hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-22 23:35:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into tausbn/python-fix-match-pruning-logic

Browse Source
This commit is contained in:
Taus
2025-03-06 14:37:58 +01:00
committed by GitHub
parent f246ef764a 61c043fd4a
commit 6546bb1b1d
1401 changed files with 44716 additions and 15745 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.bazelrc
View File

@@ -12,6 +12,9 @@ common --override_module=semmle_code=%workspace%/misc/bazel/semmle_code_stub
build --repo_env=CC=clang --repo_env=CXX=clang++
# print test output, like sembuild does.
# Set to `errors` if this is too verbose.
test --test_output all
# we use transitions that break builds of `...`, so for `test` to work with that we need the following
test --build_tests_only

1
.github/workflows/go-tests-other-os.yml vendored
View File

@@ -3,6 +3,7 @@ on:
pull_request:
paths:
- "go/**"
- "!go/documentation/**"
- "!go/ql/**" # don't run other-os if only ql/ files changed
- .github/workflows/go-tests-other-os.yml
- .github/actions/**

2
.github/workflows/go-tests.yml vendored
View File

@@ -3,6 +3,7 @@ on:
push:
paths:
- "go/**"
- "!go/documentation/**"
- "shared/**"
- .github/workflows/go-tests.yml
- .github/actions/**
@@ -13,6 +14,7 @@ on:
pull_request:
paths:
- "go/**"
- "!go/documentation/**"
- "shared/**"
- .github/workflows/go-tests.yml
- .github/actions/**

494
Cargo.lock generated
View File

File diff suppressed because it is too large Load Diff

2
LICENSE
View File

@@ -1,6 +1,6 @@
MIT License
Copyright (c) 2006-2020 GitHub, Inc.
Copyright (c) 2006-2025 GitHub, Inc.
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal

124
MODULE.bazel
View File

@@ -35,9 +35,9 @@ bazel_dep(name = "buildifier_prebuilt", version = "6.4.0", dev_dependency = True
# Keep edition and version approximately in sync with internal repo.
# the versions there are canonical, the versions here are used for CI in github/codeql, as well as for the vendoring of dependencies.
RUST_EDITION = "2021"
RUST_EDITION = "2024"
RUST_VERSION = "1.82.0"
RUST_VERSION = "1.85.0"
rust = use_extension("@rules_rust//rust:extensions.bzl", "rust")
rust.toolchain(
@@ -58,15 +58,12 @@ register_toolchains("@rust_toolchains//:all")
py_deps = use_extension("//misc/bazel/3rdparty:py_deps_extension.bzl", "p")
use_repo(
py_deps,
"vendor__anyhow-1.0.44",
"vendor__cc-1.0.70",
"vendor__clap-2.33.3",
"vendor__regex-1.5.5",
"vendor__smallvec-1.6.1",
"vendor__string-interner-0.12.2",
"vendor__thiserror-1.0.29",
"vendor__tree-sitter-0.20.4",
"vendor__tree-sitter-graph-0.7.0",
"vendor_py__anyhow-1.0.95",
"vendor_py__cc-1.2.14",
"vendor_py__clap-4.5.30",
"vendor_py__regex-1.11.1",
"vendor_py__tree-sitter-0.20.4",
"vendor_py__tree-sitter-graph-0.7.0",
)
# deps for ruby+rust
@@ -74,58 +71,57 @@ use_repo(
tree_sitter_extractors_deps = use_extension("//misc/bazel/3rdparty:tree_sitter_extractors_extension.bzl", "r")
use_repo(
tree_sitter_extractors_deps,
"vendor__anyhow-1.0.95",
"vendor__argfile-0.2.1",
"vendor__chrono-0.4.39",
"vendor__clap-4.5.26",
"vendor__dunce-1.0.5",
"vendor__either-1.13.0",
"vendor__encoding-0.2.33",
"vendor__figment-0.10.19",
"vendor__flate2-1.0.35",
"vendor__glob-0.3.2",
"vendor__globset-0.4.15",
"vendor__itertools-0.14.0",
"vendor__lazy_static-1.5.0",
"vendor__log-0.4.22",
"vendor__mustache-0.9.0",
"vendor__num-traits-0.2.19",
"vendor__num_cpus-1.16.0",
"vendor__proc-macro2-1.0.93",
"vendor__quote-1.0.38",
"vendor__ra_ap_base_db-0.0.258",
"vendor__ra_ap_cfg-0.0.258",
"vendor__ra_ap_hir-0.0.258",
"vendor__ra_ap_hir_def-0.0.258",
"vendor__ra_ap_hir_expand-0.0.258",
"vendor__ra_ap_ide_db-0.0.258",
"vendor__ra_ap_intern-0.0.258",
"vendor__ra_ap_load-cargo-0.0.258",
"vendor__ra_ap_parser-0.0.258",
"vendor__ra_ap_paths-0.0.258",
"vendor__ra_ap_project_model-0.0.258",
"vendor__ra_ap_span-0.0.258",
"vendor__ra_ap_stdx-0.0.258",
"vendor__ra_ap_syntax-0.0.258",
"vendor__ra_ap_vfs-0.0.258",
"vendor__rand-0.8.5",
"vendor__rayon-1.10.0",
"vendor__regex-1.11.1",
"vendor__serde-1.0.217",
"vendor__serde_json-1.0.135",
"vendor__serde_with-3.12.0",
"vendor__stderrlog-0.6.0",
"vendor__syn-2.0.96",
"vendor__toml-0.8.19",
"vendor__tracing-0.1.41",
"vendor__tracing-subscriber-0.3.19",
"vendor__tree-sitter-0.24.6",
"vendor__tree-sitter-embedded-template-0.23.2",
"vendor__tree-sitter-json-0.24.8",
"vendor__tree-sitter-ql-0.23.1",
"vendor__tree-sitter-ruby-0.23.1",
"vendor__triomphe-0.1.14",
"vendor__ungrammar-1.16.1",
"vendor_ts__anyhow-1.0.96",
"vendor_ts__argfile-0.2.1",
"vendor_ts__chrono-0.4.39",
"vendor_ts__clap-4.5.31",
"vendor_ts__dunce-1.0.5",
"vendor_ts__either-1.14.0",
"vendor_ts__encoding-0.2.33",
"vendor_ts__figment-0.10.19",
"vendor_ts__flate2-1.1.0",
"vendor_ts__glob-0.3.2",
"vendor_ts__globset-0.4.15",
"vendor_ts__itertools-0.14.0",
"vendor_ts__lazy_static-1.5.0",
"vendor_ts__mustache-0.9.0",
"vendor_ts__num-traits-0.2.19",
"vendor_ts__num_cpus-1.16.0",
"vendor_ts__proc-macro2-1.0.93",
"vendor_ts__quote-1.0.38",
"vendor_ts__ra_ap_base_db-0.0.266",
"vendor_ts__ra_ap_cfg-0.0.266",
"vendor_ts__ra_ap_hir-0.0.266",
"vendor_ts__ra_ap_hir_def-0.0.266",
"vendor_ts__ra_ap_hir_expand-0.0.266",
"vendor_ts__ra_ap_ide_db-0.0.266",
"vendor_ts__ra_ap_intern-0.0.266",
"vendor_ts__ra_ap_load-cargo-0.0.266",
"vendor_ts__ra_ap_parser-0.0.266",
"vendor_ts__ra_ap_paths-0.0.266",
"vendor_ts__ra_ap_project_model-0.0.266",
"vendor_ts__ra_ap_span-0.0.266",
"vendor_ts__ra_ap_stdx-0.0.266",
"vendor_ts__ra_ap_syntax-0.0.266",
"vendor_ts__ra_ap_vfs-0.0.266",
"vendor_ts__rand-0.9.0",
"vendor_ts__rayon-1.10.0",
"vendor_ts__regex-1.11.1",
"vendor_ts__serde-1.0.218",
"vendor_ts__serde_json-1.0.139",
"vendor_ts__serde_with-3.12.0",
"vendor_ts__syn-2.0.98",
"vendor_ts__toml-0.8.20",
"vendor_ts__tracing-0.1.41",
"vendor_ts__tracing-flame-0.2.0",
"vendor_ts__tracing-subscriber-0.3.19",
"vendor_ts__tree-sitter-0.24.6",
"vendor_ts__tree-sitter-embedded-template-0.23.2",
"vendor_ts__tree-sitter-json-0.24.8",
"vendor_ts__tree-sitter-ql-0.23.1",
"vendor_ts__tree-sitter-ruby-0.23.1",
"vendor_ts__triomphe-0.1.14",
"vendor_ts__ungrammar-1.16.1",
)
http_archive = use_repo_rule("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
@@ -243,7 +239,7 @@ use_repo(
)
go_sdk = use_extension("@rules_go//go:extensions.bzl", "go_sdk")
go_sdk.download(version = "1.23.1")
go_sdk.download(version = "1.24.0")
go_deps = use_extension("@gazelle//:extensions.bzl", "go_deps")
go_deps.from_file(go_mod = "//go/extractor:go.mod")

