codeql-development-mcp-server 2.24.1-rc1

package/ql/csharp/tools/src/CallGraphTo/CallGraphTo.ql

@@ -0,0 +1,50 @@
+/**
+ * @name Call Graph To for csharp
+ * @description Displays calls made to a specified method, showing the call graph inbound to the target method.
+ * @id csharp/tools/call-graph-to
+ * @kind problem
+ * @problem.severity recommendation
+ * @tags call-graph
+ */
+
+import csharp
+
+/**
+ * Gets the target method name for which to generate the call graph.
+ * Can be a single method name or comma-separated list of method names.
+ */
+external string targetFunction();
+
+/**
+ * Gets a single target method name from the comma-separated list.
+ */
+string getTargetFunctionName() {
+  result = targetFunction().splitAt(",").trim()
+}
+
+/**
+ * Gets a method by matching against the selected target method names.
+ */
+Callable getTargetFunction() {
+  exists(string selectedFunc |
+    selectedFunc = getTargetFunctionName() and
+    result.getName() = selectedFunc
+  )
+}
+
+from Call call, Callable target, Callable caller
+where
+  call.getTarget() = target and
+  call.getEnclosingCallable() = caller and
+  (
+    // Use external predicate if available
+    target = getTargetFunction()
+    or
+    // Fallback for unit tests: include test files
+    (
+      not exists(getTargetFunction()) and
+      target.getFile().getParentContainer().getParentContainer().getBaseName() = "test"
+    )
+  )
+select call,
+  "Call to `" + target.getName() + "` from `" + caller.getName() + "`"

package/ql/csharp/tools/src/PrintAST/PrintAST.ql

@@ -0,0 +1,57 @@
+/**
+ * @name Print AST for csharp
+ * @description Outputs a representation of the Abstract Syntax Tree for specified source files.
+ * @id csharp/tools/print-ast
+ * @kind graph
+ * @tags ast
+ */
+
+import csharp
+import semmle.code.csharp.PrintAst
+
+/**
+ * Gets the source files to generate AST from.
+ * Can be a single file path or comma-separated list of file paths.
+ */
+external string selectedSourceFiles();
+
+/**
+ * Gets a single source file from the comma-separated list.
+ */
+string getSelectedSourceFile() {
+  result = selectedSourceFiles().splitAt(",").trim()
+}
+
+/**
+ * Gets a file by matching against the selected source file paths.
+ */
+File getSelectedFile() {
+  exists(string selectedFile |
+    selectedFile = getSelectedSourceFile() and
+    (
+      // Match by exact relative path from source root
+      result.getRelativePath() = selectedFile or
+      // Match by file name if no path separators
+      (not selectedFile.matches("%/%") and result.getBaseName() = selectedFile) or
+      // Match by ending path component
+      result.getAbsolutePath().suffix(result.getAbsolutePath().length() - selectedFile.length()) = selectedFile
+    )
+  )
+}
+
+/**
+ * Configuration for PrintAST that uses external predicates to specify source files.
+ * Falls back to all files when external predicates are not available (for unit tests).
+ */
+class Cfg extends PrintAstConfiguration {
+  override predicate shouldPrint(Element e, Location l) {
+    super.shouldPrint(e, l) and
+    (
+      // Use external predicate if available
+      l.getFile() = getSelectedFile()
+      or
+      // Fallback for unit tests: include all files
+      not exists(getSelectedFile())
+    )
+  }
+}

package/ql/csharp/tools/src/PrintCFG/PrintCFG.md

@@ -0,0 +1,55 @@
+# Print CFG for `csharp` Source Files
+
+Produces a representation of a file's Control Flow Graph (CFG) for specified source files.
+
+## Overview
+
+The Control Flow Graph represents the order in which statements and expressions are executed in a program. Each node in the graph represents a control-flow element (statement or expression), and edges represent possible execution paths between them.
+
+This query outputs all CFG nodes and their successor relationships for C# code, which is useful for understanding program execution flow, debugging control flow issues, and analyzing code paths.
+
+## Use Cases
+
+This query is primarily used for:
+
+- Visualizing program execution flow
+- Understanding complex branching logic
+- Debugging control flow issues
+- Analysis of code paths and reachability
+- IDE integration for control flow visualization
+
+## Example
+
+The following C# code demonstrates control flow through conditional statements and loops:
+
+```csharp
+public void Example(int x) {
+    if (x > 0) {                     // COMPLIANT - Branching creates CFG edges
+        Console.WriteLine("Positive");
+    } else {
+        Console.WriteLine("Non-positive");
+    }
+
+    for (int i = 0; i < 3; i++) {    // COMPLIANT - Loop creates cyclic CFG
+        Console.WriteLine(i);
+    }
+}
+```
+
+In the resulting CFG:
+
+- The `if` condition creates two outgoing edges (true/false branches)
+- The `for` loop creates a cycle back to the condition check
+- Each statement connects to its successor in execution order
+
+## Output Format
+
+The query produces two relations:
+
+- `nodes(ControlFlow::Node, string, string)`: Each CFG node with its label
+- `edges(ControlFlow::Node, ControlFlow::Node)`: Successor relationships between nodes
+
+## References
+
+- [C# Control Flow](https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/statements/selection-statements)
+- [CodeQL Control Flow Graph](https://codeql.github.com/docs/writing-codeql-queries/about-control-flow-in-codeql/)

