hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-22 07:15:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into okerr

Browse Source
This commit is contained in:
Geoffrey White
2025-02-26 12:33:39 +00:00
parent 8bcfd00565 9458f073c6
commit 0ef4c6f954
643 changed files with 20550 additions and 7162 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.bazelrc
View File

@@ -12,6 +12,9 @@ common --override_module=semmle_code=%workspace%/misc/bazel/semmle_code_stub
build --repo_env=CC=clang --repo_env=CXX=clang++
# print test output, like sembuild does.
# Set to `errors` if this is too verbose.
test --test_output all
# we use transitions that break builds of `...`, so for `test` to work with that we need the following
test --build_tests_only

1
.github/workflows/go-tests-other-os.yml vendored
View File

@@ -3,6 +3,7 @@ on:
pull_request:
paths:
- "go/**"
- "!go/documentation/**"
- "!go/ql/**" # don't run other-os if only ql/ files changed
- .github/workflows/go-tests-other-os.yml
- .github/actions/**

2
.github/workflows/go-tests.yml vendored
View File

@@ -3,6 +3,7 @@ on:
push:
paths:
- "go/**"
- "!go/documentation/**"
- "shared/**"
- .github/workflows/go-tests.yml
- .github/actions/**
@@ -13,6 +14,7 @@ on:
pull_request:
paths:
- "go/**"
- "!go/documentation/**"
- "shared/**"
- .github/workflows/go-tests.yml
- .github/actions/**

57
Cargo.lock generated
View File

@@ -415,7 +415,6 @@ dependencies = [
"figment",
"glob",
"itertools 0.14.0",
"log 0.4.22",
"num-traits",
"ra_ap_base_db",
"ra_ap_cfg",
@@ -435,8 +434,10 @@ dependencies = [
"serde",
"serde_json",
"serde_with",
"stderrlog",
"toml",
"tracing",
"tracing-flame",
"tracing-subscriber",
"triomphe",
]
@@ -800,12 +801,6 @@ version = "0.3.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d231dfb89cfffdbc30e7fc41579ed6066ad03abda9e567ccafae602b97ec5024"
[[package]]
name = "hermit-abi"
version = "0.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fbf6a919d6cf397374f7dfeeea91d974c7c0a7221d0d0f4f20d859d329e53fcc"
[[package]]
name = "hex"
version = "0.4.3"
@@ -898,17 +893,6 @@ dependencies = [
"libc",
]
[[package]]
name = "is-terminal"
version = "0.4.13"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "261f68e344040fbd0edea105bef17c66edf46f984ddb1115b775ce31be948f4b"
dependencies = [
"hermit-abi 0.4.0",
"libc",
"windows-sys 0.52.0",
]
[[package]]
name = "is_terminal_polyfill"
version = "1.70.1"
@@ -1165,7 +1149,7 @@ version = "1.16.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4161fcb6d602d4d2081af7c3a45852d875a03dd337a6bfdd6e06407b61342a43"
dependencies = [
"hermit-abi 0.3.9",
"hermit-abi",
"libc",
]
@@ -2190,19 +2174,6 @@ version = "1.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a8f112729512f8e442d81f95a8a7ddf2b7c6b8a1a6f509a95864142b30cab2d3"
[[package]]
name = "stderrlog"
version = "0.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "61c910772f992ab17d32d6760e167d2353f4130ed50e796752689556af07dc6b"
dependencies = [
"chrono",
"is-terminal",
"log 0.4.22",
"termcolor",
"thread_local",
]
[[package]]
name = "streaming-iterator"
version = "0.1.9"
@@ -2237,15 +2208,6 @@ dependencies = [
"syn",
]
[[package]]
name = "termcolor"
version = "1.1.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bab24d30b911b2376f3a13cc2cd443142f0c81dda04c118693e35b3835757755"
dependencies = [
"winapi-util",
]
[[package]]
name = "text-size"
version = "1.1.1"
@@ -2379,6 +2341,17 @@ dependencies = [
"valuable",
]
[[package]]
name = "tracing-flame"
version = "0.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0bae117ee14789185e129aaee5d93750abe67fdc5a9a62650452bfe4e122a3a9"
dependencies = [
"lazy_static",
"tracing",
"tracing-subscriber",
]
[[package]]
name = "tracing-log"
version = "0.2.0"

2
LICENSE
View File

@@ -1,6 +1,6 @@
MIT License
Copyright (c) 2006-2020 GitHub, Inc.
Copyright (c) 2006-2025 GitHub, Inc.
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal

18
MODULE.bazel
View File

@@ -58,15 +58,12 @@ register_toolchains("@rust_toolchains//:all")
py_deps = use_extension("//misc/bazel/3rdparty:py_deps_extension.bzl", "p")
use_repo(
py_deps,
"vendor__anyhow-1.0.44",
"vendor__cc-1.0.70",
"vendor__clap-2.33.3",
"vendor__regex-1.5.5",
"vendor__smallvec-1.6.1",
"vendor__string-interner-0.12.2",
"vendor__thiserror-1.0.29",
"vendor__tree-sitter-0.20.4",
"vendor__tree-sitter-graph-0.7.0",
"vendor_py__anyhow-1.0.95",
"vendor_py__cc-1.2.14",
"vendor_py__clap-4.5.30",
"vendor_py__regex-1.11.1",
"vendor_py__tree-sitter-0.20.4",
"vendor_py__tree-sitter-graph-0.7.0",
)
# deps for ruby+rust
@@ -87,7 +84,6 @@ use_repo(
"vendor__globset-0.4.15",
"vendor__itertools-0.14.0",
"vendor__lazy_static-1.5.0",
"vendor__log-0.4.22",
"vendor__mustache-0.9.0",
"vendor__num-traits-0.2.19",
"vendor__num_cpus-1.16.0",
@@ -114,10 +110,10 @@ use_repo(
"vendor__serde-1.0.217",
"vendor__serde_json-1.0.135",
"vendor__serde_with-3.12.0",
"vendor__stderrlog-0.6.0",
"vendor__syn-2.0.96",
"vendor__toml-0.8.19",
"vendor__tracing-0.1.41",
"vendor__tracing-flame-0.2.0",
"vendor__tracing-subscriber-0.3.19",
"vendor__tree-sitter-0.24.6",
"vendor__tree-sitter-embedded-template-0.23.2",

1
actions/extractor/BUILD.bazel
View File

@@ -4,6 +4,7 @@ codeql_pkg_files(
name = "extractor",
srcs = [
"codeql-extractor.yml",
"//:LICENSE",
] + glob(["tools/**"]),
strip_prefix = strip_prefix.from_pkg(),
visibility = ["//actions:__pkg__"],

6
actions/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,9 @@
## 0.4.3
### New Features
* The "Unpinned tag for a non-immutable Action in workflow" query (`actions/unpinned-tag`) now supports expanding the trusted action owner list using data extensions (`extensible: trustedActionsOwnerDataModel`). If you trust an Action publisher, you can include the owner name/organization in a model pack to add it to the allow list for this query. This addition will prevent security alerts when using unpinned tags for Actions published by that owner. For more information on creating a model pack, see [Creating a CodeQL Model Pack](https://docs.github.com/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-and-working-with-codeql-packs#creating-a-codeql-model-pack).
## 0.4.2
### Bug Fixes

9
actions/ql/lib/change-notes/2025-01-07-trusted-owner-ext.md → actions/ql/lib/change-notes/released/0.4.3.md
View File

@@ -1,4 +1,5 @@
---
category: feature
---
* The "Unpinned tag for a non-immutable Action in workflow" query (`actions/unpinned-tag`) now supports expanding the trusted action owner list using data extensions (`extensible: trustedActionsOwnerDataModel`). If you trust an Action publisher, you can include the owner name/organization in a model pack to add it to the allow list for this query. This addition will prevent security alerts when using unpinned tags for Actions published by that owner. For more information on creating a model pack, see [Creating a CodeQL Model Pack](https://docs.github.com/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-and-working-with-codeql-packs#creating-a-codeql-model-pack).
## 0.4.3
### New Features
* The "Unpinned tag for a non-immutable Action in workflow" query (`actions/unpinned-tag`) now supports expanding the trusted action owner list using data extensions (`extensible: trustedActionsOwnerDataModel`). If you trust an Action publisher, you can include the owner name/organization in a model pack to add it to the allow list for this query. This addition will prevent security alerts when using unpinned tags for Actions published by that owner. For more information on creating a model pack, see [Creating a CodeQL Model Pack](https://docs.github.com/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-and-working-with-codeql-packs#creating-a-codeql-model-pack).

2
actions/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.4.2
lastReleaseVersion: 0.4.3

2
actions/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/actions-all
version: 0.4.3-dev
version: 0.4.4-dev
library: true
warnOnImplicitThis: true
dependencies:

26
actions/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,29 @@
## 0.5.0
### Breaking Changes
* The following queries have been removed from the `code-scanning` and `security-extended` suites.
Any existing alerts for these queries will be closed automatically.
* `actions/if-expression-always-true/critical`
* `actions/if-expression-always-true/high`
* `actions/unnecessary-use-of-advanced-config`
* The following query has been moved from the `code-scanning` suite to the `security-extended`
suite. Any existing alerts for this query will be closed automatically unless the analysis is
configured to use the `security-extended` suite.
* `actions/unpinned-tag`
* The following queries have been added to the `security-extended` suite.
* `actions/unversioned-immutable-action`
* `actions/envpath-injection/medium`
* `actions/envvar-injection/medium`
* `actions/code-injection/medium`
* `actions/artifact-poisoning/medium`
* `actions/untrusted-checkout/medium`
### Minor Analysis Improvements
* Fixed false positives in the query `actions/unpinned-tag` (CWE-829), which will no longer flag uses of Docker-based GitHub actions pinned by the container's SHA256 digest.
## 0.4.2
No user-facing changes.

10
actions/ql/src/Security/CWE-829/UnpinnedActionsTag.ql
View File

@@ -23,6 +23,14 @@ private predicate isTrustedOwner(string nwo) {
trustedActionsOwnerDataModel(nwo.substring(0, nwo.indexOf("/")))
}
bindingset[version]
private predicate isPinnedContainer(string version) {
version.regexpMatch("^sha256:[A-Fa-f0-9]{64}$")
}
bindingset[nwo]
private predicate isContainerImage(string nwo) { nwo.regexpMatch("^docker://.+") }
from UsesStep uses, string nwo, string version, Workflow workflow, string name
where
uses.getCallee() = nwo and
@@ -34,7 +42,7 @@ where
) and
uses.getVersion() = version and
not isTrustedOwner(nwo) and
not isPinnedCommit(version) and
not (if isContainerImage(nwo) then isPinnedContainer(version) else isPinnedCommit(version)) and
not isImmutableAction(uses, nwo)
select uses.getCalleeNode(),
"Unpinned 3rd party Action '" + name + "' step $@ uses '" + nwo + "' with ref '" + version +

11
actions/ql/src/change-notes/2025-02-06-curate-suites.md → actions/ql/src/change-notes/released/0.5.0.md
View File

@@ -1,6 +1,7 @@
---
category: breaking
---
## 0.5.0
### Breaking Changes
* The following queries have been removed from the `code-scanning` and `security-extended` suites.
Any existing alerts for these queries will be closed automatically.
* `actions/if-expression-always-true/critical`
@@ -18,3 +19,7 @@ category: breaking
* `actions/code-injection/medium`
* `actions/artifact-poisoning/medium`
* `actions/untrusted-checkout/medium`
### Minor Analysis Improvements
* Fixed false positives in the query `actions/unpinned-tag` (CWE-829), which will no longer flag uses of Docker-based GitHub actions pinned by the container's SHA256 digest.

2
actions/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.4.2
lastReleaseVersion: 0.5.0

2
actions/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/actions-queries
version: 0.4.3-dev
version: 0.5.1-dev
library: false
warnOnImplicitThis: true
groups: [actions, queries]

2
actions/ql/test/query-tests/Security/CWE-829/.github/workflows/unpinned_tags.yml vendored
View File

@@ -9,3 +9,5 @@ jobs:
- uses: foo/bar
- uses: foo/bar@v1
- uses: foo/bar@25b062c917b0c75f8b47d8469aff6c94ffd89abb
- uses: docker://foo/bar@latest
- uses: docker://foo/bar@sha256:887a259a5a534f3c4f36cb02dca341673c6089431057242cdc931e9f133147e9

1
actions/ql/test/query-tests/Security/CWE-829/UnpinnedActionsTag.expected
View File

@@ -32,3 +32,4 @@
| .github/workflows/test17.yml:20:21:20:63 | sonarsource/sonarcloud-github-action@master | Unpinned 3rd party Action 'Sonar' step $@ uses 'sonarsource/sonarcloud-github-action' with ref 'master', not a pinned commit hash | .github/workflows/test17.yml:19:15:23:58 | Uses Step | Uses Step |
| .github/workflows/test18.yml:37:21:37:63 | sonarsource/sonarcloud-github-action@master | Unpinned 3rd party Action 'Sonar' step $@ uses 'sonarsource/sonarcloud-github-action' with ref 'master', not a pinned commit hash | .github/workflows/test18.yml:36:15:40:58 | Uses Step | Uses Step |
| .github/workflows/unpinned_tags.yml:10:13:10:22 | foo/bar@v1 | Unpinned 3rd party Action 'unpinned_tags.yml' step $@ uses 'foo/bar' with ref 'v1', not a pinned commit hash | .github/workflows/unpinned_tags.yml:10:7:11:4 | Uses Step | Uses Step |
| .github/workflows/unpinned_tags.yml:12:13:12:35 | docker://foo/bar@latest | Unpinned 3rd party Action 'unpinned_tags.yml' step $@ uses 'docker://foo/bar' with ref 'latest', not a pinned commit hash | .github/workflows/unpinned_tags.yml:12:7:13:4 | Uses Step | Uses Step |

4
actions/ql/test/query-tests/Security/CWE-829/UntrustedCheckoutCritical.expected
View File

@@ -299,7 +299,9 @@ edges
| .github/workflows/test.yml:14:9:25:6 | Run Step | .github/workflows/test.yml:25:9:33:6 | Run Step |
| .github/workflows/test.yml:25:9:33:6 | Run Step | .github/workflows/test.yml:33:9:37:34 | Run Step |
| .github/workflows/unpinned_tags.yml:9:7:10:4 | Uses Step | .github/workflows/unpinned_tags.yml:10:7:11:4 | Uses Step |
| .github/workflows/unpinned_tags.yml:10:7:11:4 | Uses Step | .github/workflows/unpinned_tags.yml:11:7:11:61 | Uses Step |
| .github/workflows/unpinned_tags.yml:10:7:11:4 | Uses Step | .github/workflows/unpinned_tags.yml:11:7:12:4 | Uses Step |
| .github/workflows/unpinned_tags.yml:11:7:12:4 | Uses Step | .github/workflows/unpinned_tags.yml:12:7:13:4 | Uses Step |
| .github/workflows/unpinned_tags.yml:12:7:13:4 | Uses Step | .github/workflows/unpinned_tags.yml:13:7:13:101 | Uses Step |
| .github/workflows/untrusted_checkout2.yml:7:9:14:6 | Run Step: pr_number | .github/workflows/untrusted_checkout2.yml:14:9:19:72 | Run Step |
| .github/workflows/untrusted_checkout3.yml:11:9:12:6 | Uses Step | .github/workflows/untrusted_checkout3.yml:12:9:13:6 | Uses Step |
| .github/workflows/untrusted_checkout3.yml:12:9:13:6 | Uses Step | .github/actions/dangerous-git-checkout/action.yml:6:7:11:4 | Uses Step |

4
cpp/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 4.0.1
No user-facing changes.
## 4.0.0
### Breaking Changes

3
cpp/ql/lib/change-notes/released/4.0.1.md Normal file
View File

@@ -0,0 +1,3 @@
## 4.0.1
No user-facing changes.

2
cpp/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 4.0.0
lastReleaseVersion: 4.0.1

2
cpp/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/cpp-all
version: 4.0.1-dev
version: 4.0.2-dev
groups: cpp
dbscheme: semmlecode.cpp.dbscheme
extractor: cpp

5
cpp/ql/lib/semmle/code/cpp/Location.qll
View File

@@ -75,7 +75,10 @@ class Location extends @location {
/** Holds if `this` comes on a line strictly before `l`. */
pragma[inline]
predicate isBefore(Location l) { this.isBefore(l, false) }
predicate isBefore(Location l) {
this.getFile() = l.getFile() and
this.getEndLine() < l.getStartLine()
}
/**
* Holds if `this` comes strictly before `l`. The boolean `sameLine` is

11
cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll
View File

@@ -869,12 +869,11 @@ private predicate elementSpecMatchesSignature(
bindingset[nameWithoutArgs]
pragma[inline_late]
private Class getClassAndNameImpl(Function method, string nameWithoutArgs) {
exists(string memberName | result = method.getClassAndName(memberName) |
nameWithoutArgs = "operator " + method.(ConversionOperator).getDestType()
or
not method instanceof ConversionOperator and
memberName = nameWithoutArgs
)
result = method.getDeclaringType() and
nameWithoutArgs = "operator " + method.(ConversionOperator).getDestType()
or
result = method.getClassAndName(nameWithoutArgs) and
not method instanceof ConversionOperator
}
/**

10
cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll
View File

@@ -1765,14 +1765,14 @@ module IteratorFlow {
* Note: Unlike `def.getAnUltimateDefinition()` this predicate also
* traverses back through iterator increment and decrement operations.
*/
private Ssa::Def getAnUltimateDefinition(Ssa::Def def) {
private Ssa::DefinitionExt getAnUltimateDefinition(Ssa::DefinitionExt def) {
result = def.getAnUltimateDefinition()
or
exists(IRBlock bb, int i, IteratorCrementCall crementCall, Ssa::SourceVariable sv |
crementCall = def.getValue().asInstruction().(StoreInstruction).getSourceValue() and
sv = def.getSourceVariable() and
bb.getInstruction(i) = crementCall and
Ssa::ssaDefReachesReadExt(sv, result.asDef(), bb, i)
Ssa::ssaDefReachesReadExt(sv, result, bb, i)
)
}
@@ -1800,13 +1800,13 @@ module IteratorFlow {
GetsIteratorCall beginCall, Instruction writeToDeref
) {
exists(
StoreInstruction beginStore, IRBlock bbStar, int iStar, Ssa::Def def,
IteratorPointerDereferenceCall starCall, Ssa::Def ultimate, Operand address
StoreInstruction beginStore, IRBlock bbStar, int iStar, Ssa::DefinitionExt def,
IteratorPointerDereferenceCall starCall, Ssa::DefinitionExt ultimate, Operand address
|
isIteratorWrite(writeToDeref, address) and
operandForFullyConvertedCall(address, starCall) and
bbStar.getInstruction(iStar) = starCall and
Ssa::ssaDefReachesReadExt(_, def.asDef(), bbStar, iStar) and
Ssa::ssaDefReachesReadExt(_, def, bbStar, iStar) and
ultimate = getAnUltimateDefinition*(def) and
beginStore = ultimate.getValue().asInstruction() and
operandForFullyConvertedCall(beginStore.getSourceValueOperand(), beginCall)

15
cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll
View File

@@ -842,18 +842,11 @@ class InitialGlobalValue extends Node, TInitialGlobalValue {
result.asSourceCallable() = this.getFunction()
}
override Declaration getFunction() { result = globalDef.getIRFunction().getFunction() }
override Declaration getFunction() { result = globalDef.getFunction() }
final override predicate isGLValue() { globalDef.getIndirectionIndex() = 0 }
override DataFlowType getType() {
exists(DataFlowType type |
type = globalDef.getUnderlyingType() and
if this.isGLValue()
then result = type
else result = getTypeImpl(type, globalDef.getIndirectionIndex() - 1)
)
}
override DataFlowType getType() { result = globalDef.getUnderlyingType() }
final override Location getLocationImpl() { result = globalDef.getLocation() }
@@ -1312,7 +1305,7 @@ class UninitializedNode extends Node {
LocalVariable v;
UninitializedNode() {
exists(Ssa::Def def, Ssa::SourceVariable sv |
exists(Ssa::DefinitionExt def, Ssa::SourceVariable sv |
def.getIndirectionIndex() = 0 and
def.getValue().asInstruction() instanceof UninitializedInstruction and
Ssa::defToNode(this, def, sv, _, _, _) and
@@ -2299,7 +2292,7 @@ class ContentSet instanceof Content {
pragma[nomagic]
private predicate guardControlsPhiInput(
IRGuardCondition g, boolean branch, Ssa::Definition def, IRBlock input, Ssa::PhiNode phi
IRGuardCondition g, boolean branch, Ssa::DefinitionExt def, IRBlock input, Ssa::PhiNode phi
) {
phi.hasInputFromBlock(def, _, _, _, input) and
(

202
cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll
View File

@@ -225,10 +225,16 @@ abstract class DefImpl extends TDefImpl {
)
}
/**
* Holds if this definition is guaranteed to totally overwrite the
* destination buffer.
*/
abstract predicate isCertain();
/** Gets the value written to the destination variable by this definition. */
abstract Node0Impl getValue();
/** Gets the operand that represents the address of this definition, if any. */
Operand getAddressOperand() { none() }
}
@@ -691,8 +697,10 @@ predicate outNodeHasAddressAndIndex(
*
* Holds if `node` is the node that corresponds to the definition of `def`.
*/
predicate defToNode(Node node, Def def, SourceVariable sv, IRBlock bb, int i, boolean uncertain) {
def.hasIndexInBlock(bb, i, sv) and
predicate defToNode(
Node node, DefinitionExt def, SourceVariable sv, IRBlock bb, int i, boolean uncertain
) {
def.definesAt(sv, bb, i, _) and
(
nodeHasOperand(node, def.getValue().asOperand(), def.getIndirectionIndex())
or
@@ -1057,7 +1065,7 @@ module SsaCached {
}
cached
Definition phiHasInputFromBlockExt(PhiNode phi, IRBlock bb) {
DefinitionExt phiHasInputFromBlockExt(PhiNode phi, IRBlock bb) {
SsaImpl::phiHasInputFromBlockExt(phi, result, bb)
}
@@ -1071,157 +1079,24 @@ module SsaCached {
predicate variableWrite = SsaInput::variableWrite/4;
}
cached
private newtype TSsaDef =
TDef(DefinitionExt def) or
TPhi(PhiNode phi)
abstract private class SsaDef extends TSsaDef {
/** Gets a textual representation of this element. */
string toString() { none() }
/** Gets the underlying non-phi definition or use. */
DefinitionExt asDef() { none() }
/** Gets the underlying phi node. */
PhiNode asPhi() { none() }
/** Gets the location of this element. */
abstract Location getLocation();
}
abstract class Def extends SsaDef, TDef {
DefinitionExt def;
Def() { this = TDef(def) }
final override DefinitionExt asDef() { result = def }
/** Gets the source variable underlying this SSA definition. */
final SourceVariable getSourceVariable() { result = def.getSourceVariable() }
override string toString() { result = def.toString() }
/**
* Holds if this definition (or use) has index `index` in block `block`,
* and is a definition (or use) of the variable `sv`.
*/
predicate hasIndexInBlock(IRBlock block, int index, SourceVariable sv) {
def.definesAt(sv, block, index, _)
}
/** Gets the value written by this definition, if any. */
Node0Impl getValue() { none() }
/**
* Holds if this definition is guaranteed to overwrite the entire
* destination's allocation.
*/
abstract predicate isCertain();
/** Gets the address operand written to by this definition. */
Operand getAddressOperand() { none() }
/** Gets the address written to by this definition. */
final Instruction getAddress() { result = this.getAddressOperand().getDef() }
/** Gets the indirection index of this definition. */
abstract int getIndirectionIndex();
/**
* Gets the indirection level that this definition is writing to.
* For instance, `x = y` is a definition of `x` at indirection level 1 and
* `*x = y` is a definition of `x` at indirection level 2.
*/
abstract int getIndirection();
/**
* Gets a definition that ultimately defines this SSA definition and is not
* itself a phi node.
*/
Def getAnUltimateDefinition() { result.asDef() = def.getAnUltimateDefinition() }
}
private predicate isGlobal(DefinitionExt def, GlobalDefImpl global) {
/** Gets the `DefImpl` corresponding to `def`. */
private DefImpl getDefImpl(SsaImpl::DefinitionExt def) {
exists(SourceVariable sv, IRBlock bb, int i |
def.definesAt(sv, bb, i, _) and
global.hasIndexInBlock(bb, i, sv)
result.hasIndexInBlock(bb, i, sv)
)
}
private class NonGlobalDef extends Def {
NonGlobalDef() { not isGlobal(def, _) }
class GlobalDef extends DefinitionExt {
GlobalDefImpl impl;
final override Location getLocation() { result = this.getImpl().getLocation() }
private DefImpl getImpl() {
exists(SourceVariable sv, IRBlock bb, int i |
this.hasIndexInBlock(bb, i, sv) and
result.hasIndexInBlock(bb, i, sv)
)
}
override Node0Impl getValue() { result = this.getImpl().getValue() }
override predicate isCertain() { this.getImpl().isCertain() }
override Operand getAddressOperand() { result = this.getImpl().getAddressOperand() }
override int getIndirectionIndex() { result = this.getImpl().getIndirectionIndex() }
override int getIndirection() { result = this.getImpl().getIndirection() }
}
class GlobalDef extends Def {
GlobalDefImpl global;
GlobalDef() { isGlobal(def, global) }
/** Gets a textual representation of this definition. */
override string toString() { result = global.toString() }
final override Location getLocation() { result = global.getLocation() }
GlobalDef() { impl = getDefImpl(this) }
/**
* Gets the type of this definition after specifiers have been deeply stripped
* and typedefs have been resolved.
* Gets the global (or `static` local) variable written to by this SSA
* definition.
*/
DataFlowType getUnspecifiedType() { result = global.getUnspecifiedType() }
/**
* Gets the type of this definition, after typedefs have been resolved.
*/
DataFlowType getUnderlyingType() { result = global.getUnderlyingType() }
/** Gets the `IRFunction` whose body is evaluated after this definition. */
IRFunction getIRFunction() { result = global.getIRFunction() }
/** Gets the global variable associated with this definition. */
GlobalLikeVariable getVariable() { result = global.getVariable() }
override predicate isCertain() { any() }
final override int getIndirectionIndex() { result = global.getIndirectionIndex() }
final override int getIndirection() { result = global.getIndirection() }
}
class Phi extends TPhi, SsaDef {
PhiNode phi;
Phi() { this = TPhi(phi) }
final override PhiNode asPhi() { result = phi }
final override Location getLocation() { result = phi.getBasicBlock().getLocation() }
override string toString() { result = phi.toString() }
SsaPhiInputNode getNode(IRBlock block) { result.getPhiNode() = phi and result.getBlock() = block }
predicate hasInputFromBlock(Definition inp, IRBlock bb) { inp = phiHasInputFromBlockExt(phi, bb) }
final Definition getAnInput() { this.hasInputFromBlock(result, _) }
GlobalLikeVariable getVariable() { result = impl.getVariable() }
}
private module SsaImpl = SsaImplCommon::Make<Location, SsaInput>;
@@ -1259,12 +1134,12 @@ class PhiNode extends SsaImpl::DefinitionExt {
}
/** Gets a definition that is an input to this phi node. */
final Definition getAnInput() { this.hasInputFromBlock(result, _, _, _, _) }
final DefinitionExt getAnInput() { this.hasInputFromBlock(result, _, _, _, _) }
}
/** An static single assignment (SSA) definition. */
class DefinitionExt extends SsaImpl::DefinitionExt {
private Definition getAPhiInputOrPriorDefinition() { result = this.(PhiNode).getAnInput() }
private DefinitionExt getAPhiInputOrPriorDefinition() { result = this.(PhiNode).getAnInput() }
/**
* Gets a definition that ultimately defines this SSA definition and is
@@ -1275,6 +1150,37 @@ class DefinitionExt extends SsaImpl::DefinitionExt {
not result instanceof PhiNode
}
/**
* INTERNAL: Do not use.
*/
Node0Impl getValue() { result = getDefImpl(this).getValue() }
/** Gets the indirection index of this definition. */
int getIndirectionIndex() { result = getDefImpl(this).getIndirectionIndex() }
/** Gets the indirection of this definition. */
int getIndirection() { result = getDefImpl(this).getIndirection() }
/**
* Holds if this definition is guaranteed to totally overwrite the buffer
* being written to.
*/
predicate isCertain() { getDefImpl(this).isCertain() }
/**
* Gets the enclosing declaration of this definition.
*
* Note that this may be a variable when this definition defines a global, or
* a static local, variable.
*/
Declaration getFunction() { result = getDefImpl(this).getBlock().getEnclosingFunction() }
/** Gets the underlying type of the variable being defined by this definition. */
Type getUnderlyingType() { result = this.getSourceVariable().getType() }
/** Gets the unspecified type of the variable being defined by this definition. */
Type getUnspecifiedType() { result = this.getUnderlyingType().getUnspecifiedType() }
/** Gets a node that represents a read of this SSA definition. */
pragma[nomagic]
Node getARead() {
@@ -1286,6 +1192,4 @@ class DefinitionExt extends SsaImpl::DefinitionExt {
}
}
class Definition = SsaImpl::Definition;
import SsaCached

4
cpp/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 1.3.4
No user-facing changes.
## 1.3.3
### Minor Analysis Improvements

18
cpp/ql/src/Security/CWE/CWE-078/ExecTainted.ql
View File

@@ -49,11 +49,17 @@ predicate interestingConcatenation(DataFlow::Node incoming, DataFlow::Node outgo
call.getTarget() = op and
op.hasQualifiedName("std", "operator+") and
op.getType().(UserType).hasQualifiedName("std", "basic_string") and
incoming.asIndirectArgument() = call.getArgument(1) and // left operand
incoming.asIndirectArgument() = call.getArgument(1) and // right operand
call = outgoing.asInstruction().getUnconvertedResultExpression()
)
}
/**
* A state will represent the most recent concatenation that occurred in the data flow.
* - `TConcatState` if the concetenation has not yet occurred.
* - `TExecState(incoming, outgoing)`, representing the concatenation of data from `incoming`
* into result `outgoing`.
*/
newtype TState =
TConcatState() or
TExecState(DataFlow::Node incoming, DataFlow::Node outgoing) {
@@ -74,7 +80,9 @@ class ExecState extends TExecState {
DataFlow::Node getOutgoingNode() { result = outgoing }
/** Holds if this is a possible `ExecState` for `sink`. */
/**
* Holds if this is a possible `ExecState` at `sink`, that is, if `outgoing` flows to `sink`.
*/
predicate isFeasibleForSink(DataFlow::Node sink) { ExecState::flow(outgoing, sink) }
string toString() { result = "ExecState" }
@@ -110,6 +118,12 @@ module ExecStateConfig implements DataFlow::ConfigSig {
module ExecState = TaintTracking::Global<ExecStateConfig>;
/**
* A full `TaintTracking` configuration from source to concatenation to sink, using a flow
* state to remember the concatenation. It's important that we track flow to the sink even though
* as soon as we reach the concatenation we know it will get there (due to the check of
* `isFeasibleForSink`), because this way we get a complete flow path.
*/
module ExecTaintConfig implements DataFlow::StateConfigSig {
class FlowState = TState;

3
cpp/ql/src/change-notes/released/1.3.4.md Normal file
View File

@@ -0,0 +1,3 @@
## 1.3.4
No user-facing changes.

