hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into redsun82/swift-6

Browse Source
This commit is contained in:
Paolo Tranquilli
2024-12-12 12:28:47 +01:00
parent 3bc822f021 066db766ef
commit 5ca89eaede
345 changed files with 6663 additions and 2107 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
.bazelrc
View File

@@ -24,4 +24,12 @@ common --registry=https://bcr.bazel.build
common --@rules_dotnet//dotnet/settings:strict_deps=false
# Reduce this eventually to empty, once we've fixed all our usages of java, and https://github.com/bazel-contrib/rules_go/issues/4193 is fixed
common --incompatible_autoload_externally="+@rules_java,+@rules_shell"
build --java_language_version=17
build --tool_java_language_version=17
build --tool_java_runtime_version=remotejdk_17
build --java_runtime_version=remotejdk_17
try-import %workspace%/local.bazelrc

2
.bazelversion
View File

@@ -1 +1 @@
8.0.0rc1
8.0.0

2
.gitignore vendored
View File

@@ -8,7 +8,7 @@
# qltest projects and artifacts
*.actual
*/ql/test/**/*.testproj
*/ql/test*/**/*.testproj
*/ql/test/**/go.sum
# Visual studio temporaries, except a file used by QL4VS

9
MODULE.bazel
View File

@@ -15,16 +15,17 @@ local_path_override(
# see https://registry.bazel.build/ for a list of available packages
bazel_dep(name = "platforms", version = "0.0.10")
bazel_dep(name = "rules_go", version = "0.50.0")
bazel_dep(name = "rules_go", version = "0.50.1")
bazel_dep(name = "rules_pkg", version = "1.0.1")
bazel_dep(name = "rules_nodejs", version = "6.2.0-codeql.1")
bazel_dep(name = "rules_python", version = "0.36.0")
bazel_dep(name = "rules_python", version = "0.40.0")
bazel_dep(name = "rules_shell", version = "0.3.0")
bazel_dep(name = "bazel_skylib", version = "1.7.1")
bazel_dep(name = "abseil-cpp", version = "20240116.0", repo_name = "absl")
bazel_dep(name = "abseil-cpp", version = "20240116.1", repo_name = "absl")
bazel_dep(name = "nlohmann_json", version = "3.11.3", repo_name = "json")
bazel_dep(name = "fmt", version = "10.0.0")
bazel_dep(name = "rules_kotlin", version = "2.0.0-codeql.1")
bazel_dep(name = "gazelle", version = "0.38.0")
bazel_dep(name = "gazelle", version = "0.40.0")
bazel_dep(name = "rules_dotnet", version = "0.17.4")
bazel_dep(name = "googletest", version = "1.14.0.bcr.1")
bazel_dep(name = "rules_rust", version = "0.52.2")

18
cpp/ql/lib/ext/CA2CAEX.model.yml Normal file
View File

@@ -0,0 +1,18 @@
extensions:
- addsTo:
pack: codeql/cpp-all
extensible: summaryModel
data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
- ["", "_U_STRINGorID", True, "_U_STRINGorID", "(UINT)", "", "Argument[0]", "Argument[-1].Field[*m_lpstr]", "value", "manual"]
- ["", "_U_STRINGorID", True, "_U_STRINGorID", "(LPCTSTR)", "", "Argument[*0]", "Argument[-1].Field[*m_lpstr]", "value", "manual"]
- ["", "CA2AEX", True, "CA2AEX", "", "", "Argument[*0]", "Argument[-1].Field[*m_psz]", "value", "manual"]
- ["", "CA2AEX", True, "CA2AEX", "", "", "Argument[*0]", "Argument[-1].Field[m_szBuffer]", "value", "manual"]
- ["", "CA2AEX", True, "operator LPSTR", "", "", "Argument[-1].Field[*m_psz]", "ReturnValue[*]", "value", "manual"]
- ["", "CA2AEX", True, "CA2AEX", "", "", "Argument[*0]", "Argument[-1].Field[m_szBuffer]", "value", "manual"]
- ["", "CA2AEX", True, "operator LPSTR", "", "", "Argument[-1].Field[m_szBuffer]", "ReturnValue[*]", "value", "manual"]
- ["", "CA2CAEX", True, "CA2CAEX", "", "", "Argument[*0]", "Argument[-1].Field[*m_psz]", "value", "manual"]
- ["", "CA2CAEX", True, "operator LPCSTR", "", "", "Argument[-1].Field[*m_psz]", "ReturnValue[*]", "value", "manual"]
- ["", "CA2WEX", True, "CA2WEX", "", "", "Argument[*0]", "Argument[-1].Field[*m_psz]", "value", "manual"]
- ["", "CA2WEX", True, "operator LPWSTR", "", "", "Argument[-1].Field[*m_psz]", "ReturnValue[*]", "value", "manual"]
- ["", "CA2WEX", True, "CA2WEX", "", "", "Argument[*0]", "Argument[-1].Field[m_szBuffer]", "value", "manual"]
- ["", "CA2WEX", True, "operator LPWSTR", "", "", "Argument[-1].Field[m_szBuffer]", "ReturnValue[*]", "value", "manual"]

15
cpp/ql/lib/ext/CAtlArray.model.yml Normal file
View File

@@ -0,0 +1,15 @@
extensions:
- addsTo:
pack: codeql/cpp-all
extensible: summaryModel
data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
- ["", "CAtlArray", True, "Add", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"]
- ["", "CAtlArray", True, "Append", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
- ["", "CAtlArray", True, "Copy", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
- ["", "CAtlArray", True, "GetAt", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
- ["", "CAtlArray", True, "GetData", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
- ["", "CAtlArray", True, "InsertArrayAt", "", "", "Argument[*1].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
- ["", "CAtlArray", True, "InsertAt", "", "", "Argument[@1]", "Argument[-1].Element[@]", "value", "manual"]
- ["", "CAtlArray", True, "SetAt", "", "", "Argument[@1]", "Argument[-1].Element[@]", "value", "manual"]
- ["", "CAtlArray", True, "SetAtGrow", "", "", "Argument[@1]", "Argument[-1].Element[@]", "value", "manual"]
- ["", "CAtlArray", True, "operator[]", "", "", "Argument[-1].Element[@]", "ReturnValue[*]", "value", "manual"]

9
cpp/ql/lib/ext/CAtlFile.model.yml Normal file
View File

@@ -0,0 +1,9 @@
extensions:
- addsTo:
pack: codeql/cpp-all
extensible: summaryModel
data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
- ["", "CAtlFile", True, "CAtlFile", "(CAtlFile &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CAtlFile", True, "CAtlFile", "(HANDLE)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["", "CAtlFile", True, "Create", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CAtlFile", True, "Read", "", "", "Argument[-1]", "Argument[*0]", "taint", "manual"]

13
cpp/ql/lib/ext/CAtlFileMappingBase.model.yml Normal file
View File

@@ -0,0 +1,13 @@
extensions:
- addsTo:
pack: codeql/cpp-all
extensible: summaryModel
data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
- ["", "CAtlFileMappingBase", True, "CAtlFileMappingBase", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CAtlFileMappingBase", True, "CopyFrom", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CAtlFileMappingBase", True, "GetData", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["", "CAtlFileMappingBase", True, "GetHandle", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["", "CAtlFileMappingBase", True, "MapFile", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["", "CAtlFileMappingBase", True, "MapSharedMem", "", "", "Argument[*1]", "Argument[-1]", "taint", "manual"]
- ["", "CAtlFileMappingBase", True, "OpenMapping", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CAtlFileMappingBase", True, "operator=", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"]

15
cpp/ql/lib/ext/CAtlList.model.yml Normal file
View File

@@ -0,0 +1,15 @@
extensions:
- addsTo:
pack: codeql/cpp-all
extensible: summaryModel
data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
- ["", "CAtlList", True, "AddHead", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"]
- ["", "CAtlList", True, "AddHeadList", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
- ["", "CAtlList", True, "AddTail", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"]
- ["", "CAtlList", True, "AddTailList", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
- ["", "CAtlList", True, "GetAt", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
- ["", "CAtlList", True, "GetHead", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
- ["", "CAtlList", True, "GetTail", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
- ["", "CAtlList", True, "InsertAfter", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
- ["", "CAtlList", True, "InsertBefore", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
- ["", "CAtlList", True, "SetAt", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]

8
cpp/ql/lib/ext/CAtlTemporaryFile.model.yml Normal file
View File

@@ -0,0 +1,8 @@
extensions:
- addsTo:
pack: codeql/cpp-all
extensible: summaryModel
data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
- ["", "CAtlTemporaryFile", True, "Create", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CAtlTemporaryFile", True, "Read", "", "", "Argument[-1]", "Argument[*0]", "taint", "manual"]
- ["", "CAtlTemporaryFile", True, "Write", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]

33
cpp/ql/lib/ext/CComBSTR.model.yml Normal file
View File

@@ -0,0 +1,33 @@
extensions:
- addsTo:
pack: codeql/cpp-all
extensible: summaryModel
data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
- ["", "CComBSTR", True, "CComBSTR", "(LPCSTR)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CComBSTR", True, "CComBSTR", "(LPCOLESTR)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CComBSTR", True, "CComBSTR", "(int,LPCSTR)", "", "Argument[*1]", "Argument[-1]", "value", "manual"]
- ["", "CComBSTR", True, "CComBSTR", "(int,LPCOLESTR)", "", "Argument[*1]", "Argument[-1]", "value", "manual"]
- ["", "CComBSTR", True, "CComBSTR", "(const CComBSTR &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CComBSTR", True, "CComBSTR", "(CComBSTR &&)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CComBSTR", True, "Append", "(const CComBSTR &)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CComBSTR", True, "Append", "(wchar_t)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["", "CComBSTR", True, "Append", "(char)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["", "CComBSTR", True, "Append", "(LPCOLESTR)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CComBSTR", True, "Append", "(LPCSTR)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CComBSTR", True, "Append", "(LPCOLESTR,int)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CComBSTR", True, "AppendBytes", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CComBSTR", True, "AppendBSTR", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CComBSTR", True, "ArrayToBSTR", "", "", "Argument[*0].Field[*pvData]", "Argument[-1]", "value", "manual"]
- ["", "CComBSTR", True, "AssignBSTR", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CComBSTR", True, "Attach", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CComBSTR", True, "BSTRToArray", "", "", "Argument[-1]", "Argument[**0].Field[*pvData]", "value", "manual"]
- ["", "CComBSTR", True, "Copy", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"]
- ["", "CComBSTR", True, "CopyTo", "", "", "Argument[-1]", "Argument[*0]", "value", "manual"]
- ["", "CComBSTR", True, "LoadString", "(HINSTANCE,UINT)", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
- ["", "CComBSTR", True, "LoadString", "(UINT)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["", "CComBSTR", True, "ReadFromStream", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CComBSTR", True, "WriteToStream", "", "", "Argument[-1]", "Argument[*0]", "taint", "manual"]
- ["", "CComBSTR", True, "operator BSTR", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["", "CComBSTR", True, "operator&", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"]
- ["", "CComBSTR", True, "operator+=", "", "", "Argument[*0]", "ReturnValue[*]", "taint", "manual"]
- ["", "CComBSTR", True, "operator+=", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]

26
cpp/ql/lib/ext/CComSafeArray.model.yml Normal file
View File

@@ -0,0 +1,26 @@
extensions:
- addsTo:
pack: codeql/cpp-all
extensible: summaryModel
data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
- ["", "CComSafeArray", True, "CComSafeArray", "(const CComSafeArray &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CComSafeArray", True, "CComSafeArray", "(const SAFEARRAY &)", "", "Argument[*0]", "Argument[-1].Field[*m_psa]", "value", "manual"]
- ["", "CComSafeArray", True, "CComSafeArray", "(const SAFEARRAY *)", "", "Argument[*0]", "Argument[-1].Field[*m_psa]", "value", "manual"]
- ["", "CComSafeArray", True, "Add", "(const SAFEARRAY *)", "", "Argument[*0]", "Argument[-1].Field[*m_psa]", "value", "manual"]
- ["", "CComSafeArray<T>", True, "Add", "(const T &,BOOL)", "", "Argument[*@0]", "Argument[-1].Field[*m_psa].Field[*@pvData]", "value", "manual"]
- ["", "CComSafeArray", True, "Attach", "", "", "Argument[*0]", "Argument[-1].Field[*m_psa]", "value", "manual"]
- ["", "CComSafeArray", True, "CopyFrom", "", "", "Argument[*0]", "Argument[-1].Field[*m_psa]", "value", "manual"]
- ["", "CComSafeArray", True, "CopyTo", "", "", "Argument[-1].Field[*m_psa]", "Argument[*0]", "value", "manual"]
- ["", "CComSafeArray", True, "GetAt", "", "", "Argument[-1].Field[*m_psa].Field[*@pvData]", "ReturnValue[*@]", "value", "manual"]
- ["", "CComSafeArray", True, "GetLowerBound", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["", "CComSafeArray", True, "GetSafeArrayPtr", "", "", "Argument[-1].Field[*m_psa]", "ReturnValue[*]", "value", "manual"]
- ["", "CComSafeArray", True, "GetUpperBound", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["", "CComSafeArray", True, "MultiDimGetAt", "", "", "Argument[-1].Field[*m_psa].Field[*@pvData]", "Argument[*@1]", "value", "manual"]
- ["", "CComSafeArray", True, "MultiDimSetAt", "", "", "Argument[*@1]", "Argument[-1].Field[*m_psa].Field[*@pvData]", "value", "manual"]
- ["", "CComSafeArray", True, "SetAt", "", "", "Argument[*@1]", "Argument[-1].Field[*m_psa].Field[*@pvData]", "value", "manual"]
- ["", "CComSafeArray", True, "operator LPSAFEARRAY", "", "", "Argument[-1].Field[*m_psa]", "ReturnValue[*]", "value", "manual"]
- ["", "CComSafeArray", True, "operator[]", "", "", "Argument[-1].Field[*m_psa].Field[*@pvData]", "ReturnValue[*@]", "value", "manual"]
- ["", "CComSafeArray", True, "operator=", "(const CComSafeArray &)", "", "Argument[*0].Field[*m_psa]", "ReturnValue[*]", "value", "manual"]
- ["", "CComSafeArray", True, "operator=", "(const CComSafeArray &)", "", "Argument[*0].Field[*m_psa]", "Argument[-1].Field[*m_psa]", "value", "manual"]
- ["", "CComSafeArray", True, "operator=", "(const SAFEARRAY *)", "", "Argument[*0]", "Argument[-1].Field[*m_psa]", "value", "manual"]
- ["", "CComSafeArray", True, "operator=", "(const SAFEARRAY *)", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"]

23
cpp/ql/lib/ext/CPathT.model.yml Normal file
View File

@@ -0,0 +1,23 @@
extensions:
- addsTo:
pack: codeql/cpp-all
extensible: summaryModel
data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
- ["", "CPathT", True, "CPathT", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CPathT", True, "AddExtension", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CPathT", True, "Append", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CPathT", True, "Combine", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CPathT", True, "Combine", "", "", "Argument[*1]", "Argument[-1]", "taint", "manual"]
- ["", "CPathT", True, "CommonPrefix", "", "", "Argument[*0]", "ReturnValue", "taint", "manual"]
- ["", "CPathT", True, "CommonPrefix", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["", "CPathT", True, "GetExtension", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["", "CPathT", True, "RelativePathTo", "", "", "Argument[*0]", "ReturnValue[-1]", "taint", "manual"]
- ["", "CPathT", True, "RelativePathTo", "", "", "Argument[*2]", "ReturnValue[-1]", "taint", "manual"]
- ["", "CPathT", True, "RenameExtension", "", "", "Argument[*0]", "ReturnValue[-1]", "taint", "manual"]
# Note: These don't work currently since we cannot use the template parameter in the name of the function
# - ["", "CPathT<T>", True, "operator const T &", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"]
# - ["", "CPathT<T>", True, "operator T &", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"]
- ["", "CPathT", True, "operator PCXSTR", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"]
- ["", "CPathT", True, "operator+=", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["", "CPathT", True, "operator+=", "", "", "Argument[*0]", "ReturnValue[*]", "taint", "manual"]
- ["", "CPathT", True, "operator+=", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]

20
cpp/ql/lib/ext/CRegKey.model.yml Normal file
View File

@@ -0,0 +1,20 @@
extensions:
- addsTo:
pack: codeql/cpp-all
extensible: summaryModel
data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
- ["", "CRegKey", True, "CRegKey", "(CRegKey &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CRegKey", True, "CRegKey", "(HKEY)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["", "CRegKey", True, "Create", "", "", "Argument[*1]", "Argument[-1]", "taint", "manual"]
- ["", "CRegKey", True, "Attach", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["", "CRegKey", True, "QueryBinaryValue", "", "", "Argument[*0]", "Argument[*1]", "taint", "manual"]
- ["", "CRegKey", True, "QueryDWORDValue", "", "", "Argument[*0]", "Argument[*1]", "taint", "manual"]
- ["", "CRegKey", True, "QueryMultiStringValue", "", "", "Argument[*0]", "Argument[*1]", "taint", "manual"]
- ["", "CRegKey", True, "QueryQWORDValue", "", "", "Argument[*0]", "Argument[*1]", "taint", "manual"]
- ["", "CRegKey", True, "QueryStringValue", "", "", "Argument[*0]", "Argument[*1]", "taint", "manual"]
- ["", "CRegKey", True, "QueryValue", "(LPCTSTR,DWORD *,void *,ULONG *)", "", "Argument[*0]", "Argument[*2]", "taint", "manual"]
- ["", "CRegKey", True, "QueryValue", "(DWORD &,LPCTSTR)", "", "Argument[*1]", "Argument[*0]", "taint", "manual"]
- ["", "CRegKey", True, "QueryValue", "(LPTSTR,LPCTSTR,DWORD *)", "", "Argument[*1]", "Argument[*0]", "taint", "manual"]
- ["", "CRegKey", True, "operator HKEY", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["", "CRegKey", True, "operator=", "", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"]
- ["", "CRegKey", True, "operator=", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"]

12
cpp/ql/lib/ext/CSimpleArray.model.yml Normal file
View File

@@ -0,0 +1,12 @@
extensions:
- addsTo:
pack: codeql/cpp-all
extensible: summaryModel
data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
- ["", "CSimpleArray", True, "CSimpleArray", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
- ["", "CSimpleArray", True, "Add", "", "", "Argument[*0]", "Argument[-1].Element[@]", "value", "manual"]
- ["", "CSimpleArray", True, "GetData", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
- ["", "CSimpleArray", True, "SetAtIndex", "", "", "Argument[*1]", "Argument[-1].Element[@]", "value", "manual"]
- ["", "CSimpleArray", True, "operator[]", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
- ["", "CSimpleArray", True, "operator=", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
- ["", "CSimpleArray", True, "operator=", "", "", "Argument[*0].Element[@]", "ReturnValue[*].Element[@]", "value", "manual"]

12
cpp/ql/lib/ext/CSimpleMap.model.yml Normal file
View File

@@ -0,0 +1,12 @@
extensions:
- addsTo:
pack: codeql/cpp-all
extensible: summaryModel
data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
- ["", "CSimpleMap", True, "Add", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
- ["", "CSimpleMap", True, "GetValueAt", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
- ["", "CSimpleMap", True, "Lookup", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"]
- ["", "CSimpleMap", True, "SetAt", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
- ["", "CSimpleMap", True, "SetAtIndex", "", "", "Argument[*@2]", "Argument[-1].Element[@]", "value", "manual"]
- ["", "CSimpleMap", True, "operator[]", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
- ["", "CSimpleMap", True, "operator=", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]

21
cpp/ql/lib/ext/CUrl.model.yml Normal file
View File

@@ -0,0 +1,21 @@
extensions:
- addsTo:
pack: codeql/cpp-all
extensible: summaryModel
data: # TODO this model can be improved a lot once we have MapKey content # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
- ["", "CUrl", True, "CUrl", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
- ["", "CUrl", True, "CrackUrl", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CUrl", True, "CreateUrl", "", "", "Argument[-1]", "Argument[*0]", "taint", "manual"]
- ["", "CUrl", True, "GetExtraInfo", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["", "CUrl", True, "GetHostName", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["", "CUrl", True, "GetPassword", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["", "CUrl", True, "GetSchemeName", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["", "CUrl", True, "GetUrlPath", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["", "CUrl", True, "GetUserName", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
- ["", "CUrl", True, "SetExtraInfo", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CUrl", True, "SetHostName", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CUrl", True, "SetPassword", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CUrl", True, "SetSchemeName", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CUrl", True, "SetUrlPath", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CUrl", True, "SetUserName", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
- ["", "CUrl", True, "operator=", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"]

56
cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll
View File

@@ -434,18 +434,48 @@ private predicate elementSpec(
summaryModel(namespace, type, subtypes, name, signature, ext, _, _, _, _, _)
}
/**
* Holds if `c` is an instantiation of a class template `templateClass`, or
* holds with `c = templateClass` if `c` is not an instantiation of any class
* template.
*
* This predicate is used instead of `Class.isConstructedFrom` (which only
* holds for template instantiations) in this file to allow for uniform
* treatment of non-templated classes and class template instantiations.
*/
private predicate isClassConstructedFrom(Class c, Class templateClass) {
c.isConstructedFrom(templateClass)
or
not c.isConstructedFrom(_) and c = templateClass
}
/**
* Holds if `f` is an instantiation of a function template `templateFunc`, or
* holds with `f = templateFunc` if `f` is not an instantiation of any function
* template.
*
* This predicate is used instead of `Function.isConstructedFrom` (which only
* holds for template instantiations) in this file to allow for uniform
* treatment of non-templated classes and class template instantiations.
*/
private predicate isFunctionConstructedFrom(Function f, Function templateFunc) {
f.isConstructedFrom(templateFunc)
or
not f.isConstructedFrom(_) and f = templateFunc
}
/** Gets the fully templated version of `f`. */
private Function getFullyTemplatedFunction(Function f) {
not f.isFromUninstantiatedTemplate(_) and
(
exists(Class c, Class templateClass, int i |
c.isConstructedFrom(templateClass) and
isClassConstructedFrom(c, templateClass) and
f = c.getAMember(i) and
result = templateClass.getCanonicalMember(i)
)
or
not exists(f.getDeclaringType()) and
f.isConstructedFrom(result)
isFunctionConstructedFrom(f, result)
)
}
@@ -489,7 +519,7 @@ private string getTypeNameWithoutFunctionTemplates(Function f, int n, int remain
private string getTypeNameWithoutClassTemplates(Function f, int n, int remaining) {
// If there is a declaring type then we start by expanding the function templates
exists(Class template |
f.getDeclaringType().isConstructedFrom(template) and
isClassConstructedFrom(f.getDeclaringType(), template) and
remaining = template.getNumberOfTemplateArguments() and
result = getTypeNameWithoutFunctionTemplates(f, n, 0)
)
@@ -501,7 +531,7 @@ private string getTypeNameWithoutClassTemplates(Function f, int n, int remaining
or
exists(string mid, TemplateParameter tp, Class template |
mid = getTypeNameWithoutClassTemplates(f, n, remaining + 1) and
f.getDeclaringType().isConstructedFrom(template) and
isClassConstructedFrom(f.getDeclaringType(), template) and
tp = template.getTemplateArgument(remaining) and
result = mid.replaceAll(tp.getName(), "class:" + remaining.toString())
)
@@ -742,6 +772,22 @@ private predicate elementSpecMatchesSignature(
signatureMatches(func, signature, type, name, 0)
}
/**
* Holds when `method` has name `nameWithoutArgs`, and gets the enclosing
* class of `method`. Unlike `method.getClassAndName` this predicate does
* not strip typedefs from the name when `method` is an `ConversionOperator`.
*/
bindingset[nameWithoutArgs]
pragma[inline_late]
private Class getClassAndNameImpl(Function method, string nameWithoutArgs) {
exists(string memberName | result = method.getClassAndName(memberName) |
nameWithoutArgs = "operator " + method.(ConversionOperator).getDestType()
or
not method instanceof ConversionOperator and
memberName = nameWithoutArgs
)
}
/**
* Holds if `classWithMethod` has `method` named `name` (excluding any
* template parameters).
@@ -751,7 +797,7 @@ pragma[inline_late]
private predicate hasClassAndName(Class classWithMethod, Function method, string name) {
exists(string nameWithoutArgs |
parseAngles(name, nameWithoutArgs, _, "") and
classWithMethod = method.getClassAndName(nameWithoutArgs)
classWithMethod = getClassAndNameImpl(method, nameWithoutArgs)
)
}

29
cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll
View File

@@ -2275,6 +2275,12 @@ private predicate guardControlsPhiInput(
*/
signature predicate guardChecksSig(IRGuardCondition g, Expr e, boolean branch);
bindingset[g, n]
pragma[inline_late]
private predicate controls(IRGuardCondition g, Node n, boolean edge) {
g.controls(n.getBasicBlock(), edge)
}
/**
* Provides a set of barrier nodes for a guard that validates an expression.
*
@@ -2318,15 +2324,17 @@ module BarrierGuard<guardChecksSig/3 guardChecks> {
exists(IRGuardCondition g, Expr e, ValueNumber value, boolean edge |
e = value.getAnInstruction().getConvertedResultExpression() and
result.asConvertedExpr() = e and
guardChecks(g, value.getAnInstruction().getConvertedResultExpression(), edge) and
g.controls(result.getBasicBlock(), edge)
guardChecks(g,
pragma[only_bind_into](value.getAnInstruction().getConvertedResultExpression()), edge) and
controls(g, result, edge)
)
or
exists(
IRGuardCondition g, boolean branch, Ssa::DefinitionExt def, IRBlock input, Ssa::PhiNode phi
|
guardChecks(g, def.getARead().asOperand().getDef().getConvertedResultExpression(), branch) and
guardControlsPhiInput(g, branch, def, input, phi) and
guardControlsPhiInput(g, branch, def, pragma[only_bind_into](input),
pragma[only_bind_into](phi)) and
result = TSsaPhiInputNode(phi, input)
)
}
@@ -2404,8 +2412,9 @@ module BarrierGuard<guardChecksSig/3 guardChecks> {
exists(IRGuardCondition g, Expr e, ValueNumber value, boolean edge |
e = value.getAnInstruction().getConvertedResultExpression() and
result.asIndirectConvertedExpr(indirectionIndex) = e and
guardChecks(g, value.getAnInstruction().getConvertedResultExpression(), edge) and
g.controls(result.getBasicBlock(), edge)
guardChecks(g,
pragma[only_bind_into](value.getAnInstruction().getConvertedResultExpression()), edge) and
controls(g, result, edge)
)
or
exists(
@@ -2414,7 +2423,8 @@ module BarrierGuard<guardChecksSig/3 guardChecks> {
guardChecks(g,
def.getARead().asIndirectOperand(indirectionIndex).getDef().getConvertedResultExpression(),
branch) and
guardControlsPhiInput(g, branch, def, input, phi) and
guardControlsPhiInput(g, branch, def, pragma[only_bind_into](input),
pragma[only_bind_into](phi)) and
result = TSsaPhiInputNode(phi, input)
)
}
@@ -2443,17 +2453,18 @@ module InstructionBarrierGuard<instructionGuardChecksSig/3 instructionGuardCheck
/** Gets a node that is safely guarded by the given guard check. */
Node getABarrierNode() {
exists(IRGuardCondition g, ValueNumber value, boolean edge, Operand use |
instructionGuardChecks(g, value.getAnInstruction(), edge) and
instructionGuardChecks(g, pragma[only_bind_into](value.getAnInstruction()), edge) and
use = value.getAnInstruction().getAUse() and
result.asOperand() = use and
g.controls(result.getBasicBlock(), edge)
controls(g, result, edge)
)
or
exists(
IRGuardCondition g, boolean branch, Ssa::DefinitionExt def, IRBlock input, Ssa::PhiNode phi
|
instructionGuardChecks(g, def.getARead().asOperand().getDef(), branch) and
guardControlsPhiInput(g, branch, def, input, phi) and
guardControlsPhiInput(g, branch, def, pragma[only_bind_into](input),
pragma[only_bind_into](phi)) and
result = TSsaPhiInputNode(phi, input)
)
}

1
cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll
View File

@@ -1276,6 +1276,7 @@ class DefinitionExt extends SsaImpl::DefinitionExt {
}
/** Gets a node that represents a read of this SSA definition. */
pragma[nomagic]
Node getARead() {
exists(SourceVariable sv, IRBlock bb, int i | SsaCached::ssaDefReachesReadExt(sv, this, bb, i) |
useToNode(bb, i, sv, result)

7
cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/TypeFlow.qll
View File

@@ -27,8 +27,11 @@ private module Input implements TypeFlowInput<Location> {
}
private predicate hasExactSingleType(Instruction i) {
// The address of a variable is always a single object
i instanceof VariableAddressInstruction
// The address of a variable is always a single object (unless it's an array)
exists(VariableAddressInstruction vai |
i = vai and
not vai.getResultType() instanceof ArrayType
)
or
// A reference always points to a single object
i.getResultLanguageType().hasUnspecifiedType(any(ReferenceType rt), false)

7
cpp/ql/lib/semmle/code/cpp/models/Models.qll
View File

@@ -50,3 +50,10 @@ private import implementations.System
private import implementations.StructuredExceptionHandling
private import implementations.ZMQ
private import implementations.Win32CommandExecution
private import implementations.CA2AEX
private import implementations.CComBSTR
private import implementations.CPathT
private import implementations.CAtlFile
private import implementations.CAtlFileMapping
private import implementations.CAtlTemporaryFile
private import implementations.CRegKey

17
cpp/ql/lib/semmle/code/cpp/models/implementations/CA2AEX.qll Normal file
View File

@@ -0,0 +1,17 @@
private import cpp
private import semmle.code.cpp.ir.dataflow.FlowSteps
private import semmle.code.cpp.dataflow.new.DataFlow
/**
* The `CA2AEX` (and related) classes from the Windows Active Template library.
*/
class Ca2Aex extends Class {
Ca2Aex() { this.hasGlobalName(["CA2AEX", "CA2CAEX", "CA2WEX"]) }
}
private class Ca2AexTaintInheritingContent extends TaintInheritingContent, DataFlow::FieldContent {
Ca2AexTaintInheritingContent() {
// The two members m_psz and m_szBuffer
this.getField().getDeclaringType() instanceof Ca2Aex
}
}

17
cpp/ql/lib/semmle/code/cpp/models/implementations/CAtlFile.qll Normal file
View File

@@ -0,0 +1,17 @@
import semmle.code.cpp.models.interfaces.FlowSource
/**
* The `CAtlFile` class from Microsoft's Active Template Library.
*/
class CAtlFile extends Class {
CAtlFile() { this.hasGlobalName("CAtlFile") }
}
private class CAtlFileRead extends MemberFunction, LocalFlowSourceFunction {
CAtlFileRead() { this.getClassAndName("Read") instanceof CAtlFile }
override predicate hasLocalFlowSource(FunctionOutput output, string description) {
output.isParameterDeref(0) and
description = "string read by " + this.getName()
}
}

37
cpp/ql/lib/semmle/code/cpp/models/implementations/CAtlFileMapping.qll Normal file
View File

@@ -0,0 +1,37 @@
import semmle.code.cpp.models.interfaces.FlowSource
/**
* The `CAtlFileMapping` class from Microsoft's Active Template Library.
*/
class CAtlFileMapping extends Class {
CAtlFileMapping() { this.hasGlobalName("CAtlFileMapping") }
}
/**
* The `CAtlFileMappingBase` class from Microsoft's Active Template Library.
*/
class CAtlFileMappingBase extends Class {
CAtlFileMappingBase() { this.hasGlobalName("CAtlFileMappingBase") }
}
private class CAtlFileMappingBaseGetData extends MemberFunction, LocalFlowSourceFunction {
CAtlFileMappingBaseGetData() {
this.getClassAndName("GetData") = any(CAtlFileMappingBase fileMaping).getADerivedClass*()
}
override predicate hasLocalFlowSource(FunctionOutput output, string description) {
output.isReturnValueDeref(1) and
description = "data read by " + this.getName()
}
}
private class CAtlFileMappingGetData extends MemberFunction, LocalFlowSourceFunction {
CAtlFileMappingGetData() {
this.(ConversionOperator).getDeclaringType() instanceof CAtlFileMapping
}
override predicate hasLocalFlowSource(FunctionOutput output, string description) {
output.isReturnValueDeref(1) and
description = "data read by " + this.getName()
}
}

17
cpp/ql/lib/semmle/code/cpp/models/implementations/CAtlTemporaryFile.qll Normal file
View File

@@ -0,0 +1,17 @@
import semmle.code.cpp.models.interfaces.FlowSource
/**
* The `CAtlFile` class from Microsoft's Active Template Library.
*/
class CAtlTemporaryFile extends Class {
CAtlTemporaryFile() { this.hasGlobalName("CAtlTemporaryFile") }
}
private class CAtlTemporaryFileRead extends MemberFunction, LocalFlowSourceFunction {
CAtlTemporaryFileRead() { this.getClassAndName("Read") instanceof CAtlTemporaryFile }
override predicate hasLocalFlowSource(FunctionOutput output, string description) {
output.isParameterDeref(0) and
description = "string read by " + this.getName()
}
}

16
cpp/ql/lib/semmle/code/cpp/models/implementations/CComBSTR.qll Normal file
View File

@@ -0,0 +1,16 @@
private import cpp
private import semmle.code.cpp.ir.dataflow.FlowSteps
private import semmle.code.cpp.dataflow.new.DataFlow
/** The `CComBSTR` class from the Microsoft "Active Template Library". */
class CcomBstr extends Class {
CcomBstr() { this.hasGlobalName("CComBSTR") }
}
private class Mstr extends Field {
Mstr() { this.getDeclaringType() instanceof CcomBstr and this.hasName("m_str") }
}
private class MstrTaintInheritingContent extends TaintInheritingContent, DataFlow::FieldContent {
MstrTaintInheritingContent() { this.getField() instanceof Mstr }
}

16
cpp/ql/lib/semmle/code/cpp/models/implementations/CPathT.qll Normal file
View File

@@ -0,0 +1,16 @@
private import cpp
private import semmle.code.cpp.ir.dataflow.FlowSteps
private import semmle.code.cpp.dataflow.new.DataFlow
/** The `CPathT` class from the Microsoft "Active Template Library". */
class CPathT extends Class {
CPathT() { this.hasGlobalName("CPathT") }
}
private class MStrPath extends Field {
MStrPath() { this.getDeclaringType() instanceof CPathT and this.hasName("m_strPath") }
}
private class MStrPathTaintInheritingContent extends TaintInheritingContent, DataFlow::FieldContent {
MStrPathTaintInheritingContent() { this.getField() instanceof MStrPath }
}

87
cpp/ql/lib/semmle/code/cpp/models/implementations/CRegKey.qll Normal file
View File

@@ -0,0 +1,87 @@
private import cpp
private import semmle.code.cpp.models.interfaces.FlowSource
private import semmle.code.cpp.ir.dataflow.FlowSteps
private import semmle.code.cpp.dataflow.new.DataFlow
/** The `CRegKey` class from the Microsoft "Active Template Library". */
class CRegKey extends Class {
CRegKey() { this.hasGlobalName("CRegKey") }
}
module CRegKey {
/** The `m_hKey` member on a object of type `CRegKey`. */
class MhKey extends Field {
MhKey() {
this.getDeclaringType() instanceof CRegKey and
this.getName() = "m_hKey"
}
}
private class MhKeyPathTaintInheritingContent extends TaintInheritingContent,
DataFlow::FieldContent
{
MhKeyPathTaintInheritingContent() { this.getField() instanceof MhKey }
}
private class CRegKeyMemberFunction extends MemberFunction {
string name;
CRegKeyMemberFunction() { this.getClassAndName(name) instanceof CRegKey }
}
abstract private class CRegKeyFlowSource extends CRegKeyMemberFunction, LocalFlowSourceFunction {
FunctionOutput output;
final override predicate hasLocalFlowSource(FunctionOutput output_, string description) {
output_ = output and
description = "registry string read by " + name
}
}
/** The `CRegKey::QueryBinaryValue` function from Win32. */
class QueryBinaryValue extends CRegKeyFlowSource {
QueryBinaryValue() { name = "QueryBinaryValue" and output.isParameterDeref(1) }
}
/** The `CRegKey::QueryDWORDValue` function from Win32. */
class QueryDwordValue extends CRegKeyFlowSource {
QueryDwordValue() { name = "QueryDWORDValue" and output.isParameterDeref(1) }
}
/** The `CRegKey::QueryGUIDValue` function from Win32. */
class QueryGuidValue extends CRegKeyFlowSource {
QueryGuidValue() { name = "QueryGUIDValue" and output.isParameterDeref(1) }
}
/** The `CRegKey::QueryMultiStringValue` function from Win32. */
class QueryMultiStringValue extends CRegKeyFlowSource {
QueryMultiStringValue() { name = "QueryMultiStringValue" and output.isParameterDeref(1) }
}
/** The `CRegKey::QueryQWORDValue` function from Win32. */
class QueryQwordValue extends CRegKeyFlowSource {
QueryQwordValue() { name = "QueryQWORDValue" and output.isParameterDeref(1) }
}
/** The `CRegKey::QueryStringValue` function from Win32. */
class QueryStringValue extends CRegKeyFlowSource {
QueryStringValue() { name = "QueryStringValue" and output.isParameterDeref(1) }
}
/** The `CRegKey::QueryValue` function from Win32. */
class QueryValue extends CRegKeyFlowSource {
QueryValue() {
name = "QueryValue" and
(
this.getNumberOfParameters() = 4 and
output.isParameterDeref(2)
or
this.getNumberOfParameters() = 2 and
output.isParameterDeref(0)
or
this.getNumberOfParameters() = 3 and
output.isParameterDeref(0)
)
}
}
}

2
cpp/ql/src/Likely Bugs/Format/WrongTypeFormatArguments.ql
View File

@@ -170,7 +170,7 @@ where
) and
not arg.isAffectedByMacro() and
not arg.isFromUninstantiatedTemplate(_) and
not actual.getUnspecifiedType() instanceof ErroneousType and
not actual.stripType() instanceof ErroneousType and
not arg.(Call).mayBeFromImplicitlyDeclaredFunction()
select arg,
"This format specifier for type '" + expected.getName() + "' does not match the argument type '" +

3
cpp/ql/src/Security/CWE/CWE-120/BadlyBoundedWrite.ql
View File

@@ -25,7 +25,8 @@ from BufferWrite bw, int destSize
where
bw.hasExplicitLimit() and // has an explicit size limit
destSize = max(getBufferSize(bw.getDest(), _)) and
bw.getExplicitLimit() > destSize // but it's larger than the destination
bw.getExplicitLimit() > destSize and // but it's larger than the destination
not bw.getDest().getType().stripType() instanceof ErroneousType // destSize may be incorrect
select bw,
"This '" + bw.getBWDesc() + "' operation is limited to " + bw.getExplicitLimit() +
" bytes but the destination is only " + destSize + " bytes."

4
cpp/ql/src/change-notes/2024-11-27-active-template-library.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Added dataflow models and flow sources for Microsoft's Active Template Library (ATL).

4
cpp/ql/src/change-notes/2024-12-05-badly-bounded-write.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* The "Badly bounded write" query (`cpp/badly-bounded-write`) no longer produces results if there is an extraction error in the type of the output buffer.

2
cpp/ql/src/change-notes/2024-12-05-wrong-number-format-arguments.md
View File

@@ -1,4 +1,4 @@
---
category: minorAnalysis
---
* The "Too few arguments to formatting function" query (`cpp/wrong-number-format-arguments`) query no longer produces results if an argument has an extraction error.
* The "Too few arguments to formatting function" query (`cpp/wrong-number-format-arguments`) no longer produces results if an argument has an extraction error.

4
cpp/ql/src/change-notes/2024-12-05-wrong-type-format-args.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* The "Wrong type of arguments to formatting function" query (`cpp/wrong-type-format-argument`) no longer produces results when an argument type has an extraction error.

