### Go Type Tracking Example with TypeTracker Source: https://codeql.github.com/codeql-standard-libraries/go/codeql/typetracking/internal/TypeTrackingImpl.qll/type.TypeTrackingImpl%24TypeTracking%24TypeTracker This example demonstrates how to use the `TypeTracker` class in Go for tracking a specific type. It outlines the recommended structure for defining type tracking logic, including starting points and step-by-step analysis. It highlights the difference between `step` and `smallstep` for intra-procedural analysis. ```go Node myType(TypeTracker tt) { tt.start() and result = < source of myType > or exists(TypeTracker tt2 | tt = tt2.step(myType(tt2), result) ) } Node myType() { myType(TypeTracker::end()).flowsTo(result) } ``` -------------------------------- ### Go Slice Expression Examples Source: https://codeql.github.com/codeql-standard-libraries/go/semmle/go/Expr.qll/type.Expr%24SliceExpr Illustrates various forms of slice expressions in Go, demonstrating different ways to specify start, end, and capacity. ```go a[1:3] a[1:3:5] a[1:] a[:3] a[:] ``` -------------------------------- ### Generic Function Instantiation Examples in CodeQL Source: https://codeql.github.com/codeql-standard-libraries/go/semmle/go/Expr.qll/type.Expr%24GenericFunctionInstantiationExpr Illustrates the syntax for representing generic function instantiations in CodeQL, showing examples with single and multiple type arguments. ```codeql genericfunction[type] genericfunction[type1, type2] ``` -------------------------------- ### Go 'go' Statement Example Source: https://codeql.github.com/codeql-standard-libraries/go/semmle/go/Stmt.qll/type.Stmt%24GoStmt This snippet demonstrates the usage of a 'go' statement in Go, which is used to start a new goroutine. The CodeQL class `GoStmt` represents such statements in the abstract syntax tree. ```go go fillPixels(row) ``` -------------------------------- ### Build Constraint Comment Examples Source: https://codeql.github.com/codeql-standard-libraries/go/semmle/go/Comments.qll/type.Comments%24BuildConstraintComment Illustrates the syntax of build constraint comments in Go, which are used to conditionally compile source files. These comments typically start with `// +build` or `//go:build` followed by tags or conditions. ```go // +build darwin freebsd netbsd openbsd // +build !linux ``` -------------------------------- ### Example Usage of DeferStmt Source: https://codeql.github.com/codeql-standard-libraries/go/semmle/go/Stmt.qll/type.Stmt%24DeferStmt Demonstrates a basic example of a 'defer' statement in Go, as represented by the DeferStmt class in CodeQL. This shows how a mutex unlock operation can be deferred. ```go defer mutex.Unlock() ``` -------------------------------- ### Go String Literal Example Source: https://codeql.github.com/codeql-standard-libraries/go/semmle/go/Expr.qll/type.Expr%24StringLit Demonstrates a basic string literal in Go. This serves as a simple example of what the StringLit class represents in CodeQL. ```Go "hello world" ``` -------------------------------- ### Go GotoStmt Example Source: https://codeql.github.com/codeql-standard-libraries/go/semmle/go/Stmt.qll/type.Stmt%24GotoStmt This snippet demonstrates a basic example of a 'goto' statement in Go code, which is represented by the GotoStmt class in CodeQL. ```go goto Error ``` -------------------------------- ### Example Go Return Statement Source: https://codeql.github.com/codeql-standard-libraries/go/semmle/go/Stmt.qll/type.Stmt%24ReturnStmt Demonstrates a basic `return` statement in Go. This snippet showcases the syntax for returning values from a function. It does not have specific dependencies and serves as a simple illustration. ```Go return x ``` -------------------------------- ### getStartLine Source: https://codeql.github.com/codeql-standard-libraries/go/semmle/go/frameworks/Afero.qll/type.Afero%24Afero%24AferoUtilityFunctionSystemAccess Gets the start line of the location of this node. ```APIDOC ## getStartLine ### Description Gets the start line of the location of this node. ### Method N/A ### Endpoint N/A ### Parameters N/A ### Request Example N/A ### Response N/A ### Response Example N/A ``` -------------------------------- ### getStartColumn Source: https://codeql.github.com/codeql-standard-libraries/go/semmle/go/frameworks/Afero.qll/type.Afero%24Afero%24AferoUtilityFunctionSystemAccess Gets the start column of the location of this node. ```APIDOC ## getStartColumn ### Description Gets the start column of the location of this node. ### Method N/A ### Endpoint N/A ### Parameters N/A ### Request Example N/A ### Response N/A ### Response Example N/A ``` -------------------------------- ### Go Block Comment Example Source: https://codeql.github.com/codeql-standard-libraries/go/semmle/go/Comments.qll/type.Comments%24SlashStarComment