Merge branch 'main' into redsun82/pkg

Author: redsun82

.bazelrc

@@ -22,4 +22,6 @@ common --enable_runfiles
 common --registry=file:///%workspace%/misc/bazel/registry
 common --registry=https://bcr.bazel.build
 
+common --@rules_dotnet//dotnet/settings:strict_deps=false
+
 try-import %workspace%/local.bazelrc

.bazelrc.internal

@@ -2,3 +2,9 @@
 
 common --registry=file:///%workspace%/ql/misc/bazel/registry
 common --registry=https://bcr.bazel.build
+
+# See bazelbuild/rules_dotnet#413: strict_deps in C# also appliy to 3rd-party deps, and when we pull
+# in (for example) the xunit package, there's no code in this at all, it just depends transitively on
+# its implementation packages without providing any code itself.
+# We either can depend on internal implementation details, or turn of strict deps.
+common --@rules_dotnet//dotnet/settings:strict_deps=false

.gitattributes

@@ -78,6 +78,8 @@ ruby/extractor/cargo-bazel-lock.json -merge
 csharp/paket.lock linguist-generated=true
 # needs eol=crlf, as `paket` touches this file and saves it als crlf
 csharp/.paket/Paket.Restore.targets linguist-generated=true eol=crlf
+csharp/paket.main.bzl linguist-generated=true
+csharp/paket.main_extension.bzl linguist-generated=true
 
 # ripunzip tool
 /misc/bazel/internal/ripunzip/ripunzip-* filter=lfs diff=lfs merge=lfs -text

.github/workflows/build-ripunzip.yml

@@ -0,0 +1,74 @@
+name: Build runzip
+
+on:
+  workflow_dispatch:
+    inputs:
+      ripunzip-version:
+        description: "what reference to checktout from google/runzip"
+        required: false
+        default: v1.2.1
+      openssl-version:
+        description: "what reference to checkout from openssl/openssl for Linux"
+        required: false
+        default: openssl-3.3.0
+
+jobs:
+  build:
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-20.04, macos-12, windows-2019]
+    runs-on: ${{ matrix.os }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          repository: google/ripunzip
+          ref: ${{ inputs.ripunzip-version }}
+      # we need to avoid ripunzip dynamically linking into libssl
+      # see https://github.com/sfackler/rust-openssl/issues/183
+      - if: runner.os == 'Linux'
+        name: checkout openssl
+        uses: actions/checkout@v4
+        with:
+          repository: openssl/openssl
+          path: openssl
+          ref: ${{ inputs.openssl-version }}
+      - if: runner.os == 'Linux'
+        name: build and install openssl with fPIC
+        shell: bash
+        working-directory: openssl
+        run: |
+          ./config -fPIC --prefix=$HOME/.local --openssldir=$HOME/.local/ssl
+          make -j $(nproc)
+          make install_sw -j $(nproc)
+      - if: runner.os == 'Linux'
+        name: build (linux)
+        shell: bash
+        run: |
+          env OPENSSL_LIB_DIR=$HOME/.local/lib64 OPENSSL_INCLUDE_DIR=$HOME/.local/include OPENSSL_STATIC=yes cargo build --release
+          mv target/release/ripunzip ripunzip-linux
+      - if: runner.os == 'Windows'
+        name: build (windows)
+        shell: bash
+        run: |
+          cargo build --release
+          mv target/release/ripunzip ripunzip-windows
+      - name: build (macOS)
+        if: runner.os == 'macOS'
+        shell: bash
+        run: |
+          rustup target install x86_64-apple-darwin
+          rustup target install aarch64-apple-darwin
+          cargo build --target x86_64-apple-darwin --release
+          cargo build --target aarch64-apple-darwin --release
+          lipo -create -output ripunzip-macos \
+            -arch x86_64 target/x86_64-apple-darwin/release/ripunzip \
+            -arch arm64 target/aarch64-apple-darwin/release/ripunzip
+      - uses: actions/upload-artifact@v4
+        with:
+          name: ripunzip-${{ runner.os }}
+          path: ripunzip-*
+      - name: Check built binary
+        shell: bash
+        run: |
+          ./ripunzip-* --version

