Add CallGraphFromTo queries for all supported languages#168
Open
data-douser wants to merge 7 commits intomainfrom
Open
Add CallGraphFromTo queries for all supported languages#168data-douser wants to merge 7 commits intomainfrom
data-douser wants to merge 7 commits intomainfrom
Conversation
- Add CallGraphFromTo.ql for cpp, csharp, go, java, javascript, python, ruby, swift - Each query supports sourceFunction and targetFunction external predicates - Include documentation (.md) and test suites with expected outputs - Update QL pack dependencies to latest versions - Fix go PrintAST query for compatibility with v2.25.0 - Fix java PrintCFG query for compatibility with v2.25.0 Closes #164
Contributor
Dependency Review✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.Snapshot WarningsEnsure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice. Scanned FilesNone |
Contributor
There was a problem hiding this comment.
Pull request overview
Adds a new CallGraphFromTo CodeQL tool query across all call-graph-enabled languages in this repo, enabling “calls on paths from source → target” exploration with sourceFunction/targetFunction externals, and updates packs/tests/docs for CodeQL v2.25.0 compatibility.
Changes:
- Added
CallGraphFromTo.ql+.mddocumentation and unit tests for cpp, csharp, go, java, javascript, python, ruby, swift. - Bumped CodeQL pack dependencies/locks across language tool packs for v2.25.0 compatibility.
- Updated existing Go
PrintASTand JavaPrintCFGqueries (and expected outputs) for newer CodeQL libraries.
Reviewed changes
Copilot reviewed 70 out of 70 changed files in this pull request and generated 10 comments.
Show a summary per file
| File | Description |
|---|---|
| server/src/resources/languages/java_ast.md | Document Java CFG API change (ControlFlowNode / ControlFlowGraph). |
| server/src/resources/languages/go_ast.md | Note about bundled Go PrintAST implementation details. |
| server/ql/cpp/tools/src/codeql-pack.yml | Update cpp tool pack dependency versions. |
| server/ql/cpp/tools/src/codeql-pack.lock.yml | Update cpp tool pack lock versions. |
| server/ql/cpp/tools/test/codeql-pack.lock.yml | Update cpp tool test pack lock versions. |
| server/ql/cpp/tools/src/CallGraphFromTo/CallGraphFromTo.ql | New cpp CallGraphFromTo query. |
| server/ql/cpp/tools/src/CallGraphFromTo/CallGraphFromTo.md | New cpp CallGraphFromTo documentation. |
| server/ql/cpp/tools/test/CallGraphFromTo/Example1.cpp | New cpp test fixture. |
| server/ql/cpp/tools/test/CallGraphFromTo/CallGraphFromTo.expected | New cpp expected results. |
| server/ql/cpp/tools/test/CallGraphFromTo/CallGraphFromTo.qlref | New cpp test query reference. |
| server/ql/csharp/tools/src/codeql-pack.yml | Update csharp tool pack dependency versions. |
| server/ql/csharp/tools/src/codeql-pack.lock.yml | Update csharp tool pack lock versions. |
| server/ql/csharp/tools/test/codeql-pack.lock.yml | Update csharp tool test pack lock versions. |
| server/ql/csharp/tools/src/CallGraphFromTo/CallGraphFromTo.ql | New csharp CallGraphFromTo query. |
| server/ql/csharp/tools/src/CallGraphFromTo/CallGraphFromTo.md | New csharp CallGraphFromTo documentation. |
| server/ql/csharp/tools/test/CallGraphFromTo/Example1.cs | New csharp test fixture. |
| server/ql/csharp/tools/test/CallGraphFromTo/CallGraphFromTo.expected | New csharp expected results. |
| server/ql/csharp/tools/test/CallGraphFromTo/CallGraphFromTo.qlref | New csharp test query reference. |
| server/ql/go/tools/src/codeql-pack.yml | Update go tool pack dependency versions. |
| server/ql/go/tools/src/codeql-pack.lock.yml | Update go tool pack lock versions. |
