diff --git a/Cargo.lock b/Cargo.lock index 77be7b054ed..b6456c84106 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -84,9 +84,9 @@ dependencies = [ [[package]] name = "anyhow" -version = "1.0.99" +version = "1.0.100" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b0674a1ddeecb70197781e945de4b3b8ffb61fa939a5597bcf48503737663100" +checksum = "a23eb6b1614318a8071c9b2521f36b424b2c83db5eb3a0fead4a6c0809af6e61" [[package]] name = "argfile" @@ -328,7 +328,7 @@ dependencies = [ "chalk-derive 0.103.0", "chalk-ir 0.103.0", "ena", - "indexmap 2.11.1", + "indexmap 2.11.4", "itertools 0.12.1", "petgraph", "rustc-hash 1.1.0", @@ -351,9 +351,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.5.47" +version = "4.5.48" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7eac00902d9d136acd712710d71823fb8ac8004ca445a89e73a41d45aa712931" +checksum = "e2134bb3ea021b78629caa971416385309e0131b351b25e01dc16fb54e1b5fae" dependencies = [ "clap_builder", "clap_derive", @@ -361,9 +361,9 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.5.47" +version = "4.5.48" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2ad9bbf750e73b5884fb8a211a9424a1906c1e156724260fdae972f31d70e1d6" +checksum = "c2ba64afa3c0a6df7fa517765e31314e983f51dda798ffba27b988194fb65dc9" dependencies = [ "anstream", "anstyle", @@ -472,7 +472,7 @@ dependencies = [ "serde", "serde_json", "serde_with", - "toml 0.9.5", + "toml 0.9.7", "tracing", "tracing-flame", "tracing-subscriber", @@ -557,9 +557,9 @@ checksum = "d0a5c400df2834b80a4c3327b3aad3a4c4cd4de0629063962b03235697506a28" [[package]] name = "darling" -version = "0.20.11" +version = "0.21.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fc7f46116c46ff9ab3eb1597a45688b6715c6e628b5c133e288e709a29bcb4ee" +checksum = "9cdf337090841a411e2a7f3deb9187445851f91b309c0c0a29e05f74a00a48c0" dependencies = [ "darling_core", "darling_macro", @@ -567,9 +567,9 @@ dependencies = [ [[package]] name = "darling_core" -version = "0.20.11" +version = "0.21.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0d00b9596d185e565c2207a0b01f8bd1a135483d02d9b7b0a54b11da8d53412e" +checksum = "1247195ecd7e3c85f83c8d2a366e4210d588e802133e1e355180a9870b517ea4" dependencies = [ "fnv", "ident_case", @@ -581,9 +581,9 @@ dependencies = [ [[package]] name = "darling_macro" -version = "0.20.11" +version = "0.21.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fc34b93ccb385b40dc71c6fceac4b2ad23662c7eeb248cf10d529b7e055b6ead" +checksum = "d38308df82d1080de0afee5d069fa14b0326a88c14f15c5ccda35b4a6c414c81" dependencies = [ "darling_core", "quote", @@ -1059,13 +1059,14 @@ dependencies = [ [[package]] name = "indexmap" -version = "2.11.1" +version = "2.11.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "206a8042aec68fa4a62e8d3f7aa4ceb508177d9324faf261e1959e495b7a1921" +checksum = "4b0f83760fb341a774ed326568e19f5a863af4a952def8c39f9ab92fd95b88e5" dependencies = [ "equivalent", "hashbrown 0.15.5", "serde", + "serde_core", ] [[package]] @@ -1490,7 +1491,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b4c5cc86750666a3ed20bdaf5ca2a0344f9c67674cae0515bec2da16fbaa47db" dependencies = [ "fixedbitset", - "indexmap 2.11.1", + "indexmap 2.11.4", ] [[package]] @@ -1559,9 +1560,9 @@ dependencies = [ [[package]] name = "quote" -version = "1.0.40" +version = "1.0.41" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1885c039570dc00dcb4ff087a89e185fd56bae234ddc7f056a945bf36467248d" +checksum = "ce25767e7b499d1b604768e7cde645d14cc8584231ea6b295e9c9eb22c02e1d1" dependencies = [ "proc-macro2", ] @@ -1666,7 +1667,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e876bb2c3e52a8d4e6684526a2d4e81f9d028b939ee4dc5dc775fe10deb44d59" dependencies = [ "dashmap", - "indexmap 2.11.1", + "indexmap 2.11.4", "la-arena", "ra_ap_cfg", "ra_ap_intern", @@ -1708,7 +1709,7 @@ checksum = "ebffdc134eccabc17209d7760cfff7fd12ed18ab6e21188c5e084b97aa38504c" dependencies = [ "arrayvec", "either", - "indexmap 2.11.1", + "indexmap 2.11.4", "itertools 0.14.0", "ra_ap_base_db", "ra_ap_cfg", @@ -1738,7 +1739,7 @@ dependencies = [ "drop_bomb", "either", "fst", - "indexmap 2.11.1", + "indexmap 2.11.4", "itertools 0.14.0", "la-arena", "ra-ap-rustc_abi", @@ -1807,7 +1808,7 @@ dependencies = [ "cov-mark", "either", "ena", - "indexmap 2.11.1", + "indexmap 2.11.4", "itertools 0.14.0", "la-arena", "oorandom", @@ -1845,7 +1846,7 @@ dependencies = [ "crossbeam-channel", "either", "fst", - "indexmap 2.11.1", + "indexmap 2.11.4", "itertools 0.14.0", "line-index", "memchr", @@ -1947,7 +1948,7 @@ version = "0.0.301" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "45db9e2df587d56f0738afa89fb2c100ff7c1e9cbe49e07f6a8b62342832211b" dependencies = [ - "indexmap 2.11.1", + "indexmap 2.11.4", "ra_ap_intern", "ra_ap_paths", "ra_ap_span", @@ -2106,7 +2107,7 @@ checksum = "6c174d6b9b7a7f54687df7e00c3e75ed6f082a7943a9afb1d54f33c0c12773de" dependencies = [ "crossbeam-channel", "fst", - "indexmap 2.11.1", + "indexmap 2.11.4", "nohash-hasher", "ra_ap_paths", "ra_ap_stdx", @@ -2211,9 +2212,9 @@ dependencies = [ [[package]] name = "regex" -version = "1.11.2" +version = "1.11.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "23d7fd106d8c02486a8d64e778353d1cffe08ce79ac2e82f540c86d0facf6912" +checksum = "8b5288124840bee7b386bc413c487869b360b2b4ec421ea56425128692f2a82c" dependencies = [ "aho-corasick", "memchr", @@ -2223,9 +2224,9 @@ dependencies = [ [[package]] name = "regex-automata" -version = "0.4.10" +version = "0.4.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6b9458fa0bfeeac22b5ca447c63aaf45f28439a709ccd244698632f9aa6394d6" +checksum = "833eb9ce86d40ef33cb1306d8accf7bc8ec2bfea4355cbdebb3df68b40925cad" dependencies = [ "aho-corasick", "memchr", @@ -2316,7 +2317,7 @@ dependencies = [ "crossbeam-utils", "hashbrown 0.15.5", "hashlink", - "indexmap 2.11.1", + "indexmap 2.11.4", "intrusive-collections", "papaya", "parking_lot", @@ -2414,10 +2415,11 @@ dependencies = [ [[package]] name = "serde" -version = "1.0.219" +version = "1.0.228" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5f0e2c6ed6606019b4e29e69dbaba95b11854410e5347d525002456dbbb786b6" +checksum = "9a8e94ea7f378bd32cbbd37198a4a91436180c5bb472411e48b5ec2e2124ae9e" dependencies = [ + "serde_core", "serde_derive", ] @@ -2443,10 +2445,19 @@ dependencies = [ ] [[package]] -name = "serde_derive" -version = "1.0.219" +name = "serde_core" +version = "1.0.228" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5b0276cf7f2c73365f7157c8123c21cd9a50fbbd844757af28ca1f5925fc2a00" +checksum = "41d385c7d4ca58e59fc732af25c3983b67ac852c1a25000afe1175de458b67ad" +dependencies = [ + "serde_derive", +] + +[[package]] +name = "serde_derive" +version = "1.0.228" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d540f220d3187173da220f885ab66608367b6574e925011a9353e4badda91d79" dependencies = [ "proc-macro2", "quote", @@ -2455,15 +2466,16 @@ dependencies = [ [[package]] name = "serde_json" -version = "1.0.143" +version = "1.0.145" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d401abef1d108fbd9cbaebc3e46611f4b1021f714a0597a71f41ee463f5f4a5a" +checksum = "402a6f66d8c709116cf22f558eab210f5a50187f702eb4d7e5ef38d9a7f1c79c" dependencies = [ - "indexmap 2.11.1", + "indexmap 2.11.4", "itoa", "memchr", "ryu", "serde", + "serde_core", ] [[package]] @@ -2477,24 +2489,24 @@ dependencies = [ [[package]] name = "serde_spanned" -version = "1.0.0" +version = "1.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "40734c41988f7306bb04f0ecf60ec0f3f1caa34290e4e8ea471dcd3346483b83" +checksum = "5417783452c2be558477e104686f7de5dae53dba813c28435e0e70f82d9b04ee" dependencies = [ - "serde", + "serde_core", ] [[package]] name = "serde_with" -version = "3.14.0" +version = "3.14.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f2c45cd61fefa9db6f254525d46e392b852e0e61d9a1fd36e5bd183450a556d5" +checksum = "c522100790450cf78eeac1507263d0a350d4d5b30df0c8e1fe051a10c22b376e" dependencies = [ "base64", "chrono", "hex", "indexmap 1.9.3", - "indexmap 2.11.1", + "indexmap 2.11.4", "schemars 0.9.0", "schemars 1.0.4", "serde", @@ -2506,9 +2518,9 @@ dependencies = [ [[package]] name = "serde_with_macros" -version = "3.14.0" +version = "3.14.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "de90945e6565ce0d9a25098082ed4ee4002e047cb59892c318d66821e14bb30f" +checksum = "327ada00f7d64abaac1e55a6911e90cf665aa051b9a561c7006c157f4633135e" dependencies = [ "darling", "proc-macro2", @@ -2522,7 +2534,7 @@ version = "0.9.34+deprecated" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6a8b1a1a2ebf674015cc02edccce75287f1a0130d394307b36743c2f5d504b47" dependencies = [ - "indexmap 2.11.1", + "indexmap 2.11.4", "itoa", "ryu", "serde", @@ -2701,14 +2713,14 @@ dependencies = [ [[package]] name = "toml" -version = "0.9.5" +version = "0.9.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "75129e1dc5000bfbaa9fee9d1b21f974f9fbad9daec557a521ee6e080825f6e8" +checksum = "00e5e5d9bf2475ac9d4f0d9edab68cc573dc2fd644b0dba36b0c30a92dd9eaa0" dependencies = [ - "indexmap 2.11.1", - "serde", - "serde_spanned 1.0.0", - "toml_datetime 0.7.0", + "indexmap 2.11.4", + "serde_core", + "serde_spanned 1.0.2", + "toml_datetime 0.7.2", "toml_parser", "toml_writer", "winnow", @@ -2725,11 +2737,11 @@ dependencies = [ [[package]] name = "toml_datetime" -version = "0.7.0" +version = "0.7.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bade1c3e902f58d73d3f294cd7f20391c1cb2fbcb643b73566bc773971df91e3" +checksum = "32f1085dec27c2b6632b04c80b3bb1b4300d6495d1e129693bdda7d91e72eec1" dependencies = [ - "serde", + "serde_core", ] [[package]] @@ -2738,7 +2750,7 @@ version = "0.22.27" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "41fe8c660ae4257887cf66394862d21dbca4a6ddd26f04a3560410406a2f819a" dependencies = [ - "indexmap 2.11.1", + "indexmap 2.11.4", "serde", "serde_spanned 0.6.9", "toml_datetime 0.6.11", @@ -2748,9 +2760,9 @@ dependencies = [ [[package]] name = "toml_parser" -version = "1.0.2" +version = "1.0.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b551886f449aa90d4fe2bdaa9f4a2577ad2dde302c61ecf262d80b116db95c10" +checksum = "4cf893c33be71572e0e9aa6dd15e6677937abd686b066eac3f8cd3531688a627" dependencies = [ "winnow", ] @@ -2763,9 +2775,9 @@ checksum = "5d99f8c9a7727884afe522e9bd5edbfc91a3312b36a77b5fb8926e4c31a41801" [[package]] name = "toml_writer" -version = "1.0.2" +version = "1.0.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fcc842091f2def52017664b53082ecbbeb5c7731092bad69d2c63050401dfd64" +checksum = "d163a63c116ce562a22cda521fcc4d79152e7aba014456fb5eb442f6d6a10109" [[package]] name = "tracing" @@ -2855,9 +2867,9 @@ dependencies = [ [[package]] name = "tree-sitter-embedded-template" -version = "0.23.2" +version = "0.25.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "790063ef14e5b67556abc0b3be0ed863fb41d65ee791cf8c0b20eb42a1fa46af" +checksum = "833d528e8fcb4e49ddb04d4d6450ddb8ac08f282a58fec94ce981c9c5dbf7e3a" dependencies = [ "cc", "tree-sitter-language", diff --git a/MODULE.bazel b/MODULE.bazel index 9d09fc99722..89fdbf86a4d 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -98,11 +98,11 @@ use_repo( tree_sitter_extractors_deps = use_extension("//misc/bazel/3rdparty:tree_sitter_extractors_extension.bzl", "r") use_repo( tree_sitter_extractors_deps, - "vendor_ts__anyhow-1.0.99", + "vendor_ts__anyhow-1.0.100", "vendor_ts__argfile-0.2.1", "vendor_ts__chalk-ir-0.104.0", "vendor_ts__chrono-0.4.42", - "vendor_ts__clap-4.5.47", + "vendor_ts__clap-4.5.48", "vendor_ts__dunce-1.0.5", "vendor_ts__either-1.15.0", "vendor_ts__encoding-0.2.33", @@ -116,7 +116,7 @@ use_repo( "vendor_ts__num-traits-0.2.19", "vendor_ts__num_cpus-1.17.0", "vendor_ts__proc-macro2-1.0.101", - "vendor_ts__quote-1.0.40", + "vendor_ts__quote-1.0.41", "vendor_ts__ra_ap_base_db-0.0.301", "vendor_ts__ra_ap_cfg-0.0.301", "vendor_ts__ra_ap_hir-0.0.301", @@ -135,17 +135,17 @@ use_repo( "vendor_ts__ra_ap_vfs-0.0.301", "vendor_ts__rand-0.9.2", "vendor_ts__rayon-1.11.0", - "vendor_ts__regex-1.11.2", - "vendor_ts__serde-1.0.219", - "vendor_ts__serde_json-1.0.143", - "vendor_ts__serde_with-3.14.0", + "vendor_ts__regex-1.11.3", + "vendor_ts__serde-1.0.228", + "vendor_ts__serde_json-1.0.145", + "vendor_ts__serde_with-3.14.1", "vendor_ts__syn-2.0.106", - "vendor_ts__toml-0.9.5", + "vendor_ts__toml-0.9.7", "vendor_ts__tracing-0.1.41", "vendor_ts__tracing-flame-0.2.0", "vendor_ts__tracing-subscriber-0.3.20", "vendor_ts__tree-sitter-0.25.9", - "vendor_ts__tree-sitter-embedded-template-0.23.2", + "vendor_ts__tree-sitter-embedded-template-0.25.0", "vendor_ts__tree-sitter-json-0.24.8", "vendor_ts__tree-sitter-ql-0.23.1", "vendor_ts__tree-sitter-ruby-0.23.1", diff --git a/actions/ql/lib/qlpack.yml b/actions/ql/lib/qlpack.yml index bfebfa99d04..80eecfca28d 100644 --- a/actions/ql/lib/qlpack.yml +++ b/actions/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/actions-all -version: 0.4.18 +version: 0.4.19-dev library: true warnOnImplicitThis: true dependencies: diff --git a/actions/ql/src/qlpack.yml b/actions/ql/src/qlpack.yml index 9dba67fea76..2de1276aa82 100644 --- a/actions/ql/src/qlpack.yml +++ b/actions/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/actions-queries -version: 0.6.10 +version: 0.6.11-dev library: false warnOnImplicitThis: true groups: [actions, queries] diff --git a/cpp/ql/lib/change-notes/2025-09-18-guards.md b/cpp/ql/lib/change-notes/2025-09-18-guards.md new file mode 100644 index 00000000000..a739df71471 --- /dev/null +++ b/cpp/ql/lib/change-notes/2025-09-18-guards.md @@ -0,0 +1,4 @@ +--- +category: breaking +--- +* The "Guards" libraries (`semmle.code.cpp.controlflow.Guards` and `semmle.code.cpp.controlflow.IRGuards`) have been totally rewritten to recognize many more guards. The API remains unchanged, but the `GuardCondition` class now extends `Element` instead of `Expr`. \ No newline at end of file diff --git a/cpp/ql/lib/change-notes/2025-10-07-bmn-ga.md b/cpp/ql/lib/change-notes/2025-10-07-bmn-ga.md new file mode 100644 index 00000000000..dce0cabc38c --- /dev/null +++ b/cpp/ql/lib/change-notes/2025-10-07-bmn-ga.md @@ -0,0 +1,4 @@ +--- +category: feature +--- +* The C/C++ "build-mode: none" support is now General Availability (GA). diff --git a/cpp/ql/lib/experimental/quantum/Language.qll b/cpp/ql/lib/experimental/quantum/Language.qll index 53cf7292b12..d3feb3fe0d9 100644 --- a/cpp/ql/lib/experimental/quantum/Language.qll +++ b/cpp/ql/lib/experimental/quantum/Language.qll @@ -14,8 +14,8 @@ module CryptoInput implements InputSig { result = node.asExpr() or result = node.asParameter() or result = node.asVariable() or - result = node.asDefiningArgument() - // TODO: do we need asIndirectExpr()? + result = node.asDefiningArgument() or + result = node.asIndirectExpr() } string locationToFileBaseNameAndLineNumberString(Location location) { @@ -53,7 +53,7 @@ module ArtifactFlowConfig implements DataFlow::ConfigSig { } } -module ArtifactFlow = DataFlow::Global; +module ArtifactFlow = TaintTracking::Global; /** * An artifact output to node input configuration @@ -93,7 +93,13 @@ module GenericDataSourceFlow = TaintTracking::Global; - import OpenSSL.OpenSSL diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/AlgToAVCFlow.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/AlgToAVCFlow.qll index f802e58d0a7..eafc839fbb8 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/AlgToAVCFlow.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/AlgToAVCFlow.qll @@ -14,9 +14,13 @@ private import PaddingAlgorithmInstance */ module KnownOpenSslAlgorithmToAlgorithmValueConsumerConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { - source.asExpr() instanceof KnownOpenSslAlgorithmExpr and + ( + source.asExpr() instanceof KnownOpenSslAlgorithmExpr or + source.asIndirectExpr() instanceof KnownOpenSslAlgorithmExpr + ) and // No need to flow direct operations to AVCs - not source.asExpr() instanceof OpenSslDirectAlgorithmOperationCall + not source.asExpr() instanceof OpenSslDirectAlgorithmOperationCall and + not source.asIndirectExpr() instanceof OpenSslDirectAlgorithmOperationCall } predicate isSink(DataFlow::Node sink) { @@ -46,10 +50,12 @@ module KnownOpenSslAlgorithmToAlgorithmValueConsumerConfig implements DataFlow:: } module KnownOpenSslAlgorithmToAlgorithmValueConsumerFlow = - DataFlow::Global; + TaintTracking::Global; module RsaPaddingAlgorithmToPaddingAlgorithmValueConsumerConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source.asExpr() instanceof OpenSslPaddingLiteral } + predicate isSource(DataFlow::Node source) { + source.asExpr() instanceof OpenSslSpecialPaddingLiteral + } predicate isSink(DataFlow::Node sink) { exists(PaddingAlgorithmValueConsumer c | c.getInputNode() = sink) @@ -61,7 +67,7 @@ module RsaPaddingAlgorithmToPaddingAlgorithmValueConsumerConfig implements DataF } module RsaPaddingAlgorithmToPaddingAlgorithmValueConsumerFlow = - DataFlow::Global; + TaintTracking::Global; class OpenSslAlgorithmAdditionalFlowStep extends AdditionalFlowInputStep { OpenSslAlgorithmAdditionalFlowStep() { exists(AlgorithmPassthroughCall c | c.getInNode() = this) } diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/BlockAlgorithmInstance.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/BlockAlgorithmInstance.qll index 4bd4b449766..a0cbad2c57d 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/BlockAlgorithmInstance.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/BlockAlgorithmInstance.qll @@ -53,7 +53,8 @@ class KnownOpenSslBlockModeConstantAlgorithmInstance extends OpenSslAlgorithmIns // Sink is an argument to a CipherGetterCall sink = getterCall.getInputNode() and // Source is `this` - src.asExpr() = this and + // NOTE: src literals can be ints or strings, so need to consider asExpr and asIndirectExpr + this = [src.asExpr(), src.asIndirectExpr()] and // This traces to a getter KnownOpenSslAlgorithmToAlgorithmValueConsumerFlow::flow(src, sink) ) diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/CipherAlgorithmInstance.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/CipherAlgorithmInstance.qll index 47ffd67924a..23efacae69b 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/CipherAlgorithmInstance.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/CipherAlgorithmInstance.qll @@ -2,12 +2,10 @@ import cpp private import experimental.quantum.Language private import KnownAlgorithmConstants private import Crypto::KeyOpAlg as KeyOpAlg -private import OpenSSLAlgorithmInstanceBase -private import PaddingAlgorithmInstance -private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumerBase -private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.DirectAlgorithmValueConsumer +private import experimental.quantum.OpenSSL.Operations.OpenSSLOperationBase +private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers +private import OpenSSLAlgorithmInstances private import AlgToAVCFlow -private import BlockAlgorithmInstance /** * Given a `KnownOpenSslCipherAlgorithmExpr`, converts this to a cipher family type. @@ -79,7 +77,8 @@ class KnownOpenSslCipherConstantAlgorithmInstance extends OpenSslAlgorithmInstan // Sink is an argument to a CipherGetterCall sink = getterCall.getInputNode() and // Source is `this` - src.asExpr() = this and + // NOTE: src literals can be ints or strings, so need to consider asExpr and asIndirectExpr + this = [src.asExpr(), src.asIndirectExpr()] and // This traces to a getter KnownOpenSslAlgorithmToAlgorithmValueConsumerFlow::flow(src, sink) ) @@ -97,10 +96,13 @@ class KnownOpenSslCipherConstantAlgorithmInstance extends OpenSslAlgorithmInstan } override Crypto::PaddingAlgorithmInstance getPaddingAlgorithm() { - //TODO: the padding is either self, or it flows through getter ctx to a set padding call - // like EVP_PKEY_CTX_set_rsa_padding result = this - // TODO or trace through getter ctx to set padding + or + exists(OperationStep s | + this.getAvc().(AvcContextCreationStep).flowsToOperationStep(s) and + s.getAlgorithmValueConsumerForInput(PaddingAlgorithmIO()) = + result.(OpenSslAlgorithmInstance).getAvc() + ) } override string getRawAlgorithmName() { @@ -117,7 +119,7 @@ class KnownOpenSslCipherConstantAlgorithmInstance extends OpenSslAlgorithmInstan knownOpenSslConstantToCipherFamilyType(this, result) or not knownOpenSslConstantToCipherFamilyType(this, _) and - result = Crypto::KeyOpAlg::TUnknownKeyOperationAlgorithmType() + result = Crypto::KeyOpAlg::TOtherKeyOperationAlgorithmType() } override OpenSslAlgorithmValueConsumer getAvc() { result = getterCall } diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/EllipticCurveAlgorithmInstance.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/EllipticCurveAlgorithmInstance.qll index 82a2b1357f2..ef7186d07a0 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/EllipticCurveAlgorithmInstance.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/EllipticCurveAlgorithmInstance.qll @@ -21,7 +21,8 @@ class KnownOpenSslEllipticCurveConstantAlgorithmInstance extends OpenSslAlgorith // Sink is an argument to a CipherGetterCall sink = getterCall.getInputNode() and // Source is `this` - src.asExpr() = this and + // NOTE: src literals can be ints or strings, so need to consider asExpr and asIndirectExpr + this = [src.asExpr(), src.asIndirectExpr()] and // This traces to a getter KnownOpenSslAlgorithmToAlgorithmValueConsumerFlow::flow(src, sink) ) diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/HashAlgorithmInstance.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/HashAlgorithmInstance.qll index 2be84b68f61..55b2dcd7af4 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/HashAlgorithmInstance.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/HashAlgorithmInstance.qll @@ -59,7 +59,8 @@ class KnownOpenSslHashConstantAlgorithmInstance extends OpenSslAlgorithmInstance // Sink is an argument to a CipherGetterCall sink = getterCall.getInputNode() and // Source is `this` - src.asExpr() = this and + // NOTE: src literals can be ints or strings, so need to consider asExpr and asIndirectExpr + this = [src.asExpr(), src.asIndirectExpr()] and // This traces to a getter KnownOpenSslAlgorithmToAlgorithmValueConsumerFlow::flow(src, sink) ) diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/KeyAgreementAlgorithmInstance.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/KeyAgreementAlgorithmInstance.qll index 1addda3a9ef..542c56666d9 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/KeyAgreementAlgorithmInstance.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/KeyAgreementAlgorithmInstance.qll @@ -37,7 +37,8 @@ class KnownOpenSslKeyAgreementConstantAlgorithmInstance extends OpenSslAlgorithm // Sink is an argument to a CipherGetterCall sink = getterCall.getInputNode() and // Source is `this` - src.asExpr() = this and + // NOTE: src literals can be ints or strings, so need to consider asExpr and asIndirectExpr + this = [src.asExpr(), src.asIndirectExpr()] and // This traces to a getter KnownOpenSslAlgorithmToAlgorithmValueConsumerFlow::flow(src, sink) ) diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/KnownAlgorithmConstants.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/KnownAlgorithmConstants.qll index 4328253f1a4..dcc7ad08ae5 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/KnownAlgorithmConstants.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/KnownAlgorithmConstants.qll @@ -171,9 +171,15 @@ class KnownOpenSslKeyAgreementAlgorithmExpr extends Expr instanceof KnownOpenSsl } predicate knownOpenSslAlgorithmOperationCall(Call c, string normalized, string algType) { - c.getTarget().getName() in ["EVP_RSA_gen", "RSA_generate_key_ex", "RSA_generate_key", "RSA_new"] and + c.getTarget().getName() in [ + "EVP_RSA_gen", "RSA_generate_key_ex", "RSA_generate_key", "RSA_new", "RSA_sign", "RSA_verify" + ] and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + c.getTarget().getName() in ["DSA_do_sign", "DSA_do_verify"] and + normalized = "DSA" and + algType = "SIGNATURE" } /** diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/MACAlgorithmInstance.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/MACAlgorithmInstance.qll index 97b183b7e7d..5590f74082c 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/MACAlgorithmInstance.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/MACAlgorithmInstance.qll @@ -2,12 +2,13 @@ import cpp private import experimental.quantum.Language private import KnownAlgorithmConstants private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers -private import experimental.quantum.OpenSSL.AlgorithmInstances.OpenSSLAlgorithmInstanceBase +private import experimental.quantum.OpenSSL.AlgorithmInstances.OpenSSLAlgorithmInstances private import experimental.quantum.OpenSSL.Operations.OpenSSLOperations +private import Crypto::KeyOpAlg as KeyOpAlg private import AlgToAVCFlow class KnownOpenSslMacConstantAlgorithmInstance extends OpenSslAlgorithmInstance, - Crypto::MacAlgorithmInstance instanceof KnownOpenSslMacAlgorithmExpr + Crypto::KeyOperationAlgorithmInstance instanceof KnownOpenSslMacAlgorithmExpr { OpenSslAlgorithmValueConsumer getterCall; @@ -21,7 +22,8 @@ class KnownOpenSslMacConstantAlgorithmInstance extends OpenSslAlgorithmInstance, // Sink is an argument to a CipherGetterCall sink = getterCall.getInputNode() and // Source is `this` - src.asExpr() = this and + // NOTE: src literals can be ints or strings, so need to consider asExpr and asIndirectExpr + this = [src.asExpr(), src.asIndirectExpr()] and // This traces to a getter KnownOpenSslAlgorithmToAlgorithmValueConsumerFlow::flow(src, sink) ) @@ -33,17 +35,34 @@ class KnownOpenSslMacConstantAlgorithmInstance extends OpenSslAlgorithmInstance, override OpenSslAlgorithmValueConsumer getAvc() { result = getterCall } - override string getRawMacAlgorithmName() { + override string getRawAlgorithmName() { result = this.(Literal).getValue().toString() or result = this.(Call).getTarget().getName() } - override Crypto::MacType getMacType() { - this instanceof KnownOpenSslHMacAlgorithmExpr and result = Crypto::HMAC() - or - this instanceof KnownOpenSslCMacAlgorithmExpr and result = Crypto::CMAC() + override Crypto::KeyOpAlg::AlgorithmType getAlgorithmType() { + if this instanceof KnownOpenSslHMacAlgorithmExpr + then result = KeyOpAlg::TMac(KeyOpAlg::HMAC()) + else + if this instanceof KnownOpenSslCMacAlgorithmExpr + then result = KeyOpAlg::TMac(KeyOpAlg::CMAC()) + else result = KeyOpAlg::TMac(KeyOpAlg::OtherMacAlgorithmType()) } + + override Crypto::ConsumerInputDataFlowNode getKeySizeConsumer() { + // TODO: trace to any key size initializer? + none() + } + + override int getKeySizeFixed() { + // TODO: are there known fixed key sizes to consider? + none() + } + + override Crypto::ModeOfOperationAlgorithmInstance getModeOfOperationAlgorithm() { none() } + + override Crypto::PaddingAlgorithmInstance getPaddingAlgorithm() { none() } } class KnownOpenSslHMacConstantAlgorithmInstance extends Crypto::HmacAlgorithmInstance, @@ -60,9 +79,13 @@ class KnownOpenSslHMacConstantAlgorithmInstance extends Crypto::HmacAlgorithmIns // where the current AVC traces to a HashAlgorithmIO consuming operation step. // TODO: need to consider getting reset values, tracing down to the first set for now exists(OperationStep s, AvcContextCreationStep avc | - avc = this.getAvc() and + avc = super.getAvc() and avc.flowsToOperationStep(s) and s.getAlgorithmValueConsumerForInput(HashAlgorithmIO()) = result ) } + + override Crypto::ModeOfOperationAlgorithmInstance getModeOfOperationAlgorithm() { none() } + + override Crypto::PaddingAlgorithmInstance getPaddingAlgorithm() { none() } } diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/PaddingAlgorithmInstance.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/PaddingAlgorithmInstance.qll index d487e05d066..3a3b2d66c28 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/PaddingAlgorithmInstance.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/PaddingAlgorithmInstance.qll @@ -1,10 +1,10 @@ import cpp private import experimental.quantum.Language private import OpenSSLAlgorithmInstanceBase +private import experimental.quantum.OpenSSL.Operations.OpenSSLOperationBase private import experimental.quantum.OpenSSL.AlgorithmInstances.KnownAlgorithmConstants private import AlgToAVCFlow -private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.DirectAlgorithmValueConsumer -private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumerBase +private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers private import codeql.quantum.experimental.Standardization::Types::KeyOpAlg as KeyOpAlg /** @@ -18,13 +18,14 @@ private import codeql.quantum.experimental.Standardization::Types::KeyOpAlg as K * # define RSA_PKCS1_WITH_TLS_PADDING 7 * # define RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING 8 */ -class OpenSslPaddingLiteral extends Literal { +class OpenSslSpecialPaddingLiteral extends Literal { // TODO: we can be more specific about where the literal is in a larger expression // to avoid literals that are clealy not representing an algorithm, e.g., array indices. - OpenSslPaddingLiteral() { this.getValue().toInt() in [0, 1, 3, 4, 5, 6, 7, 8] } + OpenSslSpecialPaddingLiteral() { this.getValue().toInt() in [0, 1, 3, 4, 5, 6, 7, 8] } } /** + * Holds if `e` has the given `type`. * Given a `KnownOpenSslPaddingAlgorithmExpr`, converts this to a padding family type. * Does not bind if there is no mapping (no mapping to 'unknown' or 'other'). */ @@ -45,9 +46,6 @@ predicate knownOpenSslConstantToPaddingFamilyType( ) } -//abstract class OpenSslPaddingAlgorithmInstance extends OpenSslAlgorithmInstance, Crypto::PaddingAlgorithmInstance{} -// TODO: need to alter this to include known padding constants which don't have the -// same mechanics as those with known nids class KnownOpenSslPaddingConstantAlgorithmInstance extends OpenSslAlgorithmInstance, Crypto::PaddingAlgorithmInstance instanceof Expr { @@ -66,7 +64,8 @@ class KnownOpenSslPaddingConstantAlgorithmInstance extends OpenSslAlgorithmInsta // Sink is an argument to a CipherGetterCall sink = getterCall.getInputNode() and // Source is `this` - src.asExpr() = this and + // NOTE: src literals can be ints or strings, so need to consider asExpr and asIndirectExpr + this = [src.asExpr(), src.asIndirectExpr()] and // This traces to a getter KnownOpenSslAlgorithmToAlgorithmValueConsumerFlow::flow(src, sink) and isPaddingSpecificConsumer = false @@ -79,12 +78,13 @@ class KnownOpenSslPaddingConstantAlgorithmInstance extends OpenSslAlgorithmInsta isPaddingSpecificConsumer = false or // Possibility 3: padding-specific literal - this instanceof OpenSslPaddingLiteral and + this instanceof OpenSslSpecialPaddingLiteral and exists(DataFlow::Node src, DataFlow::Node sink | // Sink is an argument to a CipherGetterCall sink = getterCall.getInputNode() and // Source is `this` - src.asExpr() = this and + // NOTE: src literals can be ints or strings, so need to consider asExpr and asIndirectExpr + this = [src.asExpr(), src.asIndirectExpr()] and // This traces to a padding-specific consumer RsaPaddingAlgorithmToPaddingAlgorithmValueConsumerFlow::flow(src, sink) ) and @@ -124,44 +124,6 @@ class KnownOpenSslPaddingConstantAlgorithmInstance extends OpenSslAlgorithmInsta } } -// // Values used for EVP_PKEY_CTX_set_rsa_padding, these are -// // not the same as 'typical' constants found in the set of known algorithm constants -// // they do not have an NID -// // TODO: what about setting the padding directly? -// class KnownRSAPaddingConstant extends OpenSslPaddingAlgorithmInstance, Crypto::PaddingAlgorithmInstance instanceof Literal -// { -// KnownRSAPaddingConstant() { -// // from rsa.h in openssl: -// // # define RSA_PKCS1_PADDING 1 -// // # define RSA_NO_PADDING 3 -// // # define RSA_PKCS1_OAEP_PADDING 4 -// // # define RSA_X931_PADDING 5 -// // /* EVP_PKEY_ only */ -// // # define RSA_PKCS1_PSS_PADDING 6 -// // # define RSA_PKCS1_WITH_TLS_PADDING 7 -// // /* internal RSA_ only */ -// // # define RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING 8 -// this instanceof Literal and -// this.getValue().toInt() in [0, 1, 3, 4, 5, 6, 7, 8] -// // TODO: trace to padding-specific consumers -// RsaPaddingAlgorithmToPaddingAlgorithmValueConsumerFlow -// } -// override string getRawPaddingAlgorithmName() { result = this.(Literal).getValue().toString() } -// override Crypto::TPaddingType getPaddingType() { -// if this.(Literal).getValue().toInt() in [1, 6, 7, 8] -// then result = Crypto::PKCS1_v1_5() -// else -// if this.(Literal).getValue().toInt() = 3 -// then result = Crypto::NoPadding() -// else -// if this.(Literal).getValue().toInt() = 4 -// then result = Crypto::OAEP() -// else -// if this.(Literal).getValue().toInt() = 5 -// then result = Crypto::ANSI_X9_23() -// else result = Crypto::OtherPadding() -// } -// } class OaepPaddingAlgorithmInstance extends Crypto::OaepPaddingAlgorithmInstance, KnownOpenSslPaddingConstantAlgorithmInstance { @@ -170,10 +132,18 @@ class OaepPaddingAlgorithmInstance extends Crypto::OaepPaddingAlgorithmInstance, } override Crypto::HashAlgorithmInstance getOaepEncodingHashAlgorithm() { - none() //TODO + exists(OperationStep s | + this.getAvc().(AvcContextCreationStep).flowsToOperationStep(s) and + s.getAlgorithmValueConsumerForInput(HashAlgorithmOaepIO()) = + result.(OpenSslAlgorithmInstance).getAvc() + ) } override Crypto::HashAlgorithmInstance getMgf1HashAlgorithm() { - none() //TODO + exists(OperationStep s | + this.getAvc().(AvcContextCreationStep).flowsToOperationStep(s) and + s.getAlgorithmValueConsumerForInput(HashAlgorithmMgf1IO()) = + result.(OpenSslAlgorithmInstance).getAvc() + ) } } diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/SignatureAlgorithmInstance.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/SignatureAlgorithmInstance.qll index cc2e5771ffc..dda7aea22dc 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/SignatureAlgorithmInstance.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/SignatureAlgorithmInstance.qll @@ -47,7 +47,8 @@ class KnownOpenSslSignatureConstantAlgorithmInstance extends OpenSslAlgorithmIns // Sink is an argument to a signature getter call sink = getterCall.getInputNode() and // Source is `this` - src.asExpr() = this and + // NOTE: src literals can be ints or strings, so need to consider asExpr and asIndirectExpr + this = [src.asExpr(), src.asIndirectExpr()] and // This traces to a getter KnownOpenSslAlgorithmToAlgorithmValueConsumerFlow::flow(src, sink) ) diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/CipherAlgorithmValueConsumer.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/CipherAlgorithmValueConsumer.qll index b06e55c0817..a2de555d7f4 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/CipherAlgorithmValueConsumer.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/CipherAlgorithmValueConsumer.qll @@ -12,15 +12,17 @@ class EvpCipherAlgorithmValueConsumer extends CipherAlgorithmValueConsumer { DataFlow::Node resultNode; EvpCipherAlgorithmValueConsumer() { - resultNode.asExpr() = this and + resultNode.asIndirectExpr() = this and ( - this.(Call).getTarget().getName() in [ - "EVP_get_cipherbyname", "EVP_get_cipherbyobj", "EVP_get_cipherbynid" - ] and + this.(Call).getTarget().getName() in ["EVP_get_cipherbyname", "EVP_get_cipherbyobj"] and + valueArgNode.asIndirectExpr() = this.(Call).getArgument(0) + or + this.(Call).getTarget().getName() = "EVP_get_cipherbynid" and + // algorithm is an NID (int), use asExpr() valueArgNode.asExpr() = this.(Call).getArgument(0) or this.(Call).getTarget().getName() in ["EVP_CIPHER_fetch", "EVP_ASYM_CIPHER_fetch"] and - valueArgNode.asExpr() = this.(Call).getArgument(1) + valueArgNode.asIndirectExpr() = this.(Call).getArgument(1) ) } diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/DirectAlgorithmValueConsumer.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/DirectAlgorithmValueConsumer.qll index d200cf2a096..3269c41cad6 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/DirectAlgorithmValueConsumer.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/DirectAlgorithmValueConsumer.qll @@ -23,7 +23,7 @@ class DirectAlgorithmValueConsumer extends OpenSslAlgorithmValueConsumer instanc */ override DataFlow::Node getResultNode() { this instanceof OpenSslDirectAlgorithmFetchCall and - result.asExpr() = this + result.asIndirectExpr() = this // NOTE: if instanceof OpenSslDirectAlgorithmOperationCall then there is no algorithm generated // the algorithm is directly used } diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/EllipticCurveAlgorithmValueConsumer.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/EllipticCurveAlgorithmValueConsumer.qll index daf6baf2f03..94272f8abcc 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/EllipticCurveAlgorithmValueConsumer.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/EllipticCurveAlgorithmValueConsumer.qll @@ -12,14 +12,19 @@ class EvpEllipticCurveAlgorithmConsumer extends EllipticCurveValueConsumer { DataFlow::Node resultNode; EvpEllipticCurveAlgorithmConsumer() { - resultNode.asExpr() = this.(Call) and // in all cases the result is the return + resultNode.asIndirectExpr() = this.(Call) and // in all cases the result is the return ( - this.(Call).getTarget().getName() in ["EVP_EC_gen", "EC_KEY_new_by_curve_name"] and + this.(Call).getTarget().getName() = "EVP_EC_gen" and + valueArgNode.asIndirectExpr() = this.(Call).getArgument(0) + or + this.(Call).getTarget().getName() = "EC_KEY_new_by_curve_name" and + // algorithm is an NID (int), use asExpr() valueArgNode.asExpr() = this.(Call).getArgument(0) or this.(Call).getTarget().getName() in [ "EC_KEY_new_by_curve_name_ex", "EVP_PKEY_CTX_set_ec_paramgen_curve_nid" ] and + // algorithm is an NID (int), use asExpr valueArgNode.asExpr() = this.(Call).getArgument(2) ) } diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/HashAlgorithmValueConsumer.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/HashAlgorithmValueConsumer.qll index 114cf78a112..da8a76c27d9 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/HashAlgorithmValueConsumer.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/HashAlgorithmValueConsumer.qll @@ -9,11 +9,11 @@ abstract class HashAlgorithmValueConsumer extends OpenSslAlgorithmValueConsumer /** * An EVP_Q_Digest directly consumes algorithm constant values */ -class Evp_Q_Digest_Algorithm_Consumer extends HashAlgorithmValueConsumer { - Evp_Q_Digest_Algorithm_Consumer() { this.(Call).getTarget().getName() = "EVP_Q_digest" } +class Evp_Q_Digest_Algorithm_Consumer extends HashAlgorithmValueConsumer instanceof Call { + Evp_Q_Digest_Algorithm_Consumer() { super.getTarget().getName() = "EVP_Q_digest" } override Crypto::ConsumerInputDataFlowNode getInputNode() { - result.asExpr() = this.(Call).getArgument(1) + result.asIndirectExpr() = super.getArgument(1) } override Crypto::AlgorithmInstance getAKnownAlgorithmSource() { @@ -42,7 +42,7 @@ class EvpPkeySetCtxALgorithmConsumer extends HashAlgorithmValueConsumer { "EVP_PKEY_CTX_set_rsa_mgf1_md_name", "EVP_PKEY_CTX_set_rsa_oaep_md_name", "EVP_PKEY_CTX_set_dsa_paramgen_md_props" ] and - valueArgNode.asExpr() = this.(Call).getArgument(1) + valueArgNode.asIndirectExpr() = this.(Call).getArgument(1) } override DataFlow::Node getResultNode() { none() } @@ -64,18 +64,18 @@ class EvpDigestAlgorithmValueConsumer extends HashAlgorithmValueConsumer { DataFlow::Node resultNode; EvpDigestAlgorithmValueConsumer() { - resultNode.asExpr() = this and + resultNode.asIndirectExpr() = this and ( this.(Call).getTarget().getName() in [ "EVP_get_digestbyname", "EVP_get_digestbynid", "EVP_get_digestbyobj" ] and - valueArgNode.asExpr() = this.(Call).getArgument(0) + valueArgNode.asIndirectExpr() = this.(Call).getArgument(0) or this.(Call).getTarget().getName() = "EVP_MD_fetch" and - valueArgNode.asExpr() = this.(Call).getArgument(1) + valueArgNode.asIndirectExpr() = this.(Call).getArgument(1) or this.(Call).getTarget().getName() = "EVP_DigestSignInit_ex" and - valueArgNode.asExpr() = this.(Call).getArgument(2) + valueArgNode.asIndirectExpr() = this.(Call).getArgument(2) ) } @@ -87,3 +87,21 @@ class EvpDigestAlgorithmValueConsumer extends HashAlgorithmValueConsumer { exists(OpenSslAlgorithmInstance i | i.getAvc() = this and result = i) } } + +class RsaSignOrVerifyHashAlgorithmValueConsumer extends HashAlgorithmValueConsumer { + DataFlow::Node valueArgNode; + + RsaSignOrVerifyHashAlgorithmValueConsumer() { + this.(Call).getTarget().getName() in ["RSA_sign", "RSA_verify"] and + // arg 0 is an int, use asExpr + valueArgNode.asExpr() = this.(Call).getArgument(0) + } + + override DataFlow::Node getResultNode() { none() } + + override Crypto::ConsumerInputDataFlowNode getInputNode() { result = valueArgNode } + + override Crypto::AlgorithmInstance getAKnownAlgorithmSource() { + exists(OpenSslAlgorithmInstance i | i.getAvc() = this and result = i) + } +} diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/KEMAlgorithmValueConsumer.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/KEMAlgorithmValueConsumer.qll index 830adece0f3..918dc57ff97 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/KEMAlgorithmValueConsumer.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/KEMAlgorithmValueConsumer.qll @@ -11,10 +11,10 @@ class EvpKemAlgorithmValueConsumer extends KemAlgorithmValueConsumer { DataFlow::Node resultNode; EvpKemAlgorithmValueConsumer() { - resultNode.asExpr() = this and + resultNode.asIndirectExpr() = this and ( this.(Call).getTarget().getName() = "EVP_KEM_fetch" and - valueArgNode.asExpr() = this.(Call).getArgument(1) + valueArgNode.asIndirectExpr() = this.(Call).getArgument(1) ) } diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/KeyExchangeAlgorithmValueConsumer.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/KeyExchangeAlgorithmValueConsumer.qll index 88c36a37eb5..b4634b625f9 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/KeyExchangeAlgorithmValueConsumer.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/KeyExchangeAlgorithmValueConsumer.qll @@ -11,10 +11,10 @@ class EvpKeyExchangeAlgorithmValueConsumer extends KeyExchangeAlgorithmValueCons DataFlow::Node resultNode; EvpKeyExchangeAlgorithmValueConsumer() { - resultNode.asExpr() = this and + resultNode.asIndirectExpr() = this and ( this.(Call).getTarget().getName() = "EVP_KEYEXCH_fetch" and - valueArgNode.asExpr() = this.(Call).getArgument(1) + valueArgNode.asIndirectExpr() = this.(Call).getArgument(1) ) } diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/PKeyAlgorithmValueConsumer.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/PKeyAlgorithmValueConsumer.qll index f7c8fef3794..ba5cb8146ad 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/PKeyAlgorithmValueConsumer.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/PKeyAlgorithmValueConsumer.qll @@ -11,7 +11,7 @@ class EvpPKeyAlgorithmConsumer extends PKeyValueConsumer { DataFlow::Node resultNode; EvpPKeyAlgorithmConsumer() { - resultNode.asExpr() = this.(Call) and // in all cases the result is the return + resultNode.asIndirectExpr() = this.(Call) and // in all cases the result is the return ( // NOTE: some of these consumers are themselves key gen operations, // in these cases, the operation will be created separately for the same function. @@ -19,6 +19,7 @@ class EvpPKeyAlgorithmConsumer extends PKeyValueConsumer { "EVP_PKEY_CTX_new_id", "EVP_PKEY_new_raw_private_key", "EVP_PKEY_new_raw_public_key", "EVP_PKEY_new_mac_key" ] and + // Algorithm is an int, use asExpr valueArgNode.asExpr() = this.(Call).getArgument(0) or this.(Call).getTarget().getName() in [ @@ -26,7 +27,8 @@ class EvpPKeyAlgorithmConsumer extends PKeyValueConsumer { "EVP_PKEY_new_raw_public_key_ex", "EVP_PKEY_CTX_ctrl", "EVP_PKEY_CTX_ctrl_uint64", "EVP_PKEY_CTX_ctrl_str", "EVP_PKEY_CTX_set_group_name" ] and - valueArgNode.asExpr() = this.(Call).getArgument(1) + // AAlgorithm is a char*, use asIndirectExpr + valueArgNode.asIndirectExpr() = this.(Call).getArgument(1) or // argInd 2 is 'type' which can be RSA, or EC // if RSA argInd 3 is the key size, else if EC argInd 3 is the curve name @@ -38,10 +40,10 @@ class EvpPKeyAlgorithmConsumer extends PKeyValueConsumer { // Elliptic curve case // If the argInd 3 is a derived type (pointer or array) then assume it is a curve name if this.(Call).getArgument(3).getType().getUnderlyingType() instanceof DerivedType - then valueArgNode.asExpr() = this.(Call).getArgument(3) + then valueArgNode.asIndirectExpr() = this.(Call).getArgument(3) else // All other cases - valueArgNode.asExpr() = this.(Call).getArgument(2) + valueArgNode.asIndirectExpr() = this.(Call).getArgument(2) ) ) } diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/PaddingAlgorithmValueConsumer.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/PaddingAlgorithmValueConsumer.qll index f080fc0f12a..e279f7f1e09 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/PaddingAlgorithmValueConsumer.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/PaddingAlgorithmValueConsumer.qll @@ -14,8 +14,9 @@ class Evp_PKey_Ctx_set_rsa_padding_AlgorithmValueConsumer extends PaddingAlgorit DataFlow::Node resultNode; Evp_PKey_Ctx_set_rsa_padding_AlgorithmValueConsumer() { - resultNode.asExpr() = this and + resultNode.asDefiningArgument() = this.(Call).getArgument(0) and this.(Call).getTarget().getName() = "EVP_PKEY_CTX_set_rsa_padding" and + // algorithm is an int, use asExpr valueArgNode.asExpr() = this.(Call).getArgument(1) } diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/SignatureAlgorithmValueConsumer.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/SignatureAlgorithmValueConsumer.qll index c6f3fb8959c..bcc596bb1ee 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/SignatureAlgorithmValueConsumer.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/SignatureAlgorithmValueConsumer.qll @@ -12,13 +12,13 @@ class EvpSignatureAlgorithmValueConsumer extends SignatureAlgorithmValueConsumer DataFlow::Node resultNode; EvpSignatureAlgorithmValueConsumer() { - resultNode.asExpr() = this and + resultNode.asIndirectExpr() = this and ( // EVP_SIGNATURE this.(Call).getTarget().getName() = "EVP_SIGNATURE_fetch" and - valueArgNode.asExpr() = this.(Call).getArgument(1) + valueArgNode.asIndirectExpr() = this.(Call).getArgument(1) // EVP_PKEY_get1_DSA, EVP_PKEY_get1_RSA - // DSA_SIG_new, DSA_SIG_get0, RSA_sign ? + // DSA_SIG_new, DSA_SIG_get0 ? ) } diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/ArtifactPassthrough.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/ArtifactPassthrough.qll new file mode 100644 index 00000000000..19027137215 --- /dev/null +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/ArtifactPassthrough.qll @@ -0,0 +1,107 @@ +private import experimental.quantum.Language + +/** + * A call to `BN_bn2bin`. + * Commonly used to extract partial bytes from a signature, + * e.g., a signature from DSA_do_sign, passed to DSA_do_verify + * - int BN_bn2bin(const BIGNUM *a, unsigned char *to); + */ +class BnBn2BinCalStep extends AdditionalFlowInputStep { + Call call; + + BnBn2BinCalStep() { + call.getTarget().getName() = "BN_bn2bin" and + call.getArgument(0) = this.asIndirectExpr() + } + + override DataFlow::Node getOutput() { result.asDefiningArgument() = call.getArgument(1) } +} + +/** + * A call to `BN_bin2bn`. + * Commonly used to convert to a signature for DSA_do_verify + * - BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret); + */ +class BnBin2BnCallStep extends AdditionalFlowInputStep { + Call call; + + BnBin2BnCallStep() { + call.getTarget().getName() = "BN_bin2bn" and + call.getArgument(0) = this.asIndirectExpr() + } + + override DataFlow::Node getOutput() { result.asDefiningArgument() = call.getArgument(2) } +} + +/** + * A call to `RSA_set0_key` or `DSA_SIG_set0`. + * Often used in combination with BN_bin2bn, to construct a signature. + */ +class RsaSet0KeyCallStep extends AdditionalFlowInputStep { + Call call; + + RsaSet0KeyCallStep() { + (call.getTarget().getName() = "RSA_set0_key" or call.getTarget().getName() = "DSA_SIG_set0") and + this.asIndirectExpr() in [call.getArgument(1), call.getArgument(2), call.getArgument(3)] + } + + override DataFlow::Node getOutput() { result.asDefiningArgument() = call.getArgument(0) } +} + +/** + * A call to `d2i_DSA_SIG`. This is a pass through of a signature of one form to another. + * - DSA_SIG *d2i_DSA_SIG(DSA_SIG **sig, const unsigned char **pp, long length); + */ +class D2iDsaSigCallStep extends AdditionalFlowInputStep { + Call call; + + D2iDsaSigCallStep() { + call.getTarget().getName() = "d2i_DSA_SIG" and + this.asIndirectExpr() = call.getArgument(1) + } + + override DataFlow::Node getOutput() { + // If arg 0 specified, the same pointer is returned, if not specified + // a new allocation is returned. + result.asDefiningArgument() = call.getArgument(0) or + result.asIndirectExpr() = call + } +} + +/** + * A call to `DSA_SIG_get0`. + * Converts a DSA_Sig into its components, which are commonly used with BN_bn2Bin to + * construct a char* signature. + * - void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); + */ +class DsaSigGet0CallStep extends AdditionalFlowInputStep { + Call call; + + DsaSigGet0CallStep() { + call.getTarget().getName() = "DSA_SIG_get0" and + this.asIndirectExpr() = call.getArgument(0) + } + + override DataFlow::Node getOutput() { + result.asDefiningArgument() = call.getArgument(1) + or + result.asDefiningArgument() = call.getArgument(2) + } +} + +/** + * A call to `EVP_PKEY_get1_RSA` or `EVP_PKEY_get1_DSA` + * - RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey); + * - DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey); + * A key input is converted into a key output, a key is not generated. + */ +class EvpPkeyGet1RsaOrDsa extends AdditionalFlowInputStep { + Call c; + + EvpPkeyGet1RsaOrDsa() { + c.getTarget().getName() = ["EVP_PKEY_get1_RSA", "EVP_PKEY_get1_DSA"] and + this.asIndirectExpr() = c.getArgument(0) + } + + override DataFlow::Node getOutput() { result.asIndirectExpr() = c } +} diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AvcFlow.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AvcFlow.qll index 10aa145804b..1ad988d2ea6 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AvcFlow.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AvcFlow.qll @@ -1,4 +1,4 @@ -import semmle.code.cpp.dataflow.new.DataFlow +import semmle.code.cpp.dataflow.new.TaintTracking private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers /** @@ -13,7 +13,9 @@ module AvcToCallArgConfig implements DataFlow::ConfigSig { * Trace to any call accepting the algorithm. * NOTE: users must restrict this set to the operations they are interested in. */ - predicate isSink(DataFlow::Node sink) { exists(Call c | c.getAnArgument() = sink.asExpr()) } + predicate isSink(DataFlow::Node sink) { + exists(Call c | c.getAnArgument() = [sink.asIndirectExpr(), sink.asExpr()]) + } } -module AvcToCallArgFlow = DataFlow::Global; +module AvcToCallArgFlow = TaintTracking::Global; diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/OpenSSL.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/OpenSSL.qll index 706cac65f8c..2b326690225 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/OpenSSL.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/OpenSSL.qll @@ -4,4 +4,5 @@ module OpenSslModel { import Operations.OpenSSLOperations import Random import GenericSourceCandidateLiteral + import ArtifactPassthrough } diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/CipherOperation.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/CipherOperation.qll index 44e30ddf9fc..13d6a4ae457 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/CipherOperation.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/CipherOperation.qll @@ -3,24 +3,48 @@ private import OpenSSLOperationBase private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers import EVPPKeyCtxInitializer +/** + * A base class for all final cipher operation steps. + */ +abstract class FinalCipherOperationStep extends OperationStep { + override OperationStepType getStepType() { result = FinalStep() } +} + +/** + * A base configuration for all EVP cipher operations. + */ +abstract class EvpCipherOperationFinalStep extends FinalCipherOperationStep { + override DataFlow::Node getInput(IOType type) { + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() + } + + override DataFlow::Node getOutput(IOType type) { + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() + } +} + /** * A base class for all EVP cipher operations. */ abstract class EvpCipherInitializer extends OperationStep { override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() or - result.asExpr() = this.getArgument(1) and + result.asIndirectExpr() = this.getArgument(1) and type = PrimaryAlgorithmIO() and // Constants that are not equal to zero or // non-constants (e.g., variable accesses, which require data-flow to determine the value) // A zero (null) value typically indicates use of this operation step to initialize // other out parameters in a multi-step initialization. - (exists(result.asExpr().getValue()) implies result.asExpr().getValue().toInt() != 0) + ( + exists(result.asIndirectExpr().getValue()) + implies + result.asIndirectExpr().getValue().toInt() != 0 + ) } override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() } override OperationStepType getStepType() { result = InitializerStep() } @@ -38,11 +62,15 @@ abstract class EvpEXInitializer extends EvpCipherInitializer { // non-constants (e.g., variable accesses, which require data-flow to determine the value) // A zero (null) value typically indicates use of this operation step to initialize // other out parameters in a multi-step initialization. - result.asExpr() = this.getArgument(3) and type = KeyIO() + result.asIndirectExpr() = this.getArgument(3) and type = KeyIO() or - result.asExpr() = this.getArgument(4) and type = IVorNonceIO() + result.asIndirectExpr() = this.getArgument(4) and type = IVorNonceIO() ) and - (exists(result.asExpr().getValue()) implies result.asExpr().getValue().toInt() != 0) + ( + exists(result.asIndirectExpr().getValue()) + implies + result.asIndirectExpr().getValue().toInt() != 0 + ) } } @@ -53,9 +81,9 @@ abstract class EvpEX2Initializer extends EvpCipherInitializer { override DataFlow::Node getInput(IOType type) { result = super.getInput(type) or - result.asExpr() = this.getArgument(2) and type = KeyIO() + result.asIndirectExpr() = this.getArgument(2) and type = KeyIO() or - result.asExpr() = this.getArgument(3) and type = IVorNonceIO() + result.asIndirectExpr() = this.getArgument(3) and type = IVorNonceIO() } } @@ -90,6 +118,7 @@ class Evp_Cipher_EX2_or_Simple_Init_Call extends EvpEX2Initializer { result = super.getInput(type) or this.getTarget().getName().toLowerCase().matches("%cipherinit%") and + // the key op subtype is an int, use asExpr result.asExpr() = this.getArgument(4) and type = KeyOperationSubtypeIO() } @@ -107,13 +136,13 @@ class EvpPkeyEncryptDecryptInit extends OperationStep { } override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() or - result.asExpr() = this.getArgument(1) and type = OsslParamIO() + result.asIndirectExpr() = this.getArgument(1) and type = OsslParamIO() } override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() } override OperationStepType getStepType() { result = InitializerStep() } @@ -125,6 +154,7 @@ class EvpCipherInitSKeyCall extends EvpEX2Initializer { override DataFlow::Node getInput(IOType type) { result = super.getInput(type) or + // the key op subtype is an int, use asExpr result.asExpr() = this.getArgument(5) and type = KeyOperationSubtypeIO() } @@ -141,35 +171,20 @@ class EvpCipherUpdateCall extends OperationStep { } override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() or - result.asExpr() = this.getArgument(3) and type = PlaintextIO() + result.asIndirectExpr() = this.getArgument(3) and type = PlaintextIO() } override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this.getArgument(1) and type = CiphertextIO() + result.asDefiningArgument() = this.getArgument(1) and type = CiphertextIO() or - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() } override OperationStepType getStepType() { result = UpdateStep() } } -/** - * A base configuration for all EVP cipher operations. - */ -abstract class EvpCipherOperationFinalStep extends OperationStep { - override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() - } - - override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() - } - - override OperationStepType getStepType() { result = FinalStep() } -} - /** * A Call to EVP_Cipher. */ @@ -179,13 +194,13 @@ class EvpCipherCall extends EvpCipherOperationFinalStep { override DataFlow::Node getInput(IOType type) { super.getInput(type) = result or - result.asExpr() = this.getArgument(2) and type = PlaintextIO() + result.asIndirectExpr() = this.getArgument(2) and type = PlaintextIO() } override DataFlow::Node getOutput(IOType type) { super.getOutput(type) = result or - result.asExpr() = this.getArgument(1) and type = CiphertextIO() + result.asDefiningArgument() = this.getArgument(1) and type = CiphertextIO() } } @@ -216,28 +231,50 @@ class EvpCipherFinalCall extends EvpCipherOperationFinalStep { */ class EvpPKeyCipherOperation extends EvpCipherOperationFinalStep { EvpPKeyCipherOperation() { - this.getTarget().getName() in ["EVP_PKEY_encrypt", "EVP_PKEY_decrypt"] + this.getTarget().getName() in ["EVP_PKEY_encrypt", "EVP_PKEY_decrypt"] and + // TODO: for now ignore this operation entirely if it is setting the cipher text to null + // this needs to be re-evalauted if this scenario sets other values worth tracking + ( + exists(this.(Call).getArgument(1).getValue()) + implies + this.(Call).getArgument(1).getValue().toInt() != 0 + ) } override DataFlow::Node getInput(IOType type) { super.getInput(type) = result or - result.asExpr() = this.getArgument(3) and type = PlaintextIO() + result.asIndirectExpr() = this.getArgument(3) and type = PlaintextIO() } override DataFlow::Node getOutput(IOType type) { super.getOutput(type) = result or - result.asExpr() = this.getArgument(1) and type = CiphertextIO() + result.asDefiningArgument() = this.getArgument(1) and + type = CiphertextIO() and + this.getStepType() = FinalStep() // TODO: could indicate text lengths here, as well } + + override OperationStepType getStepType() { + // When the output buffer is null, the step is not a final step + // it is used to get the buffer size, if 0 consider it an initialization step + // NOTE/TODO: not tracing 0 to the arg, just looking for 0 directly in param + // the assumption is this is the common case, but we may want to make this more + // robust and support a dataflow. + result = FinalStep() and + (exists(super.getArgument(1).getValue()) implies super.getArgument(1).getValue().toInt() != 0) + or + result = InitializerStep() and + super.getArgument(1).getValue().toInt() = 0 + } } /** * An EVP cipher operation instance. * Any operation step that is a final operation step for EVP cipher operation steps. */ -class EvpCipherOperationInstance extends Crypto::KeyOperationInstance instanceof EvpCipherOperationFinalStep +class OpenSslCipherOperationInstance extends Crypto::KeyOperationInstance instanceof FinalCipherOperationStep { override Crypto::AlgorithmValueConsumer getAnAlgorithmValueConsumer() { super.getPrimaryAlgorithmValueConsumer() = result diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPPKeyCtxInitializer.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPPKeyCtxInitializer.qll index 2208407e53c..32823cada5a 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPPKeyCtxInitializer.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPPKeyCtxInitializer.qll @@ -1,5 +1,10 @@ /** * Initializers for EVP PKey + * These are used to create a Pkey context or set properties on a Pkey context + * e.g., key size, hash algorithms, curves, padding schemes, etc. + * Meant to capture more general purpose initializers that aren't necessarily + * tied to a specific operation. If tied to an operation (i.e., in the docs) + * we recommend defining defining all together in the same operation definition qll. * including: * https://docs.openssl.org/3.0/man3/EVP_PKEY_CTX_ctrl/ * https://docs.openssl.org/3.0/man3/EVP_EncryptInit/#synopsis @@ -26,14 +31,16 @@ class EvpNewKeyCtx extends OperationStep instanceof Call { } override DataFlow::Node getInput(IOType type) { - result.asExpr() = keyArg and type = KeyIO() + result.asIndirectExpr() = keyArg and type = KeyIO() or this.getTarget().getName() = "EVP_PKEY_CTX_new_from_pkey" and - result.asExpr() = this.getArgument(0) and + result.asIndirectExpr() = this.getArgument(0) and type = OsslLibContextIO() } - override DataFlow::Node getOutput(IOType type) { result.asExpr() = this and type = ContextIO() } + override DataFlow::Node getOutput(IOType type) { + result.asIndirectExpr() = this and type = ContextIO() + } override OperationStepType getStepType() { result = ContextCreationStep() } } @@ -47,13 +54,13 @@ class EvpCtxSetEcParamgenCurveNidInitializer extends OperationStep { } override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() or - result.asExpr() = this.getArgument(1) and type = PrimaryAlgorithmIO() + result.asIndirectExpr() = this.getArgument(1) and type = PrimaryAlgorithmIO() } override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() } override OperationStepType getStepType() { result = InitializerStep() } @@ -71,23 +78,46 @@ class EvpCtxSetEcParamgenCurveNidInitializer extends OperationStep { * - `EVP_PKEY_CTX_set_ecdh_kdf_md` */ class EvpCtxSetHashInitializer extends OperationStep { + boolean isOaep; + boolean isMgf1; + EvpCtxSetHashInitializer() { this.getTarget().getName() in [ - "EVP_PKEY_CTX_set_signature_md", "EVP_PKEY_CTX_set_rsa_mgf1_md_name", - "EVP_PKEY_CTX_set_rsa_mgf1_md", "EVP_PKEY_CTX_set_rsa_oaep_md_name", - "EVP_PKEY_CTX_set_rsa_oaep_md", "EVP_PKEY_CTX_set_dsa_paramgen_md", + "EVP_PKEY_CTX_set_signature_md", "EVP_PKEY_CTX_set_dsa_paramgen_md", "EVP_PKEY_CTX_set_dh_kdf_md", "EVP_PKEY_CTX_set_ecdh_kdf_md" - ] + ] and + isOaep = false and + isMgf1 = false + or + this.getTarget().getName() in [ + "EVP_PKEY_CTX_set_rsa_mgf1_md_name", "EVP_PKEY_CTX_set_rsa_mgf1_md" + ] and + isOaep = false and + isMgf1 = true + or + this.getTarget().getName() in [ + "EVP_PKEY_CTX_set_rsa_oaep_md_name", + "EVP_PKEY_CTX_set_rsa_oaep_md" + ] and + isOaep = true and + isMgf1 = false } override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() or - result.asExpr() = this.getArgument(1) and type = HashAlgorithmIO() + result.asIndirectExpr() = this.getArgument(1) and + type = HashAlgorithmIO() and + isOaep = false and + isMgf1 = false + or + result.asIndirectExpr() = this.getArgument(1) and type = HashAlgorithmOaepIO() and isOaep = true + or + result.asIndirectExpr() = this.getArgument(1) and type = HashAlgorithmMgf1IO() and isMgf1 = true } override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() } override OperationStepType getStepType() { result = InitializerStep() } @@ -106,13 +136,13 @@ class EvpCtxSetKeySizeInitializer extends OperationStep { } override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() or result.asExpr() = this.getArgument(1) and type = KeySizeIO() } override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() } override OperationStepType getStepType() { result = InitializerStep() } @@ -122,16 +152,16 @@ class EvpCtxSetMacKeyInitializer extends OperationStep { EvpCtxSetMacKeyInitializer() { this.getTarget().getName() = "EVP_PKEY_CTX_set_mac_key" } override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() or result.asExpr() = this.getArgument(2) and type = KeySizeIO() or // the raw key that is configured into the output key - result.asExpr() = this.getArgument(1) and type = KeyIO() + result.asIndirectExpr() = this.getArgument(1) and type = KeyIO() } override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() } override OperationStepType getStepType() { result = InitializerStep() } @@ -143,13 +173,14 @@ class EvpCtxSetPaddingInitializer extends OperationStep { } override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() or + // The algorithm is an int: use asExpr result.asExpr() = this.getArgument(1) and type = PaddingAlgorithmIO() } override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() } override OperationStepType getStepType() { result = InitializerStep() } @@ -161,13 +192,13 @@ class EvpCtxSetSaltLengthInitializer extends OperationStep { } override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() or result.asExpr() = this.getArgument(1) and type = SaltLengthIO() } override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() } override OperationStepType getStepType() { result = InitializerStep() } diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/HashOperation.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/HashOperation.qll index 1878bfbe09f..5b15dc6d76a 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/HashOperation.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/HashOperation.qll @@ -6,6 +6,13 @@ private import experimental.quantum.Language private import OpenSSLOperationBase private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers +/** + * A base class for final digest operations. + */ +abstract class FinalDigestOperation extends OperationStep { + override OperationStepType getStepType() { result = FinalStep() } +} + /** * A call to and EVP digest initializer, such as: * - `EVP_DigestInit` @@ -18,13 +25,13 @@ class EvpDigestInitVariantCalls extends OperationStep instanceof Call { } override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() or - result.asExpr() = this.getArgument(1) and type = PrimaryAlgorithmIO() + result.asIndirectExpr() = this.getArgument(1) and type = PrimaryAlgorithmIO() } override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this.getArgument(0) and + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() } @@ -38,56 +45,49 @@ class EvpDigestUpdateCall extends OperationStep instanceof Call { EvpDigestUpdateCall() { this.getTarget().getName() = "EVP_DigestUpdate" } override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() or - result.asExpr() = this.getArgument(1) and type = PlaintextIO() + result.asIndirectExpr() = this.getArgument(1) and type = PlaintextIO() } override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this.getArgument(0) and + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() } override OperationStepType getStepType() { result = UpdateStep() } } -/** - * A base class for final digest operations. - */ -abstract class EvpFinalDigestOperationStep extends OperationStep { - override OperationStepType getStepType() { result = FinalStep() } -} - /** * A call to `EVP_Q_digest` * https://docs.openssl.org/3.0/man3/EVP_DigestInit/#synopsis */ -class EvpQDigestOperation extends EvpFinalDigestOperationStep instanceof Call { +class EvpQDigestOperation extends FinalDigestOperation instanceof Call { EvpQDigestOperation() { this.getTarget().getName() = "EVP_Q_digest" } override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(1) and type = PrimaryAlgorithmIO() + result.asIndirectExpr() = this.getArgument(1) and type = PrimaryAlgorithmIO() or - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() or - result.asExpr() = this.getArgument(3) and type = PlaintextIO() + result.asIndirectExpr() = this.getArgument(3) and type = PlaintextIO() } override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this.getArgument(0) and + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() or result.asDefiningArgument() = this.getArgument(5) and type = DigestIO() } } -class EvpDigestOperation extends EvpFinalDigestOperationStep instanceof Call { +class EvpDigestOperation extends FinalDigestOperation instanceof Call { EvpDigestOperation() { this.getTarget().getName() = "EVP_Digest" } override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(4) and type = PrimaryAlgorithmIO() + result.asIndirectExpr() = this.getArgument(4) and type = PrimaryAlgorithmIO() or - result.asExpr() = this.getArgument(0) and type = PlaintextIO() + result.asIndirectExpr() = this.getArgument(0) and type = PlaintextIO() } override DataFlow::Node getOutput(IOType type) { @@ -98,27 +98,28 @@ class EvpDigestOperation extends EvpFinalDigestOperationStep instanceof Call { /** * A call to EVP_DigestFinal variants */ -class EvpDigestFinalCall extends EvpFinalDigestOperationStep instanceof Call { +class EvpDigestFinalCall extends FinalDigestOperation instanceof Call { EvpDigestFinalCall() { this.getTarget().getName() in ["EVP_DigestFinal", "EVP_DigestFinal_ex", "EVP_DigestFinalXOF"] } override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() } override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this.getArgument(0) and + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() or result.asDefiningArgument() = this.getArgument(1) and type = DigestIO() + //result.(DataFlow::PostUpdateNode).getPreUpdateNode().asExpr() = this.getArgument(1) } } /** * An openssl digest final hash operation instance */ -class EvpDigestFinalOperationInstance extends Crypto::HashOperationInstance instanceof EvpFinalDigestOperationStep +class OpenSslDigestFinalOperationInstance extends Crypto::HashOperationInstance instanceof FinalDigestOperation { override Crypto::AlgorithmValueConsumer getAnAlgorithmValueConsumer() { super.getPrimaryAlgorithmValueConsumer() = result diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/KeyGenOperation.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/KeyGenOperation.qll index 2c146aec97f..e19d65c65ae 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/KeyGenOperation.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/KeyGenOperation.qll @@ -13,10 +13,12 @@ class ECKeyGen extends OperationStep instanceof Call { ECKeyGen() { this.(Call).getTarget().getName() = "EC_KEY_generate_key" } override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.(Call).getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.(Call).getArgument(0) and type = ContextIO() } - override DataFlow::Node getOutput(IOType type) { result.asExpr() = this and type = KeyIO() } + override DataFlow::Node getOutput(IOType type) { + result.asDefiningArgument() = this and type = KeyIO() + } override OperationStepType getStepType() { result = ContextCreationStep() } } @@ -33,16 +35,19 @@ class EvpKeyGenInitialize extends OperationStep { } override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() } override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() } override OperationStepType getStepType() { result = InitializerStep() } } +/** + * A base class for final key generation operation steps. + */ abstract class KeyGenFinalOperationStep extends OperationStep { override OperationStepType getStepType() { result = FinalStep() } } @@ -54,26 +59,26 @@ class EvpPKeyQKeyGen extends KeyGenFinalOperationStep instanceof Call { EvpPKeyQKeyGen() { this.getTarget().getName() = "EVP_PKEY_Q_keygen" } override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() or - result.asExpr() = this and type = KeyIO() + result.asDefiningArgument() = this and type = KeyIO() } override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() or // When arg 3 is a derived type, it is a curve name, otherwise it is a key size for RSA if provided // and arg 2 is the algorithm type this.getArgument(3).getType().getUnderlyingType() instanceof DerivedType and - result.asExpr() = this.getArgument(3) and + result.asIndirectExpr() = this.getArgument(3) and type = PrimaryAlgorithmIO() or not this.getArgument(3).getType().getUnderlyingType() instanceof DerivedType and - result.asExpr() = this.getArgument(2) and + result.asIndirectExpr() = this.getArgument(2) and type = PrimaryAlgorithmIO() or not this.getArgument(3).getType().getUnderlyingType() instanceof DerivedType and - result.asExpr() = this.getArgument(3) and + result.asIndirectExpr() = this.getArgument(3) and type = KeySizeIO() } } @@ -84,7 +89,9 @@ class EvpPKeyQKeyGen extends KeyGenFinalOperationStep instanceof Call { class EvpRsaGen extends KeyGenFinalOperationStep instanceof Call { EvpRsaGen() { this.getTarget().getName() = "EVP_RSA_gen" } - override DataFlow::Node getOutput(IOType type) { result.asExpr() = this and type = KeyIO() } + override DataFlow::Node getOutput(IOType type) { + result.asDefiningArgument() = this and type = KeyIO() + } override DataFlow::Node getInput(IOType type) { result.asExpr() = this.getArgument(0) and type = KeySizeIO() @@ -97,7 +104,9 @@ class EvpRsaGen extends KeyGenFinalOperationStep instanceof Call { class RsaGenerateKey extends KeyGenFinalOperationStep instanceof Call { RsaGenerateKey() { this.getTarget().getName() = "RSA_generate_key" } - override DataFlow::Node getOutput(IOType type) { result.asExpr() = this and type = KeyIO() } + override DataFlow::Node getOutput(IOType type) { + result.asDefiningArgument() = this and type = KeyIO() + } override DataFlow::Node getInput(IOType type) { result.asExpr() = this.getArgument(0) and type = KeySizeIO() @@ -117,7 +126,7 @@ class RsaGenerateKeyEx extends KeyGenFinalOperationStep instanceof Call { override DataFlow::Node getInput(IOType type) { // arg 0 comes in as a blank RSA key, which we consider a context, // on output it is considered a key - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() } } @@ -128,13 +137,13 @@ class EvpPkeyGen extends KeyGenFinalOperationStep instanceof Call { EvpPkeyGen() { this.getTarget().getName() in ["EVP_PKEY_generate", "EVP_PKEY_keygen"] } override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() } override DataFlow::Node getOutput(IOType type) { result.asDefiningArgument() = this.getArgument(1) and type = KeyIO() or - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() } } @@ -146,18 +155,14 @@ class EvpNewMacKey extends KeyGenFinalOperationStep { EvpNewMacKey() { this.getTarget().getName() = "EVP_PKEY_new_mac_key" } override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() - or // the raw key that is configured into the output key - result.asExpr() = this.getArgument(2) and type = KeyIO() + result.asIndirectExpr() = this.getArgument(2) and type = KeyIO() or result.asExpr() = this.getArgument(3) and type = KeySizeIO() } override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this and type = KeyIO() - or - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this and type = KeyIO() } } @@ -165,7 +170,7 @@ class EvpNewMacKey extends KeyGenFinalOperationStep { /** * An `KeyGenerationOperationInstance` for the for all key gen final operation steps. */ -class KeyGenOperationInstance extends Crypto::KeyGenerationOperationInstance instanceof KeyGenFinalOperationStep +class OpenSslKeyGenOperationInstance extends Crypto::KeyGenerationOperationInstance instanceof KeyGenFinalOperationStep { override Crypto::AlgorithmValueConsumer getAnAlgorithmValueConsumer() { super.getPrimaryAlgorithmValueConsumer() = result diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/OpenSSLOperationBase.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/OpenSSLOperationBase.qll index f1ab394ad78..5c0aa98dd0c 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/OpenSSLOperationBase.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/OpenSSLOperationBase.qll @@ -1,6 +1,6 @@ private import experimental.quantum.Language private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers -import semmle.code.cpp.dataflow.new.DataFlow +import semmle.code.cpp.dataflow.new.TaintTracking // Importing these intializers here to ensure the are part of any model that is // using OpenSslOperationBase. This further ensures that initializers are tied to opeartions // even if only importing the operation by itself. @@ -58,7 +58,11 @@ newtype TIOType = // For OSSL_PARAM and OSSL_LIB_CTX use of OsslParamIO and OsslLibContextIO ContextIO() or DigestIO() or + // For OAEP and MGF1 hashes, there is a special IO type for these hashes + // it is recommended to set the most explicit type known, not both HashAlgorithmIO() or + HashAlgorithmOaepIO() or + HashAlgorithmMgf1IO() or IVorNonceIO() or KeyIO() or KeyOperationSubtypeIO() or @@ -71,11 +75,13 @@ newtype TIOType = PaddingAlgorithmIO() or // Plaintext also includes a message for digest, signature, verification, and mac generation PlaintextIO() or + PlaintextSizeIO() or PrimaryAlgorithmIO() or RandomSourceIO() or SaltLengthIO() or SeedIO() or - SignatureIO() + SignatureIO() or + SignatureSizeIO() private string ioTypeToString(TIOType t) { t = CiphertextIO() and result = "CiphertextIO" @@ -104,6 +110,8 @@ private string ioTypeToString(TIOType t) { or t = PlaintextIO() and result = "PlaintextIO" or + t = PlaintextSizeIO() and result = "PlaintextSizeIO" + or t = PrimaryAlgorithmIO() and result = "PrimaryAlgorithmIO" or t = RandomSourceIO() and result = "RandomSourceIO" @@ -113,6 +121,8 @@ private string ioTypeToString(TIOType t) { t = SeedIO() and result = "SeedIO" or t = SignatureIO() and result = "SignatureIO" + or + t = SignatureSizeIO() and result = "SignatureSizeIO" } class IOType extends TIOType { @@ -123,13 +133,13 @@ class IOType extends TIOType { } } -//TODO: add more initializers as needed /** * The type of step in an `OperationStep`. * - `ContextCreationStep`: the creation of a context from an algorithm or key. * for example `EVP_MD_CTX_create(EVP_sha256())` or `EVP_PKEY_CTX_new(pkey, NULL)` - * - `InitializerStep`: the initialization of an operation through some sort of shared/accumulated context - * for example `EVP_DigestInit_ex(ctx, EVP_sha256(), NULL)` + * - `InitializerStep`: the initialization of an operation or state through some sort of shared/accumulated context + * for example `EVP_DigestInit_ex(ctx, EVP_sha256(), NULL)`, may also be used for pass through + * configuration, for example `EVP_PKEY_get1_RSA(key)` where a pkey is input into an RSA key return. * - `UpdateStep`: any operation that has and update/final paradigm, the update represents an intermediate step in an operation, * such as `EVP_DigestUpdate(ctx, data, len)` * - `FinalStep`: an ultimate operation step. This may be an explicit 'final' in an update/final paradigm, but not necessarily. @@ -189,7 +199,7 @@ abstract class OperationStep extends Call { */ predicate flowsToOperationStep(OperationStep sink) { sink = this or - OperationStepFlow::flow(this.getAnOutput(), sink.getAnInput()) + OperationStepCtxFlow::flow(this.getAnOutput(), [sink.getAnInput(), sink.getAnOutput()]) } /** @@ -198,7 +208,7 @@ abstract class OperationStep extends Call { */ predicate flowsFromOperationStep(OperationStep source) { source = this or - OperationStepFlow::flow(source.getAnOutput(), this.getAnInput()) + OperationStepCtxFlow::flow(source.getAnOutput(), [this.getAnInput(), this.getAnOutput()]) } /** @@ -220,10 +230,13 @@ abstract class OperationStep extends Call { result.setsValue(type) and ( // Do not consider a 'reset' to occur on updates + // but only for resets that are part of the same update/finalize + // progression (e.g., an update for an unrelated finalize is ignored) result.getStepType() = UpdateStep() or not exists(OperationStep reset | result != reset and + result != this and reset.setsValue(type) and reset.flowsToOperationStep(this) and result.flowsToOperationStep(reset) @@ -245,8 +258,11 @@ abstract class OperationStep extends Call { /** * Gets an AVC for the primary algorithm for this operation. - * A primary algorithm is an AVC that flows to a ctx input directly or - * an AVC that flows to a primary algorithm input directly. + * A primary algorithm is an AVC that either: + * 0) `this` is an AVC (consider direct algorithm consumers like RSA_sign (algorithm is implicit) or EVP_PKEY_new_mac_key (NID is first arg) ) + * 1) flows to a ctx input directly or + * 2) flows to a primary algorithm input directly or + * 3) flows to a key input directly (algorithm held in a key will be considered primary) * See `AvcContextCreationStep` for details about resetting scenarios. * Gets the first OperationStep an AVC flows to. If a context input, * the AVC is considered primary. @@ -254,19 +270,24 @@ abstract class OperationStep extends Call { * operation step (dominating operation step, see `getDominatingInitializersToStep`). */ Crypto::AlgorithmValueConsumer getPrimaryAlgorithmValueConsumer() { - exists(DataFlow::Node src, DataFlow::Node sink, IOType t, OperationStep avcSucc | - (t = PrimaryAlgorithmIO() or t = ContextIO()) and - avcSucc.flowsToOperationStep(this) and - src.asExpr() = result and - sink = avcSucc.getInput(t) and + this instanceof Crypto::AlgorithmValueConsumer and result = this + or + exists( + DataFlow::Node src, DataFlow::Node sink, IOType srcIntype, OperationStep avcConsumingPred + | + (srcIntype = ContextIO() or srcIntype = PrimaryAlgorithmIO() or srcIntype = KeyIO()) and + avcConsumingPred.flowsToOperationStep(this) and + src.asIndirectExpr() = result and + sink = avcConsumingPred.getInput(srcIntype) and AvcToOperationStepFlow::flow(src, sink) and ( - // Case 1: the avcSucc step is a dominating initialization step - t = PrimaryAlgorithmIO() and - avcSucc = this.getDominatingInitializersToStep(PrimaryAlgorithmIO()) + // Case 1: the avcConsumingPred step is a dominating primary algorithm initialization step + // or dominating key initialization step + (srcIntype = PrimaryAlgorithmIO() or srcIntype = KeyIO()) and + avcConsumingPred = this.getDominatingInitializersToStep(srcIntype) or - // Case 2: the succ is a context input (any avcSucc is valid) - t = ContextIO() + // Case 2: the pred is a context input + srcIntype = ContextIO() ) ) } @@ -277,9 +298,11 @@ abstract class OperationStep extends Call { * TODO: generalize to use this for `getPrimaryAlgorithmValueConsumer` */ Crypto::AlgorithmValueConsumer getAlgorithmValueConsumerForInput(IOType type) { + result = this and this.setsValue(type) + or exists(DataFlow::Node src, DataFlow::Node sink | AvcToOperationStepFlow::flow(src, sink) and - src.asExpr() = result and + src.asIndirectExpr() = result and sink = this.getInput(type) ) } @@ -357,7 +380,7 @@ private class CtxCopyOutArgCall extends CtxPassThroughCall { CtxCopyOutArgCall() { this.getTarget().getName().toLowerCase().matches("%copy%") and - n1.asExpr() = this.getAnArgument() and + n1.asIndirectExpr() = this.getAnArgument() and n1.getType() instanceof CtxType and n2.asDefiningArgument() = this.getAnArgument() and n2.getType() instanceof CtxType and @@ -378,16 +401,18 @@ private class CtxCopyReturnCall extends CtxPassThroughCall, CtxPointerExpr { CtxCopyReturnCall() { this.getTarget().getName().toLowerCase().matches("%dup%") and - n1.asExpr() = this.getAnArgument() and + n1.asIndirectExpr() = this.getAnArgument() and n1.getType() instanceof CtxType } override DataFlow::Node getNode1() { result = n1 } - override DataFlow::Node getNode2() { result.asExpr() = this } + override DataFlow::Node getNode2() { result.asIndirectExpr() = this } } -// TODO: is this still needed? +// TODO: is this still needed? It appears to be (tests fail without it) but +// I don't know why as EVP_PKEY_paramgen is an operation step and we pass through +// operation steps already. /** * A call to `EVP_PKEY_paramgen` acts as a kind of pass through. * It's output pkey is eventually used in a new operation generating @@ -401,34 +426,10 @@ private class CtxParamGenCall extends CtxPassThroughCall { CtxParamGenCall() { this.getTarget().getName() = "EVP_PKEY_paramgen" and - n1.asExpr() = this.getArgument(0) and - ( - n2.asExpr() = this.getArgument(1) - or - n2.asDefiningArgument() = this.getArgument(1) - ) - } - - override DataFlow::Node getNode1() { result = n1 } - - override DataFlow::Node getNode2() { result = n2 } -} - -//TODO: I am not sure CallArgToCtxRet is needed anymore -/** - * If the current node is an argument to a function - * that returns a pointer type, immediately flow through. - * NOTE: this passthrough is required if we allow - * intermediate steps to go into variables that are not a CTX type. - * See for example `CtxParamGenCall`. - */ -private class CallArgToCtxRet extends CtxPassThroughCall, CtxPointerExpr { - DataFlow::Node n1; - DataFlow::Node n2; - - CallArgToCtxRet() { - this.getAnArgument() = n1.asExpr() and - n2.asExpr() = this + //Arg 0 is *ctx + n1.asIndirectExpr() = this.getArgument(0) and + //Arg 1 is **pkey + n2.asDefiningArgument() = this.getArgument(1) } override DataFlow::Node getNode1() { result = n1 } @@ -439,7 +440,7 @@ private class CallArgToCtxRet extends CtxPassThroughCall, CtxPointerExpr { /** * A flow configuration from any non-final `OperationStep` to any other `OperationStep`. */ -module OperationStepFlowConfig implements DataFlow::ConfigSig { +module OperationStepCtxFlowConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { exists(OperationStep s | s.getAnOutput() = source or @@ -455,22 +456,39 @@ module OperationStepFlowConfig implements DataFlow::ConfigSig { } predicate isBarrier(DataFlow::Node node) { - exists(CtxClearCall c | c.getAnArgument() = node.asExpr()) + exists(CtxClearCall c | c.getAnArgument() = [node.asExpr(), node.asIndirectExpr()]) } predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { + node1.(AdditionalFlowInputStep).getOutput() = node2 + or exists(CtxPassThroughCall c | c.getNode1() = node1 and c.getNode2() = node2) or - // Flow out through all outputs from an operation step if more than one output - // is defined. - exists(OperationStep s | s.getAnInput() = node1 and s.getAnOutput() = node2) + // Flow only through context and key inputs and outputs + // keys and context generally hold unifying context that link multiple steps + // Flow only out of finalize operations through key outputs, otherwise stop at final operations + exists(OperationStep s, IOType inType, IOType outType | + (s.getStepType() = FinalStep() implies outType = KeyIO()) and + ( + inType = ContextIO() + or + inType = KeyIO() + ) and + ( + outType = ContextIO() + or + outType = KeyIO() + ) and + s.getInput(inType) = node1 and + s.getOutput(outType) = node2 + ) // TODO: consideration for additional alises defined as follows: // if an output from an operation step itself flows from the output of another operation step // then the source of that flow's outputs (all of them) are potential aliases } } -module OperationStepFlow = DataFlow::Global; +module OperationStepCtxFlow = TaintTracking::Global; /** * A flow from AVC to the first `OperationStep` the AVC reaches as an input. @@ -483,7 +501,7 @@ module AvcToOperationStepFlowConfig implements DataFlow::ConfigSig { predicate isSink(DataFlow::Node sink) { exists(OperationStep s | s.getAnInput() = sink) } predicate isBarrier(DataFlow::Node node) { - exists(CtxClearCall c | c.getAnArgument() = node.asExpr()) + exists(CtxClearCall c | c.getAnArgument() = [node.asExpr(), node.asIndirectExpr()]) } /** @@ -496,7 +514,7 @@ module AvcToOperationStepFlowConfig implements DataFlow::ConfigSig { } } -module AvcToOperationStepFlow = DataFlow::Global; +module AvcToOperationStepFlow = TaintTracking::Global; module EncValToInitEncArgConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source.asExpr().getValue().toInt() in [0, 1] } @@ -506,7 +524,7 @@ module EncValToInitEncArgConfig implements DataFlow::ConfigSig { } } -module EncValToInitEncArgFlow = DataFlow::Global; +module EncValToInitEncArgFlow = TaintTracking::Global; private Crypto::KeyOperationSubtype intToCipherOperationSubtype(int i) { i = 0 and diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/SignatureOperation.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/SignatureOperation.qll index b9b498ee8df..f5e9ad354ad 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/SignatureOperation.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/SignatureOperation.qll @@ -6,12 +6,25 @@ private import experimental.quantum.Language private import experimental.quantum.OpenSSL.AvcFlow private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers private import experimental.quantum.OpenSSL.Operations.OpenSSLOperations +private import experimental.quantum.OpenSSL.AlgorithmInstances.OpenSSLAlgorithmInstances -// TODO: verification functions /** * A base class for final signature operations. + * The operation must be known to always be a signature operation, + * and not a MAC operation. Used for both verification and signing. + * NOTE: even an operation that may be a mac or signature but is known to take in + * only signature configurations should extend `SignatureOrMacFinalOperation`. */ -abstract class EvpSignatureFinalOperation extends OperationStep { +abstract class SignatureFinalOperation extends OperationStep { + override OperationStepType getStepType() { result = FinalStep() } +} + +/** + * A base class for final signature or MAC operations. + * The operation must be known to always be a signature or MAC operation. + * Used for both verification or signing. + */ +abstract class SignatureOrMacFinalOperation extends OperationStep { override OperationStepType getStepType() { result = FinalStep() } } @@ -24,36 +37,32 @@ class EvpSignatureDigestInitializer extends OperationStep { } override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() or this.getTarget().getName() = "EVP_DigestSignInit_ex" and - result.asExpr() = this.getArgument(3) and + result.asIndirectExpr() = this.getArgument(3) and type = OsslLibContextIO() or - result.asExpr() = this.getArgument(2) and type = HashAlgorithmIO() + result.asIndirectExpr() = this.getArgument(2) and type = HashAlgorithmIO() or this.getTarget().getName() = "EVP_DigestSignInit" and - result.asExpr() = this.getArgument(4) and + result.asIndirectExpr() = this.getArgument(4) and type = KeyIO() or this.getTarget().getName() = "EVP_DigestSignInit_ex" and - result.asExpr() = this.getArgument(5) and + result.asIndirectExpr() = this.getArgument(5) and type = KeyIO() or this.getTarget().getName() = "EVP_DigestSignInit_ex" and - result.asExpr() = this.getArgument(6) and + result.asIndirectExpr() = this.getArgument(6) and type = OsslParamIO() } override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() or // EVP_PKEY_CTX - result.asExpr() = this.getArgument(1) and type = ContextIO() - or - this.getTarget().getName() = "EVP_DigestSignInit_ex" and - result.asExpr() = this.getArgument(6) and - type = ContextIO() + result.asDefiningArgument() = this.getArgument(1) and type = ContextIO() } override OperationStepType getStepType() { result = InitializerStep() } @@ -66,13 +75,13 @@ class EvpSignInit extends OperationStep { EvpSignInit() { this.getTarget().getName() in ["EVP_SignInit", "EVP_SignInit_ex"] } override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() or - result.asExpr() = this.getArgument(1) and type = HashAlgorithmIO() + result.asIndirectExpr() = this.getArgument(1) and type = HashAlgorithmIO() } override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() } override OperationStepType getStepType() { result = InitializerStep() } @@ -94,22 +103,22 @@ class EvpPkeySignInit extends OperationStep { } override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() or this.getTarget().getName() in ["EVP_PKEY_sign_init_ex2", "EVP_PKEY_sign_message_init"] and - result.asExpr() = this.getArgument(1) and + result.asIndirectExpr() = this.getArgument(1) and type = PrimaryAlgorithmIO() or this.getTarget().getName() = "EVP_PKEY_sign_init_ex" and - result.asExpr() = this.getArgument(1) and + result.asIndirectExpr() = this.getArgument(1) and type = OsslParamIO() or // Argument 2 (0 based) only exists for EVP_PKEY_sign_init_ex2 and EVP_PKEY_sign_message_init - result.asExpr() = this.getArgument(2) and type = OsslParamIO() + result.asIndirectExpr() = this.getArgument(2) and type = OsslParamIO() } override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() } override OperationStepType getStepType() { result = InitializerStep() } @@ -126,13 +135,13 @@ class EvpSignatureUpdateCall extends OperationStep { } override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() or - result.asExpr() = this.getArgument(1) and type = PlaintextIO() + result.asIndirectExpr() = this.getArgument(1) and type = PlaintextIO() } override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() } override OperationStepType getStepType() { result = UpdateStep() } @@ -141,73 +150,496 @@ class EvpSignatureUpdateCall extends OperationStep { /** * A call to EVP_SignFinal or EVP_SignFinal_ex. */ -class EvpSignFinal extends EvpSignatureFinalOperation { +class EvpSignFinal extends SignatureFinalOperation { EvpSignFinal() { this.getTarget().getName() in ["EVP_SignFinal_ex", "EVP_SignFinal"] } override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() or - result.asExpr() = this.getArgument(3) and type = KeyIO() + result.asIndirectExpr() = this.getArgument(3) and type = KeyIO() or // params above 3 (0-based) only exist for EVP_SignFinal_ex - result.asExpr() = this.getArgument(4) and + result.asIndirectExpr() = this.getArgument(4) and type = OsslLibContextIO() } override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() or - result.asExpr() = this.getArgument(1) and type = SignatureIO() + result.asDefiningArgument() = this.getArgument(1) and type = SignatureIO() + or + result.asDefiningArgument() = this.getArgument(2) and type = SignatureSizeIO() } } /** - * A call to EVP_DigestSign or EVP_PKEY_sign. + * A call to EVP_PKEY_sign. */ -class EvpDigestSign extends EvpSignatureFinalOperation { - EvpDigestSign() { this.getTarget().getName() in ["EVP_DigestSign", "EVP_PKEY_sign"] } +class EvpPkeySign extends SignatureFinalOperation { + EvpPkeySign() { + this.getTarget().getName() = "EVP_PKEY_sign" and + // Setting signature to NULL is not a final sign step but an + // intermediary step used to get the required buffer size. + // not tracking these calls. + ( + exists(this.(Call).getArgument(1).getValue()) + implies + this.(Call).getArgument(1).getValue().toInt() != 0 + ) + } override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() or - result.asExpr() = this.getArgument(3) and type = PlaintextIO() + result.asIndirectExpr() = this.getArgument(3) and type = PlaintextIO() } override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() or - result.asExpr() = this.getArgument(1) and type = SignatureIO() + result.asDefiningArgument() = this.getArgument(1) and type = SignatureIO() } } /** - * A call to EVP_DigestSignFinal or EVP_PKEY_sign_message_final. + * A call to EVP_DigestSign. + * This is a mac or sign operation. */ -class EvpDigestAndPkeySignFinal extends EvpSignatureFinalOperation { - EvpDigestAndPkeySignFinal() { - this.getTarget().getName() in [ - "EVP_DigestSignFinal", - "EVP_PKEY_sign_message_final" - ] - } +class EvpDigestSign extends SignatureOrMacFinalOperation { + EvpDigestSign() { this.getTarget().getName() = "EVP_DigestSign" } override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() + or + result.asIndirectExpr() = this.getArgument(3) and type = PlaintextIO() } override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() or - result.asExpr() = this.getArgument(1) and type = SignatureIO() + result.asDefiningArgument() = this.getArgument(1) and type = SignatureIO() + } +} + +/** + * A call to EVP_PKEY_sign_message_final. + */ +class EvpPkeySignFinal extends SignatureFinalOperation { + EvpPkeySignFinal() { + this.getTarget().getName() = "EVP_PKEY_sign_message_final" and + // Setting signature to NULL is not a final sign step but an + // intermediary step used to get the required buffer size. + // not tracking these calls. + ( + exists(this.(Call).getArgument(1).getValue()) + implies + this.(Call).getArgument(1).getValue().toInt() != 0 + ) + } + + override DataFlow::Node getInput(IOType type) { + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() + } + + override DataFlow::Node getOutput(IOType type) { + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() + or + result.asDefiningArgument() = this.getArgument(1) and type = SignatureIO() + or + result.asExpr() = this.getArgument(2) and type = SignatureSizeIO() + } +} + +/** + * A call to EVP_DigestSignFinal. + * This is a mac or sign operation. + */ +class EvpDigestSignFinal extends SignatureOrMacFinalOperation { + EvpDigestSignFinal() { + this.getTarget().getName() = "EVP_DigestSignFinal" and + // Setting signature to NULL is not a final sign step but an + // intermediary step used to get the required buffer size. + // not tracking these calls. + ( + exists(this.(Call).getArgument(1).getValue()) + implies + this.(Call).getArgument(1).getValue().toInt() != 0 + ) + } + + override DataFlow::Node getInput(IOType type) { + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() + } + + override DataFlow::Node getOutput(IOType type) { + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() + or + result.asDefiningArgument() = this.getArgument(1) and type = SignatureIO() } override OperationStepType getStepType() { result = FinalStep() } } /** - * An EVP signature operation instance. + * A call to EVP_DigestVerifyInit or EVP_DigestVerifyInit_ex. */ -class EvpSignatureOperationInstance extends Crypto::SignatureOperationInstance instanceof EvpSignatureFinalOperation +class EvpDigestVerifyInit extends OperationStep { + EvpDigestVerifyInit() { + this.getTarget().getName() in ["EVP_DigestVerifyInit", "EVP_DigestVerifyInit_ex"] + } + + override DataFlow::Node getInput(IOType type) { + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() + or + result.asIndirectExpr() = this.getArgument(2) and type = HashAlgorithmIO() + or + this.getTarget().getName() = "EVP_DigestVerifyInit_ex" and + result.asIndirectExpr() = this.getArgument(3) and + type = OsslLibContextIO() + or + this.getTarget().getName() = "EVP_DigestVerifyInit_ex" and + result.asIndirectExpr() = this.getArgument(5) and + type = KeyIO() + or + this.getTarget().getName() = "EVP_DigestVerifyInit" and + result.asIndirectExpr() = this.getArgument(4) and + type = KeyIO() + or + this.getTarget().getName() = "EVP_DigestVerifyInit_ex" and + result.asIndirectExpr() = this.getArgument(6) and + type = OsslParamIO() + } + + override DataFlow::Node getOutput(IOType type) { + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() + or + result.asDefiningArgument() = this.getArgument(1) and type = ContextIO() + } + + override OperationStepType getStepType() { result = InitializerStep() } +} + +/** + * A call to EVP_DigestVerifyUpdate. + */ +class EvpDigestVerifyUpdate extends OperationStep { + EvpDigestVerifyUpdate() { this.getTarget().getName() = "EVP_DigestVerifyUpdate" } + + override DataFlow::Node getInput(IOType type) { + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() + or + result.asIndirectExpr() = this.getArgument(1) and type = PlaintextIO() + } + + override DataFlow::Node getOutput(IOType type) { + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() + } + + override OperationStepType getStepType() { result = UpdateStep() } +} + +/** + * A call to EVP_DigestVerifyFinal + */ +class EvpDigestVerifyFinal extends SignatureFinalOperation { + EvpDigestVerifyFinal() { this.getTarget().getName() = "EVP_DigestVerifyFinal" } + + override DataFlow::Node getInput(IOType type) { + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() + or + result.asIndirectExpr() = this.getArgument(1) and type = SignatureIO() + } + + override DataFlow::Node getOutput(IOType type) { + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() + } +} + +/** + * A call to EVP_DigestVerify + */ +class EvpDigestVerify extends SignatureFinalOperation { + EvpDigestVerify() { this.getTarget().getName() = "EVP_DigestVerify" } + + override DataFlow::Node getInput(IOType type) { + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() + or + result.asIndirectExpr() = this.getArgument(1) and type = SignatureIO() + or + result.asIndirectExpr() = this.getArgument(3) and type = PlaintextIO() + } + + override DataFlow::Node getOutput(IOType type) { + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() + } +} + +/** + * A call to `EVP_PKEY_verify_init`, `EVP_PKEY_verify_init_ex`, + * `EVP_PKEY_verify_init_ex2`, or `EVP_PKEY_verify_message_init` + * https://docs.openssl.org/master/man3/EVP_PKEY_verify/#synopsis + */ +class EvpVerifyInit extends OperationStep { + EvpVerifyInit() { + this.getTarget().getName() in [ + "EVP_PKEY_verify_init", "EVP_PKEY_verify_init_ex", "EVP_PKEY_verify_init_ex2", + "EVP_PKEY_verify_message_init" + ] + } + + override DataFlow::Node getInput(IOType type) { + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() + or + this.getTarget().getName() = "EVP_PKEY_verify_init_ex" and + result.asIndirectExpr() = this.getArgument(1) and + type = OsslParamIO() + or + this.getTarget().getName() in ["EVP_PKEY_verify_init_ex2", "EVP_PKEY_verify_message_init"] and + result.asIndirectExpr() = this.getArgument(1) and + type = PrimaryAlgorithmIO() + or + this.getTarget().getName() in ["EVP_PKEY_verify_init_ex2", "EVP_PKEY_verify_message_init"] and + result.asIndirectExpr() = this.getArgument(2) and + type = OsslParamIO() + } + + override DataFlow::Node getOutput(IOType type) { + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() + } + + override OperationStepType getStepType() { result = InitializerStep() } +} + +/** + * A call to `EVP_PKEY_CTX_set_signature` + * https://docs.openssl.org/master/man3/EVP_PKEY_verify/ + */ +class EvpCtxSetSignatureInitializer extends OperationStep { + EvpCtxSetSignatureInitializer() { this.getTarget().getName() = "EVP_PKEY_CTX_set_signature" } + + override DataFlow::Node getInput(IOType type) { + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() + or + result.asIndirectExpr() = this.getArgument(1) and type = SignatureIO() + or + result.asExpr() = this.getArgument(2) and type = SignatureSizeIO() + } + + override DataFlow::Node getOutput(IOType type) { + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() + } + + override OperationStepType getStepType() { result = InitializerStep() } +} + +/** + * A call to `EVP_PKEY_verify_message_update`. + */ +class EvpVerifyMessageUpdate extends OperationStep { + EvpVerifyMessageUpdate() { this.getTarget().getName() = "EVP_PKEY_verify_message_update" } + + override DataFlow::Node getInput(IOType type) { + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() + or + result.asIndirectExpr() = this.getArgument(1) and type = PlaintextIO() + or + result.asExpr() = this.getArgument(2) and type = PlaintextSizeIO() + } + + override DataFlow::Node getOutput(IOType type) { + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() + } + + override OperationStepType getStepType() { result = UpdateStep() } +} + +/** + * A call to `EVP_PKEY_verify_message_final`. + */ +class EvpVerifyMessageFinal extends SignatureFinalOperation { + EvpVerifyMessageFinal() { this.getTarget().getName() = "EVP_PKEY_verify_message_final" } + + override DataFlow::Node getInput(IOType type) { + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() + } + + override DataFlow::Node getOutput(IOType type) { + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() + } +} + +/** + * A call to `EVP_PKEY_verify` + */ +class EvpVerify extends SignatureFinalOperation { + EvpVerify() { this.getTarget().getName() = "EVP_PKEY_verify" } + + override DataFlow::Node getInput(IOType type) { + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() + or + result.asIndirectExpr() = this.getArgument(1) and type = SignatureIO() + or + result.asExpr() = this.getArgument(2) and type = SignatureSizeIO() + or + result.asIndirectExpr() = this.getArgument(3) and type = PlaintextIO() + or + result.asExpr() = this.getArgument(4) and type = PlaintextSizeIO() + } + + override DataFlow::Node getOutput(IOType type) { + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() + } +} + +/** + * A call to `RSA_sign` or `RSA_verify`. + * https://docs.openssl.org/3.0/man3/RSA_sign/ + */ +class RsaSignorVerify extends SignatureFinalOperation { + RsaSignorVerify() { this.getTarget().getName() in ["RSA_sign", "RSA_verify"] } + + override DataFlow::Node getInput(IOType type) { + // Arg 0 is an NID (so asExpr not asIndirectExpr) + result.asExpr() = this.getArgument(0) and type = HashAlgorithmIO() + or + result.asIndirectExpr() = this.getArgument(1) and type = PlaintextIO() + or + result.asExpr() = this.getArgument(2) and type = PlaintextSizeIO() + or + this.getTarget().getName() = "RSA_verify" and + result.asIndirectExpr() = this.getArgument(3) and + type = SignatureIO() + or + this.getTarget().getName() = "RSA_verify" and + result.asIndirectExpr() = this.getArgument(4) and + type = SignatureSizeIO() + or + result.asIndirectExpr() = this.getArgument(5) and type = KeyIO() + } + + override DataFlow::Node getOutput(IOType type) { + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() + or + this.getTarget().getName() = "RSA_sign" and + result.asDefiningArgument() = this.getArgument(3) and + type = SignatureIO() + or + this.getTarget().getName() = "RSA_sign" and + type = SignatureSizeIO() and + result.asDefiningArgument() = this.getArgument(4) + } +} + +/** + * A call to `DSA_do_sign` or `DSA_do_verify` + */ +class DsaDoSignOrVerify extends SignatureFinalOperation { + DsaDoSignOrVerify() { this.getTarget().getName() in ["DSA_do_sign", "DSA_do_verify"] } + + override DataFlow::Node getInput(IOType type) { + result.asIndirectExpr() = this.getArgument(0) and type = PlaintextIO() + or + result.asExpr() = this.getArgument(1) and type = PlaintextSizeIO() + or + this.getTarget().getName() = "DSA_do_sign" and + result.asIndirectExpr() = this.getArgument(2) and + type = KeyIO() + or + this.getTarget().getName() = "DSA_do_verify" and + result.asIndirectExpr() = this.getArgument(2) and + type = SignatureIO() + or + this.getTarget().getName() = "DSA_do_verify" and + result.asIndirectExpr() = this.getArgument(3) and + type = KeyIO() + } + + override DataFlow::Node getOutput(IOType type) { + this.getTarget().getName() = "DSA_do_sign" and + result.asIndirectExpr() = this and + type = SignatureIO() + } +} + +/** + * A Call to `EVP_VerifyInit` or `EVP_VerifyInit_ex` + * - int EVP_VerifyInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); + * - int EVP_VerifyInit(EVP_MD_CTX *ctx, const EVP_MD *type); + */ +class EVP_VerifyInitCall extends OperationStep { + EVP_VerifyInitCall() { this.getTarget().getName() in ["EVP_VerifyInit", "EVP_VerifyInit_ex"] } + + override DataFlow::Node getInput(IOType type) { + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() + or + result.asIndirectExpr() = this.getArgument(1) and type = HashAlgorithmIO() + } + + override DataFlow::Node getOutput(IOType type) { + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() + } + + override OperationStepType getStepType() { result = InitializerStep() } +} + +/** + * A call to `EVP_VerifyUpdate` + * - int EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); + */ +class EVP_VerifyUpdateCall extends OperationStep { + EVP_VerifyUpdateCall() { this.getTarget().getName() = "EVP_VerifyUpdate" } + + override DataFlow::Node getInput(IOType type) { + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() + or + result.asIndirectExpr() = this.getArgument(1) and type = PlaintextIO() + or + result.asIndirectExpr() = this.getArgument(2) and type = PlaintextSizeIO() + } + + override DataFlow::Node getOutput(IOType type) { + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() + } + + override OperationStepType getStepType() { result = UpdateStep() } +} + +/** + * A call to `EVP_VerifyFinal` or `EVP_VerifyFinal_ex` + * - int EVP_VerifyFinal_ex(EVP_MD_CTX *ctx, const unsigned char *sigbuf, + * unsigned int siglen, EVP_PKEY *pkey, + * OSSL_LIB_CTX *libctx, const char *propq); + *- int EVP_VerifyFinal(EVP_MD_CTX *ctx, unsigned char *sigbuf, unsigned int siglen, + * EVP_PKEY *pkey); * + */ +class EVP_VerifyFinalCall extends SignatureFinalOperation { + EVP_VerifyFinalCall() { this.getTarget().getName() in ["EVP_VerifyFinal", "EVP_VerifyFinal_ex"] } + + override DataFlow::Node getInput(IOType type) { + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() + or + result.asIndirectExpr() = this.getArgument(1) and type = SignatureIO() + or + result.asExpr() = this.getArgument(2) and type = SignatureSizeIO() + or + result.asIndirectExpr() = this.getArgument(3) and type = KeyIO() + or + result.asIndirectExpr() = this.getArgument(4) and type = OsslLibContextIO() + // TODO: arg 5 propq? + } + + override DataFlow::Node getOutput(IOType type) { + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() + } + + override OperationStepType getStepType() { result = FinalStep() } +} + +/** + * An instance of a signature operation. + * This is an OpenSSL specific class that extends the base SignatureOperationInstance. + */ +class OpenSslSignatureOperationInstance extends Crypto::SignatureOperationInstance instanceof SignatureFinalOperation { override Crypto::AlgorithmValueConsumer getAnAlgorithmValueConsumer() { super.getPrimaryAlgorithmValueConsumer() = result @@ -217,7 +649,7 @@ class EvpSignatureOperationInstance extends Crypto::SignatureOperationInstance i * Signing, verification or unknown. */ override Crypto::KeyOperationSubtype getKeyOperationSubtype() { - // TODO: if this KeyOperationSubtype does not match initialization call's KeyOperationSubtype then we found a bug + // NOTE: if this KeyOperationSubtype does not match initialization call's KeyOperationSubtype then we found a bug if super.getTarget().getName().toLowerCase().matches("%sign%") then result instanceof Crypto::TSignMode else @@ -227,14 +659,70 @@ class EvpSignatureOperationInstance extends Crypto::SignatureOperationInstance i } override Crypto::ConsumerInputDataFlowNode getNonceConsumer() { - // TODO: some signing operations may have explicit nonce generators - none() + // some signing operations may have explicit nonce generators + super.getDominatingInitializersToStep(IVorNonceIO()).getInput(IVorNonceIO()) = result + } + + override Crypto::ConsumerInputDataFlowNode getKeyConsumer() { + super.getDominatingInitializersToStep(KeyIO()).getInput(KeyIO()) = result + } + + override Crypto::ConsumerInputDataFlowNode getSignatureConsumer() { + super.getDominatingInitializersToStep(SignatureIO()).getInput(SignatureIO()) = result + } + + override Crypto::ArtifactOutputDataFlowNode getOutputArtifact() { + super.getOutputStepFlowingToStep(SignatureIO()).getOutput(SignatureIO()) = result + } + + override Crypto::ConsumerInputDataFlowNode getInputConsumer() { + super.getDominatingInitializersToStep(PlaintextIO()).getInput(PlaintextIO()) = result + } + + override Crypto::AlgorithmValueConsumer getHashAlgorithmValueConsumer() { + super + .getDominatingInitializersToStep(HashAlgorithmIO()) + .getAlgorithmValueConsumerForInput(HashAlgorithmIO()) = result + or + // Handle cases where the hash is set through the primary algorithm + // RSA-SHA256 for example + // NOTE: assuming the hash would not be overridden, or if it is it is undefined + // i.e., if the above dominating initializer exists and the primary algorithm + // specifies a hash, consider both valid hash AVCs. + // TODO: can this behavior be build into the get dominating initializers? + super.getPrimaryAlgorithmValueConsumer() = result and + exists(OpenSslAlgorithmInstance i | + i.getAvc() = result and i instanceof Crypto::HashAlgorithmInstance + ) + } + + override predicate hasHashAlgorithmConsumer() { + exists(super.getDominatingInitializersToStep(HashAlgorithmIO())) + } +} + +/** + * A class for signature or MAC operation instances. + * This is an OpenSSL specific class that extends the base SignatureOrMacOperationInstance. + */ +class OpenSslSignatureOrMacOperationInstance extends Crypto::SignatureOrMacOperationInstance instanceof SignatureOrMacFinalOperation +{ + override Crypto::AlgorithmValueConsumer getAnAlgorithmValueConsumer() { + super.getPrimaryAlgorithmValueConsumer() = result } /** - * Keys provided in the initialization call or in a context are found by this method. - * Keys in explicit arguments are found by overridden methods in extending classes. + * Signing, verification or unknown. */ + override Crypto::KeyOperationSubtype getKeyOperationSubtype() { + result instanceof Crypto::TSignMode or result instanceof Crypto::TMacMode + } + + override Crypto::ConsumerInputDataFlowNode getNonceConsumer() { + // some signing operations may have explicit nonce generators + super.getDominatingInitializersToStep(IVorNonceIO()).getInput(IVorNonceIO()) = result + } + override Crypto::ConsumerInputDataFlowNode getKeyConsumer() { super.getDominatingInitializersToStep(KeyIO()).getInput(KeyIO()) = result } @@ -247,14 +735,24 @@ class EvpSignatureOperationInstance extends Crypto::SignatureOperationInstance i super.getDominatingInitializersToStep(PlaintextIO()).getInput(PlaintextIO()) = result } - /** - * TODO: only signing operations for now, change when verificaiton is added - */ - override Crypto::ConsumerInputDataFlowNode getSignatureConsumer() { none() } - override Crypto::AlgorithmValueConsumer getHashAlgorithmValueConsumer() { super .getDominatingInitializersToStep(HashAlgorithmIO()) .getAlgorithmValueConsumerForInput(HashAlgorithmIO()) = result + or + // Handle cases where the hash is set through the primary algorithm + // RSA-SHA256 for example + // NOTE: assuming the hash would not be overridden, or if it is it is undefined + // i.e., if the above dominating initializer exists and the primary algorithm + // specifies a hash, consider both valid hash AVCs. + // TODO: can this behavior be build into the get dominating initializers? + super.getPrimaryAlgorithmValueConsumer() = result and + exists(OpenSslAlgorithmInstance i | + i.getAvc() = result and i instanceof Crypto::HashAlgorithmInstance + ) + } + + override predicate hasHashAlgorithmConsumer() { + exists(super.getDominatingInitializersToStep(HashAlgorithmIO())) } } diff --git a/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/RangeAnalysis.qll b/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/RangeAnalysis.qll index e026c4dbe4b..093d03ee002 100644 --- a/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/RangeAnalysis.qll +++ b/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/RangeAnalysis.qll @@ -412,7 +412,7 @@ private predicate boundFlowStepPhi( or exists(IRGuardCondition guard, boolean testIsTrue | guard = boundFlowCond(valueNumberOfOperand(op2), op1, delta, upper, testIsTrue) and - guard.controlsEdge(op2.getPredecessorBlock(), op2.getUse().getBlock(), testIsTrue) and + guard.controlsBranchEdge(op2.getPredecessorBlock(), op2.getUse().getBlock(), testIsTrue) and reason = TCondReason(guard) ) } diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index 23bf4d8fc9e..435d013c47b 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 5.6.1 +version: 5.6.2-dev groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/lib/semmle/code/cpp/Element.qll b/cpp/ql/lib/semmle/code/cpp/Element.qll index 1cf75aa8a84..b30503d2c94 100644 --- a/cpp/ql/lib/semmle/code/cpp/Element.qll +++ b/cpp/ql/lib/semmle/code/cpp/Element.qll @@ -87,6 +87,7 @@ class ElementBase extends @element { */ class Element extends ElementBase { /** Gets the primary file where this element occurs. */ + pragma[nomagic] File getFile() { result = this.getLocation().getFile() } /** diff --git a/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll b/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll index f782a2c117d..e9ff5dbf5e4 100644 --- a/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll +++ b/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll @@ -3,12 +3,436 @@ * flow elements controlled by those guards. */ -import cpp +import cpp as Cpp import semmle.code.cpp.ir.IR +private import codeql.util.Void +private import codeql.controlflow.Guards as SharedGuards private import semmle.code.cpp.ir.ValueNumbering private import semmle.code.cpp.ir.implementation.raw.internal.TranslatedExpr private import semmle.code.cpp.ir.implementation.raw.internal.InstructionTag +private class BasicBlock = IRCfg::BasicBlock; + +/** + * INTERNAL: Do not use. + */ +module GuardsInput implements SharedGuards::InputSig { + private import cpp as Cpp + + class NormalExitNode = ExitFunctionInstruction; + + class AstNode = Instruction; + + /** The `Guards` library uses `Instruction`s as expressions. */ + class Expr extends Instruction { + Instruction getControlFlowNode() { result = this } + + IRCfg::BasicBlock getBasicBlock() { result = this.getBlock() } + } + + /** + * The constant values that can be inferred. + */ + class ConstantValue = Void; + + private class EqualityExpr extends CompareInstruction { + EqualityExpr() { + this instanceof CompareEQInstruction + or + this instanceof CompareNEInstruction + } + + boolean getPolarity() { + result = true and + this instanceof CompareEQInstruction + or + result = false and + this instanceof CompareNEInstruction + } + } + + /** A constant expression. */ + abstract class ConstantExpr extends Expr { + /** Holds if this expression is the null constant. */ + predicate isNull() { none() } + + /** Holds if this expression is a boolean constant. */ + boolean asBooleanValue() { none() } + + /** Holds if this expression is an integer constant. */ + int asIntegerValue() { none() } + + /** + * Holds if this expression is a C/C++ specific constant value. + * This currently never holds in C/C++. + */ + ConstantValue asConstantValue() { none() } + } + + private class NullConstant extends ConstantExpr instanceof ConstantInstruction { + NullConstant() { + this.getValue() = "0" and + this.getResultIRType() instanceof IRAddressType + } + + override predicate isNull() { any() } + } + + private class BooleanConstant extends ConstantExpr instanceof ConstantInstruction { + BooleanConstant() { this.getResultIRType() instanceof IRBooleanType } + + override boolean asBooleanValue() { + super.getValue() = "0" and + result = false + or + super.getValue() = "1" and + result = true + } + } + + private class IntegerConstant extends ConstantExpr { + int value; + + IntegerConstant() { + this.(ConstantInstruction).getValue().toInt() = value and + this.getResultIRType() instanceof IRIntegerType + or + // In order to have an integer constant for a switch case + // we misuse the first instruction (which is always a NoOp instruction) + // as a constant with the switch case's value. + // Even worse, since we need a case range to generate an `TIntRange` + // guard value we must ensure that there exists `ConstantExpr`s whose + // integer value is the end-points. So we let this constant expression + // have both end-point values. Luckily, these `NoOp` instructions do not + // interact with SSA in any way. So this should not break anything. + exists(CaseEdge edge | this = any(SwitchInstruction switch).getSuccessor(edge) | + value = edge.getMaxValue().toInt() + or + value = edge.getMinValue().toInt() + ) + } + + override int asIntegerValue() { result = value } + } + + private predicate nonNullExpr(Instruction i) { + i instanceof VariableAddressInstruction + or + i.(PointerConstantInstruction).getValue() != "0" + or + i instanceof TypeidInstruction + or + nonNullExpr(i.(FieldAddressInstruction).getObjectAddress()) + or + nonNullExpr(i.(PointerAddInstruction).getLeft()) + or + nonNullExpr(i.(CopyInstruction).getSourceValue()) + or + nonNullExpr(i.(ConvertInstruction).getUnary()) + or + nonNullExpr(i.(CheckedConvertOrThrowInstruction).getUnary()) + or + nonNullExpr(i.(CompleteObjectAddressInstruction).getUnary()) + or + nonNullExpr(i.(InheritanceConversionInstruction).getUnary()) + or + nonNullExpr(i.(BitOrInstruction).getAnInput()) + } + + /** + * An expression that is guaranteed to not be `null`. + */ + class NonNullExpr extends Expr { + NonNullExpr() { nonNullExpr(this) } + } + + /** A `case` in a `switch` instruction. */ + class Case extends Expr { + SwitchInstruction switch; + SwitchEdge edge; + + Case() { switch.getSuccessor(edge) = this } + + /** + * Gets the edge for which control flows from the `Switch` instruction to + * the target case. + */ + SwitchEdge getEdge() { result = edge } + + /** + * Holds if this case takes control-flow from `bb1` to `bb2` when + * the case matches the scrutinee. + */ + predicate matchEdge(BasicBlock bb1, BasicBlock bb2) { + switch.getBlock() = bb1 and + this.getBasicBlock() = bb2 + } + + /** + * Holds if case takes control-flow from `bb1` to `bb2` when the + * case does not match the scrutinee. + * + * This predicate never holds for C/C++. + */ + predicate nonMatchEdge(BasicBlock bb1, BasicBlock bb2) { none() } + + /** + * Gets the scrutinee expression. + */ + Expr getSwitchExpr() { result = switch.getExpression() } + + /** + * Holds if this case is the default case. + */ + predicate isDefaultCase() { edge.isDefault() } + + /** + * Gets the constant expression of this case. + */ + ConstantExpr asConstantCase() { + // Note: This only has a value if there is a unique value for the case. + // So the will not be a result when using the GCC case range extension. + // Instead, we model these using the `LogicInput_v1::rangeGuard` predicate. + result = this and exists(this.getEdge().getValue()) + } + } + + abstract private class BinExpr extends Expr instanceof BinaryInstruction { + Expr getAnOperand() { result = super.getAnInput() } + } + + /** + * A bitwise "AND" expression. + * + * This does not include logical AND expressions since these are desugared as + * part of IR generation. + */ + class AndExpr extends BinExpr instanceof BitAndInstruction { } + + /** + * A bitwise "OR" expression. + * + * This does not include logical OR expressions since these are desugared as + * part of IR generation. + */ + class OrExpr extends BinExpr instanceof BitOrInstruction { } + + /** A (bitwise or logical) "NOT" expression. */ + class NotExpr extends Expr instanceof UnaryInstruction { + NotExpr() { + this instanceof LogicalNotInstruction + or + this instanceof BitComplementInstruction + } + + /** Gets the operand of this expression. */ + Expr getOperand() { result = super.getUnary() } + } + + private predicate isBoolToIntConversion(ConvertInstruction convert, Instruction unary) { + convert.getUnary() = unary and + unary.getResultIRType() instanceof IRBooleanType and + convert.getResultIRType() instanceof IRIntegerType + } + + /** + * A value preserving expression. + */ + class IdExpr extends Expr { + IdExpr() { + this instanceof CopyInstruction + or + not isBoolToIntConversion(this, _) and + this instanceof ConvertInstruction + or + this instanceof InheritanceConversionInstruction + } + + /** Get the child expression that defines the value of this expression. */ + Expr getEqualChildExpr() { + result = this.(CopyInstruction).getSourceValue() + or + result = this.(ConvertInstruction).getUnary() + or + result = this.(InheritanceConversionInstruction).getUnary() + } + } + + /** + * Holds if `eqtest` tests the equality (or inequality) of `left` and + * `right.` + * + * If `polarity` is `true` then `eqtest` is an equality test, and otherwise + * `eqtest` is an inequality test. + */ + pragma[nomagic] + predicate equalityTest(Expr eqtest, Expr left, Expr right, boolean polarity) { + exists(EqualityExpr eq | eqtest = eq | + eq.getLeft() = left and + eq.getRight() = right and + polarity = eq.getPolarity() + ) + } + + /** + * A conditional expression (i.e., `b ? e1 : e2`). This expression is desugared + * as part of IR generation. + */ + class ConditionalExpr extends Expr { + ConditionalExpr() { none() } + + /** Gets the condition of this conditional expression. */ + Expr getCondition() { none() } + + /** Gets the true branch of this conditional expression. */ + Expr getThen() { none() } + + /** Gets the false branch of this conditional expression. */ + Expr getElse() { none() } + } + + private import semmle.code.cpp.dataflow.new.DataFlow::DataFlow as DataFlow + private import semmle.code.cpp.ir.dataflow.internal.DataFlowPrivate as Private + + class Parameter = Cpp::Parameter; + + /** + * A (direct) parameter position. The value `-1` represents the position of + * the implicit `this` parameter. + */ + private int parameterPosition() { result in [-1, any(Cpp::Parameter p).getIndex()] } + + /** A parameter position represented by an integer. */ + class ParameterPosition extends int { + ParameterPosition() { this = parameterPosition() } + } + + /** An argument position represented by an integer. */ + class ArgumentPosition extends int { + ArgumentPosition() { this = parameterPosition() } + } + + /** Holds if arguments at position `apos` match parameters at position `ppos`. */ + overlay[caller?] + pragma[inline] + predicate parameterMatch(ParameterPosition ppos, ArgumentPosition apos) { ppos = apos } + + final private class FinalMethod = Cpp::Function; + + /** + * A non-overridable function. + * + * This function is non-overridable either because it is not a member function, or + * because it is a final member function. + */ + class NonOverridableMethod extends FinalMethod { + NonOverridableMethod() { + not this instanceof Cpp::MemberFunction + or + exists(Cpp::MemberFunction mf | this = mf | + not mf.isVirtual() + or + mf.isFinal() + ) + } + + /** Gets the `Parameter` at `pos` of this function, if any. */ + Parameter getParameter(ParameterPosition ppos) { super.getParameter(ppos) = result } + + /** Gets an expression returned from this function. */ + GuardsInput::Expr getAReturnExpr() { + exists(StoreInstruction store | + // A write to the `IRVariable` which represents the return value. + store.getDestinationAddress().(VariableAddressInstruction).getIRVariable() instanceof + IRReturnVariable and + store.getEnclosingFunction() = this and + result = store + ) + } + } + + private predicate nonOverridableMethodCall(CallInstruction call, NonOverridableMethod m) { + call.getStaticCallTarget() = m + } + + /** + * A call to a `NonOverridableMethod`. + */ + class NonOverridableMethodCall extends GuardsInput::Expr instanceof CallInstruction { + NonOverridableMethodCall() { nonOverridableMethodCall(this, _) } + + /** Gets the function that is called. */ + NonOverridableMethod getMethod() { nonOverridableMethodCall(this, result) } + + /** Gets the argument at `apos`, if any. */ + GuardsInput::Expr getArgument(ArgumentPosition apos) { result = super.getArgument(apos) } + } +} + +private module GuardsImpl = SharedGuards::Make; + +private module LogicInput_v1 implements GuardsImpl::LogicInputSig { + private import semmle.code.cpp.dataflow.new.DataFlow::DataFlow::Ssa + + final private class FinalBaseSsaVariable = Definition; + + class SsaDefinition extends FinalBaseSsaVariable { + GuardsInput::Expr getARead() { result = this.getAUse().getDef() } + } + + class SsaWriteDefinition extends SsaDefinition instanceof ExplicitDefinition { + GuardsInput::Expr getDefinition() { result = super.getAssignedInstruction() } + } + + class SsaPhiNode extends SsaDefinition instanceof PhiNode { + predicate hasInputFromBlock(SsaDefinition inp, BasicBlock bb) { + super.hasInputFromBlock(inp, bb) + } + } + + predicate parameterDefinition(GuardsInput::Parameter p, SsaDefinition def) { + def.isParameterDefinition(p) + } + + predicate additionalImpliesStep( + GuardsImpl::PreGuard g1, GuardValue v1, GuardsImpl::PreGuard g2, GuardValue v2 + ) { + // The `ConditionalBranch` instruction is the instruction for which there are + // conditional successors out of. However, the condition that controls + // which conditional successor is taken is given by the condition of the + // `ConditionalBranch` instruction. So this step either needs to be here, + // or we need `ConditionalBranch` instructions to be `IdExpr`s. Modeling + // them as `IdExpr`s would be a bit weird since the result type is + // `IRVoidType`. Including them here is fine as long as `ConditionalBranch` + // instructions cannot be assigned to SSA variables (which they cannot + // since they produce no value). + g1.(ConditionalBranchInstruction).getCondition() = g2 and + v1.asBooleanValue() = v2.asBooleanValue() + } + + predicate rangeGuard( + GuardsImpl::PreGuard guard, GuardValue val, GuardsInput::Expr e, int k, boolean upper + ) { + exists(SwitchInstruction switch, string minValue, string maxValue | + switch.getSuccessor(EdgeKind::caseEdge(minValue, maxValue)) = guard and + e = switch.getExpression() and + minValue != maxValue and + val.asBooleanValue() = true + | + upper = false and + k = minValue.toInt() + or + upper = true and + k = maxValue.toInt() + ) + } +} + +class GuardValue = GuardsImpl::GuardValue; + +/** INTERNAL: Don't use. */ +module Guards_v1 = GuardsImpl::Logic; + /** * Holds if `block` consists of an `UnreachedInstruction`. * @@ -21,70 +445,49 @@ private predicate isUnreachedBlock(IRBlock block) { block.getFirstInstruction() instanceof UnreachedInstruction } -private newtype TAbstractValue = - TBooleanValue(boolean b) { b = true or b = false } or - TMatchValue(CaseEdge c) - /** + * DEPRECATED: Use `GuardValue` instead. + * * An abstract value. This is either a boolean value, or a `switch` case. */ -abstract class AbstractValue extends TAbstractValue { - /** Gets an abstract value that represents the dual of this value, if any. */ - abstract AbstractValue getDualValue(); +deprecated class AbstractValue extends GuardValue { } - /** Gets a textual representation of this abstract value. */ - abstract string toString(); -} +/** + * DEPRECATED: Use `GuardValue` instead. + * + * A Boolean value. + */ +deprecated class BooleanValue extends AbstractValue { + BooleanValue() { exists(this.asBooleanValue()) } -/** A Boolean value. */ -class BooleanValue extends AbstractValue, TBooleanValue { /** Gets the underlying Boolean value. */ - boolean getValue() { this = TBooleanValue(result) } - - override BooleanValue getDualValue() { result.getValue() = this.getValue().booleanNot() } - - override string toString() { result = this.getValue().toString() } + boolean getValue() { result = this.asBooleanValue() } } -/** A value that represents a match against a specific `switch` case. */ -class MatchValue extends AbstractValue, TMatchValue { +/** + * DEPRECATED: Use `GuardValue` instead. + * + * A value that represents a match against a specific `switch` case. + */ +deprecated class MatchValue extends AbstractValue { + MatchValue() { exists(this.asIntValue()) } + /** Gets the case. */ - CaseEdge getCase() { this = TMatchValue(result) } - - override MatchValue getDualValue() { - // A `MatchValue` has no dual. - none() - } - - override string toString() { result = this.getCase().toString() } + CaseEdge getCase() { result.getValue().toInt() = this.asIntValue() } } /** * A Boolean condition in the AST that guards one or more basic blocks. This includes * operands of logical operators but not switch statements. */ -abstract private class GuardConditionImpl extends Expr { +private class GuardConditionImpl extends Cpp::Element { /** * Holds if this condition controls `controlled`, meaning that `controlled` is only * entered if the value of this condition is `v`. * * For details on what "controls" mean, see the QLDoc for `controls`. */ - abstract predicate valueControls(BasicBlock controlled, AbstractValue v); - - /** - * Holds if the control-flow edge `(pred, succ)` may be taken only if - * the value of this condition is `v`. - */ - abstract predicate valueControlsEdge(BasicBlock pred, BasicBlock succ, AbstractValue v); - - /** - * Holds if the control-flow edge `(pred, succ)` may be taken only if - * this the value of this condition is `testIsTrue`. - */ - final predicate controlsEdge(BasicBlock pred, BasicBlock succ, boolean testIsTrue) { - this.valueControlsEdge(pred, succ, any(BooleanValue bv | bv.getValue() = testIsTrue)) - } + abstract predicate valueControls(Cpp::BasicBlock controlled, GuardValue v); /** * Holds if this condition controls `controlled`, meaning that `controlled` is only @@ -112,8 +515,22 @@ abstract private class GuardConditionImpl extends Expr { * being short-circuited) then it will only control blocks dominated by the * true (for `&&`) or false (for `||`) branch. */ - final predicate controls(BasicBlock controlled, boolean testIsTrue) { - this.valueControls(controlled, any(BooleanValue bv | bv.getValue() = testIsTrue)) + final predicate controls(Cpp::BasicBlock controlled, boolean testIsTrue) { + this.valueControls(controlled, any(GuardValue bv | bv.asBooleanValue() = testIsTrue)) + } + + /** + * Holds if the control-flow edge `(pred, succ)` may be taken only if + * the value of this condition is `v`. + */ + abstract predicate valueControlsEdge(Cpp::BasicBlock pred, Cpp::BasicBlock succ, GuardValue v); + + /** + * Holds if the control-flow edge `(pred, succ)` may be taken only if + * this the value of this condition is `testIsTrue`. + */ + final predicate controlsEdge(Cpp::BasicBlock pred, Cpp::BasicBlock succ, boolean testIsTrue) { + this.valueControlsEdge(pred, succ, any(GuardValue bv | bv.asBooleanValue() = testIsTrue)) } /** @@ -122,7 +539,9 @@ abstract private class GuardConditionImpl extends Expr { * ("unary") and a 5-argument ("binary") version of this predicate (see `comparesEq`). */ pragma[inline] - abstract predicate comparesLt(Expr left, Expr right, int k, boolean isLessThan, boolean testIsTrue); + abstract predicate comparesLt( + Cpp::Expr left, Cpp::Expr right, int k, boolean isLessThan, boolean testIsTrue + ); /** * Holds if (determined by this guard) `left < right + k` must be `isLessThan` in `block`. @@ -130,7 +549,9 @@ abstract private class GuardConditionImpl extends Expr { * ("unary") and a 5-argument ("binary") version of this predicate (see `comparesEq`). */ pragma[inline] - abstract predicate ensuresLt(Expr left, Expr right, int k, BasicBlock block, boolean isLessThan); + abstract predicate ensuresLt( + Cpp::Expr left, Cpp::Expr right, int k, Cpp::BasicBlock block, boolean isLessThan + ); /** * Holds if (determined by this guard) `e < k` evaluates to `isLessThan` if @@ -138,7 +559,7 @@ abstract private class GuardConditionImpl extends Expr { * ("unary") and a 5-argument ("binary") version of this predicate (see `comparesEq`). */ pragma[inline] - abstract predicate comparesLt(Expr e, int k, boolean isLessThan, AbstractValue value); + abstract predicate comparesLt(Cpp::Expr e, int k, boolean isLessThan, GuardValue value); /** * Holds if (determined by this guard) `e < k` must be `isLessThan` in `block`. @@ -146,7 +567,7 @@ abstract private class GuardConditionImpl extends Expr { * ("unary") and a 5-argument ("binary") version of this predicate (see `comparesEq`). */ pragma[inline] - abstract predicate ensuresLt(Expr e, int k, BasicBlock block, boolean isLessThan); + abstract predicate ensuresLt(Cpp::Expr e, int k, Cpp::BasicBlock block, boolean isLessThan); /** * Holds if (determined by this guard) `left == right + k` evaluates to `areEqual` if this @@ -159,7 +580,9 @@ abstract private class GuardConditionImpl extends Expr { * necessarily integer). */ pragma[inline] - abstract predicate comparesEq(Expr left, Expr right, int k, boolean areEqual, boolean testIsTrue); + abstract predicate comparesEq( + Cpp::Expr left, Cpp::Expr right, int k, boolean areEqual, boolean testIsTrue + ); /** * Holds if (determined by this guard) `left == right + k` must be `areEqual` in `block`. @@ -167,7 +590,9 @@ abstract private class GuardConditionImpl extends Expr { * ("unary") and a 5-argument ("binary") version of this predicate (see `comparesEq`). */ pragma[inline] - abstract predicate ensuresEq(Expr left, Expr right, int k, BasicBlock block, boolean areEqual); + abstract predicate ensuresEq( + Cpp::Expr left, Cpp::Expr right, int k, Cpp::BasicBlock block, boolean areEqual + ); /** * Holds if (determined by this guard) `e == k` evaluates to `areEqual` if this expression @@ -180,7 +605,7 @@ abstract private class GuardConditionImpl extends Expr { * necessarily integer). */ pragma[inline] - abstract predicate comparesEq(Expr e, int k, boolean areEqual, AbstractValue value); + abstract predicate comparesEq(Cpp::Expr e, int k, boolean areEqual, GuardValue value); /** * Holds if (determined by this guard) `e == k` must be `areEqual` in `block`. @@ -188,7 +613,7 @@ abstract private class GuardConditionImpl extends Expr { * ("unary") and a 5-argument ("binary") version of this predicate (see `comparesEq`). */ pragma[inline] - abstract predicate ensuresEq(Expr e, int k, BasicBlock block, boolean areEqual); + abstract predicate ensuresEq(Cpp::Expr e, int k, Cpp::BasicBlock block, boolean areEqual); /** * Holds if (determined by this guard) `left == right + k` must be `areEqual` on the edge from @@ -196,7 +621,8 @@ abstract private class GuardConditionImpl extends Expr { */ pragma[inline] final predicate ensuresEqEdge( - Expr left, Expr right, int k, BasicBlock pred, BasicBlock succ, boolean areEqual + Cpp::Expr left, Cpp::Expr right, int k, Cpp::BasicBlock pred, Cpp::BasicBlock succ, + boolean areEqual ) { exists(boolean testIsTrue | this.comparesEq(left, right, k, areEqual, testIsTrue) and @@ -209,8 +635,10 @@ abstract private class GuardConditionImpl extends Expr { * `pred` to `succ`. If `areEqual = false` then this implies `e != k`. */ pragma[inline] - final predicate ensuresEqEdge(Expr e, int k, BasicBlock pred, BasicBlock succ, boolean areEqual) { - exists(AbstractValue v | + final predicate ensuresEqEdge( + Cpp::Expr e, int k, Cpp::BasicBlock pred, Cpp::BasicBlock succ, boolean areEqual + ) { + exists(GuardValue v | this.comparesEq(e, k, areEqual, v) and this.valueControlsEdge(pred, succ, v) ) @@ -222,7 +650,8 @@ abstract private class GuardConditionImpl extends Expr { */ pragma[inline] final predicate ensuresLtEdge( - Expr left, Expr right, int k, BasicBlock pred, BasicBlock succ, boolean isLessThan + Cpp::Expr left, Cpp::Expr right, int k, Cpp::BasicBlock pred, Cpp::BasicBlock succ, + boolean isLessThan ) { exists(boolean testIsTrue | this.comparesLt(left, right, k, isLessThan, testIsTrue) and @@ -235,8 +664,10 @@ abstract private class GuardConditionImpl extends Expr { * `pred` to `succ`. If `isLessThan = false` then this implies `e >= k`. */ pragma[inline] - final predicate ensuresLtEdge(Expr e, int k, BasicBlock pred, BasicBlock succ, boolean isLessThan) { - exists(AbstractValue v | + final predicate ensuresLtEdge( + Cpp::Expr e, int k, Cpp::BasicBlock pred, Cpp::BasicBlock succ, boolean isLessThan + ) { + exists(GuardValue v | this.comparesLt(e, k, isLessThan, v) and this.valueControlsEdge(pred, succ, v) ) @@ -248,23 +679,10 @@ final class GuardCondition = GuardConditionImpl; /** * A binary logical operator in the AST that guards one or more basic blocks. */ -private class GuardConditionFromBinaryLogicalOperator extends GuardConditionImpl { - GuardConditionFromBinaryLogicalOperator() { - this.(BinaryLogicalOperation).getAnOperand() instanceof GuardCondition - } - - override predicate valueControlsEdge(BasicBlock pred, BasicBlock succ, AbstractValue v) { - exists(BinaryLogicalOperation binop, GuardCondition lhs, GuardCondition rhs | - this = binop and - lhs = binop.getLeftOperand() and - rhs = binop.getRightOperand() and - lhs.valueControlsEdge(pred, succ, v) and - rhs.valueControlsEdge(pred, succ, v) - ) - } - - override predicate valueControls(BasicBlock controlled, AbstractValue v) { - exists(BinaryLogicalOperation binop, GuardCondition lhs, GuardCondition rhs | +private class GuardConditionFromBinaryLogicalOperator extends GuardConditionImpl instanceof Cpp::BinaryLogicalOperation +{ + override predicate valueControls(Cpp::BasicBlock controlled, GuardValue v) { + exists(Cpp::BinaryLogicalOperation binop, GuardCondition lhs, GuardCondition rhs | this = binop and lhs = binop.getLeftOperand() and rhs = binop.getRightOperand() and @@ -273,64 +691,82 @@ private class GuardConditionFromBinaryLogicalOperator extends GuardConditionImpl ) } - override predicate comparesLt(Expr left, Expr right, int k, boolean isLessThan, boolean testIsTrue) { + override predicate valueControlsEdge(Cpp::BasicBlock pred, Cpp::BasicBlock succ, GuardValue v) { + exists(Cpp::BinaryLogicalOperation binop, GuardCondition lhs, GuardCondition rhs | + this = binop and + lhs = binop.getLeftOperand() and + rhs = binop.getRightOperand() and + lhs.valueControlsEdge(pred, succ, v) and + rhs.valueControlsEdge(pred, succ, v) + ) + } + + override predicate comparesLt( + Cpp::Expr left, Cpp::Expr right, int k, boolean isLessThan, boolean testIsTrue + ) { exists(boolean partIsTrue, GuardCondition part | - this.(BinaryLogicalOperation).impliesValue(part, partIsTrue, testIsTrue) + this.(Cpp::BinaryLogicalOperation).impliesValue(part, partIsTrue, testIsTrue) | part.comparesLt(left, right, k, isLessThan, partIsTrue) ) } - override predicate comparesLt(Expr e, int k, boolean isLessThan, AbstractValue value) { - exists(BooleanValue partValue, GuardCondition part | - this.(BinaryLogicalOperation) - .impliesValue(part, partValue.getValue(), value.(BooleanValue).getValue()) + override predicate comparesLt(Cpp::Expr e, int k, boolean isLessThan, GuardValue value) { + exists(GuardValue partValue, GuardCondition part | + this.(Cpp::BinaryLogicalOperation) + .impliesValue(part, partValue.asBooleanValue(), value.asBooleanValue()) | part.comparesLt(e, k, isLessThan, partValue) ) } pragma[inline] - override predicate ensuresLt(Expr left, Expr right, int k, BasicBlock block, boolean isLessThan) { + override predicate ensuresLt( + Cpp::Expr left, Cpp::Expr right, int k, Cpp::BasicBlock block, boolean isLessThan + ) { exists(boolean testIsTrue | this.comparesLt(left, right, k, isLessThan, testIsTrue) and this.controls(block, testIsTrue) ) } pragma[inline] - override predicate ensuresLt(Expr e, int k, BasicBlock block, boolean isLessThan) { - exists(AbstractValue value | + override predicate ensuresLt(Cpp::Expr e, int k, Cpp::BasicBlock block, boolean isLessThan) { + exists(GuardValue value | this.comparesLt(e, k, isLessThan, value) and this.valueControls(block, value) ) } - override predicate comparesEq(Expr left, Expr right, int k, boolean areEqual, boolean testIsTrue) { + override predicate comparesEq( + Cpp::Expr left, Cpp::Expr right, int k, boolean areEqual, boolean testIsTrue + ) { exists(boolean partIsTrue, GuardCondition part | - this.(BinaryLogicalOperation).impliesValue(part, partIsTrue, testIsTrue) + this.(Cpp::BinaryLogicalOperation).impliesValue(part, partIsTrue, testIsTrue) | part.comparesEq(left, right, k, areEqual, partIsTrue) ) } pragma[inline] - override predicate ensuresEq(Expr left, Expr right, int k, BasicBlock block, boolean areEqual) { + override predicate ensuresEq( + Cpp::Expr left, Cpp::Expr right, int k, Cpp::BasicBlock block, boolean areEqual + ) { exists(boolean testIsTrue | this.comparesEq(left, right, k, areEqual, testIsTrue) and this.controls(block, testIsTrue) ) } - override predicate comparesEq(Expr e, int k, boolean areEqual, AbstractValue value) { - exists(BooleanValue partValue, GuardCondition part | - this.(BinaryLogicalOperation) - .impliesValue(part, partValue.getValue(), value.(BooleanValue).getValue()) + override predicate comparesEq(Cpp::Expr e, int k, boolean areEqual, GuardValue value) { + exists(GuardValue partValue, GuardCondition part | + this.(Cpp::BinaryLogicalOperation) + .impliesValue(part, partValue.asBooleanValue(), value.asBooleanValue()) | part.comparesEq(e, k, areEqual, partValue) ) } pragma[inline] - override predicate ensuresEq(Expr e, int k, BasicBlock block, boolean areEqual) { - exists(AbstractValue value | + override predicate ensuresEq(Cpp::Expr e, int k, Cpp::BasicBlock block, boolean areEqual) { + exists(GuardValue value | this.comparesEq(e, k, areEqual, value) and this.valueControls(block, value) ) } @@ -342,7 +778,7 @@ private class GuardConditionFromBinaryLogicalOperator extends GuardConditionImpl * predicate does not necessarily hold for binary logical operations like * `&&` and `||`. See the detailed explanation on predicate `controls`. */ -private predicate controlsBlock(IRGuardCondition ir, BasicBlock controlled, AbstractValue v) { +private predicate controlsBlock(IRGuardCondition ir, Cpp::BasicBlock controlled, GuardValue v) { exists(IRBlock irb | ir.valueControls(irb, v) and nonExcludedIRAndBasicBlock(irb, controlled) and @@ -358,10 +794,10 @@ private predicate controlsBlock(IRGuardCondition ir, BasicBlock controlled, Abst * See the detailed explanation on predicate `controlsEdge`. */ private predicate controlsEdge( - IRGuardCondition ir, BasicBlock pred, BasicBlock succ, AbstractValue v + IRGuardCondition ir, Cpp::BasicBlock pred, Cpp::BasicBlock succ, GuardValue v ) { exists(IRBlock irPred, IRBlock irSucc | - ir.valueControlsEdge(irPred, irSucc, v) and + ir.valueControlsBranchEdge(irPred, irSucc, v) and nonExcludedIRAndBasicBlock(irPred, pred) and nonExcludedIRAndBasicBlock(irSucc, succ) and not isUnreachedBlock(irPred) and @@ -378,24 +814,27 @@ private class GuardConditionFromNotExpr extends GuardConditionImpl { // comparison against 0 so it's not included as a normal // `IRGuardCondition`. So to align with user expectations we make that `x` // a `GuardCondition`. - exists(NotExpr notExpr | - this = notExpr.getOperand() and + exists(Cpp::NotExpr notExpr | this = notExpr.getOperand() | ir.getUnconvertedResultExpression() = notExpr + or + ir.(ConditionalBranchInstruction).getCondition().getUnconvertedResultExpression() = notExpr ) } - override predicate valueControls(BasicBlock controlled, AbstractValue v) { + override predicate valueControls(Cpp::BasicBlock controlled, GuardValue v) { // This condition must determine the flow of control; that is, this // node must be a top-level condition. controlsBlock(ir, controlled, v.getDualValue()) } - override predicate valueControlsEdge(BasicBlock pred, BasicBlock succ, AbstractValue v) { + override predicate valueControlsEdge(Cpp::BasicBlock pred, Cpp::BasicBlock succ, GuardValue v) { controlsEdge(ir, pred, succ, v.getDualValue()) } pragma[inline] - override predicate comparesLt(Expr left, Expr right, int k, boolean isLessThan, boolean testIsTrue) { + override predicate comparesLt( + Cpp::Expr left, Cpp::Expr right, int k, boolean isLessThan, boolean testIsTrue + ) { exists(Instruction li, Instruction ri | li.getUnconvertedResultExpression() = left and ri.getUnconvertedResultExpression() = right and @@ -404,7 +843,7 @@ private class GuardConditionFromNotExpr extends GuardConditionImpl { } pragma[inline] - override predicate comparesLt(Expr e, int k, boolean isLessThan, AbstractValue value) { + override predicate comparesLt(Cpp::Expr e, int k, boolean isLessThan, GuardValue value) { exists(Instruction i | i.getUnconvertedResultExpression() = e and ir.comparesLt(i.getAUse(), k, isLessThan, value.getDualValue()) @@ -412,7 +851,9 @@ private class GuardConditionFromNotExpr extends GuardConditionImpl { } pragma[inline] - override predicate ensuresLt(Expr left, Expr right, int k, BasicBlock block, boolean isLessThan) { + override predicate ensuresLt( + Cpp::Expr left, Cpp::Expr right, int k, Cpp::BasicBlock block, boolean isLessThan + ) { exists(Instruction li, Instruction ri, boolean testIsTrue | li.getUnconvertedResultExpression() = left and ri.getUnconvertedResultExpression() = right and @@ -422,8 +863,8 @@ private class GuardConditionFromNotExpr extends GuardConditionImpl { } pragma[inline] - override predicate ensuresLt(Expr e, int k, BasicBlock block, boolean isLessThan) { - exists(Instruction i, AbstractValue value | + override predicate ensuresLt(Cpp::Expr e, int k, Cpp::BasicBlock block, boolean isLessThan) { + exists(Instruction i, GuardValue value | i.getUnconvertedResultExpression() = e and ir.comparesLt(i.getAUse(), k, isLessThan, value.getDualValue()) and this.valueControls(block, value) @@ -431,7 +872,9 @@ private class GuardConditionFromNotExpr extends GuardConditionImpl { } pragma[inline] - override predicate comparesEq(Expr left, Expr right, int k, boolean areEqual, boolean testIsTrue) { + override predicate comparesEq( + Cpp::Expr left, Cpp::Expr right, int k, boolean areEqual, boolean testIsTrue + ) { exists(Instruction li, Instruction ri | li.getUnconvertedResultExpression() = left and ri.getUnconvertedResultExpression() = right and @@ -440,7 +883,9 @@ private class GuardConditionFromNotExpr extends GuardConditionImpl { } pragma[inline] - override predicate ensuresEq(Expr left, Expr right, int k, BasicBlock block, boolean areEqual) { + override predicate ensuresEq( + Cpp::Expr left, Cpp::Expr right, int k, Cpp::BasicBlock block, boolean areEqual + ) { exists(Instruction li, Instruction ri, boolean testIsTrue | li.getUnconvertedResultExpression() = left and ri.getUnconvertedResultExpression() = right and @@ -450,7 +895,7 @@ private class GuardConditionFromNotExpr extends GuardConditionImpl { } pragma[inline] - override predicate comparesEq(Expr e, int k, boolean areEqual, AbstractValue value) { + override predicate comparesEq(Cpp::Expr e, int k, boolean areEqual, GuardValue value) { exists(Instruction i | i.getUnconvertedResultExpression() = e and ir.comparesEq(i.getAUse(), k, areEqual, value.getDualValue()) @@ -458,8 +903,8 @@ private class GuardConditionFromNotExpr extends GuardConditionImpl { } pragma[inline] - override predicate ensuresEq(Expr e, int k, BasicBlock block, boolean areEqual) { - exists(Instruction i, AbstractValue value | + override predicate ensuresEq(Cpp::Expr e, int k, Cpp::BasicBlock block, boolean areEqual) { + exists(Instruction i, GuardValue value | i.getUnconvertedResultExpression() = e and ir.comparesEq(i.getAUse(), k, areEqual, value.getDualValue()) and this.valueControls(block, value) @@ -474,20 +919,28 @@ private class GuardConditionFromNotExpr extends GuardConditionImpl { private class GuardConditionFromIR extends GuardConditionImpl { IRGuardCondition ir; - GuardConditionFromIR() { this = ir.getUnconvertedResultExpression() } + GuardConditionFromIR() { + ir.(InitializeParameterInstruction).getParameter() = this + or + ir.(ConditionalBranchInstruction).getCondition().getUnconvertedResultExpression() = this + or + ir.getUnconvertedResultExpression() = this + } - override predicate valueControls(BasicBlock controlled, AbstractValue v) { + override predicate valueControls(Cpp::BasicBlock controlled, GuardValue v) { // This condition must determine the flow of control; that is, this // node must be a top-level condition. controlsBlock(ir, controlled, v) } - override predicate valueControlsEdge(BasicBlock pred, BasicBlock succ, AbstractValue v) { + override predicate valueControlsEdge(Cpp::BasicBlock pred, Cpp::BasicBlock succ, GuardValue v) { controlsEdge(ir, pred, succ, v) } pragma[inline] - override predicate comparesLt(Expr left, Expr right, int k, boolean isLessThan, boolean testIsTrue) { + override predicate comparesLt( + Cpp::Expr left, Cpp::Expr right, int k, boolean isLessThan, boolean testIsTrue + ) { exists(Instruction li, Instruction ri | li.getUnconvertedResultExpression() = left and ri.getUnconvertedResultExpression() = right and @@ -496,7 +949,7 @@ private class GuardConditionFromIR extends GuardConditionImpl { } pragma[inline] - override predicate comparesLt(Expr e, int k, boolean isLessThan, AbstractValue value) { + override predicate comparesLt(Cpp::Expr e, int k, boolean isLessThan, GuardValue value) { exists(Instruction i | i.getUnconvertedResultExpression() = e and ir.comparesLt(i.getAUse(), k, isLessThan, value) @@ -504,7 +957,9 @@ private class GuardConditionFromIR extends GuardConditionImpl { } pragma[inline] - override predicate ensuresLt(Expr left, Expr right, int k, BasicBlock block, boolean isLessThan) { + override predicate ensuresLt( + Cpp::Expr left, Cpp::Expr right, int k, Cpp::BasicBlock block, boolean isLessThan + ) { exists(Instruction li, Instruction ri, boolean testIsTrue | li.getUnconvertedResultExpression() = left and ri.getUnconvertedResultExpression() = right and @@ -514,8 +969,8 @@ private class GuardConditionFromIR extends GuardConditionImpl { } pragma[inline] - override predicate ensuresLt(Expr e, int k, BasicBlock block, boolean isLessThan) { - exists(Instruction i, AbstractValue value | + override predicate ensuresLt(Cpp::Expr e, int k, Cpp::BasicBlock block, boolean isLessThan) { + exists(Instruction i, GuardValue value | i.getUnconvertedResultExpression() = e and ir.comparesLt(i.getAUse(), k, isLessThan, value) and this.valueControls(block, value) @@ -523,7 +978,9 @@ private class GuardConditionFromIR extends GuardConditionImpl { } pragma[inline] - override predicate comparesEq(Expr left, Expr right, int k, boolean areEqual, boolean testIsTrue) { + override predicate comparesEq( + Cpp::Expr left, Cpp::Expr right, int k, boolean areEqual, boolean testIsTrue + ) { exists(Instruction li, Instruction ri | li.getUnconvertedResultExpression() = left and ri.getUnconvertedResultExpression() = right and @@ -532,7 +989,9 @@ private class GuardConditionFromIR extends GuardConditionImpl { } pragma[inline] - override predicate ensuresEq(Expr left, Expr right, int k, BasicBlock block, boolean areEqual) { + override predicate ensuresEq( + Cpp::Expr left, Cpp::Expr right, int k, Cpp::BasicBlock block, boolean areEqual + ) { exists(Instruction li, Instruction ri, boolean testIsTrue | li.getUnconvertedResultExpression() = left and ri.getUnconvertedResultExpression() = right and @@ -542,7 +1001,7 @@ private class GuardConditionFromIR extends GuardConditionImpl { } pragma[inline] - override predicate comparesEq(Expr e, int k, boolean areEqual, AbstractValue value) { + override predicate comparesEq(Cpp::Expr e, int k, boolean areEqual, GuardValue value) { exists(Instruction i | i.getUnconvertedResultExpression() = e and ir.comparesEq(i.getAUse(), k, areEqual, value) @@ -550,8 +1009,8 @@ private class GuardConditionFromIR extends GuardConditionImpl { } pragma[inline] - override predicate ensuresEq(Expr e, int k, BasicBlock block, boolean areEqual) { - exists(Instruction i, AbstractValue value | + override predicate ensuresEq(Cpp::Expr e, int k, Cpp::BasicBlock block, boolean areEqual) { + exists(Instruction i, GuardValue value | i.getUnconvertedResultExpression() = e and ir.comparesEq(i.getAUse(), k, areEqual, value) and this.valueControls(block, value) @@ -581,23 +1040,20 @@ private predicate excludeAsControlledInstruction(Instruction instr) { * the `irb` be ignored. */ pragma[nomagic] -private predicate nonExcludedIRAndBasicBlock(IRBlock irb, BasicBlock controlled) { +private predicate nonExcludedIRAndBasicBlock(IRBlock irb, Cpp::BasicBlock controlled) { exists(Instruction instr | instr = irb.getAnInstruction() and - instr.getAst().(ControlFlowNode).getBasicBlock() = controlled and + instr.getAst() = controlled.getANode() and not excludeAsControlledInstruction(instr) ) } /** - * A Boolean condition in the IR that guards one or more basic blocks. - * - * Note that `&&` and `||` don't have an explicit representation in the IR, - * and therefore will not appear as IRGuardConditions. + * A guard. This may be any expression whose value determines subsequent + * control flow. It may also be a switch case, which as a guard is considered + * to evaluate to either true or false depending on whether the case matches. */ -class IRGuardCondition extends Instruction { - Instruction branch; - +final class IRGuardCondition extends Guards_v1::Guard { /* * An `IRGuardCondition` supports reasoning about four different kinds of * relations: @@ -625,119 +1081,12 @@ class IRGuardCondition extends Instruction { * `e1 + k1 == e2 + k2` into canonical the form `e1 == e2 + (k2 - k1)`. */ - IRGuardCondition() { branch = getBranchForCondition(this) } - - /** - * Holds if this condition controls `controlled`, meaning that `controlled` is only - * entered if the value of this condition is `v`. - * - * For details on what "controls" mean, see the QLDoc for `controls`. - */ - predicate valueControls(IRBlock controlled, AbstractValue v) { - // This condition must determine the flow of control; that is, this - // node must be a top-level condition. - this.controlsBlock(controlled, v) - or - exists(IRGuardCondition ne | - this = ne.(LogicalNotInstruction).getUnary() and - ne.valueControls(controlled, v.getDualValue()) - ) - } - - /** - * Holds if this condition controls `controlled`, meaning that `controlled` is only - * entered if the value of this condition is `testIsTrue`. - * - * Illustration: - * - * ``` - * [ (testIsTrue) ] - * [ this ----------------succ ---- controlled ] - * [ | | ] - * [ (testIsFalse) | ------ ... ] - * [ other ] - * ``` - * - * The predicate holds if all paths to `controlled` go via the `testIsTrue` - * edge of the control-flow graph. In other words, the `testIsTrue` edge - * must dominate `controlled`. This means that `controlled` must be - * dominated by both `this` and `succ` (the target of the `testIsTrue` - * edge). It also means that any other edge into `succ` must be a back-edge - * from a node which is dominated by `succ`. - * - * The short-circuit boolean operations have slightly surprising behavior - * here: because the operation itself only dominates one branch (due to - * being short-circuited) then it will only control blocks dominated by the - * true (for `&&`) or false (for `||`) branch. - */ - predicate controls(IRBlock controlled, boolean testIsTrue) { - this.valueControls(controlled, any(BooleanValue bv | bv.getValue() = testIsTrue)) - } - - /** - * Holds if the control-flow edge `(pred, succ)` may be taken only if - * the value of this condition is `v`. - */ - predicate valueControlsEdge(IRBlock pred, IRBlock succ, AbstractValue v) { - pred.getASuccessor() = succ and - this.valueControls(pred, v) - or - succ = this.getBranchSuccessor(v) and - ( - branch.(ConditionalBranchInstruction).getCondition() = this and - branch.getBlock() = pred - or - branch.(SwitchInstruction).getExpression() = this and - branch.getBlock() = pred - ) - } - - /** - * Holds if the control-flow edge `(pred, succ)` may be taken only if - * the value of this condition is `testIsTrue`. - */ - final predicate controlsEdge(IRBlock pred, IRBlock succ, boolean testIsTrue) { - this.valueControlsEdge(pred, succ, any(BooleanValue bv | bv.getValue() = testIsTrue)) - } - - /** - * Gets the block to which `branch` jumps directly when the value of this condition is `v`. - * - * This predicate is intended to help with situations in which an inference can only be made - * based on an edge between a block with multiple successors and a block with multiple - * predecessors. For example, in the following situation, an inference can be made about the - * value of `x` at the end of the `if` statement, but there is no block which is controlled by - * the `if` statement when `x >= y`. - * ``` - * if (x < y) { - * x = y; - * } - * return x; - * ``` - */ - private IRBlock getBranchSuccessor(AbstractValue v) { - branch.(ConditionalBranchInstruction).getCondition() = this and - exists(BooleanValue bv | bv = v | - bv.getValue() = true and - result.getFirstInstruction() = branch.(ConditionalBranchInstruction).getTrueSuccessor() - or - bv.getValue() = false and - result.getFirstInstruction() = branch.(ConditionalBranchInstruction).getFalseSuccessor() - ) - or - exists(SwitchInstruction switch, CaseEdge kind | switch = branch | - switch.getExpression() = this and - result.getFirstInstruction() = switch.getSuccessor(kind) and - kind = v.(MatchValue).getCase() - ) - } - /** Holds if (determined by this guard) `left < right + k` evaluates to `isLessThan` if this expression evaluates to `testIsTrue`. */ pragma[inline] predicate comparesLt(Operand left, Operand right, int k, boolean isLessThan, boolean testIsTrue) { - exists(BooleanValue value | + exists(GuardValue value | compares_lt(valueNumber(this), left, right, k, isLessThan, value) and - value.getValue() = testIsTrue + value.asBooleanValue() = testIsTrue ) } @@ -746,8 +1095,8 @@ class IRGuardCondition extends Instruction { * this expression evaluates to `value`. */ pragma[inline] - predicate comparesLt(Operand op, int k, boolean isLessThan, AbstractValue value) { - compares_lt(valueNumber(this), op, k, isLessThan, value) + predicate comparesLt(Operand op, int k, boolean isLessThan, GuardValue value) { + unary_compares_lt(valueNumber(this), op, k, isLessThan, value) } /** @@ -756,7 +1105,7 @@ class IRGuardCondition extends Instruction { */ pragma[inline] predicate ensuresLt(Operand left, Operand right, int k, IRBlock block, boolean isLessThan) { - exists(AbstractValue value | + exists(GuardValue value | compares_lt(valueNumber(this), left, right, k, isLessThan, value) and this.valueControls(block, value) ) @@ -768,8 +1117,8 @@ class IRGuardCondition extends Instruction { */ pragma[inline] predicate ensuresLt(Operand op, int k, IRBlock block, boolean isLessThan) { - exists(AbstractValue value | - compares_lt(valueNumber(this), op, k, isLessThan, value) and + exists(GuardValue value | + unary_compares_lt(valueNumber(this), op, k, isLessThan, value) and this.valueControls(block, value) ) } @@ -782,9 +1131,9 @@ class IRGuardCondition extends Instruction { predicate ensuresLtEdge( Operand left, Operand right, int k, IRBlock pred, IRBlock succ, boolean isLessThan ) { - exists(AbstractValue value | + exists(GuardValue value | compares_lt(valueNumber(this), left, right, k, isLessThan, value) and - this.valueControlsEdge(pred, succ, value) + this.valueControlsBranchEdge(pred, succ, value) ) } @@ -794,24 +1143,24 @@ class IRGuardCondition extends Instruction { */ pragma[inline] predicate ensuresLtEdge(Operand left, int k, IRBlock pred, IRBlock succ, boolean isLessThan) { - exists(AbstractValue value | - compares_lt(valueNumber(this), left, k, isLessThan, value) and - this.valueControlsEdge(pred, succ, value) + exists(GuardValue value | + unary_compares_lt(valueNumber(this), left, k, isLessThan, value) and + this.valueControlsBranchEdge(pred, succ, value) ) } /** Holds if (determined by this guard) `left == right + k` evaluates to `areEqual` if this expression evaluates to `testIsTrue`. */ pragma[inline] predicate comparesEq(Operand left, Operand right, int k, boolean areEqual, boolean testIsTrue) { - exists(BooleanValue value | + exists(GuardValue value | compares_eq(valueNumber(this), left, right, k, areEqual, value) and - value.getValue() = testIsTrue + value.asBooleanValue() = testIsTrue ) } /** Holds if (determined by this guard) `op == k` evaluates to `areEqual` if this expression evaluates to `value`. */ pragma[inline] - predicate comparesEq(Operand op, int k, boolean areEqual, AbstractValue value) { + predicate comparesEq(Operand op, int k, boolean areEqual, GuardValue value) { unary_compares_eq(valueNumber(this), op, k, areEqual, value) } @@ -821,7 +1170,7 @@ class IRGuardCondition extends Instruction { */ pragma[inline] predicate ensuresEq(Operand left, Operand right, int k, IRBlock block, boolean areEqual) { - exists(AbstractValue value | + exists(GuardValue value | compares_eq(valueNumber(this), left, right, k, areEqual, value) and this.valueControls(block, value) ) @@ -833,7 +1182,7 @@ class IRGuardCondition extends Instruction { */ pragma[inline] predicate ensuresEq(Operand op, int k, IRBlock block, boolean areEqual) { - exists(AbstractValue value | + exists(GuardValue value | unary_compares_eq(valueNumber(this), op, k, areEqual, value) and this.valueControls(block, value) ) @@ -847,9 +1196,9 @@ class IRGuardCondition extends Instruction { predicate ensuresEqEdge( Operand left, Operand right, int k, IRBlock pred, IRBlock succ, boolean areEqual ) { - exists(AbstractValue value | + exists(GuardValue value | compares_eq(valueNumber(this), left, right, k, areEqual, value) and - this.valueControlsEdge(pred, succ, value) + this.valueControlsBranchEdge(pred, succ, value) ) } @@ -859,102 +1208,18 @@ class IRGuardCondition extends Instruction { */ pragma[inline] predicate ensuresEqEdge(Operand op, int k, IRBlock pred, IRBlock succ, boolean areEqual) { - exists(AbstractValue value | + exists(GuardValue value | unary_compares_eq(valueNumber(this), op, k, areEqual, value) and - this.valueControlsEdge(pred, succ, value) + this.valueControlsBranchEdge(pred, succ, value) ) } /** - * Holds if this condition controls `block`, meaning that `block` is only - * entered if the value of this condition is `v`. This helper - * predicate does not necessarily hold for binary logical operations like - * `&&` and `||`. See the detailed explanation on predicate `controls`. + * DEPRECATED: Use `controlsBranchEdge` instead. */ - private predicate controlsBlock(IRBlock controlled, AbstractValue v) { - not isUnreachedBlock(controlled) and - // - // For this block to control the block `controlled` with `testIsTrue` the - // following must hold: Execution must have passed through the test; that - // is, `this` must strictly dominate `controlled`. Execution must have - // passed through the `testIsTrue` edge leaving `this`. - // - // Although "passed through the true edge" implies that - // `getBranchSuccessor(true)` dominates `controlled`, the reverse is not - // true, as flow may have passed through another edge to get to - // `getBranchSuccessor(true)`, so we need to assert that - // `getBranchSuccessor(true)` dominates `controlled` *and* that all - // predecessors of `getBranchSuccessor(true)` are either `this` or - // dominated by `getBranchSuccessor(true)`. - // - // For example, in the following snippet: - // - // if (x) - // controlled; - // false_successor; - // uncontrolled; - // - // `false_successor` dominates `uncontrolled`, but not all of its - // predecessors are `this` (`if (x)`) or dominated by itself. Whereas in - // the following code: - // - // if (x) - // while (controlled) - // also_controlled; - // false_successor; - // uncontrolled; - // - // the block `while (controlled)` is controlled because all of its - // predecessors are `this` (`if (x)`) or (in the case of `also_controlled`) - // dominated by itself. - // - // The additional constraint on the predecessors of the test successor implies - // that `this` strictly dominates `controlled` so that isn't necessary to check - // directly. - exists(IRBlock succ | - succ = this.getBranchSuccessor(v) and - this.hasDominatingEdgeTo(succ) and - succ.dominates(controlled) - ) + deprecated predicate controlsEdge(IRBlock bb1, IRBlock bb2, boolean branch) { + this.controlsBranchEdge(bb1, bb2, branch) } - - /** - * Holds if `(this, succ)` is an edge that dominates `succ`, that is, all other - * predecessors of `succ` are dominated by `succ`. This implies that `this` is the - * immediate dominator of `succ`. - * - * This is a necessary and sufficient condition for an edge to dominate anything, - * and in particular `bb1.hasDominatingEdgeTo(bb2) and bb2.dominates(bb3)` means - * that the edge `(bb1, bb2)` dominates `bb3`. - */ - private predicate hasDominatingEdgeTo(IRBlock succ) { - exists(IRBlock branchBlock | branchBlock = this.getBranchBlock() | - branchBlock.immediatelyDominates(succ) and - branchBlock.getASuccessor() = succ and - forall(IRBlock pred | pred = succ.getAPredecessor() and pred != branchBlock | - succ.dominates(pred) - or - // An unreachable `pred` is vacuously dominated by `succ` since all - // paths from the entry to `pred` go through `succ`. Such vacuous - // dominance is not included in the `dominates` predicate since that - // could cause quadratic blow-up. - not pred.isReachableFromFunctionEntry() - ) - ) - } - - pragma[noinline] - private IRBlock getBranchBlock() { result = branch.getBlock() } -} - -private Instruction getBranchForCondition(Instruction guard) { - result.(ConditionalBranchInstruction).getCondition() = guard - or - result.(SwitchInstruction).getExpression() = guard - or - exists(LogicalNotInstruction cond | - result = getBranchForCondition(cond) and cond.getUnary() = guard - ) } cached @@ -1117,10 +1382,10 @@ private module Cached { */ cached predicate compares_eq( - ValueNumber test, Operand left, Operand right, int k, boolean areEqual, AbstractValue value + ValueNumber test, Operand left, Operand right, int k, boolean areEqual, GuardValue value ) { /* The simple case where the test *is* the comparison so areEqual = testIsTrue xor eq. */ - exists(AbstractValue v | simple_comparison_eq(test, left, right, k, v) | + exists(GuardValue v | simple_comparison_eq(test, left, right, k, v) | areEqual = true and value = v or areEqual = false and value = v.getDualValue() @@ -1135,15 +1400,15 @@ private module Cached { complex_eq(test, left, right, k, areEqual, value) or /* (x is true => (left == right + k)) => (!x is false => (left == right + k)) */ - exists(AbstractValue dual | value = dual.getDualValue() | + exists(GuardValue dual | value = dual.getDualValue() | compares_eq(test.(LogicalNotValueNumber).getUnary(), left, right, k, areEqual, dual) ) or compares_eq(test.(BuiltinExpectCallValueNumber).getCondition(), left, right, k, areEqual, value) or - exists(Operand l, BooleanValue bv | + exists(Operand l, GuardValue bv | // 1. test = value -> int(l) = 0 is !bv - unary_compares_eq(test, l, 0, bv.getValue().booleanNot(), value) and + unary_compares_eq(test, l, 0, bv.asBooleanValue().booleanNot(), value) and // 2. l = bv -> left + right is areEqual compares_eq(valueNumber(BooleanInstruction::get(l.getDef())), left, right, k, areEqual, bv) @@ -1160,10 +1425,10 @@ private module Cached { */ cached predicate unary_compares_eq( - ValueNumber test, Operand op, int k, boolean areEqual, AbstractValue value + ValueNumber test, Operand op, int k, boolean areEqual, GuardValue value ) { /* The simple case where the test *is* the comparison so areEqual = testIsTrue xor eq. */ - exists(AbstractValue v | unary_simple_comparison_eq(test, op, k, v) | + exists(GuardValue v | unary_simple_comparison_eq(test, op, k, v) | areEqual = true and value = v or areEqual = false and value = v.getDualValue() @@ -1172,7 +1437,7 @@ private module Cached { unary_complex_eq(test, op, k, areEqual, value) or /* (x is true => (op == k)) => (!x is false => (op == k)) */ - exists(AbstractValue dual | + exists(GuardValue dual | value = dual.getDualValue() and unary_compares_eq(test.(LogicalNotValueNumber).getUnary(), op, k, areEqual, dual) ) @@ -1186,18 +1451,18 @@ private module Cached { ) or // See argument for why this is correct in compares_eq - exists(Operand l, BooleanValue bv | - unary_compares_eq(test, l, 0, bv.getValue().booleanNot(), value) and + exists(Operand l, GuardValue bv | + unary_compares_eq(test, l, 0, bv.asBooleanValue().booleanNot(), value) and unary_compares_eq(valueNumber(BooleanInstruction::get(l.getDef())), op, k, areEqual, bv) ) or unary_compares_eq(test.(BuiltinExpectCallValueNumber).getCondition(), op, k, areEqual, value) or - exists(BinaryLogicalOperation logical, Expr operand, boolean b | + exists(Cpp::BinaryLogicalOperation logical, Cpp::Expr operand, boolean b | test.getAnInstruction().getUnconvertedResultExpression() = logical and op.getDef().getUnconvertedResultExpression() = operand and - logical.impliesValue(operand, b, value.(BooleanValue).getValue()) + logical.impliesValue(operand, b, value.asBooleanValue()) | k = 1 and areEqual = b @@ -1209,17 +1474,17 @@ private module Cached { /** Rearrange various simple comparisons into `left == right + k` form. */ private predicate simple_comparison_eq( - CompareValueNumber cmp, Operand left, Operand right, int k, AbstractValue value + CompareValueNumber cmp, Operand left, Operand right, int k, GuardValue value ) { cmp instanceof CompareEQValueNumber and cmp.hasOperands(left, right) and k = 0 and - value.(BooleanValue).getValue() = true + value.asBooleanValue() = true or cmp instanceof CompareNEValueNumber and cmp.hasOperands(left, right) and k = 0 and - value.(BooleanValue).getValue() = false + value.asBooleanValue() = false } /** @@ -1255,35 +1520,33 @@ private module Cached { } /** Rearrange various simple comparisons into `op == k` form. */ - private predicate unary_simple_comparison_eq( - ValueNumber test, Operand op, int k, AbstractValue value - ) { - exists(CaseEdge case, SwitchConditionValueNumber condition | + private predicate unary_simple_comparison_eq(ValueNumber test, Operand op, int k, GuardValue value) { + exists(SwitchConditionValueNumber condition, CaseEdge edge | condition = test and op = condition.getExpressionOperand() and - case = value.(MatchValue).getCase() and - exists(condition.getSuccessor(case)) and - case.getValue().toInt() = k + value.asIntValue() = k and + edge.getValue().toInt() = k and + exists(condition.getSuccessor(edge)) ) or exists(Instruction const | int_value(const) = k | - value.(BooleanValue).getValue() = true and + value.asBooleanValue() = true and test.(CompareEQValueNumber).hasOperands(op, const.getAUse()) or - value.(BooleanValue).getValue() = false and + value.asBooleanValue() = false and test.(CompareNEValueNumber).hasOperands(op, const.getAUse()) ) or - exists(BooleanValue bv | + exists(GuardValue bv | bv = value and mayBranchOn(op.getDef()) and op = test.getAUse() | k = 0 and - bv.getValue() = false + bv.asBooleanValue() = false or k = 1 and - bv.getValue() = true + bv.asBooleanValue() = true ) } @@ -1302,7 +1565,7 @@ private module Cached { } private predicate complex_eq( - ValueNumber cmp, Operand left, Operand right, int k, boolean areEqual, AbstractValue value + ValueNumber cmp, Operand left, Operand right, int k, boolean areEqual, GuardValue value ) { sub_eq(cmp, left, right, k, areEqual, value) or @@ -1310,7 +1573,7 @@ private module Cached { } private predicate unary_complex_eq( - ValueNumber test, Operand op, int k, boolean areEqual, AbstractValue value + ValueNumber test, Operand op, int k, boolean areEqual, GuardValue value ) { unary_sub_eq(test, op, k, areEqual, value) or @@ -1325,11 +1588,11 @@ private module Cached { /** Holds if `left < right + k` evaluates to `isLt` given that test is `value`. */ cached predicate compares_lt( - ValueNumber test, Operand left, Operand right, int k, boolean isLt, AbstractValue value + ValueNumber test, Operand left, Operand right, int k, boolean isLt, GuardValue value ) { /* In the simple case, the test is the comparison, so isLt = testIsTrue */ simple_comparison_lt(test, left, right, k) and - value.(BooleanValue).getValue() = isLt + value.asBooleanValue() = isLt or complex_lt(test, left, right, k, isLt, value) or @@ -1337,15 +1600,15 @@ private module Cached { exists(boolean isGe | isLt = isGe.booleanNot() | compares_ge(test, left, right, k, isGe, value)) or /* (x is true => (left < right + k)) => (!x is false => (left < right + k)) */ - exists(AbstractValue dual | value = dual.getDualValue() | + exists(GuardValue dual | value = dual.getDualValue() | compares_lt(test.(LogicalNotValueNumber).getUnary(), left, right, k, isLt, dual) ) or compares_lt(test.(BuiltinExpectCallValueNumber).getCondition(), left, right, k, isLt, value) or // See argument for why this is correct in compares_eq - exists(Operand l, BooleanValue bv | - unary_compares_eq(test, l, 0, bv.getValue().booleanNot(), value) and + exists(Operand l, GuardValue bv | + unary_compares_eq(test, l, 0, bv.asBooleanValue().booleanNot(), value) and compares_lt(valueNumber(BooleanInstruction::get(l.getDef())), left, right, k, isLt, bv) ) @@ -1353,14 +1616,14 @@ private module Cached { /** Holds if `op < k` evaluates to `isLt` given that `test` evaluates to `value`. */ cached - predicate compares_lt(ValueNumber test, Operand op, int k, boolean isLt, AbstractValue value) { + predicate unary_compares_lt(ValueNumber test, Operand op, int k, boolean isLt, GuardValue value) { unary_simple_comparison_lt(test, op, k, isLt, value) or complex_lt(test, op, k, isLt, value) or /* (x is true => (op < k)) => (!x is false => (op < k)) */ - exists(AbstractValue dual | value = dual.getDualValue() | - compares_lt(test.(LogicalNotValueNumber).getUnary(), op, k, isLt, dual) + exists(GuardValue dual | value = dual.getDualValue() | + unary_compares_lt(test.(LogicalNotValueNumber).getUnary(), op, k, isLt, dual) ) or exists(int k1, int k2, Instruction const | @@ -1369,19 +1632,19 @@ private module Cached { k = k1 + k2 ) or - compares_lt(test.(BuiltinExpectCallValueNumber).getCondition(), op, k, isLt, value) + unary_compares_lt(test.(BuiltinExpectCallValueNumber).getCondition(), op, k, isLt, value) or // See argument for why this is correct in compares_eq - exists(Operand l, BooleanValue bv | - unary_compares_eq(test, l, 0, bv.getValue().booleanNot(), value) and - compares_lt(valueNumber(BooleanInstruction::get(l.getDef())), op, k, - isLt, bv) + exists(Operand l, GuardValue bv | + unary_compares_eq(test, l, 0, bv.asBooleanValue().booleanNot(), value) and + unary_compares_lt(valueNumber(BooleanInstruction::get(l.getDef())), + op, k, isLt, bv) ) } /** `(a < b + k) => (b > a - k) => (b >= a + (1-k))` */ private predicate compares_ge( - ValueNumber test, Operand left, Operand right, int k, boolean isGe, AbstractValue value + ValueNumber test, Operand left, Operand right, int k, boolean isGe, GuardValue value ) { exists(int onemk | k = 1 - onemk | compares_lt(test, right, left, onemk, isGe, value)) } @@ -1407,34 +1670,33 @@ private module Cached { /** Rearrange various simple comparisons into `op < k` form. */ private predicate unary_simple_comparison_lt( - SwitchConditionValueNumber test, Operand op, int k, boolean isLt, AbstractValue value + SwitchConditionValueNumber test, Operand op, int k, boolean isLt, GuardValue value ) { - exists(CaseEdge case | + exists(string minValue, string maxValue | test.getExpressionOperand() = op and - case = value.(MatchValue).getCase() and - exists(test.getSuccessor(case)) and - case.getMaxValue() > case.getMinValue() + exists(test.getSuccessor(EdgeKind::caseEdge(minValue, maxValue))) and + minValue < maxValue | // op <= k => op < k - 1 isLt = true and - case.getMaxValue().toInt() = k - 1 + maxValue.toInt() = k - 1 and + value.isIntRange(k - 1, true) or isLt = false and - case.getMinValue().toInt() = k + minValue.toInt() = k and + value.isIntRange(k, false) ) } private predicate complex_lt( - ValueNumber cmp, Operand left, Operand right, int k, boolean isLt, AbstractValue value + ValueNumber cmp, Operand left, Operand right, int k, boolean isLt, GuardValue value ) { sub_lt(cmp, left, right, k, isLt, value) or add_lt(cmp, left, right, k, isLt, value) } - private predicate complex_lt( - ValueNumber test, Operand left, int k, boolean isLt, AbstractValue value - ) { + private predicate complex_lt(ValueNumber test, Operand left, int k, boolean isLt, GuardValue value) { sub_lt(test, left, k, isLt, value) or add_lt(test, left, k, isLt, value) @@ -1443,7 +1705,7 @@ private module Cached { // left - x < right + c => left < right + (c+x) // left < (right - x) + c => left < right + (c-x) private predicate sub_lt( - ValueNumber cmp, Operand left, Operand right, int k, boolean isLt, AbstractValue value + ValueNumber cmp, Operand left, Operand right, int k, boolean isLt, GuardValue value ) { exists(SubInstruction lhs, int c, int x | compares_lt(cmp, lhs.getAUse(), right, c, isLt, value) and @@ -1474,16 +1736,16 @@ private module Cached { ) } - private predicate sub_lt(ValueNumber test, Operand left, int k, boolean isLt, AbstractValue value) { + private predicate sub_lt(ValueNumber test, Operand left, int k, boolean isLt, GuardValue value) { exists(SubInstruction lhs, int c, int x | - compares_lt(test, lhs.getAUse(), c, isLt, value) and + unary_compares_lt(test, lhs.getAUse(), c, isLt, value) and left = lhs.getLeftOperand() and x = int_value(lhs.getRight()) and k = c + x ) or exists(PointerSubInstruction lhs, int c, int x | - compares_lt(test, lhs.getAUse(), c, isLt, value) and + unary_compares_lt(test, lhs.getAUse(), c, isLt, value) and left = lhs.getLeftOperand() and x = int_value(lhs.getRight()) and k = c + x @@ -1493,7 +1755,7 @@ private module Cached { // left + x < right + c => left < right + (c-x) // left < (right + x) + c => left < right + (c+x) private predicate add_lt( - ValueNumber cmp, Operand left, Operand right, int k, boolean isLt, AbstractValue value + ValueNumber cmp, Operand left, Operand right, int k, boolean isLt, GuardValue value ) { exists(AddInstruction lhs, int c, int x | compares_lt(cmp, lhs.getAUse(), right, c, isLt, value) and @@ -1536,9 +1798,9 @@ private module Cached { ) } - private predicate add_lt(ValueNumber test, Operand left, int k, boolean isLt, AbstractValue value) { + private predicate add_lt(ValueNumber test, Operand left, int k, boolean isLt, GuardValue value) { exists(AddInstruction lhs, int c, int x | - compares_lt(test, lhs.getAUse(), c, isLt, value) and + unary_compares_lt(test, lhs.getAUse(), c, isLt, value) and ( left = lhs.getLeftOperand() and x = int_value(lhs.getRight()) or @@ -1548,7 +1810,7 @@ private module Cached { ) or exists(PointerAddInstruction lhs, int c, int x | - compares_lt(test, lhs.getAUse(), c, isLt, value) and + unary_compares_lt(test, lhs.getAUse(), c, isLt, value) and ( left = lhs.getLeftOperand() and x = int_value(lhs.getRight()) or @@ -1561,7 +1823,7 @@ private module Cached { // left - x == right + c => left == right + (c+x) // left == (right - x) + c => left == right + (c-x) private predicate sub_eq( - ValueNumber cmp, Operand left, Operand right, int k, boolean areEqual, AbstractValue value + ValueNumber cmp, Operand left, Operand right, int k, boolean areEqual, GuardValue value ) { exists(SubInstruction lhs, int c, int x | compares_eq(cmp, lhs.getAUse(), right, c, areEqual, value) and @@ -1594,7 +1856,7 @@ private module Cached { // op - x == c => op == (c+x) private predicate unary_sub_eq( - ValueNumber test, Operand op, int k, boolean areEqual, AbstractValue value + ValueNumber test, Operand op, int k, boolean areEqual, GuardValue value ) { exists(SubInstruction sub, int c, int x | unary_compares_eq(test, sub.getAUse(), c, areEqual, value) and @@ -1614,7 +1876,7 @@ private module Cached { // left + x == right + c => left == right + (c-x) // left == (right + x) + c => left == right + (c+x) private predicate add_eq( - ValueNumber cmp, Operand left, Operand right, int k, boolean areEqual, AbstractValue value + ValueNumber cmp, Operand left, Operand right, int k, boolean areEqual, GuardValue value ) { exists(AddInstruction lhs, int c, int x | compares_eq(cmp, lhs.getAUse(), right, c, areEqual, value) and @@ -1659,7 +1921,7 @@ private module Cached { // left + x == right + c => left == right + (c-x) private predicate unary_add_eq( - ValueNumber test, Operand left, int k, boolean areEqual, AbstractValue value + ValueNumber test, Operand left, int k, boolean areEqual, GuardValue value ) { exists(AddInstruction lhs, int c, int x | unary_compares_eq(test, lhs.getAUse(), c, areEqual, value) and @@ -1702,7 +1964,7 @@ private import Cached * To find the specific guard that performs the comparison * use `IRGuards.comparesLt`. */ -predicate comparesLt(Operand left, Operand right, int k, boolean isLt, AbstractValue value) { +predicate comparesLt(Operand left, Operand right, int k, boolean isLt, GuardValue value) { compares_lt(_, left, right, k, isLt, value) } @@ -1713,6 +1975,6 @@ predicate comparesLt(Operand left, Operand right, int k, boolean isLt, AbstractV * To find the specific guard that performs the comparison * use `IRGuards.comparesEq`. */ -predicate comparesEq(Operand left, Operand right, int k, boolean isLt, AbstractValue value) { +predicate comparesEq(Operand left, Operand right, int k, boolean isLt, GuardValue value) { compares_eq(_, left, right, k, isLt, value) } diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImpl.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImpl.qll index d48a48dfb44..285e0dc8419 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImpl.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImpl.qll @@ -498,7 +498,9 @@ class FinalParameterUse extends UseImpl, TFinalParameterUse { int getArgumentIndex() { result = p.getIndex() } - override Node getNode() { finalParameterNodeHasParameterAndIndex(result, p, indirectionIndex) } + override FinalParameterNode getNode() { + finalParameterNodeHasParameterAndIndex(result, p, indirectionIndex) + } override int getIndirection() { result = indirectionIndex + 1 } @@ -1000,7 +1002,7 @@ private module DataFlowIntegrationInput implements SsaImpl::DataFlowIntegrationI result instanceof FalseEdge } - class GuardValue = Boolean; + class GuardValue = IRGuards::GuardValue; class Guard instanceof IRGuards::IRGuardCondition { string toString() { result = super.toString() } @@ -1008,7 +1010,7 @@ private module DataFlowIntegrationInput implements SsaImpl::DataFlowIntegrationI predicate hasValueBranchEdge(IRCfg::BasicBlock bb1, IRCfg::BasicBlock bb2, GuardValue branch) { exists(EdgeKind kind | super.getBlock() = bb1 and - kind = getConditionalEdge(branch) and + kind = getConditionalEdge(branch.asBooleanValue()) and bb1.getSuccessor(kind) = bb2 ) } @@ -1021,7 +1023,7 @@ private module DataFlowIntegrationInput implements SsaImpl::DataFlowIntegrationI } predicate guardDirectlyControlsBlock(Guard guard, IRCfg::BasicBlock bb, GuardValue branch) { - guard.(IRGuards::IRGuardCondition).controls(bb, branch) + guard.(IRGuards::IRGuardCondition).valueControls(bb, branch) } predicate keepAllPhiInputBackEdges() { any() } @@ -1048,25 +1050,35 @@ module BarrierGuardWithIntParam { ) } - private predicate guardChecks( - DataFlowIntegrationInput::Guard g, SsaImpl::Definition def, - DataFlowIntegrationInput::GuardValue branch, int indirectionIndex + private predicate guardChecksInstr( + IRGuards::Guards_v1::Guard g, IRGuards::GuardsInput::Expr instr, boolean branch, + int indirectionIndex ) { - exists(UseImpl use | - guardChecksNode(g, use.getNode(), branch, indirectionIndex) and - ssaDefReachesCertainUse(def, use) + exists(Node node | + nodeHasInstruction(node, instr, indirectionIndex) and + guardChecksNode(g, node, branch, indirectionIndex) ) } + private predicate guardChecksWithWrappers( + DataFlowIntegrationInput::Guard g, SsaImpl::Definition def, IRGuards::GuardValue val, + int indirectionIndex + ) { + IRGuards::Guards_v1::ValidationWrapperWithState::guardChecksDef(g, def, + val, indirectionIndex) + } + Node getABarrierNode(int indirectionIndex) { // Only get the SynthNodes from the shared implementation, as the ExprNodes cannot // be matched on SourceVariable. result.(SsaSynthNode).getSynthNode() = - DataFlowIntegrationImpl::BarrierGuardDefWithState::getABarrierNode(indirectionIndex) + DataFlowIntegrationImpl::BarrierGuardDefWithState::getABarrierNode(indirectionIndex) or // Calculate the guarded UseImpls corresponding to ExprNodes directly. - exists(DataFlowIntegrationInput::Guard g, boolean branch, Definition def, IRBlock bb | - guardChecks(g, def, branch, indirectionIndex) and + exists( + DataFlowIntegrationInput::Guard g, IRGuards::GuardValue branch, Definition def, IRBlock bb + | + guardChecksWithWrappers(g, def, branch, indirectionIndex) and exists(UseImpl use | ssaDefReachesCertainUse(def, use) and use.getBlock() = bb and @@ -1124,7 +1136,15 @@ predicate ssaFlow(Node nodeFrom, Node nodeTo) { */ class PhiNode extends Definition instanceof SsaImpl::PhiNode { /** Gets a definition that is an input to this phi node. */ - final Definition getAnInput() { phiHasInputFromBlock(this, result, _) } + final Definition getAnInput() { this.hasInputFromBlock(result, _) } + + /** + * Holds if `input` is an input to this phi node along the edge originating + * in `bb`. + */ + final predicate hasInputFromBlock(Definition input, IRBlock bb) { + phiHasInputFromBlock(this, input, bb) + } } /** An static single assignment (SSA) definition. */ @@ -1149,10 +1169,53 @@ class Definition extends SsaImpl::Definition { exists(SourceVariable sv, IRBlock bb, int i, UseImpl use | ssaDefReachesRead(sv, this, bb, i) and use.hasIndexInBlock(bb, i, sv) and - result = use.getNode().asOperand() + use = TDirectUseImpl(result, 0) ) } + /** + * Holds if this definition defines the parameter `p` upon entry into the + * enclosing function. + */ + pragma[nomagic] + predicate isParameterDefinition(Parameter p) { + this.getIndirectionIndex() = 0 and + getDefImpl(this).getValue().asInstruction().(InitializeParameterInstruction).getParameter() = p + } + + /** + * Holds if this definition defines the `indirectionIndex`'th indirection of + * parameter `p` upon entry into the enclosing function. + */ + pragma[nomagic] + predicate isIndirectParameterDefinition(Parameter p, int indirectionIndex) { + this.getIndirectionIndex() = indirectionIndex and + indirectionIndex > 0 and + getDefImpl(this).getValue().asInstruction().(InitializeParameterInstruction).getParameter() = p + } + + /** + * Holds if this definition defines the implicit `this` parameter upon entry into + * the enclosing member function. + */ + pragma[nomagic] + predicate isThisDefinition() { + this.getIndirectionIndex() = 0 and + getDefImpl(this).getValue().asInstruction().(InitializeParameterInstruction).hasIndex(-1) + } + + /** + * Holds if this definition defines the implicit `*this` parameter (i.e., the + * indirection of the `this` parameter) upon entry into the enclosing member + * function. + */ + pragma[nomagic] + predicate isIndirectThisDefinition(int indirectionIndex) { + this.getIndirectionIndex() = indirectionIndex and + indirectionIndex > 0 and + getDefImpl(this).getValue().asInstruction().(InitializeParameterInstruction).hasIndex(-1) + } + /** * Gets an `Operand` that represents an indirect use of this definition. * @@ -1167,10 +1230,11 @@ class Definition extends SsaImpl::Definition { * value that was defined by the definition. */ Operand getAnIndirectUse(int indirectionIndex) { + indirectionIndex > 0 and exists(SourceVariable sv, IRBlock bb, int i, UseImpl use | ssaDefReachesRead(sv, this, bb, i) and use.hasIndexInBlock(bb, i, sv) and - result = use.getNode().asIndirectOperand(indirectionIndex) + use = TDirectUseImpl(result, indirectionIndex) ) } diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/EdgeKind.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/EdgeKind.qll index c7ab5edf624..b449b21c3e4 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/EdgeKind.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/EdgeKind.qll @@ -52,11 +52,18 @@ class GotoEdge extends EdgeKindImpl, TGotoEdge { final override string toString() { result = "Goto" } } +/** + * A "true" or "false" edge representing a successor of a conditional branch. + */ +abstract private class BooleanEdgeKindImpl extends EdgeKindImpl { } + +final class BooleanEdge = BooleanEdgeKindImpl; + /** * A "true" edge, representing the successor of a conditional branch when the * condition is non-zero. */ -class TrueEdge extends EdgeKindImpl, TTrueEdge { +class TrueEdge extends BooleanEdgeKindImpl, TTrueEdge { final override string toString() { result = "True" } } @@ -64,7 +71,7 @@ class TrueEdge extends EdgeKindImpl, TTrueEdge { * A "false" edge, representing the successor of a conditional branch when the * condition is zero. */ -class FalseEdge extends EdgeKindImpl, TFalseEdge { +class FalseEdge extends BooleanEdgeKindImpl, TFalseEdge { final override string toString() { result = "False" } } @@ -95,19 +102,48 @@ class SehExceptionEdge extends ExceptionEdgeImpl, TSehExceptionEdge { final override string toString() { result = "SEH Exception" } } +/** + * An edge from a `Switch` instruction to one of the cases, or to the default + * branch. + */ +abstract private class SwitchEdgeKindImpl extends EdgeKindImpl { + /** + * Gets the smallest value of the switch expression for which control will flow along this edge. + */ + string getMinValue() { none() } + + /** + * Gets the largest value of the switch expression for which control will flow along this edge. + */ + string getMaxValue() { none() } + + /** + * Gets the unique value of the switch expression for which control will + * flow along this edge, if any. + */ + final string getValue() { result = unique( | | [this.getMinValue(), this.getMaxValue()]) } + + /** Holds if this edge is the default edge. */ + predicate isDefault() { none() } +} + +final class SwitchEdge = SwitchEdgeKindImpl; + /** * A "default" edge, representing the successor of a `Switch` instruction when * none of the case values matches the condition value. */ -class DefaultEdge extends EdgeKindImpl, TDefaultEdge { +class DefaultEdge extends SwitchEdgeKindImpl, TDefaultEdge { final override string toString() { result = "Default" } + + final override predicate isDefault() { any() } } /** * A "case" edge, representing the successor of a `Switch` instruction when the * the condition value matches a corresponding `case` label. */ -class CaseEdge extends EdgeKindImpl, TCaseEdge { +class CaseEdge extends SwitchEdgeKindImpl, TCaseEdge { string minValue; string maxValue; @@ -119,24 +155,9 @@ class CaseEdge extends EdgeKindImpl, TCaseEdge { else result = "Case[" + minValue + ".." + maxValue + "]" } - /** - * Gets the smallest value of the switch expression for which control will flow along this edge. - */ - final string getMinValue() { result = minValue } + final override string getMinValue() { result = minValue } - /** - * Gets the largest value of the switch expression for which control will flow along this edge. - */ - final string getMaxValue() { result = maxValue } - - /** - * Gets the unique value of the switch expression for which control will - * flow along this edge, if any. - */ - final string getValue() { - minValue = maxValue and - result = minValue - } + final override string getMaxValue() { result = maxValue } } /** diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll index a564508e16b..8d3e960c3f8 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll @@ -1084,6 +1084,12 @@ class BinaryInstruction extends Instruction { or op1 = this.getRightOperand() and op2 = this.getLeftOperand() } + + /** + * Gets the instruction whose result provides the value of the left or right + * operand of this binary instruction. + */ + Instruction getAnInput() { result = this.getLeft() or result = this.getRight() } } /** diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/Instruction.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/Instruction.qll index a564508e16b..8d3e960c3f8 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/Instruction.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/Instruction.qll @@ -1084,6 +1084,12 @@ class BinaryInstruction extends Instruction { or op1 = this.getRightOperand() and op2 = this.getLeftOperand() } + + /** + * Gets the instruction whose result provides the value of the left or right + * operand of this binary instruction. + */ + Instruction getAnInput() { result = this.getLeft() or result = this.getRight() } } /** diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll index a564508e16b..8d3e960c3f8 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll @@ -1084,6 +1084,12 @@ class BinaryInstruction extends Instruction { or op1 = this.getRightOperand() and op2 = this.getLeftOperand() } + + /** + * Gets the instruction whose result provides the value of the left or right + * operand of this binary instruction. + */ + Instruction getAnInput() { result = this.getLeft() or result = this.getRight() } } /** diff --git a/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/SemanticExprSpecific.qll b/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/SemanticExprSpecific.qll index 224f968ce69..242c023118f 100644 --- a/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/SemanticExprSpecific.qll +++ b/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/SemanticExprSpecific.qll @@ -259,7 +259,7 @@ module SemanticExprConfig { } predicate guardHasBranchEdge(Guard guard, BasicBlock bb1, BasicBlock bb2, boolean branch) { - guard.controlsEdge(bb1, bb2, branch) + guard.controlsBranchEdge(bb1, bb2, branch) } Guard comparisonGuard(Expr e) { getSemanticExpr(result) = e } diff --git a/cpp/ql/src/Likely Bugs/Memory Management/NtohlArrayNoBound.qll b/cpp/ql/src/Likely Bugs/Memory Management/NtohlArrayNoBound.qll index 40c0f2173d9..f736a793a07 100644 --- a/cpp/ql/src/Likely Bugs/Memory Management/NtohlArrayNoBound.qll +++ b/cpp/ql/src/Likely Bugs/Memory Management/NtohlArrayNoBound.qll @@ -136,7 +136,7 @@ private module NetworkToBufferSizeConfig implements DataFlow::ConfigSig { predicate isBarrier(DataFlow::Node node) { exists(GuardCondition gc, GVN gvn | - gc.getAChild*() = gvn.getAnExpr() and + gc.(Expr).getAChild*() = gvn.getAnExpr() and globalValueNumber(node.asExpr()) = gvn and gc.controls(node.asExpr().getBasicBlock(), _) ) diff --git a/cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql b/cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql index 17c1b09c3e6..36f4522b56c 100644 --- a/cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql +++ b/cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql @@ -26,13 +26,13 @@ predicate isFlowSource(FS::FlowSource source, string sourceType) { predicate guardChecks(IRGuardCondition g, Expr e, boolean branch) { exists(Operand op | op.getDef().getConvertedResultExpression() = e | // `op < k` is true and `k > 0` - g.comparesLt(op, any(int k | k > 0), true, any(BooleanValue bv | bv.getValue() = branch)) + g.comparesLt(op, any(int k | k > 0), true, any(GuardValue bv | bv.asBooleanValue() = branch)) or // `op < _ + k` is true and `k > 0`. g.comparesLt(op, _, any(int k | k > 0), true, branch) or // op == k - g.comparesEq(op, _, true, any(BooleanValue bv | bv.getValue() = branch)) + g.comparesEq(op, _, true, any(GuardValue bv | bv.asBooleanValue() = branch)) or // op == _ + k g.comparesEq(op, _, _, true, branch) diff --git a/cpp/ql/src/Security/CWE/CWE-295/SSLResultConflation.ql b/cpp/ql/src/Security/CWE/CWE-295/SSLResultConflation.ql index 379c20f51ba..9eccaebfdbd 100644 --- a/cpp/ql/src/Security/CWE/CWE-295/SSLResultConflation.ql +++ b/cpp/ql/src/Security/CWE/CWE-295/SSLResultConflation.ql @@ -29,7 +29,7 @@ module VerifyResultConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source.asExpr() instanceof SslGetVerifyResultCall } predicate isSink(DataFlow::Node sink) { - exists(GuardCondition guard | guard.getAChild*() = sink.asExpr()) + exists(GuardCondition guard | guard.(Expr).getAChild*() = sink.asExpr()) } predicate observeDiffInformedIncrementalMode() { any() } diff --git a/cpp/ql/src/Security/CWE/CWE-367/TOCTOUFilesystemRace.ql b/cpp/ql/src/Security/CWE/CWE-367/TOCTOUFilesystemRace.ql index 4b28a80f662..5fd1b981974 100644 --- a/cpp/ql/src/Security/CWE/CWE-367/TOCTOUFilesystemRace.ql +++ b/cpp/ql/src/Security/CWE/CWE-367/TOCTOUFilesystemRace.ql @@ -115,7 +115,7 @@ predicate checksPath(Expr check, Expr checkPath) { pragma[nomagic] predicate checkPathControlsUse(Expr check, Expr checkPath, Expr use) { - exists(GuardCondition guard | referenceTo(check, guard.getAChild*()) | + exists(GuardCondition guard | referenceTo(check, guard.(Expr).getAChild*()) | guard.controls(use.getBasicBlock(), _) ) and checksPath(pragma[only_bind_into](check), checkPath) @@ -123,7 +123,7 @@ predicate checkPathControlsUse(Expr check, Expr checkPath, Expr use) { pragma[nomagic] predicate fileNameOperationControlsUse(Expr check, Expr checkPath, Expr use) { - exists(GuardCondition guard | referenceTo(check, guard.getAChild*()) | + exists(GuardCondition guard | referenceTo(check, guard.(Expr).getAChild*()) | guard.controls(use.getBasicBlock(), _) ) and pragma[only_bind_into](check) = filenameOperation(checkPath) diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-401/MemoryLeakOnFailedCallToRealloc.ql b/cpp/ql/src/experimental/Security/CWE/CWE-401/MemoryLeakOnFailedCallToRealloc.ql index 3132b103bbc..df2fd13d79c 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-401/MemoryLeakOnFailedCallToRealloc.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-401/MemoryLeakOnFailedCallToRealloc.ql @@ -51,7 +51,7 @@ class ReallocCallLeak extends FunctionCall { predicate mayHandleByTermination() { exists(GuardCondition guard, CallMayNotReturn exit | this.(ControlFlowNode).getASuccessor*() = guard and - guard.getAChild*() = v.getAnAccess() and + guard.(Expr).getAChild*() = v.getAnAccess() and guard.controls(exit.getBasicBlock(), _) ) } diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index 7322e2571d1..f5193698fdb 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-queries -version: 1.5.1 +version: 1.5.2-dev groups: - cpp - queries diff --git a/cpp/ql/test/examples/docs-examples/analyzing-data-flow-in-cpp/index-flow-from-ntohl.ql b/cpp/ql/test/examples/docs-examples/analyzing-data-flow-in-cpp/index-flow-from-ntohl.ql index 15cc379131a..aaca52799d7 100644 --- a/cpp/ql/test/examples/docs-examples/analyzing-data-flow-in-cpp/index-flow-from-ntohl.ql +++ b/cpp/ql/test/examples/docs-examples/analyzing-data-flow-in-cpp/index-flow-from-ntohl.ql @@ -22,7 +22,7 @@ module NetworkToBufferSizeConfig implements DataFlow::ConfigSig { predicate isBarrier(DataFlow::Node node) { exists(GuardCondition gc, Variable v | - gc.getAChild*() = v.getAnAccess() and + gc.(Expr).getAChild*() = v.getAnAccess() and node.asExpr() = v.getAnAccess() and gc.controls(node.asExpr().getBasicBlock(), _) and not exists(Loop loop | loop.getControllingExpr() = gc) diff --git a/cpp/ql/test/experimental/library-tests/quantum/node_edges.expected b/cpp/ql/test/experimental/library-tests/quantum/node_edges.expected index 27be8e5cfba..5870bdecd8e 100644 --- a/cpp/ql/test/experimental/library-tests/quantum/node_edges.expected +++ b/cpp/ql/test/experimental/library-tests/quantum/node_edges.expected @@ -13,7 +13,8 @@ | openssl_basic.c:69:33:69:47 | KeyOperationAlgorithm | Padding | openssl_basic.c:69:33:69:47 | KeyOperationAlgorithm | | openssl_basic.c:77:45:77:47 | Key | Source | openssl_basic.c:179:43:179:76 | Constant | | openssl_basic.c:77:50:77:51 | Nonce | Source | openssl_basic.c:180:42:180:59 | Constant | -| openssl_basic.c:81:49:81:58 | Message | Source | openssl_basic.c:81:49:81:58 | Message | +| openssl_basic.c:81:49:81:58 | Message | Source | openssl_basic.c:35:36:35:45 | KeyOperationOutput | +| openssl_basic.c:81:49:81:58 | Message | Source | openssl_basic.c:40:38:40:53 | KeyOperationOutput | | openssl_basic.c:90:11:90:29 | DecryptOperation | Algorithm | openssl_basic.c:69:33:69:47 | KeyOperationAlgorithm | | openssl_basic.c:90:11:90:29 | DecryptOperation | Input | openssl_basic.c:81:49:81:58 | Message | | openssl_basic.c:90:11:90:29 | DecryptOperation | Key | openssl_basic.c:77:45:77:47 | Key | @@ -30,24 +31,39 @@ | openssl_basic.c:144:13:144:22 | HashOperation | Message | openssl_basic.c:144:24:144:30 | Message | | openssl_basic.c:144:24:144:30 | Message | Source | openssl_basic.c:181:49:181:87 | Constant | | openssl_basic.c:144:46:144:51 | Digest | Source | openssl_basic.c:144:46:144:51 | Digest | -| openssl_basic.c:155:22:155:41 | Key | Algorithm | openssl_basic.c:155:22:155:41 | Key | -| openssl_basic.c:155:22:155:41 | KeyGeneration | Algorithm | openssl_basic.c:155:22:155:41 | KeyGeneration | +| openssl_basic.c:155:22:155:41 | Key | Algorithm | openssl_basic.c:155:43:155:55 | HMACAlgorithm | +| openssl_basic.c:155:22:155:41 | KeyGeneration | Algorithm | openssl_basic.c:155:43:155:55 | HMACAlgorithm | | openssl_basic.c:155:22:155:41 | KeyGeneration | KeyInput | openssl_basic.c:155:64:155:66 | Key | | openssl_basic.c:155:22:155:41 | KeyGeneration | Output | openssl_basic.c:155:22:155:41 | Key | -| openssl_basic.c:155:43:155:55 | MACAlgorithm | H | openssl_basic.c:160:39:160:48 | HashAlgorithm | +| openssl_basic.c:155:43:155:55 | HMACAlgorithm | H | openssl_basic.c:160:39:160:48 | HashAlgorithm | | openssl_basic.c:155:64:155:66 | Key | Source | openssl_basic.c:179:43:179:76 | Constant | | openssl_basic.c:160:59:160:62 | Key | Source | openssl_basic.c:155:22:155:41 | Key | | openssl_basic.c:163:35:163:41 | Message | Source | openssl_basic.c:181:49:181:87 | Constant | -| openssl_basic.c:167:9:167:27 | SignOperation | Algorithm | openssl_basic.c:167:9:167:27 | SignOperation | -| openssl_basic.c:167:9:167:27 | SignOperation | HashAlgorithm | openssl_basic.c:160:39:160:48 | HashAlgorithm | -| openssl_basic.c:167:9:167:27 | SignOperation | Input | openssl_basic.c:163:35:163:41 | Message | -| openssl_basic.c:167:9:167:27 | SignOperation | Key | openssl_basic.c:160:59:160:62 | Key | -| openssl_basic.c:167:9:167:27 | SignOperation | Output | openssl_basic.c:167:34:167:36 | SignatureOutput | -| openssl_pkey.c:21:10:21:28 | KeyGeneration | Algorithm | openssl_pkey.c:21:10:21:28 | KeyGeneration | +| openssl_basic.c:167:9:167:27 | SignatureOrMACOperation | Algorithm | openssl_basic.c:155:43:155:55 | HMACAlgorithm | +| openssl_basic.c:167:9:167:27 | SignatureOrMACOperation | HashAlgorithm | openssl_basic.c:160:39:160:48 | HashAlgorithm | +| openssl_basic.c:167:9:167:27 | SignatureOrMACOperation | Input | openssl_basic.c:163:35:163:41 | Message | +| openssl_basic.c:167:9:167:27 | SignatureOrMACOperation | Key | openssl_basic.c:160:59:160:62 | Key | +| openssl_basic.c:167:9:167:27 | SignatureOrMACOperation | Nonce | openssl_basic.c:167:9:167:27 | SignatureOrMACOperation | +| openssl_basic.c:167:9:167:27 | SignatureOrMACOperation | Output | openssl_basic.c:167:34:167:36 | SignatureOutput | +| openssl_basic.c:235:51:235:55 | KeyOperationAlgorithm | Mode | openssl_basic.c:235:51:235:55 | KeyOperationAlgorithm | +| openssl_basic.c:235:51:235:55 | KeyOperationAlgorithm | Padding | openssl_basic.c:249:51:249:72 | PaddingAlgorithm | +| openssl_basic.c:238:9:238:25 | KeyGeneration | Algorithm | openssl_basic.c:235:51:235:55 | KeyOperationAlgorithm | +| openssl_basic.c:238:9:238:25 | KeyGeneration | Output | openssl_basic.c:238:39:238:43 | Key | +| openssl_basic.c:238:39:238:43 | Key | Algorithm | openssl_basic.c:235:51:235:55 | KeyOperationAlgorithm | +| openssl_basic.c:243:52:243:55 | Key | Source | openssl_basic.c:238:39:238:43 | Key | +| openssl_basic.c:249:51:249:72 | PaddingAlgorithm | MD | openssl_basic.c:250:51:250:60 | HashAlgorithm | +| openssl_basic.c:249:51:249:72 | PaddingAlgorithm | MGF1Hash | openssl_basic.c:251:51:251:60 | HashAlgorithm | +| openssl_basic.c:262:24:262:39 | EncryptOperation | Algorithm | openssl_basic.c:235:51:235:55 | KeyOperationAlgorithm | +| openssl_basic.c:262:24:262:39 | EncryptOperation | Input | openssl_basic.c:263:64:263:70 | Message | +| openssl_basic.c:262:24:262:39 | EncryptOperation | Key | openssl_basic.c:243:52:243:55 | Key | +| openssl_basic.c:262:24:262:39 | EncryptOperation | Nonce | openssl_basic.c:262:24:262:39 | EncryptOperation | +| openssl_basic.c:262:24:262:39 | EncryptOperation | Output | openssl_basic.c:262:54:262:63 | KeyOperationOutput | +| openssl_basic.c:263:64:263:70 | Message | Source | openssl_basic.c:231:27:231:49 | Constant | +| openssl_pkey.c:21:10:21:28 | KeyGeneration | Algorithm | openssl_pkey.c:21:10:21:28 | KeyOperationAlgorithm | | openssl_pkey.c:21:10:21:28 | KeyGeneration | Output | openssl_pkey.c:21:30:21:32 | Key | | openssl_pkey.c:21:10:21:28 | KeyOperationAlgorithm | Mode | openssl_pkey.c:21:10:21:28 | KeyOperationAlgorithm | | openssl_pkey.c:21:10:21:28 | KeyOperationAlgorithm | Padding | openssl_pkey.c:21:10:21:28 | KeyOperationAlgorithm | -| openssl_pkey.c:21:30:21:32 | Key | Algorithm | openssl_pkey.c:21:30:21:32 | Key | +| openssl_pkey.c:21:30:21:32 | Key | Algorithm | openssl_pkey.c:21:10:21:28 | KeyOperationAlgorithm | | openssl_pkey.c:50:31:50:42 | KeyOperationAlgorithm | Mode | openssl_pkey.c:50:31:50:42 | KeyOperationAlgorithm | | openssl_pkey.c:50:31:50:42 | KeyOperationAlgorithm | Padding | openssl_pkey.c:50:31:50:42 | KeyOperationAlgorithm | | openssl_pkey.c:55:9:55:23 | KeyGeneration | Algorithm | openssl_pkey.c:50:31:50:42 | KeyOperationAlgorithm | @@ -60,105 +76,174 @@ | openssl_pkey.c:64:9:64:24 | EncryptOperation | Nonce | openssl_pkey.c:64:9:64:24 | EncryptOperation | | openssl_pkey.c:64:9:64:24 | EncryptOperation | Output | openssl_pkey.c:64:31:64:39 | KeyOperationOutput | | openssl_pkey.c:64:58:64:66 | Message | Source | openssl_pkey.c:45:49:45:65 | Constant | -| openssl_signature.c:22:34:22:40 | Message | Source | openssl_signature.c:602:37:602:77 | Constant | -| openssl_signature.c:22:34:22:40 | Message | Source | openssl_signature.c:685:37:685:77 | Constant | -| openssl_signature.c:22:34:22:40 | Message | Source | openssl_signature.c:741:37:741:77 | Constant | -| openssl_signature.c:23:9:23:26 | HashOperation | Algorithm | openssl_signature.c:684:24:684:33 | HashAlgorithm | -| openssl_signature.c:23:9:23:26 | HashOperation | Algorithm | openssl_signature.c:740:24:740:33 | HashAlgorithm | -| openssl_signature.c:23:9:23:26 | HashOperation | Digest | openssl_signature.c:23:36:23:41 | Digest | -| openssl_signature.c:23:9:23:26 | HashOperation | Message | openssl_signature.c:22:34:22:40 | Message | -| openssl_signature.c:23:36:23:41 | Digest | Source | openssl_signature.c:23:36:23:41 | Digest | -| openssl_signature.c:70:32:70:38 | Message | Source | openssl_signature.c:602:37:602:77 | Constant | -| openssl_signature.c:75:28:75:36 | Message | Source | openssl_signature.c:75:28:75:36 | Message | -| openssl_signature.c:80:9:80:21 | SignOperation | Algorithm | openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | -| openssl_signature.c:80:9:80:21 | SignOperation | Algorithm | openssl_signature.c:565:50:565:54 | KeyOperationAlgorithm | -| openssl_signature.c:80:9:80:21 | SignOperation | HashAlgorithm | openssl_signature.c:684:24:684:33 | HashAlgorithm | -| openssl_signature.c:80:9:80:21 | SignOperation | HashAlgorithm | openssl_signature.c:740:24:740:33 | HashAlgorithm | -| openssl_signature.c:80:9:80:21 | SignOperation | Input | openssl_signature.c:70:32:70:38 | Message | -| openssl_signature.c:80:9:80:21 | SignOperation | Input | openssl_signature.c:75:28:75:36 | Message | -| openssl_signature.c:80:9:80:21 | SignOperation | Key | openssl_signature.c:80:53:80:56 | Key | -| openssl_signature.c:80:9:80:21 | SignOperation | Output | openssl_signature.c:80:31:80:40 | SignatureOutput | -| openssl_signature.c:80:53:80:56 | Key | Source | openssl_signature.c:548:34:548:37 | Key | -| openssl_signature.c:80:53:80:56 | Key | Source | openssl_signature.c:578:34:578:37 | Key | -| openssl_signature.c:133:52:133:55 | Key | Source | openssl_signature.c:548:34:548:37 | Key | -| openssl_signature.c:133:52:133:55 | Key | Source | openssl_signature.c:578:34:578:37 | Key | -| openssl_signature.c:134:38:134:44 | Message | Source | openssl_signature.c:602:37:602:77 | Constant | -| openssl_signature.c:135:9:135:27 | SignOperation | Algorithm | openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | -| openssl_signature.c:135:9:135:27 | SignOperation | Algorithm | openssl_signature.c:565:50:565:54 | KeyOperationAlgorithm | -| openssl_signature.c:135:9:135:27 | SignOperation | HashAlgorithm | openssl_signature.c:684:24:684:33 | HashAlgorithm | -| openssl_signature.c:135:9:135:27 | SignOperation | HashAlgorithm | openssl_signature.c:740:24:740:33 | HashAlgorithm | -| openssl_signature.c:135:9:135:27 | SignOperation | Input | openssl_signature.c:134:38:134:44 | Message | -| openssl_signature.c:135:9:135:27 | SignOperation | Key | openssl_signature.c:133:52:133:55 | Key | -| openssl_signature.c:135:9:135:27 | SignOperation | Output | openssl_signature.c:135:37:135:40 | SignatureOutput | -| openssl_signature.c:142:9:142:27 | SignOperation | Algorithm | openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | -| openssl_signature.c:142:9:142:27 | SignOperation | Algorithm | openssl_signature.c:565:50:565:54 | KeyOperationAlgorithm | -| openssl_signature.c:142:9:142:27 | SignOperation | HashAlgorithm | openssl_signature.c:684:24:684:33 | HashAlgorithm | -| openssl_signature.c:142:9:142:27 | SignOperation | HashAlgorithm | openssl_signature.c:740:24:740:33 | HashAlgorithm | -| openssl_signature.c:142:9:142:27 | SignOperation | Input | openssl_signature.c:134:38:134:44 | Message | -| openssl_signature.c:142:9:142:27 | SignOperation | Key | openssl_signature.c:133:52:133:55 | Key | -| openssl_signature.c:142:9:142:27 | SignOperation | Output | openssl_signature.c:142:37:142:46 | SignatureOutput | -| openssl_signature.c:190:57:190:60 | Key | Source | openssl_signature.c:548:34:548:37 | Key | -| openssl_signature.c:190:57:190:60 | Key | Source | openssl_signature.c:578:34:578:37 | Key | -| openssl_signature.c:196:38:196:44 | Message | Source | openssl_signature.c:602:37:602:77 | Constant | -| openssl_signature.c:197:9:197:27 | SignOperation | Algorithm | openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | -| openssl_signature.c:197:9:197:27 | SignOperation | Algorithm | openssl_signature.c:565:50:565:54 | KeyOperationAlgorithm | -| openssl_signature.c:197:9:197:27 | SignOperation | HashAlgorithm | openssl_signature.c:684:24:684:33 | HashAlgorithm | -| openssl_signature.c:197:9:197:27 | SignOperation | HashAlgorithm | openssl_signature.c:740:24:740:33 | HashAlgorithm | -| openssl_signature.c:197:9:197:27 | SignOperation | Input | openssl_signature.c:196:38:196:44 | Message | -| openssl_signature.c:197:9:197:27 | SignOperation | Key | openssl_signature.c:190:57:190:60 | Key | -| openssl_signature.c:197:9:197:27 | SignOperation | Output | openssl_signature.c:197:37:197:40 | SignatureOutput | -| openssl_signature.c:204:9:204:27 | SignOperation | Algorithm | openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | -| openssl_signature.c:204:9:204:27 | SignOperation | Algorithm | openssl_signature.c:565:50:565:54 | KeyOperationAlgorithm | -| openssl_signature.c:204:9:204:27 | SignOperation | HashAlgorithm | openssl_signature.c:684:24:684:33 | HashAlgorithm | -| openssl_signature.c:204:9:204:27 | SignOperation | HashAlgorithm | openssl_signature.c:740:24:740:33 | HashAlgorithm | -| openssl_signature.c:204:9:204:27 | SignOperation | Input | openssl_signature.c:196:38:196:44 | Message | -| openssl_signature.c:204:9:204:27 | SignOperation | Key | openssl_signature.c:190:57:190:60 | Key | -| openssl_signature.c:204:9:204:27 | SignOperation | Output | openssl_signature.c:204:37:204:46 | SignatureOutput | -| openssl_signature.c:260:39:260:42 | Key | Source | openssl_signature.c:548:34:548:37 | Key | -| openssl_signature.c:260:39:260:42 | Key | Source | openssl_signature.c:578:34:578:37 | Key | -| openssl_signature.c:263:9:263:21 | SignOperation | Algorithm | openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | -| openssl_signature.c:263:9:263:21 | SignOperation | Algorithm | openssl_signature.c:565:50:565:54 | KeyOperationAlgorithm | -| openssl_signature.c:263:9:263:21 | SignOperation | HashAlgorithm | openssl_signature.c:684:24:684:33 | HashAlgorithm | -| openssl_signature.c:263:9:263:21 | SignOperation | HashAlgorithm | openssl_signature.c:740:24:740:33 | HashAlgorithm | -| openssl_signature.c:263:9:263:21 | SignOperation | Input | openssl_signature.c:263:54:263:59 | Message | -| openssl_signature.c:263:9:263:21 | SignOperation | Key | openssl_signature.c:260:39:260:42 | Key | -| openssl_signature.c:263:9:263:21 | SignOperation | Output | openssl_signature.c:263:33:263:36 | SignatureOutput | -| openssl_signature.c:263:54:263:59 | Message | Source | openssl_signature.c:263:54:263:59 | Message | -| openssl_signature.c:270:9:270:21 | SignOperation | Algorithm | openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | -| openssl_signature.c:270:9:270:21 | SignOperation | Algorithm | openssl_signature.c:565:50:565:54 | KeyOperationAlgorithm | -| openssl_signature.c:270:9:270:21 | SignOperation | HashAlgorithm | openssl_signature.c:684:24:684:33 | HashAlgorithm | -| openssl_signature.c:270:9:270:21 | SignOperation | HashAlgorithm | openssl_signature.c:740:24:740:33 | HashAlgorithm | -| openssl_signature.c:270:9:270:21 | SignOperation | Input | openssl_signature.c:270:60:270:65 | Message | -| openssl_signature.c:270:9:270:21 | SignOperation | Key | openssl_signature.c:260:39:260:42 | Key | -| openssl_signature.c:270:9:270:21 | SignOperation | Output | openssl_signature.c:270:33:270:42 | SignatureOutput | -| openssl_signature.c:270:60:270:65 | Message | Source | openssl_signature.c:270:60:270:65 | Message | -| openssl_signature.c:321:39:321:42 | Key | Source | openssl_signature.c:548:34:548:37 | Key | -| openssl_signature.c:321:39:321:42 | Key | Source | openssl_signature.c:578:34:578:37 | Key | -| openssl_signature.c:326:48:326:54 | Message | Source | openssl_signature.c:602:37:602:77 | Constant | -| openssl_signature.c:327:9:327:35 | SignOperation | Algorithm | openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | -| openssl_signature.c:327:9:327:35 | SignOperation | Algorithm | openssl_signature.c:565:50:565:54 | KeyOperationAlgorithm | -| openssl_signature.c:327:9:327:35 | SignOperation | Algorithm | openssl_signature.c:702:60:702:71 | KeyOperationAlgorithm | -| openssl_signature.c:327:9:327:35 | SignOperation | Algorithm | openssl_signature.c:758:60:758:64 | KeyOperationAlgorithm | -| openssl_signature.c:327:9:327:35 | SignOperation | HashAlgorithm | openssl_signature.c:327:9:327:35 | SignOperation | -| openssl_signature.c:327:9:327:35 | SignOperation | Input | openssl_signature.c:326:48:326:54 | Message | -| openssl_signature.c:327:9:327:35 | SignOperation | Key | openssl_signature.c:321:39:321:42 | Key | -| openssl_signature.c:327:9:327:35 | SignOperation | Output | openssl_signature.c:327:47:327:50 | SignatureOutput | -| openssl_signature.c:334:9:334:35 | SignOperation | Algorithm | openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | -| openssl_signature.c:334:9:334:35 | SignOperation | Algorithm | openssl_signature.c:565:50:565:54 | KeyOperationAlgorithm | -| openssl_signature.c:334:9:334:35 | SignOperation | Algorithm | openssl_signature.c:702:60:702:71 | KeyOperationAlgorithm | -| openssl_signature.c:334:9:334:35 | SignOperation | Algorithm | openssl_signature.c:758:60:758:64 | KeyOperationAlgorithm | -| openssl_signature.c:334:9:334:35 | SignOperation | HashAlgorithm | openssl_signature.c:334:9:334:35 | SignOperation | -| openssl_signature.c:334:9:334:35 | SignOperation | Input | openssl_signature.c:326:48:326:54 | Message | -| openssl_signature.c:334:9:334:35 | SignOperation | Key | openssl_signature.c:321:39:321:42 | Key | -| openssl_signature.c:334:9:334:35 | SignOperation | Output | openssl_signature.c:334:47:334:56 | SignatureOutput | -| openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | Mode | openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | -| openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | Padding | openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | -| openssl_signature.c:548:9:548:23 | KeyGeneration | Algorithm | openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | -| openssl_signature.c:548:9:548:23 | KeyGeneration | Output | openssl_signature.c:548:34:548:37 | Key | -| openssl_signature.c:548:34:548:37 | Key | Algorithm | openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | -| openssl_signature.c:575:32:575:37 | Key | Source | openssl_signature.c:575:32:575:37 | Key | -| openssl_signature.c:578:9:578:23 | KeyGeneration | Algorithm | openssl_signature.c:565:50:565:54 | KeyOperationAlgorithm | -| openssl_signature.c:578:9:578:23 | KeyGeneration | KeyInput | openssl_signature.c:575:32:575:37 | Key | -| openssl_signature.c:578:9:578:23 | KeyGeneration | Output | openssl_signature.c:578:34:578:37 | Key | -| openssl_signature.c:578:34:578:37 | Key | Algorithm | openssl_signature.c:565:50:565:54 | KeyOperationAlgorithm | -| openssl_signature.c:702:60:702:71 | KeyOperationAlgorithm | Padding | openssl_signature.c:702:60:702:71 | KeyOperationAlgorithm | +| openssl_signature.c:25:34:25:40 | Message | Source | openssl_signature.c:615:37:615:74 | Constant | +| openssl_signature.c:25:34:25:40 | Message | Source | openssl_signature.c:732:37:732:66 | Constant | +| openssl_signature.c:26:9:26:26 | HashOperation | Algorithm | openssl_signature.c:616:24:616:33 | HashAlgorithm | +| openssl_signature.c:26:9:26:26 | HashOperation | Algorithm | openssl_signature.c:733:24:733:31 | HashAlgorithm | +| openssl_signature.c:26:9:26:26 | HashOperation | Digest | openssl_signature.c:26:36:26:41 | Digest | +| openssl_signature.c:26:9:26:26 | HashOperation | Message | openssl_signature.c:25:34:25:40 | Message | +| openssl_signature.c:26:36:26:41 | Digest | Source | openssl_signature.c:26:36:26:41 | Digest | +| openssl_signature.c:63:32:63:38 | Message | Source | openssl_signature.c:651:37:651:61 | Constant | +| openssl_signature.c:68:28:68:36 | Message | Source | openssl_signature.c:651:37:651:61 | Constant | +| openssl_signature.c:73:9:73:21 | SignOperation | Algorithm | openssl_signature.c:661:35:661:46 | KeyOperationAlgorithm | +| openssl_signature.c:73:9:73:21 | SignOperation | HashAlgorithm | openssl_signature.c:652:24:652:33 | HashAlgorithm | +| openssl_signature.c:73:9:73:21 | SignOperation | Input | openssl_signature.c:63:32:63:38 | Message | +| openssl_signature.c:73:9:73:21 | SignOperation | Input | openssl_signature.c:68:28:68:36 | Message | +| openssl_signature.c:73:9:73:21 | SignOperation | Key | openssl_signature.c:73:53:73:56 | Key | +| openssl_signature.c:73:9:73:21 | SignOperation | Output | openssl_signature.c:73:31:73:40 | SignatureOutput | +| openssl_signature.c:73:53:73:56 | Key | Source | openssl_signature.c:666:34:666:37 | Key | +| openssl_signature.c:98:34:98:40 | Message | Source | openssl_signature.c:651:37:651:61 | Constant | +| openssl_signature.c:99:34:99:42 | Message | Source | openssl_signature.c:651:37:651:61 | Constant | +| openssl_signature.c:100:9:100:23 | VerifyOperation | Algorithm | openssl_signature.c:661:35:661:46 | KeyOperationAlgorithm | +| openssl_signature.c:100:9:100:23 | VerifyOperation | HashAlgorithm | openssl_signature.c:652:24:652:33 | HashAlgorithm | +| openssl_signature.c:100:9:100:23 | VerifyOperation | Input | openssl_signature.c:98:34:98:40 | Message | +| openssl_signature.c:100:9:100:23 | VerifyOperation | Input | openssl_signature.c:99:34:99:42 | Message | +| openssl_signature.c:100:9:100:23 | VerifyOperation | Key | openssl_signature.c:100:73:100:76 | Key | +| openssl_signature.c:100:9:100:23 | VerifyOperation | Signature | openssl_signature.c:100:33:100:41 | SignatureInput | +| openssl_signature.c:100:33:100:41 | SignatureInput | Source | openssl_signature.c:73:31:73:40 | SignatureOutput | +| openssl_signature.c:100:73:100:76 | Key | Source | openssl_signature.c:666:34:666:37 | Key | +| openssl_signature.c:126:52:126:55 | Key | Source | openssl_signature.c:707:34:707:37 | Key | +| openssl_signature.c:127:38:127:44 | Message | Source | openssl_signature.c:692:37:692:67 | Constant | +| openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | Algorithm | openssl_signature.c:702:35:702:46 | KeyOperationAlgorithm | +| openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | HashAlgorithm | openssl_signature.c:693:24:693:33 | HashAlgorithm | +| openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | Input | openssl_signature.c:127:38:127:44 | Message | +| openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | Key | openssl_signature.c:126:52:126:55 | Key | +| openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | Nonce | openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | +| openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | Output | openssl_signature.c:135:37:135:46 | SignatureOutput | +| openssl_signature.c:158:54:158:57 | Key | Source | openssl_signature.c:707:34:707:37 | Key | +| openssl_signature.c:159:40:159:46 | Message | Source | openssl_signature.c:692:37:692:67 | Constant | +| openssl_signature.c:160:9:160:29 | VerifyOperation | Algorithm | openssl_signature.c:702:35:702:46 | KeyOperationAlgorithm | +| openssl_signature.c:160:9:160:29 | VerifyOperation | HashAlgorithm | openssl_signature.c:693:24:693:33 | HashAlgorithm | +| openssl_signature.c:160:9:160:29 | VerifyOperation | Input | openssl_signature.c:159:40:159:46 | Message | +| openssl_signature.c:160:9:160:29 | VerifyOperation | Key | openssl_signature.c:158:54:158:57 | Key | +| openssl_signature.c:160:9:160:29 | VerifyOperation | Signature | openssl_signature.c:160:39:160:47 | SignatureInput | +| openssl_signature.c:160:39:160:47 | SignatureInput | Source | openssl_signature.c:135:37:135:46 | SignatureOutput | +| openssl_signature.c:182:57:182:60 | Key | Source | openssl_signature.c:791:34:791:37 | Key | +| openssl_signature.c:187:38:187:44 | Message | Source | openssl_signature.c:777:37:777:73 | Constant | +| openssl_signature.c:195:9:195:27 | SignatureOrMACOperation | Algorithm | openssl_signature.c:786:35:786:46 | KeyOperationAlgorithm | +| openssl_signature.c:195:9:195:27 | SignatureOrMACOperation | HashAlgorithm | openssl_signature.c:778:24:778:31 | HashAlgorithm | +| openssl_signature.c:195:9:195:27 | SignatureOrMACOperation | Input | openssl_signature.c:187:38:187:44 | Message | +| openssl_signature.c:195:9:195:27 | SignatureOrMACOperation | Key | openssl_signature.c:182:57:182:60 | Key | +| openssl_signature.c:195:9:195:27 | SignatureOrMACOperation | Nonce | openssl_signature.c:195:9:195:27 | SignatureOrMACOperation | +| openssl_signature.c:195:9:195:27 | SignatureOrMACOperation | Output | openssl_signature.c:195:37:195:46 | SignatureOutput | +| openssl_signature.c:218:59:218:62 | Key | Source | openssl_signature.c:791:34:791:37 | Key | +| openssl_signature.c:224:40:224:46 | Message | Source | openssl_signature.c:777:37:777:73 | Constant | +| openssl_signature.c:225:9:225:29 | VerifyOperation | Algorithm | openssl_signature.c:786:35:786:46 | KeyOperationAlgorithm | +| openssl_signature.c:225:9:225:29 | VerifyOperation | HashAlgorithm | openssl_signature.c:778:24:778:31 | HashAlgorithm | +| openssl_signature.c:225:9:225:29 | VerifyOperation | Input | openssl_signature.c:224:40:224:46 | Message | +| openssl_signature.c:225:9:225:29 | VerifyOperation | Key | openssl_signature.c:218:59:218:62 | Key | +| openssl_signature.c:225:9:225:29 | VerifyOperation | Signature | openssl_signature.c:225:39:225:47 | SignatureInput | +| openssl_signature.c:225:39:225:47 | SignatureInput | Source | openssl_signature.c:195:37:195:46 | SignatureOutput | +| openssl_signature.c:250:39:250:42 | Key | Source | openssl_signature.c:751:34:751:37 | Key | +| openssl_signature.c:260:9:260:21 | SignOperation | Algorithm | openssl_signature.c:746:35:746:46 | KeyOperationAlgorithm | +| openssl_signature.c:260:9:260:21 | SignOperation | HashAlgorithm | openssl_signature.c:733:24:733:31 | HashAlgorithm | +| openssl_signature.c:260:9:260:21 | SignOperation | Input | openssl_signature.c:260:60:260:65 | Message | +| openssl_signature.c:260:9:260:21 | SignOperation | Key | openssl_signature.c:250:39:250:42 | Key | +| openssl_signature.c:260:9:260:21 | SignOperation | Output | openssl_signature.c:260:33:260:42 | SignatureOutput | +| openssl_signature.c:260:60:260:65 | Message | Source | openssl_signature.c:26:36:26:41 | Digest | +| openssl_signature.c:282:39:282:42 | Key | Source | openssl_signature.c:751:34:751:37 | Key | +| openssl_signature.c:285:9:285:23 | VerifyOperation | Algorithm | openssl_signature.c:746:35:746:46 | KeyOperationAlgorithm | +| openssl_signature.c:285:9:285:23 | VerifyOperation | HashAlgorithm | openssl_signature.c:733:24:733:31 | HashAlgorithm | +| openssl_signature.c:285:9:285:23 | VerifyOperation | Input | openssl_signature.c:285:61:285:66 | Message | +| openssl_signature.c:285:9:285:23 | VerifyOperation | Key | openssl_signature.c:282:39:282:42 | Key | +| openssl_signature.c:285:9:285:23 | VerifyOperation | Signature | openssl_signature.c:285:35:285:43 | SignatureInput | +| openssl_signature.c:285:35:285:43 | SignatureInput | Source | openssl_signature.c:260:33:260:42 | SignatureOutput | +| openssl_signature.c:285:61:285:66 | Message | Source | openssl_signature.c:26:36:26:41 | Digest | +| openssl_signature.c:311:39:311:42 | Key | Source | openssl_signature.c:829:34:829:37 | Key | +| openssl_signature.c:316:48:316:54 | Message | Source | openssl_signature.c:817:37:817:63 | Constant | +| openssl_signature.c:324:9:324:35 | SignOperation | Algorithm | openssl_signature.c:824:35:824:46 | KeyOperationAlgorithm | +| openssl_signature.c:324:9:324:35 | SignOperation | Algorithm | openssl_signature.c:838:85:838:96 | KeyOperationAlgorithm | +| openssl_signature.c:324:9:324:35 | SignOperation | HashAlgorithm | openssl_signature.c:838:85:838:96 | HashAlgorithm | +| openssl_signature.c:324:9:324:35 | SignOperation | Input | openssl_signature.c:316:48:316:54 | Message | +| openssl_signature.c:324:9:324:35 | SignOperation | Key | openssl_signature.c:311:39:311:42 | Key | +| openssl_signature.c:324:9:324:35 | SignOperation | Output | openssl_signature.c:324:47:324:56 | SignatureOutput | +| openssl_signature.c:347:39:347:42 | Key | Source | openssl_signature.c:829:34:829:37 | Key | +| openssl_signature.c:353:42:353:50 | SignatureInput | Source | openssl_signature.c:324:47:324:56 | SignatureOutput | +| openssl_signature.c:355:50:355:56 | Message | Source | openssl_signature.c:817:37:817:63 | Constant | +| openssl_signature.c:356:9:356:37 | VerifyOperation | Algorithm | openssl_signature.c:824:35:824:46 | KeyOperationAlgorithm | +| openssl_signature.c:356:9:356:37 | VerifyOperation | Algorithm | openssl_signature.c:839:87:839:98 | KeyOperationAlgorithm | +| openssl_signature.c:356:9:356:37 | VerifyOperation | HashAlgorithm | openssl_signature.c:839:87:839:98 | HashAlgorithm | +| openssl_signature.c:356:9:356:37 | VerifyOperation | Input | openssl_signature.c:355:50:355:56 | Message | +| openssl_signature.c:356:9:356:37 | VerifyOperation | Key | openssl_signature.c:347:39:347:42 | Key | +| openssl_signature.c:356:9:356:37 | VerifyOperation | Signature | openssl_signature.c:353:42:353:50 | SignatureInput | +| openssl_signature.c:384:9:384:16 | KeyOperationAlgorithm | Mode | openssl_signature.c:384:9:384:16 | KeyOperationAlgorithm | +| openssl_signature.c:384:9:384:16 | KeyOperationAlgorithm | Padding | openssl_signature.c:384:9:384:16 | KeyOperationAlgorithm | +| openssl_signature.c:384:9:384:16 | SignOperation | Algorithm | openssl_signature.c:384:9:384:16 | KeyOperationAlgorithm | +| openssl_signature.c:384:9:384:16 | SignOperation | Algorithm | openssl_signature.c:574:35:574:46 | KeyOperationAlgorithm | +| openssl_signature.c:384:9:384:16 | SignOperation | HashAlgorithm | openssl_signature.c:595:37:595:46 | HashAlgorithm | +| openssl_signature.c:384:9:384:16 | SignOperation | Input | openssl_signature.c:384:28:384:34 | Message | +| openssl_signature.c:384:9:384:16 | SignOperation | Key | openssl_signature.c:385:48:385:54 | Key | +| openssl_signature.c:384:9:384:16 | SignOperation | Output | openssl_signature.c:384:50:384:59 | SignatureOutput | +| openssl_signature.c:384:28:384:34 | Message | Source | openssl_signature.c:566:37:566:74 | Constant | +| openssl_signature.c:385:48:385:54 | Key | Source | openssl_signature.c:579:34:579:37 | Key | +| openssl_signature.c:403:12:403:21 | KeyOperationAlgorithm | Mode | openssl_signature.c:403:12:403:21 | KeyOperationAlgorithm | +| openssl_signature.c:403:12:403:21 | KeyOperationAlgorithm | Padding | openssl_signature.c:403:12:403:21 | KeyOperationAlgorithm | +| openssl_signature.c:403:12:403:21 | VerifyOperation | Algorithm | openssl_signature.c:403:12:403:21 | KeyOperationAlgorithm | +| openssl_signature.c:403:12:403:21 | VerifyOperation | Algorithm | openssl_signature.c:574:35:574:46 | KeyOperationAlgorithm | +| openssl_signature.c:403:12:403:21 | VerifyOperation | HashAlgorithm | openssl_signature.c:597:41:597:50 | HashAlgorithm | +| openssl_signature.c:403:12:403:21 | VerifyOperation | Input | openssl_signature.c:403:33:403:39 | Message | +| openssl_signature.c:403:12:403:21 | VerifyOperation | Key | openssl_signature.c:404:51:404:57 | Key | +| openssl_signature.c:403:12:403:21 | VerifyOperation | Signature | openssl_signature.c:403:55:403:63 | SignatureInput | +| openssl_signature.c:403:33:403:39 | Message | Source | openssl_signature.c:566:37:566:74 | Constant | +| openssl_signature.c:403:55:403:63 | SignatureInput | Source | openssl_signature.c:384:50:384:59 | SignatureOutput | +| openssl_signature.c:404:51:404:57 | Key | Source | openssl_signature.c:579:34:579:37 | Key | +| openssl_signature.c:428:11:428:21 | SignOperation | Algorithm | openssl_signature.c:428:11:428:21 | KeyOperationAlgorithm | +| openssl_signature.c:428:11:428:21 | SignOperation | Algorithm | openssl_signature.c:533:50:533:54 | KeyOperationAlgorithm | +| openssl_signature.c:428:11:428:21 | SignOperation | HashAlgorithm | openssl_signature.c:428:11:428:21 | SignOperation | +| openssl_signature.c:428:11:428:21 | SignOperation | Input | openssl_signature.c:428:23:428:28 | Message | +| openssl_signature.c:428:11:428:21 | SignOperation | Key | openssl_signature.c:428:43:428:49 | Key | +| openssl_signature.c:428:11:428:21 | SignOperation | Output | openssl_signature.c:428:11:428:21 | SignatureOutput | +| openssl_signature.c:428:23:428:28 | Message | Source | openssl_signature.c:26:36:26:41 | Digest | +| openssl_signature.c:428:43:428:49 | Key | Source | openssl_signature.c:546:34:546:37 | Key | +| openssl_signature.c:484:15:484:27 | VerifyOperation | Algorithm | openssl_signature.c:484:15:484:27 | KeyOperationAlgorithm | +| openssl_signature.c:484:15:484:27 | VerifyOperation | Algorithm | openssl_signature.c:533:50:533:54 | KeyOperationAlgorithm | +| openssl_signature.c:484:15:484:27 | VerifyOperation | HashAlgorithm | openssl_signature.c:484:15:484:27 | VerifyOperation | +| openssl_signature.c:484:15:484:27 | VerifyOperation | Input | openssl_signature.c:484:29:484:34 | Message | +| openssl_signature.c:484:15:484:27 | VerifyOperation | Key | openssl_signature.c:484:54:484:60 | Key | +| openssl_signature.c:484:15:484:27 | VerifyOperation | Signature | openssl_signature.c:484:49:484:51 | SignatureInput | +| openssl_signature.c:484:29:484:34 | Message | Source | openssl_signature.c:26:36:26:41 | Digest | +| openssl_signature.c:484:49:484:51 | SignatureInput | Source | openssl_signature.c:428:11:428:21 | SignatureOutput | +| openssl_signature.c:484:54:484:60 | Key | Source | openssl_signature.c:546:34:546:37 | Key | +| openssl_signature.c:511:35:511:46 | KeyOperationAlgorithm | Mode | openssl_signature.c:511:35:511:46 | KeyOperationAlgorithm | +| openssl_signature.c:511:35:511:46 | KeyOperationAlgorithm | Padding | openssl_signature.c:511:35:511:46 | KeyOperationAlgorithm | +| openssl_signature.c:516:9:516:23 | KeyGeneration | Algorithm | openssl_signature.c:511:35:511:46 | KeyOperationAlgorithm | +| openssl_signature.c:516:9:516:23 | KeyGeneration | Output | openssl_signature.c:516:34:516:37 | Key | +| openssl_signature.c:516:34:516:37 | Key | Algorithm | openssl_signature.c:511:35:511:46 | KeyOperationAlgorithm | +| openssl_signature.c:543:32:543:37 | Key | Source | openssl_signature.c:543:32:543:37 | Key | +| openssl_signature.c:546:9:546:23 | KeyGeneration | Algorithm | openssl_signature.c:533:50:533:54 | KeyOperationAlgorithm | +| openssl_signature.c:546:9:546:23 | KeyGeneration | KeyInput | openssl_signature.c:543:32:543:37 | Key | +| openssl_signature.c:546:9:546:23 | KeyGeneration | Output | openssl_signature.c:546:34:546:37 | Key | +| openssl_signature.c:546:34:546:37 | Key | Algorithm | openssl_signature.c:533:50:533:54 | KeyOperationAlgorithm | +| openssl_signature.c:574:35:574:46 | KeyOperationAlgorithm | Mode | openssl_signature.c:574:35:574:46 | KeyOperationAlgorithm | +| openssl_signature.c:574:35:574:46 | KeyOperationAlgorithm | Padding | openssl_signature.c:574:35:574:46 | KeyOperationAlgorithm | +| openssl_signature.c:579:9:579:23 | KeyGeneration | Algorithm | openssl_signature.c:574:35:574:46 | KeyOperationAlgorithm | +| openssl_signature.c:579:9:579:23 | KeyGeneration | Output | openssl_signature.c:579:34:579:37 | Key | +| openssl_signature.c:579:34:579:37 | Key | Algorithm | openssl_signature.c:574:35:574:46 | KeyOperationAlgorithm | +| openssl_signature.c:661:35:661:46 | KeyOperationAlgorithm | Mode | openssl_signature.c:661:35:661:46 | KeyOperationAlgorithm | +| openssl_signature.c:661:35:661:46 | KeyOperationAlgorithm | Padding | openssl_signature.c:661:35:661:46 | KeyOperationAlgorithm | +| openssl_signature.c:666:9:666:23 | KeyGeneration | Algorithm | openssl_signature.c:661:35:661:46 | KeyOperationAlgorithm | +| openssl_signature.c:666:9:666:23 | KeyGeneration | Output | openssl_signature.c:666:34:666:37 | Key | +| openssl_signature.c:666:34:666:37 | Key | Algorithm | openssl_signature.c:661:35:661:46 | KeyOperationAlgorithm | +| openssl_signature.c:702:35:702:46 | KeyOperationAlgorithm | Mode | openssl_signature.c:702:35:702:46 | KeyOperationAlgorithm | +| openssl_signature.c:702:35:702:46 | KeyOperationAlgorithm | Padding | openssl_signature.c:702:35:702:46 | KeyOperationAlgorithm | +| openssl_signature.c:707:9:707:23 | KeyGeneration | Algorithm | openssl_signature.c:702:35:702:46 | KeyOperationAlgorithm | +| openssl_signature.c:707:9:707:23 | KeyGeneration | Output | openssl_signature.c:707:34:707:37 | Key | +| openssl_signature.c:707:34:707:37 | Key | Algorithm | openssl_signature.c:702:35:702:46 | KeyOperationAlgorithm | +| openssl_signature.c:746:35:746:46 | KeyOperationAlgorithm | Mode | openssl_signature.c:746:35:746:46 | KeyOperationAlgorithm | +| openssl_signature.c:746:35:746:46 | KeyOperationAlgorithm | Padding | openssl_signature.c:746:35:746:46 | KeyOperationAlgorithm | +| openssl_signature.c:751:9:751:23 | KeyGeneration | Algorithm | openssl_signature.c:746:35:746:46 | KeyOperationAlgorithm | +| openssl_signature.c:751:9:751:23 | KeyGeneration | Output | openssl_signature.c:751:34:751:37 | Key | +| openssl_signature.c:751:34:751:37 | Key | Algorithm | openssl_signature.c:746:35:746:46 | KeyOperationAlgorithm | +| openssl_signature.c:786:35:786:46 | KeyOperationAlgorithm | Mode | openssl_signature.c:786:35:786:46 | KeyOperationAlgorithm | +| openssl_signature.c:786:35:786:46 | KeyOperationAlgorithm | Padding | openssl_signature.c:185:44:185:64 | PaddingAlgorithm | +| openssl_signature.c:786:35:786:46 | KeyOperationAlgorithm | Padding | openssl_signature.c:222:44:222:64 | PaddingAlgorithm | +| openssl_signature.c:791:9:791:23 | KeyGeneration | Algorithm | openssl_signature.c:786:35:786:46 | KeyOperationAlgorithm | +| openssl_signature.c:791:9:791:23 | KeyGeneration | Output | openssl_signature.c:791:34:791:37 | Key | +| openssl_signature.c:791:34:791:37 | Key | Algorithm | openssl_signature.c:786:35:786:46 | KeyOperationAlgorithm | +| openssl_signature.c:824:35:824:46 | KeyOperationAlgorithm | Mode | openssl_signature.c:824:35:824:46 | KeyOperationAlgorithm | +| openssl_signature.c:824:35:824:46 | KeyOperationAlgorithm | Padding | openssl_signature.c:824:35:824:46 | KeyOperationAlgorithm | +| openssl_signature.c:829:9:829:23 | KeyGeneration | Algorithm | openssl_signature.c:824:35:824:46 | KeyOperationAlgorithm | +| openssl_signature.c:829:9:829:23 | KeyGeneration | Output | openssl_signature.c:829:34:829:37 | Key | +| openssl_signature.c:829:34:829:37 | Key | Algorithm | openssl_signature.c:824:35:824:46 | KeyOperationAlgorithm | +| openssl_signature.c:838:85:838:96 | KeyOperationAlgorithm | Padding | openssl_signature.c:838:85:838:96 | KeyOperationAlgorithm | +| openssl_signature.c:839:87:839:98 | KeyOperationAlgorithm | Padding | openssl_signature.c:839:87:839:98 | KeyOperationAlgorithm | diff --git a/cpp/ql/test/experimental/library-tests/quantum/node_properties.expected b/cpp/ql/test/experimental/library-tests/quantum/node_properties.expected index 52a7c61502b..4f435517eef 100644 --- a/cpp/ql/test/experimental/library-tests/quantum/node_properties.expected +++ b/cpp/ql/test/experimental/library-tests/quantum/node_properties.expected @@ -21,18 +21,34 @@ | openssl_basic.c:144:67:144:73 | HashAlgorithm | Name | MD5 | openssl_basic.c:144:67:144:73 | openssl_basic.c:144:67:144:73 | | openssl_basic.c:144:67:144:73 | HashAlgorithm | RawName | EVP_md5 | openssl_basic.c:144:67:144:73 | openssl_basic.c:144:67:144:73 | | openssl_basic.c:155:22:155:41 | Key | KeyType | Asymmetric | openssl_basic.c:155:22:155:41 | openssl_basic.c:155:22:155:41 | -| openssl_basic.c:155:43:155:55 | MACAlgorithm | Name | HMAC | openssl_basic.c:155:43:155:55 | openssl_basic.c:155:43:155:55 | -| openssl_basic.c:155:43:155:55 | MACAlgorithm | RawName | 855 | openssl_basic.c:155:43:155:55 | openssl_basic.c:155:43:155:55 | +| openssl_basic.c:155:43:155:55 | HMACAlgorithm | Name | HMAC | openssl_basic.c:155:43:155:55 | openssl_basic.c:155:43:155:55 | +| openssl_basic.c:155:43:155:55 | HMACAlgorithm | RawName | 855 | openssl_basic.c:155:43:155:55 | openssl_basic.c:155:43:155:55 | | openssl_basic.c:155:64:155:66 | Key | KeyType | Unknown | openssl_basic.c:155:64:155:66 | openssl_basic.c:155:64:155:66 | | openssl_basic.c:160:39:160:48 | HashAlgorithm | DigestSize | 256 | openssl_basic.c:160:39:160:48 | openssl_basic.c:160:39:160:48 | | openssl_basic.c:160:39:160:48 | HashAlgorithm | Name | SHA2 | openssl_basic.c:160:39:160:48 | openssl_basic.c:160:39:160:48 | | openssl_basic.c:160:39:160:48 | HashAlgorithm | RawName | EVP_sha256 | openssl_basic.c:160:39:160:48 | openssl_basic.c:160:39:160:48 | | openssl_basic.c:160:59:160:62 | Key | KeyType | Unknown | openssl_basic.c:160:59:160:62 | openssl_basic.c:160:59:160:62 | -| openssl_basic.c:167:9:167:27 | SignOperation | KeyOperationSubtype | Sign | openssl_basic.c:167:9:167:27 | openssl_basic.c:167:9:167:27 | +| openssl_basic.c:167:9:167:27 | SignatureOrMACOperation | KeyOperationSubtype | Mac | openssl_basic.c:167:9:167:27 | openssl_basic.c:167:9:167:27 | +| openssl_basic.c:167:9:167:27 | SignatureOrMACOperation | KeyOperationSubtype | Sign | openssl_basic.c:167:9:167:27 | openssl_basic.c:167:9:167:27 | | openssl_basic.c:179:43:179:76 | Constant | Description | 01234567890123456789012345678901 | openssl_basic.c:179:43:179:76 | openssl_basic.c:179:43:179:76 | | openssl_basic.c:180:42:180:59 | Constant | Description | 0123456789012345 | openssl_basic.c:180:42:180:59 | openssl_basic.c:180:42:180:59 | | openssl_basic.c:181:49:181:87 | Constant | Description | This is a test message for encryption | openssl_basic.c:181:49:181:87 | openssl_basic.c:181:49:181:87 | | openssl_basic.c:218:32:218:33 | Constant | Description | 32 | openssl_basic.c:218:32:218:33 | openssl_basic.c:218:32:218:33 | +| openssl_basic.c:231:27:231:49 | Constant | Description | Encrypt me with OAEP! | openssl_basic.c:231:27:231:49 | openssl_basic.c:231:27:231:49 | +| openssl_basic.c:235:51:235:55 | KeyOperationAlgorithm | Name | RSA | openssl_basic.c:235:51:235:55 | openssl_basic.c:235:51:235:55 | +| openssl_basic.c:235:51:235:55 | KeyOperationAlgorithm | RawName | RSA | openssl_basic.c:235:51:235:55 | openssl_basic.c:235:51:235:55 | +| openssl_basic.c:237:54:237:57 | Constant | Description | 2048 | openssl_basic.c:237:54:237:57 | openssl_basic.c:237:54:237:57 | +| openssl_basic.c:238:39:238:43 | Key | KeyType | Asymmetric | openssl_basic.c:238:39:238:43 | openssl_basic.c:238:39:238:43 | +| openssl_basic.c:243:52:243:55 | Key | KeyType | Unknown | openssl_basic.c:243:52:243:55 | openssl_basic.c:243:52:243:55 | +| openssl_basic.c:249:51:249:72 | PaddingAlgorithm | Name | OAEP | openssl_basic.c:249:51:249:72 | openssl_basic.c:249:51:249:72 | +| openssl_basic.c:249:51:249:72 | PaddingAlgorithm | RawName | 4 | openssl_basic.c:249:51:249:72 | openssl_basic.c:249:51:249:72 | +| openssl_basic.c:250:51:250:60 | HashAlgorithm | DigestSize | 256 | openssl_basic.c:250:51:250:60 | openssl_basic.c:250:51:250:60 | +| openssl_basic.c:250:51:250:60 | HashAlgorithm | Name | SHA2 | openssl_basic.c:250:51:250:60 | openssl_basic.c:250:51:250:60 | +| openssl_basic.c:250:51:250:60 | HashAlgorithm | RawName | EVP_sha256 | openssl_basic.c:250:51:250:60 | openssl_basic.c:250:51:250:60 | +| openssl_basic.c:251:51:251:60 | HashAlgorithm | DigestSize | 256 | openssl_basic.c:251:51:251:60 | openssl_basic.c:251:51:251:60 | +| openssl_basic.c:251:51:251:60 | HashAlgorithm | Name | SHA2 | openssl_basic.c:251:51:251:60 | openssl_basic.c:251:51:251:60 | +| openssl_basic.c:251:51:251:60 | HashAlgorithm | RawName | EVP_sha256 | openssl_basic.c:251:51:251:60 | openssl_basic.c:251:51:251:60 | +| openssl_basic.c:262:24:262:39 | EncryptOperation | KeyOperationSubtype | Encrypt | openssl_basic.c:262:24:262:39 | openssl_basic.c:262:24:262:39 | | openssl_pkey.c:21:10:21:28 | KeyOperationAlgorithm | Name | RSA | openssl_pkey.c:21:10:21:28 | openssl_pkey.c:21:10:21:28 | | openssl_pkey.c:21:10:21:28 | KeyOperationAlgorithm | RawName | RSA_generate_key_ex | openssl_pkey.c:21:10:21:28 | openssl_pkey.c:21:10:21:28 | | openssl_pkey.c:21:30:21:32 | Key | KeyType | Asymmetric | openssl_pkey.c:21:30:21:32 | openssl_pkey.c:21:30:21:32 | @@ -43,44 +59,116 @@ | openssl_pkey.c:55:30:55:34 | Key | KeyType | Asymmetric | openssl_pkey.c:55:30:55:34 | openssl_pkey.c:55:30:55:34 | | openssl_pkey.c:60:28:60:31 | Key | KeyType | Unknown | openssl_pkey.c:60:28:60:31 | openssl_pkey.c:60:28:60:31 | | openssl_pkey.c:64:9:64:24 | EncryptOperation | KeyOperationSubtype | Encrypt | openssl_pkey.c:64:9:64:24 | openssl_pkey.c:64:9:64:24 | -| openssl_signature.c:80:9:80:21 | SignOperation | KeyOperationSubtype | Sign | openssl_signature.c:80:9:80:21 | openssl_signature.c:80:9:80:21 | -| openssl_signature.c:80:53:80:56 | Key | KeyType | Unknown | openssl_signature.c:80:53:80:56 | openssl_signature.c:80:53:80:56 | -| openssl_signature.c:133:52:133:55 | Key | KeyType | Unknown | openssl_signature.c:133:52:133:55 | openssl_signature.c:133:52:133:55 | -| openssl_signature.c:135:9:135:27 | SignOperation | KeyOperationSubtype | Sign | openssl_signature.c:135:9:135:27 | openssl_signature.c:135:9:135:27 | -| openssl_signature.c:142:9:142:27 | SignOperation | KeyOperationSubtype | Sign | openssl_signature.c:142:9:142:27 | openssl_signature.c:142:9:142:27 | -| openssl_signature.c:190:57:190:60 | Key | KeyType | Unknown | openssl_signature.c:190:57:190:60 | openssl_signature.c:190:57:190:60 | -| openssl_signature.c:197:9:197:27 | SignOperation | KeyOperationSubtype | Sign | openssl_signature.c:197:9:197:27 | openssl_signature.c:197:9:197:27 | -| openssl_signature.c:204:9:204:27 | SignOperation | KeyOperationSubtype | Sign | openssl_signature.c:204:9:204:27 | openssl_signature.c:204:9:204:27 | -| openssl_signature.c:260:39:260:42 | Key | KeyType | Unknown | openssl_signature.c:260:39:260:42 | openssl_signature.c:260:39:260:42 | -| openssl_signature.c:263:9:263:21 | SignOperation | KeyOperationSubtype | Sign | openssl_signature.c:263:9:263:21 | openssl_signature.c:263:9:263:21 | -| openssl_signature.c:270:9:270:21 | SignOperation | KeyOperationSubtype | Sign | openssl_signature.c:270:9:270:21 | openssl_signature.c:270:9:270:21 | -| openssl_signature.c:321:39:321:42 | Key | KeyType | Unknown | openssl_signature.c:321:39:321:42 | openssl_signature.c:321:39:321:42 | -| openssl_signature.c:327:9:327:35 | SignOperation | KeyOperationSubtype | Sign | openssl_signature.c:327:9:327:35 | openssl_signature.c:327:9:327:35 | -| openssl_signature.c:334:9:334:35 | SignOperation | KeyOperationSubtype | Sign | openssl_signature.c:334:9:334:35 | openssl_signature.c:334:9:334:35 | -| openssl_signature.c:521:46:521:66 | PaddingAlgorithm | Name | PSS | openssl_signature.c:521:46:521:66 | openssl_signature.c:521:46:521:66 | -| openssl_signature.c:521:46:521:66 | PaddingAlgorithm | RawName | 6 | openssl_signature.c:521:46:521:66 | openssl_signature.c:521:46:521:66 | -| openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:543:35:543:46 | openssl_signature.c:543:35:543:46 | -| openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | RawName | 6 | openssl_signature.c:543:35:543:46 | openssl_signature.c:543:35:543:46 | -| openssl_signature.c:547:51:547:54 | Constant | Description | 2048 | openssl_signature.c:547:51:547:54 | openssl_signature.c:547:51:547:54 | -| openssl_signature.c:548:34:548:37 | Key | KeyType | Asymmetric | openssl_signature.c:548:34:548:37 | openssl_signature.c:548:34:548:37 | -| openssl_signature.c:565:50:565:54 | KeyOperationAlgorithm | Name | DSA | openssl_signature.c:565:50:565:54 | openssl_signature.c:565:50:565:54 | -| openssl_signature.c:565:50:565:54 | KeyOperationAlgorithm | RawName | dsa | openssl_signature.c:565:50:565:54 | openssl_signature.c:565:50:565:54 | -| openssl_signature.c:569:55:569:58 | Constant | Description | 2048 | openssl_signature.c:569:55:569:58 | openssl_signature.c:569:55:569:58 | -| openssl_signature.c:575:32:575:37 | Key | KeyType | Unknown | openssl_signature.c:575:32:575:37 | openssl_signature.c:575:32:575:37 | -| openssl_signature.c:578:34:578:37 | Key | KeyType | Asymmetric | openssl_signature.c:578:34:578:37 | openssl_signature.c:578:34:578:37 | -| openssl_signature.c:602:37:602:77 | Constant | Description | Test message for OpenSSL signature APIs | openssl_signature.c:602:37:602:77 | openssl_signature.c:602:37:602:77 | -| openssl_signature.c:684:24:684:33 | HashAlgorithm | DigestSize | 256 | openssl_signature.c:684:24:684:33 | openssl_signature.c:684:24:684:33 | -| openssl_signature.c:684:24:684:33 | HashAlgorithm | Name | SHA2 | openssl_signature.c:684:24:684:33 | openssl_signature.c:684:24:684:33 | -| openssl_signature.c:684:24:684:33 | HashAlgorithm | RawName | EVP_sha256 | openssl_signature.c:684:24:684:33 | openssl_signature.c:684:24:684:33 | -| openssl_signature.c:685:37:685:77 | Constant | Description | Test message for OpenSSL signature APIs | openssl_signature.c:685:37:685:77 | openssl_signature.c:685:37:685:77 | -| openssl_signature.c:702:60:702:71 | HashAlgorithm | DigestSize | 256 | openssl_signature.c:702:60:702:71 | openssl_signature.c:702:60:702:71 | -| openssl_signature.c:702:60:702:71 | HashAlgorithm | Name | SHA2 | openssl_signature.c:702:60:702:71 | openssl_signature.c:702:60:702:71 | -| openssl_signature.c:702:60:702:71 | HashAlgorithm | RawName | RSA-SHA256 | openssl_signature.c:702:60:702:71 | openssl_signature.c:702:60:702:71 | -| openssl_signature.c:702:60:702:71 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:702:60:702:71 | openssl_signature.c:702:60:702:71 | -| openssl_signature.c:702:60:702:71 | KeyOperationAlgorithm | RawName | RSA-SHA256 | openssl_signature.c:702:60:702:71 | openssl_signature.c:702:60:702:71 | -| openssl_signature.c:740:24:740:33 | HashAlgorithm | DigestSize | 256 | openssl_signature.c:740:24:740:33 | openssl_signature.c:740:24:740:33 | -| openssl_signature.c:740:24:740:33 | HashAlgorithm | Name | SHA2 | openssl_signature.c:740:24:740:33 | openssl_signature.c:740:24:740:33 | -| openssl_signature.c:740:24:740:33 | HashAlgorithm | RawName | EVP_sha256 | openssl_signature.c:740:24:740:33 | openssl_signature.c:740:24:740:33 | -| openssl_signature.c:741:37:741:77 | Constant | Description | Test message for OpenSSL signature APIs | openssl_signature.c:741:37:741:77 | openssl_signature.c:741:37:741:77 | -| openssl_signature.c:758:60:758:64 | KeyOperationAlgorithm | Name | DSA | openssl_signature.c:758:60:758:64 | openssl_signature.c:758:60:758:64 | -| openssl_signature.c:758:60:758:64 | KeyOperationAlgorithm | RawName | dsa | openssl_signature.c:758:60:758:64 | openssl_signature.c:758:60:758:64 | +| openssl_signature.c:73:9:73:21 | SignOperation | KeyOperationSubtype | Sign | openssl_signature.c:73:9:73:21 | openssl_signature.c:73:9:73:21 | +| openssl_signature.c:73:53:73:56 | Key | KeyType | Unknown | openssl_signature.c:73:53:73:56 | openssl_signature.c:73:53:73:56 | +| openssl_signature.c:100:9:100:23 | VerifyOperation | KeyOperationSubtype | Verify | openssl_signature.c:100:9:100:23 | openssl_signature.c:100:9:100:23 | +| openssl_signature.c:100:73:100:76 | Key | KeyType | Unknown | openssl_signature.c:100:73:100:76 | openssl_signature.c:100:73:100:76 | +| openssl_signature.c:126:52:126:55 | Key | KeyType | Unknown | openssl_signature.c:126:52:126:55 | openssl_signature.c:126:52:126:55 | +| openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | KeyOperationSubtype | Mac | openssl_signature.c:135:9:135:27 | openssl_signature.c:135:9:135:27 | +| openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | KeyOperationSubtype | Sign | openssl_signature.c:135:9:135:27 | openssl_signature.c:135:9:135:27 | +| openssl_signature.c:158:54:158:57 | Key | KeyType | Unknown | openssl_signature.c:158:54:158:57 | openssl_signature.c:158:54:158:57 | +| openssl_signature.c:160:9:160:29 | VerifyOperation | KeyOperationSubtype | Verify | openssl_signature.c:160:9:160:29 | openssl_signature.c:160:9:160:29 | +| openssl_signature.c:182:57:182:60 | Key | KeyType | Unknown | openssl_signature.c:182:57:182:60 | openssl_signature.c:182:57:182:60 | +| openssl_signature.c:185:44:185:64 | PaddingAlgorithm | Name | PSS | openssl_signature.c:185:44:185:64 | openssl_signature.c:185:44:185:64 | +| openssl_signature.c:185:44:185:64 | PaddingAlgorithm | RawName | 6 | openssl_signature.c:185:44:185:64 | openssl_signature.c:185:44:185:64 | +| openssl_signature.c:195:9:195:27 | SignatureOrMACOperation | KeyOperationSubtype | Mac | openssl_signature.c:195:9:195:27 | openssl_signature.c:195:9:195:27 | +| openssl_signature.c:195:9:195:27 | SignatureOrMACOperation | KeyOperationSubtype | Sign | openssl_signature.c:195:9:195:27 | openssl_signature.c:195:9:195:27 | +| openssl_signature.c:218:59:218:62 | Key | KeyType | Unknown | openssl_signature.c:218:59:218:62 | openssl_signature.c:218:59:218:62 | +| openssl_signature.c:222:44:222:64 | PaddingAlgorithm | Name | PSS | openssl_signature.c:222:44:222:64 | openssl_signature.c:222:44:222:64 | +| openssl_signature.c:222:44:222:64 | PaddingAlgorithm | RawName | 6 | openssl_signature.c:222:44:222:64 | openssl_signature.c:222:44:222:64 | +| openssl_signature.c:225:9:225:29 | VerifyOperation | KeyOperationSubtype | Verify | openssl_signature.c:225:9:225:29 | openssl_signature.c:225:9:225:29 | +| openssl_signature.c:250:39:250:42 | Key | KeyType | Unknown | openssl_signature.c:250:39:250:42 | openssl_signature.c:250:39:250:42 | +| openssl_signature.c:260:9:260:21 | SignOperation | KeyOperationSubtype | Sign | openssl_signature.c:260:9:260:21 | openssl_signature.c:260:9:260:21 | +| openssl_signature.c:282:39:282:42 | Key | KeyType | Unknown | openssl_signature.c:282:39:282:42 | openssl_signature.c:282:39:282:42 | +| openssl_signature.c:285:9:285:23 | VerifyOperation | KeyOperationSubtype | Verify | openssl_signature.c:285:9:285:23 | openssl_signature.c:285:9:285:23 | +| openssl_signature.c:311:39:311:42 | Key | KeyType | Unknown | openssl_signature.c:311:39:311:42 | openssl_signature.c:311:39:311:42 | +| openssl_signature.c:324:9:324:35 | SignOperation | KeyOperationSubtype | Sign | openssl_signature.c:324:9:324:35 | openssl_signature.c:324:9:324:35 | +| openssl_signature.c:347:39:347:42 | Key | KeyType | Unknown | openssl_signature.c:347:39:347:42 | openssl_signature.c:347:39:347:42 | +| openssl_signature.c:356:9:356:37 | VerifyOperation | KeyOperationSubtype | Verify | openssl_signature.c:356:9:356:37 | openssl_signature.c:356:9:356:37 | +| openssl_signature.c:384:9:384:16 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:384:9:384:16 | openssl_signature.c:384:9:384:16 | +| openssl_signature.c:384:9:384:16 | KeyOperationAlgorithm | RawName | RSA_sign | openssl_signature.c:384:9:384:16 | openssl_signature.c:384:9:384:16 | +| openssl_signature.c:384:9:384:16 | SignOperation | KeyOperationSubtype | Sign | openssl_signature.c:384:9:384:16 | openssl_signature.c:384:9:384:16 | +| openssl_signature.c:385:48:385:54 | Key | KeyType | Unknown | openssl_signature.c:385:48:385:54 | openssl_signature.c:385:48:385:54 | +| openssl_signature.c:403:12:403:21 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:403:12:403:21 | openssl_signature.c:403:12:403:21 | +| openssl_signature.c:403:12:403:21 | KeyOperationAlgorithm | RawName | RSA_verify | openssl_signature.c:403:12:403:21 | openssl_signature.c:403:12:403:21 | +| openssl_signature.c:403:12:403:21 | VerifyOperation | KeyOperationSubtype | Verify | openssl_signature.c:403:12:403:21 | openssl_signature.c:403:12:403:21 | +| openssl_signature.c:404:51:404:57 | Key | KeyType | Unknown | openssl_signature.c:404:51:404:57 | openssl_signature.c:404:51:404:57 | +| openssl_signature.c:428:11:428:21 | KeyOperationAlgorithm | Name | DSA | openssl_signature.c:428:11:428:21 | openssl_signature.c:428:11:428:21 | +| openssl_signature.c:428:11:428:21 | KeyOperationAlgorithm | RawName | DSA_do_sign | openssl_signature.c:428:11:428:21 | openssl_signature.c:428:11:428:21 | +| openssl_signature.c:428:11:428:21 | SignOperation | KeyOperationSubtype | Sign | openssl_signature.c:428:11:428:21 | openssl_signature.c:428:11:428:21 | +| openssl_signature.c:428:43:428:49 | Key | KeyType | Unknown | openssl_signature.c:428:43:428:49 | openssl_signature.c:428:43:428:49 | +| openssl_signature.c:484:15:484:27 | KeyOperationAlgorithm | Name | DSA | openssl_signature.c:484:15:484:27 | openssl_signature.c:484:15:484:27 | +| openssl_signature.c:484:15:484:27 | KeyOperationAlgorithm | RawName | DSA_do_verify | openssl_signature.c:484:15:484:27 | openssl_signature.c:484:15:484:27 | +| openssl_signature.c:484:15:484:27 | VerifyOperation | KeyOperationSubtype | Verify | openssl_signature.c:484:15:484:27 | openssl_signature.c:484:15:484:27 | +| openssl_signature.c:484:54:484:60 | Key | KeyType | Unknown | openssl_signature.c:484:54:484:60 | openssl_signature.c:484:54:484:60 | +| openssl_signature.c:511:35:511:46 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:511:35:511:46 | openssl_signature.c:511:35:511:46 | +| openssl_signature.c:511:35:511:46 | KeyOperationAlgorithm | RawName | 6 | openssl_signature.c:511:35:511:46 | openssl_signature.c:511:35:511:46 | +| openssl_signature.c:515:51:515:54 | Constant | Description | 2048 | openssl_signature.c:515:51:515:54 | openssl_signature.c:515:51:515:54 | +| openssl_signature.c:516:34:516:37 | Key | KeyType | Asymmetric | openssl_signature.c:516:34:516:37 | openssl_signature.c:516:34:516:37 | +| openssl_signature.c:533:50:533:54 | KeyOperationAlgorithm | Name | DSA | openssl_signature.c:533:50:533:54 | openssl_signature.c:533:50:533:54 | +| openssl_signature.c:533:50:533:54 | KeyOperationAlgorithm | RawName | dsa | openssl_signature.c:533:50:533:54 | openssl_signature.c:533:50:533:54 | +| openssl_signature.c:537:55:537:58 | Constant | Description | 2048 | openssl_signature.c:537:55:537:58 | openssl_signature.c:537:55:537:58 | +| openssl_signature.c:543:32:543:37 | Key | KeyType | Unknown | openssl_signature.c:543:32:543:37 | openssl_signature.c:543:32:543:37 | +| openssl_signature.c:546:34:546:37 | Key | KeyType | Asymmetric | openssl_signature.c:546:34:546:37 | openssl_signature.c:546:34:546:37 | +| openssl_signature.c:566:37:566:74 | Constant | Description | testLowLevelRSASignAndVerify message | openssl_signature.c:566:37:566:74 | openssl_signature.c:566:37:566:74 | +| openssl_signature.c:574:35:574:46 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:574:35:574:46 | openssl_signature.c:574:35:574:46 | +| openssl_signature.c:574:35:574:46 | KeyOperationAlgorithm | RawName | 6 | openssl_signature.c:574:35:574:46 | openssl_signature.c:574:35:574:46 | +| openssl_signature.c:578:51:578:54 | Constant | Description | 2048 | openssl_signature.c:578:51:578:54 | openssl_signature.c:578:51:578:54 | +| openssl_signature.c:579:34:579:37 | Key | KeyType | Asymmetric | openssl_signature.c:579:34:579:37 | openssl_signature.c:579:34:579:37 | +| openssl_signature.c:595:37:595:46 | HashAlgorithm | DigestSize | 256 | openssl_signature.c:595:37:595:46 | openssl_signature.c:595:37:595:46 | +| openssl_signature.c:595:37:595:46 | HashAlgorithm | Name | SHA2 | openssl_signature.c:595:37:595:46 | openssl_signature.c:595:37:595:46 | +| openssl_signature.c:595:37:595:46 | HashAlgorithm | RawName | 672 | openssl_signature.c:595:37:595:46 | openssl_signature.c:595:37:595:46 | +| openssl_signature.c:597:41:597:50 | HashAlgorithm | DigestSize | 256 | openssl_signature.c:597:41:597:50 | openssl_signature.c:597:41:597:50 | +| openssl_signature.c:597:41:597:50 | HashAlgorithm | Name | SHA2 | openssl_signature.c:597:41:597:50 | openssl_signature.c:597:41:597:50 | +| openssl_signature.c:597:41:597:50 | HashAlgorithm | RawName | 672 | openssl_signature.c:597:41:597:50 | openssl_signature.c:597:41:597:50 | +| openssl_signature.c:615:37:615:74 | Constant | Description | testLowLevelDSASignAndVerify message | openssl_signature.c:615:37:615:74 | openssl_signature.c:615:37:615:74 | +| openssl_signature.c:616:24:616:33 | HashAlgorithm | DigestSize | 256 | openssl_signature.c:616:24:616:33 | openssl_signature.c:616:24:616:33 | +| openssl_signature.c:616:24:616:33 | HashAlgorithm | Name | SHA2 | openssl_signature.c:616:24:616:33 | openssl_signature.c:616:24:616:33 | +| openssl_signature.c:616:24:616:33 | HashAlgorithm | RawName | EVP_sha256 | openssl_signature.c:616:24:616:33 | openssl_signature.c:616:24:616:33 | +| openssl_signature.c:651:37:651:61 | Constant | Description | testEVP_SignAPI message | openssl_signature.c:651:37:651:61 | openssl_signature.c:651:37:651:61 | +| openssl_signature.c:652:24:652:33 | HashAlgorithm | DigestSize | 224 | openssl_signature.c:652:24:652:33 | openssl_signature.c:652:24:652:33 | +| openssl_signature.c:652:24:652:33 | HashAlgorithm | Name | SHA2 | openssl_signature.c:652:24:652:33 | openssl_signature.c:652:24:652:33 | +| openssl_signature.c:652:24:652:33 | HashAlgorithm | RawName | EVP_sha224 | openssl_signature.c:652:24:652:33 | openssl_signature.c:652:24:652:33 | +| openssl_signature.c:661:35:661:46 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:661:35:661:46 | openssl_signature.c:661:35:661:46 | +| openssl_signature.c:661:35:661:46 | KeyOperationAlgorithm | RawName | 6 | openssl_signature.c:661:35:661:46 | openssl_signature.c:661:35:661:46 | +| openssl_signature.c:665:51:665:54 | Constant | Description | 2048 | openssl_signature.c:665:51:665:54 | openssl_signature.c:665:51:665:54 | +| openssl_signature.c:666:34:666:37 | Key | KeyType | Asymmetric | openssl_signature.c:666:34:666:37 | openssl_signature.c:666:34:666:37 | +| openssl_signature.c:692:37:692:67 | Constant | Description | testEVP_DigestSignAPI message | openssl_signature.c:692:37:692:67 | openssl_signature.c:692:37:692:67 | +| openssl_signature.c:693:24:693:33 | HashAlgorithm | DigestSize | 224 | openssl_signature.c:693:24:693:33 | openssl_signature.c:693:24:693:33 | +| openssl_signature.c:693:24:693:33 | HashAlgorithm | Name | SHA2 | openssl_signature.c:693:24:693:33 | openssl_signature.c:693:24:693:33 | +| openssl_signature.c:693:24:693:33 | HashAlgorithm | RawName | EVP_sha224 | openssl_signature.c:693:24:693:33 | openssl_signature.c:693:24:693:33 | +| openssl_signature.c:702:35:702:46 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:702:35:702:46 | openssl_signature.c:702:35:702:46 | +| openssl_signature.c:702:35:702:46 | KeyOperationAlgorithm | RawName | 6 | openssl_signature.c:702:35:702:46 | openssl_signature.c:702:35:702:46 | +| openssl_signature.c:706:51:706:54 | Constant | Description | 2048 | openssl_signature.c:706:51:706:54 | openssl_signature.c:706:51:706:54 | +| openssl_signature.c:707:34:707:37 | Key | KeyType | Asymmetric | openssl_signature.c:707:34:707:37 | openssl_signature.c:707:34:707:37 | +| openssl_signature.c:732:37:732:66 | Constant | Description | testEVP_PKEY_signAPI message | openssl_signature.c:732:37:732:66 | openssl_signature.c:732:37:732:66 | +| openssl_signature.c:733:24:733:31 | HashAlgorithm | DigestSize | 160 | openssl_signature.c:733:24:733:31 | openssl_signature.c:733:24:733:31 | +| openssl_signature.c:733:24:733:31 | HashAlgorithm | Name | SHA1 | openssl_signature.c:733:24:733:31 | openssl_signature.c:733:24:733:31 | +| openssl_signature.c:733:24:733:31 | HashAlgorithm | RawName | EVP_sha1 | openssl_signature.c:733:24:733:31 | openssl_signature.c:733:24:733:31 | +| openssl_signature.c:746:35:746:46 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:746:35:746:46 | openssl_signature.c:746:35:746:46 | +| openssl_signature.c:746:35:746:46 | KeyOperationAlgorithm | RawName | 6 | openssl_signature.c:746:35:746:46 | openssl_signature.c:746:35:746:46 | +| openssl_signature.c:750:51:750:54 | Constant | Description | 2048 | openssl_signature.c:750:51:750:54 | openssl_signature.c:750:51:750:54 | +| openssl_signature.c:751:34:751:37 | Key | KeyType | Asymmetric | openssl_signature.c:751:34:751:37 | openssl_signature.c:751:34:751:37 | +| openssl_signature.c:777:37:777:73 | Constant | Description | testEVP_DigestSign_with_ctx message | openssl_signature.c:777:37:777:73 | openssl_signature.c:777:37:777:73 | +| openssl_signature.c:778:24:778:31 | HashAlgorithm | DigestSize | 160 | openssl_signature.c:778:24:778:31 | openssl_signature.c:778:24:778:31 | +| openssl_signature.c:778:24:778:31 | HashAlgorithm | Name | SHA1 | openssl_signature.c:778:24:778:31 | openssl_signature.c:778:24:778:31 | +| openssl_signature.c:778:24:778:31 | HashAlgorithm | RawName | EVP_sha1 | openssl_signature.c:778:24:778:31 | openssl_signature.c:778:24:778:31 | +| openssl_signature.c:786:35:786:46 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:786:35:786:46 | openssl_signature.c:786:35:786:46 | +| openssl_signature.c:786:35:786:46 | KeyOperationAlgorithm | RawName | 6 | openssl_signature.c:786:35:786:46 | openssl_signature.c:786:35:786:46 | +| openssl_signature.c:790:51:790:54 | Constant | Description | 2048 | openssl_signature.c:790:51:790:54 | openssl_signature.c:790:51:790:54 | +| openssl_signature.c:791:34:791:37 | Key | KeyType | Asymmetric | openssl_signature.c:791:34:791:37 | openssl_signature.c:791:34:791:37 | +| openssl_signature.c:817:37:817:63 | Constant | Description | testEVP_PKEY_sign_message | openssl_signature.c:817:37:817:63 | openssl_signature.c:817:37:817:63 | +| openssl_signature.c:824:35:824:46 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:824:35:824:46 | openssl_signature.c:824:35:824:46 | +| openssl_signature.c:824:35:824:46 | KeyOperationAlgorithm | RawName | 6 | openssl_signature.c:824:35:824:46 | openssl_signature.c:824:35:824:46 | +| openssl_signature.c:828:51:828:54 | Constant | Description | 2048 | openssl_signature.c:828:51:828:54 | openssl_signature.c:828:51:828:54 | +| openssl_signature.c:829:34:829:37 | Key | KeyType | Asymmetric | openssl_signature.c:829:34:829:37 | openssl_signature.c:829:34:829:37 | +| openssl_signature.c:838:85:838:96 | HashAlgorithm | DigestSize | 256 | openssl_signature.c:838:85:838:96 | openssl_signature.c:838:85:838:96 | +| openssl_signature.c:838:85:838:96 | HashAlgorithm | Name | SHA2 | openssl_signature.c:838:85:838:96 | openssl_signature.c:838:85:838:96 | +| openssl_signature.c:838:85:838:96 | HashAlgorithm | RawName | RSA-SHA256 | openssl_signature.c:838:85:838:96 | openssl_signature.c:838:85:838:96 | +| openssl_signature.c:838:85:838:96 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:838:85:838:96 | openssl_signature.c:838:85:838:96 | +| openssl_signature.c:838:85:838:96 | KeyOperationAlgorithm | RawName | RSA-SHA256 | openssl_signature.c:838:85:838:96 | openssl_signature.c:838:85:838:96 | +| openssl_signature.c:839:87:839:98 | HashAlgorithm | DigestSize | 256 | openssl_signature.c:839:87:839:98 | openssl_signature.c:839:87:839:98 | +| openssl_signature.c:839:87:839:98 | HashAlgorithm | Name | SHA2 | openssl_signature.c:839:87:839:98 | openssl_signature.c:839:87:839:98 | +| openssl_signature.c:839:87:839:98 | HashAlgorithm | RawName | RSA-SHA256 | openssl_signature.c:839:87:839:98 | openssl_signature.c:839:87:839:98 | +| openssl_signature.c:839:87:839:98 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:839:87:839:98 | openssl_signature.c:839:87:839:98 | +| openssl_signature.c:839:87:839:98 | KeyOperationAlgorithm | RawName | RSA-SHA256 | openssl_signature.c:839:87:839:98 | openssl_signature.c:839:87:839:98 | diff --git a/cpp/ql/test/experimental/library-tests/quantum/nodes.expected b/cpp/ql/test/experimental/library-tests/quantum/nodes.expected index 223f7bfca6c..62877e56182 100644 --- a/cpp/ql/test/experimental/library-tests/quantum/nodes.expected +++ b/cpp/ql/test/experimental/library-tests/quantum/nodes.expected @@ -24,17 +24,29 @@ | openssl_basic.c:144:67:144:73 | HashAlgorithm | | openssl_basic.c:155:22:155:41 | Key | | openssl_basic.c:155:22:155:41 | KeyGeneration | -| openssl_basic.c:155:43:155:55 | MACAlgorithm | +| openssl_basic.c:155:43:155:55 | HMACAlgorithm | | openssl_basic.c:155:64:155:66 | Key | | openssl_basic.c:160:39:160:48 | HashAlgorithm | | openssl_basic.c:160:59:160:62 | Key | | openssl_basic.c:163:35:163:41 | Message | -| openssl_basic.c:167:9:167:27 | SignOperation | +| openssl_basic.c:167:9:167:27 | SignatureOrMACOperation | | openssl_basic.c:167:34:167:36 | SignatureOutput | | openssl_basic.c:179:43:179:76 | Constant | | openssl_basic.c:180:42:180:59 | Constant | | openssl_basic.c:181:49:181:87 | Constant | | openssl_basic.c:218:32:218:33 | Constant | +| openssl_basic.c:231:27:231:49 | Constant | +| openssl_basic.c:235:51:235:55 | KeyOperationAlgorithm | +| openssl_basic.c:237:54:237:57 | Constant | +| openssl_basic.c:238:9:238:25 | KeyGeneration | +| openssl_basic.c:238:39:238:43 | Key | +| openssl_basic.c:243:52:243:55 | Key | +| openssl_basic.c:249:51:249:72 | PaddingAlgorithm | +| openssl_basic.c:250:51:250:60 | HashAlgorithm | +| openssl_basic.c:251:51:251:60 | HashAlgorithm | +| openssl_basic.c:262:24:262:39 | EncryptOperation | +| openssl_basic.c:262:54:262:63 | KeyOperationOutput | +| openssl_basic.c:263:64:263:70 | Message | | openssl_pkey.c:21:10:21:28 | KeyGeneration | | openssl_pkey.c:21:10:21:28 | KeyOperationAlgorithm | | openssl_pkey.c:21:30:21:32 | Key | @@ -47,54 +59,121 @@ | openssl_pkey.c:64:9:64:24 | EncryptOperation | | openssl_pkey.c:64:31:64:39 | KeyOperationOutput | | openssl_pkey.c:64:58:64:66 | Message | -| openssl_signature.c:22:34:22:40 | Message | -| openssl_signature.c:23:9:23:26 | HashOperation | -| openssl_signature.c:23:36:23:41 | Digest | -| openssl_signature.c:70:32:70:38 | Message | -| openssl_signature.c:75:28:75:36 | Message | -| openssl_signature.c:80:9:80:21 | SignOperation | -| openssl_signature.c:80:31:80:40 | SignatureOutput | -| openssl_signature.c:80:53:80:56 | Key | -| openssl_signature.c:133:52:133:55 | Key | -| openssl_signature.c:134:38:134:44 | Message | -| openssl_signature.c:135:9:135:27 | SignOperation | -| openssl_signature.c:135:37:135:40 | SignatureOutput | -| openssl_signature.c:142:9:142:27 | SignOperation | -| openssl_signature.c:142:37:142:46 | SignatureOutput | -| openssl_signature.c:190:57:190:60 | Key | -| openssl_signature.c:196:38:196:44 | Message | -| openssl_signature.c:197:9:197:27 | SignOperation | -| openssl_signature.c:197:37:197:40 | SignatureOutput | -| openssl_signature.c:204:9:204:27 | SignOperation | -| openssl_signature.c:204:37:204:46 | SignatureOutput | -| openssl_signature.c:260:39:260:42 | Key | -| openssl_signature.c:263:9:263:21 | SignOperation | -| openssl_signature.c:263:33:263:36 | SignatureOutput | -| openssl_signature.c:263:54:263:59 | Message | -| openssl_signature.c:270:9:270:21 | SignOperation | -| openssl_signature.c:270:33:270:42 | SignatureOutput | -| openssl_signature.c:270:60:270:65 | Message | -| openssl_signature.c:321:39:321:42 | Key | -| openssl_signature.c:326:48:326:54 | Message | -| openssl_signature.c:327:9:327:35 | SignOperation | -| openssl_signature.c:327:47:327:50 | SignatureOutput | -| openssl_signature.c:334:9:334:35 | SignOperation | -| openssl_signature.c:334:47:334:56 | SignatureOutput | -| openssl_signature.c:521:46:521:66 | PaddingAlgorithm | -| openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | -| openssl_signature.c:547:51:547:54 | Constant | -| openssl_signature.c:548:9:548:23 | KeyGeneration | -| openssl_signature.c:548:34:548:37 | Key | -| openssl_signature.c:565:50:565:54 | KeyOperationAlgorithm | -| openssl_signature.c:569:55:569:58 | Constant | -| openssl_signature.c:575:32:575:37 | Key | -| openssl_signature.c:578:9:578:23 | KeyGeneration | -| openssl_signature.c:578:34:578:37 | Key | -| openssl_signature.c:602:37:602:77 | Constant | -| openssl_signature.c:684:24:684:33 | HashAlgorithm | -| openssl_signature.c:685:37:685:77 | Constant | -| openssl_signature.c:702:60:702:71 | HashAlgorithm | -| openssl_signature.c:702:60:702:71 | KeyOperationAlgorithm | -| openssl_signature.c:740:24:740:33 | HashAlgorithm | -| openssl_signature.c:741:37:741:77 | Constant | -| openssl_signature.c:758:60:758:64 | KeyOperationAlgorithm | +| openssl_signature.c:25:34:25:40 | Message | +| openssl_signature.c:26:9:26:26 | HashOperation | +| openssl_signature.c:26:36:26:41 | Digest | +| openssl_signature.c:63:32:63:38 | Message | +| openssl_signature.c:68:28:68:36 | Message | +| openssl_signature.c:73:9:73:21 | SignOperation | +| openssl_signature.c:73:31:73:40 | SignatureOutput | +| openssl_signature.c:73:53:73:56 | Key | +| openssl_signature.c:98:34:98:40 | Message | +| openssl_signature.c:99:34:99:42 | Message | +| openssl_signature.c:100:9:100:23 | VerifyOperation | +| openssl_signature.c:100:33:100:41 | SignatureInput | +| openssl_signature.c:100:73:100:76 | Key | +| openssl_signature.c:126:52:126:55 | Key | +| openssl_signature.c:127:38:127:44 | Message | +| openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | +| openssl_signature.c:135:37:135:46 | SignatureOutput | +| openssl_signature.c:158:54:158:57 | Key | +| openssl_signature.c:159:40:159:46 | Message | +| openssl_signature.c:160:9:160:29 | VerifyOperation | +| openssl_signature.c:160:39:160:47 | SignatureInput | +| openssl_signature.c:182:57:182:60 | Key | +| openssl_signature.c:185:44:185:64 | PaddingAlgorithm | +| openssl_signature.c:187:38:187:44 | Message | +| openssl_signature.c:195:9:195:27 | SignatureOrMACOperation | +| openssl_signature.c:195:37:195:46 | SignatureOutput | +| openssl_signature.c:218:59:218:62 | Key | +| openssl_signature.c:222:44:222:64 | PaddingAlgorithm | +| openssl_signature.c:224:40:224:46 | Message | +| openssl_signature.c:225:9:225:29 | VerifyOperation | +| openssl_signature.c:225:39:225:47 | SignatureInput | +| openssl_signature.c:250:39:250:42 | Key | +| openssl_signature.c:260:9:260:21 | SignOperation | +| openssl_signature.c:260:33:260:42 | SignatureOutput | +| openssl_signature.c:260:60:260:65 | Message | +| openssl_signature.c:282:39:282:42 | Key | +| openssl_signature.c:285:9:285:23 | VerifyOperation | +| openssl_signature.c:285:35:285:43 | SignatureInput | +| openssl_signature.c:285:61:285:66 | Message | +| openssl_signature.c:311:39:311:42 | Key | +| openssl_signature.c:316:48:316:54 | Message | +| openssl_signature.c:324:9:324:35 | SignOperation | +| openssl_signature.c:324:47:324:56 | SignatureOutput | +| openssl_signature.c:347:39:347:42 | Key | +| openssl_signature.c:353:42:353:50 | SignatureInput | +| openssl_signature.c:355:50:355:56 | Message | +| openssl_signature.c:356:9:356:37 | VerifyOperation | +| openssl_signature.c:384:9:384:16 | KeyOperationAlgorithm | +| openssl_signature.c:384:9:384:16 | SignOperation | +| openssl_signature.c:384:28:384:34 | Message | +| openssl_signature.c:384:50:384:59 | SignatureOutput | +| openssl_signature.c:385:48:385:54 | Key | +| openssl_signature.c:403:12:403:21 | KeyOperationAlgorithm | +| openssl_signature.c:403:12:403:21 | VerifyOperation | +| openssl_signature.c:403:33:403:39 | Message | +| openssl_signature.c:403:55:403:63 | SignatureInput | +| openssl_signature.c:404:51:404:57 | Key | +| openssl_signature.c:428:11:428:21 | KeyOperationAlgorithm | +| openssl_signature.c:428:11:428:21 | SignOperation | +| openssl_signature.c:428:11:428:21 | SignatureOutput | +| openssl_signature.c:428:23:428:28 | Message | +| openssl_signature.c:428:43:428:49 | Key | +| openssl_signature.c:484:15:484:27 | KeyOperationAlgorithm | +| openssl_signature.c:484:15:484:27 | VerifyOperation | +| openssl_signature.c:484:29:484:34 | Message | +| openssl_signature.c:484:49:484:51 | SignatureInput | +| openssl_signature.c:484:54:484:60 | Key | +| openssl_signature.c:511:35:511:46 | KeyOperationAlgorithm | +| openssl_signature.c:515:51:515:54 | Constant | +| openssl_signature.c:516:9:516:23 | KeyGeneration | +| openssl_signature.c:516:34:516:37 | Key | +| openssl_signature.c:533:50:533:54 | KeyOperationAlgorithm | +| openssl_signature.c:537:55:537:58 | Constant | +| openssl_signature.c:543:32:543:37 | Key | +| openssl_signature.c:546:9:546:23 | KeyGeneration | +| openssl_signature.c:546:34:546:37 | Key | +| openssl_signature.c:566:37:566:74 | Constant | +| openssl_signature.c:574:35:574:46 | KeyOperationAlgorithm | +| openssl_signature.c:578:51:578:54 | Constant | +| openssl_signature.c:579:9:579:23 | KeyGeneration | +| openssl_signature.c:579:34:579:37 | Key | +| openssl_signature.c:595:37:595:46 | HashAlgorithm | +| openssl_signature.c:597:41:597:50 | HashAlgorithm | +| openssl_signature.c:615:37:615:74 | Constant | +| openssl_signature.c:616:24:616:33 | HashAlgorithm | +| openssl_signature.c:651:37:651:61 | Constant | +| openssl_signature.c:652:24:652:33 | HashAlgorithm | +| openssl_signature.c:661:35:661:46 | KeyOperationAlgorithm | +| openssl_signature.c:665:51:665:54 | Constant | +| openssl_signature.c:666:9:666:23 | KeyGeneration | +| openssl_signature.c:666:34:666:37 | Key | +| openssl_signature.c:692:37:692:67 | Constant | +| openssl_signature.c:693:24:693:33 | HashAlgorithm | +| openssl_signature.c:702:35:702:46 | KeyOperationAlgorithm | +| openssl_signature.c:706:51:706:54 | Constant | +| openssl_signature.c:707:9:707:23 | KeyGeneration | +| openssl_signature.c:707:34:707:37 | Key | +| openssl_signature.c:732:37:732:66 | Constant | +| openssl_signature.c:733:24:733:31 | HashAlgorithm | +| openssl_signature.c:746:35:746:46 | KeyOperationAlgorithm | +| openssl_signature.c:750:51:750:54 | Constant | +| openssl_signature.c:751:9:751:23 | KeyGeneration | +| openssl_signature.c:751:34:751:37 | Key | +| openssl_signature.c:777:37:777:73 | Constant | +| openssl_signature.c:778:24:778:31 | HashAlgorithm | +| openssl_signature.c:786:35:786:46 | KeyOperationAlgorithm | +| openssl_signature.c:790:51:790:54 | Constant | +| openssl_signature.c:791:9:791:23 | KeyGeneration | +| openssl_signature.c:791:34:791:37 | Key | +| openssl_signature.c:817:37:817:63 | Constant | +| openssl_signature.c:824:35:824:46 | KeyOperationAlgorithm | +| openssl_signature.c:828:51:828:54 | Constant | +| openssl_signature.c:829:9:829:23 | KeyGeneration | +| openssl_signature.c:829:34:829:37 | Key | +| openssl_signature.c:838:85:838:96 | HashAlgorithm | +| openssl_signature.c:838:85:838:96 | KeyOperationAlgorithm | +| openssl_signature.c:839:87:839:98 | HashAlgorithm | +| openssl_signature.c:839:87:839:98 | KeyOperationAlgorithm | diff --git a/cpp/ql/test/experimental/library-tests/quantum/openssl_basic.c b/cpp/ql/test/experimental/library-tests/quantum/openssl_basic.c index f1ffbfa24d3..04504070ddd 100644 --- a/cpp/ql/test/experimental/library-tests/quantum/openssl_basic.c +++ b/cpp/ql/test/experimental/library-tests/quantum/openssl_basic.c @@ -1,7 +1,7 @@ #include "openssl/evp.h" #include "openssl/obj_mac.h" #include "openssl/rand.h" - +#include "openssl/rsa.h" size_t strlen(const char* str); // Sample OpenSSL code that demonstrates various cryptographic operations @@ -218,4 +218,58 @@ int test_main() { calculate_hmac_sha256(key, 32, plaintext, plaintext_len, hmac); return 0; -} \ No newline at end of file +} + +/** + * Simplified signature test + */ +int test_rsa_oaep_basic(void) { + EVP_PKEY_CTX *keygen_ctx = NULL, *encrypt_ctx = NULL; + EVP_PKEY *pkey = NULL; + unsigned char *ciphertext = NULL; + size_t ciphertext_len = 0; + const char *message = "Encrypt me with OAEP!"; + int ret = 1; + + // Generate RSA key + keygen_ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL); + if (!keygen_ctx || EVP_PKEY_keygen_init(keygen_ctx) <= 0 || + EVP_PKEY_CTX_set_rsa_keygen_bits(keygen_ctx, 2048) <= 0 || + EVP_PKEY_generate(keygen_ctx, &pkey) <= 0) { + goto cleanup; + } + + // Create encryption context + encrypt_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pkey, NULL); + if (!encrypt_ctx || EVP_PKEY_encrypt_init(encrypt_ctx) <= 0) { + goto cleanup; + } + + // Set OAEP padding + if (EVP_PKEY_CTX_set_rsa_padding(encrypt_ctx, RSA_PKCS1_OAEP_PADDING) <= 0 || + EVP_PKEY_CTX_set_rsa_oaep_md(encrypt_ctx, EVP_sha256()) <= 0 || + EVP_PKEY_CTX_set_rsa_mgf1_md(encrypt_ctx, EVP_sha256()) <= 0) { + goto cleanup; + } + + // Determine buffer size + if (EVP_PKEY_encrypt(encrypt_ctx, NULL, &ciphertext_len, + (const unsigned char *)message, strlen(message)) <= 0) { + goto cleanup; + } + + ciphertext = OPENSSL_malloc(ciphertext_len); + if (!ciphertext || EVP_PKEY_encrypt(encrypt_ctx, ciphertext, &ciphertext_len, + (const unsigned char *)message, strlen(message)) <= 0) { + goto cleanup; + } + + ret = 0; + +cleanup: + EVP_PKEY_CTX_free(keygen_ctx); + EVP_PKEY_CTX_free(encrypt_ctx); + EVP_PKEY_free(pkey); + OPENSSL_free(ciphertext); + return ret; +} \ No newline at end of file diff --git a/cpp/ql/test/experimental/library-tests/quantum/openssl_signature.c b/cpp/ql/test/experimental/library-tests/quantum/openssl_signature.c index f8be7441642..6d72c5366dd 100644 --- a/cpp/ql/test/experimental/library-tests/quantum/openssl_signature.c +++ b/cpp/ql/test/experimental/library-tests/quantum/openssl_signature.c @@ -4,6 +4,9 @@ #include #include + + + /* ============================================================================= * UTILITY FUNCTIONS - Common operations shared across signature APIs * ============================================================================= @@ -38,16 +41,6 @@ static unsigned char* allocate_signature_buffer(size_t *sig_len, const EVP_PKEY return OPENSSL_malloc(*sig_len); } -/** - * Helper to extract key from EVP_PKEY - */ -static RSA* get_rsa_from_pkey(EVP_PKEY *pkey) { - return EVP_PKEY_get1_RSA(pkey); -} - -static DSA* get_dsa_from_pkey(EVP_PKEY *pkey) { - return EVP_PKEY_get1_DSA(pkey); -} /* ============================================================================= * EVP_SIGN/VERIFY API - Legacy high-level API (older, simpler) @@ -180,8 +173,7 @@ cleanup: */ int sign_using_digestsign_with_ctx(const unsigned char *message, size_t message_len, unsigned char **signature, size_t *signature_len, - EVP_PKEY *pkey, const EVP_MD *md, - int (*param_setter)(EVP_PKEY_CTX *ctx)) { + EVP_PKEY *pkey, const EVP_MD *md) { EVP_MD_CTX *md_ctx = NULL; EVP_PKEY_CTX *pkey_ctx = NULL; int ret = 0; @@ -190,8 +182,7 @@ int sign_using_digestsign_with_ctx(const unsigned char *message, size_t message_ EVP_DigestSignInit(md_ctx, &pkey_ctx, md, NULL, pkey) != 1) { goto cleanup; } - - if (param_setter && param_setter(pkey_ctx) != 1) goto cleanup; + EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING); if (EVP_DigestSignUpdate(md_ctx, message, message_len) != 1 || EVP_DigestSignFinal(md_ctx, NULL, signature_len) != 1) { @@ -218,8 +209,7 @@ cleanup: */ int verify_using_digestverify_with_ctx(const unsigned char *message, size_t message_len, const unsigned char *signature, size_t signature_len, - EVP_PKEY *pkey, const EVP_MD *md, - int (*param_setter)(EVP_PKEY_CTX *ctx)) { + EVP_PKEY *pkey, const EVP_MD *md) { EVP_MD_CTX *md_ctx = NULL; EVP_PKEY_CTX *pkey_ctx = NULL; int ret = 0; @@ -228,9 +218,9 @@ int verify_using_digestverify_with_ctx(const unsigned char *message, size_t mess EVP_DigestVerifyInit(md_ctx, &pkey_ctx, md, NULL, pkey) != 1) { goto cleanup; } - - if (param_setter && param_setter(pkey_ctx) != 1) goto cleanup; - + + EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING); + if (EVP_DigestVerifyUpdate(md_ctx, message, message_len) != 1 || EVP_DigestVerifyFinal(md_ctx, signature, signature_len) != 1) { goto cleanup; @@ -313,7 +303,7 @@ cleanup: */ int sign_using_evp_pkey_sign_message(const unsigned char *message, size_t message_len, unsigned char **signature, size_t *signature_len, - EVP_PKEY *pkey, const EVP_MD *md, const char *alg_name) { + EVP_PKEY *pkey, const char *alg_name) { EVP_PKEY_CTX *pkey_ctx = NULL; EVP_SIGNATURE *alg = NULL; int ret = 0; @@ -349,7 +339,7 @@ cleanup: */ int verify_using_evp_pkey_verify_message(const unsigned char *message, size_t message_len, const unsigned char *signature, size_t signature_len, - EVP_PKEY *pkey, const EVP_MD *md, const char *alg_name) { + EVP_PKEY *pkey, const char *alg_name) { EVP_PKEY_CTX *pkey_ctx = NULL; EVP_SIGNATURE *alg = NULL; int ret = 0; @@ -373,10 +363,10 @@ cleanup: return ret; } -/* ============================================================================= - * LOW-LEVEL RSA API - Algorithm-specific functions (deprecated) - * ============================================================================= - */ +// /* ============================================================================= +// * LOW-LEVEL RSA API - Algorithm-specific functions (deprecated) +// * ============================================================================= +// */ /** * Sign using low-level RSA_sign API (deprecated, RSA-only) @@ -384,18 +374,14 @@ cleanup: */ int sign_using_rsa_sign(const unsigned char *message, size_t message_len, unsigned char **signature, size_t *signature_len, - RSA *rsa_key, int hash_nid, const EVP_MD *md) { - unsigned char digest[EVP_MAX_MD_SIZE]; - unsigned int digest_len; + RSA *rsa_key, int hash_nid) { int ret = 0; - if (!create_digest(message, message_len, md, digest, &digest_len)) return 0; - *signature_len = RSA_size(rsa_key); *signature = OPENSSL_malloc(*signature_len); if (!*signature) return 0; - - if (RSA_sign(hash_nid, digest, digest_len, *signature, + + if (RSA_sign(hash_nid, message, message_len, *signature, (unsigned int*)signature_len, rsa_key) == 1) { ret = 1; } else { @@ -412,20 +398,16 @@ int sign_using_rsa_sign(const unsigned char *message, size_t message_len, */ int verify_using_rsa_verify(const unsigned char *message, size_t message_len, const unsigned char *signature, size_t signature_len, - RSA *rsa_key, int hash_nid, const EVP_MD *md) { - unsigned char digest[EVP_MAX_MD_SIZE]; - unsigned int digest_len; - - if (!create_digest(message, message_len, md, digest, &digest_len)) return 0; - - return RSA_verify(hash_nid, digest, digest_len, signature, + RSA *rsa_key, int hash_nid) { + + return RSA_verify(hash_nid, message, message_len, signature, (unsigned int)signature_len, rsa_key); } -/* ============================================================================= - * LOW-LEVEL DSA API - Algorithm-specific functions (deprecated) - * ============================================================================= - */ +// /* ============================================================================= +// * LOW-LEVEL DSA API - Algorithm-specific functions (deprecated) +// * ============================================================================= +// */ /** * Sign using low-level DSA_do_sign API (deprecated, DSA-only) @@ -514,20 +496,6 @@ cleanup: * ============================================================================= */ -/** - * Set RSA PSS padding mode - */ -int set_rsa_pss_padding(EVP_PKEY_CTX *ctx) { - return EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PSS_PADDING); -} - -/** - * No-op parameter setter for default behavior - */ -int no_parameter_setter(EVP_PKEY_CTX *ctx) { - return 1; -} - /* ============================================================================= * KEY GENERATION HELPERS * ============================================================================= @@ -592,228 +560,289 @@ cleanup: * ============================================================================= */ -/** - * Test all signature APIs with a given key and algorithm - * Demonstrates the 6 different signature API approaches - */ -int test_signature_apis(EVP_PKEY *key, const EVP_MD *md, - int (*param_setter)(EVP_PKEY_CTX *ctx), - const char *algo_name) { - const unsigned char message[] = "Test message for OpenSSL signature APIs"; +int testLowLevelRSASignAndVerify(){ + EVP_PKEY *key = NULL; + RSA *rsa_key = NULL; + const unsigned char message[] = "testLowLevelRSASignAndVerify message"; + const size_t message_len = strlen((char *)message); + unsigned char *sig = NULL; + size_t sig_len = 0; + int success = 1; + EVP_PKEY_CTX *key_ctx = NULL; + + + key_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL); + if (!key_ctx) return NULL; + + if (EVP_PKEY_keygen_init(key_ctx) <= 0 || + EVP_PKEY_CTX_set_rsa_keygen_bits(key_ctx, 2048) <= 0 || + EVP_PKEY_keygen(key_ctx, &key) <= 0) { + EVP_PKEY_free(key); + key = NULL; + } + + EVP_PKEY_CTX_free(key_ctx); + if (!key) return 0; + + rsa_key = EVP_PKEY_get1_RSA(key); + + if (!rsa_key) { + EVP_PKEY_free(key); + success = 0; + } + + if (sign_using_rsa_sign(message, message_len, &sig, &sig_len, + rsa_key, NID_sha256) && + verify_using_rsa_verify(message, message_len, sig, sig_len, + rsa_key, NID_sha256)) { + printf("PASS\n"); + } else { + printf("FAIL\n"); + success = 0; + } + + /* Cleanup */ + OPENSSL_free(sig); + EVP_PKEY_free(key); + + return success; +} + + +int testLowLevelDSASignAndVerify(){ + EVP_PKEY *key = NULL; + DSA *dsa_key = NULL; + const unsigned char message[] = "testLowLevelDSASignAndVerify message"; + const EVP_MD *md = EVP_sha256(); + int success = 1; + + EVP_PKEY_CTX *param_ctx = NULL, *key_ctx = NULL; + EVP_PKEY *params = NULL; + + const size_t message_len = strlen((char *)message); + unsigned char *sig = NULL; + size_t sig_len = 0; + + key = generate_dsa_key(); + dsa_key = EVP_PKEY_get1_DSA(key); + + if (!dsa_key) { + EVP_PKEY_free(key); + success = 0; + } + + if (sign_using_dsa_sign(message, message_len, &sig, &sig_len, dsa_key, md) && + verify_using_dsa_verify(message, message_len, sig, sig_len, dsa_key, md)) { + printf("PASS\n"); + } else { + printf("FAIL\n"); + success = 0; + } + + /* Cleanup */ + OPENSSL_free(sig); + EVP_PKEY_free(key); + + return success; +} + +int testEVP_SignAPI(){ + EVP_PKEY *key = NULL; + const unsigned char message[] = "testEVP_SignAPI message"; + const EVP_MD *md = EVP_sha224(); + + const size_t message_len = strlen((char *)message); + + unsigned char *sig = NULL; + size_t sig_len = 0; + int success = 1; + EVP_PKEY_CTX *key_ctx = NULL; + + key_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL); + if (!key_ctx) return NULL; + + if (EVP_PKEY_keygen_init(key_ctx) <= 0 || + EVP_PKEY_CTX_set_rsa_keygen_bits(key_ctx, 2048) <= 0 || + EVP_PKEY_keygen(key_ctx, &key) <= 0) { + EVP_PKEY_free(key); + key = NULL; + } + + EVP_PKEY_CTX_free(key_ctx); + if (!key) return 0; + + + /* Test 1: EVP_Sign API */ + printf("1. EVP_Sign API: "); + if (sign_using_evp_sign(message, message_len, &sig, &sig_len, key, md) && + verify_using_evp_verify(message, message_len, sig, sig_len, key, md)) { + printf("PASS\n"); + } else { + printf("FAIL\n"); + success = 0; + } + OPENSSL_free(sig); + EVP_PKEY_free(key); + return success; +} + + +int testEVP_DigestSignAPI(){ + EVP_PKEY *key = NULL; + const unsigned char message[] = "testEVP_DigestSignAPI message"; + const EVP_MD *md = EVP_sha224(); + const size_t message_len = strlen((char *)message); - unsigned char *sig1 = NULL, *sig2 = NULL, *sig3 = NULL, - *sig4 = NULL, *sig6 = NULL; - size_t sig_len1 = 0, sig_len2 = 0, sig_len3 = 0, sig_len4 = 0, sig_len6 = 0; - - unsigned char digest[EVP_MAX_MD_SIZE]; - unsigned int digest_len; + unsigned char *sig = NULL; + size_t sig_len = 0; int success = 1; + EVP_PKEY_CTX *key_ctx = NULL; + + key_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL); + if (!key_ctx) return NULL; - printf("\nTesting signature APIs with %s:\n", algo_name); - - /* Test 1: EVP_Sign API */ - printf("1. EVP_Sign API: "); - if (sign_using_evp_sign(message, message_len, &sig1, &sig_len1, key, md) && - verify_using_evp_verify(message, message_len, sig1, sig_len1, key, md)) { - printf("PASS\n"); - } else { - printf("FAIL\n"); - success = 0; + if (EVP_PKEY_keygen_init(key_ctx) <= 0 || + EVP_PKEY_CTX_set_rsa_keygen_bits(key_ctx, 2048) <= 0 || + EVP_PKEY_keygen(key_ctx, &key) <= 0) { + EVP_PKEY_free(key); + key = NULL; } + EVP_PKEY_CTX_free(key_ctx); + if (!key) return 0; + + /* Test 2: EVP_DigestSign API */ printf("2. EVP_DigestSign API: "); - if (sign_using_evp_digestsign(message, message_len, &sig2, &sig_len2, key, md) && - verify_using_evp_digestverify(message, message_len, sig2, sig_len2, key, md)) { + if (sign_using_evp_digestsign(message, message_len, &sig, &sig_len, key, md) && + verify_using_evp_digestverify(message, message_len, sig, sig_len, key, md)) { printf("PASS\n"); } else { printf("FAIL\n"); success = 0; } + OPENSSL_free(sig); + EVP_PKEY_free(key); + return success; +} + +int testEVP_PKEY_signAPI(){ + EVP_PKEY *key = NULL; + const unsigned char message[] = "testEVP_PKEY_signAPI message"; + const EVP_MD *md = EVP_sha1(); + + const size_t message_len = strlen((char *)message); + unsigned char *sig = NULL; + size_t sig_len = 0; + int success = 1; + + EVP_PKEY_CTX *key_ctx = NULL; + + unsigned char digest[EVP_MAX_MD_SIZE]; + unsigned int digest_len; + + key_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL); + if (!key_ctx) return NULL; + + if (EVP_PKEY_keygen_init(key_ctx) <= 0 || + EVP_PKEY_CTX_set_rsa_keygen_bits(key_ctx, 2048) <= 0 || + EVP_PKEY_keygen(key_ctx, &key) <= 0) { + EVP_PKEY_free(key); + key = NULL; + } + + EVP_PKEY_CTX_free(key_ctx); + if (!key) return 0; + /* Test 3: EVP_PKEY_sign API (requires pre-hashed input) */ printf("3. EVP_PKEY_sign API: "); if (create_digest(message, message_len, md, digest, &digest_len) && - sign_using_evp_pkey_sign(digest, digest_len, &sig3, &sig_len3, key, md) && - verify_using_evp_pkey_verify(digest, digest_len, sig3, sig_len3, key, md)) { + sign_using_evp_pkey_sign(digest, digest_len, &sig, &sig_len, key, md) && + verify_using_evp_pkey_verify(digest, digest_len, sig, sig_len, key, md)) { printf("PASS\n"); } else { printf("FAIL\n"); success = 0; } + + OPENSSL_free(sig); + EVP_PKEY_free(key); + return success; +} + +int testEVP_DigestSign_with_ctx(void) { + EVP_PKEY *key = NULL; + const unsigned char message[] = "testEVP_DigestSign_with_ctx message"; + const EVP_MD *md = EVP_sha1(); + + const size_t message_len = strlen((char *)message); + unsigned char *sig = NULL; + size_t sig_len = 0; + int success = 1; + EVP_PKEY_CTX *key_ctx = NULL; + + key_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL); + if (!key_ctx) return NULL; + if (EVP_PKEY_keygen_init(key_ctx) <= 0 || + EVP_PKEY_CTX_set_rsa_keygen_bits(key_ctx, 2048) <= 0 || + EVP_PKEY_keygen(key_ctx, &key) <= 0) { + EVP_PKEY_free(key); + key = NULL; + } + + EVP_PKEY_CTX_free(key_ctx); + if (!key) return 0; + /* Test 4: EVP_DigestSign with explicit PKEY_CTX */ printf("4. EVP_DigestSign with explicit PKEY_CTX: "); - if (sign_using_digestsign_with_ctx(message, message_len, &sig4, &sig_len4, - key, md, param_setter) && - verify_using_digestverify_with_ctx(message, message_len, sig4, sig_len4, - key, md, param_setter)) { + if (sign_using_digestsign_with_ctx(message, message_len, &sig, &sig_len, + key, md) && + verify_using_digestverify_with_ctx(message, message_len, sig, sig_len, + key, md)) { printf("PASS\n"); } else { printf("FAIL\n"); success = 0; } + OPENSSL_free(sig); + EVP_PKEY_free(key); + return success; +} + +int testEVP_PKEY_sign_message(void) { + EVP_PKEY *key = NULL; + const unsigned char message[] = "testEVP_PKEY_sign_message"; + const size_t message_len = strlen((char *)message); + unsigned char *sig = NULL; + size_t sig_len = 0; + int success = 1; + EVP_PKEY_CTX *key_ctx = NULL; + + key_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL); + if (!key_ctx) return NULL; - /* Test 6: EVP_PKEY_sign_message API */ + if (EVP_PKEY_keygen_init(key_ctx) <= 0 || + EVP_PKEY_CTX_set_rsa_keygen_bits(key_ctx, 2048) <= 0 || + EVP_PKEY_keygen(key_ctx, &key) <= 0) { + EVP_PKEY_free(key); + key = NULL; + } + + EVP_PKEY_CTX_free(key_ctx); + if (!key) return 0; + printf("6. EVP_PKEY_sign_message API: "); - if (sign_using_evp_pkey_sign_message(message, message_len, &sig6, &sig_len6, key, md, algo_name) && - verify_using_evp_pkey_verify_message(message, message_len, sig6, sig_len6, key, md, algo_name)) { + if (sign_using_evp_pkey_sign_message(message, message_len, &sig, &sig_len, key, "RSA-SHA256") && + verify_using_evp_pkey_verify_message(message, message_len, sig, sig_len, key, "RSA-SHA256")) { printf("PASS\n"); } else { printf("FAIL\n"); success = 0; } - - /* Cleanup */ - OPENSSL_free(sig1); - OPENSSL_free(sig2); - OPENSSL_free(sig3); - OPENSSL_free(sig4); - OPENSSL_free(sig6); - - return success; -} - -/** - * Test RSA-specific signature APIs including low-level RSA functions - */ -int test_signature_apis_rsa(void) { - EVP_PKEY *key = NULL; - RSA *rsa_key = NULL; - const EVP_MD *md = EVP_sha256(); - const unsigned char message[] = "Test message for OpenSSL signature APIs"; - const size_t message_len = strlen((char *)message); - unsigned char *sig5 = NULL; - size_t sig_len5 = 0; - int success = 1; - - printf("\nGenerating RSA key pair...\n"); - key = generate_rsa_key(); - if (!key) return 0; - - rsa_key = get_rsa_from_pkey(key); - if (!rsa_key) { - EVP_PKEY_free(key); - return 0; - } - - /* Test generic APIs */ - if (!test_signature_apis(key, md, set_rsa_pss_padding, "RSA-SHA256")) { - success = 0; - } - - /* Test 5: Low-level RSA API */ - printf("5. Low-level RSA API: "); - if (sign_using_rsa_sign(message, message_len, &sig5, &sig_len5, - rsa_key, NID_sha256, md) && - verify_using_rsa_verify(message, message_len, sig5, sig_len5, - rsa_key, NID_sha256, md)) { - printf("PASS\n"); - } else { - printf("FAIL\n"); - success = 0; - } - - printf("\nRSA API Summary:\n"); - printf("1. EVP_Sign API: Legacy, simple\n"); - printf("2. EVP_DigestSign API: Modern, recommended\n"); - printf("3. EVP_PKEY_sign API: Lower-level, pre-hashed input\n"); - printf("4. EVP_DigestSign with PKEY_CTX: Fine-grained control\n"); - printf("5. Low-level RSA API: Deprecated, algorithm-specific\n"); - printf("6. EVP_PKEY_sign_message API: Streamlined message signing\n"); - - /* Cleanup */ - OPENSSL_free(sig5); - RSA_free(rsa_key); + OPENSSL_free(sig); EVP_PKEY_free(key); - return success; -} - -/** - * Test DSA-specific signature APIs including low-level DSA functions - */ -int test_signature_apis_dsa(void) { - EVP_PKEY *key = NULL; - DSA *dsa_key = NULL; - const EVP_MD *md = EVP_sha256(); - const unsigned char message[] = "Test message for OpenSSL signature APIs"; - const size_t message_len = strlen((char *)message); - unsigned char *sig5 = NULL; - size_t sig_len5 = 0; - int success = 1; - - printf("\nGenerating DSA key pair...\n"); - key = generate_dsa_key(); - if (!key) return 0; - - dsa_key = get_dsa_from_pkey(key); - if (!dsa_key) { - EVP_PKEY_free(key); - return 0; - } - - /* Test generic APIs */ - if (!test_signature_apis(key, md, no_parameter_setter, "dsa")) { - success = 0; - } - - /* Test 5: Low-level DSA API */ - printf("5. Low-level DSA API: "); - if (sign_using_dsa_sign(message, message_len, &sig5, &sig_len5, dsa_key, md) && - verify_using_dsa_verify(message, message_len, sig5, sig_len5, dsa_key, md)) { - printf("PASS\n"); - } else { - printf("FAIL\n"); - success = 0; - } - - printf("\nDSA API Summary:\n"); - printf("1. EVP_Sign API: Legacy, simple\n"); - printf("2. EVP_DigestSign API: Modern, recommended\n"); - printf("3. EVP_PKEY_sign API: Lower-level, pre-hashed input\n"); - printf("4. EVP_DigestSign with PKEY_CTX: Fine-grained control\n"); - printf("5. Low-level DSA API: Deprecated, algorithm-specific\n"); - printf("6. EVP_PKEY_sign_message API: Streamlined message signing\n"); - - /* Cleanup */ - OPENSSL_free(sig5); - EVP_PKEY_free(key); - - return success; -} - -/* ============================================================================= - * MAIN FUNCTION - Entry point for testing all signature APIs - * ============================================================================= - */ - -// /** -// * Main function demonstrating all OpenSSL signature APIs -// * Tests both RSA and DSA algorithms with all 6 API approaches -// */ -// int main(void) { -// /* Initialize OpenSSL */ -// OpenSSL_add_all_algorithms(); -// ERR_load_crypto_strings(); - -// printf("=================================================================\n"); -// printf("OpenSSL Signature API Demonstration\n"); -// printf("=================================================================\n"); - -// printf("\n-------- TESTING RSA SIGNATURES --------\n"); -// int rsa_result = test_signature_apis_rsa(); - -// printf("\n-------- TESTING DSA SIGNATURES --------\n"); -// int dsa_result = test_signature_apis_dsa(); - -// printf("\n=================================================================\n"); -// if (rsa_result && dsa_result) { -// printf("All tests completed successfully.\n"); -// return 0; -// } else { -// printf("Some tests failed.\n"); -// return 1; -// } -// } \ No newline at end of file +} \ No newline at end of file diff --git a/cpp/ql/test/experimental/library-tests/rangeanalysis/rangeanalysis/RangeAnalysis.expected b/cpp/ql/test/experimental/library-tests/rangeanalysis/rangeanalysis/RangeAnalysis.expected index 15125038d19..abdb752ca69 100644 --- a/cpp/ql/test/experimental/library-tests/rangeanalysis/rangeanalysis/RangeAnalysis.expected +++ b/cpp/ql/test/experimental/library-tests/rangeanalysis/rangeanalysis/RangeAnalysis.expected @@ -60,7 +60,6 @@ | test.cpp:177:10:177:10 | Load: i | test.cpp:175:23:175:23 | ValueNumberBound | 1 | false | CompareLT: ... < ... | test.cpp:176:7:176:11 | test.cpp:176:7:176:11 | | test.cpp:179:10:179:10 | Load: i | test.cpp:175:23:175:23 | ValueNumberBound | 0 | true | CompareLT: ... < ... | test.cpp:176:7:176:11 | test.cpp:176:7:176:11 | | test.cpp:183:10:183:10 | Load: i | test.cpp:175:23:175:23 | ValueNumberBound | -1 | true | CompareLT: ... < ... | test.cpp:182:9:182:13 | test.cpp:182:9:182:13 | -| test.cpp:185:10:185:10 | Load: i | test.cpp:175:23:175:23 | ValueNumberBound | 0 | true | CompareLT: ... < ... | test.cpp:176:7:176:11 | test.cpp:176:7:176:11 | | test.cpp:187:10:187:10 | Store: i | test.cpp:175:23:175:23 | ValueNumberBound | 0 | false | CompareLT: ... < ... | test.cpp:182:9:182:13 | test.cpp:182:9:182:13 | | test.cpp:194:8:194:8 | Load: l | test.cpp:191:16:191:16 | ValueNumberBound | 0 | false | NoReason | file://:0:0:0:0 | file://:0:0:0:0 | | test.cpp:194:8:194:8 | Load: l | test.cpp:191:16:191:16 | ValueNumberBound | 0 | true | NoReason | file://:0:0:0:0 | file://:0:0:0:0 | diff --git a/cpp/ql/test/library-tests/controlflow/guards-ir/tests.expected b/cpp/ql/test/library-tests/controlflow/guards-ir/tests.expected index 1d138afcbea..2e18dcd7a62 100644 --- a/cpp/ql/test/library-tests/controlflow/guards-ir/tests.expected +++ b/cpp/ql/test/library-tests/controlflow/guards-ir/tests.expected @@ -1,44 +1,3 @@ -astGuards -| test.c:7:9:7:13 | ... > ... | -| test.c:17:8:17:12 | ... < ... | -| test.c:17:8:17:21 | ... && ... | -| test.c:17:17:17:21 | ... > ... | -| test.c:26:11:26:15 | ... > ... | -| test.c:34:16:34:21 | ... < ... | -| test.c:42:16:42:21 | ... < ... | -| test.c:44:12:44:16 | ... > ... | -| test.c:45:16:45:20 | ... > ... | -| test.c:58:9:58:14 | ... == ... | -| test.c:58:9:58:23 | ... \|\| ... | -| test.c:58:19:58:23 | ... < ... | -| test.c:75:9:75:14 | ... == ... | -| test.c:85:8:85:13 | ... == ... | -| test.c:85:8:85:23 | ... && ... | -| test.c:85:18:85:23 | ... != ... | -| test.c:94:11:94:16 | ... != ... | -| test.c:102:16:102:21 | ... < ... | -| test.c:109:9:109:14 | ... == ... | -| test.c:109:9:109:23 | ... \|\| ... | -| test.c:109:19:109:23 | ... < ... | -| test.c:126:7:126:7 | 1 | -| test.c:126:7:126:28 | ... && ... | -| test.c:126:12:126:26 | call to test3_condition | -| test.c:131:7:131:7 | b | -| test.c:137:7:137:7 | 0 | -| test.c:146:7:146:8 | ! ... | -| test.c:146:8:146:8 | x | -| test.c:152:10:152:10 | x | -| test.c:152:10:152:15 | ... && ... | -| test.c:152:15:152:15 | y | -| test.c:156:9:156:19 | ... == ... | -| test.c:159:9:159:19 | ... == ... | -| test.c:162:9:162:18 | ... < ... | -| test.c:165:9:165:18 | ... < ... | -| test.c:175:13:175:32 | ... == ... | -| test.c:181:9:181:9 | x | -| test.cpp:18:8:18:10 | call to get | -| test.cpp:31:7:31:13 | ... == ... | -| test.cpp:42:13:42:20 | call to getABool | astGuardsCompare | 7 | 0 < x+0 when ... > ... is true | | 7 | 0 >= x+0 when ... > ... is false | @@ -425,7 +384,9 @@ astGuardsControl | test.c:126:7:126:7 | 1 | true | 131 | 132 | | test.c:126:7:126:7 | 1 | true | 134 | 123 | | test.c:126:7:126:28 | ... && ... | true | 126 | 128 | +| test.c:126:7:126:28 | ... && ... | true | 131 | 132 | | test.c:126:12:126:26 | call to test3_condition | true | 126 | 128 | +| test.c:126:12:126:26 | call to test3_condition | true | 131 | 132 | | test.c:131:7:131:7 | b | true | 131 | 132 | | test.c:137:7:137:7 | 0 | false | 142 | 136 | | test.c:146:7:146:8 | ! ... | true | 146 | 147 | @@ -832,11 +793,17 @@ astGuardsEnsure_const | test.c:126:7:126:7 | 1 | test.c:126:7:126:7 | 1 | == | 1 | 131 | 132 | | test.c:126:7:126:7 | 1 | test.c:126:7:126:7 | 1 | == | 1 | 134 | 123 | | test.c:126:7:126:28 | ... && ... | test.c:126:7:126:7 | 1 | != | 0 | 126 | 128 | +| test.c:126:7:126:28 | ... && ... | test.c:126:7:126:7 | 1 | != | 0 | 131 | 132 | | test.c:126:7:126:28 | ... && ... | test.c:126:7:126:7 | 1 | == | 1 | 126 | 128 | +| test.c:126:7:126:28 | ... && ... | test.c:126:7:126:7 | 1 | == | 1 | 131 | 132 | | test.c:126:7:126:28 | ... && ... | test.c:126:12:126:26 | call to test3_condition | != | 0 | 126 | 128 | +| test.c:126:7:126:28 | ... && ... | test.c:126:12:126:26 | call to test3_condition | != | 0 | 131 | 132 | | test.c:126:7:126:28 | ... && ... | test.c:126:12:126:26 | call to test3_condition | == | 1 | 126 | 128 | +| test.c:126:7:126:28 | ... && ... | test.c:126:12:126:26 | call to test3_condition | == | 1 | 131 | 132 | | test.c:126:12:126:26 | call to test3_condition | test.c:126:12:126:26 | call to test3_condition | != | 0 | 126 | 128 | +| test.c:126:12:126:26 | call to test3_condition | test.c:126:12:126:26 | call to test3_condition | != | 0 | 131 | 132 | | test.c:126:12:126:26 | call to test3_condition | test.c:126:12:126:26 | call to test3_condition | == | 1 | 126 | 128 | +| test.c:126:12:126:26 | call to test3_condition | test.c:126:12:126:26 | call to test3_condition | == | 1 | 131 | 132 | | test.c:131:7:131:7 | b | test.c:131:7:131:7 | b | != | 0 | 131 | 132 | | test.c:131:7:131:7 | b | test.c:131:7:131:7 | b | == | 1 | 131 | 132 | | test.c:137:7:137:7 | 0 | test.c:137:7:137:7 | 0 | != | 1 | 142 | 136 | @@ -893,40 +860,6 @@ astGuardsEnsure_const | test.cpp:31:7:31:13 | ... == ... | test.cpp:31:7:31:13 | ... == ... | == | 1 | 31 | 32 | | test.cpp:42:13:42:20 | call to getABool | test.cpp:42:13:42:20 | call to getABool | != | 0 | 43 | 45 | | test.cpp:42:13:42:20 | call to getABool | test.cpp:42:13:42:20 | call to getABool | == | 1 | 43 | 45 | -irGuards -| test.c:7:9:7:13 | CompareGT: ... > ... | -| test.c:17:8:17:12 | CompareLT: ... < ... | -| test.c:17:17:17:21 | CompareGT: ... > ... | -| test.c:26:11:26:15 | CompareGT: ... > ... | -| test.c:34:16:34:21 | CompareLT: ... < ... | -| test.c:42:16:42:21 | CompareLT: ... < ... | -| test.c:44:12:44:16 | CompareGT: ... > ... | -| test.c:45:16:45:20 | CompareGT: ... > ... | -| test.c:58:9:58:14 | CompareEQ: ... == ... | -| test.c:58:19:58:23 | CompareLT: ... < ... | -| test.c:75:9:75:14 | CompareEQ: ... == ... | -| test.c:85:8:85:13 | CompareEQ: ... == ... | -| test.c:85:18:85:23 | CompareNE: ... != ... | -| test.c:94:11:94:16 | CompareNE: ... != ... | -| test.c:102:16:102:21 | CompareLT: ... < ... | -| test.c:109:9:109:14 | CompareEQ: ... == ... | -| test.c:109:19:109:23 | CompareLT: ... < ... | -| test.c:126:7:126:7 | CompareNE: 1 | -| test.c:126:12:126:26 | CompareNE: call to test3_condition | -| test.c:131:7:131:7 | CompareNE: b | -| test.c:137:7:137:7 | CompareNE: 0 | -| test.c:146:7:146:8 | CompareEQ: ! ... | -| test.c:152:10:152:10 | CompareNE: x | -| test.c:152:15:152:15 | CompareNE: y | -| test.c:156:9:156:19 | CompareEQ: ... == ... | -| test.c:159:9:159:19 | CompareEQ: ... == ... | -| test.c:162:9:162:18 | CompareLT: ... < ... | -| test.c:165:9:165:18 | CompareLT: ... < ... | -| test.c:175:13:175:32 | CompareEQ: ... == ... | -| test.c:181:9:181:9 | CompareNE: x | -| test.cpp:18:8:18:12 | CompareNE: (bool)... | -| test.cpp:31:7:31:13 | CompareEQ: ... == ... | -| test.cpp:42:13:42:20 | Call: call to getABool | irGuardsCompare | 7 | 0 < x+0 when CompareGT: ... > ... is true | | 7 | 0 >= x+0 when CompareGT: ... > ... is false | @@ -1139,13 +1072,21 @@ irGuardsCompare | 146 | x != 0 when CompareEQ: ! ... is false | | 146 | x == 0 when CompareEQ: ! ... is true | | 152 | x != 0 when CompareNE: x is true | +| 152 | x != 0 when Load: ... && ... is true | +| 152 | x != 0 when Phi: ... && ... is true | | 152 | x != 1 when CompareNE: x is false | | 152 | x == 0 when CompareNE: x is false | | 152 | x == 1 when CompareNE: x is true | +| 152 | x == 1 when Load: ... && ... is true | +| 152 | x == 1 when Phi: ... && ... is true | | 152 | y != 0 when CompareNE: y is true | +| 152 | y != 0 when Load: ... && ... is true | +| 152 | y != 0 when Phi: ... && ... is true | | 152 | y != 1 when CompareNE: y is false | | 152 | y == 0 when CompareNE: y is false | | 152 | y == 1 when CompareNE: y is true | +| 152 | y == 1 when Load: ... && ... is true | +| 152 | y == 1 when Phi: ... && ... is true | | 156 | ... + ... != x+0 when CompareEQ: ... == ... is false | | 156 | ... + ... == x+0 when CompareEQ: ... == ... is true | | 156 | ... == ... != 0 when CompareEQ: ... == ... is true | @@ -1211,9 +1152,14 @@ irGuardsCompare irGuardsControl | test.c:7:9:7:13 | CompareGT: ... > ... | false | 11 | 11 | | test.c:7:9:7:13 | CompareGT: ... > ... | true | 8 | 8 | +| test.c:7:9:7:13 | ConditionalBranch: ... > ... | false | 11 | 11 | +| test.c:7:9:7:13 | ConditionalBranch: ... > ... | true | 8 | 8 | | test.c:17:8:17:12 | CompareLT: ... < ... | true | 17 | 17 | | test.c:17:8:17:12 | CompareLT: ... < ... | true | 18 | 18 | +| test.c:17:8:17:12 | ConditionalBranch: ... < ... | true | 17 | 17 | +| test.c:17:8:17:12 | ConditionalBranch: ... < ... | true | 18 | 18 | | test.c:17:17:17:21 | CompareGT: ... > ... | true | 18 | 18 | +| test.c:17:17:17:21 | ConditionalBranch: ... > ... | true | 18 | 18 | | test.c:26:11:26:15 | CompareGT: ... > ... | false | 2 | 2 | | test.c:26:11:26:15 | CompareGT: ... > ... | false | 31 | 31 | | test.c:26:11:26:15 | CompareGT: ... > ... | false | 34 | 34 | @@ -1229,6 +1175,21 @@ irGuardsControl | test.c:26:11:26:15 | CompareGT: ... > ... | false | 59 | 59 | | test.c:26:11:26:15 | CompareGT: ... > ... | false | 62 | 62 | | test.c:26:11:26:15 | CompareGT: ... > ... | true | 27 | 27 | +| test.c:26:11:26:15 | ConditionalBranch: ... > ... | false | 2 | 2 | +| test.c:26:11:26:15 | ConditionalBranch: ... > ... | false | 31 | 31 | +| test.c:26:11:26:15 | ConditionalBranch: ... > ... | false | 34 | 34 | +| test.c:26:11:26:15 | ConditionalBranch: ... > ... | false | 35 | 35 | +| test.c:26:11:26:15 | ConditionalBranch: ... > ... | false | 39 | 39 | +| test.c:26:11:26:15 | ConditionalBranch: ... > ... | false | 42 | 42 | +| test.c:26:11:26:15 | ConditionalBranch: ... > ... | false | 43 | 43 | +| test.c:26:11:26:15 | ConditionalBranch: ... > ... | false | 45 | 45 | +| test.c:26:11:26:15 | ConditionalBranch: ... > ... | false | 46 | 46 | +| test.c:26:11:26:15 | ConditionalBranch: ... > ... | false | 52 | 52 | +| test.c:26:11:26:15 | ConditionalBranch: ... > ... | false | 56 | 56 | +| test.c:26:11:26:15 | ConditionalBranch: ... > ... | false | 58 | 58 | +| test.c:26:11:26:15 | ConditionalBranch: ... > ... | false | 59 | 59 | +| test.c:26:11:26:15 | ConditionalBranch: ... > ... | false | 62 | 62 | +| test.c:26:11:26:15 | ConditionalBranch: ... > ... | true | 27 | 27 | | test.c:34:16:34:21 | CompareLT: ... < ... | false | 2 | 2 | | test.c:34:16:34:21 | CompareLT: ... < ... | false | 39 | 39 | | test.c:34:16:34:21 | CompareLT: ... < ... | false | 42 | 42 | @@ -1241,22 +1202,56 @@ irGuardsControl | test.c:34:16:34:21 | CompareLT: ... < ... | false | 59 | 59 | | test.c:34:16:34:21 | CompareLT: ... < ... | false | 62 | 62 | | test.c:34:16:34:21 | CompareLT: ... < ... | true | 35 | 35 | +| test.c:34:16:34:21 | ConditionalBranch: ... < ... | false | 2 | 2 | +| test.c:34:16:34:21 | ConditionalBranch: ... < ... | false | 39 | 39 | +| test.c:34:16:34:21 | ConditionalBranch: ... < ... | false | 42 | 42 | +| test.c:34:16:34:21 | ConditionalBranch: ... < ... | false | 43 | 43 | +| test.c:34:16:34:21 | ConditionalBranch: ... < ... | false | 45 | 45 | +| test.c:34:16:34:21 | ConditionalBranch: ... < ... | false | 46 | 46 | +| test.c:34:16:34:21 | ConditionalBranch: ... < ... | false | 52 | 52 | +| test.c:34:16:34:21 | ConditionalBranch: ... < ... | false | 56 | 56 | +| test.c:34:16:34:21 | ConditionalBranch: ... < ... | false | 58 | 58 | +| test.c:34:16:34:21 | ConditionalBranch: ... < ... | false | 59 | 59 | +| test.c:34:16:34:21 | ConditionalBranch: ... < ... | false | 62 | 62 | +| test.c:34:16:34:21 | ConditionalBranch: ... < ... | true | 35 | 35 | +| test.c:42:16:42:21 | CompareLT: ... < ... | true | 2 | 2 | | test.c:42:16:42:21 | CompareLT: ... < ... | true | 43 | 43 | | test.c:42:16:42:21 | CompareLT: ... < ... | true | 45 | 45 | | test.c:42:16:42:21 | CompareLT: ... < ... | true | 46 | 46 | | test.c:42:16:42:21 | CompareLT: ... < ... | true | 52 | 52 | +| test.c:42:16:42:21 | ConditionalBranch: ... < ... | true | 2 | 2 | +| test.c:42:16:42:21 | ConditionalBranch: ... < ... | true | 43 | 43 | +| test.c:42:16:42:21 | ConditionalBranch: ... < ... | true | 45 | 45 | +| test.c:42:16:42:21 | ConditionalBranch: ... < ... | true | 46 | 46 | +| test.c:42:16:42:21 | ConditionalBranch: ... < ... | true | 52 | 52 | | test.c:44:12:44:16 | CompareGT: ... > ... | false | 52 | 52 | +| test.c:44:12:44:16 | CompareGT: ... > ... | true | 2 | 2 | | test.c:44:12:44:16 | CompareGT: ... > ... | true | 45 | 45 | | test.c:44:12:44:16 | CompareGT: ... > ... | true | 46 | 46 | +| test.c:44:12:44:16 | ConditionalBranch: ... > ... | false | 52 | 52 | +| test.c:44:12:44:16 | ConditionalBranch: ... > ... | true | 2 | 2 | +| test.c:44:12:44:16 | ConditionalBranch: ... > ... | true | 45 | 45 | +| test.c:44:12:44:16 | ConditionalBranch: ... > ... | true | 46 | 46 | +| test.c:45:16:45:20 | CompareGT: ... > ... | false | 2 | 2 | | test.c:45:16:45:20 | CompareGT: ... > ... | true | 46 | 46 | +| test.c:45:16:45:20 | ConditionalBranch: ... > ... | false | 2 | 2 | +| test.c:45:16:45:20 | ConditionalBranch: ... > ... | true | 46 | 46 | | test.c:58:9:58:14 | CompareEQ: ... == ... | false | 58 | 58 | | test.c:58:9:58:14 | CompareEQ: ... == ... | false | 62 | 62 | +| test.c:58:9:58:14 | ConditionalBranch: ... == ... | false | 58 | 58 | +| test.c:58:9:58:14 | ConditionalBranch: ... == ... | false | 62 | 62 | | test.c:58:19:58:23 | CompareLT: ... < ... | false | 62 | 62 | +| test.c:58:19:58:23 | ConditionalBranch: ... < ... | false | 62 | 62 | | test.c:75:9:75:14 | CompareEQ: ... == ... | false | 79 | 79 | | test.c:75:9:75:14 | CompareEQ: ... == ... | true | 76 | 76 | +| test.c:75:9:75:14 | ConditionalBranch: ... == ... | false | 79 | 79 | +| test.c:75:9:75:14 | ConditionalBranch: ... == ... | true | 76 | 76 | | test.c:85:8:85:13 | CompareEQ: ... == ... | true | 85 | 85 | | test.c:85:8:85:13 | CompareEQ: ... == ... | true | 86 | 86 | +| test.c:85:8:85:13 | ConditionalBranch: ... == ... | true | 85 | 85 | +| test.c:85:8:85:13 | ConditionalBranch: ... == ... | true | 86 | 86 | | test.c:85:18:85:23 | CompareNE: ... != ... | true | 86 | 86 | +| test.c:85:18:85:23 | ConditionalBranch: ... != ... | true | 86 | 86 | | test.c:94:11:94:16 | CompareNE: ... != ... | false | 70 | 70 | | test.c:94:11:94:16 | CompareNE: ... != ... | false | 99 | 99 | | test.c:94:11:94:16 | CompareNE: ... != ... | false | 102 | 102 | @@ -1266,40 +1261,89 @@ irGuardsControl | test.c:94:11:94:16 | CompareNE: ... != ... | false | 110 | 110 | | test.c:94:11:94:16 | CompareNE: ... != ... | false | 113 | 113 | | test.c:94:11:94:16 | CompareNE: ... != ... | true | 95 | 95 | +| test.c:94:11:94:16 | ConditionalBranch: ... != ... | false | 70 | 70 | +| test.c:94:11:94:16 | ConditionalBranch: ... != ... | false | 99 | 99 | +| test.c:94:11:94:16 | ConditionalBranch: ... != ... | false | 102 | 102 | +| test.c:94:11:94:16 | ConditionalBranch: ... != ... | false | 103 | 103 | +| test.c:94:11:94:16 | ConditionalBranch: ... != ... | false | 107 | 107 | +| test.c:94:11:94:16 | ConditionalBranch: ... != ... | false | 109 | 109 | +| test.c:94:11:94:16 | ConditionalBranch: ... != ... | false | 110 | 110 | +| test.c:94:11:94:16 | ConditionalBranch: ... != ... | false | 113 | 113 | +| test.c:94:11:94:16 | ConditionalBranch: ... != ... | true | 95 | 95 | | test.c:102:16:102:21 | CompareLT: ... < ... | false | 70 | 70 | | test.c:102:16:102:21 | CompareLT: ... < ... | false | 107 | 107 | | test.c:102:16:102:21 | CompareLT: ... < ... | false | 109 | 109 | | test.c:102:16:102:21 | CompareLT: ... < ... | false | 110 | 110 | | test.c:102:16:102:21 | CompareLT: ... < ... | false | 113 | 113 | | test.c:102:16:102:21 | CompareLT: ... < ... | true | 103 | 103 | +| test.c:102:16:102:21 | ConditionalBranch: ... < ... | false | 70 | 70 | +| test.c:102:16:102:21 | ConditionalBranch: ... < ... | false | 107 | 107 | +| test.c:102:16:102:21 | ConditionalBranch: ... < ... | false | 109 | 109 | +| test.c:102:16:102:21 | ConditionalBranch: ... < ... | false | 110 | 110 | +| test.c:102:16:102:21 | ConditionalBranch: ... < ... | false | 113 | 113 | +| test.c:102:16:102:21 | ConditionalBranch: ... < ... | true | 103 | 103 | | test.c:109:9:109:14 | CompareEQ: ... == ... | false | 109 | 109 | | test.c:109:9:109:14 | CompareEQ: ... == ... | false | 113 | 113 | +| test.c:109:9:109:14 | ConditionalBranch: ... == ... | false | 109 | 109 | +| test.c:109:9:109:14 | ConditionalBranch: ... == ... | false | 113 | 113 | | test.c:109:19:109:23 | CompareLT: ... < ... | false | 113 | 113 | +| test.c:109:19:109:23 | ConditionalBranch: ... < ... | false | 113 | 113 | +| test.c:126:7:126:7 | CompareNE: 1 | false | 123 | 123 | | test.c:126:7:126:7 | CompareNE: 1 | true | 126 | 126 | | test.c:126:7:126:7 | CompareNE: 1 | true | 127 | 127 | | test.c:126:7:126:7 | CompareNE: 1 | true | 131 | 131 | | test.c:126:7:126:7 | CompareNE: 1 | true | 132 | 132 | | test.c:126:7:126:7 | CompareNE: 1 | true | 134 | 134 | +| test.c:126:7:126:7 | ConditionalBranch: 1 | false | 123 | 123 | +| test.c:126:7:126:7 | ConditionalBranch: 1 | true | 126 | 126 | +| test.c:126:7:126:7 | ConditionalBranch: 1 | true | 127 | 127 | +| test.c:126:7:126:7 | ConditionalBranch: 1 | true | 131 | 131 | +| test.c:126:7:126:7 | ConditionalBranch: 1 | true | 132 | 132 | +| test.c:126:7:126:7 | ConditionalBranch: 1 | true | 134 | 134 | | test.c:126:12:126:26 | CompareNE: call to test3_condition | true | 127 | 127 | +| test.c:126:12:126:26 | CompareNE: call to test3_condition | true | 132 | 132 | +| test.c:126:12:126:26 | ConditionalBranch: call to test3_condition | true | 127 | 127 | +| test.c:126:12:126:26 | ConditionalBranch: call to test3_condition | true | 132 | 132 | | test.c:131:7:131:7 | CompareNE: b | true | 132 | 132 | +| test.c:131:7:131:7 | ConditionalBranch: b | true | 132 | 132 | | test.c:137:7:137:7 | CompareNE: 0 | false | 142 | 142 | +| test.c:137:7:137:7 | CompareNE: 0 | true | 136 | 136 | +| test.c:137:7:137:7 | ConditionalBranch: 0 | false | 142 | 142 | +| test.c:137:7:137:7 | ConditionalBranch: 0 | true | 136 | 136 | | test.c:146:7:146:8 | CompareEQ: ! ... | true | 147 | 147 | +| test.c:146:7:146:8 | ConditionalBranch: ! ... | true | 147 | 147 | | test.c:152:10:152:10 | CompareNE: x | true | 152 | 152 | +| test.c:152:10:152:10 | ConditionalBranch: x | true | 152 | 152 | | test.c:152:15:152:15 | CompareNE: y | true | 152 | 152 | +| test.c:152:15:152:15 | ConditionalBranch: y | true | 152 | 152 | | test.c:156:9:156:19 | CompareEQ: ... == ... | true | 156 | 157 | +| test.c:156:9:156:19 | ConditionalBranch: ... == ... | true | 156 | 157 | | test.c:159:9:159:19 | CompareEQ: ... == ... | true | 159 | 160 | +| test.c:159:9:159:19 | ConditionalBranch: ... == ... | true | 159 | 160 | | test.c:162:9:162:18 | CompareLT: ... < ... | true | 162 | 163 | +| test.c:162:9:162:18 | ConditionalBranch: ... < ... | true | 162 | 163 | | test.c:165:9:165:18 | CompareLT: ... < ... | true | 165 | 166 | +| test.c:165:9:165:18 | ConditionalBranch: ... < ... | true | 165 | 166 | | test.c:175:13:175:32 | CompareEQ: ... == ... | false | 175 | 175 | | test.c:175:13:175:32 | CompareEQ: ... == ... | true | 175 | 175 | +| test.c:175:13:175:32 | ConditionalBranch: ... == ... | false | 175 | 175 | +| test.c:175:13:175:32 | ConditionalBranch: ... == ... | true | 175 | 175 | | test.c:181:9:181:9 | CompareNE: x | false | 184 | 184 | | test.c:181:9:181:9 | CompareNE: x | true | 182 | 182 | +| test.c:181:9:181:9 | ConditionalBranch: x | false | 184 | 184 | +| test.c:181:9:181:9 | ConditionalBranch: x | true | 182 | 182 | | test.cpp:18:8:18:12 | CompareNE: (bool)... | true | 19 | 19 | +| test.cpp:18:8:18:12 | ConditionalBranch: (bool)... | true | 19 | 19 | | test.cpp:31:7:31:13 | CompareEQ: ... == ... | false | 34 | 34 | | test.cpp:31:7:31:13 | CompareEQ: ... == ... | true | 30 | 30 | | test.cpp:31:7:31:13 | CompareEQ: ... == ... | true | 32 | 32 | +| test.cpp:31:7:31:13 | ConditionalBranch: ... == ... | false | 34 | 34 | +| test.cpp:31:7:31:13 | ConditionalBranch: ... == ... | true | 30 | 30 | +| test.cpp:31:7:31:13 | ConditionalBranch: ... == ... | true | 32 | 32 | | test.cpp:42:13:42:20 | Call: call to getABool | true | 44 | 44 | | test.cpp:42:13:42:20 | Call: call to getABool | true | 45 | 45 | +| test.cpp:42:13:42:20 | ConditionalBranch: call to getABool | true | 44 | 44 | +| test.cpp:42:13:42:20 | ConditionalBranch: call to getABool | true | 45 | 45 | irGuardsEnsure | test.c:7:9:7:13 | CompareGT: ... > ... | test.c:7:9:7:9 | Load: x | < | test.c:7:13:7:13 | Constant: 0 | 1 | 11 | 11 | | test.c:7:9:7:13 | CompareGT: ... > ... | test.c:7:9:7:9 | Load: x | >= | test.c:7:13:7:13 | Constant: 0 | 1 | 8 | 8 | @@ -1365,22 +1409,28 @@ irGuardsEnsure | test.c:34:16:34:21 | CompareLT: ... < ... | test.c:34:20:34:21 | Constant: 10 | < | test.c:34:16:34:16 | Load: j | 1 | 59 | 59 | | test.c:34:16:34:21 | CompareLT: ... < ... | test.c:34:20:34:21 | Constant: 10 | < | test.c:34:16:34:16 | Load: j | 1 | 62 | 62 | | test.c:34:16:34:21 | CompareLT: ... < ... | test.c:34:20:34:21 | Constant: 10 | >= | test.c:34:16:34:16 | Load: j | 1 | 35 | 35 | +| test.c:42:16:42:21 | CompareLT: ... < ... | test.c:42:16:42:16 | Load: j | < | test.c:42:20:42:21 | Constant: 10 | 0 | 2 | 2 | | test.c:42:16:42:21 | CompareLT: ... < ... | test.c:42:16:42:16 | Load: j | < | test.c:42:20:42:21 | Constant: 10 | 0 | 43 | 43 | | test.c:42:16:42:21 | CompareLT: ... < ... | test.c:42:16:42:16 | Load: j | < | test.c:42:20:42:21 | Constant: 10 | 0 | 45 | 45 | | test.c:42:16:42:21 | CompareLT: ... < ... | test.c:42:16:42:16 | Load: j | < | test.c:42:20:42:21 | Constant: 10 | 0 | 46 | 46 | | test.c:42:16:42:21 | CompareLT: ... < ... | test.c:42:16:42:16 | Load: j | < | test.c:42:20:42:21 | Constant: 10 | 0 | 52 | 52 | +| test.c:42:16:42:21 | CompareLT: ... < ... | test.c:42:20:42:21 | Constant: 10 | >= | test.c:42:16:42:16 | Load: j | 1 | 2 | 2 | | test.c:42:16:42:21 | CompareLT: ... < ... | test.c:42:20:42:21 | Constant: 10 | >= | test.c:42:16:42:16 | Load: j | 1 | 43 | 43 | | test.c:42:16:42:21 | CompareLT: ... < ... | test.c:42:20:42:21 | Constant: 10 | >= | test.c:42:16:42:16 | Load: j | 1 | 45 | 45 | | test.c:42:16:42:21 | CompareLT: ... < ... | test.c:42:20:42:21 | Constant: 10 | >= | test.c:42:16:42:16 | Load: j | 1 | 46 | 46 | | test.c:42:16:42:21 | CompareLT: ... < ... | test.c:42:20:42:21 | Constant: 10 | >= | test.c:42:16:42:16 | Load: j | 1 | 52 | 52 | | test.c:44:12:44:16 | CompareGT: ... > ... | test.c:44:12:44:12 | Load: z | < | test.c:44:16:44:16 | Constant: 0 | 1 | 52 | 52 | +| test.c:44:12:44:16 | CompareGT: ... > ... | test.c:44:12:44:12 | Load: z | >= | test.c:44:16:44:16 | Constant: 0 | 1 | 2 | 2 | | test.c:44:12:44:16 | CompareGT: ... > ... | test.c:44:12:44:12 | Load: z | >= | test.c:44:16:44:16 | Constant: 0 | 1 | 45 | 45 | | test.c:44:12:44:16 | CompareGT: ... > ... | test.c:44:12:44:12 | Load: z | >= | test.c:44:16:44:16 | Constant: 0 | 1 | 46 | 46 | +| test.c:44:12:44:16 | CompareGT: ... > ... | test.c:44:16:44:16 | Constant: 0 | < | test.c:44:12:44:12 | Load: z | 0 | 2 | 2 | | test.c:44:12:44:16 | CompareGT: ... > ... | test.c:44:16:44:16 | Constant: 0 | < | test.c:44:12:44:12 | Load: z | 0 | 45 | 45 | | test.c:44:12:44:16 | CompareGT: ... > ... | test.c:44:16:44:16 | Constant: 0 | < | test.c:44:12:44:12 | Load: z | 0 | 46 | 46 | | test.c:44:12:44:16 | CompareGT: ... > ... | test.c:44:16:44:16 | Constant: 0 | >= | test.c:44:12:44:12 | Load: z | 0 | 52 | 52 | +| test.c:45:16:45:20 | CompareGT: ... > ... | test.c:45:16:45:16 | Load: y | < | test.c:45:20:45:20 | Constant: (long)... | 1 | 2 | 2 | | test.c:45:16:45:20 | CompareGT: ... > ... | test.c:45:16:45:16 | Load: y | >= | test.c:45:20:45:20 | Constant: (long)... | 1 | 46 | 46 | | test.c:45:16:45:20 | CompareGT: ... > ... | test.c:45:20:45:20 | Constant: (long)... | < | test.c:45:16:45:16 | Load: y | 0 | 46 | 46 | +| test.c:45:16:45:20 | CompareGT: ... > ... | test.c:45:20:45:20 | Constant: (long)... | >= | test.c:45:16:45:16 | Load: y | 0 | 2 | 2 | | test.c:58:9:58:14 | CompareEQ: ... == ... | test.c:58:9:58:9 | Load: x | != | test.c:58:14:58:14 | Constant: 0 | 0 | 58 | 58 | | test.c:58:9:58:14 | CompareEQ: ... == ... | test.c:58:9:58:9 | Load: x | != | test.c:58:14:58:14 | Constant: 0 | 0 | 62 | 62 | | test.c:58:9:58:14 | CompareEQ: ... == ... | test.c:58:14:58:14 | Constant: 0 | != | test.c:58:9:58:9 | Load: x | 0 | 58 | 58 | @@ -1451,10 +1501,16 @@ irGuardsEnsure | test.c:126:7:126:7 | CompareNE: 1 | test.c:126:7:126:7 | Constant: 1 | != | test.c:126:7:126:7 | Constant: 1 | 0 | 132 | 132 | | test.c:126:7:126:7 | CompareNE: 1 | test.c:126:7:126:7 | Constant: 1 | != | test.c:126:7:126:7 | Constant: 1 | 0 | 134 | 134 | | test.c:126:7:126:7 | CompareNE: 1 | test.c:126:7:126:7 | Constant: 1 | != | test.c:126:7:126:7 | Constant: 1 | 0 | 134 | 134 | +| test.c:126:7:126:7 | CompareNE: 1 | test.c:126:7:126:7 | Constant: 1 | == | test.c:126:7:126:7 | Constant: 1 | 0 | 123 | 123 | +| test.c:126:7:126:7 | CompareNE: 1 | test.c:126:7:126:7 | Constant: 1 | == | test.c:126:7:126:7 | Constant: 1 | 0 | 123 | 123 | | test.c:126:12:126:26 | CompareNE: call to test3_condition | test.c:126:12:126:26 | Call: call to test3_condition | != | test.c:126:12:126:26 | Constant: call to test3_condition | 0 | 127 | 127 | +| test.c:126:12:126:26 | CompareNE: call to test3_condition | test.c:126:12:126:26 | Call: call to test3_condition | != | test.c:126:12:126:26 | Constant: call to test3_condition | 0 | 132 | 132 | | test.c:126:12:126:26 | CompareNE: call to test3_condition | test.c:126:12:126:26 | Constant: call to test3_condition | != | test.c:126:12:126:26 | Call: call to test3_condition | 0 | 127 | 127 | +| test.c:126:12:126:26 | CompareNE: call to test3_condition | test.c:126:12:126:26 | Constant: call to test3_condition | != | test.c:126:12:126:26 | Call: call to test3_condition | 0 | 132 | 132 | | test.c:131:7:131:7 | CompareNE: b | test.c:131:7:131:7 | Constant: b | != | test.c:131:7:131:7 | Load: b | 0 | 132 | 132 | | test.c:131:7:131:7 | CompareNE: b | test.c:131:7:131:7 | Load: b | != | test.c:131:7:131:7 | Constant: b | 0 | 132 | 132 | +| test.c:137:7:137:7 | CompareNE: 0 | test.c:137:7:137:7 | Constant: 0 | != | test.c:137:7:137:7 | Constant: 0 | 0 | 136 | 136 | +| test.c:137:7:137:7 | CompareNE: 0 | test.c:137:7:137:7 | Constant: 0 | != | test.c:137:7:137:7 | Constant: 0 | 0 | 136 | 136 | | test.c:137:7:137:7 | CompareNE: 0 | test.c:137:7:137:7 | Constant: 0 | == | test.c:137:7:137:7 | Constant: 0 | 0 | 142 | 142 | | test.c:137:7:137:7 | CompareNE: 0 | test.c:137:7:137:7 | Constant: 0 | == | test.c:137:7:137:7 | Constant: 0 | 0 | 142 | 142 | | test.c:146:7:146:8 | CompareEQ: ! ... | test.c:146:7:146:8 | Constant: ! ... | == | test.c:146:8:146:8 | Load: x | 0 | 147 | 147 | @@ -1592,29 +1648,38 @@ irGuardsEnsure_const | test.c:34:16:34:21 | CompareLT: ... < ... | test.c:34:16:34:21 | CompareLT: ... < ... | == | 0 | 59 | 59 | | test.c:34:16:34:21 | CompareLT: ... < ... | test.c:34:16:34:21 | CompareLT: ... < ... | == | 0 | 62 | 62 | | test.c:34:16:34:21 | CompareLT: ... < ... | test.c:34:16:34:21 | CompareLT: ... < ... | == | 1 | 35 | 35 | +| test.c:42:16:42:21 | CompareLT: ... < ... | test.c:42:16:42:16 | Load: j | < | 10 | 2 | 2 | | test.c:42:16:42:21 | CompareLT: ... < ... | test.c:42:16:42:16 | Load: j | < | 10 | 43 | 43 | | test.c:42:16:42:21 | CompareLT: ... < ... | test.c:42:16:42:16 | Load: j | < | 10 | 45 | 45 | | test.c:42:16:42:21 | CompareLT: ... < ... | test.c:42:16:42:16 | Load: j | < | 10 | 46 | 46 | | test.c:42:16:42:21 | CompareLT: ... < ... | test.c:42:16:42:16 | Load: j | < | 10 | 52 | 52 | +| test.c:42:16:42:21 | CompareLT: ... < ... | test.c:42:16:42:21 | CompareLT: ... < ... | != | 0 | 2 | 2 | | test.c:42:16:42:21 | CompareLT: ... < ... | test.c:42:16:42:21 | CompareLT: ... < ... | != | 0 | 43 | 43 | | test.c:42:16:42:21 | CompareLT: ... < ... | test.c:42:16:42:21 | CompareLT: ... < ... | != | 0 | 45 | 45 | | test.c:42:16:42:21 | CompareLT: ... < ... | test.c:42:16:42:21 | CompareLT: ... < ... | != | 0 | 46 | 46 | | test.c:42:16:42:21 | CompareLT: ... < ... | test.c:42:16:42:21 | CompareLT: ... < ... | != | 0 | 52 | 52 | +| test.c:42:16:42:21 | CompareLT: ... < ... | test.c:42:16:42:21 | CompareLT: ... < ... | == | 1 | 2 | 2 | | test.c:42:16:42:21 | CompareLT: ... < ... | test.c:42:16:42:21 | CompareLT: ... < ... | == | 1 | 43 | 43 | | test.c:42:16:42:21 | CompareLT: ... < ... | test.c:42:16:42:21 | CompareLT: ... < ... | == | 1 | 45 | 45 | | test.c:42:16:42:21 | CompareLT: ... < ... | test.c:42:16:42:21 | CompareLT: ... < ... | == | 1 | 46 | 46 | | test.c:42:16:42:21 | CompareLT: ... < ... | test.c:42:16:42:21 | CompareLT: ... < ... | == | 1 | 52 | 52 | | test.c:44:12:44:16 | CompareGT: ... > ... | test.c:44:12:44:12 | Load: z | < | 1 | 52 | 52 | +| test.c:44:12:44:16 | CompareGT: ... > ... | test.c:44:12:44:12 | Load: z | >= | 1 | 2 | 2 | | test.c:44:12:44:16 | CompareGT: ... > ... | test.c:44:12:44:12 | Load: z | >= | 1 | 45 | 45 | | test.c:44:12:44:16 | CompareGT: ... > ... | test.c:44:12:44:12 | Load: z | >= | 1 | 46 | 46 | +| test.c:44:12:44:16 | CompareGT: ... > ... | test.c:44:12:44:16 | CompareGT: ... > ... | != | 0 | 2 | 2 | | test.c:44:12:44:16 | CompareGT: ... > ... | test.c:44:12:44:16 | CompareGT: ... > ... | != | 0 | 45 | 45 | | test.c:44:12:44:16 | CompareGT: ... > ... | test.c:44:12:44:16 | CompareGT: ... > ... | != | 0 | 46 | 46 | | test.c:44:12:44:16 | CompareGT: ... > ... | test.c:44:12:44:16 | CompareGT: ... > ... | != | 1 | 52 | 52 | | test.c:44:12:44:16 | CompareGT: ... > ... | test.c:44:12:44:16 | CompareGT: ... > ... | == | 0 | 52 | 52 | +| test.c:44:12:44:16 | CompareGT: ... > ... | test.c:44:12:44:16 | CompareGT: ... > ... | == | 1 | 2 | 2 | | test.c:44:12:44:16 | CompareGT: ... > ... | test.c:44:12:44:16 | CompareGT: ... > ... | == | 1 | 45 | 45 | | test.c:44:12:44:16 | CompareGT: ... > ... | test.c:44:12:44:16 | CompareGT: ... > ... | == | 1 | 46 | 46 | +| test.c:45:16:45:20 | CompareGT: ... > ... | test.c:45:16:45:16 | Load: y | < | 1 | 2 | 2 | | test.c:45:16:45:20 | CompareGT: ... > ... | test.c:45:16:45:16 | Load: y | >= | 1 | 46 | 46 | | test.c:45:16:45:20 | CompareGT: ... > ... | test.c:45:16:45:20 | CompareGT: ... > ... | != | 0 | 46 | 46 | +| test.c:45:16:45:20 | CompareGT: ... > ... | test.c:45:16:45:20 | CompareGT: ... > ... | != | 1 | 2 | 2 | +| test.c:45:16:45:20 | CompareGT: ... > ... | test.c:45:16:45:20 | CompareGT: ... > ... | == | 0 | 2 | 2 | | test.c:45:16:45:20 | CompareGT: ... > ... | test.c:45:16:45:20 | CompareGT: ... > ... | == | 1 | 46 | 46 | | test.c:58:9:58:14 | CompareEQ: ... == ... | test.c:58:9:58:9 | Load: x | != | 0 | 58 | 58 | | test.c:58:9:58:14 | CompareEQ: ... == ... | test.c:58:9:58:9 | Load: x | != | 0 | 62 | 62 | @@ -1711,6 +1776,8 @@ irGuardsEnsure_const | test.c:126:7:126:7 | CompareNE: 1 | test.c:126:7:126:7 | CompareNE: 1 | != | 0 | 131 | 131 | | test.c:126:7:126:7 | CompareNE: 1 | test.c:126:7:126:7 | CompareNE: 1 | != | 0 | 132 | 132 | | test.c:126:7:126:7 | CompareNE: 1 | test.c:126:7:126:7 | CompareNE: 1 | != | 0 | 134 | 134 | +| test.c:126:7:126:7 | CompareNE: 1 | test.c:126:7:126:7 | CompareNE: 1 | != | 1 | 123 | 123 | +| test.c:126:7:126:7 | CompareNE: 1 | test.c:126:7:126:7 | CompareNE: 1 | == | 0 | 123 | 123 | | test.c:126:7:126:7 | CompareNE: 1 | test.c:126:7:126:7 | CompareNE: 1 | == | 1 | 126 | 126 | | test.c:126:7:126:7 | CompareNE: 1 | test.c:126:7:126:7 | CompareNE: 1 | == | 1 | 127 | 127 | | test.c:126:7:126:7 | CompareNE: 1 | test.c:126:7:126:7 | CompareNE: 1 | == | 1 | 131 | 131 | @@ -1726,14 +1793,23 @@ irGuardsEnsure_const | test.c:126:7:126:7 | CompareNE: 1 | test.c:126:7:126:7 | Constant: 1 | != | 1 | 131 | 131 | | test.c:126:7:126:7 | CompareNE: 1 | test.c:126:7:126:7 | Constant: 1 | != | 1 | 132 | 132 | | test.c:126:7:126:7 | CompareNE: 1 | test.c:126:7:126:7 | Constant: 1 | != | 1 | 134 | 134 | +| test.c:126:7:126:7 | CompareNE: 1 | test.c:126:7:126:7 | Constant: 1 | == | 0 | 123 | 123 | +| test.c:126:7:126:7 | CompareNE: 1 | test.c:126:7:126:7 | Constant: 1 | == | 1 | 123 | 123 | | test.c:126:12:126:26 | CompareNE: call to test3_condition | test.c:126:12:126:26 | Call: call to test3_condition | != | 0 | 127 | 127 | +| test.c:126:12:126:26 | CompareNE: call to test3_condition | test.c:126:12:126:26 | Call: call to test3_condition | != | 0 | 132 | 132 | | test.c:126:12:126:26 | CompareNE: call to test3_condition | test.c:126:12:126:26 | CompareNE: call to test3_condition | != | 0 | 127 | 127 | +| test.c:126:12:126:26 | CompareNE: call to test3_condition | test.c:126:12:126:26 | CompareNE: call to test3_condition | != | 0 | 132 | 132 | | test.c:126:12:126:26 | CompareNE: call to test3_condition | test.c:126:12:126:26 | CompareNE: call to test3_condition | == | 1 | 127 | 127 | +| test.c:126:12:126:26 | CompareNE: call to test3_condition | test.c:126:12:126:26 | CompareNE: call to test3_condition | == | 1 | 132 | 132 | | test.c:131:7:131:7 | CompareNE: b | test.c:131:7:131:7 | CompareNE: b | != | 0 | 132 | 132 | | test.c:131:7:131:7 | CompareNE: b | test.c:131:7:131:7 | CompareNE: b | == | 1 | 132 | 132 | | test.c:131:7:131:7 | CompareNE: b | test.c:131:7:131:7 | Load: b | != | 0 | 132 | 132 | +| test.c:137:7:137:7 | CompareNE: 0 | test.c:137:7:137:7 | CompareNE: 0 | != | 0 | 136 | 136 | | test.c:137:7:137:7 | CompareNE: 0 | test.c:137:7:137:7 | CompareNE: 0 | != | 1 | 142 | 142 | | test.c:137:7:137:7 | CompareNE: 0 | test.c:137:7:137:7 | CompareNE: 0 | == | 0 | 142 | 142 | +| test.c:137:7:137:7 | CompareNE: 0 | test.c:137:7:137:7 | CompareNE: 0 | == | 1 | 136 | 136 | +| test.c:137:7:137:7 | CompareNE: 0 | test.c:137:7:137:7 | Constant: 0 | != | 0 | 136 | 136 | +| test.c:137:7:137:7 | CompareNE: 0 | test.c:137:7:137:7 | Constant: 0 | != | 0 | 136 | 136 | | test.c:137:7:137:7 | CompareNE: 0 | test.c:137:7:137:7 | Constant: 0 | == | 0 | 142 | 142 | | test.c:137:7:137:7 | CompareNE: 0 | test.c:137:7:137:7 | Constant: 0 | == | 0 | 142 | 142 | | test.c:146:7:146:8 | CompareEQ: ! ... | test.c:146:7:146:8 | CompareEQ: ! ... | != | 0 | 147 | 147 | diff --git a/cpp/ql/test/library-tests/controlflow/guards-ir/tests.ql b/cpp/ql/test/library-tests/controlflow/guards-ir/tests.ql index 0f147f9ea8d..f91ae1e423d 100644 --- a/cpp/ql/test/library-tests/controlflow/guards-ir/tests.ql +++ b/cpp/ql/test/library-tests/controlflow/guards-ir/tests.ql @@ -1,8 +1,6 @@ import cpp import semmle.code.cpp.controlflow.IRGuards -query predicate astGuards(GuardCondition guard) { any() } - query predicate astGuardsCompare(int startLine, string msg) { exists(GuardCondition guard, Expr left, int k, string op | exists(boolean sense, string which | @@ -23,7 +21,7 @@ query predicate astGuardsCompare(int startLine, string msg) { ) ) or - exists(AbstractValue value | + exists(GuardValue value | guard.comparesEq(left, k, true, value) and op = " == " or guard.comparesEq(left, k, false, value) and op = " != " @@ -70,8 +68,6 @@ query predicate astGuardsEnsure_const( ) } -query predicate irGuards(IRGuardCondition guard) { any() } - query predicate irGuardsCompare(int startLine, string msg) { exists(IRGuardCondition guard, Operand left, int k, string op | exists(boolean sense, string which | @@ -95,7 +91,7 @@ query predicate irGuardsCompare(int startLine, string msg) { ) ) or - exists(AbstractValue value | + exists(GuardValue value | guard.comparesLt(left, k, true, value) and op = " < " or guard.comparesLt(left, k, false, value) and op = " >= " diff --git a/cpp/ql/test/library-tests/controlflow/guards/Guards.expected b/cpp/ql/test/library-tests/controlflow/guards/Guards.expected deleted file mode 100644 index 70290c7e226..00000000000 --- a/cpp/ql/test/library-tests/controlflow/guards/Guards.expected +++ /dev/null @@ -1,108 +0,0 @@ -| test.c:7:9:7:13 | ... > ... | -| test.c:17:8:17:12 | ... < ... | -| test.c:17:8:17:21 | ... && ... | -| test.c:17:17:17:21 | ... > ... | -| test.c:26:11:26:15 | ... > ... | -| test.c:34:16:34:21 | ... < ... | -| test.c:42:16:42:21 | ... < ... | -| test.c:44:12:44:16 | ... > ... | -| test.c:45:16:45:20 | ... > ... | -| test.c:58:9:58:14 | ... == ... | -| test.c:58:9:58:23 | ... \|\| ... | -| test.c:58:19:58:23 | ... < ... | -| test.c:75:9:75:14 | ... == ... | -| test.c:85:8:85:13 | ... == ... | -| test.c:85:8:85:23 | ... && ... | -| test.c:85:18:85:23 | ... != ... | -| test.c:94:11:94:16 | ... != ... | -| test.c:102:16:102:21 | ... < ... | -| test.c:109:9:109:14 | ... == ... | -| test.c:109:9:109:23 | ... \|\| ... | -| test.c:109:19:109:23 | ... < ... | -| test.c:126:7:126:7 | 1 | -| test.c:126:7:126:28 | ... && ... | -| test.c:126:12:126:26 | call to test3_condition | -| test.c:131:7:131:7 | b | -| test.c:137:7:137:7 | 0 | -| test.c:146:7:146:8 | ! ... | -| test.c:146:8:146:8 | x | -| test.c:152:8:152:8 | p | -| test.c:158:8:158:9 | ! ... | -| test.c:158:9:158:9 | p | -| test.c:164:8:164:8 | s | -| test.c:170:8:170:9 | ! ... | -| test.c:170:9:170:9 | s | -| test.c:176:8:176:15 | ! ... | -| test.c:176:10:176:14 | ... < ... | -| test.c:182:8:182:34 | ! ... | -| test.c:182:10:182:20 | ... >= ... | -| test.c:182:10:182:33 | ... && ... | -| test.c:182:25:182:33 | ... < ... | -| test.c:190:7:190:8 | ! ... | -| test.c:190:8:190:8 | c | -| test.c:198:7:198:8 | ! ... | -| test.c:198:8:198:8 | b | -| test.c:206:7:206:8 | ! ... | -| test.c:206:8:206:8 | c | -| test.c:215:6:215:18 | call to __builtin_expect | -| test.c:219:9:219:22 | call to __builtin_expect | -| test.cpp:18:8:18:10 | call to get | -| test.cpp:31:7:31:13 | ... == ... | -| test.cpp:42:13:42:20 | call to getABool | -| test.cpp:61:10:61:10 | i | -| test.cpp:74:10:74:10 | i | -| test.cpp:84:10:84:10 | i | -| test.cpp:93:6:93:6 | c | -| test.cpp:99:6:99:6 | f | -| test.cpp:105:6:105:14 | ... != ... | -| test.cpp:111:6:111:14 | ... != ... | -| test.cpp:122:9:122:9 | b | -| test.cpp:125:13:125:20 | ! ... | -| test.cpp:125:14:125:17 | call to safe | -| test.cpp:131:6:131:21 | call to __builtin_expect | -| test.cpp:135:6:135:21 | call to __builtin_expect | -| test.cpp:141:6:141:21 | call to __builtin_expect | -| test.cpp:145:6:145:21 | call to __builtin_expect | -| test.cpp:152:7:152:8 | ! ... | -| test.cpp:152:8:152:8 | b | -| test.cpp:160:7:160:8 | ! ... | -| test.cpp:160:8:160:8 | c | -| test.cpp:168:7:168:8 | ! ... | -| test.cpp:168:8:168:8 | b | -| test.cpp:176:7:176:8 | ! ... | -| test.cpp:176:8:176:8 | c | -| test.cpp:182:6:182:16 | ! ... | -| test.cpp:182:8:182:9 | b1 | -| test.cpp:182:8:182:15 | ... && ... | -| test.cpp:182:14:182:15 | b2 | -| test.cpp:193:6:193:16 | ! ... | -| test.cpp:193:8:193:9 | b1 | -| test.cpp:193:8:193:15 | ... \|\| ... | -| test.cpp:193:14:193:15 | b2 | -| test.cpp:211:9:211:15 | ... == ... | -| test.cpp:214:9:214:17 | ... == ... | -| test.cpp:217:9:217:15 | ... == ... | -| test.cpp:220:9:220:14 | ... == ... | -| test.cpp:223:9:223:16 | ... == ... | -| test.cpp:226:9:226:14 | ... == ... | -| test.cpp:229:9:229:14 | ... == ... | -| test.cpp:232:9:232:18 | ... == ... | -| test.cpp:235:9:235:17 | ... == ... | -| test.cpp:238:9:238:17 | ... == ... | -| test.cpp:241:9:241:17 | ... == ... | -| test.cpp:241:9:241:30 | ... && ... | -| test.cpp:241:9:241:43 | ... && ... | -| test.cpp:241:22:241:30 | ... == ... | -| test.cpp:241:35:241:43 | ... == ... | -| test.cpp:247:6:247:18 | ... == ... | -| test.cpp:253:6:253:18 | ... != ... | -| test.cpp:260:6:260:18 | ... == ... | -| test.cpp:266:6:266:18 | ... != ... | -| test.cpp:273:6:273:17 | ... == ... | -| test.cpp:279:6:279:17 | ... != ... | -| test.cpp:287:6:287:19 | ... == ... | -| test.cpp:293:6:293:19 | ... != ... | -| test.cpp:300:6:300:19 | ... == ... | -| test.cpp:306:6:306:19 | ... != ... | -| test.cpp:312:6:312:18 | ... == ... | -| test.cpp:318:6:318:18 | ... != ... | diff --git a/cpp/ql/test/library-tests/controlflow/guards/Guards.ql b/cpp/ql/test/library-tests/controlflow/guards/Guards.ql deleted file mode 100644 index 6580c2acf58..00000000000 --- a/cpp/ql/test/library-tests/controlflow/guards/Guards.ql +++ /dev/null @@ -1,5 +0,0 @@ -import cpp -import semmle.code.cpp.controlflow.Guards - -from GuardCondition guard -select guard diff --git a/cpp/ql/test/library-tests/controlflow/guards/GuardsCompare.expected b/cpp/ql/test/library-tests/controlflow/guards/GuardsCompare.expected index 5d3232d50fa..4d78c4016da 100644 --- a/cpp/ql/test/library-tests/controlflow/guards/GuardsCompare.expected +++ b/cpp/ql/test/library-tests/controlflow/guards/GuardsCompare.expected @@ -392,6 +392,12 @@ | test.c:206:8:206:8 | c | b >= a+0 when c is false | | test.c:206:8:206:8 | c | c != 0 when c is true | | test.c:206:8:206:8 | c | c == 0 when c is false | +| test.c:215:6:215:18 | ! ... | ... > ... != 0 when ! ... is false | +| test.c:215:6:215:18 | ! ... | ... > ... == 0 when ! ... is true | +| test.c:215:6:215:18 | ! ... | a < b+1 when ! ... is true | +| test.c:215:6:215:18 | ! ... | a >= b+1 when ! ... is false | +| test.c:215:6:215:18 | ! ... | b < a+0 when ! ... is false | +| test.c:215:6:215:18 | ! ... | b >= a+0 when ! ... is true | | test.c:215:6:215:18 | call to __builtin_expect | ... > ... != 0 when call to __builtin_expect is true | | test.c:215:6:215:18 | call to __builtin_expect | ... > ... == 0 when call to __builtin_expect is false | | test.c:215:6:215:18 | call to __builtin_expect | a < b+1 when call to __builtin_expect is false | @@ -402,6 +408,20 @@ | test.c:215:6:215:18 | call to __builtin_expect | call to __builtin_expect != 1 when call to __builtin_expect is false | | test.c:215:6:215:18 | call to __builtin_expect | call to __builtin_expect == 0 when call to __builtin_expect is false | | test.c:215:6:215:18 | call to __builtin_expect | call to __builtin_expect == 1 when call to __builtin_expect is true | +| test.c:215:13:215:17 | ... > ... | ... > ... != 0 when ... > ... is true | +| test.c:215:13:215:17 | ... > ... | ... > ... == 0 when ... > ... is false | +| test.c:215:13:215:17 | ... > ... | a < b+1 when ... > ... is false | +| test.c:215:13:215:17 | ... > ... | a >= b+1 when ... > ... is true | +| test.c:215:13:215:17 | ... > ... | b < a+0 when ... > ... is true | +| test.c:215:13:215:17 | ... > ... | b >= a+0 when ... > ... is false | +| test.c:219:9:219:22 | ! ... | 42 < a+0 when ! ... is false | +| test.c:219:9:219:22 | ! ... | 42 >= a+0 when ! ... is true | +| test.c:219:9:219:22 | ! ... | ... > ... != 0 when ! ... is false | +| test.c:219:9:219:22 | ! ... | ... > ... == 0 when ! ... is true | +| test.c:219:9:219:22 | ! ... | a < 42+1 when ! ... is true | +| test.c:219:9:219:22 | ! ... | a < 43 when ! ... is true | +| test.c:219:9:219:22 | ! ... | a >= 42+1 when ! ... is false | +| test.c:219:9:219:22 | ! ... | a >= 43 when ! ... is false | | test.c:219:9:219:22 | call to __builtin_expect | 42 < a+0 when call to __builtin_expect is true | | test.c:219:9:219:22 | call to __builtin_expect | 42 >= a+0 when call to __builtin_expect is false | | test.c:219:9:219:22 | call to __builtin_expect | ... > ... != 0 when call to __builtin_expect is true | @@ -414,6 +434,14 @@ | test.c:219:9:219:22 | call to __builtin_expect | call to __builtin_expect != 1 when call to __builtin_expect is false | | test.c:219:9:219:22 | call to __builtin_expect | call to __builtin_expect == 0 when call to __builtin_expect is false | | test.c:219:9:219:22 | call to __builtin_expect | call to __builtin_expect == 1 when call to __builtin_expect is true | +| test.c:219:16:219:21 | ... > ... | 42 < a+0 when ... > ... is true | +| test.c:219:16:219:21 | ... > ... | 42 >= a+0 when ... > ... is false | +| test.c:219:16:219:21 | ... > ... | ... > ... != 0 when ... > ... is true | +| test.c:219:16:219:21 | ... > ... | ... > ... == 0 when ... > ... is false | +| test.c:219:16:219:21 | ... > ... | a < 42+1 when ... > ... is false | +| test.c:219:16:219:21 | ... > ... | a < 43 when ... > ... is false | +| test.c:219:16:219:21 | ... > ... | a >= 42+1 when ... > ... is true | +| test.c:219:16:219:21 | ... > ... | a >= 43 when ... > ... is true | | test.cpp:18:8:18:10 | call to get | call to get != 0 when call to get is true | | test.cpp:18:8:18:10 | call to get | call to get != 1 when call to get is false | | test.cpp:18:8:18:10 | call to get | call to get == 0 when call to get is false | @@ -432,13 +460,52 @@ | test.cpp:42:13:42:20 | call to getABool | call to getABool != 1 when call to getABool is false | | test.cpp:42:13:42:20 | call to getABool | call to getABool == 0 when call to getABool is false | | test.cpp:42:13:42:20 | call to getABool | call to getABool == 1 when call to getABool is true | -| test.cpp:61:10:61:10 | i | i == 0 when i is Case[0] | -| test.cpp:61:10:61:10 | i | i == 1 when i is Case[1] | -| test.cpp:61:10:61:10 | i | i == 2 when i is Case[2] | -| test.cpp:74:10:74:10 | i | i < 11 when i is Case[0..10] | -| test.cpp:74:10:74:10 | i | i < 21 when i is Case[11..20] | -| test.cpp:74:10:74:10 | i | i >= 0 when i is Case[0..10] | -| test.cpp:74:10:74:10 | i | i >= 11 when i is Case[11..20] | +| test.cpp:60:31:60:31 | i | i != 0 when i is not 0 | +| test.cpp:60:31:60:31 | i | i != 1 when i is not 1 | +| test.cpp:60:31:60:31 | i | i != 2 when i is not 2 | +| test.cpp:60:31:60:31 | i | i == 0 when i is 0 | +| test.cpp:60:31:60:31 | i | i == 1 when i is 1 | +| test.cpp:60:31:60:31 | i | i == 2 when i is 2 | +| test.cpp:61:10:61:10 | i | i != 0 when i is not 0 | +| test.cpp:61:10:61:10 | i | i != 1 when i is not 1 | +| test.cpp:61:10:61:10 | i | i != 2 when i is not 2 | +| test.cpp:61:10:61:10 | i | i == 0 when i is 0 | +| test.cpp:61:10:61:10 | i | i == 1 when i is 1 | +| test.cpp:61:10:61:10 | i | i == 2 when i is 2 | +| test.cpp:63:12:63:12 | i | i != 0 when i is not 0 | +| test.cpp:63:12:63:12 | i | i != 1 when i is not 1 | +| test.cpp:63:12:63:12 | i | i != 2 when i is not 2 | +| test.cpp:63:12:63:12 | i | i == 0 when i is 0 | +| test.cpp:63:12:63:12 | i | i == 1 when i is 1 | +| test.cpp:63:12:63:12 | i | i == 2 when i is 2 | +| test.cpp:66:12:66:12 | i | i != 0 when i is not 0 | +| test.cpp:66:12:66:12 | i | i != 1 when i is not 1 | +| test.cpp:66:12:66:12 | i | i != 2 when i is not 2 | +| test.cpp:66:12:66:12 | i | i == 0 when i is 0 | +| test.cpp:66:12:66:12 | i | i == 1 when i is 1 | +| test.cpp:66:12:66:12 | i | i == 2 when i is 2 | +| test.cpp:69:12:69:12 | i | i != 0 when i is not 0 | +| test.cpp:69:12:69:12 | i | i != 1 when i is not 1 | +| test.cpp:69:12:69:12 | i | i != 2 when i is not 2 | +| test.cpp:69:12:69:12 | i | i == 0 when i is 0 | +| test.cpp:69:12:69:12 | i | i == 1 when i is 1 | +| test.cpp:69:12:69:12 | i | i == 2 when i is 2 | +| test.cpp:73:30:73:30 | i | i < 11 when i is Upper bound 10 | +| test.cpp:73:30:73:30 | i | i < 21 when i is Upper bound 20 | +| test.cpp:73:30:73:30 | i | i >= 0 when i is Lower bound 0 | +| test.cpp:73:30:73:30 | i | i >= 11 when i is Lower bound 11 | +| test.cpp:74:10:74:10 | i | i < 11 when i is Upper bound 10 | +| test.cpp:74:10:74:10 | i | i < 21 when i is Upper bound 20 | +| test.cpp:74:10:74:10 | i | i >= 0 when i is Lower bound 0 | +| test.cpp:74:10:74:10 | i | i >= 11 when i is Lower bound 11 | +| test.cpp:76:12:76:12 | i | i < 11 when i is Upper bound 10 | +| test.cpp:76:12:76:12 | i | i < 21 when i is Upper bound 20 | +| test.cpp:76:12:76:12 | i | i >= 0 when i is Lower bound 0 | +| test.cpp:76:12:76:12 | i | i >= 11 when i is Lower bound 11 | +| test.cpp:79:12:79:12 | i | i < 11 when i is Upper bound 10 | +| test.cpp:79:12:79:12 | i | i < 21 when i is Upper bound 20 | +| test.cpp:79:12:79:12 | i | i >= 0 when i is Lower bound 0 | +| test.cpp:79:12:79:12 | i | i >= 11 when i is Lower bound 11 | | test.cpp:93:6:93:6 | c | c != 0 when c is true | | test.cpp:93:6:93:6 | c | c != 1 when c is false | | test.cpp:93:6:93:6 | c | c == 0 when c is false | @@ -463,6 +530,10 @@ | test.cpp:111:6:111:14 | ... != ... | ... != ... == 1 when ... != ... is true | | test.cpp:111:6:111:14 | ... != ... | i != 0.0+0 when ... != ... is true | | test.cpp:111:6:111:14 | ... != ... | i == 0.0+0 when ... != ... is false | +| test.cpp:119:16:119:16 | b | b != 0 when b is true | +| test.cpp:119:16:119:16 | b | b != 1 when b is false | +| test.cpp:119:16:119:16 | b | b == 0 when b is false | +| test.cpp:119:16:119:16 | b | b == 1 when b is true | | test.cpp:122:9:122:9 | b | b != 0 when b is true | | test.cpp:122:9:122:9 | b | b != 1 when b is false | | test.cpp:122:9:122:9 | b | b == 0 when b is false | @@ -495,6 +566,14 @@ | test.cpp:131:6:131:21 | call to __builtin_expect | call to __builtin_expect != 1 when call to __builtin_expect is false | | test.cpp:131:6:131:21 | call to __builtin_expect | call to __builtin_expect == 0 when call to __builtin_expect is false | | test.cpp:131:6:131:21 | call to __builtin_expect | call to __builtin_expect == 1 when call to __builtin_expect is true | +| test.cpp:131:23:131:33 | ... == ... | ... + ... != a+0 when ... == ... is false | +| test.cpp:131:23:131:33 | ... == ... | ... + ... == a+0 when ... == ... is true | +| test.cpp:131:23:131:33 | ... == ... | a != ... + ...+0 when ... == ... is false | +| test.cpp:131:23:131:33 | ... == ... | a != b+42 when ... == ... is false | +| test.cpp:131:23:131:33 | ... == ... | a == ... + ...+0 when ... == ... is true | +| test.cpp:131:23:131:33 | ... == ... | a == b+42 when ... == ... is true | +| test.cpp:131:23:131:33 | ... == ... | b != a+-42 when ... == ... is false | +| test.cpp:131:23:131:33 | ... == ... | b == a+-42 when ... == ... is true | | test.cpp:135:6:135:21 | call to __builtin_expect | ... + ... != a+0 when call to __builtin_expect is true | | test.cpp:135:6:135:21 | call to __builtin_expect | ... + ... == a+0 when call to __builtin_expect is false | | test.cpp:135:6:135:21 | call to __builtin_expect | a != ... + ...+0 when call to __builtin_expect is true | @@ -507,6 +586,14 @@ | test.cpp:135:6:135:21 | call to __builtin_expect | call to __builtin_expect != 1 when call to __builtin_expect is false | | test.cpp:135:6:135:21 | call to __builtin_expect | call to __builtin_expect == 0 when call to __builtin_expect is false | | test.cpp:135:6:135:21 | call to __builtin_expect | call to __builtin_expect == 1 when call to __builtin_expect is true | +| test.cpp:135:23:135:33 | ... != ... | ... + ... != a+0 when ... != ... is true | +| test.cpp:135:23:135:33 | ... != ... | ... + ... == a+0 when ... != ... is false | +| test.cpp:135:23:135:33 | ... != ... | a != ... + ...+0 when ... != ... is true | +| test.cpp:135:23:135:33 | ... != ... | a != b+42 when ... != ... is true | +| test.cpp:135:23:135:33 | ... != ... | a == ... + ...+0 when ... != ... is false | +| test.cpp:135:23:135:33 | ... != ... | a == b+42 when ... != ... is false | +| test.cpp:135:23:135:33 | ... != ... | b != a+-42 when ... != ... is true | +| test.cpp:135:23:135:33 | ... != ... | b == a+-42 when ... != ... is false | | test.cpp:141:6:141:21 | call to __builtin_expect | 42 != a+0 when call to __builtin_expect is false | | test.cpp:141:6:141:21 | call to __builtin_expect | 42 == a+0 when call to __builtin_expect is true | | test.cpp:141:6:141:21 | call to __builtin_expect | a != 42 when call to __builtin_expect is false | @@ -517,6 +604,12 @@ | test.cpp:141:6:141:21 | call to __builtin_expect | call to __builtin_expect != 1 when call to __builtin_expect is false | | test.cpp:141:6:141:21 | call to __builtin_expect | call to __builtin_expect == 0 when call to __builtin_expect is false | | test.cpp:141:6:141:21 | call to __builtin_expect | call to __builtin_expect == 1 when call to __builtin_expect is true | +| test.cpp:141:23:141:29 | ... == ... | 42 != a+0 when ... == ... is false | +| test.cpp:141:23:141:29 | ... == ... | 42 == a+0 when ... == ... is true | +| test.cpp:141:23:141:29 | ... == ... | a != 42 when ... == ... is false | +| test.cpp:141:23:141:29 | ... == ... | a != 42+0 when ... == ... is false | +| test.cpp:141:23:141:29 | ... == ... | a == 42 when ... == ... is true | +| test.cpp:141:23:141:29 | ... == ... | a == 42+0 when ... == ... is true | | test.cpp:145:6:145:21 | call to __builtin_expect | 42 != a+0 when call to __builtin_expect is true | | test.cpp:145:6:145:21 | call to __builtin_expect | 42 == a+0 when call to __builtin_expect is false | | test.cpp:145:6:145:21 | call to __builtin_expect | a != 42 when call to __builtin_expect is true | @@ -527,6 +620,26 @@ | test.cpp:145:6:145:21 | call to __builtin_expect | call to __builtin_expect != 1 when call to __builtin_expect is false | | test.cpp:145:6:145:21 | call to __builtin_expect | call to __builtin_expect == 0 when call to __builtin_expect is false | | test.cpp:145:6:145:21 | call to __builtin_expect | call to __builtin_expect == 1 when call to __builtin_expect is true | +| test.cpp:145:23:145:29 | ... != ... | 42 != a+0 when ... != ... is true | +| test.cpp:145:23:145:29 | ... != ... | 42 == a+0 when ... != ... is false | +| test.cpp:145:23:145:29 | ... != ... | a != 42 when ... != ... is true | +| test.cpp:145:23:145:29 | ... != ... | a != 42+0 when ... != ... is true | +| test.cpp:145:23:145:29 | ... != ... | a == 42 when ... != ... is false | +| test.cpp:145:23:145:29 | ... != ... | a == 42+0 when ... != ... is false | +| test.cpp:151:8:151:13 | ... < ... | 10 < a+1 when ... < ... is false | +| test.cpp:151:8:151:13 | ... < ... | 10 >= a+1 when ... < ... is true | +| test.cpp:151:8:151:13 | ... < ... | ... < ... != 0 when ... < ... is true | +| test.cpp:151:8:151:13 | ... < ... | ... < ... != 1 when ... < ... is false | +| test.cpp:151:8:151:13 | ... < ... | ... < ... == 0 when ... < ... is false | +| test.cpp:151:8:151:13 | ... < ... | ... < ... == 1 when ... < ... is true | +| test.cpp:151:8:151:13 | ... < ... | a < 10 when ... < ... is true | +| test.cpp:151:8:151:13 | ... < ... | a < 10+0 when ... < ... is true | +| test.cpp:151:8:151:13 | ... < ... | a >= 10 when ... < ... is false | +| test.cpp:151:8:151:13 | ... < ... | a >= 10+0 when ... < ... is false | +| test.cpp:151:8:151:13 | ... < ... | b != 0 when ... < ... is true | +| test.cpp:151:8:151:13 | ... < ... | b != 1 when ... < ... is false | +| test.cpp:151:8:151:13 | ... < ... | b == 0 when ... < ... is false | +| test.cpp:151:8:151:13 | ... < ... | b == 1 when ... < ... is true | | test.cpp:152:7:152:8 | ! ... | 10 < a+1 when ! ... is true | | test.cpp:152:7:152:8 | ! ... | 10 >= a+1 when ! ... is false | | test.cpp:152:7:152:8 | ! ... | ! ... != 0 when ! ... is true | @@ -563,6 +676,18 @@ | test.cpp:152:8:152:8 | b | b != 1 when b is false | | test.cpp:152:8:152:8 | b | b == 0 when b is false | | test.cpp:152:8:152:8 | b | b == 1 when b is true | +| test.cpp:158:12:158:17 | ... != ... | ... != ... != 0 when ... != ... is true | +| test.cpp:158:12:158:17 | ... != ... | ... != ... != 1 when ... != ... is false | +| test.cpp:158:12:158:17 | ... != ... | ... != ... == 0 when ... != ... is false | +| test.cpp:158:12:158:17 | ... != ... | ... != ... == 1 when ... != ... is true | +| test.cpp:158:12:158:17 | ... != ... | a != b+0 when ... != ... is true | +| test.cpp:158:12:158:17 | ... != ... | a == b+0 when ... != ... is false | +| test.cpp:158:12:158:17 | ... != ... | b != a+0 when ... != ... is true | +| test.cpp:158:12:158:17 | ... != ... | b == a+0 when ... != ... is false | +| test.cpp:158:12:158:17 | ... != ... | c != 0 when ... != ... is true | +| test.cpp:158:12:158:17 | ... != ... | c != 1 when ... != ... is false | +| test.cpp:158:12:158:17 | ... != ... | c == 0 when ... != ... is false | +| test.cpp:158:12:158:17 | ... != ... | c == 1 when ... != ... is true | | test.cpp:160:7:160:8 | ! ... | ! ... != 0 when ! ... is true | | test.cpp:160:7:160:8 | ! ... | ! ... != 1 when ! ... is false | | test.cpp:160:7:160:8 | ! ... | ! ... == 0 when ! ... is false | @@ -595,6 +720,20 @@ | test.cpp:160:8:160:8 | c | c != 1 when c is false | | test.cpp:160:8:160:8 | c | c == 0 when c is false | | test.cpp:160:8:160:8 | c | c == 1 when c is true | +| test.cpp:166:12:166:17 | ... > ... | 10 < a+0 when ... > ... is true | +| test.cpp:166:12:166:17 | ... > ... | 10 >= a+0 when ... > ... is false | +| test.cpp:166:12:166:17 | ... > ... | ... > ... != 0 when ... > ... is true | +| test.cpp:166:12:166:17 | ... > ... | ... > ... != 1 when ... > ... is false | +| test.cpp:166:12:166:17 | ... > ... | ... > ... == 0 when ... > ... is false | +| test.cpp:166:12:166:17 | ... > ... | ... > ... == 1 when ... > ... is true | +| test.cpp:166:12:166:17 | ... > ... | a < 10+1 when ... > ... is false | +| test.cpp:166:12:166:17 | ... > ... | a < 11 when ... > ... is false | +| test.cpp:166:12:166:17 | ... > ... | a >= 10+1 when ... > ... is true | +| test.cpp:166:12:166:17 | ... > ... | a >= 11 when ... > ... is true | +| test.cpp:166:12:166:17 | ... > ... | b != 0 when ... > ... is true | +| test.cpp:166:12:166:17 | ... > ... | b != 1 when ... > ... is false | +| test.cpp:166:12:166:17 | ... > ... | b == 0 when ... > ... is false | +| test.cpp:166:12:166:17 | ... > ... | b == 1 when ... > ... is true | | test.cpp:168:7:168:8 | ! ... | 10 < a+0 when ! ... is false | | test.cpp:168:7:168:8 | ! ... | 10 >= a+0 when ! ... is true | | test.cpp:168:7:168:8 | ! ... | ! ... != 0 when ! ... is true | @@ -631,6 +770,18 @@ | test.cpp:168:8:168:8 | b | b != 1 when b is false | | test.cpp:168:8:168:8 | b | b == 0 when b is false | | test.cpp:168:8:168:8 | b | b == 1 when b is true | +| test.cpp:174:12:174:16 | ... > ... | ... > ... != 0 when ... > ... is true | +| test.cpp:174:12:174:16 | ... > ... | ... > ... != 1 when ... > ... is false | +| test.cpp:174:12:174:16 | ... > ... | ... > ... == 0 when ... > ... is false | +| test.cpp:174:12:174:16 | ... > ... | ... > ... == 1 when ... > ... is true | +| test.cpp:174:12:174:16 | ... > ... | a < b+1 when ... > ... is false | +| test.cpp:174:12:174:16 | ... > ... | a >= b+1 when ... > ... is true | +| test.cpp:174:12:174:16 | ... > ... | b < a+0 when ... > ... is true | +| test.cpp:174:12:174:16 | ... > ... | b >= a+0 when ... > ... is false | +| test.cpp:174:12:174:16 | ... > ... | c != 0 when ... > ... is true | +| test.cpp:174:12:174:16 | ... > ... | c != 1 when ... > ... is false | +| test.cpp:174:12:174:16 | ... > ... | c == 0 when ... > ... is false | +| test.cpp:174:12:174:16 | ... > ... | c == 1 when ... > ... is true | | test.cpp:176:7:176:8 | ! ... | ! ... != 0 when ! ... is true | | test.cpp:176:7:176:8 | ! ... | ! ... != 1 when ! ... is false | | test.cpp:176:7:176:8 | ! ... | ! ... == 0 when ! ... is false | @@ -663,6 +814,14 @@ | test.cpp:176:8:176:8 | c | c != 1 when c is false | | test.cpp:176:8:176:8 | c | c == 0 when c is false | | test.cpp:176:8:176:8 | c | c == 1 when c is true | +| test.cpp:181:28:181:29 | b1 | b1 != 0 when b1 is true | +| test.cpp:181:28:181:29 | b1 | b1 != 1 when b1 is false | +| test.cpp:181:28:181:29 | b1 | b1 == 0 when b1 is false | +| test.cpp:181:28:181:29 | b1 | b1 == 1 when b1 is true | +| test.cpp:181:37:181:38 | b2 | b2 != 0 when b2 is true | +| test.cpp:181:37:181:38 | b2 | b2 != 1 when b2 is false | +| test.cpp:181:37:181:38 | b2 | b2 == 0 when b2 is false | +| test.cpp:181:37:181:38 | b2 | b2 == 1 when b2 is true | | test.cpp:182:6:182:16 | ! ... | ! ... != 0 when ! ... is true | | test.cpp:182:6:182:16 | ! ... | ! ... != 1 when ! ... is false | | test.cpp:182:6:182:16 | ! ... | ! ... == 0 when ! ... is false | @@ -695,6 +854,30 @@ | test.cpp:182:14:182:15 | b2 | b2 != 1 when b2 is false | | test.cpp:182:14:182:15 | b2 | b2 == 0 when b2 is false | | test.cpp:182:14:182:15 | b2 | b2 == 1 when b2 is true | +| test.cpp:183:9:183:10 | b1 | b1 != 0 when b1 is true | +| test.cpp:183:9:183:10 | b1 | b1 != 1 when b1 is false | +| test.cpp:183:9:183:10 | b1 | b1 == 0 when b1 is false | +| test.cpp:183:9:183:10 | b1 | b1 == 1 when b1 is true | +| test.cpp:184:9:184:10 | b2 | b2 != 0 when b2 is true | +| test.cpp:184:9:184:10 | b2 | b2 != 1 when b2 is false | +| test.cpp:184:9:184:10 | b2 | b2 == 0 when b2 is false | +| test.cpp:184:9:184:10 | b2 | b2 == 1 when b2 is true | +| test.cpp:187:9:187:10 | b1 | b1 != 0 when b1 is true | +| test.cpp:187:9:187:10 | b1 | b1 != 1 when b1 is false | +| test.cpp:187:9:187:10 | b1 | b1 == 0 when b1 is false | +| test.cpp:187:9:187:10 | b1 | b1 == 1 when b1 is true | +| test.cpp:188:9:188:10 | b2 | b2 != 0 when b2 is true | +| test.cpp:188:9:188:10 | b2 | b2 != 1 when b2 is false | +| test.cpp:188:9:188:10 | b2 | b2 == 0 when b2 is false | +| test.cpp:188:9:188:10 | b2 | b2 == 1 when b2 is true | +| test.cpp:192:27:192:28 | b1 | b1 != 0 when b1 is true | +| test.cpp:192:27:192:28 | b1 | b1 != 1 when b1 is false | +| test.cpp:192:27:192:28 | b1 | b1 == 0 when b1 is false | +| test.cpp:192:27:192:28 | b1 | b1 == 1 when b1 is true | +| test.cpp:192:36:192:37 | b2 | b2 != 0 when b2 is true | +| test.cpp:192:36:192:37 | b2 | b2 != 1 when b2 is false | +| test.cpp:192:36:192:37 | b2 | b2 == 0 when b2 is false | +| test.cpp:192:36:192:37 | b2 | b2 == 1 when b2 is true | | test.cpp:193:6:193:16 | ! ... | ! ... != 0 when ! ... is true | | test.cpp:193:6:193:16 | ! ... | ! ... != 1 when ! ... is false | | test.cpp:193:6:193:16 | ! ... | ! ... == 0 when ! ... is false | @@ -727,6 +910,22 @@ | test.cpp:193:14:193:15 | b2 | b2 != 1 when b2 is false | | test.cpp:193:14:193:15 | b2 | b2 == 0 when b2 is false | | test.cpp:193:14:193:15 | b2 | b2 == 1 when b2 is true | +| test.cpp:195:9:195:10 | b1 | b1 != 0 when b1 is true | +| test.cpp:195:9:195:10 | b1 | b1 != 1 when b1 is false | +| test.cpp:195:9:195:10 | b1 | b1 == 0 when b1 is false | +| test.cpp:195:9:195:10 | b1 | b1 == 1 when b1 is true | +| test.cpp:196:9:196:10 | b2 | b2 != 0 when b2 is true | +| test.cpp:196:9:196:10 | b2 | b2 != 1 when b2 is false | +| test.cpp:196:9:196:10 | b2 | b2 == 0 when b2 is false | +| test.cpp:196:9:196:10 | b2 | b2 == 1 when b2 is true | +| test.cpp:198:9:198:10 | b1 | b1 != 0 when b1 is true | +| test.cpp:198:9:198:10 | b1 | b1 != 1 when b1 is false | +| test.cpp:198:9:198:10 | b1 | b1 == 0 when b1 is false | +| test.cpp:198:9:198:10 | b1 | b1 == 1 when b1 is true | +| test.cpp:199:9:199:10 | b2 | b2 != 0 when b2 is true | +| test.cpp:199:9:199:10 | b2 | b2 != 1 when b2 is false | +| test.cpp:199:9:199:10 | b2 | b2 == 0 when b2 is false | +| test.cpp:199:9:199:10 | b2 | b2 == 1 when b2 is true | | test.cpp:211:9:211:15 | ... == ... | 0 != sc+0 when ... == ... is false | | test.cpp:211:9:211:15 | ... == ... | 0 == sc+0 when ... == ... is true | | test.cpp:211:9:211:15 | ... == ... | ... == ... != 0 when ... == ... is true | @@ -875,6 +1074,10 @@ | test.cpp:247:6:247:18 | ... == ... | a == b+0 when ... == ... is false | | test.cpp:247:6:247:18 | ... == ... | b != a+0 when ... == ... is true | | test.cpp:247:6:247:18 | ... == ... | b == a+0 when ... == ... is false | +| test.cpp:247:7:247:12 | ... == ... | a != b+0 when ... == ... is false | +| test.cpp:247:7:247:12 | ... == ... | a == b+0 when ... == ... is true | +| test.cpp:247:7:247:12 | ... == ... | b != a+0 when ... == ... is false | +| test.cpp:247:7:247:12 | ... == ... | b == a+0 when ... == ... is true | | test.cpp:253:6:253:18 | ... != ... | 0 != ... == ...+0 when ... != ... is true | | test.cpp:253:6:253:18 | ... != ... | 0 == ... == ...+0 when ... != ... is false | | test.cpp:253:6:253:18 | ... != ... | ... != ... != 0 when ... != ... is true | @@ -889,6 +1092,10 @@ | test.cpp:253:6:253:18 | ... != ... | a == b+0 when ... != ... is true | | test.cpp:253:6:253:18 | ... != ... | b != a+0 when ... != ... is false | | test.cpp:253:6:253:18 | ... != ... | b == a+0 when ... != ... is true | +| test.cpp:253:7:253:12 | ... == ... | a != b+0 when ... == ... is false | +| test.cpp:253:7:253:12 | ... == ... | a == b+0 when ... == ... is true | +| test.cpp:253:7:253:12 | ... == ... | b != a+0 when ... == ... is false | +| test.cpp:253:7:253:12 | ... == ... | b == a+0 when ... == ... is true | | test.cpp:260:6:260:18 | ... == ... | 0 != ... != ...+0 when ... == ... is false | | test.cpp:260:6:260:18 | ... == ... | 0 == ... != ...+0 when ... == ... is true | | test.cpp:260:6:260:18 | ... == ... | ... != ... != 0 when ... == ... is false | @@ -903,6 +1110,10 @@ | test.cpp:260:6:260:18 | ... == ... | a == b+0 when ... == ... is true | | test.cpp:260:6:260:18 | ... == ... | b != a+0 when ... == ... is false | | test.cpp:260:6:260:18 | ... == ... | b == a+0 when ... == ... is true | +| test.cpp:260:7:260:12 | ... != ... | a != b+0 when ... != ... is true | +| test.cpp:260:7:260:12 | ... != ... | a == b+0 when ... != ... is false | +| test.cpp:260:7:260:12 | ... != ... | b != a+0 when ... != ... is true | +| test.cpp:260:7:260:12 | ... != ... | b == a+0 when ... != ... is false | | test.cpp:266:6:266:18 | ... != ... | 0 != ... != ...+0 when ... != ... is true | | test.cpp:266:6:266:18 | ... != ... | 0 == ... != ...+0 when ... != ... is false | | test.cpp:266:6:266:18 | ... != ... | ... != ... != 0 when ... != ... is true | @@ -915,6 +1126,10 @@ | test.cpp:266:6:266:18 | ... != ... | a == b+0 when ... != ... is false | | test.cpp:266:6:266:18 | ... != ... | b != a+0 when ... != ... is true | | test.cpp:266:6:266:18 | ... != ... | b == a+0 when ... != ... is false | +| test.cpp:266:7:266:12 | ... != ... | a != b+0 when ... != ... is true | +| test.cpp:266:7:266:12 | ... != ... | a == b+0 when ... != ... is false | +| test.cpp:266:7:266:12 | ... != ... | b != a+0 when ... != ... is true | +| test.cpp:266:7:266:12 | ... != ... | b == a+0 when ... != ... is false | | test.cpp:273:6:273:17 | ... == ... | 0 != ... < ...+0 when ... == ... is false | | test.cpp:273:6:273:17 | ... == ... | 0 == ... < ...+0 when ... == ... is true | | test.cpp:273:6:273:17 | ... == ... | ... < ... != 0 when ... == ... is false | @@ -929,6 +1144,10 @@ | test.cpp:273:6:273:17 | ... == ... | a >= b+0 when ... == ... is true | | test.cpp:273:6:273:17 | ... == ... | b < a+1 when ... == ... is true | | test.cpp:273:6:273:17 | ... == ... | b >= a+1 when ... == ... is false | +| test.cpp:273:7:273:11 | ... < ... | a < b+0 when ... < ... is true | +| test.cpp:273:7:273:11 | ... < ... | a >= b+0 when ... < ... is false | +| test.cpp:273:7:273:11 | ... < ... | b < a+1 when ... < ... is false | +| test.cpp:273:7:273:11 | ... < ... | b >= a+1 when ... < ... is true | | test.cpp:279:6:279:17 | ... != ... | 0 != ... < ...+0 when ... != ... is true | | test.cpp:279:6:279:17 | ... != ... | 0 == ... < ...+0 when ... != ... is false | | test.cpp:279:6:279:17 | ... != ... | ... != ... != 0 when ... != ... is true | @@ -943,6 +1162,10 @@ | test.cpp:279:6:279:17 | ... != ... | a >= b+0 when ... != ... is false | | test.cpp:279:6:279:17 | ... != ... | b < a+1 when ... != ... is false | | test.cpp:279:6:279:17 | ... != ... | b >= a+1 when ... != ... is true | +| test.cpp:279:7:279:11 | ... < ... | a < b+0 when ... < ... is true | +| test.cpp:279:7:279:11 | ... < ... | a >= b+0 when ... < ... is false | +| test.cpp:279:7:279:11 | ... < ... | b < a+1 when ... < ... is false | +| test.cpp:279:7:279:11 | ... < ... | b >= a+1 when ... < ... is true | | test.cpp:287:6:287:19 | ... == ... | 0 != ... == ...+0 when ... == ... is false | | test.cpp:287:6:287:19 | ... == ... | 0 == ... == ...+0 when ... == ... is true | | test.cpp:287:6:287:19 | ... == ... | 42 != a+0 when ... == ... is true | @@ -959,6 +1182,12 @@ | test.cpp:287:6:287:19 | ... == ... | a != 42+0 when ... == ... is true | | test.cpp:287:6:287:19 | ... == ... | a == 42 when ... == ... is false | | test.cpp:287:6:287:19 | ... == ... | a == 42+0 when ... == ... is false | +| test.cpp:287:7:287:13 | ... == ... | 42 != a+0 when ... == ... is false | +| test.cpp:287:7:287:13 | ... == ... | 42 == a+0 when ... == ... is true | +| test.cpp:287:7:287:13 | ... == ... | a != 42 when ... == ... is false | +| test.cpp:287:7:287:13 | ... == ... | a != 42+0 when ... == ... is false | +| test.cpp:287:7:287:13 | ... == ... | a == 42 when ... == ... is true | +| test.cpp:287:7:287:13 | ... == ... | a == 42+0 when ... == ... is true | | test.cpp:293:6:293:19 | ... != ... | 0 != ... == ...+0 when ... != ... is true | | test.cpp:293:6:293:19 | ... != ... | 0 == ... == ...+0 when ... != ... is false | | test.cpp:293:6:293:19 | ... != ... | 42 != a+0 when ... != ... is false | @@ -975,6 +1204,12 @@ | test.cpp:293:6:293:19 | ... != ... | a != 42+0 when ... != ... is false | | test.cpp:293:6:293:19 | ... != ... | a == 42 when ... != ... is true | | test.cpp:293:6:293:19 | ... != ... | a == 42+0 when ... != ... is true | +| test.cpp:293:7:293:13 | ... == ... | 42 != a+0 when ... == ... is false | +| test.cpp:293:7:293:13 | ... == ... | 42 == a+0 when ... == ... is true | +| test.cpp:293:7:293:13 | ... == ... | a != 42 when ... == ... is false | +| test.cpp:293:7:293:13 | ... == ... | a != 42+0 when ... == ... is false | +| test.cpp:293:7:293:13 | ... == ... | a == 42 when ... == ... is true | +| test.cpp:293:7:293:13 | ... == ... | a == 42+0 when ... == ... is true | | test.cpp:300:6:300:19 | ... == ... | 0 != ... != ...+0 when ... == ... is false | | test.cpp:300:6:300:19 | ... == ... | 0 == ... != ...+0 when ... == ... is true | | test.cpp:300:6:300:19 | ... == ... | 42 != a+0 when ... == ... is false | @@ -991,6 +1226,12 @@ | test.cpp:300:6:300:19 | ... == ... | a != 42+0 when ... == ... is false | | test.cpp:300:6:300:19 | ... == ... | a == 42 when ... == ... is true | | test.cpp:300:6:300:19 | ... == ... | a == 42+0 when ... == ... is true | +| test.cpp:300:7:300:13 | ... != ... | 42 != a+0 when ... != ... is true | +| test.cpp:300:7:300:13 | ... != ... | 42 == a+0 when ... != ... is false | +| test.cpp:300:7:300:13 | ... != ... | a != 42 when ... != ... is true | +| test.cpp:300:7:300:13 | ... != ... | a != 42+0 when ... != ... is true | +| test.cpp:300:7:300:13 | ... != ... | a == 42 when ... != ... is false | +| test.cpp:300:7:300:13 | ... != ... | a == 42+0 when ... != ... is false | | test.cpp:306:6:306:19 | ... != ... | 0 != ... != ...+0 when ... != ... is true | | test.cpp:306:6:306:19 | ... != ... | 0 == ... != ...+0 when ... != ... is false | | test.cpp:306:6:306:19 | ... != ... | 42 != a+0 when ... != ... is true | @@ -1005,6 +1246,12 @@ | test.cpp:306:6:306:19 | ... != ... | a != 42+0 when ... != ... is true | | test.cpp:306:6:306:19 | ... != ... | a == 42 when ... != ... is false | | test.cpp:306:6:306:19 | ... != ... | a == 42+0 when ... != ... is false | +| test.cpp:306:7:306:13 | ... != ... | 42 != a+0 when ... != ... is true | +| test.cpp:306:7:306:13 | ... != ... | 42 == a+0 when ... != ... is false | +| test.cpp:306:7:306:13 | ... != ... | a != 42 when ... != ... is true | +| test.cpp:306:7:306:13 | ... != ... | a != 42+0 when ... != ... is true | +| test.cpp:306:7:306:13 | ... != ... | a == 42 when ... != ... is false | +| test.cpp:306:7:306:13 | ... != ... | a == 42+0 when ... != ... is false | | test.cpp:312:6:312:18 | ... == ... | 0 != ... < ...+0 when ... == ... is false | | test.cpp:312:6:312:18 | ... == ... | 0 == ... < ...+0 when ... == ... is true | | test.cpp:312:6:312:18 | ... == ... | 42 < a+1 when ... == ... is true | @@ -1021,6 +1268,12 @@ | test.cpp:312:6:312:18 | ... == ... | a < 42+0 when ... == ... is false | | test.cpp:312:6:312:18 | ... == ... | a >= 42 when ... == ... is true | | test.cpp:312:6:312:18 | ... == ... | a >= 42+0 when ... == ... is true | +| test.cpp:312:7:312:12 | ... < ... | 42 < a+1 when ... < ... is false | +| test.cpp:312:7:312:12 | ... < ... | 42 >= a+1 when ... < ... is true | +| test.cpp:312:7:312:12 | ... < ... | a < 42 when ... < ... is true | +| test.cpp:312:7:312:12 | ... < ... | a < 42+0 when ... < ... is true | +| test.cpp:312:7:312:12 | ... < ... | a >= 42 when ... < ... is false | +| test.cpp:312:7:312:12 | ... < ... | a >= 42+0 when ... < ... is false | | test.cpp:318:6:318:18 | ... != ... | 0 != ... < ...+0 when ... != ... is true | | test.cpp:318:6:318:18 | ... != ... | 0 == ... < ...+0 when ... != ... is false | | test.cpp:318:6:318:18 | ... != ... | 42 < a+1 when ... != ... is false | @@ -1037,3 +1290,155 @@ | test.cpp:318:6:318:18 | ... != ... | a < 42+0 when ... != ... is true | | test.cpp:318:6:318:18 | ... != ... | a >= 42 when ... != ... is false | | test.cpp:318:6:318:18 | ... != ... | a >= 42+0 when ... != ... is false | +| test.cpp:318:7:318:12 | ... < ... | 42 < a+1 when ... < ... is false | +| test.cpp:318:7:318:12 | ... < ... | 42 >= a+1 when ... < ... is true | +| test.cpp:318:7:318:12 | ... < ... | a < 42 when ... < ... is true | +| test.cpp:318:7:318:12 | ... < ... | a < 42+0 when ... < ... is true | +| test.cpp:318:7:318:12 | ... < ... | a >= 42 when ... < ... is false | +| test.cpp:318:7:318:12 | ... < ... | a >= 42+0 when ... < ... is false | +| test.cpp:327:46:327:46 | b | b != 0 when b is true | +| test.cpp:327:46:327:46 | b | b != 1 when b is false | +| test.cpp:327:46:327:46 | b | b == 0 when b is false | +| test.cpp:327:46:327:46 | b | b == 1 when b is true | +| test.cpp:330:7:330:7 | b | b != 0 when b is true | +| test.cpp:330:7:330:7 | b | b != 1 when b is false | +| test.cpp:330:7:330:7 | b | b == 0 when b is false | +| test.cpp:330:7:330:7 | b | b == 1 when b is true | +| test.cpp:334:11:334:11 | x | x < 51 when x is Upper bound 50 | +| test.cpp:334:11:334:11 | x | x >= 40 when x is Lower bound 40 | +| test.cpp:338:9:338:9 | x | x < 51 when x is Upper bound 50 | +| test.cpp:338:9:338:9 | x | x >= 40 when x is Lower bound 40 | +| test.cpp:345:10:345:25 | ... != ... | 0 != input+0 when ... != ... is true | +| test.cpp:345:10:345:25 | ... != ... | 0 == input+0 when ... != ... is false | +| test.cpp:345:10:345:25 | ... != ... | input != 0 when ... != ... is true | +| test.cpp:345:10:345:25 | ... != ... | input != 0+0 when ... != ... is true | +| test.cpp:345:10:345:25 | ... != ... | input == 0 when ... != ... is false | +| test.cpp:345:10:345:25 | ... != ... | input == 0+0 when ... != ... is false | +| test.cpp:349:11:349:22 | call to testNotNull1 | call to testNotNull1 != 0 when call to testNotNull1 is true | +| test.cpp:349:11:349:22 | call to testNotNull1 | call to testNotNull1 != 1 when call to testNotNull1 is false | +| test.cpp:349:11:349:22 | call to testNotNull1 | call to testNotNull1 == 0 when call to testNotNull1 is false | +| test.cpp:349:11:349:22 | call to testNotNull1 | call to testNotNull1 == 1 when call to testNotNull1 is true | +| test.cpp:350:7:350:12 | ... != ... | 0 != x+0 when ... != ... is true | +| test.cpp:350:7:350:12 | ... != ... | 0 == x+0 when ... != ... is false | +| test.cpp:350:7:350:12 | ... != ... | ... != ... != 0 when ... != ... is true | +| test.cpp:350:7:350:12 | ... != ... | ... != ... != 1 when ... != ... is false | +| test.cpp:350:7:350:12 | ... != ... | ... != ... == 0 when ... != ... is false | +| test.cpp:350:7:350:12 | ... != ... | ... != ... == 1 when ... != ... is true | +| test.cpp:350:7:350:12 | ... != ... | x != 0 when ... != ... is true | +| test.cpp:350:7:350:12 | ... != ... | x != 0+0 when ... != ... is true | +| test.cpp:350:7:350:12 | ... != ... | x == 0 when ... != ... is false | +| test.cpp:350:7:350:12 | ... != ... | x == 0+0 when ... != ... is false | +| test.cpp:356:7:356:22 | ... == ... | 0 != input+0 when ... == ... is false | +| test.cpp:356:7:356:22 | ... == ... | 0 == input+0 when ... == ... is true | +| test.cpp:356:7:356:22 | ... == ... | ... == ... != 0 when ... == ... is true | +| test.cpp:356:7:356:22 | ... == ... | ... == ... != 1 when ... == ... is false | +| test.cpp:356:7:356:22 | ... == ... | ... == ... == 0 when ... == ... is false | +| test.cpp:356:7:356:22 | ... == ... | ... == ... == 1 when ... == ... is true | +| test.cpp:356:7:356:22 | ... == ... | input != 0 when ... == ... is false | +| test.cpp:356:7:356:22 | ... == ... | input != 0+0 when ... == ... is false | +| test.cpp:356:7:356:22 | ... == ... | input == 0 when ... == ... is true | +| test.cpp:356:7:356:22 | ... == ... | input == 0+0 when ... == ... is true | +| test.cpp:361:10:361:26 | ... == ... | 0 != number+0 when ... == ... is false | +| test.cpp:361:10:361:26 | ... == ... | 0 == number+0 when ... == ... is true | +| test.cpp:361:10:361:26 | ... == ... | ... == ... != 0 when ... == ... is true | +| test.cpp:361:10:361:26 | ... == ... | ... == ... != 1 when ... == ... is false | +| test.cpp:361:10:361:26 | ... == ... | ... == ... == 0 when ... == ... is false | +| test.cpp:361:10:361:26 | ... == ... | ... == ... == 1 when ... == ... is true | +| test.cpp:361:10:361:26 | ... == ... | number != 0 when ... == ... is false | +| test.cpp:361:10:361:26 | ... == ... | number != 0+0 when ... == ... is false | +| test.cpp:361:10:361:26 | ... == ... | number == 0 when ... == ... is true | +| test.cpp:361:10:361:26 | ... == ... | number == 0+0 when ... == ... is true | +| test.cpp:365:7:365:9 | ! ... | ! ... != 0 when ! ... is true | +| test.cpp:365:7:365:9 | ! ... | ! ... != 1 when ! ... is false | +| test.cpp:365:7:365:9 | ! ... | ! ... == 0 when ! ... is false | +| test.cpp:365:7:365:9 | ! ... | ! ... == 1 when ! ... is true | +| test.cpp:365:7:365:9 | ! ... | s1 != 0 when ! ... is false | +| test.cpp:365:7:365:9 | ! ... | s1 != 1 when ! ... is true | +| test.cpp:365:7:365:9 | ! ... | s1 == 0 when ! ... is true | +| test.cpp:365:7:365:9 | ! ... | s1 == 1 when ! ... is false | +| test.cpp:365:7:365:16 | ... \|\| ... | ! ... != 1 when ... \|\| ... is false | +| test.cpp:365:7:365:16 | ... \|\| ... | ! ... == 0 when ... \|\| ... is false | +| test.cpp:365:7:365:16 | ... \|\| ... | s1 != 0 when ... \|\| ... is false | +| test.cpp:365:7:365:16 | ... \|\| ... | s1 == 1 when ... \|\| ... is false | +| test.cpp:365:7:365:16 | ... \|\| ... | s2 != 0 when ... \|\| ... is false | +| test.cpp:365:7:365:16 | ... \|\| ... | s2 == 1 when ... \|\| ... is false | +| test.cpp:365:8:365:9 | s1 | ! ... != 0 when s1 is false | +| test.cpp:365:8:365:9 | s1 | ! ... != 1 when s1 is true | +| test.cpp:365:8:365:9 | s1 | ! ... == 0 when s1 is true | +| test.cpp:365:8:365:9 | s1 | ! ... == 1 when s1 is false | +| test.cpp:365:8:365:9 | s1 | s1 != 0 when s1 is true | +| test.cpp:365:8:365:9 | s1 | s1 != 1 when s1 is false | +| test.cpp:365:8:365:9 | s1 | s1 == 0 when s1 is false | +| test.cpp:365:8:365:9 | s1 | s1 == 1 when s1 is true | +| test.cpp:365:14:365:16 | ! ... | ! ... != 0 when ! ... is true | +| test.cpp:365:14:365:16 | ! ... | ! ... != 1 when ! ... is false | +| test.cpp:365:14:365:16 | ! ... | ! ... == 0 when ! ... is false | +| test.cpp:365:14:365:16 | ! ... | ! ... == 1 when ! ... is true | +| test.cpp:365:14:365:16 | ! ... | s2 != 0 when ! ... is false | +| test.cpp:365:14:365:16 | ! ... | s2 != 1 when ! ... is true | +| test.cpp:365:14:365:16 | ! ... | s2 == 0 when ! ... is true | +| test.cpp:365:14:365:16 | ! ... | s2 == 1 when ! ... is false | +| test.cpp:365:15:365:16 | s2 | ! ... != 0 when s2 is false | +| test.cpp:365:15:365:16 | s2 | ! ... != 1 when s2 is true | +| test.cpp:365:15:365:16 | s2 | ! ... == 0 when s2 is true | +| test.cpp:365:15:365:16 | s2 | ! ... == 1 when s2 is false | +| test.cpp:365:15:365:16 | s2 | s2 != 0 when s2 is true | +| test.cpp:365:15:365:16 | s2 | s2 != 1 when s2 is false | +| test.cpp:365:15:365:16 | s2 | s2 == 0 when s2 is false | +| test.cpp:365:15:365:16 | s2 | s2 == 1 when s2 is true | +| test.cpp:371:29:371:32 | flag | flag != 0 when flag is true | +| test.cpp:371:29:371:32 | flag | flag != 1 when flag is false | +| test.cpp:371:29:371:32 | flag | flag == 0 when flag is false | +| test.cpp:371:29:371:32 | flag | flag == 1 when flag is true | +| test.cpp:372:10:372:13 | flag | flag != 0 when flag is true | +| test.cpp:372:10:372:13 | flag | flag != 1 when flag is false | +| test.cpp:372:10:372:13 | flag | flag == 0 when flag is false | +| test.cpp:372:10:372:13 | flag | flag == 1 when flag is true | +| test.cpp:376:7:376:18 | call to testNotNull1 | call to testNotNull1 != 0 when call to testNotNull1 is true | +| test.cpp:376:7:376:18 | call to testNotNull1 | call to testNotNull1 != 1 when call to testNotNull1 is false | +| test.cpp:376:7:376:18 | call to testNotNull1 | call to testNotNull1 == 0 when call to testNotNull1 is false | +| test.cpp:376:7:376:18 | call to testNotNull1 | call to testNotNull1 == 1 when call to testNotNull1 is true | +| test.cpp:382:7:382:18 | call to testNotNull2 | call to testNotNull2 != 0 when call to testNotNull2 is true | +| test.cpp:382:7:382:18 | call to testNotNull2 | call to testNotNull2 != 1 when call to testNotNull2 is false | +| test.cpp:382:7:382:18 | call to testNotNull2 | call to testNotNull2 == 0 when call to testNotNull2 is false | +| test.cpp:382:7:382:18 | call to testNotNull2 | call to testNotNull2 == 1 when call to testNotNull2 is true | +| test.cpp:388:7:388:29 | ... == ... | 0 != call to getNumOrDefault+0 when ... == ... is false | +| test.cpp:388:7:388:29 | ... == ... | 0 == call to getNumOrDefault+0 when ... == ... is true | +| test.cpp:388:7:388:29 | ... == ... | ... == ... != 0 when ... == ... is true | +| test.cpp:388:7:388:29 | ... == ... | ... == ... != 1 when ... == ... is false | +| test.cpp:388:7:388:29 | ... == ... | ... == ... == 0 when ... == ... is false | +| test.cpp:388:7:388:29 | ... == ... | ... == ... == 1 when ... == ... is true | +| test.cpp:388:7:388:29 | ... == ... | call to getNumOrDefault != 0 when ... == ... is false | +| test.cpp:388:7:388:29 | ... == ... | call to getNumOrDefault != 0+0 when ... == ... is false | +| test.cpp:388:7:388:29 | ... == ... | call to getNumOrDefault == 0 when ... == ... is true | +| test.cpp:388:7:388:29 | ... == ... | call to getNumOrDefault == 0+0 when ... == ... is true | +| test.cpp:394:7:394:47 | ... == ... | 0 != call to returnAIfNoneAreNull+0 when ... == ... is false | +| test.cpp:394:7:394:47 | ... == ... | 0 == call to returnAIfNoneAreNull+0 when ... == ... is true | +| test.cpp:394:7:394:47 | ... == ... | ... == ... != 0 when ... == ... is true | +| test.cpp:394:7:394:47 | ... == ... | ... == ... != 1 when ... == ... is false | +| test.cpp:394:7:394:47 | ... == ... | ... == ... == 0 when ... == ... is false | +| test.cpp:394:7:394:47 | ... == ... | ... == ... == 1 when ... == ... is true | +| test.cpp:394:7:394:47 | ... == ... | call to returnAIfNoneAreNull != 0 when ... == ... is false | +| test.cpp:394:7:394:47 | ... == ... | call to returnAIfNoneAreNull != 0+0 when ... == ... is false | +| test.cpp:394:7:394:47 | ... == ... | call to returnAIfNoneAreNull == 0 when ... == ... is true | +| test.cpp:394:7:394:47 | ... == ... | call to returnAIfNoneAreNull == 0+0 when ... == ... is true | +| test.cpp:400:11:400:25 | call to testEnumWrapper | call to testEnumWrapper != 1 when call to testEnumWrapper is not 1 | +| test.cpp:400:11:400:25 | call to testEnumWrapper | call to testEnumWrapper != 2 when call to testEnumWrapper is not 2 | +| test.cpp:400:11:400:25 | call to testEnumWrapper | call to testEnumWrapper == 1 when call to testEnumWrapper is 1 | +| test.cpp:400:11:400:25 | call to testEnumWrapper | call to testEnumWrapper == 2 when call to testEnumWrapper is 2 | +| test.cpp:411:7:411:8 | ! ... | ! ... != 0 when ! ... is true | +| test.cpp:411:7:411:8 | ! ... | ! ... != 1 when ! ... is false | +| test.cpp:411:7:411:8 | ! ... | ! ... == 0 when ! ... is false | +| test.cpp:411:7:411:8 | ! ... | ! ... == 1 when ! ... is true | +| test.cpp:411:7:411:8 | ! ... | o != 0 when ! ... is false | +| test.cpp:411:7:411:8 | ! ... | o != 1 when ! ... is true | +| test.cpp:411:7:411:8 | ! ... | o == 0 when ! ... is true | +| test.cpp:411:7:411:8 | ! ... | o == 1 when ! ... is false | +| test.cpp:411:8:411:8 | o | ! ... != 0 when o is false | +| test.cpp:411:8:411:8 | o | ! ... != 1 when o is true | +| test.cpp:411:8:411:8 | o | ! ... == 0 when o is true | +| test.cpp:411:8:411:8 | o | ! ... == 1 when o is false | +| test.cpp:411:8:411:8 | o | o != 0 when o is true | +| test.cpp:411:8:411:8 | o | o != 1 when o is false | +| test.cpp:411:8:411:8 | o | o == 0 when o is false | +| test.cpp:411:8:411:8 | o | o == 1 when o is true | diff --git a/cpp/ql/test/library-tests/controlflow/guards/GuardsCompare.ql b/cpp/ql/test/library-tests/controlflow/guards/GuardsCompare.ql index 59996548113..a925bf91407 100644 --- a/cpp/ql/test/library-tests/controlflow/guards/GuardsCompare.ql +++ b/cpp/ql/test/library-tests/controlflow/guards/GuardsCompare.ql @@ -27,7 +27,7 @@ where ) ) or - exists(AbstractValue value | + exists(GuardValue value | guard.comparesLt(left, k, true, value) and op = " < " or guard.comparesLt(left, k, false, value) and op = " >= " diff --git a/cpp/ql/test/library-tests/controlflow/guards/GuardsControl.expected b/cpp/ql/test/library-tests/controlflow/guards/GuardsControl.expected index 05afe345b8c..26175106d69 100644 --- a/cpp/ql/test/library-tests/controlflow/guards/GuardsControl.expected +++ b/cpp/ql/test/library-tests/controlflow/guards/GuardsControl.expected @@ -43,16 +43,36 @@ | test.c:44:12:44:16 | ... > ... | true | test.c:45:13:45:20 | if (...) ... | | test.c:44:12:44:16 | ... > ... | true | test.c:45:23:47:22 | { ... } | | test.c:45:16:45:20 | ... > ... | true | test.c:45:23:47:22 | { ... } | +| test.c:58:9:58:9 | x | not 0 | test.c:58:19:58:23 | y | +| test.c:58:9:58:9 | x | not 0 | test.c:62:9:62:16 | return ... | | test.c:58:9:58:14 | ... == ... | false | test.c:58:19:58:23 | y | | test.c:58:9:58:14 | ... == ... | false | test.c:62:9:62:16 | return ... | | test.c:58:9:58:23 | ... \|\| ... | false | test.c:62:9:62:16 | return ... | | test.c:58:19:58:23 | ... < ... | false | test.c:62:9:62:16 | return ... | +| test.c:70:15:70:15 | x | 0 | test.c:75:17:77:14 | { ... } | +| test.c:70:15:70:15 | x | 0 | test.c:85:18:85:23 | y | +| test.c:70:15:70:15 | x | 0 | test.c:86:9:86:14 | ExprStmt | +| test.c:70:15:70:15 | x | not 0 | test.c:78:12:79:14 | { ... } | +| test.c:75:9:75:9 | x | 0 | test.c:75:17:77:14 | { ... } | +| test.c:75:9:75:9 | x | not 0 | test.c:78:12:79:14 | { ... } | | test.c:75:9:75:14 | ... == ... | false | test.c:78:12:79:14 | { ... } | | test.c:75:9:75:14 | ... == ... | true | test.c:75:17:77:14 | { ... } | +| test.c:85:8:85:8 | x | 0 | test.c:85:18:85:23 | y | +| test.c:85:8:85:8 | x | 0 | test.c:86:9:86:14 | ExprStmt | | test.c:85:8:85:13 | ... == ... | true | test.c:85:18:85:23 | y | | test.c:85:8:85:13 | ... == ... | true | test.c:86:9:86:14 | ExprStmt | | test.c:85:8:85:23 | ... && ... | true | test.c:86:9:86:14 | ExprStmt | +| test.c:85:18:85:18 | y | not 0 | test.c:86:9:86:14 | ExprStmt | | test.c:85:18:85:23 | ... != ... | true | test.c:86:9:86:14 | ExprStmt | +| test.c:94:11:94:11 | x | 0 | test.c:70:5:70:9 | test2 | +| test.c:94:11:94:11 | x | 0 | test.c:99:5:102:13 | ExprStmt | +| test.c:94:11:94:11 | x | 0 | test.c:102:16:102:21 | j | +| test.c:94:11:94:11 | x | 0 | test.c:102:29:102:26 | { ... } | +| test.c:94:11:94:11 | x | 0 | test.c:107:5:109:14 | ExprStmt | +| test.c:94:11:94:11 | x | 0 | test.c:109:19:109:23 | y | +| test.c:94:11:94:11 | x | 0 | test.c:109:26:117:12 | { ... } | +| test.c:94:11:94:11 | x | 0 | test.c:113:9:113:16 | return ... | +| test.c:94:11:94:11 | x | not 0 | test.c:94:19:96:11 | { ... } | | test.c:94:11:94:16 | ... != ... | false | test.c:70:5:70:9 | test2 | | test.c:94:11:94:16 | ... != ... | false | test.c:99:5:102:13 | ExprStmt | | test.c:94:11:94:16 | ... != ... | false | test.c:102:16:102:21 | j | @@ -68,98 +88,188 @@ | test.c:102:16:102:21 | ... < ... | false | test.c:109:26:117:12 | { ... } | | test.c:102:16:102:21 | ... < ... | false | test.c:113:9:113:16 | return ... | | test.c:102:16:102:21 | ... < ... | true | test.c:102:29:102:26 | { ... } | +| test.c:109:9:109:9 | x | not 0 | test.c:109:19:109:23 | y | +| test.c:109:9:109:9 | x | not 0 | test.c:113:9:113:16 | return ... | | test.c:109:9:109:14 | ... == ... | false | test.c:109:19:109:23 | y | | test.c:109:9:109:14 | ... == ... | false | test.c:113:9:113:16 | return ... | | test.c:109:9:109:23 | ... \|\| ... | false | test.c:113:9:113:16 | return ... | | test.c:109:19:109:23 | ... < ... | false | test.c:113:9:113:16 | return ... | +| test.c:126:7:126:7 | 1 | not 0 | test.c:126:12:126:26 | call to test3_condition | +| test.c:126:7:126:7 | 1 | not 0 | test.c:126:31:128:16 | { ... } | +| test.c:126:7:126:7 | 1 | not 0 | test.c:131:3:131:7 | if (...) ... | +| test.c:126:7:126:7 | 1 | not 0 | test.c:131:10:132:16 | { ... } | +| test.c:126:7:126:7 | 1 | not 0 | test.c:134:1:123:10 | return ... | | test.c:126:7:126:7 | 1 | true | test.c:126:12:126:26 | call to test3_condition | | test.c:126:7:126:7 | 1 | true | test.c:126:31:128:16 | { ... } | | test.c:126:7:126:7 | 1 | true | test.c:131:3:131:7 | if (...) ... | | test.c:126:7:126:7 | 1 | true | test.c:131:10:132:16 | { ... } | | test.c:126:7:126:7 | 1 | true | test.c:134:1:123:10 | return ... | +| test.c:126:7:126:28 | ... && ... | not 0 | test.c:126:31:128:16 | { ... } | +| test.c:126:7:126:28 | ... && ... | not 0 | test.c:131:10:132:16 | { ... } | | test.c:126:7:126:28 | ... && ... | true | test.c:126:31:128:16 | { ... } | +| test.c:126:7:126:28 | ... && ... | true | test.c:131:10:132:16 | { ... } | +| test.c:126:12:126:26 | call to test3_condition | not 0 | test.c:126:31:128:16 | { ... } | +| test.c:126:12:126:26 | call to test3_condition | not 0 | test.c:131:10:132:16 | { ... } | | test.c:126:12:126:26 | call to test3_condition | true | test.c:126:31:128:16 | { ... } | +| test.c:126:12:126:26 | call to test3_condition | true | test.c:131:10:132:16 | { ... } | +| test.c:127:9:127:9 | 1 | not 0 | test.c:131:10:132:16 | { ... } | +| test.c:131:7:131:7 | b | not 0 | test.c:131:10:132:16 | { ... } | | test.c:131:7:131:7 | b | true | test.c:131:10:132:16 | { ... } | +| test.c:137:7:137:7 | 0 | 0 | test.c:142:3:136:10 | return ... | | test.c:137:7:137:7 | 0 | false | test.c:142:3:136:10 | return ... | +| test.c:145:16:145:16 | x | 0 | test.c:146:11:147:9 | { ... } | | test.c:146:7:146:8 | ! ... | true | test.c:146:11:147:9 | { ... } | +| test.c:146:8:146:8 | x | 0 | test.c:146:11:147:9 | { ... } | | test.c:146:8:146:8 | x | false | test.c:146:11:147:9 | { ... } | +| test.c:151:18:151:18 | p | not null | test.c:152:11:154:5 | { ... } | +| test.c:152:8:152:8 | p | not null | test.c:152:11:154:5 | { ... } | | test.c:152:8:152:8 | p | true | test.c:152:11:154:5 | { ... } | +| test.c:157:18:157:18 | p | null | test.c:158:12:160:5 | { ... } | | test.c:158:8:158:9 | ! ... | true | test.c:158:12:160:5 | { ... } | | test.c:158:9:158:9 | p | false | test.c:158:12:160:5 | { ... } | +| test.c:158:9:158:9 | p | null | test.c:158:12:160:5 | { ... } | +| test.c:163:18:163:18 | s | not 0 | test.c:164:11:166:5 | { ... } | +| test.c:164:8:164:8 | s | not 0 | test.c:164:11:166:5 | { ... } | | test.c:164:8:164:8 | s | true | test.c:164:11:166:5 | { ... } | +| test.c:169:18:169:18 | s | 0 | test.c:170:12:172:5 | { ... } | | test.c:170:8:170:9 | ! ... | true | test.c:170:12:172:5 | { ... } | +| test.c:170:9:170:9 | s | 0 | test.c:170:12:172:5 | { ... } | | test.c:170:9:170:9 | s | false | test.c:170:12:172:5 | { ... } | | test.c:176:8:176:15 | ! ... | true | test.c:176:18:178:5 | { ... } | +| test.c:176:10:176:14 | ... < ... | 0 | test.c:176:18:178:5 | { ... } | | test.c:176:10:176:14 | ... < ... | false | test.c:176:18:178:5 | { ... } | | test.c:182:8:182:34 | ! ... | true | test.c:182:37:184:5 | { ... } | | test.c:182:10:182:20 | ... >= ... | true | test.c:181:25:182:20 | { ... } | | test.c:182:10:182:20 | ... >= ... | true | test.c:182:25:182:33 | foo | +| test.c:182:10:182:33 | ... && ... | 0 | test.c:182:37:184:5 | { ... } | | test.c:182:10:182:33 | ... && ... | false | test.c:182:37:184:5 | { ... } | | test.c:182:10:182:33 | ... && ... | true | test.c:181:25:182:20 | { ... } | | test.c:182:25:182:33 | ... < ... | true | test.c:181:25:182:20 | { ... } | +| test.c:188:11:188:16 | ... != ... | 0 | test.c:190:11:192:3 | { ... } | | test.c:190:7:190:8 | ! ... | true | test.c:190:11:192:3 | { ... } | +| test.c:190:8:190:8 | c | 0 | test.c:190:11:192:3 | { ... } | | test.c:190:8:190:8 | c | false | test.c:190:11:192:3 | { ... } | +| test.c:196:11:196:16 | ... > ... | 0 | test.c:198:11:200:3 | { ... } | | test.c:198:7:198:8 | ! ... | true | test.c:198:11:200:3 | { ... } | +| test.c:198:8:198:8 | b | 0 | test.c:198:11:200:3 | { ... } | | test.c:198:8:198:8 | b | false | test.c:198:11:200:3 | { ... } | +| test.c:204:11:204:15 | ... > ... | 0 | test.c:206:11:208:3 | { ... } | | test.c:206:7:206:8 | ! ... | true | test.c:206:11:208:3 | { ... } | +| test.c:206:8:206:8 | c | 0 | test.c:206:11:208:3 | { ... } | | test.c:206:8:206:8 | c | false | test.c:206:11:208:3 | { ... } | +| test.c:215:6:215:18 | call to __builtin_expect | not 0 | test.c:215:21:217:5 | { ... } | | test.c:215:6:215:18 | call to __builtin_expect | true | test.c:215:21:217:5 | { ... } | +| test.c:219:9:219:22 | call to __builtin_expect | not 0 | test.c:219:25:221:5 | { ... } | | test.c:219:9:219:22 | call to __builtin_expect | true | test.c:219:25:221:5 | { ... } | +| test.cpp:18:8:18:10 | call to get | not null | test.cpp:19:5:19:14 | ExprStmt | | test.cpp:18:8:18:10 | call to get | true | test.cpp:19:5:19:14 | ExprStmt | +| test.cpp:30:22:30:22 | x | -1 | test.cpp:30:6:30:16 | doSomething | +| test.cpp:30:22:30:22 | x | -1 | test.cpp:31:16:32:21 | { ... } | +| test.cpp:30:22:30:22 | x | not -1 | test.cpp:30:6:30:16 | doSomething | +| test.cpp:30:22:30:22 | x | not -1 | test.cpp:34:1:34:1 | return ... | +| test.cpp:31:7:31:7 | x | -1 | test.cpp:30:6:30:16 | doSomething | +| test.cpp:31:7:31:7 | x | -1 | test.cpp:31:16:32:21 | { ... } | +| test.cpp:31:7:31:7 | x | not -1 | test.cpp:30:6:30:16 | doSomething | +| test.cpp:31:7:31:7 | x | not -1 | test.cpp:34:1:34:1 | return ... | | test.cpp:31:7:31:13 | ... == ... | false | test.cpp:30:6:30:16 | doSomething | | test.cpp:31:7:31:13 | ... == ... | false | test.cpp:34:1:34:1 | return ... | | test.cpp:31:7:31:13 | ... == ... | true | test.cpp:30:6:30:16 | doSomething | | test.cpp:31:7:31:13 | ... == ... | true | test.cpp:31:16:32:21 | { ... } | | test.cpp:42:13:42:20 | call to getABool | true | test.cpp:43:9:45:23 | { ... } | -| test.cpp:61:10:61:10 | i | Case[0] | test.cpp:62:5:64:12 | case ...: | -| test.cpp:61:10:61:10 | i | Case[1] | test.cpp:65:5:66:10 | case ...: | -| test.cpp:74:10:74:10 | i | Case[0..10] | test.cpp:75:5:77:12 | case ...: | -| test.cpp:74:10:74:10 | i | Case[11..20] | test.cpp:78:5:79:10 | case ...: | +| test.cpp:60:31:60:31 | i | 0 | test.cpp:62:5:64:12 | case ...: | +| test.cpp:60:31:60:31 | i | 1 | test.cpp:65:5:66:10 | case ...: | +| test.cpp:61:10:61:10 | i | 0 | test.cpp:62:5:64:12 | case ...: | +| test.cpp:61:10:61:10 | i | 1 | test.cpp:65:5:66:10 | case ...: | +| test.cpp:73:30:73:30 | i | Lower bound 0 | test.cpp:75:5:77:12 | case ...: | +| test.cpp:73:30:73:30 | i | Lower bound 11 | test.cpp:78:5:79:10 | case ...: | +| test.cpp:73:30:73:30 | i | Upper bound 10 | test.cpp:75:5:77:12 | case ...: | +| test.cpp:73:30:73:30 | i | Upper bound 20 | test.cpp:78:5:79:10 | case ...: | +| test.cpp:74:10:74:10 | i | Lower bound 0 | test.cpp:75:5:77:12 | case ...: | +| test.cpp:74:10:74:10 | i | Lower bound 11 | test.cpp:78:5:79:10 | case ...: | +| test.cpp:74:10:74:10 | i | Upper bound 10 | test.cpp:75:5:77:12 | case ...: | +| test.cpp:74:10:74:10 | i | Upper bound 20 | test.cpp:78:5:79:10 | case ...: | +| test.cpp:92:31:92:31 | c | not null | test.cpp:93:9:94:7 | { ... } | +| test.cpp:93:6:93:6 | c | not null | test.cpp:93:9:94:7 | { ... } | | test.cpp:93:6:93:6 | c | true | test.cpp:93:9:94:7 | { ... } | | test.cpp:99:6:99:6 | f | true | test.cpp:99:9:100:7 | { ... } | | test.cpp:105:6:105:14 | ... != ... | true | test.cpp:105:17:106:7 | { ... } | | test.cpp:111:6:111:14 | ... != ... | true | test.cpp:111:17:112:7 | { ... } | +| test.cpp:119:16:119:16 | b | true | test.cpp:123:5:125:20 | { ... } | +| test.cpp:119:16:119:16 | b | true | test.cpp:125:23:125:29 | return ... | | test.cpp:122:9:122:9 | b | true | test.cpp:123:5:125:20 | { ... } | | test.cpp:122:9:122:9 | b | true | test.cpp:125:23:125:29 | return ... | | test.cpp:125:13:125:20 | ! ... | true | test.cpp:125:23:125:29 | return ... | | test.cpp:125:14:125:17 | call to safe | false | test.cpp:125:23:125:29 | return ... | +| test.cpp:131:6:131:21 | call to __builtin_expect | not 0 | test.cpp:131:40:132:9 | { ... } | | test.cpp:131:6:131:21 | call to __builtin_expect | true | test.cpp:131:40:132:9 | { ... } | +| test.cpp:135:6:135:21 | call to __builtin_expect | not 0 | test.cpp:135:40:136:9 | { ... } | | test.cpp:135:6:135:21 | call to __builtin_expect | true | test.cpp:135:40:136:9 | { ... } | +| test.cpp:141:6:141:21 | call to __builtin_expect | not 0 | test.cpp:141:36:142:9 | { ... } | | test.cpp:141:6:141:21 | call to __builtin_expect | true | test.cpp:141:36:142:9 | { ... } | +| test.cpp:145:6:145:21 | call to __builtin_expect | not 0 | test.cpp:145:36:146:9 | { ... } | | test.cpp:145:6:145:21 | call to __builtin_expect | true | test.cpp:145:36:146:9 | { ... } | +| test.cpp:151:8:151:13 | ... < ... | false | test.cpp:152:11:153:9 | { ... } | | test.cpp:152:7:152:8 | ! ... | true | test.cpp:152:11:153:9 | { ... } | | test.cpp:152:8:152:8 | b | false | test.cpp:152:11:153:9 | { ... } | +| test.cpp:158:12:158:17 | ... != ... | false | test.cpp:160:11:162:3 | { ... } | | test.cpp:160:7:160:8 | ! ... | true | test.cpp:160:11:162:3 | { ... } | | test.cpp:160:8:160:8 | c | false | test.cpp:160:11:162:3 | { ... } | +| test.cpp:166:12:166:17 | ... > ... | false | test.cpp:168:11:170:3 | { ... } | | test.cpp:168:7:168:8 | ! ... | true | test.cpp:168:11:170:3 | { ... } | | test.cpp:168:8:168:8 | b | false | test.cpp:168:11:170:3 | { ... } | +| test.cpp:174:12:174:16 | ... > ... | false | test.cpp:176:11:178:3 | { ... } | | test.cpp:176:7:176:8 | ! ... | true | test.cpp:176:11:178:3 | { ... } | | test.cpp:176:8:176:8 | c | false | test.cpp:176:11:178:3 | { ... } | +| test.cpp:181:28:181:29 | b1 | true | test.cpp:181:41:182:9 | { ... } | +| test.cpp:181:28:181:29 | b1 | true | test.cpp:182:14:182:15 | b2 | +| test.cpp:181:28:181:29 | b1 | true | test.cpp:185:10:188:7 | { ... } | +| test.cpp:181:37:181:38 | b2 | true | test.cpp:181:41:182:9 | { ... } | +| test.cpp:181:37:181:38 | b2 | true | test.cpp:185:10:188:7 | { ... } | | test.cpp:182:6:182:16 | ! ... | false | test.cpp:185:10:188:7 | { ... } | | test.cpp:182:6:182:16 | ! ... | true | test.cpp:182:19:184:7 | { ... } | | test.cpp:182:8:182:9 | b1 | true | test.cpp:181:41:182:9 | { ... } | | test.cpp:182:8:182:9 | b1 | true | test.cpp:182:14:182:15 | b2 | +| test.cpp:182:8:182:9 | b1 | true | test.cpp:185:10:188:7 | { ... } | | test.cpp:182:8:182:15 | ... && ... | false | test.cpp:182:19:184:7 | { ... } | | test.cpp:182:8:182:15 | ... && ... | true | test.cpp:181:41:182:9 | { ... } | | test.cpp:182:8:182:15 | ... && ... | true | test.cpp:185:10:188:7 | { ... } | | test.cpp:182:14:182:15 | b2 | true | test.cpp:181:41:182:9 | { ... } | +| test.cpp:182:14:182:15 | b2 | true | test.cpp:185:10:188:7 | { ... } | +| test.cpp:192:27:192:28 | b1 | false | test.cpp:192:40:193:9 | { ... } | +| test.cpp:192:27:192:28 | b1 | false | test.cpp:193:14:193:15 | b2 | +| test.cpp:192:27:192:28 | b1 | false | test.cpp:193:19:196:7 | { ... } | +| test.cpp:192:36:192:37 | b2 | false | test.cpp:192:40:193:9 | { ... } | +| test.cpp:192:36:192:37 | b2 | false | test.cpp:193:19:196:7 | { ... } | | test.cpp:193:6:193:16 | ! ... | false | test.cpp:197:10:199:7 | { ... } | | test.cpp:193:6:193:16 | ! ... | true | test.cpp:193:19:196:7 | { ... } | | test.cpp:193:8:193:9 | b1 | false | test.cpp:192:40:193:9 | { ... } | | test.cpp:193:8:193:9 | b1 | false | test.cpp:193:14:193:15 | b2 | +| test.cpp:193:8:193:9 | b1 | false | test.cpp:193:19:196:7 | { ... } | | test.cpp:193:8:193:15 | ... \|\| ... | false | test.cpp:192:40:193:9 | { ... } | | test.cpp:193:8:193:15 | ... \|\| ... | false | test.cpp:193:19:196:7 | { ... } | | test.cpp:193:8:193:15 | ... \|\| ... | true | test.cpp:197:10:199:7 | { ... } | | test.cpp:193:14:193:15 | b2 | false | test.cpp:192:40:193:9 | { ... } | +| test.cpp:193:14:193:15 | b2 | false | test.cpp:193:19:196:7 | { ... } | +| test.cpp:208:28:208:29 | sc | 0 | test.cpp:211:18:212:13 | { ... } | +| test.cpp:208:28:208:29 | sc | 0 | test.cpp:214:20:215:13 | { ... } | +| test.cpp:208:46:208:47 | ul | 0 | test.cpp:217:18:218:13 | { ... } | +| test.cpp:208:74:208:74 | b | 0 | test.cpp:229:17:230:13 | { ... } | +| test.cpp:208:74:208:74 | b | 0 | test.cpp:232:21:233:13 | { ... } | +| test.cpp:211:9:211:10 | sc | 0 | test.cpp:211:18:212:13 | { ... } | | test.cpp:211:9:211:15 | ... == ... | true | test.cpp:211:18:212:13 | { ... } | +| test.cpp:214:9:214:10 | sc | 0 | test.cpp:214:20:215:13 | { ... } | | test.cpp:214:9:214:17 | ... == ... | true | test.cpp:214:20:215:13 | { ... } | +| test.cpp:217:9:217:10 | ul | 0 | test.cpp:217:18:218:13 | { ... } | | test.cpp:217:9:217:15 | ... == ... | true | test.cpp:217:18:218:13 | { ... } | | test.cpp:220:9:220:14 | ... == ... | true | test.cpp:220:17:221:13 | { ... } | | test.cpp:223:9:223:16 | ... == ... | true | test.cpp:223:19:224:13 | { ... } | | test.cpp:226:9:226:14 | ... == ... | true | test.cpp:226:17:227:13 | { ... } | +| test.cpp:229:9:229:9 | b | 0 | test.cpp:229:17:230:13 | { ... } | | test.cpp:229:9:229:14 | ... == ... | true | test.cpp:229:17:230:13 | { ... } | +| test.cpp:232:9:232:9 | b | 0 | test.cpp:232:21:233:13 | { ... } | | test.cpp:232:9:232:18 | ... == ... | true | test.cpp:232:21:233:13 | { ... } | | test.cpp:235:9:235:17 | ... == ... | true | test.cpp:235:20:236:13 | { ... } | +| test.cpp:235:12:235:12 | i | 0 | test.cpp:235:20:236:13 | { ... } | | test.cpp:238:9:238:17 | ... == ... | true | test.cpp:238:20:239:13 | { ... } | | test.cpp:241:9:241:17 | ... == ... | true | test.cpp:241:22:241:30 | ms | | test.cpp:241:9:241:17 | ... == ... | true | test.cpp:241:35:241:43 | ms | @@ -167,30 +277,151 @@ | test.cpp:241:9:241:30 | ... && ... | true | test.cpp:241:35:241:43 | ms | | test.cpp:241:9:241:30 | ... && ... | true | test.cpp:241:46:242:13 | { ... } | | test.cpp:241:9:241:43 | ... && ... | true | test.cpp:241:46:242:13 | { ... } | +| test.cpp:241:12:241:12 | i | 0 | test.cpp:241:22:241:30 | ms | +| test.cpp:241:12:241:12 | i | 0 | test.cpp:241:35:241:43 | ms | +| test.cpp:241:12:241:12 | i | 0 | test.cpp:241:46:242:13 | { ... } | | test.cpp:241:22:241:30 | ... == ... | true | test.cpp:241:35:241:43 | ms | | test.cpp:241:22:241:30 | ... == ... | true | test.cpp:241:46:242:13 | { ... } | | test.cpp:241:35:241:43 | ... == ... | true | test.cpp:241:46:242:13 | { ... } | +| test.cpp:241:38:241:38 | i | 0 | test.cpp:241:46:242:13 | { ... } | | test.cpp:247:6:247:18 | ... == ... | false | test.cpp:249:10:251:3 | { ... } | | test.cpp:247:6:247:18 | ... == ... | true | test.cpp:247:21:249:3 | { ... } | +| test.cpp:247:7:247:12 | ... == ... | 0 | test.cpp:247:21:249:3 | { ... } | +| test.cpp:247:7:247:12 | ... == ... | not 0 | test.cpp:249:10:251:3 | { ... } | | test.cpp:253:6:253:18 | ... != ... | false | test.cpp:255:10:257:3 | { ... } | | test.cpp:253:6:253:18 | ... != ... | true | test.cpp:253:21:255:3 | { ... } | +| test.cpp:253:7:253:12 | ... == ... | 0 | test.cpp:255:10:257:3 | { ... } | +| test.cpp:253:7:253:12 | ... == ... | not 0 | test.cpp:253:21:255:3 | { ... } | | test.cpp:260:6:260:18 | ... == ... | false | test.cpp:262:10:264:3 | { ... } | | test.cpp:260:6:260:18 | ... == ... | true | test.cpp:260:21:262:3 | { ... } | +| test.cpp:260:7:260:12 | ... != ... | 0 | test.cpp:260:21:262:3 | { ... } | +| test.cpp:260:7:260:12 | ... != ... | not 0 | test.cpp:262:10:264:3 | { ... } | | test.cpp:266:6:266:18 | ... != ... | false | test.cpp:268:10:270:3 | { ... } | | test.cpp:266:6:266:18 | ... != ... | true | test.cpp:266:21:268:3 | { ... } | +| test.cpp:266:7:266:12 | ... != ... | 0 | test.cpp:268:10:270:3 | { ... } | +| test.cpp:266:7:266:12 | ... != ... | not 0 | test.cpp:266:21:268:3 | { ... } | | test.cpp:273:6:273:17 | ... == ... | false | test.cpp:275:10:277:3 | { ... } | | test.cpp:273:6:273:17 | ... == ... | true | test.cpp:273:20:275:3 | { ... } | +| test.cpp:273:7:273:11 | ... < ... | 0 | test.cpp:273:20:275:3 | { ... } | +| test.cpp:273:7:273:11 | ... < ... | not 0 | test.cpp:275:10:277:3 | { ... } | | test.cpp:279:6:279:17 | ... != ... | false | test.cpp:281:10:283:3 | { ... } | | test.cpp:279:6:279:17 | ... != ... | true | test.cpp:279:20:281:3 | { ... } | +| test.cpp:279:7:279:11 | ... < ... | 0 | test.cpp:281:10:283:3 | { ... } | +| test.cpp:279:7:279:11 | ... < ... | not 0 | test.cpp:279:20:281:3 | { ... } | | test.cpp:287:6:287:19 | ... == ... | false | test.cpp:289:10:291:3 | { ... } | | test.cpp:287:6:287:19 | ... == ... | true | test.cpp:287:22:289:3 | { ... } | +| test.cpp:287:7:287:13 | ... == ... | 0 | test.cpp:287:22:289:3 | { ... } | +| test.cpp:287:7:287:13 | ... == ... | not 0 | test.cpp:289:10:291:3 | { ... } | | test.cpp:293:6:293:19 | ... != ... | false | test.cpp:295:10:297:3 | { ... } | | test.cpp:293:6:293:19 | ... != ... | true | test.cpp:293:22:295:3 | { ... } | +| test.cpp:293:7:293:13 | ... == ... | 0 | test.cpp:295:10:297:3 | { ... } | +| test.cpp:293:7:293:13 | ... == ... | not 0 | test.cpp:293:22:295:3 | { ... } | | test.cpp:300:6:300:19 | ... == ... | false | test.cpp:302:10:304:3 | { ... } | | test.cpp:300:6:300:19 | ... == ... | true | test.cpp:300:22:302:3 | { ... } | +| test.cpp:300:7:300:13 | ... != ... | 0 | test.cpp:300:22:302:3 | { ... } | +| test.cpp:300:7:300:13 | ... != ... | not 0 | test.cpp:302:10:304:3 | { ... } | | test.cpp:306:6:306:19 | ... != ... | false | test.cpp:308:10:310:3 | { ... } | | test.cpp:306:6:306:19 | ... != ... | true | test.cpp:306:22:308:3 | { ... } | +| test.cpp:306:7:306:13 | ... != ... | 0 | test.cpp:308:10:310:3 | { ... } | +| test.cpp:306:7:306:13 | ... != ... | not 0 | test.cpp:306:22:308:3 | { ... } | | test.cpp:312:6:312:18 | ... == ... | false | test.cpp:314:10:316:3 | { ... } | | test.cpp:312:6:312:18 | ... == ... | true | test.cpp:312:21:314:3 | { ... } | +| test.cpp:312:7:312:12 | ... < ... | 0 | test.cpp:312:21:314:3 | { ... } | +| test.cpp:312:7:312:12 | ... < ... | not 0 | test.cpp:314:10:316:3 | { ... } | | test.cpp:318:6:318:18 | ... != ... | false | test.cpp:320:10:322:3 | { ... } | | test.cpp:318:6:318:18 | ... != ... | true | test.cpp:318:21:320:3 | { ... } | +| test.cpp:318:7:318:12 | ... < ... | 0 | test.cpp:320:10:322:3 | { ... } | +| test.cpp:318:7:318:12 | ... < ... | not 0 | test.cpp:318:21:320:3 | { ... } | +| test.cpp:327:46:327:46 | b | true | test.cpp:331:3:332:10 | { ... } | +| test.cpp:330:7:330:7 | b | true | test.cpp:331:3:332:10 | { ... } | +| test.cpp:334:11:334:11 | x | Lower bound 40 | test.cpp:336:3:338:7 | case ...: | +| test.cpp:334:11:334:11 | x | Upper bound 50 | test.cpp:336:3:338:7 | case ...: | +| test.cpp:348:25:348:25 | y | not null | test.cpp:349:29:349:30 | 42 | +| test.cpp:348:25:348:25 | y | not null | test.cpp:350:15:351:7 | { ... } | +| test.cpp:348:25:348:25 | y | null | test.cpp:349:34:349:34 | 0 | +| test.cpp:349:11:349:22 | call to testNotNull1 | false | test.cpp:349:34:349:34 | 0 | +| test.cpp:349:11:349:22 | call to testNotNull1 | true | test.cpp:349:29:349:30 | 42 | +| test.cpp:349:11:349:22 | call to testNotNull1 | true | test.cpp:350:15:351:7 | { ... } | +| test.cpp:349:11:349:34 | ... ? ... : ... | not 0 | test.cpp:350:15:351:7 | { ... } | +| test.cpp:349:24:349:24 | y | not null | test.cpp:349:29:349:30 | 42 | +| test.cpp:349:24:349:24 | y | not null | test.cpp:350:15:351:7 | { ... } | +| test.cpp:349:24:349:24 | y | null | test.cpp:349:34:349:34 | 0 | +| test.cpp:349:29:349:30 | 42 | not 0 | test.cpp:350:15:351:7 | { ... } | +| test.cpp:350:7:350:7 | x | not 0 | test.cpp:350:15:351:7 | { ... } | +| test.cpp:350:7:350:12 | ... != ... | true | test.cpp:350:15:351:7 | { ... } | +| test.cpp:355:25:355:29 | input | not null | test.cpp:357:3:357:13 | return ... | +| test.cpp:355:25:355:29 | input | null | test.cpp:356:25:356:36 | return ... | +| test.cpp:356:7:356:11 | input | not null | test.cpp:357:3:357:13 | return ... | +| test.cpp:356:7:356:11 | input | null | test.cpp:356:25:356:36 | return ... | +| test.cpp:356:7:356:22 | ... == ... | false | test.cpp:357:3:357:13 | return ... | +| test.cpp:356:7:356:22 | ... == ... | true | test.cpp:356:25:356:36 | return ... | +| test.cpp:360:26:360:31 | number | not null | test.cpp:361:35:361:40 | number | +| test.cpp:360:26:360:31 | number | null | test.cpp:361:30:361:30 | 0 | +| test.cpp:361:10:361:15 | number | not null | test.cpp:361:35:361:40 | number | +| test.cpp:361:10:361:15 | number | null | test.cpp:361:30:361:30 | 0 | +| test.cpp:361:10:361:26 | ... == ... | false | test.cpp:361:35:361:40 | number | +| test.cpp:361:10:361:26 | ... == ... | true | test.cpp:361:30:361:30 | 0 | +| test.cpp:364:33:364:34 | s1 | not null | test.cpp:365:15:365:16 | s2 | +| test.cpp:364:33:364:34 | s1 | not null | test.cpp:366:3:366:12 | return ... | +| test.cpp:364:43:364:44 | s2 | not null | test.cpp:366:3:366:12 | return ... | +| test.cpp:365:7:365:9 | ! ... | false | test.cpp:365:15:365:16 | s2 | +| test.cpp:365:7:365:9 | ! ... | false | test.cpp:366:3:366:12 | return ... | +| test.cpp:365:7:365:16 | ... \|\| ... | false | test.cpp:366:3:366:12 | return ... | +| test.cpp:365:8:365:9 | s1 | not null | test.cpp:365:15:365:16 | s2 | +| test.cpp:365:8:365:9 | s1 | not null | test.cpp:366:3:366:12 | return ... | +| test.cpp:365:8:365:9 | s1 | true | test.cpp:365:15:365:16 | s2 | +| test.cpp:365:8:365:9 | s1 | true | test.cpp:366:3:366:12 | return ... | +| test.cpp:365:14:365:16 | ! ... | false | test.cpp:366:3:366:12 | return ... | +| test.cpp:365:15:365:16 | s2 | not null | test.cpp:366:3:366:12 | return ... | +| test.cpp:365:15:365:16 | s2 | true | test.cpp:366:3:366:12 | return ... | +| test.cpp:371:29:371:32 | flag | false | test.cpp:372:35:372:49 | FAILURE | +| test.cpp:371:29:371:32 | flag | true | test.cpp:372:17:372:31 | SUCCESS | +| test.cpp:372:10:372:13 | flag | false | test.cpp:372:35:372:49 | FAILURE | +| test.cpp:372:10:372:13 | flag | true | test.cpp:372:17:372:31 | SUCCESS | +| test.cpp:375:25:375:25 | p | not null | test.cpp:376:24:377:7 | { ... } | +| test.cpp:375:25:375:25 | p | not null | test.cpp:382:24:383:7 | { ... } | +| test.cpp:375:25:375:25 | p | null | test.cpp:378:10:379:7 | { ... } | +| test.cpp:375:25:375:25 | p | null | test.cpp:384:10:385:7 | { ... } | +| test.cpp:375:33:375:33 | i | not null | test.cpp:390:10:391:7 | { ... } | +| test.cpp:375:42:375:42 | s | not null | test.cpp:396:10:397:7 | { ... } | +| test.cpp:375:50:375:50 | b | false | test.cpp:404:5:406:12 | case ...: | +| test.cpp:375:50:375:50 | b | true | test.cpp:401:5:403:12 | case ...: | +| test.cpp:376:7:376:18 | call to testNotNull1 | false | test.cpp:378:10:379:7 | { ... } | +| test.cpp:376:7:376:18 | call to testNotNull1 | true | test.cpp:376:24:377:7 | { ... } | +| test.cpp:376:20:376:20 | p | not null | test.cpp:376:24:377:7 | { ... } | +| test.cpp:376:20:376:20 | p | null | test.cpp:378:10:379:7 | { ... } | +| test.cpp:382:7:382:18 | call to testNotNull2 | false | test.cpp:384:10:385:7 | { ... } | +| test.cpp:382:7:382:18 | call to testNotNull2 | true | test.cpp:382:24:383:7 | { ... } | +| test.cpp:382:20:382:20 | p | not null | test.cpp:382:24:383:7 | { ... } | +| test.cpp:382:20:382:20 | p | null | test.cpp:384:10:385:7 | { ... } | +| test.cpp:388:7:388:29 | ... == ... | false | test.cpp:390:10:391:7 | { ... } | +| test.cpp:388:7:388:29 | ... == ... | true | test.cpp:388:32:389:7 | { ... } | +| test.cpp:388:12:388:26 | call to getNumOrDefault | 0 | test.cpp:388:32:389:7 | { ... } | +| test.cpp:388:12:388:26 | call to getNumOrDefault | not 0 | test.cpp:390:10:391:7 | { ... } | +| test.cpp:388:28:388:28 | i | not null | test.cpp:390:10:391:7 | { ... } | +| test.cpp:394:7:394:47 | ... == ... | false | test.cpp:396:10:397:7 | { ... } | +| test.cpp:394:7:394:47 | ... == ... | true | test.cpp:394:50:395:7 | { ... } | +| test.cpp:394:15:394:34 | call to returnAIfNoneAreNull | 0 | test.cpp:394:50:395:7 | { ... } | +| test.cpp:394:15:394:34 | call to returnAIfNoneAreNull | not 0 | test.cpp:396:10:397:7 | { ... } | +| test.cpp:394:36:394:36 | s | not null | test.cpp:396:10:397:7 | { ... } | +| test.cpp:394:39:394:46 | suffix | not null | test.cpp:396:10:397:7 | { ... } | +| test.cpp:400:11:400:25 | call to testEnumWrapper | 1 | test.cpp:401:5:403:12 | case ...: | +| test.cpp:400:11:400:25 | call to testEnumWrapper | 2 | test.cpp:404:5:406:12 | case ...: | +| test.cpp:400:27:400:27 | b | false | test.cpp:404:5:406:12 | case ...: | +| test.cpp:400:27:400:27 | b | true | test.cpp:401:5:403:12 | case ...: | +| test.cpp:410:26:410:26 | o | not null | test.cpp:410:6:410:18 | ensureNotNull | +| test.cpp:410:26:410:26 | o | not null | test.cpp:412:1:412:1 | return ... | +| test.cpp:410:26:410:26 | o | null | test.cpp:410:6:410:18 | ensureNotNull | +| test.cpp:410:26:410:26 | o | null | test.cpp:411:11:411:18 | ExprStmt | +| test.cpp:411:7:411:8 | ! ... | false | test.cpp:410:6:410:18 | ensureNotNull | +| test.cpp:411:7:411:8 | ! ... | false | test.cpp:412:1:412:1 | return ... | +| test.cpp:411:7:411:8 | ! ... | true | test.cpp:410:6:410:18 | ensureNotNull | +| test.cpp:411:7:411:8 | ! ... | true | test.cpp:411:11:411:18 | ExprStmt | +| test.cpp:411:8:411:8 | o | false | test.cpp:410:6:410:18 | ensureNotNull | +| test.cpp:411:8:411:8 | o | false | test.cpp:411:11:411:18 | ExprStmt | +| test.cpp:411:8:411:8 | o | not null | test.cpp:410:6:410:18 | ensureNotNull | +| test.cpp:411:8:411:8 | o | not null | test.cpp:412:1:412:1 | return ... | +| test.cpp:411:8:411:8 | o | null | test.cpp:410:6:410:18 | ensureNotNull | +| test.cpp:411:8:411:8 | o | null | test.cpp:411:11:411:18 | ExprStmt | +| test.cpp:411:8:411:8 | o | true | test.cpp:410:6:410:18 | ensureNotNull | +| test.cpp:411:8:411:8 | o | true | test.cpp:412:1:412:1 | return ... | diff --git a/cpp/ql/test/library-tests/controlflow/guards/GuardsControl.ql b/cpp/ql/test/library-tests/controlflow/guards/GuardsControl.ql index 698b80a06a0..1d9282807bd 100644 --- a/cpp/ql/test/library-tests/controlflow/guards/GuardsControl.ql +++ b/cpp/ql/test/library-tests/controlflow/guards/GuardsControl.ql @@ -7,6 +7,6 @@ import cpp import semmle.code.cpp.controlflow.Guards -from GuardCondition guard, AbstractValue value, BasicBlock block +from GuardCondition guard, GuardValue value, BasicBlock block where guard.valueControls(block, value) select guard, value, block diff --git a/cpp/ql/test/library-tests/controlflow/guards/GuardsEnsure.expected b/cpp/ql/test/library-tests/controlflow/guards/GuardsEnsure.expected index c9f52e5f190..0de63fa505b 100644 --- a/cpp/ql/test/library-tests/controlflow/guards/GuardsEnsure.expected +++ b/cpp/ql/test/library-tests/controlflow/guards/GuardsEnsure.expected @@ -219,18 +219,26 @@ binary | test.cpp:141:6:141:21 | call to __builtin_expect | test.cpp:141:28:141:29 | 42 | == | test.cpp:141:23:141:23 | a | 0 | test.cpp:141:36:142:9 | { ... } | | test.cpp:145:6:145:21 | call to __builtin_expect | test.cpp:145:23:145:23 | a | != | test.cpp:145:28:145:29 | 42 | 0 | test.cpp:145:36:146:9 | { ... } | | test.cpp:145:6:145:21 | call to __builtin_expect | test.cpp:145:28:145:29 | 42 | != | test.cpp:145:23:145:23 | a | 0 | test.cpp:145:36:146:9 | { ... } | +| test.cpp:151:8:151:13 | ... < ... | test.cpp:151:8:151:8 | a | >= | test.cpp:151:12:151:13 | 10 | 0 | test.cpp:152:11:153:9 | { ... } | +| test.cpp:151:8:151:13 | ... < ... | test.cpp:151:12:151:13 | 10 | < | test.cpp:151:8:151:8 | a | 1 | test.cpp:152:11:153:9 | { ... } | | test.cpp:152:7:152:8 | ! ... | test.cpp:151:8:151:8 | a | >= | test.cpp:151:12:151:13 | 10 | 0 | test.cpp:152:11:153:9 | { ... } | | test.cpp:152:7:152:8 | ! ... | test.cpp:151:12:151:13 | 10 | < | test.cpp:151:8:151:8 | a | 1 | test.cpp:152:11:153:9 | { ... } | | test.cpp:152:8:152:8 | b | test.cpp:151:8:151:8 | a | >= | test.cpp:151:12:151:13 | 10 | 0 | test.cpp:152:11:153:9 | { ... } | | test.cpp:152:8:152:8 | b | test.cpp:151:12:151:13 | 10 | < | test.cpp:151:8:151:8 | a | 1 | test.cpp:152:11:153:9 | { ... } | +| test.cpp:158:12:158:17 | ... != ... | test.cpp:158:12:158:12 | a | == | test.cpp:158:17:158:17 | b | 0 | test.cpp:160:11:162:3 | { ... } | +| test.cpp:158:12:158:17 | ... != ... | test.cpp:158:17:158:17 | b | == | test.cpp:158:12:158:12 | a | 0 | test.cpp:160:11:162:3 | { ... } | | test.cpp:160:7:160:8 | ! ... | test.cpp:158:12:158:12 | a | == | test.cpp:158:17:158:17 | b | 0 | test.cpp:160:11:162:3 | { ... } | | test.cpp:160:7:160:8 | ! ... | test.cpp:158:17:158:17 | b | == | test.cpp:158:12:158:12 | a | 0 | test.cpp:160:11:162:3 | { ... } | | test.cpp:160:8:160:8 | c | test.cpp:158:12:158:12 | a | == | test.cpp:158:17:158:17 | b | 0 | test.cpp:160:11:162:3 | { ... } | | test.cpp:160:8:160:8 | c | test.cpp:158:17:158:17 | b | == | test.cpp:158:12:158:12 | a | 0 | test.cpp:160:11:162:3 | { ... } | +| test.cpp:166:12:166:17 | ... > ... | test.cpp:166:12:166:12 | a | < | test.cpp:166:16:166:17 | 10 | 1 | test.cpp:168:11:170:3 | { ... } | +| test.cpp:166:12:166:17 | ... > ... | test.cpp:166:16:166:17 | 10 | >= | test.cpp:166:12:166:12 | a | 0 | test.cpp:168:11:170:3 | { ... } | | test.cpp:168:7:168:8 | ! ... | test.cpp:166:12:166:12 | a | < | test.cpp:166:16:166:17 | 10 | 1 | test.cpp:168:11:170:3 | { ... } | | test.cpp:168:7:168:8 | ! ... | test.cpp:166:16:166:17 | 10 | >= | test.cpp:166:12:166:12 | a | 0 | test.cpp:168:11:170:3 | { ... } | | test.cpp:168:8:168:8 | b | test.cpp:166:12:166:12 | a | < | test.cpp:166:16:166:17 | 10 | 1 | test.cpp:168:11:170:3 | { ... } | | test.cpp:168:8:168:8 | b | test.cpp:166:16:166:17 | 10 | >= | test.cpp:166:12:166:12 | a | 0 | test.cpp:168:11:170:3 | { ... } | +| test.cpp:174:12:174:16 | ... > ... | test.cpp:174:12:174:12 | a | < | test.cpp:174:16:174:16 | b | 1 | test.cpp:176:11:178:3 | { ... } | +| test.cpp:174:12:174:16 | ... > ... | test.cpp:174:16:174:16 | b | >= | test.cpp:174:12:174:12 | a | 0 | test.cpp:176:11:178:3 | { ... } | | test.cpp:176:7:176:8 | ! ... | test.cpp:174:12:174:12 | a | < | test.cpp:174:16:174:16 | b | 1 | test.cpp:176:11:178:3 | { ... } | | test.cpp:176:7:176:8 | ! ... | test.cpp:174:16:174:16 | b | >= | test.cpp:174:12:174:12 | a | 0 | test.cpp:176:11:178:3 | { ... } | | test.cpp:176:8:176:8 | c | test.cpp:174:12:174:12 | a | < | test.cpp:174:16:174:16 | b | 1 | test.cpp:176:11:178:3 | { ... } | @@ -475,6 +483,24 @@ binary | test.cpp:318:6:318:18 | ... != ... | test.cpp:318:11:318:12 | 42 | >= | test.cpp:318:7:318:7 | a | 1 | test.cpp:318:21:320:3 | { ... } | | test.cpp:318:6:318:18 | ... != ... | test.cpp:318:18:318:18 | 0 | != | test.cpp:318:7:318:12 | ... < ... | 0 | test.cpp:318:21:320:3 | { ... } | | test.cpp:318:6:318:18 | ... != ... | test.cpp:318:18:318:18 | 0 | == | test.cpp:318:7:318:12 | ... < ... | 0 | test.cpp:320:10:322:3 | { ... } | +| test.cpp:350:7:350:12 | ... != ... | test.cpp:350:7:350:7 | x | != | test.cpp:350:12:350:12 | 0 | 0 | test.cpp:350:15:351:7 | { ... } | +| test.cpp:350:7:350:12 | ... != ... | test.cpp:350:12:350:12 | 0 | != | test.cpp:350:7:350:7 | x | 0 | test.cpp:350:15:351:7 | { ... } | +| test.cpp:356:7:356:22 | ... == ... | test.cpp:356:7:356:11 | input | != | test.cpp:356:16:356:22 | 0 | 0 | test.cpp:357:3:357:13 | return ... | +| test.cpp:356:7:356:22 | ... == ... | test.cpp:356:7:356:11 | input | == | test.cpp:356:16:356:22 | 0 | 0 | test.cpp:356:25:356:36 | return ... | +| test.cpp:356:7:356:22 | ... == ... | test.cpp:356:16:356:22 | 0 | != | test.cpp:356:7:356:11 | input | 0 | test.cpp:357:3:357:13 | return ... | +| test.cpp:356:7:356:22 | ... == ... | test.cpp:356:16:356:22 | 0 | == | test.cpp:356:7:356:11 | input | 0 | test.cpp:356:25:356:36 | return ... | +| test.cpp:361:10:361:26 | ... == ... | test.cpp:361:10:361:15 | number | != | test.cpp:361:20:361:26 | 0 | 0 | test.cpp:361:35:361:40 | number | +| test.cpp:361:10:361:26 | ... == ... | test.cpp:361:10:361:15 | number | == | test.cpp:361:20:361:26 | 0 | 0 | test.cpp:361:30:361:30 | 0 | +| test.cpp:361:10:361:26 | ... == ... | test.cpp:361:20:361:26 | 0 | != | test.cpp:361:10:361:15 | number | 0 | test.cpp:361:35:361:40 | number | +| test.cpp:361:10:361:26 | ... == ... | test.cpp:361:20:361:26 | 0 | == | test.cpp:361:10:361:15 | number | 0 | test.cpp:361:30:361:30 | 0 | +| test.cpp:388:7:388:29 | ... == ... | test.cpp:388:7:388:7 | 0 | != | test.cpp:388:12:388:26 | call to getNumOrDefault | 0 | test.cpp:390:10:391:7 | { ... } | +| test.cpp:388:7:388:29 | ... == ... | test.cpp:388:7:388:7 | 0 | == | test.cpp:388:12:388:26 | call to getNumOrDefault | 0 | test.cpp:388:32:389:7 | { ... } | +| test.cpp:388:7:388:29 | ... == ... | test.cpp:388:12:388:26 | call to getNumOrDefault | != | test.cpp:388:7:388:7 | 0 | 0 | test.cpp:390:10:391:7 | { ... } | +| test.cpp:388:7:388:29 | ... == ... | test.cpp:388:12:388:26 | call to getNumOrDefault | == | test.cpp:388:7:388:7 | 0 | 0 | test.cpp:388:32:389:7 | { ... } | +| test.cpp:394:7:394:47 | ... == ... | test.cpp:394:7:394:10 | 0 | != | test.cpp:394:15:394:34 | call to returnAIfNoneAreNull | 0 | test.cpp:396:10:397:7 | { ... } | +| test.cpp:394:7:394:47 | ... == ... | test.cpp:394:7:394:10 | 0 | == | test.cpp:394:15:394:34 | call to returnAIfNoneAreNull | 0 | test.cpp:394:50:395:7 | { ... } | +| test.cpp:394:7:394:47 | ... == ... | test.cpp:394:15:394:34 | call to returnAIfNoneAreNull | != | test.cpp:394:7:394:10 | 0 | 0 | test.cpp:396:10:397:7 | { ... } | +| test.cpp:394:7:394:47 | ... == ... | test.cpp:394:15:394:34 | call to returnAIfNoneAreNull | == | test.cpp:394:7:394:10 | 0 | 0 | test.cpp:394:50:395:7 | { ... } | unary | test.c:7:9:7:13 | ... > ... | test.c:7:9:7:9 | x | < | 1 | test.c:10:12:11:14 | { ... } | | test.c:7:9:7:13 | ... > ... | test.c:7:9:7:9 | x | >= | 1 | test.c:7:16:9:14 | { ... } | @@ -736,11 +762,17 @@ unary | test.c:126:7:126:7 | 1 | test.c:126:7:126:7 | 1 | == | 1 | test.c:131:10:132:16 | { ... } | | test.c:126:7:126:7 | 1 | test.c:126:7:126:7 | 1 | == | 1 | test.c:134:1:123:10 | return ... | | test.c:126:7:126:28 | ... && ... | test.c:126:7:126:7 | 1 | != | 0 | test.c:126:31:128:16 | { ... } | +| test.c:126:7:126:28 | ... && ... | test.c:126:7:126:7 | 1 | != | 0 | test.c:131:10:132:16 | { ... } | | test.c:126:7:126:28 | ... && ... | test.c:126:7:126:7 | 1 | == | 1 | test.c:126:31:128:16 | { ... } | +| test.c:126:7:126:28 | ... && ... | test.c:126:7:126:7 | 1 | == | 1 | test.c:131:10:132:16 | { ... } | | test.c:126:7:126:28 | ... && ... | test.c:126:12:126:26 | call to test3_condition | != | 0 | test.c:126:31:128:16 | { ... } | +| test.c:126:7:126:28 | ... && ... | test.c:126:12:126:26 | call to test3_condition | != | 0 | test.c:131:10:132:16 | { ... } | | test.c:126:7:126:28 | ... && ... | test.c:126:12:126:26 | call to test3_condition | == | 1 | test.c:126:31:128:16 | { ... } | +| test.c:126:7:126:28 | ... && ... | test.c:126:12:126:26 | call to test3_condition | == | 1 | test.c:131:10:132:16 | { ... } | | test.c:126:12:126:26 | call to test3_condition | test.c:126:12:126:26 | call to test3_condition | != | 0 | test.c:126:31:128:16 | { ... } | +| test.c:126:12:126:26 | call to test3_condition | test.c:126:12:126:26 | call to test3_condition | != | 0 | test.c:131:10:132:16 | { ... } | | test.c:126:12:126:26 | call to test3_condition | test.c:126:12:126:26 | call to test3_condition | == | 1 | test.c:126:31:128:16 | { ... } | +| test.c:126:12:126:26 | call to test3_condition | test.c:126:12:126:26 | call to test3_condition | == | 1 | test.c:131:10:132:16 | { ... } | | test.c:131:7:131:7 | b | test.c:131:7:131:7 | b | != | 0 | test.c:131:10:132:16 | { ... } | | test.c:131:7:131:7 | b | test.c:131:7:131:7 | b | == | 1 | test.c:131:10:132:16 | { ... } | | test.c:137:7:137:7 | 0 | test.c:137:7:137:7 | 0 | != | 1 | test.c:142:3:136:10 | return ... | @@ -835,8 +867,14 @@ unary | test.cpp:31:7:31:13 | ... == ... | test.cpp:31:7:31:13 | ... == ... | == | 1 | test.cpp:31:16:32:21 | { ... } | | test.cpp:42:13:42:20 | call to getABool | test.cpp:42:13:42:20 | call to getABool | != | 0 | test.cpp:43:9:45:23 | { ... } | | test.cpp:42:13:42:20 | call to getABool | test.cpp:42:13:42:20 | call to getABool | == | 1 | test.cpp:43:9:45:23 | { ... } | +| test.cpp:60:31:60:31 | i | test.cpp:61:10:61:10 | i | == | 0 | test.cpp:62:5:64:12 | case ...: | +| test.cpp:60:31:60:31 | i | test.cpp:61:10:61:10 | i | == | 1 | test.cpp:65:5:66:10 | case ...: | | test.cpp:61:10:61:10 | i | test.cpp:61:10:61:10 | i | == | 0 | test.cpp:62:5:64:12 | case ...: | | test.cpp:61:10:61:10 | i | test.cpp:61:10:61:10 | i | == | 1 | test.cpp:65:5:66:10 | case ...: | +| test.cpp:73:30:73:30 | i | test.cpp:74:10:74:10 | i | < | 11 | test.cpp:75:5:77:12 | case ...: | +| test.cpp:73:30:73:30 | i | test.cpp:74:10:74:10 | i | < | 21 | test.cpp:78:5:79:10 | case ...: | +| test.cpp:73:30:73:30 | i | test.cpp:74:10:74:10 | i | >= | 0 | test.cpp:75:5:77:12 | case ...: | +| test.cpp:73:30:73:30 | i | test.cpp:74:10:74:10 | i | >= | 11 | test.cpp:78:5:79:10 | case ...: | | test.cpp:74:10:74:10 | i | test.cpp:74:10:74:10 | i | < | 11 | test.cpp:75:5:77:12 | case ...: | | test.cpp:74:10:74:10 | i | test.cpp:74:10:74:10 | i | < | 21 | test.cpp:78:5:79:10 | case ...: | | test.cpp:74:10:74:10 | i | test.cpp:74:10:74:10 | i | >= | 0 | test.cpp:75:5:77:12 | case ...: | @@ -849,6 +887,10 @@ unary | test.cpp:105:6:105:14 | ... != ... | test.cpp:105:6:105:14 | ... != ... | == | 1 | test.cpp:105:17:106:7 | { ... } | | test.cpp:111:6:111:14 | ... != ... | test.cpp:111:6:111:14 | ... != ... | != | 0 | test.cpp:111:17:112:7 | { ... } | | test.cpp:111:6:111:14 | ... != ... | test.cpp:111:6:111:14 | ... != ... | == | 1 | test.cpp:111:17:112:7 | { ... } | +| test.cpp:119:16:119:16 | b | test.cpp:122:9:122:9 | b | != | 0 | test.cpp:123:5:125:20 | { ... } | +| test.cpp:119:16:119:16 | b | test.cpp:122:9:122:9 | b | != | 0 | test.cpp:125:23:125:29 | return ... | +| test.cpp:119:16:119:16 | b | test.cpp:122:9:122:9 | b | == | 1 | test.cpp:123:5:125:20 | { ... } | +| test.cpp:119:16:119:16 | b | test.cpp:122:9:122:9 | b | == | 1 | test.cpp:125:23:125:29 | return ... | | test.cpp:122:9:122:9 | b | test.cpp:122:9:122:9 | b | != | 0 | test.cpp:123:5:125:20 | { ... } | | test.cpp:122:9:122:9 | b | test.cpp:122:9:122:9 | b | != | 0 | test.cpp:125:23:125:29 | return ... | | test.cpp:122:9:122:9 | b | test.cpp:122:9:122:9 | b | == | 1 | test.cpp:123:5:125:20 | { ... } | @@ -871,6 +913,11 @@ unary | test.cpp:145:6:145:21 | call to __builtin_expect | test.cpp:145:6:145:21 | call to __builtin_expect | != | 0 | test.cpp:145:36:146:9 | { ... } | | test.cpp:145:6:145:21 | call to __builtin_expect | test.cpp:145:6:145:21 | call to __builtin_expect | == | 1 | test.cpp:145:36:146:9 | { ... } | | test.cpp:145:6:145:21 | call to __builtin_expect | test.cpp:145:23:145:23 | a | != | 42 | test.cpp:145:36:146:9 | { ... } | +| test.cpp:151:8:151:13 | ... < ... | test.cpp:151:8:151:8 | a | >= | 10 | test.cpp:152:11:153:9 | { ... } | +| test.cpp:151:8:151:13 | ... < ... | test.cpp:151:8:151:13 | ... < ... | != | 1 | test.cpp:152:11:153:9 | { ... } | +| test.cpp:151:8:151:13 | ... < ... | test.cpp:151:8:151:13 | ... < ... | == | 0 | test.cpp:152:11:153:9 | { ... } | +| test.cpp:151:8:151:13 | ... < ... | test.cpp:152:8:152:8 | b | != | 1 | test.cpp:152:11:153:9 | { ... } | +| test.cpp:151:8:151:13 | ... < ... | test.cpp:152:8:152:8 | b | == | 0 | test.cpp:152:11:153:9 | { ... } | | test.cpp:152:7:152:8 | ! ... | test.cpp:151:8:151:8 | a | >= | 10 | test.cpp:152:11:153:9 | { ... } | | test.cpp:152:7:152:8 | ! ... | test.cpp:151:8:151:13 | ... < ... | != | 1 | test.cpp:152:11:153:9 | { ... } | | test.cpp:152:7:152:8 | ! ... | test.cpp:151:8:151:13 | ... < ... | == | 0 | test.cpp:152:11:153:9 | { ... } | @@ -885,6 +932,10 @@ unary | test.cpp:152:8:152:8 | b | test.cpp:152:7:152:8 | ! ... | == | 1 | test.cpp:152:11:153:9 | { ... } | | test.cpp:152:8:152:8 | b | test.cpp:152:8:152:8 | b | != | 1 | test.cpp:152:11:153:9 | { ... } | | test.cpp:152:8:152:8 | b | test.cpp:152:8:152:8 | b | == | 0 | test.cpp:152:11:153:9 | { ... } | +| test.cpp:158:12:158:17 | ... != ... | test.cpp:158:12:158:17 | ... != ... | != | 1 | test.cpp:160:11:162:3 | { ... } | +| test.cpp:158:12:158:17 | ... != ... | test.cpp:158:12:158:17 | ... != ... | == | 0 | test.cpp:160:11:162:3 | { ... } | +| test.cpp:158:12:158:17 | ... != ... | test.cpp:160:8:160:8 | c | != | 1 | test.cpp:160:11:162:3 | { ... } | +| test.cpp:158:12:158:17 | ... != ... | test.cpp:160:8:160:8 | c | == | 0 | test.cpp:160:11:162:3 | { ... } | | test.cpp:160:7:160:8 | ! ... | test.cpp:158:12:158:17 | ... != ... | != | 1 | test.cpp:160:11:162:3 | { ... } | | test.cpp:160:7:160:8 | ! ... | test.cpp:158:12:158:17 | ... != ... | == | 0 | test.cpp:160:11:162:3 | { ... } | | test.cpp:160:7:160:8 | ! ... | test.cpp:160:7:160:8 | ! ... | != | 0 | test.cpp:160:11:162:3 | { ... } | @@ -897,6 +948,11 @@ unary | test.cpp:160:8:160:8 | c | test.cpp:160:7:160:8 | ! ... | == | 1 | test.cpp:160:11:162:3 | { ... } | | test.cpp:160:8:160:8 | c | test.cpp:160:8:160:8 | c | != | 1 | test.cpp:160:11:162:3 | { ... } | | test.cpp:160:8:160:8 | c | test.cpp:160:8:160:8 | c | == | 0 | test.cpp:160:11:162:3 | { ... } | +| test.cpp:166:12:166:17 | ... > ... | test.cpp:166:12:166:12 | a | < | 11 | test.cpp:168:11:170:3 | { ... } | +| test.cpp:166:12:166:17 | ... > ... | test.cpp:166:12:166:17 | ... > ... | != | 1 | test.cpp:168:11:170:3 | { ... } | +| test.cpp:166:12:166:17 | ... > ... | test.cpp:166:12:166:17 | ... > ... | == | 0 | test.cpp:168:11:170:3 | { ... } | +| test.cpp:166:12:166:17 | ... > ... | test.cpp:168:8:168:8 | b | != | 1 | test.cpp:168:11:170:3 | { ... } | +| test.cpp:166:12:166:17 | ... > ... | test.cpp:168:8:168:8 | b | == | 0 | test.cpp:168:11:170:3 | { ... } | | test.cpp:168:7:168:8 | ! ... | test.cpp:166:12:166:12 | a | < | 11 | test.cpp:168:11:170:3 | { ... } | | test.cpp:168:7:168:8 | ! ... | test.cpp:166:12:166:17 | ... > ... | != | 1 | test.cpp:168:11:170:3 | { ... } | | test.cpp:168:7:168:8 | ! ... | test.cpp:166:12:166:17 | ... > ... | == | 0 | test.cpp:168:11:170:3 | { ... } | @@ -911,6 +967,10 @@ unary | test.cpp:168:8:168:8 | b | test.cpp:168:7:168:8 | ! ... | == | 1 | test.cpp:168:11:170:3 | { ... } | | test.cpp:168:8:168:8 | b | test.cpp:168:8:168:8 | b | != | 1 | test.cpp:168:11:170:3 | { ... } | | test.cpp:168:8:168:8 | b | test.cpp:168:8:168:8 | b | == | 0 | test.cpp:168:11:170:3 | { ... } | +| test.cpp:174:12:174:16 | ... > ... | test.cpp:174:12:174:16 | ... > ... | != | 1 | test.cpp:176:11:178:3 | { ... } | +| test.cpp:174:12:174:16 | ... > ... | test.cpp:174:12:174:16 | ... > ... | == | 0 | test.cpp:176:11:178:3 | { ... } | +| test.cpp:174:12:174:16 | ... > ... | test.cpp:176:8:176:8 | c | != | 1 | test.cpp:176:11:178:3 | { ... } | +| test.cpp:174:12:174:16 | ... > ... | test.cpp:176:8:176:8 | c | == | 0 | test.cpp:176:11:178:3 | { ... } | | test.cpp:176:7:176:8 | ! ... | test.cpp:174:12:174:16 | ... > ... | != | 1 | test.cpp:176:11:178:3 | { ... } | | test.cpp:176:7:176:8 | ! ... | test.cpp:174:12:174:16 | ... > ... | == | 0 | test.cpp:176:11:178:3 | { ... } | | test.cpp:176:7:176:8 | ! ... | test.cpp:176:7:176:8 | ! ... | != | 0 | test.cpp:176:11:178:3 | { ... } | @@ -923,6 +983,16 @@ unary | test.cpp:176:8:176:8 | c | test.cpp:176:7:176:8 | ! ... | == | 1 | test.cpp:176:11:178:3 | { ... } | | test.cpp:176:8:176:8 | c | test.cpp:176:8:176:8 | c | != | 1 | test.cpp:176:11:178:3 | { ... } | | test.cpp:176:8:176:8 | c | test.cpp:176:8:176:8 | c | == | 0 | test.cpp:176:11:178:3 | { ... } | +| test.cpp:181:28:181:29 | b1 | test.cpp:182:8:182:9 | b1 | != | 0 | test.cpp:181:41:182:9 | { ... } | +| test.cpp:181:28:181:29 | b1 | test.cpp:182:8:182:9 | b1 | != | 0 | test.cpp:182:14:182:15 | b2 | +| test.cpp:181:28:181:29 | b1 | test.cpp:182:8:182:9 | b1 | != | 0 | test.cpp:185:10:188:7 | { ... } | +| test.cpp:181:28:181:29 | b1 | test.cpp:182:8:182:9 | b1 | == | 1 | test.cpp:181:41:182:9 | { ... } | +| test.cpp:181:28:181:29 | b1 | test.cpp:182:8:182:9 | b1 | == | 1 | test.cpp:182:14:182:15 | b2 | +| test.cpp:181:28:181:29 | b1 | test.cpp:182:8:182:9 | b1 | == | 1 | test.cpp:185:10:188:7 | { ... } | +| test.cpp:181:37:181:38 | b2 | test.cpp:182:14:182:15 | b2 | != | 0 | test.cpp:181:41:182:9 | { ... } | +| test.cpp:181:37:181:38 | b2 | test.cpp:182:14:182:15 | b2 | != | 0 | test.cpp:185:10:188:7 | { ... } | +| test.cpp:181:37:181:38 | b2 | test.cpp:182:14:182:15 | b2 | == | 1 | test.cpp:181:41:182:9 | { ... } | +| test.cpp:181:37:181:38 | b2 | test.cpp:182:14:182:15 | b2 | == | 1 | test.cpp:185:10:188:7 | { ... } | | test.cpp:182:6:182:16 | ! ... | test.cpp:182:6:182:16 | ! ... | != | 0 | test.cpp:182:19:184:7 | { ... } | | test.cpp:182:6:182:16 | ! ... | test.cpp:182:6:182:16 | ! ... | != | 1 | test.cpp:185:10:188:7 | { ... } | | test.cpp:182:6:182:16 | ! ... | test.cpp:182:6:182:16 | ! ... | == | 0 | test.cpp:185:10:188:7 | { ... } | @@ -937,8 +1007,10 @@ unary | test.cpp:182:6:182:16 | ! ... | test.cpp:182:14:182:15 | b2 | == | 1 | test.cpp:185:10:188:7 | { ... } | | test.cpp:182:8:182:9 | b1 | test.cpp:182:8:182:9 | b1 | != | 0 | test.cpp:181:41:182:9 | { ... } | | test.cpp:182:8:182:9 | b1 | test.cpp:182:8:182:9 | b1 | != | 0 | test.cpp:182:14:182:15 | b2 | +| test.cpp:182:8:182:9 | b1 | test.cpp:182:8:182:9 | b1 | != | 0 | test.cpp:185:10:188:7 | { ... } | | test.cpp:182:8:182:9 | b1 | test.cpp:182:8:182:9 | b1 | == | 1 | test.cpp:181:41:182:9 | { ... } | | test.cpp:182:8:182:9 | b1 | test.cpp:182:8:182:9 | b1 | == | 1 | test.cpp:182:14:182:15 | b2 | +| test.cpp:182:8:182:9 | b1 | test.cpp:182:8:182:9 | b1 | == | 1 | test.cpp:185:10:188:7 | { ... } | | test.cpp:182:8:182:15 | ... && ... | test.cpp:182:6:182:16 | ! ... | != | 0 | test.cpp:182:19:184:7 | { ... } | | test.cpp:182:8:182:15 | ... && ... | test.cpp:182:6:182:16 | ! ... | != | 1 | test.cpp:181:41:182:9 | { ... } | | test.cpp:182:8:182:15 | ... && ... | test.cpp:182:6:182:16 | ! ... | != | 1 | test.cpp:185:10:188:7 | { ... } | @@ -960,7 +1032,19 @@ unary | test.cpp:182:8:182:15 | ... && ... | test.cpp:182:14:182:15 | b2 | == | 1 | test.cpp:181:41:182:9 | { ... } | | test.cpp:182:8:182:15 | ... && ... | test.cpp:182:14:182:15 | b2 | == | 1 | test.cpp:185:10:188:7 | { ... } | | test.cpp:182:14:182:15 | b2 | test.cpp:182:14:182:15 | b2 | != | 0 | test.cpp:181:41:182:9 | { ... } | +| test.cpp:182:14:182:15 | b2 | test.cpp:182:14:182:15 | b2 | != | 0 | test.cpp:185:10:188:7 | { ... } | | test.cpp:182:14:182:15 | b2 | test.cpp:182:14:182:15 | b2 | == | 1 | test.cpp:181:41:182:9 | { ... } | +| test.cpp:182:14:182:15 | b2 | test.cpp:182:14:182:15 | b2 | == | 1 | test.cpp:185:10:188:7 | { ... } | +| test.cpp:192:27:192:28 | b1 | test.cpp:193:8:193:9 | b1 | != | 1 | test.cpp:192:40:193:9 | { ... } | +| test.cpp:192:27:192:28 | b1 | test.cpp:193:8:193:9 | b1 | != | 1 | test.cpp:193:14:193:15 | b2 | +| test.cpp:192:27:192:28 | b1 | test.cpp:193:8:193:9 | b1 | != | 1 | test.cpp:193:19:196:7 | { ... } | +| test.cpp:192:27:192:28 | b1 | test.cpp:193:8:193:9 | b1 | == | 0 | test.cpp:192:40:193:9 | { ... } | +| test.cpp:192:27:192:28 | b1 | test.cpp:193:8:193:9 | b1 | == | 0 | test.cpp:193:14:193:15 | b2 | +| test.cpp:192:27:192:28 | b1 | test.cpp:193:8:193:9 | b1 | == | 0 | test.cpp:193:19:196:7 | { ... } | +| test.cpp:192:36:192:37 | b2 | test.cpp:193:14:193:15 | b2 | != | 1 | test.cpp:192:40:193:9 | { ... } | +| test.cpp:192:36:192:37 | b2 | test.cpp:193:14:193:15 | b2 | != | 1 | test.cpp:193:19:196:7 | { ... } | +| test.cpp:192:36:192:37 | b2 | test.cpp:193:14:193:15 | b2 | == | 0 | test.cpp:192:40:193:9 | { ... } | +| test.cpp:192:36:192:37 | b2 | test.cpp:193:14:193:15 | b2 | == | 0 | test.cpp:193:19:196:7 | { ... } | | test.cpp:193:6:193:16 | ! ... | test.cpp:193:6:193:16 | ! ... | != | 0 | test.cpp:193:19:196:7 | { ... } | | test.cpp:193:6:193:16 | ! ... | test.cpp:193:6:193:16 | ! ... | != | 1 | test.cpp:197:10:199:7 | { ... } | | test.cpp:193:6:193:16 | ! ... | test.cpp:193:6:193:16 | ! ... | == | 0 | test.cpp:197:10:199:7 | { ... } | @@ -975,8 +1059,10 @@ unary | test.cpp:193:6:193:16 | ! ... | test.cpp:193:14:193:15 | b2 | == | 0 | test.cpp:193:19:196:7 | { ... } | | test.cpp:193:8:193:9 | b1 | test.cpp:193:8:193:9 | b1 | != | 1 | test.cpp:192:40:193:9 | { ... } | | test.cpp:193:8:193:9 | b1 | test.cpp:193:8:193:9 | b1 | != | 1 | test.cpp:193:14:193:15 | b2 | +| test.cpp:193:8:193:9 | b1 | test.cpp:193:8:193:9 | b1 | != | 1 | test.cpp:193:19:196:7 | { ... } | | test.cpp:193:8:193:9 | b1 | test.cpp:193:8:193:9 | b1 | == | 0 | test.cpp:192:40:193:9 | { ... } | | test.cpp:193:8:193:9 | b1 | test.cpp:193:8:193:9 | b1 | == | 0 | test.cpp:193:14:193:15 | b2 | +| test.cpp:193:8:193:9 | b1 | test.cpp:193:8:193:9 | b1 | == | 0 | test.cpp:193:19:196:7 | { ... } | | test.cpp:193:8:193:15 | ... \|\| ... | test.cpp:193:6:193:16 | ! ... | != | 0 | test.cpp:192:40:193:9 | { ... } | | test.cpp:193:8:193:15 | ... \|\| ... | test.cpp:193:6:193:16 | ! ... | != | 0 | test.cpp:193:19:196:7 | { ... } | | test.cpp:193:8:193:15 | ... \|\| ... | test.cpp:193:6:193:16 | ! ... | != | 1 | test.cpp:197:10:199:7 | { ... } | @@ -998,7 +1084,9 @@ unary | test.cpp:193:8:193:15 | ... \|\| ... | test.cpp:193:14:193:15 | b2 | == | 0 | test.cpp:192:40:193:9 | { ... } | | test.cpp:193:8:193:15 | ... \|\| ... | test.cpp:193:14:193:15 | b2 | == | 0 | test.cpp:193:19:196:7 | { ... } | | test.cpp:193:14:193:15 | b2 | test.cpp:193:14:193:15 | b2 | != | 1 | test.cpp:192:40:193:9 | { ... } | +| test.cpp:193:14:193:15 | b2 | test.cpp:193:14:193:15 | b2 | != | 1 | test.cpp:193:19:196:7 | { ... } | | test.cpp:193:14:193:15 | b2 | test.cpp:193:14:193:15 | b2 | == | 0 | test.cpp:192:40:193:9 | { ... } | +| test.cpp:193:14:193:15 | b2 | test.cpp:193:14:193:15 | b2 | == | 0 | test.cpp:193:19:196:7 | { ... } | | test.cpp:211:9:211:15 | ... == ... | test.cpp:211:9:211:10 | sc | == | 0 | test.cpp:211:18:212:13 | { ... } | | test.cpp:211:9:211:15 | ... == ... | test.cpp:211:9:211:15 | ... == ... | != | 0 | test.cpp:211:18:212:13 | { ... } | | test.cpp:211:9:211:15 | ... == ... | test.cpp:211:9:211:15 | ... == ... | == | 1 | test.cpp:211:18:212:13 | { ... } | @@ -1224,3 +1312,124 @@ unary | test.cpp:318:6:318:18 | ... != ... | test.cpp:318:7:318:7 | a | >= | 42 | test.cpp:320:10:322:3 | { ... } | | test.cpp:318:6:318:18 | ... != ... | test.cpp:318:7:318:12 | ... < ... | != | 0 | test.cpp:318:21:320:3 | { ... } | | test.cpp:318:6:318:18 | ... != ... | test.cpp:318:7:318:12 | ... < ... | == | 0 | test.cpp:320:10:322:3 | { ... } | +| test.cpp:327:46:327:46 | b | test.cpp:330:7:330:7 | b | != | 0 | test.cpp:331:3:332:10 | { ... } | +| test.cpp:327:46:327:46 | b | test.cpp:330:7:330:7 | b | == | 1 | test.cpp:331:3:332:10 | { ... } | +| test.cpp:330:7:330:7 | b | test.cpp:330:7:330:7 | b | != | 0 | test.cpp:331:3:332:10 | { ... } | +| test.cpp:330:7:330:7 | b | test.cpp:330:7:330:7 | b | == | 1 | test.cpp:331:3:332:10 | { ... } | +| test.cpp:334:11:334:11 | x | test.cpp:334:11:334:11 | x | < | 51 | test.cpp:336:3:338:7 | case ...: | +| test.cpp:334:11:334:11 | x | test.cpp:334:11:334:11 | x | >= | 40 | test.cpp:336:3:338:7 | case ...: | +| test.cpp:349:11:349:22 | call to testNotNull1 | test.cpp:349:11:349:22 | call to testNotNull1 | != | 0 | test.cpp:349:29:349:30 | 42 | +| test.cpp:349:11:349:22 | call to testNotNull1 | test.cpp:349:11:349:22 | call to testNotNull1 | != | 0 | test.cpp:350:15:351:7 | { ... } | +| test.cpp:349:11:349:22 | call to testNotNull1 | test.cpp:349:11:349:22 | call to testNotNull1 | != | 1 | test.cpp:349:34:349:34 | 0 | +| test.cpp:349:11:349:22 | call to testNotNull1 | test.cpp:349:11:349:22 | call to testNotNull1 | == | 0 | test.cpp:349:34:349:34 | 0 | +| test.cpp:349:11:349:22 | call to testNotNull1 | test.cpp:349:11:349:22 | call to testNotNull1 | == | 1 | test.cpp:349:29:349:30 | 42 | +| test.cpp:349:11:349:22 | call to testNotNull1 | test.cpp:349:11:349:22 | call to testNotNull1 | == | 1 | test.cpp:350:15:351:7 | { ... } | +| test.cpp:350:7:350:12 | ... != ... | test.cpp:350:7:350:7 | x | != | 0 | test.cpp:350:15:351:7 | { ... } | +| test.cpp:350:7:350:12 | ... != ... | test.cpp:350:7:350:12 | ... != ... | != | 0 | test.cpp:350:15:351:7 | { ... } | +| test.cpp:350:7:350:12 | ... != ... | test.cpp:350:7:350:12 | ... != ... | == | 1 | test.cpp:350:15:351:7 | { ... } | +| test.cpp:356:7:356:22 | ... == ... | test.cpp:356:7:356:11 | input | != | 0 | test.cpp:357:3:357:13 | return ... | +| test.cpp:356:7:356:22 | ... == ... | test.cpp:356:7:356:11 | input | == | 0 | test.cpp:356:25:356:36 | return ... | +| test.cpp:356:7:356:22 | ... == ... | test.cpp:356:7:356:22 | ... == ... | != | 0 | test.cpp:356:25:356:36 | return ... | +| test.cpp:356:7:356:22 | ... == ... | test.cpp:356:7:356:22 | ... == ... | != | 1 | test.cpp:357:3:357:13 | return ... | +| test.cpp:356:7:356:22 | ... == ... | test.cpp:356:7:356:22 | ... == ... | == | 0 | test.cpp:357:3:357:13 | return ... | +| test.cpp:356:7:356:22 | ... == ... | test.cpp:356:7:356:22 | ... == ... | == | 1 | test.cpp:356:25:356:36 | return ... | +| test.cpp:361:10:361:26 | ... == ... | test.cpp:361:10:361:15 | number | != | 0 | test.cpp:361:35:361:40 | number | +| test.cpp:361:10:361:26 | ... == ... | test.cpp:361:10:361:15 | number | == | 0 | test.cpp:361:30:361:30 | 0 | +| test.cpp:361:10:361:26 | ... == ... | test.cpp:361:10:361:26 | ... == ... | != | 0 | test.cpp:361:30:361:30 | 0 | +| test.cpp:361:10:361:26 | ... == ... | test.cpp:361:10:361:26 | ... == ... | != | 1 | test.cpp:361:35:361:40 | number | +| test.cpp:361:10:361:26 | ... == ... | test.cpp:361:10:361:26 | ... == ... | == | 0 | test.cpp:361:35:361:40 | number | +| test.cpp:361:10:361:26 | ... == ... | test.cpp:361:10:361:26 | ... == ... | == | 1 | test.cpp:361:30:361:30 | 0 | +| test.cpp:365:7:365:9 | ! ... | test.cpp:365:7:365:9 | ! ... | != | 1 | test.cpp:365:15:365:16 | s2 | +| test.cpp:365:7:365:9 | ! ... | test.cpp:365:7:365:9 | ! ... | != | 1 | test.cpp:366:3:366:12 | return ... | +| test.cpp:365:7:365:9 | ! ... | test.cpp:365:7:365:9 | ! ... | == | 0 | test.cpp:365:15:365:16 | s2 | +| test.cpp:365:7:365:9 | ! ... | test.cpp:365:7:365:9 | ! ... | == | 0 | test.cpp:366:3:366:12 | return ... | +| test.cpp:365:7:365:9 | ! ... | test.cpp:365:8:365:9 | s1 | != | 0 | test.cpp:365:15:365:16 | s2 | +| test.cpp:365:7:365:9 | ! ... | test.cpp:365:8:365:9 | s1 | != | 0 | test.cpp:366:3:366:12 | return ... | +| test.cpp:365:7:365:9 | ! ... | test.cpp:365:8:365:9 | s1 | == | 1 | test.cpp:365:15:365:16 | s2 | +| test.cpp:365:7:365:9 | ! ... | test.cpp:365:8:365:9 | s1 | == | 1 | test.cpp:366:3:366:12 | return ... | +| test.cpp:365:7:365:16 | ... \|\| ... | test.cpp:365:7:365:9 | ! ... | != | 1 | test.cpp:366:3:366:12 | return ... | +| test.cpp:365:7:365:16 | ... \|\| ... | test.cpp:365:7:365:9 | ! ... | == | 0 | test.cpp:366:3:366:12 | return ... | +| test.cpp:365:7:365:16 | ... \|\| ... | test.cpp:365:8:365:9 | s1 | != | 0 | test.cpp:366:3:366:12 | return ... | +| test.cpp:365:7:365:16 | ... \|\| ... | test.cpp:365:8:365:9 | s1 | == | 1 | test.cpp:366:3:366:12 | return ... | +| test.cpp:365:7:365:16 | ... \|\| ... | test.cpp:365:14:365:16 | ! ... | != | 1 | test.cpp:366:3:366:12 | return ... | +| test.cpp:365:7:365:16 | ... \|\| ... | test.cpp:365:14:365:16 | ! ... | == | 0 | test.cpp:366:3:366:12 | return ... | +| test.cpp:365:7:365:16 | ... \|\| ... | test.cpp:365:15:365:16 | s2 | != | 0 | test.cpp:366:3:366:12 | return ... | +| test.cpp:365:7:365:16 | ... \|\| ... | test.cpp:365:15:365:16 | s2 | == | 1 | test.cpp:366:3:366:12 | return ... | +| test.cpp:365:8:365:9 | s1 | test.cpp:365:7:365:9 | ! ... | != | 1 | test.cpp:365:15:365:16 | s2 | +| test.cpp:365:8:365:9 | s1 | test.cpp:365:7:365:9 | ! ... | != | 1 | test.cpp:366:3:366:12 | return ... | +| test.cpp:365:8:365:9 | s1 | test.cpp:365:7:365:9 | ! ... | == | 0 | test.cpp:365:15:365:16 | s2 | +| test.cpp:365:8:365:9 | s1 | test.cpp:365:7:365:9 | ! ... | == | 0 | test.cpp:366:3:366:12 | return ... | +| test.cpp:365:8:365:9 | s1 | test.cpp:365:8:365:9 | s1 | != | 0 | test.cpp:365:15:365:16 | s2 | +| test.cpp:365:8:365:9 | s1 | test.cpp:365:8:365:9 | s1 | != | 0 | test.cpp:366:3:366:12 | return ... | +| test.cpp:365:8:365:9 | s1 | test.cpp:365:8:365:9 | s1 | == | 1 | test.cpp:365:15:365:16 | s2 | +| test.cpp:365:8:365:9 | s1 | test.cpp:365:8:365:9 | s1 | == | 1 | test.cpp:366:3:366:12 | return ... | +| test.cpp:365:14:365:16 | ! ... | test.cpp:365:14:365:16 | ! ... | != | 1 | test.cpp:366:3:366:12 | return ... | +| test.cpp:365:14:365:16 | ! ... | test.cpp:365:14:365:16 | ! ... | == | 0 | test.cpp:366:3:366:12 | return ... | +| test.cpp:365:14:365:16 | ! ... | test.cpp:365:15:365:16 | s2 | != | 0 | test.cpp:366:3:366:12 | return ... | +| test.cpp:365:14:365:16 | ! ... | test.cpp:365:15:365:16 | s2 | == | 1 | test.cpp:366:3:366:12 | return ... | +| test.cpp:365:15:365:16 | s2 | test.cpp:365:14:365:16 | ! ... | != | 1 | test.cpp:366:3:366:12 | return ... | +| test.cpp:365:15:365:16 | s2 | test.cpp:365:14:365:16 | ! ... | == | 0 | test.cpp:366:3:366:12 | return ... | +| test.cpp:365:15:365:16 | s2 | test.cpp:365:15:365:16 | s2 | != | 0 | test.cpp:366:3:366:12 | return ... | +| test.cpp:365:15:365:16 | s2 | test.cpp:365:15:365:16 | s2 | == | 1 | test.cpp:366:3:366:12 | return ... | +| test.cpp:371:29:371:32 | flag | test.cpp:372:10:372:13 | flag | != | 0 | test.cpp:372:17:372:31 | SUCCESS | +| test.cpp:371:29:371:32 | flag | test.cpp:372:10:372:13 | flag | != | 1 | test.cpp:372:35:372:49 | FAILURE | +| test.cpp:371:29:371:32 | flag | test.cpp:372:10:372:13 | flag | == | 0 | test.cpp:372:35:372:49 | FAILURE | +| test.cpp:371:29:371:32 | flag | test.cpp:372:10:372:13 | flag | == | 1 | test.cpp:372:17:372:31 | SUCCESS | +| test.cpp:372:10:372:13 | flag | test.cpp:372:10:372:13 | flag | != | 0 | test.cpp:372:17:372:31 | SUCCESS | +| test.cpp:372:10:372:13 | flag | test.cpp:372:10:372:13 | flag | != | 1 | test.cpp:372:35:372:49 | FAILURE | +| test.cpp:372:10:372:13 | flag | test.cpp:372:10:372:13 | flag | == | 0 | test.cpp:372:35:372:49 | FAILURE | +| test.cpp:372:10:372:13 | flag | test.cpp:372:10:372:13 | flag | == | 1 | test.cpp:372:17:372:31 | SUCCESS | +| test.cpp:376:7:376:18 | call to testNotNull1 | test.cpp:376:7:376:18 | call to testNotNull1 | != | 0 | test.cpp:376:24:377:7 | { ... } | +| test.cpp:376:7:376:18 | call to testNotNull1 | test.cpp:376:7:376:18 | call to testNotNull1 | != | 1 | test.cpp:378:10:379:7 | { ... } | +| test.cpp:376:7:376:18 | call to testNotNull1 | test.cpp:376:7:376:18 | call to testNotNull1 | == | 0 | test.cpp:378:10:379:7 | { ... } | +| test.cpp:376:7:376:18 | call to testNotNull1 | test.cpp:376:7:376:18 | call to testNotNull1 | == | 1 | test.cpp:376:24:377:7 | { ... } | +| test.cpp:382:7:382:18 | call to testNotNull2 | test.cpp:382:7:382:18 | call to testNotNull2 | != | 0 | test.cpp:382:24:383:7 | { ... } | +| test.cpp:382:7:382:18 | call to testNotNull2 | test.cpp:382:7:382:18 | call to testNotNull2 | != | 1 | test.cpp:384:10:385:7 | { ... } | +| test.cpp:382:7:382:18 | call to testNotNull2 | test.cpp:382:7:382:18 | call to testNotNull2 | == | 0 | test.cpp:384:10:385:7 | { ... } | +| test.cpp:382:7:382:18 | call to testNotNull2 | test.cpp:382:7:382:18 | call to testNotNull2 | == | 1 | test.cpp:382:24:383:7 | { ... } | +| test.cpp:388:7:388:29 | ... == ... | test.cpp:388:7:388:29 | ... == ... | != | 0 | test.cpp:388:32:389:7 | { ... } | +| test.cpp:388:7:388:29 | ... == ... | test.cpp:388:7:388:29 | ... == ... | != | 1 | test.cpp:390:10:391:7 | { ... } | +| test.cpp:388:7:388:29 | ... == ... | test.cpp:388:7:388:29 | ... == ... | == | 0 | test.cpp:390:10:391:7 | { ... } | +| test.cpp:388:7:388:29 | ... == ... | test.cpp:388:7:388:29 | ... == ... | == | 1 | test.cpp:388:32:389:7 | { ... } | +| test.cpp:388:7:388:29 | ... == ... | test.cpp:388:12:388:26 | call to getNumOrDefault | != | 0 | test.cpp:390:10:391:7 | { ... } | +| test.cpp:388:7:388:29 | ... == ... | test.cpp:388:12:388:26 | call to getNumOrDefault | == | 0 | test.cpp:388:32:389:7 | { ... } | +| test.cpp:394:7:394:47 | ... == ... | test.cpp:394:7:394:47 | ... == ... | != | 0 | test.cpp:394:50:395:7 | { ... } | +| test.cpp:394:7:394:47 | ... == ... | test.cpp:394:7:394:47 | ... == ... | != | 1 | test.cpp:396:10:397:7 | { ... } | +| test.cpp:394:7:394:47 | ... == ... | test.cpp:394:7:394:47 | ... == ... | == | 0 | test.cpp:396:10:397:7 | { ... } | +| test.cpp:394:7:394:47 | ... == ... | test.cpp:394:7:394:47 | ... == ... | == | 1 | test.cpp:394:50:395:7 | { ... } | +| test.cpp:394:7:394:47 | ... == ... | test.cpp:394:15:394:34 | call to returnAIfNoneAreNull | != | 0 | test.cpp:396:10:397:7 | { ... } | +| test.cpp:394:7:394:47 | ... == ... | test.cpp:394:15:394:34 | call to returnAIfNoneAreNull | == | 0 | test.cpp:394:50:395:7 | { ... } | +| test.cpp:400:11:400:25 | call to testEnumWrapper | test.cpp:400:11:400:25 | call to testEnumWrapper | == | 1 | test.cpp:401:5:403:12 | case ...: | +| test.cpp:400:11:400:25 | call to testEnumWrapper | test.cpp:400:11:400:25 | call to testEnumWrapper | == | 2 | test.cpp:404:5:406:12 | case ...: | +| test.cpp:411:7:411:8 | ! ... | test.cpp:411:7:411:8 | ! ... | != | 0 | test.cpp:410:6:410:18 | ensureNotNull | +| test.cpp:411:7:411:8 | ! ... | test.cpp:411:7:411:8 | ! ... | != | 0 | test.cpp:411:11:411:18 | ExprStmt | +| test.cpp:411:7:411:8 | ! ... | test.cpp:411:7:411:8 | ! ... | != | 1 | test.cpp:410:6:410:18 | ensureNotNull | +| test.cpp:411:7:411:8 | ! ... | test.cpp:411:7:411:8 | ! ... | != | 1 | test.cpp:412:1:412:1 | return ... | +| test.cpp:411:7:411:8 | ! ... | test.cpp:411:7:411:8 | ! ... | == | 0 | test.cpp:410:6:410:18 | ensureNotNull | +| test.cpp:411:7:411:8 | ! ... | test.cpp:411:7:411:8 | ! ... | == | 0 | test.cpp:412:1:412:1 | return ... | +| test.cpp:411:7:411:8 | ! ... | test.cpp:411:7:411:8 | ! ... | == | 1 | test.cpp:410:6:410:18 | ensureNotNull | +| test.cpp:411:7:411:8 | ! ... | test.cpp:411:7:411:8 | ! ... | == | 1 | test.cpp:411:11:411:18 | ExprStmt | +| test.cpp:411:7:411:8 | ! ... | test.cpp:411:8:411:8 | o | != | 0 | test.cpp:410:6:410:18 | ensureNotNull | +| test.cpp:411:7:411:8 | ! ... | test.cpp:411:8:411:8 | o | != | 0 | test.cpp:412:1:412:1 | return ... | +| test.cpp:411:7:411:8 | ! ... | test.cpp:411:8:411:8 | o | != | 1 | test.cpp:410:6:410:18 | ensureNotNull | +| test.cpp:411:7:411:8 | ! ... | test.cpp:411:8:411:8 | o | != | 1 | test.cpp:411:11:411:18 | ExprStmt | +| test.cpp:411:7:411:8 | ! ... | test.cpp:411:8:411:8 | o | == | 0 | test.cpp:410:6:410:18 | ensureNotNull | +| test.cpp:411:7:411:8 | ! ... | test.cpp:411:8:411:8 | o | == | 0 | test.cpp:411:11:411:18 | ExprStmt | +| test.cpp:411:7:411:8 | ! ... | test.cpp:411:8:411:8 | o | == | 1 | test.cpp:410:6:410:18 | ensureNotNull | +| test.cpp:411:7:411:8 | ! ... | test.cpp:411:8:411:8 | o | == | 1 | test.cpp:412:1:412:1 | return ... | +| test.cpp:411:8:411:8 | o | test.cpp:411:7:411:8 | ! ... | != | 0 | test.cpp:410:6:410:18 | ensureNotNull | +| test.cpp:411:8:411:8 | o | test.cpp:411:7:411:8 | ! ... | != | 0 | test.cpp:411:11:411:18 | ExprStmt | +| test.cpp:411:8:411:8 | o | test.cpp:411:7:411:8 | ! ... | != | 1 | test.cpp:410:6:410:18 | ensureNotNull | +| test.cpp:411:8:411:8 | o | test.cpp:411:7:411:8 | ! ... | != | 1 | test.cpp:412:1:412:1 | return ... | +| test.cpp:411:8:411:8 | o | test.cpp:411:7:411:8 | ! ... | == | 0 | test.cpp:410:6:410:18 | ensureNotNull | +| test.cpp:411:8:411:8 | o | test.cpp:411:7:411:8 | ! ... | == | 0 | test.cpp:412:1:412:1 | return ... | +| test.cpp:411:8:411:8 | o | test.cpp:411:7:411:8 | ! ... | == | 1 | test.cpp:410:6:410:18 | ensureNotNull | +| test.cpp:411:8:411:8 | o | test.cpp:411:7:411:8 | ! ... | == | 1 | test.cpp:411:11:411:18 | ExprStmt | +| test.cpp:411:8:411:8 | o | test.cpp:411:8:411:8 | o | != | 0 | test.cpp:410:6:410:18 | ensureNotNull | +| test.cpp:411:8:411:8 | o | test.cpp:411:8:411:8 | o | != | 0 | test.cpp:412:1:412:1 | return ... | +| test.cpp:411:8:411:8 | o | test.cpp:411:8:411:8 | o | != | 1 | test.cpp:410:6:410:18 | ensureNotNull | +| test.cpp:411:8:411:8 | o | test.cpp:411:8:411:8 | o | != | 1 | test.cpp:411:11:411:18 | ExprStmt | +| test.cpp:411:8:411:8 | o | test.cpp:411:8:411:8 | o | == | 0 | test.cpp:410:6:410:18 | ensureNotNull | +| test.cpp:411:8:411:8 | o | test.cpp:411:8:411:8 | o | == | 0 | test.cpp:411:11:411:18 | ExprStmt | +| test.cpp:411:8:411:8 | o | test.cpp:411:8:411:8 | o | == | 1 | test.cpp:410:6:410:18 | ensureNotNull | +| test.cpp:411:8:411:8 | o | test.cpp:411:8:411:8 | o | == | 1 | test.cpp:412:1:412:1 | return ... | diff --git a/cpp/ql/test/library-tests/controlflow/guards/GuardsInline.expected b/cpp/ql/test/library-tests/controlflow/guards/GuardsInline.expected new file mode 100644 index 00000000000..afc6f314316 --- /dev/null +++ b/cpp/ql/test/library-tests/controlflow/guards/GuardsInline.expected @@ -0,0 +1,31 @@ +| test.cpp:351:5:351:7 | Call: call to chk | '42:not 0' | +| test.cpp:351:5:351:7 | Call: call to chk | '... ? ... : ...:not 0' | +| test.cpp:351:5:351:7 | Call: call to chk | 'call to testNotNull1:true' | +| test.cpp:351:5:351:7 | Call: call to chk | 'x != 0:true' | +| test.cpp:351:5:351:7 | Call: call to chk | 'x:not 0' | +| test.cpp:351:5:351:7 | Call: call to chk | 'y:not null' | +| test.cpp:377:5:377:7 | Call: call to chk | 'call to testNotNull1:true' | +| test.cpp:377:5:377:7 | Call: call to chk | 'p:not null' | +| test.cpp:379:5:379:7 | Call: call to chk | 'call to testNotNull1:false' | +| test.cpp:379:5:379:7 | Call: call to chk | p:null | +| test.cpp:383:5:383:7 | Call: call to chk | 'call to testNotNull2:true' | +| test.cpp:383:5:383:7 | Call: call to chk | 'p:not null' | +| test.cpp:385:5:385:7 | Call: call to chk | 'call to testNotNull2:false' | +| test.cpp:385:5:385:7 | Call: call to chk | p:null | +| test.cpp:389:5:389:7 | Call: call to chk | '0 == call to getNumOrDefault:true' | +| test.cpp:389:5:389:7 | Call: call to chk | 'call to getNumOrDefault:0' | +| test.cpp:391:5:391:7 | Call: call to chk | '0 == call to getNumOrDefault:false' | +| test.cpp:391:5:391:7 | Call: call to chk | 'call to getNumOrDefault:not 0' | +| test.cpp:391:5:391:7 | Call: call to chk | 'i:not null' | +| test.cpp:395:5:395:7 | Call: call to chk | '0 == call to returnAIfNoneAreNull:true' | +| test.cpp:395:5:395:7 | Call: call to chk | 'call to returnAIfNoneAreNull:0' | +| test.cpp:397:5:397:7 | Call: call to chk | '0 == call to returnAIfNoneAreNull:false' | +| test.cpp:397:5:397:7 | Call: call to chk | 'call to returnAIfNoneAreNull:not 0' | +| test.cpp:397:5:397:7 | Call: call to chk | 's:not null' | +| test.cpp:397:5:397:7 | Call: call to chk | 'suffix:not null' | +| test.cpp:402:7:402:9 | Call: call to chk | 'call to testEnumWrapper:1' | +| test.cpp:402:7:402:9 | Call: call to chk | 'call to testEnumWrapper=SUCCESS:true' | +| test.cpp:402:7:402:9 | Call: call to chk | b:true | +| test.cpp:405:7:405:9 | Call: call to chk | 'call to testEnumWrapper:2' | +| test.cpp:405:7:405:9 | Call: call to chk | 'call to testEnumWrapper=FAILURE:true' | +| test.cpp:405:7:405:9 | Call: call to chk | b:false | diff --git a/cpp/ql/test/library-tests/controlflow/guards/GuardsInline.ql b/cpp/ql/test/library-tests/controlflow/guards/GuardsInline.ql new file mode 100644 index 00000000000..a6875080d37 --- /dev/null +++ b/cpp/ql/test/library-tests/controlflow/guards/GuardsInline.ql @@ -0,0 +1,44 @@ +import cpp +import semmle.code.cpp.controlflow.Guards +import codeql.util.Boolean + +bindingset[s] +string escape(string s) { if s.matches("% %") then result = "'" + s + "'" else result = s } + +Expr getUnconverted(Element e) { + not e instanceof Expr and + result = e + or + result = e.(Expr).getUnconverted() +} + +string ppGuard(IRGuardCondition g, GuardValue val) { + exists(BinaryOperation bin | + bin = getUnconverted(g.getAst()) and + result = + bin.getLeftOperand() + " " + bin.getOperator() + " " + bin.getRightOperand() + ":" + val + ) + or + exists(SwitchCase cc, Expr s, string value | + cc = g.getAst() and + cc.getExpr() = s and + result = cc.getSwitchStmt().getExpr() + "=" + value + ":" + val + | + value = cc.getExpr().toString() + or + cc.isDefault() and value = "default" + ) +} + +query predicate guarded(CallInstruction c, string guard) { + c.getStaticCallTarget().hasName("chk") and + exists(IRGuardCondition g, IRBlock bb, GuardValue val | + g.valueControls(bb, val) and + c.getBlock() = bb + | + guard = escape(ppGuard(g, val)) + or + not exists(ppGuard(g, val)) and + guard = escape(getUnconverted(g.getAst()).toString() + ":" + val) + ) +} diff --git a/cpp/ql/test/library-tests/controlflow/guards/GuardsInline.qlref b/cpp/ql/test/library-tests/controlflow/guards/GuardsInline.qlref new file mode 100644 index 00000000000..5a66d6da1a0 --- /dev/null +++ b/cpp/ql/test/library-tests/controlflow/guards/GuardsInline.qlref @@ -0,0 +1,2 @@ +query: GuardsInline.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql \ No newline at end of file diff --git a/cpp/ql/test/library-tests/controlflow/guards/test.cpp b/cpp/ql/test/library-tests/controlflow/guards/test.cpp index 2ef61734e69..7b042f95e71 100644 --- a/cpp/ql/test/library-tests/controlflow/guards/test.cpp +++ b/cpp/ql/test/library-tests/controlflow/guards/test.cpp @@ -320,4 +320,99 @@ void test_cmp_implies_unary(int a) { } else { } -} \ No newline at end of file +} + +int foo(); + +void test_constant_value_and_case_range(bool b) +{ + int x = foo(); + if (b) + { + x = 42; + } + switch (x) + { + case 40 ... 50: + // should not be guarded by `foo() = 40..50` + use(x); + } +} + +void chk(); + +bool testNotNull1(void* input) { + return input != nullptr; +} + +void test_ternary(void* y) { + int x = testNotNull1(y) ? 42 : 0; + if (x != 0) { + chk(); // $ guarded='... ? ... : ...:not 0' guarded='42:not 0' guarded='call to testNotNull1:true' guarded='x != 0:true' guarded='x:not 0' guarded='y:not null' + } +} + +bool testNotNull2(void* input) { + if (input == nullptr) return false; + return true; +} + +int getNumOrDefault(int* number) { + return number == nullptr ? 