BUILD.bazel

@@ -0,0 +1 @@
+exports_files(["LICENSE"])

MODULE.bazel

@@ -23,9 +23,19 @@ bazel_dep(name = "abseil-cpp", version = "20240116.0", repo_name = "absl")
 bazel_dep(name = "nlohmann_json", version = "3.11.3", repo_name = "json")
 bazel_dep(name = "fmt", version = "10.0.0")
 bazel_dep(name = "gazelle", version = "0.36.0")
+bazel_dep(name = "rules_dotnet", version = "0.15.1")
 
 bazel_dep(name = "buildifier_prebuilt", version = "6.4.0", dev_dependency = True)
 
+dotnet = use_extension("@rules_dotnet//dotnet:extensions.bzl", "dotnet")
+dotnet.toolchain(dotnet_version = "8.0.101")
+use_repo(dotnet, "dotnet_toolchains")
+
+register_toolchains("@dotnet_toolchains//:all")
+
+csharp_main_extension = use_extension("//csharp:paket.main_extension.bzl", "main_extension")
+use_repo(csharp_main_extension, "paket.main")
+
 pip = use_extension("@rules_python//python/extensions:pip.bzl", "pip")
 pip.parse(
     hub_name = "codegen_deps",

config/identical-files.json

@@ -364,5 +364,9 @@
   "Python model summaries test extension": [
     "python/ql/test/library-tests/dataflow/model-summaries/InlineTaintTest.ext.yml",
     "python/ql/test/library-tests/dataflow/model-summaries/NormalDataflowTest.ext.yml"
+  ],
+  "shared tree-sitter extractor cargo.toml": [
+    "shared/tree-sitter-extractor/Cargo.toml",
+    "ruby/extractor/codeql-extractor-fake-crate/Cargo.toml"
   ]
 }

csharp/BUILD.bazel

@@ -1,3 +1,7 @@
+load("@rules_pkg//pkg:mappings.bzl", "pkg_filegroup", "pkg_files")
+load("@semmle_code//:dist.bzl", "dist")
+load("//misc/bazel:pkg.bzl", "codeql_pkg_files_overlay")
+
 package(default_visibility = ["//visibility:public"])
 
 alias(
@@ -9,3 +13,76 @@ alias(
     name = "dbscheme-stats",
     actual = "//csharp/ql/lib:dbscheme-stats",
 )
+
+pkg_files(
+    name = "dbscheme-group",
+    srcs = [
+        ":dbscheme",
+        ":dbscheme-stats",
+    ],
+    strip_prefix = None,
+)
+
+pkg_files(
+    name = "extractor-asp",
+    srcs = [
+        "@semmle_code//extractor-asp:extractor-asp-fat",
+    ],
+    prefix = "tools",
+    renames = {
+        "@semmle_code//extractor-asp:extractor-asp-fat": "extractor-asp.jar",
+    },
+)
+
+pkg_filegroup(
+    name = "db-files",
+    srcs = [
+        ":dbscheme-group",
+        "//csharp/downgrades",
+    ],
+)
+
+pkg_files(
+    name = "extra-files",
+    srcs = [
+        ":codeql-extractor.yml",
+        "//:LICENSE",
+    ],
+)
+
+codeql_pkg_files_overlay(
+    name = "extractor-arch-overlay",
+    srcs = [
+        "//csharp/autobuilder/Semmle.Autobuild.CSharp",
+        "//csharp/extractor/Semmle.Extraction.CSharp.Driver",
+        "//csharp/extractor/Semmle.Extraction.CSharp.Standalone",
+    ],
+)
+
+dist(
+    name = "extractor-arch",
+    srcs = [":extractor-arch-overlay"],
+)
+
+dist(
+    name = "extractor-generic",
+    srcs = [
+        ":dbscheme-group",
+        ":extra-files",
+        ":extractor-asp",
+        "//csharp/downgrades",
+        "//csharp/tools",
+    ],
+    prefix = "csharp",
+    visibility = ["//visibility:public"],
+)
+
+test_suite(
+    name = "unit-tests",
+    tags = ["csharp"],
+    tests = [
+        "//csharp/autobuilder/Semmle.Autobuild.CSharp.Tests",
+        "//csharp/autobuilder/Semmle.Autobuild.Cpp.Tests",
+        "//csharp/extractor/Semmle.Extraction.Tests",
+    ],
+)