42
cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/ConstantSizeArrayOffByOne.expected
View File

@@ -21,7 +21,11 @@ edges
| test.cpp:85:21:85:36 | buf | test.cpp:87:5:87:31 | access to array | provenance | Config |
| test.cpp:85:21:85:36 | buf | test.cpp:88:5:88:27 | access to array | provenance | Config |
| test.cpp:85:34:85:36 | buf | test.cpp:85:21:85:36 | buf | provenance | |
| test.cpp:92:9:92:11 | definition of arr | test.cpp:96:13:96:18 | access to array | provenance | Config |
| test.cpp:96:13:96:15 | arr | test.cpp:96:13:96:18 | access to array | provenance | Config |
| test.cpp:102:9:102:11 | definition of arr | test.cpp:111:17:111:22 | access to array | provenance | Config |
| test.cpp:102:9:102:11 | definition of arr | test.cpp:115:35:115:40 | access to array | provenance | Config |
| test.cpp:102:9:102:11 | definition of arr | test.cpp:119:17:119:22 | access to array | provenance | Config |
| test.cpp:111:17:111:19 | arr | test.cpp:111:17:111:22 | access to array | provenance | Config |
| test.cpp:111:17:111:19 | arr | test.cpp:115:35:115:40 | access to array | provenance | Config |
| test.cpp:111:17:111:19 | arr | test.cpp:119:17:119:22 | access to array | provenance | Config |
@@ -31,40 +35,54 @@ edges
| test.cpp:119:17:119:19 | arr | test.cpp:111:17:111:22 | access to array | provenance | Config |
| test.cpp:119:17:119:19 | arr | test.cpp:115:35:115:40 | access to array | provenance | Config |
| test.cpp:119:17:119:19 | arr | test.cpp:119:17:119:22 | access to array | provenance | Config |
| test.cpp:125:11:125:13 | definition of arr | test.cpp:128:9:128:14 | access to array | provenance | Config |
| test.cpp:128:9:128:11 | arr | test.cpp:128:9:128:14 | access to array | provenance | Config |
| test.cpp:134:25:134:27 | arr | test.cpp:136:9:136:16 | ... += ... | provenance | Config |
| test.cpp:136:9:136:16 | ... += ... | test.cpp:136:9:136:16 | ... += ... | provenance | |
| test.cpp:136:9:136:16 | ... += ... | test.cpp:138:13:138:15 | arr | provenance | |
| test.cpp:142:10:142:13 | definition of asdf | test.cpp:143:18:143:21 | asdf | provenance | |
| test.cpp:143:18:143:21 | asdf | test.cpp:134:25:134:27 | arr | provenance | |
| test.cpp:143:18:143:21 | asdf | test.cpp:143:18:143:21 | asdf | provenance | |
| test.cpp:146:26:146:26 | *p | test.cpp:147:4:147:9 | -- ... | provenance | |
| test.cpp:154:7:154:9 | definition of buf | test.cpp:156:12:156:18 | ... + ... | provenance | Config |
| test.cpp:156:12:156:14 | buf | test.cpp:156:12:156:18 | ... + ... | provenance | Config |
| test.cpp:156:12:156:18 | ... + ... | test.cpp:156:12:156:18 | ... + ... | provenance | |
| test.cpp:156:12:156:18 | ... + ... | test.cpp:158:17:158:18 | *& ... | provenance | |
| test.cpp:158:17:158:18 | *& ... | test.cpp:146:26:146:26 | *p | provenance | |
| test.cpp:217:19:217:24 | definition of buffer | test.cpp:218:16:218:28 | buffer | provenance | |
| test.cpp:218:16:218:28 | buffer | test.cpp:220:5:220:11 | access to array | provenance | Config |
| test.cpp:218:16:218:28 | buffer | test.cpp:221:5:221:11 | access to array | provenance | Config |
| test.cpp:218:23:218:28 | buffer | test.cpp:218:16:218:28 | buffer | provenance | |
| test.cpp:228:10:228:14 | definition of array | test.cpp:229:17:229:29 | array | provenance | |
| test.cpp:229:17:229:29 | array | test.cpp:231:5:231:10 | access to array | provenance | Config |
| test.cpp:229:17:229:29 | array | test.cpp:232:5:232:10 | access to array | provenance | Config |
| test.cpp:229:25:229:29 | array | test.cpp:229:17:229:29 | array | provenance | |
| test.cpp:245:30:245:30 | p | test.cpp:261:27:261:30 | access to array | provenance | Config |
| test.cpp:245:30:245:30 | p | test.cpp:261:27:261:30 | access to array | provenance | Config |
| test.cpp:273:19:273:25 | definition of buffer3 | test.cpp:274:14:274:20 | buffer3 | provenance | |
| test.cpp:274:14:274:20 | buffer3 | test.cpp:245:30:245:30 | p | provenance | |
| test.cpp:274:14:274:20 | buffer3 | test.cpp:274:14:274:20 | buffer3 | provenance | |
| test.cpp:277:35:277:35 | p | test.cpp:278:14:278:14 | p | provenance | |
| test.cpp:278:14:278:14 | p | test.cpp:245:30:245:30 | p | provenance | |
| test.cpp:282:19:282:25 | definition of buffer1 | test.cpp:283:19:283:25 | buffer1 | provenance | |
| test.cpp:283:19:283:25 | buffer1 | test.cpp:277:35:277:35 | p | provenance | |
| test.cpp:283:19:283:25 | buffer1 | test.cpp:283:19:283:25 | buffer1 | provenance | |
| test.cpp:285:19:285:25 | definition of buffer2 | test.cpp:286:19:286:25 | buffer2 | provenance | |
| test.cpp:286:19:286:25 | buffer2 | test.cpp:277:35:277:35 | p | provenance | |
| test.cpp:286:19:286:25 | buffer2 | test.cpp:286:19:286:25 | buffer2 | provenance | |
| test.cpp:288:19:288:25 | definition of buffer3 | test.cpp:289:19:289:25 | buffer3 | provenance | |
| test.cpp:289:19:289:25 | buffer3 | test.cpp:277:35:277:35 | p | provenance | |
| test.cpp:289:19:289:25 | buffer3 | test.cpp:289:19:289:25 | buffer3 | provenance | |
| test.cpp:292:25:292:27 | arr | test.cpp:299:16:299:21 | access to array | provenance | Config |
| test.cpp:305:9:305:12 | definition of arr1 | test.cpp:306:20:306:23 | arr1 | provenance | |
| test.cpp:306:20:306:23 | arr1 | test.cpp:292:25:292:27 | arr | provenance | |
| test.cpp:306:20:306:23 | arr1 | test.cpp:306:20:306:23 | arr1 | provenance | |
| test.cpp:308:9:308:12 | definition of arr2 | test.cpp:309:20:309:23 | arr2 | provenance | |
| test.cpp:309:20:309:23 | arr2 | test.cpp:292:25:292:27 | arr | provenance | |
| test.cpp:309:20:309:23 | arr2 | test.cpp:309:20:309:23 | arr2 | provenance | |
| test.cpp:314:10:314:13 | definition of temp | test.cpp:319:19:319:27 | ... + ... | provenance | Config |
| test.cpp:314:10:314:13 | definition of temp | test.cpp:322:19:322:27 | ... + ... | provenance | Config |
| test.cpp:314:10:314:13 | definition of temp | test.cpp:324:23:324:32 | ... + ... | provenance | Config |
| test.cpp:319:13:319:27 | ... = ... | test.cpp:325:24:325:26 | end | provenance | |
| test.cpp:319:19:319:22 | temp | test.cpp:319:19:319:27 | ... + ... | provenance | Config |
| test.cpp:319:19:319:22 | temp | test.cpp:324:23:324:32 | ... + ... | provenance | Config |
@@ -114,32 +132,39 @@ nodes
| test.cpp:85:34:85:36 | buf | semmle.label | buf |
| test.cpp:87:5:87:31 | access to array | semmle.label | access to array |
| test.cpp:88:5:88:27 | access to array | semmle.label | access to array |
| test.cpp:92:9:92:11 | definition of arr | semmle.label | definition of arr |
| test.cpp:96:13:96:15 | arr | semmle.label | arr |
| test.cpp:96:13:96:18 | access to array | semmle.label | access to array |
| test.cpp:102:9:102:11 | definition of arr | semmle.label | definition of arr |
| test.cpp:111:17:111:19 | arr | semmle.label | arr |
| test.cpp:111:17:111:22 | access to array | semmle.label | access to array |
| test.cpp:115:35:115:37 | arr | semmle.label | arr |
| test.cpp:115:35:115:40 | access to array | semmle.label | access to array |
| test.cpp:119:17:119:19 | arr | semmle.label | arr |
| test.cpp:119:17:119:22 | access to array | semmle.label | access to array |
| test.cpp:125:11:125:13 | definition of arr | semmle.label | definition of arr |
| test.cpp:128:9:128:11 | arr | semmle.label | arr |
| test.cpp:128:9:128:14 | access to array | semmle.label | access to array |
| test.cpp:134:25:134:27 | arr | semmle.label | arr |
| test.cpp:136:9:136:16 | ... += ... | semmle.label | ... += ... |
| test.cpp:136:9:136:16 | ... += ... | semmle.label | ... += ... |
| test.cpp:138:13:138:15 | arr | semmle.label | arr |
| test.cpp:142:10:142:13 | definition of asdf | semmle.label | definition of asdf |
| test.cpp:143:18:143:21 | asdf | semmle.label | asdf |
| test.cpp:143:18:143:21 | asdf | semmle.label | asdf |
| test.cpp:146:26:146:26 | *p | semmle.label | *p |
| test.cpp:147:4:147:9 | -- ... | semmle.label | -- ... |
| test.cpp:154:7:154:9 | definition of buf | semmle.label | definition of buf |
| test.cpp:156:12:156:14 | buf | semmle.label | buf |
| test.cpp:156:12:156:18 | ... + ... | semmle.label | ... + ... |
| test.cpp:156:12:156:18 | ... + ... | semmle.label | ... + ... |
| test.cpp:158:17:158:18 | *& ... | semmle.label | *& ... |
| test.cpp:217:19:217:24 | definition of buffer | semmle.label | definition of buffer |
| test.cpp:218:16:218:28 | buffer | semmle.label | buffer |
| test.cpp:218:23:218:28 | buffer | semmle.label | buffer |
| test.cpp:220:5:220:11 | access to array | semmle.label | access to array |
| test.cpp:221:5:221:11 | access to array | semmle.label | access to array |
| test.cpp:228:10:228:14 | definition of array | semmle.label | definition of array |
| test.cpp:229:17:229:29 | array | semmle.label | array |
| test.cpp:229:25:229:29 | array | semmle.label | array |
| test.cpp:231:5:231:10 | access to array | semmle.label | access to array |
@@ -147,22 +172,29 @@ nodes
| test.cpp:245:30:245:30 | p | semmle.label | p |
| test.cpp:245:30:245:30 | p | semmle.label | p |
| test.cpp:261:27:261:30 | access to array | semmle.label | access to array |
| test.cpp:273:19:273:25 | definition of buffer3 | semmle.label | definition of buffer3 |
| test.cpp:274:14:274:20 | buffer3 | semmle.label | buffer3 |
| test.cpp:274:14:274:20 | buffer3 | semmle.label | buffer3 |
| test.cpp:277:35:277:35 | p | semmle.label | p |
| test.cpp:278:14:278:14 | p | semmle.label | p |
| test.cpp:282:19:282:25 | definition of buffer1 | semmle.label | definition of buffer1 |
| test.cpp:283:19:283:25 | buffer1 | semmle.label | buffer1 |
| test.cpp:283:19:283:25 | buffer1 | semmle.label | buffer1 |
| test.cpp:285:19:285:25 | definition of buffer2 | semmle.label | definition of buffer2 |
| test.cpp:286:19:286:25 | buffer2 | semmle.label | buffer2 |
| test.cpp:286:19:286:25 | buffer2 | semmle.label | buffer2 |
| test.cpp:288:19:288:25 | definition of buffer3 | semmle.label | definition of buffer3 |
| test.cpp:289:19:289:25 | buffer3 | semmle.label | buffer3 |
| test.cpp:289:19:289:25 | buffer3 | semmle.label | buffer3 |
| test.cpp:292:25:292:27 | arr | semmle.label | arr |
| test.cpp:299:16:299:21 | access to array | semmle.label | access to array |
| test.cpp:305:9:305:12 | definition of arr1 | semmle.label | definition of arr1 |
| test.cpp:306:20:306:23 | arr1 | semmle.label | arr1 |
| test.cpp:306:20:306:23 | arr1 | semmle.label | arr1 |
| test.cpp:308:9:308:12 | definition of arr2 | semmle.label | definition of arr2 |
| test.cpp:309:20:309:23 | arr2 | semmle.label | arr2 |
| test.cpp:309:20:309:23 | arr2 | semmle.label | arr2 |
| test.cpp:314:10:314:13 | definition of temp | semmle.label | definition of temp |
| test.cpp:319:13:319:27 | ... = ... | semmle.label | ... = ... |
| test.cpp:319:19:319:22 | temp | semmle.label | temp |
| test.cpp:319:19:319:27 | ... + ... | semmle.label | ... + ... |
@@ -187,13 +219,23 @@ subpaths
| test.cpp:72:5:72:15 | PointerAdd: access to array | test.cpp:79:32:79:34 | buf | test.cpp:72:5:72:15 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:72:5:72:19 | Store: ... = ... | write |
| test.cpp:77:27:77:44 | PointerAdd: access to array | test.cpp:77:32:77:34 | buf | test.cpp:66:32:66:32 | p | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:67:5:67:10 | Store: ... = ... | write |
| test.cpp:88:5:88:27 | PointerAdd: access to array | test.cpp:85:34:85:36 | buf | test.cpp:88:5:88:27 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:88:5:88:31 | Store: ... = ... | write |
| test.cpp:128:9:128:14 | PointerAdd: access to array | test.cpp:125:11:125:13 | definition of arr | test.cpp:128:9:128:14 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:125:11:125:13 | arr | arr | test.cpp:128:9:128:18 | Store: ... = ... | write |
| test.cpp:128:9:128:14 | PointerAdd: access to array | test.cpp:128:9:128:11 | arr | test.cpp:128:9:128:14 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:125:11:125:13 | arr | arr | test.cpp:128:9:128:18 | Store: ... = ... | write |
| test.cpp:136:9:136:16 | PointerAdd: ... += ... | test.cpp:142:10:142:13 | definition of asdf | test.cpp:138:13:138:15 | arr | This pointer arithmetic may have an off-by-2 error allowing it to overrun $@ at this $@. | test.cpp:142:10:142:13 | asdf | asdf | test.cpp:138:12:138:15 | Load: * ... | read |
| test.cpp:136:9:136:16 | PointerAdd: ... += ... | test.cpp:143:18:143:21 | asdf | test.cpp:138:13:138:15 | arr | This pointer arithmetic may have an off-by-2 error allowing it to overrun $@ at this $@. | test.cpp:142:10:142:13 | asdf | asdf | test.cpp:138:12:138:15 | Load: * ... | read |
| test.cpp:156:12:156:18 | PointerAdd: ... + ... | test.cpp:154:7:154:9 | definition of buf | test.cpp:147:4:147:9 | -- ... | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:154:7:154:9 | buf | buf | test.cpp:147:3:147:13 | Store: ... = ... | write |
| test.cpp:156:12:156:18 | PointerAdd: ... + ... | test.cpp:156:12:156:14 | buf | test.cpp:147:4:147:9 | -- ... | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:154:7:154:9 | buf | buf | test.cpp:147:3:147:13 | Store: ... = ... | write |
| test.cpp:221:5:221:11 | PointerAdd: access to array | test.cpp:217:19:217:24 | definition of buffer | test.cpp:221:5:221:11 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:217:19:217:24 | buffer | buffer | test.cpp:221:5:221:15 | Store: ... = ... | write |
| test.cpp:221:5:221:11 | PointerAdd: access to array | test.cpp:218:23:218:28 | buffer | test.cpp:221:5:221:11 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:217:19:217:24 | buffer | buffer | test.cpp:221:5:221:15 | Store: ... = ... | write |
| test.cpp:232:5:232:10 | PointerAdd: access to array | test.cpp:228:10:228:14 | definition of array | test.cpp:232:5:232:10 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:228:10:228:14 | array | array | test.cpp:232:5:232:19 | Store: ... = ... | write |
| test.cpp:232:5:232:10 | PointerAdd: access to array | test.cpp:229:25:229:29 | array | test.cpp:232:5:232:10 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:228:10:228:14 | array | array | test.cpp:232:5:232:19 | Store: ... = ... | write |
| test.cpp:261:27:261:30 | PointerAdd: access to array | test.cpp:285:19:285:25 | definition of buffer2 | test.cpp:261:27:261:30 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:285:19:285:25 | buffer2 | buffer2 | test.cpp:261:27:261:30 | Load: access to array | read |
| test.cpp:261:27:261:30 | PointerAdd: access to array | test.cpp:286:19:286:25 | buffer2 | test.cpp:261:27:261:30 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:285:19:285:25 | buffer2 | buffer2 | test.cpp:261:27:261:30 | Load: access to array | read |
| test.cpp:299:16:299:21 | PointerAdd: access to array | test.cpp:308:9:308:12 | definition of arr2 | test.cpp:299:16:299:21 | access to array | This pointer arithmetic may have an off-by-1014 error allowing it to overrun $@ at this $@. | test.cpp:308:9:308:12 | arr2 | arr2 | test.cpp:299:16:299:21 | Load: access to array | read |
| test.cpp:299:16:299:21 | PointerAdd: access to array | test.cpp:309:20:309:23 | arr2 | test.cpp:299:16:299:21 | access to array | This pointer arithmetic may have an off-by-1014 error allowing it to overrun $@ at this $@. | test.cpp:308:9:308:12 | arr2 | arr2 | test.cpp:299:16:299:21 | Load: access to array | read |
| test.cpp:322:19:322:27 | PointerAdd: ... + ... | test.cpp:314:10:314:13 | definition of temp | test.cpp:325:24:325:26 | end | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:314:10:314:13 | temp | temp | test.cpp:330:13:330:24 | Store: ... = ... | write |
| test.cpp:322:19:322:27 | PointerAdd: ... + ... | test.cpp:314:10:314:13 | definition of temp | test.cpp:325:24:325:26 | end | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:314:10:314:13 | temp | temp | test.cpp:331:13:331:24 | Store: ... = ... | write |
| test.cpp:322:19:322:27 | PointerAdd: ... + ... | test.cpp:314:10:314:13 | definition of temp | test.cpp:325:24:325:26 | end | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:314:10:314:13 | temp | temp | test.cpp:333:13:333:24 | Store: ... = ... | write |
| test.cpp:322:19:322:27 | PointerAdd: ... + ... | test.cpp:322:19:322:22 | temp | test.cpp:325:24:325:26 | end | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:314:10:314:13 | temp | temp | test.cpp:330:13:330:24 | Store: ... = ... | write |
| test.cpp:322:19:322:27 | PointerAdd: ... + ... | test.cpp:322:19:322:22 | temp | test.cpp:325:24:325:26 | end | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:314:10:314:13 | temp | temp | test.cpp:331:13:331:24 | Store: ... = ... | write |
| test.cpp:322:19:322:27 | PointerAdd: ... + ... | test.cpp:322:19:322:22 | temp | test.cpp:325:24:325:26 | end | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:314:10:314:13 | temp | temp | test.cpp:333:13:333:24 | Store: ... = ... | write |

4
cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-consistency.expected
View File

@@ -181,6 +181,10 @@ postWithInFlow
| test.cpp:1108:4:1108:4 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:1109:3:1109:4 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:1109:4:1109:4 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:1138:3:1138:13 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:1138:5:1138:8 | data [inner post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:1139:3:1139:7 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:1139:4:1139:7 | data [inner post update] | PostUpdateNode should not be the target of local flow. |
viableImplInCallContextTooLarge
uniqueParameterNodeAtPosition
uniqueParameterNodePosition

3
cpp/ql/test/library-tests/dataflow/dataflow-tests/test-source-sink.expected
View File

@@ -132,6 +132,8 @@ astFlow
| test.cpp:1069:9:1069:14 | call to source | test.cpp:1074:10:1074:10 | i |
| test.cpp:1069:9:1069:14 | call to source | test.cpp:1082:10:1082:10 | i |
| test.cpp:1086:12:1086:12 | a | test.cpp:1088:8:1088:9 | & ... |
| test.cpp:1137:7:1137:10 | data | test.cpp:1140:8:1140:18 | * ... |
| test.cpp:1138:17:1138:22 | call to source | test.cpp:1140:8:1140:18 | * ... |
| true_upon_entry.cpp:17:11:17:16 | call to source | true_upon_entry.cpp:21:8:21:8 | x |
| true_upon_entry.cpp:27:9:27:14 | call to source | true_upon_entry.cpp:29:8:29:8 | x |
| true_upon_entry.cpp:33:11:33:16 | call to source | true_upon_entry.cpp:39:8:39:8 | x |
@@ -324,6 +326,7 @@ irFlow
| test.cpp:1069:9:1069:14 | call to source | test.cpp:1081:10:1081:10 | i |
| test.cpp:1117:27:1117:34 | call to source | test.cpp:1117:27:1117:34 | call to source |
| test.cpp:1132:11:1132:16 | call to source | test.cpp:1121:8:1121:8 | x |
| test.cpp:1138:17:1138:22 | call to source | test.cpp:1140:8:1140:18 | * ... |
| true_upon_entry.cpp:9:11:9:16 | call to source | true_upon_entry.cpp:13:8:13:8 | x |
| true_upon_entry.cpp:17:11:17:16 | call to source | true_upon_entry.cpp:21:8:21:8 | x |
| true_upon_entry.cpp:27:9:27:14 | call to source | true_upon_entry.cpp:29:8:29:8 | x |

7
cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp
View File

@@ -1131,4 +1131,11 @@ void (*dispatch_table[])(int) = {
void test_dispatch_table(int i) {
int x = source();
dispatch_table[i](x);
}
void test_uncertain_array(int n1, int n2) {
int data[10];
*(data + 1) = source();
*data = 0;
sink(*(data + 1)); // $ ast=1138:17 ast=1137:7 ir
}

3
cpp/ql/test/library-tests/dataflow/dataflow-tests/uninitialized.expected
View File

@@ -56,3 +56,6 @@
| test.cpp:796:12:796:12 | a | test.cpp:798:17:798:17 | a |
| test.cpp:1086:12:1086:12 | a | test.cpp:1087:3:1087:3 | a |
| test.cpp:1086:12:1086:12 | a | test.cpp:1088:9:1088:9 | a |
| test.cpp:1137:7:1137:10 | data | test.cpp:1138:5:1138:8 | data |
| test.cpp:1137:7:1137:10 | data | test.cpp:1139:4:1139:7 | data |
| test.cpp:1137:7:1137:10 | data | test.cpp:1140:10:1140:13 | data |

10
cpp/ql/test/library-tests/dataflow/external-models/flow.expected
View File

@@ -10,14 +10,14 @@ edges
| asio_streams.cpp:100:44:100:62 | call to buffer | asio_streams.cpp:103:29:103:39 | *send_buffer | provenance | Sink:MaD:6 |
| asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | provenance | |
| asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:100:44:100:62 | call to buffer | provenance | MaD:10 |
| test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | test.cpp:4:5:4:11 | [summary] to write: ReturnValue in ymlStep | provenance | MaD:644 |
| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:7:10:7:18 | call to ymlSource | provenance | Src:MaD:642 |
| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:11:10:11:10 | x | provenance | Sink:MaD:643 |
| test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | test.cpp:4:5:4:11 | [summary] to write: ReturnValue in ymlStep | provenance | MaD:801 |
| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:7:10:7:18 | call to ymlSource | provenance | Src:MaD:799 |
| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:11:10:11:10 | x | provenance | Sink:MaD:800 |
| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:13:18:13:18 | x | provenance | |
| test.cpp:13:10:13:16 | call to ymlStep | test.cpp:13:10:13:16 | call to ymlStep | provenance | |
| test.cpp:13:10:13:16 | call to ymlStep | test.cpp:15:10:15:10 | y | provenance | Sink:MaD:643 |
| test.cpp:13:10:13:16 | call to ymlStep | test.cpp:15:10:15:10 | y | provenance | Sink:MaD:800 |
| test.cpp:13:18:13:18 | x | test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | provenance | |
| test.cpp:13:18:13:18 | x | test.cpp:13:10:13:16 | call to ymlStep | provenance | MaD:644 |
| test.cpp:13:18:13:18 | x | test.cpp:13:10:13:16 | call to ymlStep | provenance | MaD:801 |
nodes
| asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | semmle.label | [summary param] *0 in buffer |
| asio_streams.cpp:56:18:56:23 | [summary] to write: ReturnValue in buffer | semmle.label | [summary] to write: ReturnValue in buffer |

20
cpp/ql/test/library-tests/dataflow/external-models/validatemodels.expected
View File

@@ -1,8 +1,28 @@
| Dubious member name "operator BSTR" in summary model. |
| Dubious member name "operator HKEY" in summary model. |
| Dubious member name "operator LPCSTR" in summary model. |
| Dubious member name "operator LPSAFEARRAY" in summary model. |
| Dubious member name "operator LPSTR" in summary model. |
| Dubious member name "operator LPWSTR" in summary model. |
| Dubious member name "operator PCXSTR" in summary model. |
| Dubious member name "operator&" in summary model. |
| Dubious member name "operator*" in summary model. |
| Dubious member name "operator+=" in summary model. |
| Dubious member name "operator->" in summary model. |
| Dubious member name "operator=" in summary model. |
| Dubious member name "operator[]" in summary model. |
| Dubious signature "(CAtlFile &)" in summary model. |
| Dubious signature "(CComBSTR &&)" in summary model. |
| Dubious signature "(CRegKey &)" in summary model. |
| Dubious signature "(DWORD &,LPCTSTR)" in summary model. |
| Dubious signature "(InputIterator,InputIterator,const Allocator &)" in summary model. |
| Dubious signature "(LPCTSTR,DWORD *,void *,ULONG *)" in summary model. |
| Dubious signature "(LPTSTR,LPCTSTR,DWORD *)" in summary model. |
| Dubious signature "(const CComBSTR &)" in summary model. |
| Dubious signature "(const CComSafeArray &)" in summary model. |
| Dubious signature "(const SAFEARRAY &)" in summary model. |
| Dubious signature "(const SAFEARRAY *)" in summary model. |
| Dubious signature "(const T &,BOOL)" in summary model. |
| Dubious signature "(const deque &)" in summary model. |
| Dubious signature "(const deque &,const Allocator &)" in summary model. |
| Dubious signature "(const forward_list &)" in summary model. |

389
cpp/ql/test/library-tests/dataflow/source-sink-tests/atl.cpp Normal file
View File

@@ -0,0 +1,389 @@
typedef void* HANDLE;
typedef long LONG;
typedef LONG HRESULT;
typedef const char* LPCTSTR;
typedef unsigned long DWORD;
typedef unsigned long ULONG;
typedef void* PVOID;
typedef void* LPVOID;
typedef bool BOOL;
typedef const void* LPCVOID;
typedef unsigned long long ULONGLONG;
typedef long long LONGLONG;
typedef unsigned long* ULONG_PTR;
typedef char *LPTSTR;
typedef DWORD* LPDWORD;
typedef ULONG REGSAM;
typedef DWORD SECURITY_INFORMATION, *PSECURITY_INFORMATION;
typedef PVOID PSECURITY_DESCRIPTOR;
typedef struct _GUID {
unsigned long Data1;
unsigned short Data2;
unsigned short Data3;
unsigned char Data4[8];
} GUID;
typedef GUID* REFGUID;
typedef struct _SECURITY_ATTRIBUTES {
DWORD nLength;
LPVOID lpSecurityDescriptor;
BOOL bInheritHandle;
} SECURITY_ATTRIBUTES, *PSECURITY_ATTRIBUTES, *LPSECURITY_ATTRIBUTES;
typedef struct _FILETIME {
DWORD dwLowDateTime;
DWORD dwHighDateTime;
} FILETIME, *PFILETIME, *LPFILETIME;
using size_t = decltype(sizeof(int));
using SIZE_T = size_t;
typedef struct _OVERLAPPED {
ULONG_PTR Internal;
ULONG_PTR InternalHigh;
union {
struct {
DWORD Offset;
DWORD OffsetHigh;
} DUMMYSTRUCTNAME;
PVOID Pointer;
} DUMMYUNIONNAME;
HANDLE hEvent;
} OVERLAPPED, *LPOVERLAPPED;
using LPOVERLAPPED_COMPLETION_ROUTINE = void(DWORD, DWORD, LPOVERLAPPED);
using HKEY = void*;
class CAtlTransactionManager;
class CHandle {
CHandle() throw();
CHandle(CHandle& h) throw();
explicit CHandle(HANDLE h) throw();
};
struct CAtlFile : public CHandle {
CAtlFile() throw();
CAtlFile(CAtlTransactionManager* pTM) throw();
CAtlFile(CAtlFile& file) throw();
explicit CAtlFile(HANDLE hFile) throw();
HRESULT Create(
LPCTSTR szFilename,
DWORD dwDesiredAccess,
DWORD dwShareMode,
DWORD dwCreationDisposition,
DWORD dwFlagsAndAttributes,
LPSECURITY_ATTRIBUTES lpsa,
HANDLE hTemplateFile) throw();
HRESULT Flush() throw();
HRESULT GetOverlappedResult(
LPOVERLAPPED pOverlapped,
DWORD& dwBytesTransferred,
BOOL bWait
) throw();
HRESULT GetPosition(ULONGLONG& nPos) const throw();
HRESULT GetSize(ULONGLONG& nLen) const throw();
HRESULT LockRange(ULONGLONG nPos, ULONGLONG nCount) throw();
HRESULT Read(
LPVOID pBuffer,
DWORD nBufSize) throw();
HRESULT Read(
LPVOID pBuffer,
DWORD nBufSize,
DWORD& nBytesRead) throw();
HRESULT Read(
LPVOID pBuffer,
DWORD nBufSize,
LPOVERLAPPED pOverlapped) throw();
HRESULT Read(
LPVOID pBuffer,
DWORD nBufSize,
LPOVERLAPPED pOverlapped,
LPOVERLAPPED_COMPLETION_ROUTINE pfnCompletionRoutine) throw();
HRESULT Seek(
LONGLONG nOffset,
DWORD dwFrom) throw();
HRESULT SetSize(ULONGLONG nNewLen) throw();
HRESULT UnlockRange(ULONGLONG nPos, ULONGLONG nCount) throw();
HRESULT Write(
LPCVOID pBuffer,
DWORD nBufSize,
LPOVERLAPPED pOverlapped,
LPOVERLAPPED_COMPLETION_ROUTINE pfnCompletionRoutine) throw();
HRESULT Write(
LPCVOID pBuffer,
DWORD nBufSize,
DWORD* pnBytesWritten) throw();
HRESULT Write(
LPCVOID pBuffer,
DWORD nBufSize,
LPOVERLAPPED pOverlapped) throw();
};
void test_CAtlFile() {
CAtlFile catFile;
char buffer[1024];
catFile.Read(buffer, 1024); // $ local_source
}
struct CAtlFileMappingBase {
CAtlFileMappingBase(CAtlFileMappingBase& orig);
CAtlFileMappingBase() throw();
~CAtlFileMappingBase() throw();
HRESULT CopyFrom(CAtlFileMappingBase& orig) throw();
void* GetData() const throw();
HANDLE GetHandle() throw ();
SIZE_T GetMappingSize() throw();
HRESULT MapFile(
HANDLE hFile,
SIZE_T nMappingSize,
ULONGLONG nOffset,
DWORD dwMappingProtection,
DWORD dwViewDesiredAccess) throw();
HRESULT MapSharedMem(
SIZE_T nMappingSize,
LPCTSTR szName,
BOOL* pbAlreadyExisted,
LPSECURITY_ATTRIBUTES lpsa,
DWORD dwMappingProtection,
DWORD dwViewDesiredAccess) throw();
HRESULT OpenMapping(
LPCTSTR szName,
SIZE_T nMappingSize,
ULONGLONG nOffset,
DWORD dwViewDesiredAccess) throw();
HRESULT Unmap() throw();
};
template <typename T>
struct CAtlFileMapping : public CAtlFileMappingBase {
operator T*() const throw();
};
void test_CAtlFileMapping(CAtlFileMapping<char> mapping) {
char* data = static_cast<char*>(mapping); // $ local_source
void* data2 = mapping.GetData(); // $ local_source
}
struct CAtlTemporaryFile {
CAtlTemporaryFile() throw();
~CAtlTemporaryFile() throw();
HRESULT Close(LPCTSTR szNewName) throw();
HRESULT Create(LPCTSTR pszDir, DWORD dwDesiredAccess) throw();
HRESULT Flush() throw();
HRESULT GetPosition(ULONGLONG& nPos) const throw();
HRESULT GetSize(ULONGLONG& nLen) const throw();
HRESULT HandsOff() throw();
HRESULT HandsOn() throw();
HRESULT LockRange(ULONGLONG nPos, ULONGLONG nCount) throw();
HRESULT Read(
LPVOID pBuffer,
DWORD nBufSize,
DWORD& nBytesRead) throw();
HRESULT Seek(LONGLONG nOffset, DWORD dwFrom) throw();
HRESULT SetSize(ULONGLONG nNewLen) throw();
LPCTSTR TempFileName() throw();
HRESULT UnlockRange(ULONGLONG nPos, ULONGLONG nCount) throw();
HRESULT Write(
LPCVOID pBuffer,
DWORD nBufSize,
DWORD* pnBytesWritten) throw();
operator HANDLE() throw();
};
void test_CAtlTemporaryFile() {
CAtlTemporaryFile file;
char buffer[1024];
DWORD bytesRead;
file.Read(buffer, 1024, bytesRead); // $ local_source
}
struct CRegKey {
CRegKey() throw();
CRegKey(CRegKey& key) throw();
explicit CRegKey(HKEY hKey) throw();
CRegKey(CAtlTransactionManager* pTM) throw();
~CRegKey() throw();
void Attach(HKEY hKey) throw();
LONG Close() throw();
LONG Create(
HKEY hKeyParent,
LPCTSTR lpszKeyName,
LPTSTR lpszClass,
DWORD dwOptions,
REGSAM samDesired,
LPSECURITY_ATTRIBUTES lpSecAttr,
LPDWORD lpdwDisposition) throw();
LONG DeleteSubKey(LPCTSTR lpszSubKey) throw();
LONG DeleteValue(LPCTSTR lpszValue) throw();
HKEY Detach() throw();
LONG EnumKey(
DWORD iIndex,
LPTSTR pszName,
LPDWORD pnNameLength,
FILETIME* pftLastWriteTime) throw();
LONG Flush() throw();
LONG GetKeySecurity(
SECURITY_INFORMATION si,
PSECURITY_DESCRIPTOR psd,
LPDWORD pnBytes) throw();
LONG NotifyChangeKeyValue(
BOOL bWatchSubtree,
DWORD dwNotifyFilter,
HANDLE hEvent,
BOOL bAsync) throw();
LONG Open(
HKEY hKeyParent,
LPCTSTR lpszKeyName,
REGSAM samDesired) throw();
LONG QueryBinaryValue(
LPCTSTR pszValueName,
void* pValue,
ULONG* pnBytes) throw();
LONG QueryDWORDValue(
LPCTSTR pszValueName,
DWORD& dwValue) throw();
LONG QueryGUIDValue(
LPCTSTR pszValueName,
GUID& guidValue) throw();
LONG QueryMultiStringValue(
LPCTSTR pszValueName,
LPTSTR pszValue,
ULONG* pnChars) throw();
LONG QueryQWORDValue(
LPCTSTR pszValueName,
ULONGLONG& qwValue) throw();
LONG QueryStringValue(
LPCTSTR pszValueName,
LPTSTR pszValue,
ULONG* pnChars) throw();
LONG QueryValue(
LPCTSTR pszValueName,
DWORD* pdwType,
void* pData,
ULONG* pnBytes) throw();
LONG QueryValue(
DWORD& dwValue,
LPCTSTR lpszValueName);
LONG QueryValue(
LPTSTR szValue,
LPCTSTR lpszValueName,
DWORD* pdwCount);
LONG RecurseDeleteKey(LPCTSTR lpszKey) throw();
LONG SetBinaryValue(
LPCTSTR pszValueName,
const void* pValue,
ULONG nBytes) throw();
LONG SetDWORDValue(LPCTSTR pszValueName, DWORD dwValue) throw();
LONG SetGUIDValue(LPCTSTR pszValueName, REFGUID guidValue) throw();
LONG SetKeySecurity(SECURITY_INFORMATION si, PSECURITY_DESCRIPTOR psd) throw();
LONG SetKeyValue(
LPCTSTR lpszKeyName,
LPCTSTR lpszValue,
LPCTSTR lpszValueName) throw();
LONG SetMultiStringValue(LPCTSTR pszValueName, LPCTSTR pszValue) throw();
LONG SetQWORDValue(LPCTSTR pszValueName, ULONGLONG qwValue) throw();
LONG SetStringValue(
LPCTSTR pszValueName,
LPCTSTR pszValue,
DWORD dwType) throw();
LONG SetValue(
LPCTSTR pszValueName,
DWORD dwType,
const void* pValue,
ULONG nBytes) throw();
static LONG SetValue(
HKEY hKeyParent,
LPCTSTR lpszKeyName,
LPCTSTR lpszValue,
LPCTSTR lpszValueName);
LONG SetValue(
DWORD dwValue,
LPCTSTR lpszValueName);
LONG SetValue(
LPCTSTR lpszValue,
LPCTSTR lpszValueName,
bool bMulti,
int nValueLen);
operator HKEY() const throw();
CRegKey& operator= (CRegKey& key) throw();
HKEY m_hKey;
};
void test_CRegKey() {
CRegKey key;
char data[1024];
ULONG bytesRead;
key.QueryBinaryValue("foo", data, &bytesRead); // $ local_source
DWORD value;
key.QueryDWORDValue("foo", value); // $ local_source
GUID guid;
key.QueryGUIDValue("foo", guid); // $ local_source
key.QueryMultiStringValue("foo", data, &bytesRead); // $ local_source
ULONGLONG qword;
key.QueryQWORDValue("foo", qword); // $ local_source
key.QueryStringValue("foo", data, &bytesRead); // $ local_source
key.QueryValue(data, "foo", &bytesRead); // $ local_source
DWORD type;
key.QueryValue("foo", &type, data, &bytesRead); // $ local_source
DWORD value2;
key.QueryValue(value2, "foo"); // $ local_source
}

900
cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp Normal file
View File

