
dbartol Nov 7, 2024
b2100d0
Add `security-and-quality` suite
dbartol Nov 7, 2024
1f3bab2
Move data extensions to use `codeql` org
dbartol Nov 7, 2024
e8ee798
add temporary immutable actions doc page
KyFaSt Nov 7, 2024
d6e38d5
Do not detect immutable actions in UnpinnedActionsTag
KyFaSt Nov 8, 2024
0110988
Merge pull request #105 from github/immutable-actions
KyFaSt Nov 8, 2024
44fd14c
Bump qlpack versions
Nov 9, 2024
064c983
Merge branch 'master' of https://github.com/github/codeql-actions
Nov 9, 2024
14119c7
Merge remote-tracking branch 'origin/master' into dbartol/move-to-codeql
dbartol Nov 13, 2024
be8a492
Delete dbscheme
dbartol Nov 13, 2024
df3b304
Add `--search-path` in test workflow
dbartol Nov 13, 2024
3ce3cf4
refactor common code to identify untrusted checkouts
Nov 19, 2024
afb7967
Delete .actual test files
Nov 19, 2024
082b4c3
Add poisonable step for pip install .
Nov 20, 2024
9a137db
Bump qlpack versions
Nov 20, 2024
1fa00f1
Capture the event name rathen than the whole event
Dec 9, 2024
ef713ff
Extract GitHub context access expression into its own class
Dec 9, 2024
3591db9
Remove artifact source as a source of PR refs
Dec 9, 2024
f3ada4a
Update CompositeActionSources expected file
Dec 9, 2024
f6d2019
When trigger event is not known, do not check context trigger maps
Dec 9, 2024
b80d3d5
exclude Simple refereces from GitHub context
Dec 9, 2024
bee0668
Add tests and update expected results
Dec 9, 2024
d0c761b
Bump qlpack versions
Dec 9, 2024
455afc2
Expect external workflows and actions in .github/workflow/external an…
Dec 13, 2024
f99f5e8
Merge remote-tracking branch 'origin/master' into dbartol/move-to-codeql
dbartol Dec 13, 2024
3484453
Fix pack names
dbartol Dec 13, 2024
5aa3328
Upgrade to latest package versions
dbartol Dec 13, 2024
1fb707f
Bump minor version to prepare for public release
dbartol Dec 13, 2024
4a9355c
Add required signature predicate implementation
dbartol Dec 13, 2024
b8e23c1
Merge pull request #110 from github/ext_prefix
Dec 14, 2024
1370102
Bump qlpack versions
Dec 14, 2024
2949098
Fix typo in UnversionedImmutableAction.md
sampart Dec 16, 2024
91f4ffa
Merge pull request #111 from github/UnversionedImmutableAction-typo
aeisenberg Dec 16, 2024
501e3b3
Merge remote-tracking branch 'origin/master' into dbartol/move-to-codeql
dbartol Dec 18, 2024
237a6f1
Bump version
dbartol Dec 18, 2024
ee7680d
Move into `actions` subdirectory to prepare for migration to `github/…
dbartol Dec 18, 2024
dbc1fa6
Merge Actions queries from `github/codeql-actions`
dbartol Dec 18, 2024
c7efe5d
Update lock files
dbartol Dec 18, 2024
47e364a
Remove placeholder code
dbartol Dec 18, 2024
7891134
Fix formatting
dbartol Dec 18, 2024
d66cb7e
Fix formatting
dbartol Dec 18, 2024
99bdef1
Fix compilation warnings
dbartol Dec 18, 2024
a66ba4e
Remove `printCfg.ql`
dbartol Dec 18, 2024
4743dfa
Fix result of `getAPrimaryQlClass()`
dbartol Dec 18, 2024
dba6f0b
Accept DB consistency check for now
dbartol Dec 18, 2024
9b9df4c
Temporarily disable QlDoc checks for Actions
dbartol Dec 18, 2024
3e2fe46
Merge remote-tracking branch 'origin/main' into dbartol/actions-merge
dbartol Dec 19, 2024
8b13227
Revert "Accept DB consistency check for now"
dbartol Dec 19, 2024
bfa105f
Fix typo
dbartol Dec 19, 2024
e4bce70
Add change notes
dbartol Dec 19, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
3 changes: 2 additions & 1 deletion .github/workflows/check-qldoc.yml
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,8 @@ jobs:
run: |
EXIT_CODE=0
# TODO: remove the shared exception from the regex when coverage of qlpacks without dbschemes is supported
changed_lib_packs="$(git diff --name-only --diff-filter=ACMRT HEAD^ HEAD | { grep -Po '^(?!(shared))[a-z]*/ql/lib' || true; } | sort -u)"
# TODO: remove the actions exception once https://github.com/github/codeql-team/issues/3656 is fixed
changed_lib_packs="$(git diff --name-only --diff-filter=ACMRT HEAD^ HEAD | { grep -Po '^(?!(shared|actions))[a-z]*/ql/lib' || true; } | sort -u)"
for pack_dir in ${changed_lib_packs}; do
lang="${pack_dir%/ql/lib}"
codeql generate library-doc-coverage --output="${RUNNER_TEMP}/${lang}-current.txt" --dir="${pack_dir}"
Expand Down
2 changes: 1 addition & 1 deletion actions/ql/lib/actions.qll
Original file line number Diff line number Diff line change
@@ -1 +1 @@
predicate placeholder(int x) { x = 0 }
import codeql.actions.Ast
4 changes: 4 additions & 0 deletions actions/ql/lib/change-notes/2024-12-19-initial-release.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
---
category: feature
---
* Initial public preview release
4 changes: 4 additions & 0 deletions actions/ql/lib/codeql-pack.lock.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
---
lockVersion: 1.0.0
dependencies: {}
compiled: false
98 changes: 98 additions & 0 deletions actions/ql/lib/codeql/Locations.qll
Original file line number Diff line number Diff line change
@@ -0,0 +1,98 @@
/** Provides classes for working with locations. */

