hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into redsun82/kotlin

Browse Source
This commit is contained in:
Paolo Tranquilli
2024-04-17 15:09:27 +02:00
parent c5f6c65ff1 dc4cc74cbb
commit 3678e51f0b
451 changed files with 1327 additions and 230306 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
.gitattributes vendored
View File

@@ -68,11 +68,6 @@
# for those testing dbscheme files.
/*/ql/lib/upgrades/initial/*.dbscheme -text
# Generated test files - these are synced from the standard JavaScript libraries using
# `javascript/ql/experimental/adaptivethreatmodeling/test/update_endpoint_test_files.py`.
/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/**/*.js linguist-generated=true -merge
/javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/**/*.ts linguist-generated=true -merge
# Auto-generated modeling for Python
/python/ql/lib/semmle/python/frameworks/data/internal/subclass-capture/*.yml linguist-generated=true

5
.github/labeler.yml vendored
View File

@@ -15,7 +15,7 @@ Java:
- change-notes/**/*java.*
JS:
- any: [ 'javascript/**/*', '!javascript/ql/experimental/adaptivethreatmodeling/**/*' ]
- any: [ 'javascript/**/*' ]
- change-notes/**/*javascript*
Kotlin:
@@ -46,6 +46,3 @@ documentation:
# Since these are all shared files that need to be synced, just pick _one_ copy of each.
"DataFlow Library":
- "shared/dataflow/**/*"
"ATM":
- javascript/ql/experimental/adaptivethreatmodeling/**/*

5
CODEOWNERS
View File

@@ -12,9 +12,6 @@
/java/ql/test-kotlin1/ @github/codeql-kotlin
/java/ql/test-kotlin2/ @github/codeql-kotlin
# ML-powered queries
/javascript/ql/experimental/adaptivethreatmodeling/ @github/codeql-ml-powered-queries-reviewers
# CodeQL tools and associated docs
/docs/codeql/codeql-cli/ @github/codeql-cli-reviewers
/docs/codeql/codeql-for-visual-studio-code/ @github/codeql-vscode-reviewers
@@ -37,9 +34,7 @@ MODULE.bazel @github/codeql-ci-reviewers
# Workflows
/.github/workflows/ @github/codeql-ci-reviewers
/.github/workflows/atm-* @github/codeql-ml-powered-queries-reviewers
/.github/workflows/go-* @github/codeql-go
/.github/workflows/js-ml-tests.yml @github/codeql-ml-powered-queries-reviewers
/.github/workflows/ql-for-ql-* @github/codeql-ql-for-ql-reviewers
/.github/workflows/ruby-* @github/codeql-ruby
/.github/workflows/swift.yml @github/codeql-swift

10
codeql-workspace.yml
View File

@@ -11,16 +11,6 @@ provide:
- "cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/tainted/qlpack.yml"
- "go/ql/config/legacy-support/qlpack.yml"
- "go/build/codeql-extractor-go/codeql-extractor.yml"
- "javascript/ql/experimental/adaptivethreatmodeling/lib/qlpack.yml"
# This pack is explicitly excluded from the workspace since most users
# will want to use a version of this pack from the package cache. Internal
# users can uncomment the following line and place a custom ML model
# in the corresponding pack to test a custom ML model within their local
# checkout.
# - "javascript/ql/experimental/adaptivethreatmodeling/model/qlpack.yml"
- "javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/qlpack.yml"
- "javascript/ql/experimental/adaptivethreatmodeling/src/qlpack.yml"
- "javascript/ql/experimental/adaptivethreatmodeling/test/qlpack.yml"
- "csharp/ql/campaigns/Solorigate/lib/qlpack.yml"
- "csharp/ql/campaigns/Solorigate/src/qlpack.yml"
- "csharp/ql/campaigns/Solorigate/test/qlpack.yml"

4
cpp/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 0.12.11
No user-facing changes.
## 0.12.10
### New Features

3
cpp/ql/lib/change-notes/released/0.12.11.md Normal file
View File

@@ -0,0 +1,3 @@
## 0.12.11
No user-facing changes.

2
cpp/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.12.10
lastReleaseVersion: 0.12.11

2
cpp/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/cpp-all
version: 0.12.11-dev
version: 0.12.12-dev
groups: cpp
dbscheme: semmlecode.cpp.dbscheme
extractor: cpp

2
cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImplSpecific.qll
View File

@@ -27,4 +27,6 @@ module CppDataFlow implements InputSig<Location> {
predicate mayBenefitFromCallContext = Private::mayBenefitFromCallContext/1;
predicate viableImplInCallContext = Private::viableImplInCallContext/2;
predicate neverSkipInPathGraph = Private::neverSkipInPathGraph/1;
}

7
cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll
View File

@@ -1306,6 +1306,13 @@ predicate nodeIsHidden(Node n) {
n instanceof InitialGlobalValue
}
predicate neverSkipInPathGraph(Node n) {
// Always show the right-hand side of assignments in the path graph
exists(n.asDefinition())
or
exists(n.asIndirectDefinition())
}
class LambdaCallKind = Unit;
/** Holds if `creation` is an expression that creates a lambda of kind `kind` for `c`. */

4
cpp/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 0.9.10
No user-facing changes.
## 0.9.9
### New Queries

5
cpp/ql/src/Critical/GlobalUseBeforeInit.ql
View File

@@ -110,6 +110,5 @@ from GlobalVariable v, Function f
where
uninitialisedBefore(v, f) and
useFunc(v, f)
select f,
"The variable '" + v.getName() + "'" +
" is used in this function but may not be initialized when it is called."
select f, "The variable $@ is used in this function but may not be initialized when it is called.",
v, v.getName()

3
cpp/ql/src/change-notes/released/0.9.10.md Normal file
View File

@@ -0,0 +1,3 @@
## 0.9.10
No user-facing changes.

2
cpp/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.9.9
lastReleaseVersion: 0.9.10

2
cpp/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/cpp-queries
version: 0.9.10-dev
version: 0.9.11-dev
groups:
- cpp
- queries

4
cpp/ql/test/experimental/query-tests/Security/CWE/CWE-078/WordexpTainted.expected
View File

@@ -1,7 +1,9 @@
edges
| test.cpp:22:27:22:30 | **argv | test.cpp:29:13:29:20 | *filePath | provenance | |
| test.cpp:22:27:22:30 | **argv | test.cpp:23:20:23:26 | *access to array | provenance | |
| test.cpp:23:20:23:26 | *access to array | test.cpp:29:13:29:20 | *filePath | provenance | |
nodes
| test.cpp:22:27:22:30 | **argv | semmle.label | **argv |
| test.cpp:23:20:23:26 | *access to array | semmle.label | *access to array |
| test.cpp:29:13:29:20 | *filePath | semmle.label | *filePath |
subpaths
#select

4
cpp/ql/test/experimental/query-tests/Security/CWE/CWE-190/AllocMultiplicationOverflow/AllocMultiplicationOverflow.expected
View File

@@ -1,11 +1,13 @@
edges
| test.cpp:22:17:22:21 | ... * ... | test.cpp:23:33:23:37 | size1 | provenance | |
| test.cpp:22:17:22:21 | (size_t)... | test.cpp:23:33:23:37 | size1 | provenance | |
| test.cpp:22:17:22:21 | ... * ... | test.cpp:22:17:22:21 | (size_t)... | provenance | |
| test.cpp:37:24:37:27 | size | test.cpp:37:46:37:49 | size | provenance | |
| test.cpp:45:36:45:40 | ... * ... | test.cpp:37:24:37:27 | size | provenance | |
nodes
| test.cpp:13:33:13:37 | ... * ... | semmle.label | ... * ... |
| test.cpp:15:31:15:35 | ... * ... | semmle.label | ... * ... |
| test.cpp:19:34:19:38 | ... * ... | semmle.label | ... * ... |
| test.cpp:22:17:22:21 | (size_t)... | semmle.label | (size_t)... |
| test.cpp:22:17:22:21 | ... * ... | semmle.label | ... * ... |
| test.cpp:23:33:23:37 | size1 | semmle.label | size1 |
| test.cpp:30:18:30:32 | ... * ... | semmle.label | ... * ... |

14
cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/array-access/ArrayAccessProductFlow.expected
View File

@@ -1,4 +1,5 @@
edges
| test.cpp:4:17:4:22 | call to malloc | test.cpp:4:17:4:22 | call to malloc | provenance | |
| test.cpp:4:17:4:22 | call to malloc | test.cpp:6:9:6:11 | arr | provenance | |
| test.cpp:4:17:4:22 | call to malloc | test.cpp:10:9:10:11 | arr | provenance | |
| test.cpp:19:9:19:16 | *mk_array [p] | test.cpp:28:19:28:26 | call to mk_array [p] | provenance | |
@@ -6,7 +7,9 @@ edges
| test.cpp:21:5:21:7 | *arr [post update] [p] | test.cpp:22:5:22:7 | *arr [p] | provenance | |
| test.cpp:21:5:21:24 | ... = ... | test.cpp:21:5:21:7 | *arr [post update] [p] | provenance | |
| test.cpp:21:13:21:18 | call to malloc | test.cpp:21:5:21:24 | ... = ... | provenance | |
| test.cpp:22:5:22:7 | *arr [p] | test.cpp:19:9:19:16 | *mk_array [p] | provenance | |
| test.cpp:22:5:22:7 | *arr [p] | test.cpp:24:12:24:14 | arr [p] | provenance | |
| test.cpp:24:12:24:14 | arr [p] | test.cpp:19:9:19:16 | *mk_array [p] | provenance | |
| test.cpp:28:19:28:26 | call to mk_array [p] | test.cpp:28:19:28:26 | call to mk_array [p] | provenance | |
| test.cpp:28:19:28:26 | call to mk_array [p] | test.cpp:31:9:31:11 | *arr [p] | provenance | |
| test.cpp:28:19:28:26 | call to mk_array [p] | test.cpp:35:9:35:11 | *arr [p] | provenance | |
| test.cpp:31:9:31:11 | *arr [p] | test.cpp:31:13:31:13 | p | provenance | |
@@ -28,7 +31,9 @@ edges
| test.cpp:69:5:69:7 | *arr [post update] [p] | test.cpp:70:5:70:7 | *arr [p] | provenance | |
| test.cpp:69:5:69:25 | ... = ... | test.cpp:69:5:69:7 | *arr [post update] [p] | provenance | |
| test.cpp:69:14:69:19 | call to malloc | test.cpp:69:5:69:25 | ... = ... | provenance | |
| test.cpp:70:5:70:7 | *arr [p] | test.cpp:67:10:67:19 | **mk_array_p [p] | provenance | |
| test.cpp:70:5:70:7 | *arr [p] | test.cpp:72:12:72:14 | *arr [p] | provenance | |
| test.cpp:72:12:72:14 | *arr [p] | test.cpp:67:10:67:19 | **mk_array_p [p] | provenance | |
| test.cpp:76:20:76:29 | *call to mk_array_p [p] | test.cpp:76:20:76:29 | *call to mk_array_p [p] | provenance | |
| test.cpp:76:20:76:29 | *call to mk_array_p [p] | test.cpp:79:9:79:11 | *arr [p] | provenance | |
| test.cpp:76:20:76:29 | *call to mk_array_p [p] | test.cpp:83:9:83:11 | *arr [p] | provenance | |
| test.cpp:79:9:79:11 | *arr [p] | test.cpp:79:14:79:14 | p | provenance | |
@@ -43,6 +48,7 @@ edges
| test.cpp:98:18:98:27 | test6_callee output argument [p] | test.cpp:98:18:98:27 | *call to mk_array_p [p] | provenance | |
nodes
| test.cpp:4:17:4:22 | call to malloc | semmle.label | call to malloc |
| test.cpp:4:17:4:22 | call to malloc | semmle.label | call to malloc |
| test.cpp:6:9:6:11 | arr | semmle.label | arr |
| test.cpp:10:9:10:11 | arr | semmle.label | arr |
| test.cpp:19:9:19:16 | *mk_array [p] | semmle.label | *mk_array [p] |
@@ -50,6 +56,8 @@ nodes
| test.cpp:21:5:21:24 | ... = ... | semmle.label | ... = ... |
| test.cpp:21:13:21:18 | call to malloc | semmle.label | call to malloc |
| test.cpp:22:5:22:7 | *arr [p] | semmle.label | *arr [p] |
| test.cpp:24:12:24:14 | arr [p] | semmle.label | arr [p] |
| test.cpp:28:19:28:26 | call to mk_array [p] | semmle.label | call to mk_array [p] |
| test.cpp:28:19:28:26 | call to mk_array [p] | semmle.label | call to mk_array [p] |
| test.cpp:31:9:31:11 | *arr [p] | semmle.label | *arr [p] |
| test.cpp:31:13:31:13 | p | semmle.label | p |
@@ -74,6 +82,8 @@ nodes
| test.cpp:69:5:69:25 | ... = ... | semmle.label | ... = ... |
| test.cpp:69:14:69:19 | call to malloc | semmle.label | call to malloc |
| test.cpp:70:5:70:7 | *arr [p] | semmle.label | *arr [p] |
| test.cpp:72:12:72:14 | *arr [p] | semmle.label | *arr [p] |
| test.cpp:76:20:76:29 | *call to mk_array_p [p] | semmle.label | *call to mk_array_p [p] |
| test.cpp:76:20:76:29 | *call to mk_array_p [p] | semmle.label | *call to mk_array_p [p] |
| test.cpp:79:9:79:11 | *arr [p] | semmle.label | *arr [p] |
| test.cpp:79:14:79:14 | p | semmle.label | p |

32
cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/ConstantSizeArrayOffByOne.expected
View File

@@ -18,8 +18,9 @@ edges
| test.cpp:77:32:77:34 | buf | test.cpp:77:26:77:44 | & ... | provenance | |
| test.cpp:79:27:79:34 | buf | test.cpp:70:33:70:33 | p | provenance | |
| test.cpp:79:32:79:34 | buf | test.cpp:79:27:79:34 | buf | provenance | |
| test.cpp:85:34:85:36 | buf | test.cpp:87:5:87:31 | access to array | provenance | |
| test.cpp:85:34:85:36 | buf | test.cpp:88:5:88:27 | access to array | provenance | |
| test.cpp:85:21:85:36 | (char *)... | test.cpp:87:5:87:31 | access to array | provenance | |
| test.cpp:85:21:85:36 | (char *)... | test.cpp:88:5:88:27 | access to array | provenance | |
| test.cpp:85:34:85:36 | buf | test.cpp:85:21:85:36 | (char *)... | provenance | |
| test.cpp:96:13:96:15 | arr | test.cpp:96:13:96:18 | access to array | provenance | |
| test.cpp:111:17:111:19 | arr | test.cpp:111:17:111:22 | access to array | provenance | |
| test.cpp:111:17:111:19 | arr | test.cpp:115:35:115:40 | access to array | provenance | |
@@ -32,17 +33,21 @@ edges
| test.cpp:119:17:119:19 | arr | test.cpp:119:17:119:22 | access to array | provenance | |
| test.cpp:128:9:128:11 | arr | test.cpp:128:9:128:14 | access to array | provenance | |
| test.cpp:134:25:134:27 | arr | test.cpp:136:9:136:16 | ... += ... | provenance | |
| test.cpp:136:9:136:16 | ... += ... | test.cpp:136:9:136:16 | ... += ... | provenance | |
| test.cpp:136:9:136:16 | ... += ... | test.cpp:138:13:138:15 | arr | provenance | |
| test.cpp:143:18:143:21 | asdf | test.cpp:134:25:134:27 | arr | provenance | |
| test.cpp:143:18:143:21 | asdf | test.cpp:143:18:143:21 | asdf | provenance | |
| test.cpp:146:26:146:26 | *p | test.cpp:147:4:147:9 | -- ... | provenance | |
| test.cpp:156:12:156:14 | buf | test.cpp:156:12:156:18 | ... + ... | provenance | |
| test.cpp:156:12:156:18 | ... + ... | test.cpp:156:12:156:18 | ... + ... | provenance | |
| test.cpp:156:12:156:18 | ... + ... | test.cpp:158:17:158:18 | *& ... | provenance | |
| test.cpp:158:17:158:18 | *& ... | test.cpp:146:26:146:26 | *p | provenance | |
| test.cpp:218:23:218:28 | buffer | test.cpp:220:5:220:11 | access to array | provenance | |
| test.cpp:218:23:218:28 | buffer | test.cpp:221:5:221:11 | access to array | provenance | |
| test.cpp:229:25:229:29 | array | test.cpp:231:5:231:10 | access to array | provenance | |
| test.cpp:229:25:229:29 | array | test.cpp:232:5:232:10 | access to array | provenance | |
| test.cpp:218:16:218:28 | (int *)... | test.cpp:220:5:220:11 | access to array | provenance | |
| test.cpp:218:16:218:28 | (int *)... | test.cpp:221:5:221:11 | access to array | provenance | |
| test.cpp:218:23:218:28 | buffer | test.cpp:218:16:218:28 | (int *)... | provenance | |
| test.cpp:229:17:229:29 | (vec2 *)... | test.cpp:231:5:231:10 | access to array | provenance | |
| test.cpp:229:17:229:29 | (vec2 *)... | test.cpp:232:5:232:10 | access to array | provenance | |
| test.cpp:229:25:229:29 | array | test.cpp:229:17:229:29 | (vec2 *)... | provenance | |
| test.cpp:245:30:245:30 | p | test.cpp:261:27:261:30 | access to array | provenance | |
| test.cpp:245:30:245:30 | p | test.cpp:261:27:261:30 | access to array | provenance | |
| test.cpp:274:14:274:20 | buffer3 | test.cpp:245:30:245:30 | p | provenance | |
@@ -61,13 +66,16 @@ edges
| test.cpp:306:20:306:23 | arr1 | test.cpp:306:20:306:23 | arr1 | provenance | |
| test.cpp:309:20:309:23 | arr2 | test.cpp:292:25:292:27 | arr | provenance | |
| test.cpp:309:20:309:23 | arr2 | test.cpp:309:20:309:23 | arr2 | provenance | |
| test.cpp:319:13:319:27 | ... = ... | test.cpp:325:24:325:26 | end | provenance | |
| test.cpp:319:19:319:22 | temp | test.cpp:319:19:319:27 | ... + ... | provenance | |
| test.cpp:319:19:319:22 | temp | test.cpp:324:23:324:32 | ... + ... | provenance | |
| test.cpp:319:19:319:27 | ... + ... | test.cpp:325:24:325:26 | end | provenance | |
| test.cpp:319:19:319:27 | ... + ... | test.cpp:319:13:319:27 | ... = ... | provenance | |
| test.cpp:322:13:322:27 | ... = ... | test.cpp:325:24:325:26 | end | provenance | |
| test.cpp:322:19:322:22 | temp | test.cpp:322:19:322:27 | ... + ... | provenance | |
| test.cpp:322:19:322:22 | temp | test.cpp:324:23:324:32 | ... + ... | provenance | |
| test.cpp:322:19:322:27 | ... + ... | test.cpp:325:24:325:26 | end | provenance | |
| test.cpp:322:19:322:27 | ... + ... | test.cpp:322:13:322:27 | ... = ... | provenance | |
| test.cpp:324:23:324:26 | temp | test.cpp:324:23:324:32 | ... + ... | provenance | |
| test.cpp:324:23:324:32 | ... + ... | test.cpp:324:23:324:32 | ... + ... | provenance | |
| test.cpp:324:23:324:32 | ... + ... | test.cpp:325:15:325:19 | temp2 | provenance | |
nodes
| test.cpp:34:5:34:24 | access to array | semmle.label | access to array |
@@ -103,6 +111,7 @@ nodes
| test.cpp:77:32:77:34 | buf | semmle.label | buf |
| test.cpp:79:27:79:34 | buf | semmle.label | buf |
| test.cpp:79:32:79:34 | buf | semmle.label | buf |
| test.cpp:85:21:85:36 | (char *)... | semmle.label | (char *)... |
| test.cpp:85:34:85:36 | buf | semmle.label | buf |
| test.cpp:87:5:87:31 | access to array | semmle.label | access to array |
| test.cpp:88:5:88:27 | access to array | semmle.label | access to array |
@@ -118,6 +127,7 @@ nodes
| test.cpp:128:9:128:14 | access to array | semmle.label | access to array |
| test.cpp:134:25:134:27 | arr | semmle.label | arr |
| test.cpp:136:9:136:16 | ... += ... | semmle.label | ... += ... |
| test.cpp:136:9:136:16 | ... += ... | semmle.label | ... += ... |
| test.cpp:138:13:138:15 | arr | semmle.label | arr |
| test.cpp:143:18:143:21 | asdf | semmle.label | asdf |
| test.cpp:143:18:143:21 | asdf | semmle.label | asdf |
@@ -125,10 +135,13 @@ nodes
| test.cpp:147:4:147:9 | -- ... | semmle.label | -- ... |
| test.cpp:156:12:156:14 | buf | semmle.label | buf |
| test.cpp:156:12:156:18 | ... + ... | semmle.label | ... + ... |
| test.cpp:156:12:156:18 | ... + ... | semmle.label | ... + ... |
| test.cpp:158:17:158:18 | *& ... | semmle.label | *& ... |
| test.cpp:218:16:218:28 | (int *)... | semmle.label | (int *)... |
| test.cpp:218:23:218:28 | buffer | semmle.label | buffer |
| test.cpp:220:5:220:11 | access to array | semmle.label | access to array |
| test.cpp:221:5:221:11 | access to array | semmle.label | access to array |
| test.cpp:229:17:229:29 | (vec2 *)... | semmle.label | (vec2 *)... |
| test.cpp:229:25:229:29 | array | semmle.label | array |
| test.cpp:231:5:231:10 | access to array | semmle.label | access to array |
| test.cpp:232:5:232:10 | access to array | semmle.label | access to array |
@@ -152,12 +165,15 @@ nodes
| test.cpp:306:20:306:23 | arr1 | semmle.label | arr1 |
| test.cpp:309:20:309:23 | arr2 | semmle.label | arr2 |
| test.cpp:309:20:309:23 | arr2 | semmle.label | arr2 |
| test.cpp:319:13:319:27 | ... = ... | semmle.label | ... = ... |
| test.cpp:319:19:319:22 | temp | semmle.label | temp |
| test.cpp:319:19:319:27 | ... + ... | semmle.label | ... + ... |
| test.cpp:322:13:322:27 | ... = ... | semmle.label | ... = ... |
| test.cpp:322:19:322:22 | temp | semmle.label | temp |
| test.cpp:322:19:322:27 | ... + ... | semmle.label | ... + ... |
| test.cpp:324:23:324:26 | temp | semmle.label | temp |
| test.cpp:324:23:324:32 | ... + ... | semmle.label | ... + ... |
| test.cpp:324:23:324:32 | ... + ... | semmle.label | ... + ... |
| test.cpp:325:15:325:19 | temp2 | semmle.label | temp2 |
| test.cpp:325:24:325:26 | end | semmle.label | end |
| test.cpp:325:24:325:26 | end | semmle.label | end |

10
cpp/ql/test/experimental/query-tests/Security/CWE/CWE-359/semmle/tests/PrivateCleartextWrite.expected
View File

@@ -1,9 +1,12 @@
edges
| test.cpp:45:18:45:23 | buffer | test.cpp:45:7:45:10 | *func | provenance | |
| test.cpp:74:24:74:30 | medical | test.cpp:78:24:78:27 | temp | provenance | |
| test.cpp:45:18:45:23 | buffer | test.cpp:47:10:47:15 | buffer | provenance | |
| test.cpp:47:10:47:15 | buffer | test.cpp:45:7:45:10 | *func | provenance | |
| test.cpp:74:24:74:30 | medical | test.cpp:77:16:77:22 | medical | provenance | |
| test.cpp:74:24:74:30 | medical | test.cpp:81:22:81:28 | medical | provenance | |
| test.cpp:77:16:77:22 | medical | test.cpp:77:16:77:22 | medical | provenance | |
| test.cpp:77:16:77:22 | medical | test.cpp:78:24:78:27 | temp | provenance | |
| test.cpp:77:16:77:22 | medical | test.cpp:81:22:81:28 | medical | provenance | |
| test.cpp:81:17:81:20 | call to func | test.cpp:81:17:81:20 | call to func | provenance | |
| test.cpp:81:17:81:20 | call to func | test.cpp:82:24:82:28 | buff5 | provenance | |
| test.cpp:81:22:81:28 | medical | test.cpp:45:18:45:23 | buffer | provenance | |
| test.cpp:81:22:81:28 | medical | test.cpp:81:17:81:20 | call to func | provenance | |
@@ -12,12 +15,15 @@ edges
nodes
| test.cpp:45:7:45:10 | *func | semmle.label | *func |
| test.cpp:45:18:45:23 | buffer | semmle.label | buffer |
| test.cpp:47:10:47:15 | buffer | semmle.label | buffer |
| test.cpp:57:9:57:18 | theZipcode | semmle.label | theZipcode |
| test.cpp:74:24:74:30 | medical | semmle.label | medical |
| test.cpp:74:24:74:30 | medical | semmle.label | medical |
| test.cpp:77:16:77:22 | medical | semmle.label | medical |
| test.cpp:77:16:77:22 | medical | semmle.label | medical |
| test.cpp:78:24:78:27 | temp | semmle.label | temp |
| test.cpp:81:17:81:20 | call to func | semmle.label | call to func |
| test.cpp:81:17:81:20 | call to func | semmle.label | call to func |
| test.cpp:81:22:81:28 | medical | semmle.label | medical |
| test.cpp:82:24:82:28 | buff5 | semmle.label | buff5 |
| test.cpp:96:37:96:46 | theZipcode | semmle.label | theZipcode |

2
cpp/ql/test/experimental/query-tests/Security/CWE/CWE-416/IteratorToExpiredContainer.expected
View File

@@ -12,3 +12,5 @@
| test.cpp:727:23:727:23 | call to operator[] | This object is destroyed before $@ is called. | test.cpp:750:17:750:17 | call to end | call to end |
| test.cpp:735:23:735:23 | call to operator[] | This object is destroyed before $@ is called. | test.cpp:759:17:759:17 | call to begin | call to begin |
| test.cpp:735:23:735:23 | call to operator[] | This object is destroyed before $@ is called. | test.cpp:759:17:759:17 | call to end | call to end |
| test.cpp:771:44:771:56 | temporary object | This object is destroyed before $@ is called. | test.cpp:772:35:772:35 | call to begin | call to begin |
| test.cpp:771:44:771:56 | temporary object | This object is destroyed before $@ is called. | test.cpp:772:35:772:35 | call to end | call to end |

5
cpp/ql/test/experimental/query-tests/Security/CWE/CWE-416/test.cpp
View File

@@ -766,3 +766,8 @@ void test2() {
for (auto x : value) {}
}
}
void test3() {
const std::vector<std::vector<int>>& v = returnValue(); // GOOD [FALSE POSITIVE]
for(const std::vector<int>& x : v) {}
}

