hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-11 20:51:06 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into couchdb

Browse Source
This commit is contained in:
Mauro Baluda
2026-01-13 21:50:44 +01:00
committed by GitHub
parent d335f039ef 6c4a0bb52b
commit 4b7662f652
295 changed files with 53927 additions and 52060 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
actions/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 0.4.25
No user-facing changes.
## 0.4.24
No user-facing changes.

3
actions/ql/lib/change-notes/released/0.4.25.md Normal file
View File

@@ -0,0 +1,3 @@
## 0.4.25
No user-facing changes.

2
actions/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.4.24
lastReleaseVersion: 0.4.25

2
actions/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/actions-all
version: 0.4.25-dev
version: 0.4.26-dev
library: true
warnOnImplicitThis: true
dependencies:

4
actions/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 0.6.17
No user-facing changes.
## 0.6.16
No user-facing changes.

3
actions/ql/src/change-notes/released/0.6.17.md Normal file
View File

@@ -0,0 +1,3 @@
## 0.6.17
No user-facing changes.

2
actions/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.6.16
lastReleaseVersion: 0.6.17

2
actions/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/actions-queries
version: 0.6.17-dev
version: 0.6.18-dev
library: false
warnOnImplicitThis: true
groups: [actions, queries]

4
cpp/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 6.1.4
No user-facing changes.
## 6.1.3
No user-facing changes.

3
cpp/ql/lib/change-notes/released/6.1.4.md Normal file
View File

@@ -0,0 +1,3 @@
## 6.1.4
No user-facing changes.

2
cpp/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 6.1.3
lastReleaseVersion: 6.1.4

2
cpp/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/cpp-all
version: 6.1.4-dev
version: 6.1.5-dev
groups: cpp
dbscheme: semmlecode.cpp.dbscheme
extractor: cpp

48
cpp/ql/lib/semmle/code/cpp/rangeanalysis/SimpleRangeAnalysis.qll
View File

@@ -1709,6 +1709,22 @@ predicate nonNanGuardedVariable(Expr guard, VariableAccess v, boolean branch) {
nanExcludingComparison(guard, branch)
}
/**
* Adjusts a lower bound to its meaning for integral types.
*
* Examples:
* `>= 3.0` becomes `3.0`
* ` > 3.0` becomes `4.0`
* `>= 3.5` becomes `4.0`
* ` > 3.5` becomes `4.0`
*/
bindingset[strictness, lb]
private float adjustLowerBoundIntegral(RelationStrictness strictness, float lb) {
if strictness = Nonstrict() and lb.floorFloat() = lb
then result = lb
else result = lb.floorFloat() + 1
}
/**
* If the guard is a comparison of the form `p*v + q <CMP> r`, then this
* predicate uses the bounds information for `r` to compute a lower bound
@@ -1720,15 +1736,29 @@ private predicate lowerBoundFromGuard(Expr guard, VariableAccess v, float lb, bo
|
if nonNanGuardedVariable(guard, v, branch)
then
if
strictness = Nonstrict() or
not getVariableRangeType(v.getTarget()) instanceof IntegralType
then lb = childLB
else lb = childLB + 1
if getVariableRangeType(v.getTarget()) instanceof IntegralType
then lb = adjustLowerBoundIntegral(strictness, childLB)
else lb = childLB
else lb = varMinVal(v.getTarget())
)
}
/**
* Adjusts an upper bound to its meaning for integral types.
*
* Examples:
* `<= 3.0` becomes `3.0`
* ` < 3.0` becomes `2.0`
* `<= 3.5` becomes `3.0`
* ` < 3.5` becomes `3.0`
*/
bindingset[strictness, ub]
private float adjustUpperBoundIntegral(RelationStrictness strictness, float ub) {
if strictness = Nonstrict() and ub.ceilFloat() = ub
then result = ub
else result = ub.ceilFloat() - 1
}
/**
* If the guard is a comparison of the form `p*v + q <CMP> r`, then this
* predicate uses the bounds information for `r` to compute a upper bound
@@ -1740,11 +1770,9 @@ private predicate upperBoundFromGuard(Expr guard, VariableAccess v, float ub, bo
|
if nonNanGuardedVariable(guard, v, branch)
then
if
strictness = Nonstrict() or
not getVariableRangeType(v.getTarget()) instanceof IntegralType
then ub = childUB
else ub = childUB - 1
if getVariableRangeType(v.getTarget()) instanceof IntegralType
then ub = adjustUpperBoundIntegral(strictness, childUB)
else ub = childUB
else ub = varMaxVal(v.getTarget())
)
}

4
cpp/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 1.5.8
No user-facing changes.
## 1.5.7
No user-facing changes.

3
cpp/ql/src/change-notes/released/1.5.8.md Normal file
View File

@@ -0,0 +1,3 @@
## 1.5.8
No user-facing changes.

2
cpp/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.5.7
lastReleaseVersion: 1.5.8

2
cpp/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/cpp-queries
version: 1.5.8-dev
version: 1.5.9-dev
groups:
- cpp
- queries

1285
cpp/ql/test/library-tests/rangeanalysis/SimpleRangeAnalysis/lowerBound.expected
View File

File diff suppressed because it is too large Load Diff

6900
cpp/ql/test/library-tests/rangeanalysis/SimpleRangeAnalysis/nrOfBounds.expected
View File

File diff suppressed because it is too large Load Diff

295
cpp/ql/test/library-tests/rangeanalysis/SimpleRangeAnalysis/ternaryLower.expected
View File