0 : *number; +} + +char returnAIfNoneAreNull(char* s1, char* s2) { + if (!s1 || !s2) return '\0'; + return 'a'; +} + +enum class Status { SUCCESS = 1, FAILURE = 2 }; + +Status testEnumWrapper(bool flag) { + return flag ? Status::SUCCESS : Status::FAILURE; +} + +void testWrappers(void* p, int* i, char* s, bool b) { + if (testNotNull1(p)) { + chk(); // $ guarded='p:not null' guarded='call to testNotNull1:true' + } else { + chk(); // $ guarded=p:null guarded='call to testNotNull1:false' + } + + if (testNotNull2(p)) { + chk(); // $ guarded='call to testNotNull2:true' guarded='p:not null' + } else { + chk(); // $ guarded='call to testNotNull2:false' guarded=p:null + } + + if (0 == getNumOrDefault(i)) { + chk(); // $ guarded='0 == call to getNumOrDefault:true' guarded='call to getNumOrDefault:0' + } else { + chk(); // $ guarded='0 == call to getNumOrDefault:false' guarded='call to getNumOrDefault:not 0' guarded='i:not null' + } + + if ('\0' == returnAIfNoneAreNull(s, "suffix")) { + chk(); // $ guarded='0 == call to returnAIfNoneAreNull:true' guarded='call to returnAIfNoneAreNull:0' + } else { + chk(); // $ guarded='0 == call to returnAIfNoneAreNull:false' guarded='call to returnAIfNoneAreNull:not 0' guarded='s:not null' guarded='suffix:not null' + } + + switch (testEnumWrapper(b)) { + case Status::SUCCESS: + chk(); // $ guarded='call to testEnumWrapper=SUCCESS:true' guarded='call to testEnumWrapper:1' guarded=b:true + break; + case Status::FAILURE: + chk(); // $ guarded='call to testEnumWrapper=FAILURE:true' guarded='call to testEnumWrapper:2' guarded=b:false + break; + } +} + +void ensureNotNull(void* o) { + if (!o) throw 42; +} + +void testExceptionWrapper(void* s) { + chk(); // nothing guards here + ensureNotNull(s); + chk(); // $ MISSING: guarded='call to ensureNotNull:no exception' guarded='s:not null' +} diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/BarrierGuard.cpp b/cpp/ql/test/library-tests/dataflow/dataflow-tests/BarrierGuard.cpp index 71d22ad4edd..5cddd92d27b 100644 --- a/cpp/ql/test/library-tests/dataflow/dataflow-tests/BarrierGuard.cpp +++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/BarrierGuard.cpp @@ -125,4 +125,67 @@ void test_phi_read_guard_2(bool b) { } sink(x); // $ SPURIOUS: ast -} \ No newline at end of file +} + +bool guarded_wrapper(int x) { + if(guarded(x)) { + return true; + } else { + return false; + } +} + +bool guarded_wrapper_2(int x) { + bool b; + if(guarded(x)) { + b = true; + } else { + b = false; + } + return b; +} + +bool guarded_wrapper_3(int x) { + bool b = false; + if(guarded(x)) { + b = true; + } + return b; +} + +bool guarded_wrapper_4(int x) { + bool b = false; + if(guarded(x)) { + return true; + } + return b; +} + +void test_guarded_wrapper() { + int x = source(); + + if(guarded_wrapper(x)) { + sink(x); // $ SPURIOUS: ast + } else { + sink(x); // $ ast,ir + } + + if(guarded_wrapper_2(x)) { + sink(x); // $ SPURIOUS: ast + } else { + sink(x); // $ ast,ir + } + + if(guarded_wrapper_3(x)) { + sink(x); // $ SPURIOUS: ast + } else { + sink(x); // $ ast,ir + } + + if(guarded_wrapper_4(x)) { + sink(x); // $ SPURIOUS: ast + } else { + sink(x); // $ ast,ir + } +} + diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/guard-condition-regression-test.ql b/cpp/ql/test/library-tests/dataflow/dataflow-tests/guard-condition-regression-test.ql index a21cd910a2a..1218fe396c8 100644 --- a/cpp/ql/test/library-tests/dataflow/dataflow-tests/guard-condition-regression-test.ql +++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/guard-condition-regression-test.ql @@ -17,7 +17,7 @@ module IRTestAllocationConfig implements DataFlow::ConfigSig { } predicate isBarrier(DataFlow::Node node) { - exists(GuardCondition gc | node.asExpr() = gc.getAChild*()) + exists(GuardCondition gc | node.asExpr() = gc.(Expr).getAChild*()) } } diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/test-source-sink.expected b/cpp/ql/test/library-tests/dataflow/dataflow-tests/test-source-sink.expected index 8c009241734..d9ac3c3dee5 100644 --- a/cpp/ql/test/library-tests/dataflow/dataflow-tests/test-source-sink.expected +++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/test-source-sink.expected @@ -16,6 +16,14 @@ astFlow | BarrierGuard.cpp:90:11:90:16 | call to source | BarrierGuard.cpp:101:8:101:8 | x | | BarrierGuard.cpp:107:11:107:16 | call to source | BarrierGuard.cpp:112:8:112:8 | x | | BarrierGuard.cpp:116:11:116:16 | call to source | BarrierGuard.cpp:127:8:127:8 | x | +| BarrierGuard.cpp:165:11:165:16 | call to source | BarrierGuard.cpp:168:10:168:10 | x | +| BarrierGuard.cpp:165:11:165:16 | call to source | BarrierGuard.cpp:170:10:170:10 | x | +| BarrierGuard.cpp:165:11:165:16 | call to source | BarrierGuard.cpp:174:10:174:10 | x | +| BarrierGuard.cpp:165:11:165:16 | call to source | BarrierGuard.cpp:176:10:176:10 | x | +| BarrierGuard.cpp:165:11:165:16 | call to source | BarrierGuard.cpp:180:10:180:10 | x | +| BarrierGuard.cpp:165:11:165:16 | call to source | BarrierGuard.cpp:182:10:182:10 | x | +| BarrierGuard.cpp:165:11:165:16 | call to source | BarrierGuard.cpp:186:10:186:10 | x | +| BarrierGuard.cpp:165:11:165:16 | call to source | BarrierGuard.cpp:188:10:188:10 | x | | acrossLinkTargets.cpp:19:27:19:32 | call to source | acrossLinkTargets.cpp:12:8:12:8 | x | | clang.cpp:12:9:12:20 | sourceArray1 | clang.cpp:18:8:18:19 | sourceArray1 | | clang.cpp:12:9:12:20 | sourceArray1 | clang.cpp:22:8:22:20 | & ... | @@ -156,6 +164,10 @@ irFlow | BarrierGuard.cpp:49:10:49:15 | call to source | BarrierGuard.cpp:55:13:55:13 | x | | BarrierGuard.cpp:60:11:60:16 | call to source | BarrierGuard.cpp:64:14:64:14 | x | | BarrierGuard.cpp:60:11:60:16 | call to source | BarrierGuard.cpp:66:14:66:14 | x | +| BarrierGuard.cpp:165:11:165:16 | call to source | BarrierGuard.cpp:170:10:170:10 | x | +| BarrierGuard.cpp:165:11:165:16 | call to source | BarrierGuard.cpp:176:10:176:10 | x | +| BarrierGuard.cpp:165:11:165:16 | call to source | BarrierGuard.cpp:182:10:182:10 | x | +| BarrierGuard.cpp:165:11:165:16 | call to source | BarrierGuard.cpp:188:10:188:10 | x | | acrossLinkTargets.cpp:19:27:19:32 | call to source | acrossLinkTargets.cpp:12:8:12:8 | x | | clang.cpp:12:9:12:20 | sourceArray1 | clang.cpp:18:8:18:19 | sourceArray1 | | clang.cpp:12:9:12:20 | sourceArray1 | clang.cpp:23:17:23:29 | *& ... | diff --git a/cpp/ql/test/library-tests/dataflow/ir-barrier-guards/test.ql b/cpp/ql/test/library-tests/dataflow/ir-barrier-guards/test.ql index 15b165a7de1..20610c55385 100644 --- a/cpp/ql/test/library-tests/dataflow/ir-barrier-guards/test.ql +++ b/cpp/ql/test/library-tests/dataflow/ir-barrier-guards/test.ql @@ -7,7 +7,7 @@ predicate instructionGuardChecks(IRGuardCondition gc, Instruction checked, boole exists(CallInstruction call | call.getStaticCallTarget().hasName("checkArgument") and checked = call.getAnArgument() and - gc.comparesEq(call.getAUse(), 0, false, any(BooleanValue bv | bv.getValue() = branch)) + gc.comparesEq(call.getAUse(), 0, false, any(GuardValue bv | bv.asBooleanValue() = branch)) ) } diff --git a/cpp/ql/test/library-tests/files/Files.expected b/cpp/ql/test/library-tests/files/Files.expected index 13f3a6b2da1..f94c07badcf 100644 --- a/cpp/ql/test/library-tests/files/Files.expected +++ b/cpp/ql/test/library-tests/files/Files.expected @@ -1,4 +1,4 @@ -| c.c | c.c | CFile, MetricFile | C | | | -| files1.cpp | files1.cpp | CppFile, MetricFile | C++ | swap | t | -| files1.h | files1.h | HeaderFile, MetricFile | | swap | | -| files2.cpp | files2.cpp | CppFile, MetricFile | C++ | g | x, y | +| c.c | c.c | CFile, GuardConditionImpl, MetricFile | C | | | +| files1.cpp | files1.cpp | CppFile, GuardConditionImpl, MetricFile | C++ | swap | t | +| files1.h | files1.h | GuardConditionImpl, HeaderFile, MetricFile | | swap | | +| files2.cpp | files2.cpp | CppFile, GuardConditionImpl, MetricFile | C++ | g | x, y | diff --git a/cpp/ql/test/library-tests/functions/routinetype/types.expected b/cpp/ql/test/library-tests/functions/routinetype/types.expected index d620bea517e..87d51330d76 100644 --- a/cpp/ql/test/library-tests/functions/routinetype/types.expected +++ b/cpp/ql/test/library-tests/functions/routinetype/types.expected @@ -1 +1 @@ -| routinetype.cpp:2:7:2:19 | myRoutineType | file://:0:0:0:0 | ..()(..) | RoutineType | +| routinetype.cpp:2:7:2:19 | myRoutineType | file://:0:0:0:0 | ..()(..) | GuardConditionImpl, RoutineType | diff --git a/cpp/ql/test/library-tests/ir/range-analysis/test.cpp b/cpp/ql/test/library-tests/ir/range-analysis/test.cpp index 7234449a4ed..0c1a98b06bb 100644 --- a/cpp/ql/test/library-tests/ir/range-analysis/test.cpp +++ b/cpp/ql/test/library-tests/ir/range-analysis/test.cpp @@ -145,4 +145,15 @@ void nonterminating_without_operands_as_ssa(X *x) { while (x->n) { x->n--; } +} + +void test_with_irreduble_cfg(int i, int x) { + if (x < i) { + } else { + goto inLoop; + } + for(; i < x; i++) { + inLoop: + range(i); // $ range="<=InitializeParameter: x+0" + } } \ No newline at end of file diff --git a/cpp/ql/test/library-tests/preprocessor/preprocessor/preproc.expected b/cpp/ql/test/library-tests/preprocessor/preprocessor/preproc.expected index 7c448ba6550..e9198ba5ea0 100644 --- a/cpp/ql/test/library-tests/preprocessor/preprocessor/preproc.expected +++ b/cpp/ql/test/library-tests/preprocessor/preprocessor/preproc.expected @@ -1,101 +1,101 @@ -| a.h:0:0:0:0 | a.h | 1 | 1 | 1 | 19 | IncludeNext | "a.h" | N/A | -| pp23.cpp:0:0:0:0 | pp23.cpp | 3 | 1 | 3 | 11 | Macro | BAR | | -| pp23.cpp:0:0:0:0 | pp23.cpp | 5 | 1 | 5 | 10 | PreprocessorIfdef | FOO | N/A | -| pp23.cpp:0:0:0:0 | pp23.cpp | 7 | 1 | 7 | 12 | PreprocessorElifdef | BAR | N/A | -| pp23.cpp:0:0:0:0 | pp23.cpp | 8 | 1 | 8 | 16 | PreprocessorWarning | C++23 2 | N/A | -| pp23.cpp:0:0:0:0 | pp23.cpp | 9 | 1 | 9 | 6 | PreprocessorEndif | N/A | N/A | -| pp23.cpp:0:0:0:0 | pp23.cpp | 11 | 1 | 11 | 10 | PreprocessorIfdef | FOO | N/A | -| pp23.cpp:0:0:0:0 | pp23.cpp | 13 | 1 | 13 | 13 | PreprocessorElifndef | FOO | N/A | -| pp23.cpp:0:0:0:0 | pp23.cpp | 14 | 1 | 14 | 16 | PreprocessorWarning | C++23 3 | N/A | -| pp23.cpp:0:0:0:0 | pp23.cpp | 15 | 1 | 15 | 6 | PreprocessorEndif | N/A | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 1 | 1 | 1 | 16 | PreprocessorIf | defined(FOO) | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 3 | 1 | 3 | 19 | PreprocessorElif | !defined(BAR) | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 4 | 1 | 4 | 11 | Macro | BAR | | -| pp.cpp:0:0:0:0 | pp.cpp | 5 | 1 | 5 | 17 | Macro | BAR_val | 1 | -| pp.cpp:0:0:0:0 | pp.cpp | 6 | 1 | 6 | 24 | Macro | BAR_fn() | BAR_val | -| pp.cpp:0:0:0:0 | pp.cpp | 7 | 1 | 7 | 5 | PreprocessorElse | N/A | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 9 | 1 | 9 | 6 | PreprocessorEndif | N/A | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 11 | 1 | 11 | 10 | PreprocessorUndef | BAR | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 12 | 1 | 12 | 68 | Macro | SCARY(a,aa,aaah) | (aa ) | -| pp.cpp:0:0:0:0 | pp.cpp | 13 | 1 | 13 | 63 | Macro | LOG(fmt,__VA_ARGS__...) | printf("Warning: %s", fmt, __VA__ARGS__) | -| pp.cpp:0:0:0:0 | pp.cpp | 14 | 1 | 14 | 15 | Include | "pp.h" | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 16 | 1 | 16 | 5 | PreprocessorIf | 0 | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 17 | 1 | 17 | 5 | PreprocessorElse | N/A | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 18 | 1 | 18 | 6 | PreprocessorEndif | N/A | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 20 | 1 | 20 | 5 | PreprocessorIf | 1 | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 21 | 1 | 21 | 5 | PreprocessorElse | N/A | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 22 | 1 | 22 | 6 | PreprocessorEndif | N/A | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 24 | 1 | 24 | 13 | Import | "a.h" | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 30 | 2 | 30 | 32 | Macro | MACRO_FUNCTIONCONTEXT | 1 | -| pp.cpp:0:0:0:0 | pp.cpp | 36 | 2 | 36 | 29 | Macro | MACRO_CLASSCONTEXT | 2 | -| pp.cpp:0:0:0:0 | pp.cpp | 42 | 2 | 42 | 40 | Macro | MACRO_TEMPLATEFUNCTIONCONTEXT | 3 | -| pp.cpp:0:0:0:0 | pp.cpp | 49 | 2 | 49 | 37 | Macro | MACRO_TEMPLATECLASSCONTEXT | 4 | -| pp.cpp:0:0:0:0 | pp.cpp | 50 | 2 | 50 | 48 | Macro | MACRO_TEMPLATECLASSCONTEXT_REFERENCED | 5 | -| pp.cpp:0:0:0:0 | pp.cpp | 54 | 3 | 54 | 39 | Macro | MACRO_TEMPLATEMETHODCONTEXT | 6 | -| pp.cpp:0:0:0:0 | pp.cpp | 57 | 1 | 57 | 21 | PreprocessorIfdef | INSTANTIATION | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 59 | 1 | 59 | 6 | PreprocessorElse | | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 60 | 3 | 60 | 21 | Macro | IN_TEMPLATE | | -| pp.cpp:0:0:0:0 | pp.cpp | 61 | 1 | 61 | 7 | PreprocessorEndif | | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 69 | 1 | 69 | 21 | Macro | INSTANTIATION | | -| pp.cpp:0:0:0:0 | pp.cpp | 72 | 1 | 72 | 11 | Macro | BAR | | -| pp.cpp:0:0:0:0 | pp.cpp | 74 | 1 | 75 | 14 | PreprocessorIf | defined(BAR) && defined(BAR) | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 76 | 1 | 76 | 20 | PreprocessorWarning | BAR defined | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 77 | 1 | 77 | 6 | PreprocessorEndif | N/A | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 79 | 1 | 80 | 26 | PreprocessorIf | defined MACROTHREE && (defined(MACROONE)) | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 81 | 1 | 81 | 6 | PreprocessorEndif | N/A | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 83 | 1 | 83 | 26 | PreprocessorIf | defined SIMPLE_COMMENT | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 85 | 1 | 85 | 6 | PreprocessorEndif | N/A | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 87 | 1 | 88 | 16 | PreprocessorIf | defined(FOO) && defined(BAR) | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 90 | 1 | 90 | 6 | PreprocessorEndif | N/A | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 92 | 1 | 94 | 17 | PreprocessorIf | defined(FOO) && defined(BAR) && !defined(BAZ) | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 96 | 1 | 96 | 6 | PreprocessorEndif | N/A | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 98 | 1 | 98 | 13 | Macro | FOO | 8 | -| pp.cpp:0:0:0:0 | pp.cpp | 99 | 1 | 99 | 13 | Macro | BAR | 2 | -| pp.cpp:0:0:0:0 | pp.cpp | 100 | 1 | 100 | 13 | Macro | BAZ | 4 | -| pp.cpp:0:0:0:0 | pp.cpp | 101 | 1 | 104 | 8 | PreprocessorIf | ((FOO / BAR) == 4) && ((BAZ * QUX) > 10) | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 106 | 1 | 106 | 6 | PreprocessorEndif | N/A | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 109 | 1 | 111 | 13 | PreprocessorIf | defined(FOO) && defined(BAR) && defined(BAZ) | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 112 | 1 | 112 | 29 | Macro | CONDITIONAL_MACRO_4 | 4 | -| pp.cpp:0:0:0:0 | pp.cpp | 113 | 1 | 113 | 6 | PreprocessorEndif | N/A | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 116 | 1 | 116 | 39 | PreprocessorIf | defined SIMPLE_COMMENT | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 118 | 1 | 118 | 6 | PreprocessorEndif | N/A | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 120 | 1 | 120 | 12 | PreprocessorWarning | foo | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 122 | 1 | 122 | 12 | PreprocessorWarning | foo | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 126 | 1 | 126 | 12 | PreprocessorWarning | foo | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 129 | 1 | 129 | 12 | PreprocessorWarning | foo | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 134 | 1 | 134 | 13 | Macro | FOO | 8 | -| pp.cpp:0:0:0:0 | pp.cpp | 135 | 1 | 135 | 13 | Macro | BAR | 2 | -| pp.cpp:0:0:0:0 | pp.cpp | 136 | 1 | 136 | 13 | Macro | BAZ | 4 | -| pp.cpp:0:0:0:0 | pp.cpp | 137 | 1 | 142 | 8 | PreprocessorIf | ((FOO / BAR) == 4) && ((BAZ * QUX) > 10) | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 144 | 1 | 144 | 6 | PreprocessorEndif | N/A | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 146 | 1 | 146 | 11 | Macro | X | 1 | -| pp.cpp:0:0:0:0 | pp.cpp | 147 | 1 | 147 | 11 | Macro | Y | 2 | -| pp.cpp:0:0:0:0 | pp.cpp | 148 | 1 | 149 | 36 | PreprocessorIf | defined(X) && defined(Y) | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 151 | 1 | 151 | 6 | PreprocessorEndif | N/A | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 153 | 1 | 157 | 3 | PreprocessorWarning | FOO BAR | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 160 | 1 | 160 | 12 | PreprocessorWarning | foo | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 166 | 1 | 166 | 22 | PreprocessorIf | A &&B | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 167 | 1 | 167 | 6 | PreprocessorEndif | N/A | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 170 | 1 | 170 | 20 | PreprocessorIf | A | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 171 | 1 | 171 | 6 | PreprocessorEndif | N/A | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 173 | 1 | 175 | 6 | PreprocessorIf | A && B | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 176 | 1 | 176 | 6 | PreprocessorEndif | N/A | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 179 | 1 | 183 | 9 | PreprocessorIfdef | FOOBAR | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 185 | 1 | 185 | 5 | PreprocessorElse | N/A | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 186 | 1 | 186 | 10 | PreprocessorWarning | b | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 187 | 1 | 187 | 6 | PreprocessorEndif | N/A | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 190 | 1 | 194 | 9 | PreprocessorIf | FOOBAR | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 195 | 1 | 195 | 6 | PreprocessorEndif | N/A | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 197 | 1 | 197 | 18 | PreprocessorIf | A | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 198 | 1 | 198 | 6 | PreprocessorEndif | N/A | N/A | -| pp.h:0:0:0:0 | pp.h | 1 | 1 | 1 | 12 | PreprocessorPragma | once | N/A | -| pp.h:0:0:0:0 | pp.h | 2 | 1 | 2 | 29 | PreprocessorWarning | "This should happen" | N/A | -| pp.h:0:0:0:0 | pp.h | 3 | 1 | 3 | 27 | PreprocessorLine | 33 "emerald_city.h" | N/A | -| pp.h:0:0:0:0 | pp.h | 4 | 1 | 4 | 30 | PreprocessorPragma | byte_order(big_endian) | N/A | -| pp.h:0:0:0:0 | pp.h | 5 | 1 | 5 | 33 | PreprocessorWarning | "Not in Kansas any more" | N/A | -| pp.h:0:0:0:0 | pp.h | 7 | 1 | 11 | 8 | Macro | MULTILINE | world a long | -| pp.h:0:0:0:0 | pp.h | 13 | 1 | 14 | 11 | PreprocessorUndef | MULTILINE | N/A | -| pp.h:0:0:0:0 | pp.h | 16 | 1 | 17 | 8 | Include | "pp.h" | N/A | -| ppms.cpp:0:0:0:0 | ppms.cpp | 3 | 1 | 3 | 18 | TypeLibraryImport | "test.tlb" | N/A | -| test.tlh:0:0:0:0 | test.tlh | 1 | 1 | 1 | 12 | PreprocessorPragma | once | N/A | -| test.tlh:0:0:0:0 | test.tlh | 3 | 1 | 3 | 21 | PreprocessorWarning | type library | N/A | +| a.h:0:0:0:0 | a.h | 1 | 1 | 1 | 19 | GuardConditionImpl, IncludeNext | "a.h" | N/A | +| pp23.cpp:0:0:0:0 | pp23.cpp | 3 | 1 | 3 | 11 | GuardConditionImpl, Macro | BAR | | +| pp23.cpp:0:0:0:0 | pp23.cpp | 5 | 1 | 5 | 10 | GuardConditionImpl, PreprocessorIfdef | FOO | N/A | +| pp23.cpp:0:0:0:0 | pp23.cpp | 7 | 1 | 7 | 12 | GuardConditionImpl, PreprocessorElifdef | BAR | N/A | +| pp23.cpp:0:0:0:0 | pp23.cpp | 8 | 1 | 8 | 16 | GuardConditionImpl, PreprocessorWarning | C++23 2 | N/A | +| pp23.cpp:0:0:0:0 | pp23.cpp | 9 | 1 | 9 | 6 | GuardConditionImpl, PreprocessorEndif | N/A | N/A | +| pp23.cpp:0:0:0:0 | pp23.cpp | 11 | 1 | 11 | 10 | GuardConditionImpl, PreprocessorIfdef | FOO | N/A | +| pp23.cpp:0:0:0:0 | pp23.cpp | 13 | 1 | 13 | 13 | GuardConditionImpl, PreprocessorElifndef | FOO | N/A | +| pp23.cpp:0:0:0:0 | pp23.cpp | 14 | 1 | 14 | 16 | GuardConditionImpl, PreprocessorWarning | C++23 3 | N/A | +| pp23.cpp:0:0:0:0 | pp23.cpp | 15 | 1 | 15 | 6 | GuardConditionImpl, PreprocessorEndif | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 1 | 1 | 1 | 16 | GuardConditionImpl, PreprocessorIf | defined(FOO) | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 3 | 1 | 3 | 19 | GuardConditionImpl, PreprocessorElif | !defined(BAR) | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 4 | 1 | 4 | 11 | GuardConditionImpl, Macro | BAR | | +| pp.cpp:0:0:0:0 | pp.cpp | 5 | 1 | 5 | 17 | GuardConditionImpl, Macro | BAR_val | 1 | +| pp.cpp:0:0:0:0 | pp.cpp | 6 | 1 | 6 | 24 | GuardConditionImpl, Macro | BAR_fn() | BAR_val | +| pp.cpp:0:0:0:0 | pp.cpp | 7 | 1 | 7 | 5 | GuardConditionImpl, PreprocessorElse | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 9 | 1 | 9 | 6 | GuardConditionImpl, PreprocessorEndif | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 11 | 1 | 11 | 10 | GuardConditionImpl, PreprocessorUndef | BAR | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 12 | 1 | 12 | 68 | GuardConditionImpl, Macro | SCARY(a,aa,aaah) | (aa ) | +| pp.cpp:0:0:0:0 | pp.cpp | 13 | 1 | 13 | 63 | GuardConditionImpl, Macro | LOG(fmt,__VA_ARGS__...) | printf("Warning: %s", fmt, __VA__ARGS__) | +| pp.cpp:0:0:0:0 | pp.cpp | 14 | 1 | 14 | 15 | GuardConditionImpl, Include | "pp.h" | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 16 | 1 | 16 | 5 | GuardConditionImpl, PreprocessorIf | 0 | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 17 | 1 | 17 | 5 | GuardConditionImpl, PreprocessorElse | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 18 | 1 | 18 | 6 | GuardConditionImpl, PreprocessorEndif | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 20 | 1 | 20 | 5 | GuardConditionImpl, PreprocessorIf | 1 | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 21 | 1 | 21 | 5 | GuardConditionImpl, PreprocessorElse | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 22 | 1 | 22 | 6 | GuardConditionImpl, PreprocessorEndif | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 24 | 1 | 24 | 13 | GuardConditionImpl, Import | "a.h" | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 30 | 2 | 30 | 32 | GuardConditionImpl, Macro | MACRO_FUNCTIONCONTEXT | 1 | +| pp.cpp:0:0:0:0 | pp.cpp | 36 | 2 | 36 | 29 | GuardConditionImpl, Macro | MACRO_CLASSCONTEXT | 2 | +| pp.cpp:0:0:0:0 | pp.cpp | 42 | 2 | 42 | 40 | GuardConditionImpl, Macro | MACRO_TEMPLATEFUNCTIONCONTEXT | 3 | +| pp.cpp:0:0:0:0 | pp.cpp | 49 | 2 | 49 | 37 | GuardConditionImpl, Macro | MACRO_TEMPLATECLASSCONTEXT | 4 | +| pp.cpp:0:0:0:0 | pp.cpp | 50 | 2 | 50 | 48 | GuardConditionImpl, Macro | MACRO_TEMPLATECLASSCONTEXT_REFERENCED | 5 | +| pp.cpp:0:0:0:0 | pp.cpp | 54 | 3 | 54 | 39 | GuardConditionImpl, Macro | MACRO_TEMPLATEMETHODCONTEXT | 6 | +| pp.cpp:0:0:0:0 | pp.cpp | 57 | 1 | 57 | 21 | GuardConditionImpl, PreprocessorIfdef | INSTANTIATION | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 59 | 1 | 59 | 6 | GuardConditionImpl, PreprocessorElse | | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 60 | 3 | 60 | 21 | GuardConditionImpl, Macro | IN_TEMPLATE | | +| pp.cpp:0:0:0:0 | pp.cpp | 61 | 1 | 61 | 7 | GuardConditionImpl, PreprocessorEndif | | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 69 | 1 | 69 | 21 | GuardConditionImpl, Macro | INSTANTIATION | | +| pp.cpp:0:0:0:0 | pp.cpp | 72 | 1 | 72 | 11 | GuardConditionImpl, Macro | BAR | | +| pp.cpp:0:0:0:0 | pp.cpp | 74 | 1 | 75 | 14 | GuardConditionImpl, PreprocessorIf | defined(BAR) && defined(BAR) | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 76 | 1 | 76 | 20 | GuardConditionImpl, PreprocessorWarning | BAR defined | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 77 | 1 | 77 | 6 | GuardConditionImpl, PreprocessorEndif | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 79 | 1 | 80 | 26 | GuardConditionImpl, PreprocessorIf | defined MACROTHREE && (defined(MACROONE)) | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 81 | 1 | 81 | 6 | GuardConditionImpl, PreprocessorEndif | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 83 | 1 | 83 | 26 | GuardConditionImpl, PreprocessorIf | defined SIMPLE_COMMENT | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 85 | 1 | 85 | 6 | GuardConditionImpl, PreprocessorEndif | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 87 | 1 | 88 | 16 | GuardConditionImpl, PreprocessorIf | defined(FOO) && defined(BAR) | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 90 | 1 | 90 | 6 | GuardConditionImpl, PreprocessorEndif | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 92 | 1 | 94 | 17 | GuardConditionImpl, PreprocessorIf | defined(FOO) && defined(BAR) && !defined(BAZ) | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 96 | 1 | 96 | 6 | GuardConditionImpl, PreprocessorEndif | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 98 | 1 | 98 | 13 | GuardConditionImpl, Macro | FOO | 8 | +| pp.cpp:0:0:0:0 | pp.cpp | 99 | 1 | 99 | 13 | GuardConditionImpl, Macro | BAR | 2 | +| pp.cpp:0:0:0:0 | pp.cpp | 100 | 1 | 100 | 13 | GuardConditionImpl, Macro | BAZ | 4 | +| pp.cpp:0:0:0:0 | pp.cpp | 101 | 1 | 104 | 8 | GuardConditionImpl, PreprocessorIf | ((FOO / BAR) == 4) && ((BAZ * QUX) > 10) | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 106 | 1 | 106 | 6 | GuardConditionImpl, PreprocessorEndif | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 109 | 1 | 111 | 13 | GuardConditionImpl, PreprocessorIf | defined(FOO) && defined(BAR) && defined(BAZ) | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 112 | 1 | 112 | 29 | GuardConditionImpl, Macro | CONDITIONAL_MACRO_4 | 4 | +| pp.cpp:0:0:0:0 | pp.cpp | 113 | 1 | 113 | 6 | GuardConditionImpl, PreprocessorEndif | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 116 | 1 | 116 | 39 | GuardConditionImpl, PreprocessorIf | defined SIMPLE_COMMENT | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 118 | 1 | 118 | 6 | GuardConditionImpl, PreprocessorEndif | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 120 | 1 | 120 | 12 | GuardConditionImpl, PreprocessorWarning | foo | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 122 | 1 | 122 | 12 | GuardConditionImpl, PreprocessorWarning | foo | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 126 | 1 | 126 | 12 | GuardConditionImpl, PreprocessorWarning | foo | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 129 | 1 | 129 | 12 | GuardConditionImpl, PreprocessorWarning | foo | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 134 | 1 | 134 | 13 | GuardConditionImpl, Macro | FOO | 8 | +| pp.cpp:0:0:0:0 | pp.cpp | 135 | 1 | 135 | 13 | GuardConditionImpl, Macro | BAR | 2 | +| pp.cpp:0:0:0:0 | pp.cpp | 136 | 1 | 136 | 13 | GuardConditionImpl, Macro | BAZ | 4 | +| pp.cpp:0:0:0:0 | pp.cpp | 137 | 1 | 142 | 8 | GuardConditionImpl, PreprocessorIf | ((FOO / BAR) == 4) && ((BAZ * QUX) > 10) | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 144 | 1 | 144 | 6 | GuardConditionImpl, PreprocessorEndif | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 146 | 1 | 146 | 11 | GuardConditionImpl, Macro | X | 1 | +| pp.cpp:0:0:0:0 | pp.cpp | 147 | 1 | 147 | 11 | GuardConditionImpl, Macro | Y | 2 | +| pp.cpp:0:0:0:0 | pp.cpp | 148 | 1 | 149 | 36 | GuardConditionImpl, PreprocessorIf | defined(X) && defined(Y) | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 151 | 1 | 151 | 6 | GuardConditionImpl, PreprocessorEndif | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 153 | 1 | 157 | 3 | GuardConditionImpl, PreprocessorWarning | FOO BAR | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 160 | 1 | 160 | 12 | GuardConditionImpl, PreprocessorWarning | foo | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 166 | 1 | 166 | 22 | GuardConditionImpl, PreprocessorIf | A &&B | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 167 | 1 | 167 | 6 | GuardConditionImpl, PreprocessorEndif | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 170 | 1 | 170 | 20 | GuardConditionImpl, PreprocessorIf | A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 171 | 1 | 171 | 6 | GuardConditionImpl, PreprocessorEndif | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 173 | 1 | 175 | 6 | GuardConditionImpl, PreprocessorIf | A && B | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 176 | 1 | 176 | 6 | GuardConditionImpl, PreprocessorEndif | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 179 | 1 | 183 | 9 | GuardConditionImpl, PreprocessorIfdef | FOOBAR | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 185 | 1 | 185 | 5 | GuardConditionImpl, PreprocessorElse | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 186 | 1 | 186 | 10 | GuardConditionImpl, PreprocessorWarning | b | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 187 | 1 | 187 | 6 | GuardConditionImpl, PreprocessorEndif | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 190 | 1 | 194 | 9 | GuardConditionImpl, PreprocessorIf | FOOBAR | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 195 | 1 | 195 | 6 | GuardConditionImpl, PreprocessorEndif | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 197 | 1 | 197 | 18 | GuardConditionImpl, PreprocessorIf | A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 198 | 1 | 198 | 6 | GuardConditionImpl, PreprocessorEndif | N/A | N/A | +| pp.h:0:0:0:0 | pp.h | 1 | 1 | 1 | 12 | GuardConditionImpl, PreprocessorPragma | once | N/A | +| pp.h:0:0:0:0 | pp.h | 2 | 1 | 2 | 29 | GuardConditionImpl, PreprocessorWarning | "This should happen" | N/A | +| pp.h:0:0:0:0 | pp.h | 3 | 1 | 3 | 27 | GuardConditionImpl, PreprocessorLine | 33 "emerald_city.h" | N/A | +| pp.h:0:0:0:0 | pp.h | 4 | 1 | 4 | 30 | GuardConditionImpl, PreprocessorPragma | byte_order(big_endian) | N/A | +| pp.h:0:0:0:0 | pp.h | 5 | 1 | 5 | 33 | GuardConditionImpl, PreprocessorWarning | "Not in Kansas any more" | N/A | +| pp.h:0:0:0:0 | pp.h | 7 | 1 | 11 | 8 | GuardConditionImpl, Macro | MULTILINE | world a long | +| pp.h:0:0:0:0 | pp.h | 13 | 1 | 14 | 11 | GuardConditionImpl, PreprocessorUndef | MULTILINE | N/A | +| pp.h:0:0:0:0 | pp.h | 16 | 1 | 17 | 8 | GuardConditionImpl, Include | "pp.h" | N/A | +| ppms.cpp:0:0:0:0 | ppms.cpp | 3 | 1 | 3 | 18 | GuardConditionImpl, TypeLibraryImport | "test.tlb" | N/A | +| test.tlh:0:0:0:0 | test.tlh | 1 | 1 | 1 | 12 | GuardConditionImpl, PreprocessorPragma | once | N/A | +| test.tlh:0:0:0:0 | test.tlh | 3 | 1 | 3 | 21 | GuardConditionImpl, PreprocessorWarning | type library | N/A | diff --git a/cpp/ql/test/library-tests/typedefs/Typedefs2.expected b/cpp/ql/test/library-tests/typedefs/Typedefs2.expected index 8645ce97fcd..d83c74bb55e 100644 --- a/cpp/ql/test/library-tests/typedefs/Typedefs2.expected +++ b/cpp/ql/test/library-tests/typedefs/Typedefs2.expected @@ -1,2 +1,2 @@ -| typedefs.cpp:6:6:6:7 | f1 | typedefs.cpp:8:15:8:18 | TYPE | CTypedefType, LocalTypedefType | -| typedefs.cpp:6:6:6:7 | f1 | typedefs.cpp:9:9:9:9 | D | DirectAccessHolder, LocalClass, MetricClass, StructLikeClass | +| typedefs.cpp:6:6:6:7 | f1 | typedefs.cpp:8:15:8:18 | TYPE | CTypedefType, GuardConditionImpl, LocalTypedefType | +| typedefs.cpp:6:6:6:7 | f1 | typedefs.cpp:9:9:9:9 | D | DirectAccessHolder, GuardConditionImpl, LocalClass, MetricClass, StructLikeClass | diff --git a/cpp/ql/test/library-tests/types/__wchar_t/wchar_t.expected b/cpp/ql/test/library-tests/types/__wchar_t/wchar_t.expected index d4c429faf17..d7faa82d924 100644 --- a/cpp/ql/test/library-tests/types/__wchar_t/wchar_t.expected +++ b/cpp/ql/test/library-tests/types/__wchar_t/wchar_t.expected @@ -1,3 +1,3 @@ -| file://:0:0:0:0 | __wchar_t * | IteratorByPointer, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection, PointerType | Wchar_t, WideCharType | -| file://:0:0:0:0 | const __wchar_t | SpecifiedType | Wchar_t, WideCharType | -| file://:0:0:0:0 | wchar_t | Wchar_t, WideCharType | | +| file://:0:0:0:0 | __wchar_t * | GuardConditionImpl, IteratorByPointer, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection, PointerType | GuardConditionImpl, Wchar_t, WideCharType | +| file://:0:0:0:0 | const __wchar_t | GuardConditionImpl, SpecifiedType | GuardConditionImpl, Wchar_t, WideCharType | +| file://:0:0:0:0 | wchar_t | GuardConditionImpl, Wchar_t, WideCharType | | diff --git a/cpp/ql/test/library-tests/types/cstd_types/cstd_types_fastestminimumwidth.expected b/cpp/ql/test/library-tests/types/cstd_types/cstd_types_fastestminimumwidth.expected index 13fe25a4819..5eb5868fd8b 100644 --- a/cpp/ql/test/library-tests/types/cstd_types/cstd_types_fastestminimumwidth.expected +++ b/cpp/ql/test/library-tests/types/cstd_types/cstd_types_fastestminimumwidth.expected @@ -1,8 +1,8 @@ -| cstd_types.cpp:47:13:47:15 | if8 | CTypedefType, FastestMinimumWidthIntegralType, Int_fast8_t | -| cstd_types.cpp:48:14:48:17 | if16 | CTypedefType, FastestMinimumWidthIntegralType, Int_fast16_t | -| cstd_types.cpp:49:14:49:17 | if32 | CTypedefType, FastestMinimumWidthIntegralType, Int_fast32_t | -| cstd_types.cpp:50:14:50:17 | if64 | CTypedefType, FastestMinimumWidthIntegralType, Int_fast64_t | -| cstd_types.cpp:51:14:51:16 | uf8 | CTypedefType, FastestMinimumWidthIntegralType, UInt_fast8_t | -| cstd_types.cpp:52:15:52:18 | uf16 | CTypedefType, FastestMinimumWidthIntegralType, UInt_fast16_t | -| cstd_types.cpp:53:15:53:18 | uf32 | CTypedefType, FastestMinimumWidthIntegralType, UInt_fast32_t | -| cstd_types.cpp:54:15:54:18 | uf64 | CTypedefType, FastestMinimumWidthIntegralType, UInt_fast64_t | \ No newline at end of file +| cstd_types.cpp:47:13:47:15 | if8 | CTypedefType, FastestMinimumWidthIntegralType, GuardConditionImpl, Int_fast8_t | +| cstd_types.cpp:48:14:48:17 | if16 | CTypedefType, FastestMinimumWidthIntegralType, GuardConditionImpl, Int_fast16_t | +| cstd_types.cpp:49:14:49:17 | if32 | CTypedefType, FastestMinimumWidthIntegralType, GuardConditionImpl, Int_fast32_t | +| cstd_types.cpp:50:14:50:17 | if64 | CTypedefType, FastestMinimumWidthIntegralType, GuardConditionImpl, Int_fast64_t | +| cstd_types.cpp:51:14:51:16 | uf8 | CTypedefType, FastestMinimumWidthIntegralType, GuardConditionImpl, UInt_fast8_t | +| cstd_types.cpp:52:15:52:18 | uf16 | CTypedefType, FastestMinimumWidthIntegralType, GuardConditionImpl, UInt_fast16_t | +| cstd_types.cpp:53:15:53:18 | uf32 | CTypedefType, FastestMinimumWidthIntegralType, GuardConditionImpl, UInt_fast32_t | +| cstd_types.cpp:54:15:54:18 | uf64 | CTypedefType, FastestMinimumWidthIntegralType, GuardConditionImpl, UInt_fast64_t | diff --git a/cpp/ql/test/library-tests/types/cstd_types/cstd_types_fixedwidth.expected b/cpp/ql/test/library-tests/types/cstd_types/cstd_types_fixedwidth.expected index d1c64343636..efa8890d820 100644 --- a/cpp/ql/test/library-tests/types/cstd_types/cstd_types_fixedwidth.expected +++ b/cpp/ql/test/library-tests/types/cstd_types/cstd_types_fixedwidth.expected @@ -1,8 +1,8 @@ -| cstd_types.cpp:31:8:31:9 | i8 | CTypedefType, FixedWidthIntegralType, Int8_t | -| cstd_types.cpp:32:9:32:11 | i16 | CTypedefType, FixedWidthIntegralType, Int16_t | -| cstd_types.cpp:33:9:33:11 | i32 | CTypedefType, FixedWidthIntegralType, Int32_t | -| cstd_types.cpp:34:9:34:11 | i64 | CTypedefType, FixedWidthIntegralType, Int64_t | -| cstd_types.cpp:35:9:35:11 | ui8 | CTypedefType, FixedWidthIntegralType, UInt8_t | -| cstd_types.cpp:36:10:36:13 | ui16 | CTypedefType, FixedWidthIntegralType, UInt16_t | -| cstd_types.cpp:37:10:37:13 | ui32 | CTypedefType, FixedWidthIntegralType, UInt32_t | -| cstd_types.cpp:38:10:38:13 | ui64 | CTypedefType, FixedWidthIntegralType, UInt64_t | +| cstd_types.cpp:31:8:31:9 | i8 | CTypedefType, FixedWidthIntegralType, GuardConditionImpl, Int8_t | +| cstd_types.cpp:32:9:32:11 | i16 | CTypedefType, FixedWidthIntegralType, GuardConditionImpl, Int16_t | +| cstd_types.cpp:33:9:33:11 | i32 | CTypedefType, FixedWidthIntegralType, GuardConditionImpl, Int32_t | +| cstd_types.cpp:34:9:34:11 | i64 | CTypedefType, FixedWidthIntegralType, GuardConditionImpl, Int64_t | +| cstd_types.cpp:35:9:35:11 | ui8 | CTypedefType, FixedWidthIntegralType, GuardConditionImpl, UInt8_t | +| cstd_types.cpp:36:10:36:13 | ui16 | CTypedefType, FixedWidthIntegralType, GuardConditionImpl, UInt16_t | +| cstd_types.cpp:37:10:37:13 | ui32 | CTypedefType, FixedWidthIntegralType, GuardConditionImpl, UInt32_t | +| cstd_types.cpp:38:10:38:13 | ui64 | CTypedefType, FixedWidthIntegralType, GuardConditionImpl, UInt64_t | diff --git a/cpp/ql/test/library-tests/types/cstd_types/cstd_types_fixedwidthenum.expected b/cpp/ql/test/library-tests/types/cstd_types/cstd_types_fixedwidthenum.expected index d9884b22b00..89428e7a6ec 100644 --- a/cpp/ql/test/library-tests/types/cstd_types/cstd_types_fixedwidthenum.expected +++ b/cpp/ql/test/library-tests/types/cstd_types/cstd_types_fixedwidthenum.expected @@ -1,2 +1,2 @@ -| cstd_types.cpp:74:4:74:6 | _e0 | Enum, FixedWidthEnumType | -| cstd_types.cpp:75:4:75:6 | _e1 | FixedWidthEnumType, ScopedEnum | +| cstd_types.cpp:74:4:74:6 | _e0 | Enum, FixedWidthEnumType, GuardConditionImpl | +| cstd_types.cpp:75:4:75:6 | _e1 | FixedWidthEnumType, GuardConditionImpl, ScopedEnum | diff --git a/cpp/ql/test/library-tests/types/cstd_types/cstd_types_maximumwidth.expected b/cpp/ql/test/library-tests/types/cstd_types/cstd_types_maximumwidth.expected index 0bf7779fcaf..b57ca4fb936 100644 --- a/cpp/ql/test/library-tests/types/cstd_types/cstd_types_maximumwidth.expected +++ b/cpp/ql/test/library-tests/types/cstd_types/cstd_types_maximumwidth.expected @@ -1,2 +1,2 @@ -| cstd_types.cpp:55:10:55:11 | im | CTypedefType, Intmax_t, MaximumWidthIntegralType | -| cstd_types.cpp:56:11:56:13 | uim | CTypedefType, MaximumWidthIntegralType, Uintmax_t | +| cstd_types.cpp:55:10:55:11 | im | CTypedefType, GuardConditionImpl, Intmax_t, MaximumWidthIntegralType | +| cstd_types.cpp:56:11:56:13 | uim | CTypedefType, GuardConditionImpl, MaximumWidthIntegralType, Uintmax_t | diff --git a/cpp/ql/test/library-tests/types/cstd_types/cstd_types_minimumwidth.expected b/cpp/ql/test/library-tests/types/cstd_types/cstd_types_minimumwidth.expected index 2984f07be8c..6aea5947473 100644 --- a/cpp/ql/test/library-tests/types/cstd_types/cstd_types_minimumwidth.expected +++ b/cpp/ql/test/library-tests/types/cstd_types/cstd_types_minimumwidth.expected @@ -1,8 +1,8 @@ -| cstd_types.cpp:39:15:39:16 | l8 | CTypedefType, Int_least8_t, MinimumWidthIntegralType | -| cstd_types.cpp:40:15:40:17 | l16 | CTypedefType, Int_least16_t, MinimumWidthIntegralType | -| cstd_types.cpp:41:15:41:17 | l32 | CTypedefType, Int_least32_t, MinimumWidthIntegralType | -| cstd_types.cpp:42:15:42:17 | l64 | CTypedefType, Int_least64_t, MinimumWidthIntegralType | -| cstd_types.cpp:43:15:43:17 | ul8 | CTypedefType, MinimumWidthIntegralType, UInt_least8_t | -| cstd_types.cpp:44:16:44:19 | ul16 | CTypedefType, MinimumWidthIntegralType, UInt_least16_t | -| cstd_types.cpp:45:16:45:19 | ul32 | CTypedefType, MinimumWidthIntegralType, UInt_least32_t | -| cstd_types.cpp:46:16:46:19 | ul64 | CTypedefType, MinimumWidthIntegralType, UInt_least64_t | +| cstd_types.cpp:39:15:39:16 | l8 | CTypedefType, GuardConditionImpl, Int_least8_t, MinimumWidthIntegralType | +| cstd_types.cpp:40:15:40:17 | l16 | CTypedefType, GuardConditionImpl, Int_least16_t, MinimumWidthIntegralType | +| cstd_types.cpp:41:15:41:17 | l32 | CTypedefType, GuardConditionImpl, Int_least32_t, MinimumWidthIntegralType | +| cstd_types.cpp:42:15:42:17 | l64 | CTypedefType, GuardConditionImpl, Int_least64_t, MinimumWidthIntegralType | +| cstd_types.cpp:43:15:43:17 | ul8 | CTypedefType, GuardConditionImpl, MinimumWidthIntegralType, UInt_least8_t | +| cstd_types.cpp:44:16:44:19 | ul16 | CTypedefType, GuardConditionImpl, MinimumWidthIntegralType, UInt_least16_t | +| cstd_types.cpp:45:16:45:19 | ul32 | CTypedefType, GuardConditionImpl, MinimumWidthIntegralType, UInt_least32_t | +| cstd_types.cpp:46:16:46:19 | ul64 | CTypedefType, GuardConditionImpl, MinimumWidthIntegralType, UInt_least64_t | diff --git a/cpp/ql/test/library-tests/types/integral_types_ms/vars.expected b/cpp/ql/test/library-tests/types/integral_types_ms/vars.expected index d2aac7454fd..1f168f7f942 100644 --- a/cpp/ql/test/library-tests/types/integral_types_ms/vars.expected +++ b/cpp/ql/test/library-tests/types/integral_types_ms/vars.expected @@ -1,4 +1,4 @@ -| integral_types.cpp:2:8:2:9 | i8 | file://:0:0:0:0 | char | MicrosoftInt8Type, PlainCharType | -| integral_types.cpp:3:9:3:11 | i16 | file://:0:0:0:0 | short | MicrosoftInt16Type, ShortType | -| integral_types.cpp:4:9:4:11 | i32 | file://:0:0:0:0 | int | IntType, MicrosoftInt32Type | -| integral_types.cpp:5:9:5:11 | i64 | file://:0:0:0:0 | long long | LongLongType, MicrosoftInt64Type | +| integral_types.cpp:2:8:2:9 | i8 | file://:0:0:0:0 | char | GuardConditionImpl, MicrosoftInt8Type, PlainCharType | +| integral_types.cpp:3:9:3:11 | i16 | file://:0:0:0:0 | short | GuardConditionImpl, MicrosoftInt16Type, ShortType | +| integral_types.cpp:4:9:4:11 | i32 | file://:0:0:0:0 | int | GuardConditionImpl, IntType, MicrosoftInt32Type | +| integral_types.cpp:5:9:5:11 | i64 | file://:0:0:0:0 | long long | GuardConditionImpl, LongLongType, MicrosoftInt64Type | diff --git a/cpp/ql/test/library-tests/types/wchar_t_typedef/wchar_t.expected b/cpp/ql/test/library-tests/types/wchar_t_typedef/wchar_t.expected index cebaff30994..c823ed839d3 100644 --- a/cpp/ql/test/library-tests/types/wchar_t_typedef/wchar_t.expected +++ b/cpp/ql/test/library-tests/types/wchar_t_typedef/wchar_t.expected @@ -1,3 +1,3 @@ -| file://:0:0:0:0 | wchar_t | Wchar_t, WideCharType | | -| file://:0:0:0:0 | wchar_t * | IteratorByPointer, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection, PointerType | CTypedefType, Wchar_t | -| ms.c:2:24:2:30 | wchar_t | CTypedefType, Wchar_t | | +| file://:0:0:0:0 | wchar_t | GuardConditionImpl, Wchar_t, WideCharType | | +| file://:0:0:0:0 | wchar_t * | GuardConditionImpl, IteratorByPointer, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection, PointerType | CTypedefType, GuardConditionImpl, Wchar_t | +| ms.c:2:24:2:30 | wchar_t | CTypedefType, GuardConditionImpl, Wchar_t | | diff --git a/cpp/ql/test/library-tests/variables/variables/types.expected b/cpp/ql/test/library-tests/variables/variables/types.expected index c2ea5f7cfe3..5d8cec1cff8 100644 --- a/cpp/ql/test/library-tests/variables/variables/types.expected +++ b/cpp/ql/test/library-tests/variables/variables/types.expected @@ -1,108 +1,108 @@ -| ..()(..) | RoutineType | | | | | -| ..(*)(..) | FunctionPointerType | | ..()(..) | | | -| _Complex _Float16 | BinaryFloatingPointType, ComplexNumberType | | | | | -| _Complex _Float32 | BinaryFloatingPointType, ComplexNumberType | | | | | -| _Complex _Float32x | BinaryFloatingPointType, ComplexNumberType | | | | | -| _Complex _Float64 | BinaryFloatingPointType, ComplexNumberType | | | | | -| _Complex _Float64x | BinaryFloatingPointType, ComplexNumberType | | | | | -| _Complex _Float128 | BinaryFloatingPointType, ComplexNumberType | | | | | -| _Complex __bf16 | BinaryFloatingPointType, ComplexNumberType | | | | | -| _Complex __float128 | BinaryFloatingPointType, ComplexNumberType | | | | | -| _Complex __fp16 | BinaryFloatingPointType, ComplexNumberType | | | | | -| _Complex double | BinaryFloatingPointType, ComplexNumberType | | | | | -| _Complex float | BinaryFloatingPointType, ComplexNumberType | | | | | -| _Complex long double | BinaryFloatingPointType, ComplexNumberType | | | | | -| _Complex std::float16_t | BinaryFloatingPointType, ComplexNumberType | | | | | -| _Decimal32 | Decimal32Type | | | | | -| _Decimal64 | Decimal64Type | | | | | -| _Decimal128 | Decimal128Type | | | | | -| _Float16 | BinaryFloatingPointType, RealNumberType | | | | | -| _Float32 | BinaryFloatingPointType, RealNumberType | | | | | -| _Float32x | BinaryFloatingPointType, RealNumberType | | | | | -| _Float64 | BinaryFloatingPointType, RealNumberType | | | | | -| _Float64x | BinaryFloatingPointType, RealNumberType | | | | | -| _Float128 | BinaryFloatingPointType, RealNumberType | | | | | -| _Imaginary double | BinaryFloatingPointType, ImaginaryNumberType | | | | | -| _Imaginary float | BinaryFloatingPointType, ImaginaryNumberType | | | | | -| _Imaginary long double | BinaryFloatingPointType, ImaginaryNumberType | | | | | -| __SVCount_t | ScalableVectorCount | | | | | -| __bf16 | BinaryFloatingPointType, RealNumberType | | | | | -| __float128 | Float128Type | | | | | -| __fp16 | BinaryFloatingPointType, RealNumberType | | | | | -| __int128 | Int128Type | | | | | -| __mfp8 | BinaryFloatingPointType, RealNumberType | | | | | -| __va_list_tag | DirectAccessHolder, MetricClass, Struct, StructLikeClass | | | | | -| __va_list_tag & | LValueReferenceType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | | __va_list_tag | | | -| __va_list_tag && | PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection, RValueReferenceType | | __va_list_tag | | | -| address | DirectAccessHolder, MetricClass, Struct, StructLikeClass | | | | | -| address & | LValueReferenceType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | | address | | | -| address && | PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection, RValueReferenceType | | address | | | -| auto | AutoType | | | | | -| bool | BoolType | | | | | -| char | MicrosoftInt8Type, PlainCharType | | | | | -| char8_t | Char8Type | | | | | -| char16_t | Char16Type | | | | | -| char32_t | Char32Type | | | | | -| char * | CharPointerType, IteratorByPointer, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | | char | | | -| char *[3] | ArrayType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | char * | char * | | | -| char *[32] | ArrayType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | char * | char * | | | -| char *[] | ArrayType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | char * | char * | | | -| char[2] | ArrayType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | char | char | | | -| char[3] | ArrayType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | char | char | | | -| char[5] | ArrayType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | char | char | | | -| char[6] | ArrayType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | char | char | | | -| char[8] | ArrayType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | char | char | | | -| char[9] | ArrayType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | char | char | | | -| char[10] | ArrayType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | char | char | | | -| char[53] | ArrayType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | char | char | | | -| char[] | ArrayType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | char | char | | | -| const __va_list_tag | SpecifiedType | | __va_list_tag | | | -| const __va_list_tag & | LValueReferenceType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | | const __va_list_tag | | | -| const address | SpecifiedType | | address | | | -| const address & | LValueReferenceType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | | const address | | | -| const char | SpecifiedType | | char | | | -| const char * | IteratorByPointer, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection, PointerType | | const char | | | -| const char *[3] | ArrayType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | const char * | const char * | | | -| const char *[] | ArrayType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | const char * | const char * | | | -| const char[5] | ArrayType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | const char | const char | | | -| const char[6] | ArrayType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | const char | const char | | | -| const char[8] | ArrayType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | const char | const char | | | -| const char[9] | ArrayType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | const char | const char | | | -| const char[10] | ArrayType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | const char | const char | | | -| const char[53] | ArrayType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | const char | const char | | | -| const double | SpecifiedType | | double | | | -| const int | SpecifiedType | | int | | | -| decltype(nullptr) | NullPointerType | | | | | -| double | DoubleType | | | | | -| error | ErroneousType | | | | | -| float | FloatType | | | | | -| float[3] | ArrayType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | float | float | | | -| int | IntType, MicrosoftInt32Type | | | | | -| int * | IntPointerType, IteratorByPointer, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | | int | | | -| int[4] | ArrayType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | int | int | | | -| int[8] | ArrayType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | int | int | | | -| int[10] | ArrayType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | int | int | | | -| int[10][20] | ArrayType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | int[20] | int[20] | | | -| int[20] | ArrayType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | int | int | | | -| int[] | ArrayType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | int | int | | | -| long | LongType | | | | | -| long double | LongDoubleType | | | | | -| long long | LongLongType, MicrosoftInt64Type | | | | | -| short | MicrosoftInt16Type, ShortType | | | | | -| signed __int128 | Int128Type | | | | | -| signed char | SignedCharType | | | | | -| signed int | IntType | | | | | -| signed long | LongType | | | | | -| signed long long | LongLongType | | | | | -| signed short | ShortType | | | | | -| std::float16_t | BinaryFloatingPointType, RealNumberType | | | | | -| unknown | UnknownType | | | | | -| unsigned __int128 | Int128Type | | | | unsigned integral | -| unsigned char | UnsignedCharType | | | | unsigned integral | -| unsigned int | IntType | | | unsigned int | unsigned integral | -| unsigned long | LongType | | | | unsigned integral | -| unsigned long long | LongLongType | | | | unsigned integral | -| unsigned short | ShortType | | | | unsigned integral | -| void | VoidType | | | | | -| void * | IteratorByPointer, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection, VoidPointerType | | void | | | -| wchar_t | Wchar_t, WideCharType | | | | | +| ..()(..) | GuardConditionImpl, RoutineType | | | | | +| ..(*)(..) | FunctionPointerType, GuardConditionImpl | | ..()(..) | | | +| _Complex _Float16 | BinaryFloatingPointType, ComplexNumberType, GuardConditionImpl | | | | | +| _Complex _Float32 | BinaryFloatingPointType, ComplexNumberType, GuardConditionImpl | | | | | +| _Complex _Float32x | BinaryFloatingPointType, ComplexNumberType, GuardConditionImpl | | | | | +| _Complex _Float64 | BinaryFloatingPointType, ComplexNumberType, GuardConditionImpl | | | | | +| _Complex _Float64x | BinaryFloatingPointType, ComplexNumberType, GuardConditionImpl | | | | | +| _Complex _Float128 | BinaryFloatingPointType, ComplexNumberType, GuardConditionImpl | | | | | +| _Complex __bf16 | BinaryFloatingPointType, ComplexNumberType, GuardConditionImpl | | | | | +| _Complex __float128 | BinaryFloatingPointType, ComplexNumberType, GuardConditionImpl | | | | | +| _Complex __fp16 | BinaryFloatingPointType, ComplexNumberType, GuardConditionImpl | | | | | +| _Complex double | BinaryFloatingPointType, ComplexNumberType, GuardConditionImpl | | | | | +| _Complex float | BinaryFloatingPointType, ComplexNumberType, GuardConditionImpl | | | | | +| _Complex long double | BinaryFloatingPointType, ComplexNumberType, GuardConditionImpl | | | | | +| _Complex std::float16_t | BinaryFloatingPointType, ComplexNumberType, GuardConditionImpl | | | | | +| _Decimal32 | Decimal32Type, GuardConditionImpl | | | | | +| _Decimal64 | Decimal64Type, GuardConditionImpl | | | | | +| _Decimal128 | Decimal128Type, GuardConditionImpl | | | | | +| _Float16 | BinaryFloatingPointType, GuardConditionImpl, RealNumberType | | | | | +| _Float32 | BinaryFloatingPointType, GuardConditionImpl, RealNumberType | | | | | +| _Float32x | BinaryFloatingPointType, GuardConditionImpl, RealNumberType | | | | | +| _Float64 | BinaryFloatingPointType, GuardConditionImpl, RealNumberType | | | | | +| _Float64x | BinaryFloatingPointType, GuardConditionImpl, RealNumberType | | | | | +| _Float128 | BinaryFloatingPointType, GuardConditionImpl, RealNumberType | | | | | +| _Imaginary double | BinaryFloatingPointType, GuardConditionImpl, ImaginaryNumberType | | | | | +| _Imaginary float | BinaryFloatingPointType, GuardConditionImpl, ImaginaryNumberType | | | | | +| _Imaginary long double | BinaryFloatingPointType, GuardConditionImpl, ImaginaryNumberType | | | | | +| __SVCount_t | GuardConditionImpl, ScalableVectorCount | | | | | +| __bf16 | BinaryFloatingPointType, GuardConditionImpl, RealNumberType | | | | | +| __float128 | Float128Type, GuardConditionImpl | | | | | +| __fp16 | BinaryFloatingPointType, GuardConditionImpl, RealNumberType | | | | | +| __int128 | GuardConditionImpl, Int128Type | | | | | +| __mfp8 | BinaryFloatingPointType, GuardConditionImpl, RealNumberType | | | | | +| __va_list_tag | DirectAccessHolder, GuardConditionImpl, MetricClass, Struct, StructLikeClass | | | | | +| __va_list_tag & | GuardConditionImpl, LValueReferenceType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | | __va_list_tag | | | +| __va_list_tag && | GuardConditionImpl, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection, RValueReferenceType | | __va_list_tag | | | +| address | DirectAccessHolder, GuardConditionImpl, MetricClass, Struct, StructLikeClass | | | | | +| address & | GuardConditionImpl, LValueReferenceType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | | address | | | +| address && | GuardConditionImpl, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection, RValueReferenceType | | address | | | +| auto | AutoType, GuardConditionImpl | | | | | +| bool | BoolType, GuardConditionImpl | | | | | +| char | GuardConditionImpl, MicrosoftInt8Type, PlainCharType | | | | | +| char8_t | Char8Type, GuardConditionImpl | | | | | +| char16_t | Char16Type, GuardConditionImpl | | | | | +| char32_t | Char32Type, GuardConditionImpl | | | | | +| char * | CharPointerType, GuardConditionImpl, IteratorByPointer, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | | char | | | +| char *[3] | ArrayType, GuardConditionImpl, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | char * | char * | | | +| char *[32] | ArrayType, GuardConditionImpl, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | char * | char * | | | +| char *[] | ArrayType, GuardConditionImpl, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | char * | char * | | | +| char[2] | ArrayType, GuardConditionImpl, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | char | char | | | +| char[3] | ArrayType, GuardConditionImpl, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | char | char | | | +| char[5] | ArrayType, GuardConditionImpl, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | char | char | | | +| char[6] | ArrayType, GuardConditionImpl, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | char | char | | | +| char[8] | ArrayType, GuardConditionImpl, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | char | char | | | +| char[9] | ArrayType, GuardConditionImpl, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | char | char | | | +| char[10] | ArrayType, GuardConditionImpl, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | char | char | | | +| char[53] | ArrayType, GuardConditionImpl, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | char | char | | | +| char[] | ArrayType, GuardConditionImpl, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | char | char | | | +| const __va_list_tag | GuardConditionImpl, SpecifiedType | | __va_list_tag | | | +| const __va_list_tag & | GuardConditionImpl, LValueReferenceType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | | const __va_list_tag | | | +| const address | GuardConditionImpl, SpecifiedType | | address | | | +| const address & | GuardConditionImpl, LValueReferenceType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | | const address | | | +| const char | GuardConditionImpl, SpecifiedType | | char | | | +| const char * | GuardConditionImpl, IteratorByPointer, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection, PointerType | | const char | | | +| const char *[3] | ArrayType, GuardConditionImpl, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | const char * | const char * | | | +| const char *[] | ArrayType, GuardConditionImpl, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | const char * | const char * | | | +| const char[5] | ArrayType, GuardConditionImpl, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | const char | const char | | | +| const char[6] | ArrayType, GuardConditionImpl, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | const char | const char | | | +| const char[8] | ArrayType, GuardConditionImpl, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | const char | const char | | | +| const char[9] | ArrayType, GuardConditionImpl, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | const char | const char | | | +| const char[10] | ArrayType, GuardConditionImpl, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | const char | const char | | | +| const char[53] | ArrayType, GuardConditionImpl, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | const char | const char | | | +| const double | GuardConditionImpl, SpecifiedType | | double | | | +| const int | GuardConditionImpl, SpecifiedType | | int | | | +| decltype(nullptr) | GuardConditionImpl, NullPointerType | | | | | +| double | DoubleType, GuardConditionImpl | | | | | +| error | ErroneousType, GuardConditionImpl | | | | | +| float | FloatType, GuardConditionImpl | | | | | +| float[3] | ArrayType, GuardConditionImpl, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | float | float | | | +| int | GuardConditionImpl, IntType, MicrosoftInt32Type | | | | | +| int * | GuardConditionImpl, IntPointerType, IteratorByPointer, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | | int | | | +| int[4] | ArrayType, GuardConditionImpl, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | int | int | | | +| int[8] | ArrayType, GuardConditionImpl, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | int | int | | | +| int[10] | ArrayType, GuardConditionImpl, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | int | int | | | +| int[10][20] | ArrayType, GuardConditionImpl, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | int[20] | int[20] | | | +| int[20] | ArrayType, GuardConditionImpl, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | int | int | | | +| int[] | ArrayType, GuardConditionImpl, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | int | int | | | +| long | GuardConditionImpl, LongType | | | | | +| long double | GuardConditionImpl, LongDoubleType | | | | | +| long long | GuardConditionImpl, LongLongType, MicrosoftInt64Type | | | | | +| short | GuardConditionImpl, MicrosoftInt16Type, ShortType | | | | | +| signed __int128 | GuardConditionImpl, Int128Type | | | | | +| signed char | GuardConditionImpl, SignedCharType | | | | | +| signed int | GuardConditionImpl, IntType | | | | | +| signed long | GuardConditionImpl, LongType | | | | | +| signed long long | GuardConditionImpl, LongLongType | | | | | +| signed short | GuardConditionImpl, ShortType | | | | | +| std::float16_t | BinaryFloatingPointType, GuardConditionImpl, RealNumberType | | | | | +| unknown | GuardConditionImpl, UnknownType | | | | | +| unsigned __int128 | GuardConditionImpl, Int128Type | | | | unsigned integral | +| unsigned char | GuardConditionImpl, UnsignedCharType | | | | unsigned integral | +| unsigned int | GuardConditionImpl, IntType | | | unsigned int | unsigned integral | +| unsigned long | GuardConditionImpl, LongType | | | | unsigned integral | +| unsigned long long | GuardConditionImpl, LongLongType | | | | unsigned integral | +| unsigned short | GuardConditionImpl, ShortType | | | | unsigned integral | +| void | GuardConditionImpl, VoidType | | | | | +| void * | GuardConditionImpl, IteratorByPointer, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection, VoidPointerType | | void | | | +| wchar_t | GuardConditionImpl, Wchar_t, WideCharType | | | | | diff --git a/cpp/ql/test/query-tests/Critical/MissingCheckScanf/IncorrectCheckScanf.expected b/cpp/ql/test/query-tests/Critical/MissingCheckScanf/IncorrectCheckScanf.expected index c0ed43fee9b..1591a287d9f 100644 --- a/cpp/ql/test/query-tests/Critical/MissingCheckScanf/IncorrectCheckScanf.expected +++ b/cpp/ql/test/query-tests/Critical/MissingCheckScanf/IncorrectCheckScanf.expected @@ -1,5 +1,6 @@ | test.cpp:162:7:162:11 | call to scanf | The result of scanf is only checked against 0, but it can also return EOF. | | test.cpp:171:7:171:11 | call to scanf | The result of scanf is only checked against 0, but it can also return EOF. | +| test.cpp:193:7:193:11 | call to scanf | The result of scanf is only checked against 0, but it can also return EOF. | | test.cpp:204:7:204:11 | call to scanf | The result of scanf is only checked against 0, but it can also return EOF. | | test.cpp:436:7:436:11 | call to scanf | The result of scanf is only checked against 0, but it can also return EOF. | | test.cpp:443:11:443:15 | call to scanf | The result of scanf is only checked against 0, but it can also return EOF. | diff --git a/cpp/ql/test/query-tests/Critical/MissingCheckScanf/MissingCheckScanf.expected b/cpp/ql/test/query-tests/Critical/MissingCheckScanf/MissingCheckScanf.expected index 6dfe60dcb8c..9b7564b9123 100644 --- a/cpp/ql/test/query-tests/Critical/MissingCheckScanf/MissingCheckScanf.expected +++ b/cpp/ql/test/query-tests/Critical/MissingCheckScanf/MissingCheckScanf.expected @@ -15,7 +15,6 @@ edges | test.cpp:141:19:141:20 | scanf output argument | test.cpp:143:8:143:8 | i | provenance | | | test.cpp:150:23:150:24 | scanf output argument | test.cpp:154:9:154:9 | i | provenance | | | test.cpp:181:19:181:20 | scanf output argument | test.cpp:185:8:185:8 | i | provenance | | -| test.cpp:193:19:193:20 | scanf output argument | test.cpp:197:8:197:8 | i | provenance | | | test.cpp:211:22:211:23 | scanf output argument | test.cpp:213:8:213:8 | i | provenance | | | test.cpp:221:22:221:23 | scanf output argument | test.cpp:223:8:223:8 | i | provenance | | | test.cpp:221:26:221:27 | scanf output argument | test.cpp:224:8:224:8 | j | provenance | | @@ -89,8 +88,6 @@ nodes | test.cpp:154:9:154:9 | i | semmle.label | i | | test.cpp:181:19:181:20 | scanf output argument | semmle.label | scanf output argument | | test.cpp:185:8:185:8 | i | semmle.label | i | -| test.cpp:193:19:193:20 | scanf output argument | semmle.label | scanf output argument | -| test.cpp:197:8:197:8 | i | semmle.label | i | | test.cpp:211:22:211:23 | scanf output argument | semmle.label | scanf output argument | | test.cpp:213:8:213:8 | i | semmle.label | i | | test.cpp:221:22:221:23 | scanf output argument | semmle.label | scanf output argument | diff --git a/cpp/ql/test/query-tests/Critical/MissingCheckScanf/test.cpp b/cpp/ql/test/query-tests/Critical/MissingCheckScanf/test.cpp index 92f5d10ddd9..346cf607977 100644 --- a/cpp/ql/test/query-tests/Critical/MissingCheckScanf/test.cpp +++ b/cpp/ql/test/query-tests/Critical/MissingCheckScanf/test.cpp @@ -194,7 +194,7 @@ int main() if (b >= 1) { - use(i); // BAD [NOT DETECTED]: scanf can return EOF (boolifies true) + use(i); // BAD: scanf can return EOF (boolifies true) } } diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Accessor.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Accessor.cs index 66e45387d87..fe01e0f9b58 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Accessor.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Accessor.cs @@ -63,8 +63,10 @@ namespace Semmle.Extraction.CSharp.Entities trapFile.accessors(this, kind, Symbol.Name, parent, unboundAccessor); - foreach (var l in Locations) - trapFile.accessor_location(this, l); + if (Context.ExtractLocation(Symbol)) + { + WriteLocationsToTrap(trapFile.accessor_location, this, Locations); + } Overrides(trapFile); diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Attribute.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Attribute.cs index e4799c05507..0e1b756a37c 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Attribute.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Attribute.cs @@ -59,11 +59,11 @@ namespace Semmle.Extraction.CSharp.Entities { var type = Type.Create(Context, Symbol.AttributeClass); trapFile.attributes(this, kind, type.TypeRef, entity); - trapFile.attribute_location(this, Location); + WriteLocationToTrap(trapFile.attribute_location, this, Location); if (attributeSyntax is not null) { - trapFile.attribute_location(this, Assembly.CreateOutputAssembly(Context)); + WriteLocationToTrap(trapFile.attribute_location, this, Assembly.CreateOutputAssembly(Context)); TypeMention.Create(Context, attributeSyntax.Name, this, type); } diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Base/CachedEntity.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Base/CachedEntity.cs index 96bef973211..2002fe0f1d7 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Base/CachedEntity.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Base/CachedEntity.cs @@ -1,3 +1,5 @@ +using System; +using System.Collections.Generic; using System.Diagnostics.CodeAnalysis; using System.IO; using Microsoft.CodeAnalysis; @@ -52,6 +54,22 @@ namespace Semmle.Extraction.CSharp.Entities } } + protected static void WriteLocationToTrap(Action writeAction, T1 entity, Location l) + { + if (l is not EmptyLocation) + { + writeAction(entity, l); + } + } + + protected static void WriteLocationsToTrap(Action writeAction, T1 entity, IEnumerable locations) + { + foreach (var loc in locations) + { + WriteLocationToTrap(writeAction, entity, loc); + } + } + public override bool NeedsPopulation { get; } public override int GetHashCode() => Symbol is null ? 0 : Symbol.GetHashCode(); diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Base/CachedSymbol.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Base/CachedSymbol.cs index c39eb6076b5..92861e97fdd 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Base/CachedSymbol.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Base/CachedSymbol.cs @@ -1,3 +1,4 @@ +using System; using System.Collections.Generic; using System.IO; using System.Linq; diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/CommentBlock.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/CommentBlock.cs index 3c4cdcffc0e..4e63f5535aa 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/CommentBlock.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/CommentBlock.cs @@ -11,7 +11,7 @@ namespace Semmle.Extraction.CSharp.Entities public override void Populate(TextWriter trapFile) { trapFile.commentblock(this); - trapFile.commentblock_location(this, Context.CreateLocation(Symbol.Location)); + WriteLocationToTrap(trapFile.commentblock_location, this, Context.CreateLocation(Symbol.Location)); Symbol.CommentLines.ForEach((l, child) => trapFile.commentblock_child(this, l, child)); } diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/CommentLine.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/CommentLine.cs index 7638eefce12..13cd002da79 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/CommentLine.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/CommentLine.cs @@ -23,7 +23,7 @@ namespace Semmle.Extraction.CSharp.Entities { location = Context.CreateLocation(Location); trapFile.commentline(this, Type == CommentLineType.MultilineContinuation ? CommentLineType.Multiline : Type, Text, RawText); - trapFile.commentline_location(this, location); + WriteLocationToTrap(trapFile.commentline_location, this, location); } public override Microsoft.CodeAnalysis.Location? ReportingLocation => location?.Symbol; diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Constructor.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Constructor.cs index c3ce2bb6d29..4fa035446ef 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Constructor.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Constructor.cs @@ -29,7 +29,7 @@ namespace Semmle.Extraction.CSharp.Entities ContainingType!.PopulateGenerics(); trapFile.constructors(this, Symbol.ContainingType.Name, ContainingType, (Constructor)OriginalDefinition); - trapFile.constructor_location(this, Location); + WriteLocationToTrap(trapFile.constructor_location, this, Location); if (MakeSynthetic) { @@ -222,7 +222,8 @@ namespace Semmle.Extraction.CSharp.Entities if (Symbol.IsImplicitlyDeclared) { - return ContainingType!.ReportingLocation; + var best = Symbol.Locations.Where(l => l.IsInSource).BestOrDefault(); + return best ?? ContainingType!.ReportingLocation; } return Symbol.ContainingType.Locations.FirstOrDefault(); diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Destructor.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Destructor.cs index b6a9c8e8f1b..3d07c7d42de 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Destructor.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Destructor.cs @@ -15,7 +15,7 @@ namespace Semmle.Extraction.CSharp.Entities ContainingType!.PopulateGenerics(); trapFile.destructors(this, $"~{Symbol.ContainingType.Name}", ContainingType, OriginalDefinition(Context, this, Symbol)); - trapFile.destructor_location(this, Location); + WriteLocationToTrap(trapFile.destructor_location, this, Location); } private static new Destructor OriginalDefinition(Context cx, Destructor original, IMethodSymbol symbol) diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Event.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Event.cs index 888e1ba7304..8828639820b 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Event.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Event.cs @@ -51,8 +51,10 @@ namespace Semmle.Extraction.CSharp.Entities TypeMention.Create(Context, syntax.ExplicitInterfaceSpecifier!.Name, this, explicitInterface); } - foreach (var l in Locations) - trapFile.event_location(this, l); + if (Context.ExtractLocation(Symbol)) + { + WriteLocationsToTrap(trapFile.event_location, this, Locations); + } foreach (var syntaxType in declSyntaxReferences .OfType() diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/EventAccessor.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/EventAccessor.cs index 1df6be7a273..254e7c76956 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/EventAccessor.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/EventAccessor.cs @@ -48,8 +48,10 @@ namespace Semmle.Extraction.CSharp.Entities trapFile.event_accessors(this, kind, Symbol.Name, parent, unboundAccessor); - foreach (var l in Locations) - trapFile.event_accessor_location(this, l); + if (Context.ExtractLocation(Symbol)) + { + WriteLocationsToTrap(trapFile.event_accessor_location, this, Locations); + } Overrides(trapFile); diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expression.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expression.cs index a5cb6e316f4..93107fc6dab 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expression.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expression.cs @@ -40,6 +40,7 @@ namespace Semmle.Extraction.CSharp.Entities trapFile.expr_parent_top_level(this, info.Child, info.Parent); else trapFile.expr_parent(this, info.Child, info.Parent); + trapFile.expr_location(this, Location); if (Type.HasValue && !Type.Value.HasObliviousNullability()) diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Field.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Field.cs index 0a91eb57ecd..61b5c40e6e5 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Field.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Field.cs @@ -49,8 +49,7 @@ namespace Semmle.Extraction.CSharp.Entities } } - foreach (var l in Locations) - trapFile.field_location(this, l); + WriteLocationsToTrap(trapFile.field_location, this, Locations); if (!IsSourceDeclaration || !Symbol.FromSource()) return; diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Indexer.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Indexer.cs index 1235b120253..e6a188a6ab1 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Indexer.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Indexer.cs @@ -19,8 +19,10 @@ namespace Semmle.Extraction.CSharp.Entities var type = Type.Create(Context, Symbol.Type); trapFile.indexers(this, Symbol.GetName(useMetadataName: true), ContainingType!, type.TypeRef, OriginalDefinition); - foreach (var l in Locations) - trapFile.indexer_location(this, l); + if (Context.ExtractLocation(Symbol)) + { + WriteLocationsToTrap(trapFile.indexer_location, this, Locations); + } var getter = BodyDeclaringSymbol.GetMethod; var setter = BodyDeclaringSymbol.SetMethod; diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/LocalVariable.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/LocalVariable.cs index f1c6813a66d..f16faa7f530 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/LocalVariable.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/LocalVariable.cs @@ -41,7 +41,7 @@ namespace Semmle.Extraction.CSharp.Entities trapFile.localvars(this, Kinds.VariableKind.None, Symbol.Name, @var, Type.Create(Context, parent.Type).TypeRef, parent); } - trapFile.localvar_location(this, Location); + WriteLocationToTrap(trapFile.localvar_location, this, Location); DefineConstantValue(trapFile); } diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Locations/GeneratedLocation.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Locations/EmptyLocation.cs similarity index 54% rename from csharp/extractor/Semmle.Extraction.CSharp/Entities/Locations/GeneratedLocation.cs rename to csharp/extractor/Semmle.Extraction.CSharp/Entities/Locations/EmptyLocation.cs index d12f1ca51e0..f81db35fdbc 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Locations/GeneratedLocation.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Locations/EmptyLocation.cs @@ -2,11 +2,11 @@ using System.IO; namespace Semmle.Extraction.CSharp.Entities { - public class GeneratedLocation : SourceLocation + public class EmptyLocation : SourceLocation { private readonly File generatedFile; - private GeneratedLocation(Context cx) + private EmptyLocation(Context cx) : base(cx, null) { generatedFile = GeneratedFile.Create(cx); @@ -26,15 +26,16 @@ namespace Semmle.Extraction.CSharp.Entities public override int GetHashCode() => 98732567; - public override bool Equals(object? obj) => obj is not null && obj.GetType() == typeof(GeneratedLocation); + public override bool Equals(object? obj) => obj is not null && obj.GetType() == typeof(EmptyLocation); - public static GeneratedLocation Create(Context cx) => GeneratedLocationFactory.Instance.CreateEntity(cx, typeof(GeneratedLocation), null); + public static EmptyLocation Create(Context cx) + => EmptyLocationFactory.Instance.CreateEntity(cx, typeof(EmptyLocation), null); - private class GeneratedLocationFactory : CachedEntityFactory + private class EmptyLocationFactory : CachedEntityFactory { - public static GeneratedLocationFactory Instance { get; } = new GeneratedLocationFactory(); + public static EmptyLocationFactory Instance { get; } = new EmptyLocationFactory(); - public override GeneratedLocation Create(Context cx, string? init) => new GeneratedLocation(cx); + public override EmptyLocation Create(Context cx, string? init) => new EmptyLocation(cx); } } } diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/NamespaceDeclaration.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/NamespaceDeclaration.cs index 12684c304a4..09ba3cc02b2 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/NamespaceDeclaration.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/NamespaceDeclaration.cs @@ -35,7 +35,7 @@ namespace Semmle.Extraction.CSharp.Entities var ns = Namespace.Create(Context, @namespace); trapFile.namespace_declarations(this, ns); - trapFile.namespace_declaration_location(this, Context.CreateLocation(node.Name.GetLocation())); + WriteLocationToTrap(trapFile.namespace_declaration_location, this, Context.CreateLocation(node.Name.GetLocation())); var visitor = new Populators.TypeOrNamespaceVisitor(Context, trapFile, this); diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/OrdinaryMethod.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/OrdinaryMethod.cs index bd3a637a624..af4cd1a10ce 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/OrdinaryMethod.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/OrdinaryMethod.cs @@ -43,8 +43,10 @@ namespace Semmle.Extraction.CSharp.Entities } } - foreach (var l in Locations) - trapFile.method_location(this, l); + if (Context.ExtractLocation(Symbol)) + { + WriteLocationsToTrap(trapFile.method_location, this, Locations); + } PopulateGenerics(trapFile); Overrides(trapFile); diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Parameter.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Parameter.cs index 76d518776ca..a5d208fc86f 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Parameter.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Parameter.cs @@ -116,14 +116,16 @@ namespace Semmle.Extraction.CSharp.Entities trapFile.@params(this, Name, type.TypeRef, Ordinal, ParamKind, Parent!, Original); foreach (var l in Symbol.Locations) - trapFile.param_location(this, Context.CreateLocation(l)); + { + WriteLocationToTrap(trapFile.param_location, this, Context.CreateLocation(l)); + } if (!Symbol.Locations.Any() && Symbol.ContainingSymbol is IMethodSymbol ms && ms.Name == WellKnownMemberNames.TopLevelStatementsEntryPointMethodName && ms.ContainingType.Name == WellKnownMemberNames.TopLevelStatementsEntryPointTypeName) { - trapFile.param_location(this, Context.CreateLocation()); + WriteLocationToTrap(trapFile.param_location, this, Context.CreateLocation()); } if (Symbol.HasExplicitDefaultValue && Context.Defines(Symbol)) @@ -247,7 +249,6 @@ namespace Semmle.Extraction.CSharp.Entities var typeKey = VarargsType.Create(Context); // !! Maybe originaldefinition is wrong trapFile.@params(this, "", typeKey, Ordinal, Kind.None, Parent!, this); - trapFile.param_location(this, GeneratedLocation.Create(Context)); } protected override int Ordinal => ((Method)Parent!).OriginalDefinition.Symbol.Parameters.Length; diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/PreprocessorDirectives/PreprocessorDirective.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/PreprocessorDirectives/PreprocessorDirective.cs index da39613e124..9520e80d245 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/PreprocessorDirectives/PreprocessorDirective.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/PreprocessorDirectives/PreprocessorDirective.cs @@ -13,7 +13,7 @@ namespace Semmle.Extraction.CSharp.Entities PopulatePreprocessor(trapFile); trapFile.preprocessor_directive_active(this, Symbol.IsActive); - trapFile.preprocessor_directive_location(this, Context.CreateLocation(ReportingLocation)); + WriteLocationToTrap(trapFile.preprocessor_directive_location, this, Context.CreateLocation(ReportingLocation)); var compilation = Compilation.Create(Context); trapFile.preprocessor_directive_compilation(this, compilation); diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Property.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Property.cs index f8845a667cc..ccffa1d9511 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Property.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Property.cs @@ -69,8 +69,10 @@ namespace Semmle.Extraction.CSharp.Entities TypeMention.Create(Context, syntax.ExplicitInterfaceSpecifier!.Name, this, explicitInterface); } - foreach (var l in Locations) - trapFile.property_location(this, l); + if (Context.ExtractLocation(Symbol)) + { + WriteLocationsToTrap(trapFile.property_location, this, Locations); + } if (IsSourceDeclaration && Symbol.FromSource()) { diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/DynamicType.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/DynamicType.cs index 5a840e3b9ef..a3372726ae3 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/DynamicType.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/DynamicType.cs @@ -16,7 +16,7 @@ namespace Semmle.Extraction.CSharp.Entities public override void Populate(TextWriter trapFile) { trapFile.types(this, Kinds.TypeKind.DYNAMIC, "dynamic"); - trapFile.type_location(this, Location); + WriteLocationToTrap(trapFile.type_location, this, Location); trapFile.has_modifiers(this, Modifier.Create(Context, "public")); trapFile.parent_namespace(this, Namespace.Create(Context, Context.Compilation.GlobalNamespace)); diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/NamedType.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/NamedType.cs index 96c523d5bbd..d7eab644eeb 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/NamedType.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/NamedType.cs @@ -83,8 +83,7 @@ namespace Semmle.Extraction.CSharp.Entities // Class location if (!Symbol.IsGenericType || Symbol.IsReallyUnbound()) { - foreach (var l in Locations) - trapFile.type_location(this, l); + WriteLocationsToTrap(trapFile.type_location, this, Locations); } if (Symbol.IsAnonymousType) @@ -112,15 +111,18 @@ namespace Semmle.Extraction.CSharp.Entities } } - private static IEnumerable GetLocations(INamedTypeSymbol type) + private IEnumerable GetLocations(INamedTypeSymbol type) { - return type.Locations - .Where(l => l.IsInMetadata) - .Concat(type.DeclaringSyntaxReferences + var metadataLocations = type.Locations + .Where(l => l.IsInMetadata); + var sourceLocations = type.DeclaringSyntaxReferences .Select(loc => loc.GetSyntax()) .OfType() .Select(l => l.FixedLocation()) - ); + .Where(Context.IsLocationInContext); + + return metadataLocations + .Concat(sourceLocations); } public override Microsoft.CodeAnalysis.Location? ReportingLocation => GetLocations(Symbol).BestOrDefault(); diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/TupleType.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/TupleType.cs index d97e4b9dad5..18d71c99788 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/TupleType.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/TupleType.cs @@ -54,8 +54,8 @@ namespace Semmle.Extraction.CSharp.Entities // Note: symbol.Locations seems to be very inconsistent // about what locations are available for a tuple type. // Sometimes it's the source code, and sometimes it's empty. - foreach (var l in Symbol.Locations) - trapFile.type_location(this, Context.CreateLocation(l)); + var locations = Context.GetLocations(Symbol); + WriteLocationsToTrap(trapFile.type_location, this, locations); } private readonly Lazy tupleElementsLazy; diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/TypeParameter.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/TypeParameter.cs index 25fda9eabe9..8c7c0edde76 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/TypeParameter.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/TypeParameter.cs @@ -26,9 +26,10 @@ namespace Semmle.Extraction.CSharp.Entities var parentNs = Namespace.Create(Context, Symbol.TypeParameterKind == TypeParameterKind.Method ? Context.Compilation.GlobalNamespace : Symbol.ContainingNamespace); trapFile.parent_namespace(this, parentNs); - foreach (var l in Symbol.Locations) + if (Context.ExtractLocation(Symbol)) { - trapFile.type_location(this, Context.CreateLocation(l)); + var locations = Context.GetLocations(Symbol); + WriteLocationsToTrap(trapFile.type_location, this, locations); } if (IsSourceDeclaration) diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/UserOperator.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/UserOperator.cs index 141bded87ac..e37d16567e1 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/UserOperator.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/UserOperator.cs @@ -26,8 +26,7 @@ namespace Semmle.Extraction.CSharp.Entities returnType.TypeRef, (UserOperator)OriginalDefinition); - foreach (var l in Locations) - trapFile.operator_location(this, l); + WriteLocationsToTrap(trapFile.operator_location, this, Locations); if (IsSourceDeclaration) { diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Extractor/Analyser.cs b/csharp/extractor/Semmle.Extraction.CSharp/Extractor/Analyser.cs index 3ea99a0d772..4c8660c172a 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Extractor/Analyser.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Extractor/Analyser.cs @@ -238,6 +238,9 @@ namespace Semmle.Extraction.CSharp compilationEntity = Entities.Compilation.Create(cx); + // Ensure that the empty location is always created. + Entities.EmptyLocation.Create(cx); + ExtractionContext.CompilationInfos.ForEach(ci => trapWriter.Writer.compilation_info(compilationEntity, ci.key, ci.value)); ReportProgressTaskDone(currentTaskId, assemblyPath, trapWriter.TrapFile, stopwatch.Elapsed, AnalysisAction.Extracted); diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Extractor/Context.cs b/csharp/extractor/Semmle.Extraction.CSharp/Extractor/Context.cs index f231c8238a9..74b3b186b51 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Extractor/Context.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Extractor/Context.cs @@ -550,6 +550,25 @@ namespace Semmle.Extraction.CSharp !SymbolEqualityComparer.Default.Equals(symbol, symbol.OriginalDefinition) || scope.InScope(symbol); + public bool ExtractLocation(ISymbol symbol) => + SymbolEqualityComparer.Default.Equals(symbol, symbol.OriginalDefinition) && + scope.InScope(symbol); + + /// + /// Gets the locations of the symbol that are either + /// (1) In assemblies. + /// (2) In the current context. + /// + /// The symbol + /// List of locations + public IEnumerable GetLocations(ISymbol symbol) => + symbol.Locations + .Where(l => !l.IsInSource || IsLocationInContext(l)) + .Select(CreateLocation); + + public bool IsLocationInContext(Location location) => + location.SourceTree == SourceTree; + /// /// Runs the given action , guarding for trap duplication /// based on key . @@ -582,14 +601,14 @@ namespace Semmle.Extraction.CSharp public Entities.Location CreateLocation() { return SourceTree is null - ? Entities.GeneratedLocation.Create(this) + ? Entities.EmptyLocation.Create(this) : CreateLocation(Microsoft.CodeAnalysis.Location.Create(SourceTree, Microsoft.CodeAnalysis.Text.TextSpan.FromBounds(0, 0))); } public Entities.Location CreateLocation(Microsoft.CodeAnalysis.Location? location) { return (location is null || location.Kind == LocationKind.None) - ? Entities.GeneratedLocation.Create(this) + ? Entities.EmptyLocation.Create(this) : location.IsInSource ? Entities.NonGeneratedSourceLocation.Create(this, location) : Entities.Assembly.Create(this, location); diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml index 02e6cddfc17..3c14c29940c 100644 --- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-all -version: 1.7.49 +version: 1.7.50-dev groups: - csharp - solorigate diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml index 84e6c8ef7e0..efb3216f3b9 100644 --- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-queries -version: 1.7.49 +version: 1.7.50-dev groups: - csharp - solorigate diff --git a/csharp/ql/lib/change-notes/2025-10-02-entity-locations.md b/csharp/ql/lib/change-notes/2025-10-02-entity-locations.md new file mode 100644 index 00000000000..dd13aab6292 --- /dev/null +++ b/csharp/ql/lib/change-notes/2025-10-02-entity-locations.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* The extraction of the location for bound generic entities (methods, accessors, indexers, properties, and events) has been optimized. Previously, location information was extracted multiple times for each bound generic. Now, only the location of the unbound generic declaration is extracted during the extraction phase, and the QL library explicitly reuses this location for all bound instances of the same generic. diff --git a/csharp/ql/lib/change-notes/2025-10-07-entity-locations.md b/csharp/ql/lib/change-notes/2025-10-07-entity-locations.md new file mode 100644 index 00000000000..44f36fe44c6 --- /dev/null +++ b/csharp/ql/lib/change-notes/2025-10-07-entity-locations.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* The extraction of location information for named types (classes, structs, etc.) has been optimized. Previously, location information was extracted multiple times for each type when it was declared across multiple files. Now, the extraction context is respected during the extraction phase, ensuring locations are only extracted within the appropriate context. This change should be transparent to end-users but may improve extraction performance in some cases. diff --git a/csharp/ql/lib/change-notes/2025-10-08-entity-locations.md b/csharp/ql/lib/change-notes/2025-10-08-entity-locations.md new file mode 100644 index 00000000000..a96afe07251 --- /dev/null +++ b/csharp/ql/lib/change-notes/2025-10-08-entity-locations.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* The extraction of location information for type parameters and tuples types has been optimized. Previously, location information was extracted multiple times for each type when it was declared across multiple files. Now, the extraction context is respected during the extraction phase, ensuring locations are only extracted within the appropriate context. This change should be transparent to end-users but may improve extraction performance in some cases. diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index aba9ee98b5a..2f92b5edafd 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 5.2.5 +version: 5.2.6-dev groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/lib/semmle/code/csharp/Callable.qll b/csharp/ql/lib/semmle/code/csharp/Callable.qll index 7e17f853913..ef0d0673ce2 100644 --- a/csharp/ql/lib/semmle/code/csharp/Callable.qll +++ b/csharp/ql/lib/semmle/code/csharp/Callable.qll @@ -265,7 +265,7 @@ class Method extends Callable, Virtualizable, Attributable, @method { result = Virtualizable.super.getAnUltimateImplementor() } - override Location getALocation() { method_location(this, result) } + override Location getALocation() { method_location(this.getUnboundDeclaration(), result) } /** Holds if this method is an extension method. */ predicate isExtensionMethod() { this.getParameter(0).hasExtensionMethodModifier() } diff --git a/csharp/ql/lib/semmle/code/csharp/Event.qll b/csharp/ql/lib/semmle/code/csharp/Event.qll index a7079952478..39e2fdb7894 100644 --- a/csharp/ql/lib/semmle/code/csharp/Event.qll +++ b/csharp/ql/lib/semmle/code/csharp/Event.qll @@ -68,7 +68,7 @@ class Event extends DeclarationWithAccessors, @event { result = DeclarationWithAccessors.super.getAnUltimateImplementor() } - override Location getALocation() { event_location(this, result) } + override Location getALocation() { event_location(this.getUnboundDeclaration(), result) } override string getAPrimaryQlClass() { result = "Event" } } @@ -99,7 +99,7 @@ class EventAccessor extends Accessor, @event_accessor { override Event getDeclaration() { event_accessors(this, _, _, result, _) } - override Location getALocation() { event_accessor_location(this, result) } + override Location getALocation() { event_accessor_location(this.getUnboundDeclaration(), result) } } /** diff --git a/csharp/ql/lib/semmle/code/csharp/Property.qll b/csharp/ql/lib/semmle/code/csharp/Property.qll index 60ea83c3011..e651639b631 100644 --- a/csharp/ql/lib/semmle/code/csharp/Property.qll +++ b/csharp/ql/lib/semmle/code/csharp/Property.qll @@ -196,7 +196,7 @@ class Property extends DeclarationWithGetSetAccessors, @property { override PropertyAccess getAnAccess() { result.getTarget() = this } - override Location getALocation() { property_location(this, result) } + override Location getALocation() { property_location(this.getUnboundDeclaration(), result) } override Expr getAnAssignedValue() { result = DeclarationWithGetSetAccessors.super.getAnAssignedValue() @@ -328,7 +328,7 @@ class Indexer extends DeclarationWithGetSetAccessors, Parameterizable, @indexer result = DeclarationWithGetSetAccessors.super.getAnUltimateImplementor() } - override Location getALocation() { indexer_location(this, result) } + override Location getALocation() { indexer_location(this.getUnboundDeclaration(), result) } override string toStringWithTypes() { result = this.getName() + "[" + this.parameterTypesToString() + "]" @@ -408,7 +408,7 @@ class Accessor extends Callable, Modifiable, Attributable, Overridable, @callabl override Accessor getUnboundDeclaration() { accessors(this, _, _, _, result) } - override Location getALocation() { accessor_location(this, result) } + override Location getALocation() { accessor_location(this.getUnboundDeclaration(), result) } override string toString() { result = this.getName() } } diff --git a/csharp/ql/lib/semmle/code/csharp/Type.qll b/csharp/ql/lib/semmle/code/csharp/Type.qll index e417f393b94..1efb1aa93bf 100644 --- a/csharp/ql/lib/semmle/code/csharp/Type.qll +++ b/csharp/ql/lib/semmle/code/csharp/Type.qll @@ -394,6 +394,8 @@ class NestedType extends ValueOrRefType { NestedType() { nested_types(this, _, _) } override ValueOrRefType getDeclaringType() { nested_types(this, result, _) } + + override Location getALocation() { type_location(this.getUnboundDeclaration(), result) } } /** diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index 7ecdec07f35..fad06a3e928 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-queries -version: 1.4.1 +version: 1.4.2-dev groups: - csharp - queries diff --git a/csharp/ql/test/library-tests/csharp8/NullableRefTypes.expected b/csharp/ql/test/library-tests/csharp8/NullableRefTypes.expected index 56f2f7e3d60..6ad47e73d01 100644 --- a/csharp/ql/test/library-tests/csharp8/NullableRefTypes.expected +++ b/csharp/ql/test/library-tests/csharp8/NullableRefTypes.expected @@ -178,8 +178,8 @@ returnTypes | NullableRefTypes.cs:51:12:51:15 | Q | object | | NullableRefTypes.cs:51:12:51:15 | Q | object! | | NullableRefTypes.cs:51:12:51:15 | Q`1 | object! | -| NullableRefTypes.cs:54:11:54:33 | Generic | Void! | -| NullableRefTypes.cs:58:11:58:26 | Generic2 | Void! | +| NullableRefTypes.cs:54:11:54:17 | Generic | Void! | +| NullableRefTypes.cs:58:11:58:18 | Generic2 | Void! | | NullableRefTypes.cs:67:10:67:21 | GenericFn | Void | | NullableRefTypes.cs:67:10:67:21 | GenericFn | Void! | | NullableRefTypes.cs:67:10:67:21 | GenericFn`1 | Void! | @@ -271,8 +271,8 @@ expressionTypes | NullableRefTypes.cs:40:26:40:30 | ref ... | MyClass | | NullableRefTypes.cs:40:30:40:30 | access to local variable b | MyClass? | | NullableRefTypes.cs:51:44:51:47 | null | null | -| NullableRefTypes.cs:54:11:54:33 | call to constructor Object | object | -| NullableRefTypes.cs:58:11:58:26 | call to constructor Object | object | +| NullableRefTypes.cs:54:11:54:17 | call to constructor Object | object | +| NullableRefTypes.cs:58:11:58:18 | call to constructor Object | object | | NullableRefTypes.cs:73:18:73:18 | access to local variable x | MyClass! | | NullableRefTypes.cs:73:18:73:25 | MyClass x = ... | MyClass! | | NullableRefTypes.cs:73:22:73:25 | null | null | diff --git a/csharp/ql/test/library-tests/csharp9/withExpr.expected b/csharp/ql/test/library-tests/csharp9/withExpr.expected index 2d32e7c8bfd..cf3b9f5eb00 100644 --- a/csharp/ql/test/library-tests/csharp9/withExpr.expected +++ b/csharp/ql/test/library-tests/csharp9/withExpr.expected @@ -4,10 +4,10 @@ withExpr | Record.cs:77:21:77:31 | ... with { ... } | Person1 | Record.cs:77:21:77:22 | access to local variable p1 | Record.cs:77:29:77:31 | { ..., ... } | Person1.$() | | Record.cs:84:16:84:33 | ... with { ... } | R1 | Record.cs:84:16:84:16 | access to local variable b | Record.cs:84:23:84:33 | { ..., ... } | R1.$() | withTarget -| Record.cs:75:18:75:47 | ... with { ... } | Record.cs:27:1:27:57 | $ | Record.cs:27:1:27:57 | Person1 | -| Record.cs:76:18:76:81 | ... with { ... } | Record.cs:29:1:30:35 | $ | Record.cs:29:1:30:35 | Teacher1 | -| Record.cs:77:21:77:31 | ... with { ... } | Record.cs:27:1:27:57 | $ | Record.cs:27:1:27:57 | Person1 | -| Record.cs:84:16:84:33 | ... with { ... } | Record.cs:54:1:54:39 | $ | Record.cs:54:1:54:39 | R1 | +| Record.cs:75:18:75:47 | ... with { ... } | Record.cs:27:1:27:57 | $ | Record.cs:27:15:27:21 | Person1 | +| Record.cs:76:18:76:81 | ... with { ... } | Record.cs:29:1:30:35 | $ | Record.cs:29:15:29:22 | Teacher1 | +| Record.cs:77:21:77:31 | ... with { ... } | Record.cs:27:1:27:57 | $ | Record.cs:27:15:27:21 | Person1 | +| Record.cs:84:16:84:33 | ... with { ... } | Record.cs:54:1:54:39 | $ | Record.cs:54:24:54:25 | R1 | cloneOverrides | Person1.$() | Student1.$() | | Person1.$() | Teacher1.$() | diff --git a/csharp/ql/test/library-tests/expressions/ConstructorInitializers.expected b/csharp/ql/test/library-tests/expressions/ConstructorInitializers.expected index 00e46f6359c..2e6a5f679ba 100644 --- a/csharp/ql/test/library-tests/expressions/ConstructorInitializers.expected +++ b/csharp/ql/test/library-tests/expressions/ConstructorInitializers.expected @@ -27,6 +27,6 @@ | file://:0:0:0:0 | TestCreations | expressions.cs:383:18:383:30 | call to constructor Object | file://:0:0:0:0 | Object | | file://:0:0:0:0 | TestUnaryOperator | expressions.cs:292:11:292:27 | call to constructor Object | file://:0:0:0:0 | Object | | file://:0:0:0:0 | TupleExprs | expressions.cs:501:11:501:20 | call to constructor Object | file://:0:0:0:0 | Object | -| file://:0:0:0:0 | X | expressions.cs:108:15:108:18 | call to constructor Object | file://:0:0:0:0 | Object | +| file://:0:0:0:0 | X | expressions.cs:108:15:108:15 | call to constructor Object | file://:0:0:0:0 | Object | | file://:0:0:0:0 | X | expressions.cs:216:18:216:18 | call to constructor Object | file://:0:0:0:0 | Object | -| file://:0:0:0:0 | Y | expressions.cs:104:15:104:21 | call to constructor Object | file://:0:0:0:0 | Object | +| file://:0:0:0:0 | Y | expressions.cs:104:15:104:15 | call to constructor Object | file://:0:0:0:0 | Object | diff --git a/csharp/ql/test/library-tests/locations/A.cs b/csharp/ql/test/library-tests/locations/A.cs new file mode 100644 index 00000000000..7f641a0024e --- /dev/null +++ b/csharp/ql/test/library-tests/locations/A.cs @@ -0,0 +1,35 @@ +using System; + +public abstract class A +{ + public abstract T Prop { get; } + public abstract T this[int index] { get; set; } + public abstract event EventHandler Event; + public void Apply(T t) { } + public abstract object ToObject(T t); +} + +public class A2 : A +{ + public override string Prop => ""; + + public override string this[int i] + { + get { return ""; } + set { } + } + + public override event EventHandler Event + { + add { } + remove { } + } + + public override object ToObject(string t) => t; + + public void M() + { + A2 other = new(); + other.Apply(""); + } +} diff --git a/csharp/ql/test/library-tests/locations/B.cs b/csharp/ql/test/library-tests/locations/B.cs new file mode 100644 index 00000000000..c4cfa971116 --- /dev/null +++ b/csharp/ql/test/library-tests/locations/B.cs @@ -0,0 +1,20 @@ +using System; + +public class B : A +{ + public override int Prop => 0; + + public override int this[int i] + { + get { return 0; } + set { } + } + + public override event EventHandler Event + { + add { } + remove { } + } + + public override object ToObject(int t) => t; +} diff --git a/csharp/ql/test/library-tests/locations/Base.cs b/csharp/ql/test/library-tests/locations/Base.cs new file mode 100644 index 00000000000..413534319c4 --- /dev/null +++ b/csharp/ql/test/library-tests/locations/Base.cs @@ -0,0 +1,8 @@ +public abstract class Base +{ + public void M() { } + + public class InnerBase { } +} + +public abstract class Base2 { } diff --git a/csharp/ql/test/library-tests/locations/C.cs b/csharp/ql/test/library-tests/locations/C.cs new file mode 100644 index 00000000000..a4063646d53 --- /dev/null +++ b/csharp/ql/test/library-tests/locations/C.cs @@ -0,0 +1,12 @@ +using System; + +class C +{ + public void M() + { + B b = new B(); + b.Apply(0); + A2 a2 = new A2(); + a2.Apply(""); + } +} diff --git a/csharp/ql/test/library-tests/locations/Multiple1.cs b/csharp/ql/test/library-tests/locations/Multiple1.cs new file mode 100644 index 00000000000..1d8a6491b14 --- /dev/null +++ b/csharp/ql/test/library-tests/locations/Multiple1.cs @@ -0,0 +1,13 @@ +public partial class Multiple { } + +public partial class MultipleGeneric { } + +public class Multiple1Specific +{ + public static (int, string) M() + { + (int, string) x = (0, ""); + (int, int) y = (0, 0); + return x; + } +} diff --git a/csharp/ql/test/library-tests/locations/Multiple2.cs b/csharp/ql/test/library-tests/locations/Multiple2.cs new file mode 100644 index 00000000000..e6383306616 --- /dev/null +++ b/csharp/ql/test/library-tests/locations/Multiple2.cs @@ -0,0 +1,11 @@ +public partial class Multiple { } + +public partial class MultipleGeneric { } + +public class Multiple2Specific +{ + public void M() + { + (int, string) z = (0, ""); + } +} diff --git a/csharp/ql/test/library-tests/locations/Sub.cs b/csharp/ql/test/library-tests/locations/Sub.cs new file mode 100644 index 00000000000..744cf63b7b1 --- /dev/null +++ b/csharp/ql/test/library-tests/locations/Sub.cs @@ -0,0 +1,8 @@ +public class Sub : Base +{ + public void SubM() + { + M(); + var x = new InnerBase(); + } +} diff --git a/csharp/ql/test/library-tests/locations/locations.expected b/csharp/ql/test/library-tests/locations/locations.expected new file mode 100644 index 00000000000..1710f4e3cec --- /dev/null +++ b/csharp/ql/test/library-tests/locations/locations.expected @@ -0,0 +1,106 @@ +member_locations +| A.cs:3:23:3:26 | A | A.cs:5:23:5:26 | Prop | A.cs:5:23:5:26 | A.cs:5:23:5:26 | +| A.cs:3:23:3:26 | A | A.cs:6:23:6:26 | Item | A.cs:6:23:6:26 | A.cs:6:23:6:26 | +| A.cs:3:23:3:26 | A | A.cs:7:40:7:44 | Event | A.cs:7:40:7:44 | A.cs:7:40:7:44 | +| A.cs:3:23:3:26 | A | A.cs:8:17:8:21 | Apply | A.cs:8:17:8:21 | A.cs:8:17:8:21 | +| A.cs:3:23:3:26 | A | A.cs:9:28:9:35 | ToObject | A.cs:9:28:9:35 | A.cs:9:28:9:35 | +| A.cs:3:23:3:26 | A | A.cs:5:23:5:26 | Prop | A.cs:5:23:5:26 | A.cs:5:23:5:26 | +| A.cs:3:23:3:26 | A | A.cs:6:23:6:26 | Item | A.cs:6:23:6:26 | A.cs:6:23:6:26 | +| A.cs:3:23:3:26 | A | A.cs:7:40:7:44 | Event | A.cs:7:40:7:44 | A.cs:7:40:7:44 | +| A.cs:3:23:3:26 | A | A.cs:8:17:8:21 | Apply | A.cs:8:17:8:21 | A.cs:8:17:8:21 | +| A.cs:3:23:3:26 | A | A.cs:9:28:9:35 | ToObject | A.cs:9:28:9:35 | A.cs:9:28:9:35 | +| A.cs:3:23:3:26 | A`1 | A.cs:5:23:5:26 | Prop | A.cs:5:23:5:26 | A.cs:5:23:5:26 | +| A.cs:3:23:3:26 | A`1 | A.cs:6:23:6:26 | Item | A.cs:6:23:6:26 | A.cs:6:23:6:26 | +| A.cs:3:23:3:26 | A`1 | A.cs:7:40:7:44 | Event | A.cs:7:40:7:44 | A.cs:7:40:7:44 | +| A.cs:3:23:3:26 | A`1 | A.cs:8:17:8:21 | Apply | A.cs:8:17:8:21 | A.cs:8:17:8:21 | +| A.cs:3:23:3:26 | A`1 | A.cs:9:28:9:35 | ToObject | A.cs:9:28:9:35 | A.cs:9:28:9:35 | +| A.cs:12:14:12:15 | A2 | A.cs:14:28:14:31 | Prop | A.cs:14:28:14:31 | A.cs:14:28:14:31 | +| A.cs:12:14:12:15 | A2 | A.cs:16:28:16:31 | Item | A.cs:16:28:16:31 | A.cs:16:28:16:31 | +| A.cs:12:14:12:15 | A2 | A.cs:22:40:22:44 | Event | A.cs:22:40:22:44 | A.cs:22:40:22:44 | +| A.cs:12:14:12:15 | A2 | A.cs:28:28:28:35 | ToObject | A.cs:28:28:28:35 | A.cs:28:28:28:35 | +| A.cs:12:14:12:15 | A2 | A.cs:30:17:30:17 | M | A.cs:30:17:30:17 | A.cs:30:17:30:17 | +| B.cs:3:14:3:14 | B | B.cs:5:25:5:28 | Prop | B.cs:5:25:5:28 | B.cs:5:25:5:28 | +| B.cs:3:14:3:14 | B | B.cs:7:25:7:28 | Item | B.cs:7:25:7:28 | B.cs:7:25:7:28 | +| B.cs:3:14:3:14 | B | B.cs:13:40:13:44 | Event | B.cs:13:40:13:44 | B.cs:13:40:13:44 | +| B.cs:3:14:3:14 | B | B.cs:19:28:19:35 | ToObject | B.cs:19:28:19:35 | B.cs:19:28:19:35 | +| Base.cs:1:23:1:29 | Base | Base.cs:3:17:3:17 | M | Base.cs:3:17:3:17 | Base.cs:3:17:3:17 | +| Base.cs:1:23:1:29 | Base | Base.cs:5:18:5:26 | InnerBase | Base.cs:5:18:5:26 | Base.cs:5:18:5:26 | +| Base.cs:1:23:1:29 | Base`1 | Base.cs:3:17:3:17 | M | Base.cs:3:17:3:17 | Base.cs:3:17:3:17 | +| Base.cs:1:23:1:29 | Base`1 | Base.cs:5:18:5:26 | InnerBase | Base.cs:5:18:5:26 | Base.cs:5:18:5:26 | +| C.cs:3:7:3:7 | C | C.cs:5:17:5:17 | M | C.cs:5:17:5:17 | C.cs:5:17:5:17 | +| Multiple1.cs:5:14:5:30 | Multiple1Specific | Multiple1.cs:7:33:7:33 | M | Multiple1.cs:7:33:7:33 | Multiple1.cs:7:33:7:33 | +| Multiple2.cs:5:14:5:30 | Multiple2Specific | Multiple2.cs:7:17:7:17 | M | Multiple2.cs:7:17:7:17 | Multiple2.cs:7:17:7:17 | +| Sub.cs:1:14:1:16 | Sub | Sub.cs:3:17:3:20 | SubM | Sub.cs:3:17:3:20 | Sub.cs:3:17:3:20 | +accessor_location +| A.cs:3:23:3:26 | A | A.cs:5:30:5:32 | get_Prop | A.cs:5:30:5:32 | A.cs:5:30:5:32 | +| A.cs:3:23:3:26 | A | A.cs:6:41:6:43 | get_Item | A.cs:6:41:6:43 | A.cs:6:41:6:43 | +| A.cs:3:23:3:26 | A | A.cs:6:46:6:48 | set_Item | A.cs:6:46:6:48 | A.cs:6:46:6:48 | +| A.cs:3:23:3:26 | A | A.cs:7:40:7:44 | add_Event | A.cs:7:40:7:44 | A.cs:7:40:7:44 | +| A.cs:3:23:3:26 | A | A.cs:7:40:7:44 | remove_Event | A.cs:7:40:7:44 | A.cs:7:40:7:44 | +| A.cs:3:23:3:26 | A | A.cs:5:30:5:32 | get_Prop | A.cs:5:30:5:32 | A.cs:5:30:5:32 | +| A.cs:3:23:3:26 | A | A.cs:6:41:6:43 | get_Item | A.cs:6:41:6:43 | A.cs:6:41:6:43 | +| A.cs:3:23:3:26 | A | A.cs:6:46:6:48 | set_Item | A.cs:6:46:6:48 | A.cs:6:46:6:48 | +| A.cs:3:23:3:26 | A | A.cs:7:40:7:44 | add_Event | A.cs:7:40:7:44 | A.cs:7:40:7:44 | +| A.cs:3:23:3:26 | A | A.cs:7:40:7:44 | remove_Event | A.cs:7:40:7:44 | A.cs:7:40:7:44 | +| A.cs:3:23:3:26 | A`1 | A.cs:5:30:5:32 | get_Prop | A.cs:5:30:5:32 | A.cs:5:30:5:32 | +| A.cs:3:23:3:26 | A`1 | A.cs:6:41:6:43 | get_Item | A.cs:6:41:6:43 | A.cs:6:41:6:43 | +| A.cs:3:23:3:26 | A`1 | A.cs:6:46:6:48 | set_Item | A.cs:6:46:6:48 | A.cs:6:46:6:48 | +| A.cs:3:23:3:26 | A`1 | A.cs:7:40:7:44 | add_Event | A.cs:7:40:7:44 | A.cs:7:40:7:44 | +| A.cs:3:23:3:26 | A`1 | A.cs:7:40:7:44 | remove_Event | A.cs:7:40:7:44 | A.cs:7:40:7:44 | +| A.cs:12:14:12:15 | A2 | A.cs:14:36:14:37 | get_Prop | A.cs:14:36:14:37 | A.cs:14:36:14:37 | +| A.cs:12:14:12:15 | A2 | A.cs:18:9:18:11 | get_Item | A.cs:18:9:18:11 | A.cs:18:9:18:11 | +| A.cs:12:14:12:15 | A2 | A.cs:19:9:19:11 | set_Item | A.cs:19:9:19:11 | A.cs:19:9:19:11 | +| A.cs:12:14:12:15 | A2 | A.cs:24:9:24:11 | add_Event | A.cs:24:9:24:11 | A.cs:24:9:24:11 | +| A.cs:12:14:12:15 | A2 | A.cs:25:9:25:14 | remove_Event | A.cs:25:9:25:14 | A.cs:25:9:25:14 | +| B.cs:3:14:3:14 | B | B.cs:5:33:5:33 | get_Prop | B.cs:5:33:5:33 | B.cs:5:33:5:33 | +| B.cs:3:14:3:14 | B | B.cs:9:9:9:11 | get_Item | B.cs:9:9:9:11 | B.cs:9:9:9:11 | +| B.cs:3:14:3:14 | B | B.cs:10:9:10:11 | set_Item | B.cs:10:9:10:11 | B.cs:10:9:10:11 | +| B.cs:3:14:3:14 | B | B.cs:15:9:15:11 | add_Event | B.cs:15:9:15:11 | B.cs:15:9:15:11 | +| B.cs:3:14:3:14 | B | B.cs:16:9:16:14 | remove_Event | B.cs:16:9:16:14 | B.cs:16:9:16:14 | +type_location +| A.cs:3:23:3:26 | A | A.cs:3:23:3:26 | A.cs:3:23:3:26 | +| A.cs:3:23:3:26 | A | A.cs:3:23:3:26 | A.cs:3:23:3:26 | +| A.cs:3:23:3:26 | A`1 | A.cs:3:23:3:26 | A.cs:3:23:3:26 | +| A.cs:3:25:3:25 | T | A.cs:3:25:3:25 | A.cs:3:25:3:25 | +| A.cs:12:14:12:15 | A2 | A.cs:12:14:12:15 | A.cs:12:14:12:15 | +| B.cs:3:14:3:14 | B | B.cs:3:14:3:14 | B.cs:3:14:3:14 | +| Base.cs:1:23:1:29 | Base | Base.cs:1:23:1:29 | Base.cs:1:23:1:29 | +| Base.cs:1:23:1:29 | Base`1 | Base.cs:1:23:1:29 | Base.cs:1:23:1:29 | +| Base.cs:1:28:1:28 | T | Base.cs:1:28:1:28 | Base.cs:1:28:1:28 | +| Base.cs:5:18:5:26 | InnerBase | Base.cs:5:18:5:26 | Base.cs:5:18:5:26 | +| Base.cs:5:18:5:26 | InnerBase | Base.cs:5:18:5:26 | Base.cs:5:18:5:26 | +| Base.cs:8:23:8:30 | Base2`1 | Base.cs:8:23:8:30 | Base.cs:8:23:8:30 | +| Base.cs:8:29:8:29 | T | Base.cs:8:29:8:29 | Base.cs:8:29:8:29 | +| C.cs:3:7:3:7 | C | C.cs:3:7:3:7 | C.cs:3:7:3:7 | +| Multiple1.cs:1:22:1:29 | Multiple | Multiple1.cs:1:22:1:29 | Multiple1.cs:1:22:1:29 | +| Multiple1.cs:1:22:1:29 | Multiple | Multiple2.cs:1:22:1:29 | Multiple2.cs:1:22:1:29 | +| Multiple1.cs:3:22:3:39 | MultipleGeneric`1 | Multiple1.cs:3:22:3:39 | Multiple1.cs:3:22:3:39 | +| Multiple1.cs:3:22:3:39 | MultipleGeneric`1 | Multiple2.cs:3:22:3:39 | Multiple2.cs:3:22:3:39 | +| Multiple1.cs:3:38:3:38 | S | Multiple1.cs:3:38:3:38 | Multiple1.cs:3:38:3:38 | +| Multiple1.cs:5:14:5:30 | Multiple1Specific | Multiple1.cs:5:14:5:30 | Multiple1.cs:5:14:5:30 | +| Multiple1.cs:7:19:7:31 | (Int32,String) | Multiple1.cs:7:19:7:31 | Multiple1.cs:7:19:7:31 | +| Multiple1.cs:10:9:10:18 | (Int32,Int32) | Multiple1.cs:10:9:10:18 | Multiple1.cs:10:9:10:18 | +| Multiple2.cs:1:22:1:29 | Multiple | Multiple1.cs:1:22:1:29 | Multiple1.cs:1:22:1:29 | +| Multiple2.cs:1:22:1:29 | Multiple | Multiple2.cs:1:22:1:29 | Multiple2.cs:1:22:1:29 | +| Multiple2.cs:3:22:3:39 | MultipleGeneric`1 | Multiple1.cs:3:22:3:39 | Multiple1.cs:3:22:3:39 | +| Multiple2.cs:3:22:3:39 | MultipleGeneric`1 | Multiple2.cs:3:22:3:39 | Multiple2.cs:3:22:3:39 | +| Multiple2.cs:5:14:5:30 | Multiple2Specific | Multiple2.cs:5:14:5:30 | Multiple2.cs:5:14:5:30 | +| Sub.cs:1:14:1:16 | Sub | Sub.cs:1:14:1:16 | Sub.cs:1:14:1:16 | +calltype_location +| A.cs:12:14:12:15 | call to constructor A | A.cs:3:23:3:26 | A | A.cs:3:23:3:26 | A.cs:3:23:3:26 | +| A.cs:32:20:32:24 | object creation of type A2 | A.cs:12:14:12:15 | A2 | A.cs:12:14:12:15 | A.cs:12:14:12:15 | +| B.cs:3:14:3:14 | call to constructor A | A.cs:3:23:3:26 | A | A.cs:3:23:3:26 | A.cs:3:23:3:26 | +| C.cs:7:15:7:21 | object creation of type B | B.cs:3:14:3:14 | B | B.cs:3:14:3:14 | B.cs:3:14:3:14 | +| C.cs:9:17:9:24 | object creation of type A2 | A.cs:12:14:12:15 | A2 | A.cs:12:14:12:15 | A.cs:12:14:12:15 | +| Sub.cs:1:14:1:16 | call to constructor Base | Base.cs:1:23:1:29 | Base | Base.cs:1:23:1:29 | Base.cs:1:23:1:29 | +| Sub.cs:6:17:6:31 | object creation of type InnerBase | Base.cs:5:18:5:26 | InnerBase | Base.cs:5:18:5:26 | Base.cs:5:18:5:26 | +typeparameter_location +| A.cs:3:25:3:25 | T | A.cs:3:25:3:25 | A.cs:3:25:3:25 | +| Base.cs:1:28:1:28 | T | Base.cs:1:28:1:28 | Base.cs:1:28:1:28 | +| Base.cs:8:29:8:29 | T | Base.cs:8:29:8:29 | Base.cs:8:29:8:29 | +| Multiple1.cs:3:38:3:38 | S | Multiple1.cs:3:38:3:38 | Multiple1.cs:3:38:3:38 | +| Multiple1.cs:3:38:3:38 | S | Multiple2.cs:3:38:3:38 | Multiple2.cs:3:38:3:38 | +tupletype_location +| Multiple1.cs:7:19:7:31 | (Int32,String) | Multiple1.cs:7:19:7:31 | Multiple1.cs:7:19:7:31 | +| Multiple1.cs:7:19:7:31 | (Int32,String) | Multiple2.cs:9:9:9:21 | Multiple2.cs:9:9:9:21 | +| Multiple1.cs:10:9:10:18 | (Int32,Int32) | Multiple1.cs:10:9:10:18 | Multiple1.cs:10:9:10:18 | diff --git a/csharp/ql/test/library-tests/locations/locations.ql b/csharp/ql/test/library-tests/locations/locations.ql new file mode 100644 index 00000000000..670a2740811 --- /dev/null +++ b/csharp/ql/test/library-tests/locations/locations.ql @@ -0,0 +1,28 @@ +import csharp + +query predicate member_locations(Type t, Member m, SourceLocation l) { + t = m.getDeclaringType() and + l = m.getLocation() and + not l instanceof EmptyLocation and + not m instanceof Constructor and + t.fromSource() +} + +query predicate accessor_location(Type t, Accessor a, SourceLocation l) { + t = a.getDeclaringType() and + l = a.getLocation() and + not l instanceof EmptyLocation +} + +query predicate type_location(Type t, SourceLocation l) { + l = t.getLocation() and not l instanceof EmptyLocation +} + +query predicate calltype_location(Call call, Type t, SourceLocation l) { + t = call.getType() and + l = t.getALocation() +} + +query predicate typeparameter_location(TypeParameter tp, SourceLocation l) { tp.getALocation() = l } + +query predicate tupletype_location(TupleType tt, SourceLocation l) { tt.getALocation() = l } diff --git a/csharp/ql/test/library-tests/partial/Partial1.expected b/csharp/ql/test/library-tests/partial/Partial1.expected index af7be135914..55dcaabcea7 100644 --- a/csharp/ql/test/library-tests/partial/Partial1.expected +++ b/csharp/ql/test/library-tests/partial/Partial1.expected @@ -10,3 +10,5 @@ | Partial.cs:28:9:28:11 | set_Item | | Partial.cs:32:15:32:33 | OnePartPartialClass | | Partial.cs:34:18:34:42 | PartialMethodWithoutBody2 | +| PartialMultipleFiles1.cs:1:22:1:41 | PartialMultipleFiles | +| PartialMultipleFiles2.cs:1:22:1:41 | PartialMultipleFiles | diff --git a/csharp/ql/test/library-tests/partial/PartialConstructors.expected b/csharp/ql/test/library-tests/partial/PartialConstructors.expected new file mode 100644 index 00000000000..01779f1b81e --- /dev/null +++ b/csharp/ql/test/library-tests/partial/PartialConstructors.expected @@ -0,0 +1,4 @@ +| Partial.cs:1:15:1:26 | TwoPartClass | Partial.cs:1:15:1:26 | {...} | +| Partial.cs:32:15:32:33 | OnePartPartialClass | Partial.cs:32:15:32:33 | {...} | +| Partial.cs:38:7:38:21 | NonPartialClass | Partial.cs:38:7:38:21 | {...} | +| PartialMultipleFiles1.cs:1:22:1:41 | PartialMultipleFiles | PartialMultipleFiles1.cs:1:22:1:41 | {...} | diff --git a/csharp/ql/test/library-tests/partial/PartialConstructors.ql b/csharp/ql/test/library-tests/partial/PartialConstructors.ql new file mode 100644 index 00000000000..049de629085 --- /dev/null +++ b/csharp/ql/test/library-tests/partial/PartialConstructors.ql @@ -0,0 +1,5 @@ +import csharp + +from Constructor c +where c.getDeclaringType().fromSource() +select c, c.getBody() diff --git a/csharp/ql/test/library-tests/partial/PartialMultipleFiles1.cs b/csharp/ql/test/library-tests/partial/PartialMultipleFiles1.cs new file mode 100644 index 00000000000..6f9471f19ca --- /dev/null +++ b/csharp/ql/test/library-tests/partial/PartialMultipleFiles1.cs @@ -0,0 +1 @@ +public partial class PartialMultipleFiles { } diff --git a/csharp/ql/test/library-tests/partial/PartialMultipleFiles2.cs b/csharp/ql/test/library-tests/partial/PartialMultipleFiles2.cs new file mode 100644 index 00000000000..6f9471f19ca --- /dev/null +++ b/csharp/ql/test/library-tests/partial/PartialMultipleFiles2.cs @@ -0,0 +1 @@ +public partial class PartialMultipleFiles { } diff --git a/csharp/ql/test/library-tests/partial/PrintAst.expected b/csharp/ql/test/library-tests/partial/PrintAst.expected index 8d9da42fc11..d97f6fc01f0 100644 --- a/csharp/ql/test/library-tests/partial/PrintAst.expected +++ b/csharp/ql/test/library-tests/partial/PrintAst.expected @@ -89,3 +89,7 @@ Partial.cs: # 42| 0: [Parameter] index # 45| 1: [Parameter] value # 45| 4: [BlockStmt] {...} +PartialMultipleFiles1.cs: +# 1| [Class] PartialMultipleFiles +PartialMultipleFiles2.cs: +# 1| [Class] PartialMultipleFiles diff --git a/csharp/ql/test/query-tests/Security Features/CWE-611/stubs.cs b/csharp/ql/test/query-tests/Security Features/CWE-611/stubs.cs index 04c39623cac..6375ac035c1 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-611/stubs.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-611/stubs.cs @@ -1,3 +1,9 @@ -namespace System.Web; +namespace System +{ + public class Uri { } -public interface IHtmlString { } + namespace Web + { + public interface IHtmlString { } + } +} diff --git a/csharp/ql/test/resources/stubs/System.Web.cs b/csharp/ql/test/resources/stubs/System.Web.cs index f0572742f88..c15b871095f 100644 --- a/csharp/ql/test/resources/stubs/System.Web.cs +++ b/csharp/ql/test/resources/stubs/System.Web.cs @@ -178,6 +178,13 @@ namespace System.Web public string RawUrl { get; set; } public HttpCookieCollection Cookies => null; public bool IsAuthenticated { get; set; } + public NameValueCollection Form { get; } + public NameValueCollection Headers { get; } + public NameValueCollection Params { get; } + public string UserAgent { get; } + public Uri UrlReferrer { get; } + public NameValueCollection ServerVariables { get; } + public String this[String key] => null; } public class HttpRequestWrapper : System.Web.HttpRequestBase diff --git a/docs/codeql/codeql-language-guides/basic-query-for-rust-code.rst b/docs/codeql/codeql-language-guides/basic-query-for-rust-code.rst new file mode 100644 index 00000000000..75892e41d42 --- /dev/null +++ b/docs/codeql/codeql-language-guides/basic-query-for-rust-code.rst @@ -0,0 +1,131 @@ +.. _basic-query-for-rust-code: + +Basic query for Rust code +========================== + +Learn to write and run a simple CodeQL query using Visual Studio Code with the CodeQL extension. + +.. include:: ../reusables/vs-code-basic-instructions/setup-to-run-queries.rst + +About the query +--------------- + +The query we're going to run performs a basic search of the code for ``if`` expressions that are redundant, in the sense that they have an empty ``then`` branch. For example, code such as: + +.. code-block:: rust + + if error { + // we should handle the error + } + +.. include:: ../reusables/vs-code-basic-instructions/find-database.rst + +Running a quick query +--------------------- + +.. include:: ../reusables/vs-code-basic-instructions/run-quick-query-1.rst + +#. In the quick query tab, delete the content and paste in the following query. + + .. code-block:: ql + + import rust + + from IfExpr ifExpr + where ifExpr.getThen().(BlockExpr).getStmtList().getNumberOfStmtOrExpr() = 0 + select ifExpr, "This 'if' expression is redundant." + +.. include:: ../reusables/vs-code-basic-instructions/run-quick-query-2.rst + +.. image:: ../images/codeql-for-visual-studio-code/basic-rust-query-results-1.png + :align: center + +If any matching code is found, click a link in the ``ifExpr`` column to open the file and highlight the matching ``if`` expression. + +.. image:: ../images/codeql-for-visual-studio-code/basic-rust-query-results-2.png + :align: center + +.. include:: ../reusables/vs-code-basic-instructions/note-store-quick-query.rst + +About the query structure +~~~~~~~~~~~~~~~~~~~~~~~~~ + +After the initial ``import`` statement, this simple query comprises three parts that serve similar purposes to the FROM, WHERE, and SELECT parts of an SQL query. + ++----------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------+ +| Query part | Purpose | Details | ++==================================================================================+===================================================================================================================+======================================================================================================+ +| ``import rust`` | Imports the standard CodeQL AST libraries for Rust. | Every query begins with one or more ``import`` statements. | ++----------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------+ +| ``from IfExpr ifExpr`` | Defines the variables for the query. | We use: an ``IfExpr`` variable for ``if`` expressions. | +| | Declarations are of the form: | | +| | `` `` | | ++----------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------+ +| ``where ifExpr.getThen().(BlockExpr).getStmtList().getNumberOfStmtOrExpr() = 0`` | Defines a condition on the variables. | ``ifExpr.getThen()``: gets the ``then`` branch of the ``if`` expression. | +| | | ``.(BlockExpr)``: requires that the ``then`` branch is a block expression (``{ }``). | +| | | ``.getStmtList()``: gets the list of things in the block. | +| | | ``.getNumberOfStmtOrExpr() = 0``: requires that there are no statements or expressions in the block. | ++----------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------+ +| ``select ifExpr, "This 'if' expression is redundant."`` | Defines what to report for each match. | Reports the resulting ``if`` expression with a string that explains the problem. | +| | | | +| | ``select`` statements for queries that are used to find instances of poor coding practice are always in the form: | | +| | ``select , ""`` | | ++----------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------+ + +Extend the query +---------------- + +Query writing is an inherently iterative process. You write a simple query and then, when you run it, you discover examples that you had not previously considered, or opportunities for improvement. + +Remove false positive results +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Browsing the results of our basic query shows that it could be improved. Among the results you are likely to find examples of ``if`` expressions with an ``else`` branch, where an empty ``then`` branch does serve a purpose. For example: + +.. code-block:: rust + + if (option == "-verbose") { + // nothing to do - handled earlier + } else { + handleError("unrecognized option") + } + +In this case, identifying the ``if`` expression with the empty ``then`` branch as redundant is a false positive. One solution to this is to modify the query to select ``if`` expressions where both the ``then`` and ``else`` branches are missing. + +To exclude ``if`` expressions that have an ``else`` branch: + +#. Add the following to the where clause: + + .. code-block:: ql + + and not exists(ifExpr.getElse()) + + The ``where`` clause is now: + + .. code-block:: ql + + where + ifExpr.getThen().(BlockExpr).getStmtList().getNumberOfStmtOrExpr() = 0 and + not exists(ifExpr.getElse()) + +#. Re-run the query. + + There are now fewer results because ``if`` expressions with an ``else`` branch are no longer included. + +Further reading +--------------- + +.. include:: ../reusables/rust-further-reading.rst +.. include:: ../reusables/codeql-ref-tools-further-reading.rst + +.. Article-specific substitutions for the reusables used in docs/codeql/reusables/vs-code-basic-instructions + +.. |language-text| replace:: Rust + +.. |language-code| replace:: ``rust`` + +.. |example-url| replace:: https://github.com/rust-lang/rustlings + +.. |image-quick-query| image:: ../images/codeql-for-visual-studio-code/quick-query-tab-rust.png + +.. |result-col-1| replace:: The first column corresponds to the expression ``ifExpr`` and is linked to the location in the source code of the project where ``ifExpr`` occurs. diff --git a/docs/codeql/codeql-language-guides/codeql-for-rust.rst b/docs/codeql/codeql-language-guides/codeql-for-rust.rst index 24292909467..1c08acbf2fb 100644 --- a/docs/codeql/codeql-language-guides/codeql-for-rust.rst +++ b/docs/codeql/codeql-language-guides/codeql-for-rust.rst @@ -9,8 +9,12 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat .. toctree:: :hidden: + basic-query-for-rust-code codeql-library-for-rust analyzing-data-flow-in-rust +- :doc:`Basic query for Rust code `: Learn to write and run a simple CodeQL query. + - :doc:`CodeQL library for Rust `: When analyzing Rust code, you can make use of the large collection of classes in the CodeQL library for Rust. + - :doc:`Analyzing data flow in Rust `: You can use CodeQL to track the flow of data through a Rust program to places where the data is used. diff --git a/docs/codeql/codeql-overview/system-requirements.rst b/docs/codeql/codeql-overview/system-requirements.rst index cc46db60c35..100b75445b2 100644 --- a/docs/codeql/codeql-overview/system-requirements.rst +++ b/docs/codeql/codeql-overview/system-requirements.rst @@ -42,6 +42,10 @@ For Ruby extraction: - On Windows, the ``msvcp140.dll`` must be installed and available on the system. This can be installed by downloading the appropriate Microsoft Visual C++ Redistributable for Visual Studio. +For Rust extraction: + +- ``rustup`` and ``cargo`` must be installed. + For Java extraction: - There must be a ``java`` or ``java.exe`` executable available on the ``PATH``, and the ``JAVA_HOME`` environment variable must point to the corresponding JDK's home directory. diff --git a/docs/codeql/images/codeql-for-visual-studio-code/basic-rust-query-results-1.png b/docs/codeql/images/codeql-for-visual-studio-code/basic-rust-query-results-1.png new file mode 100644 index 00000000000..8bbd3f6fa99 Binary files /dev/null and b/docs/codeql/images/codeql-for-visual-studio-code/basic-rust-query-results-1.png differ diff --git a/docs/codeql/images/codeql-for-visual-studio-code/basic-rust-query-results-2.png b/docs/codeql/images/codeql-for-visual-studio-code/basic-rust-query-results-2.png new file mode 100644 index 00000000000..6b67bf7a87f Binary files /dev/null and b/docs/codeql/images/codeql-for-visual-studio-code/basic-rust-query-results-2.png differ diff --git a/docs/codeql/images/codeql-for-visual-studio-code/quick-query-tab-rust.png b/docs/codeql/images/codeql-for-visual-studio-code/quick-query-tab-rust.png new file mode 100644 index 00000000000..467785fb3b4 Binary files /dev/null and b/docs/codeql/images/codeql-for-visual-studio-code/quick-query-tab-rust.png differ diff --git a/docs/codeql/ql-language-reference/annotations.rst b/docs/codeql/ql-language-reference/annotations.rst index cffbbf73c71..b792e807c93 100644 --- a/docs/codeql/ql-language-reference/annotations.rst +++ b/docs/codeql/ql-language-reference/annotations.rst @@ -97,13 +97,27 @@ own body, or they must inherit from another class that overrides ``isSource``: // doesn't need to override `isSource`, because it inherits it from ConfigA } +.. index:: additional +.. _additional: + +``additional`` +============== + +**Available for**: |classes|, |algebraic datatypes|, |type unions|, |non-member predicates|, |modules|, |aliases|, |signatures| + +The ``additional`` annotation can be used on declarations in explicit modules. +All declarations that are not required by a module signature in modules that implement |module signatures| must be annotated with ``additional``. + +Omitting ``additional`` on such declarations, or using the annotation in any other context, will result in a compiler error. +Other than that, the annotation has no effect. + .. index:: cached .. _cached: ``cached`` ========== -**Available for**: |classes|, |algebraic datatypes|, |characteristic predicates|, |member predicates|, |non-member predicates|, |modules| +**Available for**: |classes|, |algebraic datatypes|, |type unions|, |characteristic predicates|, |member predicates|, |non-member predicates|, |modules| The ``cached`` annotation indicates that an entity should be evaluated in its entirety and stored in the evaluation cache. All later references to this entity will use the @@ -126,7 +140,7 @@ body must also be annotated with ``cached``, otherwise a compiler error is repor ``deprecated`` ============== -**Available for**: |classes|, |algebraic datatypes|, |member predicates|, |non-member predicates|, |imports|, |fields|, |modules|, |aliases| +**Available for**: |classes|, |algebraic datatypes|, |type unions|, |member predicates|, |non-member predicates|, |imports|, |fields|, |modules|, |aliases|, |signatures| The ``deprecated`` annotation is applied to names that are outdated and scheduled for removal in a future release of QL. @@ -151,6 +165,16 @@ For example, the name ``DataFlowNode`` is deprecated and has the following QLDoc This QLDoc comment appears when you use the name ``DataFlowNode`` in a QL editor. +.. index:: extensible +.. _extensible: + +``extensible`` +============== + +**Available for**: |non-member predicates| + +The ``extensible`` annotation is used to mark predicates that are populated at evaluation time through data extensions. + .. index:: external .. _external: @@ -235,7 +259,7 @@ warning. ``private`` =========== -**Available for**: |classes|, |algebraic datatypes|, |member predicates|, |non-member predicates|, |imports|, |fields|, |modules|, |aliases| +**Available for**: |classes|, |algebraic datatypes|, |type unions|, |member predicates|, |non-member predicates|, |imports|, |fields|, |modules|, |aliases|, |signatures| The ``private`` annotation is used to prevent names from being exported. @@ -461,7 +485,7 @@ For more information, see ":ref:`monotonic-aggregates`." Binding sets ============ -**Available for**: |classes|, |characteristic predicates|, |member predicates|, |non-member predicates| +**Available for**: |classes|, |characteristic predicates|, |member predicates|, |non-member predicates|, |predicate signatures|, |type signatures| ``bindingset[...]`` ------------------- @@ -490,4 +514,9 @@ The ``bindingset`` annotation takes a comma-separated list of variables. .. |aliases| replace:: :ref:`aliases ` .. |type-aliases| replace:: :ref:`type aliases ` .. |algebraic datatypes| replace:: :ref:`algebraic datatypes ` +.. |type unions| replace:: :ref:`type unions ` .. |expressions| replace:: :ref:`expressions ` +.. |signatures| replace:: :ref:`signatures ` +.. |predicate signatures| replace:: :ref:`predicate signatures ` +.. |type signatures| replace:: :ref:`type signatures ` +.. |module signatures| replace:: :ref:`module signatures ` diff --git a/docs/codeql/ql-language-reference/formulas.rst b/docs/codeql/ql-language-reference/formulas.rst index 8745217decc..c17ba858ed7 100644 --- a/docs/codeql/ql-language-reference/formulas.rst +++ b/docs/codeql/ql-language-reference/formulas.rst @@ -193,7 +193,7 @@ information on cartesian products, see ":ref:`Troubleshooting query performance `". It is possible to enable warnings about implicit this receivers for `CodeQL packs -`__ +`__ through the ``warnOnImplicitThis`` property. .. _parenthesized-formulas: diff --git a/docs/codeql/ql-language-reference/ql-language-specification.rst b/docs/codeql/ql-language-reference/ql-language-specification.rst index f834949c3cd..1d84cc31c73 100644 --- a/docs/codeql/ql-language-reference/ql-language-specification.rst +++ b/docs/codeql/ql-language-reference/ql-language-specification.rst @@ -36,7 +36,7 @@ Architecture A *QL program* consists of a query module defined in a QL file and a number of library modules defined in QLL files that it imports (see "`Import directives <#import-directives>`__"). The module in the QL file includes one or more queries (see "`Queries <#queries>`__"). A module may also include *import directives* (see "`Import directives <#import-directives>`__"), non-member predicates (see "`Non-member predicates <#non-member-predicates>`__"), class definitions (see "`Classes <#classes>`__"), and module definitions (see "`Modules <#modules>`__"). -QL programs are interpreted in the context of a *database* and a *library path* . The database provides a number of definitions: database types (see "`Types <#types>`__"), entities (see "`Values <#values>`__"), built-in predicates (see "`Built-ins <#built-ins>`__"), and the *database content* of built-in predicates and external predicates (see "`Evaluation <#evaluation>`__"). The library path is a sequence of file-system directories that hold QLL files. +QL programs are interpreted in the context of a *database* and a *library path* . The database provides a number of definitions: database types (see "`Types <#types>`__"), entities (see "`Values <#values>`__"), built-in predicates (see "`Built-ins <#built-ins>`__"), and the *database content* of built-in predicates, external predicates, and extensible predicates (see "`Evaluation <#evaluation>`__"). The library path is a sequence of file-system directories that hold QLL files. A QL program can be *evaluated* (see "`Evaluation <#evaluation>`__") to produce a set of tuples of values (see "`Values <#values>`__"). @@ -935,6 +935,7 @@ When a predicate is a top-level clause in a module, it is called a non-member pr A valid non-member predicate can be annotated with ``additional``, ``cached``, ``deprecated``, ``extensible``, ``external``, ``transient``, ``private``, and ``query``. Note, the ``transient`` annotation can only be applied if the non-member predicate is also annotated with ``external``. +Note, the annotations ``extensible`` and ``external`` cannot both be used on the same non-member predicate. The head of the predicate gives a name, an optional *result type*, and a sequence of variables declarations that are *arguments*: @@ -952,7 +953,7 @@ The body of a predicate is of one of three forms: In the first form, with just a semicolon, the predicate is said to not have a body. In the second form, the body of the predicate is the given formula (see "`Formulas <#formulas>`__"). In the third form, the body is a higher-order relation. -A valid non-member predicate must have a body, either a formula or a higher-order relation, unless it is external, in which case it must not have a body. +A valid non-member predicate must have a body, either a formula or a higher-order relation, unless it is external or extensible, in which case it must not have a body. The typing environment for the body of the formula, if present, maps the variables in the head of the predicate to their associated types. If the predicate has a result type, then the typing environment also maps ``result`` to the result type. @@ -1053,7 +1054,7 @@ A member predicate ``p`` with enclosing class ``C`` *shadows* a member predicate Member predicates have one or more *root definitions*. If a member predicate overrides no other member predicate, then it is its own root definition. Otherwise, its root definitions are those of any member predicate that it overrides. -A valid member predicate must have a body unless it is abstract or external, in which case it must not have a body. +A valid member predicate must have a body unless it is abstract, in which case it must not have a body. A valid member predicate must override another member predicate if it is annotated override. @@ -2180,7 +2181,7 @@ If a QL program has no valid stratification, then the program itself is not vali Layer evaluation ~~~~~~~~~~~~~~~~ -The store is first initialized with the *database content* of all built-in predicates and external predicates. The database content of a predicate is a set of ordered tuples that are included in the database. +The store is first initialized with the *database content* of all built-in predicates, external predicates, and extensible predicates. The database content of a predicate is a set of ordered tuples that are included in the database. Each layer of the stratification is *populated* in order. To populate a layer, each predicate in the layer is repeatedly populated until the store stops changing. The way that a predicate is populated is as follows: diff --git a/docs/codeql/ql-language-reference/signatures.rst b/docs/codeql/ql-language-reference/signatures.rst index e80c54c47e4..f0fb8c03d7f 100644 --- a/docs/codeql/ql-language-reference/signatures.rst +++ b/docs/codeql/ql-language-reference/signatures.rst @@ -10,6 +10,10 @@ Signatures Parameterized modules use signatures as a type system for their parameters. There are three categories of signatures: **predicate signatures**, **type signatures**, and **module signatures**. +.. index:: predicate signature + +.. _predicate-signatures: + Predicate signatures ==================== @@ -36,6 +40,10 @@ For example: signature int operator(int lhs, int rhs); +.. index:: type signature + +.. _type-signatures: + Type signatures =============== @@ -66,6 +74,10 @@ For example: string toString(); } +.. index:: module signature + +.. _module-signatures: + Module signatures ================= diff --git a/docs/codeql/reusables/extractors.rst b/docs/codeql/reusables/extractors.rst index c09926666b0..4365d106258 100644 --- a/docs/codeql/reusables/extractors.rst +++ b/docs/codeql/reusables/extractors.rst @@ -20,7 +20,7 @@ - ``python`` * - Ruby - ``ruby`` - - Rust + * - Rust - ``rust`` * - Swift - ``swift`` diff --git a/docs/codeql/reusables/supported-frameworks.rst b/docs/codeql/reusables/supported-frameworks.rst index 3d89a663004..e9981014ef5 100644 --- a/docs/codeql/reusables/supported-frameworks.rst +++ b/docs/codeql/reusables/supported-frameworks.rst @@ -313,7 +313,6 @@ Rust built-in support Provided by the current versions of the CodeQL query pack ``codeql/rust-queries`` (`changelog `__, `source `__) and the CodeQL library pack ``codeql/rust-all`` (`changelog `__, `source `__). -All support is experimental. .. csv-table:: :header-rows: 1 @@ -324,12 +323,15 @@ All support is experimental. Name, Category `actix-web `__, Web framework alloc, Standard library + `async-std `__, Asynchronous programming library + `biscotti `__, Cookie management `clap `__, Utility library + `cookie `__, Cookie management core, Standard library `digest `__, Cryptography library - `futures-executor `__, Utility library + `futures `__, Asynchronous programming library + `futures-rustls `__, Network communicator `hyper `__, HTTP library - `hyper-util `__, HTTP library `libc `__, Utility library `log `__, Logging library `md5 `__, Utility library @@ -345,12 +347,14 @@ All support is experimental. `rusqlite `__, Database std, Standard library `rust-crypto `__, Cryptography library + `rustls `__, Network communicator `serde `__, Serialization `smallvec `__, Utility library `sqlx `__, Database `tokio `__, Asynchronous IO `tokio-postgres `__, Database `url `__, Utility library + `warp `__, Web framework Swift built-in support ================================ diff --git a/docs/codeql/writing-codeql-queries/creating-path-queries.rst b/docs/codeql/writing-codeql-queries/creating-path-queries.rst index 7e178f94b44..2e439baa7f4 100644 --- a/docs/codeql/writing-codeql-queries/creating-path-queries.rst +++ b/docs/codeql/writing-codeql-queries/creating-path-queries.rst @@ -33,6 +33,7 @@ For more language-specific information on analyzing data flow, see: - ":ref:`Analyzing data flow in JavaScript/TypeScript `" - ":ref:`Analyzing data flow in Python `" - ":ref:`Analyzing data flow in Ruby `" +- ":ref:`Analyzing data flow in Rust `" - ":ref:`Analyzing data flow in Swift `" Path query examples @@ -59,7 +60,7 @@ You should use the following template: */ import - // For some languages (Java/C++/Python/Swift) you need to explicitly import the data flow library, such as + // For some languages (Java/C++/Python/Rust/Swift) you need to explicitly import the data flow library, such as // import semmle.code.java.dataflow.DataFlow or import codeql.swift.dataflow.DataFlow ... @@ -124,7 +125,7 @@ Declaring sources and sinks You must provide information about the ``source`` and ``sink`` in your path query. These are objects that correspond to the nodes of the paths that you are exploring. The name and the type of the ``source`` and the ``sink`` must be declared in the ``from`` statement of the query, and the types must be compatible with the nodes of the graph computed by the ``edges`` predicate. -If you are querying C/C++, C#, Go, Java/Kotlin, JavaScript/TypeScript, Python, or Ruby code (and you have used ``import MyFlow::PathGraph`` in your query), the definitions of the ``source`` and ``sink`` are accessed via the module resulting from the application of the ``Global<..>`` module in the data flow library. You should declare both of these objects in the ``from`` statement. +If you are querying C/C++, C#, Go, Java/Kotlin, JavaScript/TypeScript, Python, Ruby, or Rust code (and you have used ``import MyFlow::PathGraph`` in your query), the definitions of the ``source`` and ``sink`` are accessed via the module resulting from the application of the ``Global<..>`` module in the data flow library. You should declare both of these objects in the ``from`` statement. For example: .. code-block:: ql @@ -145,7 +146,7 @@ The configuration module must be defined to include definitions of sources and s - ``isSource()`` defines where data may flow from. - ``isSink()`` defines where data may flow to. -For more information on using the configuration class in your analysis see the sections on global data flow in ":ref:`Analyzing data flow in C/C++ `," ":ref:`Analyzing data flow in C# `," and ":ref:`Analyzing data flow in Python `." +For more information on using the configuration class in your analysis see the sections on global data flow in ":ref:`Analyzing data flow in C/C++ `," ":ref:`Analyzing data flow in C# `," ":ref:`Analyzing data flow in Python `," and ":ref:`Analyzing data flow in Rust `." You can also create a configuration for different frameworks and environments by extending the ``Configuration`` class. For more information, see ":ref:`Types `" in the QL language reference. diff --git a/go/ql/consistency-queries/qlpack.yml b/go/ql/consistency-queries/qlpack.yml index 3b1e2d9586b..70529ff4f90 100644 --- a/go/ql/consistency-queries/qlpack.yml +++ b/go/ql/consistency-queries/qlpack.yml @@ -1,5 +1,5 @@ name: codeql-go-consistency-queries -version: 1.0.32 +version: 1.0.33-dev groups: - go - queries diff --git a/go/ql/lib/change-notes/2025-09-19-api-changes.md b/go/ql/lib/change-notes/2025-09-19-api-changes.md new file mode 100644 index 00000000000..071ec2719b3 --- /dev/null +++ b/go/ql/lib/change-notes/2025-09-19-api-changes.md @@ -0,0 +1,5 @@ +--- +category: breaking +--- +* The member predicate `writesField` on `DataFlow::Write` now uses the post-update node for `base` when that is the node being updated, which is in all cases except initializing a struct literal. A new member predicate `writesFieldPreUpdate` has been added for cases where this behaviour is not desired. +* The member predicate `writesElement` on `DataFlow::Write` now uses the post-update node for `base` when that is the node being updated, which is in all cases except initializing an array/slice/map literal. A new member predicate `writesElementPreUpdate` has been added for cases where this behaviour is not desired. diff --git a/go/ql/lib/change-notes/2025-09-19-use-use-flow-proper-post-update-nodes.md b/go/ql/lib/change-notes/2025-09-19-use-use-flow-proper-post-update-nodes.md new file mode 100644 index 00000000000..607f23dfb03 --- /dev/null +++ b/go/ql/lib/change-notes/2025-09-19-use-use-flow-proper-post-update-nodes.md @@ -0,0 +1,4 @@ +--- +category: majorAnalysis +--- +* The shape of the Go data-flow graph has changed. Previously for code like `x := def(); use1(x); use2(x)`, there would be edges from the definition of `x` to each use. Now there is an edge from the definition to the first use, then another from the first use to the second, and so on. This means that data-flow barriers work differently - flow will not reach any uses after the barrier node. Where this is not desired it may be be necessary to add an additional flow step to propagate the flow forward. Additionally, when a variable may be subject to a side-effect, such as updating an array, passing a pointer to a function that might write through it or writing to a field of a struct, there is now a dedicated post-update node representing the variable after this side-effect has taken place. Previously post-update nodes were aliases for either a variable's definition, or were equal to the pre-update node. This led to backwards steps in the data-flow graph, which could cause false positives. For example, in the previous code there would be an edge from `x` in `use2(x)` back to the definition of `x`. If we define our sources as any argument of `use2` and our sinks as any argument of `use1` then this would lead to a false positive path. Now there are distinct post-update nodes and no backwards edge to the definition, so we will not find this false positive path. diff --git a/go/ql/lib/change-notes/2025-09-30-fewer-safe-urls.md b/go/ql/lib/change-notes/2025-09-30-fewer-safe-urls.md new file mode 100644 index 00000000000..5eeee51c4a3 --- /dev/null +++ b/go/ql/lib/change-notes/2025-09-30-fewer-safe-urls.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* `go/unvalidated-url-redirection` and `go/request-forgery` have a shared notion of a safe URL, which is known to not be malicious. Some URLs which were incorrectly considered safe are now correctly considered unsafe. This may lead to more alerts for those two queries. diff --git a/go/ql/lib/change-notes/2025-10-02-unvalidated-url-redirection-struct-init-fix.md b/go/ql/lib/change-notes/2025-10-02-unvalidated-url-redirection-struct-init-fix.md new file mode 100644 index 00000000000..9e5d5aa14a2 --- /dev/null +++ b/go/ql/lib/change-notes/2025-10-02-unvalidated-url-redirection-struct-init-fix.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* For the query `go/unvalidated-url-redirection`, when untrusted data is assigned to the `Host` field of a `url.URL` struct, we consider the whole struct untrusted. We now also include the case when this happens during struct initialization, for example `&url.URL{Host: untrustedData}`. diff --git a/go/ql/lib/change-notes/2025-10-02-writenode-writescomponent-deprecated.md b/go/ql/lib/change-notes/2025-10-02-writenode-writescomponent-deprecated.md new file mode 100644 index 00000000000..834266e36b9 --- /dev/null +++ b/go/ql/lib/change-notes/2025-10-02-writenode-writescomponent-deprecated.md @@ -0,0 +1,4 @@ +--- +category: deprecated +--- +* The member predicate `writesComponent` on `DataFlow::Write` has been deprecated. Instead, use `writesFieldPreUpdate` and `writesElementPreUpdate`, or their new versions `writesField` and `writesElement`. diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml index bc9bf12c80c..20ace6482e4 100644 --- a/go/ql/lib/qlpack.yml +++ b/go/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-all -version: 4.3.5 +version: 4.3.6-dev groups: go dbscheme: go.dbscheme extractor: go diff --git a/go/ql/lib/semmle/go/controlflow/ControlFlowGraph.qll b/go/ql/lib/semmle/go/controlflow/ControlFlowGraph.qll index f5905b89bea..1e66bc61dc4 100644 --- a/go/ql/lib/semmle/go/controlflow/ControlFlowGraph.qll +++ b/go/ql/lib/semmle/go/controlflow/ControlFlowGraph.qll @@ -118,6 +118,8 @@ module ControlFlow { /** Gets the left-hand side of this write. */ IR::WriteTarget getLhs() { result = super.getLhs() } + private predicate isInitialization() { super.isInitialization() } + /** Gets the right-hand side of this write. */ DataFlow::Node getRhs() { super.getRhs() = result.asInstruction() } @@ -132,21 +134,45 @@ module ControlFlow { /** * Holds if this node sets the value of field `f` on `base` (or its implicit dereference) to - * `rhs`. + * `rhs`, where `base` represents the post-update value. + * + * For example, for the assignment `x.width = newWidth`, `base` is the post-update node of + * either the data-flow node corresponding to `x` or (if `x` is a pointer) the data-flow node + * corresponding to the implicit dereference `*x`, `f` is the field referenced by `width`, and + * `rhs` is the data-flow node corresponding to `newWidth`. If this `WriteNode` is a struct + * initialization then there is no post-update node and `base` is the struct literal being + * initialized. + */ + predicate writesField(DataFlow::Node base, Field f, DataFlow::Node rhs) { + exists(DataFlow::Node b | this.writesFieldPreUpdate(b, f, rhs) | + this.isInitialization() and base = b + or + not this.isInitialization() and + b = base.(DataFlow::PostUpdateNode).getPreUpdateNode() + ) + } + + /** + * Holds if this node sets the value of field `f` on `base` (or its implicit dereference) to + * `rhs`, where `base` represents the pre-update value. * * For example, for the assignment `x.width = newWidth`, `base` is either the data-flow node * corresponding to `x` or (if `x` is a pointer) the data-flow node corresponding to the - * implicit dereference `*x`, `f` is the field referenced by `width`, and `rhs` is the data-flow - * node corresponding to `newWidth`. + * implicit dereference `*x`, `f` is the field referenced by `width`, and `rhs` is the + * data-flow node corresponding to `newWidth`. */ - predicate writesField(DataFlow::Node base, Field f, DataFlow::Node rhs) { + predicate writesFieldPreUpdate(DataFlow::Node base, Field f, DataFlow::Node rhs) { + this.writesFieldInsn(base.asInstruction(), f, rhs.asInstruction()) + } + + private predicate writesFieldInsn(IR::Instruction base, Field f, IR::Instruction rhs) { exists(IR::FieldTarget trg | trg = super.getLhs() | ( - trg.getBase() = base.asInstruction() or - trg.getBase() = MkImplicitDeref(base.asExpr()) + trg.getBase() = base or + trg.getBase() = MkImplicitDeref(base.(IR::EvalInstruction).getExpr()) ) and trg.getField() = f and - super.getRhs() = rhs.asInstruction() + super.getRhs() = rhs ) } @@ -154,27 +180,66 @@ module ControlFlow { * Holds if this node sets the value of element `index` on `base` (or its implicit dereference) * to `rhs`. * - * For example, for the assignment `xs[i] = v`, `base` is either the data-flow node - * corresponding to `xs` or (if `xs` is a pointer) the data-flow node corresponding to the - * implicit dereference `*xs`, `index` is the data-flow node corresponding to `i`, and `rhs` - * is the data-flow node corresponding to `base`. + * For example, for the assignment `xs[i] = v`, `base` is the post-update node of the data-flow + * node corresponding to `xs` or (if `xs` is a pointer) the implicit dereference `*xs`, `index` + * is the data-flow node corresponding to `i`, and `rhs` is the data-flow node corresponding to + * `base`. If this `WriteNode` corresponds to the initialization of an array/slice/map then + * there is no need for a post-update node and `base` is the array/slice/map literal being + * initialized. */ predicate writesElement(DataFlow::Node base, DataFlow::Node index, DataFlow::Node rhs) { + exists(DataFlow::Node b | this.writesElementPreUpdate(b, index, rhs) | + this.isInitialization() and base = b + or + not this.isInitialization() and + b = base.(DataFlow::PostUpdateNode).getPreUpdateNode() + ) + } + + /** + * Holds if this node sets the value of element `index` on `base` (or its implicit dereference) + * to `rhs`. + * + * For example, for the assignment `xs[i] = v`, `base` is the post-update node of the data-flow + * node corresponding to `xs` or (if `xs` is a pointer) the implicit dereference `*xs`, `index` + * is the data-flow node corresponding to `i`, and `rhs` is the data-flow node corresponding to + * `base`. If this `WriteNode` corresponds to the initialization of an array/slice/map then + * there is no need for a post-update node and `base` is the array/slice/map literal being + * initialized. + */ + predicate writesElementPreUpdate(DataFlow::Node base, DataFlow::Node index, DataFlow::Node rhs) { + this.writesElementInsn(base.asInstruction(), index.asInstruction(), rhs.asInstruction()) + } + + private predicate writesElementInsn( + IR::Instruction base, IR::Instruction index, IR::Instruction rhs + ) { exists(IR::ElementTarget trg | trg = super.getLhs() | ( - trg.getBase() = base.asInstruction() or - trg.getBase() = MkImplicitDeref(base.asExpr()) + trg.getBase() = base or + trg.getBase() = MkImplicitDeref(base.(IR::EvalInstruction).getExpr()) ) and - trg.getIndex() = index.asInstruction() and - super.getRhs() = rhs.asInstruction() + trg.getIndex() = index and + super.getRhs() = rhs ) } + /** + * DEPRECATED: Use the disjunct of `writesElement` and `writesField`, or `writesFieldPreUpdate` + * and `writesElementPreUpdate`, instead. + * + * Holds if this node sets any field or element of `base` (or its implicit dereference) to + * `rhs`, where `base` represents the pre-update value. + */ + deprecated predicate writesComponent(DataFlow::Node base, DataFlow::Node rhs) { + this.writesElementPreUpdate(base, _, rhs) or this.writesFieldPreUpdate(base, _, rhs) + } + /** * Holds if this node sets any field or element of `base` to `rhs`. */ - predicate writesComponent(DataFlow::Node base, DataFlow::Node rhs) { - this.writesElement(base, _, rhs) or this.writesField(base, _, rhs) + predicate writesComponentInstruction(IR::Instruction base, IR::Instruction rhs) { + this.writesElementInsn(base, _, rhs) or this.writesFieldInsn(base, _, rhs) } } diff --git a/go/ql/lib/semmle/go/controlflow/IR.qll b/go/ql/lib/semmle/go/controlflow/IR.qll index 1a56dfcf2dc..2c8b673184e 100644 --- a/go/ql/lib/semmle/go/controlflow/IR.qll +++ b/go/ql/lib/semmle/go/controlflow/IR.qll @@ -430,18 +430,25 @@ module IR { */ class WriteInstruction extends Instruction { WriteTarget lhs; + Boolean initialization; WriteInstruction() { - lhs = MkLhs(this, _) + ( + lhs = MkLhs(this, _) + or + lhs = MkResultWriteTarget(this) + ) and + initialization = false or - lhs = MkLiteralElementTarget(this) - or - lhs = MkResultWriteTarget(this) + lhs = MkLiteralElementTarget(this) and initialization = true } /** Gets the target to which this instruction writes. */ WriteTarget getLhs() { result = lhs } + /** Holds if this instruction initializes a literal. */ + predicate isInitialization() { initialization = true } + /** Gets the instruction computing the value this instruction writes. */ Instruction getRhs() { none() } diff --git a/go/ql/lib/semmle/go/dataflow/SSA.qll b/go/ql/lib/semmle/go/dataflow/SSA.qll index d13bbe2de63..98dae5f3d01 100644 --- a/go/ql/lib/semmle/go/dataflow/SSA.qll +++ b/go/ql/lib/semmle/go/dataflow/SSA.qll @@ -166,6 +166,13 @@ class SsaDefinition extends TSsaDefinition { ) { this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) } + + /** + * Gets the first instruction that the value of this `SsaDefinition` can + * reach without passing through any other instructions, but possibly through + * phi nodes. + */ + IR::Instruction getAFirstUse() { firstUse(this, result) } } /** @@ -410,3 +417,12 @@ DataFlow::Node getASimilarReadNode(DataFlow::Node node) { result = readFields.similar().getAUse() ) } + +/** + * Gets an instruction such that `pred` and `result` form an adjacent + * use-use-pair of the same`SsaSourceVariable`, that is, the value read in + * `pred` can reach `result` without passing through any other use or any SSA + * definition of the variable except for phi nodes and uncertain implicit + * updates. + */ +IR::Instruction getAnAdjacentUse(IR::Instruction pred) { adjacentUseUse(pred, result) } diff --git a/go/ql/lib/semmle/go/dataflow/SsaImpl.qll b/go/ql/lib/semmle/go/dataflow/SsaImpl.qll index 0db37ac03ce..8549d9b497a 100644 --- a/go/ql/lib/semmle/go/dataflow/SsaImpl.qll +++ b/go/ql/lib/semmle/go/dataflow/SsaImpl.qll @@ -199,6 +199,8 @@ private module Internal { /** * Holds if the `i`th node of `bb` is a use or an SSA definition of variable `v`, with * `k` indicating whether it is the former or the latter. + * + * Note this includes phi nodes, whereas `ref` above only includes explicit writes and captures. */ private predicate ssaRef(ReachableBasicBlock bb, int i, SsaSourceVariable v, RefKind k) { useAt(bb, i, v) and k = ReadRef() @@ -290,6 +292,172 @@ private module Internal { or rewindReads(bb, i, v) = 1 and result = getDefReachingEndOf(bb.getImmediateDominator(), v) } + + private module AdjacentUsesImpl { + /** Holds if `v` is defined or used in `b`. */ + private predicate varOccursInBlock(SsaSourceVariable v, ReachableBasicBlock b) { + ssaRef(b, _, v, _) + } + + /** Holds if `v` occurs in `b` or one of `b`'s transitive successors. */ + private predicate blockPrecedesVar(SsaSourceVariable v, ReachableBasicBlock b) { + varOccursInBlock(v, b) + or + exists(getDefReachingEndOf(b, v)) + } + + /** + * Holds if `v` occurs in `b1` and `b2` is one of `b1`'s successors. + * + * Factored out of `varBlockReaches` to force join order compared to the larger + * set `blockPrecedesVar(v, b2)`. + */ + pragma[noinline] + private predicate varBlockReachesBaseCand( + SsaSourceVariable v, ReachableBasicBlock b1, ReachableBasicBlock b2 + ) { + varOccursInBlock(v, b1) and + b2 = b1.getASuccessor() + } + + /** + * Holds if `b2` is a transitive successor of `b1` and `v` occurs in `b1` and + * in `b2` or one of its transitive successors but not in any block on the path + * between `b1` and `b2`. Unlike `varBlockReaches` this may include blocks `b2` + * where `v` is dead. + * + * Factored out of `varBlockReaches` to force join order compared to the larger + * set `blockPrecedesVar(v, b2)`. + */ + pragma[noinline] + private predicate varBlockReachesRecCand( + SsaSourceVariable v, ReachableBasicBlock b1, ReachableBasicBlock mid, ReachableBasicBlock b2 + ) { + varBlockReaches(v, b1, mid) and + not varOccursInBlock(v, mid) and + b2 = mid.getASuccessor() + } + + /** + * Holds if `b2` is a transitive successor of `b1` and `v` occurs in `b1` and + * in `b2` or one of its transitive successors but not in any block on the path + * between `b1` and `b2`. + */ + private predicate varBlockReaches( + SsaSourceVariable v, ReachableBasicBlock b1, ReachableBasicBlock b2 + ) { + varBlockReachesBaseCand(v, b1, b2) and + blockPrecedesVar(v, b2) + or + varBlockReachesRecCand(v, b1, _, b2) and + blockPrecedesVar(v, b2) + } + + /** + * Holds if `b2` is a transitive successor of `b1` and `v` occurs in `b1` and + * `b2` but not in any block on the path between `b1` and `b2`. + */ + private predicate varBlockStep( + SsaSourceVariable v, ReachableBasicBlock b1, ReachableBasicBlock b2 + ) { + varBlockReaches(v, b1, b2) and + varOccursInBlock(v, b2) + } + + /** + * Gets the maximum rank among all SSA references to `v` in basic block `bb`. + */ + private int maxSsaRefRank(ReachableBasicBlock bb, SsaSourceVariable v) { + result = max(ssaRefRank(bb, _, v, _)) + } + + /** + * Holds if `v` occurs at index `i1` in `b1` and at index `i2` in `b2` and + * there is a path between them without any occurrence of `v`. + */ + pragma[nomagic] + predicate adjacentVarRefs( + SsaSourceVariable v, ReachableBasicBlock b1, int i1, ReachableBasicBlock b2, int i2 + ) { + exists(int rankix | + b1 = b2 and + ssaRefRank(b1, i1, v, _) = rankix and + ssaRefRank(b2, i2, v, _) = rankix + 1 + ) + or + maxSsaRefRank(b1, v) = ssaRefRank(b1, i1, v, _) and + varBlockStep(v, b1, b2) and + ssaRefRank(b2, i2, v, _) = 1 + } + + predicate variableUse(SsaSourceVariable v, IR::Instruction use, ReachableBasicBlock bb, int i) { + bb.getNode(i) = use and + exists(SsaVariable sv | + sv.getSourceVariable() = v and + use = sv.getAUse() + ) + } + } + + private import AdjacentUsesImpl + + /** + * Holds if the value defined at `def` can reach `use` without passing through + * any other uses, but possibly through phi nodes. + */ + cached + predicate firstUse(SsaDefinition def, IR::Instruction use) { + exists(SsaSourceVariable v, ReachableBasicBlock b1, int i1, ReachableBasicBlock b2, int i2 | + adjacentVarRefs(v, b1, i1, b2, i2) and + def.definesAt(b1, i1, v) and + variableUse(v, use, b2, i2) + ) + or + exists( + SsaSourceVariable v, SsaPhiNode redef, ReachableBasicBlock b1, int i1, ReachableBasicBlock b2, + int i2 + | + adjacentVarRefs(v, b1, i1, b2, i2) and + def.definesAt(b1, i1, v) and + redef.definesAt(b2, i2, v) and + firstUse(redef, use) + ) + } + + /** + * Holds if `use1` and `use2` form an adjacent use-use-pair of the same SSA + * variable, that is, the value read in `use1` can reach `use2` without passing + * through any other use or any SSA definition of the variable. + */ + cached + predicate adjacentUseUseSameVar(IR::Instruction use1, IR::Instruction use2) { + exists(SsaSourceVariable v, ReachableBasicBlock b1, int i1, ReachableBasicBlock b2, int i2 | + adjacentVarRefs(v, b1, i1, b2, i2) and + variableUse(v, use1, b1, i1) and + variableUse(v, use2, b2, i2) + ) + } + + /** + * Holds if `use1` and `use2` form an adjacent use-use-pair of the same + * `SsaSourceVariable`, that is, the value read in `use1` can reach `use2` + * without passing through any other use or any SSA definition of the variable + * except for phi nodes and uncertain implicit updates. + */ + cached + predicate adjacentUseUse(IR::Instruction use1, IR::Instruction use2) { + adjacentUseUseSameVar(use1, use2) + or + exists( + SsaSourceVariable v, SsaPhiNode def, ReachableBasicBlock b1, int i1, ReachableBasicBlock b2, + int i2 + | + adjacentVarRefs(v, b1, i1, b2, i2) and + variableUse(v, use1, b1, i1) and + def.definesAt(b2, i2, v) and + firstUse(def, use2) + ) + } } import Internal diff --git a/go/ql/lib/semmle/go/dataflow/internal/ContainerFlow.qll b/go/ql/lib/semmle/go/dataflow/internal/ContainerFlow.qll index 9f07693b7ea..e978cb3e587 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/ContainerFlow.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/ContainerFlow.qll @@ -22,7 +22,7 @@ predicate containerStoreStep(Node node1, Node node2, Content c) { t instanceof SliceType ) and ( - exists(Write w | w.writesElement(node2.(PostUpdateNode).getPreUpdateNode(), _, node1)) + exists(Write w | w.writesElement(node2, _, node1)) or node1 = node2.(ImplicitVarargsSlice).getCallNode().getAnImplicitVarargsArgument() or @@ -36,17 +36,19 @@ predicate containerStoreStep(Node node1, Node node2, Content c) { ) or c instanceof CollectionContent and - exists(SendStmt send | - send.getChannel() = node2.(ExprNode).asExpr() and send.getValue() = node1.(ExprNode).asExpr() + exists(SendStmt send, Node channelExprNode | + send.getChannel() = channelExprNode.(ExprNode).asExpr() and + node2.(PostUpdateNode).getPreUpdateNode() = channelExprNode and + send.getValue() = node1.(ExprNode).asExpr() ) or c instanceof MapKeyContent and t instanceof MapType and - exists(Write w | w.writesElement(node2.(PostUpdateNode).getPreUpdateNode(), node1, _)) + exists(Write w | w.writesElement(node2, node1, _)) or c instanceof MapValueContent and t instanceof MapType and - exists(Write w | w.writesElement(node2.(PostUpdateNode).getPreUpdateNode(), _, node1)) + exists(Write w | w.writesElement(node2, _, node1)) ) } diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll index 20a147a6454..d48335d299f 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll @@ -12,7 +12,8 @@ private newtype TNode = MkGlobalFunctionNode(Function f) or MkImplicitVarargsSlice(CallExpr c) { c.hasImplicitVarargs() } or MkSliceElementNode(SliceExpr se) or - MkFlowSummaryNode(FlowSummaryImpl::Private::SummaryNode sn) + MkFlowSummaryNode(FlowSummaryImpl::Private::SummaryNode sn) or + MkDefaultPostUpdateNode(IR::Instruction insn) { insnHasPostUpdateNode(insn) } /** Nodes intended for only use inside the data-flow libraries. */ module Private { @@ -760,18 +761,27 @@ module Public { predicate isReceiverOf(MethodDecl m) { parm.isReceiverOf(m) } } - private Node getADirectlyWrittenNode() { - exists(Write w | w.writesComponent(result, _)) or - result = DataFlow::exprNode(any(SendStmt s).getChannel()) - } - - private DataFlow::Node getAccessPathPredecessor(DataFlow::Node node) { - result = node.(PointerDereferenceNode).getOperand() + private IR::Instruction getADirectlyWrittenInsn() { + exists(Write w | w.writesComponentInstruction(result, _)) or - result = node.(ComponentReadNode).getBase() + result = IR::evalExprInstruction(any(SendStmt s).getChannel()) } - private Node getAWrittenNode() { result = getAccessPathPredecessor*(getADirectlyWrittenNode()) } + private IR::Instruction getAccessPathPredecessorInsn(IR::Instruction insn) { + exists(Expr e1, Expr e2 | + insn = IR::evalExprInstruction(e1) and result = IR::evalExprInstruction(e2) + | + e2 = e1.(DerefExpr).getOperand() or e2 = e1.(StarExpr).getBase() + ) + or + exists(Expr e | insn = IR::implicitDerefInstruction(e) and result = IR::evalExprInstruction(e)) + or + result = insn.(IR::ComponentReadInstruction).getBase() + } + + private IR::Instruction getAWrittenInsn() { + result = getAccessPathPredecessorInsn*(getADirectlyWrittenInsn()) + } /** * Holds if `tp` is a type that may (directly or indirectly) reference a memory location. @@ -807,31 +817,51 @@ module Public { abstract Node getPreUpdateNode(); } - private class DefaultPostUpdateNode extends PostUpdateNode { + /** Holds if the node corresponding to `insn` has a post-update node. */ + predicate insnHasPostUpdateNode(IR::Instruction insn) { + exists(Expr e | insn.(IR::EvalInstruction).getExpr() = e | + e instanceof AddressExpr or + e = any(AddressExpr ae).getOperand() or + e = any(StarExpr ae).getBase() or + e = any(DerefExpr ae).getOperand() or + e = any(IR::EvalImplicitDerefInstruction eidi).getOperand() + ) + or + exists(CallExpr ce | + ce.getArgument(0).getType() instanceof TupleType and + insn = IR::extractTupleElement(IR::evalExprInstruction(ce.getArgument(0)), _) + or + not ce.getArgument(0).getType() instanceof TupleType and + insn = IR::evalExprInstruction(ce.getAnArgument()) + or + // Receiver of a method call + exists(IR::MethodReadInstruction mri | + ce.getTarget() instanceof Method and + mri = IR::evalExprInstruction(ce.getCalleeExpr()) and + insn = mri.getReceiver() + ) + ) and + mutableType(insn.getResultType()) + or + insn = getAWrittenInsn() + } + + private class DefaultPostUpdateNode extends PostUpdateNode, MkDefaultPostUpdateNode { Node preupd; - DefaultPostUpdateNode() { - ( - preupd instanceof AddressOperationNode - or - preupd = any(AddressOperationNode addr).getOperand() - or - preupd = any(PointerDereferenceNode deref).getOperand() - or - preupd = getAWrittenNode() - or - preupd = any(ArgumentNode arg).getACorrespondingSyntacticArgument() and - mutableType(preupd.getType()) - ) and - ( - preupd = this.(SsaNode).getAUse() - or - preupd = this and - not basicLocalFlowStep(_, this) - ) - } + DefaultPostUpdateNode() { this = MkDefaultPostUpdateNode(preupd.asInstruction()) } override Node getPreUpdateNode() { result = preupd } + + override ControlFlow::Root getRoot() { result = preupd.getRoot() } + + override Type getType() { result = preupd.getType() } + + override string getNodeKind() { result = "post-update node" } + + override string toString() { result = preupd.toString() + " [postupdate]" } + + override Location getLocation() { result = preupd.getLocation() } } /** @@ -866,7 +896,7 @@ module Public { int getPosition() { result = i } /** - * Gets a data-flow node for a syntactic argument corresponding this this + * Gets a data-flow node for a syntactic argument corresponding to this * argument. If this argument is not an implicit varargs slice then this * will just be the argument itself. If this argument is an implicit * varargs slice then this will be a data-flow node that for an argument diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll index 2d05b211a57..94609d1c111 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll @@ -65,23 +65,30 @@ predicate basicLocalFlowStep(Node nodeFrom, Node nodeTo) { else nodeTo.asInstruction() = evalAssert ) or - // Instruction -> SSA + // Instruction -> SSA defn exists(IR::Instruction pred, SsaExplicitDefinition succ | succ.getRhs() = pred and - nodeFrom = instructionNode(pred) and - nodeTo = ssaNode(succ) + ( + nodeFrom = instructionNode(pred) or + nodeFrom.(PostUpdateNode).getPreUpdateNode() = instructionNode(pred) + ) and + nodeTo = ssaNode(succ.getVariable()) ) or - // SSA -> SSA - exists(SsaDefinition pred, SsaPseudoDefinition succ | succ.getAnInput() = pred | - nodeFrom = ssaNode(pred) and - nodeTo = ssaNode(succ) + // SSA defn -> first SSA use + exists(SsaDefinition pred, IR::Instruction succ | succ = pred.getAFirstUse() | + (pred instanceof SsaExplicitDefinition or pred instanceof SsaVariableCapture) and + nodeFrom = ssaNode(pred.getVariable()) and + nodeTo = instructionNode(succ) ) or - // SSA -> Instruction - exists(SsaDefinition pred, IR::Instruction succ | - succ = pred.getVariable().getAUse() and - nodeFrom = ssaNode(pred) and + // SSA use -> successive SSA use + // Note this case includes Phi node traversal + exists(IR::Instruction pred, IR::Instruction succ | succ = getAnAdjacentUse(pred) | + ( + nodeFrom = instructionNode(pred) or + nodeFrom.(PostUpdateNode).getPreUpdateNode() = instructionNode(pred) + ) and nodeTo = instructionNode(succ) ) or @@ -96,6 +103,10 @@ private Field getASparselyUsedChannelTypedField() { count(result.getARead()) = 2 } +bindingset[v] +pragma[inline_late] +private predicate isValueEntityRead(ValueEntity v, Node n) { n = v.getARead() } + /** * Holds if data can flow from `node1` to `node2` in a way that loses the * calling context. For example, this would happen with flow through a @@ -110,14 +121,22 @@ predicate jumpStep(Node n1, Node n2) { or n1.(DataFlow::PostUpdateNode).getPreUpdateNode() = v.getARead() ) and - n2 = v.getARead() + isValueEntityRead(v, n2) ) or - exists(SsaDefinition pred, SsaDefinition succ | - succ.(SsaVariableCapture).getSourceVariable() = pred.(SsaExplicitDefinition).getSourceVariable() - | - n1 = ssaNode(pred) and + exists(SsaExplicitDefinition def, SsaVariableCapture succ | + succ.getSourceVariable() = def.getSourceVariable() and n2 = ssaNode(succ) + | + not exists(def.getAFirstUse()) and n1 = ssaNode(def) + or + exists(IR::Instruction lastUse | + lastUse = getAnAdjacentUse*(def.getAFirstUse()) and + not exists(getAnAdjacentUse(lastUse)) + | + n1 = instructionNode(lastUse) or + n1.(DataFlow::PostUpdateNode).getPreUpdateNode() = instructionNode(lastUse) + ) ) or // If a channel-typed field is referenced exactly once in the context of @@ -145,15 +164,17 @@ predicate jumpStep(Node n1, Node n2) { */ predicate storeStep(Node node1, ContentSet cs, Node node2) { exists(Content c | cs.asOneContent() = c | - // a write `(*p).f = rhs` is modeled as two store steps: `rhs` is flows into field `f` of `(*p)`, - // which in turn flows into the pointer content of `p` + // a write `(*p).f = rhs` is modeled as two store steps: `rhs` is flows into field `f` of the + // post-update node of `(*p)`, which in turn flows into the pointer content of the post-update + // node of `p` exists(Write w, Field f, DataFlow::Node base, DataFlow::Node rhs | w.writesField(base, f, rhs) | node1 = rhs and - node2.(PostUpdateNode).getPreUpdateNode() = base and + node2 = base and c = any(DataFlow::FieldContent fc | fc.getField() = f) or node1 = base and - node2.(PostUpdateNode).getPreUpdateNode() = node1.(PointerDereferenceNode).getOperand() and + node2.(PostUpdateNode).getPreUpdateNode() = + node1.(PostUpdateNode).getPreUpdateNode().(PointerDereferenceNode).getOperand() and c = any(DataFlow::PointerContent pc | pc.getPointerType() = node2.getType()) ) or diff --git a/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll b/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll index 496870286e9..f12c9e6eeb1 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll @@ -442,7 +442,7 @@ module SourceSinkInterpretationInput implements f = e.asFieldEntity() | c = "" and - fw.writesField(base, f, node.asNode()) and + fw.writesFieldPreUpdate(base, f, node.asNode()) and pragma[only_bind_into](e) = getElementWithQualifier(f, base) ) or diff --git a/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll b/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll index c69a7f32e63..af28f7f4020 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll @@ -83,23 +83,25 @@ class AdditionalTaintStep extends Unit { abstract predicate step(DataFlow::Node node1, DataFlow::Node node2); } -/** - * Holds if the additional step from `pred` to `succ` should be included in all - * global taint flow configurations. - */ -predicate localAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ, string model) { - ( - referenceStep(pred, succ) or - elementWriteStep(pred, succ) or - fieldReadStep(pred, succ) or - elementStep(pred, succ) or - tupleStep(pred, succ) or - stringConcatStep(pred, succ) or - sliceStep(pred, succ) +private predicate localAdditionalForwardTaintStep( + DataFlow::Node pred, DataFlow::Node succ, string model +) { + exists(DataFlow::Node pred2 | + pred2 = pred + or + pred2 = pred.(DataFlow::PostUpdateNode).getPreUpdateNode() + | + referenceStep(pred2, succ) or + elementWriteStep(pred2, succ) or + fieldReadStep(pred2, succ) or + elementStep(pred2, succ) or + tupleStep(pred2, succ) or + stringConcatStep(pred2, succ) or + sliceStep(pred2, succ) ) and model = "" or - any(FunctionModel fm).taintStep(pred, succ) and model = "FunctionModel" + any(FunctionModel fm).forwardTaintStep(pred, succ) and model = "FunctionModel" or any(AdditionalTaintStep a).step(pred, succ) and model = "AdditionalTaintStep" or @@ -107,6 +109,43 @@ predicate localAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ, str .getSummaryNode(), succ.(DataFlowPrivate::FlowSummaryNode).getSummaryNode(), false, model) } +/** + * This is a helper predicate for `localAdditionalBackwardTaintStep`. It mixes + * local data flow with local forward taint steps. It should only ever be used + * via its transitive closure, which gives local forward taint flow, that is + * with backward steps excluded. + */ +private predicate partialLocalForwardTaintFlow(DataFlow::Node pred, DataFlow::Node succ) { + DataFlow::localFlow(pred, succ) or + localAdditionalForwardTaintStep(pred, succ, _) or + // Simple flow through library code is included in the exposed local + // step relation, even though flow is technically inter-procedural + FlowSummaryImpl::Private::Steps::summaryThroughStepTaint(pred, succ, _) +} + +/** + * Holds if taint flows backwards from `pred` to `succ` via a function model. + */ +private predicate localAdditionalBackwardTaintStep( + DataFlow::Node pred, DataFlow::Node succ, string model +) { + // backward step through function model + exists(FunctionModel m, DataFlow::Node resultNode | + m.backwardTaintStep(resultNode, succ) and + partialLocalForwardTaintFlow+(resultNode, pred.(DataFlow::PostUpdateNode).getPreUpdateNode()) + ) and + model = "FunctionModel" +} + +/** + * Holds if the additional step from `pred` to `succ` should be included in all + * global taint flow configurations. + */ +predicate localAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ, string model) { + localAdditionalForwardTaintStep(pred, succ, model) or + localAdditionalBackwardTaintStep(pred, succ, model) +} + /** * Holds if taint flows from `pred` to `succ` via a reference or dereference. * @@ -140,7 +179,7 @@ predicate referenceStep(DataFlow::Node pred, DataFlow::Node succ) { * `succ`. */ predicate elementWriteStep(DataFlow::Node pred, DataFlow::Node succ) { - any(DataFlow::Write w).writesElement(succ.(DataFlow::PostUpdateNode).getPreUpdateNode(), _, pred) + any(DataFlow::Write w).writesElement(succ, _, pred) or FlowSummaryImpl::Private::Steps::summaryStoreStep(pred.(DataFlowPrivate::FlowSummaryNode) .getSummaryNode(), any(DataFlow::ArrayContent ac).asContentSet(), @@ -195,23 +234,36 @@ abstract class FunctionModel extends Function { abstract predicate hasTaintFlow(FunctionInput input, FunctionOutput output); /** Gets an input node for this model for the call `c`. */ - DataFlow::Node getAnInputNode(DataFlow::CallNode c) { this.taintStepForCall(result, _, c) } + DataFlow::Node getAnInputNode(DataFlow::CallNode c) { this.taintStepForCall(result, _, c, _) } /** Gets an output node for this model for the call `c`. */ - DataFlow::Node getAnOutputNode(DataFlow::CallNode c) { this.taintStepForCall(_, result, c) } + DataFlow::Node getAnOutputNode(DataFlow::CallNode c) { this.taintStepForCall(_, result, c, _) } /** Holds if this function model causes taint to flow from `pred` to `succ` for the call `c`. */ - predicate taintStepForCall(DataFlow::Node pred, DataFlow::Node succ, DataFlow::CallNode c) { + predicate taintStepForCall( + DataFlow::Node pred, DataFlow::Node succ, DataFlow::CallNode c, Boolean forward + ) { c = this.getACall() and exists(FunctionInput inp, FunctionOutput outp | this.hasTaintFlow(inp, outp) | pred = pragma[only_bind_out](inp).getNode(c) and - succ = pragma[only_bind_out](outp).getNode(c) + succ = pragma[only_bind_out](outp).getNode(c) and + if inp.isResult() or inp.isResult(_) then forward = false else forward = true ) } /** Holds if this function model causes taint to flow from `pred` to `succ`. */ predicate taintStep(DataFlow::Node pred, DataFlow::Node succ) { - this.taintStepForCall(pred, succ, _) + this.taintStepForCall(pred, succ, _, _) + } + + /** Holds if this function model causes taint to flow forward from `pred` to `succ`. */ + predicate forwardTaintStep(DataFlow::Node pred, DataFlow::Node succ) { + this.taintStepForCall(pred, succ, _, true) + } + + /** Holds if this function model causes taint to flow backwards from `pred` to `succ`. */ + predicate backwardTaintStep(DataFlow::Node pred, DataFlow::Node succ) { + this.taintStepForCall(pred, succ, _, false) } } diff --git a/go/ql/lib/semmle/go/frameworks/Email.qll b/go/ql/lib/semmle/go/frameworks/Email.qll index a1d43d3c397..ba4cf8be415 100644 --- a/go/ql/lib/semmle/go/frameworks/Email.qll +++ b/go/ql/lib/semmle/go/frameworks/Email.qll @@ -26,9 +26,14 @@ module EmailData { private class SmtpData extends Range { SmtpData() { // func (c *Client) Data() (io.WriteCloser, error) - exists(Method data | + exists(Method data, DataFlow::Node n | data.hasQualifiedName("net/smtp", "Client", "Data") and - this.(DataFlow::SsaNode).getInit() = data.getACall().getResult(0) + // Deal with cases like + // w, _ := s.Data() + // io.WriteString(w, source()) // $ Alert + // w.Write(source()) // $ Alert + DataFlow::localFlow(data.getACall().getResult(0), n) and + this.(DataFlow::PostUpdateNode).getPreUpdateNode() = n ) or // func SendMail(addr string, a Auth, from string, to []string, msg []byte) error diff --git a/go/ql/lib/semmle/go/frameworks/GinCors.qll b/go/ql/lib/semmle/go/frameworks/GinCors.qll index 582ea368073..cc993ea4dee 100644 --- a/go/ql/lib/semmle/go/frameworks/GinCors.qll +++ b/go/ql/lib/semmle/go/frameworks/GinCors.qll @@ -27,7 +27,7 @@ module GinCors { AllowCredentialsWrite() { exists(Field f, Write w | f.hasQualifiedName(packagePath(), "Config", "AllowCredentials") and - w.writesField(base, f, this) and + w.writesFieldPreUpdate(base, f, this) and this.getType() instanceof BoolType ) } @@ -61,7 +61,7 @@ module GinCors { AllowOriginsWrite() { exists(Field f, Write w | f.hasQualifiedName(packagePath(), "Config", "AllowOrigins") and - w.writesField(base, f, this) and + w.writesFieldPreUpdate(base, f, this) and this.asExpr() instanceof SliceLit ) } @@ -95,7 +95,7 @@ module GinCors { AllowAllOriginsWrite() { exists(Field f, Write w | f.hasQualifiedName(packagePath(), "Config", "AllowAllOrigins") and - w.writesField(base, f, this) and + w.writesFieldPreUpdate(base, f, this) and this.getType() instanceof BoolType ) } @@ -109,14 +109,9 @@ module GinCors { * Get config variable holding header values */ override GinConfig getConfig() { - exists(GinConfig gc | - ( - gc.getV().getBaseVariable().getDefinition().(SsaExplicitDefinition).getRhs() = - base.asInstruction() or - gc.getV().getAUse() = base - ) and - result = gc - ) + result.getV().getBaseVariable().getDefinition().(SsaExplicitDefinition).getRhs() = + base.asInstruction() or + result.getV().getAUse() = base } } diff --git a/go/ql/lib/semmle/go/frameworks/NoSQL.qll b/go/ql/lib/semmle/go/frameworks/NoSQL.qll index 36932149628..5fa155395fc 100644 --- a/go/ql/lib/semmle/go/frameworks/NoSQL.qll +++ b/go/ql/lib/semmle/go/frameworks/NoSQL.qll @@ -38,9 +38,8 @@ module NoSql { */ predicate isAdditionalMongoTaintStep(DataFlow::Node pred, DataFlow::Node succ) { // Taint an entry if the `Value` is tainted - exists(Write w, DataFlow::Node base, Field f | w.writesField(base, f, pred) | - base = succ.(DataFlow::PostUpdateNode).getPreUpdateNode() and - base.getType().hasQualifiedName(package("go.mongodb.org/mongo-driver", "bson/primitive"), "E") and + exists(Write w, Field f | w.writesField(succ, f, pred) | + succ.getType().hasQualifiedName(package("go.mongodb.org/mongo-driver", "bson/primitive"), "E") and f.getName() = "Value" ) } diff --git a/go/ql/lib/semmle/go/frameworks/Protobuf.qll b/go/ql/lib/semmle/go/frameworks/Protobuf.qll index 550f9917560..62443eb46af 100644 --- a/go/ql/lib/semmle/go/frameworks/Protobuf.qll +++ b/go/ql/lib/semmle/go/frameworks/Protobuf.qll @@ -64,11 +64,10 @@ module Protobuf { */ private class MarshalStateStep extends TaintTracking::AdditionalTaintStep { override predicate step(DataFlow::Node pred, DataFlow::Node succ) { - exists(DataFlow::PostUpdateNode marshalInput, DataFlow::CallNode marshalStateCall | + exists(DataFlow::Node marshalInput, DataFlow::CallNode marshalStateCall | marshalStateCall = marshalStateMethod().getACall() and // pred -> marshalInput.Message - any(DataFlow::Write w) - .writesField(marshalInput.getPreUpdateNode(), inputMessageField(), pred) and + any(DataFlow::Write w).writesField(marshalInput, inputMessageField(), pred) and // marshalInput -> marshalStateCall marshalStateCall.getArgument(0) = globalValueNumber(marshalInput).getANode() and // marshalStateCall -> succ @@ -142,10 +141,10 @@ module Protobuf { private class WriteMessageFieldStep extends TaintTracking::AdditionalTaintStep { override predicate step(DataFlow::Node pred, DataFlow::Node succ) { [succ.getType(), succ.getType().getPointerType()] instanceof MessageType and - exists(DataFlow::ReadNode base | - succ.(DataFlow::PostUpdateNode).getPreUpdateNode() = getUnderlyingNode(base) + exists(DataFlow::Write w, DataFlow::ReadNode base | + w.writesElementPreUpdate(base, _, pred) or w.writesFieldPreUpdate(base, _, pred) | - any(DataFlow::Write w).writesComponent(base, pred) + succ.(DataFlow::PostUpdateNode).getPreUpdateNode() = getUnderlyingNode(base) ) } } diff --git a/go/ql/lib/semmle/go/frameworks/RsCors.qll b/go/ql/lib/semmle/go/frameworks/RsCors.qll index b9cee2aa459..52b4a7fe6d0 100644 --- a/go/ql/lib/semmle/go/frameworks/RsCors.qll +++ b/go/ql/lib/semmle/go/frameworks/RsCors.qll @@ -54,7 +54,7 @@ module RsCors { AllowCredentialsWrite() { exists(Field f, Write w | f.hasQualifiedName(packagePath(), "Options", "AllowCredentials") and - w.writesField(base, f, this) and + w.writesFieldPreUpdate(base, f, this) and this.getType() instanceof BoolType ) } @@ -82,7 +82,7 @@ module RsCors { AllowOriginsWrite() { exists(Field f, Write w | f.hasQualifiedName(packagePath(), "Options", "AllowedOrigins") and - w.writesField(base, f, this) and + w.writesFieldPreUpdate(base, f, this) and this.asExpr() instanceof SliceLit ) } @@ -113,7 +113,7 @@ module RsCors { AllowAllOriginsWrite() { exists(Field f, Write w | f.hasQualifiedName(packagePath(), "Options", "AllowAllOrigins") and - w.writesField(base, f, this) and + w.writesFieldPreUpdate(base, f, this) and this.getType() instanceof BoolType ) } diff --git a/go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll b/go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll index 9a917f05ff5..88c9605502f 100644 --- a/go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll +++ b/go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll @@ -52,7 +52,7 @@ module NetHttp { MapWrite() { this.getType().hasQualifiedName("net/http", "Header") and - any(Write write).writesElement(this, index, rhs) + any(Write write).writesElementPreUpdate(this, index, rhs) } override DataFlow::Node getName() { result = index } diff --git a/go/ql/lib/semmle/go/security/AllocationSizeOverflowCustomizations.qll b/go/ql/lib/semmle/go/security/AllocationSizeOverflowCustomizations.qll index 60841b048f4..3eced801f20 100644 --- a/go/ql/lib/semmle/go/security/AllocationSizeOverflowCustomizations.qll +++ b/go/ql/lib/semmle/go/security/AllocationSizeOverflowCustomizations.qll @@ -32,7 +32,10 @@ module AllocationSizeOverflow { /** * A data-flow node that is an operand to an operation that may overflow. */ - abstract class OverflowProneOperand extends DataFlow::Node { } + abstract class OverflowProneOperand extends DataFlow::Node { + /** Gets the operation that may overflow that `this` is an operand of. */ + abstract DataFlow::Node getOverflowProneOperation(); + } /** * A data-flow node that represents the size argument of an allocation, such as the `n` in @@ -91,8 +94,7 @@ module AllocationSizeOverflow { AllocationSize allocsz; DefaultSink() { - this instanceof OverflowProneOperand and - localStep*(this, allocsz) and + localStep*(this.(OverflowProneOperand).getOverflowProneOperation(), allocsz) and not allocsz instanceof AllocationSizeCheckBarrier } @@ -134,15 +136,18 @@ module AllocationSizeOverflow { /** An operand of an arithmetic expression that could cause overflow. */ private class DefaultOverflowProneOperand extends OverflowProneOperand { + OperatorExpr parent; + DefaultOverflowProneOperand() { - exists(OperatorExpr parent | isOverflowProne(parent) | - this.asExpr() = parent.getAnOperand() and - // only consider outermost operands to avoid double reporting - not exists(OperatorExpr grandparent | parent = grandparent.getAnOperand().stripParens() | - isOverflowProne(grandparent) - ) + isOverflowProne(parent) and + this.asExpr() = parent.getAnOperand() and + // only consider outermost operands to avoid double reporting + not exists(OperatorExpr grandparent | parent = grandparent.getAnOperand().stripParens() | + isOverflowProne(grandparent) ) } + + override DataFlow::Node getOverflowProneOperation() { result.asExpr() = parent } } /** diff --git a/go/ql/lib/semmle/go/security/CleartextLogging.qll b/go/ql/lib/semmle/go/security/CleartextLogging.qll index 5218d03d908..5254b3e3a29 100644 --- a/go/ql/lib/semmle/go/security/CleartextLogging.qll +++ b/go/ql/lib/semmle/go/security/CleartextLogging.qll @@ -35,9 +35,7 @@ module CleartextLogging { predicate isAdditionalFlowStep(DataFlow::Node src, DataFlow::Node trg) { // A taint propagating data-flow edge through structs: a tainted write taints the entire struct. - exists(Write write | - write.writesField(trg.(DataFlow::PostUpdateNode).getPreUpdateNode(), _, src) - ) + exists(Write write | write.writesField(trg, _, src)) or // taint steps that do not include flow through fields. Field reads would produce FPs due to // the additional taint step above that taints whole structs from individual field writes. diff --git a/go/ql/lib/semmle/go/security/CleartextLoggingCustomizations.qll b/go/ql/lib/semmle/go/security/CleartextLoggingCustomizations.qll index 6c95686cb8c..4abc9021268 100644 --- a/go/ql/lib/semmle/go/security/CleartextLoggingCustomizations.qll +++ b/go/ql/lib/semmle/go/security/CleartextLoggingCustomizations.qll @@ -55,6 +55,8 @@ module CleartextLogging { | this.asExpr().(Ident).getName() = name or + this.(DataFlow::SsaNode).getSourceVariable().getName() = name + or this.(DataFlow::FieldReadNode).getFieldName() = name or this.(DataFlow::CallNode).getCalleeName() = name @@ -143,7 +145,7 @@ module CleartextLogging { not this instanceof NonCleartextPassword and name.regexpMatch(maybePassword()) and ( - this.asExpr().(Ident).getName() = name + this.(DataFlow::SsaNode).getSourceVariable().getName() = name or exists(DataFlow::FieldReadNode fn | fn = this and diff --git a/go/ql/lib/semmle/go/security/CommandInjection.qll b/go/ql/lib/semmle/go/security/CommandInjection.qll index 1774d77af54..face45358a9 100644 --- a/go/ql/lib/semmle/go/security/CommandInjection.qll +++ b/go/ql/lib/semmle/go/security/CommandInjection.qll @@ -84,6 +84,28 @@ module CommandInjection { } predicate observeDiffInformedIncrementalMode() { any() } + + // Hack: with use-use flow, we might have x (use at line 1) -> x (use at line 2), + // x (use at line 1) -> array at line 1 and x (use at line 2) -> array at line 2, + // in the context + // + // array1 := {"--", x} + // array2 := {x, "--"} + // + // We want to taint array2 but not array1, which suggests excluding the edge x (use 1) -> array1 + // However isSanitizer only allows us to remove nodes (isSanitizerIn/Out permit removing all outgoing + // or incoming edges); we can't remove an individual edge, so instead we supply extra edges connecting + // the definition with the next use. + predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) { + exists( + ArgumentArrayWithDoubleDash array, DataFlow::InstructionNode sanitized, + DataFlow::SsaNode defn + | + sanitized = array.getASanitizedElement() and sanitized = defn.getAUse() + | + pred = defn and succ = sanitized.getASuccessor() + ) + } } /** diff --git a/go/ql/lib/semmle/go/security/IncorrectIntegerConversionLib.qll b/go/ql/lib/semmle/go/security/IncorrectIntegerConversionLib.qll index 7864205d1dc..161916cd11e 100644 --- a/go/ql/lib/semmle/go/security/IncorrectIntegerConversionLib.qll +++ b/go/ql/lib/semmle/go/security/IncorrectIntegerConversionLib.qll @@ -290,13 +290,17 @@ private predicate integerTypeBound(IntegerType it, int bitSize, int architecture * the type assertion succeeded. If it is not checked then there will be a * run-time panic if the type assertion fails, so we can assume it succeeded. */ -class TypeAssertionCheck extends DataFlow::ExprNode, FlowStateTransformer { +class TypeAssertionCheck extends DataFlow::InstructionNode, FlowStateTransformer { IntegerType it; TypeAssertionCheck() { - exists(TypeAssertExpr tae | - this = DataFlow::exprNode(tae.getExpr()) and - it = tae.getTypeExpr().getType().getUnderlyingType() + exists(IR::Instruction evalAssert, TypeAssertExpr assert | + it = assert.getTypeExpr().getType().getUnderlyingType() and + evalAssert = IR::evalExprInstruction(assert) + | + if exists(IR::extractTupleElement(evalAssert, _)) + then this.asInstruction() = IR::extractTupleElement(evalAssert, 0) + else this.asInstruction() = evalAssert ) } diff --git a/go/ql/lib/semmle/go/security/LogInjectionCustomizations.qll b/go/ql/lib/semmle/go/security/LogInjectionCustomizations.qll index 565cf29a450..9160c204df1 100644 --- a/go/ql/lib/semmle/go/security/LogInjectionCustomizations.qll +++ b/go/ql/lib/semmle/go/security/LogInjectionCustomizations.qll @@ -35,7 +35,15 @@ module LogInjection { /** An argument to a logging mechanism. */ class LoggerSink extends Sink { - LoggerSink() { this = any(LoggerCall log).getAValueFormattedMessageComponent() } + LoggerSink() { + exists(LoggerCall call | + this = call.getAValueFormattedMessageComponent() and + // exclude arguments to `call` which have a safe format argument, which + // aren't caught by SafeFormatArgumentSanitizer as that sanitizes the + // result of the call. + not safeFormatArgument(this, call) + ) + } } /** @@ -47,6 +55,22 @@ module LogInjection { ReplaceSanitizer() { this.getReplacedString() = ["\r", "\n"] } } + /** + * Holds if `arg` is an argument to `call` that is formatted using the `%q` + * directive. This formatting directive replaces newline characters with + * escape sequences, so `arg` would not be a sink for log injection. + */ + private predicate safeFormatArgument( + DataFlow::Node arg, StringOps::Formatting::StringFormatCall call + ) { + exists(string safeDirective | + // Mark "%q" formats as safe, but not "%#q", which would preserve newline characters. + safeDirective.regexpMatch("%[^%#]*q") + | + arg = call.getOperand(_, safeDirective) + ) + } + /** * An argument that is formatted using the `%q` directive, considered as a sanitizer * for log injection. @@ -55,10 +79,8 @@ module LogInjection { */ private class SafeFormatArgumentSanitizer extends Sanitizer { SafeFormatArgumentSanitizer() { - exists(StringOps::Formatting::StringFormatCall call, string safeDirective | - this = call.getOperand(_, safeDirective) and - // Mark "%q" formats as safe, but not "%#q", which would preserve newline characters. - safeDirective.regexpMatch("%[^%#]*q") + exists(StringOps::Formatting::StringFormatCall call | safeFormatArgument(_, call) | + this = call.getAResult() ) } } diff --git a/go/ql/lib/semmle/go/security/OpenUrlRedirect.qll b/go/ql/lib/semmle/go/security/OpenUrlRedirect.qll index 1d2d7a1c60b..eb651c3b69f 100644 --- a/go/ql/lib/semmle/go/security/OpenUrlRedirect.qll +++ b/go/ql/lib/semmle/go/security/OpenUrlRedirect.qll @@ -33,8 +33,8 @@ module OpenUrlRedirect { any(AdditionalStep s).hasTaintStep(pred, succ) or // propagate to a URL when its host is assigned to - exists(Write w, Field f, SsaWithFields v | f.hasQualifiedName("net/url", "URL", "Host") | - w.writesField(v.getAUse(), f, pred) and succ = v.getAUse() + exists(Write w, Field f | f.hasQualifiedName("net/url", "URL", "Host") | + w.writesField(succ, f, pred) ) or // propagate out of most URL fields, but not `ForceQuery` and `Scheme` @@ -48,8 +48,10 @@ module OpenUrlRedirect { predicate isBarrierOut(DataFlow::Node node) { // block propagation of this unsafe value when its host is overwritten - exists(Write w, Field f | f.hasQualifiedName("net/url", "URL", "Host") | - w.writesField(node.getASuccessor(), f, _) + exists(Write w, Field f, DataFlow::Node base | + f.hasQualifiedName("net/url", "URL", "Host") and + w.writesField(base, f, _) and + base.(DataFlow::PostUpdateNode).getPreUpdateNode() = node ) or hostnameSanitizingPrefixEdge(node, _) diff --git a/go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll b/go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll index 870edeee962..248276ba396 100644 --- a/go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll +++ b/go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll @@ -6,7 +6,7 @@ import go import UrlConcatenation -import SafeUrlFlowCustomizations +private import SafeUrlFlowCustomizations import semmle.go.dataflow.barrierguardutil.RedirectCheckBarrierGuard import semmle.go.dataflow.barrierguardutil.RegexpCheck import semmle.go.dataflow.barrierguardutil.UrlCheck @@ -75,25 +75,18 @@ module OpenUrlRedirect { } } - bindingset[var, w] - pragma[inline_late] - private predicate useIsDominated(SsaWithFields var, Write w, DataFlow::ReadNode sanitizedRead) { - w.dominatesNode(sanitizedRead.asInstruction()) and - sanitizedRead = var.getAUse() - } - /** - * An access to a variable that is preceded by an assignment to its `Path` field. + * An assignment of a safe value to the field `Path`, considered as a barrier for sanitizing + * untrusted URLs. * * This is overapproximate; this will currently remove flow through all `Url.Path` assignments * which contain a substring that could sanitize data. */ - class PathAssignmentBarrier extends Barrier, Read { + class PathAssignmentBarrier extends Barrier { PathAssignmentBarrier() { - exists(Write w, SsaWithFields var | - hasHostnameSanitizingSubstring(w.getRhs()) and - w.writesField(var.getAUse(), any(Field f | f.getName() = "Path"), _) and - useIsDominated(var, w, this) + exists(Write w, DataFlow::Node rhs | + hasHostnameSanitizingSubstring(rhs) and + w.writesFieldPreUpdate(this, any(Field f | f.getName() = "Path"), rhs) ) } } @@ -121,21 +114,6 @@ module OpenUrlRedirect { /** A sink for an open redirect, considered as a sink for safe URL flow. */ private class SafeUrlSink extends SafeUrlFlow::Sink instanceof OpenUrlRedirect::Sink { } -/** - * A read of a field considered unsafe to redirect to, considered as a sanitizer for a safe - * URL. - */ -private class UnsafeFieldReadSanitizer extends SafeUrlFlow::SanitizerEdge { - UnsafeFieldReadSanitizer() { - exists(DataFlow::FieldReadNode frn, string name | - name = ["User", "RawQuery", "Fragment"] and - frn.getField().hasQualifiedName("net/url", "URL") - | - this = frn.getBase() - ) - } -} - /** * Reinstate the usual field propagation rules for fields, which the OpenURLRedirect * query usually excludes, for fields of `Params` other than `Params.Fixed`. diff --git a/go/ql/lib/semmle/go/security/RequestForgery.qll b/go/ql/lib/semmle/go/security/RequestForgery.qll index 176b67403e6..03b6f9ac0b0 100644 --- a/go/ql/lib/semmle/go/security/RequestForgery.qll +++ b/go/ql/lib/semmle/go/security/RequestForgery.qll @@ -27,8 +27,8 @@ module RequestForgery { predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) { // propagate to a URL when its host is assigned to - exists(Write w, Field f, SsaWithFields v | f.hasQualifiedName("net/url", "URL", "Host") | - w.writesField(v.getAUse(), f, pred) and succ = v.getAUse() + exists(Write w, Field f | f.hasQualifiedName("net/url", "URL", "Host") | + w.writesField(succ, f, pred) ) } diff --git a/go/ql/lib/semmle/go/security/RequestForgeryCustomizations.qll b/go/ql/lib/semmle/go/security/RequestForgeryCustomizations.qll index 2449ffe488c..1298785b726 100644 --- a/go/ql/lib/semmle/go/security/RequestForgeryCustomizations.qll +++ b/go/ql/lib/semmle/go/security/RequestForgeryCustomizations.qll @@ -4,7 +4,7 @@ import go import UrlConcatenation -import SafeUrlFlowCustomizations +private import SafeUrlFlowCustomizations import semmle.go.dataflow.barrierguardutil.RedirectCheckBarrierGuard import semmle.go.dataflow.barrierguardutil.RegexpCheck import semmle.go.dataflow.barrierguardutil.UrlCheck @@ -118,18 +118,3 @@ module RequestForgery { /** A sink for request forgery, considered as a sink for safe URL flow. */ private class SafeUrlSink extends SafeUrlFlow::Sink instanceof RequestForgery::Sink { } - -/** - * A read of a field considered unsafe for request forgery, considered as a sanitizer for a safe - * URL. - */ -private class UnsafeFieldReadSanitizer extends SafeUrlFlow::SanitizerEdge { - UnsafeFieldReadSanitizer() { - exists(DataFlow::FieldReadNode frn, string name | - (name = "RawQuery" or name = "Fragment" or name = "User") and - frn.getField().hasQualifiedName("net/url", "URL") - | - this = frn.getBase() - ) - } -} diff --git a/go/ql/lib/semmle/go/security/SafeUrlFlow.qll b/go/ql/lib/semmle/go/security/SafeUrlFlow.qll index 77b7aeda591..7144614c305 100644 --- a/go/ql/lib/semmle/go/security/SafeUrlFlow.qll +++ b/go/ql/lib/semmle/go/security/SafeUrlFlow.qll @@ -22,16 +22,21 @@ module SafeUrlFlow { predicate isSink(DataFlow::Node sink) { sink instanceof Sink } predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { - // propagate to a URL when its host is assigned to - exists(Write w, Field f, SsaWithFields v | f.hasQualifiedName("net/url", "URL", "Host") | - w.writesField(v.getAUse(), f, node1) and node2 = v.getAUse() + // propagate taint to the post-update node of a URL when its host is + // assigned to + exists(Write w, Field f | f.hasQualifiedName("net/url", "URL", "Host") | + w.writesField(node2, f, node1) ) } predicate isBarrierOut(DataFlow::Node node) { // block propagation of this safe value when its host is overwritten exists(Write w, Field f | f.hasQualifiedName("net/url", "URL", "Host") | - w.writesField(node.getASuccessor(), f, _) + // We sanitize the pre-update node to block flow from previous value. + // This fits in with the additional flow step above propagating taint + // from the value written to the Host field to the post-update node of + // the URL. + w.writesFieldPreUpdate(node, f, _) ) or node instanceof SanitizerEdge diff --git a/go/ql/lib/semmle/go/security/SafeUrlFlowCustomizations.qll b/go/ql/lib/semmle/go/security/SafeUrlFlowCustomizations.qll index 5f0572db11e..8acd88fb26d 100644 --- a/go/ql/lib/semmle/go/security/SafeUrlFlowCustomizations.qll +++ b/go/ql/lib/semmle/go/security/SafeUrlFlowCustomizations.qll @@ -40,4 +40,19 @@ module SafeUrlFlow { private class StringSlicingEdge extends SanitizerEdge { StringSlicingEdge() { this = any(DataFlow::SliceNode sn) } } + + /** + * A read of a field considered unsafe to redirect to, considered as a sanitizer for a safe + * URL. + */ + private class UnsafeFieldReadSanitizer extends SanitizerEdge { + UnsafeFieldReadSanitizer() { + exists(DataFlow::FieldReadNode frn, string name | + name = ["Fragment", "RawQuery", "User"] and + frn.getField().hasQualifiedName("net/url", "URL", name) + | + this = frn.getBase() + ) + } + } } diff --git a/go/ql/src/InconsistentCode/MissingErrorCheck.ql b/go/ql/src/InconsistentCode/MissingErrorCheck.ql index 6a68904427d..e16b8641a97 100644 --- a/go/ql/src/InconsistentCode/MissingErrorCheck.ql +++ b/go/ql/src/InconsistentCode/MissingErrorCheck.ql @@ -73,6 +73,16 @@ predicate checksValue(IR::Instruction instruction, DataFlow::SsaNode value) { ) } +// Now that we have use-use flow, phi nodes aren't directly involved in the flow graph. TODO: change this? +DataFlow::SsaNode phiDefinedFrom(DataFlow::SsaNode node) { + result.getDefinition().(SsaPseudoDefinition).getAnInput() = node.getDefinition().getVariable() +} + +DataFlow::SsaNode definedFrom(DataFlow::SsaNode node) { + DataFlow::localFlow(node, result) or + result = phiDefinedFrom*(node) +} + /** * Matches if `call` is a function returning (`ptr`, `err`) where `ptr` may be nil, and neither * `ptr` not `err` has been checked for validity as of `node`. @@ -99,7 +109,7 @@ predicate returnUncheckedAtNode( // localFlow is used to permit checks via either an SSA phi node or ordinary assignment. returnUncheckedAtNode(call, node.getAPredecessor(), ptr, err) and not exists(DataFlow::SsaNode checked | - DataFlow::localFlow(ptr, checked) or DataFlow::localFlow(err, checked) + checked = definedFrom(ptr) or checked = definedFrom(err) | checksValue(node, checked) ) diff --git a/go/ql/src/InconsistentCode/UnhandledCloseWritableHandle.ql b/go/ql/src/InconsistentCode/UnhandledCloseWritableHandle.ql index 3fd09ac040e..48e4f98fdb2 100644 --- a/go/ql/src/InconsistentCode/UnhandledCloseWritableHandle.ql +++ b/go/ql/src/InconsistentCode/UnhandledCloseWritableHandle.ql @@ -70,8 +70,8 @@ predicate unhandledCall(DataFlow::CallNode call) { */ predicate isWritableFileHandle(DataFlow::Node source, DataFlow::CallNode call) { exists(OpenFileFun f, DataFlow::Node flags, QualifiedName flag | - // check that the source is a result of the call - source = call.getAResult() and + // check that the source is the first result of the call + source = call.getResult(0) and // find a call to the os.OpenFile function f.getACall() = call and // get the flags expression used for opening the file diff --git a/go/ql/src/RedundantCode/DeadStoreOfField.ql b/go/ql/src/RedundantCode/DeadStoreOfField.ql index be3a77d3ac7..4a971343823 100644 --- a/go/ql/src/RedundantCode/DeadStoreOfField.ql +++ b/go/ql/src/RedundantCode/DeadStoreOfField.ql @@ -89,7 +89,7 @@ Type getTypeEmbeddedViaPointer(Type t) { from Write w, LocalVariable v, Field f where // `w` writes `f` on `v` - w.writesField(v.getARead(), f, _) and + w.writesFieldPreUpdate(v.getARead(), f, _) and // but `f` is never read on `v` not exists(Read r | r.readsField(v.getARead(), f)) and // exclude pointer-typed `v`; there may be reads through an alias diff --git a/go/ql/src/RedundantCode/ImpossibleInterfaceNilCheck.ql b/go/ql/src/RedundantCode/ImpossibleInterfaceNilCheck.ql index c5aeb287358..c8ff9c345f6 100644 --- a/go/ql/src/RedundantCode/ImpossibleInterfaceNilCheck.ql +++ b/go/ql/src/RedundantCode/ImpossibleInterfaceNilCheck.ql @@ -35,7 +35,9 @@ predicate flowsToInterfaceNilCheck(DataFlow::Node nd) { */ predicate nonNilWrapper(DataFlow::Node nd) { flowsToInterfaceNilCheck(nd) and - forex(DataFlow::Node pred | pred = nd.getAPredecessor() | + forex(DataFlow::Node pred | + pred = nd.getAPredecessor() and not pred instanceof DataFlow::PostUpdateNode + | exists(Type predtp | predtp = pred.getType().getUnderlyingType() | not predtp instanceof InterfaceType and not predtp instanceof NilLiteralType and diff --git a/go/ql/src/Security/CWE-295/DisabledCertificateCheck.ql b/go/ql/src/Security/CWE-295/DisabledCertificateCheck.ql index ae83fbce8bc..bc05c8cf4aa 100644 --- a/go/ql/src/Security/CWE-295/DisabledCertificateCheck.ql +++ b/go/ql/src/Security/CWE-295/DisabledCertificateCheck.ql @@ -34,7 +34,7 @@ predicate becomesPartOf(DataFlow::Node part, DataFlow::Node whole) { or whole.(DataFlow::AddressOperationNode).getOperand() = part or - exists(Write w | w.writesField(whole.(DataFlow::PostUpdateNode).getPreUpdateNode(), _, part)) + exists(Write w | w.writesField(whole, _, part)) } /** diff --git a/go/ql/src/Security/CWE-322/InsecureHostKeyCallback.ql b/go/ql/src/Security/CWE-322/InsecureHostKeyCallback.ql index 5fef1900713..87c5a2184b0 100644 --- a/go/ql/src/Security/CWE-322/InsecureHostKeyCallback.ql +++ b/go/ql/src/Security/CWE-322/InsecureHostKeyCallback.ql @@ -98,8 +98,8 @@ predicate hostCheckReachesSink(Flow::PathNode sink) { Flow::flowPath(source, otherSink) and Config::writeIsSink(sink.getNode(), sinkWrite) and Config::writeIsSink(otherSink.getNode(), otherSinkWrite) and - sinkWrite.writesField(sinkAccessPath.getAUse(), _, sink.getNode()) and - otherSinkWrite.writesField(otherSinkAccessPath.getAUse(), _, otherSink.getNode()) and + sinkWrite.writesFieldPreUpdate(sinkAccessPath.getAUse(), _, sink.getNode()) and + otherSinkWrite.writesFieldPreUpdate(otherSinkAccessPath.getAUse(), _, otherSink.getNode()) and otherSinkAccessPath = sinkAccessPath.similar() ) ) diff --git a/go/ql/src/Security/CWE-327/InsecureTLS.ql b/go/ql/src/Security/CWE-327/InsecureTLS.ql index dba6f2d54ca..b5d8a81f3d8 100644 --- a/go/ql/src/Security/CWE-327/InsecureTLS.ql +++ b/go/ql/src/Security/CWE-327/InsecureTLS.ql @@ -65,7 +65,7 @@ module TlsVersionFlowConfig implements DataFlow::ConfigSig { */ additional predicate isSink(DataFlow::Node sink, Field fld, DataFlow::Node base, Write fieldWrite) { fld.hasQualifiedName("crypto/tls", "Config", ["MinVersion", "MaxVersion"]) and - fieldWrite.writesField(base, fld, sink) + fieldWrite.writesFieldPreUpdate(base, fld, sink) } predicate isSource(DataFlow::Node source) { intIsSource(source, _) } @@ -190,7 +190,7 @@ module TlsInsecureCipherSuitesFlowConfig implements DataFlow::ConfigSig { */ additional predicate isSink(DataFlow::Node sink, Field fld, DataFlow::Node base, Write fieldWrite) { fld.hasQualifiedName("crypto/tls", "Config", "CipherSuites") and - fieldWrite.writesField(base, fld, sink) + fieldWrite.writesFieldPreUpdate(base, fld, sink) } predicate isSink(DataFlow::Node sink) { isSink(sink, _, _, _) } diff --git a/go/ql/src/Security/CWE-352/ConstantOauth2State.ql b/go/ql/src/Security/CWE-352/ConstantOauth2State.ql index 8898a6bb101..501eb6109c7 100644 --- a/go/ql/src/Security/CWE-352/ConstantOauth2State.ql +++ b/go/ql/src/Security/CWE-352/ConstantOauth2State.ql @@ -61,7 +61,7 @@ predicate isUrlTaintingConfigStep(DataFlow::Node pred, DataFlow::Node succ) { exists(Write w, Field f | f.hasQualifiedName(package("golang.org/x/oauth2", ""), "Config", "RedirectURL") | - w.writesField(succ.(DataFlow::PostUpdateNode).getPreUpdateNode(), f, pred) + w.writesField(succ, f, pred) ) } diff --git a/go/ql/src/Security/CWE-681/IncorrectIntegerConversionQuery.ql b/go/ql/src/Security/CWE-681/IncorrectIntegerConversionQuery.ql index a310f024a2d..ce5081a92e9 100644 --- a/go/ql/src/Security/CWE-681/IncorrectIntegerConversionQuery.ql +++ b/go/ql/src/Security/CWE-681/IncorrectIntegerConversionQuery.ql @@ -18,7 +18,8 @@ import semmle.go.security.IncorrectIntegerConversionLib import Flow::PathGraph from - Flow::PathNode source, Flow::PathNode sink, DataFlow::CallNode call, DataFlow::Node sinkConverted + Flow::PathNode source, Flow::PathNode sink, DataFlow::CallNode call, + DataFlow::TypeCastNode sinkConverted where Flow::flowPath(source, sink) and call.getResult(0) = source.getNode() and diff --git a/go/ql/src/experimental/CWE-1004/AuthCookie.qll b/go/ql/src/experimental/CWE-1004/AuthCookie.qll index b16f09ac185..58c9f8642b3 100644 --- a/go/ql/src/experimental/CWE-1004/AuthCookie.qll +++ b/go/ql/src/experimental/CWE-1004/AuthCookie.qll @@ -28,7 +28,7 @@ private class GorillaSessionOptionsField extends Field { private DataFlow::Node getValueForFieldWrite(StructLit sl, string field) { exists(Write w, DataFlow::Node base, Field f | f.getName() = field and - w.writesField(base, f, result) and + w.writesFieldPreUpdate(base, f, result) and ( sl = base.asExpr() or @@ -209,10 +209,7 @@ private module GorillaSessionOptionsTrackingConfig implements DataFlow::ConfigSi predicate isSink(DataFlow::Node sink) { sink instanceof GorillaSessionSaveSink } predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) { - exists(GorillaSessionOptionsField f, DataFlow::Write w, DataFlow::Node base | - w.writesField(base, f, pred) and - succ = base - ) + exists(GorillaSessionOptionsField f, DataFlow::Write w | w.writesField(succ, f, pred)) } } @@ -236,10 +233,7 @@ private module BoolToGorillaSessionOptionsTrackingConfig implements DataFlow::Co sl = succ.asExpr() ) or - exists(GorillaSessionOptionsField f, DataFlow::Write w, DataFlow::Node base | - w.writesField(base, f, pred) and - succ = base - ) + exists(GorillaSessionOptionsField f, DataFlow::Write w | w.writesField(succ, f, pred)) } } diff --git a/go/ql/src/experimental/CWE-918/SSRF.qll b/go/ql/src/experimental/CWE-918/SSRF.qll index 05abe7bf8e4..f0d3cc935a1 100644 --- a/go/ql/src/experimental/CWE-918/SSRF.qll +++ b/go/ql/src/experimental/CWE-918/SSRF.qll @@ -22,8 +22,8 @@ module ServerSideRequestForgery { predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { // propagate to a URL when its host is assigned to - exists(Write w, Field f, SsaWithFields v | f.hasQualifiedName("net/url", "URL", "Host") | - w.writesField(v.getAUse(), f, node1) and node2 = v.getAUse() + exists(Write w, Field f | f.hasQualifiedName("net/url", "URL", "Host") | + w.writesField(node2, f, node1) ) } diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml index 816d4b95867..c85a94a90f5 100644 --- a/go/ql/src/qlpack.yml +++ b/go/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-queries -version: 1.4.6 +version: 1.4.7-dev groups: - go - queries diff --git a/go/ql/test/example-tests/snippets/typeinfo.expected b/go/ql/test/example-tests/snippets/typeinfo.expected index 728a1dfc6f7..91ea716693f 100644 --- a/go/ql/test/example-tests/snippets/typeinfo.expected +++ b/go/ql/test/example-tests/snippets/typeinfo.expected @@ -5,3 +5,4 @@ | main.go:18:12:18:14 | argument corresponding to req | | main.go:18:12:18:14 | definition of req | | main.go:20:5:20:7 | req | +| main.go:20:5:20:7 | req [postupdate] | diff --git a/go/ql/test/experimental/CWE-1004/CookieWithoutHttpOnly.expected b/go/ql/test/experimental/CWE-1004/CookieWithoutHttpOnly.expected index 5c7bef1155e..355c0a62b1b 100644 --- a/go/ql/test/experimental/CWE-1004/CookieWithoutHttpOnly.expected +++ b/go/ql/test/experimental/CWE-1004/CookieWithoutHttpOnly.expected @@ -1,90 +1,54 @@ edges | CookieWithoutHttpOnly.go:11:7:14:2 | struct literal | CookieWithoutHttpOnly.go:15:20:15:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:11:7:14:2 | struct literal | CookieWithoutHttpOnly.go:15:20:15:21 | &... | provenance | | | CookieWithoutHttpOnly.go:11:7:14:2 | struct literal | CookieWithoutHttpOnly.go:15:21:15:21 | c | provenance | | | CookieWithoutHttpOnly.go:12:10:12:18 | "session" | CookieWithoutHttpOnly.go:11:7:14:2 | struct literal | provenance | Config | -| CookieWithoutHttpOnly.go:15:20:15:21 | &... | CookieWithoutHttpOnly.go:15:21:15:21 | c | provenance | | | CookieWithoutHttpOnly.go:15:20:15:21 | &... [pointer] | CookieWithoutHttpOnly.go:15:20:15:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:15:20:15:21 | &... [pointer] | CookieWithoutHttpOnly.go:15:20:15:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:15:20:15:21 | &... [pointer] | CookieWithoutHttpOnly.go:15:21:15:21 | c | provenance | | | CookieWithoutHttpOnly.go:15:21:15:21 | c | CookieWithoutHttpOnly.go:15:20:15:21 | &... | provenance | | | CookieWithoutHttpOnly.go:15:21:15:21 | c | CookieWithoutHttpOnly.go:15:20:15:21 | &... [pointer] | provenance | | | CookieWithoutHttpOnly.go:19:7:23:2 | struct literal | CookieWithoutHttpOnly.go:24:20:24:21 | &... | provenance | | | CookieWithoutHttpOnly.go:19:7:23:2 | struct literal | CookieWithoutHttpOnly.go:24:20:24:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:19:7:23:2 | struct literal | CookieWithoutHttpOnly.go:24:20:24:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:19:7:23:2 | struct literal | CookieWithoutHttpOnly.go:24:20:24:21 | &... | provenance | | | CookieWithoutHttpOnly.go:19:7:23:2 | struct literal | CookieWithoutHttpOnly.go:24:21:24:21 | c | provenance | | | CookieWithoutHttpOnly.go:19:7:23:2 | struct literal | CookieWithoutHttpOnly.go:24:21:24:21 | c | provenance | | | CookieWithoutHttpOnly.go:20:13:20:21 | "session" | CookieWithoutHttpOnly.go:19:7:23:2 | struct literal | provenance | Config | | CookieWithoutHttpOnly.go:22:13:22:17 | false | CookieWithoutHttpOnly.go:19:7:23:2 | struct literal | provenance | Config | -| CookieWithoutHttpOnly.go:24:20:24:21 | &... | CookieWithoutHttpOnly.go:24:21:24:21 | c | provenance | | -| CookieWithoutHttpOnly.go:24:20:24:21 | &... | CookieWithoutHttpOnly.go:24:21:24:21 | c | provenance | | | CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] | CookieWithoutHttpOnly.go:24:20:24:21 | &... | provenance | | | CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] | CookieWithoutHttpOnly.go:24:20:24:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] | CookieWithoutHttpOnly.go:24:20:24:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] | CookieWithoutHttpOnly.go:24:20:24:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] | CookieWithoutHttpOnly.go:24:21:24:21 | c | provenance | | -| CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] | CookieWithoutHttpOnly.go:24:21:24:21 | c | provenance | | | CookieWithoutHttpOnly.go:24:21:24:21 | c | CookieWithoutHttpOnly.go:24:20:24:21 | &... | provenance | | | CookieWithoutHttpOnly.go:24:21:24:21 | c | CookieWithoutHttpOnly.go:24:20:24:21 | &... | provenance | | | CookieWithoutHttpOnly.go:24:21:24:21 | c | CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] | provenance | | | CookieWithoutHttpOnly.go:24:21:24:21 | c | CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] | provenance | | | CookieWithoutHttpOnly.go:28:7:32:2 | struct literal | CookieWithoutHttpOnly.go:33:20:33:21 | &... | provenance | | | CookieWithoutHttpOnly.go:28:7:32:2 | struct literal | CookieWithoutHttpOnly.go:33:20:33:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:28:7:32:2 | struct literal | CookieWithoutHttpOnly.go:33:20:33:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:28:7:32:2 | struct literal | CookieWithoutHttpOnly.go:33:20:33:21 | &... | provenance | | | CookieWithoutHttpOnly.go:28:7:32:2 | struct literal | CookieWithoutHttpOnly.go:33:21:33:21 | c | provenance | | | CookieWithoutHttpOnly.go:28:7:32:2 | struct literal | CookieWithoutHttpOnly.go:33:21:33:21 | c | provenance | | | CookieWithoutHttpOnly.go:29:13:29:21 | "session" | CookieWithoutHttpOnly.go:28:7:32:2 | struct literal | provenance | Config | | CookieWithoutHttpOnly.go:31:13:31:16 | true | CookieWithoutHttpOnly.go:28:7:32:2 | struct literal | provenance | Config | -| CookieWithoutHttpOnly.go:33:20:33:21 | &... | CookieWithoutHttpOnly.go:33:21:33:21 | c | provenance | | -| CookieWithoutHttpOnly.go:33:20:33:21 | &... | CookieWithoutHttpOnly.go:33:21:33:21 | c | provenance | | | CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] | CookieWithoutHttpOnly.go:33:20:33:21 | &... | provenance | | | CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] | CookieWithoutHttpOnly.go:33:20:33:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] | CookieWithoutHttpOnly.go:33:20:33:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] | CookieWithoutHttpOnly.go:33:20:33:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] | CookieWithoutHttpOnly.go:33:21:33:21 | c | provenance | | -| CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] | CookieWithoutHttpOnly.go:33:21:33:21 | c | provenance | | | CookieWithoutHttpOnly.go:33:21:33:21 | c | CookieWithoutHttpOnly.go:33:20:33:21 | &... | provenance | | | CookieWithoutHttpOnly.go:33:21:33:21 | c | CookieWithoutHttpOnly.go:33:20:33:21 | &... | provenance | | | CookieWithoutHttpOnly.go:33:21:33:21 | c | CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] | provenance | | | CookieWithoutHttpOnly.go:33:21:33:21 | c | CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] | provenance | | | CookieWithoutHttpOnly.go:37:7:40:2 | struct literal | CookieWithoutHttpOnly.go:42:20:42:21 | &... | provenance | | | CookieWithoutHttpOnly.go:37:7:40:2 | struct literal | CookieWithoutHttpOnly.go:42:20:42:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:37:7:40:2 | struct literal | CookieWithoutHttpOnly.go:42:20:42:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:37:7:40:2 | struct literal | CookieWithoutHttpOnly.go:42:20:42:21 | &... | provenance | | | CookieWithoutHttpOnly.go:37:7:40:2 | struct literal | CookieWithoutHttpOnly.go:42:21:42:21 | c | provenance | | | CookieWithoutHttpOnly.go:37:7:40:2 | struct literal | CookieWithoutHttpOnly.go:42:21:42:21 | c | provenance | | | CookieWithoutHttpOnly.go:38:10:38:18 | "session" | CookieWithoutHttpOnly.go:37:7:40:2 | struct literal | provenance | Config | | CookieWithoutHttpOnly.go:41:15:41:18 | true | CookieWithoutHttpOnly.go:37:7:40:2 | struct literal | provenance | Config | -| CookieWithoutHttpOnly.go:42:20:42:21 | &... | CookieWithoutHttpOnly.go:42:21:42:21 | c | provenance | | -| CookieWithoutHttpOnly.go:42:20:42:21 | &... | CookieWithoutHttpOnly.go:42:21:42:21 | c | provenance | | | CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] | CookieWithoutHttpOnly.go:42:20:42:21 | &... | provenance | | | CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] | CookieWithoutHttpOnly.go:42:20:42:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] | CookieWithoutHttpOnly.go:42:20:42:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] | CookieWithoutHttpOnly.go:42:20:42:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] | CookieWithoutHttpOnly.go:42:21:42:21 | c | provenance | | -| CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] | CookieWithoutHttpOnly.go:42:21:42:21 | c | provenance | | | CookieWithoutHttpOnly.go:42:21:42:21 | c | CookieWithoutHttpOnly.go:42:20:42:21 | &... | provenance | | | CookieWithoutHttpOnly.go:42:21:42:21 | c | CookieWithoutHttpOnly.go:42:20:42:21 | &... | provenance | | | CookieWithoutHttpOnly.go:42:21:42:21 | c | CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] | provenance | | | CookieWithoutHttpOnly.go:42:21:42:21 | c | CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] | provenance | | | CookieWithoutHttpOnly.go:46:7:49:2 | struct literal | CookieWithoutHttpOnly.go:51:20:51:21 | &... | provenance | | | CookieWithoutHttpOnly.go:46:7:49:2 | struct literal | CookieWithoutHttpOnly.go:51:20:51:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:46:7:49:2 | struct literal | CookieWithoutHttpOnly.go:51:20:51:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:46:7:49:2 | struct literal | CookieWithoutHttpOnly.go:51:20:51:21 | &... | provenance | | | CookieWithoutHttpOnly.go:46:7:49:2 | struct literal | CookieWithoutHttpOnly.go:51:21:51:21 | c | provenance | | | CookieWithoutHttpOnly.go:46:7:49:2 | struct literal | CookieWithoutHttpOnly.go:51:21:51:21 | c | provenance | | | CookieWithoutHttpOnly.go:47:10:47:18 | "session" | CookieWithoutHttpOnly.go:46:7:49:2 | struct literal | provenance | Config | | CookieWithoutHttpOnly.go:50:15:50:19 | false | CookieWithoutHttpOnly.go:46:7:49:2 | struct literal | provenance | Config | -| CookieWithoutHttpOnly.go:51:20:51:21 | &... | CookieWithoutHttpOnly.go:51:21:51:21 | c | provenance | | -| CookieWithoutHttpOnly.go:51:20:51:21 | &... | CookieWithoutHttpOnly.go:51:21:51:21 | c | provenance | | | CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] | CookieWithoutHttpOnly.go:51:20:51:21 | &... | provenance | | | CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] | CookieWithoutHttpOnly.go:51:20:51:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] | CookieWithoutHttpOnly.go:51:20:51:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] | CookieWithoutHttpOnly.go:51:20:51:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] | CookieWithoutHttpOnly.go:51:21:51:21 | c | provenance | | -| CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] | CookieWithoutHttpOnly.go:51:21:51:21 | c | provenance | | | CookieWithoutHttpOnly.go:51:21:51:21 | c | CookieWithoutHttpOnly.go:51:20:51:21 | &... | provenance | | | CookieWithoutHttpOnly.go:51:21:51:21 | c | CookieWithoutHttpOnly.go:51:20:51:21 | &... | provenance | | | CookieWithoutHttpOnly.go:51:21:51:21 | c | CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] | provenance | | @@ -93,20 +57,12 @@ edges | CookieWithoutHttpOnly.go:55:9:55:13 | false | CookieWithoutHttpOnly.go:59:13:59:15 | val | provenance | | | CookieWithoutHttpOnly.go:56:7:60:2 | struct literal | CookieWithoutHttpOnly.go:61:20:61:21 | &... | provenance | | | CookieWithoutHttpOnly.go:56:7:60:2 | struct literal | CookieWithoutHttpOnly.go:61:20:61:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:56:7:60:2 | struct literal | CookieWithoutHttpOnly.go:61:20:61:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:56:7:60:2 | struct literal | CookieWithoutHttpOnly.go:61:20:61:21 | &... | provenance | | | CookieWithoutHttpOnly.go:56:7:60:2 | struct literal | CookieWithoutHttpOnly.go:61:21:61:21 | c | provenance | | | CookieWithoutHttpOnly.go:56:7:60:2 | struct literal | CookieWithoutHttpOnly.go:61:21:61:21 | c | provenance | | | CookieWithoutHttpOnly.go:57:13:57:21 | "session" | CookieWithoutHttpOnly.go:56:7:60:2 | struct literal | provenance | Config | | CookieWithoutHttpOnly.go:59:13:59:15 | val | CookieWithoutHttpOnly.go:56:7:60:2 | struct literal | provenance | Config | -| CookieWithoutHttpOnly.go:61:20:61:21 | &... | CookieWithoutHttpOnly.go:61:21:61:21 | c | provenance | | -| CookieWithoutHttpOnly.go:61:20:61:21 | &... | CookieWithoutHttpOnly.go:61:21:61:21 | c | provenance | | | CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] | CookieWithoutHttpOnly.go:61:20:61:21 | &... | provenance | | | CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] | CookieWithoutHttpOnly.go:61:20:61:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] | CookieWithoutHttpOnly.go:61:20:61:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] | CookieWithoutHttpOnly.go:61:20:61:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] | CookieWithoutHttpOnly.go:61:21:61:21 | c | provenance | | -| CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] | CookieWithoutHttpOnly.go:61:21:61:21 | c | provenance | | | CookieWithoutHttpOnly.go:61:21:61:21 | c | CookieWithoutHttpOnly.go:61:20:61:21 | &... | provenance | | | CookieWithoutHttpOnly.go:61:21:61:21 | c | CookieWithoutHttpOnly.go:61:20:61:21 | &... | provenance | | | CookieWithoutHttpOnly.go:61:21:61:21 | c | CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] | provenance | | @@ -115,20 +71,12 @@ edges | CookieWithoutHttpOnly.go:65:9:65:12 | true | CookieWithoutHttpOnly.go:69:13:69:15 | val | provenance | | | CookieWithoutHttpOnly.go:66:7:70:2 | struct literal | CookieWithoutHttpOnly.go:71:20:71:21 | &... | provenance | | | CookieWithoutHttpOnly.go:66:7:70:2 | struct literal | CookieWithoutHttpOnly.go:71:20:71:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:66:7:70:2 | struct literal | CookieWithoutHttpOnly.go:71:20:71:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:66:7:70:2 | struct literal | CookieWithoutHttpOnly.go:71:20:71:21 | &... | provenance | | | CookieWithoutHttpOnly.go:66:7:70:2 | struct literal | CookieWithoutHttpOnly.go:71:21:71:21 | c | provenance | | | CookieWithoutHttpOnly.go:66:7:70:2 | struct literal | CookieWithoutHttpOnly.go:71:21:71:21 | c | provenance | | | CookieWithoutHttpOnly.go:67:13:67:21 | "session" | CookieWithoutHttpOnly.go:66:7:70:2 | struct literal | provenance | Config | | CookieWithoutHttpOnly.go:69:13:69:15 | val | CookieWithoutHttpOnly.go:66:7:70:2 | struct literal | provenance | Config | -| CookieWithoutHttpOnly.go:71:20:71:21 | &... | CookieWithoutHttpOnly.go:71:21:71:21 | c | provenance | | -| CookieWithoutHttpOnly.go:71:20:71:21 | &... | CookieWithoutHttpOnly.go:71:21:71:21 | c | provenance | | | CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] | CookieWithoutHttpOnly.go:71:20:71:21 | &... | provenance | | | CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] | CookieWithoutHttpOnly.go:71:20:71:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] | CookieWithoutHttpOnly.go:71:20:71:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] | CookieWithoutHttpOnly.go:71:20:71:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] | CookieWithoutHttpOnly.go:71:21:71:21 | c | provenance | | -| CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] | CookieWithoutHttpOnly.go:71:21:71:21 | c | provenance | | | CookieWithoutHttpOnly.go:71:21:71:21 | c | CookieWithoutHttpOnly.go:71:20:71:21 | &... | provenance | | | CookieWithoutHttpOnly.go:71:21:71:21 | c | CookieWithoutHttpOnly.go:71:20:71:21 | &... | provenance | | | CookieWithoutHttpOnly.go:71:21:71:21 | c | CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] | provenance | | @@ -137,20 +85,12 @@ edges | CookieWithoutHttpOnly.go:75:9:75:12 | true | CookieWithoutHttpOnly.go:80:15:80:17 | val | provenance | | | CookieWithoutHttpOnly.go:76:7:79:2 | struct literal | CookieWithoutHttpOnly.go:81:20:81:21 | &... | provenance | | | CookieWithoutHttpOnly.go:76:7:79:2 | struct literal | CookieWithoutHttpOnly.go:81:20:81:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:76:7:79:2 | struct literal | CookieWithoutHttpOnly.go:81:20:81:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:76:7:79:2 | struct literal | CookieWithoutHttpOnly.go:81:20:81:21 | &... | provenance | | | CookieWithoutHttpOnly.go:76:7:79:2 | struct literal | CookieWithoutHttpOnly.go:81:21:81:21 | c | provenance | | | CookieWithoutHttpOnly.go:76:7:79:2 | struct literal | CookieWithoutHttpOnly.go:81:21:81:21 | c | provenance | | | CookieWithoutHttpOnly.go:77:10:77:18 | "session" | CookieWithoutHttpOnly.go:76:7:79:2 | struct literal | provenance | Config | | CookieWithoutHttpOnly.go:80:15:80:17 | val | CookieWithoutHttpOnly.go:76:7:79:2 | struct literal | provenance | Config | -| CookieWithoutHttpOnly.go:81:20:81:21 | &... | CookieWithoutHttpOnly.go:81:21:81:21 | c | provenance | | -| CookieWithoutHttpOnly.go:81:20:81:21 | &... | CookieWithoutHttpOnly.go:81:21:81:21 | c | provenance | | | CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] | CookieWithoutHttpOnly.go:81:20:81:21 | &... | provenance | | | CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] | CookieWithoutHttpOnly.go:81:20:81:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] | CookieWithoutHttpOnly.go:81:20:81:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] | CookieWithoutHttpOnly.go:81:20:81:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] | CookieWithoutHttpOnly.go:81:21:81:21 | c | provenance | | -| CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] | CookieWithoutHttpOnly.go:81:21:81:21 | c | provenance | | | CookieWithoutHttpOnly.go:81:21:81:21 | c | CookieWithoutHttpOnly.go:81:20:81:21 | &... | provenance | | | CookieWithoutHttpOnly.go:81:21:81:21 | c | CookieWithoutHttpOnly.go:81:20:81:21 | &... | provenance | | | CookieWithoutHttpOnly.go:81:21:81:21 | c | CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] | provenance | | @@ -159,51 +99,31 @@ edges | CookieWithoutHttpOnly.go:85:9:85:13 | false | CookieWithoutHttpOnly.go:90:15:90:17 | val | provenance | | | CookieWithoutHttpOnly.go:86:7:89:2 | struct literal | CookieWithoutHttpOnly.go:91:20:91:21 | &... | provenance | | | CookieWithoutHttpOnly.go:86:7:89:2 | struct literal | CookieWithoutHttpOnly.go:91:20:91:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:86:7:89:2 | struct literal | CookieWithoutHttpOnly.go:91:20:91:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:86:7:89:2 | struct literal | CookieWithoutHttpOnly.go:91:20:91:21 | &... | provenance | | | CookieWithoutHttpOnly.go:86:7:89:2 | struct literal | CookieWithoutHttpOnly.go:91:21:91:21 | c | provenance | | | CookieWithoutHttpOnly.go:86:7:89:2 | struct literal | CookieWithoutHttpOnly.go:91:21:91:21 | c | provenance | | | CookieWithoutHttpOnly.go:87:10:87:18 | "session" | CookieWithoutHttpOnly.go:86:7:89:2 | struct literal | provenance | Config | | CookieWithoutHttpOnly.go:90:15:90:17 | val | CookieWithoutHttpOnly.go:86:7:89:2 | struct literal | provenance | Config | -| CookieWithoutHttpOnly.go:91:20:91:21 | &... | CookieWithoutHttpOnly.go:91:21:91:21 | c | provenance | | -| CookieWithoutHttpOnly.go:91:20:91:21 | &... | CookieWithoutHttpOnly.go:91:21:91:21 | c | provenance | | | CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] | CookieWithoutHttpOnly.go:91:20:91:21 | &... | provenance | | | CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] | CookieWithoutHttpOnly.go:91:20:91:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] | CookieWithoutHttpOnly.go:91:20:91:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] | CookieWithoutHttpOnly.go:91:20:91:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] | CookieWithoutHttpOnly.go:91:21:91:21 | c | provenance | | -| CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] | CookieWithoutHttpOnly.go:91:21:91:21 | c | provenance | | | CookieWithoutHttpOnly.go:91:21:91:21 | c | CookieWithoutHttpOnly.go:91:20:91:21 | &... | provenance | | | CookieWithoutHttpOnly.go:91:21:91:21 | c | CookieWithoutHttpOnly.go:91:20:91:21 | &... | provenance | | | CookieWithoutHttpOnly.go:91:21:91:21 | c | CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] | provenance | | | CookieWithoutHttpOnly.go:91:21:91:21 | c | CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] | provenance | | | CookieWithoutHttpOnly.go:95:7:98:2 | struct literal | CookieWithoutHttpOnly.go:100:20:100:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:95:7:98:2 | struct literal | CookieWithoutHttpOnly.go:100:20:100:21 | &... | provenance | | | CookieWithoutHttpOnly.go:95:7:98:2 | struct literal | CookieWithoutHttpOnly.go:100:21:100:21 | c | provenance | | | CookieWithoutHttpOnly.go:99:15:99:19 | false | CookieWithoutHttpOnly.go:95:7:98:2 | struct literal | provenance | Config | -| CookieWithoutHttpOnly.go:100:20:100:21 | &... | CookieWithoutHttpOnly.go:100:21:100:21 | c | provenance | | | CookieWithoutHttpOnly.go:100:20:100:21 | &... [pointer] | CookieWithoutHttpOnly.go:100:20:100:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:100:20:100:21 | &... [pointer] | CookieWithoutHttpOnly.go:100:20:100:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:100:20:100:21 | &... [pointer] | CookieWithoutHttpOnly.go:100:21:100:21 | c | provenance | | | CookieWithoutHttpOnly.go:100:21:100:21 | c | CookieWithoutHttpOnly.go:100:20:100:21 | &... | provenance | | | CookieWithoutHttpOnly.go:100:21:100:21 | c | CookieWithoutHttpOnly.go:100:20:100:21 | &... [pointer] | provenance | | | CookieWithoutHttpOnly.go:104:10:104:18 | "session" | CookieWithoutHttpOnly.go:106:10:106:13 | name | provenance | | | CookieWithoutHttpOnly.go:105:7:108:2 | struct literal | CookieWithoutHttpOnly.go:110:20:110:21 | &... | provenance | | | CookieWithoutHttpOnly.go:105:7:108:2 | struct literal | CookieWithoutHttpOnly.go:110:20:110:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:105:7:108:2 | struct literal | CookieWithoutHttpOnly.go:110:20:110:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:105:7:108:2 | struct literal | CookieWithoutHttpOnly.go:110:20:110:21 | &... | provenance | | | CookieWithoutHttpOnly.go:105:7:108:2 | struct literal | CookieWithoutHttpOnly.go:110:21:110:21 | c | provenance | | | CookieWithoutHttpOnly.go:105:7:108:2 | struct literal | CookieWithoutHttpOnly.go:110:21:110:21 | c | provenance | | | CookieWithoutHttpOnly.go:106:10:106:13 | name | CookieWithoutHttpOnly.go:105:7:108:2 | struct literal | provenance | Config | | CookieWithoutHttpOnly.go:109:15:109:19 | false | CookieWithoutHttpOnly.go:105:7:108:2 | struct literal | provenance | Config | -| CookieWithoutHttpOnly.go:110:20:110:21 | &... | CookieWithoutHttpOnly.go:110:21:110:21 | c | provenance | | -| CookieWithoutHttpOnly.go:110:20:110:21 | &... | CookieWithoutHttpOnly.go:110:21:110:21 | c | provenance | | | CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] | CookieWithoutHttpOnly.go:110:20:110:21 | &... | provenance | | | CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] | CookieWithoutHttpOnly.go:110:20:110:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] | CookieWithoutHttpOnly.go:110:20:110:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] | CookieWithoutHttpOnly.go:110:20:110:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] | CookieWithoutHttpOnly.go:110:21:110:21 | c | provenance | | -| CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] | CookieWithoutHttpOnly.go:110:21:110:21 | c | provenance | | | CookieWithoutHttpOnly.go:110:21:110:21 | c | CookieWithoutHttpOnly.go:110:20:110:21 | &... | provenance | | | CookieWithoutHttpOnly.go:110:21:110:21 | c | CookieWithoutHttpOnly.go:110:20:110:21 | &... | provenance | | | CookieWithoutHttpOnly.go:110:21:110:21 | c | CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] | provenance | | @@ -211,20 +131,12 @@ edges | CookieWithoutHttpOnly.go:114:13:114:24 | "login_name" | CookieWithoutHttpOnly.go:116:10:116:16 | session | provenance | | | CookieWithoutHttpOnly.go:115:7:118:2 | struct literal | CookieWithoutHttpOnly.go:120:20:120:21 | &... | provenance | | | CookieWithoutHttpOnly.go:115:7:118:2 | struct literal | CookieWithoutHttpOnly.go:120:20:120:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:115:7:118:2 | struct literal | CookieWithoutHttpOnly.go:120:20:120:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:115:7:118:2 | struct literal | CookieWithoutHttpOnly.go:120:20:120:21 | &... | provenance | | | CookieWithoutHttpOnly.go:115:7:118:2 | struct literal | CookieWithoutHttpOnly.go:120:21:120:21 | c | provenance | | | CookieWithoutHttpOnly.go:115:7:118:2 | struct literal | CookieWithoutHttpOnly.go:120:21:120:21 | c | provenance | | | CookieWithoutHttpOnly.go:116:10:116:16 | session | CookieWithoutHttpOnly.go:115:7:118:2 | struct literal | provenance | Config | | CookieWithoutHttpOnly.go:119:15:119:19 | false | CookieWithoutHttpOnly.go:115:7:118:2 | struct literal | provenance | Config | -| CookieWithoutHttpOnly.go:120:20:120:21 | &... | CookieWithoutHttpOnly.go:120:21:120:21 | c | provenance | | -| CookieWithoutHttpOnly.go:120:20:120:21 | &... | CookieWithoutHttpOnly.go:120:21:120:21 | c | provenance | | | CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] | CookieWithoutHttpOnly.go:120:20:120:21 | &... | provenance | | | CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] | CookieWithoutHttpOnly.go:120:20:120:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] | CookieWithoutHttpOnly.go:120:20:120:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] | CookieWithoutHttpOnly.go:120:20:120:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] | CookieWithoutHttpOnly.go:120:21:120:21 | c | provenance | | -| CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] | CookieWithoutHttpOnly.go:120:21:120:21 | c | provenance | | | CookieWithoutHttpOnly.go:120:21:120:21 | c | CookieWithoutHttpOnly.go:120:20:120:21 | &... | provenance | | | CookieWithoutHttpOnly.go:120:21:120:21 | c | CookieWithoutHttpOnly.go:120:20:120:21 | &... | provenance | | | CookieWithoutHttpOnly.go:120:21:120:21 | c | CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] | provenance | | @@ -235,233 +147,83 @@ edges | CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore | CookieWithoutHttpOnly.go:158:16:158:20 | store | provenance | | | CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore | CookieWithoutHttpOnly.go:170:16:170:20 | store | provenance | | | CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore | CookieWithoutHttpOnly.go:183:16:183:20 | store | provenance | | -| CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore | CookieWithoutHttpOnly.go:191:2:191:6 | store | provenance | | | CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore | CookieWithoutHttpOnly.go:195:16:195:20 | store | provenance | | -| CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore | CookieWithoutHttpOnly.go:202:2:202:6 | store | provenance | | | CookieWithoutHttpOnly.go:126:2:126:43 | ... := ...[0] | CookieWithoutHttpOnly.go:129:2:129:8 | session | provenance | | | CookieWithoutHttpOnly.go:126:16:126:20 | store | CookieWithoutHttpOnly.go:126:2:126:43 | ... := ...[0] | provenance | Config | -| CookieWithoutHttpOnly.go:126:16:126:20 | store | CookieWithoutHttpOnly.go:126:16:126:20 | store | provenance | | -| CookieWithoutHttpOnly.go:126:16:126:20 | store | CookieWithoutHttpOnly.go:134:16:134:20 | store | provenance | | -| CookieWithoutHttpOnly.go:126:16:126:20 | store | CookieWithoutHttpOnly.go:146:16:146:20 | store | provenance | | -| CookieWithoutHttpOnly.go:126:16:126:20 | store | CookieWithoutHttpOnly.go:158:16:158:20 | store | provenance | | -| CookieWithoutHttpOnly.go:126:16:126:20 | store | CookieWithoutHttpOnly.go:170:16:170:20 | store | provenance | | -| CookieWithoutHttpOnly.go:126:16:126:20 | store | CookieWithoutHttpOnly.go:183:16:183:20 | store | provenance | | -| CookieWithoutHttpOnly.go:126:16:126:20 | store | CookieWithoutHttpOnly.go:191:2:191:6 | store | provenance | | -| CookieWithoutHttpOnly.go:126:16:126:20 | store | CookieWithoutHttpOnly.go:195:16:195:20 | store | provenance | | -| CookieWithoutHttpOnly.go:126:16:126:20 | store | CookieWithoutHttpOnly.go:202:2:202:6 | store | provenance | | | CookieWithoutHttpOnly.go:133:2:133:9 | definition of httpOnly | CookieWithoutHttpOnly.go:139:13:139:20 | httpOnly | provenance | | | CookieWithoutHttpOnly.go:133:14:133:18 | false | CookieWithoutHttpOnly.go:139:13:139:20 | httpOnly | provenance | | -| CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:135:2:135:8 | session [pointer] | provenance | | -| CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:135:2:135:8 | session [pointer] | provenance | | -| CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:137:2:137:8 | session [pointer] | provenance | | -| CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:137:2:137:8 | session [pointer] | provenance | | -| CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance | | -| CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance | | | CookieWithoutHttpOnly.go:134:2:134:43 | ... := ...[0] | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance | | -| CookieWithoutHttpOnly.go:134:16:134:20 | store | CookieWithoutHttpOnly.go:126:16:126:20 | store | provenance | | | CookieWithoutHttpOnly.go:134:16:134:20 | store | CookieWithoutHttpOnly.go:134:2:134:43 | ... := ...[0] | provenance | Config | -| CookieWithoutHttpOnly.go:134:16:134:20 | store | CookieWithoutHttpOnly.go:134:16:134:20 | store | provenance | | -| CookieWithoutHttpOnly.go:134:16:134:20 | store | CookieWithoutHttpOnly.go:146:16:146:20 | store | provenance | | -| CookieWithoutHttpOnly.go:134:16:134:20 | store | CookieWithoutHttpOnly.go:158:16:158:20 | store | provenance | | -| CookieWithoutHttpOnly.go:134:16:134:20 | store | CookieWithoutHttpOnly.go:170:16:170:20 | store | provenance | | -| CookieWithoutHttpOnly.go:134:16:134:20 | store | CookieWithoutHttpOnly.go:183:16:183:20 | store | provenance | | -| CookieWithoutHttpOnly.go:134:16:134:20 | store | CookieWithoutHttpOnly.go:191:2:191:6 | store | provenance | | -| CookieWithoutHttpOnly.go:134:16:134:20 | store | CookieWithoutHttpOnly.go:195:16:195:20 | store | provenance | | -| CookieWithoutHttpOnly.go:134:16:134:20 | store | CookieWithoutHttpOnly.go:202:2:202:6 | store | provenance | | -| CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | provenance | | -| CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | provenance | | -| CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | CookieWithoutHttpOnly.go:137:2:137:8 | session | provenance | | -| CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | CookieWithoutHttpOnly.go:137:2:137:8 | session | provenance | | -| CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance | | -| CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance | | -| CookieWithoutHttpOnly.go:135:2:135:8 | session [pointer] | CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | provenance | | -| CookieWithoutHttpOnly.go:135:2:135:8 | session [pointer] | CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | provenance | | -| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | provenance | | -| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | provenance | | -| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | provenance | | -| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | provenance | | -| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | CookieWithoutHttpOnly.go:137:2:137:8 | session | provenance | | -| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | CookieWithoutHttpOnly.go:137:2:137:8 | session | provenance | | -| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance | | -| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance | | -| CookieWithoutHttpOnly.go:137:2:137:8 | session | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | provenance | | -| CookieWithoutHttpOnly.go:137:2:137:8 | session | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | provenance | | -| CookieWithoutHttpOnly.go:137:2:137:8 | session [pointer] | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | provenance | | -| CookieWithoutHttpOnly.go:137:2:137:8 | session [pointer] | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | provenance | | -| CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | provenance | Config | -| CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | provenance | Config | -| CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:2:137:8 | session | provenance | Config | -| CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:2:137:8 | session | provenance | Config | -| CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:21:140:2 | struct literal | provenance | | +| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference [postupdate] | CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] | provenance | | +| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference [postupdate] | CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] | provenance | | +| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference [postupdate] | CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] [pointer] | provenance | | +| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference [postupdate] | CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] [pointer] | provenance | | +| CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance | | +| CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance | | +| CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] [pointer] | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance | | +| CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] [pointer] | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance | | +| CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference [postupdate] | provenance | Config | +| CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference [postupdate] | provenance | Config | +| CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] | provenance | Config | +| CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] | provenance | Config | | CookieWithoutHttpOnly.go:137:21:140:2 | struct literal | CookieWithoutHttpOnly.go:137:20:140:2 | &... | provenance | | | CookieWithoutHttpOnly.go:137:21:140:2 | struct literal | CookieWithoutHttpOnly.go:137:20:140:2 | &... | provenance | | | CookieWithoutHttpOnly.go:139:13:139:20 | httpOnly | CookieWithoutHttpOnly.go:137:21:140:2 | struct literal | provenance | Config | -| CookieWithoutHttpOnly.go:146:2:146:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:147:2:147:8 | session [pointer] | provenance | | -| CookieWithoutHttpOnly.go:146:2:146:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:149:2:149:8 | session [pointer] | provenance | | -| CookieWithoutHttpOnly.go:146:2:146:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:153:2:153:8 | session | provenance | | | CookieWithoutHttpOnly.go:146:2:146:43 | ... := ...[0] | CookieWithoutHttpOnly.go:153:2:153:8 | session | provenance | | -| CookieWithoutHttpOnly.go:146:16:146:20 | store | CookieWithoutHttpOnly.go:126:16:126:20 | store | provenance | | -| CookieWithoutHttpOnly.go:146:16:146:20 | store | CookieWithoutHttpOnly.go:134:16:134:20 | store | provenance | | | CookieWithoutHttpOnly.go:146:16:146:20 | store | CookieWithoutHttpOnly.go:146:2:146:43 | ... := ...[0] | provenance | Config | -| CookieWithoutHttpOnly.go:146:16:146:20 | store | CookieWithoutHttpOnly.go:146:16:146:20 | store | provenance | | -| CookieWithoutHttpOnly.go:146:16:146:20 | store | CookieWithoutHttpOnly.go:158:16:158:20 | store | provenance | | -| CookieWithoutHttpOnly.go:146:16:146:20 | store | CookieWithoutHttpOnly.go:170:16:170:20 | store | provenance | | -| CookieWithoutHttpOnly.go:146:16:146:20 | store | CookieWithoutHttpOnly.go:183:16:183:20 | store | provenance | | -| CookieWithoutHttpOnly.go:146:16:146:20 | store | CookieWithoutHttpOnly.go:191:2:191:6 | store | provenance | | -| CookieWithoutHttpOnly.go:146:16:146:20 | store | CookieWithoutHttpOnly.go:195:16:195:20 | store | provenance | | -| CookieWithoutHttpOnly.go:146:16:146:20 | store | CookieWithoutHttpOnly.go:202:2:202:6 | store | provenance | | -| CookieWithoutHttpOnly.go:147:2:147:8 | implicit dereference | CookieWithoutHttpOnly.go:146:2:146:8 | definition of session [pointer] | provenance | | -| CookieWithoutHttpOnly.go:147:2:147:8 | implicit dereference | CookieWithoutHttpOnly.go:149:2:149:8 | session | provenance | | -| CookieWithoutHttpOnly.go:147:2:147:8 | implicit dereference | CookieWithoutHttpOnly.go:153:2:153:8 | session | provenance | | -| CookieWithoutHttpOnly.go:147:2:147:8 | session [pointer] | CookieWithoutHttpOnly.go:147:2:147:8 | implicit dereference | provenance | | -| CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference | CookieWithoutHttpOnly.go:146:2:146:8 | definition of session [pointer] | provenance | | -| CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference | CookieWithoutHttpOnly.go:147:2:147:8 | implicit dereference | provenance | | -| CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference | CookieWithoutHttpOnly.go:149:2:149:8 | session | provenance | | -| CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference | CookieWithoutHttpOnly.go:153:2:153:8 | session | provenance | | -| CookieWithoutHttpOnly.go:149:2:149:8 | session | CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference | provenance | | -| CookieWithoutHttpOnly.go:149:2:149:8 | session [pointer] | CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference | provenance | | -| CookieWithoutHttpOnly.go:149:20:151:2 | &... | CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference | provenance | Config | -| CookieWithoutHttpOnly.go:149:20:151:2 | &... | CookieWithoutHttpOnly.go:149:2:149:8 | session | provenance | Config | +| CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference [postupdate] | CookieWithoutHttpOnly.go:149:2:149:8 | session [postupdate] | provenance | | +| CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference [postupdate] | CookieWithoutHttpOnly.go:149:2:149:8 | session [postupdate] [pointer] | provenance | | +| CookieWithoutHttpOnly.go:149:2:149:8 | session [postupdate] | CookieWithoutHttpOnly.go:153:2:153:8 | session | provenance | | +| CookieWithoutHttpOnly.go:149:2:149:8 | session [postupdate] [pointer] | CookieWithoutHttpOnly.go:153:2:153:8 | session | provenance | | +| CookieWithoutHttpOnly.go:149:20:151:2 | &... | CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference [postupdate] | provenance | Config | +| CookieWithoutHttpOnly.go:149:20:151:2 | &... | CookieWithoutHttpOnly.go:149:2:149:8 | session [postupdate] | provenance | Config | | CookieWithoutHttpOnly.go:149:21:151:2 | struct literal | CookieWithoutHttpOnly.go:149:20:151:2 | &... | provenance | | | CookieWithoutHttpOnly.go:157:2:157:9 | definition of httpOnly | CookieWithoutHttpOnly.go:163:13:163:20 | httpOnly | provenance | | | CookieWithoutHttpOnly.go:157:14:157:17 | true | CookieWithoutHttpOnly.go:163:13:163:20 | httpOnly | provenance | | -| CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:159:2:159:8 | session [pointer] | provenance | | -| CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:159:2:159:8 | session [pointer] | provenance | | -| CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:161:2:161:8 | session [pointer] | provenance | | -| CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:161:2:161:8 | session [pointer] | provenance | | -| CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance | | -| CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance | | | CookieWithoutHttpOnly.go:158:2:158:43 | ... := ...[0] | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance | | -| CookieWithoutHttpOnly.go:158:16:158:20 | store | CookieWithoutHttpOnly.go:126:16:126:20 | store | provenance | | -| CookieWithoutHttpOnly.go:158:16:158:20 | store | CookieWithoutHttpOnly.go:134:16:134:20 | store | provenance | | -| CookieWithoutHttpOnly.go:158:16:158:20 | store | CookieWithoutHttpOnly.go:146:16:146:20 | store | provenance | | | CookieWithoutHttpOnly.go:158:16:158:20 | store | CookieWithoutHttpOnly.go:158:2:158:43 | ... := ...[0] | provenance | Config | -| CookieWithoutHttpOnly.go:158:16:158:20 | store | CookieWithoutHttpOnly.go:158:16:158:20 | store | provenance | | -| CookieWithoutHttpOnly.go:158:16:158:20 | store | CookieWithoutHttpOnly.go:170:16:170:20 | store | provenance | | -| CookieWithoutHttpOnly.go:158:16:158:20 | store | CookieWithoutHttpOnly.go:183:16:183:20 | store | provenance | | -| CookieWithoutHttpOnly.go:158:16:158:20 | store | CookieWithoutHttpOnly.go:191:2:191:6 | store | provenance | | -| CookieWithoutHttpOnly.go:158:16:158:20 | store | CookieWithoutHttpOnly.go:195:16:195:20 | store | provenance | | -| CookieWithoutHttpOnly.go:158:16:158:20 | store | CookieWithoutHttpOnly.go:202:2:202:6 | store | provenance | | -| CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | provenance | | -| CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | provenance | | -| CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | CookieWithoutHttpOnly.go:161:2:161:8 | session | provenance | | -| CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | CookieWithoutHttpOnly.go:161:2:161:8 | session | provenance | | -| CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance | | -| CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance | | -| CookieWithoutHttpOnly.go:159:2:159:8 | session [pointer] | CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | provenance | | -| CookieWithoutHttpOnly.go:159:2:159:8 | session [pointer] | CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | provenance | | -| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | provenance | | -| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | provenance | | -| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | provenance | | -| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | provenance | | -| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | CookieWithoutHttpOnly.go:161:2:161:8 | session | provenance | | -| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | CookieWithoutHttpOnly.go:161:2:161:8 | session | provenance | | -| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance | | -| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance | | -| CookieWithoutHttpOnly.go:161:2:161:8 | session | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | provenance | | -| CookieWithoutHttpOnly.go:161:2:161:8 | session | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | provenance | | -| CookieWithoutHttpOnly.go:161:2:161:8 | session [pointer] | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | provenance | | -| CookieWithoutHttpOnly.go:161:2:161:8 | session [pointer] | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | provenance | | -| CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | provenance | Config | -| CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | provenance | Config | -| CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:2:161:8 | session | provenance | Config | -| CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:2:161:8 | session | provenance | Config | -| CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:21:164:2 | struct literal | provenance | | +| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference [postupdate] | CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] | provenance | | +| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference [postupdate] | CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] | provenance | | +| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference [postupdate] | CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] [pointer] | provenance | | +| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference [postupdate] | CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] [pointer] | provenance | | +| CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance | | +| CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance | | +| CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] [pointer] | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance | | +| CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] [pointer] | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance | | +| CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference [postupdate] | provenance | Config | +| CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference [postupdate] | provenance | Config | +| CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] | provenance | Config | +| CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] | provenance | Config | | CookieWithoutHttpOnly.go:161:21:164:2 | struct literal | CookieWithoutHttpOnly.go:161:20:164:2 | &... | provenance | | | CookieWithoutHttpOnly.go:161:21:164:2 | struct literal | CookieWithoutHttpOnly.go:161:20:164:2 | &... | provenance | | | CookieWithoutHttpOnly.go:163:13:163:20 | httpOnly | CookieWithoutHttpOnly.go:161:21:164:2 | struct literal | provenance | Config | | CookieWithoutHttpOnly.go:169:56:169:63 | argument corresponding to httpOnly | CookieWithoutHttpOnly.go:175:13:175:20 | httpOnly | provenance | | | CookieWithoutHttpOnly.go:169:56:169:63 | definition of httpOnly | CookieWithoutHttpOnly.go:175:13:175:20 | httpOnly | provenance | | -| CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:171:2:171:8 | session [pointer] | provenance | | -| CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:171:2:171:8 | session [pointer] | provenance | | -| CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:173:2:173:8 | session [pointer] | provenance | | -| CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:173:2:173:8 | session [pointer] | provenance | | -| CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance | | -| CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance | | | CookieWithoutHttpOnly.go:170:2:170:43 | ... := ...[0] | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance | | -| CookieWithoutHttpOnly.go:170:16:170:20 | store | CookieWithoutHttpOnly.go:126:16:126:20 | store | provenance | | -| CookieWithoutHttpOnly.go:170:16:170:20 | store | CookieWithoutHttpOnly.go:134:16:134:20 | store | provenance | | -| CookieWithoutHttpOnly.go:170:16:170:20 | store | CookieWithoutHttpOnly.go:146:16:146:20 | store | provenance | | -| CookieWithoutHttpOnly.go:170:16:170:20 | store | CookieWithoutHttpOnly.go:158:16:158:20 | store | provenance | | | CookieWithoutHttpOnly.go:170:16:170:20 | store | CookieWithoutHttpOnly.go:170:2:170:43 | ... := ...[0] | provenance | Config | -| CookieWithoutHttpOnly.go:170:16:170:20 | store | CookieWithoutHttpOnly.go:170:16:170:20 | store | provenance | | -| CookieWithoutHttpOnly.go:170:16:170:20 | store | CookieWithoutHttpOnly.go:183:16:183:20 | store | provenance | | -| CookieWithoutHttpOnly.go:170:16:170:20 | store | CookieWithoutHttpOnly.go:191:2:191:6 | store | provenance | | -| CookieWithoutHttpOnly.go:170:16:170:20 | store | CookieWithoutHttpOnly.go:195:16:195:20 | store | provenance | | -| CookieWithoutHttpOnly.go:170:16:170:20 | store | CookieWithoutHttpOnly.go:202:2:202:6 | store | provenance | | -| CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | provenance | | -| CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | provenance | | -| CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | CookieWithoutHttpOnly.go:173:2:173:8 | session | provenance | | -| CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | CookieWithoutHttpOnly.go:173:2:173:8 | session | provenance | | -| CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance | | -| CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance | | -| CookieWithoutHttpOnly.go:171:2:171:8 | session [pointer] | CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | provenance | | -| CookieWithoutHttpOnly.go:171:2:171:8 | session [pointer] | CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | provenance | | -| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | provenance | | -| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | provenance | | -| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | provenance | | -| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | provenance | | -| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | CookieWithoutHttpOnly.go:173:2:173:8 | session | provenance | | -| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | CookieWithoutHttpOnly.go:173:2:173:8 | session | provenance | | -| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance | | -| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance | | -| CookieWithoutHttpOnly.go:173:2:173:8 | session | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | provenance | | -| CookieWithoutHttpOnly.go:173:2:173:8 | session | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | provenance | | -| CookieWithoutHttpOnly.go:173:2:173:8 | session [pointer] | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | provenance | | -| CookieWithoutHttpOnly.go:173:2:173:8 | session [pointer] | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | provenance | | -| CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | provenance | Config | -| CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | provenance | Config | -| CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:2:173:8 | session | provenance | Config | -| CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:2:173:8 | session | provenance | Config | -| CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:21:176:2 | struct literal | provenance | | +| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference [postupdate] | CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] | provenance | | +| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference [postupdate] | CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] | provenance | | +| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference [postupdate] | CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] [pointer] | provenance | | +| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference [postupdate] | CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] [pointer] | provenance | | +| CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance | | +| CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance | | +| CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] [pointer] | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance | | +| CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] [pointer] | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance | | +| CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference [postupdate] | provenance | Config | +| CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference [postupdate] | provenance | Config | +| CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] | provenance | Config | +| CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] | provenance | Config | | CookieWithoutHttpOnly.go:173:21:176:2 | struct literal | CookieWithoutHttpOnly.go:173:20:176:2 | &... | provenance | | | CookieWithoutHttpOnly.go:173:21:176:2 | struct literal | CookieWithoutHttpOnly.go:173:20:176:2 | &... | provenance | | | CookieWithoutHttpOnly.go:175:13:175:20 | httpOnly | CookieWithoutHttpOnly.go:173:21:176:2 | struct literal | provenance | Config | | CookieWithoutHttpOnly.go:183:2:183:43 | ... := ...[0] | CookieWithoutHttpOnly.go:191:19:191:25 | session | provenance | | -| CookieWithoutHttpOnly.go:183:16:183:20 | store | CookieWithoutHttpOnly.go:126:16:126:20 | store | provenance | | -| CookieWithoutHttpOnly.go:183:16:183:20 | store | CookieWithoutHttpOnly.go:134:16:134:20 | store | provenance | | -| CookieWithoutHttpOnly.go:183:16:183:20 | store | CookieWithoutHttpOnly.go:146:16:146:20 | store | provenance | | -| CookieWithoutHttpOnly.go:183:16:183:20 | store | CookieWithoutHttpOnly.go:158:16:158:20 | store | provenance | | -| CookieWithoutHttpOnly.go:183:16:183:20 | store | CookieWithoutHttpOnly.go:170:16:170:20 | store | provenance | | | CookieWithoutHttpOnly.go:183:16:183:20 | store | CookieWithoutHttpOnly.go:183:2:183:43 | ... := ...[0] | provenance | Config | -| CookieWithoutHttpOnly.go:183:16:183:20 | store | CookieWithoutHttpOnly.go:183:16:183:20 | store | provenance | | -| CookieWithoutHttpOnly.go:183:16:183:20 | store | CookieWithoutHttpOnly.go:191:2:191:6 | store | provenance | | -| CookieWithoutHttpOnly.go:183:16:183:20 | store | CookieWithoutHttpOnly.go:195:16:195:20 | store | provenance | | -| CookieWithoutHttpOnly.go:183:16:183:20 | store | CookieWithoutHttpOnly.go:202:2:202:6 | store | provenance | | -| CookieWithoutHttpOnly.go:191:2:191:6 | store | CookieWithoutHttpOnly.go:126:16:126:20 | store | provenance | | -| CookieWithoutHttpOnly.go:191:2:191:6 | store | CookieWithoutHttpOnly.go:134:16:134:20 | store | provenance | | -| CookieWithoutHttpOnly.go:191:2:191:6 | store | CookieWithoutHttpOnly.go:146:16:146:20 | store | provenance | | -| CookieWithoutHttpOnly.go:191:2:191:6 | store | CookieWithoutHttpOnly.go:158:16:158:20 | store | provenance | | -| CookieWithoutHttpOnly.go:191:2:191:6 | store | CookieWithoutHttpOnly.go:170:16:170:20 | store | provenance | | -| CookieWithoutHttpOnly.go:191:2:191:6 | store | CookieWithoutHttpOnly.go:183:16:183:20 | store | provenance | | -| CookieWithoutHttpOnly.go:191:2:191:6 | store | CookieWithoutHttpOnly.go:191:2:191:6 | store | provenance | | -| CookieWithoutHttpOnly.go:191:2:191:6 | store | CookieWithoutHttpOnly.go:195:16:195:20 | store | provenance | | -| CookieWithoutHttpOnly.go:191:2:191:6 | store | CookieWithoutHttpOnly.go:202:2:202:6 | store | provenance | | | CookieWithoutHttpOnly.go:195:2:195:43 | ... := ...[0] | CookieWithoutHttpOnly.go:202:19:202:25 | session | provenance | | -| CookieWithoutHttpOnly.go:195:16:195:20 | store | CookieWithoutHttpOnly.go:126:16:126:20 | store | provenance | | -| CookieWithoutHttpOnly.go:195:16:195:20 | store | CookieWithoutHttpOnly.go:134:16:134:20 | store | provenance | | -| CookieWithoutHttpOnly.go:195:16:195:20 | store | CookieWithoutHttpOnly.go:146:16:146:20 | store | provenance | | -| CookieWithoutHttpOnly.go:195:16:195:20 | store | CookieWithoutHttpOnly.go:158:16:158:20 | store | provenance | | -| CookieWithoutHttpOnly.go:195:16:195:20 | store | CookieWithoutHttpOnly.go:170:16:170:20 | store | provenance | | -| CookieWithoutHttpOnly.go:195:16:195:20 | store | CookieWithoutHttpOnly.go:183:16:183:20 | store | provenance | | -| CookieWithoutHttpOnly.go:195:16:195:20 | store | CookieWithoutHttpOnly.go:191:2:191:6 | store | provenance | | | CookieWithoutHttpOnly.go:195:16:195:20 | store | CookieWithoutHttpOnly.go:195:2:195:43 | ... := ...[0] | provenance | Config | -| CookieWithoutHttpOnly.go:195:16:195:20 | store | CookieWithoutHttpOnly.go:195:16:195:20 | store | provenance | | -| CookieWithoutHttpOnly.go:195:16:195:20 | store | CookieWithoutHttpOnly.go:202:2:202:6 | store | provenance | | -| CookieWithoutHttpOnly.go:202:2:202:6 | store | CookieWithoutHttpOnly.go:126:16:126:20 | store | provenance | | -| CookieWithoutHttpOnly.go:202:2:202:6 | store | CookieWithoutHttpOnly.go:134:16:134:20 | store | provenance | | -| CookieWithoutHttpOnly.go:202:2:202:6 | store | CookieWithoutHttpOnly.go:146:16:146:20 | store | provenance | | -| CookieWithoutHttpOnly.go:202:2:202:6 | store | CookieWithoutHttpOnly.go:158:16:158:20 | store | provenance | | -| CookieWithoutHttpOnly.go:202:2:202:6 | store | CookieWithoutHttpOnly.go:170:16:170:20 | store | provenance | | -| CookieWithoutHttpOnly.go:202:2:202:6 | store | CookieWithoutHttpOnly.go:183:16:183:20 | store | provenance | | -| CookieWithoutHttpOnly.go:202:2:202:6 | store | CookieWithoutHttpOnly.go:191:2:191:6 | store | provenance | | -| CookieWithoutHttpOnly.go:202:2:202:6 | store | CookieWithoutHttpOnly.go:195:16:195:20 | store | provenance | | -| CookieWithoutHttpOnly.go:202:2:202:6 | store | CookieWithoutHttpOnly.go:202:2:202:6 | store | provenance | | nodes | CookieWithoutHttpOnly.go:11:7:14:2 | struct literal | semmle.label | struct literal | | CookieWithoutHttpOnly.go:12:10:12:18 | "session" | semmle.label | "session" | | CookieWithoutHttpOnly.go:15:20:15:21 | &... | semmle.label | &... | -| CookieWithoutHttpOnly.go:15:20:15:21 | &... | semmle.label | &... | | CookieWithoutHttpOnly.go:15:20:15:21 | &... [pointer] | semmle.label | &... [pointer] | | CookieWithoutHttpOnly.go:15:21:15:21 | c | semmle.label | c | | CookieWithoutHttpOnly.go:19:7:23:2 | struct literal | semmle.label | struct literal | @@ -470,8 +232,6 @@ nodes | CookieWithoutHttpOnly.go:22:13:22:17 | false | semmle.label | false | | CookieWithoutHttpOnly.go:24:20:24:21 | &... | semmle.label | &... | | CookieWithoutHttpOnly.go:24:20:24:21 | &... | semmle.label | &... | -| CookieWithoutHttpOnly.go:24:20:24:21 | &... | semmle.label | &... | -| CookieWithoutHttpOnly.go:24:20:24:21 | &... | semmle.label | &... | | CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] | semmle.label | &... [pointer] | | CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] | semmle.label | &... [pointer] | | CookieWithoutHttpOnly.go:24:21:24:21 | c | semmle.label | c | @@ -482,8 +242,6 @@ nodes | CookieWithoutHttpOnly.go:31:13:31:16 | true | semmle.label | true | | CookieWithoutHttpOnly.go:33:20:33:21 | &... | semmle.label | &... | | CookieWithoutHttpOnly.go:33:20:33:21 | &... | semmle.label | &... | -| CookieWithoutHttpOnly.go:33:20:33:21 | &... | semmle.label | &... | -| CookieWithoutHttpOnly.go:33:20:33:21 | &... | semmle.label | &... | | CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] | semmle.label | &... [pointer] | | CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] | semmle.label | &... [pointer] | | CookieWithoutHttpOnly.go:33:21:33:21 | c | semmle.label | c | @@ -494,8 +252,6 @@ nodes | CookieWithoutHttpOnly.go:41:15:41:18 | true | semmle.label | true | | CookieWithoutHttpOnly.go:42:20:42:21 | &... | semmle.label | &... | | CookieWithoutHttpOnly.go:42:20:42:21 | &... | semmle.label | &... | -| CookieWithoutHttpOnly.go:42:20:42:21 | &... | semmle.label | &... | -| CookieWithoutHttpOnly.go:42:20:42:21 | &... | semmle.label | &... | | CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] | semmle.label | &... [pointer] | | CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] | semmle.label | &... [pointer] | | CookieWithoutHttpOnly.go:42:21:42:21 | c | semmle.label | c | @@ -506,8 +262,6 @@ nodes | CookieWithoutHttpOnly.go:50:15:50:19 | false | semmle.label | false | | CookieWithoutHttpOnly.go:51:20:51:21 | &... | semmle.label | &... | | CookieWithoutHttpOnly.go:51:20:51:21 | &... | semmle.label | &... | -| CookieWithoutHttpOnly.go:51:20:51:21 | &... | semmle.label | &... | -| CookieWithoutHttpOnly.go:51:20:51:21 | &... | semmle.label | &... | | CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] | semmle.label | &... [pointer] | | CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] | semmle.label | &... [pointer] | | CookieWithoutHttpOnly.go:51:21:51:21 | c | semmle.label | c | @@ -520,8 +274,6 @@ nodes | CookieWithoutHttpOnly.go:59:13:59:15 | val | semmle.label | val | | CookieWithoutHttpOnly.go:61:20:61:21 | &... | semmle.label | &... | | CookieWithoutHttpOnly.go:61:20:61:21 | &... | semmle.label | &... | -| CookieWithoutHttpOnly.go:61:20:61:21 | &... | semmle.label | &... | -| CookieWithoutHttpOnly.go:61:20:61:21 | &... | semmle.label | &... | | CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] | semmle.label | &... [pointer] | | CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] | semmle.label | &... [pointer] | | CookieWithoutHttpOnly.go:61:21:61:21 | c | semmle.label | c | @@ -534,8 +286,6 @@ nodes | CookieWithoutHttpOnly.go:69:13:69:15 | val | semmle.label | val | | CookieWithoutHttpOnly.go:71:20:71:21 | &... | semmle.label | &... | | CookieWithoutHttpOnly.go:71:20:71:21 | &... | semmle.label | &... | -| CookieWithoutHttpOnly.go:71:20:71:21 | &... | semmle.label | &... | -| CookieWithoutHttpOnly.go:71:20:71:21 | &... | semmle.label | &... | | CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] | semmle.label | &... [pointer] | | CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] | semmle.label | &... [pointer] | | CookieWithoutHttpOnly.go:71:21:71:21 | c | semmle.label | c | @@ -548,8 +298,6 @@ nodes | CookieWithoutHttpOnly.go:80:15:80:17 | val | semmle.label | val | | CookieWithoutHttpOnly.go:81:20:81:21 | &... | semmle.label | &... | | CookieWithoutHttpOnly.go:81:20:81:21 | &... | semmle.label | &... | -| CookieWithoutHttpOnly.go:81:20:81:21 | &... | semmle.label | &... | -| CookieWithoutHttpOnly.go:81:20:81:21 | &... | semmle.label | &... | | CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] | semmle.label | &... [pointer] | | CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] | semmle.label | &... [pointer] | | CookieWithoutHttpOnly.go:81:21:81:21 | c | semmle.label | c | @@ -562,8 +310,6 @@ nodes | CookieWithoutHttpOnly.go:90:15:90:17 | val | semmle.label | val | | CookieWithoutHttpOnly.go:91:20:91:21 | &... | semmle.label | &... | | CookieWithoutHttpOnly.go:91:20:91:21 | &... | semmle.label | &... | -| CookieWithoutHttpOnly.go:91:20:91:21 | &... | semmle.label | &... | -| CookieWithoutHttpOnly.go:91:20:91:21 | &... | semmle.label | &... | | CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] | semmle.label | &... [pointer] | | CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] | semmle.label | &... [pointer] | | CookieWithoutHttpOnly.go:91:21:91:21 | c | semmle.label | c | @@ -571,7 +317,6 @@ nodes | CookieWithoutHttpOnly.go:95:7:98:2 | struct literal | semmle.label | struct literal | | CookieWithoutHttpOnly.go:99:15:99:19 | false | semmle.label | false | | CookieWithoutHttpOnly.go:100:20:100:21 | &... | semmle.label | &... | -| CookieWithoutHttpOnly.go:100:20:100:21 | &... | semmle.label | &... | | CookieWithoutHttpOnly.go:100:20:100:21 | &... [pointer] | semmle.label | &... [pointer] | | CookieWithoutHttpOnly.go:100:21:100:21 | c | semmle.label | c | | CookieWithoutHttpOnly.go:104:10:104:18 | "session" | semmle.label | "session" | @@ -581,8 +326,6 @@ nodes | CookieWithoutHttpOnly.go:109:15:109:19 | false | semmle.label | false | | CookieWithoutHttpOnly.go:110:20:110:21 | &... | semmle.label | &... | | CookieWithoutHttpOnly.go:110:20:110:21 | &... | semmle.label | &... | -| CookieWithoutHttpOnly.go:110:20:110:21 | &... | semmle.label | &... | -| CookieWithoutHttpOnly.go:110:20:110:21 | &... | semmle.label | &... | | CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] | semmle.label | &... [pointer] | | CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] | semmle.label | &... [pointer] | | CookieWithoutHttpOnly.go:110:21:110:21 | c | semmle.label | c | @@ -594,8 +337,6 @@ nodes | CookieWithoutHttpOnly.go:119:15:119:19 | false | semmle.label | false | | CookieWithoutHttpOnly.go:120:20:120:21 | &... | semmle.label | &... | | CookieWithoutHttpOnly.go:120:20:120:21 | &... | semmle.label | &... | -| CookieWithoutHttpOnly.go:120:20:120:21 | &... | semmle.label | &... | -| CookieWithoutHttpOnly.go:120:20:120:21 | &... | semmle.label | &... | | CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] | semmle.label | &... [pointer] | | CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] | semmle.label | &... [pointer] | | CookieWithoutHttpOnly.go:120:21:120:21 | c | semmle.label | c | @@ -606,20 +347,14 @@ nodes | CookieWithoutHttpOnly.go:129:2:129:8 | session | semmle.label | session | | CookieWithoutHttpOnly.go:133:2:133:9 | definition of httpOnly | semmle.label | definition of httpOnly | | CookieWithoutHttpOnly.go:133:14:133:18 | false | semmle.label | false | -| CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | semmle.label | definition of session [pointer] | -| CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | semmle.label | definition of session [pointer] | | CookieWithoutHttpOnly.go:134:2:134:43 | ... := ...[0] | semmle.label | ... := ...[0] | | CookieWithoutHttpOnly.go:134:16:134:20 | store | semmle.label | store | -| CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | semmle.label | implicit dereference | -| CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | semmle.label | implicit dereference | -| CookieWithoutHttpOnly.go:135:2:135:8 | session [pointer] | semmle.label | session [pointer] | -| CookieWithoutHttpOnly.go:135:2:135:8 | session [pointer] | semmle.label | session [pointer] | -| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | semmle.label | implicit dereference | -| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | semmle.label | implicit dereference | -| CookieWithoutHttpOnly.go:137:2:137:8 | session | semmle.label | session | -| CookieWithoutHttpOnly.go:137:2:137:8 | session | semmle.label | session | -| CookieWithoutHttpOnly.go:137:2:137:8 | session [pointer] | semmle.label | session [pointer] | -| CookieWithoutHttpOnly.go:137:2:137:8 | session [pointer] | semmle.label | session [pointer] | +| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference [postupdate] | semmle.label | implicit dereference [postupdate] | +| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference [postupdate] | semmle.label | implicit dereference [postupdate] | +| CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] | semmle.label | session [postupdate] | +| CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] | semmle.label | session [postupdate] | +| CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] [pointer] | semmle.label | session [postupdate] [pointer] | +| CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] [pointer] | semmle.label | session [postupdate] [pointer] | | CookieWithoutHttpOnly.go:137:20:140:2 | &... | semmle.label | &... | | CookieWithoutHttpOnly.go:137:20:140:2 | &... | semmle.label | &... | | CookieWithoutHttpOnly.go:137:21:140:2 | struct literal | semmle.label | struct literal | @@ -628,34 +363,25 @@ nodes | CookieWithoutHttpOnly.go:142:2:142:8 | session | semmle.label | session | | CookieWithoutHttpOnly.go:142:2:142:8 | session | semmle.label | session | | CookieWithoutHttpOnly.go:142:2:142:8 | session | semmle.label | session | -| CookieWithoutHttpOnly.go:146:2:146:8 | definition of session [pointer] | semmle.label | definition of session [pointer] | | CookieWithoutHttpOnly.go:146:2:146:43 | ... := ...[0] | semmle.label | ... := ...[0] | | CookieWithoutHttpOnly.go:146:16:146:20 | store | semmle.label | store | -| CookieWithoutHttpOnly.go:147:2:147:8 | implicit dereference | semmle.label | implicit dereference | -| CookieWithoutHttpOnly.go:147:2:147:8 | session [pointer] | semmle.label | session [pointer] | -| CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference | semmle.label | implicit dereference | -| CookieWithoutHttpOnly.go:149:2:149:8 | session | semmle.label | session | -| CookieWithoutHttpOnly.go:149:2:149:8 | session [pointer] | semmle.label | session [pointer] | +| CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference [postupdate] | semmle.label | implicit dereference [postupdate] | +| CookieWithoutHttpOnly.go:149:2:149:8 | session [postupdate] | semmle.label | session [postupdate] | +| CookieWithoutHttpOnly.go:149:2:149:8 | session [postupdate] [pointer] | semmle.label | session [postupdate] [pointer] | | CookieWithoutHttpOnly.go:149:20:151:2 | &... | semmle.label | &... | | CookieWithoutHttpOnly.go:149:21:151:2 | struct literal | semmle.label | struct literal | | CookieWithoutHttpOnly.go:153:2:153:8 | session | semmle.label | session | | CookieWithoutHttpOnly.go:153:2:153:8 | session | semmle.label | session | | CookieWithoutHttpOnly.go:157:2:157:9 | definition of httpOnly | semmle.label | definition of httpOnly | | CookieWithoutHttpOnly.go:157:14:157:17 | true | semmle.label | true | -| CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | semmle.label | definition of session [pointer] | -| CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | semmle.label | definition of session [pointer] | | CookieWithoutHttpOnly.go:158:2:158:43 | ... := ...[0] | semmle.label | ... := ...[0] | | CookieWithoutHttpOnly.go:158:16:158:20 | store | semmle.label | store | -| CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | semmle.label | implicit dereference | -| CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | semmle.label | implicit dereference | -| CookieWithoutHttpOnly.go:159:2:159:8 | session [pointer] | semmle.label | session [pointer] | -| CookieWithoutHttpOnly.go:159:2:159:8 | session [pointer] | semmle.label | session [pointer] | -| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | semmle.label | implicit dereference | -| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | semmle.label | implicit dereference | -| CookieWithoutHttpOnly.go:161:2:161:8 | session | semmle.label | session | -| CookieWithoutHttpOnly.go:161:2:161:8 | session | semmle.label | session | -| CookieWithoutHttpOnly.go:161:2:161:8 | session [pointer] | semmle.label | session [pointer] | -| CookieWithoutHttpOnly.go:161:2:161:8 | session [pointer] | semmle.label | session [pointer] | +| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference [postupdate] | semmle.label | implicit dereference [postupdate] | +| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference [postupdate] | semmle.label | implicit dereference [postupdate] | +| CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] | semmle.label | session [postupdate] | +| CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] | semmle.label | session [postupdate] | +| CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] [pointer] | semmle.label | session [postupdate] [pointer] | +| CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] [pointer] | semmle.label | session [postupdate] [pointer] | | CookieWithoutHttpOnly.go:161:20:164:2 | &... | semmle.label | &... | | CookieWithoutHttpOnly.go:161:20:164:2 | &... | semmle.label | &... | | CookieWithoutHttpOnly.go:161:21:164:2 | struct literal | semmle.label | struct literal | @@ -666,20 +392,14 @@ nodes | CookieWithoutHttpOnly.go:166:2:166:8 | session | semmle.label | session | | CookieWithoutHttpOnly.go:169:56:169:63 | argument corresponding to httpOnly | semmle.label | argument corresponding to httpOnly | | CookieWithoutHttpOnly.go:169:56:169:63 | definition of httpOnly | semmle.label | definition of httpOnly | -| CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | semmle.label | definition of session [pointer] | -| CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | semmle.label | definition of session [pointer] | | CookieWithoutHttpOnly.go:170:2:170:43 | ... := ...[0] | semmle.label | ... := ...[0] | | CookieWithoutHttpOnly.go:170:16:170:20 | store | semmle.label | store | -| CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | semmle.label | implicit dereference | -| CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | semmle.label | implicit dereference | -| CookieWithoutHttpOnly.go:171:2:171:8 | session [pointer] | semmle.label | session [pointer] | -| CookieWithoutHttpOnly.go:171:2:171:8 | session [pointer] | semmle.label | session [pointer] | -| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | semmle.label | implicit dereference | -| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | semmle.label | implicit dereference | -| CookieWithoutHttpOnly.go:173:2:173:8 | session | semmle.label | session | -| CookieWithoutHttpOnly.go:173:2:173:8 | session | semmle.label | session | -| CookieWithoutHttpOnly.go:173:2:173:8 | session [pointer] | semmle.label | session [pointer] | -| CookieWithoutHttpOnly.go:173:2:173:8 | session [pointer] | semmle.label | session [pointer] | +| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference [postupdate] | semmle.label | implicit dereference [postupdate] | +| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference [postupdate] | semmle.label | implicit dereference [postupdate] | +| CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] | semmle.label | session [postupdate] | +| CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] | semmle.label | session [postupdate] | +| CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] [pointer] | semmle.label | session [postupdate] [pointer] | +| CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] [pointer] | semmle.label | session [postupdate] [pointer] | | CookieWithoutHttpOnly.go:173:20:176:2 | &... | semmle.label | &... | | CookieWithoutHttpOnly.go:173:20:176:2 | &... | semmle.label | &... | | CookieWithoutHttpOnly.go:173:21:176:2 | struct literal | semmle.label | struct literal | @@ -690,11 +410,9 @@ nodes | CookieWithoutHttpOnly.go:178:2:178:8 | session | semmle.label | session | | CookieWithoutHttpOnly.go:183:2:183:43 | ... := ...[0] | semmle.label | ... := ...[0] | | CookieWithoutHttpOnly.go:183:16:183:20 | store | semmle.label | store | -| CookieWithoutHttpOnly.go:191:2:191:6 | store | semmle.label | store | | CookieWithoutHttpOnly.go:191:19:191:25 | session | semmle.label | session | | CookieWithoutHttpOnly.go:195:2:195:43 | ... := ...[0] | semmle.label | ... := ...[0] | | CookieWithoutHttpOnly.go:195:16:195:20 | store | semmle.label | store | -| CookieWithoutHttpOnly.go:202:2:202:6 | store | semmle.label | store | | CookieWithoutHttpOnly.go:202:19:202:25 | session | semmle.label | session | | CookieWithoutHttpOnly.go:214:66:214:70 | false | semmle.label | false | subpaths diff --git a/go/ql/test/experimental/CWE-321-V2/HardCodedKeys.expected b/go/ql/test/experimental/CWE-321-V2/HardCodedKeys.expected index fa926d9be30..5b26a2a9b36 100644 --- a/go/ql/test/experimental/CWE-321-V2/HardCodedKeys.expected +++ b/go/ql/test/experimental/CWE-321-V2/HardCodedKeys.expected @@ -1,16 +1,12 @@ edges | go-jose.v3.go:13:14:13:34 | type conversion | go-jose.v3.go:24:32:24:37 | JwtKey | provenance | | -| go-jose.v3.go:13:14:13:34 | type conversion | go-jose.v3.go:24:32:24:37 | JwtKey | provenance | | | go-jose.v3.go:13:21:13:33 | "AllYourBase" | go-jose.v3.go:13:14:13:34 | type conversion | provenance | | -| go-jose.v3.go:24:32:24:37 | JwtKey | go-jose.v3.go:24:32:24:37 | JwtKey | provenance | | -| go-jose.v3.go:24:32:24:37 | JwtKey | go-jose.v3.go:24:32:24:37 | JwtKey | provenance | | | golang-jwt-v5.go:19:15:19:35 | type conversion | golang-jwt-v5.go:27:9:27:15 | JwtKey1 | provenance | | | golang-jwt-v5.go:19:22:19:34 | "AllYourBase" | golang-jwt-v5.go:19:15:19:35 | type conversion | provenance | | nodes | go-jose.v3.go:13:14:13:34 | type conversion | semmle.label | type conversion | | go-jose.v3.go:13:21:13:33 | "AllYourBase" | semmle.label | "AllYourBase" | | go-jose.v3.go:24:32:24:37 | JwtKey | semmle.label | JwtKey | -| go-jose.v3.go:24:32:24:37 | JwtKey | semmle.label | JwtKey | | golang-jwt-v5.go:19:15:19:35 | type conversion | semmle.label | type conversion | | golang-jwt-v5.go:19:22:19:34 | "AllYourBase" | semmle.label | "AllYourBase" | | golang-jwt-v5.go:27:9:27:15 | JwtKey1 | semmle.label | JwtKey1 | diff --git a/go/ql/test/experimental/CWE-522-DecompressionBombs/DecompressionBombs.expected b/go/ql/test/experimental/CWE-522-DecompressionBombs/DecompressionBombs.expected index 34703cdeef4..46bccc77a97 100644 --- a/go/ql/test/experimental/CWE-522-DecompressionBombs/DecompressionBombs.expected +++ b/go/ql/test/experimental/CWE-522-DecompressionBombs/DecompressionBombs.expected @@ -68,9 +68,9 @@ edges | test.go:91:15:91:26 | selection of Body | test.go:555:19:555:22 | definition of file | provenance | Src:MaD:1 | | test.go:93:5:93:16 | selection of Body | test.go:580:9:580:12 | definition of file | provenance | Src:MaD:1 | | test.go:128:20:128:27 | definition of filename | test.go:130:33:130:40 | filename | provenance | | -| test.go:128:20:128:27 | definition of filename | test.go:143:51:143:58 | filename | provenance | | | test.go:130:2:130:41 | ... := ...[0] | test.go:132:12:132:12 | f | provenance | | | test.go:130:33:130:40 | filename | test.go:130:2:130:41 | ... := ...[0] | provenance | Config | +| test.go:130:33:130:40 | filename | test.go:143:51:143:58 | filename | provenance | | | test.go:132:3:132:19 | ... := ...[0] | test.go:134:37:134:38 | rc | provenance | | | test.go:132:12:132:12 | f | test.go:132:3:132:19 | ... := ...[0] | provenance | MaD:4 | | test.go:143:2:143:59 | ... := ...[0] | test.go:145:12:145:12 | f | provenance | | diff --git a/go/ql/test/experimental/CWE-74/DsnInjectionLocal.expected b/go/ql/test/experimental/CWE-74/DsnInjectionLocal.expected index 634d637c588..4b26395c8e7 100644 --- a/go/ql/test/experimental/CWE-74/DsnInjectionLocal.expected +++ b/go/ql/test/experimental/CWE-74/DsnInjectionLocal.expected @@ -7,17 +7,14 @@ edges | Dsn.go:28:11:28:110 | call to Sprintf | Dsn.go:29:29:29:33 | dbDSN | provenance | | | Dsn.go:28:102:28:109 | index expression | Dsn.go:28:11:28:110 | []type{args} [array] | provenance | | | Dsn.go:28:102:28:109 | index expression | Dsn.go:28:11:28:110 | call to Sprintf | provenance | FunctionModel | -| Dsn.go:62:2:62:4 | definition of cfg [pointer] | Dsn.go:63:9:63:11 | cfg [pointer] | provenance | | -| Dsn.go:62:2:62:4 | definition of cfg [pointer] | Dsn.go:67:102:67:104 | cfg [pointer] | provenance | | -| Dsn.go:63:9:63:11 | cfg [pointer] | Dsn.go:63:9:63:11 | implicit dereference | provenance | | -| Dsn.go:63:9:63:11 | implicit dereference | Dsn.go:62:2:62:4 | definition of cfg [pointer] | provenance | | -| Dsn.go:63:9:63:11 | implicit dereference | Dsn.go:67:102:67:108 | selection of dsn | provenance | | +| Dsn.go:63:9:63:11 | cfg [postupdate] [pointer] | Dsn.go:67:102:67:104 | cfg [pointer] | provenance | | +| Dsn.go:63:9:63:11 | implicit dereference [postupdate] | Dsn.go:63:9:63:11 | cfg [postupdate] [pointer] | provenance | | +| Dsn.go:63:9:63:11 | implicit dereference [postupdate] | Dsn.go:67:102:67:108 | selection of dsn | provenance | | | Dsn.go:63:19:63:25 | selection of Args | Dsn.go:63:19:63:29 | slice expression | provenance | Src:MaD:1 | -| Dsn.go:63:19:63:29 | slice expression | Dsn.go:63:9:63:11 | implicit dereference | provenance | FunctionModel | +| Dsn.go:63:19:63:29 | slice expression | Dsn.go:63:9:63:11 | implicit dereference [postupdate] | provenance | FunctionModel | | Dsn.go:67:11:67:109 | []type{args} [array] | Dsn.go:67:11:67:109 | call to Sprintf | provenance | MaD:2 | | Dsn.go:67:11:67:109 | call to Sprintf | Dsn.go:68:29:68:33 | dbDSN | provenance | | | Dsn.go:67:102:67:104 | cfg [pointer] | Dsn.go:67:102:67:104 | implicit dereference | provenance | | -| Dsn.go:67:102:67:104 | implicit dereference | Dsn.go:63:9:63:11 | implicit dereference | provenance | | | Dsn.go:67:102:67:104 | implicit dereference | Dsn.go:67:102:67:108 | selection of dsn | provenance | | | Dsn.go:67:102:67:108 | selection of dsn | Dsn.go:67:11:67:109 | []type{args} [array] | provenance | | | Dsn.go:67:102:67:108 | selection of dsn | Dsn.go:67:11:67:109 | call to Sprintf | provenance | FunctionModel | @@ -30,9 +27,8 @@ nodes | Dsn.go:28:11:28:110 | call to Sprintf | semmle.label | call to Sprintf | | Dsn.go:28:102:28:109 | index expression | semmle.label | index expression | | Dsn.go:29:29:29:33 | dbDSN | semmle.label | dbDSN | -| Dsn.go:62:2:62:4 | definition of cfg [pointer] | semmle.label | definition of cfg [pointer] | -| Dsn.go:63:9:63:11 | cfg [pointer] | semmle.label | cfg [pointer] | -| Dsn.go:63:9:63:11 | implicit dereference | semmle.label | implicit dereference | +| Dsn.go:63:9:63:11 | cfg [postupdate] [pointer] | semmle.label | cfg [postupdate] [pointer] | +| Dsn.go:63:9:63:11 | implicit dereference [postupdate] | semmle.label | implicit dereference [postupdate] | | Dsn.go:63:19:63:25 | selection of Args | semmle.label | selection of Args | | Dsn.go:63:19:63:29 | slice expression | semmle.label | slice expression | | Dsn.go:67:11:67:109 | []type{args} [array] | semmle.label | []type{args} [array] | diff --git a/go/ql/test/experimental/CWE-918/SSRF.expected b/go/ql/test/experimental/CWE-918/SSRF.expected index 87780085a54..5c8d1832ac1 100644 --- a/go/ql/test/experimental/CWE-918/SSRF.expected +++ b/go/ql/test/experimental/CWE-918/SSRF.expected @@ -1,12 +1,13 @@ #select -| builtin.go:22:12:22:63 | call to Get | builtin.go:19:12:19:34 | call to FormValue | builtin.go:22:21:22:62 | ...+... | The URL of this request depends on a user-provided value. | -| builtin.go:88:12:88:53 | call to Dial | builtin.go:83:21:83:31 | call to Referer | builtin.go:88:27:88:40 | untrustedInput | The URL of this request depends on a user-provided value. | -| builtin.go:102:13:102:40 | call to DialConfig | builtin.go:97:21:97:31 | call to Referer | builtin.go:101:36:101:49 | untrustedInput | The URL of this request depends on a user-provided value. | -| builtin.go:114:3:114:39 | call to Dial | builtin.go:111:21:111:31 | call to Referer | builtin.go:114:15:114:28 | untrustedInput | The URL of this request depends on a user-provided value. | -| builtin.go:132:3:132:62 | call to DialContext | builtin.go:129:21:129:31 | call to Referer | builtin.go:132:38:132:51 | untrustedInput | The URL of this request depends on a user-provided value. | -| new-tests.go:31:2:31:58 | call to Get | new-tests.go:26:26:26:30 | &... | new-tests.go:31:11:31:57 | call to Sprintf | The URL of this request depends on a user-provided value. | -| new-tests.go:32:2:32:58 | call to Get | new-tests.go:26:26:26:30 | &... | new-tests.go:32:11:32:57 | call to Sprintf | The URL of this request depends on a user-provided value. | -| new-tests.go:35:3:35:59 | call to Get | new-tests.go:26:26:26:30 | &... | new-tests.go:35:12:35:58 | call to Sprintf | The URL of this request depends on a user-provided value. | +| builtin.go:23:12:23:63 | call to Get | builtin.go:20:12:20:34 | call to FormValue | builtin.go:23:21:23:62 | ...+... | The URL of this request depends on a user-provided value. | +| builtin.go:89:12:89:53 | call to Dial | builtin.go:84:21:84:31 | call to Referer | builtin.go:89:27:89:40 | untrustedInput | The URL of this request depends on a user-provided value. | +| builtin.go:103:13:103:40 | call to DialConfig | builtin.go:98:21:98:31 | call to Referer | builtin.go:102:36:102:49 | untrustedInput | The URL of this request depends on a user-provided value. | +| builtin.go:115:3:115:39 | call to Dial | builtin.go:112:21:112:31 | call to Referer | builtin.go:115:15:115:28 | untrustedInput | The URL of this request depends on a user-provided value. | +| builtin.go:133:3:133:62 | call to DialContext | builtin.go:130:21:130:31 | call to Referer | builtin.go:133:38:133:51 | untrustedInput | The URL of this request depends on a user-provided value. | +| builtin.go:156:12:156:33 | call to Get | builtin.go:151:16:151:36 | call to FormValue | builtin.go:156:21:156:32 | call to String | The URL of this request depends on a user-provided value. | +| new-tests.go:31:2:31:58 | call to Get | new-tests.go:26:26:26:30 | &... [postupdate] | new-tests.go:31:11:31:57 | call to Sprintf | The URL of this request depends on a user-provided value. | +| new-tests.go:32:2:32:58 | call to Get | new-tests.go:26:26:26:30 | &... [postupdate] | new-tests.go:32:11:32:57 | call to Sprintf | The URL of this request depends on a user-provided value. | +| new-tests.go:35:3:35:59 | call to Get | new-tests.go:26:26:26:30 | &... [postupdate] | new-tests.go:35:12:35:58 | call to Sprintf | The URL of this request depends on a user-provided value. | | new-tests.go:47:2:47:47 | call to Get | new-tests.go:39:18:39:30 | call to Param | new-tests.go:47:11:47:46 | ...+... | The URL of this request depends on a user-provided value. | | new-tests.go:50:2:50:47 | call to Get | new-tests.go:49:18:49:30 | call to Query | new-tests.go:50:11:50:46 | ...+... | The URL of this request depends on a user-provided value. | | new-tests.go:68:2:68:58 | call to Get | new-tests.go:62:31:62:38 | selection of Body | new-tests.go:68:11:68:57 | call to Sprintf | The URL of this request depends on a user-provided value. | @@ -17,14 +18,20 @@ | new-tests.go:88:2:88:47 | call to Get | new-tests.go:86:10:86:20 | call to Vars | new-tests.go:88:11:88:46 | ...+... | The URL of this request depends on a user-provided value. | | new-tests.go:96:2:96:47 | call to Get | new-tests.go:95:18:95:45 | call to URLParam | new-tests.go:96:11:96:46 | ...+... | The URL of this request depends on a user-provided value. | edges -| builtin.go:19:12:19:34 | call to FormValue | builtin.go:22:21:22:62 | ...+... | provenance | Src:MaD:7 | -| builtin.go:83:21:83:31 | call to Referer | builtin.go:88:27:88:40 | untrustedInput | provenance | Src:MaD:8 | -| builtin.go:97:21:97:31 | call to Referer | builtin.go:101:36:101:49 | untrustedInput | provenance | Src:MaD:8 | -| builtin.go:111:21:111:31 | call to Referer | builtin.go:114:15:114:28 | untrustedInput | provenance | Src:MaD:8 | -| builtin.go:129:21:129:31 | call to Referer | builtin.go:132:38:132:51 | untrustedInput | provenance | Src:MaD:8 | -| new-tests.go:26:26:26:30 | &... | new-tests.go:31:48:31:56 | selection of word | provenance | Src:MaD:3 | -| new-tests.go:26:26:26:30 | &... | new-tests.go:32:48:32:56 | selection of safe | provenance | Src:MaD:3 | -| new-tests.go:26:26:26:30 | &... | new-tests.go:35:49:35:57 | selection of word | provenance | Src:MaD:3 | +| builtin.go:20:12:20:34 | call to FormValue | builtin.go:23:21:23:62 | ...+... | provenance | Src:MaD:7 | +| builtin.go:84:21:84:31 | call to Referer | builtin.go:89:27:89:40 | untrustedInput | provenance | Src:MaD:8 | +| builtin.go:98:21:98:31 | call to Referer | builtin.go:102:36:102:49 | untrustedInput | provenance | Src:MaD:8 | +| builtin.go:112:21:112:31 | call to Referer | builtin.go:115:15:115:28 | untrustedInput | provenance | Src:MaD:8 | +| builtin.go:130:21:130:31 | call to Referer | builtin.go:133:38:133:51 | untrustedInput | provenance | Src:MaD:8 | +| builtin.go:151:16:151:36 | call to FormValue | builtin.go:154:13:154:22 | unsafehost | provenance | Src:MaD:7 | +| builtin.go:154:2:154:4 | implicit dereference [postupdate] | builtin.go:154:2:154:4 | url [postupdate] | provenance | | +| builtin.go:154:2:154:4 | url [postupdate] | builtin.go:156:21:156:23 | url | provenance | | +| builtin.go:154:13:154:22 | unsafehost | builtin.go:154:2:154:4 | implicit dereference [postupdate] | provenance | Config | +| builtin.go:154:13:154:22 | unsafehost | builtin.go:154:2:154:4 | url [postupdate] | provenance | Config | +| builtin.go:156:21:156:23 | url | builtin.go:156:21:156:32 | call to String | provenance | MaD:12 | +| new-tests.go:26:26:26:30 | &... [postupdate] | new-tests.go:31:48:31:56 | selection of word | provenance | Src:MaD:3 | +| new-tests.go:26:26:26:30 | &... [postupdate] | new-tests.go:32:48:32:56 | selection of safe | provenance | Src:MaD:3 | +| new-tests.go:26:26:26:30 | &... [postupdate] | new-tests.go:35:49:35:57 | selection of word | provenance | Src:MaD:3 | | new-tests.go:31:11:31:57 | []type{args} [array] | new-tests.go:31:11:31:57 | call to Sprintf | provenance | MaD:11 | | new-tests.go:31:48:31:56 | selection of word | new-tests.go:31:11:31:57 | []type{args} [array] | provenance | | | new-tests.go:31:48:31:56 | selection of word | new-tests.go:31:11:31:57 | call to Sprintf | provenance | FunctionModel | @@ -37,11 +44,11 @@ edges | new-tests.go:39:18:39:30 | call to Param | new-tests.go:47:11:47:46 | ...+... | provenance | Src:MaD:1 | | new-tests.go:49:18:49:30 | call to Query | new-tests.go:50:11:50:46 | ...+... | provenance | Src:MaD:2 | | new-tests.go:62:2:62:39 | ... := ...[0] | new-tests.go:63:17:63:23 | reqBody | provenance | | -| new-tests.go:62:31:62:38 | selection of Body | new-tests.go:62:2:62:39 | ... := ...[0] | provenance | Src:MaD:6 MaD:12 | -| new-tests.go:63:17:63:23 | reqBody | new-tests.go:63:26:63:30 | &... | provenance | MaD:10 | -| new-tests.go:63:26:63:30 | &... | new-tests.go:68:48:68:56 | selection of word | provenance | | -| new-tests.go:63:26:63:30 | &... | new-tests.go:69:48:69:56 | selection of safe | provenance | | -| new-tests.go:63:26:63:30 | &... | new-tests.go:74:49:74:57 | selection of word | provenance | | +| new-tests.go:62:31:62:38 | selection of Body | new-tests.go:62:2:62:39 | ... := ...[0] | provenance | Src:MaD:6 MaD:13 | +| new-tests.go:63:17:63:23 | reqBody | new-tests.go:63:26:63:30 | &... [postupdate] | provenance | MaD:10 | +| new-tests.go:63:26:63:30 | &... [postupdate] | new-tests.go:68:48:68:56 | selection of word | provenance | | +| new-tests.go:63:26:63:30 | &... [postupdate] | new-tests.go:69:48:69:56 | selection of safe | provenance | | +| new-tests.go:63:26:63:30 | &... [postupdate] | new-tests.go:74:49:74:57 | selection of word | provenance | | | new-tests.go:68:11:68:57 | []type{args} [array] | new-tests.go:68:11:68:57 | call to Sprintf | provenance | MaD:11 | | new-tests.go:68:48:68:56 | selection of word | new-tests.go:68:11:68:57 | []type{args} [array] | provenance | | | new-tests.go:68:48:68:56 | selection of word | new-tests.go:68:11:68:57 | call to Sprintf | provenance | FunctionModel | @@ -51,12 +58,12 @@ edges | new-tests.go:74:12:74:58 | []type{args} [array] | new-tests.go:74:12:74:58 | call to Sprintf | provenance | MaD:11 | | new-tests.go:74:49:74:57 | selection of word | new-tests.go:74:12:74:58 | []type{args} [array] | provenance | | | new-tests.go:74:49:74:57 | selection of word | new-tests.go:74:12:74:58 | call to Sprintf | provenance | FunctionModel | -| new-tests.go:78:18:78:24 | selection of URL | new-tests.go:78:18:78:32 | call to Query | provenance | Src:MaD:9 MaD:13 | -| new-tests.go:78:18:78:32 | call to Query | new-tests.go:78:18:78:46 | call to Get | provenance | MaD:14 | +| new-tests.go:78:18:78:24 | selection of URL | new-tests.go:78:18:78:32 | call to Query | provenance | Src:MaD:9 MaD:14 | +| new-tests.go:78:18:78:32 | call to Query | new-tests.go:78:18:78:46 | call to Get | provenance | MaD:15 | | new-tests.go:78:18:78:46 | call to Get | new-tests.go:79:11:79:46 | ...+... | provenance | | | new-tests.go:81:18:81:67 | call to TrimPrefix | new-tests.go:82:11:82:46 | ...+... | provenance | | | new-tests.go:81:37:81:43 | selection of URL | new-tests.go:81:37:81:48 | selection of Path | provenance | Src:MaD:9 | -| new-tests.go:81:37:81:48 | selection of Path | new-tests.go:81:18:81:67 | call to TrimPrefix | provenance | MaD:15 | +| new-tests.go:81:37:81:48 | selection of Path | new-tests.go:81:18:81:67 | call to TrimPrefix | provenance | MaD:16 | | new-tests.go:86:10:86:20 | call to Vars | new-tests.go:88:11:88:46 | ...+... | provenance | Src:MaD:5 | | new-tests.go:95:18:95:45 | call to URLParam | new-tests.go:96:11:96:46 | ...+... | provenance | Src:MaD:4 | models @@ -71,22 +78,29 @@ models | 9 | Source: net/http; Request; true; URL; ; ; ; remote; manual | | 10 | Summary: encoding/json; ; false; Unmarshal; ; ; Argument[0]; Argument[1]; taint; manual | | 11 | Summary: fmt; ; false; Sprintf; ; ; Argument[1].ArrayElement; ReturnValue; taint; manual | -| 12 | Summary: io/ioutil; ; false; ReadAll; ; ; Argument[0]; ReturnValue[0]; taint; manual | -| 13 | Summary: net/url; URL; true; Query; ; ; Argument[receiver]; ReturnValue; taint; manual | -| 14 | Summary: net/url; Values; true; Get; ; ; Argument[receiver]; ReturnValue; taint; manual | -| 15 | Summary: strings; ; false; TrimPrefix; ; ; Argument[0]; ReturnValue; taint; manual | +| 12 | Summary: fmt; Stringer; true; String; ; ; Argument[receiver]; ReturnValue; taint; manual | +| 13 | Summary: io/ioutil; ; false; ReadAll; ; ; Argument[0]; ReturnValue[0]; taint; manual | +| 14 | Summary: net/url; URL; true; Query; ; ; Argument[receiver]; ReturnValue; taint; manual | +| 15 | Summary: net/url; Values; true; Get; ; ; Argument[receiver]; ReturnValue; taint; manual | +| 16 | Summary: strings; ; false; TrimPrefix; ; ; Argument[0]; ReturnValue; taint; manual | nodes -| builtin.go:19:12:19:34 | call to FormValue | semmle.label | call to FormValue | -| builtin.go:22:21:22:62 | ...+... | semmle.label | ...+... | -| builtin.go:83:21:83:31 | call to Referer | semmle.label | call to Referer | -| builtin.go:88:27:88:40 | untrustedInput | semmle.label | untrustedInput | -| builtin.go:97:21:97:31 | call to Referer | semmle.label | call to Referer | -| builtin.go:101:36:101:49 | untrustedInput | semmle.label | untrustedInput | -| builtin.go:111:21:111:31 | call to Referer | semmle.label | call to Referer | -| builtin.go:114:15:114:28 | untrustedInput | semmle.label | untrustedInput | -| builtin.go:129:21:129:31 | call to Referer | semmle.label | call to Referer | -| builtin.go:132:38:132:51 | untrustedInput | semmle.label | untrustedInput | -| new-tests.go:26:26:26:30 | &... | semmle.label | &... | +| builtin.go:20:12:20:34 | call to FormValue | semmle.label | call to FormValue | +| builtin.go:23:21:23:62 | ...+... | semmle.label | ...+... | +| builtin.go:84:21:84:31 | call to Referer | semmle.label | call to Referer | +| builtin.go:89:27:89:40 | untrustedInput | semmle.label | untrustedInput | +| builtin.go:98:21:98:31 | call to Referer | semmle.label | call to Referer | +| builtin.go:102:36:102:49 | untrustedInput | semmle.label | untrustedInput | +| builtin.go:112:21:112:31 | call to Referer | semmle.label | call to Referer | +| builtin.go:115:15:115:28 | untrustedInput | semmle.label | untrustedInput | +| builtin.go:130:21:130:31 | call to Referer | semmle.label | call to Referer | +| builtin.go:133:38:133:51 | untrustedInput | semmle.label | untrustedInput | +| builtin.go:151:16:151:36 | call to FormValue | semmle.label | call to FormValue | +| builtin.go:154:2:154:4 | implicit dereference [postupdate] | semmle.label | implicit dereference [postupdate] | +| builtin.go:154:2:154:4 | url [postupdate] | semmle.label | url [postupdate] | +| builtin.go:154:13:154:22 | unsafehost | semmle.label | unsafehost | +| builtin.go:156:21:156:23 | url | semmle.label | url | +| builtin.go:156:21:156:32 | call to String | semmle.label | call to String | +| new-tests.go:26:26:26:30 | &... [postupdate] | semmle.label | &... [postupdate] | | new-tests.go:31:11:31:57 | []type{args} [array] | semmle.label | []type{args} [array] | | new-tests.go:31:11:31:57 | call to Sprintf | semmle.label | call to Sprintf | | new-tests.go:31:48:31:56 | selection of word | semmle.label | selection of word | @@ -103,7 +117,7 @@ nodes | new-tests.go:62:2:62:39 | ... := ...[0] | semmle.label | ... := ...[0] | | new-tests.go:62:31:62:38 | selection of Body | semmle.label | selection of Body | | new-tests.go:63:17:63:23 | reqBody | semmle.label | reqBody | -| new-tests.go:63:26:63:30 | &... | semmle.label | &... | +| new-tests.go:63:26:63:30 | &... [postupdate] | semmle.label | &... [postupdate] | | new-tests.go:68:11:68:57 | []type{args} [array] | semmle.label | []type{args} [array] | | new-tests.go:68:11:68:57 | call to Sprintf | semmle.label | call to Sprintf | | new-tests.go:68:48:68:56 | selection of word | semmle.label | selection of word | diff --git a/go/ql/test/experimental/CWE-918/SSRF.qlref b/go/ql/test/experimental/CWE-918/SSRF.qlref index 7cba541836f..d68094fa2a0 100644 --- a/go/ql/test/experimental/CWE-918/SSRF.qlref +++ b/go/ql/test/experimental/CWE-918/SSRF.qlref @@ -1,2 +1,4 @@ query: experimental/CWE-918/SSRF.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/go/ql/test/experimental/CWE-918/builtin.go b/go/ql/test/experimental/CWE-918/builtin.go index 5c65bc9d3de..6c39f24dc47 100644 --- a/go/ql/test/experimental/CWE-918/builtin.go +++ b/go/ql/test/experimental/CWE-918/builtin.go @@ -8,6 +8,7 @@ import ( "fmt" "log" "net/http" + "net/url" "regexp" "strings" @@ -16,10 +17,10 @@ import ( ) func handler(w http.ResponseWriter, req *http.Request) { - target := req.FormValue("target") + target := req.FormValue("target") // $ Source // BAD: `target` is controlled by the attacker - _, err := http.Get("https://" + target + ".example.com/data/") + _, err := http.Get("https://" + target + ".example.com/data/") // $ Alert if err != nil { // error handling } @@ -80,12 +81,12 @@ func test() { // x net websocket dial bad http.HandleFunc("/ex2", func(w http.ResponseWriter, r *http.Request) { - untrustedInput := r.Referer() + untrustedInput := r.Referer() // $ Source origin := "http://localhost/" // bad as input is directly passed to dial function - ws, _ := websocket.Dial(untrustedInput, "", origin) // SSRF + ws, _ := websocket.Dial(untrustedInput, "", origin) // $ Alert var msg = make([]byte, 512) var n int n, _ = ws.Read(msg) @@ -94,12 +95,12 @@ func test() { // x net websocket dialConfig bad http.HandleFunc("/ex3", func(w http.ResponseWriter, r *http.Request) { - untrustedInput := r.Referer() + untrustedInput := r.Referer() // $ Source origin := "http://localhost/" // bad as input is directly used - config, _ := websocket.NewConfig(untrustedInput, origin) // SSRF - ws2, _ := websocket.DialConfig(config) + config, _ := websocket.NewConfig(untrustedInput, origin) // $ Sink + ws2, _ := websocket.DialConfig(config) // $ Alert var msg = make([]byte, 512) var n int n, _ = ws2.Read(msg) @@ -108,10 +109,10 @@ func test() { // gorilla websocket Dialer.Dial bad http.HandleFunc("/ex6", func(w http.ResponseWriter, r *http.Request) { - untrustedInput := r.Referer() + untrustedInput := r.Referer() // $ Source dialer := gorilla.Dialer{} - dialer.Dial(untrustedInput, r.Header) //SSRF + dialer.Dial(untrustedInput, r.Header) // $ Alert }) // gorilla websocket Dialer.Dial good @@ -126,10 +127,10 @@ func test() { // gorilla websocket Dialer.DialContext bad http.HandleFunc("/ex8", func(w http.ResponseWriter, r *http.Request) { - untrustedInput := r.Referer() + untrustedInput := r.Referer() // $ Source dialer := gorilla.Dialer{} - dialer.DialContext(context.TODO(), untrustedInput, r.Header) //SSRF + dialer.DialContext(context.TODO(), untrustedInput, r.Header) // $ Alert }) // gorilla websocket Dialer.DialContext good @@ -145,3 +146,16 @@ func test() { log.Println(http.ListenAndServe(":80", nil)) } + +func handler2(w http.ResponseWriter, req *http.Request) { + unsafehost := req.FormValue("host") // $ Source + + url, _ := url.Parse("http://example.com/data") + url.Host = unsafehost + // BAD: `target` is controlled by the attacker + _, err := http.Get(url.String()) // $ Alert + if err != nil { + // error handling + } + // process request response +} diff --git a/go/ql/test/experimental/CWE-918/new-tests.go b/go/ql/test/experimental/CWE-918/new-tests.go index 040bad48596..ddf94daa09e 100644 --- a/go/ql/test/experimental/CWE-918/new-tests.go +++ b/go/ql/test/experimental/CWE-918/new-tests.go @@ -23,20 +23,20 @@ func HandlerGin(c *gin.Context) { safe string `binding:"alphanum"` } - err := c.ShouldBindJSON(&body) + err := c.ShouldBindJSON(&body) // $ Source http.Get(fmt.Sprintf("http://example.com/%d", body.integer)) // OK http.Get(fmt.Sprintf("http://example.com/%v", body.float)) // OK http.Get(fmt.Sprintf("http://example.com/%v", body.boolean)) // OK - http.Get(fmt.Sprintf("http://example.com/%s", body.word)) // SSRF - http.Get(fmt.Sprintf("http://example.com/%s", body.safe)) // SSRF + http.Get(fmt.Sprintf("http://example.com/%s", body.word)) // $ Alert + http.Get(fmt.Sprintf("http://example.com/%s", body.safe)) // $ Alert if err == nil { - http.Get(fmt.Sprintf("http://example.com/%s", body.word)) // SSRF + http.Get(fmt.Sprintf("http://example.com/%s", body.word)) // $ Alert http.Get(fmt.Sprintf("http://example.com/%s", body.safe)) // OK } - taintedParam := c.Param("id") + taintedParam := c.Param("id") // $ Source validate := validator.New() err = validate.Var(taintedParam, "alpha") @@ -44,10 +44,10 @@ func HandlerGin(c *gin.Context) { http.Get("http://example.com/" + taintedParam) // OK } - http.Get("http://example.com/" + taintedParam) //SSRF + http.Get("http://example.com/" + taintedParam) // $ Alert - taintedQuery := c.Query("id") - http.Get("http://example.com/" + taintedQuery) //SSRF + taintedQuery := c.Query("id") // $ Source + http.Get("http://example.com/" + taintedQuery) // $ Alert } func HandlerHttp(req *http.Request) { @@ -59,41 +59,41 @@ func HandlerHttp(req *http.Request) { word string safe string `validate:"alphanum"` } - reqBody, _ := ioutil.ReadAll(req.Body) + reqBody, _ := ioutil.ReadAll(req.Body) // $ Source json.Unmarshal(reqBody, &body) http.Get(fmt.Sprintf("http://example.com/%d", body.integer)) // OK http.Get(fmt.Sprintf("http://example.com/%v", body.float)) // OK http.Get(fmt.Sprintf("http://example.com/%v", body.boolean)) // OK - http.Get(fmt.Sprintf("http://example.com/%s", body.word)) // SSRF - http.Get(fmt.Sprintf("http://example.com/%s", body.safe)) // SSRF + http.Get(fmt.Sprintf("http://example.com/%s", body.word)) // $ Alert + http.Get(fmt.Sprintf("http://example.com/%s", body.safe)) // $ Alert validate := validator.New() err := validate.Struct(body) if err == nil { - http.Get(fmt.Sprintf("http://example.com/%s", body.word)) // SSRF + http.Get(fmt.Sprintf("http://example.com/%s", body.word)) // $ Alert http.Get(fmt.Sprintf("http://example.com/%s", body.safe)) // OK } - taintedQuery := req.URL.Query().Get("param1") - http.Get("http://example.com/" + taintedQuery) // SSRF + taintedQuery := req.URL.Query().Get("param1") // $ Source + http.Get("http://example.com/" + taintedQuery) // $ Alert - taintedParam := strings.TrimPrefix(req.URL.Path, "/example-path/") - http.Get("http://example.com/" + taintedParam) // SSRF + taintedParam := strings.TrimPrefix(req.URL.Path, "/example-path/") // $ Source + http.Get("http://example.com/" + taintedParam) // $ Alert } func HandlerMux(r *http.Request) { - vars := mux.Vars(r) + vars := mux.Vars(r) // $ Source taintedParam := vars["id"] - http.Get("http://example.com/" + taintedParam) // SSRF + http.Get("http://example.com/" + taintedParam) // $ Alert numericID, _ := strconv.Atoi(taintedParam) http.Get(fmt.Sprintf("http://example.com/%d", numericID)) // OK } func HandlerChi(r *http.Request) { - taintedParam := chi.URLParam(r, "articleID") - http.Get("http://example.com/" + taintedParam) // SSRF + taintedParam := chi.URLParam(r, "articleID") // $ Source + http.Get("http://example.com/" + taintedParam) // $ Alert b, _ := strconv.ParseBool(taintedParam) http.Get(fmt.Sprintf("http://example.com/%t", b)) // OK diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ChannelField/test.expected b/go/ql/test/library-tests/semmle/go/dataflow/ChannelField/test.expected index 547c7b25da1..6936b333cf1 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/ChannelField/test.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/ChannelField/test.expected @@ -1,22 +1,14 @@ invalidModelRow edges | test.go:9:9:9:11 | selection of c [collection] | test.go:9:7:9:11 | <-... | provenance | | -| test.go:13:16:13:16 | definition of s [pointer, c, collection] | test.go:16:2:16:2 | s [pointer, c, collection] | provenance | | | test.go:15:10:15:17 | call to source | test.go:16:9:16:12 | data | provenance | | -| test.go:16:2:16:2 | implicit dereference [c, collection] | test.go:13:16:13:16 | definition of s [pointer, c, collection] | provenance | | -| test.go:16:2:16:2 | implicit dereference [c, collection] | test.go:16:2:16:4 | selection of c [collection] | provenance | | -| test.go:16:2:16:2 | s [pointer, c, collection] | test.go:16:2:16:2 | implicit dereference [c, collection] | provenance | | -| test.go:16:2:16:4 | selection of c [collection] | test.go:9:9:9:11 | selection of c [collection] | provenance | | -| test.go:16:2:16:4 | selection of c [collection] | test.go:16:2:16:2 | implicit dereference [c, collection] | provenance | | -| test.go:16:9:16:12 | data | test.go:16:2:16:4 | selection of c [collection] | provenance | | +| test.go:16:2:16:4 | selection of c [postupdate] [collection] | test.go:9:9:9:11 | selection of c [collection] | provenance | | +| test.go:16:9:16:12 | data | test.go:16:2:16:4 | selection of c [postupdate] [collection] | provenance | | nodes | test.go:9:7:9:11 | <-... | semmle.label | <-... | | test.go:9:9:9:11 | selection of c [collection] | semmle.label | selection of c [collection] | -| test.go:13:16:13:16 | definition of s [pointer, c, collection] | semmle.label | definition of s [pointer, c, collection] | | test.go:15:10:15:17 | call to source | semmle.label | call to source | -| test.go:16:2:16:2 | implicit dereference [c, collection] | semmle.label | implicit dereference [c, collection] | -| test.go:16:2:16:2 | s [pointer, c, collection] | semmle.label | s [pointer, c, collection] | -| test.go:16:2:16:4 | selection of c [collection] | semmle.label | selection of c [collection] | +| test.go:16:2:16:4 | selection of c [postupdate] [collection] | semmle.label | selection of c [postupdate] [collection] | | test.go:16:9:16:12 | data | semmle.label | data | subpaths #select diff --git a/go/ql/test/library-tests/semmle/go/dataflow/DefaultTaintSanitizer/DefaultSanitizer.expected b/go/ql/test/library-tests/semmle/go/dataflow/DefaultTaintSanitizer/DefaultSanitizer.expected index b198361df04..72124e7dae0 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/DefaultTaintSanitizer/DefaultSanitizer.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/DefaultTaintSanitizer/DefaultSanitizer.expected @@ -4,27 +4,27 @@ models | 3 | Summary: io; Reader; true; Read; ; ; Argument[receiver]; Argument[0]; taint; manual | | 4 | Summary: os; File; true; Read; ; ; Argument[receiver]; Argument[0]; taint; manual | edges -| Builtin.go:6:2:6:2 | definition of b | Builtin.go:8:9:8:17 | type conversion | provenance | | -| Builtin.go:7:2:7:15 | selection of Body | Builtin.go:6:2:6:2 | definition of b | provenance | Src:MaD:1 MaD:2 | -| Builtin.go:7:2:7:15 | selection of Body | Builtin.go:6:2:6:2 | definition of b | provenance | Src:MaD:1 MaD:3 | -| Builtin.go:7:2:7:15 | selection of Body | Builtin.go:6:2:6:2 | definition of b | provenance | Src:MaD:1 MaD:4 | -| Builtin.go:12:2:12:2 | definition of b | Builtin.go:17:9:17:17 | type conversion | provenance | | -| Builtin.go:13:2:13:15 | selection of Body | Builtin.go:12:2:12:2 | definition of b | provenance | Src:MaD:1 MaD:2 | -| Builtin.go:13:2:13:15 | selection of Body | Builtin.go:12:2:12:2 | definition of b | provenance | Src:MaD:1 MaD:3 | -| Builtin.go:13:2:13:15 | selection of Body | Builtin.go:12:2:12:2 | definition of b | provenance | Src:MaD:1 MaD:4 | -| Builtin.go:21:2:21:2 | definition of b | Builtin.go:24:10:24:18 | type conversion | provenance | | -| Builtin.go:22:2:22:15 | selection of Body | Builtin.go:21:2:21:2 | definition of b | provenance | Src:MaD:1 MaD:2 | -| Builtin.go:22:2:22:15 | selection of Body | Builtin.go:21:2:21:2 | definition of b | provenance | Src:MaD:1 MaD:3 | -| Builtin.go:22:2:22:15 | selection of Body | Builtin.go:21:2:21:2 | definition of b | provenance | Src:MaD:1 MaD:4 | +| Builtin.go:7:2:7:15 | selection of Body | Builtin.go:7:22:7:22 | b [postupdate] | provenance | Src:MaD:1 MaD:2 | +| Builtin.go:7:2:7:15 | selection of Body | Builtin.go:7:22:7:22 | b [postupdate] | provenance | Src:MaD:1 MaD:3 | +| Builtin.go:7:2:7:15 | selection of Body | Builtin.go:7:22:7:22 | b [postupdate] | provenance | Src:MaD:1 MaD:4 | +| Builtin.go:7:22:7:22 | b [postupdate] | Builtin.go:8:9:8:17 | type conversion | provenance | | +| Builtin.go:13:2:13:15 | selection of Body | Builtin.go:13:22:13:22 | b [postupdate] | provenance | Src:MaD:1 MaD:2 | +| Builtin.go:13:2:13:15 | selection of Body | Builtin.go:13:22:13:22 | b [postupdate] | provenance | Src:MaD:1 MaD:3 | +| Builtin.go:13:2:13:15 | selection of Body | Builtin.go:13:22:13:22 | b [postupdate] | provenance | Src:MaD:1 MaD:4 | +| Builtin.go:13:22:13:22 | b [postupdate] | Builtin.go:17:9:17:17 | type conversion | provenance | | +| Builtin.go:22:2:22:15 | selection of Body | Builtin.go:22:22:22:22 | b [postupdate] | provenance | Src:MaD:1 MaD:2 | +| Builtin.go:22:2:22:15 | selection of Body | Builtin.go:22:22:22:22 | b [postupdate] | provenance | Src:MaD:1 MaD:3 | +| Builtin.go:22:2:22:15 | selection of Body | Builtin.go:22:22:22:22 | b [postupdate] | provenance | Src:MaD:1 MaD:4 | +| Builtin.go:22:22:22:22 | b [postupdate] | Builtin.go:24:10:24:18 | type conversion | provenance | | nodes -| Builtin.go:6:2:6:2 | definition of b | semmle.label | definition of b | | Builtin.go:7:2:7:15 | selection of Body | semmle.label | selection of Body | +| Builtin.go:7:22:7:22 | b [postupdate] | semmle.label | b [postupdate] | | Builtin.go:8:9:8:17 | type conversion | semmle.label | type conversion | -| Builtin.go:12:2:12:2 | definition of b | semmle.label | definition of b | | Builtin.go:13:2:13:15 | selection of Body | semmle.label | selection of Body | +| Builtin.go:13:22:13:22 | b [postupdate] | semmle.label | b [postupdate] | | Builtin.go:17:9:17:17 | type conversion | semmle.label | type conversion | -| Builtin.go:21:2:21:2 | definition of b | semmle.label | definition of b | | Builtin.go:22:2:22:15 | selection of Body | semmle.label | selection of Body | +| Builtin.go:22:22:22:22 | b [postupdate] | semmle.label | b [postupdate] | | Builtin.go:24:10:24:18 | type conversion | semmle.label | type conversion | subpaths #select diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/srcs.expected b/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/srcs.expected index a6f313198d1..f99ee92a492 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/srcs.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/srcs.expected @@ -1,6 +1,5 @@ invalidModelRow #select -| test.go:10:6:10:8 | definition of arg | qltest-arg | | test.go:39:8:39:15 | call to Src1 | qltest | | test.go:40:8:40:15 | call to Src2 | qltest | | test.go:40:8:40:15 | call to Src2 | qltest-w-subtypes | @@ -8,6 +7,7 @@ invalidModelRow | test.go:42:2:42:21 | ... = ...[0] | qltest | | test.go:42:2:42:21 | ... = ...[1] | qltest-w-subtypes | | test.go:43:2:43:22 | ... = ...[1] | qltest-w-subtypes | +| test.go:44:11:44:13 | arg [postupdate] | qltest-arg | | test.go:59:9:59:16 | call to Src1 | qltest | | test.go:102:46:102:53 | call to Src1 | qltest | | test.go:112:35:112:42 | call to Src1 | qltest | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/steps.expected b/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/steps.expected index eaf00bde26f..97a1cc49261 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/steps.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/steps.expected @@ -2,18 +2,18 @@ invalidModelRow #select | test.go:17:23:17:25 | arg | test.go:17:10:17:26 | call to StepArgRes | | test.go:18:27:18:29 | arg | test.go:18:2:18:30 | ... = ...[1] | -| test.go:19:15:19:17 | arg | test.go:11:6:11:9 | definition of arg1 | -| test.go:21:16:21:18 | arg | test.go:13:6:13:6 | definition of t | +| test.go:19:15:19:17 | arg | test.go:19:20:19:23 | arg1 [postupdate] | +| test.go:21:16:21:18 | arg | test.go:21:2:21:2 | t [postupdate] | | test.go:22:10:22:10 | t | test.go:22:10:22:24 | call to StepQualRes | -| test.go:23:2:23:2 | t | test.go:10:6:10:8 | definition of arg | +| test.go:23:2:23:2 | t | test.go:23:16:23:18 | arg [postupdate] | | test.go:24:32:24:34 | arg | test.go:24:10:24:35 | call to StepArgResNoQual | | test.go:61:25:61:27 | src | test.go:61:12:61:28 | call to StepArgRes | | test.go:64:29:64:31 | src | test.go:64:2:64:32 | ... := ...[1] | -| test.go:68:15:68:17 | src | test.go:67:6:67:11 | definition of taint3 | -| test.go:76:21:76:23 | src | test.go:75:6:75:11 | definition of taint4 | +| test.go:68:15:68:17 | src | test.go:68:20:68:25 | taint3 [postupdate] | +| test.go:76:21:76:23 | src | test.go:76:2:76:7 | taint4 [postupdate] | | test.go:79:13:79:25 | type assertion | test.go:79:12:79:40 | call to StepQualRes | -| test.go:83:3:83:15 | type assertion | test.go:82:6:82:11 | definition of taint6 | +| test.go:83:3:83:15 | type assertion | test.go:83:30:83:35 | taint6 [postupdate] | | test.go:86:34:86:36 | src | test.go:86:12:86:37 | call to StepArgResNoQual | | test.go:149:10:149:27 | []type{args} | test.go:149:10:149:27 | call to append | | test.go:149:17:149:21 | slice | test.go:149:10:149:27 | call to append | -| test.go:155:15:155:20 | slice1 | test.go:154:2:154:7 | definition of slice2 | +| test.go:155:15:155:20 | slice1 | test.go:155:7:155:12 | slice2 [postupdate] | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/test.go b/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/test.go index 14b9a43b599..c9d732e7400 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/test.go +++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/test.go @@ -158,7 +158,7 @@ func simpleflow() { ch := make(chan string) ch <- a.Src1().(string) taint16 := test.StepArgCollectionContentRes(ch) - b.Sink1(taint16) // $ MISSING: hasTaintFlow="taint16" // currently fails due to lack of post-update nodes after send statements + b.Sink1(taint16) // $ hasTaintFlow="taint16" c1 := test.C{""} c1.Set(a.Src1().(string)) diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/srcs.expected b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/srcs.expected index a85e8689960..009238baa4d 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/srcs.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/srcs.expected @@ -1,6 +1,5 @@ invalidModelRow #select -| test.go:10:6:10:8 | definition of arg | qltest-arg | | test.go:39:8:39:15 | call to Src1 | qltest | | test.go:40:8:40:15 | call to Src2 | qltest | | test.go:40:8:40:15 | call to Src2 | qltest-w-subtypes | @@ -8,6 +7,7 @@ invalidModelRow | test.go:42:2:42:21 | ... = ...[0] | qltest | | test.go:42:2:42:21 | ... = ...[1] | qltest-w-subtypes | | test.go:43:2:43:22 | ... = ...[1] | qltest-w-subtypes | +| test.go:44:11:44:13 | arg [postupdate] | qltest-arg | | test.go:59:9:59:16 | call to Src1 | qltest | | test.go:102:46:102:53 | call to Src1 | qltest | | test.go:112:35:112:42 | call to Src1 | qltest | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/steps.expected b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/steps.expected index e53ed76ad00..eb52daa4253 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/steps.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/steps.expected @@ -2,17 +2,17 @@ invalidModelRow #select | test.go:17:23:17:25 | arg | test.go:17:10:17:26 | call to StepArgRes | | test.go:18:27:18:29 | arg | test.go:18:2:18:30 | ... = ...[1] | -| test.go:19:15:19:17 | arg | test.go:11:6:11:9 | definition of arg1 | -| test.go:21:16:21:18 | arg | test.go:13:6:13:6 | definition of t | +| test.go:19:15:19:17 | arg | test.go:19:20:19:23 | arg1 [postupdate] | +| test.go:21:16:21:18 | arg | test.go:21:2:21:2 | t [postupdate] | | test.go:22:10:22:10 | t | test.go:22:10:22:24 | call to StepQualRes | -| test.go:23:2:23:2 | t | test.go:10:6:10:8 | definition of arg | +| test.go:23:2:23:2 | t | test.go:23:16:23:18 | arg [postupdate] | | test.go:24:32:24:34 | arg | test.go:24:10:24:35 | call to StepArgResNoQual | | test.go:61:25:61:27 | src | test.go:61:12:61:28 | call to StepArgRes | | test.go:64:29:64:31 | src | test.go:64:2:64:32 | ... := ...[1] | -| test.go:68:15:68:17 | src | test.go:67:6:67:11 | definition of taint3 | -| test.go:76:21:76:23 | src | test.go:75:6:75:11 | definition of taint4 | +| test.go:68:15:68:17 | src | test.go:68:20:68:25 | taint3 [postupdate] | +| test.go:76:21:76:23 | src | test.go:76:2:76:7 | taint4 [postupdate] | | test.go:79:13:79:25 | type assertion | test.go:79:12:79:40 | call to StepQualRes | -| test.go:83:3:83:15 | type assertion | test.go:82:6:82:11 | definition of taint6 | +| test.go:83:3:83:15 | type assertion | test.go:83:30:83:35 | taint6 [postupdate] | | test.go:86:34:86:36 | src | test.go:86:12:86:37 | call to StepArgResNoQual | | test.go:202:14:202:19 | srcInt | test.go:202:10:202:26 | call to max | | test.go:202:22:202:22 | 0 | test.go:202:10:202:26 | call to max | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/test.go b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/test.go index f118880d497..3c172e6082d 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/test.go +++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/test.go @@ -158,7 +158,7 @@ func simpleflow() { ch := make(chan string) ch <- a.Src1().(string) taint16 := test.StepArgCollectionContentRes(ch) - b.Sink1(taint16) // $ MISSING: hasValueFlow="taint16" // currently fails due to lack of post-update nodes after send statements + b.Sink1(taint16) // $ hasValueFlow="taint16" c1 := test.C{""} c1.Set(a.Src1().(string)) diff --git a/go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalFlowStep.expected b/go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalFlowStep.expected index c6bfdfdc1d5..fcbb78716a4 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalFlowStep.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalFlowStep.expected @@ -49,21 +49,21 @@ | main.go:3:6:3:10 | function test1 | main.go:34:2:34:6 | test1 | | main.go:3:12:3:12 | argument corresponding to x | main.go:3:12:3:12 | definition of x | | main.go:3:12:3:12 | definition of x | main.go:5:5:5:5 | x | -| main.go:3:12:3:12 | definition of x | main.go:6:7:6:7 | x | -| main.go:3:12:3:12 | definition of x | main.go:8:8:8:8 | x | -| main.go:3:12:3:12 | definition of x | main.go:10:7:10:7 | x | -| main.go:3:12:3:12 | definition of x | main.go:10:22:10:22 | x | | main.go:3:19:3:20 | argument corresponding to fn | main.go:3:19:3:20 | definition of fn | | main.go:3:19:3:20 | definition of fn | main.go:10:24:10:25 | fn | -| main.go:6:3:6:3 | definition of y | main.go:10:2:10:2 | y = phi(def@6:3, def@8:3) | +| main.go:5:5:5:5 | x | main.go:6:7:6:7 | x | +| main.go:5:5:5:5 | x | main.go:8:8:8:8 | x | +| main.go:6:3:6:3 | definition of y | main.go:10:12:10:12 | y | | main.go:6:7:6:7 | x | main.go:6:3:6:3 | definition of y | -| main.go:8:3:8:3 | definition of y | main.go:10:2:10:2 | y = phi(def@6:3, def@8:3) | +| main.go:6:7:6:7 | x | main.go:10:7:10:7 | x | +| main.go:8:3:8:3 | definition of y | main.go:10:12:10:12 | y | | main.go:8:7:8:8 | -... | main.go:8:3:8:3 | definition of y | +| main.go:8:8:8:8 | x | main.go:10:7:10:7 | x | | main.go:10:2:10:2 | definition of z | main.go:11:14:11:14 | z | -| main.go:10:2:10:2 | y = phi(def@6:3, def@8:3) | main.go:10:12:10:12 | y | -| main.go:10:2:10:2 | y = phi(def@6:3, def@8:3) | main.go:10:17:10:17 | y | +| main.go:10:7:10:7 | x | main.go:10:22:10:22 | x | | main.go:10:7:10:12 | ...<=... | main.go:10:7:10:27 | ...&&... | | main.go:10:7:10:27 | ...&&... | main.go:10:2:10:2 | definition of z | +| main.go:10:12:10:12 | y | main.go:10:17:10:17 | y | | main.go:10:17:10:27 | ...>=... | main.go:10:7:10:27 | ...&&... | | main.go:11:14:11:14 | z | main.go:11:9:11:15 | type conversion | | main.go:14:6:14:10 | function test2 | main.go:34:8:34:12 | test2 | @@ -84,50 +84,54 @@ | main.go:26:5:26:6 | definition of ok | main.go:27:5:27:6 | ok | | main.go:26:11:26:11 | x | main.go:26:2:26:17 | ... := ...[0] | | main.go:38:2:38:2 | definition of s | main.go:39:15:39:15 | s | -| main.go:38:2:38:2 | definition of s | main.go:40:15:40:15 | s | -| main.go:38:2:38:2 | definition of s | main.go:42:7:42:7 | s | | main.go:38:7:38:20 | slice literal | main.go:38:2:38:2 | definition of s | +| main.go:38:7:38:20 | slice literal [postupdate] | main.go:38:2:38:2 | definition of s | | main.go:39:2:39:3 | definition of s1 | main.go:40:18:40:19 | s1 | | main.go:39:8:39:25 | call to append | main.go:39:2:39:3 | definition of s1 | +| main.go:39:15:39:15 | s | main.go:40:15:40:15 | s | +| main.go:39:15:39:15 | s [postupdate] | main.go:40:15:40:15 | s | | main.go:40:2:40:3 | definition of s2 | main.go:43:9:43:10 | s2 | | main.go:40:8:40:23 | call to append | main.go:40:2:40:3 | definition of s2 | +| main.go:40:15:40:15 | s | main.go:42:7:42:7 | s | +| main.go:40:15:40:15 | s [postupdate] | main.go:42:7:42:7 | s | | main.go:41:2:41:3 | definition of s4 | main.go:42:10:42:11 | s4 | | main.go:41:8:41:21 | call to make | main.go:41:2:41:3 | definition of s4 | | main.go:46:13:46:14 | argument corresponding to xs | main.go:46:13:46:14 | definition of xs | | main.go:46:13:46:14 | definition of xs | main.go:47:20:47:21 | xs | -| main.go:46:24:46:27 | definition of keys | main.go:47:20:47:21 | keys = phi(def@46:24, def@49:3) | +| main.go:46:24:46:27 | definition of keys | main.go:46:24:46:27 | implicit read of keys | +| main.go:46:24:46:27 | definition of keys | main.go:49:3:49:6 | keys | | main.go:46:24:46:27 | zero value for keys | main.go:46:24:46:27 | definition of keys | -| main.go:46:34:46:37 | definition of vals | main.go:47:20:47:21 | vals = phi(def@46:34, def@48:3) | +| main.go:46:34:46:37 | definition of vals | main.go:46:34:46:37 | implicit read of vals | +| main.go:46:34:46:37 | definition of vals | main.go:48:3:48:6 | vals | | main.go:46:34:46:37 | zero value for vals | main.go:46:34:46:37 | definition of vals | | main.go:47:2:50:2 | range statement[0] | main.go:47:6:47:6 | definition of k | | main.go:47:2:50:2 | range statement[1] | main.go:47:9:47:9 | definition of v | | main.go:47:6:47:6 | definition of k | main.go:49:11:49:11 | k | | main.go:47:9:47:9 | definition of v | main.go:48:11:48:11 | v | -| main.go:47:20:47:21 | keys = phi(def@46:24, def@49:3) | main.go:46:24:46:27 | implicit read of keys | -| main.go:47:20:47:21 | keys = phi(def@46:24, def@49:3) | main.go:49:3:49:6 | keys | -| main.go:47:20:47:21 | vals = phi(def@46:34, def@48:3) | main.go:46:34:46:37 | implicit read of vals | -| main.go:47:20:47:21 | vals = phi(def@46:34, def@48:3) | main.go:48:3:48:6 | vals | -| main.go:48:3:48:6 | definition of vals | main.go:47:20:47:21 | vals = phi(def@46:34, def@48:3) | +| main.go:48:3:48:6 | definition of vals | main.go:46:34:46:37 | implicit read of vals | +| main.go:48:3:48:6 | definition of vals | main.go:48:3:48:6 | vals | | main.go:48:3:48:11 | ... += ... | main.go:48:3:48:6 | definition of vals | -| main.go:49:3:49:6 | definition of keys | main.go:47:20:47:21 | keys = phi(def@46:24, def@49:3) | +| main.go:49:3:49:6 | definition of keys | main.go:46:24:46:27 | implicit read of keys | +| main.go:49:3:49:6 | definition of keys | main.go:49:3:49:6 | keys | | main.go:49:3:49:11 | ... += ... | main.go:49:3:49:6 | definition of keys | | main.go:55:6:55:7 | definition of ch | main.go:56:2:56:3 | ch | -| main.go:55:6:55:7 | definition of ch | main.go:57:4:57:5 | ch | | main.go:55:6:55:7 | zero value for ch | main.go:55:6:55:7 | definition of ch | +| main.go:56:2:56:3 | ch | main.go:57:4:57:5 | ch | +| main.go:56:2:56:3 | ch [postupdate] | main.go:57:4:57:5 | ch | | main.go:61:2:61:2 | definition of x | main.go:64:11:64:11 | x | -| main.go:61:2:61:2 | definition of x | main.go:65:11:65:11 | x | | main.go:61:7:61:7 | 1 | main.go:61:2:61:2 | definition of x | | main.go:62:2:62:2 | definition of y | main.go:64:14:64:14 | y | -| main.go:62:2:62:2 | definition of y | main.go:65:14:65:14 | y | | main.go:62:7:62:7 | 2 | main.go:62:2:62:2 | definition of y | | main.go:63:2:63:2 | definition of z | main.go:64:17:64:17 | z | -| main.go:63:2:63:2 | definition of z | main.go:65:17:65:17 | z | | main.go:63:7:63:7 | 3 | main.go:63:2:63:2 | definition of z | | main.go:64:2:64:2 | definition of a | main.go:66:9:66:9 | a | | main.go:64:7:64:18 | call to min | main.go:64:2:64:2 | definition of a | | main.go:64:11:64:11 | x | main.go:64:7:64:18 | call to min | +| main.go:64:11:64:11 | x | main.go:65:11:65:11 | x | | main.go:64:14:64:14 | y | main.go:64:7:64:18 | call to min | +| main.go:64:14:64:14 | y | main.go:65:14:65:14 | y | | main.go:64:17:64:17 | z | main.go:64:7:64:18 | call to min | +| main.go:64:17:64:17 | z | main.go:65:17:65:17 | z | | main.go:65:2:65:2 | definition of b | main.go:66:12:66:12 | b | | main.go:65:7:65:18 | call to max | main.go:65:2:65:2 | definition of b | | main.go:65:11:65:11 | x | main.go:65:7:65:18 | call to max | @@ -135,62 +139,71 @@ | main.go:65:17:65:17 | z | main.go:65:7:65:18 | call to max | | strings.go:8:12:8:12 | argument corresponding to s | strings.go:8:12:8:12 | definition of s | | strings.go:8:12:8:12 | definition of s | strings.go:9:24:9:24 | s | -| strings.go:8:12:8:12 | definition of s | strings.go:10:27:10:27 | s | | strings.go:9:2:9:3 | definition of s2 | strings.go:11:20:11:21 | s2 | -| strings.go:9:2:9:3 | definition of s2 | strings.go:11:48:11:49 | s2 | | strings.go:9:8:9:38 | call to Replace | strings.go:9:2:9:3 | definition of s2 | +| strings.go:9:24:9:24 | s | strings.go:10:27:10:27 | s | | strings.go:10:2:10:3 | definition of s3 | strings.go:11:24:11:25 | s3 | -| strings.go:10:2:10:3 | definition of s3 | strings.go:11:67:11:68 | s3 | | strings.go:10:8:10:42 | call to ReplaceAll | strings.go:10:2:10:3 | definition of s3 | +| strings.go:11:20:11:21 | s2 | strings.go:11:48:11:49 | s2 | +| strings.go:11:24:11:25 | s3 | strings.go:11:67:11:68 | s3 | | url.go:8:12:8:12 | argument corresponding to b | url.go:8:12:8:12 | definition of b | | url.go:8:12:8:12 | definition of b | url.go:11:5:11:5 | b | | url.go:8:20:8:20 | argument corresponding to s | url.go:8:20:8:20 | definition of s | | url.go:8:20:8:20 | definition of s | url.go:12:46:12:46 | s | | url.go:8:20:8:20 | definition of s | url.go:14:48:14:48 | s | -| url.go:12:3:12:5 | definition of res | url.go:16:5:16:7 | res = phi(def@12:3, def@14:3) | +| url.go:12:3:12:5 | definition of res | url.go:19:9:19:11 | res | | url.go:12:3:12:48 | ... = ...[0] | url.go:12:3:12:5 | definition of res | | url.go:12:3:12:48 | ... = ...[1] | url.go:12:8:12:10 | definition of err | -| url.go:12:8:12:10 | definition of err | url.go:16:5:16:7 | err = phi(def@12:8, def@14:8) | -| url.go:14:3:14:5 | definition of res | url.go:16:5:16:7 | res = phi(def@12:3, def@14:3) | +| url.go:12:8:12:10 | definition of err | url.go:16:5:16:7 | err | +| url.go:14:3:14:5 | definition of res | url.go:19:9:19:11 | res | | url.go:14:3:14:50 | ... = ...[0] | url.go:14:3:14:5 | definition of res | | url.go:14:3:14:50 | ... = ...[1] | url.go:14:8:14:10 | definition of err | -| url.go:14:8:14:10 | definition of err | url.go:16:5:16:7 | err = phi(def@12:8, def@14:8) | -| url.go:16:5:16:7 | err = phi(def@12:8, def@14:8) | url.go:16:5:16:7 | err | -| url.go:16:5:16:7 | res = phi(def@12:3, def@14:3) | url.go:19:9:19:11 | res | +| url.go:14:8:14:10 | definition of err | url.go:16:5:16:7 | err | | url.go:22:12:22:12 | argument corresponding to i | url.go:22:12:22:12 | definition of i | | url.go:22:12:22:12 | definition of i | url.go:24:5:24:5 | i | | url.go:22:19:22:19 | argument corresponding to s | url.go:22:19:22:19 | definition of s | | url.go:22:19:22:19 | definition of s | url.go:23:20:23:20 | s | -| url.go:22:19:22:19 | definition of s | url.go:27:29:27:29 | s | | url.go:23:2:23:2 | definition of u | url.go:25:10:25:10 | u | | url.go:23:2:23:21 | ... := ...[0] | url.go:23:2:23:2 | definition of u | +| url.go:23:20:23:20 | s | url.go:27:29:27:29 | s | | url.go:27:2:27:2 | definition of u | url.go:28:14:28:14 | u | -| url.go:27:2:27:2 | definition of u | url.go:29:14:29:14 | u | -| url.go:27:2:27:2 | definition of u | url.go:30:11:30:11 | u | -| url.go:27:2:27:2 | definition of u | url.go:32:9:32:9 | u | | url.go:27:2:27:30 | ... = ...[0] | url.go:27:2:27:2 | definition of u | +| url.go:28:14:28:14 | u | url.go:29:14:29:14 | u | +| url.go:28:14:28:14 | u [postupdate] | url.go:29:14:29:14 | u | +| url.go:29:14:29:14 | u | url.go:30:11:30:11 | u | +| url.go:29:14:29:14 | u [postupdate] | url.go:30:11:30:11 | u | | url.go:30:2:30:3 | definition of bs | url.go:31:14:31:15 | bs | | url.go:30:2:30:27 | ... := ...[0] | url.go:30:2:30:3 | definition of bs | +| url.go:30:11:30:11 | u | url.go:32:9:32:9 | u | +| url.go:30:11:30:11 | u [postupdate] | url.go:32:9:32:9 | u | | url.go:32:2:32:2 | definition of u | url.go:33:14:33:14 | u | -| url.go:32:2:32:2 | definition of u | url.go:34:14:34:14 | u | -| url.go:32:2:32:2 | definition of u | url.go:35:14:35:14 | u | -| url.go:32:2:32:2 | definition of u | url.go:36:6:36:6 | u | -| url.go:32:2:32:2 | definition of u | url.go:36:25:36:25 | u | | url.go:32:2:32:23 | ... = ...[0] | url.go:32:2:32:2 | definition of u | +| url.go:33:14:33:14 | u | url.go:34:14:34:14 | u | +| url.go:33:14:33:14 | u [postupdate] | url.go:34:14:34:14 | u | +| url.go:34:14:34:14 | u | url.go:35:14:35:14 | u | +| url.go:34:14:34:14 | u [postupdate] | url.go:35:14:35:14 | u | +| url.go:35:14:35:14 | u | url.go:36:6:36:6 | u | +| url.go:35:14:35:14 | u [postupdate] | url.go:36:6:36:6 | u | | url.go:36:2:36:2 | definition of u | url.go:37:9:37:9 | u | +| url.go:36:6:36:6 | u | url.go:36:25:36:25 | u | +| url.go:36:6:36:6 | u [postupdate] | url.go:36:25:36:25 | u | | url.go:36:6:36:26 | call to ResolveReference | url.go:36:2:36:2 | definition of u | | url.go:42:2:42:3 | definition of ui | url.go:43:11:43:12 | ui | -| url.go:42:2:42:3 | definition of ui | url.go:45:14:45:15 | ui | -| url.go:42:2:42:3 | definition of ui | url.go:46:9:46:10 | ui | | url.go:42:7:42:38 | call to UserPassword | url.go:42:2:42:3 | definition of ui | | url.go:43:2:43:3 | definition of pw | url.go:44:14:44:15 | pw | | url.go:43:2:43:23 | ... := ...[0] | url.go:43:2:43:3 | definition of pw | +| url.go:43:11:43:12 | ui | url.go:45:14:45:15 | ui | +| url.go:43:11:43:12 | ui [postupdate] | url.go:45:14:45:15 | ui | +| url.go:45:14:45:15 | ui | url.go:46:9:46:10 | ui | +| url.go:45:14:45:15 | ui [postupdate] | url.go:46:9:46:10 | ui | | url.go:49:12:49:12 | argument corresponding to q | url.go:49:12:49:12 | definition of q | | url.go:49:12:49:12 | definition of q | url.go:50:25:50:25 | q | | url.go:50:2:50:2 | definition of v | url.go:51:14:51:14 | v | -| url.go:50:2:50:2 | definition of v | url.go:52:14:52:14 | v | -| url.go:50:2:50:2 | definition of v | url.go:53:9:53:9 | v | | url.go:50:2:50:26 | ... := ...[0] | url.go:50:2:50:2 | definition of v | +| url.go:51:14:51:14 | v | url.go:52:14:52:14 | v | +| url.go:51:14:51:14 | v [postupdate] | url.go:52:14:52:14 | v | +| url.go:52:14:52:14 | v | url.go:53:9:53:9 | v | +| url.go:52:14:52:14 | v [postupdate] | url.go:53:9:53:9 | v | | url.go:56:12:56:12 | argument corresponding to q | url.go:56:12:56:12 | definition of q | | url.go:56:12:56:12 | definition of q | url.go:57:29:57:29 | q | | url.go:57:2:57:8 | definition of joined1 | url.go:58:38:58:44 | joined1 | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalTaintStep.expected b/go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalTaintStep.expected index 6fadcdaabe6..66784562496 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalTaintStep.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalTaintStep.expected @@ -7,7 +7,7 @@ | main.go:39:15:39:15 | s | main.go:39:8:39:25 | call to append | | main.go:40:15:40:15 | s | main.go:40:8:40:23 | call to append | | main.go:40:18:40:19 | s1 | main.go:40:8:40:23 | call to append | -| main.go:42:10:42:11 | s4 | main.go:38:2:38:2 | definition of s | +| main.go:42:10:42:11 | s4 | main.go:42:7:42:7 | s [postupdate] | | main.go:47:20:47:21 | next key-value pair in range | main.go:47:2:50:2 | range statement[0] | | main.go:47:20:47:21 | next key-value pair in range | main.go:47:2:50:2 | range statement[1] | | main.go:47:20:47:21 | xs | main.go:47:2:50:2 | range statement[1] | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/FunctionInputsAndOutputs/FunctionModelStep.expected b/go/ql/test/library-tests/semmle/go/dataflow/FunctionInputsAndOutputs/FunctionModelStep.expected index f9b4b8106f1..b0c0a58b339 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/FunctionInputsAndOutputs/FunctionModelStep.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/FunctionInputsAndOutputs/FunctionModelStep.expected @@ -1,3 +1,3 @@ -| file://:0:0:0:0 | NewEncoder | tst2.go:10:9:10:26 | call to NewEncoder | tst2.go:9:6:9:6 | definition of w | -| file://:0:0:0:0 | ReadFrom | tst.go:10:23:10:28 | reader | tst.go:9:2:9:12 | definition of bytesBuffer | -| file://:0:0:0:0 | Reset | reset.go:12:15:12:20 | source | reset.go:11:6:11:11 | definition of reader | +| file://:0:0:0:0 | NewEncoder | tst2.go:10:9:10:26 | call to NewEncoder | tst2.go:10:25:10:25 | w [postupdate] | +| file://:0:0:0:0 | ReadFrom | tst.go:10:23:10:28 | reader | tst.go:10:2:10:12 | bytesBuffer [postupdate] | +| file://:0:0:0:0 | Reset | reset.go:12:15:12:20 | source | reset.go:12:2:12:7 | reader [postupdate] | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/FunctionInputsAndOutputs/FunctionOutput_getExitNode.expected b/go/ql/test/library-tests/semmle/go/dataflow/FunctionInputsAndOutputs/FunctionOutput_getExitNode.expected index e8addfb217e..eebf68d92d4 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/FunctionInputsAndOutputs/FunctionOutput_getExitNode.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/FunctionInputsAndOutputs/FunctionOutput_getExitNode.expected @@ -1,13 +1,13 @@ -| parameter 0 | reset.go:12:2:12:21 | call to Reset | reset.go:9:2:9:7 | definition of source | -| parameter 0 | tst2.go:10:9:10:26 | call to NewEncoder | tst2.go:9:6:9:6 | definition of w | -| parameter 0 | tst2.go:10:9:10:39 | call to Encode | tst2.go:8:12:8:15 | definition of data | -| parameter 0 | tst.go:10:2:10:29 | call to ReadFrom | tst.go:8:12:8:17 | definition of reader | -| parameter 0 | tst.go:16:2:16:12 | call to test5 | tst.go:15:12:15:12 | definition of x | -| parameter 1 | tst.go:16:2:16:12 | call to test5 | tst.go:15:15:15:15 | definition of y | -| receiver | main.go:53:14:53:21 | call to bump | main.go:52:2:52:2 | definition of c | -| receiver | reset.go:12:2:12:21 | call to Reset | reset.go:11:6:11:11 | definition of reader | -| receiver | tst2.go:10:9:10:39 | call to Encode | tst2.go:10:9:10:26 | call to NewEncoder | -| receiver | tst.go:10:2:10:29 | call to ReadFrom | tst.go:9:2:9:12 | definition of bytesBuffer | +| parameter 0 | reset.go:12:2:12:21 | call to Reset | reset.go:12:15:12:20 | source [postupdate] | +| parameter 0 | tst2.go:10:9:10:26 | call to NewEncoder | tst2.go:10:25:10:25 | w [postupdate] | +| parameter 0 | tst2.go:10:9:10:39 | call to Encode | tst2.go:10:35:10:38 | data [postupdate] | +| parameter 0 | tst.go:10:2:10:29 | call to ReadFrom | tst.go:10:23:10:28 | reader [postupdate] | +| parameter 0 | tst.go:16:2:16:12 | call to test5 | tst.go:16:8:16:8 | x [postupdate] | +| parameter 1 | tst.go:16:2:16:12 | call to test5 | tst.go:16:11:16:11 | y [postupdate] | +| receiver | main.go:53:14:53:21 | call to bump | main.go:53:14:53:14 | c [postupdate] | +| receiver | reset.go:12:2:12:21 | call to Reset | reset.go:12:2:12:7 | reader [postupdate] | +| receiver | tst2.go:10:9:10:39 | call to Encode | tst2.go:10:9:10:26 | call to NewEncoder [postupdate] | +| receiver | tst.go:10:2:10:29 | call to ReadFrom | tst.go:10:2:10:12 | bytesBuffer [postupdate] | | result | main.go:51:2:51:14 | call to op | main.go:51:2:51:14 | call to op | | result | main.go:53:2:53:22 | call to op2 | main.go:53:2:53:22 | call to op2 | | result | main.go:53:14:53:21 | call to bump | main.go:53:14:53:21 | call to bump | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/PostUpdateNodes/test.expected b/go/ql/test/library-tests/semmle/go/dataflow/PostUpdateNodes/test.expected index 9f29e364be9..d29d11627b0 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/PostUpdateNodes/test.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/PostUpdateNodes/test.expected @@ -1,26 +1,26 @@ -| file://:0:0:0:0 | [summary] to write: Argument[0] in copy | file://:0:0:0:0 | [summary param] 0 in copy | -| test.go:22:2:22:2 | definition of a | test.go:23:2:23:2 | a | -| test.go:22:2:22:2 | definition of a | test.go:24:2:24:2 | a | -| test.go:22:2:22:2 | definition of a | test.go:25:2:25:2 | a | -| test.go:22:2:22:2 | definition of a | test.go:26:2:26:2 | a | -| test.go:22:2:22:2 | definition of a | test.go:29:6:29:6 | a | -| test.go:22:2:22:2 | definition of a | test.go:30:7:30:7 | a | -| test.go:22:2:22:2 | definition of a | test.go:35:4:35:4 | a | -| test.go:22:2:22:2 | definition of a | test.go:36:5:36:5 | a | -| test.go:23:11:23:14 | &... | test.go:23:11:23:14 | &... | -| test.go:23:12:23:14 | selection of b | test.go:23:12:23:14 | selection of b | -| test.go:24:2:24:5 | selection of bs | test.go:24:2:24:5 | selection of bs | -| test.go:24:2:24:8 | index expression | test.go:24:2:24:8 | index expression | -| test.go:24:17:24:20 | &... | test.go:24:17:24:20 | &... | -| test.go:24:18:24:20 | struct literal | test.go:24:18:24:20 | struct literal | -| test.go:25:2:25:5 | selection of bs | test.go:25:2:25:5 | selection of bs | -| test.go:25:2:25:8 | index expression | test.go:25:2:25:8 | index expression | -| test.go:25:2:25:13 | implicit dereference | test.go:25:2:25:13 | implicit dereference | -| test.go:25:2:25:13 | selection of cptr | test.go:25:2:25:13 | selection of cptr | -| test.go:26:2:26:7 | implicit dereference | test.go:26:2:26:7 | implicit dereference | -| test.go:26:2:26:7 | selection of bptr | test.go:26:2:26:7 | selection of bptr | -| test.go:26:2:26:12 | implicit dereference | test.go:26:2:26:12 | implicit dereference | -| test.go:26:2:26:12 | selection of cptr | test.go:26:2:26:12 | selection of cptr | -| test.go:28:2:28:2 | definition of c | test.go:29:2:29:2 | c | -| test.go:28:2:28:2 | definition of c | test.go:30:2:30:2 | c | -| test.go:28:7:28:10 | struct literal | test.go:28:7:28:10 | struct literal | +| file://:0:0:0:0 | [summary param] 0 in copy | file://:0:0:0:0 | [summary] to write: Argument[0] in copy | +| test.go:23:2:23:2 | a | test.go:23:2:23:2 | a [postupdate] | +| test.go:23:11:23:14 | &... | test.go:23:11:23:14 | &... [postupdate] | +| test.go:23:12:23:14 | selection of b | test.go:23:12:23:14 | selection of b [postupdate] | +| test.go:24:2:24:2 | a | test.go:24:2:24:2 | a [postupdate] | +| test.go:24:2:24:5 | selection of bs | test.go:24:2:24:5 | selection of bs [postupdate] | +| test.go:24:2:24:8 | index expression | test.go:24:2:24:8 | index expression [postupdate] | +| test.go:24:17:24:20 | &... | test.go:24:17:24:20 | &... [postupdate] | +| test.go:24:18:24:20 | struct literal | test.go:24:18:24:20 | struct literal [postupdate] | +| test.go:25:2:25:2 | a | test.go:25:2:25:2 | a [postupdate] | +| test.go:25:2:25:5 | selection of bs | test.go:25:2:25:5 | selection of bs [postupdate] | +| test.go:25:2:25:8 | index expression | test.go:25:2:25:8 | index expression [postupdate] | +| test.go:25:2:25:13 | implicit dereference | test.go:25:2:25:13 | implicit dereference [postupdate] | +| test.go:25:2:25:13 | selection of cptr | test.go:25:2:25:13 | selection of cptr [postupdate] | +| test.go:26:2:26:2 | a | test.go:26:2:26:2 | a [postupdate] | +| test.go:26:2:26:7 | implicit dereference | test.go:26:2:26:7 | implicit dereference [postupdate] | +| test.go:26:2:26:7 | selection of bptr | test.go:26:2:26:7 | selection of bptr [postupdate] | +| test.go:26:2:26:12 | implicit dereference | test.go:26:2:26:12 | implicit dereference [postupdate] | +| test.go:26:2:26:12 | selection of cptr | test.go:26:2:26:12 | selection of cptr [postupdate] | +| test.go:28:7:28:10 | struct literal | test.go:28:7:28:10 | struct literal [postupdate] | +| test.go:29:2:29:2 | c | test.go:29:2:29:2 | c [postupdate] | +| test.go:29:6:29:6 | a | test.go:29:6:29:6 | a [postupdate] | +| test.go:30:2:30:2 | c | test.go:30:2:30:2 | c [postupdate] | +| test.go:30:7:30:7 | a | test.go:30:7:30:7 | a [postupdate] | +| test.go:35:4:35:4 | a | test.go:35:4:35:4 | a [postupdate] | +| test.go:36:5:36:5 | a | test.go:36:5:36:5 | a [postupdate] | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/PostUpdateNodes/test.ql b/go/ql/test/library-tests/semmle/go/dataflow/PostUpdateNodes/test.ql index ca2a9c5980b..b200ed4b8a7 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/PostUpdateNodes/test.ql +++ b/go/ql/test/library-tests/semmle/go/dataflow/PostUpdateNodes/test.ql @@ -1,4 +1,4 @@ import go from DataFlow::PostUpdateNode pun -select pun, pun.getPreUpdateNode() +select pun.getPreUpdateNode(), pun diff --git a/go/ql/test/library-tests/semmle/go/dataflow/PromotedFields/LocalFlowStep.expected b/go/ql/test/library-tests/semmle/go/dataflow/PromotedFields/LocalFlowStep.expected index d61d6be9c5f..5908aa8d113 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/PromotedFields/LocalFlowStep.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/PromotedFields/LocalFlowStep.expected @@ -79,106 +79,136 @@ | main.go:7:6:7:9 | function sink | main.go:149:2:149:5 | sink | | main.go:7:6:7:9 | function sink | main.go:150:2:150:5 | sink | | main.go:22:2:22:6 | definition of outer | main.go:25:7:25:11 | outer | -| main.go:22:2:22:6 | definition of outer | main.go:26:7:26:11 | outer | -| main.go:22:2:22:6 | definition of outer | main.go:27:7:27:11 | outer | -| main.go:22:2:22:6 | definition of outer | main.go:28:7:28:11 | outer | | main.go:22:11:24:2 | struct literal | main.go:22:2:22:6 | definition of outer | +| main.go:22:11:24:2 | struct literal [postupdate] | main.go:22:2:22:6 | definition of outer | +| main.go:25:7:25:11 | outer | main.go:26:7:26:11 | outer | +| main.go:26:7:26:11 | outer | main.go:27:7:27:11 | outer | +| main.go:27:7:27:11 | outer | main.go:28:7:28:11 | outer | | main.go:30:2:30:7 | definition of outerp | main.go:33:7:33:12 | outerp | -| main.go:30:2:30:7 | definition of outerp | main.go:34:7:34:12 | outerp | -| main.go:30:2:30:7 | definition of outerp | main.go:35:7:35:12 | outerp | -| main.go:30:2:30:7 | definition of outerp | main.go:36:7:36:12 | outerp | | main.go:30:12:32:2 | &... | main.go:30:2:30:7 | definition of outerp | +| main.go:30:12:32:2 | &... [postupdate] | main.go:30:2:30:7 | definition of outerp | +| main.go:33:7:33:12 | outerp | main.go:34:7:34:12 | outerp | +| main.go:33:7:33:12 | outerp [postupdate] | main.go:34:7:34:12 | outerp | +| main.go:34:7:34:12 | outerp | main.go:35:7:35:12 | outerp | +| main.go:34:7:34:12 | outerp [postupdate] | main.go:35:7:35:12 | outerp | +| main.go:35:7:35:12 | outerp | main.go:36:7:36:12 | outerp | +| main.go:35:7:35:12 | outerp [postupdate] | main.go:36:7:36:12 | outerp | | main.go:40:2:40:6 | definition of outer | main.go:41:7:41:11 | outer | -| main.go:40:2:40:6 | definition of outer | main.go:42:7:42:11 | outer | -| main.go:40:2:40:6 | definition of outer | main.go:43:7:43:11 | outer | -| main.go:40:2:40:6 | definition of outer | main.go:44:7:44:11 | outer | | main.go:40:11:40:40 | struct literal | main.go:40:2:40:6 | definition of outer | +| main.go:40:11:40:40 | struct literal [postupdate] | main.go:40:2:40:6 | definition of outer | +| main.go:41:7:41:11 | outer | main.go:42:7:42:11 | outer | +| main.go:42:7:42:11 | outer | main.go:43:7:43:11 | outer | +| main.go:43:7:43:11 | outer | main.go:44:7:44:11 | outer | | main.go:46:2:46:7 | definition of outerp | main.go:47:7:47:12 | outerp | -| main.go:46:2:46:7 | definition of outerp | main.go:48:7:48:12 | outerp | -| main.go:46:2:46:7 | definition of outerp | main.go:49:7:49:12 | outerp | -| main.go:46:2:46:7 | definition of outerp | main.go:50:7:50:12 | outerp | | main.go:46:12:46:42 | &... | main.go:46:2:46:7 | definition of outerp | +| main.go:46:12:46:42 | &... [postupdate] | main.go:46:2:46:7 | definition of outerp | +| main.go:47:7:47:12 | outerp | main.go:48:7:48:12 | outerp | +| main.go:47:7:47:12 | outerp [postupdate] | main.go:48:7:48:12 | outerp | +| main.go:48:7:48:12 | outerp | main.go:49:7:49:12 | outerp | +| main.go:48:7:48:12 | outerp [postupdate] | main.go:49:7:49:12 | outerp | +| main.go:49:7:49:12 | outerp | main.go:50:7:50:12 | outerp | +| main.go:49:7:49:12 | outerp [postupdate] | main.go:50:7:50:12 | outerp | | main.go:54:2:54:6 | definition of inner | main.go:55:19:55:23 | inner | | main.go:54:11:54:25 | struct literal | main.go:54:2:54:6 | definition of inner | +| main.go:54:11:54:25 | struct literal [postupdate] | main.go:54:2:54:6 | definition of inner | | main.go:55:2:55:7 | definition of middle | main.go:56:17:56:22 | middle | | main.go:55:12:55:24 | struct literal | main.go:55:2:55:7 | definition of middle | +| main.go:55:12:55:24 | struct literal [postupdate] | main.go:55:2:55:7 | definition of middle | | main.go:56:2:56:6 | definition of outer | main.go:57:7:57:11 | outer | -| main.go:56:2:56:6 | definition of outer | main.go:58:7:58:11 | outer | -| main.go:56:2:56:6 | definition of outer | main.go:59:7:59:11 | outer | -| main.go:56:2:56:6 | definition of outer | main.go:60:7:60:11 | outer | | main.go:56:11:56:23 | struct literal | main.go:56:2:56:6 | definition of outer | +| main.go:56:11:56:23 | struct literal [postupdate] | main.go:56:2:56:6 | definition of outer | +| main.go:57:7:57:11 | outer | main.go:58:7:58:11 | outer | +| main.go:58:7:58:11 | outer | main.go:59:7:59:11 | outer | +| main.go:59:7:59:11 | outer | main.go:60:7:60:11 | outer | | main.go:62:2:62:7 | definition of innerp | main.go:63:20:63:25 | innerp | | main.go:62:12:62:26 | struct literal | main.go:62:2:62:7 | definition of innerp | +| main.go:62:12:62:26 | struct literal [postupdate] | main.go:62:2:62:7 | definition of innerp | | main.go:63:2:63:8 | definition of middlep | main.go:64:18:64:24 | middlep | | main.go:63:13:63:26 | struct literal | main.go:63:2:63:8 | definition of middlep | +| main.go:63:13:63:26 | struct literal [postupdate] | main.go:63:2:63:8 | definition of middlep | | main.go:64:2:64:7 | definition of outerp | main.go:65:7:65:12 | outerp | -| main.go:64:2:64:7 | definition of outerp | main.go:66:7:66:12 | outerp | -| main.go:64:2:64:7 | definition of outerp | main.go:67:7:67:12 | outerp | -| main.go:64:2:64:7 | definition of outerp | main.go:68:7:68:12 | outerp | | main.go:64:12:64:25 | struct literal | main.go:64:2:64:7 | definition of outerp | +| main.go:64:12:64:25 | struct literal [postupdate] | main.go:64:2:64:7 | definition of outerp | +| main.go:65:7:65:12 | outerp | main.go:66:7:66:12 | outerp | +| main.go:66:7:66:12 | outerp | main.go:67:7:67:12 | outerp | +| main.go:67:7:67:12 | outerp | main.go:68:7:68:12 | outerp | | main.go:72:2:72:6 | definition of inner | main.go:73:26:73:30 | inner | | main.go:72:11:72:25 | struct literal | main.go:72:2:72:6 | definition of inner | +| main.go:72:11:72:25 | struct literal [postupdate] | main.go:72:2:72:6 | definition of inner | | main.go:73:2:73:7 | definition of middle | main.go:74:25:74:30 | middle | | main.go:73:12:73:31 | struct literal | main.go:73:2:73:7 | definition of middle | +| main.go:73:12:73:31 | struct literal [postupdate] | main.go:73:2:73:7 | definition of middle | | main.go:74:2:74:6 | definition of outer | main.go:75:7:75:11 | outer | -| main.go:74:2:74:6 | definition of outer | main.go:76:7:76:11 | outer | -| main.go:74:2:74:6 | definition of outer | main.go:77:7:77:11 | outer | -| main.go:74:2:74:6 | definition of outer | main.go:78:7:78:11 | outer | | main.go:74:11:74:31 | struct literal | main.go:74:2:74:6 | definition of outer | +| main.go:74:11:74:31 | struct literal [postupdate] | main.go:74:2:74:6 | definition of outer | +| main.go:75:7:75:11 | outer | main.go:76:7:76:11 | outer | +| main.go:76:7:76:11 | outer | main.go:77:7:77:11 | outer | +| main.go:77:7:77:11 | outer | main.go:78:7:78:11 | outer | | main.go:80:2:80:7 | definition of innerp | main.go:81:27:81:32 | innerp | | main.go:80:12:80:26 | struct literal | main.go:80:2:80:7 | definition of innerp | +| main.go:80:12:80:26 | struct literal [postupdate] | main.go:80:2:80:7 | definition of innerp | | main.go:81:2:81:8 | definition of middlep | main.go:82:26:82:32 | middlep | | main.go:81:13:81:33 | struct literal | main.go:81:2:81:8 | definition of middlep | +| main.go:81:13:81:33 | struct literal [postupdate] | main.go:81:2:81:8 | definition of middlep | | main.go:82:2:82:7 | definition of outerp | main.go:83:7:83:12 | outerp | -| main.go:82:2:82:7 | definition of outerp | main.go:84:7:84:12 | outerp | -| main.go:82:2:82:7 | definition of outerp | main.go:85:7:85:12 | outerp | -| main.go:82:2:82:7 | definition of outerp | main.go:86:7:86:12 | outerp | | main.go:82:12:82:33 | struct literal | main.go:82:2:82:7 | definition of outerp | +| main.go:82:12:82:33 | struct literal [postupdate] | main.go:82:2:82:7 | definition of outerp | +| main.go:83:7:83:12 | outerp | main.go:84:7:84:12 | outerp | +| main.go:84:7:84:12 | outerp | main.go:85:7:85:12 | outerp | +| main.go:85:7:85:12 | outerp | main.go:86:7:86:12 | outerp | | main.go:90:6:90:10 | definition of outer | main.go:91:2:91:6 | outer | -| main.go:90:6:90:10 | definition of outer | main.go:92:7:92:11 | outer | -| main.go:90:6:90:10 | definition of outer | main.go:93:7:93:11 | outer | -| main.go:90:6:90:10 | definition of outer | main.go:94:7:94:11 | outer | -| main.go:90:6:90:10 | definition of outer | main.go:95:7:95:11 | outer | | main.go:90:6:90:10 | zero value for outer | main.go:90:6:90:10 | definition of outer | +| main.go:91:2:91:6 | outer | main.go:92:7:92:11 | outer | +| main.go:91:2:91:6 | outer [postupdate] | main.go:92:7:92:11 | outer | +| main.go:92:7:92:11 | outer | main.go:93:7:93:11 | outer | +| main.go:93:7:93:11 | outer | main.go:94:7:94:11 | outer | +| main.go:94:7:94:11 | outer | main.go:95:7:95:11 | outer | | main.go:97:6:97:11 | definition of outerp | main.go:98:2:98:7 | outerp | -| main.go:97:6:97:11 | definition of outerp | main.go:99:7:99:12 | outerp | -| main.go:97:6:97:11 | definition of outerp | main.go:100:7:100:12 | outerp | -| main.go:97:6:97:11 | definition of outerp | main.go:101:7:101:12 | outerp | -| main.go:97:6:97:11 | definition of outerp | main.go:102:7:102:12 | outerp | | main.go:97:6:97:11 | zero value for outerp | main.go:97:6:97:11 | definition of outerp | +| main.go:98:2:98:7 | outerp | main.go:99:7:99:12 | outerp | +| main.go:98:2:98:7 | outerp [postupdate] | main.go:99:7:99:12 | outerp | +| main.go:99:7:99:12 | outerp | main.go:100:7:100:12 | outerp | +| main.go:100:7:100:12 | outerp | main.go:101:7:101:12 | outerp | +| main.go:101:7:101:12 | outerp | main.go:102:7:102:12 | outerp | | main.go:106:6:106:10 | definition of outer | main.go:107:2:107:6 | outer | -| main.go:106:6:106:10 | definition of outer | main.go:108:7:108:11 | outer | -| main.go:106:6:106:10 | definition of outer | main.go:109:7:109:11 | outer | -| main.go:106:6:106:10 | definition of outer | main.go:110:7:110:11 | outer | -| main.go:106:6:106:10 | definition of outer | main.go:111:7:111:11 | outer | | main.go:106:6:106:10 | zero value for outer | main.go:106:6:106:10 | definition of outer | +| main.go:107:2:107:6 | outer | main.go:108:7:108:11 | outer | +| main.go:107:2:107:6 | outer [postupdate] | main.go:108:7:108:11 | outer | +| main.go:108:7:108:11 | outer | main.go:109:7:109:11 | outer | +| main.go:109:7:109:11 | outer | main.go:110:7:110:11 | outer | +| main.go:110:7:110:11 | outer | main.go:111:7:111:11 | outer | | main.go:113:6:113:11 | definition of outerp | main.go:114:2:114:7 | outerp | -| main.go:113:6:113:11 | definition of outerp | main.go:115:7:115:12 | outerp | -| main.go:113:6:113:11 | definition of outerp | main.go:116:7:116:12 | outerp | -| main.go:113:6:113:11 | definition of outerp | main.go:117:7:117:12 | outerp | -| main.go:113:6:113:11 | definition of outerp | main.go:118:7:118:12 | outerp | | main.go:113:6:113:11 | zero value for outerp | main.go:113:6:113:11 | definition of outerp | +| main.go:114:2:114:7 | outerp | main.go:115:7:115:12 | outerp | +| main.go:114:2:114:7 | outerp [postupdate] | main.go:115:7:115:12 | outerp | +| main.go:115:7:115:12 | outerp | main.go:116:7:116:12 | outerp | +| main.go:116:7:116:12 | outerp | main.go:117:7:117:12 | outerp | +| main.go:117:7:117:12 | outerp | main.go:118:7:118:12 | outerp | | main.go:122:6:122:10 | definition of outer | main.go:123:2:123:6 | outer | -| main.go:122:6:122:10 | definition of outer | main.go:124:7:124:11 | outer | -| main.go:122:6:122:10 | definition of outer | main.go:125:7:125:11 | outer | -| main.go:122:6:122:10 | definition of outer | main.go:126:7:126:11 | outer | -| main.go:122:6:122:10 | definition of outer | main.go:127:7:127:11 | outer | | main.go:122:6:122:10 | zero value for outer | main.go:122:6:122:10 | definition of outer | +| main.go:123:2:123:6 | outer | main.go:124:7:124:11 | outer | +| main.go:123:2:123:6 | outer [postupdate] | main.go:124:7:124:11 | outer | +| main.go:124:7:124:11 | outer | main.go:125:7:125:11 | outer | +| main.go:125:7:125:11 | outer | main.go:126:7:126:11 | outer | +| main.go:126:7:126:11 | outer | main.go:127:7:127:11 | outer | | main.go:129:6:129:11 | definition of outerp | main.go:130:2:130:7 | outerp | -| main.go:129:6:129:11 | definition of outerp | main.go:131:7:131:12 | outerp | -| main.go:129:6:129:11 | definition of outerp | main.go:132:7:132:12 | outerp | -| main.go:129:6:129:11 | definition of outerp | main.go:133:7:133:12 | outerp | -| main.go:129:6:129:11 | definition of outerp | main.go:134:7:134:12 | outerp | | main.go:129:6:129:11 | zero value for outerp | main.go:129:6:129:11 | definition of outerp | +| main.go:130:2:130:7 | outerp | main.go:131:7:131:12 | outerp | +| main.go:130:2:130:7 | outerp [postupdate] | main.go:131:7:131:12 | outerp | +| main.go:131:7:131:12 | outerp | main.go:132:7:132:12 | outerp | +| main.go:132:7:132:12 | outerp | main.go:133:7:133:12 | outerp | +| main.go:133:7:133:12 | outerp | main.go:134:7:134:12 | outerp | | main.go:138:6:138:10 | definition of outer | main.go:139:2:139:6 | outer | -| main.go:138:6:138:10 | definition of outer | main.go:140:7:140:11 | outer | -| main.go:138:6:138:10 | definition of outer | main.go:141:7:141:11 | outer | -| main.go:138:6:138:10 | definition of outer | main.go:142:7:142:11 | outer | -| main.go:138:6:138:10 | definition of outer | main.go:143:7:143:11 | outer | | main.go:138:6:138:10 | zero value for outer | main.go:138:6:138:10 | definition of outer | +| main.go:139:2:139:6 | outer | main.go:140:7:140:11 | outer | +| main.go:139:2:139:6 | outer [postupdate] | main.go:140:7:140:11 | outer | +| main.go:140:7:140:11 | outer | main.go:141:7:141:11 | outer | +| main.go:141:7:141:11 | outer | main.go:142:7:142:11 | outer | +| main.go:142:7:142:11 | outer | main.go:143:7:143:11 | outer | | main.go:145:6:145:11 | definition of outerp | main.go:146:2:146:7 | outerp | -| main.go:145:6:145:11 | definition of outerp | main.go:147:7:147:12 | outerp | -| main.go:145:6:145:11 | definition of outerp | main.go:148:7:148:12 | outerp | -| main.go:145:6:145:11 | definition of outerp | main.go:149:7:149:12 | outerp | -| main.go:145:6:145:11 | definition of outerp | main.go:150:7:150:12 | outerp | | main.go:145:6:145:11 | zero value for outerp | main.go:145:6:145:11 | definition of outerp | +| main.go:146:2:146:7 | outerp | main.go:147:7:147:12 | outerp | +| main.go:146:2:146:7 | outerp [postupdate] | main.go:147:7:147:12 | outerp | +| main.go:147:7:147:12 | outerp | main.go:148:7:148:12 | outerp | +| main.go:148:7:148:12 | outerp | main.go:149:7:149:12 | outerp | +| main.go:149:7:149:12 | outerp | main.go:150:7:150:12 | outerp | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ReadsAndWrites/writesElement.expected b/go/ql/test/library-tests/semmle/go/dataflow/ReadsAndWrites/writesElement.expected index 77bb562d3f5..44792aa3d29 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/ReadsAndWrites/writesElement.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/ReadsAndWrites/writesElement.expected @@ -1,3 +1,3 @@ -| tst.go:19:2:19:6 | assignment to element | tst.go:19:2:19:3 | xs | tst.go:19:5:19:5 | 0 | tst.go:19:10:19:14 | index expression | -| tst.go:20:2:20:6 | assignment to element | tst.go:20:2:20:3 | implicit dereference | tst.go:20:5:20:5 | 0 | tst.go:20:10:20:14 | index expression | -| tst.go:20:2:20:6 | assignment to element | tst.go:20:2:20:3 | ps | tst.go:20:5:20:5 | 0 | tst.go:20:10:20:14 | index expression | +| tst.go:19:2:19:6 | assignment to element | tst.go:19:2:19:3 | xs [postupdate] | tst.go:19:5:19:5 | 0 | tst.go:19:10:19:14 | index expression | +| tst.go:20:2:20:6 | assignment to element | tst.go:20:2:20:3 | implicit dereference [postupdate] | tst.go:20:5:20:5 | 0 | tst.go:20:10:20:14 | index expression | +| tst.go:20:2:20:6 | assignment to element | tst.go:20:2:20:3 | ps [postupdate] | tst.go:20:5:20:5 | 0 | tst.go:20:10:20:14 | index expression | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ReadsAndWrites/writesField.expected b/go/ql/test/library-tests/semmle/go/dataflow/ReadsAndWrites/writesField.expected index 8e71670f8c1..7862b2d61b3 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/ReadsAndWrites/writesField.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/ReadsAndWrites/writesField.expected @@ -1,3 +1,3 @@ -| tst.go:8:2:8:4 | assignment to field f | tst.go:8:2:8:2 | implicit dereference | tst.go:4:2:4:2 | f | tst.go:8:8:8:14 | ...+... | -| tst.go:8:2:8:4 | assignment to field f | tst.go:8:2:8:2 | t | tst.go:4:2:4:2 | f | tst.go:8:8:8:14 | ...+... | -| tst.go:17:2:17:4 | assignment to field f | tst.go:17:2:17:2 | x | tst.go:4:2:4:2 | f | tst.go:17:8:17:14 | ...+... | +| tst.go:8:2:8:4 | assignment to field f | tst.go:8:2:8:2 | implicit dereference [postupdate] | tst.go:4:2:4:2 | f | tst.go:8:8:8:14 | ...+... | +| tst.go:8:2:8:4 | assignment to field f | tst.go:8:2:8:2 | t [postupdate] | tst.go:4:2:4:2 | f | tst.go:8:8:8:14 | ...+... | +| tst.go:17:2:17:4 | assignment to field f | tst.go:17:2:17:2 | x [postupdate] | tst.go:4:2:4:2 | f | tst.go:17:8:17:14 | ...+... | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_gogf_gf_database_gdb.go b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_gogf_gf_database_gdb.go index 436c9dab677..45e6a3aefa1 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_gogf_gf_database_gdb.go +++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_gogf_gf_database_gdb.go @@ -30,9 +30,9 @@ func gogf_Core(g gdb.Core) { g.GetStruct(&v7, "SELECT user from users") // $ source sink(v7) // $ hasTaintFlow="v7" - var v8 []User // $ source - g.GetStructs(v8, "SELECT user from users") - sink(v8) // $ hasTaintFlow="v8" + var v8 []User + g.GetStructs(v8, "SELECT user from users") // $ source + sink(v8) // $ hasTaintFlow="v8" v9, _ := g.GetValue("SELECT user from users") // $ source sink(v9) // $ hasTaintFlow="v9" @@ -132,9 +132,9 @@ func gogf_TX(g gdb.TX) { g.GetStruct(&v4, "SELECT user from users") // $ source sink(v4) // $ hasTaintFlow="v4" - var v5 []User // $ source - g.GetStructs(v5, "SELECT user from users") - sink(v5) // $ hasTaintFlow="v5" + var v5 []User + g.GetStructs(v5, "SELECT user from users") // $ source + sink(v5) // $ hasTaintFlow="v5" v6, _ := g.GetValue("SELECT user from users") // $ source sink(v6) // $ hasTaintFlow="v6" diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Beego/CleartextLogging.expected b/go/ql/test/library-tests/semmle/go/frameworks/Beego/CleartextLogging.expected index 6fd71942356..591d990be47 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Beego/CleartextLogging.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Beego/CleartextLogging.expected @@ -1,5 +1,40 @@ edges +| test.go:153:17:153:24 | definition of password | test.go:154:14:154:21 | password | provenance | | +| test.go:153:17:153:24 | definition of password | test.go:155:17:155:24 | password | provenance | | +| test.go:153:17:153:24 | definition of password | test.go:156:14:156:21 | password | provenance | | +| test.go:153:17:153:24 | definition of password | test.go:157:18:157:25 | password | provenance | | +| test.go:153:17:153:24 | definition of password | test.go:158:14:158:21 | password | provenance | | +| test.go:153:17:153:24 | definition of password | test.go:159:13:159:20 | password | provenance | | +| test.go:153:17:153:24 | definition of password | test.go:160:22:160:29 | password | provenance | | +| test.go:153:17:153:24 | definition of password | test.go:161:15:161:22 | password | provenance | | +| test.go:153:17:153:24 | definition of password | test.go:162:14:162:21 | password | provenance | | +| test.go:153:17:153:24 | definition of password | test.go:163:13:163:20 | password | provenance | | +| test.go:153:17:153:24 | definition of password | test.go:164:16:164:23 | password | provenance | | +| test.go:153:17:153:24 | definition of password | test.go:165:13:165:20 | password | provenance | Sink:MaD:380 | +| test.go:153:17:153:24 | definition of password | test.go:166:16:166:23 | password | provenance | Sink:MaD:381 | +| test.go:153:17:153:24 | definition of password | test.go:167:13:167:20 | password | provenance | Sink:MaD:382 | +| test.go:153:17:153:24 | definition of password | test.go:168:17:168:24 | password | provenance | Sink:MaD:383 | +| test.go:153:17:153:24 | definition of password | test.go:169:13:169:20 | password | provenance | Sink:MaD:384 | +| test.go:153:17:153:24 | definition of password | test.go:170:12:170:19 | password | provenance | Sink:MaD:385 | +| test.go:153:17:153:24 | definition of password | test.go:171:21:171:28 | password | provenance | Sink:MaD:386 | +| test.go:153:17:153:24 | definition of password | test.go:172:14:172:21 | password | provenance | Sink:MaD:387 | +| test.go:153:17:153:24 | definition of password | test.go:173:13:173:20 | password | provenance | Sink:MaD:388 | +| test.go:153:17:153:24 | definition of password | test.go:174:12:174:19 | password | provenance | Sink:MaD:389 | +| test.go:153:17:153:24 | definition of password | test.go:175:15:175:22 | password | provenance | Sink:MaD:390 | +| test.go:153:17:153:24 | definition of password | test.go:176:15:176:22 | password | provenance | Sink:MaD:391 | +| test.go:153:17:153:24 | definition of password | test.go:177:18:177:25 | password | provenance | Sink:MaD:392 | +| test.go:153:17:153:24 | definition of password | test.go:178:15:178:22 | password | provenance | Sink:MaD:393 | +| test.go:153:17:153:24 | definition of password | test.go:179:19:179:26 | password | provenance | Sink:MaD:394 | +| test.go:153:17:153:24 | definition of password | test.go:180:15:180:22 | password | provenance | Sink:MaD:395 | +| test.go:153:17:153:24 | definition of password | test.go:181:14:181:21 | password | provenance | Sink:MaD:396 | +| test.go:153:17:153:24 | definition of password | test.go:182:23:182:30 | password | provenance | Sink:MaD:397 | +| test.go:153:17:153:24 | definition of password | test.go:183:16:183:23 | password | provenance | Sink:MaD:398 | +| test.go:153:17:153:24 | definition of password | test.go:184:15:184:22 | password | provenance | Sink:MaD:399 | +| test.go:153:17:153:24 | definition of password | test.go:185:14:185:21 | password | provenance | Sink:MaD:400 | +| test.go:153:17:153:24 | definition of password | test.go:186:17:186:24 | password | provenance | Sink:MaD:401 | +| test.go:153:17:153:24 | definition of password | test.go:187:16:187:23 | password | provenance | | nodes +| test.go:153:17:153:24 | definition of password | semmle.label | definition of password | | test.go:154:14:154:21 | password | semmle.label | password | | test.go:155:17:155:24 | password | semmle.label | password | | test.go:156:14:156:21 | password | semmle.label | password | @@ -36,37 +71,37 @@ nodes | test.go:187:16:187:23 | password | semmle.label | password | subpaths #select -| test.go:154:14:154:21 | password | test.go:154:14:154:21 | password | test.go:154:14:154:21 | password | $@ flows to a logging call. | test.go:154:14:154:21 | password | Sensitive data returned by an access to password | -| test.go:155:17:155:24 | password | test.go:155:17:155:24 | password | test.go:155:17:155:24 | password | $@ flows to a logging call. | test.go:155:17:155:24 | password | Sensitive data returned by an access to password | -| test.go:156:14:156:21 | password | test.go:156:14:156:21 | password | test.go:156:14:156:21 | password | $@ flows to a logging call. | test.go:156:14:156:21 | password | Sensitive data returned by an access to password | -| test.go:157:18:157:25 | password | test.go:157:18:157:25 | password | test.go:157:18:157:25 | password | $@ flows to a logging call. | test.go:157:18:157:25 | password | Sensitive data returned by an access to password | -| test.go:158:14:158:21 | password | test.go:158:14:158:21 | password | test.go:158:14:158:21 | password | $@ flows to a logging call. | test.go:158:14:158:21 | password | Sensitive data returned by an access to password | -| test.go:159:13:159:20 | password | test.go:159:13:159:20 | password | test.go:159:13:159:20 | password | $@ flows to a logging call. | test.go:159:13:159:20 | password | Sensitive data returned by an access to password | -| test.go:160:22:160:29 | password | test.go:160:22:160:29 | password | test.go:160:22:160:29 | password | $@ flows to a logging call. | test.go:160:22:160:29 | password | Sensitive data returned by an access to password | -| test.go:161:15:161:22 | password | test.go:161:15:161:22 | password | test.go:161:15:161:22 | password | $@ flows to a logging call. | test.go:161:15:161:22 | password | Sensitive data returned by an access to password | -| test.go:162:14:162:21 | password | test.go:162:14:162:21 | password | test.go:162:14:162:21 | password | $@ flows to a logging call. | test.go:162:14:162:21 | password | Sensitive data returned by an access to password | -| test.go:163:13:163:20 | password | test.go:163:13:163:20 | password | test.go:163:13:163:20 | password | $@ flows to a logging call. | test.go:163:13:163:20 | password | Sensitive data returned by an access to password | -| test.go:164:16:164:23 | password | test.go:164:16:164:23 | password | test.go:164:16:164:23 | password | $@ flows to a logging call. | test.go:164:16:164:23 | password | Sensitive data returned by an access to password | -| test.go:165:13:165:20 | password | test.go:165:13:165:20 | password | test.go:165:13:165:20 | password | $@ flows to a logging call. | test.go:165:13:165:20 | password | Sensitive data returned by an access to password | -| test.go:166:16:166:23 | password | test.go:166:16:166:23 | password | test.go:166:16:166:23 | password | $@ flows to a logging call. | test.go:166:16:166:23 | password | Sensitive data returned by an access to password | -| test.go:167:13:167:20 | password | test.go:167:13:167:20 | password | test.go:167:13:167:20 | password | $@ flows to a logging call. | test.go:167:13:167:20 | password | Sensitive data returned by an access to password | -| test.go:168:17:168:24 | password | test.go:168:17:168:24 | password | test.go:168:17:168:24 | password | $@ flows to a logging call. | test.go:168:17:168:24 | password | Sensitive data returned by an access to password | -| test.go:169:13:169:20 | password | test.go:169:13:169:20 | password | test.go:169:13:169:20 | password | $@ flows to a logging call. | test.go:169:13:169:20 | password | Sensitive data returned by an access to password | -| test.go:170:12:170:19 | password | test.go:170:12:170:19 | password | test.go:170:12:170:19 | password | $@ flows to a logging call. | test.go:170:12:170:19 | password | Sensitive data returned by an access to password | -| test.go:171:21:171:28 | password | test.go:171:21:171:28 | password | test.go:171:21:171:28 | password | $@ flows to a logging call. | test.go:171:21:171:28 | password | Sensitive data returned by an access to password | -| test.go:172:14:172:21 | password | test.go:172:14:172:21 | password | test.go:172:14:172:21 | password | $@ flows to a logging call. | test.go:172:14:172:21 | password | Sensitive data returned by an access to password | -| test.go:173:13:173:20 | password | test.go:173:13:173:20 | password | test.go:173:13:173:20 | password | $@ flows to a logging call. | test.go:173:13:173:20 | password | Sensitive data returned by an access to password | -| test.go:174:12:174:19 | password | test.go:174:12:174:19 | password | test.go:174:12:174:19 | password | $@ flows to a logging call. | test.go:174:12:174:19 | password | Sensitive data returned by an access to password | -| test.go:175:15:175:22 | password | test.go:175:15:175:22 | password | test.go:175:15:175:22 | password | $@ flows to a logging call. | test.go:175:15:175:22 | password | Sensitive data returned by an access to password | -| test.go:176:15:176:22 | password | test.go:176:15:176:22 | password | test.go:176:15:176:22 | password | $@ flows to a logging call. | test.go:176:15:176:22 | password | Sensitive data returned by an access to password | -| test.go:177:18:177:25 | password | test.go:177:18:177:25 | password | test.go:177:18:177:25 | password | $@ flows to a logging call. | test.go:177:18:177:25 | password | Sensitive data returned by an access to password | -| test.go:178:15:178:22 | password | test.go:178:15:178:22 | password | test.go:178:15:178:22 | password | $@ flows to a logging call. | test.go:178:15:178:22 | password | Sensitive data returned by an access to password | -| test.go:179:19:179:26 | password | test.go:179:19:179:26 | password | test.go:179:19:179:26 | password | $@ flows to a logging call. | test.go:179:19:179:26 | password | Sensitive data returned by an access to password | -| test.go:180:15:180:22 | password | test.go:180:15:180:22 | password | test.go:180:15:180:22 | password | $@ flows to a logging call. | test.go:180:15:180:22 | password | Sensitive data returned by an access to password | -| test.go:181:14:181:21 | password | test.go:181:14:181:21 | password | test.go:181:14:181:21 | password | $@ flows to a logging call. | test.go:181:14:181:21 | password | Sensitive data returned by an access to password | -| test.go:182:23:182:30 | password | test.go:182:23:182:30 | password | test.go:182:23:182:30 | password | $@ flows to a logging call. | test.go:182:23:182:30 | password | Sensitive data returned by an access to password | -| test.go:183:16:183:23 | password | test.go:183:16:183:23 | password | test.go:183:16:183:23 | password | $@ flows to a logging call. | test.go:183:16:183:23 | password | Sensitive data returned by an access to password | -| test.go:184:15:184:22 | password | test.go:184:15:184:22 | password | test.go:184:15:184:22 | password | $@ flows to a logging call. | test.go:184:15:184:22 | password | Sensitive data returned by an access to password | -| test.go:185:14:185:21 | password | test.go:185:14:185:21 | password | test.go:185:14:185:21 | password | $@ flows to a logging call. | test.go:185:14:185:21 | password | Sensitive data returned by an access to password | -| test.go:186:17:186:24 | password | test.go:186:17:186:24 | password | test.go:186:17:186:24 | password | $@ flows to a logging call. | test.go:186:17:186:24 | password | Sensitive data returned by an access to password | -| test.go:187:16:187:23 | password | test.go:187:16:187:23 | password | test.go:187:16:187:23 | password | $@ flows to a logging call. | test.go:187:16:187:23 | password | Sensitive data returned by an access to password | +| test.go:154:14:154:21 | password | test.go:153:17:153:24 | definition of password | test.go:154:14:154:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:155:17:155:24 | password | test.go:153:17:153:24 | definition of password | test.go:155:17:155:24 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:156:14:156:21 | password | test.go:153:17:153:24 | definition of password | test.go:156:14:156:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:157:18:157:25 | password | test.go:153:17:153:24 | definition of password | test.go:157:18:157:25 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:158:14:158:21 | password | test.go:153:17:153:24 | definition of password | test.go:158:14:158:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:159:13:159:20 | password | test.go:153:17:153:24 | definition of password | test.go:159:13:159:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:160:22:160:29 | password | test.go:153:17:153:24 | definition of password | test.go:160:22:160:29 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:161:15:161:22 | password | test.go:153:17:153:24 | definition of password | test.go:161:15:161:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:162:14:162:21 | password | test.go:153:17:153:24 | definition of password | test.go:162:14:162:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:163:13:163:20 | password | test.go:153:17:153:24 | definition of password | test.go:163:13:163:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:164:16:164:23 | password | test.go:153:17:153:24 | definition of password | test.go:164:16:164:23 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:165:13:165:20 | password | test.go:153:17:153:24 | definition of password | test.go:165:13:165:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:166:16:166:23 | password | test.go:153:17:153:24 | definition of password | test.go:166:16:166:23 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:167:13:167:20 | password | test.go:153:17:153:24 | definition of password | test.go:167:13:167:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:168:17:168:24 | password | test.go:153:17:153:24 | definition of password | test.go:168:17:168:24 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:169:13:169:20 | password | test.go:153:17:153:24 | definition of password | test.go:169:13:169:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:170:12:170:19 | password | test.go:153:17:153:24 | definition of password | test.go:170:12:170:19 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:171:21:171:28 | password | test.go:153:17:153:24 | definition of password | test.go:171:21:171:28 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:172:14:172:21 | password | test.go:153:17:153:24 | definition of password | test.go:172:14:172:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:173:13:173:20 | password | test.go:153:17:153:24 | definition of password | test.go:173:13:173:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:174:12:174:19 | password | test.go:153:17:153:24 | definition of password | test.go:174:12:174:19 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:175:15:175:22 | password | test.go:153:17:153:24 | definition of password | test.go:175:15:175:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:176:15:176:22 | password | test.go:153:17:153:24 | definition of password | test.go:176:15:176:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:177:18:177:25 | password | test.go:153:17:153:24 | definition of password | test.go:177:18:177:25 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:178:15:178:22 | password | test.go:153:17:153:24 | definition of password | test.go:178:15:178:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:179:19:179:26 | password | test.go:153:17:153:24 | definition of password | test.go:179:19:179:26 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:180:15:180:22 | password | test.go:153:17:153:24 | definition of password | test.go:180:15:180:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:181:14:181:21 | password | test.go:153:17:153:24 | definition of password | test.go:181:14:181:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:182:23:182:30 | password | test.go:153:17:153:24 | definition of password | test.go:182:23:182:30 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:183:16:183:23 | password | test.go:153:17:153:24 | definition of password | test.go:183:16:183:23 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:184:15:184:22 | password | test.go:153:17:153:24 | definition of password | test.go:184:15:184:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:185:14:185:21 | password | test.go:153:17:153:24 | definition of password | test.go:185:14:185:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:186:17:186:24 | password | test.go:153:17:153:24 | definition of password | test.go:186:17:186:24 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:187:16:187:23 | password | test.go:153:17:153:24 | definition of password | test.go:187:16:187:23 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Beego/ReflectedXss.expected b/go/ql/test/library-tests/semmle/go/frameworks/Beego/ReflectedXss.expected index aa0345f221e..be8ae2ec2fa 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Beego/ReflectedXss.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Beego/ReflectedXss.expected @@ -1,7 +1,7 @@ #select -| test.go:35:13:35:30 | type conversion | test.go:33:6:33:10 | definition of bound | test.go:35:13:35:30 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:33:6:33:10 | definition of bound | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:36:13:36:27 | type conversion | test.go:33:6:33:10 | definition of bound | test.go:36:13:36:27 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:33:6:33:10 | definition of bound | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:37:13:37:29 | type conversion | test.go:33:6:33:10 | definition of bound | test.go:37:13:37:29 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:33:6:33:10 | definition of bound | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:35:13:35:30 | type conversion | test.go:34:13:34:17 | bound [postupdate] | test.go:35:13:35:30 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:34:13:34:17 | bound [postupdate] | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:36:13:36:27 | type conversion | test.go:34:13:34:17 | bound [postupdate] | test.go:36:13:36:27 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:34:13:34:17 | bound [postupdate] | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:37:13:37:29 | type conversion | test.go:34:13:34:17 | bound [postupdate] | test.go:37:13:37:29 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:34:13:34:17 | bound [postupdate] | user-provided value | test.go:0:0:0:0 | test.go | | | test.go:42:13:42:43 | type conversion | test.go:42:20:42:42 | call to Cookie | test.go:42:13:42:43 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:42:20:42:42 | call to Cookie | user-provided value | test.go:0:0:0:0 | test.go | | | test.go:47:13:47:52 | type conversion | test.go:47:20:47:31 | call to Data | test.go:47:13:47:52 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:47:20:47:31 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | | | test.go:52:13:52:53 | type conversion | test.go:52:20:52:43 | call to GetData | test.go:52:13:52:53 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:52:20:52:43 | call to GetData | user-provided value | test.go:0:0:0:0 | test.go | | @@ -30,7 +30,7 @@ | test.go:232:14:232:22 | type conversion | test.go:231:7:231:28 | call to GetString | test.go:232:14:232:22 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:231:7:231:28 | call to GetString | user-provided value | test.go:0:0:0:0 | test.go | | | test.go:235:14:235:26 | type conversion | test.go:234:8:234:35 | call to GetStrings | test.go:235:14:235:26 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:234:8:234:35 | call to GetStrings | user-provided value | test.go:0:0:0:0 | test.go | | | test.go:238:14:238:27 | type conversion | test.go:237:9:237:17 | call to Input | test.go:238:14:238:27 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:237:9:237:17 | call to Input | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:242:14:242:30 | type conversion | test.go:240:6:240:8 | definition of str | test.go:242:14:242:30 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:240:6:240:8 | definition of str | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:242:14:242:30 | type conversion | test.go:241:14:241:16 | str [postupdate] | test.go:242:14:242:30 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:241:14:241:16 | str [postupdate] | user-provided value | test.go:0:0:0:0 | test.go | | | test.go:249:21:249:29 | untrusted | test.go:246:15:246:36 | call to GetString | test.go:249:21:249:29 | untrusted | Cross-site scripting vulnerability due to $@. | test.go:246:15:246:36 | call to GetString | user-provided value | test.go:0:0:0:0 | test.go | | | test.go:259:16:259:45 | type conversion | test.go:259:23:259:44 | call to GetCookie | test.go:259:16:259:45 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:259:23:259:44 | call to GetCookie | user-provided value | test.go:0:0:0:0 | test.go | | | test.go:264:16:264:37 | call to GetCookie | test.go:264:16:264:37 | call to GetCookie | test.go:264:16:264:37 | call to GetCookie | Cross-site scripting vulnerability due to $@. | test.go:264:16:264:37 | call to GetCookie | user-provided value | test.go:0:0:0:0 | test.go | | @@ -53,9 +53,9 @@ | test.go:311:21:311:48 | type assertion | test.go:309:15:309:36 | call to GetString | test.go:311:21:311:48 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:309:15:309:36 | call to GetString | user-provided value | test.go:0:0:0:0 | test.go | | | test.go:312:21:312:52 | type assertion | test.go:309:15:309:36 | call to GetString | test.go:312:21:312:52 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:309:15:309:36 | call to GetString | user-provided value | test.go:0:0:0:0 | test.go | | edges -| test.go:33:6:33:10 | definition of bound | test.go:35:13:35:30 | type conversion | provenance | Src:MaD:1 | -| test.go:33:6:33:10 | definition of bound | test.go:36:13:36:27 | type conversion | provenance | Src:MaD:1 | -| test.go:33:6:33:10 | definition of bound | test.go:37:13:37:29 | type conversion | provenance | Src:MaD:1 | +| test.go:34:13:34:17 | bound [postupdate] | test.go:35:13:35:30 | type conversion | provenance | Src:MaD:1 | +| test.go:34:13:34:17 | bound [postupdate] | test.go:36:13:36:27 | type conversion | provenance | Src:MaD:1 | +| test.go:34:13:34:17 | bound [postupdate] | test.go:37:13:37:29 | type conversion | provenance | Src:MaD:1 | | test.go:42:20:42:42 | call to Cookie | test.go:42:13:42:43 | type conversion | provenance | Src:MaD:2 | | test.go:47:20:47:31 | call to Data | test.go:47:13:47:52 | type conversion | provenance | Src:MaD:3 | | test.go:52:20:52:43 | call to GetData | test.go:52:13:52:53 | type conversion | provenance | Src:MaD:4 | @@ -87,8 +87,8 @@ edges | test.go:204:36:204:53 | type assertion | test.go:204:21:204:54 | call to Str2html | provenance | MaD:39 | | test.go:205:21:205:58 | call to Substr | test.go:205:14:205:59 | type conversion | provenance | | | test.go:205:34:205:51 | type assertion | test.go:205:21:205:58 | call to Substr | provenance | MaD:40 | -| test.go:207:6:207:6 | definition of s | test.go:209:14:209:28 | type conversion | provenance | | -| test.go:208:18:208:33 | selection of Form | test.go:207:6:207:6 | definition of s | provenance | Src:MaD:21 MaD:38 | +| test.go:208:18:208:33 | selection of Form | test.go:208:36:208:36 | s [postupdate] | provenance | Src:MaD:21 MaD:38 | +| test.go:208:36:208:36 | s [postupdate] | test.go:209:14:209:28 | type conversion | provenance | | | test.go:223:2:223:34 | ... := ...[0] | test.go:225:31:225:31 | f | provenance | Src:MaD:15 | | test.go:223:2:223:34 | ... := ...[1] | test.go:224:14:224:32 | type conversion | provenance | Src:MaD:15 | | test.go:225:2:225:32 | ... := ...[0] | test.go:226:14:226:20 | content | provenance | | @@ -97,7 +97,7 @@ edges | test.go:231:7:231:28 | call to GetString | test.go:232:14:232:22 | type conversion | provenance | Src:MaD:17 | | test.go:234:8:234:35 | call to GetStrings | test.go:235:14:235:26 | type conversion | provenance | Src:MaD:18 | | test.go:237:9:237:17 | call to Input | test.go:238:14:238:27 | type conversion | provenance | Src:MaD:19 | -| test.go:240:6:240:8 | definition of str | test.go:242:14:242:30 | type conversion | provenance | Src:MaD:20 | +| test.go:241:14:241:16 | str [postupdate] | test.go:242:14:242:30 | type conversion | provenance | Src:MaD:20 | | test.go:246:15:246:36 | call to GetString | test.go:249:21:249:29 | untrusted | provenance | Src:MaD:17 | | test.go:259:23:259:44 | call to GetCookie | test.go:259:16:259:45 | type conversion | provenance | Src:MaD:14 | | test.go:270:62:270:83 | call to GetCookie | test.go:270:55:270:84 | type conversion | provenance | Src:MaD:14 | @@ -116,8 +116,8 @@ edges | test.go:275:2:275:40 | ... := ...[0] | test.go:301:39:301:50 | genericFiles | provenance | Src:MaD:16 | | test.go:275:2:275:40 | ... := ...[0] | test.go:302:40:302:51 | genericFiles | provenance | Src:MaD:16 | | test.go:275:2:275:40 | ... := ...[0] | test.go:303:39:303:50 | genericFiles | provenance | Src:MaD:16 | -| test.go:276:2:276:13 | definition of genericFiles [array] | test.go:297:51:297:62 | genericFiles [array] | provenance | | -| test.go:278:21:278:28 | index expression | test.go:276:2:276:13 | definition of genericFiles [array] | provenance | | +| test.go:278:3:278:14 | genericFiles [postupdate] [array] | test.go:297:51:297:62 | genericFiles [array] | provenance | | +| test.go:278:21:278:28 | index expression | test.go:278:3:278:14 | genericFiles [postupdate] [array] | provenance | | | test.go:283:44:283:60 | selection of Filename | test.go:283:21:283:61 | call to GetDisplayString | provenance | FunctionModel | | test.go:284:21:284:53 | call to SliceChunk | test.go:284:21:284:92 | selection of Filename | provenance | | | test.go:284:38:284:49 | genericFiles | test.go:284:21:284:53 | call to SliceChunk | provenance | MaD:22 | @@ -146,10 +146,10 @@ edges | test.go:302:40:302:51 | genericFiles | test.go:302:21:302:52 | call to SliceShuffle | provenance | MaD:30 | | test.go:303:21:303:51 | call to SliceUnique | test.go:303:21:303:87 | selection of Filename | provenance | | | test.go:303:39:303:50 | genericFiles | test.go:303:21:303:51 | call to SliceUnique | provenance | MaD:31 | -| test.go:308:2:308:5 | definition of bMap | test.go:311:21:311:24 | bMap | provenance | | -| test.go:308:2:308:5 | definition of bMap | test.go:312:21:312:24 | bMap | provenance | | | test.go:309:15:309:36 | call to GetString | test.go:310:22:310:30 | untrusted | provenance | Src:MaD:17 | -| test.go:310:22:310:30 | untrusted | test.go:308:2:308:5 | definition of bMap | provenance | MaD:34 | +| test.go:310:2:310:5 | bMap [postupdate] | test.go:311:21:311:24 | bMap | provenance | | +| test.go:310:2:310:5 | bMap [postupdate] | test.go:312:21:312:24 | bMap | provenance | | +| test.go:310:22:310:30 | untrusted | test.go:310:2:310:5 | bMap [postupdate] | provenance | MaD:34 | | test.go:311:21:311:24 | bMap | test.go:311:21:311:39 | call to Get | provenance | MaD:32 | | test.go:311:21:311:39 | call to Get | test.go:311:21:311:48 | type assertion | provenance | | | test.go:312:21:312:24 | bMap | test.go:312:21:312:32 | call to Items | provenance | MaD:33 | @@ -197,7 +197,7 @@ models | 40 | Summary: group:beego; ; false; Substr; ; ; Argument[0]; ReturnValue; taint; manual | | 41 | Summary: io/ioutil; ; false; ReadAll; ; ; Argument[0]; ReturnValue[0]; taint; manual | nodes -| test.go:33:6:33:10 | definition of bound | semmle.label | definition of bound | +| test.go:34:13:34:17 | bound [postupdate] | semmle.label | bound [postupdate] | | test.go:35:13:35:30 | type conversion | semmle.label | type conversion | | test.go:36:13:36:27 | type conversion | semmle.label | type conversion | | test.go:37:13:37:29 | type conversion | semmle.label | type conversion | @@ -249,8 +249,8 @@ nodes | test.go:205:14:205:59 | type conversion | semmle.label | type conversion | | test.go:205:21:205:58 | call to Substr | semmle.label | call to Substr | | test.go:205:34:205:51 | type assertion | semmle.label | type assertion | -| test.go:207:6:207:6 | definition of s | semmle.label | definition of s | | test.go:208:18:208:33 | selection of Form | semmle.label | selection of Form | +| test.go:208:36:208:36 | s [postupdate] | semmle.label | s [postupdate] | | test.go:209:14:209:28 | type conversion | semmle.label | type conversion | | test.go:223:2:223:34 | ... := ...[0] | semmle.label | ... := ...[0] | | test.go:223:2:223:34 | ... := ...[1] | semmle.label | ... := ...[1] | @@ -266,7 +266,7 @@ nodes | test.go:235:14:235:26 | type conversion | semmle.label | type conversion | | test.go:237:9:237:17 | call to Input | semmle.label | call to Input | | test.go:238:14:238:27 | type conversion | semmle.label | type conversion | -| test.go:240:6:240:8 | definition of str | semmle.label | definition of str | +| test.go:241:14:241:16 | str [postupdate] | semmle.label | str [postupdate] | | test.go:242:14:242:30 | type conversion | semmle.label | type conversion | | test.go:246:15:246:36 | call to GetString | semmle.label | call to GetString | | test.go:249:21:249:29 | untrusted | semmle.label | untrusted | @@ -277,7 +277,7 @@ nodes | test.go:270:55:270:84 | type conversion | semmle.label | type conversion | | test.go:270:62:270:83 | call to GetCookie | semmle.label | call to GetCookie | | test.go:275:2:275:40 | ... := ...[0] | semmle.label | ... := ...[0] | -| test.go:276:2:276:13 | definition of genericFiles [array] | semmle.label | definition of genericFiles [array] | +| test.go:278:3:278:14 | genericFiles [postupdate] [array] | semmle.label | genericFiles [postupdate] [array] | | test.go:278:21:278:28 | index expression | semmle.label | index expression | | test.go:283:21:283:61 | call to GetDisplayString | semmle.label | call to GetDisplayString | | test.go:283:44:283:60 | selection of Filename | semmle.label | selection of Filename | @@ -321,8 +321,8 @@ nodes | test.go:303:21:303:51 | call to SliceUnique | semmle.label | call to SliceUnique | | test.go:303:21:303:87 | selection of Filename | semmle.label | selection of Filename | | test.go:303:39:303:50 | genericFiles | semmle.label | genericFiles | -| test.go:308:2:308:5 | definition of bMap | semmle.label | definition of bMap | | test.go:309:15:309:36 | call to GetString | semmle.label | call to GetString | +| test.go:310:2:310:5 | bMap [postupdate] | semmle.label | bMap [postupdate] | | test.go:310:22:310:30 | untrusted | semmle.label | untrusted | | test.go:311:21:311:24 | bMap | semmle.label | bMap | | test.go:311:21:311:39 | call to Get | semmle.label | call to Get | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Beego/TaintedPath.expected b/go/ql/test/library-tests/semmle/go/frameworks/Beego/TaintedPath.expected index 98b536aac65..2324a9679ad 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Beego/TaintedPath.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Beego/TaintedPath.expected @@ -10,8 +10,8 @@ edges | test.go:215:15:215:26 | call to Data | test.go:216:18:216:26 | untrusted | provenance | Src:MaD:6 Sink:MaD:2 | | test.go:215:15:215:26 | call to Data | test.go:217:10:217:18 | untrusted | provenance | Src:MaD:6 Sink:MaD:5 | | test.go:215:15:215:26 | call to Data | test.go:218:35:218:43 | untrusted | provenance | Src:MaD:6 Sink:MaD:3 | -| test.go:324:17:324:37 | selection of RequestBody | test.go:324:40:324:43 | &... | provenance | Src:MaD:7 MaD:8 | -| test.go:324:40:324:43 | &... | test.go:326:35:326:43 | untrusted | provenance | Sink:MaD:3 | +| test.go:324:17:324:37 | selection of RequestBody | test.go:324:40:324:43 | &... [postupdate] | provenance | Src:MaD:7 MaD:8 | +| test.go:324:40:324:43 | &... [postupdate] | test.go:326:35:326:43 | untrusted | provenance | Sink:MaD:3 | | test.go:332:15:332:26 | call to Data | test.go:334:23:334:31 | untrusted | provenance | Src:MaD:6 Sink:MaD:1 | | test.go:340:15:340:26 | call to Data | test.go:342:53:342:61 | untrusted | provenance | Src:MaD:6 Sink:MaD:4 | | test.go:340:15:340:26 | call to Data | test.go:344:23:344:31 | untrusted | provenance | Src:MaD:6 Sink:MaD:1 | @@ -30,7 +30,7 @@ nodes | test.go:217:10:217:18 | untrusted | semmle.label | untrusted | | test.go:218:35:218:43 | untrusted | semmle.label | untrusted | | test.go:324:17:324:37 | selection of RequestBody | semmle.label | selection of RequestBody | -| test.go:324:40:324:43 | &... | semmle.label | &... | +| test.go:324:40:324:43 | &... [postupdate] | semmle.label | &... [postupdate] | | test.go:326:35:326:43 | untrusted | semmle.label | untrusted | | test.go:332:15:332:26 | call to Data | semmle.label | call to Data | | test.go:334:23:334:31 | untrusted | semmle.label | untrusted | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/StoredXss.expected b/go/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/StoredXss.expected index f766a1a2db6..87c68cdc50b 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/StoredXss.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/StoredXss.expected @@ -1,8 +1,8 @@ #select -| test.go:81:13:81:29 | type conversion | test.go:80:13:80:16 | &... | test.go:81:13:81:29 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:80:13:80:16 | &... | stored value | -| test.go:82:13:82:43 | type conversion | test.go:80:13:80:16 | &... | test.go:82:13:82:43 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:80:13:80:16 | &... | stored value | -| test.go:86:13:86:30 | type conversion | test.go:85:22:85:26 | &... | test.go:86:13:86:30 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:85:22:85:26 | &... | stored value | -| test.go:90:13:90:30 | type conversion | test.go:89:21:89:25 | &... | test.go:90:13:90:30 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:89:21:89:25 | &... | stored value | +| test.go:81:13:81:29 | type conversion | test.go:80:13:80:16 | &... [postupdate] | test.go:81:13:81:29 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:80:13:80:16 | &... [postupdate] | stored value | +| test.go:82:13:82:43 | type conversion | test.go:80:13:80:16 | &... [postupdate] | test.go:82:13:82:43 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:80:13:80:16 | &... [postupdate] | stored value | +| test.go:86:13:86:30 | type conversion | test.go:85:22:85:26 | &... [postupdate] | test.go:86:13:86:30 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:85:22:85:26 | &... [postupdate] | stored value | +| test.go:90:13:90:30 | type conversion | test.go:89:21:89:25 | &... [postupdate] | test.go:90:13:90:30 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:89:21:89:25 | &... [postupdate] | stored value | | test.go:95:13:95:37 | type conversion | test.go:95:20:95:36 | call to Value | test.go:95:13:95:37 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:95:20:95:36 | call to Value | stored value | | test.go:96:13:96:49 | type conversion | test.go:96:20:96:39 | call to RawValue | test.go:96:13:96:49 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:96:20:96:39 | call to RawValue | stored value | | test.go:97:13:97:38 | type conversion | test.go:97:20:97:37 | call to String | test.go:97:13:97:38 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:97:20:97:37 | call to String | stored value | @@ -12,25 +12,25 @@ | test.go:101:13:101:38 | type conversion | test.go:101:20:101:37 | call to Value | test.go:101:13:101:38 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:101:20:101:37 | call to Value | stored value | | test.go:102:13:102:50 | type conversion | test.go:102:20:102:40 | call to RawValue | test.go:102:13:102:50 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:102:20:102:40 | call to RawValue | stored value | | test.go:103:13:103:39 | type conversion | test.go:103:20:103:38 | call to String | test.go:103:13:103:39 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:103:20:103:38 | call to String | stored value | -| test.go:110:13:110:33 | type conversion | test.go:109:9:109:13 | &... | test.go:110:13:110:33 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:109:9:109:13 | &... | stored value | -| test.go:114:13:114:29 | type conversion | test.go:113:9:113:12 | &... | test.go:114:13:114:29 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:113:9:113:12 | &... | stored value | -| test.go:118:13:118:48 | type conversion | test.go:117:12:117:19 | &... | test.go:118:13:118:48 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:117:12:117:19 | &... | stored value | -| test.go:122:13:122:43 | type conversion | test.go:121:16:121:24 | &... | test.go:122:13:122:43 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:121:16:121:24 | &... | stored value | -| test.go:126:13:126:39 | type conversion | test.go:125:16:125:23 | &... | test.go:126:13:126:39 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:125:16:125:23 | &... | stored value | -| test.go:130:13:130:47 | type conversion | test.go:129:15:129:24 | &... | test.go:130:13:130:47 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:129:15:129:24 | &... | stored value | -| test.go:134:13:134:38 | type conversion | test.go:133:18:133:30 | &... | test.go:134:13:134:38 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:133:18:133:30 | &... | stored value | -| test.go:141:13:141:48 | type conversion | test.go:140:12:140:19 | &... | test.go:141:13:141:48 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:140:12:140:19 | &... | stored value | -| test.go:145:13:145:43 | type conversion | test.go:144:16:144:24 | &... | test.go:145:13:145:43 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:144:16:144:24 | &... | stored value | -| test.go:149:13:149:39 | type conversion | test.go:148:16:148:23 | &... | test.go:149:13:149:39 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:148:16:148:23 | &... | stored value | -| test.go:153:13:153:47 | type conversion | test.go:152:15:152:24 | &... | test.go:153:13:153:47 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:152:15:152:24 | &... | stored value | -| test.go:157:13:157:38 | type conversion | test.go:156:18:156:30 | &... | test.go:157:13:157:38 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:156:18:156:30 | &... | stored value | -| test.go:161:13:161:28 | type conversion | test.go:160:14:160:22 | &... | test.go:161:13:161:28 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:160:14:160:22 | &... | stored value | -| test.go:165:13:165:32 | type conversion | test.go:164:15:164:24 | &... | test.go:165:13:165:32 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:164:15:164:24 | &... | stored value | +| test.go:110:13:110:33 | type conversion | test.go:109:9:109:13 | &... [postupdate] | test.go:110:13:110:33 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:109:9:109:13 | &... [postupdate] | stored value | +| test.go:114:13:114:29 | type conversion | test.go:113:9:113:12 | &... [postupdate] | test.go:114:13:114:29 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:113:9:113:12 | &... [postupdate] | stored value | +| test.go:118:13:118:48 | type conversion | test.go:117:12:117:19 | &... [postupdate] | test.go:118:13:118:48 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:117:12:117:19 | &... [postupdate] | stored value | +| test.go:122:13:122:43 | type conversion | test.go:121:16:121:24 | &... [postupdate] | test.go:122:13:122:43 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:121:16:121:24 | &... [postupdate] | stored value | +| test.go:126:13:126:39 | type conversion | test.go:125:16:125:23 | &... [postupdate] | test.go:126:13:126:39 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:125:16:125:23 | &... [postupdate] | stored value | +| test.go:130:13:130:47 | type conversion | test.go:129:15:129:24 | &... [postupdate] | test.go:130:13:130:47 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:129:15:129:24 | &... [postupdate] | stored value | +| test.go:134:13:134:38 | type conversion | test.go:133:18:133:30 | &... [postupdate] | test.go:134:13:134:38 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:133:18:133:30 | &... [postupdate] | stored value | +| test.go:141:13:141:48 | type conversion | test.go:140:12:140:19 | &... [postupdate] | test.go:141:13:141:48 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:140:12:140:19 | &... [postupdate] | stored value | +| test.go:145:13:145:43 | type conversion | test.go:144:16:144:24 | &... [postupdate] | test.go:145:13:145:43 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:144:16:144:24 | &... [postupdate] | stored value | +| test.go:149:13:149:39 | type conversion | test.go:148:16:148:23 | &... [postupdate] | test.go:149:13:149:39 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:148:16:148:23 | &... [postupdate] | stored value | +| test.go:153:13:153:47 | type conversion | test.go:152:15:152:24 | &... [postupdate] | test.go:153:13:153:47 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:152:15:152:24 | &... [postupdate] | stored value | +| test.go:157:13:157:38 | type conversion | test.go:156:18:156:30 | &... [postupdate] | test.go:157:13:157:38 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:156:18:156:30 | &... [postupdate] | stored value | +| test.go:161:13:161:28 | type conversion | test.go:160:14:160:22 | &... [postupdate] | test.go:161:13:161:28 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:160:14:160:22 | &... [postupdate] | stored value | +| test.go:165:13:165:32 | type conversion | test.go:164:15:164:24 | &... [postupdate] | test.go:165:13:165:32 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:164:15:164:24 | &... [postupdate] | stored value | edges -| test.go:80:13:80:16 | &... | test.go:81:13:81:29 | type conversion | provenance | Src:MaD:1 | -| test.go:80:13:80:16 | &... | test.go:82:13:82:43 | type conversion | provenance | Src:MaD:1 | -| test.go:85:22:85:26 | &... | test.go:86:13:86:30 | type conversion | provenance | Src:MaD:2 | -| test.go:89:21:89:25 | &... | test.go:90:13:90:30 | type conversion | provenance | Src:MaD:3 | +| test.go:80:13:80:16 | &... [postupdate] | test.go:81:13:81:29 | type conversion | provenance | Src:MaD:1 | +| test.go:80:13:80:16 | &... [postupdate] | test.go:82:13:82:43 | type conversion | provenance | Src:MaD:1 | +| test.go:85:22:85:26 | &... [postupdate] | test.go:86:13:86:30 | type conversion | provenance | Src:MaD:2 | +| test.go:89:21:89:25 | &... [postupdate] | test.go:90:13:90:30 | type conversion | provenance | Src:MaD:3 | | test.go:95:20:95:36 | call to Value | test.go:95:13:95:37 | type conversion | provenance | | | test.go:96:20:96:39 | call to RawValue | test.go:96:13:96:49 | type conversion | provenance | | | test.go:97:20:97:37 | call to String | test.go:97:13:97:38 | type conversion | provenance | | @@ -40,31 +40,31 @@ edges | test.go:101:20:101:37 | call to Value | test.go:101:13:101:38 | type conversion | provenance | | | test.go:102:20:102:40 | call to RawValue | test.go:102:13:102:50 | type conversion | provenance | | | test.go:103:20:103:38 | call to String | test.go:103:13:103:39 | type conversion | provenance | | -| test.go:109:9:109:13 | &... | test.go:110:13:110:33 | type conversion | provenance | | -| test.go:113:9:113:12 | &... | test.go:114:13:114:29 | type conversion | provenance | | -| test.go:117:12:117:19 | &... | test.go:118:13:118:48 | type conversion | provenance | | -| test.go:121:16:121:24 | &... | test.go:122:13:122:43 | type conversion | provenance | | -| test.go:125:16:125:23 | &... | test.go:126:13:126:39 | type conversion | provenance | | -| test.go:129:15:129:24 | &... | test.go:130:13:130:47 | type conversion | provenance | | -| test.go:133:18:133:30 | &... | test.go:134:13:134:38 | type conversion | provenance | | -| test.go:140:12:140:19 | &... | test.go:141:13:141:48 | type conversion | provenance | | -| test.go:144:16:144:24 | &... | test.go:145:13:145:43 | type conversion | provenance | | -| test.go:148:16:148:23 | &... | test.go:149:13:149:39 | type conversion | provenance | | -| test.go:152:15:152:24 | &... | test.go:153:13:153:47 | type conversion | provenance | | -| test.go:156:18:156:30 | &... | test.go:157:13:157:38 | type conversion | provenance | | -| test.go:160:14:160:22 | &... | test.go:161:13:161:28 | type conversion | provenance | | -| test.go:164:15:164:24 | &... | test.go:165:13:165:32 | type conversion | provenance | | +| test.go:109:9:109:13 | &... [postupdate] | test.go:110:13:110:33 | type conversion | provenance | | +| test.go:113:9:113:12 | &... [postupdate] | test.go:114:13:114:29 | type conversion | provenance | | +| test.go:117:12:117:19 | &... [postupdate] | test.go:118:13:118:48 | type conversion | provenance | | +| test.go:121:16:121:24 | &... [postupdate] | test.go:122:13:122:43 | type conversion | provenance | | +| test.go:125:16:125:23 | &... [postupdate] | test.go:126:13:126:39 | type conversion | provenance | | +| test.go:129:15:129:24 | &... [postupdate] | test.go:130:13:130:47 | type conversion | provenance | | +| test.go:133:18:133:30 | &... [postupdate] | test.go:134:13:134:38 | type conversion | provenance | | +| test.go:140:12:140:19 | &... [postupdate] | test.go:141:13:141:48 | type conversion | provenance | | +| test.go:144:16:144:24 | &... [postupdate] | test.go:145:13:145:43 | type conversion | provenance | | +| test.go:148:16:148:23 | &... [postupdate] | test.go:149:13:149:39 | type conversion | provenance | | +| test.go:152:15:152:24 | &... [postupdate] | test.go:153:13:153:47 | type conversion | provenance | | +| test.go:156:18:156:30 | &... [postupdate] | test.go:157:13:157:38 | type conversion | provenance | | +| test.go:160:14:160:22 | &... [postupdate] | test.go:161:13:161:28 | type conversion | provenance | | +| test.go:164:15:164:24 | &... [postupdate] | test.go:165:13:165:32 | type conversion | provenance | | models | 1 | Source: group:beego-orm; Ormer; true; Read; ; ; Argument[0]; database; manual | | 2 | Source: group:beego-orm; Ormer; true; ReadForUpdate; ; ; Argument[0]; database; manual | | 3 | Source: group:beego-orm; Ormer; true; ReadOrCreate; ; ; Argument[0]; database; manual | nodes -| test.go:80:13:80:16 | &... | semmle.label | &... | +| test.go:80:13:80:16 | &... [postupdate] | semmle.label | &... [postupdate] | | test.go:81:13:81:29 | type conversion | semmle.label | type conversion | | test.go:82:13:82:43 | type conversion | semmle.label | type conversion | -| test.go:85:22:85:26 | &... | semmle.label | &... | +| test.go:85:22:85:26 | &... [postupdate] | semmle.label | &... [postupdate] | | test.go:86:13:86:30 | type conversion | semmle.label | type conversion | -| test.go:89:21:89:25 | &... | semmle.label | &... | +| test.go:89:21:89:25 | &... [postupdate] | semmle.label | &... [postupdate] | | test.go:90:13:90:30 | type conversion | semmle.label | type conversion | | test.go:95:13:95:37 | type conversion | semmle.label | type conversion | | test.go:95:20:95:36 | call to Value | semmle.label | call to Value | @@ -84,32 +84,32 @@ nodes | test.go:102:20:102:40 | call to RawValue | semmle.label | call to RawValue | | test.go:103:13:103:39 | type conversion | semmle.label | type conversion | | test.go:103:20:103:38 | call to String | semmle.label | call to String | -| test.go:109:9:109:13 | &... | semmle.label | &... | +| test.go:109:9:109:13 | &... [postupdate] | semmle.label | &... [postupdate] | | test.go:110:13:110:33 | type conversion | semmle.label | type conversion | -| test.go:113:9:113:12 | &... | semmle.label | &... | +| test.go:113:9:113:12 | &... [postupdate] | semmle.label | &... [postupdate] | | test.go:114:13:114:29 | type conversion | semmle.label | type conversion | -| test.go:117:12:117:19 | &... | semmle.label | &... | +| test.go:117:12:117:19 | &... [postupdate] | semmle.label | &... [postupdate] | | test.go:118:13:118:48 | type conversion | semmle.label | type conversion | -| test.go:121:16:121:24 | &... | semmle.label | &... | +| test.go:121:16:121:24 | &... [postupdate] | semmle.label | &... [postupdate] | | test.go:122:13:122:43 | type conversion | semmle.label | type conversion | -| test.go:125:16:125:23 | &... | semmle.label | &... | +| test.go:125:16:125:23 | &... [postupdate] | semmle.label | &... [postupdate] | | test.go:126:13:126:39 | type conversion | semmle.label | type conversion | -| test.go:129:15:129:24 | &... | semmle.label | &... | +| test.go:129:15:129:24 | &... [postupdate] | semmle.label | &... [postupdate] | | test.go:130:13:130:47 | type conversion | semmle.label | type conversion | -| test.go:133:18:133:30 | &... | semmle.label | &... | +| test.go:133:18:133:30 | &... [postupdate] | semmle.label | &... [postupdate] | | test.go:134:13:134:38 | type conversion | semmle.label | type conversion | -| test.go:140:12:140:19 | &... | semmle.label | &... | +| test.go:140:12:140:19 | &... [postupdate] | semmle.label | &... [postupdate] | | test.go:141:13:141:48 | type conversion | semmle.label | type conversion | -| test.go:144:16:144:24 | &... | semmle.label | &... | +| test.go:144:16:144:24 | &... [postupdate] | semmle.label | &... [postupdate] | | test.go:145:13:145:43 | type conversion | semmle.label | type conversion | -| test.go:148:16:148:23 | &... | semmle.label | &... | +| test.go:148:16:148:23 | &... [postupdate] | semmle.label | &... [postupdate] | | test.go:149:13:149:39 | type conversion | semmle.label | type conversion | -| test.go:152:15:152:24 | &... | semmle.label | &... | +| test.go:152:15:152:24 | &... [postupdate] | semmle.label | &... [postupdate] | | test.go:153:13:153:47 | type conversion | semmle.label | type conversion | -| test.go:156:18:156:30 | &... | semmle.label | &... | +| test.go:156:18:156:30 | &... [postupdate] | semmle.label | &... [postupdate] | | test.go:157:13:157:38 | type conversion | semmle.label | type conversion | -| test.go:160:14:160:22 | &... | semmle.label | &... | +| test.go:160:14:160:22 | &... [postupdate] | semmle.label | &... [postupdate] | | test.go:161:13:161:28 | type conversion | semmle.label | type conversion | -| test.go:164:15:164:24 | &... | semmle.label | &... | +| test.go:164:15:164:24 | &... [postupdate] | semmle.label | &... [postupdate] | | test.go:165:13:165:32 | type conversion | semmle.label | type conversion | subpaths diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Echo/OpenRedirect.expected b/go/ql/test/library-tests/semmle/go/frameworks/Echo/OpenRedirect.expected index 4b38e6e8c47..0fa6b12603a 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Echo/OpenRedirect.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Echo/OpenRedirect.expected @@ -1,14 +1,15 @@ #select | test.go:173:20:173:24 | param | test.go:172:11:172:32 | call to Param | test.go:173:20:173:24 | param | This path to an untrusted URL redirection depends on a $@. | test.go:172:11:172:32 | call to Param | user-provided value | -| test.go:182:20:182:28 | ...+... | test.go:178:11:178:32 | call to Param | test.go:182:20:182:28 | ...+... | This path to an untrusted URL redirection depends on a $@. | test.go:178:11:178:32 | call to Param | user-provided value | +| test.go:185:20:185:29 | ...+... | test.go:178:11:178:32 | call to Param | test.go:185:20:185:29 | ...+... | This path to an untrusted URL redirection depends on a $@. | test.go:178:11:178:32 | call to Param | user-provided value | edges | test.go:172:11:172:32 | call to Param | test.go:173:20:173:24 | param | provenance | Src:MaD:2 Sink:MaD:1 | -| test.go:178:11:178:32 | call to Param | test.go:182:24:182:28 | param | provenance | Src:MaD:2 | -| test.go:182:24:182:28 | param | test.go:182:20:182:28 | ...+... | provenance | Config Sink:MaD:1 | -| test.go:190:9:190:26 | star expression | test.go:190:10:190:26 | selection of URL | provenance | Config | -| test.go:190:9:190:26 | star expression | test.go:193:21:193:23 | url | provenance | | -| test.go:190:10:190:26 | selection of URL | test.go:190:9:190:26 | star expression | provenance | Src:MaD:3 Config | -| test.go:193:21:193:23 | url | test.go:193:21:193:32 | call to String | provenance | Config Sink:MaD:1 | +| test.go:178:11:178:32 | call to Param | test.go:185:24:185:29 | param2 | provenance | Src:MaD:2 | +| test.go:185:24:185:29 | param2 | test.go:185:20:185:29 | ...+... | provenance | Config Sink:MaD:1 | +| test.go:193:9:193:26 | star expression | test.go:193:10:193:26 | selection of URL [postupdate] | provenance | Config | +| test.go:193:9:193:26 | star expression | test.go:196:21:196:23 | url | provenance | | +| test.go:193:10:193:26 | selection of URL | test.go:193:9:193:26 | star expression | provenance | Src:MaD:3 Config | +| test.go:193:10:193:26 | selection of URL [postupdate] | test.go:193:9:193:26 | star expression | provenance | Config | +| test.go:196:21:196:23 | url | test.go:196:21:196:32 | call to String | provenance | Config Sink:MaD:1 | models | 1 | Sink: github.com/labstack/echo; Context; true; Redirect; ; ; Argument[1]; url-redirection; manual | | 2 | Source: github.com/labstack/echo; Context; true; Param; ; ; ReturnValue[0]; remote; manual | @@ -17,10 +18,11 @@ nodes | test.go:172:11:172:32 | call to Param | semmle.label | call to Param | | test.go:173:20:173:24 | param | semmle.label | param | | test.go:178:11:178:32 | call to Param | semmle.label | call to Param | -| test.go:182:20:182:28 | ...+... | semmle.label | ...+... | -| test.go:182:24:182:28 | param | semmle.label | param | -| test.go:190:9:190:26 | star expression | semmle.label | star expression | -| test.go:190:10:190:26 | selection of URL | semmle.label | selection of URL | -| test.go:193:21:193:23 | url | semmle.label | url | -| test.go:193:21:193:32 | call to String | semmle.label | call to String | +| test.go:185:20:185:29 | ...+... | semmle.label | ...+... | +| test.go:185:24:185:29 | param2 | semmle.label | param2 | +| test.go:193:9:193:26 | star expression | semmle.label | star expression | +| test.go:193:10:193:26 | selection of URL | semmle.label | selection of URL | +| test.go:193:10:193:26 | selection of URL [postupdate] | semmle.label | selection of URL [postupdate] | +| test.go:196:21:196:23 | url | semmle.label | url | +| test.go:196:21:196:32 | call to String | semmle.label | call to String | subpaths diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Echo/ReflectedXss.expected b/go/ql/test/library-tests/semmle/go/frameworks/Echo/ReflectedXss.expected index 61b8706f4e0..4e885d284d4 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Echo/ReflectedXss.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Echo/ReflectedXss.expected @@ -11,7 +11,7 @@ | test.go:77:20:77:25 | buffer | test.go:72:2:72:31 | ... := ...[0] | test.go:77:20:77:25 | buffer | Cross-site scripting vulnerability due to $@. | test.go:72:2:72:31 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | | test.go:83:16:83:24 | selection of Value | test.go:82:2:82:32 | ... := ...[0] | test.go:83:16:83:24 | selection of Value | Cross-site scripting vulnerability due to $@. | test.go:82:2:82:32 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | | test.go:89:16:89:31 | selection of Value | test.go:88:13:88:25 | call to Cookies | test.go:89:16:89:31 | selection of Value | Cross-site scripting vulnerability due to $@. | test.go:88:13:88:25 | call to Cookies | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:100:16:100:21 | selection of s | test.go:99:11:99:15 | &... | test.go:100:16:100:21 | selection of s | Cross-site scripting vulnerability due to $@. | test.go:99:11:99:15 | &... | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:100:16:100:21 | selection of s | test.go:99:11:99:15 | &... [postupdate] | test.go:100:16:100:21 | selection of s | Cross-site scripting vulnerability due to $@. | test.go:99:11:99:15 | &... [postupdate] | user-provided value | test.go:0:0:0:0 | test.go | | | test.go:114:16:114:42 | type assertion | test.go:113:21:113:42 | call to Param | test.go:114:16:114:42 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:113:21:113:42 | call to Param | user-provided value | test.go:0:0:0:0 | test.go | | | test.go:125:16:125:20 | param | test.go:124:11:124:32 | call to Param | test.go:125:16:125:20 | param | Cross-site scripting vulnerability due to $@. | test.go:124:11:124:32 | call to Param | user-provided value | test.go:0:0:0:0 | test.go | | | test.go:131:20:131:32 | type conversion | test.go:130:11:130:32 | call to Param | test.go:131:20:131:32 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:130:11:130:32 | call to Param | user-provided value | test.go:0:0:0:0 | test.go | | @@ -29,23 +29,23 @@ edges | test.go:57:2:57:46 | ... := ...[0] | test.go:58:13:58:22 | fileHeader | provenance | Src:MaD:4 | | test.go:58:2:58:29 | ... := ...[0] | test.go:60:2:60:5 | file | provenance | | | test.go:58:13:58:22 | fileHeader | test.go:58:2:58:29 | ... := ...[0] | provenance | MaD:17 | -| test.go:59:2:59:7 | definition of buffer | test.go:61:20:61:25 | buffer | provenance | | -| test.go:60:2:60:5 | file | test.go:59:2:59:7 | definition of buffer | provenance | MaD:15 | -| test.go:60:2:60:5 | file | test.go:59:2:59:7 | definition of buffer | provenance | MaD:16 | -| test.go:60:2:60:5 | file | test.go:59:2:59:7 | definition of buffer | provenance | MaD:18 | +| test.go:60:2:60:5 | file | test.go:60:12:60:17 | buffer [postupdate] | provenance | MaD:15 | +| test.go:60:2:60:5 | file | test.go:60:12:60:17 | buffer [postupdate] | provenance | MaD:16 | +| test.go:60:2:60:5 | file | test.go:60:12:60:17 | buffer [postupdate] | provenance | MaD:18 | +| test.go:60:12:60:17 | buffer [postupdate] | test.go:61:20:61:25 | buffer | provenance | | | test.go:66:2:66:31 | ... := ...[0] | test.go:67:16:67:41 | index expression | provenance | Src:MaD:7 | | test.go:72:2:72:31 | ... := ...[0] | test.go:74:13:74:22 | fileHeader | provenance | Src:MaD:7 | | test.go:74:2:74:29 | ... := ...[0] | test.go:76:2:76:5 | file | provenance | | | test.go:74:13:74:22 | fileHeader | test.go:74:2:74:29 | ... := ...[0] | provenance | MaD:17 | -| test.go:75:2:75:7 | definition of buffer | test.go:77:20:77:25 | buffer | provenance | | -| test.go:76:2:76:5 | file | test.go:75:2:75:7 | definition of buffer | provenance | MaD:15 | -| test.go:76:2:76:5 | file | test.go:75:2:75:7 | definition of buffer | provenance | MaD:16 | -| test.go:76:2:76:5 | file | test.go:75:2:75:7 | definition of buffer | provenance | MaD:18 | +| test.go:76:2:76:5 | file | test.go:76:12:76:17 | buffer [postupdate] | provenance | MaD:15 | +| test.go:76:2:76:5 | file | test.go:76:12:76:17 | buffer [postupdate] | provenance | MaD:16 | +| test.go:76:2:76:5 | file | test.go:76:12:76:17 | buffer [postupdate] | provenance | MaD:18 | +| test.go:76:12:76:17 | buffer [postupdate] | test.go:77:20:77:25 | buffer | provenance | | | test.go:82:2:82:32 | ... := ...[0] | test.go:83:16:83:24 | selection of Value | provenance | Src:MaD:2 | | test.go:88:13:88:25 | call to Cookies | test.go:89:16:89:31 | selection of Value | provenance | Src:MaD:3 | -| test.go:99:11:99:15 | &... | test.go:100:16:100:21 | selection of s | provenance | Src:MaD:1 | -| test.go:112:17:112:19 | definition of ctx | test.go:114:16:114:18 | ctx | provenance | | -| test.go:113:21:113:42 | call to Param | test.go:112:17:112:19 | definition of ctx | provenance | Src:MaD:8 MaD:14 | +| test.go:99:11:99:15 | &... [postupdate] | test.go:100:16:100:21 | selection of s | provenance | Src:MaD:1 | +| test.go:113:2:113:4 | ctx [postupdate] | test.go:114:16:114:18 | ctx | provenance | | +| test.go:113:21:113:42 | call to Param | test.go:113:2:113:4 | ctx [postupdate] | provenance | Src:MaD:8 MaD:14 | | test.go:114:16:114:18 | ctx | test.go:114:16:114:33 | call to Get | provenance | MaD:13 | | test.go:114:16:114:33 | call to Get | test.go:114:16:114:42 | type assertion | provenance | | | test.go:124:11:124:32 | call to Param | test.go:125:16:125:20 | param | provenance | Src:MaD:8 | @@ -93,24 +93,24 @@ nodes | test.go:57:2:57:46 | ... := ...[0] | semmle.label | ... := ...[0] | | test.go:58:2:58:29 | ... := ...[0] | semmle.label | ... := ...[0] | | test.go:58:13:58:22 | fileHeader | semmle.label | fileHeader | -| test.go:59:2:59:7 | definition of buffer | semmle.label | definition of buffer | | test.go:60:2:60:5 | file | semmle.label | file | +| test.go:60:12:60:17 | buffer [postupdate] | semmle.label | buffer [postupdate] | | test.go:61:20:61:25 | buffer | semmle.label | buffer | | test.go:66:2:66:31 | ... := ...[0] | semmle.label | ... := ...[0] | | test.go:67:16:67:41 | index expression | semmle.label | index expression | | test.go:72:2:72:31 | ... := ...[0] | semmle.label | ... := ...[0] | | test.go:74:2:74:29 | ... := ...[0] | semmle.label | ... := ...[0] | | test.go:74:13:74:22 | fileHeader | semmle.label | fileHeader | -| test.go:75:2:75:7 | definition of buffer | semmle.label | definition of buffer | | test.go:76:2:76:5 | file | semmle.label | file | +| test.go:76:12:76:17 | buffer [postupdate] | semmle.label | buffer [postupdate] | | test.go:77:20:77:25 | buffer | semmle.label | buffer | | test.go:82:2:82:32 | ... := ...[0] | semmle.label | ... := ...[0] | | test.go:83:16:83:24 | selection of Value | semmle.label | selection of Value | | test.go:88:13:88:25 | call to Cookies | semmle.label | call to Cookies | | test.go:89:16:89:31 | selection of Value | semmle.label | selection of Value | -| test.go:99:11:99:15 | &... | semmle.label | &... | +| test.go:99:11:99:15 | &... [postupdate] | semmle.label | &... [postupdate] | | test.go:100:16:100:21 | selection of s | semmle.label | selection of s | -| test.go:112:17:112:19 | definition of ctx | semmle.label | definition of ctx | +| test.go:113:2:113:4 | ctx [postupdate] | semmle.label | ctx [postupdate] | | test.go:113:21:113:42 | call to Param | semmle.label | call to Param | | test.go:114:16:114:18 | ctx | semmle.label | ctx | | test.go:114:16:114:33 | call to Get | semmle.label | call to Get | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Echo/TaintedPath.expected b/go/ql/test/library-tests/semmle/go/frameworks/Echo/TaintedPath.expected index c579c480fb3..6a26aba5d76 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Echo/TaintedPath.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Echo/TaintedPath.expected @@ -1,16 +1,16 @@ #select -| test.go:222:17:222:24 | filepath | test.go:221:15:221:38 | call to QueryParam | test.go:222:17:222:24 | filepath | This path depends on a $@. | test.go:221:15:221:38 | call to QueryParam | user-provided value | -| test.go:226:23:226:30 | filepath | test.go:225:15:225:38 | call to QueryParam | test.go:226:23:226:30 | filepath | This path depends on a $@. | test.go:225:15:225:38 | call to QueryParam | user-provided value | +| test.go:225:17:225:24 | filepath | test.go:224:15:224:38 | call to QueryParam | test.go:225:17:225:24 | filepath | This path depends on a $@. | test.go:224:15:224:38 | call to QueryParam | user-provided value | +| test.go:229:23:229:30 | filepath | test.go:228:15:228:38 | call to QueryParam | test.go:229:23:229:30 | filepath | This path depends on a $@. | test.go:228:15:228:38 | call to QueryParam | user-provided value | edges -| test.go:221:15:221:38 | call to QueryParam | test.go:222:17:222:24 | filepath | provenance | Src:MaD:3 Sink:MaD:2 | -| test.go:225:15:225:38 | call to QueryParam | test.go:226:23:226:30 | filepath | provenance | Src:MaD:3 Sink:MaD:1 | +| test.go:224:15:224:38 | call to QueryParam | test.go:225:17:225:24 | filepath | provenance | Src:MaD:3 Sink:MaD:2 | +| test.go:228:15:228:38 | call to QueryParam | test.go:229:23:229:30 | filepath | provenance | Src:MaD:3 Sink:MaD:1 | models | 1 | Sink: github.com/labstack/echo; Context; true; Attachment; ; ; Argument[0]; path-injection; manual | | 2 | Sink: github.com/labstack/echo; Context; true; File; ; ; Argument[0]; path-injection; manual | | 3 | Source: github.com/labstack/echo; Context; true; QueryParam; ; ; ReturnValue[0]; remote; manual | nodes -| test.go:221:15:221:38 | call to QueryParam | semmle.label | call to QueryParam | -| test.go:222:17:222:24 | filepath | semmle.label | filepath | -| test.go:225:15:225:38 | call to QueryParam | semmle.label | call to QueryParam | -| test.go:226:23:226:30 | filepath | semmle.label | filepath | +| test.go:224:15:224:38 | call to QueryParam | semmle.label | call to QueryParam | +| test.go:225:17:225:24 | filepath | semmle.label | filepath | +| test.go:228:15:228:38 | call to QueryParam | semmle.label | call to QueryParam | +| test.go:229:23:229:30 | filepath | semmle.label | filepath | subpaths diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Echo/test.go b/go/ql/test/library-tests/semmle/go/frameworks/Echo/test.go index 45f92cd19cb..4a9f4e161f6 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Echo/test.go +++ b/go/ql/test/library-tests/semmle/go/frameworks/Echo/test.go @@ -176,12 +176,15 @@ func testRedirect(ctx echo.Context) error { func testLocalRedirects(ctx echo.Context) error { param := ctx.Param("someParam") + param2 := param + param3 := param + // Gratuitous copy because sanitization of uses propagates to subsequent uses // GOOD: local redirects are unproblematic ctx.Redirect(301, "/local"+param) // BAD: this could be a non-local redirect - ctx.Redirect(301, "/"+param) + ctx.Redirect(301, "/"+param2) // GOOD: localhost redirects are unproblematic - ctx.Redirect(301, "//localhost/"+param) + ctx.Redirect(301, "//localhost/"+param3) return nil } diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Email/EmailData.expected b/go/ql/test/library-tests/semmle/go/frameworks/Email/EmailData.expected index 99b33b4a780..3324ee56033 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Email/EmailData.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Email/EmailData.expected @@ -1,5 +1,5 @@ | mail.go:15:73:15:94 | type conversion | -| mail.go:18:19:18:23 | definition of write | +| mail.go:20:17:20:21 | write [postupdate] | | mail.go:26:49:26:52 | text | | mail.go:26:76:26:79 | text | | mail.go:27:20:27:23 | text | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Encoding/jsoniter.expected b/go/ql/test/library-tests/semmle/go/frameworks/Encoding/jsoniter.expected index 0e79c3135b0..5dfd597c10a 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Encoding/jsoniter.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Encoding/jsoniter.expected @@ -9,28 +9,28 @@ edges | jsoniter.go:23:20:23:38 | call to getUntrustedBytes | jsoniter.go:31:21:31:34 | untrustedInput | provenance | | | jsoniter.go:24:21:24:40 | call to getUntrustedString | jsoniter.go:35:27:35:41 | untrustedString | provenance | | | jsoniter.go:24:21:24:40 | call to getUntrustedString | jsoniter.go:39:31:39:45 | untrustedString | provenance | | -| jsoniter.go:27:17:27:30 | untrustedInput | jsoniter.go:27:33:27:37 | &... | provenance | MaD:4 | -| jsoniter.go:27:33:27:37 | &... | jsoniter.go:28:15:28:24 | selection of field | provenance | Sink:MaD:1 | -| jsoniter.go:31:21:31:34 | untrustedInput | jsoniter.go:31:37:31:42 | &... | provenance | MaD:2 | -| jsoniter.go:31:37:31:42 | &... | jsoniter.go:32:15:32:25 | selection of field | provenance | Sink:MaD:1 | -| jsoniter.go:35:27:35:41 | untrustedString | jsoniter.go:35:44:35:49 | &... | provenance | MaD:5 | -| jsoniter.go:35:44:35:49 | &... | jsoniter.go:36:15:36:25 | selection of field | provenance | Sink:MaD:1 | -| jsoniter.go:39:31:39:45 | untrustedString | jsoniter.go:39:48:39:53 | &... | provenance | MaD:3 | -| jsoniter.go:39:48:39:53 | &... | jsoniter.go:40:15:40:25 | selection of field | provenance | Sink:MaD:1 | +| jsoniter.go:27:17:27:30 | untrustedInput | jsoniter.go:27:33:27:37 | &... [postupdate] | provenance | MaD:4 | +| jsoniter.go:27:33:27:37 | &... [postupdate] | jsoniter.go:28:15:28:24 | selection of field | provenance | Sink:MaD:1 | +| jsoniter.go:31:21:31:34 | untrustedInput | jsoniter.go:31:37:31:42 | &... [postupdate] | provenance | MaD:2 | +| jsoniter.go:31:37:31:42 | &... [postupdate] | jsoniter.go:32:15:32:25 | selection of field | provenance | Sink:MaD:1 | +| jsoniter.go:35:27:35:41 | untrustedString | jsoniter.go:35:44:35:49 | &... [postupdate] | provenance | MaD:5 | +| jsoniter.go:35:44:35:49 | &... [postupdate] | jsoniter.go:36:15:36:25 | selection of field | provenance | Sink:MaD:1 | +| jsoniter.go:39:31:39:45 | untrustedString | jsoniter.go:39:48:39:53 | &... [postupdate] | provenance | MaD:3 | +| jsoniter.go:39:48:39:53 | &... [postupdate] | jsoniter.go:40:15:40:25 | selection of field | provenance | Sink:MaD:1 | nodes | jsoniter.go:23:20:23:38 | call to getUntrustedBytes | semmle.label | call to getUntrustedBytes | | jsoniter.go:24:21:24:40 | call to getUntrustedString | semmle.label | call to getUntrustedString | | jsoniter.go:27:17:27:30 | untrustedInput | semmle.label | untrustedInput | -| jsoniter.go:27:33:27:37 | &... | semmle.label | &... | +| jsoniter.go:27:33:27:37 | &... [postupdate] | semmle.label | &... [postupdate] | | jsoniter.go:28:15:28:24 | selection of field | semmle.label | selection of field | | jsoniter.go:31:21:31:34 | untrustedInput | semmle.label | untrustedInput | -| jsoniter.go:31:37:31:42 | &... | semmle.label | &... | +| jsoniter.go:31:37:31:42 | &... [postupdate] | semmle.label | &... [postupdate] | | jsoniter.go:32:15:32:25 | selection of field | semmle.label | selection of field | | jsoniter.go:35:27:35:41 | untrustedString | semmle.label | untrustedString | -| jsoniter.go:35:44:35:49 | &... | semmle.label | &... | +| jsoniter.go:35:44:35:49 | &... [postupdate] | semmle.label | &... [postupdate] | | jsoniter.go:36:15:36:25 | selection of field | semmle.label | selection of field | | jsoniter.go:39:31:39:45 | untrustedString | semmle.label | untrustedString | -| jsoniter.go:39:48:39:53 | &... | semmle.label | &... | +| jsoniter.go:39:48:39:53 | &... [postupdate] | semmle.label | &... [postupdate] | | jsoniter.go:40:15:40:25 | selection of field | semmle.label | selection of field | subpaths invalidModelRow diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Fasthttp/fasthttp.go b/go/ql/test/library-tests/semmle/go/frameworks/Fasthttp/fasthttp.go index c25c9d01058..061f50355d5 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Fasthttp/fasthttp.go +++ b/go/ql/test/library-tests/semmle/go/frameworks/Fasthttp/fasthttp.go @@ -169,10 +169,10 @@ func fasthttpServer() { fmt.Println(body1, body2, body3, body4) requestCtx.Request.BodyStream() // $ RemoteFlowSource="call to BodyStream" - requestCtx.Request.ReadBody(&bufio.Reader{}, 100, 1000) // $ RemoteFlowSource="&..." - requestCtx.Request.ReadLimitBody(&bufio.Reader{}, 100) // $ RemoteFlowSource="&..." - requestCtx.Request.ContinueReadBodyStream(&bufio.Reader{}, 100, true) // $ RemoteFlowSource="&..." - requestCtx.Request.ContinueReadBody(&bufio.Reader{}, 100) // $ RemoteFlowSource="&..." + requestCtx.Request.ReadBody(&bufio.Reader{}, 100, 1000) // $ RemoteFlowSource="&..." RemoteFlowSource="&... [postupdate]" + requestCtx.Request.ReadLimitBody(&bufio.Reader{}, 100) // $ RemoteFlowSource="&..." RemoteFlowSource="&... [postupdate]" + requestCtx.Request.ContinueReadBodyStream(&bufio.Reader{}, 100, true) // $ RemoteFlowSource="&..." RemoteFlowSource="&... [postupdate]" + requestCtx.Request.ContinueReadBody(&bufio.Reader{}, 100) // $ RemoteFlowSource="&..." RemoteFlowSource="&... [postupdate]" // Response methods // Xss Sinks Related method diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Gin/Gin.expected b/go/ql/test/library-tests/semmle/go/frameworks/Gin/Gin.expected index 719a6a26147..071bf34cd7e 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Gin/Gin.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Gin/Gin.expected @@ -31,39 +31,39 @@ | Gin.go:158:10:158:19 | selection of Params | | Gin.go:162:13:162:22 | selection of Params | | Gin.go:168:12:168:21 | selection of Params | -| Gin.go:178:16:178:22 | &... | -| Gin.go:182:7:182:19 | definition of personPointer | -| Gin.go:188:15:188:21 | &... | -| Gin.go:192:7:192:19 | definition of personPointer | -| Gin.go:198:16:198:22 | &... | -| Gin.go:202:7:202:19 | definition of personPointer | -| Gin.go:208:15:208:21 | &... | -| Gin.go:212:7:212:19 | definition of personPointer | -| Gin.go:218:17:218:23 | &... | -| Gin.go:222:7:222:19 | definition of personPointer | -| Gin.go:228:20:228:26 | &... | -| Gin.go:232:7:232:19 | definition of personPointer | -| Gin.go:238:16:238:22 | &... | -| Gin.go:242:7:242:19 | definition of personPointer | -| Gin.go:248:12:248:18 | &... | -| Gin.go:252:7:252:19 | definition of personPointer | -| Gin.go:258:18:258:24 | &... | -| Gin.go:262:7:262:19 | definition of personPointer | -| Gin.go:268:26:268:32 | &... | -| Gin.go:272:7:272:19 | definition of personPointer | -| Gin.go:278:22:278:28 | &... | -| Gin.go:282:7:282:19 | definition of personPointer | -| Gin.go:288:23:288:29 | &... | -| Gin.go:292:7:292:19 | definition of personPointer | -| Gin.go:298:21:298:27 | &... | -| Gin.go:302:7:302:19 | definition of personPointer | -| Gin.go:308:22:308:28 | &... | -| Gin.go:312:7:312:19 | definition of personPointer | -| Gin.go:318:21:318:27 | &... | -| Gin.go:322:7:322:19 | definition of personPointer | -| Gin.go:328:22:328:28 | &... | -| Gin.go:332:7:332:19 | definition of personPointer | -| Gin.go:338:18:338:24 | &... | -| Gin.go:342:7:342:19 | definition of personPointer | -| Gin.go:348:24:348:30 | &... | -| Gin.go:352:7:352:19 | definition of personPointer | +| Gin.go:178:16:178:22 | &... [postupdate] | +| Gin.go:183:16:183:28 | personPointer [postupdate] | +| Gin.go:188:15:188:21 | &... [postupdate] | +| Gin.go:193:15:193:27 | personPointer [postupdate] | +| Gin.go:198:16:198:22 | &... [postupdate] | +| Gin.go:203:16:203:28 | personPointer [postupdate] | +| Gin.go:208:15:208:21 | &... [postupdate] | +| Gin.go:213:15:213:27 | personPointer [postupdate] | +| Gin.go:218:17:218:23 | &... [postupdate] | +| Gin.go:223:17:223:29 | personPointer [postupdate] | +| Gin.go:228:20:228:26 | &... [postupdate] | +| Gin.go:233:20:233:32 | personPointer [postupdate] | +| Gin.go:238:16:238:22 | &... [postupdate] | +| Gin.go:243:16:243:28 | personPointer [postupdate] | +| Gin.go:248:12:248:18 | &... [postupdate] | +| Gin.go:253:12:253:24 | personPointer [postupdate] | +| Gin.go:258:18:258:24 | &... [postupdate] | +| Gin.go:263:18:263:30 | personPointer [postupdate] | +| Gin.go:268:26:268:32 | &... [postupdate] | +| Gin.go:273:26:273:38 | personPointer [postupdate] | +| Gin.go:278:22:278:28 | &... [postupdate] | +| Gin.go:283:22:283:34 | personPointer [postupdate] | +| Gin.go:288:23:288:29 | &... [postupdate] | +| Gin.go:293:23:293:35 | personPointer [postupdate] | +| Gin.go:298:21:298:27 | &... [postupdate] | +| Gin.go:303:21:303:33 | personPointer [postupdate] | +| Gin.go:308:22:308:28 | &... [postupdate] | +| Gin.go:313:22:313:34 | personPointer [postupdate] | +| Gin.go:318:21:318:27 | &... [postupdate] | +| Gin.go:323:21:323:33 | personPointer [postupdate] | +| Gin.go:328:22:328:28 | &... [postupdate] | +| Gin.go:333:22:333:34 | personPointer [postupdate] | +| Gin.go:338:18:338:24 | &... [postupdate] | +| Gin.go:343:18:343:30 | personPointer [postupdate] | +| Gin.go:348:24:348:30 | &... [postupdate] | +| Gin.go:353:24:353:36 | personPointer [postupdate] | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/GoMicro/LogInjection.expected b/go/ql/test/library-tests/semmle/go/frameworks/GoMicro/LogInjection.expected index 8e113c12ef7..703066d6449 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/GoMicro/LogInjection.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/GoMicro/LogInjection.expected @@ -1,26 +1,8 @@ edges -| main.go:18:46:18:48 | definition of req | main.go:18:46:18:48 | definition of req [Return] | provenance | | | main.go:18:46:18:48 | definition of req | main.go:21:28:21:31 | name | provenance | | -| main.go:18:46:18:48 | definition of req | main.go:21:28:21:31 | name | provenance | | -| main.go:18:46:18:48 | definition of req [Return] | proto/Hello.pb.micro.go:85:53:85:54 | definition of in | provenance | | -| proto/Hello.pb.micro.go:85:53:85:54 | definition of in | proto/Hello.pb.micro.go:85:53:85:54 | definition of in [Return] | provenance | | -| proto/Hello.pb.micro.go:85:53:85:54 | definition of in | proto/Hello.pb.micro.go:86:37:86:38 | in | provenance | | -| proto/Hello.pb.micro.go:85:53:85:54 | definition of in | proto/Hello.pb.micro.go:86:37:86:38 | in | provenance | | -| proto/Hello.pb.micro.go:85:53:85:54 | definition of in [Return] | proto/Hello.pb.micro.go:85:53:85:54 | definition of in | provenance | | -| proto/Hello.pb.micro.go:86:37:86:38 | in | main.go:18:46:18:48 | definition of req | provenance | | -| proto/Hello.pb.micro.go:86:37:86:38 | in | main.go:18:46:18:48 | definition of req | provenance | | -| proto/Hello.pb.micro.go:86:37:86:38 | in | proto/Hello.pb.micro.go:85:53:85:54 | definition of in | provenance | | -| proto/Hello.pb.micro.go:86:37:86:38 | in | proto/Hello.pb.micro.go:85:53:85:54 | definition of in | provenance | | nodes | main.go:18:46:18:48 | definition of req | semmle.label | definition of req | -| main.go:18:46:18:48 | definition of req | semmle.label | definition of req | -| main.go:18:46:18:48 | definition of req [Return] | semmle.label | definition of req [Return] | | main.go:21:28:21:31 | name | semmle.label | name | -| proto/Hello.pb.micro.go:85:53:85:54 | definition of in | semmle.label | definition of in | -| proto/Hello.pb.micro.go:85:53:85:54 | definition of in | semmle.label | definition of in | -| proto/Hello.pb.micro.go:85:53:85:54 | definition of in [Return] | semmle.label | definition of in [Return] | -| proto/Hello.pb.micro.go:86:37:86:38 | in | semmle.label | in | -| proto/Hello.pb.micro.go:86:37:86:38 | in | semmle.label | in | subpaths #select | main.go:21:28:21:31 | name | main.go:18:46:18:48 | definition of req | main.go:21:28:21:31 | name | This log entry depends on a $@. | main.go:18:46:18:48 | definition of req | user-provided value | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Gorestful/gorestful.expected b/go/ql/test/library-tests/semmle/go/frameworks/Gorestful/gorestful.expected index 4cdacabe873..0af67462f7c 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Gorestful/gorestful.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Gorestful/gorestful.expected @@ -8,11 +8,11 @@ edges | gorestful.go:15:15:15:44 | call to QueryParameters | gorestful.go:15:15:15:47 | index expression | provenance | Src:MaD:4 Sink:MaD:1 | | gorestful.go:17:2:17:39 | ... := ...[0] | gorestful.go:18:15:18:17 | val | provenance | Src:MaD:2 Sink:MaD:1 | | gorestful.go:21:15:21:38 | call to PathParameters | gorestful.go:21:15:21:45 | index expression | provenance | Src:MaD:3 Sink:MaD:1 | -| gorestful.go:23:21:23:24 | &... | gorestful.go:24:15:24:21 | selection of cmd | provenance | Src:MaD:5 Sink:MaD:1 | +| gorestful.go:23:21:23:24 | &... [postupdate] | gorestful.go:24:15:24:21 | selection of cmd | provenance | Src:MaD:5 Sink:MaD:1 | | gorestful_v2.go:15:15:15:44 | call to QueryParameters | gorestful_v2.go:15:15:15:47 | index expression | provenance | Src:MaD:4 Sink:MaD:1 | | gorestful_v2.go:17:2:17:39 | ... := ...[0] | gorestful_v2.go:18:15:18:17 | val | provenance | Src:MaD:2 Sink:MaD:1 | | gorestful_v2.go:21:15:21:38 | call to PathParameters | gorestful_v2.go:21:15:21:45 | index expression | provenance | Src:MaD:3 Sink:MaD:1 | -| gorestful_v2.go:23:21:23:24 | &... | gorestful_v2.go:24:15:24:21 | selection of cmd | provenance | Src:MaD:5 Sink:MaD:1 | +| gorestful_v2.go:23:21:23:24 | &... [postupdate] | gorestful_v2.go:24:15:24:21 | selection of cmd | provenance | Src:MaD:5 Sink:MaD:1 | nodes | gorestful.go:15:15:15:44 | call to QueryParameters | semmle.label | call to QueryParameters | | gorestful.go:15:15:15:47 | index expression | semmle.label | index expression | @@ -23,7 +23,7 @@ nodes | gorestful.go:20:15:20:42 | call to PathParameter | semmle.label | call to PathParameter | | gorestful.go:21:15:21:38 | call to PathParameters | semmle.label | call to PathParameters | | gorestful.go:21:15:21:45 | index expression | semmle.label | index expression | -| gorestful.go:23:21:23:24 | &... | semmle.label | &... | +| gorestful.go:23:21:23:24 | &... [postupdate] | semmle.label | &... [postupdate] | | gorestful.go:24:15:24:21 | selection of cmd | semmle.label | selection of cmd | | gorestful_v2.go:15:15:15:44 | call to QueryParameters | semmle.label | call to QueryParameters | | gorestful_v2.go:15:15:15:47 | index expression | semmle.label | index expression | @@ -34,7 +34,7 @@ nodes | gorestful_v2.go:20:15:20:42 | call to PathParameter | semmle.label | call to PathParameter | | gorestful_v2.go:21:15:21:38 | call to PathParameters | semmle.label | call to PathParameters | | gorestful_v2.go:21:15:21:45 | index expression | semmle.label | index expression | -| gorestful_v2.go:23:21:23:24 | &... | semmle.label | &... | +| gorestful_v2.go:23:21:23:24 | &... [postupdate] | semmle.label | &... [postupdate] | | gorestful_v2.go:24:15:24:21 | selection of cmd | semmle.label | selection of cmd | subpaths invalidModelRow @@ -45,11 +45,11 @@ invalidModelRow | gorestful.go:19:15:19:44 | call to HeaderParameter | gorestful.go:19:15:19:44 | call to HeaderParameter | gorestful.go:19:15:19:44 | call to HeaderParameter | This command depends on $@. | gorestful.go:19:15:19:44 | call to HeaderParameter | a user-provided value | | gorestful.go:20:15:20:42 | call to PathParameter | gorestful.go:20:15:20:42 | call to PathParameter | gorestful.go:20:15:20:42 | call to PathParameter | This command depends on $@. | gorestful.go:20:15:20:42 | call to PathParameter | a user-provided value | | gorestful.go:21:15:21:45 | index expression | gorestful.go:21:15:21:38 | call to PathParameters | gorestful.go:21:15:21:45 | index expression | This command depends on $@. | gorestful.go:21:15:21:38 | call to PathParameters | a user-provided value | -| gorestful.go:24:15:24:21 | selection of cmd | gorestful.go:23:21:23:24 | &... | gorestful.go:24:15:24:21 | selection of cmd | This command depends on $@. | gorestful.go:23:21:23:24 | &... | a user-provided value | +| gorestful.go:24:15:24:21 | selection of cmd | gorestful.go:23:21:23:24 | &... [postupdate] | gorestful.go:24:15:24:21 | selection of cmd | This command depends on $@. | gorestful.go:23:21:23:24 | &... [postupdate] | a user-provided value | | gorestful_v2.go:15:15:15:47 | index expression | gorestful_v2.go:15:15:15:44 | call to QueryParameters | gorestful_v2.go:15:15:15:47 | index expression | This command depends on $@. | gorestful_v2.go:15:15:15:44 | call to QueryParameters | a user-provided value | | gorestful_v2.go:16:15:16:43 | call to QueryParameter | gorestful_v2.go:16:15:16:43 | call to QueryParameter | gorestful_v2.go:16:15:16:43 | call to QueryParameter | This command depends on $@. | gorestful_v2.go:16:15:16:43 | call to QueryParameter | a user-provided value | | gorestful_v2.go:18:15:18:17 | val | gorestful_v2.go:17:2:17:39 | ... := ...[0] | gorestful_v2.go:18:15:18:17 | val | This command depends on $@. | gorestful_v2.go:17:2:17:39 | ... := ...[0] | a user-provided value | | gorestful_v2.go:19:15:19:44 | call to HeaderParameter | gorestful_v2.go:19:15:19:44 | call to HeaderParameter | gorestful_v2.go:19:15:19:44 | call to HeaderParameter | This command depends on $@. | gorestful_v2.go:19:15:19:44 | call to HeaderParameter | a user-provided value | | gorestful_v2.go:20:15:20:42 | call to PathParameter | gorestful_v2.go:20:15:20:42 | call to PathParameter | gorestful_v2.go:20:15:20:42 | call to PathParameter | This command depends on $@. | gorestful_v2.go:20:15:20:42 | call to PathParameter | a user-provided value | | gorestful_v2.go:21:15:21:45 | index expression | gorestful_v2.go:21:15:21:38 | call to PathParameters | gorestful_v2.go:21:15:21:45 | index expression | This command depends on $@. | gorestful_v2.go:21:15:21:38 | call to PathParameters | a user-provided value | -| gorestful_v2.go:24:15:24:21 | selection of cmd | gorestful_v2.go:23:21:23:24 | &... | gorestful_v2.go:24:15:24:21 | selection of cmd | This command depends on $@. | gorestful_v2.go:23:21:23:24 | &... | a user-provided value | +| gorestful_v2.go:24:15:24:21 | selection of cmd | gorestful_v2.go:23:21:23:24 | &... [postupdate] | gorestful_v2.go:24:15:24:21 | selection of cmd | This command depends on $@. | gorestful_v2.go:23:21:23:24 | &... [postupdate] | a user-provided value | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Revel/OpenRedirect.expected b/go/ql/test/library-tests/semmle/go/frameworks/Revel/OpenRedirect.expected index 6e20fd5699c..d3f52f4f9c6 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Revel/OpenRedirect.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Revel/OpenRedirect.expected @@ -1,10 +1,11 @@ #select | EndToEnd.go:94:20:94:49 | call to Get | EndToEnd.go:94:20:94:27 | selection of Params | EndToEnd.go:94:20:94:49 | call to Get | This path to an untrusted URL redirection depends on a $@. | EndToEnd.go:94:20:94:27 | selection of Params | user-provided value | edges -| EndToEnd.go:94:20:94:27 | implicit dereference | EndToEnd.go:94:20:94:27 | selection of Params | provenance | Config | +| EndToEnd.go:94:20:94:27 | implicit dereference | EndToEnd.go:94:20:94:27 | selection of Params [postupdate] | provenance | Config | | EndToEnd.go:94:20:94:27 | implicit dereference | EndToEnd.go:94:20:94:32 | selection of Form | provenance | Config | | EndToEnd.go:94:20:94:27 | selection of Params | EndToEnd.go:94:20:94:27 | implicit dereference | provenance | Src:MaD:2 Config | | EndToEnd.go:94:20:94:27 | selection of Params | EndToEnd.go:94:20:94:32 | selection of Form | provenance | Src:MaD:2 Config | +| EndToEnd.go:94:20:94:27 | selection of Params [postupdate] | EndToEnd.go:94:20:94:27 | implicit dereference | provenance | Config | | EndToEnd.go:94:20:94:32 | selection of Form | EndToEnd.go:94:20:94:49 | call to Get | provenance | Config Sink:MaD:1 | models | 1 | Sink: group:revel; Controller; true; Redirect; ; ; Argument[0]; url-redirection; manual | @@ -12,6 +13,7 @@ models nodes | EndToEnd.go:94:20:94:27 | implicit dereference | semmle.label | implicit dereference | | EndToEnd.go:94:20:94:27 | selection of Params | semmle.label | selection of Params | +| EndToEnd.go:94:20:94:27 | selection of Params [postupdate] | semmle.label | selection of Params [postupdate] | | EndToEnd.go:94:20:94:32 | selection of Form | semmle.label | selection of Form | | EndToEnd.go:94:20:94:49 | call to Get | semmle.label | call to Get | subpaths diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Revel/ReflectedXss.expected b/go/ql/test/library-tests/semmle/go/frameworks/Revel/ReflectedXss.expected index 9d45f1e2996..9ea4016a7e4 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Revel/ReflectedXss.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Revel/ReflectedXss.expected @@ -5,10 +5,10 @@ | examples/booking/app/init.go:36:44:36:53 | selection of Path | examples/booking/app/init.go:36:44:36:48 | selection of URL | examples/booking/app/init.go:36:44:36:53 | selection of Path | Cross-site scripting vulnerability due to $@. | examples/booking/app/init.go:36:44:36:48 | selection of URL | user-provided value | examples/booking/app/init.go:0:0:0:0 | examples/booking/app/init.go | | | examples/booking/app/init.go:40:49:40:58 | selection of Path | examples/booking/app/init.go:40:49:40:53 | selection of URL | examples/booking/app/init.go:40:49:40:58 | selection of Path | Cross-site scripting vulnerability due to $@. | examples/booking/app/init.go:40:49:40:53 | selection of URL | user-provided value | examples/booking/app/init.go:0:0:0:0 | examples/booking/app/init.go | | edges -| EndToEnd.go:35:2:35:4 | definition of buf | EndToEnd.go:37:24:37:26 | buf | provenance | | +| EndToEnd.go:36:2:36:4 | buf [postupdate] | EndToEnd.go:37:24:37:26 | buf | provenance | | | EndToEnd.go:36:18:36:25 | selection of Params | EndToEnd.go:36:18:36:30 | selection of Form | provenance | Src:MaD:1 | | EndToEnd.go:36:18:36:30 | selection of Form | EndToEnd.go:36:18:36:47 | call to Get | provenance | MaD:4 | -| EndToEnd.go:36:18:36:47 | call to Get | EndToEnd.go:35:2:35:4 | definition of buf | provenance | MaD:3 | +| EndToEnd.go:36:18:36:47 | call to Get | EndToEnd.go:36:2:36:4 | buf [postupdate] | provenance | MaD:3 | | EndToEnd.go:69:22:69:29 | selection of Params | EndToEnd.go:69:22:69:34 | selection of Form | provenance | Src:MaD:1 | | EndToEnd.go:69:22:69:34 | selection of Form | EndToEnd.go:69:22:69:51 | call to Get | provenance | MaD:4 | | Revel.go:70:22:70:29 | selection of Params | Revel.go:70:22:70:35 | selection of Query | provenance | Src:MaD:1 | @@ -20,7 +20,7 @@ models | 3 | Summary: io; StringWriter; true; WriteString; ; ; Argument[0]; Argument[receiver]; taint; manual | | 4 | Summary: net/url; Values; true; Get; ; ; Argument[receiver]; ReturnValue; taint; manual | nodes -| EndToEnd.go:35:2:35:4 | definition of buf | semmle.label | definition of buf | +| EndToEnd.go:36:2:36:4 | buf [postupdate] | semmle.label | buf [postupdate] | | EndToEnd.go:36:18:36:25 | selection of Params | semmle.label | selection of Params | | EndToEnd.go:36:18:36:30 | selection of Form | semmle.label | selection of Form | | EndToEnd.go:36:18:36:47 | call to Get | semmle.label | call to Get | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/TaintSteps/TaintStep.expected b/go/ql/test/library-tests/semmle/go/frameworks/TaintSteps/TaintStep.expected index b7c6f703cf5..cfbbc771f77 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/TaintSteps/TaintStep.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/TaintSteps/TaintStep.expected @@ -8,64 +8,76 @@ invalidModelRow | crypto.go:11:18:11:57 | call to Open | crypto.go:11:2:11:57 | ... := ...[1] | | crypto.go:11:42:11:51 | ciphertext | crypto.go:11:2:11:57 | ... := ...[0] | | io.go:14:31:14:43 | "some string" | io.go:14:13:14:44 | call to NewReader | -| io.go:16:3:16:3 | definition of w | io.go:16:23:16:27 | &... | -| io.go:16:3:16:3 | definition of w | io.go:16:30:16:34 | &... | -| io.go:16:23:16:27 | &... | io.go:15:7:15:10 | definition of buf1 | +| io.go:16:23:16:27 | &... | io.go:16:24:16:27 | buf1 [postupdate] | +| io.go:16:23:16:27 | &... [postupdate] | io.go:16:24:16:27 | buf1 [postupdate] | | io.go:16:24:16:27 | buf1 | io.go:16:23:16:27 | &... | -| io.go:16:30:16:34 | &... | io.go:15:13:15:16 | definition of buf2 | +| io.go:16:24:16:27 | buf1 [postupdate] | io.go:16:23:16:27 | &... | +| io.go:16:30:16:34 | &... | io.go:16:31:16:34 | buf2 [postupdate] | +| io.go:16:30:16:34 | &... [postupdate] | io.go:16:31:16:34 | buf2 [postupdate] | | io.go:16:31:16:34 | buf2 | io.go:16:30:16:34 | &... | -| io.go:18:14:18:19 | reader | io.go:16:3:16:3 | definition of w | +| io.go:16:31:16:34 | buf2 [postupdate] | io.go:16:30:16:34 | &... | +| io.go:18:11:18:11 | w [postupdate] | io.go:16:23:16:27 | &... [postupdate] | +| io.go:18:11:18:11 | w [postupdate] | io.go:16:30:16:34 | &... [postupdate] | +| io.go:18:14:18:19 | reader | io.go:18:11:18:11 | w [postupdate] | | io.go:22:31:22:43 | "some string" | io.go:22:13:22:44 | call to NewReader | -| io.go:25:19:25:23 | &... | io.go:23:7:23:10 | definition of buf1 | +| io.go:25:19:25:23 | &... | io.go:25:20:25:23 | buf1 [postupdate] | +| io.go:25:19:25:23 | &... [postupdate] | io.go:25:20:25:23 | buf1 [postupdate] | | io.go:25:20:25:23 | buf1 | io.go:25:19:25:23 | &... | -| io.go:27:21:27:26 | reader | io.go:25:3:25:4 | definition of w2 | +| io.go:25:20:25:23 | buf1 [postupdate] | io.go:25:19:25:23 | &... | +| io.go:27:21:27:26 | reader | io.go:27:17:27:18 | w2 [postupdate] | | io.go:31:31:31:43 | "some string" | io.go:31:13:31:44 | call to NewReader | -| io.go:33:19:33:23 | &... | io.go:32:7:32:10 | definition of buf1 | +| io.go:33:19:33:23 | &... | io.go:33:20:33:23 | buf1 [postupdate] | +| io.go:33:19:33:23 | &... [postupdate] | io.go:33:20:33:23 | buf1 [postupdate] | | io.go:33:20:33:23 | buf1 | io.go:33:19:33:23 | &... | -| io.go:35:16:35:21 | reader | io.go:33:3:33:4 | definition of w2 | -| io.go:39:6:39:6 | definition of w | io.go:39:3:39:19 | ... := ...[0] | +| io.go:33:20:33:23 | buf1 [postupdate] | io.go:33:19:33:23 | &... | +| io.go:35:16:35:21 | reader | io.go:35:12:35:13 | w2 [postupdate] | | io.go:39:11:39:19 | call to Pipe | io.go:39:3:39:19 | ... := ...[0] | | io.go:39:11:39:19 | call to Pipe | io.go:39:3:39:19 | ... := ...[1] | -| io.go:40:17:40:31 | "some string\\n" | io.go:39:6:39:6 | definition of w | -| io.go:43:16:43:16 | r | io.go:42:3:42:5 | definition of buf | +| io.go:40:14:40:14 | w [postupdate] | io.go:39:3:39:19 | ... := ...