4
actions/extractor/BUILD.bazel
View File

@@ -4,7 +4,9 @@ codeql_pkg_files(
name = "extractor",
srcs = [
"codeql-extractor.yml",
] + glob(["tools/**"]),
"//:LICENSE",
],
exes = glob(["tools/**"]),
strip_prefix = strip_prefix.from_pkg(),
visibility = ["//actions:__pkg__"],
)

28
actions/ql/extensions/immutable-actions-list/ext/immutable_actions.yml Normal file
View File

@@ -0,0 +1,28 @@
extensions:
- addsTo:
pack: codeql/actions-all
extensible: immutableActionsDataModel
data:
- ["actions/checkout"]
- ["actions/cache"]
- ["actions/setup-node"]
- ["actions/upload-artifact"]
- ["actions/setup-python"]
- ["actions/download-artifact"]
- ["actions/github-script"]
- ["actions/setup-java"]
- ["actions/setup-go"]
- ["actions/upload-pages-artifact"]
- ["actions/deploy-pages"]
- ["actions/setup-dotnet"]
- ["actions/stale"]
- ["actions/labeler"]
- ["actions/create-github-app-token"]
- ["actions/configure-pages"]
- ["github/codeql-action/analyze"]
- ["github/codeql-action/autobuild"]
- ["github/codeql-action/init"]
- ["github/codeql-action/resolve-environment"]
- ["github/codeql-action/start-proxy"]
- ["github/codeql-action/upload-sarif"]
- ["octokit/request-action"]

14
actions/ql/extensions/immutable-actions-list/qlpack.yml Normal file
View File

@@ -0,0 +1,14 @@
# Model pack containing the list of known immutable actions. The Immutable Actions feature is not
# yet released, so this pack will only be used within GitHub. Once the feature is available to
# customers, we will move the contents of this pack back into the standard library pack.
name: codeql/immutable-actions-list
version: 0.0.1-dev
library: true
warnOnImplicitThis: true
extensionTargets:
# We expect to need this model pack even after GA of Actions analysis, so make it compatible with
# all future prereleases plus 1.x.x. We should be able to remove this back before we need to
# bump the major version to 2.
codeql/actions-all: ">=0.4.3 <2.0.0"
dataExtensions:
- ext/**/*.yml

6
actions/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,9 @@
## 0.4.3
### New Features
* The "Unpinned tag for a non-immutable Action in workflow" query (`actions/unpinned-tag`) now supports expanding the trusted action owner list using data extensions (`extensible: trustedActionsOwnerDataModel`). If you trust an Action publisher, you can include the owner name/organization in a model pack to add it to the allow list for this query. This addition will prevent security alerts when using unpinned tags for Actions published by that owner. For more information on creating a model pack, see [Creating a CodeQL Model Pack](https://docs.github.com/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-and-working-with-codeql-packs#creating-a-codeql-model-pack).
## 0.4.2
### Bug Fixes

9
actions/ql/lib/change-notes/2025-01-07-trusted-owner-ext.md → actions/ql/lib/change-notes/released/0.4.3.md
View File

@@ -1,4 +1,5 @@
---
category: feature
---
* The "Unpinned tag for a non-immutable Action in workflow" query (`actions/unpinned-tag`) now supports expanding the trusted action owner list using data extensions (`extensible: trustedActionsOwnerDataModel`). If you trust an Action publisher, you can include the owner name/organization in a model pack to add it to the allow list for this query. This addition will prevent security alerts when using unpinned tags for Actions published by that owner. For more information on creating a model pack, see [Creating a CodeQL Model Pack](https://docs.github.com/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-and-working-with-codeql-packs#creating-a-codeql-model-pack).
## 0.4.3
### New Features
* The "Unpinned tag for a non-immutable Action in workflow" query (`actions/unpinned-tag`) now supports expanding the trusted action owner list using data extensions (`extensible: trustedActionsOwnerDataModel`). If you trust an Action publisher, you can include the owner name/organization in a model pack to add it to the allow list for this query. This addition will prevent security alerts when using unpinned tags for Actions published by that owner. For more information on creating a model pack, see [Creating a CodeQL Model Pack](https://docs.github.com/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-and-working-with-codeql-packs#creating-a-codeql-model-pack).