| server/ql/go/tools/test/codeql-pack.lock.yml | Update go tool test pack lock versions. |
| server/ql/go/tools/src/PrintAST/PrintAST.ql | Adjust Go PrintAST implementation for new library constraints. |
| server/ql/go/tools/test/PrintAST/PrintAST.expected | Update Go PrintAST expected output. |
| server/ql/go/tools/src/CallGraphFromTo/CallGraphFromTo.ql | New go CallGraphFromTo query. |
| server/ql/go/tools/src/CallGraphFromTo/CallGraphFromTo.md | New go CallGraphFromTo documentation. |
| server/ql/go/tools/test/CallGraphFromTo/Example1.go | New go test fixture. |
| server/ql/go/tools/test/CallGraphFromTo/CallGraphFromTo.expected | New go expected results. |
| server/ql/go/tools/test/CallGraphFromTo/CallGraphFromTo.qlref | New go test query reference. |
| server/ql/java/tools/src/codeql-pack.yml | Update java tool pack dependency versions. |
| server/ql/java/tools/src/codeql-pack.lock.yml | Update java tool pack lock versions. |
| server/ql/java/tools/test/codeql-pack.lock.yml | Update java tool test pack lock versions. |
| server/ql/java/tools/src/PrintCFG/PrintCFG.ql | Update Java PrintCFG to use ControlFlowNode. |
| server/ql/java/tools/test/PrintCFG/PrintCFG.expected | Update Java PrintCFG expected output. |
| server/ql/java/tools/src/CallGraphFromTo/CallGraphFromTo.ql | New java CallGraphFromTo query. |
| server/ql/java/tools/src/CallGraphFromTo/CallGraphFromTo.md | New java CallGraphFromTo documentation. |
| server/ql/java/tools/test/CallGraphFromTo/Example1.java | New java test fixture. |
| server/ql/java/tools/test/CallGraphFromTo/CallGraphFromTo.expected | New java expected results. |
| server/ql/java/tools/test/CallGraphFromTo/CallGraphFromTo.qlref | New java test query reference. |
| server/ql/javascript/tools/src/codeql-pack.yml | Update javascript tool pack dependency versions. |
| server/ql/javascript/tools/src/codeql-pack.lock.yml | Update javascript tool pack lock versions. |
| server/ql/javascript/tools/test/codeql-pack.lock.yml | Update javascript tool test pack lock versions. |
| server/ql/javascript/tools/src/CallGraphFromTo/CallGraphFromTo.ql | New javascript CallGraphFromTo query. |
| server/ql/javascript/tools/src/CallGraphFromTo/CallGraphFromTo.md | New javascript CallGraphFromTo documentation. |
| server/ql/javascript/tools/test/CallGraphFromTo/Example1.js | New javascript test fixture. |
| server/ql/javascript/tools/test/CallGraphFromTo/CallGraphFromTo.expected | New javascript expected results. |
| server/ql/javascript/tools/test/CallGraphFromTo/CallGraphFromTo.qlref | New javascript test query reference. |
| server/ql/python/tools/src/codeql-pack.yml | Update python tool pack dependency versions. |
| server/ql/python/tools/src/codeql-pack.lock.yml | Update python tool pack lock versions. |
| server/ql/python/tools/test/codeql-pack.lock.yml | Update python tool test pack lock versions. |
| server/ql/python/tools/src/CallGraphFromTo/CallGraphFromTo.ql | New python CallGraphFromTo query. |
| server/ql/python/tools/src/CallGraphFromTo/CallGraphFromTo.md | New python CallGraphFromTo documentation. |
| server/ql/python/tools/test/CallGraphFromTo/Example1.py | New python test fixture. |
| server/ql/python/tools/test/CallGraphFromTo/CallGraphFromTo.expected | New python expected results. |
| server/ql/python/tools/test/CallGraphFromTo/CallGraphFromTo.qlref | New python test query reference. |
| server/ql/ruby/tools/src/codeql-pack.yml | Update ruby tool pack dependency versions. |
| server/ql/ruby/tools/src/codeql-pack.lock.yml | Update ruby tool pack lock versions. |
| server/ql/ruby/tools/test/codeql-pack.lock.yml | Update ruby tool test pack lock versions. |