package/ql/csharp/tools/src/PrintCFG/PrintCFG.ql

@@ -0,0 +1,22 @@
+/**
+ * @name Print CFG for csharp
+ * @description Produces a representation of a file's Control Flow Graph for specified source files.
+ * @id csharp/tools/print-cfg
+ * @kind graph
+ * @tags cfg
+ */
+
+import csharp
+import semmle.code.csharp.controlflow.ControlFlowGraph
+
+/**
+ * Configuration for PrintCFG that outputs all CFG nodes and edges.
+ */
+query predicate nodes(ControlFlow::Node node, string property, string value) {
+  property = "semmle.label" and
+  value = node.toString()
+}
+
+query predicate edges(ControlFlow::Node pred, ControlFlow::Node succ) {
+  pred.getASuccessor() = succ
+}

package/ql/csharp/tools/src/codeql-pack.lock.yml

@@ -0,0 +1,24 @@
+---
+lockVersion: 1.0.0
+dependencies:
+  codeql/controlflow:
+    version: 2.0.25
+  codeql/csharp-all:
+    version: 5.4.6
+  codeql/dataflow:
+    version: 2.0.25
+  codeql/mad:
+    version: 1.0.41
+  codeql/ssa:
+    version: 2.0.17
+  codeql/threat-models:
+    version: 1.0.41
+  codeql/tutorial:
+    version: 1.0.41
+  codeql/typetracking:
+    version: 2.0.25
+  codeql/util:
+    version: 2.0.28
+  codeql/xml:
+    version: 1.0.41
+compiled: false

package/ql/csharp/tools/src/codeql-pack.yml

@@ -0,0 +1,6 @@
+name: advanced-security/ql-mcp-csharp-tools-src
+version: 2.24.1-rc1
+description: 'Queries for codeql-development-mcp-server tools for csharp language'
+library: false
+dependencies:
+  codeql/csharp-all: 5.4.6

package/ql/go/tools/src/CallGraphFrom/CallGraphFrom.ql

@@ -0,0 +1,39 @@
+/**
+ * @name Call Graph From for go
+ * @description Displays calls made from a specified function, showing the call graph outbound from the source function.
+ * @id go/tools/call-graph-from
+ * @kind problem
+ * @problem.severity recommendation
+ * @tags call-graph
+ */
+
+import go
+
+/**
+ * Gets the source function name for which to generate the call graph.
+ * Can be a single function name or comma-separated list of function names.
+ */
+external string sourceFunction();
+
+/**
+ * Gets a single source function name from the comma-separated list.
+ */
+string getSourceFunctionName() {
+  result = sourceFunction().splitAt(",").trim()
+}
+
+from CallExpr call, FuncDecl source
+where
+  call.getEnclosingFunction() = source and
+  (
+    // Use external predicate if available
+    source.getName() = getSourceFunctionName()
+    or
+    // Fallback for unit tests: include test files
+    (
+      not exists(getSourceFunctionName()) and
+      source.getFile().getParentContainer().getParentContainer().getBaseName() = "test"
+    )
+  )
+select call,
+  "Call from `" + source.getName() + "` to `" + call.getTarget().getName() + "`"

