diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..5ea495d --- /dev/null +++ b/.gitmodules @@ -0,0 +1,6 @@ +[submodule "extractor/tree-sitter-hcl"] + path = extractor/tree-sitter-hcl + url = https://github.com/GeekMasher/tree-sitter-hcl +[submodule "extractor/tree-sitter-dockerfile"] + path = extractor/tree-sitter-dockerfile + url = https://github.com/GeekMasher/tree-sitter-dockerfile diff --git a/Cargo.lock b/Cargo.lock index 90d0a68..a8d80f3 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1,12 +1,12 @@ # This file is automatically @generated by Cargo. # It is not intended for manual editing. -version = 3 +version = 4 [[package]] name = "adler2" -version = "2.0.0" +version = "2.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "512761e0bb2578dd7380c6baaa0f4ce03e84f95e960231d1dec8bf4d7d6e2627" +checksum = "320119579fcad9c21884f5c4861d16174d0e06250625266f50fe6898340abefa" [[package]] name = "aho-corasick" @@ -34,9 +34,9 @@ dependencies = [ [[package]] name = "anstream" -version = "0.6.15" +version = "0.6.19" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "64e15c1ab1f89faffbf04a634d5e1962e9074f2741eef6d97f3c4e322426d526" +checksum = "301af1932e46185686725e0fad2f8f2aa7da69dd70bf6ecc44d6b703844a3933" dependencies = [ "anstyle", "anstyle-parse", @@ -49,49 +49,56 @@ dependencies = [ [[package]] name = "anstyle" -version = "1.0.8" +version = "1.0.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1bec1de6f59aedf83baf9ff929c98f2ad654b97c9510f4e70cf6f661d49fd5b1" +checksum = "862ed96ca487e809f1c8e5a8447f6ee2cf102f846893800b20cebdf541fc6bbd" [[package]] name = "anstyle-parse" -version = "0.2.5" +version = "0.2.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "eb47de1e80c2b463c735db5b217a0ddc39d612e7ac9e2e96a5aed1f57616c1cb" +checksum = "4e7644824f0aa2c7b9384579234ef10eb7efb6a0deb83f9630a49594dd9c15c2" dependencies = [ "utf8parse", ] [[package]] name = "anstyle-query" -version = "1.1.1" +version = "1.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6d36fc52c7f6c869915e99412912f22093507da8d9e942ceaf66fe4b7c14422a" +checksum = "6c8bdeb6047d8983be085bab0ba1472e6dc604e7041dbf6fcd5e71523014fae9" dependencies = [ "windows-sys", ] [[package]] name = "anstyle-wincon" -version = "3.0.4" +version = "3.0.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5bf74e1b6e971609db8ca7a9ce79fd5768ab6ae46441c572e46cf596f59e57f8" +checksum = "403f75924867bb1033c59fbf0797484329750cfbe3c4325cd33127941fabc882" dependencies = [ "anstyle", + "once_cell_polyfill", "windows-sys", ] [[package]] name = "autocfg" -version = "1.3.0" +version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0c4b4d0bd25bd0b74681c0ad21497610ce1b7c91b1022cd21c80c6fbdd9476b0" +checksum = "c08606f8c3cbf4ce6ec8e28fb0014a2c086708fe954eaa885384a6165172e7e8" + +[[package]] +name = "bitflags" +version = "2.9.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1b8e56985ec62d17e9c1001dc89c88ecd7dc08e47eba5ec7c29c7b5eeecde967" [[package]] name = "bstr" -version = "1.10.0" +version = "1.12.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "40723b8fb387abc38f4f4a37c09073622e41dd12327033091ef8950659e6dc0c" +checksum = "234113d19d0d7d613b40e86fb654acf958910802bcceab913a4f9e7cda03b1a4" dependencies = [ "memchr", "serde", @@ -99,30 +106,32 @@ dependencies = [ [[package]] name = "bumpalo" -version = "3.16.0" +version = "3.18.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "79296716171880943b8470b5f8d03aa55eb2e645a4874bdbb28adb49162e012c" +checksum = "793db76d6187cd04dff33004d8e6c9cc4e05cd330500379d2394209271b4aeee" [[package]] name = "cc" -version = "1.1.28" +version = "1.2.27" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2e80e3b6a3ab07840e1cae9b0666a63970dc28e8ed5ffbcdacbfc760c281bfc1" +checksum = "d487aa071b5f64da6f19a3e848e3578944b726ee5a4854b82172f02aa876bfdc" dependencies = [ + "jobserver", + "libc", "shlex", ] [[package]] name = "cfg-if" -version = "1.0.0" +version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" +checksum = "9555578bc9e57714c812a1f84e4fc5b4d21fcb063490c624de019f7464c91268" [[package]] name = "chrono" -version = "0.4.38" +version = "0.4.41" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a21f936df1771bf62b77f047b726c4625ff2e8aa607c01ec06e5a05bd8463401" +checksum = "c469d952047f47f91b68d1cba3f10d63c11d73e4636f24f08daf0278abf01c4d" dependencies = [ "android-tzdata", "iana-time-zone", @@ -130,7 +139,7 @@ dependencies = [ "num-traits", "serde", "wasm-bindgen", - "windows-targets", + "windows-link", ] [[package]] @@ -169,14 +178,14 @@ dependencies = [ [[package]] name = "clap_lex" -version = "0.7.4" +version = "0.7.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f46ad14479a25103f283c0f10005961cf086d8dc42205bb44c46ac563475dca6" +checksum = "b94f61472cee1439c0b966b47e3aca9ae07e45d070759512cd390ea2bebc6675" [[package]] name = "codeql-extractor" version = "0.2.0" -source = "git+https://github.com/github/codeql?rev=839ca60f90f918b567e192642b0cc3003803f482#839ca60f90f918b567e192642b0cc3003803f482" +source = "git+https://github.com/github/codeql?rev=4d681f05bd671f8b5e31624f16a2b4d75e61c071#4d681f05bd671f8b5e31624f16a2b4d75e61c071" dependencies = [ "chrono", "encoding", @@ -189,7 +198,9 @@ dependencies = [ "serde", "serde_json", "tracing", - "tree-sitter 0.20.10", + "tracing-subscriber", + "tree-sitter", + "zstd", ] [[package]] @@ -203,17 +214,16 @@ dependencies = [ "regex", "tracing", "tracing-subscriber", - "tree-sitter 0.24.7", - "tree-sitter-bicep", + "tree-sitter", "tree-sitter-dockerfile", "tree-sitter-hcl", ] [[package]] name = "colorchoice" -version = "1.0.2" +version = "1.0.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d3fd119d74b830634cea2a0f58bbd0d54540518a14397557951e79340abc28c0" +checksum = "b05b61dc5112cbb17e4b6cd61790d9845d13888356391624cbe7e41efeac1e75" [[package]] name = "core-foundation-sys" @@ -232,9 +242,9 @@ dependencies = [ [[package]] name = "crossbeam-deque" -version = "0.8.5" +version = "0.8.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "613f8cc01fe9cf1a3eb3d7f488fd2fa8388403e97039e2f73692932e291a770d" +checksum = "9dd111b7b7f7d55b72c0a6ae361660ee5853c9af73f70c3c2ef6858b950e2e51" dependencies = [ "crossbeam-epoch", "crossbeam-utils", @@ -251,15 +261,15 @@ dependencies = [ [[package]] name = "crossbeam-utils" -version = "0.8.20" +version = "0.8.21" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "22ec99545bb0ed0ea7bb9b8e1e9122ea386ff8a48c0922e43f36d45ab09e0e80" +checksum = "d0a5c400df2834b80a4c3327b3aad3a4c4cd4de0629063962b03235697506a28" [[package]] name = "either" -version = "1.13.0" +version = "1.15.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "60b1af1c220855b6ceac025d3f6ecdd2b7c4894bfe9cd9bda4fbb4bc7c0d4cf0" +checksum = "48c757948c5ede0e46177b7add2e67155f70e33c07fea8284df6576da70b3719" [[package]] name = "encoding" @@ -335,16 +345,28 @@ dependencies = [ "miniz_oxide", ] +[[package]] +name = "getrandom" +version = "0.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "26145e563e54f2cadc477553f1ec5ee650b00862f0a58bcd12cbdc5f0ea2d2f4" +dependencies = [ + "cfg-if", + "libc", + "r-efi", + "wasi", +] + [[package]] name = "globset" -version = "0.4.15" +version = "0.4.16" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "15f1ce686646e7f1e19bf7d5533fe443a45dbfb990e00629110797578b42fb19" +checksum = "54a1028dfc5f5df5da8a56a73e6c153c9a9708ec57232470703592a3f18e49f5" dependencies = [ "aho-corasick", "bstr", "log", - "regex-automata 0.4.8", + "regex-automata 0.4.9", "regex-syntax 0.8.5", ] @@ -356,20 +378,21 @@ checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea" [[package]] name = "hermit-abi" -version = "0.3.9" +version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d231dfb89cfffdbc30e7fc41579ed6066ad03abda9e567ccafae602b97ec5024" +checksum = "fc0fef456e4baa96da950455cd02c081ca953b141298e41db3fc7e36b1da849c" [[package]] name = "iana-time-zone" -version = "0.1.60" +version = "0.1.63" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e7ffbb5a1b541ea2561f8c41c087286cc091e21e556a4f09a8f6cbf17b69b141" +checksum = "b0c919e5debc312ad217002b8048a17b7d83f80703865bbfcfebb0458b0b27d8" dependencies = [ "android_system_properties", "core-foundation-sys", "iana-time-zone-haiku", "js-sys", + "log", "wasm-bindgen", "windows-core", ] @@ -391,16 +414,27 @@ checksum = "7943c866cc5cd64cbc25b2e01621d07fa8eb2a1a23160ee81ce38704e97b8ecf" [[package]] name = "itoa" -version = "1.0.11" +version = "1.0.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "49f1f14873335454500d59611f1cf4a4b0f786f9ac11f4312a78e4cf2566695b" +checksum = "4a5f13b858c8d314ee3e8f639011f7ccefe71f97f96e50151fb991f267928e2c" + +[[package]] +name = "jobserver" +version = "0.1.33" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "38f262f097c174adebe41eb73d66ae9c06b2844fb0da69969647bbddd9b0538a" +dependencies = [ + "getrandom", + "libc", +] [[package]] name = "js-sys" -version = "0.3.70" +version = "0.3.77" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1868808506b929d7b0cfa8f75951347aa71bb21144b7791bae35d9bccfcfe37a" +checksum = "1cfaf33c695fc6e08064efbc1f72ec937429614f25eef83af942d0e227c3a28f" dependencies = [ + "once_cell", "wasm-bindgen", ] @@ -412,15 +446,15 @@ checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe" [[package]] name = "libc" -version = "0.2.158" +version = "0.2.174" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d8adc4bb1803a324070e64a98ae98f38934d91957a99cfb3a43dcbc01bc56439" +checksum = "1171693293099992e19cddea4e8b849964e9846f4acee11b3948bcc337be8776" [[package]] name = "log" -version = "0.4.22" +version = "0.4.27" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a7a70ba024b9dc04c27ea2f0c0548feb474ec5c54bba33a7f72f873a39d07b24" +checksum = "13dc2df351e3202783a1fe0d44375f7295ffb4049267b0f3018346dc122a1d94" [[package]] name = "matchers" @@ -433,15 +467,15 @@ dependencies = [ [[package]] name = "memchr" -version = "2.7.4" +version = "2.7.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3" +checksum = "32a282da65faaf38286cf3be983213fcf1d2e2a58700e808f83f4ea9a4804bc0" [[package]] name = "miniz_oxide" -version = "0.8.5" +version = "0.8.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8e3e04debbb59698c15bacbb6d93584a8c0ca9cc3213cb423d31f760d8843ce5" +checksum = "1fa76a2c86f704bdb222d66965fb3d63269ce38518b83cb0575fca855ebb6316" dependencies = [ "adler2", ] @@ -467,9 +501,9 @@ dependencies = [ [[package]] name = "num_cpus" -version = "1.16.0" +version = "1.17.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4161fcb6d602d4d2081af7c3a45852d875a03dd337a6bfdd6e06407b61342a43" +checksum = "91df4bbde75afed763b708b7eee1e8e7651e02d97f6d5dd763e89367e957b23b" dependencies = [ "hermit-abi", "libc", @@ -477,9 +511,15 @@ dependencies = [ [[package]] name = "once_cell" -version = "1.19.0" +version = "1.21.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" +checksum = "42f5e15c9953c5e4ccceeb2e7382a716482c34515315f7b03532b8b4e8393d2d" + +[[package]] +name = "once_cell_polyfill" +version = "1.70.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a4895175b425cb1f87721b59f0f286c2092bd4af812243672510e1ac53e2e0ad" [[package]] name = "overload" @@ -489,28 +529,40 @@ checksum = "b15813163c1d831bf4a13c3610c05c0d03b39feb07f7e09fa234dac9b15aaf39" [[package]] name = "pin-project-lite" -version = "0.2.14" +version = "0.2.16" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3b3cff922bd51709b605d9ead9aa71031d81447142d828eb4a6eba76fe619f9b" + +[[package]] +name = "pkg-config" +version = "0.3.32" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bda66fc9667c18cb2758a2ac84d1167245054bcf85d5d1aaa6923f45801bdd02" +checksum = "7edddbd0b52d732b21ad9a5fab5c704c14cd949e5e9a1ec5929a24fded1b904c" [[package]] name = "proc-macro2" -version = "1.0.86" +version = "1.0.95" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5e719e8df665df0d1c8fbfd238015744736151d4445ec0836b8e628aae103b77" +checksum = "02b3e5e68a3a1a02aad3ec490a98007cbc13c37cbe84a3cd7b8e406d76e7f778" dependencies = [ "unicode-ident", ] [[package]] name = "quote" -version = "1.0.37" +version = "1.0.40" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b5b9d34b8991d19d98081b46eacdd8eb58c6f2b201139f7c5f643cc155a633af" +checksum = "1885c039570dc00dcb4ff087a89e185fd56bae234ddc7f056a945bf36467248d" dependencies = [ "proc-macro2", ] +[[package]] +name = "r-efi" +version = "5.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "69cdb34c158ceb288df11e18b4bd39de994f6657d83847bdffdbd7f346754b0f" + [[package]] name = "rayon" version = "1.10.0" @@ -539,7 +591,7 @@ checksum = "b544ef1b4eac5dc2db33ea63606ae9ffcfac26c1416a2806ae0bf5f56b201191" dependencies = [ "aho-corasick", "memchr", - "regex-automata 0.4.8", + "regex-automata 0.4.9", "regex-syntax 0.8.5", ] @@ -554,9 +606,9 @@ dependencies = [ [[package]] name = "regex-automata" -version = "0.4.8" +version = "0.4.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "368758f23274712b504848e9d5a6f010445cc8b87a7cdb4d7cbee666c1288da3" +checksum = "809e8dc61f6de73b46c85f4c96486310fe304c434cfa43669d7b40f711150908" dependencies = [ "aho-corasick", "memchr", @@ -575,26 +627,32 @@ version = "0.8.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2b15c43186be67a4fd63bee50d0303afffcef381492ebe2c5d87f324e1b8815c" +[[package]] +name = "rustversion" +version = "1.0.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8a0d197bd2c9dc6e53b84da9556a69ba4cdfab8619eb41a8bd1cc2027a0f6b1d" + [[package]] name = "ryu" -version = "1.0.18" +version = "1.0.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f3cb5ba0dc43242ce17de99c180e96db90b235b8a9fdc9543c96d2209116bd9f" +checksum = "28d3b2b1366ec20994f1fd18c3c594f05c5dd4bc44d8bb0c1c632c8d6829481f" [[package]] name = "serde" -version = "1.0.210" +version = "1.0.219" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c8e3592472072e6e22e0a54d5904d9febf8508f65fb8552499a1abc7d1078c3a" +checksum = "5f0e2c6ed6606019b4e29e69dbaba95b11854410e5347d525002456dbbb786b6" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.210" +version = "1.0.219" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "243902eda00fad750862fc144cea25caca5e20d615af0a81bee94ca738f1df1f" +checksum = "5b0276cf7f2c73365f7157c8123c21cd9a50fbbd844757af28ca1f5925fc2a00" dependencies = [ "proc-macro2", "quote", @@ -603,9 +661,9 @@ dependencies = [ [[package]] name = "serde_json" -version = "1.0.128" +version = "1.0.140" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6ff5456707a1de34e7e37f2a6fd3d3f808c318259cbd01ab6377795054b483d8" +checksum = "20068b6e96dc6c9bd23e01df8827e6c7e1f2fddd43c21810382803c136b99373" dependencies = [ "itoa", "memchr", @@ -630,15 +688,9 @@ checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" [[package]] name = "smallvec" -version = "1.13.