2
cpp/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.3.3
lastReleaseVersion: 1.3.4

2
cpp/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/cpp-queries
version: 1.3.4-dev
version: 1.3.5-dev
groups:
- cpp
- queries

358
cpp/ql/test/query-tests/Security/CWE/CWE-078/semmle/ExecTainted/ExecTainted.expected
View File

@@ -7,68 +7,88 @@ edges
| test.cpp:47:21:47:26 | *call to getenv | test.cpp:50:35:50:43 | *envCflags | provenance | |
| test.cpp:50:11:50:17 | sprintf output argument | test.cpp:51:10:51:16 | *command | provenance | |
| test.cpp:50:35:50:43 | *envCflags | test.cpp:50:11:50:17 | sprintf output argument | provenance | Config |
| test.cpp:62:9:62:16 | fread output argument | test.cpp:64:20:64:27 | *filename | provenance | |
| test.cpp:64:11:64:17 | strncat output argument | test.cpp:65:10:65:16 | *command | provenance | |
| test.cpp:64:20:64:27 | *filename | test.cpp:64:11:64:17 | strncat output argument | provenance | Config |
| test.cpp:82:9:82:16 | fread output argument | test.cpp:84:20:84:27 | *filename | provenance | |
| test.cpp:84:11:84:17 | strncat output argument | test.cpp:85:32:85:38 | *command | provenance | |
| test.cpp:84:20:84:27 | *filename | test.cpp:84:11:84:17 | strncat output argument | provenance | Config |
| test.cpp:91:9:91:16 | fread output argument | test.cpp:93:17:93:24 | *filename | provenance | |
| test.cpp:93:11:93:14 | strncat output argument | test.cpp:94:45:94:48 | *path | provenance | |
| test.cpp:93:17:93:24 | *filename | test.cpp:93:11:93:14 | strncat output argument | provenance | Config |
| test.cpp:106:20:106:38 | *call to getenv | test.cpp:107:33:107:36 | *path | provenance | TaintFunction |
| test.cpp:107:31:107:31 | call to operator+ | test.cpp:107:31:107:31 | call to operator+ | provenance | |
| test.cpp:107:31:107:31 | call to operator+ | test.cpp:108:18:108:22 | *call to c_str | provenance | TaintFunction |
| test.cpp:107:33:107:36 | *path | test.cpp:107:31:107:31 | call to operator+ | provenance | Config |
| test.cpp:113:20:113:38 | *call to getenv | test.cpp:114:19:114:22 | *path | provenance | TaintFunction |
| test.cpp:114:10:114:23 | call to operator+ | test.cpp:114:25:114:29 | *call to c_str | provenance | TaintFunction |
| test.cpp:114:10:114:23 | call to operator+ | test.cpp:114:25:114:29 | *call to c_str | provenance | TaintFunction |
| test.cpp:114:17:114:17 | call to operator+ | test.cpp:114:10:114:23 | call to operator+ | provenance | |
| test.cpp:114:19:114:22 | *path | test.cpp:114:10:114:23 | call to operator+ | provenance | Config |
| test.cpp:114:19:114:22 | *path | test.cpp:114:17:114:17 | call to operator+ | provenance | Config |
| test.cpp:119:20:119:38 | *call to getenv | test.cpp:120:19:120:22 | *path | provenance | TaintFunction |
| test.cpp:120:17:120:17 | call to operator+ | test.cpp:120:10:120:30 | *call to data | provenance | TaintFunction |
| test.cpp:120:19:120:22 | *path | test.cpp:120:17:120:17 | call to operator+ | provenance | Config |
| test.cpp:140:9:140:11 | fread output argument | test.cpp:142:31:142:33 | *str | provenance | |
| test.cpp:142:11:142:17 | sprintf output argument | test.cpp:143:10:143:16 | *command | provenance | |
| test.cpp:142:31:142:33 | *str | test.cpp:142:11:142:17 | sprintf output argument | provenance | Config |
| test.cpp:174:9:174:16 | fread output argument | test.cpp:177:20:177:27 | *filename | provenance | |
| test.cpp:174:9:174:16 | fread output argument | test.cpp:180:22:180:29 | *filename | provenance | |
| test.cpp:177:13:177:17 | strncat output argument | test.cpp:178:22:178:26 | *flags | provenance | |
| test.cpp:177:13:177:17 | strncat output argument | test.cpp:178:22:178:26 | *flags | provenance | |
| test.cpp:177:20:177:27 | *filename | test.cpp:177:13:177:17 | strncat output argument | provenance | Config |
| test.cpp:177:20:177:27 | *filename | test.cpp:177:13:177:17 | strncat output argument | provenance | TaintFunction |
| test.cpp:178:13:178:19 | strncat output argument | test.cpp:183:32:183:38 | *command | provenance | |
| test.cpp:178:13:178:19 | strncat output argument | test.cpp:183:32:183:38 | *command | provenance | |
| test.cpp:178:22:178:26 | *flags | test.cpp:178:13:178:19 | strncat output argument | provenance | Config |
| test.cpp:178:22:178:26 | *flags | test.cpp:178:13:178:19 | strncat output argument | provenance | TaintFunction |
| test.cpp:180:13:180:19 | strncat output argument | test.cpp:183:32:183:38 | *command | provenance | |
| test.cpp:180:22:180:29 | *filename | test.cpp:180:13:180:19 | strncat output argument | provenance | Config |
| test.cpp:186:47:186:54 | *filename | test.cpp:187:18:187:25 | *filename | provenance | |
| test.cpp:187:11:187:15 | strncat output argument | test.cpp:188:20:188:24 | *flags | provenance | |
| test.cpp:187:11:187:15 | strncat output argument | test.cpp:188:20:188:24 | *flags | provenance | |
| test.cpp:187:18:187:25 | *filename | test.cpp:187:11:187:15 | strncat output argument | provenance | Config |
| test.cpp:187:18:187:25 | *filename | test.cpp:187:11:187:15 | strncat output argument | provenance | TaintFunction |
| test.cpp:188:11:188:17 | strncat output argument | test.cpp:186:19:186:25 | *command | provenance | |
| test.cpp:188:11:188:17 | strncat output argument | test.cpp:186:19:186:25 | *command | provenance | |
| test.cpp:188:11:188:17 | strncat output argument | test.cpp:186:19:186:25 | *command [Return] | provenance | |
| test.cpp:188:11:188:17 | strncat output argument | test.cpp:186:19:186:25 | *command [Return] | provenance | |
| test.cpp:188:20:188:24 | *flags | test.cpp:188:11:188:17 | strncat output argument | provenance | Config |
| test.cpp:188:20:188:24 | *flags | test.cpp:188:11:188:17 | strncat output argument | provenance | TaintFunction |
| test.cpp:194:9:194:16 | fread output argument | test.cpp:196:26:196:33 | *filename | provenance | |
| test.cpp:196:10:196:16 | concat output argument | test.cpp:198:32:198:38 | *command | provenance | |
| test.cpp:196:10:196:16 | concat output argument | test.cpp:198:32:198:38 | *command | provenance | |
| test.cpp:196:26:196:33 | *filename | test.cpp:186:47:186:54 | *filename | provenance | |
| test.cpp:196:26:196:33 | *filename | test.cpp:196:10:196:16 | concat output argument | provenance | Config |
| test.cpp:196:26:196:33 | *filename | test.cpp:196:10:196:16 | concat output argument | provenance | TaintFunction |
| test.cpp:218:9:218:16 | fread output argument | test.cpp:220:19:220:26 | *filename | provenance | |
| test.cpp:220:10:220:16 | strncat output argument | test.cpp:220:10:220:16 | strncat output argument | provenance | TaintFunction |
| test.cpp:220:10:220:16 | strncat output argument | test.cpp:220:10:220:16 | strncat output argument | provenance | TaintFunction |
| test.cpp:220:10:220:16 | strncat output argument | test.cpp:222:32:222:38 | *command | provenance | |
| test.cpp:220:10:220:16 | strncat output argument | test.cpp:222:32:222:38 | *command | provenance | |
| test.cpp:220:19:220:26 | *filename | test.cpp:220:10:220:16 | strncat output argument | provenance | Config |
| test.cpp:220:19:220:26 | *filename | test.cpp:220:10:220:16 | strncat output argument | provenance | Config |
| test.cpp:220:19:220:26 | *filename | test.cpp:220:19:220:26 | *filename | provenance | |
| test.cpp:63:9:63:16 | fread output argument | test.cpp:65:20:65:27 | *filename | provenance | |
| test.cpp:65:11:65:17 | strncat output argument | test.cpp:66:10:66:16 | *command | provenance | |
| test.cpp:65:20:65:27 | *filename | test.cpp:65:11:65:17 | strncat output argument | provenance | Config |
| test.cpp:83:9:83:16 | fread output argument | test.cpp:85:20:85:27 | *filename | provenance | |
| test.cpp:85:11:85:17 | strncat output argument | test.cpp:86:32:86:38 | *command | provenance | |
| test.cpp:85:20:85:27 | *filename | test.cpp:85:11:85:17 | strncat output argument | provenance | Config |
| test.cpp:92:9:92:16 | fread output argument | test.cpp:94:17:94:24 | *filename | provenance | |
| test.cpp:94:11:94:14 | strncat output argument | test.cpp:95:45:95:48 | *path | provenance | |
| test.cpp:94:17:94:24 | *filename | test.cpp:94:11:94:14 | strncat output argument | provenance | Config |
| test.cpp:107:20:107:38 | *call to getenv | test.cpp:108:33:108:36 | *path | provenance | TaintFunction |
| test.cpp:108:31:108:31 | call to operator+ | test.cpp:108:31:108:31 | call to operator+ | provenance | |
| test.cpp:108:31:108:31 | call to operator+ | test.cpp:109:18:109:22 | *call to c_str | provenance | TaintFunction |
| test.cpp:108:33:108:36 | *path | test.cpp:108:31:108:31 | call to operator+ | provenance | Config |
| test.cpp:114:20:114:38 | *call to getenv | test.cpp:115:19:115:22 | *path | provenance | TaintFunction |
| test.cpp:115:10:115:23 | call to operator+ | test.cpp:115:25:115:29 | *call to c_str | provenance | TaintFunction |
| test.cpp:115:10:115:23 | call to operator+ | test.cpp:115:25:115:29 | *call to c_str | provenance | TaintFunction |
| test.cpp:115:17:115:17 | call to operator+ | test.cpp:115:10:115:23 | call to operator+ | provenance | |
| test.cpp:115:19:115:22 | *path | test.cpp:115:10:115:23 | call to operator+ | provenance | Config |
| test.cpp:115:19:115:22 | *path | test.cpp:115:17:115:17 | call to operator+ | provenance | Config |
| test.cpp:120:20:120:38 | *call to getenv | test.cpp:121:19:121:22 | *path | provenance | TaintFunction |
| test.cpp:121:17:121:17 | call to operator+ | test.cpp:121:10:121:30 | *call to data | provenance | TaintFunction |
| test.cpp:121:19:121:22 | *path | test.cpp:121:17:121:17 | call to operator+ | provenance | Config |
| test.cpp:141:9:141:11 | fread output argument | test.cpp:143:31:143:33 | *str | provenance | |
| test.cpp:143:11:143:17 | sprintf output argument | test.cpp:144:10:144:16 | *command | provenance | |
| test.cpp:143:31:143:33 | *str | test.cpp:143:11:143:17 | sprintf output argument | provenance | Config |
| test.cpp:175:9:175:16 | fread output argument | test.cpp:178:20:178:27 | *filename | provenance | |
| test.cpp:175:9:175:16 | fread output argument | test.cpp:181:22:181:29 | *filename | provenance | |
| test.cpp:178:13:178:17 | strncat output argument | test.cpp:179:22:179:26 | *flags | provenance | |
| test.cpp:178:13:178:17 | strncat output argument | test.cpp:179:22:179:26 | *flags | provenance | |
| test.cpp:178:20:178:27 | *filename | test.cpp:178:13:178:17 | strncat output argument | provenance | Config |
| test.cpp:178:20:178:27 | *filename | test.cpp:178:13:178:17 | strncat output argument | provenance | TaintFunction |
| test.cpp:179:13:179:19 | strncat output argument | test.cpp:184:32:184:38 | *command | provenance | |
| test.cpp:179:13:179:19 | strncat output argument | test.cpp:184:32:184:38 | *command | provenance | |
| test.cpp:179:22:179:26 | *flags | test.cpp:179:13:179:19 | strncat output argument | provenance | Config |
| test.cpp:179:22:179:26 | *flags | test.cpp:179:13:179:19 | strncat output argument | provenance | TaintFunction |
| test.cpp:181:13:181:19 | strncat output argument | test.cpp:184:32:184:38 | *command | provenance | |
| test.cpp:181:22:181:29 | *filename | test.cpp:181:13:181:19 | strncat output argument | provenance | Config |
| test.cpp:187:47:187:54 | *filename | test.cpp:188:18:188:25 | *filename | provenance | |
| test.cpp:188:11:188:15 | strncat output argument | test.cpp:189:20:189:24 | *flags | provenance | |
| test.cpp:188:11:188:15 | strncat output argument | test.cpp:189:20:189:24 | *flags | provenance | |
| test.cpp:188:18:188:25 | *filename | test.cpp:188:11:188:15 | strncat output argument | provenance | Config |
| test.cpp:188:18:188:25 | *filename | test.cpp:188:11:188:15 | strncat output argument | provenance | TaintFunction |
| test.cpp:189:11:189:17 | strncat output argument | test.cpp:187:19:187:25 | *command | provenance | |
| test.cpp:189:11:189:17 | strncat output argument | test.cpp:187:19:187:25 | *command | provenance | |
| test.cpp:189:11:189:17 | strncat output argument | test.cpp:187:19:187:25 | *command [Return] | provenance | |
| test.cpp:189:11:189:17 | strncat output argument | test.cpp:187:19:187:25 | *command [Return] | provenance | |
| test.cpp:189:20:189:24 | *flags | test.cpp:189:11:189:17 | strncat output argument | provenance | Config |
| test.cpp:189:20:189:24 | *flags | test.cpp:189:11:189:17 | strncat output argument | provenance | TaintFunction |
| test.cpp:195:9:195:16 | fread output argument | test.cpp:197:26:197:33 | *filename | provenance | |
| test.cpp:197:10:197:16 | concat output argument | test.cpp:199:32:199:38 | *command | provenance | |
| test.cpp:197:10:197:16 | concat output argument | test.cpp:199:32:199:38 | *command | provenance | |
| test.cpp:197:26:197:33 | *filename | test.cpp:187:47:187:54 | *filename | provenance | |
| test.cpp:197:26:197:33 | *filename | test.cpp:197:10:197:16 | concat output argument | provenance | Config |
| test.cpp:197:26:197:33 | *filename | test.cpp:197:10:197:16 | concat output argument | provenance | TaintFunction |
| test.cpp:219:9:219:16 | fread output argument | test.cpp:221:19:221:26 | *filename | provenance | |
| test.cpp:221:10:221:16 | strncat output argument | test.cpp:221:10:221:16 | strncat output argument | provenance | TaintFunction |
| test.cpp:221:10:221:16 | strncat output argument | test.cpp:221:10:221:16 | strncat output argument | provenance | TaintFunction |
| test.cpp:221:10:221:16 | strncat output argument | test.cpp:223:32:223:38 | *command | provenance | |
| test.cpp:221:10:221:16 | strncat output argument | test.cpp:223:32:223:38 | *command | provenance | |
| test.cpp:221:19:221:26 | *filename | test.cpp:221:10:221:16 | strncat output argument | provenance | Config |
| test.cpp:221:19:221:26 | *filename | test.cpp:221:10:221:16 | strncat output argument | provenance | Config |
| test.cpp:221:19:221:26 | *filename | test.cpp:221:19:221:26 | *filename | provenance | |
| test.cpp:231:11:231:16 | strncat output argument | test.cpp:232:11:232:16 | strncat output argument | provenance | TaintFunction |
| test.cpp:231:19:231:33 | *call to getenv | test.cpp:231:11:231:16 | strncat output argument | provenance | Config |
| test.cpp:232:11:232:16 | strncat output argument | test.cpp:233:11:233:16 | strncat output argument | provenance | TaintFunction |
| test.cpp:232:11:232:16 | strncat output argument | test.cpp:233:11:233:16 | strncat output argument | provenance | TaintFunction |
| test.cpp:232:19:232:33 | *call to getenv | test.cpp:232:11:232:16 | strncat output argument | provenance | Config |
| test.cpp:233:11:233:16 | strncat output argument | test.cpp:234:10:234:15 | *buffer | provenance | |
| test.cpp:233:11:233:16 | strncat output argument | test.cpp:234:10:234:15 | *buffer | provenance | |
| test.cpp:242:11:242:17 | sprintf output argument | test.cpp:247:5:247:11 | *buffer1 | provenance | |
| test.cpp:242:11:242:17 | sprintf output argument | test.cpp:247:5:247:11 | *buffer1 | provenance | |
| test.cpp:243:5:243:10 | *call to getenv | test.cpp:242:11:242:17 | sprintf output argument | provenance | TaintFunction |
| test.cpp:244:5:244:10 | *call to getenv | test.cpp:242:11:242:17 | sprintf output argument | provenance | Config |
| test.cpp:244:5:244:10 | *call to getenv | test.cpp:242:11:242:17 | sprintf output argument | provenance | TaintFunction |
| test.cpp:245:11:245:17 | sprintf output argument | test.cpp:249:10:249:16 | *buffer2 | provenance | |
| test.cpp:245:11:245:17 | sprintf output argument | test.cpp:249:10:249:16 | *buffer2 | provenance | |
| test.cpp:245:11:245:17 | sprintf output argument | test.cpp:249:10:249:16 | *buffer2 | provenance | |
| test.cpp:247:5:247:11 | *buffer1 | test.cpp:245:11:245:17 | sprintf output argument | provenance | Config |
| test.cpp:247:5:247:11 | *buffer1 | test.cpp:245:11:245:17 | sprintf output argument | provenance | TaintFunction |
| test.cpp:248:5:248:10 | *call to getenv | test.cpp:245:11:245:17 | sprintf output argument | provenance | Config |
| test.cpp:259:13:259:18 | strncat output argument | test.cpp:261:10:261:15 | *buffer | provenance | |
| test.cpp:259:21:259:35 | *call to getenv | test.cpp:259:13:259:18 | strncat output argument | provenance | Config |
nodes
| test.cpp:15:27:15:30 | **argv | semmle.label | **argv |
| test.cpp:16:20:16:26 | *access to array | semmle.label | *access to array |
@@ -80,98 +100,130 @@ nodes
| test.cpp:50:11:50:17 | sprintf output argument | semmle.label | sprintf output argument |
| test.cpp:50:35:50:43 | *envCflags | semmle.label | *envCflags |
| test.cpp:51:10:51:16 | *command | semmle.label | *command |
| test.cpp:62:9:62:16 | fread output argument | semmle.label | fread output argument |
| test.cpp:64:11:64:17 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:64:20:64:27 | *filename | semmle.label | *filename |
| test.cpp:65:10:65:16 | *command | semmle.label | *command |
| test.cpp:82:9:82:16 | fread output argument | semmle.label | fread output argument |
| test.cpp:84:11:84:17 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:84:20:84:27 | *filename | semmle.label | *filename |
| test.cpp:85:32:85:38 | *command | semmle.label | *command |
| test.cpp:91:9:91:16 | fread output argument | semmle.label | fread output argument |
| test.cpp:93:11:93:14 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:93:17:93:24 | *filename | semmle.label | *filename |
| test.cpp:94:45:94:48 | *path | semmle.label | *path |
| test.cpp:106:20:106:38 | *call to getenv | semmle.label | *call to getenv |
| test.cpp:107:31:107:31 | call to operator+ | semmle.label | call to operator+ |
| test.cpp:107:31:107:31 | call to operator+ | semmle.label | call to operator+ |
| test.cpp:107:33:107:36 | *path | semmle.label | *path |
| test.cpp:108:18:108:22 | *call to c_str | semmle.label | *call to c_str |
| test.cpp:113:20:113:38 | *call to getenv | semmle.label | *call to getenv |
| test.cpp:114:10:114:23 | call to operator+ | semmle.label | call to operator+ |
| test.cpp:114:10:114:23 | call to operator+ | semmle.label | call to operator+ |
| test.cpp:114:17:114:17 | call to operator+ | semmle.label | call to operator+ |
| test.cpp:114:19:114:22 | *path | semmle.label | *path |
| test.cpp:114:25:114:29 | *call to c_str | semmle.label | *call to c_str |
| test.cpp:114:25:114:29 | *call to c_str | semmle.label | *call to c_str |
| test.cpp:119:20:119:38 | *call to getenv | semmle.label | *call to getenv |
| test.cpp:120:10:120:30 | *call to data | semmle.label | *call to data |
| test.cpp:120:17:120:17 | call to operator+ | semmle.label | call to operator+ |
| test.cpp:120:19:120:22 | *path | semmle.label | *path |
| test.cpp:140:9:140:11 | fread output argument | semmle.label | fread output argument |
| test.cpp:142:11:142:17 | sprintf output argument | semmle.label | sprintf output argument |
| test.cpp:142:31:142:33 | *str | semmle.label | *str |
| test.cpp:143:10:143:16 | *command | semmle.label | *command |
| test.cpp:174:9:174:16 | fread output argument | semmle.label | fread output argument |
| test.cpp:177:13:177:17 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:177:13:177:17 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:177:20:177:27 | *filename | semmle.label | *filename |
| test.cpp:178:13:178:19 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:178:13:178:19 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:178:22:178:26 | *flags | semmle.label | *flags |
| test.cpp:178:22:178:26 | *flags | semmle.label | *flags |
| test.cpp:180:13:180:19 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:180:22:180:29 | *filename | semmle.label | *filename |
| test.cpp:183:32:183:38 | *command | semmle.label | *command |
| test.cpp:183:32:183:38 | *command | semmle.label | *command |
| test.cpp:183:32:183:38 | *command | semmle.label | *command |
| test.cpp:186:19:186:25 | *command | semmle.label | *command |
| test.cpp:186:19:186:25 | *command | semmle.label | *command |
| test.cpp:186:19:186:25 | *command [Return] | semmle.label | *command [Return] |
| test.cpp:186:19:186:25 | *command [Return] | semmle.label | *command [Return] |
| test.cpp:186:47:186:54 | *filename | semmle.label | *filename |
| test.cpp:187:11:187:15 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:187:11:187:15 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:187:18:187:25 | *filename | semmle.label | *filename |
| test.cpp:188:11:188:17 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:188:11:188:17 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:188:20:188:24 | *flags | semmle.label | *flags |
| test.cpp:188:20:188:24 | *flags | semmle.label | *flags |
| test.cpp:194:9:194:16 | fread output argument | semmle.label | fread output argument |
| test.cpp:196:10:196:16 | concat output argument | semmle.label | concat output argument |
| test.cpp:196:10:196:16 | concat output argument | semmle.label | concat output argument |
| test.cpp:196:26:196:33 | *filename | semmle.label | *filename |
| test.cpp:198:32:198:38 | *command | semmle.label | *command |
| test.cpp:198:32:198:38 | *command | semmle.label | *command |
| test.cpp:218:9:218:16 | fread output argument | semmle.label | fread output argument |
| test.cpp:220:10:220:16 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:220:10:220:16 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:220:10:220:16 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:220:10:220:16 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:220:19:220:26 | *filename | semmle.label | *filename |
| test.cpp:220:19:220:26 | *filename | semmle.label | *filename |
| test.cpp:222:32:222:38 | *command | semmle.label | *command |
| test.cpp:222:32:222:38 | *command | semmle.label | *command |
| test.cpp:63:9:63:16 | fread output argument | semmle.label | fread output argument |
| test.cpp:65:11:65:17 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:65:20:65:27 | *filename | semmle.label | *filename |
| test.cpp:66:10:66:16 | *command | semmle.label | *command |
| test.cpp:83:9:83:16 | fread output argument | semmle.label | fread output argument |
| test.cpp:85:11:85:17 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:85:20:85:27 | *filename | semmle.label | *filename |
| test.cpp:86:32:86:38 | *command | semmle.label | *command |
| test.cpp:92:9:92:16 | fread output argument | semmle.label | fread output argument |
| test.cpp:94:11:94:14 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:94:17:94:24 | *filename | semmle.label | *filename |
| test.cpp:95:45:95:48 | *path | semmle.label | *path |
| test.cpp:107:20:107:38 | *call to getenv | semmle.label | *call to getenv |
| test.cpp:108:31:108:31 | call to operator+ | semmle.label | call to operator+ |
| test.cpp:108:31:108:31 | call to operator+ | semmle.label | call to operator+ |
| test.cpp:108:33:108:36 | *path | semmle.label | *path |
| test.cpp:109:18:109:22 | *call to c_str | semmle.label | *call to c_str |
| test.cpp:114:20:114:38 | *call to getenv | semmle.label | *call to getenv |
| test.cpp:115:10:115:23 | call to operator+ | semmle.label | call to operator+ |
| test.cpp:115:10:115:23 | call to operator+ | semmle.label | call to operator+ |
| test.cpp:115:17:115:17 | call to operator+ | semmle.label | call to operator+ |
| test.cpp:115:19:115:22 | *path | semmle.label | *path |
| test.cpp:115:25:115:29 | *call to c_str | semmle.label | *call to c_str |
| test.cpp:115:25:115:29 | *call to c_str | semmle.label | *call to c_str |
| test.cpp:120:20:120:38 | *call to getenv | semmle.label | *call to getenv |
| test.cpp:121:10:121:30 | *call to data | semmle.label | *call to data |
| test.cpp:121:17:121:17 | call to operator+ | semmle.label | call to operator+ |
| test.cpp:121:19:121:22 | *path | semmle.label | *path |
| test.cpp:141:9:141:11 | fread output argument | semmle.label | fread output argument |
| test.cpp:143:11:143:17 | sprintf output argument | semmle.label | sprintf output argument |
| test.cpp:143:31:143:33 | *str | semmle.label | *str |
| test.cpp:144:10:144:16 | *command | semmle.label | *command |
| test.cpp:175:9:175:16 | fread output argument | semmle.label | fread output argument |
| test.cpp:178:13:178:17 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:178:13:178:17 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:178:20:178:27 | *filename | semmle.label | *filename |
| test.cpp:179:13:179:19 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:179:13:179:19 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:179:22:179:26 | *flags | semmle.label | *flags |
| test.cpp:179:22:179:26 | *flags | semmle.label | *flags |
| test.cpp:181:13:181:19 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:181:22:181:29 | *filename | semmle.label | *filename |
| test.cpp:184:32:184:38 | *command | semmle.label | *command |
| test.cpp:184:32:184:38 | *command | semmle.label | *command |
| test.cpp:184:32:184:38 | *command | semmle.label | *command |
| test.cpp:187:19:187:25 | *command | semmle.label | *command |
| test.cpp:187:19:187:25 | *command | semmle.label | *command |
| test.cpp:187:19:187:25 | *command [Return] | semmle.label | *command [Return] |
| test.cpp:187:19:187:25 | *command [Return] | semmle.label | *command [Return] |
| test.cpp:187:47:187:54 | *filename | semmle.label | *filename |
| test.cpp:188:11:188:15 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:188:11:188:15 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:188:18:188:25 | *filename | semmle.label | *filename |
| test.cpp:189:11:189:17 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:189:11:189:17 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:189:20:189:24 | *flags | semmle.label | *flags |
| test.cpp:189:20:189:24 | *flags | semmle.label | *flags |
| test.cpp:195:9:195:16 | fread output argument | semmle.label | fread output argument |
| test.cpp:197:10:197:16 | concat output argument | semmle.label | concat output argument |
| test.cpp:197:10:197:16 | concat output argument | semmle.label | concat output argument |
| test.cpp:197:26:197:33 | *filename | semmle.label | *filename |
| test.cpp:199:32:199:38 | *command | semmle.label | *command |
| test.cpp:199:32:199:38 | *command | semmle.label | *command |
| test.cpp:219:9:219:16 | fread output argument | semmle.label | fread output argument |
| test.cpp:221:10:221:16 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:221:10:221:16 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:221:10:221:16 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:221:10:221:16 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:221:19:221:26 | *filename | semmle.label | *filename |
| test.cpp:221:19:221:26 | *filename | semmle.label | *filename |
| test.cpp:223:32:223:38 | *command | semmle.label | *command |
| test.cpp:223:32:223:38 | *command | semmle.label | *command |
| test.cpp:231:11:231:16 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:231:19:231:33 | *call to getenv | semmle.label | *call to getenv |
| test.cpp:232:11:232:16 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:232:11:232:16 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:232:19:232:33 | *call to getenv | semmle.label | *call to getenv |
| test.cpp:233:11:233:16 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:233:11:233:16 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:234:10:234:15 | *buffer | semmle.label | *buffer |
| test.cpp:234:10:234:15 | *buffer | semmle.label | *buffer |
| test.cpp:242:11:242:17 | sprintf output argument | semmle.label | sprintf output argument |
| test.cpp:242:11:242:17 | sprintf output argument | semmle.label | sprintf output argument |
| test.cpp:243:5:243:10 | *call to getenv | semmle.label | *call to getenv |
| test.cpp:244:5:244:10 | *call to getenv | semmle.label | *call to getenv |
| test.cpp:245:11:245:17 | sprintf output argument | semmle.label | sprintf output argument |
| test.cpp:245:11:245:17 | sprintf output argument | semmle.label | sprintf output argument |
| test.cpp:245:11:245:17 | sprintf output argument | semmle.label | sprintf output argument |
| test.cpp:247:5:247:11 | *buffer1 | semmle.label | *buffer1 |
| test.cpp:247:5:247:11 | *buffer1 | semmle.label | *buffer1 |
| test.cpp:248:5:248:10 | *call to getenv | semmle.label | *call to getenv |
| test.cpp:249:10:249:16 | *buffer2 | semmle.label | *buffer2 |
| test.cpp:249:10:249:16 | *buffer2 | semmle.label | *buffer2 |
| test.cpp:249:10:249:16 | *buffer2 | semmle.label | *buffer2 |
| test.cpp:259:13:259:18 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:259:21:259:35 | *call to getenv | semmle.label | *call to getenv |
| test.cpp:261:10:261:15 | *buffer | semmle.label | *buffer |
subpaths
| test.cpp:196:26:196:33 | *filename | test.cpp:186:47:186:54 | *filename | test.cpp:186:19:186:25 | *command | test.cpp:196:10:196:16 | concat output argument |
| test.cpp:196:26:196:33 | *filename | test.cpp:186:47:186:54 | *filename | test.cpp:186:19:186:25 | *command | test.cpp:196:10:196:16 | concat output argument |
| test.cpp:196:26:196:33 | *filename | test.cpp:186:47:186:54 | *filename | test.cpp:186:19:186:25 | *command [Return] | test.cpp:196:10:196:16 | concat output argument |
| test.cpp:196:26:196:33 | *filename | test.cpp:186:47:186:54 | *filename | test.cpp:186:19:186:25 | *command [Return] | test.cpp:196:10:196:16 | concat output argument |
| test.cpp:197:26:197:33 | *filename | test.cpp:187:47:187:54 | *filename | test.cpp:187:19:187:25 | *command | test.cpp:197:10:197:16 | concat output argument |
| test.cpp:197:26:197:33 | *filename | test.cpp:187:47:187:54 | *filename | test.cpp:187:19:187:25 | *command | test.cpp:197:10:197:16 | concat output argument |
| test.cpp:197:26:197:33 | *filename | test.cpp:187:47:187:54 | *filename | test.cpp:187:19:187:25 | *command [Return] | test.cpp:197:10:197:16 | concat output argument |
| test.cpp:197:26:197:33 | *filename | test.cpp:187:47:187:54 | *filename | test.cpp:187:19:187:25 | *command [Return] | test.cpp:197:10:197:16 | concat output argument |
#select
| test.cpp:23:12:23:19 | command1 | test.cpp:15:27:15:30 | **argv | test.cpp:23:12:23:19 | *command1 | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:15:27:15:30 | **argv | user input (a command-line argument) | test.cpp:22:13:22:20 | sprintf output argument | sprintf output argument |
| test.cpp:51:10:51:16 | command | test.cpp:47:21:47:26 | *call to getenv | test.cpp:51:10:51:16 | *command | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:47:21:47:26 | *call to getenv | user input (an environment variable) | test.cpp:50:11:50:17 | sprintf output argument | sprintf output argument |
| test.cpp:65:10:65:16 | command | test.cpp:62:9:62:16 | fread output argument | test.cpp:65:10:65:16 | *command | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:62:9:62:16 | fread output argument | user input (string read by fread) | test.cpp:64:11:64:17 | strncat output argument | strncat output argument |
| test.cpp:85:32:85:38 | command | test.cpp:82:9:82:16 | fread output argument | test.cpp:85:32:85:38 | *command | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:82:9:82:16 | fread output argument | user input (string read by fread) | test.cpp:84:11:84:17 | strncat output argument | strncat output argument |
| test.cpp:94:45:94:48 | path | test.cpp:91:9:91:16 | fread output argument | test.cpp:94:45:94:48 | *path | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:91:9:91:16 | fread output argument | user input (string read by fread) | test.cpp:93:11:93:14 | strncat output argument | strncat output argument |
| test.cpp:108:18:108:22 | call to c_str | test.cpp:106:20:106:38 | *call to getenv | test.cpp:108:18:108:22 | *call to c_str | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:106:20:106:38 | *call to getenv | user input (an environment variable) | test.cpp:107:31:107:31 | call to operator+ | call to operator+ |
| test.cpp:114:25:114:29 | call to c_str | test.cpp:113:20:113:38 | *call to getenv | test.cpp:114:25:114:29 | *call to c_str | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:113:20:113:38 | *call to getenv | user input (an environment variable) | test.cpp:114:10:114:23 | call to operator+ | call to operator+ |
| test.cpp:114:25:114:29 | call to c_str | test.cpp:113:20:113:38 | *call to getenv | test.cpp:114:25:114:29 | *call to c_str | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:113:20:113:38 | *call to getenv | user input (an environment variable) | test.cpp:114:17:114:17 | call to operator+ | call to operator+ |
| test.cpp:120:25:120:28 | call to data | test.cpp:119:20:119:38 | *call to getenv | test.cpp:120:10:120:30 | *call to data | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:119:20:119:38 | *call to getenv | user input (an environment variable) | test.cpp:120:17:120:17 | call to operator+ | call to operator+ |
| test.cpp:143:10:143:16 | command | test.cpp:140:9:140:11 | fread output argument | test.cpp:143:10:143:16 | *command | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:140:9:140:11 | fread output argument | user input (string read by fread) | test.cpp:142:11:142:17 | sprintf output argument | sprintf output argument |
| test.cpp:183:32:183:38 | command | test.cpp:174:9:174:16 | fread output argument | test.cpp:183:32:183:38 | *command | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:174:9:174:16 | fread output argument | user input (string read by fread) | test.cpp:177:13:177:17 | strncat output argument | strncat output argument |
| test.cpp:183:32:183:38 | command | test.cpp:174:9:174:16 | fread output argument | test.cpp:183:32:183:38 | *command | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:174:9:174:16 | fread output argument | user input (string read by fread) | test.cpp:178:13:178:19 | strncat output argument | strncat output argument |
| test.cpp:183:32:183:38 | command | test.cpp:174:9:174:16 | fread output argument | test.cpp:183:32:183:38 | *command | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:174:9:174:16 | fread output argument | user input (string read by fread) | test.cpp:180:13:180:19 | strncat output argument | strncat output argument |
| test.cpp:198:32:198:38 | command | test.cpp:194:9:194:16 | fread output argument | test.cpp:198:32:198:38 | *command | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:194:9:194:16 | fread output argument | user input (string read by fread) | test.cpp:187:11:187:15 | strncat output argument | strncat output argument |
| test.cpp:198:32:198:38 | command | test.cpp:194:9:194:16 | fread output argument | test.cpp:198:32:198:38 | *command | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:194:9:194:16 | fread output argument | user input (string read by fread) | test.cpp:188:11:188:17 | strncat output argument | strncat output argument |
| test.cpp:222:32:222:38 | command | test.cpp:218:9:218:16 | fread output argument | test.cpp:222:32:222:38 | *command | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:218:9:218:16 | fread output argument | user input (string read by fread) | test.cpp:220:10:220:16 | strncat output argument | strncat output argument |
| test.cpp:222:32:222:38 | command | test.cpp:218:9:218:16 | fread output argument | test.cpp:222:32:222:38 | *command | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:218:9:218:16 | fread output argument | user input (string read by fread) | test.cpp:220:10:220:16 | strncat output argument | strncat output argument |
| test.cpp:66:10:66:16 | command | test.cpp:63:9:63:16 | fread output argument | test.cpp:66:10:66:16 | *command | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:63:9:63:16 | fread output argument | user input (string read by fread) | test.cpp:65:11:65:17 | strncat output argument | strncat output argument |
| test.cpp:86:32:86:38 | command | test.cpp:83:9:83:16 | fread output argument | test.cpp:86:32:86:38 | *command | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:83:9:83:16 | fread output argument | user input (string read by fread) | test.cpp:85:11:85:17 | strncat output argument | strncat output argument |
| test.cpp:95:45:95:48 | path | test.cpp:92:9:92:16 | fread output argument | test.cpp:95:45:95:48 | *path | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:92:9:92:16 | fread output argument | user input (string read by fread) | test.cpp:94:11:94:14 | strncat output argument | strncat output argument |
| test.cpp:109:18:109:22 | call to c_str | test.cpp:107:20:107:38 | *call to getenv | test.cpp:109:18:109:22 | *call to c_str | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:107:20:107:38 | *call to getenv | user input (an environment variable) | test.cpp:108:31:108:31 | call to operator+ | call to operator+ |
| test.cpp:115:25:115:29 | call to c_str | test.cpp:114:20:114:38 | *call to getenv | test.cpp:115:25:115:29 | *call to c_str | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:114:20:114:38 | *call to getenv | user input (an environment variable) | test.cpp:115:10:115:23 | call to operator+ | call to operator+ |
| test.cpp:115:25:115:29 | call to c_str | test.cpp:114:20:114:38 | *call to getenv | test.cpp:115:25:115:29 | *call to c_str | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:114:20:114:38 | *call to getenv | user input (an environment variable) | test.cpp:115:17:115:17 | call to operator+ | call to operator+ |
| test.cpp:121:25:121:28 | call to data | test.cpp:120:20:120:38 | *call to getenv | test.cpp:121:10:121:30 | *call to data | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:120:20:120:38 | *call to getenv | user input (an environment variable) | test.cpp:121:17:121:17 | call to operator+ | call to operator+ |
| test.cpp:144:10:144:16 | command | test.cpp:141:9:141:11 | fread output argument | test.cpp:144:10:144:16 | *command | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:141:9:141:11 | fread output argument | user input (string read by fread) | test.cpp:143:11:143:17 | sprintf output argument | sprintf output argument |
| test.cpp:184:32:184:38 | command | test.cpp:175:9:175:16 | fread output argument | test.cpp:184:32:184:38 | *command | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:175:9:175:16 | fread output argument | user input (string read by fread) | test.cpp:178:13:178:17 | strncat output argument | strncat output argument |
| test.cpp:184:32:184:38 | command | test.cpp:175:9:175:16 | fread output argument | test.cpp:184:32:184:38 | *command | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:175:9:175:16 | fread output argument | user input (string read by fread) | test.cpp:179:13:179:19 | strncat output argument | strncat output argument |
| test.cpp:184:32:184:38 | command | test.cpp:175:9:175:16 | fread output argument | test.cpp:184:32:184:38 | *command | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:175:9:175:16 | fread output argument | user input (string read by fread) | test.cpp:181:13:181:19 | strncat output argument | strncat output argument |
| test.cpp:199:32:199:38 | command | test.cpp:195:9:195:16 | fread output argument | test.cpp:199:32:199:38 | *command | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:195:9:195:16 | fread output argument | user input (string read by fread) | test.cpp:188:11:188:15 | strncat output argument | strncat output argument |
| test.cpp:199:32:199:38 | command | test.cpp:195:9:195:16 | fread output argument | test.cpp:199:32:199:38 | *command | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:195:9:195:16 | fread output argument | user input (string read by fread) | test.cpp:189:11:189:17 | strncat output argument | strncat output argument |
| test.cpp:223:32:223:38 | command | test.cpp:219:9:219:16 | fread output argument | test.cpp:223:32:223:38 | *command | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:219:9:219:16 | fread output argument | user input (string read by fread) | test.cpp:221:10:221:16 | strncat output argument | strncat output argument |
| test.cpp:223:32:223:38 | command | test.cpp:219:9:219:16 | fread output argument | test.cpp:223:32:223:38 | *command | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:219:9:219:16 | fread output argument | user input (string read by fread) | test.cpp:221:10:221:16 | strncat output argument | strncat output argument |
| test.cpp:234:10:234:15 | buffer | test.cpp:231:19:231:33 | *call to getenv | test.cpp:234:10:234:15 | *buffer | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:231:19:231:33 | *call to getenv | user input (an environment variable) | test.cpp:231:11:231:16 | strncat output argument | strncat output argument |
| test.cpp:234:10:234:15 | buffer | test.cpp:232:19:232:33 | *call to getenv | test.cpp:234:10:234:15 | *buffer | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:232:19:232:33 | *call to getenv | user input (an environment variable) | test.cpp:232:11:232:16 | strncat output argument | strncat output argument |
| test.cpp:249:10:249:16 | buffer2 | test.cpp:243:5:243:10 | *call to getenv | test.cpp:249:10:249:16 | *buffer2 | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:243:5:243:10 | *call to getenv | user input (an environment variable) | test.cpp:245:11:245:17 | sprintf output argument | sprintf output argument |
| test.cpp:249:10:249:16 | buffer2 | test.cpp:244:5:244:10 | *call to getenv | test.cpp:249:10:249:16 | *buffer2 | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:244:5:244:10 | *call to getenv | user input (an environment variable) | test.cpp:242:11:242:17 | sprintf output argument | sprintf output argument |
| test.cpp:249:10:249:16 | buffer2 | test.cpp:244:5:244:10 | *call to getenv | test.cpp:249:10:249:16 | *buffer2 | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:244:5:244:10 | *call to getenv | user input (an environment variable) | test.cpp:245:11:245:17 | sprintf output argument | sprintf output argument |
| test.cpp:249:10:249:16 | buffer2 | test.cpp:248:5:248:10 | *call to getenv | test.cpp:249:10:249:16 | *buffer2 | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:248:5:248:10 | *call to getenv | user input (an environment variable) | test.cpp:245:11:245:17 | sprintf output argument | sprintf output argument |
| test.cpp:261:10:261:15 | buffer | test.cpp:259:21:259:35 | *call to getenv | test.cpp:261:10:261:15 | *buffer | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:259:21:259:35 | *call to getenv | user input (an environment variable) | test.cpp:259:13:259:18 | strncat output argument | strncat output argument |