[0] | +| io.go:40:17:40:31 | "some string\\n" | io.go:40:14:40:14 | w [postupdate] | +| io.go:43:16:43:16 | r | io.go:43:3:43:5 | buf [postupdate] | | io.go:44:13:44:15 | buf | io.go:44:13:44:24 | call to String | | io.go:48:31:48:43 | "some string" | io.go:48:13:48:44 | call to NewReader | -| io.go:50:18:50:23 | reader | io.go:49:3:49:5 | definition of buf | +| io.go:50:18:50:23 | reader | io.go:50:26:50:28 | buf [postupdate] | | io.go:54:31:54:43 | "some string" | io.go:54:13:54:44 | call to NewReader | -| io.go:56:15:56:20 | reader | io.go:55:3:55:5 | definition of buf | -| io.go:61:18:61:21 | &... | io.go:60:7:60:9 | definition of buf | +| io.go:56:15:56:20 | reader | io.go:56:23:56:25 | buf [postupdate] | +| io.go:61:18:61:21 | &... | io.go:61:19:61:21 | buf [postupdate] | +| io.go:61:18:61:21 | &... [postupdate] | io.go:61:19:61:21 | buf [postupdate] | | io.go:61:19:61:21 | buf | io.go:61:18:61:21 | &... | -| io.go:62:21:62:26 | "test" | io.go:61:3:61:3 | definition of w | +| io.go:61:19:61:21 | buf [postupdate] | io.go:61:18:61:21 | &... | +| io.go:62:21:62:26 | "test" | io.go:62:18:62:18 | w [postupdate] | | io.go:65:31:65:43 | "some string" | io.go:65:13:65:44 | call to NewReader | -| io.go:67:3:67:8 | reader | io.go:66:3:66:5 | definition of buf | +| io.go:67:3:67:8 | reader | io.go:67:15:67:17 | buf [postupdate] | | io.go:70:31:70:43 | "some string" | io.go:70:13:70:44 | call to NewReader | -| io.go:72:3:72:8 | reader | io.go:71:3:71:5 | definition of buf | +| io.go:72:3:72:8 | reader | io.go:72:17:72:19 | buf [postupdate] | | io.go:76:31:76:43 | "some string" | io.go:76:13:76:44 | call to NewReader | | io.go:77:24:77:29 | reader | io.go:77:9:77:33 | call to LimitReader | -| io.go:78:22:78:23 | lr | io.go:78:11:78:19 | selection of Stdout | +| io.go:78:22:78:23 | lr | io.go:78:11:78:19 | selection of Stdout [postupdate] | | io.go:82:27:82:36 | "reader1 " | io.go:82:9:82:37 | call to NewReader | | io.go:83:27:83:36 | "reader2 " | io.go:83:9:83:37 | call to NewReader | | io.go:84:27:84:35 | "reader3" | io.go:84:9:84:36 | call to NewReader | | io.go:85:23:85:24 | r1 | io.go:85:8:85:33 | call to MultiReader | | io.go:85:27:85:28 | r2 | io.go:85:8:85:33 | call to MultiReader | | io.go:85:31:85:32 | r3 | io.go:85:8:85:33 | call to MultiReader | -| io.go:86:22:86:22 | r | io.go:86:11:86:19 | selection of Stdout | +| io.go:86:22:86:22 | r | io.go:86:11:86:19 | selection of Stdout [postupdate] | | io.go:89:26:89:38 | "some string" | io.go:89:8:89:39 | call to NewReader | | io.go:91:23:91:23 | r | io.go:91:10:91:30 | call to TeeReader | -| io.go:91:23:91:23 | r | io.go:91:26:91:29 | &... | -| io.go:91:26:91:29 | &... | io.go:90:7:90:9 | definition of buf | +| io.go:91:23:91:23 | r | io.go:91:26:91:29 | &... [postupdate] | +| io.go:91:26:91:29 | &... | io.go:91:27:91:29 | buf [postupdate] | +| io.go:91:26:91:29 | &... [postupdate] | io.go:91:27:91:29 | buf [postupdate] | | io.go:91:27:91:29 | buf | io.go:91:26:91:29 | &... | -| io.go:93:22:93:24 | tee | io.go:93:11:93:19 | selection of Stdout | +| io.go:91:27:91:29 | buf [postupdate] | io.go:91:26:91:29 | &... | +| io.go:93:22:93:24 | tee | io.go:93:11:93:19 | selection of Stdout [postupdate] | | io.go:96:26:96:38 | "some string" | io.go:96:8:96:39 | call to NewReader | | io.go:97:28:97:28 | r | io.go:97:8:97:36 | call to NewSectionReader | -| io.go:98:22:98:22 | s | io.go:98:11:98:19 | selection of Stdout | +| io.go:98:22:98:22 | s | io.go:98:11:98:19 | selection of Stdout [postupdate] | | io.go:101:26:101:38 | "some string" | io.go:101:8:101:39 | call to NewReader | -| io.go:102:3:102:3 | r | io.go:102:13:102:21 | selection of Stdout | +| io.go:102:3:102:3 | r | io.go:102:13:102:21 | selection of Stdout [postupdate] | | io.go:108:30:108:42 | "some string" | io.go:108:12:108:43 | call to NewReader | | io.go:109:12:109:33 | call to ReadAll | io.go:109:2:109:33 | ... := ...[0] | | io.go:109:12:109:33 | call to ReadAll | io.go:109:2:109:33 | ... := ...[1] | | io.go:109:27:109:32 | reader | io.go:109:2:109:33 | ... := ...[0] | -| io.go:110:18:110:20 | buf | io.go:110:2:110:10 | selection of Stdout | +| io.go:110:18:110:20 | buf | io.go:110:2:110:10 | selection of Stdout [postupdate] | | main.go:11:12:11:26 | call to Marshal | main.go:11:2:11:26 | ... := ...[0] | | main.go:11:12:11:26 | call to Marshal | main.go:11:2:11:26 | ... := ...[1] | | main.go:11:25:11:25 | v | main.go:11:2:11:26 | ... := ...[0] | @@ -84,11 +96,13 @@ invalidModelRow | main.go:23:25:23:31 | decoded | main.go:23:9:23:48 | slice literal | | main.go:23:34:23:36 | err | main.go:23:9:23:48 | slice literal | | main.go:23:39:23:47 | reEncoded | main.go:23:9:23:48 | slice literal | -| main.go:28:2:28:4 | implicit dereference | main.go:26:15:26:17 | definition of req | +| main.go:28:2:28:4 | implicit dereference | main.go:28:2:28:4 | req [postupdate] | | main.go:28:2:28:4 | implicit dereference | main.go:28:2:28:9 | selection of Body | | main.go:28:2:28:4 | req | main.go:28:2:28:4 | implicit dereference | -| main.go:28:2:28:9 | selection of Body | main.go:27:2:27:2 | definition of b | -| main.go:34:2:34:4 | implicit dereference | main.go:32:16:32:18 | definition of req | +| main.go:28:2:28:4 | req [postupdate] | main.go:28:2:28:4 | implicit dereference | +| main.go:28:2:28:9 | selection of Body | main.go:28:16:28:16 | b [postupdate] | +| main.go:34:2:34:4 | implicit dereference | main.go:34:2:34:4 | req [postupdate] | | main.go:34:2:34:4 | implicit dereference | main.go:34:2:34:9 | selection of Body | | main.go:34:2:34:4 | req | main.go:34:2:34:4 | implicit dereference | -| main.go:34:2:34:9 | selection of Body | main.go:33:2:33:2 | definition of b | +| main.go:34:2:34:4 | req [postupdate] | main.go:34:2:34:4 | implicit dereference | +| main.go:34:2:34:9 | selection of Body | main.go:34:16:34:16 | b [postupdate] | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Twirp/RequestForgery.expected b/go/ql/test/library-tests/semmle/go/frameworks/Twirp/RequestForgery.expected index 6bda68257ef..7b1fa1a3121 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Twirp/RequestForgery.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Twirp/RequestForgery.expected @@ -3,42 +3,28 @@ | server/main.go:30:38:30:48 | selection of Text | server/main.go:19:56:19:61 | definition of params | server/main.go:30:38:30:48 | selection of Text | The $@ of this request depends on a $@. | server/main.go:30:38:30:48 | selection of Text | URL | server/main.go:19:56:19:61 | definition of params | user-provided value | edges | client/main.go:16:35:16:78 | &... | server/main.go:19:56:19:61 | definition of params | provenance | | -| rpc/notes/service.twirp.go:473:6:473:13 | definition of typedReq | rpc/notes/service.twirp.go:477:44:477:51 | typedReq | provenance | | -| rpc/notes/service.twirp.go:477:44:477:51 | typedReq | server/main.go:19:56:19:61 | definition of params | provenance | | -| rpc/notes/service.twirp.go:493:2:496:2 | capture variable reqContent | rpc/notes/service.twirp.go:495:35:495:44 | reqContent | provenance | | -| rpc/notes/service.twirp.go:495:35:495:44 | reqContent | server/main.go:19:56:19:61 | definition of params | provenance | | +| client/main.go:16:35:16:78 | &... [postupdate] | client/main.go:16:35:16:78 | &... | provenance | | | rpc/notes/service.twirp.go:538:2:538:33 | ... := ...[0] | rpc/notes/service.twirp.go:544:27:544:29 | buf | provenance | | | rpc/notes/service.twirp.go:538:25:538:32 | selection of Body | rpc/notes/service.twirp.go:538:2:538:33 | ... := ...[0] | provenance | Src:MaD:1 MaD:3 | -| rpc/notes/service.twirp.go:543:2:543:11 | definition of reqContent | rpc/notes/service.twirp.go:574:2:577:2 | capture variable reqContent | provenance | | -| rpc/notes/service.twirp.go:544:27:544:29 | buf | rpc/notes/service.twirp.go:543:2:543:11 | definition of reqContent | provenance | MaD:2 | -| rpc/notes/service.twirp.go:554:6:554:13 | definition of typedReq | rpc/notes/service.twirp.go:558:44:558:51 | typedReq | provenance | | -| rpc/notes/service.twirp.go:558:44:558:51 | typedReq | server/main.go:19:56:19:61 | definition of params | provenance | | +| rpc/notes/service.twirp.go:544:27:544:29 | buf | rpc/notes/service.twirp.go:544:32:544:41 | reqContent [postupdate] | provenance | MaD:2 | +| rpc/notes/service.twirp.go:544:32:544:41 | reqContent [postupdate] | rpc/notes/service.twirp.go:574:2:577:2 | capture variable reqContent | provenance | | | rpc/notes/service.twirp.go:574:2:577:2 | capture variable reqContent | rpc/notes/service.twirp.go:576:35:576:44 | reqContent | provenance | | | rpc/notes/service.twirp.go:576:35:576:44 | reqContent | server/main.go:19:56:19:61 | definition of params | provenance | | | server/main.go:19:56:19:61 | definition of params | server/main.go:19:56:19:61 | definition of params [Return] | provenance | | | server/main.go:19:56:19:61 | definition of params | server/main.go:30:38:30:48 | selection of Text | provenance | | | server/main.go:19:56:19:61 | definition of params | server/main.go:30:38:30:48 | selection of Text | provenance | | -| server/main.go:19:56:19:61 | definition of params [Return] | client/main.go:16:35:16:78 | &... | provenance | | -| server/main.go:19:56:19:61 | definition of params [Return] | rpc/notes/service.twirp.go:473:6:473:13 | definition of typedReq | provenance | | -| server/main.go:19:56:19:61 | definition of params [Return] | rpc/notes/service.twirp.go:493:2:496:2 | capture variable reqContent | provenance | | -| server/main.go:19:56:19:61 | definition of params [Return] | rpc/notes/service.twirp.go:554:6:554:13 | definition of typedReq | provenance | | -| server/main.go:19:56:19:61 | definition of params [Return] | rpc/notes/service.twirp.go:574:2:577:2 | capture variable reqContent | provenance | | +| server/main.go:19:56:19:61 | definition of params [Return] | client/main.go:16:35:16:78 | &... [postupdate] | provenance | | models | 1 | Source: net/http; Request; true; Body; ; ; ; remote; manual | | 2 | Summary: google.golang.org/protobuf/proto; ; false; Unmarshal; ; ; Argument[0]; Argument[1]; taint; manual | | 3 | Summary: io; ; false; ReadAll; ; ; Argument[0]; ReturnValue[0]; taint; manual | nodes | client/main.go:16:35:16:78 | &... | semmle.label | &... | -| rpc/notes/service.twirp.go:473:6:473:13 | definition of typedReq | semmle.label | definition of typedReq | -| rpc/notes/service.twirp.go:477:44:477:51 | typedReq | semmle.label | typedReq | -| rpc/notes/service.twirp.go:493:2:496:2 | capture variable reqContent | semmle.label | capture variable reqContent | -| rpc/notes/service.twirp.go:495:35:495:44 | reqContent | semmle.label | reqContent | +| client/main.go:16:35:16:78 | &... [postupdate] | semmle.label | &... [postupdate] | | rpc/notes/service.twirp.go:538:2:538:33 | ... := ...[0] | semmle.label | ... := ...[0] | | rpc/notes/service.twirp.go:538:25:538:32 | selection of Body | semmle.label | selection of Body | -| rpc/notes/service.twirp.go:543:2:543:11 | definition of reqContent | semmle.label | definition of reqContent | | rpc/notes/service.twirp.go:544:27:544:29 | buf | semmle.label | buf | -| rpc/notes/service.twirp.go:554:6:554:13 | definition of typedReq | semmle.label | definition of typedReq | -| rpc/notes/service.twirp.go:558:44:558:51 | typedReq | semmle.label | typedReq | +| rpc/notes/service.twirp.go:544:32:544:41 | reqContent [postupdate] | semmle.label | reqContent [postupdate] | | rpc/notes/service.twirp.go:574:2:577:2 | capture variable reqContent | semmle.label | capture variable reqContent | | rpc/notes/service.twirp.go:576:35:576:44 | reqContent | semmle.label | reqContent | | server/main.go:19:56:19:61 | definition of params | semmle.label | definition of params | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/WebSocket/Read.expected b/go/ql/test/library-tests/semmle/go/frameworks/WebSocket/Read.expected index 4bfef26418a..4c4bd0743d2 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/WebSocket/Read.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/WebSocket/Read.expected @@ -1,8 +1,8 @@ -| WebSocketReadWrite.go:31:7:31:10 | definition of xnet | -| WebSocketReadWrite.go:35:3:35:7 | definition of xnet2 | +| WebSocketReadWrite.go:32:11:32:14 | xnet [postupdate] | +| WebSocketReadWrite.go:36:21:36:25 | xnet2 [postupdate] | | WebSocketReadWrite.go:41:3:41:40 | ... := ...[1] | | WebSocketReadWrite.go:44:3:44:48 | ... := ...[1] | -| WebSocketReadWrite.go:51:7:51:16 | definition of gorillaMsg | -| WebSocketReadWrite.go:55:3:55:10 | definition of gorilla2 | +| WebSocketReadWrite.go:52:26:52:35 | gorillaMsg [postupdate] | +| WebSocketReadWrite.go:56:17:56:24 | gorilla2 [postupdate] | | WebSocketReadWrite.go:61:3:61:38 | ... := ...[1] | | WebSocketReadWrite.go:67:3:67:36 | ... := ...[0] | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/WebSocket/RemoteFlowSources.expected b/go/ql/test/library-tests/semmle/go/frameworks/WebSocket/RemoteFlowSources.expected index 0124cf73218..e0c1603ff2e 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/WebSocket/RemoteFlowSources.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/WebSocket/RemoteFlowSources.expected @@ -1,9 +1,9 @@ | WebSocketReadWrite.go:27:9:27:16 | selection of Header | -| WebSocketReadWrite.go:31:7:31:10 | definition of xnet | -| WebSocketReadWrite.go:35:3:35:7 | definition of xnet2 | +| WebSocketReadWrite.go:32:11:32:14 | xnet [postupdate] | +| WebSocketReadWrite.go:36:21:36:25 | xnet2 [postupdate] | | WebSocketReadWrite.go:41:3:41:40 | ... := ...[1] | | WebSocketReadWrite.go:44:3:44:48 | ... := ...[1] | -| WebSocketReadWrite.go:51:7:51:16 | definition of gorillaMsg | -| WebSocketReadWrite.go:55:3:55:10 | definition of gorilla2 | +| WebSocketReadWrite.go:52:26:52:35 | gorillaMsg [postupdate] | +| WebSocketReadWrite.go:56:17:56:24 | gorilla2 [postupdate] | | WebSocketReadWrite.go:61:3:61:38 | ... := ...[1] | | WebSocketReadWrite.go:67:3:67:36 | ... := ...[0] | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/XNetHtml/ReflectedXss.expected b/go/ql/test/library-tests/semmle/go/frameworks/XNetHtml/ReflectedXss.expected index b94733d5054..17c74de5555 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/XNetHtml/ReflectedXss.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/XNetHtml/ReflectedXss.expected @@ -44,28 +44,20 @@ edges | test.go:39:23:39:77 | call to NewTokenizerFragment | test.go:40:15:40:31 | tokenizerFragment | provenance | | | test.go:39:49:39:60 | selection of Body | test.go:39:23:39:77 | call to NewTokenizerFragment | provenance | Src:MaD:1 MaD:4 | | test.go:40:15:40:31 | tokenizerFragment | test.go:40:15:40:42 | call to Buffered | provenance | MaD:12 | -| test.go:42:6:42:14 | definition of cleanNode | test.go:45:22:45:31 | &... | provenance | | -| test.go:42:6:42:14 | definition of cleanNode | test.go:45:22:45:31 | &... | provenance | | -| test.go:42:6:42:14 | definition of cleanNode | test.go:45:23:45:31 | cleanNode | provenance | | | test.go:43:2:43:43 | ... := ...[0] | test.go:44:24:44:34 | taintedNode | provenance | | | test.go:43:31:43:42 | selection of Body | test.go:43:2:43:43 | ... := ...[0] | provenance | Src:MaD:1 MaD:5 | -| test.go:44:24:44:34 | taintedNode | test.go:42:6:42:14 | definition of cleanNode | provenance | MaD:10 | -| test.go:45:22:45:31 | &... | test.go:45:23:45:31 | cleanNode | provenance | | +| test.go:44:2:44:10 | cleanNode [postupdate] | test.go:45:22:45:31 | &... | provenance | | +| test.go:44:2:44:10 | cleanNode [postupdate] | test.go:45:23:45:31 | cleanNode | provenance | | +| test.go:44:24:44:34 | taintedNode | test.go:44:2:44:10 | cleanNode [postupdate] | provenance | MaD:10 | | test.go:45:22:45:31 | &... [pointer] | test.go:45:22:45:31 | &... | provenance | | -| test.go:45:22:45:31 | &... [pointer] | test.go:45:22:45:31 | &... | provenance | | -| test.go:45:22:45:31 | &... [pointer] | test.go:45:23:45:31 | cleanNode | provenance | | | test.go:45:23:45:31 | cleanNode | test.go:45:22:45:31 | &... | provenance | | | test.go:45:23:45:31 | cleanNode | test.go:45:22:45:31 | &... [pointer] | provenance | | -| test.go:47:6:47:15 | definition of cleanNode2 | test.go:50:22:50:32 | &... | provenance | | -| test.go:47:6:47:15 | definition of cleanNode2 | test.go:50:22:50:32 | &... | provenance | | -| test.go:47:6:47:15 | definition of cleanNode2 | test.go:50:23:50:32 | cleanNode2 | provenance | | | test.go:48:2:48:44 | ... := ...[0] | test.go:49:26:49:37 | taintedNode2 | provenance | | | test.go:48:32:48:43 | selection of Body | test.go:48:2:48:44 | ... := ...[0] | provenance | Src:MaD:1 MaD:5 | -| test.go:49:26:49:37 | taintedNode2 | test.go:47:6:47:15 | definition of cleanNode2 | provenance | MaD:11 | -| test.go:50:22:50:32 | &... | test.go:50:23:50:32 | cleanNode2 | provenance | | +| test.go:49:2:49:11 | cleanNode2 [postupdate] | test.go:50:22:50:32 | &... | provenance | | +| test.go:49:2:49:11 | cleanNode2 [postupdate] | test.go:50:23:50:32 | cleanNode2 | provenance | | +| test.go:49:26:49:37 | taintedNode2 | test.go:49:2:49:11 | cleanNode2 [postupdate] | provenance | MaD:11 | | test.go:50:22:50:32 | &... [pointer] | test.go:50:22:50:32 | &... | provenance | | -| test.go:50:22:50:32 | &... [pointer] | test.go:50:22:50:32 | &... | provenance | | -| test.go:50:22:50:32 | &... [pointer] | test.go:50:23:50:32 | cleanNode2 | provenance | | | test.go:50:23:50:32 | cleanNode2 | test.go:50:22:50:32 | &... | provenance | | | test.go:50:23:50:32 | cleanNode2 | test.go:50:22:50:32 | &... [pointer] | provenance | | models @@ -125,20 +117,18 @@ nodes | test.go:39:49:39:60 | selection of Body | semmle.label | selection of Body | | test.go:40:15:40:31 | tokenizerFragment | semmle.label | tokenizerFragment | | test.go:40:15:40:42 | call to Buffered | semmle.label | call to Buffered | -| test.go:42:6:42:14 | definition of cleanNode | semmle.label | definition of cleanNode | | test.go:43:2:43:43 | ... := ...[0] | semmle.label | ... := ...[0] | | test.go:43:31:43:42 | selection of Body | semmle.label | selection of Body | +| test.go:44:2:44:10 | cleanNode [postupdate] | semmle.label | cleanNode [postupdate] | | test.go:44:24:44:34 | taintedNode | semmle.label | taintedNode | | test.go:45:22:45:31 | &... | semmle.label | &... | -| test.go:45:22:45:31 | &... | semmle.label | &... | | test.go:45:22:45:31 | &... [pointer] | semmle.label | &... [pointer] | | test.go:45:23:45:31 | cleanNode | semmle.label | cleanNode | -| test.go:47:6:47:15 | definition of cleanNode2 | semmle.label | definition of cleanNode2 | | test.go:48:2:48:44 | ... := ...[0] | semmle.label | ... := ...[0] | | test.go:48:32:48:43 | selection of Body | semmle.label | selection of Body | +| test.go:49:2:49:11 | cleanNode2 [postupdate] | semmle.label | cleanNode2 [postupdate] | | test.go:49:26:49:37 | taintedNode2 | semmle.label | taintedNode2 | | test.go:50:22:50:32 | &... | semmle.label | &... | -| test.go:50:22:50:32 | &... | semmle.label | &... | | test.go:50:22:50:32 | &... [pointer] | semmle.label | &... [pointer] | | test.go:50:23:50:32 | cleanNode2 | semmle.label | cleanNode2 | subpaths diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Yaml/yaml.go b/go/ql/test/library-tests/semmle/go/frameworks/Yaml/yaml.go index 9861acf33e6..fb8f7ea4bfa 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Yaml/yaml.go +++ b/go/ql/test/library-tests/semmle/go/frameworks/Yaml/yaml.go @@ -13,30 +13,30 @@ func main() { var inb []byte out, _ = yaml1.Marshal(in) // $ marshaler="yaml: in -> ... = ...[0]" ttfnmodelstep="in -> ... = ...[0]" - yaml1.Unmarshal(inb, out) // $ unmarshaler="yaml: inb -> definition of out" ttfnmodelstep="inb -> definition of out" + yaml1.Unmarshal(inb, out) // $ unmarshaler="yaml: inb -> out [postupdate]" ttfnmodelstep="inb -> out [postupdate]" out, _ = yaml2.Marshal(in) // $ marshaler="yaml: in -> ... = ...[0]" ttfnmodelstep="in -> ... = ...[0]" - yaml2.Unmarshal(inb, out) // $ unmarshaler="yaml: inb -> definition of out" ttfnmodelstep="inb -> definition of out" - yaml2.UnmarshalStrict(inb, out) // $ unmarshaler="yaml: inb -> definition of out" ttfnmodelstep="inb -> definition of out" + yaml2.Unmarshal(inb, out) // $ unmarshaler="yaml: inb -> out [postupdate]" ttfnmodelstep="inb -> out [postupdate]" + yaml2.UnmarshalStrict(inb, out) // $ unmarshaler="yaml: inb -> out [postupdate]" ttfnmodelstep="inb -> out [postupdate]" var r io.Reader d := yaml2.NewDecoder(r) // $ ttfnmodelstep="r -> call to NewDecoder" - d.Decode(out) // $ ttfnmodelstep="d -> definition of out" + d.Decode(out) // $ ttfnmodelstep="d -> out [postupdate]" var w io.Writer - e := yaml2.NewEncoder(w) // $ ttfnmodelstep="definition of e -> definition of w" - e.Encode(in) // $ ttfnmodelstep="in -> definition of e" + e := yaml2.NewEncoder(w) // $ ttfnmodelstep="definition of e -> w [postupdate]" + e.Encode(in) // $ ttfnmodelstep="in -> e [postupdate]" out, _ = yaml3.Marshal(in) // $ marshaler="yaml: in -> ... = ...[0]" ttfnmodelstep="in -> ... = ...[0]" - yaml3.Unmarshal(inb, out) // $ unmarshaler="yaml: inb -> definition of out" ttfnmodelstep="inb -> definition of out" + yaml3.Unmarshal(inb, out) // $ unmarshaler="yaml: inb -> out [postupdate]" ttfnmodelstep="inb -> out [postupdate]" d1 := yaml3.NewDecoder(r) // $ ttfnmodelstep="r -> call to NewDecoder" - d1.Decode(out) // $ ttfnmodelstep="d1 -> definition of out" + d1.Decode(out) // $ ttfnmodelstep="d1 -> out [postupdate]" - e1 := yaml3.NewEncoder(w) // $ ttfnmodelstep="definition of e1 -> definition of w" - e1.Encode(in) // $ ttfnmodelstep="in -> definition of e1" + e1 := yaml3.NewEncoder(w) // $ ttfnmodelstep="definition of e1 -> w [postupdate]" + e1.Encode(in) // $ ttfnmodelstep="in -> e1 [postupdate]" var n1 yaml3.Node - n1.Decode(out) // $ ttfnmodelstep="n1 -> definition of out" - n1.Encode(in) // $ ttfnmodelstep="in -> definition of n1" + n1.Decode(out) // $ ttfnmodelstep="n1 -> out [postupdate]" + n1.Encode(in) // $ ttfnmodelstep="in -> n1 [postupdate]" } diff --git a/go/ql/test/library-tests/semmle/go/security/SafeUrlFlow/SafeUrlFlow.expected b/go/ql/test/library-tests/semmle/go/security/SafeUrlFlow/SafeUrlFlow.expected new file mode 100644 index 00000000000..c2f82841d83 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/security/SafeUrlFlow/SafeUrlFlow.expected @@ -0,0 +1,122 @@ +#select +| SafeUrlFlow.go:11:24:11:50 | ...+... | SafeUrlFlow.go:10:14:10:21 | selection of Host | SafeUrlFlow.go:11:24:11:50 | ...+... | A safe URL flows here from $@. | SafeUrlFlow.go:10:14:10:21 | selection of Host | here | +| SafeUrlFlow.go:14:29:14:44 | call to String | SafeUrlFlow.go:13:13:13:19 | selection of URL | SafeUrlFlow.go:14:29:14:44 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:13:13:13:19 | selection of URL | here | +| SafeUrlFlow.go:18:11:18:28 | call to String | SafeUrlFlow.go:10:14:10:21 | selection of Host | SafeUrlFlow.go:18:11:18:28 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:10:14:10:21 | selection of Host | here | +| SafeUrlFlow.go:45:24:45:61 | ...+... | SafeUrlFlow.go:37:13:37:19 | selection of URL | SafeUrlFlow.go:45:24:45:61 | ...+... | A safe URL flows here from $@. | SafeUrlFlow.go:37:13:37:19 | selection of URL | here | +| SafeUrlFlow.go:46:29:46:55 | ...+... | SafeUrlFlow.go:37:13:37:19 | selection of URL | SafeUrlFlow.go:46:29:46:55 | ...+... | A safe URL flows here from $@. | SafeUrlFlow.go:37:13:37:19 | selection of URL | here | +| SafeUrlFlow.go:47:11:47:42 | ...+... | SafeUrlFlow.go:37:13:37:19 | selection of URL | SafeUrlFlow.go:47:11:47:42 | ...+... | A safe URL flows here from $@. | SafeUrlFlow.go:37:13:37:19 | selection of URL | here | +| SafeUrlFlow.go:57:11:57:26 | call to String | SafeUrlFlow.go:54:13:54:19 | selection of URL | SafeUrlFlow.go:57:11:57:26 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:54:13:54:19 | selection of URL | here | +| SafeUrlFlow.go:58:12:58:27 | call to String | SafeUrlFlow.go:54:13:54:19 | selection of URL | SafeUrlFlow.go:58:12:58:27 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:54:13:54:19 | selection of URL | here | +| SafeUrlFlow.go:59:16:59:31 | call to String | SafeUrlFlow.go:54:13:54:19 | selection of URL | SafeUrlFlow.go:59:16:59:31 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:54:13:54:19 | selection of URL | here | +| SafeUrlFlow.go:60:12:60:27 | call to String | SafeUrlFlow.go:54:13:54:19 | selection of URL | SafeUrlFlow.go:60:12:60:27 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:54:13:54:19 | selection of URL | here | +| SafeUrlFlow.go:64:13:64:28 | call to String | SafeUrlFlow.go:54:13:54:19 | selection of URL | SafeUrlFlow.go:64:13:64:28 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:54:13:54:19 | selection of URL | here | +| SafeUrlFlow.go:65:14:65:29 | call to String | SafeUrlFlow.go:54:13:54:19 | selection of URL | SafeUrlFlow.go:65:14:65:29 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:54:13:54:19 | selection of URL | here | +| SafeUrlFlow.go:66:18:66:33 | call to String | SafeUrlFlow.go:54:13:54:19 | selection of URL | SafeUrlFlow.go:66:18:66:33 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:54:13:54:19 | selection of URL | here | +| SafeUrlFlow.go:67:14:67:29 | call to String | SafeUrlFlow.go:54:13:54:19 | selection of URL | SafeUrlFlow.go:67:14:67:29 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:54:13:54:19 | selection of URL | here | +| SafeUrlFlow.go:70:39:70:54 | call to String | SafeUrlFlow.go:54:13:54:19 | selection of URL | SafeUrlFlow.go:70:39:70:54 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:54:13:54:19 | selection of URL | here | +| SafeUrlFlow.go:74:70:74:85 | call to String | SafeUrlFlow.go:54:13:54:19 | selection of URL | SafeUrlFlow.go:74:70:74:85 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:54:13:54:19 | selection of URL | here | +| SafeUrlFlow.go:78:40:78:55 | call to String | SafeUrlFlow.go:54:13:54:19 | selection of URL | SafeUrlFlow.go:78:40:78:55 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:54:13:54:19 | selection of URL | here | +| SafeUrlFlow.go:89:24:89:41 | call to String | SafeUrlFlow.go:84:14:84:21 | selection of Host | SafeUrlFlow.go:89:24:89:41 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:84:14:84:21 | selection of Host | here | +| SafeUrlFlow.go:105:11:105:23 | reconstructed | SafeUrlFlow.go:96:13:96:19 | selection of URL | SafeUrlFlow.go:105:11:105:23 | reconstructed | A safe URL flows here from $@. | SafeUrlFlow.go:96:13:96:19 | selection of URL | here | +| SafeUrlFlow.go:108:24:108:50 | ...+... | SafeUrlFlow.go:96:13:96:19 | selection of URL | SafeUrlFlow.go:108:24:108:50 | ...+... | A safe URL flows here from $@. | SafeUrlFlow.go:96:13:96:19 | selection of URL | here | +| SafeUrlFlow.go:109:29:109:58 | ...+... | SafeUrlFlow.go:96:13:96:19 | selection of URL | SafeUrlFlow.go:109:29:109:58 | ...+... | A safe URL flows here from $@. | SafeUrlFlow.go:96:13:96:19 | selection of URL | here | +| SafeUrlFlow.go:110:12:110:42 | ...+... | SafeUrlFlow.go:96:13:96:19 | selection of URL | SafeUrlFlow.go:110:12:110:42 | ...+... | A safe URL flows here from $@. | SafeUrlFlow.go:96:13:96:19 | selection of URL | here | +| SafeUrlFlow.go:111:12:111:25 | safeOpaquePart | SafeUrlFlow.go:96:13:96:19 | selection of URL | SafeUrlFlow.go:111:12:111:25 | safeOpaquePart | A safe URL flows here from $@. | SafeUrlFlow.go:96:13:96:19 | selection of URL | here | +edges +| SafeUrlFlow.go:10:14:10:21 | selection of Host | SafeUrlFlow.go:11:24:11:50 | ...+... | provenance | Sink:MaD:1 | +| SafeUrlFlow.go:10:14:10:21 | selection of Host | SafeUrlFlow.go:17:19:17:26 | safeHost | provenance | | +| SafeUrlFlow.go:13:13:13:19 | selection of URL | SafeUrlFlow.go:14:29:14:35 | safeURL | provenance | Src:MaD:2 | +| SafeUrlFlow.go:14:29:14:35 | safeURL | SafeUrlFlow.go:14:29:14:44 | call to String | provenance | MaD:3 | +| SafeUrlFlow.go:17:2:17:10 | targetURL [postupdate] | SafeUrlFlow.go:18:11:18:19 | targetURL | provenance | | +| SafeUrlFlow.go:17:19:17:26 | safeHost | SafeUrlFlow.go:17:2:17:10 | targetURL [postupdate] | provenance | Config | +| SafeUrlFlow.go:18:11:18:19 | targetURL | SafeUrlFlow.go:18:11:18:28 | call to String | provenance | MaD:3 | +| SafeUrlFlow.go:37:13:37:19 | selection of URL | SafeUrlFlow.go:45:24:45:61 | ...+... | provenance | Src:MaD:2 Sink:MaD:1 | +| SafeUrlFlow.go:37:13:37:19 | selection of URL | SafeUrlFlow.go:46:29:46:55 | ...+... | provenance | Src:MaD:2 | +| SafeUrlFlow.go:37:13:37:19 | selection of URL | SafeUrlFlow.go:47:11:47:42 | ...+... | provenance | Src:MaD:2 | +| SafeUrlFlow.go:54:13:54:19 | selection of URL | SafeUrlFlow.go:57:11:57:17 | safeURL | provenance | Src:MaD:2 | +| SafeUrlFlow.go:54:13:54:19 | selection of URL | SafeUrlFlow.go:58:12:58:18 | safeURL | provenance | Src:MaD:2 | +| SafeUrlFlow.go:54:13:54:19 | selection of URL | SafeUrlFlow.go:59:16:59:22 | safeURL | provenance | Src:MaD:2 | +| SafeUrlFlow.go:54:13:54:19 | selection of URL | SafeUrlFlow.go:60:12:60:18 | safeURL | provenance | Src:MaD:2 | +| SafeUrlFlow.go:54:13:54:19 | selection of URL | SafeUrlFlow.go:64:13:64:19 | safeURL | provenance | Src:MaD:2 | +| SafeUrlFlow.go:54:13:54:19 | selection of URL | SafeUrlFlow.go:65:14:65:20 | safeURL | provenance | Src:MaD:2 | +| SafeUrlFlow.go:54:13:54:19 | selection of URL | SafeUrlFlow.go:66:18:66:24 | safeURL | provenance | Src:MaD:2 | +| SafeUrlFlow.go:54:13:54:19 | selection of URL | SafeUrlFlow.go:67:14:67:20 | safeURL | provenance | Src:MaD:2 | +| SafeUrlFlow.go:54:13:54:19 | selection of URL | SafeUrlFlow.go:70:39:70:45 | safeURL | provenance | Src:MaD:2 | +| SafeUrlFlow.go:54:13:54:19 | selection of URL | SafeUrlFlow.go:74:70:74:76 | safeURL | provenance | Src:MaD:2 | +| SafeUrlFlow.go:54:13:54:19 | selection of URL | SafeUrlFlow.go:78:40:78:46 | safeURL | provenance | Src:MaD:2 | +| SafeUrlFlow.go:57:11:57:17 | safeURL | SafeUrlFlow.go:57:11:57:26 | call to String | provenance | MaD:3 | +| SafeUrlFlow.go:58:12:58:18 | safeURL | SafeUrlFlow.go:58:12:58:27 | call to String | provenance | MaD:3 | +| SafeUrlFlow.go:59:16:59:22 | safeURL | SafeUrlFlow.go:59:16:59:31 | call to String | provenance | MaD:3 | +| SafeUrlFlow.go:60:12:60:18 | safeURL | SafeUrlFlow.go:60:12:60:27 | call to String | provenance | MaD:3 | +| SafeUrlFlow.go:64:13:64:19 | safeURL | SafeUrlFlow.go:64:13:64:28 | call to String | provenance | MaD:3 | +| SafeUrlFlow.go:65:14:65:20 | safeURL | SafeUrlFlow.go:65:14:65:29 | call to String | provenance | MaD:3 | +| SafeUrlFlow.go:66:18:66:24 | safeURL | SafeUrlFlow.go:66:18:66:33 | call to String | provenance | MaD:3 | +| SafeUrlFlow.go:67:14:67:20 | safeURL | SafeUrlFlow.go:67:14:67:29 | call to String | provenance | MaD:3 | +| SafeUrlFlow.go:70:39:70:45 | safeURL | SafeUrlFlow.go:70:39:70:54 | call to String | provenance | MaD:3 | +| SafeUrlFlow.go:74:70:74:76 | safeURL | SafeUrlFlow.go:74:70:74:85 | call to String | provenance | MaD:3 | +| SafeUrlFlow.go:78:40:78:46 | safeURL | SafeUrlFlow.go:78:40:78:55 | call to String | provenance | MaD:3 | +| SafeUrlFlow.go:84:14:84:21 | selection of Host | SafeUrlFlow.go:87:19:87:26 | safeHost | provenance | | +| SafeUrlFlow.go:87:2:87:10 | implicit dereference [postupdate] | SafeUrlFlow.go:87:2:87:10 | targetURL [postupdate] | provenance | | +| SafeUrlFlow.go:87:2:87:10 | targetURL [postupdate] | SafeUrlFlow.go:89:24:89:32 | targetURL | provenance | | +| SafeUrlFlow.go:87:19:87:26 | safeHost | SafeUrlFlow.go:87:2:87:10 | implicit dereference [postupdate] | provenance | Config | +| SafeUrlFlow.go:87:19:87:26 | safeHost | SafeUrlFlow.go:87:2:87:10 | targetURL [postupdate] | provenance | Config | +| SafeUrlFlow.go:89:24:89:32 | targetURL | SafeUrlFlow.go:89:24:89:41 | call to String | provenance | MaD:3 Sink:MaD:1 | +| SafeUrlFlow.go:96:13:96:19 | selection of URL | SafeUrlFlow.go:105:11:105:23 | reconstructed | provenance | Src:MaD:2 | +| SafeUrlFlow.go:96:13:96:19 | selection of URL | SafeUrlFlow.go:108:24:108:50 | ...+... | provenance | Src:MaD:2 Sink:MaD:1 | +| SafeUrlFlow.go:96:13:96:19 | selection of URL | SafeUrlFlow.go:109:29:109:58 | ...+... | provenance | Src:MaD:2 | +| SafeUrlFlow.go:96:13:96:19 | selection of URL | SafeUrlFlow.go:110:12:110:42 | ...+... | provenance | Src:MaD:2 | +| SafeUrlFlow.go:96:13:96:19 | selection of URL | SafeUrlFlow.go:111:12:111:25 | safeOpaquePart | provenance | Src:MaD:2 | +models +| 1 | Sink: net/http; ; false; Redirect; ; ; Argument[2]; url-redirection[0]; manual | +| 2 | Source: net/http; Request; true; URL; ; ; ; remote; manual | +| 3 | Summary: fmt; Stringer; true; String; ; ; Argument[receiver]; ReturnValue; taint; manual | +nodes +| SafeUrlFlow.go:10:14:10:21 | selection of Host | semmle.label | selection of Host | +| SafeUrlFlow.go:11:24:11:50 | ...+... | semmle.label | ...+... | +| SafeUrlFlow.go:13:13:13:19 | selection of URL | semmle.label | selection of URL | +| SafeUrlFlow.go:14:29:14:35 | safeURL | semmle.label | safeURL | +| SafeUrlFlow.go:14:29:14:44 | call to String | semmle.label | call to String | +| SafeUrlFlow.go:17:2:17:10 | targetURL [postupdate] | semmle.label | targetURL [postupdate] | +| SafeUrlFlow.go:17:19:17:26 | safeHost | semmle.label | safeHost | +| SafeUrlFlow.go:18:11:18:19 | targetURL | semmle.label | targetURL | +| SafeUrlFlow.go:18:11:18:28 | call to String | semmle.label | call to String | +| SafeUrlFlow.go:37:13:37:19 | selection of URL | semmle.label | selection of URL | +| SafeUrlFlow.go:45:24:45:61 | ...+... | semmle.label | ...+... | +| SafeUrlFlow.go:46:29:46:55 | ...+... | semmle.label | ...+... | +| SafeUrlFlow.go:47:11:47:42 | ...+... | semmle.label | ...+... | +| SafeUrlFlow.go:54:13:54:19 | selection of URL | semmle.label | selection of URL | +| SafeUrlFlow.go:57:11:57:17 | safeURL | semmle.label | safeURL | +| SafeUrlFlow.go:57:11:57:26 | call to String | semmle.label | call to String | +| SafeUrlFlow.go:58:12:58:18 | safeURL | semmle.label | safeURL | +| SafeUrlFlow.go:58:12:58:27 | call to String | semmle.label | call to String | +| SafeUrlFlow.go:59:16:59:22 | safeURL | semmle.label | safeURL | +| SafeUrlFlow.go:59:16:59:31 | call to String | semmle.label | call to String | +| SafeUrlFlow.go:60:12:60:18 | safeURL | semmle.label | safeURL | +| SafeUrlFlow.go:60:12:60:27 | call to String | semmle.label | call to String | +| SafeUrlFlow.go:64:13:64:19 | safeURL | semmle.label | safeURL | +| SafeUrlFlow.go:64:13:64:28 | call to String | semmle.label | call to String | +| SafeUrlFlow.go:65:14:65:20 | safeURL | semmle.label | safeURL | +| SafeUrlFlow.go:65:14:65:29 | call to String | semmle.label | call to String | +| SafeUrlFlow.go:66:18:66:24 | safeURL | semmle.label | safeURL | +| SafeUrlFlow.go:66:18:66:33 | call to String | semmle.label | call to String | +| SafeUrlFlow.go:67:14:67:20 | safeURL | semmle.label | safeURL | +| SafeUrlFlow.go:67:14:67:29 | call to String | semmle.label | call to String | +| SafeUrlFlow.go:70:39:70:45 | safeURL | semmle.label | safeURL | +| SafeUrlFlow.go:70:39:70:54 | call to String | semmle.label | call to String | +| SafeUrlFlow.go:74:70:74:76 | safeURL | semmle.label | safeURL | +| SafeUrlFlow.go:74:70:74:85 | call to String | semmle.label | call to String | +| SafeUrlFlow.go:78:40:78:46 | safeURL | semmle.label | safeURL | +| SafeUrlFlow.go:78:40:78:55 | call to String | semmle.label | call to String | +| SafeUrlFlow.go:84:14:84:21 | selection of Host | semmle.label | selection of Host | +| SafeUrlFlow.go:87:2:87:10 | implicit dereference [postupdate] | semmle.label | implicit dereference [postupdate] | +| SafeUrlFlow.go:87:2:87:10 | targetURL [postupdate] | semmle.label | targetURL [postupdate] | +| SafeUrlFlow.go:87:19:87:26 | safeHost | semmle.label | safeHost | +| SafeUrlFlow.go:89:24:89:32 | targetURL | semmle.label | targetURL | +| SafeUrlFlow.go:89:24:89:41 | call to String | semmle.label | call to String | +| SafeUrlFlow.go:96:13:96:19 | selection of URL | semmle.label | selection of URL | +| SafeUrlFlow.go:105:11:105:23 | reconstructed | semmle.label | reconstructed | +| SafeUrlFlow.go:108:24:108:50 | ...+... | semmle.label | ...+... | +| SafeUrlFlow.go:109:29:109:58 | ...+... | semmle.label | ...+... | +| SafeUrlFlow.go:110:12:110:42 | ...+... | semmle.label | ...+... | +| SafeUrlFlow.go:111:12:111:25 | safeOpaquePart | semmle.label | safeOpaquePart | +subpaths diff --git a/go/ql/test/library-tests/semmle/go/security/SafeUrlFlow/SafeUrlFlow.go b/go/ql/test/library-tests/semmle/go/security/SafeUrlFlow/SafeUrlFlow.go new file mode 100644 index 00000000000..4718b973844 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/security/SafeUrlFlow/SafeUrlFlow.go @@ -0,0 +1,122 @@ +package main + +import ( + "context" + "net/http" + "net/url" +) + +func testStdlibSources(w http.ResponseWriter, req *http.Request) { + safeHost := req.Host // $ Source + http.Redirect(w, req, "https://"+safeHost+"/path", http.StatusFound) // $ Alert + + safeURL := req.URL // $ Source + w.Header().Set("Location", safeURL.String()) // $ Alert + + targetURL := url.URL{} + targetURL.Host = safeHost // URL is safe if Host is safe + http.Get(targetURL.String()) // $ Alert +} + +func testBarrierEdge1(w http.ResponseWriter, req *http.Request) { + safeURL := req.URL + + query := safeURL.Query() // query is not guaranteed to be safe + http.Redirect(w, req, query.Get("redirect"), http.StatusFound) // not guaranteed to be safe +} + +func testBarrierEdge2(w http.ResponseWriter, req *http.Request) { + safeURL := req.URL + + urlString := safeURL.String() + sliced := urlString[0:10] // a substring of a safe URL is not guaranteed to be safe + w.Header().Set("Location", sliced) // not guaranteed to be safe +} + +func testFieldReads(w http.ResponseWriter, req *http.Request) { + safeURL := req.URL // $ Source + + safeScheme := safeURL.Scheme // the scheme of a safe URL is safe + safeHost := safeURL.Host // the host of a safe URL is safe + safePath := safeURL.Path // the path of a safe URL is safe + fragment := safeURL.Fragment // the fragment of a safe URL is not guaranteed to be safe + user := safeURL.User // the user of a safe URL is not guaranteed to be safe + + http.Redirect(w, req, "https://"+safeScheme+"://example.com", http.StatusFound) // $ Alert + w.Header().Set("Location", "https://"+safeHost+"/path") // $ Alert + http.Get("https://example.com" + safePath) // $ Alert + + http.Get(fragment) // not guaranteed to be safe + http.Get(user.String()) // not guaranteed to be safe +} + +func testRequestForgerySinks(req *http.Request) { + safeURL := req.URL // $ Source + + // Standard library HTTP functions (request-forgery sinks) + http.Get(safeURL.String()) // $ Alert + http.Post(safeURL.String(), "application/json", nil) // $ Alert + http.PostForm(safeURL.String(), nil) // $ Alert + http.Head(safeURL.String()) // $ Alert + + // HTTP Client methods (request-forgery sinks) + client := &http.Client{} + client.Get(safeURL.String()) // $ Alert + client.Post(safeURL.String(), "application/json", nil) // $ Alert + client.PostForm(safeURL.String(), nil) // $ Alert + client.Head(safeURL.String()) // $ Alert + + // NewRequest + Client.Do (request-forgery sinks) + request, _ := http.NewRequest("GET", safeURL.String(), nil) // $ Alert + client.Do(request) + + // NewRequestWithContext + Client.Do (request-forgery sinks) + reqWithCtx, _ := http.NewRequestWithContext(context.TODO(), "POST", safeURL.String(), nil) // $ Alert + client.Do(reqWithCtx) + + // RoundTrip method (request-forgery sink) + request2, _ := http.NewRequest("GET", safeURL.String(), nil) // $ Alert + transport := &http.Transport{} + transport.RoundTrip(request2) +} + +func testHostFieldAssignmentFlow(w http.ResponseWriter, req *http.Request) { + safeHost := req.Host // $ Source + + targetURL, _ := url.Parse("http://example.com/data") + targetURL.Host = safeHost // URL is safe if Host is safe + + http.Redirect(w, req, targetURL.String(), http.StatusFound) // $ Alert + + targetURL.Host = "something.else.com" // targetURL is not guaranteed to be safe now that Host is overwritten + http.Get(targetURL.String()) +} + +func testFieldAccess(w http.ResponseWriter, req *http.Request) { + safeURL := req.URL // $ Source + + safeHost := safeURL.Host // the host of a safe URL is safe + safePath := safeURL.Path // the path of a safe URL is safe + safeScheme := safeURL.Scheme // the scheme of a safe URL is safe + safeOpaquePart := safeURL.Opaque // the opaque part of a safe URL is safe + + // Reconstruct URL - still guaranteed to be safe + reconstructed := safeScheme + "://" + safeHost + safePath + http.Get(reconstructed) // $ Alert + + // Test individual fields + http.Redirect(w, req, "https://"+safeHost+"/path", http.StatusFound) // $ Alert + w.Header().Set("Location", "https://example.com"+safePath) // $ Alert + http.Post(safeScheme+"://example.com/api", "application/json", nil) // $ Alert + http.Post(safeOpaquePart, "application/json", nil) // $ Alert + + user := safeURL.User // the user of a safe URL is not guaranteed to be safe + query := safeURL.RawQuery // the query of a safe URL is not guaranteed to be safe + fragment := safeURL.Fragment // the fragment of a safe URL is not guaranteed to be safe + + if user != nil { + http.Redirect(w, req, user.String(), http.StatusFound) // not guaranteed to be safe + } + w.Header().Set("Location", "https://example.com/?"+query) // not guaranteed to be safe + http.Get("https://example.com/#" + fragment) // not guaranteed to be safe +} diff --git a/go/ql/test/library-tests/semmle/go/security/SafeUrlFlow/SafeUrlFlow.ql b/go/ql/test/library-tests/semmle/go/security/SafeUrlFlow/SafeUrlFlow.ql new file mode 100644 index 00000000000..badc69f386c --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/security/SafeUrlFlow/SafeUrlFlow.ql @@ -0,0 +1,15 @@ +/** + * @id go/test-safe-url-flow + * @kind path-problem + * @problem.severity recommendation + */ + +import go +import semmle.go.security.RequestForgeryCustomizations +import semmle.go.security.OpenUrlRedirectCustomizations +import semmle.go.security.SafeUrlFlow +import SafeUrlFlow::Flow::PathGraph + +from SafeUrlFlow::Flow::PathNode source, SafeUrlFlow::Flow::PathNode sink +where SafeUrlFlow::Flow::flowPath(source, sink) +select sink.getNode(), source, sink, "A safe URL flows here from $@.", source.getNode(), "here" diff --git a/go/ql/test/library-tests/semmle/go/security/SafeUrlFlow/SafeUrlFlow.qlref b/go/ql/test/library-tests/semmle/go/security/SafeUrlFlow/SafeUrlFlow.qlref new file mode 100644 index 00000000000..db1b80a6317 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/security/SafeUrlFlow/SafeUrlFlow.qlref @@ -0,0 +1,4 @@ +query: SafeUrlFlow.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/go/ql/test/query-tests/Security/CWE-022/TaintedPath.expected b/go/ql/test/query-tests/Security/CWE-022/TaintedPath.expected index f5d86e68dbc..c95fa5e7af6 100644 --- a/go/ql/test/query-tests/Security/CWE-022/TaintedPath.expected +++ b/go/ql/test/query-tests/Security/CWE-022/TaintedPath.expected @@ -6,8 +6,8 @@ edges | TaintedPath.go:15:18:15:22 | selection of URL | TaintedPath.go:15:18:15:30 | call to Query | provenance | Src:MaD:2 MaD:3 | | TaintedPath.go:15:18:15:30 | call to Query | TaintedPath.go:18:29:18:40 | tainted_path | provenance | Sink:MaD:1 | | TaintedPath.go:15:18:15:30 | call to Query | TaintedPath.go:22:57:22:68 | tainted_path | provenance | | -| TaintedPath.go:15:18:15:30 | call to Query | TaintedPath.go:74:39:74:56 | ...+... | provenance | | | TaintedPath.go:22:57:22:68 | tainted_path | TaintedPath.go:22:28:22:69 | call to Join | provenance | FunctionModel Sink:MaD:1 | +| TaintedPath.go:22:57:22:68 | tainted_path | TaintedPath.go:74:39:74:56 | ...+... | provenance | | | TaintedPath.go:74:39:74:56 | ...+... | TaintedPath.go:74:28:74:57 | call to Clean | provenance | MaD:4 Sink:MaD:1 | models | 1 | Sink: io/ioutil; ; false; ReadFile; ; ; Argument[0]; path-injection; manual | diff --git a/go/ql/test/query-tests/Security/CWE-078/CommandInjection.expected b/go/ql/test/query-tests/Security/CWE-078/CommandInjection.expected index dff32df4e1f..78dde84a947 100644 --- a/go/ql/test/query-tests/Security/CWE-078/CommandInjection.expected +++ b/go/ql/test/query-tests/Security/CWE-078/CommandInjection.expected @@ -48,14 +48,14 @@ edges | GitSubcommands.go:11:13:11:27 | call to Query | GitSubcommands.go:17:36:17:42 | tainted | provenance | | | GitSubcommands.go:33:13:33:19 | selection of URL | GitSubcommands.go:33:13:33:27 | call to Query | provenance | Src:MaD:2 MaD:7 | | GitSubcommands.go:33:13:33:27 | call to Query | GitSubcommands.go:38:32:38:38 | tainted | provenance | | +| SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | SanitizingDoubleDash.go:13:25:13:31 | tainted | provenance | | +| SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | SanitizingDoubleDash.go:14:23:14:33 | slice expression | provenance | | +| SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | SanitizingDoubleDash.go:39:31:39:37 | tainted | provenance | Config | +| SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | SanitizingDoubleDash.go:52:24:52:30 | tainted | provenance | Config | +| SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | SanitizingDoubleDash.go:68:31:68:37 | tainted | provenance | Config | +| SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | SanitizingDoubleDash.go:80:23:80:29 | tainted | provenance | Config | | SanitizingDoubleDash.go:9:13:9:19 | selection of URL | SanitizingDoubleDash.go:9:13:9:27 | call to Query | provenance | Src:MaD:2 MaD:7 | -| SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:13:25:13:31 | tainted | provenance | | -| SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:14:23:14:33 | slice expression | provenance | | -| SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:39:31:39:37 | tainted | provenance | | -| SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:52:24:52:30 | tainted | provenance | | -| SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:53:21:53:28 | arrayLit | provenance | | -| SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:68:31:68:37 | tainted | provenance | | -| SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:80:23:80:29 | tainted | provenance | | +| SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | provenance | | | SanitizingDoubleDash.go:13:15:13:32 | array literal [array] | SanitizingDoubleDash.go:14:23:14:30 | arrayLit [array] | provenance | | | SanitizingDoubleDash.go:13:25:13:31 | tainted | SanitizingDoubleDash.go:13:15:13:32 | array literal [array] | provenance | | | SanitizingDoubleDash.go:14:23:14:30 | arrayLit [array] | SanitizingDoubleDash.go:14:23:14:33 | slice element node | provenance | | @@ -67,6 +67,7 @@ edges | SanitizingDoubleDash.go:39:31:39:37 | tainted | SanitizingDoubleDash.go:39:14:39:44 | []type{args} [array] | provenance | | | SanitizingDoubleDash.go:52:15:52:31 | slice literal [array] | SanitizingDoubleDash.go:53:21:53:28 | arrayLit [array] | provenance | | | SanitizingDoubleDash.go:52:24:52:30 | tainted | SanitizingDoubleDash.go:52:15:52:31 | slice literal [array] | provenance | | +| SanitizingDoubleDash.go:52:24:52:30 | tainted | SanitizingDoubleDash.go:53:21:53:28 | arrayLit | provenance | | | SanitizingDoubleDash.go:53:14:53:35 | call to append | SanitizingDoubleDash.go:54:23:54:30 | arrayLit | provenance | | | SanitizingDoubleDash.go:53:14:53:35 | call to append [array] | SanitizingDoubleDash.go:54:23:54:30 | arrayLit | provenance | | | SanitizingDoubleDash.go:53:21:53:28 | arrayLit | SanitizingDoubleDash.go:53:14:53:35 | call to append | provenance | MaD:4 | @@ -180,6 +181,7 @@ nodes | GitSubcommands.go:33:13:33:19 | selection of URL | semmle.label | selection of URL | | GitSubcommands.go:33:13:33:27 | call to Query | semmle.label | call to Query | | GitSubcommands.go:38:32:38:38 | tainted | semmle.label | tainted | +| SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | semmle.label | definition of tainted | | SanitizingDoubleDash.go:9:13:9:19 | selection of URL | semmle.label | selection of URL | | SanitizingDoubleDash.go:9:13:9:27 | call to Query | semmle.label | call to Query | | SanitizingDoubleDash.go:13:15:13:32 | array literal [array] | semmle.label | array literal [array] | diff --git a/go/ql/test/query-tests/Security/CWE-078/SanitizingDoubleDash.go b/go/ql/test/query-tests/Security/CWE-078/SanitizingDoubleDash.go index d69a970f0d0..0428df55086 100644 --- a/go/ql/test/query-tests/Security/CWE-078/SanitizingDoubleDash.go +++ b/go/ql/test/query-tests/Security/CWE-078/SanitizingDoubleDash.go @@ -93,62 +93,62 @@ func testDoubleDashIrrelevant(req *http.Request) { { arrayLit := [1]string{tainted} - exec.Command("sudo", arrayLit[:]...) + exec.Command("sudo", arrayLit[:]...) // BAD } { arrayLit := [2]string{"--", tainted} - exec.Command("sudo", arrayLit[:]...) + exec.Command("sudo", arrayLit[:]...) // BAD } { arrayLit := []string{"--", tainted} - exec.Command("sudo", arrayLit...) + exec.Command("sudo", arrayLit...) // BAD } { arrayLit := []string{} arrayLit = append(arrayLit, "--", tainted) - exec.Command("sudo", arrayLit...) + exec.Command("sudo", arrayLit...) // BAD } { arrayLit := []string{} arrayLit = append(arrayLit, tainted, "--") - exec.Command("sudo", arrayLit...) + exec.Command("sudo", arrayLit...) // BAD } { arrayLit := []string{"--"} arrayLit = append(arrayLit, tainted) - exec.Command("sudo", arrayLit...) + exec.Command("sudo", arrayLit...) // BAD } { arrayLit := []string{tainted} arrayLit = append(arrayLit, "--") - exec.Command("sudo", arrayLit...) + exec.Command("sudo", arrayLit...) // BAD } { arrayLit := []string{"--"} arrayLit = append(arrayLit, "something else") arrayLit = append(arrayLit, tainted) - exec.Command("sudo", arrayLit...) + exec.Command("sudo", arrayLit...) // BAD } { arrayLit := []string{"something else"} arrayLit = append(arrayLit, tainted) arrayLit = append(arrayLit, "--") - exec.Command("sudo", arrayLit...) + exec.Command("sudo", arrayLit...) // BAD } { - exec.Command("sudo", "--", tainted) + exec.Command("sudo", "--", tainted) // BAD } { - exec.Command("sudo", tainted, "--") + exec.Command("sudo", tainted, "--") // BAD } } diff --git a/go/ql/test/query-tests/Security/CWE-078/StoredCommand.expected b/go/ql/test/query-tests/Security/CWE-078/StoredCommand.expected index c274067926a..809f5c20976 100644 --- a/go/ql/test/query-tests/Security/CWE-078/StoredCommand.expected +++ b/go/ql/test/query-tests/Security/CWE-078/StoredCommand.expected @@ -2,14 +2,14 @@ | StoredCommand.go:14:22:14:28 | cmdName | StoredCommand.go:11:2:11:27 | ... := ...[0] | StoredCommand.go:14:22:14:28 | cmdName | This command depends on a $@. | StoredCommand.go:11:2:11:27 | ... := ...[0] | stored value | edges | StoredCommand.go:11:2:11:27 | ... := ...[0] | StoredCommand.go:13:2:13:5 | rows | provenance | Src:MaD:2 | -| StoredCommand.go:13:2:13:5 | rows | StoredCommand.go:13:12:13:19 | &... | provenance | FunctionModel | -| StoredCommand.go:13:12:13:19 | &... | StoredCommand.go:14:22:14:28 | cmdName | provenance | Sink:MaD:1 | +| StoredCommand.go:13:2:13:5 | rows | StoredCommand.go:13:12:13:19 | &... [postupdate] | provenance | FunctionModel | +| StoredCommand.go:13:12:13:19 | &... [postupdate] | StoredCommand.go:14:22:14:28 | cmdName | provenance | Sink:MaD:1 | models | 1 | Sink: os/exec; ; false; Command; ; ; Argument[0]; command-injection; manual | | 2 | Source: database/sql; DB; true; Query; ; ; ReturnValue[0]; database; manual | nodes | StoredCommand.go:11:2:11:27 | ... := ...[0] | semmle.label | ... := ...[0] | | StoredCommand.go:13:2:13:5 | rows | semmle.label | rows | -| StoredCommand.go:13:12:13:19 | &... | semmle.label | &... | +| StoredCommand.go:13:12:13:19 | &... [postupdate] | semmle.label | &... [postupdate] | | StoredCommand.go:14:22:14:28 | cmdName | semmle.label | cmdName | subpaths diff --git a/go/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected b/go/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected index 91b39e0e2a0..0e1265b5c1e 100644 --- a/go/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected +++ b/go/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected @@ -13,11 +13,11 @@ | reflectedxsstest.go:54:11:54:21 | type conversion | reflectedxsstest.go:51:14:51:18 | selection of URL | reflectedxsstest.go:54:11:54:21 | type conversion | Cross-site scripting vulnerability due to $@. | reflectedxsstest.go:51:14:51:18 | selection of URL | user-provided value | reflectedxsstest.go:0:0:0:0 | reflectedxsstest.go | | | tst.go:18:12:18:39 | type conversion | tst.go:14:15:14:20 | selection of Form | tst.go:18:12:18:39 | type conversion | Cross-site scripting vulnerability due to $@. | tst.go:14:15:14:20 | selection of Form | user-provided value | tst.go:0:0:0:0 | tst.go | | | tst.go:53:12:53:26 | type conversion | tst.go:48:14:48:19 | selection of Form | tst.go:53:12:53:26 | type conversion | Cross-site scripting vulnerability due to $@. | tst.go:48:14:48:19 | selection of Form | user-provided value | tst.go:0:0:0:0 | tst.go | | -| websocketXss.go:32:24:32:27 | xnet | websocketXss.go:30:7:30:10 | definition of xnet | websocketXss.go:32:24:32:27 | xnet | Cross-site scripting vulnerability due to $@. | websocketXss.go:30:7:30:10 | definition of xnet | user-provided value | websocketXss.go:0:0:0:0 | websocketXss.go | | -| websocketXss.go:36:24:36:28 | xnet2 | websocketXss.go:34:3:34:7 | definition of xnet2 | websocketXss.go:36:24:36:28 | xnet2 | Cross-site scripting vulnerability due to $@. | websocketXss.go:34:3:34:7 | definition of xnet2 | user-provided value | websocketXss.go:0:0:0:0 | websocketXss.go | | +| websocketXss.go:32:24:32:27 | xnet | websocketXss.go:31:11:31:14 | xnet [postupdate] | websocketXss.go:32:24:32:27 | xnet | Cross-site scripting vulnerability due to $@. | websocketXss.go:31:11:31:14 | xnet [postupdate] | user-provided value | websocketXss.go:0:0:0:0 | websocketXss.go | | +| websocketXss.go:36:24:36:28 | xnet2 | websocketXss.go:35:21:35:25 | xnet2 [postupdate] | websocketXss.go:36:24:36:28 | xnet2 | Cross-site scripting vulnerability due to $@. | websocketXss.go:35:21:35:25 | xnet2 [postupdate] | user-provided value | websocketXss.go:0:0:0:0 | websocketXss.go | | | websocketXss.go:41:24:41:29 | nhooyr | websocketXss.go:40:3:40:40 | ... := ...[1] | websocketXss.go:41:24:41:29 | nhooyr | Cross-site scripting vulnerability due to $@. | websocketXss.go:40:3:40:40 | ... := ...[1] | user-provided value | websocketXss.go:0:0:0:0 | websocketXss.go | | -| websocketXss.go:48:24:48:33 | gorillaMsg | websocketXss.go:46:7:46:16 | definition of gorillaMsg | websocketXss.go:48:24:48:33 | gorillaMsg | Cross-site scripting vulnerability due to $@. | websocketXss.go:46:7:46:16 | definition of gorillaMsg | user-provided value | websocketXss.go:0:0:0:0 | websocketXss.go | | -| websocketXss.go:52:24:52:31 | gorilla2 | websocketXss.go:50:3:50:10 | definition of gorilla2 | websocketXss.go:52:24:52:31 | gorilla2 | Cross-site scripting vulnerability due to $@. | websocketXss.go:50:3:50:10 | definition of gorilla2 | user-provided value | websocketXss.go:0:0:0:0 | websocketXss.go | | +| websocketXss.go:48:24:48:33 | gorillaMsg | websocketXss.go:47:26:47:35 | gorillaMsg [postupdate] | websocketXss.go:48:24:48:33 | gorillaMsg | Cross-site scripting vulnerability due to $@. | websocketXss.go:47:26:47:35 | gorillaMsg [postupdate] | user-provided value | websocketXss.go:0:0:0:0 | websocketXss.go | | +| websocketXss.go:52:24:52:31 | gorilla2 | websocketXss.go:51:17:51:24 | gorilla2 [postupdate] | websocketXss.go:52:24:52:31 | gorilla2 | Cross-site scripting vulnerability due to $@. | websocketXss.go:51:17:51:24 | gorilla2 [postupdate] | user-provided value | websocketXss.go:0:0:0:0 | websocketXss.go | | | websocketXss.go:55:24:55:31 | gorilla3 | websocketXss.go:54:3:54:38 | ... := ...[1] | websocketXss.go:55:24:55:31 | gorilla3 | Cross-site scripting vulnerability due to $@. | websocketXss.go:54:3:54:38 | ... := ...[1] | user-provided value | websocketXss.go:0:0:0:0 | websocketXss.go | | edges | ReflectedXss.go:11:15:11:20 | selection of Form | ReflectedXss.go:11:15:11:36 | call to Get | provenance | Src:MaD:6 MaD:18 | @@ -48,8 +48,8 @@ edges | reflectedxsstest.go:39:16:39:21 | reader | reflectedxsstest.go:39:2:39:32 | ... := ...[0] | provenance | MaD:16 | | reflectedxsstest.go:40:14:40:17 | part | reflectedxsstest.go:40:14:40:28 | call to FileName | provenance | MaD:15 | | reflectedxsstest.go:40:14:40:28 | call to FileName | reflectedxsstest.go:44:46:44:53 | partName | provenance | | -| reflectedxsstest.go:41:2:41:10 | definition of byteSlice | reflectedxsstest.go:45:10:45:18 | byteSlice | provenance | | -| reflectedxsstest.go:42:2:42:5 | part | reflectedxsstest.go:41:2:41:10 | definition of byteSlice | provenance | MaD:14 | +| reflectedxsstest.go:42:2:42:5 | part | reflectedxsstest.go:42:12:42:20 | byteSlice [postupdate] | provenance | MaD:14 | +| reflectedxsstest.go:42:12:42:20 | byteSlice [postupdate] | reflectedxsstest.go:45:10:45:18 | byteSlice | provenance | | | reflectedxsstest.go:44:17:44:54 | []type{args} [array] | reflectedxsstest.go:44:17:44:54 | call to Sprintf | provenance | MaD:12 | | reflectedxsstest.go:44:17:44:54 | call to Sprintf | reflectedxsstest.go:44:10:44:55 | type conversion | provenance | | | reflectedxsstest.go:44:46:44:53 | partName | reflectedxsstest.go:44:17:44:54 | []type{args} [array] | provenance | | @@ -62,11 +62,11 @@ edges | tst.go:18:32:18:32 | a | tst.go:18:19:18:38 | call to Join | provenance | MaD:19 | | tst.go:48:14:48:19 | selection of Form | tst.go:48:14:48:34 | call to Get | provenance | Src:MaD:6 MaD:18 | | tst.go:48:14:48:34 | call to Get | tst.go:53:12:53:26 | type conversion | provenance | | -| websocketXss.go:30:7:30:10 | definition of xnet | websocketXss.go:32:24:32:27 | xnet | provenance | Src:MaD:5 | -| websocketXss.go:34:3:34:7 | definition of xnet2 | websocketXss.go:36:24:36:28 | xnet2 | provenance | Src:MaD:4 | +| websocketXss.go:31:11:31:14 | xnet [postupdate] | websocketXss.go:32:24:32:27 | xnet | provenance | Src:MaD:5 | +| websocketXss.go:35:21:35:25 | xnet2 [postupdate] | websocketXss.go:36:24:36:28 | xnet2 | provenance | Src:MaD:4 | | websocketXss.go:40:3:40:40 | ... := ...[1] | websocketXss.go:41:24:41:29 | nhooyr | provenance | Src:MaD:11 | -| websocketXss.go:46:7:46:16 | definition of gorillaMsg | websocketXss.go:48:24:48:33 | gorillaMsg | provenance | Src:MaD:1 | -| websocketXss.go:50:3:50:10 | definition of gorilla2 | websocketXss.go:52:24:52:31 | gorilla2 | provenance | Src:MaD:2 | +| websocketXss.go:47:26:47:35 | gorillaMsg [postupdate] | websocketXss.go:48:24:48:33 | gorillaMsg | provenance | Src:MaD:1 | +| websocketXss.go:51:17:51:24 | gorilla2 [postupdate] | websocketXss.go:52:24:52:31 | gorilla2 | provenance | Src:MaD:2 | | websocketXss.go:54:3:54:38 | ... := ...[1] | websocketXss.go:55:24:55:31 | gorilla3 | provenance | Src:MaD:3 | models | 1 | Source: github.com/gorilla/websocket; ; false; ReadJSON; ; ; Argument[1]; remote; manual | @@ -123,8 +123,8 @@ nodes | reflectedxsstest.go:39:16:39:21 | reader | semmle.label | reader | | reflectedxsstest.go:40:14:40:17 | part | semmle.label | part | | reflectedxsstest.go:40:14:40:28 | call to FileName | semmle.label | call to FileName | -| reflectedxsstest.go:41:2:41:10 | definition of byteSlice | semmle.label | definition of byteSlice | | reflectedxsstest.go:42:2:42:5 | part | semmle.label | part | +| reflectedxsstest.go:42:12:42:20 | byteSlice [postupdate] | semmle.label | byteSlice [postupdate] | | reflectedxsstest.go:44:10:44:55 | type conversion | semmle.label | type conversion | | reflectedxsstest.go:44:17:44:54 | []type{args} [array] | semmle.label | []type{args} [array] | | reflectedxsstest.go:44:17:44:54 | call to Sprintf | semmle.label | call to Sprintf | @@ -141,16 +141,25 @@ nodes | tst.go:48:14:48:19 | selection of Form | semmle.label | selection of Form | | tst.go:48:14:48:34 | call to Get | semmle.label | call to Get | | tst.go:53:12:53:26 | type conversion | semmle.label | type conversion | -| websocketXss.go:30:7:30:10 | definition of xnet | semmle.label | definition of xnet | +| websocketXss.go:31:11:31:14 | xnet [postupdate] | semmle.label | xnet [postupdate] | | websocketXss.go:32:24:32:27 | xnet | semmle.label | xnet | -| websocketXss.go:34:3:34:7 | definition of xnet2 | semmle.label | definition of xnet2 | +| websocketXss.go:35:21:35:25 | xnet2 [postupdate] | semmle.label | xnet2 [postupdate] | | websocketXss.go:36:24:36:28 | xnet2 | semmle.label | xnet2 | | websocketXss.go:40:3:40:40 | ... := ...[1] | semmle.label | ... := ...[1] | | websocketXss.go:41:24:41:29 | nhooyr | semmle.label | nhooyr | -| websocketXss.go:46:7:46:16 | definition of gorillaMsg | semmle.label | definition of gorillaMsg | +| websocketXss.go:47:26:47:35 | gorillaMsg [postupdate] | semmle.label | gorillaMsg [postupdate] | | websocketXss.go:48:24:48:33 | gorillaMsg | semmle.label | gorillaMsg | -| websocketXss.go:50:3:50:10 | definition of gorilla2 | semmle.label | definition of gorilla2 | +| websocketXss.go:51:17:51:24 | gorilla2 [postupdate] | semmle.label | gorilla2 [postupdate] | | websocketXss.go:52:24:52:31 | gorilla2 | semmle.label | gorilla2 | | websocketXss.go:54:3:54:38 | ... := ...[1] | semmle.label | ... := ...[1] | | websocketXss.go:55:24:55:31 | gorilla3 | semmle.label | gorilla3 | subpaths +testFailures +| websocketXss.go:30:32:30:60 | comment | Missing result: Source[go/reflected-xss] | +| websocketXss.go:31:11:31:14 | xnet [postupdate] | Unexpected result: Source | +| websocketXss.go:34:30:34:58 | comment | Missing result: Source[go/reflected-xss] | +| websocketXss.go:35:21:35:25 | xnet2 [postupdate] | Unexpected result: Source | +| websocketXss.go:46:38:46:66 | comment | Missing result: Source[go/reflected-xss] | +| websocketXss.go:47:26:47:35 | gorillaMsg [postupdate] | Unexpected result: Source | +| websocketXss.go:50:33:50:61 | comment | Missing result: Source[go/reflected-xss] | +| websocketXss.go:51:17:51:24 | gorilla2 [postupdate] | Unexpected result: Source | diff --git a/go/ql/test/query-tests/Security/CWE-079/StoredXss.expected b/go/ql/test/query-tests/Security/CWE-079/StoredXss.expected index 4e2958c767e..41ec62706d0 100644 --- a/go/ql/test/query-tests/Security/CWE-079/StoredXss.expected +++ b/go/ql/test/query-tests/Security/CWE-079/StoredXss.expected @@ -3,15 +3,15 @@ | stored.go:61:22:61:25 | path | stored.go:59:30:59:33 | definition of path | stored.go:61:22:61:25 | path | Stored cross-site scripting vulnerability due to $@. | stored.go:59:30:59:33 | definition of path | stored value | edges | stored.go:18:3:18:28 | ... := ...[0] | stored.go:25:14:25:17 | rows | provenance | Src:MaD:1 | -| stored.go:25:14:25:17 | rows | stored.go:25:29:25:33 | &... | provenance | FunctionModel | -| stored.go:25:29:25:33 | &... | stored.go:30:22:30:25 | name | provenance | | +| stored.go:25:14:25:17 | rows | stored.go:25:29:25:33 | &... [postupdate] | provenance | FunctionModel | +| stored.go:25:29:25:33 | &... [postupdate] | stored.go:30:22:30:25 | name | provenance | | | stored.go:59:30:59:33 | definition of path | stored.go:61:22:61:25 | path | provenance | | models | 1 | Source: database/sql; DB; true; Query; ; ; ReturnValue[0]; database; manual | nodes | stored.go:18:3:18:28 | ... := ...[0] | semmle.label | ... := ...[0] | | stored.go:25:14:25:17 | rows | semmle.label | rows | -| stored.go:25:29:25:33 | &... | semmle.label | &... | +| stored.go:25:29:25:33 | &... [postupdate] | semmle.label | &... [postupdate] | | stored.go:30:22:30:25 | name | semmle.label | name | | stored.go:59:30:59:33 | definition of path | semmle.label | definition of path | | stored.go:61:22:61:25 | path | semmle.label | path | diff --git a/go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected b/go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected index 1ce8c3d1dcf..e8c6848b569 100644 --- a/go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected +++ b/go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected @@ -33,24 +33,24 @@ edges | SqlInjection.go:11:3:11:29 | index expression | SqlInjection.go:10:7:11:30 | call to Sprintf | provenance | FunctionModel | | issue48.go:17:2:17:33 | ... := ...[0] | issue48.go:18:17:18:17 | b | provenance | | | issue48.go:17:25:17:32 | selection of Body | issue48.go:17:2:17:33 | ... := ...[0] | provenance | Src:MaD:17 MaD:24 | -| issue48.go:18:17:18:17 | b | issue48.go:18:20:18:39 | &... | provenance | MaD:22 | -| issue48.go:18:20:18:39 | &... | issue48.go:21:3:21:33 | index expression | provenance | | +| issue48.go:18:17:18:17 | b | issue48.go:18:20:18:39 | &... [postupdate] | provenance | MaD:22 | +| issue48.go:18:20:18:39 | &... [postupdate] | issue48.go:21:3:21:33 | index expression | provenance | | | issue48.go:20:8:21:34 | []type{args} [array] | issue48.go:20:8:21:34 | call to Sprintf | provenance | MaD:23 | | issue48.go:20:8:21:34 | call to Sprintf | issue48.go:22:11:22:12 | q3 | provenance | Sink:MaD:1 | | issue48.go:21:3:21:33 | index expression | issue48.go:20:8:21:34 | []type{args} [array] | provenance | | | issue48.go:21:3:21:33 | index expression | issue48.go:20:8:21:34 | call to Sprintf | provenance | FunctionModel | | issue48.go:27:2:27:34 | ... := ...[0] | issue48.go:28:17:28:18 | b2 | provenance | | | issue48.go:27:26:27:33 | selection of Body | issue48.go:27:2:27:34 | ... := ...[0] | provenance | Src:MaD:17 MaD:24 | -| issue48.go:28:17:28:18 | b2 | issue48.go:28:21:28:41 | &... | provenance | MaD:22 | -| issue48.go:28:21:28:41 | &... | issue48.go:31:3:31:31 | selection of Category | provenance | | +| issue48.go:28:17:28:18 | b2 | issue48.go:28:21:28:41 | &... [postupdate] | provenance | MaD:22 | +| issue48.go:28:21:28:41 | &... [postupdate] | issue48.go:31:3:31:31 | selection of Category | provenance | | | issue48.go:30:8:31:32 | []type{args} [array] | issue48.go:30:8:31:32 | call to Sprintf | provenance | MaD:23 | | issue48.go:30:8:31:32 | call to Sprintf | issue48.go:32:11:32:12 | q4 | provenance | Sink:MaD:1 | | issue48.go:31:3:31:31 | selection of Category | issue48.go:30:8:31:32 | []type{args} [array] | provenance | | | issue48.go:31:3:31:31 | selection of Category | issue48.go:30:8:31:32 | call to Sprintf | provenance | FunctionModel | -| issue48.go:37:17:37:50 | type conversion | issue48.go:37:53:37:73 | &... | provenance | MaD:22 | +| issue48.go:37:17:37:50 | type conversion | issue48.go:37:53:37:73 | &... [postupdate] | provenance | MaD:22 | | issue48.go:37:24:37:30 | selection of URL | issue48.go:37:24:37:38 | call to Query | provenance | Src:MaD:21 MaD:26 | | issue48.go:37:24:37:38 | call to Query | issue48.go:37:17:37:50 | type conversion | provenance | | -| issue48.go:37:53:37:73 | &... | issue48.go:40:3:40:31 | selection of Category | provenance | | +| issue48.go:37:53:37:73 | &... [postupdate] | issue48.go:40:3:40:31 | selection of Category | provenance | | | issue48.go:39:8:40:32 | []type{args} [array] | issue48.go:39:8:40:32 | call to Sprintf | provenance | MaD:23 | | issue48.go:39:8:40:32 | call to Sprintf | issue48.go:41:11:41:12 | q5 | provenance | Sink:MaD:1 | | issue48.go:40:3:40:31 | selection of Category | issue48.go:39:8:40:32 | []type{args} [array] | provenance | | @@ -76,39 +76,33 @@ edges | main.go:34:3:34:13 | implicit dereference [Category] | main.go:34:3:34:22 | selection of Category | provenance | | | main.go:34:3:34:22 | selection of Category | main.go:33:7:34:23 | []type{args} [array] | provenance | | | main.go:34:3:34:22 | selection of Category | main.go:33:7:34:23 | call to Sprintf | provenance | FunctionModel | -| main.go:39:2:39:12 | definition of RequestData [pointer, Category] | main.go:40:2:40:12 | RequestData [pointer, Category] | provenance | | -| main.go:39:2:39:12 | definition of RequestData [pointer, Category] | main.go:43:3:43:13 | RequestData [pointer, Category] | provenance | | -| main.go:40:2:40:12 | RequestData [pointer, Category] | main.go:40:2:40:12 | implicit dereference [Category] | provenance | | -| main.go:40:2:40:12 | implicit dereference [Category] | main.go:39:2:39:12 | definition of RequestData [pointer, Category] | provenance | | +| main.go:40:2:40:12 | RequestData [postupdate] [pointer, Category] | main.go:43:3:43:13 | RequestData [pointer, Category] | provenance | | +| main.go:40:2:40:12 | implicit dereference [postupdate] [Category] | main.go:40:2:40:12 | RequestData [postupdate] [pointer, Category] | provenance | | | main.go:40:25:40:31 | selection of URL | main.go:40:25:40:39 | call to Query | provenance | Src:MaD:21 MaD:26 | | main.go:40:25:40:39 | call to Query | main.go:40:25:40:51 | index expression | provenance | | -| main.go:40:25:40:51 | index expression | main.go:40:2:40:12 | implicit dereference [Category] | provenance | | +| main.go:40:25:40:51 | index expression | main.go:40:2:40:12 | implicit dereference [postupdate] [Category] | provenance | | | main.go:42:7:43:23 | []type{args} [array] | main.go:42:7:43:23 | call to Sprintf | provenance | MaD:23 | | main.go:42:7:43:23 | call to Sprintf | main.go:44:11:44:11 | q | provenance | Sink:MaD:1 | | main.go:43:3:43:13 | RequestData [pointer, Category] | main.go:43:3:43:13 | implicit dereference [Category] | provenance | | | main.go:43:3:43:13 | implicit dereference [Category] | main.go:43:3:43:22 | selection of Category | provenance | | | main.go:43:3:43:22 | selection of Category | main.go:42:7:43:23 | []type{args} [array] | provenance | | | main.go:43:3:43:22 | selection of Category | main.go:42:7:43:23 | call to Sprintf | provenance | FunctionModel | -| main.go:48:2:48:12 | definition of RequestData [pointer, Category] | main.go:49:4:49:14 | RequestData [pointer, Category] | provenance | | -| main.go:48:2:48:12 | definition of RequestData [pointer, Category] | main.go:52:3:52:13 | RequestData [pointer, Category] | provenance | | -| main.go:49:3:49:14 | star expression [Category] | main.go:48:2:48:12 | definition of RequestData [pointer, Category] | provenance | | -| main.go:49:4:49:14 | RequestData [pointer, Category] | main.go:49:3:49:14 | star expression [Category] | provenance | | +| main.go:49:3:49:14 | star expression [postupdate] [Category] | main.go:49:4:49:14 | RequestData [postupdate] [pointer, Category] | provenance | | +| main.go:49:4:49:14 | RequestData [postupdate] [pointer, Category] | main.go:52:3:52:13 | RequestData [pointer, Category] | provenance | | | main.go:49:28:49:34 | selection of URL | main.go:49:28:49:42 | call to Query | provenance | Src:MaD:21 MaD:26 | | main.go:49:28:49:42 | call to Query | main.go:49:28:49:54 | index expression | provenance | | -| main.go:49:28:49:54 | index expression | main.go:49:3:49:14 | star expression [Category] | provenance | | +| main.go:49:28:49:54 | index expression | main.go:49:3:49:14 | star expression [postupdate] [Category] | provenance | | | main.go:51:7:52:23 | []type{args} [array] | main.go:51:7:52:23 | call to Sprintf | provenance | MaD:23 | | main.go:51:7:52:23 | call to Sprintf | main.go:53:11:53:11 | q | provenance | Sink:MaD:1 | | main.go:52:3:52:13 | RequestData [pointer, Category] | main.go:52:3:52:13 | implicit dereference [Category] | provenance | | | main.go:52:3:52:13 | implicit dereference [Category] | main.go:52:3:52:22 | selection of Category | provenance | | | main.go:52:3:52:22 | selection of Category | main.go:51:7:52:23 | []type{args} [array] | provenance | | | main.go:52:3:52:22 | selection of Category | main.go:51:7:52:23 | call to Sprintf | provenance | FunctionModel | -| main.go:57:2:57:12 | definition of RequestData [pointer, Category] | main.go:58:4:58:14 | RequestData [pointer, Category] | provenance | | -| main.go:57:2:57:12 | definition of RequestData [pointer, Category] | main.go:61:5:61:15 | RequestData [pointer, Category] | provenance | | -| main.go:58:3:58:14 | star expression [Category] | main.go:57:2:57:12 | definition of RequestData [pointer, Category] | provenance | | -| main.go:58:4:58:14 | RequestData [pointer, Category] | main.go:58:3:58:14 | star expression [Category] | provenance | | +| main.go:58:3:58:14 | star expression [postupdate] [Category] | main.go:58:4:58:14 | RequestData [postupdate] [pointer, Category] | provenance | | +| main.go:58:4:58:14 | RequestData [postupdate] [pointer, Category] | main.go:61:5:61:15 | RequestData [pointer, Category] | provenance | | | main.go:58:28:58:34 | selection of URL | main.go:58:28:58:42 | call to Query | provenance | Src:MaD:21 MaD:26 | | main.go:58:28:58:42 | call to Query | main.go:58:28:58:54 | index expression | provenance | | -| main.go:58:28:58:54 | index expression | main.go:58:3:58:14 | star expression [Category] | provenance | | +| main.go:58:28:58:54 | index expression | main.go:58:3:58:14 | star expression [postupdate] [Category] | provenance | | | main.go:60:7:61:26 | []type{args} [array] | main.go:60:7:61:26 | call to Sprintf | provenance | MaD:23 | | main.go:60:7:61:26 | call to Sprintf | main.go:62:11:62:11 | q | provenance | Sink:MaD:1 | | main.go:61:3:61:25 | selection of Category | main.go:60:7:61:26 | []type{args} [array] | provenance | | @@ -117,22 +111,22 @@ edges | main.go:61:5:61:15 | RequestData [pointer, Category] | main.go:61:4:61:15 | star expression [Category] | provenance | | | mongoDB.go:40:20:40:30 | call to Referer | mongoDB.go:42:28:42:41 | untrustedInput | provenance | Src:MaD:20 | | mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:50:34:50:39 | filter | provenance | | -| mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:61:27:61:32 | filter | provenance | Sink:MaD:4 | -| mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:63:23:63:28 | filter | provenance | Sink:MaD:5 | -| mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:64:22:64:27 | filter | provenance | Sink:MaD:6 | -| mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:66:32:66:37 | filter | provenance | Sink:MaD:7 | -| mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:69:17:69:22 | filter | provenance | Sink:MaD:8 | -| mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:70:20:70:25 | filter | provenance | Sink:MaD:9 | -| mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:71:29:71:34 | filter | provenance | Sink:MaD:10 | -| mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:72:30:72:35 | filter | provenance | Sink:MaD:11 | -| mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:73:29:73:34 | filter | provenance | Sink:MaD:12 | -| mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:78:23:78:28 | filter | provenance | Sink:MaD:13 | -| mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:79:23:79:28 | filter | provenance | Sink:MaD:14 | -| mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:80:22:80:27 | filter | provenance | Sink:MaD:15 | | mongoDB.go:42:28:42:41 | untrustedInput | mongoDB.go:42:19:42:42 | struct literal | provenance | Config | | mongoDB.go:50:23:50:40 | struct literal | mongoDB.go:57:22:57:29 | pipeline | provenance | Sink:MaD:3 | | mongoDB.go:50:23:50:40 | struct literal | mongoDB.go:81:18:81:25 | pipeline | provenance | Sink:MaD:16 | | mongoDB.go:50:34:50:39 | filter | mongoDB.go:50:23:50:40 | struct literal | provenance | Config | +| mongoDB.go:50:34:50:39 | filter | mongoDB.go:61:27:61:32 | filter | provenance | Sink:MaD:4 | +| mongoDB.go:50:34:50:39 | filter | mongoDB.go:63:23:63:28 | filter | provenance | Sink:MaD:5 | +| mongoDB.go:50:34:50:39 | filter | mongoDB.go:64:22:64:27 | filter | provenance | Sink:MaD:6 | +| mongoDB.go:50:34:50:39 | filter | mongoDB.go:66:32:66:37 | filter | provenance | Sink:MaD:7 | +| mongoDB.go:50:34:50:39 | filter | mongoDB.go:69:17:69:22 | filter | provenance | Sink:MaD:8 | +| mongoDB.go:50:34:50:39 | filter | mongoDB.go:70:20:70:25 | filter | provenance | Sink:MaD:9 | +| mongoDB.go:50:34:50:39 | filter | mongoDB.go:71:29:71:34 | filter | provenance | Sink:MaD:10 | +| mongoDB.go:50:34:50:39 | filter | mongoDB.go:72:30:72:35 | filter | provenance | Sink:MaD:11 | +| mongoDB.go:50:34:50:39 | filter | mongoDB.go:73:29:73:34 | filter | provenance | Sink:MaD:12 | +| mongoDB.go:50:34:50:39 | filter | mongoDB.go:78:23:78:28 | filter | provenance | Sink:MaD:13 | +| mongoDB.go:50:34:50:39 | filter | mongoDB.go:79:23:79:28 | filter | provenance | Sink:MaD:14 | +| mongoDB.go:50:34:50:39 | filter | mongoDB.go:80:22:80:27 | filter | provenance | Sink:MaD:15 | models | 1 | Sink: database/sql; DB; true; Query; ; ; Argument[0]; sql-injection; manual | | 2 | Sink: database/sql; Tx; true; Query; ; ; Argument[0]; sql-injection; manual | @@ -170,7 +164,7 @@ nodes | issue48.go:17:2:17:33 | ... := ...[0] | semmle.label | ... := ...[0] | | issue48.go:17:25:17:32 | selection of Body | semmle.label | selection of Body | | issue48.go:18:17:18:17 | b | semmle.label | b | -| issue48.go:18:20:18:39 | &... | semmle.label | &... | +| issue48.go:18:20:18:39 | &... [postupdate] | semmle.label | &... [postupdate] | | issue48.go:20:8:21:34 | []type{args} [array] | semmle.label | []type{args} [array] | | issue48.go:20:8:21:34 | call to Sprintf | semmle.label | call to Sprintf | | issue48.go:21:3:21:33 | index expression | semmle.label | index expression | @@ -178,7 +172,7 @@ nodes | issue48.go:27:2:27:34 | ... := ...[0] | semmle.label | ... := ...[0] | | issue48.go:27:26:27:33 | selection of Body | semmle.label | selection of Body | | issue48.go:28:17:28:18 | b2 | semmle.label | b2 | -| issue48.go:28:21:28:41 | &... | semmle.label | &... | +| issue48.go:28:21:28:41 | &... [postupdate] | semmle.label | &... [postupdate] | | issue48.go:30:8:31:32 | []type{args} [array] | semmle.label | []type{args} [array] | | issue48.go:30:8:31:32 | call to Sprintf | semmle.label | call to Sprintf | | issue48.go:31:3:31:31 | selection of Category | semmle.label | selection of Category | @@ -186,7 +180,7 @@ nodes | issue48.go:37:17:37:50 | type conversion | semmle.label | type conversion | | issue48.go:37:24:37:30 | selection of URL | semmle.label | selection of URL | | issue48.go:37:24:37:38 | call to Query | semmle.label | call to Query | -| issue48.go:37:53:37:73 | &... | semmle.label | &... | +| issue48.go:37:53:37:73 | &... [postupdate] | semmle.label | &... [postupdate] | | issue48.go:39:8:40:32 | []type{args} [array] | semmle.label | []type{args} [array] | | issue48.go:39:8:40:32 | call to Sprintf | semmle.label | call to Sprintf | | issue48.go:40:3:40:31 | selection of Category | semmle.label | selection of Category | @@ -213,9 +207,8 @@ nodes | main.go:34:3:34:13 | implicit dereference [Category] | semmle.label | implicit dereference [Category] | | main.go:34:3:34:22 | selection of Category | semmle.label | selection of Category | | main.go:35:11:35:11 | q | semmle.label | q | -| main.go:39:2:39:12 | definition of RequestData [pointer, Category] | semmle.label | definition of RequestData [pointer, Category] | -| main.go:40:2:40:12 | RequestData [pointer, Category] | semmle.label | RequestData [pointer, Category] | -| main.go:40:2:40:12 | implicit dereference [Category] | semmle.label | implicit dereference [Category] | +| main.go:40:2:40:12 | RequestData [postupdate] [pointer, Category] | semmle.label | RequestData [postupdate] [pointer, Category] | +| main.go:40:2:40:12 | implicit dereference [postupdate] [Category] | semmle.label | implicit dereference [postupdate] [Category] | | main.go:40:25:40:31 | selection of URL | semmle.label | selection of URL | | main.go:40:25:40:39 | call to Query | semmle.label | call to Query | | main.go:40:25:40:51 | index expression | semmle.label | index expression | @@ -225,9 +218,8 @@ nodes | main.go:43:3:43:13 | implicit dereference [Category] | semmle.label | implicit dereference [Category] | | main.go:43:3:43:22 | selection of Category | semmle.label | selection of Category | | main.go:44:11:44:11 | q | semmle.label | q | -| main.go:48:2:48:12 | definition of RequestData [pointer, Category] | semmle.label | definition of RequestData [pointer, Category] | -| main.go:49:3:49:14 | star expression [Category] | semmle.label | star expression [Category] | -| main.go:49:4:49:14 | RequestData [pointer, Category] | semmle.label | RequestData [pointer, Category] | +| main.go:49:3:49:14 | star expression [postupdate] [Category] | semmle.label | star expression [postupdate] [Category] | +| main.go:49:4:49:14 | RequestData [postupdate] [pointer, Category] | semmle.label | RequestData [postupdate] [pointer, Category] | | main.go:49:28:49:34 | selection of URL | semmle.label | selection of URL | | main.go:49:28:49:42 | call to Query | semmle.label | call to Query | | main.go:49:28:49:54 | index expression | semmle.label | index expression | @@ -237,9 +229,8 @@ nodes | main.go:52:3:52:13 | implicit dereference [Category] | semmle.label | implicit dereference [Category] | | main.go:52:3:52:22 | selection of Category | semmle.label | selection of Category | | main.go:53:11:53:11 | q | semmle.label | q | -| main.go:57:2:57:12 | definition of RequestData [pointer, Category] | semmle.label | definition of RequestData [pointer, Category] | -| main.go:58:3:58:14 | star expression [Category] | semmle.label | star expression [Category] | -| main.go:58:4:58:14 | RequestData [pointer, Category] | semmle.label | RequestData [pointer, Category] | +| main.go:58:3:58:14 | star expression [postupdate] [Category] | semmle.label | star expression [postupdate] [Category] | +| main.go:58:4:58:14 | RequestData [postupdate] [pointer, Category] | semmle.label | RequestData [postupdate] [pointer, Category] | | main.go:58:28:58:34 | selection of URL | semmle.label | selection of URL | | main.go:58:28:58:42 | call to Query | semmle.label | call to Query | | main.go:58:28:58:54 | index expression | semmle.label | index expression | diff --git a/go/ql/test/query-tests/Security/CWE-190/AllocationSizeOverflow.expected b/go/ql/test/query-tests/Security/CWE-190/AllocationSizeOverflow.expected index 3a9de1ebe60..ec1835a6f8a 100644 --- a/go/ql/test/query-tests/Security/CWE-190/AllocationSizeOverflow.expected +++ b/go/ql/test/query-tests/Security/CWE-190/AllocationSizeOverflow.expected @@ -17,10 +17,13 @@ edges | tst2.go:14:2:14:29 | ... := ...[0] | tst2.go:15:26:15:29 | data | provenance | | | tst2.go:15:26:15:29 | data | tst2.go:15:22:15:30 | call to len | provenance | Config | | tst3.go:6:2:6:31 | ... := ...[0] | tst3.go:7:26:7:33 | jsonData | provenance | | -| tst3.go:6:2:6:31 | ... := ...[0] | tst3.go:24:20:24:27 | jsonData | provenance | | -| tst3.go:6:2:6:31 | ... := ...[0] | tst3.go:32:20:32:27 | jsonData | provenance | | | tst3.go:7:26:7:33 | jsonData | tst3.go:7:22:7:34 | call to len | provenance | Config | +| tst3.go:7:26:7:33 | jsonData | tst3.go:9:32:9:39 | jsonData | provenance | | +| tst3.go:9:32:9:39 | jsonData | tst3.go:11:9:11:16 | jsonData | provenance | | +| tst3.go:11:9:11:16 | jsonData | tst3.go:16:20:16:27 | jsonData | provenance | | +| tst3.go:16:20:16:27 | jsonData | tst3.go:24:20:24:27 | jsonData | provenance | | | tst3.go:24:20:24:27 | jsonData | tst3.go:24:16:24:28 | call to len | provenance | Config | +| tst3.go:24:20:24:27 | jsonData | tst3.go:32:20:32:27 | jsonData | provenance | | | tst3.go:32:20:32:27 | jsonData | tst3.go:32:16:32:28 | call to len | provenance | Config | | tst.go:14:2:14:30 | ... = ...[0] | tst.go:15:26:15:33 | jsonData | provenance | | | tst.go:15:26:15:33 | jsonData | tst.go:15:22:15:34 | call to len | provenance | Config | @@ -45,6 +48,9 @@ nodes | tst3.go:6:2:6:31 | ... := ...[0] | semmle.label | ... := ...[0] | | tst3.go:7:22:7:34 | call to len | semmle.label | call to len | | tst3.go:7:26:7:33 | jsonData | semmle.label | jsonData | +| tst3.go:9:32:9:39 | jsonData | semmle.label | jsonData | +| tst3.go:11:9:11:16 | jsonData | semmle.label | jsonData | +| tst3.go:16:20:16:27 | jsonData | semmle.label | jsonData | | tst3.go:24:16:24:28 | call to len | semmle.label | call to len | | tst3.go:24:20:24:27 | jsonData | semmle.label | jsonData | | tst3.go:32:16:32:28 | call to len | semmle.label | call to len | diff --git a/go/ql/test/query-tests/Security/CWE-209/StackTraceExposure.expected b/go/ql/test/query-tests/Security/CWE-209/StackTraceExposure.expected index c62c6126648..732b9cd5cae 100644 --- a/go/ql/test/query-tests/Security/CWE-209/StackTraceExposure.expected +++ b/go/ql/test/query-tests/Security/CWE-209/StackTraceExposure.expected @@ -1,8 +1,8 @@ edges -| test.go:14:2:14:4 | definition of buf | test.go:17:10:17:12 | buf | provenance | | +| test.go:15:28:15:30 | buf [postupdate] | test.go:18:10:18:12 | buf | provenance | | nodes -| test.go:14:2:14:4 | definition of buf | semmle.label | definition of buf | -| test.go:17:10:17:12 | buf | semmle.label | buf | +| test.go:15:28:15:30 | buf [postupdate] | semmle.label | buf [postupdate] | +| test.go:18:10:18:12 | buf | semmle.label | buf | subpaths #select -| test.go:17:10:17:12 | buf | test.go:14:2:14:4 | definition of buf | test.go:17:10:17:12 | buf | HTTP response depends on $@ and may be exposed to an external user. | test.go:14:2:14:4 | definition of buf | stack trace information | +| test.go:18:10:18:12 | buf | test.go:15:28:15:30 | buf [postupdate] | test.go:18:10:18:12 | buf | HTTP response depends on $@ and may be exposed to an external user. | test.go:15:28:15:30 | buf [postupdate] | stack trace information | diff --git a/go/ql/test/query-tests/Security/CWE-209/test.go b/go/ql/test/query-tests/Security/CWE-209/test.go index 2ad35680048..77df73b8046 100644 --- a/go/ql/test/query-tests/Security/CWE-209/test.go +++ b/go/ql/test/query-tests/Security/CWE-209/test.go @@ -12,7 +12,8 @@ var logger log.Logger func handlePanic(w http.ResponseWriter, r *http.Request) { buf := make([]byte, 2<<16) - buf = buf[:runtime.Stack(buf, true)] + stackLen := runtime.Stack(buf, true) + buf = buf[:stackLen] // BAD: printing a stack trace back to the response w.Write(buf) // GOOD: logging the response to the server and sending diff --git a/go/ql/test/query-tests/Security/CWE-295/DisabledCertificateCheck/main.go b/go/ql/test/query-tests/Security/CWE-295/DisabledCertificateCheck/main.go index 027a88b9bb6..3cb5d107a70 100644 --- a/go/ql/test/query-tests/Security/CWE-295/DisabledCertificateCheck/main.go +++ b/go/ql/test/query-tests/Security/CWE-295/DisabledCertificateCheck/main.go @@ -64,9 +64,22 @@ func bad3() *http.Transport { return transport } -func good3() *http.Transport { - insecureTransport := &http.Transport{ - TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, // OK +func good3(i int) *http.Transport { + if i == 0 { + insecureTransport := &http.Transport{ + TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, // OK + } + return insecureTransport + } else if i == 1 { + temp1 := tls.Config{InsecureSkipVerify: true} + temp2 := &temp1 + selfSignConfig := &http.Transport{TLSClientConfig: temp2} // OK + return selfSignConfig + } else if i == 2 { + temp1 := tls.Config{} + temp1.InsecureSkipVerify = true + untrustedTransport := &http.Transport{TLSClientConfig: &temp1} // OK + return untrustedTransport } - return insecureTransport + return nil } diff --git a/go/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected b/go/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected index a7f7f83a9ff..f748c7a7773 100644 --- a/go/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected +++ b/go/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected @@ -1,105 +1,248 @@ #select | klog.go:23:15:23:20 | header | klog.go:21:30:21:37 | selection of Header | klog.go:23:15:23:20 | header | $@ flows to a logging call. | klog.go:21:30:21:37 | selection of Header | Sensitive data returned by HTTP request headers | | klog.go:29:13:29:41 | call to Get | klog.go:29:13:29:20 | selection of Header | klog.go:29:13:29:41 | call to Get | $@ flows to a logging call. | klog.go:29:13:29:20 | selection of Header | Sensitive data returned by HTTP request headers | -| main.go:16:12:16:19 | password | main.go:16:12:16:19 | password | main.go:16:12:16:19 | password | $@ flows to a logging call. | main.go:16:12:16:19 | password | Sensitive data returned by an access to password | -| main.go:17:19:17:26 | password | main.go:17:19:17:26 | password | main.go:17:19:17:26 | password | $@ flows to a logging call. | main.go:17:19:17:26 | password | Sensitive data returned by an access to password | -| main.go:18:13:18:20 | password | main.go:18:13:18:20 | password | main.go:18:13:18:20 | password | $@ flows to a logging call. | main.go:18:13:18:20 | password | Sensitive data returned by an access to password | -| main.go:19:14:19:21 | password | main.go:19:14:19:21 | password | main.go:19:14:19:21 | password | $@ flows to a logging call. | main.go:19:14:19:21 | password | Sensitive data returned by an access to password | -| main.go:20:12:20:19 | password | main.go:20:12:20:19 | password | main.go:20:12:20:19 | password | $@ flows to a logging call. | main.go:20:12:20:19 | password | Sensitive data returned by an access to password | -| main.go:21:19:21:26 | password | main.go:21:19:21:26 | password | main.go:21:19:21:26 | password | $@ flows to a logging call. | main.go:21:19:21:26 | password | Sensitive data returned by an access to password | -| main.go:22:13:22:20 | password | main.go:22:13:22:20 | password | main.go:22:13:22:20 | password | $@ flows to a logging call. | main.go:22:13:22:20 | password | Sensitive data returned by an access to password | -| main.go:23:14:23:21 | password | main.go:23:14:23:21 | password | main.go:23:14:23:21 | password | $@ flows to a logging call. | main.go:23:14:23:21 | password | Sensitive data returned by an access to password | -| main.go:24:12:24:19 | password | main.go:24:12:24:19 | password | main.go:24:12:24:19 | password | $@ flows to a logging call. | main.go:24:12:24:19 | password | Sensitive data returned by an access to password | -| main.go:25:19:25:26 | password | main.go:25:19:25:26 | password | main.go:25:19:25:26 | password | $@ flows to a logging call. | main.go:25:19:25:26 | password | Sensitive data returned by an access to password | -| main.go:26:13:26:20 | password | main.go:26:13:26:20 | password | main.go:26:13:26:20 | password | $@ flows to a logging call. | main.go:26:13:26:20 | password | Sensitive data returned by an access to password | -| main.go:27:14:27:21 | password | main.go:27:14:27:21 | password | main.go:27:14:27:21 | password | $@ flows to a logging call. | main.go:27:14:27:21 | password | Sensitive data returned by an access to password | -| main.go:28:16:28:23 | password | main.go:28:16:28:23 | password | main.go:28:16:28:23 | password | $@ flows to a logging call. | main.go:28:16:28:23 | password | Sensitive data returned by an access to password | -| main.go:32:10:32:17 | password | main.go:32:10:32:17 | password | main.go:32:10:32:17 | password | $@ flows to a logging call. | main.go:32:10:32:17 | password | Sensitive data returned by an access to password | -| main.go:33:17:33:24 | password | main.go:33:17:33:24 | password | main.go:33:17:33:24 | password | $@ flows to a logging call. | main.go:33:17:33:24 | password | Sensitive data returned by an access to password | -| main.go:34:11:34:18 | password | main.go:34:11:34:18 | password | main.go:34:11:34:18 | password | $@ flows to a logging call. | main.go:34:11:34:18 | password | Sensitive data returned by an access to password | -| main.go:35:12:35:19 | password | main.go:35:12:35:19 | password | main.go:35:12:35:19 | password | $@ flows to a logging call. | main.go:35:12:35:19 | password | Sensitive data returned by an access to password | -| main.go:36:10:36:17 | password | main.go:36:10:36:17 | password | main.go:36:10:36:17 | password | $@ flows to a logging call. | main.go:36:10:36:17 | password | Sensitive data returned by an access to password | -| main.go:37:17:37:24 | password | main.go:37:17:37:24 | password | main.go:37:17:37:24 | password | $@ flows to a logging call. | main.go:37:17:37:24 | password | Sensitive data returned by an access to password | -| main.go:38:11:38:18 | password | main.go:38:11:38:18 | password | main.go:38:11:38:18 | password | $@ flows to a logging call. | main.go:38:11:38:18 | password | Sensitive data returned by an access to password | -| main.go:39:12:39:19 | password | main.go:39:12:39:19 | password | main.go:39:12:39:19 | password | $@ flows to a logging call. | main.go:39:12:39:19 | password | Sensitive data returned by an access to password | -| main.go:40:10:40:17 | password | main.go:40:10:40:17 | password | main.go:40:10:40:17 | password | $@ flows to a logging call. | main.go:40:10:40:17 | password | Sensitive data returned by an access to password | -| main.go:41:17:41:24 | password | main.go:41:17:41:24 | password | main.go:41:17:41:24 | password | $@ flows to a logging call. | main.go:41:17:41:24 | password | Sensitive data returned by an access to password | -| main.go:42:11:42:18 | password | main.go:42:11:42:18 | password | main.go:42:11:42:18 | password | $@ flows to a logging call. | main.go:42:11:42:18 | password | Sensitive data returned by an access to password | -| main.go:43:12:43:19 | password | main.go:43:12:43:19 | password | main.go:43:12:43:19 | password | $@ flows to a logging call. | main.go:43:12:43:19 | password | Sensitive data returned by an access to password | -| main.go:44:14:44:21 | password | main.go:44:14:44:21 | password | main.go:44:14:44:21 | password | $@ flows to a logging call. | main.go:44:14:44:21 | password | Sensitive data returned by an access to password | -| main.go:47:12:47:19 | password | main.go:47:12:47:19 | password | main.go:47:12:47:19 | password | $@ flows to a logging call. | main.go:47:12:47:19 | password | Sensitive data returned by an access to password | -| main.go:48:17:48:24 | password | main.go:48:17:48:24 | password | main.go:48:17:48:24 | password | $@ flows to a logging call. | main.go:48:17:48:24 | password | Sensitive data returned by an access to password | -| main.go:55:35:55:42 | password | main.go:55:35:55:42 | password | main.go:55:35:55:42 | password | $@ flows to a logging call. | main.go:55:35:55:42 | password | Sensitive data returned by an access to password | -| overrides.go:13:14:13:23 | call to String | overrides.go:9:9:9:16 | password | overrides.go:13:14:13:23 | call to String | $@ flows to a logging call. | overrides.go:9:9:9:16 | password | Sensitive data returned by an access to password | -| passwords.go:9:14:9:14 | x | passwords.go:30:8:30:15 | password | passwords.go:9:14:9:14 | x | $@ flows to a logging call. | passwords.go:30:8:30:15 | password | Sensitive data returned by an access to password | -| passwords.go:25:14:25:21 | password | passwords.go:25:14:25:21 | password | passwords.go:25:14:25:21 | password | $@ flows to a logging call. | passwords.go:25:14:25:21 | password | Sensitive data returned by an access to password | +| main.go:19:12:19:19 | password | main.go:17:2:17:9 | definition of password | main.go:19:12:19:19 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | +| main.go:20:19:20:26 | password | main.go:17:2:17:9 | definition of password | main.go:20:19:20:26 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | +| main.go:21:13:21:20 | password | main.go:17:2:17:9 | definition of password | main.go:21:13:21:20 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | +| main.go:22:14:22:21 | password | main.go:17:2:17:9 | definition of password | main.go:22:14:22:21 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | +| main.go:24:13:24:20 | password | main.go:17:2:17:9 | definition of password | main.go:24:13:24:20 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | +| main.go:27:20:27:27 | password | main.go:17:2:17:9 | definition of password | main.go:27:20:27:27 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | +| main.go:30:14:30:21 | password | main.go:17:2:17:9 | definition of password | main.go:30:14:30:21 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | +| main.go:33:15:33:22 | password | main.go:17:2:17:9 | definition of password | main.go:33:15:33:22 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | +| main.go:36:13:36:20 | password | main.go:17:2:17:9 | definition of password | main.go:36:13:36:20 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | +| main.go:39:20:39:27 | password | main.go:17:2:17:9 | definition of password | main.go:39:20:39:27 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | +| main.go:42:14:42:21 | password | main.go:17:2:17:9 | definition of password | main.go:42:14:42:21 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | +| main.go:45:15:45:22 | password | main.go:17:2:17:9 | definition of password | main.go:45:15:45:22 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | +| main.go:47:16:47:23 | password | main.go:17:2:17:9 | definition of password | main.go:47:16:47:23 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | +| main.go:51:10:51:17 | password | main.go:17:2:17:9 | definition of password | main.go:51:10:51:17 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | +| main.go:52:17:52:24 | password | main.go:17:2:17:9 | definition of password | main.go:52:17:52:24 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | +| main.go:53:11:53:18 | password | main.go:17:2:17:9 | definition of password | main.go:53:11:53:18 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | +| main.go:54:12:54:19 | password | main.go:17:2:17:9 | definition of password | main.go:54:12:54:19 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | +| main.go:56:11:56:18 | password | main.go:17:2:17:9 | definition of password | main.go:56:11:56:18 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | +| main.go:59:18:59:25 | password | main.go:17:2:17:9 | definition of password | main.go:59:18:59:25 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | +| main.go:62:12:62:19 | password | main.go:17:2:17:9 | definition of password | main.go:62:12:62:19 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | +| main.go:65:13:65:20 | password | main.go:17:2:17:9 | definition of password | main.go:65:13:65:20 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | +| main.go:68:11:68:18 | password | main.go:17:2:17:9 | definition of password | main.go:68:11:68:18 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | +| main.go:71:18:71:25 | password | main.go:17:2:17:9 | definition of password | main.go:71:18:71:25 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | +| main.go:74:12:74:19 | password | main.go:17:2:17:9 | definition of password | main.go:74:12:74:19 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | +| main.go:77:13:77:20 | password | main.go:17:2:17:9 | definition of password | main.go:77:13:77:20 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | +| main.go:79:14:79:21 | password | main.go:17:2:17:9 | definition of password | main.go:79:14:79:21 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | +| main.go:82:12:82:19 | password | main.go:17:2:17:9 | definition of password | main.go:82:12:82:19 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | +| main.go:83:17:83:24 | password | main.go:17:2:17:9 | definition of password | main.go:83:17:83:24 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | +| main.go:87:29:87:34 | fields | main.go:17:2:17:9 | definition of password | main.go:87:29:87:34 | fields | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | +| main.go:90:35:90:42 | password | main.go:17:2:17:9 | definition of password | main.go:90:35:90:42 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | +| overrides.go:13:14:13:23 | call to String | overrides.go:8:2:8:9 | definition of password | overrides.go:13:14:13:23 | call to String | $@ flows to a logging call. | overrides.go:8:2:8:9 | definition of password | Sensitive data returned by an access to password | +| passwords.go:9:14:9:14 | x | passwords.go:21:2:21:9 | definition of password | passwords.go:9:14:9:14 | x | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password | +| passwords.go:25:14:25:21 | password | passwords.go:21:2:21:9 | definition of password | passwords.go:25:14:25:21 | password | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password | | passwords.go:26:14:26:23 | selection of password | passwords.go:26:14:26:23 | selection of password | passwords.go:26:14:26:23 | selection of password | $@ flows to a logging call. | passwords.go:26:14:26:23 | selection of password | Sensitive data returned by an access to password | | passwords.go:27:14:27:26 | call to getPassword | passwords.go:27:14:27:26 | call to getPassword | passwords.go:27:14:27:26 | call to getPassword | $@ flows to a logging call. | passwords.go:27:14:27:26 | call to getPassword | Sensitive data returned by a call to getPassword | | passwords.go:28:14:28:28 | call to getPassword | passwords.go:28:14:28:28 | call to getPassword | passwords.go:28:14:28:28 | call to getPassword | $@ flows to a logging call. | passwords.go:28:14:28:28 | call to getPassword | Sensitive data returned by a call to getPassword | -| passwords.go:32:12:32:19 | password | passwords.go:32:12:32:19 | password | passwords.go:32:12:32:19 | password | $@ flows to a logging call. | passwords.go:32:12:32:19 | password | Sensitive data returned by an access to password | -| passwords.go:34:14:34:35 | ...+... | passwords.go:34:28:34:35 | password | passwords.go:34:14:34:35 | ...+... | $@ flows to a logging call. | passwords.go:34:28:34:35 | password | Sensitive data returned by an access to password | +| passwords.go:32:12:32:19 | password | passwords.go:21:2:21:9 | definition of password | passwords.go:32:12:32:19 | password | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password | +| passwords.go:34:14:34:35 | ...+... | passwords.go:21:2:21:9 | definition of password | passwords.go:34:14:34:35 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password | | passwords.go:39:14:39:17 | obj1 | passwords.go:37:13:37:13 | x | passwords.go:39:14:39:17 | obj1 | $@ flows to a logging call. | passwords.go:37:13:37:13 | x | Sensitive data returned by an access to password | -| passwords.go:44:14:44:17 | obj2 | passwords.go:42:6:42:13 | password | passwords.go:44:14:44:17 | obj2 | $@ flows to a logging call. | passwords.go:42:6:42:13 | password | Sensitive data returned by an access to password | -| passwords.go:47:14:47:17 | obj3 | passwords.go:48:11:48:18 | password | passwords.go:47:14:47:17 | obj3 | $@ flows to a logging call. | passwords.go:48:11:48:18 | password | Sensitive data returned by an access to password | -| passwords.go:51:14:51:27 | fixed_password | passwords.go:51:14:51:27 | fixed_password | passwords.go:51:14:51:27 | fixed_password | $@ flows to a logging call. | passwords.go:51:14:51:27 | fixed_password | Sensitive data returned by an access to fixed_password | -| passwords.go:88:14:88:26 | utilityObject | passwords.go:86:16:86:36 | call to make | passwords.go:88:14:88:26 | utilityObject | $@ flows to a logging call. | passwords.go:86:16:86:36 | call to make | Sensitive data returned by an access to passwordSet | -| passwords.go:91:23:91:28 | secret | passwords.go:90:12:90:19 | password | passwords.go:91:23:91:28 | secret | $@ flows to a logging call. | passwords.go:90:12:90:19 | password | Sensitive data returned by an access to password | -| passwords.go:101:15:101:40 | ...+... | passwords.go:101:33:101:40 | password | passwords.go:101:15:101:40 | ...+... | $@ flows to a logging call. | passwords.go:101:33:101:40 | password | Sensitive data returned by an access to password | -| passwords.go:107:16:107:41 | ...+... | passwords.go:107:34:107:41 | password | passwords.go:107:16:107:41 | ...+... | $@ flows to a logging call. | passwords.go:107:34:107:41 | password | Sensitive data returned by an access to password | -| passwords.go:112:15:112:40 | ...+... | passwords.go:112:33:112:40 | password | passwords.go:112:15:112:40 | ...+... | $@ flows to a logging call. | passwords.go:112:33:112:40 | password | Sensitive data returned by an access to password | -| passwords.go:116:14:116:45 | ...+... | passwords.go:116:28:116:36 | password1 | passwords.go:116:14:116:45 | ...+... | $@ flows to a logging call. | passwords.go:116:28:116:36 | password1 | Sensitive data returned by an access to password1 | -| passwords.go:125:14:125:19 | config | passwords.go:119:13:119:13 | x | passwords.go:125:14:125:19 | config | $@ flows to a logging call. | passwords.go:119:13:119:13 | x | Sensitive data returned by an access to password | -| passwords.go:125:14:125:19 | config | passwords.go:121:13:121:20 | password | passwords.go:125:14:125:19 | config | $@ flows to a logging call. | passwords.go:121:13:121:20 | password | Sensitive data returned by an access to password | -| passwords.go:125:14:125:19 | config | passwords.go:122:13:122:25 | call to getPassword | passwords.go:125:14:125:19 | config | $@ flows to a logging call. | passwords.go:122:13:122:25 | call to getPassword | Sensitive data returned by a call to getPassword | -| passwords.go:126:14:126:21 | selection of x | passwords.go:121:13:121:20 | password | passwords.go:126:14:126:21 | selection of x | $@ flows to a logging call. | passwords.go:121:13:121:20 | password | Sensitive data returned by an access to password | -| passwords.go:127:14:127:21 | selection of y | passwords.go:122:13:122:25 | call to getPassword | passwords.go:127:14:127:21 | selection of y | $@ flows to a logging call. | passwords.go:122:13:122:25 | call to getPassword | Sensitive data returned by a call to getPassword | -| protobuf.go:14:14:14:35 | call to GetDescription | protobuf.go:12:22:12:29 | password | protobuf.go:14:14:14:35 | call to GetDescription | $@ flows to a logging call. | protobuf.go:12:22:12:29 | password | Sensitive data returned by an access to password | +| passwords.go:44:14:44:17 | obj2 | passwords.go:21:2:21:9 | definition of password | passwords.go:44:14:44:17 | obj2 | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password | +| passwords.go:51:14:51:27 | fixed_password | passwords.go:50:2:50:15 | definition of fixed_password | passwords.go:51:14:51:27 | fixed_password | $@ flows to a logging call. | passwords.go:50:2:50:15 | definition of fixed_password | Sensitive data returned by an access to fixed_password | +| passwords.go:89:14:89:26 | utilityObject | passwords.go:87:16:87:36 | call to make | passwords.go:89:14:89:26 | utilityObject | $@ flows to a logging call. | passwords.go:87:16:87:36 | call to make | Sensitive data returned by an access to passwordSet | +| passwords.go:92:23:92:28 | secret | passwords.go:21:2:21:9 | definition of password | passwords.go:92:23:92:28 | secret | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password | +| passwords.go:102:15:102:40 | ...+... | passwords.go:21:2:21:9 | definition of password | passwords.go:102:15:102:40 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password | +| passwords.go:108:16:108:41 | ...+... | passwords.go:21:2:21:9 | definition of password | passwords.go:108:16:108:41 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password | +| passwords.go:113:15:113:40 | ...+... | passwords.go:21:2:21:9 | definition of password | passwords.go:113:15:113:40 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password | +| passwords.go:117:14:117:45 | ...+... | passwords.go:116:6:116:14 | definition of password1 | passwords.go:117:14:117:45 | ...+... | $@ flows to a logging call. | passwords.go:116:6:116:14 | definition of password1 | Sensitive data returned by an access to password1 | +| passwords.go:127:14:127:19 | config | passwords.go:21:2:21:9 | definition of password | passwords.go:127:14:127:19 | config | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password | +| passwords.go:127:14:127:19 | config | passwords.go:121:13:121:14 | x3 | passwords.go:127:14:127:19 | config | $@ flows to a logging call. | passwords.go:121:13:121:14 | x3 | Sensitive data returned by an access to password | +| passwords.go:127:14:127:19 | config | passwords.go:124:13:124:25 | call to getPassword | passwords.go:127:14:127:19 | config | $@ flows to a logging call. | passwords.go:124:13:124:25 | call to getPassword | Sensitive data returned by a call to getPassword | +| passwords.go:128:14:128:21 | selection of x | passwords.go:21:2:21:9 | definition of password | passwords.go:128:14:128:21 | selection of x | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password | +| passwords.go:129:14:129:21 | selection of y | passwords.go:124:13:124:25 | call to getPassword | passwords.go:129:14:129:21 | selection of y | $@ flows to a logging call. | passwords.go:124:13:124:25 | call to getPassword | Sensitive data returned by a call to getPassword | +| protobuf.go:14:14:14:35 | call to GetDescription | protobuf.go:9:2:9:9 | definition of password | protobuf.go:14:14:14:35 | call to GetDescription | $@ flows to a logging call. | protobuf.go:9:2:9:9 | definition of password | Sensitive data returned by an access to password | edges | klog.go:21:3:26:3 | range statement[1] | klog.go:22:27:22:33 | headers | provenance | | -| klog.go:21:30:21:37 | selection of Header | klog.go:21:3:26:3 | range statement[1] | provenance | Src:MaD:1 Config | +| klog.go:21:30:21:37 | selection of Header | klog.go:21:3:26:3 | range statement[1] | provenance | Src:MaD:11 Config | | klog.go:22:4:25:4 | range statement[1] | klog.go:23:15:23:20 | header | provenance | | | klog.go:22:27:22:33 | headers | klog.go:22:4:25:4 | range statement[1] | provenance | Config | -| klog.go:29:13:29:20 | selection of Header | klog.go:29:13:29:41 | call to Get | provenance | Src:MaD:1 Config | +| klog.go:29:13:29:20 | selection of Header | klog.go:29:13:29:41 | call to Get | provenance | Src:MaD:11 Config | +| main.go:17:2:17:9 | definition of password | main.go:19:12:19:19 | password | provenance | | +| main.go:17:2:17:9 | definition of password | main.go:20:19:20:26 | password | provenance | | +| main.go:17:2:17:9 | definition of password | main.go:21:13:21:20 | password | provenance | Sink:MaD:6 | +| main.go:17:2:17:9 | definition of password | main.go:22:14:22:21 | password | provenance | | +| main.go:17:2:17:9 | definition of password | main.go:24:13:24:20 | password | provenance | | +| main.go:17:2:17:9 | definition of password | main.go:27:20:27:27 | password | provenance | | +| main.go:17:2:17:9 | definition of password | main.go:30:14:30:21 | password | provenance | Sink:MaD:3 | +| main.go:17:2:17:9 | definition of password | main.go:33:15:33:22 | password | provenance | | +| main.go:17:2:17:9 | definition of password | main.go:36:13:36:20 | password | provenance | | +| main.go:17:2:17:9 | definition of password | main.go:39:20:39:27 | password | provenance | | +| main.go:17:2:17:9 | definition of password | main.go:42:14:42:21 | password | provenance | Sink:MaD:5 | +| main.go:17:2:17:9 | definition of password | main.go:45:15:45:22 | password | provenance | | +| main.go:17:2:17:9 | definition of password | main.go:47:16:47:23 | password | provenance | Sink:MaD:4 | +| main.go:17:2:17:9 | definition of password | main.go:51:10:51:17 | password | provenance | | +| main.go:17:2:17:9 | definition of password | main.go:51:10:51:17 | password | provenance | | +| main.go:51:10:51:17 | password | main.go:52:17:52:24 | password | provenance | | +| main.go:51:10:51:17 | password | main.go:52:17:52:24 | password | provenance | | +| main.go:52:17:52:24 | password | main.go:53:11:53:18 | password | provenance | | +| main.go:52:17:52:24 | password | main.go:53:11:53:18 | password | provenance | Sink:MaD:10 | +| main.go:53:11:53:18 | password | main.go:54:12:54:19 | password | provenance | | +| main.go:53:11:53:18 | password | main.go:54:12:54:19 | password | provenance | | +| main.go:54:12:54:19 | password | main.go:56:11:56:18 | password | provenance | | +| main.go:54:12:54:19 | password | main.go:56:11:56:18 | password | provenance | | +| main.go:54:12:54:19 | password | main.go:59:18:59:25 | password | provenance | | +| main.go:54:12:54:19 | password | main.go:59:18:59:25 | password | provenance | | +| main.go:54:12:54:19 | password | main.go:62:12:62:19 | password | provenance | | +| main.go:54:12:54:19 | password | main.go:62:12:62:19 | password | provenance | Sink:MaD:7 | +| main.go:54:12:54:19 | password | main.go:65:13:65:20 | password | provenance | | +| main.go:54:12:54:19 | password | main.go:65:13:65:20 | password | provenance | | +| main.go:54:12:54:19 | password | main.go:68:11:68:18 | password | provenance | | +| main.go:54:12:54:19 | password | main.go:68:11:68:18 | password | provenance | | +| main.go:54:12:54:19 | password | main.go:71:18:71:25 | password | provenance | | +| main.go:54:12:54:19 | password | main.go:71:18:71:25 | password | provenance | | +| main.go:54:12:54:19 | password | main.go:74:12:74:19 | password | provenance | | +| main.go:54:12:54:19 | password | main.go:74:12:74:19 | password | provenance | Sink:MaD:9 | +| main.go:54:12:54:19 | password | main.go:77:13:77:20 | password | provenance | | +| main.go:54:12:54:19 | password | main.go:77:13:77:20 | password | provenance | | +| main.go:54:12:54:19 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 | +| main.go:54:12:54:19 | password | main.go:80:17:80:24 | password | provenance | | +| main.go:56:11:56:18 | password | main.go:59:18:59:25 | password | provenance | | +| main.go:56:11:56:18 | password | main.go:59:18:59:25 | password | provenance | | +| main.go:56:11:56:18 | password | main.go:62:12:62:19 | password | provenance | | +| main.go:56:11:56:18 | password | main.go:62:12:62:19 | password | provenance | Sink:MaD:7 | +| main.go:56:11:56:18 | password | main.go:65:13:65:20 | password | provenance | | +| main.go:56:11:56:18 | password | main.go:65:13:65:20 | password | provenance | | +| main.go:56:11:56:18 | password | main.go:68:11:68:18 | password | provenance | | +| main.go:56:11:56:18 | password | main.go:68:11:68:18 | password | provenance | | +| main.go:56:11:56:18 | password | main.go:71:18:71:25 | password | provenance | | +| main.go:56:11:56:18 | password | main.go:71:18:71:25 | password | provenance | | +| main.go:56:11:56:18 | password | main.go:74:12:74:19 | password | provenance | | +| main.go:56:11:56:18 | password | main.go:74:12:74:19 | password | provenance | Sink:MaD:9 | +| main.go:56:11:56:18 | password | main.go:77:13:77:20 | password | provenance | | +| main.go:56:11:56:18 | password | main.go:77:13:77:20 | password | provenance | | +| main.go:56:11:56:18 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 | +| main.go:56:11:56:18 | password | main.go:80:17:80:24 | password | provenance | | +| main.go:59:18:59:25 | password | main.go:62:12:62:19 | password | provenance | | +| main.go:59:18:59:25 | password | main.go:62:12:62:19 | password | provenance | Sink:MaD:7 | +| main.go:59:18:59:25 | password | main.go:65:13:65:20 | password | provenance | | +| main.go:59:18:59:25 | password | main.go:65:13:65:20 | password | provenance | | +| main.go:59:18:59:25 | password | main.go:68:11:68:18 | password | provenance | | +| main.go:59:18:59:25 | password | main.go:68:11:68:18 | password | provenance | | +| main.go:59:18:59:25 | password | main.go:71:18:71:25 | password | provenance | | +| main.go:59:18:59:25 | password | main.go:71:18:71:25 | password | provenance | | +| main.go:59:18:59:25 | password | main.go:74:12:74:19 | password | provenance | | +| main.go:59:18:59:25 | password | main.go:74:12:74:19 | password | provenance | Sink:MaD:9 | +| main.go:59:18:59:25 | password | main.go:77:13:77:20 | password | provenance | | +| main.go:59:18:59:25 | password | main.go:77:13:77:20 | password | provenance | | +| main.go:59:18:59:25 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 | +| main.go:59:18:59:25 | password | main.go:80:17:80:24 | password | provenance | | +| main.go:62:12:62:19 | password | main.go:65:13:65:20 | password | provenance | | +| main.go:62:12:62:19 | password | main.go:65:13:65:20 | password | provenance | | +| main.go:62:12:62:19 | password | main.go:68:11:68:18 | password | provenance | | +| main.go:62:12:62:19 | password | main.go:68:11:68:18 | password | provenance | | +| main.go:62:12:62:19 | password | main.go:71:18:71:25 | password | provenance | | +| main.go:62:12:62:19 | password | main.go:71:18:71:25 | password | provenance | | +| main.go:62:12:62:19 | password | main.go:74:12:74:19 | password | provenance | | +| main.go:62:12:62:19 | password | main.go:74:12:74:19 | password | provenance | Sink:MaD:9 | +| main.go:62:12:62:19 | password | main.go:77:13:77:20 | password | provenance | | +| main.go:62:12:62:19 | password | main.go:77:13:77:20 | password | provenance | | +| main.go:62:12:62:19 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 | +| main.go:62:12:62:19 | password | main.go:80:17:80:24 | password | provenance | | +| main.go:65:13:65:20 | password | main.go:68:11:68:18 | password | provenance | | +| main.go:65:13:65:20 | password | main.go:68:11:68:18 | password | provenance | | +| main.go:65:13:65:20 | password | main.go:71:18:71:25 | password | provenance | | +| main.go:65:13:65:20 | password | main.go:71:18:71:25 | password | provenance | | +| main.go:65:13:65:20 | password | main.go:74:12:74:19 | password | provenance | | +| main.go:65:13:65:20 | password | main.go:74:12:74:19 | password | provenance | Sink:MaD:9 | +| main.go:65:13:65:20 | password | main.go:77:13:77:20 | password | provenance | | +| main.go:65:13:65:20 | password | main.go:77:13:77:20 | password | provenance | | +| main.go:65:13:65:20 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 | +| main.go:65:13:65:20 | password | main.go:80:17:80:24 | password | provenance | | +| main.go:68:11:68:18 | password | main.go:71:18:71:25 | password | provenance | | +| main.go:68:11:68:18 | password | main.go:71:18:71:25 | password | provenance | | +| main.go:68:11:68:18 | password | main.go:74:12:74:19 | password | provenance | | +| main.go:68:11:68:18 | password | main.go:74:12:74:19 | password | provenance | Sink:MaD:9 | +| main.go:68:11:68:18 | password | main.go:77:13:77:20 | password | provenance | | +| main.go:68:11:68:18 | password | main.go:77:13:77:20 | password | provenance | | +| main.go:68:11:68:18 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 | +| main.go:68:11:68:18 | password | main.go:80:17:80:24 | password | provenance | | +| main.go:71:18:71:25 | password | main.go:74:12:74:19 | password | provenance | | +| main.go:71:18:71:25 | password | main.go:74:12:74:19 | password | provenance | Sink:MaD:9 | +| main.go:71:18:71:25 | password | main.go:77:13:77:20 | password | provenance | | +| main.go:71:18:71:25 | password | main.go:77:13:77:20 | password | provenance | | +| main.go:71:18:71:25 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 | +| main.go:71:18:71:25 | password | main.go:80:17:80:24 | password | provenance | | +| main.go:74:12:74:19 | password | main.go:77:13:77:20 | password | provenance | | +| main.go:74:12:74:19 | password | main.go:77:13:77:20 | password | provenance | | +| main.go:74:12:74:19 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 | +| main.go:74:12:74:19 | password | main.go:80:17:80:24 | password | provenance | | +| main.go:77:13:77:20 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 | +| main.go:77:13:77:20 | password | main.go:80:17:80:24 | password | provenance | | +| main.go:80:17:80:24 | password | main.go:82:12:82:19 | password | provenance | | +| main.go:80:17:80:24 | password | main.go:83:17:83:24 | password | provenance | | +| main.go:80:17:80:24 | password | main.go:86:19:86:26 | password | provenance | | +| main.go:86:2:86:7 | fields [postupdate] | main.go:87:29:87:34 | fields | provenance | Sink:MaD:2 | +| main.go:86:19:86:26 | password | main.go:86:2:86:7 | fields [postupdate] | provenance | Config | +| main.go:86:19:86:26 | password | main.go:90:35:90:42 | password | provenance | Sink:MaD:1 | +| overrides.go:8:2:8:9 | definition of password | overrides.go:9:9:9:16 | password | provenance | | | overrides.go:9:9:9:16 | password | overrides.go:13:14:13:23 | call to String | provenance | | | passwords.go:8:12:8:12 | definition of x | passwords.go:9:14:9:14 | x | provenance | | +| passwords.go:21:2:21:9 | definition of password | passwords.go:25:14:25:21 | password | provenance | | +| passwords.go:21:2:21:9 | definition of password | passwords.go:30:8:30:15 | password | provenance | | +| passwords.go:21:2:21:9 | definition of password | passwords.go:32:12:32:19 | password | provenance | | +| passwords.go:21:2:21:9 | definition of password | passwords.go:34:28:34:35 | password | provenance | | | passwords.go:30:8:30:15 | password | passwords.go:8:12:8:12 | definition of x | provenance | | | passwords.go:34:28:34:35 | password | passwords.go:34:14:34:35 | ...+... | provenance | Config | +| passwords.go:34:28:34:35 | password | passwords.go:42:6:42:13 | password | provenance | | | passwords.go:36:10:38:2 | struct literal | passwords.go:39:14:39:17 | obj1 | provenance | | | passwords.go:37:13:37:13 | x | passwords.go:36:10:38:2 | struct literal | provenance | Config | | passwords.go:41:10:43:2 | struct literal | passwords.go:44:14:44:17 | obj2 | provenance | | | passwords.go:42:6:42:13 | password | passwords.go:41:10:43:2 | struct literal | provenance | Config | -| passwords.go:46:6:46:9 | definition of obj3 | passwords.go:47:14:47:17 | obj3 | provenance | | -| passwords.go:48:11:48:18 | password | passwords.go:46:6:46:9 | definition of obj3 | provenance | Config | -| passwords.go:85:19:87:2 | struct literal | passwords.go:88:14:88:26 | utilityObject | provenance | | -| passwords.go:86:16:86:36 | call to make | passwords.go:85:19:87:2 | struct literal | provenance | Config | -| passwords.go:90:12:90:19 | password | passwords.go:91:23:91:28 | secret | provenance | | -| passwords.go:101:33:101:40 | password | passwords.go:101:15:101:40 | ...+... | provenance | Config | -| passwords.go:107:34:107:41 | password | passwords.go:107:16:107:41 | ...+... | provenance | Config | -| passwords.go:112:33:112:40 | password | passwords.go:112:15:112:40 | ...+... | provenance | Config | -| passwords.go:116:28:116:36 | password1 | passwords.go:116:28:116:45 | call to String | provenance | Config | -| passwords.go:116:28:116:45 | call to String | passwords.go:116:14:116:45 | ...+... | provenance | Config | -| passwords.go:118:12:123:2 | struct literal | passwords.go:125:14:125:19 | config | provenance | | -| passwords.go:118:12:123:2 | struct literal [x] | passwords.go:126:14:126:19 | config [x] | provenance | | -| passwords.go:118:12:123:2 | struct literal [y] | passwords.go:127:14:127:19 | config [y] | provenance | | -| passwords.go:119:13:119:13 | x | passwords.go:118:12:123:2 | struct literal | provenance | Config | -| passwords.go:121:13:121:20 | password | passwords.go:118:12:123:2 | struct literal | provenance | Config | -| passwords.go:121:13:121:20 | password | passwords.go:118:12:123:2 | struct literal [x] | provenance | | -| passwords.go:122:13:122:25 | call to getPassword | passwords.go:118:12:123:2 | struct literal | provenance | Config | -| passwords.go:122:13:122:25 | call to getPassword | passwords.go:118:12:123:2 | struct literal [y] | provenance | | -| passwords.go:126:14:126:19 | config [x] | passwords.go:126:14:126:21 | selection of x | provenance | | -| passwords.go:127:14:127:19 | config [y] | passwords.go:127:14:127:21 | selection of y | provenance | | -| protobuf.go:11:2:11:6 | definition of query [pointer, Description] | protobuf.go:12:2:12:6 | query [pointer, Description] | provenance | | -| protobuf.go:11:2:11:6 | definition of query [pointer, Description] | protobuf.go:14:14:14:18 | query [pointer, Description] | provenance | | -| protobuf.go:12:2:12:6 | implicit dereference [Description] | protobuf.go:11:2:11:6 | definition of query [pointer, Description] | provenance | | -| protobuf.go:12:2:12:6 | query [pointer, Description] | protobuf.go:12:2:12:6 | implicit dereference [Description] | provenance | | -| protobuf.go:12:22:12:29 | password | protobuf.go:12:2:12:6 | implicit dereference [Description] | provenance | | +| passwords.go:42:6:42:13 | password | passwords.go:48:11:48:18 | password | provenance | | +| passwords.go:48:11:48:18 | password | passwords.go:92:23:92:28 | secret | provenance | | +| passwords.go:48:11:48:18 | password | passwords.go:102:33:102:40 | password | provenance | | +| passwords.go:48:11:48:18 | password | passwords.go:108:34:108:41 | password | provenance | | +| passwords.go:48:11:48:18 | password | passwords.go:113:33:113:40 | password | provenance | | +| passwords.go:48:11:48:18 | password | passwords.go:123:13:123:20 | password | provenance | | +| passwords.go:50:2:50:15 | definition of fixed_password | passwords.go:51:14:51:27 | fixed_password | provenance | | +| passwords.go:86:19:88:2 | struct literal | passwords.go:89:14:89:26 | utilityObject | provenance | | +| passwords.go:87:16:87:36 | call to make | passwords.go:86:19:88:2 | struct literal | provenance | Config | +| passwords.go:102:33:102:40 | password | passwords.go:102:15:102:40 | ...+... | provenance | Config | +| passwords.go:102:33:102:40 | password | passwords.go:108:34:108:41 | password | provenance | | +| passwords.go:102:33:102:40 | password | passwords.go:113:33:113:40 | password | provenance | | +| passwords.go:102:33:102:40 | password | passwords.go:123:13:123:20 | password | provenance | | +| passwords.go:108:34:108:41 | password | passwords.go:108:16:108:41 | ...+... | provenance | Config | +| passwords.go:108:34:108:41 | password | passwords.go:113:33:113:40 | password | provenance | | +| passwords.go:108:34:108:41 | password | passwords.go:123:13:123:20 | password | provenance | | +| passwords.go:113:33:113:40 | password | passwords.go:113:15:113:40 | ...+... | provenance | Config | +| passwords.go:113:33:113:40 | password | passwords.go:123:13:123:20 | password | provenance | | +| passwords.go:116:6:116:14 | definition of password1 | passwords.go:117:28:117:36 | password1 | provenance | | +| passwords.go:117:28:117:36 | password1 | passwords.go:117:28:117:45 | call to String | provenance | Config | +| passwords.go:117:28:117:45 | call to String | passwords.go:117:14:117:45 | ...+... | provenance | Config | +| passwords.go:120:12:125:2 | struct literal | passwords.go:127:14:127:19 | config | provenance | | +| passwords.go:120:12:125:2 | struct literal [x] | passwords.go:128:14:128:19 | config [x] | provenance | | +| passwords.go:120:12:125:2 | struct literal [y] | passwords.go:129:14:129:19 | config [y] | provenance | | +| passwords.go:121:13:121:14 | x3 | passwords.go:120:12:125:2 | struct literal | provenance | Config | +| passwords.go:123:13:123:20 | password | passwords.go:120:12:125:2 | struct literal | provenance | Config | +| passwords.go:123:13:123:20 | password | passwords.go:120:12:125:2 | struct literal [x] | provenance | | +| passwords.go:124:13:124:25 | call to getPassword | passwords.go:120:12:125:2 | struct literal | provenance | Config | +| passwords.go:124:13:124:25 | call to getPassword | passwords.go:120:12:125:2 | struct literal [y] | provenance | | +| passwords.go:128:14:128:19 | config [x] | passwords.go:128:14:128:21 | selection of x | provenance | | +| passwords.go:129:14:129:19 | config [y] | passwords.go:129:14:129:21 | selection of y | provenance | | +| protobuf.go:9:2:9:9 | definition of password | protobuf.go:12:22:12:29 | password | provenance | | +| protobuf.go:12:2:12:6 | implicit dereference [postupdate] [Description] | protobuf.go:12:2:12:6 | query [postupdate] [pointer, Description] | provenance | | +| protobuf.go:12:2:12:6 | query [postupdate] [pointer, Description] | protobuf.go:14:14:14:18 | query [pointer, Description] | provenance | | +| protobuf.go:12:22:12:29 | password | protobuf.go:12:2:12:6 | implicit dereference [postupdate] [Description] | provenance | | | protobuf.go:14:14:14:18 | query [pointer, Description] | protobuf.go:14:14:14:35 | call to GetDescription | provenance | | | protobuf.go:14:14:14:18 | query [pointer, Description] | protos/query/query.pb.go:117:7:117:7 | definition of x [pointer, Description] | provenance | | | protos/query/query.pb.go:117:7:117:7 | definition of x [pointer, Description] | protos/query/query.pb.go:119:10:119:10 | x [pointer, Description] | provenance | | | protos/query/query.pb.go:119:10:119:10 | implicit dereference [Description] | protos/query/query.pb.go:119:10:119:22 | selection of Description | provenance | | | protos/query/query.pb.go:119:10:119:10 | x [pointer, Description] | protos/query/query.pb.go:119:10:119:10 | implicit dereference [Description] | provenance | | models -| 1 | Source: net/http; Request; true; Header; ; ; ; remote; manual | +| 1 | Sink: group:logrus; ; false; WithField; ; ; Argument[0..1]; log-injection; manual | +| 2 | Sink: group:logrus; ; false; WithFields; ; ; Argument[0]; log-injection; manual | +| 3 | Sink: log; ; false; Fatalf; ; ; Argument[0..1]; log-injection; manual | +| 4 | Sink: log; ; false; Output; ; ; Argument[1]; log-injection; manual | +| 5 | Sink: log; ; false; Panicf; ; ; Argument[0..1]; log-injection; manual | +| 6 | Sink: log; ; false; Printf; ; ; Argument[0..1]; log-injection; manual | +| 7 | Sink: log; Logger; true; Fatalf; ; ; Argument[0..1]; log-injection; manual | +| 8 | Sink: log; Logger; true; Output; ; ; Argument[1]; log-injection; manual | +| 9 | Sink: log; Logger; true; Panicf; ; ; Argument[0..1]; log-injection; manual | +| 10 | Sink: log; Logger; true; Printf; ; ; Argument[0..1]; log-injection; manual | +| 11 | Source: net/http; Request; true; Header; ; ; ; remote; manual | nodes | klog.go:21:3:26:3 | range statement[1] | semmle.label | range statement[1] | | klog.go:21:30:21:37 | selection of Header | semmle.label | selection of Header | @@ -108,39 +251,58 @@ nodes | klog.go:23:15:23:20 | header | semmle.label | header | | klog.go:29:13:29:20 | selection of Header | semmle.label | selection of Header | | klog.go:29:13:29:41 | call to Get | semmle.label | call to Get | -| main.go:16:12:16:19 | password | semmle.label | password | -| main.go:17:19:17:26 | password | semmle.label | password | -| main.go:18:13:18:20 | password | semmle.label | password | -| main.go:19:14:19:21 | password | semmle.label | password | -| main.go:20:12:20:19 | password | semmle.label | password | -| main.go:21:19:21:26 | password | semmle.label | password | -| main.go:22:13:22:20 | password | semmle.label | password | -| main.go:23:14:23:21 | password | semmle.label | password | -| main.go:24:12:24:19 | password | semmle.label | password | -| main.go:25:19:25:26 | password | semmle.label | password | -| main.go:26:13:26:20 | password | semmle.label | password | -| main.go:27:14:27:21 | password | semmle.label | password | -| main.go:28:16:28:23 | password | semmle.label | password | -| main.go:32:10:32:17 | password | semmle.label | password | -| main.go:33:17:33:24 | password | semmle.label | password | -| main.go:34:11:34:18 | password | semmle.label | password | -| main.go:35:12:35:19 | password | semmle.label | password | -| main.go:36:10:36:17 | password | semmle.label | password | -| main.go:37:17:37:24 | password | semmle.label | password | -| main.go:38:11:38:18 | password | semmle.label | password | -| main.go:39:12:39:19 | password | semmle.label | password | -| main.go:40:10:40:17 | password | semmle.label | password | -| main.go:41:17:41:24 | password | semmle.label | password | -| main.go:42:11:42:18 | password | semmle.label | password | -| main.go:43:12:43:19 | password | semmle.label | password | -| main.go:44:14:44:21 | password | semmle.label | password | -| main.go:47:12:47:19 | password | semmle.label | password | -| main.go:48:17:48:24 | password | semmle.label | password | -| main.go:55:35:55:42 | password | semmle.label | password | +| main.go:17:2:17:9 | definition of password | semmle.label | definition of password | +| main.go:19:12:19:19 | password | semmle.label | password | +| main.go:20:19:20:26 | password | semmle.label | password | +| main.go:21:13:21:20 | password | semmle.label | password | +| main.go:22:14:22:21 | password | semmle.label | password | +| main.go:24:13:24:20 | password | semmle.label | password | +| main.go:27:20:27:27 | password | semmle.label | password | +| main.go:30:14:30:21 | password | semmle.label | password | +| main.go:33:15:33:22 | password | semmle.label | password | +| main.go:36:13:36:20 | password | semmle.label | password | +| main.go:39:20:39:27 | password | semmle.label | password | +| main.go:42:14:42:21 | password | semmle.label | password | +| main.go:45:15:45:22 | password | semmle.label | password | +| main.go:47:16:47:23 | password | semmle.label | password | +| main.go:51:10:51:17 | password | semmle.label | password | +| main.go:51:10:51:17 | password | semmle.label | password | +| main.go:52:17:52:24 | password | semmle.label | password | +| main.go:52:17:52:24 | password | semmle.label | password | +| main.go:53:11:53:18 | password | semmle.label | password | +| main.go:53:11:53:18 | password | semmle.label | password | +| main.go:54:12:54:19 | password | semmle.label | password | +| main.go:54:12:54:19 | password | semmle.label | password | +| main.go:56:11:56:18 | password | semmle.label | password | +| main.go:56:11:56:18 | password | semmle.label | password | +| main.go:59:18:59:25 | password | semmle.label | password | +| main.go:59:18:59:25 | password | semmle.label | password | +| main.go:62:12:62:19 | password | semmle.label | password | +| main.go:62:12:62:19 | password | semmle.label | password | +| main.go:65:13:65:20 | password | semmle.label | password | +| main.go:65:13:65:20 | password | semmle.label | password | +| main.go:68:11:68:18 | password | semmle.label | password | +| main.go:68:11:68:18 | password | semmle.label | password | +| main.go:71:18:71:25 | password | semmle.label | password | +| main.go:71:18:71:25 | password | semmle.label | password | +| main.go:74:12:74:19 | password | semmle.label | password | +| main.go:74:12:74:19 | password | semmle.label | password | +| main.go:77:13:77:20 | password | semmle.label | password | +| main.go:77:13:77:20 | password | semmle.label | password | +| main.go:79:14:79:21 | password | semmle.label | password | +| main.go:80:17:80:24 | password | semmle.label | password | +| main.go:82:12:82:19 | password | semmle.label | password | +| main.go:83:17:83:24 | password | semmle.label | password | +| main.go:86:2:86:7 | fields [postupdate] | semmle.label | fields [postupdate] | +| main.go:86:19:86:26 | password | semmle.label | password | +| main.go:87:29:87:34 | fields | semmle.label | fields | +| main.go:90:35:90:42 | password | semmle.label | password | +| overrides.go:8:2:8:9 | definition of password | semmle.label | definition of password | | overrides.go:9:9:9:16 | password | semmle.label | password | | overrides.go:13:14:13:23 | call to String | semmle.label | call to String | | passwords.go:8:12:8:12 | definition of x | semmle.label | definition of x | | passwords.go:9:14:9:14 | x | semmle.label | x | +| passwords.go:21:2:21:9 | definition of password | semmle.label | definition of password | | passwords.go:25:14:25:21 | password | semmle.label | password | | passwords.go:26:14:26:23 | selection of password | semmle.label | selection of password | | passwords.go:27:14:27:26 | call to getPassword | semmle.label | call to getPassword | @@ -155,38 +317,37 @@ nodes | passwords.go:41:10:43:2 | struct literal | semmle.label | struct literal | | passwords.go:42:6:42:13 | password | semmle.label | password | | passwords.go:44:14:44:17 | obj2 | semmle.label | obj2 | -| passwords.go:46:6:46:9 | definition of obj3 | semmle.label | definition of obj3 | -| passwords.go:47:14:47:17 | obj3 | semmle.label | obj3 | | passwords.go:48:11:48:18 | password | semmle.label | password | +| passwords.go:50:2:50:15 | definition of fixed_password | semmle.label | definition of fixed_password | | passwords.go:51:14:51:27 | fixed_password | semmle.label | fixed_password | -| passwords.go:85:19:87:2 | struct literal | semmle.label | struct literal | -| passwords.go:86:16:86:36 | call to make | semmle.label | call to make | -| passwords.go:88:14:88:26 | utilityObject | semmle.label | utilityObject | -| passwords.go:90:12:90:19 | password | semmle.label | password | -| passwords.go:91:23:91:28 | secret | semmle.label | secret | -| passwords.go:101:15:101:40 | ...+... | semmle.label | ...+... | -| passwords.go:101:33:101:40 | password | semmle.label | password | -| passwords.go:107:16:107:41 | ...+... | semmle.label | ...+... | -| passwords.go:107:34:107:41 | password | semmle.label | password | -| passwords.go:112:15:112:40 | ...+... | semmle.label | ...+... | -| passwords.go:112:33:112:40 | password | semmle.label | password | -| passwords.go:116:14:116:45 | ...+... | semmle.label | ...+... | -| passwords.go:116:28:116:36 | password1 | semmle.label | password1 | -| passwords.go:116:28:116:45 | call to String | semmle.label | call to String | -| passwords.go:118:12:123:2 | struct literal | semmle.label | struct literal | -| passwords.go:118:12:123:2 | struct literal [x] | semmle.label | struct literal [x] | -| passwords.go:118:12:123:2 | struct literal [y] | semmle.label | struct literal [y] | -| passwords.go:119:13:119:13 | x | semmle.label | x | -| passwords.go:121:13:121:20 | password | semmle.label | password | -| passwords.go:122:13:122:25 | call to getPassword | semmle.label | call to getPassword | -| passwords.go:125:14:125:19 | config | semmle.label | config | -| passwords.go:126:14:126:19 | config [x] | semmle.label | config [x] | -| passwords.go:126:14:126:21 | selection of x | semmle.label | selection of x | -| passwords.go:127:14:127:19 | config [y] | semmle.label | config [y] | -| passwords.go:127:14:127:21 | selection of y | semmle.label | selection of y | -| protobuf.go:11:2:11:6 | definition of query [pointer, Description] | semmle.label | definition of query [pointer, Description] | -| protobuf.go:12:2:12:6 | implicit dereference [Description] | semmle.label | implicit dereference [Description] | -| protobuf.go:12:2:12:6 | query [pointer, Description] | semmle.label | query [pointer, Description] | +| passwords.go:86:19:88:2 | struct literal | semmle.label | struct literal | +| passwords.go:87:16:87:36 | call to make | semmle.label | call to make | +| passwords.go:89:14:89:26 | utilityObject | semmle.label | utilityObject | +| passwords.go:92:23:92:28 | secret | semmle.label | secret | +| passwords.go:102:15:102:40 | ...+... | semmle.label | ...+... | +| passwords.go:102:33:102:40 | password | semmle.label | password | +| passwords.go:108:16:108:41 | ...+... | semmle.label | ...+... | +| passwords.go:108:34:108:41 | password | semmle.label | password | +| passwords.go:113:15:113:40 | ...+... | semmle.label | ...+... | +| passwords.go:113:33:113:40 | password | semmle.label | password | +| passwords.go:116:6:116:14 | definition of password1 | semmle.label | definition of password1 | +| passwords.go:117:14:117:45 | ...+... | semmle.label | ...+... | +| passwords.go:117:28:117:36 | password1 | semmle.label | password1 | +| passwords.go:117:28:117:45 | call to String | semmle.label | call to String | +| passwords.go:120:12:125:2 | struct literal | semmle.label | struct literal | +| passwords.go:120:12:125:2 | struct literal [x] | semmle.label | struct literal [x] | +| passwords.go:120:12:125:2 | struct literal [y] | semmle.label | struct literal [y] | +| passwords.go:121:13:121:14 | x3 | semmle.label | x3 | +| passwords.go:123:13:123:20 | password | semmle.label | password | +| passwords.go:124:13:124:25 | call to getPassword | semmle.label | call to getPassword | +| passwords.go:127:14:127:19 | config | semmle.label | config | +| passwords.go:128:14:128:19 | config [x] | semmle.label | config [x] | +| passwords.go:128:14:128:21 | selection of x | semmle.label | selection of x | +| passwords.go:129:14:129:19 | config [y] | semmle.label | config [y] | +| passwords.go:129:14:129:21 | selection of y | semmle.label | selection of y | +| protobuf.go:9:2:9:9 | definition of password | semmle.label | definition of password | +| protobuf.go:12:2:12:6 | implicit dereference [postupdate] [Description] | semmle.label | implicit dereference [postupdate] [Description] | +| protobuf.go:12:2:12:6 | query [postupdate] [pointer, Description] | semmle.label | query [postupdate] [pointer, Description] | | protobuf.go:12:22:12:29 | password | semmle.label | password | | protobuf.go:14:14:14:18 | query [pointer, Description] | semmle.label | query [pointer, Description] | | protobuf.go:14:14:14:35 | call to GetDescription | semmle.label | call to GetDescription | diff --git a/go/ql/test/query-tests/Security/CWE-312/main.go b/go/ql/test/query-tests/Security/CWE-312/main.go index 17a183ff209..e30a8182265 100644 --- a/go/ql/test/query-tests/Security/CWE-312/main.go +++ b/go/ql/test/query-tests/Security/CWE-312/main.go @@ -5,27 +5,46 @@ package main import ( "log" + "math/rand" "github.com/golang/glog" "github.com/sirupsen/logrus" ) +var i int = rand.Int() + func main() { - password := "P4ssw0rd" + password := "P4ssw0rd" // $ Source log.Print(password) // $ Alert log.Printf("%s", password) // $ Alert log.Printf(password, "") // $ Alert log.Println(password) // $ Alert - log.Fatal(password) // $ Alert - log.Fatalf("%s", password) // $ Alert - log.Fatalf(password, "") // $ Alert - log.Fatalln(password) // $ Alert - log.Panic(password) // $ Alert - log.Panicf("%s", password) // $ Alert - log.Panicf(password, "") // $ Alert - log.Panicln(password) // $ Alert - log.Output(0, password) // $ Alert + if i == 0 { + log.Fatal(password) // $ Alert + } + if i == 1 { + log.Fatalf("%s", password) // $ Alert + } + if i == 2 { + log.Fatalf(password, "") // $ Alert + } + if i == 3 { + log.Fatalln(password) // $ Alert + } + if i == 4 { + log.Panic(password) // $ Alert + } + if i == 5 { + log.Panicf("%s", password) // $ Alert + } + if i == 6 { + log.Panicf(password, "") // $ Alert + } + if i == 7 { + log.Panicln(password) // $ Alert + } + log.Output(0, password) // $ Alert log.Printf("%T", password) l := log.Default() @@ -33,15 +52,31 @@ func main() { l.Printf("%s", password) // $ Alert l.Printf(password, "") // $ Alert l.Println(password) // $ Alert - l.Fatal(password) // $ Alert - l.Fatalf("%s", password) // $ Alert - l.Fatalf(password, "") // $ Alert - l.Fatalln(password) // $ Alert - l.Panic(password) // $ Alert - l.Panicf("%s", password) // $ Alert - l.Panicf(password, "") // $ Alert - l.Panicln(password) // $ Alert - l.Output(0, password) // $ Alert + if i == 100 { + l.Fatal(password) // $ Alert + } + if i == 101 { + l.Fatalf("%s", password) // $ Alert + } + if i == 102 { + l.Fatalf(password, "") // $ Alert + } + if i == 103 { + l.Fatalln(password) // $ Alert + } + if i == 104 { + l.Panic(password) // $ Alert + } + if i == 105 { + l.Panicf("%s", password) // $ Alert + } + if i == 106 { + l.Panicf(password, "") // $ Alert + } + if i == 107 { + l.Panicln(password) // $ Alert + } + l.Output(0, password) // $ Alert l.Printf("%T", password) glog.Info(password) // $ Alert @@ -49,7 +84,7 @@ func main() { fields := make(logrus.Fields) fields["pass"] = password - entry := logrus.WithFields(fields) + entry := logrus.WithFields(fields) // $ Alert entry.Errorf("") entry = logrus.WithField("pass", password) // $ Alert diff --git a/go/ql/test/query-tests/Security/CWE-312/overrides.go b/go/ql/test/query-tests/Security/CWE-312/overrides.go index 98fbdad9e77..4ac9401d2c0 100644 --- a/go/ql/test/query-tests/Security/CWE-312/overrides.go +++ b/go/ql/test/query-tests/Security/CWE-312/overrides.go @@ -5,8 +5,8 @@ import "fmt" type s struct{} func (_ s) String() string { - password := "horsebatterystaplecorrect" - return password // $ Source + password := "horsebatterystaplecorrect" // $ Source + return password } func overrideTest(x s, y fmt.Stringer) { diff --git a/go/ql/test/query-tests/Security/CWE-312/passwords.go b/go/ql/test/query-tests/Security/CWE-312/passwords.go index f99178f0fae..38c977e41b8 100644 --- a/go/ql/test/query-tests/Security/CWE-312/passwords.go +++ b/go/ql/test/query-tests/Security/CWE-312/passwords.go @@ -18,7 +18,7 @@ func redact(kind, value string) string { func test() { name := "user" - password := "P@ssw0rd" + password := "P@ssw0rd" // $ Source x := "horsebatterystapleincorrect" var o passStruct @@ -27,7 +27,7 @@ func test() { log.Println(getPassword()) // $ Alert log.Println(o.getPassword()) // $ Alert - myLog(password) // $ Source + myLog(password) log.Panic(password) // $ Alert @@ -39,16 +39,16 @@ func test() { log.Println(obj1) // $ Alert obj2 := xStruct{ - x: password, // $ Source + x: password, } log.Println(obj2) // $ Alert var obj3 xStruct - log.Println(obj3) // $ SPURIOUS: Alert // caught because of the below line and def-use flow - obj3.x = password // $ Source + log.Println(obj3) + obj3.x = password - fixed_password := "cowbatterystaplecorrect" - log.Println(fixed_password) // $ Alert // Probably OK + fixed_password := "cowbatterystaplecorrect" // $ Source + log.Println(fixed_password) // $ Alert // Probably OK log.Println(IncorrectPasswordError) // OK @@ -65,7 +65,8 @@ func test() { log.Println(actually_secure_password) // OK var user1 cryptedStruct - user1.cryptedPassword = x + x2 := "perhaps sensitive" + user1.cryptedPassword = x2 log.Println(user1) // OK var user2 passStruct @@ -87,7 +88,7 @@ func test() { } log.Println(utilityObject) // $ Alert - secret := password // $ Source + secret := password log.Printf("pw: %s", secret) // $ Alert log.Println("Password is: " + redact("password", password)) @@ -112,13 +113,14 @@ func test() { log.Println("Password is: " + password) // $ SPURIOUS: Alert } - var password1 stringable = stringable{"arstneio"} - log.Println(name + ", " + password1.String()) // $ Alert + var password1 stringable = stringable{"arstneio"} // $ Source + log.Println(name + ", " + password1.String()) // $ Alert + x3 := "sheepbatterystaplecorrect" config := Config{ - password: x, // $ Source + password: x3, // $ Source hostname: "tarski", - x: password, // $ Source + x: password, y: getPassword(), // $ Source } log.Println(config.hostname) // OK diff --git a/go/ql/test/query-tests/Security/CWE-312/protobuf.go b/go/ql/test/query-tests/Security/CWE-312/protobuf.go index a995f0d7cb8..3609410e2b0 100644 --- a/go/ql/test/query-tests/Security/CWE-312/protobuf.go +++ b/go/ql/test/query-tests/Security/CWE-312/protobuf.go @@ -6,10 +6,10 @@ import ( ) func testProtobuf() { - password := "P@ssw0rd" + password := "P@ssw0rd" // $ Source query := &query.Query{} - query.Description = password // $ Source + query.Description = password log.Println(query.GetDescription()) // $ Alert log.Println(query.GetId()) // OK diff --git a/go/ql/test/query-tests/Security/CWE-338/InsecureRandomness/InsecureRandomness.expected b/go/ql/test/query-tests/Security/CWE-338/InsecureRandomness/InsecureRandomness.expected index b2659fffde7..ef5f3a1f7b9 100644 --- a/go/ql/test/query-tests/Security/CWE-338/InsecureRandomness/InsecureRandomness.expected +++ b/go/ql/test/query-tests/Security/CWE-338/InsecureRandomness/InsecureRandomness.expected @@ -1,8 +1,7 @@ #select | InsecureRandomness.go:12:18:12:40 | call to Intn | InsecureRandomness.go:12:18:12:40 | call to Intn | InsecureRandomness.go:12:18:12:40 | call to Intn | A password-related function depends on a $@ generated with a cryptographically weak RNG. | InsecureRandomness.go:12:18:12:40 | call to Intn | random number | | sample.go:26:25:26:30 | call to Guid | sample.go:15:49:15:61 | call to Uint32 | sample.go:26:25:26:30 | call to Guid | This cryptographic algorithm depends on a $@ generated with a cryptographically weak RNG. | sample.go:15:49:15:61 | call to Uint32 | random number | -| sample.go:37:25:37:29 | nonce | sample.go:34:12:34:40 | call to New | sample.go:37:25:37:29 | nonce | This cryptographic algorithm depends on a $@ generated with a cryptographically weak RNG. | sample.go:34:12:34:40 | call to New | random number | -| sample.go:37:32:37:36 | nonce | sample.go:34:12:34:40 | call to New | sample.go:37:32:37:36 | nonce | This cryptographic algorithm depends on a $@ generated with a cryptographically weak RNG. | sample.go:34:12:34:40 | call to New | random number | +| sample.go:37:35:37:39 | nonce | sample.go:34:12:34:40 | call to New | sample.go:37:35:37:39 | nonce | This cryptographic algorithm depends on a $@ generated with a cryptographically weak RNG. | sample.go:34:12:34:40 | call to New | random number | | sample.go:43:17:43:39 | call to Intn | sample.go:43:17:43:39 | call to Intn | sample.go:43:17:43:39 | call to Intn | A password-related function depends on a $@ generated with a cryptographically weak RNG. | sample.go:43:17:43:39 | call to Intn | random number | | sample.go:58:32:58:43 | type conversion | sample.go:55:17:55:42 | call to Intn | sample.go:58:32:58:43 | type conversion | This cryptographic algorithm depends on a $@ generated with a cryptographically weak RNG. | sample.go:55:17:55:42 | call to Intn | random number | edges @@ -13,10 +12,9 @@ edges | sample.go:15:49:15:61 | call to Uint32 | sample.go:15:31:15:62 | []type{args} [array] | provenance | | | sample.go:15:49:15:61 | call to Uint32 | sample.go:15:31:15:62 | call to Sprintf | provenance | FunctionModel | | sample.go:16:9:16:15 | slice expression | sample.go:26:25:26:30 | call to Guid | provenance | | -| sample.go:33:2:33:6 | definition of nonce | sample.go:37:25:37:29 | nonce | provenance | | -| sample.go:33:2:33:6 | definition of nonce | sample.go:37:32:37:36 | nonce | provenance | | | sample.go:34:12:34:40 | call to New | sample.go:35:14:35:19 | random | provenance | | -| sample.go:35:14:35:19 | random | sample.go:33:2:33:6 | definition of nonce | provenance | MaD:2 | +| sample.go:35:14:35:19 | random | sample.go:35:22:35:26 | nonce [postupdate] | provenance | MaD:2 | +| sample.go:35:22:35:26 | nonce [postupdate] | sample.go:37:35:37:39 | nonce | provenance | | | sample.go:55:17:55:42 | call to Intn | sample.go:56:29:56:38 | randNumber | provenance | | | sample.go:56:11:56:40 | type conversion | sample.go:58:32:58:43 | type conversion | provenance | | | sample.go:56:18:56:39 | index expression | sample.go:56:11:56:40 | type conversion | provenance | | @@ -33,11 +31,10 @@ nodes | sample.go:15:49:15:61 | call to Uint32 | semmle.label | call to Uint32 | | sample.go:16:9:16:15 | slice expression | semmle.label | slice expression | | sample.go:26:25:26:30 | call to Guid | semmle.label | call to Guid | -| sample.go:33:2:33:6 | definition of nonce | semmle.label | definition of nonce | | sample.go:34:12:34:40 | call to New | semmle.label | call to New | | sample.go:35:14:35:19 | random | semmle.label | random | -| sample.go:37:25:37:29 | nonce | semmle.label | nonce | -| sample.go:37:32:37:36 | nonce | semmle.label | nonce | +| sample.go:35:22:35:26 | nonce [postupdate] | semmle.label | nonce [postupdate] | +| sample.go:37:35:37:39 | nonce | semmle.label | nonce | | sample.go:43:17:43:39 | call to Intn | semmle.label | call to Intn | | sample.go:44:17:44:39 | call to Intn | semmle.label | call to Intn | | sample.go:45:17:45:39 | call to Intn | semmle.label | call to Intn | diff --git a/go/ql/test/query-tests/Security/CWE-338/InsecureRandomness/sample.go b/go/ql/test/query-tests/Security/CWE-338/InsecureRandomness/sample.go index df703ff0dfa..9eef81f63bb 100644 --- a/go/ql/test/query-tests/Security/CWE-338/InsecureRandomness/sample.go +++ b/go/ql/test/query-tests/Security/CWE-338/InsecureRandomness/sample.go @@ -34,7 +34,7 @@ func encrypt(data []byte, password string) []byte { random := rand.New(rand.NewSource(999)) io.ReadFull(random, nonce) - ciphertext := gcm.Seal(nonce, nonce, data, nil) // BAD: use of an insecure rng to generate a nonce + ciphertext := gcm.Seal(data[:0], nonce, data, nil) // BAD: use of an insecure rng to generate a nonce return ciphertext } diff --git a/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.expected b/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.expected index f8d193348ba..d9f24369ca2 100644 --- a/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.expected +++ b/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.expected @@ -2,69 +2,93 @@ | OpenUrlRedirect.go:10:23:10:42 | call to Get | OpenUrlRedirect.go:10:23:10:28 | selection of Form | OpenUrlRedirect.go:10:23:10:42 | call to Get | This path to an untrusted URL redirection depends on a $@. | OpenUrlRedirect.go:10:23:10:28 | selection of Form | user-provided value | | stdlib.go:15:30:15:35 | target | stdlib.go:13:13:13:18 | selection of Form | stdlib.go:15:30:15:35 | target | This path to an untrusted URL redirection depends on a $@. | stdlib.go:13:13:13:18 | selection of Form | user-provided value | | stdlib.go:24:30:24:35 | target | stdlib.go:22:13:22:18 | selection of Form | stdlib.go:24:30:24:35 | target | This path to an untrusted URL redirection depends on a $@. | stdlib.go:22:13:22:18 | selection of Form | user-provided value | -| stdlib.go:35:30:35:39 | ...+... | stdlib.go:31:13:31:18 | selection of Form | stdlib.go:35:30:35:39 | ...+... | This path to an untrusted URL redirection depends on a $@. | stdlib.go:31:13:31:18 | selection of Form | user-provided value | -| stdlib.go:46:23:46:28 | target | stdlib.go:44:13:44:18 | selection of Form | stdlib.go:46:23:46:28 | target | This path to an untrusted URL redirection depends on a $@. | stdlib.go:44:13:44:18 | selection of Form | user-provided value | -| stdlib.go:67:23:67:40 | ...+... | stdlib.go:64:13:64:18 | selection of Form | stdlib.go:67:23:67:40 | ...+... | This path to an untrusted URL redirection depends on a $@. | stdlib.go:64:13:64:18 | selection of Form | user-provided value | -| stdlib.go:92:23:92:28 | target | stdlib.go:89:13:89:18 | selection of Form | stdlib.go:92:23:92:28 | target | This path to an untrusted URL redirection depends on a $@. | stdlib.go:89:13:89:18 | selection of Form | user-provided value | -| stdlib.go:152:23:152:28 | target | stdlib.go:146:13:146:18 | selection of Form | stdlib.go:152:23:152:28 | target | This path to an untrusted URL redirection depends on a $@. | stdlib.go:146:13:146:18 | selection of Form | user-provided value | -| stdlib.go:184:23:184:28 | target | stdlib.go:182:13:182:33 | call to FormValue | stdlib.go:184:23:184:28 | target | This path to an untrusted URL redirection depends on a $@. | stdlib.go:182:13:182:33 | call to FormValue | user-provided value | -| stdlib.go:192:23:192:33 | selection of Path | stdlib.go:190:36:190:56 | call to FormValue | stdlib.go:192:23:192:33 | selection of Path | This path to an untrusted URL redirection depends on a $@. | stdlib.go:190:36:190:56 | call to FormValue | user-provided value | -| stdlib.go:194:23:194:42 | call to EscapedPath | stdlib.go:190:36:190:56 | call to FormValue | stdlib.go:194:23:194:42 | call to EscapedPath | This path to an untrusted URL redirection depends on a $@. | stdlib.go:190:36:190:56 | call to FormValue | user-provided value | +| stdlib.go:39:30:39:40 | ...+... | stdlib.go:33:13:33:18 | selection of Form | stdlib.go:39:30:39:40 | ...+... | This path to an untrusted URL redirection depends on a $@. | stdlib.go:33:13:33:18 | selection of Form | user-provided value | +| stdlib.go:50:23:50:28 | target | stdlib.go:48:13:48:18 | selection of Form | stdlib.go:50:23:50:28 | target | This path to an untrusted URL redirection depends on a $@. | stdlib.go:48:13:48:18 | selection of Form | user-provided value | +| stdlib.go:71:23:71:40 | ...+... | stdlib.go:68:13:68:18 | selection of Form | stdlib.go:71:23:71:40 | ...+... | This path to an untrusted URL redirection depends on a $@. | stdlib.go:68:13:68:18 | selection of Form | user-provided value | +| stdlib.go:96:23:96:28 | target | stdlib.go:93:13:93:18 | selection of Form | stdlib.go:96:23:96:28 | target | This path to an untrusted URL redirection depends on a $@. | stdlib.go:93:13:93:18 | selection of Form | user-provided value | +| stdlib.go:156:23:156:28 | target | stdlib.go:150:13:150:18 | selection of Form | stdlib.go:156:23:156:28 | target | This path to an untrusted URL redirection depends on a $@. | stdlib.go:150:13:150:18 | selection of Form | user-provided value | +| stdlib.go:188:23:188:28 | target | stdlib.go:186:13:186:33 | call to FormValue | stdlib.go:188:23:188:28 | target | This path to an untrusted URL redirection depends on a $@. | stdlib.go:186:13:186:33 | call to FormValue | user-provided value | +| stdlib.go:196:23:196:33 | selection of Path | stdlib.go:194:36:194:56 | call to FormValue | stdlib.go:196:23:196:33 | selection of Path | This path to an untrusted URL redirection depends on a $@. | stdlib.go:194:36:194:56 | call to FormValue | user-provided value | +| stdlib.go:198:23:198:42 | call to EscapedPath | stdlib.go:194:36:194:56 | call to FormValue | stdlib.go:198:23:198:42 | call to EscapedPath | This path to an untrusted URL redirection depends on a $@. | stdlib.go:194:36:194:56 | call to FormValue | user-provided value | +| stdlib.go:212:23:212:28 | selection of Path | stdlib.go:210:12:210:30 | call to FormValue | stdlib.go:212:23:212:28 | selection of Path | This path to an untrusted URL redirection depends on a $@. | stdlib.go:210:12:210:30 | call to FormValue | user-provided value | +| stdlib.go:214:23:214:32 | call to String | stdlib.go:210:12:210:30 | call to FormValue | stdlib.go:214:23:214:32 | call to String | This path to an untrusted URL redirection depends on a $@. | stdlib.go:210:12:210:30 | call to FormValue | user-provided value | +| stdlib.go:261:23:261:32 | call to String | stdlib.go:257:12:257:30 | call to FormValue | stdlib.go:261:23:261:32 | call to String | This path to an untrusted URL redirection depends on a $@. | stdlib.go:257:12:257:30 | call to FormValue | user-provided value | edges | OpenUrlRedirect.go:10:23:10:28 | selection of Form | OpenUrlRedirect.go:10:23:10:42 | call to Get | provenance | Src:MaD:2 Config Sink:MaD:1 | | stdlib.go:13:13:13:18 | selection of Form | stdlib.go:13:13:13:32 | call to Get | provenance | Src:MaD:2 Config | | stdlib.go:13:13:13:32 | call to Get | stdlib.go:15:30:15:35 | target | provenance | | | stdlib.go:22:13:22:18 | selection of Form | stdlib.go:22:13:22:32 | call to Get | provenance | Src:MaD:2 Config | | stdlib.go:22:13:22:32 | call to Get | stdlib.go:24:30:24:35 | target | provenance | | -| stdlib.go:31:13:31:18 | selection of Form | stdlib.go:31:13:31:32 | call to Get | provenance | Src:MaD:2 Config | -| stdlib.go:31:13:31:32 | call to Get | stdlib.go:35:34:35:39 | target | provenance | | -| stdlib.go:35:34:35:39 | target | stdlib.go:35:30:35:39 | ...+... | provenance | Config | -| stdlib.go:44:13:44:18 | selection of Form | stdlib.go:44:13:44:32 | call to Get | provenance | Src:MaD:2 Config | -| stdlib.go:44:13:44:32 | call to Get | stdlib.go:46:23:46:28 | target | provenance | Sink:MaD:1 | -| stdlib.go:64:13:64:18 | selection of Form | stdlib.go:64:13:64:32 | call to Get | provenance | Src:MaD:2 Config | -| stdlib.go:64:13:64:32 | call to Get | stdlib.go:67:23:67:28 | target | provenance | | -| stdlib.go:67:23:67:28 | target | stdlib.go:67:23:67:37 | ...+... | provenance | Config | -| stdlib.go:67:23:67:37 | ...+... | stdlib.go:67:23:67:40 | ...+... | provenance | Config Sink:MaD:1 | -| stdlib.go:89:13:89:18 | selection of Form | stdlib.go:89:13:89:32 | call to Get | provenance | Src:MaD:2 Config | -| stdlib.go:89:13:89:32 | call to Get | stdlib.go:90:3:90:8 | target | provenance | | -| stdlib.go:90:3:90:8 | target | stdlib.go:90:3:90:25 | ... += ... | provenance | Config | -| stdlib.go:90:3:90:25 | ... += ... | stdlib.go:92:23:92:28 | target | provenance | Sink:MaD:1 | -| stdlib.go:107:54:107:54 | definition of r [pointer, URL, pointer] | stdlib.go:112:4:112:4 | r [pointer, URL, pointer] | provenance | | -| stdlib.go:107:54:107:54 | definition of r [pointer, URL] | stdlib.go:112:4:112:4 | r [pointer, URL] | provenance | | -| stdlib.go:107:54:107:54 | definition of r [pointer, URL] | stdlib.go:113:24:113:24 | r [pointer, URL] | provenance | | -| stdlib.go:112:4:112:4 | implicit dereference [URL, pointer] | stdlib.go:107:54:107:54 | definition of r [pointer, URL, pointer] | provenance | | -| stdlib.go:112:4:112:4 | implicit dereference [URL, pointer] | stdlib.go:112:4:112:8 | selection of URL [pointer] | provenance | | -| stdlib.go:112:4:112:4 | implicit dereference [URL] | stdlib.go:107:54:107:54 | definition of r [pointer, URL] | provenance | | -| stdlib.go:112:4:112:4 | implicit dereference [URL] | stdlib.go:112:4:112:8 | selection of URL | provenance | | -| stdlib.go:112:4:112:4 | r [pointer, URL, pointer] | stdlib.go:112:4:112:4 | implicit dereference [URL, pointer] | provenance | | -| stdlib.go:112:4:112:4 | r [pointer, URL] | stdlib.go:112:4:112:4 | implicit dereference [URL] | provenance | | -| stdlib.go:112:4:112:8 | implicit dereference | stdlib.go:112:4:112:8 | selection of URL | provenance | Config | -| stdlib.go:112:4:112:8 | implicit dereference | stdlib.go:112:4:112:8 | selection of URL [pointer] | provenance | | -| stdlib.go:112:4:112:8 | selection of URL | stdlib.go:112:4:112:4 | implicit dereference [URL] | provenance | Src:MaD:4 | -| stdlib.go:112:4:112:8 | selection of URL | stdlib.go:112:4:112:8 | implicit dereference | provenance | Src:MaD:4 Config | -| stdlib.go:112:4:112:8 | selection of URL [pointer] | stdlib.go:112:4:112:4 | implicit dereference [URL, pointer] | provenance | | -| stdlib.go:112:4:112:8 | selection of URL [pointer] | stdlib.go:112:4:112:8 | implicit dereference | provenance | | -| stdlib.go:113:24:113:24 | implicit dereference [URL] | stdlib.go:113:24:113:28 | selection of URL | provenance | | -| stdlib.go:113:24:113:24 | r [pointer, URL] | stdlib.go:113:24:113:24 | implicit dereference [URL] | provenance | | -| stdlib.go:113:24:113:28 | selection of URL | stdlib.go:113:24:113:37 | call to String | provenance | Src:MaD:4 Config Sink:MaD:1 | -| stdlib.go:146:13:146:18 | selection of Form | stdlib.go:146:13:146:32 | call to Get | provenance | Src:MaD:2 Config | -| stdlib.go:146:13:146:32 | call to Get | stdlib.go:152:23:152:28 | target | provenance | Sink:MaD:1 | -| stdlib.go:159:10:159:15 | star expression | stdlib.go:159:11:159:15 | selection of URL | provenance | Config | -| stdlib.go:159:10:159:15 | star expression | stdlib.go:162:24:162:26 | url | provenance | | -| stdlib.go:159:11:159:15 | selection of URL | stdlib.go:159:10:159:15 | star expression | provenance | Src:MaD:4 Config | -| stdlib.go:162:24:162:26 | url | stdlib.go:162:24:162:35 | call to String | provenance | Config Sink:MaD:1 | -| stdlib.go:173:35:173:39 | selection of URL | stdlib.go:173:35:173:52 | call to RequestURI | provenance | Src:MaD:4 Config | -| stdlib.go:173:35:173:52 | call to RequestURI | stdlib.go:173:24:173:52 | ...+... | provenance | Config Sink:MaD:1 | -| stdlib.go:182:13:182:33 | call to FormValue | stdlib.go:184:23:184:28 | target | provenance | Src:MaD:3 Sink:MaD:1 | -| stdlib.go:190:3:190:8 | definition of target | stdlib.go:192:23:192:28 | target | provenance | | -| stdlib.go:190:3:190:8 | definition of target | stdlib.go:194:23:194:28 | target | provenance | | -| stdlib.go:190:3:190:57 | ... := ...[0] | stdlib.go:190:3:190:8 | definition of target | provenance | | -| stdlib.go:190:36:190:56 | call to FormValue | stdlib.go:190:3:190:57 | ... := ...[0] | provenance | Src:MaD:3 Config | -| stdlib.go:192:23:192:28 | implicit dereference | stdlib.go:190:3:190:8 | definition of target | provenance | Config | -| stdlib.go:192:23:192:28 | implicit dereference | stdlib.go:192:23:192:33 | selection of Path | provenance | Config Sink:MaD:1 | -| stdlib.go:192:23:192:28 | target | stdlib.go:192:23:192:28 | implicit dereference | provenance | Config | -| stdlib.go:192:23:192:28 | target | stdlib.go:192:23:192:33 | selection of Path | provenance | Config Sink:MaD:1 | -| stdlib.go:194:23:194:28 | target | stdlib.go:194:23:194:42 | call to EscapedPath | provenance | Config Sink:MaD:1 | +| stdlib.go:33:13:33:18 | selection of Form | stdlib.go:33:13:33:32 | call to Get | provenance | Src:MaD:2 Config | +| stdlib.go:33:13:33:32 | call to Get | stdlib.go:39:34:39:40 | target2 | provenance | | +| stdlib.go:39:34:39:40 | target2 | stdlib.go:39:30:39:40 | ...+... | provenance | Config | +| stdlib.go:48:13:48:18 | selection of Form | stdlib.go:48:13:48:32 | call to Get | provenance | Src:MaD:2 Config | +| stdlib.go:48:13:48:32 | call to Get | stdlib.go:50:23:50:28 | target | provenance | Sink:MaD:1 | +| stdlib.go:68:13:68:18 | selection of Form | stdlib.go:68:13:68:32 | call to Get | provenance | Src:MaD:2 Config | +| stdlib.go:68:13:68:32 | call to Get | stdlib.go:71:23:71:28 | target | provenance | | +| stdlib.go:71:23:71:28 | target | stdlib.go:71:23:71:37 | ...+... | provenance | Config | +| stdlib.go:71:23:71:37 | ...+... | stdlib.go:71:23:71:40 | ...+... | provenance | Config Sink:MaD:1 | +| stdlib.go:93:13:93:18 | selection of Form | stdlib.go:93:13:93:32 | call to Get | provenance | Src:MaD:2 Config | +| stdlib.go:93:13:93:32 | call to Get | stdlib.go:94:3:94:8 | target | provenance | | +| stdlib.go:94:3:94:8 | target | stdlib.go:94:3:94:25 | ... += ... | provenance | Config | +| stdlib.go:94:3:94:25 | ... += ... | stdlib.go:96:23:96:28 | target | provenance | Sink:MaD:1 | +| stdlib.go:116:4:116:4 | implicit dereference [postupdate] [URL] | stdlib.go:116:4:116:4 | r [postupdate] [pointer, URL] | provenance | | +| stdlib.go:116:4:116:4 | r [postupdate] [pointer, URL] | stdlib.go:117:24:117:24 | r [pointer, URL] | provenance | | +| stdlib.go:116:4:116:8 | implicit dereference | stdlib.go:116:4:116:8 | selection of URL [postupdate] | provenance | Config | +| stdlib.go:116:4:116:8 | selection of URL | stdlib.go:116:4:116:8 | implicit dereference | provenance | Src:MaD:4 Config | +| stdlib.go:116:4:116:8 | selection of URL [postupdate] | stdlib.go:116:4:116:4 | implicit dereference [postupdate] [URL] | provenance | | +| stdlib.go:116:4:116:8 | selection of URL [postupdate] | stdlib.go:116:4:116:8 | implicit dereference | provenance | Config | +| stdlib.go:117:24:117:24 | implicit dereference [URL] | stdlib.go:117:24:117:28 | selection of URL | provenance | | +| stdlib.go:117:24:117:24 | r [pointer, URL] | stdlib.go:117:24:117:24 | implicit dereference [URL] | provenance | | +| stdlib.go:117:24:117:28 | selection of URL | stdlib.go:117:24:117:37 | call to String | provenance | Src:MaD:4 Config Sink:MaD:1 | +| stdlib.go:150:13:150:18 | selection of Form | stdlib.go:150:13:150:32 | call to Get | provenance | Src:MaD:2 Config | +| stdlib.go:150:13:150:32 | call to Get | stdlib.go:156:23:156:28 | target | provenance | Sink:MaD:1 | +| stdlib.go:163:10:163:15 | star expression | stdlib.go:163:11:163:15 | selection of URL [postupdate] | provenance | Config | +| stdlib.go:163:10:163:15 | star expression | stdlib.go:166:24:166:26 | url | provenance | | +| stdlib.go:163:11:163:15 | selection of URL | stdlib.go:163:10:163:15 | star expression | provenance | Src:MaD:4 Config | +| stdlib.go:163:11:163:15 | selection of URL [postupdate] | stdlib.go:163:10:163:15 | star expression | provenance | Config | +| stdlib.go:166:24:166:26 | url | stdlib.go:166:24:166:35 | call to String | provenance | Config Sink:MaD:1 | +| stdlib.go:177:35:177:39 | selection of URL | stdlib.go:177:35:177:52 | call to RequestURI | provenance | Src:MaD:4 Config | +| stdlib.go:177:35:177:52 | call to RequestURI | stdlib.go:177:24:177:52 | ...+... | provenance | Config Sink:MaD:1 | +| stdlib.go:186:13:186:33 | call to FormValue | stdlib.go:188:23:188:28 | target | provenance | Src:MaD:3 Sink:MaD:1 | +| stdlib.go:194:3:194:57 | ... := ...[0] | stdlib.go:196:23:196:28 | target | provenance | | +| stdlib.go:194:36:194:56 | call to FormValue | stdlib.go:194:3:194:57 | ... := ...[0] | provenance | Src:MaD:3 Config | +| stdlib.go:196:23:196:28 | implicit dereference | stdlib.go:196:23:196:28 | target [postupdate] | provenance | Config | +| stdlib.go:196:23:196:28 | implicit dereference | stdlib.go:196:23:196:33 | selection of Path | provenance | Config Sink:MaD:1 | +| stdlib.go:196:23:196:28 | target | stdlib.go:196:23:196:28 | implicit dereference | provenance | Config | +| stdlib.go:196:23:196:28 | target | stdlib.go:196:23:196:33 | selection of Path | provenance | Config Sink:MaD:1 | +| stdlib.go:196:23:196:28 | target | stdlib.go:198:23:198:28 | target | provenance | | +| stdlib.go:196:23:196:28 | target [postupdate] | stdlib.go:196:23:196:28 | implicit dereference | provenance | Config | +| stdlib.go:196:23:196:28 | target [postupdate] | stdlib.go:198:23:198:28 | target | provenance | | +| stdlib.go:198:23:198:28 | target | stdlib.go:198:23:198:42 | call to EscapedPath | provenance | Config Sink:MaD:1 | +| stdlib.go:210:3:210:3 | implicit dereference [postupdate] | stdlib.go:210:3:210:3 | u [postupdate] | provenance | Config | +| stdlib.go:210:3:210:3 | implicit dereference [postupdate] | stdlib.go:210:3:210:3 | u [postupdate] [pointer] | provenance | | +| stdlib.go:210:3:210:3 | u [postupdate] | stdlib.go:212:23:212:23 | u | provenance | | +| stdlib.go:210:3:210:3 | u [postupdate] [pointer] | stdlib.go:212:23:212:23 | u [pointer] | provenance | | +| stdlib.go:210:12:210:30 | call to FormValue | stdlib.go:210:3:210:3 | implicit dereference [postupdate] | provenance | Src:MaD:3 Config | +| stdlib.go:210:12:210:30 | call to FormValue | stdlib.go:210:3:210:3 | u [postupdate] | provenance | Src:MaD:3 Config | +| stdlib.go:212:23:212:23 | implicit dereference | stdlib.go:212:23:212:23 | u [postupdate] | provenance | Config | +| stdlib.go:212:23:212:23 | implicit dereference | stdlib.go:212:23:212:28 | selection of Path | provenance | Config Sink:MaD:1 | +| stdlib.go:212:23:212:23 | u | stdlib.go:212:23:212:23 | implicit dereference | provenance | Config | +| stdlib.go:212:23:212:23 | u | stdlib.go:212:23:212:28 | selection of Path | provenance | Config Sink:MaD:1 | +| stdlib.go:212:23:212:23 | u | stdlib.go:214:23:214:23 | u | provenance | | +| stdlib.go:212:23:212:23 | u [pointer] | stdlib.go:212:23:212:23 | implicit dereference | provenance | | +| stdlib.go:212:23:212:23 | u [postupdate] | stdlib.go:212:23:212:23 | implicit dereference | provenance | Config | +| stdlib.go:212:23:212:23 | u [postupdate] | stdlib.go:214:23:214:23 | u | provenance | | +| stdlib.go:214:23:214:23 | u | stdlib.go:214:23:214:32 | call to String | provenance | Config Sink:MaD:1 | +| stdlib.go:257:3:257:3 | implicit dereference [postupdate] | stdlib.go:257:3:257:3 | u [postupdate] | provenance | Config | +| stdlib.go:257:3:257:3 | implicit dereference [postupdate] | stdlib.go:257:3:257:3 | u [postupdate] [pointer] | provenance | | +| stdlib.go:257:3:257:3 | u [postupdate] | stdlib.go:260:3:260:3 | u | provenance | | +| stdlib.go:257:3:257:3 | u [postupdate] [pointer] | stdlib.go:260:3:260:3 | u [pointer] | provenance | | +| stdlib.go:257:12:257:30 | call to FormValue | stdlib.go:257:3:257:3 | implicit dereference [postupdate] | provenance | Src:MaD:3 Config | +| stdlib.go:257:12:257:30 | call to FormValue | stdlib.go:257:3:257:3 | u [postupdate] | provenance | Src:MaD:3 Config | +| stdlib.go:260:3:260:3 | implicit dereference | stdlib.go:260:3:260:3 | u [postupdate] | provenance | Config | +| stdlib.go:260:3:260:3 | u | stdlib.go:260:3:260:3 | implicit dereference | provenance | Config | +| stdlib.go:260:3:260:3 | u | stdlib.go:261:23:261:23 | u | provenance | | +| stdlib.go:260:3:260:3 | u [pointer] | stdlib.go:260:3:260:3 | implicit dereference | provenance | | +| stdlib.go:260:3:260:3 | u [postupdate] | stdlib.go:260:3:260:3 | implicit dereference | provenance | Config | +| stdlib.go:260:3:260:3 | u [postupdate] | stdlib.go:261:23:261:23 | u | provenance | | +| stdlib.go:261:23:261:23 | u | stdlib.go:261:23:261:32 | call to String | provenance | Config Sink:MaD:1 | models | 1 | Sink: net/http; ; false; Redirect; ; ; Argument[2]; url-redirection[0]; manual | | 2 | Source: net/http; Request; true; Form; ; ; ; remote; manual | @@ -79,54 +103,72 @@ nodes | stdlib.go:22:13:22:18 | selection of Form | semmle.label | selection of Form | | stdlib.go:22:13:22:32 | call to Get | semmle.label | call to Get | | stdlib.go:24:30:24:35 | target | semmle.label | target | -| stdlib.go:31:13:31:18 | selection of Form | semmle.label | selection of Form | -| stdlib.go:31:13:31:32 | call to Get | semmle.label | call to Get | -| stdlib.go:35:30:35:39 | ...+... | semmle.label | ...+... | -| stdlib.go:35:34:35:39 | target | semmle.label | target | -| stdlib.go:44:13:44:18 | selection of Form | semmle.label | selection of Form | -| stdlib.go:44:13:44:32 | call to Get | semmle.label | call to Get | -| stdlib.go:46:23:46:28 | target | semmle.label | target | -| stdlib.go:64:13:64:18 | selection of Form | semmle.label | selection of Form | -| stdlib.go:64:13:64:32 | call to Get | semmle.label | call to Get | -| stdlib.go:67:23:67:28 | target | semmle.label | target | -| stdlib.go:67:23:67:37 | ...+... | semmle.label | ...+... | -| stdlib.go:67:23:67:40 | ...+... | semmle.label | ...+... | -| stdlib.go:89:13:89:18 | selection of Form | semmle.label | selection of Form | -| stdlib.go:89:13:89:32 | call to Get | semmle.label | call to Get | -| stdlib.go:90:3:90:8 | target | semmle.label | target | -| stdlib.go:90:3:90:25 | ... += ... | semmle.label | ... += ... | -| stdlib.go:92:23:92:28 | target | semmle.label | target | -| stdlib.go:107:54:107:54 | definition of r [pointer, URL, pointer] | semmle.label | definition of r [pointer, URL, pointer] | -| stdlib.go:107:54:107:54 | definition of r [pointer, URL] | semmle.label | definition of r [pointer, URL] | -| stdlib.go:112:4:112:4 | implicit dereference [URL, pointer] | semmle.label | implicit dereference [URL, pointer] | -| stdlib.go:112:4:112:4 | implicit dereference [URL] | semmle.label | implicit dereference [URL] | -| stdlib.go:112:4:112:4 | r [pointer, URL, pointer] | semmle.label | r [pointer, URL, pointer] | -| stdlib.go:112:4:112:4 | r [pointer, URL] | semmle.label | r [pointer, URL] | -| stdlib.go:112:4:112:8 | implicit dereference | semmle.label | implicit dereference | -| stdlib.go:112:4:112:8 | selection of URL | semmle.label | selection of URL | -| stdlib.go:112:4:112:8 | selection of URL [pointer] | semmle.label | selection of URL [pointer] | -| stdlib.go:113:24:113:24 | implicit dereference [URL] | semmle.label | implicit dereference [URL] | -| stdlib.go:113:24:113:24 | r [pointer, URL] | semmle.label | r [pointer, URL] | -| stdlib.go:113:24:113:28 | selection of URL | semmle.label | selection of URL | -| stdlib.go:113:24:113:37 | call to String | semmle.label | call to String | -| stdlib.go:146:13:146:18 | selection of Form | semmle.label | selection of Form | -| stdlib.go:146:13:146:32 | call to Get | semmle.label | call to Get | -| stdlib.go:152:23:152:28 | target | semmle.label | target | -| stdlib.go:159:10:159:15 | star expression | semmle.label | star expression | -| stdlib.go:159:11:159:15 | selection of URL | semmle.label | selection of URL | -| stdlib.go:162:24:162:26 | url | semmle.label | url | -| stdlib.go:162:24:162:35 | call to String | semmle.label | call to String | -| stdlib.go:173:24:173:52 | ...+... | semmle.label | ...+... | -| stdlib.go:173:35:173:39 | selection of URL | semmle.label | selection of URL | -| stdlib.go:173:35:173:52 | call to RequestURI | semmle.label | call to RequestURI | -| stdlib.go:182:13:182:33 | call to FormValue | semmle.label | call to FormValue | -| stdlib.go:184:23:184:28 | target | semmle.label | target | -| stdlib.go:190:3:190:8 | definition of target | semmle.label | definition of target | -| stdlib.go:190:3:190:57 | ... := ...[0] | semmle.label | ... := ...[0] | -| stdlib.go:190:36:190:56 | call to FormValue | semmle.label | call to FormValue | -| stdlib.go:192:23:192:28 | implicit dereference | semmle.label | implicit dereference | -| stdlib.go:192:23:192:28 | target | semmle.label | target | -| stdlib.go:192:23:192:33 | selection of Path | semmle.label | selection of Path | -| stdlib.go:194:23:194:28 | target | semmle.label | target | -| stdlib.go:194:23:194:42 | call to EscapedPath | semmle.label | call to EscapedPath | +| stdlib.go:33:13:33:18 | selection of Form | semmle.label | selection of Form | +| stdlib.go:33:13:33:32 | call to Get | semmle.label | call to Get | +| stdlib.go:39:30:39:40 | ...+... | semmle.label | ...+... | +| stdlib.go:39:34:39:40 | target2 | semmle.label | target2 | +| stdlib.go:48:13:48:18 | selection of Form | semmle.label | selection of Form | +| stdlib.go:48:13:48:32 | call to Get | semmle.label | call to Get | +| stdlib.go:50:23:50:28 | target | semmle.label | target | +| stdlib.go:68:13:68:18 | selection of Form | semmle.label | selection of Form | +| stdlib.go:68:13:68:32 | call to Get | semmle.label | call to Get | +| stdlib.go:71:23:71:28 | target | semmle.label | target | +| stdlib.go:71:23:71:37 | ...+... | semmle.label | ...+... | +| stdlib.go:71:23:71:40 | ...+... | semmle.label | ...+... | +| stdlib.go:93:13:93:18 | selection of Form | semmle.label | selection of Form | +| stdlib.go:93:13:93:32 | call to Get | semmle.label | call to Get | +| stdlib.go:94:3:94:8 | target | semmle.label | target | +| stdlib.go:94:3:94:25 | ... += ... | semmle.label | ... += ... | +| stdlib.go:96:23:96:28 | target | semmle.label | target | +| stdlib.go:116:4:116:4 | implicit dereference [postupdate] [URL] | semmle.label | implicit dereference [postupdate] [URL] | +| stdlib.go:116:4:116:4 | r [postupdate] [pointer, URL] | semmle.label | r [postupdate] [pointer, URL] | +| stdlib.go:116:4:116:8 | implicit dereference | semmle.label | implicit dereference | +| stdlib.go:116:4:116:8 | selection of URL | semmle.label | selection of URL | +| stdlib.go:116:4:116:8 | selection of URL [postupdate] | semmle.label | selection of URL [postupdate] | +| stdlib.go:117:24:117:24 | implicit dereference [URL] | semmle.label | implicit dereference [URL] | +| stdlib.go:117:24:117:24 | r [pointer, URL] | semmle.label | r [pointer, URL] | +| stdlib.go:117:24:117:28 | selection of URL | semmle.label | selection of URL | +| stdlib.go:117:24:117:37 | call to String | semmle.label | call to String | +| stdlib.go:150:13:150:18 | selection of Form | semmle.label | selection of Form | +| stdlib.go:150:13:150:32 | call to Get | semmle.label | call to Get | +| stdlib.go:156:23:156:28 | target | semmle.label | target | +| stdlib.go:163:10:163:15 | star expression | semmle.label | star expression | +| stdlib.go:163:11:163:15 | selection of URL | semmle.label | selection of URL | +| stdlib.go:163:11:163:15 | selection of URL [postupdate] | semmle.label | selection of URL [postupdate] | +| stdlib.go:166:24:166:26 | url | semmle.label | url | +| stdlib.go:166:24:166:35 | call to String | semmle.label | call to String | +| stdlib.go:177:24:177:52 | ...+... | semmle.label | ...+... | +| stdlib.go:177:35:177:39 | selection of URL | semmle.label | selection of URL | +| stdlib.go:177:35:177:52 | call to RequestURI | semmle.label | call to RequestURI | +| stdlib.go:186:13:186:33 | call to FormValue | semmle.label | call to FormValue | +| stdlib.go:188:23:188:28 | target | semmle.label | target | +| stdlib.go:194:3:194:57 | ... := ...[0] | semmle.label | ... := ...[0] | +| stdlib.go:194:36:194:56 | call to FormValue | semmle.label | call to FormValue | +| stdlib.go:196:23:196:28 | implicit dereference | semmle.label | implicit dereference | +| stdlib.go:196:23:196:28 | target | semmle.label | target | +| stdlib.go:196:23:196:28 | target [postupdate] | semmle.label | target [postupdate] | +| stdlib.go:196:23:196:33 | selection of Path | semmle.label | selection of Path | +| stdlib.go:198:23:198:28 | target | semmle.label | target | +| stdlib.go:198:23:198:42 | call to EscapedPath | semmle.label | call to EscapedPath | +| stdlib.go:210:3:210:3 | implicit dereference [postupdate] | semmle.label | implicit dereference [postupdate] | +| stdlib.go:210:3:210:3 | u [postupdate] | semmle.label | u [postupdate] | +| stdlib.go:210:3:210:3 | u [postupdate] [pointer] | semmle.label | u [postupdate] [pointer] | +| stdlib.go:210:12:210:30 | call to FormValue | semmle.label | call to FormValue | +| stdlib.go:212:23:212:23 | implicit dereference | semmle.label | implicit dereference | +| stdlib.go:212:23:212:23 | u | semmle.label | u | +| stdlib.go:212:23:212:23 | u [pointer] | semmle.label | u [pointer] | +| stdlib.go:212:23:212:23 | u [postupdate] | semmle.label | u [postupdate] | +| stdlib.go:212:23:212:28 | selection of Path | semmle.label | selection of Path | +| stdlib.go:214:23:214:23 | u | semmle.label | u | +| stdlib.go:214:23:214:32 | call to String | semmle.label | call to String | +| stdlib.go:257:3:257:3 | implicit dereference [postupdate] | semmle.label | implicit dereference [postupdate] | +| stdlib.go:257:3:257:3 | u [postupdate] | semmle.label | u [postupdate] | +| stdlib.go:257:3:257:3 | u [postupdate] [pointer] | semmle.label | u [postupdate] [pointer] | +| stdlib.go:257:12:257:30 | call to FormValue | semmle.label | call to FormValue | +| stdlib.go:260:3:260:3 | implicit dereference | semmle.label | implicit dereference | +| stdlib.go:260:3:260:3 | u | semmle.label | u | +| stdlib.go:260:3:260:3 | u [pointer] | semmle.label | u [pointer] | +| stdlib.go:260:3:260:3 | u [postupdate] | semmle.label | u [postupdate] | +| stdlib.go:261:23:261:23 | u | semmle.label | u | +| stdlib.go:261:23:261:32 | call to String | semmle.label | call to String | subpaths diff --git a/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.go b/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.go index 606b5d43ac0..752cf47decc 100644 --- a/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.go +++ b/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.go @@ -7,6 +7,6 @@ import ( func serve() { http.HandleFunc("/redir", func(w http.ResponseWriter, r *http.Request) { r.ParseForm() - http.Redirect(w, r, r.Form.Get("target"), 302) + http.Redirect(w, r, r.Form.Get("target"), 302) // $ Alert }) } diff --git a/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.qlref b/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.qlref index 867dd766561..13add930f51 100644 --- a/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.qlref +++ b/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.qlref @@ -1,2 +1,4 @@ query: Security/CWE-601/OpenUrlRedirect.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/stdlib.go b/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/stdlib.go index 0ccacd7d87e..57f2964288c 100644 --- a/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/stdlib.go +++ b/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/stdlib.go @@ -10,40 +10,44 @@ func serveStdlib() { http.HandleFunc("/ex", func(w http.ResponseWriter, r *http.Request) { r.ParseForm() - target := r.Form.Get("target") + target := r.Form.Get("target") // $ Source // BAD: a request parameter is incorporated without validation into a URL redirect - w.Header().Set("Location", target) + w.Header().Set("Location", target) // $ Alert w.WriteHeader(302) }) http.HandleFunc("/ex1", func(w http.ResponseWriter, r *http.Request) { r.ParseForm() - target := r.Form.Get("target") + target := r.Form.Get("target") // $ Source // Probably OK because the status is set to 500, but we catch it anyway - w.Header().Set("Location", target) + w.Header().Set("Location", target) // $ Alert w.WriteHeader(500) }) http.HandleFunc("/ex2", func(w http.ResponseWriter, r *http.Request) { r.ParseForm() - target := r.Form.Get("target") + // Taking gratuitous copies of target so that sanitizing the use in + // the first request doesn't also sanitize other uses + target := r.Form.Get("target") // $ Source + target2 := target + target3 := target // GOOD: local redirects are unproblematic w.Header().Set("Location", "/local"+target) // BAD: this could be a non-local redirect - w.Header().Set("Location", "/"+target) + w.Header().Set("Location", "/"+target2) // $ Alert // GOOD: localhost redirects are unproblematic - w.Header().Set("Location", "//localhost/"+target) + w.Header().Set("Location", "//localhost/"+target3) w.WriteHeader(302) }) http.HandleFunc("/ex3", func(w http.ResponseWriter, r *http.Request) { r.ParseForm() - target := r.Form.Get("target") + target := r.Form.Get("target") // $ Source // BAD: using the utility function - http.Redirect(w, r, target, 301) + http.Redirect(w, r, target, 301) // $ Alert }) http.HandleFunc("/ex4", func(w http.ResponseWriter, r *http.Request) { @@ -61,10 +65,10 @@ func serveStdlib() { http.HandleFunc("/ex5", func(w http.ResponseWriter, r *http.Request) { r.ParseForm() - target := r.Form.Get("target") + target := r.Form.Get("target") // $ Source me := "me" // BAD: may be a global redirection - http.Redirect(w, r, target+"?from="+me, 301) + http.Redirect(w, r, target+"?from="+me, 301) // $ Alert }) http.HandleFunc("/ex6", func(w http.ResponseWriter, r *http.Request) { @@ -86,10 +90,10 @@ func serveStdlib() { http.HandleFunc("/ex7", func(w http.ResponseWriter, r *http.Request) { r.ParseForm() - target := r.Form.Get("target") + target := r.Form.Get("target") // $ Source target += "/index.html" // BAD - http.Redirect(w, r, target, 302) + http.Redirect(w, r, target, 302) // $ Alert }) http.HandleFunc("/ex7", func(w http.ResponseWriter, r *http.Request) { @@ -143,13 +147,13 @@ func serveStdlib() { http.HandleFunc("/ex9", func(w http.ResponseWriter, r *http.Request) { r.ParseForm() - target := r.Form.Get("target") + target := r.Form.Get("target") // $ Source // GOOD, but we catch this anyway: a check is done on the URL if !isValidRedirect(target) { target = "/" } - http.Redirect(w, r, target, 302) + http.Redirect(w, r, target, 302) // $ SPURIOUS: Alert }) http.HandleFunc("/ex8", func(w http.ResponseWriter, r *http.Request) { @@ -179,22 +183,38 @@ func serveStdlib() { http.HandleFunc("/ex9", func(w http.ResponseWriter, r *http.Request) { r.ParseForm() - target := r.FormValue("target") + target := r.FormValue("target") // $ Source // BAD: a request parameter is incorporated without validation into a URL redirect - http.Redirect(w, r, target, 301) + http.Redirect(w, r, target, 301) // $ Alert }) http.HandleFunc("/ex10", func(w http.ResponseWriter, r *http.Request) { r.ParseForm() - target, _ := url.ParseRequestURI(r.FormValue("target")) + target, _ := url.ParseRequestURI(r.FormValue("target")) // $ Source // BAD: Path could start with `//` - http.Redirect(w, r, target.Path, 301) + http.Redirect(w, r, target.Path, 301) // $ Alert // BAD: EscapedPath() does not help with that - http.Redirect(w, r, target.EscapedPath(), 301) + http.Redirect(w, r, target.EscapedPath(), 301) // $ Alert + target.Host = "example.com" + // BAD: Host field was overwritten but Path field remains untrusted + http.Redirect(w, r, target.Path, 301) // $ MISSING: Alert + // GOOD: untrusted Host field was overwritten + http.Redirect(w, r, target.String(), 301) }) http.HandleFunc("/ex11", func(w http.ResponseWriter, r *http.Request) { + r.ParseForm() + + u, _ := url.Parse("http://bing.com/search?q=dotnet") + u.Host = r.FormValue("host") // $ Source + // GOOD: Path field is trusted + http.Redirect(w, r, u.Path, 301) // $ SPURIOUS: Alert + // BAD: Host field is untrusted + http.Redirect(w, r, u.String(), 301) // $ Alert + }) + + http.HandleFunc("/ex12", func(w http.ResponseWriter, r *http.Request) { // GOOD: all these fields and methods are disregarded for OpenRedirect attacks: buf := make([]byte, 100) r.Body.Read(buf) @@ -219,5 +239,27 @@ func serveStdlib() { http.Redirect(w, r, string(buf), 301) }) + http.HandleFunc("/ex13", func(w http.ResponseWriter, r *http.Request) { + r.ParseForm() + + u, _ := url.Parse("http://example.com") + u.Host = r.FormValue("host") + // GOOD: Path field is assigned a value with a hostname-sanitizing substring, + // so subsequent uses of u are sanitized by PathAssignmentBarrier + u.Path = "/safe/" + r.FormValue("path") + http.Redirect(w, r, u.String(), 301) + }) + + http.HandleFunc("/ex14", func(w http.ResponseWriter, r *http.Request) { + r.ParseForm() + + u, _ := url.Parse("http://example.com") + u.Host = r.FormValue("host") // $ Source + // BAD: Path field is assigned but without a hostname-sanitizing substring, + // so the Host field remains untrusted + u.Path = r.FormValue("path") + http.Redirect(w, r, u.String(), 301) // $ Alert + }) + http.ListenAndServe(":80", nil) } diff --git a/go/ql/test/query-tests/Security/CWE-640/EmailBad.go b/go/ql/test/query-tests/Security/CWE-640/EmailBad.go index aab8467b340..7ceed9e7a36 100644 --- a/go/ql/test/query-tests/Security/CWE-640/EmailBad.go +++ b/go/ql/test/query-tests/Security/CWE-640/EmailBad.go @@ -6,8 +6,8 @@ import ( ) func mail(w http.ResponseWriter, r *http.Request) { - host := r.Header.Get("Host") + host := r.Header.Get("Host") // $ Source token := backend.getUserSecretResetToken(email) body := "Click to reset password: " + host + "/" + token - smtp.SendMail("test.test", nil, "from@from.com", nil, []byte(body)) + smtp.SendMail("test.test", nil, "from@from.com", nil, []byte(body)) // $ Alert } diff --git a/go/ql/test/query-tests/Security/CWE-640/EmailInjection.expected b/go/ql/test/query-tests/Security/CWE-640/EmailInjection.expected index ac5985f110d..aa4b4914c18 100644 --- a/go/ql/test/query-tests/Security/CWE-640/EmailInjection.expected +++ b/go/ql/test/query-tests/Security/CWE-640/EmailInjection.expected @@ -1,66 +1,107 @@ #select | EmailBad.go:12:56:12:67 | type conversion | EmailBad.go:9:10:9:17 | selection of Header | EmailBad.go:12:56:12:67 | type conversion | Email content may contain $@. | EmailBad.go:9:10:9:17 | selection of Header | untrusted input | -| main.go:31:57:31:78 | type conversion | main.go:29:21:29:31 | call to Referer | main.go:31:57:31:78 | type conversion | Email content may contain $@. | main.go:29:21:29:31 | call to Referer | untrusted input | -| main.go:40:3:40:7 | definition of write | main.go:37:21:37:31 | call to Referer | main.go:40:3:40:7 | definition of write | Email content may contain $@. | main.go:37:21:37:31 | call to Referer | untrusted input | -| main.go:52:46:52:59 | untrustedInput | main.go:46:21:46:31 | call to Referer | main.go:52:46:52:59 | untrustedInput | Email content may contain $@. | main.go:46:21:46:31 | call to Referer | untrusted input | -| main.go:53:52:53:65 | untrustedInput | main.go:46:21:46:31 | call to Referer | main.go:53:52:53:65 | untrustedInput | Email content may contain $@. | main.go:46:21:46:31 | call to Referer | untrusted input | -| main.go:63:16:63:22 | content | main.go:58:21:58:31 | call to Referer | main.go:63:16:63:22 | content | Email content may contain $@. | main.go:58:21:58:31 | call to Referer | untrusted input | -| main.go:76:50:76:56 | content | main.go:68:21:68:31 | call to Referer | main.go:76:50:76:56 | content | Email content may contain $@. | main.go:68:21:68:31 | call to Referer | untrusted input | -| main.go:76:59:76:65 | content | main.go:68:21:68:31 | call to Referer | main.go:76:59:76:65 | content | Email content may contain $@. | main.go:68:21:68:31 | call to Referer | untrusted input | -| main.go:77:16:77:22 | content | main.go:68:21:68:31 | call to Referer | main.go:77:16:77:22 | content | Email content may contain $@. | main.go:68:21:68:31 | call to Referer | untrusted input | -| main.go:89:37:89:50 | untrustedInput | main.go:82:21:82:31 | call to Referer | main.go:89:37:89:50 | untrustedInput | Email content may contain $@. | main.go:82:21:82:31 | call to Referer | untrusted input | -| main.go:93:16:93:23 | content2 | main.go:82:21:82:31 | call to Referer | main.go:93:16:93:23 | content2 | Email content may contain $@. | main.go:82:21:82:31 | call to Referer | untrusted input | +| main.go:33:57:33:78 | type conversion | main.go:31:21:31:31 | call to Referer | main.go:33:57:33:78 | type conversion | Email content may contain $@. | main.go:31:21:31:31 | call to Referer | untrusted input | +| main.go:43:18:43:22 | write [postupdate] | main.go:39:21:39:31 | call to Referer | main.go:43:18:43:22 | write [postupdate] | Email content may contain $@. | main.go:39:21:39:31 | call to Referer | untrusted input | +| main.go:54:46:54:59 | untrustedInput | main.go:48:21:48:31 | call to Referer | main.go:54:46:54:59 | untrustedInput | Email content may contain $@. | main.go:48:21:48:31 | call to Referer | untrusted input | +| main.go:55:52:55:65 | untrustedInput | main.go:48:21:48:31 | call to Referer | main.go:55:52:55:65 | untrustedInput | Email content may contain $@. | main.go:48:21:48:31 | call to Referer | untrusted input | +| main.go:65:16:65:22 | content | main.go:60:21:60:31 | call to Referer | main.go:65:16:65:22 | content | Email content may contain $@. | main.go:60:21:60:31 | call to Referer | untrusted input | +| main.go:78:50:78:56 | content | main.go:70:21:70:31 | call to Referer | main.go:78:50:78:56 | content | Email content may contain $@. | main.go:70:21:70:31 | call to Referer | untrusted input | +| main.go:78:59:78:65 | content | main.go:70:21:70:31 | call to Referer | main.go:78:59:78:65 | content | Email content may contain $@. | main.go:70:21:70:31 | call to Referer | untrusted input | +| main.go:79:16:79:22 | content | main.go:70:21:70:31 | call to Referer | main.go:79:16:79:22 | content | Email content may contain $@. | main.go:70:21:70:31 | call to Referer | untrusted input | +| main.go:91:37:91:50 | untrustedInput | main.go:84:21:84:31 | call to Referer | main.go:91:37:91:50 | untrustedInput | Email content may contain $@. | main.go:84:21:84:31 | call to Referer | untrusted input | +| main.go:95:16:95:23 | content2 | main.go:84:21:84:31 | call to Referer | main.go:95:16:95:23 | content2 | Email content may contain $@. | main.go:84:21:84:31 | call to Referer | untrusted input | +| main.go:124:57:124:65 | call to Bytes | main.go:113:21:113:31 | call to Referer | main.go:124:57:124:65 | call to Bytes | Email content may contain $@. | main.go:113:21:113:31 | call to Referer | untrusted input | +| main.go:141:57:141:65 | call to Bytes | main.go:129:21:129:31 | call to Referer | main.go:141:57:141:65 | call to Bytes | Email content may contain $@. | main.go:129:21:129:31 | call to Referer | untrusted input | +| main.go:151:3:151:3 | w [postupdate] | main.go:146:22:146:32 | call to Referer | main.go:151:3:151:3 | w [postupdate] | Email content may contain $@. | main.go:146:22:146:32 | call to Referer | untrusted input | +| main.go:152:3:152:3 | w [postupdate] | main.go:147:22:147:32 | call to Referer | main.go:152:3:152:3 | w [postupdate] | Email content may contain $@. | main.go:147:22:147:32 | call to Referer | untrusted input | edges -| EmailBad.go:9:10:9:17 | selection of Header | EmailBad.go:9:10:9:29 | call to Get | provenance | Src:MaD:1 MaD:5 | +| EmailBad.go:9:10:9:17 | selection of Header | EmailBad.go:9:10:9:29 | call to Get | provenance | Src:MaD:1 MaD:8 | | EmailBad.go:9:10:9:29 | call to Get | EmailBad.go:12:56:12:67 | type conversion | provenance | | -| main.go:29:21:29:31 | call to Referer | main.go:31:57:31:78 | type conversion | provenance | Src:MaD:2 | -| main.go:37:21:37:31 | call to Referer | main.go:41:25:41:38 | untrustedInput | provenance | Src:MaD:2 | -| main.go:41:25:41:38 | untrustedInput | main.go:40:3:40:7 | definition of write | provenance | MaD:4 | -| main.go:46:21:46:31 | call to Referer | main.go:52:46:52:59 | untrustedInput | provenance | Src:MaD:2 | -| main.go:46:21:46:31 | call to Referer | main.go:53:52:53:65 | untrustedInput | provenance | Src:MaD:2 | -| main.go:58:21:58:31 | call to Referer | main.go:60:47:60:60 | untrustedInput | provenance | Src:MaD:2 | -| main.go:60:14:60:61 | call to NewContent | main.go:63:16:63:22 | content | provenance | | -| main.go:60:47:60:60 | untrustedInput | main.go:60:14:60:61 | call to NewContent | provenance | MaD:3 | -| main.go:68:21:68:31 | call to Referer | main.go:74:47:74:60 | untrustedInput | provenance | Src:MaD:2 | -| main.go:74:14:74:61 | call to NewContent | main.go:76:50:76:56 | content | provenance | | -| main.go:74:14:74:61 | call to NewContent | main.go:76:59:76:65 | content | provenance | | -| main.go:74:14:74:61 | call to NewContent | main.go:77:16:77:22 | content | provenance | | -| main.go:74:47:74:60 | untrustedInput | main.go:74:14:74:61 | call to NewContent | provenance | MaD:3 | -| main.go:82:21:82:31 | call to Referer | main.go:89:37:89:50 | untrustedInput | provenance | Src:MaD:2 | -| main.go:82:21:82:31 | call to Referer | main.go:91:48:91:61 | untrustedInput | provenance | Src:MaD:2 | -| main.go:91:15:91:62 | call to NewContent | main.go:93:16:93:23 | content2 | provenance | | -| main.go:91:48:91:61 | untrustedInput | main.go:91:15:91:62 | call to NewContent | provenance | MaD:3 | +| main.go:31:21:31:31 | call to Referer | main.go:33:57:33:78 | type conversion | provenance | Src:MaD:2 | +| main.go:39:21:39:31 | call to Referer | main.go:43:25:43:38 | untrustedInput | provenance | Src:MaD:2 | +| main.go:43:25:43:38 | untrustedInput | main.go:43:18:43:22 | write [postupdate] | provenance | MaD:5 | +| main.go:48:21:48:31 | call to Referer | main.go:54:46:54:59 | untrustedInput | provenance | Src:MaD:2 | +| main.go:48:21:48:31 | call to Referer | main.go:55:52:55:65 | untrustedInput | provenance | Src:MaD:2 | +| main.go:60:21:60:31 | call to Referer | main.go:62:47:62:60 | untrustedInput | provenance | Src:MaD:2 | +| main.go:62:14:62:61 | call to NewContent | main.go:65:16:65:22 | content | provenance | | +| main.go:62:47:62:60 | untrustedInput | main.go:62:14:62:61 | call to NewContent | provenance | MaD:4 | +| main.go:70:21:70:31 | call to Referer | main.go:76:47:76:60 | untrustedInput | provenance | Src:MaD:2 | +| main.go:76:14:76:61 | call to NewContent | main.go:78:50:78:56 | content | provenance | | +| main.go:76:14:76:61 | call to NewContent | main.go:78:59:78:65 | content | provenance | | +| main.go:76:14:76:61 | call to NewContent | main.go:79:16:79:22 | content | provenance | | +| main.go:76:47:76:60 | untrustedInput | main.go:76:14:76:61 | call to NewContent | provenance | MaD:4 | +| main.go:84:21:84:31 | call to Referer | main.go:91:37:91:50 | untrustedInput | provenance | Src:MaD:2 | +| main.go:84:21:84:31 | call to Referer | main.go:93:48:93:61 | untrustedInput | provenance | Src:MaD:2 | +| main.go:93:15:93:62 | call to NewContent | main.go:95:16:95:23 | content2 | provenance | | +| main.go:93:48:93:61 | untrustedInput | main.go:93:15:93:62 | call to NewContent | provenance | MaD:4 | +| main.go:113:21:113:31 | call to Referer | main.go:119:28:119:41 | untrustedInput | provenance | Src:MaD:2 | +| main.go:116:29:116:30 | &... [postupdate] | main.go:124:57:124:57 | b | provenance | | +| main.go:119:3:119:4 | mw [postupdate] | main.go:116:29:116:30 | &... [postupdate] | provenance | FunctionModel | +| main.go:119:28:119:41 | untrustedInput | main.go:119:3:119:4 | mw [postupdate] | provenance | MaD:7 | +| main.go:124:57:124:57 | b | main.go:124:57:124:65 | call to Bytes | provenance | MaD:3 | +| main.go:129:21:129:31 | call to Referer | main.go:136:30:136:43 | untrustedInput | provenance | Src:MaD:2 | +| main.go:132:29:132:30 | &... [postupdate] | main.go:141:57:141:57 | b | provenance | | +| main.go:135:20:135:21 | mw [postupdate] | main.go:132:29:132:30 | &... [postupdate] | provenance | FunctionModel | +| main.go:136:18:136:27 | formWriter [postupdate] | main.go:135:20:135:21 | mw [postupdate] | provenance | FunctionModel | +| main.go:136:30:136:43 | untrustedInput | main.go:136:18:136:27 | formWriter [postupdate] | provenance | MaD:5 | +| main.go:141:57:141:57 | b | main.go:141:57:141:65 | call to Bytes | provenance | MaD:3 | +| main.go:146:22:146:32 | call to Referer | main.go:151:11:151:33 | type conversion | provenance | Src:MaD:2 | +| main.go:147:22:147:32 | call to Referer | main.go:152:11:152:33 | type conversion | provenance | Src:MaD:2 | +| main.go:151:11:151:33 | type conversion | main.go:151:3:151:3 | w [postupdate] | provenance | MaD:6 | +| main.go:152:11:152:33 | type conversion | main.go:152:3:152:3 | w [postupdate] | provenance | MaD:6 | models | 1 | Source: net/http; Request; true; Header; ; ; ; remote; manual | | 2 | Source: net/http; Request; true; Referer; ; ; ReturnValue; remote; manual | -| 3 | Summary: github.com/sendgrid/sendgrid-go/helpers/mail; ; false; NewContent; ; ; Argument[1]; ReturnValue; taint; manual | -| 4 | Summary: io; ; false; WriteString; ; ; Argument[1]; Argument[0]; taint; manual | -| 5 | Summary: net/http; Header; true; Get; ; ; Argument[receiver]; ReturnValue; taint; manual | +| 3 | Summary: bytes; Buffer; true; Bytes; ; ; Argument[receiver]; ReturnValue; taint; manual | +| 4 | Summary: github.com/sendgrid/sendgrid-go/helpers/mail; ; false; NewContent; ; ; Argument[1]; ReturnValue; taint; manual | +| 5 | Summary: io; ; false; WriteString; ; ; Argument[1]; Argument[0]; taint; manual | +| 6 | Summary: io; Writer; true; Write; ; ; Argument[0]; Argument[receiver]; taint; manual | +| 7 | Summary: mime/multipart; Writer; true; WriteField; ; ; Argument[0..1]; Argument[receiver]; taint; manual | +| 8 | Summary: net/http; Header; true; Get; ; ; Argument[receiver]; ReturnValue; taint; manual | nodes | EmailBad.go:9:10:9:17 | selection of Header | semmle.label | selection of Header | | EmailBad.go:9:10:9:29 | call to Get | semmle.label | call to Get | | EmailBad.go:12:56:12:67 | type conversion | semmle.label | type conversion | -| main.go:29:21:29:31 | call to Referer | semmle.label | call to Referer | -| main.go:31:57:31:78 | type conversion | semmle.label | type conversion | -| main.go:37:21:37:31 | call to Referer | semmle.label | call to Referer | -| main.go:40:3:40:7 | definition of write | semmle.label | definition of write | -| main.go:41:25:41:38 | untrustedInput | semmle.label | untrustedInput | -| main.go:46:21:46:31 | call to Referer | semmle.label | call to Referer | -| main.go:52:46:52:59 | untrustedInput | semmle.label | untrustedInput | -| main.go:53:52:53:65 | untrustedInput | semmle.label | untrustedInput | -| main.go:58:21:58:31 | call to Referer | semmle.label | call to Referer | -| main.go:60:14:60:61 | call to NewContent | semmle.label | call to NewContent | -| main.go:60:47:60:60 | untrustedInput | semmle.label | untrustedInput | -| main.go:63:16:63:22 | content | semmle.label | content | -| main.go:68:21:68:31 | call to Referer | semmle.label | call to Referer | -| main.go:74:14:74:61 | call to NewContent | semmle.label | call to NewContent | -| main.go:74:47:74:60 | untrustedInput | semmle.label | untrustedInput | -| main.go:76:50:76:56 | content | semmle.label | content | -| main.go:76:59:76:65 | content | semmle.label | content | -| main.go:77:16:77:22 | content | semmle.label | content | -| main.go:82:21:82:31 | call to Referer | semmle.label | call to Referer | -| main.go:89:37:89:50 | untrustedInput | semmle.label | untrustedInput | -| main.go:91:15:91:62 | call to NewContent | semmle.label | call to NewContent | -| main.go:91:48:91:61 | untrustedInput | semmle.label | untrustedInput | -| main.go:93:16:93:23 | content2 | semmle.label | content2 | +| main.go:31:21:31:31 | call to Referer | semmle.label | call to Referer | +| main.go:33:57:33:78 | type conversion | semmle.label | type conversion | +| main.go:39:21:39:31 | call to Referer | semmle.label | call to Referer | +| main.go:43:18:43:22 | write [postupdate] | semmle.label | write [postupdate] | +| main.go:43:25:43:38 | untrustedInput | semmle.label | untrustedInput | +| main.go:48:21:48:31 | call to Referer | semmle.label | call to Referer | +| main.go:54:46:54:59 | untrustedInput | semmle.label | untrustedInput | +| main.go:55:52:55:65 | untrustedInput | semmle.label | untrustedInput | +| main.go:60:21:60:31 | call to Referer | semmle.label | call to Referer | +| main.go:62:14:62:61 | call to NewContent | semmle.label | call to NewContent | +| main.go:62:47:62:60 | untrustedInput | semmle.label | untrustedInput | +| main.go:65:16:65:22 | content | semmle.label | content | +| main.go:70:21:70:31 | call to Referer | semmle.label | call to Referer | +| main.go:76:14:76:61 | call to NewContent | semmle.label | call to NewContent | +| main.go:76:47:76:60 | untrustedInput | semmle.label | untrustedInput | +| main.go:78:50:78:56 | content | semmle.label | content | +| main.go:78:59:78:65 | content | semmle.label | content | +| main.go:79:16:79:22 | content | semmle.label | content | +| main.go:84:21:84:31 | call to Referer | semmle.label | call to Referer | +| main.go:91:37:91:50 | untrustedInput | semmle.label | untrustedInput | +| main.go:93:15:93:62 | call to NewContent | semmle.label | call to NewContent | +| main.go:93:48:93:61 | untrustedInput | semmle.label | untrustedInput | +| main.go:95:16:95:23 | content2 | semmle.label | content2 | +| main.go:113:21:113:31 | call to Referer | semmle.label | call to Referer | +| main.go:116:29:116:30 | &... [postupdate] | semmle.label | &... [postupdate] | +| main.go:119:3:119:4 | mw [postupdate] | semmle.label | mw [postupdate] | +| main.go:119:28:119:41 | untrustedInput | semmle.label | untrustedInput | +| main.go:124:57:124:57 | b | semmle.label | b | +| main.go:124:57:124:65 | call to Bytes | semmle.label | call to Bytes | +| main.go:129:21:129:31 | call to Referer | semmle.label | call to Referer | +| main.go:132:29:132:30 | &... [postupdate] | semmle.label | &... [postupdate] | +| main.go:135:20:135:21 | mw [postupdate] | semmle.label | mw [postupdate] | +| main.go:136:18:136:27 | formWriter [postupdate] | semmle.label | formWriter [postupdate] | +| main.go:136:30:136:43 | untrustedInput | semmle.label | untrustedInput | +| main.go:141:57:141:57 | b | semmle.label | b | +| main.go:141:57:141:65 | call to Bytes | semmle.label | call to Bytes | +| main.go:146:22:146:32 | call to Referer | semmle.label | call to Referer | +| main.go:147:22:147:32 | call to Referer | semmle.label | call to Referer | +| main.go:151:3:151:3 | w [postupdate] | semmle.label | w [postupdate] | +| main.go:151:11:151:33 | type conversion | semmle.label | type conversion | +| main.go:152:3:152:3 | w [postupdate] | semmle.label | w [postupdate] | +| main.go:152:11:152:33 | type conversion | semmle.label | type conversion | subpaths diff --git a/go/ql/test/query-tests/Security/CWE-640/EmailInjection.qlref b/go/ql/test/query-tests/Security/CWE-640/EmailInjection.qlref index c3b6cac3113..67240cd9df4 100644 --- a/go/ql/test/query-tests/Security/CWE-640/EmailInjection.qlref +++ b/go/ql/test/query-tests/Security/CWE-640/EmailInjection.qlref @@ -1,2 +1,4 @@ query: Security/CWE-640/EmailInjection.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/go/ql/test/query-tests/Security/CWE-640/main.go b/go/ql/test/query-tests/Security/CWE-640/main.go index c6685475a8d..73ff8f6b1fb 100644 --- a/go/ql/test/query-tests/Security/CWE-640/main.go +++ b/go/ql/test/query-tests/Security/CWE-640/main.go @@ -3,11 +3,13 @@ package main //go:generate depstubber -vendor github.com/sendgrid/sendgrid-go/helpers/mail "" NewEmail,NewSingleEmail,NewContent,NewV3Mail,NewV3MailInit import ( + "bytes" "crypto/hmac" "crypto/sha256" "encoding/base64" "io" "log" + "mime/multipart" "net/http" "net/smtp" @@ -26,46 +28,46 @@ func main() { // Not OK http.HandleFunc("/ex0", func(w http.ResponseWriter, r *http.Request) { - untrustedInput := r.Referer() + untrustedInput := r.Referer() // $ Source - smtp.SendMail("test.test", nil, "from@from.com", nil, []byte(untrustedInput)) + smtp.SendMail("test.test", nil, "from@from.com", nil, []byte(untrustedInput)) // $ Alert }) // Not OK http.HandleFunc("/ex1", func(w http.ResponseWriter, r *http.Request) { - untrustedInput := r.Referer() + untrustedInput := r.Referer() // $ Source s, _ := smtp.Dial("test.test") write, _ := s.Data() - io.WriteString(write, untrustedInput) + io.WriteString(write, untrustedInput) // $ Alert }) // Not OK http.HandleFunc("/ex2", func(w http.ResponseWriter, r *http.Request) { - untrustedInput := r.Referer() + untrustedInput := r.Referer() // $ Source from := sendgrid.NewEmail("from", "from@from.com") to := sendgrid.NewEmail("to", "to@to.com") subject := "test" body := "body" - sendgrid.NewSingleEmail(from, subject, to, untrustedInput, body) - sendgrid.NewSingleEmail(from, subject, to, body, untrustedInput) + sendgrid.NewSingleEmail(from, subject, to, untrustedInput, body) // $ Alert + sendgrid.NewSingleEmail(from, subject, to, body, untrustedInput) // $ Alert }) // Not OK http.HandleFunc("/ex3", func(w http.ResponseWriter, r *http.Request) { - untrustedInput := r.Referer() + untrustedInput := r.Referer() // $ Source content := sendgrid.NewContent("text/html", untrustedInput) v := sendgrid.NewV3Mail() - v.AddContent(content) + v.AddContent(content) // $ Alert }) // Not OK http.HandleFunc("/ex4", func(w http.ResponseWriter, r *http.Request) { - untrustedInput := r.Referer() + untrustedInput := r.Referer() // $ Source from := sendgrid.NewEmail("from", "from@from.com") to := sendgrid.NewEmail("to", "to@to.com") @@ -73,24 +75,24 @@ func main() { content := sendgrid.NewContent("text/html", untrustedInput) - v := sendgrid.NewV3MailInit(from, subject, to, content, content) - v.AddContent(content) + v := sendgrid.NewV3MailInit(from, subject, to, content, content) // $ Alert + v.AddContent(content) // $ Alert }) // Not OK http.HandleFunc("/ex5", func(w http.ResponseWriter, r *http.Request) { - untrustedInput := r.Referer() + untrustedInput := r.Referer() // $ Source from := sendgrid.NewEmail("from", "from@from.com") to := sendgrid.NewEmail("to", "to@to.com") content := sendgrid.NewContent("text/html", "test") - v := sendgrid.NewV3MailInit(from, untrustedInput, to, content, content) + v := sendgrid.NewV3MailInit(from, untrustedInput, to, content, content) // $ Alert content2 := sendgrid.NewContent("text/html", untrustedInput) - v.AddContent(content2) + v.AddContent(content2) // $ Alert }) // OK @@ -106,6 +108,52 @@ func main() { smtp.SendMail("test.test", nil, "from@from.com", nil, []byte(signature)) }) + // Not OK - mime/multipart.New.Writer test + http.HandleFunc("/multipart1", func(w http.ResponseWriter, r *http.Request) { + untrustedInput := r.Referer() // $ Source + + var b bytes.Buffer + mw := multipart.NewWriter(&b) + + // Add user-controlled data directly to the multipart writer + mw.WriteField("message", untrustedInput) // Injection point + + mw.Close() + + // Send the potentially malicious email content + smtp.SendMail("test.test", nil, "from@from.com", nil, b.Bytes()) // $ Alert + }) + + // Not OK - alternative multipart test + http.HandleFunc("/multipart2", func(w http.ResponseWriter, r *http.Request) { + untrustedInput := r.Referer() // $ Source + + var b bytes.Buffer + mw := multipart.NewWriter(&b) + + // Create form file with untrusted content + formWriter, _ := mw.CreateFormFile("attachment", "message.txt") + io.WriteString(formWriter, untrustedInput) // Injection point + + mw.Close() + + // Send email with user-controlled form file content + smtp.SendMail("test.test", nil, "from@from.com", nil, b.Bytes()) // $ Alert + }) + + // Not OK - check only one result when sink is Client.Data() from net/smtp + { + untrustedInput1 := r.Referer() // $ Source=s1 + untrustedInput2 := r.Referer() // $ Source=s2 + c, _ := smtp.Dial("mail.example.com:smtp") + w, _ := c.Data() + w.Write([]byte("safe text")) + w.Write([]byte(untrustedInput1)) // $ Alert=s1 + w.Write([]byte(untrustedInput2)) // $ Alert=s2 + w.Close() + c.Quit() + } + log.Println(http.ListenAndServe(":80", nil)) } diff --git a/go/ql/test/query-tests/Security/CWE-918/RequestForgery.expected b/go/ql/test/query-tests/Security/CWE-918/RequestForgery.expected index 696d8dd700b..129613a3f1a 100644 --- a/go/ql/test/query-tests/Security/CWE-918/RequestForgery.expected +++ b/go/ql/test/query-tests/Security/CWE-918/RequestForgery.expected @@ -1,18 +1,18 @@ #select | RequestForgery.go:11:15:11:66 | call to Get | RequestForgery.go:8:12:8:34 | call to FormValue | RequestForgery.go:11:24:11:65 | ...+... | The $@ of this request depends on a $@. | RequestForgery.go:11:24:11:65 | ...+... | URL | RequestForgery.go:8:12:8:34 | call to FormValue | user-provided value | -| tst.go:14:2:14:18 | call to Get | tst.go:10:13:10:35 | call to FormValue | tst.go:14:11:14:17 | tainted | The $@ of this request depends on a $@. | tst.go:14:11:14:17 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | -| tst.go:16:2:16:19 | call to Head | tst.go:10:13:10:35 | call to FormValue | tst.go:16:12:16:18 | tainted | The $@ of this request depends on a $@. | tst.go:16:12:16:18 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | -| tst.go:18:2:18:38 | call to Post | tst.go:10:13:10:35 | call to FormValue | tst.go:18:12:18:18 | tainted | The $@ of this request depends on a $@. | tst.go:18:12:18:18 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | -| tst.go:20:2:20:28 | call to PostForm | tst.go:10:13:10:35 | call to FormValue | tst.go:20:16:20:22 | tainted | The $@ of this request depends on a $@. | tst.go:20:16:20:22 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | -| tst.go:24:2:24:15 | call to Do | tst.go:10:13:10:35 | call to FormValue | tst.go:23:35:23:41 | tainted | The $@ of this request depends on a $@. | tst.go:23:35:23:41 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | -| tst.go:27:2:27:15 | call to Do | tst.go:10:13:10:35 | call to FormValue | tst.go:26:68:26:74 | tainted | The $@ of this request depends on a $@. | tst.go:26:68:26:74 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | -| tst.go:29:2:29:20 | call to Get | tst.go:10:13:10:35 | call to FormValue | tst.go:29:13:29:19 | tainted | The $@ of this request depends on a $@. | tst.go:29:13:29:19 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | -| tst.go:30:2:30:21 | call to Head | tst.go:10:13:10:35 | call to FormValue | tst.go:30:14:30:20 | tainted | The $@ of this request depends on a $@. | tst.go:30:14:30:20 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | -| tst.go:31:2:31:40 | call to Post | tst.go:10:13:10:35 | call to FormValue | tst.go:31:14:31:20 | tainted | The $@ of this request depends on a $@. | tst.go:31:14:31:20 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | -| tst.go:32:2:32:30 | call to PostForm | tst.go:10:13:10:35 | call to FormValue | tst.go:32:18:32:24 | tainted | The $@ of this request depends on a $@. | tst.go:32:18:32:24 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | -| tst.go:34:2:34:30 | call to Get | tst.go:10:13:10:35 | call to FormValue | tst.go:34:11:34:29 | ...+... | The $@ of this request depends on a $@. | tst.go:34:11:34:29 | ...+... | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | -| tst.go:36:2:36:41 | call to Get | tst.go:10:13:10:35 | call to FormValue | tst.go:36:11:36:40 | ...+... | The $@ of this request depends on a $@. | tst.go:36:11:36:40 | ...+... | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | -| tst.go:44:2:44:21 | call to Get | tst.go:10:13:10:35 | call to FormValue | tst.go:44:11:44:20 | call to String | The $@ of this request depends on a $@. | tst.go:44:11:44:20 | call to String | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | +| tst.go:18:2:18:18 | call to Get | tst.go:10:13:10:35 | call to FormValue | tst.go:18:11:18:17 | tainted | The $@ of this request depends on a $@. | tst.go:18:11:18:17 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | +| tst.go:20:2:20:19 | call to Head | tst.go:10:13:10:35 | call to FormValue | tst.go:20:12:20:18 | tainted | The $@ of this request depends on a $@. | tst.go:20:12:20:18 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | +| tst.go:22:2:22:38 | call to Post | tst.go:10:13:10:35 | call to FormValue | tst.go:22:12:22:18 | tainted | The $@ of this request depends on a $@. | tst.go:22:12:22:18 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | +| tst.go:24:2:24:28 | call to PostForm | tst.go:10:13:10:35 | call to FormValue | tst.go:24:16:24:22 | tainted | The $@ of this request depends on a $@. | tst.go:24:16:24:22 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | +| tst.go:28:2:28:15 | call to Do | tst.go:10:13:10:35 | call to FormValue | tst.go:27:35:27:41 | tainted | The $@ of this request depends on a $@. | tst.go:27:35:27:41 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | +| tst.go:31:2:31:15 | call to Do | tst.go:10:13:10:35 | call to FormValue | tst.go:30:68:30:74 | tainted | The $@ of this request depends on a $@. | tst.go:30:68:30:74 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | +| tst.go:33:2:33:20 | call to Get | tst.go:10:13:10:35 | call to FormValue | tst.go:33:13:33:19 | tainted | The $@ of this request depends on a $@. | tst.go:33:13:33:19 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | +| tst.go:34:2:34:21 | call to Head | tst.go:10:13:10:35 | call to FormValue | tst.go:34:14:34:20 | tainted | The $@ of this request depends on a $@. | tst.go:34:14:34:20 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | +| tst.go:35:2:35:40 | call to Post | tst.go:10:13:10:35 | call to FormValue | tst.go:35:14:35:20 | tainted | The $@ of this request depends on a $@. | tst.go:35:14:35:20 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | +| tst.go:36:2:36:30 | call to PostForm | tst.go:10:13:10:35 | call to FormValue | tst.go:36:18:36:24 | tainted | The $@ of this request depends on a $@. | tst.go:36:18:36:24 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | +| tst.go:38:2:38:30 | call to Get | tst.go:10:13:10:35 | call to FormValue | tst.go:38:11:38:29 | ...+... | The $@ of this request depends on a $@. | tst.go:38:11:38:29 | ...+... | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | +| tst.go:40:2:40:41 | call to Get | tst.go:10:13:10:35 | call to FormValue | tst.go:40:11:40:40 | ...+... | The $@ of this request depends on a $@. | tst.go:40:11:40:40 | ...+... | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | +| tst.go:48:2:48:21 | call to Get | tst.go:10:13:10:35 | call to FormValue | tst.go:48:11:48:20 | call to String | The $@ of this request depends on a $@. | tst.go:48:11:48:20 | call to String | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | | websocket.go:65:12:65:53 | call to Dial | websocket.go:60:21:60:31 | call to Referer | websocket.go:65:27:65:40 | untrustedInput | The $@ of this request depends on a $@. | websocket.go:65:27:65:40 | untrustedInput | WebSocket URL | websocket.go:60:21:60:31 | call to Referer | user-provided value | | websocket.go:79:13:79:40 | call to DialConfig | websocket.go:74:21:74:31 | call to Referer | websocket.go:78:36:78:49 | untrustedInput | The $@ of this request depends on a $@. | websocket.go:78:36:78:49 | untrustedInput | WebSocket URL | websocket.go:74:21:74:31 | call to Referer | user-provided value | | websocket.go:91:3:91:50 | call to Dial | websocket.go:88:21:88:31 | call to Referer | websocket.go:91:31:91:44 | untrustedInput | The $@ of this request depends on a $@. | websocket.go:91:31:91:44 | untrustedInput | WebSocket URL | websocket.go:88:21:88:31 | call to Referer | user-provided value | @@ -24,29 +24,24 @@ | websocket.go:204:7:204:29 | call to New | websocket.go:202:21:202:31 | call to Referer | websocket.go:204:15:204:28 | untrustedInput | The $@ of this request depends on a $@. | websocket.go:204:15:204:28 | untrustedInput | WebSocket URL | websocket.go:202:21:202:31 | call to Referer | user-provided value | edges | RequestForgery.go:8:12:8:34 | call to FormValue | RequestForgery.go:11:24:11:65 | ...+... | provenance | Src:MaD:1 | -| tst.go:10:13:10:35 | call to FormValue | tst.go:14:11:14:17 | tainted | provenance | Src:MaD:1 | -| tst.go:10:13:10:35 | call to FormValue | tst.go:16:12:16:18 | tainted | provenance | Src:MaD:1 | -| tst.go:10:13:10:35 | call to FormValue | tst.go:18:12:18:18 | tainted | provenance | Src:MaD:1 | -| tst.go:10:13:10:35 | call to FormValue | tst.go:20:16:20:22 | tainted | provenance | Src:MaD:1 | -| tst.go:10:13:10:35 | call to FormValue | tst.go:23:35:23:41 | tainted | provenance | Src:MaD:1 | -| tst.go:10:13:10:35 | call to FormValue | tst.go:26:68:26:74 | tainted | provenance | Src:MaD:1 | -| tst.go:10:13:10:35 | call to FormValue | tst.go:29:13:29:19 | tainted | provenance | Src:MaD:1 | -| tst.go:10:13:10:35 | call to FormValue | tst.go:30:14:30:20 | tainted | provenance | Src:MaD:1 | -| tst.go:10:13:10:35 | call to FormValue | tst.go:31:14:31:20 | tainted | provenance | Src:MaD:1 | -| tst.go:10:13:10:35 | call to FormValue | tst.go:32:18:32:24 | tainted | provenance | Src:MaD:1 | -| tst.go:10:13:10:35 | call to FormValue | tst.go:34:11:34:29 | ...+... | provenance | Src:MaD:1 | -| tst.go:10:13:10:35 | call to FormValue | tst.go:36:11:36:40 | ...+... | provenance | Src:MaD:1 | -| tst.go:10:13:10:35 | call to FormValue | tst.go:43:11:43:17 | tainted | provenance | Src:MaD:1 | -| tst.go:42:2:42:2 | definition of u [pointer] | tst.go:43:2:43:2 | u [pointer] | provenance | | -| tst.go:43:2:43:2 | implicit dereference | tst.go:42:2:42:2 | definition of u [pointer] | provenance | | -| tst.go:43:2:43:2 | implicit dereference | tst.go:43:2:43:2 | u | provenance | | -| tst.go:43:2:43:2 | implicit dereference | tst.go:44:11:44:11 | u | provenance | | -| tst.go:43:2:43:2 | u | tst.go:43:2:43:2 | implicit dereference | provenance | | -| tst.go:43:2:43:2 | u | tst.go:44:11:44:11 | u | provenance | | -| tst.go:43:2:43:2 | u [pointer] | tst.go:43:2:43:2 | implicit dereference | provenance | | -| tst.go:43:11:43:17 | tainted | tst.go:43:2:43:2 | u | provenance | Config | -| tst.go:43:11:43:17 | tainted | tst.go:44:11:44:11 | u | provenance | Config | -| tst.go:44:11:44:11 | u | tst.go:44:11:44:20 | call to String | provenance | MaD:3 | +| tst.go:10:13:10:35 | call to FormValue | tst.go:18:11:18:17 | tainted | provenance | Src:MaD:1 | +| tst.go:10:13:10:35 | call to FormValue | tst.go:20:12:20:18 | tainted | provenance | Src:MaD:1 | +| tst.go:10:13:10:35 | call to FormValue | tst.go:22:12:22:18 | tainted | provenance | Src:MaD:1 | +| tst.go:10:13:10:35 | call to FormValue | tst.go:24:16:24:22 | tainted | provenance | Src:MaD:1 | +| tst.go:10:13:10:35 | call to FormValue | tst.go:27:35:27:41 | tainted | provenance | Src:MaD:1 | +| tst.go:10:13:10:35 | call to FormValue | tst.go:30:68:30:74 | tainted | provenance | Src:MaD:1 | +| tst.go:10:13:10:35 | call to FormValue | tst.go:33:13:33:19 | tainted | provenance | Src:MaD:1 | +| tst.go:10:13:10:35 | call to FormValue | tst.go:34:14:34:20 | tainted | provenance | Src:MaD:1 | +| tst.go:10:13:10:35 | call to FormValue | tst.go:35:14:35:20 | tainted | provenance | Src:MaD:1 | +| tst.go:10:13:10:35 | call to FormValue | tst.go:36:18:36:24 | tainted | provenance | Src:MaD:1 | +| tst.go:10:13:10:35 | call to FormValue | tst.go:38:11:38:29 | ...+... | provenance | Src:MaD:1 | +| tst.go:10:13:10:35 | call to FormValue | tst.go:40:11:40:40 | ...+... | provenance | Src:MaD:1 | +| tst.go:10:13:10:35 | call to FormValue | tst.go:47:11:47:18 | tainted2 | provenance | Src:MaD:1 | +| tst.go:47:2:47:2 | implicit dereference [postupdate] | tst.go:47:2:47:2 | u [postupdate] | provenance | | +| tst.go:47:2:47:2 | u [postupdate] | tst.go:48:11:48:11 | u | provenance | | +| tst.go:47:11:47:18 | tainted2 | tst.go:47:2:47:2 | implicit dereference [postupdate] | provenance | Config | +| tst.go:47:11:47:18 | tainted2 | tst.go:47:2:47:2 | u [postupdate] | provenance | Config | +| tst.go:48:11:48:11 | u | tst.go:48:11:48:20 | call to String | provenance | MaD:3 | | websocket.go:60:21:60:31 | call to Referer | websocket.go:65:27:65:40 | untrustedInput | provenance | Src:MaD:2 | | websocket.go:74:21:74:31 | call to Referer | websocket.go:78:36:78:49 | untrustedInput | provenance | Src:MaD:2 | | websocket.go:88:21:88:31 | call to Referer | websocket.go:91:31:91:44 | untrustedInput | provenance | Src:MaD:2 | @@ -64,25 +59,23 @@ nodes | RequestForgery.go:8:12:8:34 | call to FormValue | semmle.label | call to FormValue | | RequestForgery.go:11:24:11:65 | ...+... | semmle.label | ...+... | | tst.go:10:13:10:35 | call to FormValue | semmle.label | call to FormValue | -| tst.go:14:11:14:17 | tainted | semmle.label | tainted | -| tst.go:16:12:16:18 | tainted | semmle.label | tainted | -| tst.go:18:12:18:18 | tainted | semmle.label | tainted | -| tst.go:20:16:20:22 | tainted | semmle.label | tainted | -| tst.go:23:35:23:41 | tainted | semmle.label | tainted | -| tst.go:26:68:26:74 | tainted | semmle.label | tainted | -| tst.go:29:13:29:19 | tainted | semmle.label | tainted | -| tst.go:30:14:30:20 | tainted | semmle.label | tainted | -| tst.go:31:14:31:20 | tainted | semmle.label | tainted | -| tst.go:32:18:32:24 | tainted | semmle.label | tainted | -| tst.go:34:11:34:29 | ...+... | semmle.label | ...+... | -| tst.go:36:11:36:40 | ...+... | semmle.label | ...+... | -| tst.go:42:2:42:2 | definition of u [pointer] | semmle.label | definition of u [pointer] | -| tst.go:43:2:43:2 | implicit dereference | semmle.label | implicit dereference | -| tst.go:43:2:43:2 | u | semmle.label | u | -| tst.go:43:2:43:2 | u [pointer] | semmle.label | u [pointer] | -| tst.go:43:11:43:17 | tainted | semmle.label | tainted | -| tst.go:44:11:44:11 | u | semmle.label | u | -| tst.go:44:11:44:20 | call to String | semmle.label | call to String | +| tst.go:18:11:18:17 | tainted | semmle.label | tainted | +| tst.go:20:12:20:18 | tainted | semmle.label | tainted | +| tst.go:22:12:22:18 | tainted | semmle.label | tainted | +| tst.go:24:16:24:22 | tainted | semmle.label | tainted | +| tst.go:27:35:27:41 | tainted | semmle.label | tainted | +| tst.go:30:68:30:74 | tainted | semmle.label | tainted | +| tst.go:33:13:33:19 | tainted | semmle.label | tainted | +| tst.go:34:14:34:20 | tainted | semmle.label | tainted | +| tst.go:35:14:35:20 | tainted | semmle.label | tainted | +| tst.go:36:18:36:24 | tainted | semmle.label | tainted | +| tst.go:38:11:38:29 | ...+... | semmle.label | ...+... | +| tst.go:40:11:40:40 | ...+... | semmle.label | ...+... | +| tst.go:47:2:47:2 | implicit dereference [postupdate] | semmle.label | implicit dereference [postupdate] | +| tst.go:47:2:47:2 | u [postupdate] | semmle.label | u [postupdate] | +| tst.go:47:11:47:18 | tainted2 | semmle.label | tainted2 | +| tst.go:48:11:48:11 | u | semmle.label | u | +| tst.go:48:11:48:20 | call to String | semmle.label | call to String | | websocket.go:60:21:60:31 | call to Referer | semmle.label | call to Referer | | websocket.go:65:27:65:40 | untrustedInput | semmle.label | untrustedInput | | websocket.go:74:21:74:31 | call to Referer | semmle.label | call to Referer | diff --git a/go/ql/test/query-tests/Security/CWE-918/tst.go b/go/ql/test/query-tests/Security/CWE-918/tst.go index 44a172ddad0..02f65507abd 100644 --- a/go/ql/test/query-tests/Security/CWE-918/tst.go +++ b/go/ql/test/query-tests/Security/CWE-918/tst.go @@ -8,6 +8,10 @@ import ( func handler2(w http.ResponseWriter, req *http.Request) { tainted := req.FormValue("target") // $ Source + // Gratuitous copy due to use-use flow propagating sanitization when + // used as a suffix in the last two OK cases forwards onto the final + // Not OK case. + tainted2 := tainted http.Get("example.com") // OK @@ -40,7 +44,7 @@ func handler2(w http.ResponseWriter, req *http.Request) { http.Get("http://example.com/?" + tainted) // OK u, _ := url.Parse("http://example.com/relative-path") - u.Host = tainted + u.Host = tainted2 http.Get(u.String()) // $ Alert } diff --git a/java/ql/integration-tests/java/buildless-dependency-different-repository/test.py b/java/ql/integration-tests/java/buildless-dependency-different-repository/test.py index 6e0e201d9a2..8a5efabf941 100644 --- a/java/ql/integration-tests/java/buildless-dependency-different-repository/test.py +++ b/java/ql/integration-tests/java/buildless-dependency-different-repository/test.py @@ -4,8 +4,8 @@ import logging def test(codeql, java): # Each of these serves the "repo" and "repo2" directories on http://localhost:924[89] - repo_server_process = subprocess.Popen(["python3", "-m", "http.server", "9428"], cwd="repo") - repo_server_process2 = subprocess.Popen(["python3", "-m", "http.server", "9429"], cwd="repo2") + repo_server_process = subprocess.Popen(["python3", "-m", "http.server", "9428", "-b", "localhost"], cwd="repo") + repo_server_process2 = subprocess.Popen(["python3", "-m", "http.server", "9429", "-b", "localhost"], cwd="repo2") try: codeql.database.create( extractor_option="buildless=true", diff --git a/rust/ql/test/library-tests/operations/Operations.expected b/java/ql/integration-tests/java/evaluation-to-constant-errortype/ConstantExpAppearsNonConstant.expected similarity index 100% rename from rust/ql/test/library-tests/operations/Operations.expected rename to java/ql/integration-tests/java/evaluation-to-constant-errortype/ConstantExpAppearsNonConstant.expected diff --git a/java/ql/integration-tests/java/evaluation-to-constant-errortype/ConstantExpAppearsNonConstant.qlref b/java/ql/integration-tests/java/evaluation-to-constant-errortype/ConstantExpAppearsNonConstant.qlref new file mode 100644 index 00000000000..6d2b25768e5 --- /dev/null +++ b/java/ql/integration-tests/java/evaluation-to-constant-errortype/ConstantExpAppearsNonConstant.qlref @@ -0,0 +1,2 @@ +query: Likely Bugs/Arithmetic/ConstantExpAppearsNonConstant.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql \ No newline at end of file diff --git a/java/ql/integration-tests/java/evaluation-to-constant-errortype/Test.java b/java/ql/integration-tests/java/evaluation-to-constant-errortype/Test.java new file mode 100644 index 00000000000..913c7817c7f --- /dev/null +++ b/java/ql/integration-tests/java/evaluation-to-constant-errortype/Test.java @@ -0,0 +1,7 @@ +class Test { + public static void updateFlashlights(Minecraft mc){ + if(mc.world != null){ + + } + } +} \ No newline at end of file diff --git a/java/ql/integration-tests/java/evaluation-to-constant-errortype/test.py b/java/ql/integration-tests/java/evaluation-to-constant-errortype/test.py new file mode 100644 index 00000000000..759e4cf8b82 --- /dev/null +++ b/java/ql/integration-tests/java/evaluation-to-constant-errortype/test.py @@ -0,0 +1,2 @@ +def test(codeql, java): + codeql.database.create(build_mode="none") \ No newline at end of file diff --git a/java/ql/integration-tests/java/lambda-expression-buildless-recovery/ExtractionErrors.expected b/java/ql/integration-tests/java/lambda-expression-buildless-recovery/ExtractionErrors.expected new file mode 100644 index 00000000000..c9e472ebeb6 --- /dev/null +++ b/java/ql/integration-tests/java/lambda-expression-buildless-recovery/ExtractionErrors.expected @@ -0,0 +1,3 @@ +| Frontend errors in file: (2 errors during annotation processing) | 2 | +| Frontend errors in file: Test.java (7 javac errors) | 2 | +| Unknown errors in file: Test.java (5) | 2 | diff --git a/java/ql/integration-tests/java/lambda-expression-buildless-recovery/ExtractionErrors.qlref b/java/ql/integration-tests/java/lambda-expression-buildless-recovery/ExtractionErrors.qlref new file mode 100644 index 00000000000..488db09ab05 --- /dev/null +++ b/java/ql/integration-tests/java/lambda-expression-buildless-recovery/ExtractionErrors.qlref @@ -0,0 +1 @@ +Diagnostics/ExtractionErrors.ql diff --git a/java/ql/integration-tests/java/lambda-expression-buildless-recovery/Test.java b/java/ql/integration-tests/java/lambda-expression-buildless-recovery/Test.java new file mode 100644 index 00000000000..e1df4c2a42f --- /dev/null +++ b/java/ql/integration-tests/java/lambda-expression-buildless-recovery/Test.java @@ -0,0 +1,35 @@ +// The import below is intentionally commented out to test buildless recovery. +// import java.util.stream.Stream; + +public class LambdaBuildlessRecoveryTest { + + private Stream getStringStream() { + return getStringStream(); + } + + public void testSimpleLambdaExpression() { + int unused = 0; + Stream s = getStringStream(); + Stream mapped = s.map(x -> x); + mapped.forEach(System.out::println); + } + + public void testLambdaWithBlockBody() { + int unused = 42; + Stream s = getStringStream(); + Stream filtered = s.filter(item -> { + int unused = 42; + String proc = item.toUpperCase(); + return proc.length() > 0; + }); + filtered.forEach(System.out::println); + } + + public void testVariableCapture() { + int unused = 99; + String prefix = "proc_"; + Stream s = getStringStream(); + Stream result = s.map(item -> prefix + item); + result.forEach(System.out::println); + } +} diff --git a/java/ql/integration-tests/java/lambda-expression-buildless-recovery/test.py b/java/ql/integration-tests/java/lambda-expression-buildless-recovery/test.py new file mode 100755 index 00000000000..773127096a7 --- /dev/null +++ b/java/ql/integration-tests/java/lambda-expression-buildless-recovery/test.py @@ -0,0 +1,5 @@ +def test(codeql, java, use_java_17): + codeql.database.create( + build_mode="none", + source_root="." + ) \ No newline at end of file diff --git a/java/ql/integration-tests/java/lambda-expression-buildless-recovery/unused_variable.expected b/java/ql/integration-tests/java/lambda-expression-buildless-recovery/unused_variable.expected new file mode 100644 index 00000000000..282d65e7e63 --- /dev/null +++ b/java/ql/integration-tests/java/lambda-expression-buildless-recovery/unused_variable.expected @@ -0,0 +1,4 @@ +| Test.java:11:9:11:23 | int unused | +| Test.java:18:9:18:24 | int unused | +| Test.java:21:13:21:28 | int unused | +| Test.java:29:9:29:24 | int unused | \ No newline at end of file diff --git a/java/ql/integration-tests/java/lambda-expression-buildless-recovery/unused_variable.ql b/java/ql/integration-tests/java/lambda-expression-buildless-recovery/unused_variable.ql new file mode 100644 index 00000000000..cba463c0827 --- /dev/null +++ b/java/ql/integration-tests/java/lambda-expression-buildless-recovery/unused_variable.ql @@ -0,0 +1,5 @@ +import java + +from LocalVariableDecl v +where not exists(v.getAnAccess()) and exists(v.getFile().getRelativePath()) +select v diff --git a/java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/ExtractionErrors.expected b/java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/ExtractionErrors.expected new file mode 100644 index 00000000000..e69de29bb2d diff --git a/java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/ExtractionErrors.qlref b/java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/ExtractionErrors.qlref new file mode 100644 index 00000000000..5e501b2469d --- /dev/null +++ b/java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/ExtractionErrors.qlref @@ -0,0 +1 @@ +Diagnostics/ExtractionErrors.ql \ No newline at end of file diff --git a/java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/app/.mvn/wrapper/maven-wrapper.properties b/java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/app/.mvn/wrapper/maven-wrapper.properties new file mode 100644 index 00000000000..c0bcafe984f --- /dev/null +++ b/java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/app/.mvn/wrapper/maven-wrapper.properties @@ -0,0 +1,3 @@ +wrapperVersion=3.3.4 +distributionType=only-script +distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.11/apache-maven-3.9.11-bin.zip diff --git a/java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/app/mvnw b/java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/app/mvnw new file mode 100755 index 00000000000..bd8896bf221 --- /dev/null +++ b/java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/app/mvnw @@ -0,0 +1,295 @@ +#!/bin/sh +# ---------------------------------------------------------------------------- +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# ---------------------------------------------------------------------------- + +# ---------------------------------------------------------------------------- +# Apache Maven Wrapper startup batch script, version 3.3.4 +# +# Optional ENV vars +# ----------------- +# JAVA_HOME - location of a JDK home dir, required when download maven via java source +# MVNW_REPOURL - repo url base for downloading maven distribution +# MVNW_USERNAME/MVNW_PASSWORD - user and password for downloading maven +# MVNW_VERBOSE - true: enable verbose log; debug: trace the mvnw script; others: silence the output +# ---------------------------------------------------------------------------- + +set -euf +[ "${MVNW_VERBOSE-}" != debug ] || set -x + +# OS specific support. +native_path() { printf %s\\n "$1"; } +case "$(uname)" in +CYGWIN* | MINGW*) + [ -z "${JAVA_HOME-}" ] || JAVA_HOME="$(cygpath --unix "$JAVA_HOME")" + native_path() { cygpath --path --windows "$1"; } + ;; +esac + +# set JAVACMD and JAVACCMD +set_java_home() { + # For Cygwin and MinGW, ensure paths are in Unix format before anything is touched + if [ -n "${JAVA_HOME-}" ]; then + if [ -x "$JAVA_HOME/jre/sh/java" ]; then + # IBM's JDK on AIX uses strange locations for the executables + JAVACMD="$JAVA_HOME/jre/sh/java" + JAVACCMD="$JAVA_HOME/jre/sh/javac" + else + JAVACMD="$JAVA_HOME/bin/java" + JAVACCMD="$JAVA_HOME/bin/javac" + + if [ ! -x "$JAVACMD" ] || [ ! -x "$JAVACCMD" ]; then + echo "The JAVA_HOME environment variable is not defined correctly, so mvnw cannot run." >&2 + echo "JAVA_HOME is set to \"$JAVA_HOME\", but \"\$JAVA_HOME/bin/java\" or \"\$JAVA_HOME/bin/javac\" does not exist." >&2 + return 1 + fi + fi + else + JAVACMD="$( + 'set' +e + 'unset' -f command 2>/dev/null + 'command' -v java + )" || : + JAVACCMD="$( + 'set' +e + 'unset' -f command 2>/dev/null + 'command' -v javac + )" || : + + if [ ! -x "${JAVACMD-}" ] || [ ! -x "${JAVACCMD-}" ]; then + echo "The java/javac command does not exist in PATH nor is JAVA_HOME set, so mvnw cannot run." >&2 + return 1 + fi + fi +} + +# hash string like Java String::hashCode +hash_string() { + str="${1:-}" h=0 + while [ -n "$str" ]; do + char="${str%"${str#?}"}" + h=$(((h * 31 + $(LC_CTYPE=C printf %d "'$char")) % 4294967296)) + str="${str#?}" + done + printf %x\\n $h +} + +verbose() { :; } +[ "${MVNW_VERBOSE-}" != true ] || verbose() { printf %s\\n "${1-}"; } + +die() { + printf %s\\n "$1" >&2 + exit 1 +} + +trim() { + # MWRAPPER-139: + # Trims trailing and leading whitespace, carriage returns, tabs, and linefeeds. + # Needed for removing poorly interpreted newline sequences when running in more + # exotic environments such as mingw bash on Windows. + printf "%s" "${1}" | tr -d '[:space:]' +} + +scriptDir="$(dirname "$0")" +scriptName="$(basename "$0")" + +# parse distributionUrl and optional distributionSha256Sum, requires .mvn/wrapper/maven-wrapper.properties +while IFS="=" read -r key value; do + case "${key-}" in + distributionUrl) distributionUrl=$(trim "${value-}") ;; + distributionSha256Sum) distributionSha256Sum=$(trim "${value-}") ;; + esac +done <"$scriptDir/.mvn/wrapper/maven-wrapper.properties" +[ -n "${distributionUrl-}" ] || die "cannot read distributionUrl property in $scriptDir/.mvn/wrapper/maven-wrapper.properties" + +case "${distributionUrl##*/}" in +maven-mvnd-*bin.*) + MVN_CMD=mvnd.sh _MVNW_REPO_PATTERN=/maven/mvnd/ + case "${PROCESSOR_ARCHITECTURE-}${PROCESSOR_ARCHITEW6432-}:$(uname -a)" in + *AMD64:CYGWIN* | *AMD64:MINGW*) distributionPlatform=windows-amd64 ;; + :Darwin*x86_64) distributionPlatform=darwin-amd64 ;; + :Darwin*arm64) distributionPlatform=darwin-aarch64 ;; + :Linux*x86_64*) distributionPlatform=linux-amd64 ;; + *) + echo "Cannot detect native platform for mvnd on $(uname)-$(uname -m), use pure java version" >&2 + distributionPlatform=linux-amd64 + ;; + esac + distributionUrl="${distributionUrl%-bin.*}-$distributionPlatform.zip" + ;; +maven-mvnd-*) MVN_CMD=mvnd.sh _MVNW_REPO_PATTERN=/maven/mvnd/ ;; +*) MVN_CMD="mvn${scriptName#mvnw}" _MVNW_REPO_PATTERN=/org/apache/maven/ ;; +esac + +# apply MVNW_REPOURL and calculate MAVEN_HOME +# maven home pattern: ~/.m2/wrapper/dists/{apache-maven-,maven-mvnd--}/ +[ -z "${MVNW_REPOURL-}" ] || distributionUrl="$MVNW_REPOURL$_MVNW_REPO_PATTERN${distributionUrl#*"$_MVNW_REPO_PATTERN"}" +distributionUrlName="${distributionUrl##*/}" +distributionUrlNameMain="${distributionUrlName%.*}" +distributionUrlNameMain="${distributionUrlNameMain%-bin}" +MAVEN_USER_HOME="${MAVEN_USER_HOME:-${HOME}/.m2}" +MAVEN_HOME="${MAVEN_USER_HOME}/wrapper/dists/${distributionUrlNameMain-}/$(hash_string "$distributionUrl")" + +exec_maven() { + unset MVNW_VERBOSE MVNW_USERNAME MVNW_PASSWORD MVNW_REPOURL || : + exec "$MAVEN_HOME/bin/$MVN_CMD" "$@" || die "cannot exec $MAVEN_HOME/bin/$MVN_CMD" +} + +if [ -d "$MAVEN_HOME" ]; then + verbose "found existing MAVEN_HOME at $MAVEN_HOME" + exec_maven "$@" +fi + +case "${distributionUrl-}" in +*?-bin.zip | *?maven-mvnd-?*-?*.zip) ;; +*) die "distributionUrl is not valid, must match *-bin.zip or maven-mvnd-*.zip, but found '${distributionUrl-}'" ;; +esac + +# prepare tmp dir +if TMP_DOWNLOAD_DIR="$(mktemp -d)" && [ -d "$TMP_DOWNLOAD_DIR" ]; then + clean() { rm -rf -- "$TMP_DOWNLOAD_DIR"; } + trap clean HUP INT TERM EXIT +else + die "cannot create temp dir" +fi + +mkdir -p -- "${MAVEN_HOME%/*}" + +# Download and Install Apache Maven +verbose "Couldn't find MAVEN_HOME, downloading and installing it ..." +verbose "Downloading from: $distributionUrl" +verbose "Downloading to: $TMP_DOWNLOAD_DIR/$distributionUrlName" + +# select .zip or .tar.gz +if ! command -v unzip >/dev/null; then + distributionUrl="${distributionUrl%.zip}.tar.gz" + distributionUrlName="${distributionUrl##*/}" +fi + +# verbose opt +__MVNW_QUIET_WGET=--quiet __MVNW_QUIET_CURL=--silent __MVNW_QUIET_UNZIP=-q __MVNW_QUIET_TAR='' +[ "${MVNW_VERBOSE-}" != true ] || __MVNW_QUIET_WGET='' __MVNW_QUIET_CURL='' __MVNW_QUIET_UNZIP='' __MVNW_QUIET_TAR=v + +# normalize http auth +case "${MVNW_PASSWORD:+has-password}" in +'') MVNW_USERNAME='' MVNW_PASSWORD='' ;; +has-password) [ -n "${MVNW_USERNAME-}" ] || MVNW_USERNAME='' MVNW_PASSWORD='' ;; +esac + +if [ -z "${MVNW_USERNAME-}" ] && command -v wget >/dev/null; then + verbose "Found wget ... using wget" + wget ${__MVNW_QUIET_WGET:+"$__MVNW_QUIET_WGET"} "$distributionUrl" -O "$TMP_DOWNLOAD_DIR/$distributionUrlName" || die "wget: Failed to fetch $distributionUrl" +elif [ -z "${MVNW_USERNAME-}" ] && command -v curl >/dev/null; then + verbose "Found curl ... using curl" + curl ${__MVNW_QUIET_CURL:+"$__MVNW_QUIET_CURL"} -f -L -o "$TMP_DOWNLOAD_DIR/$distributionUrlName" "$distributionUrl" || die "curl: Failed to fetch $distributionUrl" +elif set_java_home; then + verbose "Falling back to use Java to download" + javaSource="$TMP_DOWNLOAD_DIR/Downloader.java" + targetZip="$TMP_DOWNLOAD_DIR/$distributionUrlName" + cat >"$javaSource" <<-END + public class Downloader extends java.net.Authenticator + { + protected java.net.PasswordAuthentication getPasswordAuthentication() + { + return new java.net.PasswordAuthentication( System.getenv( "MVNW_USERNAME" ), System.getenv( "MVNW_PASSWORD" ).toCharArray() ); + } + public static void main( String[] args ) throws Exception + { + setDefault( new Downloader() ); + java.nio.file.Files.copy( java.net.URI.create( args[0] ).toURL().openStream(), java.nio.file.Paths.get( args[1] ).toAbsolutePath().normalize() ); + } + } + END + # For Cygwin/MinGW, switch paths to Windows format before running javac and java + verbose " - Compiling Downloader.java ..." + "$(native_path "$JAVACCMD")" "$(native_path "$javaSource")" || die "Failed to compile Downloader.java" + verbose " - Running Downloader.java ..." + "$(native_path "$JAVACMD")" -cp "$(native_path "$TMP_DOWNLOAD_DIR")" Downloader "$distributionUrl" "$(native_path "$targetZip")" +fi + +# If specified, validate the SHA-256 sum of the Maven distribution zip file +if [ -n "${distributionSha256Sum-}" ]; then + distributionSha256Result=false + if [ "$MVN_CMD" = mvnd.sh ]; then + echo "Checksum validation is not supported for maven-mvnd." >&2 + echo "Please disable validation by removing 'distributionSha256Sum' from your maven-wrapper.properties." >&2 + exit 1 + elif command -v sha256sum >/dev/null; then + if echo "$distributionSha256Sum $TMP_DOWNLOAD_DIR/$distributionUrlName" | sha256sum -c - >/dev/null 2>&1; then + distributionSha256Result=true + fi + elif command -v shasum >/dev/null; then + if echo "$distributionSha256Sum $TMP_DOWNLOAD_DIR/$distributionUrlName" | shasum -a 256 -c >/dev/null 2>&1; then + distributionSha256Result=true + fi + else + echo "Checksum validation was requested but neither 'sha256sum' or 'shasum' are available." >&2 + echo "Please install either command, or disable validation by removing 'distributionSha256Sum' from your maven-wrapper.properties." >&2 + exit 1 + fi + if [ $distributionSha256Result = false ]; then + echo "Error: Failed to validate Maven distribution SHA-256, your Maven distribution might be compromised." >&2 + echo "If you updated your Maven version, you need to update the specified distributionSha256Sum property." >&2 + exit 1 + fi +fi + +# unzip and move +if command -v unzip >/dev/null; then + unzip ${__MVNW_QUIET_UNZIP:+"$__MVNW_QUIET_UNZIP"} "$TMP_DOWNLOAD_DIR/$distributionUrlName" -d "$TMP_DOWNLOAD_DIR" || die "failed to unzip" +else + tar xzf${__MVNW_QUIET_TAR:+"$__MVNW_QUIET_TAR"} "$TMP_DOWNLOAD_DIR/$distributionUrlName" -C "$TMP_DOWNLOAD_DIR" || die "failed to untar" +fi + +# Find the actual extracted directory name (handles snapshots where filename != directory name) +actualDistributionDir="" + +# First try the expected directory name (for regular distributions) +if [ -d "$TMP_DOWNLOAD_DIR/$distributionUrlNameMain" ]; then + if [ -f "$TMP_DOWNLOAD_DIR/$distributionUrlNameMain/bin/$MVN_CMD" ]; then + actualDistributionDir="$distributionUrlNameMain" + fi +fi + +# If not found, search for any directory with the Maven executable (for snapshots) +if [ -z "$actualDistributionDir" ]; then + # enable globbing to iterate over items + set +f + for dir in "$TMP_DOWNLOAD_DIR"/*; do + if [ -d "$dir" ]; then + if [ -f "$dir/bin/$MVN_CMD" ]; then + actualDistributionDir="$(basename "$dir")" + break + fi + fi + done + set -f +fi + +if [ -z "$actualDistributionDir" ]; then + verbose "Contents of $TMP_DOWNLOAD_DIR:" + verbose "$(ls -la "$TMP_DOWNLOAD_DIR")" + die "Could not find Maven distribution directory in extracted archive" +fi + +verbose "Found extracted Maven distribution directory: $actualDistributionDir" +printf %s\\n "$distributionUrl" >"$TMP_DOWNLOAD_DIR/$actualDistributionDir/mvnw.url" +mv -- "$TMP_DOWNLOAD_DIR/$actualDistributionDir" "$MAVEN_HOME" || [ -d "$MAVEN_HOME" ] || die "fail to move MAVEN_HOME" + +clean || : +exec_maven "$@" diff --git a/java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/app/mvnw.cmd b/java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/app/mvnw.cmd new file mode 100644 index 00000000000..92450f93273 --- /dev/null +++ b/java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/app/mvnw.cmd @@ -0,0 +1,189 @@ +<# : batch portion +@REM ---------------------------------------------------------------------------- +@REM Licensed to the Apache Software Foundation (ASF) under one +@REM or more contributor license agreements. See the NOTICE file +@REM distributed with this work for additional information +@REM regarding copyright ownership. The ASF licenses this file +@REM to you under the Apache License, Version 2.0 (the +@REM "License"); you may not use this file except in compliance +@REM with the License. You may obtain a copy of the License at +@REM +@REM http://www.apache.org/licenses/LICENSE-2.0 +@REM +@REM Unless required by applicable law or agreed to in writing, +@REM software distributed under the License is distributed on an +@REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +@REM KIND, either express or implied. See the License for the +@REM specific language governing permissions and limitations +@REM under the License. +@REM ---------------------------------------------------------------------------- + +@REM ---------------------------------------------------------------------------- +@REM Apache Maven Wrapper startup batch script, version 3.3.4 +@REM +@REM Optional ENV vars +@REM MVNW_REPOURL - repo url base for downloading maven distribution +@REM MVNW_USERNAME/MVNW_PASSWORD - user and password for downloading maven +@REM MVNW_VERBOSE - true: enable verbose log; others: silence the output +@REM ---------------------------------------------------------------------------- + +@IF "%__MVNW_ARG0_NAME__%"=="" (SET __MVNW_ARG0_NAME__=%~nx0) +@SET __MVNW_CMD__= +@SET __MVNW_ERROR__= +@SET __MVNW_PSMODULEP_SAVE=%PSModulePath% +@SET PSModulePath= +@FOR /F "usebackq tokens=1* delims==" %%A IN (`powershell -noprofile "& {$scriptDir='%~dp0'; $script='%__MVNW_ARG0_NAME__%'; icm -ScriptBlock ([Scriptblock]::Create((Get-Content -Raw '%~f0'))) -NoNewScope}"`) DO @( + IF "%%A"=="MVN_CMD" (set __MVNW_CMD__=%%B) ELSE IF "%%B"=="" (echo %%A) ELSE (echo %%A=%%B) +) +@SET PSModulePath=%__MVNW_PSMODULEP_SAVE% +@SET __MVNW_PSMODULEP_SAVE= +@SET __MVNW_ARG0_NAME__= +@SET MVNW_USERNAME= +@SET MVNW_PASSWORD= +@IF NOT "%__MVNW_CMD__%"=="" ("%__MVNW_CMD__%" %*) +@echo Cannot start maven from wrapper >&2 && exit /b 1 +@GOTO :EOF +: end batch / begin powershell #> + +$ErrorActionPreference = "Stop" +if ($env:MVNW_VERBOSE -eq "true") { + $VerbosePreference = "Continue" +} + +# calculate distributionUrl, requires .mvn/wrapper/maven-wrapper.properties +$distributionUrl = (Get-Content -Raw "$scriptDir/.mvn/wrapper/maven-wrapper.properties" | ConvertFrom-StringData).distributionUrl +if (!$distributionUrl) { + Write-Error "cannot read distributionUrl property in $scriptDir/.mvn/wrapper/maven-wrapper.properties" +} + +switch -wildcard -casesensitive ( $($distributionUrl -replace '^.*/','') ) { + "maven-mvnd-*" { + $USE_MVND = $true + $distributionUrl = $distributionUrl -replace '-bin\.[^.]*$',"-windows-amd64.zip" + $MVN_CMD = "mvnd.cmd" + break + } + default { + $USE_MVND = $false + $MVN_CMD = $script -replace '^mvnw','mvn' + break + } +} + +# apply MVNW_REPOURL and calculate MAVEN_HOME +# maven home pattern: ~/.m2/wrapper/dists/{apache-maven-,maven-mvnd--}/ +if ($env:MVNW_REPOURL) { + $MVNW_REPO_PATTERN = if ($USE_MVND -eq $False) { "/org/apache/maven/" } else { "/maven/mvnd/" } + $distributionUrl = "$env:MVNW_REPOURL$MVNW_REPO_PATTERN$($distributionUrl -replace "^.*$MVNW_REPO_PATTERN",'')" +} +$distributionUrlName = $distributionUrl -replace '^.*/','' +$distributionUrlNameMain = $distributionUrlName -replace '\.[^.]*$','' -replace '-bin$','' + +$MAVEN_M2_PATH = "$HOME/.m2" +if ($env:MAVEN_USER_HOME) { + $MAVEN_M2_PATH = "$env:MAVEN_USER_HOME" +} + +if (-not (Test-Path -Path $MAVEN_M2_PATH)) { + New-Item -Path $MAVEN_M2_PATH -ItemType Directory | Out-Null +} + +$MAVEN_WRAPPER_DISTS = $null +if ((Get-Item $MAVEN_M2_PATH).Target[0] -eq $null) { + $MAVEN_WRAPPER_DISTS = "$MAVEN_M2_PATH/wrapper/dists" +} else { + $MAVEN_WRAPPER_DISTS = (Get-Item $MAVEN_M2_PATH).Target[0] + "/wrapper/dists" +} + +$MAVEN_HOME_PARENT = "$MAVEN_WRAPPER_DISTS/$distributionUrlNameMain" +$MAVEN_HOME_NAME = ([System.Security.Cryptography.SHA256]::Create().ComputeHash([byte[]][char[]]$distributionUrl) | ForEach-Object {$_.ToString("x2")}) -join '' +$MAVEN_HOME = "$MAVEN_HOME_PARENT/$MAVEN_HOME_NAME" + +if (Test-Path -Path "$MAVEN_HOME" -PathType Container) { + Write-Verbose "found existing MAVEN_HOME at $MAVEN_HOME" + Write-Output "MVN_CMD=$MAVEN_HOME/bin/$MVN_CMD" + exit $? +} + +if (! $distributionUrlNameMain -or ($distributionUrlName -eq $distributionUrlNameMain)) { + Write-Error "distributionUrl is not valid, must end with *-bin.zip, but found $distributionUrl" +} + +# prepare tmp dir +$TMP_DOWNLOAD_DIR_HOLDER = New-TemporaryFile +$TMP_DOWNLOAD_DIR = New-Item -Itemtype Directory -Path "$TMP_DOWNLOAD_DIR_HOLDER.dir" +$TMP_DOWNLOAD_DIR_HOLDER.Delete() | Out-Null +trap { + if ($TMP_DOWNLOAD_DIR.Exists) { + try { Remove-Item $TMP_DOWNLOAD_DIR -Recurse -Force | Out-Null } + catch { Write-Warning "Cannot remove $TMP_DOWNLOAD_DIR" } + } +} + +New-Item -Itemtype Directory -Path "$MAVEN_HOME_PARENT" -Force | Out-Null + +# Download and Install Apache Maven +Write-Verbose "Couldn't find MAVEN_HOME, downloading and installing it ..." +Write-Verbose "Downloading from: $distributionUrl" +Write-Verbose "Downloading to: $TMP_DOWNLOAD_DIR/$distributionUrlName" + +$webclient = New-Object System.Net.WebClient +if ($env:MVNW_USERNAME -and $env:MVNW_PASSWORD) { + $webclient.Credentials = New-Object System.Net.NetworkCredential($env:MVNW_USERNAME, $env:MVNW_PASSWORD) +} +[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 +$webclient.DownloadFile($distributionUrl, "$TMP_DOWNLOAD_DIR/$distributionUrlName") | Out-Null + +# If specified, validate the SHA-256 sum of the Maven distribution zip file +$distributionSha256Sum = (Get-Content -Raw "$scriptDir/.mvn/wrapper/maven-wrapper.properties" | ConvertFrom-StringData).distributionSha256Sum +if ($distributionSha256Sum) { + if ($USE_MVND) { + Write-Error "Checksum validation is not supported for maven-mvnd. `nPlease disable validation by removing 'distributionSha256Sum' from your maven-wrapper.properties." + } + Import-Module $PSHOME\Modules\Microsoft.PowerShell.Utility -Function Get-FileHash + if ((Get-FileHash "$TMP_DOWNLOAD_DIR/$distributionUrlName" -Algorithm SHA256).Hash.ToLower() -ne $distributionSha256Sum) { + Write-Error "Error: Failed to validate Maven distribution SHA-256, your Maven distribution might be compromised. If you updated your Maven version, you need to update the specified distributionSha256Sum property." + } +} + +# unzip and move +Expand-Archive "$TMP_DOWNLOAD_DIR/$distributionUrlName" -DestinationPath "$TMP_DOWNLOAD_DIR" | Out-Null + +# Find the actual extracted directory name (handles snapshots where filename != directory name) +$actualDistributionDir = "" + +# First try the expected directory name (for regular distributions) +$expectedPath = Join-Path "$TMP_DOWNLOAD_DIR" "$distributionUrlNameMain" +$expectedMvnPath = Join-Path "$expectedPath" "bin/$MVN_CMD" +if ((Test-Path -Path $expectedPath -PathType Container) -and (Test-Path -Path $expectedMvnPath -PathType Leaf)) { + $actualDistributionDir = $distributionUrlNameMain +} + +# If not found, search for any directory with the Maven executable (for snapshots) +if (!$actualDistributionDir) { + Get-ChildItem -Path "$TMP_DOWNLOAD_DIR" -Directory | ForEach-Object { + $testPath = Join-Path $_.FullName "bin/$MVN_CMD" + if (Test-Path -Path $testPath -PathType Leaf) { + $actualDistributionDir = $_.Name + } + } +} + +if (!$actualDistributionDir) { + Write-Error "Could not find Maven distribution directory in extracted archive" +} + +Write-Verbose "Found extracted Maven distribution directory: $actualDistributionDir" +Rename-Item -Path "$TMP_DOWNLOAD_DIR/$actualDistributionDir" -NewName $MAVEN_HOME_NAME | Out-Null +try { + Move-Item -Path "$TMP_DOWNLOAD_DIR/$MAVEN_HOME_NAME" -Destination $MAVEN_HOME_PARENT | Out-Null +} catch { + if (! (Test-Path -Path "$MAVEN_HOME" -PathType Container)) { + Write-Error "fail to move MAVEN_HOME" + } +} finally { + try { Remove-Item $TMP_DOWNLOAD_DIR -Recurse -Force | Out-Null } + catch { Write-Warning "Cannot remove $TMP_DOWNLOAD_DIR" } +} + +Write-Output "MVN_CMD=$MAVEN_HOME/bin/$MVN_CMD" diff --git a/java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/app/pom.xml b/java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/app/pom.xml new file mode 100644 index 00000000000..2d203a7dcba --- /dev/null +++ b/java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/app/pom.xml @@ -0,0 +1,38 @@ + + + 4.0.0 + + com.example + maven3-fetch-maven4-wrapper-test + 1.0.0 + jar + + Maven 3 Fetch Maven 4 Wrapper Test + Integration test for Maven 3 system trying to fetch Maven 4 wrapper binary + + + 11 + 11 + UTF-8 + + + + + + + + + + org.apache.maven.plugins + maven-compiler-plugin + 3.11.0 + + 11 + 11 + + + + + \ No newline at end of file diff --git a/java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/app/src/main/java/testmaven/Test.java b/java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/app/src/main/java/testmaven/Test.java new file mode 100644 index 00000000000..79a9aa9a064 --- /dev/null +++ b/java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/app/src/main/java/testmaven/Test.java @@ -0,0 +1,10 @@ +package testmaven; + +public class Test { + public static void main(String[] args) { + System.out.println("Test"); + } + + public void trivial() { + } +} diff --git a/java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/methods.expected b/java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/methods.expected new file mode 100644 index 00000000000..0f1a4ca9dfb --- /dev/null +++ b/java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/methods.expected @@ -0,0 +1,2 @@ +| app/src/main/java/testmaven/Test.java:4:24:4:27 | main | +| app/src/main/java/testmaven/Test.java:8:17:8:23 | trivial | diff --git a/java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/methods.ql b/java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/methods.ql new file mode 100644 index 00000000000..9d32c93e69c --- /dev/null +++ b/java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/methods.ql @@ -0,0 +1,5 @@ +import java + +from Method m +where exists(m.getFile().getRelativePath()) +select m diff --git a/java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/test.py b/java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/test.py new file mode 100644 index 00000000000..666691824b9 --- /dev/null +++ b/java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/test.py @@ -0,0 +1,20 @@ +import os +import tarfile +import tempfile +import pathlib +from fixtures.util import download_file_cached + +def test_maven3_fetch_maven4_wrapper(codeql, java, use_java_17, cache): + maven_url = "https://archive.apache.org/dist/maven/maven-3/3.6.0/binaries/apache-maven-3.6.0-bin.tar.gz" + maven_archive = download_file_cached(maven_url, "apache-maven-3.6.0-bin.tar.gz", cache) + + temp_dir = pathlib.Path(tempfile.mkdtemp()) + with tarfile.open(maven_archive, "r:gz") as tar: + tar.extractall(temp_dir, filter='data') + + # Set maven_home_path to the extracted directory + maven_home_path = temp_dir / "apache-maven-3.6.0" + + codeql.database.create(source_root="app", + build_mode="autobuild", + _env={"MAVEN_USER_HOME": str(maven_home_path)}) \ No newline at end of file diff --git a/java/ql/lib/change-notes/2025-10-07-array-entrypointtype.md b/java/ql/lib/change-notes/2025-10-07-array-entrypointtype.md new file mode 100644 index 00000000000..45b898b6b2a --- /dev/null +++ b/java/ql/lib/change-notes/2025-10-07-array-entrypointtype.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Fields of certain objects are considered tainted if the object is tainted. This holds, for example, for objects that occur directly as sources in the active threat model (for instance, a remote flow source). This has now been amended to also include array types, such that if an array like `MyPojo[]` is a source, then fields of a tainted `MyPojo` are now also considered tainted. diff --git a/java/ql/lib/experimental/quantum/JCA.qll b/java/ql/lib/experimental/quantum/JCA.qll index 108835c2c94..8b27409410a 100644 --- a/java/ql/lib/experimental/quantum/JCA.qll +++ b/java/ql/lib/experimental/quantum/JCA.qll @@ -18,6 +18,8 @@ module JCAModel { abstract class KeyAgreementAlgorithmValueConsumer extends Crypto::AlgorithmValueConsumer { } + abstract class SignatureAlgorithmValueConsumer extends Crypto::AlgorithmValueConsumer { } + // TODO: Verify that the PBEWith% case works correctly bindingset[algo] predicate cipher_names(string algo) { @@ -100,9 +102,21 @@ module JCAModel { ].toUpperCase()) } + /** + * Names that match known signature algorithms. + * https://docs.oracle.com/en/java/javase/25/docs/specs/security/standard-names.html + */ + bindingset[name] + predicate signature_names(string name) { + name.toUpperCase().splitAt("WITH", 1).matches(["RSA%", "ECDSA%", "DSA%"]) + or + name.toUpperCase().matches(["RSASSA-PSS", "ED25519", "ED448", "EDDSA", "ML-DSA%", "HSS/LMS"]) + } + bindingset[name] predicate key_agreement_names(string name) { - name.toUpperCase().matches(["DH", "EDH", "ECDH", "X25519", "X448"].toUpperCase()) + name.toUpperCase() + .matches(["DH", "EDH", "ECDH", "X25519", "X448", "ML-KEM%", "XDH"].toUpperCase()) } bindingset[name] @@ -119,15 +133,15 @@ module JCAModel { bindingset[name] Crypto::HashType hash_name_to_type_known(string name, int digestLength) { - name = "SHA-1" and result instanceof Crypto::SHA1 and digestLength = 160 + name in ["SHA-1", "SHA1"] and result instanceof Crypto::SHA1 and digestLength = 160 or - name = ["SHA-256", "SHA-384", "SHA-512"] and + name in ["SHA-256", "SHA-384", "SHA-512", "SHA256", "SHA384", "SHA512"] and result instanceof Crypto::SHA2 and - digestLength = name.splitAt("-", 1).toInt() + digestLength = name.replaceAll("-", "").splitAt("SHA", 1).toInt() or - name = ["SHA3-224", "SHA3-256", "SHA3-384", "SHA3-512"] and + name in ["SHA3-224", "SHA3-256", "SHA3-384", "SHA3-512", "SHA3256", "SHA3384", "SHA3512"] and result instanceof Crypto::SHA3 and - digestLength = name.splitAt("-", 1).toInt() + digestLength = name.replaceAll("-", "").splitAt("SHA3", 1).toInt() or ( name.matches("BLAKE2b%") and @@ -205,22 +219,49 @@ module JCAModel { ) } - bindingset[name] - predicate mac_name_to_mac_type_known(Crypto::TMacType type, string name) { - type = Crypto::HMAC() and - name.toUpperCase().matches("HMAC%") - } - bindingset[name] predicate key_agreement_name_to_type_known(Crypto::TKeyAgreementType type, string name) { type = Crypto::DH() and - name.toUpperCase() = "DH" + name.toUpperCase() in ["DH", "XDH"] or type = Crypto::EDH() and name.toUpperCase() = "EDH" or type = Crypto::ECDH() and name.toUpperCase() in ["ECDH", "X25519", "X448"] + or + type = Crypto::OtherKeyAgreementType() and + name.toUpperCase().matches("ML-KEM%") + } + + /** + * Maps a signature algorithm name to its type, if known. + * see https://docs.oracle.com/en/java/javase/25/docs/specs/security/standard-names.html + */ + bindingset[name] + predicate signature_name_to_type_known(Crypto::KeyOpAlg::TAlgorithm type, string name) { + name.toUpperCase().splitAt("with".toUpperCase(), 1).matches("RSA%") and + type = KeyOpAlg::TAsymmetricCipher(KeyOpAlg::RSA()) + or + name.toUpperCase().splitAt("with".toUpperCase(), 1).matches("ECDSA%") and + type = KeyOpAlg::TSignature(KeyOpAlg::ECDSA()) + or + name.toUpperCase().splitAt("with".toUpperCase(), 1).matches("DSA%") and + type = KeyOpAlg::TSignature(KeyOpAlg::DSA()) + or + name.toUpperCase() = "RSASSA-PSS" and type = KeyOpAlg::TAsymmetricCipher(KeyOpAlg::RSA()) + or + name.toUpperCase().matches(["EDDSA", "ED25519", "ED448"]) and + type = KeyOpAlg::TSignature(KeyOpAlg::EDDSA()) + or + name.toUpperCase().matches("ML-DSA%") and type = KeyOpAlg::TSignature(KeyOpAlg::DSA()) + or + name.toUpperCase() = "HSS/LMS" and type = KeyOpAlg::TSignature(KeyOpAlg::HSS_LMS()) + } + + bindingset[name] + Crypto::HashType signature_name_to_hash_type_known(string name, int digestLength) { + result = hash_name_to_type_known(name.splitAt("with", 0), digestLength) } /** @@ -351,7 +392,7 @@ module JCAModel { override KeyOpAlg::AlgorithmType getAlgorithmType() { if cipher_name_to_type_known(_, super.getAlgorithmName()) then cipher_name_to_type_known(result, super.getAlgorithmName()) - else result instanceof KeyOpAlg::TUnknownKeyOperationAlgorithmType + else result instanceof KeyOpAlg::TOtherKeyOperationAlgorithmType } override int getKeySizeFixed() { @@ -657,27 +698,19 @@ module JCAModel { class IvParameterSpecInstance extends NonceParameterInstantiation { IvParameterSpecInstance() { - this.(ClassInstanceExpr) - .getConstructedType() - .hasQualifiedName("javax.crypto.spec", "IvParameterSpec") + super.getConstructedType().hasQualifiedName("javax.crypto.spec", "IvParameterSpec") } - override DataFlow::Node getInputNode() { - result.asExpr() = this.(ClassInstanceExpr).getArgument(0) - } + override DataFlow::Node getInputNode() { result.asExpr() = super.getArgument(0) } } // TODO: this also specifies the tag length for GCM class GCMParameterSpecInstance extends NonceParameterInstantiation { GCMParameterSpecInstance() { - this.(ClassInstanceExpr) - .getConstructedType() - .hasQualifiedName("javax.crypto.spec", "GCMParameterSpec") + super.getConstructedType().hasQualifiedName("javax.crypto.spec", "GCMParameterSpec") } - override DataFlow::Node getInputNode() { - result.asExpr() = this.(ClassInstanceExpr).getArgument(1) - } + override DataFlow::Node getInputNode() { result.asExpr() = super.getArgument(1) } } class IvParameterSpecGetIvCall extends MethodCall { @@ -817,14 +850,14 @@ module JCAModel { HashAlgorithmValueConsumer consumer; KnownHashAlgorithm() { - hash_names(this.getValue()) and + hash_names(super.getValue()) and KnownHashAlgorithmLiteralToMessageDigestFlow::flow(DataFlow::exprNode(this), consumer.getInputNode()) } HashAlgorithmValueConsumer getConsumer() { result = consumer } - override string getRawHashAlgorithmName() { result = this.(StringLiteral).getValue() } + override string getRawHashAlgorithmName() { result = super.getValue() } override Crypto::THashType getHashFamily() { result = hash_name_to_type_known(this.getRawHashAlgorithmName(), _) @@ -923,9 +956,7 @@ module JCAModel { class DHGenParameterSpecInstance extends KeyGeneratorParameterSpecClassInstanceExpr { DHGenParameterSpecInstance() { - this.(ClassInstanceExpr) - .getConstructedType() - .hasQualifiedName("javax.crypto.spec", "DHGenParameterSpec") + super.getConstructedType().hasQualifiedName("javax.crypto.spec", "DHGenParameterSpec") } Expr getPrimeSizeArg() { result = this.getArgument(0) } @@ -935,9 +966,7 @@ module JCAModel { class DSAParameterSpecInstance extends KeyGeneratorParameterSpecClassInstanceExpr { DSAParameterSpecInstance() { - this.(ClassInstanceExpr) - .getConstructedType() - .hasQualifiedName("java.security.spec", "DSAParameterSpec") + super.getConstructedType().hasQualifiedName("java.security.spec", "DSAParameterSpec") } Expr getPArg() { result = this.getArgument(0) } @@ -949,9 +978,7 @@ module JCAModel { class ECGenParameterSpecInstance extends KeyGeneratorParameterSpecClassInstanceExpr { ECGenParameterSpecInstance() { - this.(ClassInstanceExpr) - .getConstructedType() - .hasQualifiedName("java.security.spec", "ECGenParameterSpec") + super.getConstructedType().hasQualifiedName("java.security.spec", "ECGenParameterSpec") } Expr getCurveNameArg() { result = this.getArgument(0) } @@ -961,9 +988,7 @@ module JCAModel { class RSAGenParameterSpecInstance extends KeyGeneratorParameterSpecClassInstanceExpr { RSAGenParameterSpecInstance() { - this.(ClassInstanceExpr) - .getConstructedType() - .hasQualifiedName("java.security.spec", "RSAGenParameterSpec") + super.getConstructedType().hasQualifiedName("java.security.spec", "RSAGenParameterSpec") } Expr getKeySizeArg() { result = this.getArgument(0) } @@ -987,9 +1012,7 @@ module JCAModel { class ECGenParameterSpecClassInstanceExpr extends KeyGeneratorParameterSpecClassInstanceExpr { ECGenParameterSpecClassInstanceExpr() { - this.(ClassInstanceExpr) - .getConstructedType() - .hasQualifiedName("java.security.spec", "ECGenParameterSpec") + super.getConstructedType().hasQualifiedName("java.security.spec", "ECGenParameterSpec") } Expr getAlgorithmArg() { result = this.getArgument(0) } @@ -1023,7 +1046,8 @@ module JCAModel { override Crypto::AlgorithmInstance getAKnownAlgorithmSource() { result.(CipherStringLiteralAlgorithmInstance).getConsumer() = this or result.(KeyAgreementStringLiteralAlgorithmInstance).getConsumer() = this or - result.(EllipticCurveStringLiteralInstance).getConsumer() = this + result.(EllipticCurveStringLiteralInstance).getConsumer() = this or + result.(SignatureStringLiteralAlgorithmInstance).getConsumer() = this } KeyGeneratorGetInstanceCall getInstantiationCall() { result = instantiationCall } @@ -1071,6 +1095,21 @@ module JCAModel { } } + /** + * An instance of `java.security.SecureRandom.nextBytes(byte[])` call. + * This is already generally modeled for Java in CodeQL, but + * we model it again as part of the crypto API model to have a cohesive model. + */ + class JavaSecuritySecureRandom extends Crypto::RandomNumberGenerationInstance instanceof Call { + JavaSecuritySecureRandom() { + this.getCallee().hasQualifiedName("java.security", "SecureRandom", "nextBytes") + } + + override Crypto::DataFlowNode getOutputNode() { result.asExpr() = this.(Call).getArgument(0) } + + override string getGeneratorName() { result = this.(Call).getCallee().getName() } + } + class KeyGeneratorGenerateCall extends Crypto::KeyGenerationOperationInstance instanceof MethodCall { Crypto::KeyArtifactType type; @@ -1226,37 +1265,86 @@ module JCAModel { SecretKeyFactoryKDFAlgorithmValueConsumer getConsumer() { result = consumer } } - class Pbkdf2AlgorithmStringLiteral extends KdfAlgorithmStringLiteral, - Crypto::Pbkdf2AlgorithmInstance, Crypto::HmacAlgorithmInstance, Crypto::HashAlgorithmInstance, - Crypto::AlgorithmValueConsumer + class Pbkdf2WithHmac_KeyOperationAlgorithmStringLiteral extends Crypto::KeyOperationAlgorithmInstance instanceof KdfAlgorithmStringLiteral { - Pbkdf2AlgorithmStringLiteral() { super.getKdfType() instanceof Crypto::PBKDF2 } - - override Crypto::ConsumerInputDataFlowNode getInputNode() { none() } - - override Crypto::AlgorithmInstance getAKnownAlgorithmSource() { result = this } - - override Crypto::THashType getHashFamily() { - result = hash_name_to_type_known(this.getRawHashAlgorithmName(), _) + Pbkdf2WithHmac_KeyOperationAlgorithmStringLiteral() { + this.(StringLiteral).getValue().toUpperCase().matches("PBKDF2WithHmac%".toUpperCase()) } - override int getFixedDigestLength() { - exists(hash_name_to_type_known(this.getRawHashAlgorithmName(), result)) + override Crypto::KeyOpAlg::AlgorithmType getAlgorithmType() { + result = KeyOpAlg::TMac(KeyOpAlg::HMAC()) } - override string getRawMacAlgorithmName() { - result = super.getRawKdfAlgorithmName().splitAt("PBKDF2With", 1) + override Crypto::ConsumerInputDataFlowNode getKeySizeConsumer() { + // TODO: trace to any key size initializer? + none() } - override string getRawHashAlgorithmName() { - result = super.getRawKdfAlgorithmName().splitAt("WithHmac", 1) + override int getKeySizeFixed() { + // TODO: are there known fixed key sizes to consider? + none() } - override Crypto::MacType getMacType() { result = Crypto::HMAC() } + override Crypto::ModeOfOperationAlgorithmInstance getModeOfOperationAlgorithm() { none() } - override Crypto::AlgorithmValueConsumer getHmacAlgorithmValueConsumer() { result = this } + override Crypto::PaddingAlgorithmInstance getPaddingAlgorithm() { none() } - override Crypto::AlgorithmValueConsumer getHashAlgorithmValueConsumer() { result = this } + override string getRawAlgorithmName() { result = this.(StringLiteral).getValue() } + } + + class Pbkdf2WithHmac_HashAlgorithmStringLiteral extends Crypto::HashAlgorithmInstance instanceof Pbkdf2WithHmac_KeyOperationAlgorithmStringLiteral + { + string hashName; + + Pbkdf2WithHmac_HashAlgorithmStringLiteral() { + hashName = this.(StringLiteral).getValue().splitAt("WithHmac", 1) + } + + override string getRawHashAlgorithmName() { result = this.(StringLiteral).getValue() } + + override Crypto::THashType getHashFamily() { result = hash_name_to_type_known(hashName, _) } + + override int getFixedDigestLength() { exists(hash_name_to_type_known(hashName, result)) } + } + + //TODO: handle PBE "with" cases + class Pbkdf2WithHmac_Pbkdf2AlgorithmInstance extends Crypto::Pbkdf2AlgorithmInstance, + KdfAlgorithmStringLiteral, // this is a parent already, but extending to have immediate access to 'getConsumer()' + Pbkdf2WithHmac_KeyOperationAlgorithmStringLiteral + { + override Crypto::AlgorithmValueConsumer getHmacAlgorithmValueConsumer() { + result = this.getConsumer() + } + } + + // NOTE: must use instanceof to avoid non-monotonic recursion + class Pbkdf2WithHmac_HmacAlgorithmInstance extends Crypto::HmacAlgorithmInstance instanceof Pbkdf2WithHmac_KeyOperationAlgorithmStringLiteral + { + override Crypto::AlgorithmValueConsumer getHashAlgorithmValueConsumer() { + result = this.(KdfAlgorithmStringLiteral).getConsumer() + } + + override int getKeySizeFixed() { + // already defined by parent key operation algorithm, but extending an instance + // still requires we override this method + result = super.getKeySizeFixed() + } + + override Crypto::ConsumerInputDataFlowNode getKeySizeConsumer() { + // already defined by parent key operation algorithm, but extending an instance + // still requires we override this method + result = super.getKeySizeConsumer() + } + + override string getRawAlgorithmName() { + // already defined by parent key operation algorithm, but extending an instance + // still requires we override this method + result = super.getRawAlgorithmName() + } + + override Crypto::KeyOpAlg::AlgorithmType getAlgorithmType() { + result = KeyOpAlg::TMac(KeyOpAlg::HMAC()) + } } class SecretKeyFactoryKDFAlgorithmValueConsumer extends Crypto::AlgorithmValueConsumer instanceof Expr @@ -1478,7 +1566,7 @@ module JCAModel { module MacInitCallToMacOperationFlow = DataFlow::Global; - class KnownMacAlgorithm extends Crypto::MacAlgorithmInstance instanceof StringLiteral { + class KnownMacAlgorithm extends Crypto::KeyOperationAlgorithmInstance instanceof StringLiteral { MacGetInstanceAlgorithmValueConsumer consumer; KnownMacAlgorithm() { @@ -1488,13 +1576,30 @@ module JCAModel { MacGetInstanceAlgorithmValueConsumer getConsumer() { result = consumer } - override string getRawMacAlgorithmName() { result = super.getValue() } + override string getRawAlgorithmName() { result = super.getValue() } - override Crypto::MacType getMacType() { - if mac_name_to_mac_type_known(_, super.getValue()) - then mac_name_to_mac_type_known(result, super.getValue()) - else result = Crypto::OtherMacType() + override Crypto::KeyOpAlg::AlgorithmType getAlgorithmType() { + if super.getValue().toUpperCase().matches("HMAC%") + then result = KeyOpAlg::TMac(KeyOpAlg::HMAC()) + else + if super.getValue().toUpperCase().matches("CMAC%") + then result = KeyOpAlg::TMac(KeyOpAlg::CMAC()) + else result = KeyOpAlg::TMac(KeyOpAlg::OtherMacAlgorithmType()) } + + override Crypto::ConsumerInputDataFlowNode getKeySizeConsumer() { + // TODO: trace to any key size initializer? + none() + } + + override int getKeySizeFixed() { + // TODO: are there known fixed key sizes to consider? + none() + } + + override Crypto::ModeOfOperationAlgorithmInstance getModeOfOperationAlgorithm() { none() } + + override Crypto::PaddingAlgorithmInstance getPaddingAlgorithm() { none() } } class MacGetInstanceCall extends MethodCall { @@ -1537,9 +1642,11 @@ module JCAModel { } class MacOperationCall extends Crypto::MacOperationInstance instanceof MethodCall { + Expr output; + MacOperationCall() { super.getMethod().getDeclaringType().hasQualifiedName("javax.crypto", "Mac") and - exists(Expr output | + ( super.getMethod().hasStringSignature(["doFinal()", "doFinal(byte[])"]) and this = output or super.getMethod().hasStringSignature("doFinal(byte[], int)") and @@ -1562,12 +1669,214 @@ module JCAModel { ) } - override Crypto::ConsumerInputDataFlowNode getMessageConsumer() { + override Crypto::ConsumerInputDataFlowNode getInputConsumer() { result.asExpr() = super.getArgument(0) and super.getMethod().getParameterType(0).hasName("byte[]") } + + override Crypto::ArtifactOutputDataFlowNode getOutputArtifact() { result.asExpr() = output } + + override Crypto::AlgorithmValueConsumer getHashAlgorithmValueConsumer() { none() } + + override predicate hasHashAlgorithmConsumer() { none() } + + override Crypto::KeyOperationSubtype getKeyOperationSubtype() { + result instanceof Crypto::TMacMode + } + + override Crypto::ConsumerInputDataFlowNode getNonceConsumer() { none() } } + /** + * Signatures + */ + module SignatureKnownAlgorithmToConsumerConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node src) { src.asExpr() instanceof SignatureStringLiteral } + + predicate isSink(DataFlow::Node sink) { + sink = any(SignatureAlgorithmValueConsumer call).getInputNode() + } + } + + module SignatureKnownAlgorithmToConsumerFlow = + TaintTracking::Global; + + class SignatureGetInstanceCall extends MethodCall { + SignatureGetInstanceCall() { + this.getCallee().hasQualifiedName("java.security", "Signature", "getInstance") + } + + Expr getAlgorithmArg() { result = this.getArgument(0) } + } + + class SignatureGetInstanceAlgorithmValueConsumer extends SignatureAlgorithmValueConsumer instanceof Expr + { + SignatureGetInstanceAlgorithmValueConsumer() { + this = any(SignatureGetInstanceCall c).getAlgorithmArg() + } + + override Crypto::ConsumerInputDataFlowNode getInputNode() { result.asExpr() = this } + + override Crypto::AlgorithmInstance getAKnownAlgorithmSource() { + result.(SignatureStringLiteralAlgorithmInstance).getConsumer() = this + } + } + + class SignatureStringLiteral extends StringLiteral { + SignatureStringLiteral() { signature_names(this.getValue()) } + } + + class SignatureStringLiteralAlgorithmInstance extends Crypto::KeyOperationAlgorithmInstance instanceof SignatureStringLiteral + { + SignatureAlgorithmValueConsumer consumer; + + SignatureStringLiteralAlgorithmInstance() { + SignatureKnownAlgorithmToConsumerFlow::flow(DataFlow::exprNode(this), consumer.getInputNode()) + } + + SignatureAlgorithmValueConsumer getConsumer() { result = consumer } + + override string getRawAlgorithmName() { result = super.getValue() } + + override Crypto::KeyOpAlg::AlgorithmType getAlgorithmType() { + if signature_name_to_type_known(_, super.getValue()) + then signature_name_to_type_known(result, super.getValue()) + else result = Crypto::KeyOpAlg::TOtherKeyOperationAlgorithmType() + } + + override Crypto::ConsumerInputDataFlowNode getKeySizeConsumer() { + // TODO: trace to any key size initializer? + none() + } + + override int getKeySizeFixed() { + // TODO: are there known fixed key sizes to consider? + none() + } + + override Crypto::ModeOfOperationAlgorithmInstance getModeOfOperationAlgorithm() { none() } + + override Crypto::PaddingAlgorithmInstance getPaddingAlgorithm() { none() } + } + + class SignatureHashAlgorithmInstance extends Crypto::HashAlgorithmInstance instanceof SignatureStringLiteralAlgorithmInstance + { + Crypto::THashType hashType; + int digestLength; + + SignatureHashAlgorithmInstance() { + hashType = signature_name_to_hash_type_known(this.(StringLiteral).getValue(), digestLength) + } + + override string getRawHashAlgorithmName() { result = this.(StringLiteral).getValue() } + + override Crypto::THashType getHashFamily() { result = hashType } + + override int getFixedDigestLength() { result = digestLength } + } + + class SignatureInitCall extends MethodCall { + SignatureInitCall() { + this.getCallee().hasQualifiedName("java.security", "Signature", ["initSign", "initVerify"]) + } + + Expr getKeyArg() { + result = this.getArgument(0) + // TODO: verify can take in a certificate too? + } + } + + private class SignatureOperationCall extends MethodCall { + SignatureOperationCall() { + this.getMethod().hasQualifiedName("java.security", "Signature", ["update", "sign", "verify"]) + } + + predicate isIntermediate() { super.getMethod().getName() = "update" } + + Expr getMsgInput() { result = this.getArgument(0) and this.getMethod().getName() = "update" } + + Expr getSignatureOutput() { + // no args, the signature is returned + result = this and this.getMethod().getName() = "sign" and not exists(this.getArgument(0)) + or + // with args, the signature is written to the arg + result = this.getArgument(0) and this.getMethod().getName() = "sign" + } + + Expr getSignatureInput() { + result = this.getArgument(0) and this.getMethod().getName() = "verify" + } + + Crypto::KeyOperationSubtype getSubtype() { + result instanceof Crypto::TSignMode and this.getMethod().getName() = "sign" + or + result instanceof Crypto::TVerifyMode and this.getMethod().getName() = "verify" + } + } + + class SignatureOperationInstance extends Crypto::SignatureOperationInstance instanceof SignatureOperationCall + { + SignatureOperationInstance() { + // exclude update (only include sign and verify) + not super.isIntermediate() + } + + SignatureGetInstanceCall getInstantiationCall() { + result = SignatureFlowAnalysisImpl::getInstantiationFromUse(this, _, _) + } + + SignatureInitCall getInitCall() { + result = SignatureFlowAnalysisImpl::getInitFromUse(this, _, _) + } + + override Crypto::ConsumerInputDataFlowNode getInputConsumer() { + result.asExpr() = super.getMsgInput() or + result.asExpr() = + SignatureFlowAnalysisImpl::getAnIntermediateUseFromFinalUse(this, _, _).getMsgInput() + } + + override Crypto::ConsumerInputDataFlowNode getKeyConsumer() { + result.asExpr() = this.getInitCall().getKeyArg() + } + + override Crypto::AlgorithmValueConsumer getAnAlgorithmValueConsumer() { + result = this.getInstantiationCall().getAlgorithmArg() + } + + override Crypto::ArtifactOutputDataFlowNode getOutputArtifact() { + result.asExpr() = super.getSignatureOutput() or + result.asExpr() = + SignatureFlowAnalysisImpl::getAnIntermediateUseFromFinalUse(this, _, _).getSignatureOutput() + } + + override Crypto::AlgorithmValueConsumer getHashAlgorithmValueConsumer() { + // TODO: RSASSA-PSS literal sets hashes differently, through a ParameterSpec + result = this.getInstantiationCall().getAlgorithmArg() + } + + override predicate hasHashAlgorithmConsumer() { + // All jca signature algorithms specify a hash unless explicitly set as "NONEwith..." + exists(SignatureStringLiteralAlgorithmInstance i | + i.getConsumer() = this.getAnAlgorithmValueConsumer() and + not i.getRawAlgorithmName().toUpperCase().matches("NONEwith%".toUpperCase()) + ) + } + + override Crypto::KeyOperationSubtype getKeyOperationSubtype() { result = super.getSubtype() } + + override Crypto::ConsumerInputDataFlowNode getNonceConsumer() { none() } + + override Crypto::ConsumerInputDataFlowNode getSignatureConsumer() { + result.asExpr() = super.getSignatureInput() or + result.asExpr() = + SignatureFlowAnalysisImpl::getAnIntermediateUseFromFinalUse(this, _, _).getSignatureInput() + } + } + + module SignatureFlowAnalysisImpl = + GetInstanceInitUseFlowAnalysis; + /* * Elliptic Curves (EC) */ diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index 7d0153cc566..dabb65e61ce 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 7.7.1 +version: 7.7.2-dev groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/lib/semmle/code/java/Overlay.qll b/java/ql/lib/semmle/code/java/Overlay.qll index 0f6033d87b3..b5f7264eb3d 100644 --- a/java/ql/lib/semmle/code/java/Overlay.qll +++ b/java/ql/lib/semmle/code/java/Overlay.qll @@ -88,7 +88,45 @@ private string baseConfigLocatable(@configLocatable el) { not isOverlay() and result = getRawFileForConfig(el) } +overlay[local] +private predicate overlayConfigExtracted(string file) { + isOverlay() and + exists(@configLocatable el | file = getRawFileForConfig(el)) +} + overlay[discard_entity] private predicate discardBaseConfigLocatable(@configLocatable el) { overlayChangedFiles(baseConfigLocatable(el)) + or + // The config extractor is currently not incremental and may extract more + // property files than those included in overlayChangedFiles. + overlayConfigExtracted(baseConfigLocatable(el)) +} + +/** + * An `@xmllocatable` that should be discarded in the base variant if its file is + * extracted in the overlay variant. + */ +overlay[local] +abstract class DiscardableXmlLocatable extends @xmllocatable { + /** Gets the raw file for an xmllocatable in base. */ + string getRawFileInBase() { not isOverlay() and result = getRawFile(this) } + + /** Gets a textual representation of this discardable xmllocatable. */ + string toString() { none() } +} + +overlay[local] +private predicate overlayXmlExtracted(string file) { + isOverlay() and + exists(@xmllocatable el | not files(el, _) and not xmlNs(el, _, _, _) and file = getRawFile(el)) +} + +overlay[discard_entity] +private predicate discardXmlLocatable(@xmllocatable el) { + overlayChangedFiles(el.(DiscardableXmlLocatable).getRawFileInBase()) + or + // The XML extractor is currently not incremental and may extract more + // XML files than those included in overlayChangedFiles. + overlayXmlExtracted(el.(DiscardableXmlLocatable).getRawFileInBase()) } diff --git a/java/ql/lib/semmle/code/java/dataflow/DataFlow.qll b/java/ql/lib/semmle/code/java/dataflow/DataFlow.qll index 54eb809c7b9..c99a8a5a58e 100644 --- a/java/ql/lib/semmle/code/java/dataflow/DataFlow.qll +++ b/java/ql/lib/semmle/code/java/dataflow/DataFlow.qll @@ -10,6 +10,6 @@ import java module DataFlow { private import semmle.code.java.dataflow.internal.DataFlowImplSpecific private import codeql.dataflow.DataFlow - import DataFlowMake + import DataFlowMakeOverlay import Public } diff --git a/java/ql/lib/semmle/code/java/dataflow/TaintTracking.qll b/java/ql/lib/semmle/code/java/dataflow/TaintTracking.qll index 159604a95bd..34c7b717428 100644 --- a/java/ql/lib/semmle/code/java/dataflow/TaintTracking.qll +++ b/java/ql/lib/semmle/code/java/dataflow/TaintTracking.qll @@ -13,5 +13,5 @@ module TaintTracking { private import semmle.code.java.dataflow.internal.DataFlowImplSpecific private import semmle.code.java.dataflow.internal.TaintTrackingImplSpecific private import codeql.dataflow.TaintTracking - import TaintFlowMake + import TaintFlowMakeOverlay } diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplSpecific.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplSpecific.qll index 65034ee08b9..97f5020142e 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplSpecific.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplSpecific.qll @@ -6,6 +6,7 @@ module; private import semmle.code.Location private import codeql.dataflow.DataFlow +private import semmle.code.java.Overlay module Private { import DataFlowPrivate @@ -29,4 +30,6 @@ module JavaDataFlow implements InputSig { predicate mayBenefitFromCallContext = Private::mayBenefitFromCallContext/1; predicate viableImplInCallContext = Private::viableImplInCallContext/2; + + predicate isEvaluatingInOverlay = isOverlay/0; } diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll b/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll index b5e7fd53c9f..5f1d6b66af5 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll @@ -655,6 +655,8 @@ private SrcRefType entrypointType() { ) or result = entrypointType().getAField().getType().(RefType).getSourceDeclaration() + or + result = entrypointType().(Array).getElementType().(RefType).getSourceDeclaration() } private predicate entrypointFieldStep(DataFlow::Node src, DataFlow::Node sink) { diff --git a/java/ql/lib/semmle/code/xml/XML.qll b/java/ql/lib/semmle/code/xml/XML.qll index cd00991eb65..d13a83e7798 100644 --- a/java/ql/lib/semmle/code/xml/XML.qll +++ b/java/ql/lib/semmle/code/xml/XML.qll @@ -71,12 +71,12 @@ private module Input implements InputSig { import Make -private class DiscardableXmlAttribute extends DiscardableLocatable, @xmlattribute { } +private class DiscardableXmlAttribute extends DiscardableXmlLocatable, @xmlattribute { } -private class DiscardableXmlElement extends DiscardableLocatable, @xmlelement { } +private class DiscardableXmlElement extends DiscardableXmlLocatable, @xmlelement { } -private class DiscardableXmlComment extends DiscardableLocatable, @xmlcomment { } +private class DiscardableXmlComment extends DiscardableXmlLocatable, @xmlcomment { } -private class DiscardableXmlCharacters extends DiscardableLocatable, @xmlcharacters { } +private class DiscardableXmlCharacters extends DiscardableXmlLocatable, @xmlcharacters { } -private class DiscardableXmlDtd extends DiscardableLocatable, @xmldtd { } +private class DiscardableXmlDtd extends DiscardableXmlLocatable, @xmldtd { } diff --git a/java/ql/src/Likely Bugs/Arithmetic/ConstantExpAppearsNonConstant.ql b/java/ql/src/Likely Bugs/Arithmetic/ConstantExpAppearsNonConstant.ql index 50f50862631..4bbeefaee6e 100644 --- a/java/ql/src/Likely Bugs/Arithmetic/ConstantExpAppearsNonConstant.ql +++ b/java/ql/src/Likely Bugs/Arithmetic/ConstantExpAppearsNonConstant.ql @@ -53,6 +53,7 @@ predicate isConstantExp(Expr e) { from Expr e where isConstantExp(e) and + not e.(TypeAccess).getType() instanceof ErrorType and exists(Expr child | e.getAChildExpr() = child | not isConstantExp(child) and not child instanceof Annotation diff --git a/java/ql/src/Likely Bugs/Concurrency/StartInConstructor.ql b/java/ql/src/Likely Bugs/Concurrency/StartInConstructor.ql index 3c80e451951..700b1fab896 100644 --- a/java/ql/src/Likely Bugs/Concurrency/StartInConstructor.ql +++ b/java/ql/src/Likely Bugs/Concurrency/StartInConstructor.ql @@ -15,6 +15,10 @@ import java +private predicate hasASubclass(RefType t) { + exists(RefType sub | sub != t | sub.getAnAncestor() = t) +} + /** * Holds if this type is either `final` or * `private` and without subtypes. @@ -24,7 +28,11 @@ private predicate cannotBeExtended(RefType t) { or // If the class is private, all possible subclasses are known. t.isPrivate() and - not exists(RefType sub | sub != t | sub.getAnAncestor() = t) + not hasASubclass(t) + or + // If the class only has private constructors, all possible subclasses are known. + forex(Constructor c | c.getDeclaringType() = t | c.isPrivate()) and + not hasASubclass(t) } from MethodCall m, Constructor c, Class clazz diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index bbfafc65503..b1ee0395fb2 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-queries -version: 1.8.1 +version: 1.8.2-dev groups: - java - queries diff --git a/java/ql/test/experimental/library-tests/quantum/jca/AesWrapAndPBEWith.java b/java/ql/test/experimental/library-tests/quantum/jca/AesWrapAndPBEWith.java new file mode 100644 index 00000000000..775f02280b5 --- /dev/null +++ b/java/ql/test/experimental/library-tests/quantum/jca/AesWrapAndPBEWith.java @@ -0,0 +1,226 @@ +package com.example.crypto.algorithms; + +//import org.bouncycastle.jce.provider.BouncyCastleProvider; +import java.security.*; +import javax.crypto.Cipher; +import javax.crypto.KeyGenerator; +import javax.crypto.SecretKey; +import javax.crypto.SecretKeyFactory; +import javax.crypto.spec.IvParameterSpec; +import javax.crypto.spec.PBEKeySpec; +import javax.crypto.spec.SecretKeySpec; +import java.security.SecureRandom; +import java.util.Arrays; +import java.util.Base64; + +/** + * AesWrapAndPBEWithTest demonstrates key wrapping and password-based encryption + * using various transformations. + * + * This file includes: + * + * 1. AESWrap Examples: - secureAESWrap(): Uses a randomly generated wrapping + * key. - insecureAESWrap(): Uses a fixed, hard-coded wrapping key. + * + * 2. PBEWith Examples: - insecurePBEExample(): Uses the legacy + * PBEWithMD5AndDES. - securePBEExample(): Uses PBKDF2WithHmacSHA256. - + * additionalPBEExample(): Uses PBEWithSHA256And128BitAES-CBC-BC. - + * additionalPBEExample2(): Uses PBEWithSHA1And128BitAES-CBC-BC. + * + * 3. Dynamic PBE Encryption: - dynamicPBEEncryption(): Chooses the PBE + * transformation based on a configuration string. + * + * Best Practices: - Use secure random keys and salts. - Avoid legacy algorithms + * like PBEWithMD5AndDES. - Prefer modern KDFs (PBKDF2WithHmacSHA256) and secure + * provider-specific PBE transformations. + * + * SAST/CBOM Notes: - Insecure examples (PBEWithMD5AndDES, fixed keys) should be + * flagged. - Secure examples use random salt, high iteration counts, and strong + * algorithms. + */ +public class AesWrapAndPBEWith { + + // static { + // // Register BouncyCastle as a provider. + // Security.addProvider(new BouncyCastleProvider()); + // } + // =========================== + // 1. AESWrap Examples + // =========================== + /** + * Secure AES key wrapping. Generates a random 256-bit wrapping key to wrap + * a target AES key. + * + * @return The wrapped key (Base64-encoded). + * @throws Exception if an error occurs. + */ + public String secureAESWrap() throws Exception { + KeyGenerator kg = KeyGenerator.getInstance("AES"); + kg.init(256, new SecureRandom()); + SecretKey wrappingKey = kg.generateKey(); + + kg.init(128, new SecureRandom()); + SecretKey targetKey = kg.generateKey(); + + Cipher cipher = Cipher.getInstance("AESWrap"); + cipher.init(Cipher.WRAP_MODE, wrappingKey); + byte[] wrappedKey = cipher.wrap(targetKey); + + return Base64.getEncoder().encodeToString(wrappedKey); + } + + /** + * Insecure AES key wrapping. Uses a fixed (hard-coded) wrapping key. + * + * @return The wrapped key (Base64-encoded). + * @throws Exception if an error occurs. + */ + public String insecureAESWrap() throws Exception { + byte[] fixedKeyBytes = new byte[32]; + Arrays.fill(fixedKeyBytes, (byte) 0x01); + SecretKey wrappingKey = new SecretKeySpec(fixedKeyBytes, "AES"); + + KeyGenerator kg = KeyGenerator.getInstance("AES"); + kg.init(128, new SecureRandom()); + SecretKey targetKey = kg.generateKey(); + + Cipher cipher = Cipher.getInstance("AESWrap"); + cipher.init(Cipher.WRAP_MODE, wrappingKey); + byte[] wrappedKey = cipher.wrap(targetKey); + + return Base64.getEncoder().encodeToString(wrappedKey); + } + + // =========================== + // 2. PBEWith Examples + // =========================== + /** + * Insecure PBE example using PBEWithMD5AndDES. + * + * @param password The input password. + * @return The derived key (Base64-encoded). + * @throws Exception if key derivation fails. + */ + public String insecurePBEExample(String password) throws Exception { + byte[] salt = new byte[8]; + Arrays.fill(salt, (byte) 0x00); // Fixed salt (insecure) + PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, 1000, 64); + SecretKeyFactory factory = SecretKeyFactory.getInstance("PBEWithMD5AndDES"); + byte[] keyBytes = factory.generateSecret(spec).getEncoded(); + return Base64.getEncoder().encodeToString(keyBytes); + } + + /** + * Secure PBE example using PBKDF2WithHmacSHA256. + * + * @param password The input password. + * @return The derived 256-bit AES key (Base64-encoded). + * @throws Exception if key derivation fails. + */ + public String securePBEExample(String password) throws Exception { + byte[] salt = new byte[16]; + new SecureRandom().nextBytes(salt); + PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, 10000, 256); + SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256"); + byte[] keyBytes = factory.generateSecret(spec).getEncoded(); + SecretKey aesKey = new SecretKeySpec(keyBytes, "AES"); + return Base64.getEncoder().encodeToString(aesKey.getEncoded()); + } + + /** + * Additional PBE example using PBEWithSHA256And128BitAES-CBC-BC. + * + * @param password The input password. + * @param plaintext The plaintext to encrypt. + * @return The IV concatenated with ciphertext (Base64-encoded). + * @throws Exception if key derivation or encryption fails. + */ + public String additionalPBEExample(String password, String plaintext) throws Exception { + byte[] salt = new byte[16]; + new SecureRandom().nextBytes(salt); + PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, 10000, 128); + SecretKeyFactory factory = SecretKeyFactory.getInstance("PBEWithSHA256And128BitAES-CBC-BC"); + SecretKey pbeKey = factory.generateSecret(spec); + SecretKey aesKey = new SecretKeySpec(pbeKey.getEncoded(), "AES"); + + Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); + byte[] iv = new byte[16]; + new SecureRandom().nextBytes(iv); + IvParameterSpec ivSpec = new IvParameterSpec(iv); + cipher.init(Cipher.ENCRYPT_MODE, aesKey, ivSpec); + byte[] ciphertext = cipher.doFinal(plaintext.getBytes()); + byte[] output = concatenate(iv, ciphertext); + return Base64.getEncoder().encodeToString(output); + } + + /** + * Additional PBE example using PBEWithSHA1And128BitAES-CBC-BC. This is less + * preferred than PBKDF2WithHmacSHA256 but demonstrates another variant. + * + * @param password The input password. + * @param plaintext The plaintext to encrypt. + * @return The IV concatenated with ciphertext (Base64-encoded). + * @throws Exception if key derivation or encryption fails. + */ + public String additionalPBEExample2(String password, String plaintext) throws Exception { + byte[] salt = new byte[16]; + new SecureRandom().nextBytes(salt); + PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, 10000, 128); + SecretKeyFactory factory = SecretKeyFactory.getInstance("PBEWithSHA1And128BitAES-CBC-BC"); + SecretKey pbeKey = factory.generateSecret(spec); + SecretKey aesKey = new SecretKeySpec(pbeKey.getEncoded(), "AES"); + + Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); + byte[] iv = new byte[16]; + new SecureRandom().nextBytes(iv); + IvParameterSpec ivSpec = new IvParameterSpec(iv); + cipher.init(Cipher.ENCRYPT_MODE, aesKey, ivSpec); + byte[] ciphertext = cipher.doFinal(plaintext.getBytes()); + byte[] output = concatenate(iv, ciphertext); + return Base64.getEncoder().encodeToString(output); + } + + // =========================== + // 3. Dynamic PBE Encryption + // =========================== + /** + * Dynamically selects a PBE transformation based on a configuration string. + * + * Acceptable values: - "PBKDF2": Uses PBKDF2WithHmacSHA256. - "SHA256AES": + * Uses PBEWithSHA256And128BitAES-CBC-BC. - "SHA1AES": Uses + * PBEWithSHA1And128BitAES-CBC-BC. - Otherwise, falls back to insecure + * PBEWithMD5AndDES. + * + * @param config The configuration string. + * @param password The input password. + * @param plaintext The plaintext to encrypt. + * @return The Base64-encoded encrypted output. + * @throws Exception if an error occurs. + */ + public String dynamicPBEEncryption(String config, String password, String plaintext) throws Exception { + if ("PBKDF2".equalsIgnoreCase(config)) { + return securePBEExample(password); + } else if ("SHA256AES".equalsIgnoreCase(config)) { + return additionalPBEExample(password, plaintext); + } else if ("SHA1AES".equalsIgnoreCase(config)) { + return additionalPBEExample2(password, plaintext); + } else { + // Fallback insecure option. + return insecurePBEExample(password); + } + } + + // =========================== + // Helper Methods + // =========================== + /** + * Concatenates two byte arrays. + */ + private byte[] concatenate(byte[] a, byte[] b) { + byte[] result = new byte[a.length + b.length]; + System.arraycopy(a, 0, result, 0, a.length); + System.arraycopy(b, 0, result, a.length, b.length); + return result; + } + +} diff --git a/java/ql/test/experimental/library-tests/quantum/jca/AsymmetricEncryptionMacHybridCryptosystem.java b/java/ql/test/experimental/library-tests/quantum/jca/AsymmetricEncryptionMacHybridCryptosystem.java new file mode 100644 index 00000000000..8f844ba8620 --- /dev/null +++ b/java/ql/test/experimental/library-tests/quantum/jca/AsymmetricEncryptionMacHybridCryptosystem.java @@ -0,0 +1,324 @@ +package com.example.crypto.algorithms; + +// import org.bouncycastle.jce.provider.BouncyCastleProvider; +// import org.bouncycastle.pqc.jcajce.provider.BouncyCastlePQCProvider; +import java.security.*; +import java.security.spec.ECGenParameterSpec; +import java.util.Arrays; +import java.util.Base64; +import javax.crypto.Cipher; +import javax.crypto.KeyAgreement; +import javax.crypto.KeyGenerator; +import javax.crypto.Mac; +import javax.crypto.SecretKey; +import javax.crypto.spec.GCMParameterSpec; +import javax.crypto.spec.SecretKeySpec; + +/** + * AsymmetricEncryptionMacHybridCryptosystem demonstrates hybrid cryptosystems + * that combine asymmetric encryption with a MAC. + * + * Flows: 1. RSA-OAEP + HMAC: - Secure Flow: Uses 2048-bit RSA-OAEP (with + * SHA256andMGF1Padding) to encapsulate a freshly generated AES key; then + * encrypts using AES-GCM with a random nonce and computes HMAC-SHA256 over the + * ciphertext. - Insecure Flow: Uses 1024-bit RSA (RSA/ECB/PKCS1Padding), + * AES-GCM with a fixed IV, and HMAC-SHA1. + * + * 2. ECIES + HMAC: - Secure Flow: Uses ephemeral ECDH key pairs (secp256r1); + * derives a shared secret and applies a simple KDF (SHA-256) to derive a + * 128-bit AES key; then uses AES-GCM with a random nonce and computes + * HMAC-SHA256. - Insecure Flow: Reuses a static EC key pair, directly truncates + * the shared secret without a proper KDF, uses a fixed IV, and computes + * HMAC-SHA1. + * + * 3. Dynamic Hybrid Selection: - Chooses between flows based on a configuration + * string. + * + * SAST/CBOM Notes: - Secure flows use proper ephemeral key generation, secure + * key sizes, KDF usage, and random nonces/IVs. - Insecure flows (static key + * reuse, fixed nonces, weak key sizes, raw shared secret truncation, and + * deprecated algorithms) should be flagged. + */ +public class AsymmetricEncryptionMacHybridCryptosystem { + + // static { + // Security.addProvider(new BouncyCastleProvider()); + // Security.addProvider(new BouncyCastlePQCProvider()); + // } + // ---------- Result Class ---------- + public static class HybridResult { + + private final byte[] encapsulatedKey; + private final byte[] ciphertext; + private final byte[] mac; + + public HybridResult(byte[] encapsulatedKey, byte[] ciphertext, byte[] mac) { + this.encapsulatedKey = encapsulatedKey; + this.ciphertext = ciphertext; + this.mac = mac; + } + + public byte[] getEncapsulatedKey() { + return encapsulatedKey; + } + + public byte[] getCiphertext() { + return ciphertext; + } + + public byte[] getMac() { + return mac; + } + + public String toBase64String() { + return "EncapsulatedKey: " + Base64.getEncoder().encodeToString(encapsulatedKey) + + "\nCiphertext: " + Base64.getEncoder().encodeToString(ciphertext) + + "\nMAC: " + Base64.getEncoder().encodeToString(mac); + } + } + + // ---------- Helper Methods ---------- + /** + * Generates an ephemeral ECDH key pair on secp256r1. + */ + public KeyPair generateECDHKeyPair() throws Exception { + KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC", "BC"); + kpg.initialize(new ECGenParameterSpec("secp256r1"), new SecureRandom()); + return kpg.generateKeyPair(); + } + + /** + * Generates an ephemeral X25519 key pair. + */ + public KeyPair generateX25519KeyPair() throws Exception { + KeyPairGenerator kpg = KeyPairGenerator.getInstance("X25519", "BC"); + kpg.initialize(255, new SecureRandom()); + return kpg.generateKeyPair(); + } + + /** + * Derives a shared secret using the provided key agreement algorithm. + * + * @param privateKey The private key. + * @param publicKey The corresponding public key. + * @param algorithm The key agreement algorithm (e.g., "ECDH" or "X25519"). + * @return The shared secret. + */ + public byte[] deriveSharedSecret(PrivateKey privateKey, PublicKey publicKey, String algorithm) throws Exception { + KeyAgreement ka = KeyAgreement.getInstance(algorithm, "BC"); + ka.init(privateKey); + ka.doPhase(publicKey, true); + return ka.generateSecret(); + } + + /** + * A simple KDF that hashes the input with SHA-256 and returns the first + * numBytes. + * + * @param input The input byte array. + * @param numBytes The desired number of output bytes. + * @return The derived key material. + */ + public byte[] simpleKDF(byte[] input, int numBytes) throws Exception { + MessageDigest digest = MessageDigest.getInstance("SHA-256"); + byte[] hash = digest.digest(input); + return Arrays.copyOf(hash, numBytes); + } + + /** + * Concatenates two byte arrays. + */ + public byte[] concatenate(byte[] a, byte[] b) { + byte[] result = new byte[a.length + b.length]; + System.arraycopy(a, 0, result, 0, a.length); + System.arraycopy(b, 0, result, a.length, b.length); + return result; + } + + // ===================================================== + // 1. RSA-OAEP + HMAC Hybrid Cryptosystem + // ===================================================== + /** + * Generates a secure 2048-bit RSA key pair. + */ + public KeyPair generateRSAKeyPairGood() throws Exception { + KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA"); + kpg.initialize(2048); + return kpg.generateKeyPair(); + } + + /** + * Generates an insecure 1024-bit RSA key pair. + */ + public KeyPair generateRSAKeyPairBad() throws Exception { + KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA"); + kpg.initialize(1024); + return kpg.generateKeyPair(); + } + + /** + * Secure hybrid encryption using RSA-OAEP + HMAC-SHA256. + */ + public HybridResult secureRSAHybridEncryption(byte[] plaintext) throws Exception { + KeyPair rsaKP = generateRSAKeyPairGood(); + SecretKey aesKey = generateAESKey(); + + Cipher rsaCipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding"); + rsaCipher.init(Cipher.WRAP_MODE, rsaKP.getPublic()); + byte[] encapsulatedKey = rsaCipher.wrap(aesKey); + + byte[] iv = new byte[12]; + new SecureRandom().nextBytes(iv); + Cipher aesCipher = Cipher.getInstance("AES/GCM/NoPadding"); + aesCipher.init(Cipher.ENCRYPT_MODE, aesKey, new GCMParameterSpec(128, iv)); + byte[] ciphertext = aesCipher.doFinal(plaintext); + byte[] fullCiphertext = concatenate(iv, ciphertext); + + byte[] macKey = generateAESKey().getEncoded(); + byte[] mac = secureHMACSHA256(new String(fullCiphertext), macKey); + + return new HybridResult(encapsulatedKey, fullCiphertext, mac); + } + + /** + * Insecure hybrid encryption using RSA/ECB/PKCS1Padding + HMAC-SHA1. + */ + public HybridResult insecureRSAHybridEncryption(byte[] plaintext) throws Exception { + KeyPair rsaKP = generateRSAKeyPairBad(); + SecretKey aesKey = generateAESKey(); + + Cipher rsaCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); + rsaCipher.init(Cipher.WRAP_MODE, rsaKP.getPublic()); + byte[] encapsulatedKey = rsaCipher.wrap(aesKey); + + byte[] fixedIV = new byte[12]; // All zeros + Cipher aesCipher = Cipher.getInstance("AES/GCM/NoPadding"); + aesCipher.init(Cipher.ENCRYPT_MODE, aesKey, new GCMParameterSpec(128, fixedIV)); + byte[] ciphertext = aesCipher.doFinal(plaintext); + byte[] fullCiphertext = concatenate(fixedIV, ciphertext); + + byte[] macKey = generateAESKey().getEncoded(); + byte[] mac = insecureHMACSHA1(new String(fullCiphertext), macKey); + + return new HybridResult(encapsulatedKey, fullCiphertext, mac); + } + + // ===================================================== + // 2. ECIES + HMAC Hybrid Cryptosystem + // ===================================================== + /** + * Secure hybrid encryption using ECIES (via ECDH) + HMAC-SHA256. + */ + public HybridResult secureECIESHybridEncryption(byte[] plaintext) throws Exception { + KeyPair aliceKP = generateECDHKeyPair(); + KeyPair bobKP = generateECDHKeyPair(); + byte[] sharedSecret = deriveSharedSecret(aliceKP.getPrivate(), bobKP.getPublic(), "ECDH"); + byte[] aesKeyBytes = simpleKDF(sharedSecret, 16); + SecretKey aesKey = new SecretKeySpec(aesKeyBytes, "AES"); + + byte[] iv = new byte[12]; + new SecureRandom().nextBytes(iv); + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + cipher.init(Cipher.ENCRYPT_MODE, aesKey, new GCMParameterSpec(128, iv)); + byte[] ciphertext = cipher.doFinal(plaintext); + byte[] fullCiphertext = concatenate(iv, ciphertext); + + byte[] macKey = generateAESKey().getEncoded(); + byte[] mac = secureHMACSHA256(new String(fullCiphertext), macKey); + + byte[] ephemeralPubKey = aliceKP.getPublic().getEncoded(); + + return new HybridResult(ephemeralPubKey, fullCiphertext, mac); + } + + /** + * Insecure hybrid encryption using ECIES (via ECDH) + HMAC-SHA1. + */ + public HybridResult insecureECIESHybridEncryption(byte[] plaintext) throws Exception { + KeyPair staticKP = generateECDHKeyPair(); + byte[] sharedSecret = deriveSharedSecret(staticKP.getPrivate(), staticKP.getPublic(), "ECDH"); + byte[] aesKeyBytes = Arrays.copyOf(sharedSecret, 16); + SecretKey aesKey = new SecretKeySpec(aesKeyBytes, "AES"); + + byte[] fixedIV = new byte[12]; // Fixed IV + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + cipher.init(Cipher.ENCRYPT_MODE, aesKey, new GCMParameterSpec(128, fixedIV)); + byte[] ciphertext = cipher.doFinal(plaintext); + byte[] fullCiphertext = concatenate(fixedIV, ciphertext); + + byte[] macKey = generateAESKey().getEncoded(); + byte[] mac = insecureHMACSHA1(new String(fullCiphertext), macKey); + + byte[] staticPubKey = staticKP.getPublic().getEncoded(); + + return new HybridResult(staticPubKey, fullCiphertext, mac); + } + + // ===================================================== + // 3. Dynamic Hybrid Selection + // ===================================================== + /** + * Dynamically selects a hybrid encryption flow based on configuration. + * SAST: Dynamic selection introduces risk if insecure defaults are chosen. + * + * @param config The configuration string ("secureRSA", "insecureRSA", + * "secureECIES", "insecureECIES"). + * @param plaintext The plaintext to encrypt. + * @return A Base64-encoded string representation of the hybrid encryption + * result. + * @throws Exception if an error occurs. + */ + public String dynamicHybridEncryption(String config, byte[] plaintext) throws Exception { + HybridResult result; + if ("secureRSA".equalsIgnoreCase(config)) { + result = secureRSAHybridEncryption(plaintext); + } else if ("insecureRSA".equalsIgnoreCase(config)) { + result = insecureRSAHybridEncryption(plaintext); + } else if ("secureECIES".equalsIgnoreCase(config)) { + result = secureECIESHybridEncryption(plaintext); + } else if ("insecureECIES".equalsIgnoreCase(config)) { + result = insecureECIESHybridEncryption(plaintext); + } else { + // Fallback to insecure RSA hybrid encryption. + result = insecureRSAHybridEncryption(plaintext); + } + return result.toBase64String(); + } + + // ===================================================== + // 4. Helper Methods for HMAC and Symmetric Encryption + // ===================================================== + /** + * Secure HMAC using HMAC-SHA256. SAST: HMAC-SHA256 is secure. + */ + public byte[] secureHMACSHA256(String message, byte[] key) throws Exception { + Mac mac = Mac.getInstance("HmacSHA256", "BC"); + SecretKey secretKey = new SecretKeySpec(key, "HmacSHA256"); + mac.init(secretKey); + return mac.doFinal(message.getBytes()); + } + + /** + * Insecure HMAC using HMAC-SHA1. SAST: HMAC-SHA1 is deprecated and + * insecure. + */ + public byte[] insecureHMACSHA1(String message, byte[] key) throws Exception { + Mac mac = Mac.getInstance("HmacSHA1", "BC"); + SecretKey secretKey = new SecretKeySpec(key, "HmacSHA1"); + mac.init(secretKey); + return mac.doFinal(message.getBytes()); + } + + // ===================================================== + // 5. Helper Methods for Key/Nonce Generation + // ===================================================== + /** + * Generates a secure 256-bit AES key. SAST: Uses SecureRandom for key + * generation. + */ + public SecretKey generateAESKey() throws Exception { + KeyGenerator kg = KeyGenerator.getInstance("AES"); + kg.init(256, new SecureRandom()); + return kg.generateKey(); + } +} diff --git a/java/ql/test/experimental/library-tests/quantum/jca/ChainedEncryptionTest.java b/java/ql/test/experimental/library-tests/quantum/jca/ChainedEncryptionTest.java new file mode 100644 index 00000000000..2190921937e --- /dev/null +++ b/java/ql/test/experimental/library-tests/quantum/jca/ChainedEncryptionTest.java @@ -0,0 +1,146 @@ +package com.example.crypto.algorithms; + +// import org.bouncycastle.jce.provider.BouncyCastleProvider; +import java.security.*; +import java.util.Arrays; +import javax.crypto.Cipher; +import javax.crypto.KeyGenerator; +import javax.crypto.SecretKey; +import javax.crypto.spec.GCMParameterSpec; +import javax.crypto.spec.IvParameterSpec; + +public class ChainedEncryptionTest { + + // static { + // Security.addProvider(new BouncyCastleProvider()); + // } + // Encrypts using AES-GCM. Returns IV concatenated with ciphertext. + public static byte[] encryptAESGCM(SecretKey key, byte[] plaintext) throws Exception { + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + byte[] iv = new byte[12]; // 12-byte nonce for AES-GCM + new SecureRandom().nextBytes(iv); + GCMParameterSpec spec = new GCMParameterSpec(128, iv); + cipher.init(Cipher.ENCRYPT_MODE, key, spec); + byte[] ciphertext = cipher.doFinal(plaintext); + return concat(iv, ciphertext); + } + + // Decrypts AES-GCM ciphertext where IV is prepended. + public static byte[] decryptAESGCM(SecretKey key, byte[] ivCiphertext) throws Exception { + byte[] iv = Arrays.copyOfRange(ivCiphertext, 0, 12); + byte[] ciphertext = Arrays.copyOfRange(ivCiphertext, 12, ivCiphertext.length); + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + GCMParameterSpec spec = new GCMParameterSpec(128, iv); + cipher.init(Cipher.DECRYPT_MODE, key, spec); + return cipher.doFinal(ciphertext); + } + + // Encrypts using ChaCha20-Poly1305. Returns nonce concatenated with ciphertext. + public static byte[] encryptChaCha20Poly1305(SecretKey key, byte[] plaintext) throws Exception { + Cipher cipher = Cipher.getInstance("ChaCha20-Poly1305", "BC"); + byte[] nonce = new byte[12]; // 12-byte nonce for ChaCha20-Poly1305 + new SecureRandom().nextBytes(nonce); + cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(nonce)); + byte[] ciphertext = cipher.doFinal(plaintext); + return concat(nonce, ciphertext); + } + + // Decrypts ChaCha20-Poly1305 ciphertext where nonce is prepended. + public static byte[] decryptChaCha20Poly1305(SecretKey key, byte[] nonceCiphertext) throws Exception { + byte[] nonce = Arrays.copyOfRange(nonceCiphertext, 0, 12); + byte[] ciphertext = Arrays.copyOfRange(nonceCiphertext, 12, nonceCiphertext.length); + Cipher cipher = Cipher.getInstance("ChaCha20-Poly1305", "BC"); + cipher.init(Cipher.DECRYPT_MODE, key, new IvParameterSpec(nonce)); + return cipher.doFinal(ciphertext); + } + + // Helper method to concatenate two byte arrays. + private static byte[] concat(byte[] a, byte[] b) { + byte[] result = new byte[a.length + b.length]; + System.arraycopy(a, 0, result, 0, a.length); + System.arraycopy(b, 0, result, a.length, b.length); + return result; + } + + /** + * Performs chained encryption and decryption in one function. First, + * plaintext is encrypted with AES-GCM (inner layer), then that ciphertext + * is encrypted with ChaCha20-Poly1305 (outer layer). The decryption process + * reverses these steps. + * + * @param plaintext The input plaintext. + * @return The decrypted plaintext as a String. + * @throws Exception if any cryptographic operation fails. + */ + public static String chainEncryptDecrypt(String plaintext) throws Exception { + byte[] plainBytes = plaintext.getBytes("UTF-8"); + + // Generate keys for inner and outer encryption. + KeyGenerator aesGen = KeyGenerator.getInstance("AES"); + aesGen.init(256, new SecureRandom()); + SecretKey innerKey = aesGen.generateKey(); + + KeyGenerator chachaGen = KeyGenerator.getInstance("ChaCha20", "BC"); + chachaGen.init(256, new SecureRandom()); + SecretKey outerKey = chachaGen.generateKey(); + + // Inner Encryption with AES-GCM. + byte[] aesIV = new byte[12]; // Random 12-byte IV. + new SecureRandom().nextBytes(aesIV); + Cipher aesCipher = Cipher.getInstance("AES/GCM/NoPadding"); + GCMParameterSpec gcmSpec = new GCMParameterSpec(128, aesIV); + aesCipher.init(Cipher.ENCRYPT_MODE, innerKey, gcmSpec); + byte[] innerCiphertext = aesCipher.doFinal(plainBytes); + + // Outer Encryption with ChaCha20-Poly1305. + byte[] chachaNonce = new byte[12]; // Random 12-byte nonce. + new SecureRandom().nextBytes(chachaNonce); + Cipher chachaCipher = Cipher.getInstance("ChaCha20-Poly1305", "BC"); + chachaCipher.init(Cipher.ENCRYPT_MODE, outerKey, new IvParameterSpec(chachaNonce)); + byte[] outerCiphertext = chachaCipher.doFinal(innerCiphertext); + + // Outer Decryption. + Cipher chachaDec = Cipher.getInstance("ChaCha20-Poly1305", "BC"); + chachaDec.init(Cipher.DECRYPT_MODE, outerKey, new IvParameterSpec(chachaNonce)); + byte[] decryptedInnerCiphertext = chachaDec.doFinal(outerCiphertext); + + // Inner Decryption. + Cipher aesDec = Cipher.getInstance("AES/GCM/NoPadding"); + aesDec.init(Cipher.DECRYPT_MODE, innerKey, new GCMParameterSpec(128, aesIV)); + byte[] decryptedPlaintext = aesDec.doFinal(decryptedInnerCiphertext); + + return new String(decryptedPlaintext, "UTF-8"); + } + + public static void main(String[] args) throws Exception { + // Generate a 256-bit AES key for the first (inner) encryption. + KeyGenerator aesGen = KeyGenerator.getInstance("AES"); + aesGen.init(256, new SecureRandom()); + SecretKey aesKey = aesGen.generateKey(); + + // Generate a 256-bit key for ChaCha20-Poly1305 (outer encryption). + KeyGenerator chaChaGen = KeyGenerator.getInstance("ChaCha20"); + chaChaGen.init(256, new SecureRandom()); + SecretKey chaChaKey = chaChaGen.generateKey(); + + String originalText = "This is a secret message."; + byte[] plaintext = originalText.getBytes(); + + // Step 1: Encrypt plaintext with AES-GCM. + byte[] innerCiphertext = encryptAESGCM(aesKey, plaintext); + + // Step 2: Encrypt the AES-GCM ciphertext with ChaCha20-Poly1305. + byte[] outerCiphertext = encryptChaCha20Poly1305(chaChaKey, innerCiphertext); + + // Now, decrypt in reverse order. + // Step 3: Decrypt the outer layer (ChaCha20-Poly1305). + byte[] decryptedInnerCiphertext = decryptChaCha20Poly1305(chaChaKey, outerCiphertext); + + // Step 4: Decrypt the inner layer (AES-GCM). + byte[] decryptedPlaintext = decryptAESGCM(aesKey, decryptedInnerCiphertext); + + System.out.println("Original: " + originalText); + System.out.println("Decrypted: " + new String(decryptedPlaintext)); + } + +} diff --git a/java/ql/test/experimental/library-tests/quantum/jca/Digest.java b/java/ql/test/experimental/library-tests/quantum/jca/Digest.java new file mode 100644 index 00000000000..412bf578ac1 --- /dev/null +++ b/java/ql/test/experimental/library-tests/quantum/jca/Digest.java @@ -0,0 +1,256 @@ +package com.example.crypto.artifacts; + +// import org.bouncycastle.jce.provider.BouncyCastleProvider; + +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.security.SecureRandom; +import java.util.Arrays; +import java.util.Base64; +import javax.crypto.Cipher; +import javax.crypto.KeyGenerator; +import javax.crypto.Mac; +import javax.crypto.SecretKey; +import javax.crypto.SecretKeyFactory; +import javax.crypto.spec.PBEKeySpec; +import javax.crypto.spec.SecretKeySpec; + +/** + * DigestTestCase demonstrates the further use of cryptographic digests + * as inputs to more complex cryptosystems. In real-world applications, + * digest outputs are often used as keys, key material for key derivation, + * or as identifiers. This file shows several flows: + * + * 1. Basic digest generation using SHA-256 (secure) and MD5/SHA-1 (insecure). + * 2. Unsalted versus salted digest for password input. + * 3. PBKDF2 for secure key derivation. + * 4. Using a digest as direct key material for AES encryption (processDigest). + * 5. Using a digest as an identifier (alternativeDigestFlow). + * 6. **Further Use**: Deriving two separate keys (one for encryption and one + * for MAC) + * from a digest via PBKDF2 and using them in an authenticated encryption flow. + * + * SAST/CBOM notes: + * - Secure algorithms (e.g. SHA-256, HMAC-SHA256, PBKDF2WithHmacSHA256) are + * acceptable. + * - Insecure functions (e.g. MD5, SHA-1) and unsalted password digests are + * flagged. + * - Using a raw digest directly as key material is ambiguous unless produced by + * a proper KDF. + */ +public class Digest { + + // static { + // Security.addProvider(new BouncyCastleProvider()); + // } + + // ---------- Digest Generation Flows ---------- + + /** + * Secure digest generation using SHA-256. + * SAST: SHA-256 is secure. + */ + public void simpleHashing() throws Exception { + MessageDigest digest = MessageDigest.getInstance("SHA-256"); + byte[] hash = digest.digest("Simple Test Data".getBytes()); + processDigest(hash); + } + + /** + * Insecure digest generation using MD5. + * SAST: MD5 is deprecated and insecure. + */ + public void insecureMD5Hashing() throws Exception { + MessageDigest md5Digest = MessageDigest.getInstance("MD5"); + byte[] hash = md5Digest.digest("Weak Hash Example".getBytes()); + processDigest(hash); + } + + /** + * Insecure unsalted password hashing using SHA-256. + * SAST: Unsalted password hashing is vulnerable to rainbow table attacks. + */ + public void insecureUnsaltedPasswordHashing(String password) throws Exception { + MessageDigest sha256Digest = MessageDigest.getInstance("SHA-256"); + byte[] hash = sha256Digest.digest(password.getBytes()); + processDigest(hash); + } + + /** + * Secure salted hashing using SHA-256. + * SAST: Salting the input improves security. + */ + public void secureSaltedHashing(String password) throws Exception { + byte[] salt = generateSalt(16); + MessageDigest digest = MessageDigest.getInstance("SHA-256"); + digest.update(salt); + byte[] hash = digest.digest(password.getBytes()); + processDigest(hash); + } + + /** + * Secure key derivation using PBKDF2 with HMAC-SHA256. + * SAST: PBKDF2 with sufficient iterations is recommended. + */ + public void securePBKDF2Hashing(String password) throws Exception { + byte[] salt = generateSalt(16); + PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, 10000, 256); + SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256"); + byte[] hash = factory.generateSecret(spec).getEncoded(); + processDigest(hash); + } + + /** + * Insecure digest generation using SHA-1. + * SAST: SHA-1 is deprecated due to collision vulnerabilities. + */ + public void insecureRawSHA1Hashing(String input) throws Exception { + MessageDigest sha1Digest = MessageDigest.getInstance("SHA-1"); + byte[] hash = sha1Digest.digest(input.getBytes()); + processDigest(hash); + } + + /** + * Secure MAC computation using HMAC-SHA256. + * SAST: HMAC-SHA256 is considered secure. + */ + public void secureHMACHashing(String input, byte[] key) throws Exception { + Mac hmac = Mac.getInstance("HmacSHA256"); + SecretKey secretKey = new SecretKeySpec(key, "HmacSHA256"); + hmac.init(secretKey); + byte[] hash = hmac.doFinal(input.getBytes()); + processDigest(hash); + } + + // ---------- Further Use of Digest Outputs ---------- + + /** + * Processes the digest by using it directly as key material for AES encryption. + * SAST: Using a raw digest as key material is acceptable only if the digest is + * produced + * via a secure KDF. This method is ambiguous if the digest is from an insecure + * function. + * + * @param digest The computed digest. + * @throws Exception if encryption fails. + */ + public void processDigest(byte[] digest) throws Exception { + // Derive a 128-bit AES key from the digest. + SecretKey key = new SecretKeySpec(digest, 0, 16, "AES"); + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + cipher.init(Cipher.ENCRYPT_MODE, key, new SecureRandom()); + byte[] encryptedData = cipher.doFinal("Sensitive Data".getBytes()); + storeEncryptedDigest(encryptedData); + } + + /** + * Alternative flow: Uses the digest as an identifier (e.g., checksum) and + * encrypts it. + * SAST: Using a digest as an identifier is common; encryption must use secure + * primitives. + * + * @param digest The computed digest. + * @throws Exception if encryption fails. + */ + public void alternativeDigestFlow(byte[] digest) throws Exception { + byte[] identifier = Base64.getEncoder().encode(digest); + encryptAndSend(identifier); + } + + /** + * Further use: Derives two separate keys from a digest using PBKDF2, + * then uses one key for encryption and the other for computing a MAC over the + * ciphertext. + * + * SAST: This approach of key derivation and splitting is acceptable if PBKDF2 + * is used securely. + * + * @param digest The input digest (must be generated from a secure source). + * @throws Exception if key derivation or encryption fails. + */ + public void furtherUseDigestForKeyDerivation(byte[] digest) throws Exception { + // Treat the digest (in Base64) as a password input to PBKDF2. + String digestAsPassword = Base64.getEncoder().encodeToString(digest); + byte[] salt = generateSalt(16); + // Derive 256 bits (32 bytes) of key material. + PBEKeySpec spec = new PBEKeySpec(digestAsPassword.toCharArray(), salt, 10000, 256); + SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256"); + byte[] keyMaterial = factory.generateSecret(spec).getEncoded(); + // Split into two 128-bit keys. + byte[] encryptionKeyBytes = Arrays.copyOfRange(keyMaterial, 0, 16); + byte[] macKeyBytes = Arrays.copyOfRange(keyMaterial, 16, 32); + SecretKey encryptionKey = new SecretKeySpec(encryptionKeyBytes, "AES"); + SecretKey macKey = new SecretKeySpec(macKeyBytes, "HmacSHA256"); + + // Encrypt sample data using the derived encryption key. + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + cipher.init(Cipher.ENCRYPT_MODE, encryptionKey, new SecureRandom()); + byte[] ciphertext = cipher.doFinal("Further Use Test Data".getBytes()); + + // Compute HMAC over the ciphertext using the derived MAC key. + Mac mac = Mac.getInstance("HmacSHA256"); + mac.init(macKey); + byte[] computedMac = mac.doFinal(ciphertext); + + // In production, these outputs would be securely stored or transmitted. + byte[] output = new byte[ciphertext.length + computedMac.length]; + System.arraycopy(ciphertext, 0, output, 0, ciphertext.length); + System.arraycopy(computedMac, 0, output, ciphertext.length, computedMac.length); + storeEncryptedDigest(output); + } + + /** + * Encrypts data using AES-GCM and simulates secure transmission or storage. + * SAST: Uses a securely generated AES key. + * + * @param data The data to encrypt. + * @throws Exception if encryption fails. + */ + public void encryptAndSend(byte[] data) throws Exception { + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + SecretKey key = generateAESKey(); + cipher.init(Cipher.ENCRYPT_MODE, key, new SecureRandom()); + byte[] encryptedData = cipher.doFinal(data); + storeEncryptedDigest(encryptedData); + } + + /** + * Simulates secure storage or transmission of an encrypted digest. + * SAST: In production, this method would implement secure storage/transmission. + * + * @param encryptedDigest The encrypted digest. + */ + public void storeEncryptedDigest(byte[] encryptedDigest) { + // For static analysis purposes, this method represents a secure output + // mechanism. + String stored = Base64.getEncoder().encodeToString(encryptedDigest); + } + + // ---------- Helper Methods ---------- + + /** + * Generates a secure 256-bit AES key. + * SAST: Key generation uses a strong RNG. + * + * @return A SecretKey for AES. + * @throws NoSuchAlgorithmException if AES is unsupported. + */ + private SecretKey generateAESKey() throws NoSuchAlgorithmException { + KeyGenerator keyGen = KeyGenerator.getInstance("AES"); + keyGen.init(256); + return keyGen.generateKey(); + } + + /** + * Generates a random salt of the specified length using SecureRandom. + * SAST: Salting is essential for secure digest computations. + * + * @param length The salt length. + * @return A byte array representing the salt. + */ + private byte[] generateSalt(int length) { + byte[] salt = new byte[length]; + new SecureRandom().nextBytes(salt); + return salt; + } +} diff --git a/java/ql/test/experimental/library-tests/quantum/jca/EllipticCurve1.java b/java/ql/test/experimental/library-tests/quantum/jca/EllipticCurve1.java new file mode 100644 index 00000000000..71481b7e7a9 --- /dev/null +++ b/java/ql/test/experimental/library-tests/quantum/jca/EllipticCurve1.java @@ -0,0 +1,155 @@ +package com.example.crypto.algorithms; + +// import org.bouncycastle.jce.provider.BouncyCastleProvider; + +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.util.Base64; + +/** + * EllipticCurve1 demonstrates generating EC key pairs for various curve + * categories. + * + * Curve categories covered: + * - NIST: e.g., secp256r1, secp384r1, secp521r1. + * - SEC: e.g., secp256k1 (from the Standards for Efficient Cryptography, SEC2). + * - BRAINPOOL: e.g., brainpoolP256r1. + * - CURVE25519: for key agreement (X25519) or signatures (Ed25519). + * - CURVE448: for key agreement (X448). + * - C2: Binary curves; for example, sect163r2 (if available). + * - SM2: Chinese SM2 curve, often named sm2p256v1. + * - ES: Elliptic curve signature based on EdDSA, here using Ed25519. + * - OtherEllipticCurveType: A fallback (using secp256r1). + * + * Best practices: + * - Use ephemeral key generation with a strong RNG. + * - Select curves from secure families (e.g., NIST, Brainpool, Curve25519/448, + * SM2). + * - Use a crypto provider (e.g., BouncyCastle) that supports the desired + * curves. + * + * In a production environment, the curve type may be externally configured. + */ +public class EllipticCurve1 { + + // static { + // // Register the BouncyCastle provider to access a wide range of curves. + // Security.addProvider(new BouncyCastleProvider()); + // } + + /** + * Generates a key pair using a NIST curve (e.g., secp256r1). + */ + public KeyPair generateNISTKeyPair() throws Exception { + KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC", "BC"); + // secp256r1 is widely used (also known as P-256) + kpg.initialize(new java.security.spec.ECGenParameterSpec("secp256r1")); + return kpg.generateKeyPair(); + } + + /** + * Generates a key pair using a SEC curve (e.g., secp256k1). + */ + public KeyPair generateSECCurveKeyPair() throws Exception { + KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC", "BC"); + // secp256k1 is commonly used in Bitcoin and other blockchain applications. + kpg.initialize(new java.security.spec.ECGenParameterSpec("secp256k1")); + return kpg.generateKeyPair(); + } + + /** + * Generates a key pair using a Brainpool curve (e.g., brainpoolP256r1). + */ + public KeyPair generateBrainpoolKeyPair() throws Exception { + KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC", "BC"); + // "brainpoolP256r1" is a commonly recommended Brainpool curve. + kpg.initialize(new java.security.spec.ECGenParameterSpec("brainpoolP256r1")); + return kpg.generateKeyPair(); + } + + /** + * Generates an X25519 key pair (for key agreement). + */ + public KeyPair generateCurve25519KeyPair() throws Exception { + KeyPairGenerator kpg = KeyPairGenerator.getInstance("X25519", "BC"); + // No further parameters are needed for X25519. + return kpg.generateKeyPair(); + } + + /** + * Generates an X448 key pair (for key agreement). + */ + public KeyPair generateCurve448KeyPair() throws Exception { + KeyPairGenerator kpg = KeyPairGenerator.getInstance("X448", "BC"); + return kpg.generateKeyPair(); + } + + /** + * Generates a key pair for a binary (C2) curve. + * Example: sect163r2 is a binary field curve. + */ + public KeyPair generateC2CurveKeyPair() throws Exception { + KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC", "BC"); + // "sect163r2" is one of the binary field curves supported by BouncyCastle. + kpg.initialize(new java.security.spec.ECGenParameterSpec("sect163r2")); + return kpg.generateKeyPair(); + } + + /** + * Generates a key pair for the SM2 curve. + * SM2 is a Chinese cryptographic standard. + */ + public KeyPair generateSM2KeyPair() throws Exception { + KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC", "BC"); + // "sm2p256v1" is the standard SM2 curve. + kpg.initialize(new java.security.spec.ECGenParameterSpec("sm2p256v1")); + return kpg.generateKeyPair(); + } + + /** + * Generates a key pair for ES (Elliptic curve signature using EdDSA). + * This example uses Ed25519. + */ + public KeyPair generateESKeyPair() throws Exception { + KeyPairGenerator kpg = KeyPairGenerator.getInstance("Ed25519", "BC"); + return kpg.generateKeyPair(); + } + + /** + * Generates a key pair for an "Other" elliptic curve type. + * This serves as a fallback example (using secp256r1). + */ + public KeyPair generateOtherEllipticCurveKeyPair() throws Exception { + return generateNISTKeyPair(); // Fallback to secp256r1 + } + + /** + * Main method demonstrating key pair generation for various curve types. + */ + public static void main(String[] args) { + try { + EllipticCurve1 examples = new EllipticCurve1(); + System.out.println("NIST (secp256r1): " + + Base64.getEncoder().encodeToString(examples.generateNISTKeyPair().getPublic().getEncoded())); + System.out.println("SEC (secp256k1): " + + Base64.getEncoder().encodeToString(examples.generateSECCurveKeyPair().getPublic().getEncoded())); + System.out.println("Brainpool (brainpoolP256r1): " + + Base64.getEncoder().encodeToString(examples.generateBrainpoolKeyPair().getPublic().getEncoded())); + System.out.println("Curve25519 (X25519): " + + Base64.getEncoder().encodeToString(examples.generateCurve25519KeyPair().getPublic().getEncoded())); + System.out.println("Curve448 (X448): " + + Base64.getEncoder().encodeToString(examples.generateCurve448KeyPair().getPublic().getEncoded())); + System.out.println("C2 (sect163r2): " + + Base64.getEncoder().encodeToString(examples.generateC2CurveKeyPair().getPublic().getEncoded())); + System.out.println("SM2 (sm2p256v1): " + + Base64.getEncoder().encodeToString(examples.generateSM2KeyPair().getPublic().getEncoded())); + System.out.println("ES (Ed25519): " + + Base64.getEncoder().encodeToString(examples.generateESKeyPair().getPublic().getEncoded())); + System.out.println("Other (Fallback, secp256r1): " + + Base64.getEncoder() + .encodeToString(examples.generateOtherEllipticCurveKeyPair().getPublic().getEncoded())); + } catch (Exception e) { + e.printStackTrace(); + } + } +} diff --git a/java/ql/test/experimental/library-tests/quantum/jca/EllipticCurve2.java b/java/ql/test/experimental/library-tests/quantum/jca/EllipticCurve2.java new file mode 100644 index 00000000000..41def510f18 --- /dev/null +++ b/java/ql/test/experimental/library-tests/quantum/jca/EllipticCurve2.java @@ -0,0 +1,272 @@ +package com.example.crypto.algorithms; + +//import org.bouncycastle.jce.provider.BouncyCastleProvider; +import java.security.*; +import java.security.spec.ECGenParameterSpec; +import java.util.Arrays; +import java.util.Base64; +import javax.crypto.Cipher; +import javax.crypto.KeyAgreement; +import javax.crypto.SecretKey; +import javax.crypto.spec.GCMParameterSpec; +import javax.crypto.spec.SecretKeySpec; + +/** + * EllipticCurve2 demonstrates real-world uses of elliptic curve algorithms, + * including key pair generation, key agreement (ECDH), digital signatures + * (ECDSA, EdDSA), and a simple simulation of ECIES (using ECDH + AES-GCM). + * + * Curve types shown include: - NIST (e.g., secp256r1) - SEC (e.g., secp256k1) - + * Brainpool (e.g., brainpoolP256r1) - CURVE25519 (for X25519 key agreement) - + * ES (e.g., Ed25519 for signatures) - Other fallback (e.g., secp256r1 for + * "OtherEllipticCurveType") + * + * Best practices: - Use ephemeral keys and a strong RNG. - Use proper key + * agreement (with a KDF if needed) and digital signature schemes. - Avoid + * static key reuse or using weak curves. + * + * SAST/CBOM considerations: - Secure implementations use ephemeral keys and + * modern curves. - Insecure practices (e.g., static keys or reusing keys) must + * be flagged. + */ +public class EllipticCurve2 { + + // static { + // // Register BouncyCastle provider for additional curves and algorithms. + // Security.addProvider(new BouncyCastleProvider()); + // } + // ---------------------------- + // 1. Key Pair Generation Examples + // ---------------------------- + /** + * Generates a key pair using a NIST curve (secp256r1). + */ + public KeyPair generateNISTKeyPair() throws Exception { + KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC", "BC"); + kpg.initialize(new ECGenParameterSpec("secp256r1"), new SecureRandom()); + return kpg.generateKeyPair(); + } + + /** + * Generates a key pair using a SEC curve (secp256k1). + */ + public KeyPair generateSECCurveKeyPair() throws Exception { + KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC", "BC"); + kpg.initialize(new ECGenParameterSpec("secp256k1"), new SecureRandom()); + return kpg.generateKeyPair(); + } + + /** + * Generates a key pair using a Brainpool curve (brainpoolP256r1). + */ + public KeyPair generateBrainpoolKeyPair() throws Exception { + KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC", "BC"); + kpg.initialize(new ECGenParameterSpec("brainpoolP256r1"), new SecureRandom()); + return kpg.generateKeyPair(); + } + + /** + * Generates an X25519 key pair. + */ + public KeyPair generateX25519KeyPair() throws Exception { + KeyPairGenerator kpg = KeyPairGenerator.getInstance("X25519", "BC"); + return kpg.generateKeyPair(); + } + + /** + * Generates an Ed25519 key pair (used for signatures). + */ + public KeyPair generateEd25519KeyPair() throws Exception { + KeyPairGenerator kpg = KeyPairGenerator.getInstance("Ed25519", "BC"); + return kpg.generateKeyPair(); + } + + /** + * Generates a key pair for "OtherEllipticCurveType" as a fallback (using + * secp256r1). + */ + public KeyPair generateOtherEllipticCurveKeyPair() throws Exception { + return generateNISTKeyPair(); + } + + // ---------------------------- + // 2. Key Agreement (ECDH) Examples + // ---------------------------- + /** + * Performs ECDH key agreement using two ephemeral NIST key pairs. Secure + * Example: Uses ephemeral keys and a strong RNG. + * + * @return The shared secret. + */ + public byte[] performECDHKeyAgreement() throws Exception { + KeyPair aliceKP = generateNISTKeyPair(); + KeyPair bobKP = generateNISTKeyPair(); + + KeyAgreement ka = KeyAgreement.getInstance("ECDH", "BC"); + ka.init(aliceKP.getPrivate()); + ka.doPhase(bobKP.getPublic(), true); + return ka.generateSecret(); + } + + /** + * Insecure ECDH Example: Uses a static key pair for both parties. SAST: + * Reusing the same key pair eliminates forward secrecy and is insecure. + * + * @return The (insecure) shared secret. + */ + public byte[] insecureECDHKeyAgreement() throws Exception { + KeyPair staticKP = generateNISTKeyPair(); + KeyAgreement ka = KeyAgreement.getInstance("ECDH", "BC"); + ka.init(staticKP.getPrivate()); + ka.doPhase(staticKP.getPublic(), true); + return ka.generateSecret(); + } + + // ---------------------------- + // 3. Digital Signature Examples + // ---------------------------- + /** + * Generates an ECDSA signature using a NIST key pair. Secure Example. + * + * @param message The message to sign. + * @return The signature. + */ + public byte[] generateECDSASignature(byte[] message) throws Exception { + KeyPair kp = generateNISTKeyPair(); + Signature signature = Signature.getInstance("SHA256withECDSA", "BC"); + signature.initSign(kp.getPrivate()); + signature.update(message); + return signature.sign(); + } + + /** + * Verifies an ECDSA signature using the corresponding NIST key pair. + * + * @param message The original message. + * @param signatureBytes The signature to verify. + * @param kp The key pair used for signing. + * @return True if the signature is valid. + */ + public boolean verifyECDSASignature(byte[] message, byte[] signatureBytes, KeyPair kp) throws Exception { + Signature signature = Signature.getInstance("SHA256withECDSA", "BC"); + signature.initVerify(kp.getPublic()); + signature.update(message); + return signature.verify(signatureBytes); + } + + /** + * Generates an Ed25519 signature. Secure Example: Ed25519 is a modern, + * high-performance signature scheme. + * + * @param message The message to sign. + * @return The signature. + */ + public byte[] generateEd25519Signature(byte[] message) throws Exception { + KeyPair kp = generateEd25519KeyPair(); + Signature signature = Signature.getInstance("Ed25519", "BC"); + signature.initSign(kp.getPrivate()); + signature.update(message); + return signature.sign(); + } + + /** + * Verifies an Ed25519 signature. + * + * @param message The original message. + * @param signatureBytes The signature to verify. + * @param kp The key pair used for signing. + * @return True if the signature is valid. + */ + public boolean verifyEd25519Signature(byte[] message, byte[] signatureBytes, KeyPair kp) throws Exception { + Signature signature = Signature.getInstance("Ed25519", "BC"); + signature.initVerify(kp.getPublic()); + signature.update(message); + return signature.verify(signatureBytes); + } + + // ---------------------------- + // 4. ECIES-like Encryption (ECDH + AES-GCM) + // ---------------------------- + /** + * A simple simulation of ECIES using ECDH for key agreement and AES-GCM for + * encryption. Secure Example: Uses ephemeral ECDH key pairs, a KDF to + * derive a symmetric key, and AES-GCM with a random nonce. + * + * @param plaintext The plaintext to encrypt. + * @return The concatenation of the ephemeral public key, IV, and ciphertext + * (Base64-encoded). + * @throws Exception if encryption fails. + */ + public String eciesEncryptionExample(byte[] plaintext) throws Exception { + // Generate ephemeral key pairs for two parties. + KeyPair senderKP = generateNISTKeyPair(); + KeyPair receiverKP = generateNISTKeyPair(); + + // Perform ECDH key agreement. + KeyAgreement ka = KeyAgreement.getInstance("ECDH", "BC"); + ka.init(senderKP.getPrivate()); + ka.doPhase(receiverKP.getPublic(), true); + byte[] sharedSecret = ka.generateSecret(); + + // Derive a symmetric key from the shared secret using SHA-256 (first 16 bytes + // for AES-128). + MessageDigest digest = MessageDigest.getInstance("SHA-256"); + byte[] derivedKey = digest.digest(sharedSecret); + derivedKey = Arrays.copyOf(derivedKey, 16); + SecretKey aesKey = new SecretKeySpec(derivedKey, "AES"); + + // Encrypt plaintext using AES-GCM with a random nonce. + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + byte[] iv = new byte[12]; + new SecureRandom().nextBytes(iv); + GCMParameterSpec spec = new GCMParameterSpec(128, iv); + cipher.init(Cipher.ENCRYPT_MODE, aesKey, spec); + byte[] ciphertext = cipher.doFinal(plaintext); + + // For ECIES, include the sender's ephemeral public key with the output. + byte[] senderPub = senderKP.getPublic().getEncoded(); + byte[] output = concatenate(senderPub, concatenate(iv, ciphertext)); + + return Base64.getEncoder().encodeToString(output); + } + + // ---------------------------- + // 5. Main Method for Demonstration + // ---------------------------- + public static void main(String[] args) { + try { + EllipticCurve2 test = new EllipticCurve2(); + + // Key Agreement Example: + byte[] sharedSecret = test.performECDHKeyAgreement(); + System.out.println("ECDH Shared Secret (Base64): " + Base64.getEncoder().encodeToString(sharedSecret)); + + // ECDSA Signature Example: + byte[] message = "Test message for ECDSA".getBytes(); + KeyPair nistKP = test.generateNISTKeyPair(); + byte[] ecdsaSig = test.generateECDSASignature(message); + boolean validSig = test.verifyECDSASignature(message, ecdsaSig, nistKP); + System.out.println("ECDSA Signature valid? " + validSig); + + // Ed25519 Signature Example: + byte[] edSig = test.generateEd25519Signature(message); + KeyPair edKP = test.generateEd25519KeyPair(); + boolean validEdSig = test.verifyEd25519Signature(message, edSig, edKP); + System.out.println("Ed25519 Signature valid? " + validEdSig); + + // ECIES-like Encryption Example: + String eciesOutput = test.eciesEncryptionExample("Secret ECIES Message".getBytes()); + System.out.println("ECIES-like Encrypted Output (Base64): " + eciesOutput); + + } catch (Exception e) { + e.printStackTrace(); + } + } + + private byte[] concatenate(byte[] a, byte[] b) { + byte[] result = new byte[a.length + b.length]; + System.arraycopy(a, 0, result, 0, a.length); + System.arraycopy(b, 0, result, a.length, b.length); + return result; + } +} diff --git a/java/ql/test/experimental/library-tests/quantum/jca/Encryption1.java b/java/ql/test/experimental/library-tests/quantum/jca/Encryption1.java new file mode 100644 index 00000000000..74b2070d13e --- /dev/null +++ b/java/ql/test/experimental/library-tests/quantum/jca/Encryption1.java @@ -0,0 +1,182 @@ +package com.example.crypto.algorithms; + +//import org.bouncycastle.jce.provider.BouncyCastleProvider; +import java.security.*; +import java.util.Base64; +import javax.crypto.Cipher; +import javax.crypto.KeyGenerator; +import javax.crypto.SecretKey; +import javax.crypto.spec.GCMParameterSpec; + +/** + * This class demonstrates several encryption schemes along with SAST/CBOM + * classification notes. + * + * Methods include: + * + * 1. simpleAESEncryption: Uses AES in GCM mode. + * - CBOM: AES-GCM is classified as secure (Parent: AEAD). + * - SAST: Secure symmetric encryption pattern; safe when used properly. + * + * 2. insecureAESWithECB: Uses AES in ECB mode. + * - CBOM: AES-ECB is classified as insecure (Parent: SymmetricEncryption). + * - SAST: Insecure encryption pattern; flagged as vulnerable due to lack of IV + * and predictable structure. + * + * 3. rsaOaepEncryption / rsaOaepDecryption: Use RSA with OAEP padding. + * - CBOM: RSA-OAEP is classified as secure for public-key encryption (Parent: + * Hybrid Cryptosystem). + * - SAST: Secure for small payloads/key encapsulation; must only encrypt small + * data blocks. + * + * 4. rsaKemEncryption: Demonstrates a key encapsulation mechanism (KEM) using + * RSA-OAEP. + * - CBOM: RSA-KEM is recognized as secure (Parent: RSA-OAEP based KEM). + * - SAST: Secure when used to encapsulate symmetric keys in a hybrid system. + * + * 5. hybridEncryption: Combines RSA-OAEP for key encapsulation with AES-GCM for + * data encryption. + * - CBOM: Hybrid encryption (Parent: RSA-OAEP + AES-GCM) is classified as + * secure. + * - SAST: Secure hybrid encryption pattern; recommended for large data + * encryption. + */ +public class Encryption1 { + + // static { + // Security.addProvider(new BouncyCastleProvider()); + // } + + /** + * Simple AES-GCM encryption. + * + * SAST/CBOM Notes: + * - Algorithm: AES/GCM/NoPadding with a 256-bit key. + * - Parent Classification: AEAD (Authenticated Encryption with Associated + * Data). + * - SAST: Considered safe when properly implemented (uses IV and tag). + */ + public void simpleAESEncryption() throws Exception { + KeyGenerator keyGen = KeyGenerator.getInstance("AES"); + keyGen.init(256); // 256-bit AES key. + SecretKey key = keyGen.generateKey(); + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + byte[] iv = new byte[12]; // 12-byte IV recommended for GCM. + new SecureRandom().nextBytes(iv); + GCMParameterSpec gcmSpec = new GCMParameterSpec(128, iv); // 128-bit authentication tag. + cipher.init(Cipher.ENCRYPT_MODE, key, gcmSpec); + byte[] encryptedData = cipher.doFinal("Sensitive Data".getBytes()); + System.out.println("AES-GCM Encrypted Data: " + Base64.getEncoder().encodeToString(encryptedData)); + } + + /** + * Insecure AES encryption using ECB mode. + * + * SAST/CBOM Notes: + * - Algorithm: AES/ECB/NoPadding with a 256-bit key. + * - Parent Classification: SymmetricEncryption (ECB mode is inherently + * insecure). + * - SAST: Flagged as vulnerable; ECB mode does not use an IV and reveals data + * patterns. + */ + public void insecureAESWithECB() throws Exception { + KeyGenerator keyGen = KeyGenerator.getInstance("AES"); + keyGen.init(256); // 256-bit AES key. + SecretKey key = keyGen.generateKey(); + // AES/ECB mode is insecure due to the deterministic nature of the block cipher + // without an IV. + Cipher cipher = Cipher.getInstance("AES/ECB/NoPadding"); + cipher.init(Cipher.ENCRYPT_MODE, key); + byte[] encryptedData = cipher.doFinal("Sensitive Data".getBytes()); + System.out.println("AES-ECB Encrypted Data (Insecure): " + Base64.getEncoder().encodeToString(encryptedData)); + } + + /** + * RSA encryption using OAEP with SHA-256 and MGF1 padding. + * + * SAST/CBOM Notes: + * - Algorithm: RSA/ECB/OAEPWithSHA-256AndMGF1Padding. + * - Parent Classification: Hybrid Cryptosystem. RSA-OAEP is commonly used in + * hybrid schemes. + * - SAST: Secure for encrypting small payloads or for key encapsulation; + * caution when encrypting large data. + */ + public void rsaOaepEncryption(PublicKey publicKey, String data) throws Exception { + Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding"); + cipher.init(Cipher.ENCRYPT_MODE, publicKey); + byte[] encryptedData = cipher.doFinal(data.getBytes()); + System.out.println("RSA-OAEP Encrypted Data: " + Base64.getEncoder().encodeToString(encryptedData)); + } + + /** + * RSA decryption using OAEP with SHA-256 and MGF1 padding. + * + * SAST/CBOM Notes: + * - Algorithm: RSA/ECB/OAEPWithSHA-256AndMGF1Padding. + * - Parent Classification: Hybrid Cryptosystem. + * - SAST: Secure when used with the correct corresponding private key. + */ + public void rsaOaepDecryption(PrivateKey privateKey, byte[] encryptedData) throws Exception { + Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding"); + cipher.init(Cipher.DECRYPT_MODE, privateKey); + byte[] decryptedData = cipher.doFinal(encryptedData); + System.out.println("Decrypted RSA-OAEP Data: " + new String(decryptedData)); + } + + /** + * RSA-KEM encryption: encapsulates an AES key using RSA-OAEP. + * + * SAST/CBOM Notes: + * - Algorithm: RSA-OAEP used as a Key Encapsulation Mechanism (KEM) for an AES + * key. + * - Parent Classification: RSA-OAEP based KEM. + * - SAST: Recognized as a secure key encapsulation pattern; used as part of + * hybrid encryption schemes. + */ + public void rsaKemEncryption(PublicKey rsaPublicKey) throws Exception { + KeyGenerator keyGen = KeyGenerator.getInstance("AES"); + keyGen.init(256); // 256-bit AES key. + SecretKey aesKey = keyGen.generateKey(); + + Cipher rsaCipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding"); + rsaCipher.init(Cipher.ENCRYPT_MODE, rsaPublicKey); + byte[] encryptedAesKey = rsaCipher.doFinal(aesKey.getEncoded()); + + System.out.println("RSA-KEM Encrypted AES Key: " + Base64.getEncoder().encodeToString(encryptedAesKey)); + } + + /** + * Hybrid encryption: combines RSA-OAEP for key encapsulation with AES-GCM for + * data encryption. + * + * SAST/CBOM Notes: + * - Algorithms: RSA-OAEP (for encrypting the AES key) and AES-GCM (for + * encrypting the data). + * - Parent Classification: Hybrid Cryptosystem (RSA-OAEP + AES-GCM). + * - SAST: This pattern is considered secure when implemented correctly; + * recommended for large data encryption. + */ + public void hybridEncryption(PublicKey rsaPublicKey, String data) throws Exception { + // Generate a 256-bit AES key for symmetric encryption. + KeyGenerator keyGen = KeyGenerator.getInstance("AES"); + keyGen.init(256); + SecretKey aesKey = keyGen.generateKey(); + + // Encrypt the AES key using RSA-OAEP. + Cipher rsaCipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding"); + rsaCipher.init(Cipher.ENCRYPT_MODE, rsaPublicKey); + byte[] encryptedAesKey = rsaCipher.doFinal(aesKey.getEncoded()); + + // Encrypt the actual data using AES-GCM. + Cipher aesCipher = Cipher.getInstance("AES/GCM/NoPadding"); + byte[] iv = new byte[12]; // 12-byte IV recommended for GCM. + new SecureRandom().nextBytes(iv); + GCMParameterSpec gcmSpec = new GCMParameterSpec(128, iv); + aesCipher.init(Cipher.ENCRYPT_MODE, aesKey, gcmSpec); + byte[] encryptedData = aesCipher.doFinal(data.getBytes()); + + System.out.println( + "Hybrid Encryption - Encrypted AES Key: " + Base64.getEncoder().encodeToString(encryptedAesKey)); + System.out.println("Hybrid Encryption - Encrypted Data: " + Base64.getEncoder().encodeToString(encryptedData)); + } +} diff --git a/java/ql/test/experimental/library-tests/quantum/jca/Encryption2.java b/java/ql/test/experimental/library-tests/quantum/jca/Encryption2.java new file mode 100644 index 00000000000..edcfa030204 --- /dev/null +++ b/java/ql/test/experimental/library-tests/quantum/jca/Encryption2.java @@ -0,0 +1,179 @@ +package com.example.crypto.algorithms; + +//import org.bouncycastle.jce.provider.BouncyCastleProvider; +import java.security.*; +import java.security.spec.ECGenParameterSpec; +import java.util.Arrays; +import java.util.Base64; +import javax.crypto.Cipher; +import javax.crypto.KeyAgreement; +import javax.crypto.Mac; +import javax.crypto.SecretKey; +import javax.crypto.spec.GCMParameterSpec; +import javax.crypto.spec.SecretKeySpec; + +/** + * This class demonstrates encryption schemes using elliptic-curve + * Diffie-Hellman (ECDH) and hybrid encryption methods, including a post-quantum + * hybrid scheme. + * + * SAST/CBOM Classification: + * + * 1. EC Key Generation & ECDH Key Agreement: - Parent Classification: + * Asymmetric Key Generation / Key Agreement. - SAST: Secure when using + * established curves (secp256r1) and reputable providers (BouncyCastle). + * + * 2. ECDH Hybrid Encryption: - Parent Classification: Hybrid Cryptosystem (ECDH + * + AEAD). - SAST: Uses ECDH for key agreement and AES/GCM for encryption. + * However, the derivation of an AES key by applying a single SHA-256 hash to + * the shared secret may be flagged as a weak key derivation method. A dedicated + * KDF (e.g., HKDF) is recommended. + * + * 3. Post-Quantum Hybrid Encryption: - Parent Classification: Hybrid + * Cryptosystem (Classical ECDH + Post-Quantum Secret + KDF + AEAD). - SAST: + * Combining classical and post-quantum components is advanced and secure if + * implemented properly. The custom HKDF expand function provided here is + * simplistic and may be flagged in a CBOM analysis; a standard HKDF library + * should be used in production. + */ +public class Encryption2 { + + // static { + // Security.addProvider(new BouncyCastleProvider()); + // } + /** + * Generates an Elliptic Curve (EC) key pair using the secp256r1 curve. + * + * SAST/CBOM Notes: - Algorithm: EC key pair generation. - Parent + * Classification: Asymmetric Key Generation. - SAST: Considered secure when + * using strong randomness and a reputable provider. + * + * @return an EC KeyPair. + */ + public KeyPair generateECKeyPair() throws Exception { + KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "BC"); + keyPairGenerator.initialize(new ECGenParameterSpec("secp256r1"), new SecureRandom()); + return keyPairGenerator.generateKeyPair(); + } + + /** + * Derives a shared secret using Elliptic Curve Diffie-Hellman (ECDH). + * + * SAST/CBOM Notes: - Algorithm: ECDH key agreement. - Parent + * Classification: Asymmetric Key Agreement. - SAST: Secure when both + * parties use strong EC keys and proper randomness. + * + * @param privateKey the private key of one party. + * @param publicKey the public key of the other party. + * @return the derived shared secret as a byte array. + */ + public byte[] deriveSharedSecret(PrivateKey privateKey, PublicKey publicKey) throws Exception { + KeyAgreement keyAgreement = KeyAgreement.getInstance("ECDH", "BC"); + keyAgreement.init(privateKey); + keyAgreement.doPhase(publicKey, true); + return keyAgreement.generateSecret(); + } + + /** + * Performs hybrid encryption using ECDH to derive a shared secret, then + * derives an AES key by hashing the shared secret with SHA-256, and finally + * encrypts the data with AES-GCM. + * + * SAST/CBOM Notes: - Parent Classification: Hybrid Cryptosystem (ECDH + + * AES-GCM). - SAST: While ECDH and AES-GCM are secure, the key derivation + * method here (a single SHA-256 hash) is not as robust as using a dedicated + * KDF. This approach may be flagged and is recommended for improvement. + * + * @param recipientPublicKey the recipient's public EC key. + * @param data the plaintext data to encrypt. + */ + public void ecdhHybridEncryption(PublicKey recipientPublicKey, String data) throws Exception { + // Generate an ephemeral EC key pair for the sender. + KeyPair senderKeyPair = generateECKeyPair(); + // Derive the shared secret using ECDH. + byte[] sharedSecret = deriveSharedSecret(senderKeyPair.getPrivate(), recipientPublicKey); + + // Derive an AES key by hashing the shared secret with SHA-256. + // SAST Note: Using a direct hash for key derivation is simplistic and may be + // flagged. + MessageDigest sha256 = MessageDigest.getInstance("SHA-256"); + byte[] aesKeyBytes = sha256.digest(sharedSecret); + // Use the first 16 bytes (128 bits) as the AES key. + SecretKey aesKey = new SecretKeySpec(aesKeyBytes, 0, 16, "AES"); + + // Encrypt the data using AES-GCM. + Cipher aesCipher = Cipher.getInstance("AES/GCM/NoPadding"); + byte[] iv = new byte[12]; // 12-byte IV recommended for GCM. + new SecureRandom().nextBytes(iv); + GCMParameterSpec gcmSpec = new GCMParameterSpec(128, iv); // 128-bit authentication tag. + aesCipher.init(Cipher.ENCRYPT_MODE, aesKey, gcmSpec); + byte[] encryptedData = aesCipher.doFinal(data.getBytes()); + + System.out.println( + "ECDH Hybrid Encryption - Encrypted Data: " + Base64.getEncoder().encodeToString(encryptedData)); + } + + /** + * Performs post-quantum hybrid encryption by combining a classical + * ECDH-derived secret with a post-quantum shared secret. The two secrets + * are combined using a custom HKDF expansion, and the derived key is used + * to encrypt data with AES-GCM. + * + * SAST/CBOM Notes: - Parent Classification: Hybrid Cryptosystem (Classical + * ECDH + Post-Quantum Secret + KDF + AES-GCM). - SAST: The combination of + * classical and post-quantum secrets is a modern approach. However, the + * custom HKDF expand function is simplistic and may be flagged as insecure. + * Use a standard HKDF implementation in production. + * + * @param ecPublicKey the recipient's EC public key. + * @param pqSharedSecret the post-quantum shared secret from a separate + * algorithm. + */ + public void postQuantumHybridEncryption(PublicKey ecPublicKey, byte[] pqSharedSecret) throws Exception { + // Step 1: Perform classical ECDH key agreement to derive a shared secret. + byte[] ecdhSharedSecret = deriveSharedSecret(generateECKeyPair().getPrivate(), ecPublicKey); + + // Step 2: Combine the ECDH secret and the post-quantum secret using a + // simplified HKDF expansion. + // SAST Note: This custom HKDF implementation is minimal and does not follow the + // full HKDF spec. + byte[] combinedSecret = hkdfExpand(ecdhSharedSecret, pqSharedSecret, 32); + // Use the first 16 bytes as the AES key (128-bit key). + SecretKey aesKey = new SecretKeySpec(combinedSecret, 0, 16, "AES"); + + // Step 3: Encrypt the data using AES-GCM. + Cipher aesCipher = Cipher.getInstance("AES/GCM/NoPadding"); + byte[] iv = new byte[12]; // 12-byte IV recommended for GCM. + new SecureRandom().nextBytes(iv); + GCMParameterSpec gcmSpec = new GCMParameterSpec(128, iv); + aesCipher.init(Cipher.ENCRYPT_MODE, aesKey, gcmSpec); + byte[] encryptedData = aesCipher.doFinal("Post-Quantum Hybrid Encryption Data".getBytes()); + + System.out.println("Post-Quantum Hybrid Encryption - Encrypted Data: " + + Base64.getEncoder().encodeToString(encryptedData)); + } + + /** + * A simplified HKDF expansion function that uses HMAC-SHA256 to derive a + * key of a desired length. + * + * SAST/CBOM Notes: - Parent Classification: Key Derivation Function (KDF). + * - SAST: Custom KDF implementations are risky if not thoroughly vetted. + * This simple HKDF expand function lacks the full HKDF mechanism (e.g., + * multiple iterations, info, and context parameters) and may be flagged. It + * is recommended to use a standardized HKDF library. + * + * @param inputKey the input key material. + * @param salt a salt value (here, the post-quantum shared secret is used as + * the salt). + * @param length the desired length of the derived key. + * @return a derived key of the specified length. + */ + private byte[] hkdfExpand(byte[] inputKey, byte[] salt, int length) throws Exception { + Mac hmac = Mac.getInstance("HmacSHA256"); + SecretKey secretKey = new SecretKeySpec(salt, "HmacSHA256"); + hmac.init(secretKey); + byte[] extractedKey = hmac.doFinal(inputKey); + return Arrays.copyOf(extractedKey, length); + } +} diff --git a/java/ql/test/experimental/library-tests/quantum/jca/Hash.java b/java/ql/test/experimental/library-tests/quantum/jca/Hash.java new file mode 100644 index 00000000000..d4e6985eac6 --- /dev/null +++ b/java/ql/test/experimental/library-tests/quantum/jca/Hash.java @@ -0,0 +1,313 @@ +package com.example.crypto.algorithms; + +// import org.bouncycastle.crypto.digests.SHA3Digest; +// import org.bouncycastle.crypto.digests.Blake2bDigest; +// import org.bouncycastle.jce.provider.BouncyCastleProvider; +import java.io.FileInputStream; +import java.io.IOException; +import java.security.*; +import java.util.Base64; +import java.util.Properties; +import javax.crypto.Mac; +import javax.crypto.SecretKey; +import javax.crypto.SecretKeyFactory; +import javax.crypto.spec.SecretKeySpec; +import javax.crypto.spec.PBEKeySpec; + +/** + * This class demonstrates various hashing, HMAC, and password hashing + * techniques. + * + * SAST/CBOM Classification Notes: + * + * 1. simpleSHA256Hash: - Parent Classification: Cryptographic Hash Function. - + * SAST: Uses SHA-256, which is widely regarded as secure. + * + * 2. insecureMD5Hash: - Parent Classification: Cryptographic Hash Function. - + * SAST: MD5 is cryptographically broken and should be flagged as insecure. + * + * 3. hashWithBouncyCastleSHA3: - Parent Classification: Cryptographic Hash + * Function (SHA3). - SAST: Uses SHA3-256 from BouncyCastle; considered secure. + * + * 4. hashWithBouncyCastleBlake2b: - Parent Classification: Cryptographic Hash + * Function (BLAKE2). - SAST: Uses BLAKE2b-512; considered secure if used + * correctly. + * + * 5. hashAndSign & verifyHashSignature: - Parent Classification: Digital + * Signature (RSA-based). - SAST: Uses SHA256withRSA for signing and + * verification; secure if key management is proper. + * + * 6. hashForDataIntegrityCheck: - Parent Classification: Data Integrity Check. + * - SAST: Uses SHA-256 to verify integrity; considered secure. + * + * 7. hashWithVariousAlgorithms: - Parent Classification: Cryptographic Hash + * Function. - SAST: Iterates through multiple algorithms; insecure algorithms + * (MD5, SHA-1) may be flagged. + * + * 8. hmacWithVariousAlgorithms: - Parent Classification: Message Authentication + * Code (MAC). - SAST: Iterates through various HMAC algorithms; HmacSHA1 is + * considered weaker than SHA256 and above. + * + * 9. hashForPasswordStorage: - Parent Classification: Password-Based Key + * Derivation Function (PBKDF). - SAST: Uses PBKDF2WithHmacSHA256 with salt and + * iteration count; considered secure, though iteration counts should be + * reviewed against current standards. + * + * 10. hashFromUnknownConfig: - Parent Classification: Dynamic Cryptographic + * Hash Function. - SAST: Loading the hash algorithm from an external + * configuration introduces risk of misconfiguration. + * + * 11. insecureHashBasedRNG: - Parent Classification: Pseudo-Random Number + * Generator (PRNG) using hash. - SAST: Uses a fixed seed with various hash + * algorithms; flagged as insecure due to predictability. + */ +public class Hash { + + // static { + // Security.addProvider(new BouncyCastleProvider()); + // } + /** + * Computes a SHA-256 hash of static test data. + * + * CBOM/SAST Classification: - Uses SHA-256: Classified as secure. + */ + public void simpleSHA256Hash() throws Exception { + MessageDigest digest = MessageDigest.getInstance("SHA-256"); + byte[] hash = digest.digest("Simple Test Data".getBytes()); + System.out.println("SHA-256 Hash: " + Base64.getEncoder().encodeToString(hash)); + } + + /** + * Computes an MD5 hash of static data. + * + * CBOM/SAST Classification: - Uses MD5: Classified as insecure. - SAST: MD5 + * is deprecated for cryptographic purposes due to collision + * vulnerabilities. + */ + public void insecureMD5Hash() throws Exception { + MessageDigest md5Digest = MessageDigest.getInstance("MD5"); + byte[] hash = md5Digest.digest("Weak Hash Example".getBytes()); + System.out.println("MD5 Hash (Insecure): " + Base64.getEncoder().encodeToString(hash)); + } + + // /** + // * Computes a SHA3-256 hash using BouncyCastle's SHA3Digest. + // * + // * CBOM/SAST Classification: + // * - Uses SHA3-256: Classified as secure. + // * - SAST: BouncyCastle's implementation is considered reliable. + // */ + // public void hashWithBouncyCastleSHA3(String input) { + // SHA3Digest digest = new SHA3Digest(256); + // byte[] inputBytes = input.getBytes(); + // digest.update(inputBytes, 0, inputBytes.length); + // byte[] hash = new byte[digest.getDigestSize()]; + // digest.doFinal(hash, 0); + // System.out.println("SHA3-256 (BC) Hash: " + Base64.getEncoder().encodeToString(hash)); + // } + // /** + // * Computes a BLAKE2b-512 hash using BouncyCastle's Blake2bDigest. + // * + // * CBOM/SAST Classification: + // * - Uses BLAKE2b-512: Classified as secure. + // * - SAST: BLAKE2b is modern and fast, considered secure when used correctly. + // */ + // public void hashWithBouncyCastleBlake2b(String input) { + // Blake2bDigest digest = new Blake2bDigest(512); + // byte[] inputBytes = input.getBytes(); + // digest.update(inputBytes, 0, inputBytes.length); + // byte[] hash = new byte[digest.getDigestSize()]; + // digest.doFinal(hash, 0); + // System.out.println("BLAKE2b-512 (BC) Hash: " + Base64.getEncoder().encodeToString(hash)); + // } + /** + * Signs the hash of the input using SHA256withRSA. + * + * CBOM/SAST Classification: - Digital Signature (RSA): Classified as secure + * if keys are managed correctly. - SAST: The combination of SHA256 and RSA + * is a standard and secure pattern. + * + * @param input The input data to be signed. + * @param privateKey The RSA private key used for signing. + */ + public void hashAndSign(String input, PrivateKey privateKey) throws Exception { + Signature signature = Signature.getInstance("SHA256withRSA"); + signature.initSign(privateKey); + signature.update(input.getBytes()); + byte[] signedData = signature.sign(); + System.out.println("Signed Hash: " + Base64.getEncoder().encodeToString(signedData)); + } + + /** + * Verifies the signature of the input data. + * + * CBOM/SAST Classification: - Digital Signature Verification: Classified as + * secure when using SHA256withRSA. - SAST: Should correctly verify that the + * signed hash matches the input. + * + * @param input The original input data. + * @param signedHash The signed hash to verify. + * @param publicKey The RSA public key corresponding to the private key that + * signed the data. + * @return true if the signature is valid, false otherwise. + */ + public boolean verifyHashSignature(String input, byte[] signedHash, PublicKey publicKey) throws Exception { + Signature signature = Signature.getInstance("SHA256withRSA"); + signature.initVerify(publicKey); + signature.update(input.getBytes()); + return signature.verify(signedHash); + } + + /** + * Computes a SHA-256 hash for data integrity checking and compares it with + * an expected hash. + * + * CBOM/SAST Classification: - Data Integrity: Uses SHA-256 for integrity + * checks, which is secure. - SAST: A correct implementation for verifying + * data has not been tampered with. + * + * @param data The input data. + * @param expectedHash The expected Base64-encoded hash. + */ + public void hashForDataIntegrityCheck(String data, String expectedHash) throws Exception { + MessageDigest digest = MessageDigest.getInstance("SHA-256"); + byte[] hash = digest.digest(data.getBytes()); + String computedHash = Base64.getEncoder().encodeToString(hash); + System.out.println("Computed Hash: " + computedHash); + System.out.println("Validation: " + (computedHash.equals(expectedHash) ? "Pass" : "Fail")); + } + + /** + * Computes hashes of the input data using various algorithms. + * + * CBOM/SAST Classification: - Cryptographic Hash Functions: Iterates + * through multiple hash functions. - SAST: While many are secure (e.g., + * SHA-256, SHA-512, SHA3), MD5 and SHA-1 are insecure and should be flagged + * if used in security-critical contexts. + * + * @param input The input data to hash. + */ + public void hashWithVariousAlgorithms(String input) throws Exception { + String[] algorithms = {"SHA-1", "SHA-224", "SHA-256", "SHA-384", "SHA-512", "SHA3-256", "SHA3-512", + "BLAKE2B-512", "BLAKE2S-256", "MD5"}; + for (String algorithm : algorithms) { + MessageDigest digest = MessageDigest.getInstance(algorithm); + byte[] hash = digest.digest(input.getBytes()); + System.out.println(algorithm + " Hash: " + Base64.getEncoder().encodeToString(hash)); + } + } + + /** + * Computes HMACs of the input data using various algorithms. + * + * CBOM/SAST Classification: - Message Authentication Code (MAC): Iterates + * through different HMAC algorithms. - SAST: HmacSHA256, HmacSHA384, + * HmacSHA512, HmacSHA3-256, and HmacSHA3-512 are secure; HmacSHA1 is + * considered less secure and may be flagged. + * + * @param input The input data. + * @param key The secret key used for HMAC computation. + */ + public void hmacWithVariousAlgorithms(String input, byte[] key) throws Exception { + String[] algorithms = {"HmacSHA1", "HmacSHA256", "HmacSHA384", "HmacSHA512", "HmacSHA3-256", "HmacSHA3-512"}; + for (String algorithm : algorithms) { + Mac mac = Mac.getInstance(algorithm); + SecretKey secretKey = new SecretKeySpec(key, algorithm); + mac.init(secretKey); + byte[] hmac = mac.doFinal(input.getBytes()); + System.out.println(algorithm + " HMAC: " + Base64.getEncoder().encodeToString(hmac)); + } + } + + /** + * Computes a PBKDF2 hash for password storage. + * + * CBOM/SAST Classification: - Password-Based Key Derivation Function + * (PBKDF): Uses PBKDF2WithHmacSHA256. - SAST: Considered secure when using + * a strong salt and an appropriate iteration count. Note: The iteration + * count (10000) should be reviewed against current security standards. + * + * @param password The password to hash. + */ + public void hashForPasswordStorage(String password) throws Exception { + byte[] salt = generateSecureSalt(16); + // 10,000 iterations and a 256-bit derived key. + PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, 10000, 256); + SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256"); + byte[] hash = factory.generateSecret(spec).getEncoded(); + System.out.println("PBKDF2 Hash: " + Base64.getEncoder().encodeToString(hash)); + } + + /** + * Dynamically loads a hash algorithm from configuration and computes a + * hash. + * + * CBOM/SAST Classification: - Dynamic Cryptographic Hash Selection: + * Algorithm is loaded from a config file. - SAST: May be flagged as risky + * because an insecure or unintended algorithm might be chosen. + */ + public void hashFromUnknownConfig() throws Exception { + String algorithm = loadHashAlgorithmFromConfig("config.properties"); + MessageDigest digest = MessageDigest.getInstance(algorithm); + byte[] hash = digest.digest("Config-based Hashing".getBytes()); + System.out.println("Dynamically Loaded Hash Algorithm (" + algorithm + "): " + + Base64.getEncoder().encodeToString(hash)); + } + + /** + * Demonstrates an insecure method for generating pseudo-random bytes by + * using a fixed seed with hash algorithms. + * + * CBOM/SAST Classification: - Insecure RNG: Uses a fixed seed with various + * hash algorithms. - SAST: This approach is insecure because it produces + * predictable output and should be flagged. + */ + public void insecureHashBasedRNG() throws Exception { + String[] algorithms = {"SHA-256", "SHA-512", "SHA3-256", "SHA3-512"}; + for (String algorithm : algorithms) { + MessageDigest digest = MessageDigest.getInstance(algorithm); + byte[] seed = "fixed-seed".getBytes(); // Fixed seed: insecure and predictable. + digest.update(seed); + byte[] pseudoRandomBytes = digest.digest(); + System.out.println("Insecure RNG using " + algorithm + ": " + + Base64.getEncoder().encodeToString(pseudoRandomBytes)); + } + } + + /** + * Loads the hash algorithm from an external configuration file. + * + * CBOM/SAST Classification: - Dynamic Configuration: External config + * loading. - SAST: The use of external configuration may introduce risks if + * the config file is compromised. + * + * @param configPath Path to the configuration file. + * @return The hash algorithm to be used (default is SHA-256). + */ + private String loadHashAlgorithmFromConfig(String configPath) { + Properties properties = new Properties(); + try (FileInputStream fis = new FileInputStream(configPath)) { + properties.load(fis); + } catch (IOException e) { + e.printStackTrace(); + } + return properties.getProperty("hash.algorithm", "SHA-256"); + } + + /** + * Generates a secure salt using a cryptographically strong random number + * generator. + * + * CBOM/SAST Classification: - Secure Salt Generation: Uses SecureRandom. - + * SAST: This is a best-practice approach for generating salts for password + * hashing. + * + * @param length The desired salt length. + * @return A byte array representing the salt. + */ + private byte[] generateSecureSalt(int length) { + byte[] salt = new byte[length]; + new SecureRandom().nextBytes(salt); + return salt; + } +} diff --git a/java/ql/test/experimental/library-tests/quantum/jca/IVArtifact.java b/java/ql/test/experimental/library-tests/quantum/jca/IVArtifact.java new file mode 100644 index 00000000000..dfd94d82358 --- /dev/null +++ b/java/ql/test/experimental/library-tests/quantum/jca/IVArtifact.java @@ -0,0 +1,285 @@ +package com.example.crypto.artifacts; + +// import org.bouncycastle.jce.provider.BouncyCastleProvider; +import javax.crypto.Cipher; +import javax.crypto.KeyGenerator; +import javax.crypto.SecretKey; +import javax.crypto.spec.IvParameterSpec; +import javax.crypto.spec.GCMParameterSpec; +import java.security.*; +import java.util.Base64; +import java.util.random.*; +import java.util.Properties; +import java.util.Random; +import java.io.FileInputStream; +import java.io.IOException; +import java.util.Arrays; + +public class IVArtifact { + + // static { + // Security.addProvider(new BouncyCastleProvider()); // Ensure BouncyCastle is available + // } + /** + * Simple Case: Generates a secure IV and encrypts with + * AES/CBC/PKCS5Padding. + */ + public void simpleIVEncryption() throws Exception { + SecretKey key = generateAESKey(); + IvParameterSpec ivSpec = new IvParameterSpec(secureIV(16)); + Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); + cipher.init(Cipher.ENCRYPT_MODE, key, ivSpec); + byte[] ciphertext = cipher.doFinal("Simple Test Data".getBytes()); + } + + public void encryptWithIV(byte[] plaintext, SecretKey key, IvParameterSpec ivSpec, String cipherAlgorithm) + throws Exception { + Cipher cipher = Cipher.getInstance(cipherAlgorithm); + cipher.init(Cipher.ENCRYPT_MODE, key, ivSpec); + byte[] ciphertext = cipher.doFinal(plaintext); + } + + public void complexIVFlow() { + IvParameterSpec ivSpec = new IvParameterSpec(useSecureMethod() ? secureIV(16) : insecureIV(16)); + processIV(ivSpec); + + // Example dynamic cipher selection with IV usage + String cipherAlgorithm = loadCipherAlgorithm(); + try { + encryptWithIV("Sensitive Data".getBytes(), generateAESKey(), ivSpec, cipherAlgorithm); + } catch (Exception e) { + e.printStackTrace(); + } + } + + private boolean useSecureMethod() { + return System.currentTimeMillis() % 2 == 0; + } + + private void processIV(IvParameterSpec ivSpec) { + String ivBase64 = Base64.getEncoder().encodeToString(ivSpec.getIV()); + } + + private String loadCipherAlgorithm() { + Properties properties = new Properties(); + try { + properties.load(new FileInputStream("crypto-config.properties")); + } catch (IOException e) { + e.printStackTrace(); + } + return properties.getProperty("cipher.algorithm", "AES/CBC/PKCS5Padding"); + } + + private SecretKey generateAESKey() throws NoSuchAlgorithmException { + KeyGenerator keyGen = KeyGenerator.getInstance("AES"); + keyGen.init(256); + return keyGen.generateKey(); + } + + private byte[] secureIV(int length) { + byte[] iv = new byte[length]; + new SecureRandom().nextBytes(iv); + return iv; + } + + private byte[] insecureIV(int length) { + byte[] iv = new byte[length]; + new Random().nextBytes(iv); + return iv; + } + + // ------------------------------- + // 1. Direct Fixed IV Usage + // ------------------------------- + /** + * Encrypts plaintext using AES-GCM with a fixed IV (all zeros). This is an + * insecure practice as IV reuse in AES-GCM undermines confidentiality and + * integrity. + * + * @param key The AES key. + * @param plaintext The plaintext to encrypt. + * @return The ciphertext. + * @throws Exception if encryption fails. + */ + public byte[] encryptWithFixedIV(SecretKey key, byte[] plaintext) throws Exception { + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + byte[] fixedIV = new byte[12]; // 12-byte fixed IV (all zeros) + GCMParameterSpec spec = new GCMParameterSpec(128, fixedIV); + cipher.init(Cipher.ENCRYPT_MODE, key, spec); + return cipher.doFinal(plaintext); + } + + // ------------------------------- + // 2. Cached IV Usage + // ------------------------------- + // Cache an IV for reuse in multiple encryptions (insecure) + private byte[] cachedIV = null; + + /** + * Encrypts plaintext using AES-GCM with an IV cached from the first call. + * Reusing the same IV across multiple encryptions is insecure. + * + * @param key The AES key. + * @param plaintext The plaintext to encrypt. + * @return The ciphertext. + * @throws Exception if encryption fails. + */ + public byte[] encryptWithCachedIV(SecretKey key, byte[] plaintext) throws Exception { + if (cachedIV == null) { + cachedIV = new byte[12]; + new SecureRandom().nextBytes(cachedIV); + } + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + GCMParameterSpec spec = new GCMParameterSpec(128, cachedIV); + cipher.init(Cipher.ENCRYPT_MODE, key, spec); + return cipher.doFinal(plaintext); + } + + // ------------------------------- + // 3. Indirect IV Reuse via Deterministic Derivation + // ------------------------------- + /** + * Encrypts plaintext using AES-GCM with an IV derived deterministically + * from a constant. This method computes a SHA-256 hash of a constant string + * and uses the first 12 bytes as the IV. Such derived IVs are fixed and + * must not be reused. + * + * @param key The AES key. + * @param plaintext The plaintext to encrypt. + * @return The ciphertext. + * @throws Exception if encryption fails. + */ + public byte[] encryptWithDerivedIV(SecretKey key, byte[] plaintext) throws Exception { + MessageDigest digest = MessageDigest.getInstance("SHA-256"); + byte[] constantHash = digest.digest("fixedConstant".getBytes("UTF-8")); + byte[] derivedIV = Arrays.copyOf(constantHash, 12); // Deterministically derived IV + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + GCMParameterSpec spec = new GCMParameterSpec(128, derivedIV); + cipher.init(Cipher.ENCRYPT_MODE, key, spec); + return cipher.doFinal(plaintext); + } + + // ------------------------------- + // 4. Reusing a Single IV Across Multiple Messages + // ------------------------------- + /** + * Encrypts an array of plaintext messages using AES-GCM with the same IV + * for every message. Reusing an IV across messages is insecure in + * authenticated encryption schemes. + * + * @param key The AES key. + * @param plaintexts An array of plaintext messages. + * @return An array of ciphertexts. + * @throws Exception if encryption fails. + */ + public byte[][] encryptMultipleMessagesWithSameIV(SecretKey key, byte[][] plaintexts) throws Exception { + byte[] iv = new byte[12]; + new SecureRandom().nextBytes(iv); // Generate once and reuse + byte[][] ciphertexts = new byte[plaintexts.length][]; + for (int i = 0; i < plaintexts.length; i++) { + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + GCMParameterSpec spec = new GCMParameterSpec(128, iv); + cipher.init(Cipher.ENCRYPT_MODE, key, spec); + ciphertexts[i] = cipher.doFinal(plaintexts[i]); + } + return ciphertexts; + } + + /** + * Encrypts the given plaintext using AES-GCM with the provided key and IV. + * + * @param key The AES key. + * @param ivSpec The IV specification. + * @param plaintext The plaintext to encrypt. + * @return The ciphertext (IV is not prepended here for clarity). + * @throws Exception if encryption fails. + */ + public byte[] encrypt(SecretKey key, IvParameterSpec ivSpec, byte[] plaintext) throws Exception { + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + // Use 128-bit authentication tag length. + GCMParameterSpec spec = new GCMParameterSpec(128, ivSpec.getIV()); + cipher.init(Cipher.ENCRYPT_MODE, key, spec); + return cipher.doFinal(plaintext); + } + + /** + * Example 1: Reuses the same IvParameterSpec object across two encryption + * calls. + * + * @param key The AES key. + * @param plaintext The plaintext to encrypt. + * @return An array containing two ciphertexts generated with the same + * IvParameterSpec. + * @throws Exception if encryption fails. + */ + public byte[][] encryptUsingSameIvParameterSpec(SecretKey key, byte[] plaintext) throws Exception { + // Fixed IV (all zeros for demonstration purposes; insecure in production) + byte[] fixedIV = new byte[12]; + IvParameterSpec fixedIvSpec = new IvParameterSpec(fixedIV); + // Encrypt the plaintext twice using the same IvParameterSpec. + byte[] ciphertext1 = encrypt(key, fixedIvSpec, plaintext); + byte[] ciphertext2 = encrypt(key, fixedIvSpec, plaintext); + return new byte[][]{ciphertext1, ciphertext2}; + } + + /** + * Example 2: Creates two different IvParameterSpec objects that share the + * same underlying IV array. + * + * @param key The AES key. + * @param plaintext The plaintext to encrypt. + * @return An array containing two ciphertexts generated with two + * IvParameterSpec objects constructed from the same IV array. + * @throws Exception if encryption fails. + */ + public byte[][] encryptUsingDifferentIvSpecSameIVArray(SecretKey key, byte[] plaintext) throws Exception { + // Create a fixed IV array (all zeros for demonstration; insecure in production) + byte[] fixedIV = new byte[12]; + // Create two distinct IvParameterSpec objects from the same IV array reference. + IvParameterSpec ivSpec1 = new IvParameterSpec(fixedIV); + IvParameterSpec ivSpec2 = new IvParameterSpec(fixedIV); + // Encrypt the plaintext twice. + byte[] ciphertext1 = encrypt(key, ivSpec1, plaintext); + byte[] ciphertext2 = encrypt(key, ivSpec2, plaintext); + return new byte[][]{ciphertext1, ciphertext2}; + } + + // ------------------------------- + // Main Method for Demonstration + // ------------------------------- + public static void main(String[] args) { + try { + IVArtifact test = new IVArtifact(); + KeyGenerator kg = KeyGenerator.getInstance("AES"); + kg.init(256, new SecureRandom()); + SecretKey key = kg.generateKey(); + byte[] plaintext = "Sensitive Data".getBytes(); + + // Example 1: Fixed IV usage + byte[] fixedIVCipher1 = test.encryptWithFixedIV(key, plaintext); + byte[] fixedIVCipher2 = test.encryptWithFixedIV(key, plaintext); + System.out.println("Fixed IV Encryption 1: " + Base64.getEncoder().encodeToString(fixedIVCipher1)); + System.out.println("Fixed IV Encryption 2: " + Base64.getEncoder().encodeToString(fixedIVCipher2)); + + // Example 2: Cached IV usage + byte[] cachedIVCipher1 = test.encryptWithCachedIV(key, plaintext); + byte[] cachedIVCipher2 = test.encryptWithCachedIV(key, plaintext); + System.out.println("Cached IV Encryption 1: " + Base64.getEncoder().encodeToString(cachedIVCipher1)); + System.out.println("Cached IV Encryption 2: " + Base64.getEncoder().encodeToString(cachedIVCipher2)); + + // Example 3: Indirect IV (derived) + byte[] derivedIVCipher = test.encryptWithDerivedIV(key, plaintext); + System.out.println("Derived IV Encryption: " + Base64.getEncoder().encodeToString(derivedIVCipher)); + + // Example 4: Reusing the same IV across multiple messages + byte[][] messages = {"Message One".getBytes(), "Message Two".getBytes(), "Message Three".getBytes()}; + byte[][] multiCiphers = test.encryptMultipleMessagesWithSameIV(key, messages); + for (int i = 0; i < multiCiphers.length; i++) { + System.out.println("Multi-message Encryption " + (i + 1) + ": " + + Base64.getEncoder().encodeToString(multiCiphers[i])); + } + } catch (Exception e) { + e.printStackTrace(); + } + } +} diff --git a/java/ql/test/experimental/library-tests/quantum/jca/KeyAgreementHybridCryptosystem.java b/java/ql/test/experimental/library-tests/quantum/jca/KeyAgreementHybridCryptosystem.java new file mode 100644 index 00000000000..6f9bd06b4e7 --- /dev/null +++ b/java/ql/test/experimental/library-tests/quantum/jca/KeyAgreementHybridCryptosystem.java @@ -0,0 +1,272 @@ +package com.example.crypto.algorithms; + +// import org.bouncycastle.jce.provider.BouncyCastleProvider; +// import org.bouncycastle.pqc.jcajce.provider.BouncyCastlePQCProvider; +import java.security.*; +import java.security.spec.ECGenParameterSpec; +import java.util.Arrays; +import java.util.Base64; +import javax.crypto.Cipher; +import javax.crypto.KeyAgreement; +import javax.crypto.KeyGenerator; +import javax.crypto.Mac; +import javax.crypto.SecretKey; +import javax.crypto.SecretKeyFactory; +import javax.crypto.spec.GCMParameterSpec; +import javax.crypto.spec.IvParameterSpec; +import javax.crypto.spec.PBEKeySpec; +import javax.crypto.spec.SecretKeySpec; + +/** + * KeyAgreementHybridCryptosystem demonstrates two hybrid cryptosystems: + * + * 1. ECDH + AES-GCM: - Secure Flow: Uses ephemeral ECDH key pairs on secp256r1, + * applies a simple KDF (SHA-256) to derive a 128-bit AES key, and uses AES-GCM + * with a random 12-byte nonce. - Insecure Flow: Reuses a static key pair, uses + * raw shared secret truncation, and employs a fixed (zero) IV. + * + * 2. X25519 + ChaCha20-Poly1305: - Secure Flow: Uses ephemeral X25519 key + * pairs, applies a KDF (SHA-256) to derive a 256-bit key, and uses + * ChaCha20-Poly1305 with a random nonce. - Insecure Flow: Reuses a static key + * pair, directly truncates the shared secret without a proper KDF, and uses a + * fixed nonce. + * + * SAST/CBOM Notes: - Secure flows use proper ephemeral key generation, a simple + * KDF, and random nonces. - Insecure flows use static keys, fixed nonces, and + * raw shared secret truncation. + */ +public class KeyAgreementHybridCryptosystem { + + // static { + // Security.addProvider(new BouncyCastleProvider()); + // Security.addProvider(new BouncyCastlePQCProvider()); + // } + // ---------- Helper Methods ---------- + /** + * Generates an ephemeral ECDH key pair on secp256r1. + */ + public KeyPair generateECDHKeyPair() throws Exception { + KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC", "BC"); + kpg.initialize(new ECGenParameterSpec("secp256r1"), new SecureRandom()); + return kpg.generateKeyPair(); + } + + /** + * Generates an ephemeral X25519 key pair. + */ + public KeyPair generateX25519KeyPair() throws Exception { + KeyPairGenerator kpg = KeyPairGenerator.getInstance("X25519", "BC"); + kpg.initialize(255, new SecureRandom()); + return kpg.generateKeyPair(); + } + + /** + * Derives a shared secret using the provided key agreement algorithm. + */ + public byte[] deriveSharedSecret(PrivateKey privateKey, PublicKey publicKey, String algorithm) throws Exception { + KeyAgreement ka = KeyAgreement.getInstance(algorithm, "BC"); + ka.init(privateKey); + ka.doPhase(publicKey, true); + return ka.generateSecret(); + } + + /** + * A simple KDF that hashes the input with SHA-256 and returns the first + * numBytes. + */ + public byte[] simpleKDF(byte[] input, int numBytes) throws Exception { + MessageDigest digest = MessageDigest.getInstance("SHA-256"); + byte[] hash = digest.digest(input); + return Arrays.copyOf(hash, numBytes); + } + + /** + * Concatenates two byte arrays. + */ + public byte[] concatenate(byte[] a, byte[] b) { + byte[] result = new byte[a.length + b.length]; + System.arraycopy(a, 0, result, 0, a.length); + System.arraycopy(b, 0, result, a.length, b.length); + return result; + } + + // =============================================== + // 1. ECDH + AES-GCM Flows + // =============================================== + /** + * Secure hybrid encryption using ECDH and AES-GCM. Uses ephemeral key + * pairs, applies a simple KDF to derive a 128-bit AES key, and uses AES-GCM + * with a random 12-byte nonce. + */ + public byte[] secureECDH_AESGCMEncryption(byte[] plaintext) throws Exception { + KeyPair aliceKP = generateECDHKeyPair(); + KeyPair bobKP = generateECDHKeyPair(); + byte[] aliceSecret = deriveSharedSecret(aliceKP.getPrivate(), bobKP.getPublic(), "ECDH"); + byte[] aesKeyBytes = simpleKDF(aliceSecret, 16); + SecretKey aesKey = new SecretKeySpec(aesKeyBytes, "AES"); + + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + byte[] iv = new byte[12]; + new SecureRandom().nextBytes(iv); + GCMParameterSpec spec = new GCMParameterSpec(128, iv); + cipher.init(Cipher.ENCRYPT_MODE, aesKey, spec); + byte[] ciphertext = cipher.doFinal(plaintext); + + return concatenate(iv, ciphertext); + } + + /** + * Insecure hybrid encryption using ECDH and AES-GCM. Reuses a static key + * pair, uses raw shared secret truncation without a proper KDF, and employs + * a fixed IV (all zeros). + */ + public byte[] insecureECDH_AESGCMEncryption(byte[] plaintext) throws Exception { + KeyPair staticKP = generateECDHKeyPair(); + byte[] sharedSecret = deriveSharedSecret(staticKP.getPrivate(), staticKP.getPublic(), "ECDH"); + byte[] aesKeyBytes = Arrays.copyOf(sharedSecret, 16); + SecretKey aesKey = new SecretKeySpec(aesKeyBytes, "AES"); + + byte[] fixedIV = new byte[12]; // fixed IV (all zeros) + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + GCMParameterSpec spec = new GCMParameterSpec(128, fixedIV); + cipher.init(Cipher.ENCRYPT_MODE, aesKey, spec); + byte[] ciphertext = cipher.doFinal(plaintext); + + return concatenate(fixedIV, ciphertext); + } + + // =============================================== + // 2. X25519 + ChaCha20-Poly1305 Flows + // =============================================== + /** + * Secure hybrid encryption using X25519 and ChaCha20-Poly1305. Uses + * ephemeral key pairs, applies a KDF (SHA-256) to derive a 256-bit key, and + * uses ChaCha20-Poly1305 with a random 12-byte nonce. + */ + public byte[] secureX25519_Chacha20Poly1305Encryption(byte[] plaintext) throws Exception { + KeyPair aliceKP = generateX25519KeyPair(); + KeyPair bobKP = generateX25519KeyPair(); + byte[] sharedSecret = deriveSharedSecret(aliceKP.getPrivate(), bobKP.getPublic(), "X25519"); + byte[] chachaKeyBytes = MessageDigest.getInstance("SHA-256").digest(sharedSecret); + SecretKey chachaKey = new SecretKeySpec(chachaKeyBytes, "ChaCha20"); + + Cipher cipher = Cipher.getInstance("ChaCha20-Poly1305", "BC"); + byte[] nonce = new byte[12]; + new SecureRandom().nextBytes(nonce); + cipher.init(Cipher.ENCRYPT_MODE, chachaKey, new IvParameterSpec(nonce)); + byte[] ciphertext = cipher.doFinal(plaintext); + + return concatenate(nonce, ciphertext); + } + + /** + * Insecure hybrid encryption using X25519 and ChaCha20-Poly1305. Reuses a + * static key pair, directly truncates the shared secret without a proper + * KDF, and employs a fixed nonce. + */ + public byte[] insecureX25519_Chacha20Poly1305Encryption(byte[] plaintext) throws Exception { + KeyPair staticKP = generateX25519KeyPair(); + byte[] sharedSecret = deriveSharedSecret(staticKP.getPrivate(), staticKP.getPublic(), "X25519"); + byte[] chachaKeyBytes = Arrays.copyOf(sharedSecret, 32); + SecretKey chachaKey = new SecretKeySpec(chachaKeyBytes, "ChaCha20"); + + byte[] fixedNonce = new byte[12]; // fixed nonce (all zeros) + Cipher cipher = Cipher.getInstance("ChaCha20-Poly1305", "BC"); + cipher.init(Cipher.ENCRYPT_MODE, chachaKey, new IvParameterSpec(fixedNonce)); + byte[] ciphertext = cipher.doFinal(plaintext); + + return concatenate(fixedNonce, ciphertext); + } + + // =============================================== + // 3. Dynamic Hybrid Selection + // =============================================== + /** + * Dynamically selects a hybrid encryption flow based on a configuration + * property. If the config is unknown, defaults to an insecure flow. + */ + public String dynamicHybridEncryption(String config, byte[] plaintext) throws Exception { + byte[] result; + if ("secureECDH".equalsIgnoreCase(config)) { + result = secureECDH_AESGCMEncryption(plaintext); + } else if ("insecureECDH".equalsIgnoreCase(config)) { + result = insecureECDH_AESGCMEncryption(plaintext); + } else if ("secureX25519".equalsIgnoreCase(config)) { + result = secureX25519_Chacha20Poly1305Encryption(plaintext); + } else if ("insecureX25519".equalsIgnoreCase(config)) { + result = insecureX25519_Chacha20Poly1305Encryption(plaintext); + } else { + // Fallback to insecure ECDH flow. + result = insecureECDH_AESGCMEncryption(plaintext); + } + return Base64.getEncoder().encodeToString(result); + } + + // =============================================== + // 4. Further Key Derivation from Symmetric Keys + // =============================================== + /** + * Derives two keys from a symmetric key using PBKDF2, then uses one key for + * AES-GCM encryption and the other for computing a MAC over the ciphertext. + */ + public byte[] furtherUseSymmetricKeyForKeyDerivation(SecretKey key, byte[] plaintext) throws Exception { + String keyAsString = Base64.getEncoder().encodeToString(key.getEncoded()); + byte[] salt = generateSalt(16); + PBEKeySpec spec = new PBEKeySpec(keyAsString.toCharArray(), salt, 10000, 256); + SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256"); + byte[] derived = factory.generateSecret(spec).getEncoded(); + byte[] encKeyBytes = Arrays.copyOfRange(derived, 0, 16); + byte[] macKeyBytes = Arrays.copyOfRange(derived, 16, 32); + SecretKey encryptionKey = new SecretKeySpec(encKeyBytes, "AES"); + SecretKey derivedMacKey = new SecretKeySpec(macKeyBytes, "HmacSHA256"); + + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + byte[] iv = new byte[12]; + new SecureRandom().nextBytes(iv); + GCMParameterSpec specGcm = new GCMParameterSpec(128, iv); + cipher.init(Cipher.ENCRYPT_MODE, encryptionKey, specGcm); + byte[] ciphertext = cipher.doFinal(plaintext); + + Mac mac = Mac.getInstance("HmacSHA256"); + mac.init(derivedMacKey); + byte[] computedMac = mac.doFinal(ciphertext); + + byte[] output = new byte[ciphertext.length + computedMac.length]; + System.arraycopy(ciphertext, 0, output, 0, ciphertext.length); + System.arraycopy(computedMac, 0, output, ciphertext.length, computedMac.length); + storeOutput(output); + return output; + } + + // =============================================== + // 5. Output/Storage Methods + // =============================================== + /** + * Stores the output securely. + */ + public void storeOutput(byte[] output) { + String stored = Base64.getEncoder().encodeToString(output); + // In production, this value would be stored or transmitted securely. + } + + // =============================================== + // 6. Helper Methods for Key/Nonce Generation + // =============================================== + /** + * Generates a secure 256-bit AES key. + */ + public SecretKey generateAESKey() throws Exception { + KeyGenerator kg = KeyGenerator.getInstance("AES"); + kg.init(256, new SecureRandom()); + return kg.generateKey(); + } + + /** + * Generates a random salt. + */ + private byte[] generateSalt(int length) { + byte[] salt = new byte[length]; + new SecureRandom().nextBytes(salt); + return salt; + } +} diff --git a/java/ql/test/experimental/library-tests/quantum/jca/KeyArtifact.java b/java/ql/test/experimental/library-tests/quantum/jca/KeyArtifact.java new file mode 100644 index 00000000000..4c80246050a --- /dev/null +++ b/java/ql/test/experimental/library-tests/quantum/jca/KeyArtifact.java @@ -0,0 +1,85 @@ +package com.example.crypto.artifacts; + +// import org.bouncycastle.jce.provider.BouncyCastleProvider; +import java.io.FileInputStream; +import java.security.*; +import java.security.spec.*; +import java.util.Properties; +import javax.crypto.KeyGenerator; +import javax.crypto.SecretKey; + +public class KeyArtifact { + + // static { + // Security.addProvider(new BouncyCastleProvider()); + // } + public void generateSymmetricKeys() throws NoSuchAlgorithmException { + // AES Key Generation (Default Provider) + KeyGenerator keyGen = KeyGenerator.getInstance("AES"); + keyGen.init(256); + SecretKey aesKeyJDK = keyGen.generateKey(); + + // AES Key Generation (BouncyCastle) + keyGen = KeyGenerator.getInstance("AES"); + keyGen.init(256); + SecretKey aesKeyBC = keyGen.generateKey(); + } + + public void generateAsymmetricKeys() throws NoSuchAlgorithmException { + // RSA Key Generation (JDK Default) + KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance("RSA"); + keyPairGen.initialize(2048); + KeyPair rsaPairJDK = keyPairGen.generateKeyPair(); + + // RSA Key Generation (BouncyCastle) + keyPairGen = KeyPairGenerator.getInstance("RSA"); + keyPairGen.initialize(2048); + KeyPair rsaPairBC = keyPairGen.generateKeyPair(); + + // EC Key Generation + keyPairGen = KeyPairGenerator.getInstance("EC"); + keyPairGen.initialize(256); + KeyPair ecPair = keyPairGen.generateKeyPair(); + } + + public void importExportRSAKeys(KeyPair keyPair) throws NoSuchAlgorithmException, InvalidKeySpecException { + // Export Public Key + byte[] pubKeyBytes = keyPair.getPublic().getEncoded(); + X509EncodedKeySpec pubKeySpec = new X509EncodedKeySpec(pubKeyBytes); + KeyFactory keyFactory = KeyFactory.getInstance("RSA"); + PublicKey importedPubKey = keyFactory.generatePublic(pubKeySpec); + + // Export Private Key + byte[] privKeyBytes = keyPair.getPrivate().getEncoded(); + PKCS8EncodedKeySpec privKeySpec = new PKCS8EncodedKeySpec(privKeyBytes); + PrivateKey importedPrivKey = keyFactory.generatePrivate(privKeySpec); + } + + public void dynamicAlgorithmSelection() throws Exception { + // Load algorithm from configuration + Properties properties = new Properties(); + properties.load(new FileInputStream("crypto-config.properties")); + String algorithm = properties.getProperty("key.algorithm", "AES"); + + KeyGenerator keyGen = KeyGenerator.getInstance(algorithm); + keyGen.init(256); + SecretKey dynamicKey = keyGen.generateKey(); + } + + public KeyPair generateKeyPair(String algorithm) throws NoSuchAlgorithmException { + // Wrapper for Key Generation + KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance(algorithm); + keyPairGen.initialize(2048); + return keyPairGen.generateKeyPair(); + } + + public void keySelectionFromArray() throws NoSuchAlgorithmException { + // Selecting Algorithm Dynamically from an Array + String[] algorithms = {"RSA", "EC", "Ed25519"}; + KeyPair[] keyPairs = new KeyPair[algorithms.length]; + + for (int i = 0; i < algorithms.length; i++) { + keyPairs[i] = generateKeyPair(algorithms[i]); + } + } +} diff --git a/java/ql/test/experimental/library-tests/quantum/jca/KeyDerivation1.java b/java/ql/test/experimental/library-tests/quantum/jca/KeyDerivation1.java new file mode 100644 index 00000000000..a97f02f18c1 --- /dev/null +++ b/java/ql/test/experimental/library-tests/quantum/jca/KeyDerivation1.java @@ -0,0 +1,368 @@ +package com.example.crypto.algorithms; + +// import org.bouncycastle.crypto.generators.Argon2BytesGenerator; +// import org.bouncycastle.crypto.params.Argon2Parameters; +// import org.bouncycastle.jce.provider.BouncyCastleProvider; +import java.io.FileInputStream; +import java.io.IOException; +import java.security.MessageDigest; +import java.security.SecureRandom; +import java.util.Arrays; +import java.util.Base64; +import java.util.Properties; +import javax.crypto.Mac; +import javax.crypto.SecretKey; +import javax.crypto.SecretKeyFactory; +import javax.crypto.spec.PBEKeySpec; +import javax.crypto.spec.SecretKeySpec; + +/** + * This class demonstrates multiple key derivation functions (KDFs) including + * PBKDF2, scrypt, Argon2, raw hash derivation, HKDF, and dynamic algorithm + * selection. + * + * SAST/CBOM Classification Notes: + * + * 1. PBKDF2 Examples: - Parent Classification: Password-Based Key Derivation + * Function (PBKDF). - SAST: * pbkdf2DerivationBasic: Uses PBKDF2WithHmacSHA256 + * with 10,000 iterations - acceptable if parameters meet current standards. * + * pbkdf2LowIteration: Uses only 10 iterations, flagged as insecure due to + * insufficient iteration count. * pbkdf2HighIteration: Uses 1,000,000 + * iterations - secure (though performance may be impacted). * pbkdf2HmacSHA1: + * Uses PBKDF2WithHmacSHA1 - flagged as weaker compared to SHA-256, though + * sometimes seen in legacy systems. * pbkdf2HmacSHA512: Uses + * PBKDF2WithHmacSHA512 - classified as secure. + * + * 2. Scrypt Examples: - Parent Classification: Memory-Hard Key Derivation + * Function. - SAST: * scryptWeak: Uses weak parameters (n=1024, r=1, p=1) - + * flagged as insecure. * scryptStrong: Uses stronger parameters (n=16384, r=8, + * p=1) - considered secure. + * + * 3. Argon2 Examples: - Parent Classification: Memory-Hard Key Derivation + * Function (Argon2id). - SAST: * argon2Derivation: Uses moderate memory and + * iterations - considered secure. * argon2HighMemory: Uses high memory (128MB) + * and more iterations - secure, though resource intensive. + * + * 4. Insecure Raw Hash Derivation: - Parent Classification: Raw Hash Usage for + * Key Derivation. - SAST: Using a single SHA-256 hash as a key and then using + * it with insecure AES/ECB mode is highly discouraged. + * + * 5. HKDF Examples: - Parent Classification: Key Derivation Function (HKDF). - + * SAST: The provided HKDF implementation is simplistic (single-block expansion) + * and may be flagged. + * + * 6. Multi-Step Hybrid Derivation: - Parent Classification: Composite KDF + * (PBKDF2 followed by HKDF). - SAST: Combining two KDFs is acceptable if done + * carefully; however, custom implementations should be reviewed. + * + * 7. Dynamic KDF Selection: - Parent Classification: Dynamic/Configurable Key + * Derivation. - SAST: Loading KDF parameters from configuration introduces + * ambiguity and risk if misconfigured. + */ +public class KeyDerivation1 { + + // static { + // Security.addProvider(new BouncyCastleProvider()); + // } + ////////////////////////////////////// + // 1. PBKDF2 EXAMPLES + ////////////////////////////////////// + + /** + * Basic PBKDF2 derivation using PBKDF2WithHmacSHA256. + * + * SAST/CBOM: + * - Parent: PBKDF2. + * - Uses 10,000 iterations with a 256-bit key; generally acceptable. + */ + public void pbkdf2DerivationBasic(String password) throws Exception { + byte[] salt = generateSalt(16); + PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, 10000, 256); + SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256"); + byte[] key = factory.generateSecret(spec).getEncoded(); + System.out.println("PBKDF2 (Basic) Key: " + Base64.getEncoder().encodeToString(key)); + } + + /** + * PBKDF2 derivation with a very low iteration count. + * + * SAST/CBOM: - Parent: PBKDF2. - Iteration count is only 10, which is far + * below acceptable security standards. - Flagged as insecure. + */ + public void pbkdf2LowIteration(String password) throws Exception { + byte[] salt = generateSalt(16); + PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, 10, 256); // Very low iteration count. + SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256"); + byte[] key = factory.generateSecret(spec).getEncoded(); + System.out.println("PBKDF2 (Low Iteration) Key (Insecure): " + Base64.getEncoder().encodeToString(key)); + } + + /** + * PBKDF2 derivation with a high iteration count. + * + * SAST/CBOM: - Parent: PBKDF2. - Uses 1,000,000 iterations; this is secure + * but may impact performance. + */ + public void pbkdf2HighIteration(String password) throws Exception { + byte[] salt = generateSalt(16); + PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, 1_000_000, 256); + SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256"); + byte[] key = factory.generateSecret(spec).getEncoded(); + System.out.println("PBKDF2 (High Iteration) Key: " + Base64.getEncoder().encodeToString(key)); + } + + /** + * PBKDF2 derivation using HmacSHA1. + * + * SAST/CBOM: - Parent: PBKDF2. - Uses HMAC-SHA1, which is considered weaker + * than SHA-256; may be acceptable only for legacy systems. + */ + public void pbkdf2HmacSHA1(String password) throws Exception { + byte[] salt = generateSalt(16); + PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, 80000, 256); + SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1"); + byte[] key = factory.generateSecret(spec).getEncoded(); + System.out.println("PBKDF2 (HmacSHA1) Key: " + Base64.getEncoder().encodeToString(key)); + } + + /** + * PBKDF2 derivation using HmacSHA512. + * + * SAST/CBOM: - Parent: PBKDF2. - Uses HMAC-SHA512 with 160,000 iterations; + * classified as secure. + */ + public void pbkdf2HmacSHA512(String password) throws Exception { + byte[] salt = generateSalt(16); + PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, 160000, 256); + SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA512"); + byte[] key = factory.generateSecret(spec).getEncoded(); + System.out.println("PBKDF2 (HmacSHA512) Key: " + Base64.getEncoder().encodeToString(key)); + } + + ////////////////////////////////////// + // 2. SCRYPT EXAMPLES + ////////////////////////////////////// + + /** + * Scrypt derivation with weak parameters. + * + * SAST/CBOM: + * - Parent: Scrypt. + * - Parameters (n=1024, r=1, p=1) are too weak and should be flagged as + * insecure. + */ + public void scryptWeak(String password) throws Exception { + byte[] salt = generateSalt(16); + // Weak parameters: low work factor. + PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, 1024, 128); + SecretKeyFactory factory = SecretKeyFactory.getInstance("SCRYPT"); + byte[] key = factory.generateSecret(spec).getEncoded(); + System.out.println("scrypt (Weak) Key: " + Base64.getEncoder().encodeToString(key)); + } + + /** + * Scrypt derivation with stronger parameters. + * + * SAST/CBOM: - Parent: Scrypt. - Parameters (n=16384, r=8, p=1) provide a + * secure work factor. + */ + public void scryptStrong(String password) throws Exception { + byte[] salt = generateSalt(16); + // Strong parameters for scrypt. + PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, 16384, 256); + SecretKeyFactory factory = SecretKeyFactory.getInstance("SCRYPT"); + byte[] key = factory.generateSecret(spec).getEncoded(); + System.out.println("scrypt (Strong) Key: " + Base64.getEncoder().encodeToString(key)); + } + + ////////////////////////////////////// + // 3. ARGON2 EXAMPLES + ////////////////////////////////////// + + // /** + // * Argon2 derivation using Argon2id with moderate memory and iterations. + // * + // * SAST/CBOM: + // * - Parent: Argon2 (Memory-Hard KDF). + // * - Parameters: memory=65536 KB, iterations=2, parallelism=2; considered + // * secure. + // */ + // public void argon2Derivation(String password) throws Exception { + // byte[] salt = generateSalt(16); + // Argon2Parameters.Builder builder = new Argon2Parameters.Builder(Argon2Parameters.ARGON2_id) + // .withSalt(salt) + // .withParallelism(2) + // .withMemoryAsKB(65536) + // .withIterations(2); + + // Argon2BytesGenerator gen = new Argon2BytesGenerator(); + // gen.init(builder.build()); + // byte[] hash = new byte[32]; + // gen.generateBytes(password.getBytes(), hash, 0, hash.length); + // System.out.println("Argon2 Key: " + Base64.getEncoder().encodeToString(hash)); + // } + + // /** + // * Argon2 derivation with high memory and more iterations. + // * + // * SAST/CBOM: + // * - Parent: Argon2. + // * - Uses high memory (131072 KB = 128MB) and 5 iterations; secure but resource + // * intensive. + // */ + // public void argon2HighMemory(String password) throws Exception { + // byte[] salt = generateSalt(16); + // Argon2Parameters.Builder builder = new Argon2Parameters.Builder(Argon2Parameters.ARGON2_id) + // .withSalt(salt) + // .withParallelism(4) + // .withMemoryAsKB(131072) // 128MB of memory. + // .withIterations(5); + + // Argon2BytesGenerator gen = new Argon2BytesGenerator(); + // gen.init(builder.build()); + // byte[] hash = new byte[64]; + // gen.generateBytes(password.getBytes(), hash, 0, hash.length); + // System.out.println("Argon2 (High Memory) Key: " + Base64.getEncoder().encodeToString(hash)); + // } + + ////////////////////////////////////// + // 4. INSECURE RAW HASH EXAMPLES + ////////////////////////////////////// + + /** + * Derives a key by directly hashing input with SHA-256 and uses it for + * encryption. + * + * SAST/CBOM: + * - Parent: Raw Hash-Based Key Derivation. + * - This approach is insecure since it uses a raw hash as a key and then uses + * AES in ECB mode, + * which is vulnerable to pattern analysis. + */ + public void insecureRawSHA256Derivation(String input) throws Exception { + MessageDigest digest = MessageDigest.getInstance("SHA-256"); + byte[] derivedKey = digest.digest(input.getBytes()); + System.out.println("Insecure Raw SHA-256 Key: " + Base64.getEncoder().encodeToString(derivedKey)); + + // Insecure usage: AES/ECB mode is used with a key derived from a raw hash. + SecretKey key = new SecretKeySpec(derivedKey, 0, 16, "AES"); + javax.crypto.Cipher cipher = javax.crypto.Cipher.getInstance("AES/ECB/NoPadding"); + cipher.init(javax.crypto.Cipher.ENCRYPT_MODE, key); + byte[] ciphertext = cipher.doFinal("SampleData16Bytes".getBytes()); + System.out.println("Insecurely Encrypted Data with Raw-SHA256 Key: " + + Base64.getEncoder().encodeToString(ciphertext)); + } + + ////////////////////////////////////// + // 5. HKDF EXAMPLES + ////////////////////////////////////// + + /** + * Derives a key using a simple HKDF expansion based on HMAC-SHA256. + * + * SAST/CBOM: + * - Parent: HKDF. + * - The implementation uses a single-block (simplistic) expansion and may be + * flagged. + * A full, standard HKDF implementation is recommended. + */ + public void hkdfDerivation(byte[] ikm) throws Exception { + byte[] salt = generateSalt(32); + byte[] derivedKey = hkdfExpand(ikm, salt, 32); + System.out.println("HKDF Derived Key: " + Base64.getEncoder().encodeToString(derivedKey)); + } + + /** + * Multi-step hybrid derivation: first using PBKDF2, then applying HKDF + * expansion. + * + * SAST/CBOM: - Parent: Composite KDF. - Combining PBKDF2 and HKDF is a + * non-standard approach and may be flagged; ensure that each step meets + * security requirements. + */ + public void multiStepHybridDerivation(String password, byte[] sharedSecret) throws Exception { + byte[] pbkdf2Key = derivePBKDF2Key(password); + byte[] finalKey = hkdfExpand(sharedSecret, pbkdf2Key, 32); + System.out.println("Multi-Step Hybrid Key: " + Base64.getEncoder().encodeToString(finalKey)); + } + + ////////////////////////////////////// + // 6. DYNAMIC ALGORITHM SELECTION (AMBIGUOUS CASE) + ////////////////////////////////////// + + /** + * Dynamically selects a KDF algorithm based on external configuration. + * + * SAST/CBOM: + * - Parent: Dynamic/Configurable Key Derivation. + * - Loading the algorithm and parameters from a config file introduces risk if + * the configuration is compromised + * or misconfigured. + */ + public void dynamicKDFSelection(String password, String configPath) throws Exception { + Properties props = new Properties(); + try (FileInputStream fis = new FileInputStream(configPath)) { + props.load(fis); + } catch (IOException e) { + e.printStackTrace(); + } + String kdfAlg = props.getProperty("kdf.alg", "PBKDF2WithHmacSHA256"); + int iterations = Integer.parseInt(props.getProperty("kdf.iterations", "10000")); + int keySize = Integer.parseInt(props.getProperty("kdf.keySize", "256")); + + byte[] salt = generateSalt(16); + PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, iterations, keySize); + SecretKeyFactory factory = SecretKeyFactory.getInstance(kdfAlg); + byte[] derived = factory.generateSecret(spec).getEncoded(); + System.out.println("Dynamically Selected KDF (" + kdfAlg + ") Key: " + + Base64.getEncoder().encodeToString(derived)); + } + + ////////////////////////////////////// + // HELPER METHODS + ////////////////////////////////////// + + /** + * Helper method to derive a PBKDF2 key with PBKDF2WithHmacSHA256. + * + * SAST/CBOM: + * - Parent: PBKDF2 helper. + */ + private byte[] derivePBKDF2Key(String password) throws Exception { + byte[] salt = generateSalt(16); + PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, 10000, 256); + SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256"); + return factory.generateSecret(spec).getEncoded(); + } + + /** + * A simplistic HKDF expansion function using HMAC-SHA256. + * + * SAST/CBOM: - Parent: HKDF. - Uses a single-block expansion + * ("hkdf-expansion") which is non-standard and may be flagged. + */ + private byte[] hkdfExpand(byte[] ikm, byte[] salt, int length) throws Exception { + Mac hmac = Mac.getInstance("HmacSHA256"); + SecretKey secretKey = new SecretKeySpec(salt, "HmacSHA256"); + hmac.init(secretKey); + byte[] prk = hmac.doFinal(ikm); // Extraction step. + + // Single-block expansion (non-standard; for full HKDF, multiple iterations may + // be necessary) + hmac.init(new SecretKeySpec(prk, "HmacSHA256")); + byte[] okm = hmac.doFinal("hkdf-expansion".getBytes()); + return Arrays.copyOf(okm, length); + } + + /** + * Generates a secure random salt of the specified length. + * + * SAST/CBOM: - Parent: Secure Random Salt Generation. - Uses SecureRandom; + * considered best practice. + */ + private byte[] generateSalt(int length) { + byte[] salt = new byte[length]; + new SecureRandom().nextBytes(salt); + return salt; + } +} diff --git a/java/ql/test/experimental/library-tests/quantum/jca/KeyEncapsulation.java b/java/ql/test/experimental/library-tests/quantum/jca/KeyEncapsulation.java new file mode 100644 index 00000000000..df787496d77 --- /dev/null +++ b/java/ql/test/experimental/library-tests/quantum/jca/KeyEncapsulation.java @@ -0,0 +1,229 @@ +package com.example.crypto.algorithms; + +// import org.bouncycastle.jce.provider.BouncyCastleProvider; +// import org.bouncycastle.pqc.jcajce.provider.BouncyCastlePQCProvider; +// import org.bouncycastle.pqc.jcajce.spec.KyberParameterSpec; +// import org.bouncycastle.util.Strings; +import java.security.*; +import java.security.spec.ECGenParameterSpec; +import java.util.Base64; +import javax.crypto.Cipher; +import javax.crypto.KeyAgreement; +import javax.crypto.KeyGenerator; +import javax.crypto.SecretKey; +import javax.crypto.spec.GCMParameterSpec; +import javax.crypto.spec.SecretKeySpec; + +/** + * Demonstrates various Key Encapsulation Mechanisms (KEMs), including: + * + * 1) RSA-KEM (emulated using RSA-OAEP for ephemeral key wrapping) - CBOM/SAST: + * Classified as a Hybrid Cryptosystem (public-key based key encapsulation). + * While RSA-OAEP is secure, using it to emulate KEM (without a standard scheme) + * may be flagged. + * + * 2) ECIES (Elliptic Curve Integrated Encryption Scheme) - CBOM/SAST: + * Classified as a Hybrid Cryptosystem (KEM+DEM) based on ECDH and AES. Note: + * Directly using the raw ECDH shared secret as key material is insecure in + * production. + * + * 3) Kyber (Post-Quantum KEM using BouncyCastle PQC) - CBOM/SAST: Classified as + * a Post-Quantum Key Encapsulation mechanism. This is modern and secure when + * using standardized parameters. + * + * 4) Basic ephemeral flows that mimic KEM logic using ephemeral ECDH. - + * CBOM/SAST: Classified as a simple KEM mimic based on ephemeral ECDH. + */ +public class KeyEncapsulation { + + // static { + // // Adding both classical and PQC providers. + // Security.addProvider(new BouncyCastleProvider()); + // Security.addProvider(new BouncyCastlePQCProvider()); + // } + ////////////////////////////////////// + // 1. RSA-KEM-Like Flow + ////////////////////////////////////// + + /** + * Emulates RSA-KEM by using RSA-OAEP to wrap a random AES key. + * + * SAST/CBOM Classification: + * - Parent: Hybrid Cryptosystem (RSA-OAEP based key encapsulation). + * - Note: Although RSA-OAEP is secure, using it to "wrap" an ephemeral key is a + * non-standard KEM pattern. + * + * @param rsaPub The RSA public key of the recipient. + */ + public void rsaKEMEncapsulation(PublicKey rsaPub) throws Exception { + // 1) Generate an ephemeral AES key (symmetric key for data encryption) + KeyGenerator keyGen = KeyGenerator.getInstance("AES"); + keyGen.init(256); // 256-bit AES key. + SecretKey aesKey = keyGen.generateKey(); + System.out.println("Ephemeral AES Key: " + Base64.getEncoder().encodeToString(aesKey.getEncoded())); + + // 2) Encrypt (wrap) the ephemeral AES key with RSA-OAEP. + // SAST Note: This RSA-OAEP wrapping is used to encapsulate the AES key. + Cipher rsaCipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding"); + rsaCipher.init(Cipher.ENCRYPT_MODE, rsaPub); + byte[] wrappedKey = rsaCipher.doFinal(aesKey.getEncoded()); + System.out.println("RSA-KEM Encapsulated AES Key: " + Base64.getEncoder().encodeToString(wrappedKey)); + + // 3) Example usage: Encrypt data with the ephemeral AES key using AES-GCM. + Cipher aesCipher = Cipher.getInstance("AES/GCM/NoPadding"); + byte[] iv = new byte[12]; // Standard IV length for GCM. + new SecureRandom().nextBytes(iv); + GCMParameterSpec gcmSpec = new GCMParameterSpec(128, iv); + aesCipher.init(Cipher.ENCRYPT_MODE, aesKey, gcmSpec); + byte[] ciphertext = aesCipher.doFinal("KEM-based encryption".getBytes()); + System.out.println("AES-GCM ciphertext: " + Base64.getEncoder().encodeToString(ciphertext)); + } + + /** + * Performs RSA decapsulation by decrypting the wrapped AES key. + * + * SAST/CBOM Classification: - Parent: Hybrid Cryptosystem (RSA-OAEP based + * key decapsulation). - Note: Secure when used with matching RSA key pairs. + * + * @param rsaPriv The RSA private key corresponding to the public key used. + * @param wrappedKey The RSA-wrapped ephemeral AES key. + */ + public void rsaKEMDecapsulation(PrivateKey rsaPriv, byte[] wrappedKey) throws Exception { + Cipher rsaCipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding"); + rsaCipher.init(Cipher.DECRYPT_MODE, rsaPriv); + byte[] aesKeyBytes = rsaCipher.doFinal(wrappedKey); + SecretKey aesKey = new SecretKeySpec(aesKeyBytes, "AES"); + System.out.println("RSA-KEM Decapsulated AES Key: " + Base64.getEncoder().encodeToString(aesKey.getEncoded())); + } + + ////////////////////////////////////// + // 2. ECIES Example + ////////////////////////////////////// + + /** + * Implements a simplified ECIES flow using ephemeral ECDH and AES-GCM. + * + * SAST/CBOM Classification: + * - Parent: Hybrid Cryptosystem (ECIES: ECDH-based key encapsulation + DEM). + * - Note: Directly using the raw ECDH shared secret as key material is + * insecure. + * In practice, a proper KDF must be applied. + * + * @param ecPub The recipient's EC public key. + */ + public void eciesEncapsulation(PublicKey ecPub) throws Exception { + // Generate an ephemeral EC key pair. + KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC"); + kpg.initialize(new ECGenParameterSpec("secp256r1"), new SecureRandom()); + KeyPair ephemeralEC = kpg.generateKeyPair(); + + // Perform ECDH key agreement to derive the shared secret. + KeyAgreement ka = KeyAgreement.getInstance("ECDH"); + ka.init(ephemeralEC.getPrivate()); + ka.doPhase(ecPub, true); + byte[] sharedSecret = ka.generateSecret(); + System.out.println("ECIES ephemeral ECDH Secret: " + Base64.getEncoder().encodeToString(sharedSecret)); + + // For demonstration only: directly use part of the shared secret as an AES key. + // SAST Note: This is insecure; a proper key derivation function (KDF) must be + // used. + SecretKey aesKey = new SecretKeySpec(sharedSecret, 0, 16, "AES"); + + // Encrypt the message using AES-GCM. + Cipher aesCipher = Cipher.getInstance("AES/GCM/NoPadding"); + byte[] iv = new byte[12]; + new SecureRandom().nextBytes(iv); + aesCipher.init(Cipher.ENCRYPT_MODE, aesKey, new GCMParameterSpec(128, iv)); + byte[] ciphertext = aesCipher.doFinal("ECIES message".getBytes()); + + // The ephemeral public key (ephemeralEC.getPublic()) is transmitted as part of + // the output. + System.out.println( + "ECIES ephemeral public: " + Base64.getEncoder().encodeToString(ephemeralEC.getPublic().getEncoded())); + System.out.println("ECIES ciphertext: " + Base64.getEncoder().encodeToString(ciphertext)); + } + + ////////////////////////////////////// + // 3. Kyber Example (Post-Quantum KEM) + ////////////////////////////////////// + + // /** + // * Demonstrates a Kyber-based encapsulation using BouncyCastle's PQC provider. + // * + // * SAST/CBOM Classification: + // * - Parent: Post-Quantum KEM. + // * - Note: Kyber is a modern, post-quantum secure KEM. This example uses + // * Kyber-512. + // * + // * @param kyberRecipientKP The recipient's Kyber key pair. + // */ + // public void kyberEncapsulate(KeyPair kyberRecipientKP) throws Exception { + // // Use an ephemeral label for demonstration. + // byte[] ephemeralLabel = Strings.toByteArray("Kyber-KEM-Label"); + // Cipher kemCipher = Cipher.getInstance("Kyber", "BCPQC"); + // kemCipher.init(Cipher.ENCRYPT_MODE, kyberRecipientKP.getPublic(), new SecureRandom()); + // byte[] ciphertext = kemCipher.doFinal(ephemeralLabel); + // System.out.println("Kyber ciphertext: " + Base64.getEncoder().encodeToString(ciphertext)); + // } + + ////////////////////////////////////// + // 4. Basic Ephemeral Flows That Mimic KEM + ////////////////////////////////////// + + /** + * Uses ephemeral ECDH to derive a shared secret that mimics a KEM. + * + * SAST/CBOM Classification: + * - Parent: Ephemeral Key Agreement (mimicking KEM). + * - Note: This simple approach demonstrates the concept of using ephemeral keys + * to derive a secret. + * In a full scheme, the ephemeral public key would also be transmitted. + * + * @param recipientPubKey The recipient's public key. + */ + public void ephemeralECDHMimicKEM(PublicKey recipientPubKey) throws Exception { + KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC"); + kpg.initialize(new ECGenParameterSpec("secp256r1")); + KeyPair ephemeralKP = kpg.generateKeyPair(); + KeyAgreement ka = KeyAgreement.getInstance("ECDH"); + ka.init(ephemeralKP.getPrivate()); + ka.doPhase(recipientPubKey, true); + byte[] sharedSecret = ka.generateSecret(); + System.out.println( + "Ephemeral ECDH shared secret (mimics KEM): " + Base64.getEncoder().encodeToString(sharedSecret)); + // In a full implementation, the ephemeral public key and the shared secret are + // used together. + } + + ////////////////////////////////////// + // Test / Demo Method + ////////////////////////////////////// + + /** + * Demonstrates each of the key encapsulation flows. + */ + public void runKeyEncapsulationDemos() throws Exception { + // 1) RSA-KEM-like Flow: + KeyPairGenerator rsaKpg = KeyPairGenerator.getInstance("RSA"); + rsaKpg.initialize(2048); + KeyPair rsaKP = rsaKpg.generateKeyPair(); + rsaKEMEncapsulation(rsaKP.getPublic()); + + // 2) ECIES Example: + KeyPairGenerator ecKpg = KeyPairGenerator.getInstance("EC"); + ecKpg.initialize(new ECGenParameterSpec("secp256r1")); + KeyPair ecKP = ecKpg.generateKeyPair(); + eciesEncapsulation(ecKP.getPublic()); + + // // 3) Kyber Example (Post-Quantum KEM): + // KeyPairGenerator kyberKpg = KeyPairGenerator.getInstance("Kyber", "BCPQC"); + // kyberKpg.initialize(KyberParameterSpec.kyber512); + // KeyPair kyberKP = kyberKpg.generateKeyPair(); + // kyberEncapsulate(kyberKP); + // 4) Ephemeral ECDH Mimic KEM: + // For demonstration, we use an EC key pair and mimic KEM by deriving a shared + // secret. + KeyPair ephemeralEC = ecKpg.generateKeyPair(); + ephemeralECDHMimicKEM(ephemeralEC.getPublic()); + } +} diff --git a/java/ql/test/experimental/library-tests/quantum/jca/KeyExchange.java b/java/ql/test/experimental/library-tests/quantum/jca/KeyExchange.java new file mode 100644 index 00000000000..ef4d5b94c86 --- /dev/null +++ b/java/ql/test/experimental/library-tests/quantum/jca/KeyExchange.java @@ -0,0 +1,330 @@ +package com.example.crypto.algorithms; + +// import org.bouncycastle.jce.provider.BouncyCastleProvider; +import java.security.*; +import java.security.spec.ECGenParameterSpec; +import java.util.Arrays; +import java.util.Base64; +import javax.crypto.KeyAgreement; + +/** + * Demonstrates various Key Exchange mechanisms using standard Java and + * BouncyCastle: + * + * 1) Classic DH (Diffie-Hellman) with multiple key sizes: - 512-bit: + * Insecure/deprecated (flagged as unsafe by SAST). - 2048-bit: Standard secure + * level. - 4096-bit: High-security (but can be slow). + * + * 2) ECDH (using secp256r1): - Classified as a secure elliptic-curve key + * exchange. + * + * 3) X25519: - A modern and efficient elliptic-curve key exchange protocol. + * + * 4) X448: - Provides a higher security level for key exchange. + * + * In addition, the class now includes a nuanced insecure example that + * demonstrates: - Reusing static key pairs instead of generating fresh + * ephemeral keys. - Using weak parameters (512-bit DH) in a key exchange. + * + * The runAllExchanges() method demonstrates generating keys for each algorithm, + * deriving shared secrets, and comparing safe vs. insecure practices. + */ +public class KeyExchange { + + // static { + // // Add the BouncyCastle provider to support additional algorithms. + // Security.addProvider(new BouncyCastleProvider()); + // } + ////////////////////////////////////////// + // 1. Classic DH (Diffie-Hellman) + ////////////////////////////////////////// + + /** + * Generates a standard Diffie-Hellman key pair using a 2048-bit modulus. + * + * CBOM/SAST Classification: + * - Parent: Classic Diffie-Hellman Key Exchange. + * - 2048-bit is considered secure and is widely accepted. + * + * @return A 2048-bit DH KeyPair. + */ + public KeyPair generateDHKeyPair() throws Exception { + KeyPairGenerator dhKpg = KeyPairGenerator.getInstance("DH"); + dhKpg.initialize(2048); + return dhKpg.generateKeyPair(); + } + + /** + * Generates a deprecated/unsafe Diffie-Hellman key pair using a 512-bit + * modulus. + * + * CBOM/SAST Classification: - Parent: Classic Diffie-Hellman Key Exchange. + * - 512-bit DH is considered insecure and should be flagged by SAST tools. + * + * @return A 512-bit (insecure) DH KeyPair. + */ + public KeyPair generateDHDeprecated() throws Exception { + KeyPairGenerator dhKpg = KeyPairGenerator.getInstance("DH"); + // 512 bits is considered insecure/deprecated. + dhKpg.initialize(512); + return dhKpg.generateKeyPair(); + } + + /** + * Generates a high-security Diffie-Hellman key pair using a 4096-bit + * modulus. + * + * CBOM/SAST Classification: - Parent: Classic Diffie-Hellman Key Exchange. + * - 4096-bit DH offers high security, though it may be slower in practice. + * + * @return A 4096-bit DH KeyPair. + */ + public KeyPair generateDHHighSecurity() throws Exception { + KeyPairGenerator dhKpg = KeyPairGenerator.getInstance("DH"); + dhKpg.initialize(4096); + return dhKpg.generateKeyPair(); + } + + /** + * Derives a shared secret from a DH key pair. + * + * CBOM/SAST Classification: - Parent: Classic Diffie-Hellman Key Exchange. + * - Properly deriving the shared secret is secure if using a safe key size. + * + * @param privateKey The private key of one party. + * @param publicKey The public key of the other party. + * @return The derived shared secret as a byte array. + */ + public byte[] deriveDHSecret(PrivateKey privateKey, PublicKey publicKey) throws Exception { + KeyAgreement ka = KeyAgreement.getInstance("DH"); + ka.init(privateKey); + ka.doPhase(publicKey, true); + return ka.generateSecret(); + } + + ////////////////////////////////////////// + // 2. ECDH (secp256r1) + ////////////////////////////////////////// + + /** + * Generates an Elliptic Curve Diffie-Hellman key pair using the secp256r1 + * curve. + * + * CBOM/SAST Classification: + * - Parent: Elliptic Curve Diffie-Hellman (ECDH). + * - secp256r1 is widely regarded as secure and efficient. + * + * @return An ECDH KeyPair on secp256r1. + */ + public KeyPair generateECDHKeyPair() throws Exception { + KeyPairGenerator ecKpg = KeyPairGenerator.getInstance("EC", "BC"); + ecKpg.initialize(new ECGenParameterSpec("secp256r1"), new SecureRandom()); + return ecKpg.generateKeyPair(); + } + + /** + * Derives a shared secret using ECDH. + * + * CBOM/SAST Classification: - Parent: Elliptic Curve Diffie-Hellman (ECDH). + * - Secure when using appropriate curves and proper randomness. + * + * @param privateKey The ECDH private key. + * @param publicKey The corresponding public key. + * @return The derived ECDH shared secret. + */ + public byte[] deriveECDHSecret(PrivateKey privateKey, PublicKey publicKey) throws Exception { + KeyAgreement ka = KeyAgreement.getInstance("ECDH", "BC"); + ka.init(privateKey); + ka.doPhase(publicKey, true); + return ka.generateSecret(); + } + + ////////////////////////////////////////// + // 3. X25519 + ////////////////////////////////////////// + + /** + * Generates an ephemeral X25519 key pair. + * + * CBOM/SAST Classification: + * - Parent: Modern Elliptic-Curve Key Exchange. + * - X25519 is considered secure and efficient. + * + * @return An X25519 KeyPair. + */ + public KeyPair generateX25519KeyPair() throws Exception { + KeyPairGenerator kpg = KeyPairGenerator.getInstance("X25519", "BC"); + // X25519 key size is fixed; the parameter (255) is a reference value. + kpg.initialize(255, new SecureRandom()); + return kpg.generateKeyPair(); + } + + /** + * Derives a shared secret using the X25519 key agreement. + * + * CBOM/SAST Classification: - Parent: Modern Elliptic-Curve Key Exchange. - + * X25519 is highly recommended for its security and efficiency. + * + * @param privateKey The X25519 private key. + * @param publicKey The corresponding public key. + * @return The derived X25519 shared secret. + */ + public byte[] deriveX25519Secret(PrivateKey privateKey, PublicKey publicKey) throws Exception { + KeyAgreement ka = KeyAgreement.getInstance("X25519", "BC"); + ka.init(privateKey); + ka.doPhase(publicKey, true); + return ka.generateSecret(); + } + + ////////////////////////////////////////// + // 4. X448 + ////////////////////////////////////////// + + /** + * Generates an ephemeral X448 key pair. + * + * CBOM/SAST Classification: + * - Parent: Modern Elliptic-Curve Key Exchange. + * - X448 provides a higher security margin than X25519. + * + * @return An X448 KeyPair. + */ + public KeyPair generateX448KeyPair() throws Exception { + KeyPairGenerator kpg = KeyPairGenerator.getInstance("X448", "BC"); + // X448 key size is fixed; the parameter (448) is the curve parameter. + kpg.initialize(448, new SecureRandom()); + return kpg.generateKeyPair(); + } + + /** + * Derives a shared secret using the X448 key agreement. + * + * CBOM/SAST Classification: - Parent: Modern Elliptic-Curve Key Exchange. - + * X448 is considered secure and suitable for high-security applications. + * + * @param privateKey The X448 private key. + * @param publicKey The corresponding public key. + * @return The derived X448 shared secret. + */ + public byte[] deriveX448Secret(PrivateKey privateKey, PublicKey publicKey) throws Exception { + KeyAgreement ka = KeyAgreement.getInstance("X448", "BC"); + ka.init(privateKey); + ka.doPhase(publicKey, true); + return ka.generateSecret(); + } + + ////////////////////////////////////////// + // 5. Nuanced Insecure Key Exchange Example + ////////////////////////////////////////// + + /** + * Demonstrates a nuanced example of insecure key exchange by: + * - Using deprecated DH parameters (512-bit). + * - Reusing static (non-ephemeral) keys. + * + * SAST/CBOM Classification: + * - Parent: Insecure Key Exchange Patterns. + * - Issues: + * * 512-bit DH is weak and vulnerable to attacks. + * * Reusing a static key pair across sessions eliminates forward secrecy. + * * Reusing an ECDH key pair for both sides results in predictable shared + * secrets. + */ + public void insecureKeyExchangeExample() throws Exception { + System.out.println("\n--- Insecure Key Exchange Example ---"); + + // Example 1: Using weak 512-bit DH with static key reuse. + KeyPair staticDHKeyPair = generateDHDeprecated(); + // Reusing the same static DH key pair for both parties. + byte[] staticDHSecret = deriveDHSecret(staticDHKeyPair.getPrivate(), staticDHKeyPair.getPublic()); + System.out.println("Static DH (512-bit) shared secret (reused): " + + Base64.getEncoder().encodeToString(staticDHSecret)); + // SAST Note: 512-bit DH is considered insecure and static key reuse prevents + // forward secrecy. + + // Example 2: Reusing an ECDH key pair instead of generating fresh ephemeral + // keys. + KeyPair reusedECDHKeyPair = generateECDHKeyPair(); + // Using the same key pair for both sides leads to a shared secret that is + // easily derived. + byte[] reusedECDHSecret = deriveECDHSecret(reusedECDHKeyPair.getPrivate(), reusedECDHKeyPair.getPublic()); + System.out.println("Reused ECDH shared secret: " + + Base64.getEncoder().encodeToString(reusedECDHSecret)); + // SAST Note: Proper key exchange requires fresh ephemeral keys for each session + // to ensure forward secrecy. + } + + ////////////////////////////////////////// + // 6. runAllExchanges() Demo Method + ////////////////////////////////////////// + + /** + * Demonstrates key exchange flows for various algorithms, including both secure + * and insecure examples. + * + * CBOM/SAST Classification: + * - Exercises both safe configurations (e.g., DH with 2048/4096-bit, ECDH, + * X25519, X448) + * and insecure configurations (e.g., DH with 512-bit, static key reuse). + */ + public void runAllExchanges() throws Exception { + System.out.println("--- Running Secure Key Exchanges ---"); + + // ============ DEPRECATED / UNSAFE DH (512 bits) ============ + KeyPair dhDep1 = generateDHDeprecated(); + KeyPair dhDep2 = generateDHDeprecated(); + byte[] dhDepSecret1 = deriveDHSecret(dhDep1.getPrivate(), dhDep2.getPublic()); + byte[] dhDepSecret2 = deriveDHSecret(dhDep2.getPrivate(), dhDep1.getPublic()); + System.out.println("DH(512) K1->K2: " + Base64.getEncoder().encodeToString(dhDepSecret1)); + System.out.println("DH(512) K2->K1: " + Base64.getEncoder().encodeToString(dhDepSecret2)); + System.out.println("DH(512) match? " + Arrays.equals(dhDepSecret1, dhDepSecret2)); + + // ============ DH (2048 bits) Standard ============ + KeyPair dhKP1 = generateDHKeyPair(); + KeyPair dhKP2 = generateDHKeyPair(); + byte[] dhSecret1 = deriveDHSecret(dhKP1.getPrivate(), dhKP2.getPublic()); + byte[] dhSecret2 = deriveDHSecret(dhKP2.getPrivate(), dhKP1.getPublic()); + System.out.println("DH(2048) K1->K2: " + Base64.getEncoder().encodeToString(dhSecret1)); + System.out.println("DH(2048) K2->K1: " + Base64.getEncoder().encodeToString(dhSecret2)); + System.out.println("DH(2048) match? " + Arrays.equals(dhSecret1, dhSecret2)); + + // ============ DH (4096 bits) High-Security ============ + KeyPair dhHigh1 = generateDHHighSecurity(); + KeyPair dhHigh2 = generateDHHighSecurity(); + byte[] dhHighSecret1 = deriveDHSecret(dhHigh1.getPrivate(), dhHigh2.getPublic()); + byte[] dhHighSecret2 = deriveDHSecret(dhHigh2.getPrivate(), dhHigh1.getPublic()); + System.out.println("DH(4096) K1->K2: " + Base64.getEncoder().encodeToString(dhHighSecret1)); + System.out.println("DH(4096) K2->K1: " + Base64.getEncoder().encodeToString(dhHighSecret2)); + System.out.println("DH(4096) match? " + Arrays.equals(dhHighSecret1, dhHighSecret2)); + + // ============ ECDH (secp256r1) ============ + KeyPair ecKP1 = generateECDHKeyPair(); + KeyPair ecKP2 = generateECDHKeyPair(); + byte[] ecdhSecret1 = deriveECDHSecret(ecKP1.getPrivate(), ecKP2.getPublic()); + byte[] ecdhSecret2 = deriveECDHSecret(ecKP2.getPrivate(), ecKP1.getPublic()); + System.out.println("ECDH K1->K2: " + Base64.getEncoder().encodeToString(ecdhSecret1)); + System.out.println("ECDH K2->K1: " + Base64.getEncoder().encodeToString(ecdhSecret2)); + System.out.println("ECDH match? " + Arrays.equals(ecdhSecret1, ecdhSecret2)); + + // ============ X25519 ============ + KeyPair x25519KP1 = generateX25519KeyPair(); + KeyPair x25519KP2 = generateX25519KeyPair(); + byte[] x25519Secret1 = deriveX25519Secret(x25519KP1.getPrivate(), x25519KP2.getPublic()); + byte[] x25519Secret2 = deriveX25519Secret(x25519KP2.getPrivate(), x25519KP1.getPublic()); + System.out.println("X25519 K1->K2: " + Base64.getEncoder().encodeToString(x25519Secret1)); + System.out.println("X25519 K2->K1: " + Base64.getEncoder().encodeToString(x25519Secret2)); + System.out.println("X25519 match? " + Arrays.equals(x25519Secret1, x25519Secret2)); + + // ============ X448 ============ + KeyPair x448KP1 = generateX448KeyPair(); + KeyPair x448KP2 = generateX448KeyPair(); + byte[] x448Secret1 = deriveX448Secret(x448KP1.getPrivate(), x448KP2.getPublic()); + byte[] x448Secret2 = deriveX448Secret(x448KP2.getPrivate(), x448KP1.getPublic()); + System.out.println("X448 K1->K2: " + Base64.getEncoder().encodeToString(x448Secret1)); + System.out.println("X448 K2->K1: " + Base64.getEncoder().encodeToString(x448Secret2)); + System.out.println("X448 match? " + Arrays.equals(x448Secret1, x448Secret2)); + + // ============ Insecure Key Exchange Example ============ + insecureKeyExchangeExample(); + } +} diff --git a/java/ql/test/experimental/library-tests/quantum/jca/MACOperation.java b/java/ql/test/experimental/library-tests/quantum/jca/MACOperation.java new file mode 100644 index 00000000000..ae55b52bcfc --- /dev/null +++ b/java/ql/test/experimental/library-tests/quantum/jca/MACOperation.java @@ -0,0 +1,249 @@ +package com.example.crypto.algorithms; + +// import org.bouncycastle.jce.provider.BouncyCastleProvider; +import java.security.*; +import java.util.Arrays; +import java.util.Base64; +import javax.crypto.Cipher; +import javax.crypto.KeyGenerator; +import javax.crypto.Mac; +import javax.crypto.SecretKey; +import javax.crypto.SecretKeyFactory; +import javax.crypto.spec.PBEKeySpec; +import javax.crypto.spec.SecretKeySpec; + +/** + * MACOperation demonstrates various Message Authentication Code (MAC) + * operations and further use of MAC outputs as inputs into higher-level + * cryptosystems. + * + * Flows include: + * + * 1. Secure HMAC-SHA2 (HMAC-SHA256) - a widely accepted MAC. 2. Secure + * HMAC-SHA3 (HMAC-SHA3-256) - an alternative using the SHA-3 family. 3. Secure + * Poly1305 MAC - using BouncyCastle's implementation. 4. Secure GMAC - using + * AES-GCM's authentication tag in a dedicated MAC mode. 5. Secure KMAC - using + * KMAC128 (from the SHA-3 family). + * + * Insecure examples include: + * + * 6. Insecure HMAC-SHA1 - which is deprecated. + * + * Further flows: + * + * A. processMACOutput: Uses the MAC output directly as key material for AES + * encryption. (Note: This is acceptable only if the MAC is produced by a secure + * function.) + * + * B. alternativeMACFlow: Uses the MAC output as an identifier that is then + * encrypted. + * + * C. furtherUseMACForKeyDerivation: Uses PBKDF2 to split a MAC output into two + * keys, one for encryption and one for MACing ciphertext. + * + * SAST/CBOM Notes: - Secure MAC algorithms (HMAC-SHA256, HMAC-SHA3-256, + * Poly1305, GMAC, KMAC128) are acceptable if used correctly. - HMAC-SHA1 is + * flagged as insecure. - Using a raw MAC output directly as key material is + * ambiguous unless the MAC is produced by a secure KDF. + */ +public class MACOperation { + + // static { + // Security.addProvider(new BouncyCastleProvider()); + // } + // ---------- MAC Operations ---------- + /** + * Secure MAC using HMAC-SHA256. SAST: HMAC-SHA256 is widely considered + * secure. + */ + public byte[] secureHMACSHA256(String message, byte[] key) throws Exception { + Mac mac = Mac.getInstance("HmacSHA256", "BC"); + SecretKey secretKey = new SecretKeySpec(key, "HmacSHA256"); + mac.init(secretKey); + return mac.doFinal(message.getBytes()); + } + + /** + * Secure MAC using HMAC-SHA3-256. SAST: HMAC-SHA3 is a modern alternative + * from the SHA-3 family. + */ + public byte[] secureHMACSHA3(String message, byte[] key) throws Exception { + Mac mac = Mac.getInstance("HmacSHA3-256", "BC"); + SecretKey secretKey = new SecretKeySpec(key, "HmacSHA3-256"); + mac.init(secretKey); + return mac.doFinal(message.getBytes()); + } + + /** + * Secure MAC using Poly1305. SAST: Poly1305 is secure when used with a + * one-time key from a cipher (e.g. ChaCha20). + */ + public byte[] securePoly1305(String message, byte[] key) throws Exception { + Mac mac = Mac.getInstance("Poly1305", "BC"); + SecretKey secretKey = new SecretKeySpec(key, "Poly1305"); + mac.init(secretKey); + return mac.doFinal(message.getBytes()); + } + + /** + * Secure MAC using GMAC. SAST: GMAC (the MAC part of AES-GCM) is secure + * when used correctly. + */ + public byte[] secureGMAC(String message, byte[] key) throws Exception { + // For GMAC, we use the GMac algorithm as provided by BC. + Mac mac = Mac.getInstance("GMac", "BC"); + // Initialize the key for GMAC; key should be appropriate for the underlying + // block cipher. + SecretKey secretKey = new SecretKeySpec(key, "AES"); + mac.init(secretKey); + return mac.doFinal(message.getBytes()); + } + + /** + * Secure MAC using KMAC128. SAST: KMAC128 is part of the SHA-3 family and + * is secure when used properly. + */ + public byte[] secureKMAC(String message, byte[] key) throws Exception { + Mac mac = Mac.getInstance("KMAC128", "BC"); + SecretKey secretKey = new SecretKeySpec(key, "KMAC128"); + mac.init(secretKey); + return mac.doFinal(message.getBytes()); + } + + /** + * Insecure MAC using HMAC-SHA1. SAST: HMAC-SHA1 is considered deprecated + * and weak. + */ + public byte[] insecureHMACSHA1(String message, byte[] key) throws Exception { + Mac mac = Mac.getInstance("HmacSHA1", "BC"); + SecretKey secretKey = new SecretKeySpec(key, "HmacSHA1"); + mac.init(secretKey); + return mac.doFinal(message.getBytes()); + } + + // ---------- Further Use of MAC Outputs ---------- + /** + * Processes the MAC output by using it as key material for AES encryption. + * SAST: Using a raw MAC output as key material is acceptable only if the + * MAC was produced by a secure function; otherwise, this is ambiguous. + * + * @param macOutput The computed MAC output. + * @throws Exception if encryption fails. + */ + public void processMACOutput(byte[] macOutput) throws Exception { + // Derive a 128-bit AES key from the MAC output. + SecretKey key = new SecretKeySpec(macOutput, 0, 16, "AES"); + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + cipher.init(Cipher.ENCRYPT_MODE, key, new SecureRandom()); + byte[] encryptedData = cipher.doFinal("Sensitive Data".getBytes()); + storeEncryptedMAC(encryptedData); + } + + /** + * Alternative flow: Uses the MAC output as an identifier and then encrypts + * it. SAST: Using a MAC as an identifier is common; subsequent encryption + * must be secure. + * + * @param macOutput The computed MAC output. + * @throws Exception if encryption fails. + */ + public void alternativeMACFlow(byte[] macOutput) throws Exception { + byte[] identifier = Base64.getEncoder().encode(macOutput); + encryptAndSend(identifier); + } + + /** + * Further use: Derives two separate keys from the MAC output using PBKDF2, + * then uses one key for encryption and one for computing an additional MAC + * over the ciphertext. + * + * SAST: This key-splitting technique is acceptable if PBKDF2 is used + * securely. + * + * @param macOutput The MAC output to derive keys from. + * @throws Exception if key derivation or encryption fails. + */ + public void furtherUseMACForKeyDerivation(byte[] macOutput) throws Exception { + // Use the Base64 representation of the MAC as the password input to PBKDF2. + String macAsPassword = Base64.getEncoder().encodeToString(macOutput); + byte[] salt = generateSalt(16); + PBEKeySpec spec = new PBEKeySpec(macAsPassword.toCharArray(), salt, 10000, 256); + SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256"); + byte[] keyMaterial = factory.generateSecret(spec).getEncoded(); + // Split into two 128-bit keys. + byte[] encryptionKeyBytes = Arrays.copyOfRange(keyMaterial, 0, 16); + byte[] macKeyBytes = Arrays.copyOfRange(keyMaterial, 16, 32); + SecretKey encryptionKey = new SecretKeySpec(encryptionKeyBytes, "AES"); + SecretKey derivedMacKey = new SecretKeySpec(macKeyBytes, "HmacSHA256"); + + // Encrypt some sample data using the derived encryption key. + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + cipher.init(Cipher.ENCRYPT_MODE, encryptionKey, new SecureRandom()); + byte[] ciphertext = cipher.doFinal("Further Use Test Data".getBytes()); + + // Compute HMAC over the ciphertext using the derived MAC key. + Mac mac = Mac.getInstance("HmacSHA256"); + mac.init(derivedMacKey); + byte[] computedMac = mac.doFinal(ciphertext); + + // Concatenate the ciphertext and MAC for further use. + byte[] output = new byte[ciphertext.length + computedMac.length]; + System.arraycopy(ciphertext, 0, output, 0, ciphertext.length); + System.arraycopy(computedMac, 0, output, ciphertext.length, computedMac.length); + storeEncryptedMAC(output); + } + + // ---------- Output/Storage Methods ---------- + /** + * Simulates secure storage or transmission of an encrypted MAC output. + * SAST: In production, storage and transmission must be protected. + * + * @param encryptedMAC The encrypted MAC output. + */ + public void storeEncryptedMAC(byte[] encryptedMAC) { + String stored = Base64.getEncoder().encodeToString(encryptedMAC); + // In production, this string would be securely stored or transmitted. + } + + /** + * Encrypts data using AES-GCM and simulates secure transmission. SAST: Uses + * a securely generated AES key. + * + * @param data The data to encrypt. + * @throws Exception if encryption fails. + */ + public void encryptAndSend(byte[] data) throws Exception { + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + SecretKey key = generateAESKey(); + cipher.init(Cipher.ENCRYPT_MODE, key, new SecureRandom()); + byte[] encryptedData = cipher.doFinal(data); + storeEncryptedMAC(encryptedData); + } + + // ---------- Helper Methods ---------- + /** + * Generates a secure 256-bit AES key. SAST: Uses a strong RNG for key + * generation. + * + * @return A SecretKey for AES. + * @throws NoSuchAlgorithmException if AES is unsupported. + */ + private SecretKey generateAESKey() throws NoSuchAlgorithmException { + KeyGenerator keyGen = KeyGenerator.getInstance("AES"); + keyGen.init(256); + return keyGen.generateKey(); + } + + /** + * Generates a random salt of the specified length using SecureRandom. SAST: + * Salting is essential for secure key derivation. + * + * @param length The salt length. + * @return A byte array representing the salt. + */ + private byte[] generateSalt(int length) { + byte[] salt = new byte[length]; + new SecureRandom().nextBytes(salt); + return salt; + } +} diff --git a/java/ql/test/experimental/library-tests/quantum/jca/Nonce.java b/java/ql/test/experimental/library-tests/quantum/jca/Nonce.java new file mode 100644 index 00000000000..c99113d7a01 --- /dev/null +++ b/java/ql/test/experimental/library-tests/quantum/jca/Nonce.java @@ -0,0 +1,114 @@ +package com.example.crypto.artifacts; + +// import org.bouncycastle.jce.provider.BouncyCastleProvider; +import javax.crypto.KeyGenerator; +import javax.crypto.Mac; +import javax.crypto.SecretKey; +import javax.crypto.spec.GCMParameterSpec; +import javax.crypto.Cipher; +import java.security.*; +import java.util.Base64; +import java.util.Random; + +public class Nonce { + + // static { + // Security.addProvider(new BouncyCastleProvider()); // Ensure BouncyCastle is available + // } + /** + * Simple Case: Generates a secure nonce and uses it in HMAC. + */ + public void simpleNonceUsage() throws Exception { + byte[] nonce = secureNonce(16); + SecretKey key = generateHmacKey(); + Mac mac = Mac.getInstance("HmacSHA256"); + mac.init(key); + mac.update(nonce); + byte[] macResult = mac.doFinal("Simple Test Data".getBytes()); + } + + /** + * Incorrect: Hardcoded, reused nonce in encryption, leading to predictable + * output. + */ + public void hardcodedNonceReuse() throws Exception { + byte[] nonce = "BADNONCEBADNONCE".getBytes(); // HARDCODED NONCE REUSED! + SecretKey key = generateHmacKey(); + Mac mac = Mac.getInstance("HmacSHA256"); + mac.init(key); + mac.update(nonce); + byte[] macResult = mac.doFinal("Sensitive Data".getBytes()); + } + + /** + * Incorrect: Reusing a nonce with AES-GCM, which can lead to catastrophic + * security failures. + */ + public void insecureNonceReuseGCM(SecretKey key, byte[] plaintext) throws Exception { + byte[] nonce = getReusedNonce(12); // SAME NONCE REUSED! + GCMParameterSpec gcmSpec = new GCMParameterSpec(128, nonce); + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + cipher.init(Cipher.ENCRYPT_MODE, key, gcmSpec); + byte[] ciphertext = cipher.doFinal(plaintext); + } + + /** + * Secure Case: Proper unique nonce usage in AES-GCM. + */ + public void secureNonceUsageGCM(SecretKey key, byte[] plaintext) throws Exception { + byte[] nonce = secureNonce(12); + GCMParameterSpec gcmSpec = new GCMParameterSpec(128, nonce); + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + cipher.init(Cipher.ENCRYPT_MODE, key, gcmSpec); + byte[] ciphertext = cipher.doFinal(plaintext); + } + + public void complexNonceFlow() { + byte[] nonce = useSecureMethod() ? secureNonce(16) : insecureNonce(16); + processNonce(nonce); + try { + useNonceInMac(nonce, generateHmacKey(), "HmacSHA256"); + } catch (Exception e) { + e.printStackTrace(); + } + } + + public void useNonceInMac(byte[] nonce, SecretKey key, String macAlgorithm) throws Exception { + Mac mac = Mac.getInstance(macAlgorithm); + mac.init(key); + mac.update(nonce); + byte[] macResult = mac.doFinal("Sensitive Data".getBytes()); + } + + private boolean useSecureMethod() { + return System.currentTimeMillis() % 2 == 0; + } + + private void processNonce(byte[] nonce) { + String nonceBase64 = Base64.getEncoder().encodeToString(nonce); + } + + private SecretKey generateHmacKey() throws NoSuchAlgorithmException { + KeyGenerator keyGen = KeyGenerator.getInstance("HmacSHA256"); + return keyGen.generateKey(); + } + + private byte[] secureNonce(int length) { + byte[] nonce = new byte[length]; + new SecureRandom().nextBytes(nonce); + return nonce; + } + + private byte[] insecureNonce(int length) { + byte[] nonce = new byte[length]; + new Random().nextBytes(nonce); + return nonce; + } + + /** + * Incorrect: A nonce that is stored and reused across multiple encryptions. + */ + private byte[] getReusedNonce(int length) { + return "BADNONCEBADNONCE".getBytes(); // Fixed nonce reuse across calls + } +} diff --git a/java/ql/test/experimental/library-tests/quantum/jca/PrngTest.java b/java/ql/test/experimental/library-tests/quantum/jca/PrngTest.java new file mode 100644 index 00000000000..313c4fd4e87 --- /dev/null +++ b/java/ql/test/experimental/library-tests/quantum/jca/PrngTest.java @@ -0,0 +1,156 @@ +package com.example.crypto.algorithms; + +import java.security.NoSuchAlgorithmException; +import java.security.SecureRandom; +import java.util.Random; +import javax.crypto.SecretKey; +import javax.crypto.KeyGenerator; + +/** + * PrngTest demonstrates various approaches for generating random data using + * PRNG/RNG APIs. + * + * It covers: 1) Secure random generation using SecureRandom (default and + * getInstanceStrong). 2) Insecure random generation using java.util.Random. 3) + * Flawed PRNG usage by setting a fixed seed. 4) Dynamic PRNG selection based on + * configuration. 5) Usage of random data as nonces/IVs in symmetric encryption. + * + * SAST/CBOM Notes: - SecureRandom (and SecureRandom.getInstanceStrong) are + * recommended. - java.util.Random is not suitable for cryptographic purposes. - + * Re-seeding or using a fixed seed with SecureRandom makes it predictable. - + * IVs and nonces must be unique for each operation; reusing fixed values is + * insecure. + */ +public class PrngTest { + + // ---------- Secure Random Generation ---------- + /** + * Generates random bytes using the default SecureRandom. SAST: SecureRandom + * is recommended for cryptographically secure random data. + * + * @param numBytes Number of bytes to generate. + * @return A byte array of random data. + */ + public byte[] generateSecureRandomBytes(int numBytes) { + SecureRandom secureRandom = new SecureRandom(); + byte[] bytes = new byte[numBytes]; + secureRandom.nextBytes(bytes); + return bytes; + } + + /** + * Generates random bytes using SecureRandom.getInstanceStrong(). SAST: + * getInstanceStrong() returns a strong RNG (may block in some + * environments). + * + * @param numBytes Number of bytes to generate. + * @return A byte array of random data. + * @throws NoSuchAlgorithmException if a strong RNG is not available. + */ + public byte[] generateSecureRandomBytesStrong(int numBytes) throws NoSuchAlgorithmException { + SecureRandom secureRandom = SecureRandom.getInstanceStrong(); + byte[] bytes = new byte[numBytes]; + secureRandom.nextBytes(bytes); + return bytes; + } + + // ---------- Insecure Random Generation ---------- + /** + * Generates random bytes using java.util.Random. SAST: java.util.Random is + * predictable and insecure for cryptographic purposes. + * + * @param numBytes Number of bytes to generate. + * @return A byte array of random data. + */ + public byte[] generateInsecureRandomBytes(int numBytes) { + Random random = new Random(); + byte[] bytes = new byte[numBytes]; + random.nextBytes(bytes); + return bytes; + } + + /** + * Generates random bytes using SecureRandom with a fixed seed. SAST: Fixed + * seeding makes SecureRandom predictable and insecure. + * + * @param numBytes Number of bytes to generate. + * @return A byte array of predictable random data. + */ + public byte[] generatePredictableRandomBytes(int numBytes) { + SecureRandom secureRandom = new SecureRandom(); + // Fixed seed (predictable and insecure) + secureRandom.setSeed(0xDEADBEEF); + byte[] bytes = new byte[numBytes]; + secureRandom.nextBytes(bytes); + return bytes; + } + + // ---------- Dynamic PRNG Selection ---------- + /** + * Dynamically selects a PRNG algorithm based on a configuration property. + * If the algorithm is unknown, falls back to java.util.Random (insecure). + * SAST: Dynamic selection may introduce risk if an insecure RNG is chosen. + * + * @param algorithmName The PRNG algorithm name (e.g. "SHA1PRNG", + * "NativePRNGNonBlocking", "getInstanceStrong"). + * @param numBytes Number of bytes to generate. + * @return A byte array of random data. + * @throws NoSuchAlgorithmException if the algorithm is not available. + */ + public byte[] dynamicRandomGeneration(String algorithmName, int numBytes) throws NoSuchAlgorithmException { + SecureRandom secureRandom; + if ("SHA1PRNG".equalsIgnoreCase(algorithmName)) { + // SHA1PRNG is older and less preferred. + secureRandom = SecureRandom.getInstance("SHA1PRNG"); + } else if ("NativePRNGNonBlocking".equalsIgnoreCase(algorithmName)) { + secureRandom = SecureRandom.getInstance("NativePRNGNonBlocking"); + } else if ("getInstanceStrong".equalsIgnoreCase(algorithmName)) { + secureRandom = SecureRandom.getInstanceStrong(); + } else { + // Fallback to insecure java.util.Random. + Random random = new Random(); + byte[] bytes = new byte[numBytes]; + random.nextBytes(bytes); + return bytes; + } + byte[] bytes = new byte[numBytes]; + secureRandom.nextBytes(bytes); + return bytes; + } + + // ---------- Usage Examples: Nonce/IV Generation for Symmetric Encryption + // ---------- + /** + * Demonstrates secure generation of an IV for AES-GCM encryption. SAST: A + * unique, random IV is required for each encryption operation. + * + * @return A 12-byte IV. + */ + public byte[] generateRandomIVForGCM() { + return generateSecureRandomBytes(12); + } + + /** + * Demonstrates insecure use of a fixed IV for AES-GCM encryption. SAST: + * Reusing a fixed IV in AES-GCM compromises security. + * + * @return A fixed 12-byte IV (all zeros). + */ + public byte[] generateFixedIVForGCM() { + return new byte[12]; // 12 bytes of zeros. + } + + // ---------- Example: Using PRNG for Key Generation ---------- + /** + * Generates a secure 256-bit AES key using SecureRandom. SAST: Strong key + * generation is critical for symmetric cryptography. + * + * @return A new AES SecretKey. + * @throws Exception if key generation fails. + */ + public SecretKey generateAESKey() throws Exception { + KeyGenerator keyGen = KeyGenerator.getInstance("AES"); + keyGen.init(256, new SecureRandom()); + return keyGen.generateKey(); + } +} diff --git a/java/ql/test/experimental/library-tests/quantum/jca/SignEncryptCombinations.java b/java/ql/test/experimental/library-tests/quantum/jca/SignEncryptCombinations.java new file mode 100644 index 00000000000..d238aab173c --- /dev/null +++ b/java/ql/test/experimental/library-tests/quantum/jca/SignEncryptCombinations.java @@ -0,0 +1,359 @@ +package com.example.crypto.algorithms; + +// import org.bouncycastle.jce.provider.BouncyCastleProvider; +import java.security.*; +import java.security.spec.ECGenParameterSpec; +import java.util.Arrays; +import javax.crypto.Cipher; +import javax.crypto.KeyGenerator; +import javax.crypto.Mac; +import javax.crypto.SecretKey; +import javax.crypto.spec.GCMParameterSpec; + +/** + * This class demonstrates cryptographic flows combining signing, encryption, + * and MAC. + * + * It intentionally includes both safe and unsafe patterns so that a SAST tool + * can detect: + * + * 1. **Sign then Encrypt (Unsafe)** - Signs the plaintext and encrypts only the + * signature, leaving the plaintext in cleartext. - *Issue:* The message is + * exposed, which could lead to replay or modification attacks. + * + * 2. **Encrypt then Sign (Safe with caveats)** - Encrypts the plaintext and + * then signs the ciphertext. - *Caveat:* The signature is in the clear; + * metadata (e.g. ciphertext length) may be exposed. + * + * 3. **MAC then Encrypt (Unsafe)** - Computes a MAC on the plaintext and + * appends it before encryption. - *Issue:* Operating on plaintext for MAC + * generation can leak information and is discouraged. + * + * 4. **Encrypt then MAC (Safe)** - Encrypts the plaintext and computes a MAC + * over the ciphertext. - *Benefit:* Provides a robust authenticated encryption + * construction when not using an AEAD cipher. + * + * Note: AES/GCM already provides authentication, so adding an external MAC is + * redundant. + */ +public class SignEncryptCombinations { + + private static final SecureRandom RANDOM = new SecureRandom(); + + // static { + // Security.addProvider(new BouncyCastleProvider()); + // } + /////////////////////////////////////////////// + // Key Generation for ECDSA on secp256r1 + /////////////////////////////////////////////// + + public KeyPair generateECDSAKeyPair() throws Exception { + KeyPairGenerator ecKpg = KeyPairGenerator.getInstance("EC", "BC"); + ecKpg.initialize(new ECGenParameterSpec("secp256r1"), RANDOM); + return ecKpg.generateKeyPair(); + } + + /////////////////////////////////////////////// + // Signing with ECDSA (SHA256withECDSA) + /////////////////////////////////////////////// + + public byte[] signECDSA(PrivateKey privKey, byte[] data) throws Exception { + Signature signature = Signature.getInstance("SHA256withECDSA", "BC"); + signature.initSign(privKey, RANDOM); + signature.update(data); + return signature.sign(); + } + + public boolean verifyECDSA(PublicKey pubKey, byte[] data, byte[] signatureBytes) throws Exception { + Signature signature = Signature.getInstance("SHA256withECDSA", "BC"); + signature.initVerify(pubKey); + signature.update(data); + return signature.verify(signatureBytes); + } + + /////////////////////////////////////////////// + // Symmetric Encryption with AES-GCM + /////////////////////////////////////////////// + + /** + * Generates a 256-bit AES key. + */ + public SecretKey generateAESKey() throws Exception { + KeyGenerator kg = KeyGenerator.getInstance("AES"); + kg.init(256); + return kg.generateKey(); + } + + /** + * Encrypts data using AES-GCM with a 12-byte IV and a 128-bit tag. Returns + * the concatenation of IV and ciphertext. + */ + public byte[] encryptAESGCM(SecretKey key, byte[] plaintext) throws Exception { + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + byte[] iv = new byte[12]; // 12-byte IV recommended for GCM + RANDOM.nextBytes(iv); + GCMParameterSpec spec = new GCMParameterSpec(128, iv); + cipher.init(Cipher.ENCRYPT_MODE, key, spec); + byte[] ciphertext = cipher.doFinal(plaintext); + + byte[] result = new byte[iv.length + ciphertext.length]; + System.arraycopy(iv, 0, result, 0, iv.length); + System.arraycopy(ciphertext, 0, result, iv.length, ciphertext.length); + return result; + } + + /** + * Decrypts data that was encrypted using encryptAESGCM. + */ + public byte[] decryptAESGCM(SecretKey key, byte[] ivCiphertext) throws Exception { + byte[] iv = Arrays.copyOfRange(ivCiphertext, 0, 12); + byte[] ciphertext = Arrays.copyOfRange(ivCiphertext, 12, ivCiphertext.length); + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + cipher.init(Cipher.DECRYPT_MODE, key, new GCMParameterSpec(128, iv)); + return cipher.doFinal(ciphertext); + } + + /////////////////////////////////////////////// + // HMAC Usage with HMAC-SHA256 + /////////////////////////////////////////////// + + public byte[] computeHmacSHA256(SecretKey key, byte[] data) throws Exception { + Mac mac = Mac.getInstance("HmacSHA256"); + mac.init(key); + return mac.doFinal(data); + } + + public boolean verifyHmacSHA256(SecretKey key, byte[] data, byte[] givenMac) throws Exception { + byte[] computed = computeHmacSHA256(key, data); + return Arrays.equals(computed, givenMac); + } + + /////////////////////////////////////////////// + // 1) SIGN THEN ENCRYPT vs. ENCRYPT THEN SIGN + /////////////////////////////////////////////// + + /** + * UNSAFE FLOW: Signs the plaintext and encrypts only the signature. + * + *

