C#: Upgrade libraries and queries to use the new Operation classes.

Author: michaelnebel

csharp/ql/campaigns/Solorigate/src/ModifiedFnvFunctionDetection.ql

@@ -16,16 +16,9 @@ import experimental.code.csharp.Cryptography.NonCryptographicHashes
 from Variable v, Literal l, LoopStmt loop, Expr additional_xor
 where
   maybeUsedInFnvFunction(v, _, _, loop) and
-  (
-    exists(BitwiseXorExpr xor2 | xor2.getAnOperand() = l and additional_xor = xor2 |
-      loop.getAControlFlowExitNode().getASuccessor*() = xor2.getAControlFlowNode() and
-      xor2.getAnOperand() = v.getAnAccess()
-    )
-    or
-    exists(AssignXorExpr xor2 | xor2.getAnOperand() = l and additional_xor = xor2 |
-      loop.getAControlFlowExitNode().getASuccessor*() = xor2.getAControlFlowNode() and
-      xor2.getAnOperand() = v.getAnAccess()
-    )
+  exists(BitwiseXorOperation xor2 | xor2.getAnOperand() = l and additional_xor = xor2 |
+    loop.getAControlFlowExitNode().getASuccessor*() = xor2.getAControlFlowNode() and
+    xor2.getAnOperand() = v.getAnAccess()
   )
 select l, "This literal is used in an $@ after an FNV-like hash calculation with variable $@.",
   additional_xor, "additional xor", v, v.toString()

csharp/ql/lib/experimental/code/csharp/Cryptography/NonCryptographicHashes.qll

@@ -48,7 +48,7 @@ private predicate maybeUsedInElfHashFunction(Variable v, Operation xor, Operatio
     Expr e1, Expr e2, AssignExpr addAssign, AssignExpr xorAssign, Operation notOp,
     AssignExpr notAssign
   |
-    (add instanceof AddExpr or add instanceof AssignAddExpr) and
+    add instanceof AddOperation and
     e1.getAChild*() = add.getAnOperand() and
     e1 instanceof BinaryBitwiseOperation and
     e2 = e1.(BinaryBitwiseOperation).getLeftOperand() and

csharp/ql/lib/semmle/code/csharp/commons/Strings.qll

@@ -49,6 +49,11 @@ class ImplicitToStringExpr extends Expr {
       this = add.getOtherOperand(o).stripImplicit()
     )
     or
+    exists(AssignAddExpr add, Expr o | o = add.getLeftOperand() |
+      o.stripImplicit().getType() instanceof StringType and
+      this = add.getRightOperand().stripImplicit()
+    )
+    or
     this = any(InterpolatedStringExpr ise).getAnInsert().stripImplicit()
   }
 }

csharp/ql/lib/semmle/code/csharp/controlflow/Guards.qll

@@ -119,14 +119,14 @@ private module GuardsInput implements
   class AndExpr extends BinExpr {
     AndExpr() {
       this instanceof LogicalAndExpr or
-      this instanceof BitwiseAndExpr
+      this instanceof BitwiseAndOperation
     }
   }
 
   class OrExpr extends BinExpr {
     OrExpr() {
       this instanceof LogicalOrExpr or
-      this instanceof BitwiseOrExpr
+      this instanceof BitwiseOrOperation
     }
   }
 
@@ -292,7 +292,7 @@ private module LogicInput implements GuardsImpl::LogicInputSig {
     v1.isNonNullValue() and
     v2 = v1
     or
-    g2 = g1.(NullCoalescingExpr).getAnOperand() and
+    g2 = g1.(NullCoalescingOperation).getAnOperand() and
     v1.isNullValue() and
     v2 = v1
     or
@@ -840,14 +840,14 @@ module Internal {
     or
     e1 = e2.(Cast).getExpr()
     or
-    e2 = e1.(NullCoalescingExpr).getAnOperand()
+    e2 = e1.(NullCoalescingOperation).getAnOperand()
   }
 