53
cpp/ql/test/query-tests/Security/CWE/CWE-078/semmle/ExecTainted/test.cpp
View File

@@ -14,7 +14,7 @@ extern void encodeShellString(char *shellStr, int maxChars, const char* cStr);
int main(int argc, char** argv) {
char *userName = argv[2];
{
// BAD: a string from the user is injected directly into
// a command.
@@ -23,10 +23,10 @@ int main(int argc, char** argv) {
system(command1);
}
{
{
// GOOD: the user string is encoded by a library routine.
char userNameQuoted[1000] = {0};
encodeShellString(userNameQuoted, 1000, userName);
encodeShellString(userNameQuoted, 1000, userName);
char command2[1000] = {0};
sprintf(command2, "userinfo -v %s", userNameQuoted);
system(command2);
@@ -36,16 +36,16 @@ int main(int argc, char** argv) {
void test2(char* arg2) {
// GOOD?: the user string is the *first* part of the command, like $CC in many environments
char *envCC = getenv("CC");
char command[1000];
sprintf("%s %s", envCC, arg2);
sprintf(command, "%s %s", envCC, arg2);
system(command);
}
void test3(char* arg1) {
// GOOD?: the user string is a `$CFLAGS` environment variable
char *envCflags = getenv("CFLAGS");
char command[1000];
sprintf(command, "%s %s", arg1, envCflags);
system(command);
@@ -54,6 +54,7 @@ void test3(char* arg1) {
typedef unsigned long size_t;
typedef void FILE;
size_t fread(void *ptr, size_t size, size_t nmemb, FILE *stream);
char *strncpy(char *s1, const char *s2, size_t n);
char *strncat(char *s1, const char *s2, size_t n);
void test4(FILE *f) {
@@ -160,7 +161,7 @@ void test15(FILE *f) {
fread(temp, 1, 10, f);
int x = atoi(temp);
char temp2[10];
sprintf(temp2, "%d", x);
sprintf(command, "tail -n %s foo.log", temp2);
@@ -222,4 +223,42 @@ void test19(FILE *f) {
execl("/bin/sh", "sh", "-c", command);
}
void test20() {
// BAD: the user strings `var_b`, `var_c` are injected directly into a command
char buffer[1024 * 4];
strncpy(buffer, getenv("var_a"), 1024);
strncat(buffer, getenv("var_b"), 1024);
strncat(buffer, getenv("var_c"), 1024);
strncat(buffer, " ", 1024);
system(buffer);
}
void test21() {
// BAD: the user strings `var_b`, `var_c` are injected directly into a command
char buffer1[1024];
char buffer2[1024];
sprintf(buffer1, "%s %s",
getenv("var_a"),
getenv("var_b"));
sprintf(buffer2, "%s %s %s",
" ",
buffer1,
getenv("var_c"));
system(buffer2);
}
void test22() {
// BAD: the user strings `var_a` are injected directly into a command
char buffer[1024 * 11];
int i;
strncpy(buffer, "command ", 1024);
for (i = 0; i < 10; i++) {
strncat(buffer, getenv("var_a"), 1024);
}
system(buffer);
}
// open question: do we want to report certain sources even when they're the start of the string?

4
csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 1.7.34
No user-facing changes.
## 1.7.33
No user-facing changes.

3
csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.34.md Normal file
View File

@@ -0,0 +1,3 @@
## 1.7.34
No user-facing changes.

2
csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.7.33
lastReleaseVersion: 1.7.34

2
csharp/ql/campaigns/Solorigate/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/csharp-solorigate-all
version: 1.7.34-dev
version: 1.7.35-dev
groups:
- csharp
- solorigate

4
csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 1.7.34
No user-facing changes.
## 1.7.33
No user-facing changes.

3
csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.34.md Normal file
View File

@@ -0,0 +1,3 @@
## 1.7.34
No user-facing changes.

2
csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.7.33
lastReleaseVersion: 1.7.34

2
csharp/ql/campaigns/Solorigate/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/csharp-solorigate-queries
version: 1.7.34-dev
version: 1.7.35-dev
groups:
- csharp
- solorigate

16
csharp/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,18 @@
## 5.1.0
### Deprecated APIs
* The predicates `immediatelyControls` and `controls` on the `ConditionBlock`
class have been deprecated in favor of the newly added `dominatingEdge`
predicate.
### Minor Analysis Improvements
* Full support for C# 13 / .NET 9. All new language features are now supported by the extractor. QL library and data flow support for the new C# 13 language constructs and generated MaD models for the .NET 9 runtime.
* C# 13: Add generated models for .NET 9.
* The models for `System.Net.Http.HttpRequestMessage` and `System.UriBuilder` have been modified to better model the flow of tainted URIs.
* Blazor `[Parameter]` fields bound to a variable from the route specified in the `@page` directive are now modeled as remote flow sources.
## 5.0.0
### Breaking Changes
@@ -53,7 +68,6 @@
### Minor Analysis Improvements
* .NET 9 is now required to build the C# extractor.
* The Models as Data models for .NET 8 Runtime now include generated models for higher order methods.
## 3.1.0

4
csharp/ql/lib/change-notes/2025-02-03-blazor-routing-parameters.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Blazor `[Parameter]` fields bound to a variable from the route specified in the `@page` directive are now modeled as remote flow sources.

4
csharp/ql/lib/change-notes/2025-02-05-update-system.net.http.httprequestmessage-and-system.uribuilder-models.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* The models for `System.Net.Http.HttpRequestMessage` and `System.UriBuilder` have been modified to better model the flow of tainted URIs.

5
csharp/ql/lib/change-notes/2025-02-07-dotnet-models.md
View File

@@ -1,5 +0,0 @@
---
category: minorAnalysis
---
* C# 13: Add generated models for .NET 9.

4
csharp/ql/lib/change-notes/2025-02-13-csharp13-dotnet9.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Full support for C# 13 / .NET 9. All new language features are now supported by the extractor. QL library and data flow support for the new C# 13 language constructs and generated MaD models for the .NET 9 runtime.

1
csharp/ql/lib/change-notes/released/3.1.1.md
View File

@@ -2,5 +2,4 @@
### Minor Analysis Improvements
* .NET 9 is now required to build the C# extractor.
* The Models as Data models for .NET 8 Runtime now include generated models for higher order methods.

14
csharp/ql/lib/change-notes/released/5.1.0.md Normal file
View File

@@ -0,0 +1,14 @@
## 5.1.0
### Deprecated APIs
* The predicates `immediatelyControls` and `controls` on the `ConditionBlock`
class have been deprecated in favor of the newly added `dominatingEdge`
predicate.
### Minor Analysis Improvements
* Full support for C# 13 / .NET 9. All new language features are now supported by the extractor. QL library and data flow support for the new C# 13 language constructs and generated MaD models for the .NET 9 runtime.
* C# 13: Add generated models for .NET 9.
* The models for `System.Net.Http.HttpRequestMessage` and `System.UriBuilder` have been modified to better model the flow of tainted URIs.
* Blazor `[Parameter]` fields bound to a variable from the route specified in the `@page` directive are now modeled as remote flow sources.

2
csharp/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 5.0.0
lastReleaseVersion: 5.1.0

2
csharp/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/csharp-all
version: 5.0.1-dev
version: 5.1.1-dev
groups: csharp
dbscheme: semmlecode.csharp.dbscheme
extractor: csharp

79
csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll
View File

@@ -664,7 +664,7 @@ module LocalFlow {
ssaDef.getADefinition() = def and
ssaDef.getControlFlowNode() = cfn and
nodeFrom = TAssignableDefinitionNode(def, cfn) and
nodeTo.(SsaDefinitionExtNode).getDefinitionExt() = ssaDef
nodeTo.(SsaDefinitionNode).getDefinition() = ssaDef
)
}
@@ -1269,78 +1269,33 @@ predicate nodeIsHidden(Node n) {
}
/** An SSA node. */
abstract class SsaNode extends NodeImpl, TSsaNode {
class SsaNode extends NodeImpl, TSsaNode {
SsaImpl::DataFlowIntegration::SsaNode node;
SsaImpl::DefinitionExt def;
SsaNode() {
this = TSsaNode(node) and
def = node.getDefinitionExt()
}
SsaImpl::DefinitionExt getDefinitionExt() { result = def }
SsaNode() { this = TSsaNode(node) }
override DataFlowCallable getEnclosingCallableImpl() {
result.getAControlFlowNode().getBasicBlock() = def.getBasicBlock()
result.getAControlFlowNode().getBasicBlock() = node.getBasicBlock()
}
override Type getTypeImpl() { result = def.getSourceVariable().getType() }
override Type getTypeImpl() { result = node.getSourceVariable().getType() }
override ControlFlow::Node getControlFlowNodeImpl() {
result = def.(Ssa::Definition).getControlFlowNode()
}
override ControlFlow::Node getControlFlowNodeImpl() { none() }
override Location getLocationImpl() { result = node.getLocation() }
override string toStringImpl() { result = node.toString() }
}
/** An (extended) SSA definition, viewed as a node in a data flow graph. */
class SsaDefinitionExtNode extends SsaNode {
override SsaImpl::DataFlowIntegration::SsaDefinitionExtNode node;
}
/** An SSA definition, viewed as a node in a data flow graph. */
class SsaDefinitionNode extends SsaNode {
override SsaImpl::DataFlowIntegration::SsaDefinitionNode node;
/**
* A node that represents an input to an SSA phi (read) definition.
*
* This allows for barrier guards to filter input to phi nodes. For example, in
*
* ```csharp
* var x = taint;
* if (x != "safe")
* {
* x = "safe";
* }
* sink(x);
* ```
*
* the `false` edge out of `x != "safe"` guards the input from `x = taint` into the
* `phi` node after the condition.
*
* It is also relevant to filter input into phi read nodes:
*
* ```csharp
* var x = taint;
* if (b)
* {
* if (x != "safe1")
* {
* return;
* }
* } else {
* if (x != "safe2")
* {
* return;
* }
* }
*
* sink(x);
* ```
*
* both inputs into the phi read node after the outer condition are guarded.
*/
class SsaInputNode extends SsaNode {
override SsaImpl::DataFlowIntegration::SsaInputNode node;
Ssa::Definition getDefinition() { result = node.getDefinition() }
override ControlFlow::Node getControlFlowNodeImpl() {
result = this.getDefinition().getControlFlowNode()
}
}
/** A definition, viewed as a node in a data flow graph. */
@@ -1728,12 +1683,12 @@ private module ReturnNodes {
* A data-flow node that represents an assignment to an `out` or a `ref`
* parameter.
*/
class OutRefReturnNode extends ReturnNode, SsaDefinitionExtNode {
class OutRefReturnNode extends ReturnNode, SsaDefinitionNode {
OutRefReturnKind kind;
OutRefReturnNode() {
exists(Parameter p |
this.getDefinitionExt().(Ssa::Definition).isLiveOutRefParameterDefinition(p) and
this.getDefinition().isLiveOutRefParameterDefinition(p) and
kind.getPosition() = p.getPosition()
|
p.isOut() and kind instanceof OutReturnKind
@@ -2464,7 +2419,7 @@ private predicate readContentStep(Node node1, Content c, Node node2) {
exists(ForeachStmt fs, Ssa::ExplicitDefinition def |
x.hasDefPath(fs.getIterableExpr(), node1.getControlFlowNode(), def.getADefinition(),
def.getControlFlowNode()) and
node2.(SsaDefinitionExtNode).getDefinitionExt() = def and
node2.(SsaDefinitionNode).getDefinition() = def and
c instanceof ElementContent
)
or

43
csharp/ql/lib/semmle/code/csharp/dataflow/internal/SsaImpl.qll
View File

@@ -734,7 +734,7 @@ private predicate variableReadPseudo(ControlFlow::BasicBlock bb, int i, Ssa::Sou
}
pragma[noinline]
private predicate adjacentDefRead(
deprecated private predicate adjacentDefRead(
Definition def, SsaInput::BasicBlock bb1, int i1, SsaInput::BasicBlock bb2, int i2,
SsaInput::SourceVariable v
) {
@@ -742,7 +742,7 @@ private predicate adjacentDefRead(
v = def.getSourceVariable()
}
private predicate adjacentDefReachesRead(
deprecated private predicate adjacentDefReachesRead(
Definition def, SsaInput::SourceVariable v, SsaInput::BasicBlock bb1, int i1,
SsaInput::BasicBlock bb2, int i2
) {
@@ -760,18 +760,7 @@ private predicate adjacentDefReachesRead(
)
}
/** Same as `adjacentDefRead`, but skips uncertain reads. */
pragma[nomagic]
private predicate adjacentDefSkipUncertainReads(
Definition def, SsaInput::BasicBlock bb1, int i1, SsaInput::BasicBlock bb2, int i2
) {
exists(SsaInput::SourceVariable v |
adjacentDefReachesRead(def, v, bb1, i1, bb2, i2) and
SsaInput::variableRead(bb2, i2, v, true)
)
}
private predicate adjacentDefReachesUncertainRead(
deprecated private predicate adjacentDefReachesUncertainRead(
Definition def, SsaInput::BasicBlock bb1, int i1, SsaInput::BasicBlock bb2, int i2
) {
exists(SsaInput::SourceVariable v |
@@ -933,10 +922,8 @@ private module Cached {
*/
cached
predicate firstReadSameVar(Definition def, ControlFlow::Node cfn) {
exists(ControlFlow::BasicBlock bb1, int i1, ControlFlow::BasicBlock bb2, int i2 |
def.definesAt(_, bb1, i1) and
adjacentDefSkipUncertainReads(def, bb1, i1, bb2, i2) and
cfn = bb2.getNode(i2)
exists(ControlFlow::BasicBlock bb, int i |
Impl::firstUse(def, bb, i, true) and cfn = bb.getNode(i)
)
}
@@ -947,25 +934,17 @@ private module Cached {
*/
cached
predicate adjacentReadPairSameVar(Definition def, ControlFlow::Node cfn1, ControlFlow::Node cfn2) {
exists(ControlFlow::BasicBlock bb1, int i1, ControlFlow::BasicBlock bb2, int i2 |
exists(
ControlFlow::BasicBlock bb1, int i1, ControlFlow::BasicBlock bb2, int i2,
Ssa::SourceVariable v
|
Impl::ssaDefReachesRead(v, def, bb1, i1) and
Impl::adjacentUseUse(bb1, i1, bb2, i2, v, true) and
cfn1 = bb1.getNode(i1) and
variableReadActual(bb1, i1, _) and
adjacentDefSkipUncertainReads(def, bb1, i1, bb2, i2) and
cfn2 = bb2.getNode(i2)
)
}
cached
predicate lastRefBeforeRedef(Definition def, ControlFlow::BasicBlock bb, int i, Definition next) {
Impl::lastRefRedef(def, bb, i, next) and
not SsaInput::variableRead(bb, i, def.getSourceVariable(), false)
or
exists(SsaInput::BasicBlock bb0, int i0 |
Impl::lastRefRedef(def, bb0, i0, next) and
adjacentDefReachesUncertainRead(def, bb, i, bb0, i0)
)
}
cached
Definition uncertainWriteDefinitionInput(UncertainWriteDefinition def) {
Impl::uncertainWriteDefinitionInput(def, result)

4
csharp/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 1.0.17
No user-facing changes.
## 1.0.16
### Minor Analysis Improvements

6
csharp/ql/src/Useless code/DefaultToStringQuery.qll
View File

@@ -46,6 +46,7 @@ private predicate alwaysInvokesToString(ParameterRead pr) {
* method from `System.Object` or `System.ValueType`.
*/
predicate alwaysDefaultToString(ValueOrRefType t) {
not t instanceof TupleType and
exists(ToStringMethod m | t.hasMethod(m) |
m.getDeclaringType() instanceof SystemObjectClass or
m.getDeclaringType() instanceof SystemValueTypeClass
@@ -55,6 +56,11 @@ predicate alwaysDefaultToString(ValueOrRefType t) {
overriding.getABaseType+() = t
) and
((t.isAbstract() or t instanceof Interface) implies not t.isEffectivelyPublic())
or
exists(ValueOrRefType elem |
elem = t.(TupleType).getElementType(_) and
alwaysDefaultToString(elem)
)
}
class DefaultToStringType extends ValueOrRefType {

4
csharp/ql/src/change-notes/2025-02-24-object-tostring.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* C#: Improve precision of the query `cs/call-to-object-tostring` for value tuples.

3
csharp/ql/src/change-notes/released/1.0.17.md Normal file
View File

@@ -0,0 +1,3 @@
## 1.0.17
No user-facing changes.

2
csharp/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.0.16
lastReleaseVersion: 1.0.17

10
csharp/ql/src/codeql-suites/csharp-ccr.qls
View File

@@ -1 +1,9 @@
[]
- queries: .
- include:
id:
- cs/index-out-of-bounds
- cs/test-for-negative-container-size
- cs/unchecked-cast-in-equals
- cs/reference-equality-on-valuetypes
- cs/self-assignment
- cs/inefficient-containskey

2
csharp/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/csharp-queries
version: 1.0.17-dev
version: 1.0.18-dev
groups:
- csharp
- queries

6
csharp/ql/test/library-tests/controlflow/graph/BasicBlock.expected
View File

@@ -1190,11 +1190,11 @@
| cflow.cs:181:28:181:37 | enter (...) => ... | cflow.cs:181:28:181:37 | exit (...) => ... | 6 |
| cflow.cs:182:28:182:61 | enter delegate(...) { ... } | cflow.cs:182:28:182:61 | exit delegate(...) { ... } | 8 |
| cflow.cs:185:10:185:18 | enter LogicalOr | cflow.cs:187:13:187:18 | ... == ... | 6 |
| cflow.cs:187:13:187:28 | [false] ... \|\| ... | cflow.cs:187:13:187:28 | [false] ... \|\| ... | 1 |
| cflow.cs:187:13:187:50 | [false] ... \|\| ... | cflow.cs:187:13:187:50 | [false] ... \|\| ... | 1 |
| cflow.cs:187:13:187:28 | ... \|\| ... | cflow.cs:187:13:187:28 | ... \|\| ... | 1 |
| cflow.cs:187:13:187:50 | ... \|\| ... | cflow.cs:187:13:187:50 | ... \|\| ... | 1 |
| cflow.cs:187:23:187:23 | 2 | cflow.cs:187:23:187:28 | ... == ... | 3 |
| cflow.cs:187:34:187:34 | 1 | cflow.cs:187:34:187:39 | ... == ... | 3 |
| cflow.cs:187:34:187:49 | [false] ... && ... | cflow.cs:187:34:187:49 | [false] ... && ... | 1 |
| cflow.cs:187:34:187:49 | ... && ... | cflow.cs:187:34:187:49 | ... && ... | 1 |
| cflow.cs:190:13:190:52 | ...; | cflow.cs:185:10:185:18 | exit LogicalOr | 5 |
| cflow.cs:193:10:193:17 | enter Booleans | cflow.cs:195:17:195:32 | ... > ... | 8 |
| cflow.cs:193:10:193:17 | exit Booleans | cflow.cs:193:10:193:17 | exit Booleans | 1 |

40
csharp/ql/test/library-tests/controlflow/graph/Condition.expected
View File

@@ -2303,27 +2303,27 @@ conditionBlock
| cflow.cs:167:16:167:16 | access to local variable x | cflow.cs:174:9:176:9 | {...} | false |
| cflow.cs:173:32:173:32 | access to local variable i | cflow.cs:146:10:146:12 | exit For (normal) | false |
| cflow.cs:173:32:173:32 | access to local variable i | cflow.cs:174:9:176:9 | {...} | true |
| cflow.cs:185:10:185:18 | enter LogicalOr | cflow.cs:187:13:187:28 | [false] ... \|\| ... | false |
| cflow.cs:185:10:185:18 | enter LogicalOr | cflow.cs:187:13:187:50 | [false] ... \|\| ... | false |
| cflow.cs:185:10:185:18 | enter LogicalOr | cflow.cs:187:13:187:28 | ... \|\| ... | false |
| cflow.cs:185:10:185:18 | enter LogicalOr | cflow.cs:187:13:187:50 | ... \|\| ... | false |
| cflow.cs:185:10:185:18 | enter LogicalOr | cflow.cs:187:23:187:23 | 2 | false |
| cflow.cs:185:10:185:18 | enter LogicalOr | cflow.cs:187:34:187:34 | 1 | false |
| cflow.cs:185:10:185:18 | enter LogicalOr | cflow.cs:187:34:187:49 | [false] ... && ... | false |
| cflow.cs:185:10:185:18 | enter LogicalOr | cflow.cs:187:34:187:49 | ... && ... | false |
| cflow.cs:185:10:185:18 | enter LogicalOr | cflow.cs:190:13:190:52 | ...; | false |
| cflow.cs:187:13:187:28 | [false] ... \|\| ... | cflow.cs:187:13:187:50 | [false] ... \|\| ... | false |
| cflow.cs:187:13:187:28 | [false] ... \|\| ... | cflow.cs:187:34:187:34 | 1 | false |
| cflow.cs:187:13:187:28 | [false] ... \|\| ... | cflow.cs:187:34:187:49 | [false] ... && ... | false |
| cflow.cs:187:13:187:28 | [false] ... \|\| ... | cflow.cs:190:13:190:52 | ...; | false |
| cflow.cs:187:13:187:50 | [false] ... \|\| ... | cflow.cs:190:13:190:52 | ...; | false |
| cflow.cs:187:23:187:23 | 2 | cflow.cs:187:13:187:28 | [false] ... \|\| ... | false |
| cflow.cs:187:23:187:23 | 2 | cflow.cs:187:13:187:50 | [false] ... \|\| ... | false |
| cflow.cs:187:13:187:28 | ... \|\| ... | cflow.cs:187:13:187:50 | ... \|\| ... | false |
| cflow.cs:187:13:187:28 | ... \|\| ... | cflow.cs:187:34:187:34 | 1 | false |
| cflow.cs:187:13:187:28 | ... \|\| ... | cflow.cs:187:34:187:49 | ... && ... | false |
| cflow.cs:187:13:187:28 | ... \|\| ... | cflow.cs:190:13:190:52 | ...; | false |
| cflow.cs:187:13:187:50 | ... \|\| ... | cflow.cs:190:13:190:52 | ...; | false |
| cflow.cs:187:23:187:23 | 2 | cflow.cs:187:13:187:28 | ... \|\| ... | false |
| cflow.cs:187:23:187:23 | 2 | cflow.cs:187:13:187:50 | ... \|\| ... | false |
| cflow.cs:187:23:187:23 | 2 | cflow.cs:187:34:187:34 | 1 | false |
| cflow.cs:187:23:187:23 | 2 | cflow.cs:187:34:187:49 | [false] ... && ... | false |
| cflow.cs:187:23:187:23 | 2 | cflow.cs:187:34:187:49 | ... && ... | false |
| cflow.cs:187:23:187:23 | 2 | cflow.cs:190:13:190:52 | ...; | false |
| cflow.cs:187:34:187:34 | 1 | cflow.cs:187:13:187:50 | [false] ... \|\| ... | false |
| cflow.cs:187:34:187:34 | 1 | cflow.cs:187:34:187:49 | [false] ... && ... | false |
| cflow.cs:187:34:187:34 | 1 | cflow.cs:187:13:187:50 | ... \|\| ... | false |
| cflow.cs:187:34:187:34 | 1 | cflow.cs:187:34:187:49 | ... && ... | false |
| cflow.cs:187:34:187:34 | 1 | cflow.cs:190:13:190:52 | ...; | false |
| cflow.cs:187:34:187:49 | [false] ... && ... | cflow.cs:187:13:187:50 | [false] ... \|\| ... | false |
| cflow.cs:187:34:187:49 | [false] ... && ... | cflow.cs:190:13:190:52 | ...; | false |
| cflow.cs:187:34:187:49 | ... && ... | cflow.cs:187:13:187:50 | ... \|\| ... | false |
| cflow.cs:187:34:187:49 | ... && ... | cflow.cs:190:13:190:52 | ...; | false |
| cflow.cs:193:10:193:17 | enter Booleans | cflow.cs:195:39:195:43 | this access | true |
| cflow.cs:195:17:195:56 | ... && ... | cflow.cs:197:13:197:47 | [false] !... | false |
| cflow.cs:195:17:195:56 | ... && ... | cflow.cs:197:13:197:47 | [true] !... | true |
@@ -2964,11 +2964,11 @@ conditionFlow
| cflow.cs:173:32:173:41 | ... < ... | cflow.cs:146:10:146:12 | exit For (normal) | false |
| cflow.cs:173:32:173:41 | ... < ... | cflow.cs:174:9:176:9 | {...} | true |
| cflow.cs:187:13:187:18 | ... == ... | cflow.cs:187:23:187:23 | 2 | false |
| cflow.cs:187:13:187:28 | [false] ... \|\| ... | cflow.cs:187:34:187:34 | 1 | false |
| cflow.cs:187:13:187:50 | [false] ... \|\| ... | cflow.cs:190:13:190:52 | ...; | false |
| cflow.cs:187:23:187:28 | ... == ... | cflow.cs:187:13:187:28 | [false] ... \|\| ... | false |
| cflow.cs:187:34:187:39 | ... == ... | cflow.cs:187:34:187:49 | [false] ... && ... | false |
| cflow.cs:187:34:187:49 | [false] ... && ... | cflow.cs:187:13:187:50 | [false] ... \|\| ... | false |
| cflow.cs:187:13:187:28 | ... \|\| ... | cflow.cs:187:34:187:34 | 1 | false |
| cflow.cs:187:13:187:50 | ... \|\| ... | cflow.cs:190:13:190:52 | ...; | false |
| cflow.cs:187:23:187:28 | ... == ... | cflow.cs:187:13:187:28 | ... \|\| ... | false |
| cflow.cs:187:34:187:39 | ... == ... | cflow.cs:187:34:187:49 | ... && ... | false |
| cflow.cs:187:34:187:49 | ... && ... | cflow.cs:187:13:187:50 | ... \|\| ... | false |
| cflow.cs:195:17:195:32 | ... > ... | cflow.cs:195:17:195:56 | ... && ... | false |
| cflow.cs:195:17:195:32 | ... > ... | cflow.cs:195:39:195:43 | this access | true |
| cflow.cs:197:13:197:47 | [false] !... | cflow.cs:200:9:205:9 | if (...) ... | false |

