From 9722bc4032ac75627515c5440518b7de12f3b120 Mon Sep 17 00:00:00 2001 From: GeekMasher Date: Tue, 17 Jun 2025 19:58:45 +0100 Subject: [PATCH 1/4] feat(ast): Update and fix statements --- ql/lib/codeql/bicep/ast/Stmts.qll | 6 +++--- ql/lib/codeql/bicep/ast/internal/AstNodes.qll | 3 ++- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/ql/lib/codeql/bicep/ast/Stmts.qll b/ql/lib/codeql/bicep/ast/Stmts.qll index 07e5b99..685c833 100644 --- a/ql/lib/codeql/bicep/ast/Stmts.qll +++ b/ql/lib/codeql/bicep/ast/Stmts.qll @@ -75,7 +75,7 @@ class Infrastructure extends AstNode instanceof InfrastructureImpl { * Represents a parameter declaration node in the AST. * Provides access to the identifier, name, type, and default value of the parameter. */ -class ParameterDeclaration extends AstNode instanceof ParameterDeclarationImpl { +class ParameterDeclaration extends Stmts instanceof ParameterDeclarationImpl { /** Gets the identifier of the parameter declaration. */ Identifier getIdentifier() { result = ParameterDeclarationImpl.super.getName() } @@ -94,7 +94,7 @@ class ParameterDeclaration extends AstNode instanceof ParameterDeclarationImpl { * Represents an output declaration node in the AST. * Provides access to the identifier, name, type, and value of the output. */ -class OutputDeclaration extends AstNode instanceof OutputDeclarationImpl { +class OutputDeclaration extends Stmts instanceof OutputDeclarationImpl { /** Gets the identifier of the output declaration. */ Identifier getIdentifier() { result = OutputDeclarationImpl.super.getIdentifier() } @@ -112,7 +112,7 @@ class OutputDeclaration extends AstNode instanceof OutputDeclarationImpl { * Represents a user-defined function node in the AST. * Provides access to the identifier, name, return type, parameters, and body of the function. */ -class UserDefinedFunction extends AstNode instanceof UserDefinedFunctionImpl { +class UserDefinedFunction extends Stmts instanceof UserDefinedFunctionImpl { /** Gets the identifier of the user-defined function. */ Identifier getIdentifier() { result = UserDefinedFunctionImpl.super.getName() } diff --git a/ql/lib/codeql/bicep/ast/internal/AstNodes.qll b/ql/lib/codeql/bicep/ast/internal/AstNodes.qll index 6f6b6cc..01adc1b 100644 --- a/ql/lib/codeql/bicep/ast/internal/AstNodes.qll +++ b/ql/lib/codeql/bicep/ast/internal/AstNodes.qll @@ -88,7 +88,8 @@ class TIdents = TIdentifier or TPropertyIdentifier; */ class TStmts = TInfrastructure or TAssertStatement or TForStatement or TIfStatement or TImportStatement or - TImportWithStatement or TStatement or TUsingStatement or TVariableDeclaration; + TImportWithStatement or TStatement or TUsingStatement or TVariableDeclaration or + TParameterDeclaration or TOutputDeclaration or TUserDefinedFunction; /** * A expersion value in a Bicep program From b88a821d5a5f479204346e7d8bce63fdd7b16c5c Mon Sep 17 00:00:00 2001 From: GeekMasher Date: Tue, 17 Jun 2025 20:16:50 +0100 Subject: [PATCH 2/4] fix(ast): Update internal stmts --- ql/lib/codeql/bicep/ast/internal/OutputDeclaration.qll | 3 ++- ql/lib/codeql/bicep/ast/internal/ParameterDeclaration.qll | 3 ++- ql/lib/codeql/bicep/ast/internal/UserDefinedFunction.qll | 3 ++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ql/lib/codeql/bicep/ast/internal/OutputDeclaration.qll b/ql/lib/codeql/bicep/ast/internal/OutputDeclaration.qll index 2bdcb49..1113c61 100644 --- a/ql/lib/codeql/bicep/ast/internal/OutputDeclaration.qll +++ b/ql/lib/codeql/bicep/ast/internal/OutputDeclaration.qll @@ -6,6 +6,7 @@ private import