@@ -0,0 +1,900 @@
namespace {
template<typename T> T source();
template<typename T> T* indirect_source();
void sink(...);
}
typedef unsigned int UINT;
typedef long LONG;
typedef void* LPVOID;
typedef void* PVOID;
typedef bool BOOL;
typedef char* PSTR, *LPSTR;
typedef const char* LPCTSTR;
typedef unsigned short WORD;
typedef unsigned long DWORD;
typedef void* HANDLE;
typedef LONG HRESULT;
typedef unsigned long ULONG;
typedef const char* LPCSTR;
typedef wchar_t OLECHAR;
typedef OLECHAR* LPOLESTR;
typedef const LPOLESTR LPCOLESTR;
typedef OLECHAR* BSTR;
typedef wchar_t* LPWSTR, *PWSTR;
typedef BSTR* LPBSTR;
typedef unsigned short USHORT;
typedef char *LPTSTR;
struct __POSITION { int unused; };
typedef __POSITION* POSITION;
typedef WORD ATL_URL_PORT;
enum ATL_URL_SCHEME{
ATL_URL_SCHEME_UNKNOWN = -1,
ATL_URL_SCHEME_FTP = 0,
ATL_URL_SCHEME_GOPHER = 1,
ATL_URL_SCHEME_HTTP = 2,
ATL_URL_SCHEME_HTTPS = 3,
ATL_URL_SCHEME_FILE = 4,
ATL_URL_SCHEME_NEWS = 5,
ATL_URL_SCHEME_MAILTO = 6,
ATL_URL_SCHEME_SOCKS = 7
};
using HINSTANCE = void*;
using size_t = decltype(sizeof(int));
using SIZE_T = size_t;
#define NULL nullptr
typedef struct tagSAFEARRAYBOUND {
ULONG cElements;
LONG lLbound;
} SAFEARRAYBOUND, *LPSAFEARRAYBOUND;
typedef struct tagVARIANT {
/* ... */
} VARIANT;
typedef struct tagSAFEARRAY {
USHORT cDims;
USHORT fFeatures;
ULONG cbElements;
ULONG cLocks;
PVOID pvData;
SAFEARRAYBOUND rgsabound[1];
} SAFEARRAY, *LPSAFEARRAY;
struct _U_STRINGorID {
_U_STRINGorID(UINT nID);
_U_STRINGorID(LPCTSTR lpString);
LPCTSTR m_lpstr;
};
void test__U_STRINGorID() {
{
UINT x = source<UINT>();
_U_STRINGorID u(x);
sink(u.m_lpstr); // $ ir
}
{
LPCTSTR y = indirect_source<const char>();
_U_STRINGorID u(y);
sink(u.m_lpstr); // $ ir
}
}
template <int t_nBufferLength>
struct CA2AEX {
LPSTR m_psz;
char m_szBuffer[t_nBufferLength];
CA2AEX(LPCSTR psz, UINT nCodePage);
CA2AEX(LPCSTR psz);
~CA2AEX();
operator LPSTR() const throw();
};
void test_CA2AEX() {
{
LPSTR x = indirect_source<char>();
CA2AEX<128> a(x);
sink(static_cast<LPSTR>(a)); // $ ir
sink(a.m_psz); // $ ir
sink(a.m_szBuffer); // $ ir
}
{
LPSTR x = indirect_source<char>();
CA2AEX<128> a(x, 0);
sink(static_cast<LPSTR>(a)); // $ ir
sink(a.m_psz); // $ ir
sink(a.m_szBuffer); // $ ir
}
}
template<int t_nBufferLength>
struct CA2CAEX {
CA2CAEX(LPCSTR psz, UINT nCodePage) ;
CA2CAEX(LPCSTR psz) ;
~CA2CAEX() throw();
operator LPCSTR() const throw();
LPCSTR m_psz;
};
void test_CA2CAEX() {
LPCSTR x = indirect_source<char>();
{
CA2CAEX<128> a(x);
sink(static_cast<LPCSTR>(a)); // $ ir
sink(a.m_psz); // $ ir
sink(a.m_psz); // $ ir
}
{
CA2CAEX<128> a(x, 0);
sink(static_cast<LPCSTR>(a)); // $ ir
sink(a.m_psz); // $ ir
sink(a.m_psz); // $ ir
}
}
template <int t_nBufferLength>
struct CA2WEX {
CA2WEX(LPCSTR psz, UINT nCodePage) ;
CA2WEX(LPCSTR psz) ;
~CA2WEX() throw();
operator LPWSTR() const throw();
LPWSTR m_psz;
wchar_t m_szBuffer[t_nBufferLength];
};
void test_CA2WEX() {
LPCSTR x = indirect_source<char>();
{
CA2WEX<128> a(x);
sink(static_cast<LPWSTR>(a)); // $ ir
sink(a.m_psz); // $ ir
sink(a.m_psz); // $ ir
}
{
CA2WEX<128> a(x, 0);
sink(static_cast<LPWSTR>(a)); // $ ir
sink(a.m_psz); // $ ir
sink(a.m_psz); // $ ir
}
}
template<typename T>
struct CElementTraitsBase {
typedef const T& INARGTYPE;
typedef T& OUTARGTYPE;
static void CopyElements(T* pDest, const T* pSrc, size_t nElements);
static void RelocateElements(T* pDest, T* pSrc, size_t nElements);
};
template <typename T>
struct CDefaultElementTraits : public CElementTraitsBase<T> {};
template<typename T>
struct CElementTraits : public CDefaultElementTraits<T> {};
template<typename E, class ETraits = CElementTraits<E>>
struct CAtlArray {
using INARGTYPE = typename ETraits::INARGTYPE;
using OUTARGTYPE = typename ETraits::OUTARGTYPE;
CAtlArray() throw();
~CAtlArray() throw();
size_t Add(INARGTYPE element);
size_t Add();
size_t Append(const CAtlArray<E, ETraits>& aSrc);
void Copy(const CAtlArray<E, ETraits>& aSrc);
const E& GetAt(size_t iElement) const throw();
E& GetAt(size_t iElement) throw();
size_t GetCount() const throw();
E* GetData() throw();
const E* GetData() const throw();
void InsertArrayAt(size_t iStart, const CAtlArray<E, ETraits>* paNew);
void InsertAt(size_t iElement, INARGTYPE element, size_t nCount);
bool IsEmpty() const throw();
void RemoveAll() throw();
void RemoveAt(size_t iElement, size_t nCount);
void SetAt(size_t iElement, INARGTYPE element);
void SetAtGrow(size_t iElement, INARGTYPE element);
bool SetCount(size_t nNewSize, int nGrowBy);
E& operator[](size_t ielement) throw();
const E& operator[](size_t ielement) const throw();
};
void test_CAtlArray() {
int x = source<int>();
{
CAtlArray<int> a;
a.Add(x);
sink(a[0]); // $ ir
a.Add(0);
sink(a[0]); // $ ir
CAtlArray<int> a2;
sink(a2[0]);
a2.Append(a);
sink(a2[0]); // $ ir
CAtlArray<int> a3;
sink(a3[0]);
a3.Copy(a2);
sink(a3[0]); // $ ir
sink(a3.GetAt(0)); // $ ir
sink(*a3.GetData()); // $ ir
CAtlArray<int> a4;
sink(a4.GetAt(0));
a4.InsertArrayAt(0, &a3);
sink(a4.GetAt(0)); // $ ir
}
{
CAtlArray<int> a5;
a5.InsertAt(0, source<int>(), 1);
sink(a5[0]); // $ ir
CAtlArray<int> a6;
a6.SetAtGrow(0, source<int>());
sink(a6[0]); // $ ir
}
}
template<typename E, class ETraits = CElementTraits<E>>
struct CAtlList {
using INARGTYPE = typename ETraits::INARGTYPE;
CAtlList(UINT nBlockSize) throw();
~CAtlList() throw();
POSITION AddHead();
POSITION AddHead(INARGTYPE element);
void AddHeadList(const CAtlList<E, ETraits>* plNew);
POSITION AddTail();
POSITION AddTail(INARGTYPE element);
void AddTailList(const CAtlList<E, ETraits>* plNew);
POSITION Find(INARGTYPE element, POSITION posStartAfter) const throw();
POSITION FindIndex(size_t iElement) const throw();
E& GetAt(POSITION pos) throw();
const E& GetAt(POSITION pos) const throw();
size_t GetCount() const throw();
E& GetHead() throw();
const E& GetHead() const throw();
POSITION GetHeadPosition() const throw();
E& GetNext(POSITION& pos) throw();
const E& GetNext(POSITION& pos) const throw();
E& GetPrev(POSITION& pos) throw();
const E& GetPrev(POSITION& pos) const throw();
E& GetTail() throw();
const E& GetTail() const throw();
POSITION GetTailPosition() const throw();
POSITION InsertAfter(POSITION pos, INARGTYPE element);
POSITION InsertBefore(POSITION pos, INARGTYPE element);
bool IsEmpty() const throw();
void MoveToHead(POSITION pos) throw();
void MoveToTail(POSITION pos) throw();
void RemoveAll() throw();
void RemoveAt(POSITION pos) throw();
E RemoveHead();
void RemoveHeadNoReturn() throw();
E RemoveTail();
void RemoveTailNoReturn() throw();
void SetAt(POSITION pos, INARGTYPE element);
void SwapElements(POSITION pos1, POSITION pos2) throw();
};
void test_CAtlList() {
int x = source<int>();
{
CAtlList<int> list(10);
sink(list.GetHead());
list.AddHead(x);
sink(list.GetHead()); // $ ir
CAtlList<int> list2(10);
list2.AddHeadList(&list);
sink(list2.GetHead()); // $ ir
CAtlList<int> list3(10);
list3.AddTail(x);
sink(list3.GetHead()); // $ ir
CAtlList<int> list4(10);
list4.AddTailList(&list3);
sink(list4.GetHead()); // $ ir
{
CAtlList<int> list5(10);
auto pos = list5.Find(x, list5.GetHeadPosition());
sink(list5.GetAt(pos)); // $ MISSING: ir
}
{
CAtlList<int> list6(10);
list6.AddHead(x);
auto pos = list6.FindIndex(0);
sink(list6.GetAt(pos)); // $ ir
}
{
CAtlList<int> list7(10);
auto pos = list7.GetTailPosition();
list7.InsertAfter(pos, x);
sink(list7.GetHead()); // $ ir
}
{
CAtlList<int> list8(10);
auto pos = list8.GetTailPosition();
list8.InsertBefore(pos, x);
sink(list8.GetHead()); // $ ir
}
{
CAtlList<int> list9(10);
list9.SetAt(list9.GetHeadPosition(), x);
sink(list9.GetHead()); // $ ir
}
}
int* p = indirect_source<int>();
{
CAtlList<int*> list(10);
sink(list.GetHead());
list.AddHead(p);
sink(list.GetHead()); // $ ir
CAtlList<int*> list2(10);
list2.AddHeadList(&list);
sink(list2.GetHead()); // $ ir
CAtlList<int*> list3(10);
list3.AddTail(p);
sink(list3.GetHead()); // $ ir
CAtlList<int*> list4(10);
list4.AddTailList(&list3);
sink(list4.GetHead()); // $ ir
{
CAtlList<int*> list5(10);
auto pos = list5.Find(p, list5.GetHeadPosition());
sink(list5.GetAt(pos)); // $ MISSING: ir
}
{
CAtlList<int*> list6(10);
list6.AddHead(p);
auto pos = list6.FindIndex(0);
sink(list6.GetAt(pos)); // $ ir
}
{
CAtlList<int*> list7(10);
auto pos = list7.GetTailPosition();
list7.InsertAfter(pos, p);
sink(list7.GetHead()); // $ ir
}
{
CAtlList<int*> list8(10);
auto pos = list8.GetTailPosition();
list8.InsertBefore(pos, p);
sink(list8.GetHead()); // $ ir
}
{
CAtlList<int*> list9(10);
list9.SetAt(list9.GetHeadPosition(), p);
sink(list9.GetHead()); // $ ir
}
}
}
struct IUnknown { };
struct ISequentialStream : public IUnknown { };
struct IStream : public ISequentialStream { };
struct CComBSTR {
CComBSTR() throw();
CComBSTR(const CComBSTR& src);
CComBSTR(int nSize);
CComBSTR(int nSize, LPCOLESTR sz);
CComBSTR(int nSize, LPCSTR sz);
CComBSTR(LPCOLESTR pSrc);
CComBSTR(LPCSTR pSrc);
CComBSTR(CComBSTR&& src) throw();
~CComBSTR();
HRESULT Append(const CComBSTR& bstrSrc) throw();
HRESULT Append(wchar_t ch) throw();
HRESULT Append(char ch) throw();
HRESULT Append(LPCOLESTR lpsz) throw();
HRESULT Append(LPCSTR lpsz) throw();
HRESULT Append(LPCOLESTR lpsz, int nLen) throw();
HRESULT AppendBSTR(BSTR p) throw();
HRESULT AppendBytes(const char* lpsz, int nLen) throw();
HRESULT ArrayToBSTR(const SAFEARRAY* pSrc) throw();
HRESULT AssignBSTR(const BSTR bstrSrc) throw();
void Attach(BSTR src) throw();
HRESULT BSTRToArray(LPSAFEARRAY* ppArray) throw();
unsigned int ByteLength() const throw();
BSTR Copy() const throw();
HRESULT CopyTo(BSTR* pbstr) throw();
HRESULT CopyTo(VARIANT* pvarDest) throw();
BSTR Detach() throw();
void Empty() throw();
unsigned int Length() const throw();
bool LoadString(HINSTANCE hInst, UINT nID) throw();
bool LoadString(UINT nID) throw();
HRESULT ReadFromStream(IStream* pStream) throw();
HRESULT ToUpper() throw();
HRESULT WriteToStream(IStream* pStream) throw();
operator BSTR() const throw();
BSTR* operator&() throw();
CComBSTR& operator+= (const CComBSTR& bstrSrc);
CComBSTR& operator+= (const LPCOLESTR pszSrc);
BSTR m_str;
};
LPSAFEARRAY getSafeArray() {
SAFEARRAY* safe = new SAFEARRAY;
safe->pvData = indirect_source<char>();
return safe;
}
void test_CComBSTR() {
char* x = indirect_source<char>();
{
CComBSTR b(x);
sink(b.m_str); // $ ir
CComBSTR b2(b);
sink(b2.m_str); // $ ir
}
{
CComBSTR b(10, x);
sink(b.m_str); // $ ir
}
{
CComBSTR b(x);
CComBSTR b2;
sink(b2.m_str);
b2 += b;
sink(b2.m_str); // $ ir
CComBSTR b3;
b3 += x;
sink(b3.m_str); // $ ir
sink(static_cast<BSTR>(b3)); // $ ir
sink(**&b3); // $ ir
CComBSTR b4;
b4.Append(source<char>());
sink(b4.m_str); // $ ir
CComBSTR b5;
b5.AppendBSTR(b4.m_str);
sink(b5.m_str); // $ ir
CComBSTR b6;
b6.AppendBytes(x, 10);
sink(b6.m_str); // $ ir
CComBSTR b7;
b7.ArrayToBSTR(getSafeArray());
sink(b7.m_str); // $ ir
CComBSTR b8;
b8.AssignBSTR(b7.m_str);
sink(b8.m_str); // $ ir
CComBSTR b9;
LPSAFEARRAY safe;
b9.Append(source<char>());
b9.BSTRToArray(&safe);
sink(safe->pvData); // $ ir
sink(b9.Copy()); // $ ir
}
wchar_t* w = indirect_source<wchar_t>();
{
CComBSTR b(w);
sink(b.m_str); // $ ir
CComBSTR b2;
b2.Attach(w);
sink(b2.m_str); // $ ir
}
{
CComBSTR b(10, w);
sink(b.m_str); // $ ir
}
}
template <typename T>
struct CComSafeArray {
CComSafeArray();
CComSafeArray(const SAFEARRAYBOUND& bound);
CComSafeArray(ULONG ulCount, LONG lLBound);
CComSafeArray(const SAFEARRAYBOUND* pBound, UINT uDims);
CComSafeArray(const CComSafeArray& saSrc);
CComSafeArray(const SAFEARRAY& saSrc);
CComSafeArray(const SAFEARRAY* psaSrc);
~CComSafeArray() throw();
HRESULT Add(const SAFEARRAY* psaSrc);
HRESULT Add(ULONG ulCount, const T* pT, BOOL bCopy);
HRESULT Add(const T& t, BOOL bCopy);
HRESULT Attach(const SAFEARRAY* psaSrc);
HRESULT CopyFrom(LPSAFEARRAY* ppArray);
HRESULT CopyTo(LPSAFEARRAY* ppArray);
HRESULT Create(const SAFEARRAYBOUND* pBound, UINT uDims);
HRESULT Create(ULONG ulCount, LONG lLBound);
HRESULT Destroy();
LPSAFEARRAY Detach();
T& GetAt(LONG lIndex) const;
ULONG GetCount(UINT uDim) const;
UINT GetDimensions() const;
LONG GetLowerBound(UINT uDim) const;
LPSAFEARRAY GetSafeArrayPtr() throw();
LONG GetUpperBound(UINT uDim) const;
bool IsSizable() const;
HRESULT MultiDimGetAt(const LONG* alIndex, T& t);
HRESULT MultiDimSetAt(const LONG* alIndex, const T& t);
HRESULT Resize(const SAFEARRAYBOUND* pBound);
HRESULT Resize(ULONG ulCount, LONG lLBound);
HRESULT SetAt(LONG lIndex, const T& t, BOOL bCopy);
operator LPSAFEARRAY() const;
T& operator[](long lindex) const;
T& operator[](int nindex) const;
LPSAFEARRAY m_psa;
};
void test_CComSafeArray() {
LPSAFEARRAY safe = getSafeArray();
sink(safe->pvData); // $ ir
{
CComSafeArray<int> c(safe);
sink(c[0]); // $ ir
sink(c.GetAt(0)); // $ ir
sink(c.GetSafeArrayPtr()->pvData); // $ ir
sink(c.m_psa->pvData); // $ ir
}
{
CComSafeArray<int> c;
sink(c[0]);
sink(c.GetAt(0));
sink(c.GetSafeArrayPtr()->pvData);
c.Add(safe);
sink(c[0]); // $ ir
sink(c.GetAt(0)); // $ ir
sink(c.GetSafeArrayPtr()->pvData); // $ ir
sink(static_cast<LPSAFEARRAY>(c)->pvData); // $ ir
}
{
CComSafeArray<int> c;
c.Add(source<int>(), true);
sink(c[0]); // $ ir
sink(c.GetAt(0)); // $ ir
sink(c.GetSafeArrayPtr()->pvData); // $ ir
}
{
CComSafeArray<int> c;
c.SetAt(0, source<int>(), true);
sink(c[0]); // $ ir
sink(c[0L]); // $ ir
}
}
template <typename StringType>
struct CPathT {
typedef StringType PCXSTR; // simplified
CPathT(PCXSTR pszPath);
CPathT(const CPathT<StringType>& path);
CPathT() throw();
void AddBackslash();
BOOL AddExtension(PCXSTR pszExtension);
BOOL Append(PCXSTR pszMore);
void BuildRoot(int iDrive);
void Canonicalize();
void Combine(PCXSTR pszDir, PCXSTR pszFile);
CPathT<StringType> CommonPrefix(PCXSTR pszOther);
BOOL CompactPathEx(UINT nMaxChars, DWORD dwFlags);
BOOL FileExists() const;
int FindExtension() const;
int FindFileName() const;
int GetDriveNumber() const;
StringType GetExtension() const;
BOOL IsDirectory() const;
BOOL IsFileSpec() const;
BOOL IsPrefix(PCXSTR pszPrefix) const;
BOOL IsRelative() const;
BOOL IsRoot() const;
BOOL IsSameRoot(PCXSTR pszOther) const;
BOOL IsUNC() const;
BOOL IsUNCServer() const;
BOOL IsUNCServerShare() const;
BOOL MakePretty();
BOOL MatchSpec(PCXSTR pszSpec) const;
void QuoteSpaces();
BOOL RelativePathTo(
PCXSTR pszFrom,
DWORD dwAttrFrom,
PCXSTR pszTo,
DWORD dwAttrTo);
void RemoveArgs();
void RemoveBackslash();
void RemoveBlanks();
void RemoveExtension();
BOOL RemoveFileSpec();
BOOL RenameExtension(PCXSTR pszExtension);
int SkipRoot() const;
void StripPath();
BOOL StripToRoot();
void UnquoteSpaces();
operator const StringType&() const throw();
operator PCXSTR() const throw();
operator StringType&() throw();
CPathT<StringType>& operator+=(PCXSTR pszMore);
StringType m_strPath;
};
using CPath = CPathT<char*>;
void test_CPathT() {
char* x = indirect_source<char>();
CPath p(x);
sink(static_cast<char*>(p)); // $ MISSING: ir
sink(p.m_strPath); // $ ir
CPath p2(p);
sink(p2.m_strPath); // $ ir
{
CPath p;
p.AddExtension(x);
sink(p.m_strPath); // $ ir
}
{
CPath p;
p.Append(x);
sink(p.m_strPath); // $ ir
CPath p2;
p2 += p;
sink(p2.m_strPath); // $ MISSING: ir // this requires flow through `operator StringType&()` which we can't yet model in MaD
CPath p3;
p3 += x;
sink(p3.m_strPath); // $ ir
}
{
CPath p;
p.Combine(x, nullptr);
sink(p.m_strPath); // $ ir
}
{
CPath p;
p.Combine(nullptr, x);
sink(p.m_strPath); // $ ir
}
{
CPath p;
auto p2 = p.CommonPrefix(x);
sink(p2.m_strPath); // $ ir
sink(p2.GetExtension()); // $ ir
}
}
template <class T>
struct CSimpleArray {
CSimpleArray(const CSimpleArray<T>& src);
CSimpleArray();
~CSimpleArray();
BOOL Add(const T& t);
int Find(const T& t) const;
T* GetData() const;
int GetSize() const;
BOOL Remove(const T& t);
void RemoveAll();
BOOL RemoveAt(int nIndex);
BOOL SetAtIndex(
int nIndex,
const T& t);
T& operator[](int nindex);
CSimpleArray<T> & operator=(const CSimpleArray<T>& src);
};
void test_CSimpleArray() {
int x = source<int>();
{
CSimpleArray<int> a;
a.Add(x);
sink(a[0]); // $ ir
a.Add(0);
sink(a[0]); // $ ir
CSimpleArray<int> a2;
sink(a2[0]);
a2 = a;
sink(a2[0]); // $ ir
}
{
CSimpleArray<int> a;
a.Add(x);
sink(a.GetData()); // $ ir
CSimpleArray<int> a2;
int pos = a2.Find(x);
sink(a2[pos]); // $ MISSING: ir
}
}
template <class TKey, class TVal>
struct CSimpleMap {
CSimpleMap();
~CSimpleMap();
BOOL Add(const TKey& key, const TVal& val);
int FindKey(const TKey& key) const;
int FindVal(const TVal& val) const;
TKey& GetKeyAt(int nIndex) const;
int GetSize() const;
TVal& GetValueAt(int nIndex) const;
TVal Lookup(const TKey& key) const;
BOOL Remove(const TKey& key);
void RemoveAll();
BOOL RemoveAt(int nIndex);
TKey ReverseLookup(const TVal& val) const;
BOOL SetAt(const TKey& key, const TVal& val);
BOOL SetAtIndex(int nIndex, const TKey& key, const TVal& val);
};
void test_CSimpleMap() {
wchar_t* x = source<wchar_t*>();
{
CSimpleMap<char*, wchar_t*> a;
a.Add("hello", x);
sink(a.Lookup("hello")); // $ ir
}
{
CSimpleMap<char*, wchar_t*> a;
auto pos = a.FindKey("hello");
sink(a.GetValueAt(pos)); // clean
}
{
CSimpleMap<char*, wchar_t*> a;
auto pos = a.FindVal(x);
sink(a.GetValueAt(pos)); // $ MISSING: ir
}
{
CSimpleMap<char*, wchar_t*> a;
auto key = a.ReverseLookup(x);
sink(key);
sink(a.Lookup(key)); // $ MISSING: ir
}
{
CSimpleMap<char*, wchar_t*> a;
a.SetAt("hello", x);
sink(a.Lookup("hello")); // $ ir
}
{
CSimpleMap<char*, wchar_t*> a;
a.SetAtIndex(0, "hello", x);
sink(a.Lookup("hello")); // $ ir
}
}
struct CUrl {
CUrl& operator= (const CUrl& urlThat) throw();
CUrl() throw();
CUrl(const CUrl& urlThat) throw();
~CUrl() throw();
inline BOOL Canonicalize(DWORD dwFlags) throw();
inline void Clear() throw();
BOOL CrackUrl(LPCTSTR lpszUrl, DWORD dwFlags) throw();
inline BOOL CreateUrl(LPTSTR lpszUrl, DWORD* pdwMaxLength, DWORD dwFlags) const throw();
inline LPCTSTR GetExtraInfo() const throw();
inline DWORD GetExtraInfoLength() const throw();
inline LPCTSTR GetHostName() const throw();
inline DWORD GetHostNameLength() const throw();
inline LPCTSTR GetPassword() const throw();
inline DWORD GetPasswordLength() const throw();
inline ATL_URL_PORT GetPortNumber() const throw();
inline ATL_URL_SCHEME GetScheme() const throw();
inline LPCTSTR GetSchemeName() const throw();
inline DWORD GetSchemeNameLength() const throw();
inline DWORD GetUrlLength() const throw();
inline LPCTSTR GetUrlPath() const throw();
inline DWORD GetUrlPathLength() const throw();
inline LPCTSTR GetUserName() const throw();
inline DWORD GetUserNameLength() const throw();
inline BOOL SetExtraInfo(LPCTSTR lpszInfo) throw();
inline BOOL SetHostName(LPCTSTR lpszHost) throw();
inline BOOL SetPassword(LPCTSTR lpszPass) throw();
inline BOOL SetPortNumber(ATL_URL_PORT nPrt) throw();
inline BOOL SetScheme(ATL_URL_SCHEME nScheme) throw();
inline BOOL SetSchemeName(LPCTSTR lpszSchm) throw();
inline BOOL SetUrlPath(LPCTSTR lpszPath) throw();
inline BOOL SetUserName(LPCTSTR lpszUser) throw();
};
void test_CUrl() {
char* x = indirect_source<char>();
CUrl url;
url.CrackUrl(x, 0);
sink(url); // $ ir
sink(url.GetExtraInfo()); // $ ir
sink(url.GetHostName()); // $ ir
sink(url.GetPassword()); // $ ir
sink(url.GetSchemeName()); // $ ir
sink(url.GetUrlPath()); // $ ir
sink(url.GetUserName()); // $ ir
{
CUrl url2;
DWORD len;
char buffer[1024];
url2.CrackUrl(x, 0);
url2.CreateUrl(buffer, &len, 0);
sink(buffer); // $ ast ir
}
{
CUrl url2;
url2.SetExtraInfo(x);
sink(url2); // $ ir
}
{
CUrl url2;
url2.SetHostName(x);
sink(url2); // $ ir
}
{
CUrl url2;
url2.SetPassword(x);
sink(url2); // $ ir
}
{
CUrl url2;
url2.SetSchemeName(x);
sink(url2); // $ ir
}
{
CUrl url2;
url2.SetUrlPath(x);
sink(url2); // $ ir
}
{
CUrl url2;
url2.SetUserName(x);
sink(url2); // $ ir
}
}