@@ -1,148 +1,153 @@
| test.c:154:10:154:40 | ... ? ... : ... | -1.0 | 1.0 | -1.0 |
| test.c:367:8:367:23 | ... ? ... : ... | 0.0 | 0.0 | 10.0 |
| test.c:368:8:368:24 | ... ? ... : ... | 0.0 | 10.0 | 0.0 |
| test.c:376:10:376:15 | ... ? ... : ... | 0.0 | 0.0 | 5.0 |
| test.c:377:10:377:17 | ... ? ... : ... | 0.0 | 0.0 | 500.0 |
| test.c:378:10:378:21 | ... ? ... : ... | 1.0 | 1.0 | 500.0 |
| test.c:379:10:379:36 | ... ? ... : ... | 0.0 | 1.0 | 5.0 |
| test.c:380:10:380:38 | ... ? ... : ... | 0.0 | 1.0 | 500.0 |
| test.c:381:10:381:39 | ... ? ... : ... | 1.0 | 1.0 | 500.0 |
| test.c:389:8:389:24 | ... ? ... : ... | 101.0 | 101.0 | 110.0 |
| test.c:390:8:390:25 | ... ? ... : ... | 101.0 | 110.0 | 101.0 |
| test.c:395:10:395:21 | ... ? ... : ... | 0.0 | 0.0 | 5.0 |
| test.c:396:10:396:21 | ... ? ... : ... | 100.0 | 100.0 | 5.0 |
| test.c:397:10:397:38 | ... ? ... : ... | 0.0 | 100.0 | 5.0 |
| test.c:404:14:404:108 | ... ? ... : ... | 0.14333887 | 0.14333887 | 0.40496805 |
| test.c:404:18:404:95 | ... ? ... : ... | 0.14333887 | 0.14333887 | 0.21540225 |
| test.c:404:22:404:82 | ... ? ... : ... | 0.14333887 | 0.14333887 | 0.39206458 |
| test.c:404:26:404:69 | ... ? ... : ... | 0.14333887 | 0.14333887 | 0.35279203 |
| test.c:404:30:404:56 | ... ? ... : ... | 0.14333887 | 0.47438827 | 0.14333887 |
| test.c:405:14:405:108 | ... ? ... : ... | 0.22247853 | 0.22247853 | 0.5297741 |
| test.c:405:18:405:95 | ... ? ... : ... | 0.22247853 | 0.22247853 | 0.59270465 |
| test.c:405:22:405:82 | ... ? ... : ... | 0.22247853 | 0.22247853 | 0.32661893 |
| test.c:405:26:405:69 | ... ? ... : ... | 0.22247853 | 0.34183348 | 0.22247853 |
| test.c:405:30:405:56 | ... ? ... : ... | 0.34183348 | 0.34183348 | 0.3533464 |
| test.c:406:14:406:108 | ... ? ... : ... | 0.05121256 | 0.05121256 | 0.67981451 |
| test.c:406:18:406:95 | ... ? ... : ... | 0.05121256 | 0.05121256 | 0.79310745 |
| test.c:406:22:406:82 | ... ? ... : ... | 0.05121256 | 0.31235514 | 0.05121256 |
| test.c:406:26:406:69 | ... ? ... : ... | 0.31235514 | 0.31478084 | 0.31235514 |
| test.c:406:30:406:56 | ... ? ... : ... | 0.31478084 | 0.77429603 | 0.31478084 |
| test.c:407:14:407:108 | ... ? ... : ... | 0.36976948 | 0.36976948 | 0.83866835 |
| test.c:407:18:407:95 | ... ? ... : ... | 0.36976948 | 0.44729556 | 0.36976948 |
| test.c:407:22:407:82 | ... ? ... : ... | 0.44729556 | 0.44729556 | 0.59952732 |
| test.c:407:26:407:69 | ... ? ... : ... | 0.44729556 | 0.44729556 | 0.98997262 |
| test.c:407:30:407:56 | ... ? ... : ... | 0.44729556 | 0.44729556 | 0.80599202 |
| test.c:408:14:408:108 | ... ? ... : ... | 0.10597712 | 0.10597712 | 0.68734874 |
| test.c:408:18:408:95 | ... ? ... : ... | 0.10597712 | 0.10597712 | 0.72485966 |
| test.c:408:22:408:82 | ... ? ... : ... | 0.10597712 | 0.10597712 | 0.21778426 |
| test.c:408:26:408:69 | ... ? ... : ... | 0.10597712 | 0.49311828 | 0.10597712 |
| test.c:408:30:408:56 | ... ? ... : ... | 0.49311828 | 0.49311828 | 0.90389911 |
| test.c:409:14:409:108 | ... ? ... : ... | 0.1078665 | 0.1078665 | 0.58440865 |
| test.c:409:18:409:95 | ... ? ... : ... | 0.1078665 | 0.1078665 | 0.34808892 |
| test.c:409:22:409:82 | ... ? ... : ... | 0.1078665 | 0.1078665 | 0.76164052 |
| test.c:409:26:409:69 | ... ? ... : ... | 0.1078665 | 0.1078665 | 0.11884576 |
| test.c:409:30:409:56 | ... ? ... : ... | 0.1078665 | 0.47452848 | 0.1078665 |
| test.c:410:14:410:108 | ... ? ... : ... | 0.02524326 | 0.02524326 | 0.36232384 |
| test.c:410:18:410:95 | ... ? ... : ... | 0.02524326 | 0.02524326 | 0.85235179 |
| test.c:410:22:410:82 | ... ? ... : ... | 0.02524326 | 0.02524326 | 0.12516558 |
| test.c:410:26:410:69 | ... ? ... : ... | 0.02524326 | 0.02524326 | 0.95823075 |
| test.c:410:30:410:56 | ... ? ... : ... | 0.02524326 | 0.02524326 | 0.82905046 |
| test.c:411:14:411:108 | ... ? ... : ... | 0.14963485 | 0.14963485 | 0.84331272 |
| test.c:411:18:411:95 | ... ? ... : ... | 0.14963485 | 0.14963485 | 0.48640909 |
| test.c:411:22:411:82 | ... ? ... : ... | 0.14963485 | 0.14963485 | 0.45041108 |
| test.c:411:26:411:69 | ... ? ... : ... | 0.14963485 | 0.32876044 | 0.14963485 |
| test.c:411:30:411:56 | ... ? ... : ... | 0.32876044 | 0.38708626 | 0.32876044 |
| test.c:412:14:412:108 | ... ? ... : ... | 0.05328182 | 0.14800508 | 0.05328182 |
| test.c:412:18:412:95 | ... ? ... : ... | 0.14800508 | 0.14800508 | 0.37428143 |
| test.c:412:22:412:82 | ... ? ... : ... | 0.14800508 | 0.15755063 | 0.14800508 |
| test.c:412:26:412:69 | ... ? ... : ... | 0.15755063 | 0.15755063 | 0.26428481 |
| test.c:412:30:412:56 | ... ? ... : ... | 0.15755063 | 0.15755063 | 0.77086833 |
| test.c:413:14:413:108 | ... ? ... : ... | 0.27643238 | 0.27643238 | 0.69072144 |
| test.c:413:18:413:95 | ... ? ... : ... | 0.27643238 | 0.27643238 | 0.39468857 |
| test.c:413:22:413:82 | ... ? ... : ... | 0.27643238 | 0.27643238 | 0.55679274 |
| test.c:413:26:413:69 | ... ? ... : ... | 0.27643238 | 0.41736536 | 0.27643238 |
| test.c:413:30:413:56 | ... ? ... : ... | 0.41736536 | 0.41736536 | 0.76826628 |
| test.c:414:14:414:108 | ... ? ... : ... | 0.2051911 | 0.2051911 | 0.81372798 |
| test.c:414:18:414:95 | ... ? ... : ... | 0.2051911 | 0.2051911 | 0.88745559 |
| test.c:414:22:414:82 | ... ? ... : ... | 0.2051911 | 0.29904824 | 0.2051911 |
| test.c:414:26:414:69 | ... ? ... : ... | 0.29904824 | 0.29904824 | 0.76242583 |
| test.c:414:30:414:56 | ... ? ... : ... | 0.29904824 | 0.88955345 | 0.29904824 |
| test.c:415:14:415:108 | ... ? ... : ... | 0.13204114 | 0.13204114 | 0.42762647 |
| test.c:415:18:415:95 | ... ? ... : ... | 0.13204114 | 0.13204114 | 0.52031241 |
| test.c:415:22:415:82 | ... ? ... : ... | 0.13204114 | 0.42186276 | 0.13204114 |
| test.c:415:26:415:69 | ... ? ... : ... | 0.42186276 | 0.42186276 | 0.44996679 |
| test.c:415:30:415:56 | ... ? ... : ... | 0.42186276 | 0.42186276 | 0.53843358 |
| test.c:457:4:631:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:457:5:459:49 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:460:6:542:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:461:8:479:41 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:464:10:468:21 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:464:31:464:79 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:466:13:468:21 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:473:12:478:23 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:474:12:474:60 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:476:15:478:23 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:480:6:499:23 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:483:8:487:19 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:483:29:483:77 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:485:11:487:19 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:488:6:488:54 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:492:10:496:21 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:492:31:492:79 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:494:13:496:21 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:497:9:499:23 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:501:10:520:43 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:504:12:509:23 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:505:12:505:60 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:507:15:509:23 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:514:14:519:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:515:14:515:62 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:517:17:519:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:521:9:542:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:524:14:529:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:525:14:525:62 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:527:17:529:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:530:12:530:60 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:534:12:539:23 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:535:12:535:60 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:537:15:539:23 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:540:11:542:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:543:9:545:51 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:546:9:631:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:547:14:566:47 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:550:16:555:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:551:16:551:64 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:553:19:555:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:560:18:565:29 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:561:18:561:66 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:563:21:565:29 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:567:12:588:29 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:570:14:575:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:571:14:571:62 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:573:17:575:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:576:12:576:60 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:580:16:585:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:581:16:581:64 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:583:19:585:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:586:15:588:29 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:590:12:609:45 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:593:14:598:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:594:14:594:62 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:596:17:598:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:603:16:608:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:604:16:604:64 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:606:19:608:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:610:11:631:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:613:16:618:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:614:16:614:64 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:616:19:618:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:619:14:619:62 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:623:14:628:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:624:14:624:62 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:626:17:628:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:629:13:631:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:657:20:657:36 | ... ? ... : ... | 0.0 | 0.0 | 100.0 |
| test.c:869:5:869:14 | ... ? ... : ... | 0.0 | 1.0 | 0.0 |
| test.c:870:5:870:14 | ... ? ... : ... | 0.0 | 0.0 | 1.0 |
| test.c:348:22:348:44 | ... ? ... : ... | 0.0 | 0.0 | 2.0 |
| test.c:349:20:349:43 | ... ? ... : ... | 0.0 | 0.0 | 2.0 |
| test.c:350:22:350:44 | ... ? ... : ... | 0.0 | 0.0 | 2.0 |
| test.c:351:22:351:44 | ... ? ... : ... | 0.0 | 0.0 | 2.0 |
| test.c:352:22:352:45 | ... ? ... : ... | 2.0 | 8.0 | 2.0 |
| test.c:378:8:378:23 | ... ? ... : ... | 0.0 | 0.0 | 10.0 |
| test.c:379:8:379:24 | ... ? ... : ... | 0.0 | 10.0 | 0.0 |
| test.c:387:10:387:15 | ... ? ... : ... | 0.0 | 0.0 | 5.0 |
| test.c:388:10:388:17 | ... ? ... : ... | 0.0 | 0.0 | 500.0 |
| test.c:389:10:389:21 | ... ? ... : ... | 1.0 | 1.0 | 500.0 |
| test.c:390:10:390:36 | ... ? ... : ... | 0.0 | 1.0 | 5.0 |
| test.c:391:10:391:38 | ... ? ... : ... | 0.0 | 1.0 | 500.0 |
| test.c:392:10:392:39 | ... ? ... : ... | 1.0 | 1.0 | 500.0 |
| test.c:400:8:400:24 | ... ? ... : ... | 101.0 | 101.0 | 110.0 |
| test.c:401:8:401:25 | ... ? ... : ... | 101.0 | 110.0 | 101.0 |
| test.c:406:10:406:21 | ... ? ... : ... | 0.0 | 0.0 | 5.0 |
| test.c:407:10:407:21 | ... ? ... : ... | 100.0 | 100.0 | 5.0 |
| test.c:408:10:408:38 | ... ? ... : ... | 0.0 | 100.0 | 5.0 |
| test.c:415:14:415:108 | ... ? ... : ... | 0.14333887 | 0.14333887 | 0.40496805 |
| test.c:415:18:415:95 | ... ? ... : ... | 0.14333887 | 0.14333887 | 0.21540225 |
| test.c:415:22:415:82 | ... ? ... : ... | 0.14333887 | 0.14333887 | 0.39206458 |
| test.c:415:26:415:69 | ... ? ... : ... | 0.14333887 | 0.14333887 | 0.35279203 |
| test.c:415:30:415:56 | ... ? ... : ... | 0.14333887 | 0.47438827 | 0.14333887 |
| test.c:416:14:416:108 | ... ? ... : ... | 0.22247853 | 0.22247853 | 0.5297741 |
| test.c:416:18:416:95 | ... ? ... : ... | 0.22247853 | 0.22247853 | 0.59270465 |
| test.c:416:22:416:82 | ... ? ... : ... | 0.22247853 | 0.22247853 | 0.32661893 |
| test.c:416:26:416:69 | ... ? ... : ... | 0.22247853 | 0.34183348 | 0.22247853 |
| test.c:416:30:416:56 | ... ? ... : ... | 0.34183348 | 0.34183348 | 0.3533464 |
| test.c:417:14:417:108 | ... ? ... : ... | 0.05121256 | 0.05121256 | 0.67981451 |
| test.c:417:18:417:95 | ... ? ... : ... | 0.05121256 | 0.05121256 | 0.79310745 |
| test.c:417:22:417:82 | ... ? ... : ... | 0.05121256 | 0.31235514 | 0.05121256 |
| test.c:417:26:417:69 | ... ? ... : ... | 0.31235514 | 0.31478084 | 0.31235514 |
| test.c:417:30:417:56 | ... ? ... : ... | 0.31478084 | 0.77429603 | 0.31478084 |
| test.c:418:14:418:108 | ... ? ... : ... | 0.36976948 | 0.36976948 | 0.83866835 |
| test.c:418:18:418:95 | ... ? ... : ... | 0.36976948 | 0.44729556 | 0.36976948 |
| test.c:418:22:418:82 | ... ? ... : ... | 0.44729556 | 0.44729556 | 0.59952732 |
| test.c:418:26:418:69 | ... ? ... : ... | 0.44729556 | 0.44729556 | 0.98997262 |
| test.c:418:30:418:56 | ... ? ... : ... | 0.44729556 | 0.44729556 | 0.80599202 |
| test.c:419:14:419:108 | ... ? ... : ... | 0.10597712 | 0.10597712 | 0.68734874 |
| test.c:419:18:419:95 | ... ? ... : ... | 0.10597712 | 0.10597712 | 0.72485966 |
| test.c:419:22:419:82 | ... ? ... : ... | 0.10597712 | 0.10597712 | 0.21778426 |
| test.c:419:26:419:69 | ... ? ... : ... | 0.10597712 | 0.49311828 | 0.10597712 |
| test.c:419:30:419:56 | ... ? ... : ... | 0.49311828 | 0.49311828 | 0.90389911 |
| test.c:420:14:420:108 | ... ? ... : ... | 0.1078665 | 0.1078665 | 0.58440865 |
| test.c:420:18:420:95 | ... ? ... : ... | 0.1078665 | 0.1078665 | 0.34808892 |
| test.c:420:22:420:82 | ... ? ... : ... | 0.1078665 | 0.1078665 | 0.76164052 |
| test.c:420:26:420:69 | ... ? ... : ... | 0.1078665 | 0.1078665 | 0.11884576 |
| test.c:420:30:420:56 | ... ? ... : ... | 0.1078665 | 0.47452848 | 0.1078665 |
| test.c:421:14:421:108 | ... ? ... : ... | 0.02524326 | 0.02524326 | 0.36232384 |
| test.c:421:18:421:95 | ... ? ... : ... | 0.02524326 | 0.02524326 | 0.85235179 |
| test.c:421:22:421:82 | ... ? ... : ... | 0.02524326 | 0.02524326 | 0.12516558 |
| test.c:421:26:421:69 | ... ? ... : ... | 0.02524326 | 0.02524326 | 0.95823075 |
| test.c:421:30:421:56 | ... ? ... : ... | 0.02524326 | 0.02524326 | 0.82905046 |
| test.c:422:14:422:108 | ... ? ... : ... | 0.14963485 | 0.14963485 | 0.84331272 |
| test.c:422:18:422:95 | ... ? ... : ... | 0.14963485 | 0.14963485 | 0.48640909 |
| test.c:422:22:422:82 | ... ? ... : ... | 0.14963485 | 0.14963485 | 0.45041108 |
| test.c:422:26:422:69 | ... ? ... : ... | 0.14963485 | 0.32876044 | 0.14963485 |
| test.c:422:30:422:56 | ... ? ... : ... | 0.32876044 | 0.38708626 | 0.32876044 |
| test.c:423:14:423:108 | ... ? ... : ... | 0.05328182 | 0.14800508 | 0.05328182 |
| test.c:423:18:423:95 | ... ? ... : ... | 0.14800508 | 0.14800508 | 0.37428143 |
| test.c:423:22:423:82 | ... ? ... : ... | 0.14800508 | 0.15755063 | 0.14800508 |
| test.c:423:26:423:69 | ... ? ... : ... | 0.15755063 | 0.15755063 | 0.26428481 |
| test.c:423:30:423:56 | ... ? ... : ... | 0.15755063 | 0.15755063 | 0.77086833 |
| test.c:424:14:424:108 | ... ? ... : ... | 0.27643238 | 0.27643238 | 0.69072144 |
| test.c:424:18:424:95 | ... ? ... : ... | 0.27643238 | 0.27643238 | 0.39468857 |
| test.c:424:22:424:82 | ... ? ... : ... | 0.27643238 | 0.27643238 | 0.55679274 |
| test.c:424:26:424:69 | ... ? ... : ... | 0.27643238 | 0.41736536 | 0.27643238 |
| test.c:424:30:424:56 | ... ? ... : ... | 0.41736536 | 0.41736536 | 0.76826628 |
| test.c:425:14:425:108 | ... ? ... : ... | 0.2051911 | 0.2051911 | 0.81372798 |
| test.c:425:18:425:95 | ... ? ... : ... | 0.2051911 | 0.2051911 | 0.88745559 |
| test.c:425:22:425:82 | ... ? ... : ... | 0.2051911 | 0.29904824 | 0.2051911 |
| test.c:425:26:425:69 | ... ? ... : ... | 0.29904824 | 0.29904824 | 0.76242583 |
| test.c:425:30:425:56 | ... ? ... : ... | 0.29904824 | 0.88955345 | 0.29904824 |
| test.c:426:14:426:108 | ... ? ... : ... | 0.13204114 | 0.13204114 | 0.42762647 |
| test.c:426:18:426:95 | ... ? ... : ... | 0.13204114 | 0.13204114 | 0.52031241 |
| test.c:426:22:426:82 | ... ? ... : ... | 0.13204114 | 0.42186276 | 0.13204114 |
| test.c:426:26:426:69 | ... ? ... : ... | 0.42186276 | 0.42186276 | 0.44996679 |
| test.c:426:30:426:56 | ... ? ... : ... | 0.42186276 | 0.42186276 | 0.53843358 |
| test.c:468:4:642:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:468:5:470:49 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:471:6:553:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:472:8:490:41 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:475:10:479:21 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:475:31:475:79 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:477:13:479:21 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:484:12:489:23 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:485:12:485:60 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:487:15:489:23 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:491:6:510:23 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:494:8:498:19 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:494:29:494:77 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:496:11:498:19 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:499:6:499:54 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:503:10:507:21 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:503:31:503:79 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:505:13:507:21 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:508:9:510:23 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:512:10:531:43 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:515:12:520:23 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:516:12:516:60 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:518:15:520:23 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:525:14:530:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:526:14:526:62 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:528:17:530:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:532:9:553:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:535:14:540:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:536:14:536:62 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:538:17:540:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:541:12:541:60 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:545:12:550:23 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:546:12:546:60 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:548:15:550:23 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:551:11:553:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:554:9:556:51 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:557:9:642:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:558:14:577:47 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:561:16:566:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:562:16:562:64 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:564:19:566:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:571:18:576:29 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:572:18:572:66 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:574:21:576:29 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:578:12:599:29 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:581:14:586:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:582:14:582:62 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:584:17:586:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:587:12:587:60 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:591:16:596:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:592:16:592:64 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:594:19:596:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:597:15:599:29 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:601:12:620:45 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:604:14:609:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:605:14:605:62 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:607:17:609:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:614:16:619:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:615:16:615:64 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:617:19:619:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:621:11:642:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:624:16:629:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:625:16:625:64 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:627:19:629:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:630:14:630:62 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:634:14:639:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:635:14:635:62 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:637:17:639:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:640:13:642:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:668:20:668:36 | ... ? ... : ... | 0.0 | 0.0 | 100.0 |
| test.c:880:5:880:14 | ... ? ... : ... | 0.0 | 1.0 | 0.0 |
| test.c:881:5:881:14 | ... ? ... : ... | 0.0 | 0.0 | 1.0 |
| test.cpp:121:3:121:12 | ... ? ... : ... | 0.0 | 1.0 | 0.0 |
| test.cpp:122:3:122:12 | ... ? ... : ... | 0.0 | 0.0 | 1.0 |

295
cpp/ql/test/library-tests/rangeanalysis/SimpleRangeAnalysis/ternaryUpper.expected
View File