This example demonstrates the structure of a block comment in Go, which starts with '/*' and ends with '*/'. This is represented by the SlashStarComment class in CodeQL. ```go /* a block comment */ ``` -------------------------------- ### Get Start Column in Go CodeQL Source: https://codeql.github.com/codeql-standard-libraries/go/semmle/go/security/OpenUrlRedirectCustomizations.qll/type.OpenUrlRedirectCustomizations%24OpenUrlRedirect%24RedirectCheckBarrierGuardAsBarrierGuard Retrieves the starting column number of the location associated with a node in the Go CodeQL analysis. This is part of the location information for code elements. ```go /** * Gets the start column of the location of this node. */ getStartColumn() | from Node ``` -------------------------------- ### GoModLineBlock Example - Go Source: https://codeql.github.com/codeql-standard-libraries/go/semmle/go/GoMod.qll/type.GoMod%24GoModLineBlock This snippet demonstrates the structure of a GoModLineBlock, showing a 'require' block with multiple dependencies. It illustrates how dependencies are listed within the block. ```go require ( "github.com/github/codeql-go" v1.2.3 "golang.org/x/tools" v3.2.1 ) ``` -------------------------------- ### Get Start Line in Go CodeQL Source: https://codeql.github.com/codeql-standard-libraries/go/semmle/go/security/OpenUrlRedirectCustomizations.qll/type.OpenUrlRedirectCustomizations%24OpenUrlRedirect%24RedirectCheckBarrierGuardAsBarrierGuard Retrieves the starting line number of the location associated with a node in the Go CodeQL analysis. This, along with `getEndLine`, defines the range of a code element. ```go /** * Gets the start line of the location of this node. */ getStartLine() | from Node ``` -------------------------------- ### Go Package Name Example Source: https://codeql.github.com/codeql-standard-libraries/go/semmle/go/Expr.qll/type.Expr%24PackageName Demonstrates how to refer to an imported package using its name within the CodeQL library for Go. This is a fundamental concept for analyzing package dependencies. ```go fmt ``` -------------------------------- ### Get Start Column of Node Location in Go Source: https://codeql.github.com/codeql-standard-libraries/go/semmle/go/security/StoredXssCustomizations.qll/type.StoredXssCustomizations%24StoredXss%24Sink This Go code snippet retrieves the starting column number of the source code location associated with a data flow node. This aids in precise code navigation. ```go getStartColumn()| Gets the start column of the location of this node. | from Node ``` -------------------------------- ### Simple Assignment Statement Examples in Go Source: https://codeql.github.com/codeql-standard-libraries/go/semmle/go/Stmt.qll/type.Stmt%24SimpleAssignStmt Illustrates various forms of simple assignment statements in Go, including variable initialization, pointer assignment, array element assignment, and channel receive assignment. These examples demonstrate the syntax covered by the `SimpleAssignStmt` class. ```go x := 1 *p = f() a[i] = 23 (k) = <-ch // same as: k = <-ch ``` -------------------------------- ### Getting Start Line Location in Go Source: https://codeql.github.com/codeql-standard-libraries/go/semmle/go/security/AllocationSizeOverflowCustomizations.qll/type.AllocationSizeOverflowCustomizations%24AllocationSizeOverflow%24LengthCheckSanitizer This predicate retrieves the starting line number of the source code location associated with a node. Inherited from 'Node', it helps in identifying the beginning of code elements during Go program analysis. ```go // Gets the start line of the location of this node. aspred getStartLine() | from Node ``` -------------------------------- ### Go LoopStmt Examples Source: https://codeql.github.com/codeql-standard-libraries/go/semmle/go/Stmt.qll/type.Stmt%24LoopStmt Demonstrates various forms of 'for' and 'range' loop statements in Go, as represented by the CodeQL LoopStmt class. These examples illustrate the syntax for traditional for loops and map iteration. ```go for a < b { a *= 2 } for i := 0; i < 10; i++ { f(i) } for key, value := range mymap { fmt.Printf("mymap[%s] = %d\n", key, value) } ``` -------------------------------- ### Getting Start Column Location in Go Source: https://codeql.github.com/codeql-standard-libraries/go/semmle/go/security/AllocationSizeOverflowCustomizations.qll/type.AllocationSizeOverflowCustomizations%24AllocationSizeOverflow%24LengthCheckSanitizer This predicate retrieves the starting column number of the source code location associated with a node. Inherited from 'Node', it's vital for precise code referencing and error highlighting in Go analysis. ```go // Gets the start column of the location of this node. aspred getStartColumn() | from Node ``` -------------------------------- ### Get