| server/ql/ruby/tools/src/CallGraphFromTo/CallGraphFromTo.ql | New ruby CallGraphFromTo query. |
| server/ql/ruby/tools/src/CallGraphFromTo/CallGraphFromTo.md | New ruby CallGraphFromTo documentation. |
| server/ql/ruby/tools/test/CallGraphFromTo/Example1.rb | New ruby test fixture. |
| server/ql/ruby/tools/test/CallGraphFromTo/CallGraphFromTo.expected | New ruby expected results. |
| server/ql/ruby/tools/test/CallGraphFromTo/CallGraphFromTo.qlref | New ruby test query reference. |
| server/ql/swift/tools/src/codeql-pack.yml | Update swift tool pack dependency versions. |
| server/ql/swift/tools/src/codeql-pack.lock.yml | Update swift tool pack lock versions. |
| server/ql/swift/tools/test/codeql-pack.lock.yml | Update swift tool test pack lock versions. |
| server/ql/swift/tools/src/CallGraphFromTo/CallGraphFromTo.ql | New swift CallGraphFromTo query. |
| server/ql/swift/tools/src/CallGraphFromTo/CallGraphFromTo.md | New swift CallGraphFromTo documentation. |
| server/ql/swift/tools/test/CallGraphFromTo/Example1.swift | New swift test fixture. |
| server/ql/swift/tools/test/CallGraphFromTo/CallGraphFromTo.expected | New swift expected results. |
| server/ql/swift/tools/test/CallGraphFromTo/CallGraphFromTo.qlref | New swift test query reference. |
server/ql/javascript/tools/src/CallGraphFromTo/CallGraphFromTo.md
Outdated
Show resolved
Hide resolved
- Syncs "server/dist/**" - Applies "codeql query format" rules for all server/ql/**/*.ql files - Fixes formatting of markdown text in query markdown docs - Addresses other PR review feedback for #168
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 95 out of 97 changed files in this pull request and generated 1 comment.
Comments suppressed due to low confidence (1)
server/ql/go/tools/test/CallGraphFromTo/CallGraphFromTo.expected:2
CallGraphFromTo.expectedis effectively empty, so the Go CallGraphFromTo unit test isn't asserting any behavior. Please add expected rows for the 3 calls inExample1.go(target→unrelated, intermediate→target, source→intermediate), or adjust the query/test setup so results are produced and verified.
Go query test fixes: - Add go.mod to CallGraphFromTo, CallGraphFrom, CallGraphTo test dirs (Go extractor requires module file for proper extraction) - Add main() function to all Go Example1.go test files - Fix fallback filter in all 3 Go call graph queries: getParentContainer().getParentContainer().getBaseName() = "test" → getFile().getBaseName() = "Example1.go" - Update all Go .expected files with non-empty results (4-5 rows each) VSIX packaging fix: - Add .tmp/** to .vscodeignore (was bundling 177MB of test databases) - VSIX size: 71.48MB → 788KB
Replace `external string` declarations with `extensible predicate` syntax across all 8 languages, enabling YAML-based data extensions for testing instead of fragile fallback hacks. Architecture: - Add ExternalPredicates.qll per language with shared extensible predicate declarations (sourceFunction, targetFunction, selectedSourceFiles) - Add dataExtensions YAML files in test/*/ext/ directories providing test values for each query's external predicates - Add dataExtensions glob to all test pack codeql-pack.yml files - Remove all "Fallback for unit tests" or clauses from queries This means: - Tests now exercise the actual external predicate logic path - No more path-based hacks (getParentContainer().getBaseName() = "test") - CallGraphFromTo tests produce precise source→target results - New queries only need a .model.yml file, not query modifications
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 173 out of 175 changed files in this pull request and generated 9 comments.