csharp/autobuilder/Semmle.Autobuild.CSharp.Tests/BUILD.bazel

@@ -0,0 +1,18 @@
+load(
+    "//misc/bazel:csharp.bzl",
+    "codeql_xunit_test",
+)
+
+codeql_xunit_test(
+    name = "Semmle.Autobuild.CSharp.Tests",
+    srcs = glob([
+        "*.cs",
+        "Properties/*.cs",
+    ]),
+    deps = [
+        "//csharp/autobuilder/Semmle.Autobuild.CSharp:bin/Semmle.Autobuild.CSharp",
+        "//csharp/autobuilder/Semmle.Autobuild.Shared",
+        "@paket.main//microsoft.net.test.sdk",
+        "@paket.main//system.io.filesystem",
+    ],
+)

csharp/autobuilder/Semmle.Autobuild.CSharp.Tests/BuildScripts.cs

@@ -215,9 +215,9 @@ public void DownloadFile(string address, string fileName)
 
     internal class TestDiagnosticWriter : IDiagnosticsWriter
     {
-        public IList<DiagnosticMessage> Diagnostics { get; } = new List<DiagnosticMessage>();
+        public IList<Semmle.Util.DiagnosticMessage> Diagnostics { get; } = new List<Semmle.Util.DiagnosticMessage>();
 
-        public void AddEntry(DiagnosticMessage message) => this.Diagnostics.Add(message);
+        public void AddEntry(Semmle.Util.DiagnosticMessage message) => this.Diagnostics.Add(message);
 
         public void Dispose() { }
     }

csharp/autobuilder/Semmle.Autobuild.CSharp/BUILD.bazel

@@ -0,0 +1,22 @@
+load(
+    "//misc/bazel:csharp.bzl",
+    "codeql_csharp_binary",
+)
+
+codeql_csharp_binary(
+    name = "Semmle.Autobuild.CSharp",
+    srcs = glob([
+        "*.cs",
+        "Properties/*.cs",
+    ]),
+    visibility = ["//csharp:__subpackages__"],
+    deps = [
+        "//csharp/autobuilder/Semmle.Autobuild.Shared",
+        "//csharp/extractor/Semmle.Extraction.CSharp",
+        "//csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching",
+        "//csharp/extractor/Semmle.Extraction.CSharp.Standalone:bin/Semmle.Extraction.CSharp.Standalone",
+        "//csharp/extractor/Semmle.Util",
+        "@paket.main//microsoft.build",
+        "@paket.main//newtonsoft.json",
+    ],
+)

csharp/autobuilder/Semmle.Autobuild.Cpp.Tests/BUILD.bazel

@@ -0,0 +1,18 @@
+load(
+    "//misc/bazel:csharp.bzl",
+    "codeql_xunit_test",
+)
+
+codeql_xunit_test(
+    name = "Semmle.Autobuild.Cpp.Tests",
+    srcs = glob([
+        "*.cs",
+        "Properties/*.cs",
+    ]),
+    deps = [
+        "//csharp/autobuilder/Semmle.Autobuild.Cpp:bin/Semmle.Autobuild.Cpp",
+        "//csharp/autobuilder/Semmle.Autobuild.Shared",
+        "@paket.main//microsoft.net.test.sdk",
+        "@paket.main//system.io.filesystem",
+    ],
+)

csharp/autobuilder/Semmle.Autobuild.Cpp.Tests/BuildScripts.cs

@@ -200,9 +200,9 @@ public void DownloadFile(string address, string fileName)
 
     internal class TestDiagnosticWriter : IDiagnosticsWriter
     {
-        public IList<DiagnosticMessage> Diagnostics { get; } = new List<DiagnosticMessage>();
+        public IList<Semmle.Util.DiagnosticMessage> Diagnostics { get; } = new List<Semmle.Util.DiagnosticMessage>();
 
