mirror of
https://github.com/github/codeql.git
synced 2025-12-16 16:53:25 +01:00
Merge branch 'main' into equiv
This commit is contained in:
erik-krogh
2
.github/workflows/close-stale.yml
vendored
2
.github/workflows/close-stale.yml
vendored
@@ -12,7 +12,7 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- uses: actions/stale@v6
|
||||
- uses: actions/stale@v7
|
||||
with:
|
||||
repo-token: ${{ secrets.GITHUB_TOKEN }}
|
||||
stale-issue-message: 'This issue is stale because it has been open 14 days with no activity. Comment or remove the `Stale` label in order to avoid having this issue closed in 7 days.'
|
||||
|
||||
@@ -5,10 +5,18 @@
|
||||
* @id cpp/alert-suppression
|
||||
*/
|
||||
|
||||
private import codeql.suppression.AlertSuppression as AS
|
||||
private import codeql.util.suppression.AlertSuppression as AS
|
||||
private import semmle.code.cpp.Element
|
||||
|
||||
class SingleLineComment extends Comment {
|
||||
class AstNode extends Locatable {
|
||||
predicate hasLocationInfo(
|
||||
string filepath, int startline, int startcolumn, int endline, int endcolumn
|
||||
) {
|
||||
this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
|
||||
}
|
||||
}
|
||||
|
||||
class SingleLineComment extends Comment, AstNode {
|
||||
private string text;
|
||||
|
||||
SingleLineComment() {
|
||||
@@ -26,14 +34,8 @@ class SingleLineComment extends Comment {
|
||||
not text.matches("%\n%")
|
||||
}
|
||||
|
||||
predicate hasLocationInfo(
|
||||
string filepath, int startline, int startcolumn, int endline, int endcolumn
|
||||
) {
|
||||
this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
|
||||
}
|
||||
|
||||
/** Gets the text in this comment, excluding the leading //. */
|
||||
string getText() { result = text }
|
||||
}
|
||||
|
||||
import AS::Make<SingleLineComment>
|
||||
import AS::Make<AstNode, SingleLineComment>
|
||||
|
||||
4
cpp/ql/src/change-notes/2022-12-19-alert-suppressions.md
Normal file
4
cpp/ql/src/change-notes/2022-12-19-alert-suppressions.md
Normal file
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The `AlertSuppression.ql` query has been updated to support the new `// codeql[query-id]` supression comments. These comments can be used to suppress an alert and must be placed on a blank line before the alert. In addition the legacy `// lgtm` and `// lgtm[query-id]` comments can now also be place on the line before an alert.
|
||||
@@ -1,58 +1,122 @@
|
||||
| tst.c:1:12:1:18 | // lgtm | lgtm | lgtm | tst.c:1:1:1:18 | suppression range |
|
||||
| tst.c:2:1:2:30 | // lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:2:1:2:30 | suppression range |
|
||||
| tst.c:2:1:2:30 | // lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:3:0:3:0 | suppression range |
|
||||
| tst.c:3:1:3:61 | // lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | tst.c:3:1:3:61 | suppression range |
|
||||
| tst.c:3:1:3:61 | // lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | tst.c:4:0:4:0 | suppression range |
|
||||
| tst.c:4:1:4:22 | // lgtm[@tag:nullness] | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tst.c:4:1:4:22 | suppression range |
|
||||
| tst.c:4:1:4:22 | // lgtm[@tag:nullness] | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tst.c:5:0:5:0 | suppression range |
|
||||
| tst.c:5:1:5:44 | // lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | tst.c:5:1:5:44 | suppression range |
|
||||
| tst.c:5:1:5:44 | // lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | tst.c:6:0:6:0 | suppression range |
|
||||
| tst.c:6:1:6:28 | // lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | tst.c:6:1:6:28 | suppression range |
|
||||
| tst.c:6:1:6:28 | // lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | tst.c:7:0:7:0 | suppression range |
|
||||
| tst.c:7:1:7:70 | // lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] | tst.c:7:1:7:70 | suppression range |
|
||||
| tst.c:7:1:7:70 | // lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] | tst.c:8:0:8:0 | suppression range |
|
||||
| tst.c:8:1:8:18 | // lgtm: blah blah | lgtm: blah blah | lgtm | tst.c:8:1:8:18 | suppression range |
|
||||
| tst.c:8:1:8:18 | // lgtm: blah blah | lgtm: blah blah | lgtm | tst.c:9:0:9:0 | suppression range |
|
||||
| tst.c:9:1:9:32 | // lgtm blah blah #falsepositive | lgtm blah blah #falsepositive | lgtm | tst.c:9:1:9:32 | suppression range |
|
||||
| tst.c:9:1:9:32 | // lgtm blah blah #falsepositive | lgtm blah blah #falsepositive | lgtm | tst.c:10:0:10:0 | suppression range |
|
||||
| tst.c:10:1:10:39 | //lgtm [js/invocation-of-non-function] | lgtm [js/invocation-of-non-function] | lgtm [js/invocation-of-non-function] | tst.c:10:1:10:39 | suppression range |
|
||||
| tst.c:10:1:10:39 | //lgtm [js/invocation-of-non-function] | lgtm [js/invocation-of-non-function] | lgtm [js/invocation-of-non-function] | tst.c:11:0:11:0 | suppression range |
|
||||
| tst.c:11:1:11:10 | /* lgtm */ | lgtm | lgtm | tst.c:11:1:11:10 | suppression range |
|
||||
| tst.c:11:1:11:10 | /* lgtm */ | lgtm | lgtm | tst.c:12:0:12:0 | suppression range |
|
||||
| tst.c:12:1:12:9 | // lgtm[] | lgtm[] | lgtm[] | tst.c:12:1:12:9 | suppression range |
|
||||
| tst.c:12:1:12:9 | // lgtm[] | lgtm[] | lgtm[] | tst.c:13:0:13:0 | suppression range |
|
||||
| tst.c:14:1:14:6 | //lgtm | lgtm | lgtm | tst.c:14:1:14:6 | suppression range |
|
||||
| tst.c:14:1:14:6 | //lgtm | lgtm | lgtm | tst.c:15:0:15:0 | suppression range |
|
||||
| tst.c:15:1:15:7 | //\tlgtm | \tlgtm | lgtm | tst.c:15:1:15:7 | suppression range |
|
||||
| tst.c:15:1:15:7 | //\tlgtm | \tlgtm | lgtm | tst.c:16:0:16:0 | suppression range |
|
||||
| tst.c:16:1:16:31 | // lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | tst.c:16:1:16:31 | suppression range |
|
||||
| tst.c:16:1:16:31 | // lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | tst.c:17:0:17:0 | suppression range |
|
||||
| tst.c:19:1:19:12 | // foo; lgtm | foo; lgtm | lgtm | tst.c:19:1:19:12 | suppression range |
|
||||
| tst.c:19:1:19:12 | // foo; lgtm | foo; lgtm | lgtm | tst.c:20:0:20:0 | suppression range |
|
||||
| tst.c:20:1:20:35 | // foo; lgtm[js/debugger-statement] | foo; lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:20:1:20:35 | suppression range |
|
||||
| tst.c:20:1:20:35 | // foo; lgtm[js/debugger-statement] | foo; lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:21:0:21:0 | suppression range |
|
||||
| tst.c:22:1:22:34 | // foo lgtm[js/debugger-statement] | foo lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:22:1:22:34 | suppression range |
|
||||
| tst.c:22:1:22:34 | // foo lgtm[js/debugger-statement] | foo lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:23:0:23:0 | suppression range |
|
||||
| tst.c:24:1:24:38 | // foo lgtm[js/debugger-statement] bar | foo lgtm[js/debugger-statement] bar | lgtm[js/debugger-statement] | tst.c:24:1:24:38 | suppression range |
|
||||
| tst.c:24:1:24:38 | // foo lgtm[js/debugger-statement] bar | foo lgtm[js/debugger-statement] bar | lgtm[js/debugger-statement] | tst.c:25:0:25:0 | suppression range |
|
||||
| tst.c:25:1:25:8 | // LGTM! | LGTM! | LGTM | tst.c:25:1:25:8 | suppression range |
|
||||
| tst.c:25:1:25:8 | // LGTM! | LGTM! | LGTM | tst.c:26:0:26:0 | suppression range |
|
||||
| tst.c:26:1:26:30 | // LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | tst.c:26:1:26:30 | suppression range |
|
||||
| tst.c:26:1:26:30 | // LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | tst.c:27:0:27:0 | suppression range |
|
||||
| tst.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] | tst.c:27:1:27:70 | suppression range |
|
||||
| tst.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] | tst.c:28:0:28:0 | suppression range |
|
||||
| tst.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tst.c:27:1:27:70 | suppression range |
|
||||
| tst.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tst.c:28:0:28:0 | suppression range |
|
||||
| tst.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement]; lgtm | lgtm | tst.c:28:1:28:36 | suppression range |
|
||||
| tst.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement]; lgtm | lgtm | tst.c:29:0:29:0 | suppression range |
|
||||
| tst.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement] | tst.c:28:1:28:36 | suppression range |
|
||||
| tst.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement] | tst.c:29:0:29:0 | suppression range |
|
||||
| tst.c:29:1:29:12 | /* lgtm[] */ | lgtm[] | lgtm[] | tst.c:29:1:29:12 | suppression range |
|
||||
| tst.c:29:1:29:12 | /* lgtm[] */ | lgtm[] | lgtm[] | tst.c:30:0:30:0 | suppression range |
|
||||
| tst.c:30:1:30:41 | /* lgtm[js/invocation-of-non-function] */ | lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tst.c:30:1:30:41 | suppression range |
|
||||
| tst.c:30:1:30:41 | /* lgtm[js/invocation-of-non-function] */ | lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tst.c:31:0:31:0 | suppression range |
|
||||
| tst.c:36:1:36:55 | /* lgtm[@tag:nullness,js/invocation-of-non-function] */ | lgtm[@tag:nullness,js/invocation-of-non-function] | lgtm[@tag:nullness,js/invocation-of-non-function] | tst.c:36:1:36:55 | suppression range |
|
||||
| tst.c:36:1:36:55 | /* lgtm[@tag:nullness,js/invocation-of-non-function] */ | lgtm[@tag:nullness,js/invocation-of-non-function] | lgtm[@tag:nullness,js/invocation-of-non-function] | tst.c:37:0:37:0 | suppression range |
|
||||
| tst.c:37:1:37:25 | /* lgtm[@tag:nullness] */ | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tst.c:37:1:37:25 | suppression range |
|
||||
| tst.c:37:1:37:25 | /* lgtm[@tag:nullness] */ | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tst.c:38:0:38:0 | suppression range |
|
||||
| tst.c:38:1:38:32 | // codeql[js/debugger-statement] | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:39:0:39:0 | suppression range |
|
||||
| tst.c:39:1:39:32 | // CODEQL[js/debugger-statement] | CODEQL[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:40:0:40:0 | suppression range |
|
||||
| tst.c:40:1:40:69 | // codeql[js/debugger-statement] -- because I know better than codeql | codeql[js/debugger-statement] -- because I know better than codeql | lgtm[js/debugger-statement] | tst.c:41:0:41:0 | suppression range |
|
||||
| tst.c:41:1:41:35 | /* codeql[js/debugger-statement] */ | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:42:0:42:0 | suppression range |
|
||||
| tstWindows.c:1:12:1:18 | // lgtm | lgtm | lgtm | tstWindows.c:1:1:1:18 | suppression range |
|
||||
| tstWindows.c:2:1:2:30 | // lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:2:1:2:30 | suppression range |
|
||||
| tstWindows.c:2:1:2:30 | // lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:3:0:3:0 | suppression range |
|
||||
| tstWindows.c:3:1:3:61 | // lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | tstWindows.c:3:1:3:61 | suppression range |
|
||||
| tstWindows.c:3:1:3:61 | // lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | tstWindows.c:4:0:4:0 | suppression range |
|
||||
| tstWindows.c:4:1:4:22 | // lgtm[@tag:nullness] | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tstWindows.c:4:1:4:22 | suppression range |
|
||||
| tstWindows.c:4:1:4:22 | // lgtm[@tag:nullness] | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tstWindows.c:5:0:5:0 | suppression range |
|
||||
| tstWindows.c:5:1:5:44 | // lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | tstWindows.c:5:1:5:44 | suppression range |
|
||||
| tstWindows.c:5:1:5:44 | // lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | tstWindows.c:6:0:6:0 | suppression range |
|
||||
| tstWindows.c:6:1:6:28 | // lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | tstWindows.c:6:1:6:28 | suppression range |
|
||||
| tstWindows.c:6:1:6:28 | // lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | tstWindows.c:7:0:7:0 | suppression range |
|
||||
| tstWindows.c:7:1:7:70 | // lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] | tstWindows.c:7:1:7:70 | suppression range |
|
||||
| tstWindows.c:7:1:7:70 | // lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] | tstWindows.c:8:0:8:0 | suppression range |
|
||||
| tstWindows.c:8:1:8:18 | // lgtm: blah blah | lgtm: blah blah | lgtm | tstWindows.c:8:1:8:18 | suppression range |
|
||||
| tstWindows.c:8:1:8:18 | // lgtm: blah blah | lgtm: blah blah | lgtm | tstWindows.c:9:0:9:0 | suppression range |
|
||||
| tstWindows.c:9:1:9:32 | // lgtm blah blah #falsepositive | lgtm blah blah #falsepositive | lgtm | tstWindows.c:9:1:9:32 | suppression range |
|
||||
| tstWindows.c:9:1:9:32 | // lgtm blah blah #falsepositive | lgtm blah blah #falsepositive | lgtm | tstWindows.c:10:0:10:0 | suppression range |
|
||||
| tstWindows.c:10:1:10:39 | //lgtm [js/invocation-of-non-function] | lgtm [js/invocation-of-non-function] | lgtm [js/invocation-of-non-function] | tstWindows.c:10:1:10:39 | suppression range |
|
||||
| tstWindows.c:10:1:10:39 | //lgtm [js/invocation-of-non-function] | lgtm [js/invocation-of-non-function] | lgtm [js/invocation-of-non-function] | tstWindows.c:11:0:11:0 | suppression range |
|
||||
| tstWindows.c:11:1:11:10 | /* lgtm */ | lgtm | lgtm | tstWindows.c:11:1:11:10 | suppression range |
|
||||
| tstWindows.c:11:1:11:10 | /* lgtm */ | lgtm | lgtm | tstWindows.c:12:0:12:0 | suppression range |
|
||||
| tstWindows.c:12:1:12:9 | // lgtm[] | lgtm[] | lgtm[] | tstWindows.c:12:1:12:9 | suppression range |
|
||||
| tstWindows.c:12:1:12:9 | // lgtm[] | lgtm[] | lgtm[] | tstWindows.c:13:0:13:0 | suppression range |
|
||||
| tstWindows.c:14:1:14:6 | //lgtm | lgtm | lgtm | tstWindows.c:14:1:14:6 | suppression range |
|
||||
| tstWindows.c:14:1:14:6 | //lgtm | lgtm | lgtm | tstWindows.c:15:0:15:0 | suppression range |
|
||||
| tstWindows.c:15:1:15:7 | //\tlgtm | \tlgtm | lgtm | tstWindows.c:15:1:15:7 | suppression range |
|
||||
| tstWindows.c:15:1:15:7 | //\tlgtm | \tlgtm | lgtm | tstWindows.c:16:0:16:0 | suppression range |
|
||||
| tstWindows.c:16:1:16:31 | // lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | tstWindows.c:16:1:16:31 | suppression range |
|
||||
| tstWindows.c:16:1:16:31 | // lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | tstWindows.c:17:0:17:0 | suppression range |
|
||||
| tstWindows.c:19:1:19:12 | // foo; lgtm | foo; lgtm | lgtm | tstWindows.c:19:1:19:12 | suppression range |
|
||||
| tstWindows.c:19:1:19:12 | // foo; lgtm | foo; lgtm | lgtm | tstWindows.c:20:0:20:0 | suppression range |
|
||||
| tstWindows.c:20:1:20:35 | // foo; lgtm[js/debugger-statement] | foo; lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:20:1:20:35 | suppression range |
|
||||
| tstWindows.c:20:1:20:35 | // foo; lgtm[js/debugger-statement] | foo; lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:21:0:21:0 | suppression range |
|
||||
| tstWindows.c:22:1:22:34 | // foo lgtm[js/debugger-statement] | foo lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:22:1:22:34 | suppression range |
|
||||
| tstWindows.c:22:1:22:34 | // foo lgtm[js/debugger-statement] | foo lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:23:0:23:0 | suppression range |
|
||||
| tstWindows.c:24:1:24:38 | // foo lgtm[js/debugger-statement] bar | foo lgtm[js/debugger-statement] bar | lgtm[js/debugger-statement] | tstWindows.c:24:1:24:38 | suppression range |
|
||||
| tstWindows.c:24:1:24:38 | // foo lgtm[js/debugger-statement] bar | foo lgtm[js/debugger-statement] bar | lgtm[js/debugger-statement] | tstWindows.c:25:0:25:0 | suppression range |
|
||||
| tstWindows.c:25:1:25:8 | // LGTM! | LGTM! | LGTM | tstWindows.c:25:1:25:8 | suppression range |
|
||||
| tstWindows.c:25:1:25:8 | // LGTM! | LGTM! | LGTM | tstWindows.c:26:0:26:0 | suppression range |
|
||||
| tstWindows.c:26:1:26:30 | // LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | tstWindows.c:26:1:26:30 | suppression range |
|
||||
| tstWindows.c:26:1:26:30 | // LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | tstWindows.c:27:0:27:0 | suppression range |
|
||||
| tstWindows.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] | tstWindows.c:27:1:27:70 | suppression range |
|
||||
| tstWindows.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] | tstWindows.c:28:0:28:0 | suppression range |
|
||||
| tstWindows.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tstWindows.c:27:1:27:70 | suppression range |
|
||||
| tstWindows.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tstWindows.c:28:0:28:0 | suppression range |
|
||||
| tstWindows.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement]; lgtm | lgtm | tstWindows.c:28:1:28:36 | suppression range |
|
||||
| tstWindows.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement]; lgtm | lgtm | tstWindows.c:29:0:29:0 | suppression range |
|
||||
| tstWindows.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement] | tstWindows.c:28:1:28:36 | suppression range |
|
||||
| tstWindows.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement] | tstWindows.c:29:0:29:0 | suppression range |
|
||||
| tstWindows.c:29:1:29:12 | /* lgtm[] */ | lgtm[] | lgtm[] | tstWindows.c:29:1:29:12 | suppression range |
|
||||
| tstWindows.c:29:1:29:12 | /* lgtm[] */ | lgtm[] | lgtm[] | tstWindows.c:30:0:30:0 | suppression range |
|
||||
| tstWindows.c:30:1:30:41 | /* lgtm[js/invocation-of-non-function] */ | lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tstWindows.c:30:1:30:41 | suppression range |
|
||||
| tstWindows.c:30:1:30:41 | /* lgtm[js/invocation-of-non-function] */ | lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tstWindows.c:31:0:31:0 | suppression range |
|
||||
| tstWindows.c:36:1:36:55 | /* lgtm[@tag:nullness,js/invocation-of-non-function] */ | lgtm[@tag:nullness,js/invocation-of-non-function] | lgtm[@tag:nullness,js/invocation-of-non-function] | tstWindows.c:36:1:36:55 | suppression range |
|
||||
| tstWindows.c:36:1:36:55 | /* lgtm[@tag:nullness,js/invocation-of-non-function] */ | lgtm[@tag:nullness,js/invocation-of-non-function] | lgtm[@tag:nullness,js/invocation-of-non-function] | tstWindows.c:37:0:37:0 | suppression range |
|
||||
| tstWindows.c:37:1:37:25 | /* lgtm[@tag:nullness] */ | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tstWindows.c:37:1:37:25 | suppression range |
|
||||
| tstWindows.c:37:1:37:25 | /* lgtm[@tag:nullness] */ | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tstWindows.c:38:0:38:0 | suppression range |
|
||||
| tstWindows.c:38:1:38:32 | // codeql[js/debugger-statement] | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:39:0:39:0 | suppression range |
|
||||
| tstWindows.c:39:1:39:32 | // CODEQL[js/debugger-statement] | CODEQL[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:40:0:40:0 | suppression range |
|
||||
| tstWindows.c:40:1:40:69 | // codeql[js/debugger-statement] -- because I know better than codeql | codeql[js/debugger-statement] -- because I know better than codeql | lgtm[js/debugger-statement] | tstWindows.c:41:0:41:0 | suppression range |
|
||||
| tstWindows.c:41:1:41:35 | /* codeql[js/debugger-statement] */ | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:42:0:42:0 | suppression range |
|
||||
|
||||
@@ -34,4 +34,11 @@ int x = 0; // lgtm
|
||||
|
||||
*/
|
||||
/* lgtm[@tag:nullness,js/invocation-of-non-function] */
|
||||
/* lgtm[@tag:nullness] */
|
||||
/* lgtm[@tag:nullness] */
|
||||
// codeql[js/debugger-statement]
|
||||
// CODEQL[js/debugger-statement]
|
||||
// codeql[js/debugger-statement] -- because I know better than codeql
|
||||
/* codeql[js/debugger-statement] */
|
||||
/* codeql[js/debugger-statement]
|
||||
*/
|
||||
int y; // codeql[js/debugger-statement]
|
||||
|
||||
@@ -34,4 +34,11 @@ int x = 0; // lgtm
|
||||
|
||||
*/
|
||||
/* lgtm[@tag:nullness,js/invocation-of-non-function] */
|
||||
/* lgtm[@tag:nullness] */
|
||||
/* lgtm[@tag:nullness] */
|
||||
// codeql[js/debugger-statement]
|
||||
// CODEQL[js/debugger-statement]
|
||||
// codeql[js/debugger-statement] -- because I know better than codeql
|
||||
/* codeql[js/debugger-statement] */
|
||||
/* codeql[js/debugger-statement]
|
||||
*/
|
||||
int y; // codeql[js/debugger-statement]
|
||||
|
||||
@@ -260,6 +260,12 @@ module Public {
|
||||
* Holds if the neutral is auto generated.
|
||||
*/
|
||||
predicate isAutoGenerated() { neutralElement(this, true) }
|
||||
|
||||
/**
|
||||
* Holds if the neutral has the given provenance where `true` is
|
||||
* `generated` and `false` is `manual`.
|
||||
*/
|
||||
predicate hasProvenance(boolean generated) { neutralElement(this, generated) }
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -5,9 +5,17 @@
|
||||
* @id cs/alert-suppression
|
||||
*/
|
||||
|
||||
private import codeql.suppression.AlertSuppression as AS
|
||||
private import codeql.util.suppression.AlertSuppression as AS
|
||||
private import semmle.code.csharp.Comments
|
||||
|
||||
class AstNode extends Element {
|
||||
predicate hasLocationInfo(
|
||||
string filepath, int startline, int startcolumn, int endline, int endcolumn
|
||||
) {
|
||||
this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
|
||||
}
|
||||
}
|
||||
|
||||
class SingleLineComment extends CommentLine {
|
||||
SingleLineComment() {
|
||||
// Must be either `// ...` or `/* ... */` on a single line.
|
||||
@@ -21,4 +29,4 @@ class SingleLineComment extends CommentLine {
|
||||
}
|
||||
}
|
||||
|
||||
import AS::Make<SingleLineComment>
|
||||
import AS::Make<AstNode, SingleLineComment>
|
||||
|
||||
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The `AlertSuppression.ql` query has been updated to support the new `// codeql[query-id]` supression comments. These comments can be used to suppress an alert and must be placed on a blank line before the alert. In addition the legacy `// lgtm` and `// lgtm[query-id]` comments can now also be place on the line before an alert.