package/ql/go/tools/src/CallGraphTo/CallGraphTo.ql

@@ -0,0 +1,47 @@
+/**
+ * @name Call Graph To for go
+ * @description Displays calls made to a specified function, showing the call graph inbound to the target function.
+ * @id go/tools/call-graph-to
+ * @kind problem
+ * @problem.severity recommendation
+ * @tags call-graph
+ */
+
+import go
+
+/**
+ * Gets the target function name for which to generate the call graph.
+ * Can be a single function name or comma-separated list of function names.
+ */
+external string targetFunction();
+
+/**
+ * Gets a single target function name from the comma-separated list.
+ */
+string getTargetFunctionName() {
+  result = targetFunction().splitAt(",").trim()
+}
+
+/**
+ * Gets the caller name for a call expression.
+ */
+string getCallerName(CallExpr call) {
+  if exists(call.getEnclosingFunction())
+  then result = call.getEnclosingFunction().getName()
+  else result = "Top-level"
+}
+
+from CallExpr call
+where
+  (
+    // Use external predicate if available
+    call.getTarget().getName() = getTargetFunctionName()
+    or
+    // Fallback for unit tests: include test files
+    (
+      not exists(getTargetFunctionName()) and
+      call.getFile().getParentContainer().getParentContainer().getBaseName() = "test"
+    )
+  )
+select call,
+  "Call to `" + call.getTarget().getName() + "` from `" + getCallerName(call) + "`"

package/ql/go/tools/src/PrintAST/PrintAST.ql

@@ -0,0 +1,58 @@
+/**
+ * @name Print AST for go
+ * @description Outputs a representation of the Abstract Syntax Tree for specified source files.
+ * @id go/tools/print-ast
+ * @kind graph
+ * @tags ast
+ */
+
+import go
+import semmle.go.PrintAst
+
+/**
+ * Gets the source files to generate AST from.
+ * Can be a single file path or comma-separated list of file paths.
+ */
+external string selectedSourceFiles();
+
+/**
+ * Gets a single source file from the comma-separated list.
+ */
+string getSelectedSourceFile() {
+  result = selectedSourceFiles().splitAt(",").trim()
+}
+
+/**
+ * Gets a file by matching against the selected source file paths.
+ */
+File getSelectedFile() {
+  exists(string selectedFile |
+    selectedFile = getSelectedSourceFile() and
+    (
+      // Match by exact relative path from source root
+      result.getRelativePath() = selectedFile or
+      // Match by file name if no path separators
+      (not selectedFile.matches("%/%") and result.getBaseName() = selectedFile) or
+      // Match by ending path component
+      result.getAbsolutePath().suffix(result.getAbsolutePath().length() - selectedFile.length()) = selectedFile
+    )
+  )
+}
+
+/**
+ * Configuration for PrintAST that uses external predicates to specify source files.
+ * Falls back to test file selection when external predicates are not available.
+ */
+class Cfg extends PrintAstConfiguration {
+  override predicate shouldPrintFunction(FuncDecl func) { this.shouldPrintFile(func.getFile()) }
+
+  override predicate shouldPrintFile(File file) { 
+    // Use external predicate if available
+    file = getSelectedFile()
+    or
+    // Fallback for unit tests: include specific test files
+    (not exists(getSelectedFile()) and file.getBaseName() = "Example1.go")
+  }
+
+  override predicate shouldPrintComments(File file) { none() }
+}

package/ql/go/tools/src/PrintCFG/PrintCFG.md

@@ -0,0 +1,55 @@
+# Print CFG for Go
+
+Produces a representation of a file's Control Flow Graph (CFG) for specified source files.
+
+## Overview
+
+The Control Flow Graph represents the order in which statements and expressions are executed in a program. Each node in the graph represents a control-flow element (statement or expression), and edges represent possible execution paths between them.
+
+This query outputs all CFG nodes and their successor relationships for Go code, which is useful for understanding program execution flow, debugging control flow issues, and analyzing code paths.
+
+## Use Cases
+
+This query is primarily used for:
+
+- Visualizing program execution flow
+- Understanding complex branching logic
+- Debugging control flow issues
+- Analysis of code paths and reachability
+- IDE integration for control flow visualization
+
+## Example
+
+The following Go code demonstrates control flow through conditional statements and loops:
+
+```go
+func example(x int) {
+    if x > 0 {                    // COMPLIANT - Branching creates CFG edges
+        fmt.Println("Positive")
+    } else {
+        fmt.Println("Non-positive")
+    }
+
+    for i := 0; i < 3; i++ {      // COMPLIANT - Loop creates cyclic CFG
+        fmt.Println(i)
+    }
+}
+```
+
+In the resulting CFG:
+
+- The `if` condition creates two outgoing edges (true/false branches)
+- The `for` loop creates a cycle back to the condition check
+- Each statement connects to its successor in execution order
+
+## Output Format
+
+The query produces two relations:
+
+- `nodes(ControlFlow::Node, string, string)`: Each CFG node with its label
+- `edges(ControlFlow::Node, ControlFlow::Node)`: Successor relationships between nodes
+
+## References
+
+- [Go Control Structures](https://go.dev/doc/effective_go#control-structures)
+- [CodeQL Control Flow Graph](https://codeql.github.com/docs/writing-codeql-queries/about-control-flow-in-codeql/)