Start Line of Node Location in Go Source: https://codeql.github.com/codeql-standard-libraries/go/semmle/go/security/StoredXssCustomizations.qll/type.StoredXssCustomizations%24StoredXss%24Sink This Go code snippet retrieves the starting line number of the source code location associated with a data flow node. This is critical for identifying the exact position of code elements. ```go getStartLine()| Gets the start line of the location of this node. | from Node ``` -------------------------------- ### Go Switch Statement Examples Source: https://codeql.github.com/codeql-standard-libraries/go/semmle/go/Stmt.qll/type.Stmt%24SwitchStmt Illustrates the structure of expression switches and type switches in Go using CodeQL's representation. These examples demonstrate how to represent different switch statement forms within the CodeQL analysis framework. ```go switch x := f(); x { case 0, 1: a = 1 fallthrough default: b = 2 } switch i := x.(type) { default: printString("don't know the type") case nil: printString("x is nil") case int: printInt(i) case func(int) float64: printFunction(i) } ``` -------------------------------- ### HTML Document Element Example (Go) Source: https://codeql.github.com/codeql-standard-libraries/go/semmle/go/HTML.qll/type.HTML%24HTML%24DocumentElement An example demonstrating the structure of an HTML document element in CodeQL for Go. This illustrates a basic HTML document with a body containing text. ```go This is a test. ``` -------------------------------- ### Get Suffix Substring (string) Source: https://codeql.github.com/codeql-standard-libraries/go/codeql/dataflow/internal/AccessPathSyntax.qll/type.AccessPathSyntax%24AccessPathTokenBase Returns the substring of the receiver string starting from a specified 0-based inclusive offset to the end of the string. ```go string s = "example"; int offset = 4; string suffix = s.suffix(offset); // suffix will be "ple" ``` -------------------------------- ### Go Parameter Declaration Example Source: https://codeql.github.com/codeql-standard-libraries/go/semmle/go/Decls.qll/type.Decls%24ParameterDecl Illustrates how parameter declarations are represented in Go code, showing single and multiple variable declarations with explicit types. ```go s string x, y int ``` -------------------------------- ### Get Suffix Substring (Go) Source: https://codeql.github.com/codeql-standard-libraries/go/codeql/dataflow/internal/DataFlowImplCommon.qll/type.DataFlowImplCommon%24MakeImplCommon%24DataFlowImplCommonPublic%24FlowStateString%24FlowStateEmpty Extracts a substring from the receiver string starting at a specified inclusive offset to the end of the string. The offset is 0-based. ```go receiver.suffix(offset) ``` -------------------------------- ### Get Substring by Indices (string) Source: https://codeql.github.com/codeql-standard-libraries/go/codeql/dataflow/internal/AccessPathSyntax.qll/type.AccessPathSyntax%24AccessPathTokenBase Extracts a substring from the receiver string using start (inclusive) and end (exclusive) indices. Both indices are 0-based. ```go string s = "example"; int startIndex = 1; int endIndex = 4; string sub = s.substring(startIndex, endIndex); // sub will be "xam" ``` -------------------------------- ### HTML Element Example - Go Source: https://codeql.github.com/codeql-standard-libraries/go/semmle/go/HTML.qll/type.HTML%24HTML%24Element This snippet demonstrates the usage of an HTML element within the CodeQL Go library. It shows a simple anchor tag and its attributes. ```go ```go Semmle ``` ``` -------------------------------- ### Continue Statement Examples in Go Source: https://codeql.github.com/codeql-standard-libraries/go/semmle/go/Stmt.qll/type.Stmt%24ContinueStmt Demonstrates the basic syntax for using 'continue' statements in Go. This includes a simple 'continue' and a 'continue' with a label, as supported by the CodeQL library. ```go continue continue RowLoop ``` -------------------------------- ### RecvExpr::getAPrimaryQlClass Source: https://codeql.github.com/codeql-standard-libraries/go/semmle/go/Expr.qll/predicate.Expr%24RecvExpr%24getAPrimaryQlClass.0 Gets the name of a primary CodeQL class to which this node belongs. For most nodes, this is simply the most precise syntactic category to which they belong; for example, `AddExpr` is a primary class, but `BinaryExpr` is not. For identifiers and selector expressions, the class describing what kind of entity they refer to (for example `FunctionName` or `TypeName`) is also considered primary. For such nodes, this predicate has multiple values. ```APIDOC ## Predicate RecvExpr::getAPrimaryQlClass ### Description Gets the name of a primary CodeQL class to which this node belongs. For most nodes, this is simply the most precise syntactic category to which they belong; for example, `AddExpr` is