codeql-development-mcp-server 2.24.3 → 2.25.0

package/ql/swift/tools/src/CallGraphFromTo/CallGraphFromTo.ql

@@ -0,0 +1,80 @@
+/**
+ * @name Call Graph From To for swift
+ * @description Displays calls on reachable paths from a source function to a target function, showing transitive call graph connectivity.
+ * @id swift/tools/call-graph-from-to
+ * @kind problem
+ * @problem.severity recommendation
+ * @tags call-graph
+ */
+
+import swift
+import ExternalPredicates
+
+/**
+ * Gets a single source function name from the comma-separated list.
+ */
+string getSourceFunctionName() {
+  exists(string s | sourceFunction(s) | result = s.splitAt(",").trim())
+}
+
+/**
+ * Gets a single target function name from the comma-separated list.
+ */
+string getTargetFunctionName() {
+  exists(string s | targetFunction(s) | result = s.splitAt(",").trim())
+}
+
+/**
+ * Gets a function by matching against the selected source function names.
+ * Supports both base names (e.g. "source") and full Swift signatures (e.g. "source()").
+ */
+Function getSourceFunction() {
+  exists(string selectedFunc |
+    selectedFunc = getSourceFunctionName() and
+    (result.getName() = selectedFunc or result.getName().matches(selectedFunc + "(%"))
+  )
+}
+
+/**
+ * Gets a function by matching against the selected target function names.
+ * Supports both base names (e.g. "target") and full Swift signatures (e.g. "target()").
+ */
+Function getTargetFunction() {
+  exists(string selectedFunc |
+    selectedFunc = getTargetFunctionName() and
+    (result.getName() = selectedFunc or result.getName().matches(selectedFunc + "(%"))
+  )
+}
+
+/**
+ * Holds if function `caller` directly calls function `callee`.
+ */
+predicate calls(Function caller_, Function callee_) {
+  exists(CallExpr c |
+    c.getEnclosingFunction() = caller_ and
+    c.getStaticTarget() = callee_
+  )
+}
+
+/**
+ * Gets the name of the called function.
+ */
+string getCalleeName(CallExpr call) {
+  if exists(call.getStaticTarget())
+  then result = call.getStaticTarget().getName()
+  else result = call.toString()
+}
+
+from CallExpr call, Function caller
+where
+  call.getEnclosingFunction() = caller and
+  exists(Function source, Function target |
+    source = getSourceFunction() and
+    target = getTargetFunction() and
+    calls*(source, caller) and
+    exists(Function callee |
+      call.getStaticTarget() = callee and
+      calls*(callee, target)
+    )
+  )
+select call, "Reachable call from `" + caller.getName() + "` to `" + getCalleeName(call) + "`"

package/ql/swift/tools/src/CallGraphTo/CallGraphTo.ql

@@ -8,17 +8,14 @@
  */
 
 import swift
-
-/**
- * Gets the target function name for which to generate the call graph.
- * Can be a single function name or comma-separated list of function names.
- */
-external string targetFunction();
+import ExternalPredicates
 
 /**
  * Gets a single target function name from the comma-separated list.
  */
-string getTargetFunctionName() { result = targetFunction().splitAt(",").trim() }
+string getTargetFunctionName() {
+  exists(string s | targetFunction(s) | result = s.splitAt(",").trim())
+}
 
 /**
  * Gets the caller name for a call expression.
@@ -38,12 +35,9 @@ string getCalleeName(CallExpr call) {
   else result = call.toString()
 }
 
-from CallExpr call
+from CallExpr call, string targetName
 where
-  // Use external predicate if available
-  call.getStaticTarget().getName() = getTargetFunctionName()
-  or
-  // Fallback for unit tests: include specific test files
-  not exists(getTargetFunctionName()) and
-  call.getLocation().getFile().getBaseName() = "Example1.swift"
+  targetName = getTargetFunctionName() and
+  (call.getStaticTarget().getName() = targetName or
+    call.getStaticTarget().getName().matches(targetName + "(%"))
 select call, "Call to `" + getCalleeName(call) + "` from `" + getCallerName(call) + "`"