package/ql/go/tools/src/PrintCFG/PrintCFG.ql

@@ -0,0 +1,22 @@
+/**
+ * @name Print CFG for go
+ * @description Produces a representation of a file's Control Flow Graph for specified source files.
+ * @id go/tools/print-cfg
+ * @kind graph
+ * @tags cfg
+ */
+
+import go
+import semmle.go.controlflow.ControlFlowGraph
+
+/**
+ * Configuration for PrintCFG that outputs all CFG nodes and edges.
+ */
+query predicate nodes(ControlFlow::Node node, string property, string value) {
+  property = "semmle.label" and
+  value = node.toString()
+}
+
+query predicate edges(ControlFlow::Node pred, ControlFlow::Node succ) {
+  pred.getASuccessor() = succ
+}

package/ql/go/tools/src/codeql-pack.lock.yml

@@ -0,0 +1,24 @@
+---
+lockVersion: 1.0.0
+dependencies:
+  codeql/concepts:
+    version: 0.0.15
+  codeql/controlflow:
+    version: 2.0.25
+  codeql/dataflow:
+    version: 2.0.25
+  codeql/go-all:
+    version: 6.0.1
+  codeql/mad:
+    version: 1.0.41
+  codeql/ssa:
+    version: 2.0.17
+  codeql/threat-models:
+    version: 1.0.41
+  codeql/tutorial:
+    version: 1.0.41
+  codeql/typetracking:
+    version: 2.0.25
+  codeql/util:
+    version: 2.0.28
+compiled: false

package/ql/go/tools/src/codeql-pack.yml

@@ -0,0 +1,6 @@
+name: advanced-security/ql-mcp-go-tools-src
+version: 2.24.1-rc1
+description: 'Queries for codeql-development-mcp-server tools for go language'
+library: false
+dependencies:
+  codeql/go-all: 6.0.1

package/ql/java/tools/src/CallGraphFrom/CallGraphFrom.ql

@@ -0,0 +1,50 @@
+/**
+ * @name Call Graph From for java
+ * @description Displays calls made from a specified method, showing the call graph outbound from the source method.
+ * @id java/tools/call-graph-from
+ * @kind problem
+ * @problem.severity recommendation
+ * @tags call-graph
+ */
+
+import java
+
+/**
+ * Gets the source method name for which to generate the call graph.
+ * Can be a single method name or comma-separated list of method names.
+ */
+external string sourceFunction();
+
+/**
+ * Gets a single source method name from the comma-separated list.
+ */
+string getSourceFunctionName() {
+  result = sourceFunction().splitAt(",").trim()
+}
+
+/**
+ * Gets a method by matching against the selected source method names.
+ */
+Callable getSourceFunction() {
+  exists(string selectedFunc |
+    selectedFunc = getSourceFunctionName() and
+    result.getName() = selectedFunc
+  )
+}
+
+from Call call, Callable source, Callable callee
+where
+  call.getCaller() = source and
+  call.getCallee() = callee and
+  (
+    // Use external predicate if available
+    source = getSourceFunction()
+    or
+    // Fallback for unit tests: include test files
+    (
+      not exists(getSourceFunction()) and
+      source.getFile().getParentContainer().getParentContainer().getBaseName() = "test"
+    )
+  )
+select call,
+  "Call from `" + source.getName() + "` to `" + callee.getName() + "`"

package/ql/java/tools/src/CallGraphTo/CallGraphTo.ql

@@ -0,0 +1,50 @@
+/**
+ * @name Call Graph To for java
+ * @description Displays calls made to a specified method, showing the call graph inbound to the target method.
+ * @id java/tools/call-graph-to
+ * @kind problem
+ * @problem.severity recommendation
+ * @tags call-graph
+ */
+
+import java
+
+/**
+ * Gets the target method name for which to generate the call graph.
+ * Can be a single method name or comma-separated list of method names.
+ */
+external string targetFunction();
+
+/**
+ * Gets a single target method name from the comma-separated list.
+ */
+string getTargetFunctionName() {
+  result = targetFunction().splitAt(",").trim()
+}
+
+/**
+ * Gets a method by matching against the selected target method names.
+ */
+Callable getTargetFunction() {
+  exists(string selectedFunc |
+    selectedFunc = getTargetFunctionName() and
+    result.getName() = selectedFunc
+  )
+}
+
+from Call call, Callable target, Callable caller
+where
+  call.getCallee() = target and
+  call.getCaller() = caller and
+  (
+    // Use external predicate if available
+    target = getTargetFunction()
+    or
+    // Fallback for unit tests: include test files
+    (
+      not exists(getTargetFunction()) and
+      target.getFile().getParentContainer().getParentContainer().getBaseName() = "test"
+    )
+  )
+select call,
+  "Call to `" + target.getName() + "` from `" + caller.getName() + "`"