a primary class, but `BinaryExpr` is not. For identifiers and selector expressions, the class describing what kind of entity they refer to (for example `FunctionName` or `TypeName`) is also considered primary. For such nodes, this predicate has multiple values. ### Method (This is a predicate, not an API endpoint) ### Endpoint (N/A) ### Parameters #### Path Parameters (N/A) #### Query Parameters (N/A) #### Request Body (N/A) ### Request Example (N/A) ### Response #### Success Response - **string** - The name of a primary CodeQL class. #### Response Example ``` "AddExpr" "FunctionName" ``` ``` -------------------------------- ### Go CodeQL: Example Comment Syntax Source: https://codeql.github.com/codeql-standard-libraries/go/semmle/go/Comments.qll/type.Comments%24Comment This snippet illustrates the basic syntax for line and block comments in Go, as represented by the CodeQL 'Class Comment'. These comments are fundamental to understanding code annotations and documentation within Go programs. ```go // a line comment /* a block comment */ ``` -------------------------------- ### AstNode::getAPrimaryQlClass Source: https://codeql.github.com/codeql-standard-libraries/go/semmle/go/AST.qll/predicate.AST%24AstNode%24getAPrimaryQlClass.0 Gets the name of a primary CodeQL class to which this node belongs. For most nodes, this is simply the most precise syntactic category to which they belong; for example, `AddExpr` is a primary class, but `BinaryExpr` is not. For identifiers and selector expressions, the class describing what kind of entity they refer to (for example `FunctionName` or `TypeName`) is also considered primary. For such nodes, this predicate has multiple values. ```APIDOC ## AstNode::getAPrimaryQlClass ### Description Gets the name of a primary CodeQL class to which this node belongs. For most nodes, this is simply the most precise syntactic category to which they belong; for example, `AddExpr` is a primary class, but `BinaryExpr` is not. For identifiers and selector expressions, the class describing what kind of entity they refer to (for example `FunctionName` or `TypeName`) is also considered primary. For such nodes, this predicate has multiple values. ### Method This is a member predicate, invoked on an object of type `AstNode`. ### Signature ```ql string getAPrimaryQlClass() ``` ### Parameters This predicate takes no parameters. ### Returns A string representing the name of a primary CodeQL class. ### Example ```ql from AstNode node where node.hasName("myFunction") select node.getAPrimaryQlClass() ``` This example would select the primary CodeQL classes for nodes that have the name "myFunction". ``` -------------------------------- ### Go CodeQL ValueExpr Examples Source: https://codeql.github.com/codeql-standard-libraries/go/semmle/go/Expr.qll/type.Expr%24ValueExpr Example CodeQL queries demonstrating the usage of the ValueExpr class. These snippets illustrate how to select expressions that represent values, such as arithmetic operations or function calls. ```codeql from ValueExpr ve where ve.toString() = "x + y" or ve.toString() = "f(x)" select ve ``` -------------------------------- ### CodeQL Block Statement Example in Go Source: https://codeql.github.com/codeql-standard-libraries/go/semmle/go/Stmt.qll/type.Stmt%24BlockStmt This snippet demonstrates a basic CodeQL representation of a Go block statement. It shows how to format output within a block and iterate using a variable `i`. This example is illustrative and assumes the existence of necessary CodeQL definitions for `fmt.Printf` and `f`. ```go { fmt.Printf("iteration %d\n", i) f(i) } ``` -------------------------------- ### Get Substring by Indices (Go) Source: https://codeql.github.com/codeql-standard-libraries/go/semmle/go/security/SensitiveActions.qll/type.SensitiveActions%24SensitiveDataFunctionName Extracts and returns a substring from the receiver string, defined by a start index (inclusive) and an end index (exclusive). Both indices are 0-based. ```go string s = "abcdef"; // s.substring(1, 4) returns "bcd" ``` -------------------------------- ### Go CaseClause Examples Source: https://codeql.github.com/codeql-standard-libraries/go/semmle/go/Stmt.qll/type.Stmt%24CaseClause Illustrates the structure of `case` and `default` clauses in Go `switch` statements, including multi-value cases, `fallthrough`, and different types of expressions. ```go case 0, 1: a = 1 fallthrough default: b = 2 case func(int) float64: printFunction(i) ``` -------------------------------- ### Member predicate FallthroughStmt::getAPrimaryQlClass Source: https://codeql.github.com/codeql-standard-libraries/go/semmle/go/Stmt.qll/predicate.Stmt%24FallthroughStmt%24getAPrimaryQlClass.0 Gets the name of a primary CodeQL class to which this node belongs. For most nodes, this is simply