|
||||
@@ -26,3 +26,11 @@ class Dead { } // lgtm
|
||||
// LGTM[cs/unused-reftype]
|
||||
// lgtm[cs/unused-reftype] and lgtm[cs/unused-field]
|
||||
// lgtm[cs/unused-reftype]; lgtm
|
||||
// codeql[js/debugger-statement]
|
||||
// CODEQL[js/debugger-statement]
|
||||
// codeql[js/debugger-statement] -- because I know better than codeql
|
||||
/* codeql[js/debugger-statement] */
|
||||
/* codeql[js/debugger-statement]
|
||||
*/
|
||||
class End { } // codeql[js/debugger-statement]
|
||||
|
||||
|
||||
@@ -1,54 +1,114 @@
|
||||
| AlertSuppression.cs:1:16:1:22 | // ... | lgtm | lgtm | AlertSuppression.cs:1:1:1:22 | suppression range |
|
||||
| AlertSuppression.cs:2:1:2:26 | // ... | lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppression.cs:2:1:2:26 | suppression range |
|
||||
| AlertSuppression.cs:2:1:2:26 | // ... | lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppression.cs:3:0:3:0 | suppression range |
|
||||
| AlertSuppression.cs:3:1:3:43 | // ... | lgtm[cs/unused-reftype, cs/unused-field] | lgtm[cs/unused-reftype, cs/unused-field] | AlertSuppression.cs:3:1:3:43 | suppression range |
|
||||
| AlertSuppression.cs:3:1:3:43 | // ... | lgtm[cs/unused-reftype, cs/unused-field] | lgtm[cs/unused-reftype, cs/unused-field] | AlertSuppression.cs:4:0:4:0 | suppression range |
|
||||
| AlertSuppression.cs:4:1:4:22 | // ... | lgtm[@tag:nullness] | lgtm[@tag:nullness] | AlertSuppression.cs:4:1:4:22 | suppression range |
|
||||
| AlertSuppression.cs:4:1:4:22 | // ... | lgtm[@tag:nullness] | lgtm[@tag:nullness] | AlertSuppression.cs:5:0:5:0 | suppression range |
|
||||
| AlertSuppression.cs:5:1:5:44 | // ... | lgtm[@tag:useless-code,cs/unused-reftype] | lgtm[@tag:useless-code,cs/unused-reftype] | AlertSuppression.cs:5:1:5:44 | suppression range |
|
||||
| AlertSuppression.cs:5:1:5:44 | // ... | lgtm[@tag:useless-code,cs/unused-reftype] | lgtm[@tag:useless-code,cs/unused-reftype] | AlertSuppression.cs:6:0:6:0 | suppression range |
|
||||
| AlertSuppression.cs:6:1:6:28 | // ... | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | AlertSuppression.cs:6:1:6:28 | suppression range |
|
||||
| AlertSuppression.cs:6:1:6:28 | // ... | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | AlertSuppression.cs:7:0:7:0 | suppression range |
|
||||
| AlertSuppression.cs:7:1:7:58 | // ... | lgtm[cs/unused-reftype] because I know better than lgtm | lgtm[cs/unused-reftype] | AlertSuppression.cs:7:1:7:58 | suppression range |
|
||||
| AlertSuppression.cs:7:1:7:58 | // ... | lgtm[cs/unused-reftype] because I know better than lgtm | lgtm[cs/unused-reftype] | AlertSuppression.cs:8:0:8:0 | suppression range |
|
||||
| AlertSuppression.cs:8:1:8:18 | // ... | lgtm: blah blah | lgtm | AlertSuppression.cs:8:1:8:18 | suppression range |
|
||||
| AlertSuppression.cs:8:1:8:18 | // ... | lgtm: blah blah | lgtm | AlertSuppression.cs:9:0:9:0 | suppression range |
|
||||
| AlertSuppression.cs:9:1:9:32 | // ... | lgtm blah blah #falsepositive | lgtm | AlertSuppression.cs:9:1:9:32 | suppression range |
|
||||
| AlertSuppression.cs:9:1:9:32 | // ... | lgtm blah blah #falsepositive | lgtm | AlertSuppression.cs:10:0:10:0 | suppression range |
|
||||
| AlertSuppression.cs:10:1:10:27 | // ... | lgtm [cs/unused-reftype] | lgtm [cs/unused-reftype] | AlertSuppression.cs:10:1:10:27 | suppression range |
|
||||
| AlertSuppression.cs:10:1:10:27 | // ... | lgtm [cs/unused-reftype] | lgtm [cs/unused-reftype] | AlertSuppression.cs:11:0:11:0 | suppression range |
|
||||
| AlertSuppression.cs:11:1:11:10 | /* ... */ | lgtm | lgtm | AlertSuppression.cs:11:1:11:10 | suppression range |
|
||||
| AlertSuppression.cs:11:1:11:10 | /* ... */ | lgtm | lgtm | AlertSuppression.cs:12:0:12:0 | suppression range |
|
||||
| AlertSuppression.cs:12:1:12:9 | // ... | lgtm[] | lgtm[] | AlertSuppression.cs:12:1:12:9 | suppression range |
|
||||
| AlertSuppression.cs:12:1:12:9 | // ... | lgtm[] | lgtm[] | AlertSuppression.cs:13:0:13:0 | suppression range |
|
||||
| AlertSuppression.cs:14:1:14:6 | // ... | lgtm | lgtm | AlertSuppression.cs:14:1:14:6 | suppression range |
|
||||
| AlertSuppression.cs:14:1:14:6 | // ... | lgtm | lgtm | AlertSuppression.cs:15:0:15:0 | suppression range |
|
||||
| AlertSuppression.cs:15:1:15:8 | // ... | lgtm | lgtm | AlertSuppression.cs:15:1:15:8 | suppression range |
|
||||
| AlertSuppression.cs:15:1:15:8 | // ... | lgtm | lgtm | AlertSuppression.cs:16:0:16:0 | suppression range |
|
||||
| AlertSuppression.cs:16:1:16:27 | // ... | lgtm [cs/unused-reftype] | lgtm [cs/unused-reftype] | AlertSuppression.cs:16:1:16:27 | suppression range |
|
||||
| AlertSuppression.cs:16:1:16:27 | // ... | lgtm [cs/unused-reftype] | lgtm [cs/unused-reftype] | AlertSuppression.cs:17:0:17:0 | suppression range |
|
||||
| AlertSuppression.cs:19:1:19:12 | // ... | foo; lgtm | lgtm | AlertSuppression.cs:19:1:19:12 | suppression range |
|
||||
| AlertSuppression.cs:19:1:19:12 | // ... | foo; lgtm | lgtm | AlertSuppression.cs:20:0:20:0 | suppression range |
|
||||
| AlertSuppression.cs:20:1:20:31 | // ... | foo; lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppression.cs:20:1:20:31 | suppression range |
|
||||
| AlertSuppression.cs:20:1:20:31 | // ... | foo; lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppression.cs:21:0:21:0 | suppression range |
|
||||
| AlertSuppression.cs:22:1:22:30 | // ... | foo lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppression.cs:22:1:22:30 | suppression range |
|
||||
| AlertSuppression.cs:22:1:22:30 | // ... | foo lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppression.cs:23:0:23:0 | suppression range |
|
||||
| AlertSuppression.cs:24:1:24:34 | // ... | foo lgtm[cs/unused-reftype] bar | lgtm[cs/unused-reftype] | AlertSuppression.cs:24:1:24:34 | suppression range |
|
||||
| AlertSuppression.cs:24:1:24:34 | // ... | foo lgtm[cs/unused-reftype] bar | lgtm[cs/unused-reftype] | AlertSuppression.cs:25:0:25:0 | suppression range |
|
||||
| AlertSuppression.cs:25:1:25:8 | // ... | LGTM! | LGTM | AlertSuppression.cs:25:1:25:8 | suppression range |
|
||||
| AlertSuppression.cs:25:1:25:8 | // ... | LGTM! | LGTM | AlertSuppression.cs:26:0:26:0 | suppression range |
|
||||
| AlertSuppression.cs:26:1:26:26 | // ... | LGTM[cs/unused-reftype] | LGTM[cs/unused-reftype] | AlertSuppression.cs:26:1:26:26 | suppression range |
|
||||
| AlertSuppression.cs:26:1:26:26 | // ... | LGTM[cs/unused-reftype] | LGTM[cs/unused-reftype] | AlertSuppression.cs:27:0:27:0 | suppression range |
|
||||
| AlertSuppression.cs:27:1:27:52 | // ... | lgtm[cs/unused-reftype] and lgtm[cs/unused-field] | lgtm[cs/unused-field] | AlertSuppression.cs:27:1:27:52 | suppression range |
|
||||
| AlertSuppression.cs:27:1:27:52 | // ... | lgtm[cs/unused-reftype] and lgtm[cs/unused-field] | lgtm[cs/unused-field] | AlertSuppression.cs:28:0:28:0 | suppression range |
|
||||
| AlertSuppression.cs:27:1:27:52 | // ... | lgtm[cs/unused-reftype] and lgtm[cs/unused-field] | lgtm[cs/unused-reftype] | AlertSuppression.cs:27:1:27:52 | suppression range |
|
||||
| AlertSuppression.cs:27:1:27:52 | // ... | lgtm[cs/unused-reftype] and lgtm[cs/unused-field] | lgtm[cs/unused-reftype] | AlertSuppression.cs:28:0:28:0 | suppression range |
|
||||
| AlertSuppression.cs:28:1:28:32 | // ... | lgtm[cs/unused-reftype]; lgtm | lgtm | AlertSuppression.cs:28:1:28:32 | suppression range |
|
||||
| AlertSuppression.cs:28:1:28:32 | // ... | lgtm[cs/unused-reftype]; lgtm | lgtm | AlertSuppression.cs:29:0:29:0 | suppression range |
|
||||
| AlertSuppression.cs:28:1:28:32 | // ... | lgtm[cs/unused-reftype]; lgtm | lgtm[cs/unused-reftype] | AlertSuppression.cs:28:1:28:32 | suppression range |
|
||||
| AlertSuppression.cs:28:1:28:32 | // ... | lgtm[cs/unused-reftype]; lgtm | lgtm[cs/unused-reftype] | AlertSuppression.cs:29:0:29:0 | suppression range |
|
||||
| AlertSuppression.cs:29:1:29:32 | // ... | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | AlertSuppression.cs:30:0:30:0 | suppression range |
|
||||
| AlertSuppression.cs:30:1:30:32 | // ... | CODEQL[js/debugger-statement] | lgtm[js/debugger-statement] | AlertSuppression.cs:31:0:31:0 | suppression range |
|
||||
| AlertSuppression.cs:31:1:31:69 | // ... | codeql[js/debugger-statement] -- because I know better than codeql | lgtm[js/debugger-statement] | AlertSuppression.cs:32:0:32:0 | suppression range |
|
||||
| AlertSuppression.cs:32:1:32:35 | /* ... */ | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | AlertSuppression.cs:33:0:33:0 | suppression range |
|
||||
| AlertSuppressionWindows.cs:1:17:1:23 | // ... | lgtm | lgtm | AlertSuppressionWindows.cs:1:1:1:23 | suppression range |
|
||||
| AlertSuppressionWindows.cs:2:1:2:26 | // ... | lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:2:1:2:26 | suppression range |
|
||||
| AlertSuppressionWindows.cs:2:1:2:26 | // ... | lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:3:0:3:0 | suppression range |
|
||||
| AlertSuppressionWindows.cs:3:1:3:43 | // ... | lgtm[cs/unused-reftype, cs/unused-field] | lgtm[cs/unused-reftype, cs/unused-field] | AlertSuppressionWindows.cs:3:1:3:43 | suppression range |
|
||||
| AlertSuppressionWindows.cs:3:1:3:43 | // ... | lgtm[cs/unused-reftype, cs/unused-field] | lgtm[cs/unused-reftype, cs/unused-field] | AlertSuppressionWindows.cs:4:0:4:0 | suppression range |
|
||||
| AlertSuppressionWindows.cs:4:1:4:22 | // ... | lgtm[@tag:nullness] | lgtm[@tag:nullness] | AlertSuppressionWindows.cs:4:1:4:22 | suppression range |
|
||||
| AlertSuppressionWindows.cs:4:1:4:22 | // ... | lgtm[@tag:nullness] | lgtm[@tag:nullness] | AlertSuppressionWindows.cs:5:0:5:0 | suppression range |
|
||||
| AlertSuppressionWindows.cs:5:1:5:44 | // ... | lgtm[@tag:useless-code,cs/unused-reftype] | lgtm[@tag:useless-code,cs/unused-reftype] | AlertSuppressionWindows.cs:5:1:5:44 | suppression range |
|
||||
| AlertSuppressionWindows.cs:5:1:5:44 | // ... | lgtm[@tag:useless-code,cs/unused-reftype] | lgtm[@tag:useless-code,cs/unused-reftype] | AlertSuppressionWindows.cs:6:0:6:0 | suppression range |
|
||||
| AlertSuppressionWindows.cs:6:1:6:28 | // ... | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | AlertSuppressionWindows.cs:6:1:6:28 | suppression range |
|
||||
| AlertSuppressionWindows.cs:6:1:6:28 | // ... | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | AlertSuppressionWindows.cs:7:0:7:0 | suppression range |
|
||||
| AlertSuppressionWindows.cs:7:1:7:58 | // ... | lgtm[cs/unused-reftype] because I know better than lgtm | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:7:1:7:58 | suppression range |
|
||||
| AlertSuppressionWindows.cs:7:1:7:58 | // ... | lgtm[cs/unused-reftype] because I know better than lgtm | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:8:0:8:0 | suppression range |
|
||||
| AlertSuppressionWindows.cs:8:1:8:18 | // ... | lgtm: blah blah | lgtm | AlertSuppressionWindows.cs:8:1:8:18 | suppression range |
|
||||
| AlertSuppressionWindows.cs:8:1:8:18 | // ... | lgtm: blah blah | lgtm | AlertSuppressionWindows.cs:9:0:9:0 | suppression range |
|
||||
| AlertSuppressionWindows.cs:9:1:9:32 | // ... | lgtm blah blah #falsepositive | lgtm | AlertSuppressionWindows.cs:9:1:9:32 | suppression range |
|
||||
| AlertSuppressionWindows.cs:9:1:9:32 | // ... | lgtm blah blah #falsepositive | lgtm | AlertSuppressionWindows.cs:10:0:10:0 | suppression range |
|
||||
| AlertSuppressionWindows.cs:10:1:10:27 | // ... | lgtm [cs/unused-reftype] | lgtm [cs/unused-reftype] | AlertSuppressionWindows.cs:10:1:10:27 | suppression range |
|
||||
| AlertSuppressionWindows.cs:10:1:10:27 | // ... | lgtm [cs/unused-reftype] | lgtm [cs/unused-reftype] | AlertSuppressionWindows.cs:11:0:11:0 | suppression range |
|
||||
| AlertSuppressionWindows.cs:11:1:11:10 | /* ... */ | lgtm | lgtm | AlertSuppressionWindows.cs:11:1:11:10 | suppression range |
|
||||
| AlertSuppressionWindows.cs:11:1:11:10 | /* ... */ | lgtm | lgtm | AlertSuppressionWindows.cs:12:0:12:0 | suppression range |
|
||||
| AlertSuppressionWindows.cs:12:1:12:9 | // ... | lgtm[] | lgtm[] | AlertSuppressionWindows.cs:12:1:12:9 | suppression range |
|
||||
| AlertSuppressionWindows.cs:12:1:12:9 | // ... | lgtm[] | lgtm[] | AlertSuppressionWindows.cs:13:0:13:0 | suppression range |
|
||||
| AlertSuppressionWindows.cs:14:1:14:6 | // ... | lgtm | lgtm | AlertSuppressionWindows.cs:14:1:14:6 | suppression range |
|
||||
| AlertSuppressionWindows.cs:14:1:14:6 | // ... | lgtm | lgtm | AlertSuppressionWindows.cs:15:0:15:0 | suppression range |
|
||||
| AlertSuppressionWindows.cs:15:1:15:8 | // ... | lgtm | lgtm | AlertSuppressionWindows.cs:15:1:15:8 | suppression range |
|
||||
| AlertSuppressionWindows.cs:15:1:15:8 | // ... | lgtm | lgtm | AlertSuppressionWindows.cs:16:0:16:0 | suppression range |
|
||||
| AlertSuppressionWindows.cs:16:1:16:27 | // ... | lgtm [cs/unused-reftype] | lgtm [cs/unused-reftype] | AlertSuppressionWindows.cs:16:1:16:27 | suppression range |
|
||||
| AlertSuppressionWindows.cs:16:1:16:27 | // ... | lgtm [cs/unused-reftype] | lgtm [cs/unused-reftype] | AlertSuppressionWindows.cs:17:0:17:0 | suppression range |
|
||||
| AlertSuppressionWindows.cs:19:1:19:12 | // ... | foo; lgtm | lgtm | AlertSuppressionWindows.cs:19:1:19:12 | suppression range |
|
||||
| AlertSuppressionWindows.cs:19:1:19:12 | // ... | foo; lgtm | lgtm | AlertSuppressionWindows.cs:20:0:20:0 | suppression range |
|
||||
| AlertSuppressionWindows.cs:20:1:20:31 | // ... | foo; lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:20:1:20:31 | suppression range |
|
||||
| AlertSuppressionWindows.cs:20:1:20:31 | // ... | foo; lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:21:0:21:0 | suppression range |
|
||||
| AlertSuppressionWindows.cs:22:1:22:30 | // ... | foo lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:22:1:22:30 | suppression range |
|
||||
| AlertSuppressionWindows.cs:22:1:22:30 | // ... | foo lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:23:0:23:0 | suppression range |
|
||||
| AlertSuppressionWindows.cs:24:1:24:34 | // ... | foo lgtm[cs/unused-reftype] bar | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:24:1:24:34 | suppression range |
|
||||
| AlertSuppressionWindows.cs:24:1:24:34 | // ... | foo lgtm[cs/unused-reftype] bar | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:25:0:25:0 | suppression range |
|
||||
| AlertSuppressionWindows.cs:25:1:25:8 | // ... | LGTM! | LGTM | AlertSuppressionWindows.cs:25:1:25:8 | suppression range |
|
||||
| AlertSuppressionWindows.cs:25:1:25:8 | // ... | LGTM! | LGTM | AlertSuppressionWindows.cs:26:0:26:0 | suppression range |
|
||||
| AlertSuppressionWindows.cs:26:1:26:26 | // ... | LGTM[cs/unused-reftype] | LGTM[cs/unused-reftype] | AlertSuppressionWindows.cs:26:1:26:26 | suppression range |
|
||||
| AlertSuppressionWindows.cs:26:1:26:26 | // ... | LGTM[cs/unused-reftype] | LGTM[cs/unused-reftype] | AlertSuppressionWindows.cs:27:0:27:0 | suppression range |
|
||||
| AlertSuppressionWindows.cs:27:1:27:52 | // ... | lgtm[cs/unused-reftype] and lgtm[cs/unused-field] | lgtm[cs/unused-field] | AlertSuppressionWindows.cs:27:1:27:52 | suppression range |
|
||||
| AlertSuppressionWindows.cs:27:1:27:52 | // ... | lgtm[cs/unused-reftype] and lgtm[cs/unused-field] | lgtm[cs/unused-field] | AlertSuppressionWindows.cs:28:0:28:0 | suppression range |
|
||||
| AlertSuppressionWindows.cs:27:1:27:52 | // ... | lgtm[cs/unused-reftype] and lgtm[cs/unused-field] | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:27:1:27:52 | suppression range |
|
||||
| AlertSuppressionWindows.cs:27:1:27:52 | // ... | lgtm[cs/unused-reftype] and lgtm[cs/unused-field] | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:28:0:28:0 | suppression range |
|
||||
| AlertSuppressionWindows.cs:28:1:28:32 | // ... | lgtm[cs/unused-reftype]; lgtm | lgtm | AlertSuppressionWindows.cs:28:1:28:32 | suppression range |
|
||||
| AlertSuppressionWindows.cs:28:1:28:32 | // ... | lgtm[cs/unused-reftype]; lgtm | lgtm | AlertSuppressionWindows.cs:29:0:29:0 | suppression range |
|
||||
| AlertSuppressionWindows.cs:28:1:28:32 | // ... | lgtm[cs/unused-reftype]; lgtm | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:28:1:28:32 | suppression range |
|
||||
| AlertSuppressionWindows.cs:28:1:28:32 | // ... | lgtm[cs/unused-reftype]; lgtm | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:29:0:29:0 | suppression range |
|
||||
| AlertSuppressionWindows.cs:29:1:29:12 | /* ... */ | lgtm[] | lgtm[] | AlertSuppressionWindows.cs:29:1:29:12 | suppression range |
|
||||
| AlertSuppressionWindows.cs:29:1:29:12 | /* ... */ | lgtm[] | lgtm[] | AlertSuppressionWindows.cs:30:0:30:0 | suppression range |
|
||||
| AlertSuppressionWindows.cs:30:1:30:29 | /* ... */ | lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:30:1:30:29 | suppression range |
|
||||
| AlertSuppressionWindows.cs:30:1:30:29 | /* ... */ | lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:31:0:31:0 | suppression range |
|
||||
| AlertSuppressionWindows.cs:35:1:35:43 | /* ... */ | lgtm[@tag:nullness,cs/unused-reftype] | lgtm[@tag:nullness,cs/unused-reftype] | AlertSuppressionWindows.cs:35:1:35:43 | suppression range |
|
||||
| AlertSuppressionWindows.cs:35:1:35:43 | /* ... */ | lgtm[@tag:nullness,cs/unused-reftype] | lgtm[@tag:nullness,cs/unused-reftype] | AlertSuppressionWindows.cs:36:0:36:0 | suppression range |
|
||||
| AlertSuppressionWindows.cs:36:1:36:25 | /* ... */ | lgtm[@tag:nullness] | lgtm[@tag:nullness] | AlertSuppressionWindows.cs:36:1:36:25 | suppression range |
|
||||
| AlertSuppressionWindows.cs:36:1:36:25 | /* ... */ | lgtm[@tag:nullness] | lgtm[@tag:nullness] | AlertSuppressionWindows.cs:37:0:37:0 | suppression range |
|
||||
| AlertSuppressionWindows.cs:37:1:37:32 | // ... | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | AlertSuppressionWindows.cs:38:0:38:0 | suppression range |
|
||||
| AlertSuppressionWindows.cs:38:1:38:32 | // ... | CODEQL[js/debugger-statement] | lgtm[js/debugger-statement] | AlertSuppressionWindows.cs:39:0:39:0 | suppression range |
|
||||
| AlertSuppressionWindows.cs:39:1:39:69 | // ... | codeql[js/debugger-statement] -- because I know better than codeql | lgtm[js/debugger-statement] | AlertSuppressionWindows.cs:40:0:40:0 | suppression range |
|
||||
| AlertSuppressionWindows.cs:40:1:40:35 | /* ... */ | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | AlertSuppressionWindows.cs:41:0:41:0 | suppression range |
|
||||
|
||||
@@ -34,3 +34,11 @@ class Dead2 { } // lgtm
|
||||
*/
|
||||
/* lgtm[@tag:nullness,cs/unused-reftype] */
|
||||
/* lgtm[@tag:nullness] */
|
||||
// codeql[js/debugger-statement]
|
||||
// CODEQL[js/debugger-statement]
|
||||
// codeql[js/debugger-statement] -- because I know better than codeql
|
||||
/* codeql[js/debugger-statement] */
|
||||
/* codeql[js/debugger-statement]
|
||||
*/
|
||||
class End2 { } // codeql[js/debugger-statement]
|
||||
|
||||
|
||||
@@ -260,6 +260,12 @@ module Public {
|
||||
* Holds if the neutral is auto generated.
|
||||
*/
|
||||
predicate isAutoGenerated() { neutralElement(this, true) }
|
||||
|
||||
/**
|
||||
* Holds if the neutral has the given provenance where `true` is
|
||||
* `generated` and `false` is `manual`.
|
||||
*/
|
||||
predicate hasProvenance(boolean generated) { neutralElement(this, generated) }
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
* @id go/alert-suppression
|
||||
*/
|
||||
|
||||
private import codeql.suppression.AlertSuppression as AS
|
||||
private import codeql.util.suppression.AlertSuppression as AS
|
||||
private import semmle.go.Comments as G
|
||||
|
||||
class SingleLineComment extends G::Comment {
|
||||
@@ -15,4 +15,4 @@ class SingleLineComment extends G::Comment {
|
||||
}
|
||||
}
|
||||
|
||||
import AS::Make<SingleLineComment>
|
||||
import AS::Make<G::Locatable, SingleLineComment>
|
||||
|
||||
4
go/ql/src/change-notes/2022-12-19-alert-suppressions.md
Normal file
4
go/ql/src/change-notes/2022-12-19-alert-suppressions.md
Normal file
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The `AlertSuppression.ql` query has been updated to support the new `// codeql[query-id]` supression comments. These comments can be used to suppress an alert and must be placed on a blank line before the alert. In addition the legacy `// lgtm` and `// lgtm[query-id]` comments can now also be place on the line before an alert.
|
||||
@@ -29,6 +29,10 @@
|
||||
| tst.go:37:8:37:42 | comment | lgtm[go/redundant-assignment] | lgtm[go/redundant-assignment] | tst.go:37:1:37:42 | suppression range |
|
||||
| tst.go:43:8:43:56 | comment | lgtm[@tag:nullness,go/redundant-assignment] | lgtm[@tag:nullness,go/redundant-assignment] | tst.go:43:1:43:56 | suppression range |
|
||||
| tst.go:44:8:44:32 | comment | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tst.go:44:1:44:32 | suppression range |
|
||||
| tst.go:45:2:45:33 | comment | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | tst.go:46:0:46:0 | suppression range |
|
||||
| tst.go:47:2:47:33 | comment | CODEQL[js/debugger-statement] | lgtm[js/debugger-statement] | tst.go:48:0:48:0 | suppression range |
|
||||
| tst.go:49:2:49:70 | comment | codeql[js/debugger-statement] -- because I know better than codeql | lgtm[js/debugger-statement] | tst.go:50:0:50:0 | suppression range |
|
||||
| tst.go:51:2:51:36 | comment | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | tst.go:52:0:52:0 | suppression range |
|
||||
| tstWindows.go:7:8:7:14 | comment | lgtm | lgtm | tstWindows.go:7:1:7:14 | suppression range |
|
||||
| tstWindows.go:8:8:8:39 | comment | lgtm[go/redundant-assignment] | lgtm[go/redundant-assignment] | tstWindows.go:8:1:8:39 | suppression range |
|
||||
| tstWindows.go:9:8:9:39 | comment | lgtm[go/redundant-assignment] | lgtm[go/redundant-assignment] | tstWindows.go:9:1:9:39 | suppression range |
|
||||
@@ -59,3 +63,7 @@
|
||||
| tstWindows.go:37:8:37:42 | comment | lgtm[go/redundant-assignment] | lgtm[go/redundant-assignment] | tstWindows.go:37:1:37:42 | suppression range |
|
||||
| tstWindows.go:43:8:43:56 | comment | lgtm[@tag:nullness,go/redundant-assignment] | lgtm[@tag:nullness,go/redundant-assignment] | tstWindows.go:43:1:43:56 | suppression range |
|
||||
| tstWindows.go:44:8:44:32 | comment | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tstWindows.go:44:1:44:32 | suppression range |
|
||||
| tstWindows.go:45:2:45:33 | comment | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.go:46:0:46:0 | suppression range |
|
||||
| tstWindows.go:47:2:47:33 | comment | CODEQL[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.go:48:0:48:0 | suppression range |
|
||||
| tstWindows.go:49:2:49:70 | comment | codeql[js/debugger-statement] -- because I know better than codeql | lgtm[js/debugger-statement] | tstWindows.go:50:0:50:0 | suppression range |
|
||||
| tstWindows.go:51:2:51:36 | comment | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.go:52:0:52:0 | suppression range |
|
||||
|
||||
@@ -42,4 +42,16 @@ func main() {
|
||||
*/
|
||||
x = x /* lgtm[@tag:nullness,go/redundant-assignment] */
|
||||
x = x /* lgtm[@tag:nullness] */
|
||||
// codeql[js/debugger-statement]
|
||||
x = x
|
||||
// CODEQL[js/debugger-statement]
|
||||
x = x
|
||||
// codeql[js/debugger-statement] -- because I know better than codeql
|
||||
x = x
|
||||
/* codeql[js/debugger-statement] */
|
||||
x = x
|
||||
/* codeql[js/debugger-statement]
|
||||
*/
|
||||
x = x
|
||||
x = x // codeql[js/debugger-statement]
|
||||
}
|
||||
|
||||
@@ -42,4 +42,17 @@ func winMain() {
|
||||
*/
|
||||
x = x /* lgtm[@tag:nullness,go/redundant-assignment] */
|
||||
x = x /* lgtm[@tag:nullness] */
|
||||
}
|
||||
// codeql[js/debugger-statement]
|
||||
x = x
|
||||
// CODEQL[js/debugger-statement]
|
||||
x = x
|
||||
// codeql[js/debugger-statement] -- because I know better than codeql
|
||||
x = x
|
||||
/* codeql[js/debugger-statement] */
|
||||
x = x
|
||||
/* codeql[js/debugger-statement]
|
||||
*/
|
||||
x = x
|
||||
x = x // codeql[js/debugger-statement]
|
||||
}
|
||||
|
||||
|
||||
@@ -39,10 +39,11 @@ jakarta.ws.rs.container,,9,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,,
|
||||
jakarta.ws.rs.core,2,,149,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,94,55
|
||||
java.beans,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
|
||||
java.io,37,,40,,15,,,,,,,,,,,,,,,,,,,,,,,,,,,22,,,,,,,,40,
|
||||
java.lang,13,,66,,,,,,,,,,,,8,,,,,,4,,,1,,,,,,,,,,,,,,,,54,12
|
||||
java.lang,13,,75,,,,,,,,,,,,8,,,,,,4,,,1,,,,,,,,,,,,,,,,56,19
|
||||
java.math,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
|
||||
java.net,10,3,7,,,,,,,,,,,,,,,10,,,,,,,,,,,,,,,,,,,,,3,7,
|
||||
java.nio,15,,16,,13,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,16,
|
||||
java.sql,11,,,,,,,,,,4,,,,,,,,,,,,,,,,,7,,,,,,,,,,,,,
|
||||
java.sql,11,,1,,,,,,,,4,,,,,,,,,,,,,,,,,7,,,,,,,,,,,,1,
|
||||
java.util,44,,461,,,,,,,,,,,,34,,,,,,,5,2,,1,2,,,,,,,,,,,,,,36,425
|
||||
javax.faces.context,2,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,7,,
|
||||
javax.jms,,9,57,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,57,
|
||||
|
||||
|
@@ -18,10 +18,10 @@ Java framework & library support
|
||||
`Google Guava <https://guava.dev/>`_,``com.google.common.*``,,728,39,,6,,,,,
|
||||
JBoss Logging,``org.jboss.logging``,,,324,,,,,,,
|
||||
`JSON-java <https://github.com/stleary/JSON-java>`_,``org.json``,,236,,,,,,,,
|
||||
Java Standard Library,``java.*``,3,591,130,28,,,7,,,10
|
||||
Java Standard Library,``java.*``,3,602,130,28,,,7,,,10
|
||||
Java extensions,"``javax.*``, ``jakarta.*``",63,609,32,,,4,,1,1,2
|
||||
Kotlin Standard Library,``kotlin*``,,1835,12,10,,,,,,2
|
||||
`Spring <https://spring.io/>`_,``org.springframework.*``,29,477,101,,,,19,14,,29
|
||||
Others,"``cn.hutool.core.codec``, ``com.esotericsoftware.kryo.io``, ``com.esotericsoftware.kryo5.io``, ``com.fasterxml.jackson.core``, ``com.fasterxml.jackson.databind``, ``com.hubspot.jinjava``, ``com.mitchellbosecke.pebble``, ``com.opensymphony.xwork2.ognl``, ``com.rabbitmq.client``, ``com.unboundid.ldap.sdk``, ``com.zaxxer.hikari``, ``flexjson``, ``freemarker.cache``, ``freemarker.template``, ``groovy.lang``, ``groovy.util``, ``jodd.json``, ``net.sf.saxon.s9api``, ``ognl``, ``okhttp3``, ``org.apache.commons.codec``, ``org.apache.commons.jexl2``, ``org.apache.commons.jexl3``, ``org.apache.commons.logging``, ``org.apache.commons.ognl``, ``org.apache.directory.ldap.client.api``, ``org.apache.ibatis.jdbc``, ``org.apache.log4j``, ``org.apache.shiro.codec``, ``org.apache.shiro.jndi``, ``org.apache.velocity.app``, ``org.apache.velocity.runtime``, ``org.codehaus.groovy.control``, ``org.dom4j``, ``org.hibernate``, ``org.jdbi.v3.core``, ``org.jooq``, ``org.mvel2``, ``org.scijava.log``, ``org.slf4j``, ``org.thymeleaf``, ``org.xml.sax``, ``org.xmlpull.v1``, ``play.mvc``, ``ratpack.core.form``, ``ratpack.core.handling``, ``ratpack.core.http``, ``ratpack.exec``, ``ratpack.form``, ``ratpack.func``, ``ratpack.handling``, ``ratpack.http``, ``ratpack.util``, ``retrofit2``",60,300,269,,,,14,18,,3
|
||||
Totals,,217,8438,1563,129,6,10,107,33,1,86
|
||||
Totals,,217,8449,1563,129,6,10,107,33,1,86
|
||||
|
||||
|
||||
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added more dataflow models for frequently-used JDK APIs.
