hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #16562 from aschackmull/dataflow/update-qltest-expected

Browse Source 
Dataflow: Fix qltests following https://github.com/github/codeql/pull/16511
This commit is contained in:
Mathias Vorreiter Pedersen
2024-05-22 16:16:04 +01:00
committed by GitHub
parent 1978922d9e 987d5712b8
commit 3f66b635a4
45 changed files with 544 additions and 488 deletions
Download Patch File Download Diff File Expand all files Collapse all files

86
cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/ConstantSizeArrayOffByOne.expected
View File

@@ -1,55 +1,55 @@
edges
| test.cpp:34:10:34:12 | buf | test.cpp:34:5:34:24 | access to array | provenance | |
| test.cpp:35:10:35:12 | buf | test.cpp:35:5:35:22 | access to array | provenance | |
| test.cpp:36:10:36:12 | buf | test.cpp:36:5:36:24 | access to array | provenance | |
| test.cpp:39:14:39:16 | buf | test.cpp:39:9:39:19 | access to array | provenance | |
| test.cpp:43:14:43:16 | buf | test.cpp:43:9:43:19 | access to array | provenance | |
| test.cpp:48:10:48:12 | buf | test.cpp:48:5:48:24 | access to array | provenance | |
| test.cpp:49:10:49:12 | buf | test.cpp:49:5:49:22 | access to array | provenance | |
| test.cpp:50:10:50:12 | buf | test.cpp:50:5:50:24 | access to array | provenance | |
| test.cpp:53:14:53:16 | buf | test.cpp:53:9:53:19 | access to array | provenance | |
| test.cpp:57:14:57:16 | buf | test.cpp:57:9:57:19 | access to array | provenance | |
| test.cpp:61:14:61:16 | buf | test.cpp:61:9:61:19 | access to array | provenance | |
| test.cpp:70:33:70:33 | p | test.cpp:71:5:71:17 | access to array | provenance | |
| test.cpp:70:33:70:33 | p | test.cpp:72:5:72:15 | access to array | provenance | |
| test.cpp:34:10:34:12 | buf | test.cpp:34:5:34:24 | access to array | provenance | Config |
| test.cpp:35:10:35:12 | buf | test.cpp:35:5:35:22 | access to array | provenance | Config |
| test.cpp:36:10:36:12 | buf | test.cpp:36:5:36:24 | access to array | provenance | Config |
| test.cpp:39:14:39:16 | buf | test.cpp:39:9:39:19 | access to array | provenance | Config |
| test.cpp:43:14:43:16 | buf | test.cpp:43:9:43:19 | access to array | provenance | Config |
| test.cpp:48:10:48:12 | buf | test.cpp:48:5:48:24 | access to array | provenance | Config |
| test.cpp:49:10:49:12 | buf | test.cpp:49:5:49:22 | access to array | provenance | Config |
| test.cpp:50:10:50:12 | buf | test.cpp:50:5:50:24 | access to array | provenance | Config |
| test.cpp:53:14:53:16 | buf | test.cpp:53:9:53:19 | access to array | provenance | Config |
| test.cpp:57:14:57:16 | buf | test.cpp:57:9:57:19 | access to array | provenance | Config |
| test.cpp:61:14:61:16 | buf | test.cpp:61:9:61:19 | access to array | provenance | Config |
| test.cpp:70:33:70:33 | p | test.cpp:71:5:71:17 | access to array | provenance | Config |
| test.cpp:70:33:70:33 | p | test.cpp:72:5:72:15 | access to array | provenance | Config |
| test.cpp:76:26:76:46 | & ... | test.cpp:66:32:66:32 | p | provenance | |
| test.cpp:76:32:76:34 | buf | test.cpp:76:26:76:46 | & ... | provenance | |
| test.cpp:76:32:76:34 | buf | test.cpp:76:26:76:46 | & ... | provenance | Config |
| test.cpp:77:26:77:44 | & ... | test.cpp:66:32:66:32 | p | provenance | |
| test.cpp:77:32:77:34 | buf | test.cpp:77:26:77:44 | & ... | provenance | |
| test.cpp:77:32:77:34 | buf | test.cpp:77:26:77:44 | & ... | provenance | Config |
| test.cpp:79:27:79:34 | buf | test.cpp:70:33:70:33 | p | provenance | |
| test.cpp:79:32:79:34 | buf | test.cpp:79:27:79:34 | buf | provenance | |
| test.cpp:85:21:85:36 | buf | test.cpp:87:5:87:31 | access to array | provenance | |
| test.cpp:85:21:85:36 | buf | test.cpp:88:5:88:27 | access to array | provenance | |
| test.cpp:85:21:85:36 | buf | test.cpp:87:5:87:31 | access to array | provenance | Config |
| test.cpp:85:21:85:36 | buf | test.cpp:88:5:88:27 | access to array | provenance | Config |
| test.cpp:85:34:85:36 | buf | test.cpp:85:21:85:36 | buf | provenance | |
| test.cpp:96:13:96:15 | arr | test.cpp:96:13:96:18 | access to array | provenance | |
| test.cpp:111:17:111:19 | arr | test.cpp:111:17:111:22 | access to array | provenance | |
| test.cpp:111:17:111:19 | arr | test.cpp:115:35:115:40 | access to array | provenance | |
| test.cpp:111:17:111:19 | arr | test.cpp:119:17:119:22 | access to array | provenance | |
| test.cpp:115:35:115:37 | arr | test.cpp:111:17:111:22 | access to array | provenance | |
| test.cpp:115:35:115:37 | arr | test.cpp:115:35:115:40 | access to array | provenance | |
| test.cpp:115:35:115:37 | arr | test.cpp:119:17:119:22 | access to array | provenance | |
| test.cpp:119:17:119:19 | arr | test.cpp:111:17:111:22 | access to array | provenance | |
| test.cpp:119:17:119:19 | arr | test.cpp:115:35:115:40 | access to array | provenance | |
| test.cpp:119:17:119:19 | arr | test.cpp:119:17:119:22 | access to array | provenance | |
| test.cpp:128:9:128:11 | arr | test.cpp:128:9:128:14 | access to array | provenance | |
| test.cpp:134:25:134:27 | arr | test.cpp:136:9:136:16 | ... += ... | provenance | |
| test.cpp:96:13:96:15 | arr | test.cpp:96:13:96:18 | access to array | provenance | Config |
| test.cpp:111:17:111:19 | arr | test.cpp:111:17:111:22 | access to array | provenance | Config |
| test.cpp:111:17:111:19 | arr | test.cpp:115:35:115:40 | access to array | provenance | Config |
| test.cpp:111:17:111:19 | arr | test.cpp:119:17:119:22 | access to array | provenance | Config |
| test.cpp:115:35:115:37 | arr | test.cpp:111:17:111:22 | access to array | provenance | Config |
| test.cpp:115:35:115:37 | arr | test.cpp:115:35:115:40 | access to array | provenance | Config |
| test.cpp:115:35:115:37 | arr | test.cpp:119:17:119:22 | access to array | provenance | Config |
| test.cpp:119:17:119:19 | arr | test.cpp:111:17:111:22 | access to array | provenance | Config |
| test.cpp:119:17:119:19 | arr | test.cpp:115:35:115:40 | access to array | provenance | Config |
| test.cpp:119:17:119:19 | arr | test.cpp:119:17:119:22 | access to array | provenance | Config |
| test.cpp:128:9:128:11 | arr | test.cpp:128:9:128:14 | access to array | provenance | Config |
| test.cpp:134:25:134:27 | arr | test.cpp:136:9:136:16 | ... += ... | provenance | Config |
| test.cpp:136:9:136:16 | ... += ... | test.cpp:136:9:136:16 | ... += ... | provenance | |
| test.cpp:136:9:136:16 | ... += ... | test.cpp:138:13:138:15 | arr | provenance | |
| test.cpp:143:18:143:21 | asdf | test.cpp:134:25:134:27 | arr | provenance | |
| test.cpp:143:18:143:21 | asdf | test.cpp:143:18:143:21 | asdf | provenance | |
| test.cpp:146:26:146:26 | *p | test.cpp:147:4:147:9 | -- ... | provenance | |
| test.cpp:156:12:156:14 | buf | test.cpp:156:12:156:18 | ... + ... | provenance | |
| test.cpp:156:12:156:14 | buf | test.cpp:156:12:156:18 | ... + ... | provenance | Config |
| test.cpp:156:12:156:18 | ... + ... | test.cpp:156:12:156:18 | ... + ... | provenance | |
| test.cpp:156:12:156:18 | ... + ... | test.cpp:158:17:158:18 | *& ... | provenance | |
| test.cpp:158:17:158:18 | *& ... | test.cpp:146:26:146:26 | *p | provenance | |
| test.cpp:218:16:218:28 | buffer | test.cpp:220:5:220:11 | access to array | provenance | |
| test.cpp:218:16:218:28 | buffer | test.cpp:221:5:221:11 | access to array | provenance | |
| test.cpp:218:16:218:28 | buffer | test.cpp:220:5:220:11 | access to array | provenance | Config |
| test.cpp:218:16:218:28 | buffer | test.cpp:221:5:221:11 | access to array | provenance | Config |
| test.cpp:218:23:218:28 | buffer | test.cpp:218:16:218:28 | buffer | provenance | |
| test.cpp:229:17:229:29 | array | test.cpp:231:5:231:10 | access to array | provenance | |
| test.cpp:229:17:229:29 | array | test.cpp:232:5:232:10 | access to array | provenance | |
| test.cpp:229:17:229:29 | array | test.cpp:231:5:231:10 | access to array | provenance | Config |
| test.cpp:229:17:229:29 | array | test.cpp:232:5:232:10 | access to array | provenance | Config |
| test.cpp:229:25:229:29 | array | test.cpp:229:17:229:29 | array | provenance | |
| test.cpp:245:30:245:30 | p | test.cpp:261:27:261:30 | access to array | provenance | |
| test.cpp:245:30:245:30 | p | test.cpp:261:27:261:30 | access to array | provenance | |
| test.cpp:245:30:245:30 | p | test.cpp:261:27:261:30 | access to array | provenance | Config |
| test.cpp:245:30:245:30 | p | test.cpp:261:27:261:30 | access to array | provenance | Config |
| test.cpp:274:14:274:20 | buffer3 | test.cpp:245:30:245:30 | p | provenance | |
| test.cpp:274:14:274:20 | buffer3 | test.cpp:274:14:274:20 | buffer3 | provenance | |
| test.cpp:277:35:277:35 | p | test.cpp:278:14:278:14 | p | provenance | |
@@ -60,21 +60,21 @@ edges
| test.cpp:286:19:286:25 | buffer2 | test.cpp:286:19:286:25 | buffer2 | provenance | |
| test.cpp:289:19:289:25 | buffer3 | test.cpp:277:35:277:35 | p | provenance | |
| test.cpp:289:19:289:25 | buffer3 | test.cpp:289:19:289:25 | buffer3 | provenance | |
| test.cpp:292:25:292:27 | arr | test.cpp:299:16:299:21 | access to array | provenance | |
| test.cpp:292:25:292:27 | arr | test.cpp:299:16:299:21 | access to array | provenance | |
| test.cpp:292:25:292:27 | arr | test.cpp:299:16:299:21 | access to array | provenance | Config |
| test.cpp:292:25:292:27 | arr | test.cpp:299:16:299:21 | access to array | provenance | Config |
| test.cpp:306:20:306:23 | arr1 | test.cpp:292:25:292:27 | arr | provenance | |
| test.cpp:306:20:306:23 | arr1 | test.cpp:306:20:306:23 | arr1 | provenance | |
| test.cpp:309:20:309:23 | arr2 | test.cpp:292:25:292:27 | arr | provenance | |
| test.cpp:309:20:309:23 | arr2 | test.cpp:309:20:309:23 | arr2 | provenance | |
| test.cpp:319:13:319:27 | ... = ... | test.cpp:325:24:325:26 | end | provenance | |
| test.cpp:319:19:319:22 | temp | test.cpp:319:19:319:27 | ... + ... | provenance | |
| test.cpp:319:19:319:22 | temp | test.cpp:324:23:324:32 | ... + ... | provenance | |
| test.cpp:319:19:319:22 | temp | test.cpp:319:19:319:27 | ... + ... | provenance | Config |
| test.cpp:319:19:319:22 | temp | test.cpp:324:23:324:32 | ... + ... | provenance | Config |
| test.cpp:319:19:319:27 | ... + ... | test.cpp:319:13:319:27 | ... = ... | provenance | |
| test.cpp:322:13:322:27 | ... = ... | test.cpp:325:24:325:26 | end | provenance | |
| test.cpp:322:19:322:22 | temp | test.cpp:322:19:322:27 | ... + ... | provenance | |
| test.cpp:322:19:322:22 | temp | test.cpp:324:23:324:32 | ... + ... | provenance | |
| test.cpp:322:19:322:22 | temp | test.cpp:322:19:322:27 | ... + ... | provenance | Config |
| test.cpp:322:19:322:22 | temp | test.cpp:324:23:324:32 | ... + ... | provenance | Config |
| test.cpp:322:19:322:27 | ... + ... | test.cpp:322:13:322:27 | ... = ... | provenance | |
| test.cpp:324:23:324:26 | temp | test.cpp:324:23:324:32 | ... + ... | provenance | |
| test.cpp:324:23:324:26 | temp | test.cpp:324:23:324:32 | ... + ... | provenance | Config |
| test.cpp:324:23:324:32 | ... + ... | test.cpp:324:23:324:32 | ... + ... | provenance | |
| test.cpp:324:23:324:32 | ... + ... | test.cpp:325:15:325:19 | temp2 | provenance | |
nodes

2
cpp/ql/test/library-tests/dataflow/fields/ir-path-flow.expected
View File

@@ -15,7 +15,7 @@ edges
| A.cpp:31:20:31:20 | c | A.cpp:23:10:23:10 | c | provenance | |
| A.cpp:31:20:31:20 | c | A.cpp:31:14:31:21 | call to B [c] | provenance | |
| A.cpp:41:5:41:6 | insert output argument | A.cpp:43:10:43:12 | *& ... | provenance | |
| A.cpp:41:15:41:21 | new | A.cpp:41:5:41:6 | insert output argument | provenance | |
| A.cpp:41:15:41:21 | new | A.cpp:41:5:41:6 | insert output argument | provenance | Config |
| A.cpp:47:12:47:18 | new | A.cpp:47:12:47:18 | new | provenance | |
| A.cpp:47:12:47:18 | new | A.cpp:48:20:48:20 | c | provenance | |
| A.cpp:48:12:48:18 | *call to make [c] | A.cpp:48:12:48:18 | *call to make [c] | provenance | |

3
cpp/ql/test/library-tests/dataflow/fields/path-flow.expected
View File

@@ -12,8 +12,9 @@ edges
| A.cpp:31:20:31:20 | c | A.cpp:23:10:23:10 | c | provenance | |
| A.cpp:31:20:31:20 | c | A.cpp:31:14:31:21 | call to B [c] | provenance | |
| A.cpp:41:5:41:6 | ref arg ct | A.cpp:43:11:43:12 | ct | provenance | |
| A.cpp:41:15:41:21 | new | A.cpp:41:5:41:6 | ref arg ct | provenance | |
| A.cpp:41:15:41:21 | new | A.cpp:41:5:41:6 | ref arg ct | provenance | Config |
| A.cpp:43:11:43:12 | ct | A.cpp:43:10:43:12 | & ... | provenance | |
| A.cpp:43:11:43:12 | ct | A.cpp:43:10:43:12 | & ... | provenance | Config |
| A.cpp:47:12:47:18 | new | A.cpp:48:20:48:20 | c | provenance | |
| A.cpp:48:12:48:18 | call to make [c] | A.cpp:49:10:49:10 | b [c] | provenance | |
| A.cpp:48:20:48:20 | c | A.cpp:29:23:29:23 | c | provenance | |

2
cpp/ql/test/query-tests/Security/CWE/CWE-078/SAMATE/ExecTainted/ExecTainted.expected
View File

@@ -3,7 +3,7 @@ edges
| tests.cpp:33:34:33:39 | *call to getenv | tests.cpp:33:34:33:39 | *call to getenv | provenance | |
| tests.cpp:33:34:33:39 | *call to getenv | tests.cpp:38:39:38:49 | *environment | provenance | |
| tests.cpp:38:25:38:36 | strncat output argument | tests.cpp:42:12:42:15 | *data | provenance | |
| tests.cpp:38:39:38:49 | *environment | tests.cpp:38:25:38:36 | strncat output argument | provenance | |
| tests.cpp:38:39:38:49 | *environment | tests.cpp:38:25:38:36 | strncat output argument | provenance | Config |
| tests.cpp:42:12:42:15 | *data | tests.cpp:26:15:26:23 | **badSource | provenance | |
| tests.cpp:51:5:51:26 | *... = ... | tests.cpp:53:16:53:19 | *data | provenance | |
| tests.cpp:51:12:51:20 | *call to badSource | tests.cpp:51:5:51:26 | *... = ... | provenance | |

36
cpp/ql/test/query-tests/Security/CWE/CWE-078/semmle/ExecTainted/ExecTainted.expected
View File

@@ -2,72 +2,72 @@ edges
| test.cpp:15:27:15:30 | **argv | test.cpp:16:20:16:26 | *access to array | provenance | |
| test.cpp:16:20:16:26 | *access to array | test.cpp:22:45:22:52 | *userName | provenance | |
| test.cpp:22:13:22:20 | sprintf output argument | test.cpp:23:12:23:19 | *command1 | provenance | |
| test.cpp:22:45:22:52 | *userName | test.cpp:22:13:22:20 | sprintf output argument | provenance | |
| test.cpp:22:45:22:52 | *userName | test.cpp:22:13:22:20 | sprintf output argument | provenance | Config |
| test.cpp:47:21:47:26 | *call to getenv | test.cpp:47:21:47:26 | *call to getenv | provenance | |
| test.cpp:47:21:47:26 | *call to getenv | test.cpp:50:35:50:43 | *envCflags | provenance | |
| test.cpp:50:11:50:17 | sprintf output argument | test.cpp:51:10:51:16 | *command | provenance | |
| test.cpp:50:35:50:43 | *envCflags | test.cpp:50:11:50:17 | sprintf output argument | provenance | |
| test.cpp:50:35:50:43 | *envCflags | test.cpp:50:11:50:17 | sprintf output argument | provenance | Config |
| test.cpp:62:9:62:16 | fread output argument | test.cpp:64:20:64:27 | *filename | provenance | |
| test.cpp:64:11:64:17 | strncat output argument | test.cpp:65:10:65:16 | *command | provenance | |
| test.cpp:64:20:64:27 | *filename | test.cpp:64:11:64:17 | strncat output argument | provenance | |
| test.cpp:64:20:64:27 | *filename | test.cpp:64:11:64:17 | strncat output argument | provenance | Config |
| test.cpp:82:9:82:16 | fread output argument | test.cpp:84:20:84:27 | *filename | provenance | |
| test.cpp:84:11:84:17 | strncat output argument | test.cpp:85:32:85:38 | *command | provenance | |
| test.cpp:84:20:84:27 | *filename | test.cpp:84:11:84:17 | strncat output argument | provenance | |
| test.cpp:84:20:84:27 | *filename | test.cpp:84:11:84:17 | strncat output argument | provenance | Config |
| test.cpp:91:9:91:16 | fread output argument | test.cpp:93:17:93:24 | *filename | provenance | |
| test.cpp:93:11:93:14 | strncat output argument | test.cpp:94:45:94:48 | *path | provenance | |
| test.cpp:93:17:93:24 | *filename | test.cpp:93:11:93:14 | strncat output argument | provenance | |
| test.cpp:93:17:93:24 | *filename | test.cpp:93:11:93:14 | strncat output argument | provenance | Config |
| test.cpp:106:20:106:38 | *call to getenv | test.cpp:107:33:107:36 | *path | provenance | TaintFunction |
| test.cpp:107:31:107:31 | call to operator+ | test.cpp:107:31:107:31 | call to operator+ | provenance | |
| test.cpp:107:31:107:31 | call to operator+ | test.cpp:108:18:108:22 | *call to c_str | provenance | TaintFunction |
| test.cpp:107:33:107:36 | *path | test.cpp:107:31:107:31 | call to operator+ | provenance | |
| test.cpp:107:33:107:36 | *path | test.cpp:107:31:107:31 | call to operator+ | provenance | Config |
| test.cpp:113:20:113:38 | *call to getenv | test.cpp:114:19:114:22 | *path | provenance | TaintFunction |
| test.cpp:114:10:114:23 | call to operator+ | test.cpp:114:25:114:29 | *call to c_str | provenance | TaintFunction |
| test.cpp:114:10:114:23 | call to operator+ | test.cpp:114:25:114:29 | *call to c_str | provenance | TaintFunction |
| test.cpp:114:17:114:17 | call to operator+ | test.cpp:114:10:114:23 | call to operator+ | provenance | |
| test.cpp:114:19:114:22 | *path | test.cpp:114:10:114:23 | call to operator+ | provenance | |
| test.cpp:114:19:114:22 | *path | test.cpp:114:17:114:17 | call to operator+ | provenance | |
| test.cpp:114:19:114:22 | *path | test.cpp:114:10:114:23 | call to operator+ | provenance | Config |
| test.cpp:114:19:114:22 | *path | test.cpp:114:17:114:17 | call to operator+ | provenance | Config |
| test.cpp:119:20:119:38 | *call to getenv | test.cpp:120:19:120:22 | *path | provenance | TaintFunction |
| test.cpp:120:17:120:17 | call to operator+ | test.cpp:120:10:120:30 | *call to data | provenance | TaintFunction |
| test.cpp:120:19:120:22 | *path | test.cpp:120:17:120:17 | call to operator+ | provenance | |
| test.cpp:120:19:120:22 | *path | test.cpp:120:17:120:17 | call to operator+ | provenance | Config |
| test.cpp:140:9:140:11 | fread output argument | test.cpp:142:31:142:33 | *str | provenance | |
| test.cpp:142:11:142:17 | sprintf output argument | test.cpp:143:10:143:16 | *command | provenance | |
| test.cpp:142:31:142:33 | *str | test.cpp:142:11:142:17 | sprintf output argument | provenance | |
| test.cpp:142:31:142:33 | *str | test.cpp:142:11:142:17 | sprintf output argument | provenance | Config |
| test.cpp:174:9:174:16 | fread output argument | test.cpp:177:20:177:27 | *filename | provenance | |
| test.cpp:174:9:174:16 | fread output argument | test.cpp:180:22:180:29 | *filename | provenance | |
| test.cpp:177:13:177:17 | strncat output argument | test.cpp:178:22:178:26 | *flags | provenance | |
| test.cpp:177:13:177:17 | strncat output argument | test.cpp:178:22:178:26 | *flags | provenance | |
| test.cpp:177:20:177:27 | *filename | test.cpp:177:13:177:17 | strncat output argument | provenance | |
| test.cpp:177:20:177:27 | *filename | test.cpp:177:13:177:17 | strncat output argument | provenance | Config |
| test.cpp:177:20:177:27 | *filename | test.cpp:177:13:177:17 | strncat output argument | provenance | TaintFunction |
| test.cpp:178:13:178:19 | strncat output argument | test.cpp:183:32:183:38 | *command | provenance | |
| test.cpp:178:13:178:19 | strncat output argument | test.cpp:183:32:183:38 | *command | provenance | |
| test.cpp:178:22:178:26 | *flags | test.cpp:178:13:178:19 | strncat output argument | provenance | |
| test.cpp:178:22:178:26 | *flags | test.cpp:178:13:178:19 | strncat output argument | provenance | Config |
| test.cpp:178:22:178:26 | *flags | test.cpp:178:13:178:19 | strncat output argument | provenance | TaintFunction |
| test.cpp:180:13:180:19 | strncat output argument | test.cpp:183:32:183:38 | *command | provenance | |
| test.cpp:180:22:180:29 | *filename | test.cpp:180:13:180:19 | strncat output argument | provenance | |
| test.cpp:180:22:180:29 | *filename | test.cpp:180:13:180:19 | strncat output argument | provenance | Config |
| test.cpp:186:47:186:54 | *filename | test.cpp:187:18:187:25 | *filename | provenance | |
| test.cpp:187:11:187:15 | strncat output argument | test.cpp:188:20:188:24 | *flags | provenance | |
| test.cpp:187:11:187:15 | strncat output argument | test.cpp:188:20:188:24 | *flags | provenance | |
| test.cpp:187:18:187:25 | *filename | test.cpp:187:11:187:15 | strncat output argument | provenance | |
| test.cpp:187:18:187:25 | *filename | test.cpp:187:11:187:15 | strncat output argument | provenance | Config |
| test.cpp:187:18:187:25 | *filename | test.cpp:187:11:187:15 | strncat output argument | provenance | TaintFunction |
| test.cpp:188:11:188:17 | strncat output argument | test.cpp:186:19:186:25 | *command | provenance | |
| test.cpp:188:11:188:17 | strncat output argument | test.cpp:186:19:186:25 | *command | provenance | |
| test.cpp:188:11:188:17 | strncat output argument | test.cpp:186:19:186:25 | *command [Return] | provenance | |
| test.cpp:188:11:188:17 | strncat output argument | test.cpp:186:19:186:25 | *command [Return] | provenance | |
| test.cpp:188:20:188:24 | *flags | test.cpp:188:11:188:17 | strncat output argument | provenance | |
| test.cpp:188:20:188:24 | *flags | test.cpp:188:11:188:17 | strncat output argument | provenance | Config |
| test.cpp:188:20:188:24 | *flags | test.cpp:188:11:188:17 | strncat output argument | provenance | TaintFunction |
| test.cpp:194:9:194:16 | fread output argument | test.cpp:196:26:196:33 | *filename | provenance | |
| test.cpp:196:10:196:16 | concat output argument | test.cpp:198:32:198:38 | *command | provenance | |
| test.cpp:196:10:196:16 | concat output argument | test.cpp:198:32:198:38 | *command | provenance | |
| test.cpp:196:26:196:33 | *filename | test.cpp:186:47:186:54 | *filename | provenance | |
| test.cpp:196:26:196:33 | *filename | test.cpp:196:10:196:16 | concat output argument | provenance | TaintFunction |
| test.cpp:196:26:196:33 | *filename | test.cpp:196:10:196:16 | concat output argument | provenance | Config |
| test.cpp:196:26:196:33 | *filename | test.cpp:196:10:196:16 | concat output argument | provenance | TaintFunction |
| test.cpp:218:9:218:16 | fread output argument | test.cpp:220:19:220:26 | *filename | provenance | |
| test.cpp:220:10:220:16 | strncat output argument | test.cpp:220:10:220:16 | strncat output argument | provenance | TaintFunction |
| test.cpp:220:10:220:16 | strncat output argument | test.cpp:220:10:220:16 | strncat output argument | provenance | TaintFunction |
| test.cpp:220:10:220:16 | strncat output argument | test.cpp:222:32:222:38 | *command | provenance | |
| test.cpp:220:10:220:16 | strncat output argument | test.cpp:222:32:222:38 | *command | provenance | |
| test.cpp:220:19:220:26 | *filename | test.cpp:220:10:220:16 | strncat output argument | provenance | |
| test.cpp:220:19:220:26 | *filename | test.cpp:220:10:220:16 | strncat output argument | provenance | |
| test.cpp:220:19:220:26 | *filename | test.cpp:220:10:220:16 | strncat output argument | provenance | Config |
| test.cpp:220:19:220:26 | *filename | test.cpp:220:10:220:16 | strncat output argument | provenance | Config |
| test.cpp:220:19:220:26 | *filename | test.cpp:220:19:220:26 | *filename | provenance | |
nodes
| test.cpp:15:27:15:30 | **argv | semmle.label | **argv |

158
cpp/ql/test/query-tests/Security/CWE/CWE-193/InvalidPointerDeref.expected
View File