806
cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected
View File

@@ -140,6 +140,812 @@ WARNING: module 'TaintTracking' has been deprecated and may be removed in future
| arrayassignment.cpp:145:12:145:12 | 5 | arrayassignment.cpp:145:7:145:13 | access to array | TAINT |
| arrayassignment.cpp:146:7:146:10 | arr3 | arrayassignment.cpp:146:7:146:13 | access to array | |
| arrayassignment.cpp:146:12:146:12 | 5 | arrayassignment.cpp:146:7:146:13 | access to array | TAINT |
| atl.cpp:33:30:33:30 | 1 | atl.cpp:33:29:33:30 | - ... | TAINT |
| atl.cpp:77:14:77:25 | call to source | atl.cpp:78:21:78:21 | x | |
| atl.cpp:78:21:78:21 | x | atl.cpp:78:21:78:22 | call to _U_STRINGorID | TAINT |
| atl.cpp:78:21:78:22 | call to _U_STRINGorID | atl.cpp:79:10:79:10 | u | |
| atl.cpp:83:17:83:43 | call to indirect_source | atl.cpp:84:21:84:21 | y | |
| atl.cpp:84:21:84:21 | y | atl.cpp:84:21:84:22 | call to _U_STRINGorID | TAINT |
| atl.cpp:84:21:84:22 | call to _U_STRINGorID | atl.cpp:85:10:85:10 | u | |
| atl.cpp:104:15:104:35 | call to indirect_source | atl.cpp:105:19:105:19 | x | |
| atl.cpp:105:19:105:19 | x | atl.cpp:105:19:105:20 | call to CA2AEX | TAINT |
| atl.cpp:105:19:105:20 | call to CA2AEX | atl.cpp:106:29:106:29 | a | |
| atl.cpp:105:19:105:20 | call to CA2AEX | atl.cpp:107:10:107:10 | a | |
| atl.cpp:105:19:105:20 | call to CA2AEX | atl.cpp:108:10:108:10 | a | |
| atl.cpp:105:19:105:20 | call to CA2AEX | atl.cpp:109:3:109:3 | a | |
| atl.cpp:106:29:106:29 | ref arg a | atl.cpp:107:10:107:10 | a | |
| atl.cpp:106:29:106:29 | ref arg a | atl.cpp:108:10:108:10 | a | |
| atl.cpp:106:29:106:29 | ref arg a | atl.cpp:109:3:109:3 | a | |
| atl.cpp:107:10:107:10 | a [post update] | atl.cpp:108:10:108:10 | a | |
| atl.cpp:107:10:107:10 | a [post update] | atl.cpp:109:3:109:3 | a | |
| atl.cpp:108:10:108:10 | a [post update] | atl.cpp:109:3:109:3 | a | |
| atl.cpp:112:15:112:35 | call to indirect_source | atl.cpp:113:19:113:19 | x | |
| atl.cpp:113:19:113:23 | call to CA2AEX | atl.cpp:114:29:114:29 | a | |
| atl.cpp:113:19:113:23 | call to CA2AEX | atl.cpp:115:10:115:10 | a | |
| atl.cpp:113:19:113:23 | call to CA2AEX | atl.cpp:116:10:116:10 | a | |
| atl.cpp:113:19:113:23 | call to CA2AEX | atl.cpp:117:3:117:3 | a | |
| atl.cpp:114:29:114:29 | ref arg a | atl.cpp:115:10:115:10 | a | |
| atl.cpp:114:29:114:29 | ref arg a | atl.cpp:116:10:116:10 | a | |
| atl.cpp:114:29:114:29 | ref arg a | atl.cpp:117:3:117:3 | a | |
| atl.cpp:115:10:115:10 | a [post update] | atl.cpp:116:10:116:10 | a | |
| atl.cpp:115:10:115:10 | a [post update] | atl.cpp:117:3:117:3 | a | |
| atl.cpp:116:10:116:10 | a [post update] | atl.cpp:117:3:117:3 | a | |
| atl.cpp:130:14:130:34 | call to indirect_source | atl.cpp:132:20:132:20 | x | |
| atl.cpp:130:14:130:34 | call to indirect_source | atl.cpp:138:20:138:20 | x | |
| atl.cpp:132:20:132:20 | x | atl.cpp:132:20:132:21 | call to CA2CAEX | TAINT |
| atl.cpp:132:20:132:21 | call to CA2CAEX | atl.cpp:133:30:133:30 | a | |
| atl.cpp:132:20:132:21 | call to CA2CAEX | atl.cpp:134:10:134:10 | a | |
| atl.cpp:132:20:132:21 | call to CA2CAEX | atl.cpp:135:10:135:10 | a | |
| atl.cpp:132:20:132:21 | call to CA2CAEX | atl.cpp:136:3:136:3 | a | |
| atl.cpp:138:20:138:24 | call to CA2CAEX | atl.cpp:139:30:139:30 | a | |
| atl.cpp:138:20:138:24 | call to CA2CAEX | atl.cpp:140:10:140:10 | a | |
| atl.cpp:138:20:138:24 | call to CA2CAEX | atl.cpp:141:10:141:10 | a | |
| atl.cpp:138:20:138:24 | call to CA2CAEX | atl.cpp:142:3:142:3 | a | |
| atl.cpp:156:14:156:34 | call to indirect_source | atl.cpp:158:19:158:19 | x | |
| atl.cpp:156:14:156:34 | call to indirect_source | atl.cpp:164:19:164:19 | x | |
| atl.cpp:158:19:158:19 | x | atl.cpp:158:19:158:20 | call to CA2WEX | TAINT |
| atl.cpp:158:19:158:20 | call to CA2WEX | atl.cpp:159:30:159:30 | a | |
| atl.cpp:158:19:158:20 | call to CA2WEX | atl.cpp:160:10:160:10 | a | |
| atl.cpp:158:19:158:20 | call to CA2WEX | atl.cpp:161:10:161:10 | a | |
| atl.cpp:158:19:158:20 | call to CA2WEX | atl.cpp:162:3:162:3 | a | |
| atl.cpp:159:30:159:30 | ref arg a | atl.cpp:160:10:160:10 | a | |
| atl.cpp:159:30:159:30 | ref arg a | atl.cpp:161:10:161:10 | a | |
| atl.cpp:159:30:159:30 | ref arg a | atl.cpp:162:3:162:3 | a | |
| atl.cpp:160:10:160:10 | a [post update] | atl.cpp:161:10:161:10 | a | |
| atl.cpp:160:10:160:10 | a [post update] | atl.cpp:162:3:162:3 | a | |
| atl.cpp:160:12:160:16 | ref arg m_psz | atl.cpp:161:12:161:16 | m_psz | |
| atl.cpp:161:10:161:10 | a [post update] | atl.cpp:162:3:162:3 | a | |
| atl.cpp:164:19:164:23 | call to CA2WEX | atl.cpp:165:30:165:30 | a | |
| atl.cpp:164:19:164:23 | call to CA2WEX | atl.cpp:166:10:166:10 | a | |
| atl.cpp:164:19:164:23 | call to CA2WEX | atl.cpp:167:10:167:10 | a | |
| atl.cpp:164:19:164:23 | call to CA2WEX | atl.cpp:168:3:168:3 | a | |
| atl.cpp:165:30:165:30 | ref arg a | atl.cpp:166:10:166:10 | a | |
| atl.cpp:165:30:165:30 | ref arg a | atl.cpp:167:10:167:10 | a | |
| atl.cpp:165:30:165:30 | ref arg a | atl.cpp:168:3:168:3 | a | |
| atl.cpp:166:10:166:10 | a [post update] | atl.cpp:167:10:167:10 | a | |
| atl.cpp:166:10:166:10 | a [post update] | atl.cpp:168:3:168:3 | a | |
| atl.cpp:166:12:166:16 | ref arg m_psz | atl.cpp:167:12:167:16 | m_psz | |
| atl.cpp:167:10:167:10 | a [post update] | atl.cpp:168:3:168:3 | a | |
| atl.cpp:216:11:216:21 | call to source | atl.cpp:220:11:220:11 | x | |
| atl.cpp:219:20:219:20 | call to CAtlArray | atl.cpp:220:5:220:5 | a | |
| atl.cpp:219:20:219:20 | call to CAtlArray | atl.cpp:221:10:221:10 | a | |
| atl.cpp:219:20:219:20 | call to CAtlArray | atl.cpp:222:5:222:5 | a | |
| atl.cpp:219:20:219:20 | call to CAtlArray | atl.cpp:223:10:223:10 | a | |
| atl.cpp:219:20:219:20 | call to CAtlArray | atl.cpp:227:15:227:15 | a | |
| atl.cpp:219:20:219:20 | call to CAtlArray | atl.cpp:242:3:242:3 | a | |
| atl.cpp:220:5:220:5 | ref arg a | atl.cpp:221:10:221:10 | a | |
| atl.cpp:220:5:220:5 | ref arg a | atl.cpp:222:5:222:5 | a | |
| atl.cpp:220:5:220:5 | ref arg a | atl.cpp:223:10:223:10 | a | |
| atl.cpp:220:5:220:5 | ref arg a | atl.cpp:227:15:227:15 | a | |
| atl.cpp:220:5:220:5 | ref arg a | atl.cpp:242:3:242:3 | a | |
| atl.cpp:221:10:221:10 | ref arg a | atl.cpp:222:5:222:5 | a | |
| atl.cpp:221:10:221:10 | ref arg a | atl.cpp:223:10:223:10 | a | |
| atl.cpp:221:10:221:10 | ref arg a | atl.cpp:227:15:227:15 | a | |
| atl.cpp:221:10:221:10 | ref arg a | atl.cpp:242:3:242:3 | a | |
| atl.cpp:222:5:222:5 | ref arg a | atl.cpp:223:10:223:10 | a | |
| atl.cpp:222:5:222:5 | ref arg a | atl.cpp:227:15:227:15 | a | |
| atl.cpp:222:5:222:5 | ref arg a | atl.cpp:242:3:242:3 | a | |
| atl.cpp:223:10:223:10 | ref arg a | atl.cpp:227:15:227:15 | a | |
| atl.cpp:223:10:223:10 | ref arg a | atl.cpp:242:3:242:3 | a | |
| atl.cpp:225:20:225:21 | call to CAtlArray | atl.cpp:226:10:226:11 | a2 | |
| atl.cpp:225:20:225:21 | call to CAtlArray | atl.cpp:227:5:227:6 | a2 | |
| atl.cpp:225:20:225:21 | call to CAtlArray | atl.cpp:228:10:228:11 | a2 | |
| atl.cpp:225:20:225:21 | call to CAtlArray | atl.cpp:232:13:232:14 | a2 | |
| atl.cpp:225:20:225:21 | call to CAtlArray | atl.cpp:242:3:242:3 | a2 | |
| atl.cpp:226:10:226:11 | ref arg a2 | atl.cpp:227:5:227:6 | a2 | |
| atl.cpp:226:10:226:11 | ref arg a2 | atl.cpp:228:10:228:11 | a2 | |
| atl.cpp:226:10:226:11 | ref arg a2 | atl.cpp:232:13:232:14 | a2 | |
| atl.cpp:226:10:226:11 | ref arg a2 | atl.cpp:242:3:242:3 | a2 | |
| atl.cpp:227:5:227:6 | ref arg a2 | atl.cpp:228:10:228:11 | a2 | |
| atl.cpp:227:5:227:6 | ref arg a2 | atl.cpp:232:13:232:14 | a2 | |
| atl.cpp:227:5:227:6 | ref arg a2 | atl.cpp:242:3:242:3 | a2 | |
| atl.cpp:228:10:228:11 | ref arg a2 | atl.cpp:232:13:232:14 | a2 | |
| atl.cpp:228:10:228:11 | ref arg a2 | atl.cpp:242:3:242:3 | a2 | |
| atl.cpp:230:20:230:21 | call to CAtlArray | atl.cpp:231:10:231:11 | a3 | |
| atl.cpp:230:20:230:21 | call to CAtlArray | atl.cpp:232:5:232:6 | a3 | |
| atl.cpp:230:20:230:21 | call to CAtlArray | atl.cpp:233:10:233:11 | a3 | |
| atl.cpp:230:20:230:21 | call to CAtlArray | atl.cpp:235:10:235:11 | a3 | |
| atl.cpp:230:20:230:21 | call to CAtlArray | atl.cpp:236:11:236:12 | a3 | |
| atl.cpp:230:20:230:21 | call to CAtlArray | atl.cpp:240:26:240:27 | a3 | |
| atl.cpp:230:20:230:21 | call to CAtlArray | atl.cpp:242:3:242:3 | a3 | |
| atl.cpp:231:10:231:11 | ref arg a3 | atl.cpp:232:5:232:6 | a3 | |
| atl.cpp:231:10:231:11 | ref arg a3 | atl.cpp:233:10:233:11 | a3 | |
| atl.cpp:231:10:231:11 | ref arg a3 | atl.cpp:235:10:235:11 | a3 | |
| atl.cpp:231:10:231:11 | ref arg a3 | atl.cpp:236:11:236:12 | a3 | |
| atl.cpp:231:10:231:11 | ref arg a3 | atl.cpp:240:26:240:27 | a3 | |
| atl.cpp:231:10:231:11 | ref arg a3 | atl.cpp:242:3:242:3 | a3 | |
| atl.cpp:232:5:232:6 | ref arg a3 | atl.cpp:233:10:233:11 | a3 | |
| atl.cpp:232:5:232:6 | ref arg a3 | atl.cpp:235:10:235:11 | a3 | |
| atl.cpp:232:5:232:6 | ref arg a3 | atl.cpp:236:11:236:12 | a3 | |
| atl.cpp:232:5:232:6 | ref arg a3 | atl.cpp:240:26:240:27 | a3 | |
| atl.cpp:232:5:232:6 | ref arg a3 | atl.cpp:242:3:242:3 | a3 | |
| atl.cpp:233:10:233:11 | ref arg a3 | atl.cpp:235:10:235:11 | a3 | |
| atl.cpp:233:10:233:11 | ref arg a3 | atl.cpp:236:11:236:12 | a3 | |
| atl.cpp:233:10:233:11 | ref arg a3 | atl.cpp:240:26:240:27 | a3 | |
| atl.cpp:233:10:233:11 | ref arg a3 | atl.cpp:242:3:242:3 | a3 | |
| atl.cpp:235:10:235:11 | ref arg a3 | atl.cpp:236:11:236:12 | a3 | |
| atl.cpp:235:10:235:11 | ref arg a3 | atl.cpp:240:26:240:27 | a3 | |
| atl.cpp:235:10:235:11 | ref arg a3 | atl.cpp:242:3:242:3 | a3 | |
| atl.cpp:236:11:236:12 | ref arg a3 | atl.cpp:240:26:240:27 | a3 | |
| atl.cpp:236:11:236:12 | ref arg a3 | atl.cpp:242:3:242:3 | a3 | |
| atl.cpp:236:14:236:20 | call to GetData | atl.cpp:236:10:236:22 | * ... | TAINT |
| atl.cpp:238:20:238:21 | call to CAtlArray | atl.cpp:239:10:239:11 | a4 | |
| atl.cpp:238:20:238:21 | call to CAtlArray | atl.cpp:240:5:240:6 | a4 | |
| atl.cpp:238:20:238:21 | call to CAtlArray | atl.cpp:241:10:241:11 | a4 | |
| atl.cpp:238:20:238:21 | call to CAtlArray | atl.cpp:242:3:242:3 | a4 | |
| atl.cpp:239:10:239:11 | ref arg a4 | atl.cpp:240:5:240:6 | a4 | |
| atl.cpp:239:10:239:11 | ref arg a4 | atl.cpp:241:10:241:11 | a4 | |
| atl.cpp:239:10:239:11 | ref arg a4 | atl.cpp:242:3:242:3 | a4 | |
| atl.cpp:240:5:240:6 | ref arg a4 | atl.cpp:241:10:241:11 | a4 | |
| atl.cpp:240:5:240:6 | ref arg a4 | atl.cpp:242:3:242:3 | a4 | |
| atl.cpp:240:26:240:27 | a3 | atl.cpp:240:25:240:27 | & ... | |
| atl.cpp:241:10:241:11 | ref arg a4 | atl.cpp:242:3:242:3 | a4 | |
| atl.cpp:244:20:244:21 | call to CAtlArray | atl.cpp:245:5:245:6 | a5 | |
| atl.cpp:244:20:244:21 | call to CAtlArray | atl.cpp:246:10:246:11 | a5 | |
| atl.cpp:244:20:244:21 | call to CAtlArray | atl.cpp:251:3:251:3 | a5 | |
| atl.cpp:245:5:245:6 | ref arg a5 | atl.cpp:246:10:246:11 | a5 | |
| atl.cpp:245:5:245:6 | ref arg a5 | atl.cpp:251:3:251:3 | a5 | |
| atl.cpp:246:10:246:11 | ref arg a5 | atl.cpp:251:3:251:3 | a5 | |
| atl.cpp:248:20:248:21 | call to CAtlArray | atl.cpp:249:5:249:6 | a6 | |
| atl.cpp:248:20:248:21 | call to CAtlArray | atl.cpp:250:10:250:11 | a6 | |
| atl.cpp:248:20:248:21 | call to CAtlArray | atl.cpp:251:3:251:3 | a6 | |
| atl.cpp:249:5:249:6 | ref arg a6 | atl.cpp:250:10:250:11 | a6 | |
| atl.cpp:249:5:249:6 | ref arg a6 | atl.cpp:251:3:251:3 | a6 | |
| atl.cpp:250:10:250:11 | ref arg a6 | atl.cpp:251:3:251:3 | a6 | |
| atl.cpp:296:11:296:21 | call to source | atl.cpp:300:18:300:18 | x | |
| atl.cpp:296:11:296:21 | call to source | atl.cpp:308:19:308:19 | x | |
| atl.cpp:296:11:296:21 | call to source | atl.cpp:317:29:317:29 | x | |
| atl.cpp:296:11:296:21 | call to source | atl.cpp:323:21:323:21 | x | |
| atl.cpp:296:11:296:21 | call to source | atl.cpp:331:30:331:30 | x | |
| atl.cpp:296:11:296:21 | call to source | atl.cpp:338:31:338:31 | x | |
| atl.cpp:296:11:296:21 | call to source | atl.cpp:343:44:343:44 | x | |
| atl.cpp:298:24:298:25 | 10 | atl.cpp:298:24:298:26 | call to CAtlList | TAINT |
| atl.cpp:298:24:298:26 | call to CAtlList | atl.cpp:299:10:299:13 | list | |
| atl.cpp:298:24:298:26 | call to CAtlList | atl.cpp:300:5:300:8 | list | |
| atl.cpp:298:24:298:26 | call to CAtlList | atl.cpp:301:10:301:13 | list | |
| atl.cpp:298:24:298:26 | call to CAtlList | atl.cpp:304:24:304:27 | list | |
| atl.cpp:298:24:298:26 | call to CAtlList | atl.cpp:346:3:346:3 | list | |
| atl.cpp:299:10:299:13 | ref arg list | atl.cpp:300:5:300:8 | list | |
| atl.cpp:299:10:299:13 | ref arg list | atl.cpp:301:10:301:13 | list | |
| atl.cpp:299:10:299:13 | ref arg list | atl.cpp:304:24:304:27 | list | |
| atl.cpp:299:10:299:13 | ref arg list | atl.cpp:346:3:346:3 | list | |
| atl.cpp:300:5:300:8 | ref arg list | atl.cpp:301:10:301:13 | list | |
| atl.cpp:300:5:300:8 | ref arg list | atl.cpp:304:24:304:27 | list | |
| atl.cpp:300:5:300:8 | ref arg list | atl.cpp:346:3:346:3 | list | |
| atl.cpp:301:10:301:13 | ref arg list | atl.cpp:304:24:304:27 | list | |
| atl.cpp:301:10:301:13 | ref arg list | atl.cpp:346:3:346:3 | list | |
| atl.cpp:303:25:303:26 | 10 | atl.cpp:303:25:303:27 | call to CAtlList | TAINT |
| atl.cpp:303:25:303:27 | call to CAtlList | atl.cpp:304:5:304:9 | list2 | |
| atl.cpp:303:25:303:27 | call to CAtlList | atl.cpp:305:10:305:14 | list2 | |
| atl.cpp:303:25:303:27 | call to CAtlList | atl.cpp:346:3:346:3 | list2 | |
| atl.cpp:304:5:304:9 | ref arg list2 | atl.cpp:305:10:305:14 | list2 | |
| atl.cpp:304:5:304:9 | ref arg list2 | atl.cpp:346:3:346:3 | list2 | |
| atl.cpp:304:24:304:27 | list | atl.cpp:304:23:304:27 | & ... | |
| atl.cpp:305:10:305:14 | ref arg list2 | atl.cpp:346:3:346:3 | list2 | |
| atl.cpp:307:25:307:26 | 10 | atl.cpp:307:25:307:27 | call to CAtlList | TAINT |
| atl.cpp:307:25:307:27 | call to CAtlList | atl.cpp:308:5:308:9 | list3 | |
| atl.cpp:307:25:307:27 | call to CAtlList | atl.cpp:309:10:309:14 | list3 | |
| atl.cpp:307:25:307:27 | call to CAtlList | atl.cpp:312:24:312:28 | list3 | |
| atl.cpp:307:25:307:27 | call to CAtlList | atl.cpp:346:3:346:3 | list3 | |
| atl.cpp:308:5:308:9 | ref arg list3 | atl.cpp:309:10:309:14 | list3 | |
| atl.cpp:308:5:308:9 | ref arg list3 | atl.cpp:312:24:312:28 | list3 | |
| atl.cpp:308:5:308:9 | ref arg list3 | atl.cpp:346:3:346:3 | list3 | |
| atl.cpp:309:10:309:14 | ref arg list3 | atl.cpp:312:24:312:28 | list3 | |
| atl.cpp:309:10:309:14 | ref arg list3 | atl.cpp:346:3:346:3 | list3 | |
| atl.cpp:311:25:311:26 | 10 | atl.cpp:311:25:311:27 | call to CAtlList | TAINT |
| atl.cpp:311:25:311:27 | call to CAtlList | atl.cpp:312:5:312:9 | list4 | |
| atl.cpp:311:25:311:27 | call to CAtlList | atl.cpp:313:10:313:14 | list4 | |
| atl.cpp:311:25:311:27 | call to CAtlList | atl.cpp:346:3:346:3 | list4 | |
| atl.cpp:312:5:312:9 | ref arg list4 | atl.cpp:313:10:313:14 | list4 | |
| atl.cpp:312:5:312:9 | ref arg list4 | atl.cpp:346:3:346:3 | list4 | |
| atl.cpp:312:24:312:28 | list3 | atl.cpp:312:23:312:28 | & ... | |
| atl.cpp:313:10:313:14 | ref arg list4 | atl.cpp:346:3:346:3 | list4 | |
| atl.cpp:316:27:316:28 | 10 | atl.cpp:316:27:316:29 | call to CAtlList | TAINT |
| atl.cpp:316:27:316:29 | call to CAtlList | atl.cpp:317:18:317:22 | list5 | |
| atl.cpp:316:27:316:29 | call to CAtlList | atl.cpp:317:32:317:36 | list5 | |
| atl.cpp:316:27:316:29 | call to CAtlList | atl.cpp:318:12:318:16 | list5 | |
| atl.cpp:316:27:316:29 | call to CAtlList | atl.cpp:319:5:319:5 | list5 | |
| atl.cpp:317:18:317:22 | ref arg list5 | atl.cpp:318:12:318:16 | list5 | |
| atl.cpp:317:18:317:22 | ref arg list5 | atl.cpp:319:5:319:5 | list5 | |
| atl.cpp:317:24:317:27 | call to Find | atl.cpp:318:24:318:26 | pos | |
| atl.cpp:317:32:317:36 | ref arg list5 | atl.cpp:317:18:317:22 | list5 | |
| atl.cpp:317:32:317:36 | ref arg list5 | atl.cpp:318:12:318:16 | list5 | |
| atl.cpp:317:32:317:36 | ref arg list5 | atl.cpp:319:5:319:5 | list5 | |
| atl.cpp:318:12:318:16 | ref arg list5 | atl.cpp:319:5:319:5 | list5 | |
| atl.cpp:322:27:322:28 | 10 | atl.cpp:322:27:322:29 | call to CAtlList | TAINT |
| atl.cpp:322:27:322:29 | call to CAtlList | atl.cpp:323:7:323:11 | list6 | |
| atl.cpp:322:27:322:29 | call to CAtlList | atl.cpp:324:18:324:22 | list6 | |
| atl.cpp:322:27:322:29 | call to CAtlList | atl.cpp:325:12:325:16 | list6 | |
| atl.cpp:322:27:322:29 | call to CAtlList | atl.cpp:326:5:326:5 | list6 | |
| atl.cpp:323:7:323:11 | ref arg list6 | atl.cpp:324:18:324:22 | list6 | |
| atl.cpp:323:7:323:11 | ref arg list6 | atl.cpp:325:12:325:16 | list6 | |
| atl.cpp:323:7:323:11 | ref arg list6 | atl.cpp:326:5:326:5 | list6 | |
| atl.cpp:324:18:324:22 | ref arg list6 | atl.cpp:325:12:325:16 | list6 | |
| atl.cpp:324:18:324:22 | ref arg list6 | atl.cpp:326:5:326:5 | list6 | |
| atl.cpp:324:24:324:32 | call to FindIndex | atl.cpp:325:24:325:26 | pos | |
| atl.cpp:325:12:325:16 | ref arg list6 | atl.cpp:326:5:326:5 | list6 | |
| atl.cpp:329:27:329:28 | 10 | atl.cpp:329:27:329:29 | call to CAtlList | TAINT |
| atl.cpp:329:27:329:29 | call to CAtlList | atl.cpp:330:18:330:22 | list7 | |
| atl.cpp:329:27:329:29 | call to CAtlList | atl.cpp:331:7:331:11 | list7 | |
| atl.cpp:329:27:329:29 | call to CAtlList | atl.cpp:332:12:332:16 | list7 | |
| atl.cpp:329:27:329:29 | call to CAtlList | atl.cpp:333:5:333:5 | list7 | |
| atl.cpp:330:18:330:22 | ref arg list7 | atl.cpp:331:7:331:11 | list7 | |
| atl.cpp:330:18:330:22 | ref arg list7 | atl.cpp:332:12:332:16 | list7 | |
| atl.cpp:330:18:330:22 | ref arg list7 | atl.cpp:333:5:333:5 | list7 | |
| atl.cpp:330:24:330:38 | call to GetTailPosition | atl.cpp:331:25:331:27 | pos | |
| atl.cpp:331:7:331:11 | ref arg list7 | atl.cpp:332:12:332:16 | list7 | |
| atl.cpp:331:7:331:11 | ref arg list7 | atl.cpp:333:5:333:5 | list7 | |
| atl.cpp:332:12:332:16 | ref arg list7 | atl.cpp:333:5:333:5 | list7 | |
| atl.cpp:336:27:336:28 | 10 | atl.cpp:336:27:336:29 | call to CAtlList | TAINT |
| atl.cpp:336:27:336:29 | call to CAtlList | atl.cpp:337:18:337:22 | list8 | |
| atl.cpp:336:27:336:29 | call to CAtlList | atl.cpp:338:7:338:11 | list8 | |
| atl.cpp:336:27:336:29 | call to CAtlList | atl.cpp:339:12:339:16 | list8 | |
| atl.cpp:336:27:336:29 | call to CAtlList | atl.cpp:340:5:340:5 | list8 | |
| atl.cpp:337:18:337:22 | ref arg list8 | atl.cpp:338:7:338:11 | list8 | |
| atl.cpp:337:18:337:22 | ref arg list8 | atl.cpp:339:12:339:16 | list8 | |
| atl.cpp:337:18:337:22 | ref arg list8 | atl.cpp:340:5:340:5 | list8 | |
| atl.cpp:337:24:337:38 | call to GetTailPosition | atl.cpp:338:26:338:28 | pos | |
| atl.cpp:338:7:338:11 | ref arg list8 | atl.cpp:339:12:339:16 | list8 | |
| atl.cpp:338:7:338:11 | ref arg list8 | atl.cpp:340:5:340:5 | list8 | |
| atl.cpp:339:12:339:16 | ref arg list8 | atl.cpp:340:5:340:5 | list8 | |
| atl.cpp:342:27:342:28 | 10 | atl.cpp:342:27:342:29 | call to CAtlList | TAINT |
| atl.cpp:342:27:342:29 | call to CAtlList | atl.cpp:343:7:343:11 | list9 | |
| atl.cpp:342:27:342:29 | call to CAtlList | atl.cpp:343:19:343:23 | list9 | |
| atl.cpp:342:27:342:29 | call to CAtlList | atl.cpp:344:12:344:16 | list9 | |
| atl.cpp:342:27:342:29 | call to CAtlList | atl.cpp:345:5:345:5 | list9 | |
| atl.cpp:343:7:343:11 | ref arg list9 | atl.cpp:344:12:344:16 | list9 | |
| atl.cpp:343:7:343:11 | ref arg list9 | atl.cpp:345:5:345:5 | list9 | |
| atl.cpp:343:19:343:23 | ref arg list9 | atl.cpp:343:7:343:11 | list9 | |
| atl.cpp:343:19:343:23 | ref arg list9 | atl.cpp:344:12:344:16 | list9 | |
| atl.cpp:343:19:343:23 | ref arg list9 | atl.cpp:345:5:345:5 | list9 | |
| atl.cpp:344:12:344:16 | ref arg list9 | atl.cpp:345:5:345:5 | list9 | |
| atl.cpp:348:12:348:31 | call to indirect_source | atl.cpp:352:18:352:18 | p | |
| atl.cpp:348:12:348:31 | call to indirect_source | atl.cpp:360:19:360:19 | p | |
| atl.cpp:348:12:348:31 | call to indirect_source | atl.cpp:369:29:369:29 | p | |
| atl.cpp:348:12:348:31 | call to indirect_source | atl.cpp:375:21:375:21 | p | |
| atl.cpp:348:12:348:31 | call to indirect_source | atl.cpp:383:30:383:30 | p | |
| atl.cpp:348:12:348:31 | call to indirect_source | atl.cpp:390:31:390:31 | p | |
| atl.cpp:348:12:348:31 | call to indirect_source | atl.cpp:395:44:395:44 | p | |
| atl.cpp:350:25:350:26 | 10 | atl.cpp:350:25:350:27 | call to CAtlList | TAINT |
| atl.cpp:350:25:350:27 | call to CAtlList | atl.cpp:351:10:351:13 | list | |
| atl.cpp:350:25:350:27 | call to CAtlList | atl.cpp:352:5:352:8 | list | |
| atl.cpp:350:25:350:27 | call to CAtlList | atl.cpp:353:10:353:13 | list | |
| atl.cpp:350:25:350:27 | call to CAtlList | atl.cpp:356:24:356:27 | list | |
| atl.cpp:350:25:350:27 | call to CAtlList | atl.cpp:398:3:398:3 | list | |
| atl.cpp:351:10:351:13 | ref arg list | atl.cpp:352:5:352:8 | list | |
| atl.cpp:351:10:351:13 | ref arg list | atl.cpp:353:10:353:13 | list | |
| atl.cpp:351:10:351:13 | ref arg list | atl.cpp:356:24:356:27 | list | |
| atl.cpp:351:10:351:13 | ref arg list | atl.cpp:398:3:398:3 | list | |
| atl.cpp:352:5:352:8 | ref arg list | atl.cpp:353:10:353:13 | list | |
| atl.cpp:352:5:352:8 | ref arg list | atl.cpp:356:24:356:27 | list | |
| atl.cpp:352:5:352:8 | ref arg list | atl.cpp:398:3:398:3 | list | |
| atl.cpp:353:10:353:13 | ref arg list | atl.cpp:356:24:356:27 | list | |
| atl.cpp:353:10:353:13 | ref arg list | atl.cpp:398:3:398:3 | list | |
| atl.cpp:355:26:355:27 | 10 | atl.cpp:355:26:355:28 | call to CAtlList | TAINT |
| atl.cpp:355:26:355:28 | call to CAtlList | atl.cpp:356:5:356:9 | list2 | |
| atl.cpp:355:26:355:28 | call to CAtlList | atl.cpp:357:10:357:14 | list2 | |
| atl.cpp:355:26:355:28 | call to CAtlList | atl.cpp:398:3:398:3 | list2 | |
| atl.cpp:356:5:356:9 | ref arg list2 | atl.cpp:357:10:357:14 | list2 | |
| atl.cpp:356:5:356:9 | ref arg list2 | atl.cpp:398:3:398:3 | list2 | |
| atl.cpp:356:24:356:27 | list | atl.cpp:356:23:356:27 | & ... | |
| atl.cpp:357:10:357:14 | ref arg list2 | atl.cpp:398:3:398:3 | list2 | |
| atl.cpp:359:26:359:27 | 10 | atl.cpp:359:26:359:28 | call to CAtlList | TAINT |
| atl.cpp:359:26:359:28 | call to CAtlList | atl.cpp:360:5:360:9 | list3 | |
| atl.cpp:359:26:359:28 | call to CAtlList | atl.cpp:361:10:361:14 | list3 | |
| atl.cpp:359:26:359:28 | call to CAtlList | atl.cpp:364:24:364:28 | list3 | |
| atl.cpp:359:26:359:28 | call to CAtlList | atl.cpp:398:3:398:3 | list3 | |
| atl.cpp:360:5:360:9 | ref arg list3 | atl.cpp:361:10:361:14 | list3 | |
| atl.cpp:360:5:360:9 | ref arg list3 | atl.cpp:364:24:364:28 | list3 | |
| atl.cpp:360:5:360:9 | ref arg list3 | atl.cpp:398:3:398:3 | list3 | |
| atl.cpp:361:10:361:14 | ref arg list3 | atl.cpp:364:24:364:28 | list3 | |
| atl.cpp:361:10:361:14 | ref arg list3 | atl.cpp:398:3:398:3 | list3 | |
| atl.cpp:363:26:363:27 | 10 | atl.cpp:363:26:363:28 | call to CAtlList | TAINT |
| atl.cpp:363:26:363:28 | call to CAtlList | atl.cpp:364:5:364:9 | list4 | |
| atl.cpp:363:26:363:28 | call to CAtlList | atl.cpp:365:10:365:14 | list4 | |
| atl.cpp:363:26:363:28 | call to CAtlList | atl.cpp:398:3:398:3 | list4 | |
| atl.cpp:364:5:364:9 | ref arg list4 | atl.cpp:365:10:365:14 | list4 | |
| atl.cpp:364:5:364:9 | ref arg list4 | atl.cpp:398:3:398:3 | list4 | |
| atl.cpp:364:24:364:28 | list3 | atl.cpp:364:23:364:28 | & ... | |
| atl.cpp:365:10:365:14 | ref arg list4 | atl.cpp:398:3:398:3 | list4 | |
| atl.cpp:368:28:368:29 | 10 | atl.cpp:368:28:368:30 | call to CAtlList | TAINT |
| atl.cpp:368:28:368:30 | call to CAtlList | atl.cpp:369:18:369:22 | list5 | |
| atl.cpp:368:28:368:30 | call to CAtlList | atl.cpp:369:32:369:36 | list5 | |
| atl.cpp:368:28:368:30 | call to CAtlList | atl.cpp:370:12:370:16 | list5 | |
| atl.cpp:368:28:368:30 | call to CAtlList | atl.cpp:371:5:371:5 | list5 | |
| atl.cpp:369:18:369:22 | ref arg list5 | atl.cpp:370:12:370:16 | list5 | |
| atl.cpp:369:18:369:22 | ref arg list5 | atl.cpp:371:5:371:5 | list5 | |
| atl.cpp:369:24:369:27 | call to Find | atl.cpp:370:24:370:26 | pos | |
| atl.cpp:369:32:369:36 | ref arg list5 | atl.cpp:369:18:369:22 | list5 | |
| atl.cpp:369:32:369:36 | ref arg list5 | atl.cpp:370:12:370:16 | list5 | |
| atl.cpp:369:32:369:36 | ref arg list5 | atl.cpp:371:5:371:5 | list5 | |
| atl.cpp:370:12:370:16 | ref arg list5 | atl.cpp:371:5:371:5 | list5 | |
| atl.cpp:374:28:374:29 | 10 | atl.cpp:374:28:374:30 | call to CAtlList | TAINT |
| atl.cpp:374:28:374:30 | call to CAtlList | atl.cpp:375:7:375:11 | list6 | |
| atl.cpp:374:28:374:30 | call to CAtlList | atl.cpp:376:18:376:22 | list6 | |
| atl.cpp:374:28:374:30 | call to CAtlList | atl.cpp:377:12:377:16 | list6 | |
| atl.cpp:374:28:374:30 | call to CAtlList | atl.cpp:378:5:378:5 | list6 | |
| atl.cpp:375:7:375:11 | ref arg list6 | atl.cpp:376:18:376:22 | list6 | |
| atl.cpp:375:7:375:11 | ref arg list6 | atl.cpp:377:12:377:16 | list6 | |
| atl.cpp:375:7:375:11 | ref arg list6 | atl.cpp:378:5:378:5 | list6 | |
| atl.cpp:376:18:376:22 | ref arg list6 | atl.cpp:377:12:377:16 | list6 | |
| atl.cpp:376:18:376:22 | ref arg list6 | atl.cpp:378:5:378:5 | list6 | |
| atl.cpp:376:24:376:32 | call to FindIndex | atl.cpp:377:24:377:26 | pos | |
| atl.cpp:377:12:377:16 | ref arg list6 | atl.cpp:378:5:378:5 | list6 | |
| atl.cpp:381:28:381:29 | 10 | atl.cpp:381:28:381:30 | call to CAtlList | TAINT |
| atl.cpp:381:28:381:30 | call to CAtlList | atl.cpp:382:18:382:22 | list7 | |
| atl.cpp:381:28:381:30 | call to CAtlList | atl.cpp:383:7:383:11 | list7 | |
| atl.cpp:381:28:381:30 | call to CAtlList | atl.cpp:384:12:384:16 | list7 | |
| atl.cpp:381:28:381:30 | call to CAtlList | atl.cpp:385:5:385:5 | list7 | |
| atl.cpp:382:18:382:22 | ref arg list7 | atl.cpp:383:7:383:11 | list7 | |
| atl.cpp:382:18:382:22 | ref arg list7 | atl.cpp:384:12:384:16 | list7 | |
| atl.cpp:382:18:382:22 | ref arg list7 | atl.cpp:385:5:385:5 | list7 | |
| atl.cpp:382:24:382:38 | call to GetTailPosition | atl.cpp:383:25:383:27 | pos | |
| atl.cpp:383:7:383:11 | ref arg list7 | atl.cpp:384:12:384:16 | list7 | |
| atl.cpp:383:7:383:11 | ref arg list7 | atl.cpp:385:5:385:5 | list7 | |
| atl.cpp:384:12:384:16 | ref arg list7 | atl.cpp:385:5:385:5 | list7 | |
| atl.cpp:388:28:388:29 | 10 | atl.cpp:388:28:388:30 | call to CAtlList | TAINT |
| atl.cpp:388:28:388:30 | call to CAtlList | atl.cpp:389:18:389:22 | list8 | |
| atl.cpp:388:28:388:30 | call to CAtlList | atl.cpp:390:7:390:11 | list8 | |
| atl.cpp:388:28:388:30 | call to CAtlList | atl.cpp:391:12:391:16 | list8 | |
| atl.cpp:388:28:388:30 | call to CAtlList | atl.cpp:392:5:392:5 | list8 | |
| atl.cpp:389:18:389:22 | ref arg list8 | atl.cpp:390:7:390:11 | list8 | |
| atl.cpp:389:18:389:22 | ref arg list8 | atl.cpp:391:12:391:16 | list8 | |
| atl.cpp:389:18:389:22 | ref arg list8 | atl.cpp:392:5:392:5 | list8 | |
| atl.cpp:389:24:389:38 | call to GetTailPosition | atl.cpp:390:26:390:28 | pos | |
| atl.cpp:390:7:390:11 | ref arg list8 | atl.cpp:391:12:391:16 | list8 | |
| atl.cpp:390:7:390:11 | ref arg list8 | atl.cpp:392:5:392:5 | list8 | |
| atl.cpp:391:12:391:16 | ref arg list8 | atl.cpp:392:5:392:5 | list8 | |
| atl.cpp:394:28:394:29 | 10 | atl.cpp:394:28:394:30 | call to CAtlList | TAINT |
| atl.cpp:394:28:394:30 | call to CAtlList | atl.cpp:395:7:395:11 | list9 | |
| atl.cpp:394:28:394:30 | call to CAtlList | atl.cpp:395:19:395:23 | list9 | |
| atl.cpp:394:28:394:30 | call to CAtlList | atl.cpp:396:12:396:16 | list9 | |
| atl.cpp:394:28:394:30 | call to CAtlList | atl.cpp:397:5:397:5 | list9 | |
| atl.cpp:395:7:395:11 | ref arg list9 | atl.cpp:396:12:396:16 | list9 | |
| atl.cpp:395:7:395:11 | ref arg list9 | atl.cpp:397:5:397:5 | list9 | |
| atl.cpp:395:19:395:23 | ref arg list9 | atl.cpp:395:7:395:11 | list9 | |
| atl.cpp:395:19:395:23 | ref arg list9 | atl.cpp:396:12:396:16 | list9 | |
| atl.cpp:395:19:395:23 | ref arg list9 | atl.cpp:397:5:397:5 | list9 | |
| atl.cpp:396:12:396:16 | ref arg list9 | atl.cpp:397:5:397:5 | list9 | |
| atl.cpp:454:21:454:33 | new | atl.cpp:455:3:455:6 | safe | |
| atl.cpp:454:21:454:33 | new | atl.cpp:456:10:456:13 | safe | |
| atl.cpp:455:3:455:6 | safe [post update] | atl.cpp:456:10:456:13 | safe | |
| atl.cpp:455:3:455:40 | ... = ... | atl.cpp:455:9:455:14 | pvData [post update] | |
| atl.cpp:455:18:455:38 | call to indirect_source | atl.cpp:455:3:455:40 | ... = ... | |
| atl.cpp:460:13:460:33 | call to indirect_source | atl.cpp:462:16:462:16 | x | |
| atl.cpp:460:13:460:33 | call to indirect_source | atl.cpp:469:20:469:20 | x | |
| atl.cpp:460:13:460:33 | call to indirect_source | atl.cpp:473:16:473:16 | x | |
| atl.cpp:460:13:460:33 | call to indirect_source | atl.cpp:481:11:481:11 | x | |
| atl.cpp:460:13:460:33 | call to indirect_source | atl.cpp:495:20:495:20 | x | |
| atl.cpp:462:16:462:16 | x | atl.cpp:462:16:462:17 | call to CComBSTR | TAINT |
| atl.cpp:462:16:462:17 | call to CComBSTR | atl.cpp:463:10:463:10 | b | |
| atl.cpp:462:16:462:17 | call to CComBSTR | atl.cpp:465:17:465:17 | b | |
| atl.cpp:462:16:462:17 | call to CComBSTR | atl.cpp:467:3:467:3 | b | |
| atl.cpp:463:10:463:10 | b [post update] | atl.cpp:465:17:465:17 | b | |
| atl.cpp:463:10:463:10 | b [post update] | atl.cpp:467:3:467:3 | b | |
| atl.cpp:463:12:463:16 | ref arg m_str | atl.cpp:466:13:466:17 | m_str | |
| atl.cpp:465:17:465:17 | b | atl.cpp:465:17:465:18 | call to CComBSTR | |
| atl.cpp:465:17:465:18 | call to CComBSTR | atl.cpp:466:10:466:11 | b2 | |
| atl.cpp:465:17:465:18 | call to CComBSTR | atl.cpp:467:3:467:3 | b2 | |
| atl.cpp:466:10:466:11 | b2 [post update] | atl.cpp:467:3:467:3 | b2 | |
| atl.cpp:469:16:469:21 | call to CComBSTR | atl.cpp:470:10:470:10 | b | |
| atl.cpp:469:16:469:21 | call to CComBSTR | atl.cpp:471:3:471:3 | b | |
| atl.cpp:470:10:470:10 | b [post update] | atl.cpp:471:3:471:3 | b | |
| atl.cpp:473:16:473:16 | x | atl.cpp:473:16:473:17 | call to CComBSTR | TAINT |
| atl.cpp:473:16:473:17 | call to CComBSTR | atl.cpp:477:11:477:11 | b | |
| atl.cpp:473:16:473:17 | call to CComBSTR | atl.cpp:513:3:513:3 | b | |
| atl.cpp:475:14:475:15 | call to CComBSTR | atl.cpp:476:10:476:11 | b2 | |