|
||||
@@ -37,12 +37,17 @@ extensions:
|
||||
- ["java.lang", "CharSequence", True, "charAt", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
|
||||
- ["java.lang", "CharSequence", True, "subSequence", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
|
||||
- ["java.lang", "CharSequence", True, "toString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
|
||||
- ["java.lang", "IllegalArgumentException", False, "IllegalArgumentException", "(String)", "", "Argument[0]", "Argument[-1].SyntheticField[java.lang.Throwable.message]", "value", "manual"]
|
||||
- ["java.lang", "IllegalStateException", False, "IllegalStateException", "(String)", "", "Argument[0]", "Argument[-1].SyntheticField[java.lang.Throwable.message]", "value", "manual"]
|
||||
- ["java.lang", "Integer", False, "parseInt", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
|
||||
- ["java.lang", "Iterable", True, "forEach", "(Consumer)", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"]
|
||||
- ["java.lang", "Iterable", True, "iterator", "()", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
|
||||
- ["java.lang", "Iterable", True, "spliterator", "()", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
|
||||
- ["java.lang", "Object", True, "clone", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
|
||||
- ["java.lang", "Object", True, "clone", "", "", "Argument[-1].MapKey", "ReturnValue.MapKey", "value", "manual"]
|
||||
- ["java.lang", "Object", True, "clone", "", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"]
|
||||
- ["java.lang", "RuntimeException", False, "RuntimeException", "(String)", "", "Argument[0]", "Argument[-1].SyntheticField[java.lang.Throwable.message]", "value", "manual"]
|
||||
- ["java.lang", "RuntimeException", False, "RuntimeException", "(Throwable)", "", "Argument[0]", "Argument[-1].SyntheticField[java.lang.Throwable.cause]", "value", "manual"]
|
||||
- ["java.lang", "String", False, "String", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
|
||||
- ["java.lang", "String", False, "concat", "(String)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
|
||||
- ["java.lang", "String", False, "concat", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
|
||||
@@ -82,7 +87,34 @@ extensions:
|
||||
- ["java.lang", "String", False, "valueOf", "(char)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
|
||||
- ["java.lang", "String", False, "valueOf", "(char[])", "", "Argument[0]", "ReturnValue", "taint", "manual"]
|
||||
- ["java.lang", "String", False, "valueOf", "(char[],int,int)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
|
||||
- ["java.lang", "String", False, "valueOf", "(int)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
|
||||
- ["java.lang", "StringBuffer", True, "StringBuffer", "(CharSequence)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
|
||||
- ["java.lang", "StringBuffer", True, "StringBuffer", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
|
||||
- ["java.lang", "StringBuilder", True, "StringBuilder", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
|
||||
- ["java.lang", "System", False, "arraycopy", "", "", "Argument[0]", "Argument[2]", "taint", "manual"]
|
||||
- ["java.lang", "Throwable", False, "Throwable", "(Throwable)", "", "Argument[0]", "Argument[-1].SyntheticField[java.lang.Throwable.cause]", "value", "manual"]
|
||||
- ["java.lang", "Throwable", False, "getCause", "()", "", "Argument[-1].SyntheticField[java.lang.Throwable.cause]", "ReturnValue", "value", "manual"]
|
||||
- ["java.lang", "Throwable", False, "getMessage", "()", "", "Argument[-1].SyntheticField[java.lang.Throwable.message]", "ReturnValue", "value", "manual"]
|
||||
|
||||
- addsTo:
|
||||
pack: codeql/java-all
|
||||
extensible: neutralModel
|
||||
data:
|
||||
- ["java.lang", "Class", "getName", "()", "manual"]
|
||||
- ["java.lang", "Class", "getSimpleName", "()", "manual"]
|
||||
- ["java.lang", "Enum", "Enum", "(String,int)", "manual"]
|
||||
- ["java.lang", "Enum", "equals", "(Object)", "manual"]
|
||||
- ["java.lang", "Enum", "name", "()", "manual"]
|
||||
- ["java.lang", "Enum", "toString", "()", "manual"]
|
||||
- ["java.lang", "Object", "equals", "(Object)", "manual"]
|
||||
- ["java.lang", "Object", "getClass", "()", "manual"]
|
||||
- ["java.lang", "Object", "hashCode", "()", "manual"]
|
||||
- ["java.lang", "Object", "toString", "()", "manual"]
|
||||
- ["java.lang", "String", "contains", "(CharSequence)", "manual"]
|
||||
- ["java.lang", "String", "equals", "(Object)", "manual"]
|
||||
- ["java.lang", "String", "equalsIgnoreCase", "(String)", "manual"]
|
||||
- ["java.lang", "String", "hashCode", "()", "manual"]
|
||||
- ["java.lang", "String", "isEmpty", "()", "manual"]
|
||||
- ["java.lang", "String", "length", "()", "manual"]
|
||||
- ["java.lang", "String", "startsWith", "(String)", "manual"]
|
||||
- ["java.lang", "System", "currentTimeMillis", "()", "manual"]
|
||||
|
||||
6
java/ql/lib/ext/java.math.model.yml
Normal file
6
java/ql/lib/ext/java.math.model.yml
Normal file
@@ -0,0 +1,6 @@
|
||||
extensions:
|
||||
- addsTo:
|
||||
pack: codeql/java-all
|
||||
extensible: summaryModel
|
||||
data:
|
||||
- ["java.math", "BigDecimal", False, "BigDecimal", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
|
||||
@@ -14,3 +14,9 @@ extensions:
|
||||
- ["java.sql", "Statement", True, "executeLargeUpdate", "", "", "Argument[0]", "sql", "manual"]
|
||||
- ["java.sql", "Statement", True, "executeQuery", "", "", "Argument[0]", "sql", "manual"]
|
||||
- ["java.sql", "Statement", True, "executeUpdate", "", "", "Argument[0]", "sql", "manual"]
|
||||
|
||||
- addsTo:
|
||||
pack: codeql/java-all
|
||||
extensible: summaryModel
|
||||
data:
|
||||
- ["java.sql", "ResultSet", True, "getString", "(String)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
|
||||
|
||||
@@ -355,3 +355,26 @@ extensions:
|
||||
- ["java.util", "Vector", True, "setElementAt", "(Object,int)", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
|
||||
- ["java.util", "WeakHashMap", False, "WeakHashMap", "(Map)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
|
||||
- ["java.util", "WeakHashMap", False, "WeakHashMap", "(Map)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
|
||||
|
||||
- addsTo:
|
||||
pack: codeql/java-all
|
||||
extensible: neutralModel
|
||||
data:
|
||||
- ["java.util", "Collections", "emptyList", "()", "manual"]
|
||||
- ["java.util", "Collection", "size", "()", "manual"]
|
||||
- ["java.util", "Iterator", "hasNext", "()", "manual"]
|
||||
- ["java.util", "List", "contains", "(Object)", "manual"]
|
||||
- ["java.util", "List", "isEmpty", "()", "manual"]
|
||||
- ["java.util", "List", "size", "()", "manual"]
|
||||
- ["java.util", "Map", "containsKey", "(Object)", "manual"]
|
||||
- ["java.util", "Map", "isEmpty", "()", "manual"]
|
||||
- ["java.util", "Map", "size", "()", "manual"]
|
||||
- ["java.util", "Objects", "equals", "(Object,Object)", "manual"]
|
||||
- ["java.util", "Objects", "hash", "(Object[])", "manual"]
|
||||
- ["java.util", "Optional", "empty", "()", "manual"]
|
||||
- ["java.util", "Optional", "isPresent", "()", "manual"]
|
||||
- ["java.util", "Set", "contains", "(Object)", "manual"]
|
||||
- ["java.util", "Set", "isEmpty", "()", "manual"]
|
||||
- ["java.util", "Set", "size", "()", "manual"]
|
||||
- ["java.util", "UUID", "randomUUID", "()", "manual"]
|
||||
- ["java.util", "UUID", "toString", "()", "manual"]
|
||||
|
||||
@@ -87,3 +87,9 @@ extensions:
|
||||
- ["java.util.stream", "Stream", True, "takeWhile", "(Predicate)", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
|
||||
- ["java.util.stream", "Stream", True, "toArray", "", "", "Argument[-1].Element", "ReturnValue.ArrayElement", "value", "manual"]
|
||||
- ["java.util.stream", "Stream", True, "toList", "()", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
|
||||
|
||||
- addsTo:
|
||||
pack: codeql/java-all
|
||||
extensible: neutralModel
|
||||
data:
|
||||
- ["java.util.stream", "Collectors", "toList", "()", "manual"]
|
||||
|
||||
@@ -260,6 +260,12 @@ module Public {
|
||||
* Holds if the neutral is auto generated.
|
||||
*/
|
||||
predicate isAutoGenerated() { neutralElement(this, true) }
|
||||
|
||||
/**
|
||||
* Holds if the neutral has the given provenance where `true` is
|
||||
* `generated` and `false` is `manual`.
|
||||
*/
|
||||
predicate hasProvenance(boolean generated) { neutralElement(this, generated) }
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
* @id java/alert-suppression
|
||||
*/
|
||||
|
||||
private import codeql.suppression.AlertSuppression as AS
|
||||
private import codeql.util.suppression.AlertSuppression as AS
|
||||
private import semmle.code.java.Javadoc
|
||||
|
||||
class SingleLineComment extends Javadoc {
|
||||
@@ -18,4 +18,4 @@ class SingleLineComment extends Javadoc {
|
||||
string getText() { result = this.getChild(0).getText() }
|
||||
}
|
||||
|
||||
import AS::Make<SingleLineComment>
|
||||
import AS::Make<Top, SingleLineComment>
|
||||
|
||||
@@ -12,8 +12,8 @@ import Metrics.Internal.Extents
|
||||
/** Gets the LGTM suppression annotation text in the string `s`, if any. */
|
||||
bindingset[s]
|
||||
string getAnnotationText(string s) {
|
||||
// match `lgtm[...]` anywhere in the comment
|
||||
result = s.regexpFind("(?i)\\blgtm\\s*\\[[^\\]]*\\]", _, _)
|
||||
// match `lgtm[...]` or `codeql[...]` anywhere in the comment
|
||||
result = s.regexpFind("(?i)\\b(lgtm|codeql)\\s*\\[[^\\]]*\\]", _, _).trim()
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -96,5 +96,5 @@ where
|
||||
annotationText = getAnnotationText(text)
|
||||
select c, // suppression entity
|
||||
text, // full text of suppression string
|
||||
annotationText, // LGTM suppression annotation text
|
||||
annotationText.regexpReplaceAll("(?i)^codeql", "lgtm"), // LGTM suppression annotation text
|
||||
c.getScope() // scope of suppression
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
/**
|
||||
* @name Access Java object methods through JavaScript exposure
|
||||
* @id java/android-webview-addjavascriptinterface
|
||||
* @id java/android/webview-addjavascriptinterface
|
||||
* @description Exposing a Java object in a WebView with a JavaScript interface can lead to malicious JavaScript controlling the application.
|
||||
* @kind problem
|
||||
* @problem.severity warning
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
* @name Android WebView JavaScript settings
|
||||
* @description Enabling JavaScript execution in a WebView can result in cross-site scripting attacks.
|
||||
* @kind problem
|
||||
* @id java/android-websettings-javascript-enabled
|
||||
* @id java/android/websettings-javascript-enabled
|
||||
* @problem.severity warning
|
||||
* @security-severity 6.1
|
||||
* @precision medium
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
* @name Android WebSettings file access
|
||||
* @kind problem
|
||||
* @description Enabling access to the file system in a WebView allows attackers to view sensitive information.
|
||||
* @id java/android-websettings-file-access
|
||||
* @id java/android/websettings-file-access
|
||||
* @problem.severity warning
|
||||
* @security-severity 6.5
|
||||
* @precision medium
|
||||
|
||||
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The `AlertSuppression.ql` query has been updated to support the new `// codeql[query-id]` supression comments. These comments can be used to suppress an alert and must be placed on a blank line before the alert. In addition the legacy `// lgtm` and `// lgtm[query-id]` comments can now also be place on the line before an alert.
|
||||
@@ -12,8 +12,14 @@ edges
|
||||
| ThreadResourceAbuse.java:71:15:71:17 | parameter this [waitTime] : Number | ThreadResourceAbuse.java:74:18:74:25 | this <.field> [waitTime] : Number |
|
||||
| ThreadResourceAbuse.java:74:18:74:25 | this <.field> [waitTime] : Number | ThreadResourceAbuse.java:74:18:74:25 | waitTime |
|
||||
| ThreadResourceAbuse.java:141:27:141:43 | getValue(...) : String | ThreadResourceAbuse.java:144:34:144:42 | delayTime |
|
||||
| ThreadResourceAbuse.java:172:19:172:50 | getHeader(...) : String | ThreadResourceAbuse.java:173:37:173:42 | header : String |
|
||||
| ThreadResourceAbuse.java:172:19:172:50 | getHeader(...) : String | ThreadResourceAbuse.java:176:17:176:26 | retryAfter |
|
||||
| ThreadResourceAbuse.java:173:20:173:43 | parseInt(...) : Number | ThreadResourceAbuse.java:176:17:176:26 | retryAfter |
|
||||
| ThreadResourceAbuse.java:173:37:173:42 | header : String | ThreadResourceAbuse.java:173:20:173:43 | parseInt(...) : Number |
|
||||
| ThreadResourceAbuse.java:206:28:206:56 | getParameter(...) : String | ThreadResourceAbuse.java:207:39:207:52 | uploadDelayStr : String |
|
||||
| ThreadResourceAbuse.java:206:28:206:56 | getParameter(...) : String | ThreadResourceAbuse.java:209:49:209:59 | uploadDelay : Number |
|
||||
| ThreadResourceAbuse.java:207:22:207:53 | parseInt(...) : Number | ThreadResourceAbuse.java:209:49:209:59 | uploadDelay : Number |
|
||||
| ThreadResourceAbuse.java:207:39:207:52 | uploadDelayStr : String | ThreadResourceAbuse.java:207:22:207:53 | parseInt(...) : Number |
|
||||
| ThreadResourceAbuse.java:209:30:209:87 | new UploadListener(...) [slowUploads] : Number | UploadListener.java:28:14:28:19 | parameter this [slowUploads] : Number |
|
||||
| ThreadResourceAbuse.java:209:49:209:59 | uploadDelay : Number | ThreadResourceAbuse.java:209:30:209:87 | new UploadListener(...) [slowUploads] : Number |
|
||||
| ThreadResourceAbuse.java:209:49:209:59 | uploadDelay : Number | UploadListener.java:15:24:15:44 | sleepMilliseconds : Number |
|
||||
@@ -42,8 +48,12 @@ nodes
|
||||
| ThreadResourceAbuse.java:141:27:141:43 | getValue(...) : String | semmle.label | getValue(...) : String |
|
||||
| ThreadResourceAbuse.java:144:34:144:42 | delayTime | semmle.label | delayTime |
|
||||
| ThreadResourceAbuse.java:172:19:172:50 | getHeader(...) : String | semmle.label | getHeader(...) : String |
|
||||
| ThreadResourceAbuse.java:173:20:173:43 | parseInt(...) : Number | semmle.label | parseInt(...) : Number |
|
||||
| ThreadResourceAbuse.java:173:37:173:42 | header : String | semmle.label | header : String |
|
||||
| ThreadResourceAbuse.java:176:17:176:26 | retryAfter | semmle.label | retryAfter |
|
||||
| ThreadResourceAbuse.java:206:28:206:56 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| ThreadResourceAbuse.java:207:22:207:53 | parseInt(...) : Number | semmle.label | parseInt(...) : Number |
|
||||
| ThreadResourceAbuse.java:207:39:207:52 | uploadDelayStr : String | semmle.label | uploadDelayStr : String |
|
||||
| ThreadResourceAbuse.java:209:30:209:87 | new UploadListener(...) [slowUploads] : Number | semmle.label | new UploadListener(...) [slowUploads] : Number |
|
||||
| ThreadResourceAbuse.java:209:49:209:59 | uploadDelay : Number | semmle.label | uploadDelay : Number |
|
||||
| UploadListener.java:15:24:15:44 | sleepMilliseconds : Number | semmle.label | sleepMilliseconds : Number |
|
||||
|
||||
@@ -3,8 +3,12 @@ edges
|
||||
| NFEAndroidDoS.java:13:24:13:61 | getStringExtra(...) : Object | NFEAndroidDoS.java:14:21:14:51 | parseDouble(...) |
|
||||
| NFEAndroidDoS.java:22:21:22:31 | getIntent(...) : Intent | NFEAndroidDoS.java:22:21:22:55 | getStringExtra(...) : Object |
|
||||
| NFEAndroidDoS.java:22:21:22:55 | getStringExtra(...) : Object | NFEAndroidDoS.java:23:15:23:40 | parseInt(...) |
|
||||
| NFEAndroidDoS.java:22:21:22:55 | getStringExtra(...) : Object | NFEAndroidDoS.java:23:32:23:39 | widthStr : Object |
|
||||
| NFEAndroidDoS.java:23:32:23:39 | widthStr : Object | NFEAndroidDoS.java:23:15:23:40 | parseInt(...) |
|
||||
| NFEAndroidDoS.java:25:22:25:32 | getIntent(...) : Intent | NFEAndroidDoS.java:25:22:25:57 | getStringExtra(...) : Object |
|
||||
| NFEAndroidDoS.java:25:22:25:57 | getStringExtra(...) : Object | NFEAndroidDoS.java:26:16:26:42 | parseInt(...) |
|
||||
| NFEAndroidDoS.java:25:22:25:57 | getStringExtra(...) : Object | NFEAndroidDoS.java:26:33:26:41 | heightStr : Object |
|
||||
| NFEAndroidDoS.java:26:33:26:41 | heightStr : Object | NFEAndroidDoS.java:26:16:26:42 | parseInt(...) |
|
||||
| NFEAndroidDoS.java:43:24:43:34 | getIntent(...) : Intent | NFEAndroidDoS.java:43:24:43:61 | getStringExtra(...) : Object |
|
||||
| NFEAndroidDoS.java:43:24:43:61 | getStringExtra(...) : Object | NFEAndroidDoS.java:44:21:44:43 | new Double(...) |
|
||||
| NFEAndroidDoS.java:43:24:43:61 | getStringExtra(...) : Object | NFEAndroidDoS.java:47:21:47:47 | valueOf(...) |
|
||||
@@ -15,9 +19,11 @@ nodes
|
||||
| NFEAndroidDoS.java:22:21:22:31 | getIntent(...) : Intent | semmle.label | getIntent(...) : Intent |
|
||||
| NFEAndroidDoS.java:22:21:22:55 | getStringExtra(...) : Object | semmle.label | getStringExtra(...) : Object |
|
||||
| NFEAndroidDoS.java:23:15:23:40 | parseInt(...) | semmle.label | parseInt(...) |
|
||||
| NFEAndroidDoS.java:23:32:23:39 | widthStr : Object | semmle.label | widthStr : Object |
|
||||
| NFEAndroidDoS.java:25:22:25:32 | getIntent(...) : Intent | semmle.label | getIntent(...) : Intent |
|
||||
| NFEAndroidDoS.java:25:22:25:57 | getStringExtra(...) : Object | semmle.label | getStringExtra(...) : Object |
|
||||
| NFEAndroidDoS.java:26:16:26:42 | parseInt(...) | semmle.label | parseInt(...) |
|
||||
| NFEAndroidDoS.java:26:33:26:41 | heightStr : Object | semmle.label | heightStr : Object |
|
||||
| NFEAndroidDoS.java:43:24:43:34 | getIntent(...) : Intent | semmle.label | getIntent(...) : Intent |
|
||||
| NFEAndroidDoS.java:43:24:43:61 | getStringExtra(...) : Object | semmle.label | getStringExtra(...) : Object |
|
||||
| NFEAndroidDoS.java:44:21:44:43 | new Double(...) | semmle.label | new Double(...) |
|
||||
|
||||
45
java/ql/test/ext/TestModels/Test.java
Normal file
45
java/ql/test/ext/TestModels/Test.java
Normal file
@@ -0,0 +1,45 @@
|
||||
import java.math.BigDecimal;
|
||||
import java.sql.ResultSet;
|
||||
|
||||
public class Test {
|
||||
|
||||
void sink(Object o) { }
|
||||
|
||||
Object source() { return null; }
|
||||
|
||||
public void test() throws Exception {
|
||||
|
||||
Exception e1 = new RuntimeException((String)source());
|
||||
sink((String)e1.getMessage()); // $hasValueFlow
|
||||
|
||||
Exception e2 = new RuntimeException((Throwable)source());
|
||||
sink((Throwable)e2.getCause()); // $hasValueFlow
|
||||
|
||||
Exception e3 = new IllegalArgumentException((String)source());
|
||||
sink((String)e3.getMessage()); // $hasValueFlow
|
||||
|
||||
Exception e4 = new IllegalStateException((String)source());
|
||||
sink((String)e4.getMessage()); // $hasValueFlow
|
||||
|
||||
Throwable t = new Throwable((Throwable)source());
|
||||
sink((Throwable)t.getCause()); // $hasValueFlow
|
||||
|
||||
Integer x = (Integer)source();
|
||||
int y = x;
|
||||
sink(String.valueOf(y)); // $hasTaintFlow
|
||||
|
||||
String s1 = (String)source();
|
||||
sink(Integer.parseInt(s1)); // $hasTaintFlow
|
||||
|
||||
String s2 = (String)source();
|
||||
int i = 0;
|
||||
sink(s2.charAt(i)); // $hasTaintFlow
|
||||
|
||||
String s3 = (String)source();
|
||||
sink(new BigDecimal(s3)); // $hasTaintFlow
|
||||
|
||||
ResultSet rs = (ResultSet)source();
|
||||
sink(rs.getString("")); // $hasTaintFlow
|
||||
|
||||
}
|
||||
}
|
||||
0
java/ql/test/ext/TestModels/test.expected
Normal file
0
java/ql/test/ext/TestModels/test.expected
Normal file
2
java/ql/test/ext/TestModels/test.ql
Normal file
2
java/ql/test/ext/TestModels/test.ql
Normal file
@@ -0,0 +1,2 @@
|
||||
import java
|
||||
import TestUtilities.InlineFlowTest
|
||||
97
java/ql/test/ext/TopJdkApis/TopJdkApis.qll
Normal file
97
java/ql/test/ext/TopJdkApis/TopJdkApis.qll
Normal file
@@ -0,0 +1,97 @@
|
||||
/** Provides classes and predicates for working with Top JDK APIs. */
|
||||
|
||||
import java
|
||||
private import semmle.code.java.dataflow.FlowSummary
|
||||
private import semmle.code.java.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl
|
||||
private import semmle.code.java.dataflow.ExternalFlow
|
||||
|
||||
/** Holds if the given API name is a top JDK API. */
|
||||
predicate topJdkApiName(string apiName) {
|
||||
apiName in [
|
||||
// top 100 JDK APIs
|
||||
"java.lang.StringBuilder#append(String)", "java.util.List#get(int)",
|
||||
"java.util.List#add(Object)", "java.util.Map#put(Object,Object)",
|
||||
"java.lang.String#equals(Object)", "java.util.Map#get(Object)", "java.util.List#size()",
|
||||
"java.util.Collection#stream()", "java.lang.Object#getClass()",
|
||||
"java.util.stream.Stream#collect(Collector)", "java.util.Objects#equals(Object,Object)",
|
||||