@@ -1,138 +1,138 @@
edges
| test.cpp:4:15:4:33 | call to malloc | test.cpp:4:15:4:33 | call to malloc | provenance | |
| test.cpp:4:15:4:33 | call to malloc | test.cpp:5:15:5:22 | ... + ... | provenance | |
| test.cpp:4:15:4:33 | call to malloc | test.cpp:5:15:5:22 | ... + ... | provenance | Config |
| test.cpp:5:15:5:22 | ... + ... | test.cpp:5:15:5:22 | ... + ... | provenance | |
| test.cpp:5:15:5:22 | ... + ... | test.cpp:6:14:6:15 | * ... | provenance | |
| test.cpp:5:15:5:22 | ... + ... | test.cpp:6:14:6:15 | * ... | provenance | |
| test.cpp:5:15:5:22 | ... + ... | test.cpp:6:14:6:15 | * ... | provenance | |
| test.cpp:5:15:5:22 | ... + ... | test.cpp:6:14:6:15 | * ... | provenance | |
| test.cpp:5:15:5:22 | ... + ... | test.cpp:8:14:8:21 | * ... | provenance | |
| test.cpp:5:15:5:22 | ... + ... | test.cpp:8:14:8:21 | * ... | provenance | |
| test.cpp:5:15:5:22 | ... + ... | test.cpp:6:14:6:15 | * ... | provenance | Config |
| test.cpp:5:15:5:22 | ... + ... | test.cpp:6:14:6:15 | * ... | provenance | Config |
| test.cpp:5:15:5:22 | ... + ... | test.cpp:6:14:6:15 | * ... | provenance | Config |
| test.cpp:5:15:5:22 | ... + ... | test.cpp:6:14:6:15 | * ... | provenance | Config |
| test.cpp:5:15:5:22 | ... + ... | test.cpp:8:14:8:21 | * ... | provenance | Config |
| test.cpp:5:15:5:22 | ... + ... | test.cpp:8:14:8:21 | * ... | provenance | Config |
| test.cpp:6:14:6:15 | * ... | test.cpp:8:14:8:21 | * ... | provenance | |
| test.cpp:16:15:16:33 | call to malloc | test.cpp:16:15:16:33 | call to malloc | provenance | |
| test.cpp:16:15:16:33 | call to malloc | test.cpp:20:14:20:21 | * ... | provenance | |
| test.cpp:16:15:16:33 | call to malloc | test.cpp:20:14:20:21 | * ... | provenance | Config |
| test.cpp:28:15:28:37 | call to malloc | test.cpp:28:15:28:37 | call to malloc | provenance | |
| test.cpp:28:15:28:37 | call to malloc | test.cpp:29:15:29:28 | ... + ... | provenance | |
| test.cpp:28:15:28:37 | call to malloc | test.cpp:29:15:29:28 | ... + ... | provenance | Config |
| test.cpp:29:15:29:28 | ... + ... | test.cpp:29:15:29:28 | ... + ... | provenance | |
| test.cpp:29:15:29:28 | ... + ... | test.cpp:30:14:30:15 | * ... | provenance | |
| test.cpp:29:15:29:28 | ... + ... | test.cpp:30:14:30:15 | * ... | provenance | |
| test.cpp:29:15:29:28 | ... + ... | test.cpp:30:14:30:15 | * ... | provenance | |
| test.cpp:29:15:29:28 | ... + ... | test.cpp:30:14:30:15 | * ... | provenance | |
| test.cpp:29:15:29:28 | ... + ... | test.cpp:32:14:32:21 | * ... | provenance | |
| test.cpp:29:15:29:28 | ... + ... | test.cpp:32:14:32:21 | * ... | provenance | |
| test.cpp:29:15:29:28 | ... + ... | test.cpp:30:14:30:15 | * ... | provenance | Config |
| test.cpp:29:15:29:28 | ... + ... | test.cpp:30:14:30:15 | * ... | provenance | Config |
| test.cpp:29:15:29:28 | ... + ... | test.cpp:30:14:30:15 | * ... | provenance | Config |
| test.cpp:29:15:29:28 | ... + ... | test.cpp:30:14:30:15 | * ... | provenance | Config |
| test.cpp:29:15:29:28 | ... + ... | test.cpp:32:14:32:21 | * ... | provenance | Config |
| test.cpp:29:15:29:28 | ... + ... | test.cpp:32:14:32:21 | * ... | provenance | Config |
| test.cpp:30:14:30:15 | * ... | test.cpp:32:14:32:21 | * ... | provenance | |
| test.cpp:51:33:51:35 | *end | test.cpp:60:34:60:37 | mk_array output argument | provenance | |
| test.cpp:52:19:52:37 | call to malloc | test.cpp:52:19:52:37 | call to malloc | provenance | |
| test.cpp:52:19:52:37 | call to malloc | test.cpp:53:12:53:23 | ... + ... | provenance | |
| test.cpp:52:19:52:37 | call to malloc | test.cpp:53:12:53:23 | ... + ... | provenance | Config |
| test.cpp:53:5:53:23 | ... = ... | test.cpp:51:33:51:35 | *end | provenance | |
| test.cpp:53:12:53:23 | ... + ... | test.cpp:53:5:53:23 | ... = ... | provenance | |
| test.cpp:60:34:60:37 | mk_array output argument | test.cpp:67:9:67:14 | ... = ... | provenance | |
| test.cpp:60:34:60:37 | mk_array output argument | test.cpp:67:9:67:14 | ... = ... | provenance | Config |
| test.cpp:205:15:205:33 | call to malloc | test.cpp:205:15:205:33 | call to malloc | provenance | |
| test.cpp:205:15:205:33 | call to malloc | test.cpp:206:17:206:23 | ... + ... | provenance | |
| test.cpp:205:15:205:33 | call to malloc | test.cpp:206:17:206:23 | ... + ... | provenance | Config |
| test.cpp:206:17:206:23 | ... + ... | test.cpp:206:17:206:23 | ... + ... | provenance | |
| test.cpp:206:17:206:23 | ... + ... | test.cpp:213:5:213:13 | ... = ... | provenance | |
| test.cpp:206:17:206:23 | ... + ... | test.cpp:213:5:213:13 | ... = ... | provenance | |
| test.cpp:206:17:206:23 | ... + ... | test.cpp:213:5:213:13 | ... = ... | provenance | Config |
| test.cpp:206:17:206:23 | ... + ... | test.cpp:213:5:213:13 | ... = ... | provenance | Config |
| test.cpp:260:13:260:24 | new[] | test.cpp:260:13:260:24 | new[] | provenance | |
| test.cpp:260:13:260:24 | new[] | test.cpp:261:14:261:21 | ... + ... | provenance | |
| test.cpp:260:13:260:24 | new[] | test.cpp:261:14:261:21 | ... + ... | provenance | Config |
| test.cpp:261:14:261:21 | ... + ... | test.cpp:261:14:261:21 | ... + ... | provenance | |
| test.cpp:261:14:261:21 | ... + ... | test.cpp:264:13:264:14 | * ... | provenance | |
| test.cpp:261:14:261:21 | ... + ... | test.cpp:264:13:264:14 | * ... | provenance | |
| test.cpp:261:14:261:21 | ... + ... | test.cpp:264:13:264:14 | * ... | provenance | |
| test.cpp:261:14:261:21 | ... + ... | test.cpp:264:13:264:14 | * ... | provenance | |
| test.cpp:261:14:261:21 | ... + ... | test.cpp:264:13:264:14 | * ... | provenance | Config |
| test.cpp:261:14:261:21 | ... + ... | test.cpp:264:13:264:14 | * ... | provenance | Config |
| test.cpp:261:14:261:21 | ... + ... | test.cpp:264:13:264:14 | * ... | provenance | Config |
| test.cpp:261:14:261:21 | ... + ... | test.cpp:264:13:264:14 | * ... | provenance | Config |
| test.cpp:262:31:262:33 | *... ++ | test.cpp:264:13:264:14 | * ... | provenance | |
| test.cpp:262:31:262:33 | *... ++ | test.cpp:264:13:264:14 | * ... | provenance | |
| test.cpp:264:13:264:14 | * ... | test.cpp:262:31:262:33 | *... ++ | provenance | |
| test.cpp:270:13:270:24 | new[] | test.cpp:270:13:270:24 | new[] | provenance | |
| test.cpp:270:13:270:24 | new[] | test.cpp:271:14:271:21 | ... + ... | provenance | |
| test.cpp:270:13:270:24 | new[] | test.cpp:271:14:271:21 | ... + ... | provenance | Config |
| test.cpp:271:14:271:21 | ... + ... | test.cpp:271:14:271:21 | ... + ... | provenance | |
| test.cpp:271:14:271:21 | ... + ... | test.cpp:274:5:274:10 | ... = ... | provenance | |
| test.cpp:271:14:271:21 | ... + ... | test.cpp:274:5:274:10 | ... = ... | provenance | |
| test.cpp:271:14:271:21 | ... + ... | test.cpp:274:5:274:10 | ... = ... | provenance | Config |
| test.cpp:271:14:271:21 | ... + ... | test.cpp:274:5:274:10 | ... = ... | provenance | Config |
| test.cpp:355:14:355:27 | new[] | test.cpp:355:14:355:27 | new[] | provenance | |
| test.cpp:355:14:355:27 | new[] | test.cpp:356:15:356:23 | ... + ... | provenance | |
| test.cpp:355:14:355:27 | new[] | test.cpp:356:15:356:23 | ... + ... | provenance | Config |
| test.cpp:356:15:356:23 | ... + ... | test.cpp:356:15:356:23 | ... + ... | provenance | |
| test.cpp:356:15:356:23 | ... + ... | test.cpp:358:14:358:26 | * ... | provenance | |
| test.cpp:356:15:356:23 | ... + ... | test.cpp:358:14:358:26 | * ... | provenance | |
| test.cpp:356:15:356:23 | ... + ... | test.cpp:359:14:359:32 | * ... | provenance | |
| test.cpp:356:15:356:23 | ... + ... | test.cpp:359:14:359:32 | * ... | provenance | |
| test.cpp:356:15:356:23 | ... + ... | test.cpp:358:14:358:26 | * ... | provenance | Config |
| test.cpp:356:15:356:23 | ... + ... | test.cpp:358:14:358:26 | * ... | provenance | Config |
| test.cpp:356:15:356:23 | ... + ... | test.cpp:359:14:359:32 | * ... | provenance | Config |
| test.cpp:356:15:356:23 | ... + ... | test.cpp:359:14:359:32 | * ... | provenance | Config |
| test.cpp:377:14:377:27 | new[] | test.cpp:377:14:377:27 | new[] | provenance | |
| test.cpp:377:14:377:27 | new[] | test.cpp:378:15:378:23 | ... + ... | provenance | |
| test.cpp:377:14:377:27 | new[] | test.cpp:378:15:378:23 | ... + ... | provenance | Config |
| test.cpp:378:15:378:23 | ... + ... | test.cpp:378:15:378:23 | ... + ... | provenance | |
| test.cpp:378:15:378:23 | ... + ... | test.cpp:384:13:384:16 | * ... | provenance | |
| test.cpp:378:15:378:23 | ... + ... | test.cpp:384:13:384:16 | * ... | provenance | |
| test.cpp:378:15:378:23 | ... + ... | test.cpp:384:13:384:16 | * ... | provenance | Config |
| test.cpp:378:15:378:23 | ... + ... | test.cpp:384:13:384:16 | * ... | provenance | Config |
| test.cpp:410:14:410:27 | new[] | test.cpp:410:14:410:27 | new[] | provenance | |
| test.cpp:410:14:410:27 | new[] | test.cpp:411:15:411:23 | & ... | provenance | |
| test.cpp:410:14:410:27 | new[] | test.cpp:415:7:415:15 | ... = ... | provenance | |
| test.cpp:410:14:410:27 | new[] | test.cpp:411:15:411:23 | & ... | provenance | Config |
| test.cpp:410:14:410:27 | new[] | test.cpp:415:7:415:15 | ... = ... | provenance | Config |
| test.cpp:411:15:411:23 | & ... | test.cpp:411:15:411:23 | & ... | provenance | |
| test.cpp:411:15:411:23 | & ... | test.cpp:415:7:415:15 | ... = ... | provenance | |
| test.cpp:411:15:411:23 | & ... | test.cpp:415:7:415:15 | ... = ... | provenance | |
| test.cpp:411:15:411:23 | & ... | test.cpp:415:7:415:15 | ... = ... | provenance | Config |
| test.cpp:411:15:411:23 | & ... | test.cpp:415:7:415:15 | ... = ... | provenance | Config |
| test.cpp:421:14:421:27 | new[] | test.cpp:421:14:421:27 | new[] | provenance | |
| test.cpp:421:14:421:27 | new[] | test.cpp:422:15:422:23 | & ... | provenance | |
| test.cpp:421:14:421:27 | new[] | test.cpp:426:7:426:15 | ... = ... | provenance | |
| test.cpp:421:14:421:27 | new[] | test.cpp:422:15:422:23 | & ... | provenance | Config |
| test.cpp:421:14:421:27 | new[] | test.cpp:426:7:426:15 | ... = ... | provenance | Config |
| test.cpp:422:15:422:23 | & ... | test.cpp:422:15:422:23 | & ... | provenance | |
| test.cpp:422:15:422:23 | & ... | test.cpp:426:7:426:15 | ... = ... | provenance | |
| test.cpp:422:15:422:23 | & ... | test.cpp:426:7:426:15 | ... = ... | provenance | |
| test.cpp:422:15:422:23 | & ... | test.cpp:426:7:426:15 | ... = ... | provenance | Config |
| test.cpp:422:15:422:23 | & ... | test.cpp:426:7:426:15 | ... = ... | provenance | Config |
| test.cpp:432:14:432:27 | new[] | test.cpp:432:14:432:27 | new[] | provenance | |
| test.cpp:432:14:432:27 | new[] | test.cpp:433:15:433:23 | & ... | provenance | |
| test.cpp:432:14:432:27 | new[] | test.cpp:438:7:438:15 | ... = ... | provenance | |
| test.cpp:432:14:432:27 | new[] | test.cpp:433:15:433:23 | & ... | provenance | Config |
| test.cpp:432:14:432:27 | new[] | test.cpp:438:7:438:15 | ... = ... | provenance | Config |
| test.cpp:433:15:433:23 | & ... | test.cpp:433:15:433:23 | & ... | provenance | |
| test.cpp:433:15:433:23 | & ... | test.cpp:438:7:438:15 | ... = ... | provenance | |
| test.cpp:433:15:433:23 | & ... | test.cpp:438:7:438:15 | ... = ... | provenance | |
| test.cpp:433:15:433:23 | & ... | test.cpp:438:7:438:15 | ... = ... | provenance | Config |
| test.cpp:433:15:433:23 | & ... | test.cpp:438:7:438:15 | ... = ... | provenance | Config |
| test.cpp:444:14:444:27 | new[] | test.cpp:444:14:444:27 | new[] | provenance | |
| test.cpp:444:14:444:27 | new[] | test.cpp:445:15:445:23 | & ... | provenance | |
| test.cpp:444:14:444:27 | new[] | test.cpp:450:7:450:15 | ... = ... | provenance | |
| test.cpp:444:14:444:27 | new[] | test.cpp:445:15:445:23 | & ... | provenance | Config |
| test.cpp:444:14:444:27 | new[] | test.cpp:450:7:450:15 | ... = ... | provenance | Config |
| test.cpp:445:15:445:23 | & ... | test.cpp:445:15:445:23 | & ... | provenance | |
| test.cpp:445:15:445:23 | & ... | test.cpp:450:7:450:15 | ... = ... | provenance | |
| test.cpp:445:15:445:23 | & ... | test.cpp:450:7:450:15 | ... = ... | provenance | |
| test.cpp:445:15:445:23 | & ... | test.cpp:450:7:450:15 | ... = ... | provenance | Config |
| test.cpp:445:15:445:23 | & ... | test.cpp:450:7:450:15 | ... = ... | provenance | Config |
| test.cpp:480:14:480:27 | new[] | test.cpp:480:14:480:27 | new[] | provenance | |
| test.cpp:480:14:480:27 | new[] | test.cpp:481:15:481:23 | & ... | provenance | |
| test.cpp:480:14:480:27 | new[] | test.cpp:486:7:486:15 | ... = ... | provenance | |
| test.cpp:480:14:480:27 | new[] | test.cpp:481:15:481:23 | & ... | provenance | Config |
| test.cpp:480:14:480:27 | new[] | test.cpp:486:7:486:15 | ... = ... | provenance | Config |
| test.cpp:481:15:481:23 | & ... | test.cpp:481:15:481:23 | & ... | provenance | |
| test.cpp:481:15:481:23 | & ... | test.cpp:486:7:486:15 | ... = ... | provenance | |
| test.cpp:481:15:481:23 | & ... | test.cpp:486:7:486:15 | ... = ... | provenance | |
| test.cpp:481:15:481:23 | & ... | test.cpp:486:7:486:15 | ... = ... | provenance | Config |
| test.cpp:481:15:481:23 | & ... | test.cpp:486:7:486:15 | ... = ... | provenance | Config |
| test.cpp:543:14:543:27 | new[] | test.cpp:543:14:543:27 | new[] | provenance | |
| test.cpp:543:14:543:27 | new[] | test.cpp:548:5:548:19 | ... = ... | provenance | |
| test.cpp:543:14:543:27 | new[] | test.cpp:548:5:548:19 | ... = ... | provenance | Config |
| test.cpp:554:14:554:27 | new[] | test.cpp:554:14:554:27 | new[] | provenance | |
| test.cpp:554:14:554:27 | new[] | test.cpp:559:5:559:19 | ... = ... | provenance | |
| test.cpp:554:14:554:27 | new[] | test.cpp:559:5:559:19 | ... = ... | provenance | Config |
| test.cpp:642:14:642:31 | new[] | test.cpp:642:14:642:31 | new[] | provenance | |
| test.cpp:642:14:642:31 | new[] | test.cpp:647:5:647:19 | ... = ... | provenance | |
| test.cpp:642:14:642:31 | new[] | test.cpp:647:5:647:19 | ... = ... | provenance | Config |
| test.cpp:730:12:730:28 | new[] | test.cpp:730:12:730:28 | new[] | provenance | |
| test.cpp:730:12:730:28 | new[] | test.cpp:732:16:732:26 | ... + ... | provenance | |
| test.cpp:730:12:730:28 | new[] | test.cpp:732:16:732:26 | ... + ... | provenance | Config |
| test.cpp:732:16:732:26 | ... + ... | test.cpp:732:16:732:26 | ... + ... | provenance | |
| test.cpp:732:16:732:26 | ... + ... | test.cpp:733:5:733:12 | ... = ... | provenance | |
| test.cpp:732:16:732:26 | ... + ... | test.cpp:733:5:733:12 | ... = ... | provenance | |
| test.cpp:732:16:732:26 | ... + ... | test.cpp:733:5:733:12 | ... = ... | provenance | Config |
| test.cpp:732:16:732:26 | ... + ... | test.cpp:733:5:733:12 | ... = ... | provenance | Config |
| test.cpp:754:18:754:31 | new[] | test.cpp:754:18:754:31 | new[] | provenance | |
| test.cpp:754:18:754:31 | new[] | test.cpp:767:16:767:29 | access to array | provenance | |
| test.cpp:754:18:754:31 | new[] | test.cpp:767:16:767:29 | access to array | provenance | |
| test.cpp:754:18:754:31 | new[] | test.cpp:772:16:772:29 | access to array | provenance | |
| test.cpp:754:18:754:31 | new[] | test.cpp:772:16:772:29 | access to array | provenance | |
| test.cpp:754:18:754:31 | new[] | test.cpp:767:16:767:29 | access to array | provenance | Config |
| test.cpp:754:18:754:31 | new[] | test.cpp:767:16:767:29 | access to array | provenance | Config |
| test.cpp:754:18:754:31 | new[] | test.cpp:772:16:772:29 | access to array | provenance | Config |
| test.cpp:754:18:754:31 | new[] | test.cpp:772:16:772:29 | access to array | provenance | Config |
| test.cpp:781:14:781:27 | new[] | test.cpp:781:14:781:27 | new[] | provenance | |
| test.cpp:781:14:781:27 | new[] | test.cpp:786:18:786:27 | access to array | provenance | |
| test.cpp:781:14:781:27 | new[] | test.cpp:786:18:786:27 | access to array | provenance | Config |
| test.cpp:792:60:792:62 | *end | test.cpp:800:40:800:43 | mk_array_no_field_flow output argument | provenance | |
| test.cpp:792:60:792:62 | *end | test.cpp:832:40:832:43 | mk_array_no_field_flow output argument | provenance | |
| test.cpp:793:5:793:32 | ... = ... | test.cpp:794:12:794:24 | ... + ... | provenance | |
| test.cpp:793:5:793:32 | ... = ... | test.cpp:794:12:794:24 | ... + ... | provenance | Config |
| test.cpp:793:14:793:32 | call to malloc | test.cpp:793:5:793:32 | ... = ... | provenance | |
| test.cpp:794:5:794:24 | ... = ... | test.cpp:792:60:792:62 | *end | provenance | |
| test.cpp:794:12:794:24 | ... + ... | test.cpp:794:5:794:24 | ... = ... | provenance | |
| test.cpp:800:40:800:43 | mk_array_no_field_flow output argument | test.cpp:807:7:807:12 | ... = ... | provenance | |
| test.cpp:800:40:800:43 | mk_array_no_field_flow output argument | test.cpp:807:7:807:12 | ... = ... | provenance | Config |
| test.cpp:815:52:815:54 | end | test.cpp:815:52:815:54 | end | provenance | |
| test.cpp:815:52:815:54 | end | test.cpp:821:7:821:12 | ... = ... | provenance | |
| test.cpp:815:52:815:54 | end | test.cpp:821:7:821:12 | ... = ... | provenance | |
| test.cpp:815:52:815:54 | end | test.cpp:821:7:821:12 | ... = ... | provenance | Config |
| test.cpp:815:52:815:54 | end | test.cpp:821:7:821:12 | ... = ... | provenance | Config |
| test.cpp:832:40:832:43 | mk_array_no_field_flow output argument | test.cpp:833:37:833:39 | end | provenance | |
| test.cpp:833:37:833:39 | end | test.cpp:815:52:815:54 | end | provenance | |
| test.cpp:841:18:841:35 | call to malloc | test.cpp:841:18:841:35 | call to malloc | provenance | |
| test.cpp:841:18:841:35 | call to malloc | test.cpp:842:3:842:20 | ... = ... | provenance | |
| test.cpp:841:18:841:35 | call to malloc | test.cpp:842:3:842:20 | ... = ... | provenance | Config |
| test.cpp:848:20:848:37 | call to malloc | test.cpp:848:20:848:37 | call to malloc | provenance | |
| test.cpp:848:20:848:37 | call to malloc | test.cpp:849:5:849:22 | ... = ... | provenance | |
| test.cpp:848:20:848:37 | call to malloc | test.cpp:849:5:849:22 | ... = ... | provenance | Config |
| test.cpp:856:12:856:35 | call to malloc | test.cpp:856:12:856:35 | call to malloc | provenance | |
| test.cpp:856:12:856:35 | call to malloc | test.cpp:857:16:857:29 | ... + ... | provenance | |
| test.cpp:856:12:856:35 | call to malloc | test.cpp:857:16:857:29 | ... + ... | provenance | Config |
| test.cpp:857:16:857:29 | ... + ... | test.cpp:857:16:857:29 | ... + ... | provenance | |
| test.cpp:857:16:857:29 | ... + ... | test.cpp:860:5:860:11 | ... = ... | provenance | |
| test.cpp:857:16:857:29 | ... + ... | test.cpp:860:5:860:11 | ... = ... | provenance | |
| test.cpp:857:16:857:29 | ... + ... | test.cpp:860:5:860:11 | ... = ... | provenance | Config |
| test.cpp:857:16:857:29 | ... + ... | test.cpp:860:5:860:11 | ... = ... | provenance | Config |
| test.cpp:868:15:868:35 | call to g_malloc | test.cpp:868:15:868:35 | call to g_malloc | provenance | |
| test.cpp:868:15:868:35 | call to g_malloc | test.cpp:869:15:869:22 | ... + ... | provenance | |
| test.cpp:868:15:868:35 | call to g_malloc | test.cpp:869:15:869:22 | ... + ... | provenance | Config |
| test.cpp:869:15:869:22 | ... + ... | test.cpp:869:15:869:22 | ... + ... | provenance | |
| test.cpp:869:15:869:22 | ... + ... | test.cpp:870:14:870:15 | * ... | provenance | |
| test.cpp:869:15:869:22 | ... + ... | test.cpp:870:14:870:15 | * ... | provenance | |
| test.cpp:869:15:869:22 | ... + ... | test.cpp:870:14:870:15 | * ... | provenance | Config |
| test.cpp:869:15:869:22 | ... + ... | test.cpp:870:14:870:15 | * ... | provenance | Config |
nodes
| test.cpp:4:15:4:33 | call to malloc | semmle.label | call to malloc |
| test.cpp:4:15:4:33 | call to malloc | semmle.label | call to malloc |

22
cpp/ql/test/query-tests/Security/CWE/CWE-611/XXE.expected
View File

@@ -2,6 +2,7 @@ edges
| tests2.cpp:20:17:20:31 | *new | tests2.cpp:22:2:22:2 | *p | provenance | |
| tests2.cpp:20:17:20:31 | call to SAXParser | tests2.cpp:20:17:20:31 | *new | provenance | |
| tests2.cpp:33:17:33:31 | *new | tests2.cpp:37:2:37:2 | *p | provenance | |
| tests2.cpp:33:17:33:31 | *new | tests2.cpp:37:2:37:2 | *p | provenance | Config |
| tests2.cpp:33:17:33:31 | call to SAXParser | tests2.cpp:33:17:33:31 | *new | provenance | |
| tests2.cpp:49:12:49:12 | call to SAXParser | tests2.cpp:51:2:51:2 | *p | provenance | |
| tests3.cpp:23:21:23:53 | *call to createXMLReader | tests3.cpp:23:21:23:53 | *call to createXMLReader | provenance | |
@@ -14,46 +15,51 @@ edges
| tests3.cpp:48:24:48:56 | *call to createXMLReader | tests3.cpp:48:24:48:56 | *call to createXMLReader | provenance | |
| tests3.cpp:60:21:60:53 | *call to createXMLReader | tests3.cpp:60:21:60:53 | *call to createXMLReader | provenance | |
| tests3.cpp:60:21:60:53 | *call to createXMLReader | tests3.cpp:63:2:63:2 | *p | provenance | |
| tests3.cpp:60:21:60:53 | *call to createXMLReader | tests3.cpp:63:2:63:2 | *p | provenance | Config |
| tests3.cpp:67:21:67:53 | *call to createXMLReader | tests3.cpp:67:21:67:53 | *call to createXMLReader | provenance | |
| tests3.cpp:67:21:67:53 | *call to createXMLReader | tests3.cpp:70:2:70:2 | *p | provenance | |
| tests5.cpp:27:25:27:38 | *call to createLSParser | tests5.cpp:27:25:27:38 | *call to createLSParser | provenance | |
| tests5.cpp:27:25:27:38 | *call to createLSParser | tests5.cpp:29:2:29:2 | *p | provenance | |
| tests5.cpp:40:25:40:38 | *call to createLSParser | tests5.cpp:40:25:40:38 | *call to createLSParser | provenance | |
| tests5.cpp:40:25:40:38 | *call to createLSParser | tests5.cpp:43:2:43:2 | *p | provenance | |
| tests5.cpp:40:25:40:38 | *call to createLSParser | tests5.cpp:43:2:43:2 | *p | provenance | Config |
| tests5.cpp:55:25:55:38 | *call to createLSParser | tests5.cpp:55:25:55:38 | *call to createLSParser | provenance | |
| tests5.cpp:55:25:55:38 | *call to createLSParser | tests5.cpp:59:2:59:2 | *p | provenance | |
| tests5.cpp:55:25:55:38 | *call to createLSParser | tests5.cpp:59:2:59:2 | *p | provenance | Config |
| tests5.cpp:63:21:63:24 | **g_p2 | tests5.cpp:77:2:77:5 | *g_p2 | provenance | |
| tests5.cpp:70:2:70:32 | *... = ... | tests5.cpp:63:21:63:24 | **g_p2 | provenance | |
| tests5.cpp:70:17:70:30 | *call to createLSParser | tests5.cpp:70:2:70:32 | *... = ... | provenance | |
| tests5.cpp:81:25:81:38 | *call to createLSParser | tests5.cpp:81:25:81:38 | *call to createLSParser | provenance | |
| tests5.cpp:81:25:81:38 | *call to createLSParser | tests5.cpp:83:2:83:2 | *p | provenance | |
| tests5.cpp:81:25:81:38 | *call to createLSParser | tests5.cpp:83:2:83:2 | *p | provenance | |
| tests5.cpp:83:2:83:2 | *p | tests5.cpp:85:2:85:2 | *p | provenance | |
| tests5.cpp:83:2:83:2 | *p | tests5.cpp:85:2:85:2 | *p | provenance | Config |
| tests5.cpp:85:2:85:2 | *p | tests5.cpp:86:2:86:2 | *p | provenance | |
| tests5.cpp:86:2:86:2 | *p | tests5.cpp:88:2:88:2 | *p | provenance | |
| tests5.cpp:86:2:86:2 | *p | tests5.cpp:88:2:88:2 | *p | provenance | Config |
| tests5.cpp:88:2:88:2 | *p | tests5.cpp:89:2:89:2 | *p | provenance | |
| tests.cpp:15:23:15:43 | *new | tests.cpp:17:2:17:2 | *p | provenance | |
| tests.cpp:15:23:15:43 | call to XercesDOMParser | tests.cpp:15:23:15:43 | *new | provenance | |
| tests.cpp:28:23:28:43 | *new | tests.cpp:31:2:31:2 | *p | provenance | |
| tests.cpp:28:23:28:43 | *new | tests.cpp:31:2:31:2 | *p | provenance | Config |
| tests.cpp:28:23:28:43 | call to XercesDOMParser | tests.cpp:28:23:28:43 | *new | provenance | |
| tests.cpp:35:23:35:43 | *new | tests.cpp:37:2:37:2 | *p | provenance | |
| tests.cpp:35:23:35:43 | call to XercesDOMParser | tests.cpp:35:23:35:43 | *new | provenance | |
| tests.cpp:37:2:37:2 | *p | tests.cpp:37:2:37:2 | *p | provenance | |
| tests.cpp:37:2:37:2 | *p | tests.cpp:37:2:37:2 | *p | provenance | Config |
| tests.cpp:37:2:37:2 | *p | tests.cpp:38:2:38:2 | *p | provenance | |
| tests.cpp:38:2:38:2 | *p | tests.cpp:38:2:38:2 | *p | provenance | |
| tests.cpp:38:2:38:2 | *p | tests.cpp:38:2:38:2 | *p | provenance | Config |
| tests.cpp:38:2:38:2 | *p | tests.cpp:39:2:39:2 | *p | provenance | |
| tests.cpp:51:23:51:43 | *new | tests.cpp:53:2:53:2 | *p | provenance | |
| tests.cpp:51:23:51:43 | call to XercesDOMParser | tests.cpp:51:23:51:43 | *new | provenance | |
| tests.cpp:53:2:53:2 | *p | tests.cpp:53:2:53:2 | *p | provenance | |
| tests.cpp:53:2:53:2 | *p | tests.cpp:53:2:53:2 | *p | provenance | Config |
| tests.cpp:53:2:53:2 | *p | tests.cpp:55:2:55:2 | *p | provenance | |
| tests.cpp:55:2:55:2 | *p | tests.cpp:55:2:55:2 | *p | provenance | |
| tests.cpp:55:2:55:2 | *p | tests.cpp:55:2:55:2 | *p | provenance | Config |
| tests.cpp:55:2:55:2 | *p | tests.cpp:56:2:56:2 | *p | provenance | |
| tests.cpp:55:2:55:2 | *p | tests.cpp:57:2:57:2 | *p | provenance | |
| tests.cpp:57:2:57:2 | *p | tests.cpp:57:2:57:2 | *p | provenance | |
| tests.cpp:57:2:57:2 | *p | tests.cpp:57:2:57:2 | *p | provenance | Config |
| tests.cpp:57:2:57:2 | *p | tests.cpp:59:2:59:2 | *p | provenance | |
| tests.cpp:59:2:59:2 | *p | tests.cpp:59:2:59:2 | *p | provenance | |
| tests.cpp:59:2:59:2 | *p | tests.cpp:59:2:59:2 | *p | provenance | Config |
| tests.cpp:59:2:59:2 | *p | tests.cpp:60:2:60:2 | *p | provenance | |
| tests.cpp:66:23:66:43 | *new | tests.cpp:69:2:69:2 | *p | provenance | |
| tests.cpp:66:23:66:43 | *new | tests.cpp:69:2:69:2 | *p | provenance | Config |
| tests.cpp:66:23:66:43 | call to XercesDOMParser | tests.cpp:66:23:66:43 | *new | provenance | |
| tests.cpp:73:23:73:43 | *new | tests.cpp:80:2:80:2 | *p | provenance | |
| tests.cpp:73:23:73:43 | call to XercesDOMParser | tests.cpp:73:23:73:43 | *new | provenance | |

92
go/ql/test/experimental/CWE-1004/CookieWithoutHttpOnly.expected
View File

@@ -2,7 +2,7 @@ edges
| CookieWithoutHttpOnly.go:11:7:14:2 | struct literal | CookieWithoutHttpOnly.go:15:20:15:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:11:7:14:2 | struct literal | CookieWithoutHttpOnly.go:15:20:15:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:11:7:14:2 | struct literal | CookieWithoutHttpOnly.go:15:21:15:21 | c | provenance | |
| CookieWithoutHttpOnly.go:12:10:12:18 | "session" | CookieWithoutHttpOnly.go:11:7:14:2 | struct literal | provenance | |
| CookieWithoutHttpOnly.go:12:10:12:18 | "session" | CookieWithoutHttpOnly.go:11:7:14:2 | struct literal | provenance | Config |
| CookieWithoutHttpOnly.go:15:20:15:21 | &... | CookieWithoutHttpOnly.go:15:20:15:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:15:20:15:21 | &... | CookieWithoutHttpOnly.go:15:20:15:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:15:20:15:21 | &... | CookieWithoutHttpOnly.go:15:21:15:21 | c | provenance | |
@@ -16,8 +16,8 @@ edges
| CookieWithoutHttpOnly.go:19:7:23:2 | struct literal | CookieWithoutHttpOnly.go:24:20:24:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:19:7:23:2 | struct literal | CookieWithoutHttpOnly.go:24:21:24:21 | c | provenance | |
| CookieWithoutHttpOnly.go:19:7:23:2 | struct literal | CookieWithoutHttpOnly.go:24:21:24:21 | c | provenance | |
| CookieWithoutHttpOnly.go:20:13:20:21 | "session" | CookieWithoutHttpOnly.go:19:7:23:2 | struct literal | provenance | |
| CookieWithoutHttpOnly.go:22:13:22:17 | false | CookieWithoutHttpOnly.go:19:7:23:2 | struct literal | provenance | |
| CookieWithoutHttpOnly.go:20:13:20:21 | "session" | CookieWithoutHttpOnly.go:19:7:23:2 | struct literal | provenance | Config |
| CookieWithoutHttpOnly.go:22:13:22:17 | false | CookieWithoutHttpOnly.go:19:7:23:2 | struct literal | provenance | Config |
| CookieWithoutHttpOnly.go:24:20:24:21 | &... | CookieWithoutHttpOnly.go:24:20:24:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:24:20:24:21 | &... | CookieWithoutHttpOnly.go:24:20:24:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:24:20:24:21 | &... | CookieWithoutHttpOnly.go:24:20:24:21 | &... | provenance | |
@@ -38,8 +38,8 @@ edges
| CookieWithoutHttpOnly.go:28:7:32:2 | struct literal | CookieWithoutHttpOnly.go:33:20:33:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:28:7:32:2 | struct literal | CookieWithoutHttpOnly.go:33:21:33:21 | c | provenance | |
| CookieWithoutHttpOnly.go:28:7:32:2 | struct literal | CookieWithoutHttpOnly.go:33:21:33:21 | c | provenance | |
| CookieWithoutHttpOnly.go:29:13:29:21 | "session" | CookieWithoutHttpOnly.go:28:7:32:2 | struct literal | provenance | |
| CookieWithoutHttpOnly.go:31:13:31:16 | true | CookieWithoutHttpOnly.go:28:7:32:2 | struct literal | provenance | |
| CookieWithoutHttpOnly.go:29:13:29:21 | "session" | CookieWithoutHttpOnly.go:28:7:32:2 | struct literal | provenance | Config |
| CookieWithoutHttpOnly.go:31:13:31:16 | true | CookieWithoutHttpOnly.go:28:7:32:2 | struct literal | provenance | Config |
| CookieWithoutHttpOnly.go:33:20:33:21 | &... | CookieWithoutHttpOnly.go:33:20:33:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:33:20:33:21 | &... | CookieWithoutHttpOnly.go:33:20:33:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:33:20:33:21 | &... | CookieWithoutHttpOnly.go:33:20:33:21 | &... | provenance | |
@@ -60,8 +60,8 @@ edges
| CookieWithoutHttpOnly.go:37:7:40:2 | struct literal | CookieWithoutHttpOnly.go:42:20:42:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:37:7:40:2 | struct literal | CookieWithoutHttpOnly.go:42:21:42:21 | c | provenance | |
| CookieWithoutHttpOnly.go:37:7:40:2 | struct literal | CookieWithoutHttpOnly.go:42:21:42:21 | c | provenance | |
| CookieWithoutHttpOnly.go:38:10:38:18 | "session" | CookieWithoutHttpOnly.go:37:7:40:2 | struct literal | provenance | |
| CookieWithoutHttpOnly.go:41:15:41:18 | true | CookieWithoutHttpOnly.go:37:7:40:2 | struct literal | provenance | |
| CookieWithoutHttpOnly.go:38:10:38:18 | "session" | CookieWithoutHttpOnly.go:37:7:40:2 | struct literal | provenance | Config |
| CookieWithoutHttpOnly.go:41:15:41:18 | true | CookieWithoutHttpOnly.go:37:7:40:2 | struct literal | provenance | Config |
| CookieWithoutHttpOnly.go:42:20:42:21 | &... | CookieWithoutHttpOnly.go:42:20:42:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:42:20:42:21 | &... | CookieWithoutHttpOnly.go:42:20:42:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:42:20:42:21 | &... | CookieWithoutHttpOnly.go:42:20:42:21 | &... | provenance | |
@@ -82,8 +82,8 @@ edges
| CookieWithoutHttpOnly.go:46:7:49:2 | struct literal | CookieWithoutHttpOnly.go:51:20:51:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:46:7:49:2 | struct literal | CookieWithoutHttpOnly.go:51:21:51:21 | c | provenance | |
| CookieWithoutHttpOnly.go:46:7:49:2 | struct literal | CookieWithoutHttpOnly.go:51:21:51:21 | c | provenance | |
| CookieWithoutHttpOnly.go:47:10:47:18 | "session" | CookieWithoutHttpOnly.go:46:7:49:2 | struct literal | provenance | |
| CookieWithoutHttpOnly.go:50:15:50:19 | false | CookieWithoutHttpOnly.go:46:7:49:2 | struct literal | provenance | |
| CookieWithoutHttpOnly.go:47:10:47:18 | "session" | CookieWithoutHttpOnly.go:46:7:49:2 | struct literal | provenance | Config |
| CookieWithoutHttpOnly.go:50:15:50:19 | false | CookieWithoutHttpOnly.go:46:7:49:2 | struct literal | provenance | Config |
| CookieWithoutHttpOnly.go:51:20:51:21 | &... | CookieWithoutHttpOnly.go:51:20:51:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:51:20:51:21 | &... | CookieWithoutHttpOnly.go:51:20:51:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:51:20:51:21 | &... | CookieWithoutHttpOnly.go:51:20:51:21 | &... | provenance | |
@@ -106,8 +106,8 @@ edges
| CookieWithoutHttpOnly.go:56:7:60:2 | struct literal | CookieWithoutHttpOnly.go:61:20:61:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:56:7:60:2 | struct literal | CookieWithoutHttpOnly.go:61:21:61:21 | c | provenance | |
| CookieWithoutHttpOnly.go:56:7:60:2 | struct literal | CookieWithoutHttpOnly.go:61:21:61:21 | c | provenance | |
| CookieWithoutHttpOnly.go:57:13:57:21 | "session" | CookieWithoutHttpOnly.go:56:7:60:2 | struct literal | provenance | |
| CookieWithoutHttpOnly.go:59:13:59:15 | val | CookieWithoutHttpOnly.go:56:7:60:2 | struct literal | provenance | |
| CookieWithoutHttpOnly.go:57:13:57:21 | "session" | CookieWithoutHttpOnly.go:56:7:60:2 | struct literal | provenance | Config |
| CookieWithoutHttpOnly.go:59:13:59:15 | val | CookieWithoutHttpOnly.go:56:7:60:2 | struct literal | provenance | Config |
| CookieWithoutHttpOnly.go:61:20:61:21 | &... | CookieWithoutHttpOnly.go:61:20:61:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:61:20:61:21 | &... | CookieWithoutHttpOnly.go:61:20:61:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:61:20:61:21 | &... | CookieWithoutHttpOnly.go:61:20:61:21 | &... | provenance | |
@@ -130,8 +130,8 @@ edges
| CookieWithoutHttpOnly.go:66:7:70:2 | struct literal | CookieWithoutHttpOnly.go:71:20:71:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:66:7:70:2 | struct literal | CookieWithoutHttpOnly.go:71:21:71:21 | c | provenance | |
| CookieWithoutHttpOnly.go:66:7:70:2 | struct literal | CookieWithoutHttpOnly.go:71:21:71:21 | c | provenance | |
| CookieWithoutHttpOnly.go:67:13:67:21 | "session" | CookieWithoutHttpOnly.go:66:7:70:2 | struct literal | provenance | |
| CookieWithoutHttpOnly.go:69:13:69:15 | val | CookieWithoutHttpOnly.go:66:7:70:2 | struct literal | provenance | |
| CookieWithoutHttpOnly.go:67:13:67:21 | "session" | CookieWithoutHttpOnly.go:66:7:70:2 | struct literal | provenance | Config |
| CookieWithoutHttpOnly.go:69:13:69:15 | val | CookieWithoutHttpOnly.go:66:7:70:2 | struct literal | provenance | Config |
| CookieWithoutHttpOnly.go:71:20:71:21 | &... | CookieWithoutHttpOnly.go:71:20:71:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:71:20:71:21 | &... | CookieWithoutHttpOnly.go:71:20:71:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:71:20:71:21 | &... | CookieWithoutHttpOnly.go:71:20:71:21 | &... | provenance | |
@@ -154,8 +154,8 @@ edges
| CookieWithoutHttpOnly.go:76:7:79:2 | struct literal | CookieWithoutHttpOnly.go:81:20:81:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:76:7:79:2 | struct literal | CookieWithoutHttpOnly.go:81:21:81:21 | c | provenance | |
| CookieWithoutHttpOnly.go:76:7:79:2 | struct literal | CookieWithoutHttpOnly.go:81:21:81:21 | c | provenance | |
| CookieWithoutHttpOnly.go:77:10:77:18 | "session" | CookieWithoutHttpOnly.go:76:7:79:2 | struct literal | provenance | |
| CookieWithoutHttpOnly.go:80:15:80:17 | val | CookieWithoutHttpOnly.go:76:7:79:2 | struct literal | provenance | |
| CookieWithoutHttpOnly.go:77:10:77:18 | "session" | CookieWithoutHttpOnly.go:76:7:79:2 | struct literal | provenance | Config |
| CookieWithoutHttpOnly.go:80:15:80:17 | val | CookieWithoutHttpOnly.go:76:7:79:2 | struct literal | provenance | Config |
| CookieWithoutHttpOnly.go:81:20:81:21 | &... | CookieWithoutHttpOnly.go:81:20:81:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:81:20:81:21 | &... | CookieWithoutHttpOnly.go:81:20:81:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:81:20:81:21 | &... | CookieWithoutHttpOnly.go:81:20:81:21 | &... | provenance | |
@@ -178,8 +178,8 @@ edges
| CookieWithoutHttpOnly.go:86:7:89:2 | struct literal | CookieWithoutHttpOnly.go:91:20:91:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:86:7:89:2 | struct literal | CookieWithoutHttpOnly.go:91:21:91:21 | c | provenance | |
| CookieWithoutHttpOnly.go:86:7:89:2 | struct literal | CookieWithoutHttpOnly.go:91:21:91:21 | c | provenance | |
| CookieWithoutHttpOnly.go:87:10:87:18 | "session" | CookieWithoutHttpOnly.go:86:7:89:2 | struct literal | provenance | |
| CookieWithoutHttpOnly.go:90:15:90:17 | val | CookieWithoutHttpOnly.go:86:7:89:2 | struct literal | provenance | |
| CookieWithoutHttpOnly.go:87:10:87:18 | "session" | CookieWithoutHttpOnly.go:86:7:89:2 | struct literal | provenance | Config |
| CookieWithoutHttpOnly.go:90:15:90:17 | val | CookieWithoutHttpOnly.go:86:7:89:2 | struct literal | provenance | Config |
| CookieWithoutHttpOnly.go:91:20:91:21 | &... | CookieWithoutHttpOnly.go:91:20:91:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:91:20:91:21 | &... | CookieWithoutHttpOnly.go:91:20:91:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:91:20:91:21 | &... | CookieWithoutHttpOnly.go:91:20:91:21 | &... | provenance | |
@@ -197,7 +197,7 @@ edges
| CookieWithoutHttpOnly.go:95:7:98:2 | struct literal | CookieWithoutHttpOnly.go:100:20:100:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:95:7:98:2 | struct literal | CookieWithoutHttpOnly.go:100:20:100:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:95:7:98:2 | struct literal | CookieWithoutHttpOnly.go:100:21:100:21 | c | provenance | |
| CookieWithoutHttpOnly.go:99:15:99:19 | false | CookieWithoutHttpOnly.go:95:7:98:2 | struct literal | provenance | |
| CookieWithoutHttpOnly.go:99:15:99:19 | false | CookieWithoutHttpOnly.go:95:7:98:2 | struct literal | provenance | Config |
| CookieWithoutHttpOnly.go:100:20:100:21 | &... | CookieWithoutHttpOnly.go:100:20:100:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:100:20:100:21 | &... | CookieWithoutHttpOnly.go:100:20:100:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:100:20:100:21 | &... | CookieWithoutHttpOnly.go:100:21:100:21 | c | provenance | |
@@ -212,8 +212,8 @@ edges
| CookieWithoutHttpOnly.go:105:7:108:2 | struct literal | CookieWithoutHttpOnly.go:110:20:110:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:105:7:108:2 | struct literal | CookieWithoutHttpOnly.go:110:21:110:21 | c | provenance | |
| CookieWithoutHttpOnly.go:105:7:108:2 | struct literal | CookieWithoutHttpOnly.go:110:21:110:21 | c | provenance | |
| CookieWithoutHttpOnly.go:106:10:106:13 | name | CookieWithoutHttpOnly.go:105:7:108:2 | struct literal | provenance | |
| CookieWithoutHttpOnly.go:109:15:109:19 | false | CookieWithoutHttpOnly.go:105:7:108:2 | struct literal | provenance | |
| CookieWithoutHttpOnly.go:106:10:106:13 | name | CookieWithoutHttpOnly.go:105:7:108:2 | struct literal | provenance | Config |
| CookieWithoutHttpOnly.go:109:15:109:19 | false | CookieWithoutHttpOnly.go:105:7:108:2 | struct literal | provenance | Config |
| CookieWithoutHttpOnly.go:110:20:110:21 | &... | CookieWithoutHttpOnly.go:110:20:110:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:110:20:110:21 | &... | CookieWithoutHttpOnly.go:110:20:110:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:110:20:110:21 | &... | CookieWithoutHttpOnly.go:110:20:110:21 | &... | provenance | |
@@ -235,8 +235,8 @@ edges
| CookieWithoutHttpOnly.go:115:7:118:2 | struct literal | CookieWithoutHttpOnly.go:120:20:120:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:115:7:118:2 | struct literal | CookieWithoutHttpOnly.go:120:21:120:21 | c | provenance | |
| CookieWithoutHttpOnly.go:115:7:118:2 | struct literal | CookieWithoutHttpOnly.go:120:21:120:21 | c | provenance | |
| CookieWithoutHttpOnly.go:116:10:116:16 | session | CookieWithoutHttpOnly.go:115:7:118:2 | struct literal | provenance | |
| CookieWithoutHttpOnly.go:119:15:119:19 | false | CookieWithoutHttpOnly.go:115:7:118:2 | struct literal | provenance | |
| CookieWithoutHttpOnly.go:116:10:116:16 | session | CookieWithoutHttpOnly.go:115:7:118:2 | struct literal | provenance | Config |
| CookieWithoutHttpOnly.go:119:15:119:19 | false | CookieWithoutHttpOnly.go:115:7:118:2 | struct literal | provenance | Config |
| CookieWithoutHttpOnly.go:120:20:120:21 | &... | CookieWithoutHttpOnly.go:120:20:120:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:120:20:120:21 | &... | CookieWithoutHttpOnly.go:120:20:120:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:120:20:120:21 | &... | CookieWithoutHttpOnly.go:120:20:120:21 | &... | provenance | |
@@ -259,7 +259,7 @@ edges
| CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore | CookieWithoutHttpOnly.go:183:16:183:20 | store | provenance | |
| CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore | CookieWithoutHttpOnly.go:195:16:195:20 | store | provenance | |
| CookieWithoutHttpOnly.go:126:2:126:43 | ... := ...[0] | CookieWithoutHttpOnly.go:129:2:129:8 | session | provenance | |
| CookieWithoutHttpOnly.go:126:16:126:20 | store | CookieWithoutHttpOnly.go:126:2:126:43 | ... := ...[0] | provenance | |
| CookieWithoutHttpOnly.go:126:16:126:20 | store | CookieWithoutHttpOnly.go:126:2:126:43 | ... := ...[0] | provenance | Config |
| CookieWithoutHttpOnly.go:133:2:133:9 | definition of httpOnly | CookieWithoutHttpOnly.go:139:13:139:20 | httpOnly | provenance | |
| CookieWithoutHttpOnly.go:133:14:133:18 | false | CookieWithoutHttpOnly.go:139:13:139:20 | httpOnly | provenance | |
| CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:135:2:135:8 | session [pointer] | provenance | |
@@ -269,7 +269,7 @@ edges
| CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance | |
| CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance | |
| CookieWithoutHttpOnly.go:134:2:134:43 | ... := ...[0] | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance | |
| CookieWithoutHttpOnly.go:134:16:134:20 | store | CookieWithoutHttpOnly.go:134:2:134:43 | ... := ...[0] | provenance | |
| CookieWithoutHttpOnly.go:134:16:134:20 | store | CookieWithoutHttpOnly.go:134:2:134:43 | ... := ...[0] | provenance | Config |
| CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | provenance | |
| CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | provenance | |
| CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | provenance | |
@@ -292,20 +292,20 @@ edges
| CookieWithoutHttpOnly.go:137:2:137:8 | session | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | provenance | |
| CookieWithoutHttpOnly.go:137:2:137:8 | session [pointer] | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | provenance | |
| CookieWithoutHttpOnly.go:137:2:137:8 | session [pointer] | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | provenance | |
| CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | provenance | |
| CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | provenance | |
| CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:2:137:8 | session | provenance | |
| CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:2:137:8 | session | provenance | |
| CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | provenance | Config |
| CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | provenance | Config |
| CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:2:137:8 | session | provenance | Config |
| CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:2:137:8 | session | provenance | Config |
| CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:20:140:2 | &... | provenance | |
| CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:21:140:2 | struct literal | provenance | |
| CookieWithoutHttpOnly.go:137:21:140:2 | struct literal | CookieWithoutHttpOnly.go:137:20:140:2 | &... | provenance | |
| CookieWithoutHttpOnly.go:137:21:140:2 | struct literal | CookieWithoutHttpOnly.go:137:20:140:2 | &... | provenance | |
| CookieWithoutHttpOnly.go:139:13:139:20 | httpOnly | CookieWithoutHttpOnly.go:137:21:140:2 | struct literal | provenance | |
| CookieWithoutHttpOnly.go:139:13:139:20 | httpOnly | CookieWithoutHttpOnly.go:137:21:140:2 | struct literal | provenance | Config |
| CookieWithoutHttpOnly.go:146:2:146:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:147:2:147:8 | session [pointer] | provenance | |
| CookieWithoutHttpOnly.go:146:2:146:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:149:2:149:8 | session [pointer] | provenance | |
| CookieWithoutHttpOnly.go:146:2:146:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:153:2:153:8 | session | provenance | |
| CookieWithoutHttpOnly.go:146:2:146:43 | ... := ...[0] | CookieWithoutHttpOnly.go:153:2:153:8 | session | provenance | |
| CookieWithoutHttpOnly.go:146:16:146:20 | store | CookieWithoutHttpOnly.go:146:2:146:43 | ... := ...[0] | provenance | |
| CookieWithoutHttpOnly.go:146:16:146:20 | store | CookieWithoutHttpOnly.go:146:2:146:43 | ... := ...[0] | provenance | Config |
| CookieWithoutHttpOnly.go:147:2:147:8 | implicit dereference | CookieWithoutHttpOnly.go:146:2:146:8 | definition of session [pointer] | provenance | |
| CookieWithoutHttpOnly.go:147:2:147:8 | implicit dereference | CookieWithoutHttpOnly.go:147:2:147:8 | implicit dereference | provenance | |
| CookieWithoutHttpOnly.go:147:2:147:8 | implicit dereference | CookieWithoutHttpOnly.go:149:2:149:8 | session | provenance | |
@@ -317,8 +317,8 @@ edges
| CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference | CookieWithoutHttpOnly.go:153:2:153:8 | session | provenance | |
| CookieWithoutHttpOnly.go:149:2:149:8 | session | CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference | provenance | |
| CookieWithoutHttpOnly.go:149:2:149:8 | session [pointer] | CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference | provenance | |
| CookieWithoutHttpOnly.go:149:20:151:2 | &... | CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference | provenance | |
| CookieWithoutHttpOnly.go:149:20:151:2 | &... | CookieWithoutHttpOnly.go:149:2:149:8 | session | provenance | |
| CookieWithoutHttpOnly.go:149:20:151:2 | &... | CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference | provenance | Config |
| CookieWithoutHttpOnly.go:149:20:151:2 | &... | CookieWithoutHttpOnly.go:149:2:149:8 | session | provenance | Config |
| CookieWithoutHttpOnly.go:149:20:151:2 | &... | CookieWithoutHttpOnly.go:149:20:151:2 | &... | provenance | |
| CookieWithoutHttpOnly.go:149:21:151:2 | struct literal | CookieWithoutHttpOnly.go:149:20:151:2 | &... | provenance | |
| CookieWithoutHttpOnly.go:157:2:157:9 | definition of httpOnly | CookieWithoutHttpOnly.go:163:13:163:20 | httpOnly | provenance | |
@@ -330,7 +330,7 @@ edges
| CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance | |
| CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance | |
| CookieWithoutHttpOnly.go:158:2:158:43 | ... := ...[0] | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance | |
| CookieWithoutHttpOnly.go:158:16:158:20 | store | CookieWithoutHttpOnly.go:158:2:158:43 | ... := ...[0] | provenance | |
| CookieWithoutHttpOnly.go:158:16:158:20 | store | CookieWithoutHttpOnly.go:158:2:158:43 | ... := ...[0] | provenance | Config |
| CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | provenance | |
| CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | provenance | |
| CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | provenance | |
@@ -353,15 +353,15 @@ edges
| CookieWithoutHttpOnly.go:161:2:161:8 | session | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | provenance | |
| CookieWithoutHttpOnly.go:161:2:161:8 | session [pointer] | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | provenance | |
| CookieWithoutHttpOnly.go:161:2:161:8 | session [pointer] | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | provenance | |
| CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | provenance | |
| CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | provenance | |
| CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:2:161:8 | session | provenance | |
| CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:2:161:8 | session | provenance | |
| CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | provenance | Config |
| CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | provenance | Config |
| CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:2:161:8 | session | provenance | Config |
| CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:2:161:8 | session | provenance | Config |
| CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:20:164:2 | &... | provenance | |
| CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:21:164:2 | struct literal | provenance | |
| CookieWithoutHttpOnly.go:161:21:164:2 | struct literal | CookieWithoutHttpOnly.go:161:20:164:2 | &... | provenance | |
| CookieWithoutHttpOnly.go:161:21:164:2 | struct literal | CookieWithoutHttpOnly.go:161:20:164:2 | &... | provenance | |
| CookieWithoutHttpOnly.go:163:13:163:20 | httpOnly | CookieWithoutHttpOnly.go:161:21:164:2 | struct literal | provenance | |
| CookieWithoutHttpOnly.go:163:13:163:20 | httpOnly | CookieWithoutHttpOnly.go:161:21:164:2 | struct literal | provenance | Config |
| CookieWithoutHttpOnly.go:169:56:169:63 | argument corresponding to httpOnly | CookieWithoutHttpOnly.go:175:13:175:20 | httpOnly | provenance | |
| CookieWithoutHttpOnly.go:169:56:169:63 | definition of httpOnly | CookieWithoutHttpOnly.go:175:13:175:20 | httpOnly | provenance | |
| CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:171:2:171:8 | session [pointer] | provenance | |
@@ -371,7 +371,7 @@ edges
| CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance | |
| CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance | |
| CookieWithoutHttpOnly.go:170:2:170:43 | ... := ...[0] | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance | |
| CookieWithoutHttpOnly.go:170:16:170:20 | store | CookieWithoutHttpOnly.go:170:2:170:43 | ... := ...[0] | provenance | |
| CookieWithoutHttpOnly.go:170:16:170:20 | store | CookieWithoutHttpOnly.go:170:2:170:43 | ... := ...[0] | provenance | Config |
| CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | provenance | |
| CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | provenance | |
| CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | provenance | |
@@ -394,19 +394,19 @@ edges
| CookieWithoutHttpOnly.go:173:2:173:8 | session | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | provenance | |
| CookieWithoutHttpOnly.go:173:2:173:8 | session [pointer] | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | provenance | |
| CookieWithoutHttpOnly.go:173:2:173:8 | session [pointer] | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | provenance | |
| CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | provenance | |
| CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | provenance | |
| CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:2:173:8 | session | provenance | |
| CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:2:173:8 | session | provenance | |
| CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | provenance | Config |
| CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | provenance | Config |
| CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:2:173:8 | session | provenance | Config |
| CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:2:173:8 | session | provenance | Config |
| CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:20:176:2 | &... | provenance | |
| CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:21:176:2 | struct literal | provenance | |
| CookieWithoutHttpOnly.go:173:21:176:2 | struct literal | CookieWithoutHttpOnly.go:173:20:176:2 | &... | provenance | |
| CookieWithoutHttpOnly.go:173:21:176:2 | struct literal | CookieWithoutHttpOnly.go:173:20:176:2 | &... | provenance | |
| CookieWithoutHttpOnly.go:175:13:175:20 | httpOnly | CookieWithoutHttpOnly.go:173:21:176:2 | struct literal | provenance | |
| CookieWithoutHttpOnly.go:175:13:175:20 | httpOnly | CookieWithoutHttpOnly.go:173:21:176:2 | struct literal | provenance | Config |
| CookieWithoutHttpOnly.go:183:2:183:43 | ... := ...[0] | CookieWithoutHttpOnly.go:191:19:191:25 | session | provenance | |
| CookieWithoutHttpOnly.go:183:16:183:20 | store | CookieWithoutHttpOnly.go:183:2:183:43 | ... := ...[0] | provenance | |
| CookieWithoutHttpOnly.go:183:16:183:20 | store | CookieWithoutHttpOnly.go:183:2:183:43 | ... := ...[0] | provenance | Config |
| CookieWithoutHttpOnly.go:195:2:195:43 | ... := ...[0] | CookieWithoutHttpOnly.go:202:19:202:25 | session | provenance | |
| CookieWithoutHttpOnly.go:195:16:195:20 | store | CookieWithoutHttpOnly.go:195:2:195:43 | ... := ...[0] | provenance | |
| CookieWithoutHttpOnly.go:195:16:195:20 | store | CookieWithoutHttpOnly.go:195:2:195:43 | ... := ...[0] | provenance | Config |
nodes
| CookieWithoutHttpOnly.go:11:7:14:2 | struct literal | semmle.label | struct literal |
| CookieWithoutHttpOnly.go:12:10:12:18 | "session" | semmle.label | "session" |