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3c5e1a9a646d36c3599cd173a41282daf47c44583ad367b8e6837255952e5c67" - -[[package]] -name = "streaming-iterator" -version = "0.1.9" +version = "1.15.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2b2231b7c3057d5e4ad0156fb3dc807d900806020c5ffa3ee6ff2c8c76fb8520" +checksum = "67b1b7a3b5fe4f1376887184045fcf45c69e92af734b7aaddc05fb777b6fbd03" [[package]] name = "strsim" @@ -648,9 +700,9 @@ checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f" [[package]] name = "syn" -version = "2.0.77" +version = "2.0.103" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9f35bcdf61fd8e7be6caf75f429fdca8beb3ed76584befb503b1569faee373ed" +checksum = "e4307e30089d6fd6aff212f2da3a1f9e32f3223b1f010fb09b7c95f90f3ca1e8" dependencies = [ "proc-macro2", "quote", @@ -659,12 +711,11 @@ dependencies = [ [[package]] name = "thread_local" -version = "1.1.8" +version = "1.1.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8b9ef9bad013ada3808854ceac7b46812a6465ba368859a37e2100283d2d719c" +checksum = "f60246a4944f24f6e018aa17cdeffb7818b76356965d03b07d6a9886e8962185" dependencies = [ "cfg-if", - "once_cell", ] [[package]] @@ -680,9 +731,9 @@ dependencies = [ [[package]] name = "tracing-attributes" -version = "0.1.28" +version = "0.1.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "395ae124c09f9e6918a2310af6038fba074bcf474ac352496d5910dd59a2226d" +checksum = "81383ab64e72a7a8b8e13130c49e3dab29def6d0c7d76a03087b3cf71c5c6903" dependencies = [ "proc-macro2", "quote", @@ -691,9 +742,9 @@ dependencies = [ [[package]] name = "tracing-core" -version = "0.1.33" +version = "0.1.34" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e672c95779cf947c5311f83787af4fa8fffd12fb27e4993211a84bdfd9610f9c" +checksum = "b9d12581f227e93f094d3af2ae690a574abb8a2b9b7a96e7cfe9647b2b617678" dependencies = [ "once_cell", "valuable", @@ -730,65 +781,45 @@ dependencies = [ [[package]] name = "tree-sitter" -version = "0.20.10" +version = "0.23.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e747b1f9b7b931ed39a548c1fae149101497de3c1fc8d9e18c62c1a66c683d3d" -dependencies = [ - "cc", - "regex", -] - -[[package]] -name = "tree-sitter" -version = "0.24.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a5387dffa7ffc7d2dae12b50c6f7aab8ff79d6210147c6613561fc3d474c6f75" +checksum = "0203df02a3b6dd63575cc1d6e609edc2181c9a11867a271b25cfd2abff3ec5ca" dependencies = [ "cc", "regex", "regex-syntax 0.8.5", - "streaming-iterator", "tree-sitter-language", ] -[[package]] -name = "tree-sitter-bicep" -version = "1.0.1" -source = "git+https://github.com/GeekMasher/tree-sitter-bicep?rev=0092c7d1bd6bb22ce0a6f78497d50ea2b87f19c0#0092c7d1bd6bb22ce0a6f78497d50ea2b87f19c0" -dependencies = [ - "cc", - "tree-sitter 0.20.10", -] - [[package]] name = "tree-sitter-dockerfile" -version = "0.1.0" -source = "git+https://github.com/GeekMasher/tree-sitter-dockerfile?rev=439c3e7b8a9bfdbf1f7d7c2beaae4173dc484cbf#439c3e7b8a9bfdbf1f7d7c2beaae4173dc484cbf" +version = "0.2.0" dependencies = [ "cc", - "tree-sitter 0.20.10", + "tree-sitter", + "tree-sitter-language", ] [[package]] name = "tree-sitter-hcl" version = "0.0.1" -source = "git+https://github.com/GeekMasher/tree-sitter-hcl?rev=5e045dd1ff7852511c249c4c5d919d9556751d98#5e045dd1ff7852511c249c4c5d919d9556751d98" dependencies = [ "cc", - "tree-sitter 0.20.10", + "tree-sitter", + "tree-sitter-language", ] [[package]] name = "tree-sitter-language" -version = "0.1.0" +version = "0.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2545046bd1473dac6c626659cc2567c6c0ff302fc8b84a56c4243378276f7f57" +checksum = "c4013970217383f67b18aef68f6fb2e8d409bc5755227092d32efb0422ba24b8" [[package]] name = "unicode-ident" -version = "1.0.13" +version = "1.0.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e91b56cd4cadaeb79bbf1a5645f6b4f8dc5bde8834ad5894a8db35fda9efa1fe" +checksum = "5a5f39404a5da50712a4c1eecf25e90dd62b613502b7e925fd4e4d19b5c96512" [[package]] name = "utf8parse" @@ -798,30 +829,39 @@ checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821" [[package]] name = "valuable" -version = "0.1.0" +version = "0.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "830b7e5d4d90034032940e4ace0d9a9a057e7a45cd94e6c007832e39edb82f6d" +checksum = "ba73ea9cf16a25df0c8caa16c51acb937d5712a8429db78a3ee29d5dcacd3a65" + +[[package]] +name = "wasi" +version = "0.14.2+wasi-0.2.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9683f9a5a998d873c0d21fcbe3c083009670149a8fab228644b8bd36b2c48cb3" +dependencies = [ + "wit-bindgen-rt", +] [[package]] name = "wasm-bindgen" -version = "0.2.93" +version = "0.2.100" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a82edfc16a6c469f5f44dc7b571814045d60404b55a0ee849f9bcfa2e63dd9b5" +checksum = "1edc8929d7499fc4e8f0be2262a241556cfc54a0bea223790e71446f2aab1ef5" dependencies = [ "cfg-if", "once_cell", + "rustversion", "wasm-bindgen-macro", ] [[package]] name = "wasm-bindgen-backend" -version = "0.2.93" +version = "0.2.100" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9de396da306523044d3302746f1208fa71d7532227f15e347e2d93e4145dd77b" +checksum = "2f0a0651a5c2bc21487bde11ee802ccaf4c51935d0d3d42a6101f98161700bc6" dependencies = [ "bumpalo", "log", - "once_cell", "proc-macro2", "quote", "syn", @@ -830,9 +870,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro" -version = "0.2.93" +version = "0.2.100" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "585c4c91a46b072c92e908d99cb1dcdf95c5218eeb6f3bf1efa991ee7a68cccf" +checksum = "7fe63fc6d09ed3792bd0897b314f53de8e16568c2b3f7982f468c0bf9bd0b407" dependencies = [ "quote", "wasm-bindgen-macro-support", @@ -840,9 +880,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro-support" -version = "0.2.93" +version = "0.2.100" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "afc340c74d9005395cf9dd098506f7f44e38f2b4a21c6aaacf9a105ea5e1e836" +checksum = "8ae87ea40c9f689fc23f209965b6fb8a99ad69aeeb0231408be24920604395de" dependencies = [ "proc-macro2", "quote", @@ -853,9 +893,12 @@ dependencies = [ [[package]] name = "wasm-bindgen-shared" -version = "0.2.93" +version = "0.2.100" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c62a0a307cb4a311d3a07867860911ca130c3494e8c2719593806c08bc5d0484" +checksum = "1a05d73b933a847d6cccdda8f838a22ff101ad9bf93e33684f39c1f5f0eece3d" +dependencies = [ + "unicode-ident", +] [[package]] name = "winapi" @@ -881,18 +924,68 @@ checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" [[package]] name = "windows-core" -version = "0.52.0" +version = "0.61.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "33ab640c8d7e35bf8ba19b884ba838ceb4fba93a4e8c65a9059d08afcfc683d9" +checksum = "c0fdd3ddb90610c7638aa2b3a3ab2904fb9e5cdbecc643ddb3647212781c4ae3" dependencies = [ - "windows-targets", + "windows-implement", + "windows-interface", + "windows-link", + "windows-result", + "windows-strings", +] + +[[package]] +name = "windows-implement" +version = "0.60.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a47fddd13af08290e67f4acabf4b459f647552718f683a7b415d290ac744a836" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "windows-interface" +version = "0.59.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bd9211b69f8dcdfa817bfd14bf1c97c9188afa36f4750130fcdf3f400eca9fa8" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "windows-link" +version = "0.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5e6ad25900d524eaabdbbb96d20b4311e1e7ae1699af4fb28c17ae66c80d798a" + +[[package]] +name = "windows-result" +version = "0.3.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "56f42bd332cc6c8eac5af113fc0c1fd6a8fd2aa08a0119358686e5160d0586c6" +dependencies = [ + "windows-link", +] + +[[package]] +name = "windows-strings" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "56e6c93f3a0c3b36176cb1327a4958a0353d5d166c2a35cb268ace15e91d3b57" +dependencies = [ + "windows-link", ] [[package]] name = "windows-sys" -version = "0.52.0" +version = "0.59.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d" +checksum = "1e38bc4d79ed67fd075bcc251a1c39b32a1776bbe92e5bef1f0bf1f8c531853b" dependencies = [ "windows-targets", ] @@ -960,3 +1053,40 @@ name = "windows_x86_64_msvc" version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec" + +[[package]] +name = "wit-bindgen-rt" +version = "0.39.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6f42320e61fe2cfd34354ecb597f86f413484a798ba44a8ca1165c58d42da6c1" +dependencies = [ + "bitflags", +] + +[[package]] +name = "zstd" +version = "0.13.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e91ee311a569c327171651566e07972200e76fcfe2242a4fa446149a3881c08a" +dependencies = [ + "zstd-safe", +] + +[[package]] +name = "zstd-safe" +version = "7.2.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8f49c4d5f0abb602a93fb8736af2a4f4dd9512e36f7f570d66e65ff867ed3b9d" +dependencies = [ + "zstd-sys", +] + +[[package]] +name = "zstd-sys" +version = "2.0.15+zstd.1.5.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "eb81183ddd97d0c74cedf1d50d85c8d08c1b8b68ee863bdee9e706eedba1a237" +dependencies = [ + "cc", + "pkg-config", +] diff --git a/Cargo.toml b/Cargo.toml index 107618e..9adb710 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,2 +1,3 @@ [workspace] +resolver = "2" members = ["extractor"] diff --git a/extractor/Cargo.toml b/extractor/Cargo.toml index c7c42aa..a06e0bb 100644 --- a/extractor/Cargo.toml +++ b/extractor/Cargo.toml @@ -2,23 +2,26 @@ name = "codeql-extractor-iac" version = "0.4.1" authors = ["GitHub"] -edition = "2018" + +edition = "2024" +rust-version = "1.85" # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html [dependencies] # TreeSitter Grammars -tree-sitter = ">= 0.20, < 0.25" -tree-sitter-hcl = { git = "https://github.com/GeekMasher/tree-sitter-hcl", rev = "5e045dd1ff7852511c249c4c5d919d9556751d98" } -tree-sitter-dockerfile = { git = "https://github.com/GeekMasher/tree-sitter-dockerfile", rev = "439c3e7b8a9bfdbf1f7d7c2beaae4173dc484cbf" } -tree-sitter-bicep = { git = "https://github.com/GeekMasher/tree-sitter-bicep", rev = "0092c7d1bd6bb22ce0a6f78497d50ea2b87f19c0" } +tree-sitter = ">= 0.23.0" +tree-sitter-hcl = { path = "./tree-sitter-hcl" } +# tree-sitter-hcl = { git = "https://github.com/GeekMasher/tree-sitter-hcl", rev = "5e045dd1ff7852511c249c4c5d919d9556751d98" } +tree-sitter-dockerfile = { path = "./tree-sitter-dockerfile" } +# tree-sitter-dockerfile = { git = "https://github.com/GeekMasher/tree-sitter-dockerfile", rev = "439c3e7b8a9bfdbf1f7d7c2beaae4173dc484cbf" } -# CodeQL 2.17.0 -codeql-extractor = { git = "https://github.com/github/codeql", rev = "839ca60f90f918b567e192642b0cc3003803f482" } +# CodeQL 2.22.0 +codeql-extractor = { git = "https://github.com/github/codeql", rev = "4d681f05bd671f8b5e31624f16a2b4d75e61c071" } flate2 = "1.1" clap = { version = "4.5", features = ["derive"] } tracing = "0.1" tracing-subscriber = { version = "0.3.19", features = ["env-filter"] } -rayon = "1.10.0" -regex = "1.11.1" +rayon = "1.10" +regex = "1.11" diff --git a/extractor/src/autobuilder.rs b/extractor/src/autobuilder.rs index ac24127..9b69ea5 100644 --- a/extractor/src/autobuilder.rs +++ b/extractor/src/autobuilder.rs @@ -19,7 +19,6 @@ pub fn run(_: Options) -> std::io::Result<()> { ".tf", ".ftvars", // Terraform / HCL files ".Dockerfile", // Docker files - ".bicep", // Bicep files ]) .include_globs(&[ "**/Dockerfile", diff --git a/extractor/src/extractor.rs b/extractor/src/extractor.rs index 414bd27..f5b67e7 100644 --- a/extractor/src/extractor.rs +++ b/extractor/src/extractor.rs @@ -1,8 +1,7 @@ use clap::Args; use std::path::PathBuf; -use codeql_extractor::extractor::simple; -use codeql_extractor::trap; +use codeql_extractor::{extractor::simple, file_paths, trap}; #[derive(Args)] pub struct Options { @@ -16,7 +15,7 @@ pub struct Options { /// A text file containing the paths of the files to extract #[arg(long)] - file_list: PathBuf, + file_list: String, } pub fn run(options: Options) -> std::io::Result<()> { @@ -27,6 +26,9 @@ pub fn run(options: Options) -> std::io::Result<()> { .with_env_filter(tracing_subscriber::EnvFilter::from_default_env()) .init(); + let file_list = file_paths::path_from_string(&options.file_list); + let file_lists: Vec = vec![file_list]; + let extractor = simple::Extractor { prefix: "iac".to_string(), languages: vec![ @@ -42,17 +44,11 @@ pub fn run(options: Options) -> std::io::Result<()> { node_types: tree_sitter_dockerfile::NODE_TYPES, file_globs: vec!["*Dockerfile".into(), "*Containerfile".into()], }, - simple::LanguageSpec { - prefix: "bicep", - ts_language: tree_sitter_bicep::language(), - node_types: tree_sitter_bicep::NODE_TYPES, - file_globs: vec!