196
cpp/ql/test/library-tests/dataflow/fields/ir-path-flow.expected
View File

@@ -6,13 +6,17 @@ edges
| A.cpp:28:8:28:10 | *this [c] | A.cpp:28:23:28:26 | *this [c] | provenance | |
| A.cpp:28:23:28:26 | *this [c] | A.cpp:28:29:28:29 | c | provenance | |
| A.cpp:28:29:28:29 | c | A.cpp:28:8:28:10 | *get | provenance | |
| A.cpp:28:29:28:29 | c | A.cpp:28:29:28:29 | c | provenance | |
| A.cpp:29:23:29:23 | c | A.cpp:31:20:31:20 | c | provenance | |
| A.cpp:31:14:31:21 | call to B [c] | A.cpp:29:15:29:18 | **make [c] | provenance | |
| A.cpp:31:14:31:21 | *new [c] | A.cpp:29:15:29:18 | **make [c] | provenance | |
| A.cpp:31:14:31:21 | call to B [c] | A.cpp:31:14:31:21 | *new [c] | provenance | |
| A.cpp:31:20:31:20 | c | A.cpp:23:10:23:10 | c | provenance | |
| A.cpp:31:20:31:20 | c | A.cpp:31:14:31:21 | call to B [c] | provenance | |
| A.cpp:41:5:41:6 | insert output argument | A.cpp:43:10:43:12 | *& ... | provenance | |
| A.cpp:41:15:41:21 | new | A.cpp:41:5:41:6 | insert output argument | provenance | |
| A.cpp:47:12:47:18 | new | A.cpp:47:12:47:18 | new | provenance | |
| A.cpp:47:12:47:18 | new | A.cpp:48:20:48:20 | c | provenance | |
| A.cpp:48:12:48:18 | *call to make [c] | A.cpp:48:12:48:18 | *call to make [c] | provenance | |
| A.cpp:48:12:48:18 | *call to make [c] | A.cpp:49:10:49:10 | *b [c] | provenance | |
| A.cpp:48:20:48:20 | c | A.cpp:29:23:29:23 | c | provenance | |
| A.cpp:48:20:48:20 | c | A.cpp:48:12:48:18 | *call to make [c] | provenance | |
@@ -28,29 +32,39 @@ edges
| A.cpp:57:17:57:23 | new | A.cpp:23:10:23:10 | c | provenance | |
| A.cpp:57:17:57:23 | new | A.cpp:57:11:57:24 | call to B [c] | provenance | |
| A.cpp:57:17:57:23 | new | A.cpp:57:17:57:23 | new | provenance | |
| A.cpp:64:10:64:15 | *call to setOnB [c] | A.cpp:66:10:66:11 | *b2 [c] | provenance | |
| A.cpp:64:5:64:29 | *... = ... [c] | A.cpp:66:10:66:11 | *b2 [c] | provenance | |
| A.cpp:64:10:64:15 | *call to setOnB [c] | A.cpp:64:5:64:29 | *... = ... [c] | provenance | |
| A.cpp:64:21:64:28 | new | A.cpp:64:10:64:15 | *call to setOnB [c] | provenance | |
| A.cpp:64:21:64:28 | new | A.cpp:85:26:85:26 | c | provenance | |
| A.cpp:66:10:66:11 | *b2 [c] | A.cpp:66:10:66:14 | c | provenance | |
| A.cpp:73:10:73:19 | *call to setOnBWrap [c] | A.cpp:75:10:75:11 | *b2 [c] | provenance | |
| A.cpp:73:5:73:33 | *... = ... [c] | A.cpp:75:10:75:11 | *b2 [c] | provenance | |
| A.cpp:73:10:73:19 | *call to setOnBWrap [c] | A.cpp:73:5:73:33 | *... = ... [c] | provenance | |
| A.cpp:73:25:73:32 | new | A.cpp:73:10:73:19 | *call to setOnBWrap [c] | provenance | |
| A.cpp:73:25:73:32 | new | A.cpp:78:27:78:27 | c | provenance | |
| A.cpp:75:10:75:11 | *b2 [c] | A.cpp:75:10:75:14 | c | provenance | |
| A.cpp:78:27:78:27 | c | A.cpp:81:21:81:21 | c | provenance | |
| A.cpp:81:10:81:15 | *call to setOnB [c] | A.cpp:78:6:78:15 | **setOnBWrap [c] | provenance | |
| A.cpp:81:5:81:22 | *... = ... [c] | A.cpp:82:12:82:24 | *... ? ... : ... [c] | provenance | |
| A.cpp:81:10:81:15 | *call to setOnB [c] | A.cpp:81:5:81:22 | *... = ... [c] | provenance | |
| A.cpp:81:21:81:21 | c | A.cpp:81:10:81:15 | *call to setOnB [c] | provenance | |
| A.cpp:81:21:81:21 | c | A.cpp:85:26:85:26 | c | provenance | |
| A.cpp:82:12:82:24 | *... ? ... : ... [c] | A.cpp:78:6:78:15 | **setOnBWrap [c] | provenance | |
| A.cpp:85:26:85:26 | c | A.cpp:90:15:90:15 | c | provenance | |
| A.cpp:90:7:90:8 | set output argument [c] | A.cpp:85:9:85:14 | **setOnB [c] | provenance | |
| A.cpp:90:7:90:8 | set output argument [c] | A.cpp:91:14:91:15 | *b2 [c] | provenance | |
| A.cpp:90:15:90:15 | c | A.cpp:27:17:27:17 | c | provenance | |
| A.cpp:90:15:90:15 | c | A.cpp:90:7:90:8 | set output argument [c] | provenance | |
| A.cpp:91:14:91:15 | *b2 [c] | A.cpp:85:9:85:14 | **setOnB [c] | provenance | |
| A.cpp:98:12:98:18 | new | A.cpp:98:12:98:18 | new | provenance | |
| A.cpp:98:12:98:18 | new | A.cpp:100:5:100:13 | ... = ... | provenance | |
| A.cpp:100:5:100:6 | *c1 [post update] [a] | A.cpp:101:8:101:9 | *c1 [a] | provenance | |
| A.cpp:100:5:100:13 | ... = ... | A.cpp:100:5:100:6 | *c1 [post update] [a] | provenance | |
| A.cpp:101:8:101:9 | *c1 [a] | A.cpp:103:14:103:14 | *c [a] | provenance | |
| A.cpp:103:14:103:14 | *c [a] | A.cpp:107:12:107:13 | *c1 [a] | provenance | |
| A.cpp:103:14:103:14 | *c [a] | A.cpp:120:12:120:13 | *c1 [a] | provenance | |
| A.cpp:103:14:103:14 | *c [a] | A.cpp:105:18:105:38 | *dynamic_cast<C1 *>... [a] | provenance | |
| A.cpp:103:14:103:14 | *c [a] | A.cpp:110:18:110:38 | *dynamic_cast<C2 *>... [a] | provenance | |
| A.cpp:105:18:105:38 | *dynamic_cast<C1 *>... [a] | A.cpp:107:12:107:13 | *c1 [a] | provenance | |
| A.cpp:107:12:107:13 | *c1 [a] | A.cpp:107:12:107:16 | a | provenance | |
| A.cpp:110:18:110:38 | *dynamic_cast<C2 *>... [a] | A.cpp:112:7:112:13 | *... = ... [a] | provenance | |
| A.cpp:112:7:112:13 | *... = ... [a] | A.cpp:118:18:118:39 | *dynamic_cast<C1 *>... [a] | provenance | |
| A.cpp:118:18:118:39 | *dynamic_cast<C1 *>... [a] | A.cpp:120:12:120:13 | *c1 [a] | provenance | |
| A.cpp:120:12:120:13 | *c1 [a] | A.cpp:120:12:120:16 | a | provenance | |
| A.cpp:124:14:124:14 | *b [c] | A.cpp:131:8:131:8 | f7 output argument [c] | provenance | |
| A.cpp:126:5:126:5 | set output argument [c] | A.cpp:124:14:124:14 | *b [c] | provenance | |
@@ -73,10 +87,13 @@ edges
| A.cpp:143:7:143:31 | ... = ... | A.cpp:143:7:143:10 | *this [post update] [b] | provenance | |
| A.cpp:143:7:143:31 | ... = ... | A.cpp:143:7:143:10 | *this [post update] [b] | provenance | |
| A.cpp:143:25:143:31 | new | A.cpp:143:7:143:31 | ... = ... | provenance | |
| A.cpp:150:12:150:18 | new | A.cpp:150:12:150:18 | new | provenance | |
| A.cpp:150:12:150:18 | new | A.cpp:151:18:151:18 | b | provenance | |
| A.cpp:151:12:151:24 | call to D [*b, c] | A.cpp:152:10:152:10 | *d [*b, c] | provenance | |
| A.cpp:151:12:151:24 | call to D [*b, c] | A.cpp:153:10:153:10 | *d [*b, c] | provenance | |
| A.cpp:151:12:151:24 | call to D [b] | A.cpp:152:10:152:10 | *d [b] | provenance | |
| A.cpp:151:12:151:24 | *new [*b, c] | A.cpp:152:10:152:10 | *d [*b, c] | provenance | |
| A.cpp:151:12:151:24 | *new [*b, c] | A.cpp:153:10:153:10 | *d [*b, c] | provenance | |
| A.cpp:151:12:151:24 | *new [b] | A.cpp:152:10:152:10 | *d [b] | provenance | |
| A.cpp:151:12:151:24 | call to D [*b, c] | A.cpp:151:12:151:24 | *new [*b, c] | provenance | |
| A.cpp:151:12:151:24 | call to D [b] | A.cpp:151:12:151:24 | *new [b] | provenance | |
| A.cpp:151:18:151:18 | D output argument [c] | A.cpp:154:10:154:10 | *b [c] | provenance | |
| A.cpp:151:18:151:18 | b | A.cpp:140:13:140:13 | b | provenance | |
| A.cpp:151:18:151:18 | b | A.cpp:151:12:151:24 | call to D [b] | provenance | |
@@ -91,24 +108,31 @@ edges
| A.cpp:153:10:153:10 | *d [*b, c] | A.cpp:153:13:153:13 | *b [c] | provenance | |
| A.cpp:153:13:153:13 | *b [c] | A.cpp:153:10:153:16 | c | provenance | |
| A.cpp:154:10:154:10 | *b [c] | A.cpp:154:10:154:13 | c | provenance | |
| A.cpp:159:12:159:18 | new | A.cpp:159:12:159:18 | new | provenance | |
| A.cpp:159:12:159:18 | new | A.cpp:160:29:160:29 | b | provenance | |
| A.cpp:160:18:160:60 | call to MyList [head] | A.cpp:161:38:161:39 | *l1 [head] | provenance | |
| A.cpp:160:18:160:60 | *new [head] | A.cpp:161:38:161:39 | *l1 [head] | provenance | |
| A.cpp:160:18:160:60 | call to MyList [head] | A.cpp:160:18:160:60 | *new [head] | provenance | |
| A.cpp:160:29:160:29 | b | A.cpp:160:18:160:60 | call to MyList [head] | provenance | |
| A.cpp:160:29:160:29 | b | A.cpp:181:15:181:21 | newHead | provenance | |
| A.cpp:161:18:161:40 | call to MyList [*next, head] | A.cpp:162:38:162:39 | *l2 [*next, head] | provenance | |
| A.cpp:161:18:161:40 | *new [*next, head] | A.cpp:162:38:162:39 | *l2 [*next, head] | provenance | |
| A.cpp:161:18:161:40 | call to MyList [*next, head] | A.cpp:161:18:161:40 | *new [*next, head] | provenance | |
| A.cpp:161:38:161:39 | *l1 [head] | A.cpp:161:18:161:40 | call to MyList [*next, head] | provenance | |
| A.cpp:161:38:161:39 | *l1 [head] | A.cpp:181:32:181:35 | *next [head] | provenance | |
| A.cpp:162:18:162:40 | call to MyList [*next, *next, head] | A.cpp:165:10:165:11 | *l3 [*next, *next, head] | provenance | |
| A.cpp:162:18:162:40 | call to MyList [*next, *next, head] | A.cpp:167:44:167:44 | *l [*next, *next, head] | provenance | |
| A.cpp:162:18:162:40 | *new [*next, *next, head] | A.cpp:165:10:165:11 | *l3 [*next, *next, head] | provenance | |
| A.cpp:162:18:162:40 | *new [*next, *next, head] | A.cpp:167:22:167:23 | *l3 [*next, *next, head] | provenance | |
| A.cpp:162:18:162:40 | call to MyList [*next, *next, head] | A.cpp:162:18:162:40 | *new [*next, *next, head] | provenance | |
| A.cpp:162:38:162:39 | *l2 [*next, head] | A.cpp:162:18:162:40 | call to MyList [*next, *next, head] | provenance | |
| A.cpp:162:38:162:39 | *l2 [*next, head] | A.cpp:181:32:181:35 | *next [*next, head] | provenance | |
| A.cpp:165:10:165:11 | *l3 [*next, *next, head] | A.cpp:165:14:165:17 | *next [*next, head] | provenance | |
| A.cpp:165:14:165:17 | *next [*next, head] | A.cpp:165:20:165:23 | *next [head] | provenance | |
| A.cpp:165:20:165:23 | *next [head] | A.cpp:165:10:165:29 | head | provenance | |
| A.cpp:167:22:167:23 | *l3 [*next, *next, head] | A.cpp:167:44:167:44 | *l [*next, *next, head] | provenance | |
| A.cpp:167:40:167:50 | *... = ... [*next, head] | A.cpp:167:44:167:44 | *l [*next, head] | provenance | |
| A.cpp:167:40:167:50 | *... = ... [head] | A.cpp:169:12:169:12 | *l [head] | provenance | |
| A.cpp:167:44:167:44 | *l [*next, *next, head] | A.cpp:167:47:167:50 | *next [*next, head] | provenance | |
| A.cpp:167:44:167:44 | *l [*next, head] | A.cpp:167:47:167:50 | *next [head] | provenance | |
| A.cpp:167:47:167:50 | *next [*next, head] | A.cpp:167:44:167:44 | *l [*next, head] | provenance | |
| A.cpp:167:47:167:50 | *next [head] | A.cpp:169:12:169:12 | *l [head] | provenance | |
| A.cpp:167:47:167:50 | *next [*next, head] | A.cpp:167:40:167:50 | *... = ... [*next, head] | provenance | |
| A.cpp:167:47:167:50 | *next [head] | A.cpp:167:40:167:50 | *... = ... [head] | provenance | |
| A.cpp:169:12:169:12 | *l [head] | A.cpp:169:12:169:18 | head | provenance | |
| A.cpp:173:26:173:26 | *o [c] | A.cpp:173:26:173:26 | *o [c] | provenance | |
| A.cpp:181:15:181:21 | newHead | A.cpp:183:7:183:20 | ... = ... | provenance | |
@@ -117,20 +141,26 @@ edges
| A.cpp:183:7:183:20 | ... = ... | A.cpp:183:7:183:10 | *this [post update] [head] | provenance | |
| A.cpp:184:7:184:23 | *... = ... [*next, head] | A.cpp:184:7:184:10 | *this [post update] [*next, *next, head] | provenance | |
| A.cpp:184:7:184:23 | *... = ... [head] | A.cpp:184:7:184:10 | *this [post update] [*next, head] | provenance | |
| B.cpp:6:15:6:24 | new | B.cpp:6:15:6:24 | new | provenance | |
| B.cpp:6:15:6:24 | new | B.cpp:7:25:7:25 | e | provenance | |
| B.cpp:7:16:7:35 | call to Box1 [elem1] | B.cpp:8:25:8:26 | *b1 [elem1] | provenance | |
| B.cpp:7:16:7:35 | *new [elem1] | B.cpp:8:25:8:26 | *b1 [elem1] | provenance | |
| B.cpp:7:16:7:35 | call to Box1 [elem1] | B.cpp:7:16:7:35 | *new [elem1] | provenance | |
| B.cpp:7:25:7:25 | e | B.cpp:7:16:7:35 | call to Box1 [elem1] | provenance | |
| B.cpp:7:25:7:25 | e | B.cpp:33:16:33:17 | e1 | provenance | |
| B.cpp:8:16:8:27 | call to Box2 [*box1, elem1] | B.cpp:9:10:9:11 | *b2 [*box1, elem1] | provenance | |
| B.cpp:8:16:8:27 | *new [*box1, elem1] | B.cpp:9:10:9:11 | *b2 [*box1, elem1] | provenance | |
| B.cpp:8:16:8:27 | call to Box2 [*box1, elem1] | B.cpp:8:16:8:27 | *new [*box1, elem1] | provenance | |
| B.cpp:8:25:8:26 | *b1 [elem1] | B.cpp:8:16:8:27 | call to Box2 [*box1, elem1] | provenance | |
| B.cpp:8:25:8:26 | *b1 [elem1] | B.cpp:44:16:44:17 | *b1 [elem1] | provenance | |
| B.cpp:9:10:9:11 | *b2 [*box1, elem1] | B.cpp:9:14:9:17 | *box1 [elem1] | provenance | |
| B.cpp:9:14:9:17 | *box1 [elem1] | B.cpp:9:10:9:24 | elem1 | provenance | |
| B.cpp:15:15:15:27 | new | B.cpp:15:15:15:27 | new | provenance | |
| B.cpp:15:15:15:27 | new | B.cpp:16:37:16:37 | e | provenance | |
| B.cpp:16:16:16:38 | call to Box1 [elem2] | B.cpp:17:25:17:26 | *b1 [elem2] | provenance | |
| B.cpp:16:16:16:38 | *new [elem2] | B.cpp:17:25:17:26 | *b1 [elem2] | provenance | |
| B.cpp:16:16:16:38 | call to Box1 [elem2] | B.cpp:16:16:16:38 | *new [elem2] | provenance | |
| B.cpp:16:37:16:37 | e | B.cpp:16:16:16:38 | call to Box1 [elem2] | provenance | |
| B.cpp:16:37:16:37 | e | B.cpp:33:26:33:27 | e2 | provenance | |
| B.cpp:17:16:17:27 | call to Box2 [*box1, elem2] | B.cpp:19:10:19:11 | *b2 [*box1, elem2] | provenance | |
| B.cpp:17:16:17:27 | *new [*box1, elem2] | B.cpp:19:10:19:11 | *b2 [*box1, elem2] | provenance | |
| B.cpp:17:16:17:27 | call to Box2 [*box1, elem2] | B.cpp:17:16:17:27 | *new [*box1, elem2] | provenance | |
| B.cpp:17:25:17:26 | *b1 [elem2] | B.cpp:17:16:17:27 | call to Box2 [*box1, elem2] | provenance | |
| B.cpp:17:25:17:26 | *b1 [elem2] | B.cpp:44:16:44:17 | *b1 [elem2] | provenance | |
| B.cpp:19:10:19:11 | *b2 [*box1, elem2] | B.cpp:19:14:19:17 | *box1 [elem2] | provenance | |
@@ -143,8 +173,10 @@ edges
| B.cpp:44:16:44:17 | *b1 [elem2] | B.cpp:46:7:46:21 | *... = ... [elem2] | provenance | |
| B.cpp:46:7:46:21 | *... = ... [elem1] | B.cpp:46:7:46:10 | *this [post update] [*box1, elem1] | provenance | |
| B.cpp:46:7:46:21 | *... = ... [elem2] | B.cpp:46:7:46:10 | *this [post update] [*box1, elem2] | provenance | |
| C.cpp:18:12:18:18 | call to C [s1] | C.cpp:19:5:19:5 | *c [s1] | provenance | |
| C.cpp:18:12:18:18 | call to C [s3] | C.cpp:19:5:19:5 | *c [s3] | provenance | |
| C.cpp:18:12:18:18 | *new [s1] | C.cpp:19:5:19:5 | *c [s1] | provenance | |
| C.cpp:18:12:18:18 | *new [s3] | C.cpp:19:5:19:5 | *c [s3] | provenance | |
| C.cpp:18:12:18:18 | call to C [s1] | C.cpp:18:12:18:18 | *new [s1] | provenance | |
| C.cpp:18:12:18:18 | call to C [s3] | C.cpp:18:12:18:18 | *new [s3] | provenance | |
| C.cpp:19:5:19:5 | *c [s1] | C.cpp:27:8:27:11 | *this [s1] | provenance | |
| C.cpp:19:5:19:5 | *c [s3] | C.cpp:27:8:27:11 | *this [s3] | provenance | |
| C.cpp:22:3:22:3 | *this [post update] [s1] | C.cpp:18:12:18:18 | call to C [s1] | provenance | |
@@ -160,38 +192,45 @@ edges
| D.cpp:10:11:10:17 | *this [elem] | D.cpp:10:30:10:33 | *this [elem] | provenance | |
| D.cpp:10:30:10:33 | *this [elem] | D.cpp:10:30:10:33 | elem | provenance | |
| D.cpp:10:30:10:33 | elem | D.cpp:10:11:10:17 | *getElem | provenance | |
| D.cpp:10:30:10:33 | elem | D.cpp:10:30:10:33 | elem | provenance | |
| D.cpp:11:24:11:24 | e | D.cpp:11:29:11:36 | ... = ... | provenance | |
| D.cpp:11:29:11:36 | ... = ... | D.cpp:11:29:11:32 | *this [post update] [elem] | provenance | |
| D.cpp:17:11:17:17 | *this [*box, elem] | D.cpp:17:30:17:32 | *this [*box, elem] | provenance | |
| D.cpp:17:30:17:32 | *box [elem] | D.cpp:17:11:17:17 | **getBox1 [elem] | provenance | |
| D.cpp:17:30:17:32 | *box [elem] | D.cpp:17:30:17:32 | *box [elem] | provenance | |
| D.cpp:17:30:17:32 | *this [*box, elem] | D.cpp:17:30:17:32 | *box [elem] | provenance | |
| D.cpp:21:30:21:31 | *b2 [*box, elem] | D.cpp:22:10:22:11 | *b2 [*box, elem] | provenance | |
| D.cpp:22:10:22:11 | *b2 [*box, elem] | D.cpp:17:11:17:17 | *this [*box, elem] | provenance | |
| D.cpp:22:10:22:11 | *b2 [*box, elem] | D.cpp:22:14:22:20 | *call to getBox1 [elem] | provenance | |
| D.cpp:22:14:22:20 | *call to getBox1 [elem] | D.cpp:10:11:10:17 | *this [elem] | provenance | |
| D.cpp:22:14:22:20 | *call to getBox1 [elem] | D.cpp:22:10:22:33 | call to getElem | provenance | |
| D.cpp:28:15:28:24 | new | D.cpp:28:15:28:24 | new | provenance | |
| D.cpp:28:15:28:24 | new | D.cpp:30:5:30:20 | ... = ... | provenance | |
| D.cpp:30:5:30:5 | *b [post update] [*box, elem] | D.cpp:31:14:31:14 | *b [*box, elem] | provenance | |
| D.cpp:30:5:30:20 | ... = ... | D.cpp:30:8:30:10 | *box [post update] [elem] | provenance | |
| D.cpp:30:8:30:10 | *box [post update] [elem] | D.cpp:30:5:30:5 | *b [post update] [*box, elem] | provenance | |
| D.cpp:31:14:31:14 | *b [*box, elem] | D.cpp:21:30:21:31 | *b2 [*box, elem] | provenance | |
| D.cpp:35:15:35:24 | new | D.cpp:35:15:35:24 | new | provenance | |
| D.cpp:35:15:35:24 | new | D.cpp:37:21:37:21 | e | provenance | |
| D.cpp:37:5:37:5 | *b [post update] [*box, elem] | D.cpp:38:14:38:14 | *b [*box, elem] | provenance | |
| D.cpp:37:8:37:10 | setElem output argument [elem] | D.cpp:37:5:37:5 | *b [post update] [*box, elem] | provenance | |
| D.cpp:37:21:37:21 | e | D.cpp:11:24:11:24 | e | provenance | |
| D.cpp:37:21:37:21 | e | D.cpp:37:8:37:10 | setElem output argument [elem] | provenance | |
| D.cpp:38:14:38:14 | *b [*box, elem] | D.cpp:21:30:21:31 | *b2 [*box, elem] | provenance | |
| D.cpp:42:15:42:24 | new | D.cpp:42:15:42:24 | new | provenance | |
| D.cpp:42:15:42:24 | new | D.cpp:44:5:44:26 | ... = ... | provenance | |
| D.cpp:44:5:44:5 | getBox1 output argument [*box, elem] | D.cpp:45:14:45:14 | *b [*box, elem] | provenance | |
| D.cpp:44:5:44:26 | ... = ... | D.cpp:44:8:44:14 | *call to getBox1 [post update] [elem] | provenance | |
| D.cpp:44:8:44:14 | *call to getBox1 [post update] [elem] | D.cpp:44:5:44:5 | getBox1 output argument [*box, elem] | provenance | |
| D.cpp:45:14:45:14 | *b [*box, elem] | D.cpp:21:30:21:31 | *b2 [*box, elem] | provenance | |
| D.cpp:49:15:49:24 | new | D.cpp:49:15:49:24 | new | provenance | |
| D.cpp:49:15:49:24 | new | D.cpp:51:27:51:27 | e | provenance | |
| D.cpp:51:5:51:5 | getBox1 output argument [*box, elem] | D.cpp:52:14:52:14 | *b [*box, elem] | provenance | |
| D.cpp:51:8:51:14 | setElem output argument [elem] | D.cpp:51:5:51:5 | getBox1 output argument [*box, elem] | provenance | |
| D.cpp:51:27:51:27 | e | D.cpp:11:24:11:24 | e | provenance | |
| D.cpp:51:27:51:27 | e | D.cpp:51:8:51:14 | setElem output argument [elem] | provenance | |
| D.cpp:52:14:52:14 | *b [*box, elem] | D.cpp:21:30:21:31 | *b2 [*box, elem] | provenance | |
| D.cpp:56:15:56:24 | new | D.cpp:56:15:56:24 | new | provenance | |
| D.cpp:56:15:56:24 | new | D.cpp:58:5:58:27 | ... = ... | provenance | |
| D.cpp:58:5:58:12 | *boxfield [post update] [*box, elem] | D.cpp:58:5:58:12 | *this [post update] [*boxfield, *box, elem] | provenance | |
| D.cpp:58:5:58:12 | *this [post update] [*boxfield, *box, elem] | D.cpp:59:5:59:7 | *this [*boxfield, *box, elem] | provenance | |
@@ -227,9 +266,10 @@ edges
| aliasing.cpp:26:19:26:20 | referenceSetter output argument [m1] | aliasing.cpp:30:8:30:9 | *s2 [m1] | provenance | |
| aliasing.cpp:29:8:29:9 | *s1 [m1] | aliasing.cpp:29:11:29:12 | m1 | provenance | |
| aliasing.cpp:30:8:30:9 | *s2 [m1] | aliasing.cpp:30:11:30:12 | m1 | provenance | |
| aliasing.cpp:60:3:60:4 | *s2 [post update] [m1] | aliasing.cpp:62:8:62:12 | *copy2 [m1] | provenance | |
| aliasing.cpp:60:3:60:4 | *s2 [post update] [m1] | aliasing.cpp:61:13:61:14 | s2 [m1] | provenance | |
| aliasing.cpp:60:3:60:22 | ... = ... | aliasing.cpp:60:3:60:4 | *s2 [post update] [m1] | provenance | |
| aliasing.cpp:60:11:60:20 | call to user_input | aliasing.cpp:60:3:60:22 | ... = ... | provenance | |
| aliasing.cpp:61:13:61:14 | s2 [m1] | aliasing.cpp:62:8:62:12 | *copy2 [m1] | provenance | |
| aliasing.cpp:62:8:62:12 | *copy2 [m1] | aliasing.cpp:62:14:62:15 | m1 | provenance | |
| aliasing.cpp:92:3:92:3 | *w [post update] [s, m1] | aliasing.cpp:93:8:93:8 | *w [s, m1] | provenance | |
| aliasing.cpp:92:3:92:23 | ... = ... | aliasing.cpp:92:5:92:5 | *s [post update] [m1] | provenance | |
@@ -237,9 +277,11 @@ edges
| aliasing.cpp:92:12:92:21 | call to user_input | aliasing.cpp:92:3:92:23 | ... = ... | provenance | |
| aliasing.cpp:93:8:93:8 | *w [s, m1] | aliasing.cpp:93:10:93:10 | *s [m1] | provenance | |
| aliasing.cpp:93:10:93:10 | *s [m1] | aliasing.cpp:93:12:93:13 | m1 | provenance | |
| aliasing.cpp:98:3:98:3 | *s [post update] [m1] | aliasing.cpp:101:14:101:19 | *s_copy [m1] | provenance | |
| aliasing.cpp:98:3:98:3 | *s [post update] [m1] | aliasing.cpp:100:14:100:14 | s [m1] | provenance | |
| aliasing.cpp:98:3:98:21 | ... = ... | aliasing.cpp:98:3:98:3 | *s [post update] [m1] | provenance | |
| aliasing.cpp:98:10:98:19 | call to user_input | aliasing.cpp:98:3:98:21 | ... = ... | provenance | |
| aliasing.cpp:100:14:100:14 | s [m1] | aliasing.cpp:101:14:101:19 | *s_copy [m1] | provenance | |
| aliasing.cpp:101:13:101:22 | *& ... | aliasing.cpp:101:13:101:22 | *& ... | provenance | |
| aliasing.cpp:101:13:101:22 | *& ... | aliasing.cpp:102:8:102:10 | * ... | provenance | |
| aliasing.cpp:101:14:101:19 | *s_copy [m1] | aliasing.cpp:101:13:101:22 | *& ... | provenance | |
| aliasing.cpp:105:23:105:24 | *pa | aliasing.cpp:121:15:121:16 | taint_a_ptr output argument | provenance | |
@@ -252,7 +294,8 @@ edges
| aliasing.cpp:105:23:105:24 | *pa | aliasing.cpp:175:15:175:22 | taint_a_ptr output argument | provenance | |
| aliasing.cpp:105:23:105:24 | *pa | aliasing.cpp:187:15:187:22 | taint_a_ptr output argument | provenance | |
| aliasing.cpp:105:23:105:24 | *pa | aliasing.cpp:200:15:200:24 | taint_a_ptr output argument | provenance | |
| aliasing.cpp:106:9:106:18 | call to user_input | aliasing.cpp:105:23:105:24 | *pa | provenance | |
| aliasing.cpp:106:3:106:20 | ... = ... | aliasing.cpp:105:23:105:24 | *pa | provenance | |
| aliasing.cpp:106:9:106:18 | call to user_input | aliasing.cpp:106:3:106:20 | ... = ... | provenance | |
| aliasing.cpp:121:15:121:16 | taint_a_ptr output argument | aliasing.cpp:122:8:122:12 | access to array | provenance | |
| aliasing.cpp:126:15:126:20 | taint_a_ptr output argument | aliasing.cpp:127:8:127:16 | * ... | provenance | |
| aliasing.cpp:131:15:131:16 | taint_a_ptr output argument | aliasing.cpp:132:8:132:14 | * ... | provenance | |
@@ -274,8 +317,9 @@ edges
| aliasing.cpp:176:8:176:9 | *s2 [s, m1] | aliasing.cpp:176:11:176:11 | *s [m1] | provenance | |
| aliasing.cpp:176:11:176:11 | *s [m1] | aliasing.cpp:176:13:176:14 | m1 | provenance | |
| aliasing.cpp:187:15:187:22 | taint_a_ptr output argument | aliasing.cpp:187:19:187:19 | *s [post update] [m1] | provenance | |
| aliasing.cpp:187:16:187:17 | *s2 [post update] [s, m1] | aliasing.cpp:189:8:189:11 | *s2_2 [s, m1] | provenance | |
| aliasing.cpp:187:16:187:17 | *s2 [post update] [s, m1] | aliasing.cpp:188:13:188:14 | s2 [s, m1] | provenance | |
| aliasing.cpp:187:19:187:19 | *s [post update] [m1] | aliasing.cpp:187:16:187:17 | *s2 [post update] [s, m1] | provenance | |
| aliasing.cpp:188:13:188:14 | s2 [s, m1] | aliasing.cpp:189:8:189:11 | *s2_2 [s, m1] | provenance | |
| aliasing.cpp:189:8:189:11 | *s2_2 [s, m1] | aliasing.cpp:189:13:189:13 | *s [m1] | provenance | |
| aliasing.cpp:189:13:189:13 | *s [m1] | aliasing.cpp:189:15:189:16 | m1 | provenance | |
| aliasing.cpp:200:15:200:24 | taint_a_ptr output argument | aliasing.cpp:200:21:200:21 | *s [post update] [m1] | provenance | |
@@ -283,12 +327,14 @@ edges
| aliasing.cpp:200:21:200:21 | *s [post update] [m1] | aliasing.cpp:200:16:200:18 | *ps2 [post update] [s, m1] | provenance | |
| aliasing.cpp:201:8:201:10 | *ps2 [s, m1] | aliasing.cpp:201:13:201:13 | *s [m1] | provenance | |
| aliasing.cpp:201:13:201:13 | *s [m1] | aliasing.cpp:201:15:201:16 | m1 | provenance | |
| arrays.cpp:6:12:6:21 | call to user_input | arrays.cpp:7:8:7:13 | access to array | provenance | |
| arrays.cpp:6:12:6:21 | call to user_input | arrays.cpp:8:8:8:13 | access to array | provenance | |
| arrays.cpp:6:12:6:21 | call to user_input | arrays.cpp:9:8:9:11 | * ... | provenance | |
| arrays.cpp:6:12:6:21 | call to user_input | arrays.cpp:10:8:10:15 | * ... | provenance | |
| arrays.cpp:15:14:15:23 | call to user_input | arrays.cpp:16:8:16:13 | access to array | provenance | |
| arrays.cpp:15:14:15:23 | call to user_input | arrays.cpp:17:8:17:13 | access to array | provenance | |
| arrays.cpp:6:3:6:23 | ... = ... | arrays.cpp:7:8:7:13 | access to array | provenance | |
| arrays.cpp:6:3:6:23 | ... = ... | arrays.cpp:8:8:8:13 | access to array | provenance | |
| arrays.cpp:6:3:6:23 | ... = ... | arrays.cpp:9:8:9:11 | * ... | provenance | |
| arrays.cpp:6:3:6:23 | ... = ... | arrays.cpp:10:8:10:15 | * ... | provenance | |
| arrays.cpp:6:12:6:21 | call to user_input | arrays.cpp:6:3:6:23 | ... = ... | provenance | |
| arrays.cpp:15:3:15:25 | ... = ... | arrays.cpp:16:8:16:13 | access to array | provenance | |
| arrays.cpp:15:3:15:25 | ... = ... | arrays.cpp:17:8:17:13 | access to array | provenance | |
| arrays.cpp:15:14:15:23 | call to user_input | arrays.cpp:15:3:15:25 | ... = ... | provenance | |
| arrays.cpp:36:3:36:3 | *o [post update] [nested, arr, data] | arrays.cpp:37:8:37:8 | *o [nested, arr, data] | provenance | |
| arrays.cpp:36:3:36:3 | *o [post update] [nested, arr, data] | arrays.cpp:38:8:38:8 | *o [nested, arr, data] | provenance | |
| arrays.cpp:36:3:36:17 | *access to array [post update] [data] | arrays.cpp:36:5:36:10 | *nested [post update] [arr, data] | provenance | |
@@ -343,15 +389,19 @@ edges
| by_reference.cpp:31:46:31:46 | *s [a] | by_reference.cpp:32:12:32:12 | *s [a] | provenance | |
| by_reference.cpp:32:12:32:12 | *s [a] | by_reference.cpp:32:15:32:15 | a | provenance | |
| by_reference.cpp:32:15:32:15 | a | by_reference.cpp:31:16:31:28 | *nonMemberGetA | provenance | |
| by_reference.cpp:32:15:32:15 | a | by_reference.cpp:32:15:32:15 | a | provenance | |
| by_reference.cpp:35:9:35:19 | *this [a] | by_reference.cpp:36:12:36:15 | *this [a] | provenance | |
| by_reference.cpp:36:12:36:15 | *this [a] | by_reference.cpp:36:18:36:18 | a | provenance | |
| by_reference.cpp:36:18:36:18 | a | by_reference.cpp:35:9:35:19 | *getDirectly | provenance | |
| by_reference.cpp:36:18:36:18 | a | by_reference.cpp:36:18:36:18 | a | provenance | |
| by_reference.cpp:39:9:39:21 | *this [a] | by_reference.cpp:40:12:40:15 | *this [a] | provenance | |
| by_reference.cpp:40:12:40:15 | *this [a] | by_reference.cpp:35:9:35:19 | *this [a] | provenance | |
| by_reference.cpp:40:12:40:15 | *this [a] | by_reference.cpp:40:18:40:28 | call to getDirectly | provenance | |
| by_reference.cpp:40:18:40:28 | call to getDirectly | by_reference.cpp:39:9:39:21 | *getIndirectly | provenance | |
| by_reference.cpp:40:18:40:28 | call to getDirectly | by_reference.cpp:40:18:40:28 | call to getDirectly | provenance | |
| by_reference.cpp:43:9:43:27 | *this [a] | by_reference.cpp:44:26:44:29 | *this [a] | provenance | |
| by_reference.cpp:44:12:44:24 | call to nonMemberGetA | by_reference.cpp:43:9:43:27 | *getThroughNonMember | provenance | |
| by_reference.cpp:44:12:44:24 | call to nonMemberGetA | by_reference.cpp:44:12:44:24 | call to nonMemberGetA | provenance | |
| by_reference.cpp:44:26:44:29 | *this [a] | by_reference.cpp:31:46:31:46 | *s [a] | provenance | |
| by_reference.cpp:44:26:44:29 | *this [a] | by_reference.cpp:44:12:44:24 | call to nonMemberGetA | provenance | |
| by_reference.cpp:50:3:50:3 | setDirectly output argument [a] | by_reference.cpp:51:8:51:8 | *s [a] | provenance | |
@@ -398,10 +448,12 @@ edges
| by_reference.cpp:88:13:88:22 | call to user_input | by_reference.cpp:88:3:88:24 | ... = ... | provenance | |
| by_reference.cpp:91:25:91:26 | *pa | by_reference.cpp:104:15:104:22 | taint_a_ptr output argument | provenance | |
| by_reference.cpp:91:25:91:26 | *pa | by_reference.cpp:108:15:108:24 | taint_a_ptr output argument | provenance | |
| by_reference.cpp:92:9:92:18 | call to user_input | by_reference.cpp:91:25:91:26 | *pa | provenance | |
| by_reference.cpp:92:3:92:20 | ... = ... | by_reference.cpp:91:25:91:26 | *pa | provenance | |
| by_reference.cpp:92:9:92:18 | call to user_input | by_reference.cpp:92:3:92:20 | ... = ... | provenance | |
| by_reference.cpp:95:25:95:26 | *pa | by_reference.cpp:124:15:124:21 | taint_a_ref output argument | provenance | |
| by_reference.cpp:95:25:95:26 | *pa | by_reference.cpp:128:15:128:23 | taint_a_ref output argument | provenance | |
| by_reference.cpp:96:8:96:17 | call to user_input | by_reference.cpp:95:25:95:26 | *pa | provenance | |
| by_reference.cpp:96:3:96:19 | ... = ... | by_reference.cpp:95:25:95:26 | *pa | provenance | |
| by_reference.cpp:96:8:96:17 | call to user_input | by_reference.cpp:96:3:96:19 | ... = ... | provenance | |
| by_reference.cpp:102:21:102:39 | taint_inner_a_ptr output argument [a] | by_reference.cpp:102:22:102:26 | *outer [post update] [inner_nested, a] | provenance | |
| by_reference.cpp:102:22:102:26 | *outer [post update] [inner_nested, a] | by_reference.cpp:110:8:110:12 | *outer [inner_nested, a] | provenance | |
| by_reference.cpp:103:21:103:25 | *outer [post update] [*inner_ptr, a] | by_reference.cpp:111:8:111:12 | *outer [*inner_ptr, a] | provenance | |
@@ -541,9 +593,11 @@ edges
| complex.cpp:9:7:9:7 | *this [a_] | complex.cpp:9:20:9:21 | *this [a_] | provenance | |
| complex.cpp:9:20:9:21 | *this [a_] | complex.cpp:9:20:9:21 | a_ | provenance | |
| complex.cpp:9:20:9:21 | a_ | complex.cpp:9:7:9:7 | *a | provenance | |
| complex.cpp:9:20:9:21 | a_ | complex.cpp:9:20:9:21 | a_ | provenance | |
| complex.cpp:10:7:10:7 | *this [b_] | complex.cpp:10:20:10:21 | *this [b_] | provenance | |
| complex.cpp:10:20:10:21 | *this [b_] | complex.cpp:10:20:10:21 | b_ | provenance | |
| complex.cpp:10:20:10:21 | b_ | complex.cpp:10:7:10:7 | *b | provenance | |
| complex.cpp:10:20:10:21 | b_ | complex.cpp:10:20:10:21 | b_ | provenance | |
| complex.cpp:11:17:11:17 | a | complex.cpp:11:22:11:27 | ... = ... | provenance | |
| complex.cpp:11:22:11:27 | ... = ... | complex.cpp:11:22:11:23 | *this [post update] [a_] | provenance | |
| complex.cpp:12:17:12:17 | b | complex.cpp:12:22:12:27 | ... = ... | provenance | |
@@ -610,9 +664,11 @@ edges
| constructors.cpp:18:9:18:9 | *this [a_] | constructors.cpp:18:22:18:23 | *this [a_] | provenance | |
| constructors.cpp:18:22:18:23 | *this [a_] | constructors.cpp:18:22:18:23 | a_ | provenance | |
| constructors.cpp:18:22:18:23 | a_ | constructors.cpp:18:9:18:9 | *a | provenance | |
| constructors.cpp:18:22:18:23 | a_ | constructors.cpp:18:22:18:23 | a_ | provenance | |
| constructors.cpp:19:9:19:9 | *this [b_] | constructors.cpp:19:22:19:23 | *this [b_] | provenance | |
| constructors.cpp:19:22:19:23 | *this [b_] | constructors.cpp:19:22:19:23 | b_ | provenance | |
| constructors.cpp:19:22:19:23 | b_ | constructors.cpp:19:9:19:9 | *b | provenance | |
| constructors.cpp:19:22:19:23 | b_ | constructors.cpp:19:22:19:23 | b_ | provenance | |
| constructors.cpp:23:13:23:13 | a | constructors.cpp:23:28:23:28 | a | provenance | |
| constructors.cpp:23:20:23:20 | b | constructors.cpp:23:35:23:35 | b | provenance | |
| constructors.cpp:23:28:23:28 | a | constructors.cpp:23:5:23:7 | *this [post update] [a_] | provenance | |
@@ -696,9 +752,11 @@ edges
| simple.cpp:18:9:18:9 | *this [a_] | simple.cpp:18:22:18:23 | *this [a_] | provenance | |
| simple.cpp:18:22:18:23 | *this [a_] | simple.cpp:18:22:18:23 | a_ | provenance | |
| simple.cpp:18:22:18:23 | a_ | simple.cpp:18:9:18:9 | *a | provenance | |
| simple.cpp:18:22:18:23 | a_ | simple.cpp:18:22:18:23 | a_ | provenance | |
| simple.cpp:19:9:19:9 | *this [b_] | simple.cpp:19:22:19:23 | *this [b_] | provenance | |
| simple.cpp:19:22:19:23 | *this [b_] | simple.cpp:19:22:19:23 | b_ | provenance | |
| simple.cpp:19:22:19:23 | b_ | simple.cpp:19:9:19:9 | *b | provenance | |
| simple.cpp:19:22:19:23 | b_ | simple.cpp:19:22:19:23 | b_ | provenance | |
| simple.cpp:20:19:20:19 | a | simple.cpp:20:24:20:29 | ... = ... | provenance | |
| simple.cpp:20:24:20:29 | ... = ... | simple.cpp:20:24:20:25 | *this [post update] [a_] | provenance | |
| simple.cpp:21:19:21:19 | b | simple.cpp:21:24:21:29 | ... = ... | provenance | |
@@ -725,25 +783,29 @@ edges
| simple.cpp:48:9:48:9 | *g [b_] | simple.cpp:26:15:26:15 | *f [b_] | provenance | |
| simple.cpp:51:9:51:9 | *h [a_] | simple.cpp:26:15:26:15 | *f [a_] | provenance | |
| simple.cpp:51:9:51:9 | *h [b_] | simple.cpp:26:15:26:15 | *f [b_] | provenance | |
| simple.cpp:65:5:65:5 | *a [post update] [i] | simple.cpp:67:10:67:11 | *a2 [i] | provenance | |
| simple.cpp:65:5:65:5 | *a [post update] [i] | simple.cpp:66:12:66:12 | a [i] | provenance | |
| simple.cpp:65:5:65:22 | ... = ... | simple.cpp:65:5:65:5 | *a [post update] [i] | provenance | |
| simple.cpp:65:11:65:20 | call to user_input | simple.cpp:65:5:65:22 | ... = ... | provenance | |
| simple.cpp:66:12:66:12 | a [i] | simple.cpp:67:10:67:11 | *a2 [i] | provenance | |
| simple.cpp:67:10:67:11 | *a2 [i] | simple.cpp:67:13:67:13 | i | provenance | |
| simple.cpp:78:9:78:15 | *this [f2, f1] | simple.cpp:79:16:79:17 | *this [f2, f1] | provenance | |
| simple.cpp:79:16:79:17 | *f2 [f1] | simple.cpp:79:19:79:20 | f1 | provenance | |
| simple.cpp:79:16:79:17 | *this [f2, f1] | simple.cpp:79:16:79:17 | *f2 [f1] | provenance | |
| simple.cpp:79:19:79:20 | f1 | simple.cpp:78:9:78:15 | *getf2f1 | provenance | |
| simple.cpp:79:19:79:20 | f1 | simple.cpp:79:19:79:20 | f1 | provenance | |
| simple.cpp:83:9:83:10 | *f2 [post update] [f1] | simple.cpp:83:9:83:10 | *this [post update] [f2, f1] | provenance | |
| simple.cpp:83:9:83:10 | *this [post update] [f2, f1] | simple.cpp:84:14:84:20 | *this [f2, f1] | provenance | |
| simple.cpp:83:9:83:28 | ... = ... | simple.cpp:83:9:83:10 | *f2 [post update] [f1] | provenance | |
| simple.cpp:83:17:83:26 | call to user_input | simple.cpp:83:9:83:28 | ... = ... | provenance | |
| simple.cpp:84:14:84:20 | *this [f2, f1] | simple.cpp:78:9:78:15 | *this [f2, f1] | provenance | |
| simple.cpp:84:14:84:20 | *this [f2, f1] | simple.cpp:84:14:84:20 | call to getf2f1 | provenance | |
| simple.cpp:92:5:92:5 | *a [post update] [i] | simple.cpp:94:10:94:11 | *a2 [i] | provenance | |
| simple.cpp:92:5:92:5 | *a [post update] [i] | simple.cpp:93:20:93:20 | a [i] | provenance | |
| simple.cpp:92:5:92:22 | ... = ... | simple.cpp:92:5:92:5 | *a [post update] [i] | provenance | |
| simple.cpp:92:11:92:20 | call to user_input | simple.cpp:92:5:92:22 | ... = ... | provenance | |
| simple.cpp:93:20:93:20 | a [i] | simple.cpp:94:10:94:11 | *a2 [i] | provenance | |
| simple.cpp:94:10:94:11 | *a2 [i] | simple.cpp:94:13:94:13 | i | provenance | |
| simple.cpp:103:24:103:24 | x | simple.cpp:104:14:104:14 | x | provenance | |
| simple.cpp:108:17:108:26 | call to user_input | simple.cpp:108:17:108:26 | call to user_input | provenance | |
| simple.cpp:108:17:108:26 | call to user_input | simple.cpp:109:43:109:43 | x | provenance | |
| simple.cpp:109:43:109:43 | x | simple.cpp:103:24:103:24 | x | provenance | |
| struct_init.c:14:24:14:25 | *ab [a] | struct_init.c:14:24:14:25 | *ab [a] | provenance | |
@@ -792,14 +854,18 @@ nodes
| A.cpp:28:8:28:10 | *this [c] | semmle.label | *this [c] |
| A.cpp:28:23:28:26 | *this [c] | semmle.label | *this [c] |
| A.cpp:28:29:28:29 | c | semmle.label | c |
| A.cpp:28:29:28:29 | c | semmle.label | c |
| A.cpp:29:15:29:18 | **make [c] | semmle.label | **make [c] |
| A.cpp:29:23:29:23 | c | semmle.label | c |
| A.cpp:31:14:31:21 | *new [c] | semmle.label | *new [c] |
| A.cpp:31:14:31:21 | call to B [c] | semmle.label | call to B [c] |
| A.cpp:31:20:31:20 | c | semmle.label | c |
| A.cpp:41:5:41:6 | insert output argument | semmle.label | insert output argument |
| A.cpp:41:15:41:21 | new | semmle.label | new |
| A.cpp:43:10:43:12 | *& ... | semmle.label | *& ... |
| A.cpp:47:12:47:18 | new | semmle.label | new |
| A.cpp:47:12:47:18 | new | semmle.label | new |
| A.cpp:48:12:48:18 | *call to make [c] | semmle.label | *call to make [c] |
| A.cpp:48:12:48:18 | *call to make [c] | semmle.label | *call to make [c] |
| A.cpp:48:20:48:20 | c | semmle.label | c |
| A.cpp:49:10:49:10 | *b [c] | semmle.label | *b [c] |
@@ -813,29 +879,39 @@ nodes
| A.cpp:57:11:57:24 | call to B [c] | semmle.label | call to B [c] |
| A.cpp:57:17:57:23 | new | semmle.label | new |
| A.cpp:57:17:57:23 | new | semmle.label | new |
| A.cpp:64:5:64:29 | *... = ... [c] | semmle.label | *... = ... [c] |
| A.cpp:64:10:64:15 | *call to setOnB [c] | semmle.label | *call to setOnB [c] |
| A.cpp:64:21:64:28 | new | semmle.label | new |
| A.cpp:66:10:66:11 | *b2 [c] | semmle.label | *b2 [c] |
| A.cpp:66:10:66:14 | c | semmle.label | c |
| A.cpp:73:5:73:33 | *... = ... [c] | semmle.label | *... = ... [c] |
| A.cpp:73:10:73:19 | *call to setOnBWrap [c] | semmle.label | *call to setOnBWrap [c] |
| A.cpp:73:25:73:32 | new | semmle.label | new |
| A.cpp:75:10:75:11 | *b2 [c] | semmle.label | *b2 [c] |
| A.cpp:75:10:75:14 | c | semmle.label | c |
| A.cpp:78:6:78:15 | **setOnBWrap [c] | semmle.label | **setOnBWrap [c] |
| A.cpp:78:27:78:27 | c | semmle.label | c |
| A.cpp:81:5:81:22 | *... = ... [c] | semmle.label | *... = ... [c] |
| A.cpp:81:10:81:15 | *call to setOnB [c] | semmle.label | *call to setOnB [c] |
| A.cpp:81:21:81:21 | c | semmle.label | c |
| A.cpp:82:12:82:24 | *... ? ... : ... [c] | semmle.label | *... ? ... : ... [c] |
| A.cpp:85:9:85:14 | **setOnB [c] | semmle.label | **setOnB [c] |
| A.cpp:85:26:85:26 | c | semmle.label | c |
| A.cpp:90:7:90:8 | set output argument [c] | semmle.label | set output argument [c] |
| A.cpp:90:15:90:15 | c | semmle.label | c |
| A.cpp:91:14:91:15 | *b2 [c] | semmle.label | *b2 [c] |
| A.cpp:98:12:98:18 | new | semmle.label | new |
| A.cpp:98:12:98:18 | new | semmle.label | new |
| A.cpp:100:5:100:6 | *c1 [post update] [a] | semmle.label | *c1 [post update] [a] |
| A.cpp:100:5:100:13 | ... = ... | semmle.label | ... = ... |
| A.cpp:101:8:101:9 | *c1 [a] | semmle.label | *c1 [a] |
| A.cpp:103:14:103:14 | *c [a] | semmle.label | *c [a] |
| A.cpp:105:18:105:38 | *dynamic_cast<C1 *>... [a] | semmle.label | *dynamic_cast<C1 *>... [a] |
| A.cpp:107:12:107:13 | *c1 [a] | semmle.label | *c1 [a] |
| A.cpp:107:12:107:16 | a | semmle.label | a |
| A.cpp:110:18:110:38 | *dynamic_cast<C2 *>... [a] | semmle.label | *dynamic_cast<C2 *>... [a] |
| A.cpp:112:7:112:13 | *... = ... [a] | semmle.label | *... = ... [a] |
| A.cpp:118:18:118:39 | *dynamic_cast<C1 *>... [a] | semmle.label | *dynamic_cast<C1 *>... [a] |
| A.cpp:120:12:120:13 | *c1 [a] | semmle.label | *c1 [a] |
| A.cpp:120:12:120:16 | a | semmle.label | a |
| A.cpp:124:14:124:14 | *b [c] | semmle.label | *b [c] |
@@ -858,6 +934,9 @@ nodes
| A.cpp:143:7:143:31 | ... = ... | semmle.label | ... = ... |
| A.cpp:143:25:143:31 | new | semmle.label | new |
| A.cpp:150:12:150:18 | new | semmle.label | new |
| A.cpp:150:12:150:18 | new | semmle.label | new |
| A.cpp:151:12:151:24 | *new [*b, c] | semmle.label | *new [*b, c] |
| A.cpp:151:12:151:24 | *new [b] | semmle.label | *new [b] |
| A.cpp:151:12:151:24 | call to D [*b, c] | semmle.label | call to D [*b, c] |
| A.cpp:151:12:151:24 | call to D [b] | semmle.label | call to D [b] |
| A.cpp:151:18:151:18 | D output argument [c] | semmle.label | D output argument [c] |
@@ -875,16 +954,23 @@ nodes
| A.cpp:154:10:154:10 | *b [c] | semmle.label | *b [c] |
| A.cpp:154:10:154:13 | c | semmle.label | c |
| A.cpp:159:12:159:18 | new | semmle.label | new |
| A.cpp:159:12:159:18 | new | semmle.label | new |
| A.cpp:160:18:160:60 | *new [head] | semmle.label | *new [head] |
| A.cpp:160:18:160:60 | call to MyList [head] | semmle.label | call to MyList [head] |
| A.cpp:160:29:160:29 | b | semmle.label | b |
| A.cpp:161:18:161:40 | *new [*next, head] | semmle.label | *new [*next, head] |
| A.cpp:161:18:161:40 | call to MyList [*next, head] | semmle.label | call to MyList [*next, head] |
| A.cpp:161:38:161:39 | *l1 [head] | semmle.label | *l1 [head] |
| A.cpp:162:18:162:40 | *new [*next, *next, head] | semmle.label | *new [*next, *next, head] |
| A.cpp:162:18:162:40 | call to MyList [*next, *next, head] | semmle.label | call to MyList [*next, *next, head] |
| A.cpp:162:38:162:39 | *l2 [*next, head] | semmle.label | *l2 [*next, head] |
| A.cpp:165:10:165:11 | *l3 [*next, *next, head] | semmle.label | *l3 [*next, *next, head] |
| A.cpp:165:10:165:29 | head | semmle.label | head |
| A.cpp:165:14:165:17 | *next [*next, head] | semmle.label | *next [*next, head] |
| A.cpp:165:20:165:23 | *next [head] | semmle.label | *next [head] |
| A.cpp:167:22:167:23 | *l3 [*next, *next, head] | semmle.label | *l3 [*next, *next, head] |
| A.cpp:167:40:167:50 | *... = ... [*next, head] | semmle.label | *... = ... [*next, head] |
| A.cpp:167:40:167:50 | *... = ... [head] | semmle.label | *... = ... [head] |
| A.cpp:167:44:167:44 | *l [*next, *next, head] | semmle.label | *l [*next, *next, head] |
| A.cpp:167:44:167:44 | *l [*next, head] | semmle.label | *l [*next, head] |
| A.cpp:167:47:167:50 | *next [*next, head] | semmle.label | *next [*next, head] |
@@ -903,16 +989,22 @@ nodes
| A.cpp:184:7:184:23 | *... = ... [*next, head] | semmle.label | *... = ... [*next, head] |
| A.cpp:184:7:184:23 | *... = ... [head] | semmle.label | *... = ... [head] |
| B.cpp:6:15:6:24 | new | semmle.label | new |
| B.cpp:6:15:6:24 | new | semmle.label | new |
| B.cpp:7:16:7:35 | *new [elem1] | semmle.label | *new [elem1] |
| B.cpp:7:16:7:35 | call to Box1 [elem1] | semmle.label | call to Box1 [elem1] |
| B.cpp:7:25:7:25 | e | semmle.label | e |
| B.cpp:8:16:8:27 | *new [*box1, elem1] | semmle.label | *new [*box1, elem1] |
| B.cpp:8:16:8:27 | call to Box2 [*box1, elem1] | semmle.label | call to Box2 [*box1, elem1] |
| B.cpp:8:25:8:26 | *b1 [elem1] | semmle.label | *b1 [elem1] |
| B.cpp:9:10:9:11 | *b2 [*box1, elem1] | semmle.label | *b2 [*box1, elem1] |
| B.cpp:9:10:9:24 | elem1 | semmle.label | elem1 |
| B.cpp:9:14:9:17 | *box1 [elem1] | semmle.label | *box1 [elem1] |
| B.cpp:15:15:15:27 | new | semmle.label | new |
| B.cpp:15:15:15:27 | new | semmle.label | new |
| B.cpp:16:16:16:38 | *new [elem2] | semmle.label | *new [elem2] |
| B.cpp:16:16:16:38 | call to Box1 [elem2] | semmle.label | call to Box1 [elem2] |
| B.cpp:16:37:16:37 | e | semmle.label | e |
| B.cpp:17:16:17:27 | *new [*box1, elem2] | semmle.label | *new [*box1, elem2] |
| B.cpp:17:16:17:27 | call to Box2 [*box1, elem2] | semmle.label | call to Box2 [*box1, elem2] |
| B.cpp:17:25:17:26 | *b1 [elem2] | semmle.label | *b1 [elem2] |
| B.cpp:19:10:19:11 | *b2 [*box1, elem2] | semmle.label | *b2 [*box1, elem2] |
@@ -930,6 +1022,8 @@ nodes
| B.cpp:46:7:46:10 | *this [post update] [*box1, elem2] | semmle.label | *this [post update] [*box1, elem2] |
| B.cpp:46:7:46:21 | *... = ... [elem1] | semmle.label | *... = ... [elem1] |
| B.cpp:46:7:46:21 | *... = ... [elem2] | semmle.label | *... = ... [elem2] |
| C.cpp:18:12:18:18 | *new [s1] | semmle.label | *new [s1] |
| C.cpp:18:12:18:18 | *new [s3] | semmle.label | *new [s3] |
| C.cpp:18:12:18:18 | call to C [s1] | semmle.label | call to C [s1] |
| C.cpp:18:12:18:18 | call to C [s3] | semmle.label | call to C [s3] |
| C.cpp:19:5:19:5 | *c [s1] | semmle.label | *c [s1] |
@@ -950,38 +1044,45 @@ nodes
| D.cpp:10:11:10:17 | *this [elem] | semmle.label | *this [elem] |
| D.cpp:10:30:10:33 | *this [elem] | semmle.label | *this [elem] |
| D.cpp:10:30:10:33 | elem | semmle.label | elem |
| D.cpp:10:30:10:33 | elem | semmle.label | elem |
| D.cpp:11:24:11:24 | e | semmle.label | e |
| D.cpp:11:29:11:32 | *this [post update] [elem] | semmle.label | *this [post update] [elem] |
| D.cpp:11:29:11:36 | ... = ... | semmle.label | ... = ... |
| D.cpp:17:11:17:17 | **getBox1 [elem] | semmle.label | **getBox1 [elem] |
| D.cpp:17:11:17:17 | *this [*box, elem] | semmle.label | *this [*box, elem] |
| D.cpp:17:30:17:32 | *box [elem] | semmle.label | *box [elem] |
| D.cpp:17:30:17:32 | *box [elem] | semmle.label | *box [elem] |
| D.cpp:17:30:17:32 | *this [*box, elem] | semmle.label | *this [*box, elem] |
| D.cpp:21:30:21:31 | *b2 [*box, elem] | semmle.label | *b2 [*box, elem] |
| D.cpp:22:10:22:11 | *b2 [*box, elem] | semmle.label | *b2 [*box, elem] |
| D.cpp:22:10:22:33 | call to getElem | semmle.label | call to getElem |
| D.cpp:22:14:22:20 | *call to getBox1 [elem] | semmle.label | *call to getBox1 [elem] |
| D.cpp:28:15:28:24 | new | semmle.label | new |
| D.cpp:28:15:28:24 | new | semmle.label | new |
| D.cpp:30:5:30:5 | *b [post update] [*box, elem] | semmle.label | *b [post update] [*box, elem] |
| D.cpp:30:5:30:20 | ... = ... | semmle.label | ... = ... |
| D.cpp:30:8:30:10 | *box [post update] [elem] | semmle.label | *box [post update] [elem] |
| D.cpp:31:14:31:14 | *b [*box, elem] | semmle.label | *b [*box, elem] |
| D.cpp:35:15:35:24 | new | semmle.label | new |
| D.cpp:35:15:35:24 | new | semmle.label | new |
| D.cpp:37:5:37:5 | *b [post update] [*box, elem] | semmle.label | *b [post update] [*box, elem] |
| D.cpp:37:8:37:10 | setElem output argument [elem] | semmle.label | setElem output argument [elem] |
| D.cpp:37:21:37:21 | e | semmle.label | e |
| D.cpp:38:14:38:14 | *b [*box, elem] | semmle.label | *b [*box, elem] |
| D.cpp:42:15:42:24 | new | semmle.label | new |
| D.cpp:42:15:42:24 | new | semmle.label | new |
| D.cpp:44:5:44:5 | getBox1 output argument [*box, elem] | semmle.label | getBox1 output argument [*box, elem] |
| D.cpp:44:5:44:26 | ... = ... | semmle.label | ... = ... |
| D.cpp:44:8:44:14 | *call to getBox1 [post update] [elem] | semmle.label | *call to getBox1 [post update] [elem] |
| D.cpp:45:14:45:14 | *b [*box, elem] | semmle.label | *b [*box, elem] |
| D.cpp:49:15:49:24 | new | semmle.label | new |
| D.cpp:49:15:49:24 | new | semmle.label | new |
| D.cpp:51:5:51:5 | getBox1 output argument [*box, elem] | semmle.label | getBox1 output argument [*box, elem] |
| D.cpp:51:8:51:14 | setElem output argument [elem] | semmle.label | setElem output argument [elem] |
| D.cpp:51:27:51:27 | e | semmle.label | e |
| D.cpp:52:14:52:14 | *b [*box, elem] | semmle.label | *b [*box, elem] |
| D.cpp:56:15:56:24 | new | semmle.label | new |
| D.cpp:56:15:56:24 | new | semmle.label | new |
| D.cpp:58:5:58:12 | *boxfield [post update] [*box, elem] | semmle.label | *boxfield [post update] [*box, elem] |
| D.cpp:58:5:58:12 | *this [post update] [*boxfield, *box, elem] | semmle.label | *this [post update] [*boxfield, *box, elem] |
| D.cpp:58:5:58:27 | ... = ... | semmle.label | ... = ... |
@@ -1023,6 +1124,7 @@ nodes
| aliasing.cpp:60:3:60:4 | *s2 [post update] [m1] | semmle.label | *s2 [post update] [m1] |
| aliasing.cpp:60:3:60:22 | ... = ... | semmle.label | ... = ... |
| aliasing.cpp:60:11:60:20 | call to user_input | semmle.label | call to user_input |
| aliasing.cpp:61:13:61:14 | s2 [m1] | semmle.label | s2 [m1] |
| aliasing.cpp:62:8:62:12 | *copy2 [m1] | semmle.label | *copy2 [m1] |
| aliasing.cpp:62:14:62:15 | m1 | semmle.label | m1 |
| aliasing.cpp:92:3:92:3 | *w [post update] [s, m1] | semmle.label | *w [post update] [s, m1] |
@@ -1035,10 +1137,13 @@ nodes
| aliasing.cpp:98:3:98:3 | *s [post update] [m1] | semmle.label | *s [post update] [m1] |
| aliasing.cpp:98:3:98:21 | ... = ... | semmle.label | ... = ... |
| aliasing.cpp:98:10:98:19 | call to user_input | semmle.label | call to user_input |
| aliasing.cpp:100:14:100:14 | s [m1] | semmle.label | s [m1] |
| aliasing.cpp:101:13:101:22 | *& ... | semmle.label | *& ... |
| aliasing.cpp:101:13:101:22 | *& ... | semmle.label | *& ... |
| aliasing.cpp:101:14:101:19 | *s_copy [m1] | semmle.label | *s_copy [m1] |
| aliasing.cpp:102:8:102:10 | * ... | semmle.label | * ... |
| aliasing.cpp:105:23:105:24 | *pa | semmle.label | *pa |
| aliasing.cpp:106:3:106:20 | ... = ... | semmle.label | ... = ... |
| aliasing.cpp:106:9:106:18 | call to user_input | semmle.label | call to user_input |
| aliasing.cpp:121:15:121:16 | taint_a_ptr output argument | semmle.label | taint_a_ptr output argument |
| aliasing.cpp:122:8:122:12 | access to array | semmle.label | access to array |
@@ -1070,6 +1175,7 @@ nodes
| aliasing.cpp:187:15:187:22 | taint_a_ptr output argument | semmle.label | taint_a_ptr output argument |
| aliasing.cpp:187:16:187:17 | *s2 [post update] [s, m1] | semmle.label | *s2 [post update] [s, m1] |
| aliasing.cpp:187:19:187:19 | *s [post update] [m1] | semmle.label | *s [post update] [m1] |
| aliasing.cpp:188:13:188:14 | s2 [s, m1] | semmle.label | s2 [s, m1] |
| aliasing.cpp:189:8:189:11 | *s2_2 [s, m1] | semmle.label | *s2_2 [s, m1] |
| aliasing.cpp:189:13:189:13 | *s [m1] | semmle.label | *s [m1] |
| aliasing.cpp:189:15:189:16 | m1 | semmle.label | m1 |
@@ -1079,11 +1185,13 @@ nodes
| aliasing.cpp:201:8:201:10 | *ps2 [s, m1] | semmle.label | *ps2 [s, m1] |
| aliasing.cpp:201:13:201:13 | *s [m1] | semmle.label | *s [m1] |
| aliasing.cpp:201:15:201:16 | m1 | semmle.label | m1 |
| arrays.cpp:6:3:6:23 | ... = ... | semmle.label | ... = ... |
| arrays.cpp:6:12:6:21 | call to user_input | semmle.label | call to user_input |
| arrays.cpp:7:8:7:13 | access to array | semmle.label | access to array |
| arrays.cpp:8:8:8:13 | access to array | semmle.label | access to array |
| arrays.cpp:9:8:9:11 | * ... | semmle.label | * ... |
| arrays.cpp:10:8:10:15 | * ... | semmle.label | * ... |
| arrays.cpp:15:3:15:25 | ... = ... | semmle.label | ... = ... |
| arrays.cpp:15:14:15:23 | call to user_input | semmle.label | call to user_input |
| arrays.cpp:16:8:16:13 | access to array | semmle.label | access to array |
| arrays.cpp:17:8:17:13 | access to array | semmle.label | access to array |
@@ -1145,17 +1253,21 @@ nodes
| by_reference.cpp:31:46:31:46 | *s [a] | semmle.label | *s [a] |
| by_reference.cpp:32:12:32:12 | *s [a] | semmle.label | *s [a] |
| by_reference.cpp:32:15:32:15 | a | semmle.label | a |
| by_reference.cpp:32:15:32:15 | a | semmle.label | a |
| by_reference.cpp:35:9:35:19 | *getDirectly | semmle.label | *getDirectly |
| by_reference.cpp:35:9:35:19 | *this [a] | semmle.label | *this [a] |
| by_reference.cpp:36:12:36:15 | *this [a] | semmle.label | *this [a] |
| by_reference.cpp:36:18:36:18 | a | semmle.label | a |
| by_reference.cpp:36:18:36:18 | a | semmle.label | a |
| by_reference.cpp:39:9:39:21 | *getIndirectly | semmle.label | *getIndirectly |
| by_reference.cpp:39:9:39:21 | *this [a] | semmle.label | *this [a] |
| by_reference.cpp:40:12:40:15 | *this [a] | semmle.label | *this [a] |
| by_reference.cpp:40:18:40:28 | call to getDirectly | semmle.label | call to getDirectly |
| by_reference.cpp:40:18:40:28 | call to getDirectly | semmle.label | call to getDirectly |
| by_reference.cpp:43:9:43:27 | *getThroughNonMember | semmle.label | *getThroughNonMember |
| by_reference.cpp:43:9:43:27 | *this [a] | semmle.label | *this [a] |
| by_reference.cpp:44:12:44:24 | call to nonMemberGetA | semmle.label | call to nonMemberGetA |
| by_reference.cpp:44:12:44:24 | call to nonMemberGetA | semmle.label | call to nonMemberGetA |
| by_reference.cpp:44:26:44:29 | *this [a] | semmle.label | *this [a] |
| by_reference.cpp:50:3:50:3 | setDirectly output argument [a] | semmle.label | setDirectly output argument [a] |
| by_reference.cpp:50:17:50:26 | call to user_input | semmle.label | call to user_input |
@@ -1182,8 +1294,10 @@ nodes
| by_reference.cpp:88:3:88:24 | ... = ... | semmle.label | ... = ... |
| by_reference.cpp:88:13:88:22 | call to user_input | semmle.label | call to user_input |
| by_reference.cpp:91:25:91:26 | *pa | semmle.label | *pa |
| by_reference.cpp:92:3:92:20 | ... = ... | semmle.label | ... = ... |
| by_reference.cpp:92:9:92:18 | call to user_input | semmle.label | call to user_input |
| by_reference.cpp:95:25:95:26 | *pa | semmle.label | *pa |
| by_reference.cpp:96:3:96:19 | ... = ... | semmle.label | ... = ... |
| by_reference.cpp:96:8:96:17 | call to user_input | semmle.label | call to user_input |
| by_reference.cpp:102:21:102:39 | taint_inner_a_ptr output argument [a] | semmle.label | taint_inner_a_ptr output argument [a] |
| by_reference.cpp:102:22:102:26 | *outer [post update] [inner_nested, a] | semmle.label | *outer [post update] [inner_nested, a] |
@@ -1334,10 +1448,12 @@ nodes
| complex.cpp:9:7:9:7 | *this [a_] | semmle.label | *this [a_] |
| complex.cpp:9:20:9:21 | *this [a_] | semmle.label | *this [a_] |
| complex.cpp:9:20:9:21 | a_ | semmle.label | a_ |
| complex.cpp:9:20:9:21 | a_ | semmle.label | a_ |
| complex.cpp:10:7:10:7 | *b | semmle.label | *b |
| complex.cpp:10:7:10:7 | *this [b_] | semmle.label | *this [b_] |
| complex.cpp:10:20:10:21 | *this [b_] | semmle.label | *this [b_] |
| complex.cpp:10:20:10:21 | b_ | semmle.label | b_ |
| complex.cpp:10:20:10:21 | b_ | semmle.label | b_ |
| complex.cpp:11:17:11:17 | a | semmle.label | a |
| complex.cpp:11:22:11:23 | *this [post update] [a_] | semmle.label | *this [post update] [a_] |
| complex.cpp:11:22:11:27 | ... = ... | semmle.label | ... = ... |
@@ -1409,10 +1525,12 @@ nodes
| constructors.cpp:18:9:18:9 | *this [a_] | semmle.label | *this [a_] |
| constructors.cpp:18:22:18:23 | *this [a_] | semmle.label | *this [a_] |
| constructors.cpp:18:22:18:23 | a_ | semmle.label | a_ |
| constructors.cpp:18:22:18:23 | a_ | semmle.label | a_ |
| constructors.cpp:19:9:19:9 | *b | semmle.label | *b |
| constructors.cpp:19:9:19:9 | *this [b_] | semmle.label | *this [b_] |
| constructors.cpp:19:22:19:23 | *this [b_] | semmle.label | *this [b_] |
| constructors.cpp:19:22:19:23 | b_ | semmle.label | b_ |
| constructors.cpp:19:22:19:23 | b_ | semmle.label | b_ |
| constructors.cpp:23:5:23:7 | *this [post update] [a_] | semmle.label | *this [post update] [a_] |
| constructors.cpp:23:5:23:7 | *this [post update] [b_] | semmle.label | *this [post update] [b_] |
| constructors.cpp:23:13:23:13 | a | semmle.label | a |
@@ -1502,10 +1620,12 @@ nodes
| simple.cpp:18:9:18:9 | *this [a_] | semmle.label | *this [a_] |
| simple.cpp:18:22:18:23 | *this [a_] | semmle.label | *this [a_] |
| simple.cpp:18:22:18:23 | a_ | semmle.label | a_ |
| simple.cpp:18:22:18:23 | a_ | semmle.label | a_ |
| simple.cpp:19:9:19:9 | *b | semmle.label | *b |
| simple.cpp:19:9:19:9 | *this [b_] | semmle.label | *this [b_] |
| simple.cpp:19:22:19:23 | *this [b_] | semmle.label | *this [b_] |
| simple.cpp:19:22:19:23 | b_ | semmle.label | b_ |
| simple.cpp:19:22:19:23 | b_ | semmle.label | b_ |
| simple.cpp:20:19:20:19 | a | semmle.label | a |
| simple.cpp:20:24:20:25 | *this [post update] [a_] | semmle.label | *this [post update] [a_] |
| simple.cpp:20:24:20:29 | ... = ... | semmle.label | ... = ... |
@@ -1533,6 +1653,7 @@ nodes
| simple.cpp:65:5:65:5 | *a [post update] [i] | semmle.label | *a [post update] [i] |
| simple.cpp:65:5:65:22 | ... = ... | semmle.label | ... = ... |
| simple.cpp:65:11:65:20 | call to user_input | semmle.label | call to user_input |
| simple.cpp:66:12:66:12 | a [i] | semmle.label | a [i] |
| simple.cpp:67:10:67:11 | *a2 [i] | semmle.label | *a2 [i] |
| simple.cpp:67:13:67:13 | i | semmle.label | i |
| simple.cpp:78:9:78:15 | *getf2f1 | semmle.label | *getf2f1 |
@@ -1540,6 +1661,7 @@ nodes
| simple.cpp:79:16:79:17 | *f2 [f1] | semmle.label | *f2 [f1] |
| simple.cpp:79:16:79:17 | *this [f2, f1] | semmle.label | *this [f2, f1] |
| simple.cpp:79:19:79:20 | f1 | semmle.label | f1 |
| simple.cpp:79:19:79:20 | f1 | semmle.label | f1 |
| simple.cpp:83:9:83:10 | *f2 [post update] [f1] | semmle.label | *f2 [post update] [f1] |
| simple.cpp:83:9:83:10 | *this [post update] [f2, f1] | semmle.label | *this [post update] [f2, f1] |
| simple.cpp:83:9:83:28 | ... = ... | semmle.label | ... = ... |
@@ -1549,11 +1671,13 @@ nodes
| simple.cpp:92:5:92:5 | *a [post update] [i] | semmle.label | *a [post update] [i] |
| simple.cpp:92:5:92:22 | ... = ... | semmle.label | ... = ... |
| simple.cpp:92:11:92:20 | call to user_input | semmle.label | call to user_input |
| simple.cpp:93:20:93:20 | a [i] | semmle.label | a [i] |
| simple.cpp:94:10:94:11 | *a2 [i] | semmle.label | *a2 [i] |
| simple.cpp:94:13:94:13 | i | semmle.label | i |
| simple.cpp:103:24:103:24 | x | semmle.label | x |
| simple.cpp:104:14:104:14 | x | semmle.label | x |
| simple.cpp:108:17:108:26 | call to user_input | semmle.label | call to user_input |
| simple.cpp:108:17:108:26 | call to user_input | semmle.label | call to user_input |
| simple.cpp:109:43:109:43 | x | semmle.label | x |
| struct_init.c:14:24:14:25 | *ab [a] | semmle.label | *ab [a] |
| struct_init.c:14:24:14:25 | *ab [a] | semmle.label | *ab [a] |