8
go/ql/test/experimental/CWE-369/DivideByZero.expected
View File

@@ -2,22 +2,22 @@ edges
| DivideByZero.go:10:12:10:16 | selection of URL | DivideByZero.go:10:12:10:24 | call to Query | provenance | MaD:735 |
| DivideByZero.go:10:12:10:24 | call to Query | DivideByZero.go:11:27:11:32 | param1 | provenance | |
| DivideByZero.go:11:2:11:33 | ... := ...[0] | DivideByZero.go:12:16:12:20 | value | provenance | |
| DivideByZero.go:11:27:11:32 | param1 | DivideByZero.go:11:2:11:33 | ... := ...[0] | provenance | |
| DivideByZero.go:11:27:11:32 | param1 | DivideByZero.go:11:2:11:33 | ... := ...[0] | provenance | Config |
| DivideByZero.go:17:12:17:16 | selection of URL | DivideByZero.go:17:12:17:24 | call to Query | provenance | MaD:735 |
| DivideByZero.go:17:12:17:24 | call to Query | DivideByZero.go:18:11:18:24 | type conversion | provenance | |
| DivideByZero.go:18:11:18:24 | type conversion | DivideByZero.go:19:16:19:20 | value | provenance | |
| DivideByZero.go:24:12:24:16 | selection of URL | DivideByZero.go:24:12:24:24 | call to Query | provenance | MaD:735 |
| DivideByZero.go:24:12:24:24 | call to Query | DivideByZero.go:25:31:25:36 | param1 | provenance | |
| DivideByZero.go:25:2:25:45 | ... := ...[0] | DivideByZero.go:26:16:26:20 | value | provenance | |
| DivideByZero.go:25:31:25:36 | param1 | DivideByZero.go:25:2:25:45 | ... := ...[0] | provenance | |
| DivideByZero.go:25:31:25:36 | param1 | DivideByZero.go:25:2:25:45 | ... := ...[0] | provenance | Config |
| DivideByZero.go:31:12:31:16 | selection of URL | DivideByZero.go:31:12:31:24 | call to Query | provenance | MaD:735 |
| DivideByZero.go:31:12:31:24 | call to Query | DivideByZero.go:32:33:32:38 | param1 | provenance | |
| DivideByZero.go:32:2:32:43 | ... := ...[0] | DivideByZero.go:33:16:33:20 | value | provenance | |
| DivideByZero.go:32:33:32:38 | param1 | DivideByZero.go:32:2:32:43 | ... := ...[0] | provenance | |
| DivideByZero.go:32:33:32:38 | param1 | DivideByZero.go:32:2:32:43 | ... := ...[0] | provenance | Config |
| DivideByZero.go:38:12:38:16 | selection of URL | DivideByZero.go:38:12:38:24 | call to Query | provenance | MaD:735 |
| DivideByZero.go:38:12:38:24 | call to Query | DivideByZero.go:39:32:39:37 | param1 | provenance | |
| DivideByZero.go:39:2:39:46 | ... := ...[0] | DivideByZero.go:40:16:40:20 | value | provenance | |
| DivideByZero.go:39:32:39:37 | param1 | DivideByZero.go:39:2:39:46 | ... := ...[0] | provenance | |
| DivideByZero.go:39:32:39:37 | param1 | DivideByZero.go:39:2:39:46 | ... := ...[0] | provenance | Config |
| DivideByZero.go:54:12:54:16 | selection of URL | DivideByZero.go:54:12:54:24 | call to Query | provenance | MaD:735 |
| DivideByZero.go:54:12:54:24 | call to Query | DivideByZero.go:55:11:55:24 | type conversion | provenance | |
| DivideByZero.go:55:11:55:24 | type conversion | DivideByZero.go:57:17:57:21 | value | provenance | |

47
go/ql/test/experimental/CWE-522-DecompressionBombs/DecompressionBombs.expected
View File

@@ -22,21 +22,22 @@ edges
| test.go:128:20:128:27 | definition of filename | test.go:130:33:130:40 | filename | provenance | |
| test.go:128:20:128:27 | definition of filename | test.go:143:51:143:58 | filename | provenance | |
| test.go:130:2:130:41 | ... := ...[0] | test.go:132:12:132:12 | f | provenance | |
| test.go:130:33:130:40 | filename | test.go:130:2:130:41 | ... := ...[0] | provenance | |
| test.go:130:33:130:40 | filename | test.go:130:2:130:41 | ... := ...[0] | provenance | Config |
| test.go:132:3:132:19 | ... := ...[0] | test.go:134:37:134:38 | rc | provenance | |
| test.go:132:12:132:12 | f | test.go:132:3:132:19 | ... := ...[0] | provenance | MaD:8 |
| test.go:143:2:143:59 | ... := ...[0] | test.go:144:20:144:37 | implicit dereference | provenance | |
| test.go:143:51:143:58 | filename | test.go:143:2:143:59 | ... := ...[0] | provenance | |
| test.go:143:51:143:58 | filename | test.go:143:2:143:59 | ... := ...[0] | provenance | Config |
| test.go:144:20:144:37 | implicit dereference | test.go:144:20:144:37 | implicit dereference | provenance | |
| test.go:144:20:144:37 | implicit dereference | test.go:144:20:144:37 | implicit read of field Reader | provenance | |
| test.go:144:20:144:37 | implicit dereference | test.go:144:20:144:37 | implicit read of field Reader | provenance | Config |
| test.go:144:20:144:37 | implicit read of field Reader | test.go:145:12:145:12 | f | provenance | |
| test.go:145:12:145:12 | f | test.go:145:12:145:19 | call to Open | provenance | |
| test.go:145:12:145:12 | f | test.go:145:12:145:19 | call to Open | provenance | Config |
| test.go:145:12:145:19 | call to Open | test.go:147:37:147:38 | rc | provenance | |
| test.go:158:19:158:22 | definition of file | test.go:159:25:159:28 | file | provenance | |
| test.go:159:2:159:29 | ... := ...[0] | test.go:160:48:160:52 | file1 | provenance | |
| test.go:159:25:159:28 | file | test.go:159:2:159:29 | ... := ...[0] | provenance | MaD:547 |
| test.go:160:2:160:69 | ... := ...[0] | test.go:163:26:163:29 | file | provenance | |
| test.go:160:32:160:53 | call to NewReader | test.go:160:2:160:69 | ... := ...[0] | provenance | |
| test.go:160:32:160:53 | call to NewReader | test.go:160:2:160:69 | ... := ...[0] | provenance | Config |
| test.go:160:48:160:52 | file1 | test.go:160:32:160:53 | call to NewReader | provenance | MaD:43 |
| test.go:163:3:163:36 | ... := ...[0] | test.go:164:36:164:51 | fileReaderCloser | provenance | |
| test.go:163:26:163:29 | file | test.go:163:3:163:36 | ... := ...[0] | provenance | MaD:8 |
@@ -44,56 +45,56 @@ edges
| test.go:170:2:170:29 | ... := ...[0] | test.go:171:57:171:61 | file2 | provenance | |
| test.go:170:25:170:28 | file | test.go:170:2:170:29 | ... := ...[0] | provenance | MaD:547 |
| test.go:171:2:171:78 | ... := ...[0] | test.go:175:26:175:29 | file | provenance | |
| test.go:171:41:171:62 | call to NewReader | test.go:171:2:171:78 | ... := ...[0] | provenance | |
| test.go:171:41:171:62 | call to NewReader | test.go:171:2:171:78 | ... := ...[0] | provenance | Config |
| test.go:171:57:171:61 | file2 | test.go:171:41:171:62 | call to NewReader | provenance | MaD:43 |
| test.go:175:26:175:29 | file | test.go:175:26:175:36 | call to Open | provenance | |
| test.go:175:26:175:29 | file | test.go:175:26:175:36 | call to Open | provenance | Config |
| test.go:175:26:175:36 | call to Open | test.go:176:36:176:51 | fileReaderCloser | provenance | |
| test.go:181:17:181:20 | definition of file | test.go:184:41:184:44 | file | provenance | |
| test.go:184:2:184:73 | ... := ...[0] | test.go:186:2:186:12 | bzip2Reader | provenance | |
| test.go:184:2:184:73 | ... := ...[0] | test.go:187:26:187:36 | bzip2Reader | provenance | |
| test.go:184:41:184:44 | file | test.go:184:2:184:73 | ... := ...[0] | provenance | |
| test.go:184:41:184:44 | file | test.go:184:2:184:73 | ... := ...[0] | provenance | Config |
| test.go:187:12:187:37 | call to NewReader | test.go:189:18:189:24 | tarRead | provenance | |
| test.go:187:26:187:36 | bzip2Reader | test.go:187:12:187:37 | call to NewReader | provenance | MaD:1 |
| test.go:189:18:189:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance | |
| test.go:208:12:208:15 | definition of file | test.go:211:33:211:36 | file | provenance | |
| test.go:211:17:211:37 | call to NewReader | test.go:213:2:213:12 | bzip2Reader | provenance | |
| test.go:211:17:211:37 | call to NewReader | test.go:214:26:214:36 | bzip2Reader | provenance | |
| test.go:211:33:211:36 | file | test.go:211:17:211:37 | call to NewReader | provenance | |
| test.go:211:33:211:36 | file | test.go:211:17:211:37 | call to NewReader | provenance | Config |
| test.go:214:12:214:37 | call to NewReader | test.go:216:18:216:24 | tarRead | provenance | |
| test.go:214:26:214:36 | bzip2Reader | test.go:214:12:214:37 | call to NewReader | provenance | MaD:1 |
| test.go:216:18:216:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance | |
| test.go:233:12:233:15 | definition of file | test.go:236:33:236:36 | file | provenance | |
| test.go:236:17:236:37 | call to NewReader | test.go:238:2:238:12 | flateReader | provenance | |
| test.go:236:17:236:37 | call to NewReader | test.go:239:26:239:36 | flateReader | provenance | |
| test.go:236:33:236:36 | file | test.go:236:17:236:37 | call to NewReader | provenance | |
| test.go:236:33:236:36 | file | test.go:236:17:236:37 | call to NewReader | provenance | Config |
| test.go:239:12:239:37 | call to NewReader | test.go:241:18:241:24 | tarRead | provenance | |
| test.go:239:26:239:36 | flateReader | test.go:239:12:239:37 | call to NewReader | provenance | MaD:1 |
| test.go:241:18:241:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance | |
| test.go:258:21:258:24 | definition of file | test.go:261:42:261:45 | file | provenance | |
| test.go:261:17:261:46 | call to NewReader | test.go:263:2:263:12 | flateReader | provenance | |
| test.go:261:17:261:46 | call to NewReader | test.go:264:26:264:36 | flateReader | provenance | |
| test.go:261:42:261:45 | file | test.go:261:17:261:46 | call to NewReader | provenance | |
| test.go:261:42:261:45 | file | test.go:261:17:261:46 | call to NewReader | provenance | Config |
| test.go:264:12:264:37 | call to NewReader | test.go:266:18:266:24 | tarRead | provenance | |
| test.go:264:26:264:36 | flateReader | test.go:264:12:264:37 | call to NewReader | provenance | MaD:1 |
| test.go:266:18:266:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance | |
| test.go:283:17:283:20 | definition of file | test.go:286:41:286:44 | file | provenance | |
| test.go:286:2:286:73 | ... := ...[0] | test.go:288:2:288:12 | flateReader | provenance | |
| test.go:286:2:286:73 | ... := ...[0] | test.go:289:26:289:36 | flateReader | provenance | |
| test.go:286:41:286:44 | file | test.go:286:2:286:73 | ... := ...[0] | provenance | |
| test.go:286:41:286:44 | file | test.go:286:2:286:73 | ... := ...[0] | provenance | Config |
| test.go:289:12:289:37 | call to NewReader | test.go:291:18:291:24 | tarRead | provenance | |
| test.go:289:26:289:36 | flateReader | test.go:289:12:289:37 | call to NewReader | provenance | MaD:1 |
| test.go:291:18:291:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance | |
| test.go:308:20:308:23 | definition of file | test.go:311:43:311:46 | file | provenance | |
| test.go:311:2:311:47 | ... := ...[0] | test.go:313:2:313:11 | zlibReader | provenance | |
| test.go:311:2:311:47 | ... := ...[0] | test.go:314:26:314:35 | zlibReader | provenance | |
| test.go:311:43:311:46 | file | test.go:311:2:311:47 | ... := ...[0] | provenance | |
| test.go:311:43:311:46 | file | test.go:311:2:311:47 | ... := ...[0] | provenance | Config |
| test.go:314:12:314:36 | call to NewReader | test.go:316:18:316:24 | tarRead | provenance | |
| test.go:314:26:314:35 | zlibReader | test.go:314:12:314:36 | call to NewReader | provenance | MaD:1 |
| test.go:316:18:316:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance | |
| test.go:333:11:333:14 | definition of file | test.go:336:34:336:37 | file | provenance | |
| test.go:336:2:336:38 | ... := ...[0] | test.go:338:2:338:11 | zlibReader | provenance | |
| test.go:336:2:336:38 | ... := ...[0] | test.go:339:26:339:35 | zlibReader | provenance | |
| test.go:336:34:336:37 | file | test.go:336:2:336:38 | ... := ...[0] | provenance | |
| test.go:336:34:336:37 | file | test.go:336:2:336:38 | ... := ...[0] | provenance | Config |
| test.go:339:12:339:36 | call to NewReader | test.go:341:18:341:24 | tarRead | provenance | |
| test.go:339:26:339:35 | zlibReader | test.go:339:12:339:36 | call to NewReader | provenance | MaD:1 |
| test.go:341:18:341:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance | |
@@ -101,7 +102,7 @@ edges
| test.go:361:18:361:39 | call to NewReader | test.go:363:2:363:13 | snappyReader | provenance | |
| test.go:361:18:361:39 | call to NewReader | test.go:364:2:364:13 | snappyReader | provenance | |
| test.go:361:18:361:39 | call to NewReader | test.go:365:26:365:37 | snappyReader | provenance | |
| test.go:361:35:361:38 | file | test.go:361:18:361:39 | call to NewReader | provenance | |
| test.go:361:35:361:38 | file | test.go:361:18:361:39 | call to NewReader | provenance | Config |
| test.go:365:12:365:38 | call to NewReader | test.go:367:18:367:24 | tarRead | provenance | |
| test.go:365:26:365:37 | snappyReader | test.go:365:12:365:38 | call to NewReader | provenance | MaD:1 |
| test.go:367:18:367:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance | |
@@ -110,7 +111,7 @@ edges
| test.go:387:18:387:48 | call to NewReader | test.go:391:2:391:13 | snappyReader | provenance | |
| test.go:387:18:387:48 | call to NewReader | test.go:392:2:392:13 | snappyReader | provenance | |
| test.go:387:18:387:48 | call to NewReader | test.go:393:26:393:37 | snappyReader | provenance | |
| test.go:387:44:387:47 | file | test.go:387:18:387:48 | call to NewReader | provenance | |
| test.go:387:44:387:47 | file | test.go:387:18:387:48 | call to NewReader | provenance | Config |
| test.go:393:12:393:38 | call to NewReader | test.go:395:18:395:24 | tarRead | provenance | |
| test.go:393:26:393:37 | snappyReader | test.go:393:12:393:38 | call to NewReader | provenance | MaD:1 |
| test.go:395:18:395:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance | |
@@ -119,18 +120,18 @@ edges
| test.go:415:14:415:31 | call to NewReader | test.go:418:2:418:9 | s2Reader | provenance | |
| test.go:415:14:415:31 | call to NewReader | test.go:420:2:420:9 | s2Reader | provenance | |
| test.go:415:14:415:31 | call to NewReader | test.go:421:26:421:33 | s2Reader | provenance | |
| test.go:415:27:415:30 | file | test.go:415:14:415:31 | call to NewReader | provenance | |
| test.go:415:27:415:30 | file | test.go:415:14:415:31 | call to NewReader | provenance | Config |
| test.go:421:12:421:34 | call to NewReader | test.go:423:18:423:24 | tarRead | provenance | |
| test.go:421:26:421:33 | s2Reader | test.go:421:12:421:34 | call to NewReader | provenance | MaD:1 |
| test.go:423:18:423:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance | |
| test.go:440:19:440:21 | definition of src | test.go:441:34:441:36 | src | provenance | |
| test.go:441:2:441:37 | ... := ...[0] | test.go:444:12:444:32 | type conversion | provenance | |
| test.go:441:34:441:36 | src | test.go:441:2:441:37 | ... := ...[0] | provenance | |
| test.go:441:34:441:36 | src | test.go:441:2:441:37 | ... := ...[0] | provenance | Config |
| test.go:444:12:444:32 | type conversion | test.go:445:23:445:28 | newSrc | provenance | |
| test.go:447:11:447:14 | definition of file | test.go:450:34:450:37 | file | provenance | |
| test.go:450:2:450:38 | ... := ...[0] | test.go:452:2:452:11 | gzipReader | provenance | |
| test.go:450:2:450:38 | ... := ...[0] | test.go:453:26:453:35 | gzipReader | provenance | |
| test.go:450:34:450:37 | file | test.go:450:2:450:38 | ... := ...[0] | provenance | |
| test.go:450:34:450:37 | file | test.go:450:2:450:38 | ... := ...[0] | provenance | Config |
| test.go:453:12:453:36 | call to NewReader | test.go:455:18:455:24 | tarRead | provenance | |
| test.go:453:26:453:35 | gzipReader | test.go:453:12:453:36 | call to NewReader | provenance | MaD:1 |
| test.go:455:18:455:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance | |
@@ -138,7 +139,7 @@ edges
| test.go:475:2:475:47 | ... := ...[0] | test.go:477:2:477:11 | gzipReader | provenance | |
| test.go:475:2:475:47 | ... := ...[0] | test.go:479:2:479:11 | gzipReader | provenance | |
| test.go:475:2:475:47 | ... := ...[0] | test.go:480:26:480:35 | gzipReader | provenance | |
| test.go:475:43:475:46 | file | test.go:475:2:475:47 | ... := ...[0] | provenance | |
| test.go:475:43:475:46 | file | test.go:475:2:475:47 | ... := ...[0] | provenance | Config |
| test.go:480:12:480:36 | call to NewReader | test.go:482:18:482:24 | tarRead | provenance | |
| test.go:480:26:480:35 | gzipReader | test.go:480:12:480:36 | call to NewReader | provenance | MaD:1 |
| test.go:482:18:482:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance | |
@@ -146,7 +147,7 @@ edges
| test.go:502:2:502:49 | ... := ...[0] | test.go:504:2:504:12 | pgzipReader | provenance | |
| test.go:502:2:502:49 | ... := ...[0] | test.go:506:2:506:12 | pgzipReader | provenance | |
| test.go:502:2:502:49 | ... := ...[0] | test.go:507:26:507:36 | pgzipReader | provenance | |
| test.go:502:45:502:48 | file | test.go:502:2:502:49 | ... := ...[0] | provenance | |
| test.go:502:45:502:48 | file | test.go:502:2:502:49 | ... := ...[0] | provenance | Config |
| test.go:507:12:507:37 | call to NewReader | test.go:509:18:509:24 | tarRead | provenance | |
| test.go:507:26:507:36 | pgzipReader | test.go:507:12:507:37 | call to NewReader | provenance | MaD:1 |
| test.go:509:18:509:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance | |
@@ -155,21 +156,21 @@ edges
| test.go:529:2:529:47 | ... := ...[0] | test.go:533:2:533:11 | zstdReader | provenance | |
| test.go:529:2:529:47 | ... := ...[0] | test.go:535:2:535:11 | zstdReader | provenance | |
| test.go:529:2:529:47 | ... := ...[0] | test.go:536:26:536:35 | zstdReader | provenance | |
| test.go:529:43:529:46 | file | test.go:529:2:529:47 | ... := ...[0] | provenance | |
| test.go:529:43:529:46 | file | test.go:529:2:529:47 | ... := ...[0] | provenance | Config |
| test.go:536:12:536:36 | call to NewReader | test.go:538:18:538:24 | tarRead | provenance | |
| test.go:536:26:536:35 | zstdReader | test.go:536:12:536:36 | call to NewReader | provenance | MaD:1 |
| test.go:538:18:538:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance | |
| test.go:555:19:555:22 | definition of file | test.go:558:38:558:41 | file | provenance | |
| test.go:558:16:558:42 | call to NewReader | test.go:560:2:560:11 | zstdReader | provenance | |
| test.go:558:16:558:42 | call to NewReader | test.go:561:26:561:35 | zstdReader | provenance | |
| test.go:558:38:558:41 | file | test.go:558:16:558:42 | call to NewReader | provenance | |
| test.go:558:38:558:41 | file | test.go:558:16:558:42 | call to NewReader | provenance | Config |
| test.go:561:12:561:36 | call to NewReader | test.go:563:18:563:24 | tarRead | provenance | |
| test.go:561:26:561:35 | zstdReader | test.go:561:12:561:36 | call to NewReader | provenance | MaD:1 |
| test.go:563:18:563:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance | |
| test.go:580:9:580:12 | definition of file | test.go:583:30:583:33 | file | provenance | |
| test.go:583:2:583:34 | ... := ...[0] | test.go:585:2:585:9 | xzReader | provenance | |
| test.go:583:2:583:34 | ... := ...[0] | test.go:586:26:586:33 | xzReader | provenance | |
| test.go:583:30:583:33 | file | test.go:583:2:583:34 | ... := ...[0] | provenance | |
| test.go:583:30:583:33 | file | test.go:583:2:583:34 | ... := ...[0] | provenance | Config |
| test.go:586:12:586:34 | call to NewReader | test.go:589:18:589:24 | tarRead | provenance | |
| test.go:586:12:586:34 | call to NewReader | test.go:590:19:590:25 | tarRead | provenance | |
| test.go:586:26:586:33 | xzReader | test.go:586:12:586:34 | call to NewReader | provenance | MaD:1 |

14
go/ql/test/library-tests/semmle/go/frameworks/Echo/OpenRedirect.expected
View File

@@ -1,14 +1,20 @@
edges
| test.go:172:2:172:6 | definition of param | test.go:173:20:173:24 | param | provenance | |
| test.go:172:2:172:6 | definition of param | test.go:173:20:173:24 | param | provenance | Config |
| test.go:172:11:172:32 | call to Param | test.go:172:2:172:6 | definition of param | provenance | |
| test.go:172:11:172:32 | call to Param | test.go:172:2:172:6 | definition of param | provenance | Config |
| test.go:178:2:178:6 | definition of param | test.go:182:24:182:28 | param | provenance | |
| test.go:178:2:178:6 | definition of param | test.go:182:24:182:28 | param | provenance | Config |
| test.go:178:11:178:32 | call to Param | test.go:178:2:178:6 | definition of param | provenance | |
| test.go:182:24:182:28 | param | test.go:182:20:182:28 | ...+... | provenance | |
| test.go:178:11:178:32 | call to Param | test.go:178:2:178:6 | definition of param | provenance | Config |
| test.go:182:24:182:28 | param | test.go:182:20:182:28 | ...+... | provenance | Config |
| test.go:190:2:190:4 | definition of url | test.go:193:21:193:23 | url | provenance | |
| test.go:190:2:190:4 | definition of url | test.go:193:21:193:23 | url | provenance | Config |
| test.go:190:9:190:26 | star expression | test.go:190:2:190:4 | definition of url | provenance | |
| test.go:190:9:190:26 | star expression | test.go:190:10:190:26 | selection of URL | provenance | |
| test.go:190:10:190:26 | selection of URL | test.go:190:9:190:26 | star expression | provenance | |
| test.go:193:21:193:23 | url | test.go:193:21:193:32 | call to String | provenance | |
| test.go:190:9:190:26 | star expression | test.go:190:2:190:4 | definition of url | provenance | Config |
| test.go:190:9:190:26 | star expression | test.go:190:10:190:26 | selection of URL | provenance | Config |
| test.go:190:10:190:26 | selection of URL | test.go:190:9:190:26 | star expression | provenance | Config |
| test.go:193:21:193:23 | url | test.go:193:21:193:32 | call to String | provenance | Config |
nodes
| test.go:172:2:172:6 | definition of param | semmle.label | definition of param |
| test.go:172:11:172:32 | call to Param | semmle.label | call to Param |

10
go/ql/test/library-tests/semmle/go/frameworks/Revel/OpenRedirect.expected
View File

@@ -1,9 +1,9 @@
edges
| EndToEnd.go:94:20:94:27 | implicit dereference | EndToEnd.go:94:20:94:27 | selection of Params | provenance | |
| EndToEnd.go:94:20:94:27 | implicit dereference | EndToEnd.go:94:20:94:32 | selection of Form | provenance | |
| EndToEnd.go:94:20:94:27 | selection of Params | EndToEnd.go:94:20:94:27 | implicit dereference | provenance | |
| EndToEnd.go:94:20:94:27 | selection of Params | EndToEnd.go:94:20:94:32 | selection of Form | provenance | |
| EndToEnd.go:94:20:94:32 | selection of Form | EndToEnd.go:94:20:94:49 | call to Get | provenance | |
| EndToEnd.go:94:20:94:27 | implicit dereference | EndToEnd.go:94:20:94:27 | selection of Params | provenance | Config |
| EndToEnd.go:94:20:94:27 | implicit dereference | EndToEnd.go:94:20:94:32 | selection of Form | provenance | Config |
| EndToEnd.go:94:20:94:27 | selection of Params | EndToEnd.go:94:20:94:27 | implicit dereference | provenance | Config |
| EndToEnd.go:94:20:94:27 | selection of Params | EndToEnd.go:94:20:94:32 | selection of Form | provenance | Config |
| EndToEnd.go:94:20:94:32 | selection of Form | EndToEnd.go:94:20:94:49 | call to Get | provenance | Config |
nodes
| EndToEnd.go:94:20:94:27 | implicit dereference | semmle.label | implicit dereference |
| EndToEnd.go:94:20:94:27 | selection of Params | semmle.label | selection of Params |