@@ -1,148 +1,153 @@
| test.c:154:10:154:40 | ... ? ... : ... | 2.147483647E9 | 2.147483647E9 | -1.0 |
| test.c:367:8:367:23 | ... ? ... : ... | 99.0 | 99.0 | 10.0 |
| test.c:368:8:368:24 | ... ? ... : ... | 99.0 | 10.0 | 99.0 |
| test.c:376:10:376:15 | ... ? ... : ... | 299.0 | 299.0 | 5.0 |
| test.c:377:10:377:17 | ... ? ... : ... | 500.0 | 299.0 | 500.0 |
| test.c:378:10:378:21 | ... ? ... : ... | 300.0 | 300.0 | 500.0 |
| test.c:379:10:379:36 | ... ? ... : ... | 255.0 | 300.0 | 5.0 |
| test.c:380:10:380:38 | ... ? ... : ... | 500.0 | 300.0 | 500.0 |
| test.c:381:10:381:39 | ... ? ... : ... | 300.0 | 300.0 | 500.0 |
| test.c:389:8:389:24 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 110.0 |
| test.c:390:8:390:25 | ... ? ... : ... | 4.294967295E9 | 110.0 | 4.294967295E9 |
| test.c:395:10:395:21 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 5.0 |
| test.c:396:10:396:21 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 5.0 |
| test.c:397:10:397:38 | ... ? ... : ... | 255.0 | 4.294967295E9 | 5.0 |
| test.c:404:14:404:108 | ... ? ... : ... | 0.47438827 | 0.47438827 | 0.40496805 |
| test.c:404:18:404:95 | ... ? ... : ... | 0.47438827 | 0.47438827 | 0.21540225 |
| test.c:404:22:404:82 | ... ? ... : ... | 0.47438827 | 0.47438827 | 0.39206458 |
| test.c:404:26:404:69 | ... ? ... : ... | 0.47438827 | 0.47438827 | 0.35279203 |
| test.c:404:30:404:56 | ... ? ... : ... | 0.47438827 | 0.47438827 | 0.14333887 |
| test.c:405:14:405:108 | ... ? ... : ... | 0.59270465 | 0.59270465 | 0.5297741 |
| test.c:405:18:405:95 | ... ? ... : ... | 0.59270465 | 0.3533464 | 0.59270465 |
| test.c:405:22:405:82 | ... ? ... : ... | 0.3533464 | 0.3533464 | 0.32661893 |
| test.c:405:26:405:69 | ... ? ... : ... | 0.3533464 | 0.3533464 | 0.22247853 |
| test.c:405:30:405:56 | ... ? ... : ... | 0.3533464 | 0.34183348 | 0.3533464 |
| test.c:406:14:406:108 | ... ? ... : ... | 0.79310745 | 0.79310745 | 0.67981451 |
| test.c:406:18:406:95 | ... ? ... : ... | 0.79310745 | 0.77429603 | 0.79310745 |
| test.c:406:22:406:82 | ... ? ... : ... | 0.77429603 | 0.77429603 | 0.05121256 |
| test.c:406:26:406:69 | ... ? ... : ... | 0.77429603 | 0.77429603 | 0.31235514 |
| test.c:406:30:406:56 | ... ? ... : ... | 0.77429603 | 0.77429603 | 0.31478084 |
| test.c:407:14:407:108 | ... ? ... : ... | 0.98997262 | 0.98997262 | 0.83866835 |
| test.c:407:18:407:95 | ... ? ... : ... | 0.98997262 | 0.98997262 | 0.36976948 |
| test.c:407:22:407:82 | ... ? ... : ... | 0.98997262 | 0.98997262 | 0.59952732 |
| test.c:407:26:407:69 | ... ? ... : ... | 0.98997262 | 0.80599202 | 0.98997262 |
| test.c:407:30:407:56 | ... ? ... : ... | 0.80599202 | 0.44729556 | 0.80599202 |
| test.c:408:14:408:108 | ... ? ... : ... | 0.90389911 | 0.90389911 | 0.68734874 |
| test.c:408:18:408:95 | ... ? ... : ... | 0.90389911 | 0.90389911 | 0.72485966 |
| test.c:408:22:408:82 | ... ? ... : ... | 0.90389911 | 0.90389911 | 0.21778426 |
| test.c:408:26:408:69 | ... ? ... : ... | 0.90389911 | 0.90389911 | 0.10597712 |
| test.c:408:30:408:56 | ... ? ... : ... | 0.90389911 | 0.49311828 | 0.90389911 |
| test.c:409:14:409:108 | ... ? ... : ... | 0.76164052 | 0.76164052 | 0.58440865 |
| test.c:409:18:409:95 | ... ? ... : ... | 0.76164052 | 0.76164052 | 0.34808892 |
| test.c:409:22:409:82 | ... ? ... : ... | 0.76164052 | 0.47452848 | 0.76164052 |
| test.c:409:26:409:69 | ... ? ... : ... | 0.47452848 | 0.47452848 | 0.11884576 |
| test.c:409:30:409:56 | ... ? ... : ... | 0.47452848 | 0.47452848 | 0.1078665 |
| test.c:410:14:410:108 | ... ? ... : ... | 0.95823075 | 0.95823075 | 0.36232384 |
| test.c:410:18:410:95 | ... ? ... : ... | 0.95823075 | 0.95823075 | 0.85235179 |
| test.c:410:22:410:82 | ... ? ... : ... | 0.95823075 | 0.95823075 | 0.12516558 |
| test.c:410:26:410:69 | ... ? ... : ... | 0.95823075 | 0.82905046 | 0.95823075 |
| test.c:410:30:410:56 | ... ? ... : ... | 0.82905046 | 0.02524326 | 0.82905046 |
| test.c:411:14:411:108 | ... ? ... : ... | 0.84331272 | 0.48640909 | 0.84331272 |
| test.c:411:18:411:95 | ... ? ... : ... | 0.48640909 | 0.45041108 | 0.48640909 |
| test.c:411:22:411:82 | ... ? ... : ... | 0.45041108 | 0.38708626 | 0.45041108 |
| test.c:411:26:411:69 | ... ? ... : ... | 0.38708626 | 0.38708626 | 0.14963485 |
| test.c:411:30:411:56 | ... ? ... : ... | 0.38708626 | 0.38708626 | 0.32876044 |
| test.c:412:14:412:108 | ... ? ... : ... | 0.77086833 | 0.77086833 | 0.05328182 |
| test.c:412:18:412:95 | ... ? ... : ... | 0.77086833 | 0.77086833 | 0.37428143 |
| test.c:412:22:412:82 | ... ? ... : ... | 0.77086833 | 0.77086833 | 0.14800508 |
| test.c:412:26:412:69 | ... ? ... : ... | 0.77086833 | 0.77086833 | 0.26428481 |
| test.c:412:30:412:56 | ... ? ... : ... | 0.77086833 | 0.15755063 | 0.77086833 |
| test.c:413:14:413:108 | ... ? ... : ... | 0.76826628 | 0.76826628 | 0.69072144 |
| test.c:413:18:413:95 | ... ? ... : ... | 0.76826628 | 0.76826628 | 0.39468857 |
| test.c:413:22:413:82 | ... ? ... : ... | 0.76826628 | 0.76826628 | 0.55679274 |
| test.c:413:26:413:69 | ... ? ... : ... | 0.76826628 | 0.76826628 | 0.27643238 |
| test.c:413:30:413:56 | ... ? ... : ... | 0.76826628 | 0.41736536 | 0.76826628 |
| test.c:414:14:414:108 | ... ? ... : ... | 0.88955345 | 0.88955345 | 0.81372798 |
| test.c:414:18:414:95 | ... ? ... : ... | 0.88955345 | 0.88955345 | 0.88745559 |
| test.c:414:22:414:82 | ... ? ... : ... | 0.88955345 | 0.88955345 | 0.2051911 |
| test.c:414:26:414:69 | ... ? ... : ... | 0.88955345 | 0.88955345 | 0.76242583 |
| test.c:414:30:414:56 | ... ? ... : ... | 0.88955345 | 0.88955345 | 0.29904824 |
| test.c:415:14:415:108 | ... ? ... : ... | 0.53843358 | 0.53843358 | 0.42762647 |
| test.c:415:18:415:95 | ... ? ... : ... | 0.53843358 | 0.53843358 | 0.52031241 |
| test.c:415:22:415:82 | ... ? ... : ... | 0.53843358 | 0.53843358 | 0.13204114 |
| test.c:415:26:415:69 | ... ? ... : ... | 0.53843358 | 0.53843358 | 0.44996679 |
| test.c:415:30:415:56 | ... ? ... : ... | 0.53843358 | 0.42186276 | 0.53843358 |
| test.c:457:4:631:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:457:5:459:49 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:460:6:542:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:461:8:479:41 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:464:10:468:21 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:464:31:464:79 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:466:13:468:21 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:473:12:478:23 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:474:12:474:60 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:476:15:478:23 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:480:6:499:23 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:483:8:487:19 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:483:29:483:77 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:485:11:487:19 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:488:6:488:54 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:492:10:496:21 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:492:31:492:79 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:494:13:496:21 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:497:9:499:23 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:501:10:520:43 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:504:12:509:23 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:505:12:505:60 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:507:15:509:23 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:514:14:519:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:515:14:515:62 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:517:17:519:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:521:9:542:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:524:14:529:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:525:14:525:62 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:527:17:529:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:530:12:530:60 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:534:12:539:23 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:535:12:535:60 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:537:15:539:23 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:540:11:542:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:543:9:545:51 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:546:9:631:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:547:14:566:47 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:550:16:555:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:551:16:551:64 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:553:19:555:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:560:18:565:29 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:561:18:561:66 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:563:21:565:29 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:567:12:588:29 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:570:14:575:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:571:14:571:62 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:573:17:575:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:576:12:576:60 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:580:16:585:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:581:16:581:64 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:583:19:585:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:586:15:588:29 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:590:12:609:45 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:593:14:598:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:594:14:594:62 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:596:17:598:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:603:16:608:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:604:16:604:64 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:606:19:608:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:610:11:631:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:613:16:618:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:614:16:614:64 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:616:19:618:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:619:14:619:62 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:623:14:628:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:624:14:624:62 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:626:17:628:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:629:13:631:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:657:20:657:36 | ... ? ... : ... | 100.0 | 99.0 | 100.0 |
| test.c:869:5:869:14 | ... ? ... : ... | 32767.0 | 32767.0 | 0.0 |
| test.c:870:5:870:14 | ... ? ... : ... | 32767.0 | 0.0 | 32767.0 |
| test.c:348:22:348:44 | ... ? ... : ... | 2.147483647E9 | 2.147483647E9 | 2.0 |
| test.c:349:20:349:43 | ... ? ... : ... | 2.147483647E9 | 2.147483647E9 | 2.0 |
| test.c:350:22:350:44 | ... ? ... : ... | 1.431655764E9 | 1.431655764E9 | 2.0 |
| test.c:351:22:351:44 | ... ? ... : ... | 2.147483647E9 | 2.147483647E9 | 2.0 |
| test.c:352:22:352:45 | ... ? ... : ... | 2.147483647E9 | 2.147483647E9 | 2.0 |
| test.c:378:8:378:23 | ... ? ... : ... | 99.0 | 99.0 | 10.0 |
| test.c:379:8:379:24 | ... ? ... : ... | 99.0 | 10.0 | 99.0 |
| test.c:387:10:387:15 | ... ? ... : ... | 299.0 | 299.0 | 5.0 |
| test.c:388:10:388:17 | ... ? ... : ... | 500.0 | 299.0 | 500.0 |
| test.c:389:10:389:21 | ... ? ... : ... | 300.0 | 300.0 | 500.0 |
| test.c:390:10:390:36 | ... ? ... : ... | 255.0 | 300.0 | 5.0 |
| test.c:391:10:391:38 | ... ? ... : ... | 500.0 | 300.0 | 500.0 |
| test.c:392:10:392:39 | ... ? ... : ... | 300.0 | 300.0 | 500.0 |
| test.c:400:8:400:24 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 110.0 |
| test.c:401:8:401:25 | ... ? ... : ... | 4.294967295E9 | 110.0 | 4.294967295E9 |
| test.c:406:10:406:21 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 5.0 |
| test.c:407:10:407:21 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 5.0 |
| test.c:408:10:408:38 | ... ? ... : ... | 255.0 | 4.294967295E9 | 5.0 |
| test.c:415:14:415:108 | ... ? ... : ... | 0.47438827 | 0.47438827 | 0.40496805 |
| test.c:415:18:415:95 | ... ? ... : ... | 0.47438827 | 0.47438827 | 0.21540225 |
| test.c:415:22:415:82 | ... ? ... : ... | 0.47438827 | 0.47438827 | 0.39206458 |
| test.c:415:26:415:69 | ... ? ... : ... | 0.47438827 | 0.47438827 | 0.35279203 |
| test.c:415:30:415:56 | ... ? ... : ... | 0.47438827 | 0.47438827 | 0.14333887 |
| test.c:416:14:416:108 | ... ? ... : ... | 0.59270465 | 0.59270465 | 0.5297741 |
| test.c:416:18:416:95 | ... ? ... : ... | 0.59270465 | 0.3533464 | 0.59270465 |
| test.c:416:22:416:82 | ... ? ... : ... | 0.3533464 | 0.3533464 | 0.32661893 |
| test.c:416:26:416:69 | ... ? ... : ... | 0.3533464 | 0.3533464 | 0.22247853 |
| test.c:416:30:416:56 | ... ? ... : ... | 0.3533464 | 0.34183348 | 0.3533464 |
| test.c:417:14:417:108 | ... ? ... : ... | 0.79310745 | 0.79310745 | 0.67981451 |
| test.c:417:18:417:95 | ... ? ... : ... | 0.79310745 | 0.77429603 | 0.79310745 |
| test.c:417:22:417:82 | ... ? ... : ... | 0.77429603 | 0.77429603 | 0.05121256 |
| test.c:417:26:417:69 | ... ? ... : ... | 0.77429603 | 0.77429603 | 0.31235514 |
| test.c:417:30:417:56 | ... ? ... : ... | 0.77429603 | 0.77429603 | 0.31478084 |
| test.c:418:14:418:108 | ... ? ... : ... | 0.98997262 | 0.98997262 | 0.83866835 |
| test.c:418:18:418:95 | ... ? ... : ... | 0.98997262 | 0.98997262 | 0.36976948 |
| test.c:418:22:418:82 | ... ? ... : ... | 0.98997262 | 0.98997262 | 0.59952732 |
| test.c:418:26:418:69 | ... ? ... : ... | 0.98997262 | 0.80599202 | 0.98997262 |
| test.c:418:30:418:56 | ... ? ... : ... | 0.80599202 | 0.44729556 | 0.80599202 |
| test.c:419:14:419:108 | ... ? ... : ... | 0.90389911 | 0.90389911 | 0.68734874 |
| test.c:419:18:419:95 | ... ? ... : ... | 0.90389911 | 0.90389911 | 0.72485966 |
| test.c:419:22:419:82 | ... ? ... : ... | 0.90389911 | 0.90389911 | 0.21778426 |
| test.c:419:26:419:69 | ... ? ... : ... | 0.90389911 | 0.90389911 | 0.10597712 |
| test.c:419:30:419:56 | ... ? ... : ... | 0.90389911 | 0.49311828 | 0.90389911 |
| test.c:420:14:420:108 | ... ? ... : ... | 0.76164052 | 0.76164052 | 0.58440865 |
| test.c:420:18:420:95 | ... ? ... : ... | 0.76164052 | 0.76164052 | 0.34808892 |
| test.c:420:22:420:82 | ... ? ... : ... | 0.76164052 | 0.47452848 | 0.76164052 |
| test.c:420:26:420:69 | ... ? ... : ... | 0.47452848 | 0.47452848 | 0.11884576 |
| test.c:420:30:420:56 | ... ? ... : ... | 0.47452848 | 0.47452848 | 0.1078665 |
| test.c:421:14:421:108 | ... ? ... : ... | 0.95823075 | 0.95823075 | 0.36232384 |
| test.c:421:18:421:95 | ... ? ... : ... | 0.95823075 | 0.95823075 | 0.85235179 |
| test.c:421:22:421:82 | ... ? ... : ... | 0.95823075 | 0.95823075 | 0.12516558 |
| test.c:421:26:421:69 | ... ? ... : ... | 0.95823075 | 0.82905046 | 0.95823075 |
| test.c:421:30:421:56 | ... ? ... : ... | 0.82905046 | 0.02524326 | 0.82905046 |
| test.c:422:14:422:108 | ... ? ... : ... | 0.84331272 | 0.48640909 | 0.84331272 |
| test.c:422:18:422:95 | ... ? ... : ... | 0.48640909 | 0.45041108 | 0.48640909 |
| test.c:422:22:422:82 | ... ? ... : ... | 0.45041108 | 0.38708626 | 0.45041108 |
| test.c:422:26:422:69 | ... ? ... : ... | 0.38708626 | 0.38708626 | 0.14963485 |
| test.c:422:30:422:56 | ... ? ... : ... | 0.38708626 | 0.38708626 | 0.32876044 |
| test.c:423:14:423:108 | ... ? ... : ... | 0.77086833 | 0.77086833 | 0.05328182 |
| test.c:423:18:423:95 | ... ? ... : ... | 0.77086833 | 0.77086833 | 0.37428143 |
| test.c:423:22:423:82 | ... ? ... : ... | 0.77086833 | 0.77086833 | 0.14800508 |
| test.c:423:26:423:69 | ... ? ... : ... | 0.77086833 | 0.77086833 | 0.26428481 |
| test.c:423:30:423:56 | ... ? ... : ... | 0.77086833 | 0.15755063 | 0.77086833 |
| test.c:424:14:424:108 | ... ? ... : ... | 0.76826628 | 0.76826628 | 0.69072144 |
| test.c:424:18:424:95 | ... ? ... : ... | 0.76826628 | 0.76826628 | 0.39468857 |
| test.c:424:22:424:82 | ... ? ... : ... | 0.76826628 | 0.76826628 | 0.55679274 |
| test.c:424:26:424:69 | ... ? ... : ... | 0.76826628 | 0.76826628 | 0.27643238 |
| test.c:424:30:424:56 | ... ? ... : ... | 0.76826628 | 0.41736536 | 0.76826628 |
| test.c:425:14:425:108 | ... ? ... : ... | 0.88955345 | 0.88955345 | 0.81372798 |
| test.c:425:18:425:95 | ... ? ... : ... | 0.88955345 | 0.88955345 | 0.88745559 |
| test.c:425:22:425:82 | ... ? ... : ... | 0.88955345 | 0.88955345 | 0.2051911 |
| test.c:425:26:425:69 | ... ? ... : ... | 0.88955345 | 0.88955345 | 0.76242583 |
| test.c:425:30:425:56 | ... ? ... : ... | 0.88955345 | 0.88955345 | 0.29904824 |
| test.c:426:14:426:108 | ... ? ... : ... | 0.53843358 | 0.53843358 | 0.42762647 |
| test.c:426:18:426:95 | ... ? ... : ... | 0.53843358 | 0.53843358 | 0.52031241 |
| test.c:426:22:426:82 | ... ? ... : ... | 0.53843358 | 0.53843358 | 0.13204114 |
| test.c:426:26:426:69 | ... ? ... : ... | 0.53843358 | 0.53843358 | 0.44996679 |
| test.c:426:30:426:56 | ... ? ... : ... | 0.53843358 | 0.42186276 | 0.53843358 |
| test.c:468:4:642:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:468:5:470:49 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:471:6:553:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:472:8:490:41 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:475:10:479:21 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:475:31:475:79 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:477:13:479:21 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:484:12:489:23 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:485:12:485:60 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:487:15:489:23 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:491:6:510:23 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:494:8:498:19 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:494:29:494:77 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:496:11:498:19 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:499:6:499:54 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:503:10:507:21 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:503:31:503:79 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:505:13:507:21 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:508:9:510:23 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:512:10:531:43 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:515:12:520:23 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:516:12:516:60 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:518:15:520:23 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:525:14:530:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:526:14:526:62 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:528:17:530:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:532:9:553:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:535:14:540:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:536:14:536:62 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:538:17:540:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:541:12:541:60 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:545:12:550:23 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:546:12:546:60 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:548:15:550:23 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:551:11:553:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:554:9:556:51 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:557:9:642:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:558:14:577:47 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:561:16:566:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:562:16:562:64 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:564:19:566:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:571:18:576:29 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:572:18:572:66 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:574:21:576:29 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:578:12:599:29 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:581:14:586:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:582:14:582:62 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:584:17:586:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:587:12:587:60 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:591:16:596:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:592:16:592:64 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:594:19:596:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:597:15:599:29 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:601:12:620:45 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:604:14:609:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:605:14:605:62 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:607:17:609:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:614:16:619:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:615:16:615:64 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:617:19:619:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:621:11:642:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:624:16:629:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:625:16:625:64 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:627:19:629:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:630:14:630:62 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:634:14:639:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:635:14:635:62 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:637:17:639:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:640:13:642:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:668:20:668:36 | ... ? ... : ... | 100.0 | 99.0 | 100.0 |
| test.c:880:5:880:14 | ... ? ... : ... | 32767.0 | 32767.0 | 0.0 |
| test.c:881:5:881:14 | ... ? ... : ... | 32767.0 | 0.0 | 32767.0 |
| test.cpp:121:3:121:12 | ... ? ... : ... | 32767.0 | 32767.0 | 0.0 |
| test.cpp:122:3:122:12 | ... ? ... : ... | 32767.0 | 0.0 | 32767.0 |