   /** Holds if expression `e3` is a `null` value whenever `e1` and `e2` are. */
   predicate nullValueImpliedBinary(Expr e1, Expr e2, Expr e3) {
     e3 = any(ConditionalExpr ce | e1 = ce.getThen() and e2 = ce.getElse())
     or
-    e3 = any(NullCoalescingExpr nce | e1 = nce.getLeftOperand() and e2 = nce.getRightOperand())
+    e3 = any(NullCoalescingOperation no | e1 = no.getLeftOperand() and e2 = no.getRightOperand())
   }
 
   predicate nullValueImplied(Expr e) {
@@ -907,7 +907,7 @@ module Internal {
     or
     // "In string concatenation operations, the C# compiler treats a null string the same as an empty string."
     // (https://docs.microsoft.com/en-us/dotnet/csharp/how-to/concatenate-multiple-strings)
-    e instanceof AddExpr and
+    e instanceof AddOperation and
     e.getType() instanceof StringType
     or
     e.(DefaultValueExpr).getType().isValueType()
@@ -922,11 +922,9 @@ module Internal {
 
   /** Holds if expression `e2` is a non-`null` value whenever `e1` is. */
   predicate nonNullValueImpliedUnary(Expr e1, Expr e2) {
-    e1 = e2.(CastExpr).getExpr()
-    or
-    e1 = e2.(AssignExpr).getRValue()
-    or
-    e1 = e2.(NullCoalescingExpr).getAnOperand()
+    e1 = e2.(CastExpr).getExpr() or
+    e1 = e2.(AssignExpr).getRValue() or
+    e1 = e2.(NullCoalescingOperation).getAnOperand()
   }
 
   /**
@@ -953,10 +951,13 @@ module Internal {
       )
     or
     // In C#, `null + 1` has type `int?` with value `null`
-    exists(BinaryArithmeticOperation bao, Expr o |
-      result = bao and
-      bao.getAnOperand() = e and
-      bao.getAnOperand() = o and
+    exists(BinaryOperation bo, Expr o |
+      bo instanceof BinaryArithmeticOperation or
+      bo instanceof AssignArithmeticOperation
+    |
+      result = bo and
+      bo.getAnOperand() = e and
+      bo.getAnOperand() = o and
       // The other operand must be provably non-null in order
       // for `only if` to hold
       nonNullValueImplied(o) and
@@ -972,10 +973,10 @@ module Internal {
       any(QualifiableExpr qe |
         qe.isConditional() and
         result = qe.getQualifier()
-      )
-    or
+      ) or
     // In C#, `null + 1` has type `int?` with value `null`
-    e = any(BinaryArithmeticOperation bao | result = bao.getAnOperand())
+    e = any(BinaryArithmeticOperation bao | result = bao.getAnOperand()) or
+    e = any(AssignArithmeticOperation aao | result = aao.getAnOperand())
   }
 
   deprecated predicate isGuard(Expr e, GuardValue val) {

csharp/ql/lib/semmle/code/csharp/controlflow/internal/Completion.qll

@@ -344,7 +344,7 @@ private class TriedControlFlowElement extends ControlFlowElement {
     result instanceof SystemOutOfMemoryExceptionClass
     or
     this =
-      any(AddExpr ae |
+      any(AddOperation ae |
         ae.getType() instanceof StringType and
         result instanceof SystemOutOfMemoryExceptionClass
         or
@@ -353,24 +353,24 @@ private class TriedControlFlowElement extends ControlFlowElement {
       )
     or
     this =
-      any(SubExpr se |
+      any(SubOperation se |
         se.getType() instanceof IntegralType and
         result instanceof SystemOverflowExceptionClass
       )
     or
     this =
-      any(MulExpr me |
+      any(MulOperation me |
         me.getType() instanceof IntegralType and
         result instanceof SystemOverflowExceptionClass
       )
     or
     this =
-      any(DivExpr de |
+      any(DivOperation de |
         not de.getDenominator().getValue().toFloat() != 0 and
         result instanceof SystemDivideByZeroExceptionClass
       )
     or
-    this instanceof RemExpr and
+    this instanceof RemOperation and
     result instanceof SystemDivideByZeroExceptionClass
     or
     this instanceof DynamicExpr and
@@ -447,7 +447,7 @@ private predicate inBooleanContext(Expr e) {
     e in [ce.getThen(), ce.getElse()]
   )
   or
-  e = any(NullCoalescingExpr nce | inBooleanContext(nce)).getAnOperand()
+  e = any(NullCoalescingOperation nce | inBooleanContext(nce)).getAnOperand()
   or
   e = any(SwitchExpr se | inBooleanContext(se)).getACase()
   or
@@ -467,13 +467,13 @@ private predicate mustHaveNullnessCompletion(Expr e) {
  * that `e` evaluates to determines a `null`/non-`null` branch successor.
  */
 private predicate inNullnessContext(Expr e) {
-  e = any(NullCoalescingExpr nce).getLeftOperand()
+  e = any(NullCoalescingOperation nce).getLeftOperand()
   or
   exists(QualifiableExpr qe | qe.isConditional() | e = qe.getChildExpr(-1))
   or
   exists(ConditionalExpr ce | inNullnessContext(ce) | (e = ce.getThen() or e = ce.getElse()))
   or
-  exists(NullCoalescingExpr nce | inNullnessContext(nce) | e = nce.getRightOperand())
+  exists(NullCoalescingOperation nce | inNullnessContext(nce) | e = nce.getRightOperand())
   or
   e = any(SwitchExpr se | inNullnessContext(se)).getACase()
   or