92
csharp/ql/test/library-tests/controlflow/graph/Dominance.expected
View File

@@ -4151,15 +4151,15 @@ dominance
| cflow.cs:187:9:190:52 | if (...) ... | cflow.cs:187:13:187:13 | 1 |
| cflow.cs:187:13:187:13 | 1 | cflow.cs:187:18:187:18 | 2 |
| cflow.cs:187:13:187:18 | ... == ... | cflow.cs:187:23:187:23 | 2 |
| cflow.cs:187:13:187:28 | [false] ... \|\| ... | cflow.cs:187:34:187:34 | 1 |
| cflow.cs:187:13:187:50 | [false] ... \|\| ... | cflow.cs:190:13:190:52 | ...; |
| cflow.cs:187:13:187:28 | ... \|\| ... | cflow.cs:187:34:187:34 | 1 |
| cflow.cs:187:13:187:50 | ... \|\| ... | cflow.cs:190:13:190:52 | ...; |
| cflow.cs:187:18:187:18 | 2 | cflow.cs:187:13:187:18 | ... == ... |
| cflow.cs:187:23:187:23 | 2 | cflow.cs:187:28:187:28 | 3 |
| cflow.cs:187:23:187:28 | ... == ... | cflow.cs:187:13:187:28 | [false] ... \|\| ... |
| cflow.cs:187:23:187:28 | ... == ... | cflow.cs:187:13:187:28 | ... \|\| ... |
| cflow.cs:187:28:187:28 | 3 | cflow.cs:187:23:187:28 | ... == ... |
| cflow.cs:187:34:187:34 | 1 | cflow.cs:187:39:187:39 | 3 |
| cflow.cs:187:34:187:39 | ... == ... | cflow.cs:187:34:187:49 | [false] ... && ... |
| cflow.cs:187:34:187:49 | [false] ... && ... | cflow.cs:187:13:187:50 | [false] ... \|\| ... |
| cflow.cs:187:34:187:39 | ... == ... | cflow.cs:187:34:187:49 | ... && ... |
| cflow.cs:187:34:187:49 | ... && ... | cflow.cs:187:13:187:50 | ... \|\| ... |
| cflow.cs:187:39:187:39 | 3 | cflow.cs:187:34:187:39 | ... == ... |
| cflow.cs:190:13:190:51 | call to method WriteLine | cflow.cs:185:10:185:18 | exit LogicalOr (normal) |
| cflow.cs:190:13:190:52 | ...; | cflow.cs:190:31:190:50 | "This should happen" |
@@ -8307,18 +8307,18 @@ postDominance
| cflow.cs:187:9:190:52 | if (...) ... | cflow.cs:186:5:191:5 | {...} |
| cflow.cs:187:13:187:13 | 1 | cflow.cs:187:9:190:52 | if (...) ... |
| cflow.cs:187:13:187:18 | ... == ... | cflow.cs:187:18:187:18 | 2 |
| cflow.cs:187:13:187:28 | [false] ... \|\| ... | cflow.cs:187:23:187:28 | ... == ... |
| cflow.cs:187:13:187:50 | [false] ... \|\| ... | cflow.cs:187:34:187:49 | [false] ... && ... |
| cflow.cs:187:13:187:28 | ... \|\| ... | cflow.cs:187:23:187:28 | ... == ... |
| cflow.cs:187:13:187:50 | ... \|\| ... | cflow.cs:187:34:187:49 | ... && ... |
| cflow.cs:187:18:187:18 | 2 | cflow.cs:187:13:187:13 | 1 |
| cflow.cs:187:23:187:23 | 2 | cflow.cs:187:13:187:18 | ... == ... |
| cflow.cs:187:23:187:28 | ... == ... | cflow.cs:187:28:187:28 | 3 |
| cflow.cs:187:28:187:28 | 3 | cflow.cs:187:23:187:23 | 2 |
| cflow.cs:187:34:187:34 | 1 | cflow.cs:187:13:187:28 | [false] ... \|\| ... |
| cflow.cs:187:34:187:34 | 1 | cflow.cs:187:13:187:28 | ... \|\| ... |
| cflow.cs:187:34:187:39 | ... == ... | cflow.cs:187:39:187:39 | 3 |
| cflow.cs:187:34:187:49 | [false] ... && ... | cflow.cs:187:34:187:39 | ... == ... |
| cflow.cs:187:34:187:49 | ... && ... | cflow.cs:187:34:187:39 | ... == ... |
| cflow.cs:187:39:187:39 | 3 | cflow.cs:187:34:187:34 | 1 |
| cflow.cs:190:13:190:51 | call to method WriteLine | cflow.cs:190:31:190:50 | "This should happen" |
| cflow.cs:190:13:190:52 | ...; | cflow.cs:187:13:187:50 | [false] ... \|\| ... |
| cflow.cs:190:13:190:52 | ...; | cflow.cs:187:13:187:50 | ... \|\| ... |
| cflow.cs:190:31:190:50 | "This should happen" | cflow.cs:190:13:190:52 | ...; |
| cflow.cs:193:10:193:17 | exit Booleans (abnormal) | cflow.cs:203:17:203:38 | throw ...; |
| cflow.cs:193:10:193:17 | exit Booleans (normal) | cflow.cs:200:13:200:62 | [false] ... \|\| ... |
@@ -12909,32 +12909,32 @@ blockDominance
| cflow.cs:181:28:181:37 | enter (...) => ... | cflow.cs:181:28:181:37 | enter (...) => ... |
| cflow.cs:182:28:182:61 | enter delegate(...) { ... } | cflow.cs:182:28:182:61 | enter delegate(...) { ... } |
| cflow.cs:185:10:185:18 | enter LogicalOr | cflow.cs:185:10:185:18 | enter LogicalOr |
| cflow.cs:185:10:185:18 | enter LogicalOr | cflow.cs:187:13:187:28 | [false] ... \|\| ... |
| cflow.cs:185:10:185:18 | enter LogicalOr | cflow.cs:187:13:187:50 | [false] ... \|\| ... |
| cflow.cs:185:10:185:18 | enter LogicalOr | cflow.cs:187:13:187:28 | ... \|\| ... |
| cflow.cs:185:10:185:18 | enter LogicalOr | cflow.cs:187:13:187:50 | ... \|\| ... |
| cflow.cs:185:10:185:18 | enter LogicalOr | cflow.cs:187:23:187:23 | 2 |
| cflow.cs:185:10:185:18 | enter LogicalOr | cflow.cs:187:34:187:34 | 1 |
| cflow.cs:185:10:185:18 | enter LogicalOr | cflow.cs:187:34:187:49 | [false] ... && ... |
| cflow.cs:185:10:185:18 | enter LogicalOr | cflow.cs:187:34:187:49 | ... && ... |
| cflow.cs:185:10:185:18 | enter LogicalOr | cflow.cs:190:13:190:52 | ...; |
| cflow.cs:187:13:187:28 | [false] ... \|\| ... | cflow.cs:187:13:187:28 | [false] ... \|\| ... |
| cflow.cs:187:13:187:28 | [false] ... \|\| ... | cflow.cs:187:13:187:50 | [false] ... \|\| ... |
| cflow.cs:187:13:187:28 | [false] ... \|\| ... | cflow.cs:187:34:187:34 | 1 |
| cflow.cs:187:13:187:28 | [false] ... \|\| ... | cflow.cs:187:34:187:49 | [false] ... && ... |
| cflow.cs:187:13:187:28 | [false] ... \|\| ... | cflow.cs:190:13:190:52 | ...; |
| cflow.cs:187:13:187:50 | [false] ... \|\| ... | cflow.cs:187:13:187:50 | [false] ... \|\| ... |
| cflow.cs:187:13:187:50 | [false] ... \|\| ... | cflow.cs:190:13:190:52 | ...; |
| cflow.cs:187:23:187:23 | 2 | cflow.cs:187:13:187:28 | [false] ... \|\| ... |
| cflow.cs:187:23:187:23 | 2 | cflow.cs:187:13:187:50 | [false] ... \|\| ... |
| cflow.cs:187:13:187:28 | ... \|\| ... | cflow.cs:187:13:187:28 | ... \|\| ... |
| cflow.cs:187:13:187:28 | ... \|\| ... | cflow.cs:187:13:187:50 | ... \|\| ... |
| cflow.cs:187:13:187:28 | ... \|\| ... | cflow.cs:187:34:187:34 | 1 |
| cflow.cs:187:13:187:28 | ... \|\| ... | cflow.cs:187:34:187:49 | ... && ... |
| cflow.cs:187:13:187:28 | ... \|\| ... | cflow.cs:190:13:190:52 | ...; |
| cflow.cs:187:13:187:50 | ... \|\| ... | cflow.cs:187:13:187:50 | ... \|\| ... |
| cflow.cs:187:13:187:50 | ... \|\| ... | cflow.cs:190:13:190:52 | ...; |
| cflow.cs:187:23:187:23 | 2 | cflow.cs:187:13:187:28 | ... \|\| ... |
| cflow.cs:187:23:187:23 | 2 | cflow.cs:187:13:187:50 | ... \|\| ... |
| cflow.cs:187:23:187:23 | 2 | cflow.cs:187:23:187:23 | 2 |
| cflow.cs:187:23:187:23 | 2 | cflow.cs:187:34:187:34 | 1 |
| cflow.cs:187:23:187:23 | 2 | cflow.cs:187:34:187:49 | [false] ... && ... |
| cflow.cs:187:23:187:23 | 2 | cflow.cs:187:34:187:49 | ... && ... |
| cflow.cs:187:23:187:23 | 2 | cflow.cs:190:13:190:52 | ...; |
| cflow.cs:187:34:187:34 | 1 | cflow.cs:187:13:187:50 | [false] ... \|\| ... |
| cflow.cs:187:34:187:34 | 1 | cflow.cs:187:13:187:50 | ... \|\| ... |
| cflow.cs:187:34:187:34 | 1 | cflow.cs:187:34:187:34 | 1 |
| cflow.cs:187:34:187:34 | 1 | cflow.cs:187:34:187:49 | [false] ... && ... |
| cflow.cs:187:34:187:34 | 1 | cflow.cs:187:34:187:49 | ... && ... |
| cflow.cs:187:34:187:34 | 1 | cflow.cs:190:13:190:52 | ...; |
| cflow.cs:187:34:187:49 | [false] ... && ... | cflow.cs:187:13:187:50 | [false] ... \|\| ... |
| cflow.cs:187:34:187:49 | [false] ... && ... | cflow.cs:187:34:187:49 | [false] ... && ... |
| cflow.cs:187:34:187:49 | [false] ... && ... | cflow.cs:190:13:190:52 | ...; |
| cflow.cs:187:34:187:49 | ... && ... | cflow.cs:187:13:187:50 | ... \|\| ... |
| cflow.cs:187:34:187:49 | ... && ... | cflow.cs:187:34:187:49 | ... && ... |
| cflow.cs:187:34:187:49 | ... && ... | cflow.cs:190:13:190:52 | ...; |
| cflow.cs:190:13:190:52 | ...; | cflow.cs:190:13:190:52 | ...; |
| cflow.cs:193:10:193:17 | enter Booleans | cflow.cs:193:10:193:17 | enter Booleans |
| cflow.cs:193:10:193:17 | enter Booleans | cflow.cs:193:10:193:17 | exit Booleans |
@@ -16126,32 +16126,32 @@ postBlockDominance
| cflow.cs:181:28:181:37 | enter (...) => ... | cflow.cs:181:28:181:37 | enter (...) => ... |
| cflow.cs:182:28:182:61 | enter delegate(...) { ... } | cflow.cs:182:28:182:61 | enter delegate(...) { ... } |
| cflow.cs:185:10:185:18 | enter LogicalOr | cflow.cs:185:10:185:18 | enter LogicalOr |
| cflow.cs:187:13:187:28 | [false] ... \|\| ... | cflow.cs:185:10:185:18 | enter LogicalOr |
| cflow.cs:187:13:187:28 | [false] ... \|\| ... | cflow.cs:187:13:187:28 | [false] ... \|\| ... |
| cflow.cs:187:13:187:28 | [false] ... \|\| ... | cflow.cs:187:23:187:23 | 2 |
| cflow.cs:187:13:187:50 | [false] ... \|\| ... | cflow.cs:185:10:185:18 | enter LogicalOr |
| cflow.cs:187:13:187:50 | [false] ... \|\| ... | cflow.cs:187:13:187:28 | [false] ... \|\| ... |
| cflow.cs:187:13:187:50 | [false] ... \|\| ... | cflow.cs:187:13:187:50 | [false] ... \|\| ... |
| cflow.cs:187:13:187:50 | [false] ... \|\| ... | cflow.cs:187:23:187:23 | 2 |
| cflow.cs:187:13:187:50 | [false] ... \|\| ... | cflow.cs:187:34:187:34 | 1 |
| cflow.cs:187:13:187:50 | [false] ... \|\| ... | cflow.cs:187:34:187:49 | [false] ... && ... |
| cflow.cs:187:13:187:28 | ... \|\| ... | cflow.cs:185:10:185:18 | enter LogicalOr |
| cflow.cs:187:13:187:28 | ... \|\| ... | cflow.cs:187:13:187:28 | ... \|\| ... |
| cflow.cs:187:13:187:28 | ... \|\| ... | cflow.cs:187:23:187:23 | 2 |
| cflow.cs:187:13:187:50 | ... \|\| ... | cflow.cs:185:10:185:18 | enter LogicalOr |
| cflow.cs:187:13:187:50 | ... \|\| ... | cflow.cs:187:13:187:28 | ... \|\| ... |
| cflow.cs:187:13:187:50 | ... \|\| ... | cflow.cs:187:13:187:50 | ... \|\| ... |
| cflow.cs:187:13:187:50 | ... \|\| ... | cflow.cs:187:23:187:23 | 2 |
| cflow.cs:187:13:187:50 | ... \|\| ... | cflow.cs:187:34:187:34 | 1 |
| cflow.cs:187:13:187:50 | ... \|\| ... | cflow.cs:187:34:187:49 | ... && ... |
| cflow.cs:187:23:187:23 | 2 | cflow.cs:185:10:185:18 | enter LogicalOr |
| cflow.cs:187:23:187:23 | 2 | cflow.cs:187:23:187:23 | 2 |
| cflow.cs:187:34:187:34 | 1 | cflow.cs:185:10:185:18 | enter LogicalOr |
| cflow.cs:187:34:187:34 | 1 | cflow.cs:187:13:187:28 | [false] ... \|\| ... |
| cflow.cs:187:34:187:34 | 1 | cflow.cs:187:13:187:28 | ... \|\| ... |
| cflow.cs:187:34:187:34 | 1 | cflow.cs:187:23:187:23 | 2 |
| cflow.cs:187:34:187:34 | 1 | cflow.cs:187:34:187:34 | 1 |
| cflow.cs:187:34:187:49 | [false] ... && ... | cflow.cs:185:10:185:18 | enter LogicalOr |
| cflow.cs:187:34:187:49 | [false] ... && ... | cflow.cs:187:13:187:28 | [false] ... \|\| ... |
| cflow.cs:187:34:187:49 | [false] ... && ... | cflow.cs:187:23:187:23 | 2 |
| cflow.cs:187:34:187:49 | [false] ... && ... | cflow.cs:187:34:187:34 | 1 |
| cflow.cs:187:34:187:49 | [false] ... && ... | cflow.cs:187:34:187:49 | [false] ... && ... |
| cflow.cs:187:34:187:49 | ... && ... | cflow.cs:185:10:185:18 | enter LogicalOr |
| cflow.cs:187:34:187:49 | ... && ... | cflow.cs:187:13:187:28 | ... \|\| ... |
| cflow.cs:187:34:187:49 | ... && ... | cflow.cs:187:23:187:23 | 2 |
| cflow.cs:187:34:187:49 | ... && ... | cflow.cs:187:34:187:34 | 1 |
| cflow.cs:187:34:187:49 | ... && ... | cflow.cs:187:34:187:49 | ... && ... |
| cflow.cs:190:13:190:52 | ...; | cflow.cs:185:10:185:18 | enter LogicalOr |
| cflow.cs:190:13:190:52 | ...; | cflow.cs:187:13:187:28 | [false] ... \|\| ... |
| cflow.cs:190:13:190:52 | ...; | cflow.cs:187:13:187:50 | [false] ... \|\| ... |
| cflow.cs:190:13:190:52 | ...; | cflow.cs:187:13:187:28 | ... \|\| ... |
| cflow.cs:190:13:190:52 | ...; | cflow.cs:187:13:187:50 | ... \|\| ... |
| cflow.cs:190:13:190:52 | ...; | cflow.cs:187:23:187:23 | 2 |
| cflow.cs:190:13:190:52 | ...; | cflow.cs:187:34:187:34 | 1 |
| cflow.cs:190:13:190:52 | ...; | cflow.cs:187:34:187:49 | [false] ... && ... |
| cflow.cs:190:13:190:52 | ...; | cflow.cs:187:34:187:49 | ... && ... |
| cflow.cs:190:13:190:52 | ...; | cflow.cs:190:13:190:52 | ...; |
| cflow.cs:193:10:193:17 | enter Booleans | cflow.cs:193:10:193:17 | enter Booleans |
| cflow.cs:193:10:193:17 | exit Booleans | cflow.cs:193:10:193:17 | exit Booleans |

12
csharp/ql/test/library-tests/controlflow/graph/EnclosingCallable.expected
View File

@@ -4539,15 +4539,15 @@ nodeEnclosing
| cflow.cs:187:9:190:52 | if (...) ... | cflow.cs:185:10:185:18 | LogicalOr |
| cflow.cs:187:13:187:13 | 1 | cflow.cs:185:10:185:18 | LogicalOr |
| cflow.cs:187:13:187:18 | ... == ... | cflow.cs:185:10:185:18 | LogicalOr |
| cflow.cs:187:13:187:28 | [false] ... \|\| ... | cflow.cs:185:10:185:18 | LogicalOr |
| cflow.cs:187:13:187:50 | [false] ... \|\| ... | cflow.cs:185:10:185:18 | LogicalOr |
| cflow.cs:187:13:187:28 | ... \|\| ... | cflow.cs:185:10:185:18 | LogicalOr |
| cflow.cs:187:13:187:50 | ... \|\| ... | cflow.cs:185:10:185:18 | LogicalOr |
| cflow.cs:187:18:187:18 | 2 | cflow.cs:185:10:185:18 | LogicalOr |
| cflow.cs:187:23:187:23 | 2 | cflow.cs:185:10:185:18 | LogicalOr |
| cflow.cs:187:23:187:28 | ... == ... | cflow.cs:185:10:185:18 | LogicalOr |
| cflow.cs:187:28:187:28 | 3 | cflow.cs:185:10:185:18 | LogicalOr |
| cflow.cs:187:34:187:34 | 1 | cflow.cs:185:10:185:18 | LogicalOr |
| cflow.cs:187:34:187:39 | ... == ... | cflow.cs:185:10:185:18 | LogicalOr |
| cflow.cs:187:34:187:49 | [false] ... && ... | cflow.cs:185:10:185:18 | LogicalOr |
| cflow.cs:187:34:187:49 | ... && ... | cflow.cs:185:10:185:18 | LogicalOr |
| cflow.cs:187:39:187:39 | 3 | cflow.cs:185:10:185:18 | LogicalOr |
| cflow.cs:190:13:190:51 | call to method WriteLine | cflow.cs:185:10:185:18 | LogicalOr |
| cflow.cs:190:13:190:52 | ...; | cflow.cs:185:10:185:18 | LogicalOr |
@@ -6016,11 +6016,11 @@ blockEnclosing
| cflow.cs:181:28:181:37 | enter (...) => ... | cflow.cs:181:28:181:37 | (...) => ... |
| cflow.cs:182:28:182:61 | enter delegate(...) { ... } | cflow.cs:182:28:182:61 | delegate(...) { ... } |
| cflow.cs:185:10:185:18 | enter LogicalOr | cflow.cs:185:10:185:18 | LogicalOr |
| cflow.cs:187:13:187:28 | [false] ... \|\| ... | cflow.cs:185:10:185:18 | LogicalOr |
| cflow.cs:187:13:187:50 | [false] ... \|\| ... | cflow.cs:185:10:185:18 | LogicalOr |
| cflow.cs:187:13:187:28 | ... \|\| ... | cflow.cs:185:10:185:18 | LogicalOr |
| cflow.cs:187:13:187:50 | ... \|\| ... | cflow.cs:185:10:185:18 | LogicalOr |
| cflow.cs:187:23:187:23 | 2 | cflow.cs:185:10:185:18 | LogicalOr |
| cflow.cs:187:34:187:34 | 1 | cflow.cs:185:10:185:18 | LogicalOr |
| cflow.cs:187:34:187:49 | [false] ... && ... | cflow.cs:185:10:185:18 | LogicalOr |
| cflow.cs:187:34:187:49 | ... && ... | cflow.cs:185:10:185:18 | LogicalOr |
| cflow.cs:190:13:190:52 | ...; | cflow.cs:185:10:185:18 | LogicalOr |
| cflow.cs:193:10:193:17 | enter Booleans | cflow.cs:193:10:193:17 | Booleans |
| cflow.cs:193:10:193:17 | exit Booleans | cflow.cs:193:10:193:17 | Booleans |

10
csharp/ql/test/library-tests/controlflow/graph/NodeGraph.expected
View File

@@ -4658,15 +4658,15 @@
| cflow.cs:187:9:190:52 | if (...) ... | cflow.cs:187:13:187:13 | 1 | |
| cflow.cs:187:13:187:13 | 1 | cflow.cs:187:18:187:18 | 2 | |
| cflow.cs:187:13:187:18 | ... == ... | cflow.cs:187:23:187:23 | 2 | false |
| cflow.cs:187:13:187:28 | [false] ... \|\| ... | cflow.cs:187:34:187:34 | 1 | false |
| cflow.cs:187:13:187:50 | [false] ... \|\| ... | cflow.cs:190:13:190:52 | ...; | false |
| cflow.cs:187:13:187:28 | ... \|\| ... | cflow.cs:187:34:187:34 | 1 | false |
| cflow.cs:187:13:187:50 | ... \|\| ... | cflow.cs:190:13:190:52 | ...; | false |
| cflow.cs:187:18:187:18 | 2 | cflow.cs:187:13:187:18 | ... == ... | |
| cflow.cs:187:23:187:23 | 2 | cflow.cs:187:28:187:28 | 3 | |
| cflow.cs:187:23:187:28 | ... == ... | cflow.cs:187:13:187:28 | [false] ... \|\| ... | false |
| cflow.cs:187:23:187:28 | ... == ... | cflow.cs:187:13:187:28 | ... \|\| ... | false |
| cflow.cs:187:28:187:28 | 3 | cflow.cs:187:23:187:28 | ... == ... | |
| cflow.cs:187:34:187:34 | 1 | cflow.cs:187:39:187:39 | 3 | |
| cflow.cs:187:34:187:39 | ... == ... | cflow.cs:187:34:187:49 | [false] ... && ... | false |
| cflow.cs:187:34:187:49 | [false] ... && ... | cflow.cs:187:13:187:50 | [false] ... \|\| ... | false |
| cflow.cs:187:34:187:39 | ... == ... | cflow.cs:187:34:187:49 | ... && ... | false |
| cflow.cs:187:34:187:49 | ... && ... | cflow.cs:187:13:187:50 | ... \|\| ... | false |
| cflow.cs:187:39:187:39 | 3 | cflow.cs:187:34:187:39 | ... == ... | |
| cflow.cs:190:13:190:51 | call to method WriteLine | cflow.cs:185:10:185:18 | exit LogicalOr (normal) | |
| cflow.cs:190:13:190:52 | ...; | cflow.cs:190:31:190:50 | "This should happen" | |

52
csharp/ql/test/library-tests/dataflow/local/DataFlowStep.expected
View File

@@ -533,8 +533,6 @@
| LocalDataFlow.cs:381:17:381:29 | "not tainted" | LocalDataFlow.cs:381:13:381:13 | access to local variable x |
| LocalDataFlow.cs:382:9:382:17 | SSA phi(x) | LocalDataFlow.cs:382:15:382:15 | access to local variable x |
| SSA.cs:5:17:5:17 | SSA entry def(this.S) | SSA.cs:67:9:67:14 | access to field S |
| SSA.cs:5:17:5:17 | [input] SSA def(this.S) | SSA.cs:136:23:136:28 | SSA def(this.S) |
| SSA.cs:5:17:5:17 | [input] SSA qualifier def(this.S.SsaFieldNonSink0) | SSA.cs:136:23:136:28 | SSA qualifier def(this.S.SsaFieldNonSink0) |
| SSA.cs:5:17:5:17 | this | SSA.cs:67:9:67:12 | this access |
| SSA.cs:5:26:5:32 | SSA param(tainted) | SSA.cs:8:24:8:30 | access to parameter tainted |
| SSA.cs:5:26:5:32 | tainted | SSA.cs:5:26:5:32 | SSA param(tainted) |
@@ -664,28 +662,28 @@
| SSA.cs:58:27:58:33 | access to parameter tainted | SSA.cs:58:16:58:23 | access to local variable ssaSink3 |
| SSA.cs:58:27:58:33 | access to parameter tainted | SSA.cs:67:32:67:38 | access to parameter tainted |
| SSA.cs:59:23:59:30 | SSA def(ssaSink3) | SSA.cs:60:15:60:22 | access to local variable ssaSink3 |
| SSA.cs:59:23:59:30 | [post] access to local variable ssaSink3 | SSA.cs:89:13:89:33 | [input] SSA def(ssaSink3) |
| SSA.cs:59:23:59:30 | [post] access to local variable ssaSink3 | SSA.cs:59:23:59:30 | SSA def(ssaSink3) |
| SSA.cs:59:23:59:30 | access to local variable ssaSink3 | SSA.cs:59:23:59:30 | SSA def(ssaSink3) |
| SSA.cs:59:23:59:30 | access to local variable ssaSink3 | SSA.cs:59:23:59:30 | SSA def(ssaSink3) |
| SSA.cs:59:23:59:30 | access to local variable ssaSink3 | SSA.cs:89:13:89:33 | [input] SSA def(ssaSink3) |
| SSA.cs:63:23:63:30 | SSA def(nonSink0) | SSA.cs:64:15:64:22 | access to local variable nonSink0 |
| SSA.cs:63:23:63:30 | [post] access to local variable nonSink0 | SSA.cs:89:13:89:33 | [input] SSA def(nonSink0) |
| SSA.cs:63:23:63:30 | [post] access to local variable nonSink0 | SSA.cs:63:23:63:30 | SSA def(nonSink0) |
| SSA.cs:63:23:63:30 | access to local variable nonSink0 | SSA.cs:63:23:63:30 | SSA def(nonSink0) |
| SSA.cs:63:23:63:30 | access to local variable nonSink0 | SSA.cs:63:23:63:30 | SSA def(nonSink0) |
| SSA.cs:63:23:63:30 | access to local variable nonSink0 | SSA.cs:89:13:89:33 | [input] SSA def(nonSink0) |
| SSA.cs:67:9:67:12 | [post] this access | SSA.cs:68:23:68:26 | this access |
| SSA.cs:67:9:67:12 | this access | SSA.cs:68:23:68:26 | this access |
| SSA.cs:67:9:67:14 | [post] access to field S | SSA.cs:68:23:68:28 | access to field S |
| SSA.cs:67:9:67:14 | access to field S | SSA.cs:68:23:68:28 | access to field S |
| SSA.cs:67:9:67:28 | access to field SsaFieldSink0 | SSA.cs:67:9:67:38 | SSA def(this.S.SsaFieldSink0) |
| SSA.cs:67:9:67:38 | SSA def(this.S.SsaFieldSink0) | SSA.cs:89:13:89:33 | [input] SSA qualifier def(this.S.SsaFieldSink0) |
| SSA.cs:67:9:67:38 | SSA def(this.S.SsaFieldSink0) | SSA.cs:68:23:68:28 | SSA qualifier def(this.S.SsaFieldSink0) |
| SSA.cs:67:32:67:38 | access to parameter tainted | SSA.cs:67:9:67:28 | access to field SsaFieldSink0 |
| SSA.cs:67:32:67:38 | access to parameter tainted | SSA.cs:77:20:77:26 | access to parameter tainted |
| SSA.cs:68:23:68:26 | [post] this access | SSA.cs:69:15:69:18 | this access |
| SSA.cs:68:23:68:26 | this access | SSA.cs:69:15:69:18 | this access |
| SSA.cs:68:23:68:28 | SSA def(this.S) | SSA.cs:69:15:69:20 | access to field S |
| SSA.cs:68:23:68:28 | SSA qualifier def(this.S.SsaFieldSink0) | SSA.cs:69:15:69:34 | access to field SsaFieldSink0 |
| SSA.cs:68:23:68:28 | [post] access to field S | SSA.cs:89:13:89:33 | [input] SSA def(this.S) |
| SSA.cs:68:23:68:28 | [post] access to field S | SSA.cs:68:23:68:28 | SSA def(this.S) |
| SSA.cs:68:23:68:28 | access to field S | SSA.cs:68:23:68:28 | SSA def(this.S) |
| SSA.cs:68:23:68:28 | access to field S | SSA.cs:68:23:68:28 | SSA def(this.S) |
| SSA.cs:68:23:68:28 | access to field S | SSA.cs:89:13:89:33 | [input] SSA def(this.S) |
| SSA.cs:69:15:69:18 | [post] this access | SSA.cs:72:9:72:12 | this access |
| SSA.cs:69:15:69:18 | this access | SSA.cs:72:9:72:12 | this access |
| SSA.cs:69:15:69:20 | [post] access to field S | SSA.cs:72:9:72:14 | access to field S |
@@ -695,15 +693,15 @@
| SSA.cs:72:9:72:14 | [post] access to field S | SSA.cs:73:23:73:28 | access to field S |
| SSA.cs:72:9:72:14 | access to field S | SSA.cs:73:23:73:28 | access to field S |
| SSA.cs:72:9:72:31 | access to field SsaFieldNonSink0 | SSA.cs:72:9:72:36 | SSA def(this.S.SsaFieldNonSink0) |
| SSA.cs:72:9:72:36 | SSA def(this.S.SsaFieldNonSink0) | SSA.cs:89:13:89:33 | [input] SSA qualifier def(this.S.SsaFieldNonSink0) |
| SSA.cs:72:9:72:36 | SSA def(this.S.SsaFieldNonSink0) | SSA.cs:73:23:73:28 | SSA qualifier def(this.S.SsaFieldNonSink0) |
| SSA.cs:72:35:72:36 | "" | SSA.cs:72:9:72:31 | access to field SsaFieldNonSink0 |
| SSA.cs:73:23:73:26 | [post] this access | SSA.cs:74:15:74:18 | this access |
| SSA.cs:73:23:73:26 | this access | SSA.cs:74:15:74:18 | this access |
| SSA.cs:73:23:73:28 | SSA def(this.S) | SSA.cs:74:15:74:20 | access to field S |
| SSA.cs:73:23:73:28 | SSA qualifier def(this.S.SsaFieldNonSink0) | SSA.cs:74:15:74:37 | access to field SsaFieldNonSink0 |
| SSA.cs:73:23:73:28 | [post] access to field S | SSA.cs:89:13:89:33 | [input] SSA def(this.S) |
| SSA.cs:73:23:73:28 | [post] access to field S | SSA.cs:73:23:73:28 | SSA def(this.S) |
| SSA.cs:73:23:73:28 | access to field S | SSA.cs:73:23:73:28 | SSA def(this.S) |
| SSA.cs:73:23:73:28 | access to field S | SSA.cs:73:23:73:28 | SSA def(this.S) |
| SSA.cs:73:23:73:28 | access to field S | SSA.cs:89:13:89:33 | [input] SSA def(this.S) |
| SSA.cs:74:15:74:18 | [post] this access | SSA.cs:80:9:80:12 | this access |
| SSA.cs:74:15:74:18 | this access | SSA.cs:80:9:80:12 | this access |
| SSA.cs:74:15:74:20 | [post] access to field S | SSA.cs:80:9:80:14 | access to field S |
@@ -752,15 +750,9 @@
| SSA.cs:89:13:89:22 | [post] access to parameter nonTainted | SSA.cs:92:17:92:26 | access to parameter nonTainted |
| SSA.cs:89:13:89:22 | access to parameter nonTainted | SSA.cs:89:13:89:33 | [input] SSA phi read(nonTainted) |
| SSA.cs:89:13:89:22 | access to parameter nonTainted | SSA.cs:92:17:92:26 | access to parameter nonTainted |
| SSA.cs:89:13:89:33 | [input] SSA def(nonSink0) | SSA.cs:63:23:63:30 | SSA def(nonSink0) |
| SSA.cs:89:13:89:33 | [input] SSA def(ssaSink3) | SSA.cs:59:23:59:30 | SSA def(ssaSink3) |
| SSA.cs:89:13:89:33 | [input] SSA def(this.S) | SSA.cs:68:23:68:28 | SSA def(this.S) |
| SSA.cs:89:13:89:33 | [input] SSA def(this.S) | SSA.cs:73:23:73:28 | SSA def(this.S) |
| SSA.cs:89:13:89:33 | [input] SSA phi read(nonTainted) | SSA.cs:97:9:97:32 | SSA phi read(nonTainted) |
| SSA.cs:89:13:89:33 | [input] SSA phi read(ssaSink0) | SSA.cs:97:9:97:32 | SSA phi read(ssaSink0) |
| SSA.cs:89:13:89:33 | [input] SSA phi(ssaSink4) | SSA.cs:97:9:97:32 | SSA phi(ssaSink4) |
| SSA.cs:89:13:89:33 | [input] SSA qualifier def(this.S.SsaFieldNonSink0) | SSA.cs:73:23:73:28 | SSA qualifier def(this.S.SsaFieldNonSink0) |
| SSA.cs:89:13:89:33 | [input] SSA qualifier def(this.S.SsaFieldSink0) | SSA.cs:68:23:68:28 | SSA qualifier def(this.S.SsaFieldSink0) |
| SSA.cs:91:13:91:20 | access to local variable ssaSink4 | SSA.cs:91:13:91:31 | SSA def(ssaSink4) |
| SSA.cs:91:13:91:31 | SSA def(ssaSink4) | SSA.cs:93:21:93:28 | access to local variable ssaSink4 |
| SSA.cs:91:13:91:31 | SSA def(ssaSink4) | SSA.cs:95:21:95:28 | access to local variable ssaSink4 |
@@ -785,9 +777,9 @@
| SSA.cs:97:9:97:32 | SSA phi read(ssaSink0) | SSA.cs:117:36:117:43 | access to local variable ssaSink0 |
| SSA.cs:97:9:97:32 | SSA phi(ssaSink4) | SSA.cs:97:23:97:30 | access to local variable ssaSink4 |
| SSA.cs:97:23:97:30 | SSA def(ssaSink4) | SSA.cs:98:15:98:22 | access to local variable ssaSink4 |
| SSA.cs:97:23:97:30 | [post] access to local variable ssaSink4 | SSA.cs:102:13:102:33 | [input] SSA def(ssaSink4) |
| SSA.cs:97:23:97:30 | [post] access to local variable ssaSink4 | SSA.cs:97:23:97:30 | SSA def(ssaSink4) |
| SSA.cs:97:23:97:30 | access to local variable ssaSink4 | SSA.cs:97:23:97:30 | SSA def(ssaSink4) |
| SSA.cs:97:23:97:30 | access to local variable ssaSink4 | SSA.cs:97:23:97:30 | SSA def(ssaSink4) |
| SSA.cs:97:23:97:30 | access to local variable ssaSink4 | SSA.cs:102:13:102:33 | [input] SSA def(ssaSink4) |
| SSA.cs:101:16:101:23 | access to local variable nonSink3 | SSA.cs:101:16:101:28 | SSA def(nonSink3) |
| SSA.cs:101:16:101:28 | SSA def(nonSink3) | SSA.cs:102:13:102:33 | [input] SSA phi(nonSink3) |
| SSA.cs:101:27:101:28 | "" | SSA.cs:101:16:101:23 | access to local variable nonSink3 |
@@ -795,7 +787,6 @@
| SSA.cs:102:13:102:22 | [post] access to parameter nonTainted | SSA.cs:105:17:105:26 | access to parameter nonTainted |
| SSA.cs:102:13:102:22 | access to parameter nonTainted | SSA.cs:102:13:102:33 | [input] SSA phi read(nonTainted) |
| SSA.cs:102:13:102:22 | access to parameter nonTainted | SSA.cs:105:17:105:26 | access to parameter nonTainted |
| SSA.cs:102:13:102:33 | [input] SSA def(ssaSink4) | SSA.cs:97:23:97:30 | SSA def(ssaSink4) |
| SSA.cs:102:13:102:33 | [input] SSA phi read(nonSink0) | SSA.cs:110:9:110:32 | SSA phi read(nonSink0) |
| SSA.cs:102:13:102:33 | [input] SSA phi read(nonTainted) | SSA.cs:110:9:110:32 | SSA phi read(nonTainted) |
| SSA.cs:102:13:102:33 | [input] SSA phi(nonSink3) | SSA.cs:110:9:110:32 | SSA phi(nonSink3) |
@@ -823,9 +814,9 @@
| SSA.cs:110:9:110:32 | SSA phi read(nonTainted) | SSA.cs:115:13:115:22 | access to parameter nonTainted |
| SSA.cs:110:9:110:32 | SSA phi(nonSink3) | SSA.cs:110:23:110:30 | access to local variable nonSink3 |
| SSA.cs:110:23:110:30 | SSA def(nonSink3) | SSA.cs:111:15:111:22 | access to local variable nonSink3 |
| SSA.cs:110:23:110:30 | [post] access to local variable nonSink3 | SSA.cs:115:13:115:33 | [input] SSA def(nonSink3) |
| SSA.cs:110:23:110:30 | [post] access to local variable nonSink3 | SSA.cs:110:23:110:30 | SSA def(nonSink3) |
| SSA.cs:110:23:110:30 | access to local variable nonSink3 | SSA.cs:110:23:110:30 | SSA def(nonSink3) |
| SSA.cs:110:23:110:30 | access to local variable nonSink3 | SSA.cs:110:23:110:30 | SSA def(nonSink3) |
| SSA.cs:110:23:110:30 | access to local variable nonSink3 | SSA.cs:115:13:115:33 | [input] SSA def(nonSink3) |
| SSA.cs:114:9:114:12 | [post] this access | SSA.cs:117:13:117:16 | this access |
| SSA.cs:114:9:114:12 | [post] this access | SSA.cs:123:23:123:26 | this access |
| SSA.cs:114:9:114:12 | this access | SSA.cs:117:13:117:16 | this access |
@@ -841,7 +832,6 @@
| SSA.cs:115:13:115:22 | [post] access to parameter nonTainted | SSA.cs:118:17:118:26 | access to parameter nonTainted |
| SSA.cs:115:13:115:22 | access to parameter nonTainted | SSA.cs:115:13:115:33 | [input] SSA phi read(nonTainted) |
| SSA.cs:115:13:115:22 | access to parameter nonTainted | SSA.cs:118:17:118:26 | access to parameter nonTainted |
| SSA.cs:115:13:115:33 | [input] SSA def(nonSink3) | SSA.cs:110:23:110:30 | SSA def(nonSink3) |
| SSA.cs:115:13:115:33 | [input] SSA phi read(nonTainted) | SSA.cs:123:9:123:30 | SSA phi read(nonTainted) |
| SSA.cs:115:13:115:33 | [input] SSA phi read(this.S) | SSA.cs:123:9:123:30 | SSA phi read(this.S) |
| SSA.cs:115:13:115:33 | [input] SSA phi(this.S.SsaFieldSink1) | SSA.cs:123:9:123:30 | SSA phi(this.S.SsaFieldSink1) |
@@ -881,14 +871,14 @@
| SSA.cs:121:21:121:40 | access to field SsaFieldSink1 | SSA.cs:121:17:121:41 | [input] SSA phi(this.S.SsaFieldSink1) |
| SSA.cs:123:9:123:30 | SSA phi read(nonTainted) | SSA.cs:128:13:128:22 | access to parameter nonTainted |
| SSA.cs:123:9:123:30 | SSA phi read(this.S) | SSA.cs:123:23:123:28 | access to field S |
| SSA.cs:123:9:123:30 | SSA phi(this.S.SsaFieldSink1) | SSA.cs:128:13:128:33 | [input] SSA qualifier def(this.S.SsaFieldSink1) |
| SSA.cs:123:9:123:30 | SSA phi(this.S.SsaFieldSink1) | SSA.cs:123:23:123:28 | SSA qualifier def(this.S.SsaFieldSink1) |
| SSA.cs:123:23:123:26 | [post] this access | SSA.cs:124:15:124:18 | this access |
| SSA.cs:123:23:123:26 | this access | SSA.cs:124:15:124:18 | this access |
| SSA.cs:123:23:123:28 | SSA def(this.S) | SSA.cs:124:15:124:20 | access to field S |
| SSA.cs:123:23:123:28 | SSA qualifier def(this.S.SsaFieldSink1) | SSA.cs:124:15:124:34 | access to field SsaFieldSink1 |
| SSA.cs:123:23:123:28 | [post] access to field S | SSA.cs:128:13:128:33 | [input] SSA def(this.S) |
| SSA.cs:123:23:123:28 | [post] access to field S | SSA.cs:123:23:123:28 | SSA def(this.S) |
| SSA.cs:123:23:123:28 | access to field S | SSA.cs:123:23:123:28 | SSA def(this.S) |
| SSA.cs:123:23:123:28 | access to field S | SSA.cs:123:23:123:28 | SSA def(this.S) |
| SSA.cs:123:23:123:28 | access to field S | SSA.cs:128:13:128:33 | [input] SSA def(this.S) |
| SSA.cs:124:15:124:18 | [post] this access | SSA.cs:127:9:127:12 | this access |
| SSA.cs:124:15:124:18 | this access | SSA.cs:127:9:127:12 | this access |
| SSA.cs:124:15:124:20 | [post] access to field S | SSA.cs:127:9:127:14 | access to field S |
@@ -906,10 +896,8 @@
| SSA.cs:127:35:127:36 | "" | SSA.cs:127:9:127:31 | access to field SsaFieldNonSink0 |
| SSA.cs:128:13:128:22 | [post] access to parameter nonTainted | SSA.cs:131:17:131:26 | access to parameter nonTainted |
| SSA.cs:128:13:128:22 | access to parameter nonTainted | SSA.cs:131:17:131:26 | access to parameter nonTainted |
| SSA.cs:128:13:128:33 | [input] SSA def(this.S) | SSA.cs:123:23:123:28 | SSA def(this.S) |
| SSA.cs:128:13:128:33 | [input] SSA phi read(this.S) | SSA.cs:136:9:136:30 | SSA phi read(this.S) |
| SSA.cs:128:13:128:33 | [input] SSA phi(this.S.SsaFieldNonSink0) | SSA.cs:136:9:136:30 | SSA phi(this.S.SsaFieldNonSink0) |
| SSA.cs:128:13:128:33 | [input] SSA qualifier def(this.S.SsaFieldSink1) | SSA.cs:123:23:123:28 | SSA qualifier def(this.S.SsaFieldSink1) |
| SSA.cs:130:13:130:16 | [post] this access | SSA.cs:132:21:132:24 | this access |
| SSA.cs:130:13:130:16 | [post] this access | SSA.cs:134:21:134:24 | this access |
| SSA.cs:130:13:130:16 | this access | SSA.cs:132:21:132:24 | this access |
@@ -939,13 +927,13 @@
| SSA.cs:134:21:134:43 | [post] access to field SsaFieldNonSink0 | SSA.cs:134:17:134:44 | [input] SSA phi(this.S.SsaFieldNonSink0) |
| SSA.cs:134:21:134:43 | access to field SsaFieldNonSink0 | SSA.cs:134:17:134:44 | [input] SSA phi(this.S.SsaFieldNonSink0) |
| SSA.cs:136:9:136:30 | SSA phi read(this.S) | SSA.cs:136:23:136:28 | access to field S |
| SSA.cs:136:9:136:30 | SSA phi(this.S.SsaFieldNonSink0) | SSA.cs:5:17:5:17 | [input] SSA qualifier def(this.S.SsaFieldNonSink0) |
| SSA.cs:136:9:136:30 | SSA phi(this.S.SsaFieldNonSink0) | SSA.cs:136:23:136:28 | SSA qualifier def(this.S.SsaFieldNonSink0) |
| SSA.cs:136:23:136:26 | [post] this access | SSA.cs:137:15:137:18 | this access |
| SSA.cs:136:23:136:26 | this access | SSA.cs:137:15:137:18 | this access |
| SSA.cs:136:23:136:28 | SSA def(this.S) | SSA.cs:137:15:137:20 | access to field S |
| SSA.cs:136:23:136:28 | SSA qualifier def(this.S.SsaFieldNonSink0) | SSA.cs:137:15:137:37 | access to field SsaFieldNonSink0 |
| SSA.cs:136:23:136:28 | [post] access to field S | SSA.cs:5:17:5:17 | [input] SSA def(this.S) |
| SSA.cs:136:23:136:28 | access to field S | SSA.cs:5:17:5:17 | [input] SSA def(this.S) |
| SSA.cs:136:23:136:28 | [post] access to field S | SSA.cs:136:23:136:28 | SSA def(this.S) |
| SSA.cs:136:23:136:28 | access to field S | SSA.cs:136:23:136:28 | SSA def(this.S) |
| SSA.cs:136:23:136:28 | access to field S | SSA.cs:136:23:136:28 | SSA def(this.S) |
| SSA.cs:144:34:144:34 | SSA param(t) | SSA.cs:146:13:146:13 | access to parameter t |
| SSA.cs:144:34:144:34 | t | SSA.cs:144:34:144:34 | SSA param(t) |