2
cpp/ql/test/query-tests/Critical/GlobalUseBeforeInit/GlobalUseBeforeInit.expected
View File

@@ -1 +1 @@
| test.cpp:27:5:27:6 | f1 | The variable 'b' is used in this function but may not be initialized when it is called. |
| test.cpp:27:5:27:6 | f1 | The variable $@ is used in this function but may not be initialized when it is called. | test.cpp:14:5:14:5 | b | b |

9
cpp/ql/test/query-tests/Critical/MemoryFreed/UseAfterFree.expected
View File

@@ -9,8 +9,11 @@ edges
| test_free.cpp:95:10:95:10 | pointer to free output argument | test_free.cpp:96:9:96:9 | a | provenance | |
| test_free.cpp:101:10:101:10 | pointer to free output argument | test_free.cpp:102:23:102:23 | a | provenance | |
| test_free.cpp:152:27:152:27 | pointer to free output argument | test_free.cpp:153:5:153:5 | a | provenance | |
| test_free.cpp:233:14:233:15 | pointer to free output argument | test_free.cpp:236:9:236:10 | * ... | provenance | |
| test_free.cpp:239:14:239:15 | pointer to free output argument | test_free.cpp:241:9:241:10 | * ... | provenance | |
| test_free.cpp:233:14:233:15 | pointer to free output argument | test_free.cpp:234:9:234:11 | *... ++ | provenance | |
| test_free.cpp:234:9:234:11 | *... ++ | test_free.cpp:236:9:236:10 | * ... | provenance | |
| test_free.cpp:238:15:238:17 | *... ++ | test_free.cpp:238:15:238:17 | *... ++ | provenance | |
| test_free.cpp:238:15:238:17 | *... ++ | test_free.cpp:241:9:241:10 | * ... | provenance | |
| test_free.cpp:239:14:239:15 | pointer to free output argument | test_free.cpp:238:15:238:17 | *... ++ | provenance | |
| test_free.cpp:245:10:245:11 | pointer to free output argument | test_free.cpp:246:9:246:10 | * ... | provenance | |
| test_free.cpp:277:8:277:8 | *s [post update] [buf] | test_free.cpp:278:12:278:12 | *s [buf] | provenance | |
| test_free.cpp:277:8:277:13 | pointer to free output argument | test_free.cpp:277:8:277:8 | *s [post update] [buf] | provenance | |
@@ -43,7 +46,9 @@ nodes
| test_free.cpp:152:27:152:27 | pointer to free output argument | semmle.label | pointer to free output argument |
| test_free.cpp:153:5:153:5 | a | semmle.label | a |
| test_free.cpp:233:14:233:15 | pointer to free output argument | semmle.label | pointer to free output argument |
| test_free.cpp:234:9:234:11 | *... ++ | semmle.label | *... ++ |
| test_free.cpp:236:9:236:10 | * ... | semmle.label | * ... |
| test_free.cpp:238:15:238:17 | *... ++ | semmle.label | *... ++ |
| test_free.cpp:239:14:239:15 | pointer to free output argument | semmle.label | pointer to free output argument |
| test_free.cpp:241:9:241:10 | * ... | semmle.label | * ... |
| test_free.cpp:245:10:245:11 | pointer to free output argument | semmle.label | pointer to free output argument |

46
cpp/ql/test/query-tests/Likely Bugs/Format/NonConstantFormat/NonConstantFormat.expected
View File

@@ -7,20 +7,33 @@ edges
| nested.cpp:34:37:34:39 | *fmt | nested.cpp:35:19:35:21 | *fmt | provenance | |
| nested.cpp:35:19:35:21 | *fmt | nested.cpp:27:32:27:34 | *fmt | provenance | |
| nested.cpp:42:24:42:34 | *call to ext_fmt_str | nested.cpp:34:37:34:39 | *fmt | provenance | |
| nested.cpp:86:19:86:46 | *call to __builtin_alloca | nested.cpp:87:18:87:20 | *fmt | provenance | |
| nested.cpp:86:19:86:46 | *(char *)... | nested.cpp:87:18:87:20 | *fmt | provenance | |
| nested.cpp:86:19:86:46 | *call to __builtin_alloca | nested.cpp:86:19:86:46 | *(char *)... | provenance | |
| test.cpp:46:27:46:30 | **argv | test.cpp:130:20:130:26 | *access to array | provenance | |
| test.cpp:167:31:167:34 | *data | test.cpp:170:12:170:14 | *res | provenance | DataFlowFunction |
| test.cpp:193:32:193:34 | *str | test.cpp:195:31:195:33 | *str | provenance | |
| test.cpp:193:32:193:34 | *str | test.cpp:197:11:197:14 | *wstr | provenance | TaintFunction |
| test.cpp:204:25:204:36 | *call to get_string | test.cpp:205:12:205:20 | *... + ... | provenance | |
| test.cpp:204:25:204:36 | *call to get_string | test.cpp:206:12:206:16 | *hello | provenance | |
| test.cpp:209:25:209:36 | *call to get_string | test.cpp:211:12:211:16 | *hello | provenance | |
| test.cpp:215:25:215:36 | *call to get_string | test.cpp:217:12:217:16 | *hello | provenance | |
| test.cpp:221:25:221:36 | *call to get_string | test.cpp:223:12:223:16 | *hello | provenance | |
| test.cpp:227:25:227:36 | *call to get_string | test.cpp:228:12:228:18 | *++ ... | provenance | |
| test.cpp:232:25:232:36 | *call to get_string | test.cpp:235:12:235:16 | *hello | provenance | |
| test.cpp:239:25:239:36 | *call to get_string | test.cpp:242:12:242:16 | *hello | provenance | |
| test.cpp:245:25:245:36 | *call to get_string | test.cpp:247:12:247:16 | *hello | provenance | |
| test.cpp:204:25:204:36 | *(const char *)... | test.cpp:205:12:205:20 | *... + ... | provenance | |
| test.cpp:204:25:204:36 | *(const char *)... | test.cpp:206:12:206:16 | *hello | provenance | |
| test.cpp:204:25:204:36 | *call to get_string | test.cpp:204:25:204:36 | *(const char *)... | provenance | |
| test.cpp:209:25:209:36 | *(const char *)... | test.cpp:210:5:210:14 | *... += ... | provenance | |
| test.cpp:209:25:209:36 | *call to get_string | test.cpp:209:25:209:36 | *(const char *)... | provenance | |
| test.cpp:210:5:210:14 | *... += ... | test.cpp:211:12:211:16 | *hello | provenance | |
| test.cpp:215:25:215:36 | *(const char *)... | test.cpp:216:5:216:21 | *... = ... | provenance | |
| test.cpp:215:25:215:36 | *call to get_string | test.cpp:215:25:215:36 | *(const char *)... | provenance | |
| test.cpp:216:5:216:21 | *... = ... | test.cpp:217:12:217:16 | *hello | provenance | |
| test.cpp:221:25:221:36 | *(const char *)... | test.cpp:222:5:222:11 | *... ++ | provenance | |
| test.cpp:221:25:221:36 | *call to get_string | test.cpp:221:25:221:36 | *(const char *)... | provenance | |
| test.cpp:222:5:222:11 | *... ++ | test.cpp:223:12:223:16 | *hello | provenance | |
| test.cpp:227:25:227:36 | *(const char *)... | test.cpp:228:12:228:18 | *++ ... | provenance | |
| test.cpp:227:25:227:36 | *call to get_string | test.cpp:227:25:227:36 | *(const char *)... | provenance | |
| test.cpp:228:12:228:18 | *++ ... | test.cpp:228:12:228:18 | *++ ... | provenance | |
| test.cpp:232:25:232:36 | *(const char *)... | test.cpp:235:12:235:16 | *hello | provenance | |
| test.cpp:232:25:232:36 | *call to get_string | test.cpp:232:25:232:36 | *(const char *)... | provenance | |
| test.cpp:239:25:239:36 | *(const char *)... | test.cpp:242:12:242:16 | *hello | provenance | |
| test.cpp:239:25:239:36 | *call to get_string | test.cpp:239:25:239:36 | *(const char *)... | provenance | |
| test.cpp:245:25:245:36 | *(const char *)... | test.cpp:247:12:247:16 | *hello | provenance | |
| test.cpp:245:25:245:36 | *call to get_string | test.cpp:245:25:245:36 | *(const char *)... | provenance | |
nodes
| NonConstantFormat.c:28:27:28:30 | **argv | semmle.label | **argv |
| NonConstantFormat.c:30:10:30:16 | *access to array | semmle.label | *access to array |
@@ -35,6 +48,7 @@ nodes
| nested.cpp:35:19:35:21 | *fmt | semmle.label | *fmt |
| nested.cpp:42:24:42:34 | *call to ext_fmt_str | semmle.label | *call to ext_fmt_str |
| nested.cpp:79:32:79:38 | *call to get_fmt | semmle.label | *call to get_fmt |
| nested.cpp:86:19:86:46 | *(char *)... | semmle.label | *(char *)... |
| nested.cpp:86:19:86:46 | *call to __builtin_alloca | semmle.label | *call to __builtin_alloca |
| nested.cpp:87:18:87:20 | *fmt | semmle.label | *fmt |
| test.cpp:46:27:46:30 | **argv | semmle.label | **argv |
@@ -44,21 +58,33 @@ nodes
| test.cpp:193:32:193:34 | *str | semmle.label | *str |
| test.cpp:195:31:195:33 | *str | semmle.label | *str |
| test.cpp:197:11:197:14 | *wstr | semmle.label | *wstr |
| test.cpp:204:25:204:36 | *(const char *)... | semmle.label | *(const char *)... |
| test.cpp:204:25:204:36 | *call to get_string | semmle.label | *call to get_string |
| test.cpp:205:12:205:20 | *... + ... | semmle.label | *... + ... |
| test.cpp:206:12:206:16 | *hello | semmle.label | *hello |
| test.cpp:209:25:209:36 | *(const char *)... | semmle.label | *(const char *)... |
| test.cpp:209:25:209:36 | *call to get_string | semmle.label | *call to get_string |
| test.cpp:210:5:210:14 | *... += ... | semmle.label | *... += ... |
| test.cpp:211:12:211:16 | *hello | semmle.label | *hello |
| test.cpp:215:25:215:36 | *(const char *)... | semmle.label | *(const char *)... |
| test.cpp:215:25:215:36 | *call to get_string | semmle.label | *call to get_string |
| test.cpp:216:5:216:21 | *... = ... | semmle.label | *... = ... |
| test.cpp:217:12:217:16 | *hello | semmle.label | *hello |
| test.cpp:221:25:221:36 | *(const char *)... | semmle.label | *(const char *)... |
| test.cpp:221:25:221:36 | *call to get_string | semmle.label | *call to get_string |
| test.cpp:222:5:222:11 | *... ++ | semmle.label | *... ++ |
| test.cpp:223:12:223:16 | *hello | semmle.label | *hello |
| test.cpp:227:25:227:36 | *(const char *)... | semmle.label | *(const char *)... |
| test.cpp:227:25:227:36 | *call to get_string | semmle.label | *call to get_string |
| test.cpp:228:12:228:18 | *++ ... | semmle.label | *++ ... |
| test.cpp:228:12:228:18 | *++ ... | semmle.label | *++ ... |
| test.cpp:232:25:232:36 | *(const char *)... | semmle.label | *(const char *)... |
| test.cpp:232:25:232:36 | *call to get_string | semmle.label | *call to get_string |
| test.cpp:235:12:235:16 | *hello | semmle.label | *hello |
| test.cpp:239:25:239:36 | *(const char *)... | semmle.label | *(const char *)... |
| test.cpp:239:25:239:36 | *call to get_string | semmle.label | *call to get_string |
| test.cpp:242:12:242:16 | *hello | semmle.label | *hello |
| test.cpp:245:25:245:36 | *(const char *)... | semmle.label | *(const char *)... |
| test.cpp:245:25:245:36 | *call to get_string | semmle.label | *call to get_string |
| test.cpp:247:12:247:16 | *hello | semmle.label | *hello |
subpaths

8
cpp/ql/test/query-tests/Security/CWE/CWE-022/semmle/tests/TaintedPath.expected
View File

@@ -1,12 +1,16 @@
edges
| test.c:8:27:8:30 | **argv | test.c:17:11:17:18 | *fileName | provenance | TaintFunction |
| test.c:8:27:8:30 | **argv | test.c:32:11:32:18 | *fileName | provenance | |
| test.c:8:27:8:30 | **argv | test.c:9:23:9:29 | *access to array | provenance | |
| test.c:8:27:8:30 | **argv | test.c:31:22:31:28 | *access to array | provenance | |
| test.c:8:27:8:30 | **argv | test.c:57:10:57:16 | *access to array | provenance | |
| test.c:9:23:9:29 | *access to array | test.c:17:11:17:18 | *fileName | provenance | TaintFunction |
| test.c:31:22:31:28 | *access to array | test.c:32:11:32:18 | *fileName | provenance | |
| test.c:37:17:37:24 | scanf output argument | test.c:38:11:38:18 | *fileName | provenance | |
| test.c:43:17:43:24 | scanf output argument | test.c:44:11:44:18 | *fileName | provenance | |
nodes
| test.c:8:27:8:30 | **argv | semmle.label | **argv |
| test.c:9:23:9:29 | *access to array | semmle.label | *access to array |
| test.c:17:11:17:18 | *fileName | semmle.label | *fileName |
| test.c:31:22:31:28 | *access to array | semmle.label | *access to array |
| test.c:32:11:32:18 | *fileName | semmle.label | *fileName |
| test.c:37:17:37:24 | scanf output argument | semmle.label | scanf output argument |
| test.c:38:11:38:18 | *fileName | semmle.label | *fileName |

10
cpp/ql/test/query-tests/Security/CWE/CWE-078/SAMATE/ExecTainted/ExecTainted.expected
View File

@@ -1,14 +1,20 @@
edges
| tests.cpp:26:15:26:23 | **badSource | tests.cpp:51:12:51:20 | *call to badSource | provenance | |
| tests.cpp:33:34:33:39 | *call to getenv | tests.cpp:33:34:33:39 | *call to getenv | provenance | |
| tests.cpp:33:34:33:39 | *call to getenv | tests.cpp:38:39:38:49 | *environment | provenance | |
| tests.cpp:38:25:38:36 | strncat output argument | tests.cpp:26:15:26:23 | **badSource | provenance | |
| tests.cpp:38:25:38:36 | strncat output argument | tests.cpp:42:12:42:15 | *data | provenance | |
| tests.cpp:38:39:38:49 | *environment | tests.cpp:38:25:38:36 | strncat output argument | provenance | |
| tests.cpp:51:12:51:20 | *call to badSource | tests.cpp:53:16:53:19 | *data | provenance | |
| tests.cpp:42:12:42:15 | *data | tests.cpp:26:15:26:23 | **badSource | provenance | |
| tests.cpp:51:5:51:26 | *... = ... | tests.cpp:53:16:53:19 | *data | provenance | |
| tests.cpp:51:12:51:20 | *call to badSource | tests.cpp:51:5:51:26 | *... = ... | provenance | |
nodes
| tests.cpp:26:15:26:23 | **badSource | semmle.label | **badSource |
| tests.cpp:33:34:33:39 | *call to getenv | semmle.label | *call to getenv |
| tests.cpp:33:34:33:39 | *call to getenv | semmle.label | *call to getenv |
| tests.cpp:38:25:38:36 | strncat output argument | semmle.label | strncat output argument |
| tests.cpp:38:39:38:49 | *environment | semmle.label | *environment |
| tests.cpp:42:12:42:15 | *data | semmle.label | *data |
| tests.cpp:51:5:51:26 | *... = ... | semmle.label | *... = ... |
| tests.cpp:51:12:51:20 | *call to badSource | semmle.label | *call to badSource |
| tests.cpp:53:16:53:19 | *data | semmle.label | *data |
subpaths

8
cpp/ql/test/query-tests/Security/CWE/CWE-078/semmle/ExecTainted/ExecTainted.expected
View File

@@ -1,7 +1,9 @@
edges
| test.cpp:15:27:15:30 | **argv | test.cpp:22:45:22:52 | *userName | provenance | |
| test.cpp:15:27:15:30 | **argv | test.cpp:16:20:16:26 | *access to array | provenance | |
| test.cpp:16:20:16:26 | *access to array | test.cpp:22:45:22:52 | *userName | provenance | |
| test.cpp:22:13:22:20 | sprintf output argument | test.cpp:23:12:23:19 | *command1 | provenance | |
| test.cpp:22:45:22:52 | *userName | test.cpp:22:13:22:20 | sprintf output argument | provenance | |
| test.cpp:47:21:47:26 | *call to getenv | test.cpp:47:21:47:26 | *call to getenv | provenance | |
| test.cpp:47:21:47:26 | *call to getenv | test.cpp:50:35:50:43 | *envCflags | provenance | |
| test.cpp:50:11:50:17 | sprintf output argument | test.cpp:51:10:51:16 | *command | provenance | |
| test.cpp:50:35:50:43 | *envCflags | test.cpp:50:11:50:17 | sprintf output argument | provenance | |
@@ -15,6 +17,7 @@ edges
| test.cpp:93:11:93:14 | strncat output argument | test.cpp:94:45:94:48 | *path | provenance | |
| test.cpp:93:17:93:24 | *filename | test.cpp:93:11:93:14 | strncat output argument | provenance | |
| test.cpp:106:20:106:38 | *call to getenv | test.cpp:107:33:107:36 | *path | provenance | TaintFunction |
| test.cpp:107:31:107:31 | call to operator+ | test.cpp:107:31:107:31 | call to operator+ | provenance | |
| test.cpp:107:31:107:31 | call to operator+ | test.cpp:108:18:108:22 | *call to c_str | provenance | TaintFunction |
| test.cpp:107:33:107:36 | *path | test.cpp:107:31:107:31 | call to operator+ | provenance | |
| test.cpp:113:20:113:38 | *call to getenv | test.cpp:114:19:114:22 | *path | provenance | TaintFunction |
@@ -66,10 +69,12 @@ edges
| test.cpp:220:19:220:26 | *filename | test.cpp:220:19:220:26 | *filename | provenance | |
nodes
| test.cpp:15:27:15:30 | **argv | semmle.label | **argv |
| test.cpp:16:20:16:26 | *access to array | semmle.label | *access to array |
| test.cpp:22:13:22:20 | sprintf output argument | semmle.label | sprintf output argument |
| test.cpp:22:45:22:52 | *userName | semmle.label | *userName |
| test.cpp:23:12:23:19 | *command1 | semmle.label | *command1 |
| test.cpp:47:21:47:26 | *call to getenv | semmle.label | *call to getenv |
| test.cpp:47:21:47:26 | *call to getenv | semmle.label | *call to getenv |
| test.cpp:50:11:50:17 | sprintf output argument | semmle.label | sprintf output argument |
| test.cpp:50:35:50:43 | *envCflags | semmle.label | *envCflags |
| test.cpp:51:10:51:16 | *command | semmle.label | *command |
@@ -87,6 +92,7 @@ nodes
| test.cpp:94:45:94:48 | *path | semmle.label | *path |
| test.cpp:106:20:106:38 | *call to getenv | semmle.label | *call to getenv |
| test.cpp:107:31:107:31 | call to operator+ | semmle.label | call to operator+ |
| test.cpp:107:31:107:31 | call to operator+ | semmle.label | call to operator+ |
| test.cpp:107:33:107:36 | *path | semmle.label | *path |
| test.cpp:108:18:108:22 | *call to c_str | semmle.label | *call to c_str |
| test.cpp:113:20:113:38 | *call to getenv | semmle.label | *call to getenv |

2
cpp/ql/test/query-tests/Security/CWE/CWE-079/semmle/CgiXss/CgiXss.expected
View File

@@ -2,6 +2,7 @@ edges
| search.c:14:24:14:28 | *query | search.c:17:8:17:12 | *query | provenance | |
| search.c:22:24:22:28 | *query | search.c:23:39:23:43 | *query | provenance | |
| search.c:55:24:55:28 | *query | search.c:62:8:62:17 | *query_text | provenance | TaintFunction |
| search.c:67:21:67:26 | *call to getenv | search.c:67:21:67:26 | *call to getenv | provenance | |
| search.c:67:21:67:26 | *call to getenv | search.c:71:17:71:25 | *raw_query | provenance | |
| search.c:67:21:67:26 | *call to getenv | search.c:73:17:73:25 | *raw_query | provenance | |
| search.c:67:21:67:26 | *call to getenv | search.c:77:17:77:25 | *raw_query | provenance | |
@@ -16,6 +17,7 @@ nodes
| search.c:55:24:55:28 | *query | semmle.label | *query |
| search.c:62:8:62:17 | *query_text | semmle.label | *query_text |
| search.c:67:21:67:26 | *call to getenv | semmle.label | *call to getenv |
| search.c:67:21:67:26 | *call to getenv | semmle.label | *call to getenv |
| search.c:71:17:71:25 | *raw_query | semmle.label | *raw_query |
| search.c:73:17:73:25 | *raw_query | semmle.label | *raw_query |
| search.c:77:17:77:25 | *raw_query | semmle.label | *raw_query |