csharp/ql/lib/semmle/code/csharp/controlflow/internal/Splitting.qll

@@ -95,7 +95,7 @@ module ConditionalCompletionSplitting {
         child = parent.(SwitchCaseExpr).getBody()
         or
         parent =
-          any(NullCoalescingExpr nce |
+          any(NullCoalescingOperation nce |
             if childCompletion instanceof NullnessCompletion
             then child = nce.getRightOperand()
             else child = nce.getAnOperand()

csharp/ql/lib/semmle/code/csharp/dataflow/Nullness.qll

@@ -42,7 +42,7 @@ private Expr maybeNullExpr(Expr reason) {
       ce.getElse() = maybeNullExpr(reason)
     )
   or
-  result.(NullCoalescingExpr).getRightOperand() = maybeNullExpr(reason)
+  result.(NullCoalescingOperation).getRightOperand() = maybeNullExpr(reason)
   or
   result =
     any(QualifiableExpr qe |

csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll

@@ -512,7 +512,7 @@ module LocalFlow {
   predicate localExprStep(Expr e1, Expr e2) {
     e1 = e2.(ParenthesizedExpr).getExpr()
     or
-    e1 = e2.(NullCoalescingExpr).getAnOperand()
+    e1 = e2.(NullCoalescingOperation).getAnOperand()
     or
     e1 = e2.(SuppressNullableWarningExpr).getExpr()
     or
@@ -623,7 +623,7 @@ module LocalFlow {
     (
       e instanceof ConditionalExpr or
       e instanceof Cast or
-      e instanceof NullCoalescingExpr or
+      e instanceof NullCoalescingOperation or
       e instanceof SwitchExpr or
       e instanceof SuppressNullableWarningExpr or
       e instanceof AssignExpr

csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingPrivate.qll

@@ -47,7 +47,7 @@ predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::ContentSet c)
 private predicate localTaintExprStep(Expr e1, Expr e2) {
   e1 = e2.(ElementAccess).getQualifier()
   or
-  e1 = e2.(AddExpr).getAnOperand()
+  e1 = e2.(AddOperation).getAnOperand()
   or
   // A comparison expression where taint can flow from one of the
   // operands if the other operand is a constant value.

csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/ModulusAnalysisSpecific.qll

@@ -20,17 +20,17 @@ module Private {
 
   class ConditionalExpr = RU::ExprNode::ConditionalExpr;
 
-  class AddExpr = RU::ExprNode::AddExpr;
+  class AddExpr = RU::ExprNode::AddOperation;
 
-  class SubExpr = RU::ExprNode::SubExpr;
+  class SubExpr = RU::ExprNode::SubOperation;
 
-  class RemExpr = RU::ExprNode::RemExpr;
+  class RemExpr = RU::ExprNode::RemOperation;
 
-  class BitwiseAndExpr = RU::ExprNode::BitwiseAndExpr;
+  class BitwiseAndExpr = RU::ExprNode::BitwiseAndOperation;
 
-  class MulExpr = RU::ExprNode::MulExpr;
+  class MulExpr = RU::ExprNode::MulOperation;
 
-  class LeftShiftExpr = RU::ExprNode::LeftShiftExpr;
+  class LeftShiftExpr = RU::ExprNode::LeftShiftOperation;
 
   predicate guardControlsSsaRead = RU::guardControlsSsaRead/3;