52
csharp/ql/test/library-tests/dataflow/local/TaintTrackingStep.expected
View File

@@ -643,8 +643,6 @@
| LocalDataFlow.cs:381:17:381:29 | "not tainted" | LocalDataFlow.cs:381:13:381:13 | access to local variable x |
| LocalDataFlow.cs:382:9:382:17 | SSA phi(x) | LocalDataFlow.cs:382:15:382:15 | access to local variable x |
| SSA.cs:5:17:5:17 | SSA entry def(this.S) | SSA.cs:67:9:67:14 | access to field S |
| SSA.cs:5:17:5:17 | [input] SSA def(this.S) | SSA.cs:136:23:136:28 | SSA def(this.S) |
| SSA.cs:5:17:5:17 | [input] SSA qualifier def(this.S.SsaFieldNonSink0) | SSA.cs:136:23:136:28 | SSA qualifier def(this.S.SsaFieldNonSink0) |
| SSA.cs:5:17:5:17 | this | SSA.cs:67:9:67:12 | this access |
| SSA.cs:5:26:5:32 | SSA param(tainted) | SSA.cs:8:24:8:30 | access to parameter tainted |
| SSA.cs:5:26:5:32 | tainted | SSA.cs:5:26:5:32 | SSA param(tainted) |
@@ -780,28 +778,28 @@
| SSA.cs:58:27:58:33 | access to parameter tainted | SSA.cs:58:16:58:23 | access to local variable ssaSink3 |
| SSA.cs:58:27:58:33 | access to parameter tainted | SSA.cs:67:32:67:38 | access to parameter tainted |
| SSA.cs:59:23:59:30 | SSA def(ssaSink3) | SSA.cs:60:15:60:22 | access to local variable ssaSink3 |
| SSA.cs:59:23:59:30 | [post] access to local variable ssaSink3 | SSA.cs:89:13:89:33 | [input] SSA def(ssaSink3) |
| SSA.cs:59:23:59:30 | [post] access to local variable ssaSink3 | SSA.cs:59:23:59:30 | SSA def(ssaSink3) |
| SSA.cs:59:23:59:30 | access to local variable ssaSink3 | SSA.cs:59:23:59:30 | SSA def(ssaSink3) |
| SSA.cs:59:23:59:30 | access to local variable ssaSink3 | SSA.cs:59:23:59:30 | SSA def(ssaSink3) |
| SSA.cs:59:23:59:30 | access to local variable ssaSink3 | SSA.cs:89:13:89:33 | [input] SSA def(ssaSink3) |
| SSA.cs:63:23:63:30 | SSA def(nonSink0) | SSA.cs:64:15:64:22 | access to local variable nonSink0 |
| SSA.cs:63:23:63:30 | [post] access to local variable nonSink0 | SSA.cs:89:13:89:33 | [input] SSA def(nonSink0) |
| SSA.cs:63:23:63:30 | [post] access to local variable nonSink0 | SSA.cs:63:23:63:30 | SSA def(nonSink0) |
| SSA.cs:63:23:63:30 | access to local variable nonSink0 | SSA.cs:63:23:63:30 | SSA def(nonSink0) |
| SSA.cs:63:23:63:30 | access to local variable nonSink0 | SSA.cs:63:23:63:30 | SSA def(nonSink0) |
| SSA.cs:63:23:63:30 | access to local variable nonSink0 | SSA.cs:89:13:89:33 | [input] SSA def(nonSink0) |
| SSA.cs:67:9:67:12 | [post] this access | SSA.cs:68:23:68:26 | this access |
| SSA.cs:67:9:67:12 | this access | SSA.cs:68:23:68:26 | this access |
| SSA.cs:67:9:67:14 | [post] access to field S | SSA.cs:68:23:68:28 | access to field S |
| SSA.cs:67:9:67:14 | access to field S | SSA.cs:68:23:68:28 | access to field S |
| SSA.cs:67:9:67:28 | access to field SsaFieldSink0 | SSA.cs:67:9:67:38 | SSA def(this.S.SsaFieldSink0) |
| SSA.cs:67:9:67:38 | SSA def(this.S.SsaFieldSink0) | SSA.cs:89:13:89:33 | [input] SSA qualifier def(this.S.SsaFieldSink0) |
| SSA.cs:67:9:67:38 | SSA def(this.S.SsaFieldSink0) | SSA.cs:68:23:68:28 | SSA qualifier def(this.S.SsaFieldSink0) |
| SSA.cs:67:32:67:38 | access to parameter tainted | SSA.cs:67:9:67:28 | access to field SsaFieldSink0 |
| SSA.cs:67:32:67:38 | access to parameter tainted | SSA.cs:77:20:77:26 | access to parameter tainted |
| SSA.cs:68:23:68:26 | [post] this access | SSA.cs:69:15:69:18 | this access |
| SSA.cs:68:23:68:26 | this access | SSA.cs:69:15:69:18 | this access |
| SSA.cs:68:23:68:28 | SSA def(this.S) | SSA.cs:69:15:69:20 | access to field S |
| SSA.cs:68:23:68:28 | SSA qualifier def(this.S.SsaFieldSink0) | SSA.cs:69:15:69:34 | access to field SsaFieldSink0 |
| SSA.cs:68:23:68:28 | [post] access to field S | SSA.cs:89:13:89:33 | [input] SSA def(this.S) |
| SSA.cs:68:23:68:28 | [post] access to field S | SSA.cs:68:23:68:28 | SSA def(this.S) |
| SSA.cs:68:23:68:28 | access to field S | SSA.cs:68:23:68:28 | SSA def(this.S) |
| SSA.cs:68:23:68:28 | access to field S | SSA.cs:68:23:68:28 | SSA def(this.S) |
| SSA.cs:68:23:68:28 | access to field S | SSA.cs:89:13:89:33 | [input] SSA def(this.S) |
| SSA.cs:69:15:69:18 | [post] this access | SSA.cs:72:9:72:12 | this access |
| SSA.cs:69:15:69:18 | this access | SSA.cs:72:9:72:12 | this access |
| SSA.cs:69:15:69:20 | [post] access to field S | SSA.cs:72:9:72:14 | access to field S |
@@ -811,15 +809,15 @@
| SSA.cs:72:9:72:14 | [post] access to field S | SSA.cs:73:23:73:28 | access to field S |
| SSA.cs:72:9:72:14 | access to field S | SSA.cs:73:23:73:28 | access to field S |
| SSA.cs:72:9:72:31 | access to field SsaFieldNonSink0 | SSA.cs:72:9:72:36 | SSA def(this.S.SsaFieldNonSink0) |
| SSA.cs:72:9:72:36 | SSA def(this.S.SsaFieldNonSink0) | SSA.cs:89:13:89:33 | [input] SSA qualifier def(this.S.SsaFieldNonSink0) |
| SSA.cs:72:9:72:36 | SSA def(this.S.SsaFieldNonSink0) | SSA.cs:73:23:73:28 | SSA qualifier def(this.S.SsaFieldNonSink0) |
| SSA.cs:72:35:72:36 | "" | SSA.cs:72:9:72:31 | access to field SsaFieldNonSink0 |
| SSA.cs:73:23:73:26 | [post] this access | SSA.cs:74:15:74:18 | this access |
| SSA.cs:73:23:73:26 | this access | SSA.cs:74:15:74:18 | this access |
| SSA.cs:73:23:73:28 | SSA def(this.S) | SSA.cs:74:15:74:20 | access to field S |
| SSA.cs:73:23:73:28 | SSA qualifier def(this.S.SsaFieldNonSink0) | SSA.cs:74:15:74:37 | access to field SsaFieldNonSink0 |
| SSA.cs:73:23:73:28 | [post] access to field S | SSA.cs:89:13:89:33 | [input] SSA def(this.S) |
| SSA.cs:73:23:73:28 | [post] access to field S | SSA.cs:73:23:73:28 | SSA def(this.S) |
| SSA.cs:73:23:73:28 | access to field S | SSA.cs:73:23:73:28 | SSA def(this.S) |
| SSA.cs:73:23:73:28 | access to field S | SSA.cs:73:23:73:28 | SSA def(this.S) |
| SSA.cs:73:23:73:28 | access to field S | SSA.cs:89:13:89:33 | [input] SSA def(this.S) |
| SSA.cs:74:15:74:18 | [post] this access | SSA.cs:80:9:80:12 | this access |
| SSA.cs:74:15:74:18 | this access | SSA.cs:80:9:80:12 | this access |
| SSA.cs:74:15:74:20 | [post] access to field S | SSA.cs:80:9:80:14 | access to field S |
@@ -869,15 +867,9 @@
| SSA.cs:89:13:89:22 | access to parameter nonTainted | SSA.cs:89:13:89:33 | [input] SSA phi read(nonTainted) |
| SSA.cs:89:13:89:22 | access to parameter nonTainted | SSA.cs:92:17:92:26 | access to parameter nonTainted |
| SSA.cs:89:13:89:29 | access to property Length | SSA.cs:89:13:89:33 | ... > ... |
| SSA.cs:89:13:89:33 | [input] SSA def(nonSink0) | SSA.cs:63:23:63:30 | SSA def(nonSink0) |
| SSA.cs:89:13:89:33 | [input] SSA def(ssaSink3) | SSA.cs:59:23:59:30 | SSA def(ssaSink3) |
| SSA.cs:89:13:89:33 | [input] SSA def(this.S) | SSA.cs:68:23:68:28 | SSA def(this.S) |
| SSA.cs:89:13:89:33 | [input] SSA def(this.S) | SSA.cs:73:23:73:28 | SSA def(this.S) |
| SSA.cs:89:13:89:33 | [input] SSA phi read(nonTainted) | SSA.cs:97:9:97:32 | SSA phi read(nonTainted) |
| SSA.cs:89:13:89:33 | [input] SSA phi read(ssaSink0) | SSA.cs:97:9:97:32 | SSA phi read(ssaSink0) |
| SSA.cs:89:13:89:33 | [input] SSA phi(ssaSink4) | SSA.cs:97:9:97:32 | SSA phi(ssaSink4) |
| SSA.cs:89:13:89:33 | [input] SSA qualifier def(this.S.SsaFieldNonSink0) | SSA.cs:73:23:73:28 | SSA qualifier def(this.S.SsaFieldNonSink0) |
| SSA.cs:89:13:89:33 | [input] SSA qualifier def(this.S.SsaFieldSink0) | SSA.cs:68:23:68:28 | SSA qualifier def(this.S.SsaFieldSink0) |
| SSA.cs:91:13:91:20 | access to local variable ssaSink4 | SSA.cs:91:13:91:31 | SSA def(ssaSink4) |
| SSA.cs:91:13:91:31 | SSA def(ssaSink4) | SSA.cs:93:21:93:28 | access to local variable ssaSink4 |
| SSA.cs:91:13:91:31 | SSA def(ssaSink4) | SSA.cs:95:21:95:28 | access to local variable ssaSink4 |
@@ -903,9 +895,9 @@
| SSA.cs:97:9:97:32 | SSA phi read(ssaSink0) | SSA.cs:117:36:117:43 | access to local variable ssaSink0 |
| SSA.cs:97:9:97:32 | SSA phi(ssaSink4) | SSA.cs:97:23:97:30 | access to local variable ssaSink4 |
| SSA.cs:97:23:97:30 | SSA def(ssaSink4) | SSA.cs:98:15:98:22 | access to local variable ssaSink4 |
| SSA.cs:97:23:97:30 | [post] access to local variable ssaSink4 | SSA.cs:102:13:102:33 | [input] SSA def(ssaSink4) |
| SSA.cs:97:23:97:30 | [post] access to local variable ssaSink4 | SSA.cs:97:23:97:30 | SSA def(ssaSink4) |
| SSA.cs:97:23:97:30 | access to local variable ssaSink4 | SSA.cs:97:23:97:30 | SSA def(ssaSink4) |
| SSA.cs:97:23:97:30 | access to local variable ssaSink4 | SSA.cs:97:23:97:30 | SSA def(ssaSink4) |
| SSA.cs:97:23:97:30 | access to local variable ssaSink4 | SSA.cs:102:13:102:33 | [input] SSA def(ssaSink4) |
| SSA.cs:101:16:101:23 | access to local variable nonSink3 | SSA.cs:101:16:101:28 | SSA def(nonSink3) |
| SSA.cs:101:16:101:28 | SSA def(nonSink3) | SSA.cs:102:13:102:33 | [input] SSA phi(nonSink3) |
| SSA.cs:101:27:101:28 | "" | SSA.cs:101:16:101:23 | access to local variable nonSink3 |
@@ -914,7 +906,6 @@
| SSA.cs:102:13:102:22 | access to parameter nonTainted | SSA.cs:102:13:102:33 | [input] SSA phi read(nonTainted) |
| SSA.cs:102:13:102:22 | access to parameter nonTainted | SSA.cs:105:17:105:26 | access to parameter nonTainted |
| SSA.cs:102:13:102:29 | access to property Length | SSA.cs:102:13:102:33 | ... > ... |
| SSA.cs:102:13:102:33 | [input] SSA def(ssaSink4) | SSA.cs:97:23:97:30 | SSA def(ssaSink4) |
| SSA.cs:102:13:102:33 | [input] SSA phi read(nonSink0) | SSA.cs:110:9:110:32 | SSA phi read(nonSink0) |
| SSA.cs:102:13:102:33 | [input] SSA phi read(nonTainted) | SSA.cs:110:9:110:32 | SSA phi read(nonTainted) |
| SSA.cs:102:13:102:33 | [input] SSA phi(nonSink3) | SSA.cs:110:9:110:32 | SSA phi(nonSink3) |
@@ -943,9 +934,9 @@
| SSA.cs:110:9:110:32 | SSA phi read(nonTainted) | SSA.cs:115:13:115:22 | access to parameter nonTainted |
| SSA.cs:110:9:110:32 | SSA phi(nonSink3) | SSA.cs:110:23:110:30 | access to local variable nonSink3 |
| SSA.cs:110:23:110:30 | SSA def(nonSink3) | SSA.cs:111:15:111:22 | access to local variable nonSink3 |
| SSA.cs:110:23:110:30 | [post] access to local variable nonSink3 | SSA.cs:115:13:115:33 | [input] SSA def(nonSink3) |
| SSA.cs:110:23:110:30 | [post] access to local variable nonSink3 | SSA.cs:110:23:110:30 | SSA def(nonSink3) |
| SSA.cs:110:23:110:30 | access to local variable nonSink3 | SSA.cs:110:23:110:30 | SSA def(nonSink3) |
| SSA.cs:110:23:110:30 | access to local variable nonSink3 | SSA.cs:110:23:110:30 | SSA def(nonSink3) |
| SSA.cs:110:23:110:30 | access to local variable nonSink3 | SSA.cs:115:13:115:33 | [input] SSA def(nonSink3) |
| SSA.cs:114:9:114:12 | [post] this access | SSA.cs:117:13:117:16 | this access |
| SSA.cs:114:9:114:12 | [post] this access | SSA.cs:123:23:123:26 | this access |
| SSA.cs:114:9:114:12 | this access | SSA.cs:117:13:117:16 | this access |
@@ -962,7 +953,6 @@
| SSA.cs:115:13:115:22 | access to parameter nonTainted | SSA.cs:115:13:115:33 | [input] SSA phi read(nonTainted) |
| SSA.cs:115:13:115:22 | access to parameter nonTainted | SSA.cs:118:17:118:26 | access to parameter nonTainted |
| SSA.cs:115:13:115:29 | access to property Length | SSA.cs:115:13:115:33 | ... > ... |
| SSA.cs:115:13:115:33 | [input] SSA def(nonSink3) | SSA.cs:110:23:110:30 | SSA def(nonSink3) |
| SSA.cs:115:13:115:33 | [input] SSA phi read(nonTainted) | SSA.cs:123:9:123:30 | SSA phi read(nonTainted) |
| SSA.cs:115:13:115:33 | [input] SSA phi read(this.S) | SSA.cs:123:9:123:30 | SSA phi read(this.S) |
| SSA.cs:115:13:115:33 | [input] SSA phi(this.S.SsaFieldSink1) | SSA.cs:123:9:123:30 | SSA phi(this.S.SsaFieldSink1) |
@@ -1003,14 +993,14 @@
| SSA.cs:121:21:121:40 | access to field SsaFieldSink1 | SSA.cs:121:17:121:41 | [input] SSA phi(this.S.SsaFieldSink1) |
| SSA.cs:123:9:123:30 | SSA phi read(nonTainted) | SSA.cs:128:13:128:22 | access to parameter nonTainted |
| SSA.cs:123:9:123:30 | SSA phi read(this.S) | SSA.cs:123:23:123:28 | access to field S |
| SSA.cs:123:9:123:30 | SSA phi(this.S.SsaFieldSink1) | SSA.cs:128:13:128:33 | [input] SSA qualifier def(this.S.SsaFieldSink1) |
| SSA.cs:123:9:123:30 | SSA phi(this.S.SsaFieldSink1) | SSA.cs:123:23:123:28 | SSA qualifier def(this.S.SsaFieldSink1) |
| SSA.cs:123:23:123:26 | [post] this access | SSA.cs:124:15:124:18 | this access |
| SSA.cs:123:23:123:26 | this access | SSA.cs:124:15:124:18 | this access |
| SSA.cs:123:23:123:28 | SSA def(this.S) | SSA.cs:124:15:124:20 | access to field S |
| SSA.cs:123:23:123:28 | SSA qualifier def(this.S.SsaFieldSink1) | SSA.cs:124:15:124:34 | access to field SsaFieldSink1 |
| SSA.cs:123:23:123:28 | [post] access to field S | SSA.cs:128:13:128:33 | [input] SSA def(this.S) |
| SSA.cs:123:23:123:28 | [post] access to field S | SSA.cs:123:23:123:28 | SSA def(this.S) |
| SSA.cs:123:23:123:28 | access to field S | SSA.cs:123:23:123:28 | SSA def(this.S) |
| SSA.cs:123:23:123:28 | access to field S | SSA.cs:123:23:123:28 | SSA def(this.S) |
| SSA.cs:123:23:123:28 | access to field S | SSA.cs:128:13:128:33 | [input] SSA def(this.S) |
| SSA.cs:124:15:124:18 | [post] this access | SSA.cs:127:9:127:12 | this access |
| SSA.cs:124:15:124:18 | this access | SSA.cs:127:9:127:12 | this access |
| SSA.cs:124:15:124:20 | [post] access to field S | SSA.cs:127:9:127:14 | access to field S |
@@ -1029,10 +1019,8 @@
| SSA.cs:128:13:128:22 | [post] access to parameter nonTainted | SSA.cs:131:17:131:26 | access to parameter nonTainted |
| SSA.cs:128:13:128:22 | access to parameter nonTainted | SSA.cs:131:17:131:26 | access to parameter nonTainted |
| SSA.cs:128:13:128:29 | access to property Length | SSA.cs:128:13:128:33 | ... > ... |
| SSA.cs:128:13:128:33 | [input] SSA def(this.S) | SSA.cs:123:23:123:28 | SSA def(this.S) |
| SSA.cs:128:13:128:33 | [input] SSA phi read(this.S) | SSA.cs:136:9:136:30 | SSA phi read(this.S) |
| SSA.cs:128:13:128:33 | [input] SSA phi(this.S.SsaFieldNonSink0) | SSA.cs:136:9:136:30 | SSA phi(this.S.SsaFieldNonSink0) |
| SSA.cs:128:13:128:33 | [input] SSA qualifier def(this.S.SsaFieldSink1) | SSA.cs:123:23:123:28 | SSA qualifier def(this.S.SsaFieldSink1) |
| SSA.cs:130:13:130:16 | [post] this access | SSA.cs:132:21:132:24 | this access |
| SSA.cs:130:13:130:16 | [post] this access | SSA.cs:134:21:134:24 | this access |
| SSA.cs:130:13:130:16 | this access | SSA.cs:132:21:132:24 | this access |
@@ -1063,13 +1051,13 @@
| SSA.cs:134:21:134:43 | [post] access to field SsaFieldNonSink0 | SSA.cs:134:17:134:44 | [input] SSA phi(this.S.SsaFieldNonSink0) |
| SSA.cs:134:21:134:43 | access to field SsaFieldNonSink0 | SSA.cs:134:17:134:44 | [input] SSA phi(this.S.SsaFieldNonSink0) |
| SSA.cs:136:9:136:30 | SSA phi read(this.S) | SSA.cs:136:23:136:28 | access to field S |
| SSA.cs:136:9:136:30 | SSA phi(this.S.SsaFieldNonSink0) | SSA.cs:5:17:5:17 | [input] SSA qualifier def(this.S.SsaFieldNonSink0) |
| SSA.cs:136:9:136:30 | SSA phi(this.S.SsaFieldNonSink0) | SSA.cs:136:23:136:28 | SSA qualifier def(this.S.SsaFieldNonSink0) |
| SSA.cs:136:23:136:26 | [post] this access | SSA.cs:137:15:137:18 | this access |
| SSA.cs:136:23:136:26 | this access | SSA.cs:137:15:137:18 | this access |
| SSA.cs:136:23:136:28 | SSA def(this.S) | SSA.cs:137:15:137:20 | access to field S |
| SSA.cs:136:23:136:28 | SSA qualifier def(this.S.SsaFieldNonSink0) | SSA.cs:137:15:137:37 | access to field SsaFieldNonSink0 |
| SSA.cs:136:23:136:28 | [post] access to field S | SSA.cs:5:17:5:17 | [input] SSA def(this.S) |
| SSA.cs:136:23:136:28 | access to field S | SSA.cs:5:17:5:17 | [input] SSA def(this.S) |
| SSA.cs:136:23:136:28 | [post] access to field S | SSA.cs:136:23:136:28 | SSA def(this.S) |
| SSA.cs:136:23:136:28 | access to field S | SSA.cs:136:23:136:28 | SSA def(this.S) |
| SSA.cs:136:23:136:28 | access to field S | SSA.cs:136:23:136:28 | SSA def(this.S) |
| SSA.cs:144:34:144:34 | SSA param(t) | SSA.cs:146:13:146:13 | access to parameter t |
| SSA.cs:144:34:144:34 | t | SSA.cs:144:34:144:34 | SSA param(t) |

10
csharp/ql/test/query-tests/Useless Code/DefaultToString/DefaultToString.cs
View File

@@ -35,6 +35,16 @@ public class DefaultToString
IPublic g = null;
Console.WriteLine(g); // GOOD
Console.WriteLine(new ValueTuple<int, int>(1, 2)); // GOOD
Console.WriteLine((1, 2)); // GOOD
var t1 = new ValueTuple<int, DefaultToString>(1, new DefaultToString());
Console.WriteLine(t1); // BAD
var t2 = new ValueTuple<A, D>(new A(), new D());
Console.WriteLine(t2); // GOOD
}
class A

3
csharp/ql/test/query-tests/Useless Code/DefaultToString/DefaultToString.expected
View File