11
cpp/ql/test/library-tests/rangeanalysis/SimpleRangeAnalysis/test.c
View File

@@ -343,6 +343,17 @@ unsigned long long test_shift(unsigned long long a) {
return shifted;
}
// Tests for bounds on integers derived from inequalities.
unsigned int test_inequality_integer(unsigned int e) {
unsigned int bi1 = (2 * e + 1) > 0 ? e : 2;
signed int bi2 = (2 * e + 1) >= 0 ? e : 2;
unsigned int bi3 = (3 * e + 2) > 0 ? e : 2;
unsigned int bi4 = (2 * e + 1) > 0 ? e : 2;
unsigned int bi5 = (2 * e + 1) > 16 ? e : 2;
return bi1 + bi2 + bi3 + bi4 + bi5;
}
int test16(int x) {
int d, i = 0;
if (x < 0) {

1283
cpp/ql/test/library-tests/rangeanalysis/SimpleRangeAnalysis/upperBound.expected
View File

File diff suppressed because it is too large Load Diff

4
csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 1.7.56
No user-facing changes.
## 1.7.55
No user-facing changes.

3
csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.56.md Normal file
View File

@@ -0,0 +1,3 @@
## 1.7.56
No user-facing changes.

2
csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.7.55
lastReleaseVersion: 1.7.56

2
csharp/ql/campaigns/Solorigate/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/csharp-solorigate-all
version: 1.7.56-dev
version: 1.7.57-dev
groups:
- csharp
- solorigate

4
csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 1.7.56
No user-facing changes.
## 1.7.55
No user-facing changes.

3
csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.56.md Normal file
View File

@@ -0,0 +1,3 @@
## 1.7.56
No user-facing changes.

2
csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.7.55
lastReleaseVersion: 1.7.56

2
csharp/ql/campaigns/Solorigate/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/csharp-solorigate-queries
version: 1.7.56-dev
version: 1.7.57-dev
groups:
- csharp
- solorigate

4
csharp/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 5.4.4
No user-facing changes.
## 5.4.3
No user-facing changes.

3
csharp/ql/lib/change-notes/released/5.4.4.md Normal file
View File

@@ -0,0 +1,3 @@
## 5.4.4
No user-facing changes.

2
csharp/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 5.4.3
lastReleaseVersion: 5.4.4

6
csharp/ql/lib/ext/System.Web.model.yml
View File

@@ -1,4 +1,10 @@
extensions:
- addsTo:
pack: codeql/csharp-all
extensible: barrierModel
data:
# The RawUrl property is considered to be safe for URL redirects
- ["System.Web", "HttpRequest", False, "get_RawUrl", "()", "", "ReturnValue", "url-redirection", "manual"]
- addsTo:
pack: codeql/csharp-all
extensible: sinkModel

5
csharp/ql/lib/ext/System.model.yml
View File

@@ -11,6 +11,11 @@ extensions:
- ["System", "Environment", False, "get_CommandLine", "()", "", "ReturnValue", "commandargs", "manual"]
- ["System", "Environment", False, "GetEnvironmentVariable", "", "", "ReturnValue", "environment", "manual"]
- ["System", "Environment", False, "GetEnvironmentVariables", "", "", "ReturnValue", "environment", "manual"]
- addsTo:
pack: codeql/csharp-all
extensible: barrierGuardModel
data:
- ["System", "Uri", False, "get_IsAbsoluteUri", "()", "", "Argument[this]", "false", "url-redirection", "manual"]
- addsTo:
pack: codeql/csharp-all
extensible: summaryModel

2
csharp/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/csharp-all
version: 5.4.4-dev
version: 5.4.5-dev
groups: csharp
dbscheme: semmlecode.csharp.dbscheme
extractor: csharp

36
csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPublic.qll
View File

@@ -197,6 +197,42 @@ module BarrierGuard<guardChecksSig/3 guardChecks> {
}
}
bindingset[this]
private signature class ParamSig;
private module WithParam<ParamSig P> {
/**
* Holds if the guard `g` validates the expression `e` upon evaluating to `gv`.
*
* The expression `e` is expected to be a syntactic part of the guard `g`.
* For example, the guard `g` might be a call `isSafe(x)` and the expression `e`
* the argument `x`.
*/
signature predicate guardChecksSig(Guard g, Expr e, GuardValue gv, P param);
}
/**
* Provides a set of barrier nodes for a guard that validates an expression.
*
* This is expected to be used in `isBarrier`/`isSanitizer` definitions
* in data flow and taint tracking.
*/
module ParameterizedBarrierGuard<ParamSig P, WithParam<P>::guardChecksSig/4 guardChecks> {
private import SsaImpl as SsaImpl
/** Gets a node that is safely guarded by the given guard check. */
pragma[nomagic]
Node getABarrierNode(P param) {
SsaFlow::asNode(result) =
SsaImpl::DataFlowIntegration::ParameterizedBarrierGuard<P, guardChecks/4>::getABarrierNode(param)
or
exists(Guard g, Expr e, GuardValue v |
guardChecks(g, e, v, param) and
g.controlsNode(result.getControlFlowNode(), e, v)
)
}
}
/**
* A reference contained in an object. This is either a field, a property,
* or an element in a collection.

92
csharp/ql/lib/semmle/code/csharp/dataflow/internal/ExternalFlow.qll
View File

@@ -97,6 +97,7 @@ private import FlowSummaryImpl::Public
private import FlowSummaryImpl::Private
private import FlowSummaryImpl::Private::External
private import semmle.code.csharp.commons.QualifiedName
private import semmle.code.csharp.controlflow.Guards
private import semmle.code.csharp.dispatch.OverridableCallable
private import semmle.code.csharp.frameworks.System
private import codeql.dataflow.internal.AccessPathSyntax as AccessPathSyntax
@@ -115,7 +116,9 @@ module ModelValidation {
summaryModel(_, _, _, _, _, _, path, _, _, _, _) or
summaryModel(_, _, _, _, _, _, _, path, _, _, _) or
sinkModel(_, _, _, _, _, _, path, _, _, _) or
sourceModel(_, _, _, _, _, _, path, _, _, _)
sourceModel(_, _, _, _, _, _, path, _, _, _) or
barrierModel(_, _, _, _, _, _, path, _, _, _) or
barrierGuardModel(_, _, _, _, _, _, path, _, _, _, _)
}
private module MkAccessPath = AccessPathSyntax::AccessPath<getRelevantAccessPath/1>;
@@ -128,6 +131,8 @@ module ModelValidation {
exists(string pred, AccessPath input, AccessPathToken part |
sinkModel(_, _, _, _, _, _, input, _, _, _) and pred = "sink"
or
barrierGuardModel(_, _, _, _, _, _, input, _, _, _, _) and pred = "barrier guard"
or
summaryModel(_, _, _, _, _, _, input, _, _, _, _) and pred = "summary"
|
(
@@ -150,6 +155,8 @@ module ModelValidation {
exists(string pred, AccessPath output, AccessPathToken part |
sourceModel(_, _, _, _, _, _, output, _, _, _) and pred = "source"
or
barrierModel(_, _, _, _, _, _, output, _, _, _) and pred = "barrier"
or
summaryModel(_, _, _, _, _, _, _, output, _, _, _) and pred = "summary"
|
(
@@ -167,7 +174,13 @@ module ModelValidation {
private module KindValConfig implements SharedModelVal::KindValidationConfigSig {
predicate summaryKind(string kind) { summaryModel(_, _, _, _, _, _, _, _, kind, _, _) }
predicate sinkKind(string kind) { sinkModel(_, _, _, _, _, _, _, kind, _, _) }
predicate sinkKind(string kind) {
sinkModel(_, _, _, _, _, _, _, kind, _, _)
or
barrierModel(_, _, _, _, _, _, _, kind, _, _)
or
barrierGuardModel(_, _, _, _, _, _, _, _, kind, _, _)
}
predicate sourceKind(string kind) { sourceModel(_, _, _, _, _, _, _, kind, _, _) }
@@ -185,6 +198,12 @@ module ModelValidation {
or
sinkModel(namespace, type, _, name, signature, ext, _, _, provenance, _) and pred = "sink"
or
barrierModel(namespace, type, _, name, signature, ext, _, _, provenance, _) and
pred = "barrier"
or
barrierGuardModel(namespace, type, _, name, signature, ext, _, _, _, provenance, _) and
pred = "barrier guard"
or
summaryModel(namespace, type, _, name, signature, ext, _, _, _, provenance, _) and
pred = "summary"
or
@@ -210,6 +229,14 @@ module ModelValidation {
invalidProvenance(provenance) and
result = "Unrecognized provenance description \"" + provenance + "\" in " + pred + " model."
)
or
exists(string acceptingvalue |
barrierGuardModel(_, _, _, _, _, _, _, acceptingvalue, _, _, _) and
invalidAcceptingValue(acceptingvalue) and
result =
"Unrecognized accepting value description \"" + acceptingvalue +
"\" in barrier guard model."
)
}
/** Holds if some row in a MaD flow model appears to contain typos. */
@@ -229,6 +256,10 @@ private predicate elementSpec(
or
sinkModel(namespace, type, subtypes, name, signature, ext, _, _, _, _)
or
barrierModel(namespace, type, subtypes, name, signature, ext, _, _, _, _)
or
barrierGuardModel(namespace, type, subtypes, name, signature, ext, _, _, _, _, _)
or
summaryModel(namespace, type, subtypes, name, signature, ext, _, _, _, _, _)
or
Extensions::neutralModel(namespace, type, name, signature, _, _) and ext = "" and subtypes = true
@@ -372,7 +403,9 @@ Declaration interpretElement(
private predicate relevantExt(string ext) {
summaryModel(_, _, _, _, _, ext, _, _, _, _, _) or
sourceModel(_, _, _, _, _, ext, _, _, _, _) or
sinkModel(_, _, _, _, _, ext, _, _, _, _)
sinkModel(_, _, _, _, _, ext, _, _, _, _) or
barrierModel(_, _, _, _, _, ext, _, _, _, _) or
barrierGuardModel(_, _, _, _, _, ext, _, _, _, _, _)
}
private class ExtPath = AccessPathSyntax::AccessPath<relevantExt/1>::AccessPath;
@@ -411,6 +444,53 @@ private module Cached {
isSinkNode(n, kind, model) and n.asNode() = node
)
}
private newtype TKindModelPair =
TMkPair(string kind, string model) { isBarrierGuardNode(_, _, kind, model) }
private GuardValue convertAcceptingValue(AcceptingValue av) {
av.isTrue() and result.asBooleanValue() = true
or
av.isFalse() and result.asBooleanValue() = false
or
av.isNoException() and result.getDualValue().isThrowsException()
or
av.isZero() and result.asIntValue() = 0
or
av.isNotZero() and result.getDualValue().asIntValue() = 0
or
av.isNull() and result.isNullValue()
or
av.isNotNull() and result.isNonNullValue()
}
private predicate barrierGuardChecks(Guard g, Expr e, GuardValue gv, TKindModelPair kmp) {
exists(
SourceSinkInterpretationInput::InterpretNode n, AcceptingValue acceptingvalue, string kind,
string model
|
isBarrierGuardNode(n, acceptingvalue, kind, model) and
n.asNode().asExpr() = e and
kmp = TMkPair(kind, model) and
gv = convertAcceptingValue(acceptingvalue)
|
g.(Call).getAnArgument() = e or g.(QualifiableExpr).getQualifier() = e
)
}
/**
* Holds if `node` is specified as a barrier with the given kind in a MaD flow
* model.
*/
cached
predicate barrierNode(Node node, string kind, string model) {
exists(SourceSinkInterpretationInput::InterpretNode n |
isBarrierNode(n, kind, model) and n.asNode() = node
)
or
ParameterizedBarrierGuard<TKindModelPair, barrierGuardChecks/4>::getABarrierNode(TMkPair(kind,
model)) = node
}
}
import Cached
@@ -427,6 +507,12 @@ predicate sourceNode(Node node, string kind) { sourceNode(node, kind, _) }
*/
predicate sinkNode(Node node, string kind) { sinkNode(node, kind, _) }
/**
* Holds if `node` is specified as a barrier with the given kind in a MaD flow
* model.
*/
predicate barrierNode(Node node, string kind) { barrierNode(node, kind, _) }
private predicate isOverridableCallable(OverridableCallable c) {
not exists(Type t, Callable base | c.getOverridee+() = base and t = base.getDeclaringType() |
t instanceof SystemObjectClass or