4
go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected
View File

@@ -103,10 +103,10 @@ edges
| mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:78:23:78:28 | filter | provenance | |
| mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:79:23:79:28 | filter | provenance | |
| mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:80:22:80:27 | filter | provenance | |
| mongoDB.go:42:28:42:41 | untrustedInput | mongoDB.go:42:19:42:42 | struct literal | provenance | |
| mongoDB.go:42:28:42:41 | untrustedInput | mongoDB.go:42:19:42:42 | struct literal | provenance | Config |
| mongoDB.go:50:23:50:40 | struct literal | mongoDB.go:57:22:57:29 | pipeline | provenance | |
| mongoDB.go:50:23:50:40 | struct literal | mongoDB.go:81:18:81:25 | pipeline | provenance | |
| mongoDB.go:50:34:50:39 | filter | mongoDB.go:50:23:50:40 | struct literal | provenance | |
| mongoDB.go:50:34:50:39 | filter | mongoDB.go:50:23:50:40 | struct literal | provenance | Config |
nodes
| SqlInjection.go:10:7:11:30 | []type{args} [array] | semmle.label | []type{args} [array] |
| SqlInjection.go:10:7:11:30 | call to Sprintf | semmle.label | call to Sprintf |

20
go/ql/test/query-tests/Security/CWE-190/AllocationSizeOverflow.expected
View File

@@ -1,24 +1,24 @@
edges
| AllocationSizeOverflow.go:6:2:6:33 | ... := ...[0] | AllocationSizeOverflow.go:10:14:10:21 | jsonData | provenance | |
| AllocationSizeOverflow.go:10:14:10:21 | jsonData | AllocationSizeOverflow.go:10:10:10:22 | call to len | provenance | |
| AllocationSizeOverflow.go:10:14:10:21 | jsonData | AllocationSizeOverflow.go:10:10:10:22 | call to len | provenance | Config |
| tst2.go:9:2:9:37 | ... := ...[0] | tst2.go:10:26:10:29 | data | provenance | |
| tst2.go:10:26:10:29 | data | tst2.go:10:22:10:30 | call to len | provenance | |
| tst2.go:10:26:10:29 | data | tst2.go:10:22:10:30 | call to len | provenance | Config |
| tst2.go:14:2:14:29 | ... := ...[0] | tst2.go:15:26:15:29 | data | provenance | |
| tst2.go:15:26:15:29 | data | tst2.go:15:22:15:30 | call to len | provenance | |
| tst2.go:15:26:15:29 | data | tst2.go:15:22:15:30 | call to len | provenance | Config |
| tst3.go:6:2:6:31 | ... := ...[0] | tst3.go:7:26:7:33 | jsonData | provenance | |
| tst3.go:6:2:6:31 | ... := ...[0] | tst3.go:24:20:24:27 | jsonData | provenance | |
| tst3.go:6:2:6:31 | ... := ...[0] | tst3.go:32:20:32:27 | jsonData | provenance | |
| tst3.go:7:26:7:33 | jsonData | tst3.go:7:22:7:34 | call to len | provenance | |
| tst3.go:24:20:24:27 | jsonData | tst3.go:24:16:24:28 | call to len | provenance | |
| tst3.go:32:20:32:27 | jsonData | tst3.go:32:16:32:28 | call to len | provenance | |
| tst3.go:7:26:7:33 | jsonData | tst3.go:7:22:7:34 | call to len | provenance | Config |
| tst3.go:24:20:24:27 | jsonData | tst3.go:24:16:24:28 | call to len | provenance | Config |
| tst3.go:32:20:32:27 | jsonData | tst3.go:32:16:32:28 | call to len | provenance | Config |
| tst.go:14:2:14:30 | ... = ...[0] | tst.go:15:26:15:33 | jsonData | provenance | |
| tst.go:15:26:15:33 | jsonData | tst.go:15:22:15:34 | call to len | provenance | |
| tst.go:15:26:15:33 | jsonData | tst.go:15:22:15:34 | call to len | provenance | Config |
| tst.go:20:2:20:31 | ... = ...[0] | tst.go:21:26:21:33 | jsonData | provenance | |
| tst.go:21:26:21:33 | jsonData | tst.go:21:22:21:34 | call to len | provenance | |
| tst.go:21:26:21:33 | jsonData | tst.go:21:22:21:34 | call to len | provenance | Config |
| tst.go:26:2:26:31 | ... = ...[0] | tst.go:27:30:27:37 | jsonData | provenance | |
| tst.go:27:30:27:37 | jsonData | tst.go:27:26:27:38 | call to len | provenance | |
| tst.go:27:30:27:37 | jsonData | tst.go:27:26:27:38 | call to len | provenance | Config |
| tst.go:34:2:34:30 | ... = ...[0] | tst.go:35:26:35:33 | jsonData | provenance | |
| tst.go:35:26:35:33 | jsonData | tst.go:35:22:35:34 | call to len | provenance | |
| tst.go:35:26:35:33 | jsonData | tst.go:35:22:35:34 | call to len | provenance | Config |
nodes
| AllocationSizeOverflow.go:6:2:6:33 | ... := ...[0] | semmle.label | ... := ...[0] |
| AllocationSizeOverflow.go:10:10:10:22 | call to len | semmle.label | call to len |

48
go/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected
View File

@@ -1,43 +1,59 @@
edges
| klog.go:20:3:25:3 | range statement[1] | klog.go:20:13:20:19 | definition of headers | provenance | |
| klog.go:20:3:25:3 | range statement[1] | klog.go:20:13:20:19 | definition of headers | provenance | Config |
| klog.go:20:13:20:19 | definition of headers | klog.go:21:27:21:33 | headers | provenance | |
| klog.go:20:30:20:37 | selection of Header | klog.go:20:3:25:3 | range statement[1] | provenance | |
| klog.go:20:13:20:19 | definition of headers | klog.go:21:27:21:33 | headers | provenance | Config |
| klog.go:20:30:20:37 | selection of Header | klog.go:20:3:25:3 | range statement[1] | provenance | Config |
| klog.go:21:4:24:4 | range statement[1] | klog.go:21:11:21:16 | definition of header | provenance | |
| klog.go:21:4:24:4 | range statement[1] | klog.go:21:11:21:16 | definition of header | provenance | Config |
| klog.go:21:11:21:16 | definition of header | klog.go:22:15:22:20 | header | provenance | |
| klog.go:21:27:21:33 | headers | klog.go:21:4:24:4 | range statement[1] | provenance | |
| klog.go:28:13:28:20 | selection of Header | klog.go:28:13:28:41 | call to Get | provenance | |
| klog.go:21:11:21:16 | definition of header | klog.go:22:15:22:20 | header | provenance | Config |
| klog.go:21:27:21:33 | headers | klog.go:21:4:24:4 | range statement[1] | provenance | Config |
| klog.go:28:13:28:20 | selection of Header | klog.go:28:13:28:41 | call to Get | provenance | Config |
| overrides.go:9:9:9:16 | password | overrides.go:13:14:13:23 | call to String | provenance | |
| passwords.go:8:12:8:12 | definition of x | passwords.go:9:14:9:14 | x | provenance | |
| passwords.go:8:12:8:12 | definition of x | passwords.go:9:14:9:14 | x | provenance | Config |
| passwords.go:30:8:30:15 | password | passwords.go:8:12:8:12 | definition of x | provenance | |
| passwords.go:34:28:34:35 | password | passwords.go:34:14:34:35 | ...+... | provenance | |
| passwords.go:34:28:34:35 | password | passwords.go:34:14:34:35 | ...+... | provenance | Config |
| passwords.go:36:2:36:5 | definition of obj1 | passwords.go:39:14:39:17 | obj1 | provenance | |
| passwords.go:36:2:36:5 | definition of obj1 | passwords.go:39:14:39:17 | obj1 | provenance | Config |
| passwords.go:36:10:38:2 | struct literal | passwords.go:36:2:36:5 | definition of obj1 | provenance | |
| passwords.go:37:13:37:13 | x | passwords.go:36:10:38:2 | struct literal | provenance | |
| passwords.go:36:10:38:2 | struct literal | passwords.go:36:2:36:5 | definition of obj1 | provenance | Config |
| passwords.go:37:13:37:13 | x | passwords.go:36:10:38:2 | struct literal | provenance | Config |
| passwords.go:41:2:41:5 | definition of obj2 | passwords.go:44:14:44:17 | obj2 | provenance | |
| passwords.go:41:2:41:5 | definition of obj2 | passwords.go:44:14:44:17 | obj2 | provenance | Config |
| passwords.go:41:10:43:2 | struct literal | passwords.go:41:2:41:5 | definition of obj2 | provenance | |
| passwords.go:42:6:42:13 | password | passwords.go:41:10:43:2 | struct literal | provenance | |
| passwords.go:41:10:43:2 | struct literal | passwords.go:41:2:41:5 | definition of obj2 | provenance | Config |
| passwords.go:42:6:42:13 | password | passwords.go:41:10:43:2 | struct literal | provenance | Config |
| passwords.go:46:6:46:9 | definition of obj3 | passwords.go:47:14:47:17 | obj3 | provenance | |
| passwords.go:48:11:48:18 | password | passwords.go:46:6:46:9 | definition of obj3 | provenance | |
| passwords.go:46:6:46:9 | definition of obj3 | passwords.go:47:14:47:17 | obj3 | provenance | Config |
| passwords.go:48:11:48:18 | password | passwords.go:46:6:46:9 | definition of obj3 | provenance | Config |
| passwords.go:85:2:85:14 | definition of utilityObject | passwords.go:88:14:88:26 | utilityObject | provenance | |
| passwords.go:85:2:85:14 | definition of utilityObject | passwords.go:88:14:88:26 | utilityObject | provenance | Config |
| passwords.go:85:19:87:2 | struct literal | passwords.go:85:2:85:14 | definition of utilityObject | provenance | |
| passwords.go:86:16:86:36 | call to make | passwords.go:85:19:87:2 | struct literal | provenance | |
| passwords.go:85:19:87:2 | struct literal | passwords.go:85:2:85:14 | definition of utilityObject | provenance | Config |
| passwords.go:86:16:86:36 | call to make | passwords.go:85:19:87:2 | struct literal | provenance | Config |
| passwords.go:90:2:90:7 | definition of secret | passwords.go:91:23:91:28 | secret | provenance | |
| passwords.go:90:2:90:7 | definition of secret | passwords.go:91:23:91:28 | secret | provenance | Config |
| passwords.go:90:12:90:19 | password | passwords.go:90:2:90:7 | definition of secret | provenance | |
| passwords.go:101:33:101:40 | password | passwords.go:101:15:101:40 | ...+... | provenance | |
| passwords.go:107:34:107:41 | password | passwords.go:107:16:107:41 | ...+... | provenance | |
| passwords.go:112:33:112:40 | password | passwords.go:112:15:112:40 | ...+... | provenance | |
| passwords.go:116:28:116:36 | password1 | passwords.go:116:28:116:45 | call to String | provenance | |
| passwords.go:116:28:116:45 | call to String | passwords.go:116:14:116:45 | ...+... | provenance | |
| passwords.go:90:12:90:19 | password | passwords.go:90:2:90:7 | definition of secret | provenance | Config |
| passwords.go:101:33:101:40 | password | passwords.go:101:15:101:40 | ...+... | provenance | Config |
| passwords.go:107:34:107:41 | password | passwords.go:107:16:107:41 | ...+... | provenance | Config |
| passwords.go:112:33:112:40 | password | passwords.go:112:15:112:40 | ...+... | provenance | Config |
| passwords.go:116:28:116:36 | password1 | passwords.go:116:28:116:45 | call to String | provenance | Config |
| passwords.go:116:28:116:45 | call to String | passwords.go:116:14:116:45 | ...+... | provenance | Config |
| passwords.go:118:2:118:7 | definition of config | passwords.go:125:14:125:19 | config | provenance | |
| passwords.go:118:2:118:7 | definition of config | passwords.go:125:14:125:19 | config | provenance | Config |
| passwords.go:118:2:118:7 | definition of config [x] | passwords.go:126:14:126:19 | config [x] | provenance | |
| passwords.go:118:2:118:7 | definition of config [y] | passwords.go:127:14:127:19 | config [y] | provenance | |
| passwords.go:118:12:123:2 | struct literal | passwords.go:118:2:118:7 | definition of config | provenance | |
| passwords.go:118:12:123:2 | struct literal | passwords.go:118:2:118:7 | definition of config | provenance | Config |
| passwords.go:118:12:123:2 | struct literal [x] | passwords.go:118:2:118:7 | definition of config [x] | provenance | |
| passwords.go:118:12:123:2 | struct literal [y] | passwords.go:118:2:118:7 | definition of config [y] | provenance | |
| passwords.go:119:13:119:13 | x | passwords.go:118:12:123:2 | struct literal | provenance | |
| passwords.go:121:13:121:20 | password | passwords.go:118:12:123:2 | struct literal | provenance | |
| passwords.go:119:13:119:13 | x | passwords.go:118:12:123:2 | struct literal | provenance | Config |
| passwords.go:121:13:121:20 | password | passwords.go:118:12:123:2 | struct literal | provenance | Config |
| passwords.go:121:13:121:20 | password | passwords.go:118:12:123:2 | struct literal [x] | provenance | |
| passwords.go:122:13:122:25 | call to getPassword | passwords.go:118:12:123:2 | struct literal | provenance | |
| passwords.go:122:13:122:25 | call to getPassword | passwords.go:118:12:123:2 | struct literal | provenance | Config |
| passwords.go:122:13:122:25 | call to getPassword | passwords.go:118:12:123:2 | struct literal [y] | provenance | |
| passwords.go:126:14:126:19 | config [x] | passwords.go:126:14:126:21 | selection of x | provenance | |
| passwords.go:127:14:127:19 | config [y] | passwords.go:127:14:127:21 | selection of y | provenance | |

2
go/ql/test/query-tests/Security/CWE-338/InsecureRandomness/InsecureRandomness.expected
View File

@@ -13,7 +13,7 @@ edges
| sample.go:55:17:55:42 | call to Intn | sample.go:56:29:56:38 | randNumber | provenance | |
| sample.go:56:11:56:40 | type conversion | sample.go:58:32:58:43 | type conversion | provenance | |
| sample.go:56:18:56:39 | index expression | sample.go:56:11:56:40 | type conversion | provenance | |
| sample.go:56:29:56:38 | randNumber | sample.go:56:18:56:39 | index expression | provenance | |
| sample.go:56:29:56:38 | randNumber | sample.go:56:18:56:39 | index expression | provenance | Config |
nodes
| InsecureRandomness.go:12:18:12:40 | call to Intn | semmle.label | call to Intn |
| sample.go:15:10:15:64 | call to Sum256 | semmle.label | call to Sum256 |

76
go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.expected
View File

@@ -1,29 +1,43 @@
edges
| OpenUrlRedirect.go:10:23:10:28 | selection of Form | OpenUrlRedirect.go:10:23:10:42 | call to Get | provenance | |
| OpenUrlRedirect.go:10:23:10:28 | selection of Form | OpenUrlRedirect.go:10:23:10:42 | call to Get | provenance | Config |
| stdlib.go:13:3:13:8 | definition of target | stdlib.go:15:30:15:35 | target | provenance | |
| stdlib.go:13:13:13:18 | selection of Form | stdlib.go:13:13:13:32 | call to Get | provenance | |
| stdlib.go:13:3:13:8 | definition of target | stdlib.go:15:30:15:35 | target | provenance | Config |
| stdlib.go:13:13:13:18 | selection of Form | stdlib.go:13:13:13:32 | call to Get | provenance | Config |
| stdlib.go:13:13:13:32 | call to Get | stdlib.go:13:3:13:8 | definition of target | provenance | |
| stdlib.go:13:13:13:32 | call to Get | stdlib.go:13:3:13:8 | definition of target | provenance | Config |
| stdlib.go:22:3:22:8 | definition of target | stdlib.go:24:30:24:35 | target | provenance | |
| stdlib.go:22:13:22:18 | selection of Form | stdlib.go:22:13:22:32 | call to Get | provenance | |
| stdlib.go:22:3:22:8 | definition of target | stdlib.go:24:30:24:35 | target | provenance | Config |
| stdlib.go:22:13:22:18 | selection of Form | stdlib.go:22:13:22:32 | call to Get | provenance | Config |
| stdlib.go:22:13:22:32 | call to Get | stdlib.go:22:3:22:8 | definition of target | provenance | |
| stdlib.go:22:13:22:32 | call to Get | stdlib.go:22:3:22:8 | definition of target | provenance | Config |
| stdlib.go:31:3:31:8 | definition of target | stdlib.go:35:34:35:39 | target | provenance | |
| stdlib.go:31:13:31:18 | selection of Form | stdlib.go:31:13:31:32 | call to Get | provenance | |
| stdlib.go:31:3:31:8 | definition of target | stdlib.go:35:34:35:39 | target | provenance | Config |
| stdlib.go:31:13:31:18 | selection of Form | stdlib.go:31:13:31:32 | call to Get | provenance | Config |
| stdlib.go:31:13:31:32 | call to Get | stdlib.go:31:3:31:8 | definition of target | provenance | |
| stdlib.go:35:34:35:39 | target | stdlib.go:35:30:35:39 | ...+... | provenance | |
| stdlib.go:31:13:31:32 | call to Get | stdlib.go:31:3:31:8 | definition of target | provenance | Config |
| stdlib.go:35:34:35:39 | target | stdlib.go:35:30:35:39 | ...+... | provenance | Config |
| stdlib.go:44:3:44:8 | definition of target | stdlib.go:46:23:46:28 | target | provenance | |
| stdlib.go:44:13:44:18 | selection of Form | stdlib.go:44:13:44:32 | call to Get | provenance | |
| stdlib.go:44:3:44:8 | definition of target | stdlib.go:46:23:46:28 | target | provenance | Config |
| stdlib.go:44:13:44:18 | selection of Form | stdlib.go:44:13:44:32 | call to Get | provenance | Config |
| stdlib.go:44:13:44:32 | call to Get | stdlib.go:44:3:44:8 | definition of target | provenance | |
| stdlib.go:44:13:44:32 | call to Get | stdlib.go:44:3:44:8 | definition of target | provenance | Config |
| stdlib.go:64:3:64:8 | definition of target | stdlib.go:67:23:67:28 | target | provenance | |
| stdlib.go:64:13:64:18 | selection of Form | stdlib.go:64:13:64:32 | call to Get | provenance | |
| stdlib.go:64:3:64:8 | definition of target | stdlib.go:67:23:67:28 | target | provenance | Config |
| stdlib.go:64:13:64:18 | selection of Form | stdlib.go:64:13:64:32 | call to Get | provenance | Config |
| stdlib.go:64:13:64:32 | call to Get | stdlib.go:64:3:64:8 | definition of target | provenance | |
| stdlib.go:67:23:67:28 | target | stdlib.go:67:23:67:37 | ...+... | provenance | |
| stdlib.go:67:23:67:37 | ...+... | stdlib.go:67:23:67:40 | ...+... | provenance | |
| stdlib.go:64:13:64:32 | call to Get | stdlib.go:64:3:64:8 | definition of target | provenance | Config |
| stdlib.go:67:23:67:28 | target | stdlib.go:67:23:67:37 | ...+... | provenance | Config |
| stdlib.go:67:23:67:37 | ...+... | stdlib.go:67:23:67:40 | ...+... | provenance | Config |
| stdlib.go:89:3:89:8 | definition of target | stdlib.go:90:3:90:8 | target | provenance | |
| stdlib.go:89:13:89:18 | selection of Form | stdlib.go:89:13:89:32 | call to Get | provenance | |
| stdlib.go:89:3:89:8 | definition of target | stdlib.go:90:3:90:8 | target | provenance | Config |
| stdlib.go:89:13:89:18 | selection of Form | stdlib.go:89:13:89:32 | call to Get | provenance | Config |
| stdlib.go:89:13:89:32 | call to Get | stdlib.go:89:3:89:8 | definition of target | provenance | |
| stdlib.go:89:13:89:32 | call to Get | stdlib.go:89:3:89:8 | definition of target | provenance | Config |
| stdlib.go:90:3:90:8 | definition of target | stdlib.go:92:23:92:28 | target | provenance | |
| stdlib.go:90:3:90:8 | target | stdlib.go:90:3:90:25 | ... += ... | provenance | |
| stdlib.go:90:3:90:8 | definition of target | stdlib.go:92:23:92:28 | target | provenance | Config |
| stdlib.go:90:3:90:8 | target | stdlib.go:90:3:90:25 | ... += ... | provenance | Config |
| stdlib.go:90:3:90:25 | ... += ... | stdlib.go:90:3:90:8 | definition of target | provenance | |
| stdlib.go:90:3:90:25 | ... += ... | stdlib.go:90:3:90:8 | definition of target | provenance | Config |
| stdlib.go:107:54:107:54 | definition of r [pointer, URL, pointer] | stdlib.go:112:4:112:4 | r [pointer, URL, pointer] | provenance | |
| stdlib.go:107:54:107:54 | definition of r [pointer, URL] | stdlib.go:112:4:112:4 | r [pointer, URL] | provenance | |
| stdlib.go:107:54:107:54 | definition of r [pointer, URL] | stdlib.go:113:24:113:24 | r [pointer, URL] | provenance | |
@@ -33,37 +47,47 @@ edges
| stdlib.go:112:4:112:4 | implicit dereference [URL] | stdlib.go:112:4:112:8 | selection of URL | provenance | |
| stdlib.go:112:4:112:4 | r [pointer, URL, pointer] | stdlib.go:112:4:112:4 | implicit dereference [URL, pointer] | provenance | |
| stdlib.go:112:4:112:4 | r [pointer, URL] | stdlib.go:112:4:112:4 | implicit dereference [URL] | provenance | |
| stdlib.go:112:4:112:8 | implicit dereference | stdlib.go:112:4:112:8 | selection of URL | provenance | |
| stdlib.go:112:4:112:8 | implicit dereference | stdlib.go:112:4:112:8 | selection of URL | provenance | Config |
| stdlib.go:112:4:112:8 | implicit dereference | stdlib.go:112:4:112:8 | selection of URL [pointer] | provenance | |
| stdlib.go:112:4:112:8 | selection of URL | stdlib.go:112:4:112:4 | implicit dereference [URL] | provenance | |
| stdlib.go:112:4:112:8 | selection of URL | stdlib.go:112:4:112:8 | implicit dereference | provenance | |
| stdlib.go:112:4:112:8 | selection of URL | stdlib.go:112:4:112:8 | implicit dereference | provenance | Config |
| stdlib.go:112:4:112:8 | selection of URL [pointer] | stdlib.go:112:4:112:4 | implicit dereference [URL, pointer] | provenance | |
| stdlib.go:112:4:112:8 | selection of URL [pointer] | stdlib.go:112:4:112:8 | implicit dereference | provenance | |
| stdlib.go:113:24:113:24 | implicit dereference [URL] | stdlib.go:113:24:113:28 | selection of URL | provenance | |
| stdlib.go:113:24:113:24 | r [pointer, URL] | stdlib.go:113:24:113:24 | implicit dereference [URL] | provenance | |
| stdlib.go:113:24:113:28 | selection of URL | stdlib.go:113:24:113:37 | call to String | provenance | |
| stdlib.go:113:24:113:28 | selection of URL | stdlib.go:113:24:113:37 | call to String | provenance | Config |
| stdlib.go:146:3:146:8 | definition of target | stdlib.go:152:3:152:3 | target = phi(def@146:3, def@149:4) | provenance | |
| stdlib.go:146:13:146:18 | selection of Form | stdlib.go:146:13:146:32 | call to Get | provenance | |
| stdlib.go:146:3:146:8 | definition of target | stdlib.go:152:3:152:3 | target = phi(def@146:3, def@149:4) | provenance | Config |
| stdlib.go:146:13:146:18 | selection of Form | stdlib.go:146:13:146:32 | call to Get | provenance | Config |
| stdlib.go:146:13:146:32 | call to Get | stdlib.go:146:3:146:8 | definition of target | provenance | |
| stdlib.go:146:13:146:32 | call to Get | stdlib.go:146:3:146:8 | definition of target | provenance | Config |
| stdlib.go:152:3:152:3 | target = phi(def@146:3, def@149:4) | stdlib.go:152:23:152:28 | target | provenance | |
| stdlib.go:152:3:152:3 | target = phi(def@146:3, def@149:4) | stdlib.go:152:23:152:28 | target | provenance | Config |
| stdlib.go:159:3:159:5 | definition of url | stdlib.go:162:24:162:26 | url | provenance | |
| stdlib.go:159:3:159:5 | definition of url | stdlib.go:162:24:162:26 | url | provenance | Config |
| stdlib.go:159:10:159:15 | star expression | stdlib.go:159:3:159:5 | definition of url | provenance | |
| stdlib.go:159:10:159:15 | star expression | stdlib.go:159:11:159:15 | selection of URL | provenance | |
| stdlib.go:159:11:159:15 | selection of URL | stdlib.go:159:10:159:15 | star expression | provenance | |
| stdlib.go:162:24:162:26 | url | stdlib.go:162:24:162:35 | call to String | provenance | |
| stdlib.go:173:35:173:39 | selection of URL | stdlib.go:173:35:173:52 | call to RequestURI | provenance | |
| stdlib.go:173:35:173:52 | call to RequestURI | stdlib.go:173:24:173:52 | ...+... | provenance | |
| stdlib.go:159:10:159:15 | star expression | stdlib.go:159:3:159:5 | definition of url | provenance | Config |
| stdlib.go:159:10:159:15 | star expression | stdlib.go:159:11:159:15 | selection of URL | provenance | Config |
| stdlib.go:159:11:159:15 | selection of URL | stdlib.go:159:10:159:15 | star expression | provenance | Config |
| stdlib.go:162:24:162:26 | url | stdlib.go:162:24:162:35 | call to String | provenance | Config |
| stdlib.go:173:35:173:39 | selection of URL | stdlib.go:173:35:173:52 | call to RequestURI | provenance | Config |
| stdlib.go:173:35:173:52 | call to RequestURI | stdlib.go:173:24:173:52 | ...+... | provenance | Config |
| stdlib.go:182:3:182:8 | definition of target | stdlib.go:184:23:184:28 | target | provenance | |
| stdlib.go:182:3:182:8 | definition of target | stdlib.go:184:23:184:28 | target | provenance | Config |
| stdlib.go:182:13:182:33 | call to FormValue | stdlib.go:182:3:182:8 | definition of target | provenance | Src:MaD:670 |
| stdlib.go:182:13:182:33 | call to FormValue | stdlib.go:182:3:182:8 | definition of target | provenance | Src:MaD:670 Config |
| stdlib.go:190:3:190:8 | definition of target | stdlib.go:192:23:192:28 | target | provenance | |
| stdlib.go:190:3:190:8 | definition of target | stdlib.go:192:23:192:28 | target | provenance | Config |
| stdlib.go:190:3:190:8 | definition of target | stdlib.go:194:23:194:28 | target | provenance | |
| stdlib.go:190:3:190:8 | definition of target | stdlib.go:194:23:194:28 | target | provenance | Config |
| stdlib.go:190:3:190:57 | ... := ...[0] | stdlib.go:190:3:190:8 | definition of target | provenance | |
| stdlib.go:190:36:190:56 | call to FormValue | stdlib.go:190:3:190:57 | ... := ...[0] | provenance | Src:MaD:670 |
| stdlib.go:192:23:192:28 | implicit dereference | stdlib.go:190:3:190:8 | definition of target | provenance | |
| stdlib.go:192:23:192:28 | implicit dereference | stdlib.go:192:23:192:33 | selection of Path | provenance | |
| stdlib.go:192:23:192:28 | target | stdlib.go:192:23:192:28 | implicit dereference | provenance | |
| stdlib.go:192:23:192:28 | target | stdlib.go:192:23:192:33 | selection of Path | provenance | |
| stdlib.go:194:23:194:28 | target | stdlib.go:194:23:194:42 | call to EscapedPath | provenance | |
| stdlib.go:190:3:190:57 | ... := ...[0] | stdlib.go:190:3:190:8 | definition of target | provenance | Config |
| stdlib.go:190:36:190:56 | call to FormValue | stdlib.go:190:3:190:57 | ... := ...[0] | provenance | Src:MaD:670 Config |
| stdlib.go:192:23:192:28 | implicit dereference | stdlib.go:190:3:190:8 | definition of target | provenance | Config |
| stdlib.go:192:23:192:28 | implicit dereference | stdlib.go:192:23:192:33 | selection of Path | provenance | Config |
| stdlib.go:192:23:192:28 | target | stdlib.go:192:23:192:28 | implicit dereference | provenance | Config |
| stdlib.go:192:23:192:28 | target | stdlib.go:192:23:192:33 | selection of Path | provenance | Config |
| stdlib.go:194:23:194:28 | target | stdlib.go:194:23:194:42 | call to EscapedPath | provenance | Config |
nodes
| OpenUrlRedirect.go:10:23:10:28 | selection of Form | semmle.label | selection of Form |
| OpenUrlRedirect.go:10:23:10:42 | call to Get | semmle.label | call to Get |

4
go/ql/test/query-tests/Security/CWE-918/RequestForgery.expected
View File

@@ -15,8 +15,8 @@ edges
| tst.go:36:2:36:2 | u | tst.go:36:2:36:2 | u | provenance | |
| tst.go:36:2:36:2 | u | tst.go:37:11:37:11 | u | provenance | |
| tst.go:36:2:36:2 | u [pointer] | tst.go:36:2:36:2 | implicit dereference | provenance | |
| tst.go:36:11:36:17 | tainted | tst.go:36:2:36:2 | u | provenance | |
| tst.go:36:11:36:17 | tainted | tst.go:37:11:37:11 | u | provenance | |
| tst.go:36:11:36:17 | tainted | tst.go:36:2:36:2 | u | provenance | Config |
| tst.go:36:11:36:17 | tainted | tst.go:37:11:37:11 | u | provenance | Config |
| tst.go:37:11:37:11 | u | tst.go:37:11:37:20 | call to String | provenance | MaD:235 |
| websocket.go:60:21:60:31 | call to Referer | websocket.go:65:27:65:40 | untrustedInput | provenance | Src:MaD:673 |
| websocket.go:74:21:74:31 | call to Referer | websocket.go:78:36:78:49 | untrustedInput | provenance | Src:MaD:673 |

4
java/ql/test/experimental/query-tests/security/CWE-094/BeanShellInjection.expected
View File

@@ -1,10 +1,10 @@
edges
| BeanShellInjection.java:13:17:13:44 | getParameter(...) : String | BeanShellInjection.java:15:45:15:48 | code : String | provenance | Src:MaD:44663 |
| BeanShellInjection.java:15:45:15:48 | code : String | BeanShellInjection.java:15:22:15:49 | new StaticScriptSource(...) | provenance | |
| BeanShellInjection.java:15:45:15:48 | code : String | BeanShellInjection.java:15:22:15:49 | new StaticScriptSource(...) | provenance | Config |
| BeanShellInjection.java:20:17:20:44 | getParameter(...) : String | BeanShellInjection.java:22:20:22:23 | code | provenance | Src:MaD:44663 |
| BeanShellInjection.java:27:17:27:44 | getParameter(...) : String | BeanShellInjection.java:29:32:29:35 | code : String | provenance | Src:MaD:44663 |
| BeanShellInjection.java:29:3:29:20 | staticScriptSource : StaticScriptSource | BeanShellInjection.java:31:22:31:39 | staticScriptSource | provenance | |
| BeanShellInjection.java:29:32:29:35 | code : String | BeanShellInjection.java:29:3:29:20 | staticScriptSource : StaticScriptSource | provenance | |
| BeanShellInjection.java:29:32:29:35 | code : String | BeanShellInjection.java:29:3:29:20 | staticScriptSource : StaticScriptSource | provenance | Config |
nodes
| BeanShellInjection.java:13:17:13:44 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| BeanShellInjection.java:15:22:15:49 | new StaticScriptSource(...) | semmle.label | new StaticScriptSource(...) |

8
java/ql/test/experimental/query-tests/security/CWE-094/JShellInjection.expected
View File

@@ -3,12 +3,12 @@ edges
| JShellInjection.java:20:18:20:45 | getParameter(...) : String | JShellInjection.java:24:31:24:35 | input | provenance | Src:MaD:44663 |
| JShellInjection.java:29:18:29:45 | getParameter(...) : String | JShellInjection.java:33:37:33:41 | input : String | provenance | Src:MaD:44663 |
| JShellInjection.java:33:15:33:42 | analyzeCompletion(...) : CompletionInfo | JShellInjection.java:37:16:37:19 | info : CompletionInfo | provenance | |
| JShellInjection.java:33:37:33:41 | input : String | JShellInjection.java:33:15:33:42 | analyzeCompletion(...) : CompletionInfo | provenance | |
| JShellInjection.java:33:37:33:41 | input : String | JShellInjection.java:33:15:33:42 | analyzeCompletion(...) : CompletionInfo | provenance | Config |
| JShellInjection.java:35:12:35:50 | analyzeCompletion(...) : CompletionInfo | JShellInjection.java:37:16:37:19 | info : CompletionInfo | provenance | |
| JShellInjection.java:35:34:35:37 | info : CompletionInfo | JShellInjection.java:35:34:35:49 | remaining(...) : String | provenance | |
| JShellInjection.java:35:34:35:49 | remaining(...) : String | JShellInjection.java:35:12:35:50 | analyzeCompletion(...) : CompletionInfo | provenance | |
| JShellInjection.java:35:34:35:37 | info : CompletionInfo | JShellInjection.java:35:34:35:49 | remaining(...) : String | provenance | Config |
| JShellInjection.java:35:34:35:49 | remaining(...) : String | JShellInjection.java:35:12:35:50 | analyzeCompletion(...) : CompletionInfo | provenance | Config |
| JShellInjection.java:37:16:37:19 | info : CompletionInfo | JShellInjection.java:35:34:35:37 | info : CompletionInfo | provenance | |
| JShellInjection.java:37:16:37:19 | info : CompletionInfo | JShellInjection.java:37:16:37:28 | source(...) | provenance | |
| JShellInjection.java:37:16:37:19 | info : CompletionInfo | JShellInjection.java:37:16:37:28 | source(...) | provenance | Config |
nodes
| JShellInjection.java:12:18:12:45 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| JShellInjection.java:15:15:15:19 | input | semmle.label | input |

10
java/ql/test/experimental/query-tests/security/CWE-094/JakartaExpressionInjection.expected
View File

@@ -15,20 +15,20 @@ edges
| JakartaExpressionInjection.java:40:24:40:33 | expression : String | JakartaExpressionInjection.java:42:32:42:41 | expression | provenance | |
| JakartaExpressionInjection.java:48:24:48:33 | expression : String | JakartaExpressionInjection.java:51:86:51:95 | expression : String | provenance | |
| JakartaExpressionInjection.java:51:47:51:110 | createValueExpression(...) : ValueExpression | JakartaExpressionInjection.java:52:89:52:103 | valueExpression : ValueExpression | provenance | |
| JakartaExpressionInjection.java:51:86:51:95 | expression : String | JakartaExpressionInjection.java:51:47:51:110 | createValueExpression(...) : ValueExpression | provenance | |
| JakartaExpressionInjection.java:51:86:51:95 | expression : String | JakartaExpressionInjection.java:51:47:51:110 | createValueExpression(...) : ValueExpression | provenance | Config |
| JakartaExpressionInjection.java:52:49:52:104 | new LambdaExpression(...) : LambdaExpression | JakartaExpressionInjection.java:53:13:53:28 | lambdaExpression | provenance | |
| JakartaExpressionInjection.java:52:89:52:103 | valueExpression : ValueExpression | JakartaExpressionInjection.java:52:49:52:104 | new LambdaExpression(...) : LambdaExpression | provenance | |
| JakartaExpressionInjection.java:52:89:52:103 | valueExpression : ValueExpression | JakartaExpressionInjection.java:52:49:52:104 | new LambdaExpression(...) : LambdaExpression | provenance | Config |
| JakartaExpressionInjection.java:59:24:59:33 | expression : String | JakartaExpressionInjection.java:61:32:61:41 | expression | provenance | |
| JakartaExpressionInjection.java:67:24:67:33 | expression : String | JakartaExpressionInjection.java:69:43:69:52 | expression | provenance | |
| JakartaExpressionInjection.java:75:24:75:33 | expression : String | JakartaExpressionInjection.java:78:72:78:81 | expression : String | provenance | |
| JakartaExpressionInjection.java:78:33:78:96 | createValueExpression(...) : ValueExpression | JakartaExpressionInjection.java:79:13:79:13 | e | provenance | |
| JakartaExpressionInjection.java:78:72:78:81 | expression : String | JakartaExpressionInjection.java:78:33:78:96 | createValueExpression(...) : ValueExpression | provenance | |
| JakartaExpressionInjection.java:78:72:78:81 | expression : String | JakartaExpressionInjection.java:78:33:78:96 | createValueExpression(...) : ValueExpression | provenance | Config |
| JakartaExpressionInjection.java:85:24:85:33 | expression : String | JakartaExpressionInjection.java:88:72:88:81 | expression : String | provenance | |
| JakartaExpressionInjection.java:88:33:88:96 | createValueExpression(...) : ValueExpression | JakartaExpressionInjection.java:89:13:89:13 | e | provenance | |
| JakartaExpressionInjection.java:88:72:88:81 | expression : String | JakartaExpressionInjection.java:88:33:88:96 | createValueExpression(...) : ValueExpression | provenance | |
| JakartaExpressionInjection.java:88:72:88:81 | expression : String | JakartaExpressionInjection.java:88:33:88:96 | createValueExpression(...) : ValueExpression | provenance | Config |
| JakartaExpressionInjection.java:95:24:95:33 | expression : String | JakartaExpressionInjection.java:98:74:98:83 | expression : String | provenance | |
| JakartaExpressionInjection.java:98:34:98:112 | createMethodExpression(...) : MethodExpression | JakartaExpressionInjection.java:99:13:99:13 | e | provenance | |
| JakartaExpressionInjection.java:98:74:98:83 | expression : String | JakartaExpressionInjection.java:98:34:98:112 | createMethodExpression(...) : MethodExpression | provenance | |
| JakartaExpressionInjection.java:98:74:98:83 | expression : String | JakartaExpressionInjection.java:98:34:98:112 | createMethodExpression(...) : MethodExpression | provenance | Config |
nodes
| JakartaExpressionInjection.java:23:25:23:47 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
| JakartaExpressionInjection.java:23:54:23:58 | bytes [post update] : byte[] | semmle.label | bytes [post update] : byte[] |