@@ -2,7 +2,8 @@
| DefaultToString.cs:10:28:10:28 | access to local variable d | Default 'ToString()': $@ inherits 'ToString()' from 'Object', and so is not suitable for printing. | DefaultToString.cs:4:14:4:28 | DefaultToString | DefaultToString |
| DefaultToString.cs:16:27:16:30 | access to local variable ints | Default 'ToString()': $@ inherits 'ToString()' from 'Object', and so is not suitable for printing. | file://:0:0:0:0 | Int32[] | Int32[] |
| DefaultToString.cs:19:24:19:27 | access to local variable ints | Default 'ToString()': $@ inherits 'ToString()' from 'Object', and so is not suitable for printing. | file://:0:0:0:0 | Int32[] | Int32[] |
| DefaultToString.cs:34:27:34:27 | access to local variable f | Default 'ToString()': $@ inherits 'ToString()' from 'Object', and so is not suitable for printing. | DefaultToString.cs:62:23:62:30 | IPrivate | IPrivate |
| DefaultToString.cs:34:27:34:27 | access to local variable f | Default 'ToString()': $@ inherits 'ToString()' from 'Object', and so is not suitable for printing. | DefaultToString.cs:72:23:72:30 | IPrivate | IPrivate |
| DefaultToString.cs:44:27:44:28 | (...) ... | Default 'ToString()': $@ inherits 'ToString()' from 'Object', and so is not suitable for printing. | file://:0:0:0:0 | (Int32,DefaultToString) | (Int32,DefaultToString) |
| DefaultToStringBad.cs:8:35:8:35 | access to local variable p | Default 'ToString()': $@ inherits 'ToString()' from 'Object', and so is not suitable for printing. | DefaultToStringBad.cs:14:11:14:16 | Person | Person |
| DefaultToStringBad.cs:11:38:11:41 | access to local variable ints | Default 'ToString()': $@ inherits 'ToString()' from 'Object', and so is not suitable for printing. | file://:0:0:0:0 | Int32[] | Int32[] |
| WriteLineArray.cs:7:23:7:26 | access to parameter args | Default 'ToString()': $@ inherits 'ToString()' from 'Object', and so is not suitable for printing. | file://:0:0:0:0 | String[] | String[] |

22
csharp/ql/test/utils/inline-tests/InlineTests.cs
View File

@@ -16,6 +16,14 @@ class C
// correct expectation comment
x = "Alert"; // $ Alert[problem-query]
// correct expectation comments with a related location
var related = "Related"; // $ RelatedLocation[problem-query-with-related-loc]
x = "Alert:1"; // $ Alert[problem-query-with-related-loc]
// expectation comments missing the related location
related = "Related";
x = "Alert:1"; // $ Alert[problem-query-with-related-loc]
}
void PathProblems()
@@ -78,5 +86,17 @@ class C
// incorrect expectation comments, using an identifier tag; the alert location coincides with the source location
sink = "Sink"; // $ Sink[path-problem-query]=sink2
x = "Alert:0:1"; // $ Alert[path-problem-query]=sink1
// correct expectation comments with a related location
source = "Source"; // $ Source[path-problem-query-with-related-loc]
sink = "Sink"; // $ Sink[path-problem-query-with-related-loc]
var related = "Related"; // $ RelatedLocation[path-problem-query-with-related-loc]
x = "Alert:3:2:1"; // $ Alert[path-problem-query-with-related-loc]
// expectation comments missing the related location
source = "Source"; // $ Source[path-problem-query-with-related-loc]
sink = "Sink"; // $ Sink[path-problem-query-with-related-loc]
related = "Related";
x = "Alert:3:2:1"; // $ Alert[path-problem-query-with-related-loc]
}
}
}

52
csharp/ql/test/utils/inline-tests/PathProblemQuery.expected
View File

@@ -1,31 +1,31 @@
#select
| InlineTests.cs:26:17:26:27 | "Alert:2:1" | InlineTests.cs:24:22:24:29 | "Source" | InlineTests.cs:25:20:25:25 | "Sink" | This is a problem |
| InlineTests.cs:36:13:36:23 | "Alert:2:1" | InlineTests.cs:34:18:34:25 | "Source" | InlineTests.cs:35:16:35:21 | "Sink" | This is a problem |
| InlineTests.cs:41:13:41:23 | "Alert:2:1" | InlineTests.cs:39:18:39:25 | "Source" | InlineTests.cs:40:16:40:21 | "Sink" | This is a problem |
| InlineTests.cs:45:13:45:23 | "Alert:1:0" | InlineTests.cs:44:18:44:25 | "Source" | InlineTests.cs:45:13:45:23 | "Alert:1:0" | This is a problem |
| InlineTests.cs:49:13:49:23 | "Alert:0:1" | InlineTests.cs:49:13:49:23 | "Alert:0:1" | InlineTests.cs:48:16:48:21 | "Sink" | This is a problem |
| InlineTests.cs:54:13:54:23 | "Alert:2:1" | InlineTests.cs:52:18:52:25 | "Source" | InlineTests.cs:53:16:53:21 | "Sink" | This is a problem |
| InlineTests.cs:59:13:59:23 | "Alert:2:1" | InlineTests.cs:57:18:57:25 | "Source" | InlineTests.cs:58:16:58:21 | "Sink" | This is a problem |
| InlineTests.cs:64:13:64:23 | "Alert:2:1" | InlineTests.cs:62:18:62:25 | "Source" | InlineTests.cs:63:16:63:21 | "Sink" | This is a problem |
| InlineTests.cs:68:13:68:23 | "Alert:1:0" | InlineTests.cs:67:18:67:25 | "Source" | InlineTests.cs:68:13:68:23 | "Alert:1:0" | This is a problem |
| InlineTests.cs:72:13:72:23 | "Alert:1:0" | InlineTests.cs:71:18:71:25 | "Source" | InlineTests.cs:72:13:72:23 | "Alert:1:0" | This is a problem |
| InlineTests.cs:76:13:76:23 | "Alert:0:1" | InlineTests.cs:76:13:76:23 | "Alert:0:1" | InlineTests.cs:75:16:75:21 | "Sink" | This is a problem |
| InlineTests.cs:80:13:80:23 | "Alert:0:1" | InlineTests.cs:80:13:80:23 | "Alert:0:1" | InlineTests.cs:79:16:79:21 | "Sink" | This is a problem |
| InlineTests.cs:34:17:34:27 | "Alert:2:1" | InlineTests.cs:32:22:32:29 | "Source" | InlineTests.cs:33:20:33:25 | "Sink" | This is a problem |
| InlineTests.cs:44:13:44:23 | "Alert:2:1" | InlineTests.cs:42:18:42:25 | "Source" | InlineTests.cs:43:16:43:21 | "Sink" | This is a problem |
| InlineTests.cs:49:13:49:23 | "Alert:2:1" | InlineTests.cs:47:18:47:25 | "Source" | InlineTests.cs:48:16:48:21 | "Sink" | This is a problem |
| InlineTests.cs:53:13:53:23 | "Alert:1:0" | InlineTests.cs:52:18:52:25 | "Source" | InlineTests.cs:53:13:53:23 | "Alert:1:0" | This is a problem |
| InlineTests.cs:57:13:57:23 | "Alert:0:1" | InlineTests.cs:57:13:57:23 | "Alert:0:1" | InlineTests.cs:56:16:56:21 | "Sink" | This is a problem |
| InlineTests.cs:62:13:62:23 | "Alert:2:1" | InlineTests.cs:60:18:60:25 | "Source" | InlineTests.cs:61:16:61:21 | "Sink" | This is a problem |
| InlineTests.cs:67:13:67:23 | "Alert:2:1" | InlineTests.cs:65:18:65:25 | "Source" | InlineTests.cs:66:16:66:21 | "Sink" | This is a problem |
| InlineTests.cs:72:13:72:23 | "Alert:2:1" | InlineTests.cs:70:18:70:25 | "Source" | InlineTests.cs:71:16:71:21 | "Sink" | This is a problem |
| InlineTests.cs:76:13:76:23 | "Alert:1:0" | InlineTests.cs:75:18:75:25 | "Source" | InlineTests.cs:76:13:76:23 | "Alert:1:0" | This is a problem |
| InlineTests.cs:80:13:80:23 | "Alert:1:0" | InlineTests.cs:79:18:79:25 | "Source" | InlineTests.cs:80:13:80:23 | "Alert:1:0" | This is a problem |
| InlineTests.cs:84:13:84:23 | "Alert:0:1" | InlineTests.cs:84:13:84:23 | "Alert:0:1" | InlineTests.cs:83:16:83:21 | "Sink" | This is a problem |
| InlineTests.cs:88:13:88:23 | "Alert:0:1" | InlineTests.cs:88:13:88:23 | "Alert:0:1" | InlineTests.cs:87:16:87:21 | "Sink" | This is a problem |
edges
testFailures
| InlineTests.cs:6:26:6:35 | // ... | Missing result: Alert |
| InlineTests.cs:12:34:12:43 | // ... | Missing result: Alert |
| InlineTests.cs:29:28:29:38 | // ... | Missing result: Source |
| InlineTests.cs:30:24:30:32 | // ... | Missing result: Sink |
| InlineTests.cs:31:33:31:42 | // ... | Missing result: Alert |
| InlineTests.cs:34:18:34:25 | "Source" | Unexpected result: Source |
| InlineTests.cs:35:16:35:21 | "Sink" | Unexpected result: Sink |
| InlineTests.cs:36:13:36:23 | InlineTests.cs:34:18:34:25 | Unexpected result: Alert |
| InlineTests.cs:58:16:58:21 | "Sink" | Unexpected result: Sink=source2 |
| InlineTests.cs:58:24:58:60 | // ... | Missing result: Sink[path-problem-query]=source1 |
| InlineTests.cs:64:13:64:23 | InlineTests.cs:62:18:62:25 | Unexpected result: Alert=source3 |
| InlineTests.cs:64:26:64:63 | // ... | Missing result: Alert[path-problem-query]=source2 |
| InlineTests.cs:72:13:72:23 | "Alert:1:0" | Unexpected result: Alert=source5 |
| InlineTests.cs:72:26:72:63 | // ... | Missing result: Alert[path-problem-query]=source4 |
| InlineTests.cs:79:16:79:21 | "Sink" | Unexpected result: Sink=sink1 |
| InlineTests.cs:79:24:79:58 | // ... | Missing result: Sink[path-problem-query]=sink2 |
| InlineTests.cs:37:28:37:38 | // ... | Missing result: Source |
| InlineTests.cs:38:24:38:32 | // ... | Missing result: Sink |
| InlineTests.cs:39:33:39:42 | // ... | Missing result: Alert |
| InlineTests.cs:42:18:42:25 | "Source" | Unexpected result: Source |
| InlineTests.cs:43:16:43:21 | "Sink" | Unexpected result: Sink |
| InlineTests.cs:44:13:44:23 | InlineTests.cs:42:18:42:25 | Unexpected result: Alert |
| InlineTests.cs:66:16:66:21 | "Sink" | Unexpected result: Sink=source2 |
| InlineTests.cs:66:24:66:60 | // ... | Missing result: Sink[path-problem-query]=source1 |
| InlineTests.cs:72:13:72:23 | InlineTests.cs:70:18:70:25 | Unexpected result: Alert=source3 |
| InlineTests.cs:72:26:72:63 | // ... | Missing result: Alert[path-problem-query]=source2 |
| InlineTests.cs:80:13:80:23 | "Alert:1:0" | Unexpected result: Alert=source5 |
| InlineTests.cs:80:26:80:63 | // ... | Missing result: Alert[path-problem-query]=source4 |
| InlineTests.cs:87:16:87:21 | "Sink" | Unexpected result: Sink=sink1 |
| InlineTests.cs:87:24:87:58 | // ... | Missing result: Sink[path-problem-query]=sink2 |

14
csharp/ql/test/utils/inline-tests/PathProblemQueryRelatedLocs.expected Normal file
View File

@@ -0,0 +1,14 @@
#select
| InlineTests.cs:94:13:94:25 | "Alert:3:2:1" | InlineTests.cs:91:18:91:25 | "Source" | InlineTests.cs:92:16:92:21 | "Sink" | This is a problem with $@ | InlineTests.cs:93:23:93:31 | "Related" | a related location |
| InlineTests.cs:100:13:100:25 | "Alert:3:2:1" | InlineTests.cs:97:18:97:25 | "Source" | InlineTests.cs:98:16:98:21 | "Sink" | This is a problem with $@ | InlineTests.cs:99:19:99:27 | "Related" | a related location |
edges
testFailures
| InlineTests.cs:6:26:6:35 | // ... | Missing result: Alert |
| InlineTests.cs:12:34:12:43 | // ... | Missing result: Alert |
| InlineTests.cs:32:32:32:42 | // ... | Missing result: Source |
| InlineTests.cs:33:28:33:36 | // ... | Missing result: Sink |
| InlineTests.cs:34:30:34:39 | // ... | Missing result: Alert |
| InlineTests.cs:37:28:37:38 | // ... | Missing result: Source |
| InlineTests.cs:38:24:38:32 | // ... | Missing result: Sink |
| InlineTests.cs:39:33:39:42 | // ... | Missing result: Alert |
| InlineTests.cs:99:19:99:27 | "Related" | Unexpected result: RelatedLocation |

2
csharp/ql/test/utils/inline-tests/PathProblemQueryRelatedLocs.qlref Normal file
View File

@@ -0,0 +1,2 @@
query: utils/inline-tests/queries/PathProblemQueryRelatedLocs.ql
postprocess: utils/test/InlineExpectationsTestQuery.ql

4
csharp/ql/test/utils/inline-tests/ProblemQuery.expected
View File

@@ -5,5 +5,5 @@
testFailures
| InlineTests.cs:12:34:12:43 | // ... | Missing result: Alert |
| InlineTests.cs:15:13:15:19 | This is a problem | Unexpected result: Alert |
| InlineTests.cs:26:30:26:39 | // ... | Missing result: Alert |
| InlineTests.cs:31:33:31:42 | // ... | Missing result: Alert |
| InlineTests.cs:34:30:34:39 | // ... | Missing result: Alert |
| InlineTests.cs:39:33:39:42 | // ... | Missing result: Alert |

9
csharp/ql/test/utils/inline-tests/ProblemQueryRelatedLocs.expected Normal file
View File

@@ -0,0 +1,9 @@
#select
| InlineTests.cs:22:13:22:21 | "Alert:1" | This is a problem with $@ | InlineTests.cs:21:23:21:31 | "Related" | a related location |
| InlineTests.cs:26:13:26:21 | "Alert:1" | This is a problem with $@ | InlineTests.cs:25:19:25:27 | "Related" | a related location |
testFailures
| InlineTests.cs:6:26:6:35 | // ... | Missing result: Alert |
| InlineTests.cs:12:34:12:43 | // ... | Missing result: Alert |
| InlineTests.cs:25:19:25:27 | "Related" | Unexpected result: RelatedLocation |
| InlineTests.cs:34:30:34:39 | // ... | Missing result: Alert |
| InlineTests.cs:39:33:39:42 | // ... | Missing result: Alert |

2
csharp/ql/test/utils/inline-tests/ProblemQueryRelatedLocs.qlref Normal file
View File

@@ -0,0 +1,2 @@
query: utils/inline-tests/queries/ProblemQueryRelatedLocs.ql
postprocess: utils/test/InlineExpectationsTestQuery.ql

2
csharp/ql/test/utils/inline-tests/queries/PathProblemQueryRelatedLocs.expected Normal file
View File

@@ -0,0 +1,2 @@
edges
#select

22
csharp/ql/test/utils/inline-tests/queries/PathProblemQueryRelatedLocs.ql Normal file
View File

@@ -0,0 +1,22 @@
/**
* @kind path-problem
* @id path-problem-query-with-related-loc
*/
import csharp
query predicate edges(StringLiteral sl1, StringLiteral sl2) { none() }
from StringLiteral alert, StringLiteral source, StringLiteral sink, StringLiteral related
where
exists(string regexp, int sourceOffset, int sinkOffset, int relatedOffset |
regexp = "Alert:([0-9]+):([0-9]+):([0-9]+)"
|
sourceOffset = alert.getValue().regexpCapture(regexp, 1).toInt() and
sinkOffset = alert.getValue().regexpCapture(regexp, 2).toInt() and
relatedOffset = alert.getValue().regexpCapture(regexp, 3).toInt() and
source.getLocation().getStartLine() = alert.getLocation().getStartLine() - sourceOffset and
sink.getLocation().getStartLine() = alert.getLocation().getStartLine() - sinkOffset and
related.getLocation().getStartLine() = alert.getLocation().getStartLine() - relatedOffset
)
select alert, source, sink, "This is a problem with $@", related, "a related location"

0
java/ql/test/query-tests/security/CWE-1204/StaticInitializationVectorTest.expected → csharp/ql/test/utils/inline-tests/queries/ProblemQueryRelatedLocs.expected
View File

12
csharp/ql/test/utils/inline-tests/queries/ProblemQueryRelatedLocs.ql Normal file
View File

@@ -0,0 +1,12 @@
/**
* @kind problem
* @id problem-query-with-related-loc
*/
import csharp
from StringLiteral sl, StringLiteral related, int offset
where
sl.getValue().regexpCapture("Alert:([0-9]+)", 1).toInt() = offset and
related.getLocation().getStartLine() = sl.getLocation().getStartLine() - offset
select sl, "This is a problem with $@", related, "a related location"

165
docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.20.5.rst Normal file
View File

@@ -0,0 +1,165 @@
.. _codeql-cli-2.20.5:
==========================
CodeQL 2.20.5 (2025-02-20)
==========================
.. contents:: Contents
:depth: 2
:local:
:backlinks: none
This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog <https://github.blog/tag/code-scanning/>`__, `relevant GitHub Changelog updates <https://github.blog/changelog/label/code-scanning/>`__, `changes in the CodeQL extension for Visual Studio Code <https://marketplace.visualstudio.com/items/GitHub.vscode-codeql/changelog>`__, and the `CodeQL Action changelog <https://github.com/github/codeql-action/blob/main/CHANGELOG.md>`__.
Security Coverage
-----------------
CodeQL 2.20.5 runs a total of 450 security queries when configured with the Default suite (covering 168 CWE). The Extended suite enables an additional 136 queries (covering 34 more CWE). 4 security queries have been added with this release.
CodeQL CLI
----------
Breaking Changes
~~~~~~~~~~~~~~~~
* Removed support for :code:`QlBuiltins::BigInt`\ s in the :code:`avg()` aggregate.
* A number of breaking changes have been made to the C and C++ CodeQL test environment as used by :code:`codeql test run`\ :
* The :code:`-Xclang-only=<arg>` option is no longer supported by :code:`semmle-extractor-options`. Instead, when either :code:`--clang` or :code:`--clang_version` is specified the option should be replaced by :code:`<arg>` only, otherwise the option should be omitted.
* The :code:`--sys_include <arg>` and :code:`--preinclude <arg>` options are no longer supported by :code:`semmle-extractor-options`. Instead, :code:`--edg <option_name> --edg <arg>` should be specified.
* The :code:`-idirafter <arg>` option is no longer supported by :code:`semmle-extractor-options`. Instead, :code:`--edg --sys_include --edg <arg>` should be specified.
* The :code:`-imacros <arg>` option is no longer supported by :code:`semmle-extractor-options`. Instead, :code:`--edg --preinclude_macros --edg <arg>` should be specified.
* The :code:`/FI <arg>` option is no longer supported by :code:`semmle-extractor-options`. Instead, :code:`--edg --preinclude --edg <arg>` should be specified.
* The :code:`-Wreserved-user-defined-literal`, :code:`-Wno-reserved-user-defined-literal`, :code:`-fwritable-strings`, :code:`/Zc:rvalueCast`, :code:`/Zc:rvalueCast-`, and :code:`/Zc:wchar_t-` options are no longer supported by :code:`semmle-extractor-options`. Instead, :code:`--edg --reserved_user_defined_literal`, :code:`--edg --no-reserved_user_defined_literal`, :code:`--edg --no_const_string_literals`, :code:`--edg --no_preserve_lvalues_with_same_type_casts`, :code:`--edg --preserve_lvalues_with_same_type_casts`, and :code:`--edg --no_wchar_t_keyword` should be specified, respectively.
* The :code:`/Fo <arg>` option is no longer supported by :code:`semmle-extractor-options`. The option should be omitted.
Query Packs
-----------
Bug Fixes
~~~~~~~~~
JavaScript/TypeScript
"""""""""""""""""""""
* Fixed a recently-introduced bug that prevented taint tracking through :code:`URLSearchParams` objects.
The original behaviour has been restored and taint should once again be tracked through such objects.
* Fixed a rare issue that would occur when a function declaration inside a block statement was referenced before it was declared.
Such code is reliant on legacy web semantics, which is non-standard but nevertheless implemented by most engines.
CodeQL now takes legacy web semantics into account and resolves references to these functions correctly.
* Fixed a bug that would cause parse errors in :code:`.jsx` files in rare cases where the file contained syntax that was misinterpreted as Flow syntax.
Breaking Changes
~~~~~~~~~~~~~~~~
GitHub Actions
""""""""""""""
* The following queries have been removed from the :code:`code-scanning` and :code:`security-extended` suites.
Any existing alerts for these queries will be closed automatically.
* :code:`actions/if-expression-always-true/critical`
* :code:`actions/if-expression-always-true/high`
* :code:`actions/unnecessary-use-of-advanced-config`
* The following query has been moved from the :code:`code-scanning` suite to the :code:`security-extended` suite. Any existing alerts for this query will be closed automatically unless the analysis is configured to use the :code:`security-extended` suite.
* :code:`actions/unpinned-tag`
* The following queries have been added to the :code:`security-extended` suite.
* :code:`actions/unversioned-immutable-action`
* :code:`actions/envpath-injection/medium`
* :code:`actions/envvar-injection/medium`
* :code:`actions/code-injection/medium`
* :code:`actions/artifact-poisoning/medium`
* :code:`actions/untrusted-checkout/medium`
Minor Analysis Improvements
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Golang
""""""
* Added `github.com/gorilla/mux.Vars <https://pkg.go.dev/github.com/gorilla/mux#Vars>`__ to path sanitizers (disabled if `github.com/gorilla/mix.Router.SkipClean <https://pkg.go.dev/github.com/gorilla/mux#Router.SkipClean>`__ has been called).
GitHub Actions
""""""""""""""
* Fixed false positives in the query :code:`actions/unpinned-tag` (CWE-829), which will no longer flag uses of Docker-based GitHub actions pinned by the container's SHA256 digest.
New Queries
~~~~~~~~~~~
Java/Kotlin
"""""""""""
* Added a new query, :code:`java/csrf-unprotected-request-type`, to detect Cross-Site Request Forgery (CSRF) vulnerabilities due to using HTTP request types that are not default-protected from CSRF.
Language Libraries
------------------
Bug Fixes
~~~~~~~~~
Python
""""""
* Fixed a bug in the extractor where a comment inside a subscript could sometimes cause the AST to be missing nodes.
* Using the :code:`break` and :code:`continue` keywords outside of a loop, which is a syntax error but is accepted by our parser, would cause the control-flow construction to fail. This is now no longer the case.
Minor Analysis Improvements
~~~~~~~~~~~~~~~~~~~~~~~~~~~
C#
""
* Full support for C# 13 / .NET 9. All new language features are now supported by the extractor. QL library and data flow support for the new C# 13 language constructs and generated MaD models for the .NET 9 runtime.
* C# 13: Add generated models for .NET 9.
* The models for :code:`System.Net.Http.HttpRequestMessage` and :code:`System.UriBuilder` have been modified to better model the flow of tainted URIs.
* Blazor :code:`[Parameter]` fields bound to a variable from the route specified in the :code:`@page` directive are now modeled as remote flow sources.
Golang
""""""
* Taint models have been added for the :code:`weak` package, which was added in Go 1.24.
* Taint models have been added for the interfaces :code:`TextAppender` and :code:`BinaryAppender` in the :code:`encoding` package, which were added in Go 1.24.
JavaScript/TypeScript
"""""""""""""""""""""
* Added support for regular expressions using the :code:`v` flag.
Deprecated APIs
~~~~~~~~~~~~~~~
C#
""
* The predicates :code:`immediatelyControls` and :code:`controls` on the :code:`ConditionBlock` class have been deprecated in favor of the newly added :code:`dominatingEdge` predicate.
Golang
""""""
* The class :code:`NamedType` has been deprecated. Use the new class :code:`DefinedType` instead. This better matches the terminology used in the Go language specification, which was changed in Go 1.9.
* The member predicate :code:`getNamedType` on :code:`GoMicro::ServiceInterfaceType` has been deprecated. Use the new member predicate :code:`getDefinedType` instead.
* The member predicate :code:`getNamedType` on :code:`Twirp::ServiceInterfaceType` has been deprecated. Use the new member predicate :code:`getDefinedType` instead.
Ruby
""""
* The predicates :code:`immediatelyControls` and :code:`controls` on the :code:`ConditionBlock` class have been deprecated in favor of the newly added :code:`dominatingEdge` predicate.
Swift
"""""
* The predicates :code:`immediatelyControls` and :code:`controls` on the :code:`ConditionBlock` class have been deprecated in favor of the newly added :code:`dominatingEdge` predicate.
New Features
~~~~~~~~~~~~
GitHub Actions
""""""""""""""
* The "Unpinned tag for a non-immutable Action in workflow" query (:code:`actions/unpinned-tag`) now supports expanding the trusted action owner list using data extensions (:code:`extensible: trustedActionsOwnerDataModel`). If you trust an Action publisher, you can include the owner name/organization in a model pack to add it to the allow list for this query. This addition will prevent security alerts when using unpinned tags for Actions published by that owner. For more information on creating a model pack, see `Creating a CodeQL Model Pack <https://docs.github.com/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-and-working-with-codeql-packs#creating-a-codeql-model-pack>`__.

1
docs/codeql/codeql-overview/codeql-changelog/index.rst
View File

@@ -11,6 +11,7 @@ A list of queries for each suite and language `is available here <https://docs.g
.. toctree::
:maxdepth: 1
codeql-cli-2.20.5
codeql-cli-2.20.4
codeql-cli-2.20.3
codeql-cli-2.20.2

8
docs/codeql/reusables/supported-frameworks.rst
View File

@@ -9,6 +9,7 @@ and the CodeQL library pack ``codeql/cpp-all`` (`changelog <https://github.com/g
:header-rows: 1
:class: fullWidthTable
:widths: auto
:align: left
Name, Category
`Berkeley socket API library <https://en.wikipedia.org/wiki/Berkeley_sockets#Socket_API_functions>`__, Network communicator
@@ -26,6 +27,7 @@ and the CodeQL library pack ``codeql/csharp-all`` (`changelog <https://github.co
:header-rows: 1
:class: fullWidthTable
:widths: auto
:align: left
Name, Category
ASP.NET, Web application framework
@@ -49,6 +51,7 @@ and the CodeQL library pack ``codeql/go-all`` (`changelog <https://github.com/gi
:header-rows: 1
:class: fullWidthTable
:widths: auto
:align: left
Name, Category
`AWS Lambda <https://docs.aws.amazon.com/lambda/latest/dg/lambda-golang.html>`_, Serverless framework
@@ -105,6 +108,7 @@ and the CodeQL library pack ``codeql/java-all`` (`changelog <https://github.com/
:header-rows: 1
:class: fullWidthTable
:widths: auto
:align: left
Name, Category
Apache Commons Collections, Data structure utility library
@@ -139,6 +143,7 @@ and the CodeQL library pack ``codeql/javascript-all`` (`changelog <https://githu
:header-rows: 1
:class: fullWidthTable
:widths: auto
:align: left
Name, Category
angular (modern version), HTML framework
@@ -189,6 +194,7 @@ and the CodeQL library pack ``codeql/python-all`` (`changelog <https://github.co
:header-rows: 1
:class: fullWidthTable
:widths: auto
:align: left
Name, Category
AWS Lambda, Serverless framework
@@ -267,6 +273,7 @@ and the CodeQL library pack ``codeql/ruby-all`` (`changelog <https://github.com/
:header-rows: 1
:class: fullWidthTable
:widths: auto
:align: left
Name, Category
excon, HTTP client
@@ -293,6 +300,7 @@ and the CodeQL library pack ``codeql/swift-all`` (`changelog <https://github.com
:header-rows: 1
:class: fullWidthTable
:widths: auto
:align: left
Name, Category
`AEXML <https://github.com/tadija/AEXML>`__, XML processing library

2
go/BUILD.bazel
View File

@@ -35,10 +35,10 @@ genrule(
pkg_files(
name = "resources",
srcs = [
"LICENSE",
"codeql-extractor.yml",
"ql/lib/go.dbscheme.stats",
":dbscheme",
"//:LICENSE",
],
)

21
go/LICENSE
View File

@@ -1,21 +0,0 @@
MIT License
Copyright (c) 2019-2020 GitHub
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

2
go/Makefile
View File

@@ -61,7 +61,7 @@ test: all build/testdb/check-upgrade-path
.PHONY: build/testdb/check-upgrade-path
build/testdb/check-upgrade-path : build/testdb/go.dbscheme ql/lib/go.dbscheme
codeql dataset upgrade build/testdb --search-path ql/lib
diff -q build/testdb/go.dbscheme ql/lib/go.dbscheme
diff -u build/testdb/go.dbscheme ql/lib/go.dbscheme
.PHONY: build/testdb/go.dbscheme
build/testdb/go.dbscheme: ql/lib/upgrades/initial/go.dbscheme