AstNodes private import TreeSitter private import codeql.bicep.ast.AstNodes +private import Stmts private import Idents private import Expr private import Type @@ -13,7 +14,7 @@ private import Type /** * A OutputDeclaration AST Node. */ -class OutputDeclarationImpl extends TOutputDeclaration, AstNode { +class OutputDeclarationImpl extends TOutputDeclaration, StmtsImpl { private BICEP::OutputDeclaration ast; override string getAPrimaryQlClass() { result = "OutputDeclaration" } diff --git a/ql/lib/codeql/bicep/ast/internal/ParameterDeclaration.qll b/ql/lib/codeql/bicep/ast/internal/ParameterDeclaration.qll index a9f2226..bc9f46b 100644 --- a/ql/lib/codeql/bicep/ast/internal/ParameterDeclaration.qll +++ b/ql/lib/codeql/bicep/ast/internal/ParameterDeclaration.qll @@ -7,6 +7,7 @@ private import AstNodes private import TreeSitter private import codeql.bicep.ast.AstNodes +private import Stmts private import Identifier private import Type private import Expr @@ -14,7 +15,7 @@ private import Expr /** * A ParameterDeclaration AST Node. */ -class ParameterDeclarationImpl extends TParameterDeclaration, AstNode { +class ParameterDeclarationImpl extends TParameterDeclaration, StmtsImpl { private BICEP::ParameterDeclaration ast; override string getAPrimaryQlClass() { result = "ParameterDeclaration" } diff --git a/ql/lib/codeql/bicep/ast/internal/UserDefinedFunction.qll b/ql/lib/codeql/bicep/ast/internal/UserDefinedFunction.qll index 0705255..ff816f8 100644 --- a/ql/lib/codeql/bicep/ast/internal/UserDefinedFunction.qll +++ b/ql/lib/codeql/bicep/ast/internal/UserDefinedFunction.qll @@ -7,6 +7,7 @@ private import AstNodes private import TreeSitter private import codeql.bicep.ast.AstNodes +private import Stmts private import Identifier private import Stmts private import Type @@ -16,7 +17,7 @@ private import Parameters /** * A UserDefinedFunction AST Node. */ -class UserDefinedFunctionImpl extends TUserDefinedFunction, AstNode { +class UserDefinedFunctionImpl extends TUserDefinedFunction, StmtsImpl { private BICEP::UserDefinedFunction ast; override string getAPrimaryQlClass() { result = "UserDefinedFunction" } From 9c49cb62ab28e3756b4585fd14014e9ee96a2b3a Mon Sep 17 00:00:00 2001 From: GeekMasher Date: Tue, 17 Jun 2025 20:26:17 +0100 Subject: [PATCH 3/4] fix(ast): Update Infrastructure --- .../bicep/ast/internal/Infrastructure.qll | 3 +- ql/test/library-tests/ast/AST.expected | 38 +++++++++++++++++++ ql/test/library-tests/ast/AST.ql | 4 ++ 3 files changed, 44 insertions(+), 1 deletion(-) diff --git a/ql/lib/codeql/bicep/ast/internal/Infrastructure.qll b/ql/lib/codeql/bicep/ast/internal/Infrastructure.qll index 12f4373..bf72d66 100644 --- a/ql/lib/codeql/bicep/ast/internal/Infrastructure.qll +++ b/ql/lib/codeql/bicep/ast/internal/Infrastructure.qll @@ -7,6 +7,7 @@ private import AstNodes private import TreeSitter private import codeql.bicep.ast.AstNodes private import Stmts +private import Statement /** @@ -21,7 +22,7 @@ class InfrastructureImpl extends TInfrastructure, AstNode { override string toString() { result = ast.toString() } - StmtsImpl getStatement(int index) { + StatementImpl getStatement(int index) { toTreeSitter(result) = ast.getChild(index) } } \ No newline at end of file diff --git a/ql/test/library-tests/ast/AST.expected b/ql/test/library-tests/ast/AST.expected index 5b111ed..0f9c4b0 100644 --- a/ql/test/library-tests/ast/AST.expected +++ b/ql/test/library-tests/ast/AST.expected @@ -1110,6 +1110,44 @@ ast | sample.bicep:98:15:98:20 | MemberExpression | | sample.bicep:98:15:98:20 | MemberExpression | | sample.bicep:98:19:98:20 | id | +infra +| conditions.bicep:1:1:12:2 | Infrastructure | 0 | conditions.bicep:1:1:1:39 | ParameterDeclaration | +| conditions.bicep:1:1:12:2 | Infrastructure | 1 | conditions.bicep:2:1:2:54 | ParameterDeclaration | +| conditions.bicep:1:1:12:2 | Infrastructure | 2 | conditions.bicep:4:1:12:1 | ResourceDeclaration | +| data.bicep:1:1:62:4 | Infrastructure | 0 | data.bicep:2:1:6:1 | VariableDeclaration | +| data.bicep:1:1:62:4 | Infrastructure | 1 | data.bicep:8:1:8:43 | VariableDeclaration | +| data.bicep:1:1:62:4 | Infrastructure | 2 | data.bicep:10:1:11:10 | VariableDeclaration | +| data.bicep:1:1:62:4 | Infrastructure | 3 | data.bicep:13:1:13:28 | VariableDeclaration | +| data.bicep:1:1:62:4 | Infrastructure | 4 | data.bicep:14:1:14:41 | OutputDeclaration | +| data.bicep:1:1:62:4 | Infrastructure | 5 | data.bicep:15:1:15:41 | OutputDeclaration | +| data.bicep:1:1:62:4 | Infrastructure | 6 | data.bicep:17:1:17:13 | VariableDeclaration | +| data.bicep:1:1:62:4 | Infrastructure | 7 | data.bicep:18:1:18:46 | OutputDeclaration | +| data.bicep:1:1:62:4 | Infrastructure | 8 | data.bicep:21:1:21:29 | ParameterDeclaration | +| data.bicep:1:1:62:4 | Infrastructure | 9 | data.bicep:24:1:24:24 | ParameterDeclaration | +| data.bicep:1:1:62:4 | Infrastructure | 10 | data.bicep:27:1:27:92 | ParameterDeclaration | +| data.bicep:1:1:62:4 | Infrastructure | 11 | data.bicep:29:1:34:1 | ParameterDeclaration | +| data.bicep:1:1:62:4 | Infrastructure | 12 | data.bicep:36:1:37:12 | ParameterDeclaration | +| data.bicep:1:1:62:4 | Infrastructure | 13 | data.bicep:41:1:41:25 | VariableDeclaration | +| data.bicep:1:1:62:4 | Infrastructure | 14 | data.bicep:42:1:42:52 | TypeDeclaration | +| data.bicep:1:1:62:4 | Infrastructure | 15 | data.bicep:43:1:43:62 | VariableDeclaration | +| data.bicep:1:1:62:4 | Infrastructure | 16 | data.bicep:46:1:46:24 | VariableDeclaration | +| data.bicep:1:1:62:4 | Infrastructure | 17 | data.bicep:49:1:50:9 | VariableDeclaration | +| data.bicep:1:1:62:4 | Infrastructure | 18 | data.bicep:53:1:55:3 | VariableDeclaration | +| data.bicep:1:1:62:4 | Infrastructure | 19 | data.bicep:58:1:62:3 | VariableDeclaration | +| sample.bicep:1:1:103:1 | Infrastructure | 0 | sample.bicep:1:1:1:48 | ParameterDeclaration | +| sample.bicep:1:1:103:1 | Infrastructure | 1 | sample.bicep:2:1:2:80 | ParameterDeclaration | +| sample.bicep:1:1:103:1 | Infrastructure | 2 | sample.bicep:3:1:3:28 | ParameterDeclaration | +| sample.bicep:1:1:103:1 | Infrastructure | 3 | sample.bicep:4:1:4:40 | ParameterDeclaration | +| sample.bicep:1:1:103:1 | Infrastructure | 4 | sample.bicep:5:1:5:43 | ParameterDeclaration | +| sample.bicep:1:1:103:1 | Infrastructure | 5 | sample.bicep:6:1:6:32 | ParameterDeclaration | +| sample.bicep:1:1:103:1 | Infrastructure | 6 | sample.bicep:7:1:7:36 | ParameterDeclaration | +| sample.bicep:1:1:103:1 | Infrastructure | 7 | sample.bicep:8:1:8:40 | ParameterDeclaration | +| sample.bicep:1:1:103:1 | Infrastructure | 8 | sample.bicep:9:1:9:30 | ParameterDeclaration | +| sample.bicep:1:1:103:1 | Infrastructure | 9 | sample.bicep:11:1:21:1 | ResourceDeclaration | +| sample.bicep:1:1:103:1 | Infrastructure | 10 | sample.bicep:23:1:41:1 | ResourceDeclaration | +| sample.bicep:1:1:103:1 | Infrastructure | 11 | sample.bicep:43:1:49:1 | ResourceDeclaration | +| sample.bicep:1:1:103:1 | Infrastructure | 12 | sample.bicep:51:1:70:1 | ResourceDeclaration | +| sample.bicep:1:1:103:1 | Infrastructure | 13 | sample.bicep:72:1:103:1 | ResourceDeclaration | strings | conditions.bicep:2:35:2:54 | String | examplestorageacct | | conditions.bicep:4:25:4:70 | String | Microsoft.Storage/storageAccounts@2022-09-01 | diff --git a/ql/test/library-tests/ast/AST.ql b/ql/test/library-tests/ast/AST.ql index 63e19a1..95d60df 100644 --- a/ql/test/library-tests/ast/AST.ql +++ b/ql/test/library-tests/ast/AST.ql @@ -2,6 +2,10 @@ private import bicep query predicate ast(AstNode ast) { any() } +query predicate infra(Infrastructure infra, int index, Stmts stmts) { + stmts = infra.getStatement(index) +} + query predicate strings(String str, string output) { output = str.getValue() } query predicate ifCondition(IfStatement ifStmt, Expr condition, Expr body) { From 6060ac057098156203960061acd298e38e09c98e Mon Sep 17 00:00:00 2001 From: GeekMasher Date: Tue, 17 Jun 2025 20:27:22 +0100 Subject: [PATCH 4/4] feat(tests): Update CFG test --- ql/test/library-tests/cfg/Cfg.expected | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/ql/test/library-tests/cfg/Cfg.expected b/ql/test/library-tests/cfg/Cfg.expected index a651fb0..fdf8230 100644 --- a/ql/test/library-tests/cfg/Cfg.expected +++ b/ql/test/library-tests/cfg/Cfg.expected @@ -1,4 +1,6 @@ | sample.bicep:1:1:1:48 | ParameterDeclaration | sample.bicep:1:1:103:1 | Infrastructure | | +| sample.bicep:1:1:1:48 | ParameterDeclaration | sample.bicep:1:1:103:1 | Infrastructure | | +| sample.bicep:1:1:1:48 | ParameterDeclaration | sample.bicep:1:7:1:14 | location | | | sample.bicep:1:1:103:1 | Infrastructure | sample.bicep:1:1:103:1 | exit Infrastructure (normal) | | | sample.bicep:1:1:103:1 | enter Infrastructure | sample.bicep:1:7:1:14 | location | | | sample.bicep:1:1:103:1 | enter Infrastructure | sample.bicep:1:7:1:14 | location | | @@ -11,6 +13,9 @@ | sample.bicep:1:7:1:14 | location | sample.bicep:1:1:1:48 | ParameterDeclaration | | | sample.bicep:1:7:1:14 | location | sample.bicep:1:1:1:48 | ParameterDeclaration | | | sample.bicep:1:7:1:14 | location | sample.bicep:1:1:1:48 | ParameterDeclaration | | +| sample.bicep:1:7:1:14 | location | sample.bicep:1:1:1:48 | ParameterDeclaration | | +| sample.bicep:1:7:1:14 | location | sample.bicep:1:1:1:48 | ParameterDeclaration | | +| sample.bicep:1:7:1:14 | location | sample.bicep:1:1:1:48 | ParameterDeclaration | | | sample.bicep:1:7:1:14 | location | sample.bicep:1:25:1:37 | resourceGroup | | | sample.bicep:1:7:1:14 | location | sample.bicep:1:25:1:37 | resourceGroup | | | sample.bicep:1:7:1:14 | location | sample.bicep:1:25:1:37 | resourceGroup | | @@ -36,6 +41,9 @@ | sample.bicep:1:25:1:48 | MemberExpression | sample.bicep:1:1:1:48 | ParameterDeclaration | | | sample.bicep:1:25:1:48 | MemberExpression | sample.bicep:1:1:1:48 | ParameterDeclaration | | | sample.bicep:1:25:1:48 | MemberExpression | sample.bicep:1:1:1:48 | ParameterDeclaration | | +| sample.bicep:1:25:1:48 | MemberExpression | sample.bicep:1:1:1:48 | ParameterDeclaration | | +| sample.bicep:1:25:1:48 | MemberExpression | sample.bicep:1:1:1:48 | ParameterDeclaration | | +| sample.bicep:1:25:1:48 | MemberExpression | sample.bicep:1:1:1:48 | ParameterDeclaration | | | sample.bicep:1:25:1:48 | MemberExpression | sample.bicep:1:1:103:1 | Infrastructure | , BooleanSuccessor, BooleanSuccessor | | sample.bicep:1:25:1:48 | MemberExpression | sample.bicep:1:1:103:1 | Infrastructure | , BooleanSuccessor, BooleanSuccessor | | sample.bicep:1:25:1:48 | MemberExpression | sample.bicep:1:1:103:1 | Infrastructure | , BooleanSuccessor, BooleanSuccessor |