+ * **Issue:** The plaintext message is not encrypted, only the signature is. + * This exposes the original message to eavesdroppers and negates the purpose of + * encryption. + *

+ * + * @param signingKey ECDSA private key for signing. + * @param encryptionKey AES key for encryption. + * @param data The plaintext message. + * @return The encrypted signature only. + */ + public byte[] signThenEncrypt(PrivateKey signingKey, SecretKey encryptionKey, byte[] data) throws Exception { + // Sign the plaintext message. + byte[] signature = signECDSA(signingKey, data); + // **** UNSAFE: Only the signature is encrypted. The plaintext remains in the + // clear. **** + return encryptAESGCM(encryptionKey, signature); + } + + /** + * Decrypts the signature and verifies it against the original plaintext. + */ + public boolean decryptThenVerify(SecretKey encryptionKey, PublicKey verifyingKey, byte[] encryptedSig, + byte[] originalData) throws Exception { + byte[] decryptedSig = decryptAESGCM(encryptionKey, encryptedSig); + return verifyECDSA(verifyingKey, originalData, decryptedSig); + } + + /** + * SAFE FLOW (with caveats): Encrypts the plaintext and then signs the + * ciphertext. + * + *

+ * **Benefit:** The plaintext is fully encrypted and remains confidential. + * **Caveat:** The signature is transmitted in the clear. Although this does + * not compromise the message, it might reveal metadata (like ciphertext + * length). + *