"java.lang.String#format(String,Object[])", "java.util.stream.Stream#map(Function)",
|
||||
"java.lang.Throwable#getMessage()", "java.util.Arrays#asList(Object[])",
|
||||
"java.lang.String#equalsIgnoreCase(String)", "java.util.List#isEmpty()",
|
||||
"java.util.Set#add(Object)", "java.util.HashMap#put(Object,Object)",
|
||||
"java.util.stream.Collectors#toList()", "java.lang.StringBuilder#append(char)",
|
||||
"java.util.stream.Stream#filter(Predicate)", "java.lang.String#length()",
|
||||
"java.lang.Enum#name()", "java.lang.Object#toString()", "java.util.Optional#get()",
|
||||
"java.lang.StringBuilder#toString()",
|
||||
"java.lang.IllegalArgumentException#IllegalArgumentException(String)",
|
||||
"java.lang.Class#getName()", "java.lang.Enum#Enum(String,int)",
|
||||
"java.io.PrintWriter#write(String)", "java.util.Entry#getValue()", "java.util.Entry#getKey()",
|
||||
"java.util.Iterator#next()", "java.lang.Object#hashCode()",
|
||||
"java.util.Optional#orElse(Object)", "java.lang.StringBuffer#append(String)",
|
||||
"java.util.Collections#singletonList(Object)", "java.lang.Iterable#forEach(Consumer)",
|
||||
"java.util.Optional#of(Object)", "java.lang.String#contains(CharSequence)",
|
||||
"java.util.ArrayList#add(Object)", "java.util.Optional#ofNullable(Object)",
|
||||
"java.util.Collections#emptyList()", "java.math.BigDecimal#BigDecimal(String)",
|
||||
"java.lang.System#currentTimeMillis()", "java.lang.Object#equals(Object)",
|
||||
"java.util.Map#containsKey(Object)", "java.util.Optional#isPresent()",
|
||||
"java.lang.String#trim()", "java.util.List#addAll(Collection)",
|
||||
"java.util.Set#contains(Object)", "java.util.Optional#map(Function)",
|
||||
"java.util.Map#entrySet()", "java.util.Optional#empty()",
|
||||
"java.lang.Integer#parseInt(String)", "java.lang.String#startsWith(String)",
|
||||
"java.lang.IllegalStateException#IllegalStateException(String)",
|
||||
"java.lang.Enum#equals(Object)", "java.util.Iterator#hasNext()",
|
||||
"java.util.List#contains(Object)", "java.lang.String#substring(int,int)",
|
||||
"java.util.List#of(Object)", "java.util.Objects#hash(Object[])",
|
||||
"java.lang.RuntimeException#RuntimeException(String)", "java.lang.String#isEmpty()",
|
||||
"java.lang.String#replace(CharSequence,CharSequence)", "java.util.Set#size()",
|
||||
"java.io.File#File(String)", "java.lang.StringBuilder#append(Object)",
|
||||
"java.lang.String#split(String)", "java.util.Map#values()", "java.util.UUID#randomUUID()",
|
||||
"java.util.ArrayList#ArrayList(Collection)", "java.util.Map#keySet()",
|
||||
"java.sql.ResultSet#getString(String)", "java.lang.String#hashCode()",
|
||||
"java.lang.Throwable#Throwable(Throwable)", "java.util.HashMap#get(Object)",
|
||||
"java.lang.Class#getSimpleName()", "java.util.Set#isEmpty()", "java.util.Map#size()",
|
||||
"java.lang.String#substring(int)", "java.util.Map#remove(Object)",
|
||||
"java.lang.Throwable#printStackTrace()", "java.util.stream.Stream#findFirst()",
|
||||
"java.util.Optional#ifPresent(Consumer)", "java.lang.String#valueOf(Object)",
|
||||
"java.lang.String#toLowerCase()", "java.util.UUID#toString()",
|
||||
"java.lang.StringBuilder#append(int)", "java.util.Objects#requireNonNull(Object,String)",
|
||||
"java.nio.file.Path#resolve(String)", "java.lang.Enum#toString()",
|
||||
"java.lang.RuntimeException#RuntimeException(Throwable)", "java.util.Collection#size()",
|
||||
"java.lang.String#charAt(int)", "java.util.stream.Stream#forEach(Consumer)",
|
||||
"java.util.Map#isEmpty()", "java.lang.String#valueOf(int)"
|
||||
]
|
||||
}
|
||||
|
||||
/** Holds if `c` has the MaD-formatted name `apiName`. */
|
||||
predicate hasApiName(Callable c, string apiName) {
|
||||
apiName =
|
||||
c.getDeclaringType().getPackage() + "." + c.getDeclaringType().getSourceDeclaration() + "#" +
|
||||
c.getName() + paramsString(c)
|
||||
}
|
||||
|
||||
/** A top JDK API. */
|
||||
class TopJdkApi extends SummarizedCallableBase {
|
||||
TopJdkApi() {
|
||||
exists(string apiName |
|
||||
hasApiName(this.asCallable(), apiName) and
|
||||
topJdkApiName(apiName)
|
||||
)
|
||||
}
|
||||
|
||||
/** Holds if this API has a manual summary model. */
|
||||
private predicate hasManualSummary() { this.(SummarizedCallable).hasProvenance(false) }
|
||||
|
||||
/** Holds if this API has a manual neutral model. */
|
||||
private predicate hasManualNeutral() {
|
||||
this.(FlowSummaryImpl::Public::NeutralCallable).hasProvenance(false)
|
||||
}
|
||||
|
||||
/** Holds if this API has a manual MaD model. */
|
||||
predicate hasManualMadModel() { this.hasManualSummary() or this.hasManualNeutral() }
|
||||
/*
|
||||
* Note: the following top-100 APIs are not modeled with MaD:
|
||||
* java.util.stream.Stream#collect(Collector) : handled separately on a case-by-case basis as it is too complex for MaD
|
||||
* java.lang.String#valueOf(Object) : also a complex case; an alias for `Object.toString`, except the dispatch is hidden
|
||||
* java.lang.Throwable#printStackTrace() : should probably not be a general step, but there might be specialised queries that care
|
||||
*/
|
||||
|
||||
}
|
||||
3
java/ql/test/ext/TopJdkApis/TopJdkApisTest.expected
Normal file
3
java/ql/test/ext/TopJdkApis/TopJdkApisTest.expected
Normal file
@@ -0,0 +1,3 @@
|
||||
| java.lang.String#valueOf(Object) | no manual model |
|
||||
| java.lang.Throwable#printStackTrace() | no manual model |
|
||||
| java.util.stream.Stream#collect(Collector) | no manual model |
|
||||
14
java/ql/test/ext/TopJdkApis/TopJdkApisTest.java
Normal file
14
java/ql/test/ext/TopJdkApis/TopJdkApisTest.java
Normal file
@@ -0,0 +1,14 @@
|
||||
import java.util.ArrayList;
|
||||
import java.util.Arrays;
|
||||
import java.util.Collections;
|
||||
import java.util.Objects;
|
||||
import java.util.UUID;
|
||||
import java.util.stream.Collectors;
|
||||
import java.util.Map;
|
||||
import java.util.HashMap;
|
||||
import java.math.BigDecimal;
|
||||
import java.sql.ResultSet;
|
||||
import java.lang.System;
|
||||
import java.lang.IllegalStateException;
|
||||
|
||||
public class TopJdkApisTest { }
|
||||
17
java/ql/test/ext/TopJdkApis/TopJdkApisTest.ql
Normal file
17
java/ql/test/ext/TopJdkApis/TopJdkApisTest.ql
Normal file
@@ -0,0 +1,17 @@
|
||||
import java
|
||||
import TopJdkApis
|
||||
|
||||
from string apiName, string message
|
||||
where
|
||||
// top jdk api names for which there is no callable
|
||||
topJdkApiName(apiName) and
|
||||
not hasApiName(_, apiName) and
|
||||
message = "no callable"
|
||||
or
|
||||
// top jdk api names for which there isn't a manual model
|
||||
exists(TopJdkApi topApi |
|
||||
not topApi.hasManualMadModel() and
|
||||
hasApiName(topApi.asCallable(), apiName) and
|
||||
message = "no manual model"
|
||||
)
|
||||
select apiName, message order by apiName
|
||||
@@ -1,58 +1,122 @@
|
||||
| Test.java:1:15:1:21 | // lgtm | lgtm | lgtm | Test.java:1:1:1:21 | suppression range |
|
||||
| Test.java:2:1:2:35 | // lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | Test.java:2:1:2:35 | suppression range |
|
||||
| Test.java:2:1:2:35 | // lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | Test.java:3:0:3:0 | suppression range |
|
||||
| Test.java:3:1:3:70 | // lgtm[java/confusing-method-name, java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name, java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name, java/non-short-circuit-evaluation] | Test.java:3:1:3:70 | suppression range |
|
||||
| Test.java:3:1:3:70 | // lgtm[java/confusing-method-name, java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name, java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name, java/non-short-circuit-evaluation] | Test.java:4:0:4:0 | suppression range |
|
||||
| Test.java:4:1:4:24 | // lgtm[@tag:exceptions] | lgtm[@tag:exceptions] | lgtm[@tag:exceptions] | Test.java:4:1:4:24 | suppression range |
|
||||
| Test.java:4:1:4:24 | // lgtm[@tag:exceptions] | lgtm[@tag:exceptions] | lgtm[@tag:exceptions] | Test.java:5:0:5:0 | suppression range |
|
||||
| Test.java:5:1:5:51 | // lgtm[@tag:exceptions,java/confusing-method-name] | lgtm[@tag:exceptions,java/confusing-method-name] | lgtm[@tag:exceptions,java/confusing-method-name] | Test.java:5:1:5:51 | suppression range |
|
||||
| Test.java:5:1:5:51 | // lgtm[@tag:exceptions,java/confusing-method-name] | lgtm[@tag:exceptions,java/confusing-method-name] | lgtm[@tag:exceptions,java/confusing-method-name] | Test.java:6:0:6:0 | suppression range |
|
||||
| Test.java:6:1:6:28 | // lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | Test.java:6:1:6:28 | suppression range |
|
||||
| Test.java:6:1:6:28 | // lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | Test.java:7:0:7:0 | suppression range |
|
||||
| Test.java:7:1:7:81 | // lgtm[java/confusing-method-name] does not seem confusing despite alert by lgtm | lgtm[java/confusing-method-name] does not seem confusing despite alert by lgtm | lgtm[java/confusing-method-name] | Test.java:7:1:7:81 | suppression range |
|
||||
| Test.java:7:1:7:81 | // lgtm[java/confusing-method-name] does not seem confusing despite alert by lgtm | lgtm[java/confusing-method-name] does not seem confusing despite alert by lgtm | lgtm[java/confusing-method-name] | Test.java:8:0:8:0 | suppression range |
|
||||
| Test.java:8:1:8:18 | // lgtm: blah blah | lgtm: blah blah | lgtm | Test.java:8:1:8:18 | suppression range |
|
||||
| Test.java:8:1:8:18 | // lgtm: blah blah | lgtm: blah blah | lgtm | Test.java:9:0:9:0 | suppression range |
|
||||
| Test.java:9:1:9:32 | // lgtm blah blah #falsepositive | lgtm blah blah #falsepositive | lgtm | Test.java:9:1:9:32 | suppression range |
|
||||
| Test.java:9:1:9:32 | // lgtm blah blah #falsepositive | lgtm blah blah #falsepositive | lgtm | Test.java:10:0:10:0 | suppression range |
|
||||
| Test.java:10:1:10:36 | //lgtm [java/confusing-method-name] | lgtm [java/confusing-method-name] | lgtm [java/confusing-method-name] | Test.java:10:1:10:36 | suppression range |
|
||||
| Test.java:10:1:10:36 | //lgtm [java/confusing-method-name] | lgtm [java/confusing-method-name] | lgtm [java/confusing-method-name] | Test.java:11:0:11:0 | suppression range |
|
||||
| Test.java:11:1:11:10 | /* lgtm */ | lgtm | lgtm | Test.java:11:1:11:10 | suppression range |
|
||||
| Test.java:11:1:11:10 | /* lgtm */ | lgtm | lgtm | Test.java:12:0:12:0 | suppression range |
|
||||
| Test.java:12:1:12:9 | // lgtm[] | lgtm[] | lgtm[] | Test.java:12:1:12:9 | suppression range |
|
||||
| Test.java:12:1:12:9 | // lgtm[] | lgtm[] | lgtm[] | Test.java:13:0:13:0 | suppression range |
|
||||
| Test.java:14:1:14:6 | //lgtm | lgtm | lgtm | Test.java:14:1:14:6 | suppression range |
|
||||
| Test.java:14:1:14:6 | //lgtm | lgtm | lgtm | Test.java:15:0:15:0 | suppression range |
|
||||
| Test.java:15:1:15:7 | //\tlgtm | \tlgtm | lgtm | Test.java:15:1:15:7 | suppression range |
|
||||
| Test.java:15:1:15:7 | //\tlgtm | \tlgtm | lgtm | Test.java:16:0:16:0 | suppression range |
|
||||
| Test.java:16:1:16:36 | // lgtm\t[java/confusing-method-name] | lgtm\t[java/confusing-method-name] | lgtm\t[java/confusing-method-name] | Test.java:16:1:16:36 | suppression range |
|
||||
| Test.java:16:1:16:36 | // lgtm\t[java/confusing-method-name] | lgtm\t[java/confusing-method-name] | lgtm\t[java/confusing-method-name] | Test.java:17:0:17:0 | suppression range |
|
||||
| Test.java:19:1:19:12 | // foo; lgtm | foo; lgtm | lgtm | Test.java:19:1:19:12 | suppression range |
|
||||
| Test.java:19:1:19:12 | // foo; lgtm | foo; lgtm | lgtm | Test.java:20:0:20:0 | suppression range |
|
||||
| Test.java:20:1:20:40 | // foo; lgtm[java/confusing-method-name] | foo; lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | Test.java:20:1:20:40 | suppression range |
|
||||
| Test.java:20:1:20:40 | // foo; lgtm[java/confusing-method-name] | foo; lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | Test.java:21:0:21:0 | suppression range |
|
||||
| Test.java:22:1:22:39 | // foo lgtm[java/confusing-method-name] | foo lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | Test.java:22:1:22:39 | suppression range |
|
||||
| Test.java:22:1:22:39 | // foo lgtm[java/confusing-method-name] | foo lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | Test.java:23:0:23:0 | suppression range |
|
||||
| Test.java:24:1:24:43 | // foo lgtm[java/confusing-method-name] bar | foo lgtm[java/confusing-method-name] bar | lgtm[java/confusing-method-name] | Test.java:24:1:24:43 | suppression range |
|
||||
| Test.java:24:1:24:43 | // foo lgtm[java/confusing-method-name] bar | foo lgtm[java/confusing-method-name] bar | lgtm[java/confusing-method-name] | Test.java:25:0:25:0 | suppression range |
|
||||
| Test.java:25:1:25:8 | // LGTM! | LGTM! | LGTM | Test.java:25:1:25:8 | suppression range |
|
||||
| Test.java:25:1:25:8 | // LGTM! | LGTM! | LGTM | Test.java:26:0:26:0 | suppression range |
|
||||
| Test.java:26:1:26:35 | // LGTM[java/confusing-method-name] | LGTM[java/confusing-method-name] | LGTM[java/confusing-method-name] | Test.java:26:1:26:35 | suppression range |
|
||||
| Test.java:26:1:26:35 | // LGTM[java/confusing-method-name] | LGTM[java/confusing-method-name] | LGTM[java/confusing-method-name] | Test.java:27:0:27:0 | suppression range |
|
||||
| Test.java:27:1:27:78 | //lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name] | Test.java:27:1:27:78 | suppression range |
|
||||
| Test.java:27:1:27:78 | //lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name] | Test.java:28:0:28:0 | suppression range |
|
||||
| Test.java:27:1:27:78 | //lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/non-short-circuit-evaluation] | Test.java:27:1:27:78 | suppression range |
|
||||
| Test.java:27:1:27:78 | //lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/non-short-circuit-evaluation] | Test.java:28:0:28:0 | suppression range |
|
||||
| Test.java:28:1:28:40 | //lgtm[java/confusing-method-name]; lgtm | lgtm[java/confusing-method-name]; lgtm | lgtm | Test.java:28:1:28:40 | suppression range |
|
||||
| Test.java:28:1:28:40 | //lgtm[java/confusing-method-name]; lgtm | lgtm[java/confusing-method-name]; lgtm | lgtm | Test.java:29:0:29:0 | suppression range |
|
||||
| Test.java:28:1:28:40 | //lgtm[java/confusing-method-name]; lgtm | lgtm[java/confusing-method-name]; lgtm | lgtm[java/confusing-method-name] | Test.java:28:1:28:40 | suppression range |
|
||||
| Test.java:28:1:28:40 | //lgtm[java/confusing-method-name]; lgtm | lgtm[java/confusing-method-name]; lgtm | lgtm[java/confusing-method-name] | Test.java:29:0:29:0 | suppression range |
|
||||
| Test.java:29:1:29:12 | /* lgtm[] */ | lgtm[] | lgtm[] | Test.java:29:1:29:12 | suppression range |
|
||||
| Test.java:29:1:29:12 | /* lgtm[] */ | lgtm[] | lgtm[] | Test.java:30:0:30:0 | suppression range |
|
||||
| Test.java:30:1:30:38 | /* lgtm[java/confusing-method-name] */ | lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | Test.java:30:1:30:38 | suppression range |
|
||||
| Test.java:30:1:30:38 | /* lgtm[java/confusing-method-name] */ | lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | Test.java:31:0:31:0 | suppression range |
|
||||
| Test.java:36:1:36:52 | /* lgtm[@tag:nullness,java/confusing-method-name] */ | lgtm[@tag:nullness,java/confusing-method-name] | lgtm[@tag:nullness,java/confusing-method-name] | Test.java:36:1:36:52 | suppression range |
|
||||
| Test.java:36:1:36:52 | /* lgtm[@tag:nullness,java/confusing-method-name] */ | lgtm[@tag:nullness,java/confusing-method-name] | lgtm[@tag:nullness,java/confusing-method-name] | Test.java:37:0:37:0 | suppression range |
|
||||
| Test.java:37:1:37:25 | /* lgtm[@tag:nullness] */ | lgtm[@tag:nullness] | lgtm[@tag:nullness] | Test.java:37:1:37:25 | suppression range |
|
||||
| Test.java:37:1:37:25 | /* lgtm[@tag:nullness] */ | lgtm[@tag:nullness] | lgtm[@tag:nullness] | Test.java:38:0:38:0 | suppression range |
|
||||
| Test.java:39:1:39:32 | // codeql[js/debugger-statement] | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | Test.java:40:0:40:0 | suppression range |
|
||||
| Test.java:40:1:40:32 | // CODEQL[js/debugger-statement] | CODEQL[js/debugger-statement] | lgtm[js/debugger-statement] | Test.java:41:0:41:0 | suppression range |
|
||||
| Test.java:41:1:41:69 | // codeql[js/debugger-statement] -- because I know better than codeql | codeql[js/debugger-statement] -- because I know better than codeql | lgtm[js/debugger-statement] | Test.java:42:0:42:0 | suppression range |
|
||||
| Test.java:42:1:42:35 | /* codeql[js/debugger-statement] */ | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | Test.java:43:0:43:0 | suppression range |
|
||||
| TestWindows.java:1:22:1:29 | // lgtm | lgtm | lgtm | TestWindows.java:1:1:1:29 | suppression range |
|
||||
| TestWindows.java:2:1:2:36 | // lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | TestWindows.java:2:1:2:36 | suppression range |
|
||||
| TestWindows.java:2:1:2:36 | // lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | TestWindows.java:3:0:3:0 | suppression range |
|
||||
| TestWindows.java:3:1:3:71 | // lgtm[java/confusing-method-name, java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name, java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name, java/non-short-circuit-evaluation] | TestWindows.java:3:1:3:71 | suppression range |
|
||||
| TestWindows.java:3:1:3:71 | // lgtm[java/confusing-method-name, java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name, java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name, java/non-short-circuit-evaluation] | TestWindows.java:4:0:4:0 | suppression range |
|
||||
| TestWindows.java:4:1:4:25 | // lgtm[@tag:exceptions] | lgtm[@tag:exceptions] | lgtm[@tag:exceptions] | TestWindows.java:4:1:4:25 | suppression range |
|
||||
| TestWindows.java:4:1:4:25 | // lgtm[@tag:exceptions] | lgtm[@tag:exceptions] | lgtm[@tag:exceptions] | TestWindows.java:5:0:5:0 | suppression range |
|
||||
| TestWindows.java:5:1:5:52 | // lgtm[@tag:exceptions,java/confusing-method-name] | lgtm[@tag:exceptions,java/confusing-method-name] | lgtm[@tag:exceptions,java/confusing-method-name] | TestWindows.java:5:1:5:52 | suppression range |
|
||||
| TestWindows.java:5:1:5:52 | // lgtm[@tag:exceptions,java/confusing-method-name] | lgtm[@tag:exceptions,java/confusing-method-name] | lgtm[@tag:exceptions,java/confusing-method-name] | TestWindows.java:6:0:6:0 | suppression range |
|
||||
| TestWindows.java:6:1:6:29 | // lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | TestWindows.java:6:1:6:29 | suppression range |
|
||||
| TestWindows.java:6:1:6:29 | // lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | TestWindows.java:7:0:7:0 | suppression range |
|
||||
| TestWindows.java:7:1:7:82 | // lgtm[java/confusing-method-name] does not seem confusing despite alert by lgtm | lgtm[java/confusing-method-name] does not seem confusing despite alert by lgtm | lgtm[java/confusing-method-name] | TestWindows.java:7:1:7:82 | suppression range |
|
||||
| TestWindows.java:7:1:7:82 | // lgtm[java/confusing-method-name] does not seem confusing despite alert by lgtm | lgtm[java/confusing-method-name] does not seem confusing despite alert by lgtm | lgtm[java/confusing-method-name] | TestWindows.java:8:0:8:0 | suppression range |
|
||||
| TestWindows.java:8:1:8:19 | // lgtm: blah blah | lgtm: blah blah | lgtm | TestWindows.java:8:1:8:19 | suppression range |
|
||||
| TestWindows.java:8:1:8:19 | // lgtm: blah blah | lgtm: blah blah | lgtm | TestWindows.java:9:0:9:0 | suppression range |
|
||||
| TestWindows.java:9:1:9:33 | // lgtm blah blah #falsepositive | lgtm blah blah #falsepositive | lgtm | TestWindows.java:9:1:9:33 | suppression range |
|
||||
| TestWindows.java:9:1:9:33 | // lgtm blah blah #falsepositive | lgtm blah blah #falsepositive | lgtm | TestWindows.java:10:0:10:0 | suppression range |
|
||||
| TestWindows.java:10:1:10:37 | //lgtm [java/confusing-method-name] | lgtm [java/confusing-method-name] | lgtm [java/confusing-method-name] | TestWindows.java:10:1:10:37 | suppression range |
|
||||
| TestWindows.java:10:1:10:37 | //lgtm [java/confusing-method-name] | lgtm [java/confusing-method-name] | lgtm [java/confusing-method-name] | TestWindows.java:11:0:11:0 | suppression range |
|
||||
| TestWindows.java:11:1:11:10 | /* lgtm */ | lgtm | lgtm | TestWindows.java:11:1:11:10 | suppression range |
|
||||
| TestWindows.java:11:1:11:10 | /* lgtm */ | lgtm | lgtm | TestWindows.java:12:0:12:0 | suppression range |
|
||||
| TestWindows.java:12:1:12:10 | // lgtm[] | lgtm[] | lgtm[] | TestWindows.java:12:1:12:10 | suppression range |
|
||||