Comments suppressed due to low confidence (1)
server/src/lib/cli-tool-registry.ts:350
- This comment says “Create qlpack.yml for the temporary extension pack”, but the code writes
codeql-pack.yml. Please align the wording with the actual filename to prevent future mistakes.
|
|
||
| This query identifies all function calls that lie on any transitive call path from a specified source function to a specified target function. Given both a source and target function name, it reports each call site along the connecting paths, which is useful for understanding indirect call chains, security-relevant data flow paths, and function reachability. | ||
|
|
||
| The query uses transitive closure (`calls*`) to determine reachability, then reports only the direct call sites that contribute to paths between the source and target. It accepts function names via external predicates (`sourceFunction` and `targetFunction`). |
There was a problem hiding this comment.
This doc says the query accepts inputs via “external predicates”, but the implementation uses extensible predicates populated via CodeQL data extensions / model packs (see ExternalPredicates.qll). Please update the wording to match the current mechanism so users know how to provide values.
Comment on lines
+298
to
+301
| // Handle extensible predicates for tool queries via data extensions. | ||
| // Instead of CSV files + --external flags, we create a temporary | ||
| // extension pack with a qlpack.yml and data extension YAML that | ||
| // injects values into the src pack's extensible predicates. |
There was a problem hiding this comment.
The comments here refer to creating a qlpack.yml, but the code actually writes codeql-pack.yml. Please update the comment to avoid confusion (this repo consistently uses codeql-pack.yml).
This issue also appears on line 339 of the same file.
|
|
||
| This query identifies all function calls that lie on any transitive call path from a specified source function to a specified target function. Given both a source and target function name, it reports each call site along the connecting paths, which is useful for understanding indirect call chains, security-relevant data flow paths, and function reachability. | ||
|
|
||
| The query uses transitive closure (`calls*`) to determine reachability, then reports only the direct call sites that contribute to paths between the source and target. It accepts function names via external predicates (`sourceFunction` and `targetFunction`). |
There was a problem hiding this comment.
This doc says the query accepts inputs via “external predicates”, but the implementation uses extensible predicates populated via CodeQL data extensions / model packs (see ExternalPredicates.qll). Please update the wording to match the current mechanism so users know how to provide values.
|
|
||
| This query identifies all function calls that lie on any transitive call path from a specified source function to a specified target function. Given both a source and target function name, it reports each call site along the connecting paths, which is useful for understanding indirect call chains, security-relevant data flow paths, and function reachability. | ||
|
|
||
| The query uses transitive closure (`calls*`) to determine reachability, then reports only the direct call sites that contribute to paths between the source and target. It accepts function names via external predicates (`sourceFunction` and `targetFunction`). |
There was a problem hiding this comment.
This doc says the query accepts inputs via “external predicates”, but the implementation uses extensible predicates populated via CodeQL data extensions / model packs (see ExternalPredicates.qll). Please update the wording to match the current mechanism so users know how to provide values.
|
|
||
| This query identifies all method calls that lie on any transitive call path from a specified source method to a specified target method. Given both a source and target method name, it reports each call site along the connecting paths, which is useful for understanding indirect call chains, security-relevant data flow paths, and method reachability. | ||
|
|
||
| The query uses transitive closure (`calls*`) to determine reachability, then reports only the direct call sites that contribute to paths between the source and target. It accepts method names via external predicates (`sourceFunction` and `targetFunction`). |
There was a problem hiding this comment.
This doc says the query accepts inputs via “external predicates”, but the implementation uses extensible predicates populated via CodeQL data extensions / model packs (see ExternalPredicates.qll). Please update the wording to match the current mechanism so users know how to provide values.
|
|
||
| This query identifies all function calls that lie on any transitive call path from a specified source function to a specified target function. Given both a source and target function name, it reports each call site along the connecting paths, which is useful for understanding indirect call chains, security-relevant data flow paths, and function reachability. | ||
|
|
||
| The query uses transitive closure (`calls*`) to determine reachability, then reports only the direct call sites that contribute to paths between the source and target. It accepts function names via external predicates (`sourceFunction` and `targetFunction`) and supports both simple and qualified name matching. |
There was a problem hiding this comment.
This doc says the query accepts inputs via “external predicates”, but the implementation uses extensible predicates populated via CodeQL data extensions / model packs (see ExternalPredicates.qll). Please update the wording to match the current mechanism so users know how to provide values.