19
csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll
View File

@@ -232,16 +232,27 @@ module SourceSinkInterpretationInput implements
}
predicate barrierElement(
Element n, string output, string kind, Public::Provenance provenance, string model
Element e, string output, string kind, Public::Provenance provenance, string model
) {
none()
exists(
string namespace, string type, boolean subtypes, string name, string signature, string ext
|
barrierModel(namespace, type, subtypes, name, signature, ext, output, kind, provenance, model) and
e = interpretElement(namespace, type, subtypes, name, signature, ext)
)
}
predicate barrierGuardElement(
Element n, string input, Public::AcceptingValue acceptingvalue, string kind,
Element e, string input, Public::AcceptingValue acceptingvalue, string kind,
Public::Provenance provenance, string model
) {
none()
exists(
string namespace, string type, boolean subtypes, string name, string signature, string ext
|
barrierGuardModel(namespace, type, subtypes, name, signature, ext, input, acceptingvalue,
kind, provenance, model) and
e = interpretElement(namespace, type, subtypes, name, signature, ext)
)
}
class SourceOrSinkElement = Element;

30
csharp/ql/lib/semmle/code/csharp/dataflow/internal/SsaImpl.qll
View File

@@ -987,6 +987,36 @@ private module Cached {
predicate getABarrierNode = getABarrierNodeImpl/0;
}
bindingset[this]
private signature class ParamSig;
private module WithParam<ParamSig P> {
signature predicate guardChecksSig(Guards::Guard g, Expr e, Guards::GuardValue gv, P param);
}
cached // nothing is actually cached
module ParameterizedBarrierGuard<ParamSig P, WithParam<P>::guardChecksSig/4 guardChecks> {
private predicate guardChecksAdjTypes(
Guards::Guards::Guard g, Expr e, Guards::GuardValue gv, P param
) {
guardChecks(g, e, gv, param)
}
private predicate guardChecksWithWrappers(
DataFlowIntegrationInput::Guard g, Definition def, Guards::GuardValue val, P param
) {
Guards::Guards::ParameterizedValidationWrapper<P, guardChecksAdjTypes/4>::guardChecksDef(g,
def, val, param)
}
private Node getABarrierNodeImpl(P param) {
result =
DataFlowIntegrationImpl::BarrierGuardDefWithState<P, guardChecksWithWrappers/4>::getABarrierNode(param)
}
predicate getABarrierNode = getABarrierNodeImpl/1;
}
}
}

3
csharp/ql/lib/semmle/code/csharp/security/dataflow/CleartextStorageQuery.qll
View File

@@ -4,6 +4,7 @@
import csharp
private import semmle.code.csharp.security.dataflow.flowsources.Remote
private import semmle.code.csharp.dataflow.internal.ExternalFlow
private import semmle.code.csharp.frameworks.system.Web
private import semmle.code.csharp.security.SensitiveActions
private import semmle.code.csharp.security.dataflow.flowsinks.ExternalLocationSink
@@ -62,3 +63,5 @@ class ProtectSanitizer extends Sanitizer {
* An external location sink.
*/
class ExternalSink extends Sink instanceof ExternalLocationSink { }
private class ExternalSanitizer extends Sanitizer instanceof ExternalLocationSanitizer { }

7
csharp/ql/lib/semmle/code/csharp/security/dataflow/CodeInjectionQuery.qll
View File

@@ -95,7 +95,12 @@ class RoslynCSharpScriptSink extends Sink {
}
}
/** Code injection sinks defined through CSV models. */
/** A code injection sink defined through Models as Data. */
private class ExternalCodeInjectionExprSink extends Sink {
ExternalCodeInjectionExprSink() { sinkNode(this, "code-injection") }
}
/** A sanitizer for code injection defined through Models as Data. */
private class ExternalCodeInjectionSanitizer extends Sanitizer {
ExternalCodeInjectionSanitizer() { barrierNode(this, "code-injection") }
}

7
csharp/ql/lib/semmle/code/csharp/security/dataflow/CommandInjectionQuery.qll
View File

@@ -61,11 +61,16 @@ deprecated class RemoteSource extends DataFlow::Node instanceof RemoteFlowSource
/** A source supported by the current threat model. */
class ThreatModelSource extends Source instanceof ActiveThreatModelSource { }
/** Command Injection sinks defined through Models as Data. */
/** A Command Injection sink defined through Models as Data. */
private class ExternalCommandInjectionExprSink extends Sink {
ExternalCommandInjectionExprSink() { sinkNode(this, "command-injection") }
}
/** A sanitizer for command injection defined through Models as Data. */
private class ExternalCommandInjectionSanitizer extends Sanitizer {
ExternalCommandInjectionSanitizer() { barrierNode(this, "command-injection") }
}
/**
* A sink in `System.Diagnostic.Process` or its related classes.
*/

2
csharp/ql/lib/semmle/code/csharp/security/dataflow/ExposureOfPrivateInformationQuery.qll
View File

@@ -46,3 +46,5 @@ private class PrivateDataSource extends Source {
}
private class ExternalLocation extends Sink instanceof ExternalLocationSink { }
private class ExternalSanitizer extends Sanitizer instanceof ExternalLocationSanitizer { }

7
csharp/ql/lib/semmle/code/csharp/security/dataflow/LDAPInjectionQuery.qll
View File

@@ -64,11 +64,16 @@ deprecated class RemoteSource extends DataFlow::Node instanceof RemoteFlowSource
/** A source supported by the current threat model. */
class ThreatModelSource extends Source instanceof ActiveThreatModelSource { }
/** LDAP sinks defined through Models as Data. */
/** An LDAP sink defined through Models as Data. */
private class ExternalLdapExprSink extends Sink {
ExternalLdapExprSink() { sinkNode(this, "ldap-injection") }
}
/** A sanitizer for LDAP injection defined through Models as Data. */
private class ExternalLdapInjectionSanitizer extends Sanitizer {
ExternalLdapInjectionSanitizer() { barrierNode(this, "ldap-injection") }
}
/**
* An argument that sets the `Path` property of a `DirectoryEntry` object that is a sink for LDAP
* injection.

7
csharp/ql/lib/semmle/code/csharp/security/dataflow/LogForgingQuery.qll
View File

@@ -61,11 +61,16 @@ private class LogForgingLogMessageSink extends Sink, LogMessageSink { }
*/
private class LogForgingTraceMessageSink extends Sink, TraceMessageSink { }
/** Log Forging sinks defined through Models as Data. */
/** A Log Forging sink defined through Models as Data. */
private class ExternalLoggingExprSink extends Sink {
ExternalLoggingExprSink() { sinkNode(this, "log-injection") }
}
/** A sanitizer for log forging defined through Models as Data. */
private class ExternalLogForgingSanitizer extends Sanitizer {
ExternalLogForgingSanitizer() { barrierNode(this, "log-injection") }
}
/**
* A call to String replace or remove that is considered to sanitize replaced string.
*/

7
csharp/ql/lib/semmle/code/csharp/security/dataflow/SqlInjectionQuery.qll
View File

@@ -74,11 +74,16 @@ class SqlInjectionExprSink extends Sink {
SqlInjectionExprSink() { exists(SqlExpr s | this.getExpr() = s.getSql()) }
}
/** SQL sinks defined through CSV models. */
/** An SQL sink defined through CSV models. */
private class ExternalSqlInjectionExprSink extends Sink {
ExternalSqlInjectionExprSink() { sinkNode(this, "sql-injection") }
}
/** A sanitizer for SQL injection defined through Models as Data. */
private class ExternalSqlInjectionSanitizer extends Sanitizer {
ExternalSqlInjectionSanitizer() { barrierNode(this, "sql-injection") }
}
private class SimpleTypeSanitizer extends Sanitizer, SimpleTypeSanitizedExpr { }
private class GuidSanitizer extends Sanitizer, GuidSanitizedExpr { }

38
csharp/ql/lib/semmle/code/csharp/security/dataflow/UrlRedirectQuery.qll
View File

@@ -56,11 +56,16 @@ deprecated class RemoteSource extends DataFlow::Node instanceof RemoteFlowSource
/** A source supported by the current threat model. */
class ThreatModelSource extends Source instanceof ActiveThreatModelSource { }
/** URL Redirection sinks defined through Models as Data. */
/** A URL Redirection sink defined through Models as Data. */
private class ExternalUrlRedirectExprSink extends Sink {
ExternalUrlRedirectExprSink() { sinkNode(this, "url-redirection") }
}
/** A sanitizer for URL redirection defined through Models as Data. */
private class ExternalUrlRedirectSanitizer extends Sanitizer {
ExternalUrlRedirectSanitizer() { barrierNode(this, "url-redirection") }
}
/**
* A URL argument to a call to `HttpResponse.Redirect()` or `Controller.Redirect()`, that is a
* sink for URL redirects.
@@ -160,27 +165,6 @@ class ContainsUrlSanitizer extends Sanitizer {
}
}
/**
* A check that the URL is relative, and therefore safe for URL redirects.
*/
private predicate isRelativeUrlSanitizer(Guard guard, Expr e, GuardValue v) {
guard =
any(PropertyAccess access |
access.getProperty().hasFullyQualifiedName("System", "Uri", "IsAbsoluteUri") and
e = access.getQualifier() and
v.asBooleanValue() = false
)
}
/**
* A check that the URL is relative, and therefore safe for URL redirects.
*/
class RelativeUrlSanitizer extends Sanitizer {
RelativeUrlSanitizer() {
this = DataFlow::BarrierGuard<isRelativeUrlSanitizer/3>::getABarrierNode()
}
}
/**
* A comparison on the `Host` property of a url, that is a sanitizer for URL redirects.
* E.g. `url.Host == "example.org"`
@@ -205,16 +189,6 @@ class HostComparisonSanitizer extends Sanitizer {
}
}
/**
* A call to the getter of the RawUrl property, whose value is considered to be safe for URL
* redirects.
*/
class RawUrlSanitizer extends Sanitizer {
RawUrlSanitizer() {
this.getExpr() = any(SystemWebHttpRequestClass r).getRawUrlProperty().getGetter().getACall()
}
}
/**
* A string concatenation expression, where the left hand side contains the character "?".
*

6
csharp/ql/lib/semmle/code/csharp/security/dataflow/XSSQuery.qll
View File

@@ -7,6 +7,7 @@ import csharp
private import XSSSinks
private import semmle.code.csharp.security.Sanitizers
private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
private import semmle.code.csharp.dataflow.internal.ExternalFlow
/**
* Holds if there is tainted flow from `source` to `sink` that may lead to a
@@ -169,6 +170,11 @@ private class SimpleTypeSanitizer extends Sanitizer, SimpleTypeSanitizedExpr { }
private class GuidSanitizer extends Sanitizer, GuidSanitizedExpr { }
/** A sanitizer for XSS defined through Models as Data. */
private class ExternalXssSanitizer extends Sanitizer {
ExternalXssSanitizer() { barrierNode(this, ["html-injection", "js-injection"]) }
}
/** A call to an HTML encoder. */
private class HtmlEncodeSanitizer extends Sanitizer {
HtmlEncodeSanitizer() { this.getExpr() instanceof HtmlSanitizedExpr }

8
csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsinks/ExternalLocationSink.qll
View File

@@ -126,3 +126,11 @@ class LocalFileOutputSink extends ExternalLocationSink {
)
}
}
/**
* A sanitizer for writing data to locations that are external to the
* application, defined through Models as Data.
*/
class ExternalLocationSanitizer extends DataFlow::Node {
ExternalLocationSanitizer() { barrierNode(this, "file-content-store") }
}

4
csharp/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 1.5.4
No user-facing changes.
## 1.5.3
No user-facing changes.