| TestWindows.java:12:1:12:10 | // lgtm[] | lgtm[] | lgtm[] | TestWindows.java:13:0:13:0 | suppression range |
|
||||
| TestWindows.java:14:1:14:7 | //lgtm | lgtm | lgtm | TestWindows.java:14:1:14:7 | suppression range |
|
||||
| TestWindows.java:14:1:14:7 | //lgtm | lgtm | lgtm | TestWindows.java:15:0:15:0 | suppression range |
|
||||
| TestWindows.java:15:1:15:8 | //\tlgtm | \tlgtm | lgtm | TestWindows.java:15:1:15:8 | suppression range |
|
||||
| TestWindows.java:15:1:15:8 | //\tlgtm | \tlgtm | lgtm | TestWindows.java:16:0:16:0 | suppression range |
|
||||
| TestWindows.java:16:1:16:37 | // lgtm\t[java/confusing-method-name] | lgtm\t[java/confusing-method-name] | lgtm\t[java/confusing-method-name] | TestWindows.java:16:1:16:37 | suppression range |
|
||||
| TestWindows.java:16:1:16:37 | // lgtm\t[java/confusing-method-name] | lgtm\t[java/confusing-method-name] | lgtm\t[java/confusing-method-name] | TestWindows.java:17:0:17:0 | suppression range |
|
||||
| TestWindows.java:19:1:19:13 | // foo; lgtm | foo; lgtm | lgtm | TestWindows.java:19:1:19:13 | suppression range |
|
||||
| TestWindows.java:19:1:19:13 | // foo; lgtm | foo; lgtm | lgtm | TestWindows.java:20:0:20:0 | suppression range |
|
||||
| TestWindows.java:20:1:20:41 | // foo; lgtm[java/confusing-method-name] | foo; lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | TestWindows.java:20:1:20:41 | suppression range |
|
||||
| TestWindows.java:20:1:20:41 | // foo; lgtm[java/confusing-method-name] | foo; lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | TestWindows.java:21:0:21:0 | suppression range |
|
||||
| TestWindows.java:22:1:22:40 | // foo lgtm[java/confusing-method-name] | foo lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | TestWindows.java:22:1:22:40 | suppression range |
|
||||
| TestWindows.java:22:1:22:40 | // foo lgtm[java/confusing-method-name] | foo lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | TestWindows.java:23:0:23:0 | suppression range |
|
||||
| TestWindows.java:24:1:24:44 | // foo lgtm[java/confusing-method-name] bar | foo lgtm[java/confusing-method-name] bar | lgtm[java/confusing-method-name] | TestWindows.java:24:1:24:44 | suppression range |
|
||||
| TestWindows.java:24:1:24:44 | // foo lgtm[java/confusing-method-name] bar | foo lgtm[java/confusing-method-name] bar | lgtm[java/confusing-method-name] | TestWindows.java:25:0:25:0 | suppression range |
|
||||
| TestWindows.java:25:1:25:9 | // LGTM! | LGTM! | LGTM | TestWindows.java:25:1:25:9 | suppression range |
|
||||
| TestWindows.java:25:1:25:9 | // LGTM! | LGTM! | LGTM | TestWindows.java:26:0:26:0 | suppression range |
|
||||
| TestWindows.java:26:1:26:36 | // LGTM[java/confusing-method-name] | LGTM[java/confusing-method-name] | LGTM[java/confusing-method-name] | TestWindows.java:26:1:26:36 | suppression range |
|
||||
| TestWindows.java:26:1:26:36 | // LGTM[java/confusing-method-name] | LGTM[java/confusing-method-name] | LGTM[java/confusing-method-name] | TestWindows.java:27:0:27:0 | suppression range |
|
||||
| TestWindows.java:27:1:27:79 | //lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name] | TestWindows.java:27:1:27:79 | suppression range |
|
||||
| TestWindows.java:27:1:27:79 | //lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name] | TestWindows.java:28:0:28:0 | suppression range |
|
||||
| TestWindows.java:27:1:27:79 | //lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/non-short-circuit-evaluation] | TestWindows.java:27:1:27:79 | suppression range |
|
||||
| TestWindows.java:27:1:27:79 | //lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/non-short-circuit-evaluation] | TestWindows.java:28:0:28:0 | suppression range |
|
||||
| TestWindows.java:28:1:28:41 | //lgtm[java/confusing-method-name]; lgtm | lgtm[java/confusing-method-name]; lgtm | lgtm | TestWindows.java:28:1:28:41 | suppression range |
|
||||
| TestWindows.java:28:1:28:41 | //lgtm[java/confusing-method-name]; lgtm | lgtm[java/confusing-method-name]; lgtm | lgtm | TestWindows.java:29:0:29:0 | suppression range |
|
||||
| TestWindows.java:28:1:28:41 | //lgtm[java/confusing-method-name]; lgtm | lgtm[java/confusing-method-name]; lgtm | lgtm[java/confusing-method-name] | TestWindows.java:28:1:28:41 | suppression range |
|
||||
| TestWindows.java:28:1:28:41 | //lgtm[java/confusing-method-name]; lgtm | lgtm[java/confusing-method-name]; lgtm | lgtm[java/confusing-method-name] | TestWindows.java:29:0:29:0 | suppression range |
|
||||
| TestWindows.java:29:1:29:12 | /* lgtm[] */ | lgtm[] | lgtm[] | TestWindows.java:29:1:29:12 | suppression range |
|
||||
| TestWindows.java:29:1:29:12 | /* lgtm[] */ | lgtm[] | lgtm[] | TestWindows.java:30:0:30:0 | suppression range |
|
||||
| TestWindows.java:30:1:30:38 | /* lgtm[java/confusing-method-name] */ | lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | TestWindows.java:30:1:30:38 | suppression range |
|
||||
| TestWindows.java:30:1:30:38 | /* lgtm[java/confusing-method-name] */ | lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | TestWindows.java:31:0:31:0 | suppression range |
|
||||
| TestWindows.java:36:1:36:52 | /* lgtm[@tag:nullness,java/confusing-method-name] */ | lgtm[@tag:nullness,java/confusing-method-name] | lgtm[@tag:nullness,java/confusing-method-name] | TestWindows.java:36:1:36:52 | suppression range |
|
||||
| TestWindows.java:36:1:36:52 | /* lgtm[@tag:nullness,java/confusing-method-name] */ | lgtm[@tag:nullness,java/confusing-method-name] | lgtm[@tag:nullness,java/confusing-method-name] | TestWindows.java:37:0:37:0 | suppression range |
|
||||
| TestWindows.java:37:1:37:25 | /* lgtm[@tag:nullness] */ | lgtm[@tag:nullness] | lgtm[@tag:nullness] | TestWindows.java:37:1:37:25 | suppression range |
|
||||
| TestWindows.java:37:1:37:25 | /* lgtm[@tag:nullness] */ | lgtm[@tag:nullness] | lgtm[@tag:nullness] | TestWindows.java:38:0:38:0 | suppression range |
|
||||
| TestWindows.java:39:1:39:33 | // codeql[js/debugger-statement] | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | TestWindows.java:40:0:40:0 | suppression range |
|
||||
| TestWindows.java:40:1:40:33 | // CODEQL[js/debugger-statement] | CODEQL[js/debugger-statement] | lgtm[js/debugger-statement] | TestWindows.java:41:0:41:0 | suppression range |
|
||||
| TestWindows.java:41:1:41:70 | // codeql[js/debugger-statement] -- because I know better than codeql | codeql[js/debugger-statement] -- because I know better than codeql | lgtm[js/debugger-statement] | TestWindows.java:42:0:42:0 | suppression range |
|
||||
| TestWindows.java:42:1:42:35 | /* codeql[js/debugger-statement] */ | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | TestWindows.java:43:0:43:0 | suppression range |
|
||||
|
||||
@@ -1,6 +1,11 @@
|
||||
| TestSuppressWarnings.java:2:1:2:49 | SuppressWarnings | lgtm[java/non-sync-override] | lgtm[java/non-sync-override] | TestSuppressWarnings.java:2:1:21:5 | suppression range |
|
||||
| TestSuppressWarnings.java:2:1:2:49 | SuppressWarnings | lgtm[java/non-sync-override] | lgtm[java/non-sync-override] | TestSuppressWarnings.java:2:1:38:5 | suppression range |
|
||||
| TestSuppressWarnings.java:5:5:5:31 | SuppressWarnings | lgtm[] | lgtm[] | TestSuppressWarnings.java:5:5:8:5 | suppression range |
|
||||
| TestSuppressWarnings.java:10:5:10:104 | SuppressWarnings | lgtm[java/confusing-method-name] not confusing | lgtm[java/confusing-method-name] | TestSuppressWarnings.java:9:5:13:5 | suppression range |
|
||||
| TestSuppressWarnings.java:10:5:10:104 | SuppressWarnings | lgtm[java/non-sync-override] | lgtm[java/non-sync-override] | TestSuppressWarnings.java:9:5:13:5 | suppression range |
|
||||
| TestSuppressWarnings.java:18:5:18:98 | SuppressWarnings | lgtm[java/confusing-method-name] blah blah lgtm[java/non-sync-override] | lgtm[java/confusing-method-name] | TestSuppressWarnings.java:18:5:21:5 | suppression range |
|
||||
| TestSuppressWarnings.java:18:5:18:98 | SuppressWarnings | lgtm[java/confusing-method-name] blah blah lgtm[java/non-sync-override] | lgtm[java/non-sync-override] | TestSuppressWarnings.java:18:5:21:5 | suppression range |
|
||||
| TestSuppressWarnings.java:22:5:22:33 | SuppressWarnings | codeql[] | lgtm[] | TestSuppressWarnings.java:22:5:25:5 | suppression range |
|
||||
| TestSuppressWarnings.java:27:5:27:108 | SuppressWarnings | codeql[java/confusing-method-name] not confusing | lgtm[java/confusing-method-name] | TestSuppressWarnings.java:26:5:30:5 | suppression range |
|
||||
| TestSuppressWarnings.java:27:5:27:108 | SuppressWarnings | codeql[java/non-sync-override] | lgtm[java/non-sync-override] | TestSuppressWarnings.java:26:5:30:5 | suppression range |
|
||||
| TestSuppressWarnings.java:35:5:35:102 | SuppressWarnings | codeql[java/confusing-method-name] blah blah codeql[java/non-sync-override] | lgtm[java/confusing-method-name] | TestSuppressWarnings.java:35:5:38:5 | suppression range |
|
||||
| TestSuppressWarnings.java:35:5:35:102 | SuppressWarnings | codeql[java/confusing-method-name] blah blah codeql[java/non-sync-override] | lgtm[java/non-sync-override] | TestSuppressWarnings.java:35:5:38:5 | suppression range |
|
||||
|
||||
@@ -36,3 +36,11 @@ class Test {} // lgtm
|
||||
/* lgtm[@tag:nullness,java/confusing-method-name] */
|
||||
/* lgtm[@tag:nullness] */
|
||||
/** lgtm[] */
|
||||
// codeql[js/debugger-statement]
|
||||
// CODEQL[js/debugger-statement]
|
||||
// codeql[js/debugger-statement] -- because I know better than codeql
|
||||
/* codeql[js/debugger-statement] */
|
||||
/* codeql[js/debugger-statement]
|
||||
*/
|
||||
class Foo {} // codeql[js/debugger-statement]
|
||||
|
||||
|
||||
@@ -4,19 +4,36 @@
|
||||
class TestSuppressWarnings {
|
||||
@SuppressWarnings("lgtm[]")
|
||||
public void test() {
|
||||
|
||||
|
||||
}
|
||||
@Deprecated
|
||||
@SuppressWarnings({"lgtm[java/confusing-method-name] not confusing","lgtm[java/non-sync-override]"})
|
||||
public void test2() {
|
||||
|
||||
|
||||
}
|
||||
@SuppressWarnings("lgtm")
|
||||
public void test3() {
|
||||
|
||||
|
||||
}
|
||||
@SuppressWarnings({"lgtm[java/confusing-method-name] blah blah lgtm[java/non-sync-override]"})
|
||||
public void test4() {
|
||||
|
||||
|
||||
}
|
||||
@SuppressWarnings("codeql[]")
|
||||
public void test5() {
|
||||
|
||||
}
|
||||
@Deprecated
|
||||
@SuppressWarnings({"codeql[java/confusing-method-name] not confusing","codeql[java/non-sync-override]"})
|
||||
public void test6() {
|
||||
|
||||
}
|
||||
@SuppressWarnings("lgtm")
|
||||
public void test7() {
|
||||
|
||||
}
|
||||
@SuppressWarnings({"codeql[java/confusing-method-name] blah blah codeql[java/non-sync-override]"})
|
||||
public void test8() {
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
@@ -36,3 +36,11 @@ class TestWindows {} // lgtm
|
||||
/* lgtm[@tag:nullness,java/confusing-method-name] */
|
||||
/* lgtm[@tag:nullness] */
|
||||
/** lgtm[] */
|
||||
// codeql[js/debugger-statement]
|
||||
// CODEQL[js/debugger-statement]
|
||||
// codeql[js/debugger-statement] -- because I know better than codeql
|
||||
/* codeql[js/debugger-statement] */
|
||||
/* codeql[js/debugger-statement]
|
||||
*/
|
||||
class Foo2 {} // codeql[js/debugger-statement]
|
||||
|
||||
|
||||
@@ -13,7 +13,7 @@ class ExternalApiUsage {
|
||||
|
||||
Duration d = java.time.Duration.ofMillis(1000); // not supported
|
||||
|
||||
long l = "foo".length(); // not interesting
|
||||
long l = "foo".length(); // supported as a neutral model
|
||||
|
||||
AtomicReference<String> ref = new AtomicReference<>(); // not supported
|
||||
ref.set("foo");
|
||||
|
||||
@@ -1,4 +1,3 @@
|
||||
| java.lang.Class#isAssignableFrom(Class) | 1 |
|
||||
| java.lang.String#length() | 1 |
|
||||
| java.time.Duration#ofMillis(long) | 1 |
|
||||
| java.util.concurrent.atomic.AtomicReference#set(Object) | 1 |
|
||||
|
||||
@@ -1,10 +1,14 @@
|
||||
edges
|
||||
| Test.java:76:27:76:60 | getProperty(...) : String | Test.java:78:37:78:48 | userProperty : String |
|
||||
| Test.java:78:20:78:56 | parseInt(...) : Number | Test.java:80:31:80:34 | size |
|
||||
| Test.java:78:20:78:56 | parseInt(...) : Number | Test.java:86:34:86:37 | size |
|
||||
| Test.java:78:37:78:48 | userProperty : String | Test.java:78:37:78:55 | trim(...) : String |
|
||||
| Test.java:78:37:78:55 | trim(...) : String | Test.java:78:20:78:56 | parseInt(...) : Number |
|
||||
| Test.java:78:37:78:55 | trim(...) : String | Test.java:80:31:80:34 | size |
|
||||
| Test.java:78:37:78:55 | trim(...) : String | Test.java:86:34:86:37 | size |
|
||||
nodes
|
||||
| Test.java:76:27:76:60 | getProperty(...) : String | semmle.label | getProperty(...) : String |
|
||||
| Test.java:78:20:78:56 | parseInt(...) : Number | semmle.label | parseInt(...) : Number |
|
||||
| Test.java:78:37:78:48 | userProperty : String | semmle.label | userProperty : String |
|
||||
| Test.java:78:37:78:55 | trim(...) : String | semmle.label | trim(...) : String |
|
||||
| Test.java:80:31:80:34 | size | semmle.label | size |
|
||||
|
||||
@@ -1,9 +1,12 @@
|
||||
edges
|
||||
| Test.java:14:27:14:60 | getProperty(...) : String | Test.java:16:38:16:49 | userProperty : String |
|
||||
| Test.java:16:21:16:57 | parseInt(...) : Number | Test.java:19:34:19:38 | index |
|
||||
| Test.java:16:38:16:49 | userProperty : String | Test.java:16:38:16:56 | trim(...) : String |
|
||||
| Test.java:16:38:16:56 | trim(...) : String | Test.java:16:21:16:57 | parseInt(...) : Number |
|
||||
| Test.java:16:38:16:56 | trim(...) : String | Test.java:19:34:19:38 | index |
|
||||
nodes
|
||||
| Test.java:14:27:14:60 | getProperty(...) : String | semmle.label | getProperty(...) : String |
|
||||
| Test.java:16:21:16:57 | parseInt(...) : Number | semmle.label | parseInt(...) : Number |
|
||||
| Test.java:16:38:16:49 | userProperty : String | semmle.label | userProperty : String |
|
||||
| Test.java:16:38:16:56 | trim(...) : String | semmle.label | trim(...) : String |
|
||||
| Test.java:19:34:19:38 | index | semmle.label | index |
|
||||
|
||||
@@ -11,8 +11,19 @@ edges
|
||||
| ArithmeticTainted.java:19:26:19:39 | readerBuffered : BufferedReader | ArithmeticTainted.java:19:26:19:50 | readLine(...) : String |
|
||||
| ArithmeticTainted.java:19:26:19:50 | readLine(...) : String | ArithmeticTainted.java:21:29:21:40 | stringNumber : String |
|
||||
| ArithmeticTainted.java:19:26:19:50 | readLine(...) : String | ArithmeticTainted.java:21:29:21:40 | stringNumber : String |
|
||||
| ArithmeticTainted.java:21:12:21:48 | parseInt(...) : Number | ArithmeticTainted.java:32:17:32:20 | data |
|
||||
| ArithmeticTainted.java:21:12:21:48 | parseInt(...) : Number | ArithmeticTainted.java:40:17:40:20 | data |
|
||||
| ArithmeticTainted.java:21:12:21:48 | parseInt(...) : Number | ArithmeticTainted.java:50:17:50:20 | data |
|
||||
| ArithmeticTainted.java:21:12:21:48 | parseInt(...) : Number | ArithmeticTainted.java:64:20:64:23 | data : Number |
|
||||
| ArithmeticTainted.java:21:12:21:48 | parseInt(...) : Number | ArithmeticTainted.java:95:37:95:40 | data |
|
||||
| ArithmeticTainted.java:21:12:21:48 | parseInt(...) : Number | ArithmeticTainted.java:118:9:118:12 | data : Number |
|
||||
| ArithmeticTainted.java:21:12:21:48 | parseInt(...) : Number | ArithmeticTainted.java:119:10:119:13 | data : Number |
|
||||
| ArithmeticTainted.java:21:12:21:48 | parseInt(...) : Number | ArithmeticTainted.java:120:10:120:13 | data : Number |
|
||||
| ArithmeticTainted.java:21:12:21:48 | parseInt(...) : Number | ArithmeticTainted.java:121:10:121:13 | data : Number |
|
||||
| ArithmeticTainted.java:21:29:21:40 | stringNumber : String | ArithmeticTainted.java:21:29:21:47 | trim(...) : String |
|
||||
| ArithmeticTainted.java:21:29:21:40 | stringNumber : String | ArithmeticTainted.java:21:29:21:47 | trim(...) : String |
|
||||
| ArithmeticTainted.java:21:29:21:47 | trim(...) : String | ArithmeticTainted.java:21:12:21:48 | parseInt(...) : Number |
|
||||
| ArithmeticTainted.java:21:29:21:47 | trim(...) : String | ArithmeticTainted.java:21:12:21:48 | parseInt(...) : Number |
|
||||
| ArithmeticTainted.java:21:29:21:47 | trim(...) : String | ArithmeticTainted.java:32:17:32:20 | data |
|
||||
| ArithmeticTainted.java:21:29:21:47 | trim(...) : String | ArithmeticTainted.java:40:17:40:20 | data |
|
||||
| ArithmeticTainted.java:21:29:21:47 | trim(...) : String | ArithmeticTainted.java:50:17:50:20 | data |
|
||||
@@ -53,6 +64,8 @@ nodes
|
||||
| ArithmeticTainted.java:19:26:19:39 | readerBuffered : BufferedReader | semmle.label | readerBuffered : BufferedReader |
|
||||
| ArithmeticTainted.java:19:26:19:50 | readLine(...) : String | semmle.label | readLine(...) : String |
|
||||
| ArithmeticTainted.java:19:26:19:50 | readLine(...) : String | semmle.label | readLine(...) : String |
|
||||
| ArithmeticTainted.java:21:12:21:48 | parseInt(...) : Number | semmle.label | parseInt(...) : Number |
|
||||
| ArithmeticTainted.java:21:12:21:48 | parseInt(...) : Number | semmle.label | parseInt(...) : Number |
|
||||
| ArithmeticTainted.java:21:29:21:40 | stringNumber : String | semmle.label | stringNumber : String |
|
||||
| ArithmeticTainted.java:21:29:21:40 | stringNumber : String | semmle.label | stringNumber : String |
|
||||
| ArithmeticTainted.java:21:29:21:47 | trim(...) : String | semmle.label | trim(...) : String |
|
||||
|
||||
@@ -13,11 +13,7 @@ class Test extends InlineExpectationsTest {
|
||||
loc = node.getLocation() and
|
||||
el = node.toString() and
|
||||
value = "" and
|
||||
(
|
||||
if exists(string x | trustedDomain(x))
|
||||
then tag = "hasUntrustedResult"
|
||||
else tag = "hasNoTrustedResult"
|
||||
)
|
||||
if trustedDomain(_) then tag = "hasUntrustedResult" else tag = "hasNoTrustedResult"
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -13,11 +13,7 @@ class Test extends InlineExpectationsTest {
|
||||
loc = node.getLocation() and
|
||||
el = node.toString() and
|
||||
value = "" and
|
||||
(
|
||||
if exists(string x | trustedDomain(x))
|
||||
then tag = "hasUntrustedResult"
|
||||
else tag = "hasNoTrustedResult"
|
||||
)
|
||||
if trustedDomain(_) then tag = "hasUntrustedResult" else tag = "hasNoTrustedResult"
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -13,11 +13,7 @@ class Test extends InlineExpectationsTest {
|
||||
loc = node.getLocation() and
|
||||
el = node.toString() and
|
||||
value = "" and
|
||||
(
|
||||
if exists(string x | trustedDomain(x))
|
||||
then tag = "hasUntrustedResult"
|
||||
else tag = "hasNoTrustedResult"
|
||||
)
|
||||
if trustedDomain(_) then tag = "hasUntrustedResult" else tag = "hasNoTrustedResult"
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -13,11 +13,7 @@ class Test extends InlineExpectationsTest {
|
||||
loc = node.getLocation() and
|
||||
el = node.toString() and
|
||||
value = "" and
|
||||
(
|
||||
if exists(string x | trustedDomain(x))
|
||||
then tag = "hasUntrustedResult"
|
||||
else tag = "hasNoTrustedResult"
|
||||
)
|
||||
if trustedDomain(_) then tag = "hasUntrustedResult" else tag = "hasNoTrustedResult"
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -5,10 +5,20 @@
|
||||
* @id js/alert-suppression
|
||||
*/
|
||||
|
||||
private import codeql.suppression.AlertSuppression as AS
|
||||
private import codeql.util.suppression.AlertSuppression as AS
|
||||
private import javascript as JS
|
||||
|
||||
class SingleLineComment extends JS::Locatable {
|
||||
class AstNode extends JS::Locatable {
|
||||
AstNode() { not this.(JS::HTML::TextNode).getText().regexpMatch("\\s*") }
|
||||
|
||||
predicate hasLocationInfo(
|
||||
string filepath, int startline, int startcolumn, int endline, int endcolumn
|
||||
) {
|
||||
this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
|
||||
}
|
||||
}
|
||||
|
||||
class SingleLineComment extends AstNode {
|
||||
private string text;
|
||||
|
||||
SingleLineComment() {
|
||||
@@ -20,13 +30,7 @@ class SingleLineComment extends JS::Locatable {
|
||||
not text.matches("%\n%")
|
||||
}
|
||||
|
||||
predicate hasLocationInfo(
|
||||
string filepath, int startline, int startcolumn, int endline, int endcolumn
|
||||
) {
|
||||
this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
|
||||
}
|
||||
|
||||
string getText() { result = text }
|
||||
}
|
||||
|
||||
import AS::Make<SingleLineComment>
|
||||
import AS::Make<AstNode, SingleLineComment>
|
||||
|
||||
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The `AlertSuppression.ql` query has been updated to support the new `// codeql[query-id]` supression comments. These comments can be used to suppress an alert and must be placed on a blank line before the alert. In addition the legacy `// lgtm` and `// lgtm[query-id]` comments can now also be place on the line before an alert.