the most precise syntactic category to which they belong; for example, `AddExpr` is a primary class, but `BinaryExpr` is not. For identifiers and selector expressions, the class describing what kind of entity they refer to (for example `FunctionName` or `TypeName`) is also considered primary. For such nodes, this predicate has multiple values. ```APIDOC ## Member predicate FallthroughStmt::getAPrimaryQlClass ### Description Gets the name of a primary CodeQL class to which this node belongs. For most nodes, this is simply the most precise syntactic category to which they belong; for example, `AddExpr` is a primary class, but `BinaryExpr` is not. For identifiers and selector expressions, the class describing what kind of entity they refer to (for example `FunctionName` or `TypeName`) is also considered primary. For such nodes, this predicate has multiple values. ### Method N/A (Predicate within CodeQL library) ### Endpoint N/A ### Parameters N/A ### Request Example N/A ### Response #### Success Response (N/A) - **string** - The name of a primary CodeQL class. #### Response Example ``` "AddExpr" ``` ``` -------------------------------- ### Go Function and Constant Documentation Example Source: https://codeql.github.com/codeql-standard-libraries/go/semmle/go/Comments.qll/type.Comments%24DocComment Demonstrates how CodeQL recognizes documentation comments for Go functions and constants, including specifier and generic declarations. This illustrates the parsing of different comment styles. ```go // function documentation func double(x int) int { return 2 * x } // generic declaration documentation const ( // specifier documentation size int64 = 1024 eof = -1 // not specifier documentation ) ``` -------------------------------- ### Get Suffix Substring (Go) Source: https://codeql.github.com/codeql-standard-libraries/go/semmle/go/security/SensitiveActions.qll/type.SensitiveActions%24SensitiveDataFunctionName Returns the substring of the receiver string starting from the specified 0-based inclusive offset to the end of the string. This effectively returns a suffix of the string. ```go string s = "abcdef"; string suffix = s.suffix(3); // suffix will be "def" ``` -------------------------------- ### Go Bitwise OR Expression Example Source: https://codeql.github.com/codeql-standard-libraries/go/semmle/go/Expr.qll/type.Expr%24OrExpr Demonstrates a simple bitwise OR expression in Go. This snippet is illustrative and does not require specific imports for its basic syntax. ```Go a | b ``` -------------------------------- ### Go Function Documentation Example Source: https://codeql.github.com/codeql-standard-libraries/go/semmle/go/Comments.qll/type.Comments%24Documentable This Go code snippet demonstrates how to document a function using standard Go doc comments. These comments are associated with the function declaration and can be parsed by tools like CodeQL. ```go // function documentation func double(x int) int { return 2 * x } ``` -------------------------------- ### Extract Suffix Substring (Go) Source: https://codeql.github.com/codeql-standard-libraries/go/codeql/dataflow/internal/FlowSummaryImpl.qll/type.FlowSummaryImpl%24Make%24Public%24Provenance Returns the substring of the receiver string starting from the specified inclusive offset to the end of the string. This is useful for getting the trailing part of a string. ```go func (s string) suffix(offset int) string { if offset < 0 || offset >= len(s) { return "" } return s[offset:] } ``` -------------------------------- ### Go Range Statement Examples Source: https://codeql.github.com/codeql-standard-libraries/go/semmle/go/Stmt.qll/type.Stmt%24RangeStmt Demonstrates various uses of the `range` statement in Go, including iteration over maps, arrays, strings, and channels. These examples illustrate different ways to capture keys and values during iteration. ```go for key, value := range mymap { fmt.Printf("mymap[%s] = %d\n", key, value) } for _, value = range array { fmt.Printf("array contains: %d\n", value) } for index, _ := range str { fmt.Printf("str[%d] = ?\n", index) } for value = range ch { fmt.Printf("value from channel: %d\n", value) } ``` -------------------------------- ### Get Variable Name Example Source: https://codeql.github.com/codeql-standard-libraries/go/semmle/go/Expr.qll/type.Expr%24VariableName This snippet demonstrates how to access the name of a variable using the CodeQL `VariableName` class. It retrieves the name of a variable, typically used for identifying variables in source code analysis. ```go import semmle.go.Expr // Example predicate to get the name of a variable predicate getVariableName(vname: VariableName, name: string) { vname.toString().eq(name) } // Example usage within a query: from VariableName vn where getVariableName(vn, "x") select vn ```