4
java/ql/test/experimental/query-tests/security/CWE-1004/SensitiveCookieNotHttpOnly.expected
View File

@@ -1,7 +1,7 @@
edges
| SensitiveCookieNotHttpOnly.java:24:33:24:43 | "jwt_token" : String | SensitiveCookieNotHttpOnly.java:25:39:25:52 | tokenCookieStr : String | provenance | |
| SensitiveCookieNotHttpOnly.java:25:28:25:64 | new Cookie(...) : Cookie | SensitiveCookieNotHttpOnly.java:31:28:31:36 | jwtCookie | provenance | Sink:MaD:44654 |
| SensitiveCookieNotHttpOnly.java:25:39:25:52 | tokenCookieStr : String | SensitiveCookieNotHttpOnly.java:25:28:25:64 | new Cookie(...) : Cookie | provenance | |
| SensitiveCookieNotHttpOnly.java:25:39:25:52 | tokenCookieStr : String | SensitiveCookieNotHttpOnly.java:25:28:25:64 | new Cookie(...) : Cookie | provenance | Config |
| SensitiveCookieNotHttpOnly.java:25:39:25:52 | tokenCookieStr : String | SensitiveCookieNotHttpOnly.java:25:28:25:64 | new Cookie(...) : Cookie | provenance | MaD:44660 |
| SensitiveCookieNotHttpOnly.java:42:42:42:49 | "token=" : String | SensitiveCookieNotHttpOnly.java:42:42:42:69 | ... + ... | provenance | Sink:MaD:44655 |
| SensitiveCookieNotHttpOnly.java:42:42:42:57 | ... + ... : String | SensitiveCookieNotHttpOnly.java:42:42:42:69 | ... + ... | provenance | Sink:MaD:44655 |
@@ -16,7 +16,7 @@ edges
| SensitiveCookieNotHttpOnly.java:70:28:70:55 | ... + ... : String | SensitiveCookieNotHttpOnly.java:71:42:71:50 | secString | provenance | Sink:MaD:44655 |
| SensitiveCookieNotHttpOnly.java:88:35:88:51 | "Presto-UI-Token" : String | SensitiveCookieNotHttpOnly.java:89:36:89:51 | PRESTO_UI_COOKIE : String | provenance | |
| SensitiveCookieNotHttpOnly.java:89:25:89:57 | new Cookie(...) : Cookie | SensitiveCookieNotHttpOnly.java:91:16:91:21 | cookie : Cookie | provenance | |
| SensitiveCookieNotHttpOnly.java:89:36:89:51 | PRESTO_UI_COOKIE : String | SensitiveCookieNotHttpOnly.java:89:25:89:57 | new Cookie(...) : Cookie | provenance | |
| SensitiveCookieNotHttpOnly.java:89:36:89:51 | PRESTO_UI_COOKIE : String | SensitiveCookieNotHttpOnly.java:89:25:89:57 | new Cookie(...) : Cookie | provenance | Config |
| SensitiveCookieNotHttpOnly.java:89:36:89:51 | PRESTO_UI_COOKIE : String | SensitiveCookieNotHttpOnly.java:89:25:89:57 | new Cookie(...) : Cookie | provenance | MaD:44660 |
| SensitiveCookieNotHttpOnly.java:91:16:91:21 | cookie : Cookie | SensitiveCookieNotHttpOnly.java:110:25:110:64 | createAuthenticationCookie(...) : Cookie | provenance | |
| SensitiveCookieNotHttpOnly.java:110:25:110:64 | createAuthenticationCookie(...) : Cookie | SensitiveCookieNotHttpOnly.java:111:28:111:33 | cookie | provenance | Sink:MaD:44654 |

3
java/ql/test/experimental/query-tests/security/CWE-200/SensitiveAndroidFileLeak.expected
View File

@@ -2,7 +2,7 @@ edges
| FileService.java:20:31:20:43 | intent : Intent | FileService.java:21:28:21:33 | intent : Intent | provenance | |
| FileService.java:21:28:21:33 | intent : Intent | FileService.java:21:28:21:64 | getStringExtra(...) : String | provenance | MaD:330 |
| FileService.java:21:28:21:64 | getStringExtra(...) : String | FileService.java:25:42:25:50 | localPath : String | provenance | |
| FileService.java:25:13:25:51 | makeParamsToExecute(...) : Object[] | FileService.java:40:41:40:55 | params : Object[] | provenance | |
| FileService.java:25:13:25:51 | makeParamsToExecute(...) : Object[] | FileService.java:40:41:40:55 | params : Object[] | provenance | Config |
| FileService.java:25:13:25:51 | makeParamsToExecute(...) : Object[] [[]] : String | FileService.java:25:13:25:51 | makeParamsToExecute(...) : Object[] | provenance | |
| FileService.java:25:42:25:50 | localPath : String | FileService.java:25:13:25:51 | makeParamsToExecute(...) : Object[] [[]] : String | provenance | |
| FileService.java:25:42:25:50 | localPath : String | FileService.java:32:13:32:28 | sourceUri : String | provenance | |
@@ -13,6 +13,7 @@ edges
| FileService.java:44:33:44:52 | (...)... : String[] | FileService.java:45:53:45:59 | ...[...] | provenance | Sink:MaD:42535 |
| LeakFileActivity2.java:15:13:15:18 | intent : Intent | LeakFileActivity2.java:16:26:16:31 | intent : Intent | provenance | |
| LeakFileActivity2.java:16:26:16:31 | intent : Intent | FileService.java:20:31:20:43 | intent : Intent | provenance | |
| LeakFileActivity2.java:16:26:16:31 | intent : Intent | FileService.java:20:31:20:43 | intent : Intent | provenance | Config |
| LeakFileActivity.java:14:35:14:38 | data : Intent | LeakFileActivity.java:18:40:18:59 | contentIntent : Intent | provenance | |
| LeakFileActivity.java:18:40:18:59 | contentIntent : Intent | LeakFileActivity.java:19:31:19:43 | contentIntent : Intent | provenance | |
| LeakFileActivity.java:19:31:19:43 | contentIntent : Intent | LeakFileActivity.java:19:31:19:53 | getData(...) : Uri | provenance | MaD:317 |

4
java/ql/test/experimental/query-tests/security/CWE-400/ThreadResourceAbuse.expected
View File

@@ -19,9 +19,9 @@ edges
| ThreadResourceAbuse.java:209:49:209:59 | uploadDelay : Number | ThreadResourceAbuse.java:209:30:209:87 | new UploadListener(...) : UploadListener [slowUploads] : Number | provenance | |
| ThreadResourceAbuse.java:209:49:209:59 | uploadDelay : Number | UploadListener.java:15:24:15:44 | sleepMilliseconds : Number | provenance | |
| ThreadResourceAbuse.java:215:19:215:50 | getHeader(...) : String | ThreadResourceAbuse.java:219:17:219:26 | retryAfter : Number | provenance | Src:MaD:44641 TaintPreservingCallable |
| ThreadResourceAbuse.java:219:17:219:26 | retryAfter : Number | ThreadResourceAbuse.java:219:17:219:33 | ... * ... | provenance | Sink:MaD:1982 |
| ThreadResourceAbuse.java:219:17:219:26 | retryAfter : Number | ThreadResourceAbuse.java:219:17:219:33 | ... * ... | provenance | Config Sink:MaD:1982 |
| ThreadResourceAbuse.java:227:19:227:50 | getHeader(...) : String | ThreadResourceAbuse.java:230:3:230:12 | retryAfter : Number | provenance | Src:MaD:44641 TaintPreservingCallable |
| ThreadResourceAbuse.java:230:3:230:12 | retryAfter : Number | ThreadResourceAbuse.java:230:3:230:20 | ...*=... : Number | provenance | |
| ThreadResourceAbuse.java:230:3:230:12 | retryAfter : Number | ThreadResourceAbuse.java:230:3:230:20 | ...*=... : Number | provenance | Config |
| ThreadResourceAbuse.java:230:3:230:20 | ...*=... : Number | ThreadResourceAbuse.java:233:17:233:26 | retryAfter | provenance | Sink:MaD:1982 |
| UploadListener.java:15:24:15:44 | sleepMilliseconds : Number | UploadListener.java:16:17:16:33 | sleepMilliseconds : Number | provenance | |
| UploadListener.java:16:3:16:13 | this <.field> [post update] : UploadListener [slowUploads] : Number | UploadListener.java:15:9:15:22 | parameter this [Return] : UploadListener [slowUploads] : Number | provenance | |

2
java/ql/test/experimental/query-tests/security/CWE-470/LoadClassNoSignatureCheck.expected
View File

@@ -1,6 +1,6 @@
edges
| BadClassLoader.java:15:42:16:75 | createPackageContext(...) : Context | BadClassLoader.java:17:47:17:56 | appContext : Context | provenance | |
| BadClassLoader.java:17:47:17:56 | appContext : Context | BadClassLoader.java:17:47:17:73 | getClassLoader(...) : ClassLoader | provenance | |
| BadClassLoader.java:17:47:17:56 | appContext : Context | BadClassLoader.java:17:47:17:73 | getClassLoader(...) : ClassLoader | provenance | Config |
| BadClassLoader.java:17:47:17:73 | getClassLoader(...) : ClassLoader | BadClassLoader.java:18:37:18:47 | classLoader | provenance | |
nodes
| BadClassLoader.java:15:42:16:75 | createPackageContext(...) : Context | semmle.label | createPackageContext(...) : Context |

18
java/ql/test/experimental/query-tests/security/CWE-470/UnsafeReflection.expected
View File

@@ -2,17 +2,17 @@ edges
| UnsafeReflection.java:21:28:21:60 | getParameter(...) : String | UnsafeReflection.java:24:41:24:49 | className : String | provenance | Src:MaD:44663 |
| UnsafeReflection.java:22:33:22:70 | getParameter(...) : String | UnsafeReflection.java:25:76:25:89 | parameterValue | provenance | Src:MaD:44663 |
| UnsafeReflection.java:24:27:24:50 | forName(...) : Class | UnsafeReflection.java:25:29:25:33 | clazz : Class | provenance | |
| UnsafeReflection.java:24:41:24:49 | className : String | UnsafeReflection.java:24:27:24:50 | forName(...) : Class | provenance | |
| UnsafeReflection.java:25:29:25:33 | clazz : Class | UnsafeReflection.java:25:29:25:59 | getDeclaredConstructors(...) : Constructor[] | provenance | |
| UnsafeReflection.java:24:41:24:49 | className : String | UnsafeReflection.java:24:27:24:50 | forName(...) : Class | provenance | Config |
| UnsafeReflection.java:25:29:25:33 | clazz : Class | UnsafeReflection.java:25:29:25:59 | getDeclaredConstructors(...) : Constructor[] | provenance | Config |
| UnsafeReflection.java:25:29:25:59 | getDeclaredConstructors(...) : Constructor[] | UnsafeReflection.java:25:29:25:62 | ...[...] | provenance | |
| UnsafeReflection.java:33:28:33:60 | getParameter(...) : String | UnsafeReflection.java:37:49:37:57 | className : String | provenance | Src:MaD:44663 |
| UnsafeReflection.java:34:33:34:70 | getParameter(...) : String | UnsafeReflection.java:39:58:39:71 | parameterValue | provenance | Src:MaD:44663 |
| UnsafeReflection.java:37:27:37:58 | loadClass(...) : Class | UnsafeReflection.java:38:29:38:33 | clazz : Class | provenance | |
| UnsafeReflection.java:37:49:37:57 | className : String | UnsafeReflection.java:37:27:37:58 | loadClass(...) : Class | provenance | |
| UnsafeReflection.java:38:29:38:33 | clazz : Class | UnsafeReflection.java:38:29:38:47 | newInstance(...) : Object | provenance | |
| UnsafeReflection.java:37:49:37:57 | className : String | UnsafeReflection.java:37:27:37:58 | loadClass(...) : Class | provenance | Config |
| UnsafeReflection.java:38:29:38:33 | clazz : Class | UnsafeReflection.java:38:29:38:47 | newInstance(...) : Object | provenance | Config |
| UnsafeReflection.java:38:29:38:33 | clazz : Class | UnsafeReflection.java:39:13:39:17 | clazz : Class | provenance | |
| UnsafeReflection.java:38:29:38:47 | newInstance(...) : Object | UnsafeReflection.java:39:50:39:55 | object | provenance | |
| UnsafeReflection.java:39:13:39:17 | clazz : Class | UnsafeReflection.java:39:13:39:38 | getDeclaredMethods(...) : Method[] | provenance | |
| UnsafeReflection.java:39:13:39:17 | clazz : Class | UnsafeReflection.java:39:13:39:38 | getDeclaredMethods(...) : Method[] | provenance | Config |
| UnsafeReflection.java:39:13:39:38 | getDeclaredMethods(...) : Method[] | UnsafeReflection.java:39:13:39:41 | ...[...] | provenance | |
| UnsafeReflection.java:46:24:46:82 | beanIdOrClassName : String | UnsafeReflection.java:53:30:53:46 | beanIdOrClassName : String | provenance | |
| UnsafeReflection.java:46:132:46:168 | body : Map | UnsafeReflection.java:49:37:49:40 | body : Map | provenance | |
@@ -27,12 +27,12 @@ edges
| UnsafeReflection.java:104:34:104:57 | beanIdOrClassName : String | UnsafeReflection.java:108:39:108:55 | beanIdOrClassName : String | provenance | |
| UnsafeReflection.java:104:102:104:118 | data : List | UnsafeReflection.java:119:41:119:44 | data | provenance | |
| UnsafeReflection.java:108:25:108:56 | forName(...) : Class | UnsafeReflection.java:109:31:109:39 | beanClass : Class | provenance | |
| UnsafeReflection.java:108:39:108:55 | beanIdOrClassName : String | UnsafeReflection.java:108:25:108:56 | forName(...) : Class | provenance | |
| UnsafeReflection.java:108:39:108:55 | beanIdOrClassName : String | UnsafeReflection.java:108:25:108:56 | forName(...) : Class | provenance | Config |
| UnsafeReflection.java:109:11:109:40 | getBean(...) : Object | UnsafeReflection.java:113:30:113:33 | bean : Object | provenance | |
| UnsafeReflection.java:109:31:109:39 | beanClass : Class | UnsafeReflection.java:109:11:109:40 | getBean(...) : Object | provenance | |
| UnsafeReflection.java:113:30:113:33 | bean : Object | UnsafeReflection.java:113:30:113:44 | getClass(...) : Class | provenance | |
| UnsafeReflection.java:109:31:109:39 | beanClass : Class | UnsafeReflection.java:109:11:109:40 | getBean(...) : Object | provenance | Config |
| UnsafeReflection.java:113:30:113:33 | bean : Object | UnsafeReflection.java:113:30:113:44 | getClass(...) : Class | provenance | Config |
| UnsafeReflection.java:113:30:113:33 | bean : Object | UnsafeReflection.java:119:35:119:38 | bean | provenance | |
| UnsafeReflection.java:113:30:113:44 | getClass(...) : Class | UnsafeReflection.java:113:30:113:57 | getMethods(...) : Method[] | provenance | |
| UnsafeReflection.java:113:30:113:44 | getClass(...) : Class | UnsafeReflection.java:113:30:113:57 | getMethods(...) : Method[] | provenance | Config |
| UnsafeReflection.java:113:30:113:57 | getMethods(...) : Method[] | UnsafeReflection.java:119:21:119:26 | method | provenance | |
nodes
| UnsafeReflection.java:21:28:21:60 | getParameter(...) : String | semmle.label | getParameter(...) : String |

2
java/ql/test/experimental/query-tests/security/CWE-502/UnsafeDeserializationRmi.expected
View File

@@ -1,5 +1,5 @@
edges
| UnsafeDeserializationRmi.java:17:68:17:95 | new UnsafeRemoteObjectImpl(...) : UnsafeRemoteObjectImpl | UnsafeDeserializationRmi.java:17:35:17:96 | exportObject(...) | provenance | |
| UnsafeDeserializationRmi.java:17:68:17:95 | new UnsafeRemoteObjectImpl(...) : UnsafeRemoteObjectImpl | UnsafeDeserializationRmi.java:17:35:17:96 | exportObject(...) | provenance | Config |
nodes
| UnsafeDeserializationRmi.java:15:33:15:60 | new UnsafeRemoteObjectImpl(...) | semmle.label | new UnsafeRemoteObjectImpl(...) |
| UnsafeDeserializationRmi.java:16:35:16:62 | new UnsafeRemoteObjectImpl(...) | semmle.label | new UnsafeRemoteObjectImpl(...) |

4
java/ql/test/experimental/query-tests/security/CWE-601/SpringUrlRedirect.expected
View File

@@ -14,7 +14,7 @@ edges
| SpringUrlRedirect.java:91:38:91:48 | redirectUrl : String | SpringUrlRedirect.java:91:27:91:49 | create(...) | provenance | MaD:42953 |
| SpringUrlRedirect.java:96:39:96:56 | redirectUrl : String | SpringUrlRedirect.java:98:44:98:54 | redirectUrl : String | provenance | |
| SpringUrlRedirect.java:98:9:98:19 | httpHeaders : HttpHeaders | SpringUrlRedirect.java:100:37:100:47 | httpHeaders | provenance | |
| SpringUrlRedirect.java:98:33:98:55 | create(...) : URI | SpringUrlRedirect.java:98:9:98:19 | httpHeaders : HttpHeaders | provenance | |
| SpringUrlRedirect.java:98:33:98:55 | create(...) : URI | SpringUrlRedirect.java:98:9:98:19 | httpHeaders : HttpHeaders | provenance | Config |
| SpringUrlRedirect.java:98:44:98:54 | redirectUrl : String | SpringUrlRedirect.java:98:33:98:55 | create(...) : URI | provenance | MaD:42953 |
| SpringUrlRedirect.java:104:39:104:56 | redirectUrl : String | SpringUrlRedirect.java:106:37:106:47 | redirectUrl : String | provenance | |
| SpringUrlRedirect.java:106:9:106:19 | httpHeaders [post update] : HttpHeaders | SpringUrlRedirect.java:108:68:108:78 | httpHeaders | provenance | |
@@ -33,7 +33,7 @@ edges
| SpringUrlRedirect.java:122:37:122:47 | redirectUrl : String | SpringUrlRedirect.java:122:9:122:19 | httpHeaders [post update] : HttpHeaders [<map.value>, <element>] : String | provenance | MaD:49439 |
| SpringUrlRedirect.java:128:33:128:50 | redirectUrl : String | SpringUrlRedirect.java:130:44:130:54 | redirectUrl : String | provenance | |
| SpringUrlRedirect.java:130:9:130:19 | httpHeaders : HttpHeaders | SpringUrlRedirect.java:132:49:132:59 | httpHeaders | provenance | |
| SpringUrlRedirect.java:130:33:130:55 | create(...) : URI | SpringUrlRedirect.java:130:9:130:19 | httpHeaders : HttpHeaders | provenance | |
| SpringUrlRedirect.java:130:33:130:55 | create(...) : URI | SpringUrlRedirect.java:130:9:130:19 | httpHeaders : HttpHeaders | provenance | Config |
| SpringUrlRedirect.java:130:44:130:54 | redirectUrl : String | SpringUrlRedirect.java:130:33:130:55 | create(...) : URI | provenance | MaD:42953 |
nodes
| SpringUrlRedirect.java:17:30:17:47 | redirectUrl : String | semmle.label | redirectUrl : String |

8
java/ql/test/experimental/query-tests/security/CWE-652/XQueryInjection.expected
View File

@@ -1,22 +1,22 @@
edges
| XQueryInjection.java:45:23:45:50 | getParameter(...) : String | XQueryInjection.java:50:60:50:64 | query : String | provenance | Src:MaD:44663 |
| XQueryInjection.java:50:37:50:65 | prepareExpression(...) : XQPreparedExpression | XQueryInjection.java:51:35:51:38 | xqpe | provenance | |
| XQueryInjection.java:50:60:50:64 | query : String | XQueryInjection.java:50:37:50:65 | prepareExpression(...) : XQPreparedExpression | provenance | |
| XQueryInjection.java:50:60:50:64 | query : String | XQueryInjection.java:50:37:50:65 | prepareExpression(...) : XQPreparedExpression | provenance | Config |
| XQueryInjection.java:59:23:59:50 | getParameter(...) : String | XQueryInjection.java:65:53:65:57 | query | provenance | Src:MaD:44663 |
| XQueryInjection.java:73:32:73:59 | nameStr : String | XQueryInjection.java:78:60:78:64 | query : String | provenance | |
| XQueryInjection.java:78:37:78:65 | prepareExpression(...) : XQPreparedExpression | XQueryInjection.java:79:35:79:38 | xqpe | provenance | |
| XQueryInjection.java:78:60:78:64 | query : String | XQueryInjection.java:78:37:78:65 | prepareExpression(...) : XQPreparedExpression | provenance | |
| XQueryInjection.java:78:60:78:64 | query : String | XQueryInjection.java:78:37:78:65 | prepareExpression(...) : XQPreparedExpression | provenance | Config |
| XQueryInjection.java:86:33:86:60 | nameStr : String | XQueryInjection.java:92:53:92:57 | query | provenance | |
| XQueryInjection.java:100:28:100:51 | getInputStream(...) : ServletInputStream | XQueryInjection.java:103:60:103:63 | name : ServletInputStream | provenance | Src:MaD:44662 |
| XQueryInjection.java:103:37:103:64 | prepareExpression(...) : XQPreparedExpression | XQueryInjection.java:104:35:104:38 | xqpe | provenance | |
| XQueryInjection.java:103:60:103:63 | name : ServletInputStream | XQueryInjection.java:103:37:103:64 | prepareExpression(...) : XQPreparedExpression | provenance | |
| XQueryInjection.java:103:60:103:63 | name : ServletInputStream | XQueryInjection.java:103:37:103:64 | prepareExpression(...) : XQPreparedExpression | provenance | Config |
| XQueryInjection.java:112:28:112:51 | getInputStream(...) : ServletInputStream | XQueryInjection.java:116:53:116:56 | name | provenance | Src:MaD:44662 |
| XQueryInjection.java:124:28:124:51 | getInputStream(...) : ServletInputStream | XQueryInjection.java:125:70:125:73 | name : ServletInputStream | provenance | Src:MaD:44662 |
| XQueryInjection.java:125:29:125:75 | new BufferedReader(...) : BufferedReader | XQueryInjection.java:128:60:128:61 | br : BufferedReader | provenance | |
| XQueryInjection.java:125:48:125:74 | new InputStreamReader(...) : InputStreamReader | XQueryInjection.java:125:29:125:75 | new BufferedReader(...) : BufferedReader | provenance | MaD:42579 |
| XQueryInjection.java:125:70:125:73 | name : ServletInputStream | XQueryInjection.java:125:48:125:74 | new InputStreamReader(...) : InputStreamReader | provenance | MaD:42613 |
| XQueryInjection.java:128:37:128:62 | prepareExpression(...) : XQPreparedExpression | XQueryInjection.java:129:35:129:38 | xqpe | provenance | |
| XQueryInjection.java:128:60:128:61 | br : BufferedReader | XQueryInjection.java:128:37:128:62 | prepareExpression(...) : XQPreparedExpression | provenance | |
| XQueryInjection.java:128:60:128:61 | br : BufferedReader | XQueryInjection.java:128:37:128:62 | prepareExpression(...) : XQPreparedExpression | provenance | Config |
| XQueryInjection.java:137:28:137:51 | getInputStream(...) : ServletInputStream | XQueryInjection.java:138:70:138:73 | name : ServletInputStream | provenance | Src:MaD:44662 |
| XQueryInjection.java:138:29:138:75 | new BufferedReader(...) : BufferedReader | XQueryInjection.java:142:53:142:54 | br | provenance | |
| XQueryInjection.java:138:48:138:74 | new InputStreamReader(...) : InputStreamReader | XQueryInjection.java:138:29:138:75 | new BufferedReader(...) : BufferedReader | provenance | MaD:42579 |

2
java/ql/test/query-tests/security/CWE-089/semmle/examples/SqlTainted.expected
View File

@@ -1,7 +1,7 @@
edges
| Mongo.java:10:29:10:41 | args : String[] | Mongo.java:17:56:17:66 | stringQuery : String | provenance | |
| Mongo.java:10:29:10:41 | args : String[] | Mongo.java:21:49:21:52 | json | provenance | |
| Mongo.java:17:56:17:66 | stringQuery : String | Mongo.java:17:45:17:67 | parse(...) | provenance | |
| Mongo.java:17:56:17:66 | stringQuery : String | Mongo.java:17:45:17:67 | parse(...) | provenance | Config |
| Test.java:29:30:29:42 | args : String[] | Test.java:36:47:36:52 | query1 | provenance | Sink:MaD:43189 |
| Test.java:29:30:29:42 | args : String[] | Test.java:42:57:42:62 | query2 | provenance | Sink:MaD:43177 |
| Test.java:29:30:29:42 | args : String[] | Test.java:50:62:50:67 | query3 | provenance | Sink:MaD:43178 |