+ * + * @param encryptionKey AES key for encryption. + * @param signingKey ECDSA private key for signing. + * @param data The plaintext message. + * @return The concatenation of the ciphertext and its signature. + */ + public byte[] encryptThenSign(SecretKey encryptionKey, PrivateKey signingKey, byte[] data) throws Exception { + // Encrypt the plaintext. + byte[] ivCiphertext = encryptAESGCM(encryptionKey, data); + // Sign the ciphertext. + byte[] signature = signECDSA(signingKey, ivCiphertext); + + // Combine ciphertext and signature. + byte[] combined = new byte[ivCiphertext.length + signature.length]; + System.arraycopy(ivCiphertext, 0, combined, 0, ivCiphertext.length); + System.arraycopy(signature, 0, combined, ivCiphertext.length, signature.length); + return combined; + } + + /** + * Extracts and verifies the signature from the combined + * ciphertext-signature bundle, then decrypts the ciphertext. + * + *

+ * **Issue:** Here we assume a fixed signature length (70 bytes). In + * production, the signature length should be explicitly stored. Hard-coding + * a length is an unsafe pattern and may trigger SAST warnings. + *

+ * + * @param verifyingKey ECDSA public key for signature verification. + * @param encryptionKey AES key for decryption. + * @param combined The combined ciphertext and signature. + * @return The decrypted plaintext message. + */ + public byte[] verifyThenDecrypt(PublicKey verifyingKey, SecretKey encryptionKey, byte[] combined) throws Exception { + int assumedSignatureLength = 70; // UNSAFE: Hard-coded signature length. + if (combined.length < assumedSignatureLength) { + throw new IllegalArgumentException("Combined data too short."); + } + int ctLen = combined.length - assumedSignatureLength; + byte[] ivCiphertext = Arrays.copyOfRange(combined, 0, ctLen); + byte[] signature = Arrays.copyOfRange(combined, ctLen, combined.length); + + if (!verifyECDSA(verifyingKey, ivCiphertext, signature)) { + throw new SecurityException("Signature verification failed."); + } + return decryptAESGCM(encryptionKey, ivCiphertext); + } + + /////////////////////////////////////////////// + // 2) MAC THEN ENCRYPT vs. ENCRYPT THEN MAC + /////////////////////////////////////////////// + + /** + * UNSAFE FLOW: Computes a MAC on the plaintext, appends it to the plaintext, + * and then encrypts the combined data. + * + *

+ * **Issue:** Operating on unencrypted plaintext to compute the MAC can leak + * structural + * information. Additionally, if the encryption scheme does not provide + * integrity, + * this construction is vulnerable. + *

+ * + * @param macKey AES key used as the HMAC key (should be separate from the + * encryption key). + * @param encKey AES key for encryption. + * @param data The plaintext message. + * @return The encrypted (plaintext + MAC) bundle. + */ + public byte[] macThenEncrypt(SecretKey macKey, SecretKey encKey, byte[] data) throws Exception { + // Compute MAC over the plaintext. + byte[] mac = computeHmacSHA256(macKey, data); + // Combine plaintext and MAC. + byte[] combined = new byte[data.length + mac.length]; + System.arraycopy(data, 0, combined, 0, data.length); + System.arraycopy(mac, 0, combined, data.length, mac.length); + // **** UNSAFE: The MAC is computed on plaintext, which can leak information. + // **** + return encryptAESGCM(encKey, combined); + } + + /** + * Decrypts the combined data and verifies the MAC. + * + * @param macKey AES key used as the HMAC key. + * @param encKey AES key for decryption. + * @param ciphertext The encrypted bundle containing plaintext and MAC. + * @return true if the MAC is valid; false otherwise. + */ + public boolean decryptThenVerifyMac(SecretKey macKey, SecretKey encKey, byte[] ciphertext) throws Exception { + byte[] combined = decryptAESGCM(encKey, ciphertext); + if (combined.length < 32) { // HMAC-SHA256 produces a 32-byte MAC. + throw new IllegalArgumentException("Combined data too short for MAC verification."); + } + int dataLen = combined.length - 32; + byte[] originalData = Arrays.copyOfRange(combined, 0, dataLen); + byte[] extractedMac = Arrays.copyOfRange(combined, dataLen, combined.length); + return verifyHmacSHA256(macKey, originalData, extractedMac); + } + + /** + * SAFE FLOW: Encrypts the plaintext and then computes a MAC over the + * ciphertext. + * + *

+ * **Benefit:** This "encrypt-then-MAC" construction ensures that the + * ciphertext is both confidential and tamper-evident. + *