16
go/documentation/library-coverage/coverage.rst
View File

@@ -8,32 +8,43 @@ Go framework & library support
Framework / library,Package,Flow sources,Taint & value steps,Sinks (total)
`Afero <https://github.com/spf13/afero>`_,``github.com/spf13/afero*``,,,34
`Bun <https://bun.uptrace.dev/>`_,``github.com/uptrace/bun*``,,,63
`CleverGo <https://github.com/clevergo/clevergo>`_,"``clevergo.tech/clevergo*``, ``github.com/clevergo/clevergo*``",,,2
`Couchbase official client(gocb) <https://github.com/couchbase/gocb>`_,"``github.com/couchbase/gocb*``, ``gopkg.in/couchbase/gocb*``",,36,16
`Couchbase unofficial client <http://www.github.com/couchbase/go-couchbase>`_,``github.com/couchbaselabs/gocb*``,,18,8
`Echo <https://echo.labstack.com/>`_,``github.com/labstack/echo*``,12,2,3
`Fiber <https://github.com/gofiber/fiber>`_,``github.com/gofiber/fiber*``,,,5
`Fosite <https://github.com/ory/fosite>`_,``github.com/ory/fosite*``,,,2
`GORM <https://gorm.io>`_,"``github.com/go-gorm/gorm*``, ``github.com/jinzhu/gorm*``, ``gorm.io/gorm*``",45,3,39
`Gin <https://github.com/gin-gonic/gin>`_,``github.com/gin-gonic/gin*``,46,2,3
`Glog <https://github.com/golang/glog>`_,"``github.com/golang/glog*``, ``gopkg.in/glog*``, ``k8s.io/klog*``",,,270
`Go JOSE <https://github.com/go-jose/go-jose>`_,"``github.com/go-jose/go-jose*``, ``github.com/square/go-jose*``, ``gopkg.in/square/go-jose*``, ``gopkg.in/go-jose/go-jose*``",,16,12
`Go kit <https://gokit.io/>`_,``github.com/go-kit/kit*``,,,1
`Go-spew <https://github.com/davecgh/go-spew>`_,``github.com/davecgh/go-spew/spew*``,,,9
`GoDotEnv <https://github.com/joho/godotenv>`_,``github.com/joho/godotenv*``,4,,
`GoFrame <https://goframe.org/en/>`_,``github.com/gogf/gf*``,,,51
`Gokogiri <https://github.com/moovweb/gokogiri>`_,"``github.com/jbowtie/gokogiri*``, ``github.com/moovweb/gokogiri*``",,,10
`Iris <https://www.iris-go.com/>`_,``github.com/kataras/iris*``,,,14
`Kubernetes <https://kubernetes.io/>`_,"``k8s.io/api*``, ``k8s.io/apimachinery*``",,57,
`Logrus <https://github.com/sirupsen/logrus>`_,"``github.com/Sirupsen/logrus*``, ``github.com/sirupsen/logrus*``",,,290
`Macaron <https://gopkg.in/macaron.v1>`_,``gopkg.in/macaron*``,12,1,1
`MongoDB Go Driver <https://www.mongodb.com/docs/drivers/go/current/>`_,``go.mongodb.org/mongo-driver*``,,,14
`Revel <http://revel.github.io/>`_,"``github.com/revel/revel*``, ``github.com/robfig/revel*``",46,20,4
`SendGrid <https://github.com/sendgrid/sendgrid-go>`_,``github.com/sendgrid/sendgrid-go*``,,1,
`Standard library <https://pkg.go.dev/std>`_,"````, ``archive/*``, ``bufio``, ``bytes``, ``cmp``, ``compress/*``, ``container/*``, ``context``, ``crypto``, ``crypto/*``, ``database/*``, ``debug/*``, ``embed``, ``encoding``, ``encoding/*``, ``errors``, ``expvar``, ``flag``, ``fmt``, ``go/*``, ``hash``, ``hash/*``, ``html``, ``html/*``, ``image``, ``image/*``, ``index/*``, ``io``, ``io/*``, ``log``, ``log/*``, ``maps``, ``math``, ``math/*``, ``mime``, ``mime/*``, ``net``, ``net/*``, ``os``, ``os/*``, ``path``, ``path/*``, ``plugin``, ``reflect``, ``reflect/*``, ``regexp``, ``regexp/*``, ``slices``, ``sort``, ``strconv``, ``strings``, ``sync``, ``sync/*``, ``syscall``, ``syscall/*``, ``testing``, ``testing/*``, ``text/*``, ``time``, ``time/*``, ``unicode``, ``unicode/*``, ``unsafe``",52,607,104
`Squirrel <https://github.com/Masterminds/squirrel>`_,"``github.com/Masterminds/squirrel*``, ``github.com/lann/squirrel*``, ``gopkg.in/Masterminds/squirrel``",,,96
`Standard library <https://pkg.go.dev/std>`_,"````, ``archive/*``, ``bufio``, ``bytes``, ``cmp``, ``compress/*``, ``container/*``, ``context``, ``crypto``, ``crypto/*``, ``database/*``, ``debug/*``, ``embed``, ``encoding``, ``encoding/*``, ``errors``, ``expvar``, ``flag``, ``fmt``, ``go/*``, ``hash``, ``hash/*``, ``html``, ``html/*``, ``image``, ``image/*``, ``index/*``, ``io``, ``io/*``, ``log``, ``log/*``, ``maps``, ``math``, ``math/*``, ``mime``, ``mime/*``, ``net``, ``net/*``, ``os``, ``os/*``, ``path``, ``path/*``, ``plugin``, ``reflect``, ``reflect/*``, ``regexp``, ``regexp/*``, ``slices``, ``sort``, ``strconv``, ``strings``, ``sync``, ``sync/*``, ``syscall``, ``syscall/*``, ``testing``, ``testing/*``, ``text/*``, ``time``, ``time/*``, ``unicode``, ``unicode/*``, ``unsafe``, ``weak``",52,609,104
`XORM <https://xorm.io>`_,"``github.com/go-xorm/xorm*``, ``xorm.io/xorm*``",,,68
`XPath <https://github.com/antchfx/xpath>`_,``github.com/antchfx/xpath*``,,,4
`appleboy/gin-jwt <https://github.com/appleboy/gin-jwt>`_,``github.com/appleboy/gin-jwt*``,,,1
`beego <https://beego.me/>`_,"``github.com/astaxie/beego*``, ``github.com/beego/beego*``",102,63,213
`chi <https://go-chi.io/>`_,``github.com/go-chi/chi*``,3,,
`cristalhq/jwt <https://github.com/cristalhq/jwt>`_,``github.com/cristalhq/jwt*``,,,1
`env <https://github.com/caarlos0/env>`_,``github.com/caarlos0/env*``,5,2,
`envconfig <https://github.com/kelseyhightower/envconfig>`_,``github.com/kelseyhightower/envconfig*``,6,,
`envy <https://github.com/gobuffalo/envy>`_,``github.com/gobuffalo/envy*``,7,,
`fasthttp <https://github.com/valyala/fasthttp>`_,``github.com/valyala/fasthttp*``,50,5,35
`gf-jwt <https://github.com/gogf/gf-jwt>`_,``github.com/gogf/gf-jwt*``,,,1
`go-envparse <https://github.com/hashicorp/go-envparse>`_,``github.com/hashicorp/go-envparse*``,1,,
`go-pg <https://pg.uptrace.dev/>`_,``github.com/go-pg/pg*``,,6,
`go-restful <https://github.com/emicklei/go-restful>`_,``github.com/emicklei/go-restful*``,7,,
`go-sh <https://github.com/codeskyblue/go-sh>`_,``github.com/codeskyblue/go-sh*``,,,4
@@ -42,6 +53,7 @@ Go framework & library support
`goproxy <https://github.com/elazarl/goproxy>`_,``github.com/elazarl/goproxy*``,2,2,2
`gorilla/mux <https://github.com/gorilla/mux>`_,``github.com/gorilla/mux*``,1,,
`gorilla/websocket <https://github.com/gorilla/websocket>`_,``github.com/gorilla/websocket*``,3,,
`gorqlite <https://github.com/rqlite/gorqlite>`_,"``github.com/raindog308/gorqlite*``, ``github.com/rqlite/gorqlite*``",,,48
`goxpath <https://github.com/ChrisTrenkamp/goxpath/wiki>`_,``github.com/ChrisTrenkamp/goxpath*``,,,3
`htmlquery <https://github.com/antchfx/htmlquery>`_,``github.com/antchfx/htmlquery*``,,,4
`json-iterator <https://github.com/json-iterator/go>`_,``github.com/json-iterator/go*``,,4,
@@ -54,12 +66,12 @@ Go framework & library support
`lestrrat-go/libxml2 <https://github.com/lestrrat-go/libxml2>`_,``github.com/lestrrat-go/libxml2*``,,,3
`nhooyr.io/websocket <https://nhooyr.io/websocket>`_,``nhooyr.io/websocket*``,2,,
`protobuf <https://pkg.go.dev/google.golang.org/protobuf>`_,"``github.com/golang/protobuf*``, ``google.golang.org/protobuf*``",,16,
`sqlx <http://jmoiron.github.io/sqlx/>`_,``github.com/jmoiron/sqlx*``,49,11,12
`ws <https://github.com/gobwas/ws>`_,``github.com/gobwas/ws*``,2,,
`xmlpath <https://gopkg.in/xmlpath.v2>`_,"``gopkg.in/xmlpath*``, ``github.com/go-xmlpath/xmlpath*``, ``github.com/crankycoder/xmlpath*``, ``launchpad.net/xmlpath*``, ``github.com/masterzen/xmlpath*``, ``github.com/going/toolkit/xmlpath*``, ``gopkg.in/go-xmlpath/xmlpath*``",,,14
`xmlquery <https://github.com/antchfx/xmlquery>`_,``github.com/antchfx/xmlquery*``,,,8
`xpathparser <https://github.com/santhosh-tekuri/xpathparser>`_,``github.com/santhosh-tekuri/xpathparser*``,,,2
`yaml <https://gopkg.in/yaml.v3>`_,``gopkg.in/yaml*``,,9,
`zap <https://go.uber.org/zap>`_,``go.uber.org/zap*``,,11,33
Others,"``github.com/Masterminds/squirrel``, ``github.com/caarlos0/env``, ``github.com/go-gorm/gorm``, ``github.com/go-xorm/xorm``, ``github.com/gobuffalo/envy``, ``github.com/gogf/gf/database/gdb``, ``github.com/hashicorp/go-envparse``, ``github.com/jinzhu/gorm``, ``github.com/jmoiron/sqlx``, ``github.com/joho/godotenv``, ``github.com/kelseyhightower/envconfig``, ``github.com/lann/squirrel``, ``github.com/raindog308/gorqlite``, ``github.com/rqlite/gorqlite``, ``github.com/uptrace/bun``, ``go.mongodb.org/mongo-driver/mongo``, ``gopkg.in/Masterminds/squirrel``, ``gorm.io/gorm``, ``weak``, ``xorm.io/xorm``",117,18,391
Totals,,459,947,1532

15
go/documentation/library-coverage/frameworks.csv
View File

@@ -1,22 +1,30 @@
Framework name,URL,Package prefixes
Standard library,https://pkg.go.dev/std, archive/* bufio bytes cmp compress/* container/* context crypto crypto/* database/* debug/* embed encoding encoding/* errors expvar flag fmt go/* hash hash/* html html/* image image/* index/* io io/* log log/* maps math math/* mime mime/* net net/* os os/* path path/* plugin reflect reflect/* regexp regexp/* slices sort strconv strings sync sync/* syscall syscall/* testing testing/* text/* time time/* unicode unicode/* unsafe
Standard library,https://pkg.go.dev/std, archive/* bufio bytes cmp compress/* container/* context crypto crypto/* database/* debug/* embed encoding encoding/* errors expvar flag fmt go/* hash hash/* html html/* image image/* index/* io io/* log log/* maps math math/* mime mime/* net net/* os os/* path path/* plugin reflect reflect/* regexp regexp/* slices sort strconv strings sync sync/* syscall syscall/* testing testing/* text/* time time/* unicode unicode/* unsafe weak
appleboy/gin-jwt,https://github.com/appleboy/gin-jwt,github.com/appleboy/gin-jwt*
Afero,https://github.com/spf13/afero,github.com/spf13/afero*
beego,https://beego.me/,github.com/astaxie/beego* github.com/beego/beego*
Bun,https://bun.uptrace.dev/,github.com/uptrace/bun*
CleverGo,https://github.com/clevergo/clevergo,clevergo.tech/clevergo* github.com/clevergo/clevergo*
Couchbase official client(gocb),https://github.com/couchbase/gocb,github.com/couchbase/gocb* gopkg.in/couchbase/gocb*
chi,https://go-chi.io/,github.com/go-chi/chi*
Couchbase unofficial client,http://www.github.com/couchbase/go-couchbase,github.com/couchbaselabs/gocb*
cristalhq/jwt,https://github.com/cristalhq/jwt,github.com/cristalhq/jwt*
Echo,https://echo.labstack.com/,github.com/labstack/echo*
env,https://github.com/caarlos0/env,github.com/caarlos0/env*
envconfig,https://github.com/kelseyhightower/envconfig,github.com/kelseyhightower/envconfig*
envy,https://github.com/gobuffalo/envy,github.com/gobuffalo/envy*
fasthttp,https://github.com/valyala/fasthttp,github.com/valyala/fasthttp*
Fiber,https://github.com/gofiber/fiber,github.com/gofiber/fiber*
Fosite,https://github.com/ory/fosite,github.com/ory/fosite*
gf-jwt,https://github.com/gogf/gf-jwt,github.com/gogf/gf-jwt*
Gin,https://github.com/gin-gonic/gin,github.com/gin-gonic/gin*
Glog,https://github.com/golang/glog,github.com/golang/glog* gopkg.in/glog* k8s.io/klog*
GoDotEnv,https://github.com/joho/godotenv,github.com/joho/godotenv*
GoFrame,https://goframe.org/en/,github.com/gogf/gf*
GORM,https://gorm.io,github.com/go-gorm/gorm* github.com/jinzhu/gorm* gorm.io/gorm*
Go JOSE,https://github.com/go-jose/go-jose,github.com/go-jose/go-jose* github.com/square/go-jose* gopkg.in/square/go-jose* gopkg.in/go-jose/go-jose*
Go kit,https://gokit.io/,github.com/go-kit/kit*
go-envparse,https://github.com/hashicorp/go-envparse,github.com/hashicorp/go-envparse*
go-pg,https://pg.uptrace.dev/,github.com/go-pg/pg*
go-restful,https://github.com/emicklei/go-restful,github.com/emicklei/go-restful*
go-sh,https://github.com/codeskyblue/go-sh,github.com/codeskyblue/go-sh*
@@ -27,6 +35,7 @@ golang.org/x/net,https://pkg.go.dev/golang.org/x/net,golang.org/x/net*
goproxy,https://github.com/elazarl/goproxy,github.com/elazarl/goproxy*
gorilla/mux,https://github.com/gorilla/mux,github.com/gorilla/mux*
gorilla/websocket,https://github.com/gorilla/websocket,github.com/gorilla/websocket*
gorqlite,https://github.com/rqlite/gorqlite,github.com/raindog308/gorqlite* github.com/rqlite/gorqlite*
goxpath,https://github.com/ChrisTrenkamp/goxpath/wiki,github.com/ChrisTrenkamp/goxpath*
htmlquery,https://github.com/antchfx/htmlquery,github.com/antchfx/htmlquery*
Iris,https://www.iris-go.com/,github.com/kataras/iris*
@@ -41,13 +50,17 @@ lestrrat-go/jwx,https://github.com/lestrrat-go/jwx,github.com/lestrrat-go/jwx* g
lestrrat-go/libxml2,https://github.com/lestrrat-go/libxml2,github.com/lestrrat-go/libxml2*
Logrus,https://github.com/sirupsen/logrus,github.com/Sirupsen/logrus* github.com/sirupsen/logrus*
Macaron,https://gopkg.in/macaron.v1,gopkg.in/macaron*
MongoDB Go Driver,https://www.mongodb.com/docs/drivers/go/current/,go.mongodb.org/mongo-driver*
nhooyr.io/websocket,https://nhooyr.io/websocket,nhooyr.io/websocket*
protobuf,https://pkg.go.dev/google.golang.org/protobuf,github.com/golang/protobuf* google.golang.org/protobuf*
Revel,http://revel.github.io/,github.com/revel/revel* github.com/robfig/revel*
SendGrid,https://github.com/sendgrid/sendgrid-go,github.com/sendgrid/sendgrid-go*
sqlx,http://jmoiron.github.io/sqlx/,github.com/jmoiron/sqlx*
Squirrel,https://github.com/Masterminds/squirrel,github.com/Masterminds/squirrel* github.com/lann/squirrel* gopkg.in/Masterminds/squirrel
ws,https://github.com/gobwas/ws,github.com/gobwas/ws*
xmlpath,https://gopkg.in/xmlpath.v2,gopkg.in/xmlpath* github.com/go-xmlpath/xmlpath* github.com/crankycoder/xmlpath* launchpad.net/xmlpath* github.com/masterzen/xmlpath* github.com/going/toolkit/xmlpath* gopkg.in/go-xmlpath/xmlpath*
xmlquery,https://github.com/antchfx/xmlquery,github.com/antchfx/xmlquery*
XORM,https://xorm.io,github.com/go-xorm/xorm* xorm.io/xorm*
XPath,https://github.com/antchfx/xpath,github.com/antchfx/xpath*
xpathparser,https://github.com/santhosh-tekuri/xpathparser,github.com/santhosh-tekuri/xpathparser*
yaml,https://gopkg.in/yaml.v3,gopkg.in/yaml*
1 Framework name URL Package prefixes
2 Standard library https://pkg.go.dev/std archive/* bufio bytes cmp compress/* container/* context crypto crypto/* database/* debug/* embed encoding encoding/* errors expvar flag fmt go/* hash hash/* html html/* image image/* index/* io io/* log log/* maps math math/* mime mime/* net net/* os os/* path path/* plugin reflect reflect/* regexp regexp/* slices sort strconv strings sync sync/* syscall syscall/* testing testing/* text/* time time/* unicode unicode/* unsafe archive/* bufio bytes cmp compress/* container/* context crypto crypto/* database/* debug/* embed encoding encoding/* errors expvar flag fmt go/* hash hash/* html html/* image image/* index/* io io/* log log/* maps math math/* mime mime/* net net/* os os/* path path/* plugin reflect reflect/* regexp regexp/* slices sort strconv strings sync sync/* syscall syscall/* testing testing/* text/* time time/* unicode unicode/* unsafe weak
3 appleboy/gin-jwt https://github.com/appleboy/gin-jwt github.com/appleboy/gin-jwt*
4 Afero https://github.com/spf13/afero github.com/spf13/afero*
5 beego https://beego.me/ github.com/astaxie/beego* github.com/beego/beego*
6 Bun https://bun.uptrace.dev/ github.com/uptrace/bun*
7 CleverGo https://github.com/clevergo/clevergo clevergo.tech/clevergo* github.com/clevergo/clevergo*
8 Couchbase official client(gocb) https://github.com/couchbase/gocb github.com/couchbase/gocb* gopkg.in/couchbase/gocb*
9 chi https://go-chi.io/ github.com/go-chi/chi*
10 Couchbase unofficial client http://www.github.com/couchbase/go-couchbase github.com/couchbaselabs/gocb*
11 cristalhq/jwt https://github.com/cristalhq/jwt github.com/cristalhq/jwt*
12 Echo https://echo.labstack.com/ github.com/labstack/echo*
13 env https://github.com/caarlos0/env github.com/caarlos0/env*
14 envconfig https://github.com/kelseyhightower/envconfig github.com/kelseyhightower/envconfig*
15 envy https://github.com/gobuffalo/envy github.com/gobuffalo/envy*
16 fasthttp https://github.com/valyala/fasthttp github.com/valyala/fasthttp*
17 Fiber https://github.com/gofiber/fiber github.com/gofiber/fiber*
18 Fosite https://github.com/ory/fosite github.com/ory/fosite*
19 gf-jwt https://github.com/gogf/gf-jwt github.com/gogf/gf-jwt*
20 Gin https://github.com/gin-gonic/gin github.com/gin-gonic/gin*
21 Glog https://github.com/golang/glog github.com/golang/glog* gopkg.in/glog* k8s.io/klog*
22 GoDotEnv https://github.com/joho/godotenv github.com/joho/godotenv*
23 GoFrame https://goframe.org/en/ github.com/gogf/gf*
24 GORM https://gorm.io github.com/go-gorm/gorm* github.com/jinzhu/gorm* gorm.io/gorm*
25 Go JOSE https://github.com/go-jose/go-jose github.com/go-jose/go-jose* github.com/square/go-jose* gopkg.in/square/go-jose* gopkg.in/go-jose/go-jose*
26 Go kit https://gokit.io/ github.com/go-kit/kit*
27 go-envparse https://github.com/hashicorp/go-envparse github.com/hashicorp/go-envparse*
28 go-pg https://pg.uptrace.dev/ github.com/go-pg/pg*
29 go-restful https://github.com/emicklei/go-restful github.com/emicklei/go-restful*
30 go-sh https://github.com/codeskyblue/go-sh github.com/codeskyblue/go-sh*
35 goproxy https://github.com/elazarl/goproxy github.com/elazarl/goproxy*
36 gorilla/mux https://github.com/gorilla/mux github.com/gorilla/mux*
37 gorilla/websocket https://github.com/gorilla/websocket github.com/gorilla/websocket*
38 gorqlite https://github.com/rqlite/gorqlite github.com/raindog308/gorqlite* github.com/rqlite/gorqlite*
39 goxpath https://github.com/ChrisTrenkamp/goxpath/wiki github.com/ChrisTrenkamp/goxpath*
40 htmlquery https://github.com/antchfx/htmlquery github.com/antchfx/htmlquery*
41 Iris https://www.iris-go.com/ github.com/kataras/iris*
50 lestrrat-go/libxml2 https://github.com/lestrrat-go/libxml2 github.com/lestrrat-go/libxml2*
51 Logrus https://github.com/sirupsen/logrus github.com/Sirupsen/logrus* github.com/sirupsen/logrus*
52 Macaron https://gopkg.in/macaron.v1 gopkg.in/macaron*
53 MongoDB Go Driver https://www.mongodb.com/docs/drivers/go/current/ go.mongodb.org/mongo-driver*
54 nhooyr.io/websocket https://nhooyr.io/websocket nhooyr.io/websocket*
55 protobuf https://pkg.go.dev/google.golang.org/protobuf github.com/golang/protobuf* google.golang.org/protobuf*
56 Revel http://revel.github.io/ github.com/revel/revel* github.com/robfig/revel*
57 SendGrid https://github.com/sendgrid/sendgrid-go github.com/sendgrid/sendgrid-go*
58 sqlx http://jmoiron.github.io/sqlx/ github.com/jmoiron/sqlx*
59 Squirrel https://github.com/Masterminds/squirrel github.com/Masterminds/squirrel* github.com/lann/squirrel* gopkg.in/Masterminds/squirrel
60 ws https://github.com/gobwas/ws github.com/gobwas/ws*
61 xmlpath https://gopkg.in/xmlpath.v2 gopkg.in/xmlpath* github.com/go-xmlpath/xmlpath* github.com/crankycoder/xmlpath* launchpad.net/xmlpath* github.com/masterzen/xmlpath* github.com/going/toolkit/xmlpath* gopkg.in/go-xmlpath/xmlpath*
62 xmlquery https://github.com/antchfx/xmlquery github.com/antchfx/xmlquery*
63 XORM https://xorm.io github.com/go-xorm/xorm* xorm.io/xorm*
64 XPath https://github.com/antchfx/xpath github.com/antchfx/xpath*
65 xpathparser https://github.com/santhosh-tekuri/xpathparser github.com/santhosh-tekuri/xpathparser*
66 yaml https://gopkg.in/yaml.v3 gopkg.in/yaml*

552
go/downgrades/b3da71c3ac204b557c86e9d9c26012360bdbdccb/go.dbscheme Normal file
View File

@@ -0,0 +1,552 @@
/** Auto-generated dbscheme; do not edit. Run `make gen` in directory `go/` to regenerate. */
/** Duplicate code **/
duplicateCode(
unique int id : @duplication,
varchar(900) relativePath : string ref,
int equivClass : int ref);
similarCode(
unique int id : @similarity,
varchar(900) relativePath : string ref,
int equivClass : int ref);
@duplication_or_similarity = @duplication | @similarity;
tokens(
int id : @duplication_or_similarity ref,
int offset : int ref,
int beginLine : int ref,
int beginColumn : int ref,
int endLine : int ref,
int endColumn : int ref);
/** External data **/
externalData(
int id : @externalDataElement,
varchar(900) path : string ref,
int column: int ref,
varchar(900) value : string ref
);
snapshotDate(unique date snapshotDate : date ref);
sourceLocationPrefix(varchar(900) prefix : string ref);
/*
* XML Files
*/
xmlEncoding(
unique int id: @file ref,
string encoding: string ref
);
xmlDTDs(
unique int id: @xmldtd,
string root: string ref,
string publicId: string ref,
string systemId: string ref,
int fileid: @file ref
);
xmlElements(
unique int id: @xmlelement,
string name: string ref,
int parentid: @xmlparent ref,
int idx: int ref,
int fileid: @file ref
);
xmlAttrs(
unique int id: @xmlattribute,
int elementid: @xmlelement ref,
string name: string ref,
string value: string ref,
int idx: int ref,
int fileid: @file ref
);
xmlNs(
int id: @xmlnamespace,
string prefixName: string ref,
string URI: string ref,
int fileid: @file ref
);
xmlHasNs(
int elementId: @xmlnamespaceable ref,
int nsId: @xmlnamespace ref,
int fileid: @file ref
);
xmlComments(
unique int id: @xmlcomment,
string text: string ref,
int parentid: @xmlparent ref,
int fileid: @file ref
);
xmlChars(
unique int id: @xmlcharacters,
string text: string ref,
int parentid: @xmlparent ref,
int idx: int ref,
int isCDATA: int ref,
int fileid: @file ref
);
@xmlparent = @file | @xmlelement;
@xmlnamespaceable = @xmlelement | @xmlattribute;
xmllocations(
int xmlElement: @xmllocatable ref,
int location: @location_default ref
);
@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace;
compilations(unique int id: @compilation, string cwd: string ref);
#keyset[id, num]
compilation_args(int id: @compilation ref, int num: int ref, string arg: string ref);
#keyset[id, num, kind]
compilation_time(int id: @compilation ref, int num: int ref, int kind: int ref, float secs: float ref);
diagnostic_for(unique int diagnostic: @diagnostic ref, int compilation: @compilation ref, int file_number: int ref, int file_number_diagnostic_number: int ref);
compilation_finished(unique int id: @compilation ref, float cpu_seconds: float ref, float elapsed_seconds: float ref);
#keyset[id, num]
compilation_compiling_files(int id: @compilation ref, int num: int ref, int file: @file ref);
diagnostics(unique int id: @diagnostic, int severity: int ref, string error_tag: string ref, string error_message: string ref,
string full_error_message: string ref, int location: @location ref);
locations_default(unique int id: @location_default, int file: @file ref, int beginLine: int ref, int beginColumn: int ref,
int endLine: int ref, int endColumn: int ref);
numlines(int element_id: @sourceline ref, int num_lines: int ref, int num_code: int ref, int num_comment: int ref);
files(unique int id: @file, string name: string ref);
folders(unique int id: @folder, string name: string ref);
containerparent(int parent: @container ref, unique int child: @container ref);
has_location(unique int locatable: @locatable ref, int location: @location ref);
#keyset[parent, idx]
comment_groups(unique int id: @comment_group, int parent: @file ref, int idx: int ref);
comments(unique int id: @comment, int kind: int ref, int parent: @comment_group ref, int idx: int ref, string text: string ref);
doc_comments(unique int node: @documentable ref, int comment: @comment_group ref);
#keyset[parent, idx]
exprs(unique int id: @expr, int kind: int ref, int parent: @exprparent ref, int idx: int ref);
literals(unique int expr: @expr ref, string value: string ref, string raw: string ref);
constvalues(unique int expr: @expr ref, string value: string ref, string exact: string ref);
fields(unique int id: @field, int parent: @fieldparent ref, int idx: int ref);
typeparamdecls(unique int id: @typeparamdecl, int parent: @typeparamdeclparent ref, int idx: int ref);
#keyset[parent, idx]
stmts(unique int id: @stmt, int kind: int ref, int parent: @stmtparent ref, int idx: int ref);
#keyset[parent, idx]
decls(unique int id: @decl, int kind: int ref, int parent: @declparent ref, int idx: int ref);
#keyset[parent, idx]
specs(unique int id: @spec, int kind: int ref, int parent: @gendecl ref, int idx: int ref);
scopes(unique int id: @scope, int kind: int ref);
scopenesting(unique int inner: @scope ref, int outer: @scope ref);
scopenodes(unique int node: @scopenode ref, int scope: @localscope ref);
objects(unique int id: @object, int kind: int ref, string name: string ref);
objectscopes(unique int object: @object ref, int scope: @scope ref);
objecttypes(unique int object: @object ref, int tp: @type ref);
methodreceivers(unique int method: @object ref, int receiver: @object ref);
fieldstructs(unique int field: @object ref, int struct: @structtype ref);
methodhosts(int method: @object ref, int host: @namedtype ref);
defs(int ident: @ident ref, int object: @object ref);
uses(int ident: @ident ref, int object: @object ref);
types(unique int id: @type, int kind: int ref);
type_of(unique int expr: @expr ref, int tp: @type ref);
typename(unique int tp: @type ref, string name: string ref);
key_type(unique int map: @maptype ref, int tp: @type ref);
element_type(unique int container: @containertype ref, int tp: @type ref);
base_type(unique int ptr: @pointertype ref, int tp: @type ref);
underlying_type(unique int named: @namedtype ref, int tp: @type ref);
#keyset[parent, index]
component_types(int parent: @compositetype ref, int index: int ref, string name: string ref, int tp: @type ref);
#keyset[parent, index]
struct_tags(int parent: @structtype ref, int index: int ref, string tag: string ref);
#keyset[interface, index]
interface_private_method_ids(int interface: @interfacetype ref, int index: int ref, string id: string ref);
array_length(unique int tp: @arraytype ref, string len: string ref);
type_objects(unique int tp: @type ref, int object: @object ref);
packages(unique int id: @package, string name: string ref, string path: string ref, int scope: @packagescope ref);
#keyset[parent, idx]
modexprs(unique int id: @modexpr, int kind: int ref, int parent: @modexprparent ref, int idx: int ref);
#keyset[parent, idx]
modtokens(string token: string ref, int parent: @modexpr ref, int idx: int ref);
#keyset[package, idx]
errors(unique int id: @error, int kind: int ref, string msg: string ref, string rawpos: string ref,
string file: string ref, int line: int ref, int col: int ref, int package: @package ref, int idx: int ref);
has_ellipsis(int id: @callorconversionexpr ref);
variadic(int id: @signaturetype ref);
#keyset[parent, idx]
typeparam(unique int tp: @typeparamtype ref, string name: string ref, int bound: @compositetype ref,
int parent: @typeparamparentobject ref, int idx: int ref);
@container = @file | @folder;
@locatable = @xmllocatable | @node | @localscope;
@node = @documentable | @exprparent | @modexprparent | @fieldparent | @stmtparent | @declparent | @typeparamdeclparent
| @scopenode | @comment_group | @comment;
@documentable = @file | @field | @typeparamdecl | @spec | @gendecl | @funcdecl | @modexpr;
@exprparent = @funcdef | @file | @expr | @field | @stmt | @decl | @typeparamdecl | @spec;
@modexprparent = @file | @modexpr;
@fieldparent = @decl | @structtypeexpr | @functypeexpr | @interfacetypeexpr;
@stmtparent = @funcdef | @stmt | @decl;
@declparent = @file | @declstmt;
@typeparamdeclparent = @funcdecl | @typespec;
@funcdef = @funclit | @funcdecl;
@scopenode = @file | @functypeexpr | @blockstmt | @ifstmt | @caseclause | @switchstmt | @commclause | @loopstmt;
@location = @location_default;
@sourceline = @locatable;
case @comment.kind of
0 = @slashslashcomment
| 1 = @slashstarcomment;
case @expr.kind of
0 = @badexpr
| 1 = @ident
| 2 = @ellipsis
| 3 = @intlit
| 4 = @floatlit
| 5 = @imaglit
| 6 = @charlit
| 7 = @stringlit
| 8 = @funclit
| 9 = @compositelit
| 10 = @parenexpr
| 11 = @selectorexpr
| 12 = @indexexpr
| 13 = @genericfunctioninstantiationexpr
| 14 = @generictypeinstantiationexpr
| 15 = @sliceexpr
| 16 = @typeassertexpr
| 17 = @callorconversionexpr
| 18 = @starexpr
| 19 = @keyvalueexpr
| 20 = @arraytypeexpr
| 21 = @structtypeexpr
| 22 = @functypeexpr
| 23 = @interfacetypeexpr
| 24 = @maptypeexpr
| 25 = @typesetliteralexpr
| 26 = @plusexpr
| 27 = @minusexpr
| 28 = @notexpr
| 29 = @complementexpr
| 30 = @derefexpr
| 31 = @addressexpr
| 32 = @arrowexpr
| 33 = @lorexpr
| 34 = @landexpr
| 35 = @eqlexpr
| 36 = @neqexpr
| 37 = @lssexpr
| 38 = @leqexpr
| 39 = @gtrexpr
| 40 = @geqexpr
| 41 = @addexpr
| 42 = @subexpr
| 43 = @orexpr
| 44 = @xorexpr
| 45 = @mulexpr
| 46 = @quoexpr
| 47 = @remexpr
| 48 = @shlexpr
| 49 = @shrexpr
| 50 = @andexpr
| 51 = @andnotexpr
| 52 = @sendchantypeexpr
| 53 = @recvchantypeexpr
| 54 = @sendrcvchantypeexpr;
@basiclit = @intlit | @floatlit | @imaglit | @charlit | @stringlit;
@operatorexpr = @logicalexpr | @arithmeticexpr | @bitwiseexpr | @unaryexpr | @binaryexpr;
@logicalexpr = @logicalunaryexpr | @logicalbinaryexpr;
@arithmeticexpr = @arithmeticunaryexpr | @arithmeticbinaryexpr;
@bitwiseexpr = @bitwiseunaryexpr | @bitwisebinaryexpr;
@unaryexpr = @logicalunaryexpr | @bitwiseunaryexpr | @arithmeticunaryexpr | @derefexpr | @addressexpr | @arrowexpr;
@logicalunaryexpr = @notexpr;
@bitwiseunaryexpr = @complementexpr;
@arithmeticunaryexpr = @plusexpr | @minusexpr;
@binaryexpr = @logicalbinaryexpr | @bitwisebinaryexpr | @arithmeticbinaryexpr | @comparison;
@logicalbinaryexpr = @lorexpr | @landexpr;
@bitwisebinaryexpr = @shiftexpr | @orexpr | @xorexpr | @andexpr | @andnotexpr;
@arithmeticbinaryexpr = @addexpr | @subexpr | @mulexpr | @quoexpr | @remexpr;
@shiftexpr = @shlexpr | @shrexpr;
@comparison = @equalitytest | @relationalcomparison;
@equalitytest = @eqlexpr | @neqexpr;
@relationalcomparison = @lssexpr | @leqexpr | @gtrexpr | @geqexpr;
@chantypeexpr = @sendchantypeexpr | @recvchantypeexpr | @sendrcvchantypeexpr;
case @stmt.kind of
0 = @badstmt
| 1 = @declstmt
| 2 = @emptystmt
| 3 = @labeledstmt
| 4 = @exprstmt
| 5 = @sendstmt
| 6 = @incstmt
| 7 = @decstmt
| 8 = @gostmt
| 9 = @deferstmt
| 10 = @returnstmt
| 11 = @breakstmt
| 12 = @continuestmt
| 13 = @gotostmt
| 14 = @fallthroughstmt
| 15 = @blockstmt
| 16 = @ifstmt
| 17 = @caseclause
| 18 = @exprswitchstmt
| 19 = @typeswitchstmt
| 20 = @commclause
| 21 = @selectstmt
| 22 = @forstmt
| 23 = @rangestmt
| 24 = @assignstmt
| 25 = @definestmt
| 26 = @addassignstmt
| 27 = @subassignstmt
| 28 = @mulassignstmt
| 29 = @quoassignstmt
| 30 = @remassignstmt
| 31 = @andassignstmt
| 32 = @orassignstmt
| 33 = @xorassignstmt
| 34 = @shlassignstmt
| 35 = @shrassignstmt
| 36 = @andnotassignstmt;
@incdecstmt = @incstmt | @decstmt;
@assignment = @simpleassignstmt | @compoundassignstmt;
@simpleassignstmt = @assignstmt | @definestmt;
@compoundassignstmt = @addassignstmt | @subassignstmt | @mulassignstmt | @quoassignstmt | @remassignstmt
| @andassignstmt | @orassignstmt | @xorassignstmt | @shlassignstmt | @shrassignstmt | @andnotassignstmt;
@branchstmt = @breakstmt | @continuestmt | @gotostmt | @fallthroughstmt;
@switchstmt = @exprswitchstmt | @typeswitchstmt;
@loopstmt = @forstmt | @rangestmt;
case @decl.kind of
0 = @baddecl
| 1 = @importdecl
| 2 = @constdecl
| 3 = @typedecl
| 4 = @vardecl
| 5 = @funcdecl;
@gendecl = @importdecl | @constdecl | @typedecl | @vardecl;
case @spec.kind of
0 = @importspec
| 1 = @valuespec
| 2 = @typedefspec
| 3 = @aliasspec;
@typespec = @typedefspec | @aliasspec;
case @object.kind of
0 = @pkgobject
| 1 = @decltypeobject
| 2 = @builtintypeobject
| 3 = @declconstobject
| 4 = @builtinconstobject
| 5 = @declvarobject
| 6 = @declfunctionobject
| 7 = @builtinfunctionobject
| 8 = @labelobject;
@typeparamparentobject = @decltypeobject | @declfunctionobject;
@declobject = @decltypeobject | @declconstobject | @declvarobject | @declfunctionobject;
@builtinobject = @builtintypeobject | @builtinconstobject | @builtinfunctionobject;
@typeobject = @decltypeobject | @builtintypeobject;
@valueobject = @constobject | @varobject | @functionobject;
@constobject = @declconstobject | @builtinconstobject;
@varobject = @declvarobject;
@functionobject = @declfunctionobject | @builtinfunctionobject;
case @scope.kind of
0 = @universescope
| 1 = @packagescope
| 2 = @localscope;
case @type.kind of
0 = @invalidtype
| 1 = @boolexprtype
| 2 = @inttype
| 3 = @int8type
| 4 = @int16type
| 5 = @int32type
| 6 = @int64type
| 7 = @uinttype
| 8 = @uint8type
| 9 = @uint16type
| 10 = @uint32type
| 11 = @uint64type
| 12 = @uintptrtype
| 13 = @float32type
| 14 = @float64type
| 15 = @complex64type
| 16 = @complex128type
| 17 = @stringexprtype
| 18 = @unsafepointertype
| 19 = @boolliteraltype
| 20 = @intliteraltype
| 21 = @runeliteraltype
| 22 = @floatliteraltype
| 23 = @complexliteraltype
| 24 = @stringliteraltype
| 25 = @nilliteraltype
| 26 = @typeparamtype
| 27 = @arraytype
| 28 = @slicetype
| 29 = @structtype
| 30 = @pointertype
| 31 = @interfacetype
| 32 = @tupletype
| 33 = @signaturetype
| 34 = @maptype
| 35 = @sendchantype
| 36 = @recvchantype
| 37 = @sendrcvchantype
| 38 = @namedtype
| 39 = @typesetliteraltype;
@basictype = @booltype | @numerictype | @stringtype | @literaltype | @invalidtype | @unsafepointertype;
@booltype = @boolexprtype | @boolliteraltype;
@numerictype = @integertype | @floattype | @complextype;
@integertype = @signedintegertype | @unsignedintegertype;
@signedintegertype = @inttype | @int8type | @int16type | @int32type | @int64type | @intliteraltype | @runeliteraltype;
@unsignedintegertype = @uinttype | @uint8type | @uint16type | @uint32type | @uint64type | @uintptrtype;
@floattype = @float32type | @float64type | @floatliteraltype;
@complextype = @complex64type | @complex128type | @complexliteraltype;
@stringtype = @stringexprtype | @stringliteraltype;
@literaltype = @boolliteraltype | @intliteraltype | @runeliteraltype | @floatliteraltype | @complexliteraltype
| @stringliteraltype | @nilliteraltype;
@compositetype = @typeparamtype | @containertype | @structtype | @pointertype | @interfacetype | @tupletype
| @signaturetype | @namedtype | @typesetliteraltype;
@containertype = @arraytype | @slicetype | @maptype | @chantype;
@chantype = @sendchantype | @recvchantype | @sendrcvchantype;
case @modexpr.kind of
0 = @modcommentblock
| 1 = @modline
| 2 = @modlineblock
| 3 = @modlparen
| 4 = @modrparen;
case @error.kind of
0 = @unknownerror
| 1 = @listerror
| 2 = @parseerror
| 3 = @typeerror;