129
java/ql/test/query-tests/security/CWE-090/LdapInjection.expected
View File

@@ -3,156 +3,157 @@ edges
| LdapInjection.java:45:55:45:81 | jBadDN : String | LdapInjection.java:47:16:47:35 | ... + ... | provenance | Sink:MaD:44615 |
| LdapInjection.java:51:28:51:52 | jBad : String | LdapInjection.java:53:56:53:75 | ... + ... | provenance | Sink:MaD:44615 |
| LdapInjection.java:51:55:51:85 | jBadDNName : String | LdapInjection.java:53:29:53:52 | ... + ... : String | provenance | |
| LdapInjection.java:53:29:53:52 | ... + ... : String | LdapInjection.java:53:16:53:53 | new LdapName(...) | provenance | Sink:MaD:44615 |
| LdapInjection.java:53:29:53:52 | ... + ... : String | LdapInjection.java:53:16:53:53 | new LdapName(...) | provenance | Config Sink:MaD:44615 |
| LdapInjection.java:53:29:53:52 | ... + ... : String | LdapInjection.java:53:16:53:53 | new LdapName(...) | provenance | MaD:12746 Sink:MaD:44615 |
| LdapInjection.java:57:28:57:52 | jBad : String | LdapInjection.java:59:63:59:82 | ... + ... | provenance | Sink:MaD:44615 |
| LdapInjection.java:63:28:63:59 | jBadInitial : String | LdapInjection.java:65:29:65:55 | ... + ... | provenance | Sink:MaD:44615 |
| LdapInjection.java:69:28:69:52 | jBad : String | LdapInjection.java:71:84:71:103 | ... + ... | provenance | Sink:MaD:44615 |
| LdapInjection.java:69:55:69:88 | jBadDNNameAdd : String | LdapInjection.java:71:53:71:79 | ... + ... : String | provenance | |
| LdapInjection.java:71:16:71:31 | new LdapName(...) : LdapName | LdapInjection.java:71:16:71:81 | addAll(...) | provenance | MaD:12895 Sink:MaD:44615 |
| LdapInjection.java:71:40:71:80 | new LdapName(...) : LdapName | LdapInjection.java:71:16:71:31 | new LdapName(...) : LdapName | provenance | |
| LdapInjection.java:71:40:71:80 | new LdapName(...) : LdapName | LdapInjection.java:71:16:71:81 | addAll(...) | provenance | Sink:MaD:44615 |
| LdapInjection.java:71:53:71:79 | ... + ... : String | LdapInjection.java:71:40:71:80 | new LdapName(...) : LdapName | provenance | |
| LdapInjection.java:71:40:71:80 | new LdapName(...) : LdapName | LdapInjection.java:71:16:71:31 | new LdapName(...) : LdapName | provenance | Config |
| LdapInjection.java:71:40:71:80 | new LdapName(...) : LdapName | LdapInjection.java:71:16:71:81 | addAll(...) | provenance | Config Sink:MaD:44615 |
| LdapInjection.java:71:53:71:79 | ... + ... : String | LdapInjection.java:71:40:71:80 | new LdapName(...) : LdapName | provenance | Config |
| LdapInjection.java:71:53:71:79 | ... + ... : String | LdapInjection.java:71:40:71:80 | new LdapName(...) : LdapName | provenance | MaD:12746 |
| LdapInjection.java:75:28:75:52 | jBad : String | LdapInjection.java:79:47:79:66 | ... + ... | provenance | Sink:MaD:44615 |
| LdapInjection.java:75:55:75:89 | jBadDNNameAdd2 : String | LdapInjection.java:78:30:78:57 | ... + ... : String | provenance | |
| LdapInjection.java:78:5:78:8 | name : LdapName | LdapInjection.java:79:40:79:43 | name : LdapName | provenance | |
| LdapInjection.java:78:5:78:8 | name [post update] : LdapName | LdapInjection.java:79:40:79:43 | name : LdapName | provenance | |
| LdapInjection.java:78:17:78:58 | new LdapName(...) : LdapName | LdapInjection.java:78:17:78:68 | getRdns(...) : List | provenance | |
| LdapInjection.java:78:17:78:58 | new LdapName(...) : LdapName | LdapInjection.java:78:17:78:68 | getRdns(...) : List | provenance | Config |
| LdapInjection.java:78:17:78:58 | new LdapName(...) : LdapName | LdapInjection.java:78:17:78:68 | getRdns(...) : List | provenance | MaD:12758 |
| LdapInjection.java:78:17:78:68 | getRdns(...) : List | LdapInjection.java:78:5:78:8 | name : LdapName | provenance | |
| LdapInjection.java:78:17:78:68 | getRdns(...) : List | LdapInjection.java:78:5:78:8 | name : LdapName | provenance | Config |
| LdapInjection.java:78:17:78:68 | getRdns(...) : List | LdapInjection.java:78:5:78:8 | name [post update] : LdapName | provenance | MaD:12752 |
| LdapInjection.java:78:30:78:57 | ... + ... : String | LdapInjection.java:78:17:78:58 | new LdapName(...) : LdapName | provenance | |
| LdapInjection.java:78:30:78:57 | ... + ... : String | LdapInjection.java:78:17:78:58 | new LdapName(...) : LdapName | provenance | Config |
| LdapInjection.java:78:30:78:57 | ... + ... : String | LdapInjection.java:78:17:78:58 | new LdapName(...) : LdapName | provenance | MaD:12746 |
| LdapInjection.java:79:16:79:31 | new LdapName(...) : LdapName | LdapInjection.java:79:16:79:44 | addAll(...) | provenance | MaD:12895 Sink:MaD:44615 |
| LdapInjection.java:79:40:79:43 | name : LdapName | LdapInjection.java:79:16:79:31 | new LdapName(...) : LdapName | provenance | |
| LdapInjection.java:79:40:79:43 | name : LdapName | LdapInjection.java:79:16:79:44 | addAll(...) | provenance | Sink:MaD:44615 |
| LdapInjection.java:79:40:79:43 | name : LdapName | LdapInjection.java:79:16:79:31 | new LdapName(...) : LdapName | provenance | Config |
| LdapInjection.java:79:40:79:43 | name : LdapName | LdapInjection.java:79:16:79:44 | addAll(...) | provenance | Config Sink:MaD:44615 |
| LdapInjection.java:83:28:83:52 | jBad : String | LdapInjection.java:85:75:85:94 | ... + ... | provenance | Sink:MaD:44615 |
| LdapInjection.java:83:55:83:93 | jBadDNNameToString : String | LdapInjection.java:85:29:85:60 | ... + ... : String | provenance | |
| LdapInjection.java:85:16:85:61 | new LdapName(...) : LdapName | LdapInjection.java:85:16:85:72 | toString(...) | provenance | Sink:MaD:44615 |
| LdapInjection.java:85:29:85:60 | ... + ... : String | LdapInjection.java:85:16:85:61 | new LdapName(...) : LdapName | provenance | |
| LdapInjection.java:85:16:85:61 | new LdapName(...) : LdapName | LdapInjection.java:85:16:85:72 | toString(...) | provenance | Config Sink:MaD:44615 |
| LdapInjection.java:85:29:85:60 | ... + ... : String | LdapInjection.java:85:16:85:61 | new LdapName(...) : LdapName | provenance | Config |
| LdapInjection.java:85:29:85:60 | ... + ... : String | LdapInjection.java:85:16:85:61 | new LdapName(...) : LdapName | provenance | MaD:12746 |
| LdapInjection.java:89:28:89:52 | jBad : String | LdapInjection.java:91:76:91:95 | ... + ... | provenance | Sink:MaD:44615 |
| LdapInjection.java:89:55:89:90 | jBadDNNameClone : String | LdapInjection.java:91:36:91:64 | ... + ... : String | provenance | |
| LdapInjection.java:91:23:91:65 | new LdapName(...) : LdapName | LdapInjection.java:91:23:91:73 | clone(...) : Object | provenance | |
| LdapInjection.java:91:23:91:65 | new LdapName(...) : LdapName | LdapInjection.java:91:23:91:73 | clone(...) : Object | provenance | Config |
| LdapInjection.java:91:23:91:73 | clone(...) : Object | LdapInjection.java:91:16:91:73 | (...)... | provenance | Sink:MaD:44615 |
| LdapInjection.java:91:36:91:64 | ... + ... : String | LdapInjection.java:91:23:91:65 | new LdapName(...) : LdapName | provenance | |
| LdapInjection.java:91:36:91:64 | ... + ... : String | LdapInjection.java:91:23:91:65 | new LdapName(...) : LdapName | provenance | Config |
| LdapInjection.java:91:36:91:64 | ... + ... : String | LdapInjection.java:91:23:91:65 | new LdapName(...) : LdapName | provenance | MaD:12746 |
| LdapInjection.java:100:27:100:59 | jOkAttribute : String | LdapInjection.java:101:49:101:60 | jOkAttribute : String | provenance | |
| LdapInjection.java:101:49:101:60 | jOkAttribute : String | LdapInjection.java:101:29:101:75 | new BasicAttributes(...) | provenance | MaD:12612 Sink:MaD:44615 |
| LdapInjection.java:106:31:106:55 | uBad : String | LdapInjection.java:108:67:108:86 | ... + ... | provenance | Sink:MaD:1935 |
| LdapInjection.java:106:58:106:84 | uBadDN : String | LdapInjection.java:108:20:108:39 | ... + ... | provenance | Sink:MaD:1935 |
| LdapInjection.java:112:31:112:67 | uBadFilterCreate : String | LdapInjection.java:113:72:113:87 | uBadFilterCreate : String | provenance | |
| LdapInjection.java:113:72:113:87 | uBadFilterCreate : String | LdapInjection.java:113:58:113:88 | create(...) | provenance | Sink:MaD:1934 |
| LdapInjection.java:113:72:113:87 | uBadFilterCreate : String | LdapInjection.java:113:58:113:88 | create(...) | provenance | Config Sink:MaD:1934 |
| LdapInjection.java:117:31:117:70 | uBadROSearchRequest : String | LdapInjection.java:120:9:120:43 | ... + ... : String | provenance | |
| LdapInjection.java:117:73:117:103 | uBadROSRDN : String | LdapInjection.java:119:55:119:78 | ... + ... : String | provenance | |
| LdapInjection.java:119:31:120:44 | new SearchRequest(...) : SearchRequest | LdapInjection.java:121:14:121:14 | s | provenance | Sink:MaD:1932 |
| LdapInjection.java:119:55:119:78 | ... + ... : String | LdapInjection.java:119:31:120:44 | new SearchRequest(...) : SearchRequest | provenance | |
| LdapInjection.java:120:9:120:43 | ... + ... : String | LdapInjection.java:119:31:120:44 | new SearchRequest(...) : SearchRequest | provenance | |
| LdapInjection.java:119:55:119:78 | ... + ... : String | LdapInjection.java:119:31:120:44 | new SearchRequest(...) : SearchRequest | provenance | Config |
| LdapInjection.java:120:9:120:43 | ... + ... : String | LdapInjection.java:119:31:120:44 | new SearchRequest(...) : SearchRequest | provenance | Config |
| LdapInjection.java:125:31:125:68 | uBadSearchRequest : String | LdapInjection.java:128:9:128:41 | ... + ... : String | provenance | |
| LdapInjection.java:125:71:125:99 | uBadSRDN : String | LdapInjection.java:127:47:127:68 | ... + ... : String | provenance | |
| LdapInjection.java:127:23:128:42 | new SearchRequest(...) : SearchRequest | LdapInjection.java:129:14:129:14 | s | provenance | Sink:MaD:1933 |
| LdapInjection.java:127:47:127:68 | ... + ... : String | LdapInjection.java:127:23:128:42 | new SearchRequest(...) : SearchRequest | provenance | |
| LdapInjection.java:128:9:128:41 | ... + ... : String | LdapInjection.java:127:23:128:42 | new SearchRequest(...) : SearchRequest | provenance | |
| LdapInjection.java:127:47:127:68 | ... + ... : String | LdapInjection.java:127:23:128:42 | new SearchRequest(...) : SearchRequest | provenance | Config |
| LdapInjection.java:128:9:128:41 | ... + ... : String | LdapInjection.java:127:23:128:42 | new SearchRequest(...) : SearchRequest | provenance | Config |
| LdapInjection.java:133:31:133:55 | uBad : String | LdapInjection.java:135:69:135:88 | ... + ... | provenance | Sink:MaD:1945 |
| LdapInjection.java:133:58:133:87 | uBadDNSFR : String | LdapInjection.java:135:22:135:44 | ... + ... | provenance | Sink:MaD:1945 |
| LdapInjection.java:139:31:139:75 | uBadROSearchRequestAsync : String | LdapInjection.java:142:9:142:48 | ... + ... : String | provenance | |
| LdapInjection.java:139:78:139:113 | uBadROSRDNAsync : String | LdapInjection.java:141:55:141:83 | ... + ... : String | provenance | |
| LdapInjection.java:141:31:142:49 | new SearchRequest(...) : SearchRequest | LdapInjection.java:143:19:143:19 | s | provenance | Sink:MaD:1931 |
| LdapInjection.java:141:55:141:83 | ... + ... : String | LdapInjection.java:141:31:142:49 | new SearchRequest(...) : SearchRequest | provenance | |
| LdapInjection.java:142:9:142:48 | ... + ... : String | LdapInjection.java:141:31:142:49 | new SearchRequest(...) : SearchRequest | provenance | |
| LdapInjection.java:141:55:141:83 | ... + ... : String | LdapInjection.java:141:31:142:49 | new SearchRequest(...) : SearchRequest | provenance | Config |
| LdapInjection.java:142:9:142:48 | ... + ... : String | LdapInjection.java:141:31:142:49 | new SearchRequest(...) : SearchRequest | provenance | Config |
| LdapInjection.java:147:31:147:73 | uBadSearchRequestAsync : String | LdapInjection.java:150:9:150:46 | ... + ... : String | provenance | |
| LdapInjection.java:147:76:147:109 | uBadSRDNAsync : String | LdapInjection.java:149:47:149:73 | ... + ... : String | provenance | |
| LdapInjection.java:149:23:150:47 | new SearchRequest(...) : SearchRequest | LdapInjection.java:151:19:151:19 | s | provenance | Sink:MaD:1931 |
| LdapInjection.java:149:47:149:73 | ... + ... : String | LdapInjection.java:149:23:150:47 | new SearchRequest(...) : SearchRequest | provenance | |
| LdapInjection.java:150:9:150:46 | ... + ... : String | LdapInjection.java:149:23:150:47 | new SearchRequest(...) : SearchRequest | provenance | |
| LdapInjection.java:149:47:149:73 | ... + ... : String | LdapInjection.java:149:23:150:47 | new SearchRequest(...) : SearchRequest | provenance | Config |
| LdapInjection.java:150:9:150:46 | ... + ... : String | LdapInjection.java:149:23:150:47 | new SearchRequest(...) : SearchRequest | provenance | Config |
| LdapInjection.java:155:31:155:70 | uBadFilterCreateNOT : String | LdapInjection.java:156:95:156:113 | uBadFilterCreateNOT : String | provenance | |
| LdapInjection.java:156:81:156:114 | create(...) : Filter | LdapInjection.java:156:58:156:115 | createNOTFilter(...) | provenance | Sink:MaD:1934 |
| LdapInjection.java:156:95:156:113 | uBadFilterCreateNOT : String | LdapInjection.java:156:81:156:114 | create(...) : Filter | provenance | |
| LdapInjection.java:156:81:156:114 | create(...) : Filter | LdapInjection.java:156:58:156:115 | createNOTFilter(...) | provenance | Config Sink:MaD:1934 |
| LdapInjection.java:156:95:156:113 | uBadFilterCreateNOT : String | LdapInjection.java:156:81:156:114 | create(...) : Filter | provenance | Config |
| LdapInjection.java:160:31:160:75 | uBadFilterCreateToString : String | LdapInjection.java:161:72:161:95 | uBadFilterCreateToString : String | provenance | |
| LdapInjection.java:161:58:161:96 | create(...) : Filter | LdapInjection.java:161:58:161:107 | toString(...) | provenance | Sink:MaD:1935 |
| LdapInjection.java:161:72:161:95 | uBadFilterCreateToString : String | LdapInjection.java:161:58:161:96 | create(...) : Filter | provenance | |
| LdapInjection.java:161:58:161:96 | create(...) : Filter | LdapInjection.java:161:58:161:107 | toString(...) | provenance | Config Sink:MaD:1935 |
| LdapInjection.java:161:72:161:95 | uBadFilterCreateToString : String | LdapInjection.java:161:58:161:96 | create(...) : Filter | provenance | Config |
| LdapInjection.java:165:32:165:82 | uBadFilterCreateToStringBuffer : String | LdapInjection.java:167:19:167:48 | uBadFilterCreateToStringBuffer : String | provenance | |
| LdapInjection.java:167:5:167:49 | create(...) : Filter | LdapInjection.java:167:70:167:70 | b : StringBuilder | provenance | |
| LdapInjection.java:167:19:167:48 | uBadFilterCreateToStringBuffer : String | LdapInjection.java:167:5:167:49 | create(...) : Filter | provenance | |
| LdapInjection.java:167:5:167:49 | create(...) : Filter | LdapInjection.java:167:70:167:70 | b : StringBuilder | provenance | Config |
| LdapInjection.java:167:19:167:48 | uBadFilterCreateToStringBuffer : String | LdapInjection.java:167:5:167:49 | create(...) : Filter | provenance | Config |
| LdapInjection.java:167:70:167:70 | b : StringBuilder | LdapInjection.java:168:58:168:58 | b : StringBuilder | provenance | |
| LdapInjection.java:168:58:168:58 | b : StringBuilder | LdapInjection.java:168:58:168:69 | toString(...) | provenance | MaD:42705 Sink:MaD:1935 |
| LdapInjection.java:172:32:172:78 | uBadSearchRequestDuplicate : String | LdapInjection.java:175:9:175:50 | ... + ... : String | provenance | |
| LdapInjection.java:174:23:175:51 | new SearchRequest(...) : SearchRequest | LdapInjection.java:176:14:176:14 | s : SearchRequest | provenance | |
| LdapInjection.java:175:9:175:50 | ... + ... : String | LdapInjection.java:174:23:175:51 | new SearchRequest(...) : SearchRequest | provenance | |
| LdapInjection.java:176:14:176:14 | s : SearchRequest | LdapInjection.java:176:14:176:26 | duplicate(...) | provenance | Sink:MaD:1933 |
| LdapInjection.java:175:9:175:50 | ... + ... : String | LdapInjection.java:174:23:175:51 | new SearchRequest(...) : SearchRequest | provenance | Config |
| LdapInjection.java:176:14:176:14 | s : SearchRequest | LdapInjection.java:176:14:176:26 | duplicate(...) | provenance | Config Sink:MaD:1933 |
| LdapInjection.java:180:32:180:80 | uBadROSearchRequestDuplicate : String | LdapInjection.java:183:9:183:52 | ... + ... : String | provenance | |
| LdapInjection.java:182:31:183:53 | new SearchRequest(...) : SearchRequest | LdapInjection.java:184:14:184:14 | s : SearchRequest | provenance | |
| LdapInjection.java:183:9:183:52 | ... + ... : String | LdapInjection.java:182:31:183:53 | new SearchRequest(...) : SearchRequest | provenance | |
| LdapInjection.java:184:14:184:14 | s : SearchRequest | LdapInjection.java:184:14:184:26 | duplicate(...) | provenance | Sink:MaD:1933 |
| LdapInjection.java:183:9:183:52 | ... + ... : String | LdapInjection.java:182:31:183:53 | new SearchRequest(...) : SearchRequest | provenance | Config |
| LdapInjection.java:184:14:184:14 | s : SearchRequest | LdapInjection.java:184:14:184:26 | duplicate(...) | provenance | Config Sink:MaD:1933 |
| LdapInjection.java:188:32:188:74 | uBadSearchRequestSetDN : String | LdapInjection.java:191:17:191:38 | uBadSearchRequestSetDN : String | provenance | |
| LdapInjection.java:191:5:191:5 | s : SearchRequest | LdapInjection.java:192:14:192:14 | s | provenance | Sink:MaD:1933 |
| LdapInjection.java:191:17:191:38 | uBadSearchRequestSetDN : String | LdapInjection.java:191:5:191:5 | s : SearchRequest | provenance | |
| LdapInjection.java:191:17:191:38 | uBadSearchRequestSetDN : String | LdapInjection.java:191:5:191:5 | s : SearchRequest | provenance | Config |
| LdapInjection.java:196:32:196:78 | uBadSearchRequestSetFilter : String | LdapInjection.java:199:17:199:42 | uBadSearchRequestSetFilter : String | provenance | |
| LdapInjection.java:199:5:199:5 | s : SearchRequest | LdapInjection.java:200:14:200:14 | s | provenance | Sink:MaD:1933 |
| LdapInjection.java:199:17:199:42 | uBadSearchRequestSetFilter : String | LdapInjection.java:199:5:199:5 | s : SearchRequest | provenance | |
| LdapInjection.java:199:17:199:42 | uBadSearchRequestSetFilter : String | LdapInjection.java:199:5:199:5 | s : SearchRequest | provenance | Config |
| LdapInjection.java:229:30:229:54 | sBad : String | LdapInjection.java:230:36:230:55 | ... + ... | provenance | Sink:MaD:49328 |
| LdapInjection.java:229:57:229:83 | sBadDN : String | LdapInjection.java:230:14:230:33 | ... + ... | provenance | Sink:MaD:49328 |
| LdapInjection.java:234:30:234:54 | sBad : String | LdapInjection.java:235:88:235:107 | ... + ... | provenance | Sink:MaD:49318 |
| LdapInjection.java:234:57:234:92 | sBadDNLNBuilder : String | LdapInjection.java:235:48:235:76 | ... + ... : String | provenance | |
| LdapInjection.java:235:20:235:77 | newInstance(...) : LdapNameBuilder | LdapInjection.java:235:20:235:85 | build(...) | provenance | Sink:MaD:49318 |
| LdapInjection.java:235:48:235:76 | ... + ... : String | LdapInjection.java:235:20:235:77 | newInstance(...) : LdapNameBuilder | provenance | |
| LdapInjection.java:235:20:235:77 | newInstance(...) : LdapNameBuilder | LdapInjection.java:235:20:235:85 | build(...) | provenance | Config Sink:MaD:49318 |
| LdapInjection.java:235:48:235:76 | ... + ... : String | LdapInjection.java:235:20:235:77 | newInstance(...) : LdapNameBuilder | provenance | Config |
| LdapInjection.java:239:30:239:54 | sBad : String | LdapInjection.java:240:100:240:119 | ... + ... | provenance | Sink:MaD:49330 |
| LdapInjection.java:239:57:239:95 | sBadDNLNBuilderAdd : String | LdapInjection.java:240:57:240:88 | ... + ... : String | provenance | |
| LdapInjection.java:240:23:240:89 | add(...) : LdapNameBuilder | LdapInjection.java:240:23:240:97 | build(...) | provenance | Sink:MaD:49315 |
| LdapInjection.java:240:23:240:89 | add(...) : LdapNameBuilder | LdapInjection.java:240:23:240:97 | build(...) | provenance | Sink:MaD:49330 |
| LdapInjection.java:240:57:240:88 | ... + ... : String | LdapInjection.java:240:23:240:89 | add(...) : LdapNameBuilder | provenance | |
| LdapInjection.java:240:23:240:89 | add(...) : LdapNameBuilder | LdapInjection.java:240:23:240:97 | build(...) | provenance | Config Sink:MaD:49315 |
| LdapInjection.java:240:23:240:89 | add(...) : LdapNameBuilder | LdapInjection.java:240:23:240:97 | build(...) | provenance | Config Sink:MaD:49330 |
| LdapInjection.java:240:57:240:88 | ... + ... : String | LdapInjection.java:240:23:240:89 | add(...) : LdapNameBuilder | provenance | Config |
| LdapInjection.java:244:30:244:63 | sBadLdapQuery : String | LdapInjection.java:245:47:245:75 | ... + ... : String | provenance | |
| LdapInjection.java:245:47:245:75 | ... + ... : String | LdapInjection.java:245:15:245:76 | filter(...) | provenance | Sink:MaD:49327 |
| LdapInjection.java:245:47:245:75 | ... + ... : String | LdapInjection.java:245:15:245:76 | filter(...) | provenance | Config Sink:MaD:49327 |
| LdapInjection.java:249:30:249:60 | sBadFilter : String | LdapInjection.java:250:86:250:111 | ... + ... : String | provenance | |
| LdapInjection.java:249:63:249:98 | sBadDNLdapUtils : String | LdapInjection.java:250:34:250:62 | ... + ... : String | provenance | |
| LdapInjection.java:250:34:250:62 | ... + ... : String | LdapInjection.java:250:12:250:63 | newLdapName(...) | provenance | Sink:MaD:49326 |
| LdapInjection.java:250:86:250:111 | ... + ... : String | LdapInjection.java:250:66:250:112 | new HardcodedFilter(...) | provenance | Sink:MaD:49326 |
| LdapInjection.java:250:34:250:62 | ... + ... : String | LdapInjection.java:250:12:250:63 | newLdapName(...) | provenance | Config Sink:MaD:49326 |
| LdapInjection.java:250:86:250:111 | ... + ... : String | LdapInjection.java:250:66:250:112 | new HardcodedFilter(...) | provenance | Config Sink:MaD:49326 |
| LdapInjection.java:254:30:254:63 | sBadLdapQuery : String | LdapInjection.java:255:56:255:84 | ... + ... : String | provenance | |
| LdapInjection.java:255:56:255:84 | ... + ... : String | LdapInjection.java:255:24:255:85 | filter(...) | provenance | Sink:MaD:49329 |
| LdapInjection.java:255:56:255:84 | ... + ... : String | LdapInjection.java:255:24:255:85 | filter(...) | provenance | Config Sink:MaD:49329 |
| LdapInjection.java:259:30:259:64 | sBadLdapQuery2 : String | LdapInjection.java:260:51:260:80 | ... + ... : String | provenance | |
| LdapInjection.java:260:19:260:81 | filter(...) : LdapQuery | LdapInjection.java:261:24:261:24 | q | provenance | Sink:MaD:49329 |
| LdapInjection.java:260:51:260:80 | ... + ... : String | LdapInjection.java:260:19:260:81 | filter(...) : LdapQuery | provenance | |
| LdapInjection.java:260:51:260:80 | ... + ... : String | LdapInjection.java:260:19:260:81 | filter(...) : LdapQuery | provenance | Config |
| LdapInjection.java:265:30:265:73 | sBadLdapQueryWithFilter : String | LdapInjection.java:266:76:266:114 | ... + ... : String | provenance | |
| LdapInjection.java:266:56:266:115 | new HardcodedFilter(...) : HardcodedFilter | LdapInjection.java:266:24:266:116 | filter(...) | provenance | Sink:MaD:49329 |
| LdapInjection.java:266:76:266:114 | ... + ... : String | LdapInjection.java:266:56:266:115 | new HardcodedFilter(...) : HardcodedFilter | provenance | |
| LdapInjection.java:266:56:266:115 | new HardcodedFilter(...) : HardcodedFilter | LdapInjection.java:266:24:266:116 | filter(...) | provenance | Config Sink:MaD:49329 |
| LdapInjection.java:266:76:266:114 | ... + ... : String | LdapInjection.java:266:56:266:115 | new HardcodedFilter(...) : HardcodedFilter | provenance | Config |
| LdapInjection.java:270:30:270:74 | sBadLdapQueryWithFilter2 : String | LdapInjection.java:271:68:271:107 | ... + ... : String | provenance | |
| LdapInjection.java:271:48:271:108 | new HardcodedFilter(...) : HardcodedFilter | LdapInjection.java:272:56:272:56 | f : HardcodedFilter | provenance | |
| LdapInjection.java:271:68:271:107 | ... + ... : String | LdapInjection.java:271:48:271:108 | new HardcodedFilter(...) : HardcodedFilter | provenance | |
| LdapInjection.java:272:56:272:56 | f : HardcodedFilter | LdapInjection.java:272:24:272:57 | filter(...) | provenance | Sink:MaD:49329 |
| LdapInjection.java:271:68:271:107 | ... + ... : String | LdapInjection.java:271:48:271:108 | new HardcodedFilter(...) : HardcodedFilter | provenance | Config |
| LdapInjection.java:272:56:272:56 | f : HardcodedFilter | LdapInjection.java:272:24:272:57 | filter(...) | provenance | Config Sink:MaD:49329 |
| LdapInjection.java:276:31:276:68 | sBadLdapQueryBase : String | LdapInjection.java:277:42:277:58 | sBadLdapQueryBase : String | provenance | |
| LdapInjection.java:277:12:277:59 | base(...) : LdapQueryBuilder | LdapInjection.java:277:12:277:66 | base(...) | provenance | Sink:MaD:49326 |
| LdapInjection.java:277:42:277:58 | sBadLdapQueryBase : String | LdapInjection.java:277:12:277:59 | base(...) : LdapQueryBuilder | provenance | |
| LdapInjection.java:277:12:277:59 | base(...) : LdapQueryBuilder | LdapInjection.java:277:12:277:66 | base(...) | provenance | Config Sink:MaD:49326 |
| LdapInjection.java:277:42:277:58 | sBadLdapQueryBase : String | LdapInjection.java:277:12:277:59 | base(...) : LdapQueryBuilder | provenance | Config |
| LdapInjection.java:281:31:281:71 | sBadLdapQueryComplex : String | LdapInjection.java:282:54:282:73 | sBadLdapQueryComplex : String | provenance | |
| LdapInjection.java:282:24:282:74 | base(...) : LdapQueryBuilder | LdapInjection.java:282:24:282:87 | where(...) : ConditionCriteria | provenance | |
| LdapInjection.java:282:24:282:87 | where(...) : ConditionCriteria | LdapInjection.java:282:24:282:98 | is(...) | provenance | Sink:MaD:49329 |
| LdapInjection.java:282:54:282:73 | sBadLdapQueryComplex : String | LdapInjection.java:282:24:282:74 | base(...) : LdapQueryBuilder | provenance | |
| LdapInjection.java:282:24:282:74 | base(...) : LdapQueryBuilder | LdapInjection.java:282:24:282:87 | where(...) : ConditionCriteria | provenance | Config |
| LdapInjection.java:282:24:282:87 | where(...) : ConditionCriteria | LdapInjection.java:282:24:282:98 | is(...) | provenance | Config Sink:MaD:49329 |
| LdapInjection.java:282:54:282:73 | sBadLdapQueryComplex : String | LdapInjection.java:282:24:282:74 | base(...) : LdapQueryBuilder | provenance | Config |
| LdapInjection.java:286:31:286:69 | sBadFilterToString : String | LdapInjection.java:287:38:287:71 | ... + ... : String | provenance | |
| LdapInjection.java:287:18:287:72 | new HardcodedFilter(...) : HardcodedFilter | LdapInjection.java:287:18:287:83 | toString(...) | provenance | Sink:MaD:49328 |
| LdapInjection.java:287:38:287:71 | ... + ... : String | LdapInjection.java:287:18:287:72 | new HardcodedFilter(...) : HardcodedFilter | provenance | |
| LdapInjection.java:287:18:287:72 | new HardcodedFilter(...) : HardcodedFilter | LdapInjection.java:287:18:287:83 | toString(...) | provenance | Config Sink:MaD:49328 |
| LdapInjection.java:287:38:287:71 | ... + ... : String | LdapInjection.java:287:18:287:72 | new HardcodedFilter(...) : HardcodedFilter | provenance | Config |
| LdapInjection.java:291:31:291:67 | sBadFilterEncode : String | LdapInjection.java:293:25:293:56 | ... + ... : String | provenance | |
| LdapInjection.java:293:5:293:57 | new HardcodedFilter(...) : HardcodedFilter | LdapInjection.java:293:66:293:66 | s : StringBuffer | provenance | |
| LdapInjection.java:293:25:293:56 | ... + ... : String | LdapInjection.java:293:5:293:57 | new HardcodedFilter(...) : HardcodedFilter | provenance | |
| LdapInjection.java:293:5:293:57 | new HardcodedFilter(...) : HardcodedFilter | LdapInjection.java:293:66:293:66 | s : StringBuffer | provenance | Config |
| LdapInjection.java:293:25:293:56 | ... + ... : String | LdapInjection.java:293:5:293:57 | new HardcodedFilter(...) : HardcodedFilter | provenance | Config |
| LdapInjection.java:293:66:293:66 | s : StringBuffer | LdapInjection.java:294:18:294:18 | s : StringBuffer | provenance | |
| LdapInjection.java:294:18:294:18 | s : StringBuffer | LdapInjection.java:294:18:294:29 | toString(...) | provenance | MaD:42705 Sink:MaD:49328 |
| LdapInjection.java:314:30:314:54 | aBad : String | LdapInjection.java:316:36:316:55 | ... + ... | provenance | Sink:MaD:47426 |
| LdapInjection.java:314:57:314:83 | aBadDN : String | LdapInjection.java:316:14:316:33 | ... + ... | provenance | Sink:MaD:47426 |
| LdapInjection.java:320:30:320:54 | aBad : String | LdapInjection.java:322:65:322:84 | ... + ... | provenance | Sink:MaD:47426 |
| LdapInjection.java:320:57:320:94 | aBadDNObjToString : String | LdapInjection.java:322:21:322:51 | ... + ... : String | provenance | |
| LdapInjection.java:322:14:322:52 | new Dn(...) : Dn | LdapInjection.java:322:14:322:62 | getName(...) | provenance | Sink:MaD:47426 |
| LdapInjection.java:322:21:322:51 | ... + ... : String | LdapInjection.java:322:14:322:52 | new Dn(...) : Dn | provenance | |
| LdapInjection.java:322:14:322:52 | new Dn(...) : Dn | LdapInjection.java:322:14:322:62 | getName(...) | provenance | Config Sink:MaD:47426 |
| LdapInjection.java:322:21:322:51 | ... + ... : String | LdapInjection.java:322:14:322:52 | new Dn(...) : Dn | provenance | Config |
| LdapInjection.java:326:30:326:67 | aBadSearchRequest : String | LdapInjection.java:329:17:329:49 | ... + ... : String | provenance | |
| LdapInjection.java:329:5:329:5 | s : SearchRequestImpl | LdapInjection.java:330:14:330:14 | s | provenance | Sink:MaD:47426 |
| LdapInjection.java:329:17:329:49 | ... + ... : String | LdapInjection.java:329:5:329:5 | s : SearchRequestImpl | provenance | |
| LdapInjection.java:329:17:329:49 | ... + ... : String | LdapInjection.java:329:5:329:5 | s : SearchRequestImpl | provenance | Config |
| LdapInjection.java:334:74:334:103 | aBadDNObj : String | LdapInjection.java:337:22:337:44 | ... + ... : String | provenance | |
| LdapInjection.java:337:5:337:5 | s : SearchRequestImpl | LdapInjection.java:338:14:338:14 | s | provenance | Sink:MaD:47426 |
| LdapInjection.java:337:15:337:45 | new Dn(...) : Dn | LdapInjection.java:337:5:337:5 | s : SearchRequestImpl | provenance | |
| LdapInjection.java:337:22:337:44 | ... + ... : String | LdapInjection.java:337:15:337:45 | new Dn(...) : Dn | provenance | |
| LdapInjection.java:337:15:337:45 | new Dn(...) : Dn | LdapInjection.java:337:5:337:5 | s : SearchRequestImpl | provenance | Config |
| LdapInjection.java:337:22:337:44 | ... + ... : String | LdapInjection.java:337:15:337:45 | new Dn(...) : Dn | provenance | Config |
| LdapInjection.java:342:30:342:72 | aBadDNSearchRequestGet : String | LdapInjection.java:345:22:345:57 | ... + ... : String | provenance | |
| LdapInjection.java:345:5:345:5 | s : SearchRequestImpl | LdapInjection.java:346:14:346:14 | s : SearchRequestImpl | provenance | |
| LdapInjection.java:345:15:345:58 | new Dn(...) : Dn | LdapInjection.java:345:5:345:5 | s : SearchRequestImpl | provenance | |
| LdapInjection.java:345:22:345:57 | ... + ... : String | LdapInjection.java:345:15:345:58 | new Dn(...) : Dn | provenance | |
| LdapInjection.java:346:14:346:14 | s : SearchRequestImpl | LdapInjection.java:346:14:346:24 | getBase(...) | provenance | Sink:MaD:47426 |
| LdapInjection.java:345:15:345:58 | new Dn(...) : Dn | LdapInjection.java:345:5:345:5 | s : SearchRequestImpl | provenance | Config |
| LdapInjection.java:345:22:345:57 | ... + ... : String | LdapInjection.java:345:15:345:58 | new Dn(...) : Dn | provenance | Config |
| LdapInjection.java:346:14:346:14 | s : SearchRequestImpl | LdapInjection.java:346:14:346:24 | getBase(...) | provenance | Config Sink:MaD:47426 |
nodes
| LdapInjection.java:45:28:45:52 | jBad : String | semmle.label | jBad : String |
| LdapInjection.java:45:55:45:81 | jBadDN : String | semmle.label | jBadDN : String |

8
java/ql/test/query-tests/security/CWE-311/CWE-319/HttpsUrls.expected
View File

@@ -1,18 +1,18 @@
edges
| HttpsUrlsTest.java:23:23:23:31 | "http://" : String | HttpsUrlsTest.java:24:21:24:56 | ... + ... : String | provenance | |
| HttpsUrlsTest.java:24:13:24:57 | new URL(...) : URL | HttpsUrlsTest.java:28:50:28:50 | u | provenance | Sink:MaD:42929 |
| HttpsUrlsTest.java:24:21:24:56 | ... + ... : String | HttpsUrlsTest.java:24:13:24:57 | new URL(...) : URL | provenance | |
| HttpsUrlsTest.java:24:21:24:56 | ... + ... : String | HttpsUrlsTest.java:24:13:24:57 | new URL(...) : URL | provenance | Config |
| HttpsUrlsTest.java:24:21:24:56 | ... + ... : String | HttpsUrlsTest.java:24:13:24:57 | new URL(...) : URL | provenance | MaD:42962 |
| HttpsUrlsTest.java:36:23:36:28 | "http" : String | HttpsUrlsTest.java:37:21:37:28 | protocol : String | provenance | |
| HttpsUrlsTest.java:37:13:37:62 | new URL(...) : URL | HttpsUrlsTest.java:41:50:41:50 | u | provenance | Sink:MaD:42929 |
| HttpsUrlsTest.java:37:21:37:28 | protocol : String | HttpsUrlsTest.java:37:13:37:62 | new URL(...) : URL | provenance | |
| HttpsUrlsTest.java:37:21:37:28 | protocol : String | HttpsUrlsTest.java:37:13:37:62 | new URL(...) : URL | provenance | Config |
| HttpsUrlsTest.java:49:23:49:31 | "http://" : String | HttpsUrlsTest.java:51:64:51:98 | ... + ... : String | provenance | |
| HttpsUrlsTest.java:51:13:51:99 | new URL(...) : URL | HttpsUrlsTest.java:55:50:55:50 | u | provenance | Sink:MaD:42929 |
| HttpsUrlsTest.java:51:64:51:98 | ... + ... : String | HttpsUrlsTest.java:51:13:51:99 | new URL(...) : URL | provenance | |
| HttpsUrlsTest.java:51:64:51:98 | ... + ... : String | HttpsUrlsTest.java:51:13:51:99 | new URL(...) : URL | provenance | Config |
| HttpsUrlsTest.java:51:64:51:98 | ... + ... : String | HttpsUrlsTest.java:51:13:51:99 | new URL(...) : URL | provenance | MaD:42970 |
| HttpsUrlsTest.java:87:23:87:28 | "http" : String | HttpsUrlsTest.java:88:21:88:28 | protocol : String | provenance | |
| HttpsUrlsTest.java:88:13:88:52 | new URL(...) : URL | HttpsUrlsTest.java:92:50:92:50 | u | provenance | Sink:MaD:42929 |
| HttpsUrlsTest.java:88:21:88:28 | protocol : String | HttpsUrlsTest.java:88:13:88:52 | new URL(...) : URL | provenance | |
| HttpsUrlsTest.java:88:21:88:28 | protocol : String | HttpsUrlsTest.java:88:13:88:52 | new URL(...) : URL | provenance | Config |
nodes
| HttpsUrlsTest.java:23:23:23:31 | "http://" : String | semmle.label | "http://" : String |
| HttpsUrlsTest.java:24:13:24:57 | new URL(...) : URL | semmle.label | new URL(...) : URL |

4
python/ql/test/experimental/query-tests/Security/CWE-022-TarSlip/TarSlip.expected
View File

@@ -33,14 +33,14 @@ edges
| TarSlipImprov.py:141:34:141:36 | ControlFlowNode for tar | TarSlipImprov.py:142:9:142:13 | ControlFlowNode for entry | provenance | |
| TarSlipImprov.py:142:9:142:13 | ControlFlowNode for entry | TarSlipImprov.py:143:36:143:40 | ControlFlowNode for entry | provenance | |
| TarSlipImprov.py:151:14:151:50 | ControlFlowNode for closing() | TarSlipImprov.py:151:55:151:56 | ControlFlowNode for tf | provenance | |
| TarSlipImprov.py:151:22:151:49 | ControlFlowNode for Attribute() | TarSlipImprov.py:151:14:151:50 | ControlFlowNode for closing() | provenance | |
| TarSlipImprov.py:151:22:151:49 | ControlFlowNode for Attribute() | TarSlipImprov.py:151:14:151:50 | ControlFlowNode for closing() | provenance | Config |
| TarSlipImprov.py:151:55:151:56 | ControlFlowNode for tf | TarSlipImprov.py:152:19:152:20 | ControlFlowNode for tf | provenance | |
| TarSlipImprov.py:152:19:152:20 | ControlFlowNode for tf | TarSlipImprov.py:157:18:157:40 | ControlFlowNode for py2_tarxz() | provenance | |
| TarSlipImprov.py:157:9:157:14 | ControlFlowNode for tar_cm | TarSlipImprov.py:162:20:162:23 | ControlFlowNode for tarc | provenance | |
| TarSlipImprov.py:157:18:157:40 | ControlFlowNode for py2_tarxz() | TarSlipImprov.py:157:9:157:14 | ControlFlowNode for tar_cm | provenance | |
| TarSlipImprov.py:159:9:159:14 | ControlFlowNode for tar_cm | TarSlipImprov.py:162:20:162:23 | ControlFlowNode for tarc | provenance | |
| TarSlipImprov.py:159:18:159:52 | ControlFlowNode for closing() | TarSlipImprov.py:159:9:159:14 | ControlFlowNode for tar_cm | provenance | |
| TarSlipImprov.py:159:26:159:51 | ControlFlowNode for Attribute() | TarSlipImprov.py:159:18:159:52 | ControlFlowNode for closing() | provenance | |
| TarSlipImprov.py:159:26:159:51 | ControlFlowNode for Attribute() | TarSlipImprov.py:159:18:159:52 | ControlFlowNode for closing() | provenance | Config |
| TarSlipImprov.py:162:20:162:23 | ControlFlowNode for tarc | TarSlipImprov.py:169:9:169:12 | ControlFlowNode for tarc | provenance | |
| TarSlipImprov.py:176:6:176:31 | ControlFlowNode for Attribute() | TarSlipImprov.py:176:36:176:38 | ControlFlowNode for tar | provenance | |
| TarSlipImprov.py:176:36:176:38 | ControlFlowNode for tar | TarSlipImprov.py:177:9:177:13 | ControlFlowNode for entry | provenance | |

62
python/ql/test/experimental/query-tests/Security/CWE-022-UnsafeUnpacking/UnsafeUnpack.expected
View File