14
cpp/ql/test/query-tests/Security/CWE/CWE-089/SqlTainted/SqlTainted.expected
View File

@@ -1,18 +1,24 @@
edges
| test.c:14:27:14:30 | **argv | test.c:21:18:21:23 | *query1 | provenance | TaintFunction |
| test.c:14:27:14:30 | **argv | test.c:35:16:35:23 | *userName | provenance | |
| test.c:14:27:14:30 | **argv | test.c:15:20:15:26 | *access to array | provenance | |
| test.c:15:20:15:26 | *access to array | test.c:21:18:21:23 | *query1 | provenance | TaintFunction |
| test.c:15:20:15:26 | *access to array | test.c:35:16:35:23 | *userName | provenance | |
| test.c:35:16:35:23 | *userName | test.c:40:25:40:32 | *username | provenance | |
| test.c:38:7:38:20 | **globalUsername | test.c:51:18:51:23 | *query1 | provenance | TaintFunction |
| test.c:40:25:40:32 | *username | test.c:38:7:38:20 | **globalUsername | provenance | |
| test.c:38:7:38:20 | **globalUsername | test.c:48:20:48:33 | *globalUsername | provenance | |
| test.c:40:25:40:32 | *username | test.c:41:3:41:27 | *... = ... | provenance | |
| test.c:41:3:41:27 | *... = ... | test.c:38:7:38:20 | **globalUsername | provenance | |
| test.c:48:20:48:33 | *globalUsername | test.c:51:18:51:23 | *query1 | provenance | TaintFunction |
| test.c:75:8:75:16 | gets output argument | test.c:76:17:76:25 | *userInput | provenance | |
| test.c:75:8:75:16 | gets output argument | test.c:77:20:77:28 | *userInput | provenance | |
| test.cpp:39:27:39:30 | **argv | test.cpp:43:27:43:33 | *access to array | provenance | |
nodes
| test.c:14:27:14:30 | **argv | semmle.label | **argv |
| test.c:15:20:15:26 | *access to array | semmle.label | *access to array |
| test.c:21:18:21:23 | *query1 | semmle.label | *query1 |
| test.c:35:16:35:23 | *userName | semmle.label | *userName |
| test.c:38:7:38:20 | **globalUsername | semmle.label | **globalUsername |
| test.c:40:25:40:32 | *username | semmle.label | *username |
| test.c:41:3:41:27 | *... = ... | semmle.label | *... = ... |
| test.c:48:20:48:33 | *globalUsername | semmle.label | *globalUsername |
| test.c:51:18:51:23 | *query1 | semmle.label | *query1 |
| test.c:75:8:75:16 | gets output argument | semmle.label | gets output argument |
| test.c:76:17:76:25 | *userInput | semmle.label | *userInput |

2
cpp/ql/test/query-tests/Security/CWE/CWE-114/SAMATE/UncontrolledProcessOperation/UncontrolledProcessOperation.expected
View File

@@ -1,11 +1,13 @@
edges
| test.cpp:37:73:37:76 | *data | test.cpp:43:32:43:35 | *data | provenance | |
| test.cpp:64:30:64:35 | *call to getenv | test.cpp:64:30:64:35 | *call to getenv | provenance | |
| test.cpp:64:30:64:35 | *call to getenv | test.cpp:73:24:73:27 | *data | provenance | TaintFunction |
| test.cpp:73:24:73:27 | *data | test.cpp:37:73:37:76 | *data | provenance | |
nodes
| test.cpp:37:73:37:76 | *data | semmle.label | *data |
| test.cpp:43:32:43:35 | *data | semmle.label | *data |
| test.cpp:64:30:64:35 | *call to getenv | semmle.label | *call to getenv |
| test.cpp:64:30:64:35 | *call to getenv | semmle.label | *call to getenv |
| test.cpp:73:24:73:27 | *data | semmle.label | *data |
subpaths
#select

16
cpp/ql/test/query-tests/Security/CWE/CWE-114/semmle/UncontrolledProcessOperation/UncontrolledProcessOperation.expected
View File

@@ -3,14 +3,18 @@ edges
| test.cpp:29:30:29:36 | *command | test.cpp:31:10:31:16 | *command | provenance | |
| test.cpp:42:18:42:34 | *call to getenv | test.cpp:24:30:24:36 | *command | provenance | |
| test.cpp:43:18:43:34 | *call to getenv | test.cpp:29:30:29:36 | *command | provenance | |
| test.cpp:56:12:56:17 | fgets output argument | test.cpp:58:16:58:21 | *array to pointer conversion | provenance | |
| test.cpp:56:12:56:17 | fgets output argument | test.cpp:62:10:62:15 | *buffer | provenance | |
| test.cpp:56:12:56:17 | fgets output argument | test.cpp:63:10:63:13 | *data | provenance | |
| test.cpp:56:12:56:17 | fgets output argument | test.cpp:64:10:64:16 | *dataref | provenance | |
| test.cpp:56:12:56:17 | fgets output argument | test.cpp:65:10:65:14 | *data2 | provenance | |
| test.cpp:58:16:58:21 | *array to pointer conversion | test.cpp:59:20:59:23 | **(reference to) | provenance | |
| test.cpp:58:16:58:21 | *array to pointer conversion | test.cpp:63:10:63:13 | *data | provenance | |
| test.cpp:59:20:59:23 | **(reference to) | test.cpp:60:17:60:23 | *(reference dereference) | provenance | |
| test.cpp:59:20:59:23 | **(reference to) | test.cpp:64:10:64:16 | *dataref | provenance | |
| test.cpp:60:17:60:23 | *(reference dereference) | test.cpp:65:10:65:14 | *data2 | provenance | |
| test.cpp:76:12:76:17 | fgets output argument | test.cpp:78:10:78:15 | *buffer | provenance | |
| test.cpp:98:17:98:22 | recv output argument | test.cpp:99:15:99:20 | *buffer | provenance | |
| test.cpp:106:17:106:22 | recv output argument | test.cpp:107:15:107:20 | *buffer | provenance | |
| test.cpp:113:8:113:12 | *call to fgets | test.cpp:114:9:114:11 | *ptr | provenance | |
| test.cpp:113:2:113:44 | *... = ... | test.cpp:114:9:114:11 | *ptr | provenance | |
| test.cpp:113:8:113:12 | *call to fgets | test.cpp:113:2:113:44 | *... = ... | provenance | |
nodes
| test.cpp:24:30:24:36 | *command | semmle.label | *command |
| test.cpp:26:10:26:16 | *command | semmle.label | *command |
@@ -19,6 +23,9 @@ nodes
| test.cpp:42:18:42:34 | *call to getenv | semmle.label | *call to getenv |
| test.cpp:43:18:43:34 | *call to getenv | semmle.label | *call to getenv |
| test.cpp:56:12:56:17 | fgets output argument | semmle.label | fgets output argument |
| test.cpp:58:16:58:21 | *array to pointer conversion | semmle.label | *array to pointer conversion |
| test.cpp:59:20:59:23 | **(reference to) | semmle.label | **(reference to) |
| test.cpp:60:17:60:23 | *(reference dereference) | semmle.label | *(reference dereference) |
| test.cpp:62:10:62:15 | *buffer | semmle.label | *buffer |
| test.cpp:63:10:63:13 | *data | semmle.label | *data |
| test.cpp:64:10:64:16 | *dataref | semmle.label | *dataref |
@@ -29,6 +36,7 @@ nodes
| test.cpp:99:15:99:20 | *buffer | semmle.label | *buffer |
| test.cpp:106:17:106:22 | recv output argument | semmle.label | recv output argument |
| test.cpp:107:15:107:20 | *buffer | semmle.label | *buffer |
| test.cpp:113:2:113:44 | *... = ... | semmle.label | *... = ... |
| test.cpp:113:8:113:12 | *call to fgets | semmle.label | *call to fgets |
| test.cpp:114:9:114:11 | *ptr | semmle.label | *ptr |
subpaths

40
cpp/ql/test/query-tests/Security/CWE/CWE-119/SAMATE/OverrunWriteProductFlow.expected
View File

@@ -3,7 +3,9 @@ edges
| test.cpp:18:5:18:7 | *str [post update] [string] | test.cpp:19:5:19:7 | *str [string] | provenance | |
| test.cpp:18:5:18:30 | ... = ... | test.cpp:18:5:18:7 | *str [post update] [string] | provenance | |
| test.cpp:18:19:18:24 | call to malloc | test.cpp:18:5:18:30 | ... = ... | provenance | |
| test.cpp:19:5:19:7 | *str [string] | test.cpp:16:11:16:21 | **mk_string_t [string] | provenance | |
| test.cpp:19:5:19:7 | *str [string] | test.cpp:20:12:20:14 | *str [string] | provenance | |
| test.cpp:20:12:20:14 | *str [string] | test.cpp:16:11:16:21 | **mk_string_t [string] | provenance | |
| test.cpp:39:21:39:31 | *call to mk_string_t [string] | test.cpp:39:21:39:31 | *call to mk_string_t [string] | provenance | |
| test.cpp:39:21:39:31 | *call to mk_string_t [string] | test.cpp:42:13:42:15 | *str [string] | provenance | |
| test.cpp:39:21:39:31 | *call to mk_string_t [string] | test.cpp:72:17:72:19 | *str [string] | provenance | |
| test.cpp:39:21:39:31 | *call to mk_string_t [string] | test.cpp:80:17:80:19 | *str [string] | provenance | |
@@ -14,7 +16,9 @@ edges
| test.cpp:90:5:90:7 | *str [post update] [string] | test.cpp:91:5:91:7 | *str [string] | provenance | |
| test.cpp:90:5:90:34 | ... = ... | test.cpp:90:5:90:7 | *str [post update] [string] | provenance | |
| test.cpp:90:19:90:24 | call to malloc | test.cpp:90:5:90:34 | ... = ... | provenance | |
| test.cpp:91:5:91:7 | *str [string] | test.cpp:88:11:88:30 | **mk_string_t_plus_one [string] | provenance | |
| test.cpp:91:5:91:7 | *str [string] | test.cpp:92:12:92:14 | *str [string] | provenance | |
| test.cpp:92:12:92:14 | *str [string] | test.cpp:88:11:88:30 | **mk_string_t_plus_one [string] | provenance | |
| test.cpp:96:21:96:40 | *call to mk_string_t_plus_one [string] | test.cpp:96:21:96:40 | *call to mk_string_t_plus_one [string] | provenance | |
| test.cpp:96:21:96:40 | *call to mk_string_t_plus_one [string] | test.cpp:99:13:99:15 | *str [string] | provenance | |
| test.cpp:96:21:96:40 | *call to mk_string_t_plus_one [string] | test.cpp:129:17:129:19 | *str [string] | provenance | |
| test.cpp:96:21:96:40 | *call to mk_string_t_plus_one [string] | test.cpp:137:17:137:19 | *str [string] | provenance | |
@@ -43,27 +47,36 @@ edges
| test.cpp:203:17:203:19 | *str [string] | test.cpp:203:22:203:27 | string | provenance | |
| test.cpp:207:17:207:19 | *str [string] | test.cpp:207:22:207:27 | string | provenance | |
| test.cpp:214:24:214:24 | p | test.cpp:216:10:216:10 | p | provenance | |
| test.cpp:220:27:220:54 | call to malloc | test.cpp:222:15:222:20 | buffer | provenance | |
| test.cpp:220:27:220:54 | (unsigned char *)... | test.cpp:222:15:222:20 | buffer | provenance | |
| test.cpp:220:27:220:54 | call to malloc | test.cpp:220:27:220:54 | (unsigned char *)... | provenance | |
| test.cpp:222:15:222:20 | buffer | test.cpp:214:24:214:24 | p | provenance | |
| test.cpp:228:27:228:54 | call to malloc | test.cpp:232:10:232:15 | buffer | provenance | |
| test.cpp:228:27:228:54 | (unsigned char *)... | test.cpp:232:10:232:15 | buffer | provenance | |
| test.cpp:228:27:228:54 | call to malloc | test.cpp:228:27:228:54 | (unsigned char *)... | provenance | |
| test.cpp:235:40:235:45 | buffer | test.cpp:236:5:236:26 | ... = ... | provenance | |
| test.cpp:236:5:236:9 | *p_str [post update] [string] | test.cpp:235:27:235:31 | *p_str [string] | provenance | |
| test.cpp:236:5:236:26 | ... = ... | test.cpp:236:5:236:9 | *p_str [post update] [string] | provenance | |
| test.cpp:241:20:241:38 | call to malloc | test.cpp:242:22:242:27 | buffer | provenance | |
| test.cpp:241:20:241:38 | (char *)... | test.cpp:242:22:242:27 | buffer | provenance | |
| test.cpp:241:20:241:38 | call to malloc | test.cpp:241:20:241:38 | (char *)... | provenance | |
| test.cpp:242:16:242:19 | set_string output argument [string] | test.cpp:243:12:243:14 | *str [string] | provenance | |
| test.cpp:242:22:242:27 | buffer | test.cpp:235:40:235:45 | buffer | provenance | |
| test.cpp:242:22:242:27 | buffer | test.cpp:242:16:242:19 | set_string output argument [string] | provenance | |
| test.cpp:243:12:243:14 | *str [string] | test.cpp:243:12:243:21 | string | provenance | |
| test.cpp:249:14:249:33 | call to my_alloc | test.cpp:250:12:250:12 | p | provenance | |
| test.cpp:256:9:256:25 | call to malloc | test.cpp:257:12:257:12 | p | provenance | |
| test.cpp:262:15:262:30 | call to malloc | test.cpp:266:12:266:12 | p | provenance | |
| test.cpp:264:13:264:30 | call to malloc | test.cpp:266:12:266:12 | p | provenance | |
| test.cpp:249:14:249:33 | (int *)... | test.cpp:250:12:250:12 | p | provenance | |
| test.cpp:249:14:249:33 | call to my_alloc | test.cpp:249:14:249:33 | (int *)... | provenance | |
| test.cpp:256:5:256:25 | ... = ... | test.cpp:257:12:257:12 | p | provenance | |
| test.cpp:256:9:256:25 | call to malloc | test.cpp:256:5:256:25 | ... = ... | provenance | |
| test.cpp:262:15:262:30 | (char *)... | test.cpp:266:12:266:12 | p | provenance | |
| test.cpp:262:15:262:30 | call to malloc | test.cpp:262:15:262:30 | (char *)... | provenance | |
| test.cpp:264:9:264:30 | ... = ... | test.cpp:266:12:266:12 | p | provenance | |
| test.cpp:264:13:264:30 | call to malloc | test.cpp:264:9:264:30 | ... = ... | provenance | |
nodes
| test.cpp:16:11:16:21 | **mk_string_t [string] | semmle.label | **mk_string_t [string] |
| test.cpp:18:5:18:7 | *str [post update] [string] | semmle.label | *str [post update] [string] |
| test.cpp:18:5:18:30 | ... = ... | semmle.label | ... = ... |
| test.cpp:18:19:18:24 | call to malloc | semmle.label | call to malloc |
| test.cpp:19:5:19:7 | *str [string] | semmle.label | *str [string] |
| test.cpp:20:12:20:14 | *str [string] | semmle.label | *str [string] |
| test.cpp:39:21:39:31 | *call to mk_string_t [string] | semmle.label | *call to mk_string_t [string] |
| test.cpp:39:21:39:31 | *call to mk_string_t [string] | semmle.label | *call to mk_string_t [string] |
| test.cpp:42:13:42:15 | *str [string] | semmle.label | *str [string] |
| test.cpp:42:18:42:23 | string | semmle.label | string |
@@ -76,6 +89,8 @@ nodes
| test.cpp:90:5:90:34 | ... = ... | semmle.label | ... = ... |
| test.cpp:90:19:90:24 | call to malloc | semmle.label | call to malloc |
| test.cpp:91:5:91:7 | *str [string] | semmle.label | *str [string] |
| test.cpp:92:12:92:14 | *str [string] | semmle.label | *str [string] |
| test.cpp:96:21:96:40 | *call to mk_string_t_plus_one [string] | semmle.label | *call to mk_string_t_plus_one [string] |
| test.cpp:96:21:96:40 | *call to mk_string_t_plus_one [string] | semmle.label | *call to mk_string_t_plus_one [string] |
| test.cpp:99:13:99:15 | *str [string] | semmle.label | *str [string] |
| test.cpp:99:18:99:23 | string | semmle.label | string |
@@ -107,24 +122,31 @@ nodes
| test.cpp:207:22:207:27 | string | semmle.label | string |
| test.cpp:214:24:214:24 | p | semmle.label | p |
| test.cpp:216:10:216:10 | p | semmle.label | p |
| test.cpp:220:27:220:54 | (unsigned char *)... | semmle.label | (unsigned char *)... |
| test.cpp:220:27:220:54 | call to malloc | semmle.label | call to malloc |
| test.cpp:222:15:222:20 | buffer | semmle.label | buffer |
| test.cpp:228:27:228:54 | (unsigned char *)... | semmle.label | (unsigned char *)... |
| test.cpp:228:27:228:54 | call to malloc | semmle.label | call to malloc |
| test.cpp:232:10:232:15 | buffer | semmle.label | buffer |
| test.cpp:235:27:235:31 | *p_str [string] | semmle.label | *p_str [string] |
| test.cpp:235:40:235:45 | buffer | semmle.label | buffer |
| test.cpp:236:5:236:9 | *p_str [post update] [string] | semmle.label | *p_str [post update] [string] |
| test.cpp:236:5:236:26 | ... = ... | semmle.label | ... = ... |
| test.cpp:241:20:241:38 | (char *)... | semmle.label | (char *)... |
| test.cpp:241:20:241:38 | call to malloc | semmle.label | call to malloc |
| test.cpp:242:16:242:19 | set_string output argument [string] | semmle.label | set_string output argument [string] |
| test.cpp:242:22:242:27 | buffer | semmle.label | buffer |
| test.cpp:243:12:243:14 | *str [string] | semmle.label | *str [string] |
| test.cpp:243:12:243:21 | string | semmle.label | string |
| test.cpp:249:14:249:33 | (int *)... | semmle.label | (int *)... |
| test.cpp:249:14:249:33 | call to my_alloc | semmle.label | call to my_alloc |
| test.cpp:250:12:250:12 | p | semmle.label | p |
| test.cpp:256:5:256:25 | ... = ... | semmle.label | ... = ... |
| test.cpp:256:9:256:25 | call to malloc | semmle.label | call to malloc |
| test.cpp:257:12:257:12 | p | semmle.label | p |
| test.cpp:262:15:262:30 | (char *)... | semmle.label | (char *)... |
| test.cpp:262:15:262:30 | call to malloc | semmle.label | call to malloc |
| test.cpp:264:9:264:30 | ... = ... | semmle.label | ... = ... |
| test.cpp:264:13:264:30 | call to malloc | semmle.label | call to malloc |
| test.cpp:266:12:266:12 | p | semmle.label | p |
subpaths

8
cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/OverflowDestination.expected
View File

@@ -1,11 +1,13 @@
edges
| main.cpp:6:27:6:30 | **argv | main.cpp:7:33:7:36 | **argv | provenance | |
| main.cpp:7:33:7:36 | **argv | overflowdestination.cpp:23:45:23:48 | **argv | provenance | |
| overflowdestination.cpp:23:45:23:48 | **argv | overflowdestination.cpp:30:17:30:20 | *arg1 | provenance | |
| overflowdestination.cpp:23:45:23:48 | **argv | overflowdestination.cpp:27:2:27:15 | *... = ... | provenance | |
| overflowdestination.cpp:27:2:27:15 | *... = ... | overflowdestination.cpp:30:17:30:20 | *arg1 | provenance | |
| overflowdestination.cpp:43:8:43:10 | fgets output argument | overflowdestination.cpp:46:15:46:17 | *src | provenance | |
| overflowdestination.cpp:50:52:50:54 | *src | overflowdestination.cpp:50:52:50:54 | *src | provenance | |
| overflowdestination.cpp:50:52:50:54 | *src | overflowdestination.cpp:53:15:53:17 | *src | provenance | |
| overflowdestination.cpp:57:52:57:54 | *src | overflowdestination.cpp:64:16:64:19 | *src2 | provenance | |
| overflowdestination.cpp:57:52:57:54 | *src | overflowdestination.cpp:60:15:60:17 | *src | provenance | |
| overflowdestination.cpp:60:15:60:17 | *src | overflowdestination.cpp:64:16:64:19 | *src2 | provenance | |
| overflowdestination.cpp:73:8:73:10 | fgets output argument | overflowdestination.cpp:75:30:75:32 | *src | provenance | |
| overflowdestination.cpp:73:8:73:10 | fgets output argument | overflowdestination.cpp:76:30:76:32 | *src | provenance | |
| overflowdestination.cpp:75:30:75:32 | *src | overflowdestination.cpp:50:52:50:54 | *src | provenance | |
@@ -16,6 +18,7 @@ nodes
| main.cpp:6:27:6:30 | **argv | semmle.label | **argv |
| main.cpp:7:33:7:36 | **argv | semmle.label | **argv |
| overflowdestination.cpp:23:45:23:48 | **argv | semmle.label | **argv |
| overflowdestination.cpp:27:2:27:15 | *... = ... | semmle.label | *... = ... |
| overflowdestination.cpp:30:17:30:20 | *arg1 | semmle.label | *arg1 |
| overflowdestination.cpp:43:8:43:10 | fgets output argument | semmle.label | fgets output argument |
| overflowdestination.cpp:46:15:46:17 | *src | semmle.label | *src |
@@ -23,6 +26,7 @@ nodes
| overflowdestination.cpp:50:52:50:54 | *src | semmle.label | *src |
| overflowdestination.cpp:53:15:53:17 | *src | semmle.label | *src |
| overflowdestination.cpp:57:52:57:54 | *src | semmle.label | *src |
| overflowdestination.cpp:60:15:60:17 | *src | semmle.label | *src |
| overflowdestination.cpp:64:16:64:19 | *src2 | semmle.label | *src2 |
| overflowdestination.cpp:73:8:73:10 | fgets output argument | semmle.label | fgets output argument |
| overflowdestination.cpp:75:30:75:32 | *src | semmle.label | *src |

4
cpp/ql/test/query-tests/Security/CWE/CWE-129/SAMATE/ImproperArrayIndexValidation/ImproperArrayIndexValidation.expected
View File

@@ -1,7 +1,9 @@
edges
| CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_01.c:30:19:30:29 | fgets output argument | CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_01.c:52:20:52:23 | data | provenance | TaintFunction |
| CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_01.c:30:19:30:29 | fgets output argument | CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_01.c:33:13:33:36 | ... = ... | provenance | TaintFunction |
| CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_01.c:33:13:33:36 | ... = ... | CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_01.c:52:20:52:23 | data | provenance | |
nodes
| CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_01.c:30:19:30:29 | fgets output argument | semmle.label | fgets output argument |
| CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_01.c:33:13:33:36 | ... = ... | semmle.label | ... = ... |
| CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_01.c:52:20:52:23 | data | semmle.label | data |
subpaths
#select

12
cpp/ql/test/query-tests/Security/CWE/CWE-129/semmle/ImproperArrayIndexValidation/ImproperArrayIndexValidation.expected
View File

@@ -1,15 +1,18 @@
edges
| test1.c:7:26:7:29 | **argv | test1.c:9:9:9:9 | i | provenance | TaintFunction |
| test1.c:7:26:7:29 | **argv | test1.c:11:9:11:9 | i | provenance | TaintFunction |
| test1.c:7:26:7:29 | **argv | test1.c:13:9:13:9 | i | provenance | TaintFunction |
| test1.c:7:26:7:29 | **argv | test1.c:8:11:8:14 | call to atoi | provenance | TaintFunction |
| test1.c:8:11:8:14 | call to atoi | test1.c:9:9:9:9 | i | provenance | |
| test1.c:8:11:8:14 | call to atoi | test1.c:11:9:11:9 | i | provenance | |
| test1.c:8:11:8:14 | call to atoi | test1.c:13:9:13:9 | i | provenance | |
| test1.c:9:9:9:9 | i | test1.c:16:16:16:16 | i | provenance | |
| test1.c:11:9:11:9 | i | test1.c:32:16:32:16 | i | provenance | |
| test1.c:13:9:13:9 | i | test1.c:48:16:48:16 | i | provenance | |
| test1.c:16:16:16:16 | i | test1.c:18:16:18:16 | i | provenance | |
| test1.c:32:16:32:16 | i | test1.c:33:11:33:11 | i | provenance | |
| test1.c:48:16:48:16 | i | test1.c:53:15:53:15 | j | provenance | |
| test1.c:48:16:48:16 | i | test1.c:51:3:51:7 | ... = ... | provenance | |
| test1.c:51:3:51:7 | ... = ... | test1.c:53:15:53:15 | j | provenance | |
nodes
| test1.c:7:26:7:29 | **argv | semmle.label | **argv |
| test1.c:8:11:8:14 | call to atoi | semmle.label | call to atoi |
| test1.c:9:9:9:9 | i | semmle.label | i |
| test1.c:11:9:11:9 | i | semmle.label | i |
| test1.c:13:9:13:9 | i | semmle.label | i |
@@ -18,6 +21,7 @@ nodes
| test1.c:32:16:32:16 | i | semmle.label | i |
| test1.c:33:11:33:11 | i | semmle.label | i |
| test1.c:48:16:48:16 | i | semmle.label | i |
| test1.c:51:3:51:7 | ... = ... | semmle.label | ... = ... |
| test1.c:53:15:53:15 | j | semmle.label | j |
subpaths
#select

2
cpp/ql/test/query-tests/Security/CWE/CWE-134/SAMATE/UncontrolledFormatString.expected
View File

@@ -1,6 +1,7 @@
edges
| char_connect_socket_w32_vsnprintf_01_bad.c:94:46:94:69 | recv output argument | char_connect_socket_w32_vsnprintf_01_bad.c:125:15:125:18 | *data | provenance | |
| char_console_fprintf_01_bad.c:30:23:30:35 | fgets output argument | char_console_fprintf_01_bad.c:49:21:49:24 | *data | provenance | |
| char_environment_fprintf_01_bad.c:27:30:27:35 | *call to getenv | char_environment_fprintf_01_bad.c:27:30:27:35 | *call to getenv | provenance | |
| char_environment_fprintf_01_bad.c:27:30:27:35 | *call to getenv | char_environment_fprintf_01_bad.c:36:21:36:24 | *data | provenance | TaintFunction |
nodes
| char_connect_socket_w32_vsnprintf_01_bad.c:94:46:94:69 | recv output argument | semmle.label | recv output argument |
@@ -8,6 +9,7 @@ nodes
| char_console_fprintf_01_bad.c:30:23:30:35 | fgets output argument | semmle.label | fgets output argument |
| char_console_fprintf_01_bad.c:49:21:49:24 | *data | semmle.label | *data |
| char_environment_fprintf_01_bad.c:27:30:27:35 | *call to getenv | semmle.label | *call to getenv |
| char_environment_fprintf_01_bad.c:27:30:27:35 | *call to getenv | semmle.label | *call to getenv |
| char_environment_fprintf_01_bad.c:36:21:36:24 | *data | semmle.label | *data |
subpaths
#select

107
cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/argv/argvLocal.expected
View File

@@ -3,83 +3,60 @@ edges
| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:95:9:95:15 | *access to array | provenance | |
| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:96:15:96:21 | *access to array | provenance | |
| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:96:15:96:21 | *access to array | provenance | |
| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:101:9:101:10 | *i1 | provenance | |
| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:102:15:102:16 | *i1 | provenance | |
| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:102:15:102:16 | *i1 | provenance | |
| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:106:9:106:13 | *access to array | provenance | |
| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:107:15:107:19 | *access to array | provenance | |
| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:107:15:107:19 | *access to array | provenance | |
| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:110:9:110:11 | ** ... | provenance | |
| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:111:15:111:17 | ** ... | provenance | |
| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:100:2:100:13 | *... = ... | provenance | |
| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:105:14:105:17 | **argv | provenance | |
| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:116:9:116:10 | *i3 | provenance | DataFlowFunction |
| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:117:15:117:16 | *i3 | provenance | DataFlowFunction |
| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:117:15:117:16 | *i3 | provenance | DataFlowFunction |
| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:121:9:121:10 | *i4 | provenance | DataFlowFunction |
| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:122:15:122:16 | *i4 | provenance | DataFlowFunction |
| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:122:15:122:16 | *i4 | provenance | DataFlowFunction |
| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:127:9:127:10 | *i5 | provenance | |
| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:128:15:128:16 | *i5 | provenance | |
| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:128:15:128:16 | *i5 | provenance | |
| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:131:9:131:14 | *... + ... | provenance | |
| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:132:15:132:20 | *... + ... | provenance | |
| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:132:15:132:20 | *... + ... | provenance | |
| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:135:9:135:12 | *... ++ | provenance | DataFlowFunction |
| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:136:15:136:18 | *-- ... | provenance | DataFlowFunction |
| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:139:9:139:26 | *... ? ... : ... | provenance | |
| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:140:15:140:32 | *... ? ... : ... | provenance | |
| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:144:9:144:10 | *i7 | provenance | |
| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:145:15:145:16 | *i7 | provenance | |
| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:150:9:150:10 | *i8 | provenance | |
| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:151:15:151:16 | *i8 | provenance | |
| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:120:13:120:14 | *array to pointer conversion | provenance | DataFlowFunction |
| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:126:2:126:19 | ... = ... | provenance | |
| argvLocal.c:13:27:13:30 | **argv | argvLocal.c:149:2:149:17 | *... = ... | provenance | |
| argvLocal.c:96:15:96:21 | *access to array | argvLocal.c:9:25:9:31 | *correct | provenance | |
| argvLocal.c:96:15:96:21 | *access to array | argvLocal.c:96:15:96:21 | printWrapper output argument | provenance | |
| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:101:9:101:10 | *i1 | provenance | |
| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:102:15:102:16 | *i1 | provenance | |
| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:102:15:102:16 | *i1 | provenance | |
| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:106:9:106:13 | *access to array | provenance | |
| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:107:15:107:19 | *access to array | provenance | |
| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:107:15:107:19 | *access to array | provenance | |
| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:110:9:110:11 | ** ... | provenance | |
| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:111:15:111:17 | ** ... | provenance | |
| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:100:2:100:13 | *... = ... | provenance | |
| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:105:14:105:17 | **argv | provenance | |
| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:116:9:116:10 | *i3 | provenance | DataFlowFunction |
| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:117:15:117:16 | *i3 | provenance | DataFlowFunction |
| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:117:15:117:16 | *i3 | provenance | DataFlowFunction |
| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:121:9:121:10 | *i4 | provenance | DataFlowFunction |
| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:122:15:122:16 | *i4 | provenance | DataFlowFunction |
| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:122:15:122:16 | *i4 | provenance | DataFlowFunction |
| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:127:9:127:10 | *i5 | provenance | |
| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:128:15:128:16 | *i5 | provenance | |
| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:128:15:128:16 | *i5 | provenance | |
| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:131:9:131:14 | *... + ... | provenance | |
| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:132:15:132:20 | *... + ... | provenance | |
| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:132:15:132:20 | *... + ... | provenance | |
| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:135:9:135:12 | *... ++ | provenance | DataFlowFunction |
| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:136:15:136:18 | *-- ... | provenance | DataFlowFunction |
| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:139:9:139:26 | *... ? ... : ... | provenance | |
| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:140:15:140:32 | *... ? ... : ... | provenance | |
| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:144:9:144:10 | *i7 | provenance | |
| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:145:15:145:16 | *i7 | provenance | |
| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:150:9:150:10 | *i8 | provenance | |
| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:151:15:151:16 | *i8 | provenance | |
| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:120:13:120:14 | *array to pointer conversion | provenance | DataFlowFunction |
| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:126:2:126:19 | ... = ... | provenance | |
| argvLocal.c:96:15:96:21 | printWrapper output argument | argvLocal.c:149:2:149:17 | *... = ... | provenance | |
| argvLocal.c:100:2:100:13 | *... = ... | argvLocal.c:101:9:101:10 | *i1 | provenance | |
| argvLocal.c:100:2:100:13 | *... = ... | argvLocal.c:102:15:102:16 | *i1 | provenance | |
| argvLocal.c:100:2:100:13 | *... = ... | argvLocal.c:102:15:102:16 | *i1 | provenance | |
| argvLocal.c:100:2:100:13 | *... = ... | argvLocal.c:143:13:143:26 | *(...) | provenance | |
| argvLocal.c:102:15:102:16 | *i1 | argvLocal.c:9:25:9:31 | *correct | provenance | |
| argvLocal.c:102:15:102:16 | *i1 | argvLocal.c:102:15:102:16 | printWrapper output argument | provenance | |
| argvLocal.c:102:15:102:16 | printWrapper output argument | argvLocal.c:144:9:144:10 | *i7 | provenance | |
| argvLocal.c:102:15:102:16 | printWrapper output argument | argvLocal.c:145:15:145:16 | *i7 | provenance | |
| argvLocal.c:102:15:102:16 | printWrapper output argument | argvLocal.c:143:13:143:26 | *(...) | provenance | |
| argvLocal.c:105:14:105:17 | **argv | argvLocal.c:106:9:106:13 | *access to array | provenance | |
| argvLocal.c:105:14:105:17 | **argv | argvLocal.c:107:15:107:19 | *access to array | provenance | |
| argvLocal.c:105:14:105:17 | **argv | argvLocal.c:107:15:107:19 | *access to array | provenance | |
| argvLocal.c:105:14:105:17 | **argv | argvLocal.c:110:9:110:11 | ** ... | provenance | |
| argvLocal.c:105:14:105:17 | **argv | argvLocal.c:111:15:111:17 | ** ... | provenance | |
| argvLocal.c:107:15:107:19 | *access to array | argvLocal.c:9:25:9:31 | *correct | provenance | |
| argvLocal.c:107:15:107:19 | *access to array | argvLocal.c:107:15:107:19 | printWrapper output argument | provenance | |
| argvLocal.c:107:15:107:19 | printWrapper output argument | argvLocal.c:110:9:110:11 | ** ... | provenance | |
| argvLocal.c:107:15:107:19 | printWrapper output argument | argvLocal.c:111:15:111:17 | ** ... | provenance | |
| argvLocal.c:117:15:117:16 | *i3 | argvLocal.c:9:25:9:31 | *correct | provenance | |
| argvLocal.c:117:15:117:16 | *i3 | argvLocal.c:117:15:117:16 | printWrapper output argument | provenance | |
| argvLocal.c:117:15:117:16 | printWrapper output argument | argvLocal.c:121:9:121:10 | *i4 | provenance | |
| argvLocal.c:117:15:117:16 | printWrapper output argument | argvLocal.c:122:15:122:16 | *i4 | provenance | |
| argvLocal.c:117:15:117:16 | printWrapper output argument | argvLocal.c:122:15:122:16 | *i4 | provenance | |
| argvLocal.c:117:15:117:16 | printWrapper output argument | argvLocal.c:135:9:135:12 | *... ++ | provenance | |
| argvLocal.c:117:15:117:16 | printWrapper output argument | argvLocal.c:136:15:136:18 | *-- ... | provenance | |
| argvLocal.c:117:15:117:16 | printWrapper output argument | argvLocal.c:120:13:120:14 | *array to pointer conversion | provenance | |
| argvLocal.c:120:13:120:14 | *array to pointer conversion | argvLocal.c:121:9:121:10 | *i4 | provenance | |
| argvLocal.c:120:13:120:14 | *array to pointer conversion | argvLocal.c:122:15:122:16 | *i4 | provenance | |
| argvLocal.c:120:13:120:14 | *array to pointer conversion | argvLocal.c:122:15:122:16 | *i4 | provenance | |
| argvLocal.c:120:13:120:14 | *array to pointer conversion | argvLocal.c:135:9:135:12 | *... ++ | provenance | |
| argvLocal.c:120:13:120:14 | *array to pointer conversion | argvLocal.c:135:9:135:12 | *... ++ | provenance | |
| argvLocal.c:122:15:122:16 | *i4 | argvLocal.c:9:25:9:31 | *correct | provenance | |
| argvLocal.c:122:15:122:16 | *i4 | argvLocal.c:122:15:122:16 | printWrapper output argument | provenance | |
| argvLocal.c:122:15:122:16 | printWrapper output argument | argvLocal.c:135:9:135:12 | *... ++ | provenance | |
| argvLocal.c:122:15:122:16 | printWrapper output argument | argvLocal.c:136:15:136:18 | *-- ... | provenance | |
| argvLocal.c:122:15:122:16 | printWrapper output argument | argvLocal.c:135:9:135:12 | *... ++ | provenance | |
| argvLocal.c:126:2:126:19 | ... = ... | argvLocal.c:127:9:127:10 | *i5 | provenance | |
| argvLocal.c:126:2:126:19 | ... = ... | argvLocal.c:128:15:128:16 | *i5 | provenance | |
| argvLocal.c:126:2:126:19 | ... = ... | argvLocal.c:128:15:128:16 | *i5 | provenance | |
| argvLocal.c:126:2:126:19 | ... = ... | argvLocal.c:131:9:131:14 | *... + ... | provenance | |
| argvLocal.c:126:2:126:19 | ... = ... | argvLocal.c:132:15:132:20 | *... + ... | provenance | |
| argvLocal.c:126:2:126:19 | ... = ... | argvLocal.c:132:15:132:20 | *... + ... | provenance | |
| argvLocal.c:126:2:126:19 | ... = ... | argvLocal.c:139:9:139:26 | *... ? ... : ... | provenance | |
| argvLocal.c:126:2:126:19 | ... = ... | argvLocal.c:140:15:140:32 | *... ? ... : ... | provenance | |
| argvLocal.c:128:15:128:16 | *i5 | argvLocal.c:9:25:9:31 | *correct | provenance | |
| argvLocal.c:128:15:128:16 | *i5 | argvLocal.c:128:15:128:16 | printWrapper output argument | provenance | |
| argvLocal.c:128:15:128:16 | printWrapper output argument | argvLocal.c:131:9:131:14 | *... + ... | provenance | |
@@ -91,6 +68,12 @@ edges
| argvLocal.c:132:15:132:20 | *... + ... | argvLocal.c:132:15:132:20 | printWrapper output argument | provenance | |
| argvLocal.c:132:15:132:20 | printWrapper output argument | argvLocal.c:139:9:139:26 | *... ? ... : ... | provenance | |
| argvLocal.c:132:15:132:20 | printWrapper output argument | argvLocal.c:140:15:140:32 | *... ? ... : ... | provenance | |
| argvLocal.c:135:9:135:12 | *... ++ | argvLocal.c:136:15:136:18 | *-- ... | provenance | |
| argvLocal.c:136:15:136:18 | *-- ... | argvLocal.c:136:15:136:18 | *-- ... | provenance | |
| argvLocal.c:143:13:143:26 | *(...) | argvLocal.c:144:9:144:10 | *i7 | provenance | |
| argvLocal.c:143:13:143:26 | *(...) | argvLocal.c:145:15:145:16 | *i7 | provenance | |
| argvLocal.c:149:2:149:17 | *... = ... | argvLocal.c:150:9:150:10 | *i8 | provenance | |
| argvLocal.c:149:2:149:17 | *... = ... | argvLocal.c:151:15:151:16 | *i8 | provenance | |
nodes
| argvLocal.c:9:25:9:31 | *correct | semmle.label | *correct |
| argvLocal.c:9:25:9:31 | *correct | semmle.label | *correct |
@@ -99,10 +82,12 @@ nodes
| argvLocal.c:96:15:96:21 | *access to array | semmle.label | *access to array |
| argvLocal.c:96:15:96:21 | *access to array | semmle.label | *access to array |
| argvLocal.c:96:15:96:21 | printWrapper output argument | semmle.label | printWrapper output argument |
| argvLocal.c:100:2:100:13 | *... = ... | semmle.label | *... = ... |
| argvLocal.c:101:9:101:10 | *i1 | semmle.label | *i1 |
| argvLocal.c:102:15:102:16 | *i1 | semmle.label | *i1 |
| argvLocal.c:102:15:102:16 | *i1 | semmle.label | *i1 |
| argvLocal.c:102:15:102:16 | printWrapper output argument | semmle.label | printWrapper output argument |
| argvLocal.c:105:14:105:17 | **argv | semmle.label | **argv |
| argvLocal.c:106:9:106:13 | *access to array | semmle.label | *access to array |
| argvLocal.c:107:15:107:19 | *access to array | semmle.label | *access to array |
| argvLocal.c:107:15:107:19 | *access to array | semmle.label | *access to array |
@@ -113,10 +98,12 @@ nodes
| argvLocal.c:117:15:117:16 | *i3 | semmle.label | *i3 |
| argvLocal.c:117:15:117:16 | *i3 | semmle.label | *i3 |
| argvLocal.c:117:15:117:16 | printWrapper output argument | semmle.label | printWrapper output argument |
| argvLocal.c:120:13:120:14 | *array to pointer conversion | semmle.label | *array to pointer conversion |
| argvLocal.c:121:9:121:10 | *i4 | semmle.label | *i4 |
| argvLocal.c:122:15:122:16 | *i4 | semmle.label | *i4 |
| argvLocal.c:122:15:122:16 | *i4 | semmle.label | *i4 |
| argvLocal.c:122:15:122:16 | printWrapper output argument | semmle.label | printWrapper output argument |
| argvLocal.c:126:2:126:19 | ... = ... | semmle.label | ... = ... |
| argvLocal.c:127:9:127:10 | *i5 | semmle.label | *i5 |
| argvLocal.c:128:15:128:16 | *i5 | semmle.label | *i5 |
| argvLocal.c:128:15:128:16 | *i5 | semmle.label | *i5 |
@@ -126,11 +113,15 @@ nodes
| argvLocal.c:132:15:132:20 | *... + ... | semmle.label | *... + ... |
| argvLocal.c:132:15:132:20 | printWrapper output argument | semmle.label | printWrapper output argument |
| argvLocal.c:135:9:135:12 | *... ++ | semmle.label | *... ++ |
| argvLocal.c:135:9:135:12 | *... ++ | semmle.label | *... ++ |
| argvLocal.c:136:15:136:18 | *-- ... | semmle.label | *-- ... |
| argvLocal.c:136:15:136:18 | *-- ... | semmle.label | *-- ... |
| argvLocal.c:139:9:139:26 | *... ? ... : ... | semmle.label | *... ? ... : ... |
| argvLocal.c:140:15:140:32 | *... ? ... : ... | semmle.label | *... ? ... : ... |
| argvLocal.c:143:13:143:26 | *(...) | semmle.label | *(...) |
| argvLocal.c:144:9:144:10 | *i7 | semmle.label | *i7 |
| argvLocal.c:145:15:145:16 | *i7 | semmle.label | *i7 |
| argvLocal.c:149:2:149:17 | *... = ... | semmle.label | *... = ... |
| argvLocal.c:150:9:150:10 | *i8 | semmle.label | *i8 |
| argvLocal.c:151:15:151:16 | *i8 | semmle.label | *i8 |
subpaths