+ * + * @param encKey AES key for encryption. + * @param macKey AES key used as the HMAC key. + * @param data The plaintext message. + * @return The concatenation of ciphertext and MAC. + */ + public byte[] encryptThenMac(SecretKey encKey, SecretKey macKey, byte[] data) throws Exception { + // Encrypt the plaintext. + byte[] ivCiphertext = encryptAESGCM(encKey, data); + // Compute MAC over the ciphertext. + byte[] mac = computeHmacSHA256(macKey, ivCiphertext); + // Combine ciphertext and MAC. + byte[] combined = new byte[ivCiphertext.length + mac.length]; + System.arraycopy(ivCiphertext, 0, combined, 0, ivCiphertext.length); + System.arraycopy(mac, 0, combined, ivCiphertext.length, mac.length); + return combined; + } + + /** + * Verifies the MAC and then decrypts the ciphertext. + * + * @param encKey AES key for decryption. + * @param macKey AES key used as the HMAC key. + * @param combined The combined ciphertext and MAC. + * @return The decrypted plaintext message. + */ + public byte[] verifyMacThenDecrypt(SecretKey encKey, SecretKey macKey, byte[] combined) throws Exception { + if (combined.length < 32) { + throw new IllegalArgumentException("Combined data too short for MAC verification."); + } + int macOffset = combined.length - 32; + byte[] ivCiphertext = Arrays.copyOfRange(combined, 0, macOffset); + byte[] extractedMac = Arrays.copyOfRange(combined, macOffset, combined.length); + if (!verifyHmacSHA256(macKey, ivCiphertext, extractedMac)) { + throw new SecurityException("MAC verification failed."); + } + return decryptAESGCM(encKey, ivCiphertext); + } + + /////////////////////////////////////////////// + // Demo: runAllCombinations + /////////////////////////////////////////////// + + public void runAllCombinations() throws Exception { + // Generate keys for signing and for encryption/MAC. + KeyPair signingKeys = generateECDSAKeyPair(); + SecretKey encKey = generateAESKey(); + SecretKey macKey = generateAESKey(); // Ensure a separate key for MAC operations. + + byte[] message = "Hello, combinations!".getBytes(); + + // 1) Sign then Encrypt (Unsafe) vs. Encrypt then Sign (Safe with caveats) + System.out.println("--Sign Then Encrypt (UNSAFE)"); + byte[] encryptedSig = signThenEncrypt(signingKeys.getPrivate(), encKey, message); + boolean steVerified = decryptThenVerify(encKey, signingKeys.getPublic(), encryptedSig, message); + System.out.println("signThenEncrypt -> signature verified? " + steVerified); + + System.out.println("--Encrypt Then Sign (SAFE with caveats)"); + byte[] combinedETS = encryptThenSign(encKey, signingKeys.getPrivate(), message); + byte[] finalPlain = verifyThenDecrypt(signingKeys.getPublic(), encKey, combinedETS); + System.out.println("encryptThenSign -> decrypted message: " + new String(finalPlain)); + + // 2) MAC then Encrypt (Unsafe) vs. Encrypt then MAC (Safe) + System.out.println("--MAC Then Encrypt (UNSAFE)"); + byte[] mteCipher = macThenEncrypt(macKey, encKey, message); + boolean mteVerified = decryptThenVerifyMac(macKey, encKey, mteCipher); + System.out.println("macThenEncrypt -> MAC verified? " + mteVerified); + + System.out.println("--Encrypt Then MAC (SAFE)"); + byte[] etmCombined = encryptThenMac(encKey, macKey, message); + byte[] etmPlain = verifyMacThenDecrypt(encKey, macKey, etmCombined); + System.out.println("encryptThenMac -> decrypted message: " + new String(etmPlain)); + } +} diff --git a/java/ql/test/experimental/library-tests/quantum/jca/SignatureOperation.java b/java/ql/test/experimental/library-tests/quantum/jca/SignatureOperation.java new file mode 100644 index 00000000000..2efba7c5c77 --- /dev/null +++ b/java/ql/test/experimental/library-tests/quantum/jca/SignatureOperation.java @@ -0,0 +1,346 @@ +package com.example.crypto.algorithms; + +// import org.bouncycastle.jce.provider.BouncyCastleProvider; +import java.security.*; +import java.security.spec.ECGenParameterSpec; +import java.util.Base64; +import java.util.Properties; + +/** + * Demonstrates various digital signature operations: + * + * 1) RSA-PSS (modern, safer) - CBOM/SAST: Classified as a Modern Digital + * Signature scheme using RSA-PSS. RSA-PSS with SHA-256 is recommended. + * + * 2) ECDSA with secp256r1 - CBOM/SAST: Classified as an Elliptic Curve Digital + * Signature Algorithm. Secure when used with a strong curve and proper + * randomness. + * + * 3) Ed25519 (RFC 8032) - CBOM/SAST: Classified as a modern, high-performance + * signature scheme. + * + * 4) SHA1withRSA (deprecated/unsafe example) - CBOM/SAST: Classified as a + * legacy digital signature scheme. SHA-1 and 1024-bit RSA are deprecated. + * + * Additional nuanced examples: + * + * - Signing and verifying an empty message. - Signing data with non-ASCII + * characters. - Demonstrating signature tampering and its detection. - A + * dynamic (runtime-selected) signature algorithm scenario ("known unknown"). + * + * Requirements: - BouncyCastle for ECDSA, Ed25519, and RSA-PSS (if needed). - + * Java 11+ for native Ed25519 support or using BC for older versions. + */ +public class SignatureOperation { + + // static { + // // Register the BouncyCastle provider. + // Security.addProvider(new BouncyCastleProvider()); + // } + /////////////////////////////////////// + // 1. RSA-PSS (Recommended) + /////////////////////////////////////// + + /** + * Generate an RSA key pair for RSA-PSS. + * Uses a 2048-bit key. + * + * CBOM/SAST Notes: + * - Parent: Modern Digital Signature (RSA-PSS). + */ + public KeyPair generateRSAPSSKeyPair() throws Exception { + KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA"); + kpg.initialize(2048); + return kpg.generateKeyPair(); + } + + /** + * Sign data using RSA-PSS with SHA-256. + * + * CBOM/SAST Notes: - Parent: Modern Digital Signature (RSA-PSS). + */ + public byte[] signRSAPSS(PrivateKey privateKey, byte[] data) throws Exception { + Signature signature = Signature.getInstance("SHA256withRSAandMGF1"); + signature.initSign(privateKey); + signature.update(data); + return signature.sign(); + } + + /** + * Verify data using RSA-PSS with SHA-256. + * + * CBOM/SAST Notes: - Parent: Modern Digital Signature (RSA-PSS). + */ + public boolean verifyRSAPSS(PublicKey publicKey, byte[] data, byte[] sigBytes) throws Exception { + Signature signature = Signature.getInstance("SHA256withRSAandMGF1"); + signature.initVerify(publicKey); + signature.update(data); + return signature.verify(sigBytes); + } + + /////////////////////////////////////// + // 2. ECDSA (secp256r1) + /////////////////////////////////////// + + /** + * Generate an ECDSA key pair on secp256r1. + * + * CBOM/SAST Notes: + * - Parent: Elliptic Curve Digital Signature. + */ + public KeyPair generateECDSAKeyPair() throws Exception { + KeyPairGenerator ecKpg = KeyPairGenerator.getInstance("EC", "BC"); + ecKpg.initialize(new ECGenParameterSpec("secp256r1"), new SecureRandom()); + return ecKpg.generateKeyPair(); + } + + /** + * Sign data using ECDSA with SHA-256. + * + * CBOM/SAST Notes: - Parent: Elliptic Curve Digital Signature. + */ + public byte[] signECDSA(PrivateKey privateKey, byte[] data) throws Exception { + Signature signature = Signature.getInstance("SHA256withECDSA", "BC"); + signature.initSign(privateKey); + signature.update(data); + return signature.sign(); + } + + /** + * Verify data using ECDSA with SHA-256. + * + * CBOM/SAST Notes: - Parent: Elliptic Curve Digital Signature. + */ + public boolean verifyECDSA(PublicKey publicKey, byte[] data, byte[] sigBytes) throws Exception { + Signature signature = Signature.getInstance("SHA256withECDSA", "BC"); + signature.initVerify(publicKey); + signature.update(data); + return signature.verify(sigBytes); + } + + /////////////////////////////////////// + // 3. Ed25519 (RFC 8032) + /////////////////////////////////////// + + /** + * Generate an Ed25519 key pair. + * + * CBOM/SAST Notes: + * - Parent: Modern Digital Signature (EdDSA). + */ + public KeyPair generateEd25519KeyPair() throws Exception { + KeyPairGenerator kpg = KeyPairGenerator.getInstance("Ed25519", "BC"); + return kpg.generateKeyPair(); + } + + /** + * Sign data using Ed25519. + * + * CBOM/SAST Notes: - Parent: Modern Digital Signature (EdDSA). + */ + public byte[] signEd25519(PrivateKey privateKey, byte[] data) throws Exception { + Signature signature = Signature.getInstance("Ed25519", "BC"); + signature.initSign(privateKey); + signature.update(data); + return signature.sign(); + } + + /** + * Verify data using Ed25519. + * + * CBOM/SAST Notes: - Parent: Modern Digital Signature (EdDSA). + */ + public boolean verifyEd25519(PublicKey publicKey, byte[] data, byte[] sigBytes) throws Exception { + Signature signature = Signature.getInstance("Ed25519", "BC"); + signature.initVerify(publicKey); + signature.update(data); + return signature.verify(sigBytes); + } + + /////////////////////////////////////// + // 4. SHA1withRSA (Deprecated/Unsafe) + /////////////////////////////////////// + + /** + * Generate an RSA key pair for the deprecated/unsafe example. + * Uses a 1024-bit key. + * + * CBOM/SAST Notes: + * - Parent: Legacy Digital Signature. + * - RSA with SHA-1 and 1024-bit keys is deprecated and should be avoided. + */ + public KeyPair generateRSAUnsafeKeyPair() throws Exception { + KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA"); + kpg.initialize(1024); + return kpg.generateKeyPair(); + } + + /** + * Sign data using SHA1withRSA. + * + * CBOM/SAST Notes: - Parent: Legacy Digital Signature. - SHA-1 is + * deprecated and RSA with 1024 bits is considered weak. + */ + public byte[] signSHA1withRSA(PrivateKey privateKey, byte[] data) throws Exception { + Signature signature = Signature.getInstance("SHA1withRSA"); + signature.initSign(privateKey); + signature.update(data); + return signature.sign(); + } + + /** + * Verify data using SHA1withRSA. + * + * CBOM/SAST Notes: - Parent: Legacy Digital Signature. - Verification of + * SHA1withRSA is insecure. + */ + public boolean verifySHA1withRSA(PublicKey publicKey, byte[] data, byte[] sigBytes) throws Exception { + Signature signature = Signature.getInstance("SHA1withRSA"); + signature.initVerify(publicKey); + signature.update(data); + return signature.verify(sigBytes); + } + + /////////////////////////////////////// + // Nuanced Edge-Case Examples + /////////////////////////////////////// + + /** + * Demonstrates signing and verifying an empty message. + * + * CBOM/SAST Notes: + * - Edge Case: Signing empty input should be handled correctly but might be + * unexpected. + */ + public void signAndVerifyEmptyMessage() throws Exception { + byte[] emptyMessage = new byte[0]; + KeyPair kp = generateRSAPSSKeyPair(); + byte[] sig = signRSAPSS(kp.getPrivate(), emptyMessage); + boolean verified = verifyRSAPSS(kp.getPublic(), emptyMessage, sig); + System.out.println("Empty message signature verified? " + verified); + } + + /** + * Demonstrates that even a slight tampering with the signature will cause + * verification to fail. + * + * CBOM/SAST Notes: - Edge Case: Signature integrity is critical. Any + * change-even a single byte-should invalidate the signature. + */ + public void tamperSignatureEdgeCase() throws Exception { + byte[] message = "Important Message".getBytes(); + KeyPair kp = generateECDSAKeyPair(); + byte[] originalSig = signECDSA(kp.getPrivate(), message); + // Tamper with the signature by flipping one bit. + byte[] tamperedSig = originalSig.clone(); + tamperedSig[0] ^= 0x01; + boolean verifiedOriginal = verifyECDSA(kp.getPublic(), message, originalSig); + boolean verifiedTampered = verifyECDSA(kp.getPublic(), message, tamperedSig); + System.out.println("Original ECDSA signature verified? " + verifiedOriginal); + System.out.println("Tampered ECDSA signature verified? " + verifiedTampered); + } + + /** + * Demonstrates dynamic signature algorithm selection. This is a "known + * unknown" scenario where the algorithm is chosen at runtime based on + * configuration. If the configuration is compromised or misconfigured, an + * insecure algorithm might be selected. + * + * CBOM/SAST Notes: - Known Unknown: Dynamic configuration introduces + * ambiguity and risk. - Ensure that fallback defaults are secure. + */ + public void dynamicSignatureSelectionDemo() throws Exception { + // Simulate loading a configuration. + Properties config = new Properties(); + // For demonstration, let's assume the config might specify an algorithm. + // Possible values: "SHA256withRSAandMGF1", "SHA256withECDSA", "Ed25519", + // "SHA1withRSA" + // Here we simulate an unknown or insecure algorithm being selected. + config.setProperty("signature.algorithm", "SHA1withRSA"); // Insecure choice! + String algorithm = config.getProperty("signature.algorithm", "SHA256withRSAandMGF1"); + + KeyPair kp; + Signature signature; + if ("SHA256withRSAandMGF1".equalsIgnoreCase(algorithm)) { + kp = generateRSAPSSKeyPair(); + signature = Signature.getInstance("SHA256withRSAandMGF1"); + } else if ("SHA256withECDSA".equalsIgnoreCase(algorithm)) { + kp = generateECDSAKeyPair(); + signature = Signature.getInstance("SHA256withECDSA", "BC"); + } else if ("Ed25519".equalsIgnoreCase(algorithm)) { + kp = generateEd25519KeyPair(); + signature = Signature.getInstance("Ed25519", "BC"); + } else if ("SHA1withRSA".equalsIgnoreCase(algorithm)) { + kp = generateRSAUnsafeKeyPair(); + signature = Signature.getInstance("SHA1withRSA"); + } else { + // Fallback to a secure default. + kp = generateRSAPSSKeyPair(); + signature = Signature.getInstance("SHA256withRSAandMGF1"); + } + + byte[] message = "Dynamic Signature Demo".getBytes(); + signature.initSign(kp.getPrivate()); + signature.update(message); + byte[] sigBytes = signature.sign(); + // Verify using the same algorithm. + signature.initVerify(kp.getPublic()); + signature.update(message); + boolean verified = signature.verify(sigBytes); + System.out.println("Dynamic algorithm (" + algorithm + ") signature verified? " + verified); + } + + /////////////////////////////////////// + // Demo Method: runSignatureDemos + /////////////////////////////////////// + + /** + * Demonstrates digital signature operations for various algorithms. + * It generates key pairs, signs a message, and verifies the signature for: + * - RSA-PSS + * - ECDSA (secp256r1) + * - Ed25519 + * - SHA1withRSA (deprecated/unsafe) + * Additionally, it runs several edge-case demos. + * + * CBOM/SAST Classification: + * - Shows both modern, secure signature schemes and a deprecated example. + * - Also demonstrates handling of edge cases and dynamic selection risks. + */ + public void runSignatureDemos() throws Exception { + byte[] message = "Hello Signature World!".getBytes(); + + // ============ RSA-PSS ============ + KeyPair rsaPssKP = generateRSAPSSKeyPair(); + byte[] rsaPssSig = signRSAPSS(rsaPssKP.getPrivate(), message); + System.out.println("RSA-PSS Signature: " + Base64.getEncoder().encodeToString(rsaPssSig)); + boolean rsaPssVerified = verifyRSAPSS(rsaPssKP.getPublic(), message, rsaPssSig); + System.out.println("RSA-PSS Verified? " + rsaPssVerified); + + // ============ ECDSA (secp256r1) ============ + KeyPair ecdsaKP = generateECDSAKeyPair(); + byte[] ecdsaSig = signECDSA(ecdsaKP.getPrivate(), message); + System.out.println("ECDSA Signature: " + Base64.getEncoder().encodeToString(ecdsaSig)); + boolean ecdsaVerified = verifyECDSA(ecdsaKP.getPublic(), message, ecdsaSig); + System.out.println("ECDSA Verified? " + ecdsaVerified); + + // ============ Ed25519 ============ + KeyPair ed25519KP = generateEd25519KeyPair(); + byte[] ed25519Sig = signEd25519(ed25519KP.getPrivate(), message); + System.out.println("Ed25519 Signature: " + Base64.getEncoder().encodeToString(ed25519Sig)); + boolean ed25519Verified = verifyEd25519(ed25519KP.getPublic(), message, ed25519Sig); + System.out.println("Ed25519 Verified? " + ed25519Verified); + + // ============ SHA1withRSA (Deprecated/Unsafe) ============ + KeyPair rsaUnsafeKP = generateRSAUnsafeKeyPair(); + byte[] rsaUnsafeSig = signSHA1withRSA(rsaUnsafeKP.getPrivate(), message); + System.out.println("SHA1withRSA Signature (Insecure): " + Base64.getEncoder().encodeToString(rsaUnsafeSig)); + boolean rsaUnsafeVerified = verifySHA1withRSA(rsaUnsafeKP.getPublic(), message, rsaUnsafeSig); + System.out.println("SHA1withRSA Verified? " + rsaUnsafeVerified); + + // ============ Edge Cases ============ + signAndVerifyEmptyMessage(); + tamperSignatureEdgeCase(); + dynamicSignatureSelectionDemo(); + } +} diff --git a/java/ql/test/experimental/library-tests/quantum/jca/SymmetricAlgorithm.java b/java/ql/test/experimental/library-tests/quantum/jca/SymmetricAlgorithm.java new file mode 100644 index 00000000000..ce07eab5b59 --- /dev/null +++ b/java/ql/test/experimental/library-tests/quantum/jca/SymmetricAlgorithm.java @@ -0,0 +1,348 @@ +package com.example.crypto.algorithms; + +// import org.bouncycastle.jce.provider.BouncyCastleProvider; +import java.security.*; + +import javax.crypto.Cipher; +import javax.crypto.KeyGenerator; +import javax.crypto.Mac; +import javax.crypto.SecretKey; +import javax.crypto.spec.GCMParameterSpec; +import javax.crypto.spec.IvParameterSpec; +import javax.crypto.spec.SecretKeySpec; +import javax.crypto.SecretKeyFactory; +import javax.crypto.spec.PBEKeySpec; +import java.security.SecureRandom; +import java.util.Arrays; +import java.util.Base64; + +/** + * SymmetricAlgorithmTest demonstrates various symmetric encryption flows and + * key derivation scenarios that can be analyzed by SAST tools. + * + * It includes: 1) AES-GCM encryption with random nonce (secure). 2) AES-GCM + * encryption with fixed nonce (insecure). 3) AES-CBC encryption with random IV + * (secure). 4) AES-ECB encryption (insecure). 5) RC4 encryption (insecure). 6) + * DES and TripleDES encryption (insecure/weak). 7) ChaCha20 encryption (secure, + * if available). 8) KMAC-based key derivation used to derive a key for AES + * encryption. 9) Dynamic symmetric encryption selection based on configuration. + * 10) Further use: deriving two keys from symmetric key material via PBKDF2. + * + * SAST/CBOM notes: - Nonce/IV reuse (e.g., fixed nonce) must be flagged. - + * Insecure algorithms (RC4, DES, TripleDES, AES/ECB) are marked as unsafe. - + * Dynamic selection may lead to insecure fallback if misconfigured. + */ +public class SymmetricAlgorithm { + + // static { + // Security.addProvider(new BouncyCastleProvider()); + // } + // ---------- Secure Symmetric Encryption Flows ---------- + /** + * AES-GCM encryption using a 12-byte random nonce. SAST: AES-GCM is secure + * when a unique nonce is used per encryption. + * + * @param key The AES key. + * @param plaintext The plaintext to encrypt. + * @return The IV prepended to the ciphertext. + * @throws Exception if encryption fails. + */ + public byte[] aesGcmEncryptSafe(SecretKey key, byte[] plaintext) throws Exception { + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + byte[] iv = new byte[12]; // Recommended 12-byte nonce for GCM. + new SecureRandom().nextBytes(iv); + GCMParameterSpec spec = new GCMParameterSpec(128, iv); + cipher.init(Cipher.ENCRYPT_MODE, key, spec); + byte[] ciphertext = cipher.doFinal(plaintext); + byte[] output = new byte[iv.length + ciphertext.length]; + System.arraycopy(iv, 0, output, 0, iv.length); + System.arraycopy(ciphertext, 0, output, iv.length, ciphertext.length); + return output; + } + + /** + * AES-GCM encryption using a fixed (constant) nonce. SAST: Fixed nonce + * reuse in AES-GCM is insecure as it destroys confidentiality. + * + * @param key The AES key. + * @param plaintext The plaintext to encrypt. + * @return The fixed IV prepended to the ciphertext. + * @throws Exception if encryption fails. + */ + public byte[] aesGcmEncryptUnsafe(SecretKey key, byte[] plaintext) throws Exception { + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + byte[] iv = new byte[12]; // Fixed IV (all zeros by default) - insecure. + GCMParameterSpec spec = new GCMParameterSpec(128, iv); + cipher.init(Cipher.ENCRYPT_MODE, key, spec); + byte[] ciphertext = cipher.doFinal(plaintext); + byte[] output = new byte[iv.length + ciphertext.length]; + System.arraycopy(iv, 0, output, 0, iv.length); + System.arraycopy(ciphertext, 0, output, iv.length, ciphertext.length); + return output; + } + + /** + * AES-CBC encryption using a random IV. SAST: AES-CBC is secure if IVs are + * random and not reused. + * + * @param key The AES key. + * @param plaintext The plaintext to encrypt. + * @return The IV prepended to the ciphertext. + * @throws Exception if encryption fails. + */ + public byte[] aesCbcEncryptSafe(SecretKey key, byte[] plaintext) throws Exception { + Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); + byte[] iv = new byte[16]; // 16-byte IV for AES block size. + new SecureRandom().nextBytes(iv); + IvParameterSpec ivSpec = new IvParameterSpec(iv); + cipher.init(Cipher.ENCRYPT_MODE, key, ivSpec); + byte[] ciphertext = cipher.doFinal(plaintext); + byte[] output = new byte[iv.length + ciphertext.length]; + System.arraycopy(iv, 0, output, 0, iv.length); + System.arraycopy(ciphertext, 0, output, iv.length, ciphertext.length); + return output; + } + + /** + * AES-ECB encryption. SAST: ECB mode is insecure as it does not use an IV, + * revealing data patterns. + * + * @param key The AES key. + * @param plaintext The plaintext to encrypt. + * @return The ciphertext. + * @throws Exception if encryption fails. + */ + public byte[] aesEcbEncryptUnsafe(SecretKey key, byte[] plaintext) throws Exception { + Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding"); + cipher.init(Cipher.ENCRYPT_MODE, key); + return cipher.doFinal(plaintext); + } + + // ---------- Other Symmetric Algorithms ---------- + /** + * RC4 encryption. SAST: RC4 is deprecated due to vulnerabilities. + * + * @param key The RC4 key. + * @param plaintext The plaintext to encrypt. + * @return The ciphertext. + * @throws Exception if encryption fails. + */ + public byte[] rc4EncryptUnsafe(SecretKey key, byte[] plaintext) throws Exception { + Cipher cipher = Cipher.getInstance("RC4"); + cipher.init(Cipher.ENCRYPT_MODE, key); + return cipher.doFinal(plaintext); + } + + /** + * DES encryption. SAST: DES is insecure due to its 56-bit effective key + * size. + * + * @param key The DES key. + * @param plaintext The plaintext to encrypt. + * @return The IV prepended to the ciphertext. + * @throws Exception if encryption fails. + */ + public byte[] desEncryptUnsafe(SecretKey key, byte[] plaintext) throws Exception { + Cipher cipher = Cipher.getInstance("DES/CBC/PKCS5Padding"); + byte[] iv = new byte[8]; + new SecureRandom().nextBytes(iv); + IvParameterSpec ivSpec = new IvParameterSpec(iv); + cipher.init(Cipher.ENCRYPT_MODE, key, ivSpec); + byte[] ciphertext = cipher.doFinal(plaintext); + byte[] output = new byte[iv.length + ciphertext.length]; + System.arraycopy(iv, 0, output, 0, iv.length); + System.arraycopy(ciphertext, 0, output, iv.length, ciphertext.length); + return output; + } + + /** + * TripleDES (DESede) encryption. SAST: TripleDES is weak by modern + * standards and is deprecated. + * + * @param key The TripleDES key. + * @param plaintext The plaintext to encrypt. + * @return The IV prepended to the ciphertext. + * @throws Exception if encryption fails. + */ + public byte[] tripleDesEncryptUnsafe(SecretKey key, byte[] plaintext) throws Exception { + Cipher cipher = Cipher.getInstance("DESede/CBC/PKCS5Padding"); + byte[] iv = new byte[8]; + new SecureRandom().nextBytes(iv); + IvParameterSpec ivSpec = new IvParameterSpec(iv); + cipher.init(Cipher.ENCRYPT_MODE, key, ivSpec); + byte[] ciphertext = cipher.doFinal(plaintext); + byte[] output = new byte[iv.length + ciphertext.length]; + System.arraycopy(iv, 0, output, 0, iv.length); + System.arraycopy(ciphertext, 0, output, iv.length, ciphertext.length); + return output; + } + + /** + * ChaCha20 encryption. SAST: ChaCha20 is considered secure and is a modern + * alternative to AES. + * + * @param key The ChaCha20 key. + * @param plaintext The plaintext to encrypt. + * @return The nonce prepended to the ciphertext. + * @throws Exception if encryption fails. + */ + public byte[] chacha20EncryptSafe(SecretKey key, byte[] plaintext) throws Exception { + Cipher cipher = Cipher.getInstance("ChaCha20", "BC"); + byte[] nonce = new byte[12]; // ChaCha20 typically uses a 12-byte nonce. + new SecureRandom().nextBytes(nonce); + // ChaCha20 may require an IvParameterSpec for the nonce. + cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(nonce)); + byte[] ciphertext = cipher.doFinal(plaintext); + byte[] output = new byte[nonce.length + ciphertext.length]; + System.arraycopy(nonce, 0, output, 0, nonce.length); + System.arraycopy(ciphertext, 0, output, nonce.length, ciphertext.length); + return output; + } + + /** + * KMAC-based flow: Uses KMAC128 to derive key material for AES encryption. + * SAST: KMAC128 is secure as part of the SHA-3 family when used correctly. + * + * @param key The KMAC key. + * @param plaintext The plaintext to encrypt. + * @return The ciphertext (with IV) resulting from encryption with a derived + * key. + * @throws Exception if encryption fails. + */ + public byte[] kmacEncryptFlow(SecretKey key, byte[] plaintext) throws Exception { + Mac kmac = Mac.getInstance("KMAC128", "BC"); + kmac.init(key); + byte[] kmacOutput = kmac.doFinal(plaintext); + // Use the first 16 bytes of KMAC output as an AES key. + SecretKey derivedKey = new SecretKeySpec(kmacOutput, 0, 16, "AES"); + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + byte[] iv = new byte[12]; + new SecureRandom().nextBytes(iv); + GCMParameterSpec spec = new GCMParameterSpec(128, iv); + cipher.init(Cipher.ENCRYPT_MODE, derivedKey, spec); + byte[] ciphertext = cipher.doFinal(plaintext); + byte[] output = new byte[iv.length + ciphertext.length]; + System.arraycopy(iv, 0, output, 0, iv.length); + System.arraycopy(ciphertext, 0, output, iv.length, ciphertext.length); + return output; + } + + // ---------- Dynamic Algorithm Selection ---------- + /** + * Dynamically selects a symmetric encryption algorithm based on a + * configuration property. If the algorithm is unknown or ambiguous, falls + * back to an insecure default (AES/ECB). + * + * SAST: Dynamic selection introduces a known unknown risk. + * + * @param algorithm The algorithm name from configuration. + * @param key The symmetric key. + * @param plaintext The plaintext to encrypt. + * @return The ciphertext. + * @throws Exception if encryption fails. + */ + public byte[] dynamicSymmetricEncryption(String algorithm, SecretKey key, byte[] plaintext) throws Exception { + if ("AES/GCM/NoPadding".equalsIgnoreCase(algorithm)) { + return aesGcmEncryptSafe(key, plaintext); + } else if ("AES/CBC/PKCS5Padding".equalsIgnoreCase(algorithm)) { + return aesCbcEncryptSafe(key, plaintext); + } else if ("AES/ECB/PKCS5Padding".equalsIgnoreCase(algorithm)) { + return aesEcbEncryptUnsafe(key, plaintext); + } else if ("RC4".equalsIgnoreCase(algorithm)) { + return rc4EncryptUnsafe(key, plaintext); + } else if ("ChaCha20".equalsIgnoreCase(algorithm)) { + return chacha20EncryptSafe(key, plaintext); + } else { + // Unknown algorithm: fallback to insecure AES/ECB. + return aesEcbEncryptUnsafe(key, plaintext); + } + } + + // ---------- Further Use of Symmetric Keys ---------- + /** + * Derives a key from an input key by simple truncation. SAST: This approach + * is ambiguous; a proper KDF should be used. + * + * @param key The input symmetric key. + * @return A derived 128-bit key. + */ + public byte[] deriveKeyFromKey(SecretKey key) { + byte[] keyBytes = key.getEncoded(); + return Arrays.copyOf(keyBytes, 16); + } + + /** + * Further use: Derives two separate keys from a symmetric key using PBKDF2, + * then uses one key for encryption and one for MACing ciphertext. SAST: + * This key-splitting approach is acceptable if PBKDF2 is used securely. + * + * @param key The input key material. + * @param plaintext The plaintext to encrypt. + * @return The concatenated ciphertext and its MAC. + * @throws Exception if key derivation or encryption fails. + */ + public byte[] furtherUseSymmetricKeyForKeyDerivation(SecretKey key, byte[] plaintext) throws Exception { + String keyAsString = Base64.getEncoder().encodeToString(key.getEncoded()); + byte[] salt = generateSalt(16); + PBEKeySpec spec = new PBEKeySpec(keyAsString.toCharArray(), salt, 10000, 256); + SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256"); + byte[] derived = factory.generateSecret(spec).getEncoded(); + byte[] encKeyBytes = Arrays.copyOfRange(derived, 0, 16); + byte[] macKeyBytes = Arrays.copyOfRange(derived, 16, 32); + SecretKey encKey = new SecretKeySpec(encKeyBytes, "AES"); + SecretKey derivedMacKey = new SecretKeySpec(macKeyBytes, "HmacSHA256"); + + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + byte[] iv = new byte[12]; + new SecureRandom().nextBytes(iv); + cipher.init(Cipher.ENCRYPT_MODE, encKey, new GCMParameterSpec(128, iv)); + byte[] ciphertext = cipher.doFinal(plaintext); + + Mac mac = Mac.getInstance("HmacSHA256"); + mac.init(derivedMacKey); + byte[] computedMac = mac.doFinal(ciphertext); + + byte[] output = new byte[ciphertext.length + computedMac.length]; + System.arraycopy(ciphertext, 0, output, 0, ciphertext.length); + System.arraycopy(computedMac, 0, output, ciphertext.length, computedMac.length); + storeEncryptedOutput(output); + return output; + } + + /** + * Stores the encrypted output. SAST: In production, secure + * storage/transmission is required. + * + * @param output The output to store. + */ + public void storeEncryptedOutput(byte[] output) { + String stored = Base64.getEncoder().encodeToString(output); + } + + // ---------- Helper Methods ---------- + /** + * Generates a secure 256-bit AES key. SAST: Uses a strong RNG for key + * generation. + * + * @return A new AES SecretKey. + * @throws Exception if key generation fails. + */ + public SecretKey generateAESKey() throws Exception { + KeyGenerator kg = KeyGenerator.getInstance("AES"); + kg.init(256); + return kg.generateKey(); + } + + /** + * Generates a random salt of the specified length using SecureRandom. SAST: + * Salting is essential for secure key derivation. + * + * @param length The salt length. + * @return A byte array representing the salt. + */ + private byte[] generateSalt(int length) { + byte[] salt = new byte[length]; + new SecureRandom().nextBytes(salt); + return salt; + } +} diff --git a/java/ql/test/experimental/library-tests/quantum/jca/SymmetricModesTest.java b/java/ql/test/experimental/library-tests/quantum/jca/SymmetricModesTest.java new file mode 100644 index 00000000000..18df2602a7d --- /dev/null +++ b/java/ql/test/experimental/library-tests/quantum/jca/SymmetricModesTest.java @@ -0,0 +1,131 @@ +package com.example.crypto.algorithms; + +//import org.bouncycastle.jce.provider.BouncyCastleProvider; +import java.security.SecureRandom; +import java.util.Base64; +import javax.crypto.Cipher; +import javax.crypto.KeyGenerator; +import javax.crypto.SecretKey; +import javax.crypto.spec.IvParameterSpec; + +/** + * SymmetricModesTest demonstrates the use of advanced cipher modes for + * symmetric encryption: + * + * 1. AES/KWP/NoPadding: Uses AES Key Wrap with Padding (KWP) to securely wrap + * (encrypt) a key. - Secure usage: Uses a randomly generated wrapping key. + * + * 2. AES/OFB8/NoPadding: Uses AES in Output Feedback mode with an 8-bit + * feedback size. - Secure usage: Uses a random IV for each encryption. - + * Insecure usage: Using a fixed IV (or nonce) in OFB mode compromises + * confidentiality. + * + * In production, algorithm parameters (such as mode, padding, and IV + * generation) should be externalized via configuration files to support crypto + * agility. + */ +public class SymmetricModesTest { + + // static { + // // Register BouncyCastle provider for additional cipher modes. + // Security.addProvider(new BouncyCastleProvider()); + // } + // --------------------------- + // AES/KWP/NoPadding Example + // --------------------------- + /** + * Securely wraps a target AES key using AES/KWP/NoPadding. + * + * Best Practice: - The wrapping key must be generated randomly. - AES/KWP + * provides key wrapping with padding, suitable for keys whose lengths are + * not multiples of the block size. + * + * @return The Base64-encoded wrapped key. + * @throws Exception if an error occurs during key wrapping. + */ + public String secureAESKWPWrap() throws Exception { + // Generate a random wrapping key (256-bit) for key wrapping. + KeyGenerator kg = KeyGenerator.getInstance("AES"); + kg.init(256, new SecureRandom()); + SecretKey wrappingKey = kg.generateKey(); + + // Generate a target AES key to be wrapped (128-bit). + kg.init(128, new SecureRandom()); + SecretKey targetKey = kg.generateKey(); + + // Use AES/KWP (Key Wrap with Padding) to wrap the target key. + Cipher cipher = Cipher.getInstance("AES/KWP/NoPadding", "BC"); + cipher.init(Cipher.WRAP_MODE, wrappingKey); + byte[] wrappedKey = cipher.wrap(targetKey); + + return Base64.getEncoder().encodeToString(wrappedKey); + } + + // --------------------------- + // AES/OFB8/NoPadding Examples + // --------------------------- + /** + * Securely encrypts plaintext using AES in OFB mode with an 8-bit feedback + * size (AES/OFB8/NoPadding). + * + * Best Practice: - Use a fresh, random IV for each encryption operation. + * + * @param key The AES key. + * @param plaintext The plaintext to encrypt. + * @return The ciphertext (Base64-encoded) with the IV prepended. + * @throws Exception if encryption fails. + */ + public String secureAesOfb8Encryption(SecretKey key, byte[] plaintext) throws Exception { + Cipher cipher = Cipher.getInstance("AES/OFB8/NoPadding", "BC"); + byte[] iv = new byte[16]; // IV size for AES block cipher (128-bit) even if feedback is 8-bit. + new SecureRandom().nextBytes(iv); + IvParameterSpec ivSpec = new IvParameterSpec(iv); + cipher.init(Cipher.ENCRYPT_MODE, key, ivSpec); + byte[] ciphertext = cipher.doFinal(plaintext); + // Prepend IV to ciphertext (as is common practice) + byte[] output = new byte[iv.length + ciphertext.length]; + System.arraycopy(iv, 0, output, 0, iv.length); + System.arraycopy(ciphertext, 0, output, iv.length, ciphertext.length); + return Base64.getEncoder().encodeToString(output); + } + + /** + * Insecurely encrypts plaintext using AES in OFB mode with an 8-bit + * feedback size (AES/OFB8/NoPadding) by using a fixed IV. + * + * Best Practice Violation: - Using a fixed IV (or nonce) with any + * encryption mode (including OFB) compromises the cipher's security. + * + * @param key The AES key. + * @param plaintext The plaintext to encrypt. + * @return The ciphertext (Base64-encoded) with the fixed IV prepended. + * @throws Exception if encryption fails. + */ + public String insecureAesOfb8Encryption(SecretKey key, byte[] plaintext) throws Exception { + Cipher cipher = Cipher.getInstance("AES/OFB8/NoPadding", "BC"); + // Fixed IV: Insecure because it causes nonce/IV reuse. + byte[] fixedIV = new byte[16]; // All zeros. + IvParameterSpec ivSpec = new IvParameterSpec(fixedIV); + cipher.init(Cipher.ENCRYPT_MODE, key, ivSpec); + byte[] ciphertext = cipher.doFinal(plaintext); + byte[] output = new byte[fixedIV.length + ciphertext.length]; + System.arraycopy(fixedIV, 0, output, 0, fixedIV.length); + System.arraycopy(ciphertext, 0, output, fixedIV.length, ciphertext.length); + return Base64.getEncoder().encodeToString(output); + } + + // --------------------------- + // Helper Methods + // --------------------------- + /** + * Generates a secure 256-bit AES key. + * + * @return A new AES SecretKey. + * @throws Exception if key generation fails. + */ + public SecretKey generateAESKey() throws Exception { + KeyGenerator kg = KeyGenerator.getInstance("AES"); + kg.init(256, new SecureRandom()); + return kg.generateKey(); + } +} diff --git a/java/ql/test/experimental/library-tests/quantum/jca/UniversalFlowTest.java b/java/ql/test/experimental/library-tests/quantum/jca/UniversalFlowTest.java new file mode 100644 index 00000000000..43a508951f8 --- /dev/null +++ b/java/ql/test/experimental/library-tests/quantum/jca/UniversalFlowTest.java @@ -0,0 +1,49 @@ +package com.example.crypto.algorithms; + +// import org.bouncycastle.jce.provider.BouncyCastleProvider; +import javax.crypto.Cipher; +import javax.crypto.KeyGenerator; +import javax.crypto.SecretKey; +import javax.crypto.spec.GCMParameterSpec; +import java.security.*; +import java.util.Base64; +import java.util.Random; +import java.nio.file.Path; +import java.nio.file.Paths; +import java.nio.file.Files; +import java.io.IOException; + +public class UniversalFlowTest { + + public void simpleAESEncryption() throws Exception { + String algorithm = "AES"; + String otherAlgorithm = loadAlgorithmFromDisk(); + + // Randomly select between the known algorithm and the one loaded from disk + String selectedAlgorithm = (new Random().nextInt(2) == 0) ? algorithm : otherAlgorithm; + + KeyGenerator keyGen = KeyGenerator.getInstance(selectedAlgorithm); + keyGen.init(256); // 256-bit AES key. + SecretKey key = keyGen.generateKey(); + String algorithm2 = "AES/GCM/NoPadding"; + Cipher cipher = Cipher.getInstance(algorithm2); + byte[] iv = new byte[12]; // 12-byte IV recommended for GCM. + new SecureRandom().nextBytes(iv); + GCMParameterSpec gcmSpec = new GCMParameterSpec(128, iv); // 128-bit authentication tag. + cipher.init(Cipher.ENCRYPT_MODE, key, gcmSpec); + byte[] encryptedData = cipher.doFinal("Sensitive Data".getBytes()); + } + +// Method to load algorithm from disk + private String loadAlgorithmFromDisk() { + try { + // Implementation to load algorithm name from a file + Path path = Paths.get("algorithm.txt"); + return Files.readString(path).trim(); + } catch (IOException e) { + // Fallback to default algorithm if loading fails + System.err.println("Failed to load algorithm from disk: " + e.getMessage()); + return "AES"; + } + } +} diff --git a/java/ql/test/experimental/library-tests/quantum/node_edges.expected b/java/ql/test/experimental/library-tests/quantum/node_edges.expected new file mode 100644 index 00000000000..94e4d2bf056 --- /dev/null +++ b/java/ql/test/experimental/library-tests/quantum/node_edges.expected @@ -0,0 +1,1725 @@ +| jca/AesWrapAndPBEWith.java:60:33:60:48 | KeyGeneration | Algorithm | jca/AesWrapAndPBEWith.java:58:52:58:56 | KeyOperationAlgorithm | +| jca/AesWrapAndPBEWith.java:60:33:60:48 | KeyGeneration | Output | jca/AesWrapAndPBEWith.java:60:33:60:48 | Key | +| jca/AesWrapAndPBEWith.java:63:31:63:46 | KeyGeneration | Algorithm | jca/AesWrapAndPBEWith.java:58:52:58:56 | KeyOperationAlgorithm | +| jca/AesWrapAndPBEWith.java:63:31:63:46 | KeyGeneration | Output | jca/AesWrapAndPBEWith.java:63:31:63:46 | Key | +| jca/AesWrapAndPBEWith.java:65:44:65:52 | KeyOperationAlgorithm | Mode | jca/AesWrapAndPBEWith.java:65:44:65:52 | KeyOperationAlgorithm | +| jca/AesWrapAndPBEWith.java:65:44:65:52 | KeyOperationAlgorithm | Padding | jca/AesWrapAndPBEWith.java:65:44:65:52 | KeyOperationAlgorithm | +| jca/AesWrapAndPBEWith.java:66:39:66:49 | Key | Source | jca/AesWrapAndPBEWith.java:60:33:60:48 | Key | +| jca/AesWrapAndPBEWith.java:67:29:67:50 | WrapOperation | Algorithm | jca/AesWrapAndPBEWith.java:65:44:65:52 | KeyOperationAlgorithm | +| jca/AesWrapAndPBEWith.java:67:29:67:50 | WrapOperation | Input | jca/AesWrapAndPBEWith.java:67:41:67:49 | Message | +| jca/AesWrapAndPBEWith.java:67:29:67:50 | WrapOperation | Key | jca/AesWrapAndPBEWith.java:66:39:66:49 | Key | +| jca/AesWrapAndPBEWith.java:67:29:67:50 | WrapOperation | Nonce | jca/AesWrapAndPBEWith.java:67:29:67:50 | WrapOperation | +| jca/AesWrapAndPBEWith.java:67:29:67:50 | WrapOperation | Output | jca/AesWrapAndPBEWith.java:67:29:67:50 | KeyOperationOutput | +| jca/AesWrapAndPBEWith.java:67:41:67:49 | Message | Source | jca/AesWrapAndPBEWith.java:63:31:63:46 | Key | +| jca/AesWrapAndPBEWith.java:85:31:85:46 | KeyGeneration | Algorithm | jca/AesWrapAndPBEWith.java:83:52:83:56 | KeyOperationAlgorithm | +| jca/AesWrapAndPBEWith.java:85:31:85:46 | KeyGeneration | Output | jca/AesWrapAndPBEWith.java:85:31:85:46 | Key | +| jca/AesWrapAndPBEWith.java:87:44:87:52 | KeyOperationAlgorithm | Mode | jca/AesWrapAndPBEWith.java:87:44:87:52 | KeyOperationAlgorithm | +| jca/AesWrapAndPBEWith.java:87:44:87:52 | KeyOperationAlgorithm | Padding | jca/AesWrapAndPBEWith.java:87:44:87:52 | KeyOperationAlgorithm | +| jca/AesWrapAndPBEWith.java:88:39:88:49 | Key | Source | jca/AesWrapAndPBEWith.java:88:39:88:49 | Key | +| jca/AesWrapAndPBEWith.java:89:29:89:50 | WrapOperation | Algorithm | jca/AesWrapAndPBEWith.java:87:44:87:52 | KeyOperationAlgorithm | +| jca/AesWrapAndPBEWith.java:89:29:89:50 | WrapOperation | Input | jca/AesWrapAndPBEWith.java:89:41:89:49 | Message | +| jca/AesWrapAndPBEWith.java:89:29:89:50 | WrapOperation | Key | jca/AesWrapAndPBEWith.java:88:39:88:49 | Key | +| jca/AesWrapAndPBEWith.java:89:29:89:50 | WrapOperation | Nonce | jca/AesWrapAndPBEWith.java:89:29:89:50 | WrapOperation | +| jca/AesWrapAndPBEWith.java:89:29:89:50 | WrapOperation | Output | jca/AesWrapAndPBEWith.java:89:29:89:50 | KeyOperationOutput | +| jca/AesWrapAndPBEWith.java:89:41:89:49 | Message | Source | jca/AesWrapAndPBEWith.java:85:31:85:46 | Key | +| jca/AesWrapAndPBEWith.java:107:42:107:63 | Message | Source | jca/AesWrapAndPBEWith.java:200:55:200:69 | Parameter | +| jca/AesWrapAndPBEWith.java:107:66:107:69 | Salt | Source | jca/AesWrapAndPBEWith.java:106:34:106:37 | Constant | +| jca/AesWrapAndPBEWith.java:109:27:109:54 | KeyDerivation | Algorithm | jca/AesWrapAndPBEWith.java:108:65:108:82 | KeyDerivationAlgorithm | +| jca/AesWrapAndPBEWith.java:109:27:109:54 | KeyDerivation | Input | jca/AesWrapAndPBEWith.java:107:42:107:63 | Message | +| jca/AesWrapAndPBEWith.java:109:27:109:54 | KeyDerivation | Output | jca/AesWrapAndPBEWith.java:109:27:109:54 | Key | +| jca/AesWrapAndPBEWith.java:109:27:109:54 | KeyDerivation | Salt | jca/AesWrapAndPBEWith.java:107:66:107:69 | Salt | +| jca/AesWrapAndPBEWith.java:123:42:123:63 | Message | Source | jca/AesWrapAndPBEWith.java:200:55:200:69 | Parameter | +| jca/AesWrapAndPBEWith.java:123:66:123:69 | Salt | Source | jca/AesWrapAndPBEWith.java:122:9:122:42 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:123:66:123:69 | Salt | Source | jca/AesWrapAndPBEWith.java:122:38:122:41 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:124:65:124:86 | HMACAlgorithm | H | jca/AesWrapAndPBEWith.java:124:65:124:86 | HashAlgorithm | +| jca/AesWrapAndPBEWith.java:124:65:124:86 | KeyDerivationAlgorithm | PRF | jca/AesWrapAndPBEWith.java:124:65:124:86 | HMACAlgorithm | +| jca/AesWrapAndPBEWith.java:125:27:125:54 | KeyDerivation | Algorithm | jca/AesWrapAndPBEWith.java:124:65:124:86 | KeyDerivationAlgorithm | +| jca/AesWrapAndPBEWith.java:125:27:125:54 | KeyDerivation | Input | jca/AesWrapAndPBEWith.java:123:42:123:63 | Message | +| jca/AesWrapAndPBEWith.java:125:27:125:54 | KeyDerivation | Output | jca/AesWrapAndPBEWith.java:125:27:125:54 | Key | +| jca/AesWrapAndPBEWith.java:125:27:125:54 | KeyDerivation | Salt | jca/AesWrapAndPBEWith.java:123:66:123:69 | Salt | +| jca/AesWrapAndPBEWith.java:141:42:141:63 | Message | Source | jca/AesWrapAndPBEWith.java:200:55:200:69 | Parameter | +| jca/AesWrapAndPBEWith.java:141:66:141:69 | Salt | Source | jca/AesWrapAndPBEWith.java:140:9:140:42 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:141:66:141:69 | Salt | Source | jca/AesWrapAndPBEWith.java:140:38:140:41 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:143:28:143:55 | KeyDerivation | Algorithm | jca/AesWrapAndPBEWith.java:142:65:142:98 | KeyDerivationAlgorithm | +| jca/AesWrapAndPBEWith.java:143:28:143:55 | KeyDerivation | Input | jca/AesWrapAndPBEWith.java:141:42:141:63 | Message | +| jca/AesWrapAndPBEWith.java:143:28:143:55 | KeyDerivation | Output | jca/AesWrapAndPBEWith.java:143:28:143:55 | Key | +| jca/AesWrapAndPBEWith.java:143:28:143:55 | KeyDerivation | Salt | jca/AesWrapAndPBEWith.java:141:66:141:69 | Salt | +| jca/AesWrapAndPBEWith.java:146:44:146:65 | KeyOperationAlgorithm | Mode | jca/AesWrapAndPBEWith.java:146:44:146:65 | ModeOfOperation | +| jca/AesWrapAndPBEWith.java:146:44:146:65 | KeyOperationAlgorithm | Padding | jca/AesWrapAndPBEWith.java:146:44:146:65 | PaddingAlgorithm | +| jca/AesWrapAndPBEWith.java:150:42:150:47 | Key | Source | jca/AesWrapAndPBEWith.java:150:42:150:47 | Key | +| jca/AesWrapAndPBEWith.java:150:50:150:55 | Nonce | Source | jca/AesWrapAndPBEWith.java:148:9:148:40 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:150:50:150:55 | Nonce | Source | jca/AesWrapAndPBEWith.java:148:38:148:39 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:151:29:151:64 | EncryptOperation | Algorithm | jca/AesWrapAndPBEWith.java:146:44:146:65 | KeyOperationAlgorithm | +| jca/AesWrapAndPBEWith.java:151:29:151:64 | EncryptOperation | Input | jca/AesWrapAndPBEWith.java:151:44:151:63 | Message | +| jca/AesWrapAndPBEWith.java:151:29:151:64 | EncryptOperation | Key | jca/AesWrapAndPBEWith.java:150:42:150:47 | Key | +| jca/AesWrapAndPBEWith.java:151:29:151:64 | EncryptOperation | Nonce | jca/AesWrapAndPBEWith.java:150:50:150:55 | Nonce | +| jca/AesWrapAndPBEWith.java:151:29:151:64 | EncryptOperation | Output | jca/AesWrapAndPBEWith.java:151:29:151:64 | KeyOperationOutput | +| jca/AesWrapAndPBEWith.java:151:44:151:63 | Message | Source | jca/AesWrapAndPBEWith.java:200:72:200:87 | Parameter | +| jca/AesWrapAndPBEWith.java:168:42:168:63 | Message | Source | jca/AesWrapAndPBEWith.java:200:55:200:69 | Parameter | +| jca/AesWrapAndPBEWith.java:168:66:168:69 | Salt | Source | jca/AesWrapAndPBEWith.java:167:9:167:42 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:168:66:168:69 | Salt | Source | jca/AesWrapAndPBEWith.java:167:38:167:41 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:170:28:170:55 | KeyDerivation | Algorithm | jca/AesWrapAndPBEWith.java:169:65:169:96 | KeyDerivationAlgorithm | +| jca/AesWrapAndPBEWith.java:170:28:170:55 | KeyDerivation | Input | jca/AesWrapAndPBEWith.java:168:42:168:63 | Message | +| jca/AesWrapAndPBEWith.java:170:28:170:55 | KeyDerivation | Output | jca/AesWrapAndPBEWith.java:170:28:170:55 | Key | +| jca/AesWrapAndPBEWith.java:170:28:170:55 | KeyDerivation | Salt | jca/AesWrapAndPBEWith.java:168:66:168:69 | Salt | +| jca/AesWrapAndPBEWith.java:173:44:173:65 | KeyOperationAlgorithm | Mode | jca/AesWrapAndPBEWith.java:173:44:173:65 | ModeOfOperation | +| jca/AesWrapAndPBEWith.java:173:44:173:65 | KeyOperationAlgorithm | Padding | jca/AesWrapAndPBEWith.java:173:44:173:65 | PaddingAlgorithm | +| jca/AesWrapAndPBEWith.java:177:42:177:47 | Key | Source | jca/AesWrapAndPBEWith.java:177:42:177:47 | Key | +| jca/AesWrapAndPBEWith.java:177:50:177:55 | Nonce | Source | jca/AesWrapAndPBEWith.java:175:9:175:40 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:177:50:177:55 | Nonce | Source | jca/AesWrapAndPBEWith.java:175:38:175:39 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:178:29:178:64 | EncryptOperation | Algorithm | jca/AesWrapAndPBEWith.java:173:44:173:65 | KeyOperationAlgorithm | +| jca/AesWrapAndPBEWith.java:178:29:178:64 | EncryptOperation | Input | jca/AesWrapAndPBEWith.java:178:44:178:63 | Message | +| jca/AesWrapAndPBEWith.java:178:29:178:64 | EncryptOperation | Key | jca/AesWrapAndPBEWith.java:177:42:177:47 | Key | +| jca/AesWrapAndPBEWith.java:178:29:178:64 | EncryptOperation | Nonce | jca/AesWrapAndPBEWith.java:177:50:177:55 | Nonce | +| jca/AesWrapAndPBEWith.java:178:29:178:64 | EncryptOperation | Output | jca/AesWrapAndPBEWith.java:178:29:178:64 | KeyOperationOutput | +| jca/AesWrapAndPBEWith.java:178:44:178:63 | Message | Source | jca/AesWrapAndPBEWith.java:200:72:200:87 | Parameter | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:87:16:87:36 | Key | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:86:47:86:57 | EllipticCurve | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:87:16:87:36 | KeyGeneration | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:86:47:86:57 | EllipticCurve | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:87:16:87:36 | KeyGeneration | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:87:16:87:36 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:96:16:96:36 | Key | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:94:61:94:68 | KeyAgreementAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:96:16:96:36 | KeyGeneration | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:94:61:94:68 | KeyAgreementAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:96:16:96:36 | KeyGeneration | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:96:16:96:36 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:109:17:109:26 | Key | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:87:16:87:36 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:110:20:110:28 | Key | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:87:16:87:36 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:111:16:111:34 | KeyAgreementOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:215:91:215:96 | KeyAgreementAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:111:16:111:34 | KeyAgreementOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:239:95:239:100 | KeyAgreementAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:111:16:111:34 | KeyAgreementOperation | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:111:16:111:34 | SharedSecret | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:111:16:111:34 | KeyAgreementOperation | PeerKey | jca/AsymmetricEncryptionMacHybridCryptosystem.java:110:20:110:28 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:111:16:111:34 | KeyAgreementOperation | ServerKey | jca/AsymmetricEncryptionMacHybridCryptosystem.java:109:17:109:26 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:111:16:111:34 | SharedSecret | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:111:16:111:34 | SharedSecret | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:124:23:124:42 | Digest | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:124:23:124:42 | Digest | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:124:23:124:42 | HashOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:123:58:123:66 | HashAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:124:23:124:42 | HashOperation | Digest | jca/AsymmetricEncryptionMacHybridCryptosystem.java:124:23:124:42 | Digest | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:124:23:124:42 | HashOperation | Message | jca/AsymmetricEncryptionMacHybridCryptosystem.java:124:37:124:41 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:124:37:124:41 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:111:16:111:34 | SharedSecret | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:147:16:147:36 | Key | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:145:61:145:65 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:147:16:147:36 | KeyGeneration | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:145:61:145:65 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:147:16:147:36 | KeyGeneration | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:147:16:147:36 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:156:16:156:36 | Key | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:154:61:154:65 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:156:16:156:36 | KeyGeneration | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:154:61:154:65 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:156:16:156:36 | KeyGeneration | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:156:16:156:36 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | KeyOperationAlgorithm | Mode | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | ModeOfOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | KeyOperationAlgorithm | Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | PaddingAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | PaddingAlgorithm | MD | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | HashAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | PaddingAlgorithm | MGF1Hash | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | PaddingAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:167:42:167:58 | Key | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:147:16:147:36 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:168:34:168:55 | WrapOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:168:34:168:55 | WrapOperation | Input | jca/AsymmetricEncryptionMacHybridCryptosystem.java:168:49:168:54 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:168:34:168:55 | WrapOperation | Key | jca/AsymmetricEncryptionMacHybridCryptosystem.java:167:42:167:58 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:168:34:168:55 | WrapOperation | Nonce | jca/AsymmetricEncryptionMacHybridCryptosystem.java:168:34:168:55 | WrapOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:168:34:168:55 | WrapOperation | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:168:34:168:55 | KeyOperationOutput | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:168:49:168:54 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:322:16:322:31 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | KeyOperationAlgorithm | Mode | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | ModeOfOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | KeyOperationAlgorithm | Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | PaddingAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:173:45:173:50 | Key | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:173:45:173:50 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:173:53:173:81 | Nonce | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:171:9:171:40 | RandomNumberGeneration | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:173:53:173:81 | Nonce | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:171:38:171:39 | RandomNumberGeneration | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:174:29:174:56 | EncryptOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:174:29:174:56 | EncryptOperation | Input | jca/AsymmetricEncryptionMacHybridCryptosystem.java:174:47:174:55 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:174:29:174:56 | EncryptOperation | Key | jca/AsymmetricEncryptionMacHybridCryptosystem.java:173:45:173:50 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:174:29:174:56 | EncryptOperation | Nonce | jca/AsymmetricEncryptionMacHybridCryptosystem.java:173:53:173:81 | Nonce | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:174:29:174:56 | EncryptOperation | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:174:29:174:56 | KeyOperationOutput | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:174:47:174:55 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:271:58:271:73 | Parameter | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:190:47:190:68 | KeyOperationAlgorithm | Mode | jca/AsymmetricEncryptionMacHybridCryptosystem.java:190:47:190:68 | ModeOfOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:190:47:190:68 | KeyOperationAlgorithm | Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:190:47:190:68 | PaddingAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:191:42:191:58 | Key | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:156:16:156:36 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:192:34:192:55 | WrapOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:190:47:190:68 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:192:34:192:55 | WrapOperation | Input | jca/AsymmetricEncryptionMacHybridCryptosystem.java:192:49:192:54 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:192:34:192:55 | WrapOperation | Key | jca/AsymmetricEncryptionMacHybridCryptosystem.java:191:42:191:58 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:192:34:192:55 | WrapOperation | Nonce | jca/AsymmetricEncryptionMacHybridCryptosystem.java:192:34:192:55 | WrapOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:192:34:192:55 | WrapOperation | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:192:34:192:55 | KeyOperationOutput | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:192:49:192:54 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:322:16:322:31 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:195:47:195:65 | KeyOperationAlgorithm | Mode | jca/AsymmetricEncryptionMacHybridCryptosystem.java:195:47:195:65 | ModeOfOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:195:47:195:65 | KeyOperationAlgorithm | Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:195:47:195:65 | PaddingAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:196:45:196:50 | Key | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:196:45:196:50 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:196:53:196:86 | Nonce | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:196:53:196:86 | Nonce | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:197:29:197:56 | EncryptOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:195:47:195:65 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:197:29:197:56 | EncryptOperation | Input | jca/AsymmetricEncryptionMacHybridCryptosystem.java:197:47:197:55 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:197:29:197:56 | EncryptOperation | Key | jca/AsymmetricEncryptionMacHybridCryptosystem.java:196:45:196:50 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:197:29:197:56 | EncryptOperation | Nonce | jca/AsymmetricEncryptionMacHybridCryptosystem.java:196:53:196:86 | Nonce | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:197:29:197:56 | EncryptOperation | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:197:29:197:56 | KeyOperationOutput | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:197:47:197:55 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:271:58:271:73 | Parameter | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | KeyOperationAlgorithm | Mode | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | ModeOfOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | KeyOperationAlgorithm | Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | PaddingAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:222:42:222:47 | Key | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:222:42:222:47 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:222:50:222:78 | Nonce | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:220:9:220:40 | RandomNumberGeneration | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:222:50:222:78 | Nonce | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:220:38:220:39 | RandomNumberGeneration | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:223:29:223:53 | EncryptOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:223:29:223:53 | EncryptOperation | Input | jca/AsymmetricEncryptionMacHybridCryptosystem.java:223:44:223:52 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:223:29:223:53 | EncryptOperation | Key | jca/AsymmetricEncryptionMacHybridCryptosystem.java:222:42:222:47 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:223:29:223:53 | EncryptOperation | Nonce | jca/AsymmetricEncryptionMacHybridCryptosystem.java:222:50:222:78 | Nonce | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:223:29:223:53 | EncryptOperation | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:223:29:223:53 | KeyOperationOutput | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:223:44:223:52 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:271:58:271:73 | Parameter | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:244:44:244:62 | KeyOperationAlgorithm | Mode | jca/AsymmetricEncryptionMacHybridCryptosystem.java:244:44:244:62 | ModeOfOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:244:44:244:62 | KeyOperationAlgorithm | Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:244:44:244:62 | PaddingAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:245:42:245:47 | Key | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:245:42:245:47 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:245:50:245:83 | Nonce | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:245:50:245:83 | Nonce | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:246:29:246:53 | EncryptOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:244:44:244:62 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:246:29:246:53 | EncryptOperation | Input | jca/AsymmetricEncryptionMacHybridCryptosystem.java:246:44:246:52 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:246:29:246:53 | EncryptOperation | Key | jca/AsymmetricEncryptionMacHybridCryptosystem.java:245:42:245:47 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:246:29:246:53 | EncryptOperation | Nonce | jca/AsymmetricEncryptionMacHybridCryptosystem.java:245:50:245:83 | Nonce | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:246:29:246:53 | EncryptOperation | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:246:29:246:53 | KeyOperationOutput | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:246:44:246:52 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:271:58:271:73 | Parameter | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | KeyOperationAlgorithm | Mode | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | KeyOperationAlgorithm | Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:297:18:297:26 | Key | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:297:18:297:26 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | MACOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | MACOperation | HashAlgorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | MACOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | MACOperation | Input | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:28:298:45 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | MACOperation | Key | jca/AsymmetricEncryptionMacHybridCryptosystem.java:297:18:297:26 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | MACOperation | Message | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:28:298:45 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | MACOperation | Nonce | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | MACOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | MACOperation | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | KeyOperationOutput | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:28:298:45 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:28:298:45 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | KeyOperationAlgorithm | Mode | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | KeyOperationAlgorithm | Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:308:18:308:26 | Key | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:308:18:308:26 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | MACOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | MACOperation | HashAlgorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | MACOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | MACOperation | Input | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:28:309:45 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | MACOperation | Key | jca/AsymmetricEncryptionMacHybridCryptosystem.java:308:18:308:26 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | MACOperation | Message | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:28:309:45 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | MACOperation | Nonce | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | MACOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | MACOperation | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | KeyOperationOutput | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:28:309:45 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:28:309:45 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:322:16:322:31 | KeyGeneration | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:320:52:320:56 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:322:16:322:31 | KeyGeneration | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:322:16:322:31 | Key | +| jca/ChainedEncryptionTest.java:19:44:19:62 | KeyOperationAlgorithm | Mode | jca/ChainedEncryptionTest.java:19:44:19:62 | ModeOfOperation | +| jca/ChainedEncryptionTest.java:19:44:19:62 | KeyOperationAlgorithm | Padding | jca/ChainedEncryptionTest.java:19:44:19:62 | PaddingAlgorithm | +| jca/ChainedEncryptionTest.java:23:42:23:44 | Key | Source | jca/ChainedEncryptionTest.java:119:28:119:47 | Key | +| jca/ChainedEncryptionTest.java:23:47:23:50 | Nonce | Source | jca/ChainedEncryptionTest.java:21:9:21:40 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:23:47:23:50 | Nonce | Source | jca/ChainedEncryptionTest.java:21:38:21:39 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:24:29:24:53 | EncryptOperation | Algorithm | jca/ChainedEncryptionTest.java:19:44:19:62 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:24:29:24:53 | EncryptOperation | Input | jca/ChainedEncryptionTest.java:24:44:24:52 | Message | +| jca/ChainedEncryptionTest.java:24:29:24:53 | EncryptOperation | Key | jca/ChainedEncryptionTest.java:23:42:23:44 | Key | +| jca/ChainedEncryptionTest.java:24:29:24:53 | EncryptOperation | Nonce | jca/ChainedEncryptionTest.java:23:47:23:50 | Nonce | +| jca/ChainedEncryptionTest.java:24:29:24:53 | EncryptOperation | Output | jca/ChainedEncryptionTest.java:24:29:24:53 | KeyOperationOutput | +| jca/ChainedEncryptionTest.java:24:44:24:52 | Message | Source | jca/ChainedEncryptionTest.java:126:31:126:57 | Constant | +| jca/ChainedEncryptionTest.java:32:44:32:62 | KeyOperationAlgorithm | Mode | jca/ChainedEncryptionTest.java:32:44:32:62 | ModeOfOperation | +| jca/ChainedEncryptionTest.java:32:44:32:62 | KeyOperationAlgorithm | Padding | jca/ChainedEncryptionTest.java:32:44:32:62 | PaddingAlgorithm | +| jca/ChainedEncryptionTest.java:34:42:34:44 | Key | Source | jca/ChainedEncryptionTest.java:119:28:119:47 | Key | +| jca/ChainedEncryptionTest.java:34:47:34:50 | Nonce | Source | jca/ChainedEncryptionTest.java:34:47:34:50 | Nonce | +| jca/ChainedEncryptionTest.java:35:16:35:41 | DecryptOperation | Algorithm | jca/ChainedEncryptionTest.java:32:44:32:62 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:35:16:35:41 | DecryptOperation | Input | jca/ChainedEncryptionTest.java:35:31:35:40 | Message | +| jca/ChainedEncryptionTest.java:35:16:35:41 | DecryptOperation | Key | jca/ChainedEncryptionTest.java:34:42:34:44 | Key | +| jca/ChainedEncryptionTest.java:35:16:35:41 | DecryptOperation | Nonce | jca/ChainedEncryptionTest.java:34:47:34:50 | Nonce | +| jca/ChainedEncryptionTest.java:35:16:35:41 | DecryptOperation | Output | jca/ChainedEncryptionTest.java:35:16:35:41 | KeyOperationOutput | +| jca/ChainedEncryptionTest.java:35:31:35:40 | Message | Source | jca/ChainedEncryptionTest.java:35:31:35:40 | Message | +| jca/ChainedEncryptionTest.java:40:44:40:62 | KeyOperationAlgorithm | Mode | jca/ChainedEncryptionTest.java:40:44:40:62 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:40:44:40:62 | KeyOperationAlgorithm | Padding | jca/ChainedEncryptionTest.java:40:44:40:62 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:43:42:43:44 | Key | Source | jca/ChainedEncryptionTest.java:124:31:124:53 | Key | +| jca/ChainedEncryptionTest.java:43:47:43:72 | Nonce | Source | jca/ChainedEncryptionTest.java:42:9:42:43 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:43:47:43:72 | Nonce | Source | jca/ChainedEncryptionTest.java:42:38:42:42 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:44:29:44:53 | EncryptOperation | Algorithm | jca/ChainedEncryptionTest.java:40:44:40:62 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:44:29:44:53 | EncryptOperation | Input | jca/ChainedEncryptionTest.java:44:44:44:52 | Message | +| jca/ChainedEncryptionTest.java:44:29:44:53 | EncryptOperation | Key | jca/ChainedEncryptionTest.java:43:42:43:44 | Key | +| jca/ChainedEncryptionTest.java:44:29:44:53 | EncryptOperation | Nonce | jca/ChainedEncryptionTest.java:43:47:43:72 | Nonce | +| jca/ChainedEncryptionTest.java:44:29:44:53 | EncryptOperation | Output | jca/ChainedEncryptionTest.java:44:29:44:53 | KeyOperationOutput | +| jca/ChainedEncryptionTest.java:44:44:44:52 | Message | Source | jca/ChainedEncryptionTest.java:44:44:44:52 | Message | +| jca/ChainedEncryptionTest.java:52:44:52:62 | KeyOperationAlgorithm | Mode | jca/ChainedEncryptionTest.java:52:44:52:62 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:52:44:52:62 | KeyOperationAlgorithm | Padding | jca/ChainedEncryptionTest.java:52:44:52:62 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:53:42:53:44 | Key | Source | jca/ChainedEncryptionTest.java:124:31:124:53 | Key | +| jca/ChainedEncryptionTest.java:53:47:53:72 | Nonce | Source | jca/ChainedEncryptionTest.java:53:47:53:72 | Nonce | +| jca/ChainedEncryptionTest.java:54:16:54:41 | DecryptOperation | Algorithm | jca/ChainedEncryptionTest.java:52:44:52:62 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:54:16:54:41 | DecryptOperation | Input | jca/ChainedEncryptionTest.java:54:31:54:40 | Message | +| jca/ChainedEncryptionTest.java:54:16:54:41 | DecryptOperation | Key | jca/ChainedEncryptionTest.java:53:42:53:44 | Key | +| jca/ChainedEncryptionTest.java:54:16:54:41 | DecryptOperation | Nonce | jca/ChainedEncryptionTest.java:53:47:53:72 | Nonce | +| jca/ChainedEncryptionTest.java:54:16:54:41 | DecryptOperation | Output | jca/ChainedEncryptionTest.java:54:16:54:41 | KeyOperationOutput | +| jca/ChainedEncryptionTest.java:54:31:54:40 | Message | Source | jca/ChainedEncryptionTest.java:54:31:54:40 | Message | +| jca/ChainedEncryptionTest.java:81:30:81:49 | KeyGeneration | Algorithm | jca/ChainedEncryptionTest.java:79:56:79:60 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:81:30:81:49 | KeyGeneration | Output | jca/ChainedEncryptionTest.java:81:30:81:49 | Key | +| jca/ChainedEncryptionTest.java:85:30:85:52 | KeyGeneration | Algorithm | jca/ChainedEncryptionTest.java:83:59:83:68 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:85:30:85:52 | KeyGeneration | Output | jca/ChainedEncryptionTest.java:85:30:85:52 | Key | +| jca/ChainedEncryptionTest.java:90:47:90:65 | KeyOperationAlgorithm | Mode | jca/ChainedEncryptionTest.java:90:47:90:65 | ModeOfOperation | +| jca/ChainedEncryptionTest.java:90:47:90:65 | KeyOperationAlgorithm | Padding | jca/ChainedEncryptionTest.java:90:47:90:65 | PaddingAlgorithm | +| jca/ChainedEncryptionTest.java:92:45:92:52 | Key | Source | jca/ChainedEncryptionTest.java:81:30:81:49 | Key | +| jca/ChainedEncryptionTest.java:92:55:92:61 | Nonce | Source | jca/ChainedEncryptionTest.java:89:9:89:43 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:92:55:92:61 | Nonce | Source | jca/ChainedEncryptionTest.java:89:38:89:42 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:93:34:93:62 | EncryptOperation | Algorithm | jca/ChainedEncryptionTest.java:90:47:90:65 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:93:34:93:62 | EncryptOperation | Input | jca/ChainedEncryptionTest.java:93:52:93:61 | Message | +| jca/ChainedEncryptionTest.java:93:34:93:62 | EncryptOperation | Key | jca/ChainedEncryptionTest.java:92:45:92:52 | Key | +| jca/ChainedEncryptionTest.java:93:34:93:62 | EncryptOperation | Nonce | jca/ChainedEncryptionTest.java:92:55:92:61 | Nonce | +| jca/ChainedEncryptionTest.java:93:34:93:62 | EncryptOperation | Output | jca/ChainedEncryptionTest.java:93:34:93:62 | KeyOperationOutput | +| jca/ChainedEncryptionTest.java:93:52:93:61 | Message | Source | jca/ChainedEncryptionTest.java:75:46:75:61 | Parameter | +| jca/ChainedEncryptionTest.java:98:50:98:68 | KeyOperationAlgorithm | Mode | jca/ChainedEncryptionTest.java:98:50:98:68 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:98:50:98:68 | KeyOperationAlgorithm | Padding | jca/ChainedEncryptionTest.java:98:50:98:68 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:99:48:99:55 | Key | Source | jca/ChainedEncryptionTest.java:85:30:85:52 | Key | +| jca/ChainedEncryptionTest.java:99:58:99:89 | Nonce | Source | jca/ChainedEncryptionTest.java:97:9:97:49 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:99:58:99:89 | Nonce | Source | jca/ChainedEncryptionTest.java:97:38:97:48 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:100:34:100:70 | EncryptOperation | Algorithm | jca/ChainedEncryptionTest.java:98:50:98:68 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:100:34:100:70 | EncryptOperation | Input | jca/ChainedEncryptionTest.java:100:55:100:69 | Message | +| jca/ChainedEncryptionTest.java:100:34:100:70 | EncryptOperation | Key | jca/ChainedEncryptionTest.java:99:48:99:55 | Key | +| jca/ChainedEncryptionTest.java:100:34:100:70 | EncryptOperation | Nonce | jca/ChainedEncryptionTest.java:99:58:99:89 | Nonce | +| jca/ChainedEncryptionTest.java:100:34:100:70 | EncryptOperation | Output | jca/ChainedEncryptionTest.java:100:34:100:70 | KeyOperationOutput | +| jca/ChainedEncryptionTest.java:100:55:100:69 | Message | Source | jca/ChainedEncryptionTest.java:93:34:93:62 | KeyOperationOutput | +| jca/ChainedEncryptionTest.java:103:47:103:65 | KeyOperationAlgorithm | Mode | jca/ChainedEncryptionTest.java:103:47:103:65 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:103:47:103:65 | KeyOperationAlgorithm | Padding | jca/ChainedEncryptionTest.java:103:47:103:65 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:104:45:104:52 | Key | Source | jca/ChainedEncryptionTest.java:104:45:104:52 | Key | +| jca/ChainedEncryptionTest.java:104:55:104:86 | Nonce | Source | jca/ChainedEncryptionTest.java:97:9:97:49 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:104:55:104:86 | Nonce | Source | jca/ChainedEncryptionTest.java:97:38:97:48 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:105:43:105:76 | DecryptOperation | Algorithm | jca/ChainedEncryptionTest.java:103:47:103:65 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:105:43:105:76 | DecryptOperation | Input | jca/ChainedEncryptionTest.java:105:61:105:75 | Message | +| jca/ChainedEncryptionTest.java:105:43:105:76 | DecryptOperation | Key | jca/ChainedEncryptionTest.java:104:45:104:52 | Key | +| jca/ChainedEncryptionTest.java:105:43:105:76 | DecryptOperation | Nonce | jca/ChainedEncryptionTest.java:104:55:104:86 | Nonce | +| jca/ChainedEncryptionTest.java:105:43:105:76 | DecryptOperation | Output | jca/ChainedEncryptionTest.java:105:43:105:76 | KeyOperationOutput | +| jca/ChainedEncryptionTest.java:105:61:105:75 | Message | Source | jca/ChainedEncryptionTest.java:100:34:100:70 | KeyOperationOutput | +| jca/ChainedEncryptionTest.java:108:44:108:62 | KeyOperationAlgorithm | Mode | jca/ChainedEncryptionTest.java:108:44:108:62 | ModeOfOperation | +| jca/ChainedEncryptionTest.java:108:44:108:62 | KeyOperationAlgorithm | Padding | jca/ChainedEncryptionTest.java:108:44:108:62 | PaddingAlgorithm | +| jca/ChainedEncryptionTest.java:109:42:109:49 | Key | Source | jca/ChainedEncryptionTest.java:109:42:109:49 | Key | +| jca/ChainedEncryptionTest.java:109:52:109:83 | Nonce | Source | jca/ChainedEncryptionTest.java:89:9:89:43 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:109:52:109:83 | Nonce | Source | jca/ChainedEncryptionTest.java:89:38:89:42 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:110:37:110:76 | DecryptOperation | Algorithm | jca/ChainedEncryptionTest.java:108:44:108:62 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:110:37:110:76 | DecryptOperation | Input | jca/ChainedEncryptionTest.java:110:52:110:75 | Message | +| jca/ChainedEncryptionTest.java:110:37:110:76 | DecryptOperation | Key | jca/ChainedEncryptionTest.java:109:42:109:49 | Key | +| jca/ChainedEncryptionTest.java:110:37:110:76 | DecryptOperation | Nonce | jca/ChainedEncryptionTest.java:109:52:109:83 | Nonce | +| jca/ChainedEncryptionTest.java:110:37:110:76 | DecryptOperation | Output | jca/ChainedEncryptionTest.java:110:37:110:76 | KeyOperationOutput | +| jca/ChainedEncryptionTest.java:110:52:110:75 | Message | Source | jca/ChainedEncryptionTest.java:105:43:105:76 | KeyOperationOutput | +| jca/ChainedEncryptionTest.java:119:28:119:47 | KeyGeneration | Algorithm | jca/ChainedEncryptionTest.java:117:56:117:60 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:119:28:119:47 | KeyGeneration | Output | jca/ChainedEncryptionTest.java:119:28:119:47 | Key | +| jca/ChainedEncryptionTest.java:124:31:124:53 | KeyGeneration | Algorithm | jca/ChainedEncryptionTest.java:122:59:122:68 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:124:31:124:53 | KeyGeneration | Output | jca/ChainedEncryptionTest.java:124:31:124:53 | Key | +| jca/Digest.java:55:23:55:66 | Digest | Source | jca/Digest.java:55:23:55:66 | Digest | +| jca/Digest.java:55:23:55:66 | HashOperation | Algorithm | jca/Digest.java:54:58:54:66 | HashAlgorithm | +| jca/Digest.java:55:23:55:66 | HashOperation | Digest | jca/Digest.java:55:23:55:66 | Digest | +| jca/Digest.java:55:23:55:66 | HashOperation | Message | jca/Digest.java:55:37:55:65 | Message | +| jca/Digest.java:55:37:55:65 | Message | Source | jca/Digest.java:55:37:55:54 | Constant | +| jca/Digest.java:65:23:65:70 | Digest | Source | jca/Digest.java:65:23:65:70 | Digest | +| jca/Digest.java:65:23:65:70 | HashOperation | Algorithm | jca/Digest.java:64:61:64:65 | HashAlgorithm | +| jca/Digest.java:65:23:65:70 | HashOperation | Digest | jca/Digest.java:65:23:65:70 | Digest | +| jca/Digest.java:65:23:65:70 | HashOperation | Message | jca/Digest.java:65:40:65:69 | Message | +| jca/Digest.java:65:40:65:69 | Message | Source | jca/Digest.java:65:40:65:58 | Constant | +| jca/Digest.java:75:23:75:62 | Digest | Source | jca/Digest.java:75:23:75:62 | Digest | +| jca/Digest.java:75:23:75:62 | HashOperation | Algorithm | jca/Digest.java:74:64:74:72 | HashAlgorithm | +| jca/Digest.java:75:23:75:62 | HashOperation | Digest | jca/Digest.java:75:23:75:62 | Digest | +| jca/Digest.java:75:23:75:62 | HashOperation | Message | jca/Digest.java:75:43:75:61 | Message | +| jca/Digest.java:75:43:75:61 | Message | Source | jca/Digest.java:73:49:73:63 | Parameter | +| jca/Digest.java:86:23:86:26 | Message | Source | jca/Digest.java:253:9:253:42 | RandomNumberGeneration | +| jca/Digest.java:86:23:86:26 | Message | Source | jca/Digest.java:253:38:253:41 | RandomNumberGeneration | +| jca/Digest.java:87:23:87:56 | Digest | Source | jca/Digest.java:87:23:87:56 | Digest | +| jca/Digest.java:87:23:87:56 | HashOperation | Algorithm | jca/Digest.java:85:58:85:66 | HashAlgorithm | +| jca/Digest.java:87:23:87:56 | HashOperation | Digest | jca/Digest.java:87:23:87:56 | Digest | +| jca/Digest.java:87:23:87:56 | HashOperation | Message | jca/Digest.java:86:23:86:26 | Message | +| jca/Digest.java:87:23:87:56 | HashOperation | Message | jca/Digest.java:87:37:87:55 | Message | +| jca/Digest.java:87:37:87:55 | Message | Source | jca/Digest.java:83:37:83:51 | Parameter | +| jca/Digest.java:97:42:97:63 | Message | Source | jca/Digest.java:95:37:95:51 | Parameter | +| jca/Digest.java:97:66:97:69 | Salt | Source | jca/Digest.java:253:9:253:42 | RandomNumberGeneration | +| jca/Digest.java:97:66:97:69 | Salt | Source | jca/Digest.java:253:38:253:41 | RandomNumberGeneration | +| jca/Digest.java:98:65:98:86 | HMACAlgorithm | H | jca/Digest.java:98:65:98:86 | HashAlgorithm | +| jca/Digest.java:98:65:98:86 | KeyDerivationAlgorithm | PRF | jca/Digest.java:98:65:98:86 | HMACAlgorithm | +| jca/Digest.java:99:23:99:50 | KeyDerivation | Algorithm | jca/Digest.java:98:65:98:86 | KeyDerivationAlgorithm | +| jca/Digest.java:99:23:99:50 | KeyDerivation | Input | jca/Digest.java:97:42:97:63 | Message | +| jca/Digest.java:99:23:99:50 | KeyDerivation | Output | jca/Digest.java:99:23:99:50 | Key | +| jca/Digest.java:99:23:99:50 | KeyDerivation | Salt | jca/Digest.java:97:66:97:69 | Salt | +| jca/Digest.java:109:23:109:57 | Digest | Source | jca/Digest.java:109:23:109:57 | Digest | +| jca/Digest.java:109:23:109:57 | HashOperation | Algorithm | jca/Digest.java:108:62:108:68 | HashAlgorithm | +| jca/Digest.java:109:23:109:57 | HashOperation | Digest | jca/Digest.java:109:23:109:57 | Digest | +| jca/Digest.java:109:23:109:57 | HashOperation | Message | jca/Digest.java:109:41:109:56 | Message | +| jca/Digest.java:109:41:109:56 | Message | Source | jca/Digest.java:107:40:107:51 | Parameter | +| jca/Digest.java:118:36:118:47 | KeyOperationAlgorithm | Mode | jca/Digest.java:118:36:118:47 | KeyOperationAlgorithm | +| jca/Digest.java:118:36:118:47 | KeyOperationAlgorithm | Padding | jca/Digest.java:118:36:118:47 | KeyOperationAlgorithm | +| jca/Digest.java:120:19:120:27 | Key | Source | jca/Digest.java:117:49:117:58 | Parameter | +| jca/Digest.java:121:23:121:52 | MACOperation | Algorithm | jca/Digest.java:118:36:118:47 | KeyOperationAlgorithm | +| jca/Digest.java:121:23:121:52 | MACOperation | HashAlgorithm | jca/Digest.java:121:23:121:52 | MACOperation | +| jca/Digest.java:121:23:121:52 | MACOperation | Input | jca/Digest.java:121:36:121:51 | Message | +| jca/Digest.java:121:23:121:52 | MACOperation | Key | jca/Digest.java:120:19:120:27 | Key | +| jca/Digest.java:121:23:121:52 | MACOperation | Message | jca/Digest.java:121:36:121:51 | Message | +| jca/Digest.java:121:23:121:52 | MACOperation | Nonce | jca/Digest.java:121:23:121:52 | MACOperation | +| jca/Digest.java:121:23:121:52 | MACOperation | Output | jca/Digest.java:121:23:121:52 | KeyOperationOutput | +| jca/Digest.java:121:36:121:51 | Message | Source | jca/Digest.java:117:35:117:46 | Parameter | +| jca/Digest.java:140:44:140:62 | KeyOperationAlgorithm | Mode | jca/Digest.java:140:44:140:62 | ModeOfOperation | +| jca/Digest.java:140:44:140:62 | KeyOperationAlgorithm | Padding | jca/Digest.java:140:44:140:62 | PaddingAlgorithm | +| jca/Digest.java:141:42:141:44 | Key | Source | jca/Digest.java:141:42:141:44 | Key | +| jca/Digest.java:142:32:142:74 | EncryptOperation | Algorithm | jca/Digest.java:140:44:140:62 | KeyOperationAlgorithm | +| jca/Digest.java:142:32:142:74 | EncryptOperation | Input | jca/Digest.java:142:47:142:73 | Message | +| jca/Digest.java:142:32:142:74 | EncryptOperation | Key | jca/Digest.java:141:42:141:44 | Key | +| jca/Digest.java:142:32:142:74 | EncryptOperation | Nonce | jca/Digest.java:142:32:142:74 | EncryptOperation | +| jca/Digest.java:142:32:142:74 | EncryptOperation | Output | jca/Digest.java:142:32:142:74 | KeyOperationOutput | +| jca/Digest.java:142:47:142:73 | Message | Source | jca/Digest.java:142:47:142:62 | Constant | +| jca/Digest.java:176:42:176:71 | Message | Source | jca/Digest.java:171:50:171:62 | Parameter | +| jca/Digest.java:176:74:176:77 | Salt | Source | jca/Digest.java:253:9:253:42 | RandomNumberGeneration | +| jca/Digest.java:176:74:176:77 | Salt | Source | jca/Digest.java:253:38:253:41 | RandomNumberGeneration | +| jca/Digest.java:177:65:177:86 | HMACAlgorithm | H | jca/Digest.java:177:65:177:86 | HashAlgorithm | +| jca/Digest.java:177:65:177:86 | KeyDerivationAlgorithm | PRF | jca/Digest.java:177:65:177:86 | HMACAlgorithm | +| jca/Digest.java:178:30:178:57 | KeyDerivation | Algorithm | jca/Digest.java:177:65:177:86 | KeyDerivationAlgorithm | +| jca/Digest.java:178:30:178:57 | KeyDerivation | Input | jca/Digest.java:176:42:176:71 | Message | +| jca/Digest.java:178:30:178:57 | KeyDerivation | Output | jca/Digest.java:178:30:178:57 | Key | +| jca/Digest.java:178:30:178:57 | KeyDerivation | Salt | jca/Digest.java:176:74:176:77 | Salt | +| jca/Digest.java:186:44:186:62 | KeyOperationAlgorithm | Mode | jca/Digest.java:186:44:186:62 | ModeOfOperation | +| jca/Digest.java:186:44:186:62 | KeyOperationAlgorithm | Padding | jca/Digest.java:186:44:186:62 | PaddingAlgorithm | +| jca/Digest.java:187:42:187:54 | Key | Source | jca/Digest.java:187:42:187:54 | Key | +| jca/Digest.java:188:29:188:78 | EncryptOperation | Algorithm | jca/Digest.java:186:44:186:62 | KeyOperationAlgorithm | +| jca/Digest.java:188:29:188:78 | EncryptOperation | Input | jca/Digest.java:188:44:188:77 | Message | +| jca/Digest.java:188:29:188:78 | EncryptOperation | Key | jca/Digest.java:187:42:187:54 | Key | +| jca/Digest.java:188:29:188:78 | EncryptOperation | Nonce | jca/Digest.java:188:29:188:78 | EncryptOperation | +| jca/Digest.java:188:29:188:78 | EncryptOperation | Output | jca/Digest.java:188:29:188:78 | KeyOperationOutput | +| jca/Digest.java:188:44:188:77 | Message | Source | jca/Digest.java:188:44:188:66 | Constant | +| jca/Digest.java:191:35:191:46 | KeyOperationAlgorithm | Mode | jca/Digest.java:191:35:191:46 | KeyOperationAlgorithm | +| jca/Digest.java:191:35:191:46 | KeyOperationAlgorithm | Padding | jca/Digest.java:191:35:191:46 | KeyOperationAlgorithm | +| jca/Digest.java:192:18:192:23 | Key | Source | jca/Digest.java:192:18:192:23 | Key | +| jca/Digest.java:193:30:193:52 | MACOperation | Algorithm | jca/Digest.java:191:35:191:46 | KeyOperationAlgorithm | +| jca/Digest.java:193:30:193:52 | MACOperation | HashAlgorithm | jca/Digest.java:193:30:193:52 | MACOperation | +| jca/Digest.java:193:30:193:52 | MACOperation | Input | jca/Digest.java:193:42:193:51 | Message | +| jca/Digest.java:193:30:193:52 | MACOperation | Key | jca/Digest.java:192:18:192:23 | Key | +| jca/Digest.java:193:30:193:52 | MACOperation | Message | jca/Digest.java:193:42:193:51 | Message | +| jca/Digest.java:193:30:193:52 | MACOperation | Nonce | jca/Digest.java:193:30:193:52 | MACOperation | +| jca/Digest.java:193:30:193:52 | MACOperation | Output | jca/Digest.java:193:30:193:52 | KeyOperationOutput | +| jca/Digest.java:193:42:193:51 | Message | Source | jca/Digest.java:188:29:188:78 | KeyOperationOutput | +| jca/Digest.java:210:44:210:62 | KeyOperationAlgorithm | Mode | jca/Digest.java:210:44:210:62 | ModeOfOperation | +| jca/Digest.java:210:44:210:62 | KeyOperationAlgorithm | Padding | jca/Digest.java:210:44:210:62 | PaddingAlgorithm | +| jca/Digest.java:212:42:212:44 | Key | Source | jca/Digest.java:241:16:241:35 | Key | +| jca/Digest.java:213:32:213:51 | EncryptOperation | Algorithm | jca/Digest.java:210:44:210:62 | KeyOperationAlgorithm | +| jca/Digest.java:213:32:213:51 | EncryptOperation | Input | jca/Digest.java:213:47:213:50 | Message | +| jca/Digest.java:213:32:213:51 | EncryptOperation | Key | jca/Digest.java:212:42:212:44 | Key | +| jca/Digest.java:213:32:213:51 | EncryptOperation | Nonce | jca/Digest.java:213:32:213:51 | EncryptOperation | +| jca/Digest.java:213:32:213:51 | EncryptOperation | Output | jca/Digest.java:213:32:213:51 | KeyOperationOutput | +| jca/Digest.java:213:47:213:50 | Message | Source | jca/Digest.java:155:39:155:51 | Parameter | +| jca/Digest.java:241:16:241:35 | KeyGeneration | Algorithm | jca/Digest.java:239:56:239:60 | KeyOperationAlgorithm | +| jca/Digest.java:241:16:241:35 | KeyGeneration | Output | jca/Digest.java:241:16:241:35 | Key | +| jca/EllipticCurve1.java:47:16:47:36 | Key | Algorithm | jca/EllipticCurve1.java:46:66:46:76 | EllipticCurve | +| jca/EllipticCurve1.java:47:16:47:36 | KeyGeneration | Algorithm | jca/EllipticCurve1.java:46:66:46:76 | EllipticCurve | +| jca/EllipticCurve1.java:47:16:47:36 | KeyGeneration | Output | jca/EllipticCurve1.java:47:16:47:36 | Key | +| jca/EllipticCurve1.java:57:16:57:36 | Key | Algorithm | jca/EllipticCurve1.java:56:66:56:76 | EllipticCurve | +| jca/EllipticCurve1.java:57:16:57:36 | KeyGeneration | Algorithm | jca/EllipticCurve1.java:56:66:56:76 | EllipticCurve | +| jca/EllipticCurve1.java:57:16:57:36 | KeyGeneration | Output | jca/EllipticCurve1.java:57:16:57:36 | Key | +| jca/EllipticCurve1.java:67:16:67:36 | Key | Algorithm | jca/EllipticCurve1.java:66:66:66:82 | EllipticCurve | +| jca/EllipticCurve1.java:67:16:67:36 | KeyGeneration | Algorithm | jca/EllipticCurve1.java:66:66:66:82 | EllipticCurve | +| jca/EllipticCurve1.java:67:16:67:36 | KeyGeneration | Output | jca/EllipticCurve1.java:67:16:67:36 | Key | +| jca/EllipticCurve1.java:76:16:76:36 | Key | Algorithm | jca/EllipticCurve1.java:74:61:74:68 | KeyAgreementAlgorithm | +| jca/EllipticCurve1.java:76:16:76:36 | KeyGeneration | Algorithm | jca/EllipticCurve1.java:74:61:74:68 | KeyAgreementAlgorithm | +| jca/EllipticCurve1.java:76:16:76:36 | KeyGeneration | Output | jca/EllipticCurve1.java:76:16:76:36 | Key | +| jca/EllipticCurve1.java:84:16:84:36 | Key | Algorithm | jca/EllipticCurve1.java:83:61:83:66 | KeyAgreementAlgorithm | +| jca/EllipticCurve1.java:84:16:84:36 | KeyGeneration | Algorithm | jca/EllipticCurve1.java:83:61:83:66 | KeyAgreementAlgorithm | +| jca/EllipticCurve1.java:84:16:84:36 | KeyGeneration | Output | jca/EllipticCurve1.java:84:16:84:36 | Key | +| jca/EllipticCurve1.java:95:16:95:36 | Key | Algorithm | jca/EllipticCurve1.java:94:66:94:76 | EllipticCurve | +| jca/EllipticCurve1.java:95:16:95:36 | KeyGeneration | Algorithm | jca/EllipticCurve1.java:94:66:94:76 | EllipticCurve | +| jca/EllipticCurve1.java:95:16:95:36 | KeyGeneration | Output | jca/EllipticCurve1.java:95:16:95:36 | Key | +| jca/EllipticCurve1.java:106:16:106:36 | Key | Algorithm | jca/EllipticCurve1.java:105:66:105:76 | Constant | +| jca/EllipticCurve1.java:106:16:106:36 | KeyGeneration | Algorithm | jca/EllipticCurve1.java:105:66:105:76 | Constant | +| jca/EllipticCurve1.java:106:16:106:36 | KeyGeneration | Output | jca/EllipticCurve1.java:106:16:106:36 | Key | +| jca/EllipticCurve1.java:115:16:115:36 | Key | Algorithm | jca/EllipticCurve1.java:114:61:114:69 | Constant | +| jca/EllipticCurve1.java:115:16:115:36 | KeyGeneration | Algorithm | jca/EllipticCurve1.java:114:61:114:69 | Constant | +| jca/EllipticCurve1.java:115:16:115:36 | KeyGeneration | Output | jca/EllipticCurve1.java:115:16:115:36 | Key | +| jca/EllipticCurve2.java:47:16:47:36 | Key | Algorithm | jca/EllipticCurve2.java:46:47:46:57 | EllipticCurve | +| jca/EllipticCurve2.java:47:16:47:36 | KeyGeneration | Algorithm | jca/EllipticCurve2.java:46:47:46:57 | EllipticCurve | +| jca/EllipticCurve2.java:47:16:47:36 | KeyGeneration | Output | jca/EllipticCurve2.java:47:16:47:36 | Key | +| jca/EllipticCurve2.java:56:16:56:36 | Key | Algorithm | jca/EllipticCurve2.java:55:47:55:57 | EllipticCurve | +| jca/EllipticCurve2.java:56:16:56:36 | KeyGeneration | Algorithm | jca/EllipticCurve2.java:55:47:55:57 | EllipticCurve | +| jca/EllipticCurve2.java:56:16:56:36 | KeyGeneration | Output | jca/EllipticCurve2.java:56:16:56:36 | Key | +| jca/EllipticCurve2.java:65:16:65:36 | Key | Algorithm | jca/EllipticCurve2.java:64:47:64:63 | EllipticCurve | +| jca/EllipticCurve2.java:65:16:65:36 | KeyGeneration | Algorithm | jca/EllipticCurve2.java:64:47:64:63 | EllipticCurve | +| jca/EllipticCurve2.java:65:16:65:36 | KeyGeneration | Output | jca/EllipticCurve2.java:65:16:65:36 | Key | +| jca/EllipticCurve2.java:73:16:73:36 | Key | Algorithm | jca/EllipticCurve2.java:72:61:72:68 | KeyAgreementAlgorithm | +| jca/EllipticCurve2.java:73:16:73:36 | KeyGeneration | Algorithm | jca/EllipticCurve2.java:72:61:72:68 | KeyAgreementAlgorithm | +| jca/EllipticCurve2.java:73:16:73:36 | KeyGeneration | Output | jca/EllipticCurve2.java:73:16:73:36 | Key | +| jca/EllipticCurve2.java:81:16:81:36 | Key | Algorithm | jca/EllipticCurve2.java:80:61:80:69 | Constant | +| jca/EllipticCurve2.java:81:16:81:36 | KeyGeneration | Algorithm | jca/EllipticCurve2.java:80:61:80:69 | Constant | +| jca/EllipticCurve2.java:81:16:81:36 | KeyGeneration | Output | jca/EllipticCurve2.java:81:16:81:36 | Key | +| jca/EllipticCurve2.java:106:17:106:36 | Key | Source | jca/EllipticCurve2.java:47:16:47:36 | Key | +| jca/EllipticCurve2.java:107:20:107:36 | Key | Source | jca/EllipticCurve2.java:47:16:47:36 | Key | +| jca/EllipticCurve2.java:108:16:108:34 | KeyAgreementOperation | Algorithm | jca/EllipticCurve2.java:105:52:105:57 | KeyAgreementAlgorithm | +| jca/EllipticCurve2.java:108:16:108:34 | KeyAgreementOperation | Output | jca/EllipticCurve2.java:108:16:108:34 | SharedSecret | +| jca/EllipticCurve2.java:108:16:108:34 | KeyAgreementOperation | PeerKey | jca/EllipticCurve2.java:107:20:107:36 | Key | +| jca/EllipticCurve2.java:108:16:108:34 | KeyAgreementOperation | ServerKey | jca/EllipticCurve2.java:106:17:106:36 | Key | +| jca/EllipticCurve2.java:108:16:108:34 | SharedSecret | Source | jca/EllipticCurve2.java:108:16:108:34 | SharedSecret | +| jca/EllipticCurve2.java:120:17:120:37 | Key | Source | jca/EllipticCurve2.java:47:16:47:36 | Key | +| jca/EllipticCurve2.java:121:20:121:39 | Key | Source | jca/EllipticCurve2.java:47:16:47:36 | Key | +| jca/EllipticCurve2.java:122:16:122:34 | KeyAgreementOperation | Algorithm | jca/EllipticCurve2.java:119:52:119:57 | KeyAgreementAlgorithm | +| jca/EllipticCurve2.java:122:16:122:34 | KeyAgreementOperation | Output | jca/EllipticCurve2.java:122:16:122:34 | SharedSecret | +| jca/EllipticCurve2.java:122:16:122:34 | KeyAgreementOperation | PeerKey | jca/EllipticCurve2.java:121:20:121:39 | Key | +| jca/EllipticCurve2.java:122:16:122:34 | KeyAgreementOperation | ServerKey | jca/EllipticCurve2.java:120:17:120:37 | Key | +| jca/EllipticCurve2.java:122:16:122:34 | SharedSecret | Source | jca/EllipticCurve2.java:122:16:122:34 | SharedSecret | +| jca/EllipticCurve2.java:136:53:136:69 | KeyOperationAlgorithm | Mode | jca/EllipticCurve2.java:136:53:136:69 | KeyOperationAlgorithm | +| jca/EllipticCurve2.java:136:53:136:69 | KeyOperationAlgorithm | Padding | jca/EllipticCurve2.java:136:53:136:69 | KeyOperationAlgorithm | +| jca/EllipticCurve2.java:137:28:137:42 | Key | Source | jca/EllipticCurve2.java:47:16:47:36 | Key | +| jca/EllipticCurve2.java:138:26:138:32 | Message | Source | jca/EllipticCurve2.java:245:30:245:53 | Constant | +| jca/EllipticCurve2.java:139:16:139:31 | SignOperation | Algorithm | jca/EllipticCurve2.java:136:53:136:69 | KeyOperationAlgorithm | +| jca/EllipticCurve2.java:139:16:139:31 | SignOperation | HashAlgorithm | jca/EllipticCurve2.java:136:53:136:69 | HashAlgorithm | +| jca/EllipticCurve2.java:139:16:139:31 | SignOperation | Input | jca/EllipticCurve2.java:138:26:138:32 | Message | +| jca/EllipticCurve2.java:139:16:139:31 | SignOperation | Key | jca/EllipticCurve2.java:137:28:137:42 | Key | +| jca/EllipticCurve2.java:139:16:139:31 | SignOperation | Output | jca/EllipticCurve2.java:139:16:139:31 | SignatureOutput | +| jca/EllipticCurve2.java:151:53:151:69 | KeyOperationAlgorithm | Mode | jca/EllipticCurve2.java:151:53:151:69 | KeyOperationAlgorithm | +| jca/EllipticCurve2.java:151:53:151:69 | KeyOperationAlgorithm | Padding | jca/EllipticCurve2.java:151:53:151:69 | KeyOperationAlgorithm | +| jca/EllipticCurve2.java:152:30:152:43 | Key | Source | jca/EllipticCurve2.java:47:16:47:36 | Key | +| jca/EllipticCurve2.java:153:26:153:32 | Message | Source | jca/EllipticCurve2.java:245:30:245:53 | Constant | +| jca/EllipticCurve2.java:154:16:154:47 | VerifyOperation | Algorithm | jca/EllipticCurve2.java:151:53:151:69 | KeyOperationAlgorithm | +| jca/EllipticCurve2.java:154:16:154:47 | VerifyOperation | HashAlgorithm | jca/EllipticCurve2.java:151:53:151:69 | HashAlgorithm | +| jca/EllipticCurve2.java:154:16:154:47 | VerifyOperation | Input | jca/EllipticCurve2.java:153:26:153:32 | Message | +| jca/EllipticCurve2.java:154:16:154:47 | VerifyOperation | Key | jca/EllipticCurve2.java:152:30:152:43 | Key | +| jca/EllipticCurve2.java:154:16:154:47 | VerifyOperation | Signature | jca/EllipticCurve2.java:154:33:154:46 | SignatureInput | +| jca/EllipticCurve2.java:154:33:154:46 | SignatureInput | Source | jca/EllipticCurve2.java:139:16:139:31 | SignatureOutput | +| jca/EllipticCurve2.java:166:53:166:61 | KeyOperationAlgorithm | Mode | jca/EllipticCurve2.java:166:53:166:61 | KeyOperationAlgorithm | +| jca/EllipticCurve2.java:166:53:166:61 | KeyOperationAlgorithm | Padding | jca/EllipticCurve2.java:166:53:166:61 | KeyOperationAlgorithm | +| jca/EllipticCurve2.java:167:28:167:42 | Key | Source | jca/EllipticCurve2.java:81:16:81:36 | Key | +| jca/EllipticCurve2.java:168:26:168:32 | Message | Source | jca/EllipticCurve2.java:245:30:245:53 | Constant | +| jca/EllipticCurve2.java:169:16:169:31 | SignOperation | Algorithm | jca/EllipticCurve2.java:166:53:166:61 | KeyOperationAlgorithm | +| jca/EllipticCurve2.java:169:16:169:31 | SignOperation | HashAlgorithm | jca/EllipticCurve2.java:169:16:169:31 | SignOperation | +| jca/EllipticCurve2.java:169:16:169:31 | SignOperation | Input | jca/EllipticCurve2.java:168:26:168:32 | Message | +| jca/EllipticCurve2.java:169:16:169:31 | SignOperation | Key | jca/EllipticCurve2.java:167:28:167:42 | Key | +| jca/EllipticCurve2.java:169:16:169:31 | SignOperation | Output | jca/EllipticCurve2.java:169:16:169:31 | SignatureOutput | +| jca/EllipticCurve2.java:181:53:181:61 | KeyOperationAlgorithm | Mode | jca/EllipticCurve2.java:181:53:181:61 | KeyOperationAlgorithm | +| jca/EllipticCurve2.java:181:53:181:61 | KeyOperationAlgorithm | Padding | jca/EllipticCurve2.java:181:53:181:61 | KeyOperationAlgorithm | +| jca/EllipticCurve2.java:182:30:182:43 | Key | Source | jca/EllipticCurve2.java:81:16:81:36 | Key | +| jca/EllipticCurve2.java:183:26:183:32 | Message | Source | jca/EllipticCurve2.java:245:30:245:53 | Constant | +| jca/EllipticCurve2.java:184:16:184:47 | VerifyOperation | Algorithm | jca/EllipticCurve2.java:181:53:181:61 | KeyOperationAlgorithm | +| jca/EllipticCurve2.java:184:16:184:47 | VerifyOperation | HashAlgorithm | jca/EllipticCurve2.java:184:16:184:47 | VerifyOperation | +| jca/EllipticCurve2.java:184:16:184:47 | VerifyOperation | Input | jca/EllipticCurve2.java:183:26:183:32 | Message | +| jca/EllipticCurve2.java:184:16:184:47 | VerifyOperation | Key | jca/EllipticCurve2.java:182:30:182:43 | Key | +| jca/EllipticCurve2.java:184:16:184:47 | VerifyOperation | Signature | jca/EllipticCurve2.java:184:33:184:46 | SignatureInput | +| jca/EllipticCurve2.java:184:33:184:46 | SignatureInput | Source | jca/EllipticCurve2.java:169:16:169:31 | SignatureOutput | +| jca/EllipticCurve2.java:207:17:207:37 | Key | Source | jca/EllipticCurve2.java:47:16:47:36 | Key | +| jca/EllipticCurve2.java:208:20:208:41 | Key | Source | jca/EllipticCurve2.java:47:16:47:36 | Key | +| jca/EllipticCurve2.java:209:31:209:49 | KeyAgreementOperation | Algorithm | jca/EllipticCurve2.java:206:52:206:57 | KeyAgreementAlgorithm | +| jca/EllipticCurve2.java:209:31:209:49 | KeyAgreementOperation | Output | jca/EllipticCurve2.java:209:31:209:49 | SharedSecret | +| jca/EllipticCurve2.java:209:31:209:49 | KeyAgreementOperation | PeerKey | jca/EllipticCurve2.java:208:20:208:41 | Key | +| jca/EllipticCurve2.java:209:31:209:49 | KeyAgreementOperation | ServerKey | jca/EllipticCurve2.java:207:17:207:37 | Key | +| jca/EllipticCurve2.java:209:31:209:49 | SharedSecret | Source | jca/EllipticCurve2.java:209:31:209:49 | SharedSecret | +| jca/EllipticCurve2.java:214:29:214:55 | Digest | Source | jca/EllipticCurve2.java:214:29:214:55 | Digest | +| jca/EllipticCurve2.java:214:29:214:55 | HashOperation | Algorithm | jca/EllipticCurve2.java:213:58:213:66 | HashAlgorithm | +| jca/EllipticCurve2.java:214:29:214:55 | HashOperation | Digest | jca/EllipticCurve2.java:214:29:214:55 | Digest | +| jca/EllipticCurve2.java:214:29:214:55 | HashOperation | Message | jca/EllipticCurve2.java:214:43:214:54 | Message | +| jca/EllipticCurve2.java:214:43:214:54 | Message | Source | jca/EllipticCurve2.java:209:31:209:49 | SharedSecret | +| jca/EllipticCurve2.java:219:44:219:62 | KeyOperationAlgorithm | Mode | jca/EllipticCurve2.java:219:44:219:62 | ModeOfOperation | +| jca/EllipticCurve2.java:219:44:219:62 | KeyOperationAlgorithm | Padding | jca/EllipticCurve2.java:219:44:219:62 | PaddingAlgorithm | +| jca/EllipticCurve2.java:223:42:223:47 | Key | Source | jca/EllipticCurve2.java:223:42:223:47 | Key | +| jca/EllipticCurve2.java:223:50:223:53 | Nonce | Source | jca/EllipticCurve2.java:221:9:221:40 | RandomNumberGeneration | +| jca/EllipticCurve2.java:223:50:223:53 | Nonce | Source | jca/EllipticCurve2.java:221:38:221:39 | RandomNumberGeneration | +| jca/EllipticCurve2.java:224:29:224:53 | EncryptOperation | Algorithm | jca/EllipticCurve2.java:219:44:219:62 | KeyOperationAlgorithm | +| jca/EllipticCurve2.java:224:29:224:53 | EncryptOperation | Input | jca/EllipticCurve2.java:224:44:224:52 | Message | +| jca/EllipticCurve2.java:224:29:224:53 | EncryptOperation | Key | jca/EllipticCurve2.java:223:42:223:47 | Key | +| jca/EllipticCurve2.java:224:29:224:53 | EncryptOperation | Nonce | jca/EllipticCurve2.java:223:50:223:53 | Nonce | +| jca/EllipticCurve2.java:224:29:224:53 | EncryptOperation | Output | jca/EllipticCurve2.java:224:29:224:53 | KeyOperationOutput | +| jca/EllipticCurve2.java:224:44:224:52 | Message | Source | jca/EllipticCurve2.java:258:62:258:83 | Constant | +| jca/Encryption1.java:62:25:62:44 | KeyGeneration | Algorithm | jca/Encryption1.java:60:56:60:60 | KeyOperationAlgorithm | +| jca/Encryption1.java:62:25:62:44 | KeyGeneration | Output | jca/Encryption1.java:62:25:62:44 | Key | +| jca/Encryption1.java:63:44:63:62 | KeyOperationAlgorithm | Mode | jca/Encryption1.java:63:44:63:62 | ModeOfOperation | +| jca/Encryption1.java:63:44:63:62 | KeyOperationAlgorithm | Padding | jca/Encryption1.java:63:44:63:62 | PaddingAlgorithm | +| jca/Encryption1.java:67:42:67:44 | Key | Source | jca/Encryption1.java:62:25:62:44 | Key | +| jca/Encryption1.java:67:47:67:53 | Nonce | Source | jca/Encryption1.java:65:9:65:40 | RandomNumberGeneration | +| jca/Encryption1.java:67:47:67:53 | Nonce | Source | jca/Encryption1.java:65:38:65:39 | RandomNumberGeneration | +| jca/Encryption1.java:68:32:68:74 | EncryptOperation | Algorithm | jca/Encryption1.java:63:44:63:62 | KeyOperationAlgorithm | +| jca/Encryption1.java:68:32:68:74 | EncryptOperation | Input | jca/Encryption1.java:68:47:68:73 | Message | +| jca/Encryption1.java:68:32:68:74 | EncryptOperation | Key | jca/Encryption1.java:67:42:67:44 | Key | +| jca/Encryption1.java:68:32:68:74 | EncryptOperation | Nonce | jca/Encryption1.java:67:47:67:53 | Nonce | +| jca/Encryption1.java:68:32:68:74 | EncryptOperation | Output | jca/Encryption1.java:68:32:68:74 | KeyOperationOutput | +| jca/Encryption1.java:68:47:68:73 | Message | Source | jca/Encryption1.java:68:47:68:62 | Constant | +| jca/Encryption1.java:85:25:85:44 | KeyGeneration | Algorithm | jca/Encryption1.java:83:56:83:60 | KeyOperationAlgorithm | +| jca/Encryption1.java:85:25:85:44 | KeyGeneration | Output | jca/Encryption1.java:85:25:85:44 | Key | +| jca/Encryption1.java:88:44:88:62 | KeyOperationAlgorithm | Mode | jca/Encryption1.java:88:44:88:62 | ModeOfOperation | +| jca/Encryption1.java:88:44:88:62 | KeyOperationAlgorithm | Padding | jca/Encryption1.java:88:44:88:62 | PaddingAlgorithm | +| jca/Encryption1.java:89:42:89:44 | Key | Source | jca/Encryption1.java:85:25:85:44 | Key | +| jca/Encryption1.java:90:32:90:74 | EncryptOperation | Algorithm | jca/Encryption1.java:88:44:88:62 | KeyOperationAlgorithm | +| jca/Encryption1.java:90:32:90:74 | EncryptOperation | Input | jca/Encryption1.java:90:47:90:73 | Message | +| jca/Encryption1.java:90:32:90:74 | EncryptOperation | Key | jca/Encryption1.java:89:42:89:44 | Key | +| jca/Encryption1.java:90:32:90:74 | EncryptOperation | Nonce | jca/Encryption1.java:90:32:90:74 | EncryptOperation | +| jca/Encryption1.java:90:32:90:74 | EncryptOperation | Output | jca/Encryption1.java:90:32:90:74 | KeyOperationOutput | +| jca/Encryption1.java:90:47:90:73 | Message | Source | jca/Encryption1.java:90:47:90:62 | Constant | +| jca/Encryption1.java:105:44:105:82 | KeyOperationAlgorithm | Mode | jca/Encryption1.java:105:44:105:82 | ModeOfOperation | +| jca/Encryption1.java:105:44:105:82 | KeyOperationAlgorithm | Padding | jca/Encryption1.java:105:44:105:82 | PaddingAlgorithm | +| jca/Encryption1.java:105:44:105:82 | PaddingAlgorithm | MD | jca/Encryption1.java:105:44:105:82 | HashAlgorithm | +| jca/Encryption1.java:105:44:105:82 | PaddingAlgorithm | MGF1Hash | jca/Encryption1.java:105:44:105:82 | PaddingAlgorithm | +| jca/Encryption1.java:106:42:106:50 | Key | Source | jca/Encryption1.java:104:35:104:53 | Parameter | +| jca/Encryption1.java:107:32:107:62 | EncryptOperation | Algorithm | jca/Encryption1.java:105:44:105:82 | KeyOperationAlgorithm | +| jca/Encryption1.java:107:32:107:62 | EncryptOperation | Input | jca/Encryption1.java:107:47:107:61 | Message | +| jca/Encryption1.java:107:32:107:62 | EncryptOperation | Key | jca/Encryption1.java:106:42:106:50 | Key | +| jca/Encryption1.java:107:32:107:62 | EncryptOperation | Nonce | jca/Encryption1.java:107:32:107:62 | EncryptOperation | +| jca/Encryption1.java:107:32:107:62 | EncryptOperation | Output | jca/Encryption1.java:107:32:107:62 | KeyOperationOutput | +| jca/Encryption1.java:107:47:107:61 | Message | Source | jca/Encryption1.java:104:56:104:66 | Parameter | +| jca/Encryption1.java:120:44:120:82 | KeyOperationAlgorithm | Mode | jca/Encryption1.java:120:44:120:82 | ModeOfOperation | +| jca/Encryption1.java:120:44:120:82 | KeyOperationAlgorithm | Padding | jca/Encryption1.java:120:44:120:82 | PaddingAlgorithm | +| jca/Encryption1.java:120:44:120:82 | PaddingAlgorithm | MD | jca/Encryption1.java:120:44:120:82 | HashAlgorithm | +| jca/Encryption1.java:120:44:120:82 | PaddingAlgorithm | MGF1Hash | jca/Encryption1.java:120:44:120:82 | PaddingAlgorithm | +| jca/Encryption1.java:121:42:121:51 | Key | Source | jca/Encryption1.java:119:35:119:55 | Parameter | +| jca/Encryption1.java:122:32:122:60 | DecryptOperation | Algorithm | jca/Encryption1.java:120:44:120:82 | KeyOperationAlgorithm | +| jca/Encryption1.java:122:32:122:60 | DecryptOperation | Input | jca/Encryption1.java:122:47:122:59 | Message | +| jca/Encryption1.java:122:32:122:60 | DecryptOperation | Key | jca/Encryption1.java:121:42:121:51 | Key | +| jca/Encryption1.java:122:32:122:60 | DecryptOperation | Nonce | jca/Encryption1.java:122:32:122:60 | DecryptOperation | +| jca/Encryption1.java:122:32:122:60 | DecryptOperation | Output | jca/Encryption1.java:122:32:122:60 | KeyOperationOutput | +| jca/Encryption1.java:122:47:122:59 | Message | Source | jca/Encryption1.java:119:58:119:77 | Parameter | +| jca/Encryption1.java:139:28:139:47 | KeyGeneration | Algorithm | jca/Encryption1.java:137:56:137:60 | KeyOperationAlgorithm | +| jca/Encryption1.java:139:28:139:47 | KeyGeneration | Output | jca/Encryption1.java:139:28:139:47 | Key | +| jca/Encryption1.java:141:47:141:85 | KeyOperationAlgorithm | Mode | jca/Encryption1.java:141:47:141:85 | ModeOfOperation | +| jca/Encryption1.java:141:47:141:85 | KeyOperationAlgorithm | Padding | jca/Encryption1.java:141:47:141:85 | PaddingAlgorithm | +| jca/Encryption1.java:141:47:141:85 | PaddingAlgorithm | MD | jca/Encryption1.java:141:47:141:85 | HashAlgorithm | +| jca/Encryption1.java:141:47:141:85 | PaddingAlgorithm | MGF1Hash | jca/Encryption1.java:141:47:141:85 | PaddingAlgorithm | +| jca/Encryption1.java:142:45:142:56 | Key | Source | jca/Encryption1.java:136:34:136:55 | Parameter | +| jca/Encryption1.java:143:34:143:71 | EncryptOperation | Algorithm | jca/Encryption1.java:141:47:141:85 | KeyOperationAlgorithm | +| jca/Encryption1.java:143:34:143:71 | EncryptOperation | Input | jca/Encryption1.java:143:52:143:70 | Message | +| jca/Encryption1.java:143:34:143:71 | EncryptOperation | Key | jca/Encryption1.java:142:45:142:56 | Key | +| jca/Encryption1.java:143:34:143:71 | EncryptOperation | Nonce | jca/Encryption1.java:143:34:143:71 | EncryptOperation | +| jca/Encryption1.java:143:34:143:71 | EncryptOperation | Output | jca/Encryption1.java:143:34:143:71 | KeyOperationOutput | +| jca/Encryption1.java:143:52:143:70 | Message | Source | jca/Encryption1.java:139:28:139:47 | Key | +| jca/Encryption1.java:163:28:163:47 | KeyGeneration | Algorithm | jca/Encryption1.java:161:56:161:60 | KeyOperationAlgorithm | +| jca/Encryption1.java:163:28:163:47 | KeyGeneration | Output | jca/Encryption1.java:163:28:163:47 | Key | +| jca/Encryption1.java:166:47:166:85 | KeyOperationAlgorithm | Mode | jca/Encryption1.java:166:47:166:85 | ModeOfOperation | +| jca/Encryption1.java:166:47:166:85 | KeyOperationAlgorithm | Padding | jca/Encryption1.java:166:47:166:85 | PaddingAlgorithm | +| jca/Encryption1.java:166:47:166:85 | PaddingAlgorithm | MD | jca/Encryption1.java:166:47:166:85 | HashAlgorithm | +| jca/Encryption1.java:166:47:166:85 | PaddingAlgorithm | MGF1Hash | jca/Encryption1.java:166:47:166:85 | PaddingAlgorithm | +| jca/Encryption1.java:167:45:167:56 | Key | Source | jca/Encryption1.java:159:34:159:55 | Parameter | +| jca/Encryption1.java:168:34:168:71 | EncryptOperation | Algorithm | jca/Encryption1.java:166:47:166:85 | KeyOperationAlgorithm | +| jca/Encryption1.java:168:34:168:71 | EncryptOperation | Input | jca/Encryption1.java:168:52:168:70 | Message | +| jca/Encryption1.java:168:34:168:71 | EncryptOperation | Key | jca/Encryption1.java:167:45:167:56 | Key | +| jca/Encryption1.java:168:34:168:71 | EncryptOperation | Nonce | jca/Encryption1.java:168:34:168:71 | EncryptOperation | +| jca/Encryption1.java:168:34:168:71 | EncryptOperation | Output | jca/Encryption1.java:168:34:168:71 | KeyOperationOutput | +| jca/Encryption1.java:168:52:168:70 | Message | Source | jca/Encryption1.java:163:28:163:47 | Key | +| jca/Encryption1.java:171:47:171:65 | KeyOperationAlgorithm | Mode | jca/Encryption1.java:171:47:171:65 | ModeOfOperation | +| jca/Encryption1.java:171:47:171:65 | KeyOperationAlgorithm | Padding | jca/Encryption1.java:171:47:171:65 | PaddingAlgorithm | +| jca/Encryption1.java:175:45:175:50 | Key | Source | jca/Encryption1.java:163:28:163:47 | Key | +| jca/Encryption1.java:175:53:175:59 | Nonce | Source | jca/Encryption1.java:173:9:173:40 | RandomNumberGeneration | +| jca/Encryption1.java:175:53:175:59 | Nonce | Source | jca/Encryption1.java:173:38:173:39 | RandomNumberGeneration | +| jca/Encryption1.java:176:32:176:65 | EncryptOperation | Algorithm | jca/Encryption1.java:171:47:171:65 | KeyOperationAlgorithm | +| jca/Encryption1.java:176:32:176:65 | EncryptOperation | Input | jca/Encryption1.java:176:50:176:64 | Message | +| jca/Encryption1.java:176:32:176:65 | EncryptOperation | Key | jca/Encryption1.java:175:45:175:50 | Key | +| jca/Encryption1.java:176:32:176:65 | EncryptOperation | Nonce | jca/Encryption1.java:175:53:175:59 | Nonce | +| jca/Encryption1.java:176:32:176:65 | EncryptOperation | Output | jca/Encryption1.java:176:32:176:65 | KeyOperationOutput | +| jca/Encryption1.java:176:50:176:64 | Message | Source | jca/Encryption1.java:159:58:159:68 | Parameter | +| jca/Encryption2.java:56:16:56:49 | Key | Algorithm | jca/Encryption2.java:55:60:55:70 | EllipticCurve | +| jca/Encryption2.java:56:16:56:49 | KeyGeneration | Algorithm | jca/Encryption2.java:55:60:55:70 | EllipticCurve | +| jca/Encryption2.java:56:16:56:49 | KeyGeneration | Output | jca/Encryption2.java:56:16:56:49 | Key | +| jca/Encryption2.java:72:27:72:36 | Key | Source | jca/Encryption2.java:56:16:56:49 | Key | +| jca/Encryption2.java:73:30:73:38 | Key | Source | jca/Encryption2.java:90:38:90:65 | Parameter | +| jca/Encryption2.java:73:30:73:38 | Key | Source | jca/Encryption2.java:132:45:132:65 | Parameter | +| jca/Encryption2.java:74:16:74:44 | KeyAgreementOperation | Algorithm | jca/Encryption2.java:71:62:71:67 | KeyAgreementAlgorithm | +| jca/Encryption2.java:74:16:74:44 | KeyAgreementOperation | Output | jca/Encryption2.java:74:16:74:44 | SharedSecret | +| jca/Encryption2.java:74:16:74:44 | KeyAgreementOperation | PeerKey | jca/Encryption2.java:73:30:73:38 | Key | +| jca/Encryption2.java:74:16:74:44 | KeyAgreementOperation | ServerKey | jca/Encryption2.java:72:27:72:36 | Key | +| jca/Encryption2.java:74:16:74:44 | SharedSecret | Source | jca/Encryption2.java:74:16:74:44 | SharedSecret | +| jca/Encryption2.java:100:30:100:56 | Digest | Source | jca/Encryption2.java:100:30:100:56 | Digest | +| jca/Encryption2.java:100:30:100:56 | HashOperation | Algorithm | jca/Encryption2.java:99:58:99:66 | HashAlgorithm | +| jca/Encryption2.java:100:30:100:56 | HashOperation | Digest | jca/Encryption2.java:100:30:100:56 | Digest | +| jca/Encryption2.java:100:30:100:56 | HashOperation | Message | jca/Encryption2.java:100:44:100:55 | Message | +| jca/Encryption2.java:100:44:100:55 | Message | Source | jca/Encryption2.java:74:16:74:44 | SharedSecret | +| jca/Encryption2.java:105:47:105:65 | KeyOperationAlgorithm | Mode | jca/Encryption2.java:105:47:105:65 | ModeOfOperation | +| jca/Encryption2.java:105:47:105:65 | KeyOperationAlgorithm | Padding | jca/Encryption2.java:105:47:105:65 | PaddingAlgorithm | +| jca/Encryption2.java:109:45:109:50 | Key | Source | jca/Encryption2.java:109:45:109:50 | Key | +| jca/Encryption2.java:109:53:109:59 | Nonce | Source | jca/Encryption2.java:107:9:107:40 | RandomNumberGeneration | +| jca/Encryption2.java:109:53:109:59 | Nonce | Source | jca/Encryption2.java:107:38:107:39 | RandomNumberGeneration | +| jca/Encryption2.java:110:32:110:65 | EncryptOperation | Algorithm | jca/Encryption2.java:105:47:105:65 | KeyOperationAlgorithm | +| jca/Encryption2.java:110:32:110:65 | EncryptOperation | Input | jca/Encryption2.java:110:50:110:64 | Message | +| jca/Encryption2.java:110:32:110:65 | EncryptOperation | Key | jca/Encryption2.java:109:45:109:50 | Key | +| jca/Encryption2.java:110:32:110:65 | EncryptOperation | Nonce | jca/Encryption2.java:109:53:109:59 | Nonce | +| jca/Encryption2.java:110:32:110:65 | EncryptOperation | Output | jca/Encryption2.java:110:32:110:65 | KeyOperationOutput | +| jca/Encryption2.java:110:50:110:64 | Message | Source | jca/Encryption2.java:90:68:90:78 | Parameter | +| jca/Encryption2.java:145:47:145:65 | KeyOperationAlgorithm | Mode | jca/Encryption2.java:145:47:145:65 | ModeOfOperation | +| jca/Encryption2.java:145:47:145:65 | KeyOperationAlgorithm | Padding | jca/Encryption2.java:145:47:145:65 | PaddingAlgorithm | +| jca/Encryption2.java:149:45:149:50 | Key | Source | jca/Encryption2.java:149:45:149:50 | Key | +| jca/Encryption2.java:149:53:149:59 | Nonce | Source | jca/Encryption2.java:147:9:147:40 | RandomNumberGeneration | +| jca/Encryption2.java:149:53:149:59 | Nonce | Source | jca/Encryption2.java:147:38:147:39 | RandomNumberGeneration | +| jca/Encryption2.java:150:32:150:98 | EncryptOperation | Algorithm | jca/Encryption2.java:145:47:145:65 | KeyOperationAlgorithm | +| jca/Encryption2.java:150:32:150:98 | EncryptOperation | Input | jca/Encryption2.java:150:50:150:97 | Message | +| jca/Encryption2.java:150:32:150:98 | EncryptOperation | Key | jca/Encryption2.java:149:45:149:50 | Key | +| jca/Encryption2.java:150:32:150:98 | EncryptOperation | Nonce | jca/Encryption2.java:149:53:149:59 | Nonce | +| jca/Encryption2.java:150:32:150:98 | EncryptOperation | Output | jca/Encryption2.java:150:32:150:98 | KeyOperationOutput | +| jca/Encryption2.java:150:50:150:97 | Message | Source | jca/Encryption2.java:150:50:150:86 | Constant | +| jca/Encryption2.java:173:36:173:47 | KeyOperationAlgorithm | Mode | jca/Encryption2.java:173:36:173:47 | KeyOperationAlgorithm | +| jca/Encryption2.java:173:36:173:47 | KeyOperationAlgorithm | Padding | jca/Encryption2.java:173:36:173:47 | KeyOperationAlgorithm | +| jca/Encryption2.java:175:19:175:27 | Key | Source | jca/Encryption2.java:132:68:132:88 | Parameter | +| jca/Encryption2.java:176:31:176:52 | MACOperation | Algorithm | jca/Encryption2.java:173:36:173:47 | KeyOperationAlgorithm | +| jca/Encryption2.java:176:31:176:52 | MACOperation | HashAlgorithm | jca/Encryption2.java:176:31:176:52 | MACOperation | +| jca/Encryption2.java:176:31:176:52 | MACOperation | Input | jca/Encryption2.java:176:44:176:51 | Message | +| jca/Encryption2.java:176:31:176:52 | MACOperation | Key | jca/Encryption2.java:175:19:175:27 | Key | +| jca/Encryption2.java:176:31:176:52 | MACOperation | Message | jca/Encryption2.java:176:44:176:51 | Message | +| jca/Encryption2.java:176:31:176:52 | MACOperation | Nonce | jca/Encryption2.java:176:31:176:52 | MACOperation | +| jca/Encryption2.java:176:31:176:52 | MACOperation | Output | jca/Encryption2.java:176:31:176:52 | KeyOperationOutput | +| jca/Encryption2.java:176:44:176:51 | Message | Source | jca/Encryption2.java:74:16:74:44 | SharedSecret | +| jca/Hash.java:76:23:76:66 | Digest | Source | jca/Hash.java:76:23:76:66 | Digest | +| jca/Hash.java:76:23:76:66 | HashOperation | Algorithm | jca/Hash.java:75:58:75:66 | HashAlgorithm | +| jca/Hash.java:76:23:76:66 | HashOperation | Digest | jca/Hash.java:76:23:76:66 | Digest | +| jca/Hash.java:76:23:76:66 | HashOperation | Message | jca/Hash.java:76:37:76:65 | Message | +| jca/Hash.java:76:37:76:65 | Message | Source | jca/Hash.java:76:37:76:54 | Constant | +| jca/Hash.java:89:23:89:70 | Digest | Source | jca/Hash.java:89:23:89:70 | Digest | +| jca/Hash.java:89:23:89:70 | HashOperation | Algorithm | jca/Hash.java:88:61:88:65 | HashAlgorithm | +| jca/Hash.java:89:23:89:70 | HashOperation | Digest | jca/Hash.java:89:23:89:70 | Digest | +| jca/Hash.java:89:23:89:70 | HashOperation | Message | jca/Hash.java:89:40:89:69 | Message | +| jca/Hash.java:89:40:89:69 | Message | Source | jca/Hash.java:89:40:89:58 | Constant | +| jca/Hash.java:134:53:134:67 | KeyOperationAlgorithm | Mode | jca/Hash.java:134:53:134:67 | KeyOperationAlgorithm | +| jca/Hash.java:134:53:134:67 | KeyOperationAlgorithm | Padding | jca/Hash.java:134:53:134:67 | KeyOperationAlgorithm | +| jca/Hash.java:135:28:135:37 | Key | Source | jca/Hash.java:133:43:133:63 | Parameter | +| jca/Hash.java:136:26:136:41 | Message | Source | jca/Hash.java:133:29:133:40 | Parameter | +| jca/Hash.java:137:29:137:44 | SignOperation | Algorithm | jca/Hash.java:134:53:134:67 | KeyOperationAlgorithm | +| jca/Hash.java:137:29:137:44 | SignOperation | HashAlgorithm | jca/Hash.java:134:53:134:67 | HashAlgorithm | +| jca/Hash.java:137:29:137:44 | SignOperation | Input | jca/Hash.java:136:26:136:41 | Message | +| jca/Hash.java:137:29:137:44 | SignOperation | Key | jca/Hash.java:135:28:135:37 | Key | +| jca/Hash.java:137:29:137:44 | SignOperation | Output | jca/Hash.java:137:29:137:44 | SignatureOutput | +| jca/Hash.java:155:53:155:67 | KeyOperationAlgorithm | Mode | jca/Hash.java:155:53:155:67 | KeyOperationAlgorithm | +| jca/Hash.java:155:53:155:67 | KeyOperationAlgorithm | Padding | jca/Hash.java:155:53:155:67 | KeyOperationAlgorithm | +| jca/Hash.java:156:30:156:38 | Key | Source | jca/Hash.java:154:73:154:91 | Parameter | +| jca/Hash.java:157:26:157:41 | Message | Source | jca/Hash.java:154:40:154:51 | Parameter | +| jca/Hash.java:158:16:158:43 | VerifyOperation | Algorithm | jca/Hash.java:155:53:155:67 | KeyOperationAlgorithm | +| jca/Hash.java:158:16:158:43 | VerifyOperation | HashAlgorithm | jca/Hash.java:155:53:155:67 | HashAlgorithm | +| jca/Hash.java:158:16:158:43 | VerifyOperation | Input | jca/Hash.java:157:26:157:41 | Message | +| jca/Hash.java:158:16:158:43 | VerifyOperation | Key | jca/Hash.java:156:30:156:38 | Key | +| jca/Hash.java:158:16:158:43 | VerifyOperation | Signature | jca/Hash.java:158:33:158:42 | SignatureInput | +| jca/Hash.java:158:33:158:42 | SignatureInput | Source | jca/Hash.java:154:54:154:70 | Parameter | +| jca/Hash.java:174:23:174:52 | Digest | Source | jca/Hash.java:174:23:174:52 | Digest | +| jca/Hash.java:174:23:174:52 | HashOperation | Algorithm | jca/Hash.java:173:58:173:66 | HashAlgorithm | +| jca/Hash.java:174:23:174:52 | HashOperation | Digest | jca/Hash.java:174:23:174:52 | Digest | +| jca/Hash.java:174:23:174:52 | HashOperation | Message | jca/Hash.java:174:37:174:51 | Message | +| jca/Hash.java:174:37:174:51 | Message | Source | jca/Hash.java:172:43:172:53 | Parameter | +| jca/Hash.java:195:27:195:57 | Digest | Source | jca/Hash.java:195:27:195:57 | Digest | +| jca/Hash.java:195:27:195:57 | HashOperation | Algorithm | jca/Hash.java:191:32:191:38 | HashAlgorithm | +| jca/Hash.java:195:27:195:57 | HashOperation | Algorithm | jca/Hash.java:191:41:191:49 | HashAlgorithm | +| jca/Hash.java:195:27:195:57 | HashOperation | Algorithm | jca/Hash.java:191:52:191:60 | HashAlgorithm | +| jca/Hash.java:195:27:195:57 | HashOperation | Algorithm | jca/Hash.java:191:63:191:71 | HashAlgorithm | +| jca/Hash.java:195:27:195:57 | HashOperation | Algorithm | jca/Hash.java:191:74:191:82 | HashAlgorithm | +| jca/Hash.java:195:27:195:57 | HashOperation | Algorithm | jca/Hash.java:191:85:191:94 | HashAlgorithm | +| jca/Hash.java:195:27:195:57 | HashOperation | Algorithm | jca/Hash.java:191:97:191:106 | HashAlgorithm | +| jca/Hash.java:195:27:195:57 | HashOperation | Algorithm | jca/Hash.java:192:13:192:25 | HashAlgorithm | +| jca/Hash.java:195:27:195:57 | HashOperation | Algorithm | jca/Hash.java:192:28:192:40 | HashAlgorithm | +| jca/Hash.java:195:27:195:57 | HashOperation | Algorithm | jca/Hash.java:192:43:192:47 | HashAlgorithm | +| jca/Hash.java:195:27:195:57 | HashOperation | Digest | jca/Hash.java:195:27:195:57 | Digest | +| jca/Hash.java:195:27:195:57 | HashOperation | Message | jca/Hash.java:195:41:195:56 | Message | +| jca/Hash.java:195:41:195:56 | Message | Source | jca/Hash.java:190:43:190:54 | Parameter | +| jca/Hash.java:212:32:212:41 | KeyOperationAlgorithm | Mode | jca/Hash.java:212:32:212:41 | KeyOperationAlgorithm | +| jca/Hash.java:212:32:212:41 | KeyOperationAlgorithm | Padding | jca/Hash.java:212:32:212:41 | KeyOperationAlgorithm | +| jca/Hash.java:212:44:212:55 | KeyOperationAlgorithm | Mode | jca/Hash.java:212:44:212:55 | KeyOperationAlgorithm | +| jca/Hash.java:212:44:212:55 | KeyOperationAlgorithm | Padding | jca/Hash.java:212:44:212:55 | KeyOperationAlgorithm | +| jca/Hash.java:212:58:212:69 | KeyOperationAlgorithm | Mode | jca/Hash.java:212:58:212:69 | KeyOperationAlgorithm | +| jca/Hash.java:212:58:212:69 | KeyOperationAlgorithm | Padding | jca/Hash.java:212:58:212:69 | KeyOperationAlgorithm | +| jca/Hash.java:212:72:212:83 | KeyOperationAlgorithm | Mode | jca/Hash.java:212:72:212:83 | KeyOperationAlgorithm | +| jca/Hash.java:212:72:212:83 | KeyOperationAlgorithm | Padding | jca/Hash.java:212:72:212:83 | KeyOperationAlgorithm | +| jca/Hash.java:212:86:212:99 | KeyOperationAlgorithm | Mode | jca/Hash.java:212:86:212:99 | KeyOperationAlgorithm | +| jca/Hash.java:212:86:212:99 | KeyOperationAlgorithm | Padding | jca/Hash.java:212:86:212:99 | KeyOperationAlgorithm | +| jca/Hash.java:212:102:212:115 | KeyOperationAlgorithm | Mode | jca/Hash.java:212:102:212:115 | KeyOperationAlgorithm | +| jca/Hash.java:212:102:212:115 | KeyOperationAlgorithm | Padding | jca/Hash.java:212:102:212:115 | KeyOperationAlgorithm | +| jca/Hash.java:216:22:216:30 | Key | Source | jca/Hash.java:211:57:211:66 | Parameter | +| jca/Hash.java:217:27:217:55 | MACOperation | Algorithm | jca/Hash.java:212:32:212:41 | KeyOperationAlgorithm | +| jca/Hash.java:217:27:217:55 | MACOperation | Algorithm | jca/Hash.java:212:44:212:55 | KeyOperationAlgorithm | +| jca/Hash.java:217:27:217:55 | MACOperation | Algorithm | jca/Hash.java:212:58:212:69 | KeyOperationAlgorithm | +| jca/Hash.java:217:27:217:55 | MACOperation | Algorithm | jca/Hash.java:212:72:212:83 | KeyOperationAlgorithm | +| jca/Hash.java:217:27:217:55 | MACOperation | Algorithm | jca/Hash.java:212:86:212:99 | KeyOperationAlgorithm | +| jca/Hash.java:217:27:217:55 | MACOperation | Algorithm | jca/Hash.java:212:102:212:115 | KeyOperationAlgorithm | +| jca/Hash.java:217:27:217:55 | MACOperation | HashAlgorithm | jca/Hash.java:217:27:217:55 | MACOperation | +| jca/Hash.java:217:27:217:55 | MACOperation | Input | jca/Hash.java:217:39:217:54 | Message | +| jca/Hash.java:217:27:217:55 | MACOperation | Key | jca/Hash.java:216:22:216:30 | Key | +| jca/Hash.java:217:27:217:55 | MACOperation | Message | jca/Hash.java:217:39:217:54 | Message | +| jca/Hash.java:217:27:217:55 | MACOperation | Nonce | jca/Hash.java:217:27:217:55 | MACOperation | +| jca/Hash.java:217:27:217:55 | MACOperation | Output | jca/Hash.java:217:27:217:55 | KeyOperationOutput | +| jca/Hash.java:217:39:217:54 | Message | Source | jca/Hash.java:211:43:211:54 | Parameter | +| jca/Hash.java:235:42:235:63 | Message | Source | jca/Hash.java:232:40:232:54 | Parameter | +| jca/Hash.java:235:66:235:69 | Salt | Source | jca/Hash.java:310:9:310:42 | RandomNumberGeneration | +| jca/Hash.java:235:66:235:69 | Salt | Source | jca/Hash.java:310:38:310:41 | RandomNumberGeneration | +| jca/Hash.java:236:65:236:86 | HMACAlgorithm | H | jca/Hash.java:236:65:236:86 | HashAlgorithm | +| jca/Hash.java:236:65:236:86 | KeyDerivationAlgorithm | PRF | jca/Hash.java:236:65:236:86 | HMACAlgorithm | +| jca/Hash.java:237:23:237:50 | KeyDerivation | Algorithm | jca/Hash.java:236:65:236:86 | KeyDerivationAlgorithm | +| jca/Hash.java:237:23:237:50 | KeyDerivation | Input | jca/Hash.java:235:42:235:63 | Message | +| jca/Hash.java:237:23:237:50 | KeyDerivation | Output | jca/Hash.java:237:23:237:50 | Key | +| jca/Hash.java:237:23:237:50 | KeyDerivation | Salt | jca/Hash.java:235:66:235:69 | Salt | +| jca/Hash.java:252:23:252:70 | Digest | Source | jca/Hash.java:252:23:252:70 | Digest | +| jca/Hash.java:252:23:252:70 | HashOperation | Algorithm | jca/Hash.java:294:16:294:66 | LocalData | +| jca/Hash.java:252:23:252:70 | HashOperation | Algorithm | jca/Hash.java:294:57:294:65 | HashAlgorithm | +| jca/Hash.java:252:23:252:70 | HashOperation | Digest | jca/Hash.java:252:23:252:70 | Digest | +| jca/Hash.java:252:23:252:70 | HashOperation | Message | jca/Hash.java:252:37:252:69 | Message | +| jca/Hash.java:252:37:252:69 | Message | Source | jca/Hash.java:252:37:252:58 | Constant | +| jca/Hash.java:270:27:270:30 | Message | Source | jca/Hash.java:269:27:269:38 | Constant | +| jca/Hash.java:271:40:271:54 | Digest | Source | jca/Hash.java:271:40:271:54 | Digest | +| jca/Hash.java:271:40:271:54 | HashOperation | Algorithm | jca/Hash.java:266:32:266:40 | HashAlgorithm | +| jca/Hash.java:271:40:271:54 | HashOperation | Algorithm | jca/Hash.java:266:43:266:51 | HashAlgorithm | +| jca/Hash.java:271:40:271:54 | HashOperation | Algorithm | jca/Hash.java:266:54:266:63 | HashAlgorithm | +| jca/Hash.java:271:40:271:54 | HashOperation | Algorithm | jca/Hash.java:266:66:266:75 | HashAlgorithm | +| jca/Hash.java:271:40:271:54 | HashOperation | Digest | jca/Hash.java:271:40:271:54 | Digest | +| jca/Hash.java:271:40:271:54 | HashOperation | Message | jca/Hash.java:270:27:270:30 | Message | +| jca/IVArtifact.java:30:44:30:65 | KeyOperationAlgorithm | Mode | jca/IVArtifact.java:30:44:30:65 | ModeOfOperation | +| jca/IVArtifact.java:30:44:30:65 | KeyOperationAlgorithm | Padding | jca/IVArtifact.java:30:44:30:65 | PaddingAlgorithm | +| jca/IVArtifact.java:31:42:31:44 | Key | Source | jca/IVArtifact.java:76:16:76:35 | Key | +| jca/IVArtifact.java:31:47:31:52 | Nonce | Source | jca/IVArtifact.java:81:9:81:40 | RandomNumberGeneration | +| jca/IVArtifact.java:31:47:31:52 | Nonce | Source | jca/IVArtifact.java:81:38:81:39 | RandomNumberGeneration | +| jca/IVArtifact.java:32:29:32:73 | EncryptOperation | Algorithm | jca/IVArtifact.java:30:44:30:65 | KeyOperationAlgorithm | +| jca/IVArtifact.java:32:29:32:73 | EncryptOperation | Input | jca/IVArtifact.java:32:44:32:72 | Message | +| jca/IVArtifact.java:32:29:32:73 | EncryptOperation | Key | jca/IVArtifact.java:31:42:31:44 | Key | +| jca/IVArtifact.java:32:29:32:73 | EncryptOperation | Nonce | jca/IVArtifact.java:31:47:31:52 | Nonce | +| jca/IVArtifact.java:32:29:32:73 | EncryptOperation | Output | jca/IVArtifact.java:32:29:32:73 | KeyOperationOutput | +| jca/IVArtifact.java:32:44:32:72 | Message | Source | jca/IVArtifact.java:32:44:32:61 | Constant | +| jca/IVArtifact.java:38:42:38:44 | Key | Source | jca/IVArtifact.java:76:16:76:35 | Key | +| jca/IVArtifact.java:38:47:38:52 | Nonce | Source | jca/IVArtifact.java:81:9:81:40 | RandomNumberGeneration | +| jca/IVArtifact.java:38:47:38:52 | Nonce | Source | jca/IVArtifact.java:81:38:81:39 | RandomNumberGeneration | +| jca/IVArtifact.java:38:47:38:52 | Nonce | Source | jca/IVArtifact.java:87:32:87:33 | RandomNumberGeneration | +| jca/IVArtifact.java:39:29:39:53 | EncryptOperation | Algorithm | jca/IVArtifact.java:70:16:70:81 | LocalData | +| jca/IVArtifact.java:39:29:39:53 | EncryptOperation | Algorithm | jca/IVArtifact.java:70:59:70:80 | KeyOperationAlgorithm | +| jca/IVArtifact.java:39:29:39:53 | EncryptOperation | Input | jca/IVArtifact.java:39:44:39:52 | Message | +| jca/IVArtifact.java:39:29:39:53 | EncryptOperation | Key | jca/IVArtifact.java:38:42:38:44 | Key | +| jca/IVArtifact.java:39:29:39:53 | EncryptOperation | Nonce | jca/IVArtifact.java:38:47:38:52 | Nonce | +| jca/IVArtifact.java:39:29:39:53 | EncryptOperation | Output | jca/IVArtifact.java:39:29:39:53 | KeyOperationOutput | +| jca/IVArtifact.java:39:44:39:52 | Message | Source | jca/IVArtifact.java:49:27:49:42 | Constant | +| jca/IVArtifact.java:70:59:70:80 | KeyOperationAlgorithm | Mode | jca/IVArtifact.java:70:59:70:80 | ModeOfOperation | +| jca/IVArtifact.java:70:59:70:80 | KeyOperationAlgorithm | Padding | jca/IVArtifact.java:70:59:70:80 | PaddingAlgorithm | +| jca/IVArtifact.java:76:16:76:35 | KeyGeneration | Algorithm | jca/IVArtifact.java:74:56:74:60 | KeyOperationAlgorithm | +| jca/IVArtifact.java:76:16:76:35 | KeyGeneration | Output | jca/IVArtifact.java:76:16:76:35 | Key | +| jca/IVArtifact.java:105:44:105:62 | KeyOperationAlgorithm | Mode | jca/IVArtifact.java:105:44:105:62 | ModeOfOperation | +| jca/IVArtifact.java:105:44:105:62 | KeyOperationAlgorithm | Padding | jca/IVArtifact.java:105:44:105:62 | PaddingAlgorithm | +| jca/IVArtifact.java:108:42:108:44 | Key | Source | jca/IVArtifact.java:255:29:255:44 | Key | +| jca/IVArtifact.java:108:47:108:50 | Nonce | Source | jca/IVArtifact.java:108:47:108:50 | Nonce | +| jca/IVArtifact.java:109:16:109:40 | EncryptOperation | Algorithm | jca/IVArtifact.java:105:44:105:62 | KeyOperationAlgorithm | +| jca/IVArtifact.java:109:16:109:40 | EncryptOperation | Input | jca/IVArtifact.java:109:31:109:39 | Message | +| jca/IVArtifact.java:109:16:109:40 | EncryptOperation | Key | jca/IVArtifact.java:108:42:108:44 | Key | +| jca/IVArtifact.java:109:16:109:40 | EncryptOperation | Nonce | jca/IVArtifact.java:108:47:108:50 | Nonce | +| jca/IVArtifact.java:109:16:109:40 | EncryptOperation | Output | jca/IVArtifact.java:109:16:109:40 | KeyOperationOutput | +| jca/IVArtifact.java:109:31:109:39 | Message | Source | jca/IVArtifact.java:256:32:256:47 | Constant | +| jca/IVArtifact.java:132:44:132:62 | KeyOperationAlgorithm | Mode | jca/IVArtifact.java:132:44:132:62 | ModeOfOperation | +| jca/IVArtifact.java:132:44:132:62 | KeyOperationAlgorithm | Padding | jca/IVArtifact.java:132:44:132:62 | PaddingAlgorithm | +| jca/IVArtifact.java:134:42:134:44 | Key | Source | jca/IVArtifact.java:255:29:255:44 | Key | +| jca/IVArtifact.java:134:47:134:50 | Nonce | Source | jca/IVArtifact.java:116:31:116:34 | Constant | +| jca/IVArtifact.java:134:47:134:50 | Nonce | Source | jca/IVArtifact.java:130:13:130:50 | RandomNumberGeneration | +| jca/IVArtifact.java:134:47:134:50 | Nonce | Source | jca/IVArtifact.java:130:42:130:49 | RandomNumberGeneration | +| jca/IVArtifact.java:135:16:135:40 | EncryptOperation | Algorithm | jca/IVArtifact.java:132:44:132:62 | KeyOperationAlgorithm | +| jca/IVArtifact.java:135:16:135:40 | EncryptOperation | Input | jca/IVArtifact.java:135:31:135:39 | Message | +| jca/IVArtifact.java:135:16:135:40 | EncryptOperation | Key | jca/IVArtifact.java:134:42:134:44 | Key | +| jca/IVArtifact.java:135:16:135:40 | EncryptOperation | Nonce | jca/IVArtifact.java:134:47:134:50 | Nonce | +| jca/IVArtifact.java:135:16:135:40 | EncryptOperation | Output | jca/IVArtifact.java:135:16:135:40 | KeyOperationOutput | +| jca/IVArtifact.java:135:31:135:39 | Message | Source | jca/IVArtifact.java:256:32:256:47 | Constant | +| jca/IVArtifact.java:154:31:154:78 | Digest | Source | jca/IVArtifact.java:154:31:154:78 | Digest | +| jca/IVArtifact.java:154:31:154:78 | HashOperation | Algorithm | jca/IVArtifact.java:153:58:153:66 | HashAlgorithm | +| jca/IVArtifact.java:154:31:154:78 | HashOperation | Digest | jca/IVArtifact.java:154:31:154:78 | Digest | +| jca/IVArtifact.java:154:31:154:78 | HashOperation | Message | jca/IVArtifact.java:154:45:154:77 | Message | +| jca/IVArtifact.java:154:45:154:77 | Message | Source | jca/IVArtifact.java:154:45:154:59 | Constant | +| jca/IVArtifact.java:156:44:156:62 | KeyOperationAlgorithm | Mode | jca/IVArtifact.java:156:44:156:62 | ModeOfOperation | +| jca/IVArtifact.java:156:44:156:62 | KeyOperationAlgorithm | Padding | jca/IVArtifact.java:156:44:156:62 | PaddingAlgorithm | +| jca/IVArtifact.java:158:42:158:44 | Key | Source | jca/IVArtifact.java:255:29:255:44 | Key | +| jca/IVArtifact.java:158:47:158:50 | Nonce | Source | jca/IVArtifact.java:158:47:158:50 | Nonce | +| jca/IVArtifact.java:159:16:159:40 | EncryptOperation | Algorithm | jca/IVArtifact.java:156:44:156:62 | KeyOperationAlgorithm | +| jca/IVArtifact.java:159:16:159:40 | EncryptOperation | Input | jca/IVArtifact.java:159:31:159:39 | Message | +| jca/IVArtifact.java:159:16:159:40 | EncryptOperation | Key | jca/IVArtifact.java:158:42:158:44 | Key | +| jca/IVArtifact.java:159:16:159:40 | EncryptOperation | Nonce | jca/IVArtifact.java:158:47:158:50 | Nonce | +| jca/IVArtifact.java:159:16:159:40 | EncryptOperation | Output | jca/IVArtifact.java:159:16:159:40 | KeyOperationOutput | +| jca/IVArtifact.java:159:31:159:39 | Message | Source | jca/IVArtifact.java:256:32:256:47 | Constant | +| jca/IVArtifact.java:180:48:180:66 | KeyOperationAlgorithm | Mode | jca/IVArtifact.java:180:48:180:66 | ModeOfOperation | +| jca/IVArtifact.java:180:48:180:66 | KeyOperationAlgorithm | Padding | jca/IVArtifact.java:180:48:180:66 | PaddingAlgorithm | +| jca/IVArtifact.java:182:46:182:48 | Key | Source | jca/IVArtifact.java:255:29:255:44 | Key | +| jca/IVArtifact.java:182:51:182:54 | Nonce | Source | jca/IVArtifact.java:177:9:177:40 | RandomNumberGeneration | +| jca/IVArtifact.java:182:51:182:54 | Nonce | Source | jca/IVArtifact.java:177:38:177:39 | RandomNumberGeneration | +| jca/IVArtifact.java:183:30:183:58 | EncryptOperation | Algorithm | jca/IVArtifact.java:180:48:180:66 | KeyOperationAlgorithm | +| jca/IVArtifact.java:183:30:183:58 | EncryptOperation | Input | jca/IVArtifact.java:183:45:183:57 | Message | +| jca/IVArtifact.java:183:30:183:58 | EncryptOperation | Key | jca/IVArtifact.java:182:46:182:48 | Key | +| jca/IVArtifact.java:183:30:183:58 | EncryptOperation | Nonce | jca/IVArtifact.java:182:51:182:54 | Nonce | +| jca/IVArtifact.java:183:30:183:58 | EncryptOperation | Output | jca/IVArtifact.java:183:30:183:58 | KeyOperationOutput | +| jca/IVArtifact.java:183:45:183:57 | Message | Source | jca/IVArtifact.java:275:34:275:46 | Constant | +| jca/IVArtifact.java:183:45:183:57 | Message | Source | jca/IVArtifact.java:275:60:275:72 | Constant | +| jca/IVArtifact.java:183:45:183:57 | Message | Source | jca/IVArtifact.java:275:86:275:100 | Constant | +| jca/IVArtifact.java:198:44:198:62 | KeyOperationAlgorithm | Mode | jca/IVArtifact.java:198:44:198:62 | ModeOfOperation | +| jca/IVArtifact.java:198:44:198:62 | KeyOperationAlgorithm | Padding | jca/IVArtifact.java:198:44:198:62 | PaddingAlgorithm | +| jca/IVArtifact.java:201:42:201:44 | Key | Source | jca/IVArtifact.java:215:53:215:65 | Parameter | +| jca/IVArtifact.java:201:42:201:44 | Key | Source | jca/IVArtifact.java:235:60:235:72 | Parameter | +| jca/IVArtifact.java:201:47:201:50 | Nonce | Source | jca/IVArtifact.java:201:47:201:50 | Nonce | +| jca/IVArtifact.java:202:16:202:40 | EncryptOperation | Algorithm | jca/IVArtifact.java:198:44:198:62 | KeyOperationAlgorithm | +| jca/IVArtifact.java:202:16:202:40 | EncryptOperation | Input | jca/IVArtifact.java:202:31:202:39 | Message | +| jca/IVArtifact.java:202:16:202:40 | EncryptOperation | Key | jca/IVArtifact.java:201:42:201:44 | Key | +| jca/IVArtifact.java:202:16:202:40 | EncryptOperation | Nonce | jca/IVArtifact.java:201:47:201:50 | Nonce | +| jca/IVArtifact.java:202:16:202:40 | EncryptOperation | Output | jca/IVArtifact.java:202:16:202:40 | KeyOperationOutput | +| jca/IVArtifact.java:202:31:202:39 | Message | Source | jca/IVArtifact.java:215:68:215:83 | Parameter | +| jca/IVArtifact.java:202:31:202:39 | Message | Source | jca/IVArtifact.java:235:75:235:90 | Parameter | +| jca/IVArtifact.java:255:29:255:44 | KeyGeneration | Algorithm | jca/IVArtifact.java:253:56:253:60 | KeyOperationAlgorithm | +| jca/IVArtifact.java:255:29:255:44 | KeyGeneration | Output | jca/IVArtifact.java:255:29:255:44 | Key | +| jca/KeyAgreementHybridCryptosystem.java:51:16:51:36 | Key | Algorithm | jca/KeyAgreementHybridCryptosystem.java:50:47:50:57 | EllipticCurve | +| jca/KeyAgreementHybridCryptosystem.java:51:16:51:36 | KeyGeneration | Algorithm | jca/KeyAgreementHybridCryptosystem.java:50:47:50:57 | EllipticCurve | +| jca/KeyAgreementHybridCryptosystem.java:51:16:51:36 | KeyGeneration | Output | jca/KeyAgreementHybridCryptosystem.java:51:16:51:36 | Key | +| jca/KeyAgreementHybridCryptosystem.java:60:16:60:36 | Key | Algorithm | jca/KeyAgreementHybridCryptosystem.java:58:61:58:68 | KeyAgreementAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:60:16:60:36 | KeyGeneration | Algorithm | jca/KeyAgreementHybridCryptosystem.java:58:61:58:68 | KeyAgreementAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:60:16:60:36 | KeyGeneration | Output | jca/KeyAgreementHybridCryptosystem.java:60:16:60:36 | Key | +| jca/KeyAgreementHybridCryptosystem.java:68:17:68:26 | Key | Source | jca/KeyAgreementHybridCryptosystem.java:51:16:51:36 | Key | +| jca/KeyAgreementHybridCryptosystem.java:68:17:68:26 | Key | Source | jca/KeyAgreementHybridCryptosystem.java:60:16:60:36 | Key | +| jca/KeyAgreementHybridCryptosystem.java:69:20:69:28 | Key | Source | jca/KeyAgreementHybridCryptosystem.java:51:16:51:36 | Key | +| jca/KeyAgreementHybridCryptosystem.java:69:20:69:28 | Key | Source | jca/KeyAgreementHybridCryptosystem.java:60:16:60:36 | Key | +| jca/KeyAgreementHybridCryptosystem.java:70:16:70:34 | KeyAgreementOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:104:90:104:95 | KeyAgreementAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:70:16:70:34 | KeyAgreementOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:125:95:125:100 | KeyAgreementAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:70:16:70:34 | KeyAgreementOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:149:91:149:98 | KeyAgreementAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:70:16:70:34 | KeyAgreementOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:169:95:169:102 | KeyAgreementAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:70:16:70:34 | KeyAgreementOperation | Output | jca/KeyAgreementHybridCryptosystem.java:70:16:70:34 | SharedSecret | +| jca/KeyAgreementHybridCryptosystem.java:70:16:70:34 | KeyAgreementOperation | PeerKey | jca/KeyAgreementHybridCryptosystem.java:69:20:69:28 | Key | +| jca/KeyAgreementHybridCryptosystem.java:70:16:70:34 | KeyAgreementOperation | ServerKey | jca/KeyAgreementHybridCryptosystem.java:68:17:68:26 | Key | +| jca/KeyAgreementHybridCryptosystem.java:70:16:70:34 | SharedSecret | Source | jca/KeyAgreementHybridCryptosystem.java:70:16:70:34 | SharedSecret | +| jca/KeyAgreementHybridCryptosystem.java:79:23:79:42 | Digest | Source | jca/KeyAgreementHybridCryptosystem.java:79:23:79:42 | Digest | +| jca/KeyAgreementHybridCryptosystem.java:79:23:79:42 | HashOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:78:58:78:66 | HashAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:79:23:79:42 | HashOperation | Digest | jca/KeyAgreementHybridCryptosystem.java:79:23:79:42 | Digest | +| jca/KeyAgreementHybridCryptosystem.java:79:23:79:42 | HashOperation | Message | jca/KeyAgreementHybridCryptosystem.java:79:37:79:41 | Message | +| jca/KeyAgreementHybridCryptosystem.java:79:37:79:41 | Message | Source | jca/KeyAgreementHybridCryptosystem.java:70:16:70:34 | SharedSecret | +| jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | KeyOperationAlgorithm | Mode | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | ModeOfOperation | +| jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | KeyOperationAlgorithm | Padding | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | PaddingAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:112:42:112:47 | Key | Source | jca/KeyAgreementHybridCryptosystem.java:112:42:112:47 | Key | +| jca/KeyAgreementHybridCryptosystem.java:112:50:112:53 | Nonce | Source | jca/KeyAgreementHybridCryptosystem.java:110:9:110:40 | RandomNumberGeneration | +| jca/KeyAgreementHybridCryptosystem.java:112:50:112:53 | Nonce | Source | jca/KeyAgreementHybridCryptosystem.java:110:38:110:39 | RandomNumberGeneration | +| jca/KeyAgreementHybridCryptosystem.java:113:29:113:53 | EncryptOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:113:29:113:53 | EncryptOperation | Input | jca/KeyAgreementHybridCryptosystem.java:113:44:113:52 | Message | +| jca/KeyAgreementHybridCryptosystem.java:113:29:113:53 | EncryptOperation | Key | jca/KeyAgreementHybridCryptosystem.java:112:42:112:47 | Key | +| jca/KeyAgreementHybridCryptosystem.java:113:29:113:53 | EncryptOperation | Nonce | jca/KeyAgreementHybridCryptosystem.java:112:50:112:53 | Nonce | +| jca/KeyAgreementHybridCryptosystem.java:113:29:113:53 | EncryptOperation | Output | jca/KeyAgreementHybridCryptosystem.java:113:29:113:53 | KeyOperationOutput | +| jca/KeyAgreementHybridCryptosystem.java:113:44:113:52 | Message | Source | jca/KeyAgreementHybridCryptosystem.java:188:58:188:73 | Parameter | +| jca/KeyAgreementHybridCryptosystem.java:130:44:130:62 | KeyOperationAlgorithm | Mode | jca/KeyAgreementHybridCryptosystem.java:130:44:130:62 | ModeOfOperation | +| jca/KeyAgreementHybridCryptosystem.java:130:44:130:62 | KeyOperationAlgorithm | Padding | jca/KeyAgreementHybridCryptosystem.java:130:44:130:62 | PaddingAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:132:42:132:47 | Key | Source | jca/KeyAgreementHybridCryptosystem.java:132:42:132:47 | Key | +| jca/KeyAgreementHybridCryptosystem.java:132:50:132:53 | Nonce | Source | jca/KeyAgreementHybridCryptosystem.java:132:50:132:53 | Nonce | +| jca/KeyAgreementHybridCryptosystem.java:133:29:133:53 | EncryptOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:130:44:130:62 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:133:29:133:53 | EncryptOperation | Input | jca/KeyAgreementHybridCryptosystem.java:133:44:133:52 | Message | +| jca/KeyAgreementHybridCryptosystem.java:133:29:133:53 | EncryptOperation | Key | jca/KeyAgreementHybridCryptosystem.java:132:42:132:47 | Key | +| jca/KeyAgreementHybridCryptosystem.java:133:29:133:53 | EncryptOperation | Nonce | jca/KeyAgreementHybridCryptosystem.java:132:50:132:53 | Nonce | +| jca/KeyAgreementHybridCryptosystem.java:133:29:133:53 | EncryptOperation | Output | jca/KeyAgreementHybridCryptosystem.java:133:29:133:53 | KeyOperationOutput | +| jca/KeyAgreementHybridCryptosystem.java:133:44:133:52 | Message | Source | jca/KeyAgreementHybridCryptosystem.java:188:58:188:73 | Parameter | +| jca/KeyAgreementHybridCryptosystem.java:150:33:150:89 | Digest | Source | jca/KeyAgreementHybridCryptosystem.java:150:33:150:89 | Digest | +| jca/KeyAgreementHybridCryptosystem.java:150:33:150:89 | HashOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:150:59:150:67 | HashAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:150:33:150:89 | HashOperation | Digest | jca/KeyAgreementHybridCryptosystem.java:150:33:150:89 | Digest | +| jca/KeyAgreementHybridCryptosystem.java:150:33:150:89 | HashOperation | Message | jca/KeyAgreementHybridCryptosystem.java:150:77:150:88 | Message | +| jca/KeyAgreementHybridCryptosystem.java:150:77:150:88 | Message | Source | jca/KeyAgreementHybridCryptosystem.java:70:16:70:34 | SharedSecret | +| jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | KeyOperationAlgorithm | Mode | jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | KeyOperationAlgorithm | Padding | jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:156:42:156:50 | Key | Source | jca/KeyAgreementHybridCryptosystem.java:156:42:156:50 | Key | +| jca/KeyAgreementHybridCryptosystem.java:156:53:156:78 | Nonce | Source | jca/KeyAgreementHybridCryptosystem.java:155:9:155:43 | RandomNumberGeneration | +| jca/KeyAgreementHybridCryptosystem.java:156:53:156:78 | Nonce | Source | jca/KeyAgreementHybridCryptosystem.java:155:38:155:42 | RandomNumberGeneration | +| jca/KeyAgreementHybridCryptosystem.java:157:29:157:53 | EncryptOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:157:29:157:53 | EncryptOperation | Input | jca/KeyAgreementHybridCryptosystem.java:157:44:157:52 | Message | +| jca/KeyAgreementHybridCryptosystem.java:157:29:157:53 | EncryptOperation | Key | jca/KeyAgreementHybridCryptosystem.java:156:42:156:50 | Key | +| jca/KeyAgreementHybridCryptosystem.java:157:29:157:53 | EncryptOperation | Nonce | jca/KeyAgreementHybridCryptosystem.java:156:53:156:78 | Nonce | +| jca/KeyAgreementHybridCryptosystem.java:157:29:157:53 | EncryptOperation | Output | jca/KeyAgreementHybridCryptosystem.java:157:29:157:53 | KeyOperationOutput | +| jca/KeyAgreementHybridCryptosystem.java:157:44:157:52 | Message | Source | jca/KeyAgreementHybridCryptosystem.java:188:58:188:73 | Parameter | +| jca/KeyAgreementHybridCryptosystem.java:174:44:174:62 | KeyOperationAlgorithm | Mode | jca/KeyAgreementHybridCryptosystem.java:174:44:174:62 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:174:44:174:62 | KeyOperationAlgorithm | Padding | jca/KeyAgreementHybridCryptosystem.java:174:44:174:62 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:175:42:175:50 | Key | Source | jca/KeyAgreementHybridCryptosystem.java:175:42:175:50 | Key | +| jca/KeyAgreementHybridCryptosystem.java:175:53:175:83 | Nonce | Source | jca/KeyAgreementHybridCryptosystem.java:175:53:175:83 | Nonce | +| jca/KeyAgreementHybridCryptosystem.java:176:29:176:53 | EncryptOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:174:44:174:62 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:176:29:176:53 | EncryptOperation | Input | jca/KeyAgreementHybridCryptosystem.java:176:44:176:52 | Message | +| jca/KeyAgreementHybridCryptosystem.java:176:29:176:53 | EncryptOperation | Key | jca/KeyAgreementHybridCryptosystem.java:175:42:175:50 | Key | +| jca/KeyAgreementHybridCryptosystem.java:176:29:176:53 | EncryptOperation | Nonce | jca/KeyAgreementHybridCryptosystem.java:175:53:175:83 | Nonce | +| jca/KeyAgreementHybridCryptosystem.java:176:29:176:53 | EncryptOperation | Output | jca/KeyAgreementHybridCryptosystem.java:176:29:176:53 | KeyOperationOutput | +| jca/KeyAgreementHybridCryptosystem.java:176:44:176:52 | Message | Source | jca/KeyAgreementHybridCryptosystem.java:188:58:188:73 | Parameter | +| jca/KeyAgreementHybridCryptosystem.java:215:42:215:66 | Message | Source | jca/KeyAgreementHybridCryptosystem.java:212:58:212:70 | Parameter | +| jca/KeyAgreementHybridCryptosystem.java:215:69:215:72 | Salt | Source | jca/KeyAgreementHybridCryptosystem.java:269:9:269:42 | RandomNumberGeneration | +| jca/KeyAgreementHybridCryptosystem.java:215:69:215:72 | Salt | Source | jca/KeyAgreementHybridCryptosystem.java:269:38:269:41 | RandomNumberGeneration | +| jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | HMACAlgorithm | H | jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | HashAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | KeyDerivationAlgorithm | PRF | jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | HMACAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:217:26:217:53 | KeyDerivation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | KeyDerivationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:217:26:217:53 | KeyDerivation | Input | jca/KeyAgreementHybridCryptosystem.java:215:42:215:66 | Message | +| jca/KeyAgreementHybridCryptosystem.java:217:26:217:53 | KeyDerivation | Output | jca/KeyAgreementHybridCryptosystem.java:217:26:217:53 | Key | +| jca/KeyAgreementHybridCryptosystem.java:217:26:217:53 | KeyDerivation | Salt | jca/KeyAgreementHybridCryptosystem.java:215:69:215:72 | Salt | +| jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | KeyOperationAlgorithm | Mode | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | ModeOfOperation | +| jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | KeyOperationAlgorithm | Padding | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | PaddingAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:227:42:227:54 | Key | Source | jca/KeyAgreementHybridCryptosystem.java:227:42:227:54 | Key | +| jca/KeyAgreementHybridCryptosystem.java:227:57:227:63 | Nonce | Source | jca/KeyAgreementHybridCryptosystem.java:225:9:225:40 | RandomNumberGeneration | +| jca/KeyAgreementHybridCryptosystem.java:227:57:227:63 | Nonce | Source | jca/KeyAgreementHybridCryptosystem.java:225:38:225:39 | RandomNumberGeneration | +| jca/KeyAgreementHybridCryptosystem.java:228:29:228:53 | EncryptOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:228:29:228:53 | EncryptOperation | Input | jca/KeyAgreementHybridCryptosystem.java:228:44:228:52 | Message | +| jca/KeyAgreementHybridCryptosystem.java:228:29:228:53 | EncryptOperation | Key | jca/KeyAgreementHybridCryptosystem.java:227:42:227:54 | Key | +| jca/KeyAgreementHybridCryptosystem.java:228:29:228:53 | EncryptOperation | Nonce | jca/KeyAgreementHybridCryptosystem.java:227:57:227:63 | Nonce | +| jca/KeyAgreementHybridCryptosystem.java:228:29:228:53 | EncryptOperation | Output | jca/KeyAgreementHybridCryptosystem.java:228:29:228:53 | KeyOperationOutput | +| jca/KeyAgreementHybridCryptosystem.java:228:44:228:52 | Message | Source | jca/KeyAgreementHybridCryptosystem.java:212:73:212:88 | Parameter | +| jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | KeyOperationAlgorithm | Mode | jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | KeyOperationAlgorithm | Padding | jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:231:18:231:30 | Key | Source | jca/KeyAgreementHybridCryptosystem.java:231:18:231:30 | Key | +| jca/KeyAgreementHybridCryptosystem.java:232:30:232:52 | MACOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:232:30:232:52 | MACOperation | HashAlgorithm | jca/KeyAgreementHybridCryptosystem.java:232:30:232:52 | MACOperation | +| jca/KeyAgreementHybridCryptosystem.java:232:30:232:52 | MACOperation | Input | jca/KeyAgreementHybridCryptosystem.java:232:42:232:51 | Message | +| jca/KeyAgreementHybridCryptosystem.java:232:30:232:52 | MACOperation | Key | jca/KeyAgreementHybridCryptosystem.java:231:18:231:30 | Key | +| jca/KeyAgreementHybridCryptosystem.java:232:30:232:52 | MACOperation | Message | jca/KeyAgreementHybridCryptosystem.java:232:42:232:51 | Message | +| jca/KeyAgreementHybridCryptosystem.java:232:30:232:52 | MACOperation | Nonce | jca/KeyAgreementHybridCryptosystem.java:232:30:232:52 | MACOperation | +| jca/KeyAgreementHybridCryptosystem.java:232:30:232:52 | MACOperation | Output | jca/KeyAgreementHybridCryptosystem.java:232:30:232:52 | KeyOperationOutput | +| jca/KeyAgreementHybridCryptosystem.java:232:42:232:51 | Message | Source | jca/KeyAgreementHybridCryptosystem.java:228:29:228:53 | KeyOperationOutput | +| jca/KeyAgreementHybridCryptosystem.java:261:16:261:31 | KeyGeneration | Algorithm | jca/KeyAgreementHybridCryptosystem.java:259:52:259:56 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:261:16:261:31 | KeyGeneration | Output | jca/KeyAgreementHybridCryptosystem.java:261:16:261:31 | Key | +| jca/KeyArtifact.java:20:31:20:50 | KeyGeneration | Algorithm | jca/KeyArtifact.java:18:56:18:60 | KeyOperationAlgorithm | +| jca/KeyArtifact.java:20:31:20:50 | KeyGeneration | Output | jca/KeyArtifact.java:20:31:20:50 | Key | +| jca/KeyArtifact.java:25:30:25:49 | KeyGeneration | Algorithm | jca/KeyArtifact.java:23:43:23:47 | KeyOperationAlgorithm | +| jca/KeyArtifact.java:25:30:25:49 | KeyGeneration | Output | jca/KeyArtifact.java:25:30:25:49 | Key | +| jca/KeyArtifact.java:32:30:32:57 | Key | Algorithm | jca/KeyArtifact.java:30:68:30:72 | KeyOperationAlgorithm | +| jca/KeyArtifact.java:32:30:32:57 | KeyGeneration | Algorithm | jca/KeyArtifact.java:30:68:30:72 | KeyOperationAlgorithm | +| jca/KeyArtifact.java:32:30:32:57 | KeyGeneration | Output | jca/KeyArtifact.java:32:30:32:57 | Key | +| jca/KeyArtifact.java:37:29:37:56 | Key | Algorithm | jca/KeyArtifact.java:35:51:35:55 | KeyOperationAlgorithm | +| jca/KeyArtifact.java:37:29:37:56 | KeyGeneration | Algorithm | jca/KeyArtifact.java:35:51:35:55 | KeyOperationAlgorithm | +| jca/KeyArtifact.java:37:29:37:56 | KeyGeneration | Output | jca/KeyArtifact.java:37:29:37:56 | Key | +| jca/KeyArtifact.java:42:26:42:53 | Key | Algorithm | jca/KeyArtifact.java:42:26:42:53 | Key | +| jca/KeyArtifact.java:42:26:42:53 | KeyGeneration | Algorithm | jca/KeyArtifact.java:42:26:42:53 | KeyGeneration | +| jca/KeyArtifact.java:42:26:42:53 | KeyGeneration | Output | jca/KeyArtifact.java:42:26:42:53 | Key | +| jca/KeyArtifact.java:66:32:66:51 | KeyGeneration | Algorithm | jca/KeyArtifact.java:62:28:62:73 | LocalData | +| jca/KeyArtifact.java:66:32:66:51 | KeyGeneration | Algorithm | jca/KeyArtifact.java:62:68:62:72 | KeyOperationAlgorithm | +| jca/KeyArtifact.java:66:32:66:51 | KeyGeneration | Output | jca/KeyArtifact.java:66:32:66:51 | Key | +| jca/KeyArtifact.java:73:16:73:43 | Key | Algorithm | jca/KeyArtifact.java:78:32:78:36 | KeyOperationAlgorithm | +| jca/KeyArtifact.java:73:16:73:43 | Key | Algorithm | jca/KeyArtifact.java:78:45:78:53 | Constant | +| jca/KeyArtifact.java:73:16:73:43 | KeyGeneration | Algorithm | jca/KeyArtifact.java:78:32:78:36 | KeyOperationAlgorithm | +| jca/KeyArtifact.java:73:16:73:43 | KeyGeneration | Algorithm | jca/KeyArtifact.java:78:45:78:53 | Constant | +| jca/KeyArtifact.java:73:16:73:43 | KeyGeneration | Output | jca/KeyArtifact.java:73:16:73:43 | Key | +| jca/KeyDerivation1.java:80:42:80:63 | Message | Source | jca/KeyDerivation1.java:78:39:78:53 | Parameter | +| jca/KeyDerivation1.java:80:66:80:69 | Salt | Source | jca/KeyDerivation1.java:365:9:365:42 | RandomNumberGeneration | +| jca/KeyDerivation1.java:80:66:80:69 | Salt | Source | jca/KeyDerivation1.java:365:38:365:41 | RandomNumberGeneration | +| jca/KeyDerivation1.java:81:65:81:86 | HMACAlgorithm | H | jca/KeyDerivation1.java:81:65:81:86 | HashAlgorithm | +| jca/KeyDerivation1.java:81:65:81:86 | KeyDerivationAlgorithm | PRF | jca/KeyDerivation1.java:81:65:81:86 | HMACAlgorithm | +| jca/KeyDerivation1.java:82:22:82:49 | KeyDerivation | Algorithm | jca/KeyDerivation1.java:81:65:81:86 | KeyDerivationAlgorithm | +| jca/KeyDerivation1.java:82:22:82:49 | KeyDerivation | Input | jca/KeyDerivation1.java:80:42:80:63 | Message | +| jca/KeyDerivation1.java:82:22:82:49 | KeyDerivation | Output | jca/KeyDerivation1.java:82:22:82:49 | Key | +| jca/KeyDerivation1.java:82:22:82:49 | KeyDerivation | Salt | jca/KeyDerivation1.java:80:66:80:69 | Salt | +| jca/KeyDerivation1.java:94:42:94:63 | Message | Source | jca/KeyDerivation1.java:92:36:92:50 | Parameter | +| jca/KeyDerivation1.java:94:66:94:69 | Salt | Source | jca/KeyDerivation1.java:365:9:365:42 | RandomNumberGeneration | +| jca/KeyDerivation1.java:94:66:94:69 | Salt | Source | jca/KeyDerivation1.java:365:38:365:41 | RandomNumberGeneration | +| jca/KeyDerivation1.java:95:65:95:86 | HMACAlgorithm | H | jca/KeyDerivation1.java:95:65:95:86 | HashAlgorithm | +| jca/KeyDerivation1.java:95:65:95:86 | KeyDerivationAlgorithm | PRF | jca/KeyDerivation1.java:95:65:95:86 | HMACAlgorithm | +| jca/KeyDerivation1.java:96:22:96:49 | KeyDerivation | Algorithm | jca/KeyDerivation1.java:95:65:95:86 | KeyDerivationAlgorithm | +| jca/KeyDerivation1.java:96:22:96:49 | KeyDerivation | Input | jca/KeyDerivation1.java:94:42:94:63 | Message | +| jca/KeyDerivation1.java:96:22:96:49 | KeyDerivation | Output | jca/KeyDerivation1.java:96:22:96:49 | Key | +| jca/KeyDerivation1.java:96:22:96:49 | KeyDerivation | Salt | jca/KeyDerivation1.java:94:66:94:69 | Salt | +| jca/KeyDerivation1.java:108:42:108:63 | Message | Source | jca/KeyDerivation1.java:106:37:106:51 | Parameter | +| jca/KeyDerivation1.java:108:66:108:69 | Salt | Source | jca/KeyDerivation1.java:365:9:365:42 | RandomNumberGeneration | +| jca/KeyDerivation1.java:108:66:108:69 | Salt | Source | jca/KeyDerivation1.java:365:38:365:41 | RandomNumberGeneration | +| jca/KeyDerivation1.java:109:65:109:86 | HMACAlgorithm | H | jca/KeyDerivation1.java:109:65:109:86 | HashAlgorithm | +| jca/KeyDerivation1.java:109:65:109:86 | KeyDerivationAlgorithm | PRF | jca/KeyDerivation1.java:109:65:109:86 | HMACAlgorithm | +| jca/KeyDerivation1.java:110:22:110:49 | KeyDerivation | Algorithm | jca/KeyDerivation1.java:109:65:109:86 | KeyDerivationAlgorithm | +| jca/KeyDerivation1.java:110:22:110:49 | KeyDerivation | Input | jca/KeyDerivation1.java:108:42:108:63 | Message | +| jca/KeyDerivation1.java:110:22:110:49 | KeyDerivation | Output | jca/KeyDerivation1.java:110:22:110:49 | Key | +| jca/KeyDerivation1.java:110:22:110:49 | KeyDerivation | Salt | jca/KeyDerivation1.java:108:66:108:69 | Salt | +| jca/KeyDerivation1.java:122:42:122:63 | Message | Source | jca/KeyDerivation1.java:120:32:120:46 | Parameter | +| jca/KeyDerivation1.java:122:66:122:69 | Salt | Source | jca/KeyDerivation1.java:365:9:365:42 | RandomNumberGeneration | +| jca/KeyDerivation1.java:122:66:122:69 | Salt | Source | jca/KeyDerivation1.java:365:38:365:41 | RandomNumberGeneration | +| jca/KeyDerivation1.java:123:65:123:84 | HMACAlgorithm | H | jca/KeyDerivation1.java:123:65:123:84 | HashAlgorithm | +| jca/KeyDerivation1.java:123:65:123:84 | KeyDerivationAlgorithm | PRF | jca/KeyDerivation1.java:123:65:123:84 | HMACAlgorithm | +| jca/KeyDerivation1.java:124:22:124:49 | KeyDerivation | Algorithm | jca/KeyDerivation1.java:123:65:123:84 | KeyDerivationAlgorithm | +| jca/KeyDerivation1.java:124:22:124:49 | KeyDerivation | Input | jca/KeyDerivation1.java:122:42:122:63 | Message | +| jca/KeyDerivation1.java:124:22:124:49 | KeyDerivation | Output | jca/KeyDerivation1.java:124:22:124:49 | Key | +| jca/KeyDerivation1.java:124:22:124:49 | KeyDerivation | Salt | jca/KeyDerivation1.java:122:66:122:69 | Salt | +| jca/KeyDerivation1.java:136:42:136:63 | Message | Source | jca/KeyDerivation1.java:134:34:134:48 | Parameter | +| jca/KeyDerivation1.java:136:66:136:69 | Salt | Source | jca/KeyDerivation1.java:365:9:365:42 | RandomNumberGeneration | +| jca/KeyDerivation1.java:136:66:136:69 | Salt | Source | jca/KeyDerivation1.java:365:38:365:41 | RandomNumberGeneration | +| jca/KeyDerivation1.java:137:65:137:86 | HMACAlgorithm | H | jca/KeyDerivation1.java:137:65:137:86 | HashAlgorithm | +| jca/KeyDerivation1.java:137:65:137:86 | KeyDerivationAlgorithm | PRF | jca/KeyDerivation1.java:137:65:137:86 | HMACAlgorithm | +| jca/KeyDerivation1.java:138:22:138:49 | KeyDerivation | Algorithm | jca/KeyDerivation1.java:137:65:137:86 | KeyDerivationAlgorithm | +| jca/KeyDerivation1.java:138:22:138:49 | KeyDerivation | Input | jca/KeyDerivation1.java:136:42:136:63 | Message | +| jca/KeyDerivation1.java:138:22:138:49 | KeyDerivation | Output | jca/KeyDerivation1.java:138:22:138:49 | Key | +| jca/KeyDerivation1.java:138:22:138:49 | KeyDerivation | Salt | jca/KeyDerivation1.java:136:66:136:69 | Salt | +| jca/KeyDerivation1.java:157:42:157:63 | Message | Source | jca/KeyDerivation1.java:154:28:154:42 | Parameter | +| jca/KeyDerivation1.java:157:66:157:69 | Salt | Source | jca/KeyDerivation1.java:365:9:365:42 | RandomNumberGeneration | +| jca/KeyDerivation1.java:157:66:157:69 | Salt | Source | jca/KeyDerivation1.java:365:38:365:41 | RandomNumberGeneration | +| jca/KeyDerivation1.java:159:22:159:49 | KeyDerivation | Algorithm | jca/KeyDerivation1.java:158:65:158:72 | Constant | +| jca/KeyDerivation1.java:159:22:159:49 | KeyDerivation | Input | jca/KeyDerivation1.java:157:42:157:63 | Message | +| jca/KeyDerivation1.java:159:22:159:49 | KeyDerivation | Output | jca/KeyDerivation1.java:159:22:159:49 | Key | +| jca/KeyDerivation1.java:159:22:159:49 | KeyDerivation | Salt | jca/KeyDerivation1.java:157:66:157:69 | Salt | +| jca/KeyDerivation1.java:172:42:172:63 | Message | Source | jca/KeyDerivation1.java:169:30:169:44 | Parameter | +| jca/KeyDerivation1.java:172:66:172:69 | Salt | Source | jca/KeyDerivation1.java:365:9:365:42 | RandomNumberGeneration | +| jca/KeyDerivation1.java:172:66:172:69 | Salt | Source | jca/KeyDerivation1.java:365:38:365:41 | RandomNumberGeneration | +| jca/KeyDerivation1.java:174:22:174:49 | KeyDerivation | Algorithm | jca/KeyDerivation1.java:173:65:173:72 | Constant | +| jca/KeyDerivation1.java:174:22:174:49 | KeyDerivation | Input | jca/KeyDerivation1.java:172:42:172:63 | Message | +| jca/KeyDerivation1.java:174:22:174:49 | KeyDerivation | Output | jca/KeyDerivation1.java:174:22:174:49 | Key | +| jca/KeyDerivation1.java:174:22:174:49 | KeyDerivation | Salt | jca/KeyDerivation1.java:172:66:172:69 | Salt | +| jca/KeyDerivation1.java:244:29:244:59 | Digest | Source | jca/KeyDerivation1.java:244:29:244:59 | Digest | +| jca/KeyDerivation1.java:244:29:244:59 | HashOperation | Algorithm | jca/KeyDerivation1.java:243:58:243:66 | HashAlgorithm | +| jca/KeyDerivation1.java:244:29:244:59 | HashOperation | Digest | jca/KeyDerivation1.java:244:29:244:59 | Digest | +| jca/KeyDerivation1.java:244:29:244:59 | HashOperation | Message | jca/KeyDerivation1.java:244:43:244:58 | Message | +| jca/KeyDerivation1.java:244:43:244:58 | Message | Source | jca/KeyDerivation1.java:242:45:242:56 | Parameter | +| jca/KeyDerivation1.java:249:70:249:88 | KeyOperationAlgorithm | Mode | jca/KeyDerivation1.java:249:70:249:88 | ModeOfOperation | +| jca/KeyDerivation1.java:249:70:249:88 | KeyOperationAlgorithm | Padding | jca/KeyDerivation1.java:249:70:249:88 | PaddingAlgorithm | +| jca/KeyDerivation1.java:250:55:250:57 | Key | Source | jca/KeyDerivation1.java:250:55:250:57 | Key | +| jca/KeyDerivation1.java:251:29:251:74 | EncryptOperation | Algorithm | jca/KeyDerivation1.java:249:70:249:88 | KeyOperationAlgorithm | +| jca/KeyDerivation1.java:251:29:251:74 | EncryptOperation | Input | jca/KeyDerivation1.java:251:44:251:73 | Message | +| jca/KeyDerivation1.java:251:29:251:74 | EncryptOperation | Key | jca/KeyDerivation1.java:250:55:250:57 | Key | +| jca/KeyDerivation1.java:251:29:251:74 | EncryptOperation | Nonce | jca/KeyDerivation1.java:251:29:251:74 | EncryptOperation | +| jca/KeyDerivation1.java:251:29:251:74 | EncryptOperation | Output | jca/KeyDerivation1.java:251:29:251:74 | KeyOperationOutput | +| jca/KeyDerivation1.java:251:44:251:73 | Message | Source | jca/KeyDerivation1.java:251:44:251:62 | Constant | +| jca/KeyDerivation1.java:309:54:309:75 | HMACAlgorithm | H | jca/KeyDerivation1.java:309:54:309:75 | HashAlgorithm | +| jca/KeyDerivation1.java:309:54:309:75 | KeyDerivationAlgorithm | PRF | jca/KeyDerivation1.java:309:54:309:75 | HMACAlgorithm | +| jca/KeyDerivation1.java:314:42:314:63 | Message | Source | jca/KeyDerivation1.java:302:37:302:51 | Parameter | +| jca/KeyDerivation1.java:314:66:314:69 | Salt | Source | jca/KeyDerivation1.java:365:9:365:42 | RandomNumberGeneration | +| jca/KeyDerivation1.java:314:66:314:69 | Salt | Source | jca/KeyDerivation1.java:365:38:365:41 | RandomNumberGeneration | +| jca/KeyDerivation1.java:316:26:316:53 | KeyDerivation | Algorithm | jca/KeyDerivation1.java:309:25:309:76 | LocalData | +| jca/KeyDerivation1.java:316:26:316:53 | KeyDerivation | Algorithm | jca/KeyDerivation1.java:309:54:309:75 | KeyDerivationAlgorithm | +| jca/KeyDerivation1.java:316:26:316:53 | KeyDerivation | Input | jca/KeyDerivation1.java:314:42:314:63 | Message | +| jca/KeyDerivation1.java:316:26:316:53 | KeyDerivation | Output | jca/KeyDerivation1.java:316:26:316:53 | Key | +| jca/KeyDerivation1.java:316:26:316:53 | KeyDerivation | Salt | jca/KeyDerivation1.java:314:66:314:69 | Salt | +| jca/KeyDerivation1.java:333:42:333:63 | Message | Source | jca/KeyDerivation1.java:283:43:283:57 | Parameter | +| jca/KeyDerivation1.java:333:66:333:69 | Salt | Source | jca/KeyDerivation1.java:365:9:365:42 | RandomNumberGeneration | +| jca/KeyDerivation1.java:333:66:333:69 | Salt | Source | jca/KeyDerivation1.java:365:38:365:41 | RandomNumberGeneration | +| jca/KeyDerivation1.java:334:65:334:86 | HMACAlgorithm | H | jca/KeyDerivation1.java:334:65:334:86 | HashAlgorithm | +| jca/KeyDerivation1.java:334:65:334:86 | KeyDerivationAlgorithm | PRF | jca/KeyDerivation1.java:334:65:334:86 | HMACAlgorithm | +| jca/KeyDerivation1.java:335:16:335:43 | KeyDerivation | Algorithm | jca/KeyDerivation1.java:334:65:334:86 | KeyDerivationAlgorithm | +| jca/KeyDerivation1.java:335:16:335:43 | KeyDerivation | Input | jca/KeyDerivation1.java:333:42:333:63 | Message | +| jca/KeyDerivation1.java:335:16:335:43 | KeyDerivation | Output | jca/KeyDerivation1.java:335:16:335:43 | Key | +| jca/KeyDerivation1.java:335:16:335:43 | KeyDerivation | Salt | jca/KeyDerivation1.java:333:66:333:69 | Salt | +| jca/KeyDerivation1.java:345:36:345:47 | KeyOperationAlgorithm | Mode | jca/KeyDerivation1.java:345:36:345:47 | KeyOperationAlgorithm | +| jca/KeyDerivation1.java:345:36:345:47 | KeyOperationAlgorithm | Padding | jca/KeyDerivation1.java:345:36:345:47 | KeyOperationAlgorithm | +| jca/KeyDerivation1.java:347:19:347:27 | Key | Source | jca/KeyDerivation1.java:347:19:347:27 | Key | +| jca/KeyDerivation1.java:348:22:348:38 | MACOperation | Algorithm | jca/KeyDerivation1.java:345:36:345:47 | KeyOperationAlgorithm | +| jca/KeyDerivation1.java:348:22:348:38 | MACOperation | HashAlgorithm | jca/KeyDerivation1.java:348:22:348:38 | MACOperation | +| jca/KeyDerivation1.java:348:22:348:38 | MACOperation | Input | jca/KeyDerivation1.java:348:35:348:37 | Message | +| jca/KeyDerivation1.java:348:22:348:38 | MACOperation | Key | jca/KeyDerivation1.java:347:19:347:27 | Key | +| jca/KeyDerivation1.java:348:22:348:38 | MACOperation | Message | jca/KeyDerivation1.java:348:35:348:37 | Message | +| jca/KeyDerivation1.java:348:22:348:38 | MACOperation | Nonce | jca/KeyDerivation1.java:348:22:348:38 | MACOperation | +| jca/KeyDerivation1.java:348:22:348:38 | MACOperation | Output | jca/KeyDerivation1.java:348:22:348:38 | KeyOperationOutput | +| jca/KeyDerivation1.java:348:35:348:37 | Message | Source | jca/KeyDerivation1.java:269:32:269:41 | Parameter | +| jca/KeyDerivation1.java:348:35:348:37 | Message | Source | jca/KeyDerivation1.java:283:60:283:78 | Parameter | +| jca/KeyDerivation1.java:352:19:352:54 | Key | Source | jca/KeyDerivation1.java:352:19:352:54 | Key | +| jca/KeyDerivation1.java:353:22:353:62 | MACOperation | Algorithm | jca/KeyDerivation1.java:345:36:345:47 | KeyOperationAlgorithm | +| jca/KeyDerivation1.java:353:22:353:62 | MACOperation | HashAlgorithm | jca/KeyDerivation1.java:353:22:353:62 | MACOperation | +| jca/KeyDerivation1.java:353:22:353:62 | MACOperation | Input | jca/KeyDerivation1.java:353:35:353:61 | Message | +| jca/KeyDerivation1.java:353:22:353:62 | MACOperation | Key | jca/KeyDerivation1.java:347:19:347:27 | Key | +| jca/KeyDerivation1.java:353:22:353:62 | MACOperation | Key | jca/KeyDerivation1.java:352:19:352:54 | Key | +| jca/KeyDerivation1.java:353:22:353:62 | MACOperation | Message | jca/KeyDerivation1.java:353:35:353:61 | Message | +| jca/KeyDerivation1.java:353:22:353:62 | MACOperation | Nonce | jca/KeyDerivation1.java:353:22:353:62 | MACOperation | +| jca/KeyDerivation1.java:353:22:353:62 | MACOperation | Output | jca/KeyDerivation1.java:353:22:353:62 | KeyOperationOutput | +| jca/KeyDerivation1.java:353:35:353:61 | Message | Source | jca/KeyDerivation1.java:353:35:353:50 | Constant | +| jca/KeyEncapsulation.java:62:28:62:47 | KeyGeneration | Algorithm | jca/KeyEncapsulation.java:60:56:60:60 | KeyOperationAlgorithm | +| jca/KeyEncapsulation.java:62:28:62:47 | KeyGeneration | Output | jca/KeyEncapsulation.java:62:28:62:47 | Key | +| jca/KeyEncapsulation.java:67:47:67:85 | KeyOperationAlgorithm | Mode | jca/KeyEncapsulation.java:67:47:67:85 | ModeOfOperation | +| jca/KeyEncapsulation.java:67:47:67:85 | KeyOperationAlgorithm | Padding | jca/KeyEncapsulation.java:67:47:67:85 | PaddingAlgorithm | +| jca/KeyEncapsulation.java:67:47:67:85 | PaddingAlgorithm | MD | jca/KeyEncapsulation.java:67:47:67:85 | HashAlgorithm | +| jca/KeyEncapsulation.java:67:47:67:85 | PaddingAlgorithm | MGF1Hash | jca/KeyEncapsulation.java:67:47:67:85 | PaddingAlgorithm | +| jca/KeyEncapsulation.java:68:45:68:50 | Key | Source | jca/KeyEncapsulation.java:209:25:209:48 | Key | +| jca/KeyEncapsulation.java:69:29:69:66 | EncryptOperation | Algorithm | jca/KeyEncapsulation.java:67:47:67:85 | KeyOperationAlgorithm | +| jca/KeyEncapsulation.java:69:29:69:66 | EncryptOperation | Input | jca/KeyEncapsulation.java:69:47:69:65 | Message | +| jca/KeyEncapsulation.java:69:29:69:66 | EncryptOperation | Key | jca/KeyEncapsulation.java:68:45:68:50 | Key | +| jca/KeyEncapsulation.java:69:29:69:66 | EncryptOperation | Nonce | jca/KeyEncapsulation.java:69:29:69:66 | EncryptOperation | +| jca/KeyEncapsulation.java:69:29:69:66 | EncryptOperation | Output | jca/KeyEncapsulation.java:69:29:69:66 | KeyOperationOutput | +| jca/KeyEncapsulation.java:69:47:69:65 | Message | Source | jca/KeyEncapsulation.java:62:28:62:47 | Key | +| jca/KeyEncapsulation.java:73:47:73:65 | KeyOperationAlgorithm | Mode | jca/KeyEncapsulation.java:73:47:73:65 | ModeOfOperation | +| jca/KeyEncapsulation.java:73:47:73:65 | KeyOperationAlgorithm | Padding | jca/KeyEncapsulation.java:73:47:73:65 | PaddingAlgorithm | +| jca/KeyEncapsulation.java:77:45:77:50 | Key | Source | jca/KeyEncapsulation.java:62:28:62:47 | Key | +| jca/KeyEncapsulation.java:77:53:77:59 | Nonce | Source | jca/KeyEncapsulation.java:75:9:75:40 | RandomNumberGeneration | +| jca/KeyEncapsulation.java:77:53:77:59 | Nonce | Source | jca/KeyEncapsulation.java:75:38:75:39 | RandomNumberGeneration | +| jca/KeyEncapsulation.java:78:29:78:80 | EncryptOperation | Algorithm | jca/KeyEncapsulation.java:73:47:73:65 | KeyOperationAlgorithm | +| jca/KeyEncapsulation.java:78:29:78:80 | EncryptOperation | Input | jca/KeyEncapsulation.java:78:47:78:79 | Message | +| jca/KeyEncapsulation.java:78:29:78:80 | EncryptOperation | Key | jca/KeyEncapsulation.java:77:45:77:50 | Key | +| jca/KeyEncapsulation.java:78:29:78:80 | EncryptOperation | Nonce | jca/KeyEncapsulation.java:77:53:77:59 | Nonce | +| jca/KeyEncapsulation.java:78:29:78:80 | EncryptOperation | Output | jca/KeyEncapsulation.java:78:29:78:80 | KeyOperationOutput | +| jca/KeyEncapsulation.java:78:47:78:79 | Message | Source | jca/KeyEncapsulation.java:78:47:78:68 | Constant | +| jca/KeyEncapsulation.java:92:47:92:85 | KeyOperationAlgorithm | Mode | jca/KeyEncapsulation.java:92:47:92:85 | ModeOfOperation | +| jca/KeyEncapsulation.java:92:47:92:85 | KeyOperationAlgorithm | Padding | jca/KeyEncapsulation.java:92:47:92:85 | PaddingAlgorithm | +| jca/KeyEncapsulation.java:92:47:92:85 | PaddingAlgorithm | MD | jca/KeyEncapsulation.java:92:47:92:85 | HashAlgorithm | +| jca/KeyEncapsulation.java:92:47:92:85 | PaddingAlgorithm | MGF1Hash | jca/KeyEncapsulation.java:92:47:92:85 | PaddingAlgorithm | +| jca/KeyEncapsulation.java:93:45:93:51 | Key | Source | jca/KeyEncapsulation.java:91:37:91:54 | Parameter | +| jca/KeyEncapsulation.java:94:30:94:58 | DecryptOperation | Algorithm | jca/KeyEncapsulation.java:92:47:92:85 | KeyOperationAlgorithm | +| jca/KeyEncapsulation.java:94:30:94:58 | DecryptOperation | Input | jca/KeyEncapsulation.java:94:48:94:57 | Message | +| jca/KeyEncapsulation.java:94:30:94:58 | DecryptOperation | Key | jca/KeyEncapsulation.java:93:45:93:51 | Key | +| jca/KeyEncapsulation.java:94:30:94:58 | DecryptOperation | Nonce | jca/KeyEncapsulation.java:94:30:94:58 | DecryptOperation | +| jca/KeyEncapsulation.java:94:30:94:58 | DecryptOperation | Output | jca/KeyEncapsulation.java:94:30:94:58 | KeyOperationOutput | +| jca/KeyEncapsulation.java:94:48:94:57 | Message | Source | jca/KeyEncapsulation.java:91:57:91:73 | Parameter | +| jca/KeyEncapsulation.java:118:31:118:51 | Key | Algorithm | jca/KeyEncapsulation.java:117:47:117:57 | EllipticCurve | +| jca/KeyEncapsulation.java:118:31:118:51 | KeyGeneration | Algorithm | jca/KeyEncapsulation.java:117:47:117:57 | EllipticCurve | +| jca/KeyEncapsulation.java:118:31:118:51 | KeyGeneration | Output | jca/KeyEncapsulation.java:118:31:118:51 | Key | +| jca/KeyEncapsulation.java:122:17:122:40 | Key | Source | jca/KeyEncapsulation.java:118:31:118:51 | Key | +| jca/KeyEncapsulation.java:123:20:123:24 | Key | Source | jca/KeyEncapsulation.java:215:24:215:46 | Key | +| jca/KeyEncapsulation.java:124:31:124:49 | KeyAgreementOperation | Algorithm | jca/KeyEncapsulation.java:121:52:121:57 | KeyAgreementAlgorithm | +| jca/KeyEncapsulation.java:124:31:124:49 | KeyAgreementOperation | Output | jca/KeyEncapsulation.java:124:31:124:49 | SharedSecret | +| jca/KeyEncapsulation.java:124:31:124:49 | KeyAgreementOperation | PeerKey | jca/KeyEncapsulation.java:123:20:123:24 | Key | +| jca/KeyEncapsulation.java:124:31:124:49 | KeyAgreementOperation | ServerKey | jca/KeyEncapsulation.java:122:17:122:40 | Key | +| jca/KeyEncapsulation.java:124:31:124:49 | SharedSecret | Source | jca/KeyEncapsulation.java:124:31:124:49 | SharedSecret | +| jca/KeyEncapsulation.java:133:47:133:65 | KeyOperationAlgorithm | Mode | jca/KeyEncapsulation.java:133:47:133:65 | ModeOfOperation | +| jca/KeyEncapsulation.java:133:47:133:65 | KeyOperationAlgorithm | Padding | jca/KeyEncapsulation.java:133:47:133:65 | PaddingAlgorithm | +| jca/KeyEncapsulation.java:136:45:136:50 | Key | Source | jca/KeyEncapsulation.java:136:45:136:50 | Key | +| jca/KeyEncapsulation.java:136:53:136:81 | Nonce | Source | jca/KeyEncapsulation.java:135:9:135:40 | RandomNumberGeneration | +| jca/KeyEncapsulation.java:136:53:136:81 | Nonce | Source | jca/KeyEncapsulation.java:135:38:135:39 | RandomNumberGeneration | +| jca/KeyEncapsulation.java:137:29:137:73 | EncryptOperation | Algorithm | jca/KeyEncapsulation.java:133:47:133:65 | KeyOperationAlgorithm | +| jca/KeyEncapsulation.java:137:29:137:73 | EncryptOperation | Input | jca/KeyEncapsulation.java:137:47:137:72 | Message | +| jca/KeyEncapsulation.java:137:29:137:73 | EncryptOperation | Key | jca/KeyEncapsulation.java:136:45:136:50 | Key | +| jca/KeyEncapsulation.java:137:29:137:73 | EncryptOperation | Nonce | jca/KeyEncapsulation.java:136:53:136:81 | Nonce | +| jca/KeyEncapsulation.java:137:29:137:73 | EncryptOperation | Output | jca/KeyEncapsulation.java:137:29:137:73 | KeyOperationOutput | +| jca/KeyEncapsulation.java:137:47:137:72 | Message | Source | jca/KeyEncapsulation.java:137:47:137:61 | Constant | +| jca/KeyEncapsulation.java:187:31:187:51 | Key | Algorithm | jca/KeyEncapsulation.java:186:47:186:57 | EllipticCurve | +| jca/KeyEncapsulation.java:187:31:187:51 | KeyGeneration | Algorithm | jca/KeyEncapsulation.java:186:47:186:57 | EllipticCurve | +| jca/KeyEncapsulation.java:187:31:187:51 | KeyGeneration | Output | jca/KeyEncapsulation.java:187:31:187:51 | Key | +| jca/KeyEncapsulation.java:189:17:189:40 | Key | Source | jca/KeyEncapsulation.java:187:31:187:51 | Key | +| jca/KeyEncapsulation.java:190:20:190:34 | Key | Source | jca/KeyEncapsulation.java:226:31:226:53 | Key | +| jca/KeyEncapsulation.java:191:31:191:49 | KeyAgreementOperation | Algorithm | jca/KeyEncapsulation.java:188:52:188:57 | KeyAgreementAlgorithm | +| jca/KeyEncapsulation.java:191:31:191:49 | KeyAgreementOperation | Output | jca/KeyEncapsulation.java:191:31:191:49 | SharedSecret | +| jca/KeyEncapsulation.java:191:31:191:49 | KeyAgreementOperation | PeerKey | jca/KeyEncapsulation.java:190:20:190:34 | Key | +| jca/KeyEncapsulation.java:191:31:191:49 | KeyAgreementOperation | ServerKey | jca/KeyEncapsulation.java:189:17:189:40 | Key | +| jca/KeyEncapsulation.java:191:31:191:49 | SharedSecret | Source | jca/KeyEncapsulation.java:191:31:191:49 | SharedSecret | +| jca/KeyEncapsulation.java:209:25:209:48 | Key | Algorithm | jca/KeyEncapsulation.java:207:64:207:68 | KeyOperationAlgorithm | +| jca/KeyEncapsulation.java:209:25:209:48 | KeyGeneration | Algorithm | jca/KeyEncapsulation.java:207:64:207:68 | KeyOperationAlgorithm | +| jca/KeyEncapsulation.java:209:25:209:48 | KeyGeneration | Output | jca/KeyEncapsulation.java:209:25:209:48 | Key | +| jca/KeyEncapsulation.java:215:24:215:46 | Key | Algorithm | jca/KeyEncapsulation.java:214:49:214:59 | EllipticCurve | +| jca/KeyEncapsulation.java:215:24:215:46 | KeyGeneration | Algorithm | jca/KeyEncapsulation.java:214:49:214:59 | EllipticCurve | +| jca/KeyEncapsulation.java:215:24:215:46 | KeyGeneration | Output | jca/KeyEncapsulation.java:215:24:215:46 | Key | +| jca/KeyEncapsulation.java:226:31:226:53 | Key | Algorithm | jca/KeyEncapsulation.java:214:49:214:59 | EllipticCurve | +| jca/KeyEncapsulation.java:226:31:226:53 | KeyGeneration | Algorithm | jca/KeyEncapsulation.java:214:49:214:59 | EllipticCurve | +| jca/KeyEncapsulation.java:226:31:226:53 | KeyGeneration | Output | jca/KeyEncapsulation.java:226:31:226:53 | Key | +| jca/KeyExchange.java:54:16:54:38 | Key | Algorithm | jca/KeyExchange.java:52:63:52:66 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:54:16:54:38 | KeyGeneration | Algorithm | jca/KeyExchange.java:52:63:52:66 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:54:16:54:38 | KeyGeneration | Output | jca/KeyExchange.java:54:16:54:38 | Key | +| jca/KeyExchange.java:70:16:70:38 | Key | Algorithm | jca/KeyExchange.java:67:63:67:66 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:70:16:70:38 | KeyGeneration | Algorithm | jca/KeyExchange.java:67:63:67:66 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:70:16:70:38 | KeyGeneration | Output | jca/KeyExchange.java:70:16:70:38 | Key | +| jca/KeyExchange.java:85:16:85:38 | Key | Algorithm | jca/KeyExchange.java:83:63:83:66 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:85:16:85:38 | KeyGeneration | Algorithm | jca/KeyExchange.java:83:63:83:66 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:85:16:85:38 | KeyGeneration | Output | jca/KeyExchange.java:85:16:85:38 | Key | +| jca/KeyExchange.java:100:17:100:26 | Key | Source | jca/KeyExchange.java:54:16:54:38 | Key | +| jca/KeyExchange.java:100:17:100:26 | Key | Source | jca/KeyExchange.java:70:16:70:38 | Key | +| jca/KeyExchange.java:100:17:100:26 | Key | Source | jca/KeyExchange.java:85:16:85:38 | Key | +| jca/KeyExchange.java:101:20:101:28 | Key | Source | jca/KeyExchange.java:54:16:54:38 | Key | +| jca/KeyExchange.java:101:20:101:28 | Key | Source | jca/KeyExchange.java:70:16:70:38 | Key | +| jca/KeyExchange.java:101:20:101:28 | Key | Source | jca/KeyExchange.java:85:16:85:38 | Key | +| jca/KeyExchange.java:102:16:102:34 | KeyAgreementOperation | Algorithm | jca/KeyExchange.java:99:52:99:55 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:102:16:102:34 | KeyAgreementOperation | Output | jca/KeyExchange.java:102:16:102:34 | SharedSecret | +| jca/KeyExchange.java:102:16:102:34 | KeyAgreementOperation | PeerKey | jca/KeyExchange.java:101:20:101:28 | Key | +| jca/KeyExchange.java:102:16:102:34 | KeyAgreementOperation | ServerKey | jca/KeyExchange.java:100:17:100:26 | Key | +| jca/KeyExchange.java:102:16:102:34 | SharedSecret | Source | jca/KeyExchange.java:102:16:102:34 | SharedSecret | +| jca/KeyExchange.java:122:16:122:38 | Key | Algorithm | jca/KeyExchange.java:121:49:121:59 | EllipticCurve | +| jca/KeyExchange.java:122:16:122:38 | KeyGeneration | Algorithm | jca/KeyExchange.java:121:49:121:59 | EllipticCurve | +| jca/KeyExchange.java:122:16:122:38 | KeyGeneration | Output | jca/KeyExchange.java:122:16:122:38 | Key | +| jca/KeyExchange.java:137:17:137:26 | Key | Source | jca/KeyExchange.java:122:16:122:38 | Key | +| jca/KeyExchange.java:138:20:138:28 | Key | Source | jca/KeyExchange.java:122:16:122:38 | Key | +| jca/KeyExchange.java:139:16:139:34 | KeyAgreementOperation | Algorithm | jca/KeyExchange.java:136:52:136:57 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:139:16:139:34 | KeyAgreementOperation | Output | jca/KeyExchange.java:139:16:139:34 | SharedSecret | +| jca/KeyExchange.java:139:16:139:34 | KeyAgreementOperation | PeerKey | jca/KeyExchange.java:138:20:138:28 | Key | +| jca/KeyExchange.java:139:16:139:34 | KeyAgreementOperation | ServerKey | jca/KeyExchange.java:137:17:137:26 | Key | +| jca/KeyExchange.java:139:16:139:34 | SharedSecret | Source | jca/KeyExchange.java:139:16:139:34 | SharedSecret | +| jca/KeyExchange.java:159:16:159:36 | Key | Algorithm | jca/KeyExchange.java:156:61:156:68 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:159:16:159:36 | KeyGeneration | Algorithm | jca/KeyExchange.java:156:61:156:68 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:159:16:159:36 | KeyGeneration | Output | jca/KeyExchange.java:159:16:159:36 | Key | +| jca/KeyExchange.java:174:17:174:26 | Key | Source | jca/KeyExchange.java:159:16:159:36 | Key | +| jca/KeyExchange.java:175:20:175:28 | Key | Source | jca/KeyExchange.java:159:16:159:36 | Key | +| jca/KeyExchange.java:176:16:176:34 | KeyAgreementOperation | Algorithm | jca/KeyExchange.java:173:52:173:59 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:176:16:176:34 | KeyAgreementOperation | Output | jca/KeyExchange.java:176:16:176:34 | SharedSecret | +| jca/KeyExchange.java:176:16:176:34 | KeyAgreementOperation | PeerKey | jca/KeyExchange.java:175:20:175:28 | Key | +| jca/KeyExchange.java:176:16:176:34 | KeyAgreementOperation | ServerKey | jca/KeyExchange.java:174:17:174:26 | Key | +| jca/KeyExchange.java:176:16:176:34 | SharedSecret | Source | jca/KeyExchange.java:176:16:176:34 | SharedSecret | +| jca/KeyExchange.java:196:16:196:36 | Key | Algorithm | jca/KeyExchange.java:193:61:193:66 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:196:16:196:36 | KeyGeneration | Algorithm | jca/KeyExchange.java:193:61:193:66 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:196:16:196:36 | KeyGeneration | Output | jca/KeyExchange.java:196:16:196:36 | Key | +| jca/KeyExchange.java:211:17:211:26 | Key | Source | jca/KeyExchange.java:196:16:196:36 | Key | +| jca/KeyExchange.java:212:20:212:28 | Key | Source | jca/KeyExchange.java:196:16:196:36 | Key | +| jca/KeyExchange.java:213:16:213:34 | KeyAgreementOperation | Algorithm | jca/KeyExchange.java:210:52:210:57 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:213:16:213:34 | KeyAgreementOperation | Output | jca/KeyExchange.java:213:16:213:34 | SharedSecret | +| jca/KeyExchange.java:213:16:213:34 | KeyAgreementOperation | PeerKey | jca/KeyExchange.java:212:20:212:28 | Key | +| jca/KeyExchange.java:213:16:213:34 | KeyAgreementOperation | ServerKey | jca/KeyExchange.java:211:17:211:26 | Key | +| jca/KeyExchange.java:213:16:213:34 | SharedSecret | Source | jca/KeyExchange.java:213:16:213:34 | SharedSecret | +| jca/MACOperation.java:60:35:60:46 | KeyOperationAlgorithm | Mode | jca/MACOperation.java:60:35:60:46 | KeyOperationAlgorithm | +| jca/MACOperation.java:60:35:60:46 | KeyOperationAlgorithm | Padding | jca/MACOperation.java:60:35:60:46 | KeyOperationAlgorithm | +| jca/MACOperation.java:62:18:62:26 | Key | Source | jca/MACOperation.java:59:52:59:61 | Parameter | +| jca/MACOperation.java:63:16:63:46 | MACOperation | Algorithm | jca/MACOperation.java:60:35:60:46 | KeyOperationAlgorithm | +| jca/MACOperation.java:63:16:63:46 | MACOperation | HashAlgorithm | jca/MACOperation.java:63:16:63:46 | MACOperation | +| jca/MACOperation.java:63:16:63:46 | MACOperation | Input | jca/MACOperation.java:63:28:63:45 | Message | +| jca/MACOperation.java:63:16:63:46 | MACOperation | Key | jca/MACOperation.java:62:18:62:26 | Key | +| jca/MACOperation.java:63:16:63:46 | MACOperation | Message | jca/MACOperation.java:63:28:63:45 | Message | +| jca/MACOperation.java:63:16:63:46 | MACOperation | Nonce | jca/MACOperation.java:63:16:63:46 | MACOperation | +| jca/MACOperation.java:63:16:63:46 | MACOperation | Output | jca/MACOperation.java:63:16:63:46 | KeyOperationOutput | +| jca/MACOperation.java:63:28:63:45 | Message | Source | jca/MACOperation.java:59:36:59:49 | Parameter | +| jca/MACOperation.java:71:35:71:48 | KeyOperationAlgorithm | Mode | jca/MACOperation.java:71:35:71:48 | KeyOperationAlgorithm | +| jca/MACOperation.java:71:35:71:48 | KeyOperationAlgorithm | Padding | jca/MACOperation.java:71:35:71:48 | KeyOperationAlgorithm | +| jca/MACOperation.java:73:18:73:26 | Key | Source | jca/MACOperation.java:70:50:70:59 | Parameter | +| jca/MACOperation.java:74:16:74:46 | MACOperation | Algorithm | jca/MACOperation.java:71:35:71:48 | KeyOperationAlgorithm | +| jca/MACOperation.java:74:16:74:46 | MACOperation | HashAlgorithm | jca/MACOperation.java:74:16:74:46 | MACOperation | +| jca/MACOperation.java:74:16:74:46 | MACOperation | Input | jca/MACOperation.java:74:28:74:45 | Message | +| jca/MACOperation.java:74:16:74:46 | MACOperation | Key | jca/MACOperation.java:73:18:73:26 | Key | +| jca/MACOperation.java:74:16:74:46 | MACOperation | Message | jca/MACOperation.java:74:28:74:45 | Message | +| jca/MACOperation.java:74:16:74:46 | MACOperation | Nonce | jca/MACOperation.java:74:16:74:46 | MACOperation | +| jca/MACOperation.java:74:16:74:46 | MACOperation | Output | jca/MACOperation.java:74:16:74:46 | KeyOperationOutput | +| jca/MACOperation.java:74:28:74:45 | Message | Source | jca/MACOperation.java:70:34:70:47 | Parameter | +| jca/MACOperation.java:82:35:82:44 | KeyOperationAlgorithm | Mode | jca/MACOperation.java:82:35:82:44 | KeyOperationAlgorithm | +| jca/MACOperation.java:82:35:82:44 | KeyOperationAlgorithm | Padding | jca/MACOperation.java:82:35:82:44 | KeyOperationAlgorithm | +| jca/MACOperation.java:84:18:84:26 | Key | Source | jca/MACOperation.java:81:50:81:59 | Parameter | +| jca/MACOperation.java:85:16:85:46 | MACOperation | Algorithm | jca/MACOperation.java:82:35:82:44 | KeyOperationAlgorithm | +| jca/MACOperation.java:85:16:85:46 | MACOperation | HashAlgorithm | jca/MACOperation.java:85:16:85:46 | MACOperation | +| jca/MACOperation.java:85:16:85:46 | MACOperation | Input | jca/MACOperation.java:85:28:85:45 | Message | +| jca/MACOperation.java:85:16:85:46 | MACOperation | Key | jca/MACOperation.java:84:18:84:26 | Key | +| jca/MACOperation.java:85:16:85:46 | MACOperation | Message | jca/MACOperation.java:85:28:85:45 | Message | +| jca/MACOperation.java:85:16:85:46 | MACOperation | Nonce | jca/MACOperation.java:85:16:85:46 | MACOperation | +| jca/MACOperation.java:85:16:85:46 | MACOperation | Output | jca/MACOperation.java:85:16:85:46 | KeyOperationOutput | +| jca/MACOperation.java:85:28:85:45 | Message | Source | jca/MACOperation.java:81:34:81:47 | Parameter | +| jca/MACOperation.java:94:35:94:40 | KeyOperationAlgorithm | Mode | jca/MACOperation.java:94:35:94:40 | KeyOperationAlgorithm | +| jca/MACOperation.java:94:35:94:40 | KeyOperationAlgorithm | Padding | jca/MACOperation.java:94:35:94:40 | KeyOperationAlgorithm | +| jca/MACOperation.java:98:18:98:26 | Key | Source | jca/MACOperation.java:92:46:92:55 | Parameter | +| jca/MACOperation.java:99:16:99:46 | MACOperation | Algorithm | jca/MACOperation.java:94:35:94:40 | KeyOperationAlgorithm | +| jca/MACOperation.java:99:16:99:46 | MACOperation | HashAlgorithm | jca/MACOperation.java:99:16:99:46 | MACOperation | +| jca/MACOperation.java:99:16:99:46 | MACOperation | Input | jca/MACOperation.java:99:28:99:45 | Message | +| jca/MACOperation.java:99:16:99:46 | MACOperation | Key | jca/MACOperation.java:98:18:98:26 | Key | +| jca/MACOperation.java:99:16:99:46 | MACOperation | Message | jca/MACOperation.java:99:28:99:45 | Message | +| jca/MACOperation.java:99:16:99:46 | MACOperation | Nonce | jca/MACOperation.java:99:16:99:46 | MACOperation | +| jca/MACOperation.java:99:16:99:46 | MACOperation | Output | jca/MACOperation.java:99:16:99:46 | KeyOperationOutput | +| jca/MACOperation.java:99:28:99:45 | Message | Source | jca/MACOperation.java:92:30:92:43 | Parameter | +| jca/MACOperation.java:109:18:109:26 | Key | Source | jca/MACOperation.java:106:46:106:55 | Parameter | +| jca/MACOperation.java:110:16:110:46 | MACOperation | Algorithm | jca/MACOperation.java:107:35:107:43 | Constant | +| jca/MACOperation.java:110:16:110:46 | MACOperation | HashAlgorithm | jca/MACOperation.java:110:16:110:46 | MACOperation | +| jca/MACOperation.java:110:16:110:46 | MACOperation | Input | jca/MACOperation.java:110:28:110:45 | Message | +| jca/MACOperation.java:110:16:110:46 | MACOperation | Key | jca/MACOperation.java:109:18:109:26 | Key | +| jca/MACOperation.java:110:16:110:46 | MACOperation | Message | jca/MACOperation.java:110:28:110:45 | Message | +| jca/MACOperation.java:110:16:110:46 | MACOperation | Nonce | jca/MACOperation.java:110:16:110:46 | MACOperation | +| jca/MACOperation.java:110:16:110:46 | MACOperation | Output | jca/MACOperation.java:110:16:110:46 | KeyOperationOutput | +| jca/MACOperation.java:110:28:110:45 | Message | Source | jca/MACOperation.java:106:30:106:43 | Parameter | +| jca/MACOperation.java:118:35:118:44 | KeyOperationAlgorithm | Mode | jca/MACOperation.java:118:35:118:44 | KeyOperationAlgorithm | +| jca/MACOperation.java:118:35:118:44 | KeyOperationAlgorithm | Padding | jca/MACOperation.java:118:35:118:44 | KeyOperationAlgorithm | +| jca/MACOperation.java:120:18:120:26 | Key | Source | jca/MACOperation.java:117:52:117:61 | Parameter | +| jca/MACOperation.java:121:16:121:46 | MACOperation | Algorithm | jca/MACOperation.java:118:35:118:44 | KeyOperationAlgorithm | +| jca/MACOperation.java:121:16:121:46 | MACOperation | HashAlgorithm | jca/MACOperation.java:121:16:121:46 | MACOperation | +| jca/MACOperation.java:121:16:121:46 | MACOperation | Input | jca/MACOperation.java:121:28:121:45 | Message | +| jca/MACOperation.java:121:16:121:46 | MACOperation | Key | jca/MACOperation.java:120:18:120:26 | Key | +| jca/MACOperation.java:121:16:121:46 | MACOperation | Message | jca/MACOperation.java:121:28:121:45 | Message | +| jca/MACOperation.java:121:16:121:46 | MACOperation | Nonce | jca/MACOperation.java:121:16:121:46 | MACOperation | +| jca/MACOperation.java:121:16:121:46 | MACOperation | Output | jca/MACOperation.java:121:16:121:46 | KeyOperationOutput | +| jca/MACOperation.java:121:28:121:45 | Message | Source | jca/MACOperation.java:117:36:117:49 | Parameter | +| jca/MACOperation.java:136:44:136:62 | KeyOperationAlgorithm | Mode | jca/MACOperation.java:136:44:136:62 | ModeOfOperation | +| jca/MACOperation.java:136:44:136:62 | KeyOperationAlgorithm | Padding | jca/MACOperation.java:136:44:136:62 | PaddingAlgorithm | +| jca/MACOperation.java:137:42:137:44 | Key | Source | jca/MACOperation.java:133:34:133:49 | Parameter | +| jca/MACOperation.java:138:32:138:74 | EncryptOperation | Algorithm | jca/MACOperation.java:136:44:136:62 | KeyOperationAlgorithm | +| jca/MACOperation.java:138:32:138:74 | EncryptOperation | Input | jca/MACOperation.java:138:47:138:73 | Message | +| jca/MACOperation.java:138:32:138:74 | EncryptOperation | Key | jca/MACOperation.java:137:42:137:44 | Key | +| jca/MACOperation.java:138:32:138:74 | EncryptOperation | Nonce | jca/MACOperation.java:138:32:138:74 | EncryptOperation | +| jca/MACOperation.java:138:32:138:74 | EncryptOperation | Output | jca/MACOperation.java:138:32:138:74 | KeyOperationOutput | +| jca/MACOperation.java:138:47:138:73 | Message | Source | jca/MACOperation.java:138:47:138:62 | Constant | +| jca/MACOperation.java:170:42:170:68 | Message | Source | jca/MACOperation.java:166:47:166:62 | Parameter | +| jca/MACOperation.java:170:71:170:74 | Salt | Source | jca/MACOperation.java:246:9:246:42 | RandomNumberGeneration | +| jca/MACOperation.java:170:71:170:74 | Salt | Source | jca/MACOperation.java:246:38:246:41 | RandomNumberGeneration | +| jca/MACOperation.java:171:65:171:86 | HMACAlgorithm | H | jca/MACOperation.java:171:65:171:86 | HashAlgorithm | +| jca/MACOperation.java:171:65:171:86 | KeyDerivationAlgorithm | PRF | jca/MACOperation.java:171:65:171:86 | HMACAlgorithm | +| jca/MACOperation.java:172:30:172:57 | KeyDerivation | Algorithm | jca/MACOperation.java:171:65:171:86 | KeyDerivationAlgorithm | +| jca/MACOperation.java:172:30:172:57 | KeyDerivation | Input | jca/MACOperation.java:170:42:170:68 | Message | +| jca/MACOperation.java:172:30:172:57 | KeyDerivation | Output | jca/MACOperation.java:172:30:172:57 | Key | +| jca/MACOperation.java:172:30:172:57 | KeyDerivation | Salt | jca/MACOperation.java:170:71:170:74 | Salt | +| jca/MACOperation.java:180:44:180:62 | KeyOperationAlgorithm | Mode | jca/MACOperation.java:180:44:180:62 | ModeOfOperation | +| jca/MACOperation.java:180:44:180:62 | KeyOperationAlgorithm | Padding | jca/MACOperation.java:180:44:180:62 | PaddingAlgorithm | +| jca/MACOperation.java:181:42:181:54 | Key | Source | jca/MACOperation.java:181:42:181:54 | Key | +| jca/MACOperation.java:182:29:182:78 | EncryptOperation | Algorithm | jca/MACOperation.java:180:44:180:62 | KeyOperationAlgorithm | +| jca/MACOperation.java:182:29:182:78 | EncryptOperation | Input | jca/MACOperation.java:182:44:182:77 | Message | +| jca/MACOperation.java:182:29:182:78 | EncryptOperation | Key | jca/MACOperation.java:181:42:181:54 | Key | +| jca/MACOperation.java:182:29:182:78 | EncryptOperation | Nonce | jca/MACOperation.java:182:29:182:78 | EncryptOperation | +| jca/MACOperation.java:182:29:182:78 | EncryptOperation | Output | jca/MACOperation.java:182:29:182:78 | KeyOperationOutput | +| jca/MACOperation.java:182:44:182:77 | Message | Source | jca/MACOperation.java:182:44:182:66 | Constant | +| jca/MACOperation.java:185:35:185:46 | KeyOperationAlgorithm | Mode | jca/MACOperation.java:185:35:185:46 | KeyOperationAlgorithm | +| jca/MACOperation.java:185:35:185:46 | KeyOperationAlgorithm | Padding | jca/MACOperation.java:185:35:185:46 | KeyOperationAlgorithm | +| jca/MACOperation.java:186:18:186:30 | Key | Source | jca/MACOperation.java:186:18:186:30 | Key | +| jca/MACOperation.java:187:30:187:52 | MACOperation | Algorithm | jca/MACOperation.java:185:35:185:46 | KeyOperationAlgorithm | +| jca/MACOperation.java:187:30:187:52 | MACOperation | HashAlgorithm | jca/MACOperation.java:187:30:187:52 | MACOperation | +| jca/MACOperation.java:187:30:187:52 | MACOperation | Input | jca/MACOperation.java:187:42:187:51 | Message | +| jca/MACOperation.java:187:30:187:52 | MACOperation | Key | jca/MACOperation.java:186:18:186:30 | Key | +| jca/MACOperation.java:187:30:187:52 | MACOperation | Message | jca/MACOperation.java:187:42:187:51 | Message | +| jca/MACOperation.java:187:30:187:52 | MACOperation | Nonce | jca/MACOperation.java:187:30:187:52 | MACOperation | +| jca/MACOperation.java:187:30:187:52 | MACOperation | Output | jca/MACOperation.java:187:30:187:52 | KeyOperationOutput | +| jca/MACOperation.java:187:42:187:51 | Message | Source | jca/MACOperation.java:182:29:182:78 | KeyOperationOutput | +| jca/MACOperation.java:216:44:216:62 | KeyOperationAlgorithm | Mode | jca/MACOperation.java:216:44:216:62 | ModeOfOperation | +| jca/MACOperation.java:216:44:216:62 | KeyOperationAlgorithm | Padding | jca/MACOperation.java:216:44:216:62 | PaddingAlgorithm | +| jca/MACOperation.java:218:42:218:44 | Key | Source | jca/MACOperation.java:234:16:234:35 | Key | +| jca/MACOperation.java:219:32:219:51 | EncryptOperation | Algorithm | jca/MACOperation.java:216:44:216:62 | KeyOperationAlgorithm | +| jca/MACOperation.java:219:32:219:51 | EncryptOperation | Input | jca/MACOperation.java:219:47:219:50 | Message | +| jca/MACOperation.java:219:32:219:51 | EncryptOperation | Key | jca/MACOperation.java:218:42:218:44 | Key | +| jca/MACOperation.java:219:32:219:51 | EncryptOperation | Nonce | jca/MACOperation.java:219:32:219:51 | EncryptOperation | +| jca/MACOperation.java:219:32:219:51 | EncryptOperation | Output | jca/MACOperation.java:219:32:219:51 | KeyOperationOutput | +| jca/MACOperation.java:219:47:219:50 | Message | Source | jca/MACOperation.java:150:36:150:51 | Parameter | +| jca/MACOperation.java:234:16:234:35 | KeyGeneration | Algorithm | jca/MACOperation.java:232:56:232:60 | KeyOperationAlgorithm | +| jca/MACOperation.java:234:16:234:35 | KeyGeneration | Output | jca/MACOperation.java:234:16:234:35 | Key | +| jca/Nonce.java:24:35:24:46 | KeyOperationAlgorithm | Mode | jca/Nonce.java:24:35:24:46 | KeyOperationAlgorithm | +| jca/Nonce.java:24:35:24:46 | KeyOperationAlgorithm | Padding | jca/Nonce.java:24:35:24:46 | KeyOperationAlgorithm | +| jca/Nonce.java:25:18:25:20 | Key | Source | jca/Nonce.java:93:16:93:35 | Key | +| jca/Nonce.java:27:28:27:69 | MACOperation | Algorithm | jca/Nonce.java:24:35:24:46 | KeyOperationAlgorithm | +| jca/Nonce.java:27:28:27:69 | MACOperation | HashAlgorithm | jca/Nonce.java:27:28:27:69 | MACOperation | +| jca/Nonce.java:27:28:27:69 | MACOperation | Input | jca/Nonce.java:27:40:27:68 | Message | +| jca/Nonce.java:27:28:27:69 | MACOperation | Key | jca/Nonce.java:25:18:25:20 | Key | +| jca/Nonce.java:27:28:27:69 | MACOperation | Message | jca/Nonce.java:27:40:27:68 | Message | +| jca/Nonce.java:27:28:27:69 | MACOperation | Nonce | jca/Nonce.java:27:28:27:69 | MACOperation | +| jca/Nonce.java:27:28:27:69 | MACOperation | Output | jca/Nonce.java:27:28:27:69 | KeyOperationOutput | +| jca/Nonce.java:27:40:27:68 | Message | Source | jca/Nonce.java:27:40:27:57 | Constant | +| jca/Nonce.java:37:35:37:46 | KeyOperationAlgorithm | Mode | jca/Nonce.java:37:35:37:46 | KeyOperationAlgorithm | +| jca/Nonce.java:37:35:37:46 | KeyOperationAlgorithm | Padding | jca/Nonce.java:37:35:37:46 | KeyOperationAlgorithm | +| jca/Nonce.java:38:18:38:20 | Key | Source | jca/Nonce.java:93:16:93:35 | Key | +| jca/Nonce.java:40:28:40:67 | MACOperation | Algorithm | jca/Nonce.java:37:35:37:46 | KeyOperationAlgorithm | +| jca/Nonce.java:40:28:40:67 | MACOperation | HashAlgorithm | jca/Nonce.java:40:28:40:67 | MACOperation | +| jca/Nonce.java:40:28:40:67 | MACOperation | Input | jca/Nonce.java:40:40:40:66 | Message | +| jca/Nonce.java:40:28:40:67 | MACOperation | Key | jca/Nonce.java:38:18:38:20 | Key | +| jca/Nonce.java:40:28:40:67 | MACOperation | Message | jca/Nonce.java:40:40:40:66 | Message | +| jca/Nonce.java:40:28:40:67 | MACOperation | Nonce | jca/Nonce.java:40:28:40:67 | MACOperation | +| jca/Nonce.java:40:28:40:67 | MACOperation | Output | jca/Nonce.java:40:28:40:67 | KeyOperationOutput | +| jca/Nonce.java:40:40:40:66 | Message | Source | jca/Nonce.java:40:40:40:55 | Constant | +| jca/Nonce.java:50:44:50:62 | KeyOperationAlgorithm | Mode | jca/Nonce.java:50:44:50:62 | ModeOfOperation | +| jca/Nonce.java:50:44:50:62 | KeyOperationAlgorithm | Padding | jca/Nonce.java:50:44:50:62 | PaddingAlgorithm | +| jca/Nonce.java:51:42:51:44 | Key | Source | jca/Nonce.java:47:39:47:51 | Parameter | +| jca/Nonce.java:51:47:51:53 | Nonce | Source | jca/Nonce.java:112:16:112:33 | Constant | +| jca/Nonce.java:52:29:52:53 | EncryptOperation | Algorithm | jca/Nonce.java:50:44:50:62 | KeyOperationAlgorithm | +| jca/Nonce.java:52:29:52:53 | EncryptOperation | Input | jca/Nonce.java:52:44:52:52 | Message | +| jca/Nonce.java:52:29:52:53 | EncryptOperation | Key | jca/Nonce.java:51:42:51:44 | Key | +| jca/Nonce.java:52:29:52:53 | EncryptOperation | Nonce | jca/Nonce.java:51:47:51:53 | Nonce | +| jca/Nonce.java:52:29:52:53 | EncryptOperation | Output | jca/Nonce.java:52:29:52:53 | KeyOperationOutput | +| jca/Nonce.java:52:44:52:52 | Message | Source | jca/Nonce.java:47:54:47:69 | Parameter | +| jca/Nonce.java:61:44:61:62 | KeyOperationAlgorithm | Mode | jca/Nonce.java:61:44:61:62 | ModeOfOperation | +| jca/Nonce.java:61:44:61:62 | KeyOperationAlgorithm | Padding | jca/Nonce.java:61:44:61:62 | PaddingAlgorithm | +| jca/Nonce.java:62:42:62:44 | Key | Source | jca/Nonce.java:58:37:58:49 | Parameter | +| jca/Nonce.java:62:47:62:53 | Nonce | Source | jca/Nonce.java:98:9:98:43 | RandomNumberGeneration | +| jca/Nonce.java:62:47:62:53 | Nonce | Source | jca/Nonce.java:98:38:98:42 | RandomNumberGeneration | +| jca/Nonce.java:63:29:63:53 | EncryptOperation | Algorithm | jca/Nonce.java:61:44:61:62 | KeyOperationAlgorithm | +| jca/Nonce.java:63:29:63:53 | EncryptOperation | Input | jca/Nonce.java:63:44:63:52 | Message | +| jca/Nonce.java:63:29:63:53 | EncryptOperation | Key | jca/Nonce.java:62:42:62:44 | Key | +| jca/Nonce.java:63:29:63:53 | EncryptOperation | Nonce | jca/Nonce.java:62:47:62:53 | Nonce | +| jca/Nonce.java:63:29:63:53 | EncryptOperation | Output | jca/Nonce.java:63:29:63:53 | KeyOperationOutput | +| jca/Nonce.java:63:44:63:52 | Message | Source | jca/Nonce.java:58:52:58:67 | Parameter | +| jca/Nonce.java:70:53:70:64 | KeyOperationAlgorithm | Mode | jca/Nonce.java:70:53:70:64 | KeyOperationAlgorithm | +| jca/Nonce.java:70:53:70:64 | KeyOperationAlgorithm | Padding | jca/Nonce.java:70:53:70:64 | KeyOperationAlgorithm | +| jca/Nonce.java:78:18:78:20 | Key | Source | jca/Nonce.java:93:16:93:35 | Key | +| jca/Nonce.java:80:28:80:67 | MACOperation | Algorithm | jca/Nonce.java:70:53:70:64 | KeyOperationAlgorithm | +| jca/Nonce.java:80:28:80:67 | MACOperation | HashAlgorithm | jca/Nonce.java:80:28:80:67 | MACOperation | +| jca/Nonce.java:80:28:80:67 | MACOperation | Input | jca/Nonce.java:80:40:80:66 | Message | +| jca/Nonce.java:80:28:80:67 | MACOperation | Key | jca/Nonce.java:78:18:78:20 | Key | +| jca/Nonce.java:80:28:80:67 | MACOperation | Message | jca/Nonce.java:80:40:80:66 | Message | +| jca/Nonce.java:80:28:80:67 | MACOperation | Nonce | jca/Nonce.java:80:28:80:67 | MACOperation | +| jca/Nonce.java:80:28:80:67 | MACOperation | Output | jca/Nonce.java:80:28:80:67 | KeyOperationOutput | +| jca/Nonce.java:80:40:80:66 | Message | Source | jca/Nonce.java:80:40:80:55 | Constant | +| jca/Nonce.java:93:16:93:35 | KeyGeneration | Algorithm | jca/Nonce.java:92:56:92:67 | Constant | +| jca/Nonce.java:93:16:93:35 | KeyGeneration | Output | jca/Nonce.java:93:16:93:35 | Key | +| jca/PrngTest.java:154:16:154:35 | KeyGeneration | Algorithm | jca/PrngTest.java:152:56:152:60 | KeyOperationAlgorithm | +| jca/PrngTest.java:154:16:154:35 | KeyGeneration | Output | jca/PrngTest.java:154:16:154:35 | Key | +| jca/SignEncryptCombinations.java:53:16:53:38 | Key | Algorithm | jca/SignEncryptCombinations.java:52:49:52:59 | EllipticCurve | +| jca/SignEncryptCombinations.java:53:16:53:38 | KeyGeneration | Algorithm | jca/SignEncryptCombinations.java:52:49:52:59 | EllipticCurve | +| jca/SignEncryptCombinations.java:53:16:53:38 | KeyGeneration | Output | jca/SignEncryptCombinations.java:53:16:53:38 | Key | +| jca/SignEncryptCombinations.java:61:53:61:69 | KeyOperationAlgorithm | Mode | jca/SignEncryptCombinations.java:61:53:61:69 | KeyOperationAlgorithm | +| jca/SignEncryptCombinations.java:61:53:61:69 | KeyOperationAlgorithm | Padding | jca/SignEncryptCombinations.java:61:53:61:69 | KeyOperationAlgorithm | +| jca/SignEncryptCombinations.java:62:28:62:34 | Key | Source | jca/SignEncryptCombinations.java:53:16:53:38 | Key | +| jca/SignEncryptCombinations.java:63:26:63:29 | Message | Source | jca/SignEncryptCombinations.java:335:26:335:47 | Constant | +| jca/SignEncryptCombinations.java:64:16:64:31 | SignOperation | Algorithm | jca/SignEncryptCombinations.java:61:53:61:69 | KeyOperationAlgorithm | +| jca/SignEncryptCombinations.java:64:16:64:31 | SignOperation | HashAlgorithm | jca/SignEncryptCombinations.java:61:53:61:69 | HashAlgorithm | +| jca/SignEncryptCombinations.java:64:16:64:31 | SignOperation | Input | jca/SignEncryptCombinations.java:63:26:63:29 | Message | +| jca/SignEncryptCombinations.java:64:16:64:31 | SignOperation | Key | jca/SignEncryptCombinations.java:62:28:62:34 | Key | +| jca/SignEncryptCombinations.java:64:16:64:31 | SignOperation | Output | jca/SignEncryptCombinations.java:64:16:64:31 | SignatureOutput | +| jca/SignEncryptCombinations.java:68:53:68:69 | KeyOperationAlgorithm | Mode | jca/SignEncryptCombinations.java:68:53:68:69 | KeyOperationAlgorithm | +| jca/SignEncryptCombinations.java:68:53:68:69 | KeyOperationAlgorithm | Padding | jca/SignEncryptCombinations.java:68:53:68:69 | KeyOperationAlgorithm | +| jca/SignEncryptCombinations.java:69:30:69:35 | Key | Source | jca/SignEncryptCombinations.java:53:16:53:38 | Key | +| jca/SignEncryptCombinations.java:70:26:70:29 | Message | Source | jca/SignEncryptCombinations.java:335:26:335:47 | Constant | +| jca/SignEncryptCombinations.java:71:16:71:47 | VerifyOperation | Algorithm | jca/SignEncryptCombinations.java:68:53:68:69 | KeyOperationAlgorithm | +| jca/SignEncryptCombinations.java:71:16:71:47 | VerifyOperation | HashAlgorithm | jca/SignEncryptCombinations.java:68:53:68:69 | HashAlgorithm | +| jca/SignEncryptCombinations.java:71:16:71:47 | VerifyOperation | Input | jca/SignEncryptCombinations.java:70:26:70:29 | Message | +| jca/SignEncryptCombinations.java:71:16:71:47 | VerifyOperation | Key | jca/SignEncryptCombinations.java:69:30:69:35 | Key | +| jca/SignEncryptCombinations.java:71:16:71:47 | VerifyOperation | Signature | jca/SignEncryptCombinations.java:71:33:71:46 | SignatureInput | +| jca/SignEncryptCombinations.java:71:33:71:46 | SignatureInput | Source | jca/SignEncryptCombinations.java:113:16:113:41 | KeyOperationOutput | +| jca/SignEncryptCombinations.java:84:16:84:31 | KeyGeneration | Algorithm | jca/SignEncryptCombinations.java:82:52:82:56 | KeyOperationAlgorithm | +| jca/SignEncryptCombinations.java:84:16:84:31 | KeyGeneration | Output | jca/SignEncryptCombinations.java:84:16:84:31 | Key | +| jca/SignEncryptCombinations.java:92:44:92:62 | KeyOperationAlgorithm | Mode | jca/SignEncryptCombinations.java:92:44:92:62 | ModeOfOperation | +| jca/SignEncryptCombinations.java:92:44:92:62 | KeyOperationAlgorithm | Padding | jca/SignEncryptCombinations.java:92:44:92:62 | PaddingAlgorithm | +| jca/SignEncryptCombinations.java:96:42:96:44 | Key | Source | jca/SignEncryptCombinations.java:84:16:84:31 | Key | +| jca/SignEncryptCombinations.java:96:47:96:50 | Nonce | Source | jca/SignEncryptCombinations.java:94:9:94:28 | RandomNumberGeneration | +| jca/SignEncryptCombinations.java:96:47:96:50 | Nonce | Source | jca/SignEncryptCombinations.java:94:26:94:27 | RandomNumberGeneration | +| jca/SignEncryptCombinations.java:97:29:97:53 | EncryptOperation | Algorithm | jca/SignEncryptCombinations.java:92:44:92:62 | KeyOperationAlgorithm | +| jca/SignEncryptCombinations.java:97:29:97:53 | EncryptOperation | Input | jca/SignEncryptCombinations.java:97:44:97:52 | Message | +| jca/SignEncryptCombinations.java:97:29:97:53 | EncryptOperation | Key | jca/SignEncryptCombinations.java:96:42:96:44 | Key | +| jca/SignEncryptCombinations.java:97:29:97:53 | EncryptOperation | Nonce | jca/SignEncryptCombinations.java:96:47:96:50 | Nonce | +| jca/SignEncryptCombinations.java:97:29:97:53 | EncryptOperation | Output | jca/SignEncryptCombinations.java:97:29:97:53 | KeyOperationOutput | +| jca/SignEncryptCombinations.java:97:44:97:52 | Message | Source | jca/SignEncryptCombinations.java:64:16:64:31 | SignatureOutput | +| jca/SignEncryptCombinations.java:97:44:97:52 | Message | Source | jca/SignEncryptCombinations.java:335:26:335:47 | Constant | +| jca/SignEncryptCombinations.java:111:44:111:62 | KeyOperationAlgorithm | Mode | jca/SignEncryptCombinations.java:111:44:111:62 | ModeOfOperation | +| jca/SignEncryptCombinations.java:111:44:111:62 | KeyOperationAlgorithm | Padding | jca/SignEncryptCombinations.java:111:44:111:62 | PaddingAlgorithm | +| jca/SignEncryptCombinations.java:112:42:112:44 | Key | Source | jca/SignEncryptCombinations.java:84:16:84:31 | Key | +| jca/SignEncryptCombinations.java:112:47:112:75 | Nonce | Source | jca/SignEncryptCombinations.java:112:47:112:75 | Nonce | +| jca/SignEncryptCombinations.java:113:16:113:41 | DecryptOperation | Algorithm | jca/SignEncryptCombinations.java:111:44:111:62 | KeyOperationAlgorithm | +| jca/SignEncryptCombinations.java:113:16:113:41 | DecryptOperation | Input | jca/SignEncryptCombinations.java:113:31:113:40 | Message | +| jca/SignEncryptCombinations.java:113:16:113:41 | DecryptOperation | Key | jca/SignEncryptCombinations.java:112:42:112:44 | Key | +| jca/SignEncryptCombinations.java:113:16:113:41 | DecryptOperation | Nonce | jca/SignEncryptCombinations.java:112:47:112:75 | Nonce | +| jca/SignEncryptCombinations.java:113:16:113:41 | DecryptOperation | Output | jca/SignEncryptCombinations.java:113:16:113:41 | KeyOperationOutput | +| jca/SignEncryptCombinations.java:113:31:113:40 | Message | Source | jca/SignEncryptCombinations.java:113:31:113:40 | Message | +| jca/SignEncryptCombinations.java:121:35:121:46 | KeyOperationAlgorithm | Mode | jca/SignEncryptCombinations.java:121:35:121:46 | KeyOperationAlgorithm | +| jca/SignEncryptCombinations.java:121:35:121:46 | KeyOperationAlgorithm | Padding | jca/SignEncryptCombinations.java:121:35:121:46 | KeyOperationAlgorithm | +| jca/SignEncryptCombinations.java:122:18:122:20 | Key | Source | jca/SignEncryptCombinations.java:84:16:84:31 | Key | +| jca/SignEncryptCombinations.java:123:16:123:32 | MACOperation | Algorithm | jca/SignEncryptCombinations.java:121:35:121:46 | KeyOperationAlgorithm | +| jca/SignEncryptCombinations.java:123:16:123:32 | MACOperation | HashAlgorithm | jca/SignEncryptCombinations.java:123:16:123:32 | MACOperation | +| jca/SignEncryptCombinations.java:123:16:123:32 | MACOperation | Input | jca/SignEncryptCombinations.java:123:28:123:31 | Message | +| jca/SignEncryptCombinations.java:123:16:123:32 | MACOperation | Key | jca/SignEncryptCombinations.java:122:18:122:20 | Key | +| jca/SignEncryptCombinations.java:123:16:123:32 | MACOperation | Message | jca/SignEncryptCombinations.java:123:28:123:31 | Message | +| jca/SignEncryptCombinations.java:123:16:123:32 | MACOperation | Nonce | jca/SignEncryptCombinations.java:123:16:123:32 | MACOperation | +| jca/SignEncryptCombinations.java:123:16:123:32 | MACOperation | Output | jca/SignEncryptCombinations.java:123:16:123:32 | KeyOperationOutput | +| jca/SignEncryptCombinations.java:123:28:123:31 | Message | Source | jca/SignEncryptCombinations.java:335:26:335:47 | Constant | +| jca/SignatureOperation.java:54:16:54:36 | Key | Algorithm | jca/SignatureOperation.java:52:61:52:65 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:54:16:54:36 | KeyGeneration | Algorithm | jca/SignatureOperation.java:52:61:52:65 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:54:16:54:36 | KeyGeneration | Output | jca/SignatureOperation.java:54:16:54:36 | Key | +| jca/SignatureOperation.java:63:53:63:74 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:63:53:63:74 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:63:53:63:74 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:63:53:63:74 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:64:28:64:37 | Key | Source | jca/SignatureOperation.java:54:16:54:36 | Key | +| jca/SignatureOperation.java:65:26:65:29 | Message | Source | jca/SignatureOperation.java:311:26:311:49 | Constant | +| jca/SignatureOperation.java:66:16:66:31 | SignOperation | Algorithm | jca/SignatureOperation.java:63:53:63:74 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:66:16:66:31 | SignOperation | HashAlgorithm | jca/SignatureOperation.java:63:53:63:74 | HashAlgorithm | +| jca/SignatureOperation.java:66:16:66:31 | SignOperation | Input | jca/SignatureOperation.java:65:26:65:29 | Message | +| jca/SignatureOperation.java:66:16:66:31 | SignOperation | Key | jca/SignatureOperation.java:64:28:64:37 | Key | +| jca/SignatureOperation.java:66:16:66:31 | SignOperation | Output | jca/SignatureOperation.java:66:16:66:31 | SignatureOutput | +| jca/SignatureOperation.java:75:53:75:74 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:75:53:75:74 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:75:53:75:74 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:75:53:75:74 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:76:30:76:38 | Key | Source | jca/SignatureOperation.java:54:16:54:36 | Key | +| jca/SignatureOperation.java:77:26:77:29 | Message | Source | jca/SignatureOperation.java:311:26:311:49 | Constant | +| jca/SignatureOperation.java:78:16:78:41 | VerifyOperation | Algorithm | jca/SignatureOperation.java:75:53:75:74 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:78:16:78:41 | VerifyOperation | HashAlgorithm | jca/SignatureOperation.java:75:53:75:74 | HashAlgorithm | +| jca/SignatureOperation.java:78:16:78:41 | VerifyOperation | Input | jca/SignatureOperation.java:77:26:77:29 | Message | +| jca/SignatureOperation.java:78:16:78:41 | VerifyOperation | Key | jca/SignatureOperation.java:76:30:76:38 | Key | +| jca/SignatureOperation.java:78:16:78:41 | VerifyOperation | Signature | jca/SignatureOperation.java:78:33:78:40 | SignatureInput | +| jca/SignatureOperation.java:78:33:78:40 | SignatureInput | Source | jca/SignatureOperation.java:66:16:66:31 | SignatureOutput | +| jca/SignatureOperation.java:94:16:94:38 | Key | Algorithm | jca/SignatureOperation.java:93:49:93:59 | EllipticCurve | +| jca/SignatureOperation.java:94:16:94:38 | KeyGeneration | Algorithm | jca/SignatureOperation.java:93:49:93:59 | EllipticCurve | +| jca/SignatureOperation.java:94:16:94:38 | KeyGeneration | Output | jca/SignatureOperation.java:94:16:94:38 | Key | +| jca/SignatureOperation.java:103:53:103:69 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:103:53:103:69 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:103:53:103:69 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:103:53:103:69 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:104:28:104:37 | Key | Source | jca/SignatureOperation.java:94:16:94:38 | Key | +| jca/SignatureOperation.java:105:26:105:29 | Message | Source | jca/SignatureOperation.java:231:26:231:44 | Constant | +| jca/SignatureOperation.java:105:26:105:29 | Message | Source | jca/SignatureOperation.java:311:26:311:49 | Constant | +| jca/SignatureOperation.java:106:16:106:31 | SignOperation | Algorithm | jca/SignatureOperation.java:103:53:103:69 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:106:16:106:31 | SignOperation | HashAlgorithm | jca/SignatureOperation.java:103:53:103:69 | HashAlgorithm | +| jca/SignatureOperation.java:106:16:106:31 | SignOperation | Input | jca/SignatureOperation.java:105:26:105:29 | Message | +| jca/SignatureOperation.java:106:16:106:31 | SignOperation | Key | jca/SignatureOperation.java:104:28:104:37 | Key | +| jca/SignatureOperation.java:106:16:106:31 | SignOperation | Output | jca/SignatureOperation.java:106:16:106:31 | SignatureOutput | +| jca/SignatureOperation.java:115:53:115:69 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:115:53:115:69 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:115:53:115:69 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:115:53:115:69 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:116:30:116:38 | Key | Source | jca/SignatureOperation.java:94:16:94:38 | Key | +| jca/SignatureOperation.java:117:26:117:29 | Message | Source | jca/SignatureOperation.java:231:26:231:44 | Constant | +| jca/SignatureOperation.java:117:26:117:29 | Message | Source | jca/SignatureOperation.java:311:26:311:49 | Constant | +| jca/SignatureOperation.java:118:16:118:41 | VerifyOperation | Algorithm | jca/SignatureOperation.java:115:53:115:69 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:118:16:118:41 | VerifyOperation | HashAlgorithm | jca/SignatureOperation.java:115:53:115:69 | HashAlgorithm | +| jca/SignatureOperation.java:118:16:118:41 | VerifyOperation | Input | jca/SignatureOperation.java:117:26:117:29 | Message | +| jca/SignatureOperation.java:118:16:118:41 | VerifyOperation | Key | jca/SignatureOperation.java:116:30:116:38 | Key | +| jca/SignatureOperation.java:118:16:118:41 | VerifyOperation | Signature | jca/SignatureOperation.java:118:33:118:40 | SignatureInput | +| jca/SignatureOperation.java:118:33:118:40 | SignatureInput | Source | jca/SignatureOperation.java:106:16:106:31 | SignatureOutput | +| jca/SignatureOperation.java:118:33:118:40 | SignatureInput | Source | jca/SignatureOperation.java:236:27:236:30 | Constant | +| jca/SignatureOperation.java:133:16:133:36 | Key | Algorithm | jca/SignatureOperation.java:132:61:132:69 | Constant | +| jca/SignatureOperation.java:133:16:133:36 | KeyGeneration | Algorithm | jca/SignatureOperation.java:132:61:132:69 | Constant | +| jca/SignatureOperation.java:133:16:133:36 | KeyGeneration | Output | jca/SignatureOperation.java:133:16:133:36 | Key | +| jca/SignatureOperation.java:142:53:142:61 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:142:53:142:61 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:142:53:142:61 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:142:53:142:61 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:143:28:143:37 | Key | Source | jca/SignatureOperation.java:133:16:133:36 | Key | +| jca/SignatureOperation.java:144:26:144:29 | Message | Source | jca/SignatureOperation.java:311:26:311:49 | Constant | +| jca/SignatureOperation.java:145:16:145:31 | SignOperation | Algorithm | jca/SignatureOperation.java:142:53:142:61 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:145:16:145:31 | SignOperation | HashAlgorithm | jca/SignatureOperation.java:145:16:145:31 | SignOperation | +| jca/SignatureOperation.java:145:16:145:31 | SignOperation | Input | jca/SignatureOperation.java:144:26:144:29 | Message | +| jca/SignatureOperation.java:145:16:145:31 | SignOperation | Key | jca/SignatureOperation.java:143:28:143:37 | Key | +| jca/SignatureOperation.java:145:16:145:31 | SignOperation | Output | jca/SignatureOperation.java:145:16:145:31 | SignatureOutput | +| jca/SignatureOperation.java:154:53:154:61 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:154:53:154:61 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:154:53:154:61 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:154:53:154:61 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:155:30:155:38 | Key | Source | jca/SignatureOperation.java:133:16:133:36 | Key | +| jca/SignatureOperation.java:156:26:156:29 | Message | Source | jca/SignatureOperation.java:311:26:311:49 | Constant | +| jca/SignatureOperation.java:157:16:157:41 | VerifyOperation | Algorithm | jca/SignatureOperation.java:154:53:154:61 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:157:16:157:41 | VerifyOperation | HashAlgorithm | jca/SignatureOperation.java:157:16:157:41 | VerifyOperation | +| jca/SignatureOperation.java:157:16:157:41 | VerifyOperation | Input | jca/SignatureOperation.java:156:26:156:29 | Message | +| jca/SignatureOperation.java:157:16:157:41 | VerifyOperation | Key | jca/SignatureOperation.java:155:30:155:38 | Key | +| jca/SignatureOperation.java:157:16:157:41 | VerifyOperation | Signature | jca/SignatureOperation.java:157:33:157:40 | SignatureInput | +| jca/SignatureOperation.java:157:33:157:40 | SignatureInput | Source | jca/SignatureOperation.java:145:16:145:31 | SignatureOutput | +| jca/SignatureOperation.java:175:16:175:36 | Key | Algorithm | jca/SignatureOperation.java:173:61:173:65 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:175:16:175:36 | KeyGeneration | Algorithm | jca/SignatureOperation.java:173:61:173:65 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:175:16:175:36 | KeyGeneration | Output | jca/SignatureOperation.java:175:16:175:36 | Key | +| jca/SignatureOperation.java:185:53:185:65 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:185:53:185:65 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:185:53:185:65 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:185:53:185:65 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:186:28:186:37 | Key | Source | jca/SignatureOperation.java:175:16:175:36 | Key | +| jca/SignatureOperation.java:187:26:187:29 | Message | Source | jca/SignatureOperation.java:311:26:311:49 | Constant | +| jca/SignatureOperation.java:188:16:188:31 | SignOperation | Algorithm | jca/SignatureOperation.java:185:53:185:65 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:188:16:188:31 | SignOperation | HashAlgorithm | jca/SignatureOperation.java:185:53:185:65 | HashAlgorithm | +| jca/SignatureOperation.java:188:16:188:31 | SignOperation | Input | jca/SignatureOperation.java:187:26:187:29 | Message | +| jca/SignatureOperation.java:188:16:188:31 | SignOperation | Key | jca/SignatureOperation.java:186:28:186:37 | Key | +| jca/SignatureOperation.java:188:16:188:31 | SignOperation | Output | jca/SignatureOperation.java:188:16:188:31 | SignatureOutput | +| jca/SignatureOperation.java:198:53:198:65 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:198:53:198:65 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:198:53:198:65 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:198:53:198:65 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:199:30:199:38 | Key | Source | jca/SignatureOperation.java:175:16:175:36 | Key | +| jca/SignatureOperation.java:200:26:200:29 | Message | Source | jca/SignatureOperation.java:311:26:311:49 | Constant | +| jca/SignatureOperation.java:201:16:201:41 | VerifyOperation | Algorithm | jca/SignatureOperation.java:198:53:198:65 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:201:16:201:41 | VerifyOperation | HashAlgorithm | jca/SignatureOperation.java:198:53:198:65 | HashAlgorithm | +| jca/SignatureOperation.java:201:16:201:41 | VerifyOperation | Input | jca/SignatureOperation.java:200:26:200:29 | Message | +| jca/SignatureOperation.java:201:16:201:41 | VerifyOperation | Key | jca/SignatureOperation.java:199:30:199:38 | Key | +| jca/SignatureOperation.java:201:16:201:41 | VerifyOperation | Signature | jca/SignatureOperation.java:201:33:201:40 | SignatureInput | +| jca/SignatureOperation.java:201:33:201:40 | SignatureInput | Source | jca/SignatureOperation.java:188:16:188:31 | SignatureOutput | +| jca/SignatureOperation.java:266:47:266:68 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:266:47:266:68 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:266:47:266:68 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:266:47:266:68 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:269:47:269:63 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:269:47:269:63 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:269:47:269:63 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:269:47:269:63 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:272:47:272:55 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:272:47:272:55 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:272:47:272:55 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:272:47:272:55 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:275:47:275:59 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:275:47:275:59 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:275:47:275:59 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:275:47:275:59 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:279:47:279:68 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:279:47:279:68 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:279:47:279:68 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:279:47:279:68 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:283:28:283:42 | Key | Source | jca/SignatureOperation.java:54:16:54:36 | Key | +| jca/SignatureOperation.java:283:28:283:42 | Key | Source | jca/SignatureOperation.java:94:16:94:38 | Key | +| jca/SignatureOperation.java:283:28:283:42 | Key | Source | jca/SignatureOperation.java:133:16:133:36 | Key | +| jca/SignatureOperation.java:283:28:283:42 | Key | Source | jca/SignatureOperation.java:175:16:175:36 | Key | +| jca/SignatureOperation.java:284:26:284:32 | Message | Source | jca/SignatureOperation.java:282:26:282:49 | Constant | +| jca/SignatureOperation.java:285:27:285:42 | SignOperation | Algorithm | jca/SignatureOperation.java:266:47:266:68 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:285:27:285:42 | SignOperation | Algorithm | jca/SignatureOperation.java:269:47:269:63 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:285:27:285:42 | SignOperation | Algorithm | jca/SignatureOperation.java:272:47:272:55 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:285:27:285:42 | SignOperation | Algorithm | jca/SignatureOperation.java:275:47:275:59 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:285:27:285:42 | SignOperation | Algorithm | jca/SignatureOperation.java:279:47:279:68 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:285:27:285:42 | SignOperation | HashAlgorithm | jca/SignatureOperation.java:266:47:266:68 | HashAlgorithm | +| jca/SignatureOperation.java:285:27:285:42 | SignOperation | HashAlgorithm | jca/SignatureOperation.java:269:47:269:63 | HashAlgorithm | +| jca/SignatureOperation.java:285:27:285:42 | SignOperation | HashAlgorithm | jca/SignatureOperation.java:275:47:275:59 | HashAlgorithm | +| jca/SignatureOperation.java:285:27:285:42 | SignOperation | HashAlgorithm | jca/SignatureOperation.java:279:47:279:68 | HashAlgorithm | +| jca/SignatureOperation.java:285:27:285:42 | SignOperation | Input | jca/SignatureOperation.java:284:26:284:32 | Message | +| jca/SignatureOperation.java:285:27:285:42 | SignOperation | Key | jca/SignatureOperation.java:283:28:283:42 | Key | +| jca/SignatureOperation.java:285:27:285:42 | SignOperation | Output | jca/SignatureOperation.java:285:27:285:42 | SignatureOutput | +| jca/SignatureOperation.java:287:30:287:43 | Key | Source | jca/SignatureOperation.java:54:16:54:36 | Key | +| jca/SignatureOperation.java:287:30:287:43 | Key | Source | jca/SignatureOperation.java:94:16:94:38 | Key | +| jca/SignatureOperation.java:287:30:287:43 | Key | Source | jca/SignatureOperation.java:133:16:133:36 | Key | +| jca/SignatureOperation.java:287:30:287:43 | Key | Source | jca/SignatureOperation.java:175:16:175:36 | Key | +| jca/SignatureOperation.java:288:26:288:32 | Message | Source | jca/SignatureOperation.java:288:26:288:32 | Message | +| jca/SignatureOperation.java:289:28:289:53 | VerifyOperation | Algorithm | jca/SignatureOperation.java:266:47:266:68 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:289:28:289:53 | VerifyOperation | Algorithm | jca/SignatureOperation.java:269:47:269:63 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:289:28:289:53 | VerifyOperation | Algorithm | jca/SignatureOperation.java:272:47:272:55 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:289:28:289:53 | VerifyOperation | Algorithm | jca/SignatureOperation.java:275:47:275:59 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:289:28:289:53 | VerifyOperation | Algorithm | jca/SignatureOperation.java:279:47:279:68 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:289:28:289:53 | VerifyOperation | HashAlgorithm | jca/SignatureOperation.java:266:47:266:68 | HashAlgorithm | +| jca/SignatureOperation.java:289:28:289:53 | VerifyOperation | HashAlgorithm | jca/SignatureOperation.java:269:47:269:63 | HashAlgorithm | +| jca/SignatureOperation.java:289:28:289:53 | VerifyOperation | HashAlgorithm | jca/SignatureOperation.java:275:47:275:59 | HashAlgorithm | +| jca/SignatureOperation.java:289:28:289:53 | VerifyOperation | HashAlgorithm | jca/SignatureOperation.java:279:47:279:68 | HashAlgorithm | +| jca/SignatureOperation.java:289:28:289:53 | VerifyOperation | Input | jca/SignatureOperation.java:284:26:284:32 | Message | +| jca/SignatureOperation.java:289:28:289:53 | VerifyOperation | Input | jca/SignatureOperation.java:288:26:288:32 | Message | +| jca/SignatureOperation.java:289:28:289:53 | VerifyOperation | Key | jca/SignatureOperation.java:283:28:283:42 | Key | +| jca/SignatureOperation.java:289:28:289:53 | VerifyOperation | Key | jca/SignatureOperation.java:287:30:287:43 | Key | +| jca/SignatureOperation.java:289:28:289:53 | VerifyOperation | Signature | jca/SignatureOperation.java:289:45:289:52 | SignatureInput | +| jca/SignatureOperation.java:289:45:289:52 | SignatureInput | Source | jca/SignatureOperation.java:285:27:285:42 | SignatureOutput | +| jca/SymmetricAlgorithm.java:51:44:51:62 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:51:44:51:62 | ModeOfOperation | +| jca/SymmetricAlgorithm.java:51:44:51:62 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:51:44:51:62 | PaddingAlgorithm | +| jca/SymmetricAlgorithm.java:55:42:55:44 | Key | Source | jca/SymmetricAlgorithm.java:244:64:244:76 | Parameter | +| jca/SymmetricAlgorithm.java:55:47:55:50 | Nonce | Source | jca/SymmetricAlgorithm.java:53:9:53:40 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:55:47:55:50 | Nonce | Source | jca/SymmetricAlgorithm.java:53:38:53:39 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:56:29:56:53 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:51:44:51:62 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:56:29:56:53 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:56:44:56:52 | Message | +| jca/SymmetricAlgorithm.java:56:29:56:53 | EncryptOperation | Key | jca/SymmetricAlgorithm.java:55:42:55:44 | Key | +| jca/SymmetricAlgorithm.java:56:29:56:53 | EncryptOperation | Nonce | jca/SymmetricAlgorithm.java:55:47:55:50 | Nonce | +| jca/SymmetricAlgorithm.java:56:29:56:53 | EncryptOperation | Output | jca/SymmetricAlgorithm.java:56:29:56:53 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:56:44:56:52 | Message | Source | jca/SymmetricAlgorithm.java:244:79:244:94 | Parameter | +| jca/SymmetricAlgorithm.java:73:44:73:62 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:73:44:73:62 | ModeOfOperation | +| jca/SymmetricAlgorithm.java:73:44:73:62 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:73:44:73:62 | PaddingAlgorithm | +| jca/SymmetricAlgorithm.java:76:42:76:44 | Key | Source | jca/SymmetricAlgorithm.java:72:39:72:51 | Parameter | +| jca/SymmetricAlgorithm.java:76:47:76:50 | Nonce | Source | jca/SymmetricAlgorithm.java:76:47:76:50 | Nonce | +| jca/SymmetricAlgorithm.java:77:29:77:53 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:73:44:73:62 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:77:29:77:53 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:77:44:77:52 | Message | +| jca/SymmetricAlgorithm.java:77:29:77:53 | EncryptOperation | Key | jca/SymmetricAlgorithm.java:76:42:76:44 | Key | +| jca/SymmetricAlgorithm.java:77:29:77:53 | EncryptOperation | Nonce | jca/SymmetricAlgorithm.java:76:47:76:50 | Nonce | +| jca/SymmetricAlgorithm.java:77:29:77:53 | EncryptOperation | Output | jca/SymmetricAlgorithm.java:77:29:77:53 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:77:44:77:52 | Message | Source | jca/SymmetricAlgorithm.java:72:54:72:69 | Parameter | +| jca/SymmetricAlgorithm.java:94:44:94:65 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:94:44:94:65 | ModeOfOperation | +| jca/SymmetricAlgorithm.java:94:44:94:65 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:94:44:94:65 | PaddingAlgorithm | +| jca/SymmetricAlgorithm.java:98:42:98:44 | Key | Source | jca/SymmetricAlgorithm.java:244:64:244:76 | Parameter | +| jca/SymmetricAlgorithm.java:98:47:98:52 | Nonce | Source | jca/SymmetricAlgorithm.java:96:9:96:40 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:98:47:98:52 | Nonce | Source | jca/SymmetricAlgorithm.java:96:38:96:39 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:99:29:99:53 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:94:44:94:65 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:99:29:99:53 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:99:44:99:52 | Message | +| jca/SymmetricAlgorithm.java:99:29:99:53 | EncryptOperation | Key | jca/SymmetricAlgorithm.java:98:42:98:44 | Key | +| jca/SymmetricAlgorithm.java:99:29:99:53 | EncryptOperation | Nonce | jca/SymmetricAlgorithm.java:98:47:98:52 | Nonce | +| jca/SymmetricAlgorithm.java:99:29:99:53 | EncryptOperation | Output | jca/SymmetricAlgorithm.java:99:29:99:53 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:99:44:99:52 | Message | Source | jca/SymmetricAlgorithm.java:244:79:244:94 | Parameter | +| jca/SymmetricAlgorithm.java:116:44:116:65 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:116:44:116:65 | ModeOfOperation | +| jca/SymmetricAlgorithm.java:116:44:116:65 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:116:44:116:65 | PaddingAlgorithm | +| jca/SymmetricAlgorithm.java:117:42:117:44 | Key | Source | jca/SymmetricAlgorithm.java:244:64:244:76 | Parameter | +| jca/SymmetricAlgorithm.java:118:16:118:40 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:116:44:116:65 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:118:16:118:40 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:118:31:118:39 | Message | +| jca/SymmetricAlgorithm.java:118:16:118:40 | EncryptOperation | Key | jca/SymmetricAlgorithm.java:117:42:117:44 | Key | +| jca/SymmetricAlgorithm.java:118:16:118:40 | EncryptOperation | Nonce | jca/SymmetricAlgorithm.java:118:16:118:40 | EncryptOperation | +| jca/SymmetricAlgorithm.java:118:16:118:40 | EncryptOperation | Output | jca/SymmetricAlgorithm.java:118:16:118:40 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:118:31:118:39 | Message | Source | jca/SymmetricAlgorithm.java:244:79:244:94 | Parameter | +| jca/SymmetricAlgorithm.java:131:44:131:48 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:131:44:131:48 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:131:44:131:48 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:131:44:131:48 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:132:42:132:44 | Key | Source | jca/SymmetricAlgorithm.java:244:64:244:76 | Parameter | +| jca/SymmetricAlgorithm.java:133:16:133:40 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:131:44:131:48 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:133:16:133:40 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:133:31:133:39 | Message | +| jca/SymmetricAlgorithm.java:133:16:133:40 | EncryptOperation | Key | jca/SymmetricAlgorithm.java:132:42:132:44 | Key | +| jca/SymmetricAlgorithm.java:133:16:133:40 | EncryptOperation | Nonce | jca/SymmetricAlgorithm.java:133:16:133:40 | EncryptOperation | +| jca/SymmetricAlgorithm.java:133:16:133:40 | EncryptOperation | Output | jca/SymmetricAlgorithm.java:133:16:133:40 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:133:31:133:39 | Message | Source | jca/SymmetricAlgorithm.java:244:79:244:94 | Parameter | +| jca/SymmetricAlgorithm.java:146:44:146:65 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:146:44:146:65 | ModeOfOperation | +| jca/SymmetricAlgorithm.java:146:44:146:65 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:146:44:146:65 | PaddingAlgorithm | +| jca/SymmetricAlgorithm.java:150:42:150:44 | Key | Source | jca/SymmetricAlgorithm.java:145:36:145:48 | Parameter | +| jca/SymmetricAlgorithm.java:150:47:150:52 | Nonce | Source | jca/SymmetricAlgorithm.java:148:9:148:40 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:150:47:150:52 | Nonce | Source | jca/SymmetricAlgorithm.java:148:38:148:39 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:151:29:151:53 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:146:44:146:65 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:151:29:151:53 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:151:44:151:52 | Message | +| jca/SymmetricAlgorithm.java:151:29:151:53 | EncryptOperation | Key | jca/SymmetricAlgorithm.java:150:42:150:44 | Key | +| jca/SymmetricAlgorithm.java:151:29:151:53 | EncryptOperation | Nonce | jca/SymmetricAlgorithm.java:150:47:150:52 | Nonce | +| jca/SymmetricAlgorithm.java:151:29:151:53 | EncryptOperation | Output | jca/SymmetricAlgorithm.java:151:29:151:53 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:151:44:151:52 | Message | Source | jca/SymmetricAlgorithm.java:145:51:145:66 | Parameter | +| jca/SymmetricAlgorithm.java:168:44:168:68 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:168:44:168:68 | ModeOfOperation | +| jca/SymmetricAlgorithm.java:168:44:168:68 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:168:44:168:68 | PaddingAlgorithm | +| jca/SymmetricAlgorithm.java:172:42:172:44 | Key | Source | jca/SymmetricAlgorithm.java:167:42:167:54 | Parameter | +| jca/SymmetricAlgorithm.java:172:47:172:52 | Nonce | Source | jca/SymmetricAlgorithm.java:170:9:170:40 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:172:47:172:52 | Nonce | Source | jca/SymmetricAlgorithm.java:170:38:170:39 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:173:29:173:53 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:168:44:168:68 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:173:29:173:53 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:173:44:173:52 | Message | +| jca/SymmetricAlgorithm.java:173:29:173:53 | EncryptOperation | Key | jca/SymmetricAlgorithm.java:172:42:172:44 | Key | +| jca/SymmetricAlgorithm.java:173:29:173:53 | EncryptOperation | Nonce | jca/SymmetricAlgorithm.java:172:47:172:52 | Nonce | +| jca/SymmetricAlgorithm.java:173:29:173:53 | EncryptOperation | Output | jca/SymmetricAlgorithm.java:173:29:173:53 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:173:44:173:52 | Message | Source | jca/SymmetricAlgorithm.java:167:57:167:72 | Parameter | +| jca/SymmetricAlgorithm.java:190:44:190:53 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:190:44:190:53 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:190:44:190:53 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:190:44:190:53 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:194:42:194:44 | Key | Source | jca/SymmetricAlgorithm.java:244:64:244:76 | Parameter | +| jca/SymmetricAlgorithm.java:194:47:194:72 | Nonce | Source | jca/SymmetricAlgorithm.java:192:9:192:43 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:194:47:194:72 | Nonce | Source | jca/SymmetricAlgorithm.java:192:38:192:42 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:195:29:195:53 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:190:44:190:53 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:195:29:195:53 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:195:44:195:52 | Message | +| jca/SymmetricAlgorithm.java:195:29:195:53 | EncryptOperation | Key | jca/SymmetricAlgorithm.java:194:42:194:44 | Key | +| jca/SymmetricAlgorithm.java:195:29:195:53 | EncryptOperation | Nonce | jca/SymmetricAlgorithm.java:194:47:194:72 | Nonce | +| jca/SymmetricAlgorithm.java:195:29:195:53 | EncryptOperation | Output | jca/SymmetricAlgorithm.java:195:29:195:53 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:195:44:195:52 | Message | Source | jca/SymmetricAlgorithm.java:244:79:244:94 | Parameter | +| jca/SymmetricAlgorithm.java:214:19:214:21 | Key | Source | jca/SymmetricAlgorithm.java:212:35:212:47 | Parameter | +| jca/SymmetricAlgorithm.java:215:29:215:51 | MACOperation | Algorithm | jca/SymmetricAlgorithm.java:213:36:213:44 | Constant | +| jca/SymmetricAlgorithm.java:215:29:215:51 | MACOperation | HashAlgorithm | jca/SymmetricAlgorithm.java:215:29:215:51 | MACOperation | +| jca/SymmetricAlgorithm.java:215:29:215:51 | MACOperation | Input | jca/SymmetricAlgorithm.java:215:42:215:50 | Message | +| jca/SymmetricAlgorithm.java:215:29:215:51 | MACOperation | Key | jca/SymmetricAlgorithm.java:214:19:214:21 | Key | +| jca/SymmetricAlgorithm.java:215:29:215:51 | MACOperation | Message | jca/SymmetricAlgorithm.java:215:42:215:50 | Message | +| jca/SymmetricAlgorithm.java:215:29:215:51 | MACOperation | Nonce | jca/SymmetricAlgorithm.java:215:29:215:51 | MACOperation | +| jca/SymmetricAlgorithm.java:215:29:215:51 | MACOperation | Output | jca/SymmetricAlgorithm.java:215:29:215:51 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:215:42:215:50 | Message | Source | jca/SymmetricAlgorithm.java:212:50:212:65 | Parameter | +| jca/SymmetricAlgorithm.java:218:44:218:62 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:218:44:218:62 | ModeOfOperation | +| jca/SymmetricAlgorithm.java:218:44:218:62 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:218:44:218:62 | PaddingAlgorithm | +| jca/SymmetricAlgorithm.java:222:42:222:51 | Key | Source | jca/SymmetricAlgorithm.java:222:42:222:51 | Key | +| jca/SymmetricAlgorithm.java:222:54:222:57 | Nonce | Source | jca/SymmetricAlgorithm.java:220:9:220:40 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:222:54:222:57 | Nonce | Source | jca/SymmetricAlgorithm.java:220:38:220:39 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:223:29:223:53 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:218:44:218:62 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:223:29:223:53 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:223:44:223:52 | Message | +| jca/SymmetricAlgorithm.java:223:29:223:53 | EncryptOperation | Key | jca/SymmetricAlgorithm.java:222:42:222:51 | Key | +| jca/SymmetricAlgorithm.java:223:29:223:53 | EncryptOperation | Nonce | jca/SymmetricAlgorithm.java:222:54:222:57 | Nonce | +| jca/SymmetricAlgorithm.java:223:29:223:53 | EncryptOperation | Output | jca/SymmetricAlgorithm.java:223:29:223:53 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:223:44:223:52 | Message | Source | jca/SymmetricAlgorithm.java:223:44:223:52 | Message | +| jca/SymmetricAlgorithm.java:287:42:287:66 | Message | Source | jca/SymmetricAlgorithm.java:284:58:284:70 | Parameter | +| jca/SymmetricAlgorithm.java:287:69:287:72 | Salt | Source | jca/SymmetricAlgorithm.java:345:9:345:42 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:287:69:287:72 | Salt | Source | jca/SymmetricAlgorithm.java:345:38:345:41 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:288:65:288:86 | HMACAlgorithm | H | jca/SymmetricAlgorithm.java:288:65:288:86 | HashAlgorithm | +| jca/SymmetricAlgorithm.java:288:65:288:86 | KeyDerivationAlgorithm | PRF | jca/SymmetricAlgorithm.java:288:65:288:86 | HMACAlgorithm | +| jca/SymmetricAlgorithm.java:289:26:289:53 | KeyDerivation | Algorithm | jca/SymmetricAlgorithm.java:288:65:288:86 | KeyDerivationAlgorithm | +| jca/SymmetricAlgorithm.java:289:26:289:53 | KeyDerivation | Input | jca/SymmetricAlgorithm.java:287:42:287:66 | Message | +| jca/SymmetricAlgorithm.java:289:26:289:53 | KeyDerivation | Output | jca/SymmetricAlgorithm.java:289:26:289:53 | Key | +| jca/SymmetricAlgorithm.java:289:26:289:53 | KeyDerivation | Salt | jca/SymmetricAlgorithm.java:287:69:287:72 | Salt | +| jca/SymmetricAlgorithm.java:295:44:295:62 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:295:44:295:62 | ModeOfOperation | +| jca/SymmetricAlgorithm.java:295:44:295:62 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:295:44:295:62 | PaddingAlgorithm | +| jca/SymmetricAlgorithm.java:298:42:298:47 | Key | Source | jca/SymmetricAlgorithm.java:298:42:298:47 | Key | +| jca/SymmetricAlgorithm.java:298:50:298:78 | Nonce | Source | jca/SymmetricAlgorithm.java:297:9:297:40 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:298:50:298:78 | Nonce | Source | jca/SymmetricAlgorithm.java:297:38:297:39 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:299:29:299:53 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:295:44:295:62 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:299:29:299:53 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:299:44:299:52 | Message | +| jca/SymmetricAlgorithm.java:299:29:299:53 | EncryptOperation | Key | jca/SymmetricAlgorithm.java:298:42:298:47 | Key | +| jca/SymmetricAlgorithm.java:299:29:299:53 | EncryptOperation | Nonce | jca/SymmetricAlgorithm.java:298:50:298:78 | Nonce | +| jca/SymmetricAlgorithm.java:299:29:299:53 | EncryptOperation | Output | jca/SymmetricAlgorithm.java:299:29:299:53 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:299:44:299:52 | Message | Source | jca/SymmetricAlgorithm.java:284:73:284:88 | Parameter | +| jca/SymmetricAlgorithm.java:301:35:301:46 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:301:35:301:46 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:301:35:301:46 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:301:35:301:46 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:302:18:302:30 | Key | Source | jca/SymmetricAlgorithm.java:302:18:302:30 | Key | +| jca/SymmetricAlgorithm.java:303:30:303:52 | MACOperation | Algorithm | jca/SymmetricAlgorithm.java:301:35:301:46 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:303:30:303:52 | MACOperation | HashAlgorithm | jca/SymmetricAlgorithm.java:303:30:303:52 | MACOperation | +| jca/SymmetricAlgorithm.java:303:30:303:52 | MACOperation | Input | jca/SymmetricAlgorithm.java:303:42:303:51 | Message | +| jca/SymmetricAlgorithm.java:303:30:303:52 | MACOperation | Key | jca/SymmetricAlgorithm.java:302:18:302:30 | Key | +| jca/SymmetricAlgorithm.java:303:30:303:52 | MACOperation | Message | jca/SymmetricAlgorithm.java:303:42:303:51 | Message | +| jca/SymmetricAlgorithm.java:303:30:303:52 | MACOperation | Nonce | jca/SymmetricAlgorithm.java:303:30:303:52 | MACOperation | +| jca/SymmetricAlgorithm.java:303:30:303:52 | MACOperation | Output | jca/SymmetricAlgorithm.java:303:30:303:52 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:303:42:303:51 | Message | Source | jca/SymmetricAlgorithm.java:299:29:299:53 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:333:16:333:31 | KeyGeneration | Algorithm | jca/SymmetricAlgorithm.java:331:52:331:56 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:333:16:333:31 | KeyGeneration | Output | jca/SymmetricAlgorithm.java:333:16:333:31 | Key | +| jca/SymmetricModesTest.java:50:33:50:48 | KeyGeneration | Algorithm | jca/SymmetricModesTest.java:48:52:48:56 | KeyOperationAlgorithm | +| jca/SymmetricModesTest.java:50:33:50:48 | KeyGeneration | Output | jca/SymmetricModesTest.java:50:33:50:48 | Key | +| jca/SymmetricModesTest.java:54:31:54:46 | KeyGeneration | Algorithm | jca/SymmetricModesTest.java:48:52:48:56 | KeyOperationAlgorithm | +| jca/SymmetricModesTest.java:54:31:54:46 | KeyGeneration | Output | jca/SymmetricModesTest.java:54:31:54:46 | Key | +| jca/SymmetricModesTest.java:57:44:57:62 | KeyOperationAlgorithm | Mode | jca/SymmetricModesTest.java:57:44:57:62 | ModeOfOperation | +| jca/SymmetricModesTest.java:57:44:57:62 | KeyOperationAlgorithm | Padding | jca/SymmetricModesTest.java:57:44:57:62 | PaddingAlgorithm | +| jca/SymmetricModesTest.java:58:39:58:49 | Key | Source | jca/SymmetricModesTest.java:50:33:50:48 | Key | +| jca/SymmetricModesTest.java:59:29:59:50 | WrapOperation | Algorithm | jca/SymmetricModesTest.java:57:44:57:62 | KeyOperationAlgorithm | +| jca/SymmetricModesTest.java:59:29:59:50 | WrapOperation | Input | jca/SymmetricModesTest.java:59:41:59:49 | Message | +| jca/SymmetricModesTest.java:59:29:59:50 | WrapOperation | Key | jca/SymmetricModesTest.java:58:39:58:49 | Key | +| jca/SymmetricModesTest.java:59:29:59:50 | WrapOperation | Nonce | jca/SymmetricModesTest.java:59:29:59:50 | WrapOperation | +| jca/SymmetricModesTest.java:59:29:59:50 | WrapOperation | Output | jca/SymmetricModesTest.java:59:29:59:50 | KeyOperationOutput | +| jca/SymmetricModesTest.java:59:41:59:49 | Message | Source | jca/SymmetricModesTest.java:54:31:54:46 | Key | +| jca/SymmetricModesTest.java:79:44:79:63 | KeyOperationAlgorithm | Mode | jca/SymmetricModesTest.java:79:44:79:63 | ModeOfOperation | +| jca/SymmetricModesTest.java:79:44:79:63 | KeyOperationAlgorithm | Padding | jca/SymmetricModesTest.java:79:44:79:63 | PaddingAlgorithm | +| jca/SymmetricModesTest.java:83:42:83:44 | Key | Source | jca/SymmetricModesTest.java:78:43:78:55 | Parameter | +| jca/SymmetricModesTest.java:83:47:83:52 | Nonce | Source | jca/SymmetricModesTest.java:81:9:81:40 | RandomNumberGeneration | +| jca/SymmetricModesTest.java:83:47:83:52 | Nonce | Source | jca/SymmetricModesTest.java:81:38:81:39 | RandomNumberGeneration | +| jca/SymmetricModesTest.java:84:29:84:53 | EncryptOperation | Algorithm | jca/SymmetricModesTest.java:79:44:79:63 | KeyOperationAlgorithm | +| jca/SymmetricModesTest.java:84:29:84:53 | EncryptOperation | Input | jca/SymmetricModesTest.java:84:44:84:52 | Message | +| jca/SymmetricModesTest.java:84:29:84:53 | EncryptOperation | Key | jca/SymmetricModesTest.java:83:42:83:44 | Key | +| jca/SymmetricModesTest.java:84:29:84:53 | EncryptOperation | Nonce | jca/SymmetricModesTest.java:83:47:83:52 | Nonce | +| jca/SymmetricModesTest.java:84:29:84:53 | EncryptOperation | Output | jca/SymmetricModesTest.java:84:29:84:53 | KeyOperationOutput | +| jca/SymmetricModesTest.java:84:44:84:52 | Message | Source | jca/SymmetricModesTest.java:78:58:78:73 | Parameter | +| jca/SymmetricModesTest.java:105:44:105:63 | KeyOperationAlgorithm | Mode | jca/SymmetricModesTest.java:105:44:105:63 | ModeOfOperation | +| jca/SymmetricModesTest.java:105:44:105:63 | KeyOperationAlgorithm | Padding | jca/SymmetricModesTest.java:105:44:105:63 | PaddingAlgorithm | +| jca/SymmetricModesTest.java:109:42:109:44 | Key | Source | jca/SymmetricModesTest.java:104:45:104:57 | Parameter | +| jca/SymmetricModesTest.java:109:47:109:52 | Nonce | Source | jca/SymmetricModesTest.java:109:47:109:52 | Nonce | +| jca/SymmetricModesTest.java:110:29:110:53 | EncryptOperation | Algorithm | jca/SymmetricModesTest.java:105:44:105:63 | KeyOperationAlgorithm | +| jca/SymmetricModesTest.java:110:29:110:53 | EncryptOperation | Input | jca/SymmetricModesTest.java:110:44:110:52 | Message | +| jca/SymmetricModesTest.java:110:29:110:53 | EncryptOperation | Key | jca/SymmetricModesTest.java:109:42:109:44 | Key | +| jca/SymmetricModesTest.java:110:29:110:53 | EncryptOperation | Nonce | jca/SymmetricModesTest.java:109:47:109:52 | Nonce | +| jca/SymmetricModesTest.java:110:29:110:53 | EncryptOperation | Output | jca/SymmetricModesTest.java:110:29:110:53 | KeyOperationOutput | +| jca/SymmetricModesTest.java:110:44:110:52 | Message | Source | jca/SymmetricModesTest.java:104:60:104:75 | Parameter | +| jca/SymmetricModesTest.java:129:16:129:31 | KeyGeneration | Algorithm | jca/SymmetricModesTest.java:127:52:127:56 | KeyOperationAlgorithm | +| jca/SymmetricModesTest.java:129:16:129:31 | KeyGeneration | Output | jca/SymmetricModesTest.java:129:16:129:31 | Key | +| jca/UniversalFlowTest.java:27:25:27:44 | KeyGeneration | Algorithm | jca/UniversalFlowTest.java:19:28:19:32 | KeyOperationAlgorithm | +| jca/UniversalFlowTest.java:27:25:27:44 | KeyGeneration | Algorithm | jca/UniversalFlowTest.java:46:20:46:24 | KeyOperationAlgorithm | +| jca/UniversalFlowTest.java:27:25:27:44 | KeyGeneration | Output | jca/UniversalFlowTest.java:27:25:27:44 | Key | +| jca/UniversalFlowTest.java:28:29:28:47 | KeyOperationAlgorithm | Mode | jca/UniversalFlowTest.java:28:29:28:47 | ModeOfOperation | +| jca/UniversalFlowTest.java:28:29:28:47 | KeyOperationAlgorithm | Padding | jca/UniversalFlowTest.java:28:29:28:47 | PaddingAlgorithm | +| jca/UniversalFlowTest.java:33:42:33:44 | Key | Source | jca/UniversalFlowTest.java:27:25:27:44 | Key | +| jca/UniversalFlowTest.java:33:47:33:53 | Nonce | Source | jca/UniversalFlowTest.java:31:9:31:40 | RandomNumberGeneration | +| jca/UniversalFlowTest.java:33:47:33:53 | Nonce | Source | jca/UniversalFlowTest.java:31:38:31:39 | RandomNumberGeneration | +| jca/UniversalFlowTest.java:34:32:34:74 | EncryptOperation | Algorithm | jca/UniversalFlowTest.java:28:29:28:47 | KeyOperationAlgorithm | +| jca/UniversalFlowTest.java:34:32:34:74 | EncryptOperation | Input | jca/UniversalFlowTest.java:34:47:34:73 | Message | +| jca/UniversalFlowTest.java:34:32:34:74 | EncryptOperation | Key | jca/UniversalFlowTest.java:33:42:33:44 | Key | +| jca/UniversalFlowTest.java:34:32:34:74 | EncryptOperation | Nonce | jca/UniversalFlowTest.java:33:47:33:53 | Nonce | +| jca/UniversalFlowTest.java:34:32:34:74 | EncryptOperation | Output | jca/UniversalFlowTest.java:34:32:34:74 | KeyOperationOutput | +| jca/UniversalFlowTest.java:34:47:34:73 | Message | Source | jca/UniversalFlowTest.java:34:47:34:62 | Constant | diff --git a/java/ql/test/experimental/library-tests/quantum/node_edges.ql b/java/ql/test/experimental/library-tests/quantum/node_edges.ql new file mode 100644 index 00000000000..4c9afb6c8ff --- /dev/null +++ b/java/ql/test/experimental/library-tests/quantum/node_edges.ql @@ -0,0 +1,5 @@ +import java +import experimental.quantum.Language + +from Crypto::NodeBase n, string key +select n, key, n.getChild(key) diff --git a/java/ql/test/experimental/library-tests/quantum/node_properties.expected b/java/ql/test/experimental/library-tests/quantum/node_properties.expected new file mode 100644 index 00000000000..ea071871fd9 --- /dev/null +++ b/java/ql/test/experimental/library-tests/quantum/node_properties.expected @@ -0,0 +1,1704 @@ +| jca/AesWrapAndPBEWith.java:58:52:58:56 | KeyOperationAlgorithm | KeySize | Constant:128 | jca/AesWrapAndPBEWith.java:62:17:62:19 | jca/AesWrapAndPBEWith.java:62:17:62:19 | +| jca/AesWrapAndPBEWith.java:58:52:58:56 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/AesWrapAndPBEWith.java:59:17:59:19 | jca/AesWrapAndPBEWith.java:59:17:59:19 | +| jca/AesWrapAndPBEWith.java:58:52:58:56 | KeyOperationAlgorithm | Name | AES | jca/AesWrapAndPBEWith.java:58:52:58:56 | jca/AesWrapAndPBEWith.java:58:52:58:56 | +| jca/AesWrapAndPBEWith.java:58:52:58:56 | KeyOperationAlgorithm | RawName | AES | jca/AesWrapAndPBEWith.java:58:52:58:56 | jca/AesWrapAndPBEWith.java:58:52:58:56 | +| jca/AesWrapAndPBEWith.java:58:52:58:56 | KeyOperationAlgorithm | Structure | Block | jca/AesWrapAndPBEWith.java:58:52:58:56 | jca/AesWrapAndPBEWith.java:58:52:58:56 | +| jca/AesWrapAndPBEWith.java:59:17:59:19 | Constant | Description | 256 | jca/AesWrapAndPBEWith.java:59:17:59:19 | jca/AesWrapAndPBEWith.java:59:17:59:19 | +| jca/AesWrapAndPBEWith.java:60:33:60:48 | Key | KeyType | Symmetric | jca/AesWrapAndPBEWith.java:60:33:60:48 | jca/AesWrapAndPBEWith.java:60:33:60:48 | +| jca/AesWrapAndPBEWith.java:62:17:62:19 | Constant | Description | 128 | jca/AesWrapAndPBEWith.java:62:17:62:19 | jca/AesWrapAndPBEWith.java:62:17:62:19 | +| jca/AesWrapAndPBEWith.java:63:31:63:46 | Key | KeyType | Symmetric | jca/AesWrapAndPBEWith.java:63:31:63:46 | jca/AesWrapAndPBEWith.java:63:31:63:46 | +| jca/AesWrapAndPBEWith.java:65:44:65:52 | KeyOperationAlgorithm | Name | AES | jca/AesWrapAndPBEWith.java:65:44:65:52 | jca/AesWrapAndPBEWith.java:65:44:65:52 | +| jca/AesWrapAndPBEWith.java:65:44:65:52 | KeyOperationAlgorithm | RawName | AESWrap | jca/AesWrapAndPBEWith.java:65:44:65:52 | jca/AesWrapAndPBEWith.java:65:44:65:52 | +| jca/AesWrapAndPBEWith.java:65:44:65:52 | KeyOperationAlgorithm | Structure | Block | jca/AesWrapAndPBEWith.java:65:44:65:52 | jca/AesWrapAndPBEWith.java:65:44:65:52 | +| jca/AesWrapAndPBEWith.java:66:39:66:49 | Key | KeyType | Unknown | jca/AesWrapAndPBEWith.java:66:39:66:49 | jca/AesWrapAndPBEWith.java:66:39:66:49 | +| jca/AesWrapAndPBEWith.java:67:29:67:50 | WrapOperation | KeyOperationSubtype | Wrap | jca/AesWrapAndPBEWith.java:67:29:67:50 | jca/AesWrapAndPBEWith.java:67:29:67:50 | +| jca/AesWrapAndPBEWith.java:83:52:83:56 | KeyOperationAlgorithm | KeySize | Constant:128 | jca/AesWrapAndPBEWith.java:84:17:84:19 | jca/AesWrapAndPBEWith.java:84:17:84:19 | +| jca/AesWrapAndPBEWith.java:83:52:83:56 | KeyOperationAlgorithm | Name | AES | jca/AesWrapAndPBEWith.java:83:52:83:56 | jca/AesWrapAndPBEWith.java:83:52:83:56 | +| jca/AesWrapAndPBEWith.java:83:52:83:56 | KeyOperationAlgorithm | RawName | AES | jca/AesWrapAndPBEWith.java:83:52:83:56 | jca/AesWrapAndPBEWith.java:83:52:83:56 | +| jca/AesWrapAndPBEWith.java:83:52:83:56 | KeyOperationAlgorithm | Structure | Block | jca/AesWrapAndPBEWith.java:83:52:83:56 | jca/AesWrapAndPBEWith.java:83:52:83:56 | +| jca/AesWrapAndPBEWith.java:84:17:84:19 | Constant | Description | 128 | jca/AesWrapAndPBEWith.java:84:17:84:19 | jca/AesWrapAndPBEWith.java:84:17:84:19 | +| jca/AesWrapAndPBEWith.java:85:31:85:46 | Key | KeyType | Symmetric | jca/AesWrapAndPBEWith.java:85:31:85:46 | jca/AesWrapAndPBEWith.java:85:31:85:46 | +| jca/AesWrapAndPBEWith.java:87:44:87:52 | KeyOperationAlgorithm | Name | AES | jca/AesWrapAndPBEWith.java:87:44:87:52 | jca/AesWrapAndPBEWith.java:87:44:87:52 | +| jca/AesWrapAndPBEWith.java:87:44:87:52 | KeyOperationAlgorithm | RawName | AESWrap | jca/AesWrapAndPBEWith.java:87:44:87:52 | jca/AesWrapAndPBEWith.java:87:44:87:52 | +| jca/AesWrapAndPBEWith.java:87:44:87:52 | KeyOperationAlgorithm | Structure | Block | jca/AesWrapAndPBEWith.java:87:44:87:52 | jca/AesWrapAndPBEWith.java:87:44:87:52 | +| jca/AesWrapAndPBEWith.java:88:39:88:49 | Key | KeyType | Unknown | jca/AesWrapAndPBEWith.java:88:39:88:49 | jca/AesWrapAndPBEWith.java:88:39:88:49 | +| jca/AesWrapAndPBEWith.java:89:29:89:50 | WrapOperation | KeyOperationSubtype | Wrap | jca/AesWrapAndPBEWith.java:89:29:89:50 | jca/AesWrapAndPBEWith.java:89:29:89:50 | +| jca/AesWrapAndPBEWith.java:106:34:106:37 | Constant | Description | 0x00 | jca/AesWrapAndPBEWith.java:106:34:106:37 | jca/AesWrapAndPBEWith.java:106:34:106:37 | +| jca/AesWrapAndPBEWith.java:107:72:107:75 | Constant | Description | 1000 | jca/AesWrapAndPBEWith.java:107:72:107:75 | jca/AesWrapAndPBEWith.java:107:72:107:75 | +| jca/AesWrapAndPBEWith.java:107:78:107:79 | Constant | Description | 64 | jca/AesWrapAndPBEWith.java:107:78:107:79 | jca/AesWrapAndPBEWith.java:107:78:107:79 | +| jca/AesWrapAndPBEWith.java:108:65:108:82 | KeyDerivationAlgorithm | Name | PBEWithMD5AndDES | jca/AesWrapAndPBEWith.java:108:65:108:82 | jca/AesWrapAndPBEWith.java:108:65:108:82 | +| jca/AesWrapAndPBEWith.java:108:65:108:82 | KeyDerivationAlgorithm | RawName | PBEWithMD5AndDES | jca/AesWrapAndPBEWith.java:108:65:108:82 | jca/AesWrapAndPBEWith.java:108:65:108:82 | +| jca/AesWrapAndPBEWith.java:109:27:109:54 | Key | KeyType | Symmetric | jca/AesWrapAndPBEWith.java:109:27:109:54 | jca/AesWrapAndPBEWith.java:109:27:109:54 | +| jca/AesWrapAndPBEWith.java:109:27:109:54 | KeyDerivation | Iterations | Constant:1000 | jca/AesWrapAndPBEWith.java:107:72:107:75 | jca/AesWrapAndPBEWith.java:107:72:107:75 | +| jca/AesWrapAndPBEWith.java:109:27:109:54 | KeyDerivation | KeySize | Constant:64 | jca/AesWrapAndPBEWith.java:107:78:107:79 | jca/AesWrapAndPBEWith.java:107:78:107:79 | +| jca/AesWrapAndPBEWith.java:122:9:122:42 | RandomNumberGeneration | Description | nextBytes | jca/AesWrapAndPBEWith.java:122:9:122:42 | jca/AesWrapAndPBEWith.java:122:9:122:42 | +| jca/AesWrapAndPBEWith.java:122:38:122:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/AesWrapAndPBEWith.java:122:38:122:41 | jca/AesWrapAndPBEWith.java:122:38:122:41 | +| jca/AesWrapAndPBEWith.java:123:72:123:76 | Constant | Description | 10000 | jca/AesWrapAndPBEWith.java:123:72:123:76 | jca/AesWrapAndPBEWith.java:123:72:123:76 | +| jca/AesWrapAndPBEWith.java:123:79:123:81 | Constant | Description | 256 | jca/AesWrapAndPBEWith.java:123:79:123:81 | jca/AesWrapAndPBEWith.java:123:79:123:81 | +| jca/AesWrapAndPBEWith.java:124:65:124:86 | HMACAlgorithm | Name | HMAC | jca/AesWrapAndPBEWith.java:124:65:124:86 | jca/AesWrapAndPBEWith.java:124:65:124:86 | +| jca/AesWrapAndPBEWith.java:124:65:124:86 | HMACAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/AesWrapAndPBEWith.java:124:65:124:86 | jca/AesWrapAndPBEWith.java:124:65:124:86 | +| jca/AesWrapAndPBEWith.java:124:65:124:86 | HashAlgorithm | DigestSize | 256 | jca/AesWrapAndPBEWith.java:124:65:124:86 | jca/AesWrapAndPBEWith.java:124:65:124:86 | +| jca/AesWrapAndPBEWith.java:124:65:124:86 | HashAlgorithm | Name | SHA2 | jca/AesWrapAndPBEWith.java:124:65:124:86 | jca/AesWrapAndPBEWith.java:124:65:124:86 | +| jca/AesWrapAndPBEWith.java:124:65:124:86 | HashAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/AesWrapAndPBEWith.java:124:65:124:86 | jca/AesWrapAndPBEWith.java:124:65:124:86 | +| jca/AesWrapAndPBEWith.java:124:65:124:86 | KeyDerivationAlgorithm | Name | PBKDF2WithHmacSHA256 | jca/AesWrapAndPBEWith.java:124:65:124:86 | jca/AesWrapAndPBEWith.java:124:65:124:86 | +| jca/AesWrapAndPBEWith.java:124:65:124:86 | KeyDerivationAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/AesWrapAndPBEWith.java:124:65:124:86 | jca/AesWrapAndPBEWith.java:124:65:124:86 | +| jca/AesWrapAndPBEWith.java:125:27:125:54 | Key | KeyType | Symmetric | jca/AesWrapAndPBEWith.java:125:27:125:54 | jca/AesWrapAndPBEWith.java:125:27:125:54 | +| jca/AesWrapAndPBEWith.java:125:27:125:54 | KeyDerivation | Iterations | Constant:10000 | jca/AesWrapAndPBEWith.java:123:72:123:76 | jca/AesWrapAndPBEWith.java:123:72:123:76 | +| jca/AesWrapAndPBEWith.java:125:27:125:54 | KeyDerivation | KeySize | Constant:256 | jca/AesWrapAndPBEWith.java:123:79:123:81 | jca/AesWrapAndPBEWith.java:123:79:123:81 | +| jca/AesWrapAndPBEWith.java:140:9:140:42 | RandomNumberGeneration | Description | nextBytes | jca/AesWrapAndPBEWith.java:140:9:140:42 | jca/AesWrapAndPBEWith.java:140:9:140:42 | +| jca/AesWrapAndPBEWith.java:140:38:140:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/AesWrapAndPBEWith.java:140:38:140:41 | jca/AesWrapAndPBEWith.java:140:38:140:41 | +| jca/AesWrapAndPBEWith.java:141:72:141:76 | Constant | Description | 10000 | jca/AesWrapAndPBEWith.java:141:72:141:76 | jca/AesWrapAndPBEWith.java:141:72:141:76 | +| jca/AesWrapAndPBEWith.java:141:79:141:81 | Constant | Description | 128 | jca/AesWrapAndPBEWith.java:141:79:141:81 | jca/AesWrapAndPBEWith.java:141:79:141:81 | +| jca/AesWrapAndPBEWith.java:142:65:142:98 | KeyDerivationAlgorithm | Name | PBEWithSHA256And128BitAES-CBC-BC | jca/AesWrapAndPBEWith.java:142:65:142:98 | jca/AesWrapAndPBEWith.java:142:65:142:98 | +| jca/AesWrapAndPBEWith.java:142:65:142:98 | KeyDerivationAlgorithm | RawName | PBEWithSHA256And128BitAES-CBC-BC | jca/AesWrapAndPBEWith.java:142:65:142:98 | jca/AesWrapAndPBEWith.java:142:65:142:98 | +| jca/AesWrapAndPBEWith.java:143:28:143:55 | Key | KeyType | Symmetric | jca/AesWrapAndPBEWith.java:143:28:143:55 | jca/AesWrapAndPBEWith.java:143:28:143:55 | +| jca/AesWrapAndPBEWith.java:143:28:143:55 | KeyDerivation | Iterations | Constant:10000 | jca/AesWrapAndPBEWith.java:141:72:141:76 | jca/AesWrapAndPBEWith.java:141:72:141:76 | +| jca/AesWrapAndPBEWith.java:143:28:143:55 | KeyDerivation | KeySize | Constant:128 | jca/AesWrapAndPBEWith.java:141:79:141:81 | jca/AesWrapAndPBEWith.java:141:79:141:81 | +| jca/AesWrapAndPBEWith.java:146:44:146:65 | KeyOperationAlgorithm | Name | AES | jca/AesWrapAndPBEWith.java:146:44:146:65 | jca/AesWrapAndPBEWith.java:146:44:146:65 | +| jca/AesWrapAndPBEWith.java:146:44:146:65 | KeyOperationAlgorithm | RawName | AES/CBC/PKCS5Padding | jca/AesWrapAndPBEWith.java:146:44:146:65 | jca/AesWrapAndPBEWith.java:146:44:146:65 | +| jca/AesWrapAndPBEWith.java:146:44:146:65 | KeyOperationAlgorithm | Structure | Block | jca/AesWrapAndPBEWith.java:146:44:146:65 | jca/AesWrapAndPBEWith.java:146:44:146:65 | +| jca/AesWrapAndPBEWith.java:146:44:146:65 | ModeOfOperation | Name | CBC | jca/AesWrapAndPBEWith.java:146:44:146:65 | jca/AesWrapAndPBEWith.java:146:44:146:65 | +| jca/AesWrapAndPBEWith.java:146:44:146:65 | ModeOfOperation | RawName | CBC | jca/AesWrapAndPBEWith.java:146:44:146:65 | jca/AesWrapAndPBEWith.java:146:44:146:65 | +| jca/AesWrapAndPBEWith.java:146:44:146:65 | PaddingAlgorithm | Name | PKCS7 | jca/AesWrapAndPBEWith.java:146:44:146:65 | jca/AesWrapAndPBEWith.java:146:44:146:65 | +| jca/AesWrapAndPBEWith.java:146:44:146:65 | PaddingAlgorithm | RawName | PKCS5Padding | jca/AesWrapAndPBEWith.java:146:44:146:65 | jca/AesWrapAndPBEWith.java:146:44:146:65 | +| jca/AesWrapAndPBEWith.java:148:9:148:40 | RandomNumberGeneration | Description | nextBytes | jca/AesWrapAndPBEWith.java:148:9:148:40 | jca/AesWrapAndPBEWith.java:148:9:148:40 | +| jca/AesWrapAndPBEWith.java:148:38:148:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/AesWrapAndPBEWith.java:148:38:148:39 | jca/AesWrapAndPBEWith.java:148:38:148:39 | +| jca/AesWrapAndPBEWith.java:150:42:150:47 | Key | KeyType | Unknown | jca/AesWrapAndPBEWith.java:150:42:150:47 | jca/AesWrapAndPBEWith.java:150:42:150:47 | +| jca/AesWrapAndPBEWith.java:151:29:151:64 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/AesWrapAndPBEWith.java:151:29:151:64 | jca/AesWrapAndPBEWith.java:151:29:151:64 | +| jca/AesWrapAndPBEWith.java:167:9:167:42 | RandomNumberGeneration | Description | nextBytes | jca/AesWrapAndPBEWith.java:167:9:167:42 | jca/AesWrapAndPBEWith.java:167:9:167:42 | +| jca/AesWrapAndPBEWith.java:167:38:167:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/AesWrapAndPBEWith.java:167:38:167:41 | jca/AesWrapAndPBEWith.java:167:38:167:41 | +| jca/AesWrapAndPBEWith.java:168:72:168:76 | Constant | Description | 10000 | jca/AesWrapAndPBEWith.java:168:72:168:76 | jca/AesWrapAndPBEWith.java:168:72:168:76 | +| jca/AesWrapAndPBEWith.java:168:79:168:81 | Constant | Description | 128 | jca/AesWrapAndPBEWith.java:168:79:168:81 | jca/AesWrapAndPBEWith.java:168:79:168:81 | +| jca/AesWrapAndPBEWith.java:169:65:169:96 | KeyDerivationAlgorithm | Name | PBEWithSHA1And128BitAES-CBC-BC | jca/AesWrapAndPBEWith.java:169:65:169:96 | jca/AesWrapAndPBEWith.java:169:65:169:96 | +| jca/AesWrapAndPBEWith.java:169:65:169:96 | KeyDerivationAlgorithm | RawName | PBEWithSHA1And128BitAES-CBC-BC | jca/AesWrapAndPBEWith.java:169:65:169:96 | jca/AesWrapAndPBEWith.java:169:65:169:96 | +| jca/AesWrapAndPBEWith.java:170:28:170:55 | Key | KeyType | Symmetric | jca/AesWrapAndPBEWith.java:170:28:170:55 | jca/AesWrapAndPBEWith.java:170:28:170:55 | +| jca/AesWrapAndPBEWith.java:170:28:170:55 | KeyDerivation | Iterations | Constant:10000 | jca/AesWrapAndPBEWith.java:168:72:168:76 | jca/AesWrapAndPBEWith.java:168:72:168:76 | +| jca/AesWrapAndPBEWith.java:170:28:170:55 | KeyDerivation | KeySize | Constant:128 | jca/AesWrapAndPBEWith.java:168:79:168:81 | jca/AesWrapAndPBEWith.java:168:79:168:81 | +| jca/AesWrapAndPBEWith.java:173:44:173:65 | KeyOperationAlgorithm | Name | AES | jca/AesWrapAndPBEWith.java:173:44:173:65 | jca/AesWrapAndPBEWith.java:173:44:173:65 | +| jca/AesWrapAndPBEWith.java:173:44:173:65 | KeyOperationAlgorithm | RawName | AES/CBC/PKCS5Padding | jca/AesWrapAndPBEWith.java:173:44:173:65 | jca/AesWrapAndPBEWith.java:173:44:173:65 | +| jca/AesWrapAndPBEWith.java:173:44:173:65 | KeyOperationAlgorithm | Structure | Block | jca/AesWrapAndPBEWith.java:173:44:173:65 | jca/AesWrapAndPBEWith.java:173:44:173:65 | +| jca/AesWrapAndPBEWith.java:173:44:173:65 | ModeOfOperation | Name | CBC | jca/AesWrapAndPBEWith.java:173:44:173:65 | jca/AesWrapAndPBEWith.java:173:44:173:65 | +| jca/AesWrapAndPBEWith.java:173:44:173:65 | ModeOfOperation | RawName | CBC | jca/AesWrapAndPBEWith.java:173:44:173:65 | jca/AesWrapAndPBEWith.java:173:44:173:65 | +| jca/AesWrapAndPBEWith.java:173:44:173:65 | PaddingAlgorithm | Name | PKCS7 | jca/AesWrapAndPBEWith.java:173:44:173:65 | jca/AesWrapAndPBEWith.java:173:44:173:65 | +| jca/AesWrapAndPBEWith.java:173:44:173:65 | PaddingAlgorithm | RawName | PKCS5Padding | jca/AesWrapAndPBEWith.java:173:44:173:65 | jca/AesWrapAndPBEWith.java:173:44:173:65 | +| jca/AesWrapAndPBEWith.java:175:9:175:40 | RandomNumberGeneration | Description | nextBytes | jca/AesWrapAndPBEWith.java:175:9:175:40 | jca/AesWrapAndPBEWith.java:175:9:175:40 | +| jca/AesWrapAndPBEWith.java:175:38:175:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/AesWrapAndPBEWith.java:175:38:175:39 | jca/AesWrapAndPBEWith.java:175:38:175:39 | +| jca/AesWrapAndPBEWith.java:177:42:177:47 | Key | KeyType | Unknown | jca/AesWrapAndPBEWith.java:177:42:177:47 | jca/AesWrapAndPBEWith.java:177:42:177:47 | +| jca/AesWrapAndPBEWith.java:178:29:178:64 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/AesWrapAndPBEWith.java:178:29:178:64 | jca/AesWrapAndPBEWith.java:178:29:178:64 | +| jca/AesWrapAndPBEWith.java:200:55:200:69 | Parameter | Description | password | jca/AesWrapAndPBEWith.java:200:55:200:69 | jca/AesWrapAndPBEWith.java:200:55:200:69 | +| jca/AesWrapAndPBEWith.java:200:72:200:87 | Parameter | Description | plaintext | jca/AesWrapAndPBEWith.java:200:72:200:87 | jca/AesWrapAndPBEWith.java:200:72:200:87 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:86:47:86:57 | EllipticCurve | KeySize | 256 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:86:47:86:57 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:86:47:86:57 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:86:47:86:57 | EllipticCurve | Name | secp256r1 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:86:47:86:57 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:86:47:86:57 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:86:47:86:57 | EllipticCurve | ParsedName | secp256r1 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:86:47:86:57 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:86:47:86:57 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:86:47:86:57 | EllipticCurve | RawName | secp256r1 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:86:47:86:57 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:86:47:86:57 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:87:16:87:36 | Key | KeyType | Asymmetric | jca/AsymmetricEncryptionMacHybridCryptosystem.java:87:16:87:36 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:87:16:87:36 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:94:61:94:68 | KeyAgreementAlgorithm | Name | X25519 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:94:61:94:68 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:94:61:94:68 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:94:61:94:68 | KeyAgreementAlgorithm | RawName | X25519 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:94:61:94:68 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:94:61:94:68 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:95:24:95:26 | Constant | Description | 255 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:95:24:95:26 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:95:24:95:26 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:96:16:96:36 | Key | KeyType | Asymmetric | jca/AsymmetricEncryptionMacHybridCryptosystem.java:96:16:96:36 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:96:16:96:36 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:109:17:109:26 | Key | KeyType | Unknown | jca/AsymmetricEncryptionMacHybridCryptosystem.java:109:17:109:26 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:109:17:109:26 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:110:20:110:28 | Key | KeyType | Unknown | jca/AsymmetricEncryptionMacHybridCryptosystem.java:110:20:110:28 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:110:20:110:28 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:123:58:123:66 | HashAlgorithm | DigestSize | 256 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:123:58:123:66 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:123:58:123:66 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:123:58:123:66 | HashAlgorithm | Name | SHA2 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:123:58:123:66 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:123:58:123:66 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:123:58:123:66 | HashAlgorithm | RawName | SHA-256 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:123:58:123:66 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:123:58:123:66 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:145:61:145:65 | KeyOperationAlgorithm | KeySize | Constant:2048 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:146:24:146:27 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:146:24:146:27 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:145:61:145:65 | KeyOperationAlgorithm | Name | RSA | jca/AsymmetricEncryptionMacHybridCryptosystem.java:145:61:145:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:145:61:145:65 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:145:61:145:65 | KeyOperationAlgorithm | RawName | RSA | jca/AsymmetricEncryptionMacHybridCryptosystem.java:145:61:145:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:145:61:145:65 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:146:24:146:27 | Constant | Description | 2048 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:146:24:146:27 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:146:24:146:27 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:147:16:147:36 | Key | KeyType | Asymmetric | jca/AsymmetricEncryptionMacHybridCryptosystem.java:147:16:147:36 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:147:16:147:36 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:154:61:154:65 | KeyOperationAlgorithm | KeySize | Constant:1024 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:155:24:155:27 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:155:24:155:27 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:154:61:154:65 | KeyOperationAlgorithm | Name | RSA | jca/AsymmetricEncryptionMacHybridCryptosystem.java:154:61:154:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:154:61:154:65 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:154:61:154:65 | KeyOperationAlgorithm | RawName | RSA | jca/AsymmetricEncryptionMacHybridCryptosystem.java:154:61:154:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:154:61:154:65 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:155:24:155:27 | Constant | Description | 1024 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:155:24:155:27 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:155:24:155:27 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:156:16:156:36 | Key | KeyType | Asymmetric | jca/AsymmetricEncryptionMacHybridCryptosystem.java:156:16:156:36 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:156:16:156:36 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | HashAlgorithm | DigestSize | 256 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | HashAlgorithm | Name | SHA2 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | HashAlgorithm | RawName | OAEPWithSHA-256AndMGF1Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | KeyOperationAlgorithm | Name | RSA | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | KeyOperationAlgorithm | RawName | RSA/ECB/OAEPWithSHA-256AndMGF1Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | ModeOfOperation | Name | ECB | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | ModeOfOperation | RawName | ECB | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | PaddingAlgorithm | Name | OAEP | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | PaddingAlgorithm | RawName | OAEPWithSHA-256AndMGF1Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:167:42:167:58 | Key | KeyType | Unknown | jca/AsymmetricEncryptionMacHybridCryptosystem.java:167:42:167:58 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:167:42:167:58 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:168:34:168:55 | WrapOperation | KeyOperationSubtype | Wrap | jca/AsymmetricEncryptionMacHybridCryptosystem.java:168:34:168:55 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:168:34:168:55 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:171:9:171:40 | RandomNumberGeneration | Description | nextBytes | jca/AsymmetricEncryptionMacHybridCryptosystem.java:171:9:171:40 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:171:9:171:40 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:171:38:171:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/AsymmetricEncryptionMacHybridCryptosystem.java:171:38:171:39 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:171:38:171:39 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | KeyOperationAlgorithm | Name | AES | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | KeyOperationAlgorithm | Structure | Block | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | ModeOfOperation | Name | GCM | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | ModeOfOperation | RawName | GCM | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | PaddingAlgorithm | Name | UnknownPadding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | PaddingAlgorithm | RawName | NoPadding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:173:45:173:50 | Key | KeyType | Unknown | jca/AsymmetricEncryptionMacHybridCryptosystem.java:173:45:173:50 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:173:45:173:50 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:174:29:174:56 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/AsymmetricEncryptionMacHybridCryptosystem.java:174:29:174:56 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:174:29:174:56 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:190:47:190:68 | KeyOperationAlgorithm | Name | RSA | jca/AsymmetricEncryptionMacHybridCryptosystem.java:190:47:190:68 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:190:47:190:68 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:190:47:190:68 | KeyOperationAlgorithm | RawName | RSA/ECB/PKCS1Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:190:47:190:68 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:190:47:190:68 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:190:47:190:68 | ModeOfOperation | Name | ECB | jca/AsymmetricEncryptionMacHybridCryptosystem.java:190:47:190:68 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:190:47:190:68 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:190:47:190:68 | ModeOfOperation | RawName | ECB | jca/AsymmetricEncryptionMacHybridCryptosystem.java:190:47:190:68 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:190:47:190:68 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:190:47:190:68 | PaddingAlgorithm | Name | UnknownPadding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:190:47:190:68 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:190:47:190:68 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:190:47:190:68 | PaddingAlgorithm | RawName | PKCS1Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:190:47:190:68 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:190:47:190:68 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:191:42:191:58 | Key | KeyType | Unknown | jca/AsymmetricEncryptionMacHybridCryptosystem.java:191:42:191:58 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:191:42:191:58 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:192:34:192:55 | WrapOperation | KeyOperationSubtype | Wrap | jca/AsymmetricEncryptionMacHybridCryptosystem.java:192:34:192:55 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:192:34:192:55 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:195:47:195:65 | KeyOperationAlgorithm | Name | AES | jca/AsymmetricEncryptionMacHybridCryptosystem.java:195:47:195:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:195:47:195:65 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:195:47:195:65 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:195:47:195:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:195:47:195:65 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:195:47:195:65 | KeyOperationAlgorithm | Structure | Block | jca/AsymmetricEncryptionMacHybridCryptosystem.java:195:47:195:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:195:47:195:65 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:195:47:195:65 | ModeOfOperation | Name | GCM | jca/AsymmetricEncryptionMacHybridCryptosystem.java:195:47:195:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:195:47:195:65 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:195:47:195:65 | ModeOfOperation | RawName | GCM | jca/AsymmetricEncryptionMacHybridCryptosystem.java:195:47:195:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:195:47:195:65 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:195:47:195:65 | PaddingAlgorithm | Name | UnknownPadding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:195:47:195:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:195:47:195:65 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:195:47:195:65 | PaddingAlgorithm | RawName | NoPadding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:195:47:195:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:195:47:195:65 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:196:45:196:50 | Key | KeyType | Unknown | jca/AsymmetricEncryptionMacHybridCryptosystem.java:196:45:196:50 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:196:45:196:50 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:197:29:197:56 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/AsymmetricEncryptionMacHybridCryptosystem.java:197:29:197:56 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:197:29:197:56 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:215:91:215:96 | KeyAgreementAlgorithm | Name | ECDH | jca/AsymmetricEncryptionMacHybridCryptosystem.java:215:91:215:96 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:215:91:215:96 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:215:91:215:96 | KeyAgreementAlgorithm | RawName | ECDH | jca/AsymmetricEncryptionMacHybridCryptosystem.java:215:91:215:96 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:215:91:215:96 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:220:9:220:40 | RandomNumberGeneration | Description | nextBytes | jca/AsymmetricEncryptionMacHybridCryptosystem.java:220:9:220:40 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:220:9:220:40 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:220:38:220:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/AsymmetricEncryptionMacHybridCryptosystem.java:220:38:220:39 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:220:38:220:39 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | KeyOperationAlgorithm | Name | AES | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | KeyOperationAlgorithm | Structure | Block | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | ModeOfOperation | Name | GCM | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | ModeOfOperation | RawName | GCM | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | PaddingAlgorithm | Name | UnknownPadding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | PaddingAlgorithm | RawName | NoPadding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:222:42:222:47 | Key | KeyType | Unknown | jca/AsymmetricEncryptionMacHybridCryptosystem.java:222:42:222:47 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:222:42:222:47 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:223:29:223:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/AsymmetricEncryptionMacHybridCryptosystem.java:223:29:223:53 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:223:29:223:53 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:239:95:239:100 | KeyAgreementAlgorithm | Name | ECDH | jca/AsymmetricEncryptionMacHybridCryptosystem.java:239:95:239:100 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:239:95:239:100 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:239:95:239:100 | KeyAgreementAlgorithm | RawName | ECDH | jca/AsymmetricEncryptionMacHybridCryptosystem.java:239:95:239:100 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:239:95:239:100 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:244:44:244:62 | KeyOperationAlgorithm | Name | AES | jca/AsymmetricEncryptionMacHybridCryptosystem.java:244:44:244:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:244:44:244:62 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:244:44:244:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:244:44:244:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:244:44:244:62 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:244:44:244:62 | KeyOperationAlgorithm | Structure | Block | jca/AsymmetricEncryptionMacHybridCryptosystem.java:244:44:244:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:244:44:244:62 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:244:44:244:62 | ModeOfOperation | Name | GCM | jca/AsymmetricEncryptionMacHybridCryptosystem.java:244:44:244:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:244:44:244:62 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:244:44:244:62 | ModeOfOperation | RawName | GCM | jca/AsymmetricEncryptionMacHybridCryptosystem.java:244:44:244:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:244:44:244:62 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:244:44:244:62 | PaddingAlgorithm | Name | UnknownPadding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:244:44:244:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:244:44:244:62 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:244:44:244:62 | PaddingAlgorithm | RawName | NoPadding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:244:44:244:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:244:44:244:62 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:245:42:245:47 | Key | KeyType | Unknown | jca/AsymmetricEncryptionMacHybridCryptosystem.java:245:42:245:47 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:245:42:245:47 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:246:29:246:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/AsymmetricEncryptionMacHybridCryptosystem.java:246:29:246:53 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:246:29:246:53 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:271:58:271:73 | Parameter | Description | plaintext | jca/AsymmetricEncryptionMacHybridCryptosystem.java:271:58:271:73 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:271:58:271:73 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | KeyOperationAlgorithm | Name | HMAC | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:297:18:297:26 | Key | KeyType | Unknown | jca/AsymmetricEncryptionMacHybridCryptosystem.java:297:18:297:26 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:297:18:297:26 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | MACOperation | KeyOperationSubtype | Mac | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | KeyOperationAlgorithm | Name | HMAC | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | KeyOperationAlgorithm | RawName | HmacSHA1 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:308:18:308:26 | Key | KeyType | Unknown | jca/AsymmetricEncryptionMacHybridCryptosystem.java:308:18:308:26 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:308:18:308:26 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | MACOperation | KeyOperationSubtype | Mac | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:320:52:320:56 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:321:17:321:19 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:321:17:321:19 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:320:52:320:56 | KeyOperationAlgorithm | Name | AES | jca/AsymmetricEncryptionMacHybridCryptosystem.java:320:52:320:56 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:320:52:320:56 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:320:52:320:56 | KeyOperationAlgorithm | RawName | AES | jca/AsymmetricEncryptionMacHybridCryptosystem.java:320:52:320:56 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:320:52:320:56 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:320:52:320:56 | KeyOperationAlgorithm | Structure | Block | jca/AsymmetricEncryptionMacHybridCryptosystem.java:320:52:320:56 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:320:52:320:56 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:321:17:321:19 | Constant | Description | 256 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:321:17:321:19 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:321:17:321:19 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:322:16:322:31 | Key | KeyType | Symmetric | jca/AsymmetricEncryptionMacHybridCryptosystem.java:322:16:322:31 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:322:16:322:31 | +| jca/ChainedEncryptionTest.java:19:44:19:62 | KeyOperationAlgorithm | Name | AES | jca/ChainedEncryptionTest.java:19:44:19:62 | jca/ChainedEncryptionTest.java:19:44:19:62 | +| jca/ChainedEncryptionTest.java:19:44:19:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/ChainedEncryptionTest.java:19:44:19:62 | jca/ChainedEncryptionTest.java:19:44:19:62 | +| jca/ChainedEncryptionTest.java:19:44:19:62 | KeyOperationAlgorithm | Structure | Block | jca/ChainedEncryptionTest.java:19:44:19:62 | jca/ChainedEncryptionTest.java:19:44:19:62 | +| jca/ChainedEncryptionTest.java:19:44:19:62 | ModeOfOperation | Name | GCM | jca/ChainedEncryptionTest.java:19:44:19:62 | jca/ChainedEncryptionTest.java:19:44:19:62 | +| jca/ChainedEncryptionTest.java:19:44:19:62 | ModeOfOperation | RawName | GCM | jca/ChainedEncryptionTest.java:19:44:19:62 | jca/ChainedEncryptionTest.java:19:44:19:62 | +| jca/ChainedEncryptionTest.java:19:44:19:62 | PaddingAlgorithm | Name | UnknownPadding | jca/ChainedEncryptionTest.java:19:44:19:62 | jca/ChainedEncryptionTest.java:19:44:19:62 | +| jca/ChainedEncryptionTest.java:19:44:19:62 | PaddingAlgorithm | RawName | NoPadding | jca/ChainedEncryptionTest.java:19:44:19:62 | jca/ChainedEncryptionTest.java:19:44:19:62 | +| jca/ChainedEncryptionTest.java:21:9:21:40 | RandomNumberGeneration | Description | nextBytes | jca/ChainedEncryptionTest.java:21:9:21:40 | jca/ChainedEncryptionTest.java:21:9:21:40 | +| jca/ChainedEncryptionTest.java:21:38:21:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/ChainedEncryptionTest.java:21:38:21:39 | jca/ChainedEncryptionTest.java:21:38:21:39 | +| jca/ChainedEncryptionTest.java:23:42:23:44 | Key | KeyType | Unknown | jca/ChainedEncryptionTest.java:23:42:23:44 | jca/ChainedEncryptionTest.java:23:42:23:44 | +| jca/ChainedEncryptionTest.java:24:29:24:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/ChainedEncryptionTest.java:24:29:24:53 | jca/ChainedEncryptionTest.java:24:29:24:53 | +| jca/ChainedEncryptionTest.java:32:44:32:62 | KeyOperationAlgorithm | Name | AES | jca/ChainedEncryptionTest.java:32:44:32:62 | jca/ChainedEncryptionTest.java:32:44:32:62 | +| jca/ChainedEncryptionTest.java:32:44:32:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/ChainedEncryptionTest.java:32:44:32:62 | jca/ChainedEncryptionTest.java:32:44:32:62 | +| jca/ChainedEncryptionTest.java:32:44:32:62 | KeyOperationAlgorithm | Structure | Block | jca/ChainedEncryptionTest.java:32:44:32:62 | jca/ChainedEncryptionTest.java:32:44:32:62 | +| jca/ChainedEncryptionTest.java:32:44:32:62 | ModeOfOperation | Name | GCM | jca/ChainedEncryptionTest.java:32:44:32:62 | jca/ChainedEncryptionTest.java:32:44:32:62 | +| jca/ChainedEncryptionTest.java:32:44:32:62 | ModeOfOperation | RawName | GCM | jca/ChainedEncryptionTest.java:32:44:32:62 | jca/ChainedEncryptionTest.java:32:44:32:62 | +| jca/ChainedEncryptionTest.java:32:44:32:62 | PaddingAlgorithm | Name | UnknownPadding | jca/ChainedEncryptionTest.java:32:44:32:62 | jca/ChainedEncryptionTest.java:32:44:32:62 | +| jca/ChainedEncryptionTest.java:32:44:32:62 | PaddingAlgorithm | RawName | NoPadding | jca/ChainedEncryptionTest.java:32:44:32:62 | jca/ChainedEncryptionTest.java:32:44:32:62 | +| jca/ChainedEncryptionTest.java:34:42:34:44 | Key | KeyType | Unknown | jca/ChainedEncryptionTest.java:34:42:34:44 | jca/ChainedEncryptionTest.java:34:42:34:44 | +| jca/ChainedEncryptionTest.java:35:16:35:41 | DecryptOperation | KeyOperationSubtype | Decrypt | jca/ChainedEncryptionTest.java:35:16:35:41 | jca/ChainedEncryptionTest.java:35:16:35:41 | +| jca/ChainedEncryptionTest.java:40:44:40:62 | KeyOperationAlgorithm | Name | Unknown | jca/ChainedEncryptionTest.java:40:44:40:62 | jca/ChainedEncryptionTest.java:40:44:40:62 | +| jca/ChainedEncryptionTest.java:40:44:40:62 | KeyOperationAlgorithm | RawName | ChaCha20-Poly1305 | jca/ChainedEncryptionTest.java:40:44:40:62 | jca/ChainedEncryptionTest.java:40:44:40:62 | +| jca/ChainedEncryptionTest.java:42:9:42:43 | RandomNumberGeneration | Description | nextBytes | jca/ChainedEncryptionTest.java:42:9:42:43 | jca/ChainedEncryptionTest.java:42:9:42:43 | +| jca/ChainedEncryptionTest.java:42:38:42:42 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/ChainedEncryptionTest.java:42:38:42:42 | jca/ChainedEncryptionTest.java:42:38:42:42 | +| jca/ChainedEncryptionTest.java:43:42:43:44 | Key | KeyType | Unknown | jca/ChainedEncryptionTest.java:43:42:43:44 | jca/ChainedEncryptionTest.java:43:42:43:44 | +| jca/ChainedEncryptionTest.java:44:29:44:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/ChainedEncryptionTest.java:44:29:44:53 | jca/ChainedEncryptionTest.java:44:29:44:53 | +| jca/ChainedEncryptionTest.java:52:44:52:62 | KeyOperationAlgorithm | Name | Unknown | jca/ChainedEncryptionTest.java:52:44:52:62 | jca/ChainedEncryptionTest.java:52:44:52:62 | +| jca/ChainedEncryptionTest.java:52:44:52:62 | KeyOperationAlgorithm | RawName | ChaCha20-Poly1305 | jca/ChainedEncryptionTest.java:52:44:52:62 | jca/ChainedEncryptionTest.java:52:44:52:62 | +| jca/ChainedEncryptionTest.java:53:42:53:44 | Key | KeyType | Unknown | jca/ChainedEncryptionTest.java:53:42:53:44 | jca/ChainedEncryptionTest.java:53:42:53:44 | +| jca/ChainedEncryptionTest.java:54:16:54:41 | DecryptOperation | KeyOperationSubtype | Decrypt | jca/ChainedEncryptionTest.java:54:16:54:41 | jca/ChainedEncryptionTest.java:54:16:54:41 | +| jca/ChainedEncryptionTest.java:75:46:75:61 | Parameter | Description | plaintext | jca/ChainedEncryptionTest.java:75:46:75:61 | jca/ChainedEncryptionTest.java:75:46:75:61 | +| jca/ChainedEncryptionTest.java:79:56:79:60 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/ChainedEncryptionTest.java:80:21:80:23 | jca/ChainedEncryptionTest.java:80:21:80:23 | +| jca/ChainedEncryptionTest.java:79:56:79:60 | KeyOperationAlgorithm | Name | AES | jca/ChainedEncryptionTest.java:79:56:79:60 | jca/ChainedEncryptionTest.java:79:56:79:60 | +| jca/ChainedEncryptionTest.java:79:56:79:60 | KeyOperationAlgorithm | RawName | AES | jca/ChainedEncryptionTest.java:79:56:79:60 | jca/ChainedEncryptionTest.java:79:56:79:60 | +| jca/ChainedEncryptionTest.java:79:56:79:60 | KeyOperationAlgorithm | Structure | Block | jca/ChainedEncryptionTest.java:79:56:79:60 | jca/ChainedEncryptionTest.java:79:56:79:60 | +| jca/ChainedEncryptionTest.java:80:21:80:23 | Constant | Description | 256 | jca/ChainedEncryptionTest.java:80:21:80:23 | jca/ChainedEncryptionTest.java:80:21:80:23 | +| jca/ChainedEncryptionTest.java:81:30:81:49 | Key | KeyType | Symmetric | jca/ChainedEncryptionTest.java:81:30:81:49 | jca/ChainedEncryptionTest.java:81:30:81:49 | +| jca/ChainedEncryptionTest.java:83:59:83:68 | KeyOperationAlgorithm | KeySize | 256 | jca/ChainedEncryptionTest.java:83:59:83:68 | jca/ChainedEncryptionTest.java:83:59:83:68 | +| jca/ChainedEncryptionTest.java:83:59:83:68 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/ChainedEncryptionTest.java:84:24:84:26 | jca/ChainedEncryptionTest.java:84:24:84:26 | +| jca/ChainedEncryptionTest.java:83:59:83:68 | KeyOperationAlgorithm | Name | ChaCha20 | jca/ChainedEncryptionTest.java:83:59:83:68 | jca/ChainedEncryptionTest.java:83:59:83:68 | +| jca/ChainedEncryptionTest.java:83:59:83:68 | KeyOperationAlgorithm | RawName | ChaCha20 | jca/ChainedEncryptionTest.java:83:59:83:68 | jca/ChainedEncryptionTest.java:83:59:83:68 | +| jca/ChainedEncryptionTest.java:83:59:83:68 | KeyOperationAlgorithm | Structure | Stream | jca/ChainedEncryptionTest.java:83:59:83:68 | jca/ChainedEncryptionTest.java:83:59:83:68 | +| jca/ChainedEncryptionTest.java:84:24:84:26 | Constant | Description | 256 | jca/ChainedEncryptionTest.java:84:24:84:26 | jca/ChainedEncryptionTest.java:84:24:84:26 | +| jca/ChainedEncryptionTest.java:85:30:85:52 | Key | KeyType | Symmetric | jca/ChainedEncryptionTest.java:85:30:85:52 | jca/ChainedEncryptionTest.java:85:30:85:52 | +| jca/ChainedEncryptionTest.java:89:9:89:43 | RandomNumberGeneration | Description | nextBytes | jca/ChainedEncryptionTest.java:89:9:89:43 | jca/ChainedEncryptionTest.java:89:9:89:43 | +| jca/ChainedEncryptionTest.java:89:38:89:42 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/ChainedEncryptionTest.java:89:38:89:42 | jca/ChainedEncryptionTest.java:89:38:89:42 | +| jca/ChainedEncryptionTest.java:90:47:90:65 | KeyOperationAlgorithm | Name | AES | jca/ChainedEncryptionTest.java:90:47:90:65 | jca/ChainedEncryptionTest.java:90:47:90:65 | +| jca/ChainedEncryptionTest.java:90:47:90:65 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/ChainedEncryptionTest.java:90:47:90:65 | jca/ChainedEncryptionTest.java:90:47:90:65 | +| jca/ChainedEncryptionTest.java:90:47:90:65 | KeyOperationAlgorithm | Structure | Block | jca/ChainedEncryptionTest.java:90:47:90:65 | jca/ChainedEncryptionTest.java:90:47:90:65 | +| jca/ChainedEncryptionTest.java:90:47:90:65 | ModeOfOperation | Name | GCM | jca/ChainedEncryptionTest.java:90:47:90:65 | jca/ChainedEncryptionTest.java:90:47:90:65 | +| jca/ChainedEncryptionTest.java:90:47:90:65 | ModeOfOperation | RawName | GCM | jca/ChainedEncryptionTest.java:90:47:90:65 | jca/ChainedEncryptionTest.java:90:47:90:65 | +| jca/ChainedEncryptionTest.java:90:47:90:65 | PaddingAlgorithm | Name | UnknownPadding | jca/ChainedEncryptionTest.java:90:47:90:65 | jca/ChainedEncryptionTest.java:90:47:90:65 | +| jca/ChainedEncryptionTest.java:90:47:90:65 | PaddingAlgorithm | RawName | NoPadding | jca/ChainedEncryptionTest.java:90:47:90:65 | jca/ChainedEncryptionTest.java:90:47:90:65 | +| jca/ChainedEncryptionTest.java:92:45:92:52 | Key | KeyType | Unknown | jca/ChainedEncryptionTest.java:92:45:92:52 | jca/ChainedEncryptionTest.java:92:45:92:52 | +| jca/ChainedEncryptionTest.java:93:34:93:62 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/ChainedEncryptionTest.java:93:34:93:62 | jca/ChainedEncryptionTest.java:93:34:93:62 | +| jca/ChainedEncryptionTest.java:97:9:97:49 | RandomNumberGeneration | Description | nextBytes | jca/ChainedEncryptionTest.java:97:9:97:49 | jca/ChainedEncryptionTest.java:97:9:97:49 | +| jca/ChainedEncryptionTest.java:97:38:97:48 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/ChainedEncryptionTest.java:97:38:97:48 | jca/ChainedEncryptionTest.java:97:38:97:48 | +| jca/ChainedEncryptionTest.java:98:50:98:68 | KeyOperationAlgorithm | Name | Unknown | jca/ChainedEncryptionTest.java:98:50:98:68 | jca/ChainedEncryptionTest.java:98:50:98:68 | +| jca/ChainedEncryptionTest.java:98:50:98:68 | KeyOperationAlgorithm | RawName | ChaCha20-Poly1305 | jca/ChainedEncryptionTest.java:98:50:98:68 | jca/ChainedEncryptionTest.java:98:50:98:68 | +| jca/ChainedEncryptionTest.java:99:48:99:55 | Key | KeyType | Unknown | jca/ChainedEncryptionTest.java:99:48:99:55 | jca/ChainedEncryptionTest.java:99:48:99:55 | +| jca/ChainedEncryptionTest.java:100:34:100:70 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/ChainedEncryptionTest.java:100:34:100:70 | jca/ChainedEncryptionTest.java:100:34:100:70 | +| jca/ChainedEncryptionTest.java:103:47:103:65 | KeyOperationAlgorithm | Name | Unknown | jca/ChainedEncryptionTest.java:103:47:103:65 | jca/ChainedEncryptionTest.java:103:47:103:65 | +| jca/ChainedEncryptionTest.java:103:47:103:65 | KeyOperationAlgorithm | RawName | ChaCha20-Poly1305 | jca/ChainedEncryptionTest.java:103:47:103:65 | jca/ChainedEncryptionTest.java:103:47:103:65 | +| jca/ChainedEncryptionTest.java:104:45:104:52 | Key | KeyType | Unknown | jca/ChainedEncryptionTest.java:104:45:104:52 | jca/ChainedEncryptionTest.java:104:45:104:52 | +| jca/ChainedEncryptionTest.java:105:43:105:76 | DecryptOperation | KeyOperationSubtype | Decrypt | jca/ChainedEncryptionTest.java:105:43:105:76 | jca/ChainedEncryptionTest.java:105:43:105:76 | +| jca/ChainedEncryptionTest.java:108:44:108:62 | KeyOperationAlgorithm | Name | AES | jca/ChainedEncryptionTest.java:108:44:108:62 | jca/ChainedEncryptionTest.java:108:44:108:62 | +| jca/ChainedEncryptionTest.java:108:44:108:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/ChainedEncryptionTest.java:108:44:108:62 | jca/ChainedEncryptionTest.java:108:44:108:62 | +| jca/ChainedEncryptionTest.java:108:44:108:62 | KeyOperationAlgorithm | Structure | Block | jca/ChainedEncryptionTest.java:108:44:108:62 | jca/ChainedEncryptionTest.java:108:44:108:62 | +| jca/ChainedEncryptionTest.java:108:44:108:62 | ModeOfOperation | Name | GCM | jca/ChainedEncryptionTest.java:108:44:108:62 | jca/ChainedEncryptionTest.java:108:44:108:62 | +| jca/ChainedEncryptionTest.java:108:44:108:62 | ModeOfOperation | RawName | GCM | jca/ChainedEncryptionTest.java:108:44:108:62 | jca/ChainedEncryptionTest.java:108:44:108:62 | +| jca/ChainedEncryptionTest.java:108:44:108:62 | PaddingAlgorithm | Name | UnknownPadding | jca/ChainedEncryptionTest.java:108:44:108:62 | jca/ChainedEncryptionTest.java:108:44:108:62 | +| jca/ChainedEncryptionTest.java:108:44:108:62 | PaddingAlgorithm | RawName | NoPadding | jca/ChainedEncryptionTest.java:108:44:108:62 | jca/ChainedEncryptionTest.java:108:44:108:62 | +| jca/ChainedEncryptionTest.java:109:42:109:49 | Key | KeyType | Unknown | jca/ChainedEncryptionTest.java:109:42:109:49 | jca/ChainedEncryptionTest.java:109:42:109:49 | +| jca/ChainedEncryptionTest.java:110:37:110:76 | DecryptOperation | KeyOperationSubtype | Decrypt | jca/ChainedEncryptionTest.java:110:37:110:76 | jca/ChainedEncryptionTest.java:110:37:110:76 | +| jca/ChainedEncryptionTest.java:117:56:117:60 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/ChainedEncryptionTest.java:118:21:118:23 | jca/ChainedEncryptionTest.java:118:21:118:23 | +| jca/ChainedEncryptionTest.java:117:56:117:60 | KeyOperationAlgorithm | Name | AES | jca/ChainedEncryptionTest.java:117:56:117:60 | jca/ChainedEncryptionTest.java:117:56:117:60 | +| jca/ChainedEncryptionTest.java:117:56:117:60 | KeyOperationAlgorithm | RawName | AES | jca/ChainedEncryptionTest.java:117:56:117:60 | jca/ChainedEncryptionTest.java:117:56:117:60 | +| jca/ChainedEncryptionTest.java:117:56:117:60 | KeyOperationAlgorithm | Structure | Block | jca/ChainedEncryptionTest.java:117:56:117:60 | jca/ChainedEncryptionTest.java:117:56:117:60 | +| jca/ChainedEncryptionTest.java:118:21:118:23 | Constant | Description | 256 | jca/ChainedEncryptionTest.java:118:21:118:23 | jca/ChainedEncryptionTest.java:118:21:118:23 | +| jca/ChainedEncryptionTest.java:119:28:119:47 | Key | KeyType | Symmetric | jca/ChainedEncryptionTest.java:119:28:119:47 | jca/ChainedEncryptionTest.java:119:28:119:47 | +| jca/ChainedEncryptionTest.java:122:59:122:68 | KeyOperationAlgorithm | KeySize | 256 | jca/ChainedEncryptionTest.java:122:59:122:68 | jca/ChainedEncryptionTest.java:122:59:122:68 | +| jca/ChainedEncryptionTest.java:122:59:122:68 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/ChainedEncryptionTest.java:123:24:123:26 | jca/ChainedEncryptionTest.java:123:24:123:26 | +| jca/ChainedEncryptionTest.java:122:59:122:68 | KeyOperationAlgorithm | Name | ChaCha20 | jca/ChainedEncryptionTest.java:122:59:122:68 | jca/ChainedEncryptionTest.java:122:59:122:68 | +| jca/ChainedEncryptionTest.java:122:59:122:68 | KeyOperationAlgorithm | RawName | ChaCha20 | jca/ChainedEncryptionTest.java:122:59:122:68 | jca/ChainedEncryptionTest.java:122:59:122:68 | +| jca/ChainedEncryptionTest.java:122:59:122:68 | KeyOperationAlgorithm | Structure | Stream | jca/ChainedEncryptionTest.java:122:59:122:68 | jca/ChainedEncryptionTest.java:122:59:122:68 | +| jca/ChainedEncryptionTest.java:123:24:123:26 | Constant | Description | 256 | jca/ChainedEncryptionTest.java:123:24:123:26 | jca/ChainedEncryptionTest.java:123:24:123:26 | +| jca/ChainedEncryptionTest.java:124:31:124:53 | Key | KeyType | Symmetric | jca/ChainedEncryptionTest.java:124:31:124:53 | jca/ChainedEncryptionTest.java:124:31:124:53 | +| jca/ChainedEncryptionTest.java:126:31:126:57 | Constant | Description | "This is a secret message." | jca/ChainedEncryptionTest.java:126:31:126:57 | jca/ChainedEncryptionTest.java:126:31:126:57 | +| jca/Digest.java:54:58:54:66 | HashAlgorithm | DigestSize | 256 | jca/Digest.java:54:58:54:66 | jca/Digest.java:54:58:54:66 | +| jca/Digest.java:54:58:54:66 | HashAlgorithm | Name | SHA2 | jca/Digest.java:54:58:54:66 | jca/Digest.java:54:58:54:66 | +| jca/Digest.java:54:58:54:66 | HashAlgorithm | RawName | SHA-256 | jca/Digest.java:54:58:54:66 | jca/Digest.java:54:58:54:66 | +| jca/Digest.java:55:37:55:54 | Constant | Description | "Simple Test Data" | jca/Digest.java:55:37:55:54 | jca/Digest.java:55:37:55:54 | +| jca/Digest.java:64:61:64:65 | HashAlgorithm | DigestSize | 128 | jca/Digest.java:64:61:64:65 | jca/Digest.java:64:61:64:65 | +| jca/Digest.java:64:61:64:65 | HashAlgorithm | Name | MD5 | jca/Digest.java:64:61:64:65 | jca/Digest.java:64:61:64:65 | +| jca/Digest.java:64:61:64:65 | HashAlgorithm | RawName | MD5 | jca/Digest.java:64:61:64:65 | jca/Digest.java:64:61:64:65 | +| jca/Digest.java:65:40:65:58 | Constant | Description | "Weak Hash Example" | jca/Digest.java:65:40:65:58 | jca/Digest.java:65:40:65:58 | +| jca/Digest.java:73:49:73:63 | Parameter | Description | password | jca/Digest.java:73:49:73:63 | jca/Digest.java:73:49:73:63 | +| jca/Digest.java:74:64:74:72 | HashAlgorithm | DigestSize | 256 | jca/Digest.java:74:64:74:72 | jca/Digest.java:74:64:74:72 | +| jca/Digest.java:74:64:74:72 | HashAlgorithm | Name | SHA2 | jca/Digest.java:74:64:74:72 | jca/Digest.java:74:64:74:72 | +| jca/Digest.java:74:64:74:72 | HashAlgorithm | RawName | SHA-256 | jca/Digest.java:74:64:74:72 | jca/Digest.java:74:64:74:72 | +| jca/Digest.java:83:37:83:51 | Parameter | Description | password | jca/Digest.java:83:37:83:51 | jca/Digest.java:83:37:83:51 | +| jca/Digest.java:85:58:85:66 | HashAlgorithm | DigestSize | 256 | jca/Digest.java:85:58:85:66 | jca/Digest.java:85:58:85:66 | +| jca/Digest.java:85:58:85:66 | HashAlgorithm | Name | SHA2 | jca/Digest.java:85:58:85:66 | jca/Digest.java:85:58:85:66 | +| jca/Digest.java:85:58:85:66 | HashAlgorithm | RawName | SHA-256 | jca/Digest.java:85:58:85:66 | jca/Digest.java:85:58:85:66 | +| jca/Digest.java:95:37:95:51 | Parameter | Description | password | jca/Digest.java:95:37:95:51 | jca/Digest.java:95:37:95:51 | +| jca/Digest.java:97:72:97:76 | Constant | Description | 10000 | jca/Digest.java:97:72:97:76 | jca/Digest.java:97:72:97:76 | +| jca/Digest.java:97:79:97:81 | Constant | Description | 256 | jca/Digest.java:97:79:97:81 | jca/Digest.java:97:79:97:81 | +| jca/Digest.java:98:65:98:86 | HMACAlgorithm | Name | HMAC | jca/Digest.java:98:65:98:86 | jca/Digest.java:98:65:98:86 | +| jca/Digest.java:98:65:98:86 | HMACAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/Digest.java:98:65:98:86 | jca/Digest.java:98:65:98:86 | +| jca/Digest.java:98:65:98:86 | HashAlgorithm | DigestSize | 256 | jca/Digest.java:98:65:98:86 | jca/Digest.java:98:65:98:86 | +| jca/Digest.java:98:65:98:86 | HashAlgorithm | Name | SHA2 | jca/Digest.java:98:65:98:86 | jca/Digest.java:98:65:98:86 | +| jca/Digest.java:98:65:98:86 | HashAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/Digest.java:98:65:98:86 | jca/Digest.java:98:65:98:86 | +| jca/Digest.java:98:65:98:86 | KeyDerivationAlgorithm | Name | PBKDF2WithHmacSHA256 | jca/Digest.java:98:65:98:86 | jca/Digest.java:98:65:98:86 | +| jca/Digest.java:98:65:98:86 | KeyDerivationAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/Digest.java:98:65:98:86 | jca/Digest.java:98:65:98:86 | +| jca/Digest.java:99:23:99:50 | Key | KeyType | Symmetric | jca/Digest.java:99:23:99:50 | jca/Digest.java:99:23:99:50 | +| jca/Digest.java:99:23:99:50 | KeyDerivation | Iterations | Constant:10000 | jca/Digest.java:97:72:97:76 | jca/Digest.java:97:72:97:76 | +| jca/Digest.java:99:23:99:50 | KeyDerivation | KeySize | Constant:256 | jca/Digest.java:97:79:97:81 | jca/Digest.java:97:79:97:81 | +| jca/Digest.java:107:40:107:51 | Parameter | Description | input | jca/Digest.java:107:40:107:51 | jca/Digest.java:107:40:107:51 | +| jca/Digest.java:108:62:108:68 | HashAlgorithm | DigestSize | 160 | jca/Digest.java:108:62:108:68 | jca/Digest.java:108:62:108:68 | +| jca/Digest.java:108:62:108:68 | HashAlgorithm | Name | SHA1 | jca/Digest.java:108:62:108:68 | jca/Digest.java:108:62:108:68 | +| jca/Digest.java:108:62:108:68 | HashAlgorithm | RawName | SHA-1 | jca/Digest.java:108:62:108:68 | jca/Digest.java:108:62:108:68 | +| jca/Digest.java:117:35:117:46 | Parameter | Description | input | jca/Digest.java:117:35:117:46 | jca/Digest.java:117:35:117:46 | +| jca/Digest.java:117:49:117:58 | Parameter | Description | key | jca/Digest.java:117:49:117:58 | jca/Digest.java:117:49:117:58 | +| jca/Digest.java:118:36:118:47 | KeyOperationAlgorithm | Name | HMAC | jca/Digest.java:118:36:118:47 | jca/Digest.java:118:36:118:47 | +| jca/Digest.java:118:36:118:47 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/Digest.java:118:36:118:47 | jca/Digest.java:118:36:118:47 | +| jca/Digest.java:120:19:120:27 | Key | KeyType | Unknown | jca/Digest.java:120:19:120:27 | jca/Digest.java:120:19:120:27 | +| jca/Digest.java:121:23:121:52 | MACOperation | KeyOperationSubtype | Mac | jca/Digest.java:121:23:121:52 | jca/Digest.java:121:23:121:52 | +| jca/Digest.java:140:44:140:62 | KeyOperationAlgorithm | Name | AES | jca/Digest.java:140:44:140:62 | jca/Digest.java:140:44:140:62 | +| jca/Digest.java:140:44:140:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/Digest.java:140:44:140:62 | jca/Digest.java:140:44:140:62 | +| jca/Digest.java:140:44:140:62 | KeyOperationAlgorithm | Structure | Block | jca/Digest.java:140:44:140:62 | jca/Digest.java:140:44:140:62 | +| jca/Digest.java:140:44:140:62 | ModeOfOperation | Name | GCM | jca/Digest.java:140:44:140:62 | jca/Digest.java:140:44:140:62 | +| jca/Digest.java:140:44:140:62 | ModeOfOperation | RawName | GCM | jca/Digest.java:140:44:140:62 | jca/Digest.java:140:44:140:62 | +| jca/Digest.java:140:44:140:62 | PaddingAlgorithm | Name | UnknownPadding | jca/Digest.java:140:44:140:62 | jca/Digest.java:140:44:140:62 | +| jca/Digest.java:140:44:140:62 | PaddingAlgorithm | RawName | NoPadding | jca/Digest.java:140:44:140:62 | jca/Digest.java:140:44:140:62 | +| jca/Digest.java:141:42:141:44 | Key | KeyType | Unknown | jca/Digest.java:141:42:141:44 | jca/Digest.java:141:42:141:44 | +| jca/Digest.java:142:32:142:74 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/Digest.java:142:32:142:74 | jca/Digest.java:142:32:142:74 | +| jca/Digest.java:142:47:142:62 | Constant | Description | "Sensitive Data" | jca/Digest.java:142:47:142:62 | jca/Digest.java:142:47:142:62 | +| jca/Digest.java:155:39:155:51 | Parameter | Description | digest | jca/Digest.java:155:39:155:51 | jca/Digest.java:155:39:155:51 | +| jca/Digest.java:171:50:171:62 | Parameter | Description | digest | jca/Digest.java:171:50:171:62 | jca/Digest.java:171:50:171:62 | +| jca/Digest.java:176:80:176:84 | Constant | Description | 10000 | jca/Digest.java:176:80:176:84 | jca/Digest.java:176:80:176:84 | +| jca/Digest.java:176:87:176:89 | Constant | Description | 256 | jca/Digest.java:176:87:176:89 | jca/Digest.java:176:87:176:89 | +| jca/Digest.java:177:65:177:86 | HMACAlgorithm | Name | HMAC | jca/Digest.java:177:65:177:86 | jca/Digest.java:177:65:177:86 | +| jca/Digest.java:177:65:177:86 | HMACAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/Digest.java:177:65:177:86 | jca/Digest.java:177:65:177:86 | +| jca/Digest.java:177:65:177:86 | HashAlgorithm | DigestSize | 256 | jca/Digest.java:177:65:177:86 | jca/Digest.java:177:65:177:86 | +| jca/Digest.java:177:65:177:86 | HashAlgorithm | Name | SHA2 | jca/Digest.java:177:65:177:86 | jca/Digest.java:177:65:177:86 | +| jca/Digest.java:177:65:177:86 | HashAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/Digest.java:177:65:177:86 | jca/Digest.java:177:65:177:86 | +| jca/Digest.java:177:65:177:86 | KeyDerivationAlgorithm | Name | PBKDF2WithHmacSHA256 | jca/Digest.java:177:65:177:86 | jca/Digest.java:177:65:177:86 | +| jca/Digest.java:177:65:177:86 | KeyDerivationAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/Digest.java:177:65:177:86 | jca/Digest.java:177:65:177:86 | +| jca/Digest.java:178:30:178:57 | Key | KeyType | Symmetric | jca/Digest.java:178:30:178:57 | jca/Digest.java:178:30:178:57 | +| jca/Digest.java:178:30:178:57 | KeyDerivation | Iterations | Constant:10000 | jca/Digest.java:176:80:176:84 | jca/Digest.java:176:80:176:84 | +| jca/Digest.java:178:30:178:57 | KeyDerivation | KeySize | Constant:256 | jca/Digest.java:176:87:176:89 | jca/Digest.java:176:87:176:89 | +| jca/Digest.java:186:44:186:62 | KeyOperationAlgorithm | Name | AES | jca/Digest.java:186:44:186:62 | jca/Digest.java:186:44:186:62 | +| jca/Digest.java:186:44:186:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/Digest.java:186:44:186:62 | jca/Digest.java:186:44:186:62 | +| jca/Digest.java:186:44:186:62 | KeyOperationAlgorithm | Structure | Block | jca/Digest.java:186:44:186:62 | jca/Digest.java:186:44:186:62 | +| jca/Digest.java:186:44:186:62 | ModeOfOperation | Name | GCM | jca/Digest.java:186:44:186:62 | jca/Digest.java:186:44:186:62 | +| jca/Digest.java:186:44:186:62 | ModeOfOperation | RawName | GCM | jca/Digest.java:186:44:186:62 | jca/Digest.java:186:44:186:62 | +| jca/Digest.java:186:44:186:62 | PaddingAlgorithm | Name | UnknownPadding | jca/Digest.java:186:44:186:62 | jca/Digest.java:186:44:186:62 | +| jca/Digest.java:186:44:186:62 | PaddingAlgorithm | RawName | NoPadding | jca/Digest.java:186:44:186:62 | jca/Digest.java:186:44:186:62 | +| jca/Digest.java:187:42:187:54 | Key | KeyType | Unknown | jca/Digest.java:187:42:187:54 | jca/Digest.java:187:42:187:54 | +| jca/Digest.java:188:29:188:78 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/Digest.java:188:29:188:78 | jca/Digest.java:188:29:188:78 | +| jca/Digest.java:188:44:188:66 | Constant | Description | "Further Use Test Data" | jca/Digest.java:188:44:188:66 | jca/Digest.java:188:44:188:66 | +| jca/Digest.java:191:35:191:46 | KeyOperationAlgorithm | Name | HMAC | jca/Digest.java:191:35:191:46 | jca/Digest.java:191:35:191:46 | +| jca/Digest.java:191:35:191:46 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/Digest.java:191:35:191:46 | jca/Digest.java:191:35:191:46 | +| jca/Digest.java:192:18:192:23 | Key | KeyType | Unknown | jca/Digest.java:192:18:192:23 | jca/Digest.java:192:18:192:23 | +| jca/Digest.java:193:30:193:52 | MACOperation | KeyOperationSubtype | Mac | jca/Digest.java:193:30:193:52 | jca/Digest.java:193:30:193:52 | +| jca/Digest.java:210:44:210:62 | KeyOperationAlgorithm | Name | AES | jca/Digest.java:210:44:210:62 | jca/Digest.java:210:44:210:62 | +| jca/Digest.java:210:44:210:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/Digest.java:210:44:210:62 | jca/Digest.java:210:44:210:62 | +| jca/Digest.java:210:44:210:62 | KeyOperationAlgorithm | Structure | Block | jca/Digest.java:210:44:210:62 | jca/Digest.java:210:44:210:62 | +| jca/Digest.java:210:44:210:62 | ModeOfOperation | Name | GCM | jca/Digest.java:210:44:210:62 | jca/Digest.java:210:44:210:62 | +| jca/Digest.java:210:44:210:62 | ModeOfOperation | RawName | GCM | jca/Digest.java:210:44:210:62 | jca/Digest.java:210:44:210:62 | +| jca/Digest.java:210:44:210:62 | PaddingAlgorithm | Name | UnknownPadding | jca/Digest.java:210:44:210:62 | jca/Digest.java:210:44:210:62 | +| jca/Digest.java:210:44:210:62 | PaddingAlgorithm | RawName | NoPadding | jca/Digest.java:210:44:210:62 | jca/Digest.java:210:44:210:62 | +| jca/Digest.java:212:42:212:44 | Key | KeyType | Unknown | jca/Digest.java:212:42:212:44 | jca/Digest.java:212:42:212:44 | +| jca/Digest.java:213:32:213:51 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/Digest.java:213:32:213:51 | jca/Digest.java:213:32:213:51 | +| jca/Digest.java:239:56:239:60 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/Digest.java:240:21:240:23 | jca/Digest.java:240:21:240:23 | +| jca/Digest.java:239:56:239:60 | KeyOperationAlgorithm | Name | AES | jca/Digest.java:239:56:239:60 | jca/Digest.java:239:56:239:60 | +| jca/Digest.java:239:56:239:60 | KeyOperationAlgorithm | RawName | AES | jca/Digest.java:239:56:239:60 | jca/Digest.java:239:56:239:60 | +| jca/Digest.java:239:56:239:60 | KeyOperationAlgorithm | Structure | Block | jca/Digest.java:239:56:239:60 | jca/Digest.java:239:56:239:60 | +| jca/Digest.java:240:21:240:23 | Constant | Description | 256 | jca/Digest.java:240:21:240:23 | jca/Digest.java:240:21:240:23 | +| jca/Digest.java:241:16:241:35 | Key | KeyType | Symmetric | jca/Digest.java:241:16:241:35 | jca/Digest.java:241:16:241:35 | +| jca/Digest.java:253:9:253:42 | RandomNumberGeneration | Description | nextBytes | jca/Digest.java:253:9:253:42 | jca/Digest.java:253:9:253:42 | +| jca/Digest.java:253:38:253:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/Digest.java:253:38:253:41 | jca/Digest.java:253:38:253:41 | +| jca/EllipticCurve1.java:46:66:46:76 | EllipticCurve | KeySize | 256 | jca/EllipticCurve1.java:46:66:46:76 | jca/EllipticCurve1.java:46:66:46:76 | +| jca/EllipticCurve1.java:46:66:46:76 | EllipticCurve | Name | secp256r1 | jca/EllipticCurve1.java:46:66:46:76 | jca/EllipticCurve1.java:46:66:46:76 | +| jca/EllipticCurve1.java:46:66:46:76 | EllipticCurve | ParsedName | secp256r1 | jca/EllipticCurve1.java:46:66:46:76 | jca/EllipticCurve1.java:46:66:46:76 | +| jca/EllipticCurve1.java:46:66:46:76 | EllipticCurve | RawName | secp256r1 | jca/EllipticCurve1.java:46:66:46:76 | jca/EllipticCurve1.java:46:66:46:76 | +| jca/EllipticCurve1.java:47:16:47:36 | Key | KeyType | Asymmetric | jca/EllipticCurve1.java:47:16:47:36 | jca/EllipticCurve1.java:47:16:47:36 | +| jca/EllipticCurve1.java:56:66:56:76 | EllipticCurve | KeySize | 256 | jca/EllipticCurve1.java:56:66:56:76 | jca/EllipticCurve1.java:56:66:56:76 | +| jca/EllipticCurve1.java:56:66:56:76 | EllipticCurve | Name | secp256k1 | jca/EllipticCurve1.java:56:66:56:76 | jca/EllipticCurve1.java:56:66:56:76 | +| jca/EllipticCurve1.java:56:66:56:76 | EllipticCurve | ParsedName | secp256k1 | jca/EllipticCurve1.java:56:66:56:76 | jca/EllipticCurve1.java:56:66:56:76 | +| jca/EllipticCurve1.java:56:66:56:76 | EllipticCurve | RawName | secp256k1 | jca/EllipticCurve1.java:56:66:56:76 | jca/EllipticCurve1.java:56:66:56:76 | +| jca/EllipticCurve1.java:57:16:57:36 | Key | KeyType | Asymmetric | jca/EllipticCurve1.java:57:16:57:36 | jca/EllipticCurve1.java:57:16:57:36 | +| jca/EllipticCurve1.java:66:66:66:82 | EllipticCurve | KeySize | 256 | jca/EllipticCurve1.java:66:66:66:82 | jca/EllipticCurve1.java:66:66:66:82 | +| jca/EllipticCurve1.java:66:66:66:82 | EllipticCurve | Name | brainpoolP256r1 | jca/EllipticCurve1.java:66:66:66:82 | jca/EllipticCurve1.java:66:66:66:82 | +| jca/EllipticCurve1.java:66:66:66:82 | EllipticCurve | ParsedName | brainpoolP256r1 | jca/EllipticCurve1.java:66:66:66:82 | jca/EllipticCurve1.java:66:66:66:82 | +| jca/EllipticCurve1.java:66:66:66:82 | EllipticCurve | RawName | brainpoolP256r1 | jca/EllipticCurve1.java:66:66:66:82 | jca/EllipticCurve1.java:66:66:66:82 | +| jca/EllipticCurve1.java:67:16:67:36 | Key | KeyType | Asymmetric | jca/EllipticCurve1.java:67:16:67:36 | jca/EllipticCurve1.java:67:16:67:36 | +| jca/EllipticCurve1.java:74:61:74:68 | KeyAgreementAlgorithm | Name | X25519 | jca/EllipticCurve1.java:74:61:74:68 | jca/EllipticCurve1.java:74:61:74:68 | +| jca/EllipticCurve1.java:74:61:74:68 | KeyAgreementAlgorithm | RawName | X25519 | jca/EllipticCurve1.java:74:61:74:68 | jca/EllipticCurve1.java:74:61:74:68 | +| jca/EllipticCurve1.java:76:16:76:36 | Key | KeyType | Asymmetric | jca/EllipticCurve1.java:76:16:76:36 | jca/EllipticCurve1.java:76:16:76:36 | +| jca/EllipticCurve1.java:83:61:83:66 | KeyAgreementAlgorithm | Name | X448 | jca/EllipticCurve1.java:83:61:83:66 | jca/EllipticCurve1.java:83:61:83:66 | +| jca/EllipticCurve1.java:83:61:83:66 | KeyAgreementAlgorithm | RawName | X448 | jca/EllipticCurve1.java:83:61:83:66 | jca/EllipticCurve1.java:83:61:83:66 | +| jca/EllipticCurve1.java:84:16:84:36 | Key | KeyType | Asymmetric | jca/EllipticCurve1.java:84:16:84:36 | jca/EllipticCurve1.java:84:16:84:36 | +| jca/EllipticCurve1.java:94:66:94:76 | EllipticCurve | KeySize | 163 | jca/EllipticCurve1.java:94:66:94:76 | jca/EllipticCurve1.java:94:66:94:76 | +| jca/EllipticCurve1.java:94:66:94:76 | EllipticCurve | Name | sect163r2 | jca/EllipticCurve1.java:94:66:94:76 | jca/EllipticCurve1.java:94:66:94:76 | +| jca/EllipticCurve1.java:94:66:94:76 | EllipticCurve | ParsedName | sect163r2 | jca/EllipticCurve1.java:94:66:94:76 | jca/EllipticCurve1.java:94:66:94:76 | +| jca/EllipticCurve1.java:94:66:94:76 | EllipticCurve | RawName | sect163r2 | jca/EllipticCurve1.java:94:66:94:76 | jca/EllipticCurve1.java:94:66:94:76 | +| jca/EllipticCurve1.java:95:16:95:36 | Key | KeyType | Asymmetric | jca/EllipticCurve1.java:95:16:95:36 | jca/EllipticCurve1.java:95:16:95:36 | +| jca/EllipticCurve1.java:105:66:105:76 | Constant | Description | "sm2p256v1" | jca/EllipticCurve1.java:105:66:105:76 | jca/EllipticCurve1.java:105:66:105:76 | +| jca/EllipticCurve1.java:106:16:106:36 | Key | KeyType | Asymmetric | jca/EllipticCurve1.java:106:16:106:36 | jca/EllipticCurve1.java:106:16:106:36 | +| jca/EllipticCurve1.java:114:61:114:69 | Constant | Description | "Ed25519" | jca/EllipticCurve1.java:114:61:114:69 | jca/EllipticCurve1.java:114:61:114:69 | +| jca/EllipticCurve1.java:115:16:115:36 | Key | KeyType | Asymmetric | jca/EllipticCurve1.java:115:16:115:36 | jca/EllipticCurve1.java:115:16:115:36 | +| jca/EllipticCurve2.java:46:47:46:57 | EllipticCurve | KeySize | 256 | jca/EllipticCurve2.java:46:47:46:57 | jca/EllipticCurve2.java:46:47:46:57 | +| jca/EllipticCurve2.java:46:47:46:57 | EllipticCurve | Name | secp256r1 | jca/EllipticCurve2.java:46:47:46:57 | jca/EllipticCurve2.java:46:47:46:57 | +| jca/EllipticCurve2.java:46:47:46:57 | EllipticCurve | ParsedName | secp256r1 | jca/EllipticCurve2.java:46:47:46:57 | jca/EllipticCurve2.java:46:47:46:57 | +| jca/EllipticCurve2.java:46:47:46:57 | EllipticCurve | RawName | secp256r1 | jca/EllipticCurve2.java:46:47:46:57 | jca/EllipticCurve2.java:46:47:46:57 | +| jca/EllipticCurve2.java:47:16:47:36 | Key | KeyType | Asymmetric | jca/EllipticCurve2.java:47:16:47:36 | jca/EllipticCurve2.java:47:16:47:36 | +| jca/EllipticCurve2.java:55:47:55:57 | EllipticCurve | KeySize | 256 | jca/EllipticCurve2.java:55:47:55:57 | jca/EllipticCurve2.java:55:47:55:57 | +| jca/EllipticCurve2.java:55:47:55:57 | EllipticCurve | Name | secp256k1 | jca/EllipticCurve2.java:55:47:55:57 | jca/EllipticCurve2.java:55:47:55:57 | +| jca/EllipticCurve2.java:55:47:55:57 | EllipticCurve | ParsedName | secp256k1 | jca/EllipticCurve2.java:55:47:55:57 | jca/EllipticCurve2.java:55:47:55:57 | +| jca/EllipticCurve2.java:55:47:55:57 | EllipticCurve | RawName | secp256k1 | jca/EllipticCurve2.java:55:47:55:57 | jca/EllipticCurve2.java:55:47:55:57 | +| jca/EllipticCurve2.java:56:16:56:36 | Key | KeyType | Asymmetric | jca/EllipticCurve2.java:56:16:56:36 | jca/EllipticCurve2.java:56:16:56:36 | +| jca/EllipticCurve2.java:64:47:64:63 | EllipticCurve | KeySize | 256 | jca/EllipticCurve2.java:64:47:64:63 | jca/EllipticCurve2.java:64:47:64:63 | +| jca/EllipticCurve2.java:64:47:64:63 | EllipticCurve | Name | brainpoolP256r1 | jca/EllipticCurve2.java:64:47:64:63 | jca/EllipticCurve2.java:64:47:64:63 | +| jca/EllipticCurve2.java:64:47:64:63 | EllipticCurve | ParsedName | brainpoolP256r1 | jca/EllipticCurve2.java:64:47:64:63 | jca/EllipticCurve2.java:64:47:64:63 | +| jca/EllipticCurve2.java:64:47:64:63 | EllipticCurve | RawName | brainpoolP256r1 | jca/EllipticCurve2.java:64:47:64:63 | jca/EllipticCurve2.java:64:47:64:63 | +| jca/EllipticCurve2.java:65:16:65:36 | Key | KeyType | Asymmetric | jca/EllipticCurve2.java:65:16:65:36 | jca/EllipticCurve2.java:65:16:65:36 | +| jca/EllipticCurve2.java:72:61:72:68 | KeyAgreementAlgorithm | Name | X25519 | jca/EllipticCurve2.java:72:61:72:68 | jca/EllipticCurve2.java:72:61:72:68 | +| jca/EllipticCurve2.java:72:61:72:68 | KeyAgreementAlgorithm | RawName | X25519 | jca/EllipticCurve2.java:72:61:72:68 | jca/EllipticCurve2.java:72:61:72:68 | +| jca/EllipticCurve2.java:73:16:73:36 | Key | KeyType | Asymmetric | jca/EllipticCurve2.java:73:16:73:36 | jca/EllipticCurve2.java:73:16:73:36 | +| jca/EllipticCurve2.java:80:61:80:69 | Constant | Description | "Ed25519" | jca/EllipticCurve2.java:80:61:80:69 | jca/EllipticCurve2.java:80:61:80:69 | +| jca/EllipticCurve2.java:81:16:81:36 | Key | KeyType | Asymmetric | jca/EllipticCurve2.java:81:16:81:36 | jca/EllipticCurve2.java:81:16:81:36 | +| jca/EllipticCurve2.java:105:52:105:57 | KeyAgreementAlgorithm | Name | ECDH | jca/EllipticCurve2.java:105:52:105:57 | jca/EllipticCurve2.java:105:52:105:57 | +| jca/EllipticCurve2.java:105:52:105:57 | KeyAgreementAlgorithm | RawName | ECDH | jca/EllipticCurve2.java:105:52:105:57 | jca/EllipticCurve2.java:105:52:105:57 | +| jca/EllipticCurve2.java:106:17:106:36 | Key | KeyType | Unknown | jca/EllipticCurve2.java:106:17:106:36 | jca/EllipticCurve2.java:106:17:106:36 | +| jca/EllipticCurve2.java:107:20:107:36 | Key | KeyType | Unknown | jca/EllipticCurve2.java:107:20:107:36 | jca/EllipticCurve2.java:107:20:107:36 | +| jca/EllipticCurve2.java:119:52:119:57 | KeyAgreementAlgorithm | Name | ECDH | jca/EllipticCurve2.java:119:52:119:57 | jca/EllipticCurve2.java:119:52:119:57 | +| jca/EllipticCurve2.java:119:52:119:57 | KeyAgreementAlgorithm | RawName | ECDH | jca/EllipticCurve2.java:119:52:119:57 | jca/EllipticCurve2.java:119:52:119:57 | +| jca/EllipticCurve2.java:120:17:120:37 | Key | KeyType | Unknown | jca/EllipticCurve2.java:120:17:120:37 | jca/EllipticCurve2.java:120:17:120:37 | +| jca/EllipticCurve2.java:121:20:121:39 | Key | KeyType | Unknown | jca/EllipticCurve2.java:121:20:121:39 | jca/EllipticCurve2.java:121:20:121:39 | +| jca/EllipticCurve2.java:136:53:136:69 | HashAlgorithm | DigestSize | 256 | jca/EllipticCurve2.java:136:53:136:69 | jca/EllipticCurve2.java:136:53:136:69 | +| jca/EllipticCurve2.java:136:53:136:69 | HashAlgorithm | Name | SHA2 | jca/EllipticCurve2.java:136:53:136:69 | jca/EllipticCurve2.java:136:53:136:69 | +| jca/EllipticCurve2.java:136:53:136:69 | HashAlgorithm | RawName | SHA256withECDSA | jca/EllipticCurve2.java:136:53:136:69 | jca/EllipticCurve2.java:136:53:136:69 | +| jca/EllipticCurve2.java:136:53:136:69 | KeyOperationAlgorithm | Name | ECDSA | jca/EllipticCurve2.java:136:53:136:69 | jca/EllipticCurve2.java:136:53:136:69 | +| jca/EllipticCurve2.java:136:53:136:69 | KeyOperationAlgorithm | RawName | SHA256withECDSA | jca/EllipticCurve2.java:136:53:136:69 | jca/EllipticCurve2.java:136:53:136:69 | +| jca/EllipticCurve2.java:137:28:137:42 | Key | KeyType | Unknown | jca/EllipticCurve2.java:137:28:137:42 | jca/EllipticCurve2.java:137:28:137:42 | +| jca/EllipticCurve2.java:139:16:139:31 | SignOperation | KeyOperationSubtype | Sign | jca/EllipticCurve2.java:139:16:139:31 | jca/EllipticCurve2.java:139:16:139:31 | +| jca/EllipticCurve2.java:151:53:151:69 | HashAlgorithm | DigestSize | 256 | jca/EllipticCurve2.java:151:53:151:69 | jca/EllipticCurve2.java:151:53:151:69 | +| jca/EllipticCurve2.java:151:53:151:69 | HashAlgorithm | Name | SHA2 | jca/EllipticCurve2.java:151:53:151:69 | jca/EllipticCurve2.java:151:53:151:69 | +| jca/EllipticCurve2.java:151:53:151:69 | HashAlgorithm | RawName | SHA256withECDSA | jca/EllipticCurve2.java:151:53:151:69 | jca/EllipticCurve2.java:151:53:151:69 | +| jca/EllipticCurve2.java:151:53:151:69 | KeyOperationAlgorithm | Name | ECDSA | jca/EllipticCurve2.java:151:53:151:69 | jca/EllipticCurve2.java:151:53:151:69 | +| jca/EllipticCurve2.java:151:53:151:69 | KeyOperationAlgorithm | RawName | SHA256withECDSA | jca/EllipticCurve2.java:151:53:151:69 | jca/EllipticCurve2.java:151:53:151:69 | +| jca/EllipticCurve2.java:152:30:152:43 | Key | KeyType | Unknown | jca/EllipticCurve2.java:152:30:152:43 | jca/EllipticCurve2.java:152:30:152:43 | +| jca/EllipticCurve2.java:154:16:154:47 | VerifyOperation | KeyOperationSubtype | Verify | jca/EllipticCurve2.java:154:16:154:47 | jca/EllipticCurve2.java:154:16:154:47 | +| jca/EllipticCurve2.java:166:53:166:61 | KeyOperationAlgorithm | Name | EDSA | jca/EllipticCurve2.java:166:53:166:61 | jca/EllipticCurve2.java:166:53:166:61 | +| jca/EllipticCurve2.java:166:53:166:61 | KeyOperationAlgorithm | RawName | Ed25519 | jca/EllipticCurve2.java:166:53:166:61 | jca/EllipticCurve2.java:166:53:166:61 | +| jca/EllipticCurve2.java:167:28:167:42 | Key | KeyType | Unknown | jca/EllipticCurve2.java:167:28:167:42 | jca/EllipticCurve2.java:167:28:167:42 | +| jca/EllipticCurve2.java:169:16:169:31 | SignOperation | KeyOperationSubtype | Sign | jca/EllipticCurve2.java:169:16:169:31 | jca/EllipticCurve2.java:169:16:169:31 | +| jca/EllipticCurve2.java:181:53:181:61 | KeyOperationAlgorithm | Name | EDSA | jca/EllipticCurve2.java:181:53:181:61 | jca/EllipticCurve2.java:181:53:181:61 | +| jca/EllipticCurve2.java:181:53:181:61 | KeyOperationAlgorithm | RawName | Ed25519 | jca/EllipticCurve2.java:181:53:181:61 | jca/EllipticCurve2.java:181:53:181:61 | +| jca/EllipticCurve2.java:182:30:182:43 | Key | KeyType | Unknown | jca/EllipticCurve2.java:182:30:182:43 | jca/EllipticCurve2.java:182:30:182:43 | +| jca/EllipticCurve2.java:184:16:184:47 | VerifyOperation | KeyOperationSubtype | Verify | jca/EllipticCurve2.java:184:16:184:47 | jca/EllipticCurve2.java:184:16:184:47 | +| jca/EllipticCurve2.java:206:52:206:57 | KeyAgreementAlgorithm | Name | ECDH | jca/EllipticCurve2.java:206:52:206:57 | jca/EllipticCurve2.java:206:52:206:57 | +| jca/EllipticCurve2.java:206:52:206:57 | KeyAgreementAlgorithm | RawName | ECDH | jca/EllipticCurve2.java:206:52:206:57 | jca/EllipticCurve2.java:206:52:206:57 | +| jca/EllipticCurve2.java:207:17:207:37 | Key | KeyType | Unknown | jca/EllipticCurve2.java:207:17:207:37 | jca/EllipticCurve2.java:207:17:207:37 | +| jca/EllipticCurve2.java:208:20:208:41 | Key | KeyType | Unknown | jca/EllipticCurve2.java:208:20:208:41 | jca/EllipticCurve2.java:208:20:208:41 | +| jca/EllipticCurve2.java:213:58:213:66 | HashAlgorithm | DigestSize | 256 | jca/EllipticCurve2.java:213:58:213:66 | jca/EllipticCurve2.java:213:58:213:66 | +| jca/EllipticCurve2.java:213:58:213:66 | HashAlgorithm | Name | SHA2 | jca/EllipticCurve2.java:213:58:213:66 | jca/EllipticCurve2.java:213:58:213:66 | +| jca/EllipticCurve2.java:213:58:213:66 | HashAlgorithm | RawName | SHA-256 | jca/EllipticCurve2.java:213:58:213:66 | jca/EllipticCurve2.java:213:58:213:66 | +| jca/EllipticCurve2.java:219:44:219:62 | KeyOperationAlgorithm | Name | AES | jca/EllipticCurve2.java:219:44:219:62 | jca/EllipticCurve2.java:219:44:219:62 | +| jca/EllipticCurve2.java:219:44:219:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/EllipticCurve2.java:219:44:219:62 | jca/EllipticCurve2.java:219:44:219:62 | +| jca/EllipticCurve2.java:219:44:219:62 | KeyOperationAlgorithm | Structure | Block | jca/EllipticCurve2.java:219:44:219:62 | jca/EllipticCurve2.java:219:44:219:62 | +| jca/EllipticCurve2.java:219:44:219:62 | ModeOfOperation | Name | GCM | jca/EllipticCurve2.java:219:44:219:62 | jca/EllipticCurve2.java:219:44:219:62 | +| jca/EllipticCurve2.java:219:44:219:62 | ModeOfOperation | RawName | GCM | jca/EllipticCurve2.java:219:44:219:62 | jca/EllipticCurve2.java:219:44:219:62 | +| jca/EllipticCurve2.java:219:44:219:62 | PaddingAlgorithm | Name | UnknownPadding | jca/EllipticCurve2.java:219:44:219:62 | jca/EllipticCurve2.java:219:44:219:62 | +| jca/EllipticCurve2.java:219:44:219:62 | PaddingAlgorithm | RawName | NoPadding | jca/EllipticCurve2.java:219:44:219:62 | jca/EllipticCurve2.java:219:44:219:62 | +| jca/EllipticCurve2.java:221:9:221:40 | RandomNumberGeneration | Description | nextBytes | jca/EllipticCurve2.java:221:9:221:40 | jca/EllipticCurve2.java:221:9:221:40 | +| jca/EllipticCurve2.java:221:38:221:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/EllipticCurve2.java:221:38:221:39 | jca/EllipticCurve2.java:221:38:221:39 | +| jca/EllipticCurve2.java:223:42:223:47 | Key | KeyType | Unknown | jca/EllipticCurve2.java:223:42:223:47 | jca/EllipticCurve2.java:223:42:223:47 | +| jca/EllipticCurve2.java:224:29:224:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/EllipticCurve2.java:224:29:224:53 | jca/EllipticCurve2.java:224:29:224:53 | +| jca/EllipticCurve2.java:245:30:245:53 | Constant | Description | "Test message for ECDSA" | jca/EllipticCurve2.java:245:30:245:53 | jca/EllipticCurve2.java:245:30:245:53 | +| jca/EllipticCurve2.java:258:62:258:83 | Constant | Description | "Secret ECIES Message" | jca/EllipticCurve2.java:258:62:258:83 | jca/EllipticCurve2.java:258:62:258:83 | +| jca/Encryption1.java:60:56:60:60 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/Encryption1.java:61:21:61:23 | jca/Encryption1.java:61:21:61:23 | +| jca/Encryption1.java:60:56:60:60 | KeyOperationAlgorithm | Name | AES | jca/Encryption1.java:60:56:60:60 | jca/Encryption1.java:60:56:60:60 | +| jca/Encryption1.java:60:56:60:60 | KeyOperationAlgorithm | RawName | AES | jca/Encryption1.java:60:56:60:60 | jca/Encryption1.java:60:56:60:60 | +| jca/Encryption1.java:60:56:60:60 | KeyOperationAlgorithm | Structure | Block | jca/Encryption1.java:60:56:60:60 | jca/Encryption1.java:60:56:60:60 | +| jca/Encryption1.java:61:21:61:23 | Constant | Description | 256 | jca/Encryption1.java:61:21:61:23 | jca/Encryption1.java:61:21:61:23 | +| jca/Encryption1.java:62:25:62:44 | Key | KeyType | Symmetric | jca/Encryption1.java:62:25:62:44 | jca/Encryption1.java:62:25:62:44 | +| jca/Encryption1.java:63:44:63:62 | KeyOperationAlgorithm | Name | AES | jca/Encryption1.java:63:44:63:62 | jca/Encryption1.java:63:44:63:62 | +| jca/Encryption1.java:63:44:63:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/Encryption1.java:63:44:63:62 | jca/Encryption1.java:63:44:63:62 | +| jca/Encryption1.java:63:44:63:62 | KeyOperationAlgorithm | Structure | Block | jca/Encryption1.java:63:44:63:62 | jca/Encryption1.java:63:44:63:62 | +| jca/Encryption1.java:63:44:63:62 | ModeOfOperation | Name | GCM | jca/Encryption1.java:63:44:63:62 | jca/Encryption1.java:63:44:63:62 | +| jca/Encryption1.java:63:44:63:62 | ModeOfOperation | RawName | GCM | jca/Encryption1.java:63:44:63:62 | jca/Encryption1.java:63:44:63:62 | +| jca/Encryption1.java:63:44:63:62 | PaddingAlgorithm | Name | UnknownPadding | jca/Encryption1.java:63:44:63:62 | jca/Encryption1.java:63:44:63:62 | +| jca/Encryption1.java:63:44:63:62 | PaddingAlgorithm | RawName | NoPadding | jca/Encryption1.java:63:44:63:62 | jca/Encryption1.java:63:44:63:62 | +| jca/Encryption1.java:65:9:65:40 | RandomNumberGeneration | Description | nextBytes | jca/Encryption1.java:65:9:65:40 | jca/Encryption1.java:65:9:65:40 | +| jca/Encryption1.java:65:38:65:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/Encryption1.java:65:38:65:39 | jca/Encryption1.java:65:38:65:39 | +| jca/Encryption1.java:67:42:67:44 | Key | KeyType | Unknown | jca/Encryption1.java:67:42:67:44 | jca/Encryption1.java:67:42:67:44 | +| jca/Encryption1.java:68:32:68:74 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/Encryption1.java:68:32:68:74 | jca/Encryption1.java:68:32:68:74 | +| jca/Encryption1.java:68:47:68:62 | Constant | Description | "Sensitive Data" | jca/Encryption1.java:68:47:68:62 | jca/Encryption1.java:68:47:68:62 | +| jca/Encryption1.java:83:56:83:60 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/Encryption1.java:84:21:84:23 | jca/Encryption1.java:84:21:84:23 | +| jca/Encryption1.java:83:56:83:60 | KeyOperationAlgorithm | Name | AES | jca/Encryption1.java:83:56:83:60 | jca/Encryption1.java:83:56:83:60 | +| jca/Encryption1.java:83:56:83:60 | KeyOperationAlgorithm | RawName | AES | jca/Encryption1.java:83:56:83:60 | jca/Encryption1.java:83:56:83:60 | +| jca/Encryption1.java:83:56:83:60 | KeyOperationAlgorithm | Structure | Block | jca/Encryption1.java:83:56:83:60 | jca/Encryption1.java:83:56:83:60 | +| jca/Encryption1.java:84:21:84:23 | Constant | Description | 256 | jca/Encryption1.java:84:21:84:23 | jca/Encryption1.java:84:21:84:23 | +| jca/Encryption1.java:85:25:85:44 | Key | KeyType | Symmetric | jca/Encryption1.java:85:25:85:44 | jca/Encryption1.java:85:25:85:44 | +| jca/Encryption1.java:88:44:88:62 | KeyOperationAlgorithm | Name | AES | jca/Encryption1.java:88:44:88:62 | jca/Encryption1.java:88:44:88:62 | +| jca/Encryption1.java:88:44:88:62 | KeyOperationAlgorithm | RawName | AES/ECB/NoPadding | jca/Encryption1.java:88:44:88:62 | jca/Encryption1.java:88:44:88:62 | +| jca/Encryption1.java:88:44:88:62 | KeyOperationAlgorithm | Structure | Block | jca/Encryption1.java:88:44:88:62 | jca/Encryption1.java:88:44:88:62 | +| jca/Encryption1.java:88:44:88:62 | ModeOfOperation | Name | ECB | jca/Encryption1.java:88:44:88:62 | jca/Encryption1.java:88:44:88:62 | +| jca/Encryption1.java:88:44:88:62 | ModeOfOperation | RawName | ECB | jca/Encryption1.java:88:44:88:62 | jca/Encryption1.java:88:44:88:62 | +| jca/Encryption1.java:88:44:88:62 | PaddingAlgorithm | Name | UnknownPadding | jca/Encryption1.java:88:44:88:62 | jca/Encryption1.java:88:44:88:62 | +| jca/Encryption1.java:88:44:88:62 | PaddingAlgorithm | RawName | NoPadding | jca/Encryption1.java:88:44:88:62 | jca/Encryption1.java:88:44:88:62 | +| jca/Encryption1.java:89:42:89:44 | Key | KeyType | Unknown | jca/Encryption1.java:89:42:89:44 | jca/Encryption1.java:89:42:89:44 | +| jca/Encryption1.java:90:32:90:74 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/Encryption1.java:90:32:90:74 | jca/Encryption1.java:90:32:90:74 | +| jca/Encryption1.java:90:47:90:62 | Constant | Description | "Sensitive Data" | jca/Encryption1.java:90:47:90:62 | jca/Encryption1.java:90:47:90:62 | +| jca/Encryption1.java:104:35:104:53 | Parameter | Description | publicKey | jca/Encryption1.java:104:35:104:53 | jca/Encryption1.java:104:35:104:53 | +| jca/Encryption1.java:104:56:104:66 | Parameter | Description | data | jca/Encryption1.java:104:56:104:66 | jca/Encryption1.java:104:56:104:66 | +| jca/Encryption1.java:105:44:105:82 | HashAlgorithm | DigestSize | 256 | jca/Encryption1.java:105:44:105:82 | jca/Encryption1.java:105:44:105:82 | +| jca/Encryption1.java:105:44:105:82 | HashAlgorithm | Name | SHA2 | jca/Encryption1.java:105:44:105:82 | jca/Encryption1.java:105:44:105:82 | +| jca/Encryption1.java:105:44:105:82 | HashAlgorithm | RawName | OAEPWithSHA-256AndMGF1Padding | jca/Encryption1.java:105:44:105:82 | jca/Encryption1.java:105:44:105:82 | +| jca/Encryption1.java:105:44:105:82 | KeyOperationAlgorithm | Name | RSA | jca/Encryption1.java:105:44:105:82 | jca/Encryption1.java:105:44:105:82 | +| jca/Encryption1.java:105:44:105:82 | KeyOperationAlgorithm | RawName | RSA/ECB/OAEPWithSHA-256AndMGF1Padding | jca/Encryption1.java:105:44:105:82 | jca/Encryption1.java:105:44:105:82 | +| jca/Encryption1.java:105:44:105:82 | ModeOfOperation | Name | ECB | jca/Encryption1.java:105:44:105:82 | jca/Encryption1.java:105:44:105:82 | +| jca/Encryption1.java:105:44:105:82 | ModeOfOperation | RawName | ECB | jca/Encryption1.java:105:44:105:82 | jca/Encryption1.java:105:44:105:82 | +| jca/Encryption1.java:105:44:105:82 | PaddingAlgorithm | Name | OAEP | jca/Encryption1.java:105:44:105:82 | jca/Encryption1.java:105:44:105:82 | +| jca/Encryption1.java:105:44:105:82 | PaddingAlgorithm | RawName | OAEPWithSHA-256AndMGF1Padding | jca/Encryption1.java:105:44:105:82 | jca/Encryption1.java:105:44:105:82 | +| jca/Encryption1.java:106:42:106:50 | Key | KeyType | Unknown | jca/Encryption1.java:106:42:106:50 | jca/Encryption1.java:106:42:106:50 | +| jca/Encryption1.java:107:32:107:62 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/Encryption1.java:107:32:107:62 | jca/Encryption1.java:107:32:107:62 | +| jca/Encryption1.java:119:35:119:55 | Parameter | Description | privateKey | jca/Encryption1.java:119:35:119:55 | jca/Encryption1.java:119:35:119:55 | +| jca/Encryption1.java:119:58:119:77 | Parameter | Description | encryptedData | jca/Encryption1.java:119:58:119:77 | jca/Encryption1.java:119:58:119:77 | +| jca/Encryption1.java:120:44:120:82 | HashAlgorithm | DigestSize | 256 | jca/Encryption1.java:120:44:120:82 | jca/Encryption1.java:120:44:120:82 | +| jca/Encryption1.java:120:44:120:82 | HashAlgorithm | Name | SHA2 | jca/Encryption1.java:120:44:120:82 | jca/Encryption1.java:120:44:120:82 | +| jca/Encryption1.java:120:44:120:82 | HashAlgorithm | RawName | OAEPWithSHA-256AndMGF1Padding | jca/Encryption1.java:120:44:120:82 | jca/Encryption1.java:120:44:120:82 | +| jca/Encryption1.java:120:44:120:82 | KeyOperationAlgorithm | Name | RSA | jca/Encryption1.java:120:44:120:82 | jca/Encryption1.java:120:44:120:82 | +| jca/Encryption1.java:120:44:120:82 | KeyOperationAlgorithm | RawName | RSA/ECB/OAEPWithSHA-256AndMGF1Padding | jca/Encryption1.java:120:44:120:82 | jca/Encryption1.java:120:44:120:82 | +| jca/Encryption1.java:120:44:120:82 | ModeOfOperation | Name | ECB | jca/Encryption1.java:120:44:120:82 | jca/Encryption1.java:120:44:120:82 | +| jca/Encryption1.java:120:44:120:82 | ModeOfOperation | RawName | ECB | jca/Encryption1.java:120:44:120:82 | jca/Encryption1.java:120:44:120:82 | +| jca/Encryption1.java:120:44:120:82 | PaddingAlgorithm | Name | OAEP | jca/Encryption1.java:120:44:120:82 | jca/Encryption1.java:120:44:120:82 | +| jca/Encryption1.java:120:44:120:82 | PaddingAlgorithm | RawName | OAEPWithSHA-256AndMGF1Padding | jca/Encryption1.java:120:44:120:82 | jca/Encryption1.java:120:44:120:82 | +| jca/Encryption1.java:121:42:121:51 | Key | KeyType | Unknown | jca/Encryption1.java:121:42:121:51 | jca/Encryption1.java:121:42:121:51 | +| jca/Encryption1.java:122:32:122:60 | DecryptOperation | KeyOperationSubtype | Decrypt | jca/Encryption1.java:122:32:122:60 | jca/Encryption1.java:122:32:122:60 | +| jca/Encryption1.java:136:34:136:55 | Parameter | Description | rsaPublicKey | jca/Encryption1.java:136:34:136:55 | jca/Encryption1.java:136:34:136:55 | +| jca/Encryption1.java:137:56:137:60 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/Encryption1.java:138:21:138:23 | jca/Encryption1.java:138:21:138:23 | +| jca/Encryption1.java:137:56:137:60 | KeyOperationAlgorithm | Name | AES | jca/Encryption1.java:137:56:137:60 | jca/Encryption1.java:137:56:137:60 | +| jca/Encryption1.java:137:56:137:60 | KeyOperationAlgorithm | RawName | AES | jca/Encryption1.java:137:56:137:60 | jca/Encryption1.java:137:56:137:60 | +| jca/Encryption1.java:137:56:137:60 | KeyOperationAlgorithm | Structure | Block | jca/Encryption1.java:137:56:137:60 | jca/Encryption1.java:137:56:137:60 | +| jca/Encryption1.java:138:21:138:23 | Constant | Description | 256 | jca/Encryption1.java:138:21:138:23 | jca/Encryption1.java:138:21:138:23 | +| jca/Encryption1.java:139:28:139:47 | Key | KeyType | Symmetric | jca/Encryption1.java:139:28:139:47 | jca/Encryption1.java:139:28:139:47 | +| jca/Encryption1.java:141:47:141:85 | HashAlgorithm | DigestSize | 256 | jca/Encryption1.java:141:47:141:85 | jca/Encryption1.java:141:47:141:85 | +| jca/Encryption1.java:141:47:141:85 | HashAlgorithm | Name | SHA2 | jca/Encryption1.java:141:47:141:85 | jca/Encryption1.java:141:47:141:85 | +| jca/Encryption1.java:141:47:141:85 | HashAlgorithm | RawName | OAEPWithSHA-256AndMGF1Padding | jca/Encryption1.java:141:47:141:85 | jca/Encryption1.java:141:47:141:85 | +| jca/Encryption1.java:141:47:141:85 | KeyOperationAlgorithm | Name | RSA | jca/Encryption1.java:141:47:141:85 | jca/Encryption1.java:141:47:141:85 | +| jca/Encryption1.java:141:47:141:85 | KeyOperationAlgorithm | RawName | RSA/ECB/OAEPWithSHA-256AndMGF1Padding | jca/Encryption1.java:141:47:141:85 | jca/Encryption1.java:141:47:141:85 | +| jca/Encryption1.java:141:47:141:85 | ModeOfOperation | Name | ECB | jca/Encryption1.java:141:47:141:85 | jca/Encryption1.java:141:47:141:85 | +| jca/Encryption1.java:141:47:141:85 | ModeOfOperation | RawName | ECB | jca/Encryption1.java:141:47:141:85 | jca/Encryption1.java:141:47:141:85 | +| jca/Encryption1.java:141:47:141:85 | PaddingAlgorithm | Name | OAEP | jca/Encryption1.java:141:47:141:85 | jca/Encryption1.java:141:47:141:85 | +| jca/Encryption1.java:141:47:141:85 | PaddingAlgorithm | RawName | OAEPWithSHA-256AndMGF1Padding | jca/Encryption1.java:141:47:141:85 | jca/Encryption1.java:141:47:141:85 | +| jca/Encryption1.java:142:45:142:56 | Key | KeyType | Unknown | jca/Encryption1.java:142:45:142:56 | jca/Encryption1.java:142:45:142:56 | +| jca/Encryption1.java:143:34:143:71 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/Encryption1.java:143:34:143:71 | jca/Encryption1.java:143:34:143:71 | +| jca/Encryption1.java:159:34:159:55 | Parameter | Description | rsaPublicKey | jca/Encryption1.java:159:34:159:55 | jca/Encryption1.java:159:34:159:55 | +| jca/Encryption1.java:159:58:159:68 | Parameter | Description | data | jca/Encryption1.java:159:58:159:68 | jca/Encryption1.java:159:58:159:68 | +| jca/Encryption1.java:161:56:161:60 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/Encryption1.java:162:21:162:23 | jca/Encryption1.java:162:21:162:23 | +| jca/Encryption1.java:161:56:161:60 | KeyOperationAlgorithm | Name | AES | jca/Encryption1.java:161:56:161:60 | jca/Encryption1.java:161:56:161:60 | +| jca/Encryption1.java:161:56:161:60 | KeyOperationAlgorithm | RawName | AES | jca/Encryption1.java:161:56:161:60 | jca/Encryption1.java:161:56:161:60 | +| jca/Encryption1.java:161:56:161:60 | KeyOperationAlgorithm | Structure | Block | jca/Encryption1.java:161:56:161:60 | jca/Encryption1.java:161:56:161:60 | +| jca/Encryption1.java:162:21:162:23 | Constant | Description | 256 | jca/Encryption1.java:162:21:162:23 | jca/Encryption1.java:162:21:162:23 | +| jca/Encryption1.java:163:28:163:47 | Key | KeyType | Symmetric | jca/Encryption1.java:163:28:163:47 | jca/Encryption1.java:163:28:163:47 | +| jca/Encryption1.java:166:47:166:85 | HashAlgorithm | DigestSize | 256 | jca/Encryption1.java:166:47:166:85 | jca/Encryption1.java:166:47:166:85 | +| jca/Encryption1.java:166:47:166:85 | HashAlgorithm | Name | SHA2 | jca/Encryption1.java:166:47:166:85 | jca/Encryption1.java:166:47:166:85 | +| jca/Encryption1.java:166:47:166:85 | HashAlgorithm | RawName | OAEPWithSHA-256AndMGF1Padding | jca/Encryption1.java:166:47:166:85 | jca/Encryption1.java:166:47:166:85 | +| jca/Encryption1.java:166:47:166:85 | KeyOperationAlgorithm | Name | RSA | jca/Encryption1.java:166:47:166:85 | jca/Encryption1.java:166:47:166:85 | +| jca/Encryption1.java:166:47:166:85 | KeyOperationAlgorithm | RawName | RSA/ECB/OAEPWithSHA-256AndMGF1Padding | jca/Encryption1.java:166:47:166:85 | jca/Encryption1.java:166:47:166:85 | +| jca/Encryption1.java:166:47:166:85 | ModeOfOperation | Name | ECB | jca/Encryption1.java:166:47:166:85 | jca/Encryption1.java:166:47:166:85 | +| jca/Encryption1.java:166:47:166:85 | ModeOfOperation | RawName | ECB | jca/Encryption1.java:166:47:166:85 | jca/Encryption1.java:166:47:166:85 | +| jca/Encryption1.java:166:47:166:85 | PaddingAlgorithm | Name | OAEP | jca/Encryption1.java:166:47:166:85 | jca/Encryption1.java:166:47:166:85 | +| jca/Encryption1.java:166:47:166:85 | PaddingAlgorithm | RawName | OAEPWithSHA-256AndMGF1Padding | jca/Encryption1.java:166:47:166:85 | jca/Encryption1.java:166:47:166:85 | +| jca/Encryption1.java:167:45:167:56 | Key | KeyType | Unknown | jca/Encryption1.java:167:45:167:56 | jca/Encryption1.java:167:45:167:56 | +| jca/Encryption1.java:168:34:168:71 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/Encryption1.java:168:34:168:71 | jca/Encryption1.java:168:34:168:71 | +| jca/Encryption1.java:171:47:171:65 | KeyOperationAlgorithm | Name | AES | jca/Encryption1.java:171:47:171:65 | jca/Encryption1.java:171:47:171:65 | +| jca/Encryption1.java:171:47:171:65 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/Encryption1.java:171:47:171:65 | jca/Encryption1.java:171:47:171:65 | +| jca/Encryption1.java:171:47:171:65 | KeyOperationAlgorithm | Structure | Block | jca/Encryption1.java:171:47:171:65 | jca/Encryption1.java:171:47:171:65 | +| jca/Encryption1.java:171:47:171:65 | ModeOfOperation | Name | GCM | jca/Encryption1.java:171:47:171:65 | jca/Encryption1.java:171:47:171:65 | +| jca/Encryption1.java:171:47:171:65 | ModeOfOperation | RawName | GCM | jca/Encryption1.java:171:47:171:65 | jca/Encryption1.java:171:47:171:65 | +| jca/Encryption1.java:171:47:171:65 | PaddingAlgorithm | Name | UnknownPadding | jca/Encryption1.java:171:47:171:65 | jca/Encryption1.java:171:47:171:65 | +| jca/Encryption1.java:171:47:171:65 | PaddingAlgorithm | RawName | NoPadding | jca/Encryption1.java:171:47:171:65 | jca/Encryption1.java:171:47:171:65 | +| jca/Encryption1.java:173:9:173:40 | RandomNumberGeneration | Description | nextBytes | jca/Encryption1.java:173:9:173:40 | jca/Encryption1.java:173:9:173:40 | +| jca/Encryption1.java:173:38:173:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/Encryption1.java:173:38:173:39 | jca/Encryption1.java:173:38:173:39 | +| jca/Encryption1.java:175:45:175:50 | Key | KeyType | Unknown | jca/Encryption1.java:175:45:175:50 | jca/Encryption1.java:175:45:175:50 | +| jca/Encryption1.java:176:32:176:65 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/Encryption1.java:176:32:176:65 | jca/Encryption1.java:176:32:176:65 | +| jca/Encryption2.java:55:60:55:70 | EllipticCurve | KeySize | 256 | jca/Encryption2.java:55:60:55:70 | jca/Encryption2.java:55:60:55:70 | +| jca/Encryption2.java:55:60:55:70 | EllipticCurve | Name | secp256r1 | jca/Encryption2.java:55:60:55:70 | jca/Encryption2.java:55:60:55:70 | +| jca/Encryption2.java:55:60:55:70 | EllipticCurve | ParsedName | secp256r1 | jca/Encryption2.java:55:60:55:70 | jca/Encryption2.java:55:60:55:70 | +| jca/Encryption2.java:55:60:55:70 | EllipticCurve | RawName | secp256r1 | jca/Encryption2.java:55:60:55:70 | jca/Encryption2.java:55:60:55:70 | +| jca/Encryption2.java:56:16:56:49 | Key | KeyType | Asymmetric | jca/Encryption2.java:56:16:56:49 | jca/Encryption2.java:56:16:56:49 | +| jca/Encryption2.java:71:62:71:67 | KeyAgreementAlgorithm | Name | ECDH | jca/Encryption2.java:71:62:71:67 | jca/Encryption2.java:71:62:71:67 | +| jca/Encryption2.java:71:62:71:67 | KeyAgreementAlgorithm | RawName | ECDH | jca/Encryption2.java:71:62:71:67 | jca/Encryption2.java:71:62:71:67 | +| jca/Encryption2.java:72:27:72:36 | Key | KeyType | Unknown | jca/Encryption2.java:72:27:72:36 | jca/Encryption2.java:72:27:72:36 | +| jca/Encryption2.java:73:30:73:38 | Key | KeyType | Unknown | jca/Encryption2.java:73:30:73:38 | jca/Encryption2.java:73:30:73:38 | +| jca/Encryption2.java:90:38:90:65 | Parameter | Description | recipientPublicKey | jca/Encryption2.java:90:38:90:65 | jca/Encryption2.java:90:38:90:65 | +| jca/Encryption2.java:90:68:90:78 | Parameter | Description | data | jca/Encryption2.java:90:68:90:78 | jca/Encryption2.java:90:68:90:78 | +| jca/Encryption2.java:99:58:99:66 | HashAlgorithm | DigestSize | 256 | jca/Encryption2.java:99:58:99:66 | jca/Encryption2.java:99:58:99:66 | +| jca/Encryption2.java:99:58:99:66 | HashAlgorithm | Name | SHA2 | jca/Encryption2.java:99:58:99:66 | jca/Encryption2.java:99:58:99:66 | +| jca/Encryption2.java:99:58:99:66 | HashAlgorithm | RawName | SHA-256 | jca/Encryption2.java:99:58:99:66 | jca/Encryption2.java:99:58:99:66 | +| jca/Encryption2.java:105:47:105:65 | KeyOperationAlgorithm | Name | AES | jca/Encryption2.java:105:47:105:65 | jca/Encryption2.java:105:47:105:65 | +| jca/Encryption2.java:105:47:105:65 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/Encryption2.java:105:47:105:65 | jca/Encryption2.java:105:47:105:65 | +| jca/Encryption2.java:105:47:105:65 | KeyOperationAlgorithm | Structure | Block | jca/Encryption2.java:105:47:105:65 | jca/Encryption2.java:105:47:105:65 | +| jca/Encryption2.java:105:47:105:65 | ModeOfOperation | Name | GCM | jca/Encryption2.java:105:47:105:65 | jca/Encryption2.java:105:47:105:65 | +| jca/Encryption2.java:105:47:105:65 | ModeOfOperation | RawName | GCM | jca/Encryption2.java:105:47:105:65 | jca/Encryption2.java:105:47:105:65 | +| jca/Encryption2.java:105:47:105:65 | PaddingAlgorithm | Name | UnknownPadding | jca/Encryption2.java:105:47:105:65 | jca/Encryption2.java:105:47:105:65 | +| jca/Encryption2.java:105:47:105:65 | PaddingAlgorithm | RawName | NoPadding | jca/Encryption2.java:105:47:105:65 | jca/Encryption2.java:105:47:105:65 | +| jca/Encryption2.java:107:9:107:40 | RandomNumberGeneration | Description | nextBytes | jca/Encryption2.java:107:9:107:40 | jca/Encryption2.java:107:9:107:40 | +| jca/Encryption2.java:107:38:107:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/Encryption2.java:107:38:107:39 | jca/Encryption2.java:107:38:107:39 | +| jca/Encryption2.java:109:45:109:50 | Key | KeyType | Unknown | jca/Encryption2.java:109:45:109:50 | jca/Encryption2.java:109:45:109:50 | +| jca/Encryption2.java:110:32:110:65 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/Encryption2.java:110:32:110:65 | jca/Encryption2.java:110:32:110:65 | +| jca/Encryption2.java:132:45:132:65 | Parameter | Description | ecPublicKey | jca/Encryption2.java:132:45:132:65 | jca/Encryption2.java:132:45:132:65 | +| jca/Encryption2.java:132:68:132:88 | Parameter | Description | pqSharedSecret | jca/Encryption2.java:132:68:132:88 | jca/Encryption2.java:132:68:132:88 | +| jca/Encryption2.java:145:47:145:65 | KeyOperationAlgorithm | Name | AES | jca/Encryption2.java:145:47:145:65 | jca/Encryption2.java:145:47:145:65 | +| jca/Encryption2.java:145:47:145:65 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/Encryption2.java:145:47:145:65 | jca/Encryption2.java:145:47:145:65 | +| jca/Encryption2.java:145:47:145:65 | KeyOperationAlgorithm | Structure | Block | jca/Encryption2.java:145:47:145:65 | jca/Encryption2.java:145:47:145:65 | +| jca/Encryption2.java:145:47:145:65 | ModeOfOperation | Name | GCM | jca/Encryption2.java:145:47:145:65 | jca/Encryption2.java:145:47:145:65 | +| jca/Encryption2.java:145:47:145:65 | ModeOfOperation | RawName | GCM | jca/Encryption2.java:145:47:145:65 | jca/Encryption2.java:145:47:145:65 | +| jca/Encryption2.java:145:47:145:65 | PaddingAlgorithm | Name | UnknownPadding | jca/Encryption2.java:145:47:145:65 | jca/Encryption2.java:145:47:145:65 | +| jca/Encryption2.java:145:47:145:65 | PaddingAlgorithm | RawName | NoPadding | jca/Encryption2.java:145:47:145:65 | jca/Encryption2.java:145:47:145:65 | +| jca/Encryption2.java:147:9:147:40 | RandomNumberGeneration | Description | nextBytes | jca/Encryption2.java:147:9:147:40 | jca/Encryption2.java:147:9:147:40 | +| jca/Encryption2.java:147:38:147:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/Encryption2.java:147:38:147:39 | jca/Encryption2.java:147:38:147:39 | +| jca/Encryption2.java:149:45:149:50 | Key | KeyType | Unknown | jca/Encryption2.java:149:45:149:50 | jca/Encryption2.java:149:45:149:50 | +| jca/Encryption2.java:150:32:150:98 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/Encryption2.java:150:32:150:98 | jca/Encryption2.java:150:32:150:98 | +| jca/Encryption2.java:150:50:150:86 | Constant | Description | "Post-Quantum Hybrid Encryption Data" | jca/Encryption2.java:150:50:150:86 | jca/Encryption2.java:150:50:150:86 | +| jca/Encryption2.java:173:36:173:47 | KeyOperationAlgorithm | Name | HMAC | jca/Encryption2.java:173:36:173:47 | jca/Encryption2.java:173:36:173:47 | +| jca/Encryption2.java:173:36:173:47 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/Encryption2.java:173:36:173:47 | jca/Encryption2.java:173:36:173:47 | +| jca/Encryption2.java:175:19:175:27 | Key | KeyType | Unknown | jca/Encryption2.java:175:19:175:27 | jca/Encryption2.java:175:19:175:27 | +| jca/Encryption2.java:176:31:176:52 | MACOperation | KeyOperationSubtype | Mac | jca/Encryption2.java:176:31:176:52 | jca/Encryption2.java:176:31:176:52 | +| jca/Hash.java:75:58:75:66 | HashAlgorithm | DigestSize | 256 | jca/Hash.java:75:58:75:66 | jca/Hash.java:75:58:75:66 | +| jca/Hash.java:75:58:75:66 | HashAlgorithm | Name | SHA2 | jca/Hash.java:75:58:75:66 | jca/Hash.java:75:58:75:66 | +| jca/Hash.java:75:58:75:66 | HashAlgorithm | RawName | SHA-256 | jca/Hash.java:75:58:75:66 | jca/Hash.java:75:58:75:66 | +| jca/Hash.java:76:37:76:54 | Constant | Description | "Simple Test Data" | jca/Hash.java:76:37:76:54 | jca/Hash.java:76:37:76:54 | +| jca/Hash.java:88:61:88:65 | HashAlgorithm | DigestSize | 128 | jca/Hash.java:88:61:88:65 | jca/Hash.java:88:61:88:65 | +| jca/Hash.java:88:61:88:65 | HashAlgorithm | Name | MD5 | jca/Hash.java:88:61:88:65 | jca/Hash.java:88:61:88:65 | +| jca/Hash.java:88:61:88:65 | HashAlgorithm | RawName | MD5 | jca/Hash.java:88:61:88:65 | jca/Hash.java:88:61:88:65 | +| jca/Hash.java:89:40:89:58 | Constant | Description | "Weak Hash Example" | jca/Hash.java:89:40:89:58 | jca/Hash.java:89:40:89:58 | +| jca/Hash.java:133:29:133:40 | Parameter | Description | input | jca/Hash.java:133:29:133:40 | jca/Hash.java:133:29:133:40 | +| jca/Hash.java:133:43:133:63 | Parameter | Description | privateKey | jca/Hash.java:133:43:133:63 | jca/Hash.java:133:43:133:63 | +| jca/Hash.java:134:53:134:67 | HashAlgorithm | DigestSize | 256 | jca/Hash.java:134:53:134:67 | jca/Hash.java:134:53:134:67 | +| jca/Hash.java:134:53:134:67 | HashAlgorithm | Name | SHA2 | jca/Hash.java:134:53:134:67 | jca/Hash.java:134:53:134:67 | +| jca/Hash.java:134:53:134:67 | HashAlgorithm | RawName | SHA256withRSA | jca/Hash.java:134:53:134:67 | jca/Hash.java:134:53:134:67 | +| jca/Hash.java:134:53:134:67 | KeyOperationAlgorithm | Name | RSA | jca/Hash.java:134:53:134:67 | jca/Hash.java:134:53:134:67 | +| jca/Hash.java:134:53:134:67 | KeyOperationAlgorithm | RawName | SHA256withRSA | jca/Hash.java:134:53:134:67 | jca/Hash.java:134:53:134:67 | +| jca/Hash.java:135:28:135:37 | Key | KeyType | Unknown | jca/Hash.java:135:28:135:37 | jca/Hash.java:135:28:135:37 | +| jca/Hash.java:137:29:137:44 | SignOperation | KeyOperationSubtype | Sign | jca/Hash.java:137:29:137:44 | jca/Hash.java:137:29:137:44 | +| jca/Hash.java:154:40:154:51 | Parameter | Description | input | jca/Hash.java:154:40:154:51 | jca/Hash.java:154:40:154:51 | +| jca/Hash.java:154:54:154:70 | Parameter | Description | signedHash | jca/Hash.java:154:54:154:70 | jca/Hash.java:154:54:154:70 | +| jca/Hash.java:154:73:154:91 | Parameter | Description | publicKey | jca/Hash.java:154:73:154:91 | jca/Hash.java:154:73:154:91 | +| jca/Hash.java:155:53:155:67 | HashAlgorithm | DigestSize | 256 | jca/Hash.java:155:53:155:67 | jca/Hash.java:155:53:155:67 | +| jca/Hash.java:155:53:155:67 | HashAlgorithm | Name | SHA2 | jca/Hash.java:155:53:155:67 | jca/Hash.java:155:53:155:67 | +| jca/Hash.java:155:53:155:67 | HashAlgorithm | RawName | SHA256withRSA | jca/Hash.java:155:53:155:67 | jca/Hash.java:155:53:155:67 | +| jca/Hash.java:155:53:155:67 | KeyOperationAlgorithm | Name | RSA | jca/Hash.java:155:53:155:67 | jca/Hash.java:155:53:155:67 | +| jca/Hash.java:155:53:155:67 | KeyOperationAlgorithm | RawName | SHA256withRSA | jca/Hash.java:155:53:155:67 | jca/Hash.java:155:53:155:67 | +| jca/Hash.java:156:30:156:38 | Key | KeyType | Unknown | jca/Hash.java:156:30:156:38 | jca/Hash.java:156:30:156:38 | +| jca/Hash.java:158:16:158:43 | VerifyOperation | KeyOperationSubtype | Verify | jca/Hash.java:158:16:158:43 | jca/Hash.java:158:16:158:43 | +| jca/Hash.java:172:43:172:53 | Parameter | Description | data | jca/Hash.java:172:43:172:53 | jca/Hash.java:172:43:172:53 | +| jca/Hash.java:173:58:173:66 | HashAlgorithm | DigestSize | 256 | jca/Hash.java:173:58:173:66 | jca/Hash.java:173:58:173:66 | +| jca/Hash.java:173:58:173:66 | HashAlgorithm | Name | SHA2 | jca/Hash.java:173:58:173:66 | jca/Hash.java:173:58:173:66 | +| jca/Hash.java:173:58:173:66 | HashAlgorithm | RawName | SHA-256 | jca/Hash.java:173:58:173:66 | jca/Hash.java:173:58:173:66 | +| jca/Hash.java:190:43:190:54 | Parameter | Description | input | jca/Hash.java:190:43:190:54 | jca/Hash.java:190:43:190:54 | +| jca/Hash.java:191:32:191:38 | HashAlgorithm | DigestSize | 160 | jca/Hash.java:191:32:191:38 | jca/Hash.java:191:32:191:38 | +| jca/Hash.java:191:32:191:38 | HashAlgorithm | Name | SHA1 | jca/Hash.java:191:32:191:38 | jca/Hash.java:191:32:191:38 | +| jca/Hash.java:191:32:191:38 | HashAlgorithm | RawName | SHA-1 | jca/Hash.java:191:32:191:38 | jca/Hash.java:191:32:191:38 | +| jca/Hash.java:191:41:191:49 | HashAlgorithm | DigestSize | | file://:0:0:0:0 | file://:0:0:0:0 | +| jca/Hash.java:191:41:191:49 | HashAlgorithm | RawName | SHA-224 | jca/Hash.java:191:41:191:49 | jca/Hash.java:191:41:191:49 | +| jca/Hash.java:191:52:191:60 | HashAlgorithm | DigestSize | 256 | jca/Hash.java:191:52:191:60 | jca/Hash.java:191:52:191:60 | +| jca/Hash.java:191:52:191:60 | HashAlgorithm | Name | SHA2 | jca/Hash.java:191:52:191:60 | jca/Hash.java:191:52:191:60 | +| jca/Hash.java:191:52:191:60 | HashAlgorithm | RawName | SHA-256 | jca/Hash.java:191:52:191:60 | jca/Hash.java:191:52:191:60 | +| jca/Hash.java:191:63:191:71 | HashAlgorithm | DigestSize | 384 | jca/Hash.java:191:63:191:71 | jca/Hash.java:191:63:191:71 | +| jca/Hash.java:191:63:191:71 | HashAlgorithm | Name | SHA2 | jca/Hash.java:191:63:191:71 | jca/Hash.java:191:63:191:71 | +| jca/Hash.java:191:63:191:71 | HashAlgorithm | RawName | SHA-384 | jca/Hash.java:191:63:191:71 | jca/Hash.java:191:63:191:71 | +| jca/Hash.java:191:74:191:82 | HashAlgorithm | DigestSize | 512 | jca/Hash.java:191:74:191:82 | jca/Hash.java:191:74:191:82 | +| jca/Hash.java:191:74:191:82 | HashAlgorithm | Name | SHA2 | jca/Hash.java:191:74:191:82 | jca/Hash.java:191:74:191:82 | +| jca/Hash.java:191:74:191:82 | HashAlgorithm | RawName | SHA-512 | jca/Hash.java:191:74:191:82 | jca/Hash.java:191:74:191:82 | +| jca/Hash.java:191:85:191:94 | HashAlgorithm | DigestSize | 256 | jca/Hash.java:191:85:191:94 | jca/Hash.java:191:85:191:94 | +| jca/Hash.java:191:85:191:94 | HashAlgorithm | Name | SHA3 | jca/Hash.java:191:85:191:94 | jca/Hash.java:191:85:191:94 | +| jca/Hash.java:191:85:191:94 | HashAlgorithm | RawName | SHA3-256 | jca/Hash.java:191:85:191:94 | jca/Hash.java:191:85:191:94 | +| jca/Hash.java:191:97:191:106 | HashAlgorithm | DigestSize | 512 | jca/Hash.java:191:97:191:106 | jca/Hash.java:191:97:191:106 | +| jca/Hash.java:191:97:191:106 | HashAlgorithm | Name | SHA3 | jca/Hash.java:191:97:191:106 | jca/Hash.java:191:97:191:106 | +| jca/Hash.java:191:97:191:106 | HashAlgorithm | RawName | SHA3-512 | jca/Hash.java:191:97:191:106 | jca/Hash.java:191:97:191:106 | +| jca/Hash.java:192:13:192:25 | HashAlgorithm | DigestSize | | file://:0:0:0:0 | file://:0:0:0:0 | +| jca/Hash.java:192:13:192:25 | HashAlgorithm | RawName | BLAKE2B-512 | jca/Hash.java:192:13:192:25 | jca/Hash.java:192:13:192:25 | +| jca/Hash.java:192:28:192:40 | HashAlgorithm | DigestSize | | file://:0:0:0:0 | file://:0:0:0:0 | +| jca/Hash.java:192:28:192:40 | HashAlgorithm | RawName | BLAKE2S-256 | jca/Hash.java:192:28:192:40 | jca/Hash.java:192:28:192:40 | +| jca/Hash.java:192:43:192:47 | HashAlgorithm | DigestSize | 128 | jca/Hash.java:192:43:192:47 | jca/Hash.java:192:43:192:47 | +| jca/Hash.java:192:43:192:47 | HashAlgorithm | Name | MD5 | jca/Hash.java:192:43:192:47 | jca/Hash.java:192:43:192:47 | +| jca/Hash.java:192:43:192:47 | HashAlgorithm | RawName | MD5 | jca/Hash.java:192:43:192:47 | jca/Hash.java:192:43:192:47 | +| jca/Hash.java:211:43:211:54 | Parameter | Description | input | jca/Hash.java:211:43:211:54 | jca/Hash.java:211:43:211:54 | +| jca/Hash.java:211:57:211:66 | Parameter | Description | key | jca/Hash.java:211:57:211:66 | jca/Hash.java:211:57:211:66 | +| jca/Hash.java:212:32:212:41 | KeyOperationAlgorithm | Name | HMAC | jca/Hash.java:212:32:212:41 | jca/Hash.java:212:32:212:41 | +| jca/Hash.java:212:32:212:41 | KeyOperationAlgorithm | RawName | HmacSHA1 | jca/Hash.java:212:32:212:41 | jca/Hash.java:212:32:212:41 | +| jca/Hash.java:212:44:212:55 | KeyOperationAlgorithm | Name | HMAC | jca/Hash.java:212:44:212:55 | jca/Hash.java:212:44:212:55 | +| jca/Hash.java:212:44:212:55 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/Hash.java:212:44:212:55 | jca/Hash.java:212:44:212:55 | +| jca/Hash.java:212:58:212:69 | KeyOperationAlgorithm | Name | HMAC | jca/Hash.java:212:58:212:69 | jca/Hash.java:212:58:212:69 | +| jca/Hash.java:212:58:212:69 | KeyOperationAlgorithm | RawName | HmacSHA384 | jca/Hash.java:212:58:212:69 | jca/Hash.java:212:58:212:69 | +| jca/Hash.java:212:72:212:83 | KeyOperationAlgorithm | Name | HMAC | jca/Hash.java:212:72:212:83 | jca/Hash.java:212:72:212:83 | +| jca/Hash.java:212:72:212:83 | KeyOperationAlgorithm | RawName | HmacSHA512 | jca/Hash.java:212:72:212:83 | jca/Hash.java:212:72:212:83 | +| jca/Hash.java:212:86:212:99 | KeyOperationAlgorithm | Name | HMAC | jca/Hash.java:212:86:212:99 | jca/Hash.java:212:86:212:99 | +| jca/Hash.java:212:86:212:99 | KeyOperationAlgorithm | RawName | HmacSHA3-256 | jca/Hash.java:212:86:212:99 | jca/Hash.java:212:86:212:99 | +| jca/Hash.java:212:102:212:115 | KeyOperationAlgorithm | Name | HMAC | jca/Hash.java:212:102:212:115 | jca/Hash.java:212:102:212:115 | +| jca/Hash.java:212:102:212:115 | KeyOperationAlgorithm | RawName | HmacSHA3-512 | jca/Hash.java:212:102:212:115 | jca/Hash.java:212:102:212:115 | +| jca/Hash.java:216:22:216:30 | Key | KeyType | Unknown | jca/Hash.java:216:22:216:30 | jca/Hash.java:216:22:216:30 | +| jca/Hash.java:217:27:217:55 | MACOperation | KeyOperationSubtype | Mac | jca/Hash.java:217:27:217:55 | jca/Hash.java:217:27:217:55 | +| jca/Hash.java:232:40:232:54 | Parameter | Description | password | jca/Hash.java:232:40:232:54 | jca/Hash.java:232:40:232:54 | +| jca/Hash.java:235:72:235:76 | Constant | Description | 10000 | jca/Hash.java:235:72:235:76 | jca/Hash.java:235:72:235:76 | +| jca/Hash.java:235:79:235:81 | Constant | Description | 256 | jca/Hash.java:235:79:235:81 | jca/Hash.java:235:79:235:81 | +| jca/Hash.java:236:65:236:86 | HMACAlgorithm | Name | HMAC | jca/Hash.java:236:65:236:86 | jca/Hash.java:236:65:236:86 | +| jca/Hash.java:236:65:236:86 | HMACAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/Hash.java:236:65:236:86 | jca/Hash.java:236:65:236:86 | +| jca/Hash.java:236:65:236:86 | HashAlgorithm | DigestSize | 256 | jca/Hash.java:236:65:236:86 | jca/Hash.java:236:65:236:86 | +| jca/Hash.java:236:65:236:86 | HashAlgorithm | Name | SHA2 | jca/Hash.java:236:65:236:86 | jca/Hash.java:236:65:236:86 | +| jca/Hash.java:236:65:236:86 | HashAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/Hash.java:236:65:236:86 | jca/Hash.java:236:65:236:86 | +| jca/Hash.java:236:65:236:86 | KeyDerivationAlgorithm | Name | PBKDF2WithHmacSHA256 | jca/Hash.java:236:65:236:86 | jca/Hash.java:236:65:236:86 | +| jca/Hash.java:236:65:236:86 | KeyDerivationAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/Hash.java:236:65:236:86 | jca/Hash.java:236:65:236:86 | +| jca/Hash.java:237:23:237:50 | Key | KeyType | Symmetric | jca/Hash.java:237:23:237:50 | jca/Hash.java:237:23:237:50 | +| jca/Hash.java:237:23:237:50 | KeyDerivation | Iterations | Constant:10000 | jca/Hash.java:235:72:235:76 | jca/Hash.java:235:72:235:76 | +| jca/Hash.java:237:23:237:50 | KeyDerivation | KeySize | Constant:256 | jca/Hash.java:235:79:235:81 | jca/Hash.java:235:79:235:81 | +| jca/Hash.java:252:37:252:58 | Constant | Description | "Config-based Hashing" | jca/Hash.java:252:37:252:58 | jca/Hash.java:252:37:252:58 | +| jca/Hash.java:266:32:266:40 | HashAlgorithm | DigestSize | 256 | jca/Hash.java:266:32:266:40 | jca/Hash.java:266:32:266:40 | +| jca/Hash.java:266:32:266:40 | HashAlgorithm | Name | SHA2 | jca/Hash.java:266:32:266:40 | jca/Hash.java:266:32:266:40 | +| jca/Hash.java:266:32:266:40 | HashAlgorithm | RawName | SHA-256 | jca/Hash.java:266:32:266:40 | jca/Hash.java:266:32:266:40 | +| jca/Hash.java:266:43:266:51 | HashAlgorithm | DigestSize | 512 | jca/Hash.java:266:43:266:51 | jca/Hash.java:266:43:266:51 | +| jca/Hash.java:266:43:266:51 | HashAlgorithm | Name | SHA2 | jca/Hash.java:266:43:266:51 | jca/Hash.java:266:43:266:51 | +| jca/Hash.java:266:43:266:51 | HashAlgorithm | RawName | SHA-512 | jca/Hash.java:266:43:266:51 | jca/Hash.java:266:43:266:51 | +| jca/Hash.java:266:54:266:63 | HashAlgorithm | DigestSize | 256 | jca/Hash.java:266:54:266:63 | jca/Hash.java:266:54:266:63 | +| jca/Hash.java:266:54:266:63 | HashAlgorithm | Name | SHA3 | jca/Hash.java:266:54:266:63 | jca/Hash.java:266:54:266:63 | +| jca/Hash.java:266:54:266:63 | HashAlgorithm | RawName | SHA3-256 | jca/Hash.java:266:54:266:63 | jca/Hash.java:266:54:266:63 | +| jca/Hash.java:266:66:266:75 | HashAlgorithm | DigestSize | 512 | jca/Hash.java:266:66:266:75 | jca/Hash.java:266:66:266:75 | +| jca/Hash.java:266:66:266:75 | HashAlgorithm | Name | SHA3 | jca/Hash.java:266:66:266:75 | jca/Hash.java:266:66:266:75 | +| jca/Hash.java:266:66:266:75 | HashAlgorithm | RawName | SHA3-512 | jca/Hash.java:266:66:266:75 | jca/Hash.java:266:66:266:75 | +| jca/Hash.java:269:27:269:38 | Constant | Description | "fixed-seed" | jca/Hash.java:269:27:269:38 | jca/Hash.java:269:27:269:38 | +| jca/Hash.java:294:16:294:66 | LocalData | Description | getProperty(...) | jca/Hash.java:294:16:294:66 | jca/Hash.java:294:16:294:66 | +| jca/Hash.java:294:57:294:65 | HashAlgorithm | DigestSize | 256 | jca/Hash.java:294:57:294:65 | jca/Hash.java:294:57:294:65 | +| jca/Hash.java:294:57:294:65 | HashAlgorithm | Name | SHA2 | jca/Hash.java:294:57:294:65 | jca/Hash.java:294:57:294:65 | +| jca/Hash.java:294:57:294:65 | HashAlgorithm | RawName | SHA-256 | jca/Hash.java:294:57:294:65 | jca/Hash.java:294:57:294:65 | +| jca/Hash.java:310:9:310:42 | RandomNumberGeneration | Description | nextBytes | jca/Hash.java:310:9:310:42 | jca/Hash.java:310:9:310:42 | +| jca/Hash.java:310:38:310:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/Hash.java:310:38:310:41 | jca/Hash.java:310:38:310:41 | +| jca/IVArtifact.java:30:44:30:65 | KeyOperationAlgorithm | Name | AES | jca/IVArtifact.java:30:44:30:65 | jca/IVArtifact.java:30:44:30:65 | +| jca/IVArtifact.java:30:44:30:65 | KeyOperationAlgorithm | RawName | AES/CBC/PKCS5Padding | jca/IVArtifact.java:30:44:30:65 | jca/IVArtifact.java:30:44:30:65 | +| jca/IVArtifact.java:30:44:30:65 | KeyOperationAlgorithm | Structure | Block | jca/IVArtifact.java:30:44:30:65 | jca/IVArtifact.java:30:44:30:65 | +| jca/IVArtifact.java:30:44:30:65 | ModeOfOperation | Name | CBC | jca/IVArtifact.java:30:44:30:65 | jca/IVArtifact.java:30:44:30:65 | +| jca/IVArtifact.java:30:44:30:65 | ModeOfOperation | RawName | CBC | jca/IVArtifact.java:30:44:30:65 | jca/IVArtifact.java:30:44:30:65 | +| jca/IVArtifact.java:30:44:30:65 | PaddingAlgorithm | Name | PKCS7 | jca/IVArtifact.java:30:44:30:65 | jca/IVArtifact.java:30:44:30:65 | +| jca/IVArtifact.java:30:44:30:65 | PaddingAlgorithm | RawName | PKCS5Padding | jca/IVArtifact.java:30:44:30:65 | jca/IVArtifact.java:30:44:30:65 | +| jca/IVArtifact.java:31:42:31:44 | Key | KeyType | Unknown | jca/IVArtifact.java:31:42:31:44 | jca/IVArtifact.java:31:42:31:44 | +| jca/IVArtifact.java:32:29:32:73 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/IVArtifact.java:32:29:32:73 | jca/IVArtifact.java:32:29:32:73 | +| jca/IVArtifact.java:32:44:32:61 | Constant | Description | "Simple Test Data" | jca/IVArtifact.java:32:44:32:61 | jca/IVArtifact.java:32:44:32:61 | +| jca/IVArtifact.java:38:42:38:44 | Key | KeyType | Unknown | jca/IVArtifact.java:38:42:38:44 | jca/IVArtifact.java:38:42:38:44 | +| jca/IVArtifact.java:39:29:39:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/IVArtifact.java:39:29:39:53 | jca/IVArtifact.java:39:29:39:53 | +| jca/IVArtifact.java:49:27:49:42 | Constant | Description | "Sensitive Data" | jca/IVArtifact.java:49:27:49:42 | jca/IVArtifact.java:49:27:49:42 | +| jca/IVArtifact.java:70:16:70:81 | LocalData | Description | getProperty(...) | jca/IVArtifact.java:70:16:70:81 | jca/IVArtifact.java:70:16:70:81 | +| jca/IVArtifact.java:70:59:70:80 | KeyOperationAlgorithm | Name | AES | jca/IVArtifact.java:70:59:70:80 | jca/IVArtifact.java:70:59:70:80 | +| jca/IVArtifact.java:70:59:70:80 | KeyOperationAlgorithm | RawName | AES/CBC/PKCS5Padding | jca/IVArtifact.java:70:59:70:80 | jca/IVArtifact.java:70:59:70:80 | +| jca/IVArtifact.java:70:59:70:80 | KeyOperationAlgorithm | Structure | Block | jca/IVArtifact.java:70:59:70:80 | jca/IVArtifact.java:70:59:70:80 | +| jca/IVArtifact.java:70:59:70:80 | ModeOfOperation | Name | CBC | jca/IVArtifact.java:70:59:70:80 | jca/IVArtifact.java:70:59:70:80 | +| jca/IVArtifact.java:70:59:70:80 | ModeOfOperation | RawName | CBC | jca/IVArtifact.java:70:59:70:80 | jca/IVArtifact.java:70:59:70:80 | +| jca/IVArtifact.java:70:59:70:80 | PaddingAlgorithm | Name | PKCS7 | jca/IVArtifact.java:70:59:70:80 | jca/IVArtifact.java:70:59:70:80 | +| jca/IVArtifact.java:70:59:70:80 | PaddingAlgorithm | RawName | PKCS5Padding | jca/IVArtifact.java:70:59:70:80 | jca/IVArtifact.java:70:59:70:80 | +| jca/IVArtifact.java:74:56:74:60 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/IVArtifact.java:75:21:75:23 | jca/IVArtifact.java:75:21:75:23 | +| jca/IVArtifact.java:74:56:74:60 | KeyOperationAlgorithm | Name | AES | jca/IVArtifact.java:74:56:74:60 | jca/IVArtifact.java:74:56:74:60 | +| jca/IVArtifact.java:74:56:74:60 | KeyOperationAlgorithm | RawName | AES | jca/IVArtifact.java:74:56:74:60 | jca/IVArtifact.java:74:56:74:60 | +| jca/IVArtifact.java:74:56:74:60 | KeyOperationAlgorithm | Structure | Block | jca/IVArtifact.java:74:56:74:60 | jca/IVArtifact.java:74:56:74:60 | +| jca/IVArtifact.java:75:21:75:23 | Constant | Description | 256 | jca/IVArtifact.java:75:21:75:23 | jca/IVArtifact.java:75:21:75:23 | +| jca/IVArtifact.java:76:16:76:35 | Key | KeyType | Symmetric | jca/IVArtifact.java:76:16:76:35 | jca/IVArtifact.java:76:16:76:35 | +| jca/IVArtifact.java:81:9:81:40 | RandomNumberGeneration | Description | nextBytes | jca/IVArtifact.java:81:9:81:40 | jca/IVArtifact.java:81:9:81:40 | +| jca/IVArtifact.java:81:38:81:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/IVArtifact.java:81:38:81:39 | jca/IVArtifact.java:81:38:81:39 | +| jca/IVArtifact.java:87:32:87:33 | RandomNumberGeneration | Description | java.util.Random | jca/IVArtifact.java:87:32:87:33 | jca/IVArtifact.java:87:32:87:33 | +| jca/IVArtifact.java:105:44:105:62 | KeyOperationAlgorithm | Name | AES | jca/IVArtifact.java:105:44:105:62 | jca/IVArtifact.java:105:44:105:62 | +| jca/IVArtifact.java:105:44:105:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/IVArtifact.java:105:44:105:62 | jca/IVArtifact.java:105:44:105:62 | +| jca/IVArtifact.java:105:44:105:62 | KeyOperationAlgorithm | Structure | Block | jca/IVArtifact.java:105:44:105:62 | jca/IVArtifact.java:105:44:105:62 | +| jca/IVArtifact.java:105:44:105:62 | ModeOfOperation | Name | GCM | jca/IVArtifact.java:105:44:105:62 | jca/IVArtifact.java:105:44:105:62 | +| jca/IVArtifact.java:105:44:105:62 | ModeOfOperation | RawName | GCM | jca/IVArtifact.java:105:44:105:62 | jca/IVArtifact.java:105:44:105:62 | +| jca/IVArtifact.java:105:44:105:62 | PaddingAlgorithm | Name | UnknownPadding | jca/IVArtifact.java:105:44:105:62 | jca/IVArtifact.java:105:44:105:62 | +| jca/IVArtifact.java:105:44:105:62 | PaddingAlgorithm | RawName | NoPadding | jca/IVArtifact.java:105:44:105:62 | jca/IVArtifact.java:105:44:105:62 | +| jca/IVArtifact.java:108:42:108:44 | Key | KeyType | Unknown | jca/IVArtifact.java:108:42:108:44 | jca/IVArtifact.java:108:42:108:44 | +| jca/IVArtifact.java:109:16:109:40 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/IVArtifact.java:109:16:109:40 | jca/IVArtifact.java:109:16:109:40 | +| jca/IVArtifact.java:116:31:116:34 | Constant | Description | null | jca/IVArtifact.java:116:31:116:34 | jca/IVArtifact.java:116:31:116:34 | +| jca/IVArtifact.java:130:13:130:50 | RandomNumberGeneration | Description | nextBytes | jca/IVArtifact.java:130:13:130:50 | jca/IVArtifact.java:130:13:130:50 | +| jca/IVArtifact.java:130:42:130:49 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/IVArtifact.java:130:42:130:49 | jca/IVArtifact.java:130:42:130:49 | +| jca/IVArtifact.java:132:44:132:62 | KeyOperationAlgorithm | Name | AES | jca/IVArtifact.java:132:44:132:62 | jca/IVArtifact.java:132:44:132:62 | +| jca/IVArtifact.java:132:44:132:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/IVArtifact.java:132:44:132:62 | jca/IVArtifact.java:132:44:132:62 | +| jca/IVArtifact.java:132:44:132:62 | KeyOperationAlgorithm | Structure | Block | jca/IVArtifact.java:132:44:132:62 | jca/IVArtifact.java:132:44:132:62 | +| jca/IVArtifact.java:132:44:132:62 | ModeOfOperation | Name | GCM | jca/IVArtifact.java:132:44:132:62 | jca/IVArtifact.java:132:44:132:62 | +| jca/IVArtifact.java:132:44:132:62 | ModeOfOperation | RawName | GCM | jca/IVArtifact.java:132:44:132:62 | jca/IVArtifact.java:132:44:132:62 | +| jca/IVArtifact.java:132:44:132:62 | PaddingAlgorithm | Name | UnknownPadding | jca/IVArtifact.java:132:44:132:62 | jca/IVArtifact.java:132:44:132:62 | +| jca/IVArtifact.java:132:44:132:62 | PaddingAlgorithm | RawName | NoPadding | jca/IVArtifact.java:132:44:132:62 | jca/IVArtifact.java:132:44:132:62 | +| jca/IVArtifact.java:134:42:134:44 | Key | KeyType | Unknown | jca/IVArtifact.java:134:42:134:44 | jca/IVArtifact.java:134:42:134:44 | +| jca/IVArtifact.java:135:16:135:40 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/IVArtifact.java:135:16:135:40 | jca/IVArtifact.java:135:16:135:40 | +| jca/IVArtifact.java:153:58:153:66 | HashAlgorithm | DigestSize | 256 | jca/IVArtifact.java:153:58:153:66 | jca/IVArtifact.java:153:58:153:66 | +| jca/IVArtifact.java:153:58:153:66 | HashAlgorithm | Name | SHA2 | jca/IVArtifact.java:153:58:153:66 | jca/IVArtifact.java:153:58:153:66 | +| jca/IVArtifact.java:153:58:153:66 | HashAlgorithm | RawName | SHA-256 | jca/IVArtifact.java:153:58:153:66 | jca/IVArtifact.java:153:58:153:66 | +| jca/IVArtifact.java:154:45:154:59 | Constant | Description | "fixedConstant" | jca/IVArtifact.java:154:45:154:59 | jca/IVArtifact.java:154:45:154:59 | +| jca/IVArtifact.java:156:44:156:62 | KeyOperationAlgorithm | Name | AES | jca/IVArtifact.java:156:44:156:62 | jca/IVArtifact.java:156:44:156:62 | +| jca/IVArtifact.java:156:44:156:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/IVArtifact.java:156:44:156:62 | jca/IVArtifact.java:156:44:156:62 | +| jca/IVArtifact.java:156:44:156:62 | KeyOperationAlgorithm | Structure | Block | jca/IVArtifact.java:156:44:156:62 | jca/IVArtifact.java:156:44:156:62 | +| jca/IVArtifact.java:156:44:156:62 | ModeOfOperation | Name | GCM | jca/IVArtifact.java:156:44:156:62 | jca/IVArtifact.java:156:44:156:62 | +| jca/IVArtifact.java:156:44:156:62 | ModeOfOperation | RawName | GCM | jca/IVArtifact.java:156:44:156:62 | jca/IVArtifact.java:156:44:156:62 | +| jca/IVArtifact.java:156:44:156:62 | PaddingAlgorithm | Name | UnknownPadding | jca/IVArtifact.java:156:44:156:62 | jca/IVArtifact.java:156:44:156:62 | +| jca/IVArtifact.java:156:44:156:62 | PaddingAlgorithm | RawName | NoPadding | jca/IVArtifact.java:156:44:156:62 | jca/IVArtifact.java:156:44:156:62 | +| jca/IVArtifact.java:158:42:158:44 | Key | KeyType | Unknown | jca/IVArtifact.java:158:42:158:44 | jca/IVArtifact.java:158:42:158:44 | +| jca/IVArtifact.java:159:16:159:40 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/IVArtifact.java:159:16:159:40 | jca/IVArtifact.java:159:16:159:40 | +| jca/IVArtifact.java:177:9:177:40 | RandomNumberGeneration | Description | nextBytes | jca/IVArtifact.java:177:9:177:40 | jca/IVArtifact.java:177:9:177:40 | +| jca/IVArtifact.java:177:38:177:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/IVArtifact.java:177:38:177:39 | jca/IVArtifact.java:177:38:177:39 | +| jca/IVArtifact.java:180:48:180:66 | KeyOperationAlgorithm | Name | AES | jca/IVArtifact.java:180:48:180:66 | jca/IVArtifact.java:180:48:180:66 | +| jca/IVArtifact.java:180:48:180:66 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/IVArtifact.java:180:48:180:66 | jca/IVArtifact.java:180:48:180:66 | +| jca/IVArtifact.java:180:48:180:66 | KeyOperationAlgorithm | Structure | Block | jca/IVArtifact.java:180:48:180:66 | jca/IVArtifact.java:180:48:180:66 | +| jca/IVArtifact.java:180:48:180:66 | ModeOfOperation | Name | GCM | jca/IVArtifact.java:180:48:180:66 | jca/IVArtifact.java:180:48:180:66 | +| jca/IVArtifact.java:180:48:180:66 | ModeOfOperation | RawName | GCM | jca/IVArtifact.java:180:48:180:66 | jca/IVArtifact.java:180:48:180:66 | +| jca/IVArtifact.java:180:48:180:66 | PaddingAlgorithm | Name | UnknownPadding | jca/IVArtifact.java:180:48:180:66 | jca/IVArtifact.java:180:48:180:66 | +| jca/IVArtifact.java:180:48:180:66 | PaddingAlgorithm | RawName | NoPadding | jca/IVArtifact.java:180:48:180:66 | jca/IVArtifact.java:180:48:180:66 | +| jca/IVArtifact.java:182:46:182:48 | Key | KeyType | Unknown | jca/IVArtifact.java:182:46:182:48 | jca/IVArtifact.java:182:46:182:48 | +| jca/IVArtifact.java:183:30:183:58 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/IVArtifact.java:183:30:183:58 | jca/IVArtifact.java:183:30:183:58 | +| jca/IVArtifact.java:198:44:198:62 | KeyOperationAlgorithm | Name | AES | jca/IVArtifact.java:198:44:198:62 | jca/IVArtifact.java:198:44:198:62 | +| jca/IVArtifact.java:198:44:198:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/IVArtifact.java:198:44:198:62 | jca/IVArtifact.java:198:44:198:62 | +| jca/IVArtifact.java:198:44:198:62 | KeyOperationAlgorithm | Structure | Block | jca/IVArtifact.java:198:44:198:62 | jca/IVArtifact.java:198:44:198:62 | +| jca/IVArtifact.java:198:44:198:62 | ModeOfOperation | Name | GCM | jca/IVArtifact.java:198:44:198:62 | jca/IVArtifact.java:198:44:198:62 | +| jca/IVArtifact.java:198:44:198:62 | ModeOfOperation | RawName | GCM | jca/IVArtifact.java:198:44:198:62 | jca/IVArtifact.java:198:44:198:62 | +| jca/IVArtifact.java:198:44:198:62 | PaddingAlgorithm | Name | UnknownPadding | jca/IVArtifact.java:198:44:198:62 | jca/IVArtifact.java:198:44:198:62 | +| jca/IVArtifact.java:198:44:198:62 | PaddingAlgorithm | RawName | NoPadding | jca/IVArtifact.java:198:44:198:62 | jca/IVArtifact.java:198:44:198:62 | +| jca/IVArtifact.java:201:42:201:44 | Key | KeyType | Unknown | jca/IVArtifact.java:201:42:201:44 | jca/IVArtifact.java:201:42:201:44 | +| jca/IVArtifact.java:202:16:202:40 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/IVArtifact.java:202:16:202:40 | jca/IVArtifact.java:202:16:202:40 | +| jca/IVArtifact.java:215:53:215:65 | Parameter | Description | key | jca/IVArtifact.java:215:53:215:65 | jca/IVArtifact.java:215:53:215:65 | +| jca/IVArtifact.java:215:68:215:83 | Parameter | Description | plaintext | jca/IVArtifact.java:215:68:215:83 | jca/IVArtifact.java:215:68:215:83 | +| jca/IVArtifact.java:235:60:235:72 | Parameter | Description | key | jca/IVArtifact.java:235:60:235:72 | jca/IVArtifact.java:235:60:235:72 | +| jca/IVArtifact.java:235:75:235:90 | Parameter | Description | plaintext | jca/IVArtifact.java:235:75:235:90 | jca/IVArtifact.java:235:75:235:90 | +| jca/IVArtifact.java:253:56:253:60 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/IVArtifact.java:254:21:254:23 | jca/IVArtifact.java:254:21:254:23 | +| jca/IVArtifact.java:253:56:253:60 | KeyOperationAlgorithm | Name | AES | jca/IVArtifact.java:253:56:253:60 | jca/IVArtifact.java:253:56:253:60 | +| jca/IVArtifact.java:253:56:253:60 | KeyOperationAlgorithm | RawName | AES | jca/IVArtifact.java:253:56:253:60 | jca/IVArtifact.java:253:56:253:60 | +| jca/IVArtifact.java:253:56:253:60 | KeyOperationAlgorithm | Structure | Block | jca/IVArtifact.java:253:56:253:60 | jca/IVArtifact.java:253:56:253:60 | +| jca/IVArtifact.java:254:21:254:23 | Constant | Description | 256 | jca/IVArtifact.java:254:21:254:23 | jca/IVArtifact.java:254:21:254:23 | +| jca/IVArtifact.java:255:29:255:44 | Key | KeyType | Symmetric | jca/IVArtifact.java:255:29:255:44 | jca/IVArtifact.java:255:29:255:44 | +| jca/IVArtifact.java:256:32:256:47 | Constant | Description | "Sensitive Data" | jca/IVArtifact.java:256:32:256:47 | jca/IVArtifact.java:256:32:256:47 | +| jca/IVArtifact.java:275:34:275:46 | Constant | Description | "Message One" | jca/IVArtifact.java:275:34:275:46 | jca/IVArtifact.java:275:34:275:46 | +| jca/IVArtifact.java:275:60:275:72 | Constant | Description | "Message Two" | jca/IVArtifact.java:275:60:275:72 | jca/IVArtifact.java:275:60:275:72 | +| jca/IVArtifact.java:275:86:275:100 | Constant | Description | "Message Three" | jca/IVArtifact.java:275:86:275:100 | jca/IVArtifact.java:275:86:275:100 | +| jca/KeyAgreementHybridCryptosystem.java:50:47:50:57 | EllipticCurve | KeySize | 256 | jca/KeyAgreementHybridCryptosystem.java:50:47:50:57 | jca/KeyAgreementHybridCryptosystem.java:50:47:50:57 | +| jca/KeyAgreementHybridCryptosystem.java:50:47:50:57 | EllipticCurve | Name | secp256r1 | jca/KeyAgreementHybridCryptosystem.java:50:47:50:57 | jca/KeyAgreementHybridCryptosystem.java:50:47:50:57 | +| jca/KeyAgreementHybridCryptosystem.java:50:47:50:57 | EllipticCurve | ParsedName | secp256r1 | jca/KeyAgreementHybridCryptosystem.java:50:47:50:57 | jca/KeyAgreementHybridCryptosystem.java:50:47:50:57 | +| jca/KeyAgreementHybridCryptosystem.java:50:47:50:57 | EllipticCurve | RawName | secp256r1 | jca/KeyAgreementHybridCryptosystem.java:50:47:50:57 | jca/KeyAgreementHybridCryptosystem.java:50:47:50:57 | +| jca/KeyAgreementHybridCryptosystem.java:51:16:51:36 | Key | KeyType | Asymmetric | jca/KeyAgreementHybridCryptosystem.java:51:16:51:36 | jca/KeyAgreementHybridCryptosystem.java:51:16:51:36 | +| jca/KeyAgreementHybridCryptosystem.java:58:61:58:68 | KeyAgreementAlgorithm | Name | X25519 | jca/KeyAgreementHybridCryptosystem.java:58:61:58:68 | jca/KeyAgreementHybridCryptosystem.java:58:61:58:68 | +| jca/KeyAgreementHybridCryptosystem.java:58:61:58:68 | KeyAgreementAlgorithm | RawName | X25519 | jca/KeyAgreementHybridCryptosystem.java:58:61:58:68 | jca/KeyAgreementHybridCryptosystem.java:58:61:58:68 | +| jca/KeyAgreementHybridCryptosystem.java:59:24:59:26 | Constant | Description | 255 | jca/KeyAgreementHybridCryptosystem.java:59:24:59:26 | jca/KeyAgreementHybridCryptosystem.java:59:24:59:26 | +| jca/KeyAgreementHybridCryptosystem.java:60:16:60:36 | Key | KeyType | Asymmetric | jca/KeyAgreementHybridCryptosystem.java:60:16:60:36 | jca/KeyAgreementHybridCryptosystem.java:60:16:60:36 | +| jca/KeyAgreementHybridCryptosystem.java:68:17:68:26 | Key | KeyType | Unknown | jca/KeyAgreementHybridCryptosystem.java:68:17:68:26 | jca/KeyAgreementHybridCryptosystem.java:68:17:68:26 | +| jca/KeyAgreementHybridCryptosystem.java:69:20:69:28 | Key | KeyType | Unknown | jca/KeyAgreementHybridCryptosystem.java:69:20:69:28 | jca/KeyAgreementHybridCryptosystem.java:69:20:69:28 | +| jca/KeyAgreementHybridCryptosystem.java:78:58:78:66 | HashAlgorithm | DigestSize | 256 | jca/KeyAgreementHybridCryptosystem.java:78:58:78:66 | jca/KeyAgreementHybridCryptosystem.java:78:58:78:66 | +| jca/KeyAgreementHybridCryptosystem.java:78:58:78:66 | HashAlgorithm | Name | SHA2 | jca/KeyAgreementHybridCryptosystem.java:78:58:78:66 | jca/KeyAgreementHybridCryptosystem.java:78:58:78:66 | +| jca/KeyAgreementHybridCryptosystem.java:78:58:78:66 | HashAlgorithm | RawName | SHA-256 | jca/KeyAgreementHybridCryptosystem.java:78:58:78:66 | jca/KeyAgreementHybridCryptosystem.java:78:58:78:66 | +| jca/KeyAgreementHybridCryptosystem.java:104:90:104:95 | KeyAgreementAlgorithm | Name | ECDH | jca/KeyAgreementHybridCryptosystem.java:104:90:104:95 | jca/KeyAgreementHybridCryptosystem.java:104:90:104:95 | +| jca/KeyAgreementHybridCryptosystem.java:104:90:104:95 | KeyAgreementAlgorithm | RawName | ECDH | jca/KeyAgreementHybridCryptosystem.java:104:90:104:95 | jca/KeyAgreementHybridCryptosystem.java:104:90:104:95 | +| jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | KeyOperationAlgorithm | Name | AES | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | +| jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | +| jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | KeyOperationAlgorithm | Structure | Block | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | +| jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | ModeOfOperation | Name | GCM | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | +| jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | ModeOfOperation | RawName | GCM | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | +| jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | PaddingAlgorithm | Name | UnknownPadding | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | +| jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | PaddingAlgorithm | RawName | NoPadding | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | +| jca/KeyAgreementHybridCryptosystem.java:110:9:110:40 | RandomNumberGeneration | Description | nextBytes | jca/KeyAgreementHybridCryptosystem.java:110:9:110:40 | jca/KeyAgreementHybridCryptosystem.java:110:9:110:40 | +| jca/KeyAgreementHybridCryptosystem.java:110:38:110:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/KeyAgreementHybridCryptosystem.java:110:38:110:39 | jca/KeyAgreementHybridCryptosystem.java:110:38:110:39 | +| jca/KeyAgreementHybridCryptosystem.java:112:42:112:47 | Key | KeyType | Unknown | jca/KeyAgreementHybridCryptosystem.java:112:42:112:47 | jca/KeyAgreementHybridCryptosystem.java:112:42:112:47 | +| jca/KeyAgreementHybridCryptosystem.java:113:29:113:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/KeyAgreementHybridCryptosystem.java:113:29:113:53 | jca/KeyAgreementHybridCryptosystem.java:113:29:113:53 | +| jca/KeyAgreementHybridCryptosystem.java:125:95:125:100 | KeyAgreementAlgorithm | Name | ECDH | jca/KeyAgreementHybridCryptosystem.java:125:95:125:100 | jca/KeyAgreementHybridCryptosystem.java:125:95:125:100 | +| jca/KeyAgreementHybridCryptosystem.java:125:95:125:100 | KeyAgreementAlgorithm | RawName | ECDH | jca/KeyAgreementHybridCryptosystem.java:125:95:125:100 | jca/KeyAgreementHybridCryptosystem.java:125:95:125:100 | +| jca/KeyAgreementHybridCryptosystem.java:130:44:130:62 | KeyOperationAlgorithm | Name | AES | jca/KeyAgreementHybridCryptosystem.java:130:44:130:62 | jca/KeyAgreementHybridCryptosystem.java:130:44:130:62 | +| jca/KeyAgreementHybridCryptosystem.java:130:44:130:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/KeyAgreementHybridCryptosystem.java:130:44:130:62 | jca/KeyAgreementHybridCryptosystem.java:130:44:130:62 | +| jca/KeyAgreementHybridCryptosystem.java:130:44:130:62 | KeyOperationAlgorithm | Structure | Block | jca/KeyAgreementHybridCryptosystem.java:130:44:130:62 | jca/KeyAgreementHybridCryptosystem.java:130:44:130:62 | +| jca/KeyAgreementHybridCryptosystem.java:130:44:130:62 | ModeOfOperation | Name | GCM | jca/KeyAgreementHybridCryptosystem.java:130:44:130:62 | jca/KeyAgreementHybridCryptosystem.java:130:44:130:62 | +| jca/KeyAgreementHybridCryptosystem.java:130:44:130:62 | ModeOfOperation | RawName | GCM | jca/KeyAgreementHybridCryptosystem.java:130:44:130:62 | jca/KeyAgreementHybridCryptosystem.java:130:44:130:62 | +| jca/KeyAgreementHybridCryptosystem.java:130:44:130:62 | PaddingAlgorithm | Name | UnknownPadding | jca/KeyAgreementHybridCryptosystem.java:130:44:130:62 | jca/KeyAgreementHybridCryptosystem.java:130:44:130:62 | +| jca/KeyAgreementHybridCryptosystem.java:130:44:130:62 | PaddingAlgorithm | RawName | NoPadding | jca/KeyAgreementHybridCryptosystem.java:130:44:130:62 | jca/KeyAgreementHybridCryptosystem.java:130:44:130:62 | +| jca/KeyAgreementHybridCryptosystem.java:132:42:132:47 | Key | KeyType | Unknown | jca/KeyAgreementHybridCryptosystem.java:132:42:132:47 | jca/KeyAgreementHybridCryptosystem.java:132:42:132:47 | +| jca/KeyAgreementHybridCryptosystem.java:133:29:133:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/KeyAgreementHybridCryptosystem.java:133:29:133:53 | jca/KeyAgreementHybridCryptosystem.java:133:29:133:53 | +| jca/KeyAgreementHybridCryptosystem.java:149:91:149:98 | KeyAgreementAlgorithm | Name | X25519 | jca/KeyAgreementHybridCryptosystem.java:149:91:149:98 | jca/KeyAgreementHybridCryptosystem.java:149:91:149:98 | +| jca/KeyAgreementHybridCryptosystem.java:149:91:149:98 | KeyAgreementAlgorithm | RawName | X25519 | jca/KeyAgreementHybridCryptosystem.java:149:91:149:98 | jca/KeyAgreementHybridCryptosystem.java:149:91:149:98 | +| jca/KeyAgreementHybridCryptosystem.java:150:59:150:67 | HashAlgorithm | DigestSize | 256 | jca/KeyAgreementHybridCryptosystem.java:150:59:150:67 | jca/KeyAgreementHybridCryptosystem.java:150:59:150:67 | +| jca/KeyAgreementHybridCryptosystem.java:150:59:150:67 | HashAlgorithm | Name | SHA2 | jca/KeyAgreementHybridCryptosystem.java:150:59:150:67 | jca/KeyAgreementHybridCryptosystem.java:150:59:150:67 | +| jca/KeyAgreementHybridCryptosystem.java:150:59:150:67 | HashAlgorithm | RawName | SHA-256 | jca/KeyAgreementHybridCryptosystem.java:150:59:150:67 | jca/KeyAgreementHybridCryptosystem.java:150:59:150:67 | +| jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | KeyOperationAlgorithm | Name | Unknown | jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | +| jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | KeyOperationAlgorithm | RawName | ChaCha20-Poly1305 | jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | +| jca/KeyAgreementHybridCryptosystem.java:155:9:155:43 | RandomNumberGeneration | Description | nextBytes | jca/KeyAgreementHybridCryptosystem.java:155:9:155:43 | jca/KeyAgreementHybridCryptosystem.java:155:9:155:43 | +| jca/KeyAgreementHybridCryptosystem.java:155:38:155:42 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/KeyAgreementHybridCryptosystem.java:155:38:155:42 | jca/KeyAgreementHybridCryptosystem.java:155:38:155:42 | +| jca/KeyAgreementHybridCryptosystem.java:156:42:156:50 | Key | KeyType | Unknown | jca/KeyAgreementHybridCryptosystem.java:156:42:156:50 | jca/KeyAgreementHybridCryptosystem.java:156:42:156:50 | +| jca/KeyAgreementHybridCryptosystem.java:157:29:157:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/KeyAgreementHybridCryptosystem.java:157:29:157:53 | jca/KeyAgreementHybridCryptosystem.java:157:29:157:53 | +| jca/KeyAgreementHybridCryptosystem.java:169:95:169:102 | KeyAgreementAlgorithm | Name | X25519 | jca/KeyAgreementHybridCryptosystem.java:169:95:169:102 | jca/KeyAgreementHybridCryptosystem.java:169:95:169:102 | +| jca/KeyAgreementHybridCryptosystem.java:169:95:169:102 | KeyAgreementAlgorithm | RawName | X25519 | jca/KeyAgreementHybridCryptosystem.java:169:95:169:102 | jca/KeyAgreementHybridCryptosystem.java:169:95:169:102 | +| jca/KeyAgreementHybridCryptosystem.java:174:44:174:62 | KeyOperationAlgorithm | Name | Unknown | jca/KeyAgreementHybridCryptosystem.java:174:44:174:62 | jca/KeyAgreementHybridCryptosystem.java:174:44:174:62 | +| jca/KeyAgreementHybridCryptosystem.java:174:44:174:62 | KeyOperationAlgorithm | RawName | ChaCha20-Poly1305 | jca/KeyAgreementHybridCryptosystem.java:174:44:174:62 | jca/KeyAgreementHybridCryptosystem.java:174:44:174:62 | +| jca/KeyAgreementHybridCryptosystem.java:175:42:175:50 | Key | KeyType | Unknown | jca/KeyAgreementHybridCryptosystem.java:175:42:175:50 | jca/KeyAgreementHybridCryptosystem.java:175:42:175:50 | +| jca/KeyAgreementHybridCryptosystem.java:176:29:176:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/KeyAgreementHybridCryptosystem.java:176:29:176:53 | jca/KeyAgreementHybridCryptosystem.java:176:29:176:53 | +| jca/KeyAgreementHybridCryptosystem.java:188:58:188:73 | Parameter | Description | plaintext | jca/KeyAgreementHybridCryptosystem.java:188:58:188:73 | jca/KeyAgreementHybridCryptosystem.java:188:58:188:73 | +| jca/KeyAgreementHybridCryptosystem.java:212:58:212:70 | Parameter | Description | key | jca/KeyAgreementHybridCryptosystem.java:212:58:212:70 | jca/KeyAgreementHybridCryptosystem.java:212:58:212:70 | +| jca/KeyAgreementHybridCryptosystem.java:212:73:212:88 | Parameter | Description | plaintext | jca/KeyAgreementHybridCryptosystem.java:212:73:212:88 | jca/KeyAgreementHybridCryptosystem.java:212:73:212:88 | +| jca/KeyAgreementHybridCryptosystem.java:215:75:215:79 | Constant | Description | 10000 | jca/KeyAgreementHybridCryptosystem.java:215:75:215:79 | jca/KeyAgreementHybridCryptosystem.java:215:75:215:79 | +| jca/KeyAgreementHybridCryptosystem.java:215:82:215:84 | Constant | Description | 256 | jca/KeyAgreementHybridCryptosystem.java:215:82:215:84 | jca/KeyAgreementHybridCryptosystem.java:215:82:215:84 | +| jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | HMACAlgorithm | Name | HMAC | jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | +| jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | HMACAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | +| jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | HashAlgorithm | DigestSize | 256 | jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | +| jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | HashAlgorithm | Name | SHA2 | jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | +| jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | HashAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | +| jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | KeyDerivationAlgorithm | Name | PBKDF2WithHmacSHA256 | jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | +| jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | KeyDerivationAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | +| jca/KeyAgreementHybridCryptosystem.java:217:26:217:53 | Key | KeyType | Symmetric | jca/KeyAgreementHybridCryptosystem.java:217:26:217:53 | jca/KeyAgreementHybridCryptosystem.java:217:26:217:53 | +| jca/KeyAgreementHybridCryptosystem.java:217:26:217:53 | KeyDerivation | Iterations | Constant:10000 | jca/KeyAgreementHybridCryptosystem.java:215:75:215:79 | jca/KeyAgreementHybridCryptosystem.java:215:75:215:79 | +| jca/KeyAgreementHybridCryptosystem.java:217:26:217:53 | KeyDerivation | KeySize | Constant:256 | jca/KeyAgreementHybridCryptosystem.java:215:82:215:84 | jca/KeyAgreementHybridCryptosystem.java:215:82:215:84 | +| jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | KeyOperationAlgorithm | Name | AES | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | +| jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | +| jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | KeyOperationAlgorithm | Structure | Block | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | +| jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | ModeOfOperation | Name | GCM | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | +| jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | ModeOfOperation | RawName | GCM | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | +| jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | PaddingAlgorithm | Name | UnknownPadding | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | +| jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | PaddingAlgorithm | RawName | NoPadding | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | +| jca/KeyAgreementHybridCryptosystem.java:225:9:225:40 | RandomNumberGeneration | Description | nextBytes | jca/KeyAgreementHybridCryptosystem.java:225:9:225:40 | jca/KeyAgreementHybridCryptosystem.java:225:9:225:40 | +| jca/KeyAgreementHybridCryptosystem.java:225:38:225:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/KeyAgreementHybridCryptosystem.java:225:38:225:39 | jca/KeyAgreementHybridCryptosystem.java:225:38:225:39 | +| jca/KeyAgreementHybridCryptosystem.java:227:42:227:54 | Key | KeyType | Unknown | jca/KeyAgreementHybridCryptosystem.java:227:42:227:54 | jca/KeyAgreementHybridCryptosystem.java:227:42:227:54 | +| jca/KeyAgreementHybridCryptosystem.java:228:29:228:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/KeyAgreementHybridCryptosystem.java:228:29:228:53 | jca/KeyAgreementHybridCryptosystem.java:228:29:228:53 | +| jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | KeyOperationAlgorithm | Name | HMAC | jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | +| jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | +| jca/KeyAgreementHybridCryptosystem.java:231:18:231:30 | Key | KeyType | Unknown | jca/KeyAgreementHybridCryptosystem.java:231:18:231:30 | jca/KeyAgreementHybridCryptosystem.java:231:18:231:30 | +| jca/KeyAgreementHybridCryptosystem.java:232:30:232:52 | MACOperation | KeyOperationSubtype | Mac | jca/KeyAgreementHybridCryptosystem.java:232:30:232:52 | jca/KeyAgreementHybridCryptosystem.java:232:30:232:52 | +| jca/KeyAgreementHybridCryptosystem.java:259:52:259:56 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/KeyAgreementHybridCryptosystem.java:260:17:260:19 | jca/KeyAgreementHybridCryptosystem.java:260:17:260:19 | +| jca/KeyAgreementHybridCryptosystem.java:259:52:259:56 | KeyOperationAlgorithm | Name | AES | jca/KeyAgreementHybridCryptosystem.java:259:52:259:56 | jca/KeyAgreementHybridCryptosystem.java:259:52:259:56 | +| jca/KeyAgreementHybridCryptosystem.java:259:52:259:56 | KeyOperationAlgorithm | RawName | AES | jca/KeyAgreementHybridCryptosystem.java:259:52:259:56 | jca/KeyAgreementHybridCryptosystem.java:259:52:259:56 | +| jca/KeyAgreementHybridCryptosystem.java:259:52:259:56 | KeyOperationAlgorithm | Structure | Block | jca/KeyAgreementHybridCryptosystem.java:259:52:259:56 | jca/KeyAgreementHybridCryptosystem.java:259:52:259:56 | +| jca/KeyAgreementHybridCryptosystem.java:260:17:260:19 | Constant | Description | 256 | jca/KeyAgreementHybridCryptosystem.java:260:17:260:19 | jca/KeyAgreementHybridCryptosystem.java:260:17:260:19 | +| jca/KeyAgreementHybridCryptosystem.java:261:16:261:31 | Key | KeyType | Symmetric | jca/KeyAgreementHybridCryptosystem.java:261:16:261:31 | jca/KeyAgreementHybridCryptosystem.java:261:16:261:31 | +| jca/KeyAgreementHybridCryptosystem.java:269:9:269:42 | RandomNumberGeneration | Description | nextBytes | jca/KeyAgreementHybridCryptosystem.java:269:9:269:42 | jca/KeyAgreementHybridCryptosystem.java:269:9:269:42 | +| jca/KeyAgreementHybridCryptosystem.java:269:38:269:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/KeyAgreementHybridCryptosystem.java:269:38:269:41 | jca/KeyAgreementHybridCryptosystem.java:269:38:269:41 | +| jca/KeyArtifact.java:18:56:18:60 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/KeyArtifact.java:19:21:19:23 | jca/KeyArtifact.java:19:21:19:23 | +| jca/KeyArtifact.java:18:56:18:60 | KeyOperationAlgorithm | Name | AES | jca/KeyArtifact.java:18:56:18:60 | jca/KeyArtifact.java:18:56:18:60 | +| jca/KeyArtifact.java:18:56:18:60 | KeyOperationAlgorithm | RawName | AES | jca/KeyArtifact.java:18:56:18:60 | jca/KeyArtifact.java:18:56:18:60 | +| jca/KeyArtifact.java:18:56:18:60 | KeyOperationAlgorithm | Structure | Block | jca/KeyArtifact.java:18:56:18:60 | jca/KeyArtifact.java:18:56:18:60 | +| jca/KeyArtifact.java:19:21:19:23 | Constant | Description | 256 | jca/KeyArtifact.java:19:21:19:23 | jca/KeyArtifact.java:19:21:19:23 | +| jca/KeyArtifact.java:20:31:20:50 | Key | KeyType | Symmetric | jca/KeyArtifact.java:20:31:20:50 | jca/KeyArtifact.java:20:31:20:50 | +| jca/KeyArtifact.java:23:43:23:47 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/KeyArtifact.java:24:21:24:23 | jca/KeyArtifact.java:24:21:24:23 | +| jca/KeyArtifact.java:23:43:23:47 | KeyOperationAlgorithm | Name | AES | jca/KeyArtifact.java:23:43:23:47 | jca/KeyArtifact.java:23:43:23:47 | +| jca/KeyArtifact.java:23:43:23:47 | KeyOperationAlgorithm | RawName | AES | jca/KeyArtifact.java:23:43:23:47 | jca/KeyArtifact.java:23:43:23:47 | +| jca/KeyArtifact.java:23:43:23:47 | KeyOperationAlgorithm | Structure | Block | jca/KeyArtifact.java:23:43:23:47 | jca/KeyArtifact.java:23:43:23:47 | +| jca/KeyArtifact.java:24:21:24:23 | Constant | Description | 256 | jca/KeyArtifact.java:24:21:24:23 | jca/KeyArtifact.java:24:21:24:23 | +| jca/KeyArtifact.java:25:30:25:49 | Key | KeyType | Symmetric | jca/KeyArtifact.java:25:30:25:49 | jca/KeyArtifact.java:25:30:25:49 | +| jca/KeyArtifact.java:30:68:30:72 | KeyOperationAlgorithm | KeySize | Constant:2048 | jca/KeyArtifact.java:31:31:31:34 | jca/KeyArtifact.java:31:31:31:34 | +| jca/KeyArtifact.java:30:68:30:72 | KeyOperationAlgorithm | Name | RSA | jca/KeyArtifact.java:30:68:30:72 | jca/KeyArtifact.java:30:68:30:72 | +| jca/KeyArtifact.java:30:68:30:72 | KeyOperationAlgorithm | RawName | RSA | jca/KeyArtifact.java:30:68:30:72 | jca/KeyArtifact.java:30:68:30:72 | +| jca/KeyArtifact.java:31:31:31:34 | Constant | Description | 2048 | jca/KeyArtifact.java:31:31:31:34 | jca/KeyArtifact.java:31:31:31:34 | +| jca/KeyArtifact.java:32:30:32:57 | Key | KeyType | Asymmetric | jca/KeyArtifact.java:32:30:32:57 | jca/KeyArtifact.java:32:30:32:57 | +| jca/KeyArtifact.java:35:51:35:55 | KeyOperationAlgorithm | KeySize | Constant:2048 | jca/KeyArtifact.java:36:31:36:34 | jca/KeyArtifact.java:36:31:36:34 | +| jca/KeyArtifact.java:35:51:35:55 | KeyOperationAlgorithm | Name | RSA | jca/KeyArtifact.java:35:51:35:55 | jca/KeyArtifact.java:35:51:35:55 | +| jca/KeyArtifact.java:35:51:35:55 | KeyOperationAlgorithm | RawName | RSA | jca/KeyArtifact.java:35:51:35:55 | jca/KeyArtifact.java:35:51:35:55 | +| jca/KeyArtifact.java:36:31:36:34 | Constant | Description | 2048 | jca/KeyArtifact.java:36:31:36:34 | jca/KeyArtifact.java:36:31:36:34 | +| jca/KeyArtifact.java:37:29:37:56 | Key | KeyType | Asymmetric | jca/KeyArtifact.java:37:29:37:56 | jca/KeyArtifact.java:37:29:37:56 | +| jca/KeyArtifact.java:41:31:41:33 | Constant | Description | 256 | jca/KeyArtifact.java:41:31:41:33 | jca/KeyArtifact.java:41:31:41:33 | +| jca/KeyArtifact.java:42:26:42:53 | Key | KeyType | Asymmetric | jca/KeyArtifact.java:42:26:42:53 | jca/KeyArtifact.java:42:26:42:53 | +| jca/KeyArtifact.java:62:28:62:73 | LocalData | Description | getProperty(...) | jca/KeyArtifact.java:62:28:62:73 | jca/KeyArtifact.java:62:28:62:73 | +| jca/KeyArtifact.java:62:68:62:72 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/KeyArtifact.java:65:21:65:23 | jca/KeyArtifact.java:65:21:65:23 | +| jca/KeyArtifact.java:62:68:62:72 | KeyOperationAlgorithm | Name | AES | jca/KeyArtifact.java:62:68:62:72 | jca/KeyArtifact.java:62:68:62:72 | +| jca/KeyArtifact.java:62:68:62:72 | KeyOperationAlgorithm | RawName | AES | jca/KeyArtifact.java:62:68:62:72 | jca/KeyArtifact.java:62:68:62:72 | +| jca/KeyArtifact.java:62:68:62:72 | KeyOperationAlgorithm | Structure | Block | jca/KeyArtifact.java:62:68:62:72 | jca/KeyArtifact.java:62:68:62:72 | +| jca/KeyArtifact.java:65:21:65:23 | Constant | Description | 256 | jca/KeyArtifact.java:65:21:65:23 | jca/KeyArtifact.java:65:21:65:23 | +| jca/KeyArtifact.java:66:32:66:51 | Key | KeyType | Symmetric | jca/KeyArtifact.java:66:32:66:51 | jca/KeyArtifact.java:66:32:66:51 | +| jca/KeyArtifact.java:72:31:72:34 | Constant | Description | 2048 | jca/KeyArtifact.java:72:31:72:34 | jca/KeyArtifact.java:72:31:72:34 | +| jca/KeyArtifact.java:73:16:73:43 | Key | KeyType | Asymmetric | jca/KeyArtifact.java:73:16:73:43 | jca/KeyArtifact.java:73:16:73:43 | +| jca/KeyArtifact.java:78:32:78:36 | KeyOperationAlgorithm | KeySize | Constant:2048 | jca/KeyArtifact.java:72:31:72:34 | jca/KeyArtifact.java:72:31:72:34 | +| jca/KeyArtifact.java:78:32:78:36 | KeyOperationAlgorithm | Name | RSA | jca/KeyArtifact.java:78:32:78:36 | jca/KeyArtifact.java:78:32:78:36 | +| jca/KeyArtifact.java:78:32:78:36 | KeyOperationAlgorithm | RawName | RSA | jca/KeyArtifact.java:78:32:78:36 | jca/KeyArtifact.java:78:32:78:36 | +| jca/KeyArtifact.java:78:45:78:53 | Constant | Description | "Ed25519" | jca/KeyArtifact.java:78:45:78:53 | jca/KeyArtifact.java:78:45:78:53 | +| jca/KeyDerivation1.java:78:39:78:53 | Parameter | Description | password | jca/KeyDerivation1.java:78:39:78:53 | jca/KeyDerivation1.java:78:39:78:53 | +| jca/KeyDerivation1.java:80:72:80:76 | Constant | Description | 10000 | jca/KeyDerivation1.java:80:72:80:76 | jca/KeyDerivation1.java:80:72:80:76 | +| jca/KeyDerivation1.java:80:79:80:81 | Constant | Description | 256 | jca/KeyDerivation1.java:80:79:80:81 | jca/KeyDerivation1.java:80:79:80:81 | +| jca/KeyDerivation1.java:81:65:81:86 | HMACAlgorithm | Name | HMAC | jca/KeyDerivation1.java:81:65:81:86 | jca/KeyDerivation1.java:81:65:81:86 | +| jca/KeyDerivation1.java:81:65:81:86 | HMACAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:81:65:81:86 | jca/KeyDerivation1.java:81:65:81:86 | +| jca/KeyDerivation1.java:81:65:81:86 | HashAlgorithm | DigestSize | 256 | jca/KeyDerivation1.java:81:65:81:86 | jca/KeyDerivation1.java:81:65:81:86 | +| jca/KeyDerivation1.java:81:65:81:86 | HashAlgorithm | Name | SHA2 | jca/KeyDerivation1.java:81:65:81:86 | jca/KeyDerivation1.java:81:65:81:86 | +| jca/KeyDerivation1.java:81:65:81:86 | HashAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:81:65:81:86 | jca/KeyDerivation1.java:81:65:81:86 | +| jca/KeyDerivation1.java:81:65:81:86 | KeyDerivationAlgorithm | Name | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:81:65:81:86 | jca/KeyDerivation1.java:81:65:81:86 | +| jca/KeyDerivation1.java:81:65:81:86 | KeyDerivationAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:81:65:81:86 | jca/KeyDerivation1.java:81:65:81:86 | +| jca/KeyDerivation1.java:82:22:82:49 | Key | KeyType | Symmetric | jca/KeyDerivation1.java:82:22:82:49 | jca/KeyDerivation1.java:82:22:82:49 | +| jca/KeyDerivation1.java:82:22:82:49 | KeyDerivation | Iterations | Constant:10000 | jca/KeyDerivation1.java:80:72:80:76 | jca/KeyDerivation1.java:80:72:80:76 | +| jca/KeyDerivation1.java:82:22:82:49 | KeyDerivation | KeySize | Constant:256 | jca/KeyDerivation1.java:80:79:80:81 | jca/KeyDerivation1.java:80:79:80:81 | +| jca/KeyDerivation1.java:92:36:92:50 | Parameter | Description | password | jca/KeyDerivation1.java:92:36:92:50 | jca/KeyDerivation1.java:92:36:92:50 | +| jca/KeyDerivation1.java:94:72:94:73 | Constant | Description | 10 | jca/KeyDerivation1.java:94:72:94:73 | jca/KeyDerivation1.java:94:72:94:73 | +| jca/KeyDerivation1.java:94:76:94:78 | Constant | Description | 256 | jca/KeyDerivation1.java:94:76:94:78 | jca/KeyDerivation1.java:94:76:94:78 | +| jca/KeyDerivation1.java:95:65:95:86 | HMACAlgorithm | Name | HMAC | jca/KeyDerivation1.java:95:65:95:86 | jca/KeyDerivation1.java:95:65:95:86 | +| jca/KeyDerivation1.java:95:65:95:86 | HMACAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:95:65:95:86 | jca/KeyDerivation1.java:95:65:95:86 | +| jca/KeyDerivation1.java:95:65:95:86 | HashAlgorithm | DigestSize | 256 | jca/KeyDerivation1.java:95:65:95:86 | jca/KeyDerivation1.java:95:65:95:86 | +| jca/KeyDerivation1.java:95:65:95:86 | HashAlgorithm | Name | SHA2 | jca/KeyDerivation1.java:95:65:95:86 | jca/KeyDerivation1.java:95:65:95:86 | +| jca/KeyDerivation1.java:95:65:95:86 | HashAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:95:65:95:86 | jca/KeyDerivation1.java:95:65:95:86 | +| jca/KeyDerivation1.java:95:65:95:86 | KeyDerivationAlgorithm | Name | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:95:65:95:86 | jca/KeyDerivation1.java:95:65:95:86 | +| jca/KeyDerivation1.java:95:65:95:86 | KeyDerivationAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:95:65:95:86 | jca/KeyDerivation1.java:95:65:95:86 | +| jca/KeyDerivation1.java:96:22:96:49 | Key | KeyType | Symmetric | jca/KeyDerivation1.java:96:22:96:49 | jca/KeyDerivation1.java:96:22:96:49 | +| jca/KeyDerivation1.java:96:22:96:49 | KeyDerivation | Iterations | Constant:10 | jca/KeyDerivation1.java:94:72:94:73 | jca/KeyDerivation1.java:94:72:94:73 | +| jca/KeyDerivation1.java:96:22:96:49 | KeyDerivation | KeySize | Constant:256 | jca/KeyDerivation1.java:94:76:94:78 | jca/KeyDerivation1.java:94:76:94:78 | +| jca/KeyDerivation1.java:106:37:106:51 | Parameter | Description | password | jca/KeyDerivation1.java:106:37:106:51 | jca/KeyDerivation1.java:106:37:106:51 | +| jca/KeyDerivation1.java:108:72:108:80 | Constant | Description | 1_000_000 | jca/KeyDerivation1.java:108:72:108:80 | jca/KeyDerivation1.java:108:72:108:80 | +| jca/KeyDerivation1.java:108:83:108:85 | Constant | Description | 256 | jca/KeyDerivation1.java:108:83:108:85 | jca/KeyDerivation1.java:108:83:108:85 | +| jca/KeyDerivation1.java:109:65:109:86 | HMACAlgorithm | Name | HMAC | jca/KeyDerivation1.java:109:65:109:86 | jca/KeyDerivation1.java:109:65:109:86 | +| jca/KeyDerivation1.java:109:65:109:86 | HMACAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:109:65:109:86 | jca/KeyDerivation1.java:109:65:109:86 | +| jca/KeyDerivation1.java:109:65:109:86 | HashAlgorithm | DigestSize | 256 | jca/KeyDerivation1.java:109:65:109:86 | jca/KeyDerivation1.java:109:65:109:86 | +| jca/KeyDerivation1.java:109:65:109:86 | HashAlgorithm | Name | SHA2 | jca/KeyDerivation1.java:109:65:109:86 | jca/KeyDerivation1.java:109:65:109:86 | +| jca/KeyDerivation1.java:109:65:109:86 | HashAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:109:65:109:86 | jca/KeyDerivation1.java:109:65:109:86 | +| jca/KeyDerivation1.java:109:65:109:86 | KeyDerivationAlgorithm | Name | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:109:65:109:86 | jca/KeyDerivation1.java:109:65:109:86 | +| jca/KeyDerivation1.java:109:65:109:86 | KeyDerivationAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:109:65:109:86 | jca/KeyDerivation1.java:109:65:109:86 | +| jca/KeyDerivation1.java:110:22:110:49 | Key | KeyType | Symmetric | jca/KeyDerivation1.java:110:22:110:49 | jca/KeyDerivation1.java:110:22:110:49 | +| jca/KeyDerivation1.java:110:22:110:49 | KeyDerivation | Iterations | Constant:1_000_000 | jca/KeyDerivation1.java:108:72:108:80 | jca/KeyDerivation1.java:108:72:108:80 | +| jca/KeyDerivation1.java:110:22:110:49 | KeyDerivation | KeySize | Constant:256 | jca/KeyDerivation1.java:108:83:108:85 | jca/KeyDerivation1.java:108:83:108:85 | +| jca/KeyDerivation1.java:120:32:120:46 | Parameter | Description | password | jca/KeyDerivation1.java:120:32:120:46 | jca/KeyDerivation1.java:120:32:120:46 | +| jca/KeyDerivation1.java:122:72:122:76 | Constant | Description | 80000 | jca/KeyDerivation1.java:122:72:122:76 | jca/KeyDerivation1.java:122:72:122:76 | +| jca/KeyDerivation1.java:122:79:122:81 | Constant | Description | 256 | jca/KeyDerivation1.java:122:79:122:81 | jca/KeyDerivation1.java:122:79:122:81 | +| jca/KeyDerivation1.java:123:65:123:84 | HMACAlgorithm | Name | HMAC | jca/KeyDerivation1.java:123:65:123:84 | jca/KeyDerivation1.java:123:65:123:84 | +| jca/KeyDerivation1.java:123:65:123:84 | HMACAlgorithm | RawName | PBKDF2WithHmacSHA1 | jca/KeyDerivation1.java:123:65:123:84 | jca/KeyDerivation1.java:123:65:123:84 | +| jca/KeyDerivation1.java:123:65:123:84 | HashAlgorithm | DigestSize | 160 | jca/KeyDerivation1.java:123:65:123:84 | jca/KeyDerivation1.java:123:65:123:84 | +| jca/KeyDerivation1.java:123:65:123:84 | HashAlgorithm | Name | SHA1 | jca/KeyDerivation1.java:123:65:123:84 | jca/KeyDerivation1.java:123:65:123:84 | +| jca/KeyDerivation1.java:123:65:123:84 | HashAlgorithm | RawName | PBKDF2WithHmacSHA1 | jca/KeyDerivation1.java:123:65:123:84 | jca/KeyDerivation1.java:123:65:123:84 | +| jca/KeyDerivation1.java:123:65:123:84 | KeyDerivationAlgorithm | Name | PBKDF2WithHmacSHA1 | jca/KeyDerivation1.java:123:65:123:84 | jca/KeyDerivation1.java:123:65:123:84 | +| jca/KeyDerivation1.java:123:65:123:84 | KeyDerivationAlgorithm | RawName | PBKDF2WithHmacSHA1 | jca/KeyDerivation1.java:123:65:123:84 | jca/KeyDerivation1.java:123:65:123:84 | +| jca/KeyDerivation1.java:124:22:124:49 | Key | KeyType | Symmetric | jca/KeyDerivation1.java:124:22:124:49 | jca/KeyDerivation1.java:124:22:124:49 | +| jca/KeyDerivation1.java:124:22:124:49 | KeyDerivation | Iterations | Constant:80000 | jca/KeyDerivation1.java:122:72:122:76 | jca/KeyDerivation1.java:122:72:122:76 | +| jca/KeyDerivation1.java:124:22:124:49 | KeyDerivation | KeySize | Constant:256 | jca/KeyDerivation1.java:122:79:122:81 | jca/KeyDerivation1.java:122:79:122:81 | +| jca/KeyDerivation1.java:134:34:134:48 | Parameter | Description | password | jca/KeyDerivation1.java:134:34:134:48 | jca/KeyDerivation1.java:134:34:134:48 | +| jca/KeyDerivation1.java:136:72:136:77 | Constant | Description | 160000 | jca/KeyDerivation1.java:136:72:136:77 | jca/KeyDerivation1.java:136:72:136:77 | +| jca/KeyDerivation1.java:136:80:136:82 | Constant | Description | 256 | jca/KeyDerivation1.java:136:80:136:82 | jca/KeyDerivation1.java:136:80:136:82 | +| jca/KeyDerivation1.java:137:65:137:86 | HMACAlgorithm | Name | HMAC | jca/KeyDerivation1.java:137:65:137:86 | jca/KeyDerivation1.java:137:65:137:86 | +| jca/KeyDerivation1.java:137:65:137:86 | HMACAlgorithm | RawName | PBKDF2WithHmacSHA512 | jca/KeyDerivation1.java:137:65:137:86 | jca/KeyDerivation1.java:137:65:137:86 | +| jca/KeyDerivation1.java:137:65:137:86 | HashAlgorithm | DigestSize | 512 | jca/KeyDerivation1.java:137:65:137:86 | jca/KeyDerivation1.java:137:65:137:86 | +| jca/KeyDerivation1.java:137:65:137:86 | HashAlgorithm | Name | SHA2 | jca/KeyDerivation1.java:137:65:137:86 | jca/KeyDerivation1.java:137:65:137:86 | +| jca/KeyDerivation1.java:137:65:137:86 | HashAlgorithm | RawName | PBKDF2WithHmacSHA512 | jca/KeyDerivation1.java:137:65:137:86 | jca/KeyDerivation1.java:137:65:137:86 | +| jca/KeyDerivation1.java:137:65:137:86 | KeyDerivationAlgorithm | Name | PBKDF2WithHmacSHA512 | jca/KeyDerivation1.java:137:65:137:86 | jca/KeyDerivation1.java:137:65:137:86 | +| jca/KeyDerivation1.java:137:65:137:86 | KeyDerivationAlgorithm | RawName | PBKDF2WithHmacSHA512 | jca/KeyDerivation1.java:137:65:137:86 | jca/KeyDerivation1.java:137:65:137:86 | +| jca/KeyDerivation1.java:138:22:138:49 | Key | KeyType | Symmetric | jca/KeyDerivation1.java:138:22:138:49 | jca/KeyDerivation1.java:138:22:138:49 | +| jca/KeyDerivation1.java:138:22:138:49 | KeyDerivation | Iterations | Constant:160000 | jca/KeyDerivation1.java:136:72:136:77 | jca/KeyDerivation1.java:136:72:136:77 | +| jca/KeyDerivation1.java:138:22:138:49 | KeyDerivation | KeySize | Constant:256 | jca/KeyDerivation1.java:136:80:136:82 | jca/KeyDerivation1.java:136:80:136:82 | +| jca/KeyDerivation1.java:154:28:154:42 | Parameter | Description | password | jca/KeyDerivation1.java:154:28:154:42 | jca/KeyDerivation1.java:154:28:154:42 | +| jca/KeyDerivation1.java:157:72:157:75 | Constant | Description | 1024 | jca/KeyDerivation1.java:157:72:157:75 | jca/KeyDerivation1.java:157:72:157:75 | +| jca/KeyDerivation1.java:157:78:157:80 | Constant | Description | 128 | jca/KeyDerivation1.java:157:78:157:80 | jca/KeyDerivation1.java:157:78:157:80 | +| jca/KeyDerivation1.java:158:65:158:72 | Constant | Description | "SCRYPT" | jca/KeyDerivation1.java:158:65:158:72 | jca/KeyDerivation1.java:158:65:158:72 | +| jca/KeyDerivation1.java:159:22:159:49 | Key | KeyType | Symmetric | jca/KeyDerivation1.java:159:22:159:49 | jca/KeyDerivation1.java:159:22:159:49 | +| jca/KeyDerivation1.java:159:22:159:49 | KeyDerivation | Iterations | Constant:1024 | jca/KeyDerivation1.java:157:72:157:75 | jca/KeyDerivation1.java:157:72:157:75 | +| jca/KeyDerivation1.java:159:22:159:49 | KeyDerivation | KeySize | Constant:128 | jca/KeyDerivation1.java:157:78:157:80 | jca/KeyDerivation1.java:157:78:157:80 | +| jca/KeyDerivation1.java:169:30:169:44 | Parameter | Description | password | jca/KeyDerivation1.java:169:30:169:44 | jca/KeyDerivation1.java:169:30:169:44 | +| jca/KeyDerivation1.java:172:72:172:76 | Constant | Description | 16384 | jca/KeyDerivation1.java:172:72:172:76 | jca/KeyDerivation1.java:172:72:172:76 | +| jca/KeyDerivation1.java:172:79:172:81 | Constant | Description | 256 | jca/KeyDerivation1.java:172:79:172:81 | jca/KeyDerivation1.java:172:79:172:81 | +| jca/KeyDerivation1.java:173:65:173:72 | Constant | Description | "SCRYPT" | jca/KeyDerivation1.java:173:65:173:72 | jca/KeyDerivation1.java:173:65:173:72 | +| jca/KeyDerivation1.java:174:22:174:49 | Key | KeyType | Symmetric | jca/KeyDerivation1.java:174:22:174:49 | jca/KeyDerivation1.java:174:22:174:49 | +| jca/KeyDerivation1.java:174:22:174:49 | KeyDerivation | Iterations | Constant:16384 | jca/KeyDerivation1.java:172:72:172:76 | jca/KeyDerivation1.java:172:72:172:76 | +| jca/KeyDerivation1.java:174:22:174:49 | KeyDerivation | KeySize | Constant:256 | jca/KeyDerivation1.java:172:79:172:81 | jca/KeyDerivation1.java:172:79:172:81 | +| jca/KeyDerivation1.java:242:45:242:56 | Parameter | Description | input | jca/KeyDerivation1.java:242:45:242:56 | jca/KeyDerivation1.java:242:45:242:56 | +| jca/KeyDerivation1.java:243:58:243:66 | HashAlgorithm | DigestSize | 256 | jca/KeyDerivation1.java:243:58:243:66 | jca/KeyDerivation1.java:243:58:243:66 | +| jca/KeyDerivation1.java:243:58:243:66 | HashAlgorithm | Name | SHA2 | jca/KeyDerivation1.java:243:58:243:66 | jca/KeyDerivation1.java:243:58:243:66 | +| jca/KeyDerivation1.java:243:58:243:66 | HashAlgorithm | RawName | SHA-256 | jca/KeyDerivation1.java:243:58:243:66 | jca/KeyDerivation1.java:243:58:243:66 | +| jca/KeyDerivation1.java:249:70:249:88 | KeyOperationAlgorithm | Name | AES | jca/KeyDerivation1.java:249:70:249:88 | jca/KeyDerivation1.java:249:70:249:88 | +| jca/KeyDerivation1.java:249:70:249:88 | KeyOperationAlgorithm | RawName | AES/ECB/NoPadding | jca/KeyDerivation1.java:249:70:249:88 | jca/KeyDerivation1.java:249:70:249:88 | +| jca/KeyDerivation1.java:249:70:249:88 | KeyOperationAlgorithm | Structure | Block | jca/KeyDerivation1.java:249:70:249:88 | jca/KeyDerivation1.java:249:70:249:88 | +| jca/KeyDerivation1.java:249:70:249:88 | ModeOfOperation | Name | ECB | jca/KeyDerivation1.java:249:70:249:88 | jca/KeyDerivation1.java:249:70:249:88 | +| jca/KeyDerivation1.java:249:70:249:88 | ModeOfOperation | RawName | ECB | jca/KeyDerivation1.java:249:70:249:88 | jca/KeyDerivation1.java:249:70:249:88 | +| jca/KeyDerivation1.java:249:70:249:88 | PaddingAlgorithm | Name | UnknownPadding | jca/KeyDerivation1.java:249:70:249:88 | jca/KeyDerivation1.java:249:70:249:88 | +| jca/KeyDerivation1.java:249:70:249:88 | PaddingAlgorithm | RawName | NoPadding | jca/KeyDerivation1.java:249:70:249:88 | jca/KeyDerivation1.java:249:70:249:88 | +| jca/KeyDerivation1.java:250:55:250:57 | Key | KeyType | Unknown | jca/KeyDerivation1.java:250:55:250:57 | jca/KeyDerivation1.java:250:55:250:57 | +| jca/KeyDerivation1.java:251:29:251:74 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/KeyDerivation1.java:251:29:251:74 | jca/KeyDerivation1.java:251:29:251:74 | +| jca/KeyDerivation1.java:251:44:251:62 | Constant | Description | "SampleData16Bytes" | jca/KeyDerivation1.java:251:44:251:62 | jca/KeyDerivation1.java:251:44:251:62 | +| jca/KeyDerivation1.java:269:32:269:41 | Parameter | Description | ikm | jca/KeyDerivation1.java:269:32:269:41 | jca/KeyDerivation1.java:269:32:269:41 | +| jca/KeyDerivation1.java:283:43:283:57 | Parameter | Description | password | jca/KeyDerivation1.java:283:43:283:57 | jca/KeyDerivation1.java:283:43:283:57 | +| jca/KeyDerivation1.java:283:60:283:78 | Parameter | Description | sharedSecret | jca/KeyDerivation1.java:283:60:283:78 | jca/KeyDerivation1.java:283:60:283:78 | +| jca/KeyDerivation1.java:302:37:302:51 | Parameter | Description | password | jca/KeyDerivation1.java:302:37:302:51 | jca/KeyDerivation1.java:302:37:302:51 | +| jca/KeyDerivation1.java:309:25:309:76 | LocalData | Description | getProperty(...) | jca/KeyDerivation1.java:309:25:309:76 | jca/KeyDerivation1.java:309:25:309:76 | +| jca/KeyDerivation1.java:309:54:309:75 | HMACAlgorithm | Name | HMAC | jca/KeyDerivation1.java:309:54:309:75 | jca/KeyDerivation1.java:309:54:309:75 | +| jca/KeyDerivation1.java:309:54:309:75 | HMACAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:309:54:309:75 | jca/KeyDerivation1.java:309:54:309:75 | +| jca/KeyDerivation1.java:309:54:309:75 | HashAlgorithm | DigestSize | 256 | jca/KeyDerivation1.java:309:54:309:75 | jca/KeyDerivation1.java:309:54:309:75 | +| jca/KeyDerivation1.java:309:54:309:75 | HashAlgorithm | Name | SHA2 | jca/KeyDerivation1.java:309:54:309:75 | jca/KeyDerivation1.java:309:54:309:75 | +| jca/KeyDerivation1.java:309:54:309:75 | HashAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:309:54:309:75 | jca/KeyDerivation1.java:309:54:309:75 | +| jca/KeyDerivation1.java:309:54:309:75 | KeyDerivationAlgorithm | Name | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:309:54:309:75 | jca/KeyDerivation1.java:309:54:309:75 | +| jca/KeyDerivation1.java:309:54:309:75 | KeyDerivationAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:309:54:309:75 | jca/KeyDerivation1.java:309:54:309:75 | +| jca/KeyDerivation1.java:310:43:310:86 | LocalData | Description | getProperty(...) | jca/KeyDerivation1.java:310:43:310:86 | jca/KeyDerivation1.java:310:43:310:86 | +| jca/KeyDerivation1.java:311:40:311:78 | LocalData | Description | getProperty(...) | jca/KeyDerivation1.java:311:40:311:78 | jca/KeyDerivation1.java:311:40:311:78 | +| jca/KeyDerivation1.java:316:26:316:53 | Key | KeyType | Symmetric | jca/KeyDerivation1.java:316:26:316:53 | jca/KeyDerivation1.java:316:26:316:53 | +| jca/KeyDerivation1.java:316:26:316:53 | KeyDerivation | Iterations | LocalData:getProperty(...) | jca/KeyDerivation1.java:310:43:310:86 | jca/KeyDerivation1.java:310:43:310:86 | +| jca/KeyDerivation1.java:316:26:316:53 | KeyDerivation | KeySize | LocalData:getProperty(...) | jca/KeyDerivation1.java:311:40:311:78 | jca/KeyDerivation1.java:311:40:311:78 | +| jca/KeyDerivation1.java:333:72:333:76 | Constant | Description | 10000 | jca/KeyDerivation1.java:333:72:333:76 | jca/KeyDerivation1.java:333:72:333:76 | +| jca/KeyDerivation1.java:333:79:333:81 | Constant | Description | 256 | jca/KeyDerivation1.java:333:79:333:81 | jca/KeyDerivation1.java:333:79:333:81 | +| jca/KeyDerivation1.java:334:65:334:86 | HMACAlgorithm | Name | HMAC | jca/KeyDerivation1.java:334:65:334:86 | jca/KeyDerivation1.java:334:65:334:86 | +| jca/KeyDerivation1.java:334:65:334:86 | HMACAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:334:65:334:86 | jca/KeyDerivation1.java:334:65:334:86 | +| jca/KeyDerivation1.java:334:65:334:86 | HashAlgorithm | DigestSize | 256 | jca/KeyDerivation1.java:334:65:334:86 | jca/KeyDerivation1.java:334:65:334:86 | +| jca/KeyDerivation1.java:334:65:334:86 | HashAlgorithm | Name | SHA2 | jca/KeyDerivation1.java:334:65:334:86 | jca/KeyDerivation1.java:334:65:334:86 | +| jca/KeyDerivation1.java:334:65:334:86 | HashAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:334:65:334:86 | jca/KeyDerivation1.java:334:65:334:86 | +| jca/KeyDerivation1.java:334:65:334:86 | KeyDerivationAlgorithm | Name | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:334:65:334:86 | jca/KeyDerivation1.java:334:65:334:86 | +| jca/KeyDerivation1.java:334:65:334:86 | KeyDerivationAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:334:65:334:86 | jca/KeyDerivation1.java:334:65:334:86 | +| jca/KeyDerivation1.java:335:16:335:43 | Key | KeyType | Symmetric | jca/KeyDerivation1.java:335:16:335:43 | jca/KeyDerivation1.java:335:16:335:43 | +| jca/KeyDerivation1.java:335:16:335:43 | KeyDerivation | Iterations | Constant:10000 | jca/KeyDerivation1.java:333:72:333:76 | jca/KeyDerivation1.java:333:72:333:76 | +| jca/KeyDerivation1.java:335:16:335:43 | KeyDerivation | KeySize | Constant:256 | jca/KeyDerivation1.java:333:79:333:81 | jca/KeyDerivation1.java:333:79:333:81 | +| jca/KeyDerivation1.java:345:36:345:47 | KeyOperationAlgorithm | Name | HMAC | jca/KeyDerivation1.java:345:36:345:47 | jca/KeyDerivation1.java:345:36:345:47 | +| jca/KeyDerivation1.java:345:36:345:47 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/KeyDerivation1.java:345:36:345:47 | jca/KeyDerivation1.java:345:36:345:47 | +| jca/KeyDerivation1.java:347:19:347:27 | Key | KeyType | Unknown | jca/KeyDerivation1.java:347:19:347:27 | jca/KeyDerivation1.java:347:19:347:27 | +| jca/KeyDerivation1.java:348:22:348:38 | MACOperation | KeyOperationSubtype | Mac | jca/KeyDerivation1.java:348:22:348:38 | jca/KeyDerivation1.java:348:22:348:38 | +| jca/KeyDerivation1.java:352:19:352:54 | Key | KeyType | Unknown | jca/KeyDerivation1.java:352:19:352:54 | jca/KeyDerivation1.java:352:19:352:54 | +| jca/KeyDerivation1.java:353:22:353:62 | MACOperation | KeyOperationSubtype | Mac | jca/KeyDerivation1.java:353:22:353:62 | jca/KeyDerivation1.java:353:22:353:62 | +| jca/KeyDerivation1.java:353:35:353:50 | Constant | Description | "hkdf-expansion" | jca/KeyDerivation1.java:353:35:353:50 | jca/KeyDerivation1.java:353:35:353:50 | +| jca/KeyDerivation1.java:365:9:365:42 | RandomNumberGeneration | Description | nextBytes | jca/KeyDerivation1.java:365:9:365:42 | jca/KeyDerivation1.java:365:9:365:42 | +| jca/KeyDerivation1.java:365:38:365:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/KeyDerivation1.java:365:38:365:41 | jca/KeyDerivation1.java:365:38:365:41 | +| jca/KeyEncapsulation.java:60:56:60:60 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/KeyEncapsulation.java:61:21:61:23 | jca/KeyEncapsulation.java:61:21:61:23 | +| jca/KeyEncapsulation.java:60:56:60:60 | KeyOperationAlgorithm | Name | AES | jca/KeyEncapsulation.java:60:56:60:60 | jca/KeyEncapsulation.java:60:56:60:60 | +| jca/KeyEncapsulation.java:60:56:60:60 | KeyOperationAlgorithm | RawName | AES | jca/KeyEncapsulation.java:60:56:60:60 | jca/KeyEncapsulation.java:60:56:60:60 | +| jca/KeyEncapsulation.java:60:56:60:60 | KeyOperationAlgorithm | Structure | Block | jca/KeyEncapsulation.java:60:56:60:60 | jca/KeyEncapsulation.java:60:56:60:60 | +| jca/KeyEncapsulation.java:61:21:61:23 | Constant | Description | 256 | jca/KeyEncapsulation.java:61:21:61:23 | jca/KeyEncapsulation.java:61:21:61:23 | +| jca/KeyEncapsulation.java:62:28:62:47 | Key | KeyType | Symmetric | jca/KeyEncapsulation.java:62:28:62:47 | jca/KeyEncapsulation.java:62:28:62:47 | +| jca/KeyEncapsulation.java:67:47:67:85 | HashAlgorithm | DigestSize | 256 | jca/KeyEncapsulation.java:67:47:67:85 | jca/KeyEncapsulation.java:67:47:67:85 | +| jca/KeyEncapsulation.java:67:47:67:85 | HashAlgorithm | Name | SHA2 | jca/KeyEncapsulation.java:67:47:67:85 | jca/KeyEncapsulation.java:67:47:67:85 | +| jca/KeyEncapsulation.java:67:47:67:85 | HashAlgorithm | RawName | OAEPWithSHA-256AndMGF1Padding | jca/KeyEncapsulation.java:67:47:67:85 | jca/KeyEncapsulation.java:67:47:67:85 | +| jca/KeyEncapsulation.java:67:47:67:85 | KeyOperationAlgorithm | Name | RSA | jca/KeyEncapsulation.java:67:47:67:85 | jca/KeyEncapsulation.java:67:47:67:85 | +| jca/KeyEncapsulation.java:67:47:67:85 | KeyOperationAlgorithm | RawName | RSA/ECB/OAEPWithSHA-256AndMGF1Padding | jca/KeyEncapsulation.java:67:47:67:85 | jca/KeyEncapsulation.java:67:47:67:85 | +| jca/KeyEncapsulation.java:67:47:67:85 | ModeOfOperation | Name | ECB | jca/KeyEncapsulation.java:67:47:67:85 | jca/KeyEncapsulation.java:67:47:67:85 | +| jca/KeyEncapsulation.java:67:47:67:85 | ModeOfOperation | RawName | ECB | jca/KeyEncapsulation.java:67:47:67:85 | jca/KeyEncapsulation.java:67:47:67:85 | +| jca/KeyEncapsulation.java:67:47:67:85 | PaddingAlgorithm | Name | OAEP | jca/KeyEncapsulation.java:67:47:67:85 | jca/KeyEncapsulation.java:67:47:67:85 | +| jca/KeyEncapsulation.java:67:47:67:85 | PaddingAlgorithm | RawName | OAEPWithSHA-256AndMGF1Padding | jca/KeyEncapsulation.java:67:47:67:85 | jca/KeyEncapsulation.java:67:47:67:85 | +| jca/KeyEncapsulation.java:68:45:68:50 | Key | KeyType | Unknown | jca/KeyEncapsulation.java:68:45:68:50 | jca/KeyEncapsulation.java:68:45:68:50 | +| jca/KeyEncapsulation.java:69:29:69:66 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/KeyEncapsulation.java:69:29:69:66 | jca/KeyEncapsulation.java:69:29:69:66 | +| jca/KeyEncapsulation.java:73:47:73:65 | KeyOperationAlgorithm | Name | AES | jca/KeyEncapsulation.java:73:47:73:65 | jca/KeyEncapsulation.java:73:47:73:65 | +| jca/KeyEncapsulation.java:73:47:73:65 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/KeyEncapsulation.java:73:47:73:65 | jca/KeyEncapsulation.java:73:47:73:65 | +| jca/KeyEncapsulation.java:73:47:73:65 | KeyOperationAlgorithm | Structure | Block | jca/KeyEncapsulation.java:73:47:73:65 | jca/KeyEncapsulation.java:73:47:73:65 | +| jca/KeyEncapsulation.java:73:47:73:65 | ModeOfOperation | Name | GCM | jca/KeyEncapsulation.java:73:47:73:65 | jca/KeyEncapsulation.java:73:47:73:65 | +| jca/KeyEncapsulation.java:73:47:73:65 | ModeOfOperation | RawName | GCM | jca/KeyEncapsulation.java:73:47:73:65 | jca/KeyEncapsulation.java:73:47:73:65 | +| jca/KeyEncapsulation.java:73:47:73:65 | PaddingAlgorithm | Name | UnknownPadding | jca/KeyEncapsulation.java:73:47:73:65 | jca/KeyEncapsulation.java:73:47:73:65 | +| jca/KeyEncapsulation.java:73:47:73:65 | PaddingAlgorithm | RawName | NoPadding | jca/KeyEncapsulation.java:73:47:73:65 | jca/KeyEncapsulation.java:73:47:73:65 | +| jca/KeyEncapsulation.java:75:9:75:40 | RandomNumberGeneration | Description | nextBytes | jca/KeyEncapsulation.java:75:9:75:40 | jca/KeyEncapsulation.java:75:9:75:40 | +| jca/KeyEncapsulation.java:75:38:75:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/KeyEncapsulation.java:75:38:75:39 | jca/KeyEncapsulation.java:75:38:75:39 | +| jca/KeyEncapsulation.java:77:45:77:50 | Key | KeyType | Unknown | jca/KeyEncapsulation.java:77:45:77:50 | jca/KeyEncapsulation.java:77:45:77:50 | +| jca/KeyEncapsulation.java:78:29:78:80 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/KeyEncapsulation.java:78:29:78:80 | jca/KeyEncapsulation.java:78:29:78:80 | +| jca/KeyEncapsulation.java:78:47:78:68 | Constant | Description | "KEM-based encryption" | jca/KeyEncapsulation.java:78:47:78:68 | jca/KeyEncapsulation.java:78:47:78:68 | +| jca/KeyEncapsulation.java:91:37:91:54 | Parameter | Description | rsaPriv | jca/KeyEncapsulation.java:91:37:91:54 | jca/KeyEncapsulation.java:91:37:91:54 | +| jca/KeyEncapsulation.java:91:57:91:73 | Parameter | Description | wrappedKey | jca/KeyEncapsulation.java:91:57:91:73 | jca/KeyEncapsulation.java:91:57:91:73 | +| jca/KeyEncapsulation.java:92:47:92:85 | HashAlgorithm | DigestSize | 256 | jca/KeyEncapsulation.java:92:47:92:85 | jca/KeyEncapsulation.java:92:47:92:85 | +| jca/KeyEncapsulation.java:92:47:92:85 | HashAlgorithm | Name | SHA2 | jca/KeyEncapsulation.java:92:47:92:85 | jca/KeyEncapsulation.java:92:47:92:85 | +| jca/KeyEncapsulation.java:92:47:92:85 | HashAlgorithm | RawName | OAEPWithSHA-256AndMGF1Padding | jca/KeyEncapsulation.java:92:47:92:85 | jca/KeyEncapsulation.java:92:47:92:85 | +| jca/KeyEncapsulation.java:92:47:92:85 | KeyOperationAlgorithm | Name | RSA | jca/KeyEncapsulation.java:92:47:92:85 | jca/KeyEncapsulation.java:92:47:92:85 | +| jca/KeyEncapsulation.java:92:47:92:85 | KeyOperationAlgorithm | RawName | RSA/ECB/OAEPWithSHA-256AndMGF1Padding | jca/KeyEncapsulation.java:92:47:92:85 | jca/KeyEncapsulation.java:92:47:92:85 | +| jca/KeyEncapsulation.java:92:47:92:85 | ModeOfOperation | Name | ECB | jca/KeyEncapsulation.java:92:47:92:85 | jca/KeyEncapsulation.java:92:47:92:85 | +| jca/KeyEncapsulation.java:92:47:92:85 | ModeOfOperation | RawName | ECB | jca/KeyEncapsulation.java:92:47:92:85 | jca/KeyEncapsulation.java:92:47:92:85 | +| jca/KeyEncapsulation.java:92:47:92:85 | PaddingAlgorithm | Name | OAEP | jca/KeyEncapsulation.java:92:47:92:85 | jca/KeyEncapsulation.java:92:47:92:85 | +| jca/KeyEncapsulation.java:92:47:92:85 | PaddingAlgorithm | RawName | OAEPWithSHA-256AndMGF1Padding | jca/KeyEncapsulation.java:92:47:92:85 | jca/KeyEncapsulation.java:92:47:92:85 | +| jca/KeyEncapsulation.java:93:45:93:51 | Key | KeyType | Unknown | jca/KeyEncapsulation.java:93:45:93:51 | jca/KeyEncapsulation.java:93:45:93:51 | +| jca/KeyEncapsulation.java:94:30:94:58 | DecryptOperation | KeyOperationSubtype | Decrypt | jca/KeyEncapsulation.java:94:30:94:58 | jca/KeyEncapsulation.java:94:30:94:58 | +| jca/KeyEncapsulation.java:117:47:117:57 | EllipticCurve | KeySize | 256 | jca/KeyEncapsulation.java:117:47:117:57 | jca/KeyEncapsulation.java:117:47:117:57 | +| jca/KeyEncapsulation.java:117:47:117:57 | EllipticCurve | Name | secp256r1 | jca/KeyEncapsulation.java:117:47:117:57 | jca/KeyEncapsulation.java:117:47:117:57 | +| jca/KeyEncapsulation.java:117:47:117:57 | EllipticCurve | ParsedName | secp256r1 | jca/KeyEncapsulation.java:117:47:117:57 | jca/KeyEncapsulation.java:117:47:117:57 | +| jca/KeyEncapsulation.java:117:47:117:57 | EllipticCurve | RawName | secp256r1 | jca/KeyEncapsulation.java:117:47:117:57 | jca/KeyEncapsulation.java:117:47:117:57 | +| jca/KeyEncapsulation.java:118:31:118:51 | Key | KeyType | Asymmetric | jca/KeyEncapsulation.java:118:31:118:51 | jca/KeyEncapsulation.java:118:31:118:51 | +| jca/KeyEncapsulation.java:121:52:121:57 | KeyAgreementAlgorithm | Name | ECDH | jca/KeyEncapsulation.java:121:52:121:57 | jca/KeyEncapsulation.java:121:52:121:57 | +| jca/KeyEncapsulation.java:121:52:121:57 | KeyAgreementAlgorithm | RawName | ECDH | jca/KeyEncapsulation.java:121:52:121:57 | jca/KeyEncapsulation.java:121:52:121:57 | +| jca/KeyEncapsulation.java:122:17:122:40 | Key | KeyType | Unknown | jca/KeyEncapsulation.java:122:17:122:40 | jca/KeyEncapsulation.java:122:17:122:40 | +| jca/KeyEncapsulation.java:123:20:123:24 | Key | KeyType | Unknown | jca/KeyEncapsulation.java:123:20:123:24 | jca/KeyEncapsulation.java:123:20:123:24 | +| jca/KeyEncapsulation.java:133:47:133:65 | KeyOperationAlgorithm | Name | AES | jca/KeyEncapsulation.java:133:47:133:65 | jca/KeyEncapsulation.java:133:47:133:65 | +| jca/KeyEncapsulation.java:133:47:133:65 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/KeyEncapsulation.java:133:47:133:65 | jca/KeyEncapsulation.java:133:47:133:65 | +| jca/KeyEncapsulation.java:133:47:133:65 | KeyOperationAlgorithm | Structure | Block | jca/KeyEncapsulation.java:133:47:133:65 | jca/KeyEncapsulation.java:133:47:133:65 | +| jca/KeyEncapsulation.java:133:47:133:65 | ModeOfOperation | Name | GCM | jca/KeyEncapsulation.java:133:47:133:65 | jca/KeyEncapsulation.java:133:47:133:65 | +| jca/KeyEncapsulation.java:133:47:133:65 | ModeOfOperation | RawName | GCM | jca/KeyEncapsulation.java:133:47:133:65 | jca/KeyEncapsulation.java:133:47:133:65 | +| jca/KeyEncapsulation.java:133:47:133:65 | PaddingAlgorithm | Name | UnknownPadding | jca/KeyEncapsulation.java:133:47:133:65 | jca/KeyEncapsulation.java:133:47:133:65 | +| jca/KeyEncapsulation.java:133:47:133:65 | PaddingAlgorithm | RawName | NoPadding | jca/KeyEncapsulation.java:133:47:133:65 | jca/KeyEncapsulation.java:133:47:133:65 | +| jca/KeyEncapsulation.java:135:9:135:40 | RandomNumberGeneration | Description | nextBytes | jca/KeyEncapsulation.java:135:9:135:40 | jca/KeyEncapsulation.java:135:9:135:40 | +| jca/KeyEncapsulation.java:135:38:135:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/KeyEncapsulation.java:135:38:135:39 | jca/KeyEncapsulation.java:135:38:135:39 | +| jca/KeyEncapsulation.java:136:45:136:50 | Key | KeyType | Unknown | jca/KeyEncapsulation.java:136:45:136:50 | jca/KeyEncapsulation.java:136:45:136:50 | +| jca/KeyEncapsulation.java:137:29:137:73 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/KeyEncapsulation.java:137:29:137:73 | jca/KeyEncapsulation.java:137:29:137:73 | +| jca/KeyEncapsulation.java:137:47:137:61 | Constant | Description | "ECIES message" | jca/KeyEncapsulation.java:137:47:137:61 | jca/KeyEncapsulation.java:137:47:137:61 | +| jca/KeyEncapsulation.java:186:47:186:57 | EllipticCurve | KeySize | 256 | jca/KeyEncapsulation.java:186:47:186:57 | jca/KeyEncapsulation.java:186:47:186:57 | +| jca/KeyEncapsulation.java:186:47:186:57 | EllipticCurve | Name | secp256r1 | jca/KeyEncapsulation.java:186:47:186:57 | jca/KeyEncapsulation.java:186:47:186:57 | +| jca/KeyEncapsulation.java:186:47:186:57 | EllipticCurve | ParsedName | secp256r1 | jca/KeyEncapsulation.java:186:47:186:57 | jca/KeyEncapsulation.java:186:47:186:57 | +| jca/KeyEncapsulation.java:186:47:186:57 | EllipticCurve | RawName | secp256r1 | jca/KeyEncapsulation.java:186:47:186:57 | jca/KeyEncapsulation.java:186:47:186:57 | +| jca/KeyEncapsulation.java:187:31:187:51 | Key | KeyType | Asymmetric | jca/KeyEncapsulation.java:187:31:187:51 | jca/KeyEncapsulation.java:187:31:187:51 | +| jca/KeyEncapsulation.java:188:52:188:57 | KeyAgreementAlgorithm | Name | ECDH | jca/KeyEncapsulation.java:188:52:188:57 | jca/KeyEncapsulation.java:188:52:188:57 | +| jca/KeyEncapsulation.java:188:52:188:57 | KeyAgreementAlgorithm | RawName | ECDH | jca/KeyEncapsulation.java:188:52:188:57 | jca/KeyEncapsulation.java:188:52:188:57 | +| jca/KeyEncapsulation.java:189:17:189:40 | Key | KeyType | Unknown | jca/KeyEncapsulation.java:189:17:189:40 | jca/KeyEncapsulation.java:189:17:189:40 | +| jca/KeyEncapsulation.java:190:20:190:34 | Key | KeyType | Unknown | jca/KeyEncapsulation.java:190:20:190:34 | jca/KeyEncapsulation.java:190:20:190:34 | +| jca/KeyEncapsulation.java:207:64:207:68 | KeyOperationAlgorithm | KeySize | Constant:2048 | jca/KeyEncapsulation.java:208:27:208:30 | jca/KeyEncapsulation.java:208:27:208:30 | +| jca/KeyEncapsulation.java:207:64:207:68 | KeyOperationAlgorithm | Name | RSA | jca/KeyEncapsulation.java:207:64:207:68 | jca/KeyEncapsulation.java:207:64:207:68 | +| jca/KeyEncapsulation.java:207:64:207:68 | KeyOperationAlgorithm | RawName | RSA | jca/KeyEncapsulation.java:207:64:207:68 | jca/KeyEncapsulation.java:207:64:207:68 | +| jca/KeyEncapsulation.java:208:27:208:30 | Constant | Description | 2048 | jca/KeyEncapsulation.java:208:27:208:30 | jca/KeyEncapsulation.java:208:27:208:30 | +| jca/KeyEncapsulation.java:209:25:209:48 | Key | KeyType | Asymmetric | jca/KeyEncapsulation.java:209:25:209:48 | jca/KeyEncapsulation.java:209:25:209:48 | +| jca/KeyEncapsulation.java:214:49:214:59 | EllipticCurve | KeySize | 256 | jca/KeyEncapsulation.java:214:49:214:59 | jca/KeyEncapsulation.java:214:49:214:59 | +| jca/KeyEncapsulation.java:214:49:214:59 | EllipticCurve | Name | secp256r1 | jca/KeyEncapsulation.java:214:49:214:59 | jca/KeyEncapsulation.java:214:49:214:59 | +| jca/KeyEncapsulation.java:214:49:214:59 | EllipticCurve | ParsedName | secp256r1 | jca/KeyEncapsulation.java:214:49:214:59 | jca/KeyEncapsulation.java:214:49:214:59 | +| jca/KeyEncapsulation.java:214:49:214:59 | EllipticCurve | RawName | secp256r1 | jca/KeyEncapsulation.java:214:49:214:59 | jca/KeyEncapsulation.java:214:49:214:59 | +| jca/KeyEncapsulation.java:215:24:215:46 | Key | KeyType | Asymmetric | jca/KeyEncapsulation.java:215:24:215:46 | jca/KeyEncapsulation.java:215:24:215:46 | +| jca/KeyEncapsulation.java:226:31:226:53 | Key | KeyType | Asymmetric | jca/KeyEncapsulation.java:226:31:226:53 | jca/KeyEncapsulation.java:226:31:226:53 | +| jca/KeyExchange.java:52:63:52:66 | KeyAgreementAlgorithm | Name | DH | jca/KeyExchange.java:52:63:52:66 | jca/KeyExchange.java:52:63:52:66 | +| jca/KeyExchange.java:52:63:52:66 | KeyAgreementAlgorithm | RawName | DH | jca/KeyExchange.java:52:63:52:66 | jca/KeyExchange.java:52:63:52:66 | +| jca/KeyExchange.java:53:26:53:29 | Constant | Description | 2048 | jca/KeyExchange.java:53:26:53:29 | jca/KeyExchange.java:53:26:53:29 | +| jca/KeyExchange.java:54:16:54:38 | Key | KeyType | Asymmetric | jca/KeyExchange.java:54:16:54:38 | jca/KeyExchange.java:54:16:54:38 | +| jca/KeyExchange.java:67:63:67:66 | KeyAgreementAlgorithm | Name | DH | jca/KeyExchange.java:67:63:67:66 | jca/KeyExchange.java:67:63:67:66 | +| jca/KeyExchange.java:67:63:67:66 | KeyAgreementAlgorithm | RawName | DH | jca/KeyExchange.java:67:63:67:66 | jca/KeyExchange.java:67:63:67:66 | +| jca/KeyExchange.java:69:26:69:28 | Constant | Description | 512 | jca/KeyExchange.java:69:26:69:28 | jca/KeyExchange.java:69:26:69:28 | +| jca/KeyExchange.java:70:16:70:38 | Key | KeyType | Asymmetric | jca/KeyExchange.java:70:16:70:38 | jca/KeyExchange.java:70:16:70:38 | +| jca/KeyExchange.java:83:63:83:66 | KeyAgreementAlgorithm | Name | DH | jca/KeyExchange.java:83:63:83:66 | jca/KeyExchange.java:83:63:83:66 | +| jca/KeyExchange.java:83:63:83:66 | KeyAgreementAlgorithm | RawName | DH | jca/KeyExchange.java:83:63:83:66 | jca/KeyExchange.java:83:63:83:66 | +| jca/KeyExchange.java:84:26:84:29 | Constant | Description | 4096 | jca/KeyExchange.java:84:26:84:29 | jca/KeyExchange.java:84:26:84:29 | +| jca/KeyExchange.java:85:16:85:38 | Key | KeyType | Asymmetric | jca/KeyExchange.java:85:16:85:38 | jca/KeyExchange.java:85:16:85:38 | +| jca/KeyExchange.java:99:52:99:55 | KeyAgreementAlgorithm | Name | DH | jca/KeyExchange.java:99:52:99:55 | jca/KeyExchange.java:99:52:99:55 | +| jca/KeyExchange.java:99:52:99:55 | KeyAgreementAlgorithm | RawName | DH | jca/KeyExchange.java:99:52:99:55 | jca/KeyExchange.java:99:52:99:55 | +| jca/KeyExchange.java:100:17:100:26 | Key | KeyType | Unknown | jca/KeyExchange.java:100:17:100:26 | jca/KeyExchange.java:100:17:100:26 | +| jca/KeyExchange.java:101:20:101:28 | Key | KeyType | Unknown | jca/KeyExchange.java:101:20:101:28 | jca/KeyExchange.java:101:20:101:28 | +| jca/KeyExchange.java:121:49:121:59 | EllipticCurve | KeySize | 256 | jca/KeyExchange.java:121:49:121:59 | jca/KeyExchange.java:121:49:121:59 | +| jca/KeyExchange.java:121:49:121:59 | EllipticCurve | Name | secp256r1 | jca/KeyExchange.java:121:49:121:59 | jca/KeyExchange.java:121:49:121:59 | +| jca/KeyExchange.java:121:49:121:59 | EllipticCurve | ParsedName | secp256r1 | jca/KeyExchange.java:121:49:121:59 | jca/KeyExchange.java:121:49:121:59 | +| jca/KeyExchange.java:121:49:121:59 | EllipticCurve | RawName | secp256r1 | jca/KeyExchange.java:121:49:121:59 | jca/KeyExchange.java:121:49:121:59 | +| jca/KeyExchange.java:122:16:122:38 | Key | KeyType | Asymmetric | jca/KeyExchange.java:122:16:122:38 | jca/KeyExchange.java:122:16:122:38 | +| jca/KeyExchange.java:136:52:136:57 | KeyAgreementAlgorithm | Name | ECDH | jca/KeyExchange.java:136:52:136:57 | jca/KeyExchange.java:136:52:136:57 | +| jca/KeyExchange.java:136:52:136:57 | KeyAgreementAlgorithm | RawName | ECDH | jca/KeyExchange.java:136:52:136:57 | jca/KeyExchange.java:136:52:136:57 | +| jca/KeyExchange.java:137:17:137:26 | Key | KeyType | Unknown | jca/KeyExchange.java:137:17:137:26 | jca/KeyExchange.java:137:17:137:26 | +| jca/KeyExchange.java:138:20:138:28 | Key | KeyType | Unknown | jca/KeyExchange.java:138:20:138:28 | jca/KeyExchange.java:138:20:138:28 | +| jca/KeyExchange.java:156:61:156:68 | KeyAgreementAlgorithm | Name | X25519 | jca/KeyExchange.java:156:61:156:68 | jca/KeyExchange.java:156:61:156:68 | +| jca/KeyExchange.java:156:61:156:68 | KeyAgreementAlgorithm | RawName | X25519 | jca/KeyExchange.java:156:61:156:68 | jca/KeyExchange.java:156:61:156:68 | +| jca/KeyExchange.java:158:24:158:26 | Constant | Description | 255 | jca/KeyExchange.java:158:24:158:26 | jca/KeyExchange.java:158:24:158:26 | +| jca/KeyExchange.java:159:16:159:36 | Key | KeyType | Asymmetric | jca/KeyExchange.java:159:16:159:36 | jca/KeyExchange.java:159:16:159:36 | +| jca/KeyExchange.java:173:52:173:59 | KeyAgreementAlgorithm | Name | X25519 | jca/KeyExchange.java:173:52:173:59 | jca/KeyExchange.java:173:52:173:59 | +| jca/KeyExchange.java:173:52:173:59 | KeyAgreementAlgorithm | RawName | X25519 | jca/KeyExchange.java:173:52:173:59 | jca/KeyExchange.java:173:52:173:59 | +| jca/KeyExchange.java:174:17:174:26 | Key | KeyType | Unknown | jca/KeyExchange.java:174:17:174:26 | jca/KeyExchange.java:174:17:174:26 | +| jca/KeyExchange.java:175:20:175:28 | Key | KeyType | Unknown | jca/KeyExchange.java:175:20:175:28 | jca/KeyExchange.java:175:20:175:28 | +| jca/KeyExchange.java:193:61:193:66 | KeyAgreementAlgorithm | Name | X448 | jca/KeyExchange.java:193:61:193:66 | jca/KeyExchange.java:193:61:193:66 | +| jca/KeyExchange.java:193:61:193:66 | KeyAgreementAlgorithm | RawName | X448 | jca/KeyExchange.java:193:61:193:66 | jca/KeyExchange.java:193:61:193:66 | +| jca/KeyExchange.java:195:24:195:26 | Constant | Description | 448 | jca/KeyExchange.java:195:24:195:26 | jca/KeyExchange.java:195:24:195:26 | +| jca/KeyExchange.java:196:16:196:36 | Key | KeyType | Asymmetric | jca/KeyExchange.java:196:16:196:36 | jca/KeyExchange.java:196:16:196:36 | +| jca/KeyExchange.java:210:52:210:57 | KeyAgreementAlgorithm | Name | X448 | jca/KeyExchange.java:210:52:210:57 | jca/KeyExchange.java:210:52:210:57 | +| jca/KeyExchange.java:210:52:210:57 | KeyAgreementAlgorithm | RawName | X448 | jca/KeyExchange.java:210:52:210:57 | jca/KeyExchange.java:210:52:210:57 | +| jca/KeyExchange.java:211:17:211:26 | Key | KeyType | Unknown | jca/KeyExchange.java:211:17:211:26 | jca/KeyExchange.java:211:17:211:26 | +| jca/KeyExchange.java:212:20:212:28 | Key | KeyType | Unknown | jca/KeyExchange.java:212:20:212:28 | jca/KeyExchange.java:212:20:212:28 | +| jca/MACOperation.java:59:36:59:49 | Parameter | Description | message | jca/MACOperation.java:59:36:59:49 | jca/MACOperation.java:59:36:59:49 | +| jca/MACOperation.java:59:52:59:61 | Parameter | Description | key | jca/MACOperation.java:59:52:59:61 | jca/MACOperation.java:59:52:59:61 | +| jca/MACOperation.java:60:35:60:46 | KeyOperationAlgorithm | Name | HMAC | jca/MACOperation.java:60:35:60:46 | jca/MACOperation.java:60:35:60:46 | +| jca/MACOperation.java:60:35:60:46 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/MACOperation.java:60:35:60:46 | jca/MACOperation.java:60:35:60:46 | +| jca/MACOperation.java:62:18:62:26 | Key | KeyType | Unknown | jca/MACOperation.java:62:18:62:26 | jca/MACOperation.java:62:18:62:26 | +| jca/MACOperation.java:63:16:63:46 | MACOperation | KeyOperationSubtype | Mac | jca/MACOperation.java:63:16:63:46 | jca/MACOperation.java:63:16:63:46 | +| jca/MACOperation.java:70:34:70:47 | Parameter | Description | message | jca/MACOperation.java:70:34:70:47 | jca/MACOperation.java:70:34:70:47 | +| jca/MACOperation.java:70:50:70:59 | Parameter | Description | key | jca/MACOperation.java:70:50:70:59 | jca/MACOperation.java:70:50:70:59 | +| jca/MACOperation.java:71:35:71:48 | KeyOperationAlgorithm | Name | HMAC | jca/MACOperation.java:71:35:71:48 | jca/MACOperation.java:71:35:71:48 | +| jca/MACOperation.java:71:35:71:48 | KeyOperationAlgorithm | RawName | HmacSHA3-256 | jca/MACOperation.java:71:35:71:48 | jca/MACOperation.java:71:35:71:48 | +| jca/MACOperation.java:73:18:73:26 | Key | KeyType | Unknown | jca/MACOperation.java:73:18:73:26 | jca/MACOperation.java:73:18:73:26 | +| jca/MACOperation.java:74:16:74:46 | MACOperation | KeyOperationSubtype | Mac | jca/MACOperation.java:74:16:74:46 | jca/MACOperation.java:74:16:74:46 | +| jca/MACOperation.java:81:34:81:47 | Parameter | Description | message | jca/MACOperation.java:81:34:81:47 | jca/MACOperation.java:81:34:81:47 | +| jca/MACOperation.java:81:50:81:59 | Parameter | Description | key | jca/MACOperation.java:81:50:81:59 | jca/MACOperation.java:81:50:81:59 | +| jca/MACOperation.java:82:35:82:44 | KeyOperationAlgorithm | Name | UnknownMac | jca/MACOperation.java:82:35:82:44 | jca/MACOperation.java:82:35:82:44 | +| jca/MACOperation.java:82:35:82:44 | KeyOperationAlgorithm | RawName | Poly1305 | jca/MACOperation.java:82:35:82:44 | jca/MACOperation.java:82:35:82:44 | +| jca/MACOperation.java:84:18:84:26 | Key | KeyType | Unknown | jca/MACOperation.java:84:18:84:26 | jca/MACOperation.java:84:18:84:26 | +| jca/MACOperation.java:85:16:85:46 | MACOperation | KeyOperationSubtype | Mac | jca/MACOperation.java:85:16:85:46 | jca/MACOperation.java:85:16:85:46 | +| jca/MACOperation.java:92:30:92:43 | Parameter | Description | message | jca/MACOperation.java:92:30:92:43 | jca/MACOperation.java:92:30:92:43 | +| jca/MACOperation.java:92:46:92:55 | Parameter | Description | key | jca/MACOperation.java:92:46:92:55 | jca/MACOperation.java:92:46:92:55 | +| jca/MACOperation.java:94:35:94:40 | KeyOperationAlgorithm | Name | UnknownMac | jca/MACOperation.java:94:35:94:40 | jca/MACOperation.java:94:35:94:40 | +| jca/MACOperation.java:94:35:94:40 | KeyOperationAlgorithm | RawName | GMac | jca/MACOperation.java:94:35:94:40 | jca/MACOperation.java:94:35:94:40 | +| jca/MACOperation.java:98:18:98:26 | Key | KeyType | Unknown | jca/MACOperation.java:98:18:98:26 | jca/MACOperation.java:98:18:98:26 | +| jca/MACOperation.java:99:16:99:46 | MACOperation | KeyOperationSubtype | Mac | jca/MACOperation.java:99:16:99:46 | jca/MACOperation.java:99:16:99:46 | +| jca/MACOperation.java:106:30:106:43 | Parameter | Description | message | jca/MACOperation.java:106:30:106:43 | jca/MACOperation.java:106:30:106:43 | +| jca/MACOperation.java:106:46:106:55 | Parameter | Description | key | jca/MACOperation.java:106:46:106:55 | jca/MACOperation.java:106:46:106:55 | +| jca/MACOperation.java:107:35:107:43 | Constant | Description | "KMAC128" | jca/MACOperation.java:107:35:107:43 | jca/MACOperation.java:107:35:107:43 | +| jca/MACOperation.java:109:18:109:26 | Key | KeyType | Unknown | jca/MACOperation.java:109:18:109:26 | jca/MACOperation.java:109:18:109:26 | +| jca/MACOperation.java:110:16:110:46 | MACOperation | KeyOperationSubtype | Mac | jca/MACOperation.java:110:16:110:46 | jca/MACOperation.java:110:16:110:46 | +| jca/MACOperation.java:117:36:117:49 | Parameter | Description | message | jca/MACOperation.java:117:36:117:49 | jca/MACOperation.java:117:36:117:49 | +| jca/MACOperation.java:117:52:117:61 | Parameter | Description | key | jca/MACOperation.java:117:52:117:61 | jca/MACOperation.java:117:52:117:61 | +| jca/MACOperation.java:118:35:118:44 | KeyOperationAlgorithm | Name | HMAC | jca/MACOperation.java:118:35:118:44 | jca/MACOperation.java:118:35:118:44 | +| jca/MACOperation.java:118:35:118:44 | KeyOperationAlgorithm | RawName | HmacSHA1 | jca/MACOperation.java:118:35:118:44 | jca/MACOperation.java:118:35:118:44 | +| jca/MACOperation.java:120:18:120:26 | Key | KeyType | Unknown | jca/MACOperation.java:120:18:120:26 | jca/MACOperation.java:120:18:120:26 | +| jca/MACOperation.java:121:16:121:46 | MACOperation | KeyOperationSubtype | Mac | jca/MACOperation.java:121:16:121:46 | jca/MACOperation.java:121:16:121:46 | +| jca/MACOperation.java:133:34:133:49 | Parameter | Description | macOutput | jca/MACOperation.java:133:34:133:49 | jca/MACOperation.java:133:34:133:49 | +| jca/MACOperation.java:136:44:136:62 | KeyOperationAlgorithm | Name | AES | jca/MACOperation.java:136:44:136:62 | jca/MACOperation.java:136:44:136:62 | +| jca/MACOperation.java:136:44:136:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/MACOperation.java:136:44:136:62 | jca/MACOperation.java:136:44:136:62 | +| jca/MACOperation.java:136:44:136:62 | KeyOperationAlgorithm | Structure | Block | jca/MACOperation.java:136:44:136:62 | jca/MACOperation.java:136:44:136:62 | +| jca/MACOperation.java:136:44:136:62 | ModeOfOperation | Name | GCM | jca/MACOperation.java:136:44:136:62 | jca/MACOperation.java:136:44:136:62 | +| jca/MACOperation.java:136:44:136:62 | ModeOfOperation | RawName | GCM | jca/MACOperation.java:136:44:136:62 | jca/MACOperation.java:136:44:136:62 | +| jca/MACOperation.java:136:44:136:62 | PaddingAlgorithm | Name | UnknownPadding | jca/MACOperation.java:136:44:136:62 | jca/MACOperation.java:136:44:136:62 | +| jca/MACOperation.java:136:44:136:62 | PaddingAlgorithm | RawName | NoPadding | jca/MACOperation.java:136:44:136:62 | jca/MACOperation.java:136:44:136:62 | +| jca/MACOperation.java:137:42:137:44 | Key | KeyType | Unknown | jca/MACOperation.java:137:42:137:44 | jca/MACOperation.java:137:42:137:44 | +| jca/MACOperation.java:138:32:138:74 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/MACOperation.java:138:32:138:74 | jca/MACOperation.java:138:32:138:74 | +| jca/MACOperation.java:138:47:138:62 | Constant | Description | "Sensitive Data" | jca/MACOperation.java:138:47:138:62 | jca/MACOperation.java:138:47:138:62 | +| jca/MACOperation.java:150:36:150:51 | Parameter | Description | macOutput | jca/MACOperation.java:150:36:150:51 | jca/MACOperation.java:150:36:150:51 | +| jca/MACOperation.java:166:47:166:62 | Parameter | Description | macOutput | jca/MACOperation.java:166:47:166:62 | jca/MACOperation.java:166:47:166:62 | +| jca/MACOperation.java:170:77:170:81 | Constant | Description | 10000 | jca/MACOperation.java:170:77:170:81 | jca/MACOperation.java:170:77:170:81 | +| jca/MACOperation.java:170:84:170:86 | Constant | Description | 256 | jca/MACOperation.java:170:84:170:86 | jca/MACOperation.java:170:84:170:86 | +| jca/MACOperation.java:171:65:171:86 | HMACAlgorithm | Name | HMAC | jca/MACOperation.java:171:65:171:86 | jca/MACOperation.java:171:65:171:86 | +| jca/MACOperation.java:171:65:171:86 | HMACAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/MACOperation.java:171:65:171:86 | jca/MACOperation.java:171:65:171:86 | +| jca/MACOperation.java:171:65:171:86 | HashAlgorithm | DigestSize | 256 | jca/MACOperation.java:171:65:171:86 | jca/MACOperation.java:171:65:171:86 | +| jca/MACOperation.java:171:65:171:86 | HashAlgorithm | Name | SHA2 | jca/MACOperation.java:171:65:171:86 | jca/MACOperation.java:171:65:171:86 | +| jca/MACOperation.java:171:65:171:86 | HashAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/MACOperation.java:171:65:171:86 | jca/MACOperation.java:171:65:171:86 | +| jca/MACOperation.java:171:65:171:86 | KeyDerivationAlgorithm | Name | PBKDF2WithHmacSHA256 | jca/MACOperation.java:171:65:171:86 | jca/MACOperation.java:171:65:171:86 | +| jca/MACOperation.java:171:65:171:86 | KeyDerivationAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/MACOperation.java:171:65:171:86 | jca/MACOperation.java:171:65:171:86 | +| jca/MACOperation.java:172:30:172:57 | Key | KeyType | Symmetric | jca/MACOperation.java:172:30:172:57 | jca/MACOperation.java:172:30:172:57 | +| jca/MACOperation.java:172:30:172:57 | KeyDerivation | Iterations | Constant:10000 | jca/MACOperation.java:170:77:170:81 | jca/MACOperation.java:170:77:170:81 | +| jca/MACOperation.java:172:30:172:57 | KeyDerivation | KeySize | Constant:256 | jca/MACOperation.java:170:84:170:86 | jca/MACOperation.java:170:84:170:86 | +| jca/MACOperation.java:180:44:180:62 | KeyOperationAlgorithm | Name | AES | jca/MACOperation.java:180:44:180:62 | jca/MACOperation.java:180:44:180:62 | +| jca/MACOperation.java:180:44:180:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/MACOperation.java:180:44:180:62 | jca/MACOperation.java:180:44:180:62 | +| jca/MACOperation.java:180:44:180:62 | KeyOperationAlgorithm | Structure | Block | jca/MACOperation.java:180:44:180:62 | jca/MACOperation.java:180:44:180:62 | +| jca/MACOperation.java:180:44:180:62 | ModeOfOperation | Name | GCM | jca/MACOperation.java:180:44:180:62 | jca/MACOperation.java:180:44:180:62 | +| jca/MACOperation.java:180:44:180:62 | ModeOfOperation | RawName | GCM | jca/MACOperation.java:180:44:180:62 | jca/MACOperation.java:180:44:180:62 | +| jca/MACOperation.java:180:44:180:62 | PaddingAlgorithm | Name | UnknownPadding | jca/MACOperation.java:180:44:180:62 | jca/MACOperation.java:180:44:180:62 | +| jca/MACOperation.java:180:44:180:62 | PaddingAlgorithm | RawName | NoPadding | jca/MACOperation.java:180:44:180:62 | jca/MACOperation.java:180:44:180:62 | +| jca/MACOperation.java:181:42:181:54 | Key | KeyType | Unknown | jca/MACOperation.java:181:42:181:54 | jca/MACOperation.java:181:42:181:54 | +| jca/MACOperation.java:182:29:182:78 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/MACOperation.java:182:29:182:78 | jca/MACOperation.java:182:29:182:78 | +| jca/MACOperation.java:182:44:182:66 | Constant | Description | "Further Use Test Data" | jca/MACOperation.java:182:44:182:66 | jca/MACOperation.java:182:44:182:66 | +| jca/MACOperation.java:185:35:185:46 | KeyOperationAlgorithm | Name | HMAC | jca/MACOperation.java:185:35:185:46 | jca/MACOperation.java:185:35:185:46 | +| jca/MACOperation.java:185:35:185:46 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/MACOperation.java:185:35:185:46 | jca/MACOperation.java:185:35:185:46 | +| jca/MACOperation.java:186:18:186:30 | Key | KeyType | Unknown | jca/MACOperation.java:186:18:186:30 | jca/MACOperation.java:186:18:186:30 | +| jca/MACOperation.java:187:30:187:52 | MACOperation | KeyOperationSubtype | Mac | jca/MACOperation.java:187:30:187:52 | jca/MACOperation.java:187:30:187:52 | +| jca/MACOperation.java:216:44:216:62 | KeyOperationAlgorithm | Name | AES | jca/MACOperation.java:216:44:216:62 | jca/MACOperation.java:216:44:216:62 | +| jca/MACOperation.java:216:44:216:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/MACOperation.java:216:44:216:62 | jca/MACOperation.java:216:44:216:62 | +| jca/MACOperation.java:216:44:216:62 | KeyOperationAlgorithm | Structure | Block | jca/MACOperation.java:216:44:216:62 | jca/MACOperation.java:216:44:216:62 | +| jca/MACOperation.java:216:44:216:62 | ModeOfOperation | Name | GCM | jca/MACOperation.java:216:44:216:62 | jca/MACOperation.java:216:44:216:62 | +| jca/MACOperation.java:216:44:216:62 | ModeOfOperation | RawName | GCM | jca/MACOperation.java:216:44:216:62 | jca/MACOperation.java:216:44:216:62 | +| jca/MACOperation.java:216:44:216:62 | PaddingAlgorithm | Name | UnknownPadding | jca/MACOperation.java:216:44:216:62 | jca/MACOperation.java:216:44:216:62 | +| jca/MACOperation.java:216:44:216:62 | PaddingAlgorithm | RawName | NoPadding | jca/MACOperation.java:216:44:216:62 | jca/MACOperation.java:216:44:216:62 | +| jca/MACOperation.java:218:42:218:44 | Key | KeyType | Unknown | jca/MACOperation.java:218:42:218:44 | jca/MACOperation.java:218:42:218:44 | +| jca/MACOperation.java:219:32:219:51 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/MACOperation.java:219:32:219:51 | jca/MACOperation.java:219:32:219:51 | +| jca/MACOperation.java:232:56:232:60 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/MACOperation.java:233:21:233:23 | jca/MACOperation.java:233:21:233:23 | +| jca/MACOperation.java:232:56:232:60 | KeyOperationAlgorithm | Name | AES | jca/MACOperation.java:232:56:232:60 | jca/MACOperation.java:232:56:232:60 | +| jca/MACOperation.java:232:56:232:60 | KeyOperationAlgorithm | RawName | AES | jca/MACOperation.java:232:56:232:60 | jca/MACOperation.java:232:56:232:60 | +| jca/MACOperation.java:232:56:232:60 | KeyOperationAlgorithm | Structure | Block | jca/MACOperation.java:232:56:232:60 | jca/MACOperation.java:232:56:232:60 | +| jca/MACOperation.java:233:21:233:23 | Constant | Description | 256 | jca/MACOperation.java:233:21:233:23 | jca/MACOperation.java:233:21:233:23 | +| jca/MACOperation.java:234:16:234:35 | Key | KeyType | Symmetric | jca/MACOperation.java:234:16:234:35 | jca/MACOperation.java:234:16:234:35 | +| jca/MACOperation.java:246:9:246:42 | RandomNumberGeneration | Description | nextBytes | jca/MACOperation.java:246:9:246:42 | jca/MACOperation.java:246:9:246:42 | +| jca/MACOperation.java:246:38:246:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/MACOperation.java:246:38:246:41 | jca/MACOperation.java:246:38:246:41 | +| jca/Nonce.java:24:35:24:46 | KeyOperationAlgorithm | Name | HMAC | jca/Nonce.java:24:35:24:46 | jca/Nonce.java:24:35:24:46 | +| jca/Nonce.java:24:35:24:46 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/Nonce.java:24:35:24:46 | jca/Nonce.java:24:35:24:46 | +| jca/Nonce.java:25:18:25:20 | Key | KeyType | Unknown | jca/Nonce.java:25:18:25:20 | jca/Nonce.java:25:18:25:20 | +| jca/Nonce.java:27:28:27:69 | MACOperation | KeyOperationSubtype | Mac | jca/Nonce.java:27:28:27:69 | jca/Nonce.java:27:28:27:69 | +| jca/Nonce.java:27:40:27:57 | Constant | Description | "Simple Test Data" | jca/Nonce.java:27:40:27:57 | jca/Nonce.java:27:40:27:57 | +| jca/Nonce.java:37:35:37:46 | KeyOperationAlgorithm | Name | HMAC | jca/Nonce.java:37:35:37:46 | jca/Nonce.java:37:35:37:46 | +| jca/Nonce.java:37:35:37:46 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/Nonce.java:37:35:37:46 | jca/Nonce.java:37:35:37:46 | +| jca/Nonce.java:38:18:38:20 | Key | KeyType | Unknown | jca/Nonce.java:38:18:38:20 | jca/Nonce.java:38:18:38:20 | +| jca/Nonce.java:40:28:40:67 | MACOperation | KeyOperationSubtype | Mac | jca/Nonce.java:40:28:40:67 | jca/Nonce.java:40:28:40:67 | +| jca/Nonce.java:40:40:40:55 | Constant | Description | "Sensitive Data" | jca/Nonce.java:40:40:40:55 | jca/Nonce.java:40:40:40:55 | +| jca/Nonce.java:47:39:47:51 | Parameter | Description | key | jca/Nonce.java:47:39:47:51 | jca/Nonce.java:47:39:47:51 | +| jca/Nonce.java:47:54:47:69 | Parameter | Description | plaintext | jca/Nonce.java:47:54:47:69 | jca/Nonce.java:47:54:47:69 | +| jca/Nonce.java:50:44:50:62 | KeyOperationAlgorithm | Name | AES | jca/Nonce.java:50:44:50:62 | jca/Nonce.java:50:44:50:62 | +| jca/Nonce.java:50:44:50:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/Nonce.java:50:44:50:62 | jca/Nonce.java:50:44:50:62 | +| jca/Nonce.java:50:44:50:62 | KeyOperationAlgorithm | Structure | Block | jca/Nonce.java:50:44:50:62 | jca/Nonce.java:50:44:50:62 | +| jca/Nonce.java:50:44:50:62 | ModeOfOperation | Name | GCM | jca/Nonce.java:50:44:50:62 | jca/Nonce.java:50:44:50:62 | +| jca/Nonce.java:50:44:50:62 | ModeOfOperation | RawName | GCM | jca/Nonce.java:50:44:50:62 | jca/Nonce.java:50:44:50:62 | +| jca/Nonce.java:50:44:50:62 | PaddingAlgorithm | Name | UnknownPadding | jca/Nonce.java:50:44:50:62 | jca/Nonce.java:50:44:50:62 | +| jca/Nonce.java:50:44:50:62 | PaddingAlgorithm | RawName | NoPadding | jca/Nonce.java:50:44:50:62 | jca/Nonce.java:50:44:50:62 | +| jca/Nonce.java:51:42:51:44 | Key | KeyType | Unknown | jca/Nonce.java:51:42:51:44 | jca/Nonce.java:51:42:51:44 | +| jca/Nonce.java:52:29:52:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/Nonce.java:52:29:52:53 | jca/Nonce.java:52:29:52:53 | +| jca/Nonce.java:58:37:58:49 | Parameter | Description | key | jca/Nonce.java:58:37:58:49 | jca/Nonce.java:58:37:58:49 | +| jca/Nonce.java:58:52:58:67 | Parameter | Description | plaintext | jca/Nonce.java:58:52:58:67 | jca/Nonce.java:58:52:58:67 | +| jca/Nonce.java:61:44:61:62 | KeyOperationAlgorithm | Name | AES | jca/Nonce.java:61:44:61:62 | jca/Nonce.java:61:44:61:62 | +| jca/Nonce.java:61:44:61:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/Nonce.java:61:44:61:62 | jca/Nonce.java:61:44:61:62 | +| jca/Nonce.java:61:44:61:62 | KeyOperationAlgorithm | Structure | Block | jca/Nonce.java:61:44:61:62 | jca/Nonce.java:61:44:61:62 | +| jca/Nonce.java:61:44:61:62 | ModeOfOperation | Name | GCM | jca/Nonce.java:61:44:61:62 | jca/Nonce.java:61:44:61:62 | +| jca/Nonce.java:61:44:61:62 | ModeOfOperation | RawName | GCM | jca/Nonce.java:61:44:61:62 | jca/Nonce.java:61:44:61:62 | +| jca/Nonce.java:61:44:61:62 | PaddingAlgorithm | Name | UnknownPadding | jca/Nonce.java:61:44:61:62 | jca/Nonce.java:61:44:61:62 | +| jca/Nonce.java:61:44:61:62 | PaddingAlgorithm | RawName | NoPadding | jca/Nonce.java:61:44:61:62 | jca/Nonce.java:61:44:61:62 | +| jca/Nonce.java:62:42:62:44 | Key | KeyType | Unknown | jca/Nonce.java:62:42:62:44 | jca/Nonce.java:62:42:62:44 | +| jca/Nonce.java:63:29:63:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/Nonce.java:63:29:63:53 | jca/Nonce.java:63:29:63:53 | +| jca/Nonce.java:70:53:70:64 | KeyOperationAlgorithm | Name | HMAC | jca/Nonce.java:70:53:70:64 | jca/Nonce.java:70:53:70:64 | +| jca/Nonce.java:70:53:70:64 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/Nonce.java:70:53:70:64 | jca/Nonce.java:70:53:70:64 | +| jca/Nonce.java:78:18:78:20 | Key | KeyType | Unknown | jca/Nonce.java:78:18:78:20 | jca/Nonce.java:78:18:78:20 | +| jca/Nonce.java:80:28:80:67 | MACOperation | KeyOperationSubtype | Mac | jca/Nonce.java:80:28:80:67 | jca/Nonce.java:80:28:80:67 | +| jca/Nonce.java:80:40:80:55 | Constant | Description | "Sensitive Data" | jca/Nonce.java:80:40:80:55 | jca/Nonce.java:80:40:80:55 | +| jca/Nonce.java:92:56:92:67 | Constant | Description | "HmacSHA256" | jca/Nonce.java:92:56:92:67 | jca/Nonce.java:92:56:92:67 | +| jca/Nonce.java:93:16:93:35 | Key | KeyType | Symmetric | jca/Nonce.java:93:16:93:35 | jca/Nonce.java:93:16:93:35 | +| jca/Nonce.java:98:9:98:43 | RandomNumberGeneration | Description | nextBytes | jca/Nonce.java:98:9:98:43 | jca/Nonce.java:98:9:98:43 | +| jca/Nonce.java:98:38:98:42 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/Nonce.java:98:38:98:42 | jca/Nonce.java:98:38:98:42 | +| jca/Nonce.java:112:16:112:33 | Constant | Description | "BADNONCEBADNONCE" | jca/Nonce.java:112:16:112:33 | jca/Nonce.java:112:16:112:33 | +| jca/PrngTest.java:152:56:152:60 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/PrngTest.java:153:21:153:23 | jca/PrngTest.java:153:21:153:23 | +| jca/PrngTest.java:152:56:152:60 | KeyOperationAlgorithm | Name | AES | jca/PrngTest.java:152:56:152:60 | jca/PrngTest.java:152:56:152:60 | +| jca/PrngTest.java:152:56:152:60 | KeyOperationAlgorithm | RawName | AES | jca/PrngTest.java:152:56:152:60 | jca/PrngTest.java:152:56:152:60 | +| jca/PrngTest.java:152:56:152:60 | KeyOperationAlgorithm | Structure | Block | jca/PrngTest.java:152:56:152:60 | jca/PrngTest.java:152:56:152:60 | +| jca/PrngTest.java:153:21:153:23 | Constant | Description | 256 | jca/PrngTest.java:153:21:153:23 | jca/PrngTest.java:153:21:153:23 | +| jca/PrngTest.java:154:16:154:35 | Key | KeyType | Symmetric | jca/PrngTest.java:154:16:154:35 | jca/PrngTest.java:154:16:154:35 | +| jca/SignEncryptCombinations.java:52:49:52:59 | EllipticCurve | KeySize | 256 | jca/SignEncryptCombinations.java:52:49:52:59 | jca/SignEncryptCombinations.java:52:49:52:59 | +| jca/SignEncryptCombinations.java:52:49:52:59 | EllipticCurve | Name | secp256r1 | jca/SignEncryptCombinations.java:52:49:52:59 | jca/SignEncryptCombinations.java:52:49:52:59 | +| jca/SignEncryptCombinations.java:52:49:52:59 | EllipticCurve | ParsedName | secp256r1 | jca/SignEncryptCombinations.java:52:49:52:59 | jca/SignEncryptCombinations.java:52:49:52:59 | +| jca/SignEncryptCombinations.java:52:49:52:59 | EllipticCurve | RawName | secp256r1 | jca/SignEncryptCombinations.java:52:49:52:59 | jca/SignEncryptCombinations.java:52:49:52:59 | +| jca/SignEncryptCombinations.java:53:16:53:38 | Key | KeyType | Asymmetric | jca/SignEncryptCombinations.java:53:16:53:38 | jca/SignEncryptCombinations.java:53:16:53:38 | +| jca/SignEncryptCombinations.java:61:53:61:69 | HashAlgorithm | DigestSize | 256 | jca/SignEncryptCombinations.java:61:53:61:69 | jca/SignEncryptCombinations.java:61:53:61:69 | +| jca/SignEncryptCombinations.java:61:53:61:69 | HashAlgorithm | Name | SHA2 | jca/SignEncryptCombinations.java:61:53:61:69 | jca/SignEncryptCombinations.java:61:53:61:69 | +| jca/SignEncryptCombinations.java:61:53:61:69 | HashAlgorithm | RawName | SHA256withECDSA | jca/SignEncryptCombinations.java:61:53:61:69 | jca/SignEncryptCombinations.java:61:53:61:69 | +| jca/SignEncryptCombinations.java:61:53:61:69 | KeyOperationAlgorithm | Name | ECDSA | jca/SignEncryptCombinations.java:61:53:61:69 | jca/SignEncryptCombinations.java:61:53:61:69 | +| jca/SignEncryptCombinations.java:61:53:61:69 | KeyOperationAlgorithm | RawName | SHA256withECDSA | jca/SignEncryptCombinations.java:61:53:61:69 | jca/SignEncryptCombinations.java:61:53:61:69 | +| jca/SignEncryptCombinations.java:62:28:62:34 | Key | KeyType | Unknown | jca/SignEncryptCombinations.java:62:28:62:34 | jca/SignEncryptCombinations.java:62:28:62:34 | +| jca/SignEncryptCombinations.java:64:16:64:31 | SignOperation | KeyOperationSubtype | Sign | jca/SignEncryptCombinations.java:64:16:64:31 | jca/SignEncryptCombinations.java:64:16:64:31 | +| jca/SignEncryptCombinations.java:68:53:68:69 | HashAlgorithm | DigestSize | 256 | jca/SignEncryptCombinations.java:68:53:68:69 | jca/SignEncryptCombinations.java:68:53:68:69 | +| jca/SignEncryptCombinations.java:68:53:68:69 | HashAlgorithm | Name | SHA2 | jca/SignEncryptCombinations.java:68:53:68:69 | jca/SignEncryptCombinations.java:68:53:68:69 | +| jca/SignEncryptCombinations.java:68:53:68:69 | HashAlgorithm | RawName | SHA256withECDSA | jca/SignEncryptCombinations.java:68:53:68:69 | jca/SignEncryptCombinations.java:68:53:68:69 | +| jca/SignEncryptCombinations.java:68:53:68:69 | KeyOperationAlgorithm | Name | ECDSA | jca/SignEncryptCombinations.java:68:53:68:69 | jca/SignEncryptCombinations.java:68:53:68:69 | +| jca/SignEncryptCombinations.java:68:53:68:69 | KeyOperationAlgorithm | RawName | SHA256withECDSA | jca/SignEncryptCombinations.java:68:53:68:69 | jca/SignEncryptCombinations.java:68:53:68:69 | +| jca/SignEncryptCombinations.java:69:30:69:35 | Key | KeyType | Unknown | jca/SignEncryptCombinations.java:69:30:69:35 | jca/SignEncryptCombinations.java:69:30:69:35 | +| jca/SignEncryptCombinations.java:71:16:71:47 | VerifyOperation | KeyOperationSubtype | Verify | jca/SignEncryptCombinations.java:71:16:71:47 | jca/SignEncryptCombinations.java:71:16:71:47 | +| jca/SignEncryptCombinations.java:82:52:82:56 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/SignEncryptCombinations.java:83:17:83:19 | jca/SignEncryptCombinations.java:83:17:83:19 | +| jca/SignEncryptCombinations.java:82:52:82:56 | KeyOperationAlgorithm | Name | AES | jca/SignEncryptCombinations.java:82:52:82:56 | jca/SignEncryptCombinations.java:82:52:82:56 | +| jca/SignEncryptCombinations.java:82:52:82:56 | KeyOperationAlgorithm | RawName | AES | jca/SignEncryptCombinations.java:82:52:82:56 | jca/SignEncryptCombinations.java:82:52:82:56 | +| jca/SignEncryptCombinations.java:82:52:82:56 | KeyOperationAlgorithm | Structure | Block | jca/SignEncryptCombinations.java:82:52:82:56 | jca/SignEncryptCombinations.java:82:52:82:56 | +| jca/SignEncryptCombinations.java:83:17:83:19 | Constant | Description | 256 | jca/SignEncryptCombinations.java:83:17:83:19 | jca/SignEncryptCombinations.java:83:17:83:19 | +| jca/SignEncryptCombinations.java:84:16:84:31 | Key | KeyType | Symmetric | jca/SignEncryptCombinations.java:84:16:84:31 | jca/SignEncryptCombinations.java:84:16:84:31 | +| jca/SignEncryptCombinations.java:92:44:92:62 | KeyOperationAlgorithm | Name | AES | jca/SignEncryptCombinations.java:92:44:92:62 | jca/SignEncryptCombinations.java:92:44:92:62 | +| jca/SignEncryptCombinations.java:92:44:92:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/SignEncryptCombinations.java:92:44:92:62 | jca/SignEncryptCombinations.java:92:44:92:62 | +| jca/SignEncryptCombinations.java:92:44:92:62 | KeyOperationAlgorithm | Structure | Block | jca/SignEncryptCombinations.java:92:44:92:62 | jca/SignEncryptCombinations.java:92:44:92:62 | +| jca/SignEncryptCombinations.java:92:44:92:62 | ModeOfOperation | Name | GCM | jca/SignEncryptCombinations.java:92:44:92:62 | jca/SignEncryptCombinations.java:92:44:92:62 | +| jca/SignEncryptCombinations.java:92:44:92:62 | ModeOfOperation | RawName | GCM | jca/SignEncryptCombinations.java:92:44:92:62 | jca/SignEncryptCombinations.java:92:44:92:62 | +| jca/SignEncryptCombinations.java:92:44:92:62 | PaddingAlgorithm | Name | UnknownPadding | jca/SignEncryptCombinations.java:92:44:92:62 | jca/SignEncryptCombinations.java:92:44:92:62 | +| jca/SignEncryptCombinations.java:92:44:92:62 | PaddingAlgorithm | RawName | NoPadding | jca/SignEncryptCombinations.java:92:44:92:62 | jca/SignEncryptCombinations.java:92:44:92:62 | +| jca/SignEncryptCombinations.java:94:9:94:28 | RandomNumberGeneration | Description | nextBytes | jca/SignEncryptCombinations.java:94:9:94:28 | jca/SignEncryptCombinations.java:94:9:94:28 | +| jca/SignEncryptCombinations.java:94:26:94:27 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SignEncryptCombinations.java:94:26:94:27 | jca/SignEncryptCombinations.java:94:26:94:27 | +| jca/SignEncryptCombinations.java:96:42:96:44 | Key | KeyType | Unknown | jca/SignEncryptCombinations.java:96:42:96:44 | jca/SignEncryptCombinations.java:96:42:96:44 | +| jca/SignEncryptCombinations.java:97:29:97:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SignEncryptCombinations.java:97:29:97:53 | jca/SignEncryptCombinations.java:97:29:97:53 | +| jca/SignEncryptCombinations.java:111:44:111:62 | KeyOperationAlgorithm | Name | AES | jca/SignEncryptCombinations.java:111:44:111:62 | jca/SignEncryptCombinations.java:111:44:111:62 | +| jca/SignEncryptCombinations.java:111:44:111:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/SignEncryptCombinations.java:111:44:111:62 | jca/SignEncryptCombinations.java:111:44:111:62 | +| jca/SignEncryptCombinations.java:111:44:111:62 | KeyOperationAlgorithm | Structure | Block | jca/SignEncryptCombinations.java:111:44:111:62 | jca/SignEncryptCombinations.java:111:44:111:62 | +| jca/SignEncryptCombinations.java:111:44:111:62 | ModeOfOperation | Name | GCM | jca/SignEncryptCombinations.java:111:44:111:62 | jca/SignEncryptCombinations.java:111:44:111:62 | +| jca/SignEncryptCombinations.java:111:44:111:62 | ModeOfOperation | RawName | GCM | jca/SignEncryptCombinations.java:111:44:111:62 | jca/SignEncryptCombinations.java:111:44:111:62 | +| jca/SignEncryptCombinations.java:111:44:111:62 | PaddingAlgorithm | Name | UnknownPadding | jca/SignEncryptCombinations.java:111:44:111:62 | jca/SignEncryptCombinations.java:111:44:111:62 | +| jca/SignEncryptCombinations.java:111:44:111:62 | PaddingAlgorithm | RawName | NoPadding | jca/SignEncryptCombinations.java:111:44:111:62 | jca/SignEncryptCombinations.java:111:44:111:62 | +| jca/SignEncryptCombinations.java:112:42:112:44 | Key | KeyType | Unknown | jca/SignEncryptCombinations.java:112:42:112:44 | jca/SignEncryptCombinations.java:112:42:112:44 | +| jca/SignEncryptCombinations.java:113:16:113:41 | DecryptOperation | KeyOperationSubtype | Decrypt | jca/SignEncryptCombinations.java:113:16:113:41 | jca/SignEncryptCombinations.java:113:16:113:41 | +| jca/SignEncryptCombinations.java:121:35:121:46 | KeyOperationAlgorithm | Name | HMAC | jca/SignEncryptCombinations.java:121:35:121:46 | jca/SignEncryptCombinations.java:121:35:121:46 | +| jca/SignEncryptCombinations.java:121:35:121:46 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/SignEncryptCombinations.java:121:35:121:46 | jca/SignEncryptCombinations.java:121:35:121:46 | +| jca/SignEncryptCombinations.java:122:18:122:20 | Key | KeyType | Unknown | jca/SignEncryptCombinations.java:122:18:122:20 | jca/SignEncryptCombinations.java:122:18:122:20 | +| jca/SignEncryptCombinations.java:123:16:123:32 | MACOperation | KeyOperationSubtype | Mac | jca/SignEncryptCombinations.java:123:16:123:32 | jca/SignEncryptCombinations.java:123:16:123:32 | +| jca/SignEncryptCombinations.java:335:26:335:47 | Constant | Description | "Hello, combinations!" | jca/SignEncryptCombinations.java:335:26:335:47 | jca/SignEncryptCombinations.java:335:26:335:47 | +| jca/SignatureOperation.java:52:61:52:65 | KeyOperationAlgorithm | KeySize | Constant:2048 | jca/SignatureOperation.java:53:24:53:27 | jca/SignatureOperation.java:53:24:53:27 | +| jca/SignatureOperation.java:52:61:52:65 | KeyOperationAlgorithm | Name | RSA | jca/SignatureOperation.java:52:61:52:65 | jca/SignatureOperation.java:52:61:52:65 | +| jca/SignatureOperation.java:52:61:52:65 | KeyOperationAlgorithm | RawName | RSA | jca/SignatureOperation.java:52:61:52:65 | jca/SignatureOperation.java:52:61:52:65 | +| jca/SignatureOperation.java:53:24:53:27 | Constant | Description | 2048 | jca/SignatureOperation.java:53:24:53:27 | jca/SignatureOperation.java:53:24:53:27 | +| jca/SignatureOperation.java:54:16:54:36 | Key | KeyType | Asymmetric | jca/SignatureOperation.java:54:16:54:36 | jca/SignatureOperation.java:54:16:54:36 | +| jca/SignatureOperation.java:63:53:63:74 | HashAlgorithm | DigestSize | 256 | jca/SignatureOperation.java:63:53:63:74 | jca/SignatureOperation.java:63:53:63:74 | +| jca/SignatureOperation.java:63:53:63:74 | HashAlgorithm | Name | SHA2 | jca/SignatureOperation.java:63:53:63:74 | jca/SignatureOperation.java:63:53:63:74 | +| jca/SignatureOperation.java:63:53:63:74 | HashAlgorithm | RawName | SHA256withRSAandMGF1 | jca/SignatureOperation.java:63:53:63:74 | jca/SignatureOperation.java:63:53:63:74 | +| jca/SignatureOperation.java:63:53:63:74 | KeyOperationAlgorithm | Name | RSA | jca/SignatureOperation.java:63:53:63:74 | jca/SignatureOperation.java:63:53:63:74 | +| jca/SignatureOperation.java:63:53:63:74 | KeyOperationAlgorithm | RawName | SHA256withRSAandMGF1 | jca/SignatureOperation.java:63:53:63:74 | jca/SignatureOperation.java:63:53:63:74 | +| jca/SignatureOperation.java:64:28:64:37 | Key | KeyType | Unknown | jca/SignatureOperation.java:64:28:64:37 | jca/SignatureOperation.java:64:28:64:37 | +| jca/SignatureOperation.java:66:16:66:31 | SignOperation | KeyOperationSubtype | Sign | jca/SignatureOperation.java:66:16:66:31 | jca/SignatureOperation.java:66:16:66:31 | +| jca/SignatureOperation.java:75:53:75:74 | HashAlgorithm | DigestSize | 256 | jca/SignatureOperation.java:75:53:75:74 | jca/SignatureOperation.java:75:53:75:74 | +| jca/SignatureOperation.java:75:53:75:74 | HashAlgorithm | Name | SHA2 | jca/SignatureOperation.java:75:53:75:74 | jca/SignatureOperation.java:75:53:75:74 | +| jca/SignatureOperation.java:75:53:75:74 | HashAlgorithm | RawName | SHA256withRSAandMGF1 | jca/SignatureOperation.java:75:53:75:74 | jca/SignatureOperation.java:75:53:75:74 | +| jca/SignatureOperation.java:75:53:75:74 | KeyOperationAlgorithm | Name | RSA | jca/SignatureOperation.java:75:53:75:74 | jca/SignatureOperation.java:75:53:75:74 | +| jca/SignatureOperation.java:75:53:75:74 | KeyOperationAlgorithm | RawName | SHA256withRSAandMGF1 | jca/SignatureOperation.java:75:53:75:74 | jca/SignatureOperation.java:75:53:75:74 | +| jca/SignatureOperation.java:76:30:76:38 | Key | KeyType | Unknown | jca/SignatureOperation.java:76:30:76:38 | jca/SignatureOperation.java:76:30:76:38 | +| jca/SignatureOperation.java:78:16:78:41 | VerifyOperation | KeyOperationSubtype | Verify | jca/SignatureOperation.java:78:16:78:41 | jca/SignatureOperation.java:78:16:78:41 | +| jca/SignatureOperation.java:93:49:93:59 | EllipticCurve | KeySize | 256 | jca/SignatureOperation.java:93:49:93:59 | jca/SignatureOperation.java:93:49:93:59 | +| jca/SignatureOperation.java:93:49:93:59 | EllipticCurve | Name | secp256r1 | jca/SignatureOperation.java:93:49:93:59 | jca/SignatureOperation.java:93:49:93:59 | +| jca/SignatureOperation.java:93:49:93:59 | EllipticCurve | ParsedName | secp256r1 | jca/SignatureOperation.java:93:49:93:59 | jca/SignatureOperation.java:93:49:93:59 | +| jca/SignatureOperation.java:93:49:93:59 | EllipticCurve | RawName | secp256r1 | jca/SignatureOperation.java:93:49:93:59 | jca/SignatureOperation.java:93:49:93:59 | +| jca/SignatureOperation.java:94:16:94:38 | Key | KeyType | Asymmetric | jca/SignatureOperation.java:94:16:94:38 | jca/SignatureOperation.java:94:16:94:38 | +| jca/SignatureOperation.java:103:53:103:69 | HashAlgorithm | DigestSize | 256 | jca/SignatureOperation.java:103:53:103:69 | jca/SignatureOperation.java:103:53:103:69 | +| jca/SignatureOperation.java:103:53:103:69 | HashAlgorithm | Name | SHA2 | jca/SignatureOperation.java:103:53:103:69 | jca/SignatureOperation.java:103:53:103:69 | +| jca/SignatureOperation.java:103:53:103:69 | HashAlgorithm | RawName | SHA256withECDSA | jca/SignatureOperation.java:103:53:103:69 | jca/SignatureOperation.java:103:53:103:69 | +| jca/SignatureOperation.java:103:53:103:69 | KeyOperationAlgorithm | Name | ECDSA | jca/SignatureOperation.java:103:53:103:69 | jca/SignatureOperation.java:103:53:103:69 | +| jca/SignatureOperation.java:103:53:103:69 | KeyOperationAlgorithm | RawName | SHA256withECDSA | jca/SignatureOperation.java:103:53:103:69 | jca/SignatureOperation.java:103:53:103:69 | +| jca/SignatureOperation.java:104:28:104:37 | Key | KeyType | Unknown | jca/SignatureOperation.java:104:28:104:37 | jca/SignatureOperation.java:104:28:104:37 | +| jca/SignatureOperation.java:106:16:106:31 | SignOperation | KeyOperationSubtype | Sign | jca/SignatureOperation.java:106:16:106:31 | jca/SignatureOperation.java:106:16:106:31 | +| jca/SignatureOperation.java:115:53:115:69 | HashAlgorithm | DigestSize | 256 | jca/SignatureOperation.java:115:53:115:69 | jca/SignatureOperation.java:115:53:115:69 | +| jca/SignatureOperation.java:115:53:115:69 | HashAlgorithm | Name | SHA2 | jca/SignatureOperation.java:115:53:115:69 | jca/SignatureOperation.java:115:53:115:69 | +| jca/SignatureOperation.java:115:53:115:69 | HashAlgorithm | RawName | SHA256withECDSA | jca/SignatureOperation.java:115:53:115:69 | jca/SignatureOperation.java:115:53:115:69 | +| jca/SignatureOperation.java:115:53:115:69 | KeyOperationAlgorithm | Name | ECDSA | jca/SignatureOperation.java:115:53:115:69 | jca/SignatureOperation.java:115:53:115:69 | +| jca/SignatureOperation.java:115:53:115:69 | KeyOperationAlgorithm | RawName | SHA256withECDSA | jca/SignatureOperation.java:115:53:115:69 | jca/SignatureOperation.java:115:53:115:69 | +| jca/SignatureOperation.java:116:30:116:38 | Key | KeyType | Unknown | jca/SignatureOperation.java:116:30:116:38 | jca/SignatureOperation.java:116:30:116:38 | +| jca/SignatureOperation.java:118:16:118:41 | VerifyOperation | KeyOperationSubtype | Verify | jca/SignatureOperation.java:118:16:118:41 | jca/SignatureOperation.java:118:16:118:41 | +| jca/SignatureOperation.java:132:61:132:69 | Constant | Description | "Ed25519" | jca/SignatureOperation.java:132:61:132:69 | jca/SignatureOperation.java:132:61:132:69 | +| jca/SignatureOperation.java:133:16:133:36 | Key | KeyType | Asymmetric | jca/SignatureOperation.java:133:16:133:36 | jca/SignatureOperation.java:133:16:133:36 | +| jca/SignatureOperation.java:142:53:142:61 | KeyOperationAlgorithm | Name | EDSA | jca/SignatureOperation.java:142:53:142:61 | jca/SignatureOperation.java:142:53:142:61 | +| jca/SignatureOperation.java:142:53:142:61 | KeyOperationAlgorithm | RawName | Ed25519 | jca/SignatureOperation.java:142:53:142:61 | jca/SignatureOperation.java:142:53:142:61 | +| jca/SignatureOperation.java:143:28:143:37 | Key | KeyType | Unknown | jca/SignatureOperation.java:143:28:143:37 | jca/SignatureOperation.java:143:28:143:37 | +| jca/SignatureOperation.java:145:16:145:31 | SignOperation | KeyOperationSubtype | Sign | jca/SignatureOperation.java:145:16:145:31 | jca/SignatureOperation.java:145:16:145:31 | +| jca/SignatureOperation.java:154:53:154:61 | KeyOperationAlgorithm | Name | EDSA | jca/SignatureOperation.java:154:53:154:61 | jca/SignatureOperation.java:154:53:154:61 | +| jca/SignatureOperation.java:154:53:154:61 | KeyOperationAlgorithm | RawName | Ed25519 | jca/SignatureOperation.java:154:53:154:61 | jca/SignatureOperation.java:154:53:154:61 | +| jca/SignatureOperation.java:155:30:155:38 | Key | KeyType | Unknown | jca/SignatureOperation.java:155:30:155:38 | jca/SignatureOperation.java:155:30:155:38 | +| jca/SignatureOperation.java:157:16:157:41 | VerifyOperation | KeyOperationSubtype | Verify | jca/SignatureOperation.java:157:16:157:41 | jca/SignatureOperation.java:157:16:157:41 | +| jca/SignatureOperation.java:173:61:173:65 | KeyOperationAlgorithm | KeySize | Constant:1024 | jca/SignatureOperation.java:174:24:174:27 | jca/SignatureOperation.java:174:24:174:27 | +| jca/SignatureOperation.java:173:61:173:65 | KeyOperationAlgorithm | Name | RSA | jca/SignatureOperation.java:173:61:173:65 | jca/SignatureOperation.java:173:61:173:65 | +| jca/SignatureOperation.java:173:61:173:65 | KeyOperationAlgorithm | RawName | RSA | jca/SignatureOperation.java:173:61:173:65 | jca/SignatureOperation.java:173:61:173:65 | +| jca/SignatureOperation.java:174:24:174:27 | Constant | Description | 1024 | jca/SignatureOperation.java:174:24:174:27 | jca/SignatureOperation.java:174:24:174:27 | +| jca/SignatureOperation.java:175:16:175:36 | Key | KeyType | Asymmetric | jca/SignatureOperation.java:175:16:175:36 | jca/SignatureOperation.java:175:16:175:36 | +| jca/SignatureOperation.java:185:53:185:65 | HashAlgorithm | DigestSize | 160 | jca/SignatureOperation.java:185:53:185:65 | jca/SignatureOperation.java:185:53:185:65 | +| jca/SignatureOperation.java:185:53:185:65 | HashAlgorithm | Name | SHA1 | jca/SignatureOperation.java:185:53:185:65 | jca/SignatureOperation.java:185:53:185:65 | +| jca/SignatureOperation.java:185:53:185:65 | HashAlgorithm | RawName | SHA1withRSA | jca/SignatureOperation.java:185:53:185:65 | jca/SignatureOperation.java:185:53:185:65 | +| jca/SignatureOperation.java:185:53:185:65 | KeyOperationAlgorithm | Name | RSA | jca/SignatureOperation.java:185:53:185:65 | jca/SignatureOperation.java:185:53:185:65 | +| jca/SignatureOperation.java:185:53:185:65 | KeyOperationAlgorithm | RawName | SHA1withRSA | jca/SignatureOperation.java:185:53:185:65 | jca/SignatureOperation.java:185:53:185:65 | +| jca/SignatureOperation.java:186:28:186:37 | Key | KeyType | Unknown | jca/SignatureOperation.java:186:28:186:37 | jca/SignatureOperation.java:186:28:186:37 | +| jca/SignatureOperation.java:188:16:188:31 | SignOperation | KeyOperationSubtype | Sign | jca/SignatureOperation.java:188:16:188:31 | jca/SignatureOperation.java:188:16:188:31 | +| jca/SignatureOperation.java:198:53:198:65 | HashAlgorithm | DigestSize | 160 | jca/SignatureOperation.java:198:53:198:65 | jca/SignatureOperation.java:198:53:198:65 | +| jca/SignatureOperation.java:198:53:198:65 | HashAlgorithm | Name | SHA1 | jca/SignatureOperation.java:198:53:198:65 | jca/SignatureOperation.java:198:53:198:65 | +| jca/SignatureOperation.java:198:53:198:65 | HashAlgorithm | RawName | SHA1withRSA | jca/SignatureOperation.java:198:53:198:65 | jca/SignatureOperation.java:198:53:198:65 | +| jca/SignatureOperation.java:198:53:198:65 | KeyOperationAlgorithm | Name | RSA | jca/SignatureOperation.java:198:53:198:65 | jca/SignatureOperation.java:198:53:198:65 | +| jca/SignatureOperation.java:198:53:198:65 | KeyOperationAlgorithm | RawName | SHA1withRSA | jca/SignatureOperation.java:198:53:198:65 | jca/SignatureOperation.java:198:53:198:65 | +| jca/SignatureOperation.java:199:30:199:38 | Key | KeyType | Unknown | jca/SignatureOperation.java:199:30:199:38 | jca/SignatureOperation.java:199:30:199:38 | +| jca/SignatureOperation.java:201:16:201:41 | VerifyOperation | KeyOperationSubtype | Verify | jca/SignatureOperation.java:201:16:201:41 | jca/SignatureOperation.java:201:16:201:41 | +| jca/SignatureOperation.java:231:26:231:44 | Constant | Description | "Important Message" | jca/SignatureOperation.java:231:26:231:44 | jca/SignatureOperation.java:231:26:231:44 | +| jca/SignatureOperation.java:236:27:236:30 | Constant | Description | 0x01 | jca/SignatureOperation.java:236:27:236:30 | jca/SignatureOperation.java:236:27:236:30 | +| jca/SignatureOperation.java:266:47:266:68 | HashAlgorithm | DigestSize | 256 | jca/SignatureOperation.java:266:47:266:68 | jca/SignatureOperation.java:266:47:266:68 | +| jca/SignatureOperation.java:266:47:266:68 | HashAlgorithm | Name | SHA2 | jca/SignatureOperation.java:266:47:266:68 | jca/SignatureOperation.java:266:47:266:68 | +| jca/SignatureOperation.java:266:47:266:68 | HashAlgorithm | RawName | SHA256withRSAandMGF1 | jca/SignatureOperation.java:266:47:266:68 | jca/SignatureOperation.java:266:47:266:68 | +| jca/SignatureOperation.java:266:47:266:68 | KeyOperationAlgorithm | Name | RSA | jca/SignatureOperation.java:266:47:266:68 | jca/SignatureOperation.java:266:47:266:68 | +| jca/SignatureOperation.java:266:47:266:68 | KeyOperationAlgorithm | RawName | SHA256withRSAandMGF1 | jca/SignatureOperation.java:266:47:266:68 | jca/SignatureOperation.java:266:47:266:68 | +| jca/SignatureOperation.java:269:47:269:63 | HashAlgorithm | DigestSize | 256 | jca/SignatureOperation.java:269:47:269:63 | jca/SignatureOperation.java:269:47:269:63 | +| jca/SignatureOperation.java:269:47:269:63 | HashAlgorithm | Name | SHA2 | jca/SignatureOperation.java:269:47:269:63 | jca/SignatureOperation.java:269:47:269:63 | +| jca/SignatureOperation.java:269:47:269:63 | HashAlgorithm | RawName | SHA256withECDSA | jca/SignatureOperation.java:269:47:269:63 | jca/SignatureOperation.java:269:47:269:63 | +| jca/SignatureOperation.java:269:47:269:63 | KeyOperationAlgorithm | Name | ECDSA | jca/SignatureOperation.java:269:47:269:63 | jca/SignatureOperation.java:269:47:269:63 | +| jca/SignatureOperation.java:269:47:269:63 | KeyOperationAlgorithm | RawName | SHA256withECDSA | jca/SignatureOperation.java:269:47:269:63 | jca/SignatureOperation.java:269:47:269:63 | +| jca/SignatureOperation.java:272:47:272:55 | KeyOperationAlgorithm | Name | EDSA | jca/SignatureOperation.java:272:47:272:55 | jca/SignatureOperation.java:272:47:272:55 | +| jca/SignatureOperation.java:272:47:272:55 | KeyOperationAlgorithm | RawName | Ed25519 | jca/SignatureOperation.java:272:47:272:55 | jca/SignatureOperation.java:272:47:272:55 | +| jca/SignatureOperation.java:275:47:275:59 | HashAlgorithm | DigestSize | 160 | jca/SignatureOperation.java:275:47:275:59 | jca/SignatureOperation.java:275:47:275:59 | +| jca/SignatureOperation.java:275:47:275:59 | HashAlgorithm | Name | SHA1 | jca/SignatureOperation.java:275:47:275:59 | jca/SignatureOperation.java:275:47:275:59 | +| jca/SignatureOperation.java:275:47:275:59 | HashAlgorithm | RawName | SHA1withRSA | jca/SignatureOperation.java:275:47:275:59 | jca/SignatureOperation.java:275:47:275:59 | +| jca/SignatureOperation.java:275:47:275:59 | KeyOperationAlgorithm | Name | RSA | jca/SignatureOperation.java:275:47:275:59 | jca/SignatureOperation.java:275:47:275:59 | +| jca/SignatureOperation.java:275:47:275:59 | KeyOperationAlgorithm | RawName | SHA1withRSA | jca/SignatureOperation.java:275:47:275:59 | jca/SignatureOperation.java:275:47:275:59 | +| jca/SignatureOperation.java:279:47:279:68 | HashAlgorithm | DigestSize | 256 | jca/SignatureOperation.java:279:47:279:68 | jca/SignatureOperation.java:279:47:279:68 | +| jca/SignatureOperation.java:279:47:279:68 | HashAlgorithm | Name | SHA2 | jca/SignatureOperation.java:279:47:279:68 | jca/SignatureOperation.java:279:47:279:68 | +| jca/SignatureOperation.java:279:47:279:68 | HashAlgorithm | RawName | SHA256withRSAandMGF1 | jca/SignatureOperation.java:279:47:279:68 | jca/SignatureOperation.java:279:47:279:68 | +| jca/SignatureOperation.java:279:47:279:68 | KeyOperationAlgorithm | Name | RSA | jca/SignatureOperation.java:279:47:279:68 | jca/SignatureOperation.java:279:47:279:68 | +| jca/SignatureOperation.java:279:47:279:68 | KeyOperationAlgorithm | RawName | SHA256withRSAandMGF1 | jca/SignatureOperation.java:279:47:279:68 | jca/SignatureOperation.java:279:47:279:68 | +| jca/SignatureOperation.java:282:26:282:49 | Constant | Description | "Dynamic Signature Demo" | jca/SignatureOperation.java:282:26:282:49 | jca/SignatureOperation.java:282:26:282:49 | +| jca/SignatureOperation.java:283:28:283:42 | Key | KeyType | Unknown | jca/SignatureOperation.java:283:28:283:42 | jca/SignatureOperation.java:283:28:283:42 | +| jca/SignatureOperation.java:285:27:285:42 | SignOperation | KeyOperationSubtype | Sign | jca/SignatureOperation.java:285:27:285:42 | jca/SignatureOperation.java:285:27:285:42 | +| jca/SignatureOperation.java:287:30:287:43 | Key | KeyType | Unknown | jca/SignatureOperation.java:287:30:287:43 | jca/SignatureOperation.java:287:30:287:43 | +| jca/SignatureOperation.java:289:28:289:53 | VerifyOperation | KeyOperationSubtype | Verify | jca/SignatureOperation.java:289:28:289:53 | jca/SignatureOperation.java:289:28:289:53 | +| jca/SignatureOperation.java:311:26:311:49 | Constant | Description | "Hello Signature World!" | jca/SignatureOperation.java:311:26:311:49 | jca/SignatureOperation.java:311:26:311:49 | +| jca/SymmetricAlgorithm.java:51:44:51:62 | KeyOperationAlgorithm | Name | AES | jca/SymmetricAlgorithm.java:51:44:51:62 | jca/SymmetricAlgorithm.java:51:44:51:62 | +| jca/SymmetricAlgorithm.java:51:44:51:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/SymmetricAlgorithm.java:51:44:51:62 | jca/SymmetricAlgorithm.java:51:44:51:62 | +| jca/SymmetricAlgorithm.java:51:44:51:62 | KeyOperationAlgorithm | Structure | Block | jca/SymmetricAlgorithm.java:51:44:51:62 | jca/SymmetricAlgorithm.java:51:44:51:62 | +| jca/SymmetricAlgorithm.java:51:44:51:62 | ModeOfOperation | Name | GCM | jca/SymmetricAlgorithm.java:51:44:51:62 | jca/SymmetricAlgorithm.java:51:44:51:62 | +| jca/SymmetricAlgorithm.java:51:44:51:62 | ModeOfOperation | RawName | GCM | jca/SymmetricAlgorithm.java:51:44:51:62 | jca/SymmetricAlgorithm.java:51:44:51:62 | +| jca/SymmetricAlgorithm.java:51:44:51:62 | PaddingAlgorithm | Name | UnknownPadding | jca/SymmetricAlgorithm.java:51:44:51:62 | jca/SymmetricAlgorithm.java:51:44:51:62 | +| jca/SymmetricAlgorithm.java:51:44:51:62 | PaddingAlgorithm | RawName | NoPadding | jca/SymmetricAlgorithm.java:51:44:51:62 | jca/SymmetricAlgorithm.java:51:44:51:62 | +| jca/SymmetricAlgorithm.java:53:9:53:40 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricAlgorithm.java:53:9:53:40 | jca/SymmetricAlgorithm.java:53:9:53:40 | +| jca/SymmetricAlgorithm.java:53:38:53:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricAlgorithm.java:53:38:53:39 | jca/SymmetricAlgorithm.java:53:38:53:39 | +| jca/SymmetricAlgorithm.java:55:42:55:44 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:55:42:55:44 | jca/SymmetricAlgorithm.java:55:42:55:44 | +| jca/SymmetricAlgorithm.java:56:29:56:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:56:29:56:53 | jca/SymmetricAlgorithm.java:56:29:56:53 | +| jca/SymmetricAlgorithm.java:72:39:72:51 | Parameter | Description | key | jca/SymmetricAlgorithm.java:72:39:72:51 | jca/SymmetricAlgorithm.java:72:39:72:51 | +| jca/SymmetricAlgorithm.java:72:54:72:69 | Parameter | Description | plaintext | jca/SymmetricAlgorithm.java:72:54:72:69 | jca/SymmetricAlgorithm.java:72:54:72:69 | +| jca/SymmetricAlgorithm.java:73:44:73:62 | KeyOperationAlgorithm | Name | AES | jca/SymmetricAlgorithm.java:73:44:73:62 | jca/SymmetricAlgorithm.java:73:44:73:62 | +| jca/SymmetricAlgorithm.java:73:44:73:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/SymmetricAlgorithm.java:73:44:73:62 | jca/SymmetricAlgorithm.java:73:44:73:62 | +| jca/SymmetricAlgorithm.java:73:44:73:62 | KeyOperationAlgorithm | Structure | Block | jca/SymmetricAlgorithm.java:73:44:73:62 | jca/SymmetricAlgorithm.java:73:44:73:62 | +| jca/SymmetricAlgorithm.java:73:44:73:62 | ModeOfOperation | Name | GCM | jca/SymmetricAlgorithm.java:73:44:73:62 | jca/SymmetricAlgorithm.java:73:44:73:62 | +| jca/SymmetricAlgorithm.java:73:44:73:62 | ModeOfOperation | RawName | GCM | jca/SymmetricAlgorithm.java:73:44:73:62 | jca/SymmetricAlgorithm.java:73:44:73:62 | +| jca/SymmetricAlgorithm.java:73:44:73:62 | PaddingAlgorithm | Name | UnknownPadding | jca/SymmetricAlgorithm.java:73:44:73:62 | jca/SymmetricAlgorithm.java:73:44:73:62 | +| jca/SymmetricAlgorithm.java:73:44:73:62 | PaddingAlgorithm | RawName | NoPadding | jca/SymmetricAlgorithm.java:73:44:73:62 | jca/SymmetricAlgorithm.java:73:44:73:62 | +| jca/SymmetricAlgorithm.java:76:42:76:44 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:76:42:76:44 | jca/SymmetricAlgorithm.java:76:42:76:44 | +| jca/SymmetricAlgorithm.java:77:29:77:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:77:29:77:53 | jca/SymmetricAlgorithm.java:77:29:77:53 | +| jca/SymmetricAlgorithm.java:94:44:94:65 | KeyOperationAlgorithm | Name | AES | jca/SymmetricAlgorithm.java:94:44:94:65 | jca/SymmetricAlgorithm.java:94:44:94:65 | +| jca/SymmetricAlgorithm.java:94:44:94:65 | KeyOperationAlgorithm | RawName | AES/CBC/PKCS5Padding | jca/SymmetricAlgorithm.java:94:44:94:65 | jca/SymmetricAlgorithm.java:94:44:94:65 | +| jca/SymmetricAlgorithm.java:94:44:94:65 | KeyOperationAlgorithm | Structure | Block | jca/SymmetricAlgorithm.java:94:44:94:65 | jca/SymmetricAlgorithm.java:94:44:94:65 | +| jca/SymmetricAlgorithm.java:94:44:94:65 | ModeOfOperation | Name | CBC | jca/SymmetricAlgorithm.java:94:44:94:65 | jca/SymmetricAlgorithm.java:94:44:94:65 | +| jca/SymmetricAlgorithm.java:94:44:94:65 | ModeOfOperation | RawName | CBC | jca/SymmetricAlgorithm.java:94:44:94:65 | jca/SymmetricAlgorithm.java:94:44:94:65 | +| jca/SymmetricAlgorithm.java:94:44:94:65 | PaddingAlgorithm | Name | PKCS7 | jca/SymmetricAlgorithm.java:94:44:94:65 | jca/SymmetricAlgorithm.java:94:44:94:65 | +| jca/SymmetricAlgorithm.java:94:44:94:65 | PaddingAlgorithm | RawName | PKCS5Padding | jca/SymmetricAlgorithm.java:94:44:94:65 | jca/SymmetricAlgorithm.java:94:44:94:65 | +| jca/SymmetricAlgorithm.java:96:9:96:40 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricAlgorithm.java:96:9:96:40 | jca/SymmetricAlgorithm.java:96:9:96:40 | +| jca/SymmetricAlgorithm.java:96:38:96:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricAlgorithm.java:96:38:96:39 | jca/SymmetricAlgorithm.java:96:38:96:39 | +| jca/SymmetricAlgorithm.java:98:42:98:44 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:98:42:98:44 | jca/SymmetricAlgorithm.java:98:42:98:44 | +| jca/SymmetricAlgorithm.java:99:29:99:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:99:29:99:53 | jca/SymmetricAlgorithm.java:99:29:99:53 | +| jca/SymmetricAlgorithm.java:116:44:116:65 | KeyOperationAlgorithm | Name | AES | jca/SymmetricAlgorithm.java:116:44:116:65 | jca/SymmetricAlgorithm.java:116:44:116:65 | +| jca/SymmetricAlgorithm.java:116:44:116:65 | KeyOperationAlgorithm | RawName | AES/ECB/PKCS5Padding | jca/SymmetricAlgorithm.java:116:44:116:65 | jca/SymmetricAlgorithm.java:116:44:116:65 | +| jca/SymmetricAlgorithm.java:116:44:116:65 | KeyOperationAlgorithm | Structure | Block | jca/SymmetricAlgorithm.java:116:44:116:65 | jca/SymmetricAlgorithm.java:116:44:116:65 | +| jca/SymmetricAlgorithm.java:116:44:116:65 | ModeOfOperation | Name | ECB | jca/SymmetricAlgorithm.java:116:44:116:65 | jca/SymmetricAlgorithm.java:116:44:116:65 | +| jca/SymmetricAlgorithm.java:116:44:116:65 | ModeOfOperation | RawName | ECB | jca/SymmetricAlgorithm.java:116:44:116:65 | jca/SymmetricAlgorithm.java:116:44:116:65 | +| jca/SymmetricAlgorithm.java:116:44:116:65 | PaddingAlgorithm | Name | PKCS7 | jca/SymmetricAlgorithm.java:116:44:116:65 | jca/SymmetricAlgorithm.java:116:44:116:65 | +| jca/SymmetricAlgorithm.java:116:44:116:65 | PaddingAlgorithm | RawName | PKCS5Padding | jca/SymmetricAlgorithm.java:116:44:116:65 | jca/SymmetricAlgorithm.java:116:44:116:65 | +| jca/SymmetricAlgorithm.java:117:42:117:44 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:117:42:117:44 | jca/SymmetricAlgorithm.java:117:42:117:44 | +| jca/SymmetricAlgorithm.java:118:16:118:40 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:118:16:118:40 | jca/SymmetricAlgorithm.java:118:16:118:40 | +| jca/SymmetricAlgorithm.java:131:44:131:48 | KeyOperationAlgorithm | Name | RC4 | jca/SymmetricAlgorithm.java:131:44:131:48 | jca/SymmetricAlgorithm.java:131:44:131:48 | +| jca/SymmetricAlgorithm.java:131:44:131:48 | KeyOperationAlgorithm | RawName | RC4 | jca/SymmetricAlgorithm.java:131:44:131:48 | jca/SymmetricAlgorithm.java:131:44:131:48 | +| jca/SymmetricAlgorithm.java:131:44:131:48 | KeyOperationAlgorithm | Structure | Stream | jca/SymmetricAlgorithm.java:131:44:131:48 | jca/SymmetricAlgorithm.java:131:44:131:48 | +| jca/SymmetricAlgorithm.java:132:42:132:44 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:132:42:132:44 | jca/SymmetricAlgorithm.java:132:42:132:44 | +| jca/SymmetricAlgorithm.java:133:16:133:40 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:133:16:133:40 | jca/SymmetricAlgorithm.java:133:16:133:40 | +| jca/SymmetricAlgorithm.java:145:36:145:48 | Parameter | Description | key | jca/SymmetricAlgorithm.java:145:36:145:48 | jca/SymmetricAlgorithm.java:145:36:145:48 | +| jca/SymmetricAlgorithm.java:145:51:145:66 | Parameter | Description | plaintext | jca/SymmetricAlgorithm.java:145:51:145:66 | jca/SymmetricAlgorithm.java:145:51:145:66 | +| jca/SymmetricAlgorithm.java:146:44:146:65 | KeyOperationAlgorithm | KeySize | 56 | jca/SymmetricAlgorithm.java:146:44:146:65 | jca/SymmetricAlgorithm.java:146:44:146:65 | +| jca/SymmetricAlgorithm.java:146:44:146:65 | KeyOperationAlgorithm | Name | DES | jca/SymmetricAlgorithm.java:146:44:146:65 | jca/SymmetricAlgorithm.java:146:44:146:65 | +| jca/SymmetricAlgorithm.java:146:44:146:65 | KeyOperationAlgorithm | RawName | DES/CBC/PKCS5Padding | jca/SymmetricAlgorithm.java:146:44:146:65 | jca/SymmetricAlgorithm.java:146:44:146:65 | +| jca/SymmetricAlgorithm.java:146:44:146:65 | KeyOperationAlgorithm | Structure | Block | jca/SymmetricAlgorithm.java:146:44:146:65 | jca/SymmetricAlgorithm.java:146:44:146:65 | +| jca/SymmetricAlgorithm.java:146:44:146:65 | ModeOfOperation | Name | CBC | jca/SymmetricAlgorithm.java:146:44:146:65 | jca/SymmetricAlgorithm.java:146:44:146:65 | +| jca/SymmetricAlgorithm.java:146:44:146:65 | ModeOfOperation | RawName | CBC | jca/SymmetricAlgorithm.java:146:44:146:65 | jca/SymmetricAlgorithm.java:146:44:146:65 | +| jca/SymmetricAlgorithm.java:146:44:146:65 | PaddingAlgorithm | Name | PKCS7 | jca/SymmetricAlgorithm.java:146:44:146:65 | jca/SymmetricAlgorithm.java:146:44:146:65 | +| jca/SymmetricAlgorithm.java:146:44:146:65 | PaddingAlgorithm | RawName | PKCS5Padding | jca/SymmetricAlgorithm.java:146:44:146:65 | jca/SymmetricAlgorithm.java:146:44:146:65 | +| jca/SymmetricAlgorithm.java:148:9:148:40 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricAlgorithm.java:148:9:148:40 | jca/SymmetricAlgorithm.java:148:9:148:40 | +| jca/SymmetricAlgorithm.java:148:38:148:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricAlgorithm.java:148:38:148:39 | jca/SymmetricAlgorithm.java:148:38:148:39 | +| jca/SymmetricAlgorithm.java:150:42:150:44 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:150:42:150:44 | jca/SymmetricAlgorithm.java:150:42:150:44 | +| jca/SymmetricAlgorithm.java:151:29:151:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:151:29:151:53 | jca/SymmetricAlgorithm.java:151:29:151:53 | +| jca/SymmetricAlgorithm.java:167:42:167:54 | Parameter | Description | key | jca/SymmetricAlgorithm.java:167:42:167:54 | jca/SymmetricAlgorithm.java:167:42:167:54 | +| jca/SymmetricAlgorithm.java:167:57:167:72 | Parameter | Description | plaintext | jca/SymmetricAlgorithm.java:167:57:167:72 | jca/SymmetricAlgorithm.java:167:57:167:72 | +| jca/SymmetricAlgorithm.java:168:44:168:68 | KeyOperationAlgorithm | Name | Unknown | jca/SymmetricAlgorithm.java:168:44:168:68 | jca/SymmetricAlgorithm.java:168:44:168:68 | +| jca/SymmetricAlgorithm.java:168:44:168:68 | KeyOperationAlgorithm | RawName | DESede/CBC/PKCS5Padding | jca/SymmetricAlgorithm.java:168:44:168:68 | jca/SymmetricAlgorithm.java:168:44:168:68 | +| jca/SymmetricAlgorithm.java:168:44:168:68 | ModeOfOperation | Name | CBC | jca/SymmetricAlgorithm.java:168:44:168:68 | jca/SymmetricAlgorithm.java:168:44:168:68 | +| jca/SymmetricAlgorithm.java:168:44:168:68 | ModeOfOperation | RawName | CBC | jca/SymmetricAlgorithm.java:168:44:168:68 | jca/SymmetricAlgorithm.java:168:44:168:68 | +| jca/SymmetricAlgorithm.java:168:44:168:68 | PaddingAlgorithm | Name | PKCS7 | jca/SymmetricAlgorithm.java:168:44:168:68 | jca/SymmetricAlgorithm.java:168:44:168:68 | +| jca/SymmetricAlgorithm.java:168:44:168:68 | PaddingAlgorithm | RawName | PKCS5Padding | jca/SymmetricAlgorithm.java:168:44:168:68 | jca/SymmetricAlgorithm.java:168:44:168:68 | +| jca/SymmetricAlgorithm.java:170:9:170:40 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricAlgorithm.java:170:9:170:40 | jca/SymmetricAlgorithm.java:170:9:170:40 | +| jca/SymmetricAlgorithm.java:170:38:170:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricAlgorithm.java:170:38:170:39 | jca/SymmetricAlgorithm.java:170:38:170:39 | +| jca/SymmetricAlgorithm.java:172:42:172:44 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:172:42:172:44 | jca/SymmetricAlgorithm.java:172:42:172:44 | +| jca/SymmetricAlgorithm.java:173:29:173:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:173:29:173:53 | jca/SymmetricAlgorithm.java:173:29:173:53 | +| jca/SymmetricAlgorithm.java:190:44:190:53 | KeyOperationAlgorithm | KeySize | 256 | jca/SymmetricAlgorithm.java:190:44:190:53 | jca/SymmetricAlgorithm.java:190:44:190:53 | +| jca/SymmetricAlgorithm.java:190:44:190:53 | KeyOperationAlgorithm | Name | ChaCha20 | jca/SymmetricAlgorithm.java:190:44:190:53 | jca/SymmetricAlgorithm.java:190:44:190:53 | +| jca/SymmetricAlgorithm.java:190:44:190:53 | KeyOperationAlgorithm | RawName | ChaCha20 | jca/SymmetricAlgorithm.java:190:44:190:53 | jca/SymmetricAlgorithm.java:190:44:190:53 | +| jca/SymmetricAlgorithm.java:190:44:190:53 | KeyOperationAlgorithm | Structure | Stream | jca/SymmetricAlgorithm.java:190:44:190:53 | jca/SymmetricAlgorithm.java:190:44:190:53 | +| jca/SymmetricAlgorithm.java:192:9:192:43 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricAlgorithm.java:192:9:192:43 | jca/SymmetricAlgorithm.java:192:9:192:43 | +| jca/SymmetricAlgorithm.java:192:38:192:42 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricAlgorithm.java:192:38:192:42 | jca/SymmetricAlgorithm.java:192:38:192:42 | +| jca/SymmetricAlgorithm.java:194:42:194:44 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:194:42:194:44 | jca/SymmetricAlgorithm.java:194:42:194:44 | +| jca/SymmetricAlgorithm.java:195:29:195:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:195:29:195:53 | jca/SymmetricAlgorithm.java:195:29:195:53 | +| jca/SymmetricAlgorithm.java:212:35:212:47 | Parameter | Description | key | jca/SymmetricAlgorithm.java:212:35:212:47 | jca/SymmetricAlgorithm.java:212:35:212:47 | +| jca/SymmetricAlgorithm.java:212:50:212:65 | Parameter | Description | plaintext | jca/SymmetricAlgorithm.java:212:50:212:65 | jca/SymmetricAlgorithm.java:212:50:212:65 | +| jca/SymmetricAlgorithm.java:213:36:213:44 | Constant | Description | "KMAC128" | jca/SymmetricAlgorithm.java:213:36:213:44 | jca/SymmetricAlgorithm.java:213:36:213:44 | +| jca/SymmetricAlgorithm.java:214:19:214:21 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:214:19:214:21 | jca/SymmetricAlgorithm.java:214:19:214:21 | +| jca/SymmetricAlgorithm.java:215:29:215:51 | MACOperation | KeyOperationSubtype | Mac | jca/SymmetricAlgorithm.java:215:29:215:51 | jca/SymmetricAlgorithm.java:215:29:215:51 | +| jca/SymmetricAlgorithm.java:218:44:218:62 | KeyOperationAlgorithm | Name | AES | jca/SymmetricAlgorithm.java:218:44:218:62 | jca/SymmetricAlgorithm.java:218:44:218:62 | +| jca/SymmetricAlgorithm.java:218:44:218:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/SymmetricAlgorithm.java:218:44:218:62 | jca/SymmetricAlgorithm.java:218:44:218:62 | +| jca/SymmetricAlgorithm.java:218:44:218:62 | KeyOperationAlgorithm | Structure | Block | jca/SymmetricAlgorithm.java:218:44:218:62 | jca/SymmetricAlgorithm.java:218:44:218:62 | +| jca/SymmetricAlgorithm.java:218:44:218:62 | ModeOfOperation | Name | GCM | jca/SymmetricAlgorithm.java:218:44:218:62 | jca/SymmetricAlgorithm.java:218:44:218:62 | +| jca/SymmetricAlgorithm.java:218:44:218:62 | ModeOfOperation | RawName | GCM | jca/SymmetricAlgorithm.java:218:44:218:62 | jca/SymmetricAlgorithm.java:218:44:218:62 | +| jca/SymmetricAlgorithm.java:218:44:218:62 | PaddingAlgorithm | Name | UnknownPadding | jca/SymmetricAlgorithm.java:218:44:218:62 | jca/SymmetricAlgorithm.java:218:44:218:62 | +| jca/SymmetricAlgorithm.java:218:44:218:62 | PaddingAlgorithm | RawName | NoPadding | jca/SymmetricAlgorithm.java:218:44:218:62 | jca/SymmetricAlgorithm.java:218:44:218:62 | +| jca/SymmetricAlgorithm.java:220:9:220:40 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricAlgorithm.java:220:9:220:40 | jca/SymmetricAlgorithm.java:220:9:220:40 | +| jca/SymmetricAlgorithm.java:220:38:220:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricAlgorithm.java:220:38:220:39 | jca/SymmetricAlgorithm.java:220:38:220:39 | +| jca/SymmetricAlgorithm.java:222:42:222:51 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:222:42:222:51 | jca/SymmetricAlgorithm.java:222:42:222:51 | +| jca/SymmetricAlgorithm.java:223:29:223:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:223:29:223:53 | jca/SymmetricAlgorithm.java:223:29:223:53 | +| jca/SymmetricAlgorithm.java:244:64:244:76 | Parameter | Description | key | jca/SymmetricAlgorithm.java:244:64:244:76 | jca/SymmetricAlgorithm.java:244:64:244:76 | +| jca/SymmetricAlgorithm.java:244:79:244:94 | Parameter | Description | plaintext | jca/SymmetricAlgorithm.java:244:79:244:94 | jca/SymmetricAlgorithm.java:244:79:244:94 | +| jca/SymmetricAlgorithm.java:284:58:284:70 | Parameter | Description | key | jca/SymmetricAlgorithm.java:284:58:284:70 | jca/SymmetricAlgorithm.java:284:58:284:70 | +| jca/SymmetricAlgorithm.java:284:73:284:88 | Parameter | Description | plaintext | jca/SymmetricAlgorithm.java:284:73:284:88 | jca/SymmetricAlgorithm.java:284:73:284:88 | +| jca/SymmetricAlgorithm.java:287:75:287:79 | Constant | Description | 10000 | jca/SymmetricAlgorithm.java:287:75:287:79 | jca/SymmetricAlgorithm.java:287:75:287:79 | +| jca/SymmetricAlgorithm.java:287:82:287:84 | Constant | Description | 256 | jca/SymmetricAlgorithm.java:287:82:287:84 | jca/SymmetricAlgorithm.java:287:82:287:84 | +| jca/SymmetricAlgorithm.java:288:65:288:86 | HMACAlgorithm | Name | HMAC | jca/SymmetricAlgorithm.java:288:65:288:86 | jca/SymmetricAlgorithm.java:288:65:288:86 | +| jca/SymmetricAlgorithm.java:288:65:288:86 | HMACAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/SymmetricAlgorithm.java:288:65:288:86 | jca/SymmetricAlgorithm.java:288:65:288:86 | +| jca/SymmetricAlgorithm.java:288:65:288:86 | HashAlgorithm | DigestSize | 256 | jca/SymmetricAlgorithm.java:288:65:288:86 | jca/SymmetricAlgorithm.java:288:65:288:86 | +| jca/SymmetricAlgorithm.java:288:65:288:86 | HashAlgorithm | Name | SHA2 | jca/SymmetricAlgorithm.java:288:65:288:86 | jca/SymmetricAlgorithm.java:288:65:288:86 | +| jca/SymmetricAlgorithm.java:288:65:288:86 | HashAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/SymmetricAlgorithm.java:288:65:288:86 | jca/SymmetricAlgorithm.java:288:65:288:86 | +| jca/SymmetricAlgorithm.java:288:65:288:86 | KeyDerivationAlgorithm | Name | PBKDF2WithHmacSHA256 | jca/SymmetricAlgorithm.java:288:65:288:86 | jca/SymmetricAlgorithm.java:288:65:288:86 | +| jca/SymmetricAlgorithm.java:288:65:288:86 | KeyDerivationAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/SymmetricAlgorithm.java:288:65:288:86 | jca/SymmetricAlgorithm.java:288:65:288:86 | +| jca/SymmetricAlgorithm.java:289:26:289:53 | Key | KeyType | Symmetric | jca/SymmetricAlgorithm.java:289:26:289:53 | jca/SymmetricAlgorithm.java:289:26:289:53 | +| jca/SymmetricAlgorithm.java:289:26:289:53 | KeyDerivation | Iterations | Constant:10000 | jca/SymmetricAlgorithm.java:287:75:287:79 | jca/SymmetricAlgorithm.java:287:75:287:79 | +| jca/SymmetricAlgorithm.java:289:26:289:53 | KeyDerivation | KeySize | Constant:256 | jca/SymmetricAlgorithm.java:287:82:287:84 | jca/SymmetricAlgorithm.java:287:82:287:84 | +| jca/SymmetricAlgorithm.java:295:44:295:62 | KeyOperationAlgorithm | Name | AES | jca/SymmetricAlgorithm.java:295:44:295:62 | jca/SymmetricAlgorithm.java:295:44:295:62 | +| jca/SymmetricAlgorithm.java:295:44:295:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/SymmetricAlgorithm.java:295:44:295:62 | jca/SymmetricAlgorithm.java:295:44:295:62 | +| jca/SymmetricAlgorithm.java:295:44:295:62 | KeyOperationAlgorithm | Structure | Block | jca/SymmetricAlgorithm.java:295:44:295:62 | jca/SymmetricAlgorithm.java:295:44:295:62 | +| jca/SymmetricAlgorithm.java:295:44:295:62 | ModeOfOperation | Name | GCM | jca/SymmetricAlgorithm.java:295:44:295:62 | jca/SymmetricAlgorithm.java:295:44:295:62 | +| jca/SymmetricAlgorithm.java:295:44:295:62 | ModeOfOperation | RawName | GCM | jca/SymmetricAlgorithm.java:295:44:295:62 | jca/SymmetricAlgorithm.java:295:44:295:62 | +| jca/SymmetricAlgorithm.java:295:44:295:62 | PaddingAlgorithm | Name | UnknownPadding | jca/SymmetricAlgorithm.java:295:44:295:62 | jca/SymmetricAlgorithm.java:295:44:295:62 | +| jca/SymmetricAlgorithm.java:295:44:295:62 | PaddingAlgorithm | RawName | NoPadding | jca/SymmetricAlgorithm.java:295:44:295:62 | jca/SymmetricAlgorithm.java:295:44:295:62 | +| jca/SymmetricAlgorithm.java:297:9:297:40 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricAlgorithm.java:297:9:297:40 | jca/SymmetricAlgorithm.java:297:9:297:40 | +| jca/SymmetricAlgorithm.java:297:38:297:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricAlgorithm.java:297:38:297:39 | jca/SymmetricAlgorithm.java:297:38:297:39 | +| jca/SymmetricAlgorithm.java:298:42:298:47 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:298:42:298:47 | jca/SymmetricAlgorithm.java:298:42:298:47 | +| jca/SymmetricAlgorithm.java:299:29:299:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:299:29:299:53 | jca/SymmetricAlgorithm.java:299:29:299:53 | +| jca/SymmetricAlgorithm.java:301:35:301:46 | KeyOperationAlgorithm | Name | HMAC | jca/SymmetricAlgorithm.java:301:35:301:46 | jca/SymmetricAlgorithm.java:301:35:301:46 | +| jca/SymmetricAlgorithm.java:301:35:301:46 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/SymmetricAlgorithm.java:301:35:301:46 | jca/SymmetricAlgorithm.java:301:35:301:46 | +| jca/SymmetricAlgorithm.java:302:18:302:30 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:302:18:302:30 | jca/SymmetricAlgorithm.java:302:18:302:30 | +| jca/SymmetricAlgorithm.java:303:30:303:52 | MACOperation | KeyOperationSubtype | Mac | jca/SymmetricAlgorithm.java:303:30:303:52 | jca/SymmetricAlgorithm.java:303:30:303:52 | +| jca/SymmetricAlgorithm.java:331:52:331:56 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/SymmetricAlgorithm.java:332:17:332:19 | jca/SymmetricAlgorithm.java:332:17:332:19 | +| jca/SymmetricAlgorithm.java:331:52:331:56 | KeyOperationAlgorithm | Name | AES | jca/SymmetricAlgorithm.java:331:52:331:56 | jca/SymmetricAlgorithm.java:331:52:331:56 | +| jca/SymmetricAlgorithm.java:331:52:331:56 | KeyOperationAlgorithm | RawName | AES | jca/SymmetricAlgorithm.java:331:52:331:56 | jca/SymmetricAlgorithm.java:331:52:331:56 | +| jca/SymmetricAlgorithm.java:331:52:331:56 | KeyOperationAlgorithm | Structure | Block | jca/SymmetricAlgorithm.java:331:52:331:56 | jca/SymmetricAlgorithm.java:331:52:331:56 | +| jca/SymmetricAlgorithm.java:332:17:332:19 | Constant | Description | 256 | jca/SymmetricAlgorithm.java:332:17:332:19 | jca/SymmetricAlgorithm.java:332:17:332:19 | +| jca/SymmetricAlgorithm.java:333:16:333:31 | Key | KeyType | Symmetric | jca/SymmetricAlgorithm.java:333:16:333:31 | jca/SymmetricAlgorithm.java:333:16:333:31 | +| jca/SymmetricAlgorithm.java:345:9:345:42 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricAlgorithm.java:345:9:345:42 | jca/SymmetricAlgorithm.java:345:9:345:42 | +| jca/SymmetricAlgorithm.java:345:38:345:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricAlgorithm.java:345:38:345:41 | jca/SymmetricAlgorithm.java:345:38:345:41 | +| jca/SymmetricModesTest.java:48:52:48:56 | KeyOperationAlgorithm | KeySize | Constant:128 | jca/SymmetricModesTest.java:53:17:53:19 | jca/SymmetricModesTest.java:53:17:53:19 | +| jca/SymmetricModesTest.java:48:52:48:56 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/SymmetricModesTest.java:49:17:49:19 | jca/SymmetricModesTest.java:49:17:49:19 | +| jca/SymmetricModesTest.java:48:52:48:56 | KeyOperationAlgorithm | Name | AES | jca/SymmetricModesTest.java:48:52:48:56 | jca/SymmetricModesTest.java:48:52:48:56 | +| jca/SymmetricModesTest.java:48:52:48:56 | KeyOperationAlgorithm | RawName | AES | jca/SymmetricModesTest.java:48:52:48:56 | jca/SymmetricModesTest.java:48:52:48:56 | +| jca/SymmetricModesTest.java:48:52:48:56 | KeyOperationAlgorithm | Structure | Block | jca/SymmetricModesTest.java:48:52:48:56 | jca/SymmetricModesTest.java:48:52:48:56 | +| jca/SymmetricModesTest.java:49:17:49:19 | Constant | Description | 256 | jca/SymmetricModesTest.java:49:17:49:19 | jca/SymmetricModesTest.java:49:17:49:19 | +| jca/SymmetricModesTest.java:50:33:50:48 | Key | KeyType | Symmetric | jca/SymmetricModesTest.java:50:33:50:48 | jca/SymmetricModesTest.java:50:33:50:48 | +| jca/SymmetricModesTest.java:53:17:53:19 | Constant | Description | 128 | jca/SymmetricModesTest.java:53:17:53:19 | jca/SymmetricModesTest.java:53:17:53:19 | +| jca/SymmetricModesTest.java:54:31:54:46 | Key | KeyType | Symmetric | jca/SymmetricModesTest.java:54:31:54:46 | jca/SymmetricModesTest.java:54:31:54:46 | +| jca/SymmetricModesTest.java:57:44:57:62 | KeyOperationAlgorithm | Name | AES | jca/SymmetricModesTest.java:57:44:57:62 | jca/SymmetricModesTest.java:57:44:57:62 | +| jca/SymmetricModesTest.java:57:44:57:62 | KeyOperationAlgorithm | RawName | AES/KWP/NoPadding | jca/SymmetricModesTest.java:57:44:57:62 | jca/SymmetricModesTest.java:57:44:57:62 | +| jca/SymmetricModesTest.java:57:44:57:62 | KeyOperationAlgorithm | Structure | Block | jca/SymmetricModesTest.java:57:44:57:62 | jca/SymmetricModesTest.java:57:44:57:62 | +| jca/SymmetricModesTest.java:57:44:57:62 | ModeOfOperation | RawName | KWP | jca/SymmetricModesTest.java:57:44:57:62 | jca/SymmetricModesTest.java:57:44:57:62 | +| jca/SymmetricModesTest.java:57:44:57:62 | PaddingAlgorithm | Name | UnknownPadding | jca/SymmetricModesTest.java:57:44:57:62 | jca/SymmetricModesTest.java:57:44:57:62 | +| jca/SymmetricModesTest.java:57:44:57:62 | PaddingAlgorithm | RawName | NoPadding | jca/SymmetricModesTest.java:57:44:57:62 | jca/SymmetricModesTest.java:57:44:57:62 | +| jca/SymmetricModesTest.java:58:39:58:49 | Key | KeyType | Unknown | jca/SymmetricModesTest.java:58:39:58:49 | jca/SymmetricModesTest.java:58:39:58:49 | +| jca/SymmetricModesTest.java:59:29:59:50 | WrapOperation | KeyOperationSubtype | Wrap | jca/SymmetricModesTest.java:59:29:59:50 | jca/SymmetricModesTest.java:59:29:59:50 | +| jca/SymmetricModesTest.java:78:43:78:55 | Parameter | Description | key | jca/SymmetricModesTest.java:78:43:78:55 | jca/SymmetricModesTest.java:78:43:78:55 | +| jca/SymmetricModesTest.java:78:58:78:73 | Parameter | Description | plaintext | jca/SymmetricModesTest.java:78:58:78:73 | jca/SymmetricModesTest.java:78:58:78:73 | +| jca/SymmetricModesTest.java:79:44:79:63 | KeyOperationAlgorithm | Name | AES | jca/SymmetricModesTest.java:79:44:79:63 | jca/SymmetricModesTest.java:79:44:79:63 | +| jca/SymmetricModesTest.java:79:44:79:63 | KeyOperationAlgorithm | RawName | AES/OFB8/NoPadding | jca/SymmetricModesTest.java:79:44:79:63 | jca/SymmetricModesTest.java:79:44:79:63 | +| jca/SymmetricModesTest.java:79:44:79:63 | KeyOperationAlgorithm | Structure | Block | jca/SymmetricModesTest.java:79:44:79:63 | jca/SymmetricModesTest.java:79:44:79:63 | +| jca/SymmetricModesTest.java:79:44:79:63 | ModeOfOperation | RawName | OFB8 | jca/SymmetricModesTest.java:79:44:79:63 | jca/SymmetricModesTest.java:79:44:79:63 | +| jca/SymmetricModesTest.java:79:44:79:63 | PaddingAlgorithm | Name | UnknownPadding | jca/SymmetricModesTest.java:79:44:79:63 | jca/SymmetricModesTest.java:79:44:79:63 | +| jca/SymmetricModesTest.java:79:44:79:63 | PaddingAlgorithm | RawName | NoPadding | jca/SymmetricModesTest.java:79:44:79:63 | jca/SymmetricModesTest.java:79:44:79:63 | +| jca/SymmetricModesTest.java:81:9:81:40 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricModesTest.java:81:9:81:40 | jca/SymmetricModesTest.java:81:9:81:40 | +| jca/SymmetricModesTest.java:81:38:81:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricModesTest.java:81:38:81:39 | jca/SymmetricModesTest.java:81:38:81:39 | +| jca/SymmetricModesTest.java:83:42:83:44 | Key | KeyType | Unknown | jca/SymmetricModesTest.java:83:42:83:44 | jca/SymmetricModesTest.java:83:42:83:44 | +| jca/SymmetricModesTest.java:84:29:84:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricModesTest.java:84:29:84:53 | jca/SymmetricModesTest.java:84:29:84:53 | +| jca/SymmetricModesTest.java:104:45:104:57 | Parameter | Description | key | jca/SymmetricModesTest.java:104:45:104:57 | jca/SymmetricModesTest.java:104:45:104:57 | +| jca/SymmetricModesTest.java:104:60:104:75 | Parameter | Description | plaintext | jca/SymmetricModesTest.java:104:60:104:75 | jca/SymmetricModesTest.java:104:60:104:75 | +| jca/SymmetricModesTest.java:105:44:105:63 | KeyOperationAlgorithm | Name | AES | jca/SymmetricModesTest.java:105:44:105:63 | jca/SymmetricModesTest.java:105:44:105:63 | +| jca/SymmetricModesTest.java:105:44:105:63 | KeyOperationAlgorithm | RawName | AES/OFB8/NoPadding | jca/SymmetricModesTest.java:105:44:105:63 | jca/SymmetricModesTest.java:105:44:105:63 | +| jca/SymmetricModesTest.java:105:44:105:63 | KeyOperationAlgorithm | Structure | Block | jca/SymmetricModesTest.java:105:44:105:63 | jca/SymmetricModesTest.java:105:44:105:63 | +| jca/SymmetricModesTest.java:105:44:105:63 | ModeOfOperation | RawName | OFB8 | jca/SymmetricModesTest.java:105:44:105:63 | jca/SymmetricModesTest.java:105:44:105:63 | +| jca/SymmetricModesTest.java:105:44:105:63 | PaddingAlgorithm | Name | UnknownPadding | jca/SymmetricModesTest.java:105:44:105:63 | jca/SymmetricModesTest.java:105:44:105:63 | +| jca/SymmetricModesTest.java:105:44:105:63 | PaddingAlgorithm | RawName | NoPadding | jca/SymmetricModesTest.java:105:44:105:63 | jca/SymmetricModesTest.java:105:44:105:63 | +| jca/SymmetricModesTest.java:109:42:109:44 | Key | KeyType | Unknown | jca/SymmetricModesTest.java:109:42:109:44 | jca/SymmetricModesTest.java:109:42:109:44 | +| jca/SymmetricModesTest.java:110:29:110:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricModesTest.java:110:29:110:53 | jca/SymmetricModesTest.java:110:29:110:53 | +| jca/SymmetricModesTest.java:127:52:127:56 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/SymmetricModesTest.java:128:17:128:19 | jca/SymmetricModesTest.java:128:17:128:19 | +| jca/SymmetricModesTest.java:127:52:127:56 | KeyOperationAlgorithm | Name | AES | jca/SymmetricModesTest.java:127:52:127:56 | jca/SymmetricModesTest.java:127:52:127:56 | +| jca/SymmetricModesTest.java:127:52:127:56 | KeyOperationAlgorithm | RawName | AES | jca/SymmetricModesTest.java:127:52:127:56 | jca/SymmetricModesTest.java:127:52:127:56 | +| jca/SymmetricModesTest.java:127:52:127:56 | KeyOperationAlgorithm | Structure | Block | jca/SymmetricModesTest.java:127:52:127:56 | jca/SymmetricModesTest.java:127:52:127:56 | +| jca/SymmetricModesTest.java:128:17:128:19 | Constant | Description | 256 | jca/SymmetricModesTest.java:128:17:128:19 | jca/SymmetricModesTest.java:128:17:128:19 | +| jca/SymmetricModesTest.java:129:16:129:31 | Key | KeyType | Symmetric | jca/SymmetricModesTest.java:129:16:129:31 | jca/SymmetricModesTest.java:129:16:129:31 | +| jca/UniversalFlowTest.java:19:28:19:32 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/UniversalFlowTest.java:26:21:26:23 | jca/UniversalFlowTest.java:26:21:26:23 | +| jca/UniversalFlowTest.java:19:28:19:32 | KeyOperationAlgorithm | Name | AES | jca/UniversalFlowTest.java:19:28:19:32 | jca/UniversalFlowTest.java:19:28:19:32 | +| jca/UniversalFlowTest.java:19:28:19:32 | KeyOperationAlgorithm | RawName | AES | jca/UniversalFlowTest.java:19:28:19:32 | jca/UniversalFlowTest.java:19:28:19:32 | +| jca/UniversalFlowTest.java:19:28:19:32 | KeyOperationAlgorithm | Structure | Block | jca/UniversalFlowTest.java:19:28:19:32 | jca/UniversalFlowTest.java:19:28:19:32 | +| jca/UniversalFlowTest.java:26:21:26:23 | Constant | Description | 256 | jca/UniversalFlowTest.java:26:21:26:23 | jca/UniversalFlowTest.java:26:21:26:23 | +| jca/UniversalFlowTest.java:27:25:27:44 | Key | KeyType | Symmetric | jca/UniversalFlowTest.java:27:25:27:44 | jca/UniversalFlowTest.java:27:25:27:44 | +| jca/UniversalFlowTest.java:28:29:28:47 | KeyOperationAlgorithm | Name | AES | jca/UniversalFlowTest.java:28:29:28:47 | jca/UniversalFlowTest.java:28:29:28:47 | +| jca/UniversalFlowTest.java:28:29:28:47 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/UniversalFlowTest.java:28:29:28:47 | jca/UniversalFlowTest.java:28:29:28:47 | +| jca/UniversalFlowTest.java:28:29:28:47 | KeyOperationAlgorithm | Structure | Block | jca/UniversalFlowTest.java:28:29:28:47 | jca/UniversalFlowTest.java:28:29:28:47 | +| jca/UniversalFlowTest.java:28:29:28:47 | ModeOfOperation | Name | GCM | jca/UniversalFlowTest.java:28:29:28:47 | jca/UniversalFlowTest.java:28:29:28:47 | +| jca/UniversalFlowTest.java:28:29:28:47 | ModeOfOperation | RawName | GCM | jca/UniversalFlowTest.java:28:29:28:47 | jca/UniversalFlowTest.java:28:29:28:47 | +| jca/UniversalFlowTest.java:28:29:28:47 | PaddingAlgorithm | Name | UnknownPadding | jca/UniversalFlowTest.java:28:29:28:47 | jca/UniversalFlowTest.java:28:29:28:47 | +| jca/UniversalFlowTest.java:28:29:28:47 | PaddingAlgorithm | RawName | NoPadding | jca/UniversalFlowTest.java:28:29:28:47 | jca/UniversalFlowTest.java:28:29:28:47 | +| jca/UniversalFlowTest.java:31:9:31:40 | RandomNumberGeneration | Description | nextBytes | jca/UniversalFlowTest.java:31:9:31:40 | jca/UniversalFlowTest.java:31:9:31:40 | +| jca/UniversalFlowTest.java:31:38:31:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/UniversalFlowTest.java:31:38:31:39 | jca/UniversalFlowTest.java:31:38:31:39 | +| jca/UniversalFlowTest.java:33:42:33:44 | Key | KeyType | Unknown | jca/UniversalFlowTest.java:33:42:33:44 | jca/UniversalFlowTest.java:33:42:33:44 | +| jca/UniversalFlowTest.java:34:32:34:74 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/UniversalFlowTest.java:34:32:34:74 | jca/UniversalFlowTest.java:34:32:34:74 | +| jca/UniversalFlowTest.java:34:47:34:62 | Constant | Description | "Sensitive Data" | jca/UniversalFlowTest.java:34:47:34:62 | jca/UniversalFlowTest.java:34:47:34:62 | +| jca/UniversalFlowTest.java:46:20:46:24 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/UniversalFlowTest.java:26:21:26:23 | jca/UniversalFlowTest.java:26:21:26:23 | +| jca/UniversalFlowTest.java:46:20:46:24 | KeyOperationAlgorithm | Name | AES | jca/UniversalFlowTest.java:46:20:46:24 | jca/UniversalFlowTest.java:46:20:46:24 | +| jca/UniversalFlowTest.java:46:20:46:24 | KeyOperationAlgorithm | RawName | AES | jca/UniversalFlowTest.java:46:20:46:24 | jca/UniversalFlowTest.java:46:20:46:24 | +| jca/UniversalFlowTest.java:46:20:46:24 | KeyOperationAlgorithm | Structure | Block | jca/UniversalFlowTest.java:46:20:46:24 | jca/UniversalFlowTest.java:46:20:46:24 | diff --git a/java/ql/test/experimental/library-tests/quantum/node_properties.ql b/java/ql/test/experimental/library-tests/quantum/node_properties.ql new file mode 100644 index 00000000000..79514611e67 --- /dev/null +++ b/java/ql/test/experimental/library-tests/quantum/node_properties.ql @@ -0,0 +1,6 @@ +import java +import experimental.quantum.Language + +from Crypto::NodeBase n, string key, string value, Location location +where n.properties(key, value, location) +select n, key, value, location diff --git a/java/ql/test/experimental/library-tests/quantum/nodes.expected b/java/ql/test/experimental/library-tests/quantum/nodes.expected new file mode 100644 index 00000000000..39816c68234 --- /dev/null +++ b/java/ql/test/experimental/library-tests/quantum/nodes.expected @@ -0,0 +1,1515 @@ +| jca/AesWrapAndPBEWith.java:58:52:58:56 | KeyOperationAlgorithm | +| jca/AesWrapAndPBEWith.java:59:17:59:19 | Constant | +| jca/AesWrapAndPBEWith.java:60:33:60:48 | Key | +| jca/AesWrapAndPBEWith.java:60:33:60:48 | KeyGeneration | +| jca/AesWrapAndPBEWith.java:62:17:62:19 | Constant | +| jca/AesWrapAndPBEWith.java:63:31:63:46 | Key | +| jca/AesWrapAndPBEWith.java:63:31:63:46 | KeyGeneration | +| jca/AesWrapAndPBEWith.java:65:44:65:52 | KeyOperationAlgorithm | +| jca/AesWrapAndPBEWith.java:66:39:66:49 | Key | +| jca/AesWrapAndPBEWith.java:67:29:67:50 | KeyOperationOutput | +| jca/AesWrapAndPBEWith.java:67:29:67:50 | WrapOperation | +| jca/AesWrapAndPBEWith.java:67:41:67:49 | Message | +| jca/AesWrapAndPBEWith.java:83:52:83:56 | KeyOperationAlgorithm | +| jca/AesWrapAndPBEWith.java:84:17:84:19 | Constant | +| jca/AesWrapAndPBEWith.java:85:31:85:46 | Key | +| jca/AesWrapAndPBEWith.java:85:31:85:46 | KeyGeneration | +| jca/AesWrapAndPBEWith.java:87:44:87:52 | KeyOperationAlgorithm | +| jca/AesWrapAndPBEWith.java:88:39:88:49 | Key | +| jca/AesWrapAndPBEWith.java:89:29:89:50 | KeyOperationOutput | +| jca/AesWrapAndPBEWith.java:89:29:89:50 | WrapOperation | +| jca/AesWrapAndPBEWith.java:89:41:89:49 | Message | +| jca/AesWrapAndPBEWith.java:106:34:106:37 | Constant | +| jca/AesWrapAndPBEWith.java:107:42:107:63 | Message | +| jca/AesWrapAndPBEWith.java:107:66:107:69 | Salt | +| jca/AesWrapAndPBEWith.java:107:72:107:75 | Constant | +| jca/AesWrapAndPBEWith.java:107:78:107:79 | Constant | +| jca/AesWrapAndPBEWith.java:108:65:108:82 | KeyDerivationAlgorithm | +| jca/AesWrapAndPBEWith.java:109:27:109:54 | Key | +| jca/AesWrapAndPBEWith.java:109:27:109:54 | KeyDerivation | +| jca/AesWrapAndPBEWith.java:122:9:122:42 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:122:38:122:41 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:123:42:123:63 | Message | +| jca/AesWrapAndPBEWith.java:123:66:123:69 | Salt | +| jca/AesWrapAndPBEWith.java:123:72:123:76 | Constant | +| jca/AesWrapAndPBEWith.java:123:79:123:81 | Constant | +| jca/AesWrapAndPBEWith.java:124:65:124:86 | HMACAlgorithm | +| jca/AesWrapAndPBEWith.java:124:65:124:86 | HashAlgorithm | +| jca/AesWrapAndPBEWith.java:124:65:124:86 | KeyDerivationAlgorithm | +| jca/AesWrapAndPBEWith.java:125:27:125:54 | Key | +| jca/AesWrapAndPBEWith.java:125:27:125:54 | KeyDerivation | +| jca/AesWrapAndPBEWith.java:140:9:140:42 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:140:38:140:41 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:141:42:141:63 | Message | +| jca/AesWrapAndPBEWith.java:141:66:141:69 | Salt | +| jca/AesWrapAndPBEWith.java:141:72:141:76 | Constant | +| jca/AesWrapAndPBEWith.java:141:79:141:81 | Constant | +| jca/AesWrapAndPBEWith.java:142:65:142:98 | KeyDerivationAlgorithm | +| jca/AesWrapAndPBEWith.java:143:28:143:55 | Key | +| jca/AesWrapAndPBEWith.java:143:28:143:55 | KeyDerivation | +| jca/AesWrapAndPBEWith.java:146:44:146:65 | KeyOperationAlgorithm | +| jca/AesWrapAndPBEWith.java:146:44:146:65 | ModeOfOperation | +| jca/AesWrapAndPBEWith.java:146:44:146:65 | PaddingAlgorithm | +| jca/AesWrapAndPBEWith.java:148:9:148:40 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:148:38:148:39 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:150:42:150:47 | Key | +| jca/AesWrapAndPBEWith.java:150:50:150:55 | Nonce | +| jca/AesWrapAndPBEWith.java:151:29:151:64 | EncryptOperation | +| jca/AesWrapAndPBEWith.java:151:29:151:64 | KeyOperationOutput | +| jca/AesWrapAndPBEWith.java:151:44:151:63 | Message | +| jca/AesWrapAndPBEWith.java:167:9:167:42 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:167:38:167:41 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:168:42:168:63 | Message | +| jca/AesWrapAndPBEWith.java:168:66:168:69 | Salt | +| jca/AesWrapAndPBEWith.java:168:72:168:76 | Constant | +| jca/AesWrapAndPBEWith.java:168:79:168:81 | Constant | +| jca/AesWrapAndPBEWith.java:169:65:169:96 | KeyDerivationAlgorithm | +| jca/AesWrapAndPBEWith.java:170:28:170:55 | Key | +| jca/AesWrapAndPBEWith.java:170:28:170:55 | KeyDerivation | +| jca/AesWrapAndPBEWith.java:173:44:173:65 | KeyOperationAlgorithm | +| jca/AesWrapAndPBEWith.java:173:44:173:65 | ModeOfOperation | +| jca/AesWrapAndPBEWith.java:173:44:173:65 | PaddingAlgorithm | +| jca/AesWrapAndPBEWith.java:175:9:175:40 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:175:38:175:39 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:177:42:177:47 | Key | +| jca/AesWrapAndPBEWith.java:177:50:177:55 | Nonce | +| jca/AesWrapAndPBEWith.java:178:29:178:64 | EncryptOperation | +| jca/AesWrapAndPBEWith.java:178:29:178:64 | KeyOperationOutput | +| jca/AesWrapAndPBEWith.java:178:44:178:63 | Message | +| jca/AesWrapAndPBEWith.java:200:55:200:69 | Parameter | +| jca/AesWrapAndPBEWith.java:200:72:200:87 | Parameter | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:86:47:86:57 | EllipticCurve | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:87:16:87:36 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:87:16:87:36 | KeyGeneration | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:94:61:94:68 | KeyAgreementAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:95:24:95:26 | Constant | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:96:16:96:36 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:96:16:96:36 | KeyGeneration | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:109:17:109:26 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:110:20:110:28 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:111:16:111:34 | KeyAgreementOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:111:16:111:34 | SharedSecret | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:123:58:123:66 | HashAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:124:23:124:42 | Digest | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:124:23:124:42 | HashOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:124:37:124:41 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:145:61:145:65 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:146:24:146:27 | Constant | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:147:16:147:36 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:147:16:147:36 | KeyGeneration | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:154:61:154:65 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:155:24:155:27 | Constant | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:156:16:156:36 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:156:16:156:36 | KeyGeneration | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | HashAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | ModeOfOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | PaddingAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:167:42:167:58 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:168:34:168:55 | KeyOperationOutput | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:168:34:168:55 | WrapOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:168:49:168:54 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:171:9:171:40 | RandomNumberGeneration | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:171:38:171:39 | RandomNumberGeneration | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | ModeOfOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | PaddingAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:173:45:173:50 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:173:53:173:81 | Nonce | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:174:29:174:56 | EncryptOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:174:29:174:56 | KeyOperationOutput | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:174:47:174:55 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:190:47:190:68 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:190:47:190:68 | ModeOfOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:190:47:190:68 | PaddingAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:191:42:191:58 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:192:34:192:55 | KeyOperationOutput | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:192:34:192:55 | WrapOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:192:49:192:54 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:195:47:195:65 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:195:47:195:65 | ModeOfOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:195:47:195:65 | PaddingAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:196:45:196:50 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:196:53:196:86 | Nonce | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:197:29:197:56 | EncryptOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:197:29:197:56 | KeyOperationOutput | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:197:47:197:55 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:215:91:215:96 | KeyAgreementAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:220:9:220:40 | RandomNumberGeneration | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:220:38:220:39 | RandomNumberGeneration | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | ModeOfOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | PaddingAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:222:42:222:47 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:222:50:222:78 | Nonce | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:223:29:223:53 | EncryptOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:223:29:223:53 | KeyOperationOutput | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:223:44:223:52 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:239:95:239:100 | KeyAgreementAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:244:44:244:62 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:244:44:244:62 | ModeOfOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:244:44:244:62 | PaddingAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:245:42:245:47 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:245:50:245:83 | Nonce | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:246:29:246:53 | EncryptOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:246:29:246:53 | KeyOperationOutput | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:246:44:246:52 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:271:58:271:73 | Parameter | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:297:18:297:26 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | KeyOperationOutput | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | MACOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:28:298:45 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:308:18:308:26 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | KeyOperationOutput | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | MACOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:28:309:45 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:320:52:320:56 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:321:17:321:19 | Constant | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:322:16:322:31 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:322:16:322:31 | KeyGeneration | +| jca/ChainedEncryptionTest.java:19:44:19:62 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:19:44:19:62 | ModeOfOperation | +| jca/ChainedEncryptionTest.java:19:44:19:62 | PaddingAlgorithm | +| jca/ChainedEncryptionTest.java:21:9:21:40 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:21:38:21:39 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:23:42:23:44 | Key | +| jca/ChainedEncryptionTest.java:23:47:23:50 | Nonce | +| jca/ChainedEncryptionTest.java:24:29:24:53 | EncryptOperation | +| jca/ChainedEncryptionTest.java:24:29:24:53 | KeyOperationOutput | +| jca/ChainedEncryptionTest.java:24:44:24:52 | Message | +| jca/ChainedEncryptionTest.java:32:44:32:62 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:32:44:32:62 | ModeOfOperation | +| jca/ChainedEncryptionTest.java:32:44:32:62 | PaddingAlgorithm | +| jca/ChainedEncryptionTest.java:34:42:34:44 | Key | +| jca/ChainedEncryptionTest.java:34:47:34:50 | Nonce | +| jca/ChainedEncryptionTest.java:35:16:35:41 | DecryptOperation | +| jca/ChainedEncryptionTest.java:35:16:35:41 | KeyOperationOutput | +| jca/ChainedEncryptionTest.java:35:31:35:40 | Message | +| jca/ChainedEncryptionTest.java:40:44:40:62 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:42:9:42:43 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:42:38:42:42 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:43:42:43:44 | Key | +| jca/ChainedEncryptionTest.java:43:47:43:72 | Nonce | +| jca/ChainedEncryptionTest.java:44:29:44:53 | EncryptOperation | +| jca/ChainedEncryptionTest.java:44:29:44:53 | KeyOperationOutput | +| jca/ChainedEncryptionTest.java:44:44:44:52 | Message | +| jca/ChainedEncryptionTest.java:52:44:52:62 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:53:42:53:44 | Key | +| jca/ChainedEncryptionTest.java:53:47:53:72 | Nonce | +| jca/ChainedEncryptionTest.java:54:16:54:41 | DecryptOperation | +| jca/ChainedEncryptionTest.java:54:16:54:41 | KeyOperationOutput | +| jca/ChainedEncryptionTest.java:54:31:54:40 | Message | +| jca/ChainedEncryptionTest.java:75:46:75:61 | Parameter | +| jca/ChainedEncryptionTest.java:79:56:79:60 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:80:21:80:23 | Constant | +| jca/ChainedEncryptionTest.java:81:30:81:49 | Key | +| jca/ChainedEncryptionTest.java:81:30:81:49 | KeyGeneration | +| jca/ChainedEncryptionTest.java:83:59:83:68 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:84:24:84:26 | Constant | +| jca/ChainedEncryptionTest.java:85:30:85:52 | Key | +| jca/ChainedEncryptionTest.java:85:30:85:52 | KeyGeneration | +| jca/ChainedEncryptionTest.java:89:9:89:43 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:89:38:89:42 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:90:47:90:65 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:90:47:90:65 | ModeOfOperation | +| jca/ChainedEncryptionTest.java:90:47:90:65 | PaddingAlgorithm | +| jca/ChainedEncryptionTest.java:92:45:92:52 | Key | +| jca/ChainedEncryptionTest.java:92:55:92:61 | Nonce | +| jca/ChainedEncryptionTest.java:93:34:93:62 | EncryptOperation | +| jca/ChainedEncryptionTest.java:93:34:93:62 | KeyOperationOutput | +| jca/ChainedEncryptionTest.java:93:52:93:61 | Message | +| jca/ChainedEncryptionTest.java:97:9:97:49 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:97:38:97:48 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:98:50:98:68 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:99:48:99:55 | Key | +| jca/ChainedEncryptionTest.java:99:58:99:89 | Nonce | +| jca/ChainedEncryptionTest.java:100:34:100:70 | EncryptOperation | +| jca/ChainedEncryptionTest.java:100:34:100:70 | KeyOperationOutput | +| jca/ChainedEncryptionTest.java:100:55:100:69 | Message | +| jca/ChainedEncryptionTest.java:103:47:103:65 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:104:45:104:52 | Key | +| jca/ChainedEncryptionTest.java:104:55:104:86 | Nonce | +| jca/ChainedEncryptionTest.java:105:43:105:76 | DecryptOperation | +| jca/ChainedEncryptionTest.java:105:43:105:76 | KeyOperationOutput | +| jca/ChainedEncryptionTest.java:105:61:105:75 | Message | +| jca/ChainedEncryptionTest.java:108:44:108:62 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:108:44:108:62 | ModeOfOperation | +| jca/ChainedEncryptionTest.java:108:44:108:62 | PaddingAlgorithm | +| jca/ChainedEncryptionTest.java:109:42:109:49 | Key | +| jca/ChainedEncryptionTest.java:109:52:109:83 | Nonce | +| jca/ChainedEncryptionTest.java:110:37:110:76 | DecryptOperation | +| jca/ChainedEncryptionTest.java:110:37:110:76 | KeyOperationOutput | +| jca/ChainedEncryptionTest.java:110:52:110:75 | Message | +| jca/ChainedEncryptionTest.java:117:56:117:60 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:118:21:118:23 | Constant | +| jca/ChainedEncryptionTest.java:119:28:119:47 | Key | +| jca/ChainedEncryptionTest.java:119:28:119:47 | KeyGeneration | +| jca/ChainedEncryptionTest.java:122:59:122:68 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:123:24:123:26 | Constant | +| jca/ChainedEncryptionTest.java:124:31:124:53 | Key | +| jca/ChainedEncryptionTest.java:124:31:124:53 | KeyGeneration | +| jca/ChainedEncryptionTest.java:126:31:126:57 | Constant | +| jca/Digest.java:54:58:54:66 | HashAlgorithm | +| jca/Digest.java:55:23:55:66 | Digest | +| jca/Digest.java:55:23:55:66 | HashOperation | +| jca/Digest.java:55:37:55:54 | Constant | +| jca/Digest.java:55:37:55:65 | Message | +| jca/Digest.java:64:61:64:65 | HashAlgorithm | +| jca/Digest.java:65:23:65:70 | Digest | +| jca/Digest.java:65:23:65:70 | HashOperation | +| jca/Digest.java:65:40:65:58 | Constant | +| jca/Digest.java:65:40:65:69 | Message | +| jca/Digest.java:73:49:73:63 | Parameter | +| jca/Digest.java:74:64:74:72 | HashAlgorithm | +| jca/Digest.java:75:23:75:62 | Digest | +| jca/Digest.java:75:23:75:62 | HashOperation | +| jca/Digest.java:75:43:75:61 | Message | +| jca/Digest.java:83:37:83:51 | Parameter | +| jca/Digest.java:85:58:85:66 | HashAlgorithm | +| jca/Digest.java:86:23:86:26 | Message | +| jca/Digest.java:87:23:87:56 | Digest | +| jca/Digest.java:87:23:87:56 | HashOperation | +| jca/Digest.java:87:37:87:55 | Message | +| jca/Digest.java:95:37:95:51 | Parameter | +| jca/Digest.java:97:42:97:63 | Message | +| jca/Digest.java:97:66:97:69 | Salt | +| jca/Digest.java:97:72:97:76 | Constant | +| jca/Digest.java:97:79:97:81 | Constant | +| jca/Digest.java:98:65:98:86 | HMACAlgorithm | +| jca/Digest.java:98:65:98:86 | HashAlgorithm | +| jca/Digest.java:98:65:98:86 | KeyDerivationAlgorithm | +| jca/Digest.java:99:23:99:50 | Key | +| jca/Digest.java:99:23:99:50 | KeyDerivation | +| jca/Digest.java:107:40:107:51 | Parameter | +| jca/Digest.java:108:62:108:68 | HashAlgorithm | +| jca/Digest.java:109:23:109:57 | Digest | +| jca/Digest.java:109:23:109:57 | HashOperation | +| jca/Digest.java:109:41:109:56 | Message | +| jca/Digest.java:117:35:117:46 | Parameter | +| jca/Digest.java:117:49:117:58 | Parameter | +| jca/Digest.java:118:36:118:47 | KeyOperationAlgorithm | +| jca/Digest.java:120:19:120:27 | Key | +| jca/Digest.java:121:23:121:52 | KeyOperationOutput | +| jca/Digest.java:121:23:121:52 | MACOperation | +| jca/Digest.java:121:36:121:51 | Message | +| jca/Digest.java:140:44:140:62 | KeyOperationAlgorithm | +| jca/Digest.java:140:44:140:62 | ModeOfOperation | +| jca/Digest.java:140:44:140:62 | PaddingAlgorithm | +| jca/Digest.java:141:42:141:44 | Key | +| jca/Digest.java:142:32:142:74 | EncryptOperation | +| jca/Digest.java:142:32:142:74 | KeyOperationOutput | +| jca/Digest.java:142:47:142:62 | Constant | +| jca/Digest.java:142:47:142:73 | Message | +| jca/Digest.java:155:39:155:51 | Parameter | +| jca/Digest.java:171:50:171:62 | Parameter | +| jca/Digest.java:176:42:176:71 | Message | +| jca/Digest.java:176:74:176:77 | Salt | +| jca/Digest.java:176:80:176:84 | Constant | +| jca/Digest.java:176:87:176:89 | Constant | +| jca/Digest.java:177:65:177:86 | HMACAlgorithm | +| jca/Digest.java:177:65:177:86 | HashAlgorithm | +| jca/Digest.java:177:65:177:86 | KeyDerivationAlgorithm | +| jca/Digest.java:178:30:178:57 | Key | +| jca/Digest.java:178:30:178:57 | KeyDerivation | +| jca/Digest.java:186:44:186:62 | KeyOperationAlgorithm | +| jca/Digest.java:186:44:186:62 | ModeOfOperation | +| jca/Digest.java:186:44:186:62 | PaddingAlgorithm | +| jca/Digest.java:187:42:187:54 | Key | +| jca/Digest.java:188:29:188:78 | EncryptOperation | +| jca/Digest.java:188:29:188:78 | KeyOperationOutput | +| jca/Digest.java:188:44:188:66 | Constant | +| jca/Digest.java:188:44:188:77 | Message | +| jca/Digest.java:191:35:191:46 | KeyOperationAlgorithm | +| jca/Digest.java:192:18:192:23 | Key | +| jca/Digest.java:193:30:193:52 | KeyOperationOutput | +| jca/Digest.java:193:30:193:52 | MACOperation | +| jca/Digest.java:193:42:193:51 | Message | +| jca/Digest.java:210:44:210:62 | KeyOperationAlgorithm | +| jca/Digest.java:210:44:210:62 | ModeOfOperation | +| jca/Digest.java:210:44:210:62 | PaddingAlgorithm | +| jca/Digest.java:212:42:212:44 | Key | +| jca/Digest.java:213:32:213:51 | EncryptOperation | +| jca/Digest.java:213:32:213:51 | KeyOperationOutput | +| jca/Digest.java:213:47:213:50 | Message | +| jca/Digest.java:239:56:239:60 | KeyOperationAlgorithm | +| jca/Digest.java:240:21:240:23 | Constant | +| jca/Digest.java:241:16:241:35 | Key | +| jca/Digest.java:241:16:241:35 | KeyGeneration | +| jca/Digest.java:253:9:253:42 | RandomNumberGeneration | +| jca/Digest.java:253:38:253:41 | RandomNumberGeneration | +| jca/EllipticCurve1.java:46:66:46:76 | EllipticCurve | +| jca/EllipticCurve1.java:47:16:47:36 | Key | +| jca/EllipticCurve1.java:47:16:47:36 | KeyGeneration | +| jca/EllipticCurve1.java:56:66:56:76 | EllipticCurve | +| jca/EllipticCurve1.java:57:16:57:36 | Key | +| jca/EllipticCurve1.java:57:16:57:36 | KeyGeneration | +| jca/EllipticCurve1.java:66:66:66:82 | EllipticCurve | +| jca/EllipticCurve1.java:67:16:67:36 | Key | +| jca/EllipticCurve1.java:67:16:67:36 | KeyGeneration | +| jca/EllipticCurve1.java:74:61:74:68 | KeyAgreementAlgorithm | +| jca/EllipticCurve1.java:76:16:76:36 | Key | +| jca/EllipticCurve1.java:76:16:76:36 | KeyGeneration | +| jca/EllipticCurve1.java:83:61:83:66 | KeyAgreementAlgorithm | +| jca/EllipticCurve1.java:84:16:84:36 | Key | +| jca/EllipticCurve1.java:84:16:84:36 | KeyGeneration | +| jca/EllipticCurve1.java:94:66:94:76 | EllipticCurve | +| jca/EllipticCurve1.java:95:16:95:36 | Key | +| jca/EllipticCurve1.java:95:16:95:36 | KeyGeneration | +| jca/EllipticCurve1.java:105:66:105:76 | Constant | +| jca/EllipticCurve1.java:106:16:106:36 | Key | +| jca/EllipticCurve1.java:106:16:106:36 | KeyGeneration | +| jca/EllipticCurve1.java:114:61:114:69 | Constant | +| jca/EllipticCurve1.java:115:16:115:36 | Key | +| jca/EllipticCurve1.java:115:16:115:36 | KeyGeneration | +| jca/EllipticCurve2.java:46:47:46:57 | EllipticCurve | +| jca/EllipticCurve2.java:47:16:47:36 | Key | +| jca/EllipticCurve2.java:47:16:47:36 | KeyGeneration | +| jca/EllipticCurve2.java:55:47:55:57 | EllipticCurve | +| jca/EllipticCurve2.java:56:16:56:36 | Key | +| jca/EllipticCurve2.java:56:16:56:36 | KeyGeneration | +| jca/EllipticCurve2.java:64:47:64:63 | EllipticCurve | +| jca/EllipticCurve2.java:65:16:65:36 | Key | +| jca/EllipticCurve2.java:65:16:65:36 | KeyGeneration | +| jca/EllipticCurve2.java:72:61:72:68 | KeyAgreementAlgorithm | +| jca/EllipticCurve2.java:73:16:73:36 | Key | +| jca/EllipticCurve2.java:73:16:73:36 | KeyGeneration | +| jca/EllipticCurve2.java:80:61:80:69 | Constant | +| jca/EllipticCurve2.java:81:16:81:36 | Key | +| jca/EllipticCurve2.java:81:16:81:36 | KeyGeneration | +| jca/EllipticCurve2.java:105:52:105:57 | KeyAgreementAlgorithm | +| jca/EllipticCurve2.java:106:17:106:36 | Key | +| jca/EllipticCurve2.java:107:20:107:36 | Key | +| jca/EllipticCurve2.java:108:16:108:34 | KeyAgreementOperation | +| jca/EllipticCurve2.java:108:16:108:34 | SharedSecret | +| jca/EllipticCurve2.java:119:52:119:57 | KeyAgreementAlgorithm | +| jca/EllipticCurve2.java:120:17:120:37 | Key | +| jca/EllipticCurve2.java:121:20:121:39 | Key | +| jca/EllipticCurve2.java:122:16:122:34 | KeyAgreementOperation | +| jca/EllipticCurve2.java:122:16:122:34 | SharedSecret | +| jca/EllipticCurve2.java:136:53:136:69 | HashAlgorithm | +| jca/EllipticCurve2.java:136:53:136:69 | KeyOperationAlgorithm | +| jca/EllipticCurve2.java:137:28:137:42 | Key | +| jca/EllipticCurve2.java:138:26:138:32 | Message | +| jca/EllipticCurve2.java:139:16:139:31 | SignOperation | +| jca/EllipticCurve2.java:139:16:139:31 | SignatureOutput | +| jca/EllipticCurve2.java:151:53:151:69 | HashAlgorithm | +| jca/EllipticCurve2.java:151:53:151:69 | KeyOperationAlgorithm | +| jca/EllipticCurve2.java:152:30:152:43 | Key | +| jca/EllipticCurve2.java:153:26:153:32 | Message | +| jca/EllipticCurve2.java:154:16:154:47 | VerifyOperation | +| jca/EllipticCurve2.java:154:33:154:46 | SignatureInput | +| jca/EllipticCurve2.java:166:53:166:61 | KeyOperationAlgorithm | +| jca/EllipticCurve2.java:167:28:167:42 | Key | +| jca/EllipticCurve2.java:168:26:168:32 | Message | +| jca/EllipticCurve2.java:169:16:169:31 | SignOperation | +| jca/EllipticCurve2.java:169:16:169:31 | SignatureOutput | +| jca/EllipticCurve2.java:181:53:181:61 | KeyOperationAlgorithm | +| jca/EllipticCurve2.java:182:30:182:43 | Key | +| jca/EllipticCurve2.java:183:26:183:32 | Message | +| jca/EllipticCurve2.java:184:16:184:47 | VerifyOperation | +| jca/EllipticCurve2.java:184:33:184:46 | SignatureInput | +| jca/EllipticCurve2.java:206:52:206:57 | KeyAgreementAlgorithm | +| jca/EllipticCurve2.java:207:17:207:37 | Key | +| jca/EllipticCurve2.java:208:20:208:41 | Key | +| jca/EllipticCurve2.java:209:31:209:49 | KeyAgreementOperation | +| jca/EllipticCurve2.java:209:31:209:49 | SharedSecret | +| jca/EllipticCurve2.java:213:58:213:66 | HashAlgorithm | +| jca/EllipticCurve2.java:214:29:214:55 | Digest | +| jca/EllipticCurve2.java:214:29:214:55 | HashOperation | +| jca/EllipticCurve2.java:214:43:214:54 | Message | +| jca/EllipticCurve2.java:219:44:219:62 | KeyOperationAlgorithm | +| jca/EllipticCurve2.java:219:44:219:62 | ModeOfOperation | +| jca/EllipticCurve2.java:219:44:219:62 | PaddingAlgorithm | +| jca/EllipticCurve2.java:221:9:221:40 | RandomNumberGeneration | +| jca/EllipticCurve2.java:221:38:221:39 | RandomNumberGeneration | +| jca/EllipticCurve2.java:223:42:223:47 | Key | +| jca/EllipticCurve2.java:223:50:223:53 | Nonce | +| jca/EllipticCurve2.java:224:29:224:53 | EncryptOperation | +| jca/EllipticCurve2.java:224:29:224:53 | KeyOperationOutput | +| jca/EllipticCurve2.java:224:44:224:52 | Message | +| jca/EllipticCurve2.java:245:30:245:53 | Constant | +| jca/EllipticCurve2.java:258:62:258:83 | Constant | +| jca/Encryption1.java:60:56:60:60 | KeyOperationAlgorithm | +| jca/Encryption1.java:61:21:61:23 | Constant | +| jca/Encryption1.java:62:25:62:44 | Key | +| jca/Encryption1.java:62:25:62:44 | KeyGeneration | +| jca/Encryption1.java:63:44:63:62 | KeyOperationAlgorithm | +| jca/Encryption1.java:63:44:63:62 | ModeOfOperation | +| jca/Encryption1.java:63:44:63:62 | PaddingAlgorithm | +| jca/Encryption1.java:65:9:65:40 | RandomNumberGeneration | +| jca/Encryption1.java:65:38:65:39 | RandomNumberGeneration | +| jca/Encryption1.java:67:42:67:44 | Key | +| jca/Encryption1.java:67:47:67:53 | Nonce | +| jca/Encryption1.java:68:32:68:74 | EncryptOperation | +| jca/Encryption1.java:68:32:68:74 | KeyOperationOutput | +| jca/Encryption1.java:68:47:68:62 | Constant | +| jca/Encryption1.java:68:47:68:73 | Message | +| jca/Encryption1.java:83:56:83:60 | KeyOperationAlgorithm | +| jca/Encryption1.java:84:21:84:23 | Constant | +| jca/Encryption1.java:85:25:85:44 | Key | +| jca/Encryption1.java:85:25:85:44 | KeyGeneration | +| jca/Encryption1.java:88:44:88:62 | KeyOperationAlgorithm | +| jca/Encryption1.java:88:44:88:62 | ModeOfOperation | +| jca/Encryption1.java:88:44:88:62 | PaddingAlgorithm | +| jca/Encryption1.java:89:42:89:44 | Key | +| jca/Encryption1.java:90:32:90:74 | EncryptOperation | +| jca/Encryption1.java:90:32:90:74 | KeyOperationOutput | +| jca/Encryption1.java:90:47:90:62 | Constant | +| jca/Encryption1.java:90:47:90:73 | Message | +| jca/Encryption1.java:104:35:104:53 | Parameter | +| jca/Encryption1.java:104:56:104:66 | Parameter | +| jca/Encryption1.java:105:44:105:82 | HashAlgorithm | +| jca/Encryption1.java:105:44:105:82 | KeyOperationAlgorithm | +| jca/Encryption1.java:105:44:105:82 | ModeOfOperation | +| jca/Encryption1.java:105:44:105:82 | PaddingAlgorithm | +| jca/Encryption1.java:106:42:106:50 | Key | +| jca/Encryption1.java:107:32:107:62 | EncryptOperation | +| jca/Encryption1.java:107:32:107:62 | KeyOperationOutput | +| jca/Encryption1.java:107:47:107:61 | Message | +| jca/Encryption1.java:119:35:119:55 | Parameter | +| jca/Encryption1.java:119:58:119:77 | Parameter | +| jca/Encryption1.java:120:44:120:82 | HashAlgorithm | +| jca/Encryption1.java:120:44:120:82 | KeyOperationAlgorithm | +| jca/Encryption1.java:120:44:120:82 | ModeOfOperation | +| jca/Encryption1.java:120:44:120:82 | PaddingAlgorithm | +| jca/Encryption1.java:121:42:121:51 | Key | +| jca/Encryption1.java:122:32:122:60 | DecryptOperation | +| jca/Encryption1.java:122:32:122:60 | KeyOperationOutput | +| jca/Encryption1.java:122:47:122:59 | Message | +| jca/Encryption1.java:136:34:136:55 | Parameter | +| jca/Encryption1.java:137:56:137:60 | KeyOperationAlgorithm | +| jca/Encryption1.java:138:21:138:23 | Constant | +| jca/Encryption1.java:139:28:139:47 | Key | +| jca/Encryption1.java:139:28:139:47 | KeyGeneration | +| jca/Encryption1.java:141:47:141:85 | HashAlgorithm | +| jca/Encryption1.java:141:47:141:85 | KeyOperationAlgorithm | +| jca/Encryption1.java:141:47:141:85 | ModeOfOperation | +| jca/Encryption1.java:141:47:141:85 | PaddingAlgorithm | +| jca/Encryption1.java:142:45:142:56 | Key | +| jca/Encryption1.java:143:34:143:71 | EncryptOperation | +| jca/Encryption1.java:143:34:143:71 | KeyOperationOutput | +| jca/Encryption1.java:143:52:143:70 | Message | +| jca/Encryption1.java:159:34:159:55 | Parameter | +| jca/Encryption1.java:159:58:159:68 | Parameter | +| jca/Encryption1.java:161:56:161:60 | KeyOperationAlgorithm | +| jca/Encryption1.java:162:21:162:23 | Constant | +| jca/Encryption1.java:163:28:163:47 | Key | +| jca/Encryption1.java:163:28:163:47 | KeyGeneration | +| jca/Encryption1.java:166:47:166:85 | HashAlgorithm | +| jca/Encryption1.java:166:47:166:85 | KeyOperationAlgorithm | +| jca/Encryption1.java:166:47:166:85 | ModeOfOperation | +| jca/Encryption1.java:166:47:166:85 | PaddingAlgorithm | +| jca/Encryption1.java:167:45:167:56 | Key | +| jca/Encryption1.java:168:34:168:71 | EncryptOperation | +| jca/Encryption1.java:168:34:168:71 | KeyOperationOutput | +| jca/Encryption1.java:168:52:168:70 | Message | +| jca/Encryption1.java:171:47:171:65 | KeyOperationAlgorithm | +| jca/Encryption1.java:171:47:171:65 | ModeOfOperation | +| jca/Encryption1.java:171:47:171:65 | PaddingAlgorithm | +| jca/Encryption1.java:173:9:173:40 | RandomNumberGeneration | +| jca/Encryption1.java:173:38:173:39 | RandomNumberGeneration | +| jca/Encryption1.java:175:45:175:50 | Key | +| jca/Encryption1.java:175:53:175:59 | Nonce | +| jca/Encryption1.java:176:32:176:65 | EncryptOperation | +| jca/Encryption1.java:176:32:176:65 | KeyOperationOutput | +| jca/Encryption1.java:176:50:176:64 | Message | +| jca/Encryption2.java:55:60:55:70 | EllipticCurve | +| jca/Encryption2.java:56:16:56:49 | Key | +| jca/Encryption2.java:56:16:56:49 | KeyGeneration | +| jca/Encryption2.java:71:62:71:67 | KeyAgreementAlgorithm | +| jca/Encryption2.java:72:27:72:36 | Key | +| jca/Encryption2.java:73:30:73:38 | Key | +| jca/Encryption2.java:74:16:74:44 | KeyAgreementOperation | +| jca/Encryption2.java:74:16:74:44 | SharedSecret | +| jca/Encryption2.java:90:38:90:65 | Parameter | +| jca/Encryption2.java:90:68:90:78 | Parameter | +| jca/Encryption2.java:99:58:99:66 | HashAlgorithm | +| jca/Encryption2.java:100:30:100:56 | Digest | +| jca/Encryption2.java:100:30:100:56 | HashOperation | +| jca/Encryption2.java:100:44:100:55 | Message | +| jca/Encryption2.java:105:47:105:65 | KeyOperationAlgorithm | +| jca/Encryption2.java:105:47:105:65 | ModeOfOperation | +| jca/Encryption2.java:105:47:105:65 | PaddingAlgorithm | +| jca/Encryption2.java:107:9:107:40 | RandomNumberGeneration | +| jca/Encryption2.java:107:38:107:39 | RandomNumberGeneration | +| jca/Encryption2.java:109:45:109:50 | Key | +| jca/Encryption2.java:109:53:109:59 | Nonce | +| jca/Encryption2.java:110:32:110:65 | EncryptOperation | +| jca/Encryption2.java:110:32:110:65 | KeyOperationOutput | +| jca/Encryption2.java:110:50:110:64 | Message | +| jca/Encryption2.java:132:45:132:65 | Parameter | +| jca/Encryption2.java:132:68:132:88 | Parameter | +| jca/Encryption2.java:145:47:145:65 | KeyOperationAlgorithm | +| jca/Encryption2.java:145:47:145:65 | ModeOfOperation | +| jca/Encryption2.java:145:47:145:65 | PaddingAlgorithm | +| jca/Encryption2.java:147:9:147:40 | RandomNumberGeneration | +| jca/Encryption2.java:147:38:147:39 | RandomNumberGeneration | +| jca/Encryption2.java:149:45:149:50 | Key | +| jca/Encryption2.java:149:53:149:59 | Nonce | +| jca/Encryption2.java:150:32:150:98 | EncryptOperation | +| jca/Encryption2.java:150:32:150:98 | KeyOperationOutput | +| jca/Encryption2.java:150:50:150:86 | Constant | +| jca/Encryption2.java:150:50:150:97 | Message | +| jca/Encryption2.java:173:36:173:47 | KeyOperationAlgorithm | +| jca/Encryption2.java:175:19:175:27 | Key | +| jca/Encryption2.java:176:31:176:52 | KeyOperationOutput | +| jca/Encryption2.java:176:31:176:52 | MACOperation | +| jca/Encryption2.java:176:44:176:51 | Message | +| jca/Hash.java:75:58:75:66 | HashAlgorithm | +| jca/Hash.java:76:23:76:66 | Digest | +| jca/Hash.java:76:23:76:66 | HashOperation | +| jca/Hash.java:76:37:76:54 | Constant | +| jca/Hash.java:76:37:76:65 | Message | +| jca/Hash.java:88:61:88:65 | HashAlgorithm | +| jca/Hash.java:89:23:89:70 | Digest | +| jca/Hash.java:89:23:89:70 | HashOperation | +| jca/Hash.java:89:40:89:58 | Constant | +| jca/Hash.java:89:40:89:69 | Message | +| jca/Hash.java:133:29:133:40 | Parameter | +| jca/Hash.java:133:43:133:63 | Parameter | +| jca/Hash.java:134:53:134:67 | HashAlgorithm | +| jca/Hash.java:134:53:134:67 | KeyOperationAlgorithm | +| jca/Hash.java:135:28:135:37 | Key | +| jca/Hash.java:136:26:136:41 | Message | +| jca/Hash.java:137:29:137:44 | SignOperation | +| jca/Hash.java:137:29:137:44 | SignatureOutput | +| jca/Hash.java:154:40:154:51 | Parameter | +| jca/Hash.java:154:54:154:70 | Parameter | +| jca/Hash.java:154:73:154:91 | Parameter | +| jca/Hash.java:155:53:155:67 | HashAlgorithm | +| jca/Hash.java:155:53:155:67 | KeyOperationAlgorithm | +| jca/Hash.java:156:30:156:38 | Key | +| jca/Hash.java:157:26:157:41 | Message | +| jca/Hash.java:158:16:158:43 | VerifyOperation | +| jca/Hash.java:158:33:158:42 | SignatureInput | +| jca/Hash.java:172:43:172:53 | Parameter | +| jca/Hash.java:173:58:173:66 | HashAlgorithm | +| jca/Hash.java:174:23:174:52 | Digest | +| jca/Hash.java:174:23:174:52 | HashOperation | +| jca/Hash.java:174:37:174:51 | Message | +| jca/Hash.java:190:43:190:54 | Parameter | +| jca/Hash.java:191:32:191:38 | HashAlgorithm | +| jca/Hash.java:191:41:191:49 | HashAlgorithm | +| jca/Hash.java:191:52:191:60 | HashAlgorithm | +| jca/Hash.java:191:63:191:71 | HashAlgorithm | +| jca/Hash.java:191:74:191:82 | HashAlgorithm | +| jca/Hash.java:191:85:191:94 | HashAlgorithm | +| jca/Hash.java:191:97:191:106 | HashAlgorithm | +| jca/Hash.java:192:13:192:25 | HashAlgorithm | +| jca/Hash.java:192:28:192:40 | HashAlgorithm | +| jca/Hash.java:192:43:192:47 | HashAlgorithm | +| jca/Hash.java:195:27:195:57 | Digest | +| jca/Hash.java:195:27:195:57 | HashOperation | +| jca/Hash.java:195:41:195:56 | Message | +| jca/Hash.java:211:43:211:54 | Parameter | +| jca/Hash.java:211:57:211:66 | Parameter | +| jca/Hash.java:212:32:212:41 | KeyOperationAlgorithm | +| jca/Hash.java:212:44:212:55 | KeyOperationAlgorithm | +| jca/Hash.java:212:58:212:69 | KeyOperationAlgorithm | +| jca/Hash.java:212:72:212:83 | KeyOperationAlgorithm | +| jca/Hash.java:212:86:212:99 | KeyOperationAlgorithm | +| jca/Hash.java:212:102:212:115 | KeyOperationAlgorithm | +| jca/Hash.java:216:22:216:30 | Key | +| jca/Hash.java:217:27:217:55 | KeyOperationOutput | +| jca/Hash.java:217:27:217:55 | MACOperation | +| jca/Hash.java:217:39:217:54 | Message | +| jca/Hash.java:232:40:232:54 | Parameter | +| jca/Hash.java:235:42:235:63 | Message | +| jca/Hash.java:235:66:235:69 | Salt | +| jca/Hash.java:235:72:235:76 | Constant | +| jca/Hash.java:235:79:235:81 | Constant | +| jca/Hash.java:236:65:236:86 | HMACAlgorithm | +| jca/Hash.java:236:65:236:86 | HashAlgorithm | +| jca/Hash.java:236:65:236:86 | KeyDerivationAlgorithm | +| jca/Hash.java:237:23:237:50 | Key | +| jca/Hash.java:237:23:237:50 | KeyDerivation | +| jca/Hash.java:252:23:252:70 | Digest | +| jca/Hash.java:252:23:252:70 | HashOperation | +| jca/Hash.java:252:37:252:58 | Constant | +| jca/Hash.java:252:37:252:69 | Message | +| jca/Hash.java:266:32:266:40 | HashAlgorithm | +| jca/Hash.java:266:43:266:51 | HashAlgorithm | +| jca/Hash.java:266:54:266:63 | HashAlgorithm | +| jca/Hash.java:266:66:266:75 | HashAlgorithm | +| jca/Hash.java:269:27:269:38 | Constant | +| jca/Hash.java:270:27:270:30 | Message | +| jca/Hash.java:271:40:271:54 | Digest | +| jca/Hash.java:271:40:271:54 | HashOperation | +| jca/Hash.java:294:16:294:66 | LocalData | +| jca/Hash.java:294:57:294:65 | HashAlgorithm | +| jca/Hash.java:310:9:310:42 | RandomNumberGeneration | +| jca/Hash.java:310:38:310:41 | RandomNumberGeneration | +| jca/IVArtifact.java:30:44:30:65 | KeyOperationAlgorithm | +| jca/IVArtifact.java:30:44:30:65 | ModeOfOperation | +| jca/IVArtifact.java:30:44:30:65 | PaddingAlgorithm | +| jca/IVArtifact.java:31:42:31:44 | Key | +| jca/IVArtifact.java:31:47:31:52 | Nonce | +| jca/IVArtifact.java:32:29:32:73 | EncryptOperation | +| jca/IVArtifact.java:32:29:32:73 | KeyOperationOutput | +| jca/IVArtifact.java:32:44:32:61 | Constant | +| jca/IVArtifact.java:32:44:32:72 | Message | +| jca/IVArtifact.java:38:42:38:44 | Key | +| jca/IVArtifact.java:38:47:38:52 | Nonce | +| jca/IVArtifact.java:39:29:39:53 | EncryptOperation | +| jca/IVArtifact.java:39:29:39:53 | KeyOperationOutput | +| jca/IVArtifact.java:39:44:39:52 | Message | +| jca/IVArtifact.java:49:27:49:42 | Constant | +| jca/IVArtifact.java:70:16:70:81 | LocalData | +| jca/IVArtifact.java:70:59:70:80 | KeyOperationAlgorithm | +| jca/IVArtifact.java:70:59:70:80 | ModeOfOperation | +| jca/IVArtifact.java:70:59:70:80 | PaddingAlgorithm | +| jca/IVArtifact.java:74:56:74:60 | KeyOperationAlgorithm | +| jca/IVArtifact.java:75:21:75:23 | Constant | +| jca/IVArtifact.java:76:16:76:35 | Key | +| jca/IVArtifact.java:76:16:76:35 | KeyGeneration | +| jca/IVArtifact.java:81:9:81:40 | RandomNumberGeneration | +| jca/IVArtifact.java:81:38:81:39 | RandomNumberGeneration | +| jca/IVArtifact.java:87:32:87:33 | RandomNumberGeneration | +| jca/IVArtifact.java:105:44:105:62 | KeyOperationAlgorithm | +| jca/IVArtifact.java:105:44:105:62 | ModeOfOperation | +| jca/IVArtifact.java:105:44:105:62 | PaddingAlgorithm | +| jca/IVArtifact.java:108:42:108:44 | Key | +| jca/IVArtifact.java:108:47:108:50 | Nonce | +| jca/IVArtifact.java:109:16:109:40 | EncryptOperation | +| jca/IVArtifact.java:109:16:109:40 | KeyOperationOutput | +| jca/IVArtifact.java:109:31:109:39 | Message | +| jca/IVArtifact.java:116:31:116:34 | Constant | +| jca/IVArtifact.java:130:13:130:50 | RandomNumberGeneration | +| jca/IVArtifact.java:130:42:130:49 | RandomNumberGeneration | +| jca/IVArtifact.java:132:44:132:62 | KeyOperationAlgorithm | +| jca/IVArtifact.java:132:44:132:62 | ModeOfOperation | +| jca/IVArtifact.java:132:44:132:62 | PaddingAlgorithm | +| jca/IVArtifact.java:134:42:134:44 | Key | +| jca/IVArtifact.java:134:47:134:50 | Nonce | +| jca/IVArtifact.java:135:16:135:40 | EncryptOperation | +| jca/IVArtifact.java:135:16:135:40 | KeyOperationOutput | +| jca/IVArtifact.java:135:31:135:39 | Message | +| jca/IVArtifact.java:153:58:153:66 | HashAlgorithm | +| jca/IVArtifact.java:154:31:154:78 | Digest | +| jca/IVArtifact.java:154:31:154:78 | HashOperation | +| jca/IVArtifact.java:154:45:154:59 | Constant | +| jca/IVArtifact.java:154:45:154:77 | Message | +| jca/IVArtifact.java:156:44:156:62 | KeyOperationAlgorithm | +| jca/IVArtifact.java:156:44:156:62 | ModeOfOperation | +| jca/IVArtifact.java:156:44:156:62 | PaddingAlgorithm | +| jca/IVArtifact.java:158:42:158:44 | Key | +| jca/IVArtifact.java:158:47:158:50 | Nonce | +| jca/IVArtifact.java:159:16:159:40 | EncryptOperation | +| jca/IVArtifact.java:159:16:159:40 | KeyOperationOutput | +| jca/IVArtifact.java:159:31:159:39 | Message | +| jca/IVArtifact.java:177:9:177:40 | RandomNumberGeneration | +| jca/IVArtifact.java:177:38:177:39 | RandomNumberGeneration | +| jca/IVArtifact.java:180:48:180:66 | KeyOperationAlgorithm | +| jca/IVArtifact.java:180:48:180:66 | ModeOfOperation | +| jca/IVArtifact.java:180:48:180:66 | PaddingAlgorithm | +| jca/IVArtifact.java:182:46:182:48 | Key | +| jca/IVArtifact.java:182:51:182:54 | Nonce | +| jca/IVArtifact.java:183:30:183:58 | EncryptOperation | +| jca/IVArtifact.java:183:30:183:58 | KeyOperationOutput | +| jca/IVArtifact.java:183:45:183:57 | Message | +| jca/IVArtifact.java:198:44:198:62 | KeyOperationAlgorithm | +| jca/IVArtifact.java:198:44:198:62 | ModeOfOperation | +| jca/IVArtifact.java:198:44:198:62 | PaddingAlgorithm | +| jca/IVArtifact.java:201:42:201:44 | Key | +| jca/IVArtifact.java:201:47:201:50 | Nonce | +| jca/IVArtifact.java:202:16:202:40 | EncryptOperation | +| jca/IVArtifact.java:202:16:202:40 | KeyOperationOutput | +| jca/IVArtifact.java:202:31:202:39 | Message | +| jca/IVArtifact.java:215:53:215:65 | Parameter | +| jca/IVArtifact.java:215:68:215:83 | Parameter | +| jca/IVArtifact.java:235:60:235:72 | Parameter | +| jca/IVArtifact.java:235:75:235:90 | Parameter | +| jca/IVArtifact.java:253:56:253:60 | KeyOperationAlgorithm | +| jca/IVArtifact.java:254:21:254:23 | Constant | +| jca/IVArtifact.java:255:29:255:44 | Key | +| jca/IVArtifact.java:255:29:255:44 | KeyGeneration | +| jca/IVArtifact.java:256:32:256:47 | Constant | +| jca/IVArtifact.java:275:34:275:46 | Constant | +| jca/IVArtifact.java:275:60:275:72 | Constant | +| jca/IVArtifact.java:275:86:275:100 | Constant | +| jca/KeyAgreementHybridCryptosystem.java:50:47:50:57 | EllipticCurve | +| jca/KeyAgreementHybridCryptosystem.java:51:16:51:36 | Key | +| jca/KeyAgreementHybridCryptosystem.java:51:16:51:36 | KeyGeneration | +| jca/KeyAgreementHybridCryptosystem.java:58:61:58:68 | KeyAgreementAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:59:24:59:26 | Constant | +| jca/KeyAgreementHybridCryptosystem.java:60:16:60:36 | Key | +| jca/KeyAgreementHybridCryptosystem.java:60:16:60:36 | KeyGeneration | +| jca/KeyAgreementHybridCryptosystem.java:68:17:68:26 | Key | +| jca/KeyAgreementHybridCryptosystem.java:69:20:69:28 | Key | +| jca/KeyAgreementHybridCryptosystem.java:70:16:70:34 | KeyAgreementOperation | +| jca/KeyAgreementHybridCryptosystem.java:70:16:70:34 | SharedSecret | +| jca/KeyAgreementHybridCryptosystem.java:78:58:78:66 | HashAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:79:23:79:42 | Digest | +| jca/KeyAgreementHybridCryptosystem.java:79:23:79:42 | HashOperation | +| jca/KeyAgreementHybridCryptosystem.java:79:37:79:41 | Message | +| jca/KeyAgreementHybridCryptosystem.java:104:90:104:95 | KeyAgreementAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | ModeOfOperation | +| jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | PaddingAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:110:9:110:40 | RandomNumberGeneration | +| jca/KeyAgreementHybridCryptosystem.java:110:38:110:39 | RandomNumberGeneration | +| jca/KeyAgreementHybridCryptosystem.java:112:42:112:47 | Key | +| jca/KeyAgreementHybridCryptosystem.java:112:50:112:53 | Nonce | +| jca/KeyAgreementHybridCryptosystem.java:113:29:113:53 | EncryptOperation | +| jca/KeyAgreementHybridCryptosystem.java:113:29:113:53 | KeyOperationOutput | +| jca/KeyAgreementHybridCryptosystem.java:113:44:113:52 | Message | +| jca/KeyAgreementHybridCryptosystem.java:125:95:125:100 | KeyAgreementAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:130:44:130:62 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:130:44:130:62 | ModeOfOperation | +| jca/KeyAgreementHybridCryptosystem.java:130:44:130:62 | PaddingAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:132:42:132:47 | Key | +| jca/KeyAgreementHybridCryptosystem.java:132:50:132:53 | Nonce | +| jca/KeyAgreementHybridCryptosystem.java:133:29:133:53 | EncryptOperation | +| jca/KeyAgreementHybridCryptosystem.java:133:29:133:53 | KeyOperationOutput | +| jca/KeyAgreementHybridCryptosystem.java:133:44:133:52 | Message | +| jca/KeyAgreementHybridCryptosystem.java:149:91:149:98 | KeyAgreementAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:150:33:150:89 | Digest | +| jca/KeyAgreementHybridCryptosystem.java:150:33:150:89 | HashOperation | +| jca/KeyAgreementHybridCryptosystem.java:150:59:150:67 | HashAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:150:77:150:88 | Message | +| jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:155:9:155:43 | RandomNumberGeneration | +| jca/KeyAgreementHybridCryptosystem.java:155:38:155:42 | RandomNumberGeneration | +| jca/KeyAgreementHybridCryptosystem.java:156:42:156:50 | Key | +| jca/KeyAgreementHybridCryptosystem.java:156:53:156:78 | Nonce | +| jca/KeyAgreementHybridCryptosystem.java:157:29:157:53 | EncryptOperation | +| jca/KeyAgreementHybridCryptosystem.java:157:29:157:53 | KeyOperationOutput | +| jca/KeyAgreementHybridCryptosystem.java:157:44:157:52 | Message | +| jca/KeyAgreementHybridCryptosystem.java:169:95:169:102 | KeyAgreementAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:174:44:174:62 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:175:42:175:50 | Key | +| jca/KeyAgreementHybridCryptosystem.java:175:53:175:83 | Nonce | +| jca/KeyAgreementHybridCryptosystem.java:176:29:176:53 | EncryptOperation | +| jca/KeyAgreementHybridCryptosystem.java:176:29:176:53 | KeyOperationOutput | +| jca/KeyAgreementHybridCryptosystem.java:176:44:176:52 | Message | +| jca/KeyAgreementHybridCryptosystem.java:188:58:188:73 | Parameter | +| jca/KeyAgreementHybridCryptosystem.java:212:58:212:70 | Parameter | +| jca/KeyAgreementHybridCryptosystem.java:212:73:212:88 | Parameter | +| jca/KeyAgreementHybridCryptosystem.java:215:42:215:66 | Message | +| jca/KeyAgreementHybridCryptosystem.java:215:69:215:72 | Salt | +| jca/KeyAgreementHybridCryptosystem.java:215:75:215:79 | Constant | +| jca/KeyAgreementHybridCryptosystem.java:215:82:215:84 | Constant | +| jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | HMACAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | HashAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | KeyDerivationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:217:26:217:53 | Key | +| jca/KeyAgreementHybridCryptosystem.java:217:26:217:53 | KeyDerivation | +| jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | ModeOfOperation | +| jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | PaddingAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:225:9:225:40 | RandomNumberGeneration | +| jca/KeyAgreementHybridCryptosystem.java:225:38:225:39 | RandomNumberGeneration | +| jca/KeyAgreementHybridCryptosystem.java:227:42:227:54 | Key | +| jca/KeyAgreementHybridCryptosystem.java:227:57:227:63 | Nonce | +| jca/KeyAgreementHybridCryptosystem.java:228:29:228:53 | EncryptOperation | +| jca/KeyAgreementHybridCryptosystem.java:228:29:228:53 | KeyOperationOutput | +| jca/KeyAgreementHybridCryptosystem.java:228:44:228:52 | Message | +| jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:231:18:231:30 | Key | +| jca/KeyAgreementHybridCryptosystem.java:232:30:232:52 | KeyOperationOutput | +| jca/KeyAgreementHybridCryptosystem.java:232:30:232:52 | MACOperation | +| jca/KeyAgreementHybridCryptosystem.java:232:42:232:51 | Message | +| jca/KeyAgreementHybridCryptosystem.java:259:52:259:56 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:260:17:260:19 | Constant | +| jca/KeyAgreementHybridCryptosystem.java:261:16:261:31 | Key | +| jca/KeyAgreementHybridCryptosystem.java:261:16:261:31 | KeyGeneration | +| jca/KeyAgreementHybridCryptosystem.java:269:9:269:42 | RandomNumberGeneration | +| jca/KeyAgreementHybridCryptosystem.java:269:38:269:41 | RandomNumberGeneration | +| jca/KeyArtifact.java:18:56:18:60 | KeyOperationAlgorithm | +| jca/KeyArtifact.java:19:21:19:23 | Constant | +| jca/KeyArtifact.java:20:31:20:50 | Key | +| jca/KeyArtifact.java:20:31:20:50 | KeyGeneration | +| jca/KeyArtifact.java:23:43:23:47 | KeyOperationAlgorithm | +| jca/KeyArtifact.java:24:21:24:23 | Constant | +| jca/KeyArtifact.java:25:30:25:49 | Key | +| jca/KeyArtifact.java:25:30:25:49 | KeyGeneration | +| jca/KeyArtifact.java:30:68:30:72 | KeyOperationAlgorithm | +| jca/KeyArtifact.java:31:31:31:34 | Constant | +| jca/KeyArtifact.java:32:30:32:57 | Key | +| jca/KeyArtifact.java:32:30:32:57 | KeyGeneration | +| jca/KeyArtifact.java:35:51:35:55 | KeyOperationAlgorithm | +| jca/KeyArtifact.java:36:31:36:34 | Constant | +| jca/KeyArtifact.java:37:29:37:56 | Key | +| jca/KeyArtifact.java:37:29:37:56 | KeyGeneration | +| jca/KeyArtifact.java:41:31:41:33 | Constant | +| jca/KeyArtifact.java:42:26:42:53 | Key | +| jca/KeyArtifact.java:42:26:42:53 | KeyGeneration | +| jca/KeyArtifact.java:62:28:62:73 | LocalData | +| jca/KeyArtifact.java:62:68:62:72 | KeyOperationAlgorithm | +| jca/KeyArtifact.java:65:21:65:23 | Constant | +| jca/KeyArtifact.java:66:32:66:51 | Key | +| jca/KeyArtifact.java:66:32:66:51 | KeyGeneration | +| jca/KeyArtifact.java:72:31:72:34 | Constant | +| jca/KeyArtifact.java:73:16:73:43 | Key | +| jca/KeyArtifact.java:73:16:73:43 | KeyGeneration | +| jca/KeyArtifact.java:78:32:78:36 | KeyOperationAlgorithm | +| jca/KeyArtifact.java:78:45:78:53 | Constant | +| jca/KeyDerivation1.java:78:39:78:53 | Parameter | +| jca/KeyDerivation1.java:80:42:80:63 | Message | +| jca/KeyDerivation1.java:80:66:80:69 | Salt | +| jca/KeyDerivation1.java:80:72:80:76 | Constant | +| jca/KeyDerivation1.java:80:79:80:81 | Constant | +| jca/KeyDerivation1.java:81:65:81:86 | HMACAlgorithm | +| jca/KeyDerivation1.java:81:65:81:86 | HashAlgorithm | +| jca/KeyDerivation1.java:81:65:81:86 | KeyDerivationAlgorithm | +| jca/KeyDerivation1.java:82:22:82:49 | Key | +| jca/KeyDerivation1.java:82:22:82:49 | KeyDerivation | +| jca/KeyDerivation1.java:92:36:92:50 | Parameter | +| jca/KeyDerivation1.java:94:42:94:63 | Message | +| jca/KeyDerivation1.java:94:66:94:69 | Salt | +| jca/KeyDerivation1.java:94:72:94:73 | Constant | +| jca/KeyDerivation1.java:94:76:94:78 | Constant | +| jca/KeyDerivation1.java:95:65:95:86 | HMACAlgorithm | +| jca/KeyDerivation1.java:95:65:95:86 | HashAlgorithm | +| jca/KeyDerivation1.java:95:65:95:86 | KeyDerivationAlgorithm | +| jca/KeyDerivation1.java:96:22:96:49 | Key | +| jca/KeyDerivation1.java:96:22:96:49 | KeyDerivation | +| jca/KeyDerivation1.java:106:37:106:51 | Parameter | +| jca/KeyDerivation1.java:108:42:108:63 | Message | +| jca/KeyDerivation1.java:108:66:108:69 | Salt | +| jca/KeyDerivation1.java:108:72:108:80 | Constant | +| jca/KeyDerivation1.java:108:83:108:85 | Constant | +| jca/KeyDerivation1.java:109:65:109:86 | HMACAlgorithm | +| jca/KeyDerivation1.java:109:65:109:86 | HashAlgorithm | +| jca/KeyDerivation1.java:109:65:109:86 | KeyDerivationAlgorithm | +| jca/KeyDerivation1.java:110:22:110:49 | Key | +| jca/KeyDerivation1.java:110:22:110:49 | KeyDerivation | +| jca/KeyDerivation1.java:120:32:120:46 | Parameter | +| jca/KeyDerivation1.java:122:42:122:63 | Message | +| jca/KeyDerivation1.java:122:66:122:69 | Salt | +| jca/KeyDerivation1.java:122:72:122:76 | Constant | +| jca/KeyDerivation1.java:122:79:122:81 | Constant | +| jca/KeyDerivation1.java:123:65:123:84 | HMACAlgorithm | +| jca/KeyDerivation1.java:123:65:123:84 | HashAlgorithm | +| jca/KeyDerivation1.java:123:65:123:84 | KeyDerivationAlgorithm | +| jca/KeyDerivation1.java:124:22:124:49 | Key | +| jca/KeyDerivation1.java:124:22:124:49 | KeyDerivation | +| jca/KeyDerivation1.java:134:34:134:48 | Parameter | +| jca/KeyDerivation1.java:136:42:136:63 | Message | +| jca/KeyDerivation1.java:136:66:136:69 | Salt | +| jca/KeyDerivation1.java:136:72:136:77 | Constant | +| jca/KeyDerivation1.java:136:80:136:82 | Constant | +| jca/KeyDerivation1.java:137:65:137:86 | HMACAlgorithm | +| jca/KeyDerivation1.java:137:65:137:86 | HashAlgorithm | +| jca/KeyDerivation1.java:137:65:137:86 | KeyDerivationAlgorithm | +| jca/KeyDerivation1.java:138:22:138:49 | Key | +| jca/KeyDerivation1.java:138:22:138:49 | KeyDerivation | +| jca/KeyDerivation1.java:154:28:154:42 | Parameter | +| jca/KeyDerivation1.java:157:42:157:63 | Message | +| jca/KeyDerivation1.java:157:66:157:69 | Salt | +| jca/KeyDerivation1.java:157:72:157:75 | Constant | +| jca/KeyDerivation1.java:157:78:157:80 | Constant | +| jca/KeyDerivation1.java:158:65:158:72 | Constant | +| jca/KeyDerivation1.java:159:22:159:49 | Key | +| jca/KeyDerivation1.java:159:22:159:49 | KeyDerivation | +| jca/KeyDerivation1.java:169:30:169:44 | Parameter | +| jca/KeyDerivation1.java:172:42:172:63 | Message | +| jca/KeyDerivation1.java:172:66:172:69 | Salt | +| jca/KeyDerivation1.java:172:72:172:76 | Constant | +| jca/KeyDerivation1.java:172:79:172:81 | Constant | +| jca/KeyDerivation1.java:173:65:173:72 | Constant | +| jca/KeyDerivation1.java:174:22:174:49 | Key | +| jca/KeyDerivation1.java:174:22:174:49 | KeyDerivation | +| jca/KeyDerivation1.java:242:45:242:56 | Parameter | +| jca/KeyDerivation1.java:243:58:243:66 | HashAlgorithm | +| jca/KeyDerivation1.java:244:29:244:59 | Digest | +| jca/KeyDerivation1.java:244:29:244:59 | HashOperation | +| jca/KeyDerivation1.java:244:43:244:58 | Message | +| jca/KeyDerivation1.java:249:70:249:88 | KeyOperationAlgorithm | +| jca/KeyDerivation1.java:249:70:249:88 | ModeOfOperation | +| jca/KeyDerivation1.java:249:70:249:88 | PaddingAlgorithm | +| jca/KeyDerivation1.java:250:55:250:57 | Key | +| jca/KeyDerivation1.java:251:29:251:74 | EncryptOperation | +| jca/KeyDerivation1.java:251:29:251:74 | KeyOperationOutput | +| jca/KeyDerivation1.java:251:44:251:62 | Constant | +| jca/KeyDerivation1.java:251:44:251:73 | Message | +| jca/KeyDerivation1.java:269:32:269:41 | Parameter | +| jca/KeyDerivation1.java:283:43:283:57 | Parameter | +| jca/KeyDerivation1.java:283:60:283:78 | Parameter | +| jca/KeyDerivation1.java:302:37:302:51 | Parameter | +| jca/KeyDerivation1.java:309:25:309:76 | LocalData | +| jca/KeyDerivation1.java:309:54:309:75 | HMACAlgorithm | +| jca/KeyDerivation1.java:309:54:309:75 | HashAlgorithm | +| jca/KeyDerivation1.java:309:54:309:75 | KeyDerivationAlgorithm | +| jca/KeyDerivation1.java:310:43:310:86 | LocalData | +| jca/KeyDerivation1.java:311:40:311:78 | LocalData | +| jca/KeyDerivation1.java:314:42:314:63 | Message | +| jca/KeyDerivation1.java:314:66:314:69 | Salt | +| jca/KeyDerivation1.java:316:26:316:53 | Key | +| jca/KeyDerivation1.java:316:26:316:53 | KeyDerivation | +| jca/KeyDerivation1.java:333:42:333:63 | Message | +| jca/KeyDerivation1.java:333:66:333:69 | Salt | +| jca/KeyDerivation1.java:333:72:333:76 | Constant | +| jca/KeyDerivation1.java:333:79:333:81 | Constant | +| jca/KeyDerivation1.java:334:65:334:86 | HMACAlgorithm | +| jca/KeyDerivation1.java:334:65:334:86 | HashAlgorithm | +| jca/KeyDerivation1.java:334:65:334:86 | KeyDerivationAlgorithm | +| jca/KeyDerivation1.java:335:16:335:43 | Key | +| jca/KeyDerivation1.java:335:16:335:43 | KeyDerivation | +| jca/KeyDerivation1.java:345:36:345:47 | KeyOperationAlgorithm | +| jca/KeyDerivation1.java:347:19:347:27 | Key | +| jca/KeyDerivation1.java:348:22:348:38 | KeyOperationOutput | +| jca/KeyDerivation1.java:348:22:348:38 | MACOperation | +| jca/KeyDerivation1.java:348:35:348:37 | Message | +| jca/KeyDerivation1.java:352:19:352:54 | Key | +| jca/KeyDerivation1.java:353:22:353:62 | KeyOperationOutput | +| jca/KeyDerivation1.java:353:22:353:62 | MACOperation | +| jca/KeyDerivation1.java:353:35:353:50 | Constant | +| jca/KeyDerivation1.java:353:35:353:61 | Message | +| jca/KeyDerivation1.java:365:9:365:42 | RandomNumberGeneration | +| jca/KeyDerivation1.java:365:38:365:41 | RandomNumberGeneration | +| jca/KeyEncapsulation.java:60:56:60:60 | KeyOperationAlgorithm | +| jca/KeyEncapsulation.java:61:21:61:23 | Constant | +| jca/KeyEncapsulation.java:62:28:62:47 | Key | +| jca/KeyEncapsulation.java:62:28:62:47 | KeyGeneration | +| jca/KeyEncapsulation.java:67:47:67:85 | HashAlgorithm | +| jca/KeyEncapsulation.java:67:47:67:85 | KeyOperationAlgorithm | +| jca/KeyEncapsulation.java:67:47:67:85 | ModeOfOperation | +| jca/KeyEncapsulation.java:67:47:67:85 | PaddingAlgorithm | +| jca/KeyEncapsulation.java:68:45:68:50 | Key | +| jca/KeyEncapsulation.java:69:29:69:66 | EncryptOperation | +| jca/KeyEncapsulation.java:69:29:69:66 | KeyOperationOutput | +| jca/KeyEncapsulation.java:69:47:69:65 | Message | +| jca/KeyEncapsulation.java:73:47:73:65 | KeyOperationAlgorithm | +| jca/KeyEncapsulation.java:73:47:73:65 | ModeOfOperation | +| jca/KeyEncapsulation.java:73:47:73:65 | PaddingAlgorithm | +| jca/KeyEncapsulation.java:75:9:75:40 | RandomNumberGeneration | +| jca/KeyEncapsulation.java:75:38:75:39 | RandomNumberGeneration | +| jca/KeyEncapsulation.java:77:45:77:50 | Key | +| jca/KeyEncapsulation.java:77:53:77:59 | Nonce | +| jca/KeyEncapsulation.java:78:29:78:80 | EncryptOperation | +| jca/KeyEncapsulation.java:78:29:78:80 | KeyOperationOutput | +| jca/KeyEncapsulation.java:78:47:78:68 | Constant | +| jca/KeyEncapsulation.java:78:47:78:79 | Message | +| jca/KeyEncapsulation.java:91:37:91:54 | Parameter | +| jca/KeyEncapsulation.java:91:57:91:73 | Parameter | +| jca/KeyEncapsulation.java:92:47:92:85 | HashAlgorithm | +| jca/KeyEncapsulation.java:92:47:92:85 | KeyOperationAlgorithm | +| jca/KeyEncapsulation.java:92:47:92:85 | ModeOfOperation | +| jca/KeyEncapsulation.java:92:47:92:85 | PaddingAlgorithm | +| jca/KeyEncapsulation.java:93:45:93:51 | Key | +| jca/KeyEncapsulation.java:94:30:94:58 | DecryptOperation | +| jca/KeyEncapsulation.java:94:30:94:58 | KeyOperationOutput | +| jca/KeyEncapsulation.java:94:48:94:57 | Message | +| jca/KeyEncapsulation.java:117:47:117:57 | EllipticCurve | +| jca/KeyEncapsulation.java:118:31:118:51 | Key | +| jca/KeyEncapsulation.java:118:31:118:51 | KeyGeneration | +| jca/KeyEncapsulation.java:121:52:121:57 | KeyAgreementAlgorithm | +| jca/KeyEncapsulation.java:122:17:122:40 | Key | +| jca/KeyEncapsulation.java:123:20:123:24 | Key | +| jca/KeyEncapsulation.java:124:31:124:49 | KeyAgreementOperation | +| jca/KeyEncapsulation.java:124:31:124:49 | SharedSecret | +| jca/KeyEncapsulation.java:133:47:133:65 | KeyOperationAlgorithm | +| jca/KeyEncapsulation.java:133:47:133:65 | ModeOfOperation | +| jca/KeyEncapsulation.java:133:47:133:65 | PaddingAlgorithm | +| jca/KeyEncapsulation.java:135:9:135:40 | RandomNumberGeneration | +| jca/KeyEncapsulation.java:135:38:135:39 | RandomNumberGeneration | +| jca/KeyEncapsulation.java:136:45:136:50 | Key | +| jca/KeyEncapsulation.java:136:53:136:81 | Nonce | +| jca/KeyEncapsulation.java:137:29:137:73 | EncryptOperation | +| jca/KeyEncapsulation.java:137:29:137:73 | KeyOperationOutput | +| jca/KeyEncapsulation.java:137:47:137:61 | Constant | +| jca/KeyEncapsulation.java:137:47:137:72 | Message | +| jca/KeyEncapsulation.java:186:47:186:57 | EllipticCurve | +| jca/KeyEncapsulation.java:187:31:187:51 | Key | +| jca/KeyEncapsulation.java:187:31:187:51 | KeyGeneration | +| jca/KeyEncapsulation.java:188:52:188:57 | KeyAgreementAlgorithm | +| jca/KeyEncapsulation.java:189:17:189:40 | Key | +| jca/KeyEncapsulation.java:190:20:190:34 | Key | +| jca/KeyEncapsulation.java:191:31:191:49 | KeyAgreementOperation | +| jca/KeyEncapsulation.java:191:31:191:49 | SharedSecret | +| jca/KeyEncapsulation.java:207:64:207:68 | KeyOperationAlgorithm | +| jca/KeyEncapsulation.java:208:27:208:30 | Constant | +| jca/KeyEncapsulation.java:209:25:209:48 | Key | +| jca/KeyEncapsulation.java:209:25:209:48 | KeyGeneration | +| jca/KeyEncapsulation.java:214:49:214:59 | EllipticCurve | +| jca/KeyEncapsulation.java:215:24:215:46 | Key | +| jca/KeyEncapsulation.java:215:24:215:46 | KeyGeneration | +| jca/KeyEncapsulation.java:226:31:226:53 | Key | +| jca/KeyEncapsulation.java:226:31:226:53 | KeyGeneration | +| jca/KeyExchange.java:52:63:52:66 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:53:26:53:29 | Constant | +| jca/KeyExchange.java:54:16:54:38 | Key | +| jca/KeyExchange.java:54:16:54:38 | KeyGeneration | +| jca/KeyExchange.java:67:63:67:66 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:69:26:69:28 | Constant | +| jca/KeyExchange.java:70:16:70:38 | Key | +| jca/KeyExchange.java:70:16:70:38 | KeyGeneration | +| jca/KeyExchange.java:83:63:83:66 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:84:26:84:29 | Constant | +| jca/KeyExchange.java:85:16:85:38 | Key | +| jca/KeyExchange.java:85:16:85:38 | KeyGeneration | +| jca/KeyExchange.java:99:52:99:55 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:100:17:100:26 | Key | +| jca/KeyExchange.java:101:20:101:28 | Key | +| jca/KeyExchange.java:102:16:102:34 | KeyAgreementOperation | +| jca/KeyExchange.java:102:16:102:34 | SharedSecret | +| jca/KeyExchange.java:121:49:121:59 | EllipticCurve | +| jca/KeyExchange.java:122:16:122:38 | Key | +| jca/KeyExchange.java:122:16:122:38 | KeyGeneration | +| jca/KeyExchange.java:136:52:136:57 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:137:17:137:26 | Key | +| jca/KeyExchange.java:138:20:138:28 | Key | +| jca/KeyExchange.java:139:16:139:34 | KeyAgreementOperation | +| jca/KeyExchange.java:139:16:139:34 | SharedSecret | +| jca/KeyExchange.java:156:61:156:68 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:158:24:158:26 | Constant | +| jca/KeyExchange.java:159:16:159:36 | Key | +| jca/KeyExchange.java:159:16:159:36 | KeyGeneration | +| jca/KeyExchange.java:173:52:173:59 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:174:17:174:26 | Key | +| jca/KeyExchange.java:175:20:175:28 | Key | +| jca/KeyExchange.java:176:16:176:34 | KeyAgreementOperation | +| jca/KeyExchange.java:176:16:176:34 | SharedSecret | +| jca/KeyExchange.java:193:61:193:66 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:195:24:195:26 | Constant | +| jca/KeyExchange.java:196:16:196:36 | Key | +| jca/KeyExchange.java:196:16:196:36 | KeyGeneration | +| jca/KeyExchange.java:210:52:210:57 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:211:17:211:26 | Key | +| jca/KeyExchange.java:212:20:212:28 | Key | +| jca/KeyExchange.java:213:16:213:34 | KeyAgreementOperation | +| jca/KeyExchange.java:213:16:213:34 | SharedSecret | +| jca/MACOperation.java:59:36:59:49 | Parameter | +| jca/MACOperation.java:59:52:59:61 | Parameter | +| jca/MACOperation.java:60:35:60:46 | KeyOperationAlgorithm | +| jca/MACOperation.java:62:18:62:26 | Key | +| jca/MACOperation.java:63:16:63:46 | KeyOperationOutput | +| jca/MACOperation.java:63:16:63:46 | MACOperation | +| jca/MACOperation.java:63:28:63:45 | Message | +| jca/MACOperation.java:70:34:70:47 | Parameter | +| jca/MACOperation.java:70:50:70:59 | Parameter | +| jca/MACOperation.java:71:35:71:48 | KeyOperationAlgorithm | +| jca/MACOperation.java:73:18:73:26 | Key | +| jca/MACOperation.java:74:16:74:46 | KeyOperationOutput | +| jca/MACOperation.java:74:16:74:46 | MACOperation | +| jca/MACOperation.java:74:28:74:45 | Message | +| jca/MACOperation.java:81:34:81:47 | Parameter | +| jca/MACOperation.java:81:50:81:59 | Parameter | +| jca/MACOperation.java:82:35:82:44 | KeyOperationAlgorithm | +| jca/MACOperation.java:84:18:84:26 | Key | +| jca/MACOperation.java:85:16:85:46 | KeyOperationOutput | +| jca/MACOperation.java:85:16:85:46 | MACOperation | +| jca/MACOperation.java:85:28:85:45 | Message | +| jca/MACOperation.java:92:30:92:43 | Parameter | +| jca/MACOperation.java:92:46:92:55 | Parameter | +| jca/MACOperation.java:94:35:94:40 | KeyOperationAlgorithm | +| jca/MACOperation.java:98:18:98:26 | Key | +| jca/MACOperation.java:99:16:99:46 | KeyOperationOutput | +| jca/MACOperation.java:99:16:99:46 | MACOperation | +| jca/MACOperation.java:99:28:99:45 | Message | +| jca/MACOperation.java:106:30:106:43 | Parameter | +| jca/MACOperation.java:106:46:106:55 | Parameter | +| jca/MACOperation.java:107:35:107:43 | Constant | +| jca/MACOperation.java:109:18:109:26 | Key | +| jca/MACOperation.java:110:16:110:46 | KeyOperationOutput | +| jca/MACOperation.java:110:16:110:46 | MACOperation | +| jca/MACOperation.java:110:28:110:45 | Message | +| jca/MACOperation.java:117:36:117:49 | Parameter | +| jca/MACOperation.java:117:52:117:61 | Parameter | +| jca/MACOperation.java:118:35:118:44 | KeyOperationAlgorithm | +| jca/MACOperation.java:120:18:120:26 | Key | +| jca/MACOperation.java:121:16:121:46 | KeyOperationOutput | +| jca/MACOperation.java:121:16:121:46 | MACOperation | +| jca/MACOperation.java:121:28:121:45 | Message | +| jca/MACOperation.java:133:34:133:49 | Parameter | +| jca/MACOperation.java:136:44:136:62 | KeyOperationAlgorithm | +| jca/MACOperation.java:136:44:136:62 | ModeOfOperation | +| jca/MACOperation.java:136:44:136:62 | PaddingAlgorithm | +| jca/MACOperation.java:137:42:137:44 | Key | +| jca/MACOperation.java:138:32:138:74 | EncryptOperation | +| jca/MACOperation.java:138:32:138:74 | KeyOperationOutput | +| jca/MACOperation.java:138:47:138:62 | Constant | +| jca/MACOperation.java:138:47:138:73 | Message | +| jca/MACOperation.java:150:36:150:51 | Parameter | +| jca/MACOperation.java:166:47:166:62 | Parameter | +| jca/MACOperation.java:170:42:170:68 | Message | +| jca/MACOperation.java:170:71:170:74 | Salt | +| jca/MACOperation.java:170:77:170:81 | Constant | +| jca/MACOperation.java:170:84:170:86 | Constant | +| jca/MACOperation.java:171:65:171:86 | HMACAlgorithm | +| jca/MACOperation.java:171:65:171:86 | HashAlgorithm | +| jca/MACOperation.java:171:65:171:86 | KeyDerivationAlgorithm | +| jca/MACOperation.java:172:30:172:57 | Key | +| jca/MACOperation.java:172:30:172:57 | KeyDerivation | +| jca/MACOperation.java:180:44:180:62 | KeyOperationAlgorithm | +| jca/MACOperation.java:180:44:180:62 | ModeOfOperation | +| jca/MACOperation.java:180:44:180:62 | PaddingAlgorithm | +| jca/MACOperation.java:181:42:181:54 | Key | +| jca/MACOperation.java:182:29:182:78 | EncryptOperation | +| jca/MACOperation.java:182:29:182:78 | KeyOperationOutput | +| jca/MACOperation.java:182:44:182:66 | Constant | +| jca/MACOperation.java:182:44:182:77 | Message | +| jca/MACOperation.java:185:35:185:46 | KeyOperationAlgorithm | +| jca/MACOperation.java:186:18:186:30 | Key | +| jca/MACOperation.java:187:30:187:52 | KeyOperationOutput | +| jca/MACOperation.java:187:30:187:52 | MACOperation | +| jca/MACOperation.java:187:42:187:51 | Message | +| jca/MACOperation.java:216:44:216:62 | KeyOperationAlgorithm | +| jca/MACOperation.java:216:44:216:62 | ModeOfOperation | +| jca/MACOperation.java:216:44:216:62 | PaddingAlgorithm | +| jca/MACOperation.java:218:42:218:44 | Key | +| jca/MACOperation.java:219:32:219:51 | EncryptOperation | +| jca/MACOperation.java:219:32:219:51 | KeyOperationOutput | +| jca/MACOperation.java:219:47:219:50 | Message | +| jca/MACOperation.java:232:56:232:60 | KeyOperationAlgorithm | +| jca/MACOperation.java:233:21:233:23 | Constant | +| jca/MACOperation.java:234:16:234:35 | Key | +| jca/MACOperation.java:234:16:234:35 | KeyGeneration | +| jca/MACOperation.java:246:9:246:42 | RandomNumberGeneration | +| jca/MACOperation.java:246:38:246:41 | RandomNumberGeneration | +| jca/Nonce.java:24:35:24:46 | KeyOperationAlgorithm | +| jca/Nonce.java:25:18:25:20 | Key | +| jca/Nonce.java:27:28:27:69 | KeyOperationOutput | +| jca/Nonce.java:27:28:27:69 | MACOperation | +| jca/Nonce.java:27:40:27:57 | Constant | +| jca/Nonce.java:27:40:27:68 | Message | +| jca/Nonce.java:37:35:37:46 | KeyOperationAlgorithm | +| jca/Nonce.java:38:18:38:20 | Key | +| jca/Nonce.java:40:28:40:67 | KeyOperationOutput | +| jca/Nonce.java:40:28:40:67 | MACOperation | +| jca/Nonce.java:40:40:40:55 | Constant | +| jca/Nonce.java:40:40:40:66 | Message | +| jca/Nonce.java:47:39:47:51 | Parameter | +| jca/Nonce.java:47:54:47:69 | Parameter | +| jca/Nonce.java:50:44:50:62 | KeyOperationAlgorithm | +| jca/Nonce.java:50:44:50:62 | ModeOfOperation | +| jca/Nonce.java:50:44:50:62 | PaddingAlgorithm | +| jca/Nonce.java:51:42:51:44 | Key | +| jca/Nonce.java:51:47:51:53 | Nonce | +| jca/Nonce.java:52:29:52:53 | EncryptOperation | +| jca/Nonce.java:52:29:52:53 | KeyOperationOutput | +| jca/Nonce.java:52:44:52:52 | Message | +| jca/Nonce.java:58:37:58:49 | Parameter | +| jca/Nonce.java:58:52:58:67 | Parameter | +| jca/Nonce.java:61:44:61:62 | KeyOperationAlgorithm | +| jca/Nonce.java:61:44:61:62 | ModeOfOperation | +| jca/Nonce.java:61:44:61:62 | PaddingAlgorithm | +| jca/Nonce.java:62:42:62:44 | Key | +| jca/Nonce.java:62:47:62:53 | Nonce | +| jca/Nonce.java:63:29:63:53 | EncryptOperation | +| jca/Nonce.java:63:29:63:53 | KeyOperationOutput | +| jca/Nonce.java:63:44:63:52 | Message | +| jca/Nonce.java:70:53:70:64 | KeyOperationAlgorithm | +| jca/Nonce.java:78:18:78:20 | Key | +| jca/Nonce.java:80:28:80:67 | KeyOperationOutput | +| jca/Nonce.java:80:28:80:67 | MACOperation | +| jca/Nonce.java:80:40:80:55 | Constant | +| jca/Nonce.java:80:40:80:66 | Message | +| jca/Nonce.java:92:56:92:67 | Constant | +| jca/Nonce.java:93:16:93:35 | Key | +| jca/Nonce.java:93:16:93:35 | KeyGeneration | +| jca/Nonce.java:98:9:98:43 | RandomNumberGeneration | +| jca/Nonce.java:98:38:98:42 | RandomNumberGeneration | +| jca/Nonce.java:112:16:112:33 | Constant | +| jca/PrngTest.java:152:56:152:60 | KeyOperationAlgorithm | +| jca/PrngTest.java:153:21:153:23 | Constant | +| jca/PrngTest.java:154:16:154:35 | Key | +| jca/PrngTest.java:154:16:154:35 | KeyGeneration | +| jca/SignEncryptCombinations.java:52:49:52:59 | EllipticCurve | +| jca/SignEncryptCombinations.java:53:16:53:38 | Key | +| jca/SignEncryptCombinations.java:53:16:53:38 | KeyGeneration | +| jca/SignEncryptCombinations.java:61:53:61:69 | HashAlgorithm | +| jca/SignEncryptCombinations.java:61:53:61:69 | KeyOperationAlgorithm | +| jca/SignEncryptCombinations.java:62:28:62:34 | Key | +| jca/SignEncryptCombinations.java:63:26:63:29 | Message | +| jca/SignEncryptCombinations.java:64:16:64:31 | SignOperation | +| jca/SignEncryptCombinations.java:64:16:64:31 | SignatureOutput | +| jca/SignEncryptCombinations.java:68:53:68:69 | HashAlgorithm | +| jca/SignEncryptCombinations.java:68:53:68:69 | KeyOperationAlgorithm | +| jca/SignEncryptCombinations.java:69:30:69:35 | Key | +| jca/SignEncryptCombinations.java:70:26:70:29 | Message | +| jca/SignEncryptCombinations.java:71:16:71:47 | VerifyOperation | +| jca/SignEncryptCombinations.java:71:33:71:46 | SignatureInput | +| jca/SignEncryptCombinations.java:82:52:82:56 | KeyOperationAlgorithm | +| jca/SignEncryptCombinations.java:83:17:83:19 | Constant | +| jca/SignEncryptCombinations.java:84:16:84:31 | Key | +| jca/SignEncryptCombinations.java:84:16:84:31 | KeyGeneration | +| jca/SignEncryptCombinations.java:92:44:92:62 | KeyOperationAlgorithm | +| jca/SignEncryptCombinations.java:92:44:92:62 | ModeOfOperation | +| jca/SignEncryptCombinations.java:92:44:92:62 | PaddingAlgorithm | +| jca/SignEncryptCombinations.java:94:9:94:28 | RandomNumberGeneration | +| jca/SignEncryptCombinations.java:94:26:94:27 | RandomNumberGeneration | +| jca/SignEncryptCombinations.java:96:42:96:44 | Key | +| jca/SignEncryptCombinations.java:96:47:96:50 | Nonce | +| jca/SignEncryptCombinations.java:97:29:97:53 | EncryptOperation | +| jca/SignEncryptCombinations.java:97:29:97:53 | KeyOperationOutput | +| jca/SignEncryptCombinations.java:97:44:97:52 | Message | +| jca/SignEncryptCombinations.java:111:44:111:62 | KeyOperationAlgorithm | +| jca/SignEncryptCombinations.java:111:44:111:62 | ModeOfOperation | +| jca/SignEncryptCombinations.java:111:44:111:62 | PaddingAlgorithm | +| jca/SignEncryptCombinations.java:112:42:112:44 | Key | +| jca/SignEncryptCombinations.java:112:47:112:75 | Nonce | +| jca/SignEncryptCombinations.java:113:16:113:41 | DecryptOperation | +| jca/SignEncryptCombinations.java:113:16:113:41 | KeyOperationOutput | +| jca/SignEncryptCombinations.java:113:31:113:40 | Message | +| jca/SignEncryptCombinations.java:121:35:121:46 | KeyOperationAlgorithm | +| jca/SignEncryptCombinations.java:122:18:122:20 | Key | +| jca/SignEncryptCombinations.java:123:16:123:32 | KeyOperationOutput | +| jca/SignEncryptCombinations.java:123:16:123:32 | MACOperation | +| jca/SignEncryptCombinations.java:123:28:123:31 | Message | +| jca/SignEncryptCombinations.java:335:26:335:47 | Constant | +| jca/SignatureOperation.java:52:61:52:65 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:53:24:53:27 | Constant | +| jca/SignatureOperation.java:54:16:54:36 | Key | +| jca/SignatureOperation.java:54:16:54:36 | KeyGeneration | +| jca/SignatureOperation.java:63:53:63:74 | HashAlgorithm | +| jca/SignatureOperation.java:63:53:63:74 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:64:28:64:37 | Key | +| jca/SignatureOperation.java:65:26:65:29 | Message | +| jca/SignatureOperation.java:66:16:66:31 | SignOperation | +| jca/SignatureOperation.java:66:16:66:31 | SignatureOutput | +| jca/SignatureOperation.java:75:53:75:74 | HashAlgorithm | +| jca/SignatureOperation.java:75:53:75:74 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:76:30:76:38 | Key | +| jca/SignatureOperation.java:77:26:77:29 | Message | +| jca/SignatureOperation.java:78:16:78:41 | VerifyOperation | +| jca/SignatureOperation.java:78:33:78:40 | SignatureInput | +| jca/SignatureOperation.java:93:49:93:59 | EllipticCurve | +| jca/SignatureOperation.java:94:16:94:38 | Key | +| jca/SignatureOperation.java:94:16:94:38 | KeyGeneration | +| jca/SignatureOperation.java:103:53:103:69 | HashAlgorithm | +| jca/SignatureOperation.java:103:53:103:69 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:104:28:104:37 | Key | +| jca/SignatureOperation.java:105:26:105:29 | Message | +| jca/SignatureOperation.java:106:16:106:31 | SignOperation | +| jca/SignatureOperation.java:106:16:106:31 | SignatureOutput | +| jca/SignatureOperation.java:115:53:115:69 | HashAlgorithm | +| jca/SignatureOperation.java:115:53:115:69 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:116:30:116:38 | Key | +| jca/SignatureOperation.java:117:26:117:29 | Message | +| jca/SignatureOperation.java:118:16:118:41 | VerifyOperation | +| jca/SignatureOperation.java:118:33:118:40 | SignatureInput | +| jca/SignatureOperation.java:132:61:132:69 | Constant | +| jca/SignatureOperation.java:133:16:133:36 | Key | +| jca/SignatureOperation.java:133:16:133:36 | KeyGeneration | +| jca/SignatureOperation.java:142:53:142:61 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:143:28:143:37 | Key | +| jca/SignatureOperation.java:144:26:144:29 | Message | +| jca/SignatureOperation.java:145:16:145:31 | SignOperation | +| jca/SignatureOperation.java:145:16:145:31 | SignatureOutput | +| jca/SignatureOperation.java:154:53:154:61 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:155:30:155:38 | Key | +| jca/SignatureOperation.java:156:26:156:29 | Message | +| jca/SignatureOperation.java:157:16:157:41 | VerifyOperation | +| jca/SignatureOperation.java:157:33:157:40 | SignatureInput | +| jca/SignatureOperation.java:173:61:173:65 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:174:24:174:27 | Constant | +| jca/SignatureOperation.java:175:16:175:36 | Key | +| jca/SignatureOperation.java:175:16:175:36 | KeyGeneration | +| jca/SignatureOperation.java:185:53:185:65 | HashAlgorithm | +| jca/SignatureOperation.java:185:53:185:65 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:186:28:186:37 | Key | +| jca/SignatureOperation.java:187:26:187:29 | Message | +| jca/SignatureOperation.java:188:16:188:31 | SignOperation | +| jca/SignatureOperation.java:188:16:188:31 | SignatureOutput | +| jca/SignatureOperation.java:198:53:198:65 | HashAlgorithm | +| jca/SignatureOperation.java:198:53:198:65 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:199:30:199:38 | Key | +| jca/SignatureOperation.java:200:26:200:29 | Message | +| jca/SignatureOperation.java:201:16:201:41 | VerifyOperation | +| jca/SignatureOperation.java:201:33:201:40 | SignatureInput | +| jca/SignatureOperation.java:231:26:231:44 | Constant | +| jca/SignatureOperation.java:236:27:236:30 | Constant | +| jca/SignatureOperation.java:266:47:266:68 | HashAlgorithm | +| jca/SignatureOperation.java:266:47:266:68 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:269:47:269:63 | HashAlgorithm | +| jca/SignatureOperation.java:269:47:269:63 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:272:47:272:55 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:275:47:275:59 | HashAlgorithm | +| jca/SignatureOperation.java:275:47:275:59 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:279:47:279:68 | HashAlgorithm | +| jca/SignatureOperation.java:279:47:279:68 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:282:26:282:49 | Constant | +| jca/SignatureOperation.java:283:28:283:42 | Key | +| jca/SignatureOperation.java:284:26:284:32 | Message | +| jca/SignatureOperation.java:285:27:285:42 | SignOperation | +| jca/SignatureOperation.java:285:27:285:42 | SignatureOutput | +| jca/SignatureOperation.java:287:30:287:43 | Key | +| jca/SignatureOperation.java:288:26:288:32 | Message | +| jca/SignatureOperation.java:289:28:289:53 | VerifyOperation | +| jca/SignatureOperation.java:289:45:289:52 | SignatureInput | +| jca/SignatureOperation.java:311:26:311:49 | Constant | +| jca/SymmetricAlgorithm.java:51:44:51:62 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:51:44:51:62 | ModeOfOperation | +| jca/SymmetricAlgorithm.java:51:44:51:62 | PaddingAlgorithm | +| jca/SymmetricAlgorithm.java:53:9:53:40 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:53:38:53:39 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:55:42:55:44 | Key | +| jca/SymmetricAlgorithm.java:55:47:55:50 | Nonce | +| jca/SymmetricAlgorithm.java:56:29:56:53 | EncryptOperation | +| jca/SymmetricAlgorithm.java:56:29:56:53 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:56:44:56:52 | Message | +| jca/SymmetricAlgorithm.java:72:39:72:51 | Parameter | +| jca/SymmetricAlgorithm.java:72:54:72:69 | Parameter | +| jca/SymmetricAlgorithm.java:73:44:73:62 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:73:44:73:62 | ModeOfOperation | +| jca/SymmetricAlgorithm.java:73:44:73:62 | PaddingAlgorithm | +| jca/SymmetricAlgorithm.java:76:42:76:44 | Key | +| jca/SymmetricAlgorithm.java:76:47:76:50 | Nonce | +| jca/SymmetricAlgorithm.java:77:29:77:53 | EncryptOperation | +| jca/SymmetricAlgorithm.java:77:29:77:53 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:77:44:77:52 | Message | +| jca/SymmetricAlgorithm.java:94:44:94:65 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:94:44:94:65 | ModeOfOperation | +| jca/SymmetricAlgorithm.java:94:44:94:65 | PaddingAlgorithm | +| jca/SymmetricAlgorithm.java:96:9:96:40 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:96:38:96:39 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:98:42:98:44 | Key | +| jca/SymmetricAlgorithm.java:98:47:98:52 | Nonce | +| jca/SymmetricAlgorithm.java:99:29:99:53 | EncryptOperation | +| jca/SymmetricAlgorithm.java:99:29:99:53 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:99:44:99:52 | Message | +| jca/SymmetricAlgorithm.java:116:44:116:65 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:116:44:116:65 | ModeOfOperation | +| jca/SymmetricAlgorithm.java:116:44:116:65 | PaddingAlgorithm | +| jca/SymmetricAlgorithm.java:117:42:117:44 | Key | +| jca/SymmetricAlgorithm.java:118:16:118:40 | EncryptOperation | +| jca/SymmetricAlgorithm.java:118:16:118:40 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:118:31:118:39 | Message | +| jca/SymmetricAlgorithm.java:131:44:131:48 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:132:42:132:44 | Key | +| jca/SymmetricAlgorithm.java:133:16:133:40 | EncryptOperation | +| jca/SymmetricAlgorithm.java:133:16:133:40 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:133:31:133:39 | Message | +| jca/SymmetricAlgorithm.java:145:36:145:48 | Parameter | +| jca/SymmetricAlgorithm.java:145:51:145:66 | Parameter | +| jca/SymmetricAlgorithm.java:146:44:146:65 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:146:44:146:65 | ModeOfOperation | +| jca/SymmetricAlgorithm.java:146:44:146:65 | PaddingAlgorithm | +| jca/SymmetricAlgorithm.java:148:9:148:40 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:148:38:148:39 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:150:42:150:44 | Key | +| jca/SymmetricAlgorithm.java:150:47:150:52 | Nonce | +| jca/SymmetricAlgorithm.java:151:29:151:53 | EncryptOperation | +| jca/SymmetricAlgorithm.java:151:29:151:53 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:151:44:151:52 | Message | +| jca/SymmetricAlgorithm.java:167:42:167:54 | Parameter | +| jca/SymmetricAlgorithm.java:167:57:167:72 | Parameter | +| jca/SymmetricAlgorithm.java:168:44:168:68 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:168:44:168:68 | ModeOfOperation | +| jca/SymmetricAlgorithm.java:168:44:168:68 | PaddingAlgorithm | +| jca/SymmetricAlgorithm.java:170:9:170:40 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:170:38:170:39 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:172:42:172:44 | Key | +| jca/SymmetricAlgorithm.java:172:47:172:52 | Nonce | +| jca/SymmetricAlgorithm.java:173:29:173:53 | EncryptOperation | +| jca/SymmetricAlgorithm.java:173:29:173:53 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:173:44:173:52 | Message | +| jca/SymmetricAlgorithm.java:190:44:190:53 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:192:9:192:43 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:192:38:192:42 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:194:42:194:44 | Key | +| jca/SymmetricAlgorithm.java:194:47:194:72 | Nonce | +| jca/SymmetricAlgorithm.java:195:29:195:53 | EncryptOperation | +| jca/SymmetricAlgorithm.java:195:29:195:53 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:195:44:195:52 | Message | +| jca/SymmetricAlgorithm.java:212:35:212:47 | Parameter | +| jca/SymmetricAlgorithm.java:212:50:212:65 | Parameter | +| jca/SymmetricAlgorithm.java:213:36:213:44 | Constant | +| jca/SymmetricAlgorithm.java:214:19:214:21 | Key | +| jca/SymmetricAlgorithm.java:215:29:215:51 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:215:29:215:51 | MACOperation | +| jca/SymmetricAlgorithm.java:215:42:215:50 | Message | +| jca/SymmetricAlgorithm.java:218:44:218:62 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:218:44:218:62 | ModeOfOperation | +| jca/SymmetricAlgorithm.java:218:44:218:62 | PaddingAlgorithm | +| jca/SymmetricAlgorithm.java:220:9:220:40 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:220:38:220:39 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:222:42:222:51 | Key | +| jca/SymmetricAlgorithm.java:222:54:222:57 | Nonce | +| jca/SymmetricAlgorithm.java:223:29:223:53 | EncryptOperation | +| jca/SymmetricAlgorithm.java:223:29:223:53 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:223:44:223:52 | Message | +| jca/SymmetricAlgorithm.java:244:64:244:76 | Parameter | +| jca/SymmetricAlgorithm.java:244:79:244:94 | Parameter | +| jca/SymmetricAlgorithm.java:284:58:284:70 | Parameter | +| jca/SymmetricAlgorithm.java:284:73:284:88 | Parameter | +| jca/SymmetricAlgorithm.java:287:42:287:66 | Message | +| jca/SymmetricAlgorithm.java:287:69:287:72 | Salt | +| jca/SymmetricAlgorithm.java:287:75:287:79 | Constant | +| jca/SymmetricAlgorithm.java:287:82:287:84 | Constant | +| jca/SymmetricAlgorithm.java:288:65:288:86 | HMACAlgorithm | +| jca/SymmetricAlgorithm.java:288:65:288:86 | HashAlgorithm | +| jca/SymmetricAlgorithm.java:288:65:288:86 | KeyDerivationAlgorithm | +| jca/SymmetricAlgorithm.java:289:26:289:53 | Key | +| jca/SymmetricAlgorithm.java:289:26:289:53 | KeyDerivation | +| jca/SymmetricAlgorithm.java:295:44:295:62 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:295:44:295:62 | ModeOfOperation | +| jca/SymmetricAlgorithm.java:295:44:295:62 | PaddingAlgorithm | +| jca/SymmetricAlgorithm.java:297:9:297:40 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:297:38:297:39 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:298:42:298:47 | Key | +| jca/SymmetricAlgorithm.java:298:50:298:78 | Nonce | +| jca/SymmetricAlgorithm.java:299:29:299:53 | EncryptOperation | +| jca/SymmetricAlgorithm.java:299:29:299:53 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:299:44:299:52 | Message | +| jca/SymmetricAlgorithm.java:301:35:301:46 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:302:18:302:30 | Key | +| jca/SymmetricAlgorithm.java:303:30:303:52 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:303:30:303:52 | MACOperation | +| jca/SymmetricAlgorithm.java:303:42:303:51 | Message | +| jca/SymmetricAlgorithm.java:331:52:331:56 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:332:17:332:19 | Constant | +| jca/SymmetricAlgorithm.java:333:16:333:31 | Key | +| jca/SymmetricAlgorithm.java:333:16:333:31 | KeyGeneration | +| jca/SymmetricAlgorithm.java:345:9:345:42 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:345:38:345:41 | RandomNumberGeneration | +| jca/SymmetricModesTest.java:48:52:48:56 | KeyOperationAlgorithm | +| jca/SymmetricModesTest.java:49:17:49:19 | Constant | +| jca/SymmetricModesTest.java:50:33:50:48 | Key | +| jca/SymmetricModesTest.java:50:33:50:48 | KeyGeneration | +| jca/SymmetricModesTest.java:53:17:53:19 | Constant | +| jca/SymmetricModesTest.java:54:31:54:46 | Key | +| jca/SymmetricModesTest.java:54:31:54:46 | KeyGeneration | +| jca/SymmetricModesTest.java:57:44:57:62 | KeyOperationAlgorithm | +| jca/SymmetricModesTest.java:57:44:57:62 | ModeOfOperation | +| jca/SymmetricModesTest.java:57:44:57:62 | PaddingAlgorithm | +| jca/SymmetricModesTest.java:58:39:58:49 | Key | +| jca/SymmetricModesTest.java:59:29:59:50 | KeyOperationOutput | +| jca/SymmetricModesTest.java:59:29:59:50 | WrapOperation | +| jca/SymmetricModesTest.java:59:41:59:49 | Message | +| jca/SymmetricModesTest.java:78:43:78:55 | Parameter | +| jca/SymmetricModesTest.java:78:58:78:73 | Parameter | +| jca/SymmetricModesTest.java:79:44:79:63 | KeyOperationAlgorithm | +| jca/SymmetricModesTest.java:79:44:79:63 | ModeOfOperation | +| jca/SymmetricModesTest.java:79:44:79:63 | PaddingAlgorithm | +| jca/SymmetricModesTest.java:81:9:81:40 | RandomNumberGeneration | +| jca/SymmetricModesTest.java:81:38:81:39 | RandomNumberGeneration | +| jca/SymmetricModesTest.java:83:42:83:44 | Key | +| jca/SymmetricModesTest.java:83:47:83:52 | Nonce | +| jca/SymmetricModesTest.java:84:29:84:53 | EncryptOperation | +| jca/SymmetricModesTest.java:84:29:84:53 | KeyOperationOutput | +| jca/SymmetricModesTest.java:84:44:84:52 | Message | +| jca/SymmetricModesTest.java:104:45:104:57 | Parameter | +| jca/SymmetricModesTest.java:104:60:104:75 | Parameter | +| jca/SymmetricModesTest.java:105:44:105:63 | KeyOperationAlgorithm | +| jca/SymmetricModesTest.java:105:44:105:63 | ModeOfOperation | +| jca/SymmetricModesTest.java:105:44:105:63 | PaddingAlgorithm | +| jca/SymmetricModesTest.java:109:42:109:44 | Key | +| jca/SymmetricModesTest.java:109:47:109:52 | Nonce | +| jca/SymmetricModesTest.java:110:29:110:53 | EncryptOperation | +| jca/SymmetricModesTest.java:110:29:110:53 | KeyOperationOutput | +| jca/SymmetricModesTest.java:110:44:110:52 | Message | +| jca/SymmetricModesTest.java:127:52:127:56 | KeyOperationAlgorithm | +| jca/SymmetricModesTest.java:128:17:128:19 | Constant | +| jca/SymmetricModesTest.java:129:16:129:31 | Key | +| jca/SymmetricModesTest.java:129:16:129:31 | KeyGeneration | +| jca/UniversalFlowTest.java:19:28:19:32 | KeyOperationAlgorithm | +| jca/UniversalFlowTest.java:26:21:26:23 | Constant | +| jca/UniversalFlowTest.java:27:25:27:44 | Key | +| jca/UniversalFlowTest.java:27:25:27:44 | KeyGeneration | +| jca/UniversalFlowTest.java:28:29:28:47 | KeyOperationAlgorithm | +| jca/UniversalFlowTest.java:28:29:28:47 | ModeOfOperation | +| jca/UniversalFlowTest.java:28:29:28:47 | PaddingAlgorithm | +| jca/UniversalFlowTest.java:31:9:31:40 | RandomNumberGeneration | +| jca/UniversalFlowTest.java:31:38:31:39 | RandomNumberGeneration | +| jca/UniversalFlowTest.java:33:42:33:44 | Key | +| jca/UniversalFlowTest.java:33:47:33:53 | Nonce | +| jca/UniversalFlowTest.java:34:32:34:74 | EncryptOperation | +| jca/UniversalFlowTest.java:34:32:34:74 | KeyOperationOutput | +| jca/UniversalFlowTest.java:34:47:34:62 | Constant | +| jca/UniversalFlowTest.java:34:47:34:73 | Message | +| jca/UniversalFlowTest.java:46:20:46:24 | KeyOperationAlgorithm | diff --git a/java/ql/test/experimental/library-tests/quantum/nodes.ql b/java/ql/test/experimental/library-tests/quantum/nodes.ql new file mode 100644 index 00000000000..e080ce7297a --- /dev/null +++ b/java/ql/test/experimental/library-tests/quantum/nodes.ql @@ -0,0 +1,5 @@ +import java +import experimental.quantum.Language + +from Crypto::NodeBase n +select n diff --git a/java/ql/test/experimental/query-tests/quantum/NonceReuse/NonceReuse.expected b/java/ql/test/experimental/query-tests/quantum/NonceReuse/NonceReuse.expected new file mode 100644 index 00000000000..38ba6187b59 --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/NonceReuse/NonceReuse.expected @@ -0,0 +1,4 @@ +| Test.java:40:47:40:52 | Nonce | Reuse with nonce $@ | Test.java:49:47:49:52 | Nonce | Nonce | +| Test.java:49:47:49:52 | Nonce | Reuse with nonce $@ | Test.java:40:47:40:52 | Nonce | Nonce | +| Test.java:76:48:76:54 | Nonce | Reuse with nonce $@ | Test.java:82:49:82:55 | Nonce | Nonce | +| Test.java:82:49:82:55 | Nonce | Reuse with nonce $@ | Test.java:76:48:76:54 | Nonce | Nonce | diff --git a/java/ql/test/experimental/query-tests/quantum/NonceReuse/NonceReuse.qlref b/java/ql/test/experimental/query-tests/quantum/NonceReuse/NonceReuse.qlref new file mode 100644 index 00000000000..bfe67a6c2e8 --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/NonceReuse/NonceReuse.qlref @@ -0,0 +1 @@ +experimental/quantum/Analysis/ReusedNonce.ql \ No newline at end of file diff --git a/java/ql/test/experimental/query-tests/quantum/NonceReuse/Test.java b/java/ql/test/experimental/query-tests/quantum/NonceReuse/Test.java new file mode 100644 index 00000000000..1b65e324275 --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/NonceReuse/Test.java @@ -0,0 +1,95 @@ +package com.example.crypto.artifacts; + +import java.security.*; +import javax.crypto.Cipher; +import javax.crypto.KeyGenerator; +import javax.crypto.SecretKey; +import javax.crypto.spec.IvParameterSpec; + +public class Test { + + public static SecretKey generateAESKey() throws Exception { + KeyGenerator keyGen = KeyGenerator.getInstance("AES"); + keyGen.init(256); + return keyGen.generateKey(); + } + + private static byte[] getRandomWrapper1() throws Exception { + byte[] val = new byte[16]; + new SecureRandom().nextBytes(val); + return val; + } + + private static byte[] getRandomWrapper2A() throws Exception { + byte[] val; + val = getRandomWrapper1(); + funcA1(val); + return val; + } + + private static byte[] getRandomWrapper2b() throws Exception { + byte[] val; + val = getRandomWrapper1(); + return val; + } + + private static void funcA1(byte[] iv) throws Exception { + IvParameterSpec ivSpec = new IvParameterSpec(iv); + Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); + SecretKey key = generateAESKey(); + cipher.init(Cipher.ENCRYPT_MODE, key, ivSpec); // BAD: Reuse of `iv` in funcB1 + byte[] ciphertext = cipher.doFinal("Simple Test Data".getBytes()); + } + + private static void funcB1() throws Exception { + byte[] iv = getRandomWrapper2A(); + IvParameterSpec ivSpec = new IvParameterSpec(iv); + Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); + SecretKey key = generateAESKey(); + cipher.init(Cipher.ENCRYPT_MODE, key, ivSpec); // BAD: Reuse of `iv` in funcA1 + byte[] ciphertext = cipher.doFinal("Simple Test Data".getBytes()); + } + + private static void funcA2() throws Exception { + byte[] iv = getRandomWrapper2b(); + IvParameterSpec ivSpec = new IvParameterSpec(iv); + Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); + SecretKey key = generateAESKey(); + cipher.init(Cipher.ENCRYPT_MODE, key, ivSpec); // GOOD + byte[] ciphertext = cipher.doFinal("Simple Test Data".getBytes()); + } + + private static void funcB2() throws Exception { + byte[] iv = getRandomWrapper2b(); + IvParameterSpec ivSpec = new IvParameterSpec(iv); + Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); + SecretKey key = generateAESKey(); + cipher.init(Cipher.ENCRYPT_MODE, key, ivSpec); // GOOD + byte[] ciphertext = cipher.doFinal("Simple Test Data".getBytes()); + } + + private static void funcA3() throws Exception { + byte[] iv = getRandomWrapper2b(); + IvParameterSpec ivSpec1 = new IvParameterSpec(iv); + Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); + SecretKey key1 = generateAESKey(); + cipher.init(Cipher.ENCRYPT_MODE, key1, ivSpec1); // BAD: reuse of `iv` below + byte[] ciphertext = cipher.doFinal("Simple Test Data".getBytes()); + + IvParameterSpec ivSpec2 = new IvParameterSpec(iv); + Cipher cipher2 = Cipher.getInstance("AES/CBC/PKCS5Padding"); + SecretKey key2 = generateAESKey(); + cipher2.init(Cipher.ENCRYPT_MODE, key2, ivSpec2); // BAD: Reuse of `iv` above + byte[] ciphertext2 = cipher2.doFinal("Simple Test Data".getBytes()); + } + + public static void main(String[] args) { + try { + funcA2(); + funcB1(); + funcB2(); + } catch (Exception e) { + e.printStackTrace(); + } + } +} diff --git a/java/ql/test/library-tests/dataflow/entrypoint-types/EntryPointTypesTest.java b/java/ql/test/library-tests/dataflow/entrypoint-types/EntryPointTypesTest.java index 983cb72ffb2..52d26974373 100644 --- a/java/ql/test/library-tests/dataflow/entrypoint-types/EntryPointTypesTest.java +++ b/java/ql/test/library-tests/dataflow/entrypoint-types/EntryPointTypesTest.java @@ -41,6 +41,10 @@ public class EntryPointTypesTest { public String safeField; } + static class ArrayElemObject { + public String field; + } + private static void sink(String sink) {} public static void test(TestObject source) { @@ -70,4 +74,8 @@ public class EntryPointTypesTest { UnrelatedObject unrelated = (UnrelatedObject) subtypeSource.getField8(); sink(unrelated.safeField); // Safe } + + public static void testArray(ArrayElemObject[] source) { + sink(source[0].field); // $hasTaintFlow + } } diff --git a/java/ql/test/query-tests/StartInConstructor/Test.java b/java/ql/test/query-tests/StartInConstructor/Test.java index 4c5a57d8b4b..ae8148af787 100644 --- a/java/ql/test/query-tests/StartInConstructor/Test.java +++ b/java/ql/test/query-tests/StartInConstructor/Test.java @@ -30,4 +30,18 @@ public class Test { } } -} \ No newline at end of file + + public static class AllPrivateConstructors { + Thread myThread; + + private AllPrivateConstructors() { + myThread = new Thread("myThread"); + // OK - class cannot be extended outside this file, and is not in fact extended + myThread.start(); + } + + public static AllPrivateConstructors create() { + return new AllPrivateConstructors(); + } + } +} diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index 74ccf251956..da942ea28a8 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-all -version: 2.6.12 +version: 2.6.13-dev groups: javascript dbscheme: semmlecode.javascript.dbscheme extractor: javascript diff --git a/javascript/ql/lib/semmle/javascript/ApiGraphs.qll b/javascript/ql/lib/semmle/javascript/ApiGraphs.qll index 850e9224451..1a96e25b3b9 100644 --- a/javascript/ql/lib/semmle/javascript/ApiGraphs.qll +++ b/javascript/ql/lib/semmle/javascript/ApiGraphs.qll @@ -1324,7 +1324,9 @@ module API { exists(DataFlow::TypeTracker t, StepSummary summary, DataFlow::SourceNode prev | prev = trackUseNode(nd, promisified, boundArgs, prop, t) and StepSummary::step(prev, res, summary) and - result = t.append(summary) + result = t.append(summary) and + // Block argument-passing into 'this' when it determines the call target + not summary = CallReceiverStep() ) } @@ -1381,7 +1383,9 @@ module API { exists(DataFlow::TypeBackTracker t, StepSummary summary, DataFlow::Node next | next = trackDefNode(nd, t) and StepSummary::step(prev, next, summary) and - result = t.prepend(summary) + result = t.prepend(summary) and + // Block argument-passing steps from 'this' back to a receiver when it determines the call target + not summary = CallReceiverStep() ) } diff --git a/javascript/ql/lib/semmle/javascript/dataflow/TypeTracking.qll b/javascript/ql/lib/semmle/javascript/dataflow/TypeTracking.qll index 9e912a336f6..e4c8f162972 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/TypeTracking.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/TypeTracking.qll @@ -65,6 +65,8 @@ class TypeTracker extends TTypeTracker { or step = CallStep() and result = MkTypeTracker(true, prop) or + step = CallReceiverStep() and result = MkTypeTracker(true, prop) + or step = ReturnStep() and hasCall = false and result = this or step = LoadStep(prop) and result = MkTypeTracker(hasCall, "") @@ -238,6 +240,8 @@ class TypeBackTracker extends TTypeBackTracker { or step = CallStep() and hasReturn = false and result = this or + step = CallReceiverStep() and hasReturn = false and result = this + or step = ReturnStep() and result = MkTypeBackTracker(true, prop) or exists(string p | step = LoadStep(p) and prop = "" and result = MkTypeBackTracker(hasReturn, p)) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/StepSummary.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/StepSummary.qll index 2bcd89130a9..fed492074b6 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/StepSummary.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/StepSummary.qll @@ -43,6 +43,7 @@ private module Cached { newtype TStepSummary = LevelStep() or CallStep() or + CallReceiverStep() or ReturnStep() or StoreStep(PropertyName prop) or LoadStep(PropertyName prop) or @@ -101,6 +102,15 @@ private module Cached { ) } + pragma[nomagic] + private predicate isReceiverForMethodDispatch(DataFlow::Node node) { + exists(DataFlow::SourceNode base, DataFlow::CallNode invoke | + node = invoke.getReceiver() and + base = node.getALocalSource() and + invoke.getCalleeNode() = base.getAPropertyRead() + ) + } + /** * INTERNAL: Use `TypeBackTracker.smallstep()` instead. */ @@ -116,7 +126,11 @@ private module Cached { or // Flow into function callStep(pred, succ) and - summary = CallStep() + ( + if isReceiverForMethodDispatch(pred) + then summary = CallReceiverStep() + else summary = CallStep() + ) or // Flow out of function returnStep(pred, succ) and @@ -251,6 +265,8 @@ class StepSummary extends TStepSummary { or this instanceof CallStep and result = "call" or + this instanceof CallReceiverStep and result = "call-receiver" + or this instanceof ReturnStep and result = "return" or exists(string prop | this = StoreStep(prop) | result = "store " + prop) diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml index cafde25bbf9..2581f947629 100644 --- a/javascript/ql/src/qlpack.yml +++ b/javascript/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-queries -version: 2.1.1 +version: 2.1.2-dev groups: - javascript - queries diff --git a/javascript/ql/test/ApiGraphs/explicit-this/VerifyAssertions.expected b/javascript/ql/test/ApiGraphs/explicit-this/VerifyAssertions.expected new file mode 100644 index 00000000000..e69de29bb2d diff --git a/javascript/ql/test/ApiGraphs/explicit-this/VerifyAssertions.ql b/javascript/ql/test/ApiGraphs/explicit-this/VerifyAssertions.ql new file mode 100644 index 00000000000..b9c54e26072 --- /dev/null +++ b/javascript/ql/test/ApiGraphs/explicit-this/VerifyAssertions.ql @@ -0,0 +1 @@ +import ApiGraphs.VerifyAssertions diff --git a/javascript/ql/test/ApiGraphs/explicit-this/package.json b/javascript/ql/test/ApiGraphs/explicit-this/package.json new file mode 100644 index 00000000000..f48acd62360 --- /dev/null +++ b/javascript/ql/test/ApiGraphs/explicit-this/package.json @@ -0,0 +1,6 @@ +{ + "name": "explicit-this", + "dependencies": { + "something": "*" + } +} diff --git a/javascript/ql/test/ApiGraphs/explicit-this/tst.js b/javascript/ql/test/ApiGraphs/explicit-this/tst.js new file mode 100644 index 00000000000..a3f5ecff21e --- /dev/null +++ b/javascript/ql/test/ApiGraphs/explicit-this/tst.js @@ -0,0 +1,7 @@ +const lib = require('something'); + +function f() { + this.two(); /** use=moduleImport("something").getMember("exports").getMember("one").getMember("two").getReturn() */ +} + +f.call(lib.one); diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.anyhow-1.0.99.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.anyhow-1.0.100.bazel similarity index 97% rename from misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.anyhow-1.0.99.bazel rename to misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.anyhow-1.0.100.bazel index cdcb7d554a2..26ed6194b68 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.anyhow-1.0.99.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.anyhow-1.0.100.bazel @@ -96,9 +96,9 @@ rust_library( "@rules_rust//rust/platform:x86_64-unknown-uefi": [], "//conditions:default": ["@platforms//:incompatible"], }), - version = "1.0.99", + version = "1.0.100", deps = [ - "@vendor_ts__anyhow-1.0.99//:build_script_build", + "@vendor_ts__anyhow-1.0.100//:build_script_build", ], ) @@ -154,7 +154,7 @@ cargo_build_script( "noclippy", "norustfmt", ], - version = "1.0.99", + version = "1.0.100", visibility = ["//visibility:private"], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.bazel index 720687fcb84..a5cfeccdcea 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.bazel @@ -32,14 +32,14 @@ filegroup( # Workspace Member Dependencies alias( - name = "anyhow-1.0.99", - actual = "@vendor_ts__anyhow-1.0.99//:anyhow", + name = "anyhow-1.0.100", + actual = "@vendor_ts__anyhow-1.0.100//:anyhow", tags = ["manual"], ) alias( name = "anyhow", - actual = "@vendor_ts__anyhow-1.0.99//:anyhow", + actual = "@vendor_ts__anyhow-1.0.100//:anyhow", tags = ["manual"], ) @@ -80,14 +80,14 @@ alias( ) alias( - name = "clap-4.5.47", - actual = "@vendor_ts__clap-4.5.47//:clap", + name = "clap-4.5.48", + actual = "@vendor_ts__clap-4.5.48//:clap", tags = ["manual"], ) alias( name = "clap", - actual = "@vendor_ts__clap-4.5.47//:clap", + actual = "@vendor_ts__clap-4.5.48//:clap", tags = ["manual"], ) @@ -248,14 +248,14 @@ alias( ) alias( - name = "quote-1.0.40", - actual = "@vendor_ts__quote-1.0.40//:quote", + name = "quote-1.0.41", + actual = "@vendor_ts__quote-1.0.41//:quote", tags = ["manual"], ) alias( name = "quote", - actual = "@vendor_ts__quote-1.0.40//:quote", + actual = "@vendor_ts__quote-1.0.41//:quote", tags = ["manual"], ) @@ -482,50 +482,50 @@ alias( ) alias( - name = "regex-1.11.2", - actual = "@vendor_ts__regex-1.11.2//:regex", + name = "regex-1.11.3", + actual = "@vendor_ts__regex-1.11.3//:regex", tags = ["manual"], ) alias( name = "regex", - actual = "@vendor_ts__regex-1.11.2//:regex", + actual = "@vendor_ts__regex-1.11.3//:regex", tags = ["manual"], ) alias( - name = "serde-1.0.219", - actual = "@vendor_ts__serde-1.0.219//:serde", + name = "serde-1.0.228", + actual = "@vendor_ts__serde-1.0.228//:serde", tags = ["manual"], ) alias( name = "serde", - actual = "@vendor_ts__serde-1.0.219//:serde", + actual = "@vendor_ts__serde-1.0.228//:serde", tags = ["manual"], ) alias( - name = "serde_json-1.0.143", - actual = "@vendor_ts__serde_json-1.0.143//:serde_json", + name = "serde_json-1.0.145", + actual = "@vendor_ts__serde_json-1.0.145//:serde_json", tags = ["manual"], ) alias( name = "serde_json", - actual = "@vendor_ts__serde_json-1.0.143//:serde_json", + actual = "@vendor_ts__serde_json-1.0.145//:serde_json", tags = ["manual"], ) alias( - name = "serde_with-3.14.0", - actual = "@vendor_ts__serde_with-3.14.0//:serde_with", + name = "serde_with-3.14.1", + actual = "@vendor_ts__serde_with-3.14.1//:serde_with", tags = ["manual"], ) alias( name = "serde_with", - actual = "@vendor_ts__serde_with-3.14.0//:serde_with", + actual = "@vendor_ts__serde_with-3.14.1//:serde_with", tags = ["manual"], ) @@ -542,14 +542,14 @@ alias( ) alias( - name = "toml-0.9.5", - actual = "@vendor_ts__toml-0.9.5//:toml", + name = "toml-0.9.7", + actual = "@vendor_ts__toml-0.9.7//:toml", tags = ["manual"], ) alias( name = "toml", - actual = "@vendor_ts__toml-0.9.5//:toml", + actual = "@vendor_ts__toml-0.9.7//:toml", tags = ["manual"], ) @@ -602,14 +602,14 @@ alias( ) alias( - name = "tree-sitter-embedded-template-0.23.2", - actual = "@vendor_ts__tree-sitter-embedded-template-0.23.2//:tree_sitter_embedded_template", + name = "tree-sitter-embedded-template-0.25.0", + actual = "@vendor_ts__tree-sitter-embedded-template-0.25.0//:tree_sitter_embedded_template", tags = ["manual"], ) alias( name = "tree-sitter-embedded-template", - actual = "@vendor_ts__tree-sitter-embedded-template-0.23.2//:tree_sitter_embedded_template", + actual = "@vendor_ts__tree-sitter-embedded-template-0.25.0//:tree_sitter_embedded_template", tags = ["manual"], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.camino-1.1.12.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.camino-1.1.12.bazel index 9a90162b227..8f8a62dbdd8 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.camino-1.1.12.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.camino-1.1.12.bazel @@ -99,7 +99,7 @@ rust_library( version = "1.1.12", deps = [ "@vendor_ts__camino-1.1.12//:build_script_build", - "@vendor_ts__serde-1.0.219//:serde", + "@vendor_ts__serde-1.0.228//:serde", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.cargo-platform-0.2.0.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.cargo-platform-0.2.0.bazel index bde1a5698f5..315a77ded82 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.cargo-platform-0.2.0.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.cargo-platform-0.2.0.bazel @@ -90,6 +90,6 @@ rust_library( }), version = "0.2.0", deps = [ - "@vendor_ts__serde-1.0.219//:serde", + "@vendor_ts__serde-1.0.228//:serde", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.cargo-util-schemas-0.8.2.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.cargo-util-schemas-0.8.2.bazel index d0dfee25c63..f74bdea2fe1 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.cargo-util-schemas-0.8.2.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.cargo-util-schemas-0.8.2.bazel @@ -91,7 +91,7 @@ rust_library( version = "0.8.2", deps = [ "@vendor_ts__semver-1.0.26//:semver", - "@vendor_ts__serde-1.0.219//:serde", + "@vendor_ts__serde-1.0.228//:serde", "@vendor_ts__serde-untagged-0.1.8//:serde_untagged", "@vendor_ts__serde-value-0.7.0//:serde_value", "@vendor_ts__thiserror-2.0.16//:thiserror", diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.cargo_metadata-0.21.0.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.cargo_metadata-0.21.0.bazel index c96de37e116..12ce8fc813d 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.cargo_metadata-0.21.0.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.cargo_metadata-0.21.0.bazel @@ -97,8 +97,8 @@ rust_library( "@vendor_ts__cargo-platform-0.2.0//:cargo_platform", "@vendor_ts__cargo-util-schemas-0.8.2//:cargo_util_schemas", "@vendor_ts__semver-1.0.26//:semver", - "@vendor_ts__serde-1.0.219//:serde", - "@vendor_ts__serde_json-1.0.143//:serde_json", + "@vendor_ts__serde-1.0.228//:serde", + "@vendor_ts__serde_json-1.0.145//:serde_json", "@vendor_ts__thiserror-2.0.16//:thiserror", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.chalk-derive-0.103.0.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.chalk-derive-0.103.0.bazel index 5f533839888..89aadd71e2e 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.chalk-derive-0.103.0.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.chalk-derive-0.103.0.bazel @@ -91,7 +91,7 @@ rust_proc_macro( version = "0.103.0", deps = [ "@vendor_ts__proc-macro2-1.0.101//:proc_macro2", - "@vendor_ts__quote-1.0.40//:quote", + "@vendor_ts__quote-1.0.41//:quote", "@vendor_ts__syn-2.0.106//:syn", "@vendor_ts__synstructure-0.13.2//:synstructure", ], diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.chalk-derive-0.104.0.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.chalk-derive-0.104.0.bazel index cd0251c5806..c5bea0da844 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.chalk-derive-0.104.0.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.chalk-derive-0.104.0.bazel @@ -91,7 +91,7 @@ rust_proc_macro( version = "0.104.0", deps = [ "@vendor_ts__proc-macro2-1.0.101//:proc_macro2", - "@vendor_ts__quote-1.0.40//:quote", + "@vendor_ts__quote-1.0.41//:quote", "@vendor_ts__syn-2.0.106//:syn", "@vendor_ts__synstructure-0.13.2//:synstructure", ], diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.chalk-solve-0.103.0.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.chalk-solve-0.103.0.bazel index 9f0abb9530a..834e4c9b205 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.chalk-solve-0.103.0.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.chalk-solve-0.103.0.bazel @@ -95,7 +95,7 @@ rust_library( deps = [ "@vendor_ts__chalk-ir-0.103.0//:chalk_ir", "@vendor_ts__ena-0.14.3//:ena", - "@vendor_ts__indexmap-2.11.1//:indexmap", + "@vendor_ts__indexmap-2.11.4//:indexmap", "@vendor_ts__itertools-0.12.1//:itertools", "@vendor_ts__petgraph-0.6.5//:petgraph", "@vendor_ts__rustc-hash-1.1.0//:rustc_hash", diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.chrono-0.4.42.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.chrono-0.4.42.bazel index f6c987b4f92..806fa5bd5a5 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.chrono-0.4.42.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.chrono-0.4.42.bazel @@ -106,7 +106,7 @@ rust_library( version = "0.4.42", deps = [ "@vendor_ts__num-traits-0.2.19//:num_traits", - "@vendor_ts__serde-1.0.219//:serde", + "@vendor_ts__serde-1.0.228//:serde", ] + select({ "@rules_rust//rust/platform:aarch64-apple-darwin": [ "@vendor_ts__iana-time-zone-0.1.63//:iana_time_zone", # aarch64-apple-darwin diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.clap-4.5.47.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.clap-4.5.48.bazel similarity index 98% rename from misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.clap-4.5.47.bazel rename to misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.clap-4.5.48.bazel index 6156a05c6ff..c689eac509f 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.clap-4.5.47.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.clap-4.5.48.bazel @@ -101,8 +101,8 @@ rust_library( "@rules_rust//rust/platform:x86_64-unknown-uefi": [], "//conditions:default": ["@platforms//:incompatible"], }), - version = "4.5.47", + version = "4.5.48", deps = [ - "@vendor_ts__clap_builder-4.5.47//:clap_builder", + "@vendor_ts__clap_builder-4.5.48//:clap_builder", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.clap_builder-4.5.47.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.clap_builder-4.5.48.bazel similarity index 99% rename from misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.clap_builder-4.5.47.bazel rename to misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.clap_builder-4.5.48.bazel index 70d56783478..b1d6e28a676 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.clap_builder-4.5.47.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.clap_builder-4.5.48.bazel @@ -96,7 +96,7 @@ rust_library( "@rules_rust//rust/platform:x86_64-unknown-uefi": [], "//conditions:default": ["@platforms//:incompatible"], }), - version = "4.5.47", + version = "4.5.48", deps = [ "@vendor_ts__anstream-0.6.20//:anstream", "@vendor_ts__anstyle-1.0.11//:anstyle", diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.clap_derive-4.5.47.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.clap_derive-4.5.47.bazel index 1f2d042d69d..f4d794c20eb 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.clap_derive-4.5.47.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.clap_derive-4.5.47.bazel @@ -95,7 +95,7 @@ rust_proc_macro( deps = [ "@vendor_ts__heck-0.5.0//:heck", "@vendor_ts__proc-macro2-1.0.101//:proc_macro2", - "@vendor_ts__quote-1.0.40//:quote", + "@vendor_ts__quote-1.0.41//:quote", "@vendor_ts__syn-2.0.106//:syn", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.darling-0.20.11.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.darling-0.21.3.bazel similarity index 96% rename from misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.darling-0.20.11.bazel rename to misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.darling-0.21.3.bazel index 57a23dfb80e..b40385ef20f 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.darling-0.20.11.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.darling-0.21.3.bazel @@ -41,7 +41,7 @@ rust_library( crate_root = "src/lib.rs", edition = "2021", proc_macro_deps = [ - "@vendor_ts__darling_macro-0.20.11//:darling_macro", + "@vendor_ts__darling_macro-0.21.3//:darling_macro", ], rustc_env_files = [ ":cargo_toml_env_vars", @@ -95,8 +95,8 @@ rust_library( "@rules_rust//rust/platform:x86_64-unknown-uefi": [], "//conditions:default": ["@platforms//:incompatible"], }), - version = "0.20.11", + version = "0.21.3", deps = [ - "@vendor_ts__darling_core-0.20.11//:darling_core", + "@vendor_ts__darling_core-0.21.3//:darling_core", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.darling_core-0.20.11.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.darling_core-0.21.3.bazel similarity index 98% rename from misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.darling_core-0.20.11.bazel rename to misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.darling_core-0.21.3.bazel index 8fe1dfc0606..79e5b9b385f 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.darling_core-0.20.11.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.darling_core-0.21.3.bazel @@ -92,12 +92,12 @@ rust_library( "@rules_rust//rust/platform:x86_64-unknown-uefi": [], "//conditions:default": ["@platforms//:incompatible"], }), - version = "0.20.11", + version = "0.21.3", deps = [ "@vendor_ts__fnv-1.0.7//:fnv", "@vendor_ts__ident_case-1.0.1//:ident_case", "@vendor_ts__proc-macro2-1.0.101//:proc_macro2", - "@vendor_ts__quote-1.0.40//:quote", + "@vendor_ts__quote-1.0.41//:quote", "@vendor_ts__strsim-0.11.1//:strsim", "@vendor_ts__syn-2.0.106//:syn", ], diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.darling_macro-0.20.11.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.darling_macro-0.21.3.bazel similarity index 96% rename from misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.darling_macro-0.20.11.bazel rename to misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.darling_macro-0.21.3.bazel index c32d23d3c48..c150f931e32 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.darling_macro-0.20.11.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.darling_macro-0.21.3.bazel @@ -88,10 +88,10 @@ rust_proc_macro( "@rules_rust//rust/platform:x86_64-unknown-uefi": [], "//conditions:default": ["@platforms//:incompatible"], }), - version = "0.20.11", + version = "0.21.3", deps = [ - "@vendor_ts__darling_core-0.20.11//:darling_core", - "@vendor_ts__quote-1.0.40//:quote", + "@vendor_ts__darling_core-0.21.3//:darling_core", + "@vendor_ts__quote-1.0.41//:quote", "@vendor_ts__syn-2.0.106//:syn", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.displaydoc-0.2.5.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.displaydoc-0.2.5.bazel index a486cb7c128..87651e8bda3 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.displaydoc-0.2.5.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.displaydoc-0.2.5.bazel @@ -91,7 +91,7 @@ rust_proc_macro( version = "0.2.5", deps = [ "@vendor_ts__proc-macro2-1.0.101//:proc_macro2", - "@vendor_ts__quote-1.0.40//:quote", + "@vendor_ts__quote-1.0.41//:quote", "@vendor_ts__syn-2.0.106//:syn", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.erased-serde-0.4.6.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.erased-serde-0.4.6.bazel index 100d2f9727c..8e03c63e500 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.erased-serde-0.4.6.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.erased-serde-0.4.6.bazel @@ -93,7 +93,7 @@ rust_library( }), version = "0.4.6", deps = [ - "@vendor_ts__serde-1.0.219//:serde", + "@vendor_ts__serde-1.0.228//:serde", "@vendor_ts__typeid-1.0.3//:typeid", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.figment-0.10.19.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.figment-0.10.19.bazel index 8b6d7b8c56c..641e4f01523 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.figment-0.10.19.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.figment-0.10.19.bazel @@ -103,7 +103,7 @@ rust_library( deps = [ "@vendor_ts__figment-0.10.19//:build_script_build", "@vendor_ts__pear-0.2.9//:pear", - "@vendor_ts__serde-1.0.219//:serde", + "@vendor_ts__serde-1.0.228//:serde", "@vendor_ts__serde_yaml-0.9.34-deprecated//:serde_yaml", "@vendor_ts__uncased-0.9.10//:uncased", ] + select({ diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.globset-0.4.16.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.globset-0.4.16.bazel index 6c5f8cd7929..cdcb709b651 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.globset-0.4.16.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.globset-0.4.16.bazel @@ -97,7 +97,7 @@ rust_library( "@vendor_ts__aho-corasick-1.1.3//:aho_corasick", "@vendor_ts__bstr-1.12.0//:bstr", "@vendor_ts__log-0.4.28//:log", - "@vendor_ts__regex-automata-0.4.10//:regex_automata", + "@vendor_ts__regex-automata-0.4.11//:regex_automata", "@vendor_ts__regex-syntax-0.8.6//:regex_syntax", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.indexmap-2.11.1.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.indexmap-2.11.4.bazel similarity index 98% rename from misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.indexmap-2.11.1.bazel rename to misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.indexmap-2.11.4.bazel index c3763099eb8..be7b81b49f1 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.indexmap-2.11.1.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.indexmap-2.11.4.bazel @@ -93,10 +93,10 @@ rust_library( "@rules_rust//rust/platform:x86_64-unknown-uefi": [], "//conditions:default": ["@platforms//:incompatible"], }), - version = "2.11.1", + version = "2.11.4", deps = [ "@vendor_ts__equivalent-1.0.2//:equivalent", "@vendor_ts__hashbrown-0.15.5//:hashbrown", - "@vendor_ts__serde-1.0.219//:serde", + "@vendor_ts__serde_core-1.0.228//:serde_core", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.matchers-0.2.0.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.matchers-0.2.0.bazel index 4ba33942822..da67f321d99 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.matchers-0.2.0.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.matchers-0.2.0.bazel @@ -90,6 +90,6 @@ rust_library( }), version = "0.2.0", deps = [ - "@vendor_ts__regex-automata-0.4.10//:regex_automata", + "@vendor_ts__regex-automata-0.4.11//:regex_automata", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.mustache-0.9.0.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.mustache-0.9.0.bazel index ae043e0e2a1..cfaa72fda83 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.mustache-0.9.0.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.mustache-0.9.0.bazel @@ -91,6 +91,6 @@ rust_library( version = "0.9.0", deps = [ "@vendor_ts__log-0.3.9//:log", - "@vendor_ts__serde-1.0.219//:serde", + "@vendor_ts__serde-1.0.228//:serde", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.pear_codegen-0.2.9.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.pear_codegen-0.2.9.bazel index ce5597c6f7e..a8e7ad4bf41 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.pear_codegen-0.2.9.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.pear_codegen-0.2.9.bazel @@ -92,7 +92,7 @@ rust_proc_macro( deps = [ "@vendor_ts__proc-macro2-1.0.101//:proc_macro2", "@vendor_ts__proc-macro2-diagnostics-0.10.1//:proc_macro2_diagnostics", - "@vendor_ts__quote-1.0.40//:quote", + "@vendor_ts__quote-1.0.41//:quote", "@vendor_ts__syn-2.0.106//:syn", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.petgraph-0.6.5.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.petgraph-0.6.5.bazel index c643aefe2c7..7c88eb60903 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.petgraph-0.6.5.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.petgraph-0.6.5.bazel @@ -97,6 +97,6 @@ rust_library( version = "0.6.5", deps = [ "@vendor_ts__fixedbitset-0.4.2//:fixedbitset", - "@vendor_ts__indexmap-2.11.1//:indexmap", + "@vendor_ts__indexmap-2.11.4//:indexmap", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.proc-macro2-diagnostics-0.10.1.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.proc-macro2-diagnostics-0.10.1.bazel index 120c4d6c265..84323b7da79 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.proc-macro2-diagnostics-0.10.1.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.proc-macro2-diagnostics-0.10.1.bazel @@ -101,7 +101,7 @@ rust_library( deps = [ "@vendor_ts__proc-macro2-1.0.101//:proc_macro2", "@vendor_ts__proc-macro2-diagnostics-0.10.1//:build_script_build", - "@vendor_ts__quote-1.0.40//:quote", + "@vendor_ts__quote-1.0.41//:quote", "@vendor_ts__syn-2.0.106//:syn", "@vendor_ts__yansi-1.0.1//:yansi", ], diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.quote-1.0.40.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.quote-1.0.41.bazel similarity index 72% rename from misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.quote-1.0.40.bazel rename to misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.quote-1.0.41.bazel index 66b79239e47..de02a99d0de 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.quote-1.0.40.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.quote-1.0.41.bazel @@ -6,7 +6,11 @@ # bazel run @@//misc/bazel/3rdparty:vendor_tree_sitter_extractors ############################################################################### -load("@rules_rust//cargo:defs.bzl", "cargo_toml_env_vars") +load( + "@rules_rust//cargo:defs.bzl", + "cargo_build_script", + "cargo_toml_env_vars", +) load("@rules_rust//rust:defs.bzl", "rust_library") package(default_visibility = ["//visibility:public"]) @@ -92,8 +96,71 @@ rust_library( "@rules_rust//rust/platform:x86_64-unknown-uefi": [], "//conditions:default": ["@platforms//:incompatible"], }), - version = "1.0.40", + version = "1.0.41", deps = [ "@vendor_ts__proc-macro2-1.0.101//:proc_macro2", + "@vendor_ts__quote-1.0.41//:build_script_build", ], ) + +cargo_build_script( + name = "_bs", + srcs = glob( + include = ["**/*.rs"], + allow_empty = True, + ), + compile_data = glob( + include = ["**"], + allow_empty = True, + exclude = [ + "**/* *", + "**/*.rs", + ".tmp_git_root/**/*", + "BUILD", + "BUILD.bazel", + "WORKSPACE", + "WORKSPACE.bazel", + ], + ), + crate_features = [ + "default", + "proc-macro", + ], + crate_name = "build_script_build", + crate_root = "build.rs", + data = glob( + include = ["**"], + allow_empty = True, + exclude = [ + "**/* *", + ".tmp_git_root/**/*", + "BUILD", + "BUILD.bazel", + "WORKSPACE", + "WORKSPACE.bazel", + ], + ), + edition = "2018", + pkg_name = "quote", + rustc_env_files = [ + ":cargo_toml_env_vars", + ], + rustc_flags = [ + "--cap-lints=allow", + ], + tags = [ + "cargo-bazel", + "crate-name=quote", + "manual", + "noclippy", + "norustfmt", + ], + version = "1.0.41", + visibility = ["//visibility:private"], +) + +alias( + name = "build_script_build", + actual = ":_bs", + tags = ["manual"], +) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra-ap-rustc_index_macros-0.123.0.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra-ap-rustc_index_macros-0.123.0.bazel index b45b48ce2b9..c0dff747844 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra-ap-rustc_index_macros-0.123.0.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra-ap-rustc_index_macros-0.123.0.bazel @@ -91,7 +91,7 @@ rust_proc_macro( version = "0.123.0", deps = [ "@vendor_ts__proc-macro2-1.0.101//:proc_macro2", - "@vendor_ts__quote-1.0.40//:quote", + "@vendor_ts__quote-1.0.41//:quote", "@vendor_ts__syn-2.0.106//:syn", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_base_db-0.0.301.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_base_db-0.0.301.bazel index 3931158e4a1..73ba2f1d47f 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_base_db-0.0.301.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_base_db-0.0.301.bazel @@ -103,7 +103,7 @@ rust_library( version = "0.0.301", deps = [ "@vendor_ts__dashmap-6.1.0//:dashmap", - "@vendor_ts__indexmap-2.11.1//:indexmap", + "@vendor_ts__indexmap-2.11.4//:indexmap", "@vendor_ts__la-arena-0.3.1//:la_arena", "@vendor_ts__ra_ap_cfg-0.0.301//:ra_ap_cfg", "@vendor_ts__ra_ap_intern-0.0.301//:ra_ap_intern", diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_hir-0.0.301.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_hir-0.0.301.bazel index 3134859b4d2..668aa255fbe 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_hir-0.0.301.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_hir-0.0.301.bazel @@ -104,7 +104,7 @@ rust_library( deps = [ "@vendor_ts__arrayvec-0.7.6//:arrayvec", "@vendor_ts__either-1.15.0//:either", - "@vendor_ts__indexmap-2.11.1//:indexmap", + "@vendor_ts__indexmap-2.11.4//:indexmap", "@vendor_ts__itertools-0.14.0//:itertools", "@vendor_ts__ra_ap_base_db-0.0.301//:ra_ap_base_db", "@vendor_ts__ra_ap_cfg-0.0.301//:ra_ap_cfg", diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_hir_def-0.0.301.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_hir_def-0.0.301.bazel index e97671e1b1b..77782b1df3c 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_hir_def-0.0.301.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_hir_def-0.0.301.bazel @@ -112,7 +112,7 @@ rust_library( "@vendor_ts__drop_bomb-0.1.5//:drop_bomb", "@vendor_ts__either-1.15.0//:either", "@vendor_ts__fst-0.4.7//:fst", - "@vendor_ts__indexmap-2.11.1//:indexmap", + "@vendor_ts__indexmap-2.11.4//:indexmap", "@vendor_ts__itertools-0.14.0//:itertools", "@vendor_ts__la-arena-0.3.1//:la_arena", "@vendor_ts__ra-ap-rustc_abi-0.123.0//:ra_ap_rustc_abi", diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_hir_ty-0.0.301.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_hir_ty-0.0.301.bazel index 7190559d3d8..74b8972eda0 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_hir_ty-0.0.301.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_hir_ty-0.0.301.bazel @@ -113,7 +113,7 @@ rust_library( "@vendor_ts__cov-mark-2.1.0//:cov_mark", "@vendor_ts__either-1.15.0//:either", "@vendor_ts__ena-0.14.3//:ena", - "@vendor_ts__indexmap-2.11.1//:indexmap", + "@vendor_ts__indexmap-2.11.4//:indexmap", "@vendor_ts__itertools-0.14.0//:itertools", "@vendor_ts__la-arena-0.3.1//:la_arena", "@vendor_ts__oorandom-11.1.5//:oorandom", diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_ide_db-0.0.301.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_ide_db-0.0.301.bazel index 9df94ba4165..da23d55cdd2 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_ide_db-0.0.301.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_ide_db-0.0.301.bazel @@ -111,7 +111,7 @@ rust_library( "@vendor_ts__crossbeam-channel-0.5.15//:crossbeam_channel", "@vendor_ts__either-1.15.0//:either", "@vendor_ts__fst-0.4.7//:fst", - "@vendor_ts__indexmap-2.11.1//:indexmap", + "@vendor_ts__indexmap-2.11.4//:indexmap", "@vendor_ts__itertools-0.14.0//:itertools", "@vendor_ts__line-index-0.1.2//:line_index", "@vendor_ts__memchr-2.7.5//:memchr", diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_load-cargo-0.0.301.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_load-cargo-0.0.301.bazel index 81cbfdd3eaf..51fdf30d0bb 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_load-cargo-0.0.301.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_load-cargo-0.0.301.bazel @@ -101,7 +101,7 @@ rust_library( }), version = "0.0.301", deps = [ - "@vendor_ts__anyhow-1.0.99//:anyhow", + "@vendor_ts__anyhow-1.0.100//:anyhow", "@vendor_ts__crossbeam-channel-0.5.15//:crossbeam_channel", "@vendor_ts__itertools-0.14.0//:itertools", "@vendor_ts__ra_ap_hir_expand-0.0.301//:ra_ap_hir_expand", diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_proc_macro_api-0.0.301.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_proc_macro_api-0.0.301.bazel index b2367547415..37f3378bd62 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_proc_macro_api-0.0.301.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_proc_macro_api-0.0.301.bazel @@ -44,7 +44,7 @@ rust_library( crate_root = "src/lib.rs", edition = "2024", proc_macro_deps = [ - "@vendor_ts__serde_derive-1.0.219//:serde_derive", + "@vendor_ts__serde_derive-1.0.228//:serde_derive", ], rustc_env_files = [ ":cargo_toml_env_vars", @@ -100,15 +100,15 @@ rust_library( }), version = "0.0.301", deps = [ - "@vendor_ts__indexmap-2.11.1//:indexmap", + "@vendor_ts__indexmap-2.11.4//:indexmap", "@vendor_ts__ra_ap_intern-0.0.301//:ra_ap_intern", "@vendor_ts__ra_ap_paths-0.0.301//:ra_ap_paths", "@vendor_ts__ra_ap_span-0.0.301//:ra_ap_span", "@vendor_ts__ra_ap_stdx-0.0.301//:ra_ap_stdx", "@vendor_ts__ra_ap_tt-0.0.301//:ra_ap_tt", "@vendor_ts__rustc-hash-2.1.1//:rustc_hash", - "@vendor_ts__serde-1.0.219//:serde", - "@vendor_ts__serde_json-1.0.143//:serde_json", + "@vendor_ts__serde-1.0.228//:serde", + "@vendor_ts__serde_json-1.0.145//:serde_json", "@vendor_ts__tracing-0.1.41//:tracing", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_project_model-0.0.301.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_project_model-0.0.301.bazel index 4332ecda1a7..29b6d793366 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_project_model-0.0.301.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_project_model-0.0.301.bazel @@ -46,7 +46,7 @@ rust_library( crate_root = "src/lib.rs", edition = "2024", proc_macro_deps = [ - "@vendor_ts__serde_derive-1.0.219//:serde_derive", + "@vendor_ts__serde_derive-1.0.228//:serde_derive", ], rustc_env_files = [ ":cargo_toml_env_vars", @@ -102,7 +102,7 @@ rust_library( }), version = "0.0.301", deps = [ - "@vendor_ts__anyhow-1.0.99//:anyhow", + "@vendor_ts__anyhow-1.0.100//:anyhow", "@vendor_ts__cargo_metadata-0.21.0//:cargo_metadata", "@vendor_ts__itertools-0.14.0//:itertools", "@vendor_ts__la-arena-0.3.1//:la_arena", @@ -115,8 +115,8 @@ rust_library( "@vendor_ts__ra_ap_toolchain-0.0.301//:ra_ap_toolchain", "@vendor_ts__rustc-hash-2.1.1//:rustc_hash", "@vendor_ts__semver-1.0.26//:semver", - "@vendor_ts__serde-1.0.219//:serde", - "@vendor_ts__serde_json-1.0.143//:serde_json", + "@vendor_ts__serde-1.0.228//:serde", + "@vendor_ts__serde_json-1.0.145//:serde_json", "@vendor_ts__temp-dir-0.1.16//:temp_dir", "@vendor_ts__tracing-0.1.41//:tracing", "@vendor_ts__triomphe-0.1.14//:triomphe", diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_query-group-macro-0.0.301.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_query-group-macro-0.0.301.bazel index a4099d462ee..ae0f619a3ba 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_query-group-macro-0.0.301.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_query-group-macro-0.0.301.bazel @@ -91,7 +91,7 @@ rust_proc_macro( version = "0.0.301", deps = [ "@vendor_ts__proc-macro2-1.0.101//:proc_macro2", - "@vendor_ts__quote-1.0.40//:quote", + "@vendor_ts__quote-1.0.41//:quote", "@vendor_ts__syn-2.0.106//:syn", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_vfs-0.0.301.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_vfs-0.0.301.bazel index 33b4db4d356..868107cddc5 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_vfs-0.0.301.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_vfs-0.0.301.bazel @@ -96,7 +96,7 @@ rust_library( deps = [ "@vendor_ts__crossbeam-channel-0.5.15//:crossbeam_channel", "@vendor_ts__fst-0.4.7//:fst", - "@vendor_ts__indexmap-2.11.1//:indexmap", + "@vendor_ts__indexmap-2.11.4//:indexmap", "@vendor_ts__nohash-hasher-0.2.0//:nohash_hasher", "@vendor_ts__ra_ap_paths-0.0.301//:ra_ap_paths", "@vendor_ts__ra_ap_stdx-0.0.301//:ra_ap_stdx", diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ref-cast-impl-1.0.24.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ref-cast-impl-1.0.24.bazel index ba548e9113a..70bc6acb116 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ref-cast-impl-1.0.24.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ref-cast-impl-1.0.24.bazel @@ -91,7 +91,7 @@ rust_proc_macro( version = "1.0.24", deps = [ "@vendor_ts__proc-macro2-1.0.101//:proc_macro2", - "@vendor_ts__quote-1.0.40//:quote", + "@vendor_ts__quote-1.0.41//:quote", "@vendor_ts__syn-2.0.106//:syn", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.regex-1.11.2.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.regex-1.11.3.bazel similarity index 98% rename from misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.regex-1.11.2.bazel rename to misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.regex-1.11.3.bazel index 1c4f925a111..2e26723c478 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.regex-1.11.2.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.regex-1.11.3.bazel @@ -107,11 +107,11 @@ rust_library( "@rules_rust//rust/platform:x86_64-unknown-uefi": [], "//conditions:default": ["@platforms//:incompatible"], }), - version = "1.11.2", + version = "1.11.3", deps = [ "@vendor_ts__aho-corasick-1.1.3//:aho_corasick", "@vendor_ts__memchr-2.7.5//:memchr", - "@vendor_ts__regex-automata-0.4.10//:regex_automata", + "@vendor_ts__regex-automata-0.4.11//:regex_automata", "@vendor_ts__regex-syntax-0.8.6//:regex_syntax", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.regex-automata-0.4.10.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.regex-automata-0.4.11.bazel similarity index 99% rename from misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.regex-automata-0.4.10.bazel rename to misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.regex-automata-0.4.11.bazel index 4b17c645f34..3f008ea863c 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.regex-automata-0.4.10.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.regex-automata-0.4.11.bazel @@ -116,7 +116,7 @@ rust_library( "@rules_rust//rust/platform:x86_64-unknown-uefi": [], "//conditions:default": ["@platforms//:incompatible"], }), - version = "0.4.10", + version = "0.4.11", deps = [ "@vendor_ts__aho-corasick-1.1.3//:aho_corasick", "@vendor_ts__memchr-2.7.5//:memchr", diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.salsa-0.23.0.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.salsa-0.23.0.bazel index a7a2366514f..5ba01a304a8 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.salsa-0.23.0.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.salsa-0.23.0.bazel @@ -104,7 +104,7 @@ rust_library( "@vendor_ts__crossbeam-utils-0.8.21//:crossbeam_utils", "@vendor_ts__hashbrown-0.15.5//:hashbrown", "@vendor_ts__hashlink-0.10.0//:hashlink", - "@vendor_ts__indexmap-2.11.1//:indexmap", + "@vendor_ts__indexmap-2.11.4//:indexmap", "@vendor_ts__intrusive-collections-0.9.7//:intrusive_collections", "@vendor_ts__papaya-0.2.3//:papaya", "@vendor_ts__parking_lot-0.12.4//:parking_lot", diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.salsa-macros-0.23.0.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.salsa-macros-0.23.0.bazel index 03a3ef58912..8d763b3ef95 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.salsa-macros-0.23.0.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.salsa-macros-0.23.0.bazel @@ -91,7 +91,7 @@ rust_proc_macro( version = "0.23.0", deps = [ "@vendor_ts__proc-macro2-1.0.101//:proc_macro2", - "@vendor_ts__quote-1.0.40//:quote", + "@vendor_ts__quote-1.0.41//:quote", "@vendor_ts__syn-2.0.106//:syn", "@vendor_ts__synstructure-0.13.2//:synstructure", ], diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.schemars-0.9.0.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.schemars-0.9.0.bazel index 639b6c71a0d..6f1dd98fa17 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.schemars-0.9.0.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.schemars-0.9.0.bazel @@ -92,7 +92,7 @@ rust_library( deps = [ "@vendor_ts__dyn-clone-1.0.20//:dyn_clone", "@vendor_ts__ref-cast-1.0.24//:ref_cast", - "@vendor_ts__serde-1.0.219//:serde", - "@vendor_ts__serde_json-1.0.143//:serde_json", + "@vendor_ts__serde-1.0.228//:serde", + "@vendor_ts__serde_json-1.0.145//:serde_json", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.schemars-1.0.4.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.schemars-1.0.4.bazel index dce895551c8..81d7aa89ab5 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.schemars-1.0.4.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.schemars-1.0.4.bazel @@ -92,7 +92,7 @@ rust_library( deps = [ "@vendor_ts__dyn-clone-1.0.20//:dyn_clone", "@vendor_ts__ref-cast-1.0.24//:ref_cast", - "@vendor_ts__serde-1.0.219//:serde", - "@vendor_ts__serde_json-1.0.143//:serde_json", + "@vendor_ts__serde-1.0.228//:serde", + "@vendor_ts__serde_json-1.0.145//:serde_json", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.semver-1.0.26.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.semver-1.0.26.bazel index 1b139d7a87e..b0460d053ae 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.semver-1.0.26.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.semver-1.0.26.bazel @@ -100,7 +100,7 @@ rust_library( version = "1.0.26", deps = [ "@vendor_ts__semver-1.0.26//:build_script_build", - "@vendor_ts__serde-1.0.219//:serde", + "@vendor_ts__serde-1.0.228//:serde", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde-1.0.219.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde-1.0.228.bazel similarity index 95% rename from misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde-1.0.219.bazel rename to misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde-1.0.228.bazel index 86cb23175ba..e58b661dec8 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde-1.0.219.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde-1.0.228.bazel @@ -46,9 +46,9 @@ rust_library( "std", ], crate_root = "src/lib.rs", - edition = "2018", + edition = "2021", proc_macro_deps = [ - "@vendor_ts__serde_derive-1.0.219//:serde_derive", + "@vendor_ts__serde_derive-1.0.228//:serde_derive", ], rustc_env_files = [ ":cargo_toml_env_vars", @@ -102,9 +102,10 @@ rust_library( "@rules_rust//rust/platform:x86_64-unknown-uefi": [], "//conditions:default": ["@platforms//:incompatible"], }), - version = "1.0.219", + version = "1.0.228", deps = [ - "@vendor_ts__serde-1.0.219//:build_script_build", + "@vendor_ts__serde-1.0.228//:build_script_build", + "@vendor_ts__serde_core-1.0.228//:serde_core", ], ) @@ -148,7 +149,7 @@ cargo_build_script( "WORKSPACE.bazel", ], ), - edition = "2018", + edition = "2021", pkg_name = "serde", rustc_env_files = [ ":cargo_toml_env_vars", @@ -163,7 +164,7 @@ cargo_build_script( "noclippy", "norustfmt", ], - version = "1.0.219", + version = "1.0.228", visibility = ["//visibility:private"], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde-untagged-0.1.8.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde-untagged-0.1.8.bazel index 0191982b73a..f04da9de1ad 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde-untagged-0.1.8.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde-untagged-0.1.8.bazel @@ -91,7 +91,7 @@ rust_library( version = "0.1.8", deps = [ "@vendor_ts__erased-serde-0.4.6//:erased_serde", - "@vendor_ts__serde-1.0.219//:serde", + "@vendor_ts__serde-1.0.228//:serde", "@vendor_ts__typeid-1.0.3//:typeid", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde-value-0.7.0.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde-value-0.7.0.bazel index f6b8e9a212a..c897b79e5c7 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde-value-0.7.0.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde-value-0.7.0.bazel @@ -91,6 +91,6 @@ rust_library( version = "0.7.0", deps = [ "@vendor_ts__ordered-float-2.10.1//:ordered_float", - "@vendor_ts__serde-1.0.219//:serde", + "@vendor_ts__serde-1.0.228//:serde", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_core-1.0.228.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_core-1.0.228.bazel new file mode 100644 index 00000000000..cfca5c545ab --- /dev/null +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_core-1.0.228.bazel @@ -0,0 +1,167 @@ +############################################################################### +# @generated +# DO NOT MODIFY: This file is auto-generated by a crate_universe tool. To +# regenerate this file, run the following: +# +# bazel run @@//misc/bazel/3rdparty:vendor_tree_sitter_extractors +############################################################################### + +load( + "@rules_rust//cargo:defs.bzl", + "cargo_build_script", + "cargo_toml_env_vars", +) +load("@rules_rust//rust:defs.bzl", "rust_library") + +package(default_visibility = ["//visibility:public"]) + +cargo_toml_env_vars( + name = "cargo_toml_env_vars", + src = "Cargo.toml", +) + +rust_library( + name = "serde_core", + srcs = glob( + include = ["**/*.rs"], + allow_empty = True, + ), + compile_data = glob( + include = ["**"], + allow_empty = True, + exclude = [ + "**/* *", + ".tmp_git_root/**/*", + "BUILD", + "BUILD.bazel", + "WORKSPACE", + "WORKSPACE.bazel", + ], + ), + crate_features = [ + "alloc", + "result", + "std", + ], + crate_root = "src/lib.rs", + edition = "2021", + rustc_env_files = [ + ":cargo_toml_env_vars", + ], + rustc_flags = [ + "--cap-lints=allow", + ], + tags = [ + "cargo-bazel", + "crate-name=serde_core", + "manual", + "noclippy", + "norustfmt", + ], + target_compatible_with = select({ + "@rules_rust//rust/platform:aarch64-apple-darwin": [], + "@rules_rust//rust/platform:aarch64-apple-ios": [], + "@rules_rust//rust/platform:aarch64-apple-ios-sim": [], + "@rules_rust//rust/platform:aarch64-linux-android": [], + "@rules_rust//rust/platform:aarch64-pc-windows-msvc": [], + "@rules_rust//rust/platform:aarch64-unknown-fuchsia": [], + "@rules_rust//rust/platform:aarch64-unknown-linux-gnu": [], + "@rules_rust//rust/platform:aarch64-unknown-nixos-gnu": [], + "@rules_rust//rust/platform:aarch64-unknown-nto-qnx710": [], + "@rules_rust//rust/platform:aarch64-unknown-uefi": [], + "@rules_rust//rust/platform:arm-unknown-linux-gnueabi": [], + "@rules_rust//rust/platform:armv7-linux-androideabi": [], + "@rules_rust//rust/platform:armv7-unknown-linux-gnueabi": [], + "@rules_rust//rust/platform:i686-apple-darwin": [], + "@rules_rust//rust/platform:i686-linux-android": [], + "@rules_rust//rust/platform:i686-pc-windows-msvc": [], + "@rules_rust//rust/platform:i686-unknown-freebsd": [], + "@rules_rust//rust/platform:i686-unknown-linux-gnu": [], + "@rules_rust//rust/platform:powerpc-unknown-linux-gnu": [], + "@rules_rust//rust/platform:riscv32imc-unknown-none-elf": [], + "@rules_rust//rust/platform:riscv64gc-unknown-none-elf": [], + "@rules_rust//rust/platform:s390x-unknown-linux-gnu": [], + "@rules_rust//rust/platform:thumbv7em-none-eabi": [], + "@rules_rust//rust/platform:thumbv8m.main-none-eabi": [], + "@rules_rust//rust/platform:wasm32-unknown-unknown": [], + "@rules_rust//rust/platform:wasm32-wasip1": [], + "@rules_rust//rust/platform:x86_64-apple-darwin": [], + "@rules_rust//rust/platform:x86_64-apple-ios": [], + "@rules_rust//rust/platform:x86_64-linux-android": [], + "@rules_rust//rust/platform:x86_64-pc-windows-msvc": [], + "@rules_rust//rust/platform:x86_64-unknown-freebsd": [], + "@rules_rust//rust/platform:x86_64-unknown-fuchsia": [], + "@rules_rust//rust/platform:x86_64-unknown-linux-gnu": [], + "@rules_rust//rust/platform:x86_64-unknown-nixos-gnu": [], + "@rules_rust//rust/platform:x86_64-unknown-none": [], + "@rules_rust//rust/platform:x86_64-unknown-uefi": [], + "//conditions:default": ["@platforms//:incompatible"], + }), + version = "1.0.228", + deps = [ + "@vendor_ts__serde_core-1.0.228//:build_script_build", + ], +) + +cargo_build_script( + name = "_bs", + srcs = glob( + include = ["**/*.rs"], + allow_empty = True, + ), + compile_data = glob( + include = ["**"], + allow_empty = True, + exclude = [ + "**/* *", + "**/*.rs", + ".tmp_git_root/**/*", + "BUILD", + "BUILD.bazel", + "WORKSPACE", + "WORKSPACE.bazel", + ], + ), + crate_features = [ + "alloc", + "result", + "std", + ], + crate_name = "build_script_build", + crate_root = "build.rs", + data = glob( + include = ["**"], + allow_empty = True, + exclude = [ + "**/* *", + ".tmp_git_root/**/*", + "BUILD", + "BUILD.bazel", + "WORKSPACE", + "WORKSPACE.bazel", + ], + ), + edition = "2021", + pkg_name = "serde_core", + rustc_env_files = [ + ":cargo_toml_env_vars", + ], + rustc_flags = [ + "--cap-lints=allow", + ], + tags = [ + "cargo-bazel", + "crate-name=serde_core", + "manual", + "noclippy", + "norustfmt", + ], + version = "1.0.228", + visibility = ["//visibility:private"], +) + +alias( + name = "build_script_build", + actual = ":_bs", + tags = ["manual"], +) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_derive-1.0.219.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_derive-1.0.228.bazel similarity index 97% rename from misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_derive-1.0.219.bazel rename to misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_derive-1.0.228.bazel index f11ee965dba..e3b6733407b 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_derive-1.0.219.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_derive-1.0.228.bazel @@ -38,7 +38,7 @@ rust_proc_macro( "default", ], crate_root = "src/lib.rs", - edition = "2015", + edition = "2021", rustc_env_files = [ ":cargo_toml_env_vars", ], @@ -91,10 +91,10 @@ rust_proc_macro( "@rules_rust//rust/platform:x86_64-unknown-uefi": [], "//conditions:default": ["@platforms//:incompatible"], }), - version = "1.0.219", + version = "1.0.228", deps = [ "@vendor_ts__proc-macro2-1.0.101//:proc_macro2", - "@vendor_ts__quote-1.0.40//:quote", + "@vendor_ts__quote-1.0.41//:quote", "@vendor_ts__syn-2.0.106//:syn", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_json-1.0.143.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_json-1.0.145.bazel similarity index 91% rename from misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_json-1.0.143.bazel rename to misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_json-1.0.145.bazel index 1a4cca70a4f..5d6298313e4 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_json-1.0.143.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_json-1.0.145.bazel @@ -155,55 +155,55 @@ rust_library( "@rules_rust//rust/platform:x86_64-unknown-uefi": [], "//conditions:default": ["@platforms//:incompatible"], }), - version = "1.0.143", + version = "1.0.145", deps = [ "@vendor_ts__itoa-1.0.15//:itoa", "@vendor_ts__memchr-2.7.5//:memchr", "@vendor_ts__ryu-1.0.20//:ryu", - "@vendor_ts__serde-1.0.219//:serde", - "@vendor_ts__serde_json-1.0.143//:build_script_build", + "@vendor_ts__serde_core-1.0.228//:serde_core", + "@vendor_ts__serde_json-1.0.145//:build_script_build", ] + select({ "@rules_rust//rust/platform:aarch64-apple-darwin": [ - "@vendor_ts__indexmap-2.11.1//:indexmap", # aarch64-apple-darwin + "@vendor_ts__indexmap-2.11.4//:indexmap", # aarch64-apple-darwin ], "@rules_rust//rust/platform:aarch64-pc-windows-msvc": [ - "@vendor_ts__indexmap-2.11.1//:indexmap", # aarch64-pc-windows-msvc + "@vendor_ts__indexmap-2.11.4//:indexmap", # aarch64-pc-windows-msvc ], "@rules_rust//rust/platform:aarch64-unknown-linux-gnu": [ - "@vendor_ts__indexmap-2.11.1//:indexmap", # aarch64-unknown-linux-gnu + "@vendor_ts__indexmap-2.11.4//:indexmap", # aarch64-unknown-linux-gnu ], "@rules_rust//rust/platform:aarch64-unknown-nixos-gnu": [ - "@vendor_ts__indexmap-2.11.1//:indexmap", # aarch64-unknown-linux-gnu, aarch64-unknown-nixos-gnu + "@vendor_ts__indexmap-2.11.4//:indexmap", # aarch64-unknown-linux-gnu, aarch64-unknown-nixos-gnu ], "@rules_rust//rust/platform:arm-unknown-linux-gnueabi": [ - "@vendor_ts__indexmap-2.11.1//:indexmap", # arm-unknown-linux-gnueabi + "@vendor_ts__indexmap-2.11.4//:indexmap", # arm-unknown-linux-gnueabi ], "@rules_rust//rust/platform:i686-pc-windows-msvc": [ - "@vendor_ts__indexmap-2.11.1//:indexmap", # i686-pc-windows-msvc + "@vendor_ts__indexmap-2.11.4//:indexmap", # i686-pc-windows-msvc ], "@rules_rust//rust/platform:i686-unknown-linux-gnu": [ - "@vendor_ts__indexmap-2.11.1//:indexmap", # i686-unknown-linux-gnu + "@vendor_ts__indexmap-2.11.4//:indexmap", # i686-unknown-linux-gnu ], "@rules_rust//rust/platform:powerpc-unknown-linux-gnu": [ - "@vendor_ts__indexmap-2.11.1//:indexmap", # powerpc-unknown-linux-gnu + "@vendor_ts__indexmap-2.11.4//:indexmap", # powerpc-unknown-linux-gnu ], "@rules_rust//rust/platform:s390x-unknown-linux-gnu": [ - "@vendor_ts__indexmap-2.11.1//:indexmap", # s390x-unknown-linux-gnu + "@vendor_ts__indexmap-2.11.4//:indexmap", # s390x-unknown-linux-gnu ], "@rules_rust//rust/platform:x86_64-apple-darwin": [ - "@vendor_ts__indexmap-2.11.1//:indexmap", # x86_64-apple-darwin + "@vendor_ts__indexmap-2.11.4//:indexmap", # x86_64-apple-darwin ], "@rules_rust//rust/platform:x86_64-pc-windows-msvc": [ - "@vendor_ts__indexmap-2.11.1//:indexmap", # x86_64-pc-windows-msvc + "@vendor_ts__indexmap-2.11.4//:indexmap", # x86_64-pc-windows-msvc ], "@rules_rust//rust/platform:x86_64-unknown-freebsd": [ - "@vendor_ts__indexmap-2.11.1//:indexmap", # x86_64-unknown-freebsd + "@vendor_ts__indexmap-2.11.4//:indexmap", # x86_64-unknown-freebsd ], "@rules_rust//rust/platform:x86_64-unknown-linux-gnu": [ - "@vendor_ts__indexmap-2.11.1//:indexmap", # x86_64-unknown-linux-gnu + "@vendor_ts__indexmap-2.11.4//:indexmap", # x86_64-unknown-linux-gnu ], "@rules_rust//rust/platform:x86_64-unknown-nixos-gnu": [ - "@vendor_ts__indexmap-2.11.1//:indexmap", # x86_64-unknown-linux-gnu, x86_64-unknown-nixos-gnu + "@vendor_ts__indexmap-2.11.4//:indexmap", # x86_64-unknown-linux-gnu, x86_64-unknown-nixos-gnu ], "//conditions:default": [], }), @@ -320,7 +320,7 @@ cargo_build_script( "noclippy", "norustfmt", ], - version = "1.0.143", + version = "1.0.145", visibility = ["//visibility:private"], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_spanned-0.6.9.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_spanned-0.6.9.bazel index ffb3bcf7240..c596adf490c 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_spanned-0.6.9.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_spanned-0.6.9.bazel @@ -93,6 +93,6 @@ rust_library( }), version = "0.6.9", deps = [ - "@vendor_ts__serde-1.0.219//:serde", + "@vendor_ts__serde-1.0.228//:serde", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_spanned-1.0.0.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_spanned-1.0.2.bazel similarity index 98% rename from misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_spanned-1.0.0.bazel rename to misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_spanned-1.0.2.bazel index e0c6242de6f..e51f544db4f 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_spanned-1.0.0.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_spanned-1.0.2.bazel @@ -93,8 +93,8 @@ rust_library( "@rules_rust//rust/platform:x86_64-unknown-uefi": [], "//conditions:default": ["@platforms//:incompatible"], }), - version = "1.0.0", + version = "1.0.2", deps = [ - "@vendor_ts__serde-1.0.219//:serde", + "@vendor_ts__serde_core-1.0.228//:serde_core", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_with-3.14.0.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_with-3.14.1.bazel similarity index 95% rename from misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_with-3.14.0.bazel rename to misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_with-3.14.1.bazel index 08f8fdf3880..39a38f4f337 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_with-3.14.0.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_with-3.14.1.bazel @@ -43,8 +43,8 @@ rust_library( crate_root = "src/lib.rs", edition = "2021", proc_macro_deps = [ - "@vendor_ts__serde_derive-1.0.219//:serde_derive", - "@vendor_ts__serde_with_macros-3.14.0//:serde_with_macros", + "@vendor_ts__serde_derive-1.0.228//:serde_derive", + "@vendor_ts__serde_with_macros-3.14.1//:serde_with_macros", ], rustc_env_files = [ ":cargo_toml_env_vars", @@ -98,8 +98,8 @@ rust_library( "@rules_rust//rust/platform:x86_64-unknown-uefi": [], "//conditions:default": ["@platforms//:incompatible"], }), - version = "3.14.0", + version = "3.14.1", deps = [ - "@vendor_ts__serde-1.0.219//:serde", + "@vendor_ts__serde-1.0.228//:serde", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_with_macros-3.14.0.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_with_macros-3.14.1.bazel similarity index 97% rename from misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_with_macros-3.14.0.bazel rename to misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_with_macros-3.14.1.bazel index 5ce2041aa7f..e6c0864d9f0 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_with_macros-3.14.0.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_with_macros-3.14.1.bazel @@ -88,11 +88,11 @@ rust_proc_macro( "@rules_rust//rust/platform:x86_64-unknown-uefi": [], "//conditions:default": ["@platforms//:incompatible"], }), - version = "3.14.0", + version = "3.14.1", deps = [ - "@vendor_ts__darling-0.20.11//:darling", + "@vendor_ts__darling-0.21.3//:darling", "@vendor_ts__proc-macro2-1.0.101//:proc_macro2", - "@vendor_ts__quote-1.0.40//:quote", + "@vendor_ts__quote-1.0.41//:quote", "@vendor_ts__syn-2.0.106//:syn", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_yaml-0.9.34+deprecated.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_yaml-0.9.34+deprecated.bazel index 46287f3ed28..63410f30d1c 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_yaml-0.9.34+deprecated.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_yaml-0.9.34+deprecated.bazel @@ -90,10 +90,10 @@ rust_library( }), version = "0.9.34+deprecated", deps = [ - "@vendor_ts__indexmap-2.11.1//:indexmap", + "@vendor_ts__indexmap-2.11.4//:indexmap", "@vendor_ts__itoa-1.0.15//:itoa", "@vendor_ts__ryu-1.0.20//:ryu", - "@vendor_ts__serde-1.0.219//:serde", + "@vendor_ts__serde-1.0.228//:serde", "@vendor_ts__unsafe-libyaml-0.2.11//:unsafe_libyaml", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.syn-2.0.106.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.syn-2.0.106.bazel index a4bd833e8e5..234b5299969 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.syn-2.0.106.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.syn-2.0.106.bazel @@ -104,7 +104,7 @@ rust_library( version = "2.0.106", deps = [ "@vendor_ts__proc-macro2-1.0.101//:proc_macro2", - "@vendor_ts__quote-1.0.40//:quote", + "@vendor_ts__quote-1.0.41//:quote", "@vendor_ts__unicode-ident-1.0.19//:unicode_ident", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.synstructure-0.13.2.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.synstructure-0.13.2.bazel index ed7ebbca401..1043ced1384 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.synstructure-0.13.2.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.synstructure-0.13.2.bazel @@ -95,7 +95,7 @@ rust_library( version = "0.13.2", deps = [ "@vendor_ts__proc-macro2-1.0.101//:proc_macro2", - "@vendor_ts__quote-1.0.40//:quote", + "@vendor_ts__quote-1.0.41//:quote", "@vendor_ts__syn-2.0.106//:syn", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.thiserror-impl-2.0.16.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.thiserror-impl-2.0.16.bazel index 4f363e2e5ca..c8a6f5c3aca 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.thiserror-impl-2.0.16.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.thiserror-impl-2.0.16.bazel @@ -91,7 +91,7 @@ rust_proc_macro( version = "2.0.16", deps = [ "@vendor_ts__proc-macro2-1.0.101//:proc_macro2", - "@vendor_ts__quote-1.0.40//:quote", + "@vendor_ts__quote-1.0.41//:quote", "@vendor_ts__syn-2.0.106//:syn", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml-0.8.23.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml-0.8.23.bazel index bca02cb3cec..ba176cda49d 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml-0.8.23.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml-0.8.23.bazel @@ -95,7 +95,7 @@ rust_library( }), version = "0.8.23", deps = [ - "@vendor_ts__serde-1.0.219//:serde", + "@vendor_ts__serde-1.0.228//:serde", "@vendor_ts__serde_spanned-0.6.9//:serde_spanned", "@vendor_ts__toml_datetime-0.6.11//:toml_datetime", "@vendor_ts__toml_edit-0.22.27//:toml_edit", diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml-0.9.5.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml-0.9.7.bazel similarity index 92% rename from misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml-0.9.5.bazel rename to misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml-0.9.7.bazel index 50e11857e38..ca4f62b9c48 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml-0.9.5.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml-0.9.7.bazel @@ -95,13 +95,13 @@ rust_library( "@rules_rust//rust/platform:x86_64-unknown-uefi": [], "//conditions:default": ["@platforms//:incompatible"], }), - version = "0.9.5", + version = "0.9.7", deps = [ - "@vendor_ts__serde-1.0.219//:serde", - "@vendor_ts__serde_spanned-1.0.0//:serde_spanned", - "@vendor_ts__toml_datetime-0.7.0//:toml_datetime", - "@vendor_ts__toml_parser-1.0.2//:toml_parser", - "@vendor_ts__toml_writer-1.0.2//:toml_writer", + "@vendor_ts__serde_core-1.0.228//:serde_core", + "@vendor_ts__serde_spanned-1.0.2//:serde_spanned", + "@vendor_ts__toml_datetime-0.7.2//:toml_datetime", + "@vendor_ts__toml_parser-1.0.3//:toml_parser", + "@vendor_ts__toml_writer-1.0.3//:toml_writer", "@vendor_ts__winnow-0.7.13//:winnow", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml_datetime-0.6.11.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml_datetime-0.6.11.bazel index d0a8d2086cc..8a9d6b7342b 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml_datetime-0.6.11.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml_datetime-0.6.11.bazel @@ -93,6 +93,6 @@ rust_library( }), version = "0.6.11", deps = [ - "@vendor_ts__serde-1.0.219//:serde", + "@vendor_ts__serde-1.0.228//:serde", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml_datetime-0.7.0.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml_datetime-0.7.2.bazel similarity index 98% rename from misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml_datetime-0.7.0.bazel rename to misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml_datetime-0.7.2.bazel index 6d3a99fb0f6..a94b3a87066 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml_datetime-0.7.0.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml_datetime-0.7.2.bazel @@ -93,8 +93,8 @@ rust_library( "@rules_rust//rust/platform:x86_64-unknown-uefi": [], "//conditions:default": ["@platforms//:incompatible"], }), - version = "0.7.0", + version = "0.7.2", deps = [ - "@vendor_ts__serde-1.0.219//:serde", + "@vendor_ts__serde_core-1.0.228//:serde_core", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml_edit-0.22.27.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml_edit-0.22.27.bazel index dad3750bcfe..ab36adb8f30 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml_edit-0.22.27.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml_edit-0.22.27.bazel @@ -95,8 +95,8 @@ rust_library( }), version = "0.22.27", deps = [ - "@vendor_ts__indexmap-2.11.1//:indexmap", - "@vendor_ts__serde-1.0.219//:serde", + "@vendor_ts__indexmap-2.11.4//:indexmap", + "@vendor_ts__serde-1.0.228//:serde", "@vendor_ts__serde_spanned-0.6.9//:serde_spanned", "@vendor_ts__toml_datetime-0.6.11//:toml_datetime", "@vendor_ts__toml_write-0.1.2//:toml_write", diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml_parser-1.0.2.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml_parser-1.0.3.bazel similarity index 99% rename from misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml_parser-1.0.2.bazel rename to misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml_parser-1.0.3.bazel index 424946c20a6..8b4c4668aa5 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml_parser-1.0.2.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml_parser-1.0.3.bazel @@ -92,7 +92,7 @@ rust_library( "@rules_rust//rust/platform:x86_64-unknown-uefi": [], "//conditions:default": ["@platforms//:incompatible"], }), - version = "1.0.2", + version = "1.0.3", deps = [ "@vendor_ts__winnow-0.7.13//:winnow", ], diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml_writer-1.0.2.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml_writer-1.0.3.bazel similarity index 99% rename from misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml_writer-1.0.2.bazel rename to misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml_writer-1.0.3.bazel index 4193266e6d0..e90c3a61d87 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml_writer-1.0.2.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml_writer-1.0.3.bazel @@ -92,5 +92,5 @@ rust_library( "@rules_rust//rust/platform:x86_64-unknown-uefi": [], "//conditions:default": ["@platforms//:incompatible"], }), - version = "1.0.2", + version = "1.0.3", ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.tracing-attributes-0.1.30.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.tracing-attributes-0.1.30.bazel index f426539a31c..ec9f805d2d3 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.tracing-attributes-0.1.30.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.tracing-attributes-0.1.30.bazel @@ -91,7 +91,7 @@ rust_proc_macro( version = "0.1.30", deps = [ "@vendor_ts__proc-macro2-1.0.101//:proc_macro2", - "@vendor_ts__quote-1.0.40//:quote", + "@vendor_ts__quote-1.0.41//:quote", "@vendor_ts__syn-2.0.106//:syn", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.tracing-subscriber-0.3.20.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.tracing-subscriber-0.3.20.bazel index 13b54631970..cef88b5639b 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.tracing-subscriber-0.3.20.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.tracing-subscriber-0.3.20.bazel @@ -110,7 +110,7 @@ rust_library( "@vendor_ts__matchers-0.2.0//:matchers", "@vendor_ts__nu-ansi-term-0.50.1//:nu_ansi_term", "@vendor_ts__once_cell-1.21.3//:once_cell", - "@vendor_ts__regex-automata-0.4.10//:regex_automata", + "@vendor_ts__regex-automata-0.4.11//:regex_automata", "@vendor_ts__sharded-slab-0.1.7//:sharded_slab", "@vendor_ts__smallvec-1.15.1//:smallvec", "@vendor_ts__thread_local-1.1.9//:thread_local", diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.tree-sitter-0.25.9.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.tree-sitter-0.25.9.bazel index 0cb981e4755..46d6255099c 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.tree-sitter-0.25.9.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.tree-sitter-0.25.9.bazel @@ -98,7 +98,7 @@ rust_library( }), version = "0.25.9", deps = [ - "@vendor_ts__regex-1.11.2//:regex", + "@vendor_ts__regex-1.11.3//:regex", "@vendor_ts__regex-syntax-0.8.6//:regex_syntax", "@vendor_ts__streaming-iterator-0.1.9//:streaming_iterator", "@vendor_ts__tree-sitter-0.25.9//:build_script_build", @@ -163,7 +163,7 @@ cargo_build_script( visibility = ["//visibility:private"], deps = [ "@vendor_ts__cc-1.2.37//:cc", - "@vendor_ts__serde_json-1.0.143//:serde_json", + "@vendor_ts__serde_json-1.0.145//:serde_json", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.tree-sitter-embedded-template-0.23.2.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.tree-sitter-embedded-template-0.25.0.bazel similarity index 97% rename from misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.tree-sitter-embedded-template-0.23.2.bazel rename to misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.tree-sitter-embedded-template-0.25.0.bazel index a2cac2bd450..2b40d8a34d6 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.tree-sitter-embedded-template-0.23.2.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.tree-sitter-embedded-template-0.25.0.bazel @@ -92,9 +92,9 @@ rust_library( "@rules_rust//rust/platform:x86_64-unknown-uefi": [], "//conditions:default": ["@platforms//:incompatible"], }), - version = "0.23.2", + version = "0.25.0", deps = [ - "@vendor_ts__tree-sitter-embedded-template-0.23.2//:build_script_build", + "@vendor_ts__tree-sitter-embedded-template-0.25.0//:build_script_build", "@vendor_ts__tree-sitter-language-0.1.5//:tree_sitter_language", ], ) @@ -147,7 +147,7 @@ cargo_build_script( "noclippy", "norustfmt", ], - version = "0.23.2", + version = "0.25.0", visibility = ["//visibility:private"], deps = [ "@vendor_ts__cc-1.2.37//:cc", diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.triomphe-0.1.14.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.triomphe-0.1.14.bazel index 1ea48d5a72d..95d24ae522c 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.triomphe-0.1.14.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.triomphe-0.1.14.bazel @@ -96,7 +96,7 @@ rust_library( }), version = "0.1.14", deps = [ - "@vendor_ts__serde-1.0.219//:serde", + "@vendor_ts__serde-1.0.228//:serde", "@vendor_ts__stable_deref_trait-1.2.0//:stable_deref_trait", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.url-2.5.7.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.url-2.5.7.bazel index 4ac8b9941e5..6b0e6fcb669 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.url-2.5.7.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.url-2.5.7.bazel @@ -98,6 +98,6 @@ rust_library( "@vendor_ts__form_urlencoded-1.2.2//:form_urlencoded", "@vendor_ts__idna-1.1.0//:idna", "@vendor_ts__percent-encoding-2.3.2//:percent_encoding", - "@vendor_ts__serde-1.0.219//:serde", + "@vendor_ts__serde-1.0.228//:serde", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.wasm-bindgen-backend-0.2.101.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.wasm-bindgen-backend-0.2.101.bazel index 5a85b0e104d..f859ddcd68b 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.wasm-bindgen-backend-0.2.101.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.wasm-bindgen-backend-0.2.101.bazel @@ -93,7 +93,7 @@ rust_library( "@vendor_ts__bumpalo-3.19.0//:bumpalo", "@vendor_ts__log-0.4.28//:log", "@vendor_ts__proc-macro2-1.0.101//:proc_macro2", - "@vendor_ts__quote-1.0.40//:quote", + "@vendor_ts__quote-1.0.41//:quote", "@vendor_ts__syn-2.0.106//:syn", "@vendor_ts__wasm-bindgen-shared-0.2.101//:wasm_bindgen_shared", ], diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.wasm-bindgen-macro-0.2.101.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.wasm-bindgen-macro-0.2.101.bazel index 4b1549c57dd..b6d6862a2bc 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.wasm-bindgen-macro-0.2.101.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.wasm-bindgen-macro-0.2.101.bazel @@ -90,7 +90,7 @@ rust_proc_macro( }), version = "0.2.101", deps = [ - "@vendor_ts__quote-1.0.40//:quote", + "@vendor_ts__quote-1.0.41//:quote", "@vendor_ts__wasm-bindgen-macro-support-0.2.101//:wasm_bindgen_macro_support", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.wasm-bindgen-macro-support-0.2.101.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.wasm-bindgen-macro-support-0.2.101.bazel index c42233e4e24..cfee619986a 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.wasm-bindgen-macro-support-0.2.101.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.wasm-bindgen-macro-support-0.2.101.bazel @@ -91,7 +91,7 @@ rust_library( version = "0.2.101", deps = [ "@vendor_ts__proc-macro2-1.0.101//:proc_macro2", - "@vendor_ts__quote-1.0.40//:quote", + "@vendor_ts__quote-1.0.41//:quote", "@vendor_ts__syn-2.0.106//:syn", "@vendor_ts__wasm-bindgen-backend-0.2.101//:wasm_bindgen_backend", "@vendor_ts__wasm-bindgen-shared-0.2.101//:wasm_bindgen_shared", diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.windows-implement-0.60.0.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.windows-implement-0.60.0.bazel index b851ac18725..39e7c75ba65 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.windows-implement-0.60.0.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.windows-implement-0.60.0.bazel @@ -91,7 +91,7 @@ rust_proc_macro( version = "0.60.0", deps = [ "@vendor_ts__proc-macro2-1.0.101//:proc_macro2", - "@vendor_ts__quote-1.0.40//:quote", + "@vendor_ts__quote-1.0.41//:quote", "@vendor_ts__syn-2.0.106//:syn", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.windows-interface-0.59.1.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.windows-interface-0.59.1.bazel index 0d2150974e0..c91b2cb3347 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.windows-interface-0.59.1.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.windows-interface-0.59.1.bazel @@ -91,7 +91,7 @@ rust_proc_macro( version = "0.59.1", deps = [ "@vendor_ts__proc-macro2-1.0.101//:proc_macro2", - "@vendor_ts__quote-1.0.40//:quote", + "@vendor_ts__quote-1.0.41//:quote", "@vendor_ts__syn-2.0.106//:syn", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.yoke-derive-0.8.0.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.yoke-derive-0.8.0.bazel index 88b72641dcb..98706c66018 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.yoke-derive-0.8.0.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.yoke-derive-0.8.0.bazel @@ -91,7 +91,7 @@ rust_proc_macro( version = "0.8.0", deps = [ "@vendor_ts__proc-macro2-1.0.101//:proc_macro2", - "@vendor_ts__quote-1.0.40//:quote", + "@vendor_ts__quote-1.0.41//:quote", "@vendor_ts__syn-2.0.106//:syn", "@vendor_ts__synstructure-0.13.2//:synstructure", ], diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.zerocopy-derive-0.8.27.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.zerocopy-derive-0.8.27.bazel index b3cddbaed90..7342159d255 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.zerocopy-derive-0.8.27.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.zerocopy-derive-0.8.27.bazel @@ -91,7 +91,7 @@ rust_proc_macro( version = "0.8.27", deps = [ "@vendor_ts__proc-macro2-1.0.101//:proc_macro2", - "@vendor_ts__quote-1.0.40//:quote", + "@vendor_ts__quote-1.0.41//:quote", "@vendor_ts__syn-2.0.106//:syn", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.zerofrom-derive-0.1.6.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.zerofrom-derive-0.1.6.bazel index facba68b2c7..b1ccbb6a85d 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.zerofrom-derive-0.1.6.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.zerofrom-derive-0.1.6.bazel @@ -91,7 +91,7 @@ rust_proc_macro( version = "0.1.6", deps = [ "@vendor_ts__proc-macro2-1.0.101//:proc_macro2", - "@vendor_ts__quote-1.0.40//:quote", + "@vendor_ts__quote-1.0.41//:quote", "@vendor_ts__syn-2.0.106//:syn", "@vendor_ts__synstructure-0.13.2//:synstructure", ], diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.zerovec-derive-0.11.1.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.zerovec-derive-0.11.1.bazel index 06b27ed643f..29b50b11ae3 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.zerovec-derive-0.11.1.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.zerovec-derive-0.11.1.bazel @@ -91,7 +91,7 @@ rust_proc_macro( version = "0.11.1", deps = [ "@vendor_ts__proc-macro2-1.0.101//:proc_macro2", - "@vendor_ts__quote-1.0.40//:quote", + "@vendor_ts__quote-1.0.41//:quote", "@vendor_ts__syn-2.0.106//:syn", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/defs.bzl b/misc/bazel/3rdparty/tree_sitter_extractors_deps/defs.bzl index 6f5c2f2a7b2..4d7205ad951 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/defs.bzl +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/defs.bzl @@ -295,28 +295,28 @@ def aliases( _NORMAL_DEPENDENCIES = { "ruby/extractor": { _COMMON_CONDITION: { - "clap": Label("@vendor_ts__clap-4.5.47//:clap"), + "clap": Label("@vendor_ts__clap-4.5.48//:clap"), "encoding": Label("@vendor_ts__encoding-0.2.33//:encoding"), "lazy_static": Label("@vendor_ts__lazy_static-1.5.0//:lazy_static"), "rayon": Label("@vendor_ts__rayon-1.11.0//:rayon"), - "regex": Label("@vendor_ts__regex-1.11.2//:regex"), - "serde_json": Label("@vendor_ts__serde_json-1.0.143//:serde_json"), + "regex": Label("@vendor_ts__regex-1.11.3//:regex"), + "serde_json": Label("@vendor_ts__serde_json-1.0.145//:serde_json"), "tracing": Label("@vendor_ts__tracing-0.1.41//:tracing"), "tracing-subscriber": Label("@vendor_ts__tracing-subscriber-0.3.20//:tracing_subscriber"), "tree-sitter": Label("@vendor_ts__tree-sitter-0.25.9//:tree_sitter"), - "tree-sitter-embedded-template": Label("@vendor_ts__tree-sitter-embedded-template-0.23.2//:tree_sitter_embedded_template"), + "tree-sitter-embedded-template": Label("@vendor_ts__tree-sitter-embedded-template-0.25.0//:tree_sitter_embedded_template"), "tree-sitter-ruby": Label("@vendor_ts__tree-sitter-ruby-0.23.1//:tree_sitter_ruby"), }, }, "rust/ast-generator": { _COMMON_CONDITION: { - "anyhow": Label("@vendor_ts__anyhow-1.0.99//:anyhow"), + "anyhow": Label("@vendor_ts__anyhow-1.0.100//:anyhow"), "either": Label("@vendor_ts__either-1.15.0//:either"), "itertools": Label("@vendor_ts__itertools-0.14.0//:itertools"), "mustache": Label("@vendor_ts__mustache-0.9.0//:mustache"), "proc-macro2": Label("@vendor_ts__proc-macro2-1.0.101//:proc_macro2"), - "quote": Label("@vendor_ts__quote-1.0.40//:quote"), - "serde": Label("@vendor_ts__serde-1.0.219//:serde"), + "quote": Label("@vendor_ts__quote-1.0.41//:quote"), + "serde": Label("@vendor_ts__serde-1.0.228//:serde"), "stdx": Label("@vendor_ts__ra_ap_stdx-0.0.301//:ra_ap_stdx"), "ungrammar": Label("@vendor_ts__ungrammar-1.16.1//:ungrammar"), }, @@ -325,11 +325,11 @@ _NORMAL_DEPENDENCIES = { }, "rust/extractor": { _COMMON_CONDITION: { - "anyhow": Label("@vendor_ts__anyhow-1.0.99//:anyhow"), + "anyhow": Label("@vendor_ts__anyhow-1.0.100//:anyhow"), "argfile": Label("@vendor_ts__argfile-0.2.1//:argfile"), "chalk-ir": Label("@vendor_ts__chalk-ir-0.104.0//:chalk_ir"), "chrono": Label("@vendor_ts__chrono-0.4.42//:chrono"), - "clap": Label("@vendor_ts__clap-4.5.47//:clap"), + "clap": Label("@vendor_ts__clap-4.5.48//:clap"), "dunce": Label("@vendor_ts__dunce-1.0.5//:dunce"), "figment": Label("@vendor_ts__figment-0.10.19//:figment"), "glob": Label("@vendor_ts__glob-0.3.3//:glob"), @@ -351,10 +351,10 @@ _NORMAL_DEPENDENCIES = { "ra_ap_span": Label("@vendor_ts__ra_ap_span-0.0.301//:ra_ap_span"), "ra_ap_syntax": Label("@vendor_ts__ra_ap_syntax-0.0.301//:ra_ap_syntax"), "ra_ap_vfs": Label("@vendor_ts__ra_ap_vfs-0.0.301//:ra_ap_vfs"), - "serde": Label("@vendor_ts__serde-1.0.219//:serde"), - "serde_json": Label("@vendor_ts__serde_json-1.0.143//:serde_json"), - "serde_with": Label("@vendor_ts__serde_with-3.14.0//:serde_with"), - "toml": Label("@vendor_ts__toml-0.9.5//:toml"), + "serde": Label("@vendor_ts__serde-1.0.228//:serde"), + "serde_json": Label("@vendor_ts__serde_json-1.0.145//:serde_json"), + "serde_with": Label("@vendor_ts__serde_with-3.14.1//:serde_with"), + "toml": Label("@vendor_ts__toml-0.9.7//:toml"), "tracing": Label("@vendor_ts__tracing-0.1.41//:tracing"), "tracing-flame": Label("@vendor_ts__tracing-flame-0.2.0//:tracing_flame"), "tracing-subscriber": Label("@vendor_ts__tracing-subscriber-0.3.20//:tracing_subscriber"), @@ -363,7 +363,7 @@ _NORMAL_DEPENDENCIES = { }, "rust/extractor/macros": { _COMMON_CONDITION: { - "quote": Label("@vendor_ts__quote-1.0.40//:quote"), + "quote": Label("@vendor_ts__quote-1.0.41//:quote"), "syn": Label("@vendor_ts__syn-2.0.106//:syn"), }, }, @@ -376,9 +376,9 @@ _NORMAL_DEPENDENCIES = { "lazy_static": Label("@vendor_ts__lazy_static-1.5.0//:lazy_static"), "num_cpus": Label("@vendor_ts__num_cpus-1.17.0//:num_cpus"), "rayon": Label("@vendor_ts__rayon-1.11.0//:rayon"), - "regex": Label("@vendor_ts__regex-1.11.2//:regex"), - "serde": Label("@vendor_ts__serde-1.0.219//:serde"), - "serde_json": Label("@vendor_ts__serde_json-1.0.143//:serde_json"), + "regex": Label("@vendor_ts__regex-1.11.3//:regex"), + "serde": Label("@vendor_ts__serde-1.0.228//:serde"), + "serde_json": Label("@vendor_ts__serde_json-1.0.145//:serde_json"), "tracing": Label("@vendor_ts__tracing-0.1.41//:tracing"), "tracing-subscriber": Label("@vendor_ts__tracing-subscriber-0.3.20//:tracing_subscriber"), "tree-sitter": Label("@vendor_ts__tree-sitter-0.25.9//:tree_sitter"), @@ -748,12 +748,12 @@ def crate_repositories(): maybe( http_archive, - name = "vendor_ts__anyhow-1.0.99", - sha256 = "b0674a1ddeecb70197781e945de4b3b8ffb61fa939a5597bcf48503737663100", + name = "vendor_ts__anyhow-1.0.100", + sha256 = "a23eb6b1614318a8071c9b2521f36b424b2c83db5eb3a0fead4a6c0809af6e61", type = "tar.gz", - urls = ["https://static.crates.io/crates/anyhow/1.0.99/download"], - strip_prefix = "anyhow-1.0.99", - build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.anyhow-1.0.99.bazel"), + urls = ["https://static.crates.io/crates/anyhow/1.0.100/download"], + strip_prefix = "anyhow-1.0.100", + build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.anyhow-1.0.100.bazel"), ) maybe( @@ -1018,22 +1018,22 @@ def crate_repositories(): maybe( http_archive, - name = "vendor_ts__clap-4.5.47", - sha256 = "7eac00902d9d136acd712710d71823fb8ac8004ca445a89e73a41d45aa712931", + name = "vendor_ts__clap-4.5.48", + sha256 = "e2134bb3ea021b78629caa971416385309e0131b351b25e01dc16fb54e1b5fae", type = "tar.gz", - urls = ["https://static.crates.io/crates/clap/4.5.47/download"], - strip_prefix = "clap-4.5.47", - build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.clap-4.5.47.bazel"), + urls = ["https://static.crates.io/crates/clap/4.5.48/download"], + strip_prefix = "clap-4.5.48", + build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.clap-4.5.48.bazel"), ) maybe( http_archive, - name = "vendor_ts__clap_builder-4.5.47", - sha256 = "2ad9bbf750e73b5884fb8a211a9424a1906c1e156724260fdae972f31d70e1d6", + name = "vendor_ts__clap_builder-4.5.48", + sha256 = "c2ba64afa3c0a6df7fa517765e31314e983f51dda798ffba27b988194fb65dc9", type = "tar.gz", - urls = ["https://static.crates.io/crates/clap_builder/4.5.47/download"], - strip_prefix = "clap_builder-4.5.47", - build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.clap_builder-4.5.47.bazel"), + urls = ["https://static.crates.io/crates/clap_builder/4.5.48/download"], + strip_prefix = "clap_builder-4.5.48", + build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.clap_builder-4.5.48.bazel"), ) maybe( @@ -1158,32 +1158,32 @@ def crate_repositories(): maybe( http_archive, - name = "vendor_ts__darling-0.20.11", - sha256 = "fc7f46116c46ff9ab3eb1597a45688b6715c6e628b5c133e288e709a29bcb4ee", + name = "vendor_ts__darling-0.21.3", + sha256 = "9cdf337090841a411e2a7f3deb9187445851f91b309c0c0a29e05f74a00a48c0", type = "tar.gz", - urls = ["https://static.crates.io/crates/darling/0.20.11/download"], - strip_prefix = "darling-0.20.11", - build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.darling-0.20.11.bazel"), + urls = ["https://static.crates.io/crates/darling/0.21.3/download"], + strip_prefix = "darling-0.21.3", + build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.darling-0.21.3.bazel"), ) maybe( http_archive, - name = "vendor_ts__darling_core-0.20.11", - sha256 = "0d00b9596d185e565c2207a0b01f8bd1a135483d02d9b7b0a54b11da8d53412e", + name = "vendor_ts__darling_core-0.21.3", + sha256 = "1247195ecd7e3c85f83c8d2a366e4210d588e802133e1e355180a9870b517ea4", type = "tar.gz", - urls = ["https://static.crates.io/crates/darling_core/0.20.11/download"], - strip_prefix = "darling_core-0.20.11", - build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.darling_core-0.20.11.bazel"), + urls = ["https://static.crates.io/crates/darling_core/0.21.3/download"], + strip_prefix = "darling_core-0.21.3", + build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.darling_core-0.21.3.bazel"), ) maybe( http_archive, - name = "vendor_ts__darling_macro-0.20.11", - sha256 = "fc34b93ccb385b40dc71c6fceac4b2ad23662c7eeb248cf10d529b7e055b6ead", + name = "vendor_ts__darling_macro-0.21.3", + sha256 = "d38308df82d1080de0afee5d069fa14b0326a88c14f15c5ccda35b4a6c414c81", type = "tar.gz", - urls = ["https://static.crates.io/crates/darling_macro/0.20.11/download"], - strip_prefix = "darling_macro-0.20.11", - build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.darling_macro-0.20.11.bazel"), + urls = ["https://static.crates.io/crates/darling_macro/0.21.3/download"], + strip_prefix = "darling_macro-0.21.3", + build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.darling_macro-0.21.3.bazel"), ) maybe( @@ -1698,12 +1698,12 @@ def crate_repositories(): maybe( http_archive, - name = "vendor_ts__indexmap-2.11.1", - sha256 = "206a8042aec68fa4a62e8d3f7aa4ceb508177d9324faf261e1959e495b7a1921", + name = "vendor_ts__indexmap-2.11.4", + sha256 = "4b0f83760fb341a774ed326568e19f5a863af4a952def8c39f9ab92fd95b88e5", type = "tar.gz", - urls = ["https://static.crates.io/crates/indexmap/2.11.1/download"], - strip_prefix = "indexmap-2.11.1", - build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.indexmap-2.11.1.bazel"), + urls = ["https://static.crates.io/crates/indexmap/2.11.4/download"], + strip_prefix = "indexmap-2.11.4", + build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.indexmap-2.11.4.bazel"), ) maybe( @@ -2278,12 +2278,12 @@ def crate_repositories(): maybe( http_archive, - name = "vendor_ts__quote-1.0.40", - sha256 = "1885c039570dc00dcb4ff087a89e185fd56bae234ddc7f056a945bf36467248d", + name = "vendor_ts__quote-1.0.41", + sha256 = "ce25767e7b499d1b604768e7cde645d14cc8584231ea6b295e9c9eb22c02e1d1", type = "tar.gz", - urls = ["https://static.crates.io/crates/quote/1.0.40/download"], - strip_prefix = "quote-1.0.40", - build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.quote-1.0.40.bazel"), + urls = ["https://static.crates.io/crates/quote/1.0.41/download"], + strip_prefix = "quote-1.0.41", + build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.quote-1.0.41.bazel"), ) maybe( @@ -2708,22 +2708,22 @@ def crate_repositories(): maybe( http_archive, - name = "vendor_ts__regex-1.11.2", - sha256 = "23d7fd106d8c02486a8d64e778353d1cffe08ce79ac2e82f540c86d0facf6912", + name = "vendor_ts__regex-1.11.3", + sha256 = "8b5288124840bee7b386bc413c487869b360b2b4ec421ea56425128692f2a82c", type = "tar.gz", - urls = ["https://static.crates.io/crates/regex/1.11.2/download"], - strip_prefix = "regex-1.11.2", - build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.regex-1.11.2.bazel"), + urls = ["https://static.crates.io/crates/regex/1.11.3/download"], + strip_prefix = "regex-1.11.3", + build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.regex-1.11.3.bazel"), ) maybe( http_archive, - name = "vendor_ts__regex-automata-0.4.10", - sha256 = "6b9458fa0bfeeac22b5ca447c63aaf45f28439a709ccd244698632f9aa6394d6", + name = "vendor_ts__regex-automata-0.4.11", + sha256 = "833eb9ce86d40ef33cb1306d8accf7bc8ec2bfea4355cbdebb3df68b40925cad", type = "tar.gz", - urls = ["https://static.crates.io/crates/regex-automata/0.4.10/download"], - strip_prefix = "regex-automata-0.4.10", - build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.regex-automata-0.4.10.bazel"), + urls = ["https://static.crates.io/crates/regex-automata/0.4.11/download"], + strip_prefix = "regex-automata-0.4.11", + build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.regex-automata-0.4.11.bazel"), ) maybe( @@ -2918,12 +2918,12 @@ def crate_repositories(): maybe( http_archive, - name = "vendor_ts__serde-1.0.219", - sha256 = "5f0e2c6ed6606019b4e29e69dbaba95b11854410e5347d525002456dbbb786b6", + name = "vendor_ts__serde-1.0.228", + sha256 = "9a8e94ea7f378bd32cbbd37198a4a91436180c5bb472411e48b5ec2e2124ae9e", type = "tar.gz", - urls = ["https://static.crates.io/crates/serde/1.0.219/download"], - strip_prefix = "serde-1.0.219", - build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.serde-1.0.219.bazel"), + urls = ["https://static.crates.io/crates/serde/1.0.228/download"], + strip_prefix = "serde-1.0.228", + build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.serde-1.0.228.bazel"), ) maybe( @@ -2948,22 +2948,32 @@ def crate_repositories(): maybe( http_archive, - name = "vendor_ts__serde_derive-1.0.219", - sha256 = "5b0276cf7f2c73365f7157c8123c21cd9a50fbbd844757af28ca1f5925fc2a00", + name = "vendor_ts__serde_core-1.0.228", + sha256 = "41d385c7d4ca58e59fc732af25c3983b67ac852c1a25000afe1175de458b67ad", type = "tar.gz", - urls = ["https://static.crates.io/crates/serde_derive/1.0.219/download"], - strip_prefix = "serde_derive-1.0.219", - build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.serde_derive-1.0.219.bazel"), + urls = ["https://static.crates.io/crates/serde_core/1.0.228/download"], + strip_prefix = "serde_core-1.0.228", + build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.serde_core-1.0.228.bazel"), ) maybe( http_archive, - name = "vendor_ts__serde_json-1.0.143", - sha256 = "d401abef1d108fbd9cbaebc3e46611f4b1021f714a0597a71f41ee463f5f4a5a", + name = "vendor_ts__serde_derive-1.0.228", + sha256 = "d540f220d3187173da220f885ab66608367b6574e925011a9353e4badda91d79", type = "tar.gz", - urls = ["https://static.crates.io/crates/serde_json/1.0.143/download"], - strip_prefix = "serde_json-1.0.143", - build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.serde_json-1.0.143.bazel"), + urls = ["https://static.crates.io/crates/serde_derive/1.0.228/download"], + strip_prefix = "serde_derive-1.0.228", + build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.serde_derive-1.0.228.bazel"), + ) + + maybe( + http_archive, + name = "vendor_ts__serde_json-1.0.145", + sha256 = "402a6f66d8c709116cf22f558eab210f5a50187f702eb4d7e5ef38d9a7f1c79c", + type = "tar.gz", + urls = ["https://static.crates.io/crates/serde_json/1.0.145/download"], + strip_prefix = "serde_json-1.0.145", + build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.serde_json-1.0.145.bazel"), ) maybe( @@ -2978,32 +2988,32 @@ def crate_repositories(): maybe( http_archive, - name = "vendor_ts__serde_spanned-1.0.0", - sha256 = "40734c41988f7306bb04f0ecf60ec0f3f1caa34290e4e8ea471dcd3346483b83", + name = "vendor_ts__serde_spanned-1.0.2", + sha256 = "5417783452c2be558477e104686f7de5dae53dba813c28435e0e70f82d9b04ee", type = "tar.gz", - urls = ["https://static.crates.io/crates/serde_spanned/1.0.0/download"], - strip_prefix = "serde_spanned-1.0.0", - build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.serde_spanned-1.0.0.bazel"), + urls = ["https://static.crates.io/crates/serde_spanned/1.0.2/download"], + strip_prefix = "serde_spanned-1.0.2", + build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.serde_spanned-1.0.2.bazel"), ) maybe( http_archive, - name = "vendor_ts__serde_with-3.14.0", - sha256 = "f2c45cd61fefa9db6f254525d46e392b852e0e61d9a1fd36e5bd183450a556d5", + name = "vendor_ts__serde_with-3.14.1", + sha256 = "c522100790450cf78eeac1507263d0a350d4d5b30df0c8e1fe051a10c22b376e", type = "tar.gz", - urls = ["https://static.crates.io/crates/serde_with/3.14.0/download"], - strip_prefix = "serde_with-3.14.0", - build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.serde_with-3.14.0.bazel"), + urls = ["https://static.crates.io/crates/serde_with/3.14.1/download"], + strip_prefix = "serde_with-3.14.1", + build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.serde_with-3.14.1.bazel"), ) maybe( http_archive, - name = "vendor_ts__serde_with_macros-3.14.0", - sha256 = "de90945e6565ce0d9a25098082ed4ee4002e047cb59892c318d66821e14bb30f", + name = "vendor_ts__serde_with_macros-3.14.1", + sha256 = "327ada00f7d64abaac1e55a6911e90cf665aa051b9a561c7006c157f4633135e", type = "tar.gz", - urls = ["https://static.crates.io/crates/serde_with_macros/3.14.0/download"], - strip_prefix = "serde_with_macros-3.14.0", - build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.serde_with_macros-3.14.0.bazel"), + urls = ["https://static.crates.io/crates/serde_with_macros/3.14.1/download"], + strip_prefix = "serde_with_macros-3.14.1", + build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.serde_with_macros-3.14.1.bazel"), ) maybe( @@ -3218,12 +3228,12 @@ def crate_repositories(): maybe( http_archive, - name = "vendor_ts__toml-0.9.5", - sha256 = "75129e1dc5000bfbaa9fee9d1b21f974f9fbad9daec557a521ee6e080825f6e8", + name = "vendor_ts__toml-0.9.7", + sha256 = "00e5e5d9bf2475ac9d4f0d9edab68cc573dc2fd644b0dba36b0c30a92dd9eaa0", type = "tar.gz", - urls = ["https://static.crates.io/crates/toml/0.9.5/download"], - strip_prefix = "toml-0.9.5", - build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.toml-0.9.5.bazel"), + urls = ["https://static.crates.io/crates/toml/0.9.7/download"], + strip_prefix = "toml-0.9.7", + build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.toml-0.9.7.bazel"), ) maybe( @@ -3238,12 +3248,12 @@ def crate_repositories(): maybe( http_archive, - name = "vendor_ts__toml_datetime-0.7.0", - sha256 = "bade1c3e902f58d73d3f294cd7f20391c1cb2fbcb643b73566bc773971df91e3", + name = "vendor_ts__toml_datetime-0.7.2", + sha256 = "32f1085dec27c2b6632b04c80b3bb1b4300d6495d1e129693bdda7d91e72eec1", type = "tar.gz", - urls = ["https://static.crates.io/crates/toml_datetime/0.7.0/download"], - strip_prefix = "toml_datetime-0.7.0", - build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.toml_datetime-0.7.0.bazel"), + urls = ["https://static.crates.io/crates/toml_datetime/0.7.2/download"], + strip_prefix = "toml_datetime-0.7.2", + build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.toml_datetime-0.7.2.bazel"), ) maybe( @@ -3258,12 +3268,12 @@ def crate_repositories(): maybe( http_archive, - name = "vendor_ts__toml_parser-1.0.2", - sha256 = "b551886f449aa90d4fe2bdaa9f4a2577ad2dde302c61ecf262d80b116db95c10", + name = "vendor_ts__toml_parser-1.0.3", + sha256 = "4cf893c33be71572e0e9aa6dd15e6677937abd686b066eac3f8cd3531688a627", type = "tar.gz", - urls = ["https://static.crates.io/crates/toml_parser/1.0.2/download"], - strip_prefix = "toml_parser-1.0.2", - build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.toml_parser-1.0.2.bazel"), + urls = ["https://static.crates.io/crates/toml_parser/1.0.3/download"], + strip_prefix = "toml_parser-1.0.3", + build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.toml_parser-1.0.3.bazel"), ) maybe( @@ -3278,12 +3288,12 @@ def crate_repositories(): maybe( http_archive, - name = "vendor_ts__toml_writer-1.0.2", - sha256 = "fcc842091f2def52017664b53082ecbbeb5c7731092bad69d2c63050401dfd64", + name = "vendor_ts__toml_writer-1.0.3", + sha256 = "d163a63c116ce562a22cda521fcc4d79152e7aba014456fb5eb442f6d6a10109", type = "tar.gz", - urls = ["https://static.crates.io/crates/toml_writer/1.0.2/download"], - strip_prefix = "toml_writer-1.0.2", - build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.toml_writer-1.0.2.bazel"), + urls = ["https://static.crates.io/crates/toml_writer/1.0.3/download"], + strip_prefix = "toml_writer-1.0.3", + build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.toml_writer-1.0.3.bazel"), ) maybe( @@ -3358,12 +3368,12 @@ def crate_repositories(): maybe( http_archive, - name = "vendor_ts__tree-sitter-embedded-template-0.23.2", - sha256 = "790063ef14e5b67556abc0b3be0ed863fb41d65ee791cf8c0b20eb42a1fa46af", + name = "vendor_ts__tree-sitter-embedded-template-0.25.0", + sha256 = "833d528e8fcb4e49ddb04d4d6450ddb8ac08f282a58fec94ce981c9c5dbf7e3a", type = "tar.gz", - urls = ["https://static.crates.io/crates/tree-sitter-embedded-template/0.23.2/download"], - strip_prefix = "tree-sitter-embedded-template-0.23.2", - build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.tree-sitter-embedded-template-0.23.2.bazel"), + urls = ["https://static.crates.io/crates/tree-sitter-embedded-template/0.25.0/download"], + strip_prefix = "tree-sitter-embedded-template-0.25.0", + build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.tree-sitter-embedded-template-0.25.0.bazel"), ) maybe( @@ -4097,11 +4107,11 @@ def crate_repositories(): ) return [ - struct(repo = "vendor_ts__anyhow-1.0.99", is_dev_dep = False), + struct(repo = "vendor_ts__anyhow-1.0.100", is_dev_dep = False), struct(repo = "vendor_ts__argfile-0.2.1", is_dev_dep = False), struct(repo = "vendor_ts__chalk-ir-0.104.0", is_dev_dep = False), struct(repo = "vendor_ts__chrono-0.4.42", is_dev_dep = False), - struct(repo = "vendor_ts__clap-4.5.47", is_dev_dep = False), + struct(repo = "vendor_ts__clap-4.5.48", is_dev_dep = False), struct(repo = "vendor_ts__dunce-1.0.5", is_dev_dep = False), struct(repo = "vendor_ts__either-1.15.0", is_dev_dep = False), struct(repo = "vendor_ts__encoding-0.2.33", is_dev_dep = False), @@ -4115,7 +4125,7 @@ def crate_repositories(): struct(repo = "vendor_ts__num-traits-0.2.19", is_dev_dep = False), struct(repo = "vendor_ts__num_cpus-1.17.0", is_dev_dep = False), struct(repo = "vendor_ts__proc-macro2-1.0.101", is_dev_dep = False), - struct(repo = "vendor_ts__quote-1.0.40", is_dev_dep = False), + struct(repo = "vendor_ts__quote-1.0.41", is_dev_dep = False), struct(repo = "vendor_ts__ra_ap_base_db-0.0.301", is_dev_dep = False), struct(repo = "vendor_ts__ra_ap_cfg-0.0.301", is_dev_dep = False), struct(repo = "vendor_ts__ra_ap_hir-0.0.301", is_dev_dep = False), @@ -4133,17 +4143,17 @@ def crate_repositories(): struct(repo = "vendor_ts__ra_ap_syntax-0.0.301", is_dev_dep = False), struct(repo = "vendor_ts__ra_ap_vfs-0.0.301", is_dev_dep = False), struct(repo = "vendor_ts__rayon-1.11.0", is_dev_dep = False), - struct(repo = "vendor_ts__regex-1.11.2", is_dev_dep = False), - struct(repo = "vendor_ts__serde-1.0.219", is_dev_dep = False), - struct(repo = "vendor_ts__serde_json-1.0.143", is_dev_dep = False), - struct(repo = "vendor_ts__serde_with-3.14.0", is_dev_dep = False), + struct(repo = "vendor_ts__regex-1.11.3", is_dev_dep = False), + struct(repo = "vendor_ts__serde-1.0.228", is_dev_dep = False), + struct(repo = "vendor_ts__serde_json-1.0.145", is_dev_dep = False), + struct(repo = "vendor_ts__serde_with-3.14.1", is_dev_dep = False), struct(repo = "vendor_ts__syn-2.0.106", is_dev_dep = False), - struct(repo = "vendor_ts__toml-0.9.5", is_dev_dep = False), + struct(repo = "vendor_ts__toml-0.9.7", is_dev_dep = False), struct(repo = "vendor_ts__tracing-0.1.41", is_dev_dep = False), struct(repo = "vendor_ts__tracing-flame-0.2.0", is_dev_dep = False), struct(repo = "vendor_ts__tracing-subscriber-0.3.20", is_dev_dep = False), struct(repo = "vendor_ts__tree-sitter-0.25.9", is_dev_dep = False), - struct(repo = "vendor_ts__tree-sitter-embedded-template-0.23.2", is_dev_dep = False), + struct(repo = "vendor_ts__tree-sitter-embedded-template-0.25.0", is_dev_dep = False), struct(repo = "vendor_ts__tree-sitter-ruby-0.23.1", is_dev_dep = False), struct(repo = "vendor_ts__triomphe-0.1.14", is_dev_dep = False), struct(repo = "vendor_ts__ungrammar-1.16.1", is_dev_dep = False), diff --git a/misc/suite-helpers/qlpack.yml b/misc/suite-helpers/qlpack.yml index 7d71d83613d..7715f68107e 100644 --- a/misc/suite-helpers/qlpack.yml +++ b/misc/suite-helpers/qlpack.yml @@ -1,4 +1,4 @@ name: codeql/suite-helpers -version: 1.0.32 +version: 1.0.33-dev groups: shared warnOnImplicitThis: true diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml index 5eba946c3cf..35ab576bf1a 100644 --- a/python/ql/lib/qlpack.yml +++ b/python/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-all -version: 4.0.16 +version: 4.0.17-dev groups: python dbscheme: semmlecode.python.dbscheme extractor: python diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml index b42e054bdad..08336cbb3eb 100644 --- a/python/ql/src/qlpack.yml +++ b/python/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-queries -version: 1.6.6 +version: 1.6.7-dev groups: - python - queries diff --git a/ruby/extractor/Cargo.toml b/ruby/extractor/Cargo.toml index f4de37e8512..b6e1ae90119 100644 --- a/ruby/extractor/Cargo.toml +++ b/ruby/extractor/Cargo.toml @@ -8,15 +8,15 @@ edition = "2024" # When updating these dependencies, run `misc/bazel/3rdparty/update_cargo_deps.sh` [dependencies] tree-sitter = ">= 0.23.0" -tree-sitter-embedded-template = "0.23.2" +tree-sitter-embedded-template = "0.25.0" tree-sitter-ruby = "0.23.1" clap = { version = "4.5", features = ["derive"] } tracing = "0.1" tracing-subscriber = { version = "0.3.20", features = ["env-filter"] } rayon = "1.11.0" -regex = "1.11.2" +regex = "1.11.3" encoding = "0.2" lazy_static = "1.5.0" -serde_json = "1.0.143" +serde_json = "1.0.145" codeql-extractor = { path = "../../shared/tree-sitter-extractor" } diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml index 6dd0db034c3..a503103b95d 100644 --- a/ruby/ql/lib/qlpack.yml +++ b/ruby/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-all -version: 5.1.0 +version: 5.1.1-dev groups: ruby extractor: ruby dbscheme: ruby.dbscheme diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml index ce46bf8c37a..a01acd1d674 100644 --- a/ruby/ql/src/qlpack.yml +++ b/ruby/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-queries -version: 1.4.6 +version: 1.4.7-dev groups: - ruby - queries diff --git a/rust/ast-generator/Cargo.toml b/rust/ast-generator/Cargo.toml index a5270923722..fcba71b696c 100644 --- a/rust/ast-generator/Cargo.toml +++ b/rust/ast-generator/Cargo.toml @@ -8,10 +8,10 @@ license = "MIT" [dependencies] ungrammar = "1.16.1" proc-macro2 = "1.0.101" -quote = "1.0.40" +quote = "1.0.41" either = "1.15.0" stdx = {package = "ra_ap_stdx", version = "0.0.301"} itertools = "0.14.0" mustache = "0.9.0" -serde = { version = "1.0.219", features = ["derive"] } -anyhow = "1.0.99" +serde = { version = "1.0.228", features = ["derive"] } +anyhow = "1.0.100" diff --git a/rust/extractor/Cargo.toml b/rust/extractor/Cargo.toml index 0f87bc22f9e..223d9dfc68c 100644 --- a/rust/extractor/Cargo.toml +++ b/rust/extractor/Cargo.toml @@ -6,8 +6,8 @@ license = "MIT" # When updating these dependencies, run `rust/update_cargo_deps.sh` [dependencies] -anyhow = "1.0.99" -clap = { version = "4.5.47", features = ["derive"] } +anyhow = "1.0.100" +clap = { version = "4.5.48", features = ["derive"] } figment = { version = "0.10.19", features = ["env", "yaml"] } num-traits = "0.2.19" ra_ap_base_db = "0.0.301" @@ -25,8 +25,8 @@ ra_ap_parser = "0.0.301" ra_ap_span = "0.0.301" ra_ap_cfg = "0.0.301" ra_ap_intern = "0.0.301" -serde = "1.0.219" -serde_with = "3.14.0" +serde = "1.0.228" +serde_with = "3.14.1" triomphe = "0.1.14" argfile = "0.2.1" codeql-extractor = { path = "../../shared/tree-sitter-extractor" } @@ -34,9 +34,9 @@ rust-extractor-macros = { path = "macros" } itertools = "0.14.0" glob = "0.3.3" chrono = { version = "0.4.42", features = ["serde"] } -serde_json = "1.0.143" +serde_json = "1.0.145" dunce = "1.0.5" -toml = "0.9.5" +toml = "0.9.7" tracing = "0.1.41" tracing-flame = "0.2.0" tracing-subscriber = "0.3.20" diff --git a/rust/extractor/macros/Cargo.toml b/rust/extractor/macros/Cargo.toml index 013ebd986b4..e2e51876ee7 100644 --- a/rust/extractor/macros/Cargo.toml +++ b/rust/extractor/macros/Cargo.toml @@ -9,5 +9,5 @@ proc-macro = true # When updating these dependencies, run `rust/update_cargo_deps.sh` [dependencies] -quote = "1.0.40" +quote = "1.0.41" syn = { version = "2.0.106", features = ["full"] } diff --git a/rust/ql/.generated.list b/rust/ql/.generated.list index 92d0a7a4cd8..e3ec533203d 100644 --- a/rust/ql/.generated.list +++ b/rust/ql/.generated.list @@ -144,7 +144,7 @@ lib/codeql/rust/elements/SliceTypeRepr.qll 730e4d0eeefb9b2284e15b41cd0afc3cbe255 lib/codeql/rust/elements/SourceFile.qll 0b6a3e58767c07602b19975009a2ad53ecf1fd721302af543badb643c1fbb6c4 511d5564aab70b1fcd625e07f3d7e3ceb0c4811a5740de64a55a9a728ba8d32c lib/codeql/rust/elements/Static.qll 9dca6d4fb80fb4ead49a3de89bec2b02bae6f96fbc2601dde35a2aa69a9bfdb0 70f67bc75d7799dab04ea7a7fd13286bb76bbe514be16d23149c59dfb31fd0c9 lib/codeql/rust/elements/Stmt.qll 532b12973037301246daf7d8c0177f734202f43d9261c7a4ca6f5080eea8ca64 b838643c4f2b4623d2c816cddad0e68ca3e11f2879ab7beaece46f489ec4b1f3 -lib/codeql/rust/elements/StmtList.qll e874859ce03672d0085e47e0ca5e571b92b539b31bf0d5a8802f9727bef0c6b0 e5fe83237f713cdb57c446a6e1c20f645c2f49d9f5ef2c984032df83acb3c0de +lib/codeql/rust/elements/StmtList.qll 8bad277dfd88735195b8fd43bb1395cb2393c488d89304d6a6e6d8ec3eb24b73 cd1d483aecb8bb1876b8153a872f680febc2ef6c315d661c85ec1b2fa07e4fc0 lib/codeql/rust/elements/Struct.qll 297d3ea732fc7fbb8b8fb5479c1873ce84705146853ff752c84a6f70af12b923 3df0e5fd50a910a0b5611c3a860a1d7c318f6925c3a0727006d91840caf04812 lib/codeql/rust/elements/StructExpr.qll 84f384ef74c723796e514186037a91dd9666556f62c717f133ce22e9dda4425f 176497835252cfdfe110e58ebde9fbde553d03e44e07d3e4d8041e835dbf31b9 lib/codeql/rust/elements/StructExprField.qll 3eb9f17ecd1ad38679689eb4ecc169d3a0b5b7a3fc597ae5a957a7aea2f74e4f 8fcd26f266f203004899a60447ba16e7eae4e3a654fbec7f54e26857730ede93 @@ -385,7 +385,6 @@ lib/codeql/rust/elements/internal/StaticConstructor.qll 6dd7ee3fd16466c407de35b4 lib/codeql/rust/elements/internal/StaticImpl.qll 48071e29c72032b59ad82771d54be92ac0f4c1a68fb1129c5c7991385804d7b1 85c0be8e37a91d6e775b191f0cb52dd8bf70418e6e9947b82c58c40a6d73b406 lib/codeql/rust/elements/internal/StmtImpl.qll ea99d261f32592ff368cc3a1960864989897c92944f1675549e0753964cb562f 9117b4cdfad56f8fa3bc5d921c2146b4ff0658e8914ac51bf48eb3e68599dd6b lib/codeql/rust/elements/internal/StmtListConstructor.qll 435d59019e17a6279110a23d3d5dfbc1d1e16fc358a93a1d688484d22a754866 23fcb60a5cbb66174e459bc10bd7c28ed532fd1ab46f10b9f0c8a6291d3e343f -lib/codeql/rust/elements/internal/StmtListImpl.qll b39f93534013fe38fee68fbc0232146c92b5f90ee0f6e36da31fb1a3797b3175 2b26bc14c2afb94de2d27ba511eca21313b6fc021c827637cd5904154abb9f3f lib/codeql/rust/elements/internal/StructConstructor.qll 52921ea6e70421fd08884dc061d0c2dfbbb8dd83d98f1f3c70572cfe57b2a173 dcb3ea8e45ee875525c645fe5d08e6db9013b86bd351c77df4590d0c1439ab9f lib/codeql/rust/elements/internal/StructExprConstructor.qll 69761fa65a4bedf2893fdfc49753fd1289d9eb64cf405227458161b95fa550cb 72ed5f32dcf6a462d9d3cadfc57395a40ee6f4e294a88dbda78761b4a0759ece lib/codeql/rust/elements/internal/StructExprFieldConstructor.qll 6766d7941963904b3a704e64381a478d410c2ef88e8facbc82efca4e781dac96 a14ce465f0f4e43dea5c21c269d803b0ad452d2eb03f4342ea7a9f5d0b357d60 @@ -585,7 +584,7 @@ lib/codeql/rust/elements/internal/generated/PtrTypeRepr.qll 8d0ea4f6c7f8203340bf lib/codeql/rust/elements/internal/generated/PureSynthConstructors.qll e5b8e69519012bbaae29dcb82d53f7f7ecce368c0358ec27ef6180b228a0057f e5b8e69519012bbaae29dcb82d53f7f7ecce368c0358ec27ef6180b228a0057f lib/codeql/rust/elements/internal/generated/RangeExpr.qll 23cca03bf43535f33b22a38894f70d669787be4e4f5b8fe5c8f7b964d30e9027 18624cef6c6b679eeace2a98737e472432e0ead354cca02192b4d45330f047c9 lib/codeql/rust/elements/internal/generated/RangePat.qll 80826a6a6868a803aa2372e31c52a03e1811a3f1f2abdb469f91ca0bfdd9ecb6 34ee1e208c1690cba505dff2c588837c0cd91e185e2a87d1fe673191962276a9 -lib/codeql/rust/elements/internal/generated/Raw.qll ae8ebdaa26dc2dfbcc8d64c9c7b296de2e0e78086ce7545cbedfa1f560ef2ffa 6a78058f346e34a2da4dd984f76bf848d7d6708d4c0a35151303748cb0ea92fa +lib/codeql/rust/elements/internal/generated/Raw.qll 11d48da73543efe2d6c4c5a30ac8ecdd3c24dc64bbd10bf6976b53445e248ef1 72fddbec1e8e5029442c962599877459406010d81dece075147aa1cc37cf7a42 lib/codeql/rust/elements/internal/generated/RefExpr.qll 7d995884e3dc1c25fc719f5d7253179344d63650e217e9ff6530285fe7a57f64 f2c3c12551deea4964b66553fb9b6423ee16fec53bd63db4796191aa60dc6c66 lib/codeql/rust/elements/internal/generated/RefPat.qll 456ede39837463ee22a630ec7ab6c8630d3664a8ea206fcc6e4f199e92fa564c 5622062765f32930465ba6b170e986706f159f6070f48adee3c20e24e8df4e05 lib/codeql/rust/elements/internal/generated/RefTypeRepr.qll 5b0663a6d234572fb3e467e276d019415caa95ef006438cc59b7af4e1783161e 0e27c8a8f0e323c0e4d6db01fca821bf07c0864d293cdf96fa891b10820c1e4b @@ -600,7 +599,7 @@ lib/codeql/rust/elements/internal/generated/SliceTypeRepr.qll 6f4f9d7e29784ce95d lib/codeql/rust/elements/internal/generated/SourceFile.qll 4bc95c88b49868d1da1a887b35e43ae81e51a69407e79463f5e8824801859380 5641581d70241c0d0d0426976968576ebbef10c183f0371583b243e4e5bbf576 lib/codeql/rust/elements/internal/generated/Static.qll 1a6c87d3c5602e3d02268ebe2463a4ac64614ad25e8966a9bdb9c0ef58991365 cc1fe16d70cdce41a12e41a8f80cc38bdd7efa49c1544e35342fcf3cd26b8219 lib/codeql/rust/elements/internal/generated/Stmt.qll 8473ff532dd5cc9d7decaddcd174b94d610f6ca0aec8e473cc051dad9f3db917 6ef7d2b5237c2dbdcacbf7d8b39109d4dc100229f2b28b5c9e3e4fbf673ba72b -lib/codeql/rust/elements/internal/generated/StmtList.qll 816aebf8f56e179f5f0ba03e80d257ee85459ea757392356a0af6dbd0cd9ef5e 6aa51cdcdc8d93427555fa93f0e84afdfbbd4ffc8b8d378ae4a22b5b6f94f48b +lib/codeql/rust/elements/internal/generated/StmtList.qll 834b87cd93f0c5b41736fb52a6c25fd0e3bdce41d5a64cb3d0810c54e90507f4 ec42f2dfa322044ceaaf90d278f0e7e751d63710facbaf3f5ee69ca3c64ecd06 lib/codeql/rust/elements/internal/generated/Struct.qll 999da1b46e40d6e03fd2338fea02429462877c329c5d1338618cbd886a81567e daa7ff7bd32c554462e0a1502d8319cb5e734e056d0564e06596e416e2b88e9d lib/codeql/rust/elements/internal/generated/StructExpr.qll e77702890561102af38f52d836729e82569c964f8d4c7e680b27992c1ff0f141 23dc51f68107ab0e5c9dd88a6bcc85bb66e8e0f4064cb4d416f50f2ba5db698c lib/codeql/rust/elements/internal/generated/StructExprField.qll 6bdc52ed325fd014495410c619536079b8c404e2247bd2435aa7685dd56c3833 501a30650cf813176ff325a1553da6030f78d14be3f84fea6d38032f4262c6b0 diff --git a/rust/ql/.gitattributes b/rust/ql/.gitattributes index 19f5c284240..df4a65e7d95 100644 --- a/rust/ql/.gitattributes +++ b/rust/ql/.gitattributes @@ -387,7 +387,6 @@ /lib/codeql/rust/elements/internal/StaticImpl.qll linguist-generated /lib/codeql/rust/elements/internal/StmtImpl.qll linguist-generated /lib/codeql/rust/elements/internal/StmtListConstructor.qll linguist-generated -/lib/codeql/rust/elements/internal/StmtListImpl.qll linguist-generated /lib/codeql/rust/elements/internal/StructConstructor.qll linguist-generated /lib/codeql/rust/elements/internal/StructExprConstructor.qll linguist-generated /lib/codeql/rust/elements/internal/StructExprFieldConstructor.qll linguist-generated diff --git a/rust/ql/integration-tests/hello-workspace/exe/src/main.rs b/rust/ql/integration-tests/hello-workspace/exe/src/main.rs index ea26a90c319..5bb9375719e 100644 --- a/rust/ql/integration-tests/hello-workspace/exe/src/main.rs +++ b/rust/ql/integration-tests/hello-workspace/exe/src/main.rs @@ -1,7 +1,10 @@ use lib::a_module::hello; // $ item=HELLO +use lib::my_macro2; // $ item=my_macro2 + mod a_module; fn main() { + my_macro2!(); // $ item=my_macro2 hello(); // $ item=HELLO } diff --git a/rust/ql/integration-tests/hello-workspace/functions.expected b/rust/ql/integration-tests/hello-workspace/functions.expected index 0633774edf7..6d8aa73cd83 100644 --- a/rust/ql/integration-tests/hello-workspace/functions.expected +++ b/rust/ql/integration-tests/hello-workspace/functions.expected @@ -1,2 +1,2 @@ -| exe/src/main.rs:5:1:7:1 | fn main | -| lib/src/a_module/mod.rs:1:1:3:1 | fn hello | +| exe/src/main.rs:7:1:10:1 | fn main | +| lib/src/a_module/mod.rs:1:1:4:1 | fn hello | diff --git a/rust/ql/integration-tests/hello-workspace/lib/src/a_module/mod.rs b/rust/ql/integration-tests/hello-workspace/lib/src/a_module/mod.rs index dca921ab643..04076c6cd29 100644 --- a/rust/ql/integration-tests/hello-workspace/lib/src/a_module/mod.rs +++ b/rust/ql/integration-tests/hello-workspace/lib/src/a_module/mod.rs @@ -1,3 +1,4 @@ pub fn hello() { - println!("Hello, world!"); + my_macro2!(); // $ item=my_macro2 + println!("Hello, world!"); // $ item=println } // HELLO diff --git a/rust/ql/integration-tests/hello-workspace/lib/src/lib.rs b/rust/ql/integration-tests/hello-workspace/lib/src/lib.rs index e5b38ec20f6..f313f76edad 100644 --- a/rust/ql/integration-tests/hello-workspace/lib/src/lib.rs +++ b/rust/ql/integration-tests/hello-workspace/lib/src/lib.rs @@ -1 +1,17 @@ +#[macro_use] +mod macros { + #[macro_export] + macro_rules! my_macro1 { + () => { + println!("my_macro!"); + }; + } + #[macro_export] + macro_rules! my_macro2 { + () => { + $crate::my_macro1!(); + }; + } +} + pub mod a_module; diff --git a/rust/ql/integration-tests/hello-workspace/path-resolution.expected b/rust/ql/integration-tests/hello-workspace/path-resolution.expected index e69de29bb2d..2ac01b2837c 100644 --- a/rust/ql/integration-tests/hello-workspace/path-resolution.expected +++ b/rust/ql/integration-tests/hello-workspace/path-resolution.expected @@ -0,0 +1,4 @@ +testFailures +resolveDollarCrate +| exe/src/main.rs:8:5:8:14 | $crate | lib/src/lib.rs:0:0:0:0 | Crate(lib@0.1.0) | +| lib/src/a_module/mod.rs:2:5:2:14 | $crate | lib/src/lib.rs:0:0:0:0 | Crate(lib@0.1.0) | diff --git a/rust/ql/integration-tests/hello-workspace/path-resolution.ql b/rust/ql/integration-tests/hello-workspace/path-resolution.ql index bf0a548fbb6..9ec97b61eeb 100644 --- a/rust/ql/integration-tests/hello-workspace/path-resolution.ql +++ b/rust/ql/integration-tests/hello-workspace/path-resolution.ql @@ -1 +1,10 @@ +import rust +import codeql.rust.internal.PathResolution import utils.test.PathResolutionInlineExpectationsTest + +query predicate resolveDollarCrate(RelevantPath p, Crate c) { + c = resolvePath(p) and + p.isDollarCrate() and + p.fromSource() and + c.fromSource() +} diff --git a/rust/ql/integration-tests/hello-workspace/summary.cargo.expected b/rust/ql/integration-tests/hello-workspace/summary.cargo.expected index 5912f7d69ba..cb07b66d437 100644 --- a/rust/ql/integration-tests/hello-workspace/summary.cargo.expected +++ b/rust/ql/integration-tests/hello-workspace/summary.cargo.expected @@ -9,8 +9,8 @@ | Inconsistencies - Path resolution | 0 | | Inconsistencies - SSA | 0 | | Inconsistencies - data flow | 0 | -| Lines of code extracted | 9 | -| Lines of user code extracted | 9 | -| Macro calls - resolved | 2 | -| Macro calls - total | 2 | +| Lines of code extracted | 21 | +| Lines of user code extracted | 21 | +| Macro calls - resolved | 10 | +| Macro calls - total | 10 | | Macro calls - unresolved | 0 | diff --git a/rust/ql/integration-tests/hello-workspace/summary.rust-project.expected b/rust/ql/integration-tests/hello-workspace/summary.rust-project.expected index 5912f7d69ba..cb07b66d437 100644 --- a/rust/ql/integration-tests/hello-workspace/summary.rust-project.expected +++ b/rust/ql/integration-tests/hello-workspace/summary.rust-project.expected @@ -9,8 +9,8 @@ | Inconsistencies - Path resolution | 0 | | Inconsistencies - SSA | 0 | | Inconsistencies - data flow | 0 | -| Lines of code extracted | 9 | -| Lines of user code extracted | 9 | -| Macro calls - resolved | 2 | -| Macro calls - total | 2 | +| Lines of code extracted | 21 | +| Lines of user code extracted | 21 | +| Macro calls - resolved | 10 | +| Macro calls - total | 10 | | Macro calls - unresolved | 0 | diff --git a/rust/ql/integration-tests/query-suite/rust-code-scanning.qls.expected b/rust/ql/integration-tests/query-suite/rust-code-scanning.qls.expected index 1b8e1015a1f..429ba192224 100644 --- a/rust/ql/integration-tests/query-suite/rust-code-scanning.qls.expected +++ b/rust/ql/integration-tests/query-suite/rust-code-scanning.qls.expected @@ -17,6 +17,7 @@ ql/rust/ql/src/queries/security/CWE-312/CleartextStorageDatabase.ql ql/rust/ql/src/queries/security/CWE-319/UseOfHttp.ql ql/rust/ql/src/queries/security/CWE-327/BrokenCryptoAlgorithm.ql ql/rust/ql/src/queries/security/CWE-328/WeakSensitiveDataHashing.ql +ql/rust/ql/src/queries/security/CWE-614/InsecureCookie.ql ql/rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSize.ql ql/rust/ql/src/queries/security/CWE-798/HardcodedCryptographicValue.ql ql/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql diff --git a/rust/ql/integration-tests/query-suite/rust-security-and-quality.qls.expected b/rust/ql/integration-tests/query-suite/rust-security-and-quality.qls.expected index a2d2e2b820c..483cb52881d 100644 --- a/rust/ql/integration-tests/query-suite/rust-security-and-quality.qls.expected +++ b/rust/ql/integration-tests/query-suite/rust-security-and-quality.qls.expected @@ -18,6 +18,7 @@ ql/rust/ql/src/queries/security/CWE-312/CleartextStorageDatabase.ql ql/rust/ql/src/queries/security/CWE-319/UseOfHttp.ql ql/rust/ql/src/queries/security/CWE-327/BrokenCryptoAlgorithm.ql ql/rust/ql/src/queries/security/CWE-328/WeakSensitiveDataHashing.ql +ql/rust/ql/src/queries/security/CWE-614/InsecureCookie.ql ql/rust/ql/src/queries/security/CWE-696/BadCtorInitialization.ql ql/rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSize.ql ql/rust/ql/src/queries/security/CWE-798/HardcodedCryptographicValue.ql diff --git a/rust/ql/integration-tests/query-suite/rust-security-extended.qls.expected b/rust/ql/integration-tests/query-suite/rust-security-extended.qls.expected index 9000990ad84..f09d9280ac9 100644 --- a/rust/ql/integration-tests/query-suite/rust-security-extended.qls.expected +++ b/rust/ql/integration-tests/query-suite/rust-security-extended.qls.expected @@ -18,6 +18,7 @@ ql/rust/ql/src/queries/security/CWE-312/CleartextStorageDatabase.ql ql/rust/ql/src/queries/security/CWE-319/UseOfHttp.ql ql/rust/ql/src/queries/security/CWE-327/BrokenCryptoAlgorithm.ql ql/rust/ql/src/queries/security/CWE-328/WeakSensitiveDataHashing.ql +ql/rust/ql/src/queries/security/CWE-614/InsecureCookie.ql ql/rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSize.ql ql/rust/ql/src/queries/security/CWE-798/HardcodedCryptographicValue.ql ql/rust/ql/src/queries/security/CWE-825/AccessAfterLifetime.ql diff --git a/rust/ql/lib/change-notes/2025-09-29-data-flow-function-pointer.md b/rust/ql/lib/change-notes/2025-09-29-data-flow-function-pointer.md new file mode 100644 index 00000000000..7d1adb06e74 --- /dev/null +++ b/rust/ql/lib/change-notes/2025-09-29-data-flow-function-pointer.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Improve data flow through functions being passed as function pointers. \ No newline at end of file diff --git a/rust/ql/lib/codeql/rust/controlflow/internal/ControlFlowGraphImpl.qll b/rust/ql/lib/codeql/rust/controlflow/internal/ControlFlowGraphImpl.qll index f87daaaf51a..c3fb15ec0e7 100644 --- a/rust/ql/lib/codeql/rust/controlflow/internal/ControlFlowGraphImpl.qll +++ b/rust/ql/lib/codeql/rust/controlflow/internal/ControlFlowGraphImpl.qll @@ -266,15 +266,8 @@ module ExprTrees { } } - private AstNode getBlockChildNode(BlockExpr b, int i) { - result = b.getStmtList().getStatement(i) - or - i = b.getStmtList().getNumberOfStatements() and - result = b.getStmtList().getTailExpr() - } - class AsyncBlockExprTree extends StandardTree, PreOrderTree, PostOrderTree, AsyncBlockExpr { - override AstNode getChildNode(int i) { result = getBlockChildNode(this, i) } + override AstNode getChildNode(int i) { result = this.getStmtList().getStmtOrExpr(i) } override predicate propagatesAbnormal(AstNode child) { none() } } @@ -282,7 +275,7 @@ module ExprTrees { class BlockExprTree extends StandardPostOrderTree, BlockExpr { BlockExprTree() { not this.isAsync() } - override AstNode getChildNode(int i) { result = getBlockChildNode(this, i) } + override AstNode getChildNode(int i) { result = this.getStmtList().getStmtOrExpr(i) } override predicate propagatesAbnormal(AstNode child) { child = this.getChildNode(_) } } diff --git a/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll b/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll index 4c252dfcd0f..9fa0f0a5a83 100644 --- a/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll +++ b/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll @@ -295,13 +295,10 @@ module LocalFlow { class LambdaCallKind = Unit; /** Holds if `creation` is an expression that creates a lambda of kind `kind`. */ -predicate lambdaCreationExpr(Expr creation, LambdaCallKind kind) { - ( - creation instanceof ClosureExpr - or - creation instanceof Scope::AsyncBlockScope - ) and - exists(kind) +predicate lambdaCreationExpr(Expr creation) { + creation instanceof ClosureExpr + or + creation instanceof Scope::AsyncBlockScope } /** @@ -810,8 +807,15 @@ module RustDataFlow implements InputSig { /** Holds if `creation` is an expression that creates a lambda of kind `kind` for `c`. */ predicate lambdaCreation(Node creation, LambdaCallKind kind, DataFlowCallable c) { - exists(Expr e | - e = creation.asExpr().getExpr() and lambdaCreationExpr(e, kind) and e = c.asCfgScope() + exists(kind) and + exists(Expr e | e = creation.asExpr().getExpr() | + lambdaCreationExpr(e) and e = c.asCfgScope() + or + // A path expression, that resolves to a function, evaluates to a function + // pointer. Except if the path occurs directly in a call, then it's just a + // call to the function and not a function being passed as data. + resolvePath(e.(PathExpr).getPath()) = c.asCfgScope() and + not any(CallExpr call).getFunction() = e ) } @@ -931,7 +935,7 @@ module VariableCapture { } class ClosureExpr extends Expr instanceof ExprCfgNode { - ClosureExpr() { lambdaCreationExpr(super.getExpr(), _) } + ClosureExpr() { lambdaCreationExpr(super.getExpr()) } predicate hasBody(Callable body) { body = super.getExpr() } diff --git a/rust/ql/lib/codeql/rust/dataflow/internal/Node.qll b/rust/ql/lib/codeql/rust/dataflow/internal/Node.qll index a1bdc367d0a..e46b4375c04 100644 --- a/rust/ql/lib/codeql/rust/dataflow/internal/Node.qll +++ b/rust/ql/lib/codeql/rust/dataflow/internal/Node.qll @@ -454,7 +454,7 @@ newtype TNode = or lambdaCallExpr(_, _, e) or - lambdaCreationExpr(e.getExpr(), _) + lambdaCreationExpr(e.getExpr()) or // Whenever `&mut e` has a post-update node we also create one for `e`. // E.g., for `e` in `f(..., &mut e, ...)` or `*(&mut e) = ...`. @@ -478,5 +478,5 @@ newtype TNode = } or TSsaNode(SsaImpl::DataFlowIntegration::SsaNode node) or TFlowSummaryNode(FlowSummaryImpl::Private::SummaryNode sn) or - TClosureSelfReferenceNode(CfgScope c) { lambdaCreationExpr(c, _) } or + TClosureSelfReferenceNode(CfgScope c) { lambdaCreationExpr(c) } or TCaptureNode(VariableCapture::Flow::SynthesizedCaptureNode cn) diff --git a/rust/ql/lib/codeql/rust/elements/StmtList.qll b/rust/ql/lib/codeql/rust/elements/StmtList.qll index 76a4b5d2c34..9401cb99084 100644 --- a/rust/ql/lib/codeql/rust/elements/StmtList.qll +++ b/rust/ql/lib/codeql/rust/elements/StmtList.qll @@ -10,13 +10,15 @@ import codeql.rust.elements.Expr import codeql.rust.elements.Stmt /** - * A list of statements in a block. + * A list of statements in a block, with an optional tail expression at the + * end that determines the block's value. * * For example: * ```rust * { * let x = 1; * let y = 2; + * x + y * } * // ^^^^^^^^^ * ``` diff --git a/rust/ql/lib/codeql/rust/elements/internal/MacroCallImpl.qll b/rust/ql/lib/codeql/rust/elements/internal/MacroCallImpl.qll index 0ed4d3073f0..17cc47d803f 100644 --- a/rust/ql/lib/codeql/rust/elements/internal/MacroCallImpl.qll +++ b/rust/ql/lib/codeql/rust/elements/internal/MacroCallImpl.qll @@ -12,6 +12,7 @@ private import codeql.rust.elements.internal.generated.MacroCall */ module Impl { private import rust + private import codeql.rust.internal.PathResolution pragma[nomagic] predicate isInMacroExpansion(AstNode root, AstNode n) { @@ -44,5 +45,12 @@ module Impl { isInMacroExpansion(this, result) and this.getTokenTree().getLocation().contains(result.getLocation()) } + + /** + * Gets the macro definition that this macro call resolves to. + * + * The result is either a `MacroDef` or a `MacroRules`. + */ + Item resolveMacro() { result = resolvePath(this.getPath()) } } } diff --git a/rust/ql/lib/codeql/rust/elements/internal/StmtListImpl.qll b/rust/ql/lib/codeql/rust/elements/internal/StmtListImpl.qll index 85940ef7d21..d56b4c49ce2 100644 --- a/rust/ql/lib/codeql/rust/elements/internal/StmtListImpl.qll +++ b/rust/ql/lib/codeql/rust/elements/internal/StmtListImpl.qll @@ -1,4 +1,3 @@ -// generated by codegen, remove this comment if you wish to edit this file /** * This module provides a hand-modifiable wrapper around the generated class `StmtList`. * @@ -12,17 +11,48 @@ private import codeql.rust.elements.internal.generated.StmtList * be referenced directly. */ module Impl { + // the following QLdoc is generated: if you need to edit it, do it in the schema file /** - * A list of statements in a block. + * A list of statements in a block, with an optional tail expression at the + * end that determines the block's value. * * For example: * ```rust * { * let x = 1; * let y = 2; + * x + y * } * // ^^^^^^^^^ * ``` */ - class StmtList extends Generated::StmtList { } + class StmtList extends Generated::StmtList { + /** + * Gets the `index`th statement or expression of this statement list (0-based). + * + * This includes both the statements and any tail expression in the statement list. To access + * just the statements, use `getStatement`. To access just the tail expression, if any, + * use `getTailExpr`. + */ + AstNode getStmtOrExpr(int index) { + result = this.getStatement(index) + or + index = this.getNumberOfStatements() and + result = this.getTailExpr() + } + + /** + * Gets any of the statements or expressions of this statement list. + * + * This includes both the statements and any tail expression in the statement list. To access + * just the statements, use `getAStatement`. To access just the tail expression, if any, + * use `getTailExpr`. + */ + final AstNode getAStmtOrExpr() { result = this.getStmtOrExpr(_) } + + /** + * Gets the number of statements or expressions of this statement list. + */ + final int getNumberOfStmtOrExpr() { result = count(int i | exists(this.getStmtOrExpr(i))) } + } } diff --git a/rust/ql/lib/codeql/rust/elements/internal/generated/Raw.qll b/rust/ql/lib/codeql/rust/elements/internal/generated/Raw.qll index abf844b77f5..de56bdffb6c 100644 --- a/rust/ql/lib/codeql/rust/elements/internal/generated/Raw.qll +++ b/rust/ql/lib/codeql/rust/elements/internal/generated/Raw.qll @@ -943,13 +943,15 @@ module Raw { /** * INTERNAL: Do not use. - * A list of statements in a block. + * A list of statements in a block, with an optional tail expression at the + * end that determines the block's value. * * For example: * ```rust * { * let x = 1; * let y = 2; + * x + y * } * // ^^^^^^^^^ * ``` @@ -964,11 +966,17 @@ module Raw { /** * Gets the `index`th statement of this statement list (0-based). + * + * The statements of a `StmtList` do not include any tail expression, which + * can be accessed with predicates such as `getTailExpr`. */ Stmt getStatement(int index) { stmt_list_statements(this, index, result) } /** * Gets the tail expression of this statement list, if it exists. + * + * The tail expression is the expression at the end of a block, that + * determines the block's value. */ Expr getTailExpr() { stmt_list_tail_exprs(this, result) } } diff --git a/rust/ql/lib/codeql/rust/elements/internal/generated/StmtList.qll b/rust/ql/lib/codeql/rust/elements/internal/generated/StmtList.qll index 3460c239a9f..26a7f1f363a 100644 --- a/rust/ql/lib/codeql/rust/elements/internal/generated/StmtList.qll +++ b/rust/ql/lib/codeql/rust/elements/internal/generated/StmtList.qll @@ -17,13 +17,15 @@ import codeql.rust.elements.Stmt */ module Generated { /** - * A list of statements in a block. + * A list of statements in a block, with an optional tail expression at the + * end that determines the block's value. * * For example: * ```rust * { * let x = 1; * let y = 2; + * x + y * } * // ^^^^^^^^^ * ``` @@ -53,6 +55,9 @@ module Generated { /** * Gets the `index`th statement of this statement list (0-based). + * + * The statements of a `StmtList` do not include any tail expression, which + * can be accessed with predicates such as `getTailExpr`. */ Stmt getStatement(int index) { result = @@ -73,6 +78,9 @@ module Generated { /** * Gets the tail expression of this statement list, if it exists. + * + * The tail expression is the expression at the end of a block, that + * determines the block's value. */ Expr getTailExpr() { result = diff --git a/rust/ql/lib/codeql/rust/frameworks/biscotti.model.yml b/rust/ql/lib/codeql/rust/frameworks/biscotti.model.yml index c99a2433348..2e9b1213ed7 100644 --- a/rust/ql/lib/codeql/rust/frameworks/biscotti.model.yml +++ b/rust/ql/lib/codeql/rust/frameworks/biscotti.model.yml @@ -1,7 +1,32 @@ # Models for the `biscotti` crate. extensions: + - addsTo: + pack: codeql/rust-all + extensible: sourceModel + data: + - ["::new", "ReturnValue", "cookie-create", "manual"] + - ["::from", "ReturnValue", "cookie-create", "manual"] - addsTo: pack: codeql/rust-all extensible: sinkModel data: + - ["::insert", "Argument[0]", "cookie-use", "manual"] - ["::from", "Argument[0]", "credentials-key", "manual"] + - addsTo: + pack: codeql/rust-all + extensible: summaryModel + data: + - ["::set_secure", "Argument[self].OptionalBarrier[cookie-secure-arg0]", "ReturnValue", "taint", "manual"] + - ["::set_partitioned", "Argument[self].OptionalBarrier[cookie-partitioned-arg0]", "ReturnValue", "taint", "manual"] + - ["::set_name", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["::set_value", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["::set_http_only", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["::set_same_site", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["::set_max_age", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["::set_path", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["::unset_path", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["::set_domain", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["::unset_domain", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["::set_expires", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["::unset_expires", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["::make_permanent", "Argument[self]", "ReturnValue", "taint", "manual"] diff --git a/rust/ql/lib/codeql/rust/frameworks/cookie.model.yml b/rust/ql/lib/codeql/rust/frameworks/cookie.model.yml index abbadd379e6..e40fd8ecf71 100644 --- a/rust/ql/lib/codeql/rust/frameworks/cookie.model.yml +++ b/rust/ql/lib/codeql/rust/frameworks/cookie.model.yml @@ -1,7 +1,40 @@ # Models for the `cookie` crate. extensions: + - addsTo: + pack: codeql/rust-all + extensible: sourceModel + data: + - ["::build", "ReturnValue", "cookie-create", "manual"] + - ["::new", "ReturnValue", "cookie-create", "manual"] + - ["::new", "ReturnValue", "cookie-create", "manual"] + - ["::named", "ReturnValue", "cookie-create", "manual"] + - ["::from", "ReturnValue", "cookie-create", "manual"] - addsTo: pack: codeql/rust-all extensible: sinkModel data: + - ["::build", "Argument[self]", "cookie-use", "manual"] + - ["::finish", "Argument[self]", "cookie-use", "manual"] + - ["::add", "Argument[0]", "cookie-use", "manual"] + - ["::add_original", "Argument[0]", "cookie-use", "manual"] + - ["::add", "Argument[0]", "cookie-use", "manual"] + - ["::add_original", "Argument[0]", "cookie-use", "manual"] + - ["::add", "Argument[0]", "cookie-use", "manual"] + - ["::add_original", "Argument[0]", "cookie-use", "manual"] - ["::from", "Argument[0].Reference", "credentials-key", "manual"] + - addsTo: + pack: codeql/rust-all + extensible: summaryModel + data: + - ["::secure", "Argument[self].OptionalBarrier[cookie-secure-arg0]", "ReturnValue", "taint", "manual"] + - ["::partitioned", "Argument[self].OptionalBarrier[cookie-partitioned-arg0]", "ReturnValue", "taint", "manual"] + - ["::expires", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["::max_age", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["::domain", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["::path", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["::http_only", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["::same_site", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["::permanent", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["::removal", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["::set_secure", "Argument[self].OptionalBarrier[cookie-secure-arg0]", "ReturnValue", "taint", "manual"] + - ["::set_partitioned", "Argument[self].OptionalBarrier[cookie-partitioned-arg0]", "ReturnValue", "taint", "manual"] diff --git a/rust/ql/lib/codeql/rust/frameworks/rustcrypto/RustCrypto.qll b/rust/ql/lib/codeql/rust/frameworks/rustcrypto/RustCrypto.qll index 51d00f795d7..123824b3d69 100644 --- a/rust/ql/lib/codeql/rust/frameworks/rustcrypto/RustCrypto.qll +++ b/rust/ql/lib/codeql/rust/frameworks/rustcrypto/RustCrypto.qll @@ -31,8 +31,7 @@ class StreamCipherInit extends Cryptography::CryptographicOperation::Range { // extract the algorithm name from the type of `ce` or its receiver. exists(Type t, TypePath tp | t = inferType([ce, ce.(MethodCallExpr).getReceiver()], tp) and - rawAlgorithmName = - t.(StructType).asItemNode().(Addressable).getCanonicalPath().splitAt("::") + rawAlgorithmName = t.(StructType).getStruct().(Addressable).getCanonicalPath().splitAt("::") ) and algorithmName = simplifyAlgorithmName(rawAlgorithmName) and // only match a known cryptographic algorithm diff --git a/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-alloc.model.yml b/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-alloc.model.yml index 8eb3788ab1e..1f14e222fd2 100644 --- a/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-alloc.model.yml +++ b/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-alloc.model.yml @@ -46,5 +46,7 @@ extensions: - ["::to_string", "Argument[self]", "ReturnValue", "taint", "manual"] - ["::parse", "Argument[self]", "ReturnValue.Field[core::result::Result::Ok(0)]", "taint", "manual"] - ["::trim", "Argument[self]", "ReturnValue.Reference", "taint", "manual"] + - ["::add", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["::add", "Argument[0].Reference", "ReturnValue", "taint", "manual"] # Vec - ["alloc::vec::from_elem", "Argument[0]", "ReturnValue.Element", "value", "manual"] diff --git a/rust/ql/lib/codeql/rust/internal/PathResolution.qll b/rust/ql/lib/codeql/rust/internal/PathResolution.qll index f1574ff38f3..8f55a421538 100644 --- a/rust/ql/lib/codeql/rust/internal/PathResolution.qll +++ b/rust/ql/lib/codeql/rust/internal/PathResolution.qll @@ -11,13 +11,14 @@ private import codeql.util.Option private newtype TNamespace = TTypeNamespace() or - TValueNamespace() + TValueNamespace() or + TMacroNamespace() /** * A namespace. * - * Either the _value_ namespace or the _type_ namespace, see - * https://doc.rust-lang.org/reference/names/namespaces.html. + * Either the _value_ namespace, the _type_ namespace, or the _macro_ namespace, + * see https://doc.rust-lang.org/reference/names/namespaces.html. */ final class Namespace extends TNamespace { /** Holds if this is the value namespace. */ @@ -26,11 +27,16 @@ final class Namespace extends TNamespace { /** Holds if this is the type namespace. */ predicate isType() { this = TTypeNamespace() } + /** Holds if this is the macro namespace. */ + predicate isMacro() { this = TMacroNamespace() } + /** Gets a textual representation of this namespace. */ string toString() { this.isValue() and result = "value" or this.isType() and result = "type" + or + this.isMacro() and result = "macro" } } @@ -194,6 +200,16 @@ abstract class ItemNode extends Locatable { /** Gets the visibility of this item, if any. */ abstract Visibility getVisibility(); + abstract Attr getAnAttr(); + + pragma[nomagic] + final Attr getAttr(string name) { + result = this.getAnAttr() and + result.getMeta().getPath().(RelevantPath).isUnqualified(name) + } + + final predicate hasAttr(string name) { exists(this.getAttr(name)) } + /** * Holds if this item is public. * @@ -206,6 +222,8 @@ abstract class ItemNode extends Locatable { not this instanceof Use or this instanceof Variant + or + this instanceof MacroItemNode } /** Gets the `i`th type parameter of this item, if any. */ @@ -266,6 +284,12 @@ abstract class ItemNode extends Locatable { kind.isInternal() and useOpt.isNone() or + macroExportEdge(this, name, result) and + kind.isBoth() and + useOpt.isNone() + or + macroUseEdge(this, name, kind, useOpt, result) + or // items made available through `use` are available to nodes that contain the `use` useOpt.asSome() = any(UseItemNode use_ | @@ -365,11 +389,6 @@ abstract class ItemNode extends Locatable { or name = "crate" and this = result.(CrateItemNode).getASourceFile() - or - // todo: implement properly - name = "$crate" and - result = any(CrateItemNode crate | this = crate.getASourceFile()).(Crate).getADependency*() and - result.(CrateItemNode).isPotentialDollarCrateTarget() ) } @@ -442,7 +461,7 @@ abstract private class ModuleLikeNode extends ItemNode { } } -private class SourceFileItemNode extends ModuleLikeNode, SourceFile { +private class SourceFileItemNode extends ModuleLikeNode instanceof SourceFile { pragma[nomagic] ModuleLikeNode getSuper() { fileImport(result.getAnItemInScope(), this) } @@ -454,6 +473,8 @@ private class SourceFileItemNode extends ModuleLikeNode, SourceFile { override Visibility getVisibility() { none() } + override Attr getAnAttr() { result = SourceFile.super.getAnAttr() } + override TypeParam getTypeParam(int i) { none() } override predicate hasCanonicalPath(Crate c) { none() } @@ -487,14 +508,6 @@ class CrateItemNode extends ItemNode instanceof Crate { ) } - pragma[nomagic] - predicate isPotentialDollarCrateTarget() { - exists(string name, RelevantPath p | - p.isDollarCrateQualifiedPath(name) and - exists(this.getASuccessor(name)) - ) - } - override string getName() { result = Crate.super.getName() } override Namespace getNamespace() { @@ -503,6 +516,8 @@ class CrateItemNode extends ItemNode instanceof Crate { override Visibility getVisibility() { none() } + override Attr getAnAttr() { none() } + override TypeParam getTypeParam(int i) { none() } override predicate hasCanonicalPath(Crate c) { c = this } @@ -524,12 +539,19 @@ class CrateItemNode extends ItemNode instanceof Crate { } class ExternCrateItemNode extends ItemNode instanceof ExternCrate { - override string getName() { result = super.getRename().getName().getText() } + override string getName() { + result = super.getRename().getName().getText() + or + not super.hasRename() and + result = super.getIdentifier().getText() + } override Namespace getNamespace() { none() } override Visibility getVisibility() { none() } + override Attr getAnAttr() { result = ExternCrate.super.getAnAttr() } + override TypeParam getTypeParam(int i) { none() } override predicate hasCanonicalPath(Crate c) { none() } @@ -572,6 +594,8 @@ private class ConstItemNode extends AssocItemNode instanceof Const { override Visibility getVisibility() { result = Const.super.getVisibility() } + override Attr getAnAttr() { result = Const.super.getAnAttr() } + override TypeParam getTypeParam(int i) { none() } } @@ -582,6 +606,8 @@ private class EnumItemNode extends TypeItemNode instanceof Enum { override Visibility getVisibility() { result = Enum.super.getVisibility() } + override Attr getAnAttr() { result = Enum.super.getAnAttr() } + override TypeParam getTypeParam(int i) { result = super.getGenericParamList().getTypeParam(i) } override predicate hasCanonicalPath(Crate c) { this.hasCanonicalPathPrefix(c) } @@ -624,6 +650,8 @@ private class VariantItemNode extends ParameterizableItemNode instanceof Variant override Visibility getVisibility() { result = super.getEnum().getVisibility() } + override Attr getAnAttr() { result = Variant.super.getAnAttr() } + override int getArity() { result = super.getFieldList().(TupleFieldList).getNumberOfFields() } override predicate hasCanonicalPath(Crate c) { this.hasCanonicalPathPrefix(c) } @@ -652,12 +680,19 @@ class FunctionItemNode extends AssocItemNode, ParameterizableItemNode instanceof override predicate hasImplementation() { Function.super.hasImplementation() } - override Namespace getNamespace() { result.isValue() } + override Namespace getNamespace() { + // see https://doc.rust-lang.org/reference/procedural-macros.html + if this.hasAttr(["proc_macro", "proc_macro_attribute", "proc_macro_derive"]) + then result.isMacro() + else result.isValue() + } override TypeParam getTypeParam(int i) { result = super.getGenericParamList().getTypeParam(i) } override Visibility getVisibility() { result = Function.super.getVisibility() } + override Attr getAnAttr() { result = Function.super.getAnAttr() } + override int getArity() { result = super.getNumberOfParamsInclSelf() } } @@ -720,6 +755,8 @@ final class ImplItemNode extends ImplOrTraitItemNode instanceof Impl { override Visibility getVisibility() { result = Impl.super.getVisibility() } + override Attr getAnAttr() { result = Impl.super.getAnAttr() } + TypeParamItemNode getBlanketImplementationTypeParam() { result = this.resolveSelfTy() } /** @@ -818,6 +855,8 @@ final private class ImplTraitTypeReprItemNode extends TypeItemNode instanceof Im override Visibility getVisibility() { none() } + override Attr getAnAttr() { none() } + override TypeParam getTypeParam(int i) { none() } override predicate hasCanonicalPath(Crate c) { none() } @@ -837,6 +876,8 @@ private class ModuleItemNode extends ModuleLikeNode instanceof Module { override Visibility getVisibility() { result = Module.super.getVisibility() } + override Attr getAnAttr() { result = Module.super.getAnAttr() } + override TypeParam getTypeParam(int i) { none() } override predicate hasCanonicalPath(Crate c) { this.hasCanonicalPathPrefix(c) } @@ -890,6 +931,8 @@ private class StructItemNode extends TypeItemNode, ParameterizableItemNode insta override Visibility getVisibility() { result = Struct.super.getVisibility() } + override Attr getAnAttr() { result = Struct.super.getAnAttr() } + override int getArity() { result = super.getFieldList().(TupleFieldList).getNumberOfFields() } override TypeParam getTypeParam(int i) { result = super.getGenericParamList().getTypeParam(i) } @@ -930,6 +973,8 @@ final class TraitItemNode extends ImplOrTraitItemNode, TypeItemNode instanceof T override Visibility getVisibility() { result = Trait.super.getVisibility() } + override Attr getAnAttr() { result = Trait.super.getAnAttr() } + override TypeParam getTypeParam(int i) { result = super.getGenericParamList().getTypeParam(i) } override predicate hasCanonicalPath(Crate c) { this.hasCanonicalPathPrefix(c) } @@ -987,6 +1032,8 @@ final class TypeAliasItemNode extends TypeItemNode, AssocItemNode instanceof Typ override Visibility getVisibility() { result = TypeAlias.super.getVisibility() } + override Attr getAnAttr() { result = TypeAlias.super.getAnAttr() } + override TypeParam getTypeParam(int i) { result = super.getGenericParamList().getTypeParam(i) } override predicate hasCanonicalPath(Crate c) { none() } @@ -1008,6 +1055,8 @@ private class UnionItemNode extends TypeItemNode instanceof Union { override Visibility getVisibility() { result = Union.super.getVisibility() } + override Attr getAnAttr() { result = Union.super.getAnAttr() } + override TypeParam getTypeParam(int i) { result = super.getGenericParamList().getTypeParam(i) } override predicate hasCanonicalPath(Crate c) { this.hasCanonicalPathPrefix(c) } @@ -1038,6 +1087,8 @@ private class UseItemNode extends ItemNode instanceof Use { override Visibility getVisibility() { result = Use.super.getVisibility() } + override Attr getAnAttr() { result = Use.super.getAnAttr() } + override TypeParam getTypeParam(int i) { none() } override predicate hasCanonicalPath(Crate c) { none() } @@ -1052,6 +1103,8 @@ private class BlockExprItemNode extends ItemNode instanceof BlockExpr { override Visibility getVisibility() { none() } + override Attr getAnAttr() { result = BlockExpr.super.getAnAttr() } + override TypeParam getTypeParam(int i) { none() } override predicate hasCanonicalPath(Crate c) { none() } @@ -1134,6 +1187,8 @@ final class TypeParamItemNode extends TypeItemNode instanceof TypeParam { override Visibility getVisibility() { none() } + override Attr getAnAttr() { result = TypeParam.super.getAnAttr() } + override TypeParam getTypeParam(int i) { none() } override Location getLocation() { result = TypeParam.super.getName().getLocation() } @@ -1176,6 +1231,48 @@ final private class TypeParamItemNodeImpl extends TypeParamItemNode instanceof T ItemNode resolveABoundCand() { result = resolvePathCand(this.getABoundPathCand()) } } +abstract private class MacroItemNode extends ItemNode { + override Namespace getNamespace() { result.isMacro() } + + override TypeParam getTypeParam(int i) { none() } + + override predicate hasCanonicalPath(Crate c) { this.hasCanonicalPathPrefix(c) } + + bindingset[c] + private string getCanonicalPathPart(Crate c, int i) { + i = 0 and + result = this.getCanonicalPathPrefix(c) + or + i = 1 and + result = "::" + or + i = 2 and + result = this.getName() + } + + language[monotonicAggregates] + override string getCanonicalPath(Crate c) { + this.hasCanonicalPath(c) and + result = strictconcat(int i | i in [0 .. 2] | this.getCanonicalPathPart(c, i) order by i) + } +} + +private class MacroRulesItemNode extends MacroItemNode instanceof MacroRules { + override string getName() { result = MacroRules.super.getName().getText() } + + override Visibility getVisibility() { result = MacroRules.super.getVisibility() } + + override Attr getAnAttr() { result = MacroRules.super.getAnAttr() } +} + +private class MacroDefItemNode extends MacroItemNode instanceof MacroDef { + override string getName() { result = MacroDef.super.getName().getText() } + + override Visibility getVisibility() { result = MacroDef.super.getVisibility() } + + override Attr getAnAttr() { result = MacroDef.super.getAnAttr() } +} + /** Holds if `item` has the name `name` and is a top-level item inside `f`. */ private predicate sourceFileEdge(SourceFile f, string name, ItemNode item) { item = f.(ItemNode).getADescendant() and @@ -1428,15 +1525,12 @@ class RelevantPath extends Path { pragma[nomagic] predicate isCratePath(string name, ItemNode encl) { - name = ["crate", "$crate"] and + name = "crate" and this.isUnqualified(name, encl) } pragma[nomagic] - predicate isDollarCrateQualifiedPath(string name) { - this.getQualifier().(RelevantPath).isCratePath("$crate", _) and - this.getText() = name - } + predicate isDollarCrate() { this.isUnqualified("$crate", _) } } private predicate isModule(ItemNode m) { m instanceof Module } @@ -1462,10 +1556,15 @@ private ItemNode getOuterScope(ItemNode i) { pragma[nomagic] private predicate unqualifiedPathLookup(ItemNode ancestor, string name, Namespace ns, ItemNode encl) { // lookup in the immediately enclosing item - any(RelevantPath p).isUnqualified(name, encl) and - ancestor = encl and - exists(ns) and - not name = ["crate", "$crate", "super", "self"] + exists(RelevantPath path | + path.isUnqualified(name, encl) and + ancestor = encl and + not name = ["crate", "$crate", "super", "self"] + | + pathUsesNamespace(path, ns) + or + not pathUsesNamespace(path, _) + ) or // lookup in an outer scope, but only if the item is not declared in inner scope exists(ItemNode mid | @@ -1474,8 +1573,12 @@ private predicate unqualifiedPathLookup(ItemNode ancestor, string name, Namespac not ( name = "Self" and mid = any(ImplOrTraitItemNode i).getAnItemInSelfScope() - ) and + ) + | ancestor = getOuterScope(mid) + or + ns.isMacro() and + ancestor = mid.getImmediateParentModule() ) } @@ -1502,7 +1605,7 @@ private predicate sourceFileHasCratePathTc(ItemNode i1, ItemNode i2) = */ pragma[nomagic] private predicate keywordLookup(ItemNode ancestor, string name, RelevantPath p) { - // For `($)crate`, jump directly to the root module + // For `crate`, jump directly to the root module exists(ItemNode i | p.isCratePath(name, i) | ancestor instanceof SourceFile and ancestor = i @@ -1563,6 +1666,53 @@ module TraitIsVisible { } } +private module DollarCrateResolution { + pragma[nomagic] + private predicate isDollarCrateSupportedMacroExpansion(Path macroDefPath, AstNode expansion) { + exists(MacroCall mc | + expansion = mc.getMacroCallExpansion() and + macroDefPath = mc.getPath() + ) + or + exists(ItemNode adt | + expansion = adt.(Adt).getDeriveMacroExpansion(_) and + macroDefPath = adt.getAttr("derive").getMeta().getPath() + ) + } + + private predicate hasParent(AstNode child, AstNode parent) { parent = child.getParentNode() } + + private predicate isDollarCrateSupportedMacroExpansion(AstNode expansion) { + isDollarCrateSupportedMacroExpansion(_, expansion) + } + + private predicate isDollarCratePath(RelevantPath p) { p.isDollarCrate() } + + private predicate isInDollarCrateMacroExpansion(RelevantPath p, AstNode expansion) = + doublyBoundedFastTC(hasParent/2, isDollarCratePath/1, isDollarCrateSupportedMacroExpansion/1)(p, + expansion) + + pragma[nomagic] + private predicate isInDollarCrateMacroExpansionFromFile(File macroDefFile, RelevantPath p) { + exists(Path macroDefPath, AstNode expansion | + isDollarCrateSupportedMacroExpansion(macroDefPath, expansion) and + isInDollarCrateMacroExpansion(p, expansion) and + macroDefFile = resolvePathCand(macroDefPath).getFile() + ) + } + + /** + * Holds if `p` is a `$crate` path, and it may resolve to `crate`. + * + * The reason why we cannot be sure is that we need to consider all ancestor macro + * calls. + */ + pragma[nomagic] + predicate resolveDollarCrate(RelevantPath p, CrateItemNode crate) { + isInDollarCrateMacroExpansionFromFile(crate.getASourceFile().getFile(), p) + } +} + pragma[nomagic] private ItemNode resolvePathCand0(RelevantPath path, Namespace ns) { exists(ItemNode res | @@ -1575,6 +1725,9 @@ private ItemNode resolvePathCand0(RelevantPath path, Namespace ns) { else result = res ) or + DollarCrateResolution::resolveDollarCrate(path, result) and + ns = result.getNamespace() + or result = resolvePathCandQualified(_, _, path, ns) or result = resolveUseTreeListItem(_, _, path, _) and @@ -1647,8 +1800,6 @@ private predicate pathUsesNamespace(Path p, Namespace n) { p = any(PathExpr pe).getPath() or p = any(TupleStructPat tsp).getPath() - or - p = any(Meta m).getPath() ) or n.isType() and @@ -1670,6 +1821,47 @@ private predicate pathUsesNamespace(Path p, Namespace n) { or p = any(Path parent).getQualifier() ) + or + n.isMacro() and + ( + p = any(MacroCall mc).getPath() + or + p = any(Meta m).getPath() + ) +} + +/** + * Holds if crate `crate` exports the macro `macro` named `name` using + * a `#[macro_export]` attribute. + * + * See https://lukaswirth.dev/tlborm/decl-macros/minutiae/import-export.html. + */ +pragma[nomagic] +private predicate macroExportEdge(CrateItemNode crate, string name, MacroItemNode macro) { + crate.getASourceFile().getFile() = macro.getFile() and + macro.hasAttr("macro_export") and + name = macro.getName() +} + +/** + * Holds if item `i` contains a `mod` or `extern crate` definition that + * makes the macro `macro` named `name` available using a `#[macro_use]` + * attribute. + * + * See https://lukaswirth.dev/tlborm/decl-macros/minutiae/import-export.html. + */ +pragma[nomagic] +private predicate macroUseEdge( + ItemNode i, string name, SuccessorKind kind, UseOption useOpt, MacroItemNode macro +) { + exists(ItemNode m | + m = i.getASuccessor(_, _, useOpt) and + m.hasAttr("macro_use") + | + macro = m.(ModuleItemNode).getASuccessor(name, kind, _) + or + macro = m.(ExternCrateItemNode).getASuccessor(_, _, _).getASuccessor(name, kind, _) + ) } /** @@ -1700,8 +1892,7 @@ private ItemNode resolvePathCand(RelevantPath path) { | pathUsesNamespace(path, ns) or - not pathUsesNamespace(path, _) and - not path = any(MacroCall mc).getPath() + not pathUsesNamespace(path, _) ) and ( not path = CallExprImpl::getFunctionPath(_) @@ -1869,13 +2060,18 @@ private predicate typeImplEdge( pragma[nomagic] private predicate preludeItem(string name, ItemNode i) { - exists(Crate stdOrCore, ModuleLikeNode mod, ModuleItemNode prelude, ModuleItemNode rust | - stdOrCore.getName() = ["std", "core"] and - mod = stdOrCore.getSourceFile() and - prelude = mod.getASuccessor("prelude") and - rust = prelude.getASuccessor(["rust_2015", "rust_2018", "rust_2021", "rust_2024"]) and - i = rust.getASuccessor(name) and - not name = ["super", "self"] + exists(Crate stdOrCore | stdOrCore.getName() = ["std", "core"] | + exists(ModuleLikeNode mod, ModuleItemNode prelude, ModuleItemNode rust | + mod = stdOrCore.getSourceFile() and + prelude = mod.getASuccessor("prelude") and + rust = prelude.getASuccessor(["rust_2015", "rust_2018", "rust_2021", "rust_2024"]) and + i = rust.getASuccessor(name) and + not name = ["super", "self"] + ) + or + macroExportEdge(stdOrCore, name, i) + or + macroUseEdge(stdOrCore, name, _, _, i) ) } @@ -1918,7 +2114,7 @@ private module Debug { ) { p = getRelevantLocatable() and exists(ItemNode encl | - unqualifiedPathLookup(encl, name, ns, ancestor) and + unqualifiedPathLookup(ancestor, name, ns, encl) and p.isUnqualified(name, encl) ) and path = p.toStringDebug() diff --git a/rust/ql/lib/codeql/rust/internal/PathResolutionConsistency.qll b/rust/ql/lib/codeql/rust/internal/PathResolutionConsistency.qll index b16565174e4..1c8ac649df3 100644 --- a/rust/ql/lib/codeql/rust/internal/PathResolutionConsistency.qll +++ b/rust/ql/lib/codeql/rust/internal/PathResolutionConsistency.qll @@ -9,8 +9,8 @@ private import PathResolution query predicate multiplePathResolutions(Path p, ItemNode i) { p.fromSource() and i = resolvePath(p) and - // known limitation for `$crate` - not p.getQualifier*().(RelevantPath).isUnqualified("$crate") and + // `panic` is defined in both `std` and `core`; both are included in the prelude + not p.getText() = "panic" and // `use foo::bar` may use both a type `bar` and a value `bar` not p = any(UseTree use | diff --git a/rust/ql/lib/codeql/rust/internal/Type.qll b/rust/ql/lib/codeql/rust/internal/Type.qll index 29e6ed283bc..9dc15e31d99 100644 --- a/rust/ql/lib/codeql/rust/internal/Type.qll +++ b/rust/ql/lib/codeql/rust/internal/Type.qll @@ -78,14 +78,6 @@ private predicate implTraitTypeParam(ImplTraitTypeRepr implTrait, int i, TypePar * types, such as traits and implementation blocks. */ abstract class Type extends TType { - /** Gets the struct field `name` belonging to this type, if any. */ - pragma[nomagic] - abstract StructField getStructField(string name); - - /** Gets the `i`th tuple field belonging to this type, if any. */ - pragma[nomagic] - abstract TupleField getTupleField(int i); - /** * Gets the `i`th positional type parameter of this type, if any. * @@ -117,10 +109,6 @@ class TupleType extends Type, TTuple { TupleType() { this = TTuple(arity) } - override StructField getStructField(string name) { none() } - - override TupleField getTupleField(int i) { none() } - override TypeParameter getPositionalTypeParameter(int i) { result = TTupleTypeParameter(arity, i) } @@ -140,21 +128,14 @@ class UnitType extends TupleType { override string toString() { result = "()" } } -abstract private class StructOrEnumType extends Type { - abstract ItemNode asItemNode(); -} - /** A struct type. */ -class StructType extends StructOrEnumType, TStruct { +class StructType extends Type, TStruct { private Struct struct; StructType() { this = TStruct(struct) } - override ItemNode asItemNode() { result = struct } - - override StructField getStructField(string name) { result = struct.getStructField(name) } - - override TupleField getTupleField(int i) { result = struct.getTupleField(i) } + /** Gets the struct that this struct type represents. */ + Struct getStruct() { result = struct } override TypeParameter getPositionalTypeParameter(int i) { result = TTypeParamTypeParameter(struct.getGenericParamList().getTypeParam(i)) @@ -170,17 +151,11 @@ class StructType extends StructOrEnumType, TStruct { } /** An enum type. */ -class EnumType extends StructOrEnumType, TEnum { +class EnumType extends Type, TEnum { private Enum enum; EnumType() { this = TEnum(enum) } - override ItemNode asItemNode() { result = enum } - - override StructField getStructField(string name) { none() } - - override TupleField getTupleField(int i) { none() } - override TypeParameter getPositionalTypeParameter(int i) { result = TTypeParamTypeParameter(enum.getGenericParamList().getTypeParam(i)) } @@ -203,10 +178,6 @@ class TraitType extends Type, TTrait { /** Gets the underlying trait. */ Trait getTrait() { result = trait } - override StructField getStructField(string name) { none() } - - override TupleField getTupleField(int i) { none() } - override TypeParameter getPositionalTypeParameter(int i) { result = TTypeParamTypeParameter(trait.getGenericParamList().getTypeParam(i)) } @@ -229,16 +200,13 @@ class TraitType extends Type, TTrait { } /** A union type. */ -class UnionType extends StructOrEnumType, TUnion { +class UnionType extends Type, TUnion { private Union union; UnionType() { this = TUnion(union) } - override ItemNode asItemNode() { result = union } - - override StructField getStructField(string name) { result = union.getStructField(name) } - - override TupleField getTupleField(int i) { none() } + /** Gets the union that this union type represents. */ + Union getUnion() { result = union } override TypeParameter getPositionalTypeParameter(int i) { result = TTypeParamTypeParameter(union.getGenericParamList().getTypeParam(i)) @@ -262,10 +230,6 @@ class UnionType extends StructOrEnumType, TUnion { class ArrayType extends Type, TArrayType { ArrayType() { this = TArrayType() } - override StructField getStructField(string name) { none() } - - override TupleField getTupleField(int i) { none() } - override TypeParameter getPositionalTypeParameter(int i) { result = TArrayTypeParameter() and i = 0 @@ -285,10 +249,6 @@ class ArrayType extends Type, TArrayType { class RefType extends Type, TRefType { RefType() { this = TRefType() } - override StructField getStructField(string name) { none() } - - override TupleField getTupleField(int i) { none() } - override TypeParameter getPositionalTypeParameter(int i) { result = TRefTypeParameter() and i = 0 @@ -318,10 +278,6 @@ class ImplTraitType extends Type, TImplTraitType { /** Gets the function that this `impl Trait` belongs to. */ abstract Function getFunction(); - override StructField getStructField(string name) { none() } - - override TupleField getTupleField(int i) { none() } - override TypeParameter getPositionalTypeParameter(int i) { exists(TypeParam tp | implTraitTypeParam(impl, i, tp) and @@ -339,10 +295,6 @@ class DynTraitType extends Type, TDynTraitType { DynTraitType() { this = TDynTraitType(trait) } - override StructField getStructField(string name) { none() } - - override TupleField getTupleField(int i) { none() } - override DynTraitTypeParameter getPositionalTypeParameter(int i) { result = TDynTraitTypeParameter(trait.getGenericParamList().getTypeParam(i)) } @@ -389,10 +341,6 @@ class ImplTraitReturnType extends ImplTraitType { class SliceType extends Type, TSliceType { SliceType() { this = TSliceType() } - override StructField getStructField(string name) { none() } - - override TupleField getTupleField(int i) { none() } - override TypeParameter getPositionalTypeParameter(int i) { result = TSliceTypeParameter() and i = 0 @@ -404,10 +352,6 @@ class SliceType extends Type, TSliceType { } class NeverType extends Type, TNeverType { - override StructField getStructField(string name) { none() } - - override TupleField getTupleField(int i) { none() } - override TypeParameter getPositionalTypeParameter(int i) { none() } override string toString() { result = "!" } @@ -416,10 +360,6 @@ class NeverType extends Type, TNeverType { } class PtrType extends Type, TPtrType { - override StructField getStructField(string name) { none() } - - override TupleField getTupleField(int i) { none() } - override TypeParameter getPositionalTypeParameter(int i) { i = 0 and result = TPtrTypeParameter() @@ -432,10 +372,6 @@ class PtrType extends Type, TPtrType { /** A type parameter. */ abstract class TypeParameter extends Type { - override StructField getStructField(string name) { none() } - - override TupleField getTupleField(int i) { none() } - override TypeParameter getPositionalTypeParameter(int i) { none() } } @@ -634,10 +570,6 @@ class ImplTraitTypeTypeParameter extends ImplTraitType, TypeParameter { override Function getFunction() { result = function } - override StructField getStructField(string name) { none() } - - override TupleField getTupleField(int i) { none() } - override TypeParameter getPositionalTypeParameter(int i) { none() } } diff --git a/rust/ql/lib/codeql/rust/internal/TypeInference.qll b/rust/ql/lib/codeql/rust/internal/TypeInference.qll index 1f987d6572e..c9dbf0bac13 100644 --- a/rust/ql/lib/codeql/rust/internal/TypeInference.qll +++ b/rust/ql/lib/codeql/rust/internal/TypeInference.qll @@ -1173,8 +1173,8 @@ private Type inferCallExprBaseType(AstNode n, TypePath path) { path = TypePath::cons(TRefTypeParameter(), path0) else ( not ( - argType.(StructType).asItemNode() instanceof StringStruct and - result.(StructType).asItemNode() instanceof Builtins::Str + argType.(StructType).getStruct() instanceof StringStruct and + result.(StructType).getStruct() instanceof Builtins::Str ) and ( not path0.isCons(TRefTypeParameter(), _) and @@ -1889,8 +1889,8 @@ final class MethodCall extends Call { // // See also https://doc.rust-lang.org/reference/expressions/method-call-expr.html#r-expr.method.autoref-deref path.isEmpty() and - t0.(StructType).asItemNode() instanceof StringStruct and - result.(StructType).asItemNode() instanceof Builtins::Str + t0.(StructType).getStruct() instanceof StringStruct and + result.(StructType).getStruct() instanceof Builtins::Str ) else result = this.getReceiverTypeAt(path) } @@ -2518,7 +2518,10 @@ private module Cached { */ cached StructField resolveStructFieldExpr(FieldExpr fe) { - exists(string name | result = getFieldExprLookupType(fe, name).getStructField(name)) + exists(string name, Type ty | ty = getFieldExprLookupType(fe, name) | + result = ty.(StructType).getStruct().getStructField(name) or + result = ty.(UnionType).getUnion().getStructField(name) + ) } /** @@ -2526,7 +2529,9 @@ private module Cached { */ cached TupleField resolveTupleFieldExpr(FieldExpr fe) { - exists(int i | result = getTupleFieldExprLookupType(fe, i).getTupleField(i)) + exists(int i | + result = getTupleFieldExprLookupType(fe, i).(StructType).getStruct().getTupleField(i) + ) } /** diff --git a/rust/ql/lib/codeql/rust/security/InsecureCookieExtensions.qll b/rust/ql/lib/codeql/rust/security/InsecureCookieExtensions.qll new file mode 100644 index 00000000000..d5d15c821d8 --- /dev/null +++ b/rust/ql/lib/codeql/rust/security/InsecureCookieExtensions.qll @@ -0,0 +1,114 @@ +/** + * Provides classes and predicates for reasoning about insecure cookie + * vulnerabilities. + */ + +import rust +private import codeql.rust.dataflow.DataFlow +private import codeql.rust.dataflow.FlowSource +private import codeql.rust.dataflow.FlowSink +private import codeql.rust.Concepts +private import codeql.rust.dataflow.internal.DataFlowImpl as DataFlowImpl +private import codeql.rust.dataflow.internal.Node +private import codeql.rust.controlflow.BasicBlocks + +/** + * Provides default sources, sinks and barriers for detecting insecure + * cookie vulnerabilities, as well as extension points for adding your own. + */ +module InsecureCookie { + /** + * A data flow source for insecure cookie vulnerabilities. + */ + abstract class Source extends DataFlow::Node { } + + /** + * A data flow sink for insecure cookie vulnerabilities. + */ + abstract class Sink extends QuerySink::Range { + override string getSinkType() { result = "InsecureCookie" } + } + + /** + * A barrier for insecure cookie vulnerabilities. + */ + abstract class Barrier extends DataFlow::Node { } + + /** + * A source for insecure cookie vulnerabilities from model data. + */ + private class ModelsAsDataSource extends Source { + ModelsAsDataSource() { sourceNode(this, "cookie-create") } + } + + /** + * A sink for insecure cookie vulnerabilities from model data. + */ + private class ModelsAsDataSink extends Sink { + ModelsAsDataSink() { sinkNode(this, "cookie-use") } + } + + /** + * Holds if a models-as-data optional barrier for cookies is specified for `summaryNode`, + * with arguments `attrib` (`secure` or `partitioned`) and `arg` (argument index). For example, + * if a summary has input: + * ``` + * [..., Argument[self].OptionalBarrier[cookie-secure-arg0], ...] + * ``` + * then `attrib` is `secure` and `arg` is `0`. + * + * The meaning here is that a call to the function summarized by `summaryNode` would set + * the cookie attribute `attrib` to the value of argument `arg`. This may in practice be + * interpretted as a barrier to flow (when the cookie is made secure) or as a source (when + * the cookie is made insecure). + */ + private predicate cookieOptionalBarrier(FlowSummaryNode summaryNode, string attrib, int arg) { + exists(string barrierName | + DataFlowImpl::optionalBarrier(summaryNode, barrierName) and + attrib = barrierName.regexpCapture("cookie-(secure|partitioned)-arg([0-9]+)", 1) and + arg = barrierName.regexpCapture("cookie-(secure|partitioned)-arg([0-9]+)", 2).toInt() + ) + } + + /** + * Holds if cookie attribute `attrib` (`secure` or `partitioned`) is set to `value` + * (`true` or `false`) at `node`. For example, the call: + * ``` + * cookie.secure(true) + * ``` + * sets the `"secure"` attribute to `true`. A value that cannot be determined is treated + * as `false`. + */ + predicate cookieSetNode(DataFlow::Node node, string attrib, boolean value) { + exists(FlowSummaryNode summaryNode, CallExprBase ce, int arg, DataFlow::Node argNode | + // decode the models-as-data `OptionalBarrier` + cookieOptionalBarrier(summaryNode, attrib, arg) and + // find a call and arg referenced by this optional barrier + ce.getStaticTarget() = summaryNode.getSummarizedCallable() and + ce.getArg(arg) = argNode.asExpr().getExpr() and + // check if the argument is always `true` + ( + if + forex(DataFlow::Node argSourceNode, BooleanLiteralExpr argSourceValue | + DataFlow::localFlow(argSourceNode, argNode) and + argSourceValue = argSourceNode.asExpr().getExpr() + | + argSourceValue.getTextValue() = "true" + ) + then value = true // `true` flows to here + else value = false // `false`, unknown, or multiple values + ) and + // and find the node where this happens (we can't just use the flow summary node, since its + // shared across all calls to the modeled function, we need a node specific to this call) + ( + node.asExpr().getExpr() = ce.(MethodCallExpr).getReceiver() // e.g. `a` in `a.set_secure(true)` + or + exists(BasicBlock bb, int i | + // associated SSA node + node.(SsaNode).asDefinition().definesAt(_, bb, i) and + ce.(MethodCallExpr).getReceiver() = bb.getNode(i).getAstNode() + ) + ) + ) + } +} diff --git a/rust/ql/lib/qlpack.yml b/rust/ql/lib/qlpack.yml index 3c3ba893b14..61c2ed8e81e 100644 --- a/rust/ql/lib/qlpack.yml +++ b/rust/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rust-all -version: 0.1.17 +version: 0.1.18-dev groups: rust extractor: rust dbscheme: rust.dbscheme diff --git a/rust/ql/lib/utils/test/PathResolutionInlineExpectationsTest.qll b/rust/ql/lib/utils/test/PathResolutionInlineExpectationsTest.qll index df668194c07..f7606b941ac 100644 --- a/rust/ql/lib/utils/test/PathResolutionInlineExpectationsTest.qll +++ b/rust/ql/lib/utils/test/PathResolutionInlineExpectationsTest.qll @@ -19,7 +19,8 @@ private module ResolveTest implements TestSig { exists(Comment c | c.getLocation().hasLocationInfo(filepath, line, _, _, _) and c.getCommentText().trim() = text and - c.fromSource() + c.fromSource() and + not text.matches("$%") ) } diff --git a/rust/ql/src/change-notes/2025-09-19-insecure-cookie.md b/rust/ql/src/change-notes/2025-09-19-insecure-cookie.md new file mode 100644 index 00000000000..d84da707c43 --- /dev/null +++ b/rust/ql/src/change-notes/2025-09-19-insecure-cookie.md @@ -0,0 +1,4 @@ +--- +category: newQuery +--- +* Added a new query, `rust/insecure-cookie`, to detect cookies created without the 'Secure' attribute. diff --git a/rust/ql/src/qlpack.yml b/rust/ql/src/qlpack.yml index 09d251a5cb1..57d3e972fc6 100644 --- a/rust/ql/src/qlpack.yml +++ b/rust/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rust-queries -version: 0.1.17 +version: 0.1.18-dev groups: - rust - queries diff --git a/rust/ql/src/queries/security/CWE-614/InsecureCookie.qhelp b/rust/ql/src/queries/security/CWE-614/InsecureCookie.qhelp new file mode 100644 index 00000000000..561b334c510 --- /dev/null +++ b/rust/ql/src/queries/security/CWE-614/InsecureCookie.qhelp @@ -0,0 +1,33 @@ + + + + +