|
||||
@@ -1,60 +1,126 @@
|
||||
| tst.html:5:30:5:42 | <!-- lgtm --> | lgtm | lgtm | tst.html:5:1:5:42 | suppression range |
|
||||
| tst.html:4:5:4:36 | <!-- codeql[js/duplicate-id] --> | codeql[js/duplicate-id] | lgtm[js/duplicate-id] | tst.html:5:0:5:0 | suppression range |
|
||||
| tst.html:6:30:6:42 | <!-- lgtm --> | lgtm | lgtm | tst.html:6:1:6:42 | suppression range |
|
||||
| tst.js:1:11:1:17 | // lgtm | lgtm | lgtm | tst.js:1:1:1:17 | suppression range |
|
||||
| tst.js:2:1:2:30 | // lgtm ... tement] | lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tst.js:2:1:2:30 | suppression range |
|
||||
| tst.js:2:1:2:30 | // lgtm ... tement] | lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tst.js:3:0:3:0 | suppression range |
|
||||
| tst.js:3:1:3:61 | // lgtm ... nction] | lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | tst.js:3:1:3:61 | suppression range |
|
||||
| tst.js:3:1:3:61 | // lgtm ... nction] | lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | tst.js:4:0:4:0 | suppression range |
|
||||
| tst.js:4:1:4:22 | // lgtm ... llness] | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tst.js:4:1:4:22 | suppression range |
|
||||
| tst.js:4:1:4:22 | // lgtm ... llness] | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tst.js:5:0:5:0 | suppression range |
|
||||
| tst.js:5:1:5:44 | // lgtm ... tement] | lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | tst.js:5:1:5:44 | suppression range |
|
||||
| tst.js:5:1:5:44 | // lgtm ... tement] | lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | tst.js:6:0:6:0 | suppression range |
|
||||
| tst.js:6:1:6:28 | // lgtm ... -06-11] | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | tst.js:6:1:6:28 | suppression range |
|
||||
| tst.js:6:1:6:28 | // lgtm ... -06-11] | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | tst.js:7:0:7:0 | suppression range |
|
||||
| tst.js:7:1:7:70 | // lgtm ... an lgtm | lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] | tst.js:7:1:7:70 | suppression range |
|
||||
| tst.js:7:1:7:70 | // lgtm ... an lgtm | lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] | tst.js:8:0:8:0 | suppression range |
|
||||
| tst.js:8:1:8:18 | // lgtm: blah blah | lgtm: blah blah | lgtm | tst.js:8:1:8:18 | suppression range |
|
||||
| tst.js:8:1:8:18 | // lgtm: blah blah | lgtm: blah blah | lgtm | tst.js:9:0:9:0 | suppression range |
|
||||
| tst.js:9:1:9:32 | // lgtm ... ositive | lgtm blah blah #falsepositive | lgtm | tst.js:9:1:9:32 | suppression range |
|
||||
| tst.js:9:1:9:32 | // lgtm ... ositive | lgtm blah blah #falsepositive | lgtm | tst.js:10:0:10:0 | suppression range |
|
||||
| tst.js:10:1:10:39 | //lgtm ... nction] | lgtm [js/invocation-of-non-function] | lgtm [js/invocation-of-non-function] | tst.js:10:1:10:39 | suppression range |
|
||||
| tst.js:10:1:10:39 | //lgtm ... nction] | lgtm [js/invocation-of-non-function] | lgtm [js/invocation-of-non-function] | tst.js:11:0:11:0 | suppression range |
|
||||
| tst.js:11:1:11:10 | /* lgtm */ | lgtm | lgtm | tst.js:11:1:11:10 | suppression range |
|
||||
| tst.js:11:1:11:10 | /* lgtm */ | lgtm | lgtm | tst.js:12:0:12:0 | suppression range |
|
||||
| tst.js:12:1:12:9 | // lgtm[] | lgtm[] | lgtm[] | tst.js:12:1:12:9 | suppression range |
|
||||
| tst.js:12:1:12:9 | // lgtm[] | lgtm[] | lgtm[] | tst.js:13:0:13:0 | suppression range |
|
||||
| tst.js:14:1:14:6 | //lgtm | lgtm | lgtm | tst.js:14:1:14:6 | suppression range |
|
||||
| tst.js:14:1:14:6 | //lgtm | lgtm | lgtm | tst.js:15:0:15:0 | suppression range |
|
||||
| tst.js:15:1:15:7 | //\\tlgtm | \tlgtm | lgtm | tst.js:15:1:15:7 | suppression range |
|
||||
| tst.js:15:1:15:7 | //\\tlgtm | \tlgtm | lgtm | tst.js:16:0:16:0 | suppression range |
|
||||
| tst.js:16:1:16:31 | // lgtm ... tement] | lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | tst.js:16:1:16:31 | suppression range |
|
||||
| tst.js:16:1:16:31 | // lgtm ... tement] | lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | tst.js:17:0:17:0 | suppression range |
|
||||
| tst.js:19:1:19:12 | // foo; lgtm | foo; lgtm | lgtm | tst.js:19:1:19:12 | suppression range |
|
||||
| tst.js:19:1:19:12 | // foo; lgtm | foo; lgtm | lgtm | tst.js:20:0:20:0 | suppression range |
|
||||
| tst.js:20:1:20:35 | // foo; ... tement] | foo; lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tst.js:20:1:20:35 | suppression range |
|
||||
| tst.js:20:1:20:35 | // foo; ... tement] | foo; lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tst.js:21:0:21:0 | suppression range |
|
||||
| tst.js:22:1:22:34 | // foo ... tement] | foo lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tst.js:22:1:22:34 | suppression range |
|
||||
| tst.js:22:1:22:34 | // foo ... tement] | foo lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tst.js:23:0:23:0 | suppression range |
|
||||
| tst.js:24:1:24:38 | // foo ... nt] bar | foo lgtm[js/debugger-statement] bar | lgtm[js/debugger-statement] | tst.js:24:1:24:38 | suppression range |
|
||||
| tst.js:24:1:24:38 | // foo ... nt] bar | foo lgtm[js/debugger-statement] bar | lgtm[js/debugger-statement] | tst.js:25:0:25:0 | suppression range |
|
||||
| tst.js:25:1:25:8 | // LGTM! | LGTM! | LGTM | tst.js:25:1:25:8 | suppression range |
|
||||
| tst.js:25:1:25:8 | // LGTM! | LGTM! | LGTM | tst.js:26:0:26:0 | suppression range |
|
||||
| tst.js:26:1:26:30 | // LGTM ... tement] | LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | tst.js:26:1:26:30 | suppression range |
|
||||
| tst.js:26:1:26:30 | // LGTM ... tement] | LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | tst.js:27:0:27:0 | suppression range |
|
||||
| tst.js:27:1:27:70 | // lgtm ... nction] | lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] | tst.js:27:1:27:70 | suppression range |
|
||||
| tst.js:27:1:27:70 | // lgtm ... nction] | lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] | tst.js:28:0:28:0 | suppression range |
|
||||
| tst.js:27:1:27:70 | // lgtm ... nction] | lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tst.js:27:1:27:70 | suppression range |
|
||||
| tst.js:27:1:27:70 | // lgtm ... nction] | lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tst.js:28:0:28:0 | suppression range |
|
||||
| tst.js:28:1:28:36 | // lgtm ... ]; lgtm | lgtm[js/debugger-statement]; lgtm | lgtm | tst.js:28:1:28:36 | suppression range |
|
||||
| tst.js:28:1:28:36 | // lgtm ... ]; lgtm | lgtm[js/debugger-statement]; lgtm | lgtm | tst.js:29:0:29:0 | suppression range |
|
||||
| tst.js:28:1:28:36 | // lgtm ... ]; lgtm | lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement] | tst.js:28:1:28:36 | suppression range |
|
||||
| tst.js:28:1:28:36 | // lgtm ... ]; lgtm | lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement] | tst.js:29:0:29:0 | suppression range |
|
||||
| tst.js:29:1:29:12 | /* lgtm[] */ | lgtm[] | lgtm[] | tst.js:29:1:29:12 | suppression range |
|
||||
| tst.js:29:1:29:12 | /* lgtm[] */ | lgtm[] | lgtm[] | tst.js:30:0:30:0 | suppression range |
|
||||
| tst.js:30:1:30:41 | /* lgtm ... ion] */ | lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tst.js:30:1:30:41 | suppression range |
|
||||
| tst.js:30:1:30:41 | /* lgtm ... ion] */ | lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tst.js:31:0:31:0 | suppression range |
|
||||
| tst.js:36:1:36:55 | /* lgtm ... ion] */ | lgtm[@tag:nullness,js/invocation-of-non-function] | lgtm[@tag:nullness,js/invocation-of-non-function] | tst.js:36:1:36:55 | suppression range |
|
||||
| tst.js:36:1:36:55 | /* lgtm ... ion] */ | lgtm[@tag:nullness,js/invocation-of-non-function] | lgtm[@tag:nullness,js/invocation-of-non-function] | tst.js:37:0:37:0 | suppression range |
|
||||
| tst.js:37:1:37:25 | /* lgtm ... ess] */ | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tst.js:37:1:37:25 | suppression range |
|
||||
| tstWindows.html:5:30:5:42 | <!-- lgtm --> | lgtm | lgtm | tstWindows.html:5:1:5:42 | suppression range |
|
||||
| tst.js:37:1:37:25 | /* lgtm ... ess] */ | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tst.js:38:0:38:0 | suppression range |
|
||||
| tst.js:38:1:38:32 | // code ... tement] | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | tst.js:39:0:39:0 | suppression range |
|
||||
| tst.js:39:1:39:32 | // CODE ... tement] | CODEQL[js/debugger-statement] | lgtm[js/debugger-statement] | tst.js:40:0:40:0 | suppression range |
|
||||
| tst.js:40:1:40:69 | // code ... codeql | codeql[js/debugger-statement] -- because I know better than codeql | lgtm[js/debugger-statement] | tst.js:41:0:41:0 | suppression range |
|
||||
| tst.js:41:1:41:35 | /* code ... ent] */ | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | tst.js:42:0:42:0 | suppression range |
|
||||
| tstWindows.html:4:5:4:36 | <!-- codeql[js/duplicate-id] --> | codeql[js/duplicate-id] | lgtm[js/duplicate-id] | tstWindows.html:5:0:5:0 | suppression range |
|
||||
| tstWindows.html:6:30:6:42 | <!-- lgtm --> | lgtm | lgtm | tstWindows.html:6:1:6:42 | suppression range |
|
||||
| tstWindows.js:1:11:1:17 | // lgtm | lgtm | lgtm | tstWindows.js:1:1:1:17 | suppression range |
|
||||
| tstWindows.js:2:1:2:30 | // lgtm ... tement] | lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.js:2:1:2:30 | suppression range |
|
||||
| tstWindows.js:2:1:2:30 | // lgtm ... tement] | lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.js:3:0:3:0 | suppression range |
|
||||
| tstWindows.js:3:1:3:61 | // lgtm ... nction] | lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | tstWindows.js:3:1:3:61 | suppression range |
|
||||
| tstWindows.js:3:1:3:61 | // lgtm ... nction] | lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | tstWindows.js:4:0:4:0 | suppression range |
|
||||
| tstWindows.js:4:1:4:22 | // lgtm ... llness] | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tstWindows.js:4:1:4:22 | suppression range |
|
||||
| tstWindows.js:4:1:4:22 | // lgtm ... llness] | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tstWindows.js:5:0:5:0 | suppression range |
|
||||
| tstWindows.js:5:1:5:44 | // lgtm ... tement] | lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | tstWindows.js:5:1:5:44 | suppression range |
|
||||
| tstWindows.js:5:1:5:44 | // lgtm ... tement] | lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | tstWindows.js:6:0:6:0 | suppression range |
|
||||
| tstWindows.js:6:1:6:28 | // lgtm ... -06-11] | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | tstWindows.js:6:1:6:28 | suppression range |
|
||||
| tstWindows.js:6:1:6:28 | // lgtm ... -06-11] | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | tstWindows.js:7:0:7:0 | suppression range |
|
||||
| tstWindows.js:7:1:7:70 | // lgtm ... an lgtm | lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] | tstWindows.js:7:1:7:70 | suppression range |
|
||||
| tstWindows.js:7:1:7:70 | // lgtm ... an lgtm | lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] | tstWindows.js:8:0:8:0 | suppression range |
|
||||
| tstWindows.js:8:1:8:18 | // lgtm: blah blah | lgtm: blah blah | lgtm | tstWindows.js:8:1:8:18 | suppression range |
|
||||
| tstWindows.js:8:1:8:18 | // lgtm: blah blah | lgtm: blah blah | lgtm | tstWindows.js:9:0:9:0 | suppression range |
|
||||
| tstWindows.js:9:1:9:32 | // lgtm ... ositive | lgtm blah blah #falsepositive | lgtm | tstWindows.js:9:1:9:32 | suppression range |
|
||||
| tstWindows.js:9:1:9:32 | // lgtm ... ositive | lgtm blah blah #falsepositive | lgtm | tstWindows.js:10:0:10:0 | suppression range |
|
||||
| tstWindows.js:10:1:10:39 | //lgtm ... nction] | lgtm [js/invocation-of-non-function] | lgtm [js/invocation-of-non-function] | tstWindows.js:10:1:10:39 | suppression range |
|
||||
| tstWindows.js:10:1:10:39 | //lgtm ... nction] | lgtm [js/invocation-of-non-function] | lgtm [js/invocation-of-non-function] | tstWindows.js:11:0:11:0 | suppression range |
|
||||
| tstWindows.js:11:1:11:10 | /* lgtm */ | lgtm | lgtm | tstWindows.js:11:1:11:10 | suppression range |
|
||||
| tstWindows.js:11:1:11:10 | /* lgtm */ | lgtm | lgtm | tstWindows.js:12:0:12:0 | suppression range |
|
||||
| tstWindows.js:12:1:12:9 | // lgtm[] | lgtm[] | lgtm[] | tstWindows.js:12:1:12:9 | suppression range |
|
||||
| tstWindows.js:12:1:12:9 | // lgtm[] | lgtm[] | lgtm[] | tstWindows.js:13:0:13:0 | suppression range |
|
||||
| tstWindows.js:14:1:14:6 | //lgtm | lgtm | lgtm | tstWindows.js:14:1:14:6 | suppression range |
|
||||
| tstWindows.js:14:1:14:6 | //lgtm | lgtm | lgtm | tstWindows.js:15:0:15:0 | suppression range |
|
||||
| tstWindows.js:15:1:15:7 | //\\tlgtm | \tlgtm | lgtm | tstWindows.js:15:1:15:7 | suppression range |
|
||||
| tstWindows.js:15:1:15:7 | //\\tlgtm | \tlgtm | lgtm | tstWindows.js:16:0:16:0 | suppression range |
|
||||
| tstWindows.js:16:1:16:31 | // lgtm ... tement] | lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | tstWindows.js:16:1:16:31 | suppression range |
|
||||
| tstWindows.js:16:1:16:31 | // lgtm ... tement] | lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | tstWindows.js:17:0:17:0 | suppression range |
|
||||
| tstWindows.js:19:1:19:12 | // foo; lgtm | foo; lgtm | lgtm | tstWindows.js:19:1:19:12 | suppression range |
|
||||
| tstWindows.js:19:1:19:12 | // foo; lgtm | foo; lgtm | lgtm | tstWindows.js:20:0:20:0 | suppression range |
|
||||
| tstWindows.js:20:1:20:35 | // foo; ... tement] | foo; lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.js:20:1:20:35 | suppression range |
|
||||
| tstWindows.js:20:1:20:35 | // foo; ... tement] | foo; lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.js:21:0:21:0 | suppression range |
|
||||
| tstWindows.js:22:1:22:34 | // foo ... tement] | foo lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.js:22:1:22:34 | suppression range |
|
||||
| tstWindows.js:22:1:22:34 | // foo ... tement] | foo lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.js:23:0:23:0 | suppression range |
|
||||
| tstWindows.js:24:1:24:38 | // foo ... nt] bar | foo lgtm[js/debugger-statement] bar | lgtm[js/debugger-statement] | tstWindows.js:24:1:24:38 | suppression range |
|
||||
| tstWindows.js:24:1:24:38 | // foo ... nt] bar | foo lgtm[js/debugger-statement] bar | lgtm[js/debugger-statement] | tstWindows.js:25:0:25:0 | suppression range |
|
||||
| tstWindows.js:25:1:25:8 | // LGTM! | LGTM! | LGTM | tstWindows.js:25:1:25:8 | suppression range |
|
||||
| tstWindows.js:25:1:25:8 | // LGTM! | LGTM! | LGTM | tstWindows.js:26:0:26:0 | suppression range |
|
||||
| tstWindows.js:26:1:26:30 | // LGTM ... tement] | LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | tstWindows.js:26:1:26:30 | suppression range |
|
||||
| tstWindows.js:26:1:26:30 | // LGTM ... tement] | LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | tstWindows.js:27:0:27:0 | suppression range |
|
||||
| tstWindows.js:27:1:27:70 | // lgtm ... nction] | lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] | tstWindows.js:27:1:27:70 | suppression range |
|
||||
| tstWindows.js:27:1:27:70 | // lgtm ... nction] | lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] | tstWindows.js:28:0:28:0 | suppression range |
|
||||
| tstWindows.js:27:1:27:70 | // lgtm ... nction] | lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tstWindows.js:27:1:27:70 | suppression range |
|
||||
| tstWindows.js:27:1:27:70 | // lgtm ... nction] | lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tstWindows.js:28:0:28:0 | suppression range |
|
||||
| tstWindows.js:28:1:28:36 | // lgtm ... ]; lgtm | lgtm[js/debugger-statement]; lgtm | lgtm | tstWindows.js:28:1:28:36 | suppression range |
|
||||
| tstWindows.js:28:1:28:36 | // lgtm ... ]; lgtm | lgtm[js/debugger-statement]; lgtm | lgtm | tstWindows.js:29:0:29:0 | suppression range |
|
||||
| tstWindows.js:28:1:28:36 | // lgtm ... ]; lgtm | lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement] | tstWindows.js:28:1:28:36 | suppression range |
|
||||
| tstWindows.js:28:1:28:36 | // lgtm ... ]; lgtm | lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement] | tstWindows.js:29:0:29:0 | suppression range |
|
||||
| tstWindows.js:29:1:29:12 | /* lgtm[] */ | lgtm[] | lgtm[] | tstWindows.js:29:1:29:12 | suppression range |
|
||||
| tstWindows.js:29:1:29:12 | /* lgtm[] */ | lgtm[] | lgtm[] | tstWindows.js:30:0:30:0 | suppression range |
|
||||
| tstWindows.js:30:1:30:41 | /* lgtm ... ion] */ | lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tstWindows.js:30:1:30:41 | suppression range |
|
||||
| tstWindows.js:30:1:30:41 | /* lgtm ... ion] */ | lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tstWindows.js:31:0:31:0 | suppression range |
|
||||
| tstWindows.js:36:1:36:55 | /* lgtm ... ion] */ | lgtm[@tag:nullness,js/invocation-of-non-function] | lgtm[@tag:nullness,js/invocation-of-non-function] | tstWindows.js:36:1:36:55 | suppression range |
|
||||
| tstWindows.js:36:1:36:55 | /* lgtm ... ion] */ | lgtm[@tag:nullness,js/invocation-of-non-function] | lgtm[@tag:nullness,js/invocation-of-non-function] | tstWindows.js:37:0:37:0 | suppression range |
|
||||
| tstWindows.js:37:1:37:25 | /* lgtm ... ess] */ | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tstWindows.js:37:1:37:25 | suppression range |
|
||||
| tstWindows.js:37:1:37:25 | /* lgtm ... ess] */ | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tstWindows.js:38:0:38:0 | suppression range |
|
||||
| tstWindows.js:38:1:38:32 | // code ... tement] | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.js:39:0:39:0 | suppression range |
|
||||
| tstWindows.js:39:1:39:32 | // CODE ... tement] | CODEQL[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.js:40:0:40:0 | suppression range |
|
||||
| tstWindows.js:40:1:40:69 | // code ... codeql | codeql[js/debugger-statement] -- because I know better than codeql | lgtm[js/debugger-statement] | tstWindows.js:41:0:41:0 | suppression range |
|
||||
| tstWindows.js:41:1:41:35 | /* code ... ent] */ | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.js:42:0:42:0 | suppression range |
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
<html>
|
||||
<head><title>Title</title></title>
|
||||
<body>
|
||||
<!-- codeql[js/duplicate-id] -->
|
||||
<div id="duplicate-id"/>
|
||||
<div id="duplicate-id"/> <!-- lgtm -->
|
||||
</body>
|
||||
|
||||
@@ -35,3 +35,10 @@ debugger; // lgtm
|
||||
*/
|
||||
/* lgtm[@tag:nullness,js/invocation-of-non-function] */
|
||||
/* lgtm[@tag:nullness] */
|
||||
// codeql[js/debugger-statement]
|
||||
// CODEQL[js/debugger-statement]
|
||||
// codeql[js/debugger-statement] -- because I know better than codeql
|
||||
/* codeql[js/debugger-statement] */
|
||||
/* codeql[js/debugger-statement]
|
||||
*/
|
||||
debugger; // codeql[js/debugger-statement]
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
<html>
|
||||
<head><title>Title</title></title>
|
||||
<body>
|
||||
<!-- codeql[js/duplicate-id] -->
|
||||
<div id="duplicate-id"/>
|
||||
<div id="duplicate-id"/> <!-- lgtm -->
|
||||
</body>
|
||||
|
||||
@@ -35,3 +35,10 @@ debugger; // lgtm
|
||||
*/
|
||||
/* lgtm[@tag:nullness,js/invocation-of-non-function] */
|
||||
/* lgtm[@tag:nullness] */
|
||||
// codeql[js/debugger-statement]
|
||||
// CODEQL[js/debugger-statement]
|
||||
// codeql[js/debugger-statement] -- because I know better than codeql
|
||||
/* codeql[js/debugger-statement] */
|
||||
/* codeql[js/debugger-statement]
|
||||
*/
|
||||
debugger; // codeql[js/debugger-statement]
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -0,0 +1,31 @@
|
||||
// First we need to wrap some database types
|
||||
class Stmt_ extends @py_stmt {
|
||||
string toString() { result = "Stmt" }
|
||||
}
|
||||
|
||||
class StmtList_ extends @py_stmt_list {
|
||||
string toString() { result = "StmtList" }
|
||||
}
|
||||
|
||||
/**
|
||||
* New kinds have been inserted such that
|
||||
* `@py_Exec` which used to have index 7 now has index 8.
|
||||
* Entries with lower indices are unchanged.
|
||||
*/
|
||||
bindingset[new_index]
|
||||
int old_index(int new_index) {
|
||||
not new_index = 7 and
|
||||
if new_index < 7 then result = new_index else result + (8 - 7) = new_index
|
||||
}
|
||||
|
||||
// The schema for py_stmts is:
|
||||
//
|
||||
// py_stmts(unique int id : @py_stmt,
|
||||
// int kind: int ref,
|
||||
// int parent : @py_stmt_list ref,
|
||||
// int idx : int ref);
|
||||
from Stmt_ expr, int new_kind, StmtList_ parent, int idx, int old_kind
|
||||
where
|
||||
py_stmts(expr, new_kind, parent, idx) and
|
||||
old_kind = old_index(new_kind)
|
||||
select expr, old_kind, parent, idx
|
||||
File diff suppressed because it is too large
Load Diff
@@ -0,0 +1,3 @@
|
||||
description: Add support for `except*`
|
||||
compatibility: backwards
|
||||
py_stmts.rel: run py_stmts.qlo
|
||||
@@ -0,0 +1,5 @@
|
||||
---
|
||||
category: fix
|
||||
---
|
||||
* `except*` is now supported.
|
||||
* The result of `Try.getAHandler` and `Try.getHandler(<index>)` is no longer of type `ExceptStmt`, as handlers may also be `ExceptGroupStmt`s (After Python 3.11 introduced PEP 654). Instead, it is of the new type `ExceptionHandler` of which `ExceptStmt` and `ExceptGroupStmt` are subtypes. To support selecting only one type of handler, `Try.getANormalHandler` and `Try.getAGroupHandler` have been added. Existing uses of `Try.getAHandler` for which it is important to select only normal handlers, will need to be updated to `Try.getANormalHandler`.
|
||||
@@ -389,6 +389,26 @@ class Eq_ extends @py_Eq, Cmpop {
|
||||
override string toString() { result = "Eq" }
|
||||
}
|
||||
|
||||
/** INTERNAL: See the class `ExceptGroupStmt` for further information. */
|
||||
class ExceptGroupStmt_ extends @py_ExceptGroupStmt, Stmt {
|
||||
/** Gets the type of this except group block. */
|
||||
Expr getType() { py_exprs(result, _, this, 1) }
|
||||
|
||||
/** Gets the name of this except group block. */
|
||||
Expr getName() { py_exprs(result, _, this, 2) }
|
||||
|
||||
/** Gets the body of this except group block. */
|
||||
StmtList getBody() { py_stmt_lists(result, this, 3) }
|
||||
|
||||
/** Gets the nth statement of this except group block. */
|
||||
Stmt getStmt(int index) { result = this.getBody().getItem(index) }
|
||||
|
||||
/** Gets a statement of this except group block. */
|
||||
Stmt getAStmt() { result = this.getBody().getAnItem() }
|
||||
|
||||
override string toString() { result = "ExceptGroupStmt" }
|
||||
}
|
||||
|
||||
/** INTERNAL: See the class `ExceptStmt` for further information. */
|
||||
class ExceptStmt_ extends @py_ExceptStmt, Stmt {
|
||||
/** Gets the type of this except block. */
|
||||
|
||||
@@ -143,12 +143,30 @@ class Exec extends Exec_ {
|
||||
override Stmt getASubStatement() { none() }
|
||||
}
|
||||
|
||||
/** An except statement (part of a `try` statement), such as `except IOError as err:` */
|
||||
class ExceptStmt extends ExceptStmt_ {
|
||||
/* syntax: except Expr [ as Expr ]: */
|
||||
/**
|
||||
* An exception handler such as an `except` or an `except*` statement
|
||||
* in a `try` statement.
|
||||
*/
|
||||
class ExceptionHandler extends Stmt {
|
||||
ExceptionHandler() {
|
||||
this instanceof ExceptStmt_
|
||||
or
|
||||
this instanceof ExceptGroupStmt_
|
||||
}
|
||||
|
||||
/** Gets the immediately enclosing try statement */
|
||||
Try getTry() { result.getAHandler() = this }
|
||||
|
||||
/** Gets the name of this except group block. */
|
||||
abstract Expr getName();
|
||||
|
||||
/** Gets the type of this except group block. */
|
||||
abstract Expr getType();
|
||||
}
|
||||
|
||||
/** An except group statement (part of a `try` statement), such as `except* IOError as err:` */
|
||||
class ExceptGroupStmt extends ExceptGroupStmt_, ExceptionHandler {
|
||||
/* syntax: except Expr [ as Expr ]: */
|
||||
override Expr getASubExpression() {
|
||||
result = this.getName()
|
||||
or
|
||||
@@ -159,10 +177,34 @@ class ExceptStmt extends ExceptStmt_ {
|
||||
|
||||
override Stmt getLastStatement() { result = this.getBody().getLastItem().getLastStatement() }
|
||||
|
||||
override Expr getName() { result = ExceptGroupStmt_.super.getName() }
|
||||
|
||||
override Expr getType() {
|
||||
result = super.getType() and not result instanceof Tuple
|
||||
result = ExceptGroupStmt_.super.getType() and not result instanceof Tuple
|
||||
or
|
||||
result = super.getType().(Tuple).getAnElt()
|
||||
result = ExceptGroupStmt_.super.getType().(Tuple).getAnElt()
|
||||
}
|
||||
}
|
||||
|
||||
/** An except statement (part of a `try` statement), such as `except IOError as err:` */
|
||||
class ExceptStmt extends ExceptStmt_, ExceptionHandler {
|
||||
/* syntax: except Expr [ as Expr ]: */
|
||||
override Expr getASubExpression() {
|
||||
result = this.getName()
|
||||
or
|
||||
result = this.getType()
|
||||
}
|
||||
|
||||
override Stmt getASubStatement() { result = this.getAStmt() }
|
||||
|
||||
override Stmt getLastStatement() { result = this.getBody().getLastItem().getLastStatement() }
|
||||
|
||||
override Expr getName() { result = ExceptStmt_.super.getName() }
|
||||
|
||||
override Expr getType() {
|
||||
result = ExceptStmt_.super.getType() and not result instanceof Tuple
|
||||
or
|
||||
result = ExceptStmt_.super.getType().(Tuple).getAnElt()
|
||||
}
|
||||
}
|
||||
|
||||
@@ -364,10 +406,15 @@ class Try extends Try_ {
|
||||
result = this.getAnOrelse()
|
||||
}
|
||||
|
||||
override ExceptStmt getHandler(int i) { result = Try_.super.getHandler(i) }
|
||||
override ExceptionHandler getHandler(int i) { result = Try_.super.getHandler(i) }
|
||||
|
||||
/** Gets an exception handler of this try statement. */
|
||||
override ExceptStmt getAHandler() { result = Try_.super.getAHandler() }
|
||||
override ExceptionHandler getAHandler() { result = Try_.super.getAHandler() }
|
||||
|
||||
/** Gets a normal exception handler, `except`, of this try statement. */
|
||||
ExceptStmt getANormalHandler() { result = this.getAHandler() }
|
||||
|
||||
/** Gets a group exception handler, `except*`, of this try statement. */
|
||||
ExceptGroupStmt getAGroupHandler() { result = this.getAHandler() }
|
||||
|
||||
override Stmt getLastStatement() {
|
||||
result = this.getFinalbody().getLastItem().getLastStatement()
|
||||
|
||||
@@ -260,6 +260,12 @@ module Public {
|
||||
* Holds if the neutral is auto generated.
|
||||
*/
|
||||
predicate isAutoGenerated() { neutralElement(this, true) }
|
||||
|
||||
/**
|
||||
* Holds if the neutral has the given provenance where `true` is
|
||||
* `generated` and `false` is `manual`.