55
cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/consts/NonConstantFormat.expected
View File

@@ -1,47 +1,68 @@
edges
| consts.cpp:24:7:24:9 | **gv1 | consts.cpp:24:7:24:9 | **gv1 | provenance | |
| consts.cpp:24:7:24:9 | **gv1 | consts.cpp:29:7:29:25 | **nonConstFuncToArray | provenance | |
| consts.cpp:24:7:24:9 | **gv1 | consts.cpp:30:9:30:14 | *access to array | provenance | |
| consts.cpp:29:7:29:25 | **nonConstFuncToArray | consts.cpp:126:9:126:30 | *call to nonConstFuncToArray | provenance | |
| consts.cpp:85:7:85:8 | gets output argument | consts.cpp:24:7:24:9 | **gv1 | provenance | |
| consts.cpp:30:9:30:14 | *access to array | consts.cpp:29:7:29:25 | **nonConstFuncToArray | provenance | |
| consts.cpp:85:7:85:8 | gets output argument | consts.cpp:86:9:86:10 | *v1 | provenance | |
| consts.cpp:85:7:85:8 | gets output argument | consts.cpp:95:9:95:10 | *v3 | provenance | |
| consts.cpp:85:7:85:8 | gets output argument | consts.cpp:100:9:100:10 | *v4 | provenance | |
| consts.cpp:85:7:85:8 | gets output argument | consts.cpp:116:9:116:13 | *access to array | provenance | |
| consts.cpp:85:7:85:8 | gets output argument | consts.cpp:121:9:121:10 | *v8 | provenance | |
| consts.cpp:85:7:85:8 | gets output argument | consts.cpp:130:9:130:10 | *v9 | provenance | |
| consts.cpp:85:7:85:8 | gets output argument | consts.cpp:94:13:94:14 | *array to pointer conversion | provenance | |
| consts.cpp:85:7:85:8 | gets output argument | consts.cpp:99:2:99:8 | *... = ... | provenance | |
| consts.cpp:85:7:85:8 | gets output argument | consts.cpp:115:17:115:18 | *array to pointer conversion | provenance | |
| consts.cpp:85:7:85:8 | gets output argument | consts.cpp:123:2:123:12 | *... = ... | provenance | |
| consts.cpp:85:7:85:8 | gets output argument | consts.cpp:129:19:129:20 | *(const char *)... | provenance | |
| consts.cpp:85:7:85:8 | gets output argument | consts.cpp:135:9:135:11 | *v10 | provenance | TaintFunction |
| consts.cpp:90:7:90:10 | *call to gets | consts.cpp:91:9:91:10 | *v2 | provenance | |
| consts.cpp:90:7:90:10 | *call to gets | consts.cpp:116:9:116:13 | *access to array | provenance | |
| consts.cpp:90:7:90:10 | *call to gets | consts.cpp:121:9:121:10 | *v8 | provenance | |
| consts.cpp:90:12:90:13 | gets output argument | consts.cpp:24:7:24:9 | **gv1 | provenance | |
| consts.cpp:90:12:90:13 | gets output argument | consts.cpp:95:9:95:10 | *v3 | provenance | |
| consts.cpp:90:12:90:13 | gets output argument | consts.cpp:100:9:100:10 | *v4 | provenance | |
| consts.cpp:90:12:90:13 | gets output argument | consts.cpp:116:9:116:13 | *access to array | provenance | |
| consts.cpp:90:12:90:13 | gets output argument | consts.cpp:121:9:121:10 | *v8 | provenance | |
| consts.cpp:90:12:90:13 | gets output argument | consts.cpp:130:9:130:10 | *v9 | provenance | |
| consts.cpp:90:2:90:14 | *... = ... | consts.cpp:91:9:91:10 | *v2 | provenance | |
| consts.cpp:90:2:90:14 | *... = ... | consts.cpp:115:21:115:22 | *v2 | provenance | |
| consts.cpp:90:7:90:10 | *call to gets | consts.cpp:90:2:90:14 | *... = ... | provenance | |
| consts.cpp:90:12:90:13 | gets output argument | consts.cpp:94:13:94:14 | *array to pointer conversion | provenance | |
| consts.cpp:90:12:90:13 | gets output argument | consts.cpp:99:2:99:8 | *... = ... | provenance | |
| consts.cpp:90:12:90:13 | gets output argument | consts.cpp:115:17:115:18 | *array to pointer conversion | provenance | |
| consts.cpp:90:12:90:13 | gets output argument | consts.cpp:123:2:123:12 | *... = ... | provenance | |
| consts.cpp:90:12:90:13 | gets output argument | consts.cpp:129:19:129:20 | *(const char *)... | provenance | |
| consts.cpp:90:12:90:13 | gets output argument | consts.cpp:135:9:135:11 | *v10 | provenance | TaintFunction |
| consts.cpp:94:13:94:14 | *array to pointer conversion | consts.cpp:95:9:95:10 | *v3 | provenance | |
| consts.cpp:99:2:99:8 | *... = ... | consts.cpp:100:9:100:10 | *v4 | provenance | |
| consts.cpp:106:13:106:19 | *call to varFunc | consts.cpp:106:13:106:19 | *call to varFunc | provenance | |
| consts.cpp:106:13:106:19 | *call to varFunc | consts.cpp:107:9:107:10 | *v5 | provenance | |
| consts.cpp:111:7:111:13 | *call to varFunc | consts.cpp:112:9:112:10 | *v6 | provenance | |
| consts.cpp:111:2:111:15 | *... = ... | consts.cpp:112:9:112:10 | *v6 | provenance | |
| consts.cpp:111:7:111:13 | *call to varFunc | consts.cpp:111:2:111:15 | *... = ... | provenance | |
| consts.cpp:115:17:115:18 | *array to pointer conversion | consts.cpp:116:9:116:13 | *access to array | provenance | |
| consts.cpp:115:17:115:18 | *array to pointer conversion | consts.cpp:120:2:120:11 | *... = ... | provenance | |
| consts.cpp:115:21:115:22 | *v2 | consts.cpp:116:9:116:13 | *access to array | provenance | |
| consts.cpp:115:21:115:22 | *v2 | consts.cpp:120:2:120:11 | *... = ... | provenance | |
| consts.cpp:120:2:120:11 | *... = ... | consts.cpp:121:9:121:10 | *v8 | provenance | |
| consts.cpp:123:2:123:12 | *... = ... | consts.cpp:24:7:24:9 | **gv1 | provenance | |
| consts.cpp:129:19:129:20 | *(const char *)... | consts.cpp:130:9:130:10 | *v9 | provenance | |
| consts.cpp:139:13:139:16 | readString output argument | consts.cpp:140:9:140:11 | *v11 | provenance | |
| consts.cpp:144:16:144:18 | readStringRef output argument | consts.cpp:145:9:145:11 | *v12 | provenance | |
nodes
| consts.cpp:24:7:24:9 | **gv1 | semmle.label | **gv1 |
| consts.cpp:29:7:29:25 | **nonConstFuncToArray | semmle.label | **nonConstFuncToArray |
| consts.cpp:30:9:30:14 | *access to array | semmle.label | *access to array |
| consts.cpp:85:7:85:8 | gets output argument | semmle.label | gets output argument |
| consts.cpp:86:9:86:10 | *v1 | semmle.label | *v1 |
| consts.cpp:90:2:90:14 | *... = ... | semmle.label | *... = ... |
| consts.cpp:90:7:90:10 | *call to gets | semmle.label | *call to gets |
| consts.cpp:90:12:90:13 | gets output argument | semmle.label | gets output argument |
| consts.cpp:91:9:91:10 | *v2 | semmle.label | *v2 |
| consts.cpp:94:13:94:14 | *array to pointer conversion | semmle.label | *array to pointer conversion |
| consts.cpp:95:9:95:10 | *v3 | semmle.label | *v3 |
| consts.cpp:99:2:99:8 | *... = ... | semmle.label | *... = ... |
| consts.cpp:100:9:100:10 | *v4 | semmle.label | *v4 |
| consts.cpp:103:9:103:17 | *call to varFunc | semmle.label | *call to varFunc |
| consts.cpp:106:13:106:19 | *call to varFunc | semmle.label | *call to varFunc |
| consts.cpp:106:13:106:19 | *call to varFunc | semmle.label | *call to varFunc |
| consts.cpp:107:9:107:10 | *v5 | semmle.label | *v5 |
| consts.cpp:111:2:111:15 | *... = ... | semmle.label | *... = ... |
| consts.cpp:111:7:111:13 | *call to varFunc | semmle.label | *call to varFunc |
| consts.cpp:112:9:112:10 | *v6 | semmle.label | *v6 |
| consts.cpp:115:17:115:18 | *array to pointer conversion | semmle.label | *array to pointer conversion |
| consts.cpp:115:21:115:22 | *v2 | semmle.label | *v2 |
| consts.cpp:116:9:116:13 | *access to array | semmle.label | *access to array |
| consts.cpp:120:2:120:11 | *... = ... | semmle.label | *... = ... |
| consts.cpp:121:9:121:10 | *v8 | semmle.label | *v8 |
| consts.cpp:123:2:123:12 | *... = ... | semmle.label | *... = ... |
| consts.cpp:126:9:126:30 | *call to nonConstFuncToArray | semmle.label | *call to nonConstFuncToArray |
| consts.cpp:129:19:129:20 | *(const char *)... | semmle.label | *(const char *)... |
| consts.cpp:130:9:130:10 | *v9 | semmle.label | *v9 |
| consts.cpp:135:9:135:11 | *v10 | semmle.label | *v10 |
| consts.cpp:139:13:139:16 | readString output argument | semmle.label | readString output argument |

12
cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/funcs/funcsLocal.expected
View File

@@ -1,27 +1,35 @@
edges
| funcsLocal.c:16:8:16:9 | fread output argument | funcsLocal.c:17:9:17:10 | *i1 | provenance | |
| funcsLocal.c:16:8:16:9 | fread output argument | funcsLocal.c:58:9:58:10 | *e1 | provenance | |
| funcsLocal.c:16:8:16:9 | fread output argument | funcsLocal.c:57:2:57:14 | ... = ... | provenance | |
| funcsLocal.c:26:8:26:9 | fgets output argument | funcsLocal.c:27:9:27:10 | *i3 | provenance | |
| funcsLocal.c:31:13:31:17 | *call to fgets | funcsLocal.c:31:13:31:17 | *call to fgets | provenance | |
| funcsLocal.c:31:13:31:17 | *call to fgets | funcsLocal.c:32:9:32:10 | *i4 | provenance | |
| funcsLocal.c:36:7:36:8 | gets output argument | funcsLocal.c:37:9:37:10 | *i5 | provenance | |
| funcsLocal.c:41:13:41:16 | *call to gets | funcsLocal.c:41:13:41:16 | *call to gets | provenance | |
| funcsLocal.c:41:13:41:16 | *call to gets | funcsLocal.c:42:9:42:10 | *i6 | provenance | |
| funcsLocal.c:46:7:46:9 | gets output argument | funcsLocal.c:47:9:47:11 | ** ... | provenance | |
| funcsLocal.c:52:8:52:11 | *call to gets | funcsLocal.c:53:9:53:11 | ** ... | provenance | |
| funcsLocal.c:52:2:52:16 | *... = ... | funcsLocal.c:53:9:53:11 | ** ... | provenance | |
| funcsLocal.c:52:8:52:11 | *call to gets | funcsLocal.c:52:2:52:16 | *... = ... | provenance | |
| funcsLocal.c:57:2:57:14 | ... = ... | funcsLocal.c:58:9:58:10 | *e1 | provenance | |
nodes
| funcsLocal.c:16:8:16:9 | fread output argument | semmle.label | fread output argument |
| funcsLocal.c:17:9:17:10 | *i1 | semmle.label | *i1 |
| funcsLocal.c:26:8:26:9 | fgets output argument | semmle.label | fgets output argument |
| funcsLocal.c:27:9:27:10 | *i3 | semmle.label | *i3 |
| funcsLocal.c:31:13:31:17 | *call to fgets | semmle.label | *call to fgets |
| funcsLocal.c:31:13:31:17 | *call to fgets | semmle.label | *call to fgets |
| funcsLocal.c:32:9:32:10 | *i4 | semmle.label | *i4 |
| funcsLocal.c:36:7:36:8 | gets output argument | semmle.label | gets output argument |
| funcsLocal.c:37:9:37:10 | *i5 | semmle.label | *i5 |
| funcsLocal.c:41:13:41:16 | *call to gets | semmle.label | *call to gets |
| funcsLocal.c:41:13:41:16 | *call to gets | semmle.label | *call to gets |
| funcsLocal.c:42:9:42:10 | *i6 | semmle.label | *i6 |
| funcsLocal.c:46:7:46:9 | gets output argument | semmle.label | gets output argument |
| funcsLocal.c:47:9:47:11 | ** ... | semmle.label | ** ... |
| funcsLocal.c:52:2:52:16 | *... = ... | semmle.label | *... = ... |
| funcsLocal.c:52:8:52:11 | *call to gets | semmle.label | *call to gets |
| funcsLocal.c:53:9:53:11 | ** ... | semmle.label | ** ... |
| funcsLocal.c:57:2:57:14 | ... = ... | semmle.label | ... = ... |
| funcsLocal.c:58:9:58:10 | *e1 | semmle.label | *e1 |
subpaths
#select

8
cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/globalVars/UncontrolledFormatString.expected
View File

@@ -7,8 +7,10 @@ edges
| globalVars.c:9:7:9:11 | **copy2 | globalVars.c:41:15:41:19 | *copy2 | provenance | |
| globalVars.c:9:7:9:11 | **copy2 | globalVars.c:41:15:41:19 | *copy2 | provenance | |
| globalVars.c:9:7:9:11 | **copy2 | globalVars.c:50:9:50:13 | *copy2 | provenance | |
| globalVars.c:11:22:11:25 | **argv | globalVars.c:8:7:8:10 | **copy | provenance | |
| globalVars.c:15:21:15:23 | *val | globalVars.c:9:7:9:11 | **copy2 | provenance | |
| globalVars.c:11:22:11:25 | **argv | globalVars.c:12:2:12:15 | *... = ... | provenance | |
| globalVars.c:12:2:12:15 | *... = ... | globalVars.c:8:7:8:10 | **copy | provenance | |
| globalVars.c:15:21:15:23 | *val | globalVars.c:16:2:16:12 | *... = ... | provenance | |
| globalVars.c:16:2:16:12 | *... = ... | globalVars.c:9:7:9:11 | **copy2 | provenance | |
| globalVars.c:19:25:19:27 | *str | globalVars.c:19:25:19:27 | *str | provenance | |
| globalVars.c:23:27:23:30 | **argv | globalVars.c:24:11:24:14 | **argv | provenance | |
| globalVars.c:24:11:24:14 | **argv | globalVars.c:11:22:11:25 | **argv | provenance | |
@@ -23,7 +25,9 @@ nodes
| globalVars.c:8:7:8:10 | **copy | semmle.label | **copy |
| globalVars.c:9:7:9:11 | **copy2 | semmle.label | **copy2 |
| globalVars.c:11:22:11:25 | **argv | semmle.label | **argv |
| globalVars.c:12:2:12:15 | *... = ... | semmle.label | *... = ... |
| globalVars.c:15:21:15:23 | *val | semmle.label | *val |
| globalVars.c:16:2:16:12 | *... = ... | semmle.label | *... = ... |
| globalVars.c:19:25:19:27 | *str | semmle.label | *str |
| globalVars.c:19:25:19:27 | *str | semmle.label | *str |
| globalVars.c:23:27:23:30 | **argv | semmle.label | **argv |

44
cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/ifs/ifs.expected
View File

@@ -1,27 +1,49 @@
edges
| ifs.c:16:27:16:30 | **argv | ifs.c:62:9:62:10 | *c7 | provenance | |
| ifs.c:16:27:16:30 | **argv | ifs.c:69:9:69:10 | *c8 | provenance | |
| ifs.c:16:27:16:30 | **argv | ifs.c:75:9:75:10 | *i1 | provenance | |
| ifs.c:16:27:16:30 | **argv | ifs.c:81:9:81:10 | *i2 | provenance | |
| ifs.c:16:27:16:30 | **argv | ifs.c:87:9:87:10 | *i3 | provenance | |
| ifs.c:16:27:16:30 | **argv | ifs.c:93:9:93:10 | *i4 | provenance | |
| ifs.c:16:27:16:30 | **argv | ifs.c:99:9:99:10 | *i5 | provenance | |
| ifs.c:16:27:16:30 | **argv | ifs.c:106:9:106:10 | *i6 | provenance | |
| ifs.c:16:27:16:30 | **argv | ifs.c:112:9:112:10 | *i7 | provenance | |
| ifs.c:16:27:16:30 | **argv | ifs.c:118:9:118:10 | *i8 | provenance | |
| ifs.c:16:27:16:30 | **argv | ifs.c:124:9:124:10 | *i9 | provenance | |
| ifs.c:16:27:16:30 | **argv | ifs.c:61:3:61:14 | *... = ... | provenance | |
| ifs.c:16:27:16:30 | **argv | ifs.c:68:3:68:14 | *... = ... | provenance | |
| ifs.c:16:27:16:30 | **argv | ifs.c:74:3:74:14 | *... = ... | provenance | |
| ifs.c:16:27:16:30 | **argv | ifs.c:80:3:80:14 | *... = ... | provenance | |
| ifs.c:16:27:16:30 | **argv | ifs.c:86:3:86:14 | *... = ... | provenance | |
| ifs.c:16:27:16:30 | **argv | ifs.c:92:3:92:14 | *... = ... | provenance | |
| ifs.c:16:27:16:30 | **argv | ifs.c:98:3:98:14 | *... = ... | provenance | |
| ifs.c:16:27:16:30 | **argv | ifs.c:105:3:105:14 | *... = ... | provenance | |
| ifs.c:16:27:16:30 | **argv | ifs.c:111:3:111:14 | *... = ... | provenance | |
| ifs.c:16:27:16:30 | **argv | ifs.c:117:3:117:14 | *... = ... | provenance | |
| ifs.c:16:27:16:30 | **argv | ifs.c:123:3:123:14 | *... = ... | provenance | |
| ifs.c:61:3:61:14 | *... = ... | ifs.c:62:9:62:10 | *c7 | provenance | |
| ifs.c:68:3:68:14 | *... = ... | ifs.c:69:9:69:10 | *c8 | provenance | |
| ifs.c:74:3:74:14 | *... = ... | ifs.c:75:9:75:10 | *i1 | provenance | |
| ifs.c:80:3:80:14 | *... = ... | ifs.c:81:9:81:10 | *i2 | provenance | |
| ifs.c:86:3:86:14 | *... = ... | ifs.c:87:9:87:10 | *i3 | provenance | |
| ifs.c:92:3:92:14 | *... = ... | ifs.c:93:9:93:10 | *i4 | provenance | |
| ifs.c:98:3:98:14 | *... = ... | ifs.c:99:9:99:10 | *i5 | provenance | |
| ifs.c:105:3:105:14 | *... = ... | ifs.c:106:9:106:10 | *i6 | provenance | |
| ifs.c:111:3:111:14 | *... = ... | ifs.c:112:9:112:10 | *i7 | provenance | |
| ifs.c:117:3:117:14 | *... = ... | ifs.c:118:9:118:10 | *i8 | provenance | |
| ifs.c:123:3:123:14 | *... = ... | ifs.c:124:9:124:10 | *i9 | provenance | |
nodes
| ifs.c:16:27:16:30 | **argv | semmle.label | **argv |
| ifs.c:61:3:61:14 | *... = ... | semmle.label | *... = ... |
| ifs.c:62:9:62:10 | *c7 | semmle.label | *c7 |
| ifs.c:68:3:68:14 | *... = ... | semmle.label | *... = ... |
| ifs.c:69:9:69:10 | *c8 | semmle.label | *c8 |
| ifs.c:74:3:74:14 | *... = ... | semmle.label | *... = ... |
| ifs.c:75:9:75:10 | *i1 | semmle.label | *i1 |
| ifs.c:80:3:80:14 | *... = ... | semmle.label | *... = ... |
| ifs.c:81:9:81:10 | *i2 | semmle.label | *i2 |
| ifs.c:86:3:86:14 | *... = ... | semmle.label | *... = ... |
| ifs.c:87:9:87:10 | *i3 | semmle.label | *i3 |
| ifs.c:92:3:92:14 | *... = ... | semmle.label | *... = ... |
| ifs.c:93:9:93:10 | *i4 | semmle.label | *i4 |
| ifs.c:98:3:98:14 | *... = ... | semmle.label | *... = ... |
| ifs.c:99:9:99:10 | *i5 | semmle.label | *i5 |
| ifs.c:105:3:105:14 | *... = ... | semmle.label | *... = ... |
| ifs.c:106:9:106:10 | *i6 | semmle.label | *i6 |
| ifs.c:111:3:111:14 | *... = ... | semmle.label | *... = ... |
| ifs.c:112:9:112:10 | *i7 | semmle.label | *i7 |
| ifs.c:117:3:117:14 | *... = ... | semmle.label | *... = ... |
| ifs.c:118:9:118:10 | *i8 | semmle.label | *i8 |
| ifs.c:123:3:123:14 | *... = ... | semmle.label | *... = ... |
| ifs.c:124:9:124:10 | *i9 | semmle.label | *i9 |
subpaths
#select

28
cpp/ql/test/query-tests/Security/CWE/CWE-190/SAMATE/ArithmeticUncontrolled.expected
View File

@@ -1,17 +1,20 @@
edges
| examples.cpp:22:26:22:33 | call to rand | examples.cpp:25:31:25:34 | data | provenance | |
| examples.cpp:22:26:22:33 | call to rand | examples.cpp:25:31:25:34 | data | provenance | |
| examples.cpp:22:26:22:33 | call to rand | examples.cpp:25:31:25:34 | data | provenance | |
| examples.cpp:22:26:22:33 | call to rand | examples.cpp:25:31:25:34 | data | provenance | |
| examples.cpp:22:26:22:33 | call to rand | examples.cpp:25:31:25:34 | data | provenance | |
| examples.cpp:22:26:22:33 | call to rand | examples.cpp:25:31:25:34 | data | provenance | |
| examples.cpp:35:26:35:33 | call to rand | examples.cpp:38:9:38:12 | data | provenance | |
| examples.cpp:35:26:35:33 | call to rand | examples.cpp:38:9:38:12 | data | provenance | |
| examples.cpp:35:26:35:33 | call to rand | examples.cpp:38:9:38:12 | data | provenance | |
| examples.cpp:35:26:35:33 | call to rand | examples.cpp:38:9:38:12 | data | provenance | |
| examples.cpp:35:26:35:33 | call to rand | examples.cpp:38:9:38:12 | data | provenance | |
| examples.cpp:35:26:35:33 | call to rand | examples.cpp:38:9:38:12 | data | provenance | |
| examples.cpp:22:5:22:33 | ... = ... | examples.cpp:25:31:25:34 | data | provenance | |
| examples.cpp:22:26:22:33 | call to rand | examples.cpp:22:5:22:33 | ... = ... | provenance | |
| examples.cpp:22:26:22:33 | call to rand | examples.cpp:22:5:22:33 | ... = ... | provenance | |
| examples.cpp:22:26:22:33 | call to rand | examples.cpp:22:5:22:33 | ... = ... | provenance | |
| examples.cpp:22:26:22:33 | call to rand | examples.cpp:22:5:22:33 | ... = ... | provenance | |
| examples.cpp:22:26:22:33 | call to rand | examples.cpp:22:5:22:33 | ... = ... | provenance | |
| examples.cpp:22:26:22:33 | call to rand | examples.cpp:22:5:22:33 | ... = ... | provenance | |
| examples.cpp:35:5:35:33 | ... = ... | examples.cpp:38:9:38:12 | data | provenance | |
| examples.cpp:35:26:35:33 | call to rand | examples.cpp:35:5:35:33 | ... = ... | provenance | |
| examples.cpp:35:26:35:33 | call to rand | examples.cpp:35:5:35:33 | ... = ... | provenance | |
| examples.cpp:35:26:35:33 | call to rand | examples.cpp:35:5:35:33 | ... = ... | provenance | |
| examples.cpp:35:26:35:33 | call to rand | examples.cpp:35:5:35:33 | ... = ... | provenance | |
| examples.cpp:35:26:35:33 | call to rand | examples.cpp:35:5:35:33 | ... = ... | provenance | |
| examples.cpp:35:26:35:33 | call to rand | examples.cpp:35:5:35:33 | ... = ... | provenance | |
nodes
| examples.cpp:22:5:22:33 | ... = ... | semmle.label | ... = ... |
| examples.cpp:22:26:22:33 | call to rand | semmle.label | call to rand |
| examples.cpp:22:26:22:33 | call to rand | semmle.label | call to rand |
| examples.cpp:22:26:22:33 | call to rand | semmle.label | call to rand |
@@ -19,6 +22,7 @@ nodes
| examples.cpp:22:26:22:33 | call to rand | semmle.label | call to rand |
| examples.cpp:22:26:22:33 | call to rand | semmle.label | call to rand |
| examples.cpp:25:31:25:34 | data | semmle.label | data |
| examples.cpp:35:5:35:33 | ... = ... | semmle.label | ... = ... |
| examples.cpp:35:26:35:33 | call to rand | semmle.label | call to rand |
| examples.cpp:35:26:35:33 | call to rand | semmle.label | call to rand |
| examples.cpp:35:26:35:33 | call to rand | semmle.label | call to rand |

84
cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/ArithmeticUncontrolled/ArithmeticUncontrolled.expected
View File

@@ -1,88 +1,144 @@
edges
| test.c:18:13:18:16 | call to rand | test.c:18:13:18:16 | call to rand | provenance | |
| test.c:18:13:18:16 | call to rand | test.c:21:17:21:17 | r | provenance | |
| test.c:34:13:34:18 | call to rand | test.c:34:13:34:18 | call to rand | provenance | |
| test.c:34:13:34:18 | call to rand | test.c:35:5:35:5 | r | provenance | |
| test.c:44:13:44:16 | call to rand | test.c:44:13:44:16 | call to rand | provenance | |
| test.c:44:13:44:16 | call to rand | test.c:45:5:45:5 | r | provenance | |
| test.c:75:13:75:19 | call to rand | test.c:77:9:77:9 | r | provenance | |
| test.c:75:13:75:19 | call to rand | test.c:77:9:77:9 | r | provenance | |
| test.c:81:14:81:17 | call to rand | test.c:83:9:83:9 | r | provenance | |
| test.c:81:23:81:26 | call to rand | test.c:83:9:83:9 | r | provenance | |
| test.c:75:13:75:19 | (...) | test.c:77:9:77:9 | r | provenance | |
| test.c:75:13:75:19 | call to rand | test.c:75:13:75:19 | (...) | provenance | |
| test.c:75:13:75:19 | call to rand | test.c:75:13:75:19 | (...) | provenance | |
| test.c:81:13:81:29 | (...) | test.c:83:9:83:9 | r | provenance | |
| test.c:81:14:81:17 | call to rand | test.c:81:13:81:29 | (...) | provenance | |
| test.c:81:23:81:26 | call to rand | test.c:81:13:81:29 | (...) | provenance | |
| test.c:125:13:125:16 | call to rand | test.c:125:13:125:16 | call to rand | provenance | |
| test.c:125:13:125:16 | call to rand | test.c:127:9:127:9 | r | provenance | |
| test.c:131:13:131:16 | call to rand | test.c:131:13:131:16 | call to rand | provenance | |
| test.c:131:13:131:16 | call to rand | test.c:133:5:133:5 | r | provenance | |
| test.c:137:13:137:16 | call to rand | test.c:137:13:137:16 | call to rand | provenance | |
| test.c:137:13:137:16 | call to rand | test.c:139:10:139:10 | r | provenance | |
| test.c:155:22:155:27 | call to rand | test.c:157:9:157:9 | r | provenance | |
| test.c:155:22:155:27 | (unsigned int)... | test.c:157:9:157:9 | r | provenance | |
| test.c:155:22:155:27 | call to rand | test.c:155:22:155:27 | (unsigned int)... | provenance | |
| test.cpp:6:5:6:12 | *get_rand | test.cpp:24:11:24:18 | call to get_rand | provenance | |
| test.cpp:8:9:8:12 | call to rand | test.cpp:6:5:6:12 | *get_rand | provenance | |
| test.cpp:8:9:8:12 | call to rand | test.cpp:8:9:8:12 | call to rand | provenance | |
| test.cpp:11:21:11:24 | *dest | test.cpp:30:13:30:14 | get_rand2 output argument | provenance | |
| test.cpp:13:10:13:13 | call to rand | test.cpp:11:21:11:24 | *dest | provenance | |
| test.cpp:13:2:13:15 | ... = ... | test.cpp:11:21:11:24 | *dest | provenance | |
| test.cpp:13:10:13:13 | call to rand | test.cpp:13:2:13:15 | ... = ... | provenance | |
| test.cpp:16:21:16:24 | *dest | test.cpp:36:13:36:13 | get_rand3 output argument | provenance | |
| test.cpp:18:9:18:12 | call to rand | test.cpp:16:21:16:24 | *dest | provenance | |
| test.cpp:18:2:18:14 | ... = ... | test.cpp:16:21:16:24 | *dest | provenance | |
| test.cpp:18:9:18:12 | call to rand | test.cpp:18:2:18:14 | ... = ... | provenance | |
| test.cpp:24:11:24:18 | call to get_rand | test.cpp:24:11:24:18 | call to get_rand | provenance | |
| test.cpp:24:11:24:18 | call to get_rand | test.cpp:25:7:25:7 | r | provenance | |
| test.cpp:30:13:30:14 | get_rand2 output argument | test.cpp:31:7:31:7 | r | provenance | |
| test.cpp:36:13:36:13 | get_rand3 output argument | test.cpp:37:7:37:7 | r | provenance | |
| test.cpp:86:10:86:13 | call to rand | test.cpp:86:10:86:13 | call to rand | provenance | |
| test.cpp:86:10:86:13 | call to rand | test.cpp:90:10:90:10 | x | provenance | |
| test.cpp:98:10:98:13 | call to rand | test.cpp:98:10:98:13 | call to rand | provenance | |
| test.cpp:98:10:98:13 | call to rand | test.cpp:102:10:102:10 | x | provenance | |
| test.cpp:137:10:137:13 | call to rand | test.cpp:146:9:146:9 | y | provenance | |
| test.cpp:151:10:151:13 | call to rand | test.cpp:154:10:154:10 | b | provenance | |
| test.cpp:169:11:169:14 | call to rand | test.cpp:171:11:171:16 | y | provenance | |
| test.cpp:189:10:189:13 | call to rand | test.cpp:196:7:196:7 | x | provenance | |
| test.cpp:137:10:137:13 | call to rand | test.cpp:137:10:137:13 | call to rand | provenance | |
| test.cpp:137:10:137:13 | call to rand | test.cpp:143:3:143:7 | ... = ... | provenance | |
| test.cpp:143:3:143:7 | ... = ... | test.cpp:146:9:146:9 | y | provenance | |
| test.cpp:151:10:151:13 | call to rand | test.cpp:151:10:151:13 | call to rand | provenance | |
| test.cpp:151:10:151:13 | call to rand | test.cpp:153:10:153:15 | ... - ... | provenance | |
| test.cpp:153:10:153:15 | ... - ... | test.cpp:154:10:154:10 | b | provenance | |
| test.cpp:169:11:169:14 | call to rand | test.cpp:169:11:169:14 | call to rand | provenance | |
| test.cpp:169:11:169:14 | call to rand | test.cpp:170:13:170:13 | (float)... | provenance | |
| test.cpp:170:13:170:13 | (float)... | test.cpp:171:11:171:16 | y | provenance | |
| test.cpp:189:10:189:13 | call to rand | test.cpp:189:10:189:13 | call to rand | provenance | |
| test.cpp:189:10:189:13 | call to rand | test.cpp:195:3:195:11 | ... = ... | provenance | |
| test.cpp:189:10:189:13 | call to rand | test.cpp:198:3:198:11 | ... = ... | provenance | |
| test.cpp:189:10:189:13 | call to rand | test.cpp:198:7:198:7 | x | provenance | |
| test.cpp:189:10:189:13 | call to rand | test.cpp:199:7:199:7 | x | provenance | |
| test.cpp:190:10:190:13 | call to rand | test.cpp:190:10:190:13 | call to rand | provenance | |
| test.cpp:190:10:190:13 | call to rand | test.cpp:204:3:204:11 | ... = ... | provenance | |
| test.cpp:190:10:190:13 | call to rand | test.cpp:204:7:204:7 | y | provenance | |
| test.cpp:190:10:190:13 | call to rand | test.cpp:205:7:205:7 | y | provenance | |
| test.cpp:190:10:190:13 | call to rand | test.cpp:208:7:208:7 | y | provenance | |
| test.cpp:190:10:190:13 | call to rand | test.cpp:207:3:207:11 | ... = ... | provenance | |
| test.cpp:195:3:195:11 | ... = ... | test.cpp:196:7:196:7 | x | provenance | |
| test.cpp:198:3:198:11 | ... = ... | test.cpp:199:7:199:7 | x | provenance | |
| test.cpp:204:3:204:11 | ... = ... | test.cpp:205:7:205:7 | y | provenance | |
| test.cpp:207:3:207:11 | ... = ... | test.cpp:208:7:208:7 | y | provenance | |
| test.cpp:215:11:215:14 | call to rand | test.cpp:215:11:215:14 | call to rand | provenance | |
| test.cpp:215:11:215:14 | call to rand | test.cpp:219:8:219:8 | x | provenance | |
nodes
| test.c:18:13:18:16 | call to rand | semmle.label | call to rand |
| test.c:18:13:18:16 | call to rand | semmle.label | call to rand |
| test.c:21:17:21:17 | r | semmle.label | r |
| test.c:34:13:34:18 | call to rand | semmle.label | call to rand |
| test.c:34:13:34:18 | call to rand | semmle.label | call to rand |
| test.c:35:5:35:5 | r | semmle.label | r |
| test.c:44:13:44:16 | call to rand | semmle.label | call to rand |
| test.c:44:13:44:16 | call to rand | semmle.label | call to rand |
| test.c:45:5:45:5 | r | semmle.label | r |
| test.c:75:13:75:19 | (...) | semmle.label | (...) |
| test.c:75:13:75:19 | call to rand | semmle.label | call to rand |
| test.c:75:13:75:19 | call to rand | semmle.label | call to rand |
| test.c:77:9:77:9 | r | semmle.label | r |
| test.c:81:13:81:29 | (...) | semmle.label | (...) |
| test.c:81:14:81:17 | call to rand | semmle.label | call to rand |
| test.c:81:23:81:26 | call to rand | semmle.label | call to rand |
| test.c:83:9:83:9 | r | semmle.label | r |
| test.c:125:13:125:16 | call to rand | semmle.label | call to rand |
| test.c:125:13:125:16 | call to rand | semmle.label | call to rand |
| test.c:127:9:127:9 | r | semmle.label | r |
| test.c:131:13:131:16 | call to rand | semmle.label | call to rand |
| test.c:131:13:131:16 | call to rand | semmle.label | call to rand |
| test.c:133:5:133:5 | r | semmle.label | r |
| test.c:137:13:137:16 | call to rand | semmle.label | call to rand |
| test.c:137:13:137:16 | call to rand | semmle.label | call to rand |
| test.c:139:10:139:10 | r | semmle.label | r |
| test.c:155:22:155:27 | (unsigned int)... | semmle.label | (unsigned int)... |
| test.c:155:22:155:27 | call to rand | semmle.label | call to rand |
| test.c:157:9:157:9 | r | semmle.label | r |
| test.cpp:6:5:6:12 | *get_rand | semmle.label | *get_rand |
| test.cpp:8:9:8:12 | call to rand | semmle.label | call to rand |
| test.cpp:8:9:8:12 | call to rand | semmle.label | call to rand |
| test.cpp:11:21:11:24 | *dest | semmle.label | *dest |
| test.cpp:13:2:13:15 | ... = ... | semmle.label | ... = ... |
| test.cpp:13:10:13:13 | call to rand | semmle.label | call to rand |
| test.cpp:16:21:16:24 | *dest | semmle.label | *dest |
| test.cpp:18:2:18:14 | ... = ... | semmle.label | ... = ... |
| test.cpp:18:9:18:12 | call to rand | semmle.label | call to rand |
| test.cpp:24:11:24:18 | call to get_rand | semmle.label | call to get_rand |
| test.cpp:24:11:24:18 | call to get_rand | semmle.label | call to get_rand |
| test.cpp:25:7:25:7 | r | semmle.label | r |
| test.cpp:30:13:30:14 | get_rand2 output argument | semmle.label | get_rand2 output argument |
| test.cpp:31:7:31:7 | r | semmle.label | r |
| test.cpp:36:13:36:13 | get_rand3 output argument | semmle.label | get_rand3 output argument |
| test.cpp:37:7:37:7 | r | semmle.label | r |
| test.cpp:86:10:86:13 | call to rand | semmle.label | call to rand |
| test.cpp:86:10:86:13 | call to rand | semmle.label | call to rand |
| test.cpp:90:10:90:10 | x | semmle.label | x |
| test.cpp:98:10:98:13 | call to rand | semmle.label | call to rand |
| test.cpp:98:10:98:13 | call to rand | semmle.label | call to rand |
| test.cpp:102:10:102:10 | x | semmle.label | x |
| test.cpp:137:10:137:13 | call to rand | semmle.label | call to rand |
| test.cpp:137:10:137:13 | call to rand | semmle.label | call to rand |
| test.cpp:143:3:143:7 | ... = ... | semmle.label | ... = ... |
| test.cpp:146:9:146:9 | y | semmle.label | y |
| test.cpp:151:10:151:13 | call to rand | semmle.label | call to rand |
| test.cpp:151:10:151:13 | call to rand | semmle.label | call to rand |
| test.cpp:153:10:153:15 | ... - ... | semmle.label | ... - ... |
| test.cpp:154:10:154:10 | b | semmle.label | b |
| test.cpp:169:11:169:14 | call to rand | semmle.label | call to rand |
| test.cpp:169:11:169:14 | call to rand | semmle.label | call to rand |
| test.cpp:170:13:170:13 | (float)... | semmle.label | (float)... |
| test.cpp:171:11:171:16 | y | semmle.label | y |
| test.cpp:189:10:189:13 | call to rand | semmle.label | call to rand |
| test.cpp:189:10:189:13 | call to rand | semmle.label | call to rand |
| test.cpp:190:10:190:13 | call to rand | semmle.label | call to rand |
| test.cpp:190:10:190:13 | call to rand | semmle.label | call to rand |
| test.cpp:195:3:195:11 | ... = ... | semmle.label | ... = ... |
| test.cpp:196:7:196:7 | x | semmle.label | x |
| test.cpp:198:3:198:11 | ... = ... | semmle.label | ... = ... |
| test.cpp:198:7:198:7 | x | semmle.label | x |
| test.cpp:199:7:199:7 | x | semmle.label | x |
| test.cpp:204:3:204:11 | ... = ... | semmle.label | ... = ... |
| test.cpp:204:7:204:7 | y | semmle.label | y |
| test.cpp:205:7:205:7 | y | semmle.label | y |
| test.cpp:207:3:207:11 | ... = ... | semmle.label | ... = ... |
| test.cpp:208:7:208:7 | y | semmle.label | y |
| test.cpp:215:11:215:14 | call to rand | semmle.label | call to rand |
| test.cpp:215:11:215:14 | call to rand | semmle.label | call to rand |
| test.cpp:219:8:219:8 | x | semmle.label | x |
subpaths
#select

54
cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/TaintedAllocationSize/TaintedAllocationSize.expected
View File