| atl.cpp:475:14:475:15 | call to CComBSTR | atl.cpp:477:5:477:6 | b2 | |
| atl.cpp:475:14:475:15 | call to CComBSTR | atl.cpp:478:10:478:11 | b2 | |
| atl.cpp:475:14:475:15 | call to CComBSTR | atl.cpp:513:3:513:3 | b2 | |
| atl.cpp:476:10:476:11 | b2 [post update] | atl.cpp:477:5:477:6 | b2 | |
| atl.cpp:476:10:476:11 | b2 [post update] | atl.cpp:478:10:478:11 | b2 | |
| atl.cpp:476:10:476:11 | b2 [post update] | atl.cpp:513:3:513:3 | b2 | |
| atl.cpp:476:13:476:17 | ref arg m_str | atl.cpp:478:13:478:17 | m_str | |
| atl.cpp:477:5:477:6 | ref arg b2 | atl.cpp:478:10:478:11 | b2 | |
| atl.cpp:477:5:477:6 | ref arg b2 | atl.cpp:513:3:513:3 | b2 | |
| atl.cpp:478:10:478:11 | b2 [post update] | atl.cpp:513:3:513:3 | b2 | |
| atl.cpp:480:14:480:15 | call to CComBSTR | atl.cpp:481:5:481:6 | b3 | |
| atl.cpp:480:14:480:15 | call to CComBSTR | atl.cpp:482:10:482:11 | b3 | |
| atl.cpp:480:14:480:15 | call to CComBSTR | atl.cpp:483:28:483:29 | b3 | |
| atl.cpp:480:14:480:15 | call to CComBSTR | atl.cpp:484:13:484:14 | b3 | |
| atl.cpp:480:14:480:15 | call to CComBSTR | atl.cpp:513:3:513:3 | b3 | |
| atl.cpp:481:5:481:6 | ref arg b3 | atl.cpp:482:10:482:11 | b3 | |
| atl.cpp:481:5:481:6 | ref arg b3 | atl.cpp:483:28:483:29 | b3 | |
| atl.cpp:481:5:481:6 | ref arg b3 | atl.cpp:484:13:484:14 | b3 | |
| atl.cpp:481:5:481:6 | ref arg b3 | atl.cpp:513:3:513:3 | b3 | |
| atl.cpp:481:11:481:11 | x | atl.cpp:481:11:481:11 | call to CComBSTR | TAINT |
| atl.cpp:482:10:482:11 | b3 [post update] | atl.cpp:483:28:483:29 | b3 | |
| atl.cpp:482:10:482:11 | b3 [post update] | atl.cpp:484:13:484:14 | b3 | |
| atl.cpp:482:10:482:11 | b3 [post update] | atl.cpp:513:3:513:3 | b3 | |
| atl.cpp:483:28:483:29 | ref arg b3 | atl.cpp:484:13:484:14 | b3 | |
| atl.cpp:483:28:483:29 | ref arg b3 | atl.cpp:513:3:513:3 | b3 | |
| atl.cpp:484:11:484:14 | * ... | atl.cpp:484:10:484:14 | * ... | TAINT |
| atl.cpp:484:12:484:12 | call to operator& | atl.cpp:484:11:484:14 | * ... | TAINT |
| atl.cpp:484:13:484:14 | ref arg b3 | atl.cpp:513:3:513:3 | b3 | |
| atl.cpp:486:14:486:15 | call to CComBSTR | atl.cpp:487:5:487:6 | b4 | |
| atl.cpp:486:14:486:15 | call to CComBSTR | atl.cpp:488:10:488:11 | b4 | |
| atl.cpp:486:14:486:15 | call to CComBSTR | atl.cpp:491:19:491:20 | b4 | |
| atl.cpp:486:14:486:15 | call to CComBSTR | atl.cpp:513:3:513:3 | b4 | |
| atl.cpp:487:5:487:6 | ref arg b4 | atl.cpp:488:10:488:11 | b4 | |
| atl.cpp:487:5:487:6 | ref arg b4 | atl.cpp:491:19:491:20 | b4 | |
| atl.cpp:487:5:487:6 | ref arg b4 | atl.cpp:513:3:513:3 | b4 | |
| atl.cpp:488:10:488:11 | b4 [post update] | atl.cpp:491:19:491:20 | b4 | |
| atl.cpp:488:10:488:11 | b4 [post update] | atl.cpp:513:3:513:3 | b4 | |
| atl.cpp:488:13:488:17 | ref arg m_str | atl.cpp:491:22:491:26 | m_str | |
| atl.cpp:490:14:490:15 | call to CComBSTR | atl.cpp:491:5:491:6 | b5 | |
| atl.cpp:490:14:490:15 | call to CComBSTR | atl.cpp:492:10:492:11 | b5 | |
| atl.cpp:490:14:490:15 | call to CComBSTR | atl.cpp:513:3:513:3 | b5 | |
| atl.cpp:491:5:491:6 | ref arg b5 | atl.cpp:492:10:492:11 | b5 | |
| atl.cpp:491:5:491:6 | ref arg b5 | atl.cpp:513:3:513:3 | b5 | |
| atl.cpp:491:19:491:20 | b4 [post update] | atl.cpp:513:3:513:3 | b4 | |
| atl.cpp:492:10:492:11 | b5 [post update] | atl.cpp:513:3:513:3 | b5 | |
| atl.cpp:494:14:494:15 | call to CComBSTR | atl.cpp:495:5:495:6 | b6 | |
| atl.cpp:494:14:494:15 | call to CComBSTR | atl.cpp:496:10:496:11 | b6 | |
| atl.cpp:494:14:494:15 | call to CComBSTR | atl.cpp:513:3:513:3 | b6 | |
| atl.cpp:495:5:495:6 | ref arg b6 | atl.cpp:496:10:496:11 | b6 | |
| atl.cpp:495:5:495:6 | ref arg b6 | atl.cpp:513:3:513:3 | b6 | |
| atl.cpp:496:10:496:11 | b6 [post update] | atl.cpp:513:3:513:3 | b6 | |
| atl.cpp:498:14:498:15 | call to CComBSTR | atl.cpp:499:5:499:6 | b7 | |
| atl.cpp:498:14:498:15 | call to CComBSTR | atl.cpp:500:10:500:11 | b7 | |
| atl.cpp:498:14:498:15 | call to CComBSTR | atl.cpp:503:19:503:20 | b7 | |
| atl.cpp:498:14:498:15 | call to CComBSTR | atl.cpp:513:3:513:3 | b7 | |
| atl.cpp:499:5:499:6 | ref arg b7 | atl.cpp:500:10:500:11 | b7 | |
| atl.cpp:499:5:499:6 | ref arg b7 | atl.cpp:503:19:503:20 | b7 | |
| atl.cpp:499:5:499:6 | ref arg b7 | atl.cpp:513:3:513:3 | b7 | |
| atl.cpp:500:10:500:11 | b7 [post update] | atl.cpp:503:19:503:20 | b7 | |
| atl.cpp:500:10:500:11 | b7 [post update] | atl.cpp:513:3:513:3 | b7 | |
| atl.cpp:500:13:500:17 | ref arg m_str | atl.cpp:503:22:503:26 | m_str | |
| atl.cpp:502:14:502:15 | call to CComBSTR | atl.cpp:503:5:503:6 | b8 | |
| atl.cpp:502:14:502:15 | call to CComBSTR | atl.cpp:504:10:504:11 | b8 | |
| atl.cpp:502:14:502:15 | call to CComBSTR | atl.cpp:513:3:513:3 | b8 | |
| atl.cpp:503:5:503:6 | ref arg b8 | atl.cpp:504:10:504:11 | b8 | |
| atl.cpp:503:5:503:6 | ref arg b8 | atl.cpp:513:3:513:3 | b8 | |
| atl.cpp:503:19:503:20 | b7 [post update] | atl.cpp:513:3:513:3 | b7 | |
| atl.cpp:504:10:504:11 | b8 [post update] | atl.cpp:513:3:513:3 | b8 | |
| atl.cpp:506:14:506:15 | call to CComBSTR | atl.cpp:508:5:508:6 | b9 | |
| atl.cpp:506:14:506:15 | call to CComBSTR | atl.cpp:509:5:509:6 | b9 | |
| atl.cpp:506:14:506:15 | call to CComBSTR | atl.cpp:512:10:512:11 | b9 | |
| atl.cpp:506:14:506:15 | call to CComBSTR | atl.cpp:513:3:513:3 | b9 | |
| atl.cpp:507:17:507:20 | safe | atl.cpp:509:21:509:24 | safe | |
| atl.cpp:507:17:507:20 | safe | atl.cpp:510:10:510:13 | safe | |
| atl.cpp:508:5:508:6 | ref arg b9 | atl.cpp:509:5:509:6 | b9 | |
| atl.cpp:508:5:508:6 | ref arg b9 | atl.cpp:512:10:512:11 | b9 | |
| atl.cpp:508:5:508:6 | ref arg b9 | atl.cpp:513:3:513:3 | b9 | |
| atl.cpp:509:5:509:6 | ref arg b9 | atl.cpp:512:10:512:11 | b9 | |
| atl.cpp:509:5:509:6 | ref arg b9 | atl.cpp:513:3:513:3 | b9 | |
| atl.cpp:509:20:509:24 | ref arg & ... | atl.cpp:509:21:509:24 | safe [inner post update] | |
| atl.cpp:509:20:509:24 | ref arg & ... | atl.cpp:510:10:510:13 | safe | |
| atl.cpp:509:21:509:24 | safe | atl.cpp:509:20:509:24 | & ... | |
| atl.cpp:512:10:512:11 | ref arg b9 | atl.cpp:513:3:513:3 | b9 | |
| atl.cpp:515:16:515:39 | call to indirect_source | atl.cpp:517:16:517:16 | w | |
| atl.cpp:515:16:515:39 | call to indirect_source | atl.cpp:521:15:521:15 | w | |
| atl.cpp:515:16:515:39 | call to indirect_source | atl.cpp:525:20:525:20 | w | |
| atl.cpp:517:16:517:16 | ref arg w | atl.cpp:521:15:521:15 | w | |
| atl.cpp:517:16:517:16 | ref arg w | atl.cpp:525:20:525:20 | w | |
| atl.cpp:517:16:517:16 | w | atl.cpp:517:16:517:17 | call to CComBSTR | TAINT |
| atl.cpp:517:16:517:17 | call to CComBSTR | atl.cpp:518:10:518:10 | b | |
| atl.cpp:517:16:517:17 | call to CComBSTR | atl.cpp:523:3:523:3 | b | |
| atl.cpp:518:10:518:10 | b [post update] | atl.cpp:523:3:523:3 | b | |
| atl.cpp:520:14:520:15 | call to CComBSTR | atl.cpp:521:5:521:6 | b2 | |
| atl.cpp:520:14:520:15 | call to CComBSTR | atl.cpp:522:10:522:11 | b2 | |
| atl.cpp:520:14:520:15 | call to CComBSTR | atl.cpp:523:3:523:3 | b2 | |
| atl.cpp:521:5:521:6 | ref arg b2 | atl.cpp:522:10:522:11 | b2 | |
| atl.cpp:521:5:521:6 | ref arg b2 | atl.cpp:523:3:523:3 | b2 | |
| atl.cpp:521:15:521:15 | ref arg w | atl.cpp:525:20:525:20 | w | |
| atl.cpp:522:10:522:11 | b2 [post update] | atl.cpp:523:3:523:3 | b2 | |
| atl.cpp:525:16:525:21 | call to CComBSTR | atl.cpp:526:10:526:10 | b | |
| atl.cpp:525:16:525:21 | call to CComBSTR | atl.cpp:527:3:527:3 | b | |
| atl.cpp:526:10:526:10 | b [post update] | atl.cpp:527:3:527:3 | b | |
| atl.cpp:572:22:572:33 | call to getSafeArray | atl.cpp:573:8:573:11 | safe | |
| atl.cpp:572:22:572:33 | call to getSafeArray | atl.cpp:575:24:575:27 | safe | |
| atl.cpp:572:22:572:33 | call to getSafeArray | atl.cpp:586:11:586:14 | safe | |
| atl.cpp:573:8:573:11 | safe [post update] | atl.cpp:575:24:575:27 | safe | |
| atl.cpp:573:8:573:11 | safe [post update] | atl.cpp:586:11:586:14 | safe | |
| atl.cpp:575:24:575:27 | safe | atl.cpp:575:24:575:28 | call to CComSafeArray | TAINT |
| atl.cpp:575:24:575:28 | call to CComSafeArray | atl.cpp:576:8:576:8 | c | |
| atl.cpp:575:24:575:28 | call to CComSafeArray | atl.cpp:577:8:577:8 | c | |
| atl.cpp:575:24:575:28 | call to CComSafeArray | atl.cpp:578:8:578:8 | c | |
| atl.cpp:575:24:575:28 | call to CComSafeArray | atl.cpp:579:8:579:8 | c | |
| atl.cpp:575:24:575:28 | call to CComSafeArray | atl.cpp:580:3:580:3 | c | |
| atl.cpp:576:8:576:8 | ref arg c | atl.cpp:577:8:577:8 | c | |
| atl.cpp:576:8:576:8 | ref arg c | atl.cpp:578:8:578:8 | c | |
| atl.cpp:576:8:576:8 | ref arg c | atl.cpp:579:8:579:8 | c | |
| atl.cpp:576:8:576:8 | ref arg c | atl.cpp:580:3:580:3 | c | |
| atl.cpp:577:8:577:8 | ref arg c | atl.cpp:578:8:578:8 | c | |
| atl.cpp:577:8:577:8 | ref arg c | atl.cpp:579:8:579:8 | c | |
| atl.cpp:577:8:577:8 | ref arg c | atl.cpp:580:3:580:3 | c | |
| atl.cpp:578:8:578:8 | ref arg c | atl.cpp:579:8:579:8 | c | |
| atl.cpp:578:8:578:8 | ref arg c | atl.cpp:580:3:580:3 | c | |
| atl.cpp:579:8:579:8 | c [post update] | atl.cpp:580:3:580:3 | c | |
| atl.cpp:582:24:582:24 | call to CComSafeArray | atl.cpp:583:10:583:10 | c | |
| atl.cpp:582:24:582:24 | call to CComSafeArray | atl.cpp:584:10:584:10 | c | |
| atl.cpp:582:24:582:24 | call to CComSafeArray | atl.cpp:585:10:585:10 | c | |
| atl.cpp:582:24:582:24 | call to CComSafeArray | atl.cpp:586:5:586:5 | c | |
| atl.cpp:582:24:582:24 | call to CComSafeArray | atl.cpp:587:10:587:10 | c | |
| atl.cpp:582:24:582:24 | call to CComSafeArray | atl.cpp:588:10:588:10 | c | |
| atl.cpp:582:24:582:24 | call to CComSafeArray | atl.cpp:589:10:589:10 | c | |
| atl.cpp:582:24:582:24 | call to CComSafeArray | atl.cpp:590:35:590:35 | c | |
| atl.cpp:582:24:582:24 | call to CComSafeArray | atl.cpp:591:3:591:3 | c | |
| atl.cpp:583:10:583:10 | ref arg c | atl.cpp:584:10:584:10 | c | |
| atl.cpp:583:10:583:10 | ref arg c | atl.cpp:585:10:585:10 | c | |
| atl.cpp:583:10:583:10 | ref arg c | atl.cpp:586:5:586:5 | c | |
| atl.cpp:583:10:583:10 | ref arg c | atl.cpp:587:10:587:10 | c | |
| atl.cpp:583:10:583:10 | ref arg c | atl.cpp:588:10:588:10 | c | |
| atl.cpp:583:10:583:10 | ref arg c | atl.cpp:589:10:589:10 | c | |
| atl.cpp:583:10:583:10 | ref arg c | atl.cpp:590:35:590:35 | c | |
| atl.cpp:583:10:583:10 | ref arg c | atl.cpp:591:3:591:3 | c | |
| atl.cpp:584:10:584:10 | ref arg c | atl.cpp:585:10:585:10 | c | |
| atl.cpp:584:10:584:10 | ref arg c | atl.cpp:586:5:586:5 | c | |
| atl.cpp:584:10:584:10 | ref arg c | atl.cpp:587:10:587:10 | c | |
| atl.cpp:584:10:584:10 | ref arg c | atl.cpp:588:10:588:10 | c | |
| atl.cpp:584:10:584:10 | ref arg c | atl.cpp:589:10:589:10 | c | |
| atl.cpp:584:10:584:10 | ref arg c | atl.cpp:590:35:590:35 | c | |
| atl.cpp:584:10:584:10 | ref arg c | atl.cpp:591:3:591:3 | c | |
| atl.cpp:585:10:585:10 | ref arg c | atl.cpp:586:5:586:5 | c | |
| atl.cpp:585:10:585:10 | ref arg c | atl.cpp:587:10:587:10 | c | |
| atl.cpp:585:10:585:10 | ref arg c | atl.cpp:588:10:588:10 | c | |
| atl.cpp:585:10:585:10 | ref arg c | atl.cpp:589:10:589:10 | c | |
| atl.cpp:585:10:585:10 | ref arg c | atl.cpp:590:35:590:35 | c | |
| atl.cpp:585:10:585:10 | ref arg c | atl.cpp:591:3:591:3 | c | |
| atl.cpp:586:5:586:5 | ref arg c | atl.cpp:587:10:587:10 | c | |
| atl.cpp:586:5:586:5 | ref arg c | atl.cpp:588:10:588:10 | c | |
| atl.cpp:586:5:586:5 | ref arg c | atl.cpp:589:10:589:10 | c | |
| atl.cpp:586:5:586:5 | ref arg c | atl.cpp:590:35:590:35 | c | |
| atl.cpp:586:5:586:5 | ref arg c | atl.cpp:591:3:591:3 | c | |
| atl.cpp:587:10:587:10 | ref arg c | atl.cpp:588:10:588:10 | c | |
| atl.cpp:587:10:587:10 | ref arg c | atl.cpp:589:10:589:10 | c | |
| atl.cpp:587:10:587:10 | ref arg c | atl.cpp:590:35:590:35 | c | |
| atl.cpp:587:10:587:10 | ref arg c | atl.cpp:591:3:591:3 | c | |
| atl.cpp:588:10:588:10 | ref arg c | atl.cpp:589:10:589:10 | c | |
| atl.cpp:588:10:588:10 | ref arg c | atl.cpp:590:35:590:35 | c | |
| atl.cpp:588:10:588:10 | ref arg c | atl.cpp:591:3:591:3 | c | |
| atl.cpp:589:10:589:10 | ref arg c | atl.cpp:590:35:590:35 | c | |
| atl.cpp:589:10:589:10 | ref arg c | atl.cpp:591:3:591:3 | c | |
| atl.cpp:590:35:590:35 | ref arg c | atl.cpp:591:3:591:3 | c | |
| atl.cpp:593:24:593:24 | call to CComSafeArray | atl.cpp:594:5:594:5 | c | |
| atl.cpp:593:24:593:24 | call to CComSafeArray | atl.cpp:595:10:595:10 | c | |
| atl.cpp:593:24:593:24 | call to CComSafeArray | atl.cpp:596:10:596:10 | c | |
| atl.cpp:593:24:593:24 | call to CComSafeArray | atl.cpp:597:10:597:10 | c | |
| atl.cpp:593:24:593:24 | call to CComSafeArray | atl.cpp:598:3:598:3 | c | |
| atl.cpp:594:5:594:5 | ref arg c | atl.cpp:595:10:595:10 | c | |
| atl.cpp:594:5:594:5 | ref arg c | atl.cpp:596:10:596:10 | c | |
| atl.cpp:594:5:594:5 | ref arg c | atl.cpp:597:10:597:10 | c | |
| atl.cpp:594:5:594:5 | ref arg c | atl.cpp:598:3:598:3 | c | |
| atl.cpp:595:10:595:10 | ref arg c | atl.cpp:596:10:596:10 | c | |
| atl.cpp:595:10:595:10 | ref arg c | atl.cpp:597:10:597:10 | c | |
| atl.cpp:595:10:595:10 | ref arg c | atl.cpp:598:3:598:3 | c | |
| atl.cpp:596:10:596:10 | ref arg c | atl.cpp:597:10:597:10 | c | |
| atl.cpp:596:10:596:10 | ref arg c | atl.cpp:598:3:598:3 | c | |
| atl.cpp:597:10:597:10 | ref arg c | atl.cpp:598:3:598:3 | c | |
| atl.cpp:600:24:600:24 | call to CComSafeArray | atl.cpp:601:5:601:5 | c | |
| atl.cpp:600:24:600:24 | call to CComSafeArray | atl.cpp:602:10:602:10 | c | |
| atl.cpp:600:24:600:24 | call to CComSafeArray | atl.cpp:603:10:603:10 | c | |
| atl.cpp:600:24:600:24 | call to CComSafeArray | atl.cpp:604:3:604:3 | c | |
| atl.cpp:601:5:601:5 | ref arg c | atl.cpp:602:10:602:10 | c | |
| atl.cpp:601:5:601:5 | ref arg c | atl.cpp:603:10:603:10 | c | |
| atl.cpp:601:5:601:5 | ref arg c | atl.cpp:604:3:604:3 | c | |
| atl.cpp:602:10:602:10 | ref arg c | atl.cpp:603:10:603:10 | c | |
| atl.cpp:602:10:602:10 | ref arg c | atl.cpp:604:3:604:3 | c | |
| atl.cpp:603:10:603:10 | ref arg c | atl.cpp:604:3:604:3 | c | |
| atl.cpp:665:13:665:33 | call to indirect_source | atl.cpp:666:11:666:11 | x | |
| atl.cpp:665:13:665:33 | call to indirect_source | atl.cpp:675:20:675:20 | x | |
| atl.cpp:665:13:665:33 | call to indirect_source | atl.cpp:680:14:680:14 | x | |
| atl.cpp:665:13:665:33 | call to indirect_source | atl.cpp:688:11:688:11 | x | |
| atl.cpp:665:13:665:33 | call to indirect_source | atl.cpp:694:15:694:15 | x | |
| atl.cpp:665:13:665:33 | call to indirect_source | atl.cpp:699:24:699:24 | x | |
| atl.cpp:665:13:665:33 | call to indirect_source | atl.cpp:705:30:705:30 | x | |
| atl.cpp:666:11:666:11 | ref arg x | atl.cpp:675:20:675:20 | x | |
| atl.cpp:666:11:666:11 | ref arg x | atl.cpp:680:14:680:14 | x | |
| atl.cpp:666:11:666:11 | ref arg x | atl.cpp:688:11:688:11 | x | |
| atl.cpp:666:11:666:11 | ref arg x | atl.cpp:694:15:694:15 | x | |
| atl.cpp:666:11:666:11 | ref arg x | atl.cpp:699:24:699:24 | x | |
| atl.cpp:666:11:666:11 | ref arg x | atl.cpp:705:30:705:30 | x | |
| atl.cpp:666:11:666:11 | x | atl.cpp:666:11:666:12 | call to CPathT | TAINT |
| atl.cpp:666:11:666:12 | call to CPathT | atl.cpp:667:27:667:27 | p | |
| atl.cpp:666:11:666:12 | call to CPathT | atl.cpp:668:8:668:8 | p | |
| atl.cpp:666:11:666:12 | call to CPathT | atl.cpp:670:12:670:12 | p | |
| atl.cpp:667:27:667:27 | ref arg p | atl.cpp:668:8:668:8 | p | |
| atl.cpp:667:27:667:27 | ref arg p | atl.cpp:670:12:670:12 | p | |
| atl.cpp:668:8:668:8 | p [post update] | atl.cpp:670:12:670:12 | p | |
| atl.cpp:668:10:668:18 | ref arg m_strPath | atl.cpp:671:11:671:19 | m_strPath | |
| atl.cpp:670:12:670:12 | p | atl.cpp:670:12:670:13 | call to CPathT | |
| atl.cpp:670:12:670:13 | call to CPathT | atl.cpp:671:8:671:9 | p2 | |
| atl.cpp:674:11:674:11 | call to CPathT | atl.cpp:675:5:675:5 | p | |
| atl.cpp:674:11:674:11 | call to CPathT | atl.cpp:676:10:676:10 | p | |
| atl.cpp:675:5:675:5 | ref arg p | atl.cpp:676:10:676:10 | p | |
| atl.cpp:675:20:675:20 | ref arg x | atl.cpp:680:14:680:14 | x | |
| atl.cpp:675:20:675:20 | ref arg x | atl.cpp:688:11:688:11 | x | |
| atl.cpp:675:20:675:20 | ref arg x | atl.cpp:694:15:694:15 | x | |
| atl.cpp:675:20:675:20 | ref arg x | atl.cpp:699:24:699:24 | x | |
| atl.cpp:675:20:675:20 | ref arg x | atl.cpp:705:30:705:30 | x | |
| atl.cpp:679:11:679:11 | call to CPathT | atl.cpp:680:5:680:5 | p | |
| atl.cpp:679:11:679:11 | call to CPathT | atl.cpp:681:10:681:10 | p | |
| atl.cpp:679:11:679:11 | call to CPathT | atl.cpp:684:11:684:11 | p | |
| atl.cpp:680:5:680:5 | ref arg p | atl.cpp:681:10:681:10 | p | |
| atl.cpp:680:5:680:5 | ref arg p | atl.cpp:684:11:684:11 | p | |
| atl.cpp:680:14:680:14 | ref arg x | atl.cpp:688:11:688:11 | x | |
| atl.cpp:680:14:680:14 | ref arg x | atl.cpp:694:15:694:15 | x | |
| atl.cpp:680:14:680:14 | ref arg x | atl.cpp:699:24:699:24 | x | |
| atl.cpp:680:14:680:14 | ref arg x | atl.cpp:705:30:705:30 | x | |
| atl.cpp:681:10:681:10 | p [post update] | atl.cpp:684:11:684:11 | p | |
| atl.cpp:683:11:683:12 | call to CPathT | atl.cpp:684:5:684:6 | p2 | |
| atl.cpp:683:11:683:12 | call to CPathT | atl.cpp:685:10:685:11 | p2 | |
| atl.cpp:684:5:684:6 | ref arg p2 | atl.cpp:685:10:685:11 | p2 | |
| atl.cpp:684:11:684:11 | call to operator char *& | atl.cpp:684:8:684:8 | call to operator+= | TAINT |
| atl.cpp:687:11:687:12 | call to CPathT | atl.cpp:688:5:688:6 | p3 | |
| atl.cpp:687:11:687:12 | call to CPathT | atl.cpp:689:10:689:11 | p3 | |
| atl.cpp:688:5:688:6 | ref arg p3 | atl.cpp:689:10:689:11 | p3 | |
| atl.cpp:688:11:688:11 | ref arg x | atl.cpp:694:15:694:15 | x | |
| atl.cpp:688:11:688:11 | ref arg x | atl.cpp:699:24:699:24 | x | |
| atl.cpp:688:11:688:11 | ref arg x | atl.cpp:705:30:705:30 | x | |
| atl.cpp:688:11:688:11 | x | atl.cpp:688:8:688:8 | call to operator+= | TAINT |
| atl.cpp:693:11:693:11 | call to CPathT | atl.cpp:694:5:694:5 | p | |
| atl.cpp:693:11:693:11 | call to CPathT | atl.cpp:695:10:695:10 | p | |
| atl.cpp:694:5:694:5 | ref arg p | atl.cpp:695:10:695:10 | p | |
| atl.cpp:694:15:694:15 | ref arg x | atl.cpp:699:24:699:24 | x | |
| atl.cpp:694:15:694:15 | ref arg x | atl.cpp:705:30:705:30 | x | |
| atl.cpp:698:11:698:11 | call to CPathT | atl.cpp:699:5:699:5 | p | |
| atl.cpp:698:11:698:11 | call to CPathT | atl.cpp:700:10:700:10 | p | |
| atl.cpp:699:5:699:5 | ref arg p | atl.cpp:700:10:700:10 | p | |
| atl.cpp:699:24:699:24 | ref arg x | atl.cpp:705:30:705:30 | x | |
| atl.cpp:704:11:704:11 | call to CPathT | atl.cpp:705:15:705:15 | p | |
| atl.cpp:705:17:705:28 | call to CommonPrefix | atl.cpp:706:10:706:11 | p2 | |
| atl.cpp:705:17:705:28 | call to CommonPrefix | atl.cpp:707:10:707:11 | p2 | |
| atl.cpp:706:10:706:11 | p2 [post update] | atl.cpp:707:10:707:11 | p2 | |
| atl.cpp:734:11:734:21 | call to source | atl.cpp:737:11:737:11 | x | |
| atl.cpp:734:11:734:21 | call to source | atl.cpp:749:11:749:11 | x | |
| atl.cpp:734:11:734:21 | call to source | atl.cpp:753:23:753:23 | x | |
| atl.cpp:736:23:736:23 | call to CSimpleArray | atl.cpp:737:5:737:5 | a | |
| atl.cpp:736:23:736:23 | call to CSimpleArray | atl.cpp:738:10:738:10 | a | |
| atl.cpp:736:23:736:23 | call to CSimpleArray | atl.cpp:739:5:739:5 | a | |
| atl.cpp:736:23:736:23 | call to CSimpleArray | atl.cpp:740:10:740:10 | a | |
| atl.cpp:736:23:736:23 | call to CSimpleArray | atl.cpp:744:10:744:10 | a | |
| atl.cpp:736:23:736:23 | call to CSimpleArray | atl.cpp:746:3:746:3 | a | |
| atl.cpp:737:5:737:5 | ref arg a | atl.cpp:738:10:738:10 | a | |
| atl.cpp:737:5:737:5 | ref arg a | atl.cpp:739:5:739:5 | a | |
| atl.cpp:737:5:737:5 | ref arg a | atl.cpp:740:10:740:10 | a | |
| atl.cpp:737:5:737:5 | ref arg a | atl.cpp:744:10:744:10 | a | |
| atl.cpp:737:5:737:5 | ref arg a | atl.cpp:746:3:746:3 | a | |
| atl.cpp:738:10:738:10 | ref arg a | atl.cpp:739:5:739:5 | a | |
| atl.cpp:738:10:738:10 | ref arg a | atl.cpp:740:10:740:10 | a | |
| atl.cpp:738:10:738:10 | ref arg a | atl.cpp:744:10:744:10 | a | |
| atl.cpp:738:10:738:10 | ref arg a | atl.cpp:746:3:746:3 | a | |
| atl.cpp:739:5:739:5 | ref arg a | atl.cpp:740:10:740:10 | a | |
| atl.cpp:739:5:739:5 | ref arg a | atl.cpp:744:10:744:10 | a | |
| atl.cpp:739:5:739:5 | ref arg a | atl.cpp:746:3:746:3 | a | |
| atl.cpp:740:10:740:10 | ref arg a | atl.cpp:744:10:744:10 | a | |
| atl.cpp:740:10:740:10 | ref arg a | atl.cpp:746:3:746:3 | a | |
| atl.cpp:742:23:742:24 | call to CSimpleArray | atl.cpp:743:10:743:11 | a2 | |
| atl.cpp:742:23:742:24 | call to CSimpleArray | atl.cpp:744:5:744:6 | a2 | |
| atl.cpp:742:23:742:24 | call to CSimpleArray | atl.cpp:745:10:745:11 | a2 | |
| atl.cpp:742:23:742:24 | call to CSimpleArray | atl.cpp:746:3:746:3 | a2 | |
| atl.cpp:743:10:743:11 | ref arg a2 | atl.cpp:744:5:744:6 | a2 | |
| atl.cpp:743:10:743:11 | ref arg a2 | atl.cpp:745:10:745:11 | a2 | |
| atl.cpp:743:10:743:11 | ref arg a2 | atl.cpp:746:3:746:3 | a2 | |
| atl.cpp:744:5:744:6 | ref arg a2 | atl.cpp:745:10:745:11 | a2 | |
| atl.cpp:744:5:744:6 | ref arg a2 | atl.cpp:746:3:746:3 | a2 | |
| atl.cpp:744:10:744:10 | a | atl.cpp:744:5:744:6 | ref arg a2 | TAINT |
| atl.cpp:744:10:744:10 | a | atl.cpp:744:8:744:8 | call to operator= | TAINT |
| atl.cpp:745:10:745:11 | ref arg a2 | atl.cpp:746:3:746:3 | a2 | |
| atl.cpp:748:23:748:23 | call to CSimpleArray | atl.cpp:749:5:749:5 | a | |
| atl.cpp:748:23:748:23 | call to CSimpleArray | atl.cpp:750:10:750:10 | a | |
| atl.cpp:748:23:748:23 | call to CSimpleArray | atl.cpp:755:3:755:3 | a | |
| atl.cpp:749:5:749:5 | ref arg a | atl.cpp:750:10:750:10 | a | |
| atl.cpp:749:5:749:5 | ref arg a | atl.cpp:755:3:755:3 | a | |
| atl.cpp:750:10:750:10 | ref arg a | atl.cpp:755:3:755:3 | a | |
| atl.cpp:752:23:752:24 | call to CSimpleArray | atl.cpp:753:15:753:16 | a2 | |
| atl.cpp:752:23:752:24 | call to CSimpleArray | atl.cpp:754:10:754:11 | a2 | |
| atl.cpp:752:23:752:24 | call to CSimpleArray | atl.cpp:755:3:755:3 | a2 | |
| atl.cpp:753:18:753:21 | call to Find | atl.cpp:754:13:754:15 | pos | |
| atl.cpp:754:10:754:11 | ref arg a2 | atl.cpp:755:3:755:3 | a2 | |
| atl.cpp:779:16:779:31 | call to source | atl.cpp:782:20:782:20 | x | |
| atl.cpp:779:16:779:31 | call to source | atl.cpp:792:26:792:26 | x | |
| atl.cpp:779:16:779:31 | call to source | atl.cpp:797:32:797:32 | x | |
| atl.cpp:779:16:779:31 | call to source | atl.cpp:803:22:803:22 | x | |
| atl.cpp:779:16:779:31 | call to source | atl.cpp:808:30:808:30 | x | |
| atl.cpp:781:33:781:33 | call to CSimpleMap | atl.cpp:782:5:782:5 | a | |
| atl.cpp:781:33:781:33 | call to CSimpleMap | atl.cpp:783:10:783:10 | a | |
| atl.cpp:781:33:781:33 | call to CSimpleMap | atl.cpp:784:3:784:3 | a | |
| atl.cpp:782:5:782:5 | ref arg a | atl.cpp:783:10:783:10 | a | |
| atl.cpp:782:5:782:5 | ref arg a | atl.cpp:784:3:784:3 | a | |
| atl.cpp:783:10:783:10 | ref arg a | atl.cpp:784:3:784:3 | a | |
| atl.cpp:786:33:786:33 | call to CSimpleMap | atl.cpp:787:16:787:16 | a | |
| atl.cpp:786:33:786:33 | call to CSimpleMap | atl.cpp:788:10:788:10 | a | |
| atl.cpp:786:33:786:33 | call to CSimpleMap | atl.cpp:789:3:789:3 | a | |
| atl.cpp:787:18:787:24 | call to FindKey | atl.cpp:788:23:788:25 | pos | |
| atl.cpp:788:10:788:10 | ref arg a | atl.cpp:789:3:789:3 | a | |
| atl.cpp:791:33:791:33 | call to CSimpleMap | atl.cpp:792:16:792:16 | a | |
| atl.cpp:791:33:791:33 | call to CSimpleMap | atl.cpp:793:10:793:10 | a | |
| atl.cpp:791:33:791:33 | call to CSimpleMap | atl.cpp:794:3:794:3 | a | |
| atl.cpp:792:18:792:24 | call to FindVal | atl.cpp:793:23:793:25 | pos | |
| atl.cpp:793:10:793:10 | ref arg a | atl.cpp:794:3:794:3 | a | |
| atl.cpp:796:33:796:33 | call to CSimpleMap | atl.cpp:797:16:797:16 | a | |
| atl.cpp:796:33:796:33 | call to CSimpleMap | atl.cpp:799:10:799:10 | a | |
| atl.cpp:796:33:796:33 | call to CSimpleMap | atl.cpp:800:3:800:3 | a | |
| atl.cpp:797:16:797:16 | ref arg a | atl.cpp:799:10:799:10 | a | |
| atl.cpp:797:16:797:16 | ref arg a | atl.cpp:800:3:800:3 | a | |
| atl.cpp:797:18:797:30 | call to ReverseLookup | atl.cpp:798:10:798:12 | key | |
| atl.cpp:797:18:797:30 | call to ReverseLookup | atl.cpp:799:19:799:21 | key | |
| atl.cpp:798:10:798:12 | ref arg key | atl.cpp:799:19:799:21 | key | |
| atl.cpp:799:10:799:10 | ref arg a | atl.cpp:800:3:800:3 | a | |
| atl.cpp:802:33:802:33 | call to CSimpleMap | atl.cpp:803:5:803:5 | a | |
| atl.cpp:802:33:802:33 | call to CSimpleMap | atl.cpp:804:10:804:10 | a | |
| atl.cpp:802:33:802:33 | call to CSimpleMap | atl.cpp:805:3:805:3 | a | |
| atl.cpp:803:5:803:5 | ref arg a | atl.cpp:804:10:804:10 | a | |
| atl.cpp:803:5:803:5 | ref arg a | atl.cpp:805:3:805:3 | a | |
| atl.cpp:804:10:804:10 | ref arg a | atl.cpp:805:3:805:3 | a | |
| atl.cpp:807:33:807:33 | call to CSimpleMap | atl.cpp:808:5:808:5 | a | |
| atl.cpp:807:33:807:33 | call to CSimpleMap | atl.cpp:809:10:809:10 | a | |
| atl.cpp:807:33:807:33 | call to CSimpleMap | atl.cpp:810:3:810:3 | a | |
| atl.cpp:808:5:808:5 | ref arg a | atl.cpp:809:10:809:10 | a | |
| atl.cpp:808:5:808:5 | ref arg a | atl.cpp:810:3:810:3 | a | |
| atl.cpp:809:10:809:10 | ref arg a | atl.cpp:810:3:810:3 | a | |
| atl.cpp:851:13:851:33 | call to indirect_source | atl.cpp:853:16:853:16 | x | |
| atl.cpp:851:13:851:33 | call to indirect_source | atl.cpp:866:19:866:19 | x | |
| atl.cpp:851:13:851:33 | call to indirect_source | atl.cpp:872:23:872:23 | x | |
| atl.cpp:851:13:851:33 | call to indirect_source | atl.cpp:877:22:877:22 | x | |
| atl.cpp:851:13:851:33 | call to indirect_source | atl.cpp:882:22:882:22 | x | |
| atl.cpp:851:13:851:33 | call to indirect_source | atl.cpp:887:24:887:24 | x | |
| atl.cpp:851:13:851:33 | call to indirect_source | atl.cpp:892:21:892:21 | x | |
| atl.cpp:851:13:851:33 | call to indirect_source | atl.cpp:897:22:897:22 | x | |
| atl.cpp:852:8:852:10 | call to CUrl | atl.cpp:853:3:853:5 | url | |
| atl.cpp:852:8:852:10 | call to CUrl | atl.cpp:854:8:854:10 | url | |
| atl.cpp:852:8:852:10 | call to CUrl | atl.cpp:855:8:855:10 | url | |
| atl.cpp:852:8:852:10 | call to CUrl | atl.cpp:856:8:856:10 | url | |
| atl.cpp:852:8:852:10 | call to CUrl | atl.cpp:857:8:857:10 | url | |
| atl.cpp:852:8:852:10 | call to CUrl | atl.cpp:858:8:858:10 | url | |
| atl.cpp:852:8:852:10 | call to CUrl | atl.cpp:859:8:859:10 | url | |
| atl.cpp:852:8:852:10 | call to CUrl | atl.cpp:860:8:860:10 | url | |
| atl.cpp:852:8:852:10 | call to CUrl | atl.cpp:900:1:900:1 | url | |
| atl.cpp:853:3:853:5 | ref arg url | atl.cpp:854:8:854:10 | url | |
| atl.cpp:853:3:853:5 | ref arg url | atl.cpp:855:8:855:10 | url | |
| atl.cpp:853:3:853:5 | ref arg url | atl.cpp:856:8:856:10 | url | |
| atl.cpp:853:3:853:5 | ref arg url | atl.cpp:857:8:857:10 | url | |
| atl.cpp:853:3:853:5 | ref arg url | atl.cpp:858:8:858:10 | url | |
| atl.cpp:853:3:853:5 | ref arg url | atl.cpp:859:8:859:10 | url | |
| atl.cpp:853:3:853:5 | ref arg url | atl.cpp:860:8:860:10 | url | |
| atl.cpp:853:3:853:5 | ref arg url | atl.cpp:900:1:900:1 | url | |
| atl.cpp:863:10:863:13 | call to CUrl | atl.cpp:866:5:866:8 | url2 | |
| atl.cpp:863:10:863:13 | call to CUrl | atl.cpp:867:5:867:8 | url2 | |
| atl.cpp:863:10:863:13 | call to CUrl | atl.cpp:869:3:869:3 | url2 | |
| atl.cpp:864:11:864:13 | len | atl.cpp:867:29:867:31 | len | |
| atl.cpp:865:10:865:15 | buffer | atl.cpp:867:20:867:25 | buffer | |
| atl.cpp:865:10:865:15 | buffer | atl.cpp:868:10:868:15 | buffer | |
| atl.cpp:866:5:866:8 | ref arg url2 | atl.cpp:867:5:867:8 | url2 | |
| atl.cpp:866:5:866:8 | ref arg url2 | atl.cpp:869:3:869:3 | url2 | |
| atl.cpp:867:20:867:25 | ref arg buffer | atl.cpp:868:10:868:15 | buffer | |
| atl.cpp:867:28:867:31 | ref arg & ... | atl.cpp:867:29:867:31 | len [inner post update] | |
| atl.cpp:867:29:867:31 | len | atl.cpp:867:28:867:31 | & ... | |
| atl.cpp:871:10:871:13 | call to CUrl | atl.cpp:872:5:872:8 | url2 | |
| atl.cpp:871:10:871:13 | call to CUrl | atl.cpp:873:10:873:13 | url2 | |
| atl.cpp:871:10:871:13 | call to CUrl | atl.cpp:874:3:874:3 | url2 | |
| atl.cpp:872:5:872:8 | ref arg url2 | atl.cpp:873:10:873:13 | url2 | |
| atl.cpp:872:5:872:8 | ref arg url2 | atl.cpp:874:3:874:3 | url2 | |
| atl.cpp:876:10:876:13 | call to CUrl | atl.cpp:877:5:877:8 | url2 | |
| atl.cpp:876:10:876:13 | call to CUrl | atl.cpp:878:10:878:13 | url2 | |
| atl.cpp:876:10:876:13 | call to CUrl | atl.cpp:879:3:879:3 | url2 | |
| atl.cpp:877:5:877:8 | ref arg url2 | atl.cpp:878:10:878:13 | url2 | |
| atl.cpp:877:5:877:8 | ref arg url2 | atl.cpp:879:3:879:3 | url2 | |
| atl.cpp:881:10:881:13 | call to CUrl | atl.cpp:882:5:882:8 | url2 | |
| atl.cpp:881:10:881:13 | call to CUrl | atl.cpp:883:10:883:13 | url2 | |
| atl.cpp:881:10:881:13 | call to CUrl | atl.cpp:884:3:884:3 | url2 | |
| atl.cpp:882:5:882:8 | ref arg url2 | atl.cpp:883:10:883:13 | url2 | |
| atl.cpp:882:5:882:8 | ref arg url2 | atl.cpp:884:3:884:3 | url2 | |
| atl.cpp:886:10:886:13 | call to CUrl | atl.cpp:887:5:887:8 | url2 | |
| atl.cpp:886:10:886:13 | call to CUrl | atl.cpp:888:10:888:13 | url2 | |
| atl.cpp:886:10:886:13 | call to CUrl | atl.cpp:889:3:889:3 | url2 | |
| atl.cpp:887:5:887:8 | ref arg url2 | atl.cpp:888:10:888:13 | url2 | |
| atl.cpp:887:5:887:8 | ref arg url2 | atl.cpp:889:3:889:3 | url2 | |
| atl.cpp:891:10:891:13 | call to CUrl | atl.cpp:892:5:892:8 | url2 | |
| atl.cpp:891:10:891:13 | call to CUrl | atl.cpp:893:10:893:13 | url2 | |
| atl.cpp:891:10:891:13 | call to CUrl | atl.cpp:894:3:894:3 | url2 | |
| atl.cpp:892:5:892:8 | ref arg url2 | atl.cpp:893:10:893:13 | url2 | |
| atl.cpp:892:5:892:8 | ref arg url2 | atl.cpp:894:3:894:3 | url2 | |
| atl.cpp:896:10:896:13 | call to CUrl | atl.cpp:897:5:897:8 | url2 | |
| atl.cpp:896:10:896:13 | call to CUrl | atl.cpp:898:10:898:13 | url2 | |
| atl.cpp:896:10:896:13 | call to CUrl | atl.cpp:899:3:899:3 | url2 | |
| atl.cpp:897:5:897:8 | ref arg url2 | atl.cpp:898:10:898:13 | url2 | |
| atl.cpp:897:5:897:8 | ref arg url2 | atl.cpp:899:3:899:3 | url2 | |
| bsd.cpp:17:11:17:16 | call to source | bsd.cpp:20:18:20:18 | s | |
| bsd.cpp:18:12:18:15 | addr | bsd.cpp:20:22:20:25 | addr | |
| bsd.cpp:18:12:18:15 | addr | bsd.cpp:23:8:23:11 | addr | |