import files.FileSystem
import codeql.actions.ast.internal.Ast

bindingset[loc]
pragma[inline_late]
private string locationToString(Location loc) {
exists(string filepath, int startline, int startcolumn, int endline, int endcolumn |
loc.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) and
result = filepath + "@" + startline + ":" + startcolumn + ":" + endline + ":" + endcolumn
)
}

newtype TLocation =
TBaseLocation(string filepath, int startline, int startcolumn, int endline, int endcolumn) {
exists(File file |
file.getAbsolutePath() = filepath and
locations_default(_, file, startline, startcolumn, endline, endcolumn)
)
or
exists(ExpressionImpl e |
e.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
)
or
filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
}

/**
* A location as given by a file, a start line, a start column,
* an end line, and an end column.
*
* For more information about locations see [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
*/
class Location extends TLocation, TBaseLocation {
string filepath;
int startline;
int startcolumn;
int endline;
int endcolumn;

Location() { this = TBaseLocation(filepath, startline, startcolumn, endline, endcolumn) }

/** Gets the file for this location. */
File getFile() {
exists(File file |
file.getAbsolutePath() = filepath and
result = file
)
}

/** Gets the 1-based line number (inclusive) where this location starts. */
int getStartLine() { result = startline }

/** Gets the 1-based column number (inclusive) where this location starts. */
int getStartColumn() { result = startcolumn }

/** Gets the 1-based line number (inclusive) where this.getLocationDefault() location ends. */
int getEndLine() { result = endline }

/** Gets the 1-based column number (inclusive) where this.getLocationDefault() location ends. */
int getEndColumn() { result = endcolumn }

/** Gets the number of lines covered by this location. */
int getNumLines() { result = endline - startline + 1 }

/** Gets a textual representation of this element. */
pragma[inline]
string toString() { result = locationToString(this) }

/**
* Holds if this element is at the specified location.
* The location spans column `startcolumn` of line `startline` to
* column `endcolumn` of line `endline` in file `filepath`.
* For more information, see
* [Providing locations in CodeQL queries](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
*/
predicate hasLocationInfo(string p, int sl, int sc, int el, int ec) {

Check warning

Code scanning / CodeQL

Missing QLDoc for parameter Warning

The QLDoc has no documentation for ec, or el, or p, or sc, or sl, but the QLDoc mentions endcolumn, and endline, and filepath, and startcolumn, and startline
p = filepath and
sl = startline and
sc = startcolumn and
el = endline and
ec = endcolumn
}

/** Holds if this location starts strictly before the specified location. */
pragma[inline]
predicate strictlyBefore(Location other) {
this.getStartLine() < other.getStartLine()
or
this.getStartLine() = other.getStartLine() and this.getStartColumn() < other.getStartColumn()
}
}

/** An entity representing an empty location. */
class EmptyLocation extends Location {
EmptyLocation() { this.hasLocationInfo("", 0, 0, 0, 0) }
}
Loading
Loading