@@ -1,59 +1,79 @@
edges
| test.cpp:39:27:39:30 | **argv | test.cpp:43:38:43:44 | tainted | provenance | TaintFunction |
| test.cpp:39:27:39:30 | **argv | test.cpp:44:38:44:63 | ... * ... | provenance | TaintFunction |
| test.cpp:39:27:39:30 | **argv | test.cpp:46:38:46:63 | ... + ... | provenance | TaintFunction |
| test.cpp:39:27:39:30 | **argv | test.cpp:49:32:49:35 | size | provenance | TaintFunction |
| test.cpp:39:27:39:30 | **argv | test.cpp:50:17:50:30 | size | provenance | TaintFunction |
| test.cpp:39:27:39:30 | **argv | test.cpp:53:35:53:60 | ... * ... | provenance | TaintFunction |
| test.cpp:124:18:124:31 | *call to getenv | test.cpp:128:24:128:41 | ... * ... | provenance | TaintFunction |
| test.cpp:133:19:133:32 | *call to getenv | test.cpp:135:10:135:27 | ... * ... | provenance | TaintFunction |
| test.cpp:148:20:148:33 | *call to getenv | test.cpp:152:11:152:28 | ... * ... | provenance | TaintFunction |
| test.cpp:39:27:39:30 | **argv | test.cpp:40:16:40:19 | call to atoi | provenance | TaintFunction |
| test.cpp:40:16:40:19 | call to atoi | test.cpp:43:38:43:44 | tainted | provenance | |
| test.cpp:40:16:40:19 | call to atoi | test.cpp:44:38:44:63 | ... * ... | provenance | |
| test.cpp:40:16:40:19 | call to atoi | test.cpp:46:38:46:63 | ... + ... | provenance | |
| test.cpp:40:16:40:19 | call to atoi | test.cpp:48:13:48:23 | ... * ... | provenance | |
| test.cpp:40:16:40:19 | call to atoi | test.cpp:53:35:53:60 | ... * ... | provenance | |
| test.cpp:48:13:48:23 | ... * ... | test.cpp:49:32:49:35 | size | provenance | |
| test.cpp:48:13:48:23 | ... * ... | test.cpp:50:17:50:30 | size | provenance | |
| test.cpp:124:13:124:16 | call to atoi | test.cpp:128:24:128:41 | ... * ... | provenance | |
| test.cpp:124:18:124:31 | *call to getenv | test.cpp:124:13:124:16 | call to atoi | provenance | TaintFunction |
| test.cpp:133:14:133:17 | call to atoi | test.cpp:135:10:135:27 | ... * ... | provenance | |
| test.cpp:133:19:133:32 | *call to getenv | test.cpp:133:14:133:17 | call to atoi | provenance | TaintFunction |
| test.cpp:148:15:148:18 | call to atol | test.cpp:152:11:152:28 | ... * ... | provenance | |
| test.cpp:148:20:148:33 | *call to getenv | test.cpp:148:15:148:18 | call to atol | provenance | TaintFunction |
| test.cpp:209:8:209:23 | *get_tainted_size | test.cpp:241:9:241:24 | call to get_tainted_size | provenance | |
| test.cpp:211:14:211:27 | *call to getenv | test.cpp:209:8:209:23 | *get_tainted_size | provenance | TaintFunction |
| test.cpp:211:9:211:42 | ... * ... | test.cpp:209:8:209:23 | *get_tainted_size | provenance | |
| test.cpp:211:14:211:27 | *call to getenv | test.cpp:211:9:211:42 | ... * ... | provenance | TaintFunction |
| test.cpp:230:21:230:21 | s | test.cpp:231:21:231:21 | s | provenance | |
| test.cpp:237:24:237:37 | *call to getenv | test.cpp:239:9:239:18 | local_size | provenance | TaintFunction |
| test.cpp:237:24:237:37 | *call to getenv | test.cpp:245:11:245:20 | local_size | provenance | TaintFunction |
| test.cpp:237:24:237:37 | *call to getenv | test.cpp:247:10:247:19 | local_size | provenance | TaintFunction |
| test.cpp:237:19:237:52 | (int)... | test.cpp:239:9:239:18 | local_size | provenance | |
| test.cpp:237:19:237:52 | (int)... | test.cpp:245:11:245:20 | local_size | provenance | |
| test.cpp:237:19:237:52 | (int)... | test.cpp:247:10:247:19 | local_size | provenance | |
| test.cpp:237:24:237:37 | *call to getenv | test.cpp:237:19:237:52 | (int)... | provenance | TaintFunction |
| test.cpp:247:10:247:19 | local_size | test.cpp:230:21:230:21 | s | provenance | |
| test.cpp:250:20:250:27 | *out_size | test.cpp:289:17:289:20 | get_size output argument | provenance | |
| test.cpp:250:20:250:27 | *out_size | test.cpp:305:18:305:21 | get_size output argument | provenance | |
| test.cpp:251:18:251:31 | *call to getenv | test.cpp:250:20:250:27 | *out_size | provenance | TaintFunction |
| test.cpp:259:20:259:33 | *call to getenv | test.cpp:263:11:263:29 | ... * ... | provenance | TaintFunction |
| test.cpp:251:2:251:32 | ... = ... | test.cpp:250:20:250:27 | *out_size | provenance | |
| test.cpp:251:18:251:31 | *call to getenv | test.cpp:251:2:251:32 | ... = ... | provenance | TaintFunction |
| test.cpp:259:15:259:18 | call to atoi | test.cpp:263:11:263:29 | ... * ... | provenance | |
| test.cpp:259:20:259:33 | *call to getenv | test.cpp:259:15:259:18 | call to atoi | provenance | TaintFunction |
| test.cpp:289:17:289:20 | get_size output argument | test.cpp:291:11:291:28 | ... * ... | provenance | |
| test.cpp:305:18:305:21 | get_size output argument | test.cpp:308:10:308:27 | ... * ... | provenance | |
| test.cpp:353:18:353:31 | *call to getenv | test.cpp:355:35:355:38 | size | provenance | TaintFunction |
| test.cpp:353:18:353:31 | *call to getenv | test.cpp:356:35:356:38 | size | provenance | TaintFunction |
| test.cpp:353:13:353:16 | call to atoi | test.cpp:355:35:355:38 | size | provenance | |
| test.cpp:353:13:353:16 | call to atoi | test.cpp:356:35:356:38 | size | provenance | |
| test.cpp:353:18:353:31 | *call to getenv | test.cpp:353:13:353:16 | call to atoi | provenance | TaintFunction |
nodes
| test.cpp:39:27:39:30 | **argv | semmle.label | **argv |
| test.cpp:40:16:40:19 | call to atoi | semmle.label | call to atoi |
| test.cpp:43:38:43:44 | tainted | semmle.label | tainted |
| test.cpp:44:38:44:63 | ... * ... | semmle.label | ... * ... |
| test.cpp:46:38:46:63 | ... + ... | semmle.label | ... + ... |
| test.cpp:48:13:48:23 | ... * ... | semmle.label | ... * ... |
| test.cpp:49:32:49:35 | size | semmle.label | size |
| test.cpp:50:17:50:30 | size | semmle.label | size |
| test.cpp:53:35:53:60 | ... * ... | semmle.label | ... * ... |
| test.cpp:124:13:124:16 | call to atoi | semmle.label | call to atoi |
| test.cpp:124:18:124:31 | *call to getenv | semmle.label | *call to getenv |
| test.cpp:128:24:128:41 | ... * ... | semmle.label | ... * ... |
| test.cpp:133:14:133:17 | call to atoi | semmle.label | call to atoi |
| test.cpp:133:19:133:32 | *call to getenv | semmle.label | *call to getenv |
| test.cpp:135:10:135:27 | ... * ... | semmle.label | ... * ... |
| test.cpp:148:15:148:18 | call to atol | semmle.label | call to atol |
| test.cpp:148:20:148:33 | *call to getenv | semmle.label | *call to getenv |
| test.cpp:152:11:152:28 | ... * ... | semmle.label | ... * ... |
| test.cpp:209:8:209:23 | *get_tainted_size | semmle.label | *get_tainted_size |
| test.cpp:211:9:211:42 | ... * ... | semmle.label | ... * ... |
| test.cpp:211:14:211:27 | *call to getenv | semmle.label | *call to getenv |
| test.cpp:230:21:230:21 | s | semmle.label | s |
| test.cpp:231:21:231:21 | s | semmle.label | s |
| test.cpp:237:19:237:52 | (int)... | semmle.label | (int)... |
| test.cpp:237:24:237:37 | *call to getenv | semmle.label | *call to getenv |
| test.cpp:239:9:239:18 | local_size | semmle.label | local_size |
| test.cpp:241:9:241:24 | call to get_tainted_size | semmle.label | call to get_tainted_size |
| test.cpp:245:11:245:20 | local_size | semmle.label | local_size |
| test.cpp:247:10:247:19 | local_size | semmle.label | local_size |
| test.cpp:250:20:250:27 | *out_size | semmle.label | *out_size |
| test.cpp:251:2:251:32 | ... = ... | semmle.label | ... = ... |
| test.cpp:251:18:251:31 | *call to getenv | semmle.label | *call to getenv |
| test.cpp:259:15:259:18 | call to atoi | semmle.label | call to atoi |
| test.cpp:259:20:259:33 | *call to getenv | semmle.label | *call to getenv |
| test.cpp:263:11:263:29 | ... * ... | semmle.label | ... * ... |
| test.cpp:289:17:289:20 | get_size output argument | semmle.label | get_size output argument |
| test.cpp:291:11:291:28 | ... * ... | semmle.label | ... * ... |
| test.cpp:305:18:305:21 | get_size output argument | semmle.label | get_size output argument |
| test.cpp:308:10:308:27 | ... * ... | semmle.label | ... * ... |
| test.cpp:353:13:353:16 | call to atoi | semmle.label | call to atoi |
| test.cpp:353:18:353:31 | *call to getenv | semmle.label | *call to getenv |
| test.cpp:355:35:355:38 | size | semmle.label | size |
| test.cpp:356:35:356:38 | size | semmle.label | size |

42
cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/tainted/ArithmeticTainted.expected
View File

@@ -2,36 +2,58 @@ edges
| test2.cpp:12:21:12:21 | v | test2.cpp:14:11:14:11 | v | provenance | |
| test2.cpp:25:22:25:23 | fscanf output argument | test2.cpp:27:13:27:13 | v | provenance | |
| test2.cpp:27:13:27:13 | v | test2.cpp:12:21:12:21 | v | provenance | |
| test2.cpp:36:9:36:14 | fgets output argument | test2.cpp:39:9:39:11 | num | provenance | TaintFunction |
| test2.cpp:36:9:36:14 | fgets output argument | test2.cpp:40:3:40:5 | num | provenance | TaintFunction |
| test3.c:10:27:10:30 | **argv | test.c:14:15:14:28 | maxConnections | provenance | TaintFunction |
| test3.c:10:27:10:30 | **argv | test.c:44:7:44:10 | len2 | provenance | TaintFunction |
| test3.c:10:27:10:30 | **argv | test.c:54:7:54:10 | len3 | provenance | TaintFunction |
| test2.cpp:36:9:36:14 | fgets output argument | test2.cpp:38:13:38:16 | call to atoi | provenance | TaintFunction |
| test2.cpp:38:13:38:16 | call to atoi | test2.cpp:39:3:39:18 | ... = ... | provenance | |
| test2.cpp:38:13:38:16 | call to atoi | test2.cpp:39:9:39:11 | num | provenance | |
| test2.cpp:39:3:39:18 | ... = ... | test2.cpp:40:3:40:5 | num | provenance | |
| test3.c:10:27:10:30 | **argv | test.c:11:24:11:27 | call to atoi | provenance | TaintFunction |
| test3.c:10:27:10:30 | **argv | test.c:41:5:41:24 | ... = ... | provenance | TaintFunction |
| test3.c:10:27:10:30 | **argv | test.c:51:5:51:24 | ... = ... | provenance | TaintFunction |
| test5.cpp:5:5:5:17 | *getTaintedInt | test5.cpp:17:6:17:18 | call to getTaintedInt | provenance | |
| test5.cpp:5:5:5:17 | *getTaintedInt | test5.cpp:18:6:18:18 | call to getTaintedInt | provenance | |
| test5.cpp:9:7:9:9 | gets output argument | test5.cpp:5:5:5:17 | *getTaintedInt | provenance | TaintFunction |
| test5.cpp:18:6:18:18 | call to getTaintedInt | test5.cpp:19:6:19:6 | y | provenance | |
| test.c:10:27:10:30 | **argv | test.c:14:15:14:28 | maxConnections | provenance | TaintFunction |
| test.c:10:27:10:30 | **argv | test.c:44:7:44:10 | len2 | provenance | TaintFunction |
| test.c:10:27:10:30 | **argv | test.c:54:7:54:10 | len3 | provenance | TaintFunction |
| test5.cpp:9:7:9:9 | gets output argument | test5.cpp:10:9:10:27 | (int)... | provenance | TaintFunction |
| test5.cpp:10:9:10:27 | (int)... | test5.cpp:5:5:5:17 | *getTaintedInt | provenance | |
| test5.cpp:18:2:18:20 | ... = ... | test5.cpp:19:6:19:6 | y | provenance | |
| test5.cpp:18:6:18:18 | call to getTaintedInt | test5.cpp:18:2:18:20 | ... = ... | provenance | |
| test.c:10:27:10:30 | **argv | test.c:11:24:11:27 | call to atoi | provenance | TaintFunction |
| test.c:10:27:10:30 | **argv | test.c:41:5:41:24 | ... = ... | provenance | TaintFunction |
| test.c:10:27:10:30 | **argv | test.c:51:5:51:24 | ... = ... | provenance | TaintFunction |
| test.c:11:24:11:27 | call to atoi | test.c:14:15:14:28 | maxConnections | provenance | |
| test.c:41:5:41:24 | ... = ... | test.c:44:7:44:10 | len2 | provenance | |
| test.c:41:5:41:24 | ... = ... | test.c:44:7:44:12 | ... -- | provenance | |
| test.c:44:7:44:12 | ... -- | test.c:44:7:44:10 | len2 | provenance | |
| test.c:44:7:44:12 | ... -- | test.c:44:7:44:12 | ... -- | provenance | |
| test.c:51:5:51:24 | ... = ... | test.c:54:7:54:10 | len3 | provenance | |
| test.c:51:5:51:24 | ... = ... | test.c:54:7:54:12 | ... -- | provenance | |
| test.c:54:7:54:12 | ... -- | test.c:54:7:54:10 | len3 | provenance | |
| test.c:54:7:54:12 | ... -- | test.c:54:7:54:12 | ... -- | provenance | |
nodes
| test2.cpp:12:21:12:21 | v | semmle.label | v |
| test2.cpp:14:11:14:11 | v | semmle.label | v |
| test2.cpp:25:22:25:23 | fscanf output argument | semmle.label | fscanf output argument |
| test2.cpp:27:13:27:13 | v | semmle.label | v |
| test2.cpp:36:9:36:14 | fgets output argument | semmle.label | fgets output argument |
| test2.cpp:38:13:38:16 | call to atoi | semmle.label | call to atoi |
| test2.cpp:39:3:39:18 | ... = ... | semmle.label | ... = ... |
| test2.cpp:39:9:39:11 | num | semmle.label | num |
| test2.cpp:40:3:40:5 | num | semmle.label | num |
| test3.c:10:27:10:30 | **argv | semmle.label | **argv |
| test5.cpp:5:5:5:17 | *getTaintedInt | semmle.label | *getTaintedInt |
| test5.cpp:9:7:9:9 | gets output argument | semmle.label | gets output argument |
| test5.cpp:10:9:10:27 | (int)... | semmle.label | (int)... |
| test5.cpp:17:6:17:18 | call to getTaintedInt | semmle.label | call to getTaintedInt |
| test5.cpp:18:2:18:20 | ... = ... | semmle.label | ... = ... |
| test5.cpp:18:6:18:18 | call to getTaintedInt | semmle.label | call to getTaintedInt |
| test5.cpp:19:6:19:6 | y | semmle.label | y |
| test.c:10:27:10:30 | **argv | semmle.label | **argv |
| test.c:11:24:11:27 | call to atoi | semmle.label | call to atoi |
| test.c:14:15:14:28 | maxConnections | semmle.label | maxConnections |
| test.c:41:5:41:24 | ... = ... | semmle.label | ... = ... |
| test.c:44:7:44:10 | len2 | semmle.label | len2 |
| test.c:44:7:44:12 | ... -- | semmle.label | ... -- |
| test.c:51:5:51:24 | ... = ... | semmle.label | ... = ... |
| test.c:54:7:54:10 | len3 | semmle.label | len3 |
| test.c:54:7:54:12 | ... -- | semmle.label | ... -- |
subpaths
#select
| test2.cpp:14:11:14:11 | v | test2.cpp:25:22:25:23 | fscanf output argument | test2.cpp:14:11:14:11 | v | $@ flows to an operand of an arithmetic expression, potentially causing an overflow. | test2.cpp:25:22:25:23 | fscanf output argument | value read by fscanf |

84
cpp/ql/test/query-tests/Security/CWE/CWE-193/InvalidPointerDeref.expected
View File

@@ -1,5 +1,6 @@
edges
| test.cpp:4:15:4:33 | call to malloc | test.cpp:5:15:5:22 | ... + ... | provenance | |
| test.cpp:4:15:4:33 | (char *)... | test.cpp:5:15:5:22 | ... + ... | provenance | |
| test.cpp:4:15:4:33 | call to malloc | test.cpp:4:15:4:33 | (char *)... | provenance | |
| test.cpp:5:15:5:22 | ... + ... | test.cpp:5:15:5:22 | ... + ... | provenance | |
| test.cpp:5:15:5:22 | ... + ... | test.cpp:6:14:6:15 | * ... | provenance | |
| test.cpp:5:15:5:22 | ... + ... | test.cpp:6:14:6:15 | * ... | provenance | |
@@ -8,8 +9,10 @@ edges
| test.cpp:5:15:5:22 | ... + ... | test.cpp:8:14:8:21 | * ... | provenance | |
| test.cpp:5:15:5:22 | ... + ... | test.cpp:8:14:8:21 | * ... | provenance | |
| test.cpp:6:14:6:15 | * ... | test.cpp:8:14:8:21 | * ... | provenance | |
| test.cpp:16:15:16:33 | call to malloc | test.cpp:20:14:20:21 | * ... | provenance | |
| test.cpp:28:15:28:37 | call to malloc | test.cpp:29:15:29:28 | ... + ... | provenance | |
| test.cpp:16:15:16:33 | (char *)... | test.cpp:20:14:20:21 | * ... | provenance | |
| test.cpp:16:15:16:33 | call to malloc | test.cpp:16:15:16:33 | (char *)... | provenance | |
| test.cpp:28:15:28:37 | (char *)... | test.cpp:29:15:29:28 | ... + ... | provenance | |
| test.cpp:28:15:28:37 | call to malloc | test.cpp:28:15:28:37 | (char *)... | provenance | |
| test.cpp:29:15:29:28 | ... + ... | test.cpp:29:15:29:28 | ... + ... | provenance | |
| test.cpp:29:15:29:28 | ... + ... | test.cpp:30:14:30:15 | * ... | provenance | |
| test.cpp:29:15:29:28 | ... + ... | test.cpp:30:14:30:15 | * ... | provenance | |
@@ -19,101 +22,129 @@ edges
| test.cpp:29:15:29:28 | ... + ... | test.cpp:32:14:32:21 | * ... | provenance | |
| test.cpp:30:14:30:15 | * ... | test.cpp:32:14:32:21 | * ... | provenance | |
| test.cpp:51:33:51:35 | *end | test.cpp:60:34:60:37 | mk_array output argument | provenance | |
| test.cpp:52:19:52:37 | call to malloc | test.cpp:53:12:53:23 | ... + ... | provenance | |
| test.cpp:53:12:53:23 | ... + ... | test.cpp:51:33:51:35 | *end | provenance | |
| test.cpp:52:19:52:37 | (char *)... | test.cpp:53:12:53:23 | ... + ... | provenance | |
| test.cpp:52:19:52:37 | call to malloc | test.cpp:52:19:52:37 | (char *)... | provenance | |
| test.cpp:53:5:53:23 | ... = ... | test.cpp:51:33:51:35 | *end | provenance | |
| test.cpp:53:12:53:23 | ... + ... | test.cpp:53:5:53:23 | ... = ... | provenance | |
| test.cpp:60:34:60:37 | mk_array output argument | test.cpp:67:9:67:14 | ... = ... | provenance | |
| test.cpp:205:15:205:33 | call to malloc | test.cpp:206:17:206:23 | ... + ... | provenance | |
| test.cpp:205:15:205:33 | (char *)... | test.cpp:206:17:206:23 | ... + ... | provenance | |
| test.cpp:205:15:205:33 | call to malloc | test.cpp:205:15:205:33 | (char *)... | provenance | |
| test.cpp:206:17:206:23 | ... + ... | test.cpp:206:17:206:23 | ... + ... | provenance | |
| test.cpp:206:17:206:23 | ... + ... | test.cpp:213:5:213:13 | ... = ... | provenance | |
| test.cpp:206:17:206:23 | ... + ... | test.cpp:213:5:213:13 | ... = ... | provenance | |
| test.cpp:260:13:260:24 | new[] | test.cpp:260:13:260:24 | new[] | provenance | |
| test.cpp:260:13:260:24 | new[] | test.cpp:261:14:261:21 | ... + ... | provenance | |
| test.cpp:261:14:261:21 | ... + ... | test.cpp:261:14:261:21 | ... + ... | provenance | |
| test.cpp:261:14:261:21 | ... + ... | test.cpp:264:13:264:14 | * ... | provenance | |
| test.cpp:261:14:261:21 | ... + ... | test.cpp:264:13:264:14 | * ... | provenance | |
| test.cpp:261:14:261:21 | ... + ... | test.cpp:264:13:264:14 | * ... | provenance | |
| test.cpp:261:14:261:21 | ... + ... | test.cpp:264:13:264:14 | * ... | provenance | |
| test.cpp:264:13:264:14 | * ... | test.cpp:264:13:264:14 | * ... | provenance | |
| test.cpp:264:13:264:14 | * ... | test.cpp:264:13:264:14 | * ... | provenance | |
| test.cpp:262:31:262:33 | *... ++ | test.cpp:264:13:264:14 | * ... | provenance | |
| test.cpp:262:31:262:33 | *... ++ | test.cpp:264:13:264:14 | * ... | provenance | |
| test.cpp:264:13:264:14 | * ... | test.cpp:262:31:262:33 | *... ++ | provenance | |
| test.cpp:270:13:270:24 | new[] | test.cpp:270:13:270:24 | new[] | provenance | |
| test.cpp:270:13:270:24 | new[] | test.cpp:271:14:271:21 | ... + ... | provenance | |
| test.cpp:271:14:271:21 | ... + ... | test.cpp:271:14:271:21 | ... + ... | provenance | |
| test.cpp:271:14:271:21 | ... + ... | test.cpp:274:5:274:10 | ... = ... | provenance | |
| test.cpp:271:14:271:21 | ... + ... | test.cpp:274:5:274:10 | ... = ... | provenance | |
| test.cpp:355:14:355:27 | new[] | test.cpp:355:14:355:27 | new[] | provenance | |
| test.cpp:355:14:355:27 | new[] | test.cpp:356:15:356:23 | ... + ... | provenance | |
| test.cpp:356:15:356:23 | ... + ... | test.cpp:356:15:356:23 | ... + ... | provenance | |
| test.cpp:356:15:356:23 | ... + ... | test.cpp:358:14:358:26 | * ... | provenance | |
| test.cpp:356:15:356:23 | ... + ... | test.cpp:358:14:358:26 | * ... | provenance | |
| test.cpp:356:15:356:23 | ... + ... | test.cpp:359:14:359:32 | * ... | provenance | |
| test.cpp:356:15:356:23 | ... + ... | test.cpp:359:14:359:32 | * ... | provenance | |
| test.cpp:377:14:377:27 | new[] | test.cpp:377:14:377:27 | new[] | provenance | |
| test.cpp:377:14:377:27 | new[] | test.cpp:378:15:378:23 | ... + ... | provenance | |
| test.cpp:378:15:378:23 | ... + ... | test.cpp:378:15:378:23 | ... + ... | provenance | |
| test.cpp:378:15:378:23 | ... + ... | test.cpp:384:13:384:16 | * ... | provenance | |
| test.cpp:378:15:378:23 | ... + ... | test.cpp:384:13:384:16 | * ... | provenance | |
| test.cpp:410:14:410:27 | new[] | test.cpp:410:14:410:27 | new[] | provenance | |
| test.cpp:410:14:410:27 | new[] | test.cpp:411:15:411:23 | & ... | provenance | |
| test.cpp:410:14:410:27 | new[] | test.cpp:415:7:415:15 | ... = ... | provenance | |
| test.cpp:411:15:411:23 | & ... | test.cpp:411:15:411:23 | & ... | provenance | |
| test.cpp:411:15:411:23 | & ... | test.cpp:415:7:415:15 | ... = ... | provenance | |
| test.cpp:411:15:411:23 | & ... | test.cpp:415:7:415:15 | ... = ... | provenance | |
| test.cpp:421:14:421:27 | new[] | test.cpp:421:14:421:27 | new[] | provenance | |
| test.cpp:421:14:421:27 | new[] | test.cpp:422:15:422:23 | & ... | provenance | |
| test.cpp:421:14:421:27 | new[] | test.cpp:426:7:426:15 | ... = ... | provenance | |
| test.cpp:422:15:422:23 | & ... | test.cpp:422:15:422:23 | & ... | provenance | |
| test.cpp:422:15:422:23 | & ... | test.cpp:426:7:426:15 | ... = ... | provenance | |
| test.cpp:422:15:422:23 | & ... | test.cpp:426:7:426:15 | ... = ... | provenance | |
| test.cpp:432:14:432:27 | new[] | test.cpp:432:14:432:27 | new[] | provenance | |
| test.cpp:432:14:432:27 | new[] | test.cpp:433:15:433:23 | & ... | provenance | |
| test.cpp:432:14:432:27 | new[] | test.cpp:438:7:438:15 | ... = ... | provenance | |
| test.cpp:433:15:433:23 | & ... | test.cpp:433:15:433:23 | & ... | provenance | |
| test.cpp:433:15:433:23 | & ... | test.cpp:438:7:438:15 | ... = ... | provenance | |
| test.cpp:433:15:433:23 | & ... | test.cpp:438:7:438:15 | ... = ... | provenance | |
| test.cpp:444:14:444:27 | new[] | test.cpp:444:14:444:27 | new[] | provenance | |
| test.cpp:444:14:444:27 | new[] | test.cpp:445:15:445:23 | & ... | provenance | |
| test.cpp:444:14:444:27 | new[] | test.cpp:450:7:450:15 | ... = ... | provenance | |
| test.cpp:445:15:445:23 | & ... | test.cpp:445:15:445:23 | & ... | provenance | |
| test.cpp:445:15:445:23 | & ... | test.cpp:450:7:450:15 | ... = ... | provenance | |
| test.cpp:445:15:445:23 | & ... | test.cpp:450:7:450:15 | ... = ... | provenance | |
| test.cpp:480:14:480:27 | new[] | test.cpp:480:14:480:27 | new[] | provenance | |
| test.cpp:480:14:480:27 | new[] | test.cpp:481:15:481:23 | & ... | provenance | |
| test.cpp:480:14:480:27 | new[] | test.cpp:486:7:486:15 | ... = ... | provenance | |
| test.cpp:481:15:481:23 | & ... | test.cpp:481:15:481:23 | & ... | provenance | |
| test.cpp:481:15:481:23 | & ... | test.cpp:486:7:486:15 | ... = ... | provenance | |
| test.cpp:481:15:481:23 | & ... | test.cpp:486:7:486:15 | ... = ... | provenance | |
| test.cpp:543:14:543:27 | new[] | test.cpp:543:14:543:27 | new[] | provenance | |
| test.cpp:543:14:543:27 | new[] | test.cpp:548:5:548:19 | ... = ... | provenance | |
| test.cpp:554:14:554:27 | new[] | test.cpp:554:14:554:27 | new[] | provenance | |
| test.cpp:554:14:554:27 | new[] | test.cpp:559:5:559:19 | ... = ... | provenance | |
| test.cpp:642:14:642:31 | new[] | test.cpp:642:14:642:31 | new[] | provenance | |
| test.cpp:642:14:642:31 | new[] | test.cpp:647:5:647:19 | ... = ... | provenance | |
| test.cpp:730:12:730:28 | new[] | test.cpp:730:12:730:28 | new[] | provenance | |
| test.cpp:730:12:730:28 | new[] | test.cpp:732:16:732:26 | ... + ... | provenance | |
| test.cpp:732:16:732:26 | ... + ... | test.cpp:732:16:732:26 | ... + ... | provenance | |
| test.cpp:732:16:732:26 | ... + ... | test.cpp:733:5:733:12 | ... = ... | provenance | |
| test.cpp:732:16:732:26 | ... + ... | test.cpp:733:5:733:12 | ... = ... | provenance | |
| test.cpp:754:18:754:31 | new[] | test.cpp:754:18:754:31 | new[] | provenance | |
| test.cpp:754:18:754:31 | new[] | test.cpp:767:16:767:29 | access to array | provenance | |
| test.cpp:754:18:754:31 | new[] | test.cpp:767:16:767:29 | access to array | provenance | |
| test.cpp:754:18:754:31 | new[] | test.cpp:772:16:772:29 | access to array | provenance | |
| test.cpp:754:18:754:31 | new[] | test.cpp:772:16:772:29 | access to array | provenance | |
| test.cpp:781:14:781:27 | new[] | test.cpp:781:14:781:27 | new[] | provenance | |
| test.cpp:781:14:781:27 | new[] | test.cpp:786:18:786:27 | access to array | provenance | |
| test.cpp:792:60:792:62 | *end | test.cpp:800:40:800:43 | mk_array_no_field_flow output argument | provenance | |
| test.cpp:792:60:792:62 | *end | test.cpp:832:40:832:43 | mk_array_no_field_flow output argument | provenance | |
| test.cpp:793:14:793:32 | call to malloc | test.cpp:794:12:794:24 | ... + ... | provenance | |
| test.cpp:794:12:794:24 | ... + ... | test.cpp:792:60:792:62 | *end | provenance | |
| test.cpp:793:5:793:32 | ... = ... | test.cpp:794:12:794:24 | ... + ... | provenance | |
| test.cpp:793:14:793:32 | call to malloc | test.cpp:793:5:793:32 | ... = ... | provenance | |
| test.cpp:794:5:794:24 | ... = ... | test.cpp:792:60:792:62 | *end | provenance | |
| test.cpp:794:12:794:24 | ... + ... | test.cpp:794:5:794:24 | ... = ... | provenance | |
| test.cpp:800:40:800:43 | mk_array_no_field_flow output argument | test.cpp:807:7:807:12 | ... = ... | provenance | |
| test.cpp:815:52:815:54 | end | test.cpp:815:52:815:54 | end | provenance | |
| test.cpp:815:52:815:54 | end | test.cpp:821:7:821:12 | ... = ... | provenance | |
| test.cpp:815:52:815:54 | end | test.cpp:821:7:821:12 | ... = ... | provenance | |
| test.cpp:832:40:832:43 | mk_array_no_field_flow output argument | test.cpp:833:37:833:39 | end | provenance | |
| test.cpp:833:37:833:39 | end | test.cpp:815:52:815:54 | end | provenance | |
| test.cpp:841:18:841:35 | call to malloc | test.cpp:842:3:842:20 | ... = ... | provenance | |
| test.cpp:848:20:848:37 | call to malloc | test.cpp:849:5:849:22 | ... = ... | provenance | |
| test.cpp:856:12:856:35 | call to malloc | test.cpp:857:16:857:29 | ... + ... | provenance | |
| test.cpp:841:18:841:35 | (int *)... | test.cpp:842:3:842:20 | ... = ... | provenance | |
| test.cpp:841:18:841:35 | call to malloc | test.cpp:841:18:841:35 | (int *)... | provenance | |
| test.cpp:848:20:848:37 | (int *)... | test.cpp:849:5:849:22 | ... = ... | provenance | |
| test.cpp:848:20:848:37 | call to malloc | test.cpp:848:20:848:37 | (int *)... | provenance | |
| test.cpp:856:12:856:35 | (int *)... | test.cpp:857:16:857:29 | ... + ... | provenance | |
| test.cpp:856:12:856:35 | call to malloc | test.cpp:856:12:856:35 | (int *)... | provenance | |
| test.cpp:857:16:857:29 | ... + ... | test.cpp:857:16:857:29 | ... + ... | provenance | |
| test.cpp:857:16:857:29 | ... + ... | test.cpp:860:5:860:11 | ... = ... | provenance | |
| test.cpp:857:16:857:29 | ... + ... | test.cpp:860:5:860:11 | ... = ... | provenance | |
| test.cpp:868:15:868:35 | call to g_malloc | test.cpp:869:15:869:22 | ... + ... | provenance | |
| test.cpp:868:15:868:35 | (char *)... | test.cpp:869:15:869:22 | ... + ... | provenance | |
| test.cpp:868:15:868:35 | call to g_malloc | test.cpp:868:15:868:35 | (char *)... | provenance | |
| test.cpp:869:15:869:22 | ... + ... | test.cpp:869:15:869:22 | ... + ... | provenance | |
| test.cpp:869:15:869:22 | ... + ... | test.cpp:870:14:870:15 | * ... | provenance | |
| test.cpp:869:15:869:22 | ... + ... | test.cpp:870:14:870:15 | * ... | provenance | |
nodes
| test.cpp:4:15:4:33 | (char *)... | semmle.label | (char *)... |
| test.cpp:4:15:4:33 | call to malloc | semmle.label | call to malloc |
| test.cpp:5:15:5:22 | ... + ... | semmle.label | ... + ... |
| test.cpp:5:15:5:22 | ... + ... | semmle.label | ... + ... |
| test.cpp:6:14:6:15 | * ... | semmle.label | * ... |
| test.cpp:6:14:6:15 | * ... | semmle.label | * ... |
| test.cpp:8:14:8:21 | * ... | semmle.label | * ... |
| test.cpp:16:15:16:33 | (char *)... | semmle.label | (char *)... |
| test.cpp:16:15:16:33 | call to malloc | semmle.label | call to malloc |
| test.cpp:20:14:20:21 | * ... | semmle.label | * ... |
| test.cpp:28:15:28:37 | (char *)... | semmle.label | (char *)... |
| test.cpp:28:15:28:37 | call to malloc | semmle.label | call to malloc |
| test.cpp:29:15:29:28 | ... + ... | semmle.label | ... + ... |
| test.cpp:29:15:29:28 | ... + ... | semmle.label | ... + ... |
@@ -121,71 +152,92 @@ nodes
| test.cpp:30:14:30:15 | * ... | semmle.label | * ... |
| test.cpp:32:14:32:21 | * ... | semmle.label | * ... |
| test.cpp:51:33:51:35 | *end | semmle.label | *end |
| test.cpp:52:19:52:37 | (char *)... | semmle.label | (char *)... |
| test.cpp:52:19:52:37 | call to malloc | semmle.label | call to malloc |
| test.cpp:53:5:53:23 | ... = ... | semmle.label | ... = ... |
| test.cpp:53:12:53:23 | ... + ... | semmle.label | ... + ... |
| test.cpp:60:34:60:37 | mk_array output argument | semmle.label | mk_array output argument |
| test.cpp:67:9:67:14 | ... = ... | semmle.label | ... = ... |
| test.cpp:205:15:205:33 | (char *)... | semmle.label | (char *)... |
| test.cpp:205:15:205:33 | call to malloc | semmle.label | call to malloc |
| test.cpp:206:17:206:23 | ... + ... | semmle.label | ... + ... |
| test.cpp:206:17:206:23 | ... + ... | semmle.label | ... + ... |
| test.cpp:213:5:213:13 | ... = ... | semmle.label | ... = ... |
| test.cpp:260:13:260:24 | new[] | semmle.label | new[] |
| test.cpp:260:13:260:24 | new[] | semmle.label | new[] |
| test.cpp:261:14:261:21 | ... + ... | semmle.label | ... + ... |
| test.cpp:261:14:261:21 | ... + ... | semmle.label | ... + ... |
| test.cpp:262:31:262:33 | *... ++ | semmle.label | *... ++ |
| test.cpp:264:13:264:14 | * ... | semmle.label | * ... |
| test.cpp:264:13:264:14 | * ... | semmle.label | * ... |
| test.cpp:270:13:270:24 | new[] | semmle.label | new[] |
| test.cpp:270:13:270:24 | new[] | semmle.label | new[] |
| test.cpp:271:14:271:21 | ... + ... | semmle.label | ... + ... |
| test.cpp:271:14:271:21 | ... + ... | semmle.label | ... + ... |
| test.cpp:274:5:274:10 | ... = ... | semmle.label | ... = ... |
| test.cpp:355:14:355:27 | new[] | semmle.label | new[] |
| test.cpp:355:14:355:27 | new[] | semmle.label | new[] |
| test.cpp:356:15:356:23 | ... + ... | semmle.label | ... + ... |
| test.cpp:356:15:356:23 | ... + ... | semmle.label | ... + ... |
| test.cpp:358:14:358:26 | * ... | semmle.label | * ... |
| test.cpp:359:14:359:32 | * ... | semmle.label | * ... |
| test.cpp:377:14:377:27 | new[] | semmle.label | new[] |
| test.cpp:377:14:377:27 | new[] | semmle.label | new[] |
| test.cpp:378:15:378:23 | ... + ... | semmle.label | ... + ... |
| test.cpp:378:15:378:23 | ... + ... | semmle.label | ... + ... |
| test.cpp:384:13:384:16 | * ... | semmle.label | * ... |
| test.cpp:410:14:410:27 | new[] | semmle.label | new[] |
| test.cpp:410:14:410:27 | new[] | semmle.label | new[] |
| test.cpp:411:15:411:23 | & ... | semmle.label | & ... |
| test.cpp:411:15:411:23 | & ... | semmle.label | & ... |
| test.cpp:415:7:415:15 | ... = ... | semmle.label | ... = ... |
| test.cpp:421:14:421:27 | new[] | semmle.label | new[] |
| test.cpp:421:14:421:27 | new[] | semmle.label | new[] |
| test.cpp:422:15:422:23 | & ... | semmle.label | & ... |
| test.cpp:422:15:422:23 | & ... | semmle.label | & ... |
| test.cpp:426:7:426:15 | ... = ... | semmle.label | ... = ... |
| test.cpp:432:14:432:27 | new[] | semmle.label | new[] |
| test.cpp:432:14:432:27 | new[] | semmle.label | new[] |
| test.cpp:433:15:433:23 | & ... | semmle.label | & ... |
| test.cpp:433:15:433:23 | & ... | semmle.label | & ... |
| test.cpp:438:7:438:15 | ... = ... | semmle.label | ... = ... |
| test.cpp:444:14:444:27 | new[] | semmle.label | new[] |
| test.cpp:444:14:444:27 | new[] | semmle.label | new[] |
| test.cpp:445:15:445:23 | & ... | semmle.label | & ... |
| test.cpp:445:15:445:23 | & ... | semmle.label | & ... |
| test.cpp:450:7:450:15 | ... = ... | semmle.label | ... = ... |
| test.cpp:480:14:480:27 | new[] | semmle.label | new[] |
| test.cpp:480:14:480:27 | new[] | semmle.label | new[] |
| test.cpp:481:15:481:23 | & ... | semmle.label | & ... |
| test.cpp:481:15:481:23 | & ... | semmle.label | & ... |
| test.cpp:486:7:486:15 | ... = ... | semmle.label | ... = ... |
| test.cpp:543:14:543:27 | new[] | semmle.label | new[] |
| test.cpp:543:14:543:27 | new[] | semmle.label | new[] |
| test.cpp:548:5:548:19 | ... = ... | semmle.label | ... = ... |
| test.cpp:554:14:554:27 | new[] | semmle.label | new[] |
| test.cpp:554:14:554:27 | new[] | semmle.label | new[] |
| test.cpp:559:5:559:19 | ... = ... | semmle.label | ... = ... |
| test.cpp:642:14:642:31 | new[] | semmle.label | new[] |
| test.cpp:642:14:642:31 | new[] | semmle.label | new[] |
| test.cpp:647:5:647:19 | ... = ... | semmle.label | ... = ... |
| test.cpp:730:12:730:28 | new[] | semmle.label | new[] |
| test.cpp:730:12:730:28 | new[] | semmle.label | new[] |
| test.cpp:732:16:732:26 | ... + ... | semmle.label | ... + ... |
| test.cpp:732:16:732:26 | ... + ... | semmle.label | ... + ... |
| test.cpp:733:5:733:12 | ... = ... | semmle.label | ... = ... |
| test.cpp:754:18:754:31 | new[] | semmle.label | new[] |
| test.cpp:754:18:754:31 | new[] | semmle.label | new[] |
| test.cpp:767:16:767:29 | access to array | semmle.label | access to array |
| test.cpp:767:16:767:29 | access to array | semmle.label | access to array |
| test.cpp:772:16:772:29 | access to array | semmle.label | access to array |
| test.cpp:772:16:772:29 | access to array | semmle.label | access to array |
| test.cpp:781:14:781:27 | new[] | semmle.label | new[] |
| test.cpp:781:14:781:27 | new[] | semmle.label | new[] |
| test.cpp:786:18:786:27 | access to array | semmle.label | access to array |
| test.cpp:792:60:792:62 | *end | semmle.label | *end |
| test.cpp:793:5:793:32 | ... = ... | semmle.label | ... = ... |
| test.cpp:793:14:793:32 | call to malloc | semmle.label | call to malloc |
| test.cpp:794:5:794:24 | ... = ... | semmle.label | ... = ... |
| test.cpp:794:12:794:24 | ... + ... | semmle.label | ... + ... |
| test.cpp:800:40:800:43 | mk_array_no_field_flow output argument | semmle.label | mk_array_no_field_flow output argument |
| test.cpp:807:7:807:12 | ... = ... | semmle.label | ... = ... |
@@ -194,14 +246,18 @@ nodes
| test.cpp:821:7:821:12 | ... = ... | semmle.label | ... = ... |
| test.cpp:832:40:832:43 | mk_array_no_field_flow output argument | semmle.label | mk_array_no_field_flow output argument |
| test.cpp:833:37:833:39 | end | semmle.label | end |
| test.cpp:841:18:841:35 | (int *)... | semmle.label | (int *)... |
| test.cpp:841:18:841:35 | call to malloc | semmle.label | call to malloc |
| test.cpp:842:3:842:20 | ... = ... | semmle.label | ... = ... |
| test.cpp:848:20:848:37 | (int *)... | semmle.label | (int *)... |
| test.cpp:848:20:848:37 | call to malloc | semmle.label | call to malloc |
| test.cpp:849:5:849:22 | ... = ... | semmle.label | ... = ... |
| test.cpp:856:12:856:35 | (int *)... | semmle.label | (int *)... |
| test.cpp:856:12:856:35 | call to malloc | semmle.label | call to malloc |
| test.cpp:857:16:857:29 | ... + ... | semmle.label | ... + ... |
| test.cpp:857:16:857:29 | ... + ... | semmle.label | ... + ... |
| test.cpp:860:5:860:11 | ... = ... | semmle.label | ... = ... |
| test.cpp:868:15:868:35 | (char *)... | semmle.label | (char *)... |
| test.cpp:868:15:868:35 | call to g_malloc | semmle.label | call to g_malloc |
| test.cpp:869:15:869:22 | ... + ... | semmle.label | ... + ... |
| test.cpp:869:15:869:22 | ... + ... | semmle.label | ... + ... |