|
||||
*/
|
||||
predicate hasProvenance(boolean generated) { neutralElement(this, generated) }
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -69,6 +69,8 @@ abstract class SsaSourceVariable extends @py_variable {
|
||||
or
|
||||
SsaSource::exception_capture(this, def)
|
||||
or
|
||||
SsaSource::exception_group_capture(this, def)
|
||||
or
|
||||
SsaSource::with_definition(this, def)
|
||||
or
|
||||
SsaSource::pattern_capture_definition(this, def)
|
||||
|
||||
@@ -511,12 +511,16 @@ class AssignmentDefinition extends EssaNodeDefinition {
|
||||
override string getAPrimaryQlClass() { result = "AssignmentDefinition" }
|
||||
}
|
||||
|
||||
/** A capture of a raised exception `except ExceptionType ex:` */
|
||||
/** A capture of a raised exception `except ExceptionType as ex:` */
|
||||
class ExceptionCapture extends EssaNodeDefinition {
|
||||
ExceptionCapture() {
|
||||
SsaSource::exception_capture(this.getSourceVariable(), this.getDefiningNode())
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the type handled by this exception handler
|
||||
* `ExceptionType` in `except ExceptionType as ex:`.
|
||||
*/
|
||||
ControlFlowNode getType() {
|
||||
exists(ExceptFlowNode ex |
|
||||
ex.getName() = this.getDefiningNode() and
|
||||
@@ -529,6 +533,28 @@ class ExceptionCapture extends EssaNodeDefinition {
|
||||
override string getAPrimaryQlClass() { result = "ExceptionCapture" }
|
||||
}
|
||||
|
||||
/** A capture of a raised exception group `except* ExceptionType as ex:` */
|
||||
class ExceptionGroupCapture extends EssaNodeDefinition {
|
||||
ExceptionGroupCapture() {
|
||||
SsaSource::exception_group_capture(this.getSourceVariable(), this.getDefiningNode())
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the type handled by this exception handler
|
||||
* `ExceptionType` in `except* ExceptionType as ex:`.
|
||||
*/
|
||||
ControlFlowNode getType() {
|
||||
exists(ExceptGroupFlowNode ex |
|
||||
ex.getName() = this.getDefiningNode() and
|
||||
result = ex.getType()
|
||||
)
|
||||
}
|
||||
|
||||
override string getRepresentation() { result = "except* " + this.getSourceVariable().getName() }
|
||||
|
||||
override string getAPrimaryQlClass() { result = "ExceptionGroupCapture" }
|
||||
}
|
||||
|
||||
/** An assignment to a variable as part of a multiple assignment `..., v, ... = val` */
|
||||
class MultiAssignmentDefinition extends EssaNodeDefinition {
|
||||
MultiAssignmentDefinition() {
|
||||
|
||||
@@ -30,6 +30,13 @@ module SsaSource {
|
||||
exists(ExceptFlowNode ex | ex.getName() = defn)
|
||||
}
|
||||
|
||||
/** Holds if `v` is defined by assignment of the captured exception group. */
|
||||
cached
|
||||
predicate exception_group_capture(Variable v, NameNode defn) {
|
||||
defn.defines(v) and
|
||||
exists(ExceptGroupFlowNode ex | ex.getName() = defn)
|
||||
}
|
||||
|
||||
/** Holds if `v` is defined by a with statement. */
|
||||
cached
|
||||
predicate with_definition(Variable v, ControlFlowNode defn) {
|
||||
|
||||
@@ -367,6 +367,10 @@ predicate scope_raises_unknown(Scope s) {
|
||||
class ExceptFlowNode extends ControlFlowNode {
|
||||
ExceptFlowNode() { this.getNode() instanceof ExceptStmt }
|
||||
|
||||
/**
|
||||
* Gets the type handled by this exception handler.
|
||||
* `ExceptionType` in `except ExceptionType as e:`
|
||||
*/
|
||||
ControlFlowNode getType() {
|
||||
exists(ExceptStmt ex |
|
||||
this.getBasicBlock().dominates(result.getBasicBlock()) and
|
||||
@@ -375,6 +379,10 @@ class ExceptFlowNode extends ControlFlowNode {
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the name assigned to the handled exception, if any.
|
||||
* `e` in `except ExceptionType as e:`
|
||||
*/
|
||||
ControlFlowNode getName() {
|
||||
exists(ExceptStmt ex |
|
||||
this.getBasicBlock().dominates(result.getBasicBlock()) and
|
||||
@@ -439,6 +447,29 @@ class ExceptFlowNode extends ControlFlowNode {
|
||||
}
|
||||
}
|
||||
|
||||
/** The ControlFlowNode for an 'except*' statement. */
|
||||
class ExceptGroupFlowNode extends ControlFlowNode {
|
||||
ExceptGroupFlowNode() { this.getNode() instanceof ExceptGroupStmt }
|
||||
|
||||
/**
|
||||
* Gets the type handled by this exception handler.
|
||||
* `ExceptionType` in `except* ExceptionType as e:`
|
||||
*/
|
||||
ControlFlowNode getType() {
|
||||
this.getBasicBlock().dominates(result.getBasicBlock()) and
|
||||
result = this.getNode().(ExceptGroupStmt).getType().getAFlowNode()
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the name assigned to the handled exception, if any.
|
||||
* `e` in `except* ExceptionType as e:`
|
||||
*/
|
||||
ControlFlowNode getName() {
|
||||
this.getBasicBlock().dominates(result.getBasicBlock()) and
|
||||
result = this.getNode().(ExceptGroupStmt).getName().getAFlowNode()
|
||||
}
|
||||
}
|
||||
|
||||
private ControlFlowNode element_from_tuple_objectapi(Object tuple) {
|
||||
exists(Tuple t | t = tuple.getOrigin() and result = t.getAnElt().getAFlowNode())
|
||||
}
|
||||
|
||||
@@ -273,6 +273,11 @@ py_extracted_version(int module : @py_Module ref,
|
||||
/* <Field> Ellipsis.location = 0, location */
|
||||
/* <Field> Ellipsis.parenthesised = 1, bool */
|
||||
|
||||
/* <Field> ExceptGroupStmt.location = 0, location */
|
||||
/* <Field> ExceptGroupStmt.type = 1, expr */
|
||||
/* <Field> ExceptGroupStmt.name = 2, expr */
|
||||
/* <Field> ExceptGroupStmt.body = 3, stmt_list */
|
||||
|
||||
/* <Field> ExceptStmt.location = 0, location */
|
||||
/* <Field> ExceptStmt.type = 1, expr */
|
||||
/* <Field> ExceptStmt.name = 2, expr */
|
||||
@@ -863,25 +868,26 @@ case @py_stmt.kind of
|
||||
| 4 = @py_Continue
|
||||
| 5 = @py_Delete
|
||||
| 6 = @py_ExceptStmt
|
||||
| 7 = @py_Exec
|
||||
| 8 = @py_Expr_stmt
|
||||
| 9 = @py_For
|
||||
| 10 = @py_Global
|
||||
| 11 = @py_If
|
||||
| 12 = @py_Import
|
||||
| 13 = @py_ImportStar
|
||||
| 14 = @py_MatchStmt
|
||||
| 15 = @py_Case
|
||||
| 16 = @py_Nonlocal
|
||||
| 17 = @py_Pass
|
||||
| 18 = @py_Print
|
||||
| 19 = @py_Raise
|
||||
| 20 = @py_Return
|
||||
| 21 = @py_Try
|
||||
| 22 = @py_While
|
||||
| 23 = @py_With
|
||||
| 24 = @py_TemplateWrite
|
||||
| 25 = @py_AnnAssign;
|
||||
| 7 = @py_ExceptGroupStmt
|
||||
| 8 = @py_Exec
|
||||
| 9 = @py_Expr_stmt
|
||||
| 10 = @py_For
|
||||
| 11 = @py_Global
|
||||
| 12 = @py_If
|
||||
| 13 = @py_Import
|
||||
| 14 = @py_ImportStar
|
||||
| 15 = @py_MatchStmt
|
||||
| 16 = @py_Case
|
||||
| 17 = @py_Nonlocal
|
||||
| 18 = @py_Pass
|
||||
| 19 = @py_Print
|
||||
| 20 = @py_Raise
|
||||
| 21 = @py_Return
|
||||
| 22 = @py_Try
|
||||
| 23 = @py_While
|
||||
| 24 = @py_With
|
||||
| 25 = @py_TemplateWrite
|
||||
| 26 = @py_AnnAssign;
|
||||
|
||||
case @py_unaryop.kind of
|
||||
0 = @py_Invert
|
||||
@@ -907,7 +913,7 @@ case @py_unaryop.kind of
|
||||
|
||||
@py_expr_or_stmt = @py_expr | @py_stmt;
|
||||
|
||||
@py_expr_parent = @py_AnnAssign | @py_Assert | @py_Assign | @py_AssignExpr | @py_Attribute | @py_AugAssign | @py_Await | @py_BinaryExpr | @py_Call | @py_Case | @py_Compare | @py_DictComp | @py_DictUnpacking | @py_ExceptStmt | @py_Exec | @py_Expr_stmt | @py_Filter | @py_For | @py_FormattedValue | @py_Function | @py_FunctionExpr | @py_GeneratorExp | @py_Guard | @py_If | @py_IfExp | @py_ImportMember | @py_ImportStar | @py_KeyValuePair | @py_ListComp | @py_MatchAsPattern | @py_MatchCapturePattern | @py_MatchClassPattern | @py_MatchKeywordPattern | @py_MatchLiteralPattern | @py_MatchStmt | @py_MatchValuePattern | @py_Print | @py_Raise | @py_Repr | @py_Return | @py_SetComp | @py_Slice | @py_Starred | @py_Subscript | @py_TemplateDottedNotation | @py_TemplateWrite | @py_UnaryExpr | @py_While | @py_With | @py_Yield | @py_YieldFrom | @py_alias | @py_arguments | @py_comprehension | @py_expr_list | @py_keyword | @py_parameter_list;
|
||||
@py_expr_parent = @py_AnnAssign | @py_Assert | @py_Assign | @py_AssignExpr | @py_Attribute | @py_AugAssign | @py_Await | @py_BinaryExpr | @py_Call | @py_Case | @py_Compare | @py_DictComp | @py_DictUnpacking | @py_ExceptGroupStmt | @py_ExceptStmt | @py_Exec | @py_Expr_stmt | @py_Filter | @py_For | @py_FormattedValue | @py_Function | @py_FunctionExpr | @py_GeneratorExp | @py_Guard | @py_If | @py_IfExp | @py_ImportMember | @py_ImportStar | @py_KeyValuePair | @py_ListComp | @py_MatchAsPattern | @py_MatchCapturePattern | @py_MatchClassPattern | @py_MatchKeywordPattern | @py_MatchLiteralPattern | @py_MatchStmt | @py_MatchValuePattern | @py_Print | @py_Raise | @py_Repr | @py_Return | @py_SetComp | @py_Slice | @py_Starred | @py_Subscript | @py_TemplateDottedNotation | @py_TemplateWrite | @py_UnaryExpr | @py_While | @py_With | @py_Yield | @py_YieldFrom | @py_alias | @py_arguments | @py_comprehension | @py_expr_list | @py_keyword | @py_parameter_list;
|
||||
|
||||
@py_location_parent = @py_DictUnpacking | @py_KeyValuePair | @py_StringPart | @py_comprehension | @py_expr | @py_keyword | @py_pattern | @py_stmt;
|
||||
|
||||
@@ -919,7 +925,7 @@ case @py_unaryop.kind of
|
||||
|
||||
@py_scope = @py_Class | @py_Function | @py_Module;
|
||||
|
||||
@py_stmt_list_parent = @py_Case | @py_Class | @py_ExceptStmt | @py_For | @py_Function | @py_If | @py_MatchStmt | @py_Module | @py_Try | @py_While | @py_With;
|
||||
@py_stmt_list_parent = @py_Case | @py_Class | @py_ExceptGroupStmt | @py_ExceptStmt | @py_For | @py_Function | @py_If | @py_MatchStmt | @py_Module | @py_Try | @py_While | @py_With;
|
||||
|
||||
@py_str_list_parent = @py_Global | @py_Nonlocal;
|
||||
|
||||
|
||||
@@ -469,6 +469,10 @@
|
||||
<v>5610</v>
|
||||
</e>
|
||||
<e>
|
||||
<k>@py_ExceptGroupStmt</k>
|
||||
<v>1000</v>
|
||||
</e>
|
||||
<e>
|
||||
<k>@py_Expr_stmt</k>
|
||||
<v>76750</v>
|
||||
</e>
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -0,0 +1,30 @@
|
||||
// First we need to wrap some database types
|
||||
class Stmt_ extends @py_stmt {
|
||||
string toString() { result = "Stmt" }
|
||||
}
|
||||
|
||||
class StmtList_ extends @py_stmt_list {
|
||||
string toString() { result = "StmtList" }
|
||||
}
|
||||
|
||||
/**
|
||||
* New kinds have been inserted such that
|
||||
* `@py_Exec` which used to have index 7 now has index 8.
|
||||
* Entries with lower indices are unchanged.
|
||||
*/
|
||||
bindingset[old_index]
|
||||
int new_index(int old_index) {
|
||||
if old_index < 7 then result = old_index else result = (8 - 7) + old_index
|
||||
}
|
||||
|
||||
// The schema for py_stmts is:
|
||||
//
|
||||
// py_stmts(unique int id : @py_stmt,
|
||||
// int kind: int ref,
|
||||
// int parent : @py_stmt_list ref,
|
||||
// int idx : int ref);
|
||||
from Stmt_ expr, int old_kind, StmtList_ parent, int idx, int new_kind
|
||||
where
|
||||
py_stmts(expr, old_kind, parent, idx) and
|
||||
new_kind = new_index(old_kind)
|
||||
select expr, new_kind, parent, idx
|
||||
File diff suppressed because it is too large
Load Diff
@@ -0,0 +1,3 @@
|
||||
description: Add support for `except*`
|
||||
compatibility: backwards
|
||||
py_stmts.rel: run py_stmts.qlo
|
||||
@@ -5,9 +5,19 @@
|
||||
* @id py/alert-suppression
|
||||
*/
|
||||
|
||||
private import codeql.suppression.AlertSuppression as AS
|
||||
private import codeql.util.suppression.AlertSuppression as AS
|
||||
private import semmle.python.Comment as P
|
||||
|
||||
class AstNode instanceof P::AstNode {
|
||||
predicate hasLocationInfo(
|
||||
string filepath, int startline, int startcolumn, int endline, int endcolumn
|
||||
) {
|
||||
super.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
|
||||
}
|
||||
|
||||
string toString() { result = super.toString() }
|
||||
}
|
||||
|
||||
class SingleLineComment instanceof P::Comment {
|
||||
predicate hasLocationInfo(
|
||||
string filepath, int startline, int startcolumn, int endline, int endcolumn
|
||||
@@ -20,7 +30,7 @@ class SingleLineComment instanceof P::Comment {
|
||||
string toString() { result = super.toString() }
|
||||
}
|
||||
|
||||
import AS::Make<SingleLineComment>
|
||||
import AS::Make<AstNode, SingleLineComment>
|
||||
|
||||
/**
|
||||
* A noqa suppression comment. Both pylint and pyflakes respect this, so lgtm ought to too.
|
||||
|
||||
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The `analysis/AlertSuppression.ql` query has moved to the root folder. Users that refer to this query by path should update their configurations. The query has been updated to support the new `# codeql[query-id]` supression comments. These comments can be used to suppress an alert and must be placed on a blank line before the alert. In addition the legacy `# lgtm` and `# lgtm[query-id]` comments can now also be place on the line before an alert.
|
||||
@@ -1521,7 +1521,7 @@ class With_await:
|
||||
def __await__(self):
|
||||
SINK1(self)
|
||||
OK() # Call not found
|
||||
return (yield from asyncio.coroutine(lambda: "")())
|
||||
return (yield from [])
|
||||
|
||||
|
||||
async def atest_await():
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
missingAnnotationOnSink
|
||||
failures
|
||||
@@ -0,0 +1,2 @@
|
||||
import python
|
||||
import experimental.dataflow.TestUtil.NormalDataflowTest
|
||||
@@ -0,0 +1,24 @@
|
||||
uniqueEnclosingCallable
|
||||
uniqueType
|
||||
uniqueNodeLocation
|
||||
missingLocation
|
||||
uniqueNodeToString
|
||||
missingToString
|
||||
parameterCallable
|
||||
localFlowIsLocal
|
||||
readStepIsLocal
|
||||
storeStepIsLocal
|
||||
compatibleTypesReflexive
|
||||
unreachableNodeCCtx
|
||||
localCallNodes
|
||||
postIsNotPre
|
||||
postHasUniquePre
|
||||
uniquePostUpdate
|
||||
postIsInSameCallable
|
||||
reverseRead
|
||||
argHasPostUpdate
|
||||
postWithInFlow
|
||||
viableImplInCallContextTooLarge
|
||||
uniqueParameterNodeAtPosition
|
||||
uniqueParameterNodePosition
|
||||
uniqueContentApprox
|
||||
@@ -0,0 +1 @@
|
||||
import semmle.python.dataflow.new.internal.DataFlowImplConsistency::Consistency
|
||||
35
python/ql/test/experimental/dataflow/exceptions/test.py
Normal file
35
python/ql/test/experimental/dataflow/exceptions/test.py
Normal file
@@ -0,0 +1,35 @@
|
||||
import sys
|
||||
import os
|
||||
|
||||
sys.path.append(os.path.dirname(os.path.dirname((__file__))))
|
||||
from testlib import expects
|
||||
|
||||
# These are defined so that we can evaluate the test code.
|
||||
NONSOURCE = "not a source"
|
||||
SOURCE = "source"
|
||||
|
||||
|
||||
def is_source(x):
|
||||
return x == "source" or x == b"source" or x == 42 or x == 42.0 or x == 42j
|
||||
|
||||
|
||||
def SINK(x):
|
||||
if is_source(x):
|
||||
print("OK")
|
||||
else:
|
||||
print("Unexpected flow", x)
|
||||
|
||||
|
||||
def SINK_F(x):
|
||||
if is_source(x):
|
||||
print("Unexpected flow", x)
|
||||
else:
|
||||
print("OK")
|
||||
|
||||
def test_as_binding():
|
||||
try:
|
||||
e_with_source = Exception()
|
||||
e_with_source.a = SOURCE
|
||||
raise e_with_source
|
||||
except Exception as e:
|
||||
SINK(e.a) # $ MISSING: flow
|
||||
@@ -0,0 +1,77 @@
|
||||
import sys
|
||||
import os
|
||||
|
||||
sys.path.append(os.path.dirname(os.path.dirname((__file__))))
|
||||
from testlib import expects
|
||||
|
||||
# These are defined so that we can evaluate the test code.
|
||||
NONSOURCE = "not a source"
|
||||
SOURCE = "source"
|
||||
|
||||
|
||||
def is_source(x):
|
||||
return x == "source" or x == b"source" or x == 42 or x == 42.0 or x == 42j
|
||||
|
||||
|
||||
def SINK(x):
|
||||
if is_source(x):
|
||||
print("OK")
|
||||
else:
|
||||
print("Unexpected flow", x)
|
||||
|
||||
|
||||
def SINK_F(x):
|
||||
if is_source(x):
|
||||
print("Unexpected flow", x)
|
||||
else:
|
||||
print("OK")
|
||||
|
||||
def test_as_binding():
|
||||
try:
|
||||
e_with_source = Exception()
|
||||
e_with_source.a = SOURCE
|
||||
raise e_with_source
|
||||
except* Exception as eg:
|
||||
SINK(eg.exceptions[0].a) # $ MISSING: flow
|
||||
|
||||
@expects(4)
|
||||
def test_group():
|
||||
value_error_with_source = ValueError()
|
||||
value_error_with_source.a = SOURCE
|
||||
|
||||
type_error_without_source = TypeError()
|
||||
type_error_without_source.a = NONSOURCE
|
||||
|
||||
os_error_without_source = OSError()
|
||||
os_error_without_source.a = NONSOURCE
|
||||
|
||||
eg = ExceptionGroup(
|
||||
"one",
|
||||
[
|
||||
type_error_without_source,
|
||||
ExceptionGroup(
|
||||
"two",
|
||||
[type_error_without_source, value_error_with_source]
|
||||
),
|
||||
ExceptionGroup(
|
||||
"three",
|
||||
[os_error_without_source]
|
||||
)
|
||||
]
|
||||
)
|
||||
try:
|
||||
raise eg
|
||||
except* (TypeError, OSError) as es:
|
||||
# The matched sub-group, represented by `es` is filtered,
|
||||
# but the nesting is in place.
|
||||
SINK_F(es.exceptions[0].a)
|
||||
SINK_F(es.exceptions[1].exceptions[0].a)
|
||||
SINK_F(es.exceptions[2].exceptions[0].a)
|
||||
except* ValueError as es:
|
||||
# The matched sub-group, represented by `es` is filtered,
|
||||
# but the nesting is in place.
|
||||
# So the ValueError was originally found in
|
||||
# `eg.exceptions[1].exceptions[1].a`
|
||||
# but now it is found in
|
||||
# `es.exceptions[0].exceptions[0].a`
|
||||
SINK(es.exceptions[0].exceptions[0].a) # $ MISSING: flow
|
||||
@@ -51,6 +51,14 @@ def check_tests_valid(testFile):
|
||||
check_async_test_function(item)
|
||||
|
||||
|
||||
def check_tests_valid_after_version(testFile, version):
|
||||
|
||||
if sys.version_info[:2] >= version:
|
||||
print("INFO: Will run tests in", testFile, "since we're running Python", version, "or newer")
|
||||
check_tests_valid(testFile)
|
||||
else:
|
||||
print("WARN: Will not run tests in", testFile, "since we're running Python", sys.version_info[:2], "and need", version, "or newer")
|
||||
|
||||
if __name__ == "__main__":
|
||||
check_tests_valid("coverage.classes")
|
||||
check_tests_valid("coverage.test")
|
||||
@@ -61,12 +69,9 @@ if __name__ == "__main__":
|
||||
check_tests_valid("variable-capture.dict")
|
||||
check_tests_valid("module-initialization.multiphase")
|
||||
check_tests_valid("fieldflow.test")
|
||||
|
||||
if sys.version_info[:2] >= (3, 10):
|
||||
print("INFO: Will run `match` tests since we're running Python 3.10 or newer")
|
||||
check_tests_valid("match.test")
|
||||
else:
|
||||
print("WARN: Skipping `match` tests since we're not running 3.10 or newer")
|
||||
check_tests_valid_after_version("match.test", (3, 10))
|
||||
check_tests_valid("exceptions.test")
|
||||
check_tests_valid_after_version("exceptions.test_group", (3, 11))
|
||||
|
||||
# The below fails when trying to import modules
|
||||
# check_tests_valid("module-initialization.test")
|
||||
|
||||
@@ -15,8 +15,10 @@
|
||||
| test.py:19:4:19:31 | Comment # lgtm [py/line-too-long] | lgtm [py/line-too-long] | lgtm [py/line-too-long] | test.py:19:1:19:31 | suppression range |
|
||||
| test.py:20:4:20:14 | Comment # lgtm lgtm | lgtm lgtm | lgtm | test.py:20:1:20:14 | suppression range |
|
||||
| test.py:23:1:23:41 | Comment #lgtm -- Ignore this -- No line or scope. | lgtm -- Ignore this -- No line or scope. | lgtm | test.py:23:1:23:41 | suppression range |
|
||||
| test.py:23:1:23:41 | Comment #lgtm -- Ignore this -- No line or scope. | lgtm -- Ignore this -- No line or scope. | lgtm | test.py:24:0:24:0 | suppression range |
|
||||
| test.py:27:12:27:23 | Comment #lgtm [func] | lgtm [func] | lgtm [func] | test.py:27:1:27:23 | suppression range |
|
||||
| test.py:28:5:28:70 | Comment # lgtm -- Blank line (ignore for now, maybe scope wide in future). | lgtm -- Blank line (ignore for now, maybe scope wide in future). | lgtm | test.py:28:1:28:70 | suppression range |
|
||||
| test.py:28:5:28:70 | Comment # lgtm -- Blank line (ignore for now, maybe scope wide in future). | lgtm -- Blank line (ignore for now, maybe scope wide in future). | lgtm | test.py:29:0:29:0 | suppression range |
|
||||
| test.py:29:17:29:35 | Comment # lgtm on docstring | lgtm on docstring | lgtm | test.py:29:1:29:35 | suppression range |
|
||||
| test.py:30:16:30:47 | Comment #lgtm [py/duplicate-key-in-dict] | lgtm [py/duplicate-key-in-dict] | lgtm [py/duplicate-key-in-dict] | test.py:30:1:30:47 | suppression range |
|
||||
| test.py:35:10:35:21 | Comment # lgtm class | lgtm class | lgtm | test.py:35:1:35:21 | suppression range |
|
||||
@@ -25,6 +27,7 @@
|
||||
| test.py:40:4:40:9 | Comment # noqa | noqa | lgtm | test.py:40:1:40:9 | suppression range |
|
||||
| test.py:45:4:45:31 | Comment # noqa -- Some extra detail. | noqa -- Some extra detail. | lgtm | test.py:45:1:45:31 | suppression range |
|
||||
| test.py:49:1:49:10 | Comment #LGTM-1929 | LGTM-1929 | LGTM | test.py:49:1:49:10 | suppression range |
|
||||
| test.py:49:1:49:10 | Comment #LGTM-1929 | LGTM-1929 | LGTM | test.py:50:0:50:0 | suppression range |
|
||||
| test.py:50:34:50:117 | Comment # noqa: E501; (line too long) pylint: disable=invalid-name; lgtm [py/missing-equals] | noqa: E501; (line too long) pylint: disable=invalid-name; lgtm [py/missing-equals] | lgtm [py/missing-equals] | test.py:50:1:50:117 | suppression range |
|
||||
| test.py:52:4:52:67 | Comment # noqa: E501; (line too long) pylint: disable=invalid-name; lgtm | noqa: E501; (line too long) pylint: disable=invalid-name; lgtm | lgtm | test.py:52:1:52:67 | suppression range |
|
||||
| test.py:53:4:53:78 | Comment # random nonsense lgtm [py/missing-equals] and then some more commentary... | random nonsense lgtm [py/missing-equals] and then some more commentary... | lgtm [py/missing-equals] | test.py:53:1:53:78 | suppression range |
|
||||
@@ -34,6 +37,9 @@
|
||||
| test.py:65:4:65:60 | Comment # lgtm[py/line-too-long] and lgtm[py/non-callable-called] | lgtm[py/line-too-long] and lgtm[py/non-callable-called] | lgtm[py/non-callable-called] | test.py:65:1:65:60 | suppression range |
|
||||
| test.py:66:4:66:33 | Comment # lgtm[py/line-too-long]; lgtm | lgtm[py/line-too-long]; lgtm | lgtm | test.py:66:1:66:33 | suppression range |
|
||||
| test.py:66:4:66:33 | Comment # lgtm[py/line-too-long]; lgtm | lgtm[py/line-too-long]; lgtm | lgtm[py/line-too-long] | test.py:66:1:66:33 | suppression range |
|
||||
| test.py:69:1:69:26 | Comment # codeql[py/line-too-long] | codeql[py/line-too-long] | lgtm[py/line-too-long] | test.py:70:0:70:0 | suppression range |
|
||||
| test.py:71:1:71:25 | Comment #CODEQL[py/line-too-long] | CODEQL[py/line-too-long] | lgtm[py/line-too-long] | test.py:72:0:72:0 | suppression range |
|
||||
| test.py:73:1:73:63 | Comment # codeql[py/line-too-long] -- because I know better than codeql | codeql[py/line-too-long] -- because I know better than codeql | lgtm[py/line-too-long] | test.py:74:0:74:0 | suppression range |
|
||||
| testWindows.py:4:4:4:9 | Comment # lgtm | lgtm | lgtm | testWindows.py:4:1:4:9 | suppression range |
|
||||
| testWindows.py:5:4:5:27 | Comment # lgtm[py/line-too-long] | lgtm[py/line-too-long] | lgtm[py/line-too-long] | testWindows.py:5:1:5:27 | suppression range |
|
||||
| testWindows.py:6:4:6:51 | Comment # lgtm[py/line-too-long, py/non-callable-called] | lgtm[py/line-too-long, py/non-callable-called] | lgtm[py/line-too-long, py/non-callable-called] | testWindows.py:6:1:6:51 | suppression range |
|
||||
@@ -51,8 +57,10 @@
|
||||
| testWindows.py:19:4:19:31 | Comment # lgtm [py/line-too-long] | lgtm [py/line-too-long] | lgtm [py/line-too-long] | testWindows.py:19:1:19:31 | suppression range |
|
||||
| testWindows.py:20:4:20:14 | Comment # lgtm lgtm | lgtm lgtm | lgtm | testWindows.py:20:1:20:14 | suppression range |
|
||||
| testWindows.py:23:1:23:41 | Comment #lgtm -- Ignore this -- No line or scope. | lgtm -- Ignore this -- No line or scope. | lgtm | testWindows.py:23:1:23:41 | suppression range |
|
||||
| testWindows.py:23:1:23:41 | Comment #lgtm -- Ignore this -- No line or scope. | lgtm -- Ignore this -- No line or scope. | lgtm | testWindows.py:24:0:24:0 | suppression range |
|
||||
| testWindows.py:27:12:27:23 | Comment #lgtm [func] | lgtm [func] | lgtm [func] | testWindows.py:27:1:27:23 | suppression range |
|
||||
| testWindows.py:28:5:28:70 | Comment # lgtm -- Blank line (ignore for now, maybe scope wide in future). | lgtm -- Blank line (ignore for now, maybe scope wide in future). | lgtm | testWindows.py:28:1:28:70 | suppression range |
|
||||
| testWindows.py:28:5:28:70 | Comment # lgtm -- Blank line (ignore for now, maybe scope wide in future). | lgtm -- Blank line (ignore for now, maybe scope wide in future). | lgtm | testWindows.py:29:0:29:0 | suppression range |
|
||||
| testWindows.py:29:17:29:35 | Comment # lgtm on docstring | lgtm on docstring | lgtm | testWindows.py:29:1:29:35 | suppression range |
|
||||
| testWindows.py:30:16:30:47 | Comment #lgtm [py/duplicate-key-in-dict] | lgtm [py/duplicate-key-in-dict] | lgtm [py/duplicate-key-in-dict] | testWindows.py:30:1:30:47 | suppression range |
|
||||
| testWindows.py:35:10:35:21 | Comment # lgtm class | lgtm class | lgtm | testWindows.py:35:1:35:21 | suppression range |
|
||||
@@ -64,3 +72,6 @@
|
||||
| testWindows.py:48:4:48:60 | Comment # lgtm[py/line-too-long] and lgtm[py/non-callable-called] | lgtm[py/line-too-long] and lgtm[py/non-callable-called] | lgtm[py/non-callable-called] | testWindows.py:48:1:48:60 | suppression range |
|
||||
| testWindows.py:49:4:49:33 | Comment # lgtm[py/line-too-long]; lgtm | lgtm[py/line-too-long]; lgtm | lgtm | testWindows.py:49:1:49:33 | suppression range |
|
||||
| testWindows.py:49:4:49:33 | Comment # lgtm[py/line-too-long]; lgtm | lgtm[py/line-too-long]; lgtm | lgtm[py/line-too-long] | testWindows.py:49:1:49:33 | suppression range |
|
||||
| testWindows.py:52:1:52:26 | Comment # codeql[py/line-too-long] | codeql[py/line-too-long] | lgtm[py/line-too-long] | testWindows.py:53:0:53:0 | suppression range |
|
||||
| testWindows.py:54:1:54:25 | Comment #CODEQL[py/line-too-long] | CODEQL[py/line-too-long] | lgtm[py/line-too-long] | testWindows.py:55:0:55:0 | suppression range |
|
||||
| testWindows.py:56:1:56:63 | Comment # codeql[py/line-too-long] -- because I know better than codeql | codeql[py/line-too-long] -- because I know better than codeql | lgtm[py/line-too-long] | testWindows.py:57:0:57:0 | suppression range |
|
||||
|
||||
@@ -64,3 +64,12 @@ class frozenbidict(BidictBase): # noqa: E501; (line too long) pylint: disable=i
|
||||
|
||||
"" # lgtm[py/line-too-long] and lgtm[py/non-callable-called]
|
||||
"" # lgtm[py/line-too-long]; lgtm
|
||||
|
||||
#CodeQL comments
|
||||
# codeql[py/line-too-long]
|
||||
""
|
||||
#CODEQL[py/line-too-long]
|
||||
""
|
||||
# codeql[py/line-too-long] -- because I know better than codeql
|
||||
""
|
||||
"" # codeql[py/line-too-long]
|
||||
|
||||
@@ -47,3 +47,12 @@ class C: # lgtm class
|
||||
|
||||
"" # lgtm[py/line-too-long] and lgtm[py/non-callable-called]
|
||||
"" # lgtm[py/line-too-long]; lgtm
|
||||
|
||||
#CodeQL comments
|
||||
# codeql[py/line-too-long]
|
||||
""
|
||||
#CODEQL[py/line-too-long]
|
||||
""
|
||||
# codeql[py/line-too-long] -- because I know better than codeql
|
||||
""
|
||||
"" # codeql[py/line-too-long]
|
||||
|
||||
@@ -91,7 +91,9 @@ class AstNode extends TAstNode {
|
||||
/** Gets an annotation of this AST node. */
|
||||
Annotation getAnAnnotation() {
|
||||
not this instanceof Annotation and // avoid cyclic parent-child relationship
|
||||
toQL(this).getParent() = pragma[only_bind_out](toQL(result)).getParent()
|
||||
toQL(this).getParent() = pragma[only_bind_out](toQL(result)).getParent() and
|
||||
// special case that is handled in `NewTypeBranch`
|
||||
not any(QL::DatatypeBranch branch) = pragma[only_bind_out](toQL(result)).getParent()
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -29,3 +29,8 @@ predicate calls(Foo f) {
|
||||
newtype TPathNode =
|
||||
pragma[assume_small_delta]
|
||||
TPathNodeMid()
|
||||
|
||||
private newtype TPathNode2 =
|
||||
pragma[assume_small_delta]
|
||||
TPathNodeMid2(boolean foo) { foo = true } or
|
||||
TPathNodeSink(string bar) { bar = "bar" }
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
nodes
|
||||
| Foo.qll:1:1:1:17 | Import | semmle.label | [Import] Import |
|
||||
| Foo.qll:1:1:1:17 | Import | semmle.order | 1 |
|
||||
| Foo.qll:1:1:31:17 | TopLevel | semmle.label | [TopLevel] TopLevel |
|
||||
| Foo.qll:1:1:31:17 | TopLevel | semmle.order | 1 |
|
||||
| Foo.qll:1:1:36:44 | TopLevel | semmle.label | [TopLevel] TopLevel |
|
||||
| Foo.qll:1:1:36:44 | TopLevel | semmle.order | 1 |
|
||||
| Foo.qll:1:8:1:17 | javascript | semmle.label | [ModuleExpr] javascript |
|
||||
| Foo.qll:1:8:1:17 | javascript | semmle.order | 3 |
|
||||
| Foo.qll:3:7:3:9 | Class Foo | semmle.label | [Class] Class Foo |
|
||||
@@ -161,6 +161,38 @@ nodes
|
||||
| Foo.qll:30:10:30:27 | assume_small_delta | semmle.order | 80 |
|
||||
| Foo.qll:31:3:31:14 | NewTypeBranch TPathNodeMid | semmle.label | [NewTypeBranch] NewTypeBranch TPathNodeMid |
|
||||
| Foo.qll:31:3:31:14 | NewTypeBranch TPathNodeMid | semmle.order | 81 |
|
||||
| Foo.qll:33:1:33:7 | annotation | semmle.label | [Annotation] annotation |
|
||||
| Foo.qll:33:1:33:7 | annotation | semmle.order | 82 |
|
||||
| Foo.qll:33:17:33:26 | NewType TPathNode2 | semmle.label | [NewType] NewType TPathNode2 |
|
||||
| Foo.qll:33:17:33:26 | NewType TPathNode2 | semmle.order | 83 |
|
||||
| Foo.qll:34:3:34:28 | annotation | semmle.label | [Annotation] annotation |
|
||||
| Foo.qll:34:3:34:28 | annotation | semmle.order | 84 |
|
||||
| Foo.qll:34:10:34:27 | assume_small_delta | semmle.label | [AnnotationArg] assume_small_delta |
|
||||
| Foo.qll:34:10:34:27 | assume_small_delta | semmle.order | 85 |
|
||||
| Foo.qll:35:3:35:15 | NewTypeBranch TPathNodeMid2 | semmle.label | [NewTypeBranch] NewTypeBranch TPathNodeMid2 |
|
||||
| Foo.qll:35:3:35:15 | NewTypeBranch TPathNodeMid2 | semmle.order | 86 |
|
||||
| Foo.qll:35:17:35:23 | TypeExpr | semmle.label | [TypeExpr] TypeExpr |
|
||||
| Foo.qll:35:17:35:23 | TypeExpr | semmle.order | 87 |
|
||||
| Foo.qll:35:17:35:27 | foo | semmle.label | [VarDecl] foo |
|
||||
| Foo.qll:35:17:35:27 | foo | semmle.order | 87 |
|
||||
| Foo.qll:35:32:35:34 | foo | semmle.label | [VarAccess] foo |
|
||||
| Foo.qll:35:32:35:34 | foo | semmle.order | 89 |
|
||||
| Foo.qll:35:32:35:41 | ComparisonFormula | semmle.label | [ComparisonFormula] ComparisonFormula |
|
||||
| Foo.qll:35:32:35:41 | ComparisonFormula | semmle.order | 89 |
|
||||
| Foo.qll:35:38:35:41 | Boolean | semmle.label | [Boolean] Boolean |
|
||||
| Foo.qll:35:38:35:41 | Boolean | semmle.order | 91 |
|
||||
| Foo.qll:36:3:36:15 | NewTypeBranch TPathNodeSink | semmle.label | [NewTypeBranch] NewTypeBranch TPathNodeSink |
|
||||
| Foo.qll:36:3:36:15 | NewTypeBranch TPathNodeSink | semmle.order | 92 |
|
||||
| Foo.qll:36:17:36:22 | TypeExpr | semmle.label | [TypeExpr] TypeExpr |
|
||||
| Foo.qll:36:17:36:22 | TypeExpr | semmle.order | 93 |
|
||||
| Foo.qll:36:17:36:26 | bar | semmle.label | [VarDecl] bar |
|
||||
| Foo.qll:36:17:36:26 | bar | semmle.order | 93 |
|
||||
| Foo.qll:36:31:36:33 | bar | semmle.label | [VarAccess] bar |
|
||||
| Foo.qll:36:31:36:33 | bar | semmle.order | 95 |
|
||||
| Foo.qll:36:31:36:41 | ComparisonFormula | semmle.label | [ComparisonFormula] ComparisonFormula |
|
||||
| Foo.qll:36:31:36:41 | ComparisonFormula | semmle.order | 95 |
|
||||
| Foo.qll:36:37:36:41 | String | semmle.label | [String] String |
|
||||
| Foo.qll:36:37:36:41 | String | semmle.order | 97 |
|
||||
| file://:0:0:0:0 | abs | semmle.label | [BuiltinPredicate] abs |
|
||||
| file://:0:0:0:0 | abs | semmle.label | [BuiltinPredicate] abs |
|
||||
| file://:0:0:0:0 | acos | semmle.label | [BuiltinPredicate] acos |
|
||||
@@ -243,24 +275,26 @@ nodes
|
||||
| file://:0:0:0:0 | trim | semmle.label | [BuiltinPredicate] trim |
|
||||
| file://:0:0:0:0 | ulp | semmle.label | [BuiltinPredicate] ulp |
|
||||
| printAst.ql:1:1:1:28 | Import | semmle.label | [Import] Import |
|
||||
| printAst.ql:1:1:1:28 | Import | semmle.order | 82 |
|
||||
| printAst.ql:1:1:1:28 | Import | semmle.order | 98 |
|
||||
| printAst.ql:1:1:1:29 | TopLevel | semmle.label | [TopLevel] TopLevel |
|
||||
| printAst.ql:1:1:1:29 | TopLevel | semmle.order | 82 |
|
||||
| printAst.ql:1:1:1:29 | TopLevel | semmle.order | 98 |
|
||||
| printAst.ql:1:18:1:28 | printAstAst | semmle.label | [ModuleExpr] printAstAst |
|
||||
| printAst.ql:1:18:1:28 | printAstAst | semmle.order | 84 |
|
||||
| printAst.ql:1:18:1:28 | printAstAst | semmle.order | 100 |
|
||||
edges
|
||||
| Foo.qll:1:1:1:17 | Import | Foo.qll:1:8:1:17 | javascript | semmle.label | getModuleExpr() |
|
||||
| Foo.qll:1:1:1:17 | Import | Foo.qll:1:8:1:17 | javascript | semmle.order | 3 |
|
||||
| Foo.qll:1:1:31:17 | TopLevel | Foo.qll:1:1:1:17 | Import | semmle.label | getAnImport() |
|
||||
| Foo.qll:1:1:31:17 | TopLevel | Foo.qll:1:1:1:17 | Import | semmle.order | 1 |
|
||||
| Foo.qll:1:1:31:17 | TopLevel | Foo.qll:3:7:3:9 | Class Foo | semmle.label | getAClass() |
|
||||
| Foo.qll:1:1:31:17 | TopLevel | Foo.qll:3:7:3:9 | Class Foo | semmle.order | 4 |
|
||||
| Foo.qll:1:1:31:17 | TopLevel | Foo.qll:9:17:9:19 | ClasslessPredicate foo | semmle.label | getAPredicate() |
|
||||
| Foo.qll:1:1:31:17 | TopLevel | Foo.qll:9:17:9:19 | ClasslessPredicate foo | semmle.order | 16 |
|
||||
| Foo.qll:1:1:31:17 | TopLevel | Foo.qll:13:11:13:15 | ClasslessPredicate calls | semmle.label | getAPredicate() |
|
||||
| Foo.qll:1:1:31:17 | TopLevel | Foo.qll:13:11:13:15 | ClasslessPredicate calls | semmle.order | 32 |
|
||||
| Foo.qll:1:1:31:17 | TopLevel | Foo.qll:29:9:29:17 | NewType TPathNode | semmle.label | getANewType() |
|
||||
| Foo.qll:1:1:31:17 | TopLevel | Foo.qll:29:9:29:17 | NewType TPathNode | semmle.order | 78 |
|
||||
| Foo.qll:1:1:36:44 | TopLevel | Foo.qll:1:1:1:17 | Import | semmle.label | getAnImport() |
|
||||
| Foo.qll:1:1:36:44 | TopLevel | Foo.qll:1:1:1:17 | Import | semmle.order | 1 |
|
||||
| Foo.qll:1:1:36:44 | TopLevel | Foo.qll:3:7:3:9 | Class Foo | semmle.label | getAClass() |
|
||||
| Foo.qll:1:1:36:44 | TopLevel | Foo.qll:3:7:3:9 | Class Foo | semmle.order | 4 |
|
||||
| Foo.qll:1:1:36:44 | TopLevel | Foo.qll:9:17:9:19 | ClasslessPredicate foo | semmle.label | getAPredicate() |
|
||||
| Foo.qll:1:1:36:44 | TopLevel | Foo.qll:9:17:9:19 | ClasslessPredicate foo | semmle.order | 16 |
|
||||
| Foo.qll:1:1:36:44 | TopLevel | Foo.qll:13:11:13:15 | ClasslessPredicate calls | semmle.label | getAPredicate() |
|
||||
| Foo.qll:1:1:36:44 | TopLevel | Foo.qll:13:11:13:15 | ClasslessPredicate calls | semmle.order | 32 |
|
||||
| Foo.qll:1:1:36:44 | TopLevel | Foo.qll:29:9:29:17 | NewType TPathNode | semmle.label | getANewType() |
|
||||
| Foo.qll:1:1:36:44 | TopLevel | Foo.qll:29:9:29:17 | NewType TPathNode | semmle.order | 78 |
|
||||
| Foo.qll:1:1:36:44 | TopLevel | Foo.qll:33:17:33:26 | NewType TPathNode2 | semmle.label | getANewType() |
|
||||
| Foo.qll:1:1:36:44 | TopLevel | Foo.qll:33:17:33:26 | NewType TPathNode2 | semmle.order | 83 |
|
||||
| Foo.qll:3:7:3:9 | Class Foo | Foo.qll:3:19:3:22 | TypeExpr | semmle.label | getASuperType() |
|
||||
| Foo.qll:3:7:3:9 | Class Foo | Foo.qll:3:19:3:22 | TypeExpr | semmle.order | 5 |
|
||||
| Foo.qll:3:7:3:9 | Class Foo | Foo.qll:4:3:4:17 | CharPred Foo | semmle.label | getCharPred() |
|
||||
@@ -409,9 +443,39 @@ edges
|
||||
| Foo.qll:30:3:30:28 | annotation | Foo.qll:30:10:30:27 | assume_small_delta | semmle.order | 80 |
|
||||
| Foo.qll:31:3:31:14 | NewTypeBranch TPathNodeMid | Foo.qll:30:3:30:28 | annotation | semmle.label | getAnAnnotation() |
|
||||
| Foo.qll:31:3:31:14 | NewTypeBranch TPathNodeMid | Foo.qll:30:3:30:28 | annotation | semmle.order | 79 |
|
||||
| Foo.qll:33:17:33:26 | NewType TPathNode2 | Foo.qll:33:1:33:7 | annotation | semmle.label | getAnAnnotation() |
|
||||
| Foo.qll:33:17:33:26 | NewType TPathNode2 | Foo.qll:33:1:33:7 | annotation | semmle.order | 82 |
|
||||
| Foo.qll:33:17:33:26 | NewType TPathNode2 | Foo.qll:35:3:35:15 | NewTypeBranch TPathNodeMid2 | semmle.label | getABranch() |
|
||||
| Foo.qll:33:17:33:26 | NewType TPathNode2 | Foo.qll:35:3:35:15 | NewTypeBranch TPathNodeMid2 | semmle.order | 86 |
|
||||
| Foo.qll:33:17:33:26 | NewType TPathNode2 | Foo.qll:36:3:36:15 | NewTypeBranch TPathNodeSink | semmle.label | getABranch() |
|
||||
| Foo.qll:33:17:33:26 | NewType TPathNode2 | Foo.qll:36:3:36:15 | NewTypeBranch TPathNodeSink | semmle.order | 92 |
|
||||
| Foo.qll:34:3:34:28 | annotation | Foo.qll:34:10:34:27 | assume_small_delta | semmle.label | getArgs(_) |
|
||||
| Foo.qll:34:3:34:28 | annotation | Foo.qll:34:10:34:27 | assume_small_delta | semmle.order | 85 |
|
||||
| Foo.qll:35:3:35:15 | NewTypeBranch TPathNodeMid2 | Foo.qll:34:3:34:28 | annotation | semmle.label | getAnAnnotation() |
|
||||
| Foo.qll:35:3:35:15 | NewTypeBranch TPathNodeMid2 | Foo.qll:34:3:34:28 | annotation | semmle.order | 84 |
|
||||
| Foo.qll:35:3:35:15 | NewTypeBranch TPathNodeMid2 | Foo.qll:35:17:35:27 | foo | semmle.label | getField(_) |
|
||||
| Foo.qll:35:3:35:15 | NewTypeBranch TPathNodeMid2 | Foo.qll:35:17:35:27 | foo | semmle.order | 87 |
|
||||
| Foo.qll:35:3:35:15 | NewTypeBranch TPathNodeMid2 | Foo.qll:35:32:35:41 | ComparisonFormula | semmle.label | getBody() |
|
||||
| Foo.qll:35:3:35:15 | NewTypeBranch TPathNodeMid2 | Foo.qll:35:32:35:41 | ComparisonFormula | semmle.order | 89 |
|
||||
| Foo.qll:35:17:35:27 | foo | Foo.qll:35:17:35:23 | TypeExpr | semmle.label | getTypeExpr() |
|
||||
| Foo.qll:35:17:35:27 | foo | Foo.qll:35:17:35:23 | TypeExpr | semmle.order | 87 |
|
||||
| Foo.qll:35:32:35:41 | ComparisonFormula | Foo.qll:35:32:35:34 | foo | semmle.label | getLeftOperand() |
|
||||
| Foo.qll:35:32:35:41 | ComparisonFormula | Foo.qll:35:32:35:34 | foo | semmle.order | 89 |
|
||||
| Foo.qll:35:32:35:41 | ComparisonFormula | Foo.qll:35:38:35:41 | Boolean | semmle.label | getRightOperand() |
|
||||
| Foo.qll:35:32:35:41 | ComparisonFormula | Foo.qll:35:38:35:41 | Boolean | semmle.order | 91 |
|
||||
| Foo.qll:36:3:36:15 | NewTypeBranch TPathNodeSink | Foo.qll:36:17:36:26 | bar | semmle.label | getField(_) |
|
||||
| Foo.qll:36:3:36:15 | NewTypeBranch TPathNodeSink | Foo.qll:36:17:36:26 | bar | semmle.order | 93 |
|
||||
| Foo.qll:36:3:36:15 | NewTypeBranch TPathNodeSink | Foo.qll:36:31:36:41 | ComparisonFormula | semmle.label | getBody() |
|
||||
| Foo.qll:36:3:36:15 | NewTypeBranch TPathNodeSink | Foo.qll:36:31:36:41 | ComparisonFormula | semmle.order | 95 |
|
||||
| Foo.qll:36:17:36:26 | bar | Foo.qll:36:17:36:22 | TypeExpr | semmle.label | getTypeExpr() |
|
||||
| Foo.qll:36:17:36:26 | bar | Foo.qll:36:17:36:22 | TypeExpr | semmle.order | 93 |
|
||||
| Foo.qll:36:31:36:41 | ComparisonFormula | Foo.qll:36:31:36:33 | bar | semmle.label | getLeftOperand() |
|
||||
| Foo.qll:36:31:36:41 | ComparisonFormula | Foo.qll:36:31:36:33 | bar | semmle.order | 95 |
|
||||
| Foo.qll:36:31:36:41 | ComparisonFormula | Foo.qll:36:37:36:41 | String | semmle.label | getRightOperand() |
|
||||
| Foo.qll:36:31:36:41 | ComparisonFormula | Foo.qll:36:37:36:41 | String | semmle.order | 97 |
|
||||
| printAst.ql:1:1:1:28 | Import | printAst.ql:1:18:1:28 | printAstAst | semmle.label | getModuleExpr() |
|
||||
| printAst.ql:1:1:1:28 | Import | printAst.ql:1:18:1:28 | printAstAst | semmle.order | 84 |
|
||||
| printAst.ql:1:1:1:28 | Import | printAst.ql:1:18:1:28 | printAstAst | semmle.order | 100 |
|
||||
| printAst.ql:1:1:1:29 | TopLevel | printAst.ql:1:1:1:28 | Import | semmle.label | getAnImport() |
|
||||
| printAst.ql:1:1:1:29 | TopLevel | printAst.ql:1:1:1:28 | Import | semmle.order | 82 |
|
||||
| printAst.ql:1:1:1:29 | TopLevel | printAst.ql:1:1:1:28 | Import | semmle.order | 98 |
|
||||
graphProperties
|
||||
| semmle.graphKind | tree |
|
||||
|
||||
@@ -260,6 +260,12 @@ module Public {
|
||||
* Holds if the neutral is auto generated.
|
||||
*/
|
||||
predicate isAutoGenerated() { neutralElement(this, true) }
|
||||
|
||||
/**
|
||||
* Holds if the neutral has the given provenance where `true` is
|
||||
* `generated` and `false` is `manual`.
|
||||
*/
|
||||
predicate hasProvenance(boolean generated) { neutralElement(this, generated) }
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -5,23 +5,25 @@
|
||||
* @id rb/alert-suppression
|
||||
*/
|
||||
|
||||
private import codeql.suppression.AlertSuppression as AS
|
||||
private import codeql.util.suppression.AlertSuppression as AS
|
||||
private import codeql.ruby.ast.internal.TreeSitter
|
||||
|
||||
class SingleLineComment extends Ruby::Comment {
|
||||
SingleLineComment() {
|
||||
// suppression comments must be single-line
|
||||
this.getLocation().getStartLine() = this.getLocation().getEndLine()
|
||||
}
|
||||
|
||||
class AstNode extends Ruby::Token {
|
||||
predicate hasLocationInfo(
|
||||
string filepath, int startline, int startcolumn, int endline, int endcolumn
|
||||
) {
|
||||
this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
|
||||
}
|
||||
}
|
||||
|
||||
class SingleLineComment extends Ruby::Comment, AstNode {
|
||||
SingleLineComment() {
|
||||
// suppression comments must be single-line
|
||||
this.getLocation().getStartLine() = this.getLocation().getEndLine()
|
||||
}
|
||||
|
||||
/** Gets the suppression annotation in this comment. */
|
||||
string getText() { result = this.getValue().suffix(1) }
|
||||
}
|
||||
|
||||
import AS::Make<SingleLineComment>
|
||||
import AS::Make<AstNode, SingleLineComment>
|
||||
|
||||
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The `AlertSuppression.ql` query has been updated to support the new `# codeql[query-id]` supression comments. These comments can be used to suppress an alert and must be placed on a blank line before the alert. In addition the legacy `# lgtm` and `# lgtm[query-id]` comments can now also be place on the line before an alert.
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user