2
actions/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.4.2
lastReleaseVersion: 0.4.3

24
actions/ql/lib/ext/config/immutable_actions.yml
View File

@@ -2,21 +2,9 @@ extensions:
- addsTo:
pack: codeql/actions-all
extensible: immutableActionsDataModel
data:
- ["actions/checkout"]
- ["actions/cache"]
- ["actions/setup-node"]
- ["actions/upload-artifact"]
- ["actions/setup-python"]
- ["actions/download-artifact"]
- ["actions/github-script"]
- ["actions/setup-java"]
- ["actions/setup-go"]
- ["actions/upload-pages-artifact"]
- ["actions/deploy-pages"]
- ["actions/setup-dotnet"]
- ["actions/stale"]
- ["actions/labeler"]
- ["actions/create-github-app-token"]
- ["actions/configure-pages"]
- ["octokit/request-action"]
# Since the Immutable Actions feature is not yet available to customers, we won't alert about
# any unversioned immutable action references for now. Within GitHub, we'll include the
# `codeql/immutable-actions-list` model pack, which will provide the necessary list of actions
# for internal use. Once the feature is available to customers, we'll move that list back into
# this file.
data: []

2
actions/ql/lib/ext/config/trusted_actions_owner.yml
View File

@@ -5,4 +5,4 @@ extensions:
data:
- ["actions"]
- ["github"]
- ["advanced-security"]
- ["advanced-security"]

2
actions/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/actions-all
version: 0.4.3-dev
version: 0.4.4-dev
library: true
warnOnImplicitThis: true
dependencies:

26
actions/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,29 @@
## 0.5.0
### Breaking Changes
* The following queries have been removed from the `code-scanning` and `security-extended` suites.
Any existing alerts for these queries will be closed automatically.
* `actions/if-expression-always-true/critical`
* `actions/if-expression-always-true/high`
* `actions/unnecessary-use-of-advanced-config`
* The following query has been moved from the `code-scanning` suite to the `security-extended`
suite. Any existing alerts for this query will be closed automatically unless the analysis is
configured to use the `security-extended` suite.
* `actions/unpinned-tag`
* The following queries have been added to the `security-extended` suite.
* `actions/unversioned-immutable-action`
* `actions/envpath-injection/medium`
* `actions/envvar-injection/medium`
* `actions/code-injection/medium`
* `actions/artifact-poisoning/medium`
* `actions/untrusted-checkout/medium`
### Minor Analysis Improvements
* Fixed false positives in the query `actions/unpinned-tag` (CWE-829), which will no longer flag uses of Docker-based GitHub actions pinned by the container's SHA256 digest.
## 0.4.2
No user-facing changes.

10
actions/ql/src/Security/CWE-829/UnpinnedActionsTag.ql
View File

@@ -23,6 +23,14 @@ private predicate isTrustedOwner(string nwo) {
trustedActionsOwnerDataModel(nwo.substring(0, nwo.indexOf("/")))
}
bindingset[version]
private predicate isPinnedContainer(string version) {
version.regexpMatch("^sha256:[A-Fa-f0-9]{64}$")
}
bindingset[nwo]
private predicate isContainerImage(string nwo) { nwo.regexpMatch("^docker://.+") }
from UsesStep uses, string nwo, string version, Workflow workflow, string name
where
uses.getCallee() = nwo and
@@ -34,7 +42,7 @@ where
) and
uses.getVersion() = version and
not isTrustedOwner(nwo) and
not isPinnedCommit(version) and
not (if isContainerImage(nwo) then isPinnedContainer(version) else isPinnedCommit(version)) and
not isImmutableAction(uses, nwo)
select uses.getCalleeNode(),
"Unpinned 3rd party Action '" + name + "' step $@ uses '" + nwo + "' with ref '" + version +

7
actions/ql/src/change-notes/2025-02-27-immutable-actions-list.md Normal file
View File

@@ -0,0 +1,7 @@
---
category: fix
---
* The `actions/unversioned-immutable-action` query will no longer report any alerts, since the
Immutable Actions feature is not yet available for customer use. