hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-23 15:55:18 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #11936 from jketema/pretty-path

Browse Source 
C++: In use-use dataflow use the AST representation of IR Instructions and Operands as their strings
This commit is contained in:
Jeroen Ketema
2023-01-23 10:30:17 +01:00
committed by GitHub
parent 39d44adbc5 f628152be1
commit 3f9deb66ce
22 changed files with 1548 additions and 1450 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll
View File

@@ -357,6 +357,8 @@ class InstructionNode extends Node0 {
/** Gets the instruction corresponding to this node. */
Instruction getInstruction() { result = instr }
override string toStringImpl() { result = instr.getAst().toString() }
}
/**
@@ -370,6 +372,8 @@ class OperandNode extends Node, Node0 {
/** Gets the operand corresponding to this node. */
Operand getOperand() { result = node.getOperand() }
override string toStringImpl() { result = op.getDef().getAst().toString() }
}
/**

8
cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-ir-consistency.expected
View File

@@ -1,8 +1,8 @@
uniqueEnclosingCallable
| globals.cpp:9:5:9:19 | VariableAddress indirection | Node should have one enclosing callable but has 0. |
| globals.cpp:9:5:9:19 | VariableAddress indirection | Node should have one enclosing callable but has 0. |
| globals.cpp:16:12:16:26 | VariableAddress indirection | Node should have one enclosing callable but has 0. |
| globals.cpp:16:12:16:26 | VariableAddress indirection | Node should have one enclosing callable but has 0. |
| globals.cpp:9:5:9:19 | flowTestGlobal1 indirection | Node should have one enclosing callable but has 0. |
| globals.cpp:9:5:9:19 | flowTestGlobal1 indirection | Node should have one enclosing callable but has 0. |
| globals.cpp:16:12:16:26 | flowTestGlobal2 indirection | Node should have one enclosing callable but has 0. |
| globals.cpp:16:12:16:26 | flowTestGlobal2 indirection | Node should have one enclosing callable but has 0. |
uniqueType
uniqueNodeLocation
| BarrierGuard.cpp:2:11:2:13 | (unnamed parameter 0) | Node should have one location but has 6. |

12
cpp/ql/test/library-tests/dataflow/fields/dataflow-ir-consistency.expected
View File

@@ -33,10 +33,10 @@ postIsNotPre
| D.cpp:56:15:56:24 | new indirection | PostUpdateNode should not equal its pre-update node. |
postHasUniquePre
uniquePostUpdate
| aliasing.cpp:70:11:70:11 | VariableAddress indirection | Node has multiple PostUpdateNodes. |
| aliasing.cpp:77:11:77:11 | VariableAddress indirection | Node has multiple PostUpdateNodes. |
| aliasing.cpp:84:11:84:11 | VariableAddress indirection | Node has multiple PostUpdateNodes. |
| aliasing.cpp:91:11:91:11 | VariableAddress indirection | Node has multiple PostUpdateNodes. |
| aliasing.cpp:70:11:70:11 | definition of w indirection | Node has multiple PostUpdateNodes. |
| aliasing.cpp:77:11:77:11 | definition of w indirection | Node has multiple PostUpdateNodes. |
| aliasing.cpp:84:11:84:11 | definition of w indirection | Node has multiple PostUpdateNodes. |
| aliasing.cpp:91:11:91:11 | definition of w indirection | Node has multiple PostUpdateNodes. |
| complex.cpp:22:3:22:5 | this indirection | Node has multiple PostUpdateNodes. |
| complex.cpp:25:7:25:7 | this indirection | Node has multiple PostUpdateNodes. |
| complex.cpp:42:10:42:14 | inner indirection | Node has multiple PostUpdateNodes. |
@@ -45,8 +45,8 @@ uniquePostUpdate
| complex.cpp:54:6:54:10 | inner indirection | Node has multiple PostUpdateNodes. |
| complex.cpp:55:6:55:10 | inner indirection | Node has multiple PostUpdateNodes. |
| complex.cpp:56:6:56:10 | inner indirection | Node has multiple PostUpdateNodes. |
| struct_init.c:26:16:26:20 | VariableAddress indirection | Node has multiple PostUpdateNodes. |
| struct_init.c:41:16:41:20 | VariableAddress indirection | Node has multiple PostUpdateNodes. |
| struct_init.c:26:16:26:20 | definition of outer indirection | Node has multiple PostUpdateNodes. |
| struct_init.c:41:16:41:20 | definition of outer indirection | Node has multiple PostUpdateNodes. |
postIsInSameCallable
reverseRead
argHasPostUpdate

1928
cpp/ql/test/library-tests/dataflow/fields/ir-path-flow.expected
View File

File diff suppressed because it is too large Load Diff

240
cpp/ql/test/library-tests/syntax-zoo/dataflow-ir-consistency.expected
View File

@@ -1,40 +1,48 @@
uniqueEnclosingCallable
| cpp11.cpp:36:5:36:14 | VariableAddress indirection | Node should have one enclosing callable but has 0. |
| cpp11.cpp:36:5:36:14 | VariableAddress indirection | Node should have one enclosing callable but has 0. |
| misc.c:10:5:10:13 | VariableAddress indirection | Node should have one enclosing callable but has 0. |
| misc.c:10:5:10:13 | VariableAddress indirection | Node should have one enclosing callable but has 0. |
| misc.c:11:5:11:13 | VariableAddress indirection | Node should have one enclosing callable but has 0. |
| misc.c:11:5:11:13 | VariableAddress indirection | Node should have one enclosing callable but has 0. |
| misc.c:210:5:210:20 | VariableAddress indirection | Node should have one enclosing callable but has 0. |
| misc.c:210:5:210:20 | VariableAddress indirection | Node should have one enclosing callable but has 0. |
| cpp11.cpp:36:5:36:14 | global_int indirection | Node should have one enclosing callable but has 0. |
| cpp11.cpp:36:5:36:14 | global_int indirection | Node should have one enclosing callable but has 0. |
| misc.c:10:5:10:13 | topLevel1 indirection | Node should have one enclosing callable but has 0. |
| misc.c:10:5:10:13 | topLevel1 indirection | Node should have one enclosing callable but has 0. |
| misc.c:11:5:11:13 | topLevel2 indirection | Node should have one enclosing callable but has 0. |
| misc.c:11:5:11:13 | topLevel2 indirection | Node should have one enclosing callable but has 0. |
| misc.c:210:5:210:20 | global_with_init indirection | Node should have one enclosing callable but has 0. |
| misc.c:210:5:210:20 | global_with_init indirection | Node should have one enclosing callable but has 0. |
uniqueType
uniqueNodeLocation
| allocators.cpp:14:5:14:8 | Address | Node should have one location but has 4. |
| allocators.cpp:14:5:14:8 | Phi | Node should have one location but has 4. |
| allocators.cpp:14:5:14:8 | VariableAddress | Node should have one location but has 4. |
| allocators.cpp:14:5:14:8 | VariableAddress indirection | Node should have one location but has 4. |
| allocators.cpp:14:5:14:8 | VariableAddress indirection | Node should have one location but has 4. |
| break_labels.c:2:11:2:11 | Address | Node should have one location but has 4. |
| break_labels.c:2:11:2:11 | VariableAddress | Node should have one location but has 4. |
| break_labels.c:2:11:2:11 | VariableAddress indirection | Node should have one location but has 4. |
| break_labels.c:2:11:2:11 | VariableAddress indirection | Node should have one location but has 4. |
| allocators.cpp:14:5:14:8 | main | Node should have one location but has 4. |
| allocators.cpp:14:5:14:8 | main | Node should have one location but has 4. |
| allocators.cpp:14:5:14:8 | main indirection | Node should have one location but has 4. |
| allocators.cpp:14:5:14:8 | main indirection | Node should have one location but has 4. |
| break_labels.c:2:11:2:11 | i | Node should have one location but has 4. |
| break_labels.c:2:11:2:11 | i | Node should have one location but has 4. |
| break_labels.c:2:11:2:11 | i | Node should have one location but has 4. |
| break_labels.c:2:11:2:11 | i | Node should have one location but has 4. |
| break_labels.c:2:11:2:11 | i indirection | Node should have one location but has 4. |
| break_labels.c:2:11:2:11 | i indirection | Node should have one location but has 4. |
| break_labels.c:2:11:2:11 | x | Node should have one location but has 4. |
| break_labels.c:2:11:2:11 | x | Node should have one location but has 4. |
| break_labels.c:2:11:2:11 | x | Node should have one location but has 4. |
| break_labels.c:2:11:2:11 | x | Node should have one location but has 4. |
| break_labels.c:2:11:2:11 | x indirection | Node should have one location but has 4. |
| break_labels.c:2:11:2:11 | x indirection | Node should have one location but has 4. |
| constmemberaccess.cpp:3:7:3:7 | x | Node should have one location but has 2. |
| constructorinitializer.cpp:3:9:3:9 | i | Node should have one location but has 2. |
| constructorinitializer.cpp:3:9:3:9 | x | Node should have one location but has 2. |
| constructorinitializer.cpp:3:16:3:16 | j | Node should have one location but has 2. |
| constructorinitializer.cpp:3:16:3:16 | y | Node should have one location but has 2. |
| duff.c:2:12:2:12 | Address | Node should have one location but has 4. |
| duff.c:2:12:2:12 | VariableAddress | Node should have one location but has 4. |
| duff.c:2:12:2:12 | VariableAddress indirection | Node should have one location but has 4. |
| duff.c:2:12:2:12 | VariableAddress indirection | Node should have one location but has 4. |
| duff.c:2:12:2:12 | i | Node should have one location but has 4. |
| duff.c:2:12:2:12 | i | Node should have one location but has 4. |
| duff.c:2:12:2:12 | i | Node should have one location but has 4. |
| duff.c:2:12:2:12 | i | Node should have one location but has 4. |
| duff.c:2:12:2:12 | i indirection | Node should have one location but has 4. |
| duff.c:2:12:2:12 | i indirection | Node should have one location but has 4. |
| duff.c:2:12:2:12 | x | Node should have one location but has 4. |
| duff.c:2:12:2:12 | x | Node should have one location but has 4. |
| duff.c:2:12:2:12 | x | Node should have one location but has 4. |
| duff.c:2:12:2:12 | x | Node should have one location but has 4. |
| duff.c:2:12:2:12 | x indirection | Node should have one location but has 4. |
| duff.c:2:12:2:12 | x indirection | Node should have one location but has 4. |
| fieldaccess.cpp:3:7:3:7 | x | Node should have one location but has 2. |
| file://:0:0:0:0 | (unnamed parameter 0) | Node should have one location but has 0. |
| file://:0:0:0:0 | (unnamed parameter 0) | Node should have one location but has 0. |
@@ -59,44 +67,44 @@ uniqueNodeLocation
| file://:0:0:0:0 | (unnamed parameter 2) | Node should have one location but has 0. |
| file://:0:0:0:0 | (unnamed parameter 2) | Node should have one location but has 0. |
| file://:0:0:0:0 | (unnamed parameter 2) | Node should have one location but has 0. |
| file://:0:0:0:0 | (unnamed parameter 2) | Node should have one location but has 0. |
| file://:0:0:0:0 | (unnamed parameter 2) | Node should have one location but has 0. |
| file://:0:0:0:0 | (unnamed parameter 2) | Node should have one location but has 0. |
| file://:0:0:0:0 | (unnamed parameter 2) | Node should have one location but has 0. |
| file://:0:0:0:0 | (unnamed parameter 2) | Node should have one location but has 0. |
| file://:0:0:0:0 | (unnamed parameter 2) indirection | Node should have one location but has 0. |
| file://:0:0:0:0 | (unnamed parameter 2) indirection | Node should have one location but has 0. |
| file://:0:0:0:0 | (unnamed parameter 2) indirection | Node should have one location but has 0. |
| file://:0:0:0:0 | (unnamed parameter 2) indirection | Node should have one location but has 0. |
| file://:0:0:0:0 | (unnamed parameter 2) indirection | Node should have one location but has 0. |
| file://:0:0:0:0 | (unnamed parameter 2) indirection | Node should have one location but has 0. |
| file://:0:0:0:0 | (unnamed parameter 2) indirection | Node should have one location but has 0. |
| file://:0:0:0:0 | (unnamed parameter 2) indirection | Node should have one location but has 0. |
| file://:0:0:0:0 | (unnamed parameter 3) | Node should have one location but has 0. |
| file://:0:0:0:0 | Address | Node should have one location but has 0. |
| file://:0:0:0:0 | Address | Node should have one location but has 0. |
| file://:0:0:0:0 | Address | Node should have one location but has 0. |
| file://:0:0:0:0 | Load | Node should have one location but has 0. |
| file://:0:0:0:0 | Load indirection | Node should have one location but has 0. |
| file://:0:0:0:0 | Load indirection | Node should have one location but has 0. |
| file://:0:0:0:0 | VariableAddress | Node should have one location but has 0. |
| file://:0:0:0:0 | VariableAddress indirection | Node should have one location but has 0. |
| file://:0:0:0:0 | VariableAddress indirection | Node should have one location but has 0. |
| file://:0:0:0:0 | VariableAddress indirection | Node should have one location but has 0. |
| file://:0:0:0:0 | VariableAddress indirection | Node should have one location but has 0. |
| file://:0:0:0:0 | VariableAddress indirection | Node should have one location but has 0. |
| ifelsestmt.c:37:17:37:17 | Address | Node should have one location but has 2. |
| ifelsestmt.c:37:17:37:17 | VariableAddress | Node should have one location but has 2. |
| ifelsestmt.c:37:17:37:17 | VariableAddress indirection | Node should have one location but has 2. |
| ifelsestmt.c:37:17:37:17 | VariableAddress indirection | Node should have one location but has 2. |
| ifelsestmt.c:37:17:37:17 | x | Node should have one location but has 2. |
| ifelsestmt.c:37:17:37:17 | x | Node should have one location but has 2. |
| ifelsestmt.c:37:24:37:24 | Address | Node should have one location but has 2. |
| ifelsestmt.c:37:24:37:24 | VariableAddress | Node should have one location but has 2. |
| ifelsestmt.c:37:24:37:24 | VariableAddress indirection | Node should have one location but has 2. |
| ifelsestmt.c:37:24:37:24 | VariableAddress indirection | Node should have one location but has 2. |
| ifelsestmt.c:37:17:37:17 | x | Node should have one location but has 2. |
| ifelsestmt.c:37:17:37:17 | x | Node should have one location but has 2. |
| ifelsestmt.c:37:17:37:17 | x indirection | Node should have one location but has 2. |
| ifelsestmt.c:37:17:37:17 | x indirection | Node should have one location but has 2. |
| ifelsestmt.c:37:24:37:24 | y | Node should have one location but has 2. |
| ifelsestmt.c:37:24:37:24 | y | Node should have one location but has 2. |
| ifstmt.c:27:17:27:17 | Address | Node should have one location but has 2. |
| ifstmt.c:27:17:27:17 | VariableAddress | Node should have one location but has 2. |
| ifstmt.c:27:17:27:17 | VariableAddress indirection | Node should have one location but has 2. |
| ifstmt.c:27:17:27:17 | VariableAddress indirection | Node should have one location but has 2. |
| ifelsestmt.c:37:24:37:24 | y | Node should have one location but has 2. |
| ifelsestmt.c:37:24:37:24 | y | Node should have one location but has 2. |
| ifelsestmt.c:37:24:37:24 | y indirection | Node should have one location but has 2. |
| ifelsestmt.c:37:24:37:24 | y indirection | Node should have one location but has 2. |
| ifstmt.c:27:17:27:17 | x | Node should have one location but has 2. |
| ifstmt.c:27:17:27:17 | x | Node should have one location but has 2. |
| ifstmt.c:27:24:27:24 | Address | Node should have one location but has 2. |
| ifstmt.c:27:24:27:24 | VariableAddress | Node should have one location but has 2. |
| ifstmt.c:27:24:27:24 | VariableAddress indirection | Node should have one location but has 2. |
| ifstmt.c:27:24:27:24 | VariableAddress indirection | Node should have one location but has 2. |
| ifstmt.c:27:17:27:17 | x | Node should have one location but has 2. |
| ifstmt.c:27:17:27:17 | x | Node should have one location but has 2. |
| ifstmt.c:27:17:27:17 | x indirection | Node should have one location but has 2. |
| ifstmt.c:27:17:27:17 | x indirection | Node should have one location but has 2. |
| ifstmt.c:27:24:27:24 | y | Node should have one location but has 2. |
| ifstmt.c:27:24:27:24 | y | Node should have one location but has 2. |
| ifstmt.c:27:24:27:24 | y | Node should have one location but has 2. |
| ifstmt.c:27:24:27:24 | y | Node should have one location but has 2. |
| ifstmt.c:27:24:27:24 | y indirection | Node should have one location but has 2. |
| ifstmt.c:27:24:27:24 | y indirection | Node should have one location but has 2. |
| membercallexpr_args.cpp:3:6:3:6 | d | Node should have one location but has 2. |
| membercallexpr_args.cpp:4:14:4:14 | x | Node should have one location but has 2. |
| membercallexpr_args.cpp:4:21:4:21 | y | Node should have one location but has 2. |
@@ -104,55 +112,93 @@ uniqueNodeLocation
| newexpr.cpp:3:9:3:9 | x | Node should have one location but has 2. |
| newexpr.cpp:3:16:3:16 | j | Node should have one location but has 2. |
| newexpr.cpp:3:16:3:16 | y | Node should have one location but has 2. |
| no_dynamic_init.cpp:9:5:9:8 | Address | Node should have one location but has 4. |
| no_dynamic_init.cpp:9:5:9:8 | Phi | Node should have one location but has 4. |
| no_dynamic_init.cpp:9:5:9:8 | VariableAddress | Node should have one location but has 4. |
| no_dynamic_init.cpp:9:5:9:8 | VariableAddress indirection | Node should have one location but has 4. |
| no_dynamic_init.cpp:9:5:9:8 | VariableAddress indirection | Node should have one location but has 4. |
| nodefaultswitchstmt.c:1:12:1:12 | Address | Node should have one location but has 4. |
| nodefaultswitchstmt.c:1:12:1:12 | VariableAddress | Node should have one location but has 4. |
| nodefaultswitchstmt.c:1:12:1:12 | VariableAddress indirection | Node should have one location but has 4. |
| nodefaultswitchstmt.c:1:12:1:12 | VariableAddress indirection | Node should have one location but has 4. |
| no_dynamic_init.cpp:9:5:9:8 | main | Node should have one location but has 4. |
| no_dynamic_init.cpp:9:5:9:8 | main | Node should have one location but has 4. |
| no_dynamic_init.cpp:9:5:9:8 | main indirection | Node should have one location but has 4. |
| no_dynamic_init.cpp:9:5:9:8 | main indirection | Node should have one location but has 4. |
| nodefaultswitchstmt.c:1:12:1:12 | i | Node should have one location but has 4. |
| nodefaultswitchstmt.c:1:12:1:12 | i | Node should have one location but has 4. |
| nodefaultswitchstmt.c:1:12:1:12 | i | Node should have one location but has 4. |
| nodefaultswitchstmt.c:1:12:1:12 | i | Node should have one location but has 4. |
| nodefaultswitchstmt.c:1:12:1:12 | i indirection | Node should have one location but has 4. |
| nodefaultswitchstmt.c:1:12:1:12 | i indirection | Node should have one location but has 4. |
| nodefaultswitchstmt.c:1:12:1:12 | x | Node should have one location but has 4. |
| nodefaultswitchstmt.c:1:12:1:12 | x | Node should have one location but has 4. |
| parameterinitializer.cpp:18:5:18:8 | Address | Node should have one location but has 4. |
| nodefaultswitchstmt.c:1:12:1:12 | x | Node should have one location but has 4. |
| nodefaultswitchstmt.c:1:12:1:12 | x | Node should have one location but has 4. |
| nodefaultswitchstmt.c:1:12:1:12 | x indirection | Node should have one location but has 4. |
| nodefaultswitchstmt.c:1:12:1:12 | x indirection | Node should have one location but has 4. |
| parameterinitializer.cpp:18:5:18:8 | Phi | Node should have one location but has 4. |
| parameterinitializer.cpp:18:5:18:8 | VariableAddress | Node should have one location but has 4. |
| parameterinitializer.cpp:18:5:18:8 | VariableAddress indirection | Node should have one location but has 4. |
| parameterinitializer.cpp:18:5:18:8 | VariableAddress indirection | Node should have one location but has 4. |
| parameterinitializer.cpp:18:5:18:8 | main | Node should have one location but has 4. |
| parameterinitializer.cpp:18:5:18:8 | main | Node should have one location but has 4. |
| parameterinitializer.cpp:18:5:18:8 | main indirection | Node should have one location but has 4. |
| parameterinitializer.cpp:18:5:18:8 | main indirection | Node should have one location but has 4. |
| staticmembercallexpr_args.cpp:3:6:3:6 | d | Node should have one location but has 2. |
| staticmembercallexpr_args.cpp:4:21:4:21 | x | Node should have one location but has 2. |
| staticmembercallexpr_args.cpp:4:28:4:28 | y | Node should have one location but has 2. |
| stream_it.cpp:16:5:16:8 | Address | Node should have one location but has 4. |
| stream_it.cpp:16:5:16:8 | Phi | Node should have one location but has 4. |
| stream_it.cpp:16:5:16:8 | VariableAddress | Node should have one location but has 4. |
| stream_it.cpp:16:5:16:8 | VariableAddress indirection | Node should have one location but has 4. |
| stream_it.cpp:16:5:16:8 | VariableAddress indirection | Node should have one location but has 4. |
| switchstmt.c:1:12:1:12 | Address | Node should have one location but has 4. |
| switchstmt.c:1:12:1:12 | VariableAddress | Node should have one location but has 4. |
| switchstmt.c:1:12:1:12 | VariableAddress indirection | Node should have one location but has 4. |
| switchstmt.c:1:12:1:12 | VariableAddress indirection | Node should have one location but has 4. |
| stream_it.cpp:16:5:16:8 | main | Node should have one location but has 4. |
| stream_it.cpp:16:5:16:8 | main | Node should have one location but has 4. |
| stream_it.cpp:16:5:16:8 | main indirection | Node should have one location but has 4. |
| stream_it.cpp:16:5:16:8 | main indirection | Node should have one location but has 4. |
| switchstmt.c:1:12:1:12 | i | Node should have one location but has 4. |
| switchstmt.c:1:12:1:12 | i | Node should have one location but has 4. |
| switchstmt.c:1:12:1:12 | i | Node should have one location but has 4. |
| switchstmt.c:1:12:1:12 | i | Node should have one location but has 4. |
| switchstmt.c:1:12:1:12 | i indirection | Node should have one location but has 4. |
| switchstmt.c:1:12:1:12 | i indirection | Node should have one location but has 4. |
| switchstmt.c:1:12:1:12 | x | Node should have one location but has 4. |
| switchstmt.c:1:12:1:12 | x | Node should have one location but has 4. |
| switchstmt.c:1:12:1:12 | x | Node should have one location but has 4. |
| switchstmt.c:1:12:1:12 | x | Node should have one location but has 4. |
| switchstmt.c:1:12:1:12 | x indirection | Node should have one location but has 4. |
| switchstmt.c:1:12:1:12 | x indirection | Node should have one location but has 4. |
missingLocation
| Nodes without location: 37 |
uniqueNodeToString
| break_labels.c:2:11:2:11 | i | Node should have one toString but has 2. |
| break_labels.c:2:11:2:11 | i | Node should have one toString but has 2. |
| break_labels.c:2:11:2:11 | i | Node should have one toString but has 2. |
| break_labels.c:2:11:2:11 | i | Node should have one toString but has 2. |
| break_labels.c:2:11:2:11 | i indirection | Node should have one toString but has 2. |
| break_labels.c:2:11:2:11 | i indirection | Node should have one toString but has 2. |
| break_labels.c:2:11:2:11 | x | Node should have one toString but has 2. |
| break_labels.c:2:11:2:11 | x | Node should have one toString but has 2. |
| break_labels.c:2:11:2:11 | x | Node should have one toString but has 2. |
| break_labels.c:2:11:2:11 | x | Node should have one toString but has 2. |
| break_labels.c:2:11:2:11 | x indirection | Node should have one toString but has 2. |
| break_labels.c:2:11:2:11 | x indirection | Node should have one toString but has 2. |
| break_labels.c:4:9:4:9 | i | Node should have one toString but has 2. |
| break_labels.c:4:9:4:9 | i | Node should have one toString but has 2. |
| break_labels.c:4:9:4:9 | i | Node should have one toString but has 2. |
| break_labels.c:4:9:4:9 | i | Node should have one toString but has 2. |
| break_labels.c:4:9:4:9 | x | Node should have one toString but has 2. |
| break_labels.c:4:9:4:9 | x | Node should have one toString but has 2. |
| break_labels.c:4:9:4:9 | x | Node should have one toString but has 2. |
| break_labels.c:4:9:4:9 | x | Node should have one toString but has 2. |
| break_labels.c:6:16:6:16 | i | Node should have one toString but has 2. |
| break_labels.c:6:16:6:16 | i | Node should have one toString but has 2. |
| break_labels.c:6:16:6:16 | i | Node should have one toString but has 2. |
| break_labels.c:6:16:6:16 | i | Node should have one toString but has 2. |
| break_labels.c:6:16:6:16 | x | Node should have one toString but has 2. |
| break_labels.c:6:16:6:16 | x | Node should have one toString but has 2. |
| break_labels.c:6:16:6:16 | x | Node should have one toString but has 2. |
| break_labels.c:6:16:6:16 | x | Node should have one toString but has 2. |
| break_labels.c:7:17:7:17 | i | Node should have one toString but has 2. |
| break_labels.c:7:17:7:17 | i | Node should have one toString but has 2. |
| break_labels.c:7:17:7:17 | i | Node should have one toString but has 2. |
| break_labels.c:7:17:7:17 | i | Node should have one toString but has 2. |
| break_labels.c:7:17:7:17 | i | Node should have one toString but has 2. |
| break_labels.c:7:17:7:17 | i | Node should have one toString but has 2. |
| break_labels.c:7:17:7:17 | i indirection | Node should have one toString but has 2. |
| break_labels.c:7:17:7:17 | i indirection | Node should have one toString but has 2. |
| break_labels.c:7:17:7:17 | x | Node should have one toString but has 2. |
| break_labels.c:7:17:7:17 | x | Node should have one toString but has 2. |
| break_labels.c:7:17:7:17 | x | Node should have one toString but has 2. |
| break_labels.c:7:17:7:17 | x | Node should have one toString but has 2. |
| break_labels.c:7:17:7:17 | x | Node should have one toString but has 2. |
| break_labels.c:7:17:7:17 | x | Node should have one toString but has 2. |
| break_labels.c:7:17:7:17 | x indirection | Node should have one toString but has 2. |
| break_labels.c:7:17:7:17 | x indirection | Node should have one toString but has 2. |
| constructorinitializer.cpp:3:9:3:9 | i | Node should have one toString but has 2. |
@@ -161,11 +207,31 @@ uniqueNodeToString
| constructorinitializer.cpp:3:16:3:16 | y | Node should have one toString but has 2. |
| duff.c:2:12:2:12 | i | Node should have one toString but has 2. |
| duff.c:2:12:2:12 | i | Node should have one toString but has 2. |
| duff.c:2:12:2:12 | i | Node should have one toString but has 2. |
| duff.c:2:12:2:12 | i | Node should have one toString but has 2. |
| duff.c:2:12:2:12 | i indirection | Node should have one toString but has 2. |
| duff.c:2:12:2:12 | i indirection | Node should have one toString but has 2. |
| duff.c:2:12:2:12 | x | Node should have one toString but has 2. |
| duff.c:2:12:2:12 | x | Node should have one toString but has 2. |
| duff.c:2:12:2:12 | x | Node should have one toString but has 2. |
| duff.c:2:12:2:12 | x | Node should have one toString but has 2. |
| duff.c:2:12:2:12 | x indirection | Node should have one toString but has 2. |
| duff.c:2:12:2:12 | x indirection | Node should have one toString but has 2. |
| duff.c:3:14:3:14 | i | Node should have one toString but has 2. |
| duff.c:3:14:3:14 | i | Node should have one toString but has 2. |
| duff.c:3:14:3:14 | i | Node should have one toString but has 2. |
| duff.c:3:14:3:14 | i | Node should have one toString but has 2. |
| duff.c:3:14:3:14 | x | Node should have one toString but has 2. |
| duff.c:3:14:3:14 | x | Node should have one toString but has 2. |
| duff.c:3:14:3:14 | x | Node should have one toString but has 2. |
| duff.c:3:14:3:14 | x | Node should have one toString but has 2. |
| duff.c:4:13:4:13 | i | Node should have one toString but has 2. |
| duff.c:4:13:4:13 | i | Node should have one toString but has 2. |
| duff.c:4:13:4:13 | i | Node should have one toString but has 2. |
| duff.c:4:13:4:13 | i | Node should have one toString but has 2. |
| duff.c:4:13:4:13 | x | Node should have one toString but has 2. |
| duff.c:4:13:4:13 | x | Node should have one toString but has 2. |
| duff.c:4:13:4:13 | x | Node should have one toString but has 2. |
| duff.c:4:13:4:13 | x | Node should have one toString but has 2. |
| newexpr.cpp:3:9:3:9 | i | Node should have one toString but has 2. |
| newexpr.cpp:3:9:3:9 | x | Node should have one toString but has 2. |
@@ -173,15 +239,43 @@ uniqueNodeToString
| newexpr.cpp:3:16:3:16 | y | Node should have one toString but has 2. |
| nodefaultswitchstmt.c:1:12:1:12 | i | Node should have one toString but has 2. |
| nodefaultswitchstmt.c:1:12:1:12 | i | Node should have one toString but has 2. |
| nodefaultswitchstmt.c:1:12:1:12 | i | Node should have one toString but has 2. |
| nodefaultswitchstmt.c:1:12:1:12 | i | Node should have one toString but has 2. |
| nodefaultswitchstmt.c:1:12:1:12 | i indirection | Node should have one toString but has 2. |
| nodefaultswitchstmt.c:1:12:1:12 | i indirection | Node should have one toString but has 2. |
| nodefaultswitchstmt.c:1:12:1:12 | x | Node should have one toString but has 2. |
| nodefaultswitchstmt.c:1:12:1:12 | x | Node should have one toString but has 2. |
| nodefaultswitchstmt.c:1:12:1:12 | x | Node should have one toString but has 2. |
| nodefaultswitchstmt.c:1:12:1:12 | x | Node should have one toString but has 2. |
| nodefaultswitchstmt.c:1:12:1:12 | x indirection | Node should have one toString but has 2. |
| nodefaultswitchstmt.c:1:12:1:12 | x indirection | Node should have one toString but has 2. |
| nodefaultswitchstmt.c:2:14:2:14 | i | Node should have one toString but has 2. |
| nodefaultswitchstmt.c:2:14:2:14 | i | Node should have one toString but has 2. |
| nodefaultswitchstmt.c:2:14:2:14 | i | Node should have one toString but has 2. |
| nodefaultswitchstmt.c:2:14:2:14 | i | Node should have one toString but has 2. |
| nodefaultswitchstmt.c:2:14:2:14 | x | Node should have one toString but has 2. |
| nodefaultswitchstmt.c:2:14:2:14 | x | Node should have one toString but has 2. |
| nodefaultswitchstmt.c:2:14:2:14 | x | Node should have one toString but has 2. |
| nodefaultswitchstmt.c:2:14:2:14 | x | Node should have one toString but has 2. |
| switchstmt.c:1:12:1:12 | i | Node should have one toString but has 2. |
| switchstmt.c:1:12:1:12 | i | Node should have one toString but has 2. |
| switchstmt.c:1:12:1:12 | i | Node should have one toString but has 2. |
| switchstmt.c:1:12:1:12 | i | Node should have one toString but has 2. |
| switchstmt.c:1:12:1:12 | i indirection | Node should have one toString but has 2. |
| switchstmt.c:1:12:1:12 | i indirection | Node should have one toString but has 2. |
| switchstmt.c:1:12:1:12 | x | Node should have one toString but has 2. |
| switchstmt.c:1:12:1:12 | x | Node should have one toString but has 2. |
| switchstmt.c:1:12:1:12 | x | Node should have one toString but has 2. |
| switchstmt.c:1:12:1:12 | x | Node should have one toString but has 2. |
| switchstmt.c:1:12:1:12 | x indirection | Node should have one toString but has 2. |
| switchstmt.c:1:12:1:12 | x indirection | Node should have one toString but has 2. |
| switchstmt.c:2:14:2:14 | i | Node should have one toString but has 2. |
| switchstmt.c:2:14:2:14 | i | Node should have one toString but has 2. |
| switchstmt.c:2:14:2:14 | i | Node should have one toString but has 2. |
| switchstmt.c:2:14:2:14 | i | Node should have one toString but has 2. |
| switchstmt.c:2:14:2:14 | x | Node should have one toString but has 2. |
| switchstmt.c:2:14:2:14 | x | Node should have one toString but has 2. |
| switchstmt.c:2:14:2:14 | x | Node should have one toString but has 2. |
| switchstmt.c:2:14:2:14 | x | Node should have one toString but has 2. |
missingToString
parameterCallable
@@ -201,11 +295,11 @@ postHasUniquePre
uniquePostUpdate
| cpp11.cpp:82:17:82:17 | this indirection | Node has multiple PostUpdateNodes. |
| cpp11.cpp:82:17:82:55 | [...](...){...} indirection | Node has multiple PostUpdateNodes. |
| ir.cpp:514:10:514:11 | VariableAddress indirection | Node has multiple PostUpdateNodes. |
| ir.cpp:515:10:515:11 | VariableAddress indirection | Node has multiple PostUpdateNodes. |
| ir.cpp:515:10:515:11 | VariableAddress indirection | Node has multiple PostUpdateNodes. |
| ir.cpp:516:10:516:11 | VariableAddress indirection | Node has multiple PostUpdateNodes. |
| ir.cpp:516:10:516:11 | VariableAddress indirection | Node has multiple PostUpdateNodes. |
| ir.cpp:514:10:514:11 | definition of r2 indirection | Node has multiple PostUpdateNodes. |
| ir.cpp:515:10:515:11 | definition of r3 indirection | Node has multiple PostUpdateNodes. |
| ir.cpp:515:10:515:11 | definition of r3 indirection | Node has multiple PostUpdateNodes. |
| ir.cpp:516:10:516:11 | definition of r4 indirection | Node has multiple PostUpdateNodes. |
| ir.cpp:516:10:516:11 | definition of r4 indirection | Node has multiple PostUpdateNodes. |
| ir.cpp:658:5:658:5 | this indirection | Node has multiple PostUpdateNodes. |
| ir.cpp:658:5:658:5 | this indirection | Node has multiple PostUpdateNodes. |
| ir.cpp:745:8:745:8 | this indirection | Node has multiple PostUpdateNodes. |

6
cpp/ql/test/query-tests/Security/CWE/CWE-022/SAMATE/TaintedPath/TaintedPath.expected
View File

@@ -1,8 +1,8 @@
edges
| CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:55:27:55:38 | fgets output argument | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | Convert indirection |
| CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:55:27:55:38 | fgets output argument | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | (const char *)... indirection |
nodes
| CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:55:27:55:38 | fgets output argument | semmle.label | fgets output argument |
| CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | Convert indirection | semmle.label | Convert indirection |
| CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | (const char *)... indirection | semmle.label | (const char *)... indirection |
subpaths
#select
| CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | data | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:55:27:55:38 | fgets output argument | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | Convert indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:55:27:55:38 | fgets output argument | user input (string read by fgets) |
| CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | data | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:55:27:55:38 | fgets output argument | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | (const char *)... indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:55:27:55:38 | fgets output argument | user input (string read by fgets) |

36
cpp/ql/test/query-tests/Security/CWE/CWE-022/semmle/tests/TaintedPath.expected
View File

@@ -1,32 +1,32 @@
edges
| test.c:8:27:8:30 | argv | test.c:17:11:17:18 | Convert indirection |
| test.c:8:27:8:30 | argv indirection | test.c:17:11:17:18 | Convert indirection |
| test.c:8:27:8:30 | argv indirection | test.c:17:11:17:18 | Convert indirection |
| test.c:8:27:8:30 | argv indirection | test.c:32:11:32:18 | Convert indirection |
| test.c:8:27:8:30 | argv indirection | test.c:32:11:32:18 | Convert indirection |
| test.c:8:27:8:30 | argv | test.c:17:11:17:18 | (const char *)... indirection |
| test.c:8:27:8:30 | argv indirection | test.c:17:11:17:18 | (const char *)... indirection |
| test.c:8:27:8:30 | argv indirection | test.c:17:11:17:18 | (const char *)... indirection |
| test.c:8:27:8:30 | argv indirection | test.c:32:11:32:18 | (const char *)... indirection |
| test.c:8:27:8:30 | argv indirection | test.c:32:11:32:18 | (const char *)... indirection |
| test.c:8:27:8:30 | argv indirection | test.c:57:10:57:16 | access to array indirection |
| test.c:8:27:8:30 | argv indirection | test.c:57:10:57:16 | access to array indirection |
| test.c:37:17:37:24 | scanf output argument | test.c:38:11:38:18 | Convert indirection |
| test.c:43:17:43:24 | scanf output argument | test.c:44:11:44:18 | Convert indirection |
| test.c:37:17:37:24 | scanf output argument | test.c:38:11:38:18 | (const char *)... indirection |
| test.c:43:17:43:24 | scanf output argument | test.c:44:11:44:18 | (const char *)... indirection |
nodes
| test.c:8:27:8:30 | argv | semmle.label | argv |
| test.c:8:27:8:30 | argv indirection | semmle.label | argv indirection |
| test.c:8:27:8:30 | argv indirection | semmle.label | argv indirection |
| test.c:17:11:17:18 | Convert indirection | semmle.label | Convert indirection |
| test.c:32:11:32:18 | Convert indirection | semmle.label | Convert indirection |
| test.c:17:11:17:18 | (const char *)... indirection | semmle.label | (const char *)... indirection |
| test.c:32:11:32:18 | (const char *)... indirection | semmle.label | (const char *)... indirection |
| test.c:37:17:37:24 | scanf output argument | semmle.label | scanf output argument |
| test.c:38:11:38:18 | Convert indirection | semmle.label | Convert indirection |
| test.c:38:11:38:18 | (const char *)... indirection | semmle.label | (const char *)... indirection |
| test.c:43:17:43:24 | scanf output argument | semmle.label | scanf output argument |
| test.c:44:11:44:18 | Convert indirection | semmle.label | Convert indirection |
| test.c:44:11:44:18 | (const char *)... indirection | semmle.label | (const char *)... indirection |
| test.c:57:10:57:16 | access to array indirection | semmle.label | access to array indirection |
subpaths
#select
| test.c:17:11:17:18 | fileName | test.c:8:27:8:30 | argv | test.c:17:11:17:18 | Convert indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:8:27:8:30 | argv | user input (a command-line argument) |
| test.c:17:11:17:18 | fileName | test.c:8:27:8:30 | argv indirection | test.c:17:11:17:18 | Convert indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:8:27:8:30 | argv indirection | user input (a command-line argument) |
| test.c:17:11:17:18 | fileName | test.c:8:27:8:30 | argv indirection | test.c:17:11:17:18 | Convert indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:8:27:8:30 | argv indirection | user input (a command-line argument) |
| test.c:32:11:32:18 | fileName | test.c:8:27:8:30 | argv indirection | test.c:32:11:32:18 | Convert indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:8:27:8:30 | argv indirection | user input (a command-line argument) |
| test.c:32:11:32:18 | fileName | test.c:8:27:8:30 | argv indirection | test.c:32:11:32:18 | Convert indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:8:27:8:30 | argv indirection | user input (a command-line argument) |
| test.c:38:11:38:18 | fileName | test.c:37:17:37:24 | scanf output argument | test.c:38:11:38:18 | Convert indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:37:17:37:24 | scanf output argument | user input (value read by scanf) |
| test.c:44:11:44:18 | fileName | test.c:43:17:43:24 | scanf output argument | test.c:44:11:44:18 | Convert indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:43:17:43:24 | scanf output argument | user input (value read by scanf) |
| test.c:17:11:17:18 | fileName | test.c:8:27:8:30 | argv | test.c:17:11:17:18 | (const char *)... indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:8:27:8:30 | argv | user input (a command-line argument) |
| test.c:17:11:17:18 | fileName | test.c:8:27:8:30 | argv indirection | test.c:17:11:17:18 | (const char *)... indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:8:27:8:30 | argv indirection | user input (a command-line argument) |
| test.c:17:11:17:18 | fileName | test.c:8:27:8:30 | argv indirection | test.c:17:11:17:18 | (const char *)... indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:8:27:8:30 | argv indirection | user input (a command-line argument) |
| test.c:32:11:32:18 | fileName | test.c:8:27:8:30 | argv indirection | test.c:32:11:32:18 | (const char *)... indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:8:27:8:30 | argv indirection | user input (a command-line argument) |
| test.c:32:11:32:18 | fileName | test.c:8:27:8:30 | argv indirection | test.c:32:11:32:18 | (const char *)... indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:8:27:8:30 | argv indirection | user input (a command-line argument) |
| test.c:38:11:38:18 | fileName | test.c:37:17:37:24 | scanf output argument | test.c:38:11:38:18 | (const char *)... indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:37:17:37:24 | scanf output argument | user input (value read by scanf) |
| test.c:44:11:44:18 | fileName | test.c:43:17:43:24 | scanf output argument | test.c:44:11:44:18 | (const char *)... indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:43:17:43:24 | scanf output argument | user input (value read by scanf) |
| test.c:57:10:57:16 | access to array | test.c:8:27:8:30 | argv indirection | test.c:57:10:57:16 | access to array indirection | This argument to a file access function is derived from $@ and then passed to read(fileName), which calls fopen(filename). | test.c:8:27:8:30 | argv indirection | user input (a command-line argument) |
| test.c:57:10:57:16 | access to array | test.c:8:27:8:30 | argv indirection | test.c:57:10:57:16 | access to array indirection | This argument to a file access function is derived from $@ and then passed to read(fileName), which calls fopen(filename). | test.c:8:27:8:30 | argv indirection | user input (a command-line argument) |

18
cpp/ql/test/query-tests/Security/CWE/CWE-078/SAMATE/ExecTainted/ExecTainted.expected
View File

@@ -1,16 +1,16 @@
edges
| tests.cpp:26:15:26:23 | VariableAddress indirection | tests.cpp:51:12:51:20 | call to badSource indirection |
| tests.cpp:33:34:33:39 | call to getenv indirection | tests.cpp:38:39:38:49 | Convert indirection |
| tests.cpp:38:25:38:36 | strncat output argument | tests.cpp:26:15:26:23 | VariableAddress indirection |
| tests.cpp:38:39:38:49 | Convert indirection | tests.cpp:38:25:38:36 | strncat output argument |
| tests.cpp:51:12:51:20 | call to badSource indirection | tests.cpp:53:16:53:19 | Convert indirection |
| tests.cpp:26:15:26:23 | badSource indirection | tests.cpp:51:12:51:20 | call to badSource indirection |
| tests.cpp:33:34:33:39 | call to getenv indirection | tests.cpp:38:39:38:49 | (const char *)... indirection |
| tests.cpp:38:25:38:36 | strncat output argument | tests.cpp:26:15:26:23 | badSource indirection |
| tests.cpp:38:39:38:49 | (const char *)... indirection | tests.cpp:38:25:38:36 | strncat output argument |
| tests.cpp:51:12:51:20 | call to badSource indirection | tests.cpp:53:16:53:19 | (const char *)... indirection |
nodes
| tests.cpp:26:15:26:23 | VariableAddress indirection | semmle.label | VariableAddress indirection |
| tests.cpp:26:15:26:23 | badSource indirection | semmle.label | badSource indirection |
| tests.cpp:33:34:33:39 | call to getenv indirection | semmle.label | call to getenv indirection |
| tests.cpp:38:25:38:36 | strncat output argument | semmle.label | strncat output argument |
| tests.cpp:38:39:38:49 | Convert indirection | semmle.label | Convert indirection |
| tests.cpp:38:39:38:49 | (const char *)... indirection | semmle.label | (const char *)... indirection |
| tests.cpp:51:12:51:20 | call to badSource indirection | semmle.label | call to badSource indirection |
| tests.cpp:53:16:53:19 | Convert indirection | semmle.label | Convert indirection |
| tests.cpp:53:16:53:19 | (const char *)... indirection | semmle.label | (const char *)... indirection |
subpaths
#select
| tests.cpp:53:16:53:19 | data | tests.cpp:33:34:33:39 | call to getenv indirection | tests.cpp:53:16:53:19 | Convert indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | tests.cpp:33:34:33:39 | call to getenv indirection | user input (an environment variable) | tests.cpp:38:25:38:36 | strncat output argument | strncat output argument |
| tests.cpp:53:16:53:19 | data | tests.cpp:33:34:33:39 | call to getenv indirection | tests.cpp:53:16:53:19 | (const char *)... indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | tests.cpp:33:34:33:39 | call to getenv indirection | user input (an environment variable) | tests.cpp:38:25:38:36 | strncat output argument | strncat output argument |

282
cpp/ql/test/query-tests/Security/CWE/CWE-078/semmle/ExecTainted/ExecTainted.expected
View File

@@ -1,81 +1,81 @@
edges
| test.cpp:15:27:15:30 | argv indirection | test.cpp:22:45:22:52 | Load indirection |
| test.cpp:15:27:15:30 | argv indirection | test.cpp:22:45:22:52 | Load indirection |
| test.cpp:22:13:22:20 | sprintf output argument | test.cpp:23:12:23:19 | Convert indirection |
| test.cpp:22:45:22:52 | Load indirection | test.cpp:22:13:22:20 | sprintf output argument |
| test.cpp:47:21:47:26 | call to getenv indirection | test.cpp:50:35:50:43 | Load indirection |
| test.cpp:50:11:50:17 | sprintf output argument | test.cpp:51:10:51:16 | Convert indirection |
| test.cpp:50:35:50:43 | Load indirection | test.cpp:50:11:50:17 | sprintf output argument |
| test.cpp:62:9:62:16 | fread output argument | test.cpp:64:20:64:27 | Convert indirection |
| test.cpp:64:11:64:17 | strncat output argument | test.cpp:65:10:65:16 | Convert indirection |
| test.cpp:64:20:64:27 | Convert indirection | test.cpp:64:11:64:17 | strncat output argument |
| test.cpp:82:9:82:16 | fread output argument | test.cpp:84:20:84:27 | Convert indirection |
| test.cpp:84:11:84:17 | strncat output argument | test.cpp:85:32:85:38 | Convert indirection |
| test.cpp:84:20:84:27 | Convert indirection | test.cpp:84:11:84:17 | strncat output argument |
| test.cpp:91:9:91:16 | fread output argument | test.cpp:93:17:93:24 | Convert indirection |
| test.cpp:93:11:93:14 | strncat output argument | test.cpp:94:45:94:48 | Convert indirection |
| test.cpp:93:17:93:24 | Convert indirection | test.cpp:93:11:93:14 | strncat output argument |
| test.cpp:106:20:106:25 | Call | test.cpp:107:33:107:36 | CopyValue indirection |
| test.cpp:106:20:106:38 | call to getenv indirection | test.cpp:107:33:107:36 | CopyValue indirection |
| test.cpp:107:31:107:31 | Call | test.cpp:108:18:108:22 | call to c_str indirection |
| test.cpp:107:33:107:36 | CopyValue indirection | test.cpp:107:31:107:31 | Call |
| test.cpp:113:20:113:25 | Call | test.cpp:114:19:114:22 | CopyValue indirection |
| test.cpp:113:20:113:38 | call to getenv indirection | test.cpp:114:19:114:22 | CopyValue indirection |
| test.cpp:114:10:114:23 | Convert | test.cpp:114:25:114:29 | call to c_str indirection |
| test.cpp:15:27:15:30 | argv indirection | test.cpp:22:45:22:52 | userName indirection |
| test.cpp:15:27:15:30 | argv indirection | test.cpp:22:45:22:52 | userName indirection |
| test.cpp:22:13:22:20 | sprintf output argument | test.cpp:23:12:23:19 | (const char *)... indirection |
| test.cpp:22:45:22:52 | userName indirection | test.cpp:22:13:22:20 | sprintf output argument |
| test.cpp:47:21:47:26 | call to getenv indirection | test.cpp:50:35:50:43 | envCflags indirection |
| test.cpp:50:11:50:17 | sprintf output argument | test.cpp:51:10:51:16 | (const char *)... indirection |
| test.cpp:50:35:50:43 | envCflags indirection | test.cpp:50:11:50:17 | sprintf output argument |
| test.cpp:62:9:62:16 | fread output argument | test.cpp:64:20:64:27 | (const char *)... indirection |
| test.cpp:64:11:64:17 | strncat output argument | test.cpp:65:10:65:16 | (const char *)... indirection |
| test.cpp:64:20:64:27 | (const char *)... indirection | test.cpp:64:11:64:17 | strncat output argument |
| test.cpp:82:9:82:16 | fread output argument | test.cpp:84:20:84:27 | (const char *)... indirection |
| test.cpp:84:11:84:17 | strncat output argument | test.cpp:85:32:85:38 | array to pointer conversion indirection |
| test.cpp:84:20:84:27 | (const char *)... indirection | test.cpp:84:11:84:17 | strncat output argument |
| test.cpp:91:9:91:16 | fread output argument | test.cpp:93:17:93:24 | (const char *)... indirection |
| test.cpp:93:11:93:14 | strncat output argument | test.cpp:94:45:94:48 | array to pointer conversion indirection |
| test.cpp:93:17:93:24 | (const char *)... indirection | test.cpp:93:11:93:14 | strncat output argument |
| test.cpp:106:20:106:25 | call to getenv | test.cpp:107:33:107:36 | (reference to) indirection |
| test.cpp:106:20:106:38 | call to getenv indirection | test.cpp:107:33:107:36 | (reference to) indirection |
| test.cpp:107:31:107:31 | call to operator+ | test.cpp:108:18:108:22 | call to c_str indirection |
| test.cpp:107:33:107:36 | (reference to) indirection | test.cpp:107:31:107:31 | call to operator+ |
| test.cpp:113:20:113:25 | call to getenv | test.cpp:114:19:114:22 | (reference to) indirection |
| test.cpp:113:20:113:38 | call to getenv indirection | test.cpp:114:19:114:22 | (reference to) indirection |
| test.cpp:114:10:114:23 | (const basic_string<char, char_traits<char>, allocator<char>>)... | test.cpp:114:25:114:29 | call to c_str indirection |
| test.cpp:114:17:114:17 | call to operator+ | test.cpp:114:25:114:29 | call to c_str indirection |
| test.cpp:114:19:114:22 | CopyValue indirection | test.cpp:114:10:114:23 | Convert |
| test.cpp:114:19:114:22 | CopyValue indirection | test.cpp:114:17:114:17 | call to operator+ |
| test.cpp:119:20:119:25 | Call | test.cpp:120:19:120:22 | CopyValue indirection |
| test.cpp:119:20:119:38 | call to getenv indirection | test.cpp:120:19:120:22 | CopyValue indirection |
| test.cpp:114:19:114:22 | (reference to) indirection | test.cpp:114:10:114:23 | (const basic_string<char, char_traits<char>, allocator<char>>)... |
| test.cpp:114:19:114:22 | (reference to) indirection | test.cpp:114:17:114:17 | call to operator+ |
| test.cpp:119:20:119:25 | call to getenv | test.cpp:120:19:120:22 | (reference to) indirection |
| test.cpp:119:20:119:38 | call to getenv indirection | test.cpp:120:19:120:22 | (reference to) indirection |
| test.cpp:120:17:120:17 | call to operator+ | test.cpp:120:10:120:30 | call to data indirection |
| test.cpp:120:19:120:22 | CopyValue indirection | test.cpp:120:17:120:17 | call to operator+ |
| test.cpp:140:9:140:11 | fread output argument | test.cpp:142:31:142:33 | Convert indirection |
| test.cpp:142:11:142:17 | sprintf output argument | test.cpp:143:10:143:16 | Convert indirection |
| test.cpp:142:31:142:33 | Convert indirection | test.cpp:142:11:142:17 | sprintf output argument |
| test.cpp:174:9:174:16 | fread output argument | test.cpp:177:20:177:27 | Convert indirection |
| test.cpp:174:9:174:16 | fread output argument | test.cpp:178:22:178:26 | Convert indirection |
| test.cpp:174:9:174:16 | fread output argument | test.cpp:180:22:180:29 | Convert indirection |
| test.cpp:177:13:177:17 | strncat output argument | test.cpp:183:32:183:38 | Convert indirection |
| test.cpp:177:20:177:27 | Convert indirection | test.cpp:177:13:177:17 | strncat output argument |
| test.cpp:178:13:178:19 | strncat output argument | test.cpp:183:32:183:38 | Convert indirection |
| test.cpp:178:22:178:26 | Convert indirection | test.cpp:178:13:178:19 | strncat output argument |
| test.cpp:180:13:180:19 | strncat output argument | test.cpp:183:32:183:38 | Convert indirection |
| test.cpp:180:22:180:29 | Convert indirection | test.cpp:180:13:180:19 | strncat output argument |
| test.cpp:120:19:120:22 | (reference to) indirection | test.cpp:120:17:120:17 | call to operator+ |
| test.cpp:140:9:140:11 | fread output argument | test.cpp:142:31:142:33 | array to pointer conversion indirection |
| test.cpp:142:11:142:17 | sprintf output argument | test.cpp:143:10:143:16 | (const char *)... indirection |
| test.cpp:142:31:142:33 | array to pointer conversion indirection | test.cpp:142:11:142:17 | sprintf output argument |
| test.cpp:174:9:174:16 | fread output argument | test.cpp:177:20:177:27 | (const char *)... indirection |
| test.cpp:174:9:174:16 | fread output argument | test.cpp:178:22:178:26 | (const char *)... indirection |
| test.cpp:174:9:174:16 | fread output argument | test.cpp:180:22:180:29 | (const char *)... indirection |
| test.cpp:177:13:177:17 | strncat output argument | test.cpp:183:32:183:38 | array to pointer conversion indirection |
| test.cpp:177:20:177:27 | (const char *)... indirection | test.cpp:177:13:177:17 | strncat output argument |
| test.cpp:178:13:178:19 | strncat output argument | test.cpp:183:32:183:38 | array to pointer conversion indirection |
| test.cpp:178:22:178:26 | (const char *)... indirection | test.cpp:178:13:178:19 | strncat output argument |
| test.cpp:180:13:180:19 | strncat output argument | test.cpp:183:32:183:38 | array to pointer conversion indirection |
| test.cpp:180:22:180:29 | (const char *)... indirection | test.cpp:180:13:180:19 | strncat output argument |
| test.cpp:186:34:186:38 | flags | test.cpp:187:11:187:15 | strncat output argument |
| test.cpp:186:34:186:38 | flags | test.cpp:187:11:187:15 | strncat output argument |
| test.cpp:186:34:186:38 | flags | test.cpp:188:11:188:17 | strncat output argument |
| test.cpp:186:34:186:38 | flags | test.cpp:188:20:188:24 | Convert indirection |
| test.cpp:186:34:186:38 | flags | test.cpp:188:20:188:24 | (const char *)... indirection |
| test.cpp:186:34:186:38 | flags indirection | test.cpp:187:11:187:15 | strncat output argument |
| test.cpp:186:34:186:38 | flags indirection | test.cpp:187:11:187:15 | strncat output argument |
| test.cpp:186:34:186:38 | flags indirection | test.cpp:188:11:188:17 | strncat output argument |
| test.cpp:186:34:186:38 | flags indirection | test.cpp:188:20:188:24 | Convert indirection |
| test.cpp:186:34:186:38 | flags indirection | test.cpp:188:20:188:24 | (const char *)... indirection |
| test.cpp:186:47:186:54 | filename | test.cpp:187:11:187:15 | strncat output argument |
| test.cpp:186:47:186:54 | filename | test.cpp:188:20:188:24 | Convert indirection |
| test.cpp:186:47:186:54 | filename | test.cpp:188:20:188:24 | (const char *)... indirection |
| test.cpp:186:47:186:54 | filename indirection | test.cpp:187:11:187:15 | strncat output argument |
| test.cpp:186:47:186:54 | filename indirection | test.cpp:187:18:187:25 | Convert indirection |
| test.cpp:186:47:186:54 | filename indirection | test.cpp:188:20:188:24 | Convert indirection |
| test.cpp:186:47:186:54 | filename indirection | test.cpp:187:18:187:25 | (const char *)... indirection |
| test.cpp:186:47:186:54 | filename indirection | test.cpp:188:20:188:24 | (const char *)... indirection |
| test.cpp:187:11:187:15 | strncat output argument | test.cpp:188:11:188:17 | strncat output argument |
| test.cpp:187:11:187:15 | strncat output argument | test.cpp:188:11:188:17 | strncat output argument |
| test.cpp:187:11:187:15 | strncat output argument | test.cpp:188:11:188:17 | strncat output argument |
| test.cpp:187:11:187:15 | strncat output argument | test.cpp:188:20:188:24 | Convert indirection |
| test.cpp:187:11:187:15 | strncat output argument | test.cpp:188:20:188:24 | Convert indirection |
| test.cpp:187:11:187:15 | strncat output argument | test.cpp:188:20:188:24 | Convert indirection |
| test.cpp:187:11:187:15 | strncat output argument | test.cpp:188:20:188:24 | Convert indirection |
| test.cpp:187:18:187:25 | Convert indirection | test.cpp:187:11:187:15 | strncat output argument |
| test.cpp:188:20:188:24 | Convert indirection | test.cpp:188:11:188:17 | strncat output argument |
| test.cpp:188:20:188:24 | Convert indirection | test.cpp:188:11:188:17 | strncat output argument |
| test.cpp:188:20:188:24 | Convert indirection | test.cpp:188:11:188:17 | strncat output argument |
| test.cpp:188:20:188:24 | Convert indirection | test.cpp:188:11:188:17 | strncat output argument |
| test.cpp:194:9:194:16 | fread output argument | test.cpp:196:26:196:33 | Convert indirection |
| test.cpp:187:11:187:15 | strncat output argument | test.cpp:188:20:188:24 | (const char *)... indirection |
| test.cpp:187:11:187:15 | strncat output argument | test.cpp:188:20:188:24 | (const char *)... indirection |
| test.cpp:187:11:187:15 | strncat output argument | test.cpp:188:20:188:24 | (const char *)... indirection |
| test.cpp:187:11:187:15 | strncat output argument | test.cpp:188:20:188:24 | (const char *)... indirection |
| test.cpp:187:18:187:25 | (const char *)... indirection | test.cpp:187:11:187:15 | strncat output argument |
| test.cpp:188:20:188:24 | (const char *)... indirection | test.cpp:188:11:188:17 | strncat output argument |
| test.cpp:188:20:188:24 | (const char *)... indirection | test.cpp:188:11:188:17 | strncat output argument |
| test.cpp:188:20:188:24 | (const char *)... indirection | test.cpp:188:11:188:17 | strncat output argument |
| test.cpp:188:20:188:24 | (const char *)... indirection | test.cpp:188:11:188:17 | strncat output argument |
| test.cpp:194:9:194:16 | fread output argument | test.cpp:196:26:196:33 | array to pointer conversion indirection |
| test.cpp:194:9:194:16 | fread output argument | test.cpp:196:26:196:33 | filename |
| test.cpp:196:10:196:16 | concat output argument | test.cpp:198:32:198:38 | Convert indirection |
| test.cpp:196:10:196:16 | concat output argument | test.cpp:198:32:198:38 | Convert indirection |
| test.cpp:196:19:196:23 | Convert indirection | test.cpp:186:34:186:38 | flags indirection |
| test.cpp:196:19:196:23 | Convert indirection | test.cpp:186:34:186:38 | flags indirection |
| test.cpp:196:19:196:23 | Convert indirection | test.cpp:196:10:196:16 | concat output argument |
| test.cpp:196:19:196:23 | Convert indirection | test.cpp:196:10:196:16 | concat output argument |
| test.cpp:196:19:196:23 | concat output argument | test.cpp:196:19:196:23 | Convert indirection |
| test.cpp:196:19:196:23 | concat output argument | test.cpp:196:19:196:23 | Convert indirection |
| test.cpp:196:10:196:16 | concat output argument | test.cpp:198:32:198:38 | array to pointer conversion indirection |
| test.cpp:196:10:196:16 | concat output argument | test.cpp:198:32:198:38 | array to pointer conversion indirection |
| test.cpp:196:19:196:23 | array to pointer conversion indirection | test.cpp:186:34:186:38 | flags indirection |
| test.cpp:196:19:196:23 | array to pointer conversion indirection | test.cpp:186:34:186:38 | flags indirection |
| test.cpp:196:19:196:23 | array to pointer conversion indirection | test.cpp:196:10:196:16 | concat output argument |
| test.cpp:196:19:196:23 | array to pointer conversion indirection | test.cpp:196:10:196:16 | concat output argument |
| test.cpp:196:19:196:23 | concat output argument | test.cpp:196:19:196:23 | array to pointer conversion indirection |
| test.cpp:196:19:196:23 | concat output argument | test.cpp:196:19:196:23 | array to pointer conversion indirection |
| test.cpp:196:19:196:23 | concat output argument | test.cpp:196:19:196:23 | flags |
| test.cpp:196:19:196:23 | concat output argument | test.cpp:196:19:196:23 | flags |
| test.cpp:196:19:196:23 | flags | test.cpp:186:34:186:38 | flags |
@@ -84,75 +84,75 @@ edges
| test.cpp:196:19:196:23 | flags | test.cpp:196:10:196:16 | concat output argument |
| test.cpp:196:19:196:23 | flags | test.cpp:196:19:196:23 | concat output argument |
| test.cpp:196:19:196:23 | flags | test.cpp:196:19:196:23 | concat output argument |
| test.cpp:196:26:196:33 | Convert indirection | test.cpp:186:47:186:54 | filename indirection |
| test.cpp:196:26:196:33 | Convert indirection | test.cpp:196:10:196:16 | concat output argument |
| test.cpp:196:26:196:33 | Convert indirection | test.cpp:196:10:196:16 | concat output argument |
| test.cpp:196:26:196:33 | Convert indirection | test.cpp:196:19:196:23 | concat output argument |
| test.cpp:196:26:196:33 | Convert indirection | test.cpp:196:19:196:23 | concat output argument |
| test.cpp:196:26:196:33 | array to pointer conversion indirection | test.cpp:186:47:186:54 | filename indirection |
| test.cpp:196:26:196:33 | array to pointer conversion indirection | test.cpp:196:10:196:16 | concat output argument |
| test.cpp:196:26:196:33 | array to pointer conversion indirection | test.cpp:196:10:196:16 | concat output argument |
| test.cpp:196:26:196:33 | array to pointer conversion indirection | test.cpp:196:19:196:23 | concat output argument |
| test.cpp:196:26:196:33 | array to pointer conversion indirection | test.cpp:196:19:196:23 | concat output argument |
| test.cpp:196:26:196:33 | filename | test.cpp:186:47:186:54 | filename |
| test.cpp:196:26:196:33 | filename | test.cpp:196:10:196:16 | concat output argument |
| test.cpp:196:26:196:33 | filename | test.cpp:196:19:196:23 | concat output argument |
| test.cpp:218:9:218:16 | fread output argument | test.cpp:220:19:220:26 | Convert indirection |
| test.cpp:218:9:218:16 | fread output argument | test.cpp:220:19:220:26 | Convert indirection |
| test.cpp:220:10:220:16 | strncat output argument | test.cpp:222:32:222:38 | Convert indirection |
| test.cpp:220:10:220:16 | strncat output argument | test.cpp:222:32:222:38 | Convert indirection |
| test.cpp:220:19:220:26 | Convert indirection | test.cpp:220:10:220:16 | strncat output argument |
| test.cpp:220:19:220:26 | Convert indirection | test.cpp:220:10:220:16 | strncat output argument |
| test.cpp:220:19:220:26 | Convert indirection | test.cpp:220:10:220:16 | strncat output argument |
| test.cpp:220:19:220:26 | Convert indirection | test.cpp:220:10:220:16 | strncat output argument |
| test.cpp:218:9:218:16 | fread output argument | test.cpp:220:19:220:26 | (const char *)... indirection |
| test.cpp:218:9:218:16 | fread output argument | test.cpp:220:19:220:26 | (const char *)... indirection |
| test.cpp:220:10:220:16 | strncat output argument | test.cpp:222:32:222:38 | array to pointer conversion indirection |
| test.cpp:220:10:220:16 | strncat output argument | test.cpp:222:32:222:38 | array to pointer conversion indirection |
| test.cpp:220:19:220:26 | (const char *)... indirection | test.cpp:220:10:220:16 | strncat output argument |
| test.cpp:220:19:220:26 | (const char *)... indirection | test.cpp:220:10:220:16 | strncat output argument |
| test.cpp:220:19:220:26 | (const char *)... indirection | test.cpp:220:10:220:16 | strncat output argument |
| test.cpp:220:19:220:26 | (const char *)... indirection | test.cpp:220:10:220:16 | strncat output argument |
nodes
| test.cpp:15:27:15:30 | argv indirection | semmle.label | argv indirection |
| test.cpp:15:27:15:30 | argv indirection | semmle.label | argv indirection |
| test.cpp:22:13:22:20 | sprintf output argument | semmle.label | sprintf output argument |
| test.cpp:22:45:22:52 | Load indirection | semmle.label | Load indirection |
| test.cpp:23:12:23:19 | Convert indirection | semmle.label | Convert indirection |
| test.cpp:22:45:22:52 | userName indirection | semmle.label | userName indirection |
| test.cpp:23:12:23:19 | (const char *)... indirection | semmle.label | (const char *)... indirection |
| test.cpp:47:21:47:26 | call to getenv indirection | semmle.label | call to getenv indirection |
| test.cpp:50:11:50:17 | sprintf output argument | semmle.label | sprintf output argument |
| test.cpp:50:35:50:43 | Load indirection | semmle.label | Load indirection |
| test.cpp:51:10:51:16 | Convert indirection | semmle.label | Convert indirection |
| test.cpp:50:35:50:43 | envCflags indirection | semmle.label | envCflags indirection |
| test.cpp:51:10:51:16 | (const char *)... indirection | semmle.label | (const char *)... indirection |
| test.cpp:62:9:62:16 | fread output argument | semmle.label | fread output argument |
| test.cpp:64:11:64:17 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:64:20:64:27 | Convert indirection | semmle.label | Convert indirection |
| test.cpp:65:10:65:16 | Convert indirection | semmle.label | Convert indirection |
| test.cpp:64:20:64:27 | (const char *)... indirection | semmle.label | (const char *)... indirection |
| test.cpp:65:10:65:16 | (const char *)... indirection | semmle.label | (const char *)... indirection |
| test.cpp:82:9:82:16 | fread output argument | semmle.label | fread output argument |
| test.cpp:84:11:84:17 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:84:20:84:27 | Convert indirection | semmle.label | Convert indirection |
| test.cpp:85:32:85:38 | Convert indirection | semmle.label | Convert indirection |
| test.cpp:84:20:84:27 | (const char *)... indirection | semmle.label | (const char *)... indirection |
| test.cpp:85:32:85:38 | array to pointer conversion indirection | semmle.label | array to pointer conversion indirection |
| test.cpp:91:9:91:16 | fread output argument | semmle.label | fread output argument |
| test.cpp:93:11:93:14 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:93:17:93:24 | Convert indirection | semmle.label | Convert indirection |
| test.cpp:94:45:94:48 | Convert indirection | semmle.label | Convert indirection |
| test.cpp:106:20:106:25 | Call | semmle.label | Call |
| test.cpp:93:17:93:24 | (const char *)... indirection | semmle.label | (const char *)... indirection |
| test.cpp:94:45:94:48 | array to pointer conversion indirection | semmle.label | array to pointer conversion indirection |
| test.cpp:106:20:106:25 | call to getenv | semmle.label | call to getenv |
| test.cpp:106:20:106:38 | call to getenv indirection | semmle.label | call to getenv indirection |
| test.cpp:107:31:107:31 | Call | semmle.label | Call |
| test.cpp:107:33:107:36 | CopyValue indirection | semmle.label | CopyValue indirection |
| test.cpp:107:31:107:31 | call to operator+ | semmle.label | call to operator+ |
| test.cpp:107:33:107:36 | (reference to) indirection | semmle.label | (reference to) indirection |
| test.cpp:108:18:108:22 | call to c_str indirection | semmle.label | call to c_str indirection |
| test.cpp:113:20:113:25 | Call | semmle.label | Call |
| test.cpp:113:20:113:25 | call to getenv | semmle.label | call to getenv |
| test.cpp:113:20:113:38 | call to getenv indirection | semmle.label | call to getenv indirection |
| test.cpp:114:10:114:23 | Convert | semmle.label | Convert |
| test.cpp:114:10:114:23 | (const basic_string<char, char_traits<char>, allocator<char>>)... | semmle.label | (const basic_string<char, char_traits<char>, allocator<char>>)... |
| test.cpp:114:17:114:17 | call to operator+ | semmle.label | call to operator+ |
| test.cpp:114:19:114:22 | CopyValue indirection | semmle.label | CopyValue indirection |
| test.cpp:114:19:114:22 | (reference to) indirection | semmle.label | (reference to) indirection |
| test.cpp:114:25:114:29 | call to c_str indirection | semmle.label | call to c_str indirection |
| test.cpp:114:25:114:29 | call to c_str indirection | semmle.label | call to c_str indirection |
| test.cpp:119:20:119:25 | Call | semmle.label | Call |
| test.cpp:119:20:119:25 | call to getenv | semmle.label | call to getenv |
| test.cpp:119:20:119:38 | call to getenv indirection | semmle.label | call to getenv indirection |
| test.cpp:120:10:120:30 | call to data indirection | semmle.label | call to data indirection |
| test.cpp:120:17:120:17 | call to operator+ | semmle.label | call to operator+ |
| test.cpp:120:19:120:22 | CopyValue indirection | semmle.label | CopyValue indirection |
| test.cpp:120:19:120:22 | (reference to) indirection | semmle.label | (reference to) indirection |
| test.cpp:140:9:140:11 | fread output argument | semmle.label | fread output argument |
| test.cpp:142:11:142:17 | sprintf output argument | semmle.label | sprintf output argument |
| test.cpp:142:31:142:33 | Convert indirection | semmle.label | Convert indirection |
| test.cpp:143:10:143:16 | Convert indirection | semmle.label | Convert indirection |
| test.cpp:142:31:142:33 | array to pointer conversion indirection | semmle.label | array to pointer conversion indirection |
| test.cpp:143:10:143:16 | (const char *)... indirection | semmle.label | (const char *)... indirection |
| test.cpp:174:9:174:16 | fread output argument | semmle.label | fread output argument |
| test.cpp:177:13:177:17 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:177:20:177:27 | Convert indirection | semmle.label | Convert indirection |
| test.cpp:177:20:177:27 | (const char *)... indirection | semmle.label | (const char *)... indirection |
| test.cpp:178:13:178:19 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:178:22:178:26 | Convert indirection | semmle.label | Convert indirection |
| test.cpp:178:22:178:26 | (const char *)... indirection | semmle.label | (const char *)... indirection |
| test.cpp:180:13:180:19 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:180:22:180:29 | Convert indirection | semmle.label | Convert indirection |
| test.cpp:183:32:183:38 | Convert indirection | semmle.label | Convert indirection |
| test.cpp:183:32:183:38 | Convert indirection | semmle.label | Convert indirection |
| test.cpp:183:32:183:38 | Convert indirection | semmle.label | Convert indirection |
| test.cpp:180:22:180:29 | (const char *)... indirection | semmle.label | (const char *)... indirection |
| test.cpp:183:32:183:38 | array to pointer conversion indirection | semmle.label | array to pointer conversion indirection |
| test.cpp:183:32:183:38 | array to pointer conversion indirection | semmle.label | array to pointer conversion indirection |
| test.cpp:183:32:183:38 | array to pointer conversion indirection | semmle.label | array to pointer conversion indirection |
| test.cpp:186:34:186:38 | flags | semmle.label | flags |
| test.cpp:186:34:186:38 | flags | semmle.label | flags |
| test.cpp:186:34:186:38 | flags indirection | semmle.label | flags indirection |
@@ -166,7 +166,7 @@ nodes
| test.cpp:187:11:187:15 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:187:11:187:15 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:187:11:187:15 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:187:18:187:25 | Convert indirection | semmle.label | Convert indirection |
| test.cpp:187:18:187:25 | (const char *)... indirection | semmle.label | (const char *)... indirection |
| test.cpp:188:11:188:17 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:188:11:188:17 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:188:11:188:17 | strncat output argument | semmle.label | strncat output argument |
@@ -174,62 +174,62 @@ nodes
| test.cpp:188:11:188:17 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:188:11:188:17 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:188:11:188:17 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:188:20:188:24 | Convert indirection | semmle.label | Convert indirection |
| test.cpp:188:20:188:24 | Convert indirection | semmle.label | Convert indirection |
| test.cpp:188:20:188:24 | Convert indirection | semmle.label | Convert indirection |
| test.cpp:188:20:188:24 | Convert indirection | semmle.label | Convert indirection |
| test.cpp:188:20:188:24 | (const char *)... indirection | semmle.label | (const char *)... indirection |
| test.cpp:188:20:188:24 | (const char *)... indirection | semmle.label | (const char *)... indirection |
| test.cpp:188:20:188:24 | (const char *)... indirection | semmle.label | (const char *)... indirection |
| test.cpp:188:20:188:24 | (const char *)... indirection | semmle.label | (const char *)... indirection |
| test.cpp:194:9:194:16 | fread output argument | semmle.label | fread output argument |
| test.cpp:196:10:196:16 | concat output argument | semmle.label | concat output argument |
| test.cpp:196:10:196:16 | concat output argument | semmle.label | concat output argument |
| test.cpp:196:19:196:23 | Convert indirection | semmle.label | Convert indirection |
| test.cpp:196:19:196:23 | Convert indirection | semmle.label | Convert indirection |
| test.cpp:196:19:196:23 | array to pointer conversion indirection | semmle.label | array to pointer conversion indirection |
| test.cpp:196:19:196:23 | array to pointer conversion indirection | semmle.label | array to pointer conversion indirection |
| test.cpp:196:19:196:23 | concat output argument | semmle.label | concat output argument |
| test.cpp:196:19:196:23 | concat output argument | semmle.label | concat output argument |
| test.cpp:196:19:196:23 | flags | semmle.label | flags |
| test.cpp:196:19:196:23 | flags | semmle.label | flags |
| test.cpp:196:26:196:33 | Convert indirection | semmle.label | Convert indirection |
| test.cpp:196:26:196:33 | array to pointer conversion indirection | semmle.label | array to pointer conversion indirection |
| test.cpp:196:26:196:33 | filename | semmle.label | filename |
| test.cpp:198:32:198:38 | Convert indirection | semmle.label | Convert indirection |
| test.cpp:198:32:198:38 | Convert indirection | semmle.label | Convert indirection |
| test.cpp:198:32:198:38 | array to pointer conversion indirection | semmle.label | array to pointer conversion indirection |
| test.cpp:198:32:198:38 | array to pointer conversion indirection | semmle.label | array to pointer conversion indirection |
| test.cpp:218:9:218:16 | fread output argument | semmle.label | fread output argument |
| test.cpp:220:10:220:16 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:220:10:220:16 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:220:19:220:26 | Convert indirection | semmle.label | Convert indirection |
| test.cpp:220:19:220:26 | Convert indirection | semmle.label | Convert indirection |
| test.cpp:222:32:222:38 | Convert indirection | semmle.label | Convert indirection |
| test.cpp:220:19:220:26 | (const char *)... indirection | semmle.label | (const char *)... indirection |
| test.cpp:220:19:220:26 | (const char *)... indirection | semmle.label | (const char *)... indirection |
| test.cpp:222:32:222:38 | array to pointer conversion indirection | semmle.label | array to pointer conversion indirection |
subpaths
| test.cpp:196:19:196:23 | Convert indirection | test.cpp:186:34:186:38 | flags indirection | test.cpp:188:11:188:17 | strncat output argument | test.cpp:196:10:196:16 | concat output argument |
| test.cpp:196:19:196:23 | Convert indirection | test.cpp:186:34:186:38 | flags indirection | test.cpp:188:11:188:17 | strncat output argument | test.cpp:196:10:196:16 | concat output argument |
| test.cpp:196:19:196:23 | array to pointer conversion indirection | test.cpp:186:34:186:38 | flags indirection | test.cpp:188:11:188:17 | strncat output argument | test.cpp:196:10:196:16 | concat output argument |
| test.cpp:196:19:196:23 | array to pointer conversion indirection | test.cpp:186:34:186:38 | flags indirection | test.cpp:188:11:188:17 | strncat output argument | test.cpp:196:10:196:16 | concat output argument |
| test.cpp:196:19:196:23 | flags | test.cpp:186:34:186:38 | flags | test.cpp:187:11:187:15 | strncat output argument | test.cpp:196:19:196:23 | concat output argument |
| test.cpp:196:19:196:23 | flags | test.cpp:186:34:186:38 | flags | test.cpp:187:11:187:15 | strncat output argument | test.cpp:196:19:196:23 | concat output argument |
| test.cpp:196:19:196:23 | flags | test.cpp:186:34:186:38 | flags | test.cpp:188:11:188:17 | strncat output argument | test.cpp:196:10:196:16 | concat output argument |
| test.cpp:196:19:196:23 | flags | test.cpp:186:34:186:38 | flags | test.cpp:188:11:188:17 | strncat output argument | test.cpp:196:10:196:16 | concat output argument |
| test.cpp:196:26:196:33 | Convert indirection | test.cpp:186:47:186:54 | filename indirection | test.cpp:187:11:187:15 | strncat output argument | test.cpp:196:19:196:23 | concat output argument |
| test.cpp:196:26:196:33 | Convert indirection | test.cpp:186:47:186:54 | filename indirection | test.cpp:187:11:187:15 | strncat output argument | test.cpp:196:19:196:23 | concat output argument |
| test.cpp:196:26:196:33 | Convert indirection | test.cpp:186:47:186:54 | filename indirection | test.cpp:188:11:188:17 | strncat output argument | test.cpp:196:10:196:16 | concat output argument |
| test.cpp:196:26:196:33 | Convert indirection | test.cpp:186:47:186:54 | filename indirection | test.cpp:188:11:188:17 | strncat output argument | test.cpp:196:10:196:16 | concat output argument |
| test.cpp:196:26:196:33 | array to pointer conversion indirection | test.cpp:186:47:186:54 | filename indirection | test.cpp:187:11:187:15 | strncat output argument | test.cpp:196:19:196:23 | concat output argument |
| test.cpp:196:26:196:33 | array to pointer conversion indirection | test.cpp:186:47:186:54 | filename indirection | test.cpp:187:11:187:15 | strncat output argument | test.cpp:196:19:196:23 | concat output argument |
| test.cpp:196:26:196:33 | array to pointer conversion indirection | test.cpp:186:47:186:54 | filename indirection | test.cpp:188:11:188:17 | strncat output argument | test.cpp:196:10:196:16 | concat output argument |
| test.cpp:196:26:196:33 | array to pointer conversion indirection | test.cpp:186:47:186:54 | filename indirection | test.cpp:188:11:188:17 | strncat output argument | test.cpp:196:10:196:16 | concat output argument |
| test.cpp:196:26:196:33 | filename | test.cpp:186:47:186:54 | filename | test.cpp:187:11:187:15 | strncat output argument | test.cpp:196:19:196:23 | concat output argument |
| test.cpp:196:26:196:33 | filename | test.cpp:186:47:186:54 | filename | test.cpp:188:11:188:17 | strncat output argument | test.cpp:196:10:196:16 | concat output argument |
#select
| test.cpp:23:12:23:19 | command1 | test.cpp:15:27:15:30 | argv indirection | test.cpp:23:12:23:19 | Convert indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:15:27:15:30 | argv indirection | user input (a command-line argument) | test.cpp:22:13:22:20 | sprintf output argument | sprintf output argument |
| test.cpp:23:12:23:19 | command1 | test.cpp:15:27:15:30 | argv indirection | test.cpp:23:12:23:19 | Convert indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:15:27:15:30 | argv indirection | user input (a command-line argument) | test.cpp:22:13:22:20 | sprintf output argument | sprintf output argument |
| test.cpp:51:10:51:16 | command | test.cpp:47:21:47:26 | call to getenv indirection | test.cpp:51:10:51:16 | Convert indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:47:21:47:26 | call to getenv indirection | user input (an environment variable) | test.cpp:50:11:50:17 | sprintf output argument | sprintf output argument |
| test.cpp:65:10:65:16 | command | test.cpp:62:9:62:16 | fread output argument | test.cpp:65:10:65:16 | Convert indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:62:9:62:16 | fread output argument | user input (string read by fread) | test.cpp:64:11:64:17 | strncat output argument | strncat output argument |
| test.cpp:85:32:85:38 | command | test.cpp:82:9:82:16 | fread output argument | test.cpp:85:32:85:38 | Convert indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:82:9:82:16 | fread output argument | user input (string read by fread) | test.cpp:84:11:84:17 | strncat output argument | strncat output argument |
| test.cpp:94:45:94:48 | path | test.cpp:91:9:91:16 | fread output argument | test.cpp:94:45:94:48 | Convert indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:91:9:91:16 | fread output argument | user input (string read by fread) | test.cpp:93:11:93:14 | strncat output argument | strncat output argument |
| test.cpp:108:18:108:22 | call to c_str | test.cpp:106:20:106:25 | Call | test.cpp:108:18:108:22 | call to c_str indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:106:20:106:25 | Call | user input (an environment variable) | test.cpp:107:31:107:31 | Call | Call |
| test.cpp:108:18:108:22 | call to c_str | test.cpp:106:20:106:38 | call to getenv indirection | test.cpp:108:18:108:22 | call to c_str indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:106:20:106:38 | call to getenv indirection | user input (an environment variable) | test.cpp:107:31:107:31 | Call | Call |
| test.cpp:114:25:114:29 | call to c_str | test.cpp:113:20:113:25 | Call | test.cpp:114:25:114:29 | call to c_str indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:113:20:113:25 | Call | user input (an environment variable) | test.cpp:114:10:114:23 | Convert | Convert |
| test.cpp:114:25:114:29 | call to c_str | test.cpp:113:20:113:25 | Call | test.cpp:114:25:114:29 | call to c_str indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:113:20:113:25 | Call | user input (an environment variable) | test.cpp:114:17:114:17 | call to operator+ | call to operator+ |
| test.cpp:114:25:114:29 | call to c_str | test.cpp:113:20:113:38 | call to getenv indirection | test.cpp:114:25:114:29 | call to c_str indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:113:20:113:38 | call to getenv indirection | user input (an environment variable) | test.cpp:114:10:114:23 | Convert | Convert |
| test.cpp:23:12:23:19 | command1 | test.cpp:15:27:15:30 | argv indirection | test.cpp:23:12:23:19 | (const char *)... indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:15:27:15:30 | argv indirection | user input (a command-line argument) | test.cpp:22:13:22:20 | sprintf output argument | sprintf output argument |
| test.cpp:23:12:23:19 | command1 | test.cpp:15:27:15:30 | argv indirection | test.cpp:23:12:23:19 | (const char *)... indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:15:27:15:30 | argv indirection | user input (a command-line argument) | test.cpp:22:13:22:20 | sprintf output argument | sprintf output argument |
| test.cpp:51:10:51:16 | command | test.cpp:47:21:47:26 | call to getenv indirection | test.cpp:51:10:51:16 | (const char *)... indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:47:21:47:26 | call to getenv indirection | user input (an environment variable) | test.cpp:50:11:50:17 | sprintf output argument | sprintf output argument |
| test.cpp:65:10:65:16 | command | test.cpp:62:9:62:16 | fread output argument | test.cpp:65:10:65:16 | (const char *)... indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:62:9:62:16 | fread output argument | user input (string read by fread) | test.cpp:64:11:64:17 | strncat output argument | strncat output argument |
| test.cpp:85:32:85:38 | command | test.cpp:82:9:82:16 | fread output argument | test.cpp:85:32:85:38 | array to pointer conversion indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:82:9:82:16 | fread output argument | user input (string read by fread) | test.cpp:84:11:84:17 | strncat output argument | strncat output argument |
| test.cpp:94:45:94:48 | path | test.cpp:91:9:91:16 | fread output argument | test.cpp:94:45:94:48 | array to pointer conversion indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:91:9:91:16 | fread output argument | user input (string read by fread) | test.cpp:93:11:93:14 | strncat output argument | strncat output argument |
| test.cpp:108:18:108:22 | call to c_str | test.cpp:106:20:106:25 | call to getenv | test.cpp:108:18:108:22 | call to c_str indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:106:20:106:25 | call to getenv | user input (an environment variable) | test.cpp:107:31:107:31 | call to operator+ | call to operator+ |
| test.cpp:108:18:108:22 | call to c_str | test.cpp:106:20:106:38 | call to getenv indirection | test.cpp:108:18:108:22 | call to c_str indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:106:20:106:38 | call to getenv indirection | user input (an environment variable) | test.cpp:107:31:107:31 | call to operator+ | call to operator+ |
| test.cpp:114:25:114:29 | call to c_str | test.cpp:113:20:113:25 | call to getenv | test.cpp:114:25:114:29 | call to c_str indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:113:20:113:25 | call to getenv | user input (an environment variable) | test.cpp:114:10:114:23 | (const basic_string<char, char_traits<char>, allocator<char>>)... | (const basic_string<char, char_traits<char>, allocator<char>>)... |
| test.cpp:114:25:114:29 | call to c_str | test.cpp:113:20:113:25 | call to getenv | test.cpp:114:25:114:29 | call to c_str indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:113:20:113:25 | call to getenv | user input (an environment variable) | test.cpp:114:17:114:17 | call to operator+ | call to operator+ |
| test.cpp:114:25:114:29 | call to c_str | test.cpp:113:20:113:38 | call to getenv indirection | test.cpp:114:25:114:29 | call to c_str indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:113:20:113:38 | call to getenv indirection | user input (an environment variable) | test.cpp:114:10:114:23 | (const basic_string<char, char_traits<char>, allocator<char>>)... | (const basic_string<char, char_traits<char>, allocator<char>>)... |
| test.cpp:114:25:114:29 | call to c_str | test.cpp:113:20:113:38 | call to getenv indirection | test.cpp:114:25:114:29 | call to c_str indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:113:20:113:38 | call to getenv indirection | user input (an environment variable) | test.cpp:114:17:114:17 | call to operator+ | call to operator+ |
| test.cpp:120:25:120:28 | call to data | test.cpp:119:20:119:25 | Call | test.cpp:120:10:120:30 | call to data indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:119:20:119:25 | Call | user input (an environment variable) | test.cpp:120:17:120:17 | call to operator+ | call to operator+ |
| test.cpp:120:25:120:28 | call to data | test.cpp:119:20:119:25 | call to getenv | test.cpp:120:10:120:30 | call to data indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:119:20:119:25 | call to getenv | user input (an environment variable) | test.cpp:120:17:120:17 | call to operator+ | call to operator+ |
| test.cpp:120:25:120:28 | call to data | test.cpp:119:20:119:38 | call to getenv indirection | test.cpp:120:10:120:30 | call to data indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:119:20:119:38 | call to getenv indirection | user input (an environment variable) | test.cpp:120:17:120:17 | call to operator+ | call to operator+ |
| test.cpp:143:10:143:16 | command | test.cpp:140:9:140:11 | fread output argument | test.cpp:143:10:143:16 | Convert indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:140:9:140:11 | fread output argument | user input (string read by fread) | test.cpp:142:11:142:17 | sprintf output argument | sprintf output argument |
| test.cpp:183:32:183:38 | command | test.cpp:174:9:174:16 | fread output argument | test.cpp:183:32:183:38 | Convert indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:174:9:174:16 | fread output argument | user input (string read by fread) | test.cpp:177:13:177:17 | strncat output argument | strncat output argument |
| test.cpp:183:32:183:38 | command | test.cpp:174:9:174:16 | fread output argument | test.cpp:183:32:183:38 | Convert indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:174:9:174:16 | fread output argument | user input (string read by fread) | test.cpp:178:13:178:19 | strncat output argument | strncat output argument |
| test.cpp:183:32:183:38 | command | test.cpp:174:9:174:16 | fread output argument | test.cpp:183:32:183:38 | Convert indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:174:9:174:16 | fread output argument | user input (string read by fread) | test.cpp:180:13:180:19 | strncat output argument | strncat output argument |
| test.cpp:198:32:198:38 | command | test.cpp:194:9:194:16 | fread output argument | test.cpp:198:32:198:38 | Convert indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:194:9:194:16 | fread output argument | user input (string read by fread) | test.cpp:187:11:187:15 | strncat output argument | strncat output argument |
| test.cpp:198:32:198:38 | command | test.cpp:194:9:194:16 | fread output argument | test.cpp:198:32:198:38 | Convert indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:194:9:194:16 | fread output argument | user input (string read by fread) | test.cpp:188:11:188:17 | strncat output argument | strncat output argument |
| test.cpp:222:32:222:38 | command | test.cpp:218:9:218:16 | fread output argument | test.cpp:222:32:222:38 | Convert indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:218:9:218:16 | fread output argument | user input (string read by fread) | test.cpp:220:10:220:16 | strncat output argument | strncat output argument |
| test.cpp:222:32:222:38 | command | test.cpp:218:9:218:16 | fread output argument | test.cpp:222:32:222:38 | Convert indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:218:9:218:16 | fread output argument | user input (string read by fread) | test.cpp:220:10:220:16 | strncat output argument | strncat output argument |
| test.cpp:143:10:143:16 | command | test.cpp:140:9:140:11 | fread output argument | test.cpp:143:10:143:16 | (const char *)... indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:140:9:140:11 | fread output argument | user input (string read by fread) | test.cpp:142:11:142:17 | sprintf output argument | sprintf output argument |
| test.cpp:183:32:183:38 | command | test.cpp:174:9:174:16 | fread output argument | test.cpp:183:32:183:38 | array to pointer conversion indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:174:9:174:16 | fread output argument | user input (string read by fread) | test.cpp:177:13:177:17 | strncat output argument | strncat output argument |
| test.cpp:183:32:183:38 | command | test.cpp:174:9:174:16 | fread output argument | test.cpp:183:32:183:38 | array to pointer conversion indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:174:9:174:16 | fread output argument | user input (string read by fread) | test.cpp:178:13:178:19 | strncat output argument | strncat output argument |
| test.cpp:183:32:183:38 | command | test.cpp:174:9:174:16 | fread output argument | test.cpp:183:32:183:38 | array to pointer conversion indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:174:9:174:16 | fread output argument | user input (string read by fread) | test.cpp:180:13:180:19 | strncat output argument | strncat output argument |
| test.cpp:198:32:198:38 | command | test.cpp:194:9:194:16 | fread output argument | test.cpp:198:32:198:38 | array to pointer conversion indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:194:9:194:16 | fread output argument | user input (string read by fread) | test.cpp:187:11:187:15 | strncat output argument | strncat output argument |
| test.cpp:198:32:198:38 | command | test.cpp:194:9:194:16 | fread output argument | test.cpp:198:32:198:38 | array to pointer conversion indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:194:9:194:16 | fread output argument | user input (string read by fread) | test.cpp:188:11:188:17 | strncat output argument | strncat output argument |
| test.cpp:222:32:222:38 | command | test.cpp:218:9:218:16 | fread output argument | test.cpp:222:32:222:38 | array to pointer conversion indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:218:9:218:16 | fread output argument | user input (string read by fread) | test.cpp:220:10:220:16 | strncat output argument | strncat output argument |
| test.cpp:222:32:222:38 | command | test.cpp:218:9:218:16 | fread output argument | test.cpp:222:32:222:38 | array to pointer conversion indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:218:9:218:16 | fread output argument | user input (string read by fread) | test.cpp:220:10:220:16 | strncat output argument | strncat output argument |

8
cpp/ql/test/query-tests/Security/CWE/CWE-114/SAMATE/UncontrolledProcessOperation/UncontrolledProcessOperation.expected
View File

@@ -5,12 +5,12 @@ edges
| test.cpp:37:73:37:76 | data indirection | test.cpp:43:32:43:35 | data |
| test.cpp:37:73:37:76 | data indirection | test.cpp:43:32:43:35 | data |
| test.cpp:37:73:37:76 | data indirection | test.cpp:43:32:43:35 | data |
| test.cpp:64:30:64:35 | call to getenv | test.cpp:73:24:73:27 | Load indirection |
| test.cpp:64:30:64:35 | call to getenv | test.cpp:73:24:73:27 | Load indirection |
| test.cpp:64:30:64:35 | call to getenv | test.cpp:73:24:73:27 | data |
| test.cpp:64:30:64:35 | call to getenv | test.cpp:73:24:73:27 | data |
| test.cpp:73:24:73:27 | Load indirection | test.cpp:37:73:37:76 | data indirection |
| test.cpp:64:30:64:35 | call to getenv | test.cpp:73:24:73:27 | data indirection |
| test.cpp:64:30:64:35 | call to getenv | test.cpp:73:24:73:27 | data indirection |
| test.cpp:73:24:73:27 | data | test.cpp:37:73:37:76 | data |
| test.cpp:73:24:73:27 | data indirection | test.cpp:37:73:37:76 | data indirection |
subpaths
nodes
| test.cpp:37:73:37:76 | data | semmle.label | data |
@@ -20,7 +20,7 @@ nodes
| test.cpp:43:32:43:35 | data | semmle.label | data |
| test.cpp:64:30:64:35 | call to getenv | semmle.label | call to getenv |
| test.cpp:64:30:64:35 | call to getenv | semmle.label | call to getenv |
| test.cpp:73:24:73:27 | Load indirection | semmle.label | Load indirection |
| test.cpp:73:24:73:27 | data | semmle.label | data |
| test.cpp:73:24:73:27 | data indirection | semmle.label | data indirection |
#select
| test.cpp:43:32:43:35 | data | test.cpp:64:30:64:35 | call to getenv | test.cpp:43:32:43:35 | data | The value of this argument may come from $@ and is being passed to LoadLibraryA. | test.cpp:64:30:64:35 | call to getenv | call to getenv |

58
cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/OverflowDestination.expected
View File

@@ -1,13 +1,13 @@
edges
| main.cpp:6:27:6:30 | argv | main.cpp:7:33:7:36 | argv |
| main.cpp:6:27:6:30 | argv indirection | main.cpp:7:33:7:36 | Load indirection |
| main.cpp:6:27:6:30 | argv indirection | main.cpp:7:33:7:36 | Load indirection |
| main.cpp:6:27:6:30 | argv indirection | main.cpp:7:33:7:36 | Load indirection |
| main.cpp:6:27:6:30 | argv indirection | main.cpp:7:33:7:36 | argv |
| main.cpp:6:27:6:30 | argv indirection | main.cpp:7:33:7:36 | argv |
| main.cpp:7:33:7:36 | Load indirection | overflowdestination.cpp:23:45:23:48 | argv indirection |
| main.cpp:7:33:7:36 | Load indirection | overflowdestination.cpp:23:45:23:48 | argv indirection |
| main.cpp:6:27:6:30 | argv indirection | main.cpp:7:33:7:36 | argv indirection |
| main.cpp:6:27:6:30 | argv indirection | main.cpp:7:33:7:36 | argv indirection |
| main.cpp:6:27:6:30 | argv indirection | main.cpp:7:33:7:36 | argv indirection |
| main.cpp:7:33:7:36 | argv | overflowdestination.cpp:23:45:23:48 | argv |
| main.cpp:7:33:7:36 | argv indirection | overflowdestination.cpp:23:45:23:48 | argv indirection |
| main.cpp:7:33:7:36 | argv indirection | overflowdestination.cpp:23:45:23:48 | argv indirection |
| overflowdestination.cpp:23:45:23:48 | argv | overflowdestination.cpp:30:17:30:20 | arg1 |
| overflowdestination.cpp:23:45:23:48 | argv indirection | overflowdestination.cpp:30:17:30:20 | arg1 |
| overflowdestination.cpp:23:45:23:48 | argv indirection | overflowdestination.cpp:30:17:30:20 | arg1 |
@@ -42,29 +42,29 @@ edges
| overflowdestination.cpp:65:9:65:13 | memcpy output argument | overflowdestination.cpp:65:9:65:13 | memcpy output argument |
| overflowdestination.cpp:65:9:65:13 | memcpy output argument | overflowdestination.cpp:65:9:65:13 | memcpy output argument |
| overflowdestination.cpp:65:9:65:13 | memcpy output argument | overflowdestination.cpp:65:9:65:13 | memcpy output argument |
| overflowdestination.cpp:73:8:73:10 | fgets output argument | overflowdestination.cpp:75:30:75:32 | Convert indirection |
| overflowdestination.cpp:73:8:73:10 | fgets output argument | overflowdestination.cpp:75:30:75:32 | array to pointer conversion indirection |
| overflowdestination.cpp:73:8:73:10 | fgets output argument | overflowdestination.cpp:75:30:75:32 | src |
| overflowdestination.cpp:73:8:73:10 | fgets output argument | overflowdestination.cpp:76:30:76:32 | Convert indirection |
| overflowdestination.cpp:73:8:73:10 | fgets output argument | overflowdestination.cpp:76:30:76:32 | array to pointer conversion indirection |
| overflowdestination.cpp:73:8:73:10 | fgets output argument | overflowdestination.cpp:76:30:76:32 | src |
| overflowdestination.cpp:75:24:75:27 | overflowdest_test2 output argument | overflowdestination.cpp:76:24:76:27 | Convert indirection |
| overflowdestination.cpp:75:24:75:27 | overflowdest_test2 output argument | overflowdestination.cpp:76:24:76:27 | array to pointer conversion indirection |
| overflowdestination.cpp:75:24:75:27 | overflowdest_test2 output argument | overflowdestination.cpp:76:24:76:27 | dest |
| overflowdestination.cpp:75:30:75:32 | Convert indirection | overflowdestination.cpp:50:52:50:54 | src indirection |
| overflowdestination.cpp:75:30:75:32 | Convert indirection | overflowdestination.cpp:75:24:75:27 | overflowdest_test2 output argument |
| overflowdestination.cpp:75:30:75:32 | overflowdest_test2 output argument | overflowdestination.cpp:76:30:76:32 | Convert indirection |
| overflowdestination.cpp:75:30:75:32 | array to pointer conversion indirection | overflowdestination.cpp:50:52:50:54 | src indirection |
| overflowdestination.cpp:75:30:75:32 | array to pointer conversion indirection | overflowdestination.cpp:75:24:75:27 | overflowdest_test2 output argument |
| overflowdestination.cpp:75:30:75:32 | overflowdest_test2 output argument | overflowdestination.cpp:76:30:76:32 | array to pointer conversion indirection |
| overflowdestination.cpp:75:30:75:32 | overflowdest_test2 output argument | overflowdestination.cpp:76:30:76:32 | src |
| overflowdestination.cpp:75:30:75:32 | src | overflowdestination.cpp:50:52:50:54 | src |
| overflowdestination.cpp:75:30:75:32 | src | overflowdestination.cpp:75:24:75:27 | overflowdest_test2 output argument |
| overflowdestination.cpp:75:30:75:32 | src | overflowdestination.cpp:75:30:75:32 | overflowdest_test2 output argument |
| overflowdestination.cpp:76:24:76:27 | Convert indirection | overflowdestination.cpp:57:40:57:43 | dest indirection |
| overflowdestination.cpp:76:24:76:27 | Convert indirection | overflowdestination.cpp:76:30:76:32 | overflowdest_test3 output argument |
| overflowdestination.cpp:76:24:76:27 | array to pointer conversion indirection | overflowdestination.cpp:57:40:57:43 | dest indirection |
| overflowdestination.cpp:76:24:76:27 | array to pointer conversion indirection | overflowdestination.cpp:76:30:76:32 | overflowdest_test3 output argument |
| overflowdestination.cpp:76:24:76:27 | dest | overflowdestination.cpp:57:40:57:43 | dest |
| overflowdestination.cpp:76:24:76:27 | dest | overflowdestination.cpp:76:24:76:27 | overflowdest_test3 output argument |
| overflowdestination.cpp:76:24:76:27 | dest | overflowdestination.cpp:76:30:76:32 | overflowdest_test3 output argument |
| overflowdestination.cpp:76:24:76:27 | overflowdest_test3 output argument | overflowdestination.cpp:76:24:76:27 | Convert indirection |
| overflowdestination.cpp:76:24:76:27 | overflowdest_test3 output argument | overflowdestination.cpp:76:24:76:27 | array to pointer conversion indirection |
| overflowdestination.cpp:76:24:76:27 | overflowdest_test3 output argument | overflowdestination.cpp:76:24:76:27 | dest |
| overflowdestination.cpp:76:30:76:32 | Convert indirection | overflowdestination.cpp:57:52:57:54 | src indirection |
| overflowdestination.cpp:76:30:76:32 | Convert indirection | overflowdestination.cpp:76:24:76:27 | overflowdest_test3 output argument |
| overflowdestination.cpp:76:30:76:32 | overflowdest_test3 output argument | overflowdestination.cpp:76:30:76:32 | Convert indirection |
| overflowdestination.cpp:76:30:76:32 | array to pointer conversion indirection | overflowdestination.cpp:57:52:57:54 | src indirection |
| overflowdestination.cpp:76:30:76:32 | array to pointer conversion indirection | overflowdestination.cpp:76:24:76:27 | overflowdest_test3 output argument |
| overflowdestination.cpp:76:30:76:32 | overflowdest_test3 output argument | overflowdestination.cpp:76:30:76:32 | array to pointer conversion indirection |
| overflowdestination.cpp:76:30:76:32 | overflowdest_test3 output argument | overflowdestination.cpp:76:30:76:32 | src |
| overflowdestination.cpp:76:30:76:32 | src | overflowdestination.cpp:57:52:57:54 | src |
| overflowdestination.cpp:76:30:76:32 | src | overflowdestination.cpp:76:24:76:27 | overflowdest_test3 output argument |
@@ -73,9 +73,9 @@ nodes
| main.cpp:6:27:6:30 | argv | semmle.label | argv |
| main.cpp:6:27:6:30 | argv indirection | semmle.label | argv indirection |
| main.cpp:6:27:6:30 | argv indirection | semmle.label | argv indirection |
| main.cpp:7:33:7:36 | Load indirection | semmle.label | Load indirection |
| main.cpp:7:33:7:36 | Load indirection | semmle.label | Load indirection |
| main.cpp:7:33:7:36 | argv | semmle.label | argv |
| main.cpp:7:33:7:36 | argv indirection | semmle.label | argv indirection |
| main.cpp:7:33:7:36 | argv indirection | semmle.label | argv indirection |
| overflowdestination.cpp:23:45:23:48 | argv | semmle.label | argv |
| overflowdestination.cpp:23:45:23:48 | argv indirection | semmle.label | argv indirection |
| overflowdestination.cpp:23:45:23:48 | argv indirection | semmle.label | argv indirection |
@@ -106,30 +106,30 @@ nodes
| overflowdestination.cpp:65:9:65:13 | memcpy output argument | semmle.label | memcpy output argument |
| overflowdestination.cpp:73:8:73:10 | fgets output argument | semmle.label | fgets output argument |
| overflowdestination.cpp:75:24:75:27 | overflowdest_test2 output argument | semmle.label | overflowdest_test2 output argument |
| overflowdestination.cpp:75:30:75:32 | Convert indirection | semmle.label | Convert indirection |
| overflowdestination.cpp:75:30:75:32 | array to pointer conversion indirection | semmle.label | array to pointer conversion indirection |
| overflowdestination.cpp:75:30:75:32 | overflowdest_test2 output argument | semmle.label | overflowdest_test2 output argument |
| overflowdestination.cpp:75:30:75:32 | src | semmle.label | src |
| overflowdestination.cpp:76:24:76:27 | Convert indirection | semmle.label | Convert indirection |
| overflowdestination.cpp:76:24:76:27 | array to pointer conversion indirection | semmle.label | array to pointer conversion indirection |
| overflowdestination.cpp:76:24:76:27 | dest | semmle.label | dest |
| overflowdestination.cpp:76:24:76:27 | overflowdest_test3 output argument | semmle.label | overflowdest_test3 output argument |
| overflowdestination.cpp:76:30:76:32 | Convert indirection | semmle.label | Convert indirection |
| overflowdestination.cpp:76:30:76:32 | array to pointer conversion indirection | semmle.label | array to pointer conversion indirection |
| overflowdestination.cpp:76:30:76:32 | overflowdest_test3 output argument | semmle.label | overflowdest_test3 output argument |
| overflowdestination.cpp:76:30:76:32 | src | semmle.label | src |
subpaths
| overflowdestination.cpp:75:30:75:32 | Convert indirection | overflowdestination.cpp:50:52:50:54 | src indirection | overflowdestination.cpp:52:9:52:12 | memcpy output argument | overflowdestination.cpp:75:24:75:27 | overflowdest_test2 output argument |
| overflowdestination.cpp:75:30:75:32 | Convert indirection | overflowdestination.cpp:50:52:50:54 | src indirection | overflowdestination.cpp:53:9:53:12 | memcpy output argument | overflowdestination.cpp:75:24:75:27 | overflowdest_test2 output argument |
| overflowdestination.cpp:75:30:75:32 | Convert indirection | overflowdestination.cpp:50:52:50:54 | src indirection | overflowdestination.cpp:54:9:54:12 | memcpy output argument | overflowdestination.cpp:75:24:75:27 | overflowdest_test2 output argument |
| overflowdestination.cpp:75:30:75:32 | array to pointer conversion indirection | overflowdestination.cpp:50:52:50:54 | src indirection | overflowdestination.cpp:52:9:52:12 | memcpy output argument | overflowdestination.cpp:75:24:75:27 | overflowdest_test2 output argument |
| overflowdestination.cpp:75:30:75:32 | array to pointer conversion indirection | overflowdestination.cpp:50:52:50:54 | src indirection | overflowdestination.cpp:53:9:53:12 | memcpy output argument | overflowdestination.cpp:75:24:75:27 | overflowdest_test2 output argument |
| overflowdestination.cpp:75:30:75:32 | array to pointer conversion indirection | overflowdestination.cpp:50:52:50:54 | src indirection | overflowdestination.cpp:54:9:54:12 | memcpy output argument | overflowdestination.cpp:75:24:75:27 | overflowdest_test2 output argument |
| overflowdestination.cpp:75:30:75:32 | src | overflowdestination.cpp:50:52:50:54 | src | overflowdestination.cpp:52:9:52:12 | memcpy output argument | overflowdestination.cpp:75:24:75:27 | overflowdest_test2 output argument |
| overflowdestination.cpp:75:30:75:32 | src | overflowdestination.cpp:50:52:50:54 | src | overflowdestination.cpp:53:9:53:12 | memcpy output argument | overflowdestination.cpp:75:24:75:27 | overflowdest_test2 output argument |
| overflowdestination.cpp:75:30:75:32 | src | overflowdestination.cpp:50:52:50:54 | src | overflowdestination.cpp:53:9:53:12 | memcpy output argument | overflowdestination.cpp:75:30:75:32 | overflowdest_test2 output argument |
| overflowdestination.cpp:75:30:75:32 | src | overflowdestination.cpp:50:52:50:54 | src | overflowdestination.cpp:54:9:54:12 | memcpy output argument | overflowdestination.cpp:75:24:75:27 | overflowdest_test2 output argument |
| overflowdestination.cpp:75:30:75:32 | src | overflowdestination.cpp:50:52:50:54 | src | overflowdestination.cpp:54:9:54:12 | memcpy output argument | overflowdestination.cpp:75:30:75:32 | overflowdest_test2 output argument |
| overflowdestination.cpp:76:24:76:27 | Convert indirection | overflowdestination.cpp:57:40:57:43 | dest indirection | overflowdestination.cpp:65:9:65:13 | memcpy output argument | overflowdestination.cpp:76:30:76:32 | overflowdest_test3 output argument |
| overflowdestination.cpp:76:24:76:27 | array to pointer conversion indirection | overflowdestination.cpp:57:40:57:43 | dest indirection | overflowdestination.cpp:65:9:65:13 | memcpy output argument | overflowdestination.cpp:76:30:76:32 | overflowdest_test3 output argument |
| overflowdestination.cpp:76:24:76:27 | dest | overflowdestination.cpp:57:40:57:43 | dest | overflowdestination.cpp:65:9:65:13 | memcpy output argument | overflowdestination.cpp:76:24:76:27 | overflowdest_test3 output argument |
| overflowdestination.cpp:76:24:76:27 | dest | overflowdestination.cpp:57:40:57:43 | dest | overflowdestination.cpp:65:9:65:13 | memcpy output argument | overflowdestination.cpp:76:30:76:32 | overflowdest_test3 output argument |
| overflowdestination.cpp:76:30:76:32 | Convert indirection | overflowdestination.cpp:57:52:57:54 | src indirection | overflowdestination.cpp:63:9:63:13 | memcpy output argument | overflowdestination.cpp:76:24:76:27 | overflowdest_test3 output argument |
| overflowdestination.cpp:76:30:76:32 | Convert indirection | overflowdestination.cpp:57:52:57:54 | src indirection | overflowdestination.cpp:64:9:64:13 | memcpy output argument | overflowdestination.cpp:76:24:76:27 | overflowdest_test3 output argument |
| overflowdestination.cpp:76:30:76:32 | Convert indirection | overflowdestination.cpp:57:52:57:54 | src indirection | overflowdestination.cpp:65:9:65:13 | memcpy output argument | overflowdestination.cpp:76:24:76:27 | overflowdest_test3 output argument |
| overflowdestination.cpp:76:30:76:32 | array to pointer conversion indirection | overflowdestination.cpp:57:52:57:54 | src indirection | overflowdestination.cpp:63:9:63:13 | memcpy output argument | overflowdestination.cpp:76:24:76:27 | overflowdest_test3 output argument |
| overflowdestination.cpp:76:30:76:32 | array to pointer conversion indirection | overflowdestination.cpp:57:52:57:54 | src indirection | overflowdestination.cpp:64:9:64:13 | memcpy output argument | overflowdestination.cpp:76:24:76:27 | overflowdest_test3 output argument |
| overflowdestination.cpp:76:30:76:32 | array to pointer conversion indirection | overflowdestination.cpp:57:52:57:54 | src indirection | overflowdestination.cpp:65:9:65:13 | memcpy output argument | overflowdestination.cpp:76:24:76:27 | overflowdest_test3 output argument |
| overflowdestination.cpp:76:30:76:32 | src | overflowdestination.cpp:57:52:57:54 | src | overflowdestination.cpp:63:9:63:13 | memcpy output argument | overflowdestination.cpp:76:24:76:27 | overflowdest_test3 output argument |
| overflowdestination.cpp:76:30:76:32 | src | overflowdestination.cpp:57:52:57:54 | src | overflowdestination.cpp:64:9:64:13 | memcpy output argument | overflowdestination.cpp:76:24:76:27 | overflowdest_test3 output argument |
| overflowdestination.cpp:76:30:76:32 | src | overflowdestination.cpp:57:52:57:54 | src | overflowdestination.cpp:64:9:64:13 | memcpy output argument | overflowdestination.cpp:76:30:76:32 | overflowdest_test3 output argument |

64
cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/globalVars/UncontrolledFormatString.expected
View File

@@ -1,58 +1,58 @@
edges
| globalVars.c:8:7:8:10 | copy | globalVars.c:27:9:27:12 | Load |
| globalVars.c:8:7:8:10 | copy | globalVars.c:30:15:30:18 | Load |
| globalVars.c:8:7:8:10 | copy | globalVars.c:35:11:35:14 | Load |
| globalVars.c:9:7:9:11 | copy2 | globalVars.c:38:9:38:13 | Load |
| globalVars.c:9:7:9:11 | copy2 | globalVars.c:41:15:41:19 | Load |
| globalVars.c:9:7:9:11 | copy2 | globalVars.c:50:9:50:13 | Load |
| globalVars.c:11:22:11:25 | argv | globalVars.c:12:2:12:15 | Store |
| globalVars.c:12:2:12:15 | Store | globalVars.c:8:7:8:10 | copy |
| globalVars.c:15:21:15:23 | val | globalVars.c:16:2:16:12 | Store |
| globalVars.c:16:2:16:12 | Store | globalVars.c:9:7:9:11 | copy2 |
| globalVars.c:8:7:8:10 | copy | globalVars.c:27:9:27:12 | copy |
| globalVars.c:8:7:8:10 | copy | globalVars.c:30:15:30:18 | copy |
| globalVars.c:8:7:8:10 | copy | globalVars.c:35:11:35:14 | copy |
| globalVars.c:9:7:9:11 | copy2 | globalVars.c:38:9:38:13 | copy2 |
| globalVars.c:9:7:9:11 | copy2 | globalVars.c:41:15:41:19 | copy2 |
| globalVars.c:9:7:9:11 | copy2 | globalVars.c:50:9:50:13 | copy2 |
| globalVars.c:11:22:11:25 | argv | globalVars.c:12:2:12:15 | ... = ... |
| globalVars.c:12:2:12:15 | ... = ... | globalVars.c:8:7:8:10 | copy |
| globalVars.c:15:21:15:23 | val | globalVars.c:16:2:16:12 | ... = ... |
| globalVars.c:16:2:16:12 | ... = ... | globalVars.c:9:7:9:11 | copy2 |
| globalVars.c:24:11:24:14 | argv | globalVars.c:11:22:11:25 | argv |
| globalVars.c:24:11:24:14 | argv | globalVars.c:11:22:11:25 | argv |
| globalVars.c:27:9:27:12 | Load | globalVars.c:27:9:27:12 | copy |
| globalVars.c:27:9:27:12 | Load | globalVars.c:27:9:27:12 | copy |
| globalVars.c:27:9:27:12 | Load | globalVars.c:27:9:27:12 | copy |
| globalVars.c:30:15:30:18 | Load | globalVars.c:30:15:30:18 | copy |
| globalVars.c:30:15:30:18 | Load | globalVars.c:30:15:30:18 | copy |
| globalVars.c:35:11:35:14 | Load | globalVars.c:35:11:35:14 | copy |
| globalVars.c:27:9:27:12 | copy | globalVars.c:27:9:27:12 | copy |
| globalVars.c:27:9:27:12 | copy | globalVars.c:27:9:27:12 | copy |
| globalVars.c:27:9:27:12 | copy | globalVars.c:27:9:27:12 | copy |
| globalVars.c:30:15:30:18 | copy | globalVars.c:30:15:30:18 | copy |
| globalVars.c:30:15:30:18 | copy | globalVars.c:30:15:30:18 | copy |
| globalVars.c:35:11:35:14 | copy | globalVars.c:15:21:15:23 | val |
| globalVars.c:38:9:38:13 | Load | globalVars.c:38:9:38:13 | copy2 |
| globalVars.c:38:9:38:13 | Load | globalVars.c:38:9:38:13 | copy2 |
| globalVars.c:38:9:38:13 | Load | globalVars.c:38:9:38:13 | copy2 |
| globalVars.c:41:15:41:19 | Load | globalVars.c:41:15:41:19 | copy2 |
| globalVars.c:41:15:41:19 | Load | globalVars.c:41:15:41:19 | copy2 |
| globalVars.c:50:9:50:13 | Load | globalVars.c:50:9:50:13 | copy2 |
| globalVars.c:50:9:50:13 | Load | globalVars.c:50:9:50:13 | copy2 |
| globalVars.c:50:9:50:13 | Load | globalVars.c:50:9:50:13 | copy2 |
| globalVars.c:35:11:35:14 | copy | globalVars.c:35:11:35:14 | copy |
| globalVars.c:38:9:38:13 | copy2 | globalVars.c:38:9:38:13 | copy2 |
| globalVars.c:38:9:38:13 | copy2 | globalVars.c:38:9:38:13 | copy2 |
| globalVars.c:38:9:38:13 | copy2 | globalVars.c:38:9:38:13 | copy2 |
| globalVars.c:41:15:41:19 | copy2 | globalVars.c:41:15:41:19 | copy2 |
| globalVars.c:41:15:41:19 | copy2 | globalVars.c:41:15:41:19 | copy2 |
| globalVars.c:50:9:50:13 | copy2 | globalVars.c:50:9:50:13 | copy2 |
| globalVars.c:50:9:50:13 | copy2 | globalVars.c:50:9:50:13 | copy2 |
| globalVars.c:50:9:50:13 | copy2 | globalVars.c:50:9:50:13 | copy2 |
subpaths
nodes
| globalVars.c:8:7:8:10 | copy | semmle.label | copy |
| globalVars.c:9:7:9:11 | copy2 | semmle.label | copy2 |
| globalVars.c:11:22:11:25 | argv | semmle.label | argv |
| globalVars.c:12:2:12:15 | Store | semmle.label | Store |
| globalVars.c:12:2:12:15 | ... = ... | semmle.label | ... = ... |
| globalVars.c:15:21:15:23 | val | semmle.label | val |
| globalVars.c:16:2:16:12 | Store | semmle.label | Store |
| globalVars.c:16:2:16:12 | ... = ... | semmle.label | ... = ... |
| globalVars.c:24:11:24:14 | argv | semmle.label | argv |
| globalVars.c:24:11:24:14 | argv | semmle.label | argv |
| globalVars.c:27:9:27:12 | Load | semmle.label | Load |
| globalVars.c:27:9:27:12 | copy | semmle.label | copy |
| globalVars.c:27:9:27:12 | copy | semmle.label | copy |
| globalVars.c:27:9:27:12 | copy | semmle.label | copy |
| globalVars.c:30:15:30:18 | Load | semmle.label | Load |
| globalVars.c:27:9:27:12 | copy | semmle.label | copy |
| globalVars.c:30:15:30:18 | copy | semmle.label | copy |
| globalVars.c:30:15:30:18 | copy | semmle.label | copy |
| globalVars.c:30:15:30:18 | copy | semmle.label | copy |
| globalVars.c:35:11:35:14 | Load | semmle.label | Load |
| globalVars.c:35:11:35:14 | copy | semmle.label | copy |
| globalVars.c:38:9:38:13 | Load | semmle.label | Load |
| globalVars.c:35:11:35:14 | copy | semmle.label | copy |
| globalVars.c:38:9:38:13 | copy2 | semmle.label | copy2 |
| globalVars.c:38:9:38:13 | copy2 | semmle.label | copy2 |
| globalVars.c:38:9:38:13 | copy2 | semmle.label | copy2 |
| globalVars.c:38:9:38:13 | copy2 | semmle.label | copy2 |
| globalVars.c:41:15:41:19 | Load | semmle.label | Load |
| globalVars.c:41:15:41:19 | copy2 | semmle.label | copy2 |
| globalVars.c:41:15:41:19 | copy2 | semmle.label | copy2 |
| globalVars.c:50:9:50:13 | Load | semmle.label | Load |
| globalVars.c:41:15:41:19 | copy2 | semmle.label | copy2 |
| globalVars.c:50:9:50:13 | copy2 | semmle.label | copy2 |
| globalVars.c:50:9:50:13 | copy2 | semmle.label | copy2 |
| globalVars.c:50:9:50:13 | copy2 | semmle.label | copy2 |
| globalVars.c:50:9:50:13 | copy2 | semmle.label | copy2 |

64
cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/globalVars/UncontrolledFormatStringThroughGlobalVar.expected
View File

@@ -1,58 +1,58 @@
edges
| globalVars.c:8:7:8:10 | copy | globalVars.c:27:9:27:12 | Load |
| globalVars.c:8:7:8:10 | copy | globalVars.c:30:15:30:18 | Load |
| globalVars.c:8:7:8:10 | copy | globalVars.c:35:11:35:14 | Load |
| globalVars.c:9:7:9:11 | copy2 | globalVars.c:38:9:38:13 | Load |
| globalVars.c:9:7:9:11 | copy2 | globalVars.c:41:15:41:19 | Load |
| globalVars.c:9:7:9:11 | copy2 | globalVars.c:50:9:50:13 | Load |
| globalVars.c:11:22:11:25 | argv | globalVars.c:12:2:12:15 | Store |
| globalVars.c:12:2:12:15 | Store | globalVars.c:8:7:8:10 | copy |
| globalVars.c:15:21:15:23 | val | globalVars.c:16:2:16:12 | Store |
| globalVars.c:16:2:16:12 | Store | globalVars.c:9:7:9:11 | copy2 |
| globalVars.c:8:7:8:10 | copy | globalVars.c:27:9:27:12 | copy |
| globalVars.c:8:7:8:10 | copy | globalVars.c:30:15:30:18 | copy |
| globalVars.c:8:7:8:10 | copy | globalVars.c:35:11:35:14 | copy |
| globalVars.c:9:7:9:11 | copy2 | globalVars.c:38:9:38:13 | copy2 |
| globalVars.c:9:7:9:11 | copy2 | globalVars.c:41:15:41:19 | copy2 |
| globalVars.c:9:7:9:11 | copy2 | globalVars.c:50:9:50:13 | copy2 |
| globalVars.c:11:22:11:25 | argv | globalVars.c:12:2:12:15 | ... = ... |
| globalVars.c:12:2:12:15 | ... = ... | globalVars.c:8:7:8:10 | copy |
| globalVars.c:15:21:15:23 | val | globalVars.c:16:2:16:12 | ... = ... |
| globalVars.c:16:2:16:12 | ... = ... | globalVars.c:9:7:9:11 | copy2 |
| globalVars.c:24:11:24:14 | argv | globalVars.c:11:22:11:25 | argv |
| globalVars.c:24:11:24:14 | argv | globalVars.c:11:22:11:25 | argv |
| globalVars.c:27:9:27:12 | Load | globalVars.c:27:9:27:12 | copy |
| globalVars.c:27:9:27:12 | Load | globalVars.c:27:9:27:12 | copy |
| globalVars.c:27:9:27:12 | Load | globalVars.c:27:9:27:12 | copy |
| globalVars.c:30:15:30:18 | Load | globalVars.c:30:15:30:18 | copy |
| globalVars.c:30:15:30:18 | Load | globalVars.c:30:15:30:18 | copy |
| globalVars.c:35:11:35:14 | Load | globalVars.c:35:11:35:14 | copy |
| globalVars.c:27:9:27:12 | copy | globalVars.c:27:9:27:12 | copy |
| globalVars.c:27:9:27:12 | copy | globalVars.c:27:9:27:12 | copy |
| globalVars.c:27:9:27:12 | copy | globalVars.c:27:9:27:12 | copy |
| globalVars.c:30:15:30:18 | copy | globalVars.c:30:15:30:18 | copy |
| globalVars.c:30:15:30:18 | copy | globalVars.c:30:15:30:18 | copy |
| globalVars.c:35:11:35:14 | copy | globalVars.c:15:21:15:23 | val |
| globalVars.c:38:9:38:13 | Load | globalVars.c:38:9:38:13 | copy2 |
| globalVars.c:38:9:38:13 | Load | globalVars.c:38:9:38:13 | copy2 |
| globalVars.c:38:9:38:13 | Load | globalVars.c:38:9:38:13 | copy2 |
| globalVars.c:41:15:41:19 | Load | globalVars.c:41:15:41:19 | copy2 |
| globalVars.c:41:15:41:19 | Load | globalVars.c:41:15:41:19 | copy2 |
| globalVars.c:50:9:50:13 | Load | globalVars.c:50:9:50:13 | copy2 |
| globalVars.c:50:9:50:13 | Load | globalVars.c:50:9:50:13 | copy2 |
| globalVars.c:50:9:50:13 | Load | globalVars.c:50:9:50:13 | copy2 |
| globalVars.c:35:11:35:14 | copy | globalVars.c:35:11:35:14 | copy |
| globalVars.c:38:9:38:13 | copy2 | globalVars.c:38:9:38:13 | copy2 |
| globalVars.c:38:9:38:13 | copy2 | globalVars.c:38:9:38:13 | copy2 |
| globalVars.c:38:9:38:13 | copy2 | globalVars.c:38:9:38:13 | copy2 |
| globalVars.c:41:15:41:19 | copy2 | globalVars.c:41:15:41:19 | copy2 |
| globalVars.c:41:15:41:19 | copy2 | globalVars.c:41:15:41:19 | copy2 |
| globalVars.c:50:9:50:13 | copy2 | globalVars.c:50:9:50:13 | copy2 |
| globalVars.c:50:9:50:13 | copy2 | globalVars.c:50:9:50:13 | copy2 |
| globalVars.c:50:9:50:13 | copy2 | globalVars.c:50:9:50:13 | copy2 |
subpaths
nodes
| globalVars.c:8:7:8:10 | copy | semmle.label | copy |
| globalVars.c:9:7:9:11 | copy2 | semmle.label | copy2 |
| globalVars.c:11:22:11:25 | argv | semmle.label | argv |
| globalVars.c:12:2:12:15 | Store | semmle.label | Store |
| globalVars.c:12:2:12:15 | ... = ... | semmle.label | ... = ... |
| globalVars.c:15:21:15:23 | val | semmle.label | val |
| globalVars.c:16:2:16:12 | Store | semmle.label | Store |
| globalVars.c:16:2:16:12 | ... = ... | semmle.label | ... = ... |
| globalVars.c:24:11:24:14 | argv | semmle.label | argv |
| globalVars.c:24:11:24:14 | argv | semmle.label | argv |
| globalVars.c:27:9:27:12 | Load | semmle.label | Load |
| globalVars.c:27:9:27:12 | copy | semmle.label | copy |
| globalVars.c:27:9:27:12 | copy | semmle.label | copy |
| globalVars.c:27:9:27:12 | copy | semmle.label | copy |
| globalVars.c:30:15:30:18 | Load | semmle.label | Load |
| globalVars.c:27:9:27:12 | copy | semmle.label | copy |
| globalVars.c:30:15:30:18 | copy | semmle.label | copy |
| globalVars.c:30:15:30:18 | copy | semmle.label | copy |
| globalVars.c:30:15:30:18 | copy | semmle.label | copy |
| globalVars.c:35:11:35:14 | Load | semmle.label | Load |
| globalVars.c:35:11:35:14 | copy | semmle.label | copy |
| globalVars.c:38:9:38:13 | Load | semmle.label | Load |
| globalVars.c:35:11:35:14 | copy | semmle.label | copy |
| globalVars.c:38:9:38:13 | copy2 | semmle.label | copy2 |
| globalVars.c:38:9:38:13 | copy2 | semmle.label | copy2 |
| globalVars.c:38:9:38:13 | copy2 | semmle.label | copy2 |
| globalVars.c:38:9:38:13 | copy2 | semmle.label | copy2 |
| globalVars.c:41:15:41:19 | Load | semmle.label | Load |
| globalVars.c:41:15:41:19 | copy2 | semmle.label | copy2 |
| globalVars.c:41:15:41:19 | copy2 | semmle.label | copy2 |
| globalVars.c:50:9:50:13 | Load | semmle.label | Load |
| globalVars.c:41:15:41:19 | copy2 | semmle.label | copy2 |
| globalVars.c:50:9:50:13 | copy2 | semmle.label | copy2 |
| globalVars.c:50:9:50:13 | copy2 | semmle.label | copy2 |
| globalVars.c:50:9:50:13 | copy2 | semmle.label | copy2 |
| globalVars.c:50:9:50:13 | copy2 | semmle.label | copy2 |

18
cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/ArithmeticUncontrolled/ArithmeticUncontrolled.expected
View File

@@ -11,12 +11,12 @@ edges
| test.c:137:13:137:16 | call to rand | test.c:139:10:139:10 | r |
| test.c:155:22:155:25 | call to rand | test.c:157:9:157:9 | r |
| test.c:155:22:155:27 | call to rand | test.c:157:9:157:9 | r |
| test.cpp:6:5:6:12 | VariableAddress indirection | test.cpp:25:7:25:7 | r |
| test.cpp:8:9:8:12 | call to rand | test.cpp:6:5:6:12 | VariableAddress indirection |
| test.cpp:11:21:11:24 | Load indirection | test.cpp:30:13:30:14 | get_rand2 output argument |
| test.cpp:13:10:13:13 | call to rand | test.cpp:11:21:11:24 | Load indirection |
| test.cpp:16:21:16:24 | Load indirection | test.cpp:36:13:36:13 | get_rand3 output argument |
| test.cpp:18:9:18:12 | call to rand | test.cpp:16:21:16:24 | Load indirection |
| test.cpp:6:5:6:12 | get_rand indirection | test.cpp:25:7:25:7 | r |
| test.cpp:8:9:8:12 | call to rand | test.cpp:6:5:6:12 | get_rand indirection |
| test.cpp:11:21:11:24 | dest indirection | test.cpp:30:13:30:14 | get_rand2 output argument |
| test.cpp:13:10:13:13 | call to rand | test.cpp:11:21:11:24 | dest indirection |
| test.cpp:16:21:16:24 | dest indirection | test.cpp:36:13:36:13 | get_rand3 output argument |
| test.cpp:18:9:18:12 | call to rand | test.cpp:16:21:16:24 | dest indirection |
| test.cpp:30:13:30:14 | get_rand2 output argument | test.cpp:31:7:31:7 | r |
| test.cpp:36:13:36:13 | get_rand3 output argument | test.cpp:37:7:37:7 | r |
| test.cpp:86:10:86:13 | call to rand | test.cpp:90:10:90:10 | x |
@@ -54,11 +54,11 @@ nodes
| test.c:155:22:155:25 | call to rand | semmle.label | call to rand |
| test.c:155:22:155:27 | call to rand | semmle.label | call to rand |
| test.c:157:9:157:9 | r | semmle.label | r |
| test.cpp:6:5:6:12 | VariableAddress indirection | semmle.label | VariableAddress indirection |
| test.cpp:6:5:6:12 | get_rand indirection | semmle.label | get_rand indirection |
| test.cpp:8:9:8:12 | call to rand | semmle.label | call to rand |
| test.cpp:11:21:11:24 | Load indirection | semmle.label | Load indirection |
| test.cpp:11:21:11:24 | dest indirection | semmle.label | dest indirection |
| test.cpp:13:10:13:13 | call to rand | semmle.label | call to rand |
| test.cpp:16:21:16:24 | Load indirection | semmle.label | Load indirection |
| test.cpp:16:21:16:24 | dest indirection | semmle.label | dest indirection |
| test.cpp:18:9:18:12 | call to rand | semmle.label | call to rand |
| test.cpp:25:7:25:7 | r | semmle.label | r |
| test.cpp:30:13:30:14 | get_rand2 output argument | semmle.label | get_rand2 output argument |

76
cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/TaintedAllocationSize/TaintedAllocationSize.expected
View File

@@ -17,33 +17,33 @@ edges
| test.cpp:39:27:39:30 | argv indirection | test.cpp:50:26:50:29 | size |
| test.cpp:39:27:39:30 | argv indirection | test.cpp:53:35:53:60 | ... * ... |
| test.cpp:39:27:39:30 | argv indirection | test.cpp:53:35:53:60 | ... * ... |
| test.cpp:124:18:124:23 | Call | test.cpp:128:24:128:41 | ... * ... |
| test.cpp:124:18:124:23 | call to getenv | test.cpp:128:24:128:41 | ... * ... |
| test.cpp:124:18:124:31 | call to getenv indirection | test.cpp:128:24:128:41 | ... * ... |
| test.cpp:133:19:133:24 | Call | test.cpp:135:10:135:27 | ... * ... |
| test.cpp:133:19:133:24 | call to getenv | test.cpp:135:10:135:27 | ... * ... |
| test.cpp:133:19:133:32 | call to getenv indirection | test.cpp:135:10:135:27 | ... * ... |
| test.cpp:148:20:148:25 | Call | test.cpp:152:11:152:28 | ... * ... |
| test.cpp:148:20:148:25 | call to getenv | test.cpp:152:11:152:28 | ... * ... |
| test.cpp:148:20:148:33 | call to getenv indirection | test.cpp:152:11:152:28 | ... * ... |
| test.cpp:209:8:209:23 | VariableAddress indirection | test.cpp:241:9:241:24 | call to get_tainted_size |
| test.cpp:211:14:211:19 | Call | test.cpp:209:8:209:23 | VariableAddress indirection |
| test.cpp:211:14:211:27 | call to getenv indirection | test.cpp:209:8:209:23 | VariableAddress indirection |
| test.cpp:209:8:209:23 | get_tainted_size indirection | test.cpp:241:9:241:24 | call to get_tainted_size |
| test.cpp:211:14:211:19 | call to getenv | test.cpp:209:8:209:23 | get_tainted_size indirection |
| test.cpp:211:14:211:27 | call to getenv indirection | test.cpp:209:8:209:23 | get_tainted_size indirection |
| test.cpp:230:21:230:21 | s | test.cpp:231:21:231:21 | s |
| test.cpp:237:24:237:29 | Call | test.cpp:239:9:239:18 | local_size |
| test.cpp:237:24:237:29 | Call | test.cpp:245:11:245:20 | local_size |
| test.cpp:237:24:237:29 | Call | test.cpp:247:10:247:19 | local_size |
| test.cpp:237:24:237:29 | call to getenv | test.cpp:239:9:239:18 | local_size |
| test.cpp:237:24:237:29 | call to getenv | test.cpp:245:11:245:20 | local_size |
| test.cpp:237:24:237:29 | call to getenv | test.cpp:247:10:247:19 | local_size |
| test.cpp:237:24:237:37 | call to getenv indirection | test.cpp:239:9:239:18 | local_size |
| test.cpp:237:24:237:37 | call to getenv indirection | test.cpp:245:11:245:20 | local_size |
| test.cpp:237:24:237:37 | call to getenv indirection | test.cpp:247:10:247:19 | local_size |
| test.cpp:247:10:247:19 | local_size | test.cpp:230:21:230:21 | s |
| test.cpp:250:20:250:27 | Load indirection | test.cpp:289:17:289:20 | get_size output argument |
| test.cpp:250:20:250:27 | Load indirection | test.cpp:305:18:305:21 | get_size output argument |
| test.cpp:251:18:251:23 | Call | test.cpp:250:20:250:27 | Load indirection |
| test.cpp:251:18:251:31 | call to getenv indirection | test.cpp:250:20:250:27 | Load indirection |
| test.cpp:259:20:259:25 | Call | test.cpp:263:11:263:29 | ... * ... |
| test.cpp:250:20:250:27 | out_size indirection | test.cpp:289:17:289:20 | get_size output argument |
| test.cpp:250:20:250:27 | out_size indirection | test.cpp:305:18:305:21 | get_size output argument |
| test.cpp:251:18:251:23 | call to getenv | test.cpp:250:20:250:27 | out_size indirection |
| test.cpp:251:18:251:31 | call to getenv indirection | test.cpp:250:20:250:27 | out_size indirection |
| test.cpp:259:20:259:25 | call to getenv | test.cpp:263:11:263:29 | ... * ... |
| test.cpp:259:20:259:33 | call to getenv indirection | test.cpp:263:11:263:29 | ... * ... |
| test.cpp:289:17:289:20 | get_size output argument | test.cpp:291:11:291:28 | ... * ... |
| test.cpp:305:18:305:21 | get_size output argument | test.cpp:308:10:308:27 | ... * ... |
| test.cpp:353:18:353:23 | Call | test.cpp:355:35:355:38 | size |
| test.cpp:353:18:353:23 | Call | test.cpp:356:35:356:38 | size |
| test.cpp:353:18:353:23 | call to getenv | test.cpp:355:35:355:38 | size |
| test.cpp:353:18:353:23 | call to getenv | test.cpp:356:35:356:38 | size |
| test.cpp:353:18:353:31 | call to getenv indirection | test.cpp:355:35:355:38 | size |
| test.cpp:353:18:353:31 | call to getenv indirection | test.cpp:356:35:356:38 | size |
nodes
@@ -56,37 +56,37 @@ nodes
| test.cpp:49:32:49:35 | size | semmle.label | size |
| test.cpp:50:26:50:29 | size | semmle.label | size |
| test.cpp:53:35:53:60 | ... * ... | semmle.label | ... * ... |
| test.cpp:124:18:124:23 | Call | semmle.label | Call |
| test.cpp:124:18:124:23 | call to getenv | semmle.label | call to getenv |
| test.cpp:124:18:124:31 | call to getenv indirection | semmle.label | call to getenv indirection |
| test.cpp:128:24:128:41 | ... * ... | semmle.label | ... * ... |
| test.cpp:133:19:133:24 | Call | semmle.label | Call |
| test.cpp:133:19:133:24 | call to getenv | semmle.label | call to getenv |
| test.cpp:133:19:133:32 | call to getenv indirection | semmle.label | call to getenv indirection |
| test.cpp:135:10:135:27 | ... * ... | semmle.label | ... * ... |
| test.cpp:148:20:148:25 | Call | semmle.label | Call |
| test.cpp:148:20:148:25 | call to getenv | semmle.label | call to getenv |
| test.cpp:148:20:148:33 | call to getenv indirection | semmle.label | call to getenv indirection |
| test.cpp:152:11:152:28 | ... * ... | semmle.label | ... * ... |
| test.cpp:209:8:209:23 | VariableAddress indirection | semmle.label | VariableAddress indirection |
| test.cpp:211:14:211:19 | Call | semmle.label | Call |
| test.cpp:209:8:209:23 | get_tainted_size indirection | semmle.label | get_tainted_size indirection |
| test.cpp:211:14:211:19 | call to getenv | semmle.label | call to getenv |
| test.cpp:211:14:211:27 | call to getenv indirection | semmle.label | call to getenv indirection |
| test.cpp:230:21:230:21 | s | semmle.label | s |
| test.cpp:231:21:231:21 | s | semmle.label | s |
| test.cpp:237:24:237:29 | Call | semmle.label | Call |
| test.cpp:237:24:237:29 | call to getenv | semmle.label | call to getenv |
| test.cpp:237:24:237:37 | call to getenv indirection | semmle.label | call to getenv indirection |
| test.cpp:239:9:239:18 | local_size | semmle.label | local_size |
| test.cpp:241:9:241:24 | call to get_tainted_size | semmle.label | call to get_tainted_size |
| test.cpp:245:11:245:20 | local_size | semmle.label | local_size |
| test.cpp:247:10:247:19 | local_size | semmle.label | local_size |
| test.cpp:250:20:250:27 | Load indirection | semmle.label | Load indirection |
| test.cpp:251:18:251:23 | Call | semmle.label | Call |
| test.cpp:250:20:250:27 | out_size indirection | semmle.label | out_size indirection |
| test.cpp:251:18:251:23 | call to getenv | semmle.label | call to getenv |
| test.cpp:251:18:251:31 | call to getenv indirection | semmle.label | call to getenv indirection |
| test.cpp:259:20:259:25 | Call | semmle.label | Call |
| test.cpp:259:20:259:25 | call to getenv | semmle.label | call to getenv |
| test.cpp:259:20:259:33 | call to getenv indirection | semmle.label | call to getenv indirection |
| test.cpp:263:11:263:29 | ... * ... | semmle.label | ... * ... |
| test.cpp:289:17:289:20 | get_size output argument | semmle.label | get_size output argument |
| test.cpp:291:11:291:28 | ... * ... | semmle.label | ... * ... |
| test.cpp:305:18:305:21 | get_size output argument | semmle.label | get_size output argument |
| test.cpp:308:10:308:27 | ... * ... | semmle.label | ... * ... |
| test.cpp:353:18:353:23 | Call | semmle.label | Call |
| test.cpp:353:18:353:23 | call to getenv | semmle.label | call to getenv |
| test.cpp:353:18:353:31 | call to getenv indirection | semmle.label | call to getenv indirection |
| test.cpp:355:35:355:38 | size | semmle.label | size |
| test.cpp:356:35:356:38 | size | semmle.label | size |
@@ -110,27 +110,27 @@ subpaths
| test.cpp:53:21:53:27 | call to realloc | test.cpp:39:27:39:30 | argv | test.cpp:53:35:53:60 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:39:27:39:30 | argv | user input (a command-line argument) |
| test.cpp:53:21:53:27 | call to realloc | test.cpp:39:27:39:30 | argv indirection | test.cpp:53:35:53:60 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:39:27:39:30 | argv indirection | user input (a command-line argument) |
| test.cpp:53:21:53:27 | call to realloc | test.cpp:39:27:39:30 | argv indirection | test.cpp:53:35:53:60 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:39:27:39:30 | argv indirection | user input (a command-line argument) |
| test.cpp:128:17:128:22 | call to malloc | test.cpp:124:18:124:23 | Call | test.cpp:128:24:128:41 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:124:18:124:23 | Call | user input (an environment variable) |
| test.cpp:128:17:128:22 | call to malloc | test.cpp:124:18:124:23 | call to getenv | test.cpp:128:24:128:41 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:124:18:124:23 | call to getenv | user input (an environment variable) |
| test.cpp:128:17:128:22 | call to malloc | test.cpp:124:18:124:31 | call to getenv indirection | test.cpp:128:24:128:41 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:124:18:124:31 | call to getenv indirection | user input (an environment variable) |
| test.cpp:135:3:135:8 | call to malloc | test.cpp:133:19:133:24 | Call | test.cpp:135:10:135:27 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:133:19:133:24 | Call | user input (an environment variable) |
| test.cpp:135:3:135:8 | call to malloc | test.cpp:133:19:133:24 | call to getenv | test.cpp:135:10:135:27 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:133:19:133:24 | call to getenv | user input (an environment variable) |
| test.cpp:135:3:135:8 | call to malloc | test.cpp:133:19:133:32 | call to getenv indirection | test.cpp:135:10:135:27 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:133:19:133:32 | call to getenv indirection | user input (an environment variable) |
| test.cpp:152:4:152:9 | call to malloc | test.cpp:148:20:148:25 | Call | test.cpp:152:11:152:28 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:148:20:148:25 | Call | user input (an environment variable) |
| test.cpp:152:4:152:9 | call to malloc | test.cpp:148:20:148:25 | call to getenv | test.cpp:152:11:152:28 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:148:20:148:25 | call to getenv | user input (an environment variable) |
| test.cpp:152:4:152:9 | call to malloc | test.cpp:148:20:148:33 | call to getenv indirection | test.cpp:152:11:152:28 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:148:20:148:33 | call to getenv indirection | user input (an environment variable) |
| test.cpp:231:14:231:19 | call to malloc | test.cpp:237:24:237:29 | Call | test.cpp:231:21:231:21 | s | This allocation size is derived from $@ and might overflow. | test.cpp:237:24:237:29 | Call | user input (an environment variable) |
| test.cpp:231:14:231:19 | call to malloc | test.cpp:237:24:237:29 | call to getenv | test.cpp:231:21:231:21 | s | This allocation size is derived from $@ and might overflow. | test.cpp:237:24:237:29 | call to getenv | user input (an environment variable) |
| test.cpp:231:14:231:19 | call to malloc | test.cpp:237:24:237:37 | call to getenv indirection | test.cpp:231:21:231:21 | s | This allocation size is derived from $@ and might overflow. | test.cpp:237:24:237:37 | call to getenv indirection | user input (an environment variable) |
| test.cpp:239:2:239:7 | call to malloc | test.cpp:237:24:237:29 | Call | test.cpp:239:9:239:18 | local_size | This allocation size is derived from $@ and might overflow. | test.cpp:237:24:237:29 | Call | user input (an environment variable) |
| test.cpp:239:2:239:7 | call to malloc | test.cpp:237:24:237:29 | call to getenv | test.cpp:239:9:239:18 | local_size | This allocation size is derived from $@ and might overflow. | test.cpp:237:24:237:29 | call to getenv | user input (an environment variable) |
| test.cpp:239:2:239:7 | call to malloc | test.cpp:237:24:237:37 | call to getenv indirection | test.cpp:239:9:239:18 | local_size | This allocation size is derived from $@ and might overflow. | test.cpp:237:24:237:37 | call to getenv indirection | user input (an environment variable) |
| test.cpp:241:2:241:7 | call to malloc | test.cpp:211:14:211:19 | Call | test.cpp:241:9:241:24 | call to get_tainted_size | This allocation size is derived from $@ and might overflow. | test.cpp:211:14:211:19 | Call | user input (an environment variable) |
| test.cpp:241:2:241:7 | call to malloc | test.cpp:211:14:211:19 | call to getenv | test.cpp:241:9:241:24 | call to get_tainted_size | This allocation size is derived from $@ and might overflow. | test.cpp:211:14:211:19 | call to getenv | user input (an environment variable) |
| test.cpp:241:2:241:7 | call to malloc | test.cpp:211:14:211:27 | call to getenv indirection | test.cpp:241:9:241:24 | call to get_tainted_size | This allocation size is derived from $@ and might overflow. | test.cpp:211:14:211:27 | call to getenv indirection | user input (an environment variable) |
| test.cpp:245:2:245:9 | call to my_alloc | test.cpp:237:24:237:29 | Call | test.cpp:245:11:245:20 | local_size | This allocation size is derived from $@ and might overflow. | test.cpp:237:24:237:29 | Call | user input (an environment variable) |
| test.cpp:245:2:245:9 | call to my_alloc | test.cpp:237:24:237:29 | call to getenv | test.cpp:245:11:245:20 | local_size | This allocation size is derived from $@ and might overflow. | test.cpp:237:24:237:29 | call to getenv | user input (an environment variable) |
| test.cpp:245:2:245:9 | call to my_alloc | test.cpp:237:24:237:37 | call to getenv indirection | test.cpp:245:11:245:20 | local_size | This allocation size is derived from $@ and might overflow. | test.cpp:237:24:237:37 | call to getenv indirection | user input (an environment variable) |
| test.cpp:263:4:263:9 | call to malloc | test.cpp:259:20:259:25 | Call | test.cpp:263:11:263:29 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:259:20:259:25 | Call | user input (an environment variable) |
| test.cpp:263:4:263:9 | call to malloc | test.cpp:259:20:259:25 | call to getenv | test.cpp:263:11:263:29 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:259:20:259:25 | call to getenv | user input (an environment variable) |
| test.cpp:263:4:263:9 | call to malloc | test.cpp:259:20:259:33 | call to getenv indirection | test.cpp:263:11:263:29 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:259:20:259:33 | call to getenv indirection | user input (an environment variable) |
| test.cpp:291:4:291:9 | call to malloc | test.cpp:251:18:251:23 | Call | test.cpp:291:11:291:28 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:251:18:251:23 | Call | user input (an environment variable) |
| test.cpp:291:4:291:9 | call to malloc | test.cpp:251:18:251:23 | call to getenv | test.cpp:291:11:291:28 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:251:18:251:23 | call to getenv | user input (an environment variable) |
| test.cpp:291:4:291:9 | call to malloc | test.cpp:251:18:251:31 | call to getenv indirection | test.cpp:291:11:291:28 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:251:18:251:31 | call to getenv indirection | user input (an environment variable) |
| test.cpp:308:3:308:8 | call to malloc | test.cpp:251:18:251:23 | Call | test.cpp:308:10:308:27 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:251:18:251:23 | Call | user input (an environment variable) |
| test.cpp:308:3:308:8 | call to malloc | test.cpp:251:18:251:23 | call to getenv | test.cpp:308:10:308:27 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:251:18:251:23 | call to getenv | user input (an environment variable) |
| test.cpp:308:3:308:8 | call to malloc | test.cpp:251:18:251:31 | call to getenv indirection | test.cpp:308:10:308:27 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:251:18:251:31 | call to getenv indirection | user input (an environment variable) |
| test.cpp:355:25:355:33 | call to MyMalloc1 | test.cpp:353:18:353:23 | Call | test.cpp:355:35:355:38 | size | This allocation size is derived from $@ and might overflow. | test.cpp:353:18:353:23 | Call | user input (an environment variable) |
| test.cpp:355:25:355:33 | call to MyMalloc1 | test.cpp:353:18:353:23 | call to getenv | test.cpp:355:35:355:38 | size | This allocation size is derived from $@ and might overflow. | test.cpp:353:18:353:23 | call to getenv | user input (an environment variable) |
| test.cpp:355:25:355:33 | call to MyMalloc1 | test.cpp:353:18:353:31 | call to getenv indirection | test.cpp:355:35:355:38 | size | This allocation size is derived from $@ and might overflow. | test.cpp:353:18:353:31 | call to getenv indirection | user input (an environment variable) |
| test.cpp:356:25:356:33 | call to MyMalloc2 | test.cpp:353:18:353:23 | Call | test.cpp:356:35:356:38 | size | This allocation size is derived from $@ and might overflow. | test.cpp:353:18:353:23 | Call | user input (an environment variable) |
| test.cpp:356:25:356:33 | call to MyMalloc2 | test.cpp:353:18:353:23 | call to getenv | test.cpp:356:35:356:38 | size | This allocation size is derived from $@ and might overflow. | test.cpp:353:18:353:23 | call to getenv | user input (an environment variable) |
| test.cpp:356:25:356:33 | call to MyMalloc2 | test.cpp:353:18:353:31 | call to getenv indirection | test.cpp:356:35:356:38 | size | This allocation size is derived from $@ and might overflow. | test.cpp:353:18:353:31 | call to getenv indirection | user input (an environment variable) |

16
cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/tainted/ArithmeticTainted.expected
View File

@@ -4,13 +4,13 @@ edges
| test2.cpp:25:22:25:23 | & ... | test2.cpp:27:13:27:13 | v |
| test2.cpp:25:22:25:23 | fscanf output argument | test2.cpp:27:13:27:13 | v |
| test2.cpp:27:13:27:13 | v | test2.cpp:12:21:12:21 | v |
| test5.cpp:5:5:5:17 | VariableAddress indirection | test5.cpp:17:6:17:18 | call to getTaintedInt |
| test5.cpp:5:5:5:17 | VariableAddress indirection | test5.cpp:17:6:17:18 | call to getTaintedInt |
| test5.cpp:5:5:5:17 | VariableAddress indirection | test5.cpp:19:6:19:6 | y |
| test5.cpp:5:5:5:17 | VariableAddress indirection | test5.cpp:19:6:19:6 | y |
| test5.cpp:9:7:9:9 | buf | test5.cpp:5:5:5:17 | VariableAddress indirection |
| test5.cpp:9:7:9:9 | buf | test5.cpp:5:5:5:17 | VariableAddress indirection |
| test5.cpp:9:7:9:9 | gets output argument | test5.cpp:5:5:5:17 | VariableAddress indirection |
| test5.cpp:5:5:5:17 | getTaintedInt indirection | test5.cpp:17:6:17:18 | call to getTaintedInt |
| test5.cpp:5:5:5:17 | getTaintedInt indirection | test5.cpp:17:6:17:18 | call to getTaintedInt |
| test5.cpp:5:5:5:17 | getTaintedInt indirection | test5.cpp:19:6:19:6 | y |
| test5.cpp:5:5:5:17 | getTaintedInt indirection | test5.cpp:19:6:19:6 | y |
| test5.cpp:9:7:9:9 | buf | test5.cpp:5:5:5:17 | getTaintedInt indirection |
| test5.cpp:9:7:9:9 | buf | test5.cpp:5:5:5:17 | getTaintedInt indirection |
| test5.cpp:9:7:9:9 | gets output argument | test5.cpp:5:5:5:17 | getTaintedInt indirection |
| test.c:11:29:11:32 | argv | test.c:14:15:14:28 | maxConnections |
| test.c:11:29:11:32 | argv | test.c:14:15:14:28 | maxConnections |
| test.c:11:29:11:32 | argv | test.c:14:15:14:28 | maxConnections |
@@ -31,7 +31,7 @@ nodes
| test2.cpp:25:22:25:23 | & ... | semmle.label | & ... |
| test2.cpp:25:22:25:23 | fscanf output argument | semmle.label | fscanf output argument |
| test2.cpp:27:13:27:13 | v | semmle.label | v |
| test5.cpp:5:5:5:17 | VariableAddress indirection | semmle.label | VariableAddress indirection |
| test5.cpp:5:5:5:17 | getTaintedInt indirection | semmle.label | getTaintedInt indirection |
| test5.cpp:9:7:9:9 | buf | semmle.label | buf |
| test5.cpp:9:7:9:9 | buf | semmle.label | buf |
| test5.cpp:9:7:9:9 | gets output argument | semmle.label | gets output argument |

6
cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextTransmission.expected
View File

@@ -2,8 +2,8 @@ edges
| test3.cpp:74:21:74:29 | password1 | test3.cpp:76:15:76:17 | ptr |
| test3.cpp:81:15:81:22 | password | test3.cpp:83:15:83:17 | ptr |
| test3.cpp:112:20:112:25 | buffer | test3.cpp:114:14:114:19 | buffer |
| test3.cpp:124:7:124:20 | VariableAddress indirection | test3.cpp:146:15:146:18 | data |
| test3.cpp:126:9:126:23 | global_password | test3.cpp:124:7:124:20 | VariableAddress indirection |
| test3.cpp:124:7:124:20 | get_global_str indirection | test3.cpp:146:15:146:18 | data |
| test3.cpp:126:9:126:23 | global_password | test3.cpp:124:7:124:20 | get_global_str indirection |
| test3.cpp:134:11:134:18 | password | test3.cpp:112:20:112:25 | buffer |
| test3.cpp:138:24:138:32 | password1 | test3.cpp:140:15:140:17 | ptr |
| test3.cpp:157:19:157:26 | password | test3.cpp:159:15:159:20 | buffer |
@@ -40,7 +40,7 @@ nodes
| test3.cpp:101:12:101:19 | password | semmle.label | password |
| test3.cpp:112:20:112:25 | buffer | semmle.label | buffer |
| test3.cpp:114:14:114:19 | buffer | semmle.label | buffer |
| test3.cpp:124:7:124:20 | VariableAddress indirection | semmle.label | VariableAddress indirection |
| test3.cpp:124:7:124:20 | get_global_str indirection | semmle.label | get_global_str indirection |
| test3.cpp:126:9:126:23 | global_password | semmle.label | global_password |
| test3.cpp:134:11:134:18 | password | semmle.label | password |
| test3.cpp:138:24:138:32 | password1 | semmle.label | password1 |

32
cpp/ql/test/query-tests/Security/CWE/CWE-319/UseOfHttp/UseOfHttp.expected
View File

@@ -1,10 +1,10 @@
edges
| test.cpp:11:26:11:28 | url | test.cpp:15:30:15:32 | url |
| test.cpp:11:26:11:28 | url indirection | test.cpp:15:30:15:32 | url |
| test.cpp:24:13:24:17 | url_g | test.cpp:38:11:38:15 | Load |
| test.cpp:24:21:24:40 | Store | test.cpp:24:13:24:17 | url_g |
| test.cpp:24:21:24:40 | http://example.com | test.cpp:24:21:24:40 | Store |
| test.cpp:24:21:24:40 | http://example.com | test.cpp:24:21:24:40 | Store |
| test.cpp:24:13:24:17 | url_g | test.cpp:38:11:38:15 | url_g |
| test.cpp:24:21:24:40 | array to pointer conversion | test.cpp:24:13:24:17 | url_g |
| test.cpp:24:21:24:40 | http://example.com | test.cpp:24:21:24:40 | array to pointer conversion |
| test.cpp:24:21:24:40 | http://example.com | test.cpp:24:21:24:40 | array to pointer conversion |
| test.cpp:28:10:28:29 | http://example.com | test.cpp:11:26:11:28 | url |
| test.cpp:28:10:28:29 | http://example.com | test.cpp:28:10:28:29 | http://example.com |
| test.cpp:35:23:35:42 | http://example.com | test.cpp:39:11:39:15 | url_l |
@@ -13,31 +13,31 @@ edges
| test.cpp:36:26:36:45 | http://example.com | test.cpp:40:11:40:17 | access to array |
| test.cpp:36:26:36:45 | http://example.com | test.cpp:40:11:40:17 | access to array indirection |
| test.cpp:36:26:36:45 | http://example.com | test.cpp:40:11:40:17 | access to array indirection |
| test.cpp:38:11:38:15 | Load | test.cpp:38:11:38:15 | url_g |
| test.cpp:38:11:38:15 | url_g | test.cpp:11:26:11:28 | url |
| test.cpp:38:11:38:15 | url_g | test.cpp:38:11:38:15 | url_g |
| test.cpp:39:11:39:15 | url_l | test.cpp:11:26:11:28 | url |
| test.cpp:40:11:40:17 | access to array | test.cpp:11:26:11:28 | url |
| test.cpp:40:11:40:17 | access to array indirection | test.cpp:11:26:11:28 | url indirection |
| test.cpp:46:18:46:26 | http:// | test.cpp:49:11:49:16 | Convert indirection |
| test.cpp:46:18:46:26 | http:// | test.cpp:49:11:49:16 | Convert indirection |
| test.cpp:46:18:46:26 | http:// | test.cpp:49:11:49:16 | (const char *)... indirection |
| test.cpp:46:18:46:26 | http:// | test.cpp:49:11:49:16 | (const char *)... indirection |
| test.cpp:46:18:46:26 | http:// | test.cpp:49:11:49:16 | buffer |
| test.cpp:46:18:46:26 | http:// | test.cpp:49:11:49:16 | buffer |
| test.cpp:49:11:49:16 | Convert indirection | test.cpp:11:26:11:28 | url indirection |
| test.cpp:49:11:49:16 | (const char *)... indirection | test.cpp:11:26:11:28 | url indirection |
| test.cpp:49:11:49:16 | buffer | test.cpp:11:26:11:28 | url |
| test.cpp:110:21:110:40 | http://example.com | test.cpp:121:11:121:13 | Convert indirection |
| test.cpp:110:21:110:40 | http://example.com | test.cpp:121:11:121:13 | Convert indirection |
| test.cpp:110:21:110:40 | http://example.com | test.cpp:121:11:121:13 | Convert indirection |
| test.cpp:110:21:110:40 | http://example.com | test.cpp:121:11:121:13 | (const char *)... indirection |
| test.cpp:110:21:110:40 | http://example.com | test.cpp:121:11:121:13 | (const char *)... indirection |
| test.cpp:110:21:110:40 | http://example.com | test.cpp:121:11:121:13 | (const char *)... indirection |
| test.cpp:110:21:110:40 | http://example.com | test.cpp:121:11:121:13 | ptr |
| test.cpp:110:21:110:40 | http://example.com | test.cpp:121:11:121:13 | ptr |
| test.cpp:110:21:110:40 | http://example.com | test.cpp:121:11:121:13 | ptr |
| test.cpp:121:11:121:13 | Convert indirection | test.cpp:11:26:11:28 | url indirection |
| test.cpp:121:11:121:13 | (const char *)... indirection | test.cpp:11:26:11:28 | url indirection |
| test.cpp:121:11:121:13 | ptr | test.cpp:11:26:11:28 | url |
nodes
| test.cpp:11:26:11:28 | url | semmle.label | url |
| test.cpp:11:26:11:28 | url indirection | semmle.label | url indirection |
| test.cpp:15:30:15:32 | url | semmle.label | url |
| test.cpp:24:13:24:17 | url_g | semmle.label | url_g |
| test.cpp:24:21:24:40 | Store | semmle.label | Store |
| test.cpp:24:21:24:40 | array to pointer conversion | semmle.label | array to pointer conversion |
| test.cpp:24:21:24:40 | http://example.com | semmle.label | http://example.com |
| test.cpp:24:21:24:40 | http://example.com | semmle.label | http://example.com |
| test.cpp:28:10:28:29 | http://example.com | semmle.label | http://example.com |
@@ -46,19 +46,19 @@ nodes
| test.cpp:35:23:35:42 | http://example.com | semmle.label | http://example.com |
| test.cpp:36:26:36:45 | http://example.com | semmle.label | http://example.com |
| test.cpp:36:26:36:45 | http://example.com | semmle.label | http://example.com |
| test.cpp:38:11:38:15 | Load | semmle.label | Load |
| test.cpp:38:11:38:15 | url_g | semmle.label | url_g |
| test.cpp:38:11:38:15 | url_g | semmle.label | url_g |
| test.cpp:39:11:39:15 | url_l | semmle.label | url_l |
| test.cpp:40:11:40:17 | access to array | semmle.label | access to array |
| test.cpp:40:11:40:17 | access to array indirection | semmle.label | access to array indirection |
| test.cpp:46:18:46:26 | http:// | semmle.label | http:// |
| test.cpp:46:18:46:26 | http:// | semmle.label | http:// |
| test.cpp:49:11:49:16 | Convert indirection | semmle.label | Convert indirection |
| test.cpp:49:11:49:16 | (const char *)... indirection | semmle.label | (const char *)... indirection |
| test.cpp:49:11:49:16 | buffer | semmle.label | buffer |
| test.cpp:110:21:110:40 | http://example.com | semmle.label | http://example.com |
| test.cpp:110:21:110:40 | http://example.com | semmle.label | http://example.com |
| test.cpp:110:21:110:40 | http://example.com | semmle.label | http://example.com |
| test.cpp:121:11:121:13 | Convert indirection | semmle.label | Convert indirection |
| test.cpp:121:11:121:13 | (const char *)... indirection | semmle.label | (const char *)... indirection |
| test.cpp:121:11:121:13 | ptr | semmle.label | ptr |
subpaths
#select

18
cpp/ql/test/query-tests/Security/CWE/CWE-326/InsufficientKeySize.expected
View File

@@ -1,16 +1,16 @@
edges
| test.cpp:34:45:34:48 | Constant | test.cpp:34:45:34:48 | 1024 |
| test.cpp:35:49:35:52 | Constant | test.cpp:35:49:35:52 | 1024 |
| test.cpp:37:43:37:46 | Constant | test.cpp:37:43:37:46 | 1024 |
| test.cpp:34:45:34:48 | 1024 | test.cpp:34:45:34:48 | 1024 |
| test.cpp:35:49:35:52 | 1024 | test.cpp:35:49:35:52 | 1024 |
| test.cpp:37:43:37:46 | 1024 | test.cpp:37:43:37:46 | 1024 |
nodes
| test.cpp:34:45:34:48 | 1024 | semmle.label | 1024 |
| test.cpp:34:45:34:48 | Constant | semmle.label | Constant |
| test.cpp:34:45:34:48 | 1024 | semmle.label | 1024 |
| test.cpp:35:49:35:52 | 1024 | semmle.label | 1024 |
| test.cpp:35:49:35:52 | 1024 | semmle.label | 1024 |
| test.cpp:35:49:35:52 | Constant | semmle.label | Constant |
| test.cpp:37:43:37:46 | 1024 | semmle.label | 1024 |
| test.cpp:37:43:37:46 | Constant | semmle.label | Constant |
| test.cpp:37:43:37:46 | 1024 | semmle.label | 1024 |
subpaths
#select
| test.cpp:34:5:34:38 | call to EVP_PKEY_CTX_set_dsa_paramgen_bits | test.cpp:34:45:34:48 | Constant | test.cpp:34:45:34:48 | 1024 | The key size $@ is less than the recommended key size of 2048 bits. | test.cpp:34:45:34:48 | Constant | 1024 |
| test.cpp:35:5:35:42 | call to EVP_PKEY_CTX_set_dh_paramgen_prime_len | test.cpp:35:49:35:52 | Constant | test.cpp:35:49:35:52 | 1024 | The key size $@ is less than the recommended key size of 2048 bits. | test.cpp:35:49:35:52 | Constant | 1024 |
| test.cpp:37:5:37:36 | call to EVP_PKEY_CTX_set_rsa_keygen_bits | test.cpp:37:43:37:46 | Constant | test.cpp:37:43:37:46 | 1024 | The key size $@ is less than the recommended key size of 2048 bits. | test.cpp:37:43:37:46 | Constant | 1024 |
| test.cpp:34:5:34:38 | call to EVP_PKEY_CTX_set_dsa_paramgen_bits | test.cpp:34:45:34:48 | 1024 | test.cpp:34:45:34:48 | 1024 | The key size $@ is less than the recommended key size of 2048 bits. | test.cpp:34:45:34:48 | 1024 | 1024 |
| test.cpp:35:5:35:42 | call to EVP_PKEY_CTX_set_dh_paramgen_prime_len | test.cpp:35:49:35:52 | 1024 | test.cpp:35:49:35:52 | 1024 | The key size $@ is less than the recommended key size of 2048 bits. | test.cpp:35:49:35:52 | 1024 | 1024 |
| test.cpp:37:5:37:36 | call to EVP_PKEY_CTX_set_rsa_keygen_bits | test.cpp:37:43:37:46 | 1024 | test.cpp:37:43:37:46 | 1024 | The key size $@ is less than the recommended key size of 2048 bits. | test.cpp:37:43:37:46 | 1024 | 1024 |

26
cpp/ql/test/query-tests/Security/CWE/CWE-497/semmle/tests/ExposedSystemData.expected
View File

@@ -1,7 +1,7 @@
edges
| tests2.cpp:50:13:50:19 | global1 | tests2.cpp:82:14:82:20 | Load |
| tests2.cpp:50:23:50:43 | Store | tests2.cpp:50:13:50:19 | global1 |
| tests2.cpp:50:23:50:43 | call to mysql_get_client_info | tests2.cpp:50:23:50:43 | Store |
| tests2.cpp:50:13:50:19 | global1 | tests2.cpp:82:14:82:20 | global1 |
| tests2.cpp:50:23:50:43 | call to mysql_get_client_info | tests2.cpp:50:13:50:19 | global1 |
| tests2.cpp:50:23:50:43 | call to mysql_get_client_info | tests2.cpp:50:23:50:43 | call to mysql_get_client_info |
| tests2.cpp:63:13:63:18 | call to getenv | tests2.cpp:63:13:63:26 | call to getenv |
| tests2.cpp:64:13:64:18 | call to getenv | tests2.cpp:64:13:64:26 | call to getenv |
| tests2.cpp:65:13:65:18 | call to getenv | tests2.cpp:65:13:65:30 | call to getenv |
@@ -9,16 +9,16 @@ edges
| tests2.cpp:78:18:78:38 | call to mysql_get_client_info | tests2.cpp:81:14:81:19 | buffer |
| tests2.cpp:78:18:78:38 | call to mysql_get_client_info | tests2.cpp:81:14:81:19 | buffer |
| tests2.cpp:78:18:78:38 | call to mysql_get_client_info | tests2.cpp:81:14:81:19 | buffer |
| tests2.cpp:82:14:82:20 | Load | tests2.cpp:82:14:82:20 | global1 |
| tests2.cpp:82:14:82:20 | global1 | tests2.cpp:82:14:82:20 | global1 |
| tests2.cpp:91:42:91:45 | str1 | tests2.cpp:93:14:93:17 | str1 |
| tests2.cpp:101:8:101:15 | call to getpwuid | tests2.cpp:102:14:102:15 | pw |
| tests2.cpp:109:3:109:36 | Store | tests2.cpp:109:6:109:8 | c1 indirection [post update] [ptr] |
| tests2.cpp:109:3:109:36 | ... = ... | tests2.cpp:109:6:109:8 | c1 indirection [post update] [ptr] |
| tests2.cpp:109:6:109:8 | c1 indirection [post update] [ptr] | tests2.cpp:111:14:111:15 | c1 indirection [ptr] |
| tests2.cpp:109:12:109:17 | call to getenv | tests2.cpp:109:3:109:36 | Store |
| tests2.cpp:109:12:109:17 | call to getenv | tests2.cpp:109:3:109:36 | ... = ... |
| tests2.cpp:111:14:111:15 | c1 indirection [ptr] | tests2.cpp:111:14:111:19 | ptr |
| tests2.cpp:111:14:111:15 | c1 indirection [ptr] | tests2.cpp:111:17:111:19 | FieldAddress indirection |
| tests2.cpp:111:17:111:19 | FieldAddress indirection | tests2.cpp:111:14:111:19 | ptr |
| tests2.cpp:111:17:111:19 | FieldAddress indirection | tests2.cpp:111:17:111:19 | ptr |
| tests2.cpp:111:14:111:15 | c1 indirection [ptr] | tests2.cpp:111:17:111:19 | ptr indirection |
| tests2.cpp:111:17:111:19 | ptr indirection | tests2.cpp:111:14:111:19 | ptr |
| tests2.cpp:111:17:111:19 | ptr indirection | tests2.cpp:111:17:111:19 | ptr |
| tests_sockets.cpp:26:15:26:20 | call to getenv | tests_sockets.cpp:39:19:39:22 | path |
| tests_sockets.cpp:26:15:26:20 | call to getenv | tests_sockets.cpp:39:19:39:22 | path |
| tests_sockets.cpp:26:15:26:20 | call to getenv | tests_sockets.cpp:43:20:43:23 | path |
@@ -31,7 +31,7 @@ edges
| tests_sysconf.cpp:36:21:36:27 | confstr output argument | tests_sysconf.cpp:39:19:39:25 | pathbuf |
nodes
| tests2.cpp:50:13:50:19 | global1 | semmle.label | global1 |
| tests2.cpp:50:23:50:43 | Store | semmle.label | Store |
| tests2.cpp:50:23:50:43 | call to mysql_get_client_info | semmle.label | call to mysql_get_client_info |
| tests2.cpp:50:23:50:43 | call to mysql_get_client_info | semmle.label | call to mysql_get_client_info |
| tests2.cpp:63:13:63:18 | call to getenv | semmle.label | call to getenv |
| tests2.cpp:63:13:63:18 | call to getenv | semmle.label | call to getenv |
@@ -50,19 +50,19 @@ nodes
| tests2.cpp:81:14:81:19 | buffer | semmle.label | buffer |
| tests2.cpp:81:14:81:19 | buffer | semmle.label | buffer |
| tests2.cpp:81:14:81:19 | buffer | semmle.label | buffer |
| tests2.cpp:82:14:82:20 | Load | semmle.label | Load |
| tests2.cpp:82:14:82:20 | global1 | semmle.label | global1 |
| tests2.cpp:82:14:82:20 | global1 | semmle.label | global1 |
| tests2.cpp:91:42:91:45 | str1 | semmle.label | str1 |
| tests2.cpp:93:14:93:17 | str1 | semmle.label | str1 |
| tests2.cpp:101:8:101:15 | call to getpwuid | semmle.label | call to getpwuid |
| tests2.cpp:102:14:102:15 | pw | semmle.label | pw |
| tests2.cpp:109:3:109:36 | Store | semmle.label | Store |
| tests2.cpp:109:3:109:36 | ... = ... | semmle.label | ... = ... |
| tests2.cpp:109:6:109:8 | c1 indirection [post update] [ptr] | semmle.label | c1 indirection [post update] [ptr] |
| tests2.cpp:109:12:109:17 | call to getenv | semmle.label | call to getenv |
| tests2.cpp:111:14:111:15 | c1 indirection [ptr] | semmle.label | c1 indirection [ptr] |
| tests2.cpp:111:14:111:19 | ptr | semmle.label | ptr |
| tests2.cpp:111:17:111:19 | FieldAddress indirection | semmle.label | FieldAddress indirection |
| tests2.cpp:111:17:111:19 | ptr | semmle.label | ptr |
| tests2.cpp:111:17:111:19 | ptr indirection | semmle.label | ptr indirection |
| tests_sockets.cpp:26:15:26:20 | call to getenv | semmle.label | call to getenv |
| tests_sockets.cpp:39:19:39:22 | path | semmle.label | path |
| tests_sockets.cpp:39:19:39:22 | path | semmle.label | path |

18
cpp/ql/test/query-tests/Security/CWE/CWE-497/semmle/tests/PotentiallyExposedSystemData.expected
View File

@@ -5,12 +5,12 @@ edges
| tests.cpp:57:18:57:23 | call to getenv | tests.cpp:57:18:57:39 | call to getenv |
| tests.cpp:58:41:58:46 | call to getenv | tests.cpp:58:41:58:62 | call to getenv |
| tests.cpp:59:43:59:48 | call to getenv | tests.cpp:59:43:59:64 | call to getenv |
| tests.cpp:62:7:62:18 | global_token | tests.cpp:69:17:69:28 | Load |
| tests.cpp:62:7:62:18 | global_token | tests.cpp:71:27:71:38 | Load |
| tests.cpp:62:22:62:27 | Store | tests.cpp:62:7:62:18 | global_token |
| tests.cpp:62:22:62:27 | call to getenv | tests.cpp:62:22:62:27 | Store |
| tests.cpp:69:17:69:28 | Load | tests.cpp:73:27:73:31 | maybe |
| tests.cpp:71:27:71:38 | Load | tests.cpp:71:27:71:38 | global_token |
| tests.cpp:62:7:62:18 | global_token | tests.cpp:69:17:69:28 | global_token |
| tests.cpp:62:7:62:18 | global_token | tests.cpp:71:27:71:38 | global_token |
| tests.cpp:62:22:62:27 | call to getenv | tests.cpp:62:7:62:18 | global_token |
| tests.cpp:62:22:62:27 | call to getenv | tests.cpp:62:22:62:27 | call to getenv |
| tests.cpp:69:17:69:28 | global_token | tests.cpp:73:27:73:31 | maybe |
| tests.cpp:71:27:71:38 | global_token | tests.cpp:71:27:71:38 | global_token |
| tests.cpp:86:29:86:31 | msg | tests.cpp:88:15:88:17 | msg |
| tests.cpp:97:13:97:18 | call to getenv | tests.cpp:97:13:97:34 | call to getenv |
| tests.cpp:97:13:97:18 | call to getenv | tests.cpp:97:13:97:34 | call to getenv |
@@ -49,10 +49,10 @@ nodes
| tests.cpp:59:43:59:48 | call to getenv | semmle.label | call to getenv |
| tests.cpp:59:43:59:64 | call to getenv | semmle.label | call to getenv |
| tests.cpp:62:7:62:18 | global_token | semmle.label | global_token |
| tests.cpp:62:22:62:27 | Store | semmle.label | Store |
| tests.cpp:62:22:62:27 | call to getenv | semmle.label | call to getenv |
| tests.cpp:69:17:69:28 | Load | semmle.label | Load |
| tests.cpp:71:27:71:38 | Load | semmle.label | Load |
| tests.cpp:62:22:62:27 | call to getenv | semmle.label | call to getenv |
| tests.cpp:69:17:69:28 | global_token | semmle.label | global_token |
| tests.cpp:71:27:71:38 | global_token | semmle.label | global_token |
| tests.cpp:71:27:71:38 | global_token | semmle.label | global_token |
| tests.cpp:73:27:73:31 | maybe | semmle.label | maybe |
| tests.cpp:86:29:86:31 | msg | semmle.label | msg |

60
cpp/ql/test/query-tests/Security/CWE/CWE-611/XXE.expected
View File

@@ -8,28 +8,28 @@ edges
| tests5.cpp:27:25:27:38 | call to createLSParser indirection | tests5.cpp:29:2:29:2 | p indirection |
| tests5.cpp:40:25:40:38 | call to createLSParser indirection | tests5.cpp:43:2:43:2 | p indirection |
| tests5.cpp:55:25:55:38 | call to createLSParser indirection | tests5.cpp:59:2:59:2 | p indirection |
| tests5.cpp:81:25:81:38 | call to createLSParser indirection | tests5.cpp:83:2:83:2 | Load indirection |
| tests5.cpp:81:25:81:38 | call to createLSParser indirection | tests5.cpp:83:2:83:2 | p indirection |
| tests5.cpp:83:2:83:2 | Load indirection | tests5.cpp:85:2:85:2 | p indirection |
| tests5.cpp:85:2:85:2 | p indirection | tests5.cpp:86:2:86:2 | Load indirection |
| tests5.cpp:86:2:86:2 | Load indirection | tests5.cpp:88:2:88:2 | p indirection |
| tests5.cpp:81:25:81:38 | call to createLSParser indirection | tests5.cpp:83:2:83:2 | p indirection |
| tests5.cpp:83:2:83:2 | p indirection | tests5.cpp:85:2:85:2 | p indirection |
| tests5.cpp:85:2:85:2 | p indirection | tests5.cpp:86:2:86:2 | p indirection |
| tests5.cpp:86:2:86:2 | p indirection | tests5.cpp:88:2:88:2 | p indirection |
| tests5.cpp:88:2:88:2 | p indirection | tests5.cpp:89:2:89:2 | p indirection |
| tests.cpp:15:23:15:43 | call to XercesDOMParser | tests.cpp:17:2:17:2 | p indirection |
| tests.cpp:28:23:28:43 | call to XercesDOMParser | tests.cpp:31:2:31:2 | p indirection |
| tests.cpp:35:23:35:43 | Store indirection | tests.cpp:37:2:37:2 | p indirection |
| tests.cpp:35:23:35:43 | call to XercesDOMParser | tests.cpp:35:23:35:43 | Store indirection |
| tests.cpp:37:2:37:2 | ConvertToNonVirtualBase indirection | tests.cpp:38:2:38:2 | p indirection |
| tests.cpp:37:2:37:2 | p indirection | tests.cpp:37:2:37:2 | ConvertToNonVirtualBase indirection |
| tests.cpp:35:23:35:43 | call to XercesDOMParser | tests.cpp:35:23:35:43 | new indirection |
| tests.cpp:35:23:35:43 | new indirection | tests.cpp:37:2:37:2 | p indirection |
| tests.cpp:37:2:37:2 | (AbstractDOMParser *)... indirection | tests.cpp:38:2:38:2 | p indirection |
| tests.cpp:37:2:37:2 | p indirection | tests.cpp:37:2:37:2 | (AbstractDOMParser *)... indirection |
| tests.cpp:38:2:38:2 | p indirection | tests.cpp:39:2:39:2 | p indirection |
| tests.cpp:51:23:51:43 | Store indirection | tests.cpp:53:2:53:2 | p indirection |
| tests.cpp:51:23:51:43 | call to XercesDOMParser | tests.cpp:51:23:51:43 | Store indirection |
| tests.cpp:53:2:53:2 | p indirection | tests.cpp:54:2:54:2 | ConvertToNonVirtualBase indirection |
| tests.cpp:54:2:54:2 | ConvertToNonVirtualBase indirection | tests.cpp:55:2:55:2 | p indirection |
| tests.cpp:55:2:55:2 | p indirection | tests.cpp:56:2:56:2 | ConvertToNonVirtualBase indirection |
| tests.cpp:51:23:51:43 | call to XercesDOMParser | tests.cpp:51:23:51:43 | new indirection |
| tests.cpp:51:23:51:43 | new indirection | tests.cpp:53:2:53:2 | p indirection |
| tests.cpp:53:2:53:2 | p indirection | tests.cpp:54:2:54:2 | (AbstractDOMParser *)... indirection |
| tests.cpp:54:2:54:2 | (AbstractDOMParser *)... indirection | tests.cpp:55:2:55:2 | p indirection |
| tests.cpp:55:2:55:2 | p indirection | tests.cpp:56:2:56:2 | (AbstractDOMParser *)... indirection |
| tests.cpp:55:2:55:2 | p indirection | tests.cpp:56:2:56:2 | p indirection |
| tests.cpp:56:2:56:2 | ConvertToNonVirtualBase indirection | tests.cpp:57:2:57:2 | p indirection |
| tests.cpp:57:2:57:2 | p indirection | tests.cpp:58:2:58:2 | ConvertToNonVirtualBase indirection |
| tests.cpp:58:2:58:2 | ConvertToNonVirtualBase indirection | tests.cpp:59:2:59:2 | p indirection |
| tests.cpp:56:2:56:2 | (AbstractDOMParser *)... indirection | tests.cpp:57:2:57:2 | p indirection |
| tests.cpp:57:2:57:2 | p indirection | tests.cpp:58:2:58:2 | (AbstractDOMParser *)... indirection |
| tests.cpp:58:2:58:2 | (AbstractDOMParser *)... indirection | tests.cpp:59:2:59:2 | p indirection |
| tests.cpp:59:2:59:2 | p indirection | tests.cpp:60:2:60:2 | p indirection |
| tests.cpp:66:23:66:43 | call to XercesDOMParser | tests.cpp:69:2:69:2 | p indirection |
| tests.cpp:73:23:73:43 | call to XercesDOMParser | tests.cpp:80:2:80:2 | p indirection |
@@ -37,10 +37,10 @@ edges
| tests.cpp:100:24:100:44 | call to XercesDOMParser | tests.cpp:104:3:104:3 | q indirection |
| tests.cpp:112:39:112:39 | p indirection | tests.cpp:113:2:113:2 | p indirection |
| tests.cpp:116:39:116:39 | p indirection | tests.cpp:117:2:117:2 | p indirection |
| tests.cpp:122:23:122:43 | call to XercesDOMParser | tests.cpp:126:18:126:18 | Load indirection |
| tests.cpp:122:23:122:43 | call to XercesDOMParser | tests.cpp:128:18:128:18 | Load indirection |
| tests.cpp:126:18:126:18 | Load indirection | tests.cpp:112:39:112:39 | p indirection |
| tests.cpp:128:18:128:18 | Load indirection | tests.cpp:116:39:116:39 | p indirection |
| tests.cpp:122:23:122:43 | call to XercesDOMParser | tests.cpp:126:18:126:18 | q indirection |
| tests.cpp:122:23:122:43 | call to XercesDOMParser | tests.cpp:128:18:128:18 | q indirection |
| tests.cpp:126:18:126:18 | q indirection | tests.cpp:112:39:112:39 | p indirection |
| tests.cpp:128:18:128:18 | q indirection | tests.cpp:116:39:116:39 | p indirection |
nodes
| tests2.cpp:20:17:20:31 | call to SAXParser | semmle.label | call to SAXParser |
| tests2.cpp:22:2:22:2 | p indirection | semmle.label | p indirection |
@@ -66,31 +66,31 @@ nodes
| tests5.cpp:55:25:55:38 | call to createLSParser indirection | semmle.label | call to createLSParser indirection |
| tests5.cpp:59:2:59:2 | p indirection | semmle.label | p indirection |
| tests5.cpp:81:25:81:38 | call to createLSParser indirection | semmle.label | call to createLSParser indirection |
| tests5.cpp:83:2:83:2 | Load indirection | semmle.label | Load indirection |
| tests5.cpp:83:2:83:2 | p indirection | semmle.label | p indirection |
| tests5.cpp:83:2:83:2 | p indirection | semmle.label | p indirection |
| tests5.cpp:85:2:85:2 | p indirection | semmle.label | p indirection |
| tests5.cpp:86:2:86:2 | Load indirection | semmle.label | Load indirection |
| tests5.cpp:86:2:86:2 | p indirection | semmle.label | p indirection |
| tests5.cpp:88:2:88:2 | p indirection | semmle.label | p indirection |
| tests5.cpp:89:2:89:2 | p indirection | semmle.label | p indirection |
| tests.cpp:15:23:15:43 | call to XercesDOMParser | semmle.label | call to XercesDOMParser |
| tests.cpp:17:2:17:2 | p indirection | semmle.label | p indirection |
| tests.cpp:28:23:28:43 | call to XercesDOMParser | semmle.label | call to XercesDOMParser |
| tests.cpp:31:2:31:2 | p indirection | semmle.label | p indirection |
| tests.cpp:35:23:35:43 | Store indirection | semmle.label | Store indirection |
| tests.cpp:35:23:35:43 | call to XercesDOMParser | semmle.label | call to XercesDOMParser |
| tests.cpp:37:2:37:2 | ConvertToNonVirtualBase indirection | semmle.label | ConvertToNonVirtualBase indirection |
| tests.cpp:35:23:35:43 | new indirection | semmle.label | new indirection |
| tests.cpp:37:2:37:2 | (AbstractDOMParser *)... indirection | semmle.label | (AbstractDOMParser *)... indirection |
| tests.cpp:37:2:37:2 | p indirection | semmle.label | p indirection |
| tests.cpp:38:2:38:2 | p indirection | semmle.label | p indirection |
| tests.cpp:39:2:39:2 | p indirection | semmle.label | p indirection |
| tests.cpp:51:23:51:43 | Store indirection | semmle.label | Store indirection |
| tests.cpp:51:23:51:43 | call to XercesDOMParser | semmle.label | call to XercesDOMParser |
| tests.cpp:51:23:51:43 | new indirection | semmle.label | new indirection |
| tests.cpp:53:2:53:2 | p indirection | semmle.label | p indirection |
| tests.cpp:54:2:54:2 | ConvertToNonVirtualBase indirection | semmle.label | ConvertToNonVirtualBase indirection |
| tests.cpp:54:2:54:2 | (AbstractDOMParser *)... indirection | semmle.label | (AbstractDOMParser *)... indirection |
| tests.cpp:55:2:55:2 | p indirection | semmle.label | p indirection |
| tests.cpp:56:2:56:2 | ConvertToNonVirtualBase indirection | semmle.label | ConvertToNonVirtualBase indirection |
| tests.cpp:56:2:56:2 | (AbstractDOMParser *)... indirection | semmle.label | (AbstractDOMParser *)... indirection |
| tests.cpp:56:2:56:2 | p indirection | semmle.label | p indirection |
| tests.cpp:57:2:57:2 | p indirection | semmle.label | p indirection |
| tests.cpp:58:2:58:2 | ConvertToNonVirtualBase indirection | semmle.label | ConvertToNonVirtualBase indirection |
| tests.cpp:58:2:58:2 | (AbstractDOMParser *)... indirection | semmle.label | (AbstractDOMParser *)... indirection |
| tests.cpp:59:2:59:2 | p indirection | semmle.label | p indirection |
| tests.cpp:60:2:60:2 | p indirection | semmle.label | p indirection |
| tests.cpp:66:23:66:43 | call to XercesDOMParser | semmle.label | call to XercesDOMParser |
@@ -106,8 +106,8 @@ nodes
| tests.cpp:116:39:116:39 | p indirection | semmle.label | p indirection |
| tests.cpp:117:2:117:2 | p indirection | semmle.label | p indirection |
| tests.cpp:122:23:122:43 | call to XercesDOMParser | semmle.label | call to XercesDOMParser |
| tests.cpp:126:18:126:18 | Load indirection | semmle.label | Load indirection |
| tests.cpp:128:18:128:18 | Load indirection | semmle.label | Load indirection |
| tests.cpp:126:18:126:18 | q indirection | semmle.label | q indirection |
| tests.cpp:128:18:128:18 | q indirection | semmle.label | q indirection |
subpaths
#select
| tests2.cpp:22:2:22:2 | p indirection | tests2.cpp:20:17:20:31 | call to SAXParser | tests2.cpp:22:2:22:2 | p indirection | This $@ is not configured to prevent an XML external entity (XXE) attack. | tests2.cpp:20:17:20:31 | call to SAXParser | XML parser |