552
go/downgrades/b3da71c3ac204b557c86e9d9c26012360bdbdccb/old.dbscheme Normal file
View File

@@ -0,0 +1,552 @@
/** Auto-generated dbscheme; do not edit. Run `make gen` in directory `go/` to regenerate. */
/** Duplicate code **/
duplicateCode(
unique int id : @duplication,
varchar(900) relativePath : string ref,
int equivClass : int ref);
similarCode(
unique int id : @similarity,
varchar(900) relativePath : string ref,
int equivClass : int ref);
@duplication_or_similarity = @duplication | @similarity;
tokens(
int id : @duplication_or_similarity ref,
int offset : int ref,
int beginLine : int ref,
int beginColumn : int ref,
int endLine : int ref,
int endColumn : int ref);
/** External data **/
externalData(
int id : @externalDataElement,
varchar(900) path : string ref,
int column: int ref,
varchar(900) value : string ref
);
snapshotDate(unique date snapshotDate : date ref);
sourceLocationPrefix(varchar(900) prefix : string ref);
/*
* XML Files
*/
xmlEncoding(
unique int id: @file ref,
string encoding: string ref
);
xmlDTDs(
unique int id: @xmldtd,
string root: string ref,
string publicId: string ref,
string systemId: string ref,
int fileid: @file ref
);
xmlElements(
unique int id: @xmlelement,
string name: string ref,
int parentid: @xmlparent ref,
int idx: int ref,
int fileid: @file ref
);
xmlAttrs(
unique int id: @xmlattribute,
int elementid: @xmlelement ref,
string name: string ref,
string value: string ref,
int idx: int ref,
int fileid: @file ref
);
xmlNs(
int id: @xmlnamespace,
string prefixName: string ref,
string URI: string ref,
int fileid: @file ref
);
xmlHasNs(
int elementId: @xmlnamespaceable ref,
int nsId: @xmlnamespace ref,
int fileid: @file ref
);
xmlComments(
unique int id: @xmlcomment,
string text: string ref,
int parentid: @xmlparent ref,
int fileid: @file ref
);
xmlChars(
unique int id: @xmlcharacters,
string text: string ref,
int parentid: @xmlparent ref,
int idx: int ref,
int isCDATA: int ref,
int fileid: @file ref
);
@xmlparent = @file | @xmlelement;
@xmlnamespaceable = @xmlelement | @xmlattribute;
xmllocations(
int xmlElement: @xmllocatable ref,
int location: @location_default ref
);
@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace;
compilations(unique int id: @compilation, string cwd: string ref);
#keyset[id, num]
compilation_args(int id: @compilation ref, int num: int ref, string arg: string ref);
#keyset[id, num, kind]
compilation_time(int id: @compilation ref, int num: int ref, int kind: int ref, float secs: float ref);
diagnostic_for(unique int diagnostic: @diagnostic ref, int compilation: @compilation ref, int file_number: int ref, int file_number_diagnostic_number: int ref);
compilation_finished(unique int id: @compilation ref, float cpu_seconds: float ref, float elapsed_seconds: float ref);
#keyset[id, num]
compilation_compiling_files(int id: @compilation ref, int num: int ref, int file: @file ref);
diagnostics(unique int id: @diagnostic, int severity: int ref, string error_tag: string ref, string error_message: string ref,
string full_error_message: string ref, int location: @location ref);
locations_default(unique int id: @location_default, int file: @file ref, int beginLine: int ref, int beginColumn: int ref,
int endLine: int ref, int endColumn: int ref);
numlines(int element_id: @sourceline ref, int num_lines: int ref, int num_code: int ref, int num_comment: int ref);
files(unique int id: @file, string name: string ref);
folders(unique int id: @folder, string name: string ref);
containerparent(int parent: @container ref, unique int child: @container ref);
has_location(unique int locatable: @locatable ref, int location: @location ref);
#keyset[parent, idx]
comment_groups(unique int id: @comment_group, int parent: @file ref, int idx: int ref);
comments(unique int id: @comment, int kind: int ref, int parent: @comment_group ref, int idx: int ref, string text: string ref);
doc_comments(unique int node: @documentable ref, int comment: @comment_group ref);
#keyset[parent, idx]
exprs(unique int id: @expr, int kind: int ref, int parent: @exprparent ref, int idx: int ref);
literals(unique int expr: @expr ref, string value: string ref, string raw: string ref);
constvalues(unique int expr: @expr ref, string value: string ref, string exact: string ref);
fields(unique int id: @field, int parent: @fieldparent ref, int idx: int ref);
typeparamdecls(unique int id: @typeparamdecl, int parent: @typeparamdeclparent ref, int idx: int ref);
#keyset[parent, idx]
stmts(unique int id: @stmt, int kind: int ref, int parent: @stmtparent ref, int idx: int ref);
#keyset[parent, idx]
decls(unique int id: @decl, int kind: int ref, int parent: @declparent ref, int idx: int ref);
#keyset[parent, idx]
specs(unique int id: @spec, int kind: int ref, int parent: @gendecl ref, int idx: int ref);
scopes(unique int id: @scope, int kind: int ref);
scopenesting(unique int inner: @scope ref, int outer: @scope ref);
scopenodes(unique int node: @scopenode ref, int scope: @localscope ref);
objects(unique int id: @object, int kind: int ref, string name: string ref);
objectscopes(unique int object: @object ref, int scope: @scope ref);
objecttypes(unique int object: @object ref, int tp: @type ref);
methodreceivers(unique int method: @object ref, int receiver: @object ref);
fieldstructs(unique int field: @object ref, int struct: @structtype ref);
methodhosts(int method: @object ref, int host: @definedtype ref);
defs(int ident: @ident ref, int object: @object ref);
uses(int ident: @ident ref, int object: @object ref);
types(unique int id: @type, int kind: int ref);
type_of(unique int expr: @expr ref, int tp: @type ref);
typename(unique int tp: @type ref, string name: string ref);
key_type(unique int map: @maptype ref, int tp: @type ref);
element_type(unique int container: @containertype ref, int tp: @type ref);
base_type(unique int ptr: @pointertype ref, int tp: @type ref);
underlying_type(unique int defined: @definedtype ref, int tp: @type ref);
#keyset[parent, index]
component_types(int parent: @compositetype ref, int index: int ref, string name: string ref, int tp: @type ref);
#keyset[parent, index]
struct_tags(int parent: @structtype ref, int index: int ref, string tag: string ref);
#keyset[interface, index]
interface_private_method_ids(int interface: @interfacetype ref, int index: int ref, string id: string ref);
array_length(unique int tp: @arraytype ref, string len: string ref);
type_objects(unique int tp: @type ref, int object: @object ref);
packages(unique int id: @package, string name: string ref, string path: string ref, int scope: @packagescope ref);
#keyset[parent, idx]
modexprs(unique int id: @modexpr, int kind: int ref, int parent: @modexprparent ref, int idx: int ref);
#keyset[parent, idx]
modtokens(string token: string ref, int parent: @modexpr ref, int idx: int ref);
#keyset[package, idx]
errors(unique int id: @error, int kind: int ref, string msg: string ref, string rawpos: string ref,
string file: string ref, int line: int ref, int col: int ref, int package: @package ref, int idx: int ref);
has_ellipsis(int id: @callorconversionexpr ref);
variadic(int id: @signaturetype ref);
#keyset[parent, idx]
typeparam(unique int tp: @typeparamtype ref, string name: string ref, int bound: @compositetype ref,
int parent: @typeparamparentobject ref, int idx: int ref);
@container = @file | @folder;
@locatable = @xmllocatable | @node | @localscope;
@node = @documentable | @exprparent | @modexprparent | @fieldparent | @stmtparent | @declparent | @typeparamdeclparent
| @scopenode | @comment_group | @comment;
@documentable = @file | @field | @typeparamdecl | @spec | @gendecl | @funcdecl | @modexpr;
@exprparent = @funcdef | @file | @expr | @field | @stmt | @decl | @typeparamdecl | @spec;
@modexprparent = @file | @modexpr;
@fieldparent = @decl | @structtypeexpr | @functypeexpr | @interfacetypeexpr;
@stmtparent = @funcdef | @stmt | @decl;
@declparent = @file | @declstmt;
@typeparamdeclparent = @funcdecl | @typespec;
@funcdef = @funclit | @funcdecl;
@scopenode = @file | @functypeexpr | @blockstmt | @ifstmt | @caseclause | @switchstmt | @commclause | @loopstmt;
@location = @location_default;
@sourceline = @locatable;
case @comment.kind of
0 = @slashslashcomment
| 1 = @slashstarcomment;
case @expr.kind of
0 = @badexpr
| 1 = @ident
| 2 = @ellipsis
| 3 = @intlit
| 4 = @floatlit
| 5 = @imaglit
| 6 = @charlit
| 7 = @stringlit
| 8 = @funclit
| 9 = @compositelit
| 10 = @parenexpr
| 11 = @selectorexpr
| 12 = @indexexpr
| 13 = @genericfunctioninstantiationexpr
| 14 = @generictypeinstantiationexpr
| 15 = @sliceexpr
| 16 = @typeassertexpr
| 17 = @callorconversionexpr
| 18 = @starexpr
| 19 = @keyvalueexpr
| 20 = @arraytypeexpr
| 21 = @structtypeexpr
| 22 = @functypeexpr
| 23 = @interfacetypeexpr
| 24 = @maptypeexpr
| 25 = @typesetliteralexpr
| 26 = @plusexpr
| 27 = @minusexpr
| 28 = @notexpr
| 29 = @complementexpr
| 30 = @derefexpr
| 31 = @addressexpr
| 32 = @arrowexpr
| 33 = @lorexpr
| 34 = @landexpr
| 35 = @eqlexpr
| 36 = @neqexpr
| 37 = @lssexpr
| 38 = @leqexpr
| 39 = @gtrexpr
| 40 = @geqexpr
| 41 = @addexpr
| 42 = @subexpr
| 43 = @orexpr
| 44 = @xorexpr
| 45 = @mulexpr
| 46 = @quoexpr
| 47 = @remexpr
| 48 = @shlexpr
| 49 = @shrexpr
| 50 = @andexpr
| 51 = @andnotexpr
| 52 = @sendchantypeexpr
| 53 = @recvchantypeexpr
| 54 = @sendrcvchantypeexpr;
@basiclit = @intlit | @floatlit | @imaglit | @charlit | @stringlit;
@operatorexpr = @logicalexpr | @arithmeticexpr | @bitwiseexpr | @unaryexpr | @binaryexpr;
@logicalexpr = @logicalunaryexpr | @logicalbinaryexpr;
@arithmeticexpr = @arithmeticunaryexpr | @arithmeticbinaryexpr;
@bitwiseexpr = @bitwiseunaryexpr | @bitwisebinaryexpr;
@unaryexpr = @logicalunaryexpr | @bitwiseunaryexpr | @arithmeticunaryexpr | @derefexpr | @addressexpr | @arrowexpr;
@logicalunaryexpr = @notexpr;
@bitwiseunaryexpr = @complementexpr;
@arithmeticunaryexpr = @plusexpr | @minusexpr;
@binaryexpr = @logicalbinaryexpr | @bitwisebinaryexpr | @arithmeticbinaryexpr | @comparison;
@logicalbinaryexpr = @lorexpr | @landexpr;
@bitwisebinaryexpr = @shiftexpr | @orexpr | @xorexpr | @andexpr | @andnotexpr;
@arithmeticbinaryexpr = @addexpr | @subexpr | @mulexpr | @quoexpr | @remexpr;
@shiftexpr = @shlexpr | @shrexpr;
@comparison = @equalitytest | @relationalcomparison;
@equalitytest = @eqlexpr | @neqexpr;
@relationalcomparison = @lssexpr | @leqexpr | @gtrexpr | @geqexpr;
@chantypeexpr = @sendchantypeexpr | @recvchantypeexpr | @sendrcvchantypeexpr;
case @stmt.kind of
0 = @badstmt
| 1 = @declstmt
| 2 = @emptystmt
| 3 = @labeledstmt
| 4 = @exprstmt
| 5 = @sendstmt
| 6 = @incstmt
| 7 = @decstmt
| 8 = @gostmt
| 9 = @deferstmt
| 10 = @returnstmt
| 11 = @breakstmt
| 12 = @continuestmt
| 13 = @gotostmt
| 14 = @fallthroughstmt
| 15 = @blockstmt
| 16 = @ifstmt
| 17 = @caseclause
| 18 = @exprswitchstmt
| 19 = @typeswitchstmt
| 20 = @commclause
| 21 = @selectstmt
| 22 = @forstmt
| 23 = @rangestmt
| 24 = @assignstmt
| 25 = @definestmt
| 26 = @addassignstmt
| 27 = @subassignstmt
| 28 = @mulassignstmt
| 29 = @quoassignstmt
| 30 = @remassignstmt
| 31 = @andassignstmt
| 32 = @orassignstmt
| 33 = @xorassignstmt
| 34 = @shlassignstmt
| 35 = @shrassignstmt
| 36 = @andnotassignstmt;
@incdecstmt = @incstmt | @decstmt;
@assignment = @simpleassignstmt | @compoundassignstmt;
@simpleassignstmt = @assignstmt | @definestmt;
@compoundassignstmt = @addassignstmt | @subassignstmt | @mulassignstmt | @quoassignstmt | @remassignstmt
| @andassignstmt | @orassignstmt | @xorassignstmt | @shlassignstmt | @shrassignstmt | @andnotassignstmt;
@branchstmt = @breakstmt | @continuestmt | @gotostmt | @fallthroughstmt;
@switchstmt = @exprswitchstmt | @typeswitchstmt;
@loopstmt = @forstmt | @rangestmt;
case @decl.kind of
0 = @baddecl
| 1 = @importdecl
| 2 = @constdecl
| 3 = @typedecl
| 4 = @vardecl
| 5 = @funcdecl;
@gendecl = @importdecl | @constdecl | @typedecl | @vardecl;
case @spec.kind of
0 = @importspec
| 1 = @valuespec
| 2 = @typedefspec
| 3 = @aliasspec;
@typespec = @typedefspec | @aliasspec;
case @object.kind of
0 = @pkgobject
| 1 = @decltypeobject
| 2 = @builtintypeobject
| 3 = @declconstobject
| 4 = @builtinconstobject
| 5 = @declvarobject
| 6 = @declfunctionobject
| 7 = @builtinfunctionobject
| 8 = @labelobject;
@typeparamparentobject = @decltypeobject | @declfunctionobject;
@declobject = @decltypeobject | @declconstobject | @declvarobject | @declfunctionobject;
@builtinobject = @builtintypeobject | @builtinconstobject | @builtinfunctionobject;
@typeobject = @decltypeobject | @builtintypeobject;
@valueobject = @constobject | @varobject | @functionobject;
@constobject = @declconstobject | @builtinconstobject;
@varobject = @declvarobject;
@functionobject = @declfunctionobject | @builtinfunctionobject;
case @scope.kind of
0 = @universescope
| 1 = @packagescope
| 2 = @localscope;
case @type.kind of
0 = @invalidtype
| 1 = @boolexprtype
| 2 = @inttype
| 3 = @int8type
| 4 = @int16type
| 5 = @int32type
| 6 = @int64type
| 7 = @uinttype
| 8 = @uint8type
| 9 = @uint16type
| 10 = @uint32type
| 11 = @uint64type
| 12 = @uintptrtype
| 13 = @float32type
| 14 = @float64type
| 15 = @complex64type
| 16 = @complex128type
| 17 = @stringexprtype
| 18 = @unsafepointertype
| 19 = @boolliteraltype
| 20 = @intliteraltype
| 21 = @runeliteraltype
| 22 = @floatliteraltype
| 23 = @complexliteraltype
| 24 = @stringliteraltype
| 25 = @nilliteraltype
| 26 = @typeparamtype
| 27 = @arraytype
| 28 = @slicetype
| 29 = @structtype
| 30 = @pointertype
| 31 = @interfacetype
| 32 = @tupletype
| 33 = @signaturetype
| 34 = @maptype
| 35 = @sendchantype
| 36 = @recvchantype
| 37 = @sendrcvchantype
| 38 = @definedtype
| 39 = @typesetliteraltype;
@basictype = @booltype | @numerictype | @stringtype | @literaltype | @invalidtype | @unsafepointertype;
@booltype = @boolexprtype | @boolliteraltype;
@numerictype = @integertype | @floattype | @complextype;
@integertype = @signedintegertype | @unsignedintegertype;
@signedintegertype = @inttype | @int8type | @int16type | @int32type | @int64type | @intliteraltype | @runeliteraltype;
@unsignedintegertype = @uinttype | @uint8type | @uint16type | @uint32type | @uint64type | @uintptrtype;
@floattype = @float32type | @float64type | @floatliteraltype;
@complextype = @complex64type | @complex128type | @complexliteraltype;
@stringtype = @stringexprtype | @stringliteraltype;
@literaltype = @boolliteraltype | @intliteraltype | @runeliteraltype | @floatliteraltype | @complexliteraltype
| @stringliteraltype | @nilliteraltype;
@compositetype = @typeparamtype | @containertype | @structtype | @pointertype | @interfacetype | @tupletype
| @signaturetype | @definedtype | @typesetliteraltype;
@containertype = @arraytype | @slicetype | @maptype | @chantype;
@chantype = @sendchantype | @recvchantype | @sendrcvchantype;
case @modexpr.kind of
0 = @modcommentblock
| 1 = @modline
| 2 = @modlineblock
| 3 = @modlparen
| 4 = @modrparen;
case @error.kind of
0 = @unknownerror
| 1 = @listerror
| 2 = @parseerror
| 3 = @typeerror;

2
go/downgrades/b3da71c3ac204b557c86e9d9c26012360bdbdccb/upgrade.properties Normal file
View File

@@ -0,0 +1,2 @@
description: Rename @definedtype to @namedtype
compatibility: full

14
go/extractor/configurebaseline/configurebaseline.go
View File

@@ -3,24 +3,12 @@ package configurebaseline
import (
"encoding/json"
"io/fs"
"os"
"path"
"path/filepath"
"github.com/github/codeql-go/extractor/util"
)
func fileExists(path string) bool {
stat, err := os.Stat(path)
return err == nil && stat.Mode().IsRegular()
}
// Decides if `dirPath` is a vendor directory by testing whether it is called `vendor`
// and contains a `modules.txt` file.
func isGolangVendorDirectory(dirPath string) bool {
return filepath.Base(dirPath) == "vendor" && fileExists(filepath.Join(dirPath, "modules.txt"))
}
type BaselineConfig struct {
PathsIgnore []string `json:"paths-ignore"`
}
@@ -38,7 +26,7 @@ func GetConfigBaselineAsJSON(rootDir string) ([]byte, error) {
// it will not be extracted either.
return nil
}
if isGolangVendorDirectory(dirPath) {
if util.IsGolangVendorDirectory(dirPath) {
// Note that CodeQL expects a forward-slash-separated path, even on Windows.
vendorDirs = append(vendorDirs, path.Join(filepath.ToSlash(dirPath), "**"))
return filepath.SkipDir

20
go/extractor/dbscheme/tables.go
View File

@@ -694,13 +694,13 @@ var BuiltinObjectType = NewUnionType("@builtinobject")
// PkgObjectType is the type of imported packages
var PkgObjectType = ObjectKind.NewBranch("@pkgobject")
// TypeObjectType is the type of declared or built-in named types
// TypeObjectType is the type of named types (predeclared types, defined types, type parameters and aliases which refer to those things)
var TypeObjectType = NewUnionType("@typeobject")
// DeclTypeObjectType is the type of declared named types
// DeclTypeObjectType is the type of defined types, type parameters and aliases which refer to named types
var DeclTypeObjectType = ObjectKind.NewBranch("@decltypeobject", TypeObjectType, DeclObjectType, TypeParamParentObjectType)
// BuiltinTypeObjectType is the type of built-in named types
// BuiltinTypeObjectType is the type of built-in types (predeclared types)
var BuiltinTypeObjectType = ObjectKind.NewBranch("@builtintypeobject", TypeObjectType, BuiltinObjectType)
// ValueObjectType is the type of declared or built-in variables or constants
@@ -855,8 +855,8 @@ var ChanTypes = map[gotypes.ChanDir]*BranchType{
gotypes.SendRecv: TypeKind.NewBranch("@sendrcvchantype", ChanType),
}
// NamedType is the type of named types
var NamedType = TypeKind.NewBranch("@namedtype", CompositeType)
// DefinedType is the type of defined types
var DefinedType = TypeKind.NewBranch("@definedtype", CompositeType)
// TypeSetLiteral is the type of type set literals
var TypeSetLiteral = TypeKind.NewBranch("@typesetliteraltype", CompositeType)
@@ -1080,10 +1080,10 @@ var FieldStructsTable = NewTable("fieldstructs",
EntityColumn(StructType, "struct"),
)
// MethodHostsTable maps interface methods to the named type they belong to
// MethodHostsTable maps interface methods to the defined type they belong to
var MethodHostsTable = NewTable("methodhosts",
EntityColumn(ObjectType, "method"),
EntityColumn(NamedType, "host"),
EntityColumn(DefinedType, "host"),
)
// DefsTable maps identifiers to the objects they define
@@ -1110,7 +1110,7 @@ var TypeOfTable = NewTable("type_of",
EntityColumn(TypeType, "tp"),
)
// TypeNameTable is the table associating named types with their names
// TypeNameTable is the table associating defined types with their names
var TypeNameTable = NewTable("typename",
EntityColumn(TypeType, "tp").Unique(),
StringColumn("name"),
@@ -1135,10 +1135,10 @@ var BaseTypeTable = NewTable("base_type",
EntityColumn(TypeType, "tp"),
)
// UnderlyingTypeTable is the table associating named types with their
// UnderlyingTypeTable is the table associating defined types with their
// underlying type
var UnderlyingTypeTable = NewTable("underlying_type",
EntityColumn(NamedType, "named").Unique(),
EntityColumn(DefinedType, "defined").Unique(),
EntityColumn(TypeType, "tp"),
)

24
go/extractor/extractor.go
View File

@@ -475,7 +475,7 @@ func extractObjects(tw *trap.Writer, scope *types.Scope, scopeLabel trap.Label)
populateTypeParamParents(funcObj.Type().(*types.Signature).TypeParams(), obj)
populateTypeParamParents(funcObj.Type().(*types.Signature).RecvTypeParams(), obj)
}
// Populate type parameter parents for named types.
// Populate type parameter parents for defined types and alias types.
if typeNameObj, ok := obj.(*types.TypeName); ok {
// `types.TypeName` represents a type with a name: a defined
// type, an alias type, a type parameter, or a predeclared
@@ -574,7 +574,7 @@ func extractObject(tw *trap.Writer, obj types.Object, lbl trap.Label) {
// For more information on objects, see:
// https://github.com/golang/example/blob/master/gotypes/README.md#objects
func extractObjectTypes(tw *trap.Writer) {
// calling `extractType` on a named type will extract all methods defined
// calling `extractType` on a defined type will extract all methods defined
// on it, which will add new objects. Therefore we need to do this first
// before we loop over all objects and emit them.
changed := true
@@ -1695,7 +1695,7 @@ func extractType(tw *trap.Writer, tp types.Type) trap.Label {
extractElementType(tw, lbl, tp.Elem())
case *types.Named:
origintp := tp.Origin()
kind = dbscheme.NamedType.Index()
kind = dbscheme.DefinedType.Index()
dbscheme.TypeNameTable.Emit(tw, lbl, origintp.Obj().Name())
underlying := origintp.Underlying()
extractUnderlyingType(tw, lbl, underlying)
@@ -1767,9 +1767,9 @@ func extractType(tw *trap.Writer, tp types.Type) trap.Label {
// Type labels refer to global keys to ensure that if the same type is
// encountered during the extraction of different files it is still ultimately
// mapped to the same entity. In particular, this means that keys for compound
// types refer to the labels of their component types. For named types, the key
// types refer to the labels of their component types. For defined types, the key
// is constructed from their globally unique ID. This prevents cyclic type keys
// since type recursion in Go always goes through named types.
// since type recursion in Go always goes through defined types.
func getTypeLabel(tw *trap.Writer, tp types.Type) (trap.Label, bool) {
tp = resolveTypeAlias(tp)
lbl, exists := tw.Labeler.TypeLabels[tp]
@@ -1874,12 +1874,12 @@ func getTypeLabel(tw *trap.Writer, tp types.Type) (trap.Label, bool) {
origintp := tp.Origin()
entitylbl, exists := tw.Labeler.LookupObjectID(origintp.Obj(), lbl)
if entitylbl == trap.InvalidLabel {
panic(fmt.Sprintf("Cannot construct label for named type %v (underlying object is %v).\n", origintp, origintp.Obj()))
panic(fmt.Sprintf("Cannot construct label for defined type %v (underlying object is %v).\n", origintp, origintp.Obj()))
}
if !exists {
extractObject(tw, origintp.Obj(), entitylbl)
}
lbl = tw.Labeler.GlobalID(fmt.Sprintf("{%s};namedtype", entitylbl))
lbl = tw.Labeler.GlobalID(fmt.Sprintf("{%s};definedtype", entitylbl))
case *types.TypeParam:
parentlbl := getTypeParamParentLabel(tw, tp)
idx := tp.Index()
@@ -1921,9 +1921,9 @@ func extractBaseType(tw *trap.Writer, ptr trap.Label, base types.Type) {
}
// extractUnderlyingType extracts `underlying` as the underlying type of the
// named type `named`
func extractUnderlyingType(tw *trap.Writer, named trap.Label, underlying types.Type) {
dbscheme.UnderlyingTypeTable.Emit(tw, named, extractType(tw, underlying))
// defined type `defined`
func extractUnderlyingType(tw *trap.Writer, defined trap.Label, underlying types.Type) {
dbscheme.UnderlyingTypeTable.Emit(tw, defined, extractType(tw, underlying))
}
// extractComponentType extracts `component` as the `idx`th component type of `parent` with name `name`
@@ -2173,8 +2173,8 @@ func checkObjectNotSpecialized(obj types.Object) {
log.Fatalf("Encountered unexpected specialization %s of generic variable object %s", varObj.String(), varObj.Origin().String())
}
if typeNameObj, ok := obj.(*types.TypeName); ok {
if namedType, ok := typeNameObj.Type().(*types.Named); ok && namedType != namedType.Origin() {
log.Fatalf("Encountered type object for specialization %s of named type %s", namedType.String(), namedType.Origin().String())
if definedType, ok := typeNameObj.Type().(*types.Named); ok && definedType != definedType.Origin() {
log.Fatalf("Encountered type object for specialization %s of defined type %s", definedType.String(), definedType.Origin().String())
}
}
}

13
go/extractor/project/project.go
View File

@@ -184,12 +184,12 @@ func RemoveTemporaryExtractorFiles() {
// Find all go.work files in the working directory and its subdirectories
func findGoWorkFiles() []string {
return util.FindAllFilesWithName(".", "go.work", "vendor")
return util.FindAllFilesWithName(".", "go.work", util.SkipVendorChecks...)
}
// Find all go.mod files in the specified directory and its subdirectories
func findGoModFiles(root string) []string {
return util.FindAllFilesWithName(root, "go.mod", "vendor")
return util.FindAllFilesWithName(root, "go.mod", util.SkipVendorChecks...)
}
// A regular expression for the Go toolchain version syntax.
@@ -315,6 +315,11 @@ func discoverWorkspaces(emitDiagnostics bool) []GoWorkspace {
goModFiles := findGoModFiles(".")
// Return a separate workspace for each `go.mod` file that we found.
if len(goModFiles) > 0 {
log.Printf("Found %d go.mod files in: %s.\n", len(goModFiles), strings.Join(goModFiles, ", "))
} else {
log.Println("Found no go.mod files in the workspace.")
}
results := make([]GoWorkspace, len(goModFiles))
for i, goModFile := range goModFiles {
@@ -547,8 +552,8 @@ func startsWithAnyOf(str string, prefixes []string) bool {
// Finds Go workspaces in the current working directory.
func GetWorkspaceInfo(emitDiagnostics bool) []GoWorkspace {
bazelPaths := slices.Concat(
util.FindAllFilesWithName(".", "BUILD", "vendor"),
util.FindAllFilesWithName(".", "BUILD.bazel", "vendor"),
util.FindAllFilesWithName(".", "BUILD", util.SkipVendorChecks...),
util.FindAllFilesWithName(".", "BUILD.bazel", util.SkipVendorChecks...),
)
if len(bazelPaths) > 0 {
// currently not supported

6
go/extractor/trap/labels.go
View File

@@ -181,9 +181,9 @@ func findMethodWithGivenReceiver(object types.Object) *types.Func {
// findMethodWithGivenReceiver finds a method on type `tp` with `object` as its receiver, if one exists
func findMethodOnTypeWithGivenReceiver(tp types.Type, object types.Object) *types.Func {
if namedType, ok := tp.(*types.Named); ok {
for i := 0; i < namedType.NumMethods(); i++ {
meth := namedType.Method(i)
if definedType, ok := tp.(*types.Named); ok {
for i := 0; i < definedType.NumMethods(); i++ {
meth := definedType.Method(i)
if object == meth.Type().(*types.Signature).Recv() {
return meth
}

26
go/extractor/util/util.go
View File

@@ -152,7 +152,16 @@ func FindGoFiles(root string) bool {
return found
}
func FindAllFilesWithName(root string, name string, dirsToSkip ...string) []string {
// The type of check function used by `FindAllFilesWithName` to decide whether to skip the directory named by `path`.
type FindAllFilesWithNameSkipCheck func(path string) bool
// Commonly we only want to skip `vendor` directories in `FindAllFilesWithName`. This array is a suitable
// argument for `dirsToSkip` which skips `vendor` directories.
var SkipVendorChecks = []FindAllFilesWithNameSkipCheck{IsGolangVendorDirectory}
// Returns an array of all files matching `name` within the path at `root`.
// The `dirsToSkip` array contains check functions used to decide which directories to skip.
func FindAllFilesWithName(root string, name string, dirsToSkip ...FindAllFilesWithNameSkipCheck) []string {
paths := make([]string, 0, 1)
filepath.WalkDir(root, func(path string, d fs.DirEntry, err error) error {
if err != nil {
@@ -160,7 +169,7 @@ func FindAllFilesWithName(root string, name string, dirsToSkip ...string) []stri
}
if d.IsDir() {
for _, dirToSkip := range dirsToSkip {
if path == dirToSkip {
if dirToSkip(path) {
return filepath.SkipDir
}
}
@@ -287,3 +296,16 @@ func getImportPathFromRepoURL(repourl string) string {
path = regexp.MustCompile(`^/+|\.git$`).ReplaceAllString(path, "")
return host + "/" + path
}
// Decides if `path` refers to a file that exists.
func fileExists(path string) bool {
stat, err := os.Stat(path)
return err == nil && stat.Mode().IsRegular()
}
// Decides if `dirPath` is a vendor directory by testing whether it is called `vendor`
// and contains a `modules.txt` file.
func IsGolangVendorDirectory(dirPath string) bool {
return filepath.Base(dirPath) == "vendor" &&
(fileExists(filepath.Join(dirPath, "modules.txt")) || fileExists(filepath.Join(dirPath, "../glide.yaml")))
}

4
go/ql/consistency-queries/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 1.0.17
No user-facing changes.
## 1.0.16
No user-facing changes.

3
go/ql/consistency-queries/change-notes/released/1.0.17.md Normal file
View File

@@ -0,0 +1,3 @@
## 1.0.17
No user-facing changes.

Some files were not shown because too many files have changed in this diff Show More