Suggested change
| The query uses transitive closure (`calls*`) to determine reachability, then reports only the direct call sites that contribute to paths between the source and target. It accepts function names via external predicates (`sourceFunction` and `targetFunction`) and supports both simple and qualified name matching. | |
| The query uses transitive closure (`calls*`) to determine reachability, then reports only the direct call sites that contribute to paths between the source and target. It accepts function names via extensible predicates (`sourceFunction` and `targetFunction`) populated via CodeQL data extensions or model packs (see `ExternalPredicates.qll`) and supports both simple and qualified name matching. |
|
|
||
| This query identifies all method calls that lie on any transitive call path from a specified source method to a specified target method. Given both a source and target method name, it reports each call site along the connecting paths, which is useful for understanding indirect call chains, security-relevant data flow paths, and method reachability. | ||
|
|
||
| The query uses transitive closure (`calls*`) to determine reachability, then reports only the direct call sites that contribute to paths between the source and target. It accepts method names via external predicates (`sourceFunction` and `targetFunction`). |
There was a problem hiding this comment.
This doc says the query accepts inputs via “external predicates”, but the implementation uses extensible predicates populated via CodeQL data extensions / model packs (see ExternalPredicates.qll). Please update the wording to match the current mechanism so users know how to provide values.
Suggested change
| The query uses transitive closure (`calls*`) to determine reachability, then reports only the direct call sites that contribute to paths between the source and target. It accepts method names via external predicates (`sourceFunction` and `targetFunction`). | |
| The query uses transitive closure (`calls*`) to determine reachability, then reports only the direct call sites that contribute to paths between the source and target. It takes its source and target methods from extensible predicates (`sourceFunction` and `targetFunction`) populated via CodeQL data extensions / model packs (see `ExternalPredicates.qll`). |
|
|
||
| This query identifies all method calls that lie on any transitive call path from a specified source method to a specified target method. Given both a source and target method name, it reports each call site along the connecting paths, which is useful for understanding indirect call chains, security-relevant data flow paths, and method reachability. | ||
|
|
||
| The query uses transitive closure (`calls*`) to determine reachability, then reports only the direct call sites that contribute to paths between the source and target. It accepts method names via external predicates (`sourceFunction` and `targetFunction`). |
There was a problem hiding this comment.
This doc says the query accepts inputs via “external predicates”, but the implementation uses extensible predicates populated via CodeQL data extensions / model packs (see ExternalPredicates.qll). Please update the wording to match the current mechanism so users know how to provide values.
|
|
||
| This query identifies all function calls that lie on any transitive call path from a specified source function to a specified target function. Given both a source and target function name, it reports each call site along the connecting paths, which is useful for understanding indirect call chains, security-relevant data flow paths, and function reachability. | ||
|
|
||
| The query uses transitive closure (`calls*`) to determine reachability, then reports only the direct call sites that contribute to paths between the source and target. It accepts function names via external predicates (`sourceFunction` and `targetFunction`). |
There was a problem hiding this comment.
This doc says the query accepts inputs via “external predicates”, but the implementation uses extensible predicates populated via CodeQL data extensions / model packs (see ExternalPredicates.qll). Please update the wording to match the current mechanism so users know how to provide values.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Add
CallGraphFromTo.qlquery for all 8 CallGraph-supporting languages, enabling transitive call reachability analysis with both source and target function constraints.Changes
New CallGraphFromTo queries (8 languages)
server/ql/{cpp,csharp,go,java,javascript,python,ruby,swift}/tools/src/CallGraphFromTo/sourceFunctionandtargetFunctionexternal predicates for bidirectional call graph traversal.md) and unit test suites with expected outputsQL pack dependency updates
codeql-pack.ymlandcodeql-pack.lock.ymlfiles to latest pack versions for v2.25.0 compatibilityQuery fixes
go/PrintASTquery for v2.25.0 compatibilityjava/PrintCFGquery for v2.25.0 compatibility.expectedtest outputsTesting
codeql test runReview order
This PR is independent and can be reviewed/merged at any time.
Closes #164
Part of #163