package/ql/swift/tools/src/ExternalPredicates.qll

@@ -0,0 +1,14 @@
+/**
+ * Shared extensible predicate declarations for MCP server tools queries.
+ * Values are provided via dataExtensions YAML files during testing,
+ * or via a temporary data extension pack at runtime from the MCP server.
+ */
+
+/** Holds for each source function name for call graph analysis. */
+extensible predicate sourceFunction(string name);
+
+/** Holds for each target function name for call graph analysis. */
+extensible predicate targetFunction(string name);
+
+/** Holds for each selected source file path for AST/CFG printing. */
+extensible predicate selectedSourceFiles(string path);

package/ql/swift/tools/src/PrintAST/PrintAST.ql

@@ -7,17 +7,14 @@
  */
 
 import codeql.swift.printast.PrintAst
-
-/**
- * Gets the source files to generate AST from.
- * Can be a single file path or comma-separated list of file paths.
- */
-external string selectedSourceFiles();
+import ExternalPredicates
 
 /**
  * Gets a single source file from the comma-separated list.
  */
-string getSelectedSourceFile() { result = selectedSourceFiles().splitAt(",").trim() }
+string getSelectedSourceFile() {
+  exists(string s | selectedSourceFiles(s) | result = s.splitAt(",").trim())
+}
 
 /**
  * Gets a file by matching against the selected source file paths.
@@ -46,13 +43,6 @@ File getSelectedFile() {
 class Cfg extends PrintAstConfiguration {
   override predicate shouldPrint(Locatable e) {
     super.shouldPrint(e) and
-    (
-      // Use external predicate if available
-      e.getLocation().getFile() = getSelectedFile()
-      or
-      // Fallback for unit tests: include specific test files
-      not exists(getSelectedFile()) and
-      e.getLocation().getFile().getBaseName() = "Example1.swift"
-    )
+    e.getLocation().getFile() = getSelectedFile()
   }
 }

package/ql/swift/tools/src/PrintCFG/PrintCFG.ql

@@ -8,17 +8,14 @@
 
 import swift
 import codeql.swift.controlflow.ControlFlowGraph
-
-/**
- * Gets the source files to generate CFG from.
- * Can be a single file path or comma-separated list of file paths.
- */
-external string selectedSourceFiles();
+import ExternalPredicates
 
 /**
  * Gets a single source file from the comma-separated list.
  */
-string getSelectedSourceFile() { result = selectedSourceFiles().splitAt(",").trim() }
+string getSelectedSourceFile() {
+  exists(string s | selectedSourceFiles(s) | result = s.splitAt(",").trim())
+}
 
 /**
  * Gets a file by matching against the selected source file paths.
@@ -43,14 +40,7 @@ File getSelectedFile() {
 /**
  * Holds if this CFG node should be included in output.
  */
-predicate shouldPrintNode(ControlFlowNode node) {
-  // Use external predicate if available
-  node.getLocation().getFile() = getSelectedFile()
-  or
-  // Fallback for unit tests: include specific test files
-  not exists(getSelectedFile()) and
-  node.getLocation().getFile().getBaseName() = "Example1.swift"
-}
+predicate shouldPrintNode(ControlFlowNode node) { node.getLocation().getFile() = getSelectedFile() }
 
 /**
  * Configuration for PrintCFG that outputs filtered CFG nodes and edges.

package/ql/swift/tools/src/codeql-pack.lock.yml

@@ -2,23 +2,23 @@
 lockVersion: 1.0.0
 dependencies:
   codeql/concepts:
-    version: 0.0.15
+    version: 0.0.18
   codeql/controlflow:
-    version: 2.0.25
+    version: 2.0.28
   codeql/dataflow:
-    version: 2.0.25
+    version: 2.1.0
   codeql/mad:
-    version: 1.0.41
+    version: 1.0.44
   codeql/regex:
-    version: 1.0.41
+    version: 1.0.44
   codeql/ssa:
-    version: 2.0.17
+    version: 2.0.20
   codeql/swift-all:
-    version: 6.2.1
+    version: 6.3.0
   codeql/tutorial:
-    version: 1.0.41
+    version: 1.0.44
   codeql/typetracking:
-    version: 2.0.25
-  codeql/util:
     version: 2.0.28
+  codeql/util:
+    version: 2.0.31
 compiled: false

package/ql/swift/tools/src/codeql-pack.yml

@@ -1,6 +1,6 @@
 name: advanced-security/ql-mcp-swift-tools-src
-version: 2.24.3
+version: 2.25.0
 description: 'Queries for codeql-development-mcp-server tools for swift language'
 library: false
 dependencies:
-  codeql/swift-all: 6.2.1
+  codeql/swift-all: 6.3.0