@@ -3,18 +3,18 @@ edges
| UnsafeUnpack.py:5:26:5:32 | ControlFlowNode for request | UnsafeUnpack.py:11:18:11:24 | ControlFlowNode for request | provenance | |
| UnsafeUnpack.py:11:7:11:14 | ControlFlowNode for filename | UnsafeUnpack.py:13:24:13:58 | ControlFlowNode for Attribute() | provenance | AdditionalTaintStep |
| UnsafeUnpack.py:11:18:11:24 | ControlFlowNode for request | UnsafeUnpack.py:11:18:11:29 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
| UnsafeUnpack.py:11:18:11:29 | ControlFlowNode for Attribute | UnsafeUnpack.py:11:18:11:49 | ControlFlowNode for Attribute() | provenance | |
| UnsafeUnpack.py:11:18:11:29 | ControlFlowNode for Attribute | UnsafeUnpack.py:11:18:11:49 | ControlFlowNode for Attribute() | provenance | Config |
| UnsafeUnpack.py:11:18:11:29 | ControlFlowNode for Attribute | UnsafeUnpack.py:11:18:11:49 | ControlFlowNode for Attribute() | provenance | dict.get |
| UnsafeUnpack.py:11:18:11:49 | ControlFlowNode for Attribute() | UnsafeUnpack.py:11:7:11:14 | ControlFlowNode for filename | provenance | |
| UnsafeUnpack.py:13:13:13:20 | ControlFlowNode for response | UnsafeUnpack.py:17:27:17:34 | ControlFlowNode for response | provenance | |
| UnsafeUnpack.py:13:24:13:58 | ControlFlowNode for Attribute() | UnsafeUnpack.py:13:13:13:20 | ControlFlowNode for response | provenance | |
| UnsafeUnpack.py:16:23:16:29 | ControlFlowNode for tarpath | UnsafeUnpack.py:19:35:19:41 | ControlFlowNode for tarpath | provenance | |
| UnsafeUnpack.py:17:19:17:19 | ControlFlowNode for f | UnsafeUnpack.py:16:23:16:29 | ControlFlowNode for tarpath | provenance | |
| UnsafeUnpack.py:17:27:17:34 | ControlFlowNode for response | UnsafeUnpack.py:17:27:17:38 | ControlFlowNode for Attribute | provenance | |
| UnsafeUnpack.py:17:19:17:19 | ControlFlowNode for f | UnsafeUnpack.py:16:23:16:29 | ControlFlowNode for tarpath | provenance | Config |
| UnsafeUnpack.py:17:27:17:34 | ControlFlowNode for response | UnsafeUnpack.py:17:27:17:38 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
| UnsafeUnpack.py:17:27:17:38 | ControlFlowNode for Attribute | UnsafeUnpack.py:17:27:17:45 | ControlFlowNode for Attribute() | provenance | |
| UnsafeUnpack.py:17:27:17:34 | ControlFlowNode for response | UnsafeUnpack.py:17:27:17:38 | ControlFlowNode for Attribute | provenance | Config |
| UnsafeUnpack.py:17:27:17:38 | ControlFlowNode for Attribute | UnsafeUnpack.py:17:27:17:45 | ControlFlowNode for Attribute() | provenance | AdditionalTaintStep |
| UnsafeUnpack.py:17:27:17:45 | ControlFlowNode for Attribute() | UnsafeUnpack.py:17:19:17:19 | ControlFlowNode for f | provenance | |
| UnsafeUnpack.py:17:27:17:38 | ControlFlowNode for Attribute | UnsafeUnpack.py:17:27:17:45 | ControlFlowNode for Attribute() | provenance | Config |
| UnsafeUnpack.py:17:27:17:45 | ControlFlowNode for Attribute() | UnsafeUnpack.py:17:19:17:19 | ControlFlowNode for f | provenance | Config |
| UnsafeUnpack.py:33:50:33:65 | ControlFlowNode for local_ziped_path | UnsafeUnpack.py:34:23:34:38 | ControlFlowNode for local_ziped_path | provenance | |
| UnsafeUnpack.py:47:20:47:34 | ControlFlowNode for compressed_file | UnsafeUnpack.py:48:23:48:37 | ControlFlowNode for compressed_file | provenance | |
| UnsafeUnpack.py:51:1:51:15 | ControlFlowNode for compressed_file | UnsafeUnpack.py:52:23:52:37 | ControlFlowNode for compressed_file | provenance | |
@@ -27,54 +27,54 @@ edges
| UnsafeUnpack.py:81:1:81:8 | ControlFlowNode for response | UnsafeUnpack.py:85:15:85:22 | ControlFlowNode for response | provenance | |
| UnsafeUnpack.py:81:12:81:50 | ControlFlowNode for Attribute() | UnsafeUnpack.py:81:1:81:8 | ControlFlowNode for response | provenance | |
| UnsafeUnpack.py:84:11:84:17 | ControlFlowNode for tarpath | UnsafeUnpack.py:87:23:87:29 | ControlFlowNode for tarpath | provenance | |
| UnsafeUnpack.py:85:7:85:7 | ControlFlowNode for f | UnsafeUnpack.py:84:11:84:17 | ControlFlowNode for tarpath | provenance | |
| UnsafeUnpack.py:85:15:85:22 | ControlFlowNode for response | UnsafeUnpack.py:85:15:85:26 | ControlFlowNode for Attribute | provenance | |
| UnsafeUnpack.py:85:7:85:7 | ControlFlowNode for f | UnsafeUnpack.py:84:11:84:17 | ControlFlowNode for tarpath | provenance | Config |
| UnsafeUnpack.py:85:15:85:22 | ControlFlowNode for response | UnsafeUnpack.py:85:15:85:26 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
| UnsafeUnpack.py:85:15:85:26 | ControlFlowNode for Attribute | UnsafeUnpack.py:85:15:85:33 | ControlFlowNode for Attribute() | provenance | |
| UnsafeUnpack.py:85:15:85:22 | ControlFlowNode for response | UnsafeUnpack.py:85:15:85:26 | ControlFlowNode for Attribute | provenance | Config |
| UnsafeUnpack.py:85:15:85:26 | ControlFlowNode for Attribute | UnsafeUnpack.py:85:15:85:33 | ControlFlowNode for Attribute() | provenance | AdditionalTaintStep |
| UnsafeUnpack.py:85:15:85:33 | ControlFlowNode for Attribute() | UnsafeUnpack.py:85:7:85:7 | ControlFlowNode for f | provenance | |
| UnsafeUnpack.py:85:15:85:26 | ControlFlowNode for Attribute | UnsafeUnpack.py:85:15:85:33 | ControlFlowNode for Attribute() | provenance | Config |
| UnsafeUnpack.py:85:15:85:33 | ControlFlowNode for Attribute() | UnsafeUnpack.py:85:7:85:7 | ControlFlowNode for f | provenance | Config |
| UnsafeUnpack.py:102:23:102:30 | ControlFlowNode for savepath | UnsafeUnpack.py:105:35:105:42 | ControlFlowNode for savepath | provenance | |
| UnsafeUnpack.py:103:23:103:27 | ControlFlowNode for chunk | UnsafeUnpack.py:104:37:104:41 | ControlFlowNode for chunk | provenance | |
| UnsafeUnpack.py:103:32:103:44 | ControlFlowNode for Attribute | UnsafeUnpack.py:103:32:103:54 | ControlFlowNode for Subscript | provenance | |
| UnsafeUnpack.py:103:32:103:54 | ControlFlowNode for Subscript | UnsafeUnpack.py:103:32:103:63 | ControlFlowNode for Attribute() | provenance | |
| UnsafeUnpack.py:103:32:103:54 | ControlFlowNode for Subscript | UnsafeUnpack.py:103:32:103:63 | ControlFlowNode for Attribute() | provenance | Config |
| UnsafeUnpack.py:103:32:103:63 | ControlFlowNode for Attribute() | UnsafeUnpack.py:103:23:103:27 | ControlFlowNode for chunk | provenance | |
| UnsafeUnpack.py:104:25:104:29 | ControlFlowNode for wfile | UnsafeUnpack.py:102:23:102:30 | ControlFlowNode for savepath | provenance | |
| UnsafeUnpack.py:104:37:104:41 | ControlFlowNode for chunk | UnsafeUnpack.py:104:25:104:29 | ControlFlowNode for wfile | provenance | |
| UnsafeUnpack.py:104:25:104:29 | ControlFlowNode for wfile | UnsafeUnpack.py:102:23:102:30 | ControlFlowNode for savepath | provenance | Config |
| UnsafeUnpack.py:104:37:104:41 | ControlFlowNode for chunk | UnsafeUnpack.py:104:25:104:29 | ControlFlowNode for wfile | provenance | AdditionalTaintStep |
| UnsafeUnpack.py:104:37:104:41 | ControlFlowNode for chunk | UnsafeUnpack.py:104:25:104:29 | ControlFlowNode for wfile | provenance | Config |
| UnsafeUnpack.py:108:13:108:18 | ControlFlowNode for myfile | UnsafeUnpack.py:111:27:111:32 | ControlFlowNode for myfile | provenance | |
| UnsafeUnpack.py:108:22:108:34 | ControlFlowNode for Attribute | UnsafeUnpack.py:108:22:108:48 | ControlFlowNode for Attribute() | provenance | |
| UnsafeUnpack.py:108:22:108:34 | ControlFlowNode for Attribute | UnsafeUnpack.py:108:22:108:48 | ControlFlowNode for Attribute() | provenance | Config |
| UnsafeUnpack.py:108:22:108:34 | ControlFlowNode for Attribute | UnsafeUnpack.py:108:22:108:48 | ControlFlowNode for Attribute() | provenance | dict.get |
| UnsafeUnpack.py:108:22:108:48 | ControlFlowNode for Attribute() | UnsafeUnpack.py:108:13:108:18 | ControlFlowNode for myfile | provenance | |
| UnsafeUnpack.py:110:18:110:26 | ControlFlowNode for file_path | UnsafeUnpack.py:112:35:112:43 | ControlFlowNode for file_path | provenance | |
| UnsafeUnpack.py:111:19:111:19 | ControlFlowNode for f | UnsafeUnpack.py:110:18:110:26 | ControlFlowNode for file_path | provenance | |
| UnsafeUnpack.py:111:27:111:32 | ControlFlowNode for myfile | UnsafeUnpack.py:111:27:111:39 | ControlFlowNode for Attribute() | provenance | |
| UnsafeUnpack.py:111:27:111:39 | ControlFlowNode for Attribute() | UnsafeUnpack.py:111:19:111:19 | ControlFlowNode for f | provenance | |
| UnsafeUnpack.py:111:19:111:19 | ControlFlowNode for f | UnsafeUnpack.py:110:18:110:26 | ControlFlowNode for file_path | provenance | Config |
| UnsafeUnpack.py:111:27:111:32 | ControlFlowNode for myfile | UnsafeUnpack.py:111:27:111:39 | ControlFlowNode for Attribute() | provenance | Config |
| UnsafeUnpack.py:111:27:111:39 | ControlFlowNode for Attribute() | UnsafeUnpack.py:111:19:111:19 | ControlFlowNode for f | provenance | Config |
| UnsafeUnpack.py:116:17:116:21 | ControlFlowNode for ufile | UnsafeUnpack.py:118:38:118:42 | ControlFlowNode for ufile | provenance | |
| UnsafeUnpack.py:116:27:116:39 | ControlFlowNode for Attribute | UnsafeUnpack.py:116:27:116:49 | ControlFlowNode for Attribute() | provenance | |
| UnsafeUnpack.py:116:27:116:39 | ControlFlowNode for Attribute | UnsafeUnpack.py:116:27:116:49 | ControlFlowNode for Attribute() | provenance | Config |
| UnsafeUnpack.py:116:27:116:49 | ControlFlowNode for Attribute() | UnsafeUnpack.py:116:17:116:21 | ControlFlowNode for ufile | provenance | |
| UnsafeUnpack.py:118:19:118:26 | ControlFlowNode for filename | UnsafeUnpack.py:119:48:119:55 | ControlFlowNode for filename | provenance | |
| UnsafeUnpack.py:118:30:118:55 | ControlFlowNode for Attribute() | UnsafeUnpack.py:118:19:118:26 | ControlFlowNode for filename | provenance | |
| UnsafeUnpack.py:118:38:118:42 | ControlFlowNode for ufile | UnsafeUnpack.py:118:38:118:47 | ControlFlowNode for Attribute | provenance | |
| UnsafeUnpack.py:118:38:118:47 | ControlFlowNode for Attribute | UnsafeUnpack.py:118:30:118:55 | ControlFlowNode for Attribute() | provenance | |
| UnsafeUnpack.py:118:38:118:42 | ControlFlowNode for ufile | UnsafeUnpack.py:118:38:118:47 | ControlFlowNode for Attribute | provenance | Config |
| UnsafeUnpack.py:118:38:118:47 | ControlFlowNode for Attribute | UnsafeUnpack.py:118:30:118:55 | ControlFlowNode for Attribute() | provenance | Config |
| UnsafeUnpack.py:119:19:119:36 | ControlFlowNode for uploaded_file_path | UnsafeUnpack.py:120:41:120:58 | ControlFlowNode for uploaded_file_path | provenance | |
| UnsafeUnpack.py:119:40:119:56 | ControlFlowNode for Attribute() | UnsafeUnpack.py:119:19:119:36 | ControlFlowNode for uploaded_file_path | provenance | |
| UnsafeUnpack.py:119:48:119:55 | ControlFlowNode for filename | UnsafeUnpack.py:119:40:119:56 | ControlFlowNode for Attribute() | provenance | |
| UnsafeUnpack.py:119:48:119:55 | ControlFlowNode for filename | UnsafeUnpack.py:119:40:119:56 | ControlFlowNode for Attribute() | provenance | Config |
| UnsafeUnpack.py:140:1:140:19 | ControlFlowNode for unsafe_filename_tar | UnsafeUnpack.py:141:22:141:40 | ControlFlowNode for unsafe_filename_tar | provenance | |
| UnsafeUnpack.py:140:23:140:35 | ControlFlowNode for Attribute | UnsafeUnpack.py:140:1:140:19 | ControlFlowNode for unsafe_filename_tar | provenance | |
| UnsafeUnpack.py:141:6:141:51 | ControlFlowNode for Attribute() | UnsafeUnpack.py:141:56:141:58 | ControlFlowNode for tar | provenance | |
| UnsafeUnpack.py:141:22:141:40 | ControlFlowNode for unsafe_filename_tar | UnsafeUnpack.py:141:6:141:51 | ControlFlowNode for Attribute() | provenance | |
| UnsafeUnpack.py:141:22:141:40 | ControlFlowNode for unsafe_filename_tar | UnsafeUnpack.py:141:6:141:51 | ControlFlowNode for Attribute() | provenance | Config |
| UnsafeUnpack.py:141:56:141:58 | ControlFlowNode for tar | UnsafeUnpack.py:142:49:142:51 | ControlFlowNode for tar | provenance | |
| UnsafeUnpack.py:157:23:157:30 | ControlFlowNode for savepath | UnsafeUnpack.py:161:38:161:45 | ControlFlowNode for savepath | provenance | |
| UnsafeUnpack.py:158:23:158:27 | ControlFlowNode for chunk | UnsafeUnpack.py:159:37:159:41 | ControlFlowNode for chunk | provenance | |
| UnsafeUnpack.py:158:32:158:44 | ControlFlowNode for Attribute | UnsafeUnpack.py:158:32:158:54 | ControlFlowNode for Subscript | provenance | |
| UnsafeUnpack.py:158:32:158:54 | ControlFlowNode for Subscript | UnsafeUnpack.py:158:32:158:63 | ControlFlowNode for Attribute() | provenance | |
| UnsafeUnpack.py:158:32:158:54 | ControlFlowNode for Subscript | UnsafeUnpack.py:158:32:158:63 | ControlFlowNode for Attribute() | provenance | Config |
| UnsafeUnpack.py:158:32:158:63 | ControlFlowNode for Attribute() | UnsafeUnpack.py:158:23:158:27 | ControlFlowNode for chunk | provenance | |
| UnsafeUnpack.py:159:25:159:29 | ControlFlowNode for wfile | UnsafeUnpack.py:157:23:157:30 | ControlFlowNode for savepath | provenance | |
| UnsafeUnpack.py:159:37:159:41 | ControlFlowNode for chunk | UnsafeUnpack.py:159:25:159:29 | ControlFlowNode for wfile | provenance | |
| UnsafeUnpack.py:159:25:159:29 | ControlFlowNode for wfile | UnsafeUnpack.py:157:23:157:30 | ControlFlowNode for savepath | provenance | Config |
| UnsafeUnpack.py:159:37:159:41 | ControlFlowNode for chunk | UnsafeUnpack.py:159:25:159:29 | ControlFlowNode for wfile | provenance | AdditionalTaintStep |
| UnsafeUnpack.py:159:37:159:41 | ControlFlowNode for chunk | UnsafeUnpack.py:159:25:159:29 | ControlFlowNode for wfile | provenance | Config |
| UnsafeUnpack.py:161:19:161:21 | ControlFlowNode for tar | UnsafeUnpack.py:163:33:163:35 | ControlFlowNode for tar | provenance | |
| UnsafeUnpack.py:161:25:161:46 | ControlFlowNode for Attribute() | UnsafeUnpack.py:161:19:161:21 | ControlFlowNode for tar | provenance | |
| UnsafeUnpack.py:161:38:161:45 | ControlFlowNode for savepath | UnsafeUnpack.py:161:25:161:46 | ControlFlowNode for Attribute() | provenance | |
| UnsafeUnpack.py:161:38:161:45 | ControlFlowNode for savepath | UnsafeUnpack.py:161:25:161:46 | ControlFlowNode for Attribute() | provenance | Config |
| UnsafeUnpack.py:163:23:163:28 | ControlFlowNode for member | UnsafeUnpack.py:166:37:166:42 | ControlFlowNode for member | provenance | |
| UnsafeUnpack.py:163:33:163:35 | ControlFlowNode for tar | UnsafeUnpack.py:163:23:163:28 | ControlFlowNode for member | provenance | |
| UnsafeUnpack.py:166:23:166:28 | [post] ControlFlowNode for result | UnsafeUnpack.py:167:67:167:72 | ControlFlowNode for result | provenance | |
@@ -82,15 +82,15 @@ edges
| UnsafeUnpack.py:171:1:171:8 | ControlFlowNode for response | UnsafeUnpack.py:174:15:174:22 | ControlFlowNode for response | provenance | |
| UnsafeUnpack.py:171:12:171:50 | ControlFlowNode for Attribute() | UnsafeUnpack.py:171:1:171:8 | ControlFlowNode for response | provenance | |
| UnsafeUnpack.py:173:11:173:17 | ControlFlowNode for tarpath | UnsafeUnpack.py:176:17:176:23 | ControlFlowNode for tarpath | provenance | |
| UnsafeUnpack.py:174:7:174:7 | ControlFlowNode for f | UnsafeUnpack.py:173:11:173:17 | ControlFlowNode for tarpath | provenance | |
| UnsafeUnpack.py:174:15:174:22 | ControlFlowNode for response | UnsafeUnpack.py:174:15:174:26 | ControlFlowNode for Attribute | provenance | |
| UnsafeUnpack.py:174:7:174:7 | ControlFlowNode for f | UnsafeUnpack.py:173:11:173:17 | ControlFlowNode for tarpath | provenance | Config |
| UnsafeUnpack.py:174:15:174:22 | ControlFlowNode for response | UnsafeUnpack.py:174:15:174:26 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
| UnsafeUnpack.py:174:15:174:26 | ControlFlowNode for Attribute | UnsafeUnpack.py:174:15:174:33 | ControlFlowNode for Attribute() | provenance | |
| UnsafeUnpack.py:174:15:174:22 | ControlFlowNode for response | UnsafeUnpack.py:174:15:174:26 | ControlFlowNode for Attribute | provenance | Config |
| UnsafeUnpack.py:174:15:174:26 | ControlFlowNode for Attribute | UnsafeUnpack.py:174:15:174:33 | ControlFlowNode for Attribute() | provenance | AdditionalTaintStep |
| UnsafeUnpack.py:174:15:174:33 | ControlFlowNode for Attribute() | UnsafeUnpack.py:174:7:174:7 | ControlFlowNode for f | provenance | |
| UnsafeUnpack.py:176:17:176:23 | ControlFlowNode for tarpath | UnsafeUnpack.py:176:1:176:34 | ControlFlowNode for Attribute() | provenance | |
| UnsafeUnpack.py:174:15:174:26 | ControlFlowNode for Attribute | UnsafeUnpack.py:174:15:174:33 | ControlFlowNode for Attribute() | provenance | Config |
| UnsafeUnpack.py:174:15:174:33 | ControlFlowNode for Attribute() | UnsafeUnpack.py:174:7:174:7 | ControlFlowNode for f | provenance | Config |
| UnsafeUnpack.py:176:17:176:23 | ControlFlowNode for tarpath | UnsafeUnpack.py:176:1:176:34 | ControlFlowNode for Attribute() | provenance | Config |
| UnsafeUnpack.py:194:53:194:55 | ControlFlowNode for tmp | UnsafeUnpack.py:201:29:201:31 | ControlFlowNode for tmp | provenance | |
| UnsafeUnpack.py:201:29:201:31 | ControlFlowNode for tmp | UnsafeUnpack.py:201:29:201:36 | ControlFlowNode for Attribute | provenance | |
| UnsafeUnpack.py:201:29:201:31 | ControlFlowNode for tmp | UnsafeUnpack.py:201:29:201:36 | ControlFlowNode for Attribute | provenance | Config |
nodes
| UnsafeUnpack.py:5:26:5:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
| UnsafeUnpack.py:5:26:5:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |

2
python/ql/test/experimental/query-tests/Security/CWE-074-paramiko/paramiko.expected
View File

@@ -2,7 +2,7 @@ edges
| paramiko.py:15:21:15:23 | ControlFlowNode for cmd | paramiko.py:16:62:16:64 | ControlFlowNode for cmd | provenance | |
| paramiko.py:20:21:20:23 | ControlFlowNode for cmd | paramiko.py:21:70:21:72 | ControlFlowNode for cmd | provenance | |
| paramiko.py:25:21:25:23 | ControlFlowNode for cmd | paramiko.py:26:136:26:138 | ControlFlowNode for cmd | provenance | |
| paramiko.py:26:136:26:138 | ControlFlowNode for cmd | paramiko.py:26:114:26:139 | ControlFlowNode for Attribute() | provenance | |
| paramiko.py:26:136:26:138 | ControlFlowNode for cmd | paramiko.py:26:114:26:139 | ControlFlowNode for Attribute() | provenance | Config |
nodes
| paramiko.py:15:21:15:23 | ControlFlowNode for cmd | semmle.label | ControlFlowNode for cmd |
| paramiko.py:16:62:16:64 | ControlFlowNode for cmd | semmle.label | ControlFlowNode for cmd |

2
python/ql/test/experimental/query-tests/Security/CWE-079/EmailXss.expected
View File

@@ -13,7 +13,7 @@ edges
| sendgrid_mail.py:1:19:1:25 | ControlFlowNode for request | sendgrid_mail.py:37:41:37:47 | ControlFlowNode for request | provenance | |
| sendgrid_mail.py:14:22:14:28 | ControlFlowNode for request | sendgrid_mail.py:14:22:14:49 | ControlFlowNode for Subscript | provenance | AdditionalTaintStep |
| sendgrid_mail.py:26:34:26:40 | ControlFlowNode for request | sendgrid_mail.py:26:34:26:61 | ControlFlowNode for Subscript | provenance | AdditionalTaintStep |
| sendgrid_mail.py:26:34:26:61 | ControlFlowNode for Subscript | sendgrid_mail.py:26:22:26:62 | ControlFlowNode for HtmlContent() | provenance | |
| sendgrid_mail.py:26:34:26:61 | ControlFlowNode for Subscript | sendgrid_mail.py:26:22:26:62 | ControlFlowNode for HtmlContent() | provenance | Config |
| sendgrid_mail.py:37:41:37:47 | ControlFlowNode for request | sendgrid_mail.py:37:41:37:68 | ControlFlowNode for Subscript | provenance | AdditionalTaintStep |
| sendgrid_via_mail_send_post_request_body_bad.py:3:19:3:25 | ControlFlowNode for ImportMember | sendgrid_via_mail_send_post_request_body_bad.py:3:19:3:25 | ControlFlowNode for request | provenance | |
| sendgrid_via_mail_send_post_request_body_bad.py:3:19:3:25 | ControlFlowNode for request | sendgrid_via_mail_send_post_request_body_bad.py:16:51:16:57 | ControlFlowNode for request | provenance | |

12
python/ql/test/experimental/query-tests/Security/CWE-091-XsltInjection/XsltInjection.expected
View File

@@ -7,7 +7,7 @@ edges
| xslt.py:10:17:10:43 | ControlFlowNode for Attribute() | xslt.py:10:5:10:13 | ControlFlowNode for xsltQuery | provenance | |
| xslt.py:11:5:11:13 | ControlFlowNode for xslt_root | xslt.py:14:29:14:37 | ControlFlowNode for xslt_root | provenance | |
| xslt.py:11:17:11:36 | ControlFlowNode for Attribute() | xslt.py:11:5:11:13 | ControlFlowNode for xslt_root | provenance | |
| xslt.py:11:27:11:35 | ControlFlowNode for xsltQuery | xslt.py:11:17:11:36 | ControlFlowNode for Attribute() | provenance | |
| xslt.py:11:27:11:35 | ControlFlowNode for xsltQuery | xslt.py:11:17:11:36 | ControlFlowNode for Attribute() | provenance | Config |
| xslt.py:11:27:11:35 | ControlFlowNode for xsltQuery | xslt.py:11:17:11:36 | ControlFlowNode for Attribute() | provenance | Decoding-XML |
| xsltInjection.py:3:26:3:32 | ControlFlowNode for ImportMember | xsltInjection.py:3:26:3:32 | ControlFlowNode for request | provenance | |
| xsltInjection.py:3:26:3:32 | ControlFlowNode for request | xsltInjection.py:10:17:10:23 | ControlFlowNode for request | provenance | |
@@ -21,7 +21,7 @@ edges
| xsltInjection.py:10:17:10:43 | ControlFlowNode for Attribute() | xsltInjection.py:10:5:10:13 | ControlFlowNode for xsltQuery | provenance | |
| xsltInjection.py:11:5:11:13 | ControlFlowNode for xslt_root | xsltInjection.py:12:28:12:36 | ControlFlowNode for xslt_root | provenance | |
| xsltInjection.py:11:17:11:36 | ControlFlowNode for Attribute() | xsltInjection.py:11:5:11:13 | ControlFlowNode for xslt_root | provenance | |
| xsltInjection.py:11:27:11:35 | ControlFlowNode for xsltQuery | xsltInjection.py:11:17:11:36 | ControlFlowNode for Attribute() | provenance | |
| xsltInjection.py:11:27:11:35 | ControlFlowNode for xsltQuery | xsltInjection.py:11:17:11:36 | ControlFlowNode for Attribute() | provenance | Config |
| xsltInjection.py:11:27:11:35 | ControlFlowNode for xsltQuery | xsltInjection.py:11:17:11:36 | ControlFlowNode for Attribute() | provenance | Decoding-XML |
| xsltInjection.py:17:5:17:13 | ControlFlowNode for xsltQuery | xsltInjection.py:18:27:18:35 | ControlFlowNode for xsltQuery | provenance | |
| xsltInjection.py:17:17:17:23 | ControlFlowNode for request | xsltInjection.py:17:17:17:28 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
@@ -29,7 +29,7 @@ edges
| xsltInjection.py:17:17:17:43 | ControlFlowNode for Attribute() | xsltInjection.py:17:5:17:13 | ControlFlowNode for xsltQuery | provenance | |
| xsltInjection.py:18:5:18:13 | ControlFlowNode for xslt_root | xsltInjection.py:21:29:21:37 | ControlFlowNode for xslt_root | provenance | |
| xsltInjection.py:18:17:18:36 | ControlFlowNode for Attribute() | xsltInjection.py:18:5:18:13 | ControlFlowNode for xslt_root | provenance | |
| xsltInjection.py:18:27:18:35 | ControlFlowNode for xsltQuery | xsltInjection.py:18:17:18:36 | ControlFlowNode for Attribute() | provenance | |
| xsltInjection.py:18:27:18:35 | ControlFlowNode for xsltQuery | xsltInjection.py:18:17:18:36 | ControlFlowNode for Attribute() | provenance | Config |
| xsltInjection.py:18:27:18:35 | ControlFlowNode for xsltQuery | xsltInjection.py:18:17:18:36 | ControlFlowNode for Attribute() | provenance | Decoding-XML |
| xsltInjection.py:26:5:26:13 | ControlFlowNode for xsltQuery | xsltInjection.py:27:27:27:35 | ControlFlowNode for xsltQuery | provenance | |
| xsltInjection.py:26:17:26:23 | ControlFlowNode for request | xsltInjection.py:26:17:26:28 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
@@ -37,7 +37,7 @@ edges
| xsltInjection.py:26:17:26:43 | ControlFlowNode for Attribute() | xsltInjection.py:26:5:26:13 | ControlFlowNode for xsltQuery | provenance | |
| xsltInjection.py:27:5:27:13 | ControlFlowNode for xslt_root | xsltInjection.py:31:24:31:32 | ControlFlowNode for xslt_root | provenance | |
| xsltInjection.py:27:17:27:36 | ControlFlowNode for Attribute() | xsltInjection.py:27:5:27:13 | ControlFlowNode for xslt_root | provenance | |
| xsltInjection.py:27:27:27:35 | ControlFlowNode for xsltQuery | xsltInjection.py:27:17:27:36 | ControlFlowNode for Attribute() | provenance | |
| xsltInjection.py:27:27:27:35 | ControlFlowNode for xsltQuery | xsltInjection.py:27:17:27:36 | ControlFlowNode for Attribute() | provenance | Config |
| xsltInjection.py:27:27:27:35 | ControlFlowNode for xsltQuery | xsltInjection.py:27:17:27:36 | ControlFlowNode for Attribute() | provenance | Decoding-XML |
| xsltInjection.py:35:5:35:13 | ControlFlowNode for xsltQuery | xsltInjection.py:36:34:36:42 | ControlFlowNode for xsltQuery | provenance | |
| xsltInjection.py:35:17:35:23 | ControlFlowNode for request | xsltInjection.py:35:17:35:28 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
@@ -45,7 +45,7 @@ edges
| xsltInjection.py:35:17:35:43 | ControlFlowNode for Attribute() | xsltInjection.py:35:5:35:13 | ControlFlowNode for xsltQuery | provenance | |
| xsltInjection.py:36:5:36:13 | ControlFlowNode for xslt_root | xsltInjection.py:40:24:40:32 | ControlFlowNode for xslt_root | provenance | |
| xsltInjection.py:36:17:36:43 | ControlFlowNode for Attribute() | xsltInjection.py:36:5:36:13 | ControlFlowNode for xslt_root | provenance | |
| xsltInjection.py:36:34:36:42 | ControlFlowNode for xsltQuery | xsltInjection.py:36:17:36:43 | ControlFlowNode for Attribute() | provenance | |
| xsltInjection.py:36:34:36:42 | ControlFlowNode for xsltQuery | xsltInjection.py:36:17:36:43 | ControlFlowNode for Attribute() | provenance | Config |
| xsltInjection.py:36:34:36:42 | ControlFlowNode for xsltQuery | xsltInjection.py:36:17:36:43 | ControlFlowNode for Attribute() | provenance | Decoding-XML |
| xsltInjection.py:44:5:44:13 | ControlFlowNode for xsltQuery | xsltInjection.py:45:5:45:15 | ControlFlowNode for xsltStrings | provenance | |
| xsltInjection.py:44:17:44:23 | ControlFlowNode for request | xsltInjection.py:44:17:44:28 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
@@ -54,7 +54,7 @@ edges
| xsltInjection.py:45:5:45:15 | ControlFlowNode for xsltStrings | xsltInjection.py:46:38:46:48 | ControlFlowNode for xsltStrings | provenance | |
| xsltInjection.py:46:5:46:13 | ControlFlowNode for xslt_root | xsltInjection.py:50:24:50:32 | ControlFlowNode for xslt_root | provenance | |
| xsltInjection.py:46:17:46:49 | ControlFlowNode for Attribute() | xsltInjection.py:46:5:46:13 | ControlFlowNode for xslt_root | provenance | |
| xsltInjection.py:46:38:46:48 | ControlFlowNode for xsltStrings | xsltInjection.py:46:17:46:49 | ControlFlowNode for Attribute() | provenance | |
| xsltInjection.py:46:38:46:48 | ControlFlowNode for xsltStrings | xsltInjection.py:46:17:46:49 | ControlFlowNode for Attribute() | provenance | Config |
| xsltInjection.py:46:38:46:48 | ControlFlowNode for xsltStrings | xsltInjection.py:46:17:46:49 | ControlFlowNode for Attribute() | provenance | Decoding-XML |
nodes
| xslt.py:3:26:3:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |

4
python/ql/test/experimental/query-tests/Security/CWE-176/UnicodeBypassValidation.expected
View File

@@ -6,12 +6,12 @@ edges
| samples.py:9:18:9:47 | ControlFlowNode for escape() | samples.py:9:5:9:14 | ControlFlowNode for user_input | provenance | |
| samples.py:9:25:9:31 | ControlFlowNode for request | samples.py:9:25:9:36 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
| samples.py:9:25:9:36 | ControlFlowNode for Attribute | samples.py:9:25:9:46 | ControlFlowNode for Attribute() | provenance | dict.get |
| samples.py:9:25:9:46 | ControlFlowNode for Attribute() | samples.py:9:18:9:47 | ControlFlowNode for escape() | provenance | |
| samples.py:9:25:9:46 | ControlFlowNode for Attribute() | samples.py:9:18:9:47 | ControlFlowNode for escape() | provenance | Config |
| samples.py:16:5:16:14 | ControlFlowNode for user_input | samples.py:20:62:20:71 | ControlFlowNode for user_input | provenance | |
| samples.py:16:18:16:47 | ControlFlowNode for escape() | samples.py:16:5:16:14 | ControlFlowNode for user_input | provenance | |
| samples.py:16:25:16:31 | ControlFlowNode for request | samples.py:16:25:16:36 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
| samples.py:16:25:16:36 | ControlFlowNode for Attribute | samples.py:16:25:16:46 | ControlFlowNode for Attribute() | provenance | dict.get |
| samples.py:16:25:16:46 | ControlFlowNode for Attribute() | samples.py:16:18:16:47 | ControlFlowNode for escape() | provenance | |
| samples.py:16:25:16:46 | ControlFlowNode for Attribute() | samples.py:16:18:16:47 | ControlFlowNode for escape() | provenance | Config |
nodes
| samples.py:2:26:2:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
| samples.py:2:26:2:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |

20
python/ql/test/experimental/query-tests/Security/CWE-327-UnsafeUsageOfClientSideEncryptionVersion/UnsafeUsageOfClientSideEncryptionVersion.expected
View File

@@ -4,38 +4,38 @@ edges
| test.py:3:1:3:3 | ControlFlowNode for BSC | test.py:66:19:66:21 | ControlFlowNode for BSC | provenance | |
| test.py:3:7:3:51 | ControlFlowNode for Attribute() | test.py:3:1:3:3 | ControlFlowNode for BSC | provenance | |
| test.py:7:5:7:15 | ControlFlowNode for blob_client | test.py:8:5:8:15 | ControlFlowNode for blob_client | provenance | |
| test.py:7:19:7:21 | ControlFlowNode for BSC | test.py:7:19:7:42 | ControlFlowNode for Attribute() | provenance | |
| test.py:7:19:7:21 | ControlFlowNode for BSC | test.py:7:19:7:42 | ControlFlowNode for Attribute() | provenance | Config |
| test.py:7:19:7:42 | ControlFlowNode for Attribute() | test.py:7:5:7:15 | ControlFlowNode for blob_client | provenance | |
| test.py:8:5:8:15 | ControlFlowNode for blob_client | test.py:9:5:9:15 | ControlFlowNode for blob_client | provenance | |
| test.py:9:5:9:15 | ControlFlowNode for blob_client | test.py:9:5:9:15 | [post] ControlFlowNode for blob_client | provenance | |
| test.py:9:5:9:15 | ControlFlowNode for blob_client | test.py:9:5:9:15 | [post] ControlFlowNode for blob_client | provenance | Config |
| test.py:9:5:9:15 | [post] ControlFlowNode for blob_client | test.py:11:9:11:19 | ControlFlowNode for blob_client | provenance | |
| test.py:15:5:15:23 | ControlFlowNode for blob_service_client | test.py:16:5:16:23 | ControlFlowNode for blob_service_client | provenance | |
| test.py:15:27:15:71 | ControlFlowNode for Attribute() | test.py:15:5:15:23 | ControlFlowNode for blob_service_client | provenance | |
| test.py:16:5:16:23 | ControlFlowNode for blob_service_client | test.py:17:5:17:23 | ControlFlowNode for blob_service_client | provenance | |
| test.py:17:5:17:23 | ControlFlowNode for blob_service_client | test.py:17:5:17:23 | [post] ControlFlowNode for blob_service_client | provenance | |
| test.py:17:5:17:23 | ControlFlowNode for blob_service_client | test.py:17:5:17:23 | [post] ControlFlowNode for blob_service_client | provenance | Config |
| test.py:17:5:17:23 | [post] ControlFlowNode for blob_service_client | test.py:19:19:19:37 | ControlFlowNode for blob_service_client | provenance | |
| test.py:19:5:19:15 | ControlFlowNode for blob_client | test.py:21:9:21:19 | ControlFlowNode for blob_client | provenance | |
| test.py:19:19:19:37 | ControlFlowNode for blob_service_client | test.py:19:19:19:58 | ControlFlowNode for Attribute() | provenance | |
| test.py:19:19:19:37 | ControlFlowNode for blob_service_client | test.py:19:19:19:58 | ControlFlowNode for Attribute() | provenance | Config |
| test.py:19:19:19:58 | ControlFlowNode for Attribute() | test.py:19:5:19:15 | ControlFlowNode for blob_client | provenance | |
| test.py:25:5:25:20 | ControlFlowNode for container_client | test.py:26:5:26:20 | ControlFlowNode for container_client | provenance | |
| test.py:25:24:25:66 | ControlFlowNode for Attribute() | test.py:25:5:25:20 | ControlFlowNode for container_client | provenance | |
| test.py:26:5:26:20 | ControlFlowNode for container_client | test.py:27:5:27:20 | ControlFlowNode for container_client | provenance | |
| test.py:27:5:27:20 | ControlFlowNode for container_client | test.py:27:5:27:20 | [post] ControlFlowNode for container_client | provenance | |
| test.py:27:5:27:20 | ControlFlowNode for container_client | test.py:27:5:27:20 | [post] ControlFlowNode for container_client | provenance | Config |
| test.py:27:5:27:20 | [post] ControlFlowNode for container_client | test.py:29:19:29:34 | ControlFlowNode for container_client | provenance | |
| test.py:29:5:29:15 | ControlFlowNode for blob_client | test.py:31:9:31:19 | ControlFlowNode for blob_client | provenance | |
| test.py:29:19:29:34 | ControlFlowNode for container_client | test.py:29:19:29:55 | ControlFlowNode for Attribute() | provenance | |
| test.py:29:19:29:34 | ControlFlowNode for container_client | test.py:29:19:29:55 | ControlFlowNode for Attribute() | provenance | Config |
| test.py:29:19:29:55 | ControlFlowNode for Attribute() | test.py:29:5:29:15 | ControlFlowNode for blob_client | provenance | |
| test.py:35:5:35:15 | ControlFlowNode for blob_client | test.py:36:5:36:15 | ControlFlowNode for blob_client | provenance | |
| test.py:35:19:35:21 | ControlFlowNode for BSC | test.py:35:19:35:42 | ControlFlowNode for Attribute() | provenance | |
| test.py:35:19:35:21 | ControlFlowNode for BSC | test.py:35:19:35:42 | ControlFlowNode for Attribute() | provenance | Config |
| test.py:35:19:35:42 | ControlFlowNode for Attribute() | test.py:35:5:35:15 | ControlFlowNode for blob_client | provenance | |
| test.py:36:5:36:15 | ControlFlowNode for blob_client | test.py:37:5:37:15 | ControlFlowNode for blob_client | provenance | |
| test.py:37:5:37:15 | ControlFlowNode for blob_client | test.py:37:5:37:15 | [post] ControlFlowNode for blob_client | provenance | |
| test.py:37:5:37:15 | ControlFlowNode for blob_client | test.py:37:5:37:15 | [post] ControlFlowNode for blob_client | provenance | Config |
| test.py:37:5:37:15 | [post] ControlFlowNode for blob_client | test.py:43:9:43:19 | ControlFlowNode for blob_client | provenance | |
| test.py:66:5:66:15 | ControlFlowNode for blob_client | test.py:67:5:67:15 | ControlFlowNode for blob_client | provenance | |
| test.py:66:19:66:21 | ControlFlowNode for BSC | test.py:66:19:66:42 | ControlFlowNode for Attribute() | provenance | |
| test.py:66:19:66:21 | ControlFlowNode for BSC | test.py:66:19:66:42 | ControlFlowNode for Attribute() | provenance | Config |
| test.py:66:19:66:42 | ControlFlowNode for Attribute() | test.py:66:5:66:15 | ControlFlowNode for blob_client | provenance | |
| test.py:67:5:67:15 | ControlFlowNode for blob_client | test.py:68:5:68:15 | ControlFlowNode for blob_client | provenance | |
| test.py:68:5:68:15 | ControlFlowNode for blob_client | test.py:68:5:68:15 | [post] ControlFlowNode for blob_client | provenance | |
| test.py:68:5:68:15 | ControlFlowNode for blob_client | test.py:68:5:68:15 | [post] ControlFlowNode for blob_client | provenance | Config |
| test.py:68:5:68:15 | [post] ControlFlowNode for blob_client | test.py:69:12:69:22 | ControlFlowNode for blob_client | provenance | |
| test.py:69:12:69:22 | ControlFlowNode for blob_client | test.py:73:10:73:33 | ControlFlowNode for get_unsafe_blob_client() | provenance | |
| test.py:73:5:73:6 | ControlFlowNode for bc | test.py:75:9:75:10 | ControlFlowNode for bc | provenance | |

20
python/ql/test/experimental/query-tests/Security/CWE-409/DecompressionBombs.expected
View File

@@ -1,24 +1,24 @@
edges
| test.py:10:16:10:24 | ControlFlowNode for file_path | test.py:11:21:11:29 | ControlFlowNode for file_path | provenance | |
| test.py:11:21:11:29 | ControlFlowNode for file_path | test.py:11:5:11:52 | ControlFlowNode for Attribute() | provenance | |
| test.py:11:21:11:29 | ControlFlowNode for file_path | test.py:11:5:11:52 | ControlFlowNode for Attribute() | provenance | Config |
| test.py:11:21:11:29 | ControlFlowNode for file_path | test.py:12:21:12:29 | ControlFlowNode for file_path | provenance | |
| test.py:12:21:12:29 | ControlFlowNode for file_path | test.py:12:5:12:48 | ControlFlowNode for Attribute() | provenance | |
| test.py:12:21:12:29 | ControlFlowNode for file_path | test.py:12:5:12:48 | ControlFlowNode for Attribute() | provenance | Config |
| test.py:12:21:12:29 | ControlFlowNode for file_path | test.py:14:26:14:34 | ControlFlowNode for file_path | provenance | |
| test.py:14:26:14:34 | ControlFlowNode for file_path | test.py:15:14:15:29 | ControlFlowNode for Attribute() | provenance | |
| test.py:14:26:14:34 | ControlFlowNode for file_path | test.py:15:14:15:29 | ControlFlowNode for Attribute() | provenance | Config |
| test.py:14:26:14:34 | ControlFlowNode for file_path | test.py:18:26:18:34 | ControlFlowNode for file_path | provenance | |
| test.py:18:26:18:34 | ControlFlowNode for file_path | test.py:19:14:19:39 | ControlFlowNode for Attribute() | provenance | |
| test.py:18:26:18:34 | ControlFlowNode for file_path | test.py:19:14:19:39 | ControlFlowNode for Attribute() | provenance | Config |
| test.py:18:26:18:34 | ControlFlowNode for file_path | test.py:22:21:22:29 | ControlFlowNode for file_path | provenance | |
| test.py:22:21:22:29 | ControlFlowNode for file_path | test.py:22:5:22:60 | ControlFlowNode for Attribute() | provenance | |
| test.py:22:21:22:29 | ControlFlowNode for file_path | test.py:22:5:22:60 | ControlFlowNode for Attribute() | provenance | Config |
| test.py:22:21:22:29 | ControlFlowNode for file_path | test.py:24:18:24:26 | ControlFlowNode for file_path | provenance | |
| test.py:24:18:24:26 | ControlFlowNode for file_path | test.py:24:5:24:52 | ControlFlowNode for Attribute() | provenance | |
| test.py:24:18:24:26 | ControlFlowNode for file_path | test.py:24:5:24:52 | ControlFlowNode for Attribute() | provenance | Config |
| test.py:24:18:24:26 | ControlFlowNode for file_path | test.py:25:26:25:34 | ControlFlowNode for file_path | provenance | |
| test.py:25:26:25:34 | ControlFlowNode for file_path | test.py:25:5:25:55 | ControlFlowNode for Attribute() | provenance | |
| test.py:25:26:25:34 | ControlFlowNode for file_path | test.py:25:5:25:55 | ControlFlowNode for Attribute() | provenance | Config |
| test.py:25:26:25:34 | ControlFlowNode for file_path | test.py:26:28:26:36 | ControlFlowNode for file_path | provenance | |
| test.py:26:28:26:36 | ControlFlowNode for file_path | test.py:26:5:26:57 | ControlFlowNode for Attribute() | provenance | |
| test.py:26:28:26:36 | ControlFlowNode for file_path | test.py:26:5:26:57 | ControlFlowNode for Attribute() | provenance | Config |
| test.py:26:28:26:36 | ControlFlowNode for file_path | test.py:27:28:27:36 | ControlFlowNode for file_path | provenance | |
| test.py:27:28:27:36 | ControlFlowNode for file_path | test.py:27:5:27:50 | ControlFlowNode for Attribute() | provenance | |
| test.py:27:28:27:36 | ControlFlowNode for file_path | test.py:27:5:27:50 | ControlFlowNode for Attribute() | provenance | Config |
| test.py:27:28:27:36 | ControlFlowNode for file_path | test.py:28:26:28:34 | ControlFlowNode for file_path | provenance | |
| test.py:28:26:28:34 | ControlFlowNode for file_path | test.py:28:5:28:60 | ControlFlowNode for Attribute() | provenance | |
| test.py:28:26:28:34 | ControlFlowNode for file_path | test.py:28:5:28:60 | ControlFlowNode for Attribute() | provenance | Config |
| test.py:28:26:28:34 | ControlFlowNode for file_path | test.py:35:27:35:35 | ControlFlowNode for file_path | provenance | |
| test.py:28:26:28:34 | ControlFlowNode for file_path | test.py:39:15:39:23 | ControlFlowNode for file_path | provenance | |
| test.py:28:26:28:34 | ControlFlowNode for file_path | test.py:40:19:40:27 | ControlFlowNode for file_path | provenance | |