679
cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected
View File

@@ -1,4 +1,91 @@
signatureMatches
| atl.cpp:69:3:69:15 | _U_STRINGorID | (UINT) | CComBSTR | LoadString | 0 |
| atl.cpp:69:3:69:15 | _U_STRINGorID | (UINT) | _U_STRINGorID | _U_STRINGorID | 0 |
| atl.cpp:70:3:70:15 | _U_STRINGorID | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 |
| atl.cpp:257:3:257:10 | CAtlList | (UINT) | CComBSTR | LoadString | 0 |
| atl.cpp:257:3:257:10 | CAtlList | (UINT) | CComBSTR | LoadString | 0 |
| atl.cpp:257:3:257:10 | CAtlList | (UINT) | _U_STRINGorID | _U_STRINGorID | 0 |
| atl.cpp:257:3:257:10 | CAtlList | (UINT) | _U_STRINGorID | _U_STRINGorID | 0 |
| atl.cpp:407:8:407:8 | operator= | (const CComBSTR &) | CComBSTR | Append | 0 |
| atl.cpp:407:8:407:8 | operator= | (const CComBSTR &) | CComBSTR | CComBSTR | 0 |
| atl.cpp:409:3:409:10 | CComBSTR | (const CComBSTR &) | CComBSTR | Append | 0 |
| atl.cpp:409:3:409:10 | CComBSTR | (const CComBSTR &) | CComBSTR | CComBSTR | 0 |
| atl.cpp:411:3:411:10 | CComBSTR | (int,LPCOLESTR) | CComBSTR | CComBSTR | 0 |
| atl.cpp:411:3:411:10 | CComBSTR | (int,LPCOLESTR) | CComBSTR | CComBSTR | 1 |
| atl.cpp:412:3:412:10 | CComBSTR | (int,LPCSTR) | CComBSTR | CComBSTR | 0 |
| atl.cpp:412:3:412:10 | CComBSTR | (int,LPCSTR) | CComBSTR | CComBSTR | 1 |
| atl.cpp:413:3:413:10 | CComBSTR | (LPCOLESTR) | CComBSTR | Append | 0 |
| atl.cpp:413:3:413:10 | CComBSTR | (LPCOLESTR) | CComBSTR | CComBSTR | 0 |
| atl.cpp:414:3:414:10 | CComBSTR | (LPCSTR) | CComBSTR | Append | 0 |
| atl.cpp:414:3:414:10 | CComBSTR | (LPCSTR) | CComBSTR | CComBSTR | 0 |
| atl.cpp:415:3:415:10 | CComBSTR | (CComBSTR &&) | CComBSTR | CComBSTR | 0 |
| atl.cpp:418:11:418:16 | Append | (const CComBSTR &) | CComBSTR | Append | 0 |
| atl.cpp:418:11:418:16 | Append | (const CComBSTR &) | CComBSTR | CComBSTR | 0 |
| atl.cpp:419:11:419:16 | Append | (wchar_t) | CComBSTR | Append | 0 |
| atl.cpp:420:11:420:16 | Append | (char) | CComBSTR | Append | 0 |
| atl.cpp:421:11:421:16 | Append | (LPCOLESTR) | CComBSTR | Append | 0 |
| atl.cpp:421:11:421:16 | Append | (LPCOLESTR) | CComBSTR | CComBSTR | 0 |
| atl.cpp:422:11:422:16 | Append | (LPCSTR) | CComBSTR | Append | 0 |
| atl.cpp:422:11:422:16 | Append | (LPCSTR) | CComBSTR | CComBSTR | 0 |
| atl.cpp:423:11:423:16 | Append | (LPCOLESTR,int) | CComBSTR | Append | 0 |
| atl.cpp:423:11:423:16 | Append | (LPCOLESTR,int) | CComBSTR | Append | 1 |
| atl.cpp:425:11:425:21 | AppendBytes | (LPCOLESTR,int) | CComBSTR | Append | 1 |
| atl.cpp:426:11:426:21 | ArrayToBSTR | (const SAFEARRAY *) | CComSafeArray | Add | 0 |
| atl.cpp:426:11:426:21 | ArrayToBSTR | (const SAFEARRAY *) | CComSafeArray | CComSafeArray | 0 |
| atl.cpp:426:11:426:21 | ArrayToBSTR | (const SAFEARRAY *) | CComSafeArray | operator= | 0 |
| atl.cpp:438:8:438:17 | LoadString | (HINSTANCE,UINT) | CComBSTR | LoadString | 0 |
| atl.cpp:438:8:438:17 | LoadString | (HINSTANCE,UINT) | CComBSTR | LoadString | 1 |
| atl.cpp:439:8:439:17 | LoadString | (UINT) | CComBSTR | LoadString | 0 |
| atl.cpp:439:8:439:17 | LoadString | (UINT) | _U_STRINGorID | _U_STRINGorID | 0 |
| atl.cpp:447:13:447:22 | operator+= | (const CComBSTR &) | CComBSTR | Append | 0 |
| atl.cpp:447:13:447:22 | operator+= | (const CComBSTR &) | CComBSTR | CComBSTR | 0 |
| atl.cpp:448:13:448:22 | operator+= | (LPCOLESTR) | CComBSTR | Append | 0 |
| atl.cpp:448:13:448:22 | operator+= | (LPCOLESTR) | CComBSTR | CComBSTR | 0 |
| atl.cpp:538:3:538:15 | CComSafeArray | (const SAFEARRAY *) | CComSafeArray | Add | 0 |
| atl.cpp:538:3:538:15 | CComSafeArray | (const SAFEARRAY *) | CComSafeArray | CComSafeArray | 0 |
| atl.cpp:538:3:538:15 | CComSafeArray | (const SAFEARRAY *) | CComSafeArray | operator= | 0 |
| atl.cpp:542:11:542:13 | Add | (const SAFEARRAY *) | CComSafeArray | Add | 0 |
| atl.cpp:542:11:542:13 | Add | (const SAFEARRAY *) | CComSafeArray | CComSafeArray | 0 |
| atl.cpp:542:11:542:13 | Add | (const SAFEARRAY *) | CComSafeArray | operator= | 0 |
| atl.cpp:544:11:544:13 | Add | (const T &,BOOL) | CComSafeArray<T> | Add | 0 |
| atl.cpp:544:11:544:13 | Add | (const T &,BOOL) | CComSafeArray<T> | Add | 1 |
| atl.cpp:763:8:763:10 | Add | (const deque &,const Allocator &) | deque<T,Allocator> | deque | 1 |
| atl.cpp:763:8:763:10 | Add | (const forward_list &,const Allocator &) | forward_list<T,Allocator> | forward_list | 1 |
| atl.cpp:763:8:763:10 | Add | (const list &,const Allocator &) | list<T,Allocator> | list | 1 |
| atl.cpp:763:8:763:10 | Add | (const vector &,const Allocator &) | vector<T,Allocator> | vector | 1 |
| atl.cpp:763:8:763:10 | Add | (deque &&,const Allocator &) | deque<T,Allocator> | deque | 1 |
| atl.cpp:763:8:763:10 | Add | (forward_list &&,const Allocator &) | forward_list<T,Allocator> | forward_list | 1 |
| atl.cpp:763:8:763:10 | Add | (list &&,const Allocator &) | list<T,Allocator> | list | 1 |
| atl.cpp:763:8:763:10 | Add | (vector &&,const Allocator &) | vector<T,Allocator> | vector | 1 |
| atl.cpp:774:8:774:12 | SetAt | (const deque &,const Allocator &) | deque<T,Allocator> | deque | 1 |
| atl.cpp:774:8:774:12 | SetAt | (const forward_list &,const Allocator &) | forward_list<T,Allocator> | forward_list | 1 |
| atl.cpp:774:8:774:12 | SetAt | (const list &,const Allocator &) | list<T,Allocator> | list | 1 |
| atl.cpp:774:8:774:12 | SetAt | (const vector &,const Allocator &) | vector<T,Allocator> | vector | 1 |
| atl.cpp:774:8:774:12 | SetAt | (deque &&,const Allocator &) | deque<T,Allocator> | deque | 1 |
| atl.cpp:774:8:774:12 | SetAt | (forward_list &&,const Allocator &) | forward_list<T,Allocator> | forward_list | 1 |
| atl.cpp:774:8:774:12 | SetAt | (list &&,const Allocator &) | list<T,Allocator> | list | 1 |
| atl.cpp:774:8:774:12 | SetAt | (vector &&,const Allocator &) | vector<T,Allocator> | vector | 1 |
| atl.cpp:775:8:775:17 | SetAtIndex | (InputIterator,InputIterator,const Allocator &) | deque<T,Allocator> | deque<InputIterator> | 2 |
| atl.cpp:775:8:775:17 | SetAtIndex | (InputIterator,InputIterator,const Allocator &) | forward_list<T,Allocator> | forward_list | 2 |
| atl.cpp:775:8:775:17 | SetAtIndex | (InputIterator,InputIterator,const Allocator &) | list<T,Allocator> | list<InputIterator> | 2 |
| atl.cpp:775:8:775:17 | SetAtIndex | (InputIterator,InputIterator,const Allocator &) | vector<T,Allocator> | vector<InputIterator> | 2 |
| atl.cpp:775:8:775:17 | SetAtIndex | (size_type,const T &,const Allocator &) | deque<T,Allocator> | deque | 1 |
| atl.cpp:775:8:775:17 | SetAtIndex | (size_type,const T &,const Allocator &) | deque<T,Allocator> | deque | 2 |
| atl.cpp:775:8:775:17 | SetAtIndex | (size_type,const T &,const Allocator &) | forward_list<T,Allocator> | forward_list | 1 |
| atl.cpp:775:8:775:17 | SetAtIndex | (size_type,const T &,const Allocator &) | forward_list<T,Allocator> | forward_list | 2 |
| atl.cpp:775:8:775:17 | SetAtIndex | (size_type,const T &,const Allocator &) | list<T,Allocator> | list | 1 |
| atl.cpp:775:8:775:17 | SetAtIndex | (size_type,const T &,const Allocator &) | list<T,Allocator> | list | 2 |
| atl.cpp:775:8:775:17 | SetAtIndex | (size_type,const T &,const Allocator &) | vector<T,Allocator> | vector | 1 |
| atl.cpp:775:8:775:17 | SetAtIndex | (size_type,const T &,const Allocator &) | vector<T,Allocator> | vector | 2 |
| atl.cpp:840:15:840:26 | SetExtraInfo | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 |
| atl.cpp:841:15:841:25 | SetHostName | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 |
| atl.cpp:842:15:842:25 | SetPassword | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 |
| atl.cpp:845:15:845:27 | SetSchemeName | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 |
| atl.cpp:846:15:846:24 | SetUrlPath | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 |
| atl.cpp:847:15:847:25 | SetUserName | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 |
| constructor_delegation.cpp:10:2:10:8 | MyValue | (LPCOLESTR,int) | CComBSTR | Append | 1 |
| constructor_delegation.cpp:19:2:19:15 | MyDerivedValue | (LPCOLESTR,int) | CComBSTR | Append | 1 |
| standalone_iterators.cpp:103:27:103:36 | operator+= | (LPCOLESTR,int) | CComBSTR | Append | 1 |
| stl.h:182:17:182:22 | assign | (InputIt,InputIt) | deque | assign<InputIt> | 0 |
| stl.h:182:17:182:22 | assign | (InputIt,InputIt) | deque | assign<InputIt> | 1 |
| stl.h:182:17:182:22 | assign | (InputIt,InputIt) | forward_list | assign<InputIt> | 0 |
@@ -267,7 +354,25 @@ signatureMatches
| stl.h:678:33:678:38 | format | (format_string,Args &&) | | format<Args> | 1 |
| stl.h:683:6:683:48 | same_signature_as_format_but_different_name | (format_string,Args &&) | | format<Args> | 0 |
| stl.h:683:6:683:48 | same_signature_as_format_but_different_name | (format_string,Args &&) | | format<Args> | 1 |
| string.cpp:20:6:20:9 | sink | (char) | CComBSTR | Append | 0 |
| taint.cpp:4:6:4:21 | arithAssignments | (LPCOLESTR,int) | CComBSTR | Append | 1 |
| taint.cpp:249:13:249:13 | _FUN | (LPCOLESTR,int) | CComBSTR | Append | 1 |
| taint.cpp:249:13:249:13 | operator() | (LPCOLESTR,int) | CComBSTR | Append | 1 |
| taint.cpp:302:6:302:14 | myAssign2 | (LPCOLESTR,int) | CComBSTR | Append | 1 |
| taint.cpp:307:6:307:14 | myAssign3 | (LPCOLESTR,int) | CComBSTR | Append | 1 |
| taint.cpp:312:6:312:14 | myAssign4 | (LPCOLESTR,int) | CComBSTR | Append | 1 |
| taint.cpp:523:7:523:13 | _strset | (LPCOLESTR,int) | CComBSTR | Append | 1 |
| vector.cpp:333:6:333:35 | vector_iterator_assign_wrapper | (LPCOLESTR,int) | CComBSTR | Append | 1 |
getSignatureParameterName
| (CAtlFile &) | CAtlFile | CAtlFile | 0 | CAtlFile & |
| (CComBSTR &&) | CComBSTR | CComBSTR | 0 | CComBSTR && |
| (CRegKey &) | CRegKey | CRegKey | 0 | CRegKey & |
| (DWORD &,LPCTSTR) | CRegKey | QueryValue | 0 | DWORD & |
| (DWORD &,LPCTSTR) | CRegKey | QueryValue | 1 | LPCTSTR |
| (HANDLE) | CAtlFile | CAtlFile | 0 | HANDLE |
| (HINSTANCE,UINT) | CComBSTR | LoadString | 0 | HINSTANCE |
| (HINSTANCE,UINT) | CComBSTR | LoadString | 1 | UINT |
| (HKEY) | CRegKey | CRegKey | 0 | HKEY |
| (InputIt,InputIt) | deque | assign<InputIt> | 0 | func:0 |
| (InputIt,InputIt) | deque | assign<InputIt> | 1 | func:0 |
| (InputIt,InputIt) | forward_list | assign<InputIt> | 0 | func:0 |
@@ -288,6 +393,33 @@ getSignatureParameterName
| (InputIterator,InputIterator,const Allocator &) | vector<T,Allocator> | vector<InputIterator> | 0 | func:0 |
| (InputIterator,InputIterator,const Allocator &) | vector<T,Allocator> | vector<InputIterator> | 1 | func:0 |
| (InputIterator,InputIterator,const Allocator &) | vector<T,Allocator> | vector<InputIterator> | 2 | const class:1 & |
| (LPCOLESTR) | CComBSTR | Append | 0 | LPCOLESTR |
| (LPCOLESTR) | CComBSTR | CComBSTR | 0 | LPCOLESTR |
| (LPCOLESTR,int) | CComBSTR | Append | 0 | LPCOLESTR |
| (LPCOLESTR,int) | CComBSTR | Append | 1 | int |
| (LPCSTR) | CComBSTR | Append | 0 | LPCSTR |
| (LPCSTR) | CComBSTR | CComBSTR | 0 | LPCSTR |
| (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | LPCTSTR |
| (LPCTSTR,DWORD *,void *,ULONG *) | CRegKey | QueryValue | 0 | LPCTSTR |
| (LPCTSTR,DWORD *,void *,ULONG *) | CRegKey | QueryValue | 1 | DWORD * |
| (LPCTSTR,DWORD *,void *,ULONG *) | CRegKey | QueryValue | 2 | void * |
| (LPCTSTR,DWORD *,void *,ULONG *) | CRegKey | QueryValue | 3 | ULONG * |
| (LPTSTR,LPCTSTR,DWORD *) | CRegKey | QueryValue | 0 | LPTSTR |
| (LPTSTR,LPCTSTR,DWORD *) | CRegKey | QueryValue | 1 | LPCTSTR |
| (LPTSTR,LPCTSTR,DWORD *) | CRegKey | QueryValue | 2 | DWORD * |
| (UINT) | CComBSTR | LoadString | 0 | UINT |
| (UINT) | _U_STRINGorID | _U_STRINGorID | 0 | UINT |
| (char) | CComBSTR | Append | 0 | char |
| (const CComBSTR &) | CComBSTR | Append | 0 | const CComBSTR & |
| (const CComBSTR &) | CComBSTR | CComBSTR | 0 | const CComBSTR & |
| (const CComSafeArray &) | CComSafeArray | CComSafeArray | 0 | const CComSafeArray & |
| (const CComSafeArray &) | CComSafeArray | operator= | 0 | const CComSafeArray & |
| (const SAFEARRAY &) | CComSafeArray | CComSafeArray | 0 | const SAFEARRAY & |
| (const SAFEARRAY *) | CComSafeArray | Add | 0 | const SAFEARRAY * |
| (const SAFEARRAY *) | CComSafeArray | CComSafeArray | 0 | const SAFEARRAY * |
| (const SAFEARRAY *) | CComSafeArray | operator= | 0 | const SAFEARRAY * |
| (const T &,BOOL) | CComSafeArray<T> | Add | 0 | const class:0 & |
| (const T &,BOOL) | CComSafeArray<T> | Add | 1 | BOOL |
| (const deque &) | deque | deque | 0 | const deque & |
| (const deque &,const Allocator &) | deque<T,Allocator> | deque | 0 | const deque & |
| (const deque &,const Allocator &) | deque<T,Allocator> | deque | 1 | const class:1 & |
@@ -348,6 +480,10 @@ getSignatureParameterName
| (forward_list &&) | forward_list | forward_list | 0 | forward_list && |
| (forward_list &&,const Allocator &) | forward_list<T,Allocator> | forward_list | 0 | forward_list && |
| (forward_list &&,const Allocator &) | forward_list<T,Allocator> | forward_list | 1 | const class:1 & |
| (int,LPCOLESTR) | CComBSTR | CComBSTR | 0 | int |
| (int,LPCOLESTR) | CComBSTR | CComBSTR | 1 | LPCOLESTR |
| (int,LPCSTR) | CComBSTR | CComBSTR | 0 | int |
| (int,LPCSTR) | CComBSTR | CComBSTR | 1 | LPCSTR |
| (list &&) | list | list | 0 | list && |
| (list &&,const Allocator &) | list<T,Allocator> | list | 0 | list && |
| (list &&,const Allocator &) | list<T,Allocator> | list | 1 | const class:1 & |
@@ -374,11 +510,294 @@ getSignatureParameterName
| (vector &&) | vector | vector | 0 | vector && |
| (vector &&,const Allocator &) | vector<T,Allocator> | vector | 0 | vector && |
| (vector &&,const Allocator &) | vector<T,Allocator> | vector | 1 | const class:1 & |
| (wchar_t) | CComBSTR | Append | 0 | wchar_t |
getParameterTypeName
| arrayassignment.cpp:3:6:3:9 | sink | 0 | int |
| arrayassignment.cpp:4:6:4:9 | sink | 0 | MyInt |
| arrayassignment.cpp:5:6:5:9 | sink | 0 | MyArray |
| arrayassignment.cpp:37:7:37:7 | MyInt | 0 | const MyInt & |
| arrayassignment.cpp:44:9:44:17 | operator= | 0 | const int & |
| arrayassignment.cpp:45:9:45:17 | operator= | 0 | const MyInt & |
| arrayassignment.cpp:83:7:83:7 | MyArray | 0 | MyArray && |
| arrayassignment.cpp:83:7:83:7 | MyArray | 0 | const MyArray & |
| arrayassignment.cpp:83:7:83:7 | operator= | 0 | MyArray && |
| arrayassignment.cpp:83:7:83:7 | operator= | 0 | const MyArray & |
| arrayassignment.cpp:88:7:88:9 | get | 0 | int |
| arrayassignment.cpp:90:7:90:16 | operator[] | 0 | int |
| arrayassignment.cpp:124:6:124:9 | sink | 0 | int * |
| atl.cpp:28:8:28:8 | operator= | 0 | __POSITION && |
| atl.cpp:28:8:28:8 | operator= | 0 | const __POSITION & |
| atl.cpp:50:16:50:16 | operator= | 0 | const tagSAFEARRAYBOUND & |
| atl.cpp:50:16:50:16 | operator= | 0 | tagSAFEARRAYBOUND && |
| atl.cpp:55:16:55:16 | operator= | 0 | const tagVARIANT & |
| atl.cpp:55:16:55:16 | operator= | 0 | tagVARIANT && |
| atl.cpp:59:16:59:16 | operator= | 0 | const tagSAFEARRAY & |
| atl.cpp:59:16:59:16 | operator= | 0 | tagSAFEARRAY && |
| atl.cpp:68:8:68:8 | _U_STRINGorID | 0 | _U_STRINGorID && |
| atl.cpp:68:8:68:8 | _U_STRINGorID | 0 | const _U_STRINGorID & |
| atl.cpp:68:8:68:8 | operator= | 0 | _U_STRINGorID && |
| atl.cpp:68:8:68:8 | operator= | 0 | const _U_STRINGorID & |
| atl.cpp:69:3:69:15 | _U_STRINGorID | 0 | UINT |
| atl.cpp:70:3:70:15 | _U_STRINGorID | 0 | LPCTSTR |
| atl.cpp:194:10:194:12 | Add | 0 | INARGTYPclass:0 |
| atl.cpp:196:10:196:15 | Append | 0 | const CAtlArray & |
| atl.cpp:197:8:197:11 | Copy | 0 | const CAtlArray & |
| atl.cpp:199:6:199:10 | GetAt | 0 | size_t |
| atl.cpp:203:8:203:20 | InsertArrayAt | 0 | size_t |
| atl.cpp:203:8:203:20 | InsertArrayAt | 1 | const CAtlArray * |
| atl.cpp:204:8:204:15 | InsertAt | 0 | size_t |
| atl.cpp:204:8:204:15 | InsertAt | 1 | INARGTYPclass:0 |
| atl.cpp:204:8:204:15 | InsertAt | 2 | size_t |
| atl.cpp:209:8:209:16 | SetAtGrow | 0 | size_t |
| atl.cpp:209:8:209:16 | SetAtGrow | 1 | INARGTYPclass:0 |
| atl.cpp:211:6:211:15 | operator[] | 0 | size_t |
| atl.cpp:257:3:257:10 | CAtlList | 0 | UINT |
| atl.cpp:257:3:257:10 | CAtlList | 0 | UINT |
| atl.cpp:260:12:260:18 | AddHead | 0 | INARGTYPclass:0 |
| atl.cpp:260:12:260:18 | AddHead | 0 | INARGTYPclass:0 |
| atl.cpp:261:8:261:18 | AddHeadList | 0 | const CAtlList * |
| atl.cpp:261:8:261:18 | AddHeadList | 0 | const CAtlList * |
| atl.cpp:263:12:263:18 | AddTail | 0 | INARGTYPclass:0 |
| atl.cpp:263:12:263:18 | AddTail | 0 | INARGTYPclass:0 |
| atl.cpp:264:8:264:18 | AddTailList | 0 | const CAtlList * |
| atl.cpp:264:8:264:18 | AddTailList | 0 | const CAtlList * |
| atl.cpp:265:12:265:15 | Find | 0 | INARGTYPclass:0 |
| atl.cpp:265:12:265:15 | Find | 0 | INARGTYPclass:0 |
| atl.cpp:265:12:265:15 | Find | 1 | POSITION |
| atl.cpp:265:12:265:15 | Find | 1 | POSITION |
| atl.cpp:266:12:266:20 | FindIndex | 0 | size_t |
| atl.cpp:266:12:266:20 | FindIndex | 0 | size_t |
| atl.cpp:267:6:267:10 | GetAt | 0 | POSITION |
| atl.cpp:267:6:267:10 | GetAt | 0 | POSITION |
| atl.cpp:280:12:280:22 | InsertAfter | 0 | POSITION |
| atl.cpp:280:12:280:22 | InsertAfter | 0 | POSITION |
| atl.cpp:280:12:280:22 | InsertAfter | 1 | INARGTYPclass:0 |
| atl.cpp:280:12:280:22 | InsertAfter | 1 | INARGTYPclass:0 |
| atl.cpp:281:12:281:23 | InsertBefore | 0 | POSITION |
| atl.cpp:281:12:281:23 | InsertBefore | 0 | POSITION |
| atl.cpp:281:12:281:23 | InsertBefore | 1 | INARGTYPclass:0 |
| atl.cpp:281:12:281:23 | InsertBefore | 1 | INARGTYPclass:0 |
| atl.cpp:291:8:291:12 | SetAt | 0 | POSITION |
| atl.cpp:291:8:291:12 | SetAt | 0 | POSITION |
| atl.cpp:291:8:291:12 | SetAt | 1 | INARGTYPclass:0 |
| atl.cpp:291:8:291:12 | SetAt | 1 | INARGTYPclass:0 |
| atl.cpp:401:8:401:8 | operator= | 0 | IUnknown && |
| atl.cpp:401:8:401:8 | operator= | 0 | const IUnknown & |
| atl.cpp:403:8:403:8 | operator= | 0 | ISequentialStream && |
| atl.cpp:403:8:403:8 | operator= | 0 | const ISequentialStream & |
| atl.cpp:405:8:405:8 | operator= | 0 | IStream && |
| atl.cpp:405:8:405:8 | operator= | 0 | const IStream & |
| atl.cpp:407:8:407:8 | operator= | 0 | const CComBSTR & |
| atl.cpp:409:3:409:10 | CComBSTR | 0 | const CComBSTR & |
| atl.cpp:410:3:410:10 | CComBSTR | 0 | int |
| atl.cpp:411:3:411:10 | CComBSTR | 0 | int |
| atl.cpp:411:3:411:10 | CComBSTR | 1 | LPCOLESTR |
| atl.cpp:412:3:412:10 | CComBSTR | 0 | int |
| atl.cpp:412:3:412:10 | CComBSTR | 1 | LPCSTR |
| atl.cpp:413:3:413:10 | CComBSTR | 0 | LPCOLESTR |
| atl.cpp:414:3:414:10 | CComBSTR | 0 | LPCSTR |
| atl.cpp:415:3:415:10 | CComBSTR | 0 | CComBSTR && |
| atl.cpp:418:11:418:16 | Append | 0 | const CComBSTR & |
| atl.cpp:419:11:419:16 | Append | 0 | wchar_t |
| atl.cpp:420:11:420:16 | Append | 0 | char |
| atl.cpp:421:11:421:16 | Append | 0 | LPCOLESTR |
| atl.cpp:422:11:422:16 | Append | 0 | LPCSTR |
| atl.cpp:423:11:423:16 | Append | 0 | LPCOLESTR |
| atl.cpp:423:11:423:16 | Append | 1 | int |
| atl.cpp:424:11:424:20 | AppendBSTR | 0 | BSTR |
| atl.cpp:425:11:425:21 | AppendBytes | 0 | const char * |
| atl.cpp:425:11:425:21 | AppendBytes | 1 | int |
| atl.cpp:426:11:426:21 | ArrayToBSTR | 0 | const SAFEARRAY * |
| atl.cpp:427:11:427:20 | AssignBSTR | 0 | const BSTR |
| atl.cpp:428:8:428:13 | Attach | 0 | BSTR |
| atl.cpp:429:11:429:21 | BSTRToArray | 0 | LPSAFEARRAY * |
| atl.cpp:432:11:432:16 | CopyTo | 0 | BSTR * |
| atl.cpp:434:11:434:16 | CopyTo | 0 | VARIANT * |
| atl.cpp:438:8:438:17 | LoadString | 0 | HINSTANCE |
| atl.cpp:438:8:438:17 | LoadString | 1 | UINT |
| atl.cpp:439:8:439:17 | LoadString | 0 | UINT |
| atl.cpp:440:11:440:24 | ReadFromStream | 0 | IStream * |
| atl.cpp:442:11:442:23 | WriteToStream | 0 | IStream * |
| atl.cpp:447:13:447:22 | operator+= | 0 | const CComBSTR & |
| atl.cpp:448:13:448:22 | operator+= | 0 | LPCOLESTR |
| atl.cpp:538:3:538:15 | CComSafeArray | 0 | const SAFEARRAY * |
| atl.cpp:542:11:542:13 | Add | 0 | const SAFEARRAY * |
| atl.cpp:544:11:544:13 | Add | 0 | const class:0 & |
| atl.cpp:544:11:544:13 | Add | 1 | BOOL |
| atl.cpp:552:6:552:10 | GetAt | 0 | LONG |
| atl.cpp:563:11:563:15 | SetAt | 0 | LONG |
| atl.cpp:563:11:563:15 | SetAt | 1 | const class:0 & |
| atl.cpp:563:11:563:15 | SetAt | 2 | BOOL |
| atl.cpp:565:6:565:15 | operator[] | 0 | long |
| atl.cpp:566:6:566:15 | operator[] | 0 | int |
| atl.cpp:610:3:610:8 | CPathT | 0 | PCXSTR |
| atl.cpp:611:3:611:8 | CPathT | 0 | const CPathT & |
| atl.cpp:615:8:615:19 | AddExtension | 0 | PCXSTR |
| atl.cpp:616:8:616:13 | Append | 0 | PCXSTR |
| atl.cpp:619:8:619:14 | Combine | 0 | PCXSTR |
| atl.cpp:619:8:619:14 | Combine | 1 | PCXSTR |
| atl.cpp:620:22:620:33 | CommonPrefix | 0 | PCXSTR |
| atl.cpp:657:23:657:32 | operator+= | 0 | PCXSTR |
| atl.cpp:717:8:717:10 | Add | 0 | const class:0 & |
| atl.cpp:718:7:718:10 | Find | 0 | const class:0 & |
| atl.cpp:729:6:729:15 | operator[] | 0 | int |
| atl.cpp:730:21:730:29 | operator= | 0 | const CSimpleArray & |
| atl.cpp:763:8:763:10 | Add | 0 | const class:0 & |
| atl.cpp:763:8:763:10 | Add | 1 | const class:1 & |
| atl.cpp:764:7:764:13 | FindKey | 0 | const class:0 & |
| atl.cpp:765:7:765:13 | FindVal | 0 | const class:1 & |
| atl.cpp:768:9:768:18 | GetValueAt | 0 | int |
| atl.cpp:769:8:769:13 | Lookup | 0 | const class:0 & |
| atl.cpp:773:8:773:20 | ReverseLookup | 0 | const class:1 & |
| atl.cpp:774:8:774:12 | SetAt | 0 | const class:0 & |
| atl.cpp:774:8:774:12 | SetAt | 1 | const class:1 & |
| atl.cpp:775:8:775:17 | SetAtIndex | 0 | int |
| atl.cpp:775:8:775:17 | SetAtIndex | 1 | const class:0 & |
| atl.cpp:775:8:775:17 | SetAtIndex | 2 | const class:1 & |
| atl.cpp:814:9:814:17 | operator= | 0 | const CUrl & |
| atl.cpp:816:3:816:6 | CUrl | 0 | const CUrl & |
| atl.cpp:819:15:819:26 | Canonicalize | 0 | DWORD |
| atl.cpp:822:8:822:15 | CrackUrl | 0 | LPCTSTR |
| atl.cpp:822:8:822:15 | CrackUrl | 1 | DWORD |
| atl.cpp:823:15:823:23 | CreateUrl | 0 | LPTSTR |
| atl.cpp:823:15:823:23 | CreateUrl | 1 | DWORD * |
| atl.cpp:823:15:823:23 | CreateUrl | 2 | DWORD |
| atl.cpp:840:15:840:26 | SetExtraInfo | 0 | LPCTSTR |
| atl.cpp:841:15:841:25 | SetHostName | 0 | LPCTSTR |
| atl.cpp:842:15:842:25 | SetPassword | 0 | LPCTSTR |
| atl.cpp:843:15:843:27 | SetPortNumber | 0 | ATL_URL_PORT |
| atl.cpp:844:15:844:23 | SetScheme | 0 | ATL_URL_SCHEME |
| atl.cpp:845:15:845:27 | SetSchemeName | 0 | LPCTSTR |
| atl.cpp:846:15:846:24 | SetUrlPath | 0 | LPCTSTR |
| atl.cpp:847:15:847:25 | SetUserName | 0 | LPCTSTR |
| bsd.cpp:6:8:6:8 | operator= | 0 | const sockaddr & |
| bsd.cpp:6:8:6:8 | operator= | 0 | sockaddr && |
| bsd.cpp:12:5:12:10 | accept | 0 | int |
| bsd.cpp:12:5:12:10 | accept | 1 | sockaddr * |
| bsd.cpp:12:5:12:10 | accept | 2 | int * |
| bsd.cpp:14:6:14:9 | sink | 0 | sockaddr |
| constructor_delegation.cpp:5:7:5:7 | MyValue | 0 | MyValue && |
| constructor_delegation.cpp:5:7:5:7 | MyValue | 0 | const MyValue & |
| constructor_delegation.cpp:5:7:5:7 | operator= | 0 | MyValue && |
| constructor_delegation.cpp:5:7:5:7 | operator= | 0 | const MyValue & |
| constructor_delegation.cpp:8:2:8:8 | MyValue | 0 | int |
| constructor_delegation.cpp:9:2:9:8 | MyValue | 0 | int |
| constructor_delegation.cpp:9:2:9:8 | MyValue | 1 | bool |
| constructor_delegation.cpp:10:2:10:8 | MyValue | 0 | int |
| constructor_delegation.cpp:10:2:10:8 | MyValue | 1 | int |
| constructor_delegation.cpp:11:2:11:8 | MyValue | 0 | int |
| constructor_delegation.cpp:11:2:11:8 | MyValue | 1 | bool |
| constructor_delegation.cpp:11:2:11:8 | MyValue | 2 | bool |
| constructor_delegation.cpp:16:7:16:7 | MyDerivedValue | 0 | MyDerivedValue && |
| constructor_delegation.cpp:16:7:16:7 | MyDerivedValue | 0 | const MyDerivedValue & |
| constructor_delegation.cpp:16:7:16:7 | operator= | 0 | MyDerivedValue && |
| constructor_delegation.cpp:16:7:16:7 | operator= | 0 | const MyDerivedValue & |
| constructor_delegation.cpp:19:2:19:15 | MyDerivedValue | 0 | bool |
| constructor_delegation.cpp:19:2:19:15 | MyDerivedValue | 1 | int |
| copyableclass.cpp:8:2:8:16 | MyCopyableClass | 0 | int |
| copyableclass.cpp:9:2:9:16 | MyCopyableClass | 0 | const MyCopyableClass & |
| copyableclass.cpp:10:19:10:27 | operator= | 0 | const MyCopyableClass & |
| copyableclass_declonly.cpp:8:2:8:24 | MyCopyableClassDeclOnly | 0 | int |
| copyableclass_declonly.cpp:9:2:9:24 | MyCopyableClassDeclOnly | 0 | const MyCopyableClassDeclOnly & |
| copyableclass_declonly.cpp:10:27:10:35 | operator= | 0 | const MyCopyableClassDeclOnly & |
| file://:0:0:0:0 | operator delete | 0 | void * |
| file://:0:0:0:0 | operator new | 0 | unsigned long |
| file://:0:0:0:0 | operator= | 0 | __va_list_tag && |
| file://:0:0:0:0 | operator= | 0 | const __va_list_tag & |
| format.cpp:3:16:3:16 | operator= | 0 | FILE && |
| format.cpp:3:16:3:16 | operator= | 0 | const FILE & |
| format.cpp:5:5:5:12 | snprintf | 0 | char * |
| format.cpp:5:5:5:12 | snprintf | 1 | size_t |
| format.cpp:5:5:5:12 | snprintf | 2 | const char * |
| format.cpp:6:5:6:11 | sprintf | 0 | char * |
| format.cpp:6:5:6:11 | sprintf | 1 | const char * |
| format.cpp:7:5:7:12 | swprintf | 0 | wchar_t * |
| format.cpp:7:5:7:12 | swprintf | 1 | size_t |
| format.cpp:7:5:7:12 | swprintf | 2 | const wchar_t * |
| format.cpp:14:5:14:13 | vsnprintf | 0 | char * |
| format.cpp:14:5:14:13 | vsnprintf | 1 | size_t |
| format.cpp:14:5:14:13 | vsnprintf | 2 | const char * |
| format.cpp:14:5:14:13 | vsnprintf | 3 | va_list |
| format.cpp:16:5:16:13 | mysprintf | 0 | char * |
| format.cpp:16:5:16:13 | mysprintf | 1 | size_t |
| format.cpp:16:5:16:13 | mysprintf | 2 | const char * |
| format.cpp:28:5:28:10 | sscanf | 0 | const char * |
| format.cpp:28:5:28:10 | sscanf | 1 | const char * |
| format.cpp:142:8:142:13 | strlen | 0 | const char * |
| format.cpp:143:8:143:13 | wcslen | 0 | const wchar_t * |
| format.cpp:169:6:169:9 | test | 0 | format_string |
| map.cpp:8:6:8:9 | sink | 0 | char * |
| map.cpp:9:6:9:9 | sink | 0 | const char * |
| map.cpp:10:6:10:9 | sink | 0 | bool |
| map.cpp:11:6:11:9 | sink | 0 | pair |
| map.cpp:12:6:12:9 | sink | 0 | map, allocator<pair<char *const, char *>>> |
| map.cpp:13:6:13:9 | sink | 0 | iterator |
| map.cpp:14:6:14:9 | sink | 0 | unordered_map, equal_to<char *>, allocator<pair<char *const, char *>>> |
| map.cpp:15:6:15:9 | sink | 0 | iterator |
| map.cpp:16:6:16:9 | sink | 0 | unordered_map, hash<char *>, equal_to<char *>, allocator<pair<char *const, pair<int, int>>>> |
| map.cpp:17:6:17:9 | sink | 0 | iterator |
| map.cpp:442:7:442:19 | indirect_sink | 0 | int * |
| movableclass.cpp:5:7:5:7 | MyMovableClass | 0 | const MyMovableClass & |
| movableclass.cpp:5:7:5:7 | operator= | 0 | const MyMovableClass & |
| movableclass.cpp:8:2:8:15 | MyMovableClass | 0 | int |
| movableclass.cpp:9:2:9:15 | MyMovableClass | 0 | MyMovableClass && |
| movableclass.cpp:13:18:13:26 | operator= | 0 | MyMovableClass && |
| set.cpp:8:6:8:9 | sink | 0 | char * |
| set.cpp:9:6:9:9 | sink | 0 | set, allocator<char *>> |
| set.cpp:10:6:10:9 | sink | 0 | iterator |
| set.cpp:11:6:11:9 | sink | 0 | unordered_set, equal_to<char *>, allocator<char *>> |
| set.cpp:12:6:12:9 | sink | 0 | iterator |
| smart_pointer.cpp:4:6:4:9 | sink | 0 | int |
| smart_pointer.cpp:5:6:5:9 | sink | 0 | int * |
| smart_pointer.cpp:7:27:7:30 | sink | 0 | shared_ptr & |
| smart_pointer.cpp:7:27:7:30 | sink | 0 | shared_ptr & |
| smart_pointer.cpp:8:27:8:30 | sink | 0 | unique_ptr & |
| smart_pointer.cpp:8:27:8:30 | sink | 0 | unique_ptr & |
| smart_pointer.cpp:60:8:60:8 | operator= | 0 | A && |
| smart_pointer.cpp:60:8:60:8 | operator= | 0 | const A & |
| smart_pointer.cpp:70:6:70:14 | getNumber | 0 | shared_ptr |
| smart_pointer.cpp:80:8:80:8 | operator= | 0 | B && |
| smart_pointer.cpp:80:8:80:8 | operator= | 0 | const B & |
| smart_pointer.cpp:86:6:86:24 | test_operator_arrow | 0 | unique_ptr |
| smart_pointer.cpp:86:6:86:24 | test_operator_arrow | 1 | unique_ptr |
| smart_pointer.cpp:97:6:97:12 | taint_x | 0 | A * |
| smart_pointer.cpp:107:8:107:8 | C | 0 | C && |
| smart_pointer.cpp:107:8:107:8 | C | 0 | const C & |
| smart_pointer.cpp:107:8:107:8 | operator= | 0 | C && |
| smart_pointer.cpp:107:8:107:8 | operator= | 0 | const C & |
| smart_pointer.cpp:112:6:112:19 | taint_x_shared | 0 | shared_ptr |
| smart_pointer.cpp:116:6:116:24 | taint_x_shared_cref | 0 | const shared_ptr & |
| smart_pointer.cpp:120:6:120:18 | getNumberCRef | 0 | const shared_ptr & |
| smart_pointer.cpp:124:5:124:27 | nested_shared_ptr_taint | 0 | shared_ptr |
| smart_pointer.cpp:124:5:124:27 | nested_shared_ptr_taint | 1 | unique_ptr> |
| smart_pointer.cpp:132:5:132:32 | nested_shared_ptr_taint_cref | 0 | shared_ptr |
| smart_pointer.cpp:132:5:132:32 | nested_shared_ptr_taint_cref | 1 | unique_ptr> |
| standalone_iterators.cpp:5:6:5:9 | sink | 0 | int |
| standalone_iterators.cpp:7:7:7:7 | operator= | 0 | const int_iterator_by_typedefs & |
| standalone_iterators.cpp:7:7:7:7 | operator= | 0 | int_iterator_by_typedefs && |
| standalone_iterators.cpp:16:30:16:39 | operator++ | 0 | int |
| standalone_iterators.cpp:20:7:20:7 | operator= | 0 | const int_iterator_by_trait & |
| standalone_iterators.cpp:20:7:20:7 | operator= | 0 | int_iterator_by_trait && |
| standalone_iterators.cpp:23:27:23:36 | operator++ | 0 | int |
| standalone_iterators.cpp:36:7:36:7 | operator= | 0 | const non_iterator & |
| standalone_iterators.cpp:36:7:36:7 | operator= | 0 | non_iterator && |
| standalone_iterators.cpp:39:18:39:27 | operator++ | 0 | int |
| standalone_iterators.cpp:43:6:43:18 | test_typedefs | 0 | int_iterator_by_typedefs |
| standalone_iterators.cpp:49:6:49:15 | test_trait | 0 | int_iterator_by_trait |
| standalone_iterators.cpp:55:6:55:22 | test_non_iterator | 0 | non_iterator |
| standalone_iterators.cpp:63:7:63:7 | operator= | 0 | const insert_iterator_by_trait & |
| standalone_iterators.cpp:63:7:63:7 | operator= | 0 | insert_iterator_by_trait && |
| standalone_iterators.cpp:66:30:66:39 | operator++ | 0 | int |
| standalone_iterators.cpp:68:30:68:39 | operator-- | 0 | int |
| standalone_iterators.cpp:70:31:70:39 | operator= | 0 | int |
| standalone_iterators.cpp:82:7:82:7 | container | 0 | const container & |
| standalone_iterators.cpp:82:7:82:7 | container | 0 | container && |
| standalone_iterators.cpp:82:7:82:7 | operator= | 0 | const container & |
| standalone_iterators.cpp:82:7:82:7 | operator= | 0 | container && |
| standalone_iterators.cpp:88:6:88:9 | sink | 0 | container |
| standalone_iterators.cpp:102:6:102:9 | sink | 0 | insert_iterator_by_trait |
| standalone_iterators.cpp:103:27:103:36 | operator+= | 0 | insert_iterator_by_trait & |
| standalone_iterators.cpp:103:27:103:36 | operator+= | 1 | int |
| stl.h:29:34:29:40 | forward | 0 | remove_reference_t & |
| stl.h:29:34:29:40 | forward | 0 | remove_reference_t & |
| stl.h:29:34:29:40 | forward | 0 | remove_reference_t & |
@@ -409,6 +828,16 @@ getParameterTypeName
| stl.h:61:13:61:22 | operator+= | 0 | int |
| stl.h:62:13:62:22 | operator-= | 0 | int |
| stl.h:64:18:64:27 | operator[] | 0 | int |
| stl.h:67:9:67:9 | operator= | 0 | const input_iterator_tag & |
| stl.h:67:9:67:9 | operator= | 0 | input_iterator_tag && |
| stl.h:68:9:68:9 | operator= | 0 | const forward_iterator_tag & |
| stl.h:68:9:68:9 | operator= | 0 | forward_iterator_tag && |
| stl.h:69:9:69:9 | operator= | 0 | bidirectional_iterator_tag && |
| stl.h:69:9:69:9 | operator= | 0 | const bidirectional_iterator_tag & |
| stl.h:70:9:70:9 | operator= | 0 | const random_access_iterator_tag & |
| stl.h:70:9:70:9 | operator= | 0 | random_access_iterator_tag && |
| stl.h:72:9:72:9 | operator= | 0 | const output_iterator_tag & |
| stl.h:72:9:72:9 | operator= | 0 | output_iterator_tag && |
| stl.h:86:22:86:41 | back_insert_iterator | 0 | class:0 & |
| stl.h:86:22:86:41 | back_insert_iterator | 0 | class:0 & |
| stl.h:88:25:88:33 | operator= | 0 | value_type && |
@@ -733,12 +1162,262 @@ getParameterTypeName
| stl.h:678:33:678:38 | format | 1 | func:0 && |
| stl.h:683:6:683:48 | same_signature_as_format_but_different_name | 0 | format_string |
| stl.h:683:6:683:48 | same_signature_as_format_but_different_name | 1 | func:0 && |
| string.cpp:17:6:17:9 | sink | 0 | const char * |
| string.cpp:18:6:18:9 | sink | 0 | const string & |
| string.cpp:19:6:19:9 | sink | 0 | const char * |
| string.cpp:19:6:19:9 | sink | 1 | const char * |
| string.cpp:20:6:20:9 | sink | 0 | char |
| string.cpp:21:6:21:9 | sink | 0 | iterator |
| stringstream.cpp:13:6:13:9 | sink | 0 | int |
| stringstream.cpp:15:6:15:9 | sink | 0 | const string & |
| stringstream.cpp:18:6:18:9 | sink | 0 | const basic_ostream> & |
| stringstream.cpp:21:6:21:9 | sink | 0 | const basic_istream> & |
| stringstream.cpp:24:6:24:9 | sink | 0 | const basic_iostream> & |
| stringstream.cpp:26:6:26:29 | test_stringstream_string | 0 | int |
| stringstream.cpp:70:6:70:26 | test_stringstream_int | 0 | int |
| structlikeclass.cpp:5:7:5:7 | StructLikeClass | 0 | StructLikeClass && |
| structlikeclass.cpp:5:7:5:7 | StructLikeClass | 0 | const StructLikeClass & |
| structlikeclass.cpp:5:7:5:7 | operator= | 0 | StructLikeClass && |
| structlikeclass.cpp:5:7:5:7 | operator= | 0 | const StructLikeClass & |
| structlikeclass.cpp:8:2:8:16 | StructLikeClass | 0 | int |
| swap1.cpp:14:9:14:9 | move | 0 | func:0 & |
| swap1.cpp:24:9:24:13 | Class | 0 | Class && |
| swap1.cpp:25:9:25:13 | Class | 0 | const Class & |
| swap1.cpp:27:16:27:24 | operator= | 0 | const Class & |
| swap1.cpp:34:16:34:24 | operator= | 0 | Class && |
| swap1.cpp:40:16:40:26 | copy_assign | 0 | const Class & |
| swap1.cpp:47:16:47:26 | move_assign | 0 | Class && |
| swap1.cpp:53:14:53:17 | swap | 0 | Class & |
| swap1.cpp:61:10:61:13 | swap | 0 | Class & |
| swap1.cpp:61:10:61:13 | swap | 1 | Class & |
| swap2.cpp:14:9:14:9 | move | 0 | func:0 & |
| swap2.cpp:24:9:24:13 | Class | 0 | Class && |
| swap2.cpp:25:9:25:13 | Class | 0 | const Class & |
| swap2.cpp:27:16:27:24 | operator= | 0 | const Class & |
| swap2.cpp:34:16:34:24 | operator= | 0 | Class && |
| swap2.cpp:40:16:40:26 | copy_assign | 0 | const Class & |
| swap2.cpp:47:16:47:26 | move_assign | 0 | Class && |
| swap2.cpp:53:14:53:17 | swap | 0 | Class & |
| swap2.cpp:61:10:61:13 | swap | 0 | Class & |
| swap2.cpp:61:10:61:13 | swap | 1 | Class & |
| swap.h:4:20:4:23 | swap | 0 | func:0 & |
| swap.h:4:20:4:23 | swap | 1 | func:0 & |
| taint.cpp:4:6:4:21 | arithAssignments | 0 | int |
| taint.cpp:4:6:4:21 | arithAssignments | 1 | int |
| taint.cpp:22:5:22:13 | increment | 0 | int |
| taint.cpp:23:5:23:8 | zero | 0 | int |
| taint.cpp:69:7:69:7 | MyClass | 0 | MyClass && |
| taint.cpp:69:7:69:7 | MyClass | 0 | const MyClass & |
| taint.cpp:69:7:69:7 | operator= | 0 | MyClass && |
| taint.cpp:69:7:69:7 | operator= | 0 | const MyClass & |
| taint.cpp:100:6:100:15 | array_test | 0 | int |
| taint.cpp:142:5:142:10 | select | 0 | int |
| taint.cpp:142:5:142:10 | select | 1 | int |
| taint.cpp:142:5:142:10 | select | 2 | int |
| taint.cpp:150:6:150:12 | fn_test | 0 | int |
| taint.cpp:156:7:156:12 | strcpy | 0 | char * |
| taint.cpp:156:7:156:12 | strcpy | 1 | const char * |
| taint.cpp:157:7:157:12 | strcat | 0 | char * |
| taint.cpp:157:7:157:12 | strcat | 1 | const char * |
| taint.cpp:180:7:180:12 | callee | 0 | int * |
| taint.cpp:190:7:190:12 | memcpy | 0 | void * |
| taint.cpp:190:7:190:12 | memcpy | 1 | void * |
| taint.cpp:190:7:190:12 | memcpy | 2 | int |
| taint.cpp:192:6:192:16 | test_memcpy | 0 | int * |
| taint.cpp:228:11:228:11 | (unnamed constructor) | 0 | const lambda [] type at line 233, col. 11 & |
| taint.cpp:228:11:228:11 | (unnamed constructor) | 0 | lambda [] type at line 233, col. 11 && |
| taint.cpp:228:11:228:11 | operator= | 0 | const lambda [] type at line 233, col. 11 & |
| taint.cpp:235:11:235:11 | (unnamed constructor) | 0 | const lambda [] type at line 240, col. 11 & |
| taint.cpp:235:11:235:11 | (unnamed constructor) | 0 | lambda [] type at line 240, col. 11 && |
| taint.cpp:235:11:235:11 | operator= | 0 | const lambda [] type at line 240, col. 11 & |
| taint.cpp:243:11:243:11 | (unnamed constructor) | 0 | const lambda [] type at line 248, col. 11 & |
| taint.cpp:243:11:243:11 | (unnamed constructor) | 0 | lambda [] type at line 248, col. 11 && |
| taint.cpp:243:11:243:11 | operator= | 0 | const lambda [] type at line 248, col. 11 & |
| taint.cpp:249:11:249:11 | (unnamed constructor) | 0 | const lambda [] type at line 254, col. 11 & |
| taint.cpp:249:11:249:11 | (unnamed constructor) | 0 | lambda [] type at line 254, col. 11 && |
| taint.cpp:249:11:249:11 | operator= | 0 | const lambda [] type at line 254, col. 11 & |
| taint.cpp:249:13:249:13 | _FUN | 0 | int |
| taint.cpp:249:13:249:13 | _FUN | 1 | int |
| taint.cpp:249:13:249:13 | operator() | 0 | int |
| taint.cpp:249:13:249:13 | operator() | 1 | int |
| taint.cpp:255:11:255:11 | (unnamed constructor) | 0 | const lambda [] type at line 260, col. 11 & |
| taint.cpp:255:11:255:11 | (unnamed constructor) | 0 | lambda [] type at line 260, col. 11 && |
| taint.cpp:255:11:255:11 | operator= | 0 | const lambda [] type at line 260, col. 11 & |
| taint.cpp:255:13:255:13 | _FUN | 0 | int & |
| taint.cpp:255:13:255:13 | _FUN | 1 | int & |
| taint.cpp:255:13:255:13 | _FUN | 2 | int & |
| taint.cpp:255:13:255:13 | operator() | 0 | int & |
| taint.cpp:255:13:255:13 | operator() | 1 | int & |
| taint.cpp:255:13:255:13 | operator() | 2 | int & |
| taint.cpp:266:5:266:6 | id | 0 | int |
| taint.cpp:297:6:297:14 | myAssign1 | 0 | int & |
| taint.cpp:297:6:297:14 | myAssign1 | 1 | int & |
| taint.cpp:302:6:302:14 | myAssign2 | 0 | int & |
| taint.cpp:302:6:302:14 | myAssign2 | 1 | int |
| taint.cpp:307:6:307:14 | myAssign3 | 0 | int * |
| taint.cpp:307:6:307:14 | myAssign3 | 1 | int |
| taint.cpp:312:6:312:14 | myAssign4 | 0 | int * |
| taint.cpp:312:6:312:14 | myAssign4 | 1 | int |
| taint.cpp:320:6:320:16 | myNotAssign | 0 | int & |
| taint.cpp:320:6:320:16 | myNotAssign | 1 | int & |
| taint.cpp:361:7:361:12 | strdup | 0 | const char * |
| taint.cpp:362:7:362:13 | strndup | 0 | const char * |
| taint.cpp:362:7:362:13 | strndup | 1 | size_t |
| taint.cpp:363:10:363:15 | wcsdup | 0 | const wchar_t * |
| taint.cpp:364:7:364:13 | strdupa | 0 | const char * |
| taint.cpp:365:7:365:14 | strndupa | 0 | const char * |
| taint.cpp:365:7:365:14 | strndupa | 1 | size_t |
| taint.cpp:367:6:367:16 | test_strdup | 0 | char * |
| taint.cpp:379:6:379:17 | test_strndup | 0 | int |
| taint.cpp:387:6:387:16 | test_wcsdup | 0 | wchar_t * |
| taint.cpp:397:6:397:17 | test_strdupa | 0 | char * |
| taint.cpp:409:6:409:18 | test_strndupa | 0 | int |
| taint.cpp:419:7:419:7 | MyClass2 | 0 | MyClass2 && |
| taint.cpp:419:7:419:7 | MyClass2 | 0 | const MyClass2 & |
| taint.cpp:419:7:419:7 | operator= | 0 | MyClass2 && |
| taint.cpp:419:7:419:7 | operator= | 0 | const MyClass2 & |
| taint.cpp:421:2:421:9 | MyClass2 | 0 | int |
| taint.cpp:422:7:422:15 | setMember | 0 | int |
| taint.cpp:428:7:428:7 | MyClass3 | 0 | MyClass3 && |
| taint.cpp:428:7:428:7 | MyClass3 | 0 | const MyClass3 & |
| taint.cpp:428:7:428:7 | operator= | 0 | MyClass3 && |
| taint.cpp:428:7:428:7 | operator= | 0 | const MyClass3 & |
| taint.cpp:430:2:430:9 | MyClass3 | 0 | const char * |
| taint.cpp:431:7:431:15 | setString | 0 | const char * |
| taint.cpp:474:6:474:9 | swop | 0 | int & |
| taint.cpp:474:6:474:9 | swop | 1 | int & |
| taint.cpp:500:5:500:12 | getdelim | 0 | char ** |
| taint.cpp:500:5:500:12 | getdelim | 1 | size_t * |
| taint.cpp:500:5:500:12 | getdelim | 2 | int |
| taint.cpp:500:5:500:12 | getdelim | 3 | FILE * |
| taint.cpp:502:6:502:18 | test_getdelim | 0 | FILE * |
| taint.cpp:512:7:512:12 | strtok | 0 | char * |
| taint.cpp:512:7:512:12 | strtok | 1 | const char * |
| taint.cpp:514:6:514:16 | test_strtok | 0 | char * |
| taint.cpp:523:7:523:13 | _strset | 0 | char * |
| taint.cpp:523:7:523:13 | _strset | 1 | int |
| taint.cpp:525:6:525:18 | test_strset_1 | 0 | char * |
| taint.cpp:525:6:525:18 | test_strset_1 | 1 | char |
| taint.cpp:531:6:531:18 | test_strset_2 | 0 | char * |
| taint.cpp:538:7:538:13 | mempcpy | 0 | void * |
| taint.cpp:538:7:538:13 | mempcpy | 1 | const void * |
| taint.cpp:538:7:538:13 | mempcpy | 2 | size_t |
| taint.cpp:540:6:540:17 | test_mempcpy | 0 | int * |
| taint.cpp:548:7:548:13 | memccpy | 0 | void * |
| taint.cpp:548:7:548:13 | memccpy | 1 | const void * |
| taint.cpp:548:7:548:13 | memccpy | 2 | int |
| taint.cpp:548:7:548:13 | memccpy | 3 | size_t |
| taint.cpp:550:6:550:17 | test_memccpy | 0 | int * |
| taint.cpp:558:7:558:12 | strcat | 0 | char * |
| taint.cpp:558:7:558:12 | strcat | 1 | const char * |
| taint.cpp:560:6:560:16 | test_strcat | 0 | char * |
| taint.cpp:560:6:560:16 | test_strcat | 1 | char * |
| taint.cpp:560:6:560:16 | test_strcat | 2 | char * |
| taint.cpp:560:6:560:16 | test_strcat | 3 | char * |
| taint.cpp:570:16:570:25 | _mbsncat_l | 0 | unsigned char * |
| taint.cpp:570:16:570:25 | _mbsncat_l | 1 | const unsigned char * |
| taint.cpp:570:16:570:25 | _mbsncat_l | 2 | int |
| taint.cpp:570:16:570:25 | _mbsncat_l | 3 | _locale_t |
| taint.cpp:572:6:572:20 | test__mbsncat_l | 0 | unsigned char * |
| taint.cpp:572:6:572:20 | test__mbsncat_l | 1 | const unsigned char * |
| taint.cpp:572:6:572:20 | test__mbsncat_l | 2 | unsigned char * |
| taint.cpp:572:6:572:20 | test__mbsncat_l | 3 | _locale_t |
| taint.cpp:572:6:572:20 | test__mbsncat_l | 4 | _locale_t |
| taint.cpp:572:6:572:20 | test__mbsncat_l | 5 | int |
| taint.cpp:589:7:589:12 | strsep | 0 | char ** |
| taint.cpp:589:7:589:12 | strsep | 1 | const char * |
| taint.cpp:591:6:591:16 | test_strsep | 0 | char * |
| taint.cpp:602:7:602:13 | _strinc | 0 | const char * |
| taint.cpp:602:7:602:13 | _strinc | 1 | _locale_t |
| taint.cpp:603:16:603:22 | _mbsinc | 0 | const unsigned char * |
| taint.cpp:604:16:604:22 | _strdec | 0 | const unsigned char * |
| taint.cpp:604:16:604:22 | _strdec | 1 | const unsigned char * |
| taint.cpp:606:6:606:17 | test__strinc | 0 | char * |
| taint.cpp:606:6:606:17 | test__strinc | 1 | char * |
| taint.cpp:606:6:606:17 | test__strinc | 2 | char * |
| taint.cpp:606:6:606:17 | test__strinc | 3 | char * |
| taint.cpp:606:6:606:17 | test__strinc | 4 | _locale_t |
| taint.cpp:616:6:616:17 | test__mbsinc | 0 | unsigned char * |
| taint.cpp:616:6:616:17 | test__mbsinc | 1 | char * |
| taint.cpp:616:6:616:17 | test__mbsinc | 2 | unsigned char * |
| taint.cpp:616:6:616:17 | test__mbsinc | 3 | char * |
| taint.cpp:626:6:626:17 | test__strdec | 0 | const unsigned char * |
| taint.cpp:626:6:626:17 | test__strdec | 1 | unsigned char * |
| taint.cpp:626:6:626:17 | test__strdec | 2 | unsigned char * |
| taint.cpp:626:6:626:17 | test__strdec | 3 | unsigned char * |
| taint.cpp:626:6:626:17 | test__strdec | 4 | unsigned char * |
| taint.cpp:645:14:645:22 | _strnextc | 0 | const char * |
| taint.cpp:647:6:647:19 | test__strnextc | 0 | const char * |
| taint.cpp:659:7:659:7 | operator= | 0 | C_no_const_member_function && |
| taint.cpp:659:7:659:7 | operator= | 0 | const C_no_const_member_function & |
| taint.cpp:665:6:665:25 | test_no_const_member | 0 | char * |
| taint.cpp:671:7:671:7 | operator= | 0 | C_const_member_function && |
| taint.cpp:671:7:671:7 | operator= | 0 | const C_const_member_function & |
| taint.cpp:677:6:677:27 | test_with_const_member | 0 | char * |
| taint.cpp:683:6:683:20 | argument_source | 0 | void * |
| taint.cpp:685:8:685:8 | operator= | 0 | const two_members & |
| taint.cpp:685:8:685:8 | operator= | 0 | two_members && |
| taint.cpp:707:8:707:14 | strncpy | 0 | char * |
| taint.cpp:707:8:707:14 | strncpy | 1 | const char * |
| taint.cpp:707:8:707:14 | strncpy | 2 | unsigned long |
| taint.cpp:709:6:709:17 | test_strncpy | 0 | char * |
| taint.cpp:709:6:709:17 | test_strncpy | 1 | char * |
| taint.cpp:725:10:725:15 | strtol | 0 | const char * |
| taint.cpp:725:10:725:15 | strtol | 1 | char ** |
| taint.cpp:725:10:725:15 | strtol | 2 | int |
| taint.cpp:727:6:727:16 | test_strtol | 0 | char * |
| taint.cpp:735:7:735:12 | malloc | 0 | size_t |
| taint.cpp:736:7:736:13 | realloc | 0 | void * |
| taint.cpp:736:7:736:13 | realloc | 1 | size_t |
| taint.cpp:744:6:744:32 | test_realloc_2_indirections | 0 | int ** |
| taint.cpp:751:9:751:9 | operator= | 0 | A && |
| taint.cpp:751:9:751:9 | operator= | 0 | const A & |
| taint.cpp:758:5:758:11 | sprintf | 0 | char * |
| taint.cpp:758:5:758:11 | sprintf | 1 | const char * |
| taint.cpp:760:6:760:23 | call_sprintf_twice | 0 | char * |
| taint.cpp:760:6:760:23 | call_sprintf_twice | 1 | char * |
| taint.cpp:771:8:771:8 | operator= | 0 | TaintInheritingContentObject && |
| taint.cpp:771:8:771:8 | operator= | 0 | const TaintInheritingContentObject & |
| taint.cpp:775:30:775:35 | source | 0 | bool |
| taint.cpp:782:7:782:11 | fopen | 0 | const char * |
| taint.cpp:782:7:782:11 | fopen | 1 | const char * |
| taint.cpp:783:5:783:11 | fopen_s | 0 | FILE ** |
| taint.cpp:783:5:783:11 | fopen_s | 1 | const char * |
| taint.cpp:783:5:783:11 | fopen_s | 2 | const char * |
| taint.cpp:785:6:785:15 | fopen_test | 0 | char * |
| vector.cpp:13:6:13:9 | sink | 0 | int |
| vector.cpp:14:27:14:30 | sink | 0 | vector> & |
| vector.cpp:14:27:14:30 | sink | 0 | vector> & |
| vector.cpp:16:6:16:37 | test_range_based_for_loop_vector | 0 | int |
| vector.cpp:37:6:37:23 | test_element_taint | 0 | int |
| vector.cpp:145:8:145:8 | operator= | 0 | MyPair && |
| vector.cpp:145:8:145:8 | operator= | 0 | const MyPair & |
| vector.cpp:150:8:150:8 | MyVectorContainer | 0 | const MyVectorContainer & |
| vector.cpp:150:8:150:8 | operator= | 0 | MyVectorContainer && |
| vector.cpp:150:8:150:8 | operator= | 0 | const MyVectorContainer & |
| vector.cpp:216:6:216:9 | sink | 0 | iterator & |
| vector.cpp:231:6:231:9 | sink | 0 | vector> & |
| vector.cpp:232:6:232:9 | sink | 0 | vector> & |
| vector.cpp:279:6:279:9 | sink | 0 | int * |
| vector.cpp:295:6:295:9 | sink | 0 | iterator |
| vector.cpp:329:6:329:33 | taint_vector_output_iterator | 0 | iterator |
| vector.cpp:333:6:333:35 | vector_iterator_assign_wrapper | 0 | iterator |
| vector.cpp:333:6:333:35 | vector_iterator_assign_wrapper | 1 | int |
| vector.cpp:337:6:337:32 | test_vector_output_iterator | 0 | int |
| vector.cpp:417:6:417:25 | test_vector_inserter | 0 | char * |
| vector.cpp:454:7:454:12 | memcpy | 0 | void * |
| vector.cpp:454:7:454:12 | memcpy | 1 | const void * |
| vector.cpp:454:7:454:12 | memcpy | 2 | size_t |
| vector.cpp:461:6:461:9 | sink | 0 | vector> & |
| vector.cpp:462:6:462:9 | sink | 0 | string & |
| zmq.cpp:9:8:9:8 | operator= | 0 | const zmq_msg_t & |
| zmq.cpp:9:8:9:8 | operator= | 0 | zmq_msg_t && |
| zmq.cpp:14:5:14:21 | zmq_msg_init_data | 0 | zmq_msg_t * |
| zmq.cpp:14:5:14:21 | zmq_msg_init_data | 1 | void * |
| zmq.cpp:14:5:14:21 | zmq_msg_init_data | 2 | size_t |
| zmq.cpp:14:5:14:21 | zmq_msg_init_data | 3 | zmq_free_fn * |
| zmq.cpp:14:5:14:21 | zmq_msg_init_data | 4 | void * |
| zmq.cpp:15:7:15:18 | zmq_msg_data | 0 | zmq_msg_t * |
| zmq.cpp:17:6:17:13 | test_zmc | 0 | void * |
| zmq.cpp:17:6:17:13 | test_zmc | 1 | char * |
| zmq.cpp:17:6:17:13 | test_zmc | 2 | size_t |