["*.bicep".into()], - }, ], trap_dir: options.output_dir, trap_compression: trap::Compression::from_env("CODEQL_IAC_TRAP_COMPRESSION"), source_archive_dir: options.source_archive_dir, - file_list: options.file_list, + file_lists, }; extractor.run() diff --git a/extractor/src/generator.rs b/extractor/src/generator.rs index 14d453f..538055c 100644 --- a/extractor/src/generator.rs +++ b/extractor/src/generator.rs @@ -31,10 +31,6 @@ pub fn run(options: Options) -> std::io::Result<()> { name: "DOCKERFILE".to_owned(), node_types: tree_sitter_dockerfile::NODE_TYPES, }, - Language { - name: "BICEP".to_owned(), - node_types: tree_sitter_bicep::NODE_TYPES, - }, ]; generate(languages, options.dbscheme, options.library) diff --git a/extractor/tree-sitter-dockerfile b/extractor/tree-sitter-dockerfile new file mode 160000 index 0000000..f8c1401 --- /dev/null +++ b/extractor/tree-sitter-dockerfile @@ -0,0 +1 @@ +Subproject commit f8c1401d512dab2f4a022d3b81a7b12276508072 diff --git a/extractor/tree-sitter-hcl b/extractor/tree-sitter-hcl new file mode 160000 index 0000000..5b218fd --- /dev/null +++ b/extractor/tree-sitter-hcl @@ -0,0 +1 @@ +Subproject commit 5b218fdbadd5ab0464b0fc0256682fa1c579d33d diff --git a/ql/lib/bicep.qll b/ql/lib/bicep.qll deleted file mode 100644 index f647508..0000000 --- a/ql/lib/bicep.qll +++ /dev/null @@ -1,7 +0,0 @@ -import codeql.Locations -import codeql.files.FileSystem -import codeql.bicep.AST -// Resources -import codeql.bicep.microsoft.Compute -import codeql.bicep.microsoft.Storage -import codeql.bicep.microsoft.Network diff --git a/ql/lib/codeql-pack.lock.yml b/ql/lib/codeql-pack.lock.yml index 87cfce3..69ce09b 100644 --- a/ql/lib/codeql-pack.lock.yml +++ b/ql/lib/codeql-pack.lock.yml @@ -2,7 +2,7 @@ lockVersion: 1.0.0 dependencies: codeql/util: - version: 0.1.2 + version: 1.0.12 codeql/yaml: - version: 0.1.5 + version: 1.0.25 compiled: false diff --git a/ql/lib/codeql/bicep/AST.qll b/ql/lib/codeql/bicep/AST.qll deleted file mode 100644 index 97e2427..0000000 --- a/ql/lib/codeql/bicep/AST.qll +++ /dev/null @@ -1,4 +0,0 @@ -import codeql.bicep.ast.AstNodes -import codeql.bicep.ast.Expr -import codeql.bicep.ast.Literal -import codeql.bicep.ast.Resources diff --git a/ql/lib/codeql/bicep/ast/AstNodes.qll b/ql/lib/codeql/bicep/ast/AstNodes.qll deleted file mode 100644 index 16847a2..0000000 --- a/ql/lib/codeql/bicep/ast/AstNodes.qll +++ /dev/null @@ -1,67 +0,0 @@ -private import codeql.Locations -private import codeql.files.FileSystem -private import codeql.iac.ast.internal.Bicep - -/** An AST node of a Bicep program */ -class BicepAstNode extends TBicepAstNode { - string toString() { result = this.getAPrimaryQlClass() } - - /** Gets the location of the AST node. */ - cached - Location getLocation() { result = this.getFullLocation() } // overridden in some subclasses - - /** Gets the file containing this AST node. */ - cached - File getFile() { result = this.getFullLocation().getFile() } - - /** Gets the location that spans the entire AST node. */ - cached - final Location getFullLocation() { result = toBicepTreeSitter(this).getLocation() } - - predicate hasLocationInfo( - string filepath, int startline, int startcolumn, int endline, int endcolumn - ) { - if exists(this.getLocation()) - then this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) - else ( - filepath = "" and - startline = 0 and - startcolumn = 0 and - endline = 0 and - endcolumn = 0 - ) - } - - /** - * Gets the parent in the AST for this node. - */ - cached - BicepAstNode getParent() { result.getAChild(_) = this } - - /** - * Gets a child of this node, which can also be retrieved using a predicate - * named `pred`. - */ - cached - BicepAstNode getAChild(string pred) { none() } - - /** Gets any child of this node. */ - BicepAstNode getAChild() { result = this.getAChild(_) } - - /** - * Gets the primary QL class for the ast node. - */ - string getAPrimaryQlClass() { result = "???" } -} - -class Comment extends BicepAstNode, TComment { - override string getAPrimaryQlClass() { result = "Comment" } -} - -class Infrastructure extends BicepAstNode, TInfrastructure { - private BICEP::Infrastructure infrastructure; - - override string getAPrimaryQlClass() { result = "Infrastructure" } - - Infrastructure() { this = TInfrastructure(infrastructure) } -} diff --git a/ql/lib/codeql/bicep/ast/Expr.qll b/ql/lib/codeql/bicep/ast/Expr.qll deleted file mode 100644 index 9e6f7d8..0000000 --- a/ql/lib/codeql/bicep/ast/Expr.qll +++ /dev/null @@ -1,122 +0,0 @@ -private import codeql.iac.ast.internal.Bicep -private import codeql.bicep.ast.AstNodes - -class Expr extends BicepAstNode, TExpr { - override string getAPrimaryQlClass() { result = "Expr" } -} - -class Identifier extends Expr, TIdentifier { - private BICEP::Identifier identifier; - - override string getAPrimaryQlClass() { result = "Identifier" } - - Identifier() { this = TIdentifier(identifier) } - - override string toString() { result = this.getName() } - - string getName() { result = identifier.getValue() } -} - -class Expression extends Expr, TExpression { - private BICEP::Expression expression; - - override string getAPrimaryQlClass() { result = "Expression" } - - Expression() { this = TExpression(expression) } -} - -class AssignmentExpr extends Expr, TAssignmentExpression { - BICEP::AssignmentExpression aexpr; - - override string getAPrimaryQlClass() { result = "AssignmentExpr" } - - AssignmentExpr() { this = TAssignmentExpression(aexpr) } -} - -class BinaryExpr extends Expr, TBinaryExpression { - BICEP::BinaryExpression bexpr; - - override string getAPrimaryQlClass() { result = "BinaryExpr" } - - BinaryExpr() { this = TBinaryExpression(bexpr) } -} - -class CallExpr extends Expr, TCallExpression { - BICEP::CallExpression cexpr; - - override string getAPrimaryQlClass() { result = "CallExpr" } - - CallExpr() { this = TCallExpression(cexpr) } -} - -class LambdaExpr extends Expr, TLambdaExpression { - BICEP::LambdaExpression lexpr; - - override string getAPrimaryQlClass() { result = "LambdaExpr" } - - LambdaExpr() { this = TLambdaExpression(lexpr) } -} - -class MemberExpr extends Expr, TMemberExpression { - BICEP::MemberExpression mexpr; - - override string getAPrimaryQlClass() { result = "MemberExpr" } - - MemberExpr() { this = TMemberExpression(mexpr) } - - Expr getObject() { toBicepTreeSitter(result) = mexpr.getObject() } - - PropertyIdentifier getProperty() { toBicepTreeSitter(result) = mexpr.getProperty() } -} - -class ParenthesizedExpr extends Expr, TParenthesizedExpression { - BICEP::ParenthesizedExpression pexpr; - - override string getAPrimaryQlClass() { result = "ParenthesizedExpr" } - - ParenthesizedExpr() { this = TParenthesizedExpression(pexpr) } -} - -class ResourceExpr extends Expr, TResourceExpression { - BICEP::ResourceExpression rexpr; - - override string getAPrimaryQlClass() { result = "ResourceExpr" } - - ResourceExpr() { this = TResourceExpression(rexpr) } -} - -class SubscriptExpr extends Expr, TSubscriptExpression { - BICEP::SubscriptExpression sexpr; - - override string getAPrimaryQlClass() { result = "SubscriptExpr" } - - SubscriptExpr() { this = TSubscriptExpression(sexpr) } -} - -class TerenaryExpr extends Expr, TTernaryExpression { - BICEP::TernaryExpression texpr; - - override string getAPrimaryQlClass() { result = "TerenaryExpr" } - - TerenaryExpr() { this = TTernaryExpression(texpr) } -} - -class UnaryExpr extends Expr, TUnaryExpression { - BICEP::UnaryExpression uexpr; - - override string getAPrimaryQlClass() { result = "UnaryExpr" } - - UnaryExpr() { this = TUnaryExpression(uexpr) } -} - -class PropertyIdentifier extends Expr, TPropertyIdentifier { - BICEP::PropertyIdentifier pidentifier; - - override string getAPrimaryQlClass() { result = "PropertyIdentifier" } - - PropertyIdentifier() { this = TPropertyIdentifier(pidentifier) } - - override string toString() { result = this.getName() } - - string getName() { result = pidentifier.getValue() } -} diff --git a/ql/lib/codeql/bicep/ast/Literal.qll b/ql/lib/codeql/bicep/ast/Literal.qll deleted file mode 100644 index d50c6eb..0000000 --- a/ql/lib/codeql/bicep/ast/Literal.qll +++ /dev/null @@ -1,60 +0,0 @@ -private import codeql.iac.ast.internal.Bicep -private import codeql.bicep.ast.AstNodes - -class Literal extends BicepAstNode, TLiteral { - override string getAPrimaryQlClass() { result = "Literal" } - - string getValue() { none() } - - override string toString() { result = this.getValue() } -} - -class NumberLiteral extends Literal, TNumber { - private BICEP::Number literal; - - override string getAPrimaryQlClass() { result = "NumberLiteral" } - - NumberLiteral() { this = TNumber(literal) } -} - -class NullLiteral extends Literal, TNull { - private BICEP::Null literal; - - override string getAPrimaryQlClass() { result = "NullLiteral" } - - NullLiteral() { this = TNull(literal) } -} - -class BooleanLiteral extends Literal, TBoolean { - private BICEP::Boolean literal; - - override string getAPrimaryQlClass() { result = "BooleanLiteral" } - - BooleanLiteral() { this = TBoolean(literal) } - - boolean getBool() { result.toString() = literal.getValue() } -} - -class StringLiteral extends Literal, TString { - private BICEP::String literal; - - override string getAPrimaryQlClass() { result = "StringLiteral" } - - StringLiteral() { this = TString(literal) } - - override string getValue() { - exists(StringContent c | toBicepTreeSitter(c) = literal.getAFieldOrChild() | - result = c.getValue() - ) - } -} - -class StringContent extends Literal, TStringContent { - private BICEP::StringContent literal; - - override string getAPrimaryQlClass() { result = "StringContent" } - - StringContent() { this = TStringContent(literal) } - - override string getValue() { result = literal.getValue() } -} diff --git a/ql/lib/codeql/bicep/ast/Object.qll b/ql/lib/codeql/bicep/ast/Object.qll deleted file mode 100644 index 352f558..0000000 --- a/ql/lib/codeql/bicep/ast/Object.qll +++ /dev/null @@ -1,47 +0,0 @@ -private import codeql.iac.ast.internal.Bicep -private import codeql.bicep.ast.AstNodes -private import codeql.bicep.ast.Literal -private import codeql.bicep.ast.Expr - -class Object extends Expr, TObject { - private BICEP::Object object; - - override string getAPrimaryQlClass() { result = "Object" } - - Object() { this = TObject(object) } - - ObjectProperty getProperties() { toBicepTreeSitter(result) = object.getAFieldOrChild() } - - Expr getProperty(string name) { - exists(ObjectProperty prop | object.getAFieldOrChild() = toBicepTreeSitter(prop) | - prop.getKey().(Identifier).getName() = name and - result = prop.getValue() - ) - } -} - -class ObjectProperty extends BicepAstNode, TObjectProperty { - private BICEP::ObjectProperty property; - - override string getAPrimaryQlClass() { result = "ObjectProperty" } - - ObjectProperty() { this = TObjectProperty(property) } - - override string toString() { result = this.getKey().getName() + " = " + this.getValue() } - - Identifier getKey() { toBicepTreeSitter(result) = property.getChild(0) } - - Expr getValue() { toBicepTreeSitter(result) = property.getChild(1) } -} - -class Array extends Expr, TArray { - private BICEP::Array array; - - override string getAPrimaryQlClass() { result = "Array" } - - Array() { this = TArray(array) } - - Expr getElements() { toBicepTreeSitter(result) = array.getAFieldOrChild() } - - Expr getElement(int index) { toBicepTreeSitter(result) = array.getChild(index) } -} diff --git a/ql/lib/codeql/bicep/ast/Resources.qll b/ql/lib/codeql/bicep/ast/Resources.qll deleted file mode 100644 index 60e0eb2..0000000 --- a/ql/lib/codeql/bicep/ast/Resources.qll +++ /dev/null @@ -1,50 +0,0 @@ -private import codeql.iac.ast.internal.Bicep -private import codeql.bicep.ast.AstNodes -private import codeql.bicep.ast.Literal -private import codeql.bicep.ast.Object -private import codeql.bicep.ast.Expr - -Resource resolveResource(Expr expr) { - exists(Resource resource | - // Object having an id property needs to be resolved - // {resource.id}.id - exists(MemberExpr memexpr | - memexpr = expr.(Object).getProperty("id") and - memexpr.getObject().(Identifier).getName() = resource.getIdentifier().(Identifier).getName() - | - result = resource - ) - or - exists(Identifier ident | - ident = expr and - ident.getName() = resource.getIdentifier().(Identifier).getName() - | - result = resource - ) - ) -} - -class Resource extends BicepAstNode, TResourceDeclaration { - private BICEP::ResourceDeclaration resource; - - override string getAPrimaryQlClass() { result = "ResourceDeclaration" } - - Resource() { this = TResourceDeclaration(resource) } - - string getResourceType() { - exists(StringLiteral s | toBicepTreeSitter(s) = resource.getAFieldOrChild() | - result = s.getValue() - ) - } - - /** - * A name given to the resource instance that is unique within the template. - */ - Identifier getIdentifier() { toBicepTreeSitter(result) = resource.getChild(0) } - - Object getBody() { toBicepTreeSitter(result) = resource.getAFieldOrChild() } - - Expr getProperty(string name) { result = this.getBody().getProperty(name) } - - override Resource getParent() { result = resolveResource(this.getProperty("parent")) } -} diff --git a/ql/lib/codeql/bicep/microsoft/Compute.qll b/ql/lib/codeql/bicep/microsoft/Compute.qll deleted file mode 100644 index 2d9cfce..0000000 --- a/ql/lib/codeql/bicep/microsoft/Compute.qll +++ /dev/null @@ -1,135 +0,0 @@ -private import codeql.Locations -private import codeql.bicep.ast.Expr -private import codeql.bicep.ast.Object -private import codeql.bicep.ast.Resources -private import codeql.bicep.ast.Literal -private import codeql.bicep.microsoft.Network - -/** - * A resource of type Microsoft.Compute/virtualMachines - */ -module Compute { - class ComputeResource extends Resource { - ComputeResource() { this.getResourceType().regexpMatch("^Microsoft.Compute/.*") } - } - - /** - * A resource of type Microsoft.Compute/virtualMachines - * https://learn.microsoft.com/en-us/azure/templates/microsoft.compute/virtualmachines - */ - class VirtualMachines extends ComputeResource { - VirtualMachines() { - this.getResourceType().regexpMatch("^Microsoft.Compute/virtualMachines@.*") - } - - override string toString() { result = "VirtualMachines Resource" } - - VirtualMachinesProperties::Properties getProperties() { - result = this.getProperty("properties") - } - - /** - * The the hardware network interfaces of the virtual machine - */ - Network::NetworkInterfaces getNetworkInterfaces() { - result = this.getProperties().getNetworkProfile().getNetworkInterfaces() - } - } - - /** - * The properties module for Microsoft.Compute/virtualMachines - */ - module VirtualMachinesProperties { - /** - * The properties object for the Microsoft.Compute/virtualMachines type - */ - class Properties extends Object { - private VirtualMachines virtualMachines; - - Properties() { this = virtualMachines.getProperty("properties") } - - VirtualMachines getVirtualMachine() { result = virtualMachines } - - HardwareProfile getHardwareProfile() { result = this.getProperty("hardwareProfile") } - - NetworkProfile getNetworkProfile() { result = this.getProperty("networkProfile") } - - OsProfile getOsProfile() { result = this.getProperty("osProfile") } - } - - /** - * The hardwareProfile property object for the Microsoft.Compute/virtualMachines type - */ - class HardwareProfile extends Object { - private Properties properties; - - HardwareProfile() { this = properties.getProperty("hardwareProfile") } - - override string toString() { result = "HardwareProfile" } - - Expr getVmSize() { result = this.getProperty("vmSize") } - } - - /** - * A NetworkProfile for the Microsoft.Compute/virtualMachines type - */ - class NetworkProfile extends Object { - private Properties properties; - - NetworkProfile() { this = properties.getProperty("networkProfile") } - - override string toString() { result = "NetworkProfile" } - - Network::NetworkInterfaces getNetworkInterfaces() { - result = resolveResource(this.getNetworkInterfacesObject()) - } - - private Object getNetworkInterfacesObject() { - result = this.getProperty("networkInterfaces").