14
python/ql/test/query-tests/Security/CWE-022-PathInjection/PathInjection.expected
View File

@@ -27,28 +27,28 @@ edges
| path_injection.py:19:16:19:47 | ControlFlowNode for Attribute() | path_injection.py:19:5:19:12 | ControlFlowNode for filename | provenance | |
| path_injection.py:20:5:20:9 | ControlFlowNode for npath | path_injection.py:21:14:21:18 | ControlFlowNode for npath | provenance | |
| path_injection.py:20:13:20:64 | ControlFlowNode for Attribute() | path_injection.py:20:5:20:9 | ControlFlowNode for npath | provenance | |
| path_injection.py:20:30:20:63 | ControlFlowNode for Attribute() | path_injection.py:20:13:20:64 | ControlFlowNode for Attribute() | provenance | |
| path_injection.py:20:30:20:63 | ControlFlowNode for Attribute() | path_injection.py:20:13:20:64 | ControlFlowNode for Attribute() | provenance | Config |
| path_injection.py:27:5:27:12 | ControlFlowNode for filename | path_injection.py:28:30:28:63 | ControlFlowNode for Attribute() | provenance | AdditionalTaintStep |
| path_injection.py:27:16:27:22 | ControlFlowNode for request | path_injection.py:27:16:27:27 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
| path_injection.py:27:16:27:27 | ControlFlowNode for Attribute | path_injection.py:27:16:27:47 | ControlFlowNode for Attribute() | provenance | dict.get |
| path_injection.py:27:16:27:47 | ControlFlowNode for Attribute() | path_injection.py:27:5:27:12 | ControlFlowNode for filename | provenance | |
| path_injection.py:28:5:28:9 | ControlFlowNode for npath | path_injection.py:31:14:31:18 | ControlFlowNode for npath | provenance | |
| path_injection.py:28:13:28:64 | ControlFlowNode for Attribute() | path_injection.py:28:5:28:9 | ControlFlowNode for npath | provenance | |
| path_injection.py:28:30:28:63 | ControlFlowNode for Attribute() | path_injection.py:28:13:28:64 | ControlFlowNode for Attribute() | provenance | |
| path_injection.py:28:30:28:63 | ControlFlowNode for Attribute() | path_injection.py:28:13:28:64 | ControlFlowNode for Attribute() | provenance | Config |
| path_injection.py:46:5:46:12 | ControlFlowNode for filename | path_injection.py:47:30:47:63 | ControlFlowNode for Attribute() | provenance | AdditionalTaintStep |
| path_injection.py:46:16:46:22 | ControlFlowNode for request | path_injection.py:46:16:46:27 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
| path_injection.py:46:16:46:27 | ControlFlowNode for Attribute | path_injection.py:46:16:46:47 | ControlFlowNode for Attribute() | provenance | dict.get |
| path_injection.py:46:16:46:47 | ControlFlowNode for Attribute() | path_injection.py:46:5:46:12 | ControlFlowNode for filename | provenance | |
| path_injection.py:47:5:47:9 | ControlFlowNode for npath | path_injection.py:48:14:48:18 | ControlFlowNode for npath | provenance | |
| path_injection.py:47:13:47:64 | ControlFlowNode for Attribute() | path_injection.py:47:5:47:9 | ControlFlowNode for npath | provenance | |
| path_injection.py:47:30:47:63 | ControlFlowNode for Attribute() | path_injection.py:47:13:47:64 | ControlFlowNode for Attribute() | provenance | |
| path_injection.py:47:30:47:63 | ControlFlowNode for Attribute() | path_injection.py:47:13:47:64 | ControlFlowNode for Attribute() | provenance | Config |
| path_injection.py:63:5:63:12 | ControlFlowNode for filename | path_injection.py:64:29:64:62 | ControlFlowNode for Attribute() | provenance | AdditionalTaintStep |
| path_injection.py:63:16:63:22 | ControlFlowNode for request | path_injection.py:63:16:63:27 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
| path_injection.py:63:16:63:27 | ControlFlowNode for Attribute | path_injection.py:63:16:63:47 | ControlFlowNode for Attribute() | provenance | dict.get |
| path_injection.py:63:16:63:47 | ControlFlowNode for Attribute() | path_injection.py:63:5:63:12 | ControlFlowNode for filename | provenance | |
| path_injection.py:64:5:64:9 | ControlFlowNode for npath | path_injection.py:65:14:65:18 | ControlFlowNode for npath | provenance | |
| path_injection.py:64:13:64:63 | ControlFlowNode for Attribute() | path_injection.py:64:5:64:9 | ControlFlowNode for npath | provenance | |
| path_injection.py:64:29:64:62 | ControlFlowNode for Attribute() | path_injection.py:64:13:64:63 | ControlFlowNode for Attribute() | provenance | |
| path_injection.py:64:29:64:62 | ControlFlowNode for Attribute() | path_injection.py:64:13:64:63 | ControlFlowNode for Attribute() | provenance | Config |
| path_injection.py:84:5:84:12 | ControlFlowNode for filename | path_injection.py:85:5:85:24 | ControlFlowNode for possibly_unsafe_path | provenance | AdditionalTaintStep |
| path_injection.py:84:16:84:22 | ControlFlowNode for request | path_injection.py:84:16:84:27 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
| path_injection.py:84:16:84:27 | ControlFlowNode for Attribute | path_injection.py:84:16:84:47 | ControlFlowNode for Attribute() | provenance | dict.get |
@@ -104,7 +104,7 @@ edges
| test.py:9:12:9:39 | ControlFlowNode for Attribute() | test.py:31:9:31:16 | ControlFlowNode for source() | provenance | |
| test.py:9:12:9:39 | ControlFlowNode for Attribute() | test.py:46:9:46:16 | ControlFlowNode for source() | provenance | |
| test.py:12:15:12:15 | ControlFlowNode for x | test.py:13:29:13:29 | ControlFlowNode for x | provenance | |
| test.py:13:29:13:29 | ControlFlowNode for x | test.py:13:12:13:30 | ControlFlowNode for Attribute() | provenance | |
| test.py:13:29:13:29 | ControlFlowNode for x | test.py:13:12:13:30 | ControlFlowNode for Attribute() | provenance | Config |
| test.py:18:5:18:5 | ControlFlowNode for x | test.py:19:10:19:10 | ControlFlowNode for x | provenance | |
| test.py:18:9:18:16 | ControlFlowNode for source() | test.py:18:5:18:5 | ControlFlowNode for x | provenance | |
| test.py:24:5:24:5 | ControlFlowNode for x | test.py:25:19:25:19 | ControlFlowNode for x | provenance | |
@@ -112,7 +112,7 @@ edges
| test.py:25:5:25:5 | ControlFlowNode for y | test.py:26:10:26:10 | ControlFlowNode for y | provenance | |
| test.py:25:9:25:20 | ControlFlowNode for normalize() | test.py:25:5:25:5 | ControlFlowNode for y | provenance | |
| test.py:25:19:25:19 | ControlFlowNode for x | test.py:12:15:12:15 | ControlFlowNode for x | provenance | |
| test.py:25:19:25:19 | ControlFlowNode for x | test.py:25:9:25:20 | ControlFlowNode for normalize() | provenance | |
| test.py:25:19:25:19 | ControlFlowNode for x | test.py:25:9:25:20 | ControlFlowNode for normalize() | provenance | Config |
| test.py:31:5:31:5 | ControlFlowNode for x | test.py:33:14:33:14 | ControlFlowNode for x | provenance | |
| test.py:31:9:31:16 | ControlFlowNode for source() | test.py:31:5:31:5 | ControlFlowNode for x | provenance | |
| test.py:46:5:46:5 | ControlFlowNode for x | test.py:48:23:48:23 | ControlFlowNode for x | provenance | |
@@ -120,7 +120,7 @@ edges
| test.py:48:9:48:9 | ControlFlowNode for y | test.py:49:14:49:14 | ControlFlowNode for y | provenance | |
| test.py:48:13:48:24 | ControlFlowNode for normalize() | test.py:48:9:48:9 | ControlFlowNode for y | provenance | |
| test.py:48:23:48:23 | ControlFlowNode for x | test.py:12:15:12:15 | ControlFlowNode for x | provenance | |
| test.py:48:23:48:23 | ControlFlowNode for x | test.py:48:13:48:24 | ControlFlowNode for normalize() | provenance | |
| test.py:48:23:48:23 | ControlFlowNode for x | test.py:48:13:48:24 | ControlFlowNode for normalize() | provenance | Config |
nodes
| flask_path_injection.py:1:26:1:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
| flask_path_injection.py:1:26:1:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |

2
python/ql/test/query-tests/Security/CWE-209-StackTraceExposure/StackTraceExposure.expected
View File

@@ -1,7 +1,7 @@
edges
| test.py:23:25:23:25 | ControlFlowNode for e | test.py:24:16:24:16 | ControlFlowNode for e | provenance | |
| test.py:31:25:31:25 | ControlFlowNode for e | test.py:32:16:32:16 | ControlFlowNode for e | provenance | |
| test.py:32:16:32:16 | ControlFlowNode for e | test.py:32:16:32:30 | ControlFlowNode for Attribute | provenance | |
| test.py:32:16:32:16 | ControlFlowNode for e | test.py:32:16:32:30 | ControlFlowNode for Attribute | provenance | Config |
| test.py:49:9:49:11 | ControlFlowNode for err | test.py:50:29:50:31 | ControlFlowNode for err | provenance | |
| test.py:49:15:49:36 | ControlFlowNode for Attribute() | test.py:49:9:49:11 | ControlFlowNode for err | provenance | |
| test.py:50:29:50:31 | ControlFlowNode for err | test.py:50:16:50:32 | ControlFlowNode for format_error() | provenance | |

4
python/ql/test/query-tests/Security/CWE-285-PamAuthorization/PamAuthorization.expected
View File

@@ -5,9 +5,9 @@ edges
| pam_test.py:71:16:71:22 | ControlFlowNode for request | pam_test.py:71:16:71:27 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
| pam_test.py:71:16:71:27 | ControlFlowNode for Attribute | pam_test.py:71:16:71:47 | ControlFlowNode for Attribute() | provenance | dict.get |
| pam_test.py:71:16:71:47 | ControlFlowNode for Attribute() | pam_test.py:71:5:71:12 | ControlFlowNode for username | provenance | |
| pam_test.py:74:33:74:40 | ControlFlowNode for username | pam_test.py:74:62:74:67 | ControlFlowNode for handle | provenance | |
| pam_test.py:74:33:74:40 | ControlFlowNode for username | pam_test.py:74:62:74:67 | ControlFlowNode for handle | provenance | Config |
| pam_test.py:74:62:74:67 | ControlFlowNode for handle | pam_test.py:76:31:76:36 | ControlFlowNode for handle | provenance | |
| pam_test.py:76:31:76:36 | ControlFlowNode for handle | pam_test.py:76:14:76:40 | ControlFlowNode for pam_authenticate() | provenance | |
| pam_test.py:76:31:76:36 | ControlFlowNode for handle | pam_test.py:76:14:76:40 | ControlFlowNode for pam_authenticate() | provenance | Config |
nodes
| pam_test.py:4:26:4:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
| pam_test.py:4:26:4:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |

12
python/ql/test/query-tests/Security/CWE-327-WeakSensitiveDataHashing/WeakSensitiveDataHashing.expected
View File

@@ -5,13 +5,13 @@ edges
| test_cryptodome.py:2:37:2:51 | ControlFlowNode for ImportMember | test_cryptodome.py:2:37:2:51 | ControlFlowNode for get_certificate | provenance | |
| test_cryptodome.py:2:37:2:51 | ControlFlowNode for get_certificate | test_cryptodome.py:6:17:6:31 | ControlFlowNode for get_certificate | provenance | |
| test_cryptodome.py:6:5:6:13 | ControlFlowNode for dangerous | test_cryptodome.py:8:19:8:27 | ControlFlowNode for dangerous | provenance | |
| test_cryptodome.py:6:17:6:31 | ControlFlowNode for get_certificate | test_cryptodome.py:6:17:6:33 | ControlFlowNode for get_certificate() | provenance | |
| test_cryptodome.py:6:17:6:31 | ControlFlowNode for get_certificate | test_cryptodome.py:6:17:6:33 | ControlFlowNode for get_certificate() | provenance | Config |
| test_cryptodome.py:6:17:6:33 | ControlFlowNode for get_certificate() | test_cryptodome.py:6:5:6:13 | ControlFlowNode for dangerous | provenance | |
| test_cryptodome.py:13:5:13:13 | ControlFlowNode for dangerous | test_cryptodome.py:15:19:15:27 | ControlFlowNode for dangerous | provenance | |
| test_cryptodome.py:13:17:13:28 | ControlFlowNode for get_password | test_cryptodome.py:13:17:13:30 | ControlFlowNode for get_password() | provenance | |
| test_cryptodome.py:13:17:13:28 | ControlFlowNode for get_password | test_cryptodome.py:13:17:13:30 | ControlFlowNode for get_password() | provenance | Config |
| test_cryptodome.py:13:17:13:30 | ControlFlowNode for get_password() | test_cryptodome.py:13:5:13:13 | ControlFlowNode for dangerous | provenance | |
| test_cryptodome.py:20:5:20:13 | ControlFlowNode for dangerous | test_cryptodome.py:24:19:24:27 | ControlFlowNode for dangerous | provenance | |
| test_cryptodome.py:20:17:20:28 | ControlFlowNode for get_password | test_cryptodome.py:20:17:20:30 | ControlFlowNode for get_password() | provenance | |
| test_cryptodome.py:20:17:20:28 | ControlFlowNode for get_password | test_cryptodome.py:20:17:20:30 | ControlFlowNode for get_password() | provenance | Config |
| test_cryptodome.py:20:17:20:30 | ControlFlowNode for get_password() | test_cryptodome.py:20:5:20:13 | ControlFlowNode for dangerous | provenance | |
| test_cryptography.py:3:23:3:34 | ControlFlowNode for ImportMember | test_cryptography.py:3:23:3:34 | ControlFlowNode for get_password | provenance | |
| test_cryptography.py:3:23:3:34 | ControlFlowNode for get_password | test_cryptography.py:15:17:15:28 | ControlFlowNode for get_password | provenance | |
@@ -19,13 +19,13 @@ edges
| test_cryptography.py:3:37:3:51 | ControlFlowNode for ImportMember | test_cryptography.py:3:37:3:51 | ControlFlowNode for get_certificate | provenance | |
| test_cryptography.py:3:37:3:51 | ControlFlowNode for get_certificate | test_cryptography.py:7:17:7:31 | ControlFlowNode for get_certificate | provenance | |
| test_cryptography.py:7:5:7:13 | ControlFlowNode for dangerous | test_cryptography.py:9:19:9:27 | ControlFlowNode for dangerous | provenance | |
| test_cryptography.py:7:17:7:31 | ControlFlowNode for get_certificate | test_cryptography.py:7:17:7:33 | ControlFlowNode for get_certificate() | provenance | |
| test_cryptography.py:7:17:7:31 | ControlFlowNode for get_certificate | test_cryptography.py:7:17:7:33 | ControlFlowNode for get_certificate() | provenance | Config |
| test_cryptography.py:7:17:7:33 | ControlFlowNode for get_certificate() | test_cryptography.py:7:5:7:13 | ControlFlowNode for dangerous | provenance | |
| test_cryptography.py:15:5:15:13 | ControlFlowNode for dangerous | test_cryptography.py:17:19:17:27 | ControlFlowNode for dangerous | provenance | |
| test_cryptography.py:15:17:15:28 | ControlFlowNode for get_password | test_cryptography.py:15:17:15:30 | ControlFlowNode for get_password() | provenance | |
| test_cryptography.py:15:17:15:28 | ControlFlowNode for get_password | test_cryptography.py:15:17:15:30 | ControlFlowNode for get_password() | provenance | Config |
| test_cryptography.py:15:17:15:30 | ControlFlowNode for get_password() | test_cryptography.py:15:5:15:13 | ControlFlowNode for dangerous | provenance | |
| test_cryptography.py:23:5:23:13 | ControlFlowNode for dangerous | test_cryptography.py:27:19:27:27 | ControlFlowNode for dangerous | provenance | |
| test_cryptography.py:23:17:23:28 | ControlFlowNode for get_password | test_cryptography.py:23:17:23:30 | ControlFlowNode for get_password() | provenance | |
| test_cryptography.py:23:17:23:28 | ControlFlowNode for get_password | test_cryptography.py:23:17:23:30 | ControlFlowNode for get_password() | provenance | Config |
| test_cryptography.py:23:17:23:30 | ControlFlowNode for get_password() | test_cryptography.py:23:5:23:13 | ControlFlowNode for dangerous | provenance | |
nodes
| test_cryptodome.py:2:23:2:34 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |

34
python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/NoSqlInjection.expected
View File

@@ -10,20 +10,20 @@ edges
| PoC/server.py:27:5:27:10 | ControlFlowNode for author | PoC/server.py:30:27:30:44 | ControlFlowNode for Dict | provenance | |
| PoC/server.py:27:5:27:10 | ControlFlowNode for author | PoC/server.py:31:34:31:51 | ControlFlowNode for Dict | provenance | |
| PoC/server.py:27:14:27:38 | ControlFlowNode for Attribute() | PoC/server.py:27:5:27:10 | ControlFlowNode for author | provenance | |
| PoC/server.py:27:25:27:37 | ControlFlowNode for author_string | PoC/server.py:27:14:27:38 | ControlFlowNode for Attribute() | provenance | |
| PoC/server.py:27:25:27:37 | ControlFlowNode for author_string | PoC/server.py:27:14:27:38 | ControlFlowNode for Attribute() | provenance | Config |
| PoC/server.py:43:5:43:10 | ControlFlowNode for author | PoC/server.py:47:38:47:67 | ControlFlowNode for BinaryExpr | provenance | |
| PoC/server.py:43:14:43:20 | ControlFlowNode for request | PoC/server.py:43:5:43:10 | ControlFlowNode for author | provenance | AdditionalTaintStep |
| PoC/server.py:47:38:47:67 | ControlFlowNode for BinaryExpr | PoC/server.py:47:27:47:68 | ControlFlowNode for Dict | provenance | |
| PoC/server.py:47:38:47:67 | ControlFlowNode for BinaryExpr | PoC/server.py:47:27:47:68 | ControlFlowNode for Dict | provenance | Config |
| PoC/server.py:52:5:52:10 | ControlFlowNode for author | PoC/server.py:54:17:54:70 | ControlFlowNode for BinaryExpr | provenance | |
| PoC/server.py:52:14:52:20 | ControlFlowNode for request | PoC/server.py:52:5:52:10 | ControlFlowNode for author | provenance | AdditionalTaintStep |
| PoC/server.py:53:5:53:10 | ControlFlowNode for search | PoC/server.py:61:27:61:58 | ControlFlowNode for Dict | provenance | |
| PoC/server.py:53:14:57:5 | ControlFlowNode for Dict | PoC/server.py:53:5:53:10 | ControlFlowNode for search | provenance | |
| PoC/server.py:54:17:54:70 | ControlFlowNode for BinaryExpr | PoC/server.py:53:14:57:5 | ControlFlowNode for Dict | provenance | |
| PoC/server.py:54:17:54:70 | ControlFlowNode for BinaryExpr | PoC/server.py:53:14:57:5 | ControlFlowNode for Dict | provenance | Config |
| PoC/server.py:77:5:77:10 | ControlFlowNode for author | PoC/server.py:80:23:80:101 | ControlFlowNode for BinaryExpr | provenance | |
| PoC/server.py:77:14:77:20 | ControlFlowNode for request | PoC/server.py:77:5:77:10 | ControlFlowNode for author | provenance | AdditionalTaintStep |
| PoC/server.py:78:5:78:15 | ControlFlowNode for accumulator | PoC/server.py:84:5:84:9 | ControlFlowNode for group | provenance | |
| PoC/server.py:78:19:83:5 | ControlFlowNode for Dict | PoC/server.py:78:5:78:15 | ControlFlowNode for accumulator | provenance | |
| PoC/server.py:80:23:80:101 | ControlFlowNode for BinaryExpr | PoC/server.py:78:19:83:5 | ControlFlowNode for Dict | provenance | |
| PoC/server.py:80:23:80:101 | ControlFlowNode for BinaryExpr | PoC/server.py:78:19:83:5 | ControlFlowNode for Dict | provenance | Config |
| PoC/server.py:84:5:84:9 | ControlFlowNode for group | PoC/server.py:91:29:91:47 | ControlFlowNode for Dict | provenance | |
| PoC/server.py:84:5:84:9 | ControlFlowNode for group | PoC/server.py:92:38:92:56 | ControlFlowNode for Dict | provenance | |
| PoC/server.py:98:5:98:10 | ControlFlowNode for author | PoC/server.py:99:5:99:10 | ControlFlowNode for mapper | provenance | |
@@ -36,19 +36,19 @@ edges
| flask_mongoengine_bad.py:19:21:19:27 | ControlFlowNode for request | flask_mongoengine_bad.py:19:5:19:17 | ControlFlowNode for unsafe_search | provenance | AdditionalTaintStep |
| flask_mongoengine_bad.py:20:5:20:15 | ControlFlowNode for json_search | flask_mongoengine_bad.py:22:34:22:44 | ControlFlowNode for json_search | provenance | |
| flask_mongoengine_bad.py:20:19:20:43 | ControlFlowNode for Attribute() | flask_mongoengine_bad.py:20:5:20:15 | ControlFlowNode for json_search | provenance | |
| flask_mongoengine_bad.py:20:30:20:42 | ControlFlowNode for unsafe_search | flask_mongoengine_bad.py:20:19:20:43 | ControlFlowNode for Attribute() | provenance | |
| flask_mongoengine_bad.py:20:30:20:42 | ControlFlowNode for unsafe_search | flask_mongoengine_bad.py:20:19:20:43 | ControlFlowNode for Attribute() | provenance | Config |
| flask_mongoengine_bad.py:26:5:26:17 | ControlFlowNode for unsafe_search | flask_mongoengine_bad.py:27:30:27:42 | ControlFlowNode for unsafe_search | provenance | |
| flask_mongoengine_bad.py:26:21:26:27 | ControlFlowNode for request | flask_mongoengine_bad.py:26:5:26:17 | ControlFlowNode for unsafe_search | provenance | AdditionalTaintStep |
| flask_mongoengine_bad.py:27:5:27:15 | ControlFlowNode for json_search | flask_mongoengine_bad.py:30:39:30:59 | ControlFlowNode for Dict | provenance | |
| flask_mongoengine_bad.py:27:19:27:43 | ControlFlowNode for Attribute() | flask_mongoengine_bad.py:27:5:27:15 | ControlFlowNode for json_search | provenance | |
| flask_mongoengine_bad.py:27:30:27:42 | ControlFlowNode for unsafe_search | flask_mongoengine_bad.py:27:19:27:43 | ControlFlowNode for Attribute() | provenance | |
| flask_mongoengine_bad.py:27:30:27:42 | ControlFlowNode for unsafe_search | flask_mongoengine_bad.py:27:19:27:43 | ControlFlowNode for Attribute() | provenance | Config |
| flask_pymongo_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | flask_pymongo_bad.py:1:26:1:32 | ControlFlowNode for request | provenance | |
| flask_pymongo_bad.py:1:26:1:32 | ControlFlowNode for request | flask_pymongo_bad.py:11:21:11:27 | ControlFlowNode for request | provenance | |
| flask_pymongo_bad.py:11:5:11:17 | ControlFlowNode for unsafe_search | flask_pymongo_bad.py:12:30:12:42 | ControlFlowNode for unsafe_search | provenance | |
| flask_pymongo_bad.py:11:21:11:27 | ControlFlowNode for request | flask_pymongo_bad.py:11:5:11:17 | ControlFlowNode for unsafe_search | provenance | AdditionalTaintStep |
| flask_pymongo_bad.py:12:5:12:15 | ControlFlowNode for json_search | flask_pymongo_bad.py:14:31:14:51 | ControlFlowNode for Dict | provenance | |
| flask_pymongo_bad.py:12:19:12:43 | ControlFlowNode for Attribute() | flask_pymongo_bad.py:12:5:12:15 | ControlFlowNode for json_search | provenance | |
| flask_pymongo_bad.py:12:30:12:42 | ControlFlowNode for unsafe_search | flask_pymongo_bad.py:12:19:12:43 | ControlFlowNode for Attribute() | provenance | |
| flask_pymongo_bad.py:12:30:12:42 | ControlFlowNode for unsafe_search | flask_pymongo_bad.py:12:19:12:43 | ControlFlowNode for Attribute() | provenance | Config |
| mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | mongoengine_bad.py:1:26:1:32 | ControlFlowNode for request | provenance | |
| mongoengine_bad.py:1:26:1:32 | ControlFlowNode for request | mongoengine_bad.py:18:21:18:27 | ControlFlowNode for request | provenance | |
| mongoengine_bad.py:1:26:1:32 | ControlFlowNode for request | mongoengine_bad.py:26:21:26:27 | ControlFlowNode for request | provenance | |
@@ -60,32 +60,32 @@ edges
| mongoengine_bad.py:18:21:18:27 | ControlFlowNode for request | mongoengine_bad.py:18:5:18:17 | ControlFlowNode for unsafe_search | provenance | AdditionalTaintStep |
| mongoengine_bad.py:19:5:19:15 | ControlFlowNode for json_search | mongoengine_bad.py:22:26:22:46 | ControlFlowNode for Dict | provenance | |
| mongoengine_bad.py:19:19:19:43 | ControlFlowNode for Attribute() | mongoengine_bad.py:19:5:19:15 | ControlFlowNode for json_search | provenance | |
| mongoengine_bad.py:19:30:19:42 | ControlFlowNode for unsafe_search | mongoengine_bad.py:19:19:19:43 | ControlFlowNode for Attribute() | provenance | |
| mongoengine_bad.py:19:30:19:42 | ControlFlowNode for unsafe_search | mongoengine_bad.py:19:19:19:43 | ControlFlowNode for Attribute() | provenance | Config |
| mongoengine_bad.py:26:5:26:17 | ControlFlowNode for unsafe_search | mongoengine_bad.py:27:30:27:42 | ControlFlowNode for unsafe_search | provenance | |
| mongoengine_bad.py:26:21:26:27 | ControlFlowNode for request | mongoengine_bad.py:26:5:26:17 | ControlFlowNode for unsafe_search | provenance | AdditionalTaintStep |
| mongoengine_bad.py:27:5:27:15 | ControlFlowNode for json_search | mongoengine_bad.py:30:26:30:46 | ControlFlowNode for Dict | provenance | |
| mongoengine_bad.py:27:19:27:43 | ControlFlowNode for Attribute() | mongoengine_bad.py:27:5:27:15 | ControlFlowNode for json_search | provenance | |
| mongoengine_bad.py:27:30:27:42 | ControlFlowNode for unsafe_search | mongoengine_bad.py:27:19:27:43 | ControlFlowNode for Attribute() | provenance | |
| mongoengine_bad.py:27:30:27:42 | ControlFlowNode for unsafe_search | mongoengine_bad.py:27:19:27:43 | ControlFlowNode for Attribute() | provenance | Config |
| mongoengine_bad.py:34:5:34:17 | ControlFlowNode for unsafe_search | mongoengine_bad.py:35:30:35:42 | ControlFlowNode for unsafe_search | provenance | |
| mongoengine_bad.py:34:21:34:27 | ControlFlowNode for request | mongoengine_bad.py:34:5:34:17 | ControlFlowNode for unsafe_search | provenance | AdditionalTaintStep |
| mongoengine_bad.py:35:5:35:15 | ControlFlowNode for json_search | mongoengine_bad.py:38:26:38:46 | ControlFlowNode for Dict | provenance | |
| mongoengine_bad.py:35:19:35:43 | ControlFlowNode for Attribute() | mongoengine_bad.py:35:5:35:15 | ControlFlowNode for json_search | provenance | |
| mongoengine_bad.py:35:30:35:42 | ControlFlowNode for unsafe_search | mongoengine_bad.py:35:19:35:43 | ControlFlowNode for Attribute() | provenance | |
| mongoengine_bad.py:35:30:35:42 | ControlFlowNode for unsafe_search | mongoengine_bad.py:35:19:35:43 | ControlFlowNode for Attribute() | provenance | Config |
| mongoengine_bad.py:42:5:42:17 | ControlFlowNode for unsafe_search | mongoengine_bad.py:43:30:43:42 | ControlFlowNode for unsafe_search | provenance | |
| mongoengine_bad.py:42:21:42:27 | ControlFlowNode for request | mongoengine_bad.py:42:5:42:17 | ControlFlowNode for unsafe_search | provenance | AdditionalTaintStep |
| mongoengine_bad.py:43:5:43:15 | ControlFlowNode for json_search | mongoengine_bad.py:46:26:46:46 | ControlFlowNode for Dict | provenance | |
| mongoengine_bad.py:43:19:43:43 | ControlFlowNode for Attribute() | mongoengine_bad.py:43:5:43:15 | ControlFlowNode for json_search | provenance | |
| mongoengine_bad.py:43:30:43:42 | ControlFlowNode for unsafe_search | mongoengine_bad.py:43:19:43:43 | ControlFlowNode for Attribute() | provenance | |
| mongoengine_bad.py:43:30:43:42 | ControlFlowNode for unsafe_search | mongoengine_bad.py:43:19:43:43 | ControlFlowNode for Attribute() | provenance | Config |
| mongoengine_bad.py:50:5:50:17 | ControlFlowNode for unsafe_search | mongoengine_bad.py:51:30:51:42 | ControlFlowNode for unsafe_search | provenance | |
| mongoengine_bad.py:50:21:50:27 | ControlFlowNode for request | mongoengine_bad.py:50:5:50:17 | ControlFlowNode for unsafe_search | provenance | AdditionalTaintStep |
| mongoengine_bad.py:51:5:51:15 | ControlFlowNode for json_search | mongoengine_bad.py:53:34:53:44 | ControlFlowNode for json_search | provenance | |
| mongoengine_bad.py:51:19:51:43 | ControlFlowNode for Attribute() | mongoengine_bad.py:51:5:51:15 | ControlFlowNode for json_search | provenance | |
| mongoengine_bad.py:51:30:51:42 | ControlFlowNode for unsafe_search | mongoengine_bad.py:51:19:51:43 | ControlFlowNode for Attribute() | provenance | |
| mongoengine_bad.py:51:30:51:42 | ControlFlowNode for unsafe_search | mongoengine_bad.py:51:19:51:43 | ControlFlowNode for Attribute() | provenance | Config |
| mongoengine_bad.py:57:5:57:17 | ControlFlowNode for unsafe_search | mongoengine_bad.py:58:30:58:42 | ControlFlowNode for unsafe_search | provenance | |
| mongoengine_bad.py:57:21:57:27 | ControlFlowNode for request | mongoengine_bad.py:57:5:57:17 | ControlFlowNode for unsafe_search | provenance | AdditionalTaintStep |
| mongoengine_bad.py:58:5:58:15 | ControlFlowNode for json_search | mongoengine_bad.py:61:29:61:49 | ControlFlowNode for Dict | provenance | |
| mongoengine_bad.py:58:19:58:43 | ControlFlowNode for Attribute() | mongoengine_bad.py:58:5:58:15 | ControlFlowNode for json_search | provenance | |
| mongoengine_bad.py:58:30:58:42 | ControlFlowNode for unsafe_search | mongoengine_bad.py:58:19:58:43 | ControlFlowNode for Attribute() | provenance | |
| mongoengine_bad.py:58:30:58:42 | ControlFlowNode for unsafe_search | mongoengine_bad.py:58:19:58:43 | ControlFlowNode for Attribute() | provenance | Config |
| pymongo_test.py:1:26:1:32 | ControlFlowNode for ImportMember | pymongo_test.py:1:26:1:32 | ControlFlowNode for request | provenance | |
| pymongo_test.py:1:26:1:32 | ControlFlowNode for request | pymongo_test.py:12:21:12:27 | ControlFlowNode for request | provenance | |
| pymongo_test.py:1:26:1:32 | ControlFlowNode for request | pymongo_test.py:29:27:29:33 | ControlFlowNode for request | provenance | |
@@ -95,23 +95,23 @@ edges
| pymongo_test.py:12:21:12:27 | ControlFlowNode for request | pymongo_test.py:12:5:12:17 | ControlFlowNode for unsafe_search | provenance | AdditionalTaintStep |
| pymongo_test.py:13:5:13:15 | ControlFlowNode for json_search | pymongo_test.py:15:42:15:62 | ControlFlowNode for Dict | provenance | |
| pymongo_test.py:13:19:13:43 | ControlFlowNode for Attribute() | pymongo_test.py:13:5:13:15 | ControlFlowNode for json_search | provenance | |
| pymongo_test.py:13:30:13:42 | ControlFlowNode for unsafe_search | pymongo_test.py:13:19:13:43 | ControlFlowNode for Attribute() | provenance | |
| pymongo_test.py:13:30:13:42 | ControlFlowNode for unsafe_search | pymongo_test.py:13:19:13:43 | ControlFlowNode for Attribute() | provenance | Config |
| pymongo_test.py:29:5:29:12 | ControlFlowNode for event_id | pymongo_test.py:33:45:33:72 | ControlFlowNode for Fstring | provenance | |
| pymongo_test.py:29:16:29:51 | ControlFlowNode for Attribute() | pymongo_test.py:29:5:29:12 | ControlFlowNode for event_id | provenance | |
| pymongo_test.py:29:27:29:33 | ControlFlowNode for request | pymongo_test.py:29:27:29:50 | ControlFlowNode for Subscript | provenance | AdditionalTaintStep |
| pymongo_test.py:29:27:29:50 | ControlFlowNode for Subscript | pymongo_test.py:29:16:29:51 | ControlFlowNode for Attribute() | provenance | |
| pymongo_test.py:29:27:29:50 | ControlFlowNode for Subscript | pymongo_test.py:29:16:29:51 | ControlFlowNode for Attribute() | provenance | Config |
| pymongo_test.py:33:45:33:72 | ControlFlowNode for Fstring | pymongo_test.py:33:34:33:73 | ControlFlowNode for Dict | provenance | |
| pymongo_test.py:33:45:33:72 | ControlFlowNode for Fstring | pymongo_test.py:33:34:33:73 | ControlFlowNode for Dict | provenance | Decoding-NoSQL |
| pymongo_test.py:39:5:39:12 | ControlFlowNode for event_id | pymongo_test.py:43:45:43:72 | ControlFlowNode for Fstring | provenance | |
| pymongo_test.py:39:16:39:51 | ControlFlowNode for Attribute() | pymongo_test.py:39:5:39:12 | ControlFlowNode for event_id | provenance | |
| pymongo_test.py:39:27:39:33 | ControlFlowNode for request | pymongo_test.py:39:27:39:50 | ControlFlowNode for Subscript | provenance | AdditionalTaintStep |
| pymongo_test.py:39:27:39:50 | ControlFlowNode for Subscript | pymongo_test.py:39:16:39:51 | ControlFlowNode for Attribute() | provenance | |
| pymongo_test.py:39:27:39:50 | ControlFlowNode for Subscript | pymongo_test.py:39:16:39:51 | ControlFlowNode for Attribute() | provenance | Config |
| pymongo_test.py:43:45:43:72 | ControlFlowNode for Fstring | pymongo_test.py:43:34:43:73 | ControlFlowNode for Dict | provenance | |
| pymongo_test.py:43:45:43:72 | ControlFlowNode for Fstring | pymongo_test.py:43:34:43:73 | ControlFlowNode for Dict | provenance | Decoding-NoSQL |
| pymongo_test.py:52:5:52:11 | ControlFlowNode for decoded | pymongo_test.py:55:17:55:23 | ControlFlowNode for decoded | provenance | |
| pymongo_test.py:52:15:52:50 | ControlFlowNode for Attribute() | pymongo_test.py:52:5:52:11 | ControlFlowNode for decoded | provenance | |
| pymongo_test.py:52:26:52:32 | ControlFlowNode for request | pymongo_test.py:52:26:52:49 | ControlFlowNode for Subscript | provenance | AdditionalTaintStep |
| pymongo_test.py:52:26:52:49 | ControlFlowNode for Subscript | pymongo_test.py:52:15:52:50 | ControlFlowNode for Attribute() | provenance | |
| pymongo_test.py:52:26:52:49 | ControlFlowNode for Subscript | pymongo_test.py:52:15:52:50 | ControlFlowNode for Attribute() | provenance | Config |
| pymongo_test.py:54:5:54:10 | ControlFlowNode for search | pymongo_test.py:59:25:59:56 | ControlFlowNode for Dict | provenance | |
| pymongo_test.py:54:14:58:5 | ControlFlowNode for Dict | pymongo_test.py:54:5:54:10 | ControlFlowNode for search | provenance | |
| pymongo_test.py:55:17:55:23 | ControlFlowNode for decoded | pymongo_test.py:54:14:58:5 | ControlFlowNode for Dict | provenance | |