-        public void AddEntry(DiagnosticMessage message) => this.Diagnostics.Add(message);
+        public void AddEntry(Semmle.Util.DiagnosticMessage message) => this.Diagnostics.Add(message);
 
         public void Dispose() { }
     }

csharp/autobuilder/Semmle.Autobuild.Cpp/BUILD.bazel

@@ -0,0 +1,19 @@
+load(
+    "//misc/bazel:csharp.bzl",
+    "codeql_csharp_binary",
+)
+
+codeql_csharp_binary(
+    name = "Semmle.Autobuild.Cpp",
+    srcs = glob([
+        "*.cs",
+        "Properties/*.cs",
+    ]),
+    language_prefix = "cpp",
+    visibility = ["//visibility:public"],
+    deps = [
+        "//csharp/autobuilder/Semmle.Autobuild.Shared",
+        "//csharp/extractor/Semmle.Util",
+        "@paket.main//microsoft.build",
+    ],
+)

csharp/autobuilder/Semmle.Autobuild.Shared/BUILD.bazel

@@ -0,0 +1,17 @@
+load(
+    "//misc/bazel:csharp.bzl",
+    "codeql_csharp_library",
+)
+
+codeql_csharp_library(
+    name = "Semmle.Autobuild.Shared",
+    srcs = glob([
+        "*.cs",
+        "Properties/*.cs",
+    ]),
+    visibility = ["//visibility:public"],
+    deps = [
+        "//csharp/extractor/Semmle.Util",
+        "@paket.main//microsoft.build",
+    ],
+)

csharp/downgrades/BUILD.bazel

@@ -0,0 +1,12 @@
+load("@rules_pkg//:mappings.bzl", "pkg_files", "strip_prefix")
+
+pkg_files(
+    name = "downgrades",
+    srcs = glob(
+        ["**"],
+        exclude = ["BUILD.bazel"],
+    ),
+    prefix = "downgrades",
+    strip_prefix = strip_prefix.from_pkg(),
+    visibility = ["//csharp:__pkg__"],
+)

csharp/extractor/BUILD.bazel

@@ -0,0 +1,21 @@
+load(
+    "//misc/bazel:csharp.bzl",
+    "codeql_csharp_library",
+)
+
+codeql_csharp_library(
+    name = "Semmle.Extraction.CSharp.DependencyFetching",
+    srcs = glob([
+        "*.cs",
+        "Properties/*.cs",
+        "SourceGenerators/**/*.cs",
+    ]),
+    allow_unsafe_blocks = True,
+    internals_visible_to = ["Semmle.Extraction.Tests"],
+    nowarn = ["CA1822"],
+    visibility = ["//csharp:__subpackages__"],
+    deps = [
+        "//csharp/extractor/Semmle.Extraction",
+        "//csharp/extractor/Semmle.Util",
+    ],
+)

csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/BUILD.bazel

@@ -0,0 +1,18 @@
+load(
+    "//misc/bazel:csharp.bzl",
+    "codeql_csharp_binary",
+)
+
+codeql_csharp_binary(
+    name = "Semmle.Extraction.CSharp.DependencyStubGenerator",
+    srcs = glob([
+        "*.cs",
+        "Properties/*.cs",
+    ]),
+    visibility = ["//csharp:__pkg__"],
+    deps = [
+        "//csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching",
+        "//csharp/extractor/Semmle.Extraction.CSharp.StubGenerator",
+        "//csharp/extractor/Semmle.Util",
+    ],
+)