3
cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Buildless/tests.c
View File

@@ -3,9 +3,10 @@
int printf(const char * format, ...);
int fprintf();
void f() {
void f(UNKNOWN_CHAR * str) {
printf("%s", 1); // BAD
printf("%s", implicit_function()); // GOOD - we should ignore the type
sprintf(0, "%s", ""); // GOOD
fprintf(0, "%s", ""); // GOOD
printf("%s", str); // GOOD - erroneous type is ignored
}

11
cpp/ql/test/query-tests/Security/CWE/CWE-120/semmle/tests/errors.c Normal file
View File

@@ -0,0 +1,11 @@
// semmle-extractor-options: --expect_errors
typedef unsigned long size_t;
typedef int wchar_t;
int swprintf(wchar_t *s, size_t n, const wchar_t *format, ...);
void test_extraction_errors() {
WCHAR buffer[3];
swprintf(buffer, 3, L"abc");
}

7
csharp/BUILD.bazel
View File

@@ -74,8 +74,9 @@ test_suite(
name = "unit-tests",
tags = ["csharp"],
tests = [
"//csharp/autobuilder/Semmle.Autobuild.CSharp.Tests",
"//csharp/autobuilder/Semmle.Autobuild.Cpp.Tests",
"//csharp/extractor/Semmle.Extraction.Tests",
"//csharp/autobuilder/Semmle.Autobuild.CSharp.Tests:acst",
"//csharp/autobuilder/Semmle.Autobuild.Cpp.Tests:acpt",
"//csharp/extractor/Semmle.Extraction.Tests:et",
"//csharp/extractor/Semmle.Util.Tests:ut",
],
)

3
csharp/autobuilder/Semmle.Autobuild.CSharp.Tests/BUILD.bazel
View File

@@ -4,7 +4,8 @@ load(
)
codeql_xunit_test(
name = "Semmle.Autobuild.CSharp.Tests",
# short name as we run into long path limitations on Windows
name = "acst",
srcs = glob([
"*.cs",
]),

1
csharp/autobuilder/Semmle.Autobuild.CSharp/BUILD.bazel
View File

@@ -17,6 +17,5 @@ codeql_csharp_binary(
"//csharp/extractor/Semmle.Extraction.CSharp.Standalone:bin/Semmle.Extraction.CSharp.Standalone",
"//csharp/extractor/Semmle.Util",
"@paket.main//microsoft.build",
"@paket.main//newtonsoft.json",
],
)

1
csharp/autobuilder/Semmle.Autobuild.CSharp/paket.references
View File

@@ -1,2 +1 @@
Newtonsoft.Json
Microsoft.Build

3
csharp/autobuilder/Semmle.Autobuild.Cpp.Tests/BUILD.bazel
View File

@@ -4,7 +4,8 @@ load(
)
codeql_xunit_test(
name = "Semmle.Autobuild.Cpp.Tests",
# short name as we run into long path limitations on Windows
name = "acpt",
srcs = glob([
"*.cs",
]),

1
csharp/documentation/library-coverage/coverage.csv
View File

@@ -14,6 +14,7 @@ Microsoft.Android.Build,,1,14,,,,,,,,,,,,,1,,,,,,12,2
Microsoft.Apple.Build,,,7,,,,,,,,,,,,,,,,,,,7,
Microsoft.ApplicationBlocks.Data,28,,,,,,,,,,,,28,,,,,,,,,,
Microsoft.AspNetCore.Components,,2,1,,,,,,,,,,,,,,,,2,,,1,
Microsoft.AspNetCore.Mvc,,,2,,,,,,,,,,,,,,,,,,,,2
Microsoft.AspNetCore.WebUtilities,,,2,,,,,,,,,,,,,,,,,,,2,
Microsoft.CSharp,,,2,,,,,,,,,,,,,,,,,,,2,
Microsoft.Diagnostics.Tools.Pgo,,,25,,,,,,,,,,,,,,,,,,,2,23
1 package sink source summary sink:code-injection sink:encryption-decryptor sink:encryption-encryptor sink:encryption-keyprop sink:encryption-symmetrickey sink:file-content-store sink:html-injection sink:js-injection sink:log-injection sink:sql-injection source:commandargs source:database source:environment source:file source:file-write source:remote source:stdin source:windows-registry summary:taint summary:value
14 Microsoft.Apple.Build 7 7
15 Microsoft.ApplicationBlocks.Data 28 28
16 Microsoft.AspNetCore.Components 2 1 2 1
17 Microsoft.AspNetCore.Mvc 2 2
18 Microsoft.AspNetCore.WebUtilities 2 2
19 Microsoft.CSharp 2 2
20 Microsoft.Diagnostics.Tools.Pgo 25 2 23

4
csharp/documentation/library-coverage/coverage.rst
View File

@@ -9,6 +9,6 @@ C# framework & library support
Framework / library,Package,Flow sources,Taint & value steps,Sinks (total),`CWE-079` :sub:`Cross-site scripting`
`ServiceStack <https://servicestack.net/>`_,"``ServiceStack.*``, ``ServiceStack``",,7,194,
System,"``System.*``, ``System``",47,10819,54,5
Others,"``Amazon.Lambda.APIGatewayEvents``, ``Amazon.Lambda.Core``, ``Dapper``, ``ILCompiler``, ``ILLink.RoslynAnalyzer``, ``ILLink.Shared``, ``ILLink.Tasks``, ``Internal.IL``, ``Internal.Pgo``, ``Internal.TypeSystem``, ``JsonToItemsTaskFactory``, ``Microsoft.Android.Build``, ``Microsoft.Apple.Build``, ``Microsoft.ApplicationBlocks.Data``, ``Microsoft.AspNetCore.Components``, ``Microsoft.AspNetCore.WebUtilities``, ``Microsoft.CSharp``, ``Microsoft.Diagnostics.Tools.Pgo``, ``Microsoft.DotNet.Build.Tasks``, ``Microsoft.DotNet.PlatformAbstractions``, ``Microsoft.EntityFrameworkCore``, ``Microsoft.Extensions.Caching.Distributed``, ``Microsoft.Extensions.Caching.Memory``, ``Microsoft.Extensions.Configuration``, ``Microsoft.Extensions.DependencyInjection``, ``Microsoft.Extensions.DependencyModel``, ``Microsoft.Extensions.Diagnostics.Metrics``, ``Microsoft.Extensions.FileProviders``, ``Microsoft.Extensions.FileSystemGlobbing``, ``Microsoft.Extensions.Hosting``, ``Microsoft.Extensions.Http``, ``Microsoft.Extensions.Logging``, ``Microsoft.Extensions.Options``, ``Microsoft.Extensions.Primitives``, ``Microsoft.Interop``, ``Microsoft.JSInterop``, ``Microsoft.NET.Build.Tasks``, ``Microsoft.NET.Sdk.WebAssembly``, ``Microsoft.NET.WebAssembly.Webcil``, ``Microsoft.VisualBasic``, ``Microsoft.WebAssembly.Build.Tasks``, ``Microsoft.Win32``, ``Mono.Linker``, ``MySql.Data.MySqlClient``, ``Newtonsoft.Json``, ``SourceGenerators``, ``Windows.Security.Cryptography.Core``",59,2071,150,2
Totals,,106,12897,398,7
Others,"``Amazon.Lambda.APIGatewayEvents``, ``Amazon.Lambda.Core``, ``Dapper``, ``ILCompiler``, ``ILLink.RoslynAnalyzer``, ``ILLink.Shared``, ``ILLink.Tasks``, ``Internal.IL``, ``Internal.Pgo``, ``Internal.TypeSystem``, ``JsonToItemsTaskFactory``, ``Microsoft.Android.Build``, ``Microsoft.Apple.Build``, ``Microsoft.ApplicationBlocks.Data``, ``Microsoft.AspNetCore.Components``, ``Microsoft.AspNetCore.Mvc``, ``Microsoft.AspNetCore.WebUtilities``, ``Microsoft.CSharp``, ``Microsoft.Diagnostics.Tools.Pgo``, ``Microsoft.DotNet.Build.Tasks``, ``Microsoft.DotNet.PlatformAbstractions``, ``Microsoft.EntityFrameworkCore``, ``Microsoft.Extensions.Caching.Distributed``, ``Microsoft.Extensions.Caching.Memory``, ``Microsoft.Extensions.Configuration``, ``Microsoft.Extensions.DependencyInjection``, ``Microsoft.Extensions.DependencyModel``, ``Microsoft.Extensions.Diagnostics.Metrics``, ``Microsoft.Extensions.FileProviders``, ``Microsoft.Extensions.FileSystemGlobbing``, ``Microsoft.Extensions.Hosting``, ``Microsoft.Extensions.Http``, ``Microsoft.Extensions.Logging``, ``Microsoft.Extensions.Options``, ``Microsoft.Extensions.Primitives``, ``Microsoft.Interop``, ``Microsoft.JSInterop``, ``Microsoft.NET.Build.Tasks``, ``Microsoft.NET.Sdk.WebAssembly``, ``Microsoft.NET.WebAssembly.Webcil``, ``Microsoft.VisualBasic``, ``Microsoft.WebAssembly.Build.Tasks``, ``Microsoft.Win32``, ``Mono.Linker``, ``MySql.Data.MySqlClient``, ``Newtonsoft.Json``, ``SourceGenerators``, ``Windows.Security.Cryptography.Core``",59,2073,150,2
Totals,,106,12899,398,7

4
csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/BUILD.bazel
View File

@@ -10,11 +10,11 @@ codeql_csharp_library(
"SourceGenerators/**/*.cs",
]),
allow_unsafe_blocks = True,
internals_visible_to = ["Semmle.Extraction.Tests"],
nowarn = ["CA1822"],
internals_visible_to = ["et"],
visibility = ["//csharp:__subpackages__"],
deps = [
"//csharp/extractor/Semmle.Extraction.CSharp",
"//csharp/extractor/Semmle.Util",
"@paket.main//newtonsoft.json",
],
)

87
csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependabotProxy.cs Normal file
View File

@@ -0,0 +1,87 @@
using System;
using System.Diagnostics;
using System.IO;
using System.Security.Cryptography.X509Certificates;
using Semmle.Util;
using Semmle.Util.Logging;
namespace Semmle.Extraction.CSharp.DependencyFetching
{
public class DependabotProxy : IDisposable
{
private readonly string host;
private readonly string port;
/// <summary>
/// The full address of the Dependabot proxy, if available.
/// </summary>
internal string Address { get; }
/// <summary>
/// The path to the temporary file where the certificate is stored.
/// </summary>
internal string? CertificatePath { get; private set; }
/// <summary>
/// The certificate used for the Dependabot proxy.
/// </summary>
internal X509Certificate2? Certificate { get; private set; }
internal static DependabotProxy? GetDependabotProxy(ILogger logger, TemporaryDirectory tempWorkingDirectory)
{
// Setting HTTP(S)_PROXY and SSL_CERT_FILE have no effect on Windows or macOS,
// but we would still end up using the Dependabot proxy to check for feed reachability.
// This would result in us discovering that the feeds are reachable, but `dotnet` would
// fail to connect to them. To prevent this from happening, we do not initialise an
// instance of `DependabotProxy` on those platforms.
if (SystemBuildActions.Instance.IsWindows() || SystemBuildActions.Instance.IsMacOs()) return null;
// Obtain and store the address of the Dependabot proxy, if available.
var host = Environment.GetEnvironmentVariable(EnvironmentVariableNames.ProxyHost);
var port = Environment.GetEnvironmentVariable(EnvironmentVariableNames.ProxyPort);
if (string.IsNullOrWhiteSpace(host) || string.IsNullOrWhiteSpace(port))
{
logger.LogInfo("No Dependabot proxy credentials are configured.");
return null;
}
var result = new DependabotProxy(host, port);
logger.LogInfo($"Dependabot proxy configured at {result.Address}");
// Obtain and store the proxy's certificate, if available.
var cert = Environment.GetEnvironmentVariable(EnvironmentVariableNames.ProxyCertificate);
if (!string.IsNullOrWhiteSpace(cert))
{
logger.LogInfo("No certificate configured for Dependabot proxy.");
var certDirPath = new DirectoryInfo(Path.Join(tempWorkingDirectory.DirInfo.FullName, ".dependabot-proxy"));
Directory.CreateDirectory(certDirPath.FullName);
result.CertificatePath = Path.Join(certDirPath.FullName, "proxy.crt");
var certFile = new FileInfo(result.CertificatePath);
using var writer = certFile.CreateText();
writer.Write(cert);
writer.Close();
logger.LogInfo($"Stored Dependabot proxy certificate at {result.CertificatePath}");
result.Certificate = X509Certificate2.CreateFromPem(cert);
}
return result;
}
private DependabotProxy(string host, string port)
{
this.host = host;
this.port = port;
this.Address = $"http://{this.host}:{this.port}";
}
public void Dispose()
{
this.Certificate?.Dispose();
}
}
}

8
csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs
View File

@@ -27,6 +27,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
private readonly ILogger logger;
private readonly IDiagnosticsWriter diagnosticsWriter;
private readonly NugetPackageRestorer nugetPackageRestorer;
private readonly DependabotProxy? dependabotProxy;
private readonly IDotNet dotnet;
private readonly FileContent fileContent;
private readonly FileProvider fileProvider;
@@ -106,9 +107,11 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
return BuildScript.Success;
}).Run(SystemBuildActions.Instance, startCallback, exitCallback);
dependabotProxy = DependabotProxy.GetDependabotProxy(logger, tempWorkingDirectory);
try
{
this.dotnet = DotNet.Make(logger, dotnetPath, tempWorkingDirectory);
this.dotnet = DotNet.Make(logger, dotnetPath, tempWorkingDirectory, dependabotProxy);
runtimeLazy = new Lazy<Runtime>(() => new Runtime(dotnet));
}
catch
@@ -117,7 +120,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
throw;
}
nugetPackageRestorer = new NugetPackageRestorer(fileProvider, fileContent, dotnet, diagnosticsWriter, logger, this);
nugetPackageRestorer = new NugetPackageRestorer(fileProvider, fileContent, dotnet, dependabotProxy, diagnosticsWriter, logger, this);
var dllLocations = fileProvider.Dlls.Select(x => new AssemblyLookupLocation(x)).ToHashSet();
dllLocations.UnionWith(nugetPackageRestorer.Restore());
@@ -542,6 +545,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
public void Dispose()
{
nugetPackageRestorer?.Dispose();
dependabotProxy?.Dispose();
if (cleanupTempWorkingDirectory)
{
tempWorkingDirectory?.Dispose();

4
csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNet.cs
View File

@@ -27,11 +27,11 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
Info();
}
private DotNet(ILogger logger, string? dotNetPath, TemporaryDirectory tempWorkingDirectory) : this(new DotNetCliInvoker(logger, Path.Combine(dotNetPath ?? string.Empty, "dotnet")), logger, tempWorkingDirectory) { }
private DotNet(ILogger logger, string? dotNetPath, TemporaryDirectory tempWorkingDirectory, DependabotProxy? dependabotProxy) : this(new DotNetCliInvoker(logger, Path.Combine(dotNetPath ?? string.Empty, "dotnet"), dependabotProxy), logger, tempWorkingDirectory) { }
internal static IDotNet Make(IDotNetCliInvoker dotnetCliInvoker, ILogger logger) => new DotNet(dotnetCliInvoker, logger);
public static IDotNet Make(ILogger logger, string? dotNetPath, TemporaryDirectory tempWorkingDirectory) => new DotNet(logger, dotNetPath, tempWorkingDirectory);
public static IDotNet Make(ILogger logger, string? dotNetPath, TemporaryDirectory tempWorkingDirectory, DependabotProxy? dependabotProxy) => new DotNet(logger, dotNetPath, tempWorkingDirectory, dependabotProxy);
private void Info()
{

15
csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNetCliInvoker.cs
View File

@@ -12,12 +12,14 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
internal sealed class DotNetCliInvoker : IDotNetCliInvoker
{
private readonly ILogger logger;
private readonly DependabotProxy? proxy;
public string Exec { get; }
public DotNetCliInvoker(ILogger logger, string exec)
public DotNetCliInvoker(ILogger logger, string exec, DependabotProxy? dependabotProxy)
{
this.logger = logger;
this.proxy = dependabotProxy;
this.Exec = exec;
logger.LogInfo($"Using .NET CLI executable: '{Exec}'");
}
@@ -38,6 +40,17 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
startInfo.EnvironmentVariables["DOTNET_CLI_UI_LANGUAGE"] = "en";
startInfo.EnvironmentVariables["MSBUILDDISABLENODEREUSE"] = "1";
startInfo.EnvironmentVariables["DOTNET_SKIP_FIRST_TIME_EXPERIENCE"] = "true";
// Configure the proxy settings, if applicable.
if (this.proxy != null)
{
logger.LogInfo($"Setting up Dependabot proxy at {this.proxy.Address}");
startInfo.EnvironmentVariables.Add("HTTP_PROXY", this.proxy.Address);
startInfo.EnvironmentVariables.Add("HTTPS_PROXY", this.proxy.Address);
startInfo.EnvironmentVariables.Add("SSL_CERT_FILE", this.proxy.CertificatePath);
}
return startInfo;
}

15
csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/EnvironmentVariableNames.cs
View File

@@ -74,5 +74,20 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
/// Specifies the location of the diagnostic directory.
/// </summary>
public const string DiagnosticDir = "CODEQL_EXTRACTOR_CSHARP_DIAGNOSTIC_DIR";
/// <summary>
/// Specifies the hostname of the Dependabot proxy.
/// </summary>
public const string ProxyHost = "CODEQL_PROXY_HOST";
/// <summary>
/// Specifies the hostname of the Dependabot proxy.
/// </summary>
public const string ProxyPort = "CODEQL_PROXY_PORT";
/// <summary>
/// Contains the certificate used by the Dependabot proxy.
/// </summary>
public const string ProxyCertificate = "CODEQL_PROXY_CA_CERTIFICATE";
}
}

25
csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs
View File

@@ -3,7 +3,9 @@ using System.Collections.Concurrent;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using System.Text.RegularExpressions;
using System.Threading;
@@ -20,6 +22,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
private readonly FileProvider fileProvider;
private readonly FileContent fileContent;
private readonly IDotNet dotnet;
private readonly DependabotProxy? dependabotProxy;
private readonly IDiagnosticsWriter diagnosticsWriter;
private readonly TemporaryDirectory legacyPackageDirectory;
private readonly TemporaryDirectory missingPackageDirectory;
@@ -32,6 +35,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
FileProvider fileProvider,
FileContent fileContent,
IDotNet dotnet,
DependabotProxy? dependabotProxy,
IDiagnosticsWriter diagnosticsWriter,
ILogger logger,
ICompilationInfoContainer compilationInfoContainer)
@@ -39,6 +43,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
this.fileProvider = fileProvider;
this.fileContent = fileContent;
this.dotnet = dotnet;
this.dependabotProxy = dependabotProxy;
this.diagnosticsWriter = diagnosticsWriter;
this.logger = logger;
this.compilationInfoContainer = compilationInfoContainer;
@@ -588,7 +593,25 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
private bool IsFeedReachable(string feed, int timeoutMilliSeconds, int tryCount, bool allowExceptions = true)
{
logger.LogInfo($"Checking if Nuget feed '{feed}' is reachable...");
using HttpClient client = new();
// Configure the HttpClient to be aware of the Dependabot Proxy, if used.
HttpClientHandler httpClientHandler = new();
if (this.dependabotProxy != null)
{
httpClientHandler.Proxy = new WebProxy(this.dependabotProxy.Address);
if (this.dependabotProxy.Certificate != null)
{
httpClientHandler.ServerCertificateCustomValidationCallback = (message, cert, chain, _) =>
{
chain.ChainPolicy.TrustMode = X509ChainTrustMode.CustomRootTrust;
chain.ChainPolicy.CustomTrustStore.Add(this.dependabotProxy.Certificate);
return chain.Build(cert);
};
}
}
using HttpClient client = new(httpClientHandler);
for (var i = 0; i < tryCount; i++)
{

1
csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/paket.references
View File

@@ -0,0 +1 @@
Newtonsoft.Json

2
csharp/extractor/Semmle.Extraction.CSharp.StubGenerator/BUILD.bazel
View File

@@ -8,7 +8,7 @@ codeql_csharp_library(
srcs = glob([
"*.cs",
]),
internals_visible_to = ["Semmle.Extraction.Tests"],
internals_visible_to = ["et"],
visibility = ["//csharp:__subpackages__"],
deps = [
"//csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching",

3
csharp/extractor/Semmle.Extraction.Tests/BUILD.bazel
View File

@@ -4,7 +4,8 @@ load(
)
codeql_xunit_test(
name = "Semmle.Extraction.Tests",
# short name as we run into long path limitations on Windows
name = "et",
srcs = glob([
"*.cs",
]),

3
csharp/extractor/Semmle.Util.Tests/BUILD.bazel
View File

@@ -4,7 +4,8 @@ load(
)
codeql_xunit_test(
name = "Semmle.Util.Tests",
# short name as we run into long path limitations on Windows
name = "ut",
srcs = glob([
"*.cs",
]),

202
csharp/extractor/Semmle.Util.Tests/LongPaths.cs
View File

@@ -1,5 +1,6 @@
using Xunit;
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using Semmle.Util;
@@ -10,39 +11,51 @@ namespace SemmleTests.Semmle.Util
/// Ensure that the Extractor works with long paths.
/// These should be handled by .NET Core.
/// </summary>
public sealed class LongPaths : IDisposable
public sealed class LongPaths
{
private static readonly string tmpDir = Path.GetTempPath();
private static readonly string shortPath = Path.Combine(tmpDir, "test.txt");
private static readonly string longPath = Path.Combine(tmpDir, "aaaaaaaaaaaaaaaaaaaaaaaaaaaa", "bbbbbbbbbbbbbbbbbbbbbbbbbbbbb",
private static readonly string tmpDir = Environment.GetEnvironmentVariable("TEST_TMPDIR") ?? Path.GetTempPath();
private static readonly string longPathDir = Path.Combine(tmpDir, "aaaaaaaaaaaaaaaaaaaaaaaaaaaa", "bbbbbbbbbbbbbbbbbbbbbbbbbbbbb",
"ccccccccccccccccccccccccccccccc", "ddddddddddddddddddddddddddddddddddddd", "eeeeeeeeeeeeeeeeeeeeeeeeeeeeeee", "fffffffffffffffffffffffffffffffff",
"ggggggggggggggggggggggggggggggggggg", "hhhhhhhhhhhhhhhhhhhhhhhhhhhhhh", "iiiiiiiiiiiiiiii.txt");
"ggggggggggggggggggggggggggggggggggg", "hhhhhhhhhhhhhhhhhhhhhhhhhhhhhh");
private static string MakeLongPath()
{
var uniquePostfix = Guid.NewGuid().ToString("N");
return Path.Combine(longPathDir, $"iiiiiiiiiiiiiiii{uniquePostfix}.txt");
}
private static string MakeShortPath()
{
var uniquePostfix = Guid.NewGuid().ToString("N");
return Path.Combine(tmpDir, $"test{uniquePostfix}.txt");
}
public LongPaths()
{
CleanUp();
// Create directory to avoid directory not found exceptions when deleting files
Directory.CreateDirectory(longPathDir);
}
public void Dispose()
private static void Cleanup(params IEnumerable<string> paths)
{
CleanUp();
foreach (var path in paths)
{
File.Delete(path);
}
}
private static void CleanUp()
private static void WithSetUpAndTearDown(Action<string, string> test)
{
var longPath = MakeLongPath();
var shortPath = MakeShortPath();
Cleanup(longPath, shortPath);
try
{
File.Delete(shortPath);
test(longPath, shortPath);
}
catch (DirectoryNotFoundException)
{
}
try
{
File.Delete(longPath);
}
catch (DirectoryNotFoundException)
finally
{
Cleanup(longPath, shortPath);
}
}
@@ -63,122 +76,143 @@ namespace SemmleTests.Semmle.Util
[Fact]
public void Delete()
{
// OK Do not exist.
File.Delete(shortPath);
File.Delete(longPath);
WithSetUpAndTearDown((longPath, shortPath) =>
{
// OK Do not exist.
File.Delete(shortPath);
File.Delete(longPath);
});
}
[Fact]
public void Move()
{
File.WriteAllText(shortPath, "abc");
Directory.CreateDirectory(Path.GetDirectoryName(longPath)!);
File.Delete(longPath);
File.Move(shortPath, longPath);
File.Move(longPath, shortPath);
Assert.Equal("abc", File.ReadAllText(shortPath));
WithSetUpAndTearDown((longPath, shortPath) =>
{
File.WriteAllText(shortPath, "abc");
File.Delete(longPath);
File.Move(shortPath, longPath);
File.Move(longPath, shortPath);
Assert.Equal("abc", File.ReadAllText(shortPath));
});
}
[Fact]
public void Replace()
{
File.WriteAllText(shortPath, "abc");
File.Delete(longPath);
Directory.CreateDirectory(Path.GetDirectoryName(longPath)!);
File.Move(shortPath, longPath);
File.WriteAllText(shortPath, "def");
FileUtils.MoveOrReplace(shortPath, longPath);
File.WriteAllText(shortPath, "abc");
FileUtils.MoveOrReplace(longPath, shortPath);
Assert.Equal("def", File.ReadAllText(shortPath));
WithSetUpAndTearDown((longPath, shortPath) =>
{
File.WriteAllText(shortPath, "abc");
File.Move(shortPath, longPath);
File.WriteAllText(shortPath, "def");
FileUtils.MoveOrReplace(shortPath, longPath);
File.WriteAllText(shortPath, "abc");
FileUtils.MoveOrReplace(longPath, shortPath);
Assert.Equal("def", File.ReadAllText(shortPath));
});
}
private readonly byte[] buffer1 = new byte[10] { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 };
private readonly byte[] buffer1 = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 };
[Fact]
public void CreateShortStream()
{
var buffer2 = new byte[10];
using (var s1 = new FileStream(shortPath, FileMode.Create, FileAccess.Write, FileShare.None))
WithSetUpAndTearDown((_, shortPath) =>
{
s1.Write(buffer1, 0, 10);
}
var buffer2 = new byte[10];
using (var s2 = new FileStream(shortPath, FileMode.Open, FileAccess.Read, FileShare.None))
{
Assert.Equal(10, s2.Read(buffer2, 0, 10));
Assert.True(Enumerable.SequenceEqual(buffer1, buffer2));
}
using (var s1 = new FileStream(shortPath, FileMode.Create, FileAccess.Write, FileShare.None))
{
s1.Write(buffer1, 0, 10);
}
using (var s2 = new FileStream(shortPath, FileMode.Open, FileAccess.Read, FileShare.None))
{
Assert.Equal(10, s2.Read(buffer2, 0, 10));
Assert.True(Enumerable.SequenceEqual(buffer1, buffer2));
}
});
}
[Fact]
public void CreateLongStream()
{
var buffer2 = new byte[10];
Directory.CreateDirectory(Path.GetDirectoryName(longPath)!);
using (var s3 = new FileStream(longPath, FileMode.Create, FileAccess.Write, FileShare.None))
WithSetUpAndTearDown((longPath, _) =>
{
s3.Write(buffer1, 0, 10);
}
var buffer2 = new byte[10];
using (var s4 = new FileStream(longPath, FileMode.Open, FileAccess.Read, FileShare.None))
{
Assert.Equal(10, s4.Read(buffer2, 0, 10));
Assert.True(Enumerable.SequenceEqual(buffer1, buffer2));
}
Directory.CreateDirectory(Path.GetDirectoryName(longPath)!);
using (var s3 = new FileStream(longPath, FileMode.Create, FileAccess.Write, FileShare.None))
{
s3.Write(buffer1, 0, 10);
}
using (var s4 = new FileStream(longPath, FileMode.Open, FileAccess.Read, FileShare.None))
{
Assert.Equal(10, s4.Read(buffer2, 0, 10));
Assert.True(Enumerable.SequenceEqual(buffer1, buffer2));
}
});
}
[Fact]
public void FileDoesNotExist()
{
// File does not exist
Assert.Throws<System.IO.FileNotFoundException>(() =>
WithSetUpAndTearDown((longPath, _) =>
{
using (new FileStream(longPath, FileMode.Open, FileAccess.Read, FileShare.None))
// File does not exist
Assert.Throws<System.IO.FileNotFoundException>(() =>
{
//
}
using (new FileStream(longPath, FileMode.Open, FileAccess.Read, FileShare.None))
{
//
}
});
});
}
[Fact]
public void OverwriteFile()
{
using (var s1 = new FileStream(longPath, FileMode.Create, FileAccess.Write, FileShare.None))
WithSetUpAndTearDown((longPath, _) =>
{
s1.Write(buffer1, 0, 10);
}
using (var s1 = new FileStream(longPath, FileMode.Create, FileAccess.Write, FileShare.None))
{
s1.Write(buffer1, 0, 10);
}
byte[] buffer2 = { 9, 8, 7, 6, 5, 4, 3, 2, 1, 0 };
byte[] buffer2 = { 9, 8, 7, 6, 5, 4, 3, 2, 1, 0 };
using (var s2 = new FileStream(longPath, FileMode.Create, FileAccess.Write, FileShare.None))
{
s2.Write(buffer2, 0, 10);
}
using (var s2 = new FileStream(longPath, FileMode.Create, FileAccess.Write, FileShare.None))
{
s2.Write(buffer2, 0, 10);
}
byte[] buffer3 = new byte[10];
byte[] buffer3 = new byte[10];
using (var s3 = new FileStream(longPath, FileMode.Open, FileAccess.Read, FileShare.None))
{
Assert.Equal(10, s3.Read(buffer3, 0, 10));
}
using (var s3 = new FileStream(longPath, FileMode.Open, FileAccess.Read, FileShare.None))
{
Assert.Equal(10, s3.Read(buffer3, 0, 10));
}
Assert.True(Enumerable.SequenceEqual(buffer2, buffer3));
Assert.True(Enumerable.SequenceEqual(buffer2, buffer3));
});
}
[Fact]
public void LongFileExists()
{
Assert.False(File.Exists("no such file"));
Assert.False(File.Exists("\":"));
Assert.False(File.Exists(@"C:\")); // A directory
WithSetUpAndTearDown((longPath, _) =>
{
Assert.False(File.Exists("no such file"));
Assert.False(File.Exists("\":"));
Assert.False(File.Exists(@"C:\")); // A directory
Assert.False(File.Exists(longPath));
new FileStream(longPath, FileMode.Create, FileAccess.Write, FileShare.None).Close();
Assert.True(File.Exists(longPath));
Assert.False(File.Exists(longPath));
new FileStream(longPath, FileMode.Create, FileAccess.Write, FileShare.None).Close();
Assert.True(File.Exists(longPath));
});
}
}
}

9
csharp/paket.dependencies
View File

@@ -2,9 +2,8 @@ framework: net9.0
storage: none
source https://api.nuget.org/v3/index.json
# behave like nuget in choosing transitive dependency versions
strategy: min
strategy: max
nuget MessagePack >= 2.5.187
nuget Basic.CompilerLog.Util
nuget Mono.Posix.NETStandard
nuget Newtonsoft.Json
@@ -12,9 +11,9 @@ nuget xunit
nuget xunit.runner.visualstudio
nuget xunit.runner.utility
nuget Microsoft.NET.Test.Sdk
nuget Microsoft.CodeAnalysis.CSharp 4.9.2
nuget Microsoft.CodeAnalysis 4.9.2
nuget Microsoft.Build 17.8.3
nuget Microsoft.CodeAnalysis.CSharp 4.12.0
nuget Microsoft.CodeAnalysis 4.12.0
nuget Microsoft.Build 17.12.6
nuget Microsoft.Win32.Primitives
nuget System.Net.Primitives
nuget System.Security.Principal