3
csharp/ql/src/change-notes/released/1.5.4.md Normal file
View File

@@ -0,0 +1,3 @@
## 1.5.4
No user-facing changes.

2
csharp/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.5.3
lastReleaseVersion: 1.5.4

2
csharp/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/csharp-queries
version: 1.5.4-dev
version: 1.5.5-dev
groups:
- csharp
- queries

12
docs/codeql/_static/custom.css_t
View File

@@ -14,6 +14,18 @@ code {
font-size: 0.9em !important; /* makes code snippets in headings the correct size */
}
/* -- HEADER ------------------------------------------------------------------------------- */
/* Override alabaster.css purple link color for header links to match the rest of the site */
.Header .Header-link {
color: #fff;
}
.Header .Header-link:hover,
.Header .Header-link:focus {
color: rgba(255, 255, 255, 0.7);
}
/* -- MAIN BODY ---------------------------------------------------------------------------- */
main {

4
docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.23.5.rst
View File

@@ -33,7 +33,7 @@ Minor Analysis Improvements
C#
""
* the :code:`cs/web/missing-x-frame-options` query now correctly handles configuration nested in root :code:`<location>` elements.
* The :code:`cs/web/missing-x-frame-options` query now correctly handles configuration nested in root :code:`<location>` elements.
Java/Kotlin
"""""""""""
@@ -80,7 +80,7 @@ Major Analysis Improvements
C#
""
* The representation of the C# control-flow graph has been significantly changed. This has minor effects on a wide range of queries including both minor improvements and minor regressions, for example, improved precision has been observed for :code:`cs/inefficient-containskey` and :code:`cs/stringbuilder-creation-in-loop`. Two queries stand out as being significantly affected with great improvements: :code:`cs/dereferenced-value-may-be-null` has been completely rewritten which removes a very significant number of false positives. Furthermore, :code:`cs/constant-condition` has been updated to report many new results - these new results are primarily expected to be true positives, but a few new false positives are expected as well. As part of these changes, :code:`cs/dereferenced-value-may-be-null` has been changed from a :code:`path-problem` query to a :code:`problem` query, so paths are no longer reported for this query.
* The representation of the C# control-flow graph has been significantly changed. This has minor effects on a wide range of queries including both minor improvements and minor regressions. For example, improved precision has been observed for :code:`cs/inefficient-containskey` and :code:`cs/stringbuilder-creation-in-loop`. Two queries stand out as being significantly affected with great improvements: :code:`cs/dereferenced-value-may-be-null` has been completely rewritten which removes a very significant number of false positives. Furthermore, :code:`cs/constant-condition` has been updated to report many new results - these new results are primarily expected to be true positives, but a few new false positives are expected as well. As part of these changes, :code:`cs/dereferenced-value-may-be-null` has been changed from a :code:`path-problem` query to a :code:`problem` query, so paths are no longer reported for this query.
Swift
"""""

2
docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.23.6.rst
View File

@@ -9,7 +9,7 @@ CodeQL 2.23.6 (2025-11-24)
:local:
:backlinks: none
This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog <https://github.blog/tag/code-scanning/>`__, `relevant GitHub Changelog updates <https://github.blog/changelog/label/code-scanning/>`__, `changes in the CodeQL extension for Visual Studio Code <https://marketplace.visualstudio.com/items/GitHub.vscode-codeql/changelog>`__, and the `CodeQL Action changelog <https://github.com/github/codeql-action/blob/main/CHANGELOG.md>`__.
This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog <https://github.blog/tag/code-scanning/>`__, `relevant GitHub Changelog updates <https://github.blog/changelog/label/application-security/>`__, `changes in the CodeQL extension for Visual Studio Code <https://marketplace.visualstudio.com/items/GitHub.vscode-codeql/changelog>`__, and the `CodeQL Action changelog <https://github.com/github/codeql-action/blob/main/CHANGELOG.md>`__.
Security Coverage
-----------------

116
docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.23.7.rst Normal file
View File

@@ -0,0 +1,116 @@
.. _codeql-cli-2.23.7:
==========================
CodeQL 2.23.7 (2025-12-05)
==========================
.. contents:: Contents
:depth: 2
:local:
:backlinks: none
This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog <https://github.blog/tag/code-scanning/>`__, `relevant GitHub Changelog updates <https://github.blog/changelog/label/application-security/>`__, `changes in the CodeQL extension for Visual Studio Code <https://marketplace.visualstudio.com/items/GitHub.vscode-codeql/changelog>`__, and the `CodeQL Action changelog <https://github.com/github/codeql-action/blob/main/CHANGELOG.md>`__.
Security Coverage
-----------------
CodeQL 2.23.7 runs a total of 491 security queries when configured with the Default suite (covering 166 CWE). The Extended suite enables an additional 135 queries (covering 35 more CWE). 6 security queries have been added with this release.
CodeQL CLI
----------
Deprecations
~~~~~~~~~~~~
* The :code:`--save-cache` flag to :code:`codeql database run-queries` and other commands that execute queries has been deprecated. This flag previously instructed the evaluator to aggressively write intermediate results to the disk cache, but now has no effect.
Query Packs
-----------
Minor Analysis Improvements
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Java/Kotlin
"""""""""""
* Operations that extract only a fixed-length prefix or suffix of a string (for example, :code:`substring` in Java or :code:`take` in Kotlin), when limited to a length of at most 7 characters, are now treated as sanitizers for the :code:`java/sensitive-log` query.
JavaScript/TypeScript
"""""""""""""""""""""
* Fixed a bug in the Next.js model that would cause the analysis to miss server-side taint sources in the :code:`app/pages` folder.
Rust
""""
* The :code:`rust/access-invalid-pointer` query has been improved with new flow sources and barriers.
New Queries
~~~~~~~~~~~
Golang
""""""
* The :code:`go/cookie-http-only-not-set` query has been promoted from the experimental query pack. This query was originally contributed to the experimental query pack by @edvraa.
* A new query :code:`go/cookie-secure-not-set` has been added to detect cookies without the :code:`Secure` flag set.
* Added a new query, :code:`go/weak-crypto-algorithm`, to detect the use of a broken or weak cryptographic algorithm. A very simple version of this query was originally contributed as an `experimental query by @dilanbhalla <https://github.com/github/codeql-go/pull/284>`__.
* Added a new query, :code:`go/weak-sensitive-data-hashing`, to detect the use of a broken or weak cryptographic hash algorithm on sensitive data.
Rust
""""
* Added a new query :code:`rust/xss`, to detect cross-site scripting security vulnerabilities.
* Added a new query :code:`rust/disabled-certificate-check`, to detect disabled TLS certificate checks.
* Added three example queries (:code:`rust/examples/empty-if`, :code:`rust/examples/simple-sql-injection` and :code:`rust/examples/simple-constant-password`) to help developers learn to write CodeQL queries for Rust.
Language Libraries
------------------
Bug Fixes
~~~~~~~~~
Python
""""""
* Fixed a bug in the Python extractor's import handling where failing to find an import in :code:`find_module` would cause a :code:`KeyError` to be raised. (Contributed by @akoeplinger.)
Breaking Changes
~~~~~~~~~~~~~~~~
Rust
""""
* The type :code:`DataFlow::Node` is now based directly on the AST instead of the CFG, which means that predicates like :code:`asExpr()` return AST nodes instead of CFG nodes.
Minor Analysis Improvements
~~~~~~~~~~~~~~~~~~~~~~~~~~~
C/C++
"""""
* The class :code:`DataFlow::FieldContent` now covers both :code:`union` and :code:`struct`\ /\ :code:`class` types. A new predicate :code:`FieldContent.getAField` has been added to access the union members associated with the :code:`FieldContent`. The old :code:`FieldContent` has been renamed to :code:`NonUnionFieldContent`.
C#
""
* Improved stability when downloading .NET versions by setting appropriate environment variables for :code:`dotnet` commands. The correct architecture-specific version of .NET is now downloaded on ARM runners.
* Compilation errors are now included in the debug log when using build-mode none.
* Added a new extractor option to specify a custom directory for dependency downloads in buildless mode. Use :code:`-O buildless_dependency_dir=<path>` to configure the target directory.
JavaScript/TypeScript
"""""""""""""""""""""
* JavaScript :code:`DataFlow::globalVarRef` now recognizes :code:`document.defaultView` as an alias of :code:`window`, allowing flows such as :code:`document.defaultView.history.pushState(...)` to be modeled and found by queries relying on :code:`globalVarRef("history")`.
Rust
""""
* Added more detailed models for :code:`std::fs` and :code:`std::path`.
Deprecated APIs
~~~~~~~~~~~~~~~
Java/Kotlin
"""""""""""
* The SSA interface has been updated and all classes and several predicates have been renamed. See the qldoc for more specific migration information.

33
docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.23.8.rst Normal file
View File

@@ -0,0 +1,33 @@
.. _codeql-cli-2.23.8:
==========================
CodeQL 2.23.8 (2025-12-10)
==========================
.. contents:: Contents
:depth: 2
:local:
:backlinks: none
This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog <https://github.blog/tag/code-scanning/>`__, `relevant GitHub Changelog updates <https://github.blog/changelog/label/application-security/>`__, `changes in the CodeQL extension for Visual Studio Code <https://marketplace.visualstudio.com/items/GitHub.vscode-codeql/changelog>`__, and the `CodeQL Action changelog <https://github.com/github/codeql-action/blob/main/CHANGELOG.md>`__.
Security Coverage
-----------------
CodeQL 2.23.8 runs a total of 491 security queries when configured with the Default suite (covering 166 CWE). The Extended suite enables an additional 135 queries (covering 35 more CWE).
CodeQL CLI
----------
There are no user-facing CLI changes in this release.
Query Packs
-----------
Minor Analysis Improvements
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Java/Kotlin
"""""""""""
* Java analysis no longer forces :code:`--source` and :code:`--target` compiler flags for Maven builds. This allows Maven to use the project's own compiler configuration, improving build compatibility.

2
docs/codeql/codeql-overview/codeql-changelog/index.rst
View File

@@ -11,6 +11,8 @@ A list of queries for each suite and language `is available here <https://docs.g
.. toctree::
:maxdepth: 1
codeql-cli-2.23.8
codeql-cli-2.23.7
codeql-cli-2.23.6
codeql-cli-2.23.5
codeql-cli-2.23.3

4
go/extractor/go.mod
View File

@@ -9,8 +9,8 @@ toolchain go1.25.0
// when adding or removing dependencies, run
// bazel mod tidy
require (
golang.org/x/mod v0.31.0
golang.org/x/tools v0.40.0
golang.org/x/mod v0.32.0
golang.org/x/tools v0.41.0
)
require golang.org/x/sync v0.19.0 // indirect

8
go/extractor/go.sum
View File

@@ -1,8 +1,8 @@
github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
golang.org/x/mod v0.31.0 h1:HaW9xtz0+kOcWKwli0ZXy79Ix+UW/vOfmWI5QVd2tgI=
golang.org/x/mod v0.31.0/go.mod h1:43JraMp9cGx1Rx3AqioxrbrhNsLl2l/iNAvuBkrezpg=
golang.org/x/mod v0.32.0 h1:9F4d3PHLljb6x//jOyokMv3eX+YDeepZSEo3mFJy93c=
golang.org/x/mod v0.32.0/go.mod h1:SgipZ/3h2Ci89DlEtEXWUk/HteuRin+HHhN+WbNhguU=
golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4=
golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
golang.org/x/tools v0.40.0 h1:yLkxfA+Qnul4cs9QA3KnlFu0lVmd8JJfoq+E41uSutA=
golang.org/x/tools v0.40.0/go.mod h1:Ik/tzLRlbscWpqqMRjyWYDisX8bG13FrdXp3o4Sr9lc=
golang.org/x/tools v0.41.0 h1:a9b8iMweWG+S0OBnlU36rzLp20z1Rp10w+IY2czHTQc=
golang.org/x/tools v0.41.0/go.mod h1:XSY6eDqxVNiYgezAVqqCeihT4j1U2CCsqvH3WhQpnlg=

4
go/ql/consistency-queries/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 1.0.39
No user-facing changes.
## 1.0.38
No user-facing changes.

3
go/ql/consistency-queries/change-notes/released/1.0.39.md Normal file
View File

@@ -0,0 +1,3 @@
## 1.0.39
No user-facing changes.

2
go/ql/consistency-queries/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.0.38
lastReleaseVersion: 1.0.39

2
go/ql/consistency-queries/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql-go-consistency-queries
version: 1.0.39-dev
version: 1.0.40-dev
groups:
- go
- queries

4
go/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 5.0.6
No user-facing changes.
## 5.0.5
No user-facing changes.

3
go/ql/lib/change-notes/released/5.0.6.md Normal file
View File

@@ -0,0 +1,3 @@
## 5.0.6
No user-facing changes.