20
cpp/ql/test/query-tests/Security/CWE/CWE-290/semmle/AuthenticationBypass/AuthenticationBypass.expected
View File

@@ -1,17 +1,25 @@
edges
| test.cpp:16:25:16:42 | *call to getenv | test.cpp:20:14:20:20 | *address | provenance | |
| test.cpp:27:25:27:42 | *call to getenv | test.cpp:31:14:31:20 | *address | provenance | |
| test.cpp:38:25:38:42 | *call to getenv | test.cpp:42:14:42:20 | *address | provenance | |
| test.cpp:49:25:49:42 | *call to getenv | test.cpp:52:14:52:20 | *address | provenance | |
| test.cpp:49:25:49:42 | *call to getenv | test.cpp:56:14:56:20 | *address | provenance | |
| test.cpp:49:25:49:42 | *call to getenv | test.cpp:60:14:60:20 | *address | provenance | |
| test.cpp:16:25:16:42 | *(const char *)... | test.cpp:20:14:20:20 | *address | provenance | |
| test.cpp:16:25:16:42 | *call to getenv | test.cpp:16:25:16:42 | *(const char *)... | provenance | |
| test.cpp:27:25:27:42 | *(const char *)... | test.cpp:31:14:31:20 | *address | provenance | |
| test.cpp:27:25:27:42 | *call to getenv | test.cpp:27:25:27:42 | *(const char *)... | provenance | |
| test.cpp:38:25:38:42 | *(const char *)... | test.cpp:42:14:42:20 | *address | provenance | |
| test.cpp:38:25:38:42 | *call to getenv | test.cpp:38:25:38:42 | *(const char *)... | provenance | |
| test.cpp:49:25:49:42 | *(const char *)... | test.cpp:52:14:52:20 | *address | provenance | |
| test.cpp:49:25:49:42 | *(const char *)... | test.cpp:56:14:56:20 | *address | provenance | |
| test.cpp:49:25:49:42 | *(const char *)... | test.cpp:60:14:60:20 | *address | provenance | |
| test.cpp:49:25:49:42 | *call to getenv | test.cpp:49:25:49:42 | *(const char *)... | provenance | |
nodes
| test.cpp:16:25:16:42 | *(const char *)... | semmle.label | *(const char *)... |
| test.cpp:16:25:16:42 | *call to getenv | semmle.label | *call to getenv |
| test.cpp:20:14:20:20 | *address | semmle.label | *address |
| test.cpp:27:25:27:42 | *(const char *)... | semmle.label | *(const char *)... |
| test.cpp:27:25:27:42 | *call to getenv | semmle.label | *call to getenv |
| test.cpp:31:14:31:20 | *address | semmle.label | *address |
| test.cpp:38:25:38:42 | *(const char *)... | semmle.label | *(const char *)... |
| test.cpp:38:25:38:42 | *call to getenv | semmle.label | *call to getenv |
| test.cpp:42:14:42:20 | *address | semmle.label | *address |
| test.cpp:49:25:49:42 | *(const char *)... | semmle.label | *(const char *)... |
| test.cpp:49:25:49:42 | *call to getenv | semmle.label | *call to getenv |
| test.cpp:52:14:52:20 | *address | semmle.label | *address |
| test.cpp:56:14:56:20 | *address | semmle.label | *address |

4
cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextBufferWrite.expected
View File

@@ -1,8 +1,10 @@
edges
| test.cpp:53:27:53:30 | **argv | test.cpp:58:25:58:29 | *input | provenance | |
| test.cpp:53:27:53:30 | **argv | test.cpp:54:17:54:23 | *access to array | provenance | |
| test.cpp:54:17:54:23 | *access to array | test.cpp:58:25:58:29 | *input | provenance | |
nodes
| test2.cpp:110:3:110:6 | *call to gets | semmle.label | *call to gets |
| test.cpp:53:27:53:30 | **argv | semmle.label | **argv |
| test.cpp:54:17:54:23 | *access to array | semmle.label | *access to array |
| test.cpp:58:25:58:29 | *input | semmle.label | *input |
subpaths
#select

2
cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextFileWrite.expected
View File

@@ -1,4 +1,5 @@
edges
| test2.cpp:62:18:62:25 | password | test2.cpp:62:18:62:25 | password | provenance | |
| test2.cpp:62:18:62:25 | password | test2.cpp:65:31:65:34 | cpy1 | provenance | |
| test2.cpp:72:15:72:24 | password | test2.cpp:73:30:73:32 | *buf | provenance | DataFlowFunction |
| test2.cpp:98:45:98:52 | password | test2.cpp:99:27:99:32 | *buffer | provenance | TaintFunction |
@@ -13,6 +14,7 @@ nodes
| test2.cpp:55:40:55:51 | widepassword | semmle.label | widepassword |
| test2.cpp:57:39:57:49 | call to getPassword | semmle.label | call to getPassword |
| test2.cpp:62:18:62:25 | password | semmle.label | password |
| test2.cpp:62:18:62:25 | password | semmle.label | password |
| test2.cpp:65:31:65:34 | cpy1 | semmle.label | cpy1 |
| test2.cpp:72:15:72:24 | password | semmle.label | password |
| test2.cpp:73:30:73:32 | *buf | semmle.label | *buf |

28
cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextTransmission.expected
View File

@@ -1,14 +1,20 @@
edges
| test3.cpp:74:21:74:29 | password1 | test3.cpp:74:21:74:29 | password1 | provenance | |
| test3.cpp:74:21:74:29 | password1 | test3.cpp:76:15:76:17 | ptr | provenance | |
| test3.cpp:81:15:81:22 | password | test3.cpp:83:15:83:17 | ptr | provenance | |
| test3.cpp:81:15:81:22 | array to pointer conversion | test3.cpp:83:15:83:17 | ptr | provenance | |
| test3.cpp:81:15:81:22 | password | test3.cpp:81:15:81:22 | array to pointer conversion | provenance | |
| test3.cpp:112:20:112:25 | buffer | test3.cpp:114:14:114:19 | buffer | provenance | |
| test3.cpp:117:28:117:33 | buffer | test3.cpp:117:13:117:14 | *id | provenance | |
| test3.cpp:117:28:117:33 | buffer | test3.cpp:119:9:119:14 | buffer | provenance | |
| test3.cpp:119:9:119:14 | buffer | test3.cpp:117:13:117:14 | *id | provenance | |
| test3.cpp:124:7:124:20 | *get_global_str | test3.cpp:144:16:144:29 | call to get_global_str | provenance | |
| test3.cpp:126:9:126:23 | global_password | test3.cpp:124:7:124:20 | *get_global_str | provenance | |
| test3.cpp:126:9:126:23 | global_password | test3.cpp:126:9:126:23 | global_password | provenance | |
| test3.cpp:134:11:134:18 | password | test3.cpp:112:20:112:25 | buffer | provenance | |
| test3.cpp:138:21:138:22 | call to id | test3.cpp:138:21:138:22 | call to id | provenance | |
| test3.cpp:138:21:138:22 | call to id | test3.cpp:140:15:140:17 | ptr | provenance | |
| test3.cpp:138:24:138:32 | password1 | test3.cpp:117:28:117:33 | buffer | provenance | |
| test3.cpp:138:24:138:32 | password1 | test3.cpp:138:21:138:22 | call to id | provenance | |
| test3.cpp:144:16:144:29 | call to get_global_str | test3.cpp:144:16:144:29 | call to get_global_str | provenance | |
| test3.cpp:144:16:144:29 | call to get_global_str | test3.cpp:146:15:146:18 | data | provenance | |
| test3.cpp:157:19:157:26 | password | test3.cpp:159:15:159:20 | *buffer | provenance | TaintFunction |
| test3.cpp:270:16:270:23 | password | test3.cpp:272:15:272:18 | *data | provenance | DataFlowFunction |
@@ -21,6 +27,7 @@ edges
| test3.cpp:314:11:314:19 | password1 | test3.cpp:283:20:283:23 | data | provenance | |
| test3.cpp:316:11:316:19 | password1 | test3.cpp:283:20:283:23 | data | provenance | |
| test3.cpp:317:11:317:19 | password1 | test3.cpp:288:20:288:23 | data | provenance | |
| test3.cpp:322:16:322:24 | password2 | test3.cpp:322:16:322:24 | password2 | provenance | |
| test3.cpp:322:16:322:24 | password2 | test3.cpp:324:11:324:14 | data | provenance | |
| test3.cpp:322:16:322:24 | password2 | test3.cpp:325:11:325:14 | data | provenance | |
| test3.cpp:324:11:324:14 | data | test3.cpp:293:20:293:23 | data | provenance | |
@@ -28,16 +35,21 @@ edges
| test3.cpp:526:44:526:54 | my_latitude | test3.cpp:527:15:527:20 | *buffer | provenance | TaintFunction |
| test3.cpp:532:45:532:58 | home_longitude | test3.cpp:533:15:533:20 | *buffer | provenance | TaintFunction |
| test3.cpp:551:47:551:58 | salaryString | test3.cpp:552:15:552:20 | *buffer | provenance | TaintFunction |
| test3.cpp:556:19:556:30 | salaryString | test3.cpp:556:19:556:30 | salaryString | provenance | |
| test3.cpp:556:19:556:30 | salaryString | test3.cpp:559:15:559:20 | *buffer | provenance | TaintFunction |
| test3.cpp:571:8:571:21 | call to get_home_phone | test3.cpp:572:14:572:16 | str | provenance | |
| test3.cpp:577:8:577:23 | call to get_home_address | test3.cpp:578:14:578:16 | str | provenance | |
| test3.cpp:571:2:571:23 | ... = ... | test3.cpp:572:14:572:16 | str | provenance | |
| test3.cpp:571:8:571:21 | call to get_home_phone | test3.cpp:571:2:571:23 | ... = ... | provenance | |
| test3.cpp:577:2:577:25 | ... = ... | test3.cpp:578:14:578:16 | str | provenance | |
| test3.cpp:577:8:577:23 | call to get_home_address | test3.cpp:577:2:577:25 | ... = ... | provenance | |
nodes
| test3.cpp:22:15:22:23 | password1 | semmle.label | password1 |
| test3.cpp:26:15:26:23 | password2 | semmle.label | password2 |
| test3.cpp:47:15:47:22 | password | semmle.label | password |
| test3.cpp:55:15:55:22 | password | semmle.label | password |
| test3.cpp:74:21:74:29 | password1 | semmle.label | password1 |
| test3.cpp:74:21:74:29 | password1 | semmle.label | password1 |
| test3.cpp:76:15:76:17 | ptr | semmle.label | ptr |
| test3.cpp:81:15:81:22 | array to pointer conversion | semmle.label | array to pointer conversion |
| test3.cpp:81:15:81:22 | password | semmle.label | password |
| test3.cpp:83:15:83:17 | ptr | semmle.label | ptr |
| test3.cpp:101:12:101:19 | password | semmle.label | password |
@@ -45,13 +57,17 @@ nodes
| test3.cpp:114:14:114:19 | buffer | semmle.label | buffer |
| test3.cpp:117:13:117:14 | *id | semmle.label | *id |
| test3.cpp:117:28:117:33 | buffer | semmle.label | buffer |
| test3.cpp:119:9:119:14 | buffer | semmle.label | buffer |
| test3.cpp:124:7:124:20 | *get_global_str | semmle.label | *get_global_str |
| test3.cpp:126:9:126:23 | global_password | semmle.label | global_password |
| test3.cpp:126:9:126:23 | global_password | semmle.label | global_password |
| test3.cpp:134:11:134:18 | password | semmle.label | password |
| test3.cpp:138:21:138:22 | call to id | semmle.label | call to id |
| test3.cpp:138:21:138:22 | call to id | semmle.label | call to id |
| test3.cpp:138:24:138:32 | password1 | semmle.label | password1 |
| test3.cpp:140:15:140:17 | ptr | semmle.label | ptr |
| test3.cpp:144:16:144:29 | call to get_global_str | semmle.label | call to get_global_str |
| test3.cpp:144:16:144:29 | call to get_global_str | semmle.label | call to get_global_str |
| test3.cpp:146:15:146:18 | data | semmle.label | data |
| test3.cpp:157:19:157:26 | password | semmle.label | password |
| test3.cpp:159:15:159:20 | *buffer | semmle.label | *buffer |
@@ -82,6 +98,7 @@ nodes
| test3.cpp:316:11:316:19 | password1 | semmle.label | password1 |
| test3.cpp:317:11:317:19 | password1 | semmle.label | password1 |
| test3.cpp:322:16:322:24 | password2 | semmle.label | password2 |
| test3.cpp:322:16:322:24 | password2 | semmle.label | password2 |
| test3.cpp:324:11:324:14 | data | semmle.label | data |
| test3.cpp:325:11:325:14 | data | semmle.label | data |
| test3.cpp:341:16:341:23 | password | semmle.label | password |
@@ -111,9 +128,12 @@ nodes
| test3.cpp:551:47:551:58 | salaryString | semmle.label | salaryString |
| test3.cpp:552:15:552:20 | *buffer | semmle.label | *buffer |
| test3.cpp:556:19:556:30 | salaryString | semmle.label | salaryString |
| test3.cpp:556:19:556:30 | salaryString | semmle.label | salaryString |
| test3.cpp:559:15:559:20 | *buffer | semmle.label | *buffer |
| test3.cpp:571:2:571:23 | ... = ... | semmle.label | ... = ... |
| test3.cpp:571:8:571:21 | call to get_home_phone | semmle.label | call to get_home_phone |
| test3.cpp:572:14:572:16 | str | semmle.label | str |
| test3.cpp:577:2:577:25 | ... = ... | semmle.label | ... = ... |
| test3.cpp:577:8:577:23 | call to get_home_address | semmle.label | call to get_home_address |
| test3.cpp:578:14:578:16 | str | semmle.label | str |
subpaths

21
cpp/ql/test/query-tests/Security/CWE/CWE-319/UseOfHttp/UseOfHttp.expected
View File

@@ -1,31 +1,44 @@
edges
| test.cpp:11:26:11:28 | *url | test.cpp:15:30:15:32 | *url | provenance | |
| test.cpp:24:13:24:17 | **url_g | test.cpp:38:11:38:15 | *url_g | provenance | |
| test.cpp:24:21:24:40 | *http://example.com | test.cpp:24:13:24:17 | **url_g | provenance | |
| test.cpp:24:21:24:40 | *array to pointer conversion | test.cpp:24:13:24:17 | **url_g | provenance | |
| test.cpp:24:21:24:40 | *http://example.com | test.cpp:24:21:24:40 | *array to pointer conversion | provenance | |
| test.cpp:28:10:28:29 | *http://example.com | test.cpp:11:26:11:28 | *url | provenance | |
| test.cpp:35:23:35:42 | *http://example.com | test.cpp:39:11:39:15 | *url_l | provenance | |
| test.cpp:36:26:36:45 | *http://example.com | test.cpp:40:11:40:17 | *access to array | provenance | |
| test.cpp:35:23:35:42 | *array to pointer conversion | test.cpp:39:11:39:15 | *url_l | provenance | |
| test.cpp:35:23:35:42 | *http://example.com | test.cpp:35:23:35:42 | *array to pointer conversion | provenance | |
| test.cpp:36:26:36:45 | *array to pointer conversion | test.cpp:40:11:40:17 | *access to array | provenance | |
| test.cpp:36:26:36:45 | *http://example.com | test.cpp:36:26:36:45 | *array to pointer conversion | provenance | |
| test.cpp:38:11:38:15 | *url_g | test.cpp:11:26:11:28 | *url | provenance | |
| test.cpp:39:11:39:15 | *url_l | test.cpp:11:26:11:28 | *url | provenance | |
| test.cpp:40:11:40:17 | *access to array | test.cpp:11:26:11:28 | *url | provenance | |
| test.cpp:46:18:46:26 | *http:// | test.cpp:49:11:49:16 | *buffer | provenance | DataFlowFunction |
| test.cpp:49:11:49:16 | *buffer | test.cpp:11:26:11:28 | *url | provenance | |
| test.cpp:110:21:110:40 | *http://example.com | test.cpp:121:11:121:13 | *ptr | provenance | TaintFunction |
| test.cpp:110:21:110:40 | *(char *)... | test.cpp:113:2:113:37 | *... = ... | provenance | TaintFunction |
| test.cpp:110:21:110:40 | *(char *)... | test.cpp:116:3:116:37 | *... = ... | provenance | TaintFunction |
| test.cpp:110:21:110:40 | *http://example.com | test.cpp:110:21:110:40 | *(char *)... | provenance | |
| test.cpp:113:2:113:37 | *... = ... | test.cpp:121:11:121:13 | *ptr | provenance | |
| test.cpp:116:3:116:37 | *... = ... | test.cpp:121:11:121:13 | *ptr | provenance | |
| test.cpp:121:11:121:13 | *ptr | test.cpp:11:26:11:28 | *url | provenance | |
nodes
| test.cpp:11:26:11:28 | *url | semmle.label | *url |
| test.cpp:15:30:15:32 | *url | semmle.label | *url |
| test.cpp:24:13:24:17 | **url_g | semmle.label | **url_g |
| test.cpp:24:21:24:40 | *array to pointer conversion | semmle.label | *array to pointer conversion |
| test.cpp:24:21:24:40 | *http://example.com | semmle.label | *http://example.com |
| test.cpp:28:10:28:29 | *http://example.com | semmle.label | *http://example.com |
| test.cpp:35:23:35:42 | *array to pointer conversion | semmle.label | *array to pointer conversion |
| test.cpp:35:23:35:42 | *http://example.com | semmle.label | *http://example.com |
| test.cpp:36:26:36:45 | *array to pointer conversion | semmle.label | *array to pointer conversion |
| test.cpp:36:26:36:45 | *http://example.com | semmle.label | *http://example.com |
| test.cpp:38:11:38:15 | *url_g | semmle.label | *url_g |
| test.cpp:39:11:39:15 | *url_l | semmle.label | *url_l |
| test.cpp:40:11:40:17 | *access to array | semmle.label | *access to array |
| test.cpp:46:18:46:26 | *http:// | semmle.label | *http:// |
| test.cpp:49:11:49:16 | *buffer | semmle.label | *buffer |
| test.cpp:110:21:110:40 | *(char *)... | semmle.label | *(char *)... |
| test.cpp:110:21:110:40 | *http://example.com | semmle.label | *http://example.com |
| test.cpp:113:2:113:37 | *... = ... | semmle.label | *... = ... |
| test.cpp:116:3:116:37 | *... = ... | semmle.label | *... = ... |
| test.cpp:121:11:121:13 | *ptr | semmle.label | *ptr |
subpaths
#select

16
cpp/ql/test/query-tests/Security/CWE/CWE-497/semmle/tests/ExposedSystemData.expected
View File

@@ -1,9 +1,11 @@
edges
| tests2.cpp:50:13:50:19 | **global1 | tests2.cpp:82:14:82:20 | *global1 | provenance | |
| tests2.cpp:50:23:50:43 | *call to mysql_get_client_info | tests2.cpp:50:13:50:19 | **global1 | provenance | |
| tests2.cpp:50:23:50:43 | *call to mysql_get_client_info | tests2.cpp:50:23:50:43 | *call to mysql_get_client_info | provenance | |
| tests2.cpp:78:18:78:38 | *call to mysql_get_client_info | tests2.cpp:81:14:81:19 | *buffer | provenance | DataFlowFunction |
| tests2.cpp:91:42:91:45 | *str1 | tests2.cpp:93:14:93:17 | *str1 | provenance | |
| tests2.cpp:101:8:101:15 | *call to getpwuid | tests2.cpp:102:14:102:15 | *pw | provenance | |
| tests2.cpp:101:3:101:22 | *... = ... | tests2.cpp:102:14:102:15 | *pw | provenance | |
| tests2.cpp:101:8:101:15 | *call to getpwuid | tests2.cpp:101:3:101:22 | *... = ... | provenance | |
| tests2.cpp:109:3:109:4 | *c1 [post update] [*ptr] | tests2.cpp:111:14:111:15 | *c1 [*ptr] | provenance | |
| tests2.cpp:109:3:109:36 | *... = ... | tests2.cpp:109:3:109:4 | *c1 [post update] [*ptr] | provenance | |
| tests2.cpp:109:12:109:17 | *call to getenv | tests2.cpp:109:3:109:36 | *... = ... | provenance | |
@@ -11,22 +13,26 @@ edges
| tests2.cpp:111:14:111:15 | *c1 [*ptr] | tests2.cpp:111:17:111:19 | *ptr | provenance | |
| tests2.cpp:111:17:111:19 | *ptr | tests2.cpp:111:14:111:19 | *ptr | provenance | |
| tests2.cpp:120:5:120:21 | [summary param] 1 indirection in zmq_msg_init_data | tests2.cpp:120:5:120:21 | [summary] to write: Argument[0 indirection] in zmq_msg_init_data | provenance | |
| tests2.cpp:134:17:134:22 | *call to getenv | tests2.cpp:138:23:138:34 | *message_data | provenance | |
| tests2.cpp:134:17:134:22 | *call to getenv | tests2.cpp:143:34:143:45 | *message_data | provenance | |
| tests2.cpp:134:2:134:30 | *... = ... | tests2.cpp:138:23:138:34 | *message_data | provenance | |
| tests2.cpp:134:2:134:30 | *... = ... | tests2.cpp:143:34:143:45 | *message_data | provenance | |
| tests2.cpp:134:17:134:22 | *call to getenv | tests2.cpp:134:2:134:30 | *... = ... | provenance | |
| tests2.cpp:143:24:143:31 | zmq_msg_init_data output argument | tests2.cpp:144:33:144:40 | *& ... | provenance | |
| tests2.cpp:143:24:143:31 | zmq_msg_init_data output argument | tests2.cpp:147:20:147:27 | *& ... | provenance | |
| tests2.cpp:143:24:143:31 | zmq_msg_init_data output argument | tests2.cpp:155:32:155:39 | *& ... | provenance | |
| tests2.cpp:143:24:143:31 | zmq_msg_init_data output argument | tests2.cpp:158:20:158:27 | *& ... | provenance | |
| tests2.cpp:143:34:143:45 | *message_data | tests2.cpp:120:5:120:21 | [summary param] 1 indirection in zmq_msg_init_data | provenance | |
| tests2.cpp:143:34:143:45 | *message_data | tests2.cpp:143:24:143:31 | zmq_msg_init_data output argument | provenance | |
| tests_sockets.cpp:26:15:26:20 | *call to getenv | tests_sockets.cpp:26:15:26:20 | *call to getenv | provenance | |
| tests_sockets.cpp:26:15:26:20 | *call to getenv | tests_sockets.cpp:39:19:39:22 | *path | provenance | |
| tests_sockets.cpp:26:15:26:20 | *call to getenv | tests_sockets.cpp:43:20:43:23 | *path | provenance | |
| tests_sockets.cpp:63:15:63:20 | *call to getenv | tests_sockets.cpp:63:15:63:20 | *call to getenv | provenance | |
| tests_sockets.cpp:63:15:63:20 | *call to getenv | tests_sockets.cpp:76:19:76:22 | *path | provenance | |
| tests_sockets.cpp:63:15:63:20 | *call to getenv | tests_sockets.cpp:80:20:80:23 | *path | provenance | |
| tests_sysconf.cpp:36:21:36:27 | confstr output argument | tests_sysconf.cpp:39:19:39:25 | *pathbuf | provenance | |
nodes
| tests2.cpp:50:13:50:19 | **global1 | semmle.label | **global1 |
| tests2.cpp:50:23:50:43 | *call to mysql_get_client_info | semmle.label | *call to mysql_get_client_info |
| tests2.cpp:50:23:50:43 | *call to mysql_get_client_info | semmle.label | *call to mysql_get_client_info |
| tests2.cpp:63:13:63:26 | *call to getenv | semmle.label | *call to getenv |
| tests2.cpp:64:13:64:26 | *call to getenv | semmle.label | *call to getenv |
| tests2.cpp:65:13:65:30 | *call to getenv | semmle.label | *call to getenv |
@@ -37,6 +43,7 @@ nodes
| tests2.cpp:82:14:82:20 | *global1 | semmle.label | *global1 |
| tests2.cpp:91:42:91:45 | *str1 | semmle.label | *str1 |
| tests2.cpp:93:14:93:17 | *str1 | semmle.label | *str1 |
| tests2.cpp:101:3:101:22 | *... = ... | semmle.label | *... = ... |
| tests2.cpp:101:8:101:15 | *call to getpwuid | semmle.label | *call to getpwuid |
| tests2.cpp:102:14:102:15 | *pw | semmle.label | *pw |
| tests2.cpp:109:3:109:4 | *c1 [post update] [*ptr] | semmle.label | *c1 [post update] [*ptr] |
@@ -47,6 +54,7 @@ nodes
| tests2.cpp:111:17:111:19 | *ptr | semmle.label | *ptr |
| tests2.cpp:120:5:120:21 | [summary param] 1 indirection in zmq_msg_init_data | semmle.label | [summary param] 1 indirection in zmq_msg_init_data |
| tests2.cpp:120:5:120:21 | [summary] to write: Argument[0 indirection] in zmq_msg_init_data | semmle.label | [summary] to write: Argument[0 indirection] in zmq_msg_init_data |
| tests2.cpp:134:2:134:30 | *... = ... | semmle.label | *... = ... |
| tests2.cpp:134:17:134:22 | *call to getenv | semmle.label | *call to getenv |
| tests2.cpp:138:23:138:34 | *message_data | semmle.label | *message_data |
| tests2.cpp:143:24:143:31 | zmq_msg_init_data output argument | semmle.label | zmq_msg_init_data output argument |
@@ -56,9 +64,11 @@ nodes
| tests2.cpp:155:32:155:39 | *& ... | semmle.label | *& ... |
| tests2.cpp:158:20:158:27 | *& ... | semmle.label | *& ... |
| tests_sockets.cpp:26:15:26:20 | *call to getenv | semmle.label | *call to getenv |
| tests_sockets.cpp:26:15:26:20 | *call to getenv | semmle.label | *call to getenv |
| tests_sockets.cpp:39:19:39:22 | *path | semmle.label | *path |
| tests_sockets.cpp:43:20:43:23 | *path | semmle.label | *path |
| tests_sockets.cpp:63:15:63:20 | *call to getenv | semmle.label | *call to getenv |
| tests_sockets.cpp:63:15:63:20 | *call to getenv | semmle.label | *call to getenv |
| tests_sockets.cpp:76:19:76:22 | *path | semmle.label | *path |
| tests_sockets.cpp:80:20:80:23 | *path | semmle.label | *path |
| tests_sysconf.cpp:36:21:36:27 | confstr output argument | semmle.label | confstr output argument |

18
cpp/ql/test/query-tests/Security/CWE/CWE-497/semmle/tests/PotentiallyExposedSystemData.expected
View File

@@ -1,18 +1,23 @@
edges
| tests.cpp:62:7:62:18 | **global_token | tests.cpp:69:2:69:43 | *... = ... | provenance | |
| tests.cpp:62:7:62:18 | **global_token | tests.cpp:71:27:71:38 | *global_token | provenance | |
| tests.cpp:62:7:62:18 | **global_token | tests.cpp:73:27:73:31 | *maybe | provenance | |
| tests.cpp:62:22:62:27 | *call to getenv | tests.cpp:62:7:62:18 | **global_token | provenance | |
| tests.cpp:62:22:62:27 | *call to getenv | tests.cpp:62:22:62:27 | *call to getenv | provenance | |
| tests.cpp:69:2:69:43 | *... = ... | tests.cpp:73:27:73:31 | *maybe | provenance | |
| tests.cpp:86:29:86:31 | *msg | tests.cpp:88:15:88:17 | *msg | provenance | |
| tests.cpp:97:13:97:34 | *call to getenv | tests.cpp:86:29:86:31 | *msg | provenance | |
| tests.cpp:107:30:107:32 | *msg | tests.cpp:111:15:111:17 | *tmp | provenance | |
| tests.cpp:107:30:107:32 | *msg | tests.cpp:109:20:109:22 | *msg | provenance | |
| tests.cpp:109:20:109:22 | *msg | tests.cpp:111:15:111:17 | *tmp | provenance | |
| tests.cpp:114:30:114:32 | *msg | tests.cpp:119:7:119:12 | *buffer | provenance | TaintFunction |
| tests.cpp:122:30:122:32 | *msg | tests.cpp:124:15:124:17 | *msg | provenance | |
| tests.cpp:131:14:131:35 | *call to getenv | tests.cpp:107:30:107:32 | *msg | provenance | |
| tests.cpp:132:14:132:35 | *call to getenv | tests.cpp:114:30:114:32 | *msg | provenance | |
| tests.cpp:133:14:133:35 | *call to getenv | tests.cpp:122:30:122:32 | *msg | provenance | |
| tests.cpp:139:17:139:22 | *call to getenv | tests.cpp:139:17:139:22 | *call to getenv | provenance | |
| tests.cpp:139:17:139:22 | *call to getenv | tests.cpp:141:15:141:20 | *secret | provenance | |
| tests_passwd.cpp:16:8:16:15 | *call to getpwnam | tests_passwd.cpp:18:29:18:31 | *pwd | provenance | |
| tests_passwd.cpp:16:8:16:15 | *call to getpwnam | tests_passwd.cpp:19:26:19:28 | *pwd | provenance | |
| tests_passwd.cpp:16:2:16:25 | *... = ... | tests_passwd.cpp:18:29:18:31 | *pwd | provenance | |
| tests_passwd.cpp:16:2:16:25 | *... = ... | tests_passwd.cpp:19:26:19:28 | *pwd | provenance | |
| tests_passwd.cpp:16:8:16:15 | *call to getpwnam | tests_passwd.cpp:16:2:16:25 | *... = ... | provenance | |
nodes
| tests.cpp:48:15:48:36 | *call to getenv | semmle.label | *call to getenv |
| tests.cpp:49:15:49:36 | *call to getenv | semmle.label | *call to getenv |
@@ -22,6 +27,8 @@ nodes
| tests.cpp:59:43:59:64 | *call to getenv | semmle.label | *call to getenv |
| tests.cpp:62:7:62:18 | **global_token | semmle.label | **global_token |
| tests.cpp:62:22:62:27 | *call to getenv | semmle.label | *call to getenv |
| tests.cpp:62:22:62:27 | *call to getenv | semmle.label | *call to getenv |
| tests.cpp:69:2:69:43 | *... = ... | semmle.label | *... = ... |
| tests.cpp:71:27:71:38 | *global_token | semmle.label | *global_token |
| tests.cpp:73:27:73:31 | *maybe | semmle.label | *maybe |
| tests.cpp:86:29:86:31 | *msg | semmle.label | *msg |
@@ -29,6 +36,7 @@ nodes
| tests.cpp:97:13:97:34 | *call to getenv | semmle.label | *call to getenv |
| tests.cpp:97:13:97:34 | *call to getenv | semmle.label | *call to getenv |
| tests.cpp:107:30:107:32 | *msg | semmle.label | *msg |
| tests.cpp:109:20:109:22 | *msg | semmle.label | *msg |
| tests.cpp:111:15:111:17 | *tmp | semmle.label | *tmp |
| tests.cpp:114:30:114:32 | *msg | semmle.label | *msg |
| tests.cpp:119:7:119:12 | *buffer | semmle.label | *buffer |
@@ -39,7 +47,9 @@ nodes
| tests.cpp:133:14:133:35 | *call to getenv | semmle.label | *call to getenv |
| tests.cpp:133:14:133:35 | *call to getenv | semmle.label | *call to getenv |
| tests.cpp:139:17:139:22 | *call to getenv | semmle.label | *call to getenv |
| tests.cpp:139:17:139:22 | *call to getenv | semmle.label | *call to getenv |
| tests.cpp:141:15:141:20 | *secret | semmle.label | *secret |
| tests_passwd.cpp:16:2:16:25 | *... = ... | semmle.label | *... = ... |
| tests_passwd.cpp:16:8:16:15 | *call to getpwnam | semmle.label | *call to getpwnam |
| tests_passwd.cpp:18:29:18:31 | *pwd | semmle.label | *pwd |
| tests_passwd.cpp:19:26:19:28 | *pwd | semmle.label | *pwd |