220
csharp/paket.lock generated
View File

@@ -1,71 +1,108 @@
STORAGE: NONE
STRATEGY: MIN
STRATEGY: MAX
RESTRICTION: == net9.0
NUGET
remote: https://api.nuget.org/v3/index.json
Basic.CompilerLog.Util (0.7.9)
MessagePack (>= 2.5.129)
Microsoft.CodeAnalysis (>= 4.9.2)
Microsoft.CodeAnalysis.CSharp (>= 4.9.2)
Microsoft.CodeAnalysis.VisualBasic (>= 4.9.2)
Microsoft.Extensions.ObjectPool (>= 7.0.13)
MSBuild.StructuredLogger (>= 2.2.235)
Basic.CompilerLog.Util (0.9.4)
MessagePack (>= 2.5.187)
Microsoft.CodeAnalysis (>= 4.11)
Microsoft.CodeAnalysis.CSharp (>= 4.11)
Microsoft.CodeAnalysis.VisualBasic (>= 4.11)
Microsoft.Extensions.ObjectPool (>= 9.0)
MSBuild.StructuredLogger (>= 2.2.243)
System.Buffers (>= 4.6)
Humanizer.Core (2.14.1)
MessagePack (2.5.192)
MessagePack.Annotations (>= 2.5.192)
Microsoft.NET.StringTools (>= 17.6.3)
MessagePack.Annotations (2.5.192)
Microsoft.Build (17.8.3)
Microsoft.Build.Framework (>= 17.8.3)
Microsoft.NET.StringTools (>= 17.8.3)
System.Collections.Immutable (>= 7.0)
System.Configuration.ConfigurationManager (>= 7.0)
System.Reflection.Metadata (>= 7.0)
System.Reflection.MetadataLoadContext (>= 7.0)
System.Security.Principal.Windows (>= 5.0)
System.Threading.Tasks.Dataflow (>= 7.0)
Microsoft.Build.Framework (17.8.3)
Microsoft.Build.Utilities.Core (17.5)
Microsoft.Build.Framework (>= 17.5)
Microsoft.NET.StringTools (>= 17.5)
System.Collections.Immutable (>= 6.0)
System.Configuration.ConfigurationManager (>= 6.0)
Microsoft.CodeAnalysis (4.9.2)
Microsoft.CodeAnalysis.CSharp.Workspaces (4.9.2)
Microsoft.CodeAnalysis.VisualBasic.Workspaces (4.9.2)
Microsoft.CodeAnalysis.Analyzers (3.3.4)
Microsoft.CodeAnalysis.Common (4.9.2)
MessagePack (3.0.3)
MessagePack.Annotations (>= 3.0.3)
MessagePackAnalyzer (>= 3.0.3)
Microsoft.NET.StringTools (>= 17.11.4)
MessagePack.Annotations (3.0.3)
MessagePackAnalyzer (3.0.3)
Microsoft.Bcl.AsyncInterfaces (9.0)
Microsoft.Build (17.12.6)
Microsoft.Build.Framework (>= 17.12.6)
Microsoft.NET.StringTools (>= 17.12.6)
System.Collections.Immutable (>= 8.0)
System.Configuration.ConfigurationManager (>= 8.0)
System.Reflection.Metadata (>= 8.0)
System.Reflection.MetadataLoadContext (>= 8.0)
Microsoft.Build.Framework (17.12.6)
Microsoft.Build.Utilities.Core (17.12.6)
Microsoft.Build.Framework (>= 17.12.6)
Microsoft.NET.StringTools (>= 17.12.6)
System.Collections.Immutable (>= 8.0)
System.Configuration.ConfigurationManager (>= 8.0)
Microsoft.CodeAnalysis (4.12)
Humanizer.Core (>= 2.14.1)
Microsoft.Bcl.AsyncInterfaces (>= 8.0)
Microsoft.CodeAnalysis.Analyzers (>= 3.3.4)
Microsoft.CodeAnalysis.CSharp.Workspaces (4.12)
Microsoft.CodeAnalysis.VisualBasic.Workspaces (4.12)
System.Buffers (>= 4.5.1)
System.Collections.Immutable (>= 8.0)
System.Composition (>= 8.0)
System.IO.Pipelines (>= 8.0)
System.Memory (>= 4.5.5)
System.Numerics.Vectors (>= 4.5)
System.Reflection.Metadata (>= 8.0)
System.Runtime.CompilerServices.Unsafe (>= 6.0)
System.Text.Encoding.CodePages (>= 7.0)
System.Threading.Channels (>= 7.0)
System.Threading.Tasks.Extensions (>= 4.5.4)
Microsoft.CodeAnalysis.Analyzers (3.11)
Microsoft.CodeAnalysis.Common (4.12)
Microsoft.CodeAnalysis.Analyzers (>= 3.3.4)
System.Collections.Immutable (>= 8.0)
System.Reflection.Metadata (>= 8.0)
System.Runtime.CompilerServices.Unsafe (>= 6.0)
Microsoft.CodeAnalysis.CSharp (4.9.2)
Microsoft.CodeAnalysis.Common (4.9.2)
Microsoft.CodeAnalysis.CSharp.Workspaces (4.9.2)
Microsoft.CodeAnalysis.CSharp (4.12)
Microsoft.CodeAnalysis.Analyzers (>= 3.3.4)
Microsoft.CodeAnalysis.Common (4.12)
System.Collections.Immutable (>= 8.0)
System.Reflection.Metadata (>= 8.0)
Microsoft.CodeAnalysis.CSharp.Workspaces (4.12)
Humanizer.Core (>= 2.14.1)
Microsoft.CodeAnalysis.Common (4.9.2)
Microsoft.CodeAnalysis.CSharp (4.9.2)
Microsoft.CodeAnalysis.Workspaces.Common (4.9.2)
Microsoft.CodeAnalysis.VisualBasic (4.9.2)
Microsoft.CodeAnalysis.Common (4.9.2)
Microsoft.CodeAnalysis.VisualBasic.Workspaces (4.9.2)
Microsoft.CodeAnalysis.Common (4.9.2)
Microsoft.CodeAnalysis.VisualBasic (4.9.2)
Microsoft.CodeAnalysis.Workspaces.Common (4.9.2)
Microsoft.CodeAnalysis.Workspaces.Common (4.9.2)
Humanizer.Core (>= 2.14.1)
Microsoft.CodeAnalysis.Common (4.9.2)
Microsoft.CodeAnalysis.Analyzers (>= 3.3.4)
Microsoft.CodeAnalysis.Common (4.12)
Microsoft.CodeAnalysis.CSharp (4.12)
Microsoft.CodeAnalysis.Workspaces.Common (4.12)
System.Collections.Immutable (>= 8.0)
System.Composition (>= 8.0)
System.IO.Pipelines (>= 8.0)
System.Threading.Channels (>= 8.0)
System.Reflection.Metadata (>= 8.0)
System.Threading.Channels (>= 7.0)
Microsoft.CodeAnalysis.VisualBasic (4.12)
Microsoft.CodeAnalysis.Analyzers (>= 3.3.4)
Microsoft.CodeAnalysis.Common (4.12)
System.Collections.Immutable (>= 8.0)
System.Reflection.Metadata (>= 8.0)
Microsoft.CodeAnalysis.VisualBasic.Workspaces (4.12)
Humanizer.Core (>= 2.14.1)
Microsoft.CodeAnalysis.Analyzers (>= 3.3.4)
Microsoft.CodeAnalysis.Common (4.12)
Microsoft.CodeAnalysis.VisualBasic (4.12)
Microsoft.CodeAnalysis.Workspaces.Common (4.12)
System.Collections.Immutable (>= 8.0)
System.Composition (>= 8.0)
System.IO.Pipelines (>= 8.0)
System.Reflection.Metadata (>= 8.0)
System.Threading.Channels (>= 7.0)
Microsoft.CodeAnalysis.Workspaces.Common (4.12)
Humanizer.Core (>= 2.14.1)
Microsoft.CodeAnalysis.Analyzers (>= 3.3.4)
Microsoft.CodeAnalysis.Common (4.12)
System.Collections.Immutable (>= 8.0)
System.Composition (>= 8.0)
System.IO.Pipelines (>= 8.0)
System.Reflection.Metadata (>= 8.0)
System.Threading.Channels (>= 7.0)
Microsoft.CodeCoverage (17.12)
Microsoft.Extensions.ObjectPool (7.0.13)
Microsoft.NET.StringTools (17.8.3)
Microsoft.Extensions.ObjectPool (9.0)
Microsoft.NET.StringTools (17.12.6)
Microsoft.NET.Test.Sdk (17.12)
Microsoft.CodeCoverage (>= 17.12)
Microsoft.TestPlatform.TestHost (>= 17.12)
Microsoft.NETCore.Platforms (1.1.1)
Microsoft.NETCore.Targets (1.1.3)
Microsoft.NETCore.Platforms (7.0.4)
Microsoft.NETCore.Targets (5.0)
Microsoft.TestPlatform.ObjectModel (17.12)
System.Reflection.Metadata (>= 1.6)
Microsoft.TestPlatform.TestHost (17.12)
@@ -75,36 +112,34 @@ NUGET
Microsoft.NETCore.Platforms (>= 1.1)
Microsoft.NETCore.Targets (>= 1.1)
System.Runtime (>= 4.3)
Microsoft.Win32.SystemEvents (7.0)
Mono.Posix.NETStandard (1.0)
MSBuild.StructuredLogger (2.2.235)
MSBuild.StructuredLogger (2.2.386)
Microsoft.Build.Framework (>= 17.5)
Microsoft.Build.Utilities.Core (>= 17.5)
System.Collections.Immutable (>= 8.0)
Newtonsoft.Json (13.0.3)
System.Collections.Immutable (8.0)
System.Composition (8.0)
System.Composition.AttributedModel (>= 8.0)
System.Composition.Convention (>= 8.0)
System.Composition.Hosting (>= 8.0)
System.Composition.Runtime (>= 8.0)
System.Composition.TypedParts (>= 8.0)
System.Composition.AttributedModel (8.0)
System.Composition.Convention (8.0)
System.Composition.AttributedModel (>= 8.0)
System.Composition.Hosting (8.0)
System.Composition.Runtime (>= 8.0)
System.Composition.Runtime (8.0)
System.Composition.TypedParts (8.0)
System.Composition.AttributedModel (>= 8.0)
System.Composition.Hosting (>= 8.0)
System.Composition.Runtime (>= 8.0)
System.Configuration.ConfigurationManager (7.0)
System.Diagnostics.EventLog (>= 7.0)
System.Security.Cryptography.ProtectedData (>= 7.0)
System.Security.Permissions (>= 7.0)
System.Diagnostics.EventLog (7.0)
System.Drawing.Common (7.0)
Microsoft.Win32.SystemEvents (>= 7.0)
System.Buffers (4.6)
System.Collections.Immutable (9.0)
System.Composition (9.0)
System.Composition.AttributedModel (>= 9.0)
System.Composition.Convention (>= 9.0)
System.Composition.Hosting (>= 9.0)
System.Composition.Runtime (>= 9.0)
System.Composition.TypedParts (>= 9.0)
System.Composition.AttributedModel (9.0)
System.Composition.Convention (9.0)
System.Composition.AttributedModel (>= 9.0)
System.Composition.Hosting (9.0)
System.Composition.Runtime (>= 9.0)
System.Composition.Runtime (9.0)
System.Composition.TypedParts (9.0)
System.Composition.AttributedModel (>= 9.0)
System.Composition.Hosting (>= 9.0)
System.Composition.Runtime (>= 9.0)
System.Configuration.ConfigurationManager (9.0)
System.Diagnostics.EventLog (>= 9.0)
System.Security.Cryptography.ProtectedData (>= 9.0)
System.Diagnostics.EventLog (9.0)
System.IO (4.3)
Microsoft.NETCore.Platforms (>= 1.1)
Microsoft.NETCore.Targets (>= 1.1)
@@ -122,52 +157,47 @@ NUGET
System.Threading.Tasks (>= 4.3)
System.IO.FileSystem.Primitives (4.3)
System.Runtime (>= 4.3)
System.IO.Pipelines (8.0)
System.IO.Pipelines (9.0)
System.Memory (4.6)
System.Net.Primitives (4.3.1)
Microsoft.NETCore.Platforms (>= 1.1.1)
Microsoft.NETCore.Targets (>= 1.1.3)
System.Runtime (>= 4.3.1)
System.Runtime.Handles (>= 4.3)
System.Reflection.Metadata (8.0)
System.Collections.Immutable (>= 8.0)
System.Reflection.MetadataLoadContext (7.0)
System.Collections.Immutable (>= 7.0)
System.Reflection.Metadata (>= 7.0)
System.Numerics.Vectors (4.6)
System.Reflection.Metadata (9.0)
System.Reflection.MetadataLoadContext (9.0)
System.Runtime (4.3.1)
Microsoft.NETCore.Platforms (>= 1.1.1)
Microsoft.NETCore.Targets (>= 1.1.3)
System.Runtime.CompilerServices.Unsafe (6.0)
System.Runtime.CompilerServices.Unsafe (6.1)
System.Runtime.Handles (4.3)
Microsoft.NETCore.Platforms (>= 1.1)
Microsoft.NETCore.Targets (>= 1.1)
System.Runtime (>= 4.3)
System.Security.Cryptography.ProtectedData (7.0)
System.Security.Permissions (7.0)
System.Windows.Extensions (>= 7.0)
System.Security.Cryptography.ProtectedData (9.0)
System.Security.Principal (4.3)
System.Runtime (>= 4.3)
System.Security.Principal.Windows (5.0)
System.Text.Encoding (4.3)
Microsoft.NETCore.Platforms (>= 1.1)
Microsoft.NETCore.Targets (>= 1.1)
System.Runtime (>= 4.3)
System.Threading.Channels (8.0)
System.Text.Encoding.CodePages (9.0)
System.Threading.Channels (9.0)
System.Threading.Tasks (4.3)
Microsoft.NETCore.Platforms (>= 1.1)
Microsoft.NETCore.Targets (>= 1.1)
System.Runtime (>= 4.3)
System.Threading.Tasks.Dataflow (7.0)
System.Threading.Tasks.Extensions (4.6)
System.Threading.ThreadPool (4.3)
System.Runtime (>= 4.3)
System.Runtime.Handles (>= 4.3)
System.Windows.Extensions (7.0)
System.Drawing.Common (>= 7.0)
xunit (2.9.2)
xunit.analyzers (>= 1.16)
xunit.assert (>= 2.9.2)
xunit.core (2.9.2)
xunit.abstractions (2.0.3)
xunit.analyzers (1.16)
xunit.analyzers (1.17)
xunit.assert (2.9.2)
xunit.core (2.9.2)
xunit.extensibility.core (2.9.2)

83
csharp/paket.main.bzl generated
View File

File diff suppressed because one or more lines are too long

5
csharp/ql/integration-tests/posix/standalone_dependencies_executing_runtime/Assemblies.expected
View File

@@ -2,6 +2,7 @@
| [...]/csharp/tools/[...]/Humanizer.dll |
| [...]/csharp/tools/[...]/MessagePack.Annotations.dll |
| [...]/csharp/tools/[...]/MessagePack.dll |
| [...]/csharp/tools/[...]/Microsoft.Bcl.AsyncInterfaces.dll |
| [...]/csharp/tools/[...]/Microsoft.Build.Framework.dll |
| [...]/csharp/tools/[...]/Microsoft.Build.Utilities.Core.dll |
| [...]/csharp/tools/[...]/Microsoft.Build.dll |
@@ -18,7 +19,6 @@
| [...]/csharp/tools/[...]/Microsoft.VisualBasic.dll |
| [...]/csharp/tools/[...]/Microsoft.Win32.Primitives.dll |
| [...]/csharp/tools/[...]/Microsoft.Win32.Registry.dll |
| [...]/csharp/tools/[...]/Microsoft.Win32.SystemEvents.dll |
| [...]/csharp/tools/[...]/Mono.Posix.NETStandard.dll |
| [...]/csharp/tools/[...]/Newtonsoft.Json.dll |
| [...]/csharp/tools/[...]/StructuredLogger.dll |
@@ -58,7 +58,6 @@
| [...]/csharp/tools/[...]/System.Diagnostics.Tools.dll |
| [...]/csharp/tools/[...]/System.Diagnostics.TraceSource.dll |
| [...]/csharp/tools/[...]/System.Diagnostics.Tracing.dll |
| [...]/csharp/tools/[...]/System.Drawing.Common.dll |
| [...]/csharp/tools/[...]/System.Drawing.Primitives.dll |
| [...]/csharp/tools/[...]/System.Drawing.dll |
| [...]/csharp/tools/[...]/System.Dynamic.Runtime.dll |
@@ -155,7 +154,6 @@
| [...]/csharp/tools/[...]/System.Security.Cryptography.ProtectedData.dll |
| [...]/csharp/tools/[...]/System.Security.Cryptography.X509Certificates.dll |
| [...]/csharp/tools/[...]/System.Security.Cryptography.dll |
| [...]/csharp/tools/[...]/System.Security.Permissions.dll |
| [...]/csharp/tools/[...]/System.Security.Principal.Windows.dll |
| [...]/csharp/tools/[...]/System.Security.Principal.dll |
| [...]/csharp/tools/[...]/System.Security.SecureString.dll |
@@ -183,7 +181,6 @@
| [...]/csharp/tools/[...]/System.ValueTuple.dll |
| [...]/csharp/tools/[...]/System.Web.HttpUtility.dll |
| [...]/csharp/tools/[...]/System.Web.dll |
| [...]/csharp/tools/[...]/System.Windows.Extensions.dll |
| [...]/csharp/tools/[...]/System.Windows.dll |
| [...]/csharp/tools/[...]/System.Xml.Linq.dll |
| [...]/csharp/tools/[...]/System.Xml.ReaderWriter.dll |

4
csharp/ql/lib/change-notes/2024-12-04-dotnet9.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* The C# extractor now supports *basic* extraction of .NET 9 projects. There might be limited support for extraction of code using the new C# 13 language features.

4
csharp/ql/lib/change-notes/2024-12-05-aspnetcore-mvc-model.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Added flow summaries for the `Microsoft.AspNetCore.Mvc.Controller::View` method.

7
csharp/ql/lib/ext/Microsoft.AspNetCore.Mvc.model.yml Normal file
View File

@@ -0,0 +1,7 @@
extensions:
- addsTo:
pack: codeql/csharp-all
extensible: summaryModel
data:
- ["Microsoft.AspNetCore.Mvc", "Controller", True, "View", "", "", "Argument[this].Property[Microsoft.AspNetCore.Mvc.Controller.ViewData].Element.Property[System.Collections.Generic.KeyValuePair`2.Value]", "ReturnValue.Property[Microsoft.AspNetCore.Mvc.Controller.ViewData].Element.Property[System.Collections.Generic.KeyValuePair`2.Value]", "value", "manual"]
- ["Microsoft.AspNetCore.Mvc", "Controller", True, "View", "", "", "Argument[this].Property[Microsoft.AspNetCore.Mvc.Controller.ViewBag]", "ReturnValue.Property[Microsoft.AspNetCore.Mvc.Controller.ViewData].Element.Property[System.Collections.Generic.KeyValuePair`2.Value]", "value", "manual"]

8
csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected
View File

@@ -1506,6 +1506,14 @@ summary
| Microsoft.AspNetCore.Mvc;ApiBehaviorOptions;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.IEnumerator.Current];value;manual |
| Microsoft.AspNetCore.Mvc;ApiBehaviorOptions;set_InvalidModelStateResponseFactory;(System.Func<Microsoft.AspNetCore.Mvc.ActionContext,Microsoft.AspNetCore.Mvc.IActionResult>);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated |
| Microsoft.AspNetCore.Mvc;Controller;OnActionExecutionAsync;(Microsoft.AspNetCore.Mvc.Filters.ActionExecutingContext,Microsoft.AspNetCore.Mvc.Filters.ActionExecutionDelegate);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated |
| Microsoft.AspNetCore.Mvc;Controller;View;();Argument[this].Property[Microsoft.AspNetCore.Mvc.Controller.ViewBag];ReturnValue.Property[Microsoft.AspNetCore.Mvc.Controller.ViewData].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;manual |
| Microsoft.AspNetCore.Mvc;Controller;View;();Argument[this].Property[Microsoft.AspNetCore.Mvc.Controller.ViewData].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue.Property[Microsoft.AspNetCore.Mvc.Controller.ViewData].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;manual |
| Microsoft.AspNetCore.Mvc;Controller;View;(System.Object);Argument[this].Property[Microsoft.AspNetCore.Mvc.Controller.ViewBag];ReturnValue.Property[Microsoft.AspNetCore.Mvc.Controller.ViewData].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;manual |
| Microsoft.AspNetCore.Mvc;Controller;View;(System.Object);Argument[this].Property[Microsoft.AspNetCore.Mvc.Controller.ViewData].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue.Property[Microsoft.AspNetCore.Mvc.Controller.ViewData].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;manual |
| Microsoft.AspNetCore.Mvc;Controller;View;(System.String);Argument[this].Property[Microsoft.AspNetCore.Mvc.Controller.ViewBag];ReturnValue.Property[Microsoft.AspNetCore.Mvc.Controller.ViewData].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;manual |
| Microsoft.AspNetCore.Mvc;Controller;View;(System.String);Argument[this].Property[Microsoft.AspNetCore.Mvc.Controller.ViewData].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue.Property[Microsoft.AspNetCore.Mvc.Controller.ViewData].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;manual |
| Microsoft.AspNetCore.Mvc;Controller;View;(System.String,System.Object);Argument[this].Property[Microsoft.AspNetCore.Mvc.Controller.ViewBag];ReturnValue.Property[Microsoft.AspNetCore.Mvc.Controller.ViewData].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;manual |
| Microsoft.AspNetCore.Mvc;Controller;View;(System.String,System.Object);Argument[this].Property[Microsoft.AspNetCore.Mvc.Controller.ViewData].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue.Property[Microsoft.AspNetCore.Mvc.Controller.ViewData].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;manual |
| Microsoft.AspNetCore.Mvc;ControllerBase;TryUpdateModelAsync;(System.Object,System.Type,System.String,Microsoft.AspNetCore.Mvc.ModelBinding.IValueProvider,System.Func<Microsoft.AspNetCore.Mvc.ModelBinding.ModelMetadata,System.Boolean>);Argument[4];Argument[4].Parameter[delegate-self];value;hq-generated |
| Microsoft.AspNetCore.Mvc;ControllerBase;TryUpdateModelAsync<TModel>;(TModel,System.String,Microsoft.AspNetCore.Mvc.ModelBinding.IValueProvider,System.Func<Microsoft.AspNetCore.Mvc.ModelBinding.ModelMetadata,System.Boolean>);Argument[3];Argument[3].Parameter[delegate-self];value;hq-generated |
| Microsoft.AspNetCore.Mvc;ControllerBase;TryUpdateModelAsync<TModel>;(TModel,System.String,System.Func<Microsoft.AspNetCore.Mvc.ModelBinding.ModelMetadata,System.Boolean>);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated |

8
csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected
View File

@@ -555,6 +555,14 @@
| Microsoft.AspNetCore.Mvc.ViewFeatures;TryGetValueDelegate;BeginInvoke;(System.Object,System.String,System.Object,System.AsyncCallback,System.Object);Argument[3];Argument[3].Parameter[delegate-self];value;hq-generated |
| Microsoft.AspNetCore.Mvc.ViewFeatures;ViewDataInfo;ViewDataInfo;(System.Object,System.Reflection.PropertyInfo,System.Func<System.Object>);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated |
| Microsoft.AspNetCore.Mvc;ApiBehaviorOptions;set_InvalidModelStateResponseFactory;(System.Func<Microsoft.AspNetCore.Mvc.ActionContext,Microsoft.AspNetCore.Mvc.IActionResult>);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated |
| Microsoft.AspNetCore.Mvc;Controller;View;();Argument[this].Property[Microsoft.AspNetCore.Mvc.Controller.ViewBag];ReturnValue.Property[Microsoft.AspNetCore.Mvc.Controller.ViewData].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;manual |
| Microsoft.AspNetCore.Mvc;Controller;View;();Argument[this].Property[Microsoft.AspNetCore.Mvc.Controller.ViewData].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue.Property[Microsoft.AspNetCore.Mvc.Controller.ViewData].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;manual |
| Microsoft.AspNetCore.Mvc;Controller;View;(System.Object);Argument[this].Property[Microsoft.AspNetCore.Mvc.Controller.ViewBag];ReturnValue.Property[Microsoft.AspNetCore.Mvc.Controller.ViewData].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;manual |
| Microsoft.AspNetCore.Mvc;Controller;View;(System.Object);Argument[this].Property[Microsoft.AspNetCore.Mvc.Controller.ViewData].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue.Property[Microsoft.AspNetCore.Mvc.Controller.ViewData].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;manual |
| Microsoft.AspNetCore.Mvc;Controller;View;(System.String);Argument[this].Property[Microsoft.AspNetCore.Mvc.Controller.ViewBag];ReturnValue.Property[Microsoft.AspNetCore.Mvc.Controller.ViewData].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;manual |
| Microsoft.AspNetCore.Mvc;Controller;View;(System.String);Argument[this].Property[Microsoft.AspNetCore.Mvc.Controller.ViewData].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue.Property[Microsoft.AspNetCore.Mvc.Controller.ViewData].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;manual |
| Microsoft.AspNetCore.Mvc;Controller;View;(System.String,System.Object);Argument[this].Property[Microsoft.AspNetCore.Mvc.Controller.ViewBag];ReturnValue.Property[Microsoft.AspNetCore.Mvc.Controller.ViewData].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;manual |
| Microsoft.AspNetCore.Mvc;Controller;View;(System.String,System.Object);Argument[this].Property[Microsoft.AspNetCore.Mvc.Controller.ViewData].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue.Property[Microsoft.AspNetCore.Mvc.Controller.ViewData].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;manual |
| Microsoft.AspNetCore.Mvc;ControllerBase;TryUpdateModelAsync;(System.Object,System.Type,System.String,Microsoft.AspNetCore.Mvc.ModelBinding.IValueProvider,System.Func<Microsoft.AspNetCore.Mvc.ModelBinding.ModelMetadata,System.Boolean>);Argument[4];Argument[4].Parameter[delegate-self];value;hq-generated |
| Microsoft.AspNetCore.Mvc;ControllerBase;TryUpdateModelAsync<TModel>;(TModel,System.String,Microsoft.AspNetCore.Mvc.ModelBinding.IValueProvider,System.Func<Microsoft.AspNetCore.Mvc.ModelBinding.ModelMetadata,System.Boolean>);Argument[3];Argument[3].Parameter[delegate-self];value;hq-generated |
| Microsoft.AspNetCore.Mvc;ControllerBase;TryUpdateModelAsync<TModel>;(TModel,System.String,System.Func<Microsoft.AspNetCore.Mvc.ModelBinding.ModelMetadata,System.Boolean>);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated |

16
csharp/ql/test/library-tests/frameworks/format/StringFormatItemParameter.expected
View File

@@ -1,4 +1,3 @@
| Console | Write(string, ReadOnlySpan<object>) | arg |
| Console | Write(string, object) | arg0 |
| Console | Write(string, object, object) | arg0 |
| Console | Write(string, object, object) | arg1 |
@@ -6,7 +5,7 @@
| Console | Write(string, object, object, object) | arg1 |
| Console | Write(string, object, object, object) | arg2 |
| Console | Write(string, params Object[]) | arg |
| Console | WriteLine(string, ReadOnlySpan<object>) | arg |
| Console | Write(string, params ReadOnlySpan<object>) | arg |
| Console | WriteLine(string, object) | arg0 |
| Console | WriteLine(string, object, object) | arg0 |
| Console | WriteLine(string, object, object) | arg1 |
@@ -14,10 +13,10 @@
| Console | WriteLine(string, object, object, object) | arg1 |
| Console | WriteLine(string, object, object, object) | arg2 |
| Console | WriteLine(string, params Object[]) | arg |
| Console | WriteLine(string, params ReadOnlySpan<object>) | arg |
| Debug | Assert(bool, string, string, params Object[]) | args |
| Debug | Print(string, params Object[]) | args |
| Debug | WriteLine(string, params Object[]) | args |
| StringBuilder | AppendFormat(IFormatProvider, string, ReadOnlySpan<object>) | args |
| StringBuilder | AppendFormat(IFormatProvider, string, object) | arg0 |
| StringBuilder | AppendFormat(IFormatProvider, string, object, object) | arg0 |
| StringBuilder | AppendFormat(IFormatProvider, string, object, object) | arg1 |
@@ -25,7 +24,7 @@
| StringBuilder | AppendFormat(IFormatProvider, string, object, object, object) | arg1 |
| StringBuilder | AppendFormat(IFormatProvider, string, object, object, object) | arg2 |
| StringBuilder | AppendFormat(IFormatProvider, string, params Object[]) | args |
| StringBuilder | AppendFormat(string, ReadOnlySpan<object>) | args |
| StringBuilder | AppendFormat(IFormatProvider, string, params ReadOnlySpan<object>) | args |
| StringBuilder | AppendFormat(string, object) | arg0 |
| StringBuilder | AppendFormat(string, object, object) | arg0 |
| StringBuilder | AppendFormat(string, object, object) | arg1 |
@@ -33,8 +32,8 @@
| StringBuilder | AppendFormat(string, object, object, object) | arg1 |
| StringBuilder | AppendFormat(string, object, object, object) | arg2 |
| StringBuilder | AppendFormat(string, params Object[]) | args |
| StringBuilder | AppendFormat(string, params ReadOnlySpan<object>) | args |
| Strings | MyStringFormat(string, params Object[]) | args |
| TextWriter | Write(string, ReadOnlySpan<object>) | arg |
| TextWriter | Write(string, object) | arg0 |
| TextWriter | Write(string, object, object) | arg0 |
| TextWriter | Write(string, object, object) | arg1 |
@@ -42,7 +41,7 @@
| TextWriter | Write(string, object, object, object) | arg1 |
| TextWriter | Write(string, object, object, object) | arg2 |
| TextWriter | Write(string, params Object[]) | arg |
| TextWriter | WriteLine(string, ReadOnlySpan<object>) | arg |
| TextWriter | Write(string, params ReadOnlySpan<object>) | arg |
| TextWriter | WriteLine(string, object) | arg0 |
| TextWriter | WriteLine(string, object, object) | arg0 |
| TextWriter | WriteLine(string, object, object) | arg1 |
@@ -50,7 +49,7 @@
| TextWriter | WriteLine(string, object, object, object) | arg1 |
| TextWriter | WriteLine(string, object, object, object) | arg2 |
| TextWriter | WriteLine(string, params Object[]) | arg |
| string | Format(IFormatProvider, string, ReadOnlySpan<object>) | args |
| TextWriter | WriteLine(string, params ReadOnlySpan<object>) | arg |
| string | Format(IFormatProvider, string, object) | arg0 |
| string | Format(IFormatProvider, string, object, object) | arg0 |
| string | Format(IFormatProvider, string, object, object) | arg1 |
@@ -58,7 +57,7 @@
| string | Format(IFormatProvider, string, object, object, object) | arg1 |
| string | Format(IFormatProvider, string, object, object, object) | arg2 |
| string | Format(IFormatProvider, string, params Object[]) | args |
| string | Format(string, ReadOnlySpan<object>) | args |
| string | Format(IFormatProvider, string, params ReadOnlySpan<object>) | args |
| string | Format(string, object) | arg0 |
| string | Format(string, object, object) | arg0 |
| string | Format(string, object, object) | arg1 |
@@ -66,3 +65,4 @@
| string | Format(string, object, object, object) | arg1 |
| string | Format(string, object, object, object) | arg2 |
| string | Format(string, params Object[]) | args |
| string | Format(string, params ReadOnlySpan<object>) | args |

2
csharp/ql/test/library-tests/methods/Parameters4.ql
View File

@@ -4,5 +4,5 @@
import csharp
where forall(Parameter p | p.isParams() | p.getType() instanceof ArrayType)
where forall(Parameter p | p.isParams() and p.fromSource() | p.getType() instanceof ArrayType)
select 1

1
csharp/ql/test/query-tests/Telemetry/DatabaseQuality/IsNotOkayCall.expected
View File

@@ -1,4 +1,3 @@
| Quality.cs:26:19:26:26 | access to indexer | Call without target $@. | Quality.cs:26:19:26:26 | access to indexer | access to indexer |
| Quality.cs:29:21:29:27 | access to indexer | Call without target $@. | Quality.cs:29:21:29:27 | access to indexer | access to indexer |
| Quality.cs:32:9:32:21 | access to indexer | Call without target $@. | Quality.cs:32:9:32:21 | access to indexer | access to indexer |
| Quality.cs:34:21:34:25 | object creation of type null | Call without target $@. | Quality.cs:34:21:34:25 | object creation of type null | object creation of type null |

1
csharp/ql/test/query-tests/Telemetry/DatabaseQuality/NoTarget.expected
View File

@@ -10,6 +10,5 @@
| Quality.cs:26:19:26:26 | access to indexer | Call without target $@. | Quality.cs:26:19:26:26 | access to indexer | access to indexer |
| Quality.cs:29:21:29:27 | access to indexer | Call without target $@. | Quality.cs:29:21:29:27 | access to indexer | access to indexer |
| Quality.cs:32:9:32:21 | access to indexer | Call without target $@. | Quality.cs:32:9:32:21 | access to indexer | access to indexer |
| Quality.cs:34:21:34:25 | object creation of type null | Call without target $@. | Quality.cs:34:21:34:25 | object creation of type null | object creation of type null |
| Quality.cs:38:16:38:26 | access to property MyProperty2 | Call without target $@. | Quality.cs:38:16:38:26 | access to property MyProperty2 | access to property MyProperty2 |
| Quality.cs:50:20:50:26 | object creation of type T | Call without target $@. | Quality.cs:50:20:50:26 | object creation of type T | object creation of type T |

2
csharp/ql/test/query-tests/Telemetry/DatabaseQuality/Quality.cs
View File

@@ -31,7 +31,7 @@ public class Test
Span<byte> guidBytes = stackalloc byte[16];
guidBytes[08] = 1; // TODO: this indexer call has no target, because the target is a `ref` returning getter.
new MyList([new(), new Test()]); // TODO: the `new()` call has no target, which is unexpected, as we know at compile time, that this is a `new Test()` call.
new MyList([new(), new Test()]);
}
public int MyProperty1 { get; }

2
csharp/scripts/BUILD.bazel
View File

@@ -1,3 +1,5 @@
load("@rules_python//python:defs.bzl", "py_binary")
py_binary(
name = "gen-git-assembly-info",
srcs = ["gen-git-assembly-info.py"],

1
go/BUILD.bazel
View File

@@ -1,5 +1,6 @@
load("@gazelle//:def.bzl", "gazelle")
load("@rules_pkg//pkg:mappings.bzl", "pkg_files")
load("@rules_python//python:defs.bzl", "py_binary")
load("//misc/bazel:pkg.bzl", "codeql_pack", "codeql_pkg_files")
gazelle(

4
go/ql/lib/change-notes/2024-12-06-improve-flow-out-of-variadic-parameter.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Data flow out of variadic parameters now works in more situations. Summary models defined using models-as-data work. Source models defined using models-as-data do not work yet.

5
go/ql/lib/semmle/go/dataflow/internal/ContainerFlow.qll
View File

@@ -66,6 +66,11 @@ predicate containerReadStep(Node node1, Node node2, Content c) {
(
node2.(Read).readsElement(node1, _)
or
exists(ImplicitVarargsSlice ivs |
node1.(PostUpdateNode).getPreUpdateNode() = ivs and
node2.(PostUpdateNode).getPreUpdateNode() = ivs.getCallNode().getAnImplicitVarargsArgument()
)
or
node2.(RangeElementNode).getBase() = node1
or
// To model data flow from array elements of the base of a `SliceNode` to

3
go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll
View File

@@ -845,6 +845,9 @@ module Public {
or
preupd = getAWrittenNode()
or
preupd instanceof ImplicitVarargsSlice and
mutableType(preupd.(ImplicitVarargsSlice).getType().(SliceType).getElementType())
or
preupd = any(ArgumentNode arg).getACorrespondingSyntacticArgument() and
mutableType(preupd.getType())
) and

4
go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/completetest.ql
View File

@@ -9,9 +9,9 @@ import semmle.go.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl
import TestUtilities.InlineFlowTest
module Config implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node src) { sourceNode(src, "qltest") }
predicate isSource(DataFlow::Node source) { sourceNode(source, "qltest") }
predicate isSink(DataFlow::Node src) { sinkNode(src, "qltest") }
predicate isSink(DataFlow::Node sink) { sinkNode(sink, "qltest") }
}
import ValueFlowTest<Config>

12
go/ql/test/library-tests/semmle/go/dataflow/VarArgs/main.go
View File

@@ -4,7 +4,7 @@ func source() string {
return "untrusted data"
}
func sink(string) {
func sink(any) {
}
type A struct {
@@ -19,6 +19,10 @@ func functionWithVarArgsParameter(s ...string) string {
return s[1]
}
func functionWithVarArgsOutParameter(in string, out ...*string) {
*out[0] = in
}
func functionWithSliceOfStructsParameter(s []A) string {
return s[1].f
}
@@ -38,6 +42,12 @@ func main() {
sink(functionWithVarArgsParameter(sSlice...)) // $ hasValueFlow="call to functionWithVarArgsParameter"
sink(functionWithVarArgsParameter(s0, s1)) // $ hasValueFlow="call to functionWithVarArgsParameter"
var out1 *string
var out2 *string
functionWithVarArgsOutParameter(source(), out1, out2)
sink(out1) // $ MISSING: hasValueFlow="out1"
sink(out2) // $ MISSING: hasValueFlow="out2"
sliceOfStructs := []A{{f: source()}}
sink(sliceOfStructs[0].f) // $ hasValueFlow="selection of f"

2
go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/Flows.expected Normal file
View File

@@ -0,0 +1,2 @@
testFailures
invalidModelRow

21
go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/Flows.ext.yml Normal file
View File

@@ -0,0 +1,21 @@
extensions:
- addsTo:
pack: codeql/go-all
extensible: summaryModel
data:
- ["github.com/nonexistent/test", "", False, "FunctionWithParameter", "", "", "Argument[0]", "ReturnValue", "value", "manual"]
- ["github.com/nonexistent/test", "", False, "FunctionWithSliceParameter", "", "", "Argument[0].ArrayElement", "ReturnValue", "value", "manual"]
- ["github.com/nonexistent/test", "", False, "FunctionWithVarArgsParameter", "", "", "Argument[0].ArrayElement", "ReturnValue", "value", "manual"]
- ["github.com/nonexistent/test", "", False, "FunctionWithVarArgsOutParameter", "", "", "Argument[0]", "Argument[1].ArrayElement", "value", "manual"]
- ["github.com/nonexistent/test", "", False, "FunctionWithSliceOfStructsParameter", "", "", "Argument[0].ArrayElement.Field[github.com/nonexistent/test.A.Field]", "ReturnValue", "value", "manual"]
- ["github.com/nonexistent/test", "", False, "FunctionWithVarArgsOfStructsParameter", "", "", "Argument[0].ArrayElement.Field[github.com/nonexistent/test.A.Field]", "ReturnValue", "value", "manual"]
- addsTo:
pack: codeql/go-all
extensible: sourceModel
data:
- ["github.com/nonexistent/test", "", False, "VariadicSource", "", "", "Argument[0]", "qltest", "manual"]
- addsTo:
pack: codeql/go-all
extensible: sinkModel
data:
- ["github.com/nonexistent/test", "", False, "VariadicSink", "", "", "Argument[0]", "qltest", "manual"]

22
go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/Flows.ql Normal file
View File

@@ -0,0 +1,22 @@
import go
import semmle.go.dataflow.ExternalFlow
import ModelValidation
import TestUtilities.InlineFlowTest
module Config implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) {
sourceNode(source, "qltest")
or
exists(Function fn | fn.hasQualifiedName(_, ["source", "taint"]) |
source = fn.getACall().getResult()
)
}
predicate isSink(DataFlow::Node sink) {
sinkNode(sink, "qltest")
or
exists(Function fn | fn.hasQualifiedName(_, "sink") | sink = fn.getACall().getAnArgument())
}
}
import FlowTest<Config, Config>

5
go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/go.mod Normal file
View File

@@ -0,0 +1,5 @@
module semmle.go.Packages
go 1.23
require github.com/nonexistent/test v0.0.0-20200203000000-0000000000000

51
go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/main.go Normal file
View File

@@ -0,0 +1,51 @@
package main
import (
"github.com/nonexistent/test"
)
func source() string {
return "untrusted data"
}
func sink(any) {
}
func main() {
s := source()
sink(test.FunctionWithParameter(s)) // $ hasValueFlow="call to FunctionWithParameter"
stringSlice := []string{source()}
sink(stringSlice[0]) // $ hasValueFlow="index expression"
s0 := ""
s1 := source()
sSlice := []string{s0, s1}
sink(test.FunctionWithParameter(sSlice[1])) // $ hasValueFlow="call to FunctionWithParameter"
sink(test.FunctionWithSliceParameter(sSlice)) // $ hasValueFlow="call to FunctionWithSliceParameter"
sink(test.FunctionWithVarArgsParameter(sSlice...)) // $ hasValueFlow="call to FunctionWithVarArgsParameter"
sink(test.FunctionWithVarArgsParameter(s0, s1)) // $ hasValueFlow="call to FunctionWithVarArgsParameter"
var out1 *string
var out2 *string
test.FunctionWithVarArgsOutParameter(source(), out1, out2)
sink(out1) // $ hasValueFlow="out1"
sink(out2) // $ hasValueFlow="out2"
sliceOfStructs := []test.A{{Field: source()}}
sink(sliceOfStructs[0].Field) // $ hasValueFlow="selection of Field"
a0 := test.A{Field: ""}
a1 := test.A{Field: source()}
aSlice := []test.A{a0, a1}
sink(test.FunctionWithSliceOfStructsParameter(aSlice)) // $ hasValueFlow="call to FunctionWithSliceOfStructsParameter"
sink(test.FunctionWithVarArgsOfStructsParameter(aSlice...)) // $ hasValueFlow="call to FunctionWithVarArgsOfStructsParameter"
sink(test.FunctionWithVarArgsOfStructsParameter(a0, a1)) // $ hasValueFlow="call to FunctionWithVarArgsOfStructsParameter"
var variadicSource string
test.VariadicSource(&variadicSource)
sink(variadicSource) // $ MISSING: hasTaintFlow="variadicSource"
test.VariadicSink(source()) // $ hasTaintFlow="[]type{args}"
}

31
go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/vendor/github.com/nonexistent/test/stub.go generated vendored Normal file
View File

@@ -0,0 +1,31 @@
package test
type A struct {
Field string
}
func FunctionWithParameter(s string) string {
return ""
}
func FunctionWithSliceParameter(s []string) string {
return ""
}
func FunctionWithVarArgsParameter(s ...string) string {
return ""
}
func FunctionWithVarArgsOutParameter(in string, out ...*string) {
}
func FunctionWithSliceOfStructsParameter(s []A) string {
return ""
}
func FunctionWithVarArgsOfStructsParameter(s ...A) string {
return ""
}
func VariadicSource(s ...*string) {}
func VariadicSink(s ...string) {}

3
go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/vendor/modules.txt vendored Normal file
View File

@@ -0,0 +1,3 @@
# github.com/nonexistent/test v0.0.0-20200203000000-0000000000000
## explicit
github.com/nonexistent/test

3
go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/Flows.ql
View File

@@ -19,6 +19,9 @@ class SummaryModelTest extends DataFlow::FunctionModel {
this.hasQualifiedName("github.com/nonexistent/test", "FunctionWithVarArgsParameter") and
(inp.isParameter(_) and outp.isResult())
or
this.hasQualifiedName("github.com/nonexistent/test", "FunctionWithVarArgsOutParameter") and
(inp.isParameter(0) and outp.isParameter(any(int i | i >= 1)))
or
this.hasQualifiedName("github.com/nonexistent/test", "FunctionWithSliceOfStructsParameter") and
(inp.isParameter(0) and outp.isResult())
or

2
go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/go.mod
View File

@@ -1,5 +1,5 @@
module semmle.go.Packages
go 1.17
go 1.23
require github.com/nonexistent/test v0.0.0-20200203000000-0000000000000

20
go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/main.go
View File

@@ -8,7 +8,7 @@ func source() string {
return "untrusted data"
}
func sink(string) {
func sink(any) {
}
func main() {
@@ -21,10 +21,17 @@ func main() {
s0 := ""
s1 := source()
sSlice := []string{s0, s1}
sink(test.FunctionWithParameter(sSlice[1])) // $ hasValueFlow="call to FunctionWithParameter"
sink(test.FunctionWithSliceParameter(sSlice)) // $ hasTaintFlow="call to FunctionWithSliceParameter" MISSING: hasValueFlow="call to FunctionWithSliceParameter"
sink(test.FunctionWithVarArgsParameter(sSlice...)) // $ hasTaintFlow="call to FunctionWithVarArgsParameter" MISSING: hasValueFlow="call to FunctionWithVarArgsParameter"
sink(test.FunctionWithVarArgsParameter(s0, s1)) // $ MISSING: hasValueFlow="call to FunctionWithVarArgsParameter"
sink(test.FunctionWithParameter(sSlice[1])) // $ hasValueFlow="call to FunctionWithParameter"
sink(test.FunctionWithSliceParameter(sSlice)) // $ hasTaintFlow="call to FunctionWithSliceParameter" MISSING: hasValueFlow="call to FunctionWithSliceParameter"
sink(test.FunctionWithVarArgsParameter(sSlice...)) // $ hasTaintFlow="call to FunctionWithVarArgsParameter" MISSING: hasValueFlow="call to FunctionWithVarArgsParameter"
randomFunctionWithMoreThanOneParameter(1, 2, 3, 4, 5) // This is needed to make the next line pass, because we need to have seen a call to a function with at least 2 parameters for ParameterInput to exist with index 1.
sink(test.FunctionWithVarArgsParameter(s0, s1)) // $ hasValueFlow="call to FunctionWithVarArgsParameter"
var out1 *string
var out2 *string
test.FunctionWithVarArgsOutParameter(source(), out1, out2)
sink(out1) // $ hasValueFlow="out1"
sink(out2) // $ hasValueFlow="out2"
sliceOfStructs := []test.A{{Field: source()}}
sink(sliceOfStructs[0].Field) // $ hasValueFlow="selection of Field"
@@ -37,3 +44,6 @@ func main() {
sink(test.FunctionWithVarArgsOfStructsParameter(aSlice...)) // $ MISSING: hasValueFlow="call to FunctionWithVarArgsOfStructsParameter"
sink(test.FunctionWithVarArgsOfStructsParameter(a0, a1)) // $ MISSING: hasValueFlow="call to FunctionWithVarArgsOfStructsParameter"
}
func randomFunctionWithMoreThanOneParameter(i1, i2, i3, i4, i5 int) {
}

BIN
go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/semmle.go.Packages
View File

Binary file not shown.

2
go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/vendor/github.com/nonexistent/test/stub.go generated vendored
View File

@@ -15,6 +15,8 @@ func FunctionWithSliceParameter(s []string) string {
func FunctionWithVarArgsParameter(s ...string) string {
return ""
}
func FunctionWithVarArgsOutParameter(in string, out ...*string) {
}
func FunctionWithSliceOfStructsParameter(s []A) string {
return ""

Some files were not shown because too many files have changed in this diff Show More