2
go/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 5.0.5
lastReleaseVersion: 5.0.6

5
go/ql/lib/ext/github.com.beego.beego.server.web.model.yml
View File

@@ -50,3 +50,8 @@ extensions:
- ["group:beego", "Controller", True, "GetString", "", "", "ReturnValue[0]", "remote", "manual"]
- ["group:beego", "Controller", True, "GetStrings", "", "", "ReturnValue[0]", "remote", "manual"]
- ["group:beego", "Controller", True, "Input", "", "", "ReturnValue[0]", "remote", "manual"]
- addsTo:
pack: codeql/go-all
extensible: barrierModel
data:
- ["group:beego", "", True, "Htmlquote", "", "", "ReturnValue", "html-injection", "manual"]

17
go/ql/lib/ext/mime.multipart.model.yml
View File

@@ -1,4 +1,21 @@
extensions:
- addsTo:
pack: codeql/go-all
extensible: barrierModel
data:
# The only way to create a `mime/multipart.FileHeader` is to create a
# `mime/multipart.Form`, which creates the `Filename` field of each
# `mime/multipart.FileHeader` by calling `Part.FileName`, which calls
# `path/filepath.Base` on its return value. In general `path/filepath.Base`
# is not a sanitizer for path traversal, but in this specific case where the
# output is going to be used as a filename rather than a directory name, it
# is adequate.
- ["mime/multipart", "FileHeader", False, "Filename", "", "", "", "path-injection", "manual"]
# `Part.FileName` calls `path/filepath.Base` on its return value. In
# general `path/filepath.Base` is not a sanitizer for path traversal, but in
# this specific case where the output is going to be used as a filename
# rather than a directory name, it is adequate.
- ["mime/multipart", "Part", False, "FileName", "", "", "ReturnValue", "path-injection", "manual"]
- addsTo:
pack: codeql/go-all
extensible: summaryModel

5
go/ql/lib/ext/path.filepath.model.yml
View File

@@ -1,4 +1,9 @@
extensions:
- addsTo:
pack: codeql/go-all
extensible: barrierModel
data:
- ["path/filepath", "", False, "Rel", "", "", "ReturnValue", "path-injection", "manual"]
- addsTo:
pack: codeql/go-all
extensible: summaryModel

2
go/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/go-all
version: 5.0.6-dev
version: 5.0.7-dev
groups: go
dbscheme: go.dbscheme
extractor: go

8
go/ql/lib/semmle/go/Concepts.qll
View File

@@ -116,10 +116,10 @@ module FileSystemAccess {
}
}
private class DefaultFileSystemAccess extends FileSystemAccess::Range, DataFlow::CallNode {
private class ExternalFileSystemAccess extends FileSystemAccess::Range, DataFlow::CallNode {
DataFlow::ArgumentNode pathArgument;
DefaultFileSystemAccess() {
ExternalFileSystemAccess() {
sinkNode(pathArgument, "path-injection") and
this = pathArgument.getCall()
}
@@ -394,10 +394,10 @@ module LoggerCall {
}
}
private class DefaultLoggerCall extends LoggerCall::Range, DataFlow::CallNode {
private class ExternalLoggerCall extends LoggerCall::Range, DataFlow::CallNode {
DataFlow::ArgumentNode messageComponent;
DefaultLoggerCall() {
ExternalLoggerCall() {
sinkNode(messageComponent, "log-injection") and
this = messageComponent.getCall()
}

4
go/ql/lib/semmle/go/concepts/HTTP.qll
View File

@@ -320,11 +320,11 @@ module Http {
)
}
private class DefaultHttpRedirect extends Range, DataFlow::CallNode {
private class ExternalHttpRedirect extends Range, DataFlow::CallNode {
DataFlow::ArgumentNode url;
int rw;
DefaultHttpRedirect() {
ExternalHttpRedirect() {
this = url.getCall() and
exists(string kind |
sinkKindInfo(kind, rw) and

92
go/ql/lib/semmle/go/dataflow/ExternalFlow.qll
View File

@@ -129,7 +129,9 @@ module ModelValidation {
summaryModel(_, _, _, _, _, _, path, _, _, _, _) or
summaryModel(_, _, _, _, _, _, _, path, _, _, _) or
sinkModel(_, _, _, _, _, _, path, _, _, _) or
sourceModel(_, _, _, _, _, _, path, _, _, _)
sourceModel(_, _, _, _, _, _, path, _, _, _) or
barrierModel(_, _, _, _, _, _, path, _, _, _) or
barrierGuardModel(_, _, _, _, _, _, path, _, _, _, _)
}
private module MkAccessPath = AccessPathSyntax::AccessPath<getRelevantAccessPath/1>;
@@ -142,6 +144,8 @@ module ModelValidation {
exists(string pred, AccessPath input, AccessPathToken part |
sinkModel(_, _, _, _, _, _, input, _, _, _) and pred = "sink"
or
barrierGuardModel(_, _, _, _, _, _, input, _, _, _, _) and pred = "barrier guard"
or
summaryModel(_, _, _, _, _, _, input, _, _, _, _) and pred = "summary"
|
(
@@ -164,6 +168,8 @@ module ModelValidation {
exists(string pred, AccessPath output, AccessPathToken part |
sourceModel(_, _, _, _, _, _, output, _, _, _) and pred = "source"
or
barrierModel(_, _, _, _, _, _, output, _, _, _) and pred = "barrier"
or
summaryModel(_, _, _, _, _, _, _, output, _, _, _) and pred = "summary"
|
(
@@ -181,7 +187,13 @@ module ModelValidation {
private module KindValConfig implements SharedModelVal::KindValidationConfigSig {
predicate summaryKind(string kind) { summaryModel(_, _, _, _, _, _, _, _, kind, _, _) }
predicate sinkKind(string kind) { sinkModel(_, _, _, _, _, _, _, kind, _, _) }
predicate sinkKind(string kind) {
sinkModel(_, _, _, _, _, _, _, kind, _, _)
or
barrierModel(_, _, _, _, _, _, _, kind, _, _)
or
barrierGuardModel(_, _, _, _, _, _, _, _, kind, _, _)
}
predicate sourceKind(string kind) { sourceModel(_, _, _, _, _, _, _, kind, _, _) }
@@ -199,6 +211,11 @@ module ModelValidation {
or
sinkModel(package, type, _, name, signature, ext, _, _, provenance, _) and pred = "sink"
or
barrierModel(package, type, _, name, signature, ext, _, _, provenance, _) and pred = "barrier"
or
barrierGuardModel(package, type, _, name, signature, ext, _, _, _, provenance, _) and
pred = "barrier guard"
or
summaryModel(package, type, _, name, signature, ext, _, _, _, provenance, _) and
pred = "summary"
or
@@ -224,6 +241,14 @@ module ModelValidation {
invalidProvenance(provenance) and
result = "Unrecognized provenance description \"" + provenance + "\" in " + pred + " model."
)
or
exists(string acceptingvalue |
barrierGuardModel(_, _, _, _, _, _, _, acceptingvalue, _, _, _) and
invalidAcceptingValue(acceptingvalue) and
result =
"Unrecognized accepting value description \"" + acceptingvalue +
"\" in barrier guard model."
)
}
private string getInvalidPackageGroup() {
@@ -232,6 +257,11 @@ module ModelValidation {
or
FlowExtensions::sinkModel(package, _, _, _, _, _, _, _, _, _) and pred = "sink"
or
FlowExtensions::barrierModel(package, _, _, _, _, _, _, _, _, _) and pred = "barrier"
or
FlowExtensions::barrierGuardModel(package, _, _, _, _, _, _, _, _, _, _) and
pred = "barrier guard"
or
FlowExtensions::summaryModel(package, _, _, _, _, _, _, _, _, _, _) and
pred = "summary"
or
@@ -262,6 +292,10 @@ private predicate elementSpec(
or
sinkModel(package, type, subtypes, name, signature, ext, _, _, _, _)
or
barrierModel(package, type, subtypes, name, signature, ext, _, _, _, _)
or
barrierGuardModel(package, type, subtypes, name, signature, ext, _, _, _, _, _)
or
summaryModel(package, type, subtypes, name, signature, ext, _, _, _, _, _)
or
neutralModel(package, type, name, signature, _, _) and ext = "" and subtypes = false
@@ -397,6 +431,54 @@ private module Cached {
isSinkNode(n, kind, model) and n.asNode() = node
)
}
private newtype TKindModelPair =
TMkPair(string kind, string model) { isBarrierGuardNode(_, _, kind, model) }
private boolean convertAcceptingValue(Public::AcceptingValue av) {
av.isTrue() and result = true
or
av.isFalse() and result = false
// Remaining cases are not supported yet, they depend on the shared Guards library.
// or
// av.isNoException() and result.getDualValue().isThrowsException()
// or
// av.isZero() and result.asIntValue() = 0
// or
// av.isNotZero() and result.getDualValue().asIntValue() = 0
// or
// av.isNull() and result.isNullValue()
// or
// av.isNotNull() and result.isNonNullValue()
}
private predicate barrierGuardChecks(DataFlow::Node g, Expr e, boolean gv, TKindModelPair kmp) {
exists(
SourceSinkInterpretationInput::InterpretNode n, Public::AcceptingValue acceptingvalue,
string kind, string model
|
isBarrierGuardNode(n, acceptingvalue, kind, model) and
n.asNode().asExpr() = e and
kmp = TMkPair(kind, model) and
gv = convertAcceptingValue(acceptingvalue)
|
g.asExpr().(CallExpr).getAnArgument() = e // TODO: qualifier?
)
}
/**
* Holds if `node` is specified as a barrier with the given kind in a MaD flow
* model.
*/
cached
predicate barrierNode(DataFlow::Node node, string kind, string model) {
exists(SourceSinkInterpretationInput::InterpretNode n |
isBarrierNode(n, kind, model) and n.asNode() = node
)
or
DataFlow::ParameterizedBarrierGuard<TKindModelPair, barrierGuardChecks/4>::getABarrierNode(TMkPair(kind,
model)) = node
}
}
import Cached
@@ -413,6 +495,12 @@ predicate sourceNode(DataFlow::Node node, string kind) { sourceNode(node, kind,
*/
predicate sinkNode(DataFlow::Node node, string kind) { sinkNode(node, kind, _) }
/**
* Holds if `node` is specified as a barrier with the given kind in a MaD flow
* model.
*/
predicate barrierNode(DataFlow::Node node, string kind) { barrierNode(node, kind, _) }
// adapter class for converting Mad summaries to `SummarizedCallable`s
private class SummarizedCallableAdapter extends Public::SummarizedCallable {
SummarizedCallableAdapter() { summaryElement(this, _, _, _, _, _) }

70
go/ql/lib/semmle/go/dataflow/internal/DataFlowUtil.qll
View File

@@ -339,6 +339,20 @@ class ContentSet instanceof TContentSet {
*/
signature predicate guardChecksSig(Node g, Expr e, boolean branch);
bindingset[this]
private signature class ParamSig;
private module WithParam<ParamSig P> {
/**
* Holds if the guard `g` validates the expression `e` upon evaluating to `branch`.
*
* The expression `e` is expected to be a syntactic part of the guard `g`.
* For example, the guard `g` might be a call `isSafe(x)` and the expression `e`
* the argument `x`.
*/
signature predicate guardChecksSig(Node g, Expr e, boolean branch, P param);
}
/**
* Provides a set of barrier nodes for a guard that validates an expression.
*
@@ -346,12 +360,36 @@ signature predicate guardChecksSig(Node g, Expr e, boolean branch);
* in data flow and taint tracking.
*/
module BarrierGuard<guardChecksSig/3 guardChecks> {
private predicate guardChecks(Node g, Expr e, boolean branch, Unit param) {
guardChecks(g, e, branch) and exists(param)
}
private module B = ParameterizedBarrierGuard<Unit, guardChecks/4>;
/** Gets a node that is safely guarded by the given guard check. */
Node getABarrierNode() {
Node getABarrierNode() { result = B::getABarrierNode(_) }
/**
* Gets a node that is safely guarded by the given guard check.
*/
Node getABarrierNodeForGuard(Node guardCheck) {
result = B::getABarrierNodeForGuard(guardCheck, _)
}
}
/**
* Provides a set of barrier nodes for a guard that validates an expression.
*
* This is expected to be used in `isBarrier`/`isSanitizer` definitions
* in data flow and taint tracking.
*/
module ParameterizedBarrierGuard<ParamSig P, WithParam<P>::guardChecksSig/4 guardChecks> {
/** Gets a node that is safely guarded by the given guard check. */
Node getABarrierNode(P param) {
exists(ControlFlow::ConditionGuardNode guard, SsaWithFields var |
result = pragma[only_bind_out](var).getAUse()
|
guards(_, guard, _, var) and
guards(_, guard, _, var, param) and
pragma[only_bind_out](guard).dominates(result.getBasicBlock())
)
}
@@ -359,9 +397,9 @@ module BarrierGuard<guardChecksSig/3 guardChecks> {
/**
* Gets a node that is safely guarded by the given guard check.
*/
Node getABarrierNodeForGuard(Node guardCheck) {
Node getABarrierNodeForGuard(Node guardCheck, P param) {
exists(ControlFlow::ConditionGuardNode guard, SsaWithFields var | result = var.getAUse() |
guards(guardCheck, guard, _, var) and
guards(guardCheck, guard, _, var, param) and
guard.dominates(result.getBasicBlock())
)
}
@@ -373,22 +411,24 @@ module BarrierGuard<guardChecksSig/3 guardChecks> {
* This predicate exists to enforce a good join order in `getAGuardedNode`.
*/
pragma[noinline]
private predicate guards(Node g, ControlFlow::ConditionGuardNode guard, Node nd, SsaWithFields ap) {
guards(g, guard, nd) and nd = ap.getAUse()
private predicate guards(
Node g, ControlFlow::ConditionGuardNode guard, Node nd, SsaWithFields ap, P param
) {
guards(g, guard, nd, param) and nd = ap.getAUse()
}
/**
* Holds if `guard` marks a point in the control-flow graph where `g`
* is known to validate `nd`.
*/
private predicate guards(Node g, ControlFlow::ConditionGuardNode guard, Node nd) {
private predicate guards(Node g, ControlFlow::ConditionGuardNode guard, Node nd, P param) {
exists(boolean branch |
guardChecks(g, nd.asExpr(), branch) and
guardChecks(g, nd.asExpr(), branch, param) and
guard.ensures(g, branch)
)
or
exists(DataFlow::Property p, Node resNode, Node check, boolean outcome |
guardingCall(g, _, _, _, p, _, nd, resNode) and
guardingCall(g, _, _, _, p, _, nd, resNode, param) and
p.checkOn(check, outcome, resNode) and
guard.ensures(pragma[only_bind_into](check), outcome)
)
@@ -405,9 +445,9 @@ module BarrierGuard<guardChecksSig/3 guardChecks> {
pragma[noinline]
private predicate guardingCall(
Node g, Function f, FunctionInput inp, FunctionOutput outp, DataFlow::Property p, CallNode c,
Node nd, Node resNode
Node nd, Node resNode, P param
) {
guardingFunction(g, f, inp, outp, p) and
guardingFunction(g, f, inp, outp, p, param) and
c = f.getACall() and
nd = getInputNode(inp, c) and
localFlow(getOutputNode(outp, c), resNode)
@@ -438,7 +478,7 @@ module BarrierGuard<guardChecksSig/3 guardChecks> {
* `false`, `nil` or a non-`nil` value.)
*/
private predicate guardingFunction(
Node g, Function f, FunctionInput inp, FunctionOutput outp, DataFlow::Property p
Node g, Function f, FunctionInput inp, FunctionOutput outp, DataFlow::Property p, P param
) {
exists(FuncDecl fd, Node arg, Node ret |
fd.getFunction() = f and
@@ -446,7 +486,7 @@ module BarrierGuard<guardChecksSig/3 guardChecks> {
(
// Case: a function like "if someBarrierGuard(arg) { return true } else { return false }"
exists(ControlFlow::ConditionGuardNode guard |
guards(g, pragma[only_bind_out](guard), arg) and
guards(g, pragma[only_bind_out](guard), arg, param) and
guard.dominates(pragma[only_bind_out](ret).getBasicBlock())
|
onlyPossibleReturnSatisfyingProperty(fd, outp, ret, p)
@@ -456,7 +496,7 @@ module BarrierGuard<guardChecksSig/3 guardChecks> {
// or "return !someBarrierGuard(arg) && otherCond(...)"
exists(boolean outcome |
ret = getUniqueOutputNode(fd, outp) and
guardChecks(g, arg.asExpr(), outcome) and
guardChecks(g, arg.asExpr(), outcome, param) and
// This predicate's contract is (p holds of ret ==> arg is checked),
// (and we have (this has outcome ==> arg is checked))
// but p.checkOn(ret, outcome, this) gives us (ret has outcome ==> p holds of this),
@@ -471,7 +511,7 @@ module BarrierGuard<guardChecksSig/3 guardChecks> {
DataFlow::Property outpProp
|
ret = getUniqueOutputNode(fd, outp) and
guardingFunction(g, f2, inp2, outp2, outpProp) and
guardingFunction(g, f2, inp2, outp2, outpProp, param) and
c = f2.getACall() and
arg = inp2.getNode(c) and
(