package/ql/java/tools/src/PrintAST/PrintAST.ql

@@ -0,0 +1,57 @@
+/**
+ * @name Print AST for java
+ * @description Outputs a representation of the Abstract Syntax Tree for specified source files.
+ * @id java/tools/print-ast
+ * @kind graph
+ * @tags ast
+ */
+
+import java
+import semmle.code.java.PrintAst
+
+/**
+ * Gets the source files to generate AST from.
+ * Can be a single file path or comma-separated list of file paths.
+ */
+external string selectedSourceFiles();
+
+/**
+ * Gets a single source file from the comma-separated list.
+ */
+string getSelectedSourceFile() {
+  result = selectedSourceFiles().splitAt(",").trim()
+}
+
+/**
+ * Gets a file by matching against the selected source file paths.
+ */
+File getSelectedFile() {
+  exists(string selectedFile |
+    selectedFile = getSelectedSourceFile() and
+    (
+      // Match by exact relative path from source root
+      result.getRelativePath() = selectedFile or
+      // Match by file name if no path separators
+      (not selectedFile.matches("%/%") and result.getBaseName() = selectedFile) or
+      // Match by ending path component
+      result.getAbsolutePath().suffix(result.getAbsolutePath().length() - selectedFile.length()) = selectedFile
+    )
+  )
+}
+
+/**
+ * Configuration for PrintAST that uses external predicates to specify source files.
+ * Falls back to test files when external predicates are not available.
+ */
+class Cfg extends PrintAstConfiguration {
+  override predicate shouldPrint(Element e, Location l) {
+    super.shouldPrint(e, l) and
+    (
+      // Use external predicate if available
+      l.getFile() = getSelectedFile()
+      or
+      // Fallback for unit tests: include specific test files
+      (not exists(getSelectedFile()) and l.getFile().getBaseName() = "Example1.java")
+    )
+  }
+}

package/ql/java/tools/src/PrintCFG/PrintCFG.md

@@ -0,0 +1,55 @@
+# Print CFG for Java
+
+Produces a representation of a file's Control Flow Graph (CFG) for specified source files.
+
+## Overview
+
+The Control Flow Graph represents the order in which statements and expressions are executed in a program. Each node in the graph represents a control-flow element (statement or expression), and edges represent possible execution paths between them.
+
+This query outputs all CFG nodes and their successor relationships for Java code, which is useful for understanding program execution flow, debugging control flow issues, and analyzing code paths.
+
+## Use Cases
+
+This query is primarily used for:
+
+- Visualizing program execution flow
+- Understanding complex branching logic
+- Debugging control flow issues
+- Analysis of code paths and reachability
+- IDE integration for control flow visualization
+
+## Example
+
+The following Java code demonstrates control flow through conditional statements and loops:
+
+```java
+public void example(int x) {
+    if (x > 0) {                     // COMPLIANT - Branching creates CFG edges
+        System.out.println("Positive");
+    } else {
+        System.out.println("Non-positive");
+    }
+
+    for (int i = 0; i < 3; i++) {    // COMPLIANT - Loop creates cyclic CFG
+        System.out.println(i);
+    }
+}
+```
+
+In the resulting CFG:
+
+- The `if` condition creates two outgoing edges (true/false branches)
+- The `for` loop creates a cycle back to the condition check
+- Each statement connects to its successor in execution order
+
+## Output Format
+
+The query produces two relations:
+
+- `nodes(ControlFlow::Node, string, string)`: Each CFG node with its label
+- `edges(ControlFlow::Node, ControlFlow::Node)`: Successor relationships between nodes
+
+## References
+
+- [Java Control Flow Statements](https://docs.oracle.com/javase/tutorial/java/nutsandbolts/flow.html)
+- [CodeQL Control Flow Graph](https://codeql.github.com/docs/writing-codeql-queries/about-control-flow-in-codeql/)