(Array).getElements() - } - } - - /** - */ - class StorageProfile extends Object { - private Properties properties; - - StorageProfile() { this = properties.getProperty("storageProfile") } - - ImageReference getImageReference() { result = this.getProperty("imageReference") } - } - - /** - * A ImageReference for the Microsoft.Compute/virtualMachines type - * https://learn.microsoft.com/en-us/azure/templates/microsoft.compute/virtualmachines?pivots=deployment-language-bicep#imagereference - */ - class ImageReference extends Object { - private StorageProfile storageProfile; - - ImageReference() { this = storageProfile.getProperty("imageReference") } - - Expr getPublisher() { result = this.getProperty("publisher") } - - Expr getOffer() { result = this.getProperty("offer") } - - Expr getSku() { result = this.getProperty("sku") } - - Expr getVersion() { result = this.getProperty("version") } - } - - /** - * The OsProfile object for the Microsoft.Compute/virtualMachines type - */ - class OsProfile extends Object { - private Properties properties; - - OsProfile() { this = properties.getProperty("osProfile") } - - Expr getComputerName() { result = this.getProperty("computerName") } - - Expr getAdminUsername() { result = this.getProperty("adminUsername") } - - Expr getAdminPassword() { result = this.getProperty("adminPassword") } - } - } -} diff --git a/ql/lib/codeql/bicep/microsoft/Network.qll b/ql/lib/codeql/bicep/microsoft/Network.qll deleted file mode 100644 index b8f72b2..0000000 --- a/ql/lib/codeql/bicep/microsoft/Network.qll +++ /dev/null @@ -1,119 +0,0 @@ -private import codeql.Locations -private import codeql.bicep.ast.Expr -private import codeql.bicep.ast.Object -private import codeql.bicep.ast.Resources -private import codeql.bicep.ast.Literal - -module Network { - /** - * A resource of type Microsoft.Network - */ - class NetworkResource extends Resource { - NetworkResource() { this.getResourceType().regexpMatch("^Microsoft.Network/.*") } - } - - /** - * A resource of type Microsoft.Network/networkInterfaces - */ - class NetworkInterfaces extends NetworkResource { - NetworkInterfaces() { - this.getResourceType().regexpMatch("^Microsoft.Network/networkInterfaces@.*") - } - - override string toString() { result = "NetworkInterfaces Resource" } - - NetworkInterfaceProperties::Properties getProperties() { - result = this.getProperty("properties") - } - } - - /** - * A module for all properties of Microsoft.Network/networkInterfaces - */ - module NetworkInterfaceProperties { - /** - * The properties object for the Microsoft.Network/networkInterfaces type - */ - class Properties extends Object { - private NetworkInterfaces networkInterfaces; - - Properties() { this = networkInterfaces.getProperty("properties") } - - IpConfiguration getIpConfigurations() { - result = this.getProperty("ipConfigurations").(Array).getElements() - } - } - - /** - * An IpConfiguration for the Microsoft.Network/networkInterfaces type - * https://learn.microsoft.com/en-us/azure/templates/microsoft.compute/virtualmachines?pivots=deployment-language-bicep#virtualmachinenetworkinterfaceipconfigurationproperties - */ - class IpConfiguration extends Object { - private Properties properties; - - IpConfiguration() { this = properties.getProperty("ipConfigurations").(Array).getElements() } - - string getName() { result = this.getProperty("name").(StringLiteral).getValue() } - } - } - - /** - * A resource of type Microsoft.Network/virtualNetworks - */ - class VirtualNetworks extends NetworkResource { - VirtualNetworks() { - this.getResourceType().regexpMatch("^Microsoft.Network/virtualNetworks@.*") - } - - override string toString() { result = "VirtualNetworks Resource" } - - /** - * Get the properties object for the Microsoft.Network/virtualNetworks type - */ - VirtualNetworkProperties::Properties getProperties() { result = this.getProperty("properties") } - } - - /** - * A resource of type Microsoft.Network/virtualNetworks/subnets - */ - class VirtualNetworkSubnets extends Resource { - VirtualNetworkSubnets() { - this.getResourceType().regexpMatch("^Microsoft.Network/virtualNetworks/subnets@.*") - } - } - - module VirtualNetworkProperties { - /** - * The properties object for the Microsoft.Network/virtualNetworks/subnets type - */ - class Properties extends Object { - private VirtualNetworkSubnets virtualNetworkSubnets; - - Properties() { this = virtualNetworkSubnets.getProperty("properties") } - - AddressSpace getAddressSpace() { result = this.getProperty("addressSpace") } - - boolean getEnableDdosProtection() { - result = this.getProperty("enableDdosProtection").(BooleanLiteral).getBool() - } - - boolean getEnableVmProtection() { - result = this.getProperty("enableVmProtection").(BooleanLiteral).getBool() - } - } - - /** - * An AddressSpace for the Microsoft.Network/virtualNetworks type - */ - class AddressSpace extends Object { - private Properties properties; - - AddressSpace() { this = properties.getProperty("addressSpace") } - - string getAddressPrefixes() { - result = - this.getProperty("addressPrefixes").(Array).getElements().(StringLiteral).getValue() - } - } - } -} diff --git a/ql/lib/codeql/bicep/microsoft/Storage.qll b/ql/lib/codeql/bicep/microsoft/Storage.qll deleted file mode 100644 index 7db37aa..0000000 --- a/ql/lib/codeql/bicep/microsoft/Storage.qll +++ /dev/null @@ -1,60 +0,0 @@ -private import codeql.Locations -private import codeql.bicep.ast.Expr -private import codeql.bicep.ast.Object -private import codeql.bicep.ast.Resources -private import codeql.bicep.ast.Literal - -module Storage { - class StorageAccounts extends Resource { - StorageAccounts() { - this.getResourceType().regexpMatch("^Microsoft.Storage/storageAccounts@.*") - } - - Expr getKind() { result = this.getProperty("kind") } - } - - class StorageAccountsProperties extends Object { - private StorageAccounts storageAccounts; - - StorageAccountsProperties() { this = storageAccounts.getProperty("properties") } - - boolean getSupportsHttpsTrafficOnly() { - result = this.getProperty("supportsHttpsTrafficOnly").(BooleanLiteral).getBool() - } - } - - /** - * A resource of type Microsoft.Compute/disks - */ - class Disks extends Resource { - Disks() { this.getResourceType().regexpMatch("^Microsoft.Compute/disks@.*") } - } - - /** - * The Disk Properties object for the Microsoft.Compute/disks type - */ - class DisksProperties extends Object { - private Disks disks; - - DisksProperties() { this = disks.getProperty("properties") } - - Object getEncryptionSettings() { result = this.getProperty("encryptionSettingsCollection") } - - boolean getEncryptionEnabled() { - result = this.getEncryptionSettings().getProperty("enabled").(BooleanLiteral).getBool() - } - } - - class BlobServiceContainers extends Resource { - BlobServiceContainers() { - this.getResourceType() - .regexpMatch("^Microsoft.Storage/storageAccounts/blobServices/containers@.*") - } - - Object getProperties() { result = this.getProperty("properties") } - - string getPublicAccess() { - result = this.getProperties().getProperty("publicAccess").(StringLiteral).getValue() - } - } -} diff --git a/ql/lib/codeql/iac/ast/Bicep.qll b/ql/lib/codeql/iac/ast/Bicep.qll deleted file mode 100644 index dc25f90..0000000 --- a/ql/lib/codeql/iac/ast/Bicep.qll +++ /dev/null @@ -1 +0,0 @@ -import codeql.bicep.AST diff --git a/ql/lib/codeql/iac/ast/internal/AstNodes.qll b/ql/lib/codeql/iac/ast/internal/AstNodes.qll index f368acf..c6c2e1b 100644 --- a/ql/lib/codeql/iac/ast/internal/AstNodes.qll +++ b/ql/lib/codeql/iac/ast/internal/AstNodes.qll @@ -8,5 +8,4 @@ import Container cached newtype TAstNode = THclAstNode(HCL::AstNode node) or - TBicepAstNode(BICEP::AstNode node) or TContainerAstNode(DOCKERFILE::AstNode node) diff --git a/ql/lib/codeql/iac/ast/internal/Bicep.qll b/ql/lib/codeql/iac/ast/internal/Bicep.qll deleted file mode 100644 index 6060c8e..0000000 --- a/ql/lib/codeql/iac/ast/internal/Bicep.qll +++ /dev/null @@ -1,73 +0,0 @@ -import TreeSitter - -cached -newtype TBicepAstNode = - TComment(BICEP::Comment c) or - TInfrastructure(BICEP::Infrastructure i) or - // Literals - TBoolean(BICEP::Boolean b) or - TNull(BICEP::Null n) or - TNumber(BICEP::Number n) or - TString(BICEP::String s) or - TStringContent(BICEP::StringContent s) or - // Expressions - TAssignmentExpression(BICEP::AssignmentExpression a) or - TArray(BICEP::Array a) or - TBinaryExpression(BICEP::BinaryExpression b) or - TCallExpression(BICEP::CallExpression c) or - TExpression(BICEP::Expression e) or - TLambdaExpression(BICEP::LambdaExpression l) or - TMemberExpression(BICEP::MemberExpression m) or - TParenthesizedExpression(BICEP::ParenthesizedExpression p) or - TPrimaryExpression(BICEP::PrimaryExpression p) or - TResourceExpression(BICEP::ResourceExpression r) or - TSubscriptExpression(BICEP::SubscriptExpression s) or - TTernaryExpression(BICEP::TernaryExpression t) or - TUnaryExpression(BICEP::UnaryExpression u) or - TPropertyIdentifier(BICEP::PropertyIdentifier p) or - // Declarations - TResourceDeclaration(BICEP::ResourceDeclaration r) or - TObject(BICEP::Object o) or - TObjectProperty(BICEP::ObjectProperty p) or - TIdentifier(BICEP::Identifier i) - -class TLiteral = TBoolean or TNull or TNumber or TString or TStringContent; - -class TDeclaration = TResourceDeclaration or TObject or TObjectProperty or TIdentifier; - -class TIdentifiers = TIdentifier or TPropertyIdentifier; - -class TExpr = - TLiteral or TArray or TAssignmentExpression or TBinaryExpression or TCallExpression or - TExpression or TLambdaExpression or TMemberExpression or TParenthesizedExpression or - TResourceExpression or TSubscriptExpression or TTernaryExpression or TUnaryExpression or - TIdentifiers or TObject or TObjectProperty; - -cached -BICEP::AstNode toBicepTreeSitter(TBicepAstNode n) { - n = TComment(result) or - n = TInfrastructure(result) or - n = TBoolean(result) or - n = TNull(result) or - n = TNumber(result) or - n = TString(result) or - n = TStringContent(result) or - n = TAssignmentExpression(result) or - n = TArray(result) or - n = TBinaryExpression(result) or - n = TCallExpression(result) or - n = TExpression(result) or - n = TLambdaExpression(result) or - n = TMemberExpression(result) or - n = TParenthesizedExpression(result) or - n = TPrimaryExpression(result) or - n = TResourceExpression(result) or - n = TSubscriptExpression(result) or - n = TTernaryExpression(result) or - n = TUnaryExpression(result) or - n = TResourceDeclaration(result) or - n = TObject(result) or - n = TObjectProperty(result) or - n = TIdentifier(result) or - n = TPropertyIdentifier(result) -} diff --git a/ql/lib/codeql/iac/ast/internal/TreeSitter.qll b/ql/lib/codeql/iac/ast/internal/TreeSitter.qll index bd08235..3530285 100644 --- a/ql/lib/codeql/iac/ast/internal/TreeSitter.qll +++ b/ql/lib/codeql/iac/ast/internal/TreeSitter.qll @@ -1228,833 +1228,3 @@ module DOCKERFILE { final override AstNode getAFieldOrChild() { dockerfile_workdir_instruction_def(this, result) } } } - -module BICEP { - /** The base class for all AST nodes */ - class AstNode extends @bicep_ast_node { - /** Gets a string representation of this element. */ - string toString() { result = this.getAPrimaryQlClass() } - - /** Gets the location of this element. */ - final L::Location getLocation() { bicep_ast_node_location(this, result) } - - /** Gets the parent of this element. */ - final AstNode getParent() { bicep_ast_node_parent(this, result, _) } - - /** Gets the index of this node among the children of its parent. */ - final int getParentIndex() { bicep_ast_node_parent(this, _, result) } - - /** Gets a field or child node of this node. */ - AstNode getAFieldOrChild() { none() } - - /** Gets the name of the primary QL class for this element. */ - string getAPrimaryQlClass() { result = "???" } - - /** Gets a comma-separated list of the names of the primary CodeQL classes to which this element belongs. */ - string getPrimaryQlClasses() { result = concat(this.getAPrimaryQlClass(), ",") } - } - - /** A token. */ - class Token extends @bicep_token, AstNode { - /** Gets the value of this token. */ - final string getValue() { bicep_tokeninfo(this, _, result) } - - /** Gets a string representation of this element. */ - final override string toString() { result = this.getValue() } - - /** Gets the name of the primary QL class for this element. */ - override string getAPrimaryQlClass() { result = "Token" } - } - - /** A reserved word. */ - class ReservedWord extends @bicep_reserved_word, Token { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "ReservedWord" } - } - - /** A class representing `arguments` nodes. */ - class Arguments extends @bicep_arguments, AstNode { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "Arguments" } - - /** Gets the `i`th child of this node. */ - final Expression getChild(int i) { bicep_arguments_child(this, i, result) } - - /** Gets a field or child node of this node. */ - final override AstNode getAFieldOrChild() { bicep_arguments_child(this, _, result) } - } - - /** A class representing `array` nodes. */ - class Array extends @bicep_array, AstNode { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "Array" } - - /** Gets the `i`th child of this node. */ - final AstNode getChild(int i) { bicep_array_child(this, i, result) } - - /** Gets a field or child node of this node. */ - final override AstNode getAFieldOrChild() { bicep_array_child(this, _, result) } - } - - /** A class representing `array_type` nodes. */ - class ArrayType extends @bicep_array_type, AstNode { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "ArrayType" } - - /** Gets the child of this node. */ - final Type getChild() { bicep_array_type_def(this, result) } - - /** Gets a field or child node of this node. */ - final override AstNode getAFieldOrChild() { bicep_array_type_def(this, result) } - } - - /** A class representing `assert_statement` nodes. */ - class AssertStatement extends @bicep_assert_statement, AstNode { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "AssertStatement" } - - /** Gets the node corresponding to the field `name`. */ - final Identifier getName() { bicep_assert_statement_def(this, result, _) } - - /** Gets the child of this node. */ - final Expression getChild() { bicep_assert_statement_def(this, _, result) } - - /** Gets a field or child node of this node. */ - final override AstNode getAFieldOrChild() { - bicep_assert_statement_def(this, result, _) or bicep_assert_statement_def(this, _, result) - } - } - - /** A class representing `assignment_expression` nodes. */ - class AssignmentExpression extends @bicep_assignment_expression, AstNode { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "AssignmentExpression" } - - /** Gets the node corresponding to the field `left`. */ - final AstNode getLeft() { bicep_assignment_expression_def(this, result, _) } - - /** Gets the node corresponding to the field `right`. */ - final Expression getRight() { bicep_assignment_expression_def(this, _, result) } - - /** Gets a field or child node of this node. */ - final override AstNode getAFieldOrChild() { - bicep_assignment_expression_def(this, result, _) or - bicep_assignment_expression_def(this, _, result) - } - } - - /** A class representing `binary_expression` nodes. */ - class BinaryExpression extends @bicep_binary_expression, AstNode { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "BinaryExpression" } - - /** Gets the node corresponding to the field `left`. */ - final Expression getLeft() { bicep_binary_expression_def(this, result, _, _) } - - /** Gets the node corresponding to the field `operator`. */ - final string getOperator() { - exists(int value | bicep_binary_expression_def(this, _, value, _) | - result = "!