Failing to set the 'Secure' attribute on a cookie allows it to be transmitted over an unencrypted (HTTP) connection. If an attacker can observe a user's network traffic, they can access sensitive information in the cookie and potentially use it to impersonate the user.

+ + + + +

Always set the cookie 'Secure' attribute so that the browser only sends the cookie over HTTPS.

+ + + + +

The following example creates a cookie using the cookie crate without the 'Secure' attribute:

+ + + +

In the fixed example, we either call secure(true) on the CookieBuilder or set_secure(true) on the Cookie itself:

+ + + + + + +
  • MDN Web Docs: Using HTTP cookies.
    • +
  • OWASP Cheat Sheet Series: Session Management Cheat Sheet - Transport Layer Security.
    • +
  • MDN Web Docs: Set-Cookie header - Secure.
    • + +     +     diff --git a/rust/ql/src/queries/security/CWE-614/InsecureCookie.ql b/rust/ql/src/queries/security/CWE-614/InsecureCookie.ql new file mode 100644 index 00000000000..e2d7288db45 --- /dev/null +++ b/rust/ql/src/queries/security/CWE-614/InsecureCookie.ql @@ -0,0 +1,90 @@ +/** + * @name 'Secure' attribute is not set to true + * @description Omitting the 'Secure' attribute allows data to be transmitted insecurely + * using HTTP. Always set 'Secure' to 'true' to ensure that HTTPS + * is used at all times. + * @kind path-problem + * @problem.severity error + * @security-severity 7.5 + * @precision high + * @id rust/insecure-cookie + * @tags security + * external/cwe/cwe-319 + * external/cwe/cwe-614 + */ + +import rust +import codeql.rust.dataflow.DataFlow +import codeql.rust.dataflow.TaintTracking +import codeql.rust.security.InsecureCookieExtensions + +/** + * A data flow configuration for tracking values representing cookies without the + * 'secure' attribute set. This is the primary data flow configuration for this + * query. + */ +module InsecureCookieConfig implements DataFlow::ConfigSig { + import InsecureCookie + + predicate isSource(DataFlow::Node node) { + // creation of a cookie or cookie configuration with default, insecure settings + node instanceof Source + or + // setting the 'secure' attribute to false (or an unknown value) + cookieSetNode(node, "secure", false) + } + + predicate isSink(DataFlow::Node node) { + // use of a cookie or cookie configuration + node instanceof Sink + } + + predicate isBarrier(DataFlow::Node node) { + // setting the 'secure' attribute to true + cookieSetNode(node, "secure", true) + or + node instanceof Barrier + } + + predicate observeDiffInformedIncrementalMode() { any() } +} + +/** + * A data flow configuration for tracking values representing cookies with the + * 'partitioned' attribute set. This is a secondary data flow configuration used + * to filter out unwanted results. + */ +module PartitionedCookieConfig implements DataFlow::ConfigSig { + import InsecureCookie + + predicate isSource(DataFlow::Node node) { + // setting the 'partitioned' attribute to true + cookieSetNode(node, "partitioned", true) + } + + predicate isSink(DataFlow::Node node) { + // use of a cookie or cookie configuration + node instanceof Sink + } + + predicate isBarrier(DataFlow::Node node) { + // setting the 'partitioned' attribute to false (or an unknown value) + cookieSetNode(node, "partitioned", false) + or + node instanceof Barrier + } + + predicate observeDiffInformedIncrementalMode() { any() } +} + +module InsecureCookieFlow = TaintTracking::Global; + +module PartitionedCookieFlow = TaintTracking::Global; + +import InsecureCookieFlow::PathGraph + +from InsecureCookieFlow::PathNode sourceNode, InsecureCookieFlow::PathNode sinkNode +where + InsecureCookieFlow::flowPath(sourceNode, sinkNode) and + not PartitionedCookieFlow::flow(_, sinkNode.getNode()) +select sinkNode.getNode(), sourceNode, sinkNode, "Cookie attribute 'Secure' is not set to true." diff --git a/rust/ql/src/queries/security/CWE-614/InsecureCookieBad.rs b/rust/ql/src/queries/security/CWE-614/InsecureCookieBad.rs new file mode 100644 index 00000000000..e4939f6d5c8 --- /dev/null +++ b/rust/ql/src/queries/security/CWE-614/InsecureCookieBad.rs @@ -0,0 +1,6 @@ +use cookie::Cookie; + +// BAD: creating a cookie without specifying the `secure` attribute +let cookie = Cookie::build(("session", "abcd1234")).build(); +let mut jar = cookie::CookieJar::new(); +jar.add(cookie.clone()); diff --git a/rust/ql/src/queries/security/CWE-614/InsecureCookieGood.rs b/rust/ql/src/queries/security/CWE-614/InsecureCookieGood.rs new file mode 100644 index 00000000000..886d969604c --- /dev/null +++ b/rust/ql/src/queries/security/CWE-614/InsecureCookieGood.rs @@ -0,0 +1,11 @@ +use cookie::Cookie; + +// GOOD: set the `CookieBuilder` 'Secure' attribute so that the cookie is only sent over HTTPS +let secure_cookie = Cookie::build(("session", "abcd1234")).secure(true).build(); +let mut jar = cookie::CookieJar::new(); +jar.add(secure_cookie.clone()); + +// GOOD: alternatively, set the 'Secure' attribute on an existing `Cookie` +let mut secure_cookie2 = Cookie::new("session", "abcd1234"); +secure_cookie2.set_secure(true); +jar.add(secure_cookie2); diff --git a/rust/ql/src/queries/summary/Stats.qll b/rust/ql/src/queries/summary/Stats.qll index d49e1fdde5d..7cd4fd67e24 100644 --- a/rust/ql/src/queries/summary/Stats.qll +++ b/rust/ql/src/queries/summary/Stats.qll @@ -22,14 +22,15 @@ private import codeql.rust.security.AccessInvalidPointerExtensions private import codeql.rust.security.CleartextLoggingExtensions private import codeql.rust.security.CleartextStorageDatabaseExtensions private import codeql.rust.security.CleartextTransmissionExtensions -private import codeql.rust.security.RequestForgeryExtensions +private import codeql.rust.security.HardcodedCryptographicValueExtensions +private import codeql.rust.security.InsecureCookieExtensions private import codeql.rust.security.LogInjectionExtensions +private import codeql.rust.security.RequestForgeryExtensions private import codeql.rust.security.SqlInjectionExtensions private import codeql.rust.security.TaintedPathExtensions private import codeql.rust.security.UncontrolledAllocationSizeExtensions private import codeql.rust.security.UseOfHttpExtensions private import codeql.rust.security.WeakSensitiveDataHashingExtensions -private import codeql.rust.security.HardcodedCryptographicValueExtensions /** * Gets a count of the total number of lines of code in the database. diff --git a/rust/ql/test/extractor-tests/crate_graph/crates.expected b/rust/ql/test/extractor-tests/crate_graph/crates.expected index 21c662bb425..f4bd0ae031b 100644 --- a/rust/ql/test/extractor-tests/crate_graph/crates.expected +++ b/rust/ql/test/extractor-tests/crate_graph/crates.expected @@ -1,10 +1,6 @@ #-----| Crate(alloc@0.0.0) #-----| core -> Crate(core@0.0.0) -#-----| compiler_builtins -> Crate(compiler_builtins@0.1.146) -#-----| rand -> Crate(rand@0.9.0) -#-----| rand_xorshift -> Crate(rand_xorshift@0.4.0) - -#-----| Crate(allocator_api2@0.2.21) +#-----| compiler_builtins -> Crate(compiler_builtins@0.1.160) #-----| Crate(block_buffer@0.10.4) #-----| proc_macro -> Crate(proc_macro@0.0.0) @@ -14,10 +10,6 @@ #-----| test -> Crate(test@0.0.0) #-----| generic_array -> Crate(generic_array@0.14.7) -#-----| Crate(cfg_if@1.0.0) -#-----| core -> Crate(core@0.0.0) -#-----| compiler_builtins -> Crate(compiler_builtins@0.1.146) - #-----| Crate(cfg_if@1.0.1) #-----| proc_macro -> Crate(proc_macro@0.0.0) #-----| alloc -> Crate(alloc@0.0.0) @@ -25,7 +17,10 @@ #-----| std -> Crate(std@0.0.0) #-----| test -> Crate(test@0.0.0) -#-----| Crate(compiler_builtins@0.1.146) +#-----| Crate(cfg_if@1.0.1) +#-----| core -> Crate(core@0.0.0) + +#-----| Crate(compiler_builtins@0.1.160) #-----| core -> Crate(core@0.0.0) #-----| Crate(core@0.0.0) @@ -56,18 +51,16 @@ #-----| test -> Crate(test@0.0.0) #-----| typenum -> Crate(typenum@1.18.0) -#-----| Crate(getopts@0.2.21) +#-----| Crate(getopts@0.2.23) #-----| core -> Crate(core@0.0.0) #-----| std -> Crate(std@0.0.0) -#-----| unicode_width -> Crate(unicode_width@0.1.14) +#-----| unicode_width -> Crate(unicode_width@0.2.1) -#-----| Crate(hashbrown@0.15.2) -#-----| allocator_api2 -> Crate(allocator_api2@0.2.21) +#-----| Crate(hashbrown@0.15.4) #-----| alloc -> Crate(alloc@0.0.0) #-----| core -> Crate(core@0.0.0) -#-----| compiler_builtins -> Crate(compiler_builtins@0.1.146) -#-----| Crate(libc@0.2.169) +#-----| Crate(libc@0.2.174) #-----| rustc_std_workspace_core -> Crate(core@0.0.0) main.rs: @@ -98,48 +91,44 @@ main.rs: #-----| test -> Crate(test@0.0.0) #-----| Crate(panic_abort@0.0.0) -#-----| alloc -> Crate(alloc@0.0.0) #-----| core -> Crate(core@0.0.0) -#-----| compiler_builtins -> Crate(compiler_builtins@0.1.146) -#-----| cfg_if -> Crate(cfg_if@1.0.0) -#-----| libc -> Crate(libc@0.2.169) #-----| Crate(panic_unwind@0.0.0) #-----| alloc -> Crate(alloc@0.0.0) #-----| core -> Crate(core@0.0.0) -#-----| compiler_builtins -> Crate(compiler_builtins@0.1.146) -#-----| cfg_if -> Crate(cfg_if@1.0.0) -#-----| libc -> Crate(libc@0.2.169) +#-----| cfg_if -> Crate(cfg_if@1.0.1) +#-----| libc -> Crate(libc@0.2.174) #-----| unwind -> Crate(unwind@0.0.0) #-----| Crate(proc_macro@0.0.0) #-----| core -> Crate(core@0.0.0) #-----| std -> Crate(std@0.0.0) +#-----| rustc_literal_escaper -> Crate(rustc_literal_escaper@0.0.5) -#-----| Crate(rand@0.9.0) -#-----| zerocopy -> Crate(zerocopy@0.8.17) -#-----| rand_core -> Crate(rand_core@0.9.0) +#-----| Crate(rand@0.9.2) +#-----| rand_core -> Crate(rand_core@0.9.3) -#-----| Crate(rand_core@0.9.0) -#-----| zerocopy -> Crate(zerocopy@0.8.17) +#-----| Crate(rand_core@0.9.3) #-----| Crate(rand_xorshift@0.4.0) -#-----| rand_core -> Crate(rand_core@0.9.0) +#-----| rand_core -> Crate(rand_core@0.9.3) -#-----| Crate(rustc_demangle@0.1.24) +#-----| Crate(rustc_demangle@0.1.25) #-----| core -> Crate(core@0.0.0) -#-----| compiler_builtins -> Crate(compiler_builtins@0.1.146) + +#-----| Crate(rustc_literal_escaper@0.0.5) +#-----| core -> Crate(core@0.0.0) +#-----| std -> Crate(std@0.0.0) #-----| Crate(std@0.0.0) #-----| alloc -> Crate(alloc@0.0.0) #-----| core -> Crate(core@0.0.0) -#-----| compiler_builtins -> Crate(compiler_builtins@0.1.146) -#-----| cfg_if -> Crate(cfg_if@1.0.0) -#-----| hashbrown -> Crate(hashbrown@0.15.2) -#-----| libc -> Crate(libc@0.2.169) -#-----| rand -> Crate(rand@0.9.0) +#-----| cfg_if -> Crate(cfg_if@1.0.1) +#-----| hashbrown -> Crate(hashbrown@0.15.4) +#-----| libc -> Crate(libc@0.2.174) +#-----| rand -> Crate(rand@0.9.2) #-----| rand_xorshift -> Crate(rand_xorshift@0.4.0) -#-----| rustc_demangle -> Crate(rustc_demangle@0.1.24) +#-----| rustc_demangle -> Crate(rustc_demangle@0.1.25) #-----| panic_abort -> Crate(panic_abort@0.0.0) #-----| unwind -> Crate(unwind@0.0.0) #-----| panic_unwind -> Crate(panic_unwind@0.0.0) @@ -148,15 +137,14 @@ main.rs: #-----| Crate(std_detect@0.1.5) #-----| alloc -> Crate(alloc@0.0.0) #-----| core -> Crate(core@0.0.0) -#-----| compiler_builtins -> Crate(compiler_builtins@0.1.146) -#-----| cfg_if -> Crate(cfg_if@1.0.0) -#-----| libc -> Crate(libc@0.2.169) +#-----| cfg_if -> Crate(cfg_if@1.0.1) +#-----| libc -> Crate(libc@0.2.174) #-----| Crate(test@0.0.0) #-----| core -> Crate(core@0.0.0) #-----| std -> Crate(std@0.0.0) -#-----| getopts -> Crate(getopts@0.2.21) -#-----| libc -> Crate(libc@0.2.169) +#-----| getopts -> Crate(getopts@0.2.23) +#-----| libc -> Crate(libc@0.2.174) lib.rs: # 0| Crate(test@0.0.1) @@ -175,16 +163,14 @@ lib.rs: #-----| std -> Crate(std@0.0.0) #-----| test -> Crate(test@0.0.0) -#-----| Crate(unicode_width@0.1.14) +#-----| Crate(unicode_width@0.2.1) #-----| core -> Crate(core@0.0.0) #-----| std -> Crate(std@0.0.0) -#-----| compiler_builtins -> Crate(compiler_builtins@0.1.146) #-----| Crate(unwind@0.0.0) #-----| core -> Crate(core@0.0.0) -#-----| compiler_builtins -> Crate(compiler_builtins@0.1.146) -#-----| cfg_if -> Crate(cfg_if@1.0.0) -#-----| libc -> Crate(libc@0.2.169) +#-----| cfg_if -> Crate(cfg_if@1.0.1) +#-----| libc -> Crate(libc@0.2.174) #-----| Crate(version_check@0.9.5) #-----| proc_macro -> Crate(proc_macro@0.0.0) @@ -192,5 +178,3 @@ lib.rs: #-----| core -> Crate(core@0.0.0) #-----| std -> Crate(std@0.0.0) #-----| test -> Crate(test@0.0.0) - -#-----| Crate(zerocopy@0.8.17) diff --git a/rust/ql/test/extractor-tests/generated/.generated_tests.list b/rust/ql/test/extractor-tests/generated/.generated_tests.list index c0e2d095be6..2fcb0b79be4 100644 --- a/rust/ql/test/extractor-tests/generated/.generated_tests.list +++ b/rust/ql/test/extractor-tests/generated/.generated_tests.list @@ -114,7 +114,7 @@ SlicePat/gen_slice_pat.rs df4a6692f5100aa11dd777561400ce71e37b85f2363b0638c21975 SliceTypeRepr/gen_slice_type_repr.rs 4a85402d40028c5a40ef35018453a89700b2171bc62fd86587378484831b969f 4a85402d40028c5a40ef35018453a89700b2171bc62fd86587378484831b969f SourceFile/gen_source_file.rs c0469cc8f0ecce3dd2e77963216d7e8808046014533359a44c1698e48783b420 c0469cc8f0ecce3dd2e77963216d7e8808046014533359a44c1698e48783b420 Static/gen_static.rs 21314018ea184c1ddcb594d67bab97ae18ceaf663d9f120f39ff755d389dde7a 21314018ea184c1ddcb594d67bab97ae18ceaf663d9f120f39ff755d389dde7a -StmtList/gen_stmt_list.rs adbd82045a50e2051434ce3cdd524c9f2c6ad9f3dd02b4766fb107e2e99212db adbd82045a50e2051434ce3cdd524c9f2c6ad9f3dd02b4766fb107e2e99212db +StmtList/gen_stmt_list.rs 1051a20a90b59142e3fddfbbabd0eff586586b1812c6ab788c5391153bab8851 1051a20a90b59142e3fddfbbabd0eff586586b1812c6ab788c5391153bab8851 Struct/gen_struct.rs 5e181e90075f716c04c75e4ef0334abe3d5f419cd9ccfadfe595c09fab33566b 5e181e90075f716c04c75e4ef0334abe3d5f419cd9ccfadfe595c09fab33566b StructExpr/gen_struct_expr.rs e7824008b0b73d02f6243fd8a18e0ef93c63bfe775a878fc2679c3870fc342fd e7824008b0b73d02f6243fd8a18e0ef93c63bfe775a878fc2679c3870fc342fd StructExprField/gen_struct_expr_field.rs 4ccca8e8ad462b4873f5604f0afdd1836027b8d39e36fbe7d6624ef3e744a084 4ccca8e8ad462b4873f5604f0afdd1836027b8d39e36fbe7d6624ef3e744a084 diff --git a/rust/ql/test/extractor-tests/generated/StmtList/StmtList.expected b/rust/ql/test/extractor-tests/generated/StmtList/StmtList.expected index 02f322734ca..5c5d77a34ed 100644 --- a/rust/ql/test/extractor-tests/generated/StmtList/StmtList.expected +++ b/rust/ql/test/extractor-tests/generated/StmtList/StmtList.expected @@ -1,9 +1,10 @@ instances -| gen_stmt_list.rs:3:27:12:1 | StmtList | -| gen_stmt_list.rs:7:5:10:5 | StmtList | +| gen_stmt_list.rs:3:27:14:1 | StmtList | +| gen_stmt_list.rs:8:5:12:5 | StmtList | getAttr getStatement -| gen_stmt_list.rs:7:5:10:5 | StmtList | 0 | gen_stmt_list.rs:8:9:8:18 | let ... = 1 | -| gen_stmt_list.rs:7:5:10:5 | StmtList | 1 | gen_stmt_list.rs:9:9:9:18 | let ... = 2 | +| gen_stmt_list.rs:8:5:12:5 | StmtList | 0 | gen_stmt_list.rs:9:9:9:18 | let ... = 1 | +| gen_stmt_list.rs:8:5:12:5 | StmtList | 1 | gen_stmt_list.rs:10:9:10:18 | let ... = 2 | getTailExpr -| gen_stmt_list.rs:3:27:12:1 | StmtList | gen_stmt_list.rs:7:5:10:5 | { ... } | +| gen_stmt_list.rs:3:27:14:1 | StmtList | gen_stmt_list.rs:8:5:12:5 | { ... } | +| gen_stmt_list.rs:8:5:12:5 | StmtList | gen_stmt_list.rs:11:9:11:13 | ... + ... | diff --git a/rust/ql/test/extractor-tests/generated/StmtList/gen_stmt_list.rs b/rust/ql/test/extractor-tests/generated/StmtList/gen_stmt_list.rs index 8cc83732b62..9802e4bc995 100644 --- a/rust/ql/test/extractor-tests/generated/StmtList/gen_stmt_list.rs +++ b/rust/ql/test/extractor-tests/generated/StmtList/gen_stmt_list.rs @@ -1,12 +1,14 @@ // generated by codegen, do not edit fn test_stmt_list() -> () { - // A list of statements in a block. + // A list of statements in a block, with an optional tail expression at the + // end that determines the block's value. // // For example: { let x = 1; let y = 2; + x + y } // ^^^^^^^^^ } diff --git a/rust/ql/test/extractor-tests/macro-expansion/CONSISTENCY/PathResolutionConsistency.expected b/rust/ql/test/extractor-tests/macro-expansion/CONSISTENCY/PathResolutionConsistency.expected index 354e6e0a4d2..141cfc355b9 100644 --- a/rust/ql/test/extractor-tests/macro-expansion/CONSISTENCY/PathResolutionConsistency.expected +++ b/rust/ql/test/extractor-tests/macro-expansion/CONSISTENCY/PathResolutionConsistency.expected @@ -1,8 +1,2 @@ multipleCallTargets -| proc_macro.rs:15:5:15:10 | ...::new(...) | -| proc_macro.rs:25:5:25:10 | ...::new(...) | -| proc_macro.rs:41:5:41:10 | ...::new(...) | -| proc_macro.rs:41:5:41:10 | ...::new(...) | -| proc_macro.rs:41:5:41:10 | ...::new(...) | -| proc_macro.rs:41:5:41:10 | ...::new(...) | | proc_macro.rs:44:27:44:30 | ...::to_tokens(...) | diff --git a/rust/ql/test/extractor-tests/macro-expansion/PrintAst.expected b/rust/ql/test/extractor-tests/macro-expansion/PrintAst.expected index fbd7a97918a..f7a56a93abf 100644 --- a/rust/ql/test/extractor-tests/macro-expansion/PrintAst.expected +++ b/rust/ql/test/extractor-tests/macro-expansion/PrintAst.expected @@ -635,47 +635,40 @@ macro_expansion.rs: # 56| getArgList(): [ArgList] ArgList # 56| getArg(0): [BlockExpr] { ... } # 56| getStmtList(): [StmtList] StmtList -# 56| getStatement(0): [LetStmt] let ... = ... -# 56| getInitializer(): [CallExpr] ...::format(...) -# 56| getArgList(): [ArgList] ArgList -# 56| getArg(0): [MacroExpr] MacroExpr -# 56| getMacroCall(): [MacroCall] ...::format_args!... -# 55| getPath(): [Path] ...::format_args -# 55| getQualifier(): [Path] ...::__export -# 55| getQualifier(): [Path] $crate -# 55| getSegment(): [PathSegment] $crate -# 55| getIdentifier(): [NameRef] $crate -# 55| getSegment(): [PathSegment] __export -# 55| getIdentifier(): [NameRef] __export -# 55| getSegment(): [PathSegment] format_args -# 55| getIdentifier(): [NameRef] format_args -# 56| getTokenTree(): [TokenTree] TokenTree -# 56| getMacroCallExpansion(): [FormatArgsExpr] FormatArgsExpr -# 57| getArg(0): [FormatArgsArg] FormatArgsArg -# 57| getExpr(): [StringLiteralExpr] "hi" -# 56| getTemplate(): [ParenExpr] (...) -# 56| getExpr(): [MacroExpr] MacroExpr -# 56| getMacroCall(): [MacroCall] concat!... -# 56| getPath(): [Path] concat -# 56| getSegment(): [PathSegment] concat -# 56| getIdentifier(): [NameRef] concat -# 56| getTokenTree(): [TokenTree] TokenTree -# 55| getFunction(): [PathExpr] ...::format -# 55| getPath(): [Path] ...::format -# 55| getQualifier(): [Path] ...::fmt -# 55| getQualifier(): [Path] $crate -# 55| getSegment(): [PathSegment] $crate -# 55| getIdentifier(): [NameRef] $crate -# 55| getSegment(): [PathSegment] fmt -# 55| getIdentifier(): [NameRef] fmt -# 55| getSegment(): [PathSegment] format -# 55| getIdentifier(): [NameRef] format -# 55| getPat(): [IdentPat] res -# 55| getName(): [Name] res -# 55| getTailExpr(): [PathExpr,VariableAccess] res -# 55| getPath(): [Path] res -# 55| getSegment(): [PathSegment] res -# 55| getIdentifier(): [NameRef] res +# 56| getTailExpr(): [CallExpr] ...::format(...) +# 56| getArgList(): [ArgList] ArgList +# 56| getArg(0): [MacroExpr] MacroExpr +# 56| getMacroCall(): [MacroCall] ...::format_args!... +# 55| getPath(): [Path] ...::format_args +# 55| getQualifier(): [Path] ...::__export +# 55| getQualifier(): [Path] $crate +# 55| getSegment(): [PathSegment] $crate +# 55| getIdentifier(): [NameRef] $crate +# 55| getSegment(): [PathSegment] __export +# 55| getIdentifier(): [NameRef] __export +# 55| getSegment(): [PathSegment] format_args +# 55| getIdentifier(): [NameRef] format_args +# 56| getTokenTree(): [TokenTree] TokenTree +# 56| getMacroCallExpansion(): [FormatArgsExpr] FormatArgsExpr +# 57| getArg(0): [FormatArgsArg] FormatArgsArg +# 57| getExpr(): [StringLiteralExpr] "hi" +# 56| getTemplate(): [ParenExpr] (...) +# 56| getExpr(): [MacroExpr] MacroExpr +# 56| getMacroCall(): [MacroCall] concat!... +# 56| getPath(): [Path] concat +# 56| getSegment(): [PathSegment] concat +# 56| getIdentifier(): [NameRef] concat +# 56| getTokenTree(): [TokenTree] TokenTree +# 55| getFunction(): [PathExpr] ...::format +# 55| getPath(): [Path] ...::format +# 55| getQualifier(): [Path] ...::fmt +# 55| getQualifier(): [Path] $crate +# 55| getSegment(): [PathSegment] $crate +# 55| getIdentifier(): [NameRef] $crate +# 55| getSegment(): [PathSegment] fmt +# 55| getIdentifier(): [NameRef] fmt +# 55| getSegment(): [PathSegment] format +# 55| getIdentifier(): [NameRef] format # 55| getFunction(): [PathExpr] ...::must_use # 55| getPath(): [Path] ...::must_use # 55| getQualifier(): [Path] ...::__export @@ -1388,55 +1381,48 @@ proc_macro.rs: # 11| getArgList(): [ArgList] ArgList # 11| getArg(0): [BlockExpr] { ... } # 11| getStmtList(): [StmtList] StmtList -# 11| getStatement(0): [LetStmt] let ... = ... -# 11| getInitializer(): [CallExpr] ...::format(...) -# 11| getArgList(): [ArgList] ArgList -# 11| getArg(0): [MacroExpr] MacroExpr -# 11| getMacroCall(): [MacroCall] ...::format_args!... -# 11| getPath(): [Path] ...::format_args -# 11| getQualifier(): [Path] ...::__export -# 11| getQualifier(): [Path] $crate -# 11| getSegment(): [PathSegment] $crate -# 11| getIdentifier(): [NameRef] $crate -# 11| getSegment(): [PathSegment] __export -# 11| getIdentifier(): [NameRef] __export -# 11| getSegment(): [PathSegment] format_args -# 11| getIdentifier(): [NameRef] format_args -# 11| getTokenTree(): [TokenTree] TokenTree -# 11| getMacroCallExpansion(): [FormatArgsExpr] FormatArgsExpr -# 11| getArg(0): [FormatArgsArg] FormatArgsArg -# 11| getExpr(): [FieldExpr] ... .ident -# 11| getContainer(): [FieldExpr] ast.sig -# 11| getContainer(): [PathExpr,VariableAccess] ast -# 11| getPath(): [Path] ast -# 11| getSegment(): [PathSegment] ast -# 11| getIdentifier(): [NameRef] ast -# 11| getIdentifier(): [NameRef] sig -# 11| getIdentifier(): [NameRef] ident -# 11| getArg(1): [FormatArgsArg] FormatArgsArg -# 11| getExpr(): [PathExpr,VariableAccess] i -# 11| getPath(): [Path] i -# 11| getSegment(): [PathSegment] i -# 11| getIdentifier(): [NameRef] i -# 11| getTemplate(): [StringLiteralExpr] "{}_{}" -# 11| getFormat(0): [Format] {} -# 11| getFormat(1): [Format] {} -# 11| getFunction(): [PathExpr] ...::format -# 11| getPath(): [Path] ...::format -# 11| getQualifier(): [Path] ...::fmt -# 11| getQualifier(): [Path] $crate -# 11| getSegment(): [PathSegment] $crate -# 11| getIdentifier(): [NameRef] $crate -# 11| getSegment(): [PathSegment] fmt -# 11| getIdentifier(): [NameRef] fmt -# 11| getSegment(): [PathSegment] format -# 11| getIdentifier(): [NameRef] format -# 11| getPat(): [IdentPat] res -# 11| getName(): [Name] res -# 11| getTailExpr(): [PathExpr,VariableAccess] res -# 11| getPath(): [Path] res -# 11| getSegment(): [PathSegment] res -# 11| getIdentifier(): [NameRef] res +# 11| getTailExpr(): [CallExpr] ...::format(...) +# 11| getArgList(): [ArgList] ArgList +# 11| getArg(0): [MacroExpr] MacroExpr +# 11| getMacroCall(): [MacroCall] ...::format_args!... +# 11| getPath(): [Path] ...::format_args +# 11| getQualifier(): [Path] ...::__export +# 11| getQualifier(): [Path] $crate +# 11| getSegment(): [PathSegment] $crate +# 11| getIdentifier(): [NameRef] $crate +# 11| getSegment(): [PathSegment] __export +# 11| getIdentifier(): [NameRef] __export +# 11| getSegment(): [PathSegment] format_args +# 11| getIdentifier(): [NameRef] format_args +# 11| getTokenTree(): [TokenTree] TokenTree +# 11| getMacroCallExpansion(): [FormatArgsExpr] FormatArgsExpr +# 11| getArg(0): [FormatArgsArg] FormatArgsArg +# 11| getExpr(): [FieldExpr] ... .ident +# 11| getContainer(): [FieldExpr] ast.sig +# 11| getContainer(): [PathExpr,VariableAccess] ast +# 11| getPath(): [Path] ast +# 11| getSegment(): [PathSegment] ast +# 11| getIdentifier(): [NameRef] ast +# 11| getIdentifier(): [NameRef] sig +# 11| getIdentifier(): [NameRef] ident +# 11| getArg(1): [FormatArgsArg] FormatArgsArg +# 11| getExpr(): [PathExpr,VariableAccess] i +# 11| getPath(): [Path] i +# 11| getSegment(): [PathSegment] i +# 11| getIdentifier(): [NameRef] i +# 11| getTemplate(): [StringLiteralExpr] "{}_{}" +# 11| getFormat(0): [Format] {} +# 11| getFormat(1): [Format] {} +# 11| getFunction(): [PathExpr] ...::format +# 11| getPath(): [Path] ...::format +# 11| getQualifier(): [Path] ...::fmt +# 11| getQualifier(): [Path] $crate +# 11| getSegment(): [PathSegment] $crate +# 11| getIdentifier(): [NameRef] $crate +# 11| getSegment(): [PathSegment] fmt +# 11| getIdentifier(): [NameRef] fmt +# 11| getSegment(): [PathSegment] format +# 11| getIdentifier(): [NameRef] format # 11| getFunction(): [PathExpr] ...::must_use # 11| getPath(): [Path] ...::must_use # 11| getQualifier(): [Path] ...::__export @@ -2245,49 +2231,42 @@ proc_macro.rs: # 24| getArgList(): [ArgList] ArgList # 24| getArg(0): [BlockExpr] { ... } # 24| getStmtList(): [StmtList] StmtList -# 24| getStatement(0): [LetStmt] let ... = ... -# 24| getInitializer(): [CallExpr] ...::format(...) -# 24| getArgList(): [ArgList] ArgList -# 24| getArg(0): [MacroExpr] MacroExpr -# 24| getMacroCall(): [MacroCall] ...::format_args!... -# 24| getPath(): [Path] ...::format_args -# 24| getQualifier(): [Path] ...::__export -# 24| getQualifier(): [Path] $crate -# 24| getSegment(): [PathSegment] $crate -# 24| getIdentifier(): [NameRef] $crate -# 24| getSegment(): [PathSegment] __export -# 24| getIdentifier(): [NameRef] __export -# 24| getSegment(): [PathSegment] format_args -# 24| getIdentifier(): [NameRef] format_args -# 24| getTokenTree(): [TokenTree] TokenTree -# 24| getMacroCallExpansion(): [FormatArgsExpr] FormatArgsExpr -# 24| getArg(0): [FormatArgsArg] FormatArgsArg -# 24| getExpr(): [FieldExpr] ... .ident -# 24| getContainer(): [FieldExpr] ast.sig -# 24| getContainer(): [PathExpr,VariableAccess] ast -# 24| getPath(): [Path] ast -# 24| getSegment(): [PathSegment] ast -# 24| getIdentifier(): [NameRef] ast -# 24| getIdentifier(): [NameRef] sig -# 24| getIdentifier(): [NameRef] ident -# 24| getTemplate(): [StringLiteralExpr] "{}_new" -# 24| getFormat(0): [Format] {} -# 24| getFunction(): [PathExpr] ...::format -# 24| getPath(): [Path] ...::format -# 24| getQualifier(): [Path] ...::fmt -# 24| getQualifier(): [Path] $crate -# 24| getSegment(): [PathSegment] $crate -# 24| getIdentifier(): [NameRef] $crate -# 24| getSegment(): [PathSegment] fmt -# 24| getIdentifier(): [NameRef] fmt -# 24| getSegment(): [PathSegment] format -# 24| getIdentifier(): [NameRef] format -# 24| getPat(): [IdentPat] res -# 24| getName(): [Name] res -# 24| getTailExpr(): [PathExpr,VariableAccess] res -# 24| getPath(): [Path] res -# 24| getSegment(): [PathSegment] res -# 24| getIdentifier(): [NameRef] res +# 24| getTailExpr(): [CallExpr] ...::format(...) +# 24| getArgList(): [ArgList] ArgList +# 24| getArg(0): [MacroExpr] MacroExpr +# 24| getMacroCall(): [MacroCall] ...::format_args!... +# 24| getPath(): [Path] ...::format_args +# 24| getQualifier(): [Path] ...::__export +# 24| getQualifier(): [Path] $crate +# 24| getSegment(): [PathSegment] $crate +# 24| getIdentifier(): [NameRef] $crate +# 24| getSegment(): [PathSegment] __export +# 24| getIdentifier(): [NameRef] __export +# 24| getSegment(): [PathSegment] format_args +# 24| getIdentifier(): [NameRef] format_args +# 24| getTokenTree(): [TokenTree] TokenTree +# 24| getMacroCallExpansion(): [FormatArgsExpr] FormatArgsExpr +# 24| getArg(0): [FormatArgsArg] FormatArgsArg +# 24| getExpr(): [FieldExpr] ... .ident +# 24| getContainer(): [FieldExpr] ast.sig +# 24| getContainer(): [PathExpr,VariableAccess] ast +# 24| getPath(): [Path] ast +# 24| getSegment(): [PathSegment] ast +# 24| getIdentifier(): [NameRef] ast +# 24| getIdentifier(): [NameRef] sig +# 24| getIdentifier(): [NameRef] ident +# 24| getTemplate(): [StringLiteralExpr] "{}_new" +# 24| getFormat(0): [Format] {} +# 24| getFunction(): [PathExpr] ...::format +# 24| getPath(): [Path] ...::format +# 24| getQualifier(): [Path] ...::fmt +# 24| getQualifier(): [Path] $crate +# 24| getSegment(): [PathSegment] $crate +# 24| getIdentifier(): [NameRef] $crate +# 24| getSegment(): [PathSegment] fmt +# 24| getIdentifier(): [NameRef] fmt +# 24| getSegment(): [PathSegment] format +# 24| getIdentifier(): [NameRef] format # 24| getFunction(): [PathExpr] ...::must_use # 24| getPath(): [Path] ...::must_use # 24| getQualifier(): [Path] ...::__export @@ -2707,45 +2686,38 @@ proc_macro.rs: # 40| getArgList(): [ArgList] ArgList # 40| getArg(0): [BlockExpr] { ... } # 40| getStmtList(): [StmtList] StmtList -# 40| getStatement(0): [LetStmt] let ... = ... -# 40| getInitializer(): [CallExpr] ...::format(...) -# 40| getArgList(): [ArgList] ArgList -# 40| getArg(0): [MacroExpr] MacroExpr -# 40| getMacroCall(): [MacroCall] ...::format_args!... -# 40| getPath(): [Path] ...::format_args -# 40| getQualifier(): [Path] ...::__export -# 40| getQualifier(): [Path] $crate -# 40| getSegment(): [PathSegment] $crate -# 40| getIdentifier(): [NameRef] $crate -# 40| getSegment(): [PathSegment] __export -# 40| getIdentifier(): [NameRef] __export -# 40| getSegment(): [PathSegment] format_args -# 40| getIdentifier(): [NameRef] format_args -# 40| getTokenTree(): [TokenTree] TokenTree -# 40| getMacroCallExpansion(): [FormatArgsExpr] FormatArgsExpr -# 40| getArg(0): [FormatArgsArg] FormatArgsArg -# 40| getExpr(): [PathExpr,VariableAccess] name -# 40| getPath(): [Path] name -# 40| getSegment(): [PathSegment] name -# 40| getIdentifier(): [NameRef] name -# 40| getTemplate(): [StringLiteralExpr] "CONST_{}" -# 40| getFormat(0): [Format] {} -# 40| getFunction(): [PathExpr] ...::format -# 40| getPath(): [Path] ...::format -# 40| getQualifier(): [Path] ...::fmt -# 40| getQualifier(): [Path] $crate -# 40| getSegment(): [PathSegment] $crate -# 40| getIdentifier(): [NameRef] $crate -# 40| getSegment(): [PathSegment] fmt -# 40| getIdentifier(): [NameRef] fmt -# 40| getSegment(): [PathSegment] format -# 40| getIdentifier(): [NameRef] format -# 40| getPat(): [IdentPat] res -# 40| getName(): [Name] res -# 40| getTailExpr(): [PathExpr,VariableAccess] res -# 40| getPath(): [Path] res -# 40| getSegment(): [PathSegment] res -# 40| getIdentifier(): [NameRef] res +# 40| getTailExpr(): [CallExpr] ...::format(...) +# 40| getArgList(): [ArgList] ArgList +# 40| getArg(0): [MacroExpr] MacroExpr +# 40| getMacroCall(): [MacroCall] ...::format_args!... +# 40| getPath(): [Path] ...::format_args +# 40| getQualifier(): [Path] ...::__export +# 40| getQualifier(): [Path] $crate +# 40| getSegment(): [PathSegment] $crate +# 40| getIdentifier(): [NameRef] $crate +# 40| getSegment(): [PathSegment] __export +# 40| getIdentifier(): [NameRef] __export +# 40| getSegment(): [PathSegment] format_args +# 40| getIdentifier(): [NameRef] format_args +# 40| getTokenTree(): [TokenTree] TokenTree +# 40| getMacroCallExpansion(): [FormatArgsExpr] FormatArgsExpr +# 40| getArg(0): [FormatArgsArg] FormatArgsArg +# 40| getExpr(): [PathExpr,VariableAccess] name +# 40| getPath(): [Path] name +# 40| getSegment(): [PathSegment] name +# 40| getIdentifier(): [NameRef] name +# 40| getTemplate(): [StringLiteralExpr] "CONST_{}" +# 40| getFormat(0): [Format] {} +# 40| getFunction(): [PathExpr] ...::format +# 40| getPath(): [Path] ...::format +# 40| getQualifier(): [Path] ...::fmt +# 40| getQualifier(): [Path] $crate +# 40| getSegment(): [PathSegment] $crate +# 40| getIdentifier(): [NameRef] $crate +# 40| getSegment(): [PathSegment] fmt +# 40| getIdentifier(): [NameRef] fmt +# 40| getSegment(): [PathSegment] format +# 40| getIdentifier(): [NameRef] format # 40| getFunction(): [PathExpr] ...::must_use # 40| getPath(): [Path] ...::must_use # 40| getQualifier(): [Path] ...::__export diff --git a/rust/ql/test/extractor-tests/macro-expansion/test.expected b/rust/ql/test/extractor-tests/macro-expansion/test.expected index deb522796c9..930a0f443bd 100644 --- a/rust/ql/test/extractor-tests/macro-expansion/test.expected +++ b/rust/ql/test/extractor-tests/macro-expansion/test.expected @@ -1,19 +1,19 @@ attribute_macros -| macro_expansion.rs:3:1:12:1 | fn foo | 0 | macro_expansion.rs:4:1:11:14 | fn foo | -| macro_expansion.rs:3:1:12:1 | fn foo | 1 | macro_expansion.rs:4:1:11:14 | fn foo_new | -| macro_expansion.rs:7:5:8:16 | fn inner | 0 | macro_expansion.rs:8:5:8:16 | fn inner_0 | -| macro_expansion.rs:7:5:8:16 | fn inner | 0 | macro_expansion.rs:8:5:8:16 | fn inner_0 | -| macro_expansion.rs:7:5:8:16 | fn inner | 1 | macro_expansion.rs:8:5:8:16 | fn inner_1 | -| macro_expansion.rs:7:5:8:16 | fn inner | 1 | macro_expansion.rs:8:5:8:16 | fn inner_1 | -| macro_expansion.rs:14:1:16:15 | fn bar | 0 | macro_expansion.rs:15:1:16:14 | fn bar_0 | -| macro_expansion.rs:14:1:16:15 | fn bar | 1 | macro_expansion.rs:15:1:16:14 | fn bar_1 | -| macro_expansion.rs:15:1:16:14 | fn bar_0 | 0 | macro_expansion.rs:16:1:16:14 | fn bar_0 | -| macro_expansion.rs:15:1:16:14 | fn bar_0 | 1 | macro_expansion.rs:16:1:16:14 | fn bar_0_new | -| macro_expansion.rs:15:1:16:14 | fn bar_1 | 0 | macro_expansion.rs:16:1:16:14 | fn bar_1 | -| macro_expansion.rs:15:1:16:14 | fn bar_1 | 1 | macro_expansion.rs:16:1:16:14 | fn bar_1_new | -| macro_expansion.rs:31:5:34:5 | fn bzz | 0 | macro_expansion.rs:32:5:33:17 | fn bzz_0 | -| macro_expansion.rs:31:5:34:5 | fn bzz | 1 | macro_expansion.rs:32:5:33:17 | fn bzz_1 | -| macro_expansion.rs:31:5:34:5 | fn bzz | 2 | macro_expansion.rs:32:5:33:17 | fn bzz_2 | +| macro_expansion.rs:3:1:12:1 | fn foo | 0 | macro_expansion.rs:4:1:12:1 | fn foo | +| macro_expansion.rs:3:1:12:1 | fn foo | 1 | macro_expansion.rs:4:1:12:1 | fn foo_new | +| macro_expansion.rs:7:5:8:17 | fn inner | 0 | macro_expansion.rs:8:5:8:17 | fn inner_0 | +| macro_expansion.rs:7:5:8:17 | fn inner | 0 | macro_expansion.rs:8:5:8:17 | fn inner_0 | +| macro_expansion.rs:7:5:8:17 | fn inner | 1 | macro_expansion.rs:8:5:8:17 | fn inner_1 | +| macro_expansion.rs:7:5:8:17 | fn inner | 1 | macro_expansion.rs:8:5:8:17 | fn inner_1 | +| macro_expansion.rs:14:1:16:15 | fn bar | 0 | macro_expansion.rs:15:1:16:15 | fn bar_0 | +| macro_expansion.rs:14:1:16:15 | fn bar | 1 | macro_expansion.rs:15:1:16:15 | fn bar_1 | +| macro_expansion.rs:15:1:16:15 | fn bar_0 | 0 | macro_expansion.rs:16:1:16:15 | fn bar_0 | +| macro_expansion.rs:15:1:16:15 | fn bar_0 | 1 | macro_expansion.rs:16:1:16:15 | fn bar_0_new | +| macro_expansion.rs:15:1:16:15 | fn bar_1 | 0 | macro_expansion.rs:16:1:16:15 | fn bar_1 | +| macro_expansion.rs:15:1:16:15 | fn bar_1 | 1 | macro_expansion.rs:16:1:16:15 | fn bar_1_new | +| macro_expansion.rs:31:5:34:5 | fn bzz | 0 | macro_expansion.rs:32:5:34:5 | fn bzz_0 | +| macro_expansion.rs:31:5:34:5 | fn bzz | 1 | macro_expansion.rs:32:5:34:5 | fn bzz_1 | +| macro_expansion.rs:31:5:34:5 | fn bzz | 2 | macro_expansion.rs:32:5:34:5 | fn bzz_2 | derive_macros | macro_expansion.rs:83:1:86:1 | struct MyDerive | 0 | 0 | macro_expansion.rs:84:8:85:9 | impl ...::Debug for MyDerive::<...> { ... } | | macro_expansion.rs:88:1:92:1 | enum MyDeriveEnum | 0 | 0 | macro_expansion.rs:89:6:91:12 | impl ...::PartialEq for MyDeriveEnum::<...> { ... } | @@ -21,17 +21,17 @@ derive_macros | macro_expansion.rs:98:1:102:1 | union MyDeriveUnion | 0 | 0 | macro_expansion.rs:99:7:99:19 | Const | | macro_expansion.rs:98:1:102:1 | union MyDeriveUnion | 0 | 1 | macro_expansion.rs:99:7:99:19 | impl MyTrait for MyDeriveUnion { ... } | macro_calls -| macro_expansion.rs:5:9:5:34 | concat!... | macro_expansion.rs:5:17:5:34 | "Hello world!" | -| macro_expansion.rs:5:9:5:34 | concat!... | macro_expansion.rs:5:17:5:34 | "Hello world!" | +| macro_expansion.rs:5:9:5:35 | concat!... | macro_expansion.rs:5:17:5:34 | "Hello world!" | +| macro_expansion.rs:5:9:5:35 | concat!... | macro_expansion.rs:5:17:5:34 | "Hello world!" | | macro_expansion.rs:31:5:31:16 | ...::format_args_nl!... | macro_expansion.rs:31:5:31:16 | FormatArgsExpr | | macro_expansion.rs:31:5:31:16 | ...::format_args_nl!... | macro_expansion.rs:31:5:31:16 | FormatArgsExpr | | macro_expansion.rs:31:5:31:16 | ...::format_args_nl!... | macro_expansion.rs:31:5:31:16 | FormatArgsExpr | | macro_expansion.rs:31:5:31:16 | println!... | macro_expansion.rs:31:5:31:16 | MacroBlockExpr | | macro_expansion.rs:31:5:31:16 | println!... | macro_expansion.rs:31:5:31:16 | MacroBlockExpr | | macro_expansion.rs:31:5:31:16 | println!... | macro_expansion.rs:31:5:31:16 | MacroBlockExpr | -| macro_expansion.rs:33:9:33:15 | hello!... | macro_expansion.rs:31:5:31:16 | MacroBlockExpr | -| macro_expansion.rs:33:9:33:15 | hello!... | macro_expansion.rs:31:5:31:16 | MacroBlockExpr | -| macro_expansion.rs:33:9:33:15 | hello!... | macro_expansion.rs:31:5:31:16 | MacroBlockExpr | +| macro_expansion.rs:33:9:33:16 | hello!... | macro_expansion.rs:31:5:31:16 | MacroBlockExpr | +| macro_expansion.rs:33:9:33:16 | hello!... | macro_expansion.rs:31:5:31:16 | MacroBlockExpr | +| macro_expansion.rs:33:9:33:16 | hello!... | macro_expansion.rs:31:5:31:16 | MacroBlockExpr | | macro_expansion.rs:44:5:44:13 | def_x!... | macro_expansion.rs:44:5:44:10 | MacroItems | | macro_expansion.rs:53:9:53:25 | concat!... | macro_expansion.rs:53:17:53:24 | "xy" | | macro_expansion.rs:55:9:58:5 | my_macro!... | macro_expansion.rs:56:9:57:13 | MacroExpr | diff --git a/rust/ql/test/extractor-tests/macro-in-library/test.expected b/rust/ql/test/extractor-tests/macro-in-library/test.expected index 685ce3244e3..0b4b9cb5eaa 100644 --- a/rust/ql/test/extractor-tests/macro-in-library/test.expected +++ b/rust/ql/test/extractor-tests/macro-in-library/test.expected @@ -1,4 +1,4 @@ macro_items -| macro_in_library.rs:2:1:2:14 | MacroItems | 0 | macro_in_library.rs:2:1:2:14 | fn foo | -| macro_in_library.rs:2:1:2:14 | MacroItems | 1 | macro_in_library.rs:2:1:2:14 | fn foo_new | +| macro_in_library.rs:2:1:2:15 | MacroItems | 0 | macro_in_library.rs:2:1:2:15 | fn foo | +| macro_in_library.rs:2:1:2:15 | MacroItems | 1 | macro_in_library.rs:2:1:2:15 | fn foo_new | warnings diff --git a/rust/ql/test/library-tests/dataflow/closures/inline-flow.expected b/rust/ql/test/library-tests/dataflow/closures/inline-flow.expected deleted file mode 100644 index a2cee10f246..00000000000 --- a/rust/ql/test/library-tests/dataflow/closures/inline-flow.expected +++ /dev/null @@ -1,50 +0,0 @@ -models -edges -| main.rs:11:20:11:52 | if cond {...} else {...} | main.rs:12:10:12:16 | f(...) | provenance | | -| main.rs:11:30:11:39 | source(...) | main.rs:11:20:11:52 | if cond {...} else {...} | provenance | | -| main.rs:16:20:16:23 | ... | main.rs:18:18:18:21 | data | provenance | | -| main.rs:22:9:22:9 | a | main.rs:23:13:23:13 | a | provenance | | -| main.rs:22:13:22:22 | source(...) | main.rs:22:9:22:9 | a | provenance | | -| main.rs:23:13:23:13 | a | main.rs:16:20:16:23 | ... | provenance | | -| main.rs:27:20:27:23 | ... | main.rs:28:9:32:9 | if cond {...} else {...} | provenance | | -| main.rs:33:9:33:9 | a | main.rs:34:21:34:21 | a | provenance | | -| main.rs:33:13:33:22 | source(...) | main.rs:33:9:33:9 | a | provenance | | -| main.rs:34:9:34:9 | b | main.rs:35:10:35:10 | b | provenance | | -| main.rs:34:13:34:22 | f(...) | main.rs:34:9:34:9 | b | provenance | | -| main.rs:34:21:34:21 | a | main.rs:27:20:27:23 | ... | provenance | | -| main.rs:34:21:34:21 | a | main.rs:34:13:34:22 | f(...) | provenance | | -| main.rs:42:16:42:25 | source(...) | main.rs:44:5:44:5 | [post] f [captured capt] | provenance | | -| main.rs:44:5:44:5 | [post] f [captured capt] | main.rs:45:10:45:13 | capt | provenance | | -| main.rs:44:5:44:5 | [post] f [captured capt] | main.rs:49:5:49:5 | g [captured capt] | provenance | | -| main.rs:49:5:49:5 | g [captured capt] | main.rs:47:14:47:17 | capt | provenance | | -nodes -| main.rs:11:20:11:52 | if cond {...} else {...} | semmle.label | if cond {...} else {...} | -| main.rs:11:30:11:39 | source(...) | semmle.label | source(...) | -| main.rs:12:10:12:16 | f(...) | semmle.label | f(...) | -| main.rs:16:20:16:23 | ... | semmle.label | ... | -| main.rs:18:18:18:21 | data | semmle.label | data | -| main.rs:22:9:22:9 | a | semmle.label | a | -| main.rs:22:13:22:22 | source(...) | semmle.label | source(...) | -| main.rs:23:13:23:13 | a | semmle.label | a | -| main.rs:27:20:27:23 | ... | semmle.label | ... | -| main.rs:28:9:32:9 | if cond {...} else {...} | semmle.label | if cond {...} else {...} | -| main.rs:33:9:33:9 | a | semmle.label | a | -| main.rs:33:13:33:22 | source(...) | semmle.label | source(...) | -| main.rs:34:9:34:9 | b | semmle.label | b | -| main.rs:34:13:34:22 | f(...) | semmle.label | f(...) | -| main.rs:34:21:34:21 | a | semmle.label | a | -| main.rs:35:10:35:10 | b | semmle.label | b | -| main.rs:42:16:42:25 | source(...) | semmle.label | source(...) | -| main.rs:44:5:44:5 | [post] f [captured capt] | semmle.label | [post] f [captured capt] | -| main.rs:45:10:45:13 | capt | semmle.label | capt | -| main.rs:47:14:47:17 | capt | semmle.label | capt | -| main.rs:49:5:49:5 | g [captured capt] | semmle.label | g [captured capt] | -subpaths -| main.rs:34:21:34:21 | a | main.rs:27:20:27:23 | ... | main.rs:28:9:32:9 | if cond {...} else {...} | main.rs:34:13:34:22 | f(...) | -testFailures -#select -| main.rs:12:10:12:16 | f(...) | main.rs:11:30:11:39 | source(...) | main.rs:12:10:12:16 | f(...) | $@ | main.rs:11:30:11:39 | source(...) | source(...) | -| main.rs:18:18:18:21 | data | main.rs:22:13:22:22 | source(...) | main.rs:18:18:18:21 | data | $@ | main.rs:22:13:22:22 | source(...) | source(...) | -| main.rs:35:10:35:10 | b | main.rs:33:13:33:22 | source(...) | main.rs:35:10:35:10 | b | $@ | main.rs:33:13:33:22 | source(...) | source(...) | -| main.rs:45:10:45:13 | capt | main.rs:42:16:42:25 | source(...) | main.rs:45:10:45:13 | capt | $@ | main.rs:42:16:42:25 | source(...) | source(...) | -| main.rs:47:14:47:17 | capt | main.rs:42:16:42:25 | source(...) | main.rs:47:14:47:17 | capt | $@ | main.rs:42:16:42:25 | source(...) | source(...) | diff --git a/rust/ql/test/library-tests/dataflow/closures/Cargo.lock b/rust/ql/test/library-tests/dataflow/lambdas/Cargo.lock similarity index 100% rename from rust/ql/test/library-tests/dataflow/closures/Cargo.lock rename to rust/ql/test/library-tests/dataflow/lambdas/Cargo.lock diff --git a/rust/ql/test/library-tests/dataflow/lambdas/inline-flow.expected b/rust/ql/test/library-tests/dataflow/lambdas/inline-flow.expected new file mode 100644 index 00000000000..7c99702aec6 --- /dev/null +++ b/rust/ql/test/library-tests/dataflow/lambdas/inline-flow.expected @@ -0,0 +1,83 @@ +models +edges +| main.rs:10:20:10:52 | if cond {...} else {...} | main.rs:11:10:11:16 | f(...) | provenance | | +| main.rs:10:30:10:39 | source(...) | main.rs:10:20:10:52 | if cond {...} else {...} | provenance | | +| main.rs:15:20:15:23 | ... | main.rs:17:18:17:21 | data | provenance | | +| main.rs:22:9:22:9 | a | main.rs:23:13:23:13 | a | provenance | | +| main.rs:22:13:22:22 | source(...) | main.rs:22:9:22:9 | a | provenance | | +| main.rs:23:13:23:13 | a | main.rs:15:20:15:23 | ... | provenance | | +| main.rs:27:20:27:23 | ... | main.rs:27:26:27:52 | if cond {...} else {...} | provenance | | +| main.rs:28:9:28:9 | a | main.rs:29:21:29:21 | a | provenance | | +| main.rs:28:13:28:22 | source(...) | main.rs:28:9:28:9 | a | provenance | | +| main.rs:29:9:29:9 | b | main.rs:30:10:30:10 | b | provenance | | +| main.rs:29:13:29:22 | f(...) | main.rs:29:9:29:9 | b | provenance | | +| main.rs:29:21:29:21 | a | main.rs:27:20:27:23 | ... | provenance | | +| main.rs:29:21:29:21 | a | main.rs:29:13:29:22 | f(...) | provenance | | +| main.rs:37:16:37:25 | source(...) | main.rs:39:5:39:5 | [post] f [captured capt] | provenance | | +| main.rs:39:5:39:5 | [post] f [captured capt] | main.rs:40:10:40:13 | capt | provenance | | +| main.rs:39:5:39:5 | [post] f [captured capt] | main.rs:44:5:44:5 | g [captured capt] | provenance | | +| main.rs:44:5:44:5 | g [captured capt] | main.rs:42:14:42:17 | capt | provenance | | +| main.rs:47:29:49:1 | { ... } | main.rs:57:10:57:12 | f(...) | provenance | | +| main.rs:48:5:48:14 | source(...) | main.rs:47:29:49:1 | { ... } | provenance | | +| main.rs:51:17:51:25 | ...: i64 | main.rs:52:10:52:13 | data | provenance | | +| main.rs:62:9:62:9 | a | main.rs:63:7:63:7 | a | provenance | | +| main.rs:62:13:62:22 | source(...) | main.rs:62:9:62:9 | a | provenance | | +| main.rs:63:7:63:7 | a | main.rs:51:17:51:25 | ...: i64 | provenance | | +| main.rs:66:24:66:32 | ...: i64 | main.rs:66:42:72:1 | { ... } | provenance | | +| main.rs:76:9:76:9 | a | main.rs:77:21:77:21 | a | provenance | | +| main.rs:76:13:76:22 | source(...) | main.rs:76:9:76:9 | a | provenance | | +| main.rs:77:9:77:9 | b | main.rs:78:10:78:10 | b | provenance | | +| main.rs:77:13:77:22 | f(...) | main.rs:77:9:77:9 | b | provenance | | +| main.rs:77:21:77:21 | a | main.rs:66:24:66:32 | ...: i64 | provenance | | +| main.rs:77:21:77:21 | a | main.rs:77:13:77:22 | f(...) | provenance | | +nodes +| main.rs:10:20:10:52 | if cond {...} else {...} | semmle.label | if cond {...} else {...} | +| main.rs:10:30:10:39 | source(...) | semmle.label | source(...) | +| main.rs:11:10:11:16 | f(...) | semmle.label | f(...) | +| main.rs:15:20:15:23 | ... | semmle.label | ... | +| main.rs:17:18:17:21 | data | semmle.label | data | +| main.rs:22:9:22:9 | a | semmle.label | a | +| main.rs:22:13:22:22 | source(...) | semmle.label | source(...) | +| main.rs:23:13:23:13 | a | semmle.label | a | +| main.rs:27:20:27:23 | ... | semmle.label | ... | +| main.rs:27:26:27:52 | if cond {...} else {...} | semmle.label | if cond {...} else {...} | +| main.rs:28:9:28:9 | a | semmle.label | a | +| main.rs:28:13:28:22 | source(...) | semmle.label | source(...) | +| main.rs:29:9:29:9 | b | semmle.label | b | +| main.rs:29:13:29:22 | f(...) | semmle.label | f(...) | +| main.rs:29:21:29:21 | a | semmle.label | a | +| main.rs:30:10:30:10 | b | semmle.label | b | +| main.rs:37:16:37:25 | source(...) | semmle.label | source(...) | +| main.rs:39:5:39:5 | [post] f [captured capt] | semmle.label | [post] f [captured capt] | +| main.rs:40:10:40:13 | capt | semmle.label | capt | +| main.rs:42:14:42:17 | capt | semmle.label | capt | +| main.rs:44:5:44:5 | g [captured capt] | semmle.label | g [captured capt] | +| main.rs:47:29:49:1 | { ... } | semmle.label | { ... } | +| main.rs:48:5:48:14 | source(...) | semmle.label | source(...) | +| main.rs:51:17:51:25 | ...: i64 | semmle.label | ...: i64 | +| main.rs:52:10:52:13 | data | semmle.label | data | +| main.rs:57:10:57:12 | f(...) | semmle.label | f(...) | +| main.rs:62:9:62:9 | a | semmle.label | a | +| main.rs:62:13:62:22 | source(...) | semmle.label | source(...) | +| main.rs:63:7:63:7 | a | semmle.label | a | +| main.rs:66:24:66:32 | ...: i64 | semmle.label | ...: i64 | +| main.rs:66:42:72:1 | { ... } | semmle.label | { ... } | +| main.rs:76:9:76:9 | a | semmle.label | a | +| main.rs:76:13:76:22 | source(...) | semmle.label | source(...) | +| main.rs:77:9:77:9 | b | semmle.label | b | +| main.rs:77:13:77:22 | f(...) | semmle.label | f(...) | +| main.rs:77:21:77:21 | a | semmle.label | a | +| main.rs:78:10:78:10 | b | semmle.label | b | +subpaths +| main.rs:29:21:29:21 | a | main.rs:27:20:27:23 | ... | main.rs:27:26:27:52 | if cond {...} else {...} | main.rs:29:13:29:22 | f(...) | +| main.rs:77:21:77:21 | a | main.rs:66:24:66:32 | ...: i64 | main.rs:66:42:72:1 | { ... } | main.rs:77:13:77:22 | f(...) | +testFailures +#select +| main.rs:11:10:11:16 | f(...) | main.rs:10:30:10:39 | source(...) | main.rs:11:10:11:16 | f(...) | $@ | main.rs:10:30:10:39 | source(...) | source(...) | +| main.rs:17:18:17:21 | data | main.rs:22:13:22:22 | source(...) | main.rs:17:18:17:21 | data | $@ | main.rs:22:13:22:22 | source(...) | source(...) | +| main.rs:30:10:30:10 | b | main.rs:28:13:28:22 | source(...) | main.rs:30:10:30:10 | b | $@ | main.rs:28:13:28:22 | source(...) | source(...) | +| main.rs:40:10:40:13 | capt | main.rs:37:16:37:25 | source(...) | main.rs:40:10:40:13 | capt | $@ | main.rs:37:16:37:25 | source(...) | source(...) | +| main.rs:42:14:42:17 | capt | main.rs:37:16:37:25 | source(...) | main.rs:42:14:42:17 | capt | $@ | main.rs:37:16:37:25 | source(...) | source(...) | +| main.rs:52:10:52:13 | data | main.rs:62:13:62:22 | source(...) | main.rs:52:10:52:13 | data | $@ | main.rs:62:13:62:22 | source(...) | source(...) | +| main.rs:57:10:57:12 | f(...) | main.rs:48:5:48:14 | source(...) | main.rs:57:10:57:12 | f(...) | $@ | main.rs:48:5:48:14 | source(...) | source(...) | +| main.rs:78:10:78:10 | b | main.rs:76:13:76:22 | source(...) | main.rs:78:10:78:10 | b | $@ | main.rs:76:13:76:22 | source(...) | source(...) | diff --git a/rust/ql/test/library-tests/dataflow/closures/inline-flow.ql b/rust/ql/test/library-tests/dataflow/lambdas/inline-flow.ql similarity index 100% rename from rust/ql/test/library-tests/dataflow/closures/inline-flow.ql rename to rust/ql/test/library-tests/dataflow/lambdas/inline-flow.ql diff --git a/rust/ql/test/library-tests/dataflow/closures/main.rs b/rust/ql/test/library-tests/dataflow/lambdas/main.rs similarity index 54% rename from rust/ql/test/library-tests/dataflow/closures/main.rs rename to rust/ql/test/library-tests/dataflow/lambdas/main.rs index 66ce59a3b04..252b132ec74 100644 --- a/rust/ql/test/library-tests/dataflow/closures/main.rs +++ b/rust/ql/test/library-tests/dataflow/lambdas/main.rs @@ -6,30 +6,25 @@ fn sink(s: i64) { println!("{}", s); } - fn closure_flow_out() { let f = |cond| if cond { source(92) } else { 0 }; sink(f(true)); // $ hasValueFlow=92 } fn closure_flow_in() { - let f = |cond, data| + let f = |cond, data| { if cond { sink(data); // $ hasValueFlow=87 } else { sink(0) - }; + } + }; let a = source(87); f(true, a); } fn closure_flow_through() { - let f = |cond, data| - if cond { - data - } else { - 0 - }; + let f = |cond, data| if cond { data } else { 0 }; let a = source(43); let b = f(true, a); sink(b); // $ hasValueFlow=43 @@ -49,9 +44,46 @@ fn closure_captured_variable() { g(); } +fn get_from_source() -> i64 { + source(93) +} + +fn pass_to_sink(data: i64) { + sink(data); // $ hasValueFlow=34 +} + +fn function_flow_out() { + let f = get_from_source; + sink(f()); // $ hasValueFlow=93 +} + +fn function_flow_in() { + let f = pass_to_sink; + let a = source(34); + f(a); +} + +fn get_arg(cond: bool, data: i64) -> i64 { + if cond { + data + } else { + 0 + } +} + +fn function_flows_through() { + let f = get_arg; + let a = source(56); + let b = f(true, a); + sink(b); // $ hasValueFlow=56 +} + fn main() { closure_flow_out(); closure_flow_in(); closure_flow_through(); closure_captured_variable(); + function_flow_in(); + function_flow_out(); + function_flows_through(); } diff --git a/rust/ql/test/library-tests/dataflow/modeled/inline-flow.expected b/rust/ql/test/library-tests/dataflow/modeled/inline-flow.expected index bd2bfe9880e..3a9e28258d5 100644 --- a/rust/ql/test/library-tests/dataflow/modeled/inline-flow.expected +++ b/rust/ql/test/library-tests/dataflow/modeled/inline-flow.expected @@ -6,16 +6,14 @@ models | 5 | Summary: ::clone; Argument[self].Reference; ReturnValue; value | | 6 | Summary: ::unwrap; Argument[self].Field[core::option::Option::Some(0)]; ReturnValue; value | | 7 | Summary: ::zip; Argument[0].Field[core::option::Option::Some(0)]; ReturnValue.Field[core::option::Option::Some(0)].Field[1]; value | -| 8 | Summary: ::into_inner; Argument[0].Field[core::pin::Pin::__pointer]; ReturnValue; value | -| 9 | Summary: ::into_inner; Argument[0]; ReturnValue; value | -| 10 | Summary: ::into_inner_unchecked; Argument[0]; ReturnValue; value | -| 11 | Summary: ::new; Argument[0].Reference; ReturnValue; value | -| 12 | Summary: ::new; Argument[0]; ReturnValue.Field[core::pin::Pin::__pointer]; value | -| 13 | Summary: ::new; Argument[0]; ReturnValue; value | -| 14 | Summary: ::new_unchecked; Argument[0].Reference; ReturnValue; value | -| 15 | Summary: ::unwrap; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value | -| 16 | Summary: core::ptr::read; Argument[0].Reference; ReturnValue; value | -| 17 | Summary: core::ptr::write; Argument[1]; Argument[0].Reference; value | +| 8 | Summary: ::into_inner; Argument[0]; ReturnValue; value | +| 9 | Summary: ::into_inner_unchecked; Argument[0]; ReturnValue; value | +| 10 | Summary: ::new; Argument[0].Reference; ReturnValue; value | +| 11 | Summary: ::new; Argument[0]; ReturnValue; value | +| 12 | Summary: ::new_unchecked; Argument[0].Reference; ReturnValue; value | +| 13 | Summary: ::unwrap; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value | +| 14 | Summary: core::ptr::read; Argument[0].Reference; ReturnValue; value | +| 15 | Summary: core::ptr::write; Argument[1]; Argument[0].Reference; value | edges | main.rs:12:9:12:9 | a [Some] | main.rs:13:10:13:19 | a.unwrap() | provenance | MaD:6 | | main.rs:12:9:12:9 | a [Some] | main.rs:14:13:14:13 | a [Some] | provenance | | @@ -24,11 +22,11 @@ edges | main.rs:14:9:14:9 | b [Some] | main.rs:15:10:15:19 | b.unwrap() | provenance | MaD:6 | | main.rs:14:13:14:13 | a [Some] | main.rs:14:13:14:21 | a.clone() [Some] | provenance | MaD:1 | | main.rs:14:13:14:21 | a.clone() [Some] | main.rs:14:9:14:9 | b [Some] | provenance | | -| main.rs:19:9:19:9 | a [Ok] | main.rs:20:10:20:19 | a.unwrap() | provenance | MaD:15 | +| main.rs:19:9:19:9 | a [Ok] | main.rs:20:10:20:19 | a.unwrap() | provenance | MaD:13 | | main.rs:19:9:19:9 | a [Ok] | main.rs:21:13:21:13 | a [Ok] | provenance | | | main.rs:19:31:19:44 | Ok(...) [Ok] | main.rs:19:9:19:9 | a [Ok] | provenance | | | main.rs:19:34:19:43 | source(...) | main.rs:19:31:19:44 | Ok(...) [Ok] | provenance | | -| main.rs:21:9:21:9 | b [Ok] | main.rs:22:10:22:19 | b.unwrap() | provenance | MaD:15 | +| main.rs:21:9:21:9 | b [Ok] | main.rs:22:10:22:19 | b.unwrap() | provenance | MaD:13 | | main.rs:21:13:21:13 | a [Ok] | main.rs:21:13:21:21 | a.clone() [Ok] | provenance | MaD:1 | | main.rs:21:13:21:21 | a.clone() [Ok] | main.rs:21:9:21:9 | b [Ok] | provenance | | | main.rs:26:9:26:9 | a | main.rs:27:10:27:10 | a | provenance | | @@ -66,8 +64,8 @@ edges | main.rs:69:18:69:23 | TuplePat [tuple.1] | main.rs:69:22:69:22 | m | provenance | | | main.rs:69:22:69:22 | m | main.rs:71:22:71:22 | m | provenance | | | main.rs:92:29:92:29 | [post] y [&ref] | main.rs:93:33:93:33 | y [&ref] | provenance | | -| main.rs:92:32:92:41 | source(...) | main.rs:92:29:92:29 | [post] y [&ref] | provenance | MaD:17 | -| main.rs:93:33:93:33 | y [&ref] | main.rs:93:18:93:34 | ...::read(...) | provenance | MaD:16 | +| main.rs:92:32:92:41 | source(...) | main.rs:92:29:92:29 | [post] y [&ref] | provenance | MaD:15 | +| main.rs:93:33:93:33 | y [&ref] | main.rs:93:18:93:34 | ...::read(...) | provenance | MaD:14 | | main.rs:108:13:108:17 | mut i | main.rs:109:34:109:34 | i | provenance | | | main.rs:108:13:108:17 | mut i | main.rs:110:33:110:33 | i | provenance | | | main.rs:108:13:108:17 | mut i | main.rs:111:47:111:47 | i | provenance | | @@ -75,11 +73,8 @@ edges | main.rs:108:21:108:30 | source(...) | main.rs:108:13:108:17 | mut i | provenance | | | main.rs:109:13:109:20 | mut pin1 [&ref] | main.rs:114:15:114:18 | pin1 [&ref] | provenance | | | main.rs:109:13:109:20 | mut pin1 [&ref] | main.rs:115:31:115:34 | pin1 [&ref] | provenance | | -| main.rs:109:13:109:20 | mut pin1 [Pin, &ref] | main.rs:115:31:115:34 | pin1 [Pin, &ref] | provenance | | | main.rs:109:24:109:35 | ...::new(...) [&ref] | main.rs:109:13:109:20 | mut pin1 [&ref] | provenance | | -| main.rs:109:24:109:35 | ...::new(...) [Pin, &ref] | main.rs:109:13:109:20 | mut pin1 [Pin, &ref] | provenance | | -| main.rs:109:33:109:34 | &i [&ref] | main.rs:109:24:109:35 | ...::new(...) [&ref] | provenance | MaD:13 | -| main.rs:109:33:109:34 | &i [&ref] | main.rs:109:24:109:35 | ...::new(...) [Pin, &ref] | provenance | MaD:12 | +| main.rs:109:33:109:34 | &i [&ref] | main.rs:109:24:109:35 | ...::new(...) [&ref] | provenance | MaD:11 | | main.rs:109:34:109:34 | i | main.rs:109:33:109:34 | &i [&ref] | provenance | | | main.rs:110:13:110:20 | mut pin2 [&ref] | main.rs:116:15:116:18 | pin2 [&ref] | provenance | | | main.rs:110:24:110:34 | ...::pin(...) [&ref] | main.rs:110:13:110:20 | mut pin2 [&ref] | provenance | | @@ -90,8 +85,7 @@ edges | main.rs:111:47:111:47 | i | main.rs:111:38:111:48 | ...::new(...) [&ref] | provenance | MaD:3 | | main.rs:114:15:114:18 | pin1 [&ref] | main.rs:114:14:114:18 | * ... | provenance | | | main.rs:115:15:115:35 | ...::into_inner(...) [&ref] | main.rs:115:14:115:35 | * ... | provenance | | -| main.rs:115:31:115:34 | pin1 [&ref] | main.rs:115:15:115:35 | ...::into_inner(...) [&ref] | provenance | MaD:9 | -| main.rs:115:31:115:34 | pin1 [Pin, &ref] | main.rs:115:15:115:35 | ...::into_inner(...) [&ref] | provenance | MaD:8 | +| main.rs:115:31:115:34 | pin1 [&ref] | main.rs:115:15:115:35 | ...::into_inner(...) [&ref] | provenance | MaD:8 | | main.rs:116:15:116:18 | pin2 [&ref] | main.rs:116:14:116:18 | * ... | provenance | | | main.rs:117:15:117:18 | pin3 [&ref] | main.rs:117:14:117:18 | * ... | provenance | | | main.rs:122:13:122:18 | mut ms [MyStruct] | main.rs:123:34:123:35 | ms [MyStruct] | provenance | | @@ -100,20 +94,20 @@ edges | main.rs:122:38:122:47 | source(...) | main.rs:122:22:122:49 | MyStruct {...} [MyStruct] | provenance | | | main.rs:123:13:123:20 | mut pin1 [MyStruct] | main.rs:129:30:129:33 | pin1 [MyStruct] | provenance | | | main.rs:123:24:123:36 | ...::new(...) [MyStruct] | main.rs:123:13:123:20 | mut pin1 [MyStruct] | provenance | | -| main.rs:123:33:123:35 | &ms [&ref, MyStruct] | main.rs:123:24:123:36 | ...::new(...) [MyStruct] | provenance | MaD:11 | +| main.rs:123:33:123:35 | &ms [&ref, MyStruct] | main.rs:123:24:123:36 | ...::new(...) [MyStruct] | provenance | MaD:10 | | main.rs:123:34:123:35 | ms [MyStruct] | main.rs:123:33:123:35 | &ms [&ref, MyStruct] | provenance | | | main.rs:127:14:127:15 | ms [MyStruct] | main.rs:127:14:127:19 | ms.val | provenance | | | main.rs:129:14:129:34 | ...::into_inner(...) [MyStruct] | main.rs:129:14:129:38 | ... .val | provenance | | -| main.rs:129:30:129:33 | pin1 [MyStruct] | main.rs:129:14:129:34 | ...::into_inner(...) [MyStruct] | provenance | MaD:9 | +| main.rs:129:30:129:33 | pin1 [MyStruct] | main.rs:129:14:129:34 | ...::into_inner(...) [MyStruct] | provenance | MaD:8 | | main.rs:136:13:136:18 | mut ms [MyStruct] | main.rs:137:44:137:45 | ms [MyStruct] | provenance | | | main.rs:136:22:136:49 | MyStruct {...} [MyStruct] | main.rs:136:13:136:18 | mut ms [MyStruct] | provenance | | | main.rs:136:38:136:47 | source(...) | main.rs:136:22:136:49 | MyStruct {...} [MyStruct] | provenance | | | main.rs:137:13:137:20 | mut pin5 [MyStruct] | main.rs:139:40:139:43 | pin5 [MyStruct] | provenance | | | main.rs:137:24:137:46 | ...::new_unchecked(...) [MyStruct] | main.rs:137:13:137:20 | mut pin5 [MyStruct] | provenance | | -| main.rs:137:43:137:45 | &ms [&ref, MyStruct] | main.rs:137:24:137:46 | ...::new_unchecked(...) [MyStruct] | provenance | MaD:14 | +| main.rs:137:43:137:45 | &ms [&ref, MyStruct] | main.rs:137:24:137:46 | ...::new_unchecked(...) [MyStruct] | provenance | MaD:12 | | main.rs:137:44:137:45 | ms [MyStruct] | main.rs:137:43:137:45 | &ms [&ref, MyStruct] | provenance | | | main.rs:139:14:139:44 | ...::into_inner_unchecked(...) [MyStruct] | main.rs:139:14:139:48 | ... .val | provenance | | -| main.rs:139:40:139:43 | pin5 [MyStruct] | main.rs:139:14:139:44 | ...::into_inner_unchecked(...) [MyStruct] | provenance | MaD:10 | +| main.rs:139:40:139:43 | pin5 [MyStruct] | main.rs:139:14:139:44 | ...::into_inner_unchecked(...) [MyStruct] | provenance | MaD:9 | nodes | main.rs:12:9:12:9 | a [Some] | semmle.label | a [Some] | | main.rs:12:13:12:28 | Some(...) [Some] | semmle.label | Some(...) [Some] | @@ -174,9 +168,7 @@ nodes | main.rs:108:13:108:17 | mut i | semmle.label | mut i | | main.rs:108:21:108:30 | source(...) | semmle.label | source(...) | | main.rs:109:13:109:20 | mut pin1 [&ref] | semmle.label | mut pin1 [&ref] | -| main.rs:109:13:109:20 | mut pin1 [Pin, &ref] | semmle.label | mut pin1 [Pin, &ref] | | main.rs:109:24:109:35 | ...::new(...) [&ref] | semmle.label | ...::new(...) [&ref] | -| main.rs:109:24:109:35 | ...::new(...) [Pin, &ref] | semmle.label | ...::new(...) [Pin, &ref] | | main.rs:109:33:109:34 | &i [&ref] | semmle.label | &i [&ref] | | main.rs:109:34:109:34 | i | semmle.label | i | | main.rs:110:13:110:20 | mut pin2 [&ref] | semmle.label | mut pin2 [&ref] | @@ -192,7 +184,6 @@ nodes | main.rs:115:14:115:35 | * ... | semmle.label | * ... | | main.rs:115:15:115:35 | ...::into_inner(...) [&ref] | semmle.label | ...::into_inner(...) [&ref] | | main.rs:115:31:115:34 | pin1 [&ref] | semmle.label | pin1 [&ref] | -| main.rs:115:31:115:34 | pin1 [Pin, &ref] | semmle.label | pin1 [Pin, &ref] | | main.rs:116:14:116:18 | * ... | semmle.label | * ... | | main.rs:116:15:116:18 | pin2 [&ref] | semmle.label | pin2 [&ref] | | main.rs:117:14:117:18 | * ... | semmle.label | * ... | diff --git a/rust/ql/test/library-tests/dataflow/sources/CONSISTENCY/PathResolutionConsistency.expected b/rust/ql/test/library-tests/dataflow/sources/CONSISTENCY/PathResolutionConsistency.expected index 0fb7a59f6f4..76ed919e869 100644 --- a/rust/ql/test/library-tests/dataflow/sources/CONSISTENCY/PathResolutionConsistency.expected +++ b/rust/ql/test/library-tests/dataflow/sources/CONSISTENCY/PathResolutionConsistency.expected @@ -1,80 +1,11 @@ multipleCallTargets -| test.rs:98:14:98:43 | ...::_print(...) | -| test.rs:110:14:110:33 | ...::_print(...) | | test.rs:113:62:113:77 | ...::from(...) | | test.rs:120:58:120:73 | ...::from(...) | -| test.rs:136:22:136:43 | ...::_print(...) | -| test.rs:141:22:141:43 | ...::_print(...) | -| test.rs:145:22:145:44 | ...::_print(...) | -| test.rs:161:26:161:110 | ...::_print(...) | -| test.rs:169:26:169:111 | ...::_print(...) | -| test.rs:179:30:179:68 | ...::_print(...) | -| test.rs:188:26:188:105 | ...::_print(...) | | test.rs:229:22:229:72 | ... .read_to_string(...) | | test.rs:664:22:664:43 | file.read(...) | | test.rs:673:22:673:41 | f1.read(...) | -| test.rs:697:18:697:38 | ...::_print(...) | -| test.rs:702:18:702:45 | ...::_print(...) | -| test.rs:720:38:720:42 | ...::_print(...) | -| test.rs:724:38:724:54 | ...::_print(...) | -| test.rs:729:38:729:51 | ...::_print(...) | -| test.rs:739:34:739:52 | ...::_print(...) | -| test.rs:758:14:758:43 | ...::_print(...) | -| test.rs:773:18:773:42 | ...::_print(...) | -| test.rs:777:18:777:42 | ...::_print(...) | -| test.rs:782:18:782:45 | ...::_print(...) | -| test.rs:789:30:789:34 | ...::_print(...) | -| test.rs:793:30:793:52 | ...::_print(...) | -| test.rs:802:30:802:43 | ...::_print(...) | -| test.rs:812:30:812:34 | ...::_print(...) | -| test.rs:816:30:816:52 | ...::_print(...) | -| test.rs:825:30:825:43 | ...::_print(...) | -| test.rs:840:14:840:43 | ...::_print(...) | -| test.rs:854:14:854:34 | ...::_print(...) | | test.rs:894:50:894:66 | ...::from(...) | | test.rs:894:50:894:66 | ...::from(...) | -| test.rs:896:14:896:31 | ...::_print(...) | -| test.rs:899:14:899:31 | ...::_print(...) | -| test.rs:902:14:902:31 | ...::_print(...) | -| test.rs:905:14:905:30 | ...::_print(...) | -| test.rs:907:27:907:36 | ...::_print(...) | -| test.rs:908:28:908:41 | ...::_print(...) | -| test.rs:911:14:911:33 | ...::_print(...) | -| test.rs:913:27:913:36 | ...::_print(...) | -| test.rs:914:28:914:41 | ...::_print(...) | -| test.rs:917:14:917:31 | ...::_print(...) | -| test.rs:919:27:919:36 | ...::_print(...) | -| test.rs:920:28:920:41 | ...::_print(...) | -| test.rs:923:14:923:34 | ...::_print(...) | -| test.rs:925:27:925:36 | ...::_print(...) | -| test.rs:926:28:926:41 | ...::_print(...) | -| test.rs:929:14:929:25 | ...::_print(...) | -| test.rs:931:27:931:36 | ...::_print(...) | -| test.rs:932:28:932:41 | ...::_print(...) | -| test.rs:935:14:935:31 | ...::_print(...) | -| test.rs:937:27:937:36 | ...::_print(...) | -| test.rs:938:28:938:41 | ...::_print(...) | -| test.rs:941:14:941:30 | ...::_print(...) | -| test.rs:943:27:943:36 | ...::_print(...) | -| test.rs:944:28:944:41 | ...::_print(...) | -| test.rs:947:14:947:33 | ...::_print(...) | -| test.rs:949:27:949:36 | ...::_print(...) | -| test.rs:950:28:950:41 | ...::_print(...) | -| test.rs:953:14:953:37 | ...::_print(...) | -| test.rs:955:27:955:36 | ...::_print(...) | -| test.rs:956:28:956:41 | ...::_print(...) | -| test.rs:959:14:959:36 | ...::_print(...) | -| test.rs:961:27:961:36 | ...::_print(...) | -| test.rs:962:28:962:41 | ...::_print(...) | -| test.rs:965:14:965:38 | ...::_print(...) | -| test.rs:967:27:967:36 | ...::_print(...) | -| test.rs:968:28:968:41 | ...::_print(...) | -| test.rs:971:14:971:45 | ...::_print(...) | -| test.rs:973:27:973:36 | ...::_print(...) | -| test.rs:974:28:974:41 | ...::_print(...) | -| test.rs:977:14:977:29 | ...::_print(...) | -| test.rs:979:27:979:36 | ...::_print(...) | -| test.rs:980:28:980:41 | ...::_print(...) | | test_futures_io.rs:45:27:45:84 | ...::read(...) | | test_futures_io.rs:49:27:49:51 | reader.read(...) | | test_futures_io.rs:83:22:83:39 | reader2.fill_buf() | @@ -87,9 +18,9 @@ multipleCallTargets | test_futures_io.rs:152:32:152:46 | reader2.lines() | | test_futures_io.rs:153:14:153:32 | lines_stream.next() | | test_futures_io.rs:154:32:154:50 | lines_stream.next() | -| web_frameworks.rs:13:14:13:22 | a.as_str() | | web_frameworks.rs:13:14:13:23 | a.as_str() | -| web_frameworks.rs:14:14:14:24 | a.as_bytes() | +| web_frameworks.rs:13:14:13:23 | a.as_str() | +| web_frameworks.rs:14:14:14:25 | a.as_bytes() | | web_frameworks.rs:14:14:14:25 | a.as_bytes() | | web_frameworks.rs:101:14:101:23 | a.as_str() | | web_frameworks.rs:102:14:102:25 | a.as_bytes() | diff --git a/rust/ql/test/library-tests/dataflow/sources/InlineFlow.expected b/rust/ql/test/library-tests/dataflow/sources/InlineFlow.expected index e0855a5d854..8edaf9527f8 100644 --- a/rust/ql/test/library-tests/dataflow/sources/InlineFlow.expected +++ b/rust/ql/test/library-tests/dataflow/sources/InlineFlow.expected @@ -82,55 +82,54 @@ models | 81 | Summary: ::expect; Argument[self].Field[core::option::Option::Some(0)]; ReturnValue; value | | 82 | Summary: ::unwrap; Argument[self].Field[core::option::Option::Some(0)]; ReturnValue; value | | 83 | Summary: ::new; Argument[0].Reference; ReturnValue; value | -| 84 | Summary: ::new; Argument[0]; ReturnValue.Field[core::pin::Pin::__pointer]; value | -| 85 | Summary: ::new; Argument[0]; ReturnValue; value | -| 86 | Summary: ::expect; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value | -| 87 | Summary: ::unwrap; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value | -| 88 | Summary: ::as_bytes; Argument[self]; ReturnValue; value | -| 89 | Summary: ::as_str; Argument[self]; ReturnValue; value | -| 90 | Summary: ::parse; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint | -| 91 | Summary: ::connect; Argument[1]; ReturnValue.Future.Field[core::result::Result::Ok(0)]; taint | -| 92 | Summary: ::new; Argument[0]; ReturnValue; taint | -| 93 | Summary: ::bytes; Argument[self]; ReturnValue.Future.Field[core::result::Result::Ok(0)]; taint | -| 94 | Summary: ::chunk; Argument[self]; ReturnValue.Future.Field[core::result::Result::Ok(0)].Field[core::option::Option::Some(0)]; taint | -| 95 | Summary: ::text; Argument[self]; ReturnValue.Future.Field[core::result::Result::Ok(0)]; taint | -| 96 | Summary: ::bytes; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint | -| 97 | Summary: ::text; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint | -| 98 | Summary: ::text_with_charset; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint | -| 99 | Summary: ::read; Argument[self]; Argument[0].Reference; taint | -| 100 | Summary: ::read; Argument[self]; Argument[0]; taint | -| 101 | Summary: ::read_to_end; Argument[self]; Argument[0].Reference; taint | -| 102 | Summary: ::read_to_end; Argument[self]; Argument[0]; taint | -| 103 | Summary: ::read_to_string; Argument[self]; Argument[0].Reference; taint | -| 104 | Summary: ::read_to_string; Argument[self]; Argument[0]; taint | -| 105 | Summary: ::next; Argument[self]; ReturnValue.Field[core::option::Option::Some(0)].Field[core::result::Result::Ok(0)]; taint | -| 106 | Summary: ::fill_buf; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint | -| 107 | Summary: ::buffer; Argument[self]; ReturnValue; taint | -| 108 | Summary: ::new; Argument[0]; ReturnValue; taint | -| 109 | Summary: ::read; Argument[self]; Argument[0].Reference; taint | -| 110 | Summary: ::read; Argument[self]; Argument[0]; taint | -| 111 | Summary: ::read_exact; Argument[self]; Argument[0].Reference; taint | -| 112 | Summary: ::read_exact; Argument[self]; Argument[0]; taint | -| 113 | Summary: ::read_to_end; Argument[self]; Argument[0].Reference; taint | -| 114 | Summary: ::read_to_string; Argument[self]; Argument[0].Reference; taint | -| 115 | Summary: ::read_to_string; Argument[self]; Argument[0]; taint | -| 116 | Summary: ::lock; Argument[self]; ReturnValue; taint | -| 117 | Summary: ::read_to_string; Argument[self]; Argument[0].Reference; taint | -| 118 | Summary: ::read; Argument[self]; Argument[0].Reference; taint | -| 119 | Summary: ::as_path; Argument[self]; ReturnValue; value | -| 120 | Summary: ::buffer; Argument[self]; ReturnValue; taint | -| 121 | Summary: ::new; Argument[0]; ReturnValue; taint | -| 122 | Summary: ::next_line; Argument[self]; ReturnValue.Future.Field[core::result::Result::Ok(0)].Field[core::option::Option::Some(0)]; taint | -| 123 | Summary: ::next_segment; Argument[self]; ReturnValue.Future.Field[core::result::Result::Ok(0)].Field[core::option::Option::Some(0)]; taint | -| 124 | Summary: ::peek; Argument[self]; Argument[0].Reference; taint | -| 125 | Summary: ::try_read; Argument[self]; Argument[0].Reference; taint | -| 126 | Summary: ::try_read_buf; Argument[self]; Argument[0].Reference; taint | +| 84 | Summary: ::new; Argument[0]; ReturnValue; value | +| 85 | Summary: ::expect; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value | +| 86 | Summary: ::unwrap; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value | +| 87 | Summary: ::as_bytes; Argument[self]; ReturnValue; value | +| 88 | Summary: ::as_str; Argument[self]; ReturnValue; value | +| 89 | Summary: ::parse; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint | +| 90 | Summary: ::connect; Argument[1]; ReturnValue.Future.Field[core::result::Result::Ok(0)]; taint | +| 91 | Summary: ::new; Argument[0]; ReturnValue; taint | +| 92 | Summary: ::bytes; Argument[self]; ReturnValue.Future.Field[core::result::Result::Ok(0)]; taint | +| 93 | Summary: ::chunk; Argument[self]; ReturnValue.Future.Field[core::result::Result::Ok(0)].Field[core::option::Option::Some(0)]; taint | +| 94 | Summary: ::text; Argument[self]; ReturnValue.Future.Field[core::result::Result::Ok(0)]; taint | +| 95 | Summary: ::bytes; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint | +| 96 | Summary: ::text; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint | +| 97 | Summary: ::text_with_charset; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint | +| 98 | Summary: ::read; Argument[self]; Argument[0].Reference; taint | +| 99 | Summary: ::read; Argument[self]; Argument[0]; taint | +| 100 | Summary: ::read_to_end; Argument[self]; Argument[0].Reference; taint | +| 101 | Summary: ::read_to_end; Argument[self]; Argument[0]; taint | +| 102 | Summary: ::read_to_string; Argument[self]; Argument[0].Reference; taint | +| 103 | Summary: ::read_to_string; Argument[self]; Argument[0]; taint | +| 104 | Summary: ::next; Argument[self]; ReturnValue.Field[core::option::Option::Some(0)].Field[core::result::Result::Ok(0)]; taint | +| 105 | Summary: ::fill_buf; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint | +| 106 | Summary: ::buffer; Argument[self]; ReturnValue; taint | +| 107 | Summary: ::new; Argument[0]; ReturnValue; taint | +| 108 | Summary: ::read; Argument[self]; Argument[0].Reference; taint | +| 109 | Summary: ::read; Argument[self]; Argument[0]; taint | +| 110 | Summary: ::read_exact; Argument[self]; Argument[0].Reference; taint | +| 111 | Summary: ::read_exact; Argument[self]; Argument[0]; taint | +| 112 | Summary: ::read_to_end; Argument[self]; Argument[0].Reference; taint | +| 113 | Summary: ::read_to_string; Argument[self]; Argument[0].Reference; taint | +| 114 | Summary: ::read_to_string; Argument[self]; Argument[0]; taint | +| 115 | Summary: ::lock; Argument[self]; ReturnValue; taint | +| 116 | Summary: ::read_to_string; Argument[self]; Argument[0].Reference; taint | +| 117 | Summary: ::read; Argument[self]; Argument[0].Reference; taint | +| 118 | Summary: ::as_path; Argument[self]; ReturnValue; value | +| 119 | Summary: ::buffer; Argument[self]; ReturnValue; taint | +| 120 | Summary: ::new; Argument[0]; ReturnValue; taint | +| 121 | Summary: ::next_line; Argument[self]; ReturnValue.Future.Field[core::result::Result::Ok(0)].Field[core::option::Option::Some(0)]; taint | +| 122 | Summary: ::next_segment; Argument[self]; ReturnValue.Future.Field[core::result::Result::Ok(0)].Field[core::option::Option::Some(0)]; taint | +| 123 | Summary: ::peek; Argument[self]; Argument[0].Reference; taint | +| 124 | Summary: ::try_read; Argument[self]; Argument[0].Reference; taint | +| 125 | Summary: ::try_read_buf; Argument[self]; Argument[0].Reference; taint | edges | test.rs:8:10:8:22 | ...::var | test.rs:8:10:8:30 | ...::var(...) | provenance | Src:MaD:26 | | test.rs:9:10:9:25 | ...::var_os | test.rs:9:10:9:33 | ...::var_os(...) | provenance | Src:MaD:27 | | test.rs:11:9:11:12 | var1 | test.rs:14:10:14:13 | var1 | provenance | | | test.rs:11:16:11:28 | ...::var | test.rs:11:16:11:36 | ...::var(...) [Ok] | provenance | Src:MaD:26 | -| test.rs:11:16:11:36 | ...::var(...) [Ok] | test.rs:11:16:11:59 | ... .expect(...) | provenance | MaD:86 | +| test.rs:11:16:11:36 | ...::var(...) [Ok] | test.rs:11:16:11:59 | ... .expect(...) | provenance | MaD:85 | | test.rs:11:16:11:59 | ... .expect(...) | test.rs:11:9:11:12 | var1 | provenance | | | test.rs:12:9:12:12 | var2 | test.rs:15:10:15:13 | var2 | provenance | | | test.rs:12:16:12:31 | ...::var_os | test.rs:12:16:12:39 | ...::var_os(...) [Some] | provenance | Src:MaD:27 | @@ -163,8 +162,8 @@ edges | test.rs:34:16:34:29 | ...::args | test.rs:34:16:34:31 | ...::args(...) [element] | provenance | Src:MaD:21 | | test.rs:34:16:34:31 | ...::args(...) [element] | test.rs:34:16:34:38 | ... .nth(...) [Some] | provenance | MaD:42 | | test.rs:34:16:34:38 | ... .nth(...) [Some] | test.rs:34:16:34:47 | ... .unwrap() | provenance | MaD:82 | -| test.rs:34:16:34:47 | ... .unwrap() | test.rs:34:16:34:64 | ... .parse() [Ok] | provenance | MaD:90 | -| test.rs:34:16:34:64 | ... .parse() [Ok] | test.rs:34:16:34:73 | ... .unwrap() | provenance | MaD:87 | +| test.rs:34:16:34:47 | ... .unwrap() | test.rs:34:16:34:64 | ... .parse() [Ok] | provenance | MaD:89 | +| test.rs:34:16:34:64 | ... .parse() [Ok] | test.rs:34:16:34:73 | ... .unwrap() | provenance | MaD:86 | | test.rs:34:16:34:73 | ... .unwrap() | test.rs:34:9:34:12 | arg4 | provenance | | | test.rs:42:9:42:11 | arg | test.rs:43:14:43:16 | arg | provenance | | | test.rs:42:16:42:29 | ...::args | test.rs:42:16:42:31 | ...::args(...) [element] | provenance | Src:MaD:21 | @@ -174,11 +173,11 @@ edges | test.rs:46:16:46:34 | ...::args_os(...) [element] | test.rs:46:9:46:11 | arg | provenance | | | test.rs:52:9:52:11 | dir | test.rs:56:10:56:12 | dir | provenance | | | test.rs:52:15:52:35 | ...::current_dir | test.rs:52:15:52:37 | ...::current_dir(...) [Ok] | provenance | Src:MaD:23 | -| test.rs:52:15:52:37 | ...::current_dir(...) [Ok] | test.rs:52:15:52:54 | ... .expect(...) | provenance | MaD:86 | +| test.rs:52:15:52:37 | ...::current_dir(...) [Ok] | test.rs:52:15:52:54 | ... .expect(...) | provenance | MaD:85 | | test.rs:52:15:52:54 | ... .expect(...) | test.rs:52:9:52:11 | dir | provenance | | | test.rs:53:9:53:11 | exe | test.rs:57:10:57:12 | exe | provenance | | | test.rs:53:15:53:35 | ...::current_exe | test.rs:53:15:53:37 | ...::current_exe(...) [Ok] | provenance | Src:MaD:24 | -| test.rs:53:15:53:37 | ...::current_exe(...) [Ok] | test.rs:53:15:53:54 | ... .expect(...) | provenance | MaD:86 | +| test.rs:53:15:53:37 | ...::current_exe(...) [Ok] | test.rs:53:15:53:54 | ... .expect(...) | provenance | MaD:85 | | test.rs:53:15:53:54 | ... .expect(...) | test.rs:53:9:53:11 | exe | provenance | | | test.rs:54:9:54:12 | home | test.rs:58:10:58:13 | home | provenance | | | test.rs:54:16:54:33 | ...::home_dir | test.rs:54:16:54:35 | ...::home_dir(...) [Some] | provenance | Src:MaD:25 | @@ -187,32 +186,32 @@ edges | test.rs:62:9:62:22 | remote_string1 | test.rs:63:10:63:23 | remote_string1 | provenance | | | test.rs:62:26:62:47 | ...::get | test.rs:62:26:62:62 | ...::get(...) [Ok] | provenance | Src:MaD:19 | | test.rs:62:26:62:62 | ...::get(...) [Ok] | test.rs:62:26:62:63 | TryExpr | provenance | | -| test.rs:62:26:62:63 | TryExpr | test.rs:62:26:62:70 | ... .text() [Ok] | provenance | MaD:97 | +| test.rs:62:26:62:63 | TryExpr | test.rs:62:26:62:70 | ... .text() [Ok] | provenance | MaD:96 | | test.rs:62:26:62:70 | ... .text() [Ok] | test.rs:62:26:62:71 | TryExpr | provenance | | | test.rs:62:26:62:71 | TryExpr | test.rs:62:9:62:22 | remote_string1 | provenance | | | test.rs:65:9:65:22 | remote_string2 | test.rs:66:10:66:23 | remote_string2 | provenance | | | test.rs:65:26:65:47 | ...::get | test.rs:65:26:65:62 | ...::get(...) [Ok] | provenance | Src:MaD:19 | -| test.rs:65:26:65:62 | ...::get(...) [Ok] | test.rs:65:26:65:71 | ... .unwrap() | provenance | MaD:87 | -| test.rs:65:26:65:71 | ... .unwrap() | test.rs:65:26:65:78 | ... .text() [Ok] | provenance | MaD:97 | -| test.rs:65:26:65:78 | ... .text() [Ok] | test.rs:65:26:65:87 | ... .unwrap() | provenance | MaD:87 | +| test.rs:65:26:65:62 | ...::get(...) [Ok] | test.rs:65:26:65:71 | ... .unwrap() | provenance | MaD:86 | +| test.rs:65:26:65:71 | ... .unwrap() | test.rs:65:26:65:78 | ... .text() [Ok] | provenance | MaD:96 | +| test.rs:65:26:65:78 | ... .text() [Ok] | test.rs:65:26:65:87 | ... .unwrap() | provenance | MaD:86 | | test.rs:65:26:65:87 | ... .unwrap() | test.rs:65:9:65:22 | remote_string2 | provenance | | | test.rs:68:9:68:22 | remote_string3 | test.rs:69:10:69:23 | remote_string3 | provenance | | | test.rs:68:26:68:47 | ...::get | test.rs:68:26:68:62 | ...::get(...) [Ok] | provenance | Src:MaD:19 | -| test.rs:68:26:68:62 | ...::get(...) [Ok] | test.rs:68:26:68:71 | ... .unwrap() | provenance | MaD:87 | -| test.rs:68:26:68:71 | ... .unwrap() | test.rs:68:26:68:98 | ... .text_with_charset(...) [Ok] | provenance | MaD:98 | -| test.rs:68:26:68:98 | ... .text_with_charset(...) [Ok] | test.rs:68:26:68:107 | ... .unwrap() | provenance | MaD:87 | +| test.rs:68:26:68:62 | ...::get(...) [Ok] | test.rs:68:26:68:71 | ... .unwrap() | provenance | MaD:86 | +| test.rs:68:26:68:71 | ... .unwrap() | test.rs:68:26:68:98 | ... .text_with_charset(...) [Ok] | provenance | MaD:97 | +| test.rs:68:26:68:98 | ... .text_with_charset(...) [Ok] | test.rs:68:26:68:107 | ... .unwrap() | provenance | MaD:86 | | test.rs:68:26:68:107 | ... .unwrap() | test.rs:68:9:68:22 | remote_string3 | provenance | | | test.rs:71:9:71:22 | remote_string4 | test.rs:72:10:72:23 | remote_string4 | provenance | | | test.rs:71:26:71:47 | ...::get | test.rs:71:26:71:62 | ...::get(...) [Ok] | provenance | Src:MaD:19 | -| test.rs:71:26:71:62 | ...::get(...) [Ok] | test.rs:71:26:71:71 | ... .unwrap() | provenance | MaD:87 | -| test.rs:71:26:71:71 | ... .unwrap() | test.rs:71:26:71:79 | ... .bytes() [Ok] | provenance | MaD:96 | -| test.rs:71:26:71:79 | ... .bytes() [Ok] | test.rs:71:26:71:88 | ... .unwrap() | provenance | MaD:87 | +| test.rs:71:26:71:62 | ...::get(...) [Ok] | test.rs:71:26:71:71 | ... .unwrap() | provenance | MaD:86 | +| test.rs:71:26:71:71 | ... .unwrap() | test.rs:71:26:71:79 | ... .bytes() [Ok] | provenance | MaD:95 | +| test.rs:71:26:71:79 | ... .bytes() [Ok] | test.rs:71:26:71:88 | ... .unwrap() | provenance | MaD:86 | | test.rs:71:26:71:88 | ... .unwrap() | test.rs:71:9:71:22 | remote_string4 | provenance | | | test.rs:74:9:74:22 | remote_string5 | test.rs:75:10:75:23 | remote_string5 | provenance | | | test.rs:74:26:74:37 | ...::get | test.rs:74:26:74:52 | ...::get(...) [future, Ok] | provenance | Src:MaD:20 | | test.rs:74:26:74:52 | ...::get(...) [future, Ok] | test.rs:74:26:74:58 | await ... [Ok] | provenance | | | test.rs:74:26:74:58 | await ... [Ok] | test.rs:74:26:74:59 | TryExpr | provenance | | -| test.rs:74:26:74:59 | TryExpr | test.rs:74:26:74:66 | ... .text() [future, Ok] | provenance | MaD:95 | +| test.rs:74:26:74:59 | TryExpr | test.rs:74:26:74:66 | ... .text() [future, Ok] | provenance | MaD:94 | | test.rs:74:26:74:66 | ... .text() [future, Ok] | test.rs:74:26:74:72 | await ... [Ok] | provenance | | | test.rs:74:26:74:72 | await ... [Ok] | test.rs:74:26:74:73 | TryExpr | provenance | | | test.rs:74:26:74:73 | TryExpr | test.rs:74:9:74:22 | remote_string5 | provenance | | @@ -220,12 +219,12 @@ edges | test.rs:77:26:77:37 | ...::get | test.rs:77:26:77:52 | ...::get(...) [future, Ok] | provenance | Src:MaD:20 | | test.rs:77:26:77:52 | ...::get(...) [future, Ok] | test.rs:77:26:77:58 | await ... [Ok] | provenance | | | test.rs:77:26:77:58 | await ... [Ok] | test.rs:77:26:77:59 | TryExpr | provenance | | -| test.rs:77:26:77:59 | TryExpr | test.rs:77:26:77:67 | ... .bytes() [future, Ok] | provenance | MaD:93 | +| test.rs:77:26:77:59 | TryExpr | test.rs:77:26:77:67 | ... .bytes() [future, Ok] | provenance | MaD:92 | | test.rs:77:26:77:67 | ... .bytes() [future, Ok] | test.rs:77:26:77:73 | await ... [Ok] | provenance | | | test.rs:77:26:77:73 | await ... [Ok] | test.rs:77:26:77:74 | TryExpr | provenance | | | test.rs:77:26:77:74 | TryExpr | test.rs:77:9:77:22 | remote_string6 | provenance | | -| test.rs:80:9:80:20 | mut request1 | test.rs:81:10:81:25 | request1.chunk() [future, Ok, Some] | provenance | MaD:94 | -| test.rs:80:9:80:20 | mut request1 | test.rs:82:29:82:44 | request1.chunk() [future, Ok, Some] | provenance | MaD:94 | +| test.rs:80:9:80:20 | mut request1 | test.rs:81:10:81:25 | request1.chunk() [future, Ok, Some] | provenance | MaD:93 | +| test.rs:80:9:80:20 | mut request1 | test.rs:82:29:82:44 | request1.chunk() [future, Ok, Some] | provenance | MaD:93 | | test.rs:80:24:80:35 | ...::get | test.rs:80:24:80:50 | ...::get(...) [future, Ok] | provenance | Src:MaD:20 | | test.rs:80:24:80:50 | ...::get(...) [future, Ok] | test.rs:80:24:80:56 | await ... [Ok] | provenance | | | test.rs:80:24:80:56 | await ... [Ok] | test.rs:80:24:80:57 | TryExpr | provenance | | @@ -252,38 +251,38 @@ edges | test.rs:121:31:121:42 | send_request | test.rs:121:24:121:51 | sender.send_request(...) [future, Ok] | provenance | Src:MaD:7 | | test.rs:122:11:122:18 | response | test.rs:122:10:122:18 | &response | provenance | | | test.rs:211:22:211:35 | ...::stdin | test.rs:211:22:211:37 | ...::stdin(...) | provenance | Src:MaD:33 MaD:33 | -| test.rs:211:22:211:37 | ...::stdin(...) | test.rs:211:44:211:54 | [post] &mut buffer | provenance | MaD:110 | +| test.rs:211:22:211:37 | ...::stdin(...) | test.rs:211:44:211:54 | [post] &mut buffer | provenance | MaD:109 | | test.rs:211:22:211:37 | ...::stdin(...) | test.rs:211:44:211:54 | [post] &mut buffer [&ref] | provenance | MaD:60 | -| test.rs:211:22:211:37 | ...::stdin(...) | test.rs:211:44:211:54 | [post] &mut buffer [&ref] | provenance | MaD:109 | +| test.rs:211:22:211:37 | ...::stdin(...) | test.rs:211:44:211:54 | [post] &mut buffer [&ref] | provenance | MaD:108 | | test.rs:211:44:211:54 | [post] &mut buffer | test.rs:212:15:212:20 | buffer | provenance | | | test.rs:211:44:211:54 | [post] &mut buffer [&ref] | test.rs:211:49:211:54 | [post] buffer | provenance | | | test.rs:211:49:211:54 | [post] buffer | test.rs:212:15:212:20 | buffer | provenance | | | test.rs:212:15:212:20 | buffer | test.rs:212:14:212:20 | &buffer | provenance | | | test.rs:217:22:217:35 | ...::stdin | test.rs:217:22:217:37 | ...::stdin(...) | provenance | Src:MaD:33 MaD:33 | | test.rs:217:22:217:37 | ...::stdin(...) | test.rs:217:51:217:61 | [post] &mut buffer [&ref] | provenance | MaD:62 | -| test.rs:217:22:217:37 | ...::stdin(...) | test.rs:217:51:217:61 | [post] &mut buffer [&ref] | provenance | MaD:113 | +| test.rs:217:22:217:37 | ...::stdin(...) | test.rs:217:51:217:61 | [post] &mut buffer [&ref] | provenance | MaD:112 | | test.rs:217:51:217:61 | [post] &mut buffer [&ref] | test.rs:217:56:217:61 | [post] buffer | provenance | | | test.rs:217:56:217:61 | [post] buffer | test.rs:218:15:218:20 | buffer | provenance | | | test.rs:218:15:218:20 | buffer | test.rs:218:14:218:20 | &buffer | provenance | | | test.rs:223:22:223:35 | ...::stdin | test.rs:223:22:223:37 | ...::stdin(...) | provenance | Src:MaD:33 MaD:33 | -| test.rs:223:22:223:37 | ...::stdin(...) | test.rs:223:54:223:64 | [post] &mut buffer | provenance | MaD:115 | +| test.rs:223:22:223:37 | ...::stdin(...) | test.rs:223:54:223:64 | [post] &mut buffer | provenance | MaD:114 | | test.rs:223:22:223:37 | ...::stdin(...) | test.rs:223:54:223:64 | [post] &mut buffer [&ref] | provenance | MaD:63 | -| test.rs:223:22:223:37 | ...::stdin(...) | test.rs:223:54:223:64 | [post] &mut buffer [&ref] | provenance | MaD:114 | +| test.rs:223:22:223:37 | ...::stdin(...) | test.rs:223:54:223:64 | [post] &mut buffer [&ref] | provenance | MaD:113 | | test.rs:223:54:223:64 | [post] &mut buffer | test.rs:224:15:224:20 | buffer | provenance | | | test.rs:223:54:223:64 | [post] &mut buffer [&ref] | test.rs:223:59:223:64 | [post] buffer | provenance | | | test.rs:223:59:223:64 | [post] buffer | test.rs:224:15:224:20 | buffer | provenance | | | test.rs:224:15:224:20 | buffer | test.rs:224:14:224:20 | &buffer | provenance | | | test.rs:229:22:229:35 | ...::stdin | test.rs:229:22:229:37 | ...::stdin(...) | provenance | Src:MaD:33 MaD:33 | -| test.rs:229:22:229:37 | ...::stdin(...) | test.rs:229:22:229:44 | ... .lock() | provenance | MaD:116 | +| test.rs:229:22:229:37 | ...::stdin(...) | test.rs:229:22:229:44 | ... .lock() | provenance | MaD:115 | | test.rs:229:22:229:44 | ... .lock() | test.rs:229:61:229:71 | [post] &mut buffer [&ref] | provenance | MaD:63 | -| test.rs:229:22:229:44 | ... .lock() | test.rs:229:61:229:71 | [post] &mut buffer [&ref] | provenance | MaD:117 | +| test.rs:229:22:229:44 | ... .lock() | test.rs:229:61:229:71 | [post] &mut buffer [&ref] | provenance | MaD:116 | | test.rs:229:61:229:71 | [post] &mut buffer [&ref] | test.rs:229:66:229:71 | [post] buffer | provenance | | | test.rs:229:66:229:71 | [post] buffer | test.rs:230:15:230:20 | buffer | provenance | | | test.rs:230:15:230:20 | buffer | test.rs:230:14:230:20 | &buffer | provenance | | | test.rs:235:9:235:22 | ...::stdin | test.rs:235:9:235:24 | ...::stdin(...) | provenance | Src:MaD:33 MaD:33 | -| test.rs:235:9:235:24 | ...::stdin(...) | test.rs:235:37:235:47 | [post] &mut buffer | provenance | MaD:112 | +| test.rs:235:9:235:24 | ...::stdin(...) | test.rs:235:37:235:47 | [post] &mut buffer | provenance | MaD:111 | | test.rs:235:9:235:24 | ...::stdin(...) | test.rs:235:37:235:47 | [post] &mut buffer [&ref] | provenance | MaD:61 | -| test.rs:235:9:235:24 | ...::stdin(...) | test.rs:235:37:235:47 | [post] &mut buffer [&ref] | provenance | MaD:111 | +| test.rs:235:9:235:24 | ...::stdin(...) | test.rs:235:37:235:47 | [post] &mut buffer [&ref] | provenance | MaD:110 | | test.rs:235:37:235:47 | [post] &mut buffer | test.rs:236:15:236:20 | buffer | provenance | | | test.rs:235:37:235:47 | [post] &mut buffer [&ref] | test.rs:235:42:235:47 | [post] buffer | provenance | | | test.rs:235:42:235:47 | [post] buffer | test.rs:236:15:236:20 | buffer | provenance | | @@ -291,51 +290,51 @@ edges | test.rs:239:17:239:30 | ...::stdin | test.rs:239:17:239:32 | ...::stdin(...) | provenance | Src:MaD:33 MaD:33 | | test.rs:239:17:239:32 | ...::stdin(...) | test.rs:239:17:239:40 | ... .bytes() | provenance | MaD:57 | | test.rs:239:17:239:40 | ... .bytes() | test.rs:240:14:240:17 | byte | provenance | | -| test.rs:246:13:246:22 | mut reader | test.rs:247:20:247:36 | reader.fill_buf() [Ok] | provenance | MaD:106 | +| test.rs:246:13:246:22 | mut reader | test.rs:247:20:247:36 | reader.fill_buf() [Ok] | provenance | MaD:105 | | test.rs:246:26:246:66 | ...::new(...) | test.rs:246:13:246:22 | mut reader | provenance | | | test.rs:246:50:246:63 | ...::stdin | test.rs:246:50:246:65 | ...::stdin(...) | provenance | Src:MaD:33 MaD:33 | -| test.rs:246:50:246:65 | ...::stdin(...) | test.rs:246:26:246:66 | ...::new(...) | provenance | MaD:108 | +| test.rs:246:50:246:65 | ...::stdin(...) | test.rs:246:26:246:66 | ...::new(...) | provenance | MaD:107 | | test.rs:247:13:247:16 | data | test.rs:248:15:248:18 | data | provenance | | | test.rs:247:20:247:36 | reader.fill_buf() [Ok] | test.rs:247:20:247:37 | TryExpr | provenance | | | test.rs:247:20:247:37 | TryExpr | test.rs:247:13:247:16 | data | provenance | | | test.rs:248:15:248:18 | data | test.rs:248:14:248:18 | &data | provenance | | -| test.rs:252:13:252:18 | reader | test.rs:253:20:253:34 | reader.buffer() | provenance | MaD:107 | +| test.rs:252:13:252:18 | reader | test.rs:253:20:253:34 | reader.buffer() | provenance | MaD:106 | | test.rs:252:22:252:62 | ...::new(...) | test.rs:252:13:252:18 | reader | provenance | | | test.rs:252:46:252:59 | ...::stdin | test.rs:252:46:252:61 | ...::stdin(...) | provenance | Src:MaD:33 MaD:33 | -| test.rs:252:46:252:61 | ...::stdin(...) | test.rs:252:22:252:62 | ...::new(...) | provenance | MaD:108 | +| test.rs:252:46:252:61 | ...::stdin(...) | test.rs:252:22:252:62 | ...::new(...) | provenance | MaD:107 | | test.rs:253:13:253:16 | data | test.rs:254:15:254:18 | data | provenance | | | test.rs:253:20:253:34 | reader.buffer() | test.rs:253:13:253:16 | data | provenance | | | test.rs:254:15:254:18 | data | test.rs:254:14:254:18 | &data | provenance | | | test.rs:259:13:259:22 | mut reader | test.rs:260:26:260:36 | [post] &mut buffer [&ref] | provenance | MaD:54 | | test.rs:259:26:259:66 | ...::new(...) | test.rs:259:13:259:22 | mut reader | provenance | | | test.rs:259:50:259:63 | ...::stdin | test.rs:259:50:259:65 | ...::stdin(...) | provenance | Src:MaD:33 MaD:33 | -| test.rs:259:50:259:65 | ...::stdin(...) | test.rs:259:26:259:66 | ...::new(...) | provenance | MaD:108 | +| test.rs:259:50:259:65 | ...::stdin(...) | test.rs:259:26:259:66 | ...::new(...) | provenance | MaD:107 | | test.rs:260:26:260:36 | [post] &mut buffer [&ref] | test.rs:260:31:260:36 | [post] buffer | provenance | | | test.rs:260:31:260:36 | [post] buffer | test.rs:261:15:261:20 | buffer | provenance | | | test.rs:261:15:261:20 | buffer | test.rs:261:14:261:20 | &buffer | provenance | | | test.rs:266:13:266:22 | mut reader | test.rs:267:33:267:43 | [post] &mut buffer [&ref] | provenance | MaD:55 | | test.rs:266:26:266:66 | ...::new(...) | test.rs:266:13:266:22 | mut reader | provenance | | | test.rs:266:50:266:63 | ...::stdin | test.rs:266:50:266:65 | ...::stdin(...) | provenance | Src:MaD:33 MaD:33 | -| test.rs:266:50:266:65 | ...::stdin(...) | test.rs:266:26:266:66 | ...::new(...) | provenance | MaD:108 | +| test.rs:266:50:266:65 | ...::stdin(...) | test.rs:266:26:266:66 | ...::new(...) | provenance | MaD:107 | | test.rs:267:33:267:43 | [post] &mut buffer [&ref] | test.rs:267:38:267:43 | [post] buffer | provenance | | | test.rs:267:38:267:43 | [post] buffer | test.rs:268:15:268:20 | buffer | provenance | | | test.rs:267:38:267:43 | [post] buffer | test.rs:269:14:269:22 | buffer[0] | provenance | | | test.rs:268:15:268:20 | buffer | test.rs:268:14:268:20 | &buffer | provenance | | -| test.rs:273:13:273:28 | mut reader_split | test.rs:274:14:274:32 | reader_split.next() [Some, Ok] | provenance | MaD:105 | -| test.rs:273:13:273:28 | mut reader_split | test.rs:275:33:275:51 | reader_split.next() [Some, Ok] | provenance | MaD:105 | +| test.rs:273:13:273:28 | mut reader_split | test.rs:274:14:274:32 | reader_split.next() [Some, Ok] | provenance | MaD:104 | +| test.rs:273:13:273:28 | mut reader_split | test.rs:275:33:275:51 | reader_split.next() [Some, Ok] | provenance | MaD:104 | | test.rs:273:32:273:72 | ...::new(...) | test.rs:273:32:273:84 | ... .split(...) | provenance | MaD:56 | | test.rs:273:32:273:84 | ... .split(...) | test.rs:273:13:273:28 | mut reader_split | provenance | | | test.rs:273:56:273:69 | ...::stdin | test.rs:273:56:273:71 | ...::stdin(...) | provenance | Src:MaD:33 MaD:33 | -| test.rs:273:56:273:71 | ...::stdin(...) | test.rs:273:32:273:72 | ...::new(...) | provenance | MaD:108 | +| test.rs:273:56:273:71 | ...::stdin(...) | test.rs:273:32:273:72 | ...::new(...) | provenance | MaD:107 | | test.rs:274:14:274:32 | reader_split.next() [Some, Ok] | test.rs:274:14:274:41 | ... .unwrap() [Ok] | provenance | MaD:82 | -| test.rs:274:14:274:41 | ... .unwrap() [Ok] | test.rs:274:14:274:50 | ... .unwrap() | provenance | MaD:87 | +| test.rs:274:14:274:41 | ... .unwrap() [Ok] | test.rs:274:14:274:50 | ... .unwrap() | provenance | MaD:86 | | test.rs:275:19:275:29 | Some(...) [Some, Ok] | test.rs:275:24:275:28 | chunk [Ok] | provenance | | -| test.rs:275:24:275:28 | chunk [Ok] | test.rs:276:18:276:31 | chunk.unwrap() | provenance | MaD:87 | +| test.rs:275:24:275:28 | chunk [Ok] | test.rs:276:18:276:31 | chunk.unwrap() | provenance | MaD:86 | | test.rs:275:33:275:51 | reader_split.next() [Some, Ok] | test.rs:275:19:275:29 | Some(...) [Some, Ok] | provenance | | | test.rs:281:13:281:18 | reader | test.rs:282:21:282:34 | reader.lines() | provenance | MaD:53 | | test.rs:281:22:281:62 | ...::new(...) | test.rs:281:13:281:18 | reader | provenance | | | test.rs:281:46:281:59 | ...::stdin | test.rs:281:46:281:61 | ...::stdin(...) | provenance | Src:MaD:33 MaD:33 | -| test.rs:281:46:281:61 | ...::stdin(...) | test.rs:281:22:281:62 | ...::new(...) | provenance | MaD:108 | +| test.rs:281:46:281:61 | ...::stdin(...) | test.rs:281:22:281:62 | ...::new(...) | provenance | MaD:107 | | test.rs:282:21:282:34 | reader.lines() | test.rs:283:18:283:21 | line | provenance | | | test.rs:309:13:309:21 | mut stdin | test.rs:311:33:311:43 | [post] &mut buffer [&ref] | provenance | MaD:70 | | test.rs:309:25:309:40 | ...::stdin | test.rs:309:25:309:42 | ...::stdin(...) | provenance | Src:MaD:37 MaD:37 | @@ -392,40 +391,40 @@ edges | test.rs:358:13:358:22 | mut reader | test.rs:359:20:359:36 | reader.fill_buf() [future, Ok] | provenance | MaD:65 | | test.rs:358:26:358:70 | ...::new(...) | test.rs:358:13:358:22 | mut reader | provenance | | | test.rs:358:52:358:67 | ...::stdin | test.rs:358:52:358:69 | ...::stdin(...) | provenance | Src:MaD:37 MaD:37 | -| test.rs:358:52:358:69 | ...::stdin(...) | test.rs:358:26:358:70 | ...::new(...) | provenance | MaD:121 | +| test.rs:358:52:358:69 | ...::stdin(...) | test.rs:358:26:358:70 | ...::new(...) | provenance | MaD:120 | | test.rs:359:13:359:16 | data | test.rs:360:15:360:18 | data | provenance | | | test.rs:359:20:359:36 | reader.fill_buf() [future, Ok] | test.rs:359:20:359:42 | await ... [Ok] | provenance | | | test.rs:359:20:359:42 | await ... [Ok] | test.rs:359:20:359:43 | TryExpr | provenance | | | test.rs:359:20:359:43 | TryExpr | test.rs:359:13:359:16 | data | provenance | | | test.rs:360:15:360:18 | data | test.rs:360:14:360:18 | &data | provenance | | -| test.rs:364:13:364:18 | reader | test.rs:365:20:365:34 | reader.buffer() | provenance | MaD:120 | +| test.rs:364:13:364:18 | reader | test.rs:365:20:365:34 | reader.buffer() | provenance | MaD:119 | | test.rs:364:22:364:66 | ...::new(...) | test.rs:364:13:364:18 | reader | provenance | | | test.rs:364:48:364:63 | ...::stdin | test.rs:364:48:364:65 | ...::stdin(...) | provenance | Src:MaD:37 MaD:37 | -| test.rs:364:48:364:65 | ...::stdin(...) | test.rs:364:22:364:66 | ...::new(...) | provenance | MaD:121 | +| test.rs:364:48:364:65 | ...::stdin(...) | test.rs:364:22:364:66 | ...::new(...) | provenance | MaD:120 | | test.rs:365:13:365:16 | data | test.rs:366:15:366:18 | data | provenance | | | test.rs:365:20:365:34 | reader.buffer() | test.rs:365:13:365:16 | data | provenance | | | test.rs:366:15:366:18 | data | test.rs:366:14:366:18 | &data | provenance | | | test.rs:371:13:371:22 | mut reader | test.rs:372:26:372:36 | [post] &mut buffer [&ref] | provenance | MaD:67 | | test.rs:371:26:371:70 | ...::new(...) | test.rs:371:13:371:22 | mut reader | provenance | | | test.rs:371:52:371:67 | ...::stdin | test.rs:371:52:371:69 | ...::stdin(...) | provenance | Src:MaD:37 MaD:37 | -| test.rs:371:52:371:69 | ...::stdin(...) | test.rs:371:26:371:70 | ...::new(...) | provenance | MaD:121 | +| test.rs:371:52:371:69 | ...::stdin(...) | test.rs:371:26:371:70 | ...::new(...) | provenance | MaD:120 | | test.rs:372:26:372:36 | [post] &mut buffer [&ref] | test.rs:372:31:372:36 | [post] buffer | provenance | | | test.rs:372:31:372:36 | [post] buffer | test.rs:373:15:373:20 | buffer | provenance | | | test.rs:373:15:373:20 | buffer | test.rs:373:14:373:20 | &buffer | provenance | | | test.rs:378:13:378:22 | mut reader | test.rs:379:33:379:43 | [post] &mut buffer [&ref] | provenance | MaD:68 | | test.rs:378:26:378:70 | ...::new(...) | test.rs:378:13:378:22 | mut reader | provenance | | | test.rs:378:52:378:67 | ...::stdin | test.rs:378:52:378:69 | ...::stdin(...) | provenance | Src:MaD:37 MaD:37 | -| test.rs:378:52:378:69 | ...::stdin(...) | test.rs:378:26:378:70 | ...::new(...) | provenance | MaD:121 | +| test.rs:378:52:378:69 | ...::stdin(...) | test.rs:378:26:378:70 | ...::new(...) | provenance | MaD:120 | | test.rs:379:33:379:43 | [post] &mut buffer [&ref] | test.rs:379:38:379:43 | [post] buffer | provenance | | | test.rs:379:38:379:43 | [post] buffer | test.rs:380:15:380:20 | buffer | provenance | | | test.rs:379:38:379:43 | [post] buffer | test.rs:381:14:381:22 | buffer[0] | provenance | | | test.rs:380:15:380:20 | buffer | test.rs:380:14:380:20 | &buffer | provenance | | -| test.rs:385:13:385:28 | mut reader_split | test.rs:386:14:386:40 | reader_split.next_segment() [future, Ok, Some] | provenance | MaD:123 | -| test.rs:385:13:385:28 | mut reader_split | test.rs:387:33:387:59 | reader_split.next_segment() [future, Ok, Some] | provenance | MaD:123 | +| test.rs:385:13:385:28 | mut reader_split | test.rs:386:14:386:40 | reader_split.next_segment() [future, Ok, Some] | provenance | MaD:122 | +| test.rs:385:13:385:28 | mut reader_split | test.rs:387:33:387:59 | reader_split.next_segment() [future, Ok, Some] | provenance | MaD:122 | | test.rs:385:32:385:76 | ...::new(...) | test.rs:385:32:385:88 | ... .split(...) | provenance | MaD:69 | | test.rs:385:32:385:88 | ... .split(...) | test.rs:385:13:385:28 | mut reader_split | provenance | | | test.rs:385:58:385:73 | ...::stdin | test.rs:385:58:385:75 | ...::stdin(...) | provenance | Src:MaD:37 MaD:37 | -| test.rs:385:58:385:75 | ...::stdin(...) | test.rs:385:32:385:76 | ...::new(...) | provenance | MaD:121 | +| test.rs:385:58:385:75 | ...::stdin(...) | test.rs:385:32:385:76 | ...::new(...) | provenance | MaD:120 | | test.rs:386:14:386:40 | reader_split.next_segment() [future, Ok, Some] | test.rs:386:14:386:46 | await ... [Ok, Some] | provenance | | | test.rs:386:14:386:46 | await ... [Ok, Some] | test.rs:386:14:386:47 | TryExpr [Some] | provenance | | | test.rs:386:14:386:47 | TryExpr [Some] | test.rs:386:14:386:56 | ... .unwrap() | provenance | MaD:82 | @@ -437,9 +436,9 @@ edges | test.rs:393:13:393:18 | reader | test.rs:394:25:394:38 | reader.lines() | provenance | MaD:66 | | test.rs:393:22:393:66 | ...::new(...) | test.rs:393:13:393:18 | reader | provenance | | | test.rs:393:48:393:63 | ...::stdin | test.rs:393:48:393:65 | ...::stdin(...) | provenance | Src:MaD:37 MaD:37 | -| test.rs:393:48:393:65 | ...::stdin(...) | test.rs:393:22:393:66 | ...::new(...) | provenance | MaD:121 | -| test.rs:394:13:394:21 | mut lines | test.rs:395:14:395:30 | lines.next_line() [future, Ok, Some] | provenance | MaD:122 | -| test.rs:394:13:394:21 | mut lines | test.rs:396:32:396:48 | lines.next_line() [future, Ok, Some] | provenance | MaD:122 | +| test.rs:393:48:393:65 | ...::stdin(...) | test.rs:393:22:393:66 | ...::new(...) | provenance | MaD:120 | +| test.rs:394:13:394:21 | mut lines | test.rs:395:14:395:30 | lines.next_line() [future, Ok, Some] | provenance | MaD:121 | +| test.rs:394:13:394:21 | mut lines | test.rs:396:32:396:48 | lines.next_line() [future, Ok, Some] | provenance | MaD:121 | | test.rs:394:25:394:38 | reader.lines() | test.rs:394:13:394:21 | mut lines | provenance | | | test.rs:395:14:395:30 | lines.next_line() [future, Ok, Some] | test.rs:395:14:395:36 | await ... [Ok, Some] | provenance | | | test.rs:395:14:395:36 | await ... [Ok, Some] | test.rs:395:14:395:37 | TryExpr [Some] | provenance | | @@ -476,7 +475,7 @@ edges | test.rs:425:22:425:25 | path | test.rs:425:20:425:27 | e.path() | provenance | Src:MaD:9 MaD:9 | | test.rs:426:14:426:17 | path | test.rs:426:14:426:25 | path.clone() | provenance | MaD:40 | | test.rs:427:14:427:17 | path | test.rs:427:14:427:25 | path.clone() | provenance | MaD:40 | -| test.rs:427:14:427:25 | path.clone() | test.rs:427:14:427:35 | ... .as_path() | provenance | MaD:119 | +| test.rs:427:14:427:25 | path.clone() | test.rs:427:14:427:35 | ... .as_path() | provenance | MaD:118 | | test.rs:439:13:439:21 | file_name | test.rs:440:14:440:22 | file_name | provenance | | | test.rs:439:13:439:21 | file_name | test.rs:440:14:440:30 | file_name.clone() | provenance | MaD:40 | | test.rs:439:13:439:21 | file_name | test.rs:445:14:445:22 | file_name | provenance | | @@ -515,15 +514,15 @@ edges | test.rs:493:22:493:56 | ...::read_link(...) [future, Ok] | test.rs:493:22:493:62 | await ... [Ok] | provenance | | | test.rs:493:22:493:62 | await ... [Ok] | test.rs:493:22:493:63 | TryExpr | provenance | | | test.rs:493:22:493:63 | TryExpr | test.rs:493:13:493:18 | target | provenance | | -| test.rs:503:9:503:16 | mut file | test.rs:507:32:507:42 | [post] &mut buffer | provenance | MaD:100 | +| test.rs:503:9:503:16 | mut file | test.rs:507:32:507:42 | [post] &mut buffer | provenance | MaD:99 | | test.rs:503:9:503:16 | mut file | test.rs:507:32:507:42 | [post] &mut buffer [&ref] | provenance | MaD:60 | -| test.rs:503:9:503:16 | mut file | test.rs:507:32:507:42 | [post] &mut buffer [&ref] | provenance | MaD:99 | -| test.rs:503:9:503:16 | mut file | test.rs:513:39:513:49 | [post] &mut buffer | provenance | MaD:102 | +| test.rs:503:9:503:16 | mut file | test.rs:507:32:507:42 | [post] &mut buffer [&ref] | provenance | MaD:98 | +| test.rs:503:9:503:16 | mut file | test.rs:513:39:513:49 | [post] &mut buffer | provenance | MaD:101 | | test.rs:503:9:503:16 | mut file | test.rs:513:39:513:49 | [post] &mut buffer [&ref] | provenance | MaD:62 | -| test.rs:503:9:503:16 | mut file | test.rs:513:39:513:49 | [post] &mut buffer [&ref] | provenance | MaD:101 | -| test.rs:503:9:503:16 | mut file | test.rs:519:42:519:52 | [post] &mut buffer | provenance | MaD:104 | +| test.rs:503:9:503:16 | mut file | test.rs:513:39:513:49 | [post] &mut buffer [&ref] | provenance | MaD:100 | +| test.rs:503:9:503:16 | mut file | test.rs:519:42:519:52 | [post] &mut buffer | provenance | MaD:103 | | test.rs:503:9:503:16 | mut file | test.rs:519:42:519:52 | [post] &mut buffer [&ref] | provenance | MaD:63 | -| test.rs:503:9:503:16 | mut file | test.rs:519:42:519:52 | [post] &mut buffer [&ref] | provenance | MaD:103 | +| test.rs:503:9:503:16 | mut file | test.rs:519:42:519:52 | [post] &mut buffer [&ref] | provenance | MaD:102 | | test.rs:503:9:503:16 | mut file | test.rs:525:25:525:35 | [post] &mut buffer [&ref] | provenance | MaD:61 | | test.rs:503:9:503:16 | mut file | test.rs:529:17:529:28 | file.bytes() | provenance | MaD:57 | | test.rs:503:20:503:38 | ...::open | test.rs:503:20:503:50 | ...::open(...) [Ok] | provenance | Src:MaD:10 | @@ -545,30 +544,30 @@ edges | test.rs:525:30:525:35 | [post] buffer | test.rs:526:15:526:20 | buffer | provenance | | | test.rs:526:15:526:20 | buffer | test.rs:526:14:526:20 | &buffer | provenance | | | test.rs:529:17:529:28 | file.bytes() | test.rs:530:14:530:17 | byte | provenance | | -| test.rs:536:13:536:18 | mut f1 | test.rs:538:30:538:40 | [post] &mut buffer | provenance | MaD:100 | +| test.rs:536:13:536:18 | mut f1 | test.rs:538:30:538:40 | [post] &mut buffer | provenance | MaD:99 | | test.rs:536:13:536:18 | mut f1 | test.rs:538:30:538:40 | [post] &mut buffer [&ref] | provenance | MaD:60 | -| test.rs:536:13:536:18 | mut f1 | test.rs:538:30:538:40 | [post] &mut buffer [&ref] | provenance | MaD:99 | -| test.rs:536:22:536:63 | ... .open(...) [Ok] | test.rs:536:22:536:72 | ... .unwrap() | provenance | MaD:87 | +| test.rs:536:13:536:18 | mut f1 | test.rs:538:30:538:40 | [post] &mut buffer [&ref] | provenance | MaD:98 | +| test.rs:536:22:536:63 | ... .open(...) [Ok] | test.rs:536:22:536:72 | ... .unwrap() | provenance | MaD:86 | | test.rs:536:22:536:72 | ... .unwrap() | test.rs:536:13:536:18 | mut f1 | provenance | | | test.rs:536:50:536:53 | open | test.rs:536:22:536:63 | ... .open(...) [Ok] | provenance | Src:MaD:11 | | test.rs:538:30:538:40 | [post] &mut buffer | test.rs:539:15:539:20 | buffer | provenance | | | test.rs:538:30:538:40 | [post] &mut buffer [&ref] | test.rs:538:35:538:40 | [post] buffer | provenance | | | test.rs:538:35:538:40 | [post] buffer | test.rs:539:15:539:20 | buffer | provenance | | | test.rs:539:15:539:20 | buffer | test.rs:539:14:539:20 | &buffer | provenance | | -| test.rs:543:13:543:18 | mut f2 | test.rs:545:30:545:40 | [post] &mut buffer | provenance | MaD:100 | +| test.rs:543:13:543:18 | mut f2 | test.rs:545:30:545:40 | [post] &mut buffer | provenance | MaD:99 | | test.rs:543:13:543:18 | mut f2 | test.rs:545:30:545:40 | [post] &mut buffer [&ref] | provenance | MaD:60 | -| test.rs:543:13:543:18 | mut f2 | test.rs:545:30:545:40 | [post] &mut buffer [&ref] | provenance | MaD:99 | -| test.rs:543:22:543:80 | ... .open(...) [Ok] | test.rs:543:22:543:89 | ... .unwrap() | provenance | MaD:87 | +| test.rs:543:13:543:18 | mut f2 | test.rs:545:30:545:40 | [post] &mut buffer [&ref] | provenance | MaD:98 | +| test.rs:543:22:543:80 | ... .open(...) [Ok] | test.rs:543:22:543:89 | ... .unwrap() | provenance | MaD:86 | | test.rs:543:22:543:89 | ... .unwrap() | test.rs:543:13:543:18 | mut f2 | provenance | | | test.rs:543:67:543:70 | open | test.rs:543:22:543:80 | ... .open(...) [Ok] | provenance | Src:MaD:11 | | test.rs:545:30:545:40 | [post] &mut buffer | test.rs:546:15:546:20 | buffer | provenance | | | test.rs:545:30:545:40 | [post] &mut buffer [&ref] | test.rs:545:35:545:40 | [post] buffer | provenance | | | test.rs:545:35:545:40 | [post] buffer | test.rs:546:15:546:20 | buffer | provenance | | | test.rs:546:15:546:20 | buffer | test.rs:546:14:546:20 | &buffer | provenance | | -| test.rs:550:13:550:18 | mut f3 | test.rs:552:30:552:40 | [post] &mut buffer | provenance | MaD:100 | +| test.rs:550:13:550:18 | mut f3 | test.rs:552:30:552:40 | [post] &mut buffer | provenance | MaD:99 | | test.rs:550:13:550:18 | mut f3 | test.rs:552:30:552:40 | [post] &mut buffer [&ref] | provenance | MaD:60 | -| test.rs:550:13:550:18 | mut f3 | test.rs:552:30:552:40 | [post] &mut buffer [&ref] | provenance | MaD:99 | -| test.rs:550:22:550:114 | ... .open(...) [Ok] | test.rs:550:22:550:123 | ... .unwrap() | provenance | MaD:87 | +| test.rs:550:13:550:18 | mut f3 | test.rs:552:30:552:40 | [post] &mut buffer [&ref] | provenance | MaD:98 | +| test.rs:550:22:550:114 | ... .open(...) [Ok] | test.rs:550:22:550:123 | ... .unwrap() | provenance | MaD:86 | | test.rs:550:22:550:123 | ... .unwrap() | test.rs:550:13:550:18 | mut f3 | provenance | | | test.rs:550:101:550:104 | open | test.rs:550:22:550:114 | ... .open(...) [Ok] | provenance | Src:MaD:11 | | test.rs:552:30:552:40 | [post] &mut buffer | test.rs:553:15:553:20 | buffer | provenance | | @@ -679,7 +678,7 @@ edges | test.rs:673:35:673:40 | [post] buffer | test.rs:674:15:674:20 | buffer | provenance | | | test.rs:674:15:674:20 | buffer | test.rs:674:14:674:20 | &buffer | provenance | | | test.rs:688:13:688:22 | mut stream | test.rs:695:29:695:39 | [post] &mut buffer [&ref] | provenance | MaD:60 | -| test.rs:688:13:688:22 | mut stream | test.rs:695:29:695:39 | [post] &mut buffer [&ref] | provenance | MaD:118 | +| test.rs:688:13:688:22 | mut stream | test.rs:695:29:695:39 | [post] &mut buffer [&ref] | provenance | MaD:117 | | test.rs:688:26:688:53 | ...::connect | test.rs:688:26:688:62 | ...::connect(...) [Ok] | provenance | Src:MaD:12 | | test.rs:688:26:688:62 | ...::connect(...) [Ok] | test.rs:688:26:688:63 | TryExpr | provenance | | | test.rs:688:26:688:63 | TryExpr | test.rs:688:13:688:22 | mut stream | provenance | | @@ -694,14 +693,14 @@ edges | test.rs:715:21:715:30 | mut reader | test.rs:718:44:718:52 | [post] &mut line [&ref] | provenance | MaD:54 | | test.rs:715:34:715:64 | ...::new(...) | test.rs:715:34:715:74 | ... .take(...) | provenance | MaD:64 | | test.rs:715:34:715:74 | ... .take(...) | test.rs:715:21:715:30 | mut reader | provenance | | -| test.rs:715:58:715:63 | stream | test.rs:715:34:715:64 | ...::new(...) | provenance | MaD:108 | +| test.rs:715:58:715:63 | stream | test.rs:715:34:715:64 | ...::new(...) | provenance | MaD:107 | | test.rs:718:44:718:52 | [post] &mut line [&ref] | test.rs:718:49:718:52 | [post] line | provenance | | | test.rs:718:49:718:52 | [post] line | test.rs:725:35:725:38 | line | provenance | | | test.rs:725:35:725:38 | line | test.rs:725:34:725:38 | &line | provenance | | -| test.rs:759:9:759:24 | mut tokio_stream | test.rs:767:35:767:46 | [post] &mut buffer1 [&ref] | provenance | MaD:124 | +| test.rs:759:9:759:24 | mut tokio_stream | test.rs:767:35:767:46 | [post] &mut buffer1 [&ref] | provenance | MaD:123 | | test.rs:759:9:759:24 | mut tokio_stream | test.rs:771:36:771:47 | [post] &mut buffer2 [&ref] | provenance | MaD:70 | -| test.rs:759:9:759:24 | mut tokio_stream | test.rs:787:41:787:51 | [post] &mut buffer [&ref] | provenance | MaD:125 | -| test.rs:759:9:759:24 | mut tokio_stream | test.rs:810:45:810:55 | [post] &mut buffer [&ref] | provenance | MaD:126 | +| test.rs:759:9:759:24 | mut tokio_stream | test.rs:787:41:787:51 | [post] &mut buffer [&ref] | provenance | MaD:124 | +| test.rs:759:9:759:24 | mut tokio_stream | test.rs:810:45:810:55 | [post] &mut buffer [&ref] | provenance | MaD:125 | | test.rs:759:28:759:57 | ...::connect | test.rs:759:28:759:66 | ...::connect(...) [future, Ok] | provenance | Src:MaD:18 | | test.rs:759:28:759:66 | ...::connect(...) [future, Ok] | test.rs:759:28:759:72 | await ... [Ok] | provenance | | | test.rs:759:28:759:72 | await ... [Ok] | test.rs:759:28:759:73 | TryExpr | provenance | | @@ -739,21 +738,17 @@ edges | test_futures_io.rs:26:22:26:56 | connector.connect(...) [future, Ok] | test_futures_io.rs:26:22:26:62 | await ... [Ok] | provenance | | | test_futures_io.rs:26:22:26:62 | await ... [Ok] | test_futures_io.rs:26:22:26:63 | TryExpr | provenance | | | test_futures_io.rs:26:22:26:63 | TryExpr | test_futures_io.rs:26:9:26:18 | mut reader | provenance | | -| test_futures_io.rs:26:53:26:55 | tcp | test_futures_io.rs:26:22:26:56 | connector.connect(...) [future, Ok] | provenance | MaD:91 | +| test_futures_io.rs:26:53:26:55 | tcp | test_futures_io.rs:26:22:26:56 | connector.connect(...) [future, Ok] | provenance | MaD:90 | | test_futures_io.rs:27:11:27:16 | reader | test_futures_io.rs:27:10:27:16 | &reader | provenance | | | test_futures_io.rs:32:13:32:22 | mut pinned | test_futures_io.rs:33:15:33:20 | pinned | provenance | | | test_futures_io.rs:32:13:32:22 | mut pinned [&ref] | test_futures_io.rs:33:15:33:20 | pinned [&ref] | provenance | | -| test_futures_io.rs:32:13:32:22 | mut pinned [Pin, &ref] | test_futures_io.rs:33:15:33:20 | pinned [Pin, &ref] | provenance | | | test_futures_io.rs:32:26:32:46 | ...::new(...) | test_futures_io.rs:32:13:32:22 | mut pinned | provenance | | | test_futures_io.rs:32:26:32:46 | ...::new(...) [&ref] | test_futures_io.rs:32:13:32:22 | mut pinned [&ref] | provenance | | -| test_futures_io.rs:32:26:32:46 | ...::new(...) [Pin, &ref] | test_futures_io.rs:32:13:32:22 | mut pinned [Pin, &ref] | provenance | | | test_futures_io.rs:32:35:32:45 | &mut reader [&ref] | test_futures_io.rs:32:26:32:46 | ...::new(...) | provenance | MaD:83 | -| test_futures_io.rs:32:35:32:45 | &mut reader [&ref] | test_futures_io.rs:32:26:32:46 | ...::new(...) [&ref] | provenance | MaD:85 | -| test_futures_io.rs:32:35:32:45 | &mut reader [&ref] | test_futures_io.rs:32:26:32:46 | ...::new(...) [Pin, &ref] | provenance | MaD:84 | +| test_futures_io.rs:32:35:32:45 | &mut reader [&ref] | test_futures_io.rs:32:26:32:46 | ...::new(...) [&ref] | provenance | MaD:84 | | test_futures_io.rs:32:40:32:45 | reader | test_futures_io.rs:32:35:32:45 | &mut reader [&ref] | provenance | | | test_futures_io.rs:33:15:33:20 | pinned | test_futures_io.rs:33:14:33:20 | &pinned | provenance | | | test_futures_io.rs:33:15:33:20 | pinned [&ref] | test_futures_io.rs:33:14:33:20 | &pinned | provenance | | -| test_futures_io.rs:33:15:33:20 | pinned [Pin, &ref] | test_futures_io.rs:33:14:33:20 | &pinned | provenance | | | test_futures_io.rs:45:59:45:69 | &mut reader [&ref] | test_futures_io.rs:45:72:45:83 | [post] &mut buffer1 [&ref] | provenance | MaD:38 | | test_futures_io.rs:45:59:45:69 | &mut reader [&ref] | test_futures_io.rs:45:72:45:83 | [post] &mut buffer1 [&ref] | provenance | MaD:49 | | test_futures_io.rs:45:64:45:69 | reader | test_futures_io.rs:45:59:45:69 | &mut reader [&ref] | provenance | | @@ -788,23 +783,19 @@ edges | test_futures_io.rs:54:9:54:19 | mut reader2 | test_futures_io.rs:146:47:146:57 | [post] &mut buffer [&ref] | provenance | MaD:51 | | test_futures_io.rs:54:9:54:19 | mut reader2 | test_futures_io.rs:146:47:146:57 | [post] &mut buffer [&ref] | provenance | MaD:52 | | test_futures_io.rs:54:23:54:57 | ...::new(...) | test_futures_io.rs:54:9:54:19 | mut reader2 | provenance | | -| test_futures_io.rs:54:51:54:56 | reader | test_futures_io.rs:54:23:54:57 | ...::new(...) | provenance | MaD:92 | +| test_futures_io.rs:54:51:54:56 | reader | test_futures_io.rs:54:23:54:57 | ...::new(...) | provenance | MaD:91 | | test_futures_io.rs:55:11:55:17 | reader2 | test_futures_io.rs:55:10:55:17 | &reader2 | provenance | | | test_futures_io.rs:59:13:59:22 | mut pinned | test_futures_io.rs:60:15:60:20 | pinned | provenance | | | test_futures_io.rs:59:13:59:22 | mut pinned | test_futures_io.rs:62:22:62:50 | pinned.poll_fill_buf(...) [Ready, Ok] | provenance | MaD:43 | | test_futures_io.rs:59:13:59:22 | mut pinned [&ref] | test_futures_io.rs:60:15:60:20 | pinned [&ref] | provenance | | | test_futures_io.rs:59:13:59:22 | mut pinned [&ref] | test_futures_io.rs:62:22:62:50 | pinned.poll_fill_buf(...) [Ready, Ok] | provenance | MaD:43 | -| test_futures_io.rs:59:13:59:22 | mut pinned [Pin, &ref] | test_futures_io.rs:60:15:60:20 | pinned [Pin, &ref] | provenance | | | test_futures_io.rs:59:26:59:47 | ...::new(...) | test_futures_io.rs:59:13:59:22 | mut pinned | provenance | | | test_futures_io.rs:59:26:59:47 | ...::new(...) [&ref] | test_futures_io.rs:59:13:59:22 | mut pinned [&ref] | provenance | | -| test_futures_io.rs:59:26:59:47 | ...::new(...) [Pin, &ref] | test_futures_io.rs:59:13:59:22 | mut pinned [Pin, &ref] | provenance | | | test_futures_io.rs:59:35:59:46 | &mut reader2 [&ref] | test_futures_io.rs:59:26:59:47 | ...::new(...) | provenance | MaD:83 | -| test_futures_io.rs:59:35:59:46 | &mut reader2 [&ref] | test_futures_io.rs:59:26:59:47 | ...::new(...) [&ref] | provenance | MaD:85 | -| test_futures_io.rs:59:35:59:46 | &mut reader2 [&ref] | test_futures_io.rs:59:26:59:47 | ...::new(...) [Pin, &ref] | provenance | MaD:84 | +| test_futures_io.rs:59:35:59:46 | &mut reader2 [&ref] | test_futures_io.rs:59:26:59:47 | ...::new(...) [&ref] | provenance | MaD:84 | | test_futures_io.rs:59:40:59:46 | reader2 | test_futures_io.rs:59:35:59:46 | &mut reader2 [&ref] | provenance | | | test_futures_io.rs:60:15:60:20 | pinned | test_futures_io.rs:60:14:60:20 | &pinned | provenance | | | test_futures_io.rs:60:15:60:20 | pinned [&ref] | test_futures_io.rs:60:14:60:20 | &pinned | provenance | | -| test_futures_io.rs:60:15:60:20 | pinned [Pin, &ref] | test_futures_io.rs:60:14:60:20 | &pinned | provenance | | | test_futures_io.rs:62:13:62:18 | buffer [Ready, Ok] | test_futures_io.rs:63:16:63:35 | ...::Ready(...) [Ready, Ok] | provenance | | | test_futures_io.rs:62:13:62:18 | buffer [Ready, Ok] | test_futures_io.rs:64:19:64:24 | buffer [Ready, Ok] | provenance | | | test_futures_io.rs:62:22:62:50 | pinned.poll_fill_buf(...) [Ready, Ok] | test_futures_io.rs:62:13:62:18 | buffer [Ready, Ok] | provenance | | @@ -817,7 +808,7 @@ edges | test_futures_io.rs:69:23:69:44 | ...::new(...) [&ref] | test_futures_io.rs:69:23:69:67 | ... .poll_fill_buf(...) [Ready, Ok] | provenance | MaD:43 | | test_futures_io.rs:69:23:69:67 | ... .poll_fill_buf(...) [Ready, Ok] | test_futures_io.rs:69:13:69:19 | buffer2 [Ready, Ok] | provenance | | | test_futures_io.rs:69:32:69:43 | &mut reader2 [&ref] | test_futures_io.rs:69:23:69:44 | ...::new(...) | provenance | MaD:83 | -| test_futures_io.rs:69:32:69:43 | &mut reader2 [&ref] | test_futures_io.rs:69:23:69:44 | ...::new(...) [&ref] | provenance | MaD:85 | +| test_futures_io.rs:69:32:69:43 | &mut reader2 [&ref] | test_futures_io.rs:69:23:69:44 | ...::new(...) [&ref] | provenance | MaD:84 | | test_futures_io.rs:69:37:69:43 | reader2 | test_futures_io.rs:69:32:69:43 | &mut reader2 [&ref] | provenance | | | test_futures_io.rs:70:16:70:22 | buffer2 [Ready, Ok] | test_futures_io.rs:71:13:71:32 | ...::Ready(...) [Ready, Ok] | provenance | | | test_futures_io.rs:70:16:70:22 | buffer2 [Ready, Ok] | test_futures_io.rs:72:23:72:29 | buffer2 [Ready, Ok] | provenance | | @@ -831,17 +822,13 @@ edges | test_futures_io.rs:83:22:83:46 | TryExpr | test_futures_io.rs:83:13:83:18 | buffer | provenance | | | test_futures_io.rs:90:13:90:22 | mut pinned | test_futures_io.rs:91:15:91:20 | pinned | provenance | | | test_futures_io.rs:90:13:90:22 | mut pinned [&ref] | test_futures_io.rs:91:15:91:20 | pinned [&ref] | provenance | | -| test_futures_io.rs:90:13:90:22 | mut pinned [Pin, &ref] | test_futures_io.rs:91:15:91:20 | pinned [Pin, &ref] | provenance | | | test_futures_io.rs:90:26:90:47 | ...::new(...) | test_futures_io.rs:90:13:90:22 | mut pinned | provenance | | | test_futures_io.rs:90:26:90:47 | ...::new(...) [&ref] | test_futures_io.rs:90:13:90:22 | mut pinned [&ref] | provenance | | -| test_futures_io.rs:90:26:90:47 | ...::new(...) [Pin, &ref] | test_futures_io.rs:90:13:90:22 | mut pinned [Pin, &ref] | provenance | | | test_futures_io.rs:90:35:90:46 | &mut reader2 [&ref] | test_futures_io.rs:90:26:90:47 | ...::new(...) | provenance | MaD:83 | -| test_futures_io.rs:90:35:90:46 | &mut reader2 [&ref] | test_futures_io.rs:90:26:90:47 | ...::new(...) [&ref] | provenance | MaD:85 | -| test_futures_io.rs:90:35:90:46 | &mut reader2 [&ref] | test_futures_io.rs:90:26:90:47 | ...::new(...) [Pin, &ref] | provenance | MaD:84 | +| test_futures_io.rs:90:35:90:46 | &mut reader2 [&ref] | test_futures_io.rs:90:26:90:47 | ...::new(...) [&ref] | provenance | MaD:84 | | test_futures_io.rs:90:40:90:46 | reader2 | test_futures_io.rs:90:35:90:46 | &mut reader2 [&ref] | provenance | | | test_futures_io.rs:91:15:91:20 | pinned | test_futures_io.rs:91:14:91:20 | &pinned | provenance | | | test_futures_io.rs:91:15:91:20 | pinned [&ref] | test_futures_io.rs:91:14:91:20 | &pinned | provenance | | -| test_futures_io.rs:91:15:91:20 | pinned [Pin, &ref] | test_futures_io.rs:91:14:91:20 | &pinned | provenance | | | test_futures_io.rs:103:59:103:70 | &mut reader2 [&ref] | test_futures_io.rs:103:73:103:84 | [post] &mut buffer1 [&ref] | provenance | MaD:38 | | test_futures_io.rs:103:59:103:70 | &mut reader2 [&ref] | test_futures_io.rs:103:73:103:84 | [post] &mut buffer1 [&ref] | provenance | MaD:49 | | test_futures_io.rs:103:64:103:70 | reader2 | test_futures_io.rs:103:59:103:70 | &mut reader2 [&ref] | provenance | | @@ -857,17 +844,13 @@ edges | test_futures_io.rs:113:13:113:22 | mut pinned | test_futures_io.rs:116:22:116:50 | pinned.poll_fill_buf(...) [Ready, Ok] | provenance | MaD:43 | | test_futures_io.rs:113:13:113:22 | mut pinned [&ref] | test_futures_io.rs:114:15:114:20 | pinned [&ref] | provenance | | | test_futures_io.rs:113:13:113:22 | mut pinned [&ref] | test_futures_io.rs:116:22:116:50 | pinned.poll_fill_buf(...) [Ready, Ok] | provenance | MaD:43 | -| test_futures_io.rs:113:13:113:22 | mut pinned [Pin, &ref] | test_futures_io.rs:114:15:114:20 | pinned [Pin, &ref] | provenance | | | test_futures_io.rs:113:26:113:47 | ...::new(...) | test_futures_io.rs:113:13:113:22 | mut pinned | provenance | | | test_futures_io.rs:113:26:113:47 | ...::new(...) [&ref] | test_futures_io.rs:113:13:113:22 | mut pinned [&ref] | provenance | | -| test_futures_io.rs:113:26:113:47 | ...::new(...) [Pin, &ref] | test_futures_io.rs:113:13:113:22 | mut pinned [Pin, &ref] | provenance | | | test_futures_io.rs:113:35:113:46 | &mut reader2 [&ref] | test_futures_io.rs:113:26:113:47 | ...::new(...) | provenance | MaD:83 | -| test_futures_io.rs:113:35:113:46 | &mut reader2 [&ref] | test_futures_io.rs:113:26:113:47 | ...::new(...) [&ref] | provenance | MaD:85 | -| test_futures_io.rs:113:35:113:46 | &mut reader2 [&ref] | test_futures_io.rs:113:26:113:47 | ...::new(...) [Pin, &ref] | provenance | MaD:84 | +| test_futures_io.rs:113:35:113:46 | &mut reader2 [&ref] | test_futures_io.rs:113:26:113:47 | ...::new(...) [&ref] | provenance | MaD:84 | | test_futures_io.rs:113:40:113:46 | reader2 | test_futures_io.rs:113:35:113:46 | &mut reader2 [&ref] | provenance | | | test_futures_io.rs:114:15:114:20 | pinned | test_futures_io.rs:114:14:114:20 | &pinned | provenance | | | test_futures_io.rs:114:15:114:20 | pinned [&ref] | test_futures_io.rs:114:14:114:20 | &pinned | provenance | | -| test_futures_io.rs:114:15:114:20 | pinned [Pin, &ref] | test_futures_io.rs:114:14:114:20 | &pinned | provenance | | | test_futures_io.rs:116:13:116:18 | buffer [Ready, Ok] | test_futures_io.rs:117:15:117:20 | buffer [Ready, Ok] | provenance | | | test_futures_io.rs:116:13:116:18 | buffer [Ready, Ok] | test_futures_io.rs:118:16:118:35 | ...::Ready(...) [Ready, Ok] | provenance | | | test_futures_io.rs:116:22:116:50 | pinned.poll_fill_buf(...) [Ready, Ok] | test_futures_io.rs:116:13:116:18 | buffer [Ready, Ok] | provenance | | @@ -893,26 +876,26 @@ edges | test_futures_io.rs:147:15:147:20 | buffer | test_futures_io.rs:147:14:147:20 | &buffer | provenance | | | web_frameworks.rs:11:31:11:31 | a | web_frameworks.rs:13:14:13:14 | a | provenance | | | web_frameworks.rs:11:31:11:31 | a | web_frameworks.rs:13:14:13:14 | a | provenance | | -| web_frameworks.rs:11:31:11:31 | a | web_frameworks.rs:13:14:13:22 | a.as_str() | provenance | MaD:80 | -| web_frameworks.rs:11:31:11:31 | a | web_frameworks.rs:13:14:13:22 | a.as_str() | provenance | MaD:89 | | web_frameworks.rs:11:31:11:31 | a | web_frameworks.rs:13:14:13:23 | a.as_str() | provenance | MaD:80 | -| web_frameworks.rs:11:31:11:31 | a | web_frameworks.rs:13:14:13:23 | a.as_str() | provenance | MaD:89 | +| web_frameworks.rs:11:31:11:31 | a | web_frameworks.rs:13:14:13:23 | a.as_str() | provenance | MaD:80 | +| web_frameworks.rs:11:31:11:31 | a | web_frameworks.rs:13:14:13:23 | a.as_str() | provenance | MaD:88 | +| web_frameworks.rs:11:31:11:31 | a | web_frameworks.rs:13:14:13:23 | a.as_str() | provenance | MaD:88 | | web_frameworks.rs:11:31:11:31 | a | web_frameworks.rs:14:14:14:14 | a | provenance | | | web_frameworks.rs:11:31:11:31 | a | web_frameworks.rs:14:14:14:14 | a | provenance | | -| web_frameworks.rs:11:31:11:31 | a | web_frameworks.rs:14:14:14:24 | a.as_bytes() | provenance | MaD:79 | -| web_frameworks.rs:11:31:11:31 | a | web_frameworks.rs:14:14:14:24 | a.as_bytes() | provenance | MaD:88 | | web_frameworks.rs:11:31:11:31 | a | web_frameworks.rs:14:14:14:25 | a.as_bytes() | provenance | MaD:79 | -| web_frameworks.rs:11:31:11:31 | a | web_frameworks.rs:14:14:14:25 | a.as_bytes() | provenance | MaD:88 | +| web_frameworks.rs:11:31:11:31 | a | web_frameworks.rs:14:14:14:25 | a.as_bytes() | provenance | MaD:79 | +| web_frameworks.rs:11:31:11:31 | a | web_frameworks.rs:14:14:14:25 | a.as_bytes() | provenance | MaD:87 | +| web_frameworks.rs:11:31:11:31 | a | web_frameworks.rs:14:14:14:25 | a.as_bytes() | provenance | MaD:87 | | web_frameworks.rs:11:31:11:31 | a | web_frameworks.rs:15:14:15:14 | a | provenance | | | web_frameworks.rs:11:31:11:31 | a | web_frameworks.rs:15:14:15:14 | a | provenance | | -| web_frameworks.rs:13:14:13:14 | a | web_frameworks.rs:13:14:13:22 | a.as_str() | provenance | MaD:80 | -| web_frameworks.rs:13:14:13:14 | a | web_frameworks.rs:13:14:13:22 | a.as_str() | provenance | MaD:89 | | web_frameworks.rs:13:14:13:14 | a | web_frameworks.rs:13:14:13:23 | a.as_str() | provenance | MaD:80 | -| web_frameworks.rs:13:14:13:14 | a | web_frameworks.rs:13:14:13:23 | a.as_str() | provenance | MaD:89 | -| web_frameworks.rs:14:14:14:14 | a | web_frameworks.rs:14:14:14:24 | a.as_bytes() | provenance | MaD:79 | -| web_frameworks.rs:14:14:14:14 | a | web_frameworks.rs:14:14:14:24 | a.as_bytes() | provenance | MaD:88 | +| web_frameworks.rs:13:14:13:14 | a | web_frameworks.rs:13:14:13:23 | a.as_str() | provenance | MaD:80 | +| web_frameworks.rs:13:14:13:14 | a | web_frameworks.rs:13:14:13:23 | a.as_str() | provenance | MaD:88 | +| web_frameworks.rs:13:14:13:14 | a | web_frameworks.rs:13:14:13:23 | a.as_str() | provenance | MaD:88 | | web_frameworks.rs:14:14:14:14 | a | web_frameworks.rs:14:14:14:25 | a.as_bytes() | provenance | MaD:79 | -| web_frameworks.rs:14:14:14:14 | a | web_frameworks.rs:14:14:14:25 | a.as_bytes() | provenance | MaD:88 | +| web_frameworks.rs:14:14:14:14 | a | web_frameworks.rs:14:14:14:25 | a.as_bytes() | provenance | MaD:79 | +| web_frameworks.rs:14:14:14:14 | a | web_frameworks.rs:14:14:14:25 | a.as_bytes() | provenance | MaD:87 | +| web_frameworks.rs:14:14:14:14 | a | web_frameworks.rs:14:14:14:25 | a.as_bytes() | provenance | MaD:87 | | web_frameworks.rs:68:15:68:15 | a | web_frameworks.rs:70:14:70:14 | a | provenance | | | web_frameworks.rs:68:15:68:15 | a | web_frameworks.rs:70:14:70:14 | a | provenance | | | web_frameworks.rs:242:33:242:35 | map | web_frameworks.rs:242:38:242:46 | ...: String | provenance | Src:MaD:2 | @@ -1576,16 +1559,13 @@ nodes | test_futures_io.rs:27:11:27:16 | reader | semmle.label | reader | | test_futures_io.rs:32:13:32:22 | mut pinned | semmle.label | mut pinned | | test_futures_io.rs:32:13:32:22 | mut pinned [&ref] | semmle.label | mut pinned [&ref] | -| test_futures_io.rs:32:13:32:22 | mut pinned [Pin, &ref] | semmle.label | mut pinned [Pin, &ref] | | test_futures_io.rs:32:26:32:46 | ...::new(...) | semmle.label | ...::new(...) | | test_futures_io.rs:32:26:32:46 | ...::new(...) [&ref] | semmle.label | ...::new(...) [&ref] | -| test_futures_io.rs:32:26:32:46 | ...::new(...) [Pin, &ref] | semmle.label | ...::new(...) [Pin, &ref] | | test_futures_io.rs:32:35:32:45 | &mut reader [&ref] | semmle.label | &mut reader [&ref] | | test_futures_io.rs:32:40:32:45 | reader | semmle.label | reader | | test_futures_io.rs:33:14:33:20 | &pinned | semmle.label | &pinned | | test_futures_io.rs:33:15:33:20 | pinned | semmle.label | pinned | | test_futures_io.rs:33:15:33:20 | pinned [&ref] | semmle.label | pinned [&ref] | -| test_futures_io.rs:33:15:33:20 | pinned [Pin, &ref] | semmle.label | pinned [Pin, &ref] | | test_futures_io.rs:45:59:45:69 | &mut reader [&ref] | semmle.label | &mut reader [&ref] | | test_futures_io.rs:45:64:45:69 | reader | semmle.label | reader | | test_futures_io.rs:45:72:45:83 | [post] &mut buffer1 [&ref] | semmle.label | [post] &mut buffer1 [&ref] | @@ -1604,16 +1584,13 @@ nodes | test_futures_io.rs:55:11:55:17 | reader2 | semmle.label | reader2 | | test_futures_io.rs:59:13:59:22 | mut pinned | semmle.label | mut pinned | | test_futures_io.rs:59:13:59:22 | mut pinned [&ref] | semmle.label | mut pinned [&ref] | -| test_futures_io.rs:59:13:59:22 | mut pinned [Pin, &ref] | semmle.label | mut pinned [Pin, &ref] | | test_futures_io.rs:59:26:59:47 | ...::new(...) | semmle.label | ...::new(...) | | test_futures_io.rs:59:26:59:47 | ...::new(...) [&ref] | semmle.label | ...::new(...) [&ref] | -| test_futures_io.rs:59:26:59:47 | ...::new(...) [Pin, &ref] | semmle.label | ...::new(...) [Pin, &ref] | | test_futures_io.rs:59:35:59:46 | &mut reader2 [&ref] | semmle.label | &mut reader2 [&ref] | | test_futures_io.rs:59:40:59:46 | reader2 | semmle.label | reader2 | | test_futures_io.rs:60:14:60:20 | &pinned | semmle.label | &pinned | | test_futures_io.rs:60:15:60:20 | pinned | semmle.label | pinned | | test_futures_io.rs:60:15:60:20 | pinned [&ref] | semmle.label | pinned [&ref] | -| test_futures_io.rs:60:15:60:20 | pinned [Pin, &ref] | semmle.label | pinned [Pin, &ref] | | test_futures_io.rs:62:13:62:18 | buffer [Ready, Ok] | semmle.label | buffer [Ready, Ok] | | test_futures_io.rs:62:22:62:50 | pinned.poll_fill_buf(...) [Ready, Ok] | semmle.label | pinned.poll_fill_buf(...) [Ready, Ok] | | test_futures_io.rs:63:16:63:35 | ...::Ready(...) [Ready, Ok] | semmle.label | ...::Ready(...) [Ready, Ok] | @@ -1642,16 +1619,13 @@ nodes | test_futures_io.rs:84:14:84:19 | buffer | semmle.label | buffer | | test_futures_io.rs:90:13:90:22 | mut pinned | semmle.label | mut pinned | | test_futures_io.rs:90:13:90:22 | mut pinned [&ref] | semmle.label | mut pinned [&ref] | -| test_futures_io.rs:90:13:90:22 | mut pinned [Pin, &ref] | semmle.label | mut pinned [Pin, &ref] | | test_futures_io.rs:90:26:90:47 | ...::new(...) | semmle.label | ...::new(...) | | test_futures_io.rs:90:26:90:47 | ...::new(...) [&ref] | semmle.label | ...::new(...) [&ref] | -| test_futures_io.rs:90:26:90:47 | ...::new(...) [Pin, &ref] | semmle.label | ...::new(...) [Pin, &ref] | | test_futures_io.rs:90:35:90:46 | &mut reader2 [&ref] | semmle.label | &mut reader2 [&ref] | | test_futures_io.rs:90:40:90:46 | reader2 | semmle.label | reader2 | | test_futures_io.rs:91:14:91:20 | &pinned | semmle.label | &pinned | | test_futures_io.rs:91:15:91:20 | pinned | semmle.label | pinned | | test_futures_io.rs:91:15:91:20 | pinned [&ref] | semmle.label | pinned [&ref] | -| test_futures_io.rs:91:15:91:20 | pinned [Pin, &ref] | semmle.label | pinned [Pin, &ref] | | test_futures_io.rs:103:59:103:70 | &mut reader2 [&ref] | semmle.label | &mut reader2 [&ref] | | test_futures_io.rs:103:64:103:70 | reader2 | semmle.label | reader2 | | test_futures_io.rs:103:73:103:84 | [post] &mut buffer1 [&ref] | semmle.label | [post] &mut buffer1 [&ref] | @@ -1665,16 +1639,13 @@ nodes | test_futures_io.rs:108:15:108:36 | buffer2[...] | semmle.label | buffer2[...] | | test_futures_io.rs:113:13:113:22 | mut pinned | semmle.label | mut pinned | | test_futures_io.rs:113:13:113:22 | mut pinned [&ref] | semmle.label | mut pinned [&ref] | -| test_futures_io.rs:113:13:113:22 | mut pinned [Pin, &ref] | semmle.label | mut pinned [Pin, &ref] | | test_futures_io.rs:113:26:113:47 | ...::new(...) | semmle.label | ...::new(...) | | test_futures_io.rs:113:26:113:47 | ...::new(...) [&ref] | semmle.label | ...::new(...) [&ref] | -| test_futures_io.rs:113:26:113:47 | ...::new(...) [Pin, &ref] | semmle.label | ...::new(...) [Pin, &ref] | | test_futures_io.rs:113:35:113:46 | &mut reader2 [&ref] | semmle.label | &mut reader2 [&ref] | | test_futures_io.rs:113:40:113:46 | reader2 | semmle.label | reader2 | | test_futures_io.rs:114:14:114:20 | &pinned | semmle.label | &pinned | | test_futures_io.rs:114:15:114:20 | pinned | semmle.label | pinned | | test_futures_io.rs:114:15:114:20 | pinned [&ref] | semmle.label | pinned [&ref] | -| test_futures_io.rs:114:15:114:20 | pinned [Pin, &ref] | semmle.label | pinned [Pin, &ref] | | test_futures_io.rs:116:13:116:18 | buffer [Ready, Ok] | semmle.label | buffer [Ready, Ok] | | test_futures_io.rs:116:22:116:50 | pinned.poll_fill_buf(...) [Ready, Ok] | semmle.label | pinned.poll_fill_buf(...) [Ready, Ok] | | test_futures_io.rs:117:14:117:20 | &buffer | semmle.label | &buffer | @@ -1707,11 +1678,11 @@ nodes | web_frameworks.rs:11:31:11:31 | a | semmle.label | a | | web_frameworks.rs:13:14:13:14 | a | semmle.label | a | | web_frameworks.rs:13:14:13:14 | a | semmle.label | a | -| web_frameworks.rs:13:14:13:22 | a.as_str() | semmle.label | a.as_str() | +| web_frameworks.rs:13:14:13:23 | a.as_str() | semmle.label | a.as_str() | | web_frameworks.rs:13:14:13:23 | a.as_str() | semmle.label | a.as_str() | | web_frameworks.rs:14:14:14:14 | a | semmle.label | a | | web_frameworks.rs:14:14:14:14 | a | semmle.label | a | -| web_frameworks.rs:14:14:14:24 | a.as_bytes() | semmle.label | a.as_bytes() | +| web_frameworks.rs:14:14:14:25 | a.as_bytes() | semmle.label | a.as_bytes() | | web_frameworks.rs:14:14:14:25 | a.as_bytes() | semmle.label | a.as_bytes() | | web_frameworks.rs:15:14:15:14 | a | semmle.label | a | | web_frameworks.rs:15:14:15:14 | a | semmle.label | a | @@ -1874,9 +1845,9 @@ testFailures | test_futures_io.rs:133:14:133:18 | &line | test_futures_io.rs:19:15:19:32 | ...::connect | test_futures_io.rs:133:14:133:18 | &line | $@ | test_futures_io.rs:19:15:19:32 | ...::connect | ...::connect | | test_futures_io.rs:140:14:140:18 | &line | test_futures_io.rs:19:15:19:32 | ...::connect | test_futures_io.rs:140:14:140:18 | &line | $@ | test_futures_io.rs:19:15:19:32 | ...::connect | ...::connect | | test_futures_io.rs:147:14:147:20 | &buffer | test_futures_io.rs:19:15:19:32 | ...::connect | test_futures_io.rs:147:14:147:20 | &buffer | $@ | test_futures_io.rs:19:15:19:32 | ...::connect | ...::connect | -| web_frameworks.rs:13:14:13:22 | a.as_str() | web_frameworks.rs:11:31:11:31 | a | web_frameworks.rs:13:14:13:22 | a.as_str() | $@ | web_frameworks.rs:11:31:11:31 | a | a | | web_frameworks.rs:13:14:13:23 | a.as_str() | web_frameworks.rs:11:31:11:31 | a | web_frameworks.rs:13:14:13:23 | a.as_str() | $@ | web_frameworks.rs:11:31:11:31 | a | a | -| web_frameworks.rs:14:14:14:24 | a.as_bytes() | web_frameworks.rs:11:31:11:31 | a | web_frameworks.rs:14:14:14:24 | a.as_bytes() | $@ | web_frameworks.rs:11:31:11:31 | a | a | +| web_frameworks.rs:13:14:13:23 | a.as_str() | web_frameworks.rs:11:31:11:31 | a | web_frameworks.rs:13:14:13:23 | a.as_str() | $@ | web_frameworks.rs:11:31:11:31 | a | a | +| web_frameworks.rs:14:14:14:25 | a.as_bytes() | web_frameworks.rs:11:31:11:31 | a | web_frameworks.rs:14:14:14:25 | a.as_bytes() | $@ | web_frameworks.rs:11:31:11:31 | a | a | | web_frameworks.rs:14:14:14:25 | a.as_bytes() | web_frameworks.rs:11:31:11:31 | a | web_frameworks.rs:14:14:14:25 | a.as_bytes() | $@ | web_frameworks.rs:11:31:11:31 | a | a | | web_frameworks.rs:15:14:15:14 | a | web_frameworks.rs:11:31:11:31 | a | web_frameworks.rs:15:14:15:14 | a | $@ | web_frameworks.rs:11:31:11:31 | a | a | | web_frameworks.rs:15:14:15:14 | a | web_frameworks.rs:11:31:11:31 | a | web_frameworks.rs:15:14:15:14 | a | $@ | web_frameworks.rs:11:31:11:31 | a | a | diff --git a/rust/ql/test/library-tests/dataflow/sources/TaintSources.expected b/rust/ql/test/library-tests/dataflow/sources/TaintSources.expected index 96b6426baf4..ebf687cc7a6 100644 --- a/rust/ql/test/library-tests/dataflow/sources/TaintSources.expected +++ b/rust/ql/test/library-tests/dataflow/sources/TaintSources.expected @@ -92,9 +92,9 @@ | test_futures_io.rs:19:15:19:32 | ...::connect | Flow source 'RemoteSource' of type remote (DEFAULT). | | web_frameworks.rs:11:31:11:31 | a | Flow source 'RemoteSource' of type remote (DEFAULT). | | web_frameworks.rs:11:31:11:31 | a | Flow source 'RemoteSource' of type remote (DEFAULT). | -| web_frameworks.rs:22:14:22:18 | TuplePat | Flow source 'RemoteSource' of type remote (DEFAULT). | | web_frameworks.rs:22:14:22:19 | TuplePat | Flow source 'RemoteSource' of type remote (DEFAULT). | -| web_frameworks.rs:48:14:48:28 | MyStruct {...} | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:22:14:22:19 | TuplePat | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:48:14:48:30 | MyStruct {...} | Flow source 'RemoteSource' of type remote (DEFAULT). | | web_frameworks.rs:48:14:48:30 | MyStruct {...} | Flow source 'RemoteSource' of type remote (DEFAULT). | | web_frameworks.rs:58:14:58:15 | ms | Flow source 'RemoteSource' of type remote (DEFAULT). | | web_frameworks.rs:58:14:58:15 | ms | Flow source 'RemoteSource' of type remote (DEFAULT). | diff --git a/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.expected b/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.expected index e6241590137..c6ebb0403a9 100644 --- a/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.expected +++ b/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.expected @@ -1,11 +1,12 @@ models | 1 | Summary: <_ as core::convert::From>::from; Argument[0]; ReturnValue; taint | | 2 | Summary: ::from; Argument[0].Reference; ReturnValue; value | -| 3 | Summary: ::add; Argument[self]; ReturnValue; value | -| 4 | Summary: ::as_str; Argument[self]; ReturnValue; value | -| 5 | Summary: ::as_str; Argument[self]; ReturnValue; value | -| 6 | Summary: alloc::fmt::format; Argument[0]; ReturnValue; taint | -| 7 | Summary: core::hint::must_use; Argument[0]; ReturnValue; value | +| 3 | Summary: ::add; Argument[0].Reference; ReturnValue; taint | +| 4 | Summary: ::add; Argument[self]; ReturnValue; value | +| 5 | Summary: ::as_str; Argument[self]; ReturnValue; value | +| 6 | Summary: ::as_str; Argument[self]; ReturnValue; value | +| 7 | Summary: alloc::fmt::format; Argument[0]; ReturnValue; taint | +| 8 | Summary: core::hint::must_use; Argument[0]; ReturnValue; value | edges | main.rs:26:9:26:9 | s | main.rs:27:19:27:25 | s[...] | provenance | | | main.rs:26:13:26:22 | source(...) | main.rs:26:9:26:9 | s | provenance | | @@ -16,8 +17,12 @@ edges | main.rs:32:9:32:10 | s1 | main.rs:35:14:35:15 | s1 | provenance | | | main.rs:32:14:32:23 | source(...) | main.rs:32:9:32:10 | s1 | provenance | | | main.rs:35:9:35:10 | s4 | main.rs:38:10:38:11 | s4 | provenance | | -| main.rs:35:14:35:15 | s1 | main.rs:35:14:35:20 | ... + ... | provenance | MaD:3 | +| main.rs:35:14:35:15 | s1 | main.rs:35:14:35:20 | ... + ... | provenance | MaD:4 | | main.rs:35:14:35:20 | ... + ... | main.rs:35:9:35:10 | s4 | provenance | | +| main.rs:43:9:43:10 | s1 | main.rs:46:34:46:35 | s1 | provenance | | +| main.rs:43:14:43:23 | source(...) | main.rs:43:9:43:10 | s1 | provenance | | +| main.rs:46:33:46:35 | &s1 [&ref] | main.rs:46:10:46:35 | ... + ... | provenance | MaD:3 | +| main.rs:46:34:46:35 | s1 | main.rs:46:33:46:35 | &s1 [&ref] | provenance | | | main.rs:51:9:51:10 | s1 | main.rs:52:27:52:28 | s1 | provenance | | | main.rs:51:14:51:29 | source_slice(...) | main.rs:51:9:51:10 | s1 | provenance | | | main.rs:52:9:52:10 | s2 | main.rs:53:10:53:11 | s2 | provenance | | @@ -25,38 +30,36 @@ edges | main.rs:52:27:52:28 | s1 | main.rs:52:14:52:29 | ...::from(...) | provenance | MaD:1 | | main.rs:52:27:52:28 | s1 | main.rs:52:14:52:29 | ...::from(...) | provenance | MaD:2 | | main.rs:63:9:63:9 | s | main.rs:64:16:64:16 | s | provenance | | -| main.rs:63:9:63:9 | s | main.rs:64:16:64:25 | s.as_str() | provenance | MaD:4 | | main.rs:63:9:63:9 | s | main.rs:64:16:64:25 | s.as_str() | provenance | MaD:5 | +| main.rs:63:9:63:9 | s | main.rs:64:16:64:25 | s.as_str() | provenance | MaD:6 | | main.rs:63:13:63:22 | source(...) | main.rs:63:9:63:9 | s | provenance | | -| main.rs:64:16:64:16 | s | main.rs:64:16:64:25 | s.as_str() | provenance | MaD:4 | | main.rs:64:16:64:16 | s | main.rs:64:16:64:25 | s.as_str() | provenance | MaD:5 | +| main.rs:64:16:64:16 | s | main.rs:64:16:64:25 | s.as_str() | provenance | MaD:6 | | main.rs:68:9:68:9 | s | main.rs:70:34:70:61 | MacroExpr | provenance | | | main.rs:68:9:68:9 | s | main.rs:73:34:73:59 | MacroExpr | provenance | | | main.rs:68:13:68:22 | source(...) | main.rs:68:9:68:9 | s | provenance | | | main.rs:70:9:70:18 | formatted1 | main.rs:71:10:71:19 | formatted1 | provenance | | | main.rs:70:22:70:62 | ...::format(...) | main.rs:70:9:70:18 | formatted1 | provenance | | -| main.rs:70:34:70:61 | MacroExpr | main.rs:70:22:70:62 | ...::format(...) | provenance | MaD:6 | +| main.rs:70:34:70:61 | MacroExpr | main.rs:70:22:70:62 | ...::format(...) | provenance | MaD:7 | | main.rs:73:9:73:18 | formatted2 | main.rs:74:10:74:19 | formatted2 | provenance | | | main.rs:73:22:73:60 | ...::format(...) | main.rs:73:9:73:18 | formatted2 | provenance | | -| main.rs:73:34:73:59 | MacroExpr | main.rs:73:22:73:60 | ...::format(...) | provenance | MaD:6 | +| main.rs:73:34:73:59 | MacroExpr | main.rs:73:22:73:60 | ...::format(...) | provenance | MaD:7 | | main.rs:76:9:76:13 | width | main.rs:77:34:77:74 | MacroExpr | provenance | | | main.rs:76:17:76:32 | source_usize(...) | main.rs:76:9:76:13 | width | provenance | | | main.rs:77:9:77:18 | formatted3 | main.rs:78:10:78:19 | formatted3 | provenance | | | main.rs:77:22:77:75 | ...::format(...) | main.rs:77:9:77:18 | formatted3 | provenance | | -| main.rs:77:34:77:74 | MacroExpr | main.rs:77:22:77:75 | ...::format(...) | provenance | MaD:6 | +| main.rs:77:34:77:74 | MacroExpr | main.rs:77:22:77:75 | ...::format(...) | provenance | MaD:7 | | main.rs:82:9:82:10 | s1 | main.rs:86:18:86:25 | MacroExpr | provenance | | | main.rs:82:9:82:10 | s1 | main.rs:87:18:87:32 | MacroExpr | provenance | | | main.rs:82:14:82:23 | source(...) | main.rs:82:9:82:10 | s1 | provenance | | -| main.rs:86:10:86:16 | res | main.rs:86:18:86:25 | { ... } | provenance | | -| main.rs:86:18:86:25 | ...::format(...) | main.rs:86:10:86:16 | res | provenance | | +| main.rs:86:18:86:25 | ...::format(...) | main.rs:86:18:86:25 | { ... } | provenance | | | main.rs:86:18:86:25 | ...::must_use(...) | main.rs:86:10:86:26 | MacroExpr | provenance | | -| main.rs:86:18:86:25 | MacroExpr | main.rs:86:18:86:25 | ...::format(...) | provenance | MaD:6 | -| main.rs:86:18:86:25 | { ... } | main.rs:86:18:86:25 | ...::must_use(...) | provenance | MaD:7 | -| main.rs:87:10:87:16 | res | main.rs:87:18:87:32 | { ... } | provenance | | -| main.rs:87:18:87:32 | ...::format(...) | main.rs:87:10:87:16 | res | provenance | | +| main.rs:86:18:86:25 | MacroExpr | main.rs:86:18:86:25 | ...::format(...) | provenance | MaD:7 | +| main.rs:86:18:86:25 | { ... } | main.rs:86:18:86:25 | ...::must_use(...) | provenance | MaD:8 | +| main.rs:87:18:87:32 | ...::format(...) | main.rs:87:18:87:32 | { ... } | provenance | | | main.rs:87:18:87:32 | ...::must_use(...) | main.rs:87:10:87:33 | MacroExpr | provenance | | -| main.rs:87:18:87:32 | MacroExpr | main.rs:87:18:87:32 | ...::format(...) | provenance | MaD:6 | -| main.rs:87:18:87:32 | { ... } | main.rs:87:18:87:32 | ...::must_use(...) | provenance | MaD:7 | +| main.rs:87:18:87:32 | MacroExpr | main.rs:87:18:87:32 | ...::format(...) | provenance | MaD:7 | +| main.rs:87:18:87:32 | { ... } | main.rs:87:18:87:32 | ...::must_use(...) | provenance | MaD:8 | nodes | main.rs:26:9:26:9 | s | semmle.label | s | | main.rs:26:13:26:22 | source(...) | semmle.label | source(...) | @@ -70,6 +73,11 @@ nodes | main.rs:35:14:35:15 | s1 | semmle.label | s1 | | main.rs:35:14:35:20 | ... + ... | semmle.label | ... + ... | | main.rs:38:10:38:11 | s4 | semmle.label | s4 | +| main.rs:43:9:43:10 | s1 | semmle.label | s1 | +| main.rs:43:14:43:23 | source(...) | semmle.label | source(...) | +| main.rs:46:10:46:35 | ... + ... | semmle.label | ... + ... | +| main.rs:46:33:46:35 | &s1 [&ref] | semmle.label | &s1 [&ref] | +| main.rs:46:34:46:35 | s1 | semmle.label | s1 | | main.rs:51:9:51:10 | s1 | semmle.label | s1 | | main.rs:51:14:51:29 | source_slice(...) | semmle.label | source_slice(...) | | main.rs:52:9:52:10 | s2 | semmle.label | s2 | @@ -98,13 +106,11 @@ nodes | main.rs:78:10:78:19 | formatted3 | semmle.label | formatted3 | | main.rs:82:9:82:10 | s1 | semmle.label | s1 | | main.rs:82:14:82:23 | source(...) | semmle.label | source(...) | -| main.rs:86:10:86:16 | res | semmle.label | res | | main.rs:86:10:86:26 | MacroExpr | semmle.label | MacroExpr | | main.rs:86:18:86:25 | ...::format(...) | semmle.label | ...::format(...) | | main.rs:86:18:86:25 | ...::must_use(...) | semmle.label | ...::must_use(...) | | main.rs:86:18:86:25 | MacroExpr | semmle.label | MacroExpr | | main.rs:86:18:86:25 | { ... } | semmle.label | { ... } | -| main.rs:87:10:87:16 | res | semmle.label | res | | main.rs:87:10:87:33 | MacroExpr | semmle.label | MacroExpr | | main.rs:87:18:87:32 | ...::format(...) | semmle.label | ...::format(...) | | main.rs:87:18:87:32 | ...::must_use(...) | semmle.label | ...::must_use(...) | @@ -115,6 +121,7 @@ testFailures #select | main.rs:28:16:28:21 | sliced | main.rs:26:13:26:22 | source(...) | main.rs:28:16:28:21 | sliced | $@ | main.rs:26:13:26:22 | source(...) | source(...) | | main.rs:38:10:38:11 | s4 | main.rs:32:14:32:23 | source(...) | main.rs:38:10:38:11 | s4 | $@ | main.rs:32:14:32:23 | source(...) | source(...) | +| main.rs:46:10:46:35 | ... + ... | main.rs:43:14:43:23 | source(...) | main.rs:46:10:46:35 | ... + ... | $@ | main.rs:43:14:43:23 | source(...) | source(...) | | main.rs:53:10:53:11 | s2 | main.rs:51:14:51:29 | source_slice(...) | main.rs:53:10:53:11 | s2 | $@ | main.rs:51:14:51:29 | source_slice(...) | source_slice(...) | | main.rs:64:16:64:25 | s.as_str() | main.rs:63:13:63:22 | source(...) | main.rs:64:16:64:25 | s.as_str() | $@ | main.rs:63:13:63:22 | source(...) | source(...) | | main.rs:71:10:71:19 | formatted1 | main.rs:68:13:68:22 | source(...) | main.rs:71:10:71:19 | formatted1 | $@ | main.rs:68:13:68:22 | source(...) | source(...) | diff --git a/rust/ql/test/library-tests/dataflow/strings/main.rs b/rust/ql/test/library-tests/dataflow/strings/main.rs index ca9db9a9026..40f62946832 100644 --- a/rust/ql/test/library-tests/dataflow/strings/main.rs +++ b/rust/ql/test/library-tests/dataflow/strings/main.rs @@ -43,7 +43,7 @@ fn string_add_reference() { let s1 = source(37); let s2 = "1".to_string(); - sink("Hello ".to_string() + &s1); // $ MISSING: hasTaintFlow=37 + sink("Hello ".to_string() + &s1); // $ hasTaintFlow=37 sink("Hello ".to_string() + &s2); } @@ -56,7 +56,7 @@ fn string_from() { fn string_to_string() { let s1 = source_slice(22); let s2 = s1.to_string(); - sink(s2); // $ MISSING: hasTaintFlow=22 - we are not currently able to resolve the `to_string` call above, which comes from `impl ToString for T` + sink(s2); // $ MISSING: hasTaintFlow=22 } fn as_str() { diff --git a/rust/ql/test/library-tests/definitions/Definitions.expected b/rust/ql/test/library-tests/definitions/Definitions.expected index b6f8201240a..3786ab947f2 100644 --- a/rust/ql/test/library-tests/definitions/Definitions.expected +++ b/rust/ql/test/library-tests/definitions/Definitions.expected @@ -8,24 +8,31 @@ | main.rs:19:23:19:23 | T | main.rs:18:10:18:10 | T | path | | main.rs:19:29:19:32 | Self | main.rs:16:5:16:24 | struct S2 | path | | main.rs:20:16:20:16 | x | main.rs:19:20:19:20 | x | local variable | +| main.rs:29:5:29:11 | println | {EXTERNAL LOCATION} | MacroRules | path | | main.rs:29:22:29:26 | value | main.rs:29:50:29:54 | value | format argument | | main.rs:29:29:29:33 | width | main.rs:26:9:26:13 | width | local variable | | main.rs:29:36:29:44 | precision | main.rs:27:9:27:17 | precision | local variable | +| main.rs:30:5:30:11 | println | {EXTERNAL LOCATION} | MacroRules | path | | main.rs:30:22:30:22 | 0 | main.rs:30:34:30:38 | value | format argument | | main.rs:30:25:30:25 | 1 | main.rs:30:41:30:45 | width | format argument | | main.rs:30:28:30:28 | 2 | main.rs:30:48:30:56 | precision | format argument | | main.rs:30:34:30:38 | value | main.rs:28:9:28:13 | value | local variable | | main.rs:30:41:30:45 | width | main.rs:26:9:26:13 | width | local variable | | main.rs:30:48:30:56 | precision | main.rs:27:9:27:17 | precision | local variable | +| main.rs:31:5:31:11 | println | {EXTERNAL LOCATION} | MacroRules | path | | main.rs:31:21:31:22 | {} | main.rs:31:29:31:33 | value | format argument | | main.rs:31:24:31:25 | {} | main.rs:31:36:31:40 | width | format argument | | main.rs:31:29:31:33 | value | main.rs:28:9:28:13 | value | local variable | | main.rs:31:36:31:40 | width | main.rs:26:9:26:13 | width | local variable | +| main.rs:33:5:33:11 | println | {EXTERNAL LOCATION} | MacroRules | path | | main.rs:33:22:33:27 | people | main.rs:32:9:32:14 | people | local variable | +| main.rs:34:5:34:11 | println | {EXTERNAL LOCATION} | MacroRules | path | | main.rs:34:16:34:16 | 1 | main.rs:34:34:34:34 | 2 | format argument | | main.rs:34:19:34:20 | {} | main.rs:34:31:34:31 | 1 | format argument | | main.rs:34:23:34:23 | 0 | main.rs:34:31:34:31 | 1 | format argument | | main.rs:34:26:34:27 | {} | main.rs:34:34:34:34 | 2 | format argument | +| main.rs:35:5:35:13 | assert_eq | {EXTERNAL LOCATION} | MacroRules | path | +| main.rs:35:16:35:21 | format | {EXTERNAL LOCATION} | MacroRules | path | | main.rs:35:31:35:35 | {:<5} | main.rs:35:40:35:42 | "x" | format argument | | main.rs:36:13:36:13 | S | main.rs:1:1:1:9 | struct S | path | | main.rs:37:13:37:14 | M1 | main.rs:5:1:23:1 | mod M1 | path | diff --git a/rust/ql/test/library-tests/definitions/Definitions.qlref b/rust/ql/test/library-tests/definitions/Definitions.qlref new file mode 100644 index 00000000000..425b65e820a --- /dev/null +++ b/rust/ql/test/library-tests/definitions/Definitions.qlref @@ -0,0 +1,2 @@ +query: Definitions.ql +postprocess: utils/test/ExternalLocationPostProcessing.ql \ No newline at end of file diff --git a/rust/ql/test/library-tests/operations/Cargo.lock b/rust/ql/test/library-tests/elements/operations/Cargo.lock similarity index 100% rename from rust/ql/test/library-tests/operations/Cargo.lock rename to rust/ql/test/library-tests/elements/operations/Cargo.lock diff --git a/rust/ql/test/library-tests/elements/operations/Operations.expected b/rust/ql/test/library-tests/elements/operations/Operations.expected new file mode 100644 index 00000000000..e69de29bb2d diff --git a/rust/ql/test/library-tests/operations/Operations.ql b/rust/ql/test/library-tests/elements/operations/Operations.ql similarity index 100% rename from rust/ql/test/library-tests/operations/Operations.ql rename to rust/ql/test/library-tests/elements/operations/Operations.ql diff --git a/rust/ql/test/library-tests/operations/test.rs b/rust/ql/test/library-tests/elements/operations/test.rs similarity index 100% rename from rust/ql/test/library-tests/operations/test.rs rename to rust/ql/test/library-tests/elements/operations/test.rs diff --git a/rust/ql/test/library-tests/elements/stmtlist/Cargo.lock b/rust/ql/test/library-tests/elements/stmtlist/Cargo.lock new file mode 100644 index 00000000000..b9856cfaf77 --- /dev/null +++ b/rust/ql/test/library-tests/elements/stmtlist/Cargo.lock @@ -0,0 +1,7 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +version = 4 + +[[package]] +name = "test" +version = "0.0.1" diff --git a/rust/ql/test/library-tests/elements/stmtlist/StmtList.expected b/rust/ql/test/library-tests/elements/stmtlist/StmtList.expected new file mode 100644 index 00000000000..820b1a76dc9 --- /dev/null +++ b/rust/ql/test/library-tests/elements/stmtlist/StmtList.expected @@ -0,0 +1,9 @@ +| StmtList.rs:4:19:9:1 | StmtList | 2 | hasTailExpr | 0:let ... = 1, 1:let ... = 2, 2:... + ... | +| StmtList.rs:11:18:15:1 | StmtList | 2 | | 0:let ... = 1, 1:let ... = 2 | +| StmtList.rs:17:19:20:1 | StmtList | 0 | hasTailExpr | 0:... + ... | +| StmtList.rs:22:18:25:1 | StmtList | 1 | | 0:ExprStmt | +| StmtList.rs:27:18:29:1 | StmtList | 0 | | | +| StmtList.rs:31:18:34:1 | StmtList | 0 | | | +| StmtList.rs:36:29:43:1 | StmtList | 0 | hasTailExpr | 0:if cond {...} else {...} | +| StmtList.rs:38:10:40:2 | StmtList | 0 | hasTailExpr | 0:1 | +| StmtList.rs:40:9:42:2 | StmtList | 0 | hasTailExpr | 0:2 | diff --git a/rust/ql/test/library-tests/elements/stmtlist/StmtList.ql b/rust/ql/test/library-tests/elements/stmtlist/StmtList.ql new file mode 100644 index 00000000000..048dcd06d6e --- /dev/null +++ b/rust/ql/test/library-tests/elements/stmtlist/StmtList.ql @@ -0,0 +1,13 @@ +import rust +import TestUtils + +from StmtList sl, string tail +where + toBeTested(sl) and + if sl.hasTailExpr() then tail = "hasTailExpr" else tail = "" +select sl, sl.getNumberOfStatements(), tail, + concat(int i, AstNode n | + n = sl.getStmtOrExpr(i) + | + i.toString() + ":" + n.toString(), ", " order by i + ) diff --git a/rust/ql/test/library-tests/elements/stmtlist/StmtList.rs b/rust/ql/test/library-tests/elements/stmtlist/StmtList.rs new file mode 100644 index 00000000000..1437f2afb26 --- /dev/null +++ b/rust/ql/test/library-tests/elements/stmtlist/StmtList.rs @@ -0,0 +1,43 @@ + +// --- tests --- + +fn test1() -> i32 { + // two statements + tail expression + let a = 1; + let b = 2; + a + b +} + +fn test2() -> () { + // two statements only + let a = 1; + let b = 2; +} + +fn test3() -> i32 { + // tail expression only + 1 + 2 +} + +fn test4() -> () { + // one statement only + 1 + 2; +} + +fn test5() -> () { + // neither +} + +fn test6() -> () { + // neither + ; +} + +fn test7(cond: bool) -> i32 { + // nested blocks + if cond { + 1 + } else { + 2 + } +} diff --git a/rust/ql/test/library-tests/path-resolution/CONSISTENCY/PathResolutionConsistency.expected b/rust/ql/test/library-tests/path-resolution/CONSISTENCY/PathResolutionConsistency.expected index 7a3fd01dbc7..68c19fa671d 100644 --- a/rust/ql/test/library-tests/path-resolution/CONSISTENCY/PathResolutionConsistency.expected +++ b/rust/ql/test/library-tests/path-resolution/CONSISTENCY/PathResolutionConsistency.expected @@ -1,3 +1,2 @@ multipleCallTargets -| main.rs:124:9:124:11 | f(...) | -| proc_macro.rs:9:5:9:10 | ...::new(...) | +| main.rs:125:9:125:11 | f(...) | diff --git a/rust/ql/test/library-tests/path-resolution/main.rs b/rust/ql/test/library-tests/path-resolution/main.rs index 9051f7f8412..037527c71be 100644 --- a/rust/ql/test/library-tests/path-resolution/main.rs +++ b/rust/ql/test/library-tests/path-resolution/main.rs @@ -18,16 +18,16 @@ use my2::nested8_f; // $ item=I119 mod m1 { fn f() { - println!("main.rs::m1::f"); + println!("main.rs::m1::f"); // $ item=println } // I16 pub mod m2 { fn f() { - println!("main.rs::m1::m2::f"); + println!("main.rs::m1::m2::f"); // $ item=println } // I18 pub fn g() { - println!("main.rs::m1::m2::g"); + println!("main.rs::m1::m2::g"); // $ item=println f(); // $ item=I18 super::f(); // $ item=I16 } // I19 @@ -35,7 +35,7 @@ mod m1 { pub mod m3 { use super::f; // $ item=I18 pub fn h() { - println!("main.rs::m1::m2::m3::h"); + println!("main.rs::m1::m2::m3::h"); // $ item=println f(); // $ item=I18 } // I21 } // I20 @@ -46,7 +46,7 @@ mod m4 { use super::m1::m2::g; // $ item=I19 pub fn i() { - println!("main.rs::m4::i"); + println!("main.rs::m4::i"); // $ item=println g(); // $ item=I19 } // I23 } // I22 @@ -54,7 +54,7 @@ mod m4 { struct Foo {} // I24 fn h() { - println!("main.rs::h"); + println!("main.rs::h"); // $ item=println struct Foo {} // I26 @@ -63,7 +63,7 @@ fn h() { g(); // $ item=I19 struct Foo {} // I28 - println!("main.rs::h::f"); + println!("main.rs::h::f"); // $ item=println let _ = Foo {}; // $ item=I28 } // I27 @@ -75,7 +75,7 @@ fn h() { } // I25 fn i() { - println!("main.rs::i"); + println!("main.rs::i"); // $ item=println let _ = Foo {}; // $ item=I24 @@ -101,24 +101,25 @@ macro_rules! fn_in_macro { } fn j() { - println!("main.rs::j"); - fn_in_macro!(println!("main.rs::j::f")); + println!("main.rs::j"); // $ item=println + fn_in_macro!(println!("main.rs::j::f")); // $ item=fn_in_macro item=println f_defined_in_macro(); // $ item=f_defined_in_macro } // I31 mod m5 { pub fn f() { - println!("main.rs::m5::f"); + println!("main.rs::m5::f"); // $ item=println } // I33 } // I32 mod m6 { fn f() { - println!("main.rs::m6::f"); + println!("main.rs::m6::f"); // $ item=println } // I35 pub fn g() { - println!("main.rs::m6::g"); + println!("main.rs::m6::g"); // $ item=println + // this import shadows the definition `I35`, which we don't currently handle use super::m5::*; // $ item=I32 f(); // $ item=I33 $ SPURIOUS: item=I35 @@ -139,7 +140,7 @@ mod m7 { #[rustfmt::skip] pub fn f() -> MyEnum // $ item=I41 { - println!("main.rs::m7::f"); + println!("main.rs::m7::f"); // $ item=println let _ = MyEnum::A(0); // $ item=I42 let _ = MyEnum::B { x: 0 }; // $ item=I43 MyEnum::C // $ item=I44 @@ -151,7 +152,7 @@ mod m8 { fn f(&self); // I48 fn g(&self) { - println!("main.rs::m8::MyTrait::g"); + println!("main.rs::m8::MyTrait::g"); // $ item=println f(); // $ item=I51 Self::f(self); // $ item=I48 } // I49 @@ -160,26 +161,26 @@ mod m8 { struct MyStruct {} // I50 fn f() { - println!("main.rs::m8::f"); + println!("main.rs::m8::f"); // $ item=println } // I51 #[rustfmt::skip] impl MyTrait for MyStruct { // $ item=I47 item=I50 fn f(&self) { - println!("main.rs::m8::::f"); + println!("main.rs::m8::::f"); // $ item=println f(); // $ item=I51 Self::g(self); // $ item=I54 } // I53 fn g(&self) { - println!("main.rs::m8::::g"); + println!("main.rs::m8::::g"); // $ item=println } // I54 } // I52 #[rustfmt::skip] impl MyStruct { // $ item=I50 fn h(&self) { - println!("main.rs::m8::MyStruct::h"); + println!("main.rs::m8::MyStruct::h"); // $ item=println f(); // $ item=I51 } // I74 } // I73 @@ -207,7 +208,7 @@ mod m9 { #[rustfmt::skip] pub fn f() -> self::MyStruct { // $ item=I56 - println!("main.rs::m9::f"); + println!("main.rs::m9::f"); // $ item=println self::MyStruct {} // $ item=I56 } // I57 } @@ -312,7 +313,7 @@ mod m15 { trait Trait2 : Trait1 { // $ item=I79 fn f(&self) { - println!("m15::Trait2::f"); + println!("m15::Trait2::f"); // $ item=println Self::g(self); // $ item=I80 self.g(); // $ item=I80 } @@ -339,13 +340,13 @@ mod m15 { impl Trait1 // $ item=I79 for S { // $ item=I81 fn f(&self) { - println!("m15::::f"); + println!("m15::::f"); // $ item=println Self::g(self); // $ item=I77 self.g(); // $ item=I77 } // I76 fn g(&self) { - println!("m15::::g"); + println!("m15::::g"); // $ item=println } // I77 } @@ -353,13 +354,13 @@ mod m15 { impl Trait2 // $ item=I82 for S { // $ item=I81 fn f(&self) { - println!("m15::::f"); + println!("m15::::f"); // $ item=println } // I78 } #[rustfmt::skip] pub fn f() { - println!("m15::f"); + println!("m15::f"); // $ item=println let x = S; // $ item=I81 { // $ item=I86 fn f(&self) -> T { // $ item=I87 - println!("m16::Trait2::f"); + println!("m16::Trait2::f"); // $ item=println Self::g(self); // $ item=I85 self.g(); // $ item=I85 Self::c // $ item=I94 @@ -414,13 +415,13 @@ mod m16 { > // $ item=I86 for S { // $ item=I90 fn f(&self) -> S { // $ item=I90 - println!("m16::>::f"); + println!("m16::>::f"); // $ item=println Self::g(self); // $ item=I92 self.g() // $ item=I92 } // I91 fn g(&self) -> S { // $ item=I90 - println!("m16::>::g"); + println!("m16::>::g"); // $ item=println Self::c // $ item=I95 } // I92 @@ -434,14 +435,14 @@ mod m16 { > // $ item=I89 for S { // $ item=I90 fn f(&self) -> S { // $ item=I90 - println!("m16::>::f"); + println!("m16::>::f"); // $ item=println Self::c // $ MISSING: item=I95 } // I93 } #[rustfmt::skip] pub fn f() { - println!("m16::f"); + println!("m16::f"); // $ item=println let x = S; // $ item=I90 // $ item=I2 for S { // $ item=I4 fn f(&self) { - println!("m23::>::f"); + println!("m23::>::f"); // $ item=println } // I5 } @@ -667,14 +668,14 @@ mod m24 { #[rustfmt::skip] impl TraitA for Implementor { // $ item=I111 item=I118 fn trait_a_method(&self) { - println!("TraitA method called"); + println!("TraitA method called"); // $ item=println } // I119 } #[rustfmt::skip] impl TraitB for Implementor { // $ item=I113 item=I118 fn trait_b_method(&self) { - println!("TraitB method called"); + println!("TraitB method called"); // $ item=println } // I120 } diff --git a/rust/ql/test/library-tests/path-resolution/my.rs b/rust/ql/test/library-tests/path-resolution/my.rs index af2d35ed275..612e40d493f 100644 --- a/rust/ql/test/library-tests/path-resolution/my.rs +++ b/rust/ql/test/library-tests/path-resolution/my.rs @@ -3,11 +3,11 @@ pub mod nested; // I37 use nested::g; // $ item=I7 pub fn f() { - println!("my.rs::f"); + println!("my.rs::f"); // $ item=println } // I38 pub fn h() { - println!("my.rs::h"); + println!("my.rs::h"); // $ item=println g(); // $ item=I7 } // I39 diff --git a/rust/ql/test/library-tests/path-resolution/my/my4/my5/mod.rs b/rust/ql/test/library-tests/path-resolution/my/my4/my5/mod.rs index 25a94fee7c1..dbaf9a43be8 100644 --- a/rust/ql/test/library-tests/path-resolution/my/my4/my5/mod.rs +++ b/rust/ql/test/library-tests/path-resolution/my/my4/my5/mod.rs @@ -1,3 +1,3 @@ pub fn f() { - println!("my/my4/my5/mod.rs::f"); + println!("my/my4/my5/mod.rs::f"); // $ item=println } // I201 diff --git a/rust/ql/test/library-tests/path-resolution/my/nested.rs b/rust/ql/test/library-tests/path-resolution/my/nested.rs index 639ed241ae3..d3c425e6a24 100644 --- a/rust/ql/test/library-tests/path-resolution/my/nested.rs +++ b/rust/ql/test/library-tests/path-resolution/my/nested.rs @@ -1,22 +1,22 @@ pub mod nested1 { pub mod nested2 { pub fn f() { - println!("nested.rs:nested1::nested2::f"); + println!("nested.rs:nested1::nested2::f"); // $ item=println } // I4 fn g() { - println!("nested.rs:nested1::nested2::g"); + println!("nested.rs:nested1::nested2::g"); // $ item=println f(); // $ item=I4 } // I5 } // I3 fn g() { - println!("nested.rs:nested1::g"); + println!("nested.rs:nested1::g"); // $ item=println nested2::f(); // $ item=I4 } // I6 } // I1 pub fn g() { - println!("nested.rs::g"); + println!("nested.rs::g"); // $ item=println nested1::nested2::f(); // $ item=I4 } // I7 diff --git a/rust/ql/test/library-tests/path-resolution/my2/mod.rs b/rust/ql/test/library-tests/path-resolution/my2/mod.rs index 6b86c78237c..c16d93216b0 100644 --- a/rust/ql/test/library-tests/path-resolution/my2/mod.rs +++ b/rust/ql/test/library-tests/path-resolution/my2/mod.rs @@ -1,7 +1,7 @@ pub mod nested2; // I8 fn g() { - println!("my2/mod.rs::g"); + println!("my2/mod.rs::g"); // $ item=println nested2::nested3::nested4::f(); // $ item=I12 } // I9 diff --git a/rust/ql/test/library-tests/path-resolution/my2/my3/mod.rs b/rust/ql/test/library-tests/path-resolution/my2/my3/mod.rs index 169aeed6b28..d15877f8107 100644 --- a/rust/ql/test/library-tests/path-resolution/my2/my3/mod.rs +++ b/rust/ql/test/library-tests/path-resolution/my2/my3/mod.rs @@ -1,5 +1,5 @@ pub fn f() { - println!("my2/my3/mod.rs::f"); + println!("my2/my3/mod.rs::f"); // $ item=println g(); // $ item=I9 h(); // $ item=I25 } // I200 diff --git a/rust/ql/test/library-tests/path-resolution/my2/nested2.rs b/rust/ql/test/library-tests/path-resolution/my2/nested2.rs index 47fed6d4299..318eb7e250a 100644 --- a/rust/ql/test/library-tests/path-resolution/my2/nested2.rs +++ b/rust/ql/test/library-tests/path-resolution/my2/nested2.rs @@ -1,11 +1,11 @@ pub mod nested3 { pub mod nested4 { pub fn f() { - println!("nested2.rs::nested3::nested4::f"); + println!("nested2.rs::nested3::nested4::f"); // $ item=println } // I12 pub fn g() { - println!("nested2.rs::nested3::nested4::g"); + println!("nested2.rs::nested3::nested4::g"); // $ item=println } // I13 } // I11 } // I10 @@ -13,7 +13,7 @@ pub mod nested3 { pub mod nested5 { pub mod nested6 { pub fn f() { - println!("nested2.rs::nested5::nested6::f"); + println!("nested2.rs::nested5::nested6::f"); // $ item=println } // I116 } // I115 } // I114 @@ -21,7 +21,7 @@ pub mod nested5 { pub mod nested7 { pub mod nested8 { pub fn f() { - println!("nested2.rs::nested7::nested8::f"); + println!("nested2.rs::nested7::nested8::f"); // $ item=println } // I119 } // I118 } // I117 diff --git a/rust/ql/test/library-tests/path-resolution/path-resolution.expected b/rust/ql/test/library-tests/path-resolution/path-resolution.expected index 9315016fe6a..bb9a456a42c 100644 --- a/rust/ql/test/library-tests/path-resolution/path-resolution.expected +++ b/rust/ql/test/library-tests/path-resolution/path-resolution.expected @@ -7,31 +7,31 @@ mod | main.rs:35:9:41:9 | mod m3 | | main.rs:45:1:52:1 | mod m4 | | main.rs:109:1:113:1 | mod m5 | -| main.rs:115:1:126:1 | mod m6 | -| main.rs:128:1:147:1 | mod m7 | -| main.rs:149:1:203:1 | mod m8 | -| main.rs:205:1:213:1 | mod m9 | -| main.rs:215:1:234:1 | mod m10 | -| main.rs:236:1:273:1 | mod m11 | -| main.rs:246:5:246:12 | mod f | -| main.rs:275:1:287:1 | mod m12 | -| main.rs:289:1:302:1 | mod m13 | -| main.rs:293:5:301:5 | mod m14 | -| main.rs:304:1:373:1 | mod m15 | -| main.rs:375:1:467:1 | mod m16 | -| main.rs:469:1:519:1 | mod trait_visibility | -| main.rs:470:5:492:5 | mod m | -| main.rs:521:1:551:1 | mod m17 | -| main.rs:553:1:571:1 | mod m18 | -| main.rs:558:5:570:5 | mod m19 | -| main.rs:563:9:569:9 | mod m20 | -| main.rs:573:1:598:1 | mod m21 | -| main.rs:574:5:580:5 | mod m22 | -| main.rs:582:5:597:5 | mod m33 | -| main.rs:600:1:625:1 | mod m23 | -| main.rs:627:1:695:1 | mod m24 | -| main.rs:712:1:764:1 | mod associated_types | -| main.rs:770:1:789:1 | mod impl_with_attribute_macro | +| main.rs:115:1:127:1 | mod m6 | +| main.rs:129:1:148:1 | mod m7 | +| main.rs:150:1:204:1 | mod m8 | +| main.rs:206:1:214:1 | mod m9 | +| main.rs:216:1:235:1 | mod m10 | +| main.rs:237:1:274:1 | mod m11 | +| main.rs:247:5:247:12 | mod f | +| main.rs:276:1:288:1 | mod m12 | +| main.rs:290:1:303:1 | mod m13 | +| main.rs:294:5:302:5 | mod m14 | +| main.rs:305:1:374:1 | mod m15 | +| main.rs:376:1:468:1 | mod m16 | +| main.rs:470:1:520:1 | mod trait_visibility | +| main.rs:471:5:493:5 | mod m | +| main.rs:522:1:552:1 | mod m17 | +| main.rs:554:1:572:1 | mod m18 | +| main.rs:559:5:571:5 | mod m19 | +| main.rs:564:9:570:9 | mod m20 | +| main.rs:574:1:599:1 | mod m21 | +| main.rs:575:5:581:5 | mod m22 | +| main.rs:583:5:598:5 | mod m33 | +| main.rs:601:1:626:1 | mod m23 | +| main.rs:628:1:696:1 | mod m24 | +| main.rs:713:1:765:1 | mod associated_types | +| main.rs:771:1:790:1 | mod impl_with_attribute_macro | | my2/mod.rs:1:1:1:16 | mod nested2 | | my2/mod.rs:20:1:20:12 | mod my3 | | my2/mod.rs:22:1:23:10 | mod mymod | @@ -61,26 +61,34 @@ resolvePath | main.rs:14:5:14:5 | g | my2/nested2.rs:7:9:9:9 | fn g | | main.rs:17:5:17:7 | my2 | main.rs:7:1:7:8 | mod my2 | | main.rs:17:5:17:18 | ...::nested8_f | my2/nested2.rs:23:9:25:9 | fn f | +| main.rs:21:9:21:15 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:26:13:26:19 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:30:13:30:19 | println | {EXTERNAL LOCATION} | MacroRules | | main.rs:31:13:31:13 | f | main.rs:25:9:27:9 | fn f | | main.rs:32:13:32:17 | super | main.rs:19:1:43:1 | mod m1 | | main.rs:32:13:32:20 | ...::f | main.rs:20:5:22:5 | fn f | | main.rs:36:17:36:21 | super | main.rs:24:5:42:5 | mod m2 | | main.rs:36:17:36:24 | ...::f | main.rs:25:9:27:9 | fn f | +| main.rs:38:17:38:23 | println | {EXTERNAL LOCATION} | MacroRules | | main.rs:39:17:39:17 | f | main.rs:25:9:27:9 | fn f | -| main.rs:46:9:46:13 | super | main.rs:1:1:826:2 | SourceFile | +| main.rs:46:9:46:13 | super | main.rs:1:1:827:2 | SourceFile | | main.rs:46:9:46:17 | ...::m1 | main.rs:19:1:43:1 | mod m1 | | main.rs:46:9:46:21 | ...::m2 | main.rs:24:5:42:5 | mod m2 | | main.rs:46:9:46:24 | ...::g | main.rs:29:9:33:9 | fn g | +| main.rs:49:9:49:15 | println | {EXTERNAL LOCATION} | MacroRules | | main.rs:50:9:50:9 | g | main.rs:29:9:33:9 | fn g | +| main.rs:57:5:57:11 | println | {EXTERNAL LOCATION} | MacroRules | | main.rs:62:13:62:14 | m1 | main.rs:19:1:43:1 | mod m1 | | main.rs:62:13:62:18 | ...::m2 | main.rs:24:5:42:5 | mod m2 | | main.rs:62:13:62:21 | ...::g | main.rs:29:9:33:9 | fn g | | main.rs:63:9:63:9 | g | main.rs:29:9:33:9 | fn g | +| main.rs:66:9:66:15 | println | {EXTERNAL LOCATION} | MacroRules | | main.rs:67:17:67:19 | Foo | main.rs:65:9:65:21 | struct Foo | | main.rs:70:13:70:15 | Foo | main.rs:59:5:59:17 | struct Foo | | main.rs:72:5:72:5 | f | main.rs:61:5:68:5 | fn f | -| main.rs:74:5:74:8 | self | main.rs:1:1:826:2 | SourceFile | +| main.rs:74:5:74:8 | self | main.rs:1:1:827:2 | SourceFile | | main.rs:74:5:74:11 | ...::i | main.rs:77:1:89:1 | fn i | +| main.rs:78:5:78:11 | println | {EXTERNAL LOCATION} | MacroRules | | main.rs:80:13:80:15 | Foo | main.rs:54:1:54:13 | struct Foo | | main.rs:84:16:84:18 | i32 | {EXTERNAL LOCATION} | struct i32 | | main.rs:87:17:87:19 | Foo | main.rs:83:9:85:9 | struct Foo | @@ -93,338 +101,371 @@ resolvePath | main.rs:93:57:93:63 | nested4 | my2/nested2.rs:2:5:10:5 | mod nested4 | | main.rs:93:57:93:66 | ...::g | my2/nested2.rs:7:9:9:9 | fn g | | main.rs:93:80:93:86 | nested4 | my2/nested2.rs:2:5:10:5 | mod nested4 | +| main.rs:104:5:104:11 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:105:5:105:15 | fn_in_macro | main.rs:95:1:101:1 | MacroRules | +| main.rs:105:18:105:24 | println | {EXTERNAL LOCATION} | MacroRules | | main.rs:106:5:106:22 | f_defined_in_macro | main.rs:105:18:105:42 | fn f_defined_in_macro | -| main.rs:123:13:123:17 | super | main.rs:1:1:826:2 | SourceFile | -| main.rs:123:13:123:21 | ...::m5 | main.rs:109:1:113:1 | mod m5 | -| main.rs:124:9:124:9 | f | main.rs:110:5:112:5 | fn f | -| main.rs:124:9:124:9 | f | main.rs:116:5:118:5 | fn f | -| main.rs:131:13:131:15 | i32 | {EXTERNAL LOCATION} | struct i32 | -| main.rs:134:16:134:18 | i32 | {EXTERNAL LOCATION} | struct i32 | -| main.rs:140:19:140:24 | MyEnum | main.rs:129:5:137:5 | enum MyEnum | -| main.rs:143:17:143:22 | MyEnum | main.rs:129:5:137:5 | enum MyEnum | -| main.rs:143:17:143:25 | ...::A | main.rs:130:9:132:9 | A | -| main.rs:144:17:144:22 | MyEnum | main.rs:129:5:137:5 | enum MyEnum | -| main.rs:144:17:144:25 | ...::B | main.rs:132:12:135:9 | B | -| main.rs:145:9:145:14 | MyEnum | main.rs:129:5:137:5 | enum MyEnum | -| main.rs:145:9:145:17 | ...::C | main.rs:135:12:136:9 | C | -| main.rs:155:13:155:13 | f | main.rs:162:5:164:5 | fn f | -| main.rs:156:13:156:16 | Self | main.rs:150:5:158:5 | trait MyTrait | -| main.rs:156:13:156:19 | ...::f | main.rs:151:9:151:20 | fn f | -| main.rs:167:10:167:16 | MyTrait | main.rs:150:5:158:5 | trait MyTrait | -| main.rs:167:22:167:29 | MyStruct | main.rs:160:5:160:22 | struct MyStruct | -| main.rs:170:13:170:13 | f | main.rs:162:5:164:5 | fn f | -| main.rs:171:13:171:16 | Self | main.rs:166:5:177:5 | impl MyTrait for MyStruct { ... } | -| main.rs:171:13:171:19 | ...::g | main.rs:174:9:176:9 | fn g | -| main.rs:180:10:180:17 | MyStruct | main.rs:160:5:160:22 | struct MyStruct | -| main.rs:183:13:183:13 | f | main.rs:162:5:164:5 | fn f | -| main.rs:189:17:189:24 | MyStruct | main.rs:160:5:160:22 | struct MyStruct | -| main.rs:190:9:190:15 | MyTrait | main.rs:150:5:158:5 | trait MyTrait | -| main.rs:190:9:190:18 | ...::f | main.rs:151:9:151:20 | fn f | -| main.rs:191:9:191:16 | MyStruct | main.rs:160:5:160:22 | struct MyStruct | -| main.rs:191:9:191:19 | ...::f | main.rs:167:33:172:9 | fn f | -| main.rs:192:10:192:17 | MyStruct | main.rs:160:5:160:22 | struct MyStruct | -| main.rs:193:10:193:16 | MyTrait | main.rs:150:5:158:5 | trait MyTrait | -| main.rs:196:17:196:24 | MyStruct | main.rs:160:5:160:22 | struct MyStruct | -| main.rs:198:17:198:24 | MyStruct | main.rs:160:5:160:22 | struct MyStruct | -| main.rs:200:9:200:16 | MyStruct | main.rs:160:5:160:22 | struct MyStruct | -| main.rs:200:9:200:19 | ...::h | main.rs:180:21:184:9 | fn h | -| main.rs:209:19:209:22 | self | main.rs:205:1:213:1 | mod m9 | -| main.rs:209:19:209:32 | ...::MyStruct | main.rs:206:5:206:26 | struct MyStruct | -| main.rs:211:9:211:12 | self | main.rs:205:1:213:1 | mod m9 | -| main.rs:211:9:211:22 | ...::MyStruct | main.rs:206:5:206:26 | struct MyStruct | -| main.rs:221:12:221:12 | T | main.rs:218:7:218:7 | T | -| main.rs:226:12:226:12 | T | main.rs:225:14:225:14 | T | -| main.rs:228:7:230:7 | MyStruct::<...> | main.rs:216:5:222:5 | struct MyStruct | -| main.rs:229:9:229:9 | T | main.rs:225:14:225:14 | T | -| main.rs:232:9:232:16 | MyStruct | main.rs:216:5:222:5 | struct MyStruct | -| main.rs:242:17:242:19 | Foo | main.rs:237:5:237:21 | struct Foo | -| main.rs:243:9:243:11 | Foo | main.rs:239:5:239:15 | fn Foo | -| main.rs:252:9:252:11 | Bar | main.rs:248:5:250:5 | enum Bar | -| main.rs:252:9:252:19 | ...::FooBar | main.rs:249:9:249:17 | FooBar | -| main.rs:257:13:257:15 | Foo | main.rs:237:5:237:21 | struct Foo | -| main.rs:258:17:258:22 | FooBar | main.rs:249:9:249:17 | FooBar | -| main.rs:259:17:259:22 | FooBar | main.rs:254:5:254:18 | fn FooBar | -| main.rs:267:9:267:9 | E | main.rs:262:15:265:5 | enum E | -| main.rs:267:9:267:12 | ...::C | main.rs:264:9:264:9 | C | -| main.rs:270:17:270:17 | S | main.rs:262:5:262:13 | struct S | -| main.rs:271:17:271:17 | C | main.rs:264:9:264:9 | C | -| main.rs:284:16:284:16 | T | main.rs:278:7:278:7 | T | -| main.rs:285:14:285:17 | Self | main.rs:276:5:286:5 | trait MyParamTrait | -| main.rs:285:14:285:33 | ...::AssociatedType | main.rs:280:9:280:28 | type AssociatedType | -| main.rs:294:13:294:16 | zelf | main.rs:0:0:0:0 | Crate(main@0.0.1) | -| main.rs:294:13:294:21 | ...::m13 | main.rs:289:1:302:1 | mod m13 | -| main.rs:294:13:294:24 | ...::f | main.rs:290:5:290:17 | fn f | -| main.rs:294:13:294:24 | ...::f | main.rs:290:19:291:19 | struct f | -| main.rs:297:17:297:17 | f | main.rs:290:19:291:19 | struct f | -| main.rs:298:21:298:21 | f | main.rs:290:19:291:19 | struct f | -| main.rs:299:13:299:13 | f | main.rs:290:5:290:17 | fn f | -| main.rs:313:9:313:14 | Trait1 | main.rs:305:5:309:5 | trait Trait1 | -| main.rs:316:13:316:16 | Self | main.rs:311:5:319:5 | trait Trait2 | -| main.rs:316:13:316:19 | ...::g | main.rs:308:9:308:20 | fn g | -| main.rs:326:9:326:12 | Self | main.rs:321:5:334:5 | trait Trait3 | -| main.rs:326:15:326:20 | Trait1 | main.rs:305:5:309:5 | trait Trait1 | -| main.rs:327:9:327:10 | TT | main.rs:323:9:323:10 | TT | -| main.rs:327:13:327:18 | Trait1 | main.rs:305:5:309:5 | trait Trait1 | -| main.rs:329:25:329:26 | TT | main.rs:323:9:323:10 | TT | -| main.rs:330:13:330:16 | Self | main.rs:321:5:334:5 | trait Trait3 | -| main.rs:330:13:330:19 | ...::g | main.rs:308:9:308:20 | fn g | -| main.rs:331:13:331:14 | TT | main.rs:323:9:323:10 | TT | -| main.rs:331:13:331:17 | ...::g | main.rs:308:9:308:20 | fn g | -| main.rs:339:10:339:15 | Trait1 | main.rs:305:5:309:5 | trait Trait1 | -| main.rs:340:11:340:11 | S | main.rs:336:5:336:13 | struct S | -| main.rs:343:13:343:16 | Self | main.rs:338:5:350:5 | impl Trait1 for S { ... } | -| main.rs:343:13:343:19 | ...::g | main.rs:347:9:349:9 | fn g | -| main.rs:353:10:353:15 | Trait2 | main.rs:311:5:319:5 | trait Trait2 | -| main.rs:354:11:354:11 | S | main.rs:336:5:336:13 | struct S | -| main.rs:363:17:363:17 | S | main.rs:336:5:336:13 | struct S | -| main.rs:364:10:364:10 | S | main.rs:336:5:336:13 | struct S | -| main.rs:365:14:365:19 | Trait1 | main.rs:305:5:309:5 | trait Trait1 | -| main.rs:367:10:367:10 | S | main.rs:336:5:336:13 | struct S | -| main.rs:368:14:368:19 | Trait2 | main.rs:311:5:319:5 | trait Trait2 | -| main.rs:370:9:370:9 | S | main.rs:336:5:336:13 | struct S | -| main.rs:370:9:370:12 | ...::g | main.rs:347:9:349:9 | fn g | -| main.rs:380:24:380:24 | T | main.rs:378:7:378:7 | T | -| main.rs:382:24:382:24 | T | main.rs:378:7:378:7 | T | -| main.rs:385:24:385:24 | T | main.rs:378:7:378:7 | T | -| main.rs:386:13:386:16 | Self | main.rs:376:5:392:5 | trait Trait1 | -| main.rs:386:13:386:19 | ...::g | main.rs:382:9:383:9 | fn g | -| main.rs:390:18:390:18 | T | main.rs:378:7:378:7 | T | -| main.rs:398:9:400:9 | Trait1::<...> | main.rs:376:5:392:5 | trait Trait1 | -| main.rs:399:11:399:11 | T | main.rs:396:7:396:7 | T | -| main.rs:401:24:401:24 | T | main.rs:396:7:396:7 | T | -| main.rs:403:13:403:16 | Self | main.rs:394:5:407:5 | trait Trait2 | -| main.rs:403:13:403:19 | ...::g | main.rs:382:9:383:9 | fn g | -| main.rs:405:13:405:16 | Self | main.rs:394:5:407:5 | trait Trait2 | -| main.rs:405:13:405:19 | ...::c | main.rs:390:9:391:9 | Const | -| main.rs:412:10:414:5 | Trait1::<...> | main.rs:376:5:392:5 | trait Trait1 | -| main.rs:413:7:413:7 | S | main.rs:409:5:409:13 | struct S | -| main.rs:415:11:415:11 | S | main.rs:409:5:409:13 | struct S | -| main.rs:416:24:416:24 | S | main.rs:409:5:409:13 | struct S | -| main.rs:418:13:418:16 | Self | main.rs:411:5:429:5 | impl Trait1::<...> for S { ... } | -| main.rs:418:13:418:19 | ...::g | main.rs:422:9:425:9 | fn g | -| main.rs:422:24:422:24 | S | main.rs:409:5:409:13 | struct S | -| main.rs:424:13:424:16 | Self | main.rs:411:5:429:5 | impl Trait1::<...> for S { ... } | -| main.rs:424:13:424:19 | ...::c | main.rs:427:9:428:9 | Const | -| main.rs:427:18:427:18 | S | main.rs:409:5:409:13 | struct S | -| main.rs:427:22:427:22 | S | main.rs:409:5:409:13 | struct S | -| main.rs:432:10:434:5 | Trait2::<...> | main.rs:394:5:407:5 | trait Trait2 | -| main.rs:433:7:433:7 | S | main.rs:409:5:409:13 | struct S | -| main.rs:435:11:435:11 | S | main.rs:409:5:409:13 | struct S | -| main.rs:436:24:436:24 | S | main.rs:409:5:409:13 | struct S | -| main.rs:438:13:438:16 | Self | main.rs:431:5:440:5 | impl Trait2::<...> for S { ... } | -| main.rs:445:17:445:17 | S | main.rs:409:5:409:13 | struct S | -| main.rs:446:10:446:10 | S | main.rs:409:5:409:13 | struct S | -| main.rs:447:14:449:11 | Trait1::<...> | main.rs:376:5:392:5 | trait Trait1 | -| main.rs:448:13:448:13 | S | main.rs:409:5:409:13 | struct S | -| main.rs:451:10:451:10 | S | main.rs:409:5:409:13 | struct S | -| main.rs:452:14:454:11 | Trait2::<...> | main.rs:394:5:407:5 | trait Trait2 | -| main.rs:453:13:453:13 | S | main.rs:409:5:409:13 | struct S | -| main.rs:456:9:456:9 | S | main.rs:409:5:409:13 | struct S | -| main.rs:456:9:456:12 | ...::g | main.rs:422:9:425:9 | fn g | -| main.rs:458:9:458:9 | S | main.rs:409:5:409:13 | struct S | -| main.rs:458:9:458:12 | ...::h | main.rs:385:9:388:9 | fn h | -| main.rs:460:9:460:9 | S | main.rs:409:5:409:13 | struct S | -| main.rs:460:9:460:12 | ...::c | main.rs:427:9:428:9 | Const | -| main.rs:461:10:461:10 | S | main.rs:409:5:409:13 | struct S | -| main.rs:462:14:464:11 | Trait1::<...> | main.rs:376:5:392:5 | trait Trait1 | -| main.rs:463:13:463:13 | S | main.rs:409:5:409:13 | struct S | -| main.rs:481:14:481:16 | Foo | main.rs:471:9:473:9 | trait Foo | -| main.rs:481:22:481:22 | X | main.rs:479:9:479:21 | struct X | -| main.rs:487:14:487:16 | Bar | main.rs:475:9:477:9 | trait Bar | -| main.rs:487:22:487:22 | X | main.rs:479:9:479:21 | struct X | -| main.rs:494:9:494:9 | m | main.rs:470:5:492:5 | mod m | -| main.rs:494:9:494:12 | ...::X | main.rs:479:9:479:21 | struct X | -| main.rs:497:17:497:17 | X | main.rs:479:9:479:21 | struct X | -| main.rs:500:17:500:17 | m | main.rs:470:5:492:5 | mod m | -| main.rs:500:17:500:22 | ...::Foo | main.rs:471:9:473:9 | trait Foo | -| main.rs:501:13:501:13 | X | main.rs:479:9:479:21 | struct X | -| main.rs:501:13:501:23 | ...::a_method | main.rs:481:26:484:13 | fn a_method | -| main.rs:505:17:505:17 | m | main.rs:470:5:492:5 | mod m | -| main.rs:505:17:505:22 | ...::Bar | main.rs:475:9:477:9 | trait Bar | -| main.rs:506:13:506:13 | X | main.rs:479:9:479:21 | struct X | -| main.rs:506:13:506:23 | ...::a_method | main.rs:487:26:490:13 | fn a_method | -| main.rs:510:17:510:17 | m | main.rs:470:5:492:5 | mod m | -| main.rs:510:17:510:22 | ...::Bar | main.rs:475:9:477:9 | trait Bar | -| main.rs:511:13:511:13 | X | main.rs:479:9:479:21 | struct X | -| main.rs:511:13:511:23 | ...::a_method | main.rs:487:26:490:13 | fn a_method | -| main.rs:516:13:516:13 | m | main.rs:470:5:492:5 | mod m | -| main.rs:516:13:516:18 | ...::Bar | main.rs:475:9:477:9 | trait Bar | -| main.rs:516:13:516:28 | ...::a_method | main.rs:476:13:476:31 | fn a_method | -| main.rs:529:10:529:16 | MyTrait | main.rs:522:5:524:5 | trait MyTrait | -| main.rs:530:9:530:9 | S | main.rs:526:5:526:13 | struct S | -| main.rs:538:7:538:13 | MyTrait | main.rs:522:5:524:5 | trait MyTrait | -| main.rs:539:10:539:10 | T | main.rs:537:10:537:10 | T | -| main.rs:541:9:541:9 | T | main.rs:537:10:537:10 | T | -| main.rs:541:9:541:12 | ...::f | main.rs:523:9:523:20 | fn f | -| main.rs:542:9:542:15 | MyTrait | main.rs:522:5:524:5 | trait MyTrait | -| main.rs:542:9:542:18 | ...::f | main.rs:523:9:523:20 | fn f | -| main.rs:547:9:547:9 | g | main.rs:536:5:543:5 | fn g | -| main.rs:548:11:548:11 | S | main.rs:526:5:526:13 | struct S | -| main.rs:566:17:566:21 | super | main.rs:558:5:570:5 | mod m19 | -| main.rs:566:17:566:24 | ...::f | main.rs:559:9:561:9 | fn f | -| main.rs:567:17:567:21 | super | main.rs:558:5:570:5 | mod m19 | -| main.rs:567:17:567:28 | ...::super | main.rs:553:1:571:1 | mod m18 | -| main.rs:567:17:567:31 | ...::f | main.rs:554:5:556:5 | fn f | -| main.rs:584:13:584:17 | super | main.rs:573:1:598:1 | mod m21 | -| main.rs:584:13:584:22 | ...::m22 | main.rs:574:5:580:5 | mod m22 | -| main.rs:584:13:584:30 | ...::MyEnum | main.rs:575:9:577:9 | enum MyEnum | -| main.rs:585:13:585:16 | self | main.rs:575:9:577:9 | enum MyEnum | -| main.rs:589:13:589:17 | super | main.rs:573:1:598:1 | mod m21 | -| main.rs:589:13:589:22 | ...::m22 | main.rs:574:5:580:5 | mod m22 | -| main.rs:589:13:589:32 | ...::MyStruct | main.rs:579:9:579:28 | struct MyStruct | -| main.rs:590:13:590:16 | self | main.rs:579:9:579:28 | struct MyStruct | -| main.rs:594:21:594:26 | MyEnum | main.rs:575:9:577:9 | enum MyEnum | -| main.rs:594:21:594:29 | ...::A | main.rs:576:13:576:13 | A | -| main.rs:595:21:595:28 | MyStruct | main.rs:579:9:579:28 | struct MyStruct | -| main.rs:611:10:613:5 | Trait1::<...> | main.rs:601:5:606:5 | trait Trait1 | -| main.rs:612:7:612:10 | Self | main.rs:608:5:608:13 | struct S | -| main.rs:614:11:614:11 | S | main.rs:608:5:608:13 | struct S | -| main.rs:622:17:622:17 | S | main.rs:608:5:608:13 | struct S | -| main.rs:638:15:638:15 | T | main.rs:637:26:637:26 | T | -| main.rs:643:9:643:24 | GenericStruct::<...> | main.rs:636:5:639:5 | struct GenericStruct | -| main.rs:643:23:643:23 | T | main.rs:642:10:642:10 | T | -| main.rs:645:9:645:9 | T | main.rs:642:10:642:10 | T | -| main.rs:645:12:645:17 | TraitA | main.rs:628:5:630:5 | trait TraitA | -| main.rs:654:9:654:24 | GenericStruct::<...> | main.rs:636:5:639:5 | struct GenericStruct | -| main.rs:654:23:654:23 | T | main.rs:653:10:653:10 | T | -| main.rs:656:9:656:9 | T | main.rs:653:10:653:10 | T | -| main.rs:656:12:656:17 | TraitB | main.rs:632:5:634:5 | trait TraitB | -| main.rs:657:9:657:9 | T | main.rs:653:10:653:10 | T | -| main.rs:657:12:657:17 | TraitA | main.rs:628:5:630:5 | trait TraitA | -| main.rs:668:10:668:15 | TraitA | main.rs:628:5:630:5 | trait TraitA | -| main.rs:668:21:668:31 | Implementor | main.rs:665:5:665:23 | struct Implementor | -| main.rs:675:10:675:15 | TraitB | main.rs:632:5:634:5 | trait TraitB | -| main.rs:675:21:675:31 | Implementor | main.rs:665:5:665:23 | struct Implementor | -| main.rs:683:24:683:34 | Implementor | main.rs:665:5:665:23 | struct Implementor | -| main.rs:684:23:684:35 | GenericStruct | main.rs:636:5:639:5 | struct GenericStruct | -| main.rs:690:9:690:36 | GenericStruct::<...> | main.rs:636:5:639:5 | struct GenericStruct | -| main.rs:690:9:690:50 | ...::call_trait_a | main.rs:647:9:649:9 | fn call_trait_a | -| main.rs:690:25:690:35 | Implementor | main.rs:665:5:665:23 | struct Implementor | -| main.rs:693:9:693:36 | GenericStruct::<...> | main.rs:636:5:639:5 | struct GenericStruct | -| main.rs:693:9:693:47 | ...::call_both | main.rs:659:9:662:9 | fn call_both | -| main.rs:693:25:693:35 | Implementor | main.rs:665:5:665:23 | struct Implementor | -| main.rs:699:3:699:12 | proc_macro | proc_macro.rs:0:0:0:0 | Crate(proc_macro@0.0.1) | -| main.rs:699:3:699:24 | ...::add_suffix | proc_macro.rs:4:1:13:1 | fn add_suffix | -| main.rs:703:6:703:12 | AStruct | main.rs:702:1:702:17 | struct AStruct | -| main.rs:705:7:705:16 | proc_macro | proc_macro.rs:0:0:0:0 | Crate(proc_macro@0.0.1) | -| main.rs:705:7:705:28 | ...::add_suffix | proc_macro.rs:4:1:13:1 | fn add_suffix | -| main.rs:708:7:708:16 | proc_macro | proc_macro.rs:0:0:0:0 | Crate(proc_macro@0.0.1) | -| main.rs:708:7:708:28 | ...::add_suffix | proc_macro.rs:4:1:13:1 | fn add_suffix | -| main.rs:713:9:713:11 | std | {EXTERNAL LOCATION} | Crate(std@0.0.0) | -| main.rs:713:9:713:19 | ...::marker | {EXTERNAL LOCATION} | mod marker | -| main.rs:713:9:713:32 | ...::PhantomData | {EXTERNAL LOCATION} | struct PhantomData | +| main.rs:111:9:111:15 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:117:9:117:15 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:121:9:121:15 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:124:13:124:17 | super | main.rs:1:1:827:2 | SourceFile | +| main.rs:124:13:124:21 | ...::m5 | main.rs:109:1:113:1 | mod m5 | +| main.rs:125:9:125:9 | f | main.rs:110:5:112:5 | fn f | +| main.rs:125:9:125:9 | f | main.rs:116:5:118:5 | fn f | +| main.rs:132:13:132:15 | i32 | {EXTERNAL LOCATION} | struct i32 | +| main.rs:135:16:135:18 | i32 | {EXTERNAL LOCATION} | struct i32 | +| main.rs:141:19:141:24 | MyEnum | main.rs:130:5:138:5 | enum MyEnum | +| main.rs:143:9:143:15 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:144:17:144:22 | MyEnum | main.rs:130:5:138:5 | enum MyEnum | +| main.rs:144:17:144:25 | ...::A | main.rs:131:9:133:9 | A | +| main.rs:145:17:145:22 | MyEnum | main.rs:130:5:138:5 | enum MyEnum | +| main.rs:145:17:145:25 | ...::B | main.rs:133:12:136:9 | B | +| main.rs:146:9:146:14 | MyEnum | main.rs:130:5:138:5 | enum MyEnum | +| main.rs:146:9:146:17 | ...::C | main.rs:136:12:137:9 | C | +| main.rs:155:13:155:19 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:156:13:156:13 | f | main.rs:163:5:165:5 | fn f | +| main.rs:157:13:157:16 | Self | main.rs:151:5:159:5 | trait MyTrait | +| main.rs:157:13:157:19 | ...::f | main.rs:152:9:152:20 | fn f | +| main.rs:164:9:164:15 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:168:10:168:16 | MyTrait | main.rs:151:5:159:5 | trait MyTrait | +| main.rs:168:22:168:29 | MyStruct | main.rs:161:5:161:22 | struct MyStruct | +| main.rs:170:13:170:19 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:171:13:171:13 | f | main.rs:163:5:165:5 | fn f | +| main.rs:172:13:172:16 | Self | main.rs:167:5:178:5 | impl MyTrait for MyStruct { ... } | +| main.rs:172:13:172:19 | ...::g | main.rs:175:9:177:9 | fn g | +| main.rs:176:13:176:19 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:181:10:181:17 | MyStruct | main.rs:161:5:161:22 | struct MyStruct | +| main.rs:183:13:183:19 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:184:13:184:13 | f | main.rs:163:5:165:5 | fn f | +| main.rs:190:17:190:24 | MyStruct | main.rs:161:5:161:22 | struct MyStruct | +| main.rs:191:9:191:15 | MyTrait | main.rs:151:5:159:5 | trait MyTrait | +| main.rs:191:9:191:18 | ...::f | main.rs:152:9:152:20 | fn f | +| main.rs:192:9:192:16 | MyStruct | main.rs:161:5:161:22 | struct MyStruct | +| main.rs:192:9:192:19 | ...::f | main.rs:168:33:173:9 | fn f | +| main.rs:193:10:193:17 | MyStruct | main.rs:161:5:161:22 | struct MyStruct | +| main.rs:194:10:194:16 | MyTrait | main.rs:151:5:159:5 | trait MyTrait | +| main.rs:197:17:197:24 | MyStruct | main.rs:161:5:161:22 | struct MyStruct | +| main.rs:199:17:199:24 | MyStruct | main.rs:161:5:161:22 | struct MyStruct | +| main.rs:201:9:201:16 | MyStruct | main.rs:161:5:161:22 | struct MyStruct | +| main.rs:201:9:201:19 | ...::h | main.rs:181:21:185:9 | fn h | +| main.rs:210:19:210:22 | self | main.rs:206:1:214:1 | mod m9 | +| main.rs:210:19:210:32 | ...::MyStruct | main.rs:207:5:207:26 | struct MyStruct | +| main.rs:211:9:211:15 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:212:9:212:12 | self | main.rs:206:1:214:1 | mod m9 | +| main.rs:212:9:212:22 | ...::MyStruct | main.rs:207:5:207:26 | struct MyStruct | +| main.rs:222:12:222:12 | T | main.rs:219:7:219:7 | T | +| main.rs:227:12:227:12 | T | main.rs:226:14:226:14 | T | +| main.rs:229:7:231:7 | MyStruct::<...> | main.rs:217:5:223:5 | struct MyStruct | +| main.rs:230:9:230:9 | T | main.rs:226:14:226:14 | T | +| main.rs:233:9:233:16 | MyStruct | main.rs:217:5:223:5 | struct MyStruct | +| main.rs:243:17:243:19 | Foo | main.rs:238:5:238:21 | struct Foo | +| main.rs:244:9:244:11 | Foo | main.rs:240:5:240:15 | fn Foo | +| main.rs:253:9:253:11 | Bar | main.rs:249:5:251:5 | enum Bar | +| main.rs:253:9:253:19 | ...::FooBar | main.rs:250:9:250:17 | FooBar | +| main.rs:258:13:258:15 | Foo | main.rs:238:5:238:21 | struct Foo | +| main.rs:259:17:259:22 | FooBar | main.rs:250:9:250:17 | FooBar | +| main.rs:260:17:260:22 | FooBar | main.rs:255:5:255:18 | fn FooBar | +| main.rs:268:9:268:9 | E | main.rs:263:15:266:5 | enum E | +| main.rs:268:9:268:12 | ...::C | main.rs:265:9:265:9 | C | +| main.rs:271:17:271:17 | S | main.rs:263:5:263:13 | struct S | +| main.rs:272:17:272:17 | C | main.rs:265:9:265:9 | C | +| main.rs:285:16:285:16 | T | main.rs:279:7:279:7 | T | +| main.rs:286:14:286:17 | Self | main.rs:277:5:287:5 | trait MyParamTrait | +| main.rs:286:14:286:33 | ...::AssociatedType | main.rs:281:9:281:28 | type AssociatedType | +| main.rs:295:13:295:16 | zelf | main.rs:0:0:0:0 | Crate(main@0.0.1) | +| main.rs:295:13:295:21 | ...::m13 | main.rs:290:1:303:1 | mod m13 | +| main.rs:295:13:295:24 | ...::f | main.rs:291:5:291:17 | fn f | +| main.rs:295:13:295:24 | ...::f | main.rs:291:19:292:19 | struct f | +| main.rs:298:17:298:17 | f | main.rs:291:19:292:19 | struct f | +| main.rs:299:21:299:21 | f | main.rs:291:19:292:19 | struct f | +| main.rs:300:13:300:13 | f | main.rs:291:5:291:17 | fn f | +| main.rs:314:9:314:14 | Trait1 | main.rs:306:5:310:5 | trait Trait1 | +| main.rs:316:13:316:19 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:317:13:317:16 | Self | main.rs:312:5:320:5 | trait Trait2 | +| main.rs:317:13:317:19 | ...::g | main.rs:309:9:309:20 | fn g | +| main.rs:327:9:327:12 | Self | main.rs:322:5:335:5 | trait Trait3 | +| main.rs:327:15:327:20 | Trait1 | main.rs:306:5:310:5 | trait Trait1 | +| main.rs:328:9:328:10 | TT | main.rs:324:9:324:10 | TT | +| main.rs:328:13:328:18 | Trait1 | main.rs:306:5:310:5 | trait Trait1 | +| main.rs:330:25:330:26 | TT | main.rs:324:9:324:10 | TT | +| main.rs:331:13:331:16 | Self | main.rs:322:5:335:5 | trait Trait3 | +| main.rs:331:13:331:19 | ...::g | main.rs:309:9:309:20 | fn g | +| main.rs:332:13:332:14 | TT | main.rs:324:9:324:10 | TT | +| main.rs:332:13:332:17 | ...::g | main.rs:309:9:309:20 | fn g | +| main.rs:340:10:340:15 | Trait1 | main.rs:306:5:310:5 | trait Trait1 | +| main.rs:341:11:341:11 | S | main.rs:337:5:337:13 | struct S | +| main.rs:343:13:343:19 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:344:13:344:16 | Self | main.rs:339:5:351:5 | impl Trait1 for S { ... } | +| main.rs:344:13:344:19 | ...::g | main.rs:348:9:350:9 | fn g | +| main.rs:349:13:349:19 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:354:10:354:15 | Trait2 | main.rs:312:5:320:5 | trait Trait2 | +| main.rs:355:11:355:11 | S | main.rs:337:5:337:13 | struct S | +| main.rs:357:13:357:19 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:363:9:363:15 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:364:17:364:17 | S | main.rs:337:5:337:13 | struct S | +| main.rs:365:10:365:10 | S | main.rs:337:5:337:13 | struct S | +| main.rs:366:14:366:19 | Trait1 | main.rs:306:5:310:5 | trait Trait1 | +| main.rs:368:10:368:10 | S | main.rs:337:5:337:13 | struct S | +| main.rs:369:14:369:19 | Trait2 | main.rs:312:5:320:5 | trait Trait2 | +| main.rs:371:9:371:9 | S | main.rs:337:5:337:13 | struct S | +| main.rs:371:9:371:12 | ...::g | main.rs:348:9:350:9 | fn g | +| main.rs:381:24:381:24 | T | main.rs:379:7:379:7 | T | +| main.rs:383:24:383:24 | T | main.rs:379:7:379:7 | T | +| main.rs:386:24:386:24 | T | main.rs:379:7:379:7 | T | +| main.rs:387:13:387:16 | Self | main.rs:377:5:393:5 | trait Trait1 | +| main.rs:387:13:387:19 | ...::g | main.rs:383:9:384:9 | fn g | +| main.rs:391:18:391:18 | T | main.rs:379:7:379:7 | T | +| main.rs:399:9:401:9 | Trait1::<...> | main.rs:377:5:393:5 | trait Trait1 | +| main.rs:400:11:400:11 | T | main.rs:397:7:397:7 | T | +| main.rs:402:24:402:24 | T | main.rs:397:7:397:7 | T | +| main.rs:403:13:403:19 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:404:13:404:16 | Self | main.rs:395:5:408:5 | trait Trait2 | +| main.rs:404:13:404:19 | ...::g | main.rs:383:9:384:9 | fn g | +| main.rs:406:13:406:16 | Self | main.rs:395:5:408:5 | trait Trait2 | +| main.rs:406:13:406:19 | ...::c | main.rs:391:9:392:9 | Const | +| main.rs:413:10:415:5 | Trait1::<...> | main.rs:377:5:393:5 | trait Trait1 | +| main.rs:414:7:414:7 | S | main.rs:410:5:410:13 | struct S | +| main.rs:416:11:416:11 | S | main.rs:410:5:410:13 | struct S | +| main.rs:417:24:417:24 | S | main.rs:410:5:410:13 | struct S | +| main.rs:418:13:418:19 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:419:13:419:16 | Self | main.rs:412:5:430:5 | impl Trait1::<...> for S { ... } | +| main.rs:419:13:419:19 | ...::g | main.rs:423:9:426:9 | fn g | +| main.rs:423:24:423:24 | S | main.rs:410:5:410:13 | struct S | +| main.rs:424:13:424:19 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:425:13:425:16 | Self | main.rs:412:5:430:5 | impl Trait1::<...> for S { ... } | +| main.rs:425:13:425:19 | ...::c | main.rs:428:9:429:9 | Const | +| main.rs:428:18:428:18 | S | main.rs:410:5:410:13 | struct S | +| main.rs:428:22:428:22 | S | main.rs:410:5:410:13 | struct S | +| main.rs:433:10:435:5 | Trait2::<...> | main.rs:395:5:408:5 | trait Trait2 | +| main.rs:434:7:434:7 | S | main.rs:410:5:410:13 | struct S | +| main.rs:436:11:436:11 | S | main.rs:410:5:410:13 | struct S | +| main.rs:437:24:437:24 | S | main.rs:410:5:410:13 | struct S | +| main.rs:438:13:438:19 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:439:13:439:16 | Self | main.rs:432:5:441:5 | impl Trait2::<...> for S { ... } | +| main.rs:445:9:445:15 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:446:17:446:17 | S | main.rs:410:5:410:13 | struct S | +| main.rs:447:10:447:10 | S | main.rs:410:5:410:13 | struct S | +| main.rs:448:14:450:11 | Trait1::<...> | main.rs:377:5:393:5 | trait Trait1 | +| main.rs:449:13:449:13 | S | main.rs:410:5:410:13 | struct S | +| main.rs:452:10:452:10 | S | main.rs:410:5:410:13 | struct S | +| main.rs:453:14:455:11 | Trait2::<...> | main.rs:395:5:408:5 | trait Trait2 | +| main.rs:454:13:454:13 | S | main.rs:410:5:410:13 | struct S | +| main.rs:457:9:457:9 | S | main.rs:410:5:410:13 | struct S | +| main.rs:457:9:457:12 | ...::g | main.rs:423:9:426:9 | fn g | +| main.rs:459:9:459:9 | S | main.rs:410:5:410:13 | struct S | +| main.rs:459:9:459:12 | ...::h | main.rs:386:9:389:9 | fn h | +| main.rs:461:9:461:9 | S | main.rs:410:5:410:13 | struct S | +| main.rs:461:9:461:12 | ...::c | main.rs:428:9:429:9 | Const | +| main.rs:462:10:462:10 | S | main.rs:410:5:410:13 | struct S | +| main.rs:463:14:465:11 | Trait1::<...> | main.rs:377:5:393:5 | trait Trait1 | +| main.rs:464:13:464:13 | S | main.rs:410:5:410:13 | struct S | +| main.rs:482:14:482:16 | Foo | main.rs:472:9:474:9 | trait Foo | +| main.rs:482:22:482:22 | X | main.rs:480:9:480:21 | struct X | +| main.rs:484:17:484:23 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:488:14:488:16 | Bar | main.rs:476:9:478:9 | trait Bar | +| main.rs:488:22:488:22 | X | main.rs:480:9:480:21 | struct X | +| main.rs:490:17:490:23 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:495:9:495:9 | m | main.rs:471:5:493:5 | mod m | +| main.rs:495:9:495:12 | ...::X | main.rs:480:9:480:21 | struct X | +| main.rs:498:17:498:17 | X | main.rs:480:9:480:21 | struct X | +| main.rs:501:17:501:17 | m | main.rs:471:5:493:5 | mod m | +| main.rs:501:17:501:22 | ...::Foo | main.rs:472:9:474:9 | trait Foo | +| main.rs:502:13:502:13 | X | main.rs:480:9:480:21 | struct X | +| main.rs:502:13:502:23 | ...::a_method | main.rs:482:26:485:13 | fn a_method | +| main.rs:506:17:506:17 | m | main.rs:471:5:493:5 | mod m | +| main.rs:506:17:506:22 | ...::Bar | main.rs:476:9:478:9 | trait Bar | +| main.rs:507:13:507:13 | X | main.rs:480:9:480:21 | struct X | +| main.rs:507:13:507:23 | ...::a_method | main.rs:488:26:491:13 | fn a_method | +| main.rs:511:17:511:17 | m | main.rs:471:5:493:5 | mod m | +| main.rs:511:17:511:22 | ...::Bar | main.rs:476:9:478:9 | trait Bar | +| main.rs:512:13:512:13 | X | main.rs:480:9:480:21 | struct X | +| main.rs:512:13:512:23 | ...::a_method | main.rs:488:26:491:13 | fn a_method | +| main.rs:517:13:517:13 | m | main.rs:471:5:493:5 | mod m | +| main.rs:517:13:517:18 | ...::Bar | main.rs:476:9:478:9 | trait Bar | +| main.rs:517:13:517:28 | ...::a_method | main.rs:477:13:477:31 | fn a_method | +| main.rs:530:10:530:16 | MyTrait | main.rs:523:5:525:5 | trait MyTrait | +| main.rs:531:9:531:9 | S | main.rs:527:5:527:13 | struct S | +| main.rs:533:13:533:19 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:539:7:539:13 | MyTrait | main.rs:523:5:525:5 | trait MyTrait | +| main.rs:540:10:540:10 | T | main.rs:538:10:538:10 | T | +| main.rs:542:9:542:9 | T | main.rs:538:10:538:10 | T | +| main.rs:542:9:542:12 | ...::f | main.rs:524:9:524:20 | fn f | +| main.rs:543:9:543:15 | MyTrait | main.rs:523:5:525:5 | trait MyTrait | +| main.rs:543:9:543:18 | ...::f | main.rs:524:9:524:20 | fn f | +| main.rs:548:9:548:9 | g | main.rs:537:5:544:5 | fn g | +| main.rs:549:11:549:11 | S | main.rs:527:5:527:13 | struct S | +| main.rs:556:9:556:15 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:561:13:561:19 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:566:17:566:23 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:567:17:567:21 | super | main.rs:559:5:571:5 | mod m19 | +| main.rs:567:17:567:24 | ...::f | main.rs:560:9:562:9 | fn f | +| main.rs:568:17:568:21 | super | main.rs:559:5:571:5 | mod m19 | +| main.rs:568:17:568:28 | ...::super | main.rs:554:1:572:1 | mod m18 | +| main.rs:568:17:568:31 | ...::f | main.rs:555:5:557:5 | fn f | +| main.rs:585:13:585:17 | super | main.rs:574:1:599:1 | mod m21 | +| main.rs:585:13:585:22 | ...::m22 | main.rs:575:5:581:5 | mod m22 | +| main.rs:585:13:585:30 | ...::MyEnum | main.rs:576:9:578:9 | enum MyEnum | +| main.rs:586:13:586:16 | self | main.rs:576:9:578:9 | enum MyEnum | +| main.rs:590:13:590:17 | super | main.rs:574:1:599:1 | mod m21 | +| main.rs:590:13:590:22 | ...::m22 | main.rs:575:5:581:5 | mod m22 | +| main.rs:590:13:590:32 | ...::MyStruct | main.rs:580:9:580:28 | struct MyStruct | +| main.rs:591:13:591:16 | self | main.rs:580:9:580:28 | struct MyStruct | +| main.rs:595:21:595:26 | MyEnum | main.rs:576:9:578:9 | enum MyEnum | +| main.rs:595:21:595:29 | ...::A | main.rs:577:13:577:13 | A | +| main.rs:596:21:596:28 | MyStruct | main.rs:580:9:580:28 | struct MyStruct | +| main.rs:612:10:614:5 | Trait1::<...> | main.rs:602:5:607:5 | trait Trait1 | +| main.rs:613:7:613:10 | Self | main.rs:609:5:609:13 | struct S | +| main.rs:615:11:615:11 | S | main.rs:609:5:609:13 | struct S | +| main.rs:617:13:617:19 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:623:17:623:17 | S | main.rs:609:5:609:13 | struct S | +| main.rs:639:15:639:15 | T | main.rs:638:26:638:26 | T | +| main.rs:644:9:644:24 | GenericStruct::<...> | main.rs:637:5:640:5 | struct GenericStruct | +| main.rs:644:23:644:23 | T | main.rs:643:10:643:10 | T | +| main.rs:646:9:646:9 | T | main.rs:643:10:643:10 | T | +| main.rs:646:12:646:17 | TraitA | main.rs:629:5:631:5 | trait TraitA | +| main.rs:655:9:655:24 | GenericStruct::<...> | main.rs:637:5:640:5 | struct GenericStruct | +| main.rs:655:23:655:23 | T | main.rs:654:10:654:10 | T | +| main.rs:657:9:657:9 | T | main.rs:654:10:654:10 | T | +| main.rs:657:12:657:17 | TraitB | main.rs:633:5:635:5 | trait TraitB | +| main.rs:658:9:658:9 | T | main.rs:654:10:654:10 | T | +| main.rs:658:12:658:17 | TraitA | main.rs:629:5:631:5 | trait TraitA | +| main.rs:669:10:669:15 | TraitA | main.rs:629:5:631:5 | trait TraitA | +| main.rs:669:21:669:31 | Implementor | main.rs:666:5:666:23 | struct Implementor | +| main.rs:671:13:671:19 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:676:10:676:15 | TraitB | main.rs:633:5:635:5 | trait TraitB | +| main.rs:676:21:676:31 | Implementor | main.rs:666:5:666:23 | struct Implementor | +| main.rs:678:13:678:19 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:684:24:684:34 | Implementor | main.rs:666:5:666:23 | struct Implementor | +| main.rs:685:23:685:35 | GenericStruct | main.rs:637:5:640:5 | struct GenericStruct | +| main.rs:691:9:691:36 | GenericStruct::<...> | main.rs:637:5:640:5 | struct GenericStruct | +| main.rs:691:9:691:50 | ...::call_trait_a | main.rs:648:9:650:9 | fn call_trait_a | +| main.rs:691:25:691:35 | Implementor | main.rs:666:5:666:23 | struct Implementor | +| main.rs:694:9:694:36 | GenericStruct::<...> | main.rs:637:5:640:5 | struct GenericStruct | +| main.rs:694:9:694:47 | ...::call_both | main.rs:660:9:663:9 | fn call_both | +| main.rs:694:25:694:35 | Implementor | main.rs:666:5:666:23 | struct Implementor | +| main.rs:700:3:700:12 | proc_macro | proc_macro.rs:0:0:0:0 | Crate(proc_macro@0.0.1) | +| main.rs:700:3:700:24 | ...::add_suffix | proc_macro.rs:4:1:13:1 | fn add_suffix | +| main.rs:704:6:704:12 | AStruct | main.rs:703:1:703:17 | struct AStruct | +| main.rs:706:7:706:16 | proc_macro | proc_macro.rs:0:0:0:0 | Crate(proc_macro@0.0.1) | +| main.rs:706:7:706:28 | ...::add_suffix | proc_macro.rs:4:1:13:1 | fn add_suffix | +| main.rs:709:7:709:16 | proc_macro | proc_macro.rs:0:0:0:0 | Crate(proc_macro@0.0.1) | +| main.rs:709:7:709:28 | ...::add_suffix | proc_macro.rs:4:1:13:1 | fn add_suffix | | main.rs:714:9:714:11 | std | {EXTERNAL LOCATION} | Crate(std@0.0.0) | -| main.rs:714:9:714:19 | ...::result | {EXTERNAL LOCATION} | mod result | -| main.rs:714:9:714:27 | ...::Result | {EXTERNAL LOCATION} | enum Result | -| main.rs:722:19:722:22 | Self | main.rs:716:5:724:5 | trait Reduce | -| main.rs:722:19:722:29 | ...::Input | main.rs:717:9:717:19 | type Input | -| main.rs:723:14:723:46 | Result::<...> | {EXTERNAL LOCATION} | enum Result | -| main.rs:723:21:723:24 | Self | main.rs:716:5:724:5 | trait Reduce | -| main.rs:723:21:723:32 | ...::Output | main.rs:718:21:719:20 | type Output | -| main.rs:723:35:723:38 | Self | main.rs:716:5:724:5 | trait Reduce | -| main.rs:723:35:723:45 | ...::Error | main.rs:717:21:718:19 | type Error | -| main.rs:727:17:727:34 | PhantomData::<...> | {EXTERNAL LOCATION} | struct PhantomData | -| main.rs:727:29:727:33 | Input | main.rs:726:19:726:23 | Input | +| main.rs:714:9:714:19 | ...::marker | {EXTERNAL LOCATION} | mod marker | +| main.rs:714:9:714:32 | ...::PhantomData | {EXTERNAL LOCATION} | struct PhantomData | +| main.rs:715:9:715:11 | std | {EXTERNAL LOCATION} | Crate(std@0.0.0) | +| main.rs:715:9:715:19 | ...::result | {EXTERNAL LOCATION} | mod result | +| main.rs:715:9:715:27 | ...::Result | {EXTERNAL LOCATION} | enum Result | +| main.rs:723:19:723:22 | Self | main.rs:717:5:725:5 | trait Reduce | +| main.rs:723:19:723:29 | ...::Input | main.rs:718:9:718:19 | type Input | +| main.rs:724:14:724:46 | Result::<...> | {EXTERNAL LOCATION} | enum Result | +| main.rs:724:21:724:24 | Self | main.rs:717:5:725:5 | trait Reduce | +| main.rs:724:21:724:32 | ...::Output | main.rs:719:21:720:20 | type Output | +| main.rs:724:35:724:38 | Self | main.rs:717:5:725:5 | trait Reduce | +| main.rs:724:35:724:45 | ...::Error | main.rs:718:21:719:19 | type Error | | main.rs:728:17:728:34 | PhantomData::<...> | {EXTERNAL LOCATION} | struct PhantomData | -| main.rs:728:29:728:33 | Error | main.rs:726:26:726:30 | Error | -| main.rs:735:11:735:16 | Reduce | main.rs:716:5:724:5 | trait Reduce | -| main.rs:736:13:739:9 | MyImpl::<...> | main.rs:726:5:729:5 | struct MyImpl | -| main.rs:737:13:737:17 | Input | main.rs:733:13:733:17 | Input | -| main.rs:738:13:738:17 | Error | main.rs:734:13:734:17 | Error | -| main.rs:741:22:744:9 | Result::<...> | {EXTERNAL LOCATION} | enum Result | -| main.rs:742:13:742:17 | Input | main.rs:733:13:733:17 | Input | -| main.rs:743:13:743:16 | Self | main.rs:731:5:763:5 | impl Reduce for MyImpl::<...> { ... } | -| main.rs:743:13:743:23 | ...::Error | main.rs:745:11:749:9 | type Error | -| main.rs:746:22:748:9 | Option::<...> | {EXTERNAL LOCATION} | enum Option | -| main.rs:747:11:747:15 | Error | main.rs:734:13:734:17 | Error | -| main.rs:751:13:751:17 | Input | main.rs:733:13:733:17 | Input | -| main.rs:756:19:756:22 | Self | main.rs:731:5:763:5 | impl Reduce for MyImpl::<...> { ... } | -| main.rs:756:19:756:29 | ...::Input | main.rs:741:9:745:9 | type Input | -| main.rs:757:14:760:9 | Result::<...> | {EXTERNAL LOCATION} | enum Result | -| main.rs:758:13:758:16 | Self | main.rs:731:5:763:5 | impl Reduce for MyImpl::<...> { ... } | -| main.rs:758:13:758:24 | ...::Output | main.rs:749:11:752:9 | type Output | -| main.rs:759:13:759:16 | Self | main.rs:731:5:763:5 | impl Reduce for MyImpl::<...> { ... } | -| main.rs:759:13:759:23 | ...::Error | main.rs:745:11:749:9 | type Error | -| main.rs:766:5:766:7 | std | {EXTERNAL LOCATION} | Crate(std@0.0.0) | -| main.rs:766:11:766:14 | self | {EXTERNAL LOCATION} | Crate(std@0.0.0) | -| main.rs:768:15:768:17 | ztd | {EXTERNAL LOCATION} | Crate(std@0.0.0) | -| main.rs:768:15:768:25 | ...::string | {EXTERNAL LOCATION} | mod string | -| main.rs:768:15:768:33 | ...::String | {EXTERNAL LOCATION} | struct String | -| main.rs:778:7:778:16 | proc_macro | proc_macro.rs:0:0:0:0 | Crate(proc_macro@0.0.1) | -| main.rs:778:7:778:26 | ...::identity | proc_macro.rs:15:1:18:1 | fn identity | -| main.rs:779:10:779:15 | ATrait | main.rs:774:5:776:5 | trait ATrait | -| main.rs:779:21:779:23 | i64 | {EXTERNAL LOCATION} | struct i64 | -| main.rs:781:11:781:13 | i64 | {EXTERNAL LOCATION} | struct i64 | -| main.rs:787:17:787:19 | Foo | main.rs:772:5:772:15 | struct Foo | -| main.rs:792:5:792:6 | my | main.rs:1:1:1:7 | mod my | -| main.rs:792:5:792:14 | ...::nested | my.rs:1:1:1:15 | mod nested | -| main.rs:792:5:792:23 | ...::nested1 | my/nested.rs:1:1:17:1 | mod nested1 | -| main.rs:792:5:792:32 | ...::nested2 | my/nested.rs:2:5:11:5 | mod nested2 | -| main.rs:792:5:792:35 | ...::f | my/nested.rs:3:9:5:9 | fn f | +| main.rs:728:29:728:33 | Input | main.rs:727:19:727:23 | Input | +| main.rs:729:17:729:34 | PhantomData::<...> | {EXTERNAL LOCATION} | struct PhantomData | +| main.rs:729:29:729:33 | Error | main.rs:727:26:727:30 | Error | +| main.rs:736:11:736:16 | Reduce | main.rs:717:5:725:5 | trait Reduce | +| main.rs:737:13:740:9 | MyImpl::<...> | main.rs:727:5:730:5 | struct MyImpl | +| main.rs:738:13:738:17 | Input | main.rs:734:13:734:17 | Input | +| main.rs:739:13:739:17 | Error | main.rs:735:13:735:17 | Error | +| main.rs:742:22:745:9 | Result::<...> | {EXTERNAL LOCATION} | enum Result | +| main.rs:743:13:743:17 | Input | main.rs:734:13:734:17 | Input | +| main.rs:744:13:744:16 | Self | main.rs:732:5:764:5 | impl Reduce for MyImpl::<...> { ... } | +| main.rs:744:13:744:23 | ...::Error | main.rs:746:11:750:9 | type Error | +| main.rs:747:22:749:9 | Option::<...> | {EXTERNAL LOCATION} | enum Option | +| main.rs:748:11:748:15 | Error | main.rs:735:13:735:17 | Error | +| main.rs:752:13:752:17 | Input | main.rs:734:13:734:17 | Input | +| main.rs:757:19:757:22 | Self | main.rs:732:5:764:5 | impl Reduce for MyImpl::<...> { ... } | +| main.rs:757:19:757:29 | ...::Input | main.rs:742:9:746:9 | type Input | +| main.rs:758:14:761:9 | Result::<...> | {EXTERNAL LOCATION} | enum Result | +| main.rs:759:13:759:16 | Self | main.rs:732:5:764:5 | impl Reduce for MyImpl::<...> { ... } | +| main.rs:759:13:759:24 | ...::Output | main.rs:750:11:753:9 | type Output | +| main.rs:760:13:760:16 | Self | main.rs:732:5:764:5 | impl Reduce for MyImpl::<...> { ... } | +| main.rs:760:13:760:23 | ...::Error | main.rs:746:11:750:9 | type Error | +| main.rs:767:5:767:7 | std | {EXTERNAL LOCATION} | Crate(std@0.0.0) | +| main.rs:767:11:767:14 | self | {EXTERNAL LOCATION} | Crate(std@0.0.0) | +| main.rs:769:15:769:17 | ztd | {EXTERNAL LOCATION} | Crate(std@0.0.0) | +| main.rs:769:15:769:25 | ...::string | {EXTERNAL LOCATION} | mod string | +| main.rs:769:15:769:33 | ...::String | {EXTERNAL LOCATION} | struct String | +| main.rs:779:7:779:16 | proc_macro | proc_macro.rs:0:0:0:0 | Crate(proc_macro@0.0.1) | +| main.rs:779:7:779:26 | ...::identity | proc_macro.rs:15:1:18:1 | fn identity | +| main.rs:780:10:780:15 | ATrait | main.rs:775:5:777:5 | trait ATrait | +| main.rs:780:21:780:23 | i64 | {EXTERNAL LOCATION} | struct i64 | +| main.rs:782:11:782:13 | i64 | {EXTERNAL LOCATION} | struct i64 | +| main.rs:788:17:788:19 | Foo | main.rs:773:5:773:15 | struct Foo | | main.rs:793:5:793:6 | my | main.rs:1:1:1:7 | mod my | -| main.rs:793:5:793:9 | ...::f | my.rs:5:1:7:1 | fn f | -| main.rs:794:5:794:11 | nested2 | my2/mod.rs:1:1:1:16 | mod nested2 | -| main.rs:794:5:794:20 | ...::nested3 | my2/nested2.rs:1:1:11:1 | mod nested3 | -| main.rs:794:5:794:29 | ...::nested4 | my2/nested2.rs:2:5:10:5 | mod nested4 | -| main.rs:794:5:794:32 | ...::f | my2/nested2.rs:3:9:5:9 | fn f | -| main.rs:795:5:795:5 | f | my2/nested2.rs:3:9:5:9 | fn f | -| main.rs:796:5:796:5 | g | my2/nested2.rs:7:9:9:9 | fn g | -| main.rs:797:5:797:9 | crate | main.rs:0:0:0:0 | Crate(main@0.0.1) | -| main.rs:797:5:797:12 | ...::h | main.rs:56:1:75:1 | fn h | -| main.rs:798:5:798:6 | m1 | main.rs:19:1:43:1 | mod m1 | -| main.rs:798:5:798:10 | ...::m2 | main.rs:24:5:42:5 | mod m2 | -| main.rs:798:5:798:13 | ...::g | main.rs:29:9:33:9 | fn g | +| main.rs:793:5:793:14 | ...::nested | my.rs:1:1:1:15 | mod nested | +| main.rs:793:5:793:23 | ...::nested1 | my/nested.rs:1:1:17:1 | mod nested1 | +| main.rs:793:5:793:32 | ...::nested2 | my/nested.rs:2:5:11:5 | mod nested2 | +| main.rs:793:5:793:35 | ...::f | my/nested.rs:3:9:5:9 | fn f | +| main.rs:794:5:794:6 | my | main.rs:1:1:1:7 | mod my | +| main.rs:794:5:794:9 | ...::f | my.rs:5:1:7:1 | fn f | +| main.rs:795:5:795:11 | nested2 | my2/mod.rs:1:1:1:16 | mod nested2 | +| main.rs:795:5:795:20 | ...::nested3 | my2/nested2.rs:1:1:11:1 | mod nested3 | +| main.rs:795:5:795:29 | ...::nested4 | my2/nested2.rs:2:5:10:5 | mod nested4 | +| main.rs:795:5:795:32 | ...::f | my2/nested2.rs:3:9:5:9 | fn f | +| main.rs:796:5:796:5 | f | my2/nested2.rs:3:9:5:9 | fn f | +| main.rs:797:5:797:5 | g | my2/nested2.rs:7:9:9:9 | fn g | +| main.rs:798:5:798:9 | crate | main.rs:0:0:0:0 | Crate(main@0.0.1) | +| main.rs:798:5:798:12 | ...::h | main.rs:56:1:75:1 | fn h | | main.rs:799:5:799:6 | m1 | main.rs:19:1:43:1 | mod m1 | | main.rs:799:5:799:10 | ...::m2 | main.rs:24:5:42:5 | mod m2 | -| main.rs:799:5:799:14 | ...::m3 | main.rs:35:9:41:9 | mod m3 | -| main.rs:799:5:799:17 | ...::h | main.rs:36:27:40:13 | fn h | -| main.rs:800:5:800:6 | m4 | main.rs:45:1:52:1 | mod m4 | -| main.rs:800:5:800:9 | ...::i | main.rs:48:5:51:5 | fn i | -| main.rs:801:5:801:5 | h | main.rs:56:1:75:1 | fn h | -| main.rs:802:5:802:11 | f_alias | my2/nested2.rs:3:9:5:9 | fn f | -| main.rs:803:5:803:11 | g_alias | my2/nested2.rs:7:9:9:9 | fn g | -| main.rs:804:5:804:5 | j | main.rs:103:1:107:1 | fn j | -| main.rs:805:5:805:6 | m6 | main.rs:115:1:126:1 | mod m6 | -| main.rs:805:5:805:9 | ...::g | main.rs:120:5:125:5 | fn g | -| main.rs:806:5:806:6 | m7 | main.rs:128:1:147:1 | mod m7 | -| main.rs:806:5:806:9 | ...::f | main.rs:139:5:146:5 | fn f | -| main.rs:807:5:807:6 | m8 | main.rs:149:1:203:1 | mod m8 | -| main.rs:807:5:807:9 | ...::g | main.rs:187:5:202:5 | fn g | -| main.rs:808:5:808:6 | m9 | main.rs:205:1:213:1 | mod m9 | -| main.rs:808:5:808:9 | ...::f | main.rs:208:5:212:5 | fn f | -| main.rs:809:5:809:7 | m11 | main.rs:236:1:273:1 | mod m11 | -| main.rs:809:5:809:10 | ...::f | main.rs:241:5:244:5 | fn f | -| main.rs:810:5:810:7 | m15 | main.rs:304:1:373:1 | mod m15 | -| main.rs:810:5:810:10 | ...::f | main.rs:360:5:372:5 | fn f | -| main.rs:811:5:811:7 | m16 | main.rs:375:1:467:1 | mod m16 | -| main.rs:811:5:811:10 | ...::f | main.rs:442:5:466:5 | fn f | -| main.rs:812:5:812:20 | trait_visibility | main.rs:469:1:519:1 | mod trait_visibility | -| main.rs:812:5:812:23 | ...::f | main.rs:496:5:518:5 | fn f | -| main.rs:813:5:813:7 | m17 | main.rs:521:1:551:1 | mod m17 | -| main.rs:813:5:813:10 | ...::f | main.rs:545:5:550:5 | fn f | -| main.rs:814:5:814:11 | nested6 | my2/nested2.rs:14:5:18:5 | mod nested6 | -| main.rs:814:5:814:14 | ...::f | my2/nested2.rs:15:9:17:9 | fn f | -| main.rs:815:5:815:11 | nested8 | my2/nested2.rs:22:5:26:5 | mod nested8 | -| main.rs:815:5:815:14 | ...::f | my2/nested2.rs:23:9:25:9 | fn f | -| main.rs:816:5:816:7 | my3 | my2/mod.rs:20:1:20:12 | mod my3 | -| main.rs:816:5:816:10 | ...::f | my2/my3/mod.rs:1:1:5:1 | fn f | -| main.rs:817:5:817:12 | nested_f | my/my4/my5/mod.rs:1:1:3:1 | fn f | -| main.rs:818:5:818:7 | m18 | main.rs:553:1:571:1 | mod m18 | -| main.rs:818:5:818:12 | ...::m19 | main.rs:558:5:570:5 | mod m19 | -| main.rs:818:5:818:17 | ...::m20 | main.rs:563:9:569:9 | mod m20 | -| main.rs:818:5:818:20 | ...::g | main.rs:564:13:568:13 | fn g | -| main.rs:819:5:819:7 | m23 | main.rs:600:1:625:1 | mod m23 | -| main.rs:819:5:819:10 | ...::f | main.rs:620:5:624:5 | fn f | -| main.rs:820:5:820:7 | m24 | main.rs:627:1:695:1 | mod m24 | -| main.rs:820:5:820:10 | ...::f | main.rs:681:5:694:5 | fn f | -| main.rs:821:5:821:8 | zelf | main.rs:0:0:0:0 | Crate(main@0.0.1) | -| main.rs:821:5:821:11 | ...::h | main.rs:56:1:75:1 | fn h | -| main.rs:822:5:822:13 | z_changed | main.rs:700:1:700:8 | fn z_changed | -| main.rs:823:5:823:11 | AStruct | main.rs:702:1:702:17 | struct AStruct | -| main.rs:823:5:823:22 | ...::z_on_type | main.rs:706:5:706:16 | fn z_on_type | -| main.rs:824:5:824:11 | AStruct | main.rs:702:1:702:17 | struct AStruct | -| main.rs:825:5:825:29 | impl_with_attribute_macro | main.rs:770:1:789:1 | mod impl_with_attribute_macro | -| main.rs:825:5:825:35 | ...::test | main.rs:785:5:788:5 | fn test | +| main.rs:799:5:799:13 | ...::g | main.rs:29:9:33:9 | fn g | +| main.rs:800:5:800:6 | m1 | main.rs:19:1:43:1 | mod m1 | +| main.rs:800:5:800:10 | ...::m2 | main.rs:24:5:42:5 | mod m2 | +| main.rs:800:5:800:14 | ...::m3 | main.rs:35:9:41:9 | mod m3 | +| main.rs:800:5:800:17 | ...::h | main.rs:36:27:40:13 | fn h | +| main.rs:801:5:801:6 | m4 | main.rs:45:1:52:1 | mod m4 | +| main.rs:801:5:801:9 | ...::i | main.rs:48:5:51:5 | fn i | +| main.rs:802:5:802:5 | h | main.rs:56:1:75:1 | fn h | +| main.rs:803:5:803:11 | f_alias | my2/nested2.rs:3:9:5:9 | fn f | +| main.rs:804:5:804:11 | g_alias | my2/nested2.rs:7:9:9:9 | fn g | +| main.rs:805:5:805:5 | j | main.rs:103:1:107:1 | fn j | +| main.rs:806:5:806:6 | m6 | main.rs:115:1:127:1 | mod m6 | +| main.rs:806:5:806:9 | ...::g | main.rs:120:5:126:5 | fn g | +| main.rs:807:5:807:6 | m7 | main.rs:129:1:148:1 | mod m7 | +| main.rs:807:5:807:9 | ...::f | main.rs:140:5:147:5 | fn f | +| main.rs:808:5:808:6 | m8 | main.rs:150:1:204:1 | mod m8 | +| main.rs:808:5:808:9 | ...::g | main.rs:188:5:203:5 | fn g | +| main.rs:809:5:809:6 | m9 | main.rs:206:1:214:1 | mod m9 | +| main.rs:809:5:809:9 | ...::f | main.rs:209:5:213:5 | fn f | +| main.rs:810:5:810:7 | m11 | main.rs:237:1:274:1 | mod m11 | +| main.rs:810:5:810:10 | ...::f | main.rs:242:5:245:5 | fn f | +| main.rs:811:5:811:7 | m15 | main.rs:305:1:374:1 | mod m15 | +| main.rs:811:5:811:10 | ...::f | main.rs:361:5:373:5 | fn f | +| main.rs:812:5:812:7 | m16 | main.rs:376:1:468:1 | mod m16 | +| main.rs:812:5:812:10 | ...::f | main.rs:443:5:467:5 | fn f | +| main.rs:813:5:813:20 | trait_visibility | main.rs:470:1:520:1 | mod trait_visibility | +| main.rs:813:5:813:23 | ...::f | main.rs:497:5:519:5 | fn f | +| main.rs:814:5:814:7 | m17 | main.rs:522:1:552:1 | mod m17 | +| main.rs:814:5:814:10 | ...::f | main.rs:546:5:551:5 | fn f | +| main.rs:815:5:815:11 | nested6 | my2/nested2.rs:14:5:18:5 | mod nested6 | +| main.rs:815:5:815:14 | ...::f | my2/nested2.rs:15:9:17:9 | fn f | +| main.rs:816:5:816:11 | nested8 | my2/nested2.rs:22:5:26:5 | mod nested8 | +| main.rs:816:5:816:14 | ...::f | my2/nested2.rs:23:9:25:9 | fn f | +| main.rs:817:5:817:7 | my3 | my2/mod.rs:20:1:20:12 | mod my3 | +| main.rs:817:5:817:10 | ...::f | my2/my3/mod.rs:1:1:5:1 | fn f | +| main.rs:818:5:818:12 | nested_f | my/my4/my5/mod.rs:1:1:3:1 | fn f | +| main.rs:819:5:819:7 | m18 | main.rs:554:1:572:1 | mod m18 | +| main.rs:819:5:819:12 | ...::m19 | main.rs:559:5:571:5 | mod m19 | +| main.rs:819:5:819:17 | ...::m20 | main.rs:564:9:570:9 | mod m20 | +| main.rs:819:5:819:20 | ...::g | main.rs:565:13:569:13 | fn g | +| main.rs:820:5:820:7 | m23 | main.rs:601:1:626:1 | mod m23 | +| main.rs:820:5:820:10 | ...::f | main.rs:621:5:625:5 | fn f | +| main.rs:821:5:821:7 | m24 | main.rs:628:1:696:1 | mod m24 | +| main.rs:821:5:821:10 | ...::f | main.rs:682:5:695:5 | fn f | +| main.rs:822:5:822:8 | zelf | main.rs:0:0:0:0 | Crate(main@0.0.1) | +| main.rs:822:5:822:11 | ...::h | main.rs:56:1:75:1 | fn h | +| main.rs:823:5:823:13 | z_changed | main.rs:701:1:701:9 | fn z_changed | +| main.rs:824:5:824:11 | AStruct | main.rs:703:1:703:17 | struct AStruct | +| main.rs:824:5:824:22 | ...::z_on_type | main.rs:707:5:707:17 | fn z_on_type | +| main.rs:825:5:825:11 | AStruct | main.rs:703:1:703:17 | struct AStruct | +| main.rs:826:5:826:29 | impl_with_attribute_macro | main.rs:771:1:790:1 | mod impl_with_attribute_macro | +| main.rs:826:5:826:35 | ...::test | main.rs:786:5:789:5 | fn test | +| my2/mod.rs:4:5:4:11 | println | {EXTERNAL LOCATION} | MacroRules | | my2/mod.rs:5:5:5:11 | nested2 | my2/mod.rs:1:1:1:16 | mod nested2 | | my2/mod.rs:5:5:5:20 | ...::nested3 | my2/nested2.rs:1:1:11:1 | mod nested3 | | my2/mod.rs:5:5:5:29 | ...::nested4 | my2/nested2.rs:2:5:10:5 | mod nested4 | @@ -445,10 +486,11 @@ resolvePath | my2/mod.rs:18:5:18:19 | ...::Deref | {EXTERNAL LOCATION} | trait Deref | | my2/mod.rs:25:9:25:13 | mymod | my2/mod.rs:22:1:23:10 | mod mymod | | my2/mod.rs:25:9:25:16 | ...::f | my2/renamed.rs:1:1:1:13 | fn f | +| my2/my3/mod.rs:2:5:2:11 | println | {EXTERNAL LOCATION} | MacroRules | | my2/my3/mod.rs:3:5:3:5 | g | my2/mod.rs:3:1:6:1 | fn g | | my2/my3/mod.rs:4:5:4:5 | h | main.rs:56:1:75:1 | fn h | | my2/my3/mod.rs:7:5:7:9 | super | my2/mod.rs:1:1:25:34 | SourceFile | -| my2/my3/mod.rs:7:5:7:16 | ...::super | main.rs:1:1:826:2 | SourceFile | +| my2/my3/mod.rs:7:5:7:16 | ...::super | main.rs:1:1:827:2 | SourceFile | | my2/my3/mod.rs:7:5:7:19 | ...::h | main.rs:56:1:75:1 | fn h | | my2/my3/mod.rs:8:5:8:9 | super | my2/mod.rs:1:1:25:34 | SourceFile | | my2/my3/mod.rs:8:5:8:12 | ...::g | my2/mod.rs:3:1:6:1 | fn g | @@ -456,8 +498,14 @@ resolvePath | my2/my3/mod.rs:10:5:10:20 | ...::nested6_f | my2/nested2.rs:15:9:17:9 | fn f | | my2/my3/mod.rs:12:5:12:9 | super | my2/mod.rs:1:1:25:34 | SourceFile | | my2/my3/mod.rs:14:16:14:20 | Deref | {EXTERNAL LOCATION} | trait Deref | +| my2/nested2.rs:4:13:4:19 | println | {EXTERNAL LOCATION} | MacroRules | +| my2/nested2.rs:8:13:8:19 | println | {EXTERNAL LOCATION} | MacroRules | +| my2/nested2.rs:16:13:16:19 | println | {EXTERNAL LOCATION} | MacroRules | +| my2/nested2.rs:24:13:24:19 | println | {EXTERNAL LOCATION} | MacroRules | | my.rs:3:5:3:10 | nested | my.rs:1:1:1:15 | mod nested | | my.rs:3:5:3:13 | ...::g | my/nested.rs:19:1:22:1 | fn g | +| my.rs:6:5:6:11 | println | {EXTERNAL LOCATION} | MacroRules | +| my.rs:10:5:10:11 | println | {EXTERNAL LOCATION} | MacroRules | | my.rs:11:5:11:5 | g | my/nested.rs:19:1:22:1 | fn g | | my.rs:18:9:18:11 | my4 | my.rs:14:1:16:1 | mod my4 | | my.rs:18:9:18:16 | ...::my5 | my.rs:15:5:15:16 | mod my5 | @@ -473,29 +521,39 @@ resolvePath | my.rs:30:13:30:15 | i32 | {EXTERNAL LOCATION} | struct i32 | | my.rs:33:16:33:18 | Err | {EXTERNAL LOCATION} | Err | | my.rs:35:5:35:6 | Ok | {EXTERNAL LOCATION} | Ok | +| my/my4/my5/mod.rs:2:5:2:11 | println | {EXTERNAL LOCATION} | MacroRules | +| my/nested.rs:4:13:4:19 | println | {EXTERNAL LOCATION} | MacroRules | +| my/nested.rs:8:13:8:19 | println | {EXTERNAL LOCATION} | MacroRules | | my/nested.rs:9:13:9:13 | f | my/nested.rs:3:9:5:9 | fn f | +| my/nested.rs:14:9:14:15 | println | {EXTERNAL LOCATION} | MacroRules | | my/nested.rs:15:9:15:15 | nested2 | my/nested.rs:2:5:11:5 | mod nested2 | | my/nested.rs:15:9:15:18 | ...::f | my/nested.rs:3:9:5:9 | fn f | +| my/nested.rs:20:5:20:11 | println | {EXTERNAL LOCATION} | MacroRules | | my/nested.rs:21:5:21:11 | nested1 | my/nested.rs:1:1:17:1 | mod nested1 | | my/nested.rs:21:5:21:20 | ...::nested2 | my/nested.rs:2:5:11:5 | mod nested2 | | my/nested.rs:21:5:21:23 | ...::f | my/nested.rs:3:9:5:9 | fn f | | proc_macro.rs:1:5:1:14 | proc_macro | {EXTERNAL LOCATION} | Crate(proc_macro@0.0.0) | | proc_macro.rs:1:5:1:27 | ...::TokenStream | {EXTERNAL LOCATION} | struct TokenStream | | proc_macro.rs:2:5:2:9 | quote | {EXTERNAL LOCATION} | Crate(quote@1.0.40) | +| proc_macro.rs:2:5:2:16 | ...::quote | {EXTERNAL LOCATION} | MacroRules | | proc_macro.rs:5:25:5:35 | TokenStream | {EXTERNAL LOCATION} | struct TokenStream | | proc_macro.rs:5:44:5:54 | TokenStream | {EXTERNAL LOCATION} | struct TokenStream | | proc_macro.rs:5:60:5:70 | TokenStream | {EXTERNAL LOCATION} | struct TokenStream | | proc_macro.rs:6:16:6:18 | syn | {EXTERNAL LOCATION} | Crate(syn@2.0.103) | +| proc_macro.rs:6:16:6:37 | ...::parse_macro_input | {EXTERNAL LOCATION} | MacroRules | | proc_macro.rs:6:48:6:50 | syn | {EXTERNAL LOCATION} | Crate(syn@2.0.103) | | proc_macro.rs:6:48:6:58 | ...::LitStr | {EXTERNAL LOCATION} | struct LitStr | | proc_macro.rs:6:48:6:58 | ...::parse::<...> | {EXTERNAL LOCATION} | fn parse | | proc_macro.rs:7:19:7:21 | syn | {EXTERNAL LOCATION} | Crate(syn@2.0.103) | +| proc_macro.rs:7:19:7:40 | ...::parse_macro_input | {EXTERNAL LOCATION} | MacroRules | | proc_macro.rs:7:51:7:53 | syn | {EXTERNAL LOCATION} | Crate(syn@2.0.103) | | proc_macro.rs:7:51:7:61 | ...::ItemFn | {EXTERNAL LOCATION} | struct ItemFn | | proc_macro.rs:7:51:7:61 | ...::parse::<...> | {EXTERNAL LOCATION} | fn parse | | proc_macro.rs:8:21:8:23 | syn | {EXTERNAL LOCATION} | Crate(syn@2.0.103) | | proc_macro.rs:8:21:8:30 | ...::Ident | {EXTERNAL LOCATION} | struct Ident | | proc_macro.rs:8:21:8:35 | ...::new | {EXTERNAL LOCATION} | fn new | +| proc_macro.rs:8:38:8:43 | format | {EXTERNAL LOCATION} | MacroRules | +| proc_macro.rs:9:5:9:9 | quote | {EXTERNAL LOCATION} | MacroRules | | proc_macro.rs:16:24:16:34 | TokenStream | {EXTERNAL LOCATION} | struct TokenStream | | proc_macro.rs:16:43:16:53 | TokenStream | {EXTERNAL LOCATION} | struct TokenStream | | proc_macro.rs:16:59:16:69 | TokenStream | {EXTERNAL LOCATION} | struct TokenStream | diff --git a/rust/ql/test/query-tests/security/CWE-020/RegexInjection.expected b/rust/ql/test/query-tests/security/CWE-020/RegexInjection.expected index 26b5ede8909..2814af2b5ed 100644 --- a/rust/ql/test/query-tests/security/CWE-020/RegexInjection.expected +++ b/rust/ql/test/query-tests/security/CWE-020/RegexInjection.expected @@ -6,8 +6,7 @@ edges | main.rs:4:20:4:40 | ...::var(...) [Ok] | main.rs:4:20:4:66 | ... .unwrap_or(...) | provenance | MaD:2 | | main.rs:4:20:4:66 | ... .unwrap_or(...) | main.rs:4:9:4:16 | username | provenance | | | main.rs:5:9:5:13 | regex | main.rs:6:26:6:30 | regex | provenance | | -| main.rs:5:17:5:23 | res | main.rs:5:25:5:44 | { ... } | provenance | | -| main.rs:5:25:5:44 | ...::format(...) | main.rs:5:17:5:23 | res | provenance | | +| main.rs:5:25:5:44 | ...::format(...) | main.rs:5:25:5:44 | { ... } | provenance | | | main.rs:5:25:5:44 | ...::must_use(...) | main.rs:5:9:5:13 | regex | provenance | | | main.rs:5:25:5:44 | MacroExpr | main.rs:5:25:5:44 | ...::format(...) | provenance | MaD:3 | | main.rs:5:25:5:44 | { ... } | main.rs:5:25:5:44 | ...::must_use(...) | provenance | MaD:4 | @@ -23,7 +22,6 @@ nodes | main.rs:4:20:4:40 | ...::var(...) [Ok] | semmle.label | ...::var(...) [Ok] | | main.rs:4:20:4:66 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) | | main.rs:5:9:5:13 | regex | semmle.label | regex | -| main.rs:5:17:5:23 | res | semmle.label | res | | main.rs:5:25:5:44 | ...::format(...) | semmle.label | ...::format(...) | | main.rs:5:25:5:44 | ...::must_use(...) | semmle.label | ...::must_use(...) | | main.rs:5:25:5:44 | MacroExpr | semmle.label | MacroExpr | diff --git a/rust/ql/test/query-tests/security/CWE-089/CONSISTENCY/PathResolutionConsistency.expected b/rust/ql/test/query-tests/security/CWE-089/CONSISTENCY/PathResolutionConsistency.expected index d195a145aaf..fe1822bb82c 100644 --- a/rust/ql/test/query-tests/security/CWE-089/CONSISTENCY/PathResolutionConsistency.expected +++ b/rust/ql/test/query-tests/security/CWE-089/CONSISTENCY/PathResolutionConsistency.expected @@ -42,15 +42,11 @@ multipleCallTargets | sqlx.rs:127:29:127:51 | unsafe_query_1.as_str() | | sqlx.rs:128:29:128:53 | prepared_query_1.as_str() | | sqlx.rs:131:54:131:74 | safe_query_1.as_str() | -| sqlx.rs:132:14:132:34 | ...::_print(...) | | sqlx.rs:133:54:133:78 | prepared_query_1.as_str() | -| sqlx.rs:134:14:134:34 | ...::_print(...) | | sqlx.rs:136:55:136:77 | unsafe_query_1.as_str() | | sqlx.rs:137:55:137:79 | prepared_query_1.as_str() | | sqlx.rs:140:54:140:74 | safe_query_1.as_str() | -| sqlx.rs:141:14:141:34 | ...::_print(...) | | sqlx.rs:142:54:142:78 | prepared_query_1.as_str() | -| sqlx.rs:143:14:143:34 | ...::_print(...) | | sqlx.rs:145:55:145:77 | unsafe_query_1.as_str() | | sqlx.rs:146:55:146:79 | prepared_query_1.as_str() | | sqlx.rs:149:25:149:45 | safe_query_1.as_str() | @@ -68,15 +64,4 @@ multipleCallTargets | sqlx.rs:186:25:186:49 | prepared_query_1.as_str() | | sqlx.rs:188:29:188:51 | unsafe_query_1.as_str() | | sqlx.rs:189:29:189:53 | prepared_query_1.as_str() | -| sqlx.rs:196:14:196:43 | ...::_print(...) | | sqlx.rs:202:57:202:85 | ...::from(...) | -| sqlx.rs:203:14:203:46 | ...::_print(...) | -| sqlx.rs:205:14:205:33 | ...::_print(...) | -| sqlx.rs:207:27:207:41 | ...::_print(...) | -| sqlx.rs:208:28:208:43 | ...::_print(...) | -| sqlx.rs:211:14:211:34 | ...::_print(...) | -| sqlx.rs:213:27:213:41 | ...::_print(...) | -| sqlx.rs:214:28:214:43 | ...::_print(...) | -| sqlx.rs:217:14:217:36 | ...::_print(...) | -| sqlx.rs:219:27:219:41 | ...::_print(...) | -| sqlx.rs:220:28:220:43 | ...::_print(...) | diff --git a/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected b/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected index 329138efa24..45ce48f2ef3 100644 --- a/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected +++ b/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected @@ -2,79 +2,189 @@ | sqlx.rs:77:13:77:23 | ...::query | sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:77:13:77:23 | ...::query | This query depends on a $@. | sqlx.rs:48:25:48:46 | ...::get | user-provided value | | sqlx.rs:78:13:78:23 | ...::query | sqlx.rs:47:22:47:35 | ...::args | sqlx.rs:78:13:78:23 | ...::query | This query depends on a $@. | sqlx.rs:47:22:47:35 | ...::args | user-provided value | | sqlx.rs:80:17:80:27 | ...::query | sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:80:17:80:27 | ...::query | This query depends on a $@. | sqlx.rs:48:25:48:46 | ...::get | user-provided value | +| sqlx.rs:81:17:81:27 | ...::query | sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:81:17:81:27 | ...::query | This query depends on a $@. | sqlx.rs:48:25:48:46 | ...::get | user-provided value | | sqlx.rs:82:17:82:27 | ...::query | sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:82:17:82:27 | ...::query | This query depends on a $@. | sqlx.rs:48:25:48:46 | ...::get | user-provided value | +| sqlx.rs:113:17:113:29 | ...::raw_sql | sqlx.rs:100:25:100:46 | ...::get | sqlx.rs:113:17:113:29 | ...::raw_sql | This query depends on a $@. | sqlx.rs:100:25:100:46 | ...::get | user-provided value | +| sqlx.rs:120:17:120:27 | ...::query | sqlx.rs:100:25:100:46 | ...::get | sqlx.rs:120:17:120:27 | ...::query | This query depends on a $@. | sqlx.rs:100:25:100:46 | ...::get | user-provided value | +| sqlx.rs:127:17:127:27 | ...::query | sqlx.rs:100:25:100:46 | ...::get | sqlx.rs:127:17:127:27 | ...::query | This query depends on a $@. | sqlx.rs:100:25:100:46 | ...::get | user-provided value | +| sqlx.rs:136:40:136:53 | ...::query_as | sqlx.rs:100:25:100:46 | ...::get | sqlx.rs:136:40:136:53 | ...::query_as | This query depends on a $@. | sqlx.rs:100:25:100:46 | ...::get | user-provided value | +| sqlx.rs:145:40:145:53 | ...::query_as | sqlx.rs:100:25:100:46 | ...::get | sqlx.rs:145:40:145:53 | ...::query_as | This query depends on a $@. | sqlx.rs:100:25:100:46 | ...::get | user-provided value | +| sqlx.rs:153:17:153:27 | ...::query | sqlx.rs:100:25:100:46 | ...::get | sqlx.rs:153:17:153:27 | ...::query | This query depends on a $@. | sqlx.rs:100:25:100:46 | ...::get | user-provided value | +| sqlx.rs:188:17:188:27 | ...::query | sqlx.rs:173:25:173:46 | ...::get | sqlx.rs:188:17:188:27 | ...::query | This query depends on a $@. | sqlx.rs:173:25:173:46 | ...::get | user-provided value | edges | sqlx.rs:47:9:47:18 | arg_string | sqlx.rs:53:27:53:36 | arg_string | provenance | | -| sqlx.rs:47:22:47:35 | ...::args | sqlx.rs:47:22:47:37 | ...::args(...) [element] | provenance | Src:MaD:3 | -| sqlx.rs:47:22:47:37 | ...::args(...) [element] | sqlx.rs:47:22:47:44 | ... .nth(...) [Some] | provenance | MaD:4 | -| sqlx.rs:47:22:47:44 | ... .nth(...) [Some] | sqlx.rs:47:22:47:77 | ... .unwrap_or(...) | provenance | MaD:6 | +| sqlx.rs:47:22:47:35 | ...::args | sqlx.rs:47:22:47:37 | ...::args(...) [element] | provenance | Src:MaD:5 | +| sqlx.rs:47:22:47:37 | ...::args(...) [element] | sqlx.rs:47:22:47:44 | ... .nth(...) [Some] | provenance | MaD:6 | +| sqlx.rs:47:22:47:44 | ... .nth(...) [Some] | sqlx.rs:47:22:47:77 | ... .unwrap_or(...) | provenance | MaD:10 | | sqlx.rs:47:22:47:77 | ... .unwrap_or(...) | sqlx.rs:47:9:47:18 | arg_string | provenance | | -| sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:49:25:49:52 | remote_string.parse() [Ok] | provenance | MaD:10 | -| sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:49:25:49:52 | remote_string.parse() [Ok] | provenance | MaD:10 | +| sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:49:25:49:52 | remote_string.parse() [Ok] | provenance | MaD:14 | +| sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:49:25:49:52 | remote_string.parse() [Ok] | provenance | MaD:14 | | sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:54:27:54:39 | remote_string | provenance | | +| sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:55:84:55:96 | remote_string | provenance | | | sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:59:17:59:72 | MacroExpr | provenance | | -| sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:48:25:48:69 | ...::get(...) [Ok] | provenance | Src:MaD:2 | -| sqlx.rs:48:25:48:69 | ...::get(...) [Ok] | sqlx.rs:48:25:48:78 | ... .unwrap() | provenance | MaD:7 | -| sqlx.rs:48:25:48:78 | ... .unwrap() | sqlx.rs:48:25:48:85 | ... .text() [Ok] | provenance | MaD:11 | -| sqlx.rs:48:25:48:85 | ... .text() [Ok] | sqlx.rs:48:25:48:118 | ... .unwrap_or(...) | provenance | MaD:8 | +| sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:48:25:48:69 | ...::get(...) [Ok] | provenance | Src:MaD:4 | +| sqlx.rs:48:25:48:69 | ...::get(...) [Ok] | sqlx.rs:48:25:48:78 | ... .unwrap() | provenance | MaD:11 | +| sqlx.rs:48:25:48:78 | ... .unwrap() | sqlx.rs:48:25:48:85 | ... .text() [Ok] | provenance | MaD:15 | +| sqlx.rs:48:25:48:85 | ... .text() [Ok] | sqlx.rs:48:25:48:118 | ... .unwrap_or(...) | provenance | MaD:12 | | sqlx.rs:48:25:48:118 | ... .unwrap_or(...) | sqlx.rs:48:9:48:21 | remote_string | provenance | | | sqlx.rs:49:9:49:21 | remote_number | sqlx.rs:52:32:52:87 | MacroExpr | provenance | | -| sqlx.rs:49:25:49:52 | remote_string.parse() [Ok] | sqlx.rs:49:25:49:65 | ... .unwrap_or(...) | provenance | MaD:8 | +| sqlx.rs:49:25:49:52 | remote_string.parse() [Ok] | sqlx.rs:49:25:49:65 | ... .unwrap_or(...) | provenance | MaD:12 | | sqlx.rs:49:25:49:65 | ... .unwrap_or(...) | sqlx.rs:49:9:49:21 | remote_number | provenance | | | sqlx.rs:52:9:52:20 | safe_query_3 | sqlx.rs:77:25:77:36 | safe_query_3 | provenance | | +| sqlx.rs:52:9:52:20 | safe_query_3 | sqlx.rs:77:25:77:45 | safe_query_3.as_str() | provenance | MaD:13 | | sqlx.rs:52:9:52:20 | safe_query_3 | sqlx.rs:77:25:77:45 | safe_query_3.as_str() | provenance | MaD:9 | -| sqlx.rs:52:9:52:20 | safe_query_3 | sqlx.rs:77:25:77:45 | safe_query_3.as_str() | provenance | MaD:5 | -| sqlx.rs:52:9:52:20 | safe_query_3 | sqlx.rs:77:25:77:45 | safe_query_3.as_str() | provenance | MaD:9 | -| sqlx.rs:52:24:52:30 | res | sqlx.rs:52:32:52:87 | { ... } | provenance | | -| sqlx.rs:52:32:52:87 | ...::format(...) | sqlx.rs:52:24:52:30 | res | provenance | | +| sqlx.rs:52:9:52:20 | safe_query_3 | sqlx.rs:77:25:77:45 | safe_query_3.as_str() | provenance | MaD:13 | +| sqlx.rs:52:32:52:87 | ...::format(...) | sqlx.rs:52:32:52:87 | { ... } | provenance | | | sqlx.rs:52:32:52:87 | ...::must_use(...) | sqlx.rs:52:9:52:20 | safe_query_3 | provenance | | -| sqlx.rs:52:32:52:87 | MacroExpr | sqlx.rs:52:32:52:87 | ...::format(...) | provenance | MaD:12 | -| sqlx.rs:52:32:52:87 | { ... } | sqlx.rs:52:32:52:87 | ...::must_use(...) | provenance | MaD:13 | -| sqlx.rs:53:9:53:22 | unsafe_query_1 [&ref] | sqlx.rs:78:25:78:47 | unsafe_query_1.as_str() [&ref] | provenance | MaD:9 | -| sqlx.rs:53:9:53:22 | unsafe_query_1 [&ref] | sqlx.rs:78:25:78:47 | unsafe_query_1.as_str() [&ref] | provenance | MaD:5 | +| sqlx.rs:52:32:52:87 | MacroExpr | sqlx.rs:52:32:52:87 | ...::format(...) | provenance | MaD:16 | +| sqlx.rs:52:32:52:87 | { ... } | sqlx.rs:52:32:52:87 | ...::must_use(...) | provenance | MaD:17 | +| sqlx.rs:53:9:53:22 | unsafe_query_1 [&ref] | sqlx.rs:78:25:78:47 | unsafe_query_1.as_str() [&ref] | provenance | MaD:13 | | sqlx.rs:53:9:53:22 | unsafe_query_1 [&ref] | sqlx.rs:78:25:78:47 | unsafe_query_1.as_str() [&ref] | provenance | MaD:9 | +| sqlx.rs:53:9:53:22 | unsafe_query_1 [&ref] | sqlx.rs:78:25:78:47 | unsafe_query_1.as_str() [&ref] | provenance | MaD:13 | | sqlx.rs:53:26:53:36 | &arg_string [&ref] | sqlx.rs:53:9:53:22 | unsafe_query_1 [&ref] | provenance | | | sqlx.rs:53:27:53:36 | arg_string | sqlx.rs:53:26:53:36 | &arg_string [&ref] | provenance | | +| sqlx.rs:54:9:54:22 | unsafe_query_2 [&ref] | sqlx.rs:80:29:80:51 | unsafe_query_2.as_str() [&ref] | provenance | MaD:13 | | sqlx.rs:54:9:54:22 | unsafe_query_2 [&ref] | sqlx.rs:80:29:80:51 | unsafe_query_2.as_str() [&ref] | provenance | MaD:9 | -| sqlx.rs:54:9:54:22 | unsafe_query_2 [&ref] | sqlx.rs:80:29:80:51 | unsafe_query_2.as_str() [&ref] | provenance | MaD:5 | -| sqlx.rs:54:9:54:22 | unsafe_query_2 [&ref] | sqlx.rs:80:29:80:51 | unsafe_query_2.as_str() [&ref] | provenance | MaD:9 | +| sqlx.rs:54:9:54:22 | unsafe_query_2 [&ref] | sqlx.rs:80:29:80:51 | unsafe_query_2.as_str() [&ref] | provenance | MaD:13 | | sqlx.rs:54:26:54:39 | &remote_string [&ref] | sqlx.rs:54:9:54:22 | unsafe_query_2 [&ref] | provenance | | | sqlx.rs:54:27:54:39 | remote_string | sqlx.rs:54:26:54:39 | &remote_string [&ref] | provenance | | +| sqlx.rs:55:9:55:22 | unsafe_query_3 | sqlx.rs:81:29:81:42 | unsafe_query_3 | provenance | | +| sqlx.rs:55:9:55:22 | unsafe_query_3 | sqlx.rs:81:29:81:51 | unsafe_query_3.as_str() | provenance | MaD:13 | +| sqlx.rs:55:9:55:22 | unsafe_query_3 | sqlx.rs:81:29:81:51 | unsafe_query_3.as_str() | provenance | MaD:9 | +| sqlx.rs:55:9:55:22 | unsafe_query_3 | sqlx.rs:81:29:81:51 | unsafe_query_3.as_str() | provenance | MaD:13 | +| sqlx.rs:55:26:55:96 | ... + ... | sqlx.rs:55:9:55:22 | unsafe_query_3 | provenance | | +| sqlx.rs:55:26:55:96 | ... + ... | sqlx.rs:55:26:55:102 | ... + ... | provenance | MaD:8 | +| sqlx.rs:55:26:55:102 | ... + ... | sqlx.rs:55:9:55:22 | unsafe_query_3 | provenance | | +| sqlx.rs:55:83:55:96 | &remote_string [&ref] | sqlx.rs:55:26:55:96 | ... + ... | provenance | MaD:7 | +| sqlx.rs:55:84:55:96 | remote_string | sqlx.rs:55:83:55:96 | &remote_string [&ref] | provenance | | | sqlx.rs:56:9:56:22 | unsafe_query_4 | sqlx.rs:82:29:82:42 | unsafe_query_4 | provenance | | +| sqlx.rs:56:9:56:22 | unsafe_query_4 | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() | provenance | MaD:13 | | sqlx.rs:56:9:56:22 | unsafe_query_4 | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() | provenance | MaD:9 | -| sqlx.rs:56:9:56:22 | unsafe_query_4 | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() | provenance | MaD:5 | -| sqlx.rs:56:9:56:22 | unsafe_query_4 | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() | provenance | MaD:9 | -| sqlx.rs:59:9:59:15 | res | sqlx.rs:59:17:59:72 | { ... } | provenance | | -| sqlx.rs:59:17:59:72 | ...::format(...) | sqlx.rs:59:9:59:15 | res | provenance | | +| sqlx.rs:56:9:56:22 | unsafe_query_4 | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() | provenance | MaD:13 | +| sqlx.rs:59:17:59:72 | ...::format(...) | sqlx.rs:59:17:59:72 | { ... } | provenance | | | sqlx.rs:59:17:59:72 | ...::must_use(...) | sqlx.rs:56:9:56:22 | unsafe_query_4 | provenance | | -| sqlx.rs:59:17:59:72 | MacroExpr | sqlx.rs:59:17:59:72 | ...::format(...) | provenance | MaD:12 | -| sqlx.rs:59:17:59:72 | { ... } | sqlx.rs:59:17:59:72 | ...::must_use(...) | provenance | MaD:13 | -| sqlx.rs:77:25:77:36 | safe_query_3 | sqlx.rs:77:25:77:45 | safe_query_3.as_str() [&ref] | provenance | MaD:9 | -| sqlx.rs:77:25:77:36 | safe_query_3 | sqlx.rs:77:25:77:45 | safe_query_3.as_str() [&ref] | provenance | MaD:5 | +| sqlx.rs:59:17:59:72 | MacroExpr | sqlx.rs:59:17:59:72 | ...::format(...) | provenance | MaD:16 | +| sqlx.rs:59:17:59:72 | { ... } | sqlx.rs:59:17:59:72 | ...::must_use(...) | provenance | MaD:17 | +| sqlx.rs:77:25:77:36 | safe_query_3 | sqlx.rs:77:25:77:45 | safe_query_3.as_str() [&ref] | provenance | MaD:13 | | sqlx.rs:77:25:77:36 | safe_query_3 | sqlx.rs:77:25:77:45 | safe_query_3.as_str() [&ref] | provenance | MaD:9 | +| sqlx.rs:77:25:77:36 | safe_query_3 | sqlx.rs:77:25:77:45 | safe_query_3.as_str() [&ref] | provenance | MaD:13 | | sqlx.rs:77:25:77:45 | safe_query_3.as_str() | sqlx.rs:77:13:77:23 | ...::query | provenance | MaD:1 Sink:MaD:1 | | sqlx.rs:77:25:77:45 | safe_query_3.as_str() [&ref] | sqlx.rs:77:13:77:23 | ...::query | provenance | MaD:1 Sink:MaD:1 | | sqlx.rs:78:25:78:47 | unsafe_query_1.as_str() [&ref] | sqlx.rs:78:13:78:23 | ...::query | provenance | MaD:1 Sink:MaD:1 | | sqlx.rs:80:29:80:51 | unsafe_query_2.as_str() [&ref] | sqlx.rs:80:17:80:27 | ...::query | provenance | MaD:1 Sink:MaD:1 | +| sqlx.rs:81:29:81:42 | unsafe_query_3 | sqlx.rs:81:29:81:51 | unsafe_query_3.as_str() [&ref] | provenance | MaD:13 | +| sqlx.rs:81:29:81:42 | unsafe_query_3 | sqlx.rs:81:29:81:51 | unsafe_query_3.as_str() [&ref] | provenance | MaD:9 | +| sqlx.rs:81:29:81:42 | unsafe_query_3 | sqlx.rs:81:29:81:51 | unsafe_query_3.as_str() [&ref] | provenance | MaD:13 | +| sqlx.rs:81:29:81:51 | unsafe_query_3.as_str() | sqlx.rs:81:17:81:27 | ...::query | provenance | MaD:1 Sink:MaD:1 | +| sqlx.rs:81:29:81:51 | unsafe_query_3.as_str() [&ref] | sqlx.rs:81:17:81:27 | ...::query | provenance | MaD:1 Sink:MaD:1 | +| sqlx.rs:82:29:82:42 | unsafe_query_4 | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() [&ref] | provenance | MaD:13 | | sqlx.rs:82:29:82:42 | unsafe_query_4 | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() [&ref] | provenance | MaD:9 | -| sqlx.rs:82:29:82:42 | unsafe_query_4 | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() [&ref] | provenance | MaD:5 | -| sqlx.rs:82:29:82:42 | unsafe_query_4 | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() [&ref] | provenance | MaD:9 | +| sqlx.rs:82:29:82:42 | unsafe_query_4 | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() [&ref] | provenance | MaD:13 | | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() | sqlx.rs:82:17:82:27 | ...::query | provenance | MaD:1 Sink:MaD:1 | | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() [&ref] | sqlx.rs:82:17:82:27 | ...::query | provenance | MaD:1 Sink:MaD:1 | +| sqlx.rs:100:9:100:21 | remote_string | sqlx.rs:102:84:102:96 | remote_string | provenance | | +| sqlx.rs:100:25:100:46 | ...::get | sqlx.rs:100:25:100:69 | ...::get(...) [Ok] | provenance | Src:MaD:4 | +| sqlx.rs:100:25:100:69 | ...::get(...) [Ok] | sqlx.rs:100:25:100:78 | ... .unwrap() | provenance | MaD:11 | +| sqlx.rs:100:25:100:78 | ... .unwrap() | sqlx.rs:100:25:100:85 | ... .text() [Ok] | provenance | MaD:15 | +| sqlx.rs:100:25:100:85 | ... .text() [Ok] | sqlx.rs:100:25:100:118 | ... .unwrap_or(...) | provenance | MaD:12 | +| sqlx.rs:100:25:100:118 | ... .unwrap_or(...) | sqlx.rs:100:9:100:21 | remote_string | provenance | | +| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:113:31:113:44 | unsafe_query_1 | provenance | | +| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:113:31:113:53 | unsafe_query_1.as_str() | provenance | MaD:13 | +| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:113:31:113:53 | unsafe_query_1.as_str() | provenance | MaD:9 | +| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:113:31:113:53 | unsafe_query_1.as_str() | provenance | MaD:13 | +| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:120:29:120:42 | unsafe_query_1 | provenance | | +| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:120:29:120:51 | unsafe_query_1.as_str() | provenance | MaD:13 | +| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:120:29:120:51 | unsafe_query_1.as_str() | provenance | MaD:9 | +| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:120:29:120:51 | unsafe_query_1.as_str() | provenance | MaD:13 | +| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:127:29:127:42 | unsafe_query_1 | provenance | | +| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:127:29:127:51 | unsafe_query_1.as_str() | provenance | MaD:13 | +| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:127:29:127:51 | unsafe_query_1.as_str() | provenance | MaD:9 | +| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:127:29:127:51 | unsafe_query_1.as_str() | provenance | MaD:13 | +| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:136:55:136:68 | unsafe_query_1 | provenance | | +| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:136:55:136:77 | unsafe_query_1.as_str() | provenance | MaD:13 | +| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:136:55:136:77 | unsafe_query_1.as_str() | provenance | MaD:9 | +| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:136:55:136:77 | unsafe_query_1.as_str() | provenance | MaD:13 | +| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:145:55:145:68 | unsafe_query_1 | provenance | | +| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:145:55:145:77 | unsafe_query_1.as_str() | provenance | MaD:13 | +| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:145:55:145:77 | unsafe_query_1.as_str() | provenance | MaD:9 | +| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:145:55:145:77 | unsafe_query_1.as_str() | provenance | MaD:13 | +| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:153:29:153:42 | unsafe_query_1 | provenance | | +| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:153:29:153:51 | unsafe_query_1.as_str() | provenance | MaD:13 | +| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:153:29:153:51 | unsafe_query_1.as_str() | provenance | MaD:9 | +| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:153:29:153:51 | unsafe_query_1.as_str() | provenance | MaD:13 | +| sqlx.rs:102:26:102:96 | ... + ... | sqlx.rs:102:9:102:22 | unsafe_query_1 | provenance | | +| sqlx.rs:102:26:102:96 | ... + ... | sqlx.rs:102:26:102:102 | ... + ... | provenance | MaD:8 | +| sqlx.rs:102:26:102:102 | ... + ... | sqlx.rs:102:9:102:22 | unsafe_query_1 | provenance | | +| sqlx.rs:102:83:102:96 | &remote_string [&ref] | sqlx.rs:102:26:102:96 | ... + ... | provenance | MaD:7 | +| sqlx.rs:102:84:102:96 | remote_string | sqlx.rs:102:83:102:96 | &remote_string [&ref] | provenance | | +| sqlx.rs:113:31:113:44 | unsafe_query_1 | sqlx.rs:113:31:113:53 | unsafe_query_1.as_str() [&ref] | provenance | MaD:13 | +| sqlx.rs:113:31:113:44 | unsafe_query_1 | sqlx.rs:113:31:113:53 | unsafe_query_1.as_str() [&ref] | provenance | MaD:9 | +| sqlx.rs:113:31:113:44 | unsafe_query_1 | sqlx.rs:113:31:113:53 | unsafe_query_1.as_str() [&ref] | provenance | MaD:13 | +| sqlx.rs:113:31:113:53 | unsafe_query_1.as_str() | sqlx.rs:113:17:113:29 | ...::raw_sql | provenance | MaD:3 Sink:MaD:3 | +| sqlx.rs:113:31:113:53 | unsafe_query_1.as_str() [&ref] | sqlx.rs:113:17:113:29 | ...::raw_sql | provenance | MaD:3 Sink:MaD:3 | +| sqlx.rs:120:29:120:42 | unsafe_query_1 | sqlx.rs:120:29:120:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:13 | +| sqlx.rs:120:29:120:42 | unsafe_query_1 | sqlx.rs:120:29:120:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:9 | +| sqlx.rs:120:29:120:42 | unsafe_query_1 | sqlx.rs:120:29:120:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:13 | +| sqlx.rs:120:29:120:51 | unsafe_query_1.as_str() | sqlx.rs:120:17:120:27 | ...::query | provenance | MaD:1 Sink:MaD:1 | +| sqlx.rs:120:29:120:51 | unsafe_query_1.as_str() [&ref] | sqlx.rs:120:17:120:27 | ...::query | provenance | MaD:1 Sink:MaD:1 | +| sqlx.rs:127:29:127:42 | unsafe_query_1 | sqlx.rs:127:29:127:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:13 | +| sqlx.rs:127:29:127:42 | unsafe_query_1 | sqlx.rs:127:29:127:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:9 | +| sqlx.rs:127:29:127:42 | unsafe_query_1 | sqlx.rs:127:29:127:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:13 | +| sqlx.rs:127:29:127:51 | unsafe_query_1.as_str() | sqlx.rs:127:17:127:27 | ...::query | provenance | MaD:1 Sink:MaD:1 | +| sqlx.rs:127:29:127:51 | unsafe_query_1.as_str() [&ref] | sqlx.rs:127:17:127:27 | ...::query | provenance | MaD:1 Sink:MaD:1 | +| sqlx.rs:136:55:136:68 | unsafe_query_1 | sqlx.rs:136:55:136:77 | unsafe_query_1.as_str() [&ref] | provenance | MaD:13 | +| sqlx.rs:136:55:136:68 | unsafe_query_1 | sqlx.rs:136:55:136:77 | unsafe_query_1.as_str() [&ref] | provenance | MaD:9 | +| sqlx.rs:136:55:136:68 | unsafe_query_1 | sqlx.rs:136:55:136:77 | unsafe_query_1.as_str() [&ref] | provenance | MaD:13 | +| sqlx.rs:136:55:136:77 | unsafe_query_1.as_str() | sqlx.rs:136:40:136:53 | ...::query_as | provenance | MaD:2 Sink:MaD:2 | +| sqlx.rs:136:55:136:77 | unsafe_query_1.as_str() [&ref] | sqlx.rs:136:40:136:53 | ...::query_as | provenance | MaD:2 Sink:MaD:2 | +| sqlx.rs:145:55:145:68 | unsafe_query_1 | sqlx.rs:145:55:145:77 | unsafe_query_1.as_str() [&ref] | provenance | MaD:13 | +| sqlx.rs:145:55:145:68 | unsafe_query_1 | sqlx.rs:145:55:145:77 | unsafe_query_1.as_str() [&ref] | provenance | MaD:9 | +| sqlx.rs:145:55:145:68 | unsafe_query_1 | sqlx.rs:145:55:145:77 | unsafe_query_1.as_str() [&ref] | provenance | MaD:13 | +| sqlx.rs:145:55:145:77 | unsafe_query_1.as_str() | sqlx.rs:145:40:145:53 | ...::query_as | provenance | MaD:2 Sink:MaD:2 | +| sqlx.rs:145:55:145:77 | unsafe_query_1.as_str() [&ref] | sqlx.rs:145:40:145:53 | ...::query_as | provenance | MaD:2 Sink:MaD:2 | +| sqlx.rs:153:29:153:42 | unsafe_query_1 | sqlx.rs:153:29:153:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:13 | +| sqlx.rs:153:29:153:42 | unsafe_query_1 | sqlx.rs:153:29:153:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:9 | +| sqlx.rs:153:29:153:42 | unsafe_query_1 | sqlx.rs:153:29:153:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:13 | +| sqlx.rs:153:29:153:51 | unsafe_query_1.as_str() | sqlx.rs:153:17:153:27 | ...::query | provenance | MaD:1 Sink:MaD:1 | +| sqlx.rs:153:29:153:51 | unsafe_query_1.as_str() [&ref] | sqlx.rs:153:17:153:27 | ...::query | provenance | MaD:1 Sink:MaD:1 | +| sqlx.rs:173:9:173:21 | remote_string | sqlx.rs:175:84:175:96 | remote_string | provenance | | +| sqlx.rs:173:25:173:46 | ...::get | sqlx.rs:173:25:173:69 | ...::get(...) [Ok] | provenance | Src:MaD:4 | +| sqlx.rs:173:25:173:69 | ...::get(...) [Ok] | sqlx.rs:173:25:173:78 | ... .unwrap() | provenance | MaD:11 | +| sqlx.rs:173:25:173:78 | ... .unwrap() | sqlx.rs:173:25:173:85 | ... .text() [Ok] | provenance | MaD:15 | +| sqlx.rs:173:25:173:85 | ... .text() [Ok] | sqlx.rs:173:25:173:118 | ... .unwrap_or(...) | provenance | MaD:12 | +| sqlx.rs:173:25:173:118 | ... .unwrap_or(...) | sqlx.rs:173:9:173:21 | remote_string | provenance | | +| sqlx.rs:175:9:175:22 | unsafe_query_1 | sqlx.rs:188:29:188:42 | unsafe_query_1 | provenance | | +| sqlx.rs:175:9:175:22 | unsafe_query_1 | sqlx.rs:188:29:188:51 | unsafe_query_1.as_str() | provenance | MaD:13 | +| sqlx.rs:175:9:175:22 | unsafe_query_1 | sqlx.rs:188:29:188:51 | unsafe_query_1.as_str() | provenance | MaD:9 | +| sqlx.rs:175:9:175:22 | unsafe_query_1 | sqlx.rs:188:29:188:51 | unsafe_query_1.as_str() | provenance | MaD:13 | +| sqlx.rs:175:26:175:96 | ... + ... | sqlx.rs:175:9:175:22 | unsafe_query_1 | provenance | | +| sqlx.rs:175:26:175:96 | ... + ... | sqlx.rs:175:26:175:102 | ... + ... | provenance | MaD:8 | +| sqlx.rs:175:26:175:102 | ... + ... | sqlx.rs:175:9:175:22 | unsafe_query_1 | provenance | | +| sqlx.rs:175:83:175:96 | &remote_string [&ref] | sqlx.rs:175:26:175:96 | ... + ... | provenance | MaD:7 | +| sqlx.rs:175:84:175:96 | remote_string | sqlx.rs:175:83:175:96 | &remote_string [&ref] | provenance | | +| sqlx.rs:188:29:188:42 | unsafe_query_1 | sqlx.rs:188:29:188:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:13 | +| sqlx.rs:188:29:188:42 | unsafe_query_1 | sqlx.rs:188:29:188:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:9 | +| sqlx.rs:188:29:188:42 | unsafe_query_1 | sqlx.rs:188:29:188:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:13 | +| sqlx.rs:188:29:188:51 | unsafe_query_1.as_str() | sqlx.rs:188:17:188:27 | ...::query | provenance | MaD:1 Sink:MaD:1 | +| sqlx.rs:188:29:188:51 | unsafe_query_1.as_str() [&ref] | sqlx.rs:188:17:188:27 | ...::query | provenance | MaD:1 Sink:MaD:1 | models | 1 | Sink: sqlx_core::query::query; Argument[0]; sql-injection | -| 2 | Source: reqwest::blocking::get; ReturnValue.Field[core::result::Result::Ok(0)]; remote | -| 3 | Source: std::env::args; ReturnValue.Element; commandargs | -| 4 | Summary: <_ as core::iter::traits::iterator::Iterator>::nth; Argument[self].Element; ReturnValue.Field[core::option::Option::Some(0)]; value | -| 5 | Summary: ::as_str; Argument[self]; ReturnValue; value | -| 6 | Summary: ::unwrap_or; Argument[self].Field[core::option::Option::Some(0)]; ReturnValue; value | -| 7 | Summary: ::unwrap; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value | -| 8 | Summary: ::unwrap_or; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value | -| 9 | Summary: ::as_str; Argument[self]; ReturnValue; value | -| 10 | Summary: ::parse; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint | -| 11 | Summary: ::text; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint | -| 12 | Summary: alloc::fmt::format; Argument[0]; ReturnValue; taint | -| 13 | Summary: core::hint::must_use; Argument[0]; ReturnValue; value | +| 2 | Sink: sqlx_core::query_as::query_as; Argument[0]; sql-injection | +| 3 | Sink: sqlx_core::raw_sql::raw_sql; Argument[0]; sql-injection | +| 4 | Source: reqwest::blocking::get; ReturnValue.Field[core::result::Result::Ok(0)]; remote | +| 5 | Source: std::env::args; ReturnValue.Element; commandargs | +| 6 | Summary: <_ as core::iter::traits::iterator::Iterator>::nth; Argument[self].Element; ReturnValue.Field[core::option::Option::Some(0)]; value | +| 7 | Summary: ::add; Argument[0].Reference; ReturnValue; taint | +| 8 | Summary: ::add; Argument[self]; ReturnValue; value | +| 9 | Summary: ::as_str; Argument[self]; ReturnValue; value | +| 10 | Summary: ::unwrap_or; Argument[self].Field[core::option::Option::Some(0)]; ReturnValue; value | +| 11 | Summary: ::unwrap; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value | +| 12 | Summary: ::unwrap_or; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value | +| 13 | Summary: ::as_str; Argument[self]; ReturnValue; value | +| 14 | Summary: ::parse; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint | +| 15 | Summary: ::text; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint | +| 16 | Summary: alloc::fmt::format; Argument[0]; ReturnValue; taint | +| 17 | Summary: core::hint::must_use; Argument[0]; ReturnValue; value | nodes | sqlx.rs:47:9:47:18 | arg_string | semmle.label | arg_string | | sqlx.rs:47:22:47:35 | ...::args | semmle.label | ...::args | @@ -91,7 +201,6 @@ nodes | sqlx.rs:49:25:49:52 | remote_string.parse() [Ok] | semmle.label | remote_string.parse() [Ok] | | sqlx.rs:49:25:49:65 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) | | sqlx.rs:52:9:52:20 | safe_query_3 | semmle.label | safe_query_3 | -| sqlx.rs:52:24:52:30 | res | semmle.label | res | | sqlx.rs:52:32:52:87 | ...::format(...) | semmle.label | ...::format(...) | | sqlx.rs:52:32:52:87 | ...::must_use(...) | semmle.label | ...::must_use(...) | | sqlx.rs:52:32:52:87 | MacroExpr | semmle.label | MacroExpr | @@ -102,8 +211,12 @@ nodes | sqlx.rs:54:9:54:22 | unsafe_query_2 [&ref] | semmle.label | unsafe_query_2 [&ref] | | sqlx.rs:54:26:54:39 | &remote_string [&ref] | semmle.label | &remote_string [&ref] | | sqlx.rs:54:27:54:39 | remote_string | semmle.label | remote_string | +| sqlx.rs:55:9:55:22 | unsafe_query_3 | semmle.label | unsafe_query_3 | +| sqlx.rs:55:26:55:96 | ... + ... | semmle.label | ... + ... | +| sqlx.rs:55:26:55:102 | ... + ... | semmle.label | ... + ... | +| sqlx.rs:55:83:55:96 | &remote_string [&ref] | semmle.label | &remote_string [&ref] | +| sqlx.rs:55:84:55:96 | remote_string | semmle.label | remote_string | | sqlx.rs:56:9:56:22 | unsafe_query_4 | semmle.label | unsafe_query_4 | -| sqlx.rs:59:9:59:15 | res | semmle.label | res | | sqlx.rs:59:17:59:72 | ...::format(...) | semmle.label | ...::format(...) | | sqlx.rs:59:17:59:72 | ...::must_use(...) | semmle.label | ...::must_use(...) | | sqlx.rs:59:17:59:72 | MacroExpr | semmle.label | MacroExpr | @@ -116,8 +229,62 @@ nodes | sqlx.rs:78:25:78:47 | unsafe_query_1.as_str() [&ref] | semmle.label | unsafe_query_1.as_str() [&ref] | | sqlx.rs:80:17:80:27 | ...::query | semmle.label | ...::query | | sqlx.rs:80:29:80:51 | unsafe_query_2.as_str() [&ref] | semmle.label | unsafe_query_2.as_str() [&ref] | +| sqlx.rs:81:17:81:27 | ...::query | semmle.label | ...::query | +| sqlx.rs:81:29:81:42 | unsafe_query_3 | semmle.label | unsafe_query_3 | +| sqlx.rs:81:29:81:51 | unsafe_query_3.as_str() | semmle.label | unsafe_query_3.as_str() | +| sqlx.rs:81:29:81:51 | unsafe_query_3.as_str() [&ref] | semmle.label | unsafe_query_3.as_str() [&ref] | | sqlx.rs:82:17:82:27 | ...::query | semmle.label | ...::query | | sqlx.rs:82:29:82:42 | unsafe_query_4 | semmle.label | unsafe_query_4 | | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() | semmle.label | unsafe_query_4.as_str() | | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() [&ref] | semmle.label | unsafe_query_4.as_str() [&ref] | +| sqlx.rs:100:9:100:21 | remote_string | semmle.label | remote_string | +| sqlx.rs:100:25:100:46 | ...::get | semmle.label | ...::get | +| sqlx.rs:100:25:100:69 | ...::get(...) [Ok] | semmle.label | ...::get(...) [Ok] | +| sqlx.rs:100:25:100:78 | ... .unwrap() | semmle.label | ... .unwrap() | +| sqlx.rs:100:25:100:85 | ... .text() [Ok] | semmle.label | ... .text() [Ok] | +| sqlx.rs:100:25:100:118 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) | +| sqlx.rs:102:9:102:22 | unsafe_query_1 | semmle.label | unsafe_query_1 | +| sqlx.rs:102:26:102:96 | ... + ... | semmle.label | ... + ... | +| sqlx.rs:102:26:102:102 | ... + ... | semmle.label | ... + ... | +| sqlx.rs:102:83:102:96 | &remote_string [&ref] | semmle.label | &remote_string [&ref] | +| sqlx.rs:102:84:102:96 | remote_string | semmle.label | remote_string | +| sqlx.rs:113:17:113:29 | ...::raw_sql | semmle.label | ...::raw_sql | +| sqlx.rs:113:31:113:44 | unsafe_query_1 | semmle.label | unsafe_query_1 | +| sqlx.rs:113:31:113:53 | unsafe_query_1.as_str() | semmle.label | unsafe_query_1.as_str() | +| sqlx.rs:113:31:113:53 | unsafe_query_1.as_str() [&ref] | semmle.label | unsafe_query_1.as_str() [&ref] | +| sqlx.rs:120:17:120:27 | ...::query | semmle.label | ...::query | +| sqlx.rs:120:29:120:42 | unsafe_query_1 | semmle.label | unsafe_query_1 | +| sqlx.rs:120:29:120:51 | unsafe_query_1.as_str() | semmle.label | unsafe_query_1.as_str() | +| sqlx.rs:120:29:120:51 | unsafe_query_1.as_str() [&ref] | semmle.label | unsafe_query_1.as_str() [&ref] | +| sqlx.rs:127:17:127:27 | ...::query | semmle.label | ...::query | +| sqlx.rs:127:29:127:42 | unsafe_query_1 | semmle.label | unsafe_query_1 | +| sqlx.rs:127:29:127:51 | unsafe_query_1.as_str() | semmle.label | unsafe_query_1.as_str() | +| sqlx.rs:127:29:127:51 | unsafe_query_1.as_str() [&ref] | semmle.label | unsafe_query_1.as_str() [&ref] | +| sqlx.rs:136:40:136:53 | ...::query_as | semmle.label | ...::query_as | +| sqlx.rs:136:55:136:68 | unsafe_query_1 | semmle.label | unsafe_query_1 | +| sqlx.rs:136:55:136:77 | unsafe_query_1.as_str() | semmle.label | unsafe_query_1.as_str() | +| sqlx.rs:136:55:136:77 | unsafe_query_1.as_str() [&ref] | semmle.label | unsafe_query_1.as_str() [&ref] | +| sqlx.rs:145:40:145:53 | ...::query_as | semmle.label | ...::query_as | +| sqlx.rs:145:55:145:68 | unsafe_query_1 | semmle.label | unsafe_query_1 | +| sqlx.rs:145:55:145:77 | unsafe_query_1.as_str() | semmle.label | unsafe_query_1.as_str() | +| sqlx.rs:145:55:145:77 | unsafe_query_1.as_str() [&ref] | semmle.label | unsafe_query_1.as_str() [&ref] | +| sqlx.rs:153:17:153:27 | ...::query | semmle.label | ...::query | +| sqlx.rs:153:29:153:42 | unsafe_query_1 | semmle.label | unsafe_query_1 | +| sqlx.rs:153:29:153:51 | unsafe_query_1.as_str() | semmle.label | unsafe_query_1.as_str() | +| sqlx.rs:153:29:153:51 | unsafe_query_1.as_str() [&ref] | semmle.label | unsafe_query_1.as_str() [&ref] | +| sqlx.rs:173:9:173:21 | remote_string | semmle.label | remote_string | +| sqlx.rs:173:25:173:46 | ...::get | semmle.label | ...::get | +| sqlx.rs:173:25:173:69 | ...::get(...) [Ok] | semmle.label | ...::get(...) [Ok] | +| sqlx.rs:173:25:173:78 | ... .unwrap() | semmle.label | ... .unwrap() | +| sqlx.rs:173:25:173:85 | ... .text() [Ok] | semmle.label | ... .text() [Ok] | +| sqlx.rs:173:25:173:118 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) | +| sqlx.rs:175:9:175:22 | unsafe_query_1 | semmle.label | unsafe_query_1 | +| sqlx.rs:175:26:175:96 | ... + ... | semmle.label | ... + ... | +| sqlx.rs:175:26:175:102 | ... + ... | semmle.label | ... + ... | +| sqlx.rs:175:83:175:96 | &remote_string [&ref] | semmle.label | &remote_string [&ref] | +| sqlx.rs:175:84:175:96 | remote_string | semmle.label | remote_string | +| sqlx.rs:188:17:188:27 | ...::query | semmle.label | ...::query | +| sqlx.rs:188:29:188:42 | unsafe_query_1 | semmle.label | unsafe_query_1 | +| sqlx.rs:188:29:188:51 | unsafe_query_1.as_str() | semmle.label | unsafe_query_1.as_str() | +| sqlx.rs:188:29:188:51 | unsafe_query_1.as_str() [&ref] | semmle.label | unsafe_query_1.as_str() [&ref] | subpaths diff --git a/rust/ql/test/query-tests/security/CWE-089/sqlx.rs b/rust/ql/test/query-tests/security/CWE-089/sqlx.rs index 7f244c4b4cb..151f9fa7c82 100644 --- a/rust/ql/test/query-tests/security/CWE-089/sqlx.rs +++ b/rust/ql/test/query-tests/security/CWE-089/sqlx.rs @@ -78,7 +78,7 @@ async fn test_sqlx_mysql(url: &str, enable_remote: bool) -> Result<(), sqlx::Err let _ = sqlx::query(unsafe_query_1.as_str()).execute(&pool).await?; // $ sql-sink Alert[rust/sql-injection]=args1 if enable_remote { let _ = sqlx::query(unsafe_query_2.as_str()).execute(&pool).await?; // $ sql-sink Alert[rust/sql-injection]=remote1 - let _ = sqlx::query(unsafe_query_3.as_str()).execute(&pool).await?; // $ sql-sink MISSING: Alert[rust/sql-injection]=remote1 + let _ = sqlx::query(unsafe_query_3.as_str()).execute(&pool).await?; // $ sql-sink Alert[rust/sql-injection]=remote1 let _ = sqlx::query(unsafe_query_4.as_str()).execute(&pool).await?; // $ sql-sink Alert[rust/sql-injection]=remote1 } let _ = sqlx::query(prepared_query_1.as_str()).bind(const_string).execute(&pool).await?; // $ sql-sink @@ -97,7 +97,7 @@ async fn test_sqlx_sqlite(url: &str, enable_remote: bool) -> Result<(), sqlx::Er // construct queries let const_string = String::from("Alice"); - let remote_string = reqwest::blocking::get("http://example.com/").unwrap().text().unwrap_or(String::from("Alice")); // $ MISSING: Source=remote2 + let remote_string = reqwest::blocking::get("http://example.com/").unwrap().text().unwrap_or(String::from("Alice")); // $ Source=remote2 let safe_query_1 = String::from("SELECT * FROM people WHERE firstname='") + &const_string + "'"; let unsafe_query_1 = String::from("SELECT * FROM people WHERE firstname='") + &remote_string + "'"; let prepared_query_1 = String::from("SELECT * FROM people WHERE firstname=?"); // (prepared arguments are safe) @@ -110,21 +110,21 @@ async fn test_sqlx_sqlite(url: &str, enable_remote: bool) -> Result<(), sqlx::Er // ... let _ = sqlx::raw_sql(safe_query_1.as_str()).execute(&mut conn).await?; // $ sql-sink if enable_remote { - let _ = sqlx::raw_sql(unsafe_query_1.as_str()).execute(&mut conn).await?; // $ sql-sink MISSING: Alert[rust/sql-injection]=remote2 + let _ = sqlx::raw_sql(unsafe_query_1.as_str()).execute(&mut conn).await?; // $ sql-sink Alert[rust/sql-injection]=remote2 } // prepared queries (with extra variants) let _ = sqlx::query(safe_query_1.as_str()).execute(&mut conn).await?; // $ sql-sink let _ = sqlx::query(prepared_query_1.as_str()).bind(&const_string).execute(&mut conn).await?; // $ sql-sink if enable_remote { - let _ = sqlx::query(unsafe_query_1.as_str()).execute(&mut conn).await?; // $ sql-sink MISSING: Alert[rust/sql-injection]=remote2 + let _ = sqlx::query(unsafe_query_1.as_str()).execute(&mut conn).await?; // $ sql-sink Alert[rust/sql-injection]=remote2 let _ = sqlx::query(prepared_query_1.as_str()).bind(&remote_string).execute(&mut conn).await?; // $ sql-sink } // ... let _ = sqlx::query(safe_query_1.as_str()).fetch(&mut conn); // $ sql-sink let _ = sqlx::query(prepared_query_1.as_str()).bind(&const_string).fetch(&mut conn); // $ sql-sink if enable_remote { - let _ = sqlx::query(unsafe_query_1.as_str()).fetch(&mut conn); // $ sql-sink MISSING: Alert[rust/sql-injection]=remote2 + let _ = sqlx::query(unsafe_query_1.as_str()).fetch(&mut conn); // $ sql-sink Alert[rust/sql-injection]=remote2 let _ = sqlx::query(prepared_query_1.as_str()).bind(&remote_string).fetch(&mut conn); // $ sql-sink } // ... @@ -133,7 +133,7 @@ async fn test_sqlx_sqlite(url: &str, enable_remote: bool) -> Result<(), sqlx::Er let row2: (i64, String, String) = sqlx::query_as(prepared_query_1.as_str()).bind(&const_string).fetch_one(&mut conn).await?; // $ sql-sink println!(" row2 = {:?}", row2); if enable_remote { - let _: (i64, String, String) = sqlx::query_as(unsafe_query_1.as_str()).fetch_one(&mut conn).await?; // $ sql-sink MISSING: Alert[rust/sql-injection]=remote2 + let _: (i64, String, String) = sqlx::query_as(unsafe_query_1.as_str()).fetch_one(&mut conn).await?; // $ sql-sink Alert[rust/sql-injection]=remote2 let _: (i64, String, String) = sqlx::query_as(prepared_query_1.as_str()).bind(&remote_string).fetch_one(&mut conn).await?; // $ sql-sink } // ... @@ -142,7 +142,7 @@ async fn test_sqlx_sqlite(url: &str, enable_remote: bool) -> Result<(), sqlx::Er let row4: (i64, String, String) = sqlx::query_as(prepared_query_1.as_str()).bind(&const_string).fetch_optional(&mut conn).await?.expect("no data"); // $ sql-sink println!(" row4 = {:?}", row4); if enable_remote { - let _: (i64, String, String) = sqlx::query_as(unsafe_query_1.as_str()).fetch_optional(&mut conn).await?.expect("no data"); // $ sql-sink $ MISSING: Alert[rust/sql-injection]=remote2 + let _: (i64, String, String) = sqlx::query_as(unsafe_query_1.as_str()).fetch_optional(&mut conn).await?.expect("no data"); // $ sql-sink $ Alert[rust/sql-injection]=remote2 let _: (i64, String, String) = sqlx::query_as(prepared_query_1.as_str()).bind(&remote_string).fetch_optional(&mut conn).await?.expect("no data"); // $ sql-sink } // ... @@ -150,7 +150,7 @@ async fn test_sqlx_sqlite(url: &str, enable_remote: bool) -> Result<(), sqlx::Er let _ = sqlx::query(prepared_query_1.as_str()).bind(&const_string).fetch_all(&mut conn).await?; // $ sql-sink let _ = sqlx::query("SELECT * FROM people WHERE firstname=?").bind(&const_string).fetch_all(&mut conn).await?; // $ sql-sink if enable_remote { - let _ = sqlx::query(unsafe_query_1.as_str()).fetch_all(&mut conn).await?; // $ sql-sink MISSING: Alert[rust/sql-injection]=remote2 + let _ = sqlx::query(unsafe_query_1.as_str()).fetch_all(&mut conn).await?; // $ sql-sink Alert[rust/sql-injection]=remote2 let _ = sqlx::query(prepared_query_1.as_str()).bind(&remote_string).fetch_all(&mut conn).await?; // $ sql-sink let _ = sqlx::query("SELECT * FROM people WHERE firstname=?").bind(&remote_string).fetch_all(&mut conn).await?; // $ sql-sink } @@ -170,7 +170,7 @@ async fn test_sqlx_postgres(url: &str, enable_remote: bool) -> Result<(), sqlx:: // construct queries let const_string = String::from("Alice"); - let remote_string = reqwest::blocking::get("http://example.com/").unwrap().text().unwrap_or(String::from("Alice")); // $ MISSING: Source=remote3 + let remote_string = reqwest::blocking::get("http://example.com/").unwrap().text().unwrap_or(String::from("Alice")); // $ Source=remote3 let safe_query_1 = String::from("SELECT * FROM people WHERE firstname='") + &const_string + "'"; let unsafe_query_1 = String::from("SELECT * FROM people WHERE firstname='") + &remote_string + "'"; let prepared_query_1 = String::from("SELECT * FROM people WHERE firstname=$1"); // (prepared arguments are safe) @@ -185,7 +185,7 @@ async fn test_sqlx_postgres(url: &str, enable_remote: bool) -> Result<(), sqlx:: let _ = sqlx::query(safe_query_1.as_str()).execute(&pool).await?; // $ sql-sink let _ = sqlx::query(prepared_query_1.as_str()).bind(&const_string).execute(&pool).await?; // $ sql-sink if enable_remote { - let _ = sqlx::query(unsafe_query_1.as_str()).execute(&pool).await?; // $ sql-sink MISSING: Alert[rust/sql-injection]=remote3 + let _ = sqlx::query(unsafe_query_1.as_str()).execute(&pool).await?; // $ sql-sink Alert[rust/sql-injection]=remote3 let _ = sqlx::query(prepared_query_1.as_str()).bind(&remote_string).execute(&pool).await?; // $ sql-sink } diff --git a/rust/ql/test/query-tests/security/CWE-311/CleartextTransmission.expected b/rust/ql/test/query-tests/security/CWE-311/CleartextTransmission.expected index 5b0ebe3fa62..5807220eef0 100644 --- a/rust/ql/test/query-tests/security/CWE-311/CleartextTransmission.expected +++ b/rust/ql/test/query-tests/security/CWE-311/CleartextTransmission.expected @@ -6,16 +6,14 @@ | main.rs:35:12:35:18 | request | main.rs:33:50:33:57 | password | main.rs:35:12:35:18 | request | This 'request' operation transmits data which may contain unencrypted sensitive data from $@. | main.rs:33:50:33:57 | password | password | edges | main.rs:6:9:6:11 | url | main.rs:7:28:7:30 | url | provenance | | -| main.rs:6:15:6:21 | res | main.rs:6:23:6:57 | { ... } | provenance | | -| main.rs:6:23:6:57 | ...::format(...) | main.rs:6:15:6:21 | res | provenance | | +| main.rs:6:23:6:57 | ...::format(...) | main.rs:6:23:6:57 | { ... } | provenance | | | main.rs:6:23:6:57 | ...::must_use(...) | main.rs:6:9:6:11 | url | provenance | | | main.rs:6:23:6:57 | MacroExpr | main.rs:6:23:6:57 | ...::format(...) | provenance | MaD:7 | | main.rs:6:23:6:57 | { ... } | main.rs:6:23:6:57 | ...::must_use(...) | provenance | MaD:8 | | main.rs:6:50:6:57 | password | main.rs:6:23:6:57 | MacroExpr | provenance | | | main.rs:7:28:7:30 | url | main.rs:7:5:7:26 | ...::get | provenance | MaD:4 Sink:MaD:4 | | main.rs:12:9:12:15 | address | main.rs:13:27:13:33 | address | provenance | | -| main.rs:12:19:12:25 | res | main.rs:12:27:12:59 | { ... } | provenance | | -| main.rs:12:27:12:59 | ...::format(...) | main.rs:12:19:12:25 | res | provenance | | +| main.rs:12:27:12:59 | ...::format(...) | main.rs:12:27:12:59 | { ... } | provenance | | | main.rs:12:27:12:59 | ...::must_use(...) | main.rs:12:9:12:15 | address | provenance | | | main.rs:12:27:12:59 | MacroExpr | main.rs:12:27:12:59 | ...::format(...) | provenance | MaD:7 | | main.rs:12:27:12:59 | { ... } | main.rs:12:27:12:59 | ...::must_use(...) | provenance | MaD:8 | @@ -27,24 +25,21 @@ edges | main.rs:13:27:13:33 | address | main.rs:13:26:13:33 | &address [&ref] | provenance | | | main.rs:14:28:14:30 | url | main.rs:14:5:14:26 | ...::get | provenance | MaD:4 Sink:MaD:4 | | main.rs:19:9:19:11 | url | main.rs:21:17:21:19 | url | provenance | | -| main.rs:19:15:19:21 | res | main.rs:19:23:19:57 | { ... } | provenance | | -| main.rs:19:23:19:57 | ...::format(...) | main.rs:19:15:19:21 | res | provenance | | +| main.rs:19:23:19:57 | ...::format(...) | main.rs:19:23:19:57 | { ... } | provenance | | | main.rs:19:23:19:57 | ...::must_use(...) | main.rs:19:9:19:11 | url | provenance | | | main.rs:19:23:19:57 | MacroExpr | main.rs:19:23:19:57 | ...::format(...) | provenance | MaD:7 | | main.rs:19:23:19:57 | { ... } | main.rs:19:23:19:57 | ...::must_use(...) | provenance | MaD:8 | | main.rs:19:50:19:57 | password | main.rs:19:23:19:57 | MacroExpr | provenance | | | main.rs:21:17:21:19 | url | main.rs:21:12:21:15 | post | provenance | MaD:1 Sink:MaD:1 | | main.rs:26:9:26:11 | url | main.rs:28:33:28:35 | url | provenance | | -| main.rs:26:15:26:21 | res | main.rs:26:23:26:57 | { ... } | provenance | | -| main.rs:26:23:26:57 | ...::format(...) | main.rs:26:15:26:21 | res | provenance | | +| main.rs:26:23:26:57 | ...::format(...) | main.rs:26:23:26:57 | { ... } | provenance | | | main.rs:26:23:26:57 | ...::must_use(...) | main.rs:26:9:26:11 | url | provenance | | | main.rs:26:23:26:57 | MacroExpr | main.rs:26:23:26:57 | ...::format(...) | provenance | MaD:7 | | main.rs:26:23:26:57 | { ... } | main.rs:26:23:26:57 | ...::must_use(...) | provenance | MaD:8 | | main.rs:26:50:26:57 | password | main.rs:26:23:26:57 | MacroExpr | provenance | | | main.rs:28:33:28:35 | url | main.rs:28:12:28:18 | request | provenance | MaD:3 Sink:MaD:3 | | main.rs:33:9:33:11 | url | main.rs:35:33:35:35 | url | provenance | | -| main.rs:33:15:33:21 | res | main.rs:33:23:33:57 | { ... } | provenance | | -| main.rs:33:23:33:57 | ...::format(...) | main.rs:33:15:33:21 | res | provenance | | +| main.rs:33:23:33:57 | ...::format(...) | main.rs:33:23:33:57 | { ... } | provenance | | | main.rs:33:23:33:57 | ...::must_use(...) | main.rs:33:9:33:11 | url | provenance | | | main.rs:33:23:33:57 | MacroExpr | main.rs:33:23:33:57 | ...::format(...) | provenance | MaD:7 | | main.rs:33:23:33:57 | { ... } | main.rs:33:23:33:57 | ...::must_use(...) | provenance | MaD:8 | @@ -61,7 +56,6 @@ models | 8 | Summary: core::hint::must_use; Argument[0]; ReturnValue; value | nodes | main.rs:6:9:6:11 | url | semmle.label | url | -| main.rs:6:15:6:21 | res | semmle.label | res | | main.rs:6:23:6:57 | ...::format(...) | semmle.label | ...::format(...) | | main.rs:6:23:6:57 | ...::must_use(...) | semmle.label | ...::must_use(...) | | main.rs:6:23:6:57 | MacroExpr | semmle.label | MacroExpr | @@ -70,7 +64,6 @@ nodes | main.rs:7:5:7:26 | ...::get | semmle.label | ...::get | | main.rs:7:28:7:30 | url | semmle.label | url | | main.rs:12:9:12:15 | address | semmle.label | address | -| main.rs:12:19:12:25 | res | semmle.label | res | | main.rs:12:27:12:59 | ...::format(...) | semmle.label | ...::format(...) | | main.rs:12:27:12:59 | ...::must_use(...) | semmle.label | ...::must_use(...) | | main.rs:12:27:12:59 | MacroExpr | semmle.label | MacroExpr | @@ -84,7 +77,6 @@ nodes | main.rs:14:5:14:26 | ...::get | semmle.label | ...::get | | main.rs:14:28:14:30 | url | semmle.label | url | | main.rs:19:9:19:11 | url | semmle.label | url | -| main.rs:19:15:19:21 | res | semmle.label | res | | main.rs:19:23:19:57 | ...::format(...) | semmle.label | ...::format(...) | | main.rs:19:23:19:57 | ...::must_use(...) | semmle.label | ...::must_use(...) | | main.rs:19:23:19:57 | MacroExpr | semmle.label | MacroExpr | @@ -93,7 +85,6 @@ nodes | main.rs:21:12:21:15 | post | semmle.label | post | | main.rs:21:17:21:19 | url | semmle.label | url | | main.rs:26:9:26:11 | url | semmle.label | url | -| main.rs:26:15:26:21 | res | semmle.label | res | | main.rs:26:23:26:57 | ...::format(...) | semmle.label | ...::format(...) | | main.rs:26:23:26:57 | ...::must_use(...) | semmle.label | ...::must_use(...) | | main.rs:26:23:26:57 | MacroExpr | semmle.label | MacroExpr | @@ -102,7 +93,6 @@ nodes | main.rs:28:12:28:18 | request | semmle.label | request | | main.rs:28:33:28:35 | url | semmle.label | url | | main.rs:33:9:33:11 | url | semmle.label | url | -| main.rs:33:15:33:21 | res | semmle.label | res | | main.rs:33:23:33:57 | ...::format(...) | semmle.label | ...::format(...) | | main.rs:33:23:33:57 | ...::must_use(...) | semmle.label | ...::must_use(...) | | main.rs:33:23:33:57 | MacroExpr | semmle.label | MacroExpr | diff --git a/rust/ql/test/query-tests/security/CWE-312/CONSISTENCY/PathResolutionConsistency.expected b/rust/ql/test/query-tests/security/CWE-312/CONSISTENCY/PathResolutionConsistency.expected index ac6f2b2d997..f4514168e3f 100644 --- a/rust/ql/test/query-tests/security/CWE-312/CONSISTENCY/PathResolutionConsistency.expected +++ b/rust/ql/test/query-tests/security/CWE-312/CONSISTENCY/PathResolutionConsistency.expected @@ -1,75 +1,7 @@ multipleCallTargets -| test_logging.rs:42:5:42:10 | ...::max_level(...) | -| test_logging.rs:43:5:43:10 | ...::max_level(...) | -| test_logging.rs:44:5:44:9 | ...::max_level(...) | -| test_logging.rs:45:5:45:10 | ...::max_level(...) | -| test_logging.rs:46:5:46:9 | ...::max_level(...) | -| test_logging.rs:47:5:47:8 | ...::max_level(...) | -| test_logging.rs:50:5:50:10 | ...::max_level(...) | -| test_logging.rs:51:5:51:10 | ...::max_level(...) | -| test_logging.rs:52:5:52:10 | ...::max_level(...) | -| test_logging.rs:53:5:53:10 | ...::max_level(...) | -| test_logging.rs:54:5:54:10 | ...::max_level(...) | -| test_logging.rs:55:5:55:10 | ...::max_level(...) | -| test_logging.rs:56:5:56:10 | ...::max_level(...) | -| test_logging.rs:57:5:57:10 | ...::max_level(...) | -| test_logging.rs:58:5:58:10 | ...::max_level(...) | -| test_logging.rs:59:5:59:10 | ...::max_level(...) | -| test_logging.rs:60:5:60:10 | ...::max_level(...) | -| test_logging.rs:61:5:61:10 | ...::max_level(...) | -| test_logging.rs:64:5:64:8 | ...::max_level(...) | -| test_logging.rs:65:5:65:8 | ...::max_level(...) | -| test_logging.rs:66:5:66:8 | ...::max_level(...) | -| test_logging.rs:67:5:67:8 | ...::max_level(...) | -| test_logging.rs:68:5:68:8 | ...::max_level(...) | -| test_logging.rs:71:5:71:10 | ...::max_level(...) | -| test_logging.rs:72:5:72:10 | ...::max_level(...) | -| test_logging.rs:73:5:73:10 | ...::max_level(...) | -| test_logging.rs:74:5:74:10 | ...::max_level(...) | -| test_logging.rs:75:5:75:10 | ...::max_level(...) | -| test_logging.rs:76:5:76:10 | ...::max_level(...) | -| test_logging.rs:77:5:77:10 | ...::max_level(...) | | test_logging.rs:77:20:77:36 | password.as_str() | -| test_logging.rs:78:5:78:10 | ...::max_level(...) | | test_logging.rs:78:22:78:38 | password.as_str() | -| test_logging.rs:81:5:81:10 | ...::max_level(...) | -| test_logging.rs:82:5:82:10 | ...::max_level(...) | -| test_logging.rs:83:5:83:10 | ...::max_level(...) | -| test_logging.rs:84:5:84:10 | ...::max_level(...) | -| test_logging.rs:85:5:85:10 | ...::max_level(...) | -| test_logging.rs:86:5:86:10 | ...::max_level(...) | | test_logging.rs:88:18:88:34 | password.as_str() | -| test_logging.rs:89:5:89:10 | ...::max_level(...) | -| test_logging.rs:90:5:90:10 | ...::max_level(...) | -| test_logging.rs:94:5:94:9 | ...::max_level(...) | -| test_logging.rs:97:5:97:9 | ...::max_level(...) | -| test_logging.rs:100:5:100:9 | ...::max_level(...) | -| test_logging.rs:104:5:104:9 | ...::max_level(...) | -| test_logging.rs:108:5:108:9 | ...::max_level(...) | -| test_logging.rs:112:5:112:9 | ...::max_level(...) | -| test_logging.rs:114:9:114:13 | ...::max_level(...) | -| test_logging.rs:118:5:118:10 | ...::max_level(...) | -| test_logging.rs:121:5:121:10 | ...::max_level(...) | -| test_logging.rs:123:5:123:10 | ...::max_level(...) | -| test_logging.rs:126:5:126:10 | ...::max_level(...) | -| test_logging.rs:130:5:130:10 | ...::max_level(...) | -| test_logging.rs:131:5:131:10 | ...::max_level(...) | -| test_logging.rs:132:5:132:10 | ...::max_level(...) | -| test_logging.rs:133:5:133:10 | ...::max_level(...) | -| test_logging.rs:140:5:140:9 | ...::max_level(...) | -| test_logging.rs:141:5:141:9 | ...::max_level(...) | -| test_logging.rs:142:5:142:9 | ...::max_level(...) | -| test_logging.rs:143:5:143:9 | ...::max_level(...) | -| test_logging.rs:144:5:144:9 | ...::max_level(...) | -| test_logging.rs:150:5:150:9 | ...::max_level(...) | -| test_logging.rs:151:5:151:9 | ...::max_level(...) | -| test_logging.rs:152:5:152:9 | ...::max_level(...) | -| test_logging.rs:153:5:153:9 | ...::max_level(...) | -| test_logging.rs:154:5:154:9 | ...::max_level(...) | -| test_logging.rs:192:12:192:37 | ...::_print(...) | -| test_logging.rs:193:14:193:37 | ...::_print(...) | -| test_logging.rs:194:13:194:38 | ...::_eprint(...) | -| test_logging.rs:195:15:195:38 | ...::_eprint(...) | | test_logging.rs:229:30:229:71 | ... .as_str() | | test_logging.rs:242:16:242:61 | ... .as_bytes() | | test_logging.rs:245:20:245:65 | ... .as_bytes() | @@ -134,9 +66,3 @@ multipleCallTargets | test_storage.rs:188:29:188:86 | ...::from(...) | | test_storage.rs:189:28:189:82 | ...::from(...) | | test_storage.rs:190:28:190:81 | ...::from(...) | -| test_storage.rs:217:14:217:47 | ...::_print(...) | -| test_storage.rs:219:27:219:41 | ...::_print(...) | -| test_storage.rs:220:28:220:43 | ...::_print(...) | -| test_storage.rs:223:14:223:51 | ...::_print(...) | -| test_storage.rs:225:27:225:41 | ...::_print(...) | -| test_storage.rs:226:28:226:43 | ...::_print(...) | diff --git a/rust/ql/test/query-tests/security/CWE-312/CleartextLogging.expected b/rust/ql/test/query-tests/security/CWE-312/CleartextLogging.expected index 01d3b06a854..6e67ec737c2 100644 --- a/rust/ql/test/query-tests/security/CWE-312/CleartextLogging.expected +++ b/rust/ql/test/query-tests/security/CWE-312/CleartextLogging.expected @@ -136,15 +136,18 @@ edges | test_logging.rs:93:15:93:22 | password | test_logging.rs:93:14:93:22 | &password | provenance | Config | | test_logging.rs:94:11:94:28 | MacroExpr | test_logging.rs:94:5:94:9 | ...::log | provenance | MaD:12 Sink:MaD:12 | | test_logging.rs:96:9:96:10 | m2 | test_logging.rs:97:11:97:18 | MacroExpr | provenance | | +| test_logging.rs:96:14:96:49 | ... + ... | test_logging.rs:96:9:96:10 | m2 | provenance | | | test_logging.rs:96:41:96:49 | &password | test_logging.rs:96:9:96:10 | m2 | provenance | | +| test_logging.rs:96:41:96:49 | &password | test_logging.rs:96:14:96:49 | ... + ... | provenance | MaD:17 | +| test_logging.rs:96:41:96:49 | &password [&ref] | test_logging.rs:96:14:96:49 | ... + ... | provenance | MaD:17 | | test_logging.rs:96:42:96:49 | password | test_logging.rs:96:41:96:49 | &password | provenance | Config | +| test_logging.rs:96:42:96:49 | password | test_logging.rs:96:41:96:49 | &password [&ref] | provenance | | | test_logging.rs:97:11:97:18 | MacroExpr | test_logging.rs:97:5:97:9 | ...::log | provenance | MaD:12 Sink:MaD:12 | | test_logging.rs:99:9:99:10 | m3 | test_logging.rs:100:11:100:18 | MacroExpr | provenance | | -| test_logging.rs:99:14:99:20 | res | test_logging.rs:99:22:99:45 | { ... } | provenance | | -| test_logging.rs:99:22:99:45 | ...::format(...) | test_logging.rs:99:14:99:20 | res | provenance | | +| test_logging.rs:99:22:99:45 | ...::format(...) | test_logging.rs:99:22:99:45 | { ... } | provenance | | | test_logging.rs:99:22:99:45 | ...::must_use(...) | test_logging.rs:99:9:99:10 | m3 | provenance | | -| test_logging.rs:99:22:99:45 | MacroExpr | test_logging.rs:99:22:99:45 | ...::format(...) | provenance | MaD:21 | -| test_logging.rs:99:22:99:45 | { ... } | test_logging.rs:99:22:99:45 | ...::must_use(...) | provenance | MaD:22 | +| test_logging.rs:99:22:99:45 | MacroExpr | test_logging.rs:99:22:99:45 | ...::format(...) | provenance | MaD:22 | +| test_logging.rs:99:22:99:45 | { ... } | test_logging.rs:99:22:99:45 | ...::must_use(...) | provenance | MaD:23 | | test_logging.rs:99:38:99:45 | password | test_logging.rs:99:22:99:45 | MacroExpr | provenance | | | test_logging.rs:100:11:100:18 | MacroExpr | test_logging.rs:100:5:100:9 | ...::log | provenance | MaD:12 Sink:MaD:12 | | test_logging.rs:118:12:118:41 | MacroExpr | test_logging.rs:118:5:118:10 | ...::log | provenance | MaD:12 Sink:MaD:12 | @@ -161,23 +164,21 @@ edges | test_logging.rs:151:27:151:37 | s2.password | test_logging.rs:151:11:151:37 | MacroExpr | provenance | | | test_logging.rs:176:33:176:79 | &... | test_logging.rs:176:22:176:31 | log_expect | provenance | MaD:1 Sink:MaD:1 | | test_logging.rs:176:33:176:79 | &... [&ref] | test_logging.rs:176:22:176:31 | log_expect | provenance | MaD:1 Sink:MaD:1 | -| test_logging.rs:176:34:176:40 | res | test_logging.rs:176:42:176:78 | { ... } | provenance | | | test_logging.rs:176:34:176:79 | MacroExpr | test_logging.rs:176:33:176:79 | &... | provenance | Config | | test_logging.rs:176:34:176:79 | MacroExpr | test_logging.rs:176:33:176:79 | &... [&ref] | provenance | | -| test_logging.rs:176:42:176:78 | ...::format(...) | test_logging.rs:176:34:176:40 | res | provenance | | +| test_logging.rs:176:42:176:78 | ...::format(...) | test_logging.rs:176:42:176:78 | { ... } | provenance | | | test_logging.rs:176:42:176:78 | ...::must_use(...) | test_logging.rs:176:34:176:79 | MacroExpr | provenance | | -| test_logging.rs:176:42:176:78 | MacroExpr | test_logging.rs:176:42:176:78 | ...::format(...) | provenance | MaD:21 | -| test_logging.rs:176:42:176:78 | { ... } | test_logging.rs:176:42:176:78 | ...::must_use(...) | provenance | MaD:22 | +| test_logging.rs:176:42:176:78 | MacroExpr | test_logging.rs:176:42:176:78 | ...::format(...) | provenance | MaD:22 | +| test_logging.rs:176:42:176:78 | { ... } | test_logging.rs:176:42:176:78 | ...::must_use(...) | provenance | MaD:23 | | test_logging.rs:176:70:176:78 | password2 | test_logging.rs:176:42:176:78 | MacroExpr | provenance | | | test_logging.rs:180:35:180:81 | &... | test_logging.rs:180:24:180:33 | log_expect | provenance | MaD:3 Sink:MaD:3 | | test_logging.rs:180:35:180:81 | &... [&ref] | test_logging.rs:180:24:180:33 | log_expect | provenance | MaD:3 Sink:MaD:3 | -| test_logging.rs:180:36:180:42 | res | test_logging.rs:180:44:180:80 | { ... } | provenance | | | test_logging.rs:180:36:180:81 | MacroExpr | test_logging.rs:180:35:180:81 | &... | provenance | Config | | test_logging.rs:180:36:180:81 | MacroExpr | test_logging.rs:180:35:180:81 | &... [&ref] | provenance | | -| test_logging.rs:180:44:180:80 | ...::format(...) | test_logging.rs:180:36:180:42 | res | provenance | | +| test_logging.rs:180:44:180:80 | ...::format(...) | test_logging.rs:180:44:180:80 | { ... } | provenance | | | test_logging.rs:180:44:180:80 | ...::must_use(...) | test_logging.rs:180:36:180:81 | MacroExpr | provenance | | -| test_logging.rs:180:44:180:80 | MacroExpr | test_logging.rs:180:44:180:80 | ...::format(...) | provenance | MaD:21 | -| test_logging.rs:180:44:180:80 | { ... } | test_logging.rs:180:44:180:80 | ...::must_use(...) | provenance | MaD:22 | +| test_logging.rs:180:44:180:80 | MacroExpr | test_logging.rs:180:44:180:80 | ...::format(...) | provenance | MaD:22 | +| test_logging.rs:180:44:180:80 | { ... } | test_logging.rs:180:44:180:80 | ...::must_use(...) | provenance | MaD:23 | | test_logging.rs:180:72:180:80 | password2 | test_logging.rs:180:44:180:80 | MacroExpr | provenance | | | test_logging.rs:183:9:183:19 | err_result2 [Err] | test_logging.rs:184:13:184:23 | err_result2 [Err] | provenance | | | test_logging.rs:183:47:183:68 | Err(...) [Err] | test_logging.rs:183:9:183:19 | err_result2 [Err] | provenance | | @@ -228,69 +229,64 @@ edges | test_logging.rs:226:36:226:59 | ...::Some(...) [Some] | test_logging.rs:226:13:226:28 | ...::assert_failed [Some] | provenance | MaD:10 | | test_logging.rs:226:36:226:59 | MacroExpr | test_logging.rs:226:36:226:59 | ...::Some(...) [Some] | provenance | | | test_logging.rs:226:52:226:59 | password | test_logging.rs:226:36:226:59 | MacroExpr | provenance | | -| test_logging.rs:229:30:229:36 | res | test_logging.rs:229:38:229:61 | { ... } | provenance | | -| test_logging.rs:229:30:229:62 | MacroExpr | test_logging.rs:229:30:229:71 | ... .as_str() [&ref] | provenance | MaD:20 | -| test_logging.rs:229:30:229:62 | MacroExpr | test_logging.rs:229:30:229:71 | ... .as_str() [&ref] | provenance | MaD:18 | -| test_logging.rs:229:30:229:62 | MacroExpr | test_logging.rs:229:30:229:71 | ... .as_str() [&ref] | provenance | MaD:20 | +| test_logging.rs:229:30:229:62 | MacroExpr | test_logging.rs:229:30:229:71 | ... .as_str() [&ref] | provenance | MaD:21 | +| test_logging.rs:229:30:229:62 | MacroExpr | test_logging.rs:229:30:229:71 | ... .as_str() [&ref] | provenance | MaD:19 | +| test_logging.rs:229:30:229:62 | MacroExpr | test_logging.rs:229:30:229:71 | ... .as_str() [&ref] | provenance | MaD:21 | | test_logging.rs:229:30:229:71 | ... .as_str() | test_logging.rs:229:23:229:28 | expect | provenance | MaD:2 Sink:MaD:2 | | test_logging.rs:229:30:229:71 | ... .as_str() | test_logging.rs:229:23:229:28 | expect | provenance | MaD:2 Sink:MaD:2 | | test_logging.rs:229:30:229:71 | ... .as_str() [&ref] | test_logging.rs:229:23:229:28 | expect | provenance | MaD:2 Sink:MaD:2 | | test_logging.rs:229:30:229:71 | ... .as_str() [&ref] | test_logging.rs:229:23:229:28 | expect | provenance | MaD:2 Sink:MaD:2 | -| test_logging.rs:229:38:229:61 | ...::format(...) | test_logging.rs:229:30:229:36 | res | provenance | | +| test_logging.rs:229:38:229:61 | ...::format(...) | test_logging.rs:229:38:229:61 | { ... } | provenance | | | test_logging.rs:229:38:229:61 | ...::must_use(...) | test_logging.rs:229:30:229:62 | MacroExpr | provenance | | -| test_logging.rs:229:38:229:61 | ...::must_use(...) | test_logging.rs:229:30:229:71 | ... .as_str() | provenance | MaD:20 | -| test_logging.rs:229:38:229:61 | ...::must_use(...) | test_logging.rs:229:30:229:71 | ... .as_str() | provenance | MaD:18 | -| test_logging.rs:229:38:229:61 | ...::must_use(...) | test_logging.rs:229:30:229:71 | ... .as_str() | provenance | MaD:20 | -| test_logging.rs:229:38:229:61 | MacroExpr | test_logging.rs:229:38:229:61 | ...::format(...) | provenance | MaD:21 | -| test_logging.rs:229:38:229:61 | { ... } | test_logging.rs:229:38:229:61 | ...::must_use(...) | provenance | MaD:22 | +| test_logging.rs:229:38:229:61 | ...::must_use(...) | test_logging.rs:229:30:229:71 | ... .as_str() | provenance | MaD:21 | +| test_logging.rs:229:38:229:61 | ...::must_use(...) | test_logging.rs:229:30:229:71 | ... .as_str() | provenance | MaD:19 | +| test_logging.rs:229:38:229:61 | ...::must_use(...) | test_logging.rs:229:30:229:71 | ... .as_str() | provenance | MaD:21 | +| test_logging.rs:229:38:229:61 | MacroExpr | test_logging.rs:229:38:229:61 | ...::format(...) | provenance | MaD:22 | +| test_logging.rs:229:38:229:61 | { ... } | test_logging.rs:229:38:229:61 | ...::must_use(...) | provenance | MaD:23 | | test_logging.rs:229:54:229:61 | password | test_logging.rs:229:38:229:61 | MacroExpr | provenance | | -| test_logging.rs:242:16:242:22 | res | test_logging.rs:242:24:242:49 | { ... } | provenance | | -| test_logging.rs:242:16:242:50 | MacroExpr | test_logging.rs:242:16:242:61 | ... .as_bytes() [&ref] | provenance | MaD:19 | -| test_logging.rs:242:16:242:50 | MacroExpr | test_logging.rs:242:16:242:61 | ... .as_bytes() [&ref] | provenance | MaD:17 | +| test_logging.rs:242:16:242:50 | MacroExpr | test_logging.rs:242:16:242:61 | ... .as_bytes() [&ref] | provenance | MaD:20 | +| test_logging.rs:242:16:242:50 | MacroExpr | test_logging.rs:242:16:242:61 | ... .as_bytes() [&ref] | provenance | MaD:18 | | test_logging.rs:242:16:242:61 | ... .as_bytes() | test_logging.rs:242:10:242:14 | write | provenance | MaD:7 Sink:MaD:7 | | test_logging.rs:242:16:242:61 | ... .as_bytes() [&ref] | test_logging.rs:242:10:242:14 | write | provenance | MaD:7 Sink:MaD:7 | -| test_logging.rs:242:24:242:49 | ...::format(...) | test_logging.rs:242:16:242:22 | res | provenance | | +| test_logging.rs:242:24:242:49 | ...::format(...) | test_logging.rs:242:24:242:49 | { ... } | provenance | | | test_logging.rs:242:24:242:49 | ...::must_use(...) | test_logging.rs:242:16:242:50 | MacroExpr | provenance | | -| test_logging.rs:242:24:242:49 | ...::must_use(...) | test_logging.rs:242:16:242:61 | ... .as_bytes() | provenance | MaD:19 | -| test_logging.rs:242:24:242:49 | ...::must_use(...) | test_logging.rs:242:16:242:61 | ... .as_bytes() | provenance | MaD:17 | -| test_logging.rs:242:24:242:49 | MacroExpr | test_logging.rs:242:24:242:49 | ...::format(...) | provenance | MaD:21 | -| test_logging.rs:242:24:242:49 | { ... } | test_logging.rs:242:24:242:49 | ...::must_use(...) | provenance | MaD:22 | +| test_logging.rs:242:24:242:49 | ...::must_use(...) | test_logging.rs:242:16:242:61 | ... .as_bytes() | provenance | MaD:20 | +| test_logging.rs:242:24:242:49 | ...::must_use(...) | test_logging.rs:242:16:242:61 | ... .as_bytes() | provenance | MaD:18 | +| test_logging.rs:242:24:242:49 | MacroExpr | test_logging.rs:242:24:242:49 | ...::format(...) | provenance | MaD:22 | +| test_logging.rs:242:24:242:49 | { ... } | test_logging.rs:242:24:242:49 | ...::must_use(...) | provenance | MaD:23 | | test_logging.rs:242:42:242:49 | password | test_logging.rs:242:24:242:49 | MacroExpr | provenance | | -| test_logging.rs:245:20:245:26 | res | test_logging.rs:245:28:245:53 | { ... } | provenance | | -| test_logging.rs:245:20:245:54 | MacroExpr | test_logging.rs:245:20:245:65 | ... .as_bytes() [&ref] | provenance | MaD:19 | -| test_logging.rs:245:20:245:54 | MacroExpr | test_logging.rs:245:20:245:65 | ... .as_bytes() [&ref] | provenance | MaD:17 | +| test_logging.rs:245:20:245:54 | MacroExpr | test_logging.rs:245:20:245:65 | ... .as_bytes() [&ref] | provenance | MaD:20 | +| test_logging.rs:245:20:245:54 | MacroExpr | test_logging.rs:245:20:245:65 | ... .as_bytes() [&ref] | provenance | MaD:18 | | test_logging.rs:245:20:245:65 | ... .as_bytes() | test_logging.rs:245:10:245:18 | write_all | provenance | MaD:8 Sink:MaD:8 | | test_logging.rs:245:20:245:65 | ... .as_bytes() [&ref] | test_logging.rs:245:10:245:18 | write_all | provenance | MaD:8 Sink:MaD:8 | -| test_logging.rs:245:28:245:53 | ...::format(...) | test_logging.rs:245:20:245:26 | res | provenance | | +| test_logging.rs:245:28:245:53 | ...::format(...) | test_logging.rs:245:28:245:53 | { ... } | provenance | | | test_logging.rs:245:28:245:53 | ...::must_use(...) | test_logging.rs:245:20:245:54 | MacroExpr | provenance | | -| test_logging.rs:245:28:245:53 | ...::must_use(...) | test_logging.rs:245:20:245:65 | ... .as_bytes() | provenance | MaD:19 | -| test_logging.rs:245:28:245:53 | ...::must_use(...) | test_logging.rs:245:20:245:65 | ... .as_bytes() | provenance | MaD:17 | -| test_logging.rs:245:28:245:53 | MacroExpr | test_logging.rs:245:28:245:53 | ...::format(...) | provenance | MaD:21 | -| test_logging.rs:245:28:245:53 | { ... } | test_logging.rs:245:28:245:53 | ...::must_use(...) | provenance | MaD:22 | +| test_logging.rs:245:28:245:53 | ...::must_use(...) | test_logging.rs:245:20:245:65 | ... .as_bytes() | provenance | MaD:20 | +| test_logging.rs:245:28:245:53 | ...::must_use(...) | test_logging.rs:245:20:245:65 | ... .as_bytes() | provenance | MaD:18 | +| test_logging.rs:245:28:245:53 | MacroExpr | test_logging.rs:245:28:245:53 | ...::format(...) | provenance | MaD:22 | +| test_logging.rs:245:28:245:53 | { ... } | test_logging.rs:245:28:245:53 | ...::must_use(...) | provenance | MaD:23 | | test_logging.rs:245:46:245:53 | password | test_logging.rs:245:28:245:53 | MacroExpr | provenance | | -| test_logging.rs:248:15:248:21 | res | test_logging.rs:248:23:248:48 | { ... } | provenance | | -| test_logging.rs:248:15:248:49 | MacroExpr | test_logging.rs:248:15:248:60 | ... .as_bytes() [&ref] | provenance | MaD:19 | -| test_logging.rs:248:15:248:49 | MacroExpr | test_logging.rs:248:15:248:60 | ... .as_bytes() [&ref] | provenance | MaD:17 | +| test_logging.rs:248:15:248:49 | MacroExpr | test_logging.rs:248:15:248:60 | ... .as_bytes() [&ref] | provenance | MaD:20 | +| test_logging.rs:248:15:248:49 | MacroExpr | test_logging.rs:248:15:248:60 | ... .as_bytes() [&ref] | provenance | MaD:18 | | test_logging.rs:248:15:248:60 | ... .as_bytes() | test_logging.rs:248:9:248:13 | write | provenance | MaD:7 Sink:MaD:7 | | test_logging.rs:248:15:248:60 | ... .as_bytes() [&ref] | test_logging.rs:248:9:248:13 | write | provenance | MaD:7 Sink:MaD:7 | -| test_logging.rs:248:23:248:48 | ...::format(...) | test_logging.rs:248:15:248:21 | res | provenance | | +| test_logging.rs:248:23:248:48 | ...::format(...) | test_logging.rs:248:23:248:48 | { ... } | provenance | | | test_logging.rs:248:23:248:48 | ...::must_use(...) | test_logging.rs:248:15:248:49 | MacroExpr | provenance | | -| test_logging.rs:248:23:248:48 | ...::must_use(...) | test_logging.rs:248:15:248:60 | ... .as_bytes() | provenance | MaD:19 | -| test_logging.rs:248:23:248:48 | ...::must_use(...) | test_logging.rs:248:15:248:60 | ... .as_bytes() | provenance | MaD:17 | -| test_logging.rs:248:23:248:48 | MacroExpr | test_logging.rs:248:23:248:48 | ...::format(...) | provenance | MaD:21 | -| test_logging.rs:248:23:248:48 | { ... } | test_logging.rs:248:23:248:48 | ...::must_use(...) | provenance | MaD:22 | +| test_logging.rs:248:23:248:48 | ...::must_use(...) | test_logging.rs:248:15:248:60 | ... .as_bytes() | provenance | MaD:20 | +| test_logging.rs:248:23:248:48 | ...::must_use(...) | test_logging.rs:248:15:248:60 | ... .as_bytes() | provenance | MaD:18 | +| test_logging.rs:248:23:248:48 | MacroExpr | test_logging.rs:248:23:248:48 | ...::format(...) | provenance | MaD:22 | +| test_logging.rs:248:23:248:48 | { ... } | test_logging.rs:248:23:248:48 | ...::must_use(...) | provenance | MaD:23 | | test_logging.rs:248:41:248:48 | password | test_logging.rs:248:23:248:48 | MacroExpr | provenance | | -| test_logging.rs:251:15:251:21 | res | test_logging.rs:251:23:251:48 | { ... } | provenance | | -| test_logging.rs:251:15:251:49 | MacroExpr | test_logging.rs:251:15:251:60 | ... .as_bytes() [&ref] | provenance | MaD:19 | -| test_logging.rs:251:15:251:49 | MacroExpr | test_logging.rs:251:15:251:60 | ... .as_bytes() [&ref] | provenance | MaD:17 | +| test_logging.rs:251:15:251:49 | MacroExpr | test_logging.rs:251:15:251:60 | ... .as_bytes() [&ref] | provenance | MaD:20 | +| test_logging.rs:251:15:251:49 | MacroExpr | test_logging.rs:251:15:251:60 | ... .as_bytes() [&ref] | provenance | MaD:18 | | test_logging.rs:251:15:251:60 | ... .as_bytes() | test_logging.rs:251:9:251:13 | write | provenance | MaD:6 Sink:MaD:6 | | test_logging.rs:251:15:251:60 | ... .as_bytes() [&ref] | test_logging.rs:251:9:251:13 | write | provenance | MaD:6 Sink:MaD:6 | -| test_logging.rs:251:23:251:48 | ...::format(...) | test_logging.rs:251:15:251:21 | res | provenance | | +| test_logging.rs:251:23:251:48 | ...::format(...) | test_logging.rs:251:23:251:48 | { ... } | provenance | | | test_logging.rs:251:23:251:48 | ...::must_use(...) | test_logging.rs:251:15:251:49 | MacroExpr | provenance | | -| test_logging.rs:251:23:251:48 | ...::must_use(...) | test_logging.rs:251:15:251:60 | ... .as_bytes() | provenance | MaD:19 | -| test_logging.rs:251:23:251:48 | ...::must_use(...) | test_logging.rs:251:15:251:60 | ... .as_bytes() | provenance | MaD:17 | -| test_logging.rs:251:23:251:48 | MacroExpr | test_logging.rs:251:23:251:48 | ...::format(...) | provenance | MaD:21 | -| test_logging.rs:251:23:251:48 | { ... } | test_logging.rs:251:23:251:48 | ...::must_use(...) | provenance | MaD:22 | +| test_logging.rs:251:23:251:48 | ...::must_use(...) | test_logging.rs:251:15:251:60 | ... .as_bytes() | provenance | MaD:20 | +| test_logging.rs:251:23:251:48 | ...::must_use(...) | test_logging.rs:251:15:251:60 | ... .as_bytes() | provenance | MaD:18 | +| test_logging.rs:251:23:251:48 | MacroExpr | test_logging.rs:251:23:251:48 | ...::format(...) | provenance | MaD:22 | +| test_logging.rs:251:23:251:48 | { ... } | test_logging.rs:251:23:251:48 | ...::must_use(...) | provenance | MaD:23 | | test_logging.rs:251:41:251:48 | password | test_logging.rs:251:23:251:48 | MacroExpr | provenance | | models | 1 | Sink: ::log_expect; Argument[0]; log-injection | @@ -309,12 +305,13 @@ models | 14 | Sink: std::io::stdio::_eprint; Argument[0]; log-injection | | 15 | Sink: std::io::stdio::_print; Argument[0]; log-injection | | 16 | Summary: <_ as core::clone::Clone>::clone; Argument[self].Reference; ReturnValue; value | -| 17 | Summary: ::as_bytes; Argument[self]; ReturnValue; value | -| 18 | Summary: ::as_str; Argument[self]; ReturnValue; value | -| 19 | Summary: ::as_bytes; Argument[self]; ReturnValue; value | -| 20 | Summary: ::as_str; Argument[self]; ReturnValue; value | -| 21 | Summary: alloc::fmt::format; Argument[0]; ReturnValue; taint | -| 22 | Summary: core::hint::must_use; Argument[0]; ReturnValue; value | +| 17 | Summary: ::add; Argument[0].Reference; ReturnValue; taint | +| 18 | Summary: ::as_bytes; Argument[self]; ReturnValue; value | +| 19 | Summary: ::as_str; Argument[self]; ReturnValue; value | +| 20 | Summary: ::as_bytes; Argument[self]; ReturnValue; value | +| 21 | Summary: ::as_str; Argument[self]; ReturnValue; value | +| 22 | Summary: alloc::fmt::format; Argument[0]; ReturnValue; taint | +| 23 | Summary: core::hint::must_use; Argument[0]; ReturnValue; value | nodes | test_logging.rs:42:5:42:10 | ...::log | semmle.label | ...::log | | test_logging.rs:42:12:42:35 | MacroExpr | semmle.label | MacroExpr | @@ -414,12 +411,13 @@ nodes | test_logging.rs:94:5:94:9 | ...::log | semmle.label | ...::log | | test_logging.rs:94:11:94:28 | MacroExpr | semmle.label | MacroExpr | | test_logging.rs:96:9:96:10 | m2 | semmle.label | m2 | +| test_logging.rs:96:14:96:49 | ... + ... | semmle.label | ... + ... | | test_logging.rs:96:41:96:49 | &password | semmle.label | &password | +| test_logging.rs:96:41:96:49 | &password [&ref] | semmle.label | &password [&ref] | | test_logging.rs:96:42:96:49 | password | semmle.label | password | | test_logging.rs:97:5:97:9 | ...::log | semmle.label | ...::log | | test_logging.rs:97:11:97:18 | MacroExpr | semmle.label | MacroExpr | | test_logging.rs:99:9:99:10 | m3 | semmle.label | m3 | -| test_logging.rs:99:14:99:20 | res | semmle.label | res | | test_logging.rs:99:22:99:45 | ...::format(...) | semmle.label | ...::format(...) | | test_logging.rs:99:22:99:45 | ...::must_use(...) | semmle.label | ...::must_use(...) | | test_logging.rs:99:22:99:45 | MacroExpr | semmle.label | MacroExpr | @@ -446,7 +444,6 @@ nodes | test_logging.rs:176:22:176:31 | log_expect | semmle.label | log_expect | | test_logging.rs:176:33:176:79 | &... | semmle.label | &... | | test_logging.rs:176:33:176:79 | &... [&ref] | semmle.label | &... [&ref] | -| test_logging.rs:176:34:176:40 | res | semmle.label | res | | test_logging.rs:176:34:176:79 | MacroExpr | semmle.label | MacroExpr | | test_logging.rs:176:42:176:78 | ...::format(...) | semmle.label | ...::format(...) | | test_logging.rs:176:42:176:78 | ...::must_use(...) | semmle.label | ...::must_use(...) | @@ -456,7 +453,6 @@ nodes | test_logging.rs:180:24:180:33 | log_expect | semmle.label | log_expect | | test_logging.rs:180:35:180:81 | &... | semmle.label | &... | | test_logging.rs:180:35:180:81 | &... [&ref] | semmle.label | &... [&ref] | -| test_logging.rs:180:36:180:42 | res | semmle.label | res | | test_logging.rs:180:36:180:81 | MacroExpr | semmle.label | MacroExpr | | test_logging.rs:180:44:180:80 | ...::format(...) | semmle.label | ...::format(...) | | test_logging.rs:180:44:180:80 | ...::must_use(...) | semmle.label | ...::must_use(...) | @@ -526,7 +522,6 @@ nodes | test_logging.rs:226:52:226:59 | password | semmle.label | password | | test_logging.rs:229:23:229:28 | expect | semmle.label | expect | | test_logging.rs:229:23:229:28 | expect | semmle.label | expect | -| test_logging.rs:229:30:229:36 | res | semmle.label | res | | test_logging.rs:229:30:229:62 | MacroExpr | semmle.label | MacroExpr | | test_logging.rs:229:30:229:71 | ... .as_str() | semmle.label | ... .as_str() | | test_logging.rs:229:30:229:71 | ... .as_str() [&ref] | semmle.label | ... .as_str() [&ref] | @@ -536,7 +531,6 @@ nodes | test_logging.rs:229:38:229:61 | { ... } | semmle.label | { ... } | | test_logging.rs:229:54:229:61 | password | semmle.label | password | | test_logging.rs:242:10:242:14 | write | semmle.label | write | -| test_logging.rs:242:16:242:22 | res | semmle.label | res | | test_logging.rs:242:16:242:50 | MacroExpr | semmle.label | MacroExpr | | test_logging.rs:242:16:242:61 | ... .as_bytes() | semmle.label | ... .as_bytes() | | test_logging.rs:242:16:242:61 | ... .as_bytes() [&ref] | semmle.label | ... .as_bytes() [&ref] | @@ -546,7 +540,6 @@ nodes | test_logging.rs:242:24:242:49 | { ... } | semmle.label | { ... } | | test_logging.rs:242:42:242:49 | password | semmle.label | password | | test_logging.rs:245:10:245:18 | write_all | semmle.label | write_all | -| test_logging.rs:245:20:245:26 | res | semmle.label | res | | test_logging.rs:245:20:245:54 | MacroExpr | semmle.label | MacroExpr | | test_logging.rs:245:20:245:65 | ... .as_bytes() | semmle.label | ... .as_bytes() | | test_logging.rs:245:20:245:65 | ... .as_bytes() [&ref] | semmle.label | ... .as_bytes() [&ref] | @@ -556,7 +549,6 @@ nodes | test_logging.rs:245:28:245:53 | { ... } | semmle.label | { ... } | | test_logging.rs:245:46:245:53 | password | semmle.label | password | | test_logging.rs:248:9:248:13 | write | semmle.label | write | -| test_logging.rs:248:15:248:21 | res | semmle.label | res | | test_logging.rs:248:15:248:49 | MacroExpr | semmle.label | MacroExpr | | test_logging.rs:248:15:248:60 | ... .as_bytes() | semmle.label | ... .as_bytes() | | test_logging.rs:248:15:248:60 | ... .as_bytes() [&ref] | semmle.label | ... .as_bytes() [&ref] | @@ -566,7 +558,6 @@ nodes | test_logging.rs:248:23:248:48 | { ... } | semmle.label | { ... } | | test_logging.rs:248:41:248:48 | password | semmle.label | password | | test_logging.rs:251:9:251:13 | write | semmle.label | write | -| test_logging.rs:251:15:251:21 | res | semmle.label | res | | test_logging.rs:251:15:251:49 | MacroExpr | semmle.label | MacroExpr | | test_logging.rs:251:15:251:60 | ... .as_bytes() | semmle.label | ... .as_bytes() | | test_logging.rs:251:15:251:60 | ... .as_bytes() [&ref] | semmle.label | ... .as_bytes() [&ref] | diff --git a/rust/ql/test/query-tests/security/CWE-312/CleartextStorageDatabase.expected b/rust/ql/test/query-tests/security/CWE-312/CleartextStorageDatabase.expected index 028b2d88ac3..3f0171042a1 100644 --- a/rust/ql/test/query-tests/security/CWE-312/CleartextStorageDatabase.expected +++ b/rust/ql/test/query-tests/security/CWE-312/CleartextStorageDatabase.expected @@ -9,70 +9,79 @@ | test_storage.rs:204:31:204:37 | prepare | test_storage.rs:190:86:190:103 | get_phone_number(...) | test_storage.rs:204:31:204:37 | prepare | This database operation may read or write unencrypted sensitive data from $@. | test_storage.rs:190:86:190:103 | get_phone_number(...) | get_phone_number(...) | edges | test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:100:25:100:37 | insert_query2 | provenance | | +| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:100:25:100:46 | insert_query2.as_str() | provenance | MaD:9 | | test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:100:25:100:46 | insert_query2.as_str() | provenance | MaD:8 | -| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:100:25:100:46 | insert_query2.as_str() | provenance | MaD:7 | -| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:100:25:100:46 | insert_query2.as_str() | provenance | MaD:8 | +| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:100:25:100:46 | insert_query2.as_str() | provenance | MaD:9 | | test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:115:27:115:39 | insert_query2 | provenance | | +| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:115:27:115:48 | insert_query2.as_str() | provenance | MaD:9 | | test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:115:27:115:48 | insert_query2.as_str() | provenance | MaD:8 | -| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:115:27:115:48 | insert_query2.as_str() | provenance | MaD:7 | -| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:115:27:115:48 | insert_query2.as_str() | provenance | MaD:8 | +| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:115:27:115:48 | insert_query2.as_str() | provenance | MaD:9 | | test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:119:25:119:37 | insert_query2 | provenance | | +| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:119:25:119:46 | insert_query2.as_str() | provenance | MaD:9 | | test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:119:25:119:46 | insert_query2.as_str() | provenance | MaD:8 | -| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:119:25:119:46 | insert_query2.as_str() | provenance | MaD:7 | -| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:119:25:119:46 | insert_query2.as_str() | provenance | MaD:8 | +| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:119:25:119:46 | insert_query2.as_str() | provenance | MaD:9 | | test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:125:25:125:37 | insert_query2 | provenance | | +| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:125:25:125:46 | insert_query2.as_str() | provenance | MaD:9 | | test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:125:25:125:46 | insert_query2.as_str() | provenance | MaD:8 | -| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:125:25:125:46 | insert_query2.as_str() | provenance | MaD:7 | -| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:125:25:125:46 | insert_query2.as_str() | provenance | MaD:8 | +| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:125:25:125:46 | insert_query2.as_str() | provenance | MaD:9 | | test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:139:25:139:37 | insert_query2 | provenance | | +| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:139:25:139:46 | insert_query2.as_str() | provenance | MaD:9 | | test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:139:25:139:46 | insert_query2.as_str() | provenance | MaD:8 | -| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:139:25:139:46 | insert_query2.as_str() | provenance | MaD:7 | -| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:139:25:139:46 | insert_query2.as_str() | provenance | MaD:8 | +| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:139:25:139:46 | insert_query2.as_str() | provenance | MaD:9 | | test_storage.rs:71:25:71:114 | ... + ... | test_storage.rs:71:9:71:21 | insert_query2 | provenance | | -| test_storage.rs:71:25:71:114 | ... + ... | test_storage.rs:71:25:71:121 | ... + ... | provenance | MaD:6 | +| test_storage.rs:71:25:71:114 | ... + ... | test_storage.rs:71:25:71:121 | ... + ... | provenance | MaD:7 | | test_storage.rs:71:25:71:121 | ... + ... | test_storage.rs:71:9:71:21 | insert_query2 | provenance | | | test_storage.rs:71:96:71:114 | &... | test_storage.rs:71:9:71:21 | insert_query2 | provenance | | | test_storage.rs:71:96:71:114 | &... | test_storage.rs:71:25:71:114 | ... + ... | provenance | | +| test_storage.rs:71:96:71:114 | &... | test_storage.rs:71:25:71:114 | ... + ... | provenance | MaD:6 | +| test_storage.rs:71:96:71:114 | &... [&ref] | test_storage.rs:71:25:71:114 | ... + ... | provenance | MaD:6 | | test_storage.rs:71:97:71:114 | get_phone_number(...) | test_storage.rs:71:96:71:114 | &... | provenance | Config | +| test_storage.rs:71:97:71:114 | get_phone_number(...) | test_storage.rs:71:96:71:114 | &... [&ref] | provenance | | +| test_storage.rs:100:25:100:37 | insert_query2 | test_storage.rs:100:25:100:46 | insert_query2.as_str() [&ref] | provenance | MaD:9 | | test_storage.rs:100:25:100:37 | insert_query2 | test_storage.rs:100:25:100:46 | insert_query2.as_str() [&ref] | provenance | MaD:8 | -| test_storage.rs:100:25:100:37 | insert_query2 | test_storage.rs:100:25:100:46 | insert_query2.as_str() [&ref] | provenance | MaD:7 | -| test_storage.rs:100:25:100:37 | insert_query2 | test_storage.rs:100:25:100:46 | insert_query2.as_str() [&ref] | provenance | MaD:8 | +| test_storage.rs:100:25:100:37 | insert_query2 | test_storage.rs:100:25:100:46 | insert_query2.as_str() [&ref] | provenance | MaD:9 | | test_storage.rs:100:25:100:46 | insert_query2.as_str() | test_storage.rs:100:13:100:23 | ...::query | provenance | MaD:4 Sink:MaD:4 | | test_storage.rs:100:25:100:46 | insert_query2.as_str() [&ref] | test_storage.rs:100:13:100:23 | ...::query | provenance | MaD:4 Sink:MaD:4 | +| test_storage.rs:115:27:115:39 | insert_query2 | test_storage.rs:115:27:115:48 | insert_query2.as_str() [&ref] | provenance | MaD:9 | | test_storage.rs:115:27:115:39 | insert_query2 | test_storage.rs:115:27:115:48 | insert_query2.as_str() [&ref] | provenance | MaD:8 | -| test_storage.rs:115:27:115:39 | insert_query2 | test_storage.rs:115:27:115:48 | insert_query2.as_str() [&ref] | provenance | MaD:7 | -| test_storage.rs:115:27:115:39 | insert_query2 | test_storage.rs:115:27:115:48 | insert_query2.as_str() [&ref] | provenance | MaD:8 | +| test_storage.rs:115:27:115:39 | insert_query2 | test_storage.rs:115:27:115:48 | insert_query2.as_str() [&ref] | provenance | MaD:9 | | test_storage.rs:115:27:115:48 | insert_query2.as_str() | test_storage.rs:115:13:115:25 | ...::raw_sql | provenance | MaD:5 Sink:MaD:5 | | test_storage.rs:115:27:115:48 | insert_query2.as_str() [&ref] | test_storage.rs:115:13:115:25 | ...::raw_sql | provenance | MaD:5 Sink:MaD:5 | +| test_storage.rs:119:25:119:37 | insert_query2 | test_storage.rs:119:25:119:46 | insert_query2.as_str() [&ref] | provenance | MaD:9 | | test_storage.rs:119:25:119:37 | insert_query2 | test_storage.rs:119:25:119:46 | insert_query2.as_str() [&ref] | provenance | MaD:8 | -| test_storage.rs:119:25:119:37 | insert_query2 | test_storage.rs:119:25:119:46 | insert_query2.as_str() [&ref] | provenance | MaD:7 | -| test_storage.rs:119:25:119:37 | insert_query2 | test_storage.rs:119:25:119:46 | insert_query2.as_str() [&ref] | provenance | MaD:8 | +| test_storage.rs:119:25:119:37 | insert_query2 | test_storage.rs:119:25:119:46 | insert_query2.as_str() [&ref] | provenance | MaD:9 | | test_storage.rs:119:25:119:46 | insert_query2.as_str() | test_storage.rs:119:13:119:23 | ...::query | provenance | MaD:4 Sink:MaD:4 | | test_storage.rs:119:25:119:46 | insert_query2.as_str() [&ref] | test_storage.rs:119:13:119:23 | ...::query | provenance | MaD:4 Sink:MaD:4 | +| test_storage.rs:125:25:125:37 | insert_query2 | test_storage.rs:125:25:125:46 | insert_query2.as_str() [&ref] | provenance | MaD:9 | | test_storage.rs:125:25:125:37 | insert_query2 | test_storage.rs:125:25:125:46 | insert_query2.as_str() [&ref] | provenance | MaD:8 | -| test_storage.rs:125:25:125:37 | insert_query2 | test_storage.rs:125:25:125:46 | insert_query2.as_str() [&ref] | provenance | MaD:7 | -| test_storage.rs:125:25:125:37 | insert_query2 | test_storage.rs:125:25:125:46 | insert_query2.as_str() [&ref] | provenance | MaD:8 | +| test_storage.rs:125:25:125:37 | insert_query2 | test_storage.rs:125:25:125:46 | insert_query2.as_str() [&ref] | provenance | MaD:9 | | test_storage.rs:125:25:125:46 | insert_query2.as_str() | test_storage.rs:125:13:125:23 | ...::query | provenance | MaD:4 Sink:MaD:4 | | test_storage.rs:125:25:125:46 | insert_query2.as_str() [&ref] | test_storage.rs:125:13:125:23 | ...::query | provenance | MaD:4 Sink:MaD:4 | +| test_storage.rs:139:25:139:37 | insert_query2 | test_storage.rs:139:25:139:46 | insert_query2.as_str() [&ref] | provenance | MaD:9 | | test_storage.rs:139:25:139:37 | insert_query2 | test_storage.rs:139:25:139:46 | insert_query2.as_str() [&ref] | provenance | MaD:8 | -| test_storage.rs:139:25:139:37 | insert_query2 | test_storage.rs:139:25:139:46 | insert_query2.as_str() [&ref] | provenance | MaD:7 | -| test_storage.rs:139:25:139:37 | insert_query2 | test_storage.rs:139:25:139:46 | insert_query2.as_str() [&ref] | provenance | MaD:8 | +| test_storage.rs:139:25:139:37 | insert_query2 | test_storage.rs:139:25:139:46 | insert_query2.as_str() [&ref] | provenance | MaD:9 | | test_storage.rs:139:25:139:46 | insert_query2.as_str() | test_storage.rs:139:13:139:23 | ...::query | provenance | MaD:4 Sink:MaD:4 | | test_storage.rs:139:25:139:46 | insert_query2.as_str() [&ref] | test_storage.rs:139:13:139:23 | ...::query | provenance | MaD:4 Sink:MaD:4 | | test_storage.rs:189:9:189:24 | insert_query_bad | test_storage.rs:194:25:194:40 | insert_query_bad | provenance | | | test_storage.rs:189:28:189:117 | ... + ... | test_storage.rs:189:9:189:24 | insert_query_bad | provenance | | -| test_storage.rs:189:28:189:117 | ... + ... | test_storage.rs:189:28:189:124 | ... + ... | provenance | MaD:6 | +| test_storage.rs:189:28:189:117 | ... + ... | test_storage.rs:189:28:189:124 | ... + ... | provenance | MaD:7 | | test_storage.rs:189:28:189:124 | ... + ... | test_storage.rs:189:9:189:24 | insert_query_bad | provenance | | | test_storage.rs:189:99:189:117 | &... | test_storage.rs:189:9:189:24 | insert_query_bad | provenance | | | test_storage.rs:189:99:189:117 | &... | test_storage.rs:189:28:189:117 | ... + ... | provenance | | +| test_storage.rs:189:99:189:117 | &... | test_storage.rs:189:28:189:117 | ... + ... | provenance | MaD:6 | +| test_storage.rs:189:99:189:117 | &... [&ref] | test_storage.rs:189:28:189:117 | ... + ... | provenance | MaD:6 | | test_storage.rs:189:100:189:117 | get_phone_number(...) | test_storage.rs:189:99:189:117 | &... | provenance | Config | +| test_storage.rs:189:100:189:117 | get_phone_number(...) | test_storage.rs:189:99:189:117 | &... [&ref] | provenance | | | test_storage.rs:190:9:190:24 | select_query_bad | test_storage.rs:196:35:196:50 | select_query_bad | provenance | | | test_storage.rs:190:28:190:103 | ... + ... | test_storage.rs:190:9:190:24 | select_query_bad | provenance | | -| test_storage.rs:190:28:190:103 | ... + ... | test_storage.rs:190:28:190:109 | ... + ... | provenance | MaD:6 | +| test_storage.rs:190:28:190:103 | ... + ... | test_storage.rs:190:28:190:109 | ... + ... | provenance | MaD:7 | | test_storage.rs:190:28:190:109 | ... + ... | test_storage.rs:190:9:190:24 | select_query_bad | provenance | | | test_storage.rs:190:85:190:103 | &... | test_storage.rs:190:9:190:24 | select_query_bad | provenance | | | test_storage.rs:190:85:190:103 | &... | test_storage.rs:190:28:190:103 | ... + ... | provenance | | +| test_storage.rs:190:85:190:103 | &... | test_storage.rs:190:28:190:103 | ... + ... | provenance | MaD:6 | +| test_storage.rs:190:85:190:103 | &... [&ref] | test_storage.rs:190:28:190:103 | ... + ... | provenance | MaD:6 | | test_storage.rs:190:86:190:103 | get_phone_number(...) | test_storage.rs:190:85:190:103 | &... | provenance | Config | +| test_storage.rs:190:86:190:103 | get_phone_number(...) | test_storage.rs:190:85:190:103 | &... [&ref] | provenance | | | test_storage.rs:194:24:194:40 | &insert_query_bad | test_storage.rs:194:16:194:22 | execute | provenance | MaD:1 Sink:MaD:1 | | test_storage.rs:194:24:194:40 | &insert_query_bad [&ref] | test_storage.rs:194:16:194:22 | execute | provenance | MaD:1 Sink:MaD:1 | | test_storage.rs:194:25:194:40 | insert_query_bad | test_storage.rs:194:24:194:40 | &insert_query_bad | provenance | Config | @@ -92,14 +101,16 @@ models | 3 | Sink: ::query_row; Argument[0]; sql-injection | | 4 | Sink: sqlx_core::query::query; Argument[0]; sql-injection | | 5 | Sink: sqlx_core::raw_sql::raw_sql; Argument[0]; sql-injection | -| 6 | Summary: ::add; Argument[self]; ReturnValue; value | -| 7 | Summary: ::as_str; Argument[self]; ReturnValue; value | -| 8 | Summary: ::as_str; Argument[self]; ReturnValue; value | +| 6 | Summary: ::add; Argument[0].Reference; ReturnValue; taint | +| 7 | Summary: ::add; Argument[self]; ReturnValue; value | +| 8 | Summary: ::as_str; Argument[self]; ReturnValue; value | +| 9 | Summary: ::as_str; Argument[self]; ReturnValue; value | nodes | test_storage.rs:71:9:71:21 | insert_query2 | semmle.label | insert_query2 | | test_storage.rs:71:25:71:114 | ... + ... | semmle.label | ... + ... | | test_storage.rs:71:25:71:121 | ... + ... | semmle.label | ... + ... | | test_storage.rs:71:96:71:114 | &... | semmle.label | &... | +| test_storage.rs:71:96:71:114 | &... [&ref] | semmle.label | &... [&ref] | | test_storage.rs:71:97:71:114 | get_phone_number(...) | semmle.label | get_phone_number(...) | | test_storage.rs:100:13:100:23 | ...::query | semmle.label | ...::query | | test_storage.rs:100:25:100:37 | insert_query2 | semmle.label | insert_query2 | @@ -125,11 +136,13 @@ nodes | test_storage.rs:189:28:189:117 | ... + ... | semmle.label | ... + ... | | test_storage.rs:189:28:189:124 | ... + ... | semmle.label | ... + ... | | test_storage.rs:189:99:189:117 | &... | semmle.label | &... | +| test_storage.rs:189:99:189:117 | &... [&ref] | semmle.label | &... [&ref] | | test_storage.rs:189:100:189:117 | get_phone_number(...) | semmle.label | get_phone_number(...) | | test_storage.rs:190:9:190:24 | select_query_bad | semmle.label | select_query_bad | | test_storage.rs:190:28:190:103 | ... + ... | semmle.label | ... + ... | | test_storage.rs:190:28:190:109 | ... + ... | semmle.label | ... + ... | | test_storage.rs:190:85:190:103 | &... | semmle.label | &... | +| test_storage.rs:190:85:190:103 | &... [&ref] | semmle.label | &... [&ref] | | test_storage.rs:190:86:190:103 | get_phone_number(...) | semmle.label | get_phone_number(...) | | test_storage.rs:194:16:194:22 | execute | semmle.label | execute | | test_storage.rs:194:24:194:40 | &insert_query_bad | semmle.label | &insert_query_bad | diff --git a/rust/ql/test/query-tests/security/CWE-319/UseOfHttp.expected b/rust/ql/test/query-tests/security/CWE-319/UseOfHttp.expected index 952bd741d1c..25890c76985 100644 --- a/rust/ql/test/query-tests/security/CWE-319/UseOfHttp.expected +++ b/rust/ql/test/query-tests/security/CWE-319/UseOfHttp.expected @@ -13,8 +13,7 @@ edges | main.rs:23:9:23:16 | base_url | main.rs:25:28:25:53 | MacroExpr | provenance | | | main.rs:23:20:23:39 | "http://example.com" | main.rs:23:9:23:16 | base_url | provenance | | | main.rs:25:9:25:16 | full_url | main.rs:26:45:26:52 | full_url | provenance | | -| main.rs:25:20:25:26 | res | main.rs:25:28:25:53 | { ... } | provenance | | -| main.rs:25:28:25:53 | ...::format(...) | main.rs:25:20:25:26 | res | provenance | | +| main.rs:25:28:25:53 | ...::format(...) | main.rs:25:28:25:53 | { ... } | provenance | | | main.rs:25:28:25:53 | ...::must_use(...) | main.rs:25:9:25:16 | full_url | provenance | | | main.rs:25:28:25:53 | MacroExpr | main.rs:25:28:25:53 | ...::format(...) | provenance | MaD:2 | | main.rs:25:28:25:53 | { ... } | main.rs:25:28:25:53 | ...::must_use(...) | provenance | MaD:3 | @@ -23,8 +22,7 @@ edges | main.rs:34:9:34:16 | protocol | main.rs:36:32:36:53 | MacroExpr | provenance | | | main.rs:34:20:34:28 | "http://" | main.rs:34:9:34:16 | protocol | provenance | | | main.rs:36:9:36:20 | insecure_url | main.rs:37:54:37:65 | insecure_url | provenance | | -| main.rs:36:24:36:30 | res | main.rs:36:32:36:53 | { ... } | provenance | | -| main.rs:36:32:36:53 | ...::format(...) | main.rs:36:24:36:30 | res | provenance | | +| main.rs:36:32:36:53 | ...::format(...) | main.rs:36:32:36:53 | { ... } | provenance | | | main.rs:36:32:36:53 | ...::must_use(...) | main.rs:36:9:36:20 | insecure_url | provenance | | | main.rs:36:32:36:53 | MacroExpr | main.rs:36:32:36:53 | ...::format(...) | provenance | MaD:2 | | main.rs:36:32:36:53 | { ... } | main.rs:36:32:36:53 | ...::must_use(...) | provenance | MaD:3 | @@ -48,7 +46,6 @@ nodes | main.rs:23:9:23:16 | base_url | semmle.label | base_url | | main.rs:23:20:23:39 | "http://example.com" | semmle.label | "http://example.com" | | main.rs:25:9:25:16 | full_url | semmle.label | full_url | -| main.rs:25:20:25:26 | res | semmle.label | res | | main.rs:25:28:25:53 | ...::format(...) | semmle.label | ...::format(...) | | main.rs:25:28:25:53 | ...::must_use(...) | semmle.label | ...::must_use(...) | | main.rs:25:28:25:53 | MacroExpr | semmle.label | MacroExpr | @@ -59,7 +56,6 @@ nodes | main.rs:34:9:34:16 | protocol | semmle.label | protocol | | main.rs:34:20:34:28 | "http://" | semmle.label | "http://" | | main.rs:36:9:36:20 | insecure_url | semmle.label | insecure_url | -| main.rs:36:24:36:30 | res | semmle.label | res | | main.rs:36:32:36:53 | ...::format(...) | semmle.label | ...::format(...) | | main.rs:36:32:36:53 | ...::must_use(...) | semmle.label | ...::must_use(...) | | main.rs:36:32:36:53 | MacroExpr | semmle.label | MacroExpr | diff --git a/rust/ql/test/query-tests/security/CWE-614/Cargo.lock b/rust/ql/test/query-tests/security/CWE-614/Cargo.lock new file mode 100644 index 00000000000..1d2124de710 --- /dev/null +++ b/rust/ql/test/query-tests/security/CWE-614/Cargo.lock @@ -0,0 +1,684 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +version = 4 + +[[package]] +name = "aead" +version = "0.5.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d122413f284cf2d62fb1b7db97e02edb8cda96d769b16e443a4f6195e35662b0" +dependencies = [ + "crypto-common", + "generic-array", +] + +[[package]] +name = "aes" +version = "0.8.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b169f7a6d4742236a0a00c541b845991d0ac43e546831af1249753ab4c3aa3a0" +dependencies = [ + "cfg-if", + "cipher", + "cpufeatures", +] + +[[package]] +name = "aes-gcm" +version = "0.10.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "831010a0f742e1209b3bcea8fab6a8e149051ba6099432c8cb2cc117dec3ead1" +dependencies = [ + "aead", + "aes", + "cipher", + "ctr", + "ghash", + "subtle", +] + +[[package]] +name = "aes-gcm-siv" +version = "0.11.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ae0784134ba9375416d469ec31e7c5f9fa94405049cf08c5ce5b4698be673e0d" +dependencies = [ + "aead", + "aes", + "cipher", + "ctr", + "polyval", + "subtle", + "zeroize", +] + +[[package]] +name = "anyhow" +version = "1.0.99" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b0674a1ddeecb70197781e945de4b3b8ffb61fa939a5597bcf48503737663100" + +[[package]] +name = "base64" +version = "0.22.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6" + +[[package]] +name = "biscotti" +version = "0.4.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ddb6f28a3d15d18cace7a8010282a4d9cee1452dcd33f5861c173b4a31095b79" +dependencies = [ + "aes-gcm-siv", + "anyhow", + "base64", + "hkdf", + "hmac", + "jiff", + "percent-encoding", + "rand 0.9.2", + "serde", + "sha2", + "subtle", +] + +[[package]] +name = "block-buffer" +version = "0.10.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71" +dependencies = [ + "generic-array", +] + +[[package]] +name = "cfg-if" +version = "1.0.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2fd1289c04a9ea8cb22300a459a72a385d7c73d3259e2ed7dcb2af674838cfa9" + +[[package]] +name = "cipher" +version = "0.4.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "773f3b9af64447d2ce9850330c473515014aa235e6a783b02db81ff39e4a3dad" +dependencies = [ + "crypto-common", + "inout", +] + +[[package]] +name = "cookie" +version = "0.18.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4ddef33a339a91ea89fb53151bd0a4689cfce27055c291dfa69945475d22c747" +dependencies = [ + "aes-gcm", + "base64", + "hmac", + "percent-encoding", + "rand 0.8.5", + "sha2", + "subtle", + "time", + "version_check", +] + +[[package]] +name = "cpufeatures" +version = "0.2.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "59ed5838eebb26a2bb2e58f6d5b5316989ae9d08bab10e0e6d103e656d1b0280" +dependencies = [ + "libc", +] + +[[package]] +name = "crypto-common" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3" +dependencies = [ + "generic-array", + "rand_core 0.6.4", + "typenum", +] + +[[package]] +name = "ctr" +version = "0.9.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0369ee1ad671834580515889b80f2ea915f23b8be8d0daa4bbaf2ac5c7590835" +dependencies = [ + "cipher", +] + +[[package]] +name = "deranged" +version = "0.5.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d630bccd429a5bb5a64b5e94f693bfc48c9f8566418fda4c494cc94f911f87cc" +dependencies = [ + "powerfmt", +] + +[[package]] +name = "digest" +version = "0.10.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" +dependencies = [ + "block-buffer", + "crypto-common", + "subtle", +] + +[[package]] +name = "generic-array" +version = "0.14.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a" +dependencies = [ + "typenum", + "version_check", +] + +[[package]] +name = "getrandom" +version = "0.2.16" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "335ff9f135e4384c8150d6f27c6daed433577f86b4750418338c01a1a2528592" +dependencies = [ + "cfg-if", + "libc", + "wasi 0.11.1+wasi-snapshot-preview1", +] + +[[package]] +name = "getrandom" +version = "0.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "26145e563e54f2cadc477553f1ec5ee650b00862f0a58bcd12cbdc5f0ea2d2f4" +dependencies = [ + "cfg-if", + "libc", + "r-efi", + "wasi 0.14.5+wasi-0.2.4", +] + +[[package]] +name = "ghash" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f0d8a4362ccb29cb0b265253fb0a2728f592895ee6854fd9bc13f2ffda266ff1" +dependencies = [ + "opaque-debug", + "polyval", +] + +[[package]] +name = "hkdf" +version = "0.12.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7b5f8eb2ad728638ea2c7d47a21db23b7b58a72ed6a38256b8a1849f15fbbdf7" +dependencies = [ + "hmac", +] + +[[package]] +name = "hmac" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e" +dependencies = [ + "digest", +] + +[[package]] +name = "inout" +version = "0.1.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "879f10e63c20629ecabbb64a8010319738c66a5cd0c29b02d63d272b03751d01" +dependencies = [ + "generic-array", +] + +[[package]] +name = "jiff" +version = "0.2.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "be1f93b8b1eb69c77f24bbb0afdf66f54b632ee39af40ca21c4365a1d7347e49" +dependencies = [ + "jiff-static", + "jiff-tzdb-platform", + "log", + "portable-atomic", + "portable-atomic-util", + "serde", + "windows-sys", +] + +[[package]] +name = "jiff-static" +version = "0.2.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "03343451ff899767262ec32146f6d559dd759fdadf42ff0e227c7c48f72594b4" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "jiff-tzdb" +version = "0.1.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c1283705eb0a21404d2bfd6eef2a7593d240bc42a0bdb39db0ad6fa2ec026524" + +[[package]] +name = "jiff-tzdb-platform" +version = "0.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "875a5a69ac2bab1a891711cf5eccbec1ce0341ea805560dcd90b7a2e925132e8" +dependencies = [ + "jiff-tzdb", +] + +[[package]] +name = "libc" +version = "0.2.175" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6a82ae493e598baaea5209805c49bbf2ea7de956d50d7da0da1164f9c6d28543" + +[[package]] +name = "log" +version = "0.4.28" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "34080505efa8e45a4b816c349525ebe327ceaa8559756f0356cba97ef3bf7432" + +[[package]] +name = "num-conv" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "51d515d32fb182ee37cda2ccdcb92950d6a3c2893aa280e540671c2cd0f3b1d9" + +[[package]] +name = "opaque-debug" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c08d65885ee38876c4f86fa503fb49d7b507c2b62552df7c70b2fce627e06381" + +[[package]] +name = "percent-encoding" +version = "2.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e3148f5046208a5d56bcfc03053e3ca6334e51da8dfb19b6cdc8b306fae3283e" + +[[package]] +name = "polyval" +version = "0.6.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9d1fe60d06143b2430aa532c94cfe9e29783047f06c0d7fd359a9a51b729fa25" +dependencies = [ + "cfg-if", + "cpufeatures", + "opaque-debug", + "universal-hash", +] + +[[package]] +name = "portable-atomic" +version = "1.11.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f84267b20a16ea918e43c6a88433c2d54fa145c92a811b5b047ccbe153674483" + +[[package]] +name = "portable-atomic-util" +version = "0.2.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d8a2f0d8d040d7848a709caf78912debcc3f33ee4b3cac47d73d1e1069e83507" +dependencies = [ + "portable-atomic", +] + +[[package]] +name = "powerfmt" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "439ee305def115ba05938db6eb1644ff94165c5ab5e9420d1c1bcedbba909391" + +[[package]] +name = "ppv-lite86" +version = "0.2.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "85eae3c4ed2f50dcfe72643da4befc30deadb458a9b590d720cde2f2b1e97da9" +dependencies = [ + "zerocopy", +] + +[[package]] +name = "proc-macro2" +version = "1.0.95" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "02b3e5e68a3a1a02aad3ec490a98007cbc13c37cbe84a3cd7b8e406d76e7f778" +dependencies = [ + "unicode-ident", +] + +[[package]] +name = "quote" +version = "1.0.40" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1885c039570dc00dcb4ff087a89e185fd56bae234ddc7f056a945bf36467248d" +dependencies = [ + "proc-macro2", +] + +[[package]] +name = "r-efi" +version = "5.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "69cdb34c158ceb288df11e18b4bd39de994f6657d83847bdffdbd7f346754b0f" + +[[package]] +name = "rand" +version = "0.8.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404" +dependencies = [ + "libc", + "rand_chacha 0.3.1", + "rand_core 0.6.4", +] + +[[package]] +name = "rand" +version = "0.9.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6db2770f06117d490610c7488547d543617b21bfa07796d7a12f6f1bd53850d1" +dependencies = [ + "rand_chacha 0.9.0", + "rand_core 0.9.3", +] + +[[package]] +name = "rand_chacha" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88" +dependencies = [ + "ppv-lite86", + "rand_core 0.6.4", +] + +[[package]] +name = "rand_chacha" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3022b5f1df60f26e1ffddd6c66e8aa15de382ae63b3a0c1bfc0e4d3e3f325cb" +dependencies = [ + "ppv-lite86", + "rand_core 0.9.3", +] + +[[package]] +name = "rand_core" +version = "0.6.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c" +dependencies = [ + "getrandom 0.2.16", +] + +[[package]] +name = "rand_core" +version = "0.9.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "99d9a13982dcf210057a8a78572b2217b667c3beacbf3a0d8b454f6f82837d38" +dependencies = [ + "getrandom 0.3.3", +] + +[[package]] +name = "serde" +version = "1.0.219" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5f0e2c6ed6606019b4e29e69dbaba95b11854410e5347d525002456dbbb786b6" +dependencies = [ + "serde_derive", +] + +[[package]] +name = "serde_derive" +version = "1.0.219" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5b0276cf7f2c73365f7157c8123c21cd9a50fbbd844757af28ca1f5925fc2a00" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "sha2" +version = "0.10.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a7507d819769d01a365ab707794a4084392c824f54a7a6a7862f8c3d0892b283" +dependencies = [ + "cfg-if", + "cpufeatures", + "digest", +] + +[[package]] +name = "subtle" +version = "2.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292" + +[[package]] +name = "syn" +version = "2.0.103" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e4307e30089d6fd6aff212f2da3a1f9e32f3223b1f010fb09b7c95f90f3ca1e8" +dependencies = [ + "proc-macro2", + "quote", + "unicode-ident", +] + +[[package]] +name = "test" +version = "0.0.1" +dependencies = [ + "biscotti", + "cookie", +] + +[[package]] +name = "time" +version = "0.3.43" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "83bde6f1ec10e72d583d91623c939f623002284ef622b87de38cfd546cbf2031" +dependencies = [ + "deranged", + "num-conv", + "powerfmt", + "serde", + "time-core", + "time-macros", +] + +[[package]] +name = "time-core" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "40868e7c1d2f0b8d73e4a8c7f0ff63af4f6d19be117e90bd73eb1d62cf831c6b" + +[[package]] +name = "time-macros" +version = "0.2.24" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "30cfb0125f12d9c277f35663a0a33f8c30190f4e4574868a330595412d34ebf3" +dependencies = [ + "num-conv", + "time-core", +] + +[[package]] +name = "typenum" +version = "1.18.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1dccffe3ce07af9386bfd29e80c0ab1a8205a2fc34e4bcd40364df902cfa8f3f" + +[[package]] +name = "unicode-ident" +version = "1.0.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5a5f39404a5da50712a4c1eecf25e90dd62b613502b7e925fd4e4d19b5c96512" + +[[package]] +name = "universal-hash" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fc1de2c688dc15305988b563c3854064043356019f97a4b46276fe734c4f07ea" +dependencies = [ + "crypto-common", + "subtle", +] + +[[package]] +name = "version_check" +version = "0.9.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a" + +[[package]] +name = "wasi" +version = "0.11.1+wasi-snapshot-preview1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ccf3ec651a847eb01de73ccad15eb7d99f80485de043efb2f370cd654f4ea44b" + +[[package]] +name = "wasi" +version = "0.14.5+wasi-0.2.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a4494f6290a82f5fe584817a676a34b9d6763e8d9d18204009fb31dceca98fd4" +dependencies = [ + "wasip2", +] + +[[package]] +name = "wasip2" +version = "1.0.0+wasi-0.2.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "03fa2761397e5bd52002cd7e73110c71af2109aca4e521a9f40473fe685b0a24" +dependencies = [ + "wit-bindgen", +] + +[[package]] +name = "windows-sys" +version = "0.59.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1e38bc4d79ed67fd075bcc251a1c39b32a1776bbe92e5bef1f0bf1f8c531853b" +dependencies = [ + "windows-targets", +] + +[[package]] +name = "windows-targets" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973" +dependencies = [ + "windows_aarch64_gnullvm", + "windows_aarch64_msvc", + "windows_i686_gnu", + "windows_i686_gnullvm", + "windows_i686_msvc", + "windows_x86_64_gnu", + "windows_x86_64_gnullvm", + "windows_x86_64_msvc", +] + +[[package]] +name = "windows_aarch64_gnullvm" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3" + +[[package]] +name = "windows_aarch64_msvc" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469" + +[[package]] +name = "windows_i686_gnu" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b" + +[[package]] +name = "windows_i686_gnullvm" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66" + +[[package]] +name = "windows_i686_msvc" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66" + +[[package]] +name = "windows_x86_64_gnu" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78" + +[[package]] +name = "windows_x86_64_gnullvm" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d" + +[[package]] +name = "windows_x86_64_msvc" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec" + +[[package]] +name = "wit-bindgen" +version = "0.45.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5c573471f125075647d03df72e026074b7203790d41351cd6edc96f46bcccd36" + +[[package]] +name = "zerocopy" +version = "0.8.26" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1039dd0d3c310cf05de012d8a39ff557cb0d23087fd44cad61df08fc31907a2f" +dependencies = [ + "zerocopy-derive", +] + +[[package]] +name = "zerocopy-derive" +version = "0.8.26" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9ecf5b4cc5364572d7f4c329661bcc82724222973f2cab6f050a4e5c22f75181" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "zeroize" +version = "1.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ced3678a2879b30306d323f4542626697a464a97c0a07c9aebf7ebca65cd4dde" diff --git a/rust/ql/test/query-tests/security/CWE-614/CookieSet.expected b/rust/ql/test/query-tests/security/CWE-614/CookieSet.expected new file mode 100644 index 00000000000..959648d37ed --- /dev/null +++ b/rust/ql/test/query-tests/security/CWE-614/CookieSet.expected @@ -0,0 +1,54 @@ +| main.rs:8:19:8:50 | ...::build(...) | secure | false | +| main.rs:12:19:12:50 | ...::build(...) | secure | true | +| main.rs:20:5:20:36 | ...::build(...) | secure | false | +| main.rs:21:5:21:36 | ...::build(...) | secure | false | +| main.rs:24:5:24:36 | ...::build(...) | secure | true | +| main.rs:25:5:25:36 | ...::build(...) | secure | false | +| main.rs:26:5:26:36 | ...::build(...) | secure | false | +| main.rs:27:5:27:36 | ...::build(...) | secure | false | +| main.rs:28:5:28:36 | ...::build(...) | secure | false | +| main.rs:29:5:29:36 | ...::build(...) | secure | false | +| main.rs:33:9:33:40 | ...::build(...) | secure | false | +| main.rs:35:9:35:40 | ...::build(...) | secure | false | +| main.rs:39:5:39:39 | ...::new(...) | secure | false | +| main.rs:40:5:40:50 | ... .expires(...) | secure | false | +| main.rs:41:5:41:79 | ... .max_age(...) | secure | false | +| main.rs:42:5:42:58 | ... .domain(...) | secure | false | +| main.rs:43:5:43:46 | ... .path(...) | secure | false | +| main.rs:44:5:44:52 | ... .http_only(...) | secure | false | +| main.rs:45:5:45:72 | ... .same_site(...) | secure | false | +| main.rs:46:5:46:48 | ... .permanent() | secure | false | +| main.rs:47:5:47:46 | ... .removal() | secure | false | +| main.rs:48:5:48:36 | ...::build(...) | secure | false | +| main.rs:49:5:49:25 | ...::build(...) | secure | false | +| main.rs:50:5:50:40 | ...::build(...) | secure | false | +| main.rs:53:5:53:36 | ...::build(...) | secure | true | +| main.rs:53:5:53:49 | ... .secure(...) | secure | false | +| main.rs:54:5:54:36 | ...::build(...) | secure | false | +| main.rs:54:5:54:50 | ... .secure(...) | secure | true | +| main.rs:61:5:61:5 | [SSA] a | secure | true | +| main.rs:61:5:61:5 | a | secure | true | +| main.rs:63:5:63:5 | [SSA] a | secure | false | +| main.rs:63:5:63:5 | a | secure | false | +| main.rs:71:5:71:5 | [SSA] b | secure | false | +| main.rs:71:5:71:5 | b | secure | false | +| main.rs:73:5:73:5 | [SSA] b | secure | true | +| main.rs:73:5:73:5 | b | secure | true | +| main.rs:81:9:81:9 | [SSA] c | secure | true | +| main.rs:81:9:81:9 | c | secure | true | +| main.rs:84:5:84:5 | [SSA] c | secure | true | +| main.rs:84:5:84:5 | c | secure | true | +| main.rs:90:9:90:9 | c | secure | true | +| main.rs:92:9:92:9 | c | partitioned | true | +| main.rs:109:9:109:9 | [SSA] e | secure | true | +| main.rs:109:9:109:9 | e | secure | true | +| main.rs:114:5:114:36 | ...::build(...) | partitioned | true | +| main.rs:126:13:126:13 | a | secure | true | +| main.rs:130:13:130:13 | b | secure | false | +| main.rs:134:13:134:13 | c | partitioned | true | +| main.rs:138:13:138:13 | d | secure | true | +| main.rs:142:13:142:13 | e | partitioned | false | +| main.rs:146:13:146:13 | f | secure | false | +| main.rs:180:29:180:66 | ...::build(...) | secure | true | +| main.rs:186:9:186:22 | [SSA] secure_cookie2 | secure | true | +| main.rs:186:9:186:22 | secure_cookie2 | secure | true | diff --git a/rust/ql/test/query-tests/security/CWE-614/CookieSet.ql b/rust/ql/test/query-tests/security/CWE-614/CookieSet.ql new file mode 100644 index 00000000000..c038e6de44b --- /dev/null +++ b/rust/ql/test/query-tests/security/CWE-614/CookieSet.ql @@ -0,0 +1,7 @@ +import rust +import codeql.rust.dataflow.DataFlow +import codeql.rust.security.InsecureCookieExtensions + +from DataFlow::Node node, string state, boolean value +where InsecureCookie::cookieSetNode(node, state, value) +select node, state, value diff --git a/rust/ql/test/query-tests/security/CWE-614/InsecureCookie.expected b/rust/ql/test/query-tests/security/CWE-614/InsecureCookie.expected new file mode 100644 index 00000000000..e514828c3a0 --- /dev/null +++ b/rust/ql/test/query-tests/security/CWE-614/InsecureCookie.expected @@ -0,0 +1,597 @@ +#select +| main.rs:8:66:8:70 | build | main.rs:8:19:8:31 | ...::build | main.rs:8:66:8:70 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:8:66:8:70 | build | main.rs:8:19:8:50 | ...::build(...) | main.rs:8:66:8:70 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:16:52:16:56 | build | main.rs:16:19:16:31 | ...::build | main.rs:16:52:16:56 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:20:56:20:60 | build | main.rs:20:5:20:17 | ...::build | main.rs:20:56:20:60 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:20:56:20:60 | build | main.rs:20:5:20:36 | ...::build(...) | main.rs:20:56:20:60 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:21:57:21:61 | build | main.rs:21:5:21:17 | ...::build | main.rs:21:57:21:61 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:21:57:21:61 | build | main.rs:21:5:21:36 | ...::build(...) | main.rs:21:57:21:61 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:25:54:25:58 | build | main.rs:25:5:25:17 | ...::build | main.rs:25:54:25:58 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:25:54:25:58 | build | main.rs:25:5:25:36 | ...::build(...) | main.rs:25:54:25:58 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:26:52:26:56 | build | main.rs:26:5:26:17 | ...::build | main.rs:26:52:26:56 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:26:52:26:56 | build | main.rs:26:5:26:36 | ...::build(...) | main.rs:26:52:26:56 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:27:53:27:57 | build | main.rs:27:5:27:17 | ...::build | main.rs:27:53:27:57 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:27:53:27:57 | build | main.rs:27:5:27:36 | ...::build(...) | main.rs:27:53:27:57 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:28:62:28:66 | build | main.rs:28:5:28:17 | ...::build | main.rs:28:62:28:66 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:28:62:28:66 | build | main.rs:28:5:28:36 | ...::build(...) | main.rs:28:62:28:66 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:29:62:29:66 | build | main.rs:29:5:29:17 | ...::build | main.rs:29:62:29:66 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:29:62:29:66 | build | main.rs:29:5:29:36 | ...::build(...) | main.rs:29:62:29:66 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:33:60:33:64 | build | main.rs:33:9:33:21 | ...::build | main.rs:33:60:33:64 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:33:60:33:64 | build | main.rs:33:9:33:40 | ...::build(...) | main.rs:33:60:33:64 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:35:60:35:64 | build | main.rs:35:9:35:21 | ...::build | main.rs:35:60:35:64 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:35:60:35:64 | build | main.rs:35:9:35:40 | ...::build(...) | main.rs:35:60:35:64 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:39:55:39:59 | build | main.rs:39:5:39:22 | ...::new | main.rs:39:55:39:59 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:39:55:39:59 | build | main.rs:39:5:39:39 | ...::new(...) | main.rs:39:55:39:59 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:40:66:40:70 | build | main.rs:40:5:40:17 | ...::build | main.rs:40:66:40:70 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:40:66:40:70 | build | main.rs:40:5:40:50 | ... .expires(...) | main.rs:40:66:40:70 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:41:95:41:99 | build | main.rs:41:5:41:17 | ...::build | main.rs:41:95:41:99 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:41:95:41:99 | build | main.rs:41:5:41:79 | ... .max_age(...) | main.rs:41:95:41:99 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:42:74:42:78 | build | main.rs:42:5:42:17 | ...::build | main.rs:42:74:42:78 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:42:74:42:78 | build | main.rs:42:5:42:58 | ... .domain(...) | main.rs:42:74:42:78 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:43:62:43:66 | build | main.rs:43:5:43:17 | ...::build | main.rs:43:62:43:66 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:43:62:43:66 | build | main.rs:43:5:43:46 | ... .path(...) | main.rs:43:62:43:66 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:44:68:44:72 | build | main.rs:44:5:44:17 | ...::build | main.rs:44:68:44:72 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:44:68:44:72 | build | main.rs:44:5:44:52 | ... .http_only(...) | main.rs:44:68:44:72 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:45:88:45:92 | build | main.rs:45:5:45:17 | ...::build | main.rs:45:88:45:92 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:45:88:45:92 | build | main.rs:45:5:45:72 | ... .same_site(...) | main.rs:45:88:45:92 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:46:64:46:68 | build | main.rs:46:5:46:17 | ...::build | main.rs:46:64:46:68 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:46:64:46:68 | build | main.rs:46:5:46:48 | ... .permanent() | main.rs:46:64:46:68 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:47:62:47:66 | build | main.rs:47:5:47:17 | ...::build | main.rs:47:62:47:66 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:47:62:47:66 | build | main.rs:47:5:47:46 | ... .removal() | main.rs:47:62:47:66 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:48:52:48:57 | finish | main.rs:48:5:48:17 | ...::build | main.rs:48:52:48:57 | finish | Cookie attribute 'Secure' is not set to true. | +| main.rs:48:52:48:57 | finish | main.rs:48:5:48:36 | ...::build(...) | main.rs:48:52:48:57 | finish | Cookie attribute 'Secure' is not set to true. | +| main.rs:49:41:49:45 | build | main.rs:49:5:49:17 | ...::build | main.rs:49:41:49:45 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:49:41:49:45 | build | main.rs:49:5:49:25 | ...::build(...) | main.rs:49:41:49:45 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:50:56:50:60 | build | main.rs:50:5:50:17 | ...::build | main.rs:50:56:50:60 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:50:56:50:60 | build | main.rs:50:5:50:40 | ...::build(...) | main.rs:50:56:50:60 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:53:65:53:69 | build | main.rs:53:5:53:49 | ... .secure(...) | main.rs:53:65:53:69 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:59:9:59:11 | add | main.rs:58:17:58:27 | ...::new | main.rs:59:9:59:11 | add | Cookie attribute 'Secure' is not set to true. | +| main.rs:60:9:60:20 | add_original | main.rs:58:17:58:27 | ...::new | main.rs:60:9:60:20 | add_original | Cookie attribute 'Secure' is not set to true. | +| main.rs:64:9:64:11 | add | main.rs:63:5:63:5 | [SSA] a | main.rs:64:9:64:11 | add | Cookie attribute 'Secure' is not set to true. | +| main.rs:64:9:64:11 | add | main.rs:63:5:63:5 | a | main.rs:64:9:64:11 | add | Cookie attribute 'Secure' is not set to true. | +| main.rs:69:16:69:18 | add | main.rs:68:17:68:29 | ...::named | main.rs:69:16:69:18 | add | Cookie attribute 'Secure' is not set to true. | +| main.rs:70:16:70:27 | add_original | main.rs:63:5:63:5 | [SSA] a | main.rs:70:16:70:27 | add_original | Cookie attribute 'Secure' is not set to true. | +| main.rs:70:16:70:27 | add_original | main.rs:63:5:63:5 | a | main.rs:70:16:70:27 | add_original | Cookie attribute 'Secure' is not set to true. | +| main.rs:72:16:72:18 | add | main.rs:68:17:68:29 | ...::named | main.rs:72:16:72:18 | add | Cookie attribute 'Secure' is not set to true. | +| main.rs:72:16:72:18 | add | main.rs:71:5:71:5 | [SSA] b | main.rs:72:16:72:18 | add | Cookie attribute 'Secure' is not set to true. | +| main.rs:72:16:72:18 | add | main.rs:71:5:71:5 | b | main.rs:72:16:72:18 | add | Cookie attribute 'Secure' is not set to true. | +| main.rs:78:17:78:19 | add | main.rs:77:17:77:28 | ...::from | main.rs:78:17:78:19 | add | Cookie attribute 'Secure' is not set to true. | +| main.rs:79:17:79:28 | add_original | main.rs:63:5:63:5 | [SSA] a | main.rs:79:17:79:28 | add_original | Cookie attribute 'Secure' is not set to true. | +| main.rs:79:17:79:28 | add_original | main.rs:63:5:63:5 | a | main.rs:79:17:79:28 | add_original | Cookie attribute 'Secure' is not set to true. | +| main.rs:83:17:83:19 | add | main.rs:77:17:77:28 | ...::from | main.rs:83:17:83:19 | add | Cookie attribute 'Secure' is not set to true. | +| main.rs:88:9:88:11 | add | main.rs:87:17:87:28 | ...::from | main.rs:88:9:88:11 | add | Cookie attribute 'Secure' is not set to true. | +| main.rs:94:9:94:11 | add | main.rs:87:17:87:28 | ...::from | main.rs:94:9:94:11 | add | Cookie attribute 'Secure' is not set to true. | +| main.rs:123:13:123:18 | insert | main.rs:122:13:122:41 | ...::new | main.rs:123:13:123:18 | insert | Cookie attribute 'Secure' is not set to true. | +| main.rs:131:13:131:18 | insert | main.rs:130:13:130:13 | b | main.rs:131:13:131:18 | insert | Cookie attribute 'Secure' is not set to true. | +| main.rs:147:13:147:18 | insert | main.rs:146:13:146:13 | f | main.rs:147:13:147:18 | insert | Cookie attribute 'Secure' is not set to true. | +| main.rs:152:13:152:18 | insert | main.rs:151:13:151:42 | ...::from | main.rs:152:13:152:18 | insert | Cookie attribute 'Secure' is not set to true. | +| main.rs:156:13:156:18 | insert | main.rs:155:13:155:41 | ...::new | main.rs:156:13:156:18 | insert | Cookie attribute 'Secure' is not set to true. | +| main.rs:157:13:157:18 | insert | main.rs:155:13:155:41 | ...::new | main.rs:157:13:157:18 | insert | Cookie attribute 'Secure' is not set to true. | +| main.rs:158:13:158:18 | insert | main.rs:155:13:155:41 | ...::new | main.rs:158:13:158:18 | insert | Cookie attribute 'Secure' is not set to true. | +| main.rs:159:13:159:18 | insert | main.rs:155:13:155:41 | ...::new | main.rs:159:13:159:18 | insert | Cookie attribute 'Secure' is not set to true. | +| main.rs:160:13:160:18 | insert | main.rs:155:13:155:41 | ...::new | main.rs:160:13:160:18 | insert | Cookie attribute 'Secure' is not set to true. | +| main.rs:161:13:161:18 | insert | main.rs:155:13:155:41 | ...::new | main.rs:161:13:161:18 | insert | Cookie attribute 'Secure' is not set to true. | +| main.rs:162:13:162:18 | insert | main.rs:155:13:155:41 | ...::new | main.rs:162:13:162:18 | insert | Cookie attribute 'Secure' is not set to true. | +| main.rs:163:13:163:18 | insert | main.rs:155:13:155:41 | ...::new | main.rs:163:13:163:18 | insert | Cookie attribute 'Secure' is not set to true. | +| main.rs:164:13:164:18 | insert | main.rs:155:13:155:41 | ...::new | main.rs:164:13:164:18 | insert | Cookie attribute 'Secure' is not set to true. | +| main.rs:165:13:165:18 | insert | main.rs:155:13:155:41 | ...::new | main.rs:165:13:165:18 | insert | Cookie attribute 'Secure' is not set to true. | +| main.rs:166:13:166:18 | insert | main.rs:155:13:155:41 | ...::new | main.rs:166:13:166:18 | insert | Cookie attribute 'Secure' is not set to true. | +| main.rs:167:13:167:18 | insert | main.rs:155:13:155:41 | ...::new | main.rs:167:13:167:18 | insert | Cookie attribute 'Secure' is not set to true. | +| main.rs:173:61:173:65 | build | main.rs:173:22:173:34 | ...::build | main.rs:173:61:173:65 | build | Cookie attribute 'Secure' is not set to true. | +edges +| main.rs:8:19:8:31 | ...::build | main.rs:8:19:8:50 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | +| main.rs:8:19:8:50 | ...::build(...) | main.rs:8:19:8:64 | ... .secure(...) | provenance | MaD:41 | +| main.rs:8:19:8:64 | ... .secure(...) | main.rs:8:66:8:70 | build | provenance | MaD:2 Sink:MaD:2 | +| main.rs:16:19:16:31 | ...::build | main.rs:16:19:16:50 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | +| main.rs:16:19:16:50 | ...::build(...) | main.rs:16:52:16:56 | build | provenance | MaD:2 Sink:MaD:2 | +| main.rs:20:5:20:17 | ...::build | main.rs:20:5:20:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | +| main.rs:20:5:20:36 | ...::build(...) | main.rs:20:5:20:54 | ... .secure(...) | provenance | MaD:41 | +| main.rs:20:5:20:54 | ... .secure(...) | main.rs:20:56:20:60 | build | provenance | MaD:2 Sink:MaD:2 | +| main.rs:21:5:21:17 | ...::build | main.rs:21:5:21:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | +| main.rs:21:5:21:36 | ...::build(...) | main.rs:21:5:21:55 | ... .secure(...) | provenance | MaD:41 | +| main.rs:21:5:21:55 | ... .secure(...) | main.rs:21:57:21:61 | build | provenance | MaD:2 Sink:MaD:2 | +| main.rs:25:5:25:17 | ...::build | main.rs:25:5:25:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | +| main.rs:25:5:25:36 | ...::build(...) | main.rs:25:5:25:52 | ... .secure(...) | provenance | MaD:41 | +| main.rs:25:5:25:52 | ... .secure(...) | main.rs:25:54:25:58 | build | provenance | MaD:2 Sink:MaD:2 | +| main.rs:26:5:26:17 | ...::build | main.rs:26:5:26:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | +| main.rs:26:5:26:36 | ...::build(...) | main.rs:26:5:26:50 | ... .secure(...) | provenance | MaD:41 | +| main.rs:26:5:26:50 | ... .secure(...) | main.rs:26:52:26:56 | build | provenance | MaD:2 Sink:MaD:2 | +| main.rs:27:5:27:17 | ...::build | main.rs:27:5:27:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | +| main.rs:27:5:27:36 | ...::build(...) | main.rs:27:5:27:51 | ... .secure(...) | provenance | MaD:41 | +| main.rs:27:5:27:51 | ... .secure(...) | main.rs:27:53:27:57 | build | provenance | MaD:2 Sink:MaD:2 | +| main.rs:28:5:28:17 | ...::build | main.rs:28:5:28:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | +| main.rs:28:5:28:36 | ...::build(...) | main.rs:28:5:28:60 | ... .secure(...) | provenance | MaD:41 | +| main.rs:28:5:28:60 | ... .secure(...) | main.rs:28:62:28:66 | build | provenance | MaD:2 Sink:MaD:2 | +| main.rs:29:5:29:17 | ...::build | main.rs:29:5:29:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | +| main.rs:29:5:29:36 | ...::build(...) | main.rs:29:5:29:60 | ... .secure(...) | provenance | MaD:41 | +| main.rs:29:5:29:60 | ... .secure(...) | main.rs:29:62:29:66 | build | provenance | MaD:2 Sink:MaD:2 | +| main.rs:33:9:33:21 | ...::build | main.rs:33:9:33:40 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | +| main.rs:33:9:33:40 | ...::build(...) | main.rs:33:9:33:58 | ... .secure(...) | provenance | MaD:41 | +| main.rs:33:9:33:58 | ... .secure(...) | main.rs:33:60:33:64 | build | provenance | MaD:2 Sink:MaD:2 | +| main.rs:35:9:35:21 | ...::build | main.rs:35:9:35:40 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | +| main.rs:35:9:35:40 | ...::build(...) | main.rs:35:9:35:58 | ... .secure(...) | provenance | MaD:41 | +| main.rs:35:9:35:58 | ... .secure(...) | main.rs:35:60:35:64 | build | provenance | MaD:2 Sink:MaD:2 | +| main.rs:39:5:39:22 | ...::new | main.rs:39:5:39:39 | ...::new(...) | provenance | Src:MaD:16 MaD:16 | +| main.rs:39:5:39:39 | ...::new(...) | main.rs:39:5:39:53 | ... .secure(...) | provenance | MaD:41 | +| main.rs:39:5:39:53 | ... .secure(...) | main.rs:39:55:39:59 | build | provenance | MaD:2 Sink:MaD:2 | +| main.rs:40:5:40:17 | ...::build | main.rs:40:5:40:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | +| main.rs:40:5:40:36 | ...::build(...) | main.rs:40:5:40:50 | ... .expires(...) | provenance | MaD:33 | +| main.rs:40:5:40:50 | ... .expires(...) | main.rs:40:5:40:64 | ... .secure(...) | provenance | MaD:41 | +| main.rs:40:5:40:64 | ... .secure(...) | main.rs:40:66:40:70 | build | provenance | MaD:2 Sink:MaD:2 | +| main.rs:41:5:41:17 | ...::build | main.rs:41:5:41:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | +| main.rs:41:5:41:36 | ...::build(...) | main.rs:41:5:41:79 | ... .max_age(...) | provenance | MaD:35 | +| main.rs:41:5:41:79 | ... .max_age(...) | main.rs:41:5:41:93 | ... .secure(...) | provenance | MaD:41 | +| main.rs:41:5:41:93 | ... .secure(...) | main.rs:41:95:41:99 | build | provenance | MaD:2 Sink:MaD:2 | +| main.rs:42:5:42:17 | ...::build | main.rs:42:5:42:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | +| main.rs:42:5:42:36 | ...::build(...) | main.rs:42:5:42:58 | ... .domain(...) | provenance | MaD:32 | +| main.rs:42:5:42:58 | ... .domain(...) | main.rs:42:5:42:72 | ... .secure(...) | provenance | MaD:41 | +| main.rs:42:5:42:72 | ... .secure(...) | main.rs:42:74:42:78 | build | provenance | MaD:2 Sink:MaD:2 | +| main.rs:43:5:43:17 | ...::build | main.rs:43:5:43:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | +| main.rs:43:5:43:36 | ...::build(...) | main.rs:43:5:43:46 | ... .path(...) | provenance | MaD:37 | +| main.rs:43:5:43:46 | ... .path(...) | main.rs:43:5:43:60 | ... .secure(...) | provenance | MaD:41 | +| main.rs:43:5:43:60 | ... .secure(...) | main.rs:43:62:43:66 | build | provenance | MaD:2 Sink:MaD:2 | +| main.rs:44:5:44:17 | ...::build | main.rs:44:5:44:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | +| main.rs:44:5:44:36 | ...::build(...) | main.rs:44:5:44:52 | ... .http_only(...) | provenance | MaD:34 | +| main.rs:44:5:44:52 | ... .http_only(...) | main.rs:44:5:44:66 | ... .secure(...) | provenance | MaD:41 | +| main.rs:44:5:44:66 | ... .secure(...) | main.rs:44:68:44:72 | build | provenance | MaD:2 Sink:MaD:2 | +| main.rs:45:5:45:17 | ...::build | main.rs:45:5:45:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | +| main.rs:45:5:45:36 | ...::build(...) | main.rs:45:5:45:72 | ... .same_site(...) | provenance | MaD:40 | +| main.rs:45:5:45:72 | ... .same_site(...) | main.rs:45:5:45:86 | ... .secure(...) | provenance | MaD:41 | +| main.rs:45:5:45:86 | ... .secure(...) | main.rs:45:88:45:92 | build | provenance | MaD:2 Sink:MaD:2 | +| main.rs:46:5:46:17 | ...::build | main.rs:46:5:46:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | +| main.rs:46:5:46:36 | ...::build(...) | main.rs:46:5:46:48 | ... .permanent() | provenance | MaD:38 | +| main.rs:46:5:46:48 | ... .permanent() | main.rs:46:5:46:62 | ... .secure(...) | provenance | MaD:41 | +| main.rs:46:5:46:62 | ... .secure(...) | main.rs:46:64:46:68 | build | provenance | MaD:2 Sink:MaD:2 | +| main.rs:47:5:47:17 | ...::build | main.rs:47:5:47:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | +| main.rs:47:5:47:36 | ...::build(...) | main.rs:47:5:47:46 | ... .removal() | provenance | MaD:39 | +| main.rs:47:5:47:46 | ... .removal() | main.rs:47:5:47:60 | ... .secure(...) | provenance | MaD:41 | +| main.rs:47:5:47:60 | ... .secure(...) | main.rs:47:62:47:66 | build | provenance | MaD:2 Sink:MaD:2 | +| main.rs:48:5:48:17 | ...::build | main.rs:48:5:48:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | +| main.rs:48:5:48:36 | ...::build(...) | main.rs:48:5:48:50 | ... .secure(...) | provenance | MaD:41 | +| main.rs:48:5:48:50 | ... .secure(...) | main.rs:48:52:48:57 | finish | provenance | MaD:3 Sink:MaD:3 | +| main.rs:49:5:49:17 | ...::build | main.rs:49:5:49:25 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | +| main.rs:49:5:49:25 | ...::build(...) | main.rs:49:5:49:39 | ... .secure(...) | provenance | MaD:41 | +| main.rs:49:5:49:39 | ... .secure(...) | main.rs:49:41:49:45 | build | provenance | MaD:2 Sink:MaD:2 | +| main.rs:50:5:50:17 | ...::build | main.rs:50:5:50:40 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | +| main.rs:50:5:50:40 | ...::build(...) | main.rs:50:5:50:54 | ... .secure(...) | provenance | MaD:41 | +| main.rs:50:5:50:54 | ... .secure(...) | main.rs:50:56:50:60 | build | provenance | MaD:2 Sink:MaD:2 | +| main.rs:53:5:53:49 | ... .secure(...) | main.rs:53:5:53:63 | ... .secure(...) | provenance | MaD:41 | +| main.rs:53:5:53:63 | ... .secure(...) | main.rs:53:65:53:69 | build | provenance | MaD:2 Sink:MaD:2 | +| main.rs:58:9:58:13 | mut a | main.rs:59:13:59:13 | a | provenance | | +| main.rs:58:9:58:13 | mut a | main.rs:59:13:59:21 | a.clone() | provenance | MaD:17 | +| main.rs:58:9:58:13 | mut a | main.rs:60:22:60:22 | a | provenance | | +| main.rs:58:9:58:13 | mut a | main.rs:60:22:60:30 | a.clone() | provenance | MaD:17 | +| main.rs:58:17:58:27 | ...::new | main.rs:58:17:58:44 | ...::new(...) | provenance | Src:MaD:15 MaD:15 | +| main.rs:58:17:58:44 | ...::new(...) | main.rs:58:9:58:13 | mut a | provenance | | +| main.rs:59:13:59:13 | a | main.rs:59:13:59:21 | a.clone() | provenance | MaD:17 | +| main.rs:59:13:59:21 | a.clone() | main.rs:59:9:59:11 | add | provenance | MaD:4 Sink:MaD:4 | +| main.rs:60:22:60:22 | a | main.rs:60:22:60:30 | a.clone() | provenance | MaD:17 | +| main.rs:60:22:60:30 | a.clone() | main.rs:60:9:60:20 | add_original | provenance | MaD:5 Sink:MaD:5 | +| main.rs:63:5:63:5 | [SSA] a | main.rs:64:13:64:13 | a | provenance | | +| main.rs:63:5:63:5 | [SSA] a | main.rs:64:13:64:21 | a.clone() | provenance | MaD:17 | +| main.rs:63:5:63:5 | [SSA] a | main.rs:70:29:70:29 | a | provenance | | +| main.rs:63:5:63:5 | [SSA] a | main.rs:70:29:70:37 | a.clone() | provenance | MaD:17 | +| main.rs:63:5:63:5 | [SSA] a | main.rs:79:30:79:30 | a | provenance | | +| main.rs:63:5:63:5 | [SSA] a | main.rs:79:30:79:38 | a.clone() | provenance | MaD:17 | +| main.rs:63:5:63:5 | a | main.rs:64:13:64:13 | a | provenance | | +| main.rs:63:5:63:5 | a | main.rs:64:13:64:21 | a.clone() | provenance | MaD:17 | +| main.rs:63:5:63:5 | a | main.rs:70:29:70:29 | a | provenance | | +| main.rs:63:5:63:5 | a | main.rs:70:29:70:37 | a.clone() | provenance | MaD:17 | +| main.rs:63:5:63:5 | a | main.rs:79:30:79:30 | a | provenance | | +| main.rs:63:5:63:5 | a | main.rs:79:30:79:38 | a.clone() | provenance | MaD:17 | +| main.rs:64:13:64:13 | a | main.rs:64:13:64:21 | a.clone() | provenance | MaD:17 | +| main.rs:64:13:64:21 | a.clone() | main.rs:64:9:64:11 | add | provenance | MaD:4 Sink:MaD:4 | +| main.rs:68:9:68:13 | mut b | main.rs:69:20:69:20 | b | provenance | | +| main.rs:68:9:68:13 | mut b | main.rs:69:20:69:28 | b.clone() | provenance | MaD:17 | +| main.rs:68:9:68:13 | mut b | main.rs:72:20:72:20 | b | provenance | | +| main.rs:68:9:68:13 | mut b | main.rs:72:20:72:28 | b.clone() | provenance | MaD:17 | +| main.rs:68:17:68:29 | ...::named | main.rs:68:17:68:37 | ...::named(...) | provenance | Src:MaD:14 MaD:14 | +| main.rs:68:17:68:37 | ...::named(...) | main.rs:68:9:68:13 | mut b | provenance | | +| main.rs:69:20:69:20 | b | main.rs:69:20:69:28 | b.clone() | provenance | MaD:17 | +| main.rs:69:20:69:28 | b.clone() | main.rs:69:16:69:18 | add | provenance | MaD:8 Sink:MaD:8 | +| main.rs:70:29:70:29 | a | main.rs:70:29:70:37 | a.clone() | provenance | MaD:17 | +| main.rs:70:29:70:37 | a.clone() | main.rs:70:16:70:27 | add_original | provenance | MaD:9 Sink:MaD:9 | +| main.rs:71:5:71:5 | [SSA] b | main.rs:72:20:72:20 | b | provenance | | +| main.rs:71:5:71:5 | [SSA] b | main.rs:72:20:72:28 | b.clone() | provenance | MaD:17 | +| main.rs:71:5:71:5 | b | main.rs:72:20:72:20 | b | provenance | | +| main.rs:71:5:71:5 | b | main.rs:72:20:72:28 | b.clone() | provenance | MaD:17 | +| main.rs:72:20:72:20 | b | main.rs:72:20:72:28 | b.clone() | provenance | MaD:17 | +| main.rs:72:20:72:28 | b.clone() | main.rs:72:16:72:18 | add | provenance | MaD:8 Sink:MaD:8 | +| main.rs:77:9:77:13 | mut c | main.rs:78:21:78:21 | c | provenance | | +| main.rs:77:9:77:13 | mut c | main.rs:78:21:78:29 | c.clone() | provenance | MaD:17 | +| main.rs:77:9:77:13 | mut c | main.rs:83:21:83:21 | c | provenance | | +| main.rs:77:9:77:13 | mut c | main.rs:83:21:83:29 | c.clone() | provenance | MaD:17 | +| main.rs:77:17:77:28 | ...::from | main.rs:77:17:77:36 | ...::from(...) | provenance | Src:MaD:12 MaD:12 | +| main.rs:77:17:77:36 | ...::from(...) | main.rs:77:9:77:13 | mut c | provenance | | +| main.rs:78:21:78:21 | c | main.rs:78:21:78:29 | c.clone() | provenance | MaD:17 | +| main.rs:78:21:78:29 | c.clone() | main.rs:78:17:78:19 | add | provenance | MaD:6 Sink:MaD:6 | +| main.rs:79:30:79:30 | a | main.rs:79:30:79:38 | a.clone() | provenance | MaD:17 | +| main.rs:79:30:79:38 | a.clone() | main.rs:79:17:79:28 | add_original | provenance | MaD:7 Sink:MaD:7 | +| main.rs:83:21:83:21 | c | main.rs:83:21:83:29 | c.clone() | provenance | MaD:17 | +| main.rs:83:21:83:29 | c.clone() | main.rs:83:17:83:19 | add | provenance | MaD:6 Sink:MaD:6 | +| main.rs:87:9:87:13 | mut d | main.rs:88:13:88:13 | d | provenance | | +| main.rs:87:9:87:13 | mut d | main.rs:88:13:88:21 | d.clone() | provenance | MaD:17 | +| main.rs:87:9:87:13 | mut d | main.rs:94:13:94:13 | d | provenance | | +| main.rs:87:9:87:13 | mut d | main.rs:94:13:94:21 | d.clone() | provenance | MaD:17 | +| main.rs:87:17:87:28 | ...::from | main.rs:87:17:87:36 | ...::from(...) | provenance | Src:MaD:12 MaD:12 | +| main.rs:87:17:87:36 | ...::from(...) | main.rs:87:9:87:13 | mut d | provenance | | +| main.rs:88:13:88:13 | d | main.rs:88:13:88:21 | d.clone() | provenance | MaD:17 | +| main.rs:88:13:88:21 | d.clone() | main.rs:88:9:88:11 | add | provenance | MaD:4 Sink:MaD:4 | +| main.rs:94:13:94:13 | d | main.rs:94:13:94:21 | d.clone() | provenance | MaD:17 | +| main.rs:94:13:94:21 | d.clone() | main.rs:94:9:94:11 | add | provenance | MaD:4 Sink:MaD:4 | +| main.rs:114:5:114:17 | ...::build | main.rs:114:5:114:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | +| main.rs:114:5:114:36 | ...::build(...) | main.rs:114:5:114:54 | ... .partitioned(...) | provenance | MaD:36 | +| main.rs:114:5:114:54 | ... .partitioned(...) | main.rs:114:56:114:60 | build | provenance | MaD:2 Sink:MaD:2 | +| main.rs:122:9:122:9 | a | main.rs:123:20:123:20 | a | provenance | | +| main.rs:122:9:122:9 | a | main.rs:123:20:123:28 | a.clone() | provenance | MaD:17 | +| main.rs:122:13:122:41 | ...::new | main.rs:122:13:122:58 | ...::new(...) | provenance | Src:MaD:11 MaD:11 | +| main.rs:122:13:122:58 | ...::new(...) | main.rs:122:9:122:9 | a | provenance | | +| main.rs:123:20:123:20 | a | main.rs:123:20:123:28 | a.clone() | provenance | MaD:17 | +| main.rs:123:20:123:28 | a.clone() | main.rs:123:13:123:18 | insert | provenance | MaD:1 Sink:MaD:1 | +| main.rs:130:9:130:9 | c | main.rs:131:20:131:20 | c | provenance | | +| main.rs:130:9:130:9 | c | main.rs:131:20:131:28 | c.clone() | provenance | MaD:17 | +| main.rs:130:9:130:9 | c | main.rs:134:13:134:35 | c.set_partitioned(...) | provenance | MaD:24 | +| main.rs:130:13:130:13 | b | main.rs:130:13:130:31 | b.set_secure(...) | provenance | MaD:27 | +| main.rs:130:13:130:31 | b.set_secure(...) | main.rs:130:9:130:9 | c | provenance | | +| main.rs:131:20:131:20 | c | main.rs:131:20:131:28 | c.clone() | provenance | MaD:17 | +| main.rs:131:20:131:28 | c.clone() | main.rs:131:13:131:18 | insert | provenance | MaD:1 Sink:MaD:1 | +| main.rs:134:9:134:9 | d | main.rs:135:20:135:20 | d | provenance | | +| main.rs:134:9:134:9 | d | main.rs:135:20:135:28 | d.clone() | provenance | MaD:17 | +| main.rs:134:13:134:35 | c.set_partitioned(...) | main.rs:134:9:134:9 | d | provenance | | +| main.rs:135:20:135:20 | d | main.rs:135:20:135:28 | d.clone() | provenance | MaD:17 | +| main.rs:135:20:135:28 | d.clone() | main.rs:135:13:135:18 | insert | provenance | MaD:1 Sink:MaD:1 | +| main.rs:146:9:146:9 | g | main.rs:147:20:147:20 | g | provenance | | +| main.rs:146:9:146:9 | g | main.rs:147:20:147:28 | g.clone() | provenance | MaD:17 | +| main.rs:146:13:146:13 | f | main.rs:146:13:146:31 | f.set_secure(...) | provenance | MaD:27 | +| main.rs:146:13:146:31 | f.set_secure(...) | main.rs:146:9:146:9 | g | provenance | | +| main.rs:147:20:147:20 | g | main.rs:147:20:147:28 | g.clone() | provenance | MaD:17 | +| main.rs:147:20:147:28 | g.clone() | main.rs:147:13:147:18 | insert | provenance | MaD:1 Sink:MaD:1 | +| main.rs:151:9:151:9 | h | main.rs:152:20:152:20 | h | provenance | | +| main.rs:151:13:151:42 | ...::from | main.rs:151:13:151:61 | ...::from(...) | provenance | Src:MaD:10 MaD:10 | +| main.rs:151:13:151:61 | ...::from(...) | main.rs:151:9:151:9 | h | provenance | | +| main.rs:152:20:152:20 | h | main.rs:152:13:152:18 | insert | provenance | MaD:1 Sink:MaD:1 | +| main.rs:155:9:155:9 | i | main.rs:156:20:156:20 | i | provenance | | +| main.rs:155:9:155:9 | i | main.rs:156:20:156:28 | i.clone() | provenance | MaD:17 | +| main.rs:155:9:155:9 | i | main.rs:157:20:157:20 | i | provenance | | +| main.rs:155:9:155:9 | i | main.rs:157:20:157:28 | i.clone() | provenance | MaD:17 | +| main.rs:155:9:155:9 | i | main.rs:158:20:158:20 | i | provenance | | +| main.rs:155:9:155:9 | i | main.rs:158:20:158:28 | i.clone() | provenance | MaD:17 | +| main.rs:155:9:155:9 | i | main.rs:159:20:159:20 | i | provenance | | +| main.rs:155:9:155:9 | i | main.rs:159:20:159:28 | i.clone() | provenance | MaD:17 | +| main.rs:155:9:155:9 | i | main.rs:160:20:160:20 | i | provenance | | +| main.rs:155:9:155:9 | i | main.rs:160:20:160:28 | i.clone() | provenance | MaD:17 | +| main.rs:155:9:155:9 | i | main.rs:161:20:161:20 | i | provenance | | +| main.rs:155:9:155:9 | i | main.rs:161:20:161:28 | i.clone() | provenance | MaD:17 | +| main.rs:155:9:155:9 | i | main.rs:162:20:162:20 | i | provenance | | +| main.rs:155:9:155:9 | i | main.rs:162:20:162:28 | i.clone() | provenance | MaD:17 | +| main.rs:155:9:155:9 | i | main.rs:163:20:163:20 | i | provenance | | +| main.rs:155:9:155:9 | i | main.rs:163:20:163:28 | i.clone() | provenance | MaD:17 | +| main.rs:155:9:155:9 | i | main.rs:164:20:164:20 | i | provenance | | +| main.rs:155:9:155:9 | i | main.rs:164:20:164:28 | i.clone() | provenance | MaD:17 | +| main.rs:155:9:155:9 | i | main.rs:165:20:165:20 | i | provenance | | +| main.rs:155:9:155:9 | i | main.rs:165:20:165:28 | i.clone() | provenance | MaD:17 | +| main.rs:155:9:155:9 | i | main.rs:166:20:166:20 | i | provenance | | +| main.rs:155:9:155:9 | i | main.rs:166:20:166:28 | i.clone() | provenance | MaD:17 | +| main.rs:155:9:155:9 | i | main.rs:167:20:167:20 | i | provenance | | +| main.rs:155:9:155:9 | i | main.rs:167:20:167:28 | i.clone() | provenance | MaD:17 | +| main.rs:155:13:155:41 | ...::new | main.rs:155:13:155:58 | ...::new(...) | provenance | Src:MaD:11 MaD:11 | +| main.rs:155:13:155:58 | ...::new(...) | main.rs:155:9:155:9 | i | provenance | | +| main.rs:156:20:156:20 | i | main.rs:156:20:156:28 | i.clone() | provenance | MaD:17 | +| main.rs:156:20:156:28 | i.clone() | main.rs:156:20:156:46 | ... .set_name(...) | provenance | MaD:23 | +| main.rs:156:20:156:46 | ... .set_name(...) | main.rs:156:13:156:18 | insert | provenance | MaD:1 Sink:MaD:1 | +| main.rs:157:20:157:20 | i | main.rs:157:20:157:28 | i.clone() | provenance | MaD:17 | +| main.rs:157:20:157:28 | i.clone() | main.rs:157:20:157:48 | ... .set_value(...) | provenance | MaD:28 | +| main.rs:157:20:157:48 | ... .set_value(...) | main.rs:157:13:157:18 | insert | provenance | MaD:1 Sink:MaD:1 | +| main.rs:158:20:158:20 | i | main.rs:158:20:158:28 | i.clone() | provenance | MaD:17 | +| main.rs:158:20:158:28 | i.clone() | main.rs:158:20:158:48 | ... .set_http_only(...) | provenance | MaD:21 | +| main.rs:158:20:158:48 | ... .set_http_only(...) | main.rs:158:13:158:18 | insert | provenance | MaD:1 Sink:MaD:1 | +| main.rs:159:20:159:20 | i | main.rs:159:20:159:28 | i.clone() | provenance | MaD:17 | +| main.rs:159:20:159:28 | i.clone() | main.rs:159:20:159:70 | ... .set_same_site(...) | provenance | MaD:26 | +| main.rs:159:20:159:70 | ... .set_same_site(...) | main.rs:159:13:159:18 | insert | provenance | MaD:1 Sink:MaD:1 | +| main.rs:160:20:160:20 | i | main.rs:160:20:160:28 | i.clone() | provenance | MaD:17 | +| main.rs:160:20:160:28 | i.clone() | main.rs:160:20:160:46 | ... .set_max_age(...) | provenance | MaD:22 | +| main.rs:160:20:160:46 | ... .set_max_age(...) | main.rs:160:13:160:18 | insert | provenance | MaD:1 Sink:MaD:1 | +| main.rs:161:20:161:20 | i | main.rs:161:20:161:28 | i.clone() | provenance | MaD:17 | +| main.rs:161:20:161:28 | i.clone() | main.rs:161:20:161:42 | ... .set_path(...) | provenance | MaD:25 | +| main.rs:161:20:161:42 | ... .set_path(...) | main.rs:161:13:161:18 | insert | provenance | MaD:1 Sink:MaD:1 | +| main.rs:162:20:162:20 | i | main.rs:162:20:162:28 | i.clone() | provenance | MaD:17 | +| main.rs:162:20:162:28 | i.clone() | main.rs:162:20:162:41 | ... .unset_path() | provenance | MaD:31 | +| main.rs:162:20:162:41 | ... .unset_path() | main.rs:162:13:162:18 | insert | provenance | MaD:1 Sink:MaD:1 | +| main.rs:163:20:163:20 | i | main.rs:163:20:163:28 | i.clone() | provenance | MaD:17 | +| main.rs:163:20:163:28 | i.clone() | main.rs:163:20:163:54 | ... .set_domain(...) | provenance | MaD:19 | +| main.rs:163:20:163:54 | ... .set_domain(...) | main.rs:163:13:163:18 | insert | provenance | MaD:1 Sink:MaD:1 | +| main.rs:164:20:164:20 | i | main.rs:164:20:164:28 | i.clone() | provenance | MaD:17 | +| main.rs:164:20:164:28 | i.clone() | main.rs:164:20:164:43 | ... .unset_domain() | provenance | MaD:29 | +| main.rs:164:20:164:43 | ... .unset_domain() | main.rs:164:13:164:18 | insert | provenance | MaD:1 Sink:MaD:1 | +| main.rs:165:20:165:20 | i | main.rs:165:20:165:28 | i.clone() | provenance | MaD:17 | +| main.rs:165:20:165:28 | i.clone() | main.rs:165:20:165:46 | ... .set_expires(...) | provenance | MaD:20 | +| main.rs:165:20:165:46 | ... .set_expires(...) | main.rs:165:13:165:18 | insert | provenance | MaD:1 Sink:MaD:1 | +| main.rs:166:20:166:20 | i | main.rs:166:20:166:28 | i.clone() | provenance | MaD:17 | +| main.rs:166:20:166:28 | i.clone() | main.rs:166:20:166:44 | ... .unset_expires() | provenance | MaD:30 | +| main.rs:166:20:166:44 | ... .unset_expires() | main.rs:166:13:166:18 | insert | provenance | MaD:1 Sink:MaD:1 | +| main.rs:167:20:167:20 | i | main.rs:167:20:167:28 | i.clone() | provenance | MaD:17 | +| main.rs:167:20:167:28 | i.clone() | main.rs:167:20:167:45 | ... .make_permanent() | provenance | MaD:18 | +| main.rs:167:20:167:45 | ... .make_permanent() | main.rs:167:13:167:18 | insert | provenance | MaD:1 Sink:MaD:1 | +| main.rs:173:22:173:34 | ...::build | main.rs:173:22:173:59 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | +| main.rs:173:22:173:59 | ...::build(...) | main.rs:173:61:173:65 | build | provenance | MaD:2 Sink:MaD:2 | +models +| 1 | Sink: ::insert; Argument[0]; cookie-use | +| 2 | Sink: ::build; Argument[self]; cookie-use | +| 3 | Sink: ::finish; Argument[self]; cookie-use | +| 4 | Sink: ::add; Argument[0]; cookie-use | +| 5 | Sink: ::add_original; Argument[0]; cookie-use | +| 6 | Sink: ::add; Argument[0]; cookie-use | +| 7 | Sink: ::add_original; Argument[0]; cookie-use | +| 8 | Sink: ::add; Argument[0]; cookie-use | +| 9 | Sink: ::add_original; Argument[0]; cookie-use | +| 10 | Source: ::from; ReturnValue; cookie-create | +| 11 | Source: ::new; ReturnValue; cookie-create | +| 12 | Source: ::from; ReturnValue; cookie-create | +| 13 | Source: ::build; ReturnValue; cookie-create | +| 14 | Source: ::named; ReturnValue; cookie-create | +| 15 | Source: ::new; ReturnValue; cookie-create | +| 16 | Source: ::new; ReturnValue; cookie-create | +| 17 | Summary: <_ as core::clone::Clone>::clone; Argument[self].Reference; ReturnValue; value | +| 18 | Summary: ::make_permanent; Argument[self]; ReturnValue; taint | +| 19 | Summary: ::set_domain; Argument[self]; ReturnValue; taint | +| 20 | Summary: ::set_expires; Argument[self]; ReturnValue; taint | +| 21 | Summary: ::set_http_only; Argument[self]; ReturnValue; taint | +| 22 | Summary: ::set_max_age; Argument[self]; ReturnValue; taint | +| 23 | Summary: ::set_name; Argument[self]; ReturnValue; taint | +| 24 | Summary: ::set_partitioned; Argument[self].OptionalBarrier[cookie-partitioned-arg0]; ReturnValue; taint | +| 25 | Summary: ::set_path; Argument[self]; ReturnValue; taint | +| 26 | Summary: ::set_same_site; Argument[self]; ReturnValue; taint | +| 27 | Summary: ::set_secure; Argument[self].OptionalBarrier[cookie-secure-arg0]; ReturnValue; taint | +| 28 | Summary: ::set_value; Argument[self]; ReturnValue; taint | +| 29 | Summary: ::unset_domain; Argument[self]; ReturnValue; taint | +| 30 | Summary: ::unset_expires; Argument[self]; ReturnValue; taint | +| 31 | Summary: ::unset_path; Argument[self]; ReturnValue; taint | +| 32 | Summary: ::domain; Argument[self]; ReturnValue; taint | +| 33 | Summary: ::expires; Argument[self]; ReturnValue; taint | +| 34 | Summary: ::http_only; Argument[self]; ReturnValue; taint | +| 35 | Summary: ::max_age; Argument[self]; ReturnValue; taint | +| 36 | Summary: ::partitioned; Argument[self].OptionalBarrier[cookie-partitioned-arg0]; ReturnValue; taint | +| 37 | Summary: ::path; Argument[self]; ReturnValue; taint | +| 38 | Summary: ::permanent; Argument[self]; ReturnValue; taint | +| 39 | Summary: ::removal; Argument[self]; ReturnValue; taint | +| 40 | Summary: ::same_site; Argument[self]; ReturnValue; taint | +| 41 | Summary: ::secure; Argument[self].OptionalBarrier[cookie-secure-arg0]; ReturnValue; taint | +nodes +| main.rs:8:19:8:31 | ...::build | semmle.label | ...::build | +| main.rs:8:19:8:50 | ...::build(...) | semmle.label | ...::build(...) | +| main.rs:8:19:8:64 | ... .secure(...) | semmle.label | ... .secure(...) | +| main.rs:8:66:8:70 | build | semmle.label | build | +| main.rs:16:19:16:31 | ...::build | semmle.label | ...::build | +| main.rs:16:19:16:50 | ...::build(...) | semmle.label | ...::build(...) | +| main.rs:16:52:16:56 | build | semmle.label | build | +| main.rs:20:5:20:17 | ...::build | semmle.label | ...::build | +| main.rs:20:5:20:36 | ...::build(...) | semmle.label | ...::build(...) | +| main.rs:20:5:20:54 | ... .secure(...) | semmle.label | ... .secure(...) | +| main.rs:20:56:20:60 | build | semmle.label | build | +| main.rs:21:5:21:17 | ...::build | semmle.label | ...::build | +| main.rs:21:5:21:36 | ...::build(...) | semmle.label | ...::build(...) | +| main.rs:21:5:21:55 | ... .secure(...) | semmle.label | ... .secure(...) | +| main.rs:21:57:21:61 | build | semmle.label | build | +| main.rs:25:5:25:17 | ...::build | semmle.label | ...::build | +| main.rs:25:5:25:36 | ...::build(...) | semmle.label | ...::build(...) | +| main.rs:25:5:25:52 | ... .secure(...) | semmle.label | ... .secure(...) | +| main.rs:25:54:25:58 | build | semmle.label | build | +| main.rs:26:5:26:17 | ...::build | semmle.label | ...::build | +| main.rs:26:5:26:36 | ...::build(...) | semmle.label | ...::build(...) | +| main.rs:26:5:26:50 | ... .secure(...) | semmle.label | ... .secure(...) | +| main.rs:26:52:26:56 | build | semmle.label | build | +| main.rs:27:5:27:17 | ...::build | semmle.label | ...::build | +| main.rs:27:5:27:36 | ...::build(...) | semmle.label | ...::build(...) | +| main.rs:27:5:27:51 | ... .secure(...) | semmle.label | ... .secure(...) | +| main.rs:27:53:27:57 | build | semmle.label | build | +| main.rs:28:5:28:17 | ...::build | semmle.label | ...::build | +| main.rs:28:5:28:36 | ...::build(...) | semmle.label | ...::build(...) | +| main.rs:28:5:28:60 | ... .secure(...) | semmle.label | ... .secure(...) | +| main.rs:28:62:28:66 | build | semmle.label | build | +| main.rs:29:5:29:17 | ...::build | semmle.label | ...::build | +| main.rs:29:5:29:36 | ...::build(...) | semmle.label | ...::build(...) | +| main.rs:29:5:29:60 | ... .secure(...) | semmle.label | ... .secure(...) | +| main.rs:29:62:29:66 | build | semmle.label | build | +| main.rs:33:9:33:21 | ...::build | semmle.label | ...::build | +| main.rs:33:9:33:40 | ...::build(...) | semmle.label | ...::build(...) | +| main.rs:33:9:33:58 | ... .secure(...) | semmle.label | ... .secure(...) | +| main.rs:33:60:33:64 | build | semmle.label | build | +| main.rs:35:9:35:21 | ...::build | semmle.label | ...::build | +| main.rs:35:9:35:40 | ...::build(...) | semmle.label | ...::build(...) | +| main.rs:35:9:35:58 | ... .secure(...) | semmle.label | ... .secure(...) | +| main.rs:35:60:35:64 | build | semmle.label | build | +| main.rs:39:5:39:22 | ...::new | semmle.label | ...::new | +| main.rs:39:5:39:39 | ...::new(...) | semmle.label | ...::new(...) | +| main.rs:39:5:39:53 | ... .secure(...) | semmle.label | ... .secure(...) | +| main.rs:39:55:39:59 | build | semmle.label | build | +| main.rs:40:5:40:17 | ...::build | semmle.label | ...::build | +| main.rs:40:5:40:36 | ...::build(...) | semmle.label | ...::build(...) | +| main.rs:40:5:40:50 | ... .expires(...) | semmle.label | ... .expires(...) | +| main.rs:40:5:40:64 | ... .secure(...) | semmle.label | ... .secure(...) | +| main.rs:40:66:40:70 | build | semmle.label | build | +| main.rs:41:5:41:17 | ...::build | semmle.label | ...::build | +| main.rs:41:5:41:36 | ...::build(...) | semmle.label | ...::build(...) | +| main.rs:41:5:41:79 | ... .max_age(...) | semmle.label | ... .max_age(...) | +| main.rs:41:5:41:93 | ... .secure(...) | semmle.label | ... .secure(...) | +| main.rs:41:95:41:99 | build | semmle.label | build | +| main.rs:42:5:42:17 | ...::build | semmle.label | ...::build | +| main.rs:42:5:42:36 | ...::build(...) | semmle.label | ...::build(...) | +| main.rs:42:5:42:58 | ... .domain(...) | semmle.label | ... .domain(...) | +| main.rs:42:5:42:72 | ... .secure(...) | semmle.label | ... .secure(...) | +| main.rs:42:74:42:78 | build | semmle.label | build | +| main.rs:43:5:43:17 | ...::build | semmle.label | ...::build | +| main.rs:43:5:43:36 | ...::build(...) | semmle.label | ...::build(...) | +| main.rs:43:5:43:46 | ... .path(...) | semmle.label | ... .path(...) | +| main.rs:43:5:43:60 | ... .secure(...) | semmle.label | ... .secure(...) | +| main.rs:43:62:43:66 | build | semmle.label | build | +| main.rs:44:5:44:17 | ...::build | semmle.label | ...::build | +| main.rs:44:5:44:36 | ...::build(...) | semmle.label | ...::build(...) | +| main.rs:44:5:44:52 | ... .http_only(...) | semmle.label | ... .http_only(...) | +| main.rs:44:5:44:66 | ... .secure(...) | semmle.label | ... .secure(...) | +| main.rs:44:68:44:72 | build | semmle.label | build | +| main.rs:45:5:45:17 | ...::build | semmle.label | ...::build | +| main.rs:45:5:45:36 | ...::build(...) | semmle.label | ...::build(...) | +| main.rs:45:5:45:72 | ... .same_site(...) | semmle.label | ... .same_site(...) | +| main.rs:45:5:45:86 | ... .secure(...) | semmle.label | ... .secure(...) | +| main.rs:45:88:45:92 | build | semmle.label | build | +| main.rs:46:5:46:17 | ...::build | semmle.label | ...::build | +| main.rs:46:5:46:36 | ...::build(...) | semmle.label | ...::build(...) | +| main.rs:46:5:46:48 | ... .permanent() | semmle.label | ... .permanent() | +| main.rs:46:5:46:62 | ... .secure(...) | semmle.label | ... .secure(...) | +| main.rs:46:64:46:68 | build | semmle.label | build | +| main.rs:47:5:47:17 | ...::build | semmle.label | ...::build | +| main.rs:47:5:47:36 | ...::build(...) | semmle.label | ...::build(...) | +| main.rs:47:5:47:46 | ... .removal() | semmle.label | ... .removal() | +| main.rs:47:5:47:60 | ... .secure(...) | semmle.label | ... .secure(...) | +| main.rs:47:62:47:66 | build | semmle.label | build | +| main.rs:48:5:48:17 | ...::build | semmle.label | ...::build | +| main.rs:48:5:48:36 | ...::build(...) | semmle.label | ...::build(...) | +| main.rs:48:5:48:50 | ... .secure(...) | semmle.label | ... .secure(...) | +| main.rs:48:52:48:57 | finish | semmle.label | finish | +| main.rs:49:5:49:17 | ...::build | semmle.label | ...::build | +| main.rs:49:5:49:25 | ...::build(...) | semmle.label | ...::build(...) | +| main.rs:49:5:49:39 | ... .secure(...) | semmle.label | ... .secure(...) | +| main.rs:49:41:49:45 | build | semmle.label | build | +| main.rs:50:5:50:17 | ...::build | semmle.label | ...::build | +| main.rs:50:5:50:40 | ...::build(...) | semmle.label | ...::build(...) | +| main.rs:50:5:50:54 | ... .secure(...) | semmle.label | ... .secure(...) | +| main.rs:50:56:50:60 | build | semmle.label | build | +| main.rs:53:5:53:49 | ... .secure(...) | semmle.label | ... .secure(...) | +| main.rs:53:5:53:63 | ... .secure(...) | semmle.label | ... .secure(...) | +| main.rs:53:65:53:69 | build | semmle.label | build | +| main.rs:58:9:58:13 | mut a | semmle.label | mut a | +| main.rs:58:17:58:27 | ...::new | semmle.label | ...::new | +| main.rs:58:17:58:44 | ...::new(...) | semmle.label | ...::new(...) | +| main.rs:59:9:59:11 | add | semmle.label | add | +| main.rs:59:13:59:13 | a | semmle.label | a | +| main.rs:59:13:59:21 | a.clone() | semmle.label | a.clone() | +| main.rs:60:9:60:20 | add_original | semmle.label | add_original | +| main.rs:60:22:60:22 | a | semmle.label | a | +| main.rs:60:22:60:30 | a.clone() | semmle.label | a.clone() | +| main.rs:63:5:63:5 | [SSA] a | semmle.label | [SSA] a | +| main.rs:63:5:63:5 | a | semmle.label | a | +| main.rs:64:9:64:11 | add | semmle.label | add | +| main.rs:64:13:64:13 | a | semmle.label | a | +| main.rs:64:13:64:21 | a.clone() | semmle.label | a.clone() | +| main.rs:68:9:68:13 | mut b | semmle.label | mut b | +| main.rs:68:17:68:29 | ...::named | semmle.label | ...::named | +| main.rs:68:17:68:37 | ...::named(...) | semmle.label | ...::named(...) | +| main.rs:69:16:69:18 | add | semmle.label | add | +| main.rs:69:20:69:20 | b | semmle.label | b | +| main.rs:69:20:69:28 | b.clone() | semmle.label | b.clone() | +| main.rs:70:16:70:27 | add_original | semmle.label | add_original | +| main.rs:70:29:70:29 | a | semmle.label | a | +| main.rs:70:29:70:37 | a.clone() | semmle.label | a.clone() | +| main.rs:71:5:71:5 | [SSA] b | semmle.label | [SSA] b | +| main.rs:71:5:71:5 | b | semmle.label | b | +| main.rs:72:16:72:18 | add | semmle.label | add | +| main.rs:72:20:72:20 | b | semmle.label | b | +| main.rs:72:20:72:28 | b.clone() | semmle.label | b.clone() | +| main.rs:77:9:77:13 | mut c | semmle.label | mut c | +| main.rs:77:17:77:28 | ...::from | semmle.label | ...::from | +| main.rs:77:17:77:36 | ...::from(...) | semmle.label | ...::from(...) | +| main.rs:78:17:78:19 | add | semmle.label | add | +| main.rs:78:21:78:21 | c | semmle.label | c | +| main.rs:78:21:78:29 | c.clone() | semmle.label | c.clone() | +| main.rs:79:17:79:28 | add_original | semmle.label | add_original | +| main.rs:79:30:79:30 | a | semmle.label | a | +| main.rs:79:30:79:38 | a.clone() | semmle.label | a.clone() | +| main.rs:83:17:83:19 | add | semmle.label | add | +| main.rs:83:21:83:21 | c | semmle.label | c | +| main.rs:83:21:83:29 | c.clone() | semmle.label | c.clone() | +| main.rs:87:9:87:13 | mut d | semmle.label | mut d | +| main.rs:87:17:87:28 | ...::from | semmle.label | ...::from | +| main.rs:87:17:87:36 | ...::from(...) | semmle.label | ...::from(...) | +| main.rs:88:9:88:11 | add | semmle.label | add | +| main.rs:88:13:88:13 | d | semmle.label | d | +| main.rs:88:13:88:21 | d.clone() | semmle.label | d.clone() | +| main.rs:94:9:94:11 | add | semmle.label | add | +| main.rs:94:13:94:13 | d | semmle.label | d | +| main.rs:94:13:94:21 | d.clone() | semmle.label | d.clone() | +| main.rs:114:5:114:17 | ...::build | semmle.label | ...::build | +| main.rs:114:5:114:36 | ...::build(...) | semmle.label | ...::build(...) | +| main.rs:114:5:114:54 | ... .partitioned(...) | semmle.label | ... .partitioned(...) | +| main.rs:114:56:114:60 | build | semmle.label | build | +| main.rs:122:9:122:9 | a | semmle.label | a | +| main.rs:122:13:122:41 | ...::new | semmle.label | ...::new | +| main.rs:122:13:122:58 | ...::new(...) | semmle.label | ...::new(...) | +| main.rs:123:13:123:18 | insert | semmle.label | insert | +| main.rs:123:20:123:20 | a | semmle.label | a | +| main.rs:123:20:123:28 | a.clone() | semmle.label | a.clone() | +| main.rs:130:9:130:9 | c | semmle.label | c | +| main.rs:130:13:130:13 | b | semmle.label | b | +| main.rs:130:13:130:31 | b.set_secure(...) | semmle.label | b.set_secure(...) | +| main.rs:131:13:131:18 | insert | semmle.label | insert | +| main.rs:131:20:131:20 | c | semmle.label | c | +| main.rs:131:20:131:28 | c.clone() | semmle.label | c.clone() | +| main.rs:134:9:134:9 | d | semmle.label | d | +| main.rs:134:13:134:35 | c.set_partitioned(...) | semmle.label | c.set_partitioned(...) | +| main.rs:135:13:135:18 | insert | semmle.label | insert | +| main.rs:135:20:135:20 | d | semmle.label | d | +| main.rs:135:20:135:28 | d.clone() | semmle.label | d.clone() | +| main.rs:146:9:146:9 | g | semmle.label | g | +| main.rs:146:13:146:13 | f | semmle.label | f | +| main.rs:146:13:146:31 | f.set_secure(...) | semmle.label | f.set_secure(...) | +| main.rs:147:13:147:18 | insert | semmle.label | insert | +| main.rs:147:20:147:20 | g | semmle.label | g | +| main.rs:147:20:147:28 | g.clone() | semmle.label | g.clone() | +| main.rs:151:9:151:9 | h | semmle.label | h | +| main.rs:151:13:151:42 | ...::from | semmle.label | ...::from | +| main.rs:151:13:151:61 | ...::from(...) | semmle.label | ...::from(...) | +| main.rs:152:13:152:18 | insert | semmle.label | insert | +| main.rs:152:20:152:20 | h | semmle.label | h | +| main.rs:155:9:155:9 | i | semmle.label | i | +| main.rs:155:13:155:41 | ...::new | semmle.label | ...::new | +| main.rs:155:13:155:58 | ...::new(...) | semmle.label | ...::new(...) | +| main.rs:156:13:156:18 | insert | semmle.label | insert | +| main.rs:156:20:156:20 | i | semmle.label | i | +| main.rs:156:20:156:28 | i.clone() | semmle.label | i.clone() | +| main.rs:156:20:156:46 | ... .set_name(...) | semmle.label | ... .set_name(...) | +| main.rs:157:13:157:18 | insert | semmle.label | insert | +| main.rs:157:20:157:20 | i | semmle.label | i | +| main.rs:157:20:157:28 | i.clone() | semmle.label | i.clone() | +| main.rs:157:20:157:48 | ... .set_value(...) | semmle.label | ... .set_value(...) | +| main.rs:158:13:158:18 | insert | semmle.label | insert | +| main.rs:158:20:158:20 | i | semmle.label | i | +| main.rs:158:20:158:28 | i.clone() | semmle.label | i.clone() | +| main.rs:158:20:158:48 | ... .set_http_only(...) | semmle.label | ... .set_http_only(...) | +| main.rs:159:13:159:18 | insert | semmle.label | insert | +| main.rs:159:20:159:20 | i | semmle.label | i | +| main.rs:159:20:159:28 | i.clone() | semmle.label | i.clone() | +| main.rs:159:20:159:70 | ... .set_same_site(...) | semmle.label | ... .set_same_site(...) | +| main.rs:160:13:160:18 | insert | semmle.label | insert | +| main.rs:160:20:160:20 | i | semmle.label | i | +| main.rs:160:20:160:28 | i.clone() | semmle.label | i.clone() | +| main.rs:160:20:160:46 | ... .set_max_age(...) | semmle.label | ... .set_max_age(...) | +| main.rs:161:13:161:18 | insert | semmle.label | insert | +| main.rs:161:20:161:20 | i | semmle.label | i | +| main.rs:161:20:161:28 | i.clone() | semmle.label | i.clone() | +| main.rs:161:20:161:42 | ... .set_path(...) | semmle.label | ... .set_path(...) | +| main.rs:162:13:162:18 | insert | semmle.label | insert | +| main.rs:162:20:162:20 | i | semmle.label | i | +| main.rs:162:20:162:28 | i.clone() | semmle.label | i.clone() | +| main.rs:162:20:162:41 | ... .unset_path() | semmle.label | ... .unset_path() | +| main.rs:163:13:163:18 | insert | semmle.label | insert | +| main.rs:163:20:163:20 | i | semmle.label | i | +| main.rs:163:20:163:28 | i.clone() | semmle.label | i.clone() | +| main.rs:163:20:163:54 | ... .set_domain(...) | semmle.label | ... .set_domain(...) | +| main.rs:164:13:164:18 | insert | semmle.label | insert | +| main.rs:164:20:164:20 | i | semmle.label | i | +| main.rs:164:20:164:28 | i.clone() | semmle.label | i.clone() | +| main.rs:164:20:164:43 | ... .unset_domain() | semmle.label | ... .unset_domain() | +| main.rs:165:13:165:18 | insert | semmle.label | insert | +| main.rs:165:20:165:20 | i | semmle.label | i | +| main.rs:165:20:165:28 | i.clone() | semmle.label | i.clone() | +| main.rs:165:20:165:46 | ... .set_expires(...) | semmle.label | ... .set_expires(...) | +| main.rs:166:13:166:18 | insert | semmle.label | insert | +| main.rs:166:20:166:20 | i | semmle.label | i | +| main.rs:166:20:166:28 | i.clone() | semmle.label | i.clone() | +| main.rs:166:20:166:44 | ... .unset_expires() | semmle.label | ... .unset_expires() | +| main.rs:167:13:167:18 | insert | semmle.label | insert | +| main.rs:167:20:167:20 | i | semmle.label | i | +| main.rs:167:20:167:28 | i.clone() | semmle.label | i.clone() | +| main.rs:167:20:167:45 | ... .make_permanent() | semmle.label | ... .make_permanent() | +| main.rs:173:22:173:34 | ...::build | semmle.label | ...::build | +| main.rs:173:22:173:59 | ...::build(...) | semmle.label | ...::build(...) | +| main.rs:173:61:173:65 | build | semmle.label | build | +subpaths diff --git a/rust/ql/test/query-tests/security/CWE-614/InsecureCookie.qlref b/rust/ql/test/query-tests/security/CWE-614/InsecureCookie.qlref new file mode 100644 index 00000000000..36a9751434c --- /dev/null +++ b/rust/ql/test/query-tests/security/CWE-614/InsecureCookie.qlref @@ -0,0 +1,4 @@ +query: queries/security/CWE-614/InsecureCookie.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/rust/ql/test/query-tests/security/CWE-614/main.rs b/rust/ql/test/query-tests/security/CWE-614/main.rs new file mode 100644 index 00000000000..afcbb28931f --- /dev/null +++ b/rust/ql/test/query-tests/security/CWE-614/main.rs @@ -0,0 +1,196 @@ +use cookie::{Cookie, CookieBuilder, CookieJar, Key}; + +fn test_cookie(sometimes: bool) { + let always = true; + let never = false; + + // secure set to false + let cookie1 = Cookie::build(("name", "value")).secure(false).build(); // $ Alert[rust/insecure-cookie] + println!("cookie1 = '{}'", cookie1.to_string()); + + // secure set to true + let cookie2 = Cookie::build(("name", "value")).secure(true).build(); // good + println!("cookie2 = '{}'", cookie2.to_string()); + + // secure left as default (which is `None`, equivalent here to `false`) + let cookie3 = Cookie::build(("name", "value")).build(); // $ Alert[rust/insecure-cookie] + println!("cookie3 = '{}'", cookie3.to_string()); + + // secure setting varies (may be false) + Cookie::build(("name", "value")).secure(sometimes).build(); // $ Alert[rust/insecure-cookie] + Cookie::build(("name", "value")).secure(!sometimes).build(); // $ Alert[rust/insecure-cookie] + + // with data flow on the "secure" value + Cookie::build(("name", "value")).secure(always).build(); // good + Cookie::build(("name", "value")).secure(!always).build(); // $ Alert[rust/insecure-cookie] + Cookie::build(("name", "value")).secure(never).build(); // $ Alert[rust/insecure-cookie] + Cookie::build(("name", "value")).secure(!never).build(); // $ SPURIOUS: Alert[rust/insecure-cookie] + Cookie::build(("name", "value")).secure(always && never).build(); // $ Alert[rust/insecure-cookie] + Cookie::build(("name", "value")).secure(always || never).build(); // $ SPURIOUS: Alert[rust/insecure-cookie] + + // with guards + if sometimes { + Cookie::build(("name", "value")).secure(sometimes).build(); // $ SPURIOUS: Alert[rust/insecure-cookie] + } else { + Cookie::build(("name", "value")).secure(sometimes).build(); // $ Alert[rust/insecure-cookie] + } + + // variant uses (all insecure) + CookieBuilder::new("name", "value").secure(false).build(); // $ Alert[rust/insecure-cookie] + Cookie::build(("name", "value")).expires(None).secure(false).build(); // $ Alert[rust/insecure-cookie] + Cookie::build(("name", "value")).max_age(cookie::time::Duration::hours(12)).secure(false).build(); // $ Alert[rust/insecure-cookie] + Cookie::build(("name", "value")).domain("example.com").secure(false).build(); // $ Alert[rust/insecure-cookie] + Cookie::build(("name", "value")).path("/").secure(false).build(); // $ Alert[rust/insecure-cookie] + Cookie::build(("name", "value")).http_only(true).secure(false).build(); // $ Alert[rust/insecure-cookie] + Cookie::build(("name", "value")).same_site(cookie::SameSite::Strict).secure(false).build(); // $ Alert[rust/insecure-cookie] + Cookie::build(("name", "value")).permanent().secure(false).build(); // $ Alert[rust/insecure-cookie] + Cookie::build(("name", "value")).removal().secure(false).build(); // $ Alert[rust/insecure-cookie] + Cookie::build(("name", "value")).secure(false).finish(); // $ Alert[rust/insecure-cookie] + Cookie::build("name").secure(false).build(); // $ Alert[rust/insecure-cookie] + Cookie::build(Cookie::build("name")).secure(false).build(); // $ Alert[rust/insecure-cookie] + + // edge cases + Cookie::build(("name", "value")).secure(true).secure(false).build(); // $ Alert[rust/insecure-cookie] + Cookie::build(("name", "value")).secure(false).secure(true).build(); // good + + // mutable cookie + let mut jar = CookieJar::new(); + let mut a = Cookie::new("name", "value"); // $ Source + jar.add(a.clone()); // $ Alert[rust/insecure-cookie] + jar.add_original(a.clone()); // $ Alert[rust/insecure-cookie] + a.set_secure(true); + jar.add(a.clone()); // good + a.set_secure(false); // $ Source + jar.add(a.clone()); // $ Alert[rust/insecure-cookie] + + let key = Key::generate(); + let mut signed_jar = jar.signed_mut(&key); + let mut b = Cookie::named("name"); // $ Source + signed_jar.add(b.clone()); // $ Alert[rust/insecure-cookie] + signed_jar.add_original(a.clone()); // $ Alert[rust/insecure-cookie] + b.set_secure(sometimes); // $ Source + signed_jar.add(b.clone()); // $ Alert[rust/insecure-cookie] + b.set_secure(true); + signed_jar.add(b.clone()); // good + + let mut private_jar = jar.private_mut(&key); + let mut c = Cookie::from("name"); // $ Source + private_jar.add(c.clone()); // $ Alert[rust/insecure-cookie] + private_jar.add_original(a.clone()); // $ Alert[rust/insecure-cookie] + if sometimes { + c.set_secure(true); + } + private_jar.add(c.clone()); // $ Alert[rust/insecure-cookie] + c.set_secure(true); + private_jar.add(c.clone()); // $ good + + let mut d = Cookie::from("name"); // $ Source + jar.add(d.clone()); // $ Alert[rust/insecure-cookie] + if sometimes { + c.set_secure(true); + } else { + c.set_partitioned(true); + } + jar.add(d.clone()); // $ SPURIOUS: Alert[rust/insecure-cookie] + + // parse + jar.add(Cookie::parse("name=value; HttpOnly").unwrap()); // $ MISSING: Alert[rust/insecure-cookie] + jar.add(Cookie::parse("name=value; Secure; HttpOnly").unwrap()); // good + jar.add(Cookie::parse_encoded("name=value; HttpOnly").unwrap()); // $ MISSING: Alert[rust/insecure-cookie] + jar.add(Cookie::parse_encoded("name=value; Secure; HttpOnly").unwrap()); // good + + for cookie in Cookie::split_parse("name1=value1; name2=value2") { + jar.add(cookie.unwrap()); // $ MISSING: Alert[rust/insecure-cookie] + } + + for cookie in Cookie::split_parse_encoded("name1=value1; name2=value2") { + let mut e = cookie.unwrap(); + jar.add(e.clone()); // $ MISSING: Alert[rust/insecure-cookie] + e.set_secure(true); + jar.add(e.clone()); // good + } + + // partitioned (implies secure) + Cookie::build(("name", "value")).partitioned(true).build(); // good +} + +fn test_biscotti() { + let mut cookies = biscotti::ResponseCookies::new(); + + // test set_secure, set_partitioned + + let a = biscotti::ResponseCookie::new("name", "value"); // $ Source + cookies.insert(a.clone()); // $ Alert[rust/insecure-cookie] + println!("biscotti1 = {}", a.to_string()); + + let b = a.set_secure(true); + cookies.insert(b.clone()); // good + println!("biscotti2 = {}", b.to_string()); + + let c = b.set_secure(false); // $ Source + cookies.insert(c.clone()); // $ Alert[rust/insecure-cookie] + println!("biscotti3 = {}", c.to_string()); + + let d = c.set_partitioned(true); // (implies secure) + cookies.insert(d.clone()); // good + println!("biscotti4 = {}", d.to_string()); + + let e = d.set_secure(true); + cookies.insert(e.clone()); // good + println!("biscotti5 = {}", e.to_string()); + + let f = e.set_partitioned(false); + cookies.insert(f.clone()); // good + println!("biscotti6 = {}", f.to_string()); + + let g = f.set_secure(false); // $ Source + cookies.insert(g.clone()); // $ Alert[rust/insecure-cookie] + println!("biscotti7 = {}", g.to_string()); + + // variant creation (insecure) + let h = biscotti::ResponseCookie::from(("name", "value")); // $ Source + cookies.insert(h); // $ Alert[rust/insecure-cookie] + + // variant uses (all insecure) + let i = biscotti::ResponseCookie::new("name", "value"); // $ Source + cookies.insert(i.clone().set_name("name2")); // $ Alert[rust/insecure-cookie] + cookies.insert(i.clone().set_value("value2")); // $ Alert[rust/insecure-cookie] + cookies.insert(i.clone().set_http_only(true)); // $ Alert[rust/insecure-cookie] + cookies.insert(i.clone().set_same_site(biscotti::SameSite::Strict)); // $ Alert[rust/insecure-cookie] + cookies.insert(i.clone().set_max_age(None)); // $ Alert[rust/insecure-cookie] + cookies.insert(i.clone().set_path("/")); // $ Alert[rust/insecure-cookie] + cookies.insert(i.clone().unset_path()); // $ Alert[rust/insecure-cookie] + cookies.insert(i.clone().set_domain("example.com")); // $ Alert[rust/insecure-cookie] + cookies.insert(i.clone().unset_domain()); // $ Alert[rust/insecure-cookie] + cookies.insert(i.clone().set_expires(None)); // $ Alert[rust/insecure-cookie] + cookies.insert(i.clone().unset_expires()); // $ Alert[rust/insecure-cookie] + cookies.insert(i.clone().make_permanent()); // $ Alert[rust/insecure-cookie] +} + +fn test_qhelp_examples() { + { + // BAD: creating a cookie without specifying the `secure` attribute + let cookie = Cookie::build(("session", "abcd1234")).build(); // $ Alert[rust/insecure-cookie] + let mut jar = cookie::CookieJar::new(); + jar.add(cookie.clone()); + } + + { + // GOOD: set the `CookieBuilder` 'Secure' attribute so that the cookie is only sent over HTTPS + let secure_cookie = Cookie::build(("session", "abcd1234")).secure(true).build(); + let mut jar = cookie::CookieJar::new(); + jar.add(secure_cookie.clone()); + + // GOOD: alternatively, set the 'Secure' attribute on an existing `Cookie` + let mut secure_cookie2 = Cookie::new("session", "abcd1234"); + secure_cookie2.set_secure(true); + jar.add(secure_cookie2); + } +} + +fn main() { + test_cookie(true); + test_cookie(false); + test_biscotti(); + test_qhelp_examples(); +} diff --git a/rust/ql/test/query-tests/security/CWE-614/options.yml b/rust/ql/test/query-tests/security/CWE-614/options.yml new file mode 100644 index 00000000000..99b8e37e843 --- /dev/null +++ b/rust/ql/test/query-tests/security/CWE-614/options.yml @@ -0,0 +1,4 @@ +qltest_cargo_check: true +qltest_dependencies: + - cookie = { version = "0.18.1", features = ["percent-encode", "signed", "private"] } + - biscotti = { version = "0.4.3" } diff --git a/rust/ql/test/query-tests/security/CWE-696/BadCTorInitialization.expected b/rust/ql/test/query-tests/security/CWE-696/BadCTorInitialization.expected index ed95a8d448a..cf0f287e4f7 100644 --- a/rust/ql/test/query-tests/security/CWE-696/BadCTorInitialization.expected +++ b/rust/ql/test/query-tests/security/CWE-696/BadCTorInitialization.expected @@ -1,21 +1,21 @@ #select -| test.rs:30:9:30:24 | ...::stdout(...) | test.rs:28:1:28:13 | Attr | test.rs:30:9:30:24 | ...::stdout(...) | Call to ...::stdout(...) from the standard library in a function with the ctor attribute. | -| test.rs:30:9:30:48 | ... .write(...) | test.rs:28:1:28:13 | Attr | test.rs:30:9:30:48 | ... .write(...) | Call to ... .write(...) from the standard library in a function with the ctor attribute. | -| test.rs:35:9:35:24 | ...::stdout(...) | test.rs:33:1:33:13 | Attr | test.rs:35:9:35:24 | ...::stdout(...) | Call to ...::stdout(...) from the standard library in a function with the dtor attribute. | -| test.rs:35:9:35:48 | ... .write(...) | test.rs:33:1:33:13 | Attr | test.rs:35:9:35:48 | ... .write(...) | Call to ... .write(...) from the standard library in a function with the dtor attribute. | -| test.rs:42:9:42:24 | ...::stdout(...) | test.rs:39:1:39:13 | Attr | test.rs:42:9:42:24 | ...::stdout(...) | Call to ...::stdout(...) from the standard library in a function with the dtor attribute. | -| test.rs:42:9:42:48 | ... .write(...) | test.rs:39:1:39:13 | Attr | test.rs:42:9:42:48 | ... .write(...) | Call to ... .write(...) from the standard library in a function with the dtor attribute. | -| test.rs:52:9:52:15 | stdout(...) | test.rs:50:1:50:7 | Attr | test.rs:52:9:52:15 | stdout(...) | Call to stdout(...) from the standard library in a function with the ctor attribute. | -| test.rs:52:9:52:39 | ... .write(...) | test.rs:50:1:50:7 | Attr | test.rs:52:9:52:39 | ... .write(...) | Call to ... .write(...) from the standard library in a function with the ctor attribute. | -| test.rs:57:9:57:15 | stderr(...) | test.rs:55:1:55:7 | Attr | test.rs:57:9:57:15 | stderr(...) | Call to stderr(...) from the standard library in a function with the ctor attribute. | -| test.rs:57:9:57:43 | ... .write_all(...) | test.rs:55:1:55:7 | Attr | test.rs:57:9:57:43 | ... .write_all(...) | Call to ... .write_all(...) from the standard library in a function with the ctor attribute. | +| test.rs:30:9:30:25 | ...::stdout(...) | test.rs:28:1:28:13 | Attr | test.rs:30:9:30:25 | ...::stdout(...) | Call to ...::stdout(...) from the standard library in a function with the ctor attribute. | +| test.rs:30:9:30:49 | ... .write(...) | test.rs:28:1:28:13 | Attr | test.rs:30:9:30:49 | ... .write(...) | Call to ... .write(...) from the standard library in a function with the ctor attribute. | +| test.rs:35:9:35:25 | ...::stdout(...) | test.rs:33:1:33:13 | Attr | test.rs:35:9:35:25 | ...::stdout(...) | Call to ...::stdout(...) from the standard library in a function with the dtor attribute. | +| test.rs:35:9:35:49 | ... .write(...) | test.rs:33:1:33:13 | Attr | test.rs:35:9:35:49 | ... .write(...) | Call to ... .write(...) from the standard library in a function with the dtor attribute. | +| test.rs:42:9:42:25 | ...::stdout(...) | test.rs:39:1:39:13 | Attr | test.rs:42:9:42:25 | ...::stdout(...) | Call to ...::stdout(...) from the standard library in a function with the dtor attribute. | +| test.rs:42:9:42:49 | ... .write(...) | test.rs:39:1:39:13 | Attr | test.rs:42:9:42:49 | ... .write(...) | Call to ... .write(...) from the standard library in a function with the dtor attribute. | +| test.rs:52:9:52:16 | stdout(...) | test.rs:50:1:50:7 | Attr | test.rs:52:9:52:16 | stdout(...) | Call to stdout(...) from the standard library in a function with the ctor attribute. | +| test.rs:52:9:52:40 | ... .write(...) | test.rs:50:1:50:7 | Attr | test.rs:52:9:52:40 | ... .write(...) | Call to ... .write(...) from the standard library in a function with the ctor attribute. | +| test.rs:57:9:57:16 | stderr(...) | test.rs:55:1:55:7 | Attr | test.rs:57:9:57:16 | stderr(...) | Call to stderr(...) from the standard library in a function with the ctor attribute. | +| test.rs:57:9:57:44 | ... .write_all(...) | test.rs:55:1:55:7 | Attr | test.rs:57:9:57:44 | ... .write_all(...) | Call to ... .write_all(...) from the standard library in a function with the ctor attribute. | | test.rs:62:14:62:28 | ...::_print(...) | test.rs:60:1:60:7 | Attr | test.rs:62:14:62:28 | ...::_print(...) | Call to ...::_print(...) from the standard library in a function with the ctor attribute. | -| test.rs:68:9:68:23 | ...::stdin(...) | test.rs:65:1:65:7 | Attr | test.rs:68:9:68:23 | ...::stdin(...) | Call to ...::stdin(...) from the standard library in a function with the ctor attribute. | -| test.rs:68:9:68:44 | ... .read_line(...) | test.rs:65:1:65:7 | Attr | test.rs:68:9:68:44 | ... .read_line(...) | Call to ... .read_line(...) from the standard library in a function with the ctor attribute. | -| test.rs:75:17:75:44 | ...::create(...) | test.rs:73:1:73:7 | Attr | test.rs:75:17:75:44 | ...::create(...) | Call to ...::create(...) from the standard library in a function with the ctor attribute. | -| test.rs:80:14:80:37 | ...::now(...) | test.rs:78:1:78:7 | Attr | test.rs:80:14:80:37 | ...::now(...) | Call to ...::now(...) from the standard library in a function with the ctor attribute. | -| test.rs:89:5:89:34 | ...::sleep(...) | test.rs:87:1:87:7 | Attr | test.rs:89:5:89:34 | ...::sleep(...) | Call to ...::sleep(...) from the standard library in a function with the ctor attribute. | -| test.rs:96:5:96:22 | ...::exit(...) | test.rs:94:1:94:7 | Attr | test.rs:96:5:96:22 | ...::exit(...) | Call to ...::exit(...) from the standard library in a function with the ctor attribute. | +| test.rs:68:9:68:24 | ...::stdin(...) | test.rs:65:1:65:7 | Attr | test.rs:68:9:68:24 | ...::stdin(...) | Call to ...::stdin(...) from the standard library in a function with the ctor attribute. | +| test.rs:68:9:68:45 | ... .read_line(...) | test.rs:65:1:65:7 | Attr | test.rs:68:9:68:45 | ... .read_line(...) | Call to ... .read_line(...) from the standard library in a function with the ctor attribute. | +| test.rs:75:17:75:45 | ...::create(...) | test.rs:73:1:73:7 | Attr | test.rs:75:17:75:45 | ...::create(...) | Call to ...::create(...) from the standard library in a function with the ctor attribute. | +| test.rs:80:14:80:38 | ...::now(...) | test.rs:78:1:78:7 | Attr | test.rs:80:14:80:38 | ...::now(...) | Call to ...::now(...) from the standard library in a function with the ctor attribute. | +| test.rs:89:5:89:35 | ...::sleep(...) | test.rs:87:1:87:7 | Attr | test.rs:89:5:89:35 | ...::sleep(...) | Call to ...::sleep(...) from the standard library in a function with the ctor attribute. | +| test.rs:96:5:96:23 | ...::exit(...) | test.rs:94:1:94:7 | Attr | test.rs:96:5:96:23 | ...::exit(...) | Call to ...::exit(...) from the standard library in a function with the ctor attribute. | | test.rs:125:9:125:16 | stderr(...) | test.rs:128:1:128:7 | Attr | test.rs:125:9:125:16 | stderr(...) | Call to stderr(...) from the standard library in a function with the ctor attribute. | | test.rs:125:9:125:16 | stderr(...) | test.rs:144:1:144:7 | Attr | test.rs:125:9:125:16 | stderr(...) | Call to stderr(...) from the standard library in a function with the ctor attribute. | | test.rs:125:9:125:16 | stderr(...) | test.rs:150:1:150:7 | Attr | test.rs:125:9:125:16 | stderr(...) | Call to stderr(...) from the standard library in a function with the ctor attribute. | @@ -25,45 +25,45 @@ | test.rs:168:1:168:7 | ... .write(...) | test.rs:168:1:168:7 | Attr | test.rs:168:1:168:7 | ... .write(...) | Call to ... .write(...) from the standard library in a function with the ctor attribute. | | test.rs:168:1:168:7 | ...::stdout(...) | test.rs:168:1:168:7 | Attr | test.rs:168:1:168:7 | ...::stdout(...) | Call to ...::stdout(...) from the standard library in a function with the ctor attribute. | edges -| test.rs:28:1:28:13 | Attr | test.rs:29:4:30:50 | fn bad1_1 | -| test.rs:29:4:30:50 | fn bad1_1 | test.rs:30:9:30:24 | ...::stdout(...) | -| test.rs:29:4:30:50 | fn bad1_1 | test.rs:30:9:30:48 | ... .write(...) | -| test.rs:33:1:33:13 | Attr | test.rs:34:4:35:50 | fn bad1_2 | -| test.rs:34:4:35:50 | fn bad1_2 | test.rs:35:9:35:24 | ...::stdout(...) | -| test.rs:34:4:35:50 | fn bad1_2 | test.rs:35:9:35:48 | ... .write(...) | -| test.rs:38:1:42:50 | fn bad1_3 | test.rs:42:9:42:24 | ...::stdout(...) | -| test.rs:38:1:42:50 | fn bad1_3 | test.rs:42:9:42:48 | ... .write(...) | -| test.rs:39:1:39:13 | Attr | test.rs:38:1:42:50 | fn bad1_3 | -| test.rs:50:1:50:7 | Attr | test.rs:51:4:52:41 | fn bad2_1 | -| test.rs:51:4:52:41 | fn bad2_1 | test.rs:52:9:52:15 | stdout(...) | -| test.rs:51:4:52:41 | fn bad2_1 | test.rs:52:9:52:39 | ... .write(...) | -| test.rs:55:1:55:7 | Attr | test.rs:56:4:57:45 | fn bad2_2 | -| test.rs:56:4:57:45 | fn bad2_2 | test.rs:57:9:57:15 | stderr(...) | -| test.rs:56:4:57:45 | fn bad2_2 | test.rs:57:9:57:43 | ... .write_all(...) | -| test.rs:60:1:60:7 | Attr | test.rs:61:4:62:30 | fn bad2_3 | -| test.rs:61:4:62:30 | fn bad2_3 | test.rs:62:14:62:28 | ...::_print(...) | -| test.rs:65:1:65:7 | Attr | test.rs:66:4:68:46 | fn bad2_4 | -| test.rs:66:4:68:46 | fn bad2_4 | test.rs:68:9:68:23 | ...::stdin(...) | -| test.rs:66:4:68:46 | fn bad2_4 | test.rs:68:9:68:44 | ... .read_line(...) | -| test.rs:73:1:73:7 | Attr | test.rs:74:4:75:55 | fn bad2_5 | -| test.rs:74:4:75:55 | fn bad2_5 | test.rs:75:17:75:44 | ...::create(...) | -| test.rs:78:1:78:7 | Attr | test.rs:79:4:80:39 | fn bad2_6 | -| test.rs:79:4:80:39 | fn bad2_6 | test.rs:80:14:80:37 | ...::now(...) | -| test.rs:87:1:87:7 | Attr | test.rs:88:4:89:36 | fn bad2_7 | -| test.rs:88:4:89:36 | fn bad2_7 | test.rs:89:5:89:34 | ...::sleep(...) | -| test.rs:94:1:94:7 | Attr | test.rs:95:4:96:24 | fn bad2_8 | -| test.rs:95:4:96:24 | fn bad2_8 | test.rs:96:5:96:22 | ...::exit(...) | +| test.rs:28:1:28:13 | Attr | test.rs:29:4:31:1 | fn bad1_1 | +| test.rs:29:4:31:1 | fn bad1_1 | test.rs:30:9:30:25 | ...::stdout(...) | +| test.rs:29:4:31:1 | fn bad1_1 | test.rs:30:9:30:49 | ... .write(...) | +| test.rs:33:1:33:13 | Attr | test.rs:34:4:36:1 | fn bad1_2 | +| test.rs:34:4:36:1 | fn bad1_2 | test.rs:35:9:35:25 | ...::stdout(...) | +| test.rs:34:4:36:1 | fn bad1_2 | test.rs:35:9:35:49 | ... .write(...) | +| test.rs:38:1:43:1 | fn bad1_3 | test.rs:42:9:42:25 | ...::stdout(...) | +| test.rs:38:1:43:1 | fn bad1_3 | test.rs:42:9:42:49 | ... .write(...) | +| test.rs:39:1:39:13 | Attr | test.rs:38:1:43:1 | fn bad1_3 | +| test.rs:50:1:50:7 | Attr | test.rs:51:4:53:1 | fn bad2_1 | +| test.rs:51:4:53:1 | fn bad2_1 | test.rs:52:9:52:16 | stdout(...) | +| test.rs:51:4:53:1 | fn bad2_1 | test.rs:52:9:52:40 | ... .write(...) | +| test.rs:55:1:55:7 | Attr | test.rs:56:4:58:1 | fn bad2_2 | +| test.rs:56:4:58:1 | fn bad2_2 | test.rs:57:9:57:16 | stderr(...) | +| test.rs:56:4:58:1 | fn bad2_2 | test.rs:57:9:57:44 | ... .write_all(...) | +| test.rs:60:1:60:7 | Attr | test.rs:61:4:63:1 | fn bad2_3 | +| test.rs:61:4:63:1 | fn bad2_3 | test.rs:62:14:62:28 | ...::_print(...) | +| test.rs:65:1:65:7 | Attr | test.rs:66:4:69:1 | fn bad2_4 | +| test.rs:66:4:69:1 | fn bad2_4 | test.rs:68:9:68:24 | ...::stdin(...) | +| test.rs:66:4:69:1 | fn bad2_4 | test.rs:68:9:68:45 | ... .read_line(...) | +| test.rs:73:1:73:7 | Attr | test.rs:74:4:76:1 | fn bad2_5 | +| test.rs:74:4:76:1 | fn bad2_5 | test.rs:75:17:75:45 | ...::create(...) | +| test.rs:78:1:78:7 | Attr | test.rs:79:4:81:1 | fn bad2_6 | +| test.rs:79:4:81:1 | fn bad2_6 | test.rs:80:14:80:38 | ...::now(...) | +| test.rs:87:1:87:7 | Attr | test.rs:88:4:90:1 | fn bad2_7 | +| test.rs:88:4:90:1 | fn bad2_7 | test.rs:89:5:89:35 | ...::sleep(...) | +| test.rs:94:1:94:7 | Attr | test.rs:95:4:97:1 | fn bad2_8 | +| test.rs:95:4:97:1 | fn bad2_8 | test.rs:96:5:96:23 | ...::exit(...) | | test.rs:124:1:126:1 | fn call_target3_1 | test.rs:125:9:125:16 | stderr(...) | | test.rs:124:1:126:1 | fn call_target3_1 | test.rs:125:9:125:44 | ... .write_all(...) | -| test.rs:128:1:128:7 | Attr | test.rs:129:4:130:21 | fn bad3_1 | -| test.rs:129:4:130:21 | fn bad3_1 | test.rs:130:5:130:19 | call_target3_1(...) | -| test.rs:130:5:130:19 | call_target3_1(...) | test.rs:124:1:126:1 | fn call_target3_1 | -| test.rs:144:1:144:7 | Attr | test.rs:145:4:147:21 | fn bad3_3 | -| test.rs:145:4:147:21 | fn bad3_3 | test.rs:146:5:146:19 | call_target3_1(...) | -| test.rs:146:5:146:19 | call_target3_1(...) | test.rs:124:1:126:1 | fn call_target3_1 | -| test.rs:150:1:150:7 | Attr | test.rs:151:4:152:13 | fn bad3_4 | -| test.rs:151:4:152:13 | fn bad3_4 | test.rs:152:5:152:11 | bad3_3(...) | -| test.rs:152:5:152:11 | bad3_3(...) | test.rs:145:4:147:21 | fn bad3_3 | -| test.rs:168:1:168:7 | Attr | test.rs:169:4:170:16 | fn bad4_1 | -| test.rs:169:4:170:16 | fn bad4_1 | test.rs:168:1:168:7 | ... .write(...) | -| test.rs:169:4:170:16 | fn bad4_1 | test.rs:168:1:168:7 | ...::stdout(...) | +| test.rs:128:1:128:7 | Attr | test.rs:129:4:131:1 | fn bad3_1 | +| test.rs:129:4:131:1 | fn bad3_1 | test.rs:130:5:130:20 | call_target3_1(...) | +| test.rs:130:5:130:20 | call_target3_1(...) | test.rs:124:1:126:1 | fn call_target3_1 | +| test.rs:144:1:144:7 | Attr | test.rs:145:4:148:1 | fn bad3_3 | +| test.rs:145:4:148:1 | fn bad3_3 | test.rs:146:5:146:20 | call_target3_1(...) | +| test.rs:146:5:146:20 | call_target3_1(...) | test.rs:124:1:126:1 | fn call_target3_1 | +| test.rs:150:1:150:7 | Attr | test.rs:151:4:153:1 | fn bad3_4 | +| test.rs:151:4:153:1 | fn bad3_4 | test.rs:152:5:152:12 | bad3_3(...) | +| test.rs:152:5:152:12 | bad3_3(...) | test.rs:145:4:148:1 | fn bad3_3 | +| test.rs:168:1:168:7 | Attr | test.rs:169:4:171:1 | fn bad4_1 | +| test.rs:169:4:171:1 | fn bad4_1 | test.rs:168:1:168:7 | ... .write(...) | +| test.rs:169:4:171:1 | fn bad4_1 | test.rs:168:1:168:7 | ...::stdout(...) | diff --git a/rust/ql/test/query-tests/security/CWE-696/CONSISTENCY/PathResolutionConsistency.expected b/rust/ql/test/query-tests/security/CWE-696/CONSISTENCY/PathResolutionConsistency.expected index 16bbea0aba3..b1c7e787dee 100644 --- a/rust/ql/test/query-tests/security/CWE-696/CONSISTENCY/PathResolutionConsistency.expected +++ b/rust/ql/test/query-tests/security/CWE-696/CONSISTENCY/PathResolutionConsistency.expected @@ -1,3 +1,3 @@ multipleCallTargets -| test.rs:117:9:117:20 | ptr.is_null() | +| test.rs:117:9:117:21 | ptr.is_null() | | test.rs:117:9:117:21 | ptr.is_null() | diff --git a/rust/ql/test/query-tests/security/CWE-825/AccessAfterLifetime.expected b/rust/ql/test/query-tests/security/CWE-825/AccessAfterLifetime.expected index 0010127c5bb..e1e2ba70026 100644 --- a/rust/ql/test/query-tests/security/CWE-825/AccessAfterLifetime.expected +++ b/rust/ql/test/query-tests/security/CWE-825/AccessAfterLifetime.expected @@ -164,7 +164,7 @@ edges | lifetime.rs:443:6:443:7 | p1 | lifetime.rs:446:13:446:14 | p1 | provenance | | | lifetime.rs:443:6:443:7 | p1 | lifetime.rs:450:2:450:10 | return p1 | provenance | | | lifetime.rs:443:23:443:44 | ...::from_ref(...) | lifetime.rs:443:6:443:7 | p1 | provenance | | -| lifetime.rs:443:42:443:43 | r1 | lifetime.rs:443:23:443:44 | ...::from_ref(...) | provenance | MaD:3 | +| lifetime.rs:443:42:443:43 | r1 | lifetime.rs:443:23:443:44 | ...::from_ref(...) | provenance | MaD:4 | | lifetime.rs:450:2:450:10 | return p1 | lifetime.rs:454:11:454:29 | get_ptr_from_ref(...) | provenance | | | lifetime.rs:450:2:450:10 | return p1 | lifetime.rs:460:13:460:31 | get_ptr_from_ref(...) | provenance | | | lifetime.rs:454:6:454:7 | p1 | lifetime.rs:459:13:459:14 | p1 | provenance | | @@ -175,7 +175,9 @@ edges | lifetime.rs:630:3:630:6 | str2 | lifetime.rs:641:14:641:17 | str2 | provenance | | | lifetime.rs:630:10:630:25 | &... | lifetime.rs:630:3:630:6 | str2 | provenance | | | lifetime.rs:654:4:654:7 | str2 | lifetime.rs:655:22:655:25 | str2 | provenance | | +| lifetime.rs:654:11:654:35 | ... + ... | lifetime.rs:654:4:654:7 | str2 | provenance | | | lifetime.rs:654:31:654:35 | &str1 | lifetime.rs:654:4:654:7 | str2 | provenance | | +| lifetime.rs:654:31:654:35 | &str1 | lifetime.rs:654:11:654:35 | ... + ... | provenance | MaD:3 | | lifetime.rs:655:4:655:7 | ref1 | lifetime.rs:659:15:659:18 | ref1 | provenance | | | lifetime.rs:655:4:655:7 | ref1 | lifetime.rs:667:14:667:17 | ref1 | provenance | | | lifetime.rs:655:4:655:7 | ref1 [&ref] | lifetime.rs:659:15:659:18 | ref1 | provenance | | @@ -227,7 +229,8 @@ edges models | 1 | Summary: ::as_mut_ptr; Argument[0].Reference.Reference; ReturnValue.Reference; value | | 2 | Summary: ::as_ptr; Argument[0].Reference.Reference; ReturnValue.Reference; value | -| 3 | Summary: core::ptr::from_ref; Argument[0]; ReturnValue; value | +| 3 | Summary: ::add; Argument[0].Reference; ReturnValue; taint | +| 4 | Summary: core::ptr::from_ref; Argument[0]; ReturnValue; value | nodes | deallocation.rs:148:6:148:7 | p1 | semmle.label | p1 | | deallocation.rs:148:30:148:38 | &raw const my_buffer | semmle.label | &raw const my_buffer | @@ -407,6 +410,7 @@ nodes | lifetime.rs:633:15:633:18 | str2 | semmle.label | str2 | | lifetime.rs:641:14:641:17 | str2 | semmle.label | str2 | | lifetime.rs:654:4:654:7 | str2 | semmle.label | str2 | +| lifetime.rs:654:11:654:35 | ... + ... | semmle.label | ... + ... | | lifetime.rs:654:31:654:35 | &str1 | semmle.label | &str1 | | lifetime.rs:655:4:655:7 | ref1 | semmle.label | ref1 | | lifetime.rs:655:4:655:7 | ref1 [&ref] | semmle.label | ref1 [&ref] | diff --git a/rust/ql/test/query-tests/security/CWE-918/CONSISTENCY/PathResolutionConsistency.expected b/rust/ql/test/query-tests/security/CWE-918/CONSISTENCY/PathResolutionConsistency.expected index 79371978cc0..5caae105914 100644 --- a/rust/ql/test/query-tests/security/CWE-918/CONSISTENCY/PathResolutionConsistency.expected +++ b/rust/ql/test/query-tests/security/CWE-918/CONSISTENCY/PathResolutionConsistency.expected @@ -1,3 +1,3 @@ multipleCallTargets -| request_forgery_tests.rs:30:36:30:51 | user_url.as_str() | +| request_forgery_tests.rs:30:36:30:52 | user_url.as_str() | | request_forgery_tests.rs:30:36:30:52 | user_url.as_str() | diff --git a/rust/ql/test/query-tests/security/CWE-918/RequestForgery.expected b/rust/ql/test/query-tests/security/CWE-918/RequestForgery.expected index a33742a7c4b..aa5003a0e9d 100644 --- a/rust/ql/test/query-tests/security/CWE-918/RequestForgery.expected +++ b/rust/ql/test/query-tests/security/CWE-918/RequestForgery.expected @@ -11,9 +11,6 @@ | request_forgery_tests.rs:68:28:68:39 | ...::get | request_forgery_tests.rs:65:33:65:40 | and_then | request_forgery_tests.rs:68:28:68:39 | ...::get | The URL of this request depends on a $@. | request_forgery_tests.rs:65:33:65:40 | and_then | user-provided value | | request_forgery_tests.rs:68:28:68:39 | ...::get | request_forgery_tests.rs:65:33:65:40 | and_then | request_forgery_tests.rs:68:28:68:39 | ...::get | The URL of this request depends on a $@. | request_forgery_tests.rs:65:33:65:40 | and_then | user-provided value | edges -| request_forgery_tests.rs:4:5:4:14 | res | request_forgery_tests.rs:16:27:16:49 | { ... } | provenance | | -| request_forgery_tests.rs:4:5:4:14 | res | request_forgery_tests.rs:20:27:20:57 | { ... } | provenance | | -| request_forgery_tests.rs:4:5:4:14 | res | request_forgery_tests.rs:24:27:24:70 | { ... } | provenance | | | request_forgery_tests.rs:5:29:5:36 | user_url | request_forgery_tests.rs:8:38:8:45 | user_url | provenance | | | request_forgery_tests.rs:5:29:5:36 | user_url | request_forgery_tests.rs:8:38:8:45 | user_url | provenance | | | request_forgery_tests.rs:5:29:5:36 | user_url | request_forgery_tests.rs:16:27:16:49 | MacroExpr | provenance | | @@ -28,21 +25,21 @@ edges | request_forgery_tests.rs:8:38:8:45 | user_url | request_forgery_tests.rs:8:37:8:45 | &user_url [&ref] | provenance | | | request_forgery_tests.rs:8:38:8:45 | user_url | request_forgery_tests.rs:8:37:8:45 | &user_url [&ref] | provenance | | | request_forgery_tests.rs:16:13:16:15 | url | request_forgery_tests.rs:17:39:17:41 | url | provenance | | -| request_forgery_tests.rs:16:27:16:49 | ...::format(...) | request_forgery_tests.rs:4:5:4:14 | res | provenance | | +| request_forgery_tests.rs:16:27:16:49 | ...::format(...) | request_forgery_tests.rs:16:27:16:49 | { ... } | provenance | | | request_forgery_tests.rs:16:27:16:49 | ...::must_use(...) | request_forgery_tests.rs:16:13:16:15 | url | provenance | | | request_forgery_tests.rs:16:27:16:49 | MacroExpr | request_forgery_tests.rs:16:27:16:49 | ...::format(...) | provenance | MaD:3 | | request_forgery_tests.rs:16:27:16:49 | { ... } | request_forgery_tests.rs:16:27:16:49 | ...::must_use(...) | provenance | MaD:4 | | request_forgery_tests.rs:17:38:17:41 | &url [&ref] | request_forgery_tests.rs:17:25:17:36 | ...::get | provenance | MaD:1 Sink:MaD:1 | | request_forgery_tests.rs:17:39:17:41 | url | request_forgery_tests.rs:17:38:17:41 | &url [&ref] | provenance | | | request_forgery_tests.rs:20:13:20:15 | url | request_forgery_tests.rs:21:39:21:41 | url | provenance | | -| request_forgery_tests.rs:20:27:20:57 | ...::format(...) | request_forgery_tests.rs:4:5:4:14 | res | provenance | | +| request_forgery_tests.rs:20:27:20:57 | ...::format(...) | request_forgery_tests.rs:20:27:20:57 | { ... } | provenance | | | request_forgery_tests.rs:20:27:20:57 | ...::must_use(...) | request_forgery_tests.rs:20:13:20:15 | url | provenance | | | request_forgery_tests.rs:20:27:20:57 | MacroExpr | request_forgery_tests.rs:20:27:20:57 | ...::format(...) | provenance | MaD:3 | | request_forgery_tests.rs:20:27:20:57 | { ... } | request_forgery_tests.rs:20:27:20:57 | ...::must_use(...) | provenance | MaD:4 | | request_forgery_tests.rs:21:38:21:41 | &url [&ref] | request_forgery_tests.rs:21:25:21:36 | ...::get | provenance | MaD:1 Sink:MaD:1 | | request_forgery_tests.rs:21:39:21:41 | url | request_forgery_tests.rs:21:38:21:41 | &url [&ref] | provenance | | | request_forgery_tests.rs:24:13:24:15 | url | request_forgery_tests.rs:25:39:25:41 | url | provenance | | -| request_forgery_tests.rs:24:27:24:70 | ...::format(...) | request_forgery_tests.rs:4:5:4:14 | res | provenance | | +| request_forgery_tests.rs:24:27:24:70 | ...::format(...) | request_forgery_tests.rs:24:27:24:70 | { ... } | provenance | | | request_forgery_tests.rs:24:27:24:70 | ...::must_use(...) | request_forgery_tests.rs:24:13:24:15 | url | provenance | | | request_forgery_tests.rs:24:27:24:70 | MacroExpr | request_forgery_tests.rs:24:27:24:70 | ...::format(...) | provenance | MaD:3 | | request_forgery_tests.rs:24:27:24:70 | { ... } | request_forgery_tests.rs:24:27:24:70 | ...::must_use(...) | provenance | MaD:4 | @@ -70,9 +67,6 @@ models | 3 | Summary: alloc::fmt::format; Argument[0]; ReturnValue; taint | | 4 | Summary: core::hint::must_use; Argument[0]; ReturnValue; value | nodes -| request_forgery_tests.rs:4:5:4:14 | res | semmle.label | res | -| request_forgery_tests.rs:4:5:4:14 | res | semmle.label | res | -| request_forgery_tests.rs:4:5:4:14 | res | semmle.label | res | | request_forgery_tests.rs:5:29:5:36 | user_url | semmle.label | user_url | | request_forgery_tests.rs:5:29:5:36 | user_url | semmle.label | user_url | | request_forgery_tests.rs:8:24:8:35 | ...::get | semmle.label | ...::get | diff --git a/rust/ql/test/rust-toolchain.toml b/rust/ql/test/rust-toolchain.toml index 254f87e09e6..9343bef27c6 100644 --- a/rust/ql/test/rust-toolchain.toml +++ b/rust/ql/test/rust-toolchain.toml @@ -2,6 +2,6 @@ # IMPORTANT: this can also have an impact on QL test results [toolchain] -channel = "1.86" +channel = "1.90" profile = "minimal" components = [ "rust-src" ] diff --git a/rust/schema/annotations.py b/rust/schema/annotations.py index 37149392675..ce1b97570ee 100644 --- a/rust/schema/annotations.py +++ b/rust/schema/annotations.py @@ -1828,18 +1828,27 @@ class _: @annotate(StmtList) class _: """ - A list of statements in a block. + A list of statements in a block, with an optional tail expression at the + end that determines the block's value. For example: ```rust { let x = 1; let y = 2; + x + y } // ^^^^^^^^^ ``` """ - + statements: _ | doc("statements of this statement list") | desc(""" + The statements of a `StmtList` do not include any tail expression, which + can be accessed with predicates such as `getTailExpr`. + """) + tail_expr: _ | doc("tail expression of this statement list") | desc(""" + The tail expression is the expression at the end of a block, that + determines the block's value. + """) @annotate(Struct, replace_bases={Item: None}) # still an Item via Adt class _: diff --git a/shared/concepts/qlpack.yml b/shared/concepts/qlpack.yml index 3924d67029d..452f932edef 100644 --- a/shared/concepts/qlpack.yml +++ b/shared/concepts/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/concepts -version: 0.0.6 +version: 0.0.7-dev groups: shared library: true dependencies: diff --git a/shared/controlflow/codeql/controlflow/Guards.qll b/shared/controlflow/codeql/controlflow/Guards.qll index 668fb60655c..e9f48152cab 100644 --- a/shared/controlflow/codeql/controlflow/Guards.qll +++ b/shared/controlflow/codeql/controlflow/Guards.qll @@ -692,6 +692,9 @@ module Make< * Holds if `e` equals `k` and may be assigned to `v`. The boolean * `fromBackEdge` indicates whether the flow from `e` to `v` goes through a * back edge. + * + * This predicate is restricted to cases where all such possible values are + * constants, which means that the `GuardValue`s are singleton values. */ private predicate possibleValue(SsaDefinition v, boolean fromBackEdge, Expr e, GuardValue k) { not hasPossibleUnknownValue(v) and @@ -711,9 +714,10 @@ module Make< private predicate uniqueValue(SsaDefinition v, Expr e, GuardValue k) { possibleValue(v, false, e, k) and not possibleValue(v, true, e, k) and - forex(Expr other, GuardValue otherval | possibleValue(v, _, other, otherval) and other != e | - disjointValues(otherval, k) - ) + // there's only one expression with the value `k` + 1 = strictcount(Expr e0 | possibleValue(v, _, e0, k)) and + // and `v` has at least two possible values + 2 <= strictcount(GuardValue k0 | possibleValue(v, _, _, k0)) } /** diff --git a/shared/controlflow/qlpack.yml b/shared/controlflow/qlpack.yml index a0158fea04f..660b1e12512 100644 --- a/shared/controlflow/qlpack.yml +++ b/shared/controlflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/controlflow -version: 2.0.16 +version: 2.0.17-dev groups: shared library: true dependencies: diff --git a/shared/dataflow/codeql/dataflow/DataFlow.qll b/shared/dataflow/codeql/dataflow/DataFlow.qll index 3483287e3b3..49f84d45b2a 100644 --- a/shared/dataflow/codeql/dataflow/DataFlow.qll +++ b/shared/dataflow/codeql/dataflow/DataFlow.qll @@ -349,6 +349,18 @@ signature module InputSig { /** Holds if `fieldFlowBranchLimit` should be ignored for flow going into/out of `c`. */ default predicate ignoreFieldFlowBranchLimit(DataFlowCallable c) { none() } + + /** + * Holds if the evaluator is currently evaluating with an overlay. The + * implementation of this predicate needs to be `overlay[local]`. For a + * language with no overlay support, `none()` is a valid implementation. + * + * When called from a local predicate, this predicate holds if we are in the + * overlay-only local evaluation. When called from a global predicate, this + * predicate holds if we are evaluating globally with overlay and base both + * visible. + */ + default predicate isEvaluatingInOverlay() { none() } } module Configs Lang> { @@ -645,10 +657,8 @@ private module PathGraphSigMod { } } -module DataFlowMake Lang> { +private module DataFlowMakeCore Lang> { private import Lang - private import internal.DataFlowImpl::MakeImpl - private import internal.DataFlowImplStage1::MakeImplStage1 import Configs /** @@ -691,59 +701,6 @@ module DataFlowMake Lang> { predicate flowToExpr(DataFlowExpr sink); } - /** - * Constructs a global data flow computation. - */ - module Global implements GlobalFlowSig { - private module C implements FullStateConfigSig { - import DefaultState - import Config - - predicate accessPathLimit = Config::accessPathLimit/0; - - predicate isAdditionalFlowStep(Node node1, Node node2, string model) { - Config::isAdditionalFlowStep(node1, node2) and model = "Config" - } - } - - private module Stage1 = ImplStage1; - - import Stage1::PartialFlow - - private module Flow = Impl; - - import Flow - } - - /** - * Constructs a global data flow computation using flow state. - */ - module GlobalWithState implements GlobalFlowSig { - private module C implements FullStateConfigSig { - import Config - - predicate accessPathLimit = Config::accessPathLimit/0; - - predicate isAdditionalFlowStep(Node node1, Node node2, string model) { - Config::isAdditionalFlowStep(node1, node2) and model = "Config" - } - - predicate isAdditionalFlowStep( - Node node1, FlowState state1, Node node2, FlowState state2, string model - ) { - Config::isAdditionalFlowStep(node1, state1, node2, state2) and model = "Config" - } - } - - private module Stage1 = ImplStage1; - - import Stage1::PartialFlow - - private module Flow = Impl; - - import Flow - } - signature class PathNodeSig { /** Gets a textual representation of this element. */ string toString(); @@ -1141,3 +1098,135 @@ module DataFlowMake Lang> { import PathGraph } } + +module DataFlowMake Lang> { + import DataFlowMakeCore + private import Lang + private import internal.DataFlowImpl::MakeImpl + private import internal.DataFlowImplStage1::MakeImplStage1 + + /** + * Constructs a global data flow computation. + */ + module Global implements GlobalFlowSig { + private module C implements FullStateConfigSig { + import DefaultState + import Config + + predicate accessPathLimit = Config::accessPathLimit/0; + + predicate isAdditionalFlowStep(Node node1, Node node2, string model) { + Config::isAdditionalFlowStep(node1, node2) and model = "Config" + } + + predicate observeOverlayInformedIncrementalMode() { none() } + } + + private module Stage1 = ImplStage1; + + import Stage1::PartialFlow + + private module Flow = Impl; + + import Flow + } + + /** + * Constructs a global data flow computation using flow state. + */ + module GlobalWithState implements GlobalFlowSig { + private module C implements FullStateConfigSig { + import Config + + predicate accessPathLimit = Config::accessPathLimit/0; + + predicate isAdditionalFlowStep(Node node1, Node node2, string model) { + Config::isAdditionalFlowStep(node1, node2) and model = "Config" + } + + predicate isAdditionalFlowStep( + Node node1, FlowState state1, Node node2, FlowState state2, string model + ) { + Config::isAdditionalFlowStep(node1, state1, node2, state2) and model = "Config" + } + + predicate observeOverlayInformedIncrementalMode() { none() } + } + + private module Stage1 = ImplStage1; + + import Stage1::PartialFlow + + private module Flow = Impl; + + import Flow + } +} + +module DataFlowMakeOverlay Lang> { + import DataFlowMake + private import Lang + private import internal.DataFlowImpl::MakeImpl + private import internal.DataFlowImplStage1::MakeImplStage1 + + /** + * Constructs a global data flow computation. + */ + module Global implements GlobalFlowSig { + private module C implements FullStateConfigSig { + import DefaultState + import Config + + predicate accessPathLimit = Config::accessPathLimit/0; + + predicate isAdditionalFlowStep(Node node1, Node node2, string model) { + Config::isAdditionalFlowStep(node1, node2) and model = "Config" + } + + predicate observeOverlayInformedIncrementalMode() { + not Config::observeDiffInformedIncrementalMode() + } + } + + private module Stage1 = ImplStage1; + + import Stage1::PartialFlow + + private module Flow = OverlayImpl; + + import Flow + } + + /** + * Constructs a global data flow computation using flow state. + */ + module GlobalWithState implements GlobalFlowSig { + private module C implements FullStateConfigSig { + import Config + + predicate accessPathLimit = Config::accessPathLimit/0; + + predicate isAdditionalFlowStep(Node node1, Node node2, string model) { + Config::isAdditionalFlowStep(node1, node2) and model = "Config" + } + + predicate isAdditionalFlowStep( + Node node1, FlowState state1, Node node2, FlowState state2, string model + ) { + Config::isAdditionalFlowStep(node1, state1, node2, state2) and model = "Config" + } + + predicate observeOverlayInformedIncrementalMode() { + not Config::observeDiffInformedIncrementalMode() + } + } + + private module Stage1 = ImplStage1; + + import Stage1::PartialFlow + + private module Flow = OverlayImpl; + + import Flow + } +} diff --git a/shared/dataflow/codeql/dataflow/TaintTracking.qll b/shared/dataflow/codeql/dataflow/TaintTracking.qll index bd4b4ecd6ca..7bb9535d096 100644 --- a/shared/dataflow/codeql/dataflow/TaintTracking.qll +++ b/shared/dataflow/codeql/dataflow/TaintTracking.qll @@ -47,16 +47,16 @@ signature module InputSig Lang> { /** * Construct the modules for taint-tracking analyses. */ -module TaintFlowMake< +private module TaintFlowMakeCore< LocationSig Location, DF::InputSig DataFlowLang, InputSig TaintTrackingLang> { - private import TaintTrackingLang - private import DF::DataFlowMake as DataFlow - private import MakeImpl as DataFlowInternal - private import MakeImplStage1 as DataFlowInternalStage1 + import TaintTrackingLang + import DF::DataFlowMake as DataFlow + import MakeImpl as DataFlowInternal + import MakeImplStage1 as DataFlowInternalStage1 - private module AddTaintDefaults implements + module AddTaintDefaults implements DataFlowInternal::FullStateConfigSig { import Config @@ -83,71 +83,9 @@ module TaintFlowMake< } } - /** - * Constructs a global taint tracking computation. - */ - module Global implements DataFlow::GlobalFlowSig { - private module Config0 implements DataFlowInternal::FullStateConfigSig { - import DataFlowInternal::DefaultState - import Config - - predicate isAdditionalFlowStep( - DataFlowLang::Node node1, DataFlowLang::Node node2, string model - ) { - Config::isAdditionalFlowStep(node1, node2) and model = "Config" - } - } - - private module C implements DataFlowInternal::FullStateConfigSig { - import AddTaintDefaults - } - - private module Stage1 = DataFlowInternalStage1::ImplStage1; - - import Stage1::PartialFlow - - private module Flow = DataFlowInternal::Impl; - - import Flow - } - - /** - * Constructs a global taint tracking computation using flow state. - */ - module GlobalWithState implements DataFlow::GlobalFlowSig { - private module Config0 implements DataFlowInternal::FullStateConfigSig { - import Config - - predicate isAdditionalFlowStep( - DataFlowLang::Node node1, DataFlowLang::Node node2, string model - ) { - Config::isAdditionalFlowStep(node1, node2) and model = "Config" - } - - predicate isAdditionalFlowStep( - DataFlowLang::Node node1, FlowState state1, DataFlowLang::Node node2, FlowState state2, - string model - ) { - Config::isAdditionalFlowStep(node1, state1, node2, state2) and model = "Config" - } - } - - private module C implements DataFlowInternal::FullStateConfigSig { - import AddTaintDefaults - } - - private module Stage1 = DataFlowInternalStage1::ImplStage1; - - import Stage1::PartialFlow - - private module Flow = DataFlowInternal::Impl; - - import Flow - } - signature int speculationLimitSig(); - private module AddSpeculativeTaintSteps< + module AddSpeculativeTaintSteps< DataFlowInternal::FullStateConfigSig Config, speculationLimitSig/0 speculationLimit> implements DataFlowInternal::FullStateConfigSig { @@ -215,6 +153,79 @@ module TaintFlowMake< state1.getState() = state2.getState() } } +} + +module TaintFlowMake< + LocationSig Location, DF::InputSig DataFlowLang, + InputSig TaintTrackingLang> +{ + private import TaintFlowMakeCore + + /** + * Constructs a global taint tracking computation. + */ + module Global implements DataFlow::GlobalFlowSig { + private module Config0 implements DataFlowInternal::FullStateConfigSig { + import DataFlowInternal::DefaultState + import Config + + predicate isAdditionalFlowStep( + DataFlowLang::Node node1, DataFlowLang::Node node2, string model + ) { + Config::isAdditionalFlowStep(node1, node2) and model = "Config" + } + + predicate observeOverlayInformedIncrementalMode() { none() } + } + + private module C implements DataFlowInternal::FullStateConfigSig { + import AddTaintDefaults + } + + private module Stage1 = DataFlowInternalStage1::ImplStage1; + + import Stage1::PartialFlow + + private module Flow = DataFlowInternal::Impl; + + import Flow + } + + /** + * Constructs a global taint tracking computation using flow state. + */ + module GlobalWithState implements DataFlow::GlobalFlowSig { + private module Config0 implements DataFlowInternal::FullStateConfigSig { + import Config + + predicate isAdditionalFlowStep( + DataFlowLang::Node node1, DataFlowLang::Node node2, string model + ) { + Config::isAdditionalFlowStep(node1, node2) and model = "Config" + } + + predicate isAdditionalFlowStep( + DataFlowLang::Node node1, FlowState state1, DataFlowLang::Node node2, FlowState state2, + string model + ) { + Config::isAdditionalFlowStep(node1, state1, node2, state2) and model = "Config" + } + + predicate observeOverlayInformedIncrementalMode() { none() } + } + + private module C implements DataFlowInternal::FullStateConfigSig { + import AddTaintDefaults + } + + private module Stage1 = DataFlowInternalStage1::ImplStage1; + + import Stage1::PartialFlow + + private module Flow = DataFlowInternal::Impl; + + import Flow + } /** * Constructs a global taint tracking computation that also allows a given @@ -232,6 +243,8 @@ module TaintFlowMake< ) { Config::isAdditionalFlowStep(node1, node2) and model = "Config" } + + predicate observeOverlayInformedIncrementalMode() { none() } } private module C implements DataFlowInternal::FullStateConfigSig { @@ -270,6 +283,8 @@ module TaintFlowMake< ) { Config::isAdditionalFlowStep(node1, state1, node2, state2) and model = "Config" } + + predicate observeOverlayInformedIncrementalMode() { none() } } private module C implements DataFlowInternal::FullStateConfigSig { @@ -285,3 +300,157 @@ module TaintFlowMake< import Flow } } + +module TaintFlowMakeOverlay< + LocationSig Location, DF::InputSig DataFlowLang, + InputSig TaintTrackingLang> +{ + private import TaintFlowMakeCore + + /** + * Constructs a global taint tracking computation. + */ + module Global implements DataFlow::GlobalFlowSig { + private module Config0 implements DataFlowInternal::FullStateConfigSig { + import DataFlowInternal::DefaultState + import Config + + predicate isAdditionalFlowStep( + DataFlowLang::Node node1, DataFlowLang::Node node2, string model + ) { + Config::isAdditionalFlowStep(node1, node2) and model = "Config" + } + + predicate observeOverlayInformedIncrementalMode() { + not Config::observeDiffInformedIncrementalMode() + } + } + + private module C implements DataFlowInternal::FullStateConfigSig { + import AddTaintDefaults + } + + private module Stage1 = DataFlowInternalStage1::ImplStage1; + + import Stage1::PartialFlow + + private module Flow = DataFlowInternal::OverlayImpl; + + import Flow + } + + /** + * Constructs a global taint tracking computation using flow state. + */ + module GlobalWithState implements DataFlow::GlobalFlowSig { + private module Config0 implements DataFlowInternal::FullStateConfigSig { + import Config + + predicate isAdditionalFlowStep( + DataFlowLang::Node node1, DataFlowLang::Node node2, string model + ) { + Config::isAdditionalFlowStep(node1, node2) and model = "Config" + } + + predicate isAdditionalFlowStep( + DataFlowLang::Node node1, FlowState state1, DataFlowLang::Node node2, FlowState state2, + string model + ) { + Config::isAdditionalFlowStep(node1, state1, node2, state2) and model = "Config" + } + + predicate observeOverlayInformedIncrementalMode() { + not Config::observeDiffInformedIncrementalMode() + } + } + + private module C implements DataFlowInternal::FullStateConfigSig { + import AddTaintDefaults + } + + private module Stage1 = DataFlowInternalStage1::ImplStage1; + + import Stage1::PartialFlow + + private module Flow = DataFlowInternal::OverlayImpl; + + import Flow + } + + /** + * Constructs a global taint tracking computation that also allows a given + * maximum number of speculative taint steps. + */ + module SpeculativeGlobal + implements DataFlow::GlobalFlowSig + { + private module Config0 implements DataFlowInternal::FullStateConfigSig { + import DataFlowInternal::DefaultState + import Config + + predicate isAdditionalFlowStep( + DataFlowLang::Node node1, DataFlowLang::Node node2, string model + ) { + Config::isAdditionalFlowStep(node1, node2) and model = "Config" + } + + predicate observeOverlayInformedIncrementalMode() { + not Config::observeDiffInformedIncrementalMode() + } + } + + private module C implements DataFlowInternal::FullStateConfigSig { + import AddTaintDefaults> + } + + private module Stage1 = DataFlowInternalStage1::ImplStage1; + + import Stage1::PartialFlow + + private module Flow = DataFlowInternal::OverlayImpl; + + import Flow + } + + /** + * Constructs a global taint tracking computation using flow state that also + * allows a given maximum number of speculative taint steps. + */ + module SpeculativeGlobalWithState< + DataFlow::StateConfigSig Config, speculationLimitSig/0 speculationLimit> implements + DataFlow::GlobalFlowSig + { + private module Config0 implements DataFlowInternal::FullStateConfigSig { + import Config + + predicate isAdditionalFlowStep( + DataFlowLang::Node node1, DataFlowLang::Node node2, string model + ) { + Config::isAdditionalFlowStep(node1, node2) and model = "Config" + } + + predicate isAdditionalFlowStep( + DataFlowLang::Node node1, FlowState state1, DataFlowLang::Node node2, FlowState state2, + string model + ) { + Config::isAdditionalFlowStep(node1, state1, node2, state2) and model = "Config" + } + + predicate observeOverlayInformedIncrementalMode() { + not Config::observeDiffInformedIncrementalMode() + } + } + + private module C implements DataFlowInternal::FullStateConfigSig { + import AddTaintDefaults> + } + + private module Stage1 = DataFlowInternalStage1::ImplStage1; + + import Stage1::PartialFlow + + private module Flow = DataFlowInternal::OverlayImpl; + + import Flow + } +} diff --git a/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll b/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll index a7e0736432a..099866ab6bd 100644 --- a/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll +++ b/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll @@ -143,6 +143,15 @@ module MakeImpl Lang> { */ predicate observeDiffInformedIncrementalMode(); + /** + * Holds if sources and sinks should be filtered to only include those that + * may lead to a flow path with either a source or a sink in the overlay database. + * This only has an effect when running + * in overlay-informed incremental mode. This should be used in conjunction + * with the `OverlayImpl` implementation to merge the base results back in. + */ + predicate observeOverlayInformedIncrementalMode(); + Location getASelectedSourceLocation(Node source); Location getASelectedSinkLocation(Node sink); @@ -171,6 +180,56 @@ module MakeImpl Lang> { } } + /** + * Constructs a data flow computation given a full input configuration, and + * an initial stage 1 pruning with merging of overlay and base results. + */ + module OverlayImpl Stage1> { + private module Flow = Impl; + + import Flow + + /** + * Holds if data can flow from `source` to `sink`. + * + * This is a local predicate that only has results local to the overlay/base database. + */ + private predicate flowLocal(Node source, Node sink) = forceLocal(Flow::flow/2)(source, sink) + + /** + * Holds if data can flow from `source` to `sink`. + */ + predicate flow(Node source, Node sink) { + Flow::flow(source, sink) + or + // If we are overlay informed (i.e. we are not diff-informed), we + // merge in the local results which includes the base database results. + flowLocal(source, sink) and Config::observeOverlayInformedIncrementalMode() + } + + /** + * Holds if data can flow from some source to `sink`. + * This is a local predicate that only has results local to the overlay/base database. + */ + predicate flowToLocal(Node sink) = forceLocal(Flow::flowTo/1)(sink) + + /** + * Holds if data can flow from some source to `sink`. + */ + predicate flowTo(Node sink) { + Flow::flowTo(sink) + or + // If we are overlay informed (i.e. we are not diff-informed), we + // merge in the local results which includes the base database results. + flowToLocal(sink) and Config::observeOverlayInformedIncrementalMode() + } + + /** + * Holds if data can flow from some source to `sink`. + */ + predicate flowToExpr(Lang::DataFlowExpr sink) { flowTo(exprNode(sink)) } + } + /** * Constructs a data flow computation given a full input configuration, and * an initial stage 1 pruning. diff --git a/shared/dataflow/codeql/dataflow/internal/DataFlowImplStage1.qll b/shared/dataflow/codeql/dataflow/internal/DataFlowImplStage1.qll index c7883df0de1..bb79ff62f5b 100644 --- a/shared/dataflow/codeql/dataflow/internal/DataFlowImplStage1.qll +++ b/shared/dataflow/codeql/dataflow/internal/DataFlowImplStage1.qll @@ -4,7 +4,7 @@ * Provides an implementation of a fast initial pruning of global * (interprocedural) data flow reachability (Stage 1). */ -overlay[local?] +overlay[local?] // when this is removed, put `overlay[local?]` on `isOverlayNode`. module; private import codeql.util.Unit @@ -129,23 +129,76 @@ module MakeImplStage1 Lang> { private module AlertFiltering = AlertFilteringImpl; + /** + * Holds if the given node is visible in overlay-only local evaluation. + * + * This predicate needs to be `overlay[local?]`, either directly or + * through annotations from an outer scope. If `Node` is global for the + * language under analysis, then every node is considered an overlay + * node, which means there will effectively be no overlay-based + * filtering of sources and sinks. + */ + private predicate isOverlayNode(Node node) { + isEvaluatingInOverlay() and + // Any local node is an overlay node if we are evaluating in overlay mode + exists(node) + } + + /** + * The filtering if we aren't meant to be diff-informed. + * + * Shared between sources and sinks. + */ + overlay[global] + pragma[inline] + private predicate nonDiffInformedFilter(Node node) { + // If we are in base-only global evaluation, do not filter out any sources/sinks. + not isEvaluatingInOverlay() + or + // If the configuration doesn't merge overlays, do not filter out any sources/sinks. + not Config::observeOverlayInformedIncrementalMode() + or + // If we are in global evaluation with an overlay present, restrict + // sources/sinks to those visible in the overlay. + isOverlayNode(node) + } + + overlay[global] pragma[nomagic] private predicate isFilteredSource(Node source) { Config::isSource(source, _) and + // Data flow is always incremental in one of two ways. + // 1. If the configuration is diff-informed, we filter to only include nodes in the diff, + // which gives the smallest set of nodes. + // If diff information is not available, we do not filter at all. + // 2. If not, in global evaluation with overlay, we filter to only + // include nodes from files in the overlay; flow from + // other nodes will be added back later. + // We start by seeing if we should be in case 1. if Config::observeDiffInformedIncrementalMode() - then AlertFiltering::filterByLocation(Config::getASelectedSourceLocation(source)) - else any() + then + // Case 1: We are meant to be diff-informed. + // We still only filter if we have diff information. + AlertFiltering::diffInformationAvailable() + implies + AlertFiltering::locationIsInDiff(Config::getASelectedSourceLocation(source)) + else nonDiffInformedFilter(source) } + overlay[global] pragma[nomagic] private predicate isFilteredSink(Node sink) { ( Config::isSink(sink, _) or Config::isSink(sink) ) and + // See the comments in `isFilteredSource` for the reasoning behind the following. if Config::observeDiffInformedIncrementalMode() - then AlertFiltering::filterByLocation(Config::getASelectedSinkLocation(sink)) - else any() + then + AlertFiltering::diffInformationAvailable() + implies + AlertFiltering::locationIsInDiff(Config::getASelectedSinkLocation(sink)) + else nonDiffInformedFilter(sink) } private predicate hasFilteredSource() { isFilteredSource(_) } diff --git a/shared/dataflow/qlpack.yml b/shared/dataflow/qlpack.yml index 3e46004181f..166ef444b22 100644 --- a/shared/dataflow/qlpack.yml +++ b/shared/dataflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/dataflow -version: 2.0.16 +version: 2.0.17-dev groups: shared library: true dependencies: diff --git a/shared/mad/qlpack.yml b/shared/mad/qlpack.yml index 1aaa401b750..d9767452c27 100644 --- a/shared/mad/qlpack.yml +++ b/shared/mad/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/mad -version: 1.0.32 +version: 1.0.33-dev groups: shared library: true dependencies: diff --git a/shared/quantum/codeql/quantum/experimental/Model.qll b/shared/quantum/codeql/quantum/experimental/Model.qll index d97b6af2b99..5ee0d1eb298 100644 --- a/shared/quantum/codeql/quantum/experimental/Model.qll +++ b/shared/quantum/codeql/quantum/experimental/Model.qll @@ -409,8 +409,6 @@ module CryptographyBase Input> { or exists(KeyDerivationOperationInstance op | inputNode = op.getInputConsumer()) or - exists(MacOperationInstance op | inputNode = op.getMessageConsumer()) - or exists(HashOperationInstance op | inputNode = op.getInputConsumer()) ) and this = Input::dfn_to_element(inputNode) @@ -545,8 +543,6 @@ module CryptographyBase Input> { or exists(KeyGenerationOperationInstance op | inputNode = op.getKeyValueConsumer()) or - exists(MacOperationInstance op | inputNode = op.getKeyConsumer()) - or exists(KeyAgreementSecretGenerationOperationInstance op | inputNode = op.getServerKeyConsumer() or inputNode = op.getPeerKeyConsumer() @@ -562,9 +558,10 @@ module CryptographyBase Input> { /** * A key-based cryptographic operation instance, encompassing: - * 1. **Ciphers**: Encryption and decryption, both symmetric and asymmetric - * 1. **Signing**: Signing and verifying, **NOT** including MACs (see `MACOperationInstance`) - * 1. **Key encapsulation**: Key wrapping and unwrapping + * - **Ciphers**: Encryption and decryption, both symmetric and asymmetric + * - **Signing**: Signing and verifying + * - **MACs**: Mac generation + * - **Key encapsulation**: Key wrapping and unwrapping * * This class represents a generic key operation that transforms input data * using a cryptographic key, producing an output artifact such as ciphertext, @@ -598,7 +595,8 @@ module CryptographyBase Input> { /** * Gets the consumer of the primary message input for this key operation. * For example: plaintext (for encryption), ciphertext (for decryption), - * message to be signed, or wrapped key to be unwrapped. + * a message to be signed or verified, the message on which a mac is generated, + * or a wrapped key to be unwrapped. */ abstract ConsumerInputDataFlowNode getInputConsumer(); @@ -614,25 +612,6 @@ module CryptographyBase Input> { abstract ArtifactOutputDataFlowNode getOutputArtifact(); } - /** - * A key operation instance representing a signature being generated or verified. - */ - abstract class SignatureOperationInstance extends KeyOperationInstance { - /** - * Gets the consumer of the signature that is being verified in case of a - * verification operation. - */ - abstract ConsumerInputDataFlowNode getSignatureConsumer(); - - /** - * Gets the consumer of a hash algorithm. - * This is intended for signature operations they are explicitly configured - * with a hash algorithm. If a signature is not configured with an explicit - * hash algorithm, users do not need to provide a consumer (set none()). - */ - abstract AlgorithmValueConsumer getHashAlgorithmValueConsumer(); - } - /** * A key-based algorithm instance used in cryptographic operations such as encryption, decryption, * signing, verification, and key wrapping. @@ -651,6 +630,7 @@ module CryptographyBase Input> { * - `TSymmetricCipher(OtherSymmetricCipherType())` * - `TAsymmetricCipher(OtherAsymmetricCipherType())` * - `TSignature(OtherSignatureAlgorithmType())` + * - `TMacAlgorithm(OtherMacAlgorithmType())` * - `TKeyEncapsulation(OtherKEMAlgorithmType())` * * If the category of algorithm is not known, the following type should be used: @@ -710,6 +690,41 @@ module CryptographyBase Input> { predicate shouldHavePaddingScheme() { any() } } + abstract class HmacAlgorithmInstance extends KeyOperationAlgorithmInstance { + HmacAlgorithmInstance() { this.getAlgorithmType() = KeyOpAlg::TMac(KeyOpAlg::HMAC()) } + + /** + * Gets the hash algorithm used by this HMAC algorithm. + */ + abstract AlgorithmValueConsumer getHashAlgorithmValueConsumer(); + + /** + * CMACs will have algorithms that have modes of operation but that + * is associated with the cipher algorithm, that is itself + * associated to the MAC algorithm. + */ + override predicate shouldHaveModeOfOperation() { none() } + + override ModeOfOperationAlgorithmInstance getModeOfOperationAlgorithm() { none() } + + /** + * CMACs may have padding but the padding is associated with the cipher algorithm, + * that is itself associated to the MAC algorithm. + */ + override predicate shouldHavePaddingScheme() { none() } + + override PaddingAlgorithmInstance getPaddingAlgorithm() { none() } + } + + abstract class CmacAlgorithmInstance extends KeyOperationAlgorithmInstance { + CmacAlgorithmInstance() { this.getAlgorithmType() = KeyOpAlg::TMac(KeyOpAlg::CMAC()) } + + /** + * Gets the cipher algorithm used by this CMAC algorithm. + */ + abstract AlgorithmValueConsumer getCipherAlgorithmValueConsumer(); + } + abstract class ModeOfOperationAlgorithmInstance extends AlgorithmInstance { /** * Gets the type of this mode of operation, e.g., "ECB" or "CBC". @@ -760,41 +775,48 @@ module CryptographyBase Input> { abstract HashAlgorithmInstance getMgf1HashAlgorithm(); } - abstract class MacAlgorithmInstance extends AlgorithmInstance { + /** + * A parent class for signature and MAC operations. + * Signatures and macs are the asymmetric and symmetric analogs of each other, + * and some APIs can reuse a single operation to do either signing on mac. + * Users should extend this class when an operation can be either a signature or a MAC, + * and where the instance is not obviously one or the other from use. + */ + abstract class SignatureOrMacOperationInstance extends KeyOperationInstance { /** - * Gets the type of this MAC algorithm, e.g., "HMAC" or "CMAC". - */ - abstract MacType getMacType(); - - /** - * Gets the isolated name as it appears in source, e.g., "HMAC-SHA256" in "HMAC-SHA256/UnrelatedInformation". - * - * This name should not be parsed or formatted beyond isolating the raw MAC name if necessary. - */ - abstract string getRawMacAlgorithmName(); - } - - abstract class MacOperationInstance extends OperationInstance { - /** - * Gets the message input used in this operation. - */ - abstract ConsumerInputDataFlowNode getMessageConsumer(); - - /** - * Gets the key used in this operation. - */ - abstract ConsumerInputDataFlowNode getKeyConsumer(); - } - - abstract class HmacAlgorithmInstance extends MacAlgorithmInstance { - HmacAlgorithmInstance() { this.getMacType() = HMAC() } - - /** - * Gets the hash algorithm used by this HMAC algorithm. + * Gets the consumer of a hash algorithm. + * This is intended for mac/signing operations they are explicitly configured + * with a hash algorithm. If the operation is not configured with an explicit + * hash algorithm, users do not need to provide a consumer (set none()). */ abstract AlgorithmValueConsumer getHashAlgorithmValueConsumer(); + + /** + * Holds if this operation has a hash algorithm consumer. + * I.e., holds if the operation is configured to perform a hash + * on a message before signing and algorithm is passed in. + * The hash algorithm consumer must be specified through + * `getHashAlgorithmValueConsumer()`. + */ + abstract predicate hasHashAlgorithmConsumer(); } + /** + * A key operation instance representing a signature being generated or verified. + * Note: These instances are known to always be signature operations. + * If an API allows an operation to be used for both MAC and signature, + * it should be modeled as a `SignatureOrMacOperationInstance` instead, + * even if all configuration paths to the current operation only configure it as a signature operation. + */ + abstract class SignatureOperationInstance extends SignatureOrMacOperationInstance { + /** + * Gets the consumer of the signature when this operation is a verification operation. + */ + abstract ConsumerInputDataFlowNode getSignatureConsumer(); + } + + abstract class MacOperationInstance extends SignatureOrMacOperationInstance { } + abstract class EllipticCurveInstance extends AlgorithmInstance { /** * Gets the isolated name as it appears in source @@ -1063,11 +1085,6 @@ module CryptographyBase Input> { exists(KeyOperationInstance op | op.getAnAlgorithmValueConsumer() = avc) } - private predicate isMacAvc(AlgorithmValueConsumer avc) { - exists(MacOperationInstance op | op.getAnAlgorithmValueConsumer() = avc) or - exists(Pbkdf2AlgorithmInstance alg | avc = alg.getHmacAlgorithmValueConsumer()) - } - private predicate isKeyDerivationAvc(AlgorithmValueConsumer avc) { exists(KeyDerivationOperationInstance op | op.getAnAlgorithmValueConsumer() = avc) } @@ -1091,9 +1108,6 @@ module CryptographyBase Input> { final private class HashAlgorithmInstanceOrValueConsumer = AlgorithmInstanceOrValueConsumer::Union; - final private class MacAlgorithmInstanceOrValueConsumer = - AlgorithmInstanceOrValueConsumer::Union; - final private class KeyDerivationAlgorithmInstanceOrValueConsumer = AlgorithmInstanceOrValueConsumer::Union; @@ -1128,13 +1142,11 @@ module CryptographyBase Input> { TPaddingAlgorithm(PaddingAlgorithmInstance e) or // All other operations THashOperation(HashOperationInstance e) or - TMacOperation(MacOperationInstance e) or TKeyAgreementOperation(KeyAgreementSecretGenerationOperationInstance e) or // All other algorithms TEllipticCurve(EllipticCurveInstanceOrValueConsumer e) or THashAlgorithm(HashAlgorithmInstanceOrValueConsumer e) or TKeyDerivationAlgorithm(KeyDerivationAlgorithmInstanceOrValueConsumer e) or - TMacAlgorithm(MacAlgorithmInstanceOrValueConsumer e) or TKeyAgreementAlgorithm(KeyAgreementAlgorithmInstanceOrValueConsumer e) or // Generic source nodes, i.e., sources of data that are not resolvable to a specific known asset. TGenericSourceNode(GenericSourceInstance e) { @@ -1582,57 +1594,36 @@ module CryptographyBase Input> { /** * A MAC operation that produces a MAC value. */ - final class MacOperationNode extends OperationNode, TMacOperation { - MacOperationInstance instance; - - MacOperationNode() { this = TMacOperation(instance) } + final class MacOperationNode extends SignatureOrMacOperationNode { + MacOperationNode() { + this.getKeyOperationSubtype() = TMacMode() and + // If the type could be a signature, then we will not consider it a mac operation exclusively. + not exists(KeyOperationSubtype t | t = this.getKeyOperationSubtype() and t = TSignMode()) + } final override string getInternalType() { result = "MACOperation" } override LocatableElement asElement() { result = instance } - override predicate isCandidateAlgorithmNode(AlgorithmNode node) { - node instanceof MacAlgorithmNode - } - MessageArtifactNode getAMessage() { - result.asElement() = instance.getMessageConsumer().getConsumer() + result.asElement() = instance.getInputConsumer().getConsumer() } - KeyArtifactNode getAKey() { result.asElement() = instance.getKeyConsumer().getConsumer() } - override NodeBase getChild(string edgeName) { result = super.getChild(edgeName) or // [KNOWN_OR_UNKNOWN] edgeName = "Message" and - if exists(this.getAMessage()) then result = this.getAMessage() else result = this - or - // [KNOWN_OR_UNKNOWN] - edgeName = "Key" and - if exists(this.getAKey()) then result = this.getAKey() else result = this + (if exists(this.getAMessage()) then result = this.getAMessage() else result = this) } } - /** - * A MAC algorithm, such as HMAC or CMAC. - */ - class MacAlgorithmNode extends AlgorithmNode, TMacAlgorithm { - MacAlgorithmInstanceOrValueConsumer instance; - - MacAlgorithmNode() { this = TMacAlgorithm(instance) } - - final override string getInternalType() { result = "MACAlgorithm" } - - override LocatableElement asElement() { result = instance } - - final override string getRawAlgorithmName() { - result = instance.asAlg().getRawMacAlgorithmName() + abstract class MacAlgorithmNode extends KeyOperationAlgorithmNode { + MacAlgorithmNode() { + instance.(KeyOperationAlgorithmInstance).getAlgorithmType() = KeyOpAlg::TMac(_) } - MacType getMacType() { result = instance.asAlg().getMacType() } - - override string getAlgorithmName() { result = this.getMacType().toString() } + override string getInternalType() { result = "MACAlgorithm" } } final class HmacAlgorithmNode extends MacAlgorithmNode { @@ -1640,7 +1631,9 @@ module CryptographyBase Input> { HmacAlgorithmNode() { hmacInstance = instance.asAlg() } - NodeBase getHashAlgorithmOrUnknown() { + override string getInternalType() { result = "HMACAlgorithm" } + + HashAlgorithmNode getHashAlgorithmOrUnknown() { result.asElement() = hmacInstance.getHashAlgorithmValueConsumer().getASource() } @@ -1655,6 +1648,7 @@ module CryptographyBase Input> { } } + // TODO: CMAC model class KeyAgreementOperationNode extends OperationNode, TKeyAgreementOperation { KeyAgreementSecretGenerationOperationInstance instance; @@ -1869,6 +1863,7 @@ module CryptographyBase Input> { TUnwrapMode() or TSignMode() or TVerifyMode() or + TMacMode() or TUnknownKeyOperationMode() /** @@ -1888,6 +1883,8 @@ module CryptographyBase Input> { or result = "Verify" and this = TVerifyMode() or + result = "Mac" and this = TMacMode() + or result = "Unknown" and this = TUnknownKeyOperationMode() } } @@ -1999,14 +1996,44 @@ module CryptographyBase Input> { override string getInternalType() { result = nodeName } } - class SignatureOperationNode extends KeyOperationNode { + class SignatureOrMacOperationNode extends KeyOperationNode { + override SignatureOrMacOperationInstance instance; + + SignatureOrMacOperationNode() { + this.getKeyOperationSubtype() = TSignMode() + or + this.getKeyOperationSubtype() = TVerifyMode() + or + this.getKeyOperationSubtype() = TMacMode() + } + + override string getInternalType() { result = "SignatureOrMACOperation" } + + HashAlgorithmNode getHashAlgorithm() { + result = instance.getHashAlgorithmValueConsumer().getAKnownSourceNode() + } + + override NodeBase getChild(string key) { + result = super.getChild(key) + or + // [KNOWN_OR_UNKNOWN] + key = "HashAlgorithm" and + (if exists(this.getHashAlgorithm()) then result = this.getHashAlgorithm() else result = this) + } + } + + class SignatureOperationNode extends SignatureOrMacOperationNode { override SignatureOperationInstance instance; string nodeName; SignatureOperationNode() { - this.getKeyOperationSubtype() = TSignMode() and nodeName = "SignOperation" - or - this.getKeyOperationSubtype() = TVerifyMode() and nodeName = "VerifyOperation" + ( + this.getKeyOperationSubtype() = TSignMode() and nodeName = "SignOperation" + or + this.getKeyOperationSubtype() = TVerifyMode() and nodeName = "VerifyOperation" + ) and + // If the type could be a mac, then we will not consider it a signature operation exclusively. + not exists(KeyOperationSubtype t | t = this.getKeyOperationSubtype() and t = TMacMode()) } override string getInternalType() { result = nodeName } @@ -2015,10 +2042,6 @@ module CryptographyBase Input> { result.asElement() = instance.getSignatureConsumer().getConsumer() } - HashAlgorithmNode getHashAlgorithm() { - result = instance.getHashAlgorithmValueConsumer().getAKnownSourceNode() - } - override NodeBase getChild(string key) { result = super.getChild(key) or diff --git a/shared/quantum/codeql/quantum/experimental/Standardization.qll b/shared/quantum/codeql/quantum/experimental/Standardization.qll index 29c5b58d343..c713865f9ac 100644 --- a/shared/quantum/codeql/quantum/experimental/Standardization.qll +++ b/shared/quantum/codeql/quantum/experimental/Standardization.qll @@ -14,8 +14,9 @@ module Types { TSymmetricCipher(TSymmetricCipherType t) or TAsymmetricCipher(TAsymmetricCipherType t) or TSignature(TSignatureAlgorithmType t) or + TMac(TMacAlgorithmType t) or TKeyEncapsulation(TKemAlgorithmType t) or - TUnknownKeyOperationAlgorithmType() + TOtherKeyOperationAlgorithmType() // Parameterized algorithm types newtype TSymmetricCipherType = @@ -48,6 +49,7 @@ module Types { DSA() or ECDSA() or EDDSA() or // e.g., ED25519 or ED448 + HSS_LMS() or // Leighton-Micali Signature OtherSignatureAlgorithmType() newtype TKemAlgorithmType = @@ -55,10 +57,15 @@ module Types { FRODO_KEM() or OtherKemAlgorithmType() + newtype TMacAlgorithmType = + HMAC() or + CMAC() or + OtherMacAlgorithmType() + newtype TCipherStructureType = Block() or Stream() or - UnknownCipherStructureType() + OtherCipherStructureType() class CipherStructureType extends TCipherStructureType { string toString() { @@ -66,7 +73,7 @@ module Types { or result = "Stream" and this = Stream() or - result = "Unknown" and this = UnknownCipherStructureType() + result = "Unknown" and this = OtherCipherStructureType() } } @@ -113,7 +120,7 @@ module Types { or type = OtherSymmetricCipherType() and name = "UnknownSymmetricCipher" and - s = UnknownCipherStructureType() + s = OtherCipherStructureType() } class AlgorithmType extends TAlgorithm { @@ -143,8 +150,15 @@ module Types { or this = TKeyEncapsulation(OtherKemAlgorithmType()) and result = "UnknownKEM" or + // MAC algorithms + this = TMac(HMAC()) and result = "HMAC" + or + this = TMac(CMAC()) and result = "CMAC" + or + this = TMac(OtherMacAlgorithmType()) and result = "UnknownMac" + or // Unknown - this = TUnknownKeyOperationAlgorithmType() and result = "Unknown" + this = TOtherKeyOperationAlgorithmType() and result = "Unknown" } int getImplicitKeySize() { @@ -305,21 +319,6 @@ module Types { } } - newtype TMacType = - HMAC() or - CMAC() or - OtherMacType() - - class MacType extends TMacType { - string toString() { - this = HMAC() and result = "HMAC" - or - this = CMAC() and result = "CMAC" - or - this = OtherMacType() and result = "UnknownMacType" - } - } - // Key agreement algorithms newtype TKeyAgreementType = DH() or // Diffie-Hellman diff --git a/shared/quantum/qlpack.yml b/shared/quantum/qlpack.yml index bf877f51d5f..7dfaa747962 100644 --- a/shared/quantum/qlpack.yml +++ b/shared/quantum/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/quantum -version: 0.0.10 +version: 0.0.11-dev groups: shared library: true dependencies: diff --git a/shared/rangeanalysis/qlpack.yml b/shared/rangeanalysis/qlpack.yml index 5e9de8ad513..85341d10420 100644 --- a/shared/rangeanalysis/qlpack.yml +++ b/shared/rangeanalysis/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rangeanalysis -version: 1.0.32 +version: 1.0.33-dev groups: shared library: true dependencies: diff --git a/shared/regex/qlpack.yml b/shared/regex/qlpack.yml index f69602228c9..72347bcd160 100644 --- a/shared/regex/qlpack.yml +++ b/shared/regex/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/regex -version: 1.0.32 +version: 1.0.33-dev groups: shared library: true dependencies: diff --git a/shared/ssa/qlpack.yml b/shared/ssa/qlpack.yml index bbccd5e094c..3c1f3fe0278 100644 --- a/shared/ssa/qlpack.yml +++ b/shared/ssa/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ssa -version: 2.0.8 +version: 2.0.9-dev groups: shared library: true dependencies: diff --git a/shared/threat-models/qlpack.yml b/shared/threat-models/qlpack.yml index 10ca1546f9f..e28c5f26dd8 100644 --- a/shared/threat-models/qlpack.yml +++ b/shared/threat-models/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/threat-models -version: 1.0.32 +version: 1.0.33-dev library: true groups: shared dataExtensions: diff --git a/shared/tree-sitter-extractor/Cargo.toml b/shared/tree-sitter-extractor/Cargo.toml index 8e60be7274f..d02f02fd588 100644 --- a/shared/tree-sitter-extractor/Cargo.toml +++ b/shared/tree-sitter-extractor/Cargo.toml @@ -12,7 +12,7 @@ tree-sitter = ">= 0.23.0" tracing = "0.1" tracing-subscriber = { version = "0.3.20", features = ["env-filter"] } rayon = "1.11.0" -regex = "1.11.2" +regex = "1.11.3" encoding = "0.2" lazy_static = "1.5.0" serde = { version = "1.0", features = ["derive"] } diff --git a/shared/tutorial/qlpack.yml b/shared/tutorial/qlpack.yml index ce733dcd8b2..33dc89bc60c 100644 --- a/shared/tutorial/qlpack.yml +++ b/shared/tutorial/qlpack.yml @@ -1,7 +1,7 @@ name: codeql/tutorial description: Library for the CodeQL detective tutorials, helping new users learn to write CodeQL queries. -version: 1.0.32 +version: 1.0.33-dev groups: shared library: true warnOnImplicitThis: true diff --git a/shared/typeflow/qlpack.yml b/shared/typeflow/qlpack.yml index d665055f125..5d257b81fc6 100644 --- a/shared/typeflow/qlpack.yml +++ b/shared/typeflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typeflow -version: 1.0.32 +version: 1.0.33-dev groups: shared library: true dependencies: diff --git a/shared/typeinference/qlpack.yml b/shared/typeinference/qlpack.yml index 8a7bfdca975..5d8f8a6011f 100644 --- a/shared/typeinference/qlpack.yml +++ b/shared/typeinference/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typeinference -version: 0.0.13 +version: 0.0.14-dev groups: shared library: true dependencies: diff --git a/shared/typetracking/qlpack.yml b/shared/typetracking/qlpack.yml index 4e24584b50e..6bc1e76cfb4 100644 --- a/shared/typetracking/qlpack.yml +++ b/shared/typetracking/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typetracking -version: 2.0.16 +version: 2.0.17-dev groups: shared library: true dependencies: diff --git a/shared/typos/qlpack.yml b/shared/typos/qlpack.yml index b13ab265b25..a045761cd92 100644 --- a/shared/typos/qlpack.yml +++ b/shared/typos/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typos -version: 1.0.32 +version: 1.0.33-dev groups: shared library: true warnOnImplicitThis: true diff --git a/shared/util/codeql/util/AlertFiltering.qll b/shared/util/codeql/util/AlertFiltering.qll index 1480421ae59..60597327c3b 100644 --- a/shared/util/codeql/util/AlertFiltering.qll +++ b/shared/util/codeql/util/AlertFiltering.qll @@ -82,6 +82,21 @@ module AlertFilteringImpl { ) } + /** Holds if diff information is available in this evaluation. */ + predicate diffInformationAvailable() { + restrictAlertsTo(_, _, _) or restrictAlertsToExactLocation(_, _, _, _, _) + } + + /** + * Holds if diff information is available, and `filePath` is in the diff + * range. + */ + predicate fileIsInDiff(string filePath) { + restrictAlertsTo(filePath, _, _) + or + restrictAlertsToExactLocation(filePath, _, _, _, _) + } + /** * Holds if the given location is a match for one of the active filtering * predicates in this module, or if all filtering predicates are inactive @@ -92,8 +107,17 @@ module AlertFilteringImpl { */ bindingset[location] predicate filterByLocation(Location location) { - not restrictAlertsTo(_, _, _) and not restrictAlertsToExactLocation(_, _, _, _, _) + not diffInformationAvailable() or + locationIsInDiff(location) + } + + /** + * Like `filterByLocation`, except that if there is no diff range, this + * predicate never holds. + */ + bindingset[location] + predicate locationIsInDiff(Location location) { exists(string filePath | restrictAlertsToEntireFile(filePath) and location.hasLocationInfo(filePath, _, _, _, _) diff --git a/shared/util/codeql/util/test/InlineExpectationsTest.qll b/shared/util/codeql/util/test/InlineExpectationsTest.qll index fbbad8f25b7..ccae8c1fc85 100644 --- a/shared/util/codeql/util/test/InlineExpectationsTest.qll +++ b/shared/util/codeql/util/test/InlineExpectationsTest.qll @@ -1,7 +1,8 @@ /** * Provides a library for writing QL tests whose success or failure is based on expected results * embedded in the test source code as comments, rather than the contents of an `.expected` file - * (in that the `.expected` file should always be empty). + * (in that the `.expected` file should always be empty, except when used via the post-processing + * query). * * To add this framework to a new language, add a new file * (usually called `InlineExpectationsTest.qll`) with: diff --git a/shared/util/qlpack.yml b/shared/util/qlpack.yml index 2352753b472..33bf4527cf0 100644 --- a/shared/util/qlpack.yml +++ b/shared/util/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/util -version: 2.0.19 +version: 2.0.20-dev groups: shared library: true dependencies: null diff --git a/shared/xml/qlpack.yml b/shared/xml/qlpack.yml index 680cc4751ef..62fcccb2453 100644 --- a/shared/xml/qlpack.yml +++ b/shared/xml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/xml -version: 1.0.32 +version: 1.0.33-dev groups: shared library: true dependencies: diff --git a/shared/yaml/qlpack.yml b/shared/yaml/qlpack.yml index 1c625bfdf4a..6c49b5f27ba 100644 --- a/shared/yaml/qlpack.yml +++ b/shared/yaml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/yaml -version: 1.0.32 +version: 1.0.33-dev groups: shared library: true warnOnImplicitThis: true diff --git a/swift/ql/lib/qlpack.yml b/swift/ql/lib/qlpack.yml index a05b05e1eea..4ad0623d0f3 100644 --- a/swift/ql/lib/qlpack.yml +++ b/swift/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-all -version: 5.0.8 +version: 5.0.9-dev groups: swift extractor: swift dbscheme: swift.dbscheme diff --git a/swift/ql/src/qlpack.yml b/swift/ql/src/qlpack.yml index 3dbc93c16d3..ea5431f192e 100644 --- a/swift/ql/src/qlpack.yml +++ b/swift/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-queries -version: 1.2.6 +version: 1.2.7-dev groups: - swift - queries