19
go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll
View File

@@ -160,16 +160,27 @@ module SourceSinkInterpretationInput implements
}
predicate barrierElement(
Element n, string output, string kind, Public::Provenance provenance, string model
Element e, string output, string kind, Public::Provenance provenance, string model
) {
none()
exists(
string package, string type, boolean subtypes, string name, string signature, string ext
|
barrierModel(package, type, subtypes, name, signature, ext, output, kind, provenance, model) and
e = interpretElement(package, type, subtypes, name, signature, ext)
)
}
predicate barrierGuardElement(
Element n, string input, Public::AcceptingValue acceptingvalue, string kind,
Element e, string input, Public::AcceptingValue acceptingvalue, string kind,
Public::Provenance provenance, string model
) {
none()
exists(
string package, string type, boolean subtypes, string name, string signature, string ext
|
barrierGuardModel(package, type, subtypes, name, signature, ext, input, acceptingvalue, kind,
provenance, model) and
e = interpretElement(package, type, subtypes, name, signature, ext)
)
}
// Note that due to embedding, which is currently implemented via some

8
go/ql/lib/semmle/go/frameworks/Beego.qll
View File

@@ -165,14 +165,6 @@ module Beego {
override string getAContentType() { none() }
}
private class HtmlQuoteSanitizer extends SharedXss::Sanitizer {
HtmlQuoteSanitizer() {
exists(DataFlow::CallNode c | c.getTarget().hasQualifiedName(packagePath(), "Htmlquote") |
this = c.getArgument(0)
)
}
}
private class UtilsTaintPropagators extends TaintTracking::FunctionModel {
UtilsTaintPropagators() { this.hasQualifiedName(utilsPackagePath(), "GetDisplayString") }

4
go/ql/lib/semmle/go/frameworks/NoSQL.qll
View File

@@ -24,8 +24,8 @@ module NoSql {
*/
abstract class Range extends DataFlow::Node { }
private class DefaultQueryString extends Range {
DefaultQueryString() {
private class ExternalQueryString extends Range {
ExternalQueryString() {
exists(DataFlow::ArgumentNode arg | sinkNode(arg, "nosql-injection") |
this = arg.getACorrespondingSyntacticArgument()
)

4
go/ql/lib/semmle/go/frameworks/SQL.qll
View File

@@ -67,8 +67,8 @@ module SQL {
*/
abstract class Range extends DataFlow::Node { }
private class DefaultQueryString extends Range {
DefaultQueryString() {
private class ExternalQueryString extends Range {
ExternalQueryString() {
exists(DataFlow::ArgumentNode arg | sinkNode(arg, "sql-injection") |
not arg instanceof DataFlow::ImplicitVarargsSlice and
this = arg

4
go/ql/lib/semmle/go/frameworks/SystemCommandExecutors.qll
View File

@@ -5,12 +5,12 @@
import go
private class DefaultSystemCommandExecution extends SystemCommandExecution::Range,
private class ExternalSystemCommandExecution extends SystemCommandExecution::Range,
DataFlow::CallNode
{
DataFlow::ArgumentNode commandName;
DefaultSystemCommandExecution() {
ExternalSystemCommandExecution() {
sinkNode(commandName, "command-injection") and
this = commandName.getCall()
}

11
go/ql/lib/semmle/go/frameworks/XPath.qll
View File

@@ -25,10 +25,17 @@ module XPath {
*/
abstract class Range extends DataFlow::Node { }
private class DefaultXPathExpressionString extends Range {
DefaultXPathExpressionString() { sinkNode(this, "xpath-injection") }
private class ExternalXPathExpressionString extends Range {
ExternalXPathExpressionString() { sinkNode(this, "xpath-injection") }
}
}
/** A sanitizer for XPath injection. */
abstract class Sanitizer extends DataFlow::Node { }
private class ExternalSanitizer extends Sanitizer {
ExternalSanitizer() { barrierNode(this, "xpath-injection") }
}
}
/**

10
go/ql/lib/semmle/go/frameworks/stdlib/Regexp.qll
View File

@@ -39,10 +39,10 @@ module Regexp {
)
}
private class DefaultRegexpPattern extends RegexpPattern::Range, DataFlow::ArgumentNode {
private class ExternalRegexpPattern extends RegexpPattern::Range, DataFlow::ArgumentNode {
int strArg;
DefaultRegexpPattern() {
ExternalRegexpPattern() {
exists(string kind |
regexSinkKindInfo(kind, strArg) and
sinkNode(this, kind)
@@ -61,12 +61,12 @@ module Regexp {
}
}
private class DefaultRegexpMatchFunction extends RegexpMatchFunction::Range, Function {
private class ExternalRegexpMatchFunction extends RegexpMatchFunction::Range, Function {
int patArg;
int strArg;
DefaultRegexpMatchFunction() {
exists(DefaultRegexpPattern drp, string kind |
ExternalRegexpMatchFunction() {
exists(ExternalRegexpPattern drp, string kind |
drp.getCall() = this.getACall() and
sinkNode(drp, kind)
|

4
go/ql/lib/semmle/go/security/CommandInjectionCustomizations.qll
View File

@@ -47,6 +47,10 @@ module CommandInjection {
override predicate doubleDashIsSanitizing() { exec.doubleDashIsSanitizing() }
}
private class ExternalSanitizer extends Sanitizer {
ExternalSanitizer() { barrierNode(this, "command-injection") }
}
/**
* A call to a regexp match function, considered as a barrier guard for command injection.
*/

11
go/ql/lib/semmle/go/security/HardcodedCredentials.qll
View File

@@ -43,8 +43,15 @@ module HardcodedCredentials {
}
/** A use of a credential. */
private class CredentialsSink extends Sink {
CredentialsSink() { exists(string s | s.matches("credentials-%") | sinkNode(this, s)) }
private class ExternalCredentialsSink extends Sink {
ExternalCredentialsSink() { exists(string s | s.matches("credentials-%") | sinkNode(this, s)) }
}
/** A use of a credential. */
private class ExternalCredentialsSanitizer extends Sanitizer {
ExternalCredentialsSanitizer() {
exists(string s | s.matches("credentials-%") | barrierNode(this, s))
}
}
/**

2
go/ql/lib/semmle/go/security/MissingJwtSignatureCheck.qll
View File

@@ -20,6 +20,8 @@ module MissingJwtSignatureCheck {
predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
any(AdditionalFlowStep s).step(nodeFrom, nodeTo)
}

8
go/ql/lib/semmle/go/security/MissingJwtSignatureCheckCustomizations.qll
View File

@@ -51,7 +51,11 @@ module MissingJwtSignatureCheck {
private class DefaultSource extends Source instanceof ActiveThreatModelSource { }
private class DefaultSink extends Sink {
DefaultSink() { sinkNode(this, "jwt") }
private class ExternalSink extends Sink {
ExternalSink() { sinkNode(this, "jwt") }
}
private class ExternalSanitizer extends Sanitizer {
ExternalSanitizer() { barrierNode(this, "jwt") }
}
}

4
go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll
View File

@@ -75,6 +75,10 @@ module OpenUrlRedirect {
}
}
private class ExternalBarrier extends Barrier {
ExternalBarrier() { barrierNode(this, "url-redirection") }
}
/**
* An assignment of a safe value to the field `Path`, considered as a barrier for sanitizing
* untrusted URLs.

8
go/ql/lib/semmle/go/security/RequestForgeryCustomizations.qll
View File

@@ -44,10 +44,10 @@ module RequestForgery {
*/
private class ThreatModelFlowAsSource extends Source instanceof ActiveThreatModelSource { }
private class DefaultRequestForgerySink extends Sink {
private class ExternalRequestForgerySink extends Sink {
string kind;
DefaultRequestForgerySink() {
ExternalRequestForgerySink() {
exists(string modelKind | sinkNode(this, modelKind) |
modelKind = "request-forgery" and kind = "URL"
or
@@ -94,6 +94,10 @@ module RequestForgery {
HostnameSanitizer() { hostnameSanitizingPrefixEdge(this, _) }
}
private class ExternalRequestForgerySanitizer extends Sanitizer {
ExternalRequestForgerySanitizer() { barrierNode(this, "request-forgery") }
}
/**
* A call to a function called `isLocalUrl`, `isValidRedirect`, or similar, which is
* considered a barrier guard.

4
go/ql/lib/semmle/go/security/SqlInjectionCustomizations.qll
View File

@@ -43,6 +43,10 @@ module SqlInjection {
/** DEPRECATED: Use `SimpleTypeSanitizer` from semmle.go.security.Sanitizers instead. */
deprecated class NumericOrBooleanSanitizer = SimpleTypeSanitizer;
private class ExternalSanitizer extends Sanitizer {
ExternalSanitizer() { barrierNode(this, ["nosql-injection", "sql-injection"]) }
}
/**
* A numeric- or boolean-typed node, considered a sanitizer for sql injection.
*/

55
go/ql/lib/semmle/go/security/TaintedPathCustomizations.qll
View File

@@ -57,6 +57,10 @@ module TaintedPath {
PathAsSink() { this = any(FileSystemAccess fsa).getAPathArgument() }
}
private class ExternalSanitizer extends Sanitizer {
ExternalSanitizer() { barrierNode(this, "path-injection") }
}
/**
* A numeric- or boolean-typed node, considered a sanitizer for path traversal.
*/
@@ -66,19 +70,6 @@ module TaintedPath {
}
}
/**
* A call to `filepath.Rel`, considered as a sanitizer for path traversal.
*/
class FilepathRelSanitizer extends Sanitizer {
FilepathRelSanitizer() {
exists(Function f, FunctionOutput outp |
f.hasQualifiedName("path/filepath", "Rel") and
outp.isResult(0) and
this = outp.getNode(f.getACall())
)
}
}
/**
* A call to `filepath.Clean("/" + e)`, considered to sanitize `e` against path traversal.
*/
@@ -112,44 +103,6 @@ module TaintedPath {
}
}
/**
* A read from the field `Filename` of the type `mime/multipart.FileHeader`,
* considered as a sanitizer for path traversal.
*
* The only way to create a `mime/multipart.FileHeader` is to create a
* `mime/multipart.Form`, which creates the `Filename` field of each
* `mime/multipart.FileHeader` by calling `Part.FileName`, which calls
* `path/filepath.Base` on its return value. In general `path/filepath.Base`
* is not a sanitizer for path traversal, but in this specific case where the
* output is going to be used as a filename rather than a directory name, it
* is adequate.
*/
class MimeMultipartFileHeaderFilenameSanitizer extends Sanitizer {
MimeMultipartFileHeaderFilenameSanitizer() {
this.(DataFlow::FieldReadNode)
.getField()
.hasQualifiedName("mime/multipart", "FileHeader", "Filename")
}
}
/**
* A call to `mime/multipart.Part.FileName`, considered as a sanitizer
* against path traversal.
*
* `Part.FileName` calls `path/filepath.Base` on its return value. In
* general `path/filepath.Base` is not a sanitizer for path traversal, but in
* this specific case where the output is going to be used as a filename
* rather than a directory name, it is adequate.
*/
class MimeMultipartPartFileNameSanitizer extends Sanitizer {
MimeMultipartPartFileNameSanitizer() {
this =
any(Method m | m.hasQualifiedName("mime/multipart", "Part", "FileName"))
.getACall()
.getResult()
}
}
/**
* A check of the form `!strings.Contains(nd, "..")`, considered as a sanitizer guard for
* path traversal.

3
go/ql/lib/semmle/go/security/XPathInjectionCustomizations.qll
View File

@@ -34,4 +34,7 @@ module XPathInjection {
/** An XPath expression string, considered as a taint sink for XPath injection. */
class XPathExpressionStringAsSink extends Sink instanceof XPath::XPathExpressionString { }
/** A sanitizer for XPath injection. */
class XPathSanitizer extends Sanitizer instanceof XPath::Sanitizer { }
}

8
go/ql/lib/semmle/go/security/Xss.qll
View File

@@ -49,8 +49,8 @@ module SharedXss {
override Locatable getAssociatedLoc() { result = this.getRead().getEnclosingTextNode() }
}
private class DefaultSink extends Sink {
DefaultSink() { sinkNode(this, ["html-injection", "js-injection"]) }
private class ExternalSink extends Sink {
ExternalSink() { sinkNode(this, ["html-injection", "js-injection"]) }
}
/**
@@ -88,6 +88,10 @@ module SharedXss {
body.getAContentType().regexpMatch("(?i).*html.*")
}
private class ExternalSanitizer extends Sanitizer {
ExternalSanitizer() { barrierNode(this, ["html-injection", "js-injection"]) }
}
/**
* A JSON marshaler, acting to sanitize a possible XSS vulnerability because the
* marshaled value is very unlikely to be returned as an HTML content-type.

4
go/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 1.5.3
No user-facing changes.
## 1.5.2
No user-facing changes.

3
go/ql/src/change-notes/released/1.5.3.md Normal file
View File

@@ -0,0 +1,3 @@
## 1.5.3
No user-facing changes.

2
go/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.5.2
lastReleaseVersion: 1.5.3

2
go/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/go-queries
version: 1.5.3-dev
version: 1.5.4-dev
groups:
- go
- queries

4
java/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 7.8.3
No user-facing changes.
## 7.8.2
No user-facing changes.

Some files were not shown because too many files have changed in this diff Show More