=" and value = 0 - or - result = "!~" and value = 1 - or - result = "%" and value = 2 - or - result = "&&" and value = 3 - or - result = "*" and value = 4 - or - result = "+" and value = 5 - or - result = "-" and value = 6 - or - result = "/" and value = 7 - or - result = "<" and value = 8 - or - result = "<=" and value = 9 - or - result = "==" and value = 10 - or - result = "=~" and value = 11 - or - result = ">" and value = 12 - or - result = ">=" and value = 13 - or - result = "??" and value = 14 - or - result = "|" and value = 15 - or - result = "||" and value = 16 - ) - } - - /** Gets the node corresponding to the field `right`. */ - final Expression getRight() { bicep_binary_expression_def(this, _, _, result) } - - /** Gets a field or child node of this node. */ - final override AstNode getAFieldOrChild() { - bicep_binary_expression_def(this, result, _, _) or - bicep_binary_expression_def(this, _, _, result) - } - } - - /** A class representing `boolean` tokens. */ - class Boolean extends @bicep_token_boolean, Token { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "Boolean" } - } - - /** A class representing `call_expression` nodes. */ - class CallExpression extends @bicep_call_expression, AstNode { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "CallExpression" } - - /** Gets the node corresponding to the field `arguments`. */ - final Arguments getArguments() { bicep_call_expression_def(this, result, _) } - - /** Gets the node corresponding to the field `function`. */ - final Expression getFunction() { bicep_call_expression_def(this, _, result) } - - /** Gets the child of this node. */ - final NullableReturnType getChild() { bicep_call_expression_child(this, result) } - - /** Gets a field or child node of this node. */ - final override AstNode getAFieldOrChild() { - bicep_call_expression_def(this, result, _) or - bicep_call_expression_def(this, _, result) or - bicep_call_expression_child(this, result) - } - } - - /** A class representing `comment` tokens. */ - class Comment extends @bicep_token_comment, Token { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "Comment" } - } - - /** A class representing `compatible_identifier` nodes. */ - class CompatibleIdentifier extends @bicep_compatible_identifier, AstNode { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "CompatibleIdentifier" } - - /** Gets the child of this node. */ - final Identifier getChild() { bicep_compatible_identifier_def(this, result) } - - /** Gets a field or child node of this node. */ - final override AstNode getAFieldOrChild() { bicep_compatible_identifier_def(this, result) } - } - - class Declaration extends @bicep_declaration, AstNode { } - - /** A class representing `decorator` nodes. */ - class Decorator extends @bicep_decorator, AstNode { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "Decorator" } - - /** Gets the child of this node. */ - final CallExpression getChild() { bicep_decorator_def(this, result) } - - /** Gets a field or child node of this node. */ - final override AstNode getAFieldOrChild() { bicep_decorator_def(this, result) } - } - - /** A class representing `decorators` nodes. */ - class Decorators extends @bicep_decorators, AstNode { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "Decorators" } - - /** Gets the `i`th child of this node. */ - final Decorator getChild(int i) { bicep_decorators_child(this, i, result) } - - /** Gets a field or child node of this node. */ - final override AstNode getAFieldOrChild() { bicep_decorators_child(this, _, result) } - } - - /** A class representing `diagnostic_comment` tokens. */ - class DiagnosticComment extends @bicep_token_diagnostic_comment, Token { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "DiagnosticComment" } - } - - /** A class representing `escape_sequence` tokens. */ - class EscapeSequence extends @bicep_token_escape_sequence, Token { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "EscapeSequence" } - } - - class Expression extends @bicep_expression, AstNode { } - - /** A class representing `for_loop_parameters` nodes. */ - class ForLoopParameters extends @bicep_for_loop_parameters, AstNode { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "ForLoopParameters" } - - /** Gets the `i`th child of this node. */ - final AstNode getChild(int i) { bicep_for_loop_parameters_child(this, i, result) } - - /** Gets a field or child node of this node. */ - final override AstNode getAFieldOrChild() { bicep_for_loop_parameters_child(this, _, result) } - } - - /** A class representing `for_statement` nodes. */ - class ForStatement extends @bicep_for_statement, AstNode { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "ForStatement" } - - /** Gets the node corresponding to the field `body`. */ - final AstNode getBody() { bicep_for_statement_def(this, result) } - - /** Gets the node corresponding to the field `initializer`. */ - final Identifier getInitializer() { bicep_for_statement_initializer(this, result) } - - /** Gets the `i`th child of this node. */ - final AstNode getChild(int i) { bicep_for_statement_child(this, i, result) } - - /** Gets a field or child node of this node. */ - final override AstNode getAFieldOrChild() { - bicep_for_statement_def(this, result) or - bicep_for_statement_initializer(this, result) or - bicep_for_statement_child(this, _, result) - } - } - - /** A class representing `identifier` tokens. */ - class Identifier extends @bicep_token_identifier, Token { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "Identifier" } - } - - /** A class representing `if_statement` nodes. */ - class IfStatement extends @bicep_if_statement, AstNode { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "IfStatement" } - - /** Gets the `i`th child of this node. */ - final AstNode getChild(int i) { bicep_if_statement_child(this, i, result) } - - /** Gets a field or child node of this node. */ - final override AstNode getAFieldOrChild() { bicep_if_statement_child(this, _, result) } - } - - /** A class representing `import_functionality` nodes. */ - class ImportFunctionality extends @bicep_import_functionality, AstNode { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "ImportFunctionality" } - - /** Gets the `i`th child of this node. */ - final AstNode getChild(int i) { bicep_import_functionality_child(this, i, result) } - - /** Gets a field or child node of this node. */ - final override AstNode getAFieldOrChild() { bicep_import_functionality_child(this, _, result) } - } - - /** A class representing `import_statement` nodes. */ - class ImportStatement extends @bicep_import_statement, AstNode { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "ImportStatement" } - - /** Gets the `i`th child of this node. */ - final AstNode getChild(int i) { bicep_import_statement_child(this, i, result) } - - /** Gets a field or child node of this node. */ - final override AstNode getAFieldOrChild() { bicep_import_statement_child(this, _, result) } - } - - /** A class representing `import_with_statement` nodes. */ - class ImportWithStatement extends @bicep_import_with_statement, AstNode { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "ImportWithStatement" } - - /** Gets the `i`th child of this node. */ - final AstNode getChild(int i) { bicep_import_with_statement_child(this, i, result) } - - /** Gets a field or child node of this node. */ - final override AstNode getAFieldOrChild() { bicep_import_with_statement_child(this, _, result) } - } - - /** A class representing `infrastructure` nodes. */ - class Infrastructure extends @bicep_infrastructure, AstNode { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "Infrastructure" } - - /** Gets the `i`th child of this node. */ - final Statement getChild(int i) { bicep_infrastructure_child(this, i, result) } - - /** Gets a field or child node of this node. */ - final override AstNode getAFieldOrChild() { bicep_infrastructure_child(this, _, result) } - } - - /** A class representing `interpolation` nodes. */ - class Interpolation extends @bicep_interpolation, AstNode { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "Interpolation" } - - /** Gets the child of this node. */ - final Expression getChild() { bicep_interpolation_def(this, result) } - - /** Gets a field or child node of this node. */ - final override AstNode getAFieldOrChild() { bicep_interpolation_def(this, result) } - } - - /** A class representing `lambda_expression` nodes. */ - class LambdaExpression extends @bicep_lambda_expression, AstNode { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "LambdaExpression" } - - /** Gets the `i`th child of this node. */ - final Expression getChild(int i) { bicep_lambda_expression_child(this, i, result) } - - /** Gets a field or child node of this node. */ - final override AstNode getAFieldOrChild() { bicep_lambda_expression_child(this, _, result) } - } - - /** A class representing `loop_enumerator` tokens. */ - class LoopEnumerator extends @bicep_token_loop_enumerator, Token { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "LoopEnumerator" } - } - - /** A class representing `loop_variable` tokens. */ - class LoopVariable extends @bicep_token_loop_variable, Token { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "LoopVariable" } - } - - /** A class representing `member_expression` nodes. */ - class MemberExpression extends @bicep_member_expression, AstNode { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "MemberExpression" } - - /** Gets the node corresponding to the field `object`. */ - final AstNode getObject() { bicep_member_expression_def(this, result, _) } - - /** Gets the node corresponding to the field `property`. */ - final PropertyIdentifier getProperty() { bicep_member_expression_def(this, _, result) } - - /** Gets a field or child node of this node. */ - final override AstNode getAFieldOrChild() { - bicep_member_expression_def(this, result, _) or bicep_member_expression_def(this, _, result) - } - } - - /** A class representing `metadata_declaration` nodes. */ - class MetadataDeclaration extends @bicep_metadata_declaration, AstNode { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "MetadataDeclaration" } - - /** Gets the `i`th child of this node. */ - final AstNode getChild(int i) { bicep_metadata_declaration_child(this, i, result) } - - /** Gets a field or child node of this node. */ - final override AstNode getAFieldOrChild() { bicep_metadata_declaration_child(this, _, result) } - } - - /** A class representing `module_declaration` nodes. */ - class ModuleDeclaration extends @bicep_module_declaration, AstNode { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "ModuleDeclaration" } - - /** Gets the `i`th child of this node. */ - final AstNode getChild(int i) { bicep_module_declaration_child(this, i, result) } - - /** Gets a field or child node of this node. */ - final override AstNode getAFieldOrChild() { bicep_module_declaration_child(this, _, result) } - } - - /** A class representing `negated_type` nodes. */ - class NegatedType extends @bicep_negated_type, AstNode { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "NegatedType" } - - /** Gets the child of this node. */ - final Type getChild() { bicep_negated_type_def(this, result) } - - /** Gets a field or child node of this node. */ - final override AstNode getAFieldOrChild() { bicep_negated_type_def(this, result) } - } - - /** A class representing `null` tokens. */ - class Null extends @bicep_token_null, Token { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "Null" } - } - - /** A class representing `nullable_return_type` tokens. */ - class NullableReturnType extends @bicep_token_nullable_return_type, Token { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "NullableReturnType" } - } - - /** A class representing `nullable_type` nodes. */ - class NullableType extends @bicep_nullable_type, AstNode { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "NullableType" } - - /** Gets the child of this node. */ - final AstNode getChild() { bicep_nullable_type_def(this, result) } - - /** Gets a field or child node of this node. */ - final override AstNode getAFieldOrChild() { bicep_nullable_type_def(this, result) } - } - - /** A class representing `number` tokens. */ - class Number extends @bicep_token_number, Token { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "Number" } - } - - /** A class representing `object` nodes. */ - class Object extends @bicep_object, AstNode { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "Object" } - - /** Gets the `i`th child of this node. */ - final AstNode getChild(int i) { bicep_object_child(this, i, result) } - - /** Gets a field or child node of this node. */ - final override AstNode getAFieldOrChild() { bicep_object_child(this, _, result) } - } - - /** A class representing `object_property` nodes. */ - class ObjectProperty extends @bicep_object_property, AstNode { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "ObjectProperty" } - - /** Gets the `i`th child of this node. */ - final AstNode getChild(int i) { bicep_object_property_child(this, i, result) } - - /** Gets a field or child node of this node. */ - final override AstNode getAFieldOrChild() { bicep_object_property_child(this, _, result) } - } - - /** A class representing `output_declaration` nodes. */ - class OutputDeclaration extends @bicep_output_declaration, AstNode { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "OutputDeclaration" } - - /** Gets the `i`th child of this node. */ - final AstNode getChild(int i) { bicep_output_declaration_child(this, i, result) } - - /** Gets a field or child node of this node. */ - final override AstNode getAFieldOrChild() { bicep_output_declaration_child(this, _, result) } - } - - /** A class representing `parameter` nodes. */ - class Parameter extends @bicep_parameter, AstNode { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "Parameter" } - - /** Gets the `i`th child of this node. */ - final AstNode getChild(int i) { bicep_parameter_child(this, i, result) } - - /** Gets a field or child node of this node. */ - final override AstNode getAFieldOrChild() { bicep_parameter_child(this, _, result) } - } - - /** A class representing `parameter_declaration` nodes. */ - class ParameterDeclaration extends @bicep_parameter_declaration, AstNode { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "ParameterDeclaration" } - - /** Gets the `i`th child of this node. */ - final AstNode getChild(int i) { bicep_parameter_declaration_child(this, i, result) } - - /** Gets a field or child node of this node. */ - final override AstNode getAFieldOrChild() { bicep_parameter_declaration_child(this, _, result) } - } - - /** A class representing `parameterized_type` nodes. */ - class ParameterizedType extends @bicep_parameterized_type, AstNode { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "ParameterizedType" } - - /** Gets the `i`th child of this node. */ - final AstNode getChild(int i) { bicep_parameterized_type_child(this, i, result) } - - /** Gets a field or child node of this node. */ - final override AstNode getAFieldOrChild() { bicep_parameterized_type_child(this, _, result) } - } - - /** A class representing `parameters` nodes. */ - class Parameters extends @bicep_parameters, AstNode { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "Parameters" } - - /** Gets the `i`th child of this node. */ - final Parameter getChild(int i) { bicep_parameters_child(this, i, result) } - - /** Gets a field or child node of this node. */ - final override AstNode getAFieldOrChild() { bicep_parameters_child(this, _, result) } - } - - /** A class representing `parenthesized_expression` nodes. */ - class ParenthesizedExpression extends @bicep_parenthesized_expression, AstNode { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "ParenthesizedExpression" } - - /** Gets the `i`th child of this node. */ - final Expression getChild(int i) { bicep_parenthesized_expression_child(this, i, result) } - - /** Gets a field or child node of this node. */ - final override AstNode getAFieldOrChild() { - bicep_parenthesized_expression_child(this, _, result) - } - } - - /** A class representing `parenthesized_type` nodes. */ - class ParenthesizedType extends @bicep_parenthesized_type, AstNode { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "ParenthesizedType" } - - /** Gets the child of this node. */ - final Type getChild() { bicep_parenthesized_type_def(this, result) } - - /** Gets a field or child node of this node. */ - final override AstNode getAFieldOrChild() { bicep_parenthesized_type_def(this, result) } - } - - class PrimaryExpression extends @bicep_primary_expression, AstNode { } - - /** A class representing `primitive_type` tokens. */ - class PrimitiveType extends @bicep_token_primitive_type, Token { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "PrimitiveType" } - } - - /** A class representing `property_identifier` tokens. */ - class PropertyIdentifier extends @bicep_token_property_identifier, Token { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "PropertyIdentifier" } - } - - /** A class representing `resource_declaration` nodes. */ - class ResourceDeclaration extends @bicep_resource_declaration, AstNode { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "ResourceDeclaration" } - - /** Gets the `i`th child of this node. */ - final AstNode getChild(int i) { bicep_resource_declaration_child(this, i, result) } - - /** Gets a field or child node of this node. */ - final override AstNode getAFieldOrChild() { bicep_resource_declaration_child(this, _, result) } - } - - /** A class representing `resource_expression` nodes. */ - class ResourceExpression extends @bicep_resource_expression, AstNode { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "ResourceExpression" } - - /** Gets the node corresponding to the field `object`. */ - final Expression getObject() { bicep_resource_expression_def(this, result, _) } - - /** Gets the node corresponding to the field `resource`. */ - final Identifier getResource() { bicep_resource_expression_def(this, _, result) } - - /** Gets a field or child node of this node. */ - final override AstNode getAFieldOrChild() { - bicep_resource_expression_def(this, result, _) or - bicep_resource_expression_def(this, _, result) - } - } - - class Statement extends @bicep_statement, AstNode { } - - /** A class representing `string` nodes. */ - class String extends @bicep_string__, AstNode { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "String" } - - /** Gets the `i`th child of this node. */ - final AstNode getChild(int i) { bicep_string_child(this, i, result) } - - /** Gets a field or child node of this node. */ - final override AstNode getAFieldOrChild() { bicep_string_child(this, _, result) } - } - - /** A class representing `string_content` tokens. */ - class StringContent extends @bicep_token_string_content, Token { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "StringContent" } - } - - /** A class representing `subscript_expression` nodes. */ - class SubscriptExpression extends @bicep_subscript_expression, AstNode { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "SubscriptExpression" } - - /** Gets the node corresponding to the field `index`. */ - final Expression getIndex() { bicep_subscript_expression_def(this, result, _) } - - /** Gets the node corresponding to the field `object`. */ - final Expression getObject() { bicep_subscript_expression_def(this, _, result) } - - /** Gets a field or child node of this node. */ - final override AstNode getAFieldOrChild() { - bicep_subscript_expression_def(this, result, _) or - bicep_subscript_expression_def(this, _, result) - } - } - - /** A class representing `target_scope_assignment` nodes. */ - class TargetScopeAssignment extends @bicep_target_scope_assignment, AstNode { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "TargetScopeAssignment" } - - /** Gets the child of this node. */ - final String getChild() { bicep_target_scope_assignment_def(this, result) } - - /** Gets a field or child node of this node. */ - final override AstNode getAFieldOrChild() { bicep_target_scope_assignment_def(this, result) } - } - - /** A class representing `ternary_expression` nodes. */ - class TernaryExpression extends @bicep_ternary_expression, AstNode { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "TernaryExpression" } - - /** Gets the node corresponding to the field `alternative`. */ - final Expression getAlternative() { bicep_ternary_expression_def(this, result, _, _) } - - /** Gets the node corresponding to the field `condition`. */ - final Expression getCondition() { bicep_ternary_expression_def(this, _, result, _) } - - /** Gets the node corresponding to the field `consequence`. */ - final Expression getConsequence() { bicep_ternary_expression_def(this, _, _, result) } - - /** Gets a field or child node of this node. */ - final override AstNode getAFieldOrChild() { - bicep_ternary_expression_def(this, result, _, _) or - bicep_ternary_expression_def(this, _, result, _) or - bicep_ternary_expression_def(this, _, _, result) - } - } - - /** A class representing `test_block` nodes. */ - class TestBlock extends @bicep_test_block, AstNode { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "TestBlock" } - - /** Gets the `i`th child of this node. */ - final AstNode getChild(int i) { bicep_test_block_child(this, i, result) } - - /** Gets a field or child node of this node. */ - final override AstNode getAFieldOrChild() { bicep_test_block_child(this, _, result) } - } - - /** A class representing `type` nodes. */ - class Type extends @bicep_type__, AstNode { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "Type" } - - /** Gets the child of this node. */ - final AstNode getChild() { bicep_type_def(this, result) } - - /** Gets a field or child node of this node. */ - final override AstNode getAFieldOrChild() { bicep_type_def(this, result) } - } - - /** A class representing `type_arguments` nodes. */ - class TypeArguments extends @bicep_type_arguments, AstNode { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "TypeArguments" } - - /** Gets the `i`th child of this node. */ - final String getChild(int i) { bicep_type_arguments_child(this, i, result) } - - /** Gets a field or child node of this node. */ - final override AstNode getAFieldOrChild() { bicep_type_arguments_child(this, _, result) } - } - - /** A class representing `type_declaration` nodes. */ - class TypeDeclaration extends @bicep_type_declaration, AstNode { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "TypeDeclaration" } - - /** Gets the `i`th child of this node. */ - final AstNode getChild(int i) { bicep_type_declaration_child(this, i, result) } - - /** Gets a field or child node of this node. */ - final override AstNode getAFieldOrChild() { bicep_type_declaration_child(this, _, result) } - } - - /** A class representing `unary_expression` nodes. */ - class UnaryExpression extends @bicep_unary_expression, AstNode { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "UnaryExpression" } - - /** Gets the node corresponding to the field `argument`. */ - final Expression getArgument() { bicep_unary_expression_def(this, result, _) } - - /** Gets the node corresponding to the field `operator`. */ - final string getOperator() { - exists(int value | bicep_unary_expression_def(this, _, value) | - result = "!" and value = 0 - or - result = "-" and value = 1 - ) - } - - /** Gets a field or child node of this node. */ - final override AstNode getAFieldOrChild() { bicep_unary_expression_def(this, result, _) } - } - - /** A class representing `union_type` nodes. */ - class UnionType extends @bicep_union_type, AstNode { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "UnionType" } - - /** Gets the `i`th child of this node. */ - final AstNode getChild(int i) { bicep_union_type_child(this, i, result) } - - /** Gets a field or child node of this node. */ - final override AstNode getAFieldOrChild() { bicep_union_type_child(this, _, result) } - } - - /** A class representing `user_defined_function` nodes. */ - class UserDefinedFunction extends @bicep_user_defined_function, AstNode { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "UserDefinedFunction" } - - /** Gets the node corresponding to the field `name`. */ - final Identifier getName() { bicep_user_defined_function_def(this, result, _) } - - /** Gets the node corresponding to the field `returns`. */ - final Type getReturns() { bicep_user_defined_function_def(this, _, result) } - - /** Gets the `i`th child of this node. */ - final AstNode getChild(int i) { bicep_user_defined_function_child(this, i, result) } - - /** Gets a field or child node of this node. */ - final override AstNode getAFieldOrChild() { - bicep_user_defined_function_def(this, result, _) or - bicep_user_defined_function_def(this, _, result) or - bicep_user_defined_function_child(this, _, result) - } - } - - /** A class representing `using_statement` nodes. */ - class UsingStatement extends @bicep_using_statement, AstNode { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "UsingStatement" } - - /** Gets the child of this node. */ - final String getChild() { bicep_using_statement_def(this, result) } - - /** Gets a field or child node of this node. */ - final override AstNode getAFieldOrChild() { bicep_using_statement_def(this, result) } - } - - /** A class representing `variable_declaration` nodes. */ - class VariableDeclaration extends @bicep_variable_declaration, AstNode { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "VariableDeclaration" } - - /** Gets the `i`th child of this node. */ - final AstNode getChild(int i) { bicep_variable_declaration_child(this, i, result) } - - /** Gets a field or child node of this node. */ - final override AstNode getAFieldOrChild() { bicep_variable_declaration_child(this, _, result) } - } -} diff --git a/ql/lib/codeql/iac/azure/Bicep.qll b/ql/lib/codeql/iac/azure/Bicep.qll deleted file mode 100644 index b292a7c..0000000 --- a/ql/lib/codeql/iac/azure/Bicep.qll +++ /dev/null @@ -1,10 +0,0 @@ -private import codeql.files.FileSystem - -module Bicep { - /** - * All extracted Bicep files. - */ - class BicepFile extends File { - BicepFile() { this.getExtension() = "bicep" } - } -} diff --git a/ql/lib/iac.dbscheme b/ql/lib/iac.dbscheme index e360fad..ac0194d 100644 --- a/ql/lib/iac.dbscheme +++ b/ql/lib/iac.dbscheme @@ -36,6 +36,12 @@ containerparent( unique int child: @container ref ); +/*- Empty location -*/ + +empty_location( + int location: @location_default ref +); + /*- Source location prefix -*/ /** @@ -943,569 +949,3 @@ dockerfile_ast_node_parent( int parent_index: int ref ); -/*- BICEP dbscheme -*/ -#keyset[bicep_arguments, index] -bicep_arguments_child( - int bicep_arguments: @bicep_arguments ref, - int index: int ref, - unique int child: @bicep_expression ref -); - -bicep_arguments_def( - unique int id: @bicep_arguments -); - -@bicep_array_child_type = @bicep_decorators | @bicep_expression - -#keyset[bicep_array, index] -bicep_array_child( - int bicep_array: @bicep_array ref, - int index: int ref, - unique int child: @bicep_array_child_type ref -); - -bicep_array_def( - unique int id: @bicep_array -); - -bicep_array_type_def( - unique int id: @bicep_array_type, - int child: @bicep_type__ ref -); - -bicep_assert_statement_def( - unique int id: @bicep_assert_statement, - int name: @bicep_token_identifier ref, - int child: @bicep_expression ref -); - -@bicep_assignment_expression_left_type = @bicep_member_expression | @bicep_parenthesized_expression | @bicep_resource_expression | @bicep_subscript_expression | @bicep_token_identifier - -bicep_assignment_expression_def( - unique int id: @bicep_assignment_expression, - int left: @bicep_assignment_expression_left_type ref, - int right: @bicep_expression ref -); - -case @bicep_binary_expression.operator of - 0 = @bicep_binary_expression_bangequal -| 1 = @bicep_binary_expression_bangtilde -| 2 = @bicep_binary_expression_percent -| 3 = @bicep_binary_expression_ampersandampersand -| 4 = @bicep_binary_expression_star -| 5 = @bicep_binary_expression_plus -| 6 = @bicep_binary_expression_minus -| 7 = @bicep_binary_expression_slash -| 8 = @bicep_binary_expression_langle -| 9 = @bicep_binary_expression_langleequal -| 10 = @bicep_binary_expression_equalequal -| 11 = @bicep_binary_expression_equaltilde -| 12 = @bicep_binary_expression_rangle -| 13 = @bicep_binary_expression_rangleequal -| 14 = @bicep_binary_expression_questionquestion -| 15 = @bicep_binary_expression_pipe -| 16 = @bicep_binary_expression_pipepipe -; - - -bicep_binary_expression_def( - unique int id: @bicep_binary_expression, - int left: @bicep_expression ref, - int operator: int ref, - int right: @bicep_expression ref -); - -bicep_call_expression_child( - unique int bicep_call_expression: @bicep_call_expression ref, - unique int child: @bicep_token_nullable_return_type ref -); - -bicep_call_expression_def( - unique int id: @bicep_call_expression, - int arguments: @bicep_arguments ref, - int function: @bicep_expression ref -); - -bicep_compatible_identifier_def( - unique int id: @bicep_compatible_identifier, - int child: @bicep_token_identifier ref -); - -@bicep_declaration = @bicep_assert_statement | @bicep_metadata_declaration | @bicep_module_declaration | @bicep_output_declaration | @bicep_parameter_declaration | @bicep_resource_declaration | @bicep_test_block | @bicep_type_declaration | @bicep_user_defined_function | @bicep_variable_declaration - -bicep_decorator_def( - unique int id: @bicep_decorator, - int child: @bicep_call_expression ref -); - -#keyset[bicep_decorators, index] -bicep_decorators_child( - int bicep_decorators: @bicep_decorators ref, - int index: int ref, - unique int child: @bicep_decorator ref -); - -bicep_decorators_def( - unique int id: @bicep_decorators -); - -@bicep_expression = @bicep_assignment_expression | @bicep_binary_expression | @bicep_lambda_expression | @bicep_primary_expression | @bicep_ternary_expression | @bicep_unary_expression - -@bicep_for_loop_parameters_child_type = @bicep_token_loop_enumerator | @bicep_token_loop_variable - -#keyset[bicep_for_loop_parameters, index] -bicep_for_loop_parameters_child( - int bicep_for_loop_parameters: @bicep_for_loop_parameters ref, - int index: int ref, - unique int child: @bicep_for_loop_parameters_child_type ref -); - -bicep_for_loop_parameters_def( - unique int id: @bicep_for_loop_parameters -); - -@bicep_for_statement_body_type = @bicep_expression | @bicep_if_statement - -bicep_for_statement_initializer( - unique int bicep_for_statement: @bicep_for_statement ref, - unique int initializer: @bicep_token_identifier ref -); - -@bicep_for_statement_child_type = @bicep_expression | @bicep_for_loop_parameters - -#keyset[bicep_for_statement, index] -bicep_for_statement_child( - int bicep_for_statement: @bicep_for_statement ref, - int index: int ref, - unique int child: @bicep_for_statement_child_type ref -); - -bicep_for_statement_def( - unique int id: @bicep_for_statement, - int body: @bicep_for_statement_body_type ref -); - -@bicep_if_statement_child_type = @bicep_object | @bicep_parenthesized_expression - -#keyset[bicep_if_statement, index] -bicep_if_statement_child( - int bicep_if_statement: @bicep_if_statement ref, - int index: int ref, - unique int child: @bicep_if_statement_child_type ref -); - -bicep_if_statement_def( - unique int id: @bicep_if_statement -); - -@bicep_import_functionality_child_type = @bicep_string__ | @bicep_token_identifier - -#keyset[bicep_import_functionality, index] -bicep_import_functionality_child( - int bicep_import_functionality: @bicep_import_functionality ref, - int index: int ref, - unique int child: @bicep_import_functionality_child_type ref -); - -bicep_import_functionality_def( - unique int id: @bicep_import_functionality -); - -@bicep_import_statement_child_type = @bicep_string__ | @bicep_token_identifier - -#keyset[bicep_import_statement, index] -bicep_import_statement_child( - int bicep_import_statement: @bicep_import_statement ref, - int index: int ref, - unique int child: @bicep_import_statement_child_type ref -); - -bicep_import_statement_def( - unique int id: @bicep_import_statement -); - -@bicep_import_with_statement_child_type = @bicep_expression | @bicep_string__ | @bicep_token_identifier - -#keyset[bicep_import_with_statement, index] -bicep_import_with_statement_child( - int bicep_import_with_statement: @bicep_import_with_statement ref, - int index: int ref, - unique int child: @bicep_import_with_statement_child_type ref -); - -bicep_import_with_statement_def( - unique int id: @bicep_import_with_statement -); - -#keyset[bicep_infrastructure, index] -bicep_infrastructure_child( - int bicep_infrastructure: @bicep_infrastructure ref, - int index: int ref, - unique int child: @bicep_statement ref -); - -bicep_infrastructure_def( - unique int id: @bicep_infrastructure -); - -bicep_interpolation_def( - unique int id: @bicep_interpolation, - int child: @bicep_expression ref -); - -#keyset[bicep_lambda_expression, index] -bicep_lambda_expression_child( - int bicep_lambda_expression: @bicep_lambda_expression ref, - int index: int ref, - unique int child: @bicep_expression ref -); - -bicep_lambda_expression_def( - unique int id: @bicep_lambda_expression -); - -@bicep_member_expression_object_type = @bicep_expression | @bicep_parameterized_type - -bicep_member_expression_def( - unique int id: @bicep_member_expression, - int object: @bicep_member_expression_object_type ref, - int property: @bicep_token_property_identifier ref -); - -@bicep_metadata_declaration_child_type = @bicep_expression | @bicep_token_identifier - -#keyset[bicep_metadata_declaration, index] -bicep_metadata_declaration_child( - int bicep_metadata_declaration: @bicep_metadata_declaration ref, - int index: int ref, - unique int child: @bicep_metadata_declaration_child_type ref -); - -bicep_metadata_declaration_def( - unique int id: @bicep_metadata_declaration -); - -@bicep_module_declaration_child_type = @bicep_for_statement | @bicep_if_statement | @bicep_object | @bicep_string__ | @bicep_token_identifier - -#keyset[bicep_module_declaration, index] -bicep_module_declaration_child( - int bicep_module_declaration: @bicep_module_declaration ref, - int index: int ref, - unique int child: @bicep_module_declaration_child_type ref -); - -bicep_module_declaration_def( - unique int id: @bicep_module_declaration -); - -bicep_negated_type_def( - unique int id: @bicep_negated_type, - int child: @bicep_type__ ref -); - -@bicep_nullable_type_child_type = @bicep_array_type | @bicep_expression | @bicep_parenthesized_type | @bicep_token_primitive_type - -bicep_nullable_type_def( - unique int id: @bicep_nullable_type, - int child: @bicep_nullable_type_child_type ref -); - -@bicep_object_child_type = @bicep_decorators | @bicep_object_property - -#keyset[bicep_object, index] -bicep_object_child( - int bicep_object: @bicep_object ref, - int index: int ref, - unique int child: @bicep_object_child_type ref -); - -bicep_object_def( - unique int id: @bicep_object -); - -@bicep_object_property_child_type = @bicep_array_type | @bicep_compatible_identifier | @bicep_expression | @bicep_nullable_type | @bicep_parameterized_type | @bicep_resource_declaration | @bicep_string__ | @bicep_token_identifier | @bicep_token_primitive_type | @bicep_union_type - -#keyset[bicep_object_property, index] -bicep_object_property_child( - int bicep_object_property: @bicep_object_property ref, - int index: int ref, - unique int child: @bicep_object_property_child_type ref -); - -bicep_object_property_def( - unique int id: @bicep_object_property -); - -@bicep_output_declaration_child_type = @bicep_expression | @bicep_token_identifier | @bicep_type__ - -#keyset[bicep_output_declaration, index] -bicep_output_declaration_child( - int bicep_output_declaration: @bicep_output_declaration ref, - int index: int ref, - unique int child: @bicep_output_declaration_child_type ref -); - -bicep_output_declaration_def( - unique int id: @bicep_output_declaration -); - -@bicep_parameter_child_type = @bicep_token_identifier | @bicep_type__ - -#keyset[bicep_parameter, index] -bicep_parameter_child( - int bicep_parameter: @bicep_parameter ref, - int index: int ref, - unique int child: @bicep_parameter_child_type ref -); - -bicep_parameter_def( - unique int id: @bicep_parameter -); - -@bicep_parameter_declaration_child_type = @bicep_expression | @bicep_token_identifier | @bicep_type__ - -#keyset[bicep_parameter_declaration, index] -bicep_parameter_declaration_child( - int bicep_parameter_declaration: @bicep_parameter_declaration ref, - int index: int ref, - unique int child: @bicep_parameter_declaration_child_type ref -); - -bicep_parameter_declaration_def( - unique int id: @bicep_parameter_declaration -); - -@bicep_parameterized_type_child_type = @bicep_token_identifier | @bicep_type_arguments - -#keyset[bicep_parameterized_type, index] -bicep_parameterized_type_child( - int bicep_parameterized_type: @bicep_parameterized_type ref, - int index: int ref, - unique int child: @bicep_parameterized_type_child_type ref -); - -bicep_parameterized_type_def( - unique int id: @bicep_parameterized_type -); - -#keyset[bicep_parameters, index] -bicep_parameters_child( - int bicep_parameters: @bicep_parameters ref, - int index: int ref, - unique int child: @bicep_parameter ref -); - -bicep_parameters_def( - unique int id: @bicep_parameters -); - -#keyset[bicep_parenthesized_expression, index] -bicep_parenthesized_expression_child( - int bicep_parenthesized_expression: @bicep_parenthesized_expression ref, - int index: int ref, - unique int child: @bicep_expression ref -); - -bicep_parenthesized_expression_def( - unique int id: @bicep_parenthesized_expression -); - -bicep_parenthesized_type_def( - unique int id: @bicep_parenthesized_type, - int child: @bicep_type__ ref -); - -@bicep_primary_expression = @bicep_array | @bicep_call_expression | @bicep_for_statement | @bicep_member_expression | @bicep_object | @bicep_parenthesized_expression | @bicep_resource_expression | @bicep_string__ | @bicep_subscript_expression | @bicep_token_boolean | @bicep_token_identifier | @bicep_token_null | @bicep_token_number - -@bicep_resource_declaration_child_type = @bicep_for_statement | @bicep_if_statement | @bicep_object | @bicep_string__ | @bicep_token_identifier - -#keyset[bicep_resource_declaration, index] -bicep_resource_declaration_child( - int bicep_resource_declaration: @bicep_resource_declaration ref, - int index: int ref, - unique int child: @bicep_resource_declaration_child_type ref -); - -bicep_resource_declaration_def( - unique int id: @bicep_resource_declaration -); - -bicep_resource_expression_def( - unique int id: @bicep_resource_expression, - int object: @bicep_expression ref, - int resource: @bicep_token_identifier ref -); - -@bicep_statement = @bicep_declaration | @bicep_decorators | @bicep_import_functionality | @bicep_import_statement | @bicep_import_with_statement | @bicep_target_scope_assignment | @bicep_using_statement - -@bicep_string_child_type = @bicep_interpolation | @bicep_token_escape_sequence | @bicep_token_string_content - -#keyset[bicep_string__, index] -bicep_string_child( - int bicep_string__: @bicep_string__ ref, - int index: int ref, - unique int child: @bicep_string_child_type ref -); - -bicep_string_def( - unique int id: @bicep_string__ -); - -bicep_subscript_expression_def( - unique int id: @bicep_subscript_expression, - int index: @bicep_expression ref, - int object: @bicep_expression ref -); - -bicep_target_scope_assignment_def( - unique int id: @bicep_target_scope_assignment, - int child: @bicep_string__ ref -); - -bicep_ternary_expression_def( - unique int id: @bicep_ternary_expression, - int alternative: @bicep_expression ref, - int condition: @bicep_expression ref, - int consequence: @bicep_expression ref -); - -@bicep_test_block_child_type = @bicep_object | @bicep_string__ | @bicep_token_identifier - -#keyset[bicep_test_block, index] -bicep_test_block_child( - int bicep_test_block: @bicep_test_block ref, - int index: int ref, - unique int child: @bicep_test_block_child_type ref -); - -bicep_test_block_def( - unique int id: @bicep_test_block -); - -@bicep_type_child_type = @bicep_array_type | @bicep_member_expression | @bicep_negated_type | @bicep_nullable_type | @bicep_object | @bicep_parameterized_type | @bicep_parenthesized_type | @bicep_string__ | @bicep_token_boolean | @bicep_token_identifier | @bicep_token_null | @bicep_token_number | @bicep_token_primitive_type | @bicep_union_type - -bicep_type_def( - unique int id: @bicep_type__, - int child: @bicep_type_child_type ref -); - -#keyset[bicep_type_arguments, index] -bicep_type_arguments_child( - int bicep_type_arguments: @bicep_type_arguments ref, - int index: int ref, - unique int child: @bicep_string__ ref -); - -bicep_type_arguments_def( - unique int id: @bicep_type_arguments -); - -@bicep_type_declaration_child_type = @bicep_array_type | @bicep_expression | @bicep_nullable_type | @bicep_parameterized_type | @bicep_token_identifier | @bicep_union_type - -#keyset[bicep_type_declaration, index] -bicep_type_declaration_child( - int bicep_type_declaration: @bicep_type_declaration ref, - int index: int ref, - unique int child: @bicep_type_declaration_child_type ref -); - -bicep_type_declaration_def( - unique int id: @bicep_type_declaration -); - -case @bicep_unary_expression.operator of - 0 = @bicep_unary_expression_bang -| 1 = @bicep_unary_expression_minus -; - - -bicep_unary_expression_def( - unique int id: @bicep_unary_expression, - int argument: @bicep_expression ref, - int operator: int ref -); - -@bicep_union_type_child_type = @bicep_array_type | @bicep_expression | @bicep_member_expression | @bicep_negated_type | @bicep_nullable_type | @bicep_object | @bicep_parameterized_type | @bicep_parenthesized_type | @bicep_string__ | @bicep_token_boolean | @bicep_token_identifier | @bicep_token_null | @bicep_token_number | @bicep_token_primitive_type - -#keyset[bicep_union_type, index] -bicep_union_type_child( - int bicep_union_type: @bicep_union_type ref, - int index: int ref, - unique int child: @bicep_union_type_child_type ref -); - -bicep_union_type_def( - unique int id: @bicep_union_type -); - -@bicep_user_defined_function_child_type = @bicep_expression | @bicep_parameters - -#keyset[bicep_user_defined_function, index] -bicep_user_defined_function_child( - int bicep_user_defined_function: @bicep_user_defined_function ref, - int index: int ref, - unique int child: @bicep_user_defined_function_child_type ref -); - -bicep_user_defined_function_def( - unique int id: @bicep_user_defined_function, - int name: @bicep_token_identifier ref, - int returns: @bicep_type__ ref -); - -bicep_using_statement_def( - unique int id: @bicep_using_statement, - int child: @bicep_string__ ref -); - -@bicep_variable_declaration_child_type = @bicep_expression | @bicep_token_identifier - -#keyset[bicep_variable_declaration, index] -bicep_variable_declaration_child( - int bicep_variable_declaration: @bicep_variable_declaration ref, - int index: int ref, - unique int child: @bicep_variable_declaration_child_type ref -); - -bicep_variable_declaration_def( - unique int id: @bicep_variable_declaration -); - -bicep_tokeninfo( - unique int id: @bicep_token, - int kind: int ref, - string value: string ref -); - -case @bicep_token.kind of - 0 = @bicep_reserved_word -| 1 = @bicep_token_boolean -| 2 = @bicep_token_comment -| 3 = @bicep_token_diagnostic_comment -| 4 = @bicep_token_escape_sequence -| 5 = @bicep_token_identifier -| 6 = @bicep_token_loop_enumerator -| 7 = @bicep_token_loop_variable -| 8 = @bicep_token_null -| 9 = @bicep_token_nullable_return_type -| 10 = @bicep_token_number -| 11 = @bicep_token_primitive_type -| 12 = @bicep_token_property_identifier -| 13 = @bicep_token_string_content -; - - -@bicep_ast_node = @bicep_arguments | @bicep_array | @bicep_array_type | @bicep_assert_statement | @bicep_assignment_expression | @bicep_binary_expression | @bicep_call_expression | @bicep_compatible_identifier | @bicep_decorator | @bicep_decorators | @bicep_for_loop_parameters | @bicep_for_statement | @bicep_if_statement | @bicep_import_functionality | @bicep_import_statement | @bicep_import_with_statement | @bicep_infrastructure | @bicep_interpolation | @bicep_lambda_expression | @bicep_member_expression | @bicep_metadata_declaration | @bicep_module_declaration | @bicep_negated_type | @bicep_nullable_type | @bicep_object | @bicep_object_property | @bicep_output_declaration | @bicep_parameter | @bicep_parameter_declaration | @bicep_parameterized_type | @bicep_parameters | @bicep_parenthesized_expression | @bicep_parenthesized_type | @bicep_resource_declaration | @bicep_resource_expression | @bicep_string__ | @bicep_subscript_expression | @bicep_target_scope_assignment | @bicep_ternary_expression | @bicep_test_block | @bicep_token | @bicep_type__ | @bicep_type_arguments | @bicep_type_declaration | @bicep_unary_expression | @bicep_union_type | @bicep_user_defined_function | @bicep_using_statement | @bicep_variable_declaration - -bicep_ast_node_location( - unique int node: @bicep_ast_node ref, - int loc: @location_default ref -); - -#keyset[parent, parent_index] -bicep_ast_node_parent( - unique int node: @bicep_ast_node ref, - int parent: @bicep_ast_node ref, - int parent_index: int ref -); - diff --git a/ql/lib/iac.qll b/ql/lib/iac.qll index 7031af1..70bc488 100644 --- a/ql/lib/iac.qll +++ b/ql/lib/iac.qll @@ -5,7 +5,6 @@ import codeql.iac.Dependencies import codeql.iac.actions.Actions // Azure import codeql.iac.azure.ARM -import codeql.iac.azure.Bicep import codeql.iac.azure.Pipelines // AWS import codeql.iac.aws.CloudFormation diff --git a/ql/lib/qlpack.yml b/ql/lib/qlpack.yml index 33360e9..ba0dc63 100644 --- a/ql/lib/qlpack.yml +++ b/ql/lib/qlpack.yml @@ -4,8 +4,8 @@ warnOnImplicitThis: false name: advanced-security/iac-all version: 0.4.1 dependencies: - codeql/util: ^0.1.2 - codeql/yaml: ^0.1.2 + codeql/util: ^1.0.12 + codeql/yaml: ^1.0.25 dbscheme: iac.dbscheme extractor: iac upgrades: upgrades diff --git a/ql/src/codeql-pack.lock.yml b/ql/src/codeql-pack.lock.yml index 87cfce3..69ce09b 100644 --- a/ql/src/codeql-pack.lock.yml +++ b/ql/src/codeql-pack.lock.yml @@ -2,7 +2,7 @@ lockVersion: 1.0.0 dependencies: codeql/util: - version: 0.1.2 + version: 1.0.12 codeql/yaml: - version: 0.1.5 + version: 1.0.25 compiled: false diff --git a/ql/src/security/Bicep/Storage/PublicAccess.md b/ql/src/security/Bicep/Storage/PublicAccess.md deleted file mode 100644 index d652455..0000000 --- a/ql/src/security/Bicep/Storage/PublicAccess.md +++ /dev/null @@ -1,27 +0,0 @@ -# Azure Blob Container Public Access - -When using a Bicep template to create a storage account, you can specify the public access level for the blob container. The default value is set to `None` which means that the container is private and can only be accessed by the storage account owner. The other options are `Blob` and `Container` which allow anonymous read access to the blob or container respectively. - -## Examples - -### Bad Example - -```bicep -resource containers 'Microsoft.Storage/storageAccounts/blobServices/containers@2019-06-01' = { - name: 'insecure' - properties: { - publicAccess: 'Blob' - } -} -``` - -### Good Example - -```bicep -resource containers 'Microsoft.Storage/storageAccounts/blobServices/containers@2019-06-01' = { - name: 'secure' - properties: { - publicAccess: 'None' - } -} -``` diff --git a/ql/src/security/Bicep/Storage/PublicAccess.ql b/ql/src/security/Bicep/Storage/PublicAccess.ql deleted file mode 100644 index 8039525..0000000 --- a/ql/src/security/Bicep/Storage/PublicAccess.ql +++ /dev/null @@ -1,19 +0,0 @@ -/** - * @name Azure Blob Container Public Access - * @description Azure Blob Container Public Access - * @kind problem - * @problem.severity error - * @security-severity 10.0 - * @precision high - * @id bicep/azure/storage-publicly-accessible - * @tags security - * bicep - * azure - * storage - */ - -import bicep - -from Storage::BlobServiceContainers container -where container.getPublicAccess() = ["Blob", "Container"] -select container, "Public Blob Container resource." diff --git a/ql/src/security/Bicep/Storage/SupportHttpTraffic.ql b/ql/src/security/Bicep/Storage/SupportHttpTraffic.ql deleted file mode 100644 index 68ddf9f..0000000 --- a/ql/src/security/Bicep/Storage/SupportHttpTraffic.ql +++ /dev/null @@ -1,20 +0,0 @@ -/** - * @name Supports non-HTTPS traffic for storage accounts - * @description Supports non-HTTPS traffic for storage accounts - * @kind problem - * @severity warning - * @security-severity 9.0 - * @precision very-high - * @id bicep/azure/storage-tls-disabled - * @tags security - * bicep - * azure - * storage - */ - -import bicep - -from Storage::StorageAccountsProperties properties -where properties.getSupportsHttpsTrafficOnly() = false -select properties.getProperty("supportsHttpsTrafficOnly"), - "Supports non-HTTPS traffic for storage accounts." diff --git a/ql/test/codeql-pack.lock.yml b/ql/test/codeql-pack.lock.yml index 87cfce3..69ce09b 100644 --- a/ql/test/codeql-pack.lock.yml +++ b/ql/test/codeql-pack.lock.yml @@ -2,7 +2,7 @@ lockVersion: 1.0.0 dependencies: codeql/util: - version: 0.1.2 + version: 1.0.12 codeql/yaml: - version: 0.1.5 + version: 1.0.25 compiled: false diff --git a/ql/test/library-tests/bicep/ast/AST.expected b/ql/test/library-tests/bicep/ast/AST.expected deleted file mode 100644 index cd0a3d5..0000000 --- a/ql/test/library-tests/bicep/ast/AST.expected +++ /dev/null @@ -1,107 +0,0 @@ -| sample.bicep:1:1:14:2 | Infrastructure | -| sample.bicep:1:7:1:14 | ??? | -| sample.bicep:1:7:1:14 | Expression | -| sample.bicep:1:7:1:14 | location | -| sample.bicep:1:25:1:37 | ??? | -| sample.bicep:1:25:1:37 | Expression | -| sample.bicep:1:25:1:37 | resourceGroup | -| sample.bicep:1:25:1:39 | ??? | -| sample.bicep:1:25:1:39 | CallExpr | -| sample.bicep:1:25:1:39 | Expression | -| sample.bicep:1:25:1:48 | ??? | -| sample.bicep:1:25:1:48 | Expression | -| sample.bicep:1:25:1:48 | MemberExpr | -| sample.bicep:1:41:1:48 | location | -| sample.bicep:2:7:2:24 | ??? | -| sample.bicep:2:7:2:24 | Expression | -| sample.bicep:2:7:2:24 | storageAccountName | -| sample.bicep:2:35:2:80 | ??? | -| sample.bicep:2:35:2:80 | Expression | -| sample.bicep:2:35:2:80 | toylaunch | -| sample.bicep:2:36:2:44 | toylaunch | -| sample.bicep:2:47:2:58 | ??? | -| sample.bicep:2:47:2:58 | Expression | -| sample.bicep:2:47:2:58 | uniqueString | -| sample.bicep:2:47:2:78 | ??? | -| sample.bicep:2:47:2:78 | CallExpr | -| sample.bicep:2:47:2:78 | Expression | -| sample.bicep:2:60:2:72 | ??? | -| sample.bicep:2:60:2:72 | Expression | -| sample.bicep:2:60:2:72 | resourceGroup | -| sample.bicep:2:60:2:74 | ??? | -| sample.bicep:2:60:2:74 | CallExpr | -| sample.bicep:2:60:2:74 | Expression | -| sample.bicep:2:60:2:77 | ??? | -| sample.bicep:2:60:2:77 | Expression | -| sample.bicep:2:60:2:77 | MemberExpr | -| sample.bicep:2:76:2:77 | id | -| sample.bicep:4:1:14:1 | ResourceDeclaration | -| sample.bicep:4:10:4:23 | ??? | -| sample.bicep:4:10:4:23 | Expression | -| sample.bicep:4:10:4:23 | storageAccount | -| sample.bicep:4:25:4:70 | ??? | -| sample.bicep:4:25:4:70 | Expression | -| sample.bicep:4:25:4:70 | Microsoft.Storage/storageAccounts@2021-06-01 | -| sample.bicep:4:26:4:69 | Microsoft.Storage/storageAccounts@2021-06-01 | -| sample.bicep:4:74:14:1 | ??? | -| sample.bicep:4:74:14:1 | Expression | -| sample.bicep:4:74:14:1 | Object | -| sample.bicep:5:3:5:6 | ??? | -| sample.bicep:5:3:5:6 | Expression | -| sample.bicep:5:3:5:6 | name | -| sample.bicep:5:3:5:26 | name = Expression | -| sample.bicep:5:3:5:26 | name = storageAccountName | -| sample.bicep:5:9:5:26 | ??? | -| sample.bicep:5:9:5:26 | Expression | -| sample.bicep:5:9:5:26 | storageAccountName | -| sample.bicep:6:3:6:10 | ??? | -| sample.bicep:6:3:6:10 | Expression | -| sample.bicep:6:3:6:10 | location | -| sample.bicep:6:3:6:20 | location = Expression | -| sample.bicep:6:3:6:20 | location = location | -| sample.bicep:6:13:6:20 | ??? | -| sample.bicep:6:13:6:20 | Expression | -| sample.bicep:6:13:6:20 | location | -| sample.bicep:7:3:7:5 | ??? | -| sample.bicep:7:3:7:5 | Expression | -| sample.bicep:7:3:7:5 | sku | -| sample.bicep:7:3:9:3 | sku = Expression | -| sample.bicep:7:3:9:3 | sku = Object | -| sample.bicep:7:8:9:3 | ??? | -| sample.bicep:7:8:9:3 | Expression | -| sample.bicep:7:8:9:3 | Object | -| sample.bicep:8:5:8:8 | ??? | -| sample.bicep:8:5:8:8 | Expression | -| sample.bicep:8:5:8:8 | name | -| sample.bicep:8:5:8:24 | name = Expression | -| sample.bicep:8:5:8:24 | name = Standard_LRS | -| sample.bicep:8:11:8:24 | ??? | -| sample.bicep:8:11:8:24 | Expression | -| sample.bicep:8:11:8:24 | Standard_LRS | -| sample.bicep:8:12:8:23 | Standard_LRS | -| sample.bicep:10:3:10:6 | ??? | -| sample.bicep:10:3:10:6 | Expression | -| sample.bicep:10:3:10:6 | kind | -| sample.bicep:10:3:10:19 | kind = Expression | -| sample.bicep:10:3:10:19 | kind = StorageV2 | -| sample.bicep:10:9:10:19 | ??? | -| sample.bicep:10:9:10:19 | Expression | -| sample.bicep:10:9:10:19 | StorageV2 | -| sample.bicep:10:10:10:18 | StorageV2 | -| sample.bicep:11:3:11:12 | ??? | -| sample.bicep:11:3:11:12 | Expression | -| sample.bicep:11:3:11:12 | properties | -| sample.bicep:11:3:13:3 | properties = Expression | -| sample.bicep:11:3:13:3 | properties = Object | -| sample.bicep:11:15:13:3 | ??? | -| sample.bicep:11:15:13:3 | Expression | -| sample.bicep:11:15:13:3 | Object | -| sample.bicep:12:5:12:14 | ??? | -| sample.bicep:12:5:12:14 | Expression | -| sample.bicep:12:5:12:14 | accessTier | -| sample.bicep:12:5:12:21 | accessTier = Expression | -| sample.bicep:12:5:12:21 | accessTier = Hot | -| sample.bicep:12:17:12:21 | ??? | -| sample.bicep:12:17:12:21 | Expression | -| sample.bicep:12:17:12:21 | Hot | -| sample.bicep:12:18:12:20 | Hot | diff --git a/ql/test/library-tests/bicep/ast/AST.ql b/ql/test/library-tests/bicep/ast/AST.ql deleted file mode 100644 index 7c6d206..0000000 --- a/ql/test/library-tests/bicep/ast/AST.ql +++ /dev/null @@ -1,3 +0,0 @@ -private import codeql.iac.ast.Bicep - -query predicate ast(BicepAstNode ast) { any() } diff --git a/ql/test/library-tests/bicep/ast/sample.bicep b/ql/test/library-tests/bicep/ast/sample.bicep deleted file mode 100644 index ca9508e..0000000 --- a/ql/test/library-tests/bicep/ast/sample.bicep +++ /dev/null @@ -1,14 +0,0 @@ -param location string = resourceGroup().location -param storageAccountName string = 'toylaunch${uniqueString(resourceGroup().id)}' - -resource storageAccount 'Microsoft.Storage/storageAccounts@2021-06-01' = { - name: storageAccountName - location: location - sku: { - name: 'Standard_LRS' - } - kind: 'StorageV2' - properties: { - accessTier: 'Hot' - } -} diff --git a/ql/test/library-tests/bicep/resource/Resolve.expected b/ql/test/library-tests/bicep/resource/Resolve.expected deleted file mode 100644 index f4efa13..0000000 --- a/ql/test/library-tests/bicep/resource/Resolve.expected +++ /dev/null @@ -1,4 +0,0 @@ -resolveIdentifier -| sample.bicep:1:1:3:1 | VirtualNetworks Resource | sample.bicep:5:1:8:1 | ResourceDeclaration | -resolveResource -| sample.bicep:15:1:28:1 | VirtualMachines Resource | sample.bicep:10:1:13:1 | NetworkInterfaces Resource | diff --git a/ql/test/library-tests/bicep/resource/Resolve.ql b/ql/test/library-tests/bicep/resource/Resolve.ql deleted file mode 100644 index 0a8fcbf..0000000 --- a/ql/test/library-tests/bicep/resource/Resolve.ql +++ /dev/null @@ -1,9 +0,0 @@ -import bicep - -query predicate resolveIdentifier(Network::VirtualNetworks vn, Network::VirtualNetworkSubnets vns) { - vns.getParent() = vn -} - -query predicate resolveResource(Compute::VirtualMachines vm, Network::NetworkInterfaces ni) { - ni = vm.getNetworkInterfaces() -} diff --git a/ql/test/library-tests/bicep/resource/sample.bicep b/ql/test/library-tests/bicep/resource/sample.bicep deleted file mode 100644 index 2f5ba86..0000000 --- a/ql/test/library-tests/bicep/resource/sample.bicep +++ /dev/null @@ -1,28 +0,0 @@ -resource vnet 'Microsoft.Network/virtualNetworks@2021-02-01' = { - name: 'vnet' -} - -resource existingSubnet 'Microsoft.Network/virtualNetworks/subnets@2021-02-01' = { - parent: vnet - name: 'subnet' -} - -resource nic 'Microsoft.Network/networkInterfaces@2021-05-01' = { - name: '${name}-nic-${env}' - location: location -} - -resource linuxVm 'Microsoft.Compute/virtualMachines@2020-06-01' = { - name: '${name}-linux-${env}' - location: location - - properties: { - networkProfile: { - networkInterfaces: [ - { - id: nic.id - } - ] - } - } -} diff --git a/rust-toolchain.toml b/rust-toolchain.toml index 7c6fd31..00e88ca 100644 --- a/rust-toolchain.toml +++ b/rust-toolchain.toml @@ -1,4 +1,4 @@ [toolchain] -channel = "1.75" +channel = "1.85" profile = "minimal" components = ["rustfmt"] diff --git a/scripts/create-extractor-pack.sh b/scripts/create-extractor-pack.sh index 8650e2a..023be27 100755 --- a/scripts/create-extractor-pack.sh +++ b/scripts/create-extractor-pack.sh @@ -22,6 +22,9 @@ else CODEQL_BINARY="gh codeql" fi +echo "Update submodules..." +git submodule update --init --recursive + cargo build --release cargo run --release --bin codeql-extractor-iac -- generate --dbscheme ql/lib/iac.dbscheme --library ql/lib/codeql/iac/ast/internal/TreeSitter.qll $CODEQL_BINARY query format -i ql/lib/codeql/iac/ast/internal/TreeSitter.qll