72
cpp/ql/test/query-tests/Security/CWE/CWE-611/XXE.expected
View File

@@ -1,33 +1,49 @@
edges
| tests2.cpp:20:17:20:31 | call to SAXParser | tests2.cpp:22:2:22:2 | *p | provenance | |
| tests2.cpp:33:17:33:31 | call to SAXParser | tests2.cpp:37:2:37:2 | *p | provenance | |
| tests2.cpp:20:17:20:31 | *new | tests2.cpp:22:2:22:2 | *p | provenance | |
| tests2.cpp:20:17:20:31 | call to SAXParser | tests2.cpp:20:17:20:31 | *new | provenance | |
| tests2.cpp:33:17:33:31 | *new | tests2.cpp:37:2:37:2 | *p | provenance | |
| tests2.cpp:33:17:33:31 | call to SAXParser | tests2.cpp:33:17:33:31 | *new | provenance | |
| tests2.cpp:49:12:49:12 | call to SAXParser | tests2.cpp:51:2:51:2 | *p | provenance | |
| tests3.cpp:23:21:23:53 | *call to createXMLReader | tests3.cpp:23:21:23:53 | *call to createXMLReader | provenance | |
| tests3.cpp:23:21:23:53 | *call to createXMLReader | tests3.cpp:25:2:25:2 | *p | provenance | |
| tests3.cpp:35:16:35:20 | **p_3_3 | tests3.cpp:38:2:38:6 | *p_3_3 | provenance | |
| tests3.cpp:35:24:35:56 | *call to createXMLReader | tests3.cpp:35:16:35:20 | **p_3_3 | provenance | |
| tests3.cpp:35:24:35:56 | *call to createXMLReader | tests3.cpp:35:24:35:56 | *call to createXMLReader | provenance | |
| tests3.cpp:48:16:48:20 | **p_3_5 | tests3.cpp:56:2:56:6 | *p_3_5 | provenance | |
| tests3.cpp:48:24:48:56 | *call to createXMLReader | tests3.cpp:48:16:48:20 | **p_3_5 | provenance | |
| tests3.cpp:48:24:48:56 | *call to createXMLReader | tests3.cpp:48:24:48:56 | *call to createXMLReader | provenance | |
| tests3.cpp:60:21:60:53 | *call to createXMLReader | tests3.cpp:60:21:60:53 | *call to createXMLReader | provenance | |
| tests3.cpp:60:21:60:53 | *call to createXMLReader | tests3.cpp:63:2:63:2 | *p | provenance | |
| tests3.cpp:67:21:67:53 | *call to createXMLReader | tests3.cpp:67:21:67:53 | *call to createXMLReader | provenance | |
| tests3.cpp:67:21:67:53 | *call to createXMLReader | tests3.cpp:70:2:70:2 | *p | provenance | |
| tests5.cpp:27:25:27:38 | *call to createLSParser | tests5.cpp:27:25:27:38 | *call to createLSParser | provenance | |
| tests5.cpp:27:25:27:38 | *call to createLSParser | tests5.cpp:29:2:29:2 | *p | provenance | |
| tests5.cpp:40:25:40:38 | *call to createLSParser | tests5.cpp:40:25:40:38 | *call to createLSParser | provenance | |
| tests5.cpp:40:25:40:38 | *call to createLSParser | tests5.cpp:43:2:43:2 | *p | provenance | |
| tests5.cpp:55:25:55:38 | *call to createLSParser | tests5.cpp:55:25:55:38 | *call to createLSParser | provenance | |
| tests5.cpp:55:25:55:38 | *call to createLSParser | tests5.cpp:59:2:59:2 | *p | provenance | |
| tests5.cpp:63:21:63:24 | **g_p2 | tests5.cpp:77:2:77:5 | *g_p2 | provenance | |
| tests5.cpp:70:17:70:30 | *call to createLSParser | tests5.cpp:63:21:63:24 | **g_p2 | provenance | |
| tests5.cpp:70:2:70:32 | *... = ... | tests5.cpp:63:21:63:24 | **g_p2 | provenance | |
| tests5.cpp:70:17:70:30 | *call to createLSParser | tests5.cpp:70:2:70:32 | *... = ... | provenance | |
| tests5.cpp:81:25:81:38 | *call to createLSParser | tests5.cpp:81:25:81:38 | *call to createLSParser | provenance | |
| tests5.cpp:81:25:81:38 | *call to createLSParser | tests5.cpp:83:2:83:2 | *p | provenance | |
| tests5.cpp:81:25:81:38 | *call to createLSParser | tests5.cpp:83:2:83:2 | *p | provenance | |
| tests5.cpp:83:2:83:2 | *p | tests5.cpp:85:2:85:2 | *p | provenance | |
| tests5.cpp:85:2:85:2 | *p | tests5.cpp:86:2:86:2 | *p | provenance | |
| tests5.cpp:86:2:86:2 | *p | tests5.cpp:88:2:88:2 | *p | provenance | |
| tests5.cpp:88:2:88:2 | *p | tests5.cpp:89:2:89:2 | *p | provenance | |
| tests.cpp:15:23:15:43 | call to XercesDOMParser | tests.cpp:17:2:17:2 | *p | provenance | |
| tests.cpp:28:23:28:43 | call to XercesDOMParser | tests.cpp:31:2:31:2 | *p | provenance | |
| tests.cpp:35:23:35:43 | call to XercesDOMParser | tests.cpp:37:2:37:2 | *p | provenance | |
| tests.cpp:15:23:15:43 | *new | tests.cpp:17:2:17:2 | *p | provenance | |
| tests.cpp:15:23:15:43 | call to XercesDOMParser | tests.cpp:15:23:15:43 | *new | provenance | |
| tests.cpp:28:23:28:43 | *new | tests.cpp:31:2:31:2 | *p | provenance | |
| tests.cpp:28:23:28:43 | call to XercesDOMParser | tests.cpp:28:23:28:43 | *new | provenance | |
| tests.cpp:35:23:35:43 | *new | tests.cpp:37:2:37:2 | *p | provenance | |
| tests.cpp:35:23:35:43 | call to XercesDOMParser | tests.cpp:35:23:35:43 | *new | provenance | |
| tests.cpp:37:2:37:2 | *p | tests.cpp:37:2:37:2 | *p | provenance | |
| tests.cpp:37:2:37:2 | *p | tests.cpp:38:2:38:2 | *p | provenance | |
| tests.cpp:38:2:38:2 | *p | tests.cpp:38:2:38:2 | *p | provenance | |
| tests.cpp:38:2:38:2 | *p | tests.cpp:39:2:39:2 | *p | provenance | |
| tests.cpp:51:23:51:43 | call to XercesDOMParser | tests.cpp:53:2:53:2 | *p | provenance | |
| tests.cpp:51:23:51:43 | *new | tests.cpp:53:2:53:2 | *p | provenance | |
| tests.cpp:51:23:51:43 | call to XercesDOMParser | tests.cpp:51:23:51:43 | *new | provenance | |
| tests.cpp:53:2:53:2 | *p | tests.cpp:53:2:53:2 | *p | provenance | |
| tests.cpp:53:2:53:2 | *p | tests.cpp:55:2:55:2 | *p | provenance | |
| tests.cpp:55:2:55:2 | *p | tests.cpp:55:2:55:2 | *p | provenance | |
@@ -37,37 +53,51 @@ edges
| tests.cpp:57:2:57:2 | *p | tests.cpp:59:2:59:2 | *p | provenance | |
| tests.cpp:59:2:59:2 | *p | tests.cpp:59:2:59:2 | *p | provenance | |
| tests.cpp:59:2:59:2 | *p | tests.cpp:60:2:60:2 | *p | provenance | |
| tests.cpp:66:23:66:43 | call to XercesDOMParser | tests.cpp:69:2:69:2 | *p | provenance | |
| tests.cpp:73:23:73:43 | call to XercesDOMParser | tests.cpp:80:2:80:2 | *p | provenance | |
| tests.cpp:85:24:85:44 | call to XercesDOMParser | tests.cpp:88:3:88:3 | *q | provenance | |
| tests.cpp:100:24:100:44 | call to XercesDOMParser | tests.cpp:104:3:104:3 | *q | provenance | |
| tests.cpp:66:23:66:43 | *new | tests.cpp:69:2:69:2 | *p | provenance | |
| tests.cpp:66:23:66:43 | call to XercesDOMParser | tests.cpp:66:23:66:43 | *new | provenance | |
| tests.cpp:73:23:73:43 | *new | tests.cpp:80:2:80:2 | *p | provenance | |
| tests.cpp:73:23:73:43 | call to XercesDOMParser | tests.cpp:73:23:73:43 | *new | provenance | |
| tests.cpp:85:24:85:44 | *new | tests.cpp:86:24:86:25 | *(reference to) | provenance | |
| tests.cpp:85:24:85:44 | call to XercesDOMParser | tests.cpp:85:24:85:44 | *new | provenance | |
| tests.cpp:86:24:86:25 | *(reference to) | tests.cpp:88:3:88:3 | *q | provenance | |
| tests.cpp:100:24:100:44 | *new | tests.cpp:101:24:101:25 | *(reference to) | provenance | |
| tests.cpp:100:24:100:44 | call to XercesDOMParser | tests.cpp:100:24:100:44 | *new | provenance | |
| tests.cpp:101:24:101:25 | *(reference to) | tests.cpp:104:3:104:3 | *q | provenance | |
| tests.cpp:112:39:112:39 | *p | tests.cpp:112:39:112:39 | *p | provenance | |
| tests.cpp:112:39:112:39 | *p | tests.cpp:113:2:113:2 | *p | provenance | |
| tests.cpp:116:39:116:39 | *p | tests.cpp:117:2:117:2 | *p | provenance | |
| tests.cpp:122:23:122:43 | call to XercesDOMParser | tests.cpp:126:18:126:18 | *q | provenance | |
| tests.cpp:122:23:122:43 | call to XercesDOMParser | tests.cpp:128:18:128:18 | *q | provenance | |
| tests.cpp:122:23:122:43 | *new | tests.cpp:126:18:126:18 | *q | provenance | |
| tests.cpp:122:23:122:43 | *new | tests.cpp:128:18:128:18 | *q | provenance | |
| tests.cpp:122:23:122:43 | call to XercesDOMParser | tests.cpp:122:23:122:43 | *new | provenance | |
| tests.cpp:126:18:126:18 | *q | tests.cpp:112:39:112:39 | *p | provenance | |
| tests.cpp:126:18:126:18 | *q | tests.cpp:126:18:126:18 | test10_doParseB output argument | provenance | |
| tests.cpp:126:18:126:18 | test10_doParseB output argument | tests.cpp:128:18:128:18 | *q | provenance | |
| tests.cpp:128:18:128:18 | *q | tests.cpp:116:39:116:39 | *p | provenance | |
nodes
| tests2.cpp:20:17:20:31 | *new | semmle.label | *new |
| tests2.cpp:20:17:20:31 | call to SAXParser | semmle.label | call to SAXParser |
| tests2.cpp:22:2:22:2 | *p | semmle.label | *p |
| tests2.cpp:33:17:33:31 | *new | semmle.label | *new |
| tests2.cpp:33:17:33:31 | call to SAXParser | semmle.label | call to SAXParser |
| tests2.cpp:37:2:37:2 | *p | semmle.label | *p |
| tests2.cpp:49:12:49:12 | call to SAXParser | semmle.label | call to SAXParser |
| tests2.cpp:51:2:51:2 | *p | semmle.label | *p |
| tests3.cpp:23:21:23:53 | *call to createXMLReader | semmle.label | *call to createXMLReader |
| tests3.cpp:23:21:23:53 | *call to createXMLReader | semmle.label | *call to createXMLReader |
| tests3.cpp:25:2:25:2 | *p | semmle.label | *p |
| tests3.cpp:35:16:35:20 | **p_3_3 | semmle.label | **p_3_3 |
| tests3.cpp:35:24:35:56 | *call to createXMLReader | semmle.label | *call to createXMLReader |
| tests3.cpp:35:24:35:56 | *call to createXMLReader | semmle.label | *call to createXMLReader |
| tests3.cpp:38:2:38:6 | *p_3_3 | semmle.label | *p_3_3 |
| tests3.cpp:48:16:48:20 | **p_3_5 | semmle.label | **p_3_5 |
| tests3.cpp:48:24:48:56 | *call to createXMLReader | semmle.label | *call to createXMLReader |
| tests3.cpp:48:24:48:56 | *call to createXMLReader | semmle.label | *call to createXMLReader |
| tests3.cpp:56:2:56:6 | *p_3_5 | semmle.label | *p_3_5 |
| tests3.cpp:60:21:60:53 | *call to createXMLReader | semmle.label | *call to createXMLReader |
| tests3.cpp:60:21:60:53 | *call to createXMLReader | semmle.label | *call to createXMLReader |
| tests3.cpp:63:2:63:2 | *p | semmle.label | *p |
| tests3.cpp:67:21:67:53 | *call to createXMLReader | semmle.label | *call to createXMLReader |
| tests3.cpp:67:21:67:53 | *call to createXMLReader | semmle.label | *call to createXMLReader |
| tests3.cpp:70:2:70:2 | *p | semmle.label | *p |
| tests4.cpp:26:34:26:48 | XML_PARSE_NOENT | semmle.label | XML_PARSE_NOENT |
| tests4.cpp:36:34:36:50 | XML_PARSE_DTDLOAD | semmle.label | XML_PARSE_DTDLOAD |
@@ -75,31 +105,40 @@ nodes
| tests4.cpp:77:34:77:38 | flags | semmle.label | flags |
| tests4.cpp:130:39:130:55 | XML_PARSE_DTDLOAD | semmle.label | XML_PARSE_DTDLOAD |
| tests5.cpp:27:25:27:38 | *call to createLSParser | semmle.label | *call to createLSParser |
| tests5.cpp:27:25:27:38 | *call to createLSParser | semmle.label | *call to createLSParser |
| tests5.cpp:29:2:29:2 | *p | semmle.label | *p |
| tests5.cpp:40:25:40:38 | *call to createLSParser | semmle.label | *call to createLSParser |
| tests5.cpp:40:25:40:38 | *call to createLSParser | semmle.label | *call to createLSParser |
| tests5.cpp:43:2:43:2 | *p | semmle.label | *p |
| tests5.cpp:55:25:55:38 | *call to createLSParser | semmle.label | *call to createLSParser |
| tests5.cpp:55:25:55:38 | *call to createLSParser | semmle.label | *call to createLSParser |
| tests5.cpp:59:2:59:2 | *p | semmle.label | *p |
| tests5.cpp:63:21:63:24 | **g_p2 | semmle.label | **g_p2 |
| tests5.cpp:70:2:70:32 | *... = ... | semmle.label | *... = ... |
| tests5.cpp:70:17:70:30 | *call to createLSParser | semmle.label | *call to createLSParser |
| tests5.cpp:77:2:77:5 | *g_p2 | semmle.label | *g_p2 |
| tests5.cpp:81:25:81:38 | *call to createLSParser | semmle.label | *call to createLSParser |
| tests5.cpp:81:25:81:38 | *call to createLSParser | semmle.label | *call to createLSParser |
| tests5.cpp:83:2:83:2 | *p | semmle.label | *p |
| tests5.cpp:83:2:83:2 | *p | semmle.label | *p |
| tests5.cpp:85:2:85:2 | *p | semmle.label | *p |
| tests5.cpp:86:2:86:2 | *p | semmle.label | *p |
| tests5.cpp:88:2:88:2 | *p | semmle.label | *p |
| tests5.cpp:89:2:89:2 | *p | semmle.label | *p |
| tests.cpp:15:23:15:43 | *new | semmle.label | *new |
| tests.cpp:15:23:15:43 | call to XercesDOMParser | semmle.label | call to XercesDOMParser |
| tests.cpp:17:2:17:2 | *p | semmle.label | *p |
| tests.cpp:28:23:28:43 | *new | semmle.label | *new |
| tests.cpp:28:23:28:43 | call to XercesDOMParser | semmle.label | call to XercesDOMParser |
| tests.cpp:31:2:31:2 | *p | semmle.label | *p |
| tests.cpp:35:23:35:43 | *new | semmle.label | *new |
| tests.cpp:35:23:35:43 | call to XercesDOMParser | semmle.label | call to XercesDOMParser |
| tests.cpp:37:2:37:2 | *p | semmle.label | *p |
| tests.cpp:37:2:37:2 | *p | semmle.label | *p |
| tests.cpp:38:2:38:2 | *p | semmle.label | *p |
| tests.cpp:38:2:38:2 | *p | semmle.label | *p |
| tests.cpp:39:2:39:2 | *p | semmle.label | *p |
| tests.cpp:51:23:51:43 | *new | semmle.label | *new |
| tests.cpp:51:23:51:43 | call to XercesDOMParser | semmle.label | call to XercesDOMParser |
| tests.cpp:53:2:53:2 | *p | semmle.label | *p |
| tests.cpp:53:2:53:2 | *p | semmle.label | *p |
@@ -111,19 +150,26 @@ nodes
| tests.cpp:59:2:59:2 | *p | semmle.label | *p |
| tests.cpp:59:2:59:2 | *p | semmle.label | *p |
| tests.cpp:60:2:60:2 | *p | semmle.label | *p |
| tests.cpp:66:23:66:43 | *new | semmle.label | *new |
| tests.cpp:66:23:66:43 | call to XercesDOMParser | semmle.label | call to XercesDOMParser |
| tests.cpp:69:2:69:2 | *p | semmle.label | *p |
| tests.cpp:73:23:73:43 | *new | semmle.label | *new |
| tests.cpp:73:23:73:43 | call to XercesDOMParser | semmle.label | call to XercesDOMParser |
| tests.cpp:80:2:80:2 | *p | semmle.label | *p |
| tests.cpp:85:24:85:44 | *new | semmle.label | *new |
| tests.cpp:85:24:85:44 | call to XercesDOMParser | semmle.label | call to XercesDOMParser |
| tests.cpp:86:24:86:25 | *(reference to) | semmle.label | *(reference to) |
| tests.cpp:88:3:88:3 | *q | semmle.label | *q |
| tests.cpp:100:24:100:44 | *new | semmle.label | *new |
| tests.cpp:100:24:100:44 | call to XercesDOMParser | semmle.label | call to XercesDOMParser |
| tests.cpp:101:24:101:25 | *(reference to) | semmle.label | *(reference to) |
| tests.cpp:104:3:104:3 | *q | semmle.label | *q |
| tests.cpp:112:39:112:39 | *p | semmle.label | *p |
| tests.cpp:112:39:112:39 | *p | semmle.label | *p |
| tests.cpp:113:2:113:2 | *p | semmle.label | *p |
| tests.cpp:116:39:116:39 | *p | semmle.label | *p |
| tests.cpp:117:2:117:2 | *p | semmle.label | *p |
| tests.cpp:122:23:122:43 | *new | semmle.label | *new |
| tests.cpp:122:23:122:43 | call to XercesDOMParser | semmle.label | call to XercesDOMParser |
| tests.cpp:126:18:126:18 | *q | semmle.label | *q |
| tests.cpp:126:18:126:18 | test10_doParseB output argument | semmle.label | test10_doParseB output argument |

4
cpp/ql/test/query-tests/Security/CWE/CWE-807/semmle/TaintedCondition/TaintedCondition.expected
View File

@@ -1,6 +1,8 @@
edges
| test.cpp:20:29:20:47 | *call to getenv | test.cpp:24:10:24:35 | ! ... | provenance | TaintFunction |
| test.cpp:20:29:20:47 | *(const char *)... | test.cpp:24:10:24:35 | ! ... | provenance | TaintFunction |
| test.cpp:20:29:20:47 | *call to getenv | test.cpp:20:29:20:47 | *(const char *)... | provenance | |
nodes
| test.cpp:20:29:20:47 | *(const char *)... | semmle.label | *(const char *)... |
| test.cpp:20:29:20:47 | *call to getenv | semmle.label | *call to getenv |
| test.cpp:24:10:24:35 | ! ... | semmle.label | ! ... |
subpaths

74
cpp/ql/test/query-tests/Security/CWE/CWE-843/TypeConfusion.expected
View File

@@ -1,64 +1,106 @@
edges
| test.cpp:17:13:17:18 | new | test.cpp:18:21:18:47 | p | provenance | |
| test.cpp:22:13:22:26 | new | test.cpp:23:12:23:30 | p | provenance | |
| test.cpp:27:13:27:18 | new | test.cpp:28:25:28:55 | p | provenance | |
| test.cpp:32:13:32:30 | new | test.cpp:33:12:33:30 | p | provenance | |
| test.cpp:17:13:17:18 | (void *)... | test.cpp:18:21:18:47 | p | provenance | |
| test.cpp:17:13:17:18 | new | test.cpp:17:13:17:18 | (void *)... | provenance | |
| test.cpp:22:13:22:26 | (void *)... | test.cpp:23:12:23:30 | p | provenance | |
| test.cpp:22:13:22:26 | new | test.cpp:22:13:22:26 | (void *)... | provenance | |
| test.cpp:27:13:27:18 | (void *)... | test.cpp:28:25:28:55 | p | provenance | |
| test.cpp:27:13:27:18 | new | test.cpp:27:13:27:18 | (void *)... | provenance | |
| test.cpp:32:13:32:30 | (void *)... | test.cpp:33:12:33:30 | p | provenance | |
| test.cpp:32:13:32:30 | new | test.cpp:32:13:32:30 | (void *)... | provenance | |
| test.cpp:47:21:47:36 | new | test.cpp:47:21:47:36 | new | provenance | |
| test.cpp:47:21:47:36 | new | test.cpp:48:22:48:55 | p | provenance | |
| test.cpp:66:15:66:21 | new | test.cpp:67:12:67:31 | a | provenance | |
| test.cpp:76:15:76:21 | new | test.cpp:77:12:77:31 | a | provenance | |
| test.cpp:83:9:83:15 | new | test.cpp:88:14:88:33 | a | provenance | |
| test.cpp:85:9:85:15 | new | test.cpp:88:14:88:33 | a | provenance | |
| test.cpp:66:15:66:21 | (Animal *)... | test.cpp:67:12:67:31 | a | provenance | |
| test.cpp:66:15:66:21 | new | test.cpp:66:15:66:21 | (Animal *)... | provenance | |
| test.cpp:76:15:76:21 | (Animal *)... | test.cpp:77:12:77:31 | a | provenance | |
| test.cpp:76:15:76:21 | new | test.cpp:76:15:76:21 | (Animal *)... | provenance | |
| test.cpp:83:5:83:15 | ... = ... | test.cpp:88:14:88:33 | a | provenance | |
| test.cpp:83:9:83:15 | new | test.cpp:83:5:83:15 | ... = ... | provenance | |
| test.cpp:85:5:85:15 | ... = ... | test.cpp:88:14:88:33 | a | provenance | |
| test.cpp:85:9:85:15 | new | test.cpp:85:5:85:15 | ... = ... | provenance | |
| test.cpp:115:12:115:17 | new | test.cpp:115:12:115:17 | new | provenance | |
| test.cpp:115:12:115:17 | new | test.cpp:116:20:116:51 | s2 | provenance | |
| test.cpp:127:12:127:17 | new | test.cpp:127:12:127:17 | new | provenance | |
| test.cpp:127:12:127:17 | new | test.cpp:128:24:128:59 | s2 | provenance | |
| test.cpp:140:12:140:17 | new | test.cpp:140:12:140:17 | new | provenance | |
| test.cpp:140:12:140:17 | new | test.cpp:141:23:141:57 | s1 | provenance | |
| test.cpp:143:14:143:19 | new | test.cpp:143:14:143:19 | new | provenance | |
| test.cpp:143:14:143:19 | new | test.cpp:145:28:145:68 | s1_2 | provenance | |
| test.cpp:153:9:153:15 | new | test.cpp:159:14:159:33 | a | provenance | |
| test.cpp:166:9:166:15 | new | test.cpp:171:14:171:33 | a | provenance | |
| test.cpp:168:9:168:15 | new | test.cpp:171:14:171:33 | a | provenance | |
| test.cpp:179:15:179:24 | new | test.cpp:181:15:181:25 | u64 | provenance | |
| test.cpp:187:15:187:24 | new | test.cpp:189:25:189:45 | u64 | provenance | |
| test.cpp:207:14:207:26 | new | test.cpp:209:17:209:28 | si | provenance | |
| test.cpp:217:13:217:18 | new | test.cpp:218:30:218:65 | p | provenance | |
| test.cpp:226:13:226:18 | new | test.cpp:227:29:227:63 | p | provenance | |
| test.cpp:153:5:153:15 | ... = ... | test.cpp:159:14:159:33 | a | provenance | |
| test.cpp:153:9:153:15 | new | test.cpp:153:5:153:15 | ... = ... | provenance | |
| test.cpp:166:5:166:15 | ... = ... | test.cpp:171:14:171:33 | a | provenance | |
| test.cpp:166:9:166:15 | new | test.cpp:166:5:166:15 | ... = ... | provenance | |
| test.cpp:168:5:168:15 | ... = ... | test.cpp:171:14:171:33 | a | provenance | |
| test.cpp:168:9:168:15 | new | test.cpp:168:5:168:15 | ... = ... | provenance | |
| test.cpp:179:15:179:24 | (void *)... | test.cpp:181:15:181:25 | u64 | provenance | |
| test.cpp:179:15:179:24 | new | test.cpp:179:15:179:24 | (void *)... | provenance | |
| test.cpp:187:15:187:24 | (void *)... | test.cpp:189:25:189:45 | u64 | provenance | |
| test.cpp:187:15:187:24 | new | test.cpp:187:15:187:24 | (void *)... | provenance | |
| test.cpp:207:14:207:26 | (void *)... | test.cpp:209:17:209:28 | si | provenance | |
| test.cpp:207:14:207:26 | new | test.cpp:207:14:207:26 | (void *)... | provenance | |
| test.cpp:217:13:217:18 | (void *)... | test.cpp:218:30:218:65 | p | provenance | |
| test.cpp:217:13:217:18 | new | test.cpp:217:13:217:18 | (void *)... | provenance | |
| test.cpp:226:13:226:18 | (void *)... | test.cpp:227:29:227:63 | p | provenance | |
| test.cpp:226:13:226:18 | new | test.cpp:226:13:226:18 | (void *)... | provenance | |
nodes
| test.cpp:17:13:17:18 | (void *)... | semmle.label | (void *)... |
| test.cpp:17:13:17:18 | new | semmle.label | new |
| test.cpp:18:21:18:47 | p | semmle.label | p |
| test.cpp:22:13:22:26 | (void *)... | semmle.label | (void *)... |
| test.cpp:22:13:22:26 | new | semmle.label | new |
| test.cpp:23:12:23:30 | p | semmle.label | p |
| test.cpp:27:13:27:18 | (void *)... | semmle.label | (void *)... |
| test.cpp:27:13:27:18 | new | semmle.label | new |
| test.cpp:28:25:28:55 | p | semmle.label | p |
| test.cpp:32:13:32:30 | (void *)... | semmle.label | (void *)... |
| test.cpp:32:13:32:30 | new | semmle.label | new |
| test.cpp:33:12:33:30 | p | semmle.label | p |
| test.cpp:47:21:47:36 | new | semmle.label | new |
| test.cpp:47:21:47:36 | new | semmle.label | new |
| test.cpp:48:22:48:55 | p | semmle.label | p |
| test.cpp:66:15:66:21 | (Animal *)... | semmle.label | (Animal *)... |
| test.cpp:66:15:66:21 | new | semmle.label | new |
| test.cpp:67:12:67:31 | a | semmle.label | a |
| test.cpp:76:15:76:21 | (Animal *)... | semmle.label | (Animal *)... |
| test.cpp:76:15:76:21 | new | semmle.label | new |
| test.cpp:77:12:77:31 | a | semmle.label | a |
| test.cpp:83:5:83:15 | ... = ... | semmle.label | ... = ... |
| test.cpp:83:9:83:15 | new | semmle.label | new |
| test.cpp:85:5:85:15 | ... = ... | semmle.label | ... = ... |
| test.cpp:85:9:85:15 | new | semmle.label | new |
| test.cpp:88:14:88:33 | a | semmle.label | a |
| test.cpp:115:12:115:17 | new | semmle.label | new |
| test.cpp:115:12:115:17 | new | semmle.label | new |
| test.cpp:116:20:116:51 | s2 | semmle.label | s2 |
| test.cpp:127:12:127:17 | new | semmle.label | new |
| test.cpp:127:12:127:17 | new | semmle.label | new |
| test.cpp:128:24:128:59 | s2 | semmle.label | s2 |
| test.cpp:140:12:140:17 | new | semmle.label | new |
| test.cpp:140:12:140:17 | new | semmle.label | new |
| test.cpp:141:23:141:57 | s1 | semmle.label | s1 |
| test.cpp:143:14:143:19 | new | semmle.label | new |
| test.cpp:143:14:143:19 | new | semmle.label | new |
| test.cpp:145:28:145:68 | s1_2 | semmle.label | s1_2 |
| test.cpp:153:5:153:15 | ... = ... | semmle.label | ... = ... |
| test.cpp:153:9:153:15 | new | semmle.label | new |
| test.cpp:159:14:159:33 | a | semmle.label | a |
| test.cpp:166:5:166:15 | ... = ... | semmle.label | ... = ... |
| test.cpp:166:9:166:15 | new | semmle.label | new |
| test.cpp:168:5:168:15 | ... = ... | semmle.label | ... = ... |
| test.cpp:168:9:168:15 | new | semmle.label | new |
| test.cpp:171:14:171:33 | a | semmle.label | a |
| test.cpp:179:15:179:24 | (void *)... | semmle.label | (void *)... |
| test.cpp:179:15:179:24 | new | semmle.label | new |
| test.cpp:181:15:181:25 | u64 | semmle.label | u64 |
| test.cpp:187:15:187:24 | (void *)... | semmle.label | (void *)... |
| test.cpp:187:15:187:24 | new | semmle.label | new |
| test.cpp:189:25:189:45 | u64 | semmle.label | u64 |
| test.cpp:207:14:207:26 | (void *)... | semmle.label | (void *)... |
| test.cpp:207:14:207:26 | new | semmle.label | new |
| test.cpp:209:17:209:28 | si | semmle.label | si |
| test.cpp:217:13:217:18 | (void *)... | semmle.label | (void *)... |
| test.cpp:217:13:217:18 | new | semmle.label | new |
| test.cpp:218:30:218:65 | p | semmle.label | p |
| test.cpp:226:13:226:18 | (void *)... | semmle.label | (void *)... |
| test.cpp:226:13:226:18 | new | semmle.label | new |
| test.cpp:227:29:227:63 | p | semmle.label | p |
subpaths

18
csharp/documentation/library-coverage/coverage.csv
View File

@@ -5,27 +5,27 @@ Dapper,55,42,1,,,,,,,,,,55,,42,,,,,,,,1
ILCompiler,,,81,,,,,,,,,,,,,,,,,,,81,
ILLink.RoslynAnalyzer,,,63,,,,,,,,,,,,,,,,,,,63,
ILLink.Shared,,,32,,,,,,,,,,,,,,,,,,,29,3
ILLink.Tasks,,,5,,,,,,,,,,,,,,,,,,,5,
ILLink.Tasks,,,3,,,,,,,,,,,,,,,,,,,3,
Internal.IL,,,69,,,,,,,,,,,,,,,,,,,67,2
Internal.Pgo,,,9,,,,,,,,,,,,,,,,,,,8,1
Internal.TypeSystem,,,367,,,,,,,,,,,,,,,,,,,331,36
JsonToItemsTaskFactory,,,7,,,,,,,,,,,,,,,,,,,7,
JsonToItemsTaskFactory,,,5,,,,,,,,,,,,,,,,,,,5,
Microsoft.Android.Build,,,14,,,,,,,,,,,,,,,,,,,14,
Microsoft.Apple.Build,,,7,,,,,,,,,,,,,,,,,,,7,
Microsoft.Apple.Build,,,5,,,,,,,,,,,,,,,,,,,5,
Microsoft.ApplicationBlocks.Data,28,,,,,,,,,,,,28,,,,,,,,,,
Microsoft.CSharp,,,24,,,,,,,,,,,,,,,,,,,24,
Microsoft.Diagnostics.Tools.Pgo,,,13,,,,,,,,,,,,,,,,,,,13,
Microsoft.EntityFrameworkCore,6,,12,,,,,,,,,,6,,,,,,,,,,12
Microsoft.Extensions.Caching.Distributed,,,15,,,,,,,,,,,,,,,,,,,15,
Microsoft.Extensions.Caching.Memory,,,38,,,,,,,,,,,,,,,,,,,37,1
Microsoft.Extensions.Configuration,,2,89,,,,,,,,,,,,,2,,,,,,86,3
Microsoft.Extensions.Caching.Distributed,,,9,,,,,,,,,,,,,,,,,,,9,
Microsoft.Extensions.Caching.Memory,,,30,,,,,,,,,,,,,,,,,,,29,1
Microsoft.Extensions.Configuration,,2,83,,,,,,,,,,,,,2,,,,,,81,2
Microsoft.Extensions.DependencyInjection,,,120,,,,,,,,,,,,,,,,,,,120,
Microsoft.Extensions.DependencyModel,,,12,,,,,,,,,,,,,,,,,,,12,
Microsoft.Extensions.Diagnostics.Metrics,,,13,,,,,,,,,,,,,,,,,,,13,
Microsoft.Extensions.FileProviders,,,15,,,,,,,,,,,,,,,,,,,15,
Microsoft.Extensions.FileSystemGlobbing,,,16,,,,,,,,,,,,,,,,,,,14,2
Microsoft.Extensions.Hosting,,,23,,,,,,,,,,,,,,,,,,,22,1
Microsoft.Extensions.Http,,,10,,,,,,,,,,,,,,,,,,,10,
Microsoft.Extensions.Http,,,8,,,,,,,,,,,,,,,,,,,8,
Microsoft.Extensions.Logging,,,60,,,,,,,,,,,,,,,,,,,59,1
Microsoft.Extensions.Options,,,8,,,,,,,,,,,,,,,,,,,8,
Microsoft.Extensions.Primitives,,,64,,,,,,,,,,,,,,,,,,,64,
@@ -35,10 +35,10 @@ Microsoft.NET.WebAssembly.Webcil,,,7,,,,,,,,,,,,,,,,,,,7,
Microsoft.VisualBasic,,,10,,,,,,,,,,,,,,,,,,,5,5
Microsoft.WebAssembly.Build.Tasks,,,3,,,,,,,,,,,,,,,,,,,3,
Microsoft.Win32,,4,4,,,,,,,,,,,,,,,,,,4,4,
Mono.Linker,,,163,,,,,,,,,,,,,,,,,,,163,
Mono.Linker,,,161,,,,,,,,,,,,,,,,,,,161,
MySql.Data.MySqlClient,48,,,,,,,,,,,,48,,,,,,,,,,
Newtonsoft.Json,,,91,,,,,,,,,,,,,,,,,,,73,18
ServiceStack,194,,7,27,,,,,75,,,,92,,,,,,,,,7,
SourceGenerators,,,4,,,,,,,,,,,,,,,,,,,4,
System,67,44,11872,,8,8,9,,,4,5,,33,2,,3,15,17,3,4,,9906,1966
System,59,44,10429,,8,8,1,,,4,5,,33,2,,3,15,17,3,4,,8460,1969
Windows.Security.Cryptography.Core,1,,,,,,,1,,,,,,,,,,,,,,,
1 package sink source summary sink:code-injection sink:encryption-decryptor sink:encryption-encryptor sink:encryption-keyprop sink:encryption-symmetrickey sink:file-content-store sink:html-injection sink:js-injection sink:log-injection sink:sql-injection source:commandargs source:database source:environment source:file source:file-write source:local source:remote source:windows-registry summary:taint summary:value
5 ILCompiler 81 81
6 ILLink.RoslynAnalyzer 63 63
7 ILLink.Shared 32 29 3
8 ILLink.Tasks 5 3 5 3
9 Internal.IL 69 67 2
10 Internal.Pgo 9 8 1
11 Internal.TypeSystem 367 331 36
12 JsonToItemsTaskFactory 7 5 7 5
13 Microsoft.Android.Build 14 14
14 Microsoft.Apple.Build 7 5 7 5
15 Microsoft.ApplicationBlocks.Data 28 28
16 Microsoft.CSharp 24 24
17 Microsoft.Diagnostics.Tools.Pgo 13 13
18 Microsoft.EntityFrameworkCore 6 12 6 12
19 Microsoft.Extensions.Caching.Distributed 15 9 15 9
20 Microsoft.Extensions.Caching.Memory 38 30 37 29 1
21 Microsoft.Extensions.Configuration 2 89 83 2 86 81 3 2
22 Microsoft.Extensions.DependencyInjection 120 120
23 Microsoft.Extensions.DependencyModel 12 12
24 Microsoft.Extensions.Diagnostics.Metrics 13 13
25 Microsoft.Extensions.FileProviders 15 15
26 Microsoft.Extensions.FileSystemGlobbing 16 14 2
27 Microsoft.Extensions.Hosting 23 22 1
28 Microsoft.Extensions.Http 10 8 10 8
29 Microsoft.Extensions.Logging 60 59 1
30 Microsoft.Extensions.Options 8 8
31 Microsoft.Extensions.Primitives 64 64
35 Microsoft.VisualBasic 10 5 5
36 Microsoft.WebAssembly.Build.Tasks 3 3
37 Microsoft.Win32 4 4 4 4
38 Mono.Linker 163 161 163 161
39 MySql.Data.MySqlClient 48 48
40 Newtonsoft.Json 91 73 18
41 ServiceStack 194 7 27 75 92 7
42 SourceGenerators 4 4
43 System 67 59 44 11872 10429 8 8 9 1 4 5 33 2 3 15 17 3 4 9906 8460 1966 1969
44 Windows.Security.Cryptography.Core 1 1

6
csharp/documentation/library-coverage/coverage.rst
View File

@@ -8,7 +8,7 @@ C# framework & library support
Framework / library,Package,Flow sources,Taint & value steps,Sinks (total),`CWE-079` :sub:`Cross-site scripting`
`ServiceStack <https://servicestack.net/>`_,"``ServiceStack.*``, ``ServiceStack``",,7,194,
System,"``System.*``, ``System``",44,11872,67,9
Others,"``Amazon.Lambda.APIGatewayEvents``, ``Amazon.Lambda.Core``, ``Dapper``, ``ILCompiler``, ``ILLink.RoslynAnalyzer``, ``ILLink.Shared``, ``ILLink.Tasks``, ``Internal.IL``, ``Internal.Pgo``, ``Internal.TypeSystem``, ``JsonToItemsTaskFactory``, ``Microsoft.Android.Build``, ``Microsoft.Apple.Build``, ``Microsoft.ApplicationBlocks.Data``, ``Microsoft.CSharp``, ``Microsoft.Diagnostics.Tools.Pgo``, ``Microsoft.EntityFrameworkCore``, ``Microsoft.Extensions.Caching.Distributed``, ``Microsoft.Extensions.Caching.Memory``, ``Microsoft.Extensions.Configuration``, ``Microsoft.Extensions.DependencyInjection``, ``Microsoft.Extensions.DependencyModel``, ``Microsoft.Extensions.Diagnostics.Metrics``, ``Microsoft.Extensions.FileProviders``, ``Microsoft.Extensions.FileSystemGlobbing``, ``Microsoft.Extensions.Hosting``, ``Microsoft.Extensions.Http``, ``Microsoft.Extensions.Logging``, ``Microsoft.Extensions.Options``, ``Microsoft.Extensions.Primitives``, ``Microsoft.Interop``, ``Microsoft.NET.Build.Tasks``, ``Microsoft.NET.WebAssembly.Webcil``, ``Microsoft.VisualBasic``, ``Microsoft.WebAssembly.Build.Tasks``, ``Microsoft.Win32``, ``Mono.Linker``, ``MySql.Data.MySqlClient``, ``Newtonsoft.Json``, ``SourceGenerators``, ``Windows.Security.Cryptography.Core``",54,1548,148,
Totals,,98,13427,409,9
System,"``System.*``, ``System``",44,10429,59,9
Others,"``Amazon.Lambda.APIGatewayEvents``, ``Amazon.Lambda.Core``, ``Dapper``, ``ILCompiler``, ``ILLink.RoslynAnalyzer``, ``ILLink.Shared``, ``ILLink.Tasks``, ``Internal.IL``, ``Internal.Pgo``, ``Internal.TypeSystem``, ``JsonToItemsTaskFactory``, ``Microsoft.Android.Build``, ``Microsoft.Apple.Build``, ``Microsoft.ApplicationBlocks.Data``, ``Microsoft.CSharp``, ``Microsoft.Diagnostics.Tools.Pgo``, ``Microsoft.EntityFrameworkCore``, ``Microsoft.Extensions.Caching.Distributed``, ``Microsoft.Extensions.Caching.Memory``, ``Microsoft.Extensions.Configuration``, ``Microsoft.Extensions.DependencyInjection``, ``Microsoft.Extensions.DependencyModel``, ``Microsoft.Extensions.Diagnostics.Metrics``, ``Microsoft.Extensions.FileProviders``, ``Microsoft.Extensions.FileSystemGlobbing``, ``Microsoft.Extensions.Hosting``, ``Microsoft.Extensions.Http``, ``Microsoft.Extensions.Logging``, ``Microsoft.Extensions.Options``, ``Microsoft.Extensions.Primitives``, ``Microsoft.Interop``, ``Microsoft.NET.Build.Tasks``, ``Microsoft.NET.WebAssembly.Webcil``, ``Microsoft.VisualBasic``, ``Microsoft.WebAssembly.Build.Tasks``, ``Microsoft.Win32``, ``Mono.Linker``, ``MySql.Data.MySqlClient``, ``Newtonsoft.Json``, ``SourceGenerators``, ``Windows.Security.Cryptography.Core``",54,1518,148,
Totals,,98,11954,401,9

7
csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs
View File

@@ -564,9 +564,12 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
public void Dispose()
{
tempWorkingDirectory?.Dispose();
diagnosticsWriter?.Dispose();
nugetPackageRestorer?.Dispose();
if (cleanupTempWorkingDirectory)
{
tempWorkingDirectory?.Dispose();
}
diagnosticsWriter?.Dispose();
}
}
}

4
csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 1.7.14
No user-facing changes.
## 1.7.13
No user-facing changes.

3
csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.14.md Normal file
View File

@@ -0,0 +1,3 @@
## 1.7.14
No user-facing changes.

2
csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.7.13
lastReleaseVersion: 1.7.14

2
csharp/ql/campaigns/Solorigate/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/csharp-solorigate-all
version: 1.7.14-dev
version: 1.7.15-dev
groups:
- csharp
- solorigate

4
csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 1.7.14
No user-facing changes.
## 1.7.13
No user-facing changes.

3
csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.14.md Normal file
View File

@@ -0,0 +1,3 @@
## 1.7.14
No user-facing changes.

2
csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.7.13
lastReleaseVersion: 1.7.14

2
csharp/ql/campaigns/Solorigate/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/csharp-solorigate-queries
version: 1.7.14-dev
version: 1.7.15-dev
groups:
- csharp
- solorigate

6
csharp/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,9 @@
## 0.9.1
### Minor Analysis Improvements
* Extracting suppress nullable warning expressions did not work when applied directly to a method call (like `System.Console.Readline()!`). This has been fixed.
## 0.9.0
### Breaking Changes

7
csharp/ql/lib/change-notes/2024-04-12-suppress-nullable-warning.md → csharp/ql/lib/change-notes/released/0.9.1.md
View File

@@ -1,4 +1,5 @@
---
category: minorAnalysis
---
## 0.9.1
### Minor Analysis Improvements
* Extracting suppress nullable warning expressions did not work when applied directly to a method call (like `System.Console.Readline()!`). This has been fixed.

2
csharp/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.9.0
lastReleaseVersion: 0.9.1

2
csharp/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/csharp-all
version: 0.9.1-dev
version: 0.9.2-dev
groups: csharp
dbscheme: semmlecode.csharp.dbscheme
extractor: csharp

4
csharp/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 0.8.14
No user-facing changes.
## 0.8.13
### Major Analysis Improvements

3
csharp/ql/src/change-notes/released/0.8.14.md Normal file
View File

@@ -0,0 +1,3 @@
## 0.8.14
No user-facing changes.

2
csharp/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.8.13
lastReleaseVersion: 0.8.14

2
csharp/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/csharp-queries
version: 0.8.14-dev
version: 0.8.15-dev
groups:
- csharp
- queries

4
go/ql/consistency-queries/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 0.0.13
No user-facing changes.
## 0.0.12
No user-facing changes.

3
go/ql/consistency-queries/change-notes/released/0.0.13.md Normal file
View File

@@ -0,0 +1,3 @@
## 0.0.13
No user-facing changes.

2
go/ql/consistency-queries/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.0.12
lastReleaseVersion: 0.0.13

2
go/ql/consistency-queries/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql-go-consistency-queries
version: 0.0.13-dev
version: 0.0.14-dev
groups:
- go
- queries

7
go/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,10 @@
## 0.7.14
### Minor Analysis Improvements
* Data flow through variables declared in statements of the form `x := y.(type)` at the beginning of type switches has been fixed, which may result in more alerts.
* Added strings.ReplaceAll, http.ParseMultipartForm sanitizers and remove path sanitizer.
## 0.7.13
### Minor Analysis Improvements

4
go/ql/lib/change-notes/2024-03-11-addional-gopath-sanitizers.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Added strings.ReplaceAll, http.ParseMultipartForm sanitizers and remove path sanitizer.

8
go/ql/lib/change-notes/2024-04-06-type-switch-implicitly-declared-variables.md → go/ql/lib/change-notes/released/0.7.14.md
View File

@@ -1,4 +1,6 @@
---
category: minorAnalysis
---
## 0.7.14
### Minor Analysis Improvements
* Data flow through variables declared in statements of the form `x := y.(type)` at the beginning of type switches has been fixed, which may result in more alerts.
* Added strings.ReplaceAll, http.ParseMultipartForm sanitizers and remove path sanitizer.

2
go/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.7.13
lastReleaseVersion: 0.7.14

2
go/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/go-all
version: 0.7.14-dev
version: 0.7.15-dev
groups: go
dbscheme: go.dbscheme
extractor: go

4
go/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 0.7.14
No user-facing changes.
## 0.7.13
### New Queries

3
go/ql/src/change-notes/released/0.7.14.md Normal file
View File

@@ -0,0 +1,3 @@
## 0.7.14
No user-facing changes.

2
go/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.7.13
lastReleaseVersion: 0.7.14

2
go/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/go-queries
version: 0.7.14-dev
version: 0.7.15-dev
groups:
- go
- queries

4
java/ql/automodel/src/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 0.0.21
No user-facing changes.
## 0.0.20
No user-facing changes.

3
java/ql/automodel/src/change-notes/released/0.0.21.md Normal file
View File

@@ -0,0 +1,3 @@
## 0.0.21
No user-facing changes.

2
java/ql/automodel/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.0.20
lastReleaseVersion: 0.0.21

2
java/ql/automodel/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/java-automodel-queries
version: 0.0.21-dev
version: 0.0.22-dev
groups:
- java
- automodel

6
java/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,9 @@
## 0.9.1
### Minor Analysis Improvements
* About 6,700 summary models and 6,800 neutral summary models for the JDK that were generated using data flow have been added. This may lead to new alerts being reported.
## 0.9.0
### Breaking Changes

7
java/ql/lib/change-notes/2024-03-19-many-generated-jdk-models.md → java/ql/lib/change-notes/released/0.9.1.md
View File

@@ -1,4 +1,5 @@
---
category: minorAnalysis
---
## 0.9.1
### Minor Analysis Improvements
* About 6,700 summary models and 6,800 neutral summary models for the JDK that were generated using data flow have been added. This may lead to new alerts being reported.

2
java/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.9.0
lastReleaseVersion: 0.9.1

2
java/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/java-all
version: 0.9.1-dev
version: 0.9.2-dev
groups: java
dbscheme: config/semmlecode.dbscheme
extractor: java

7
java/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,10 @@
## 0.8.14
### Minor Analysis Improvements
* The `java/unknown-javadoc-parameter` now accepts `@param` tags that apply to the parameters of a
record.
## 0.8.13
### New Queries

7
java/ql/src/change-notes/2024-04-02-javadoc-records.md → java/ql/src/change-notes/released/0.8.14.md
View File

@@ -1,5 +1,6 @@
---
category: minorAnalysis
---
## 0.8.14
### Minor Analysis Improvements
* The `java/unknown-javadoc-parameter` now accepts `@param` tags that apply to the parameters of a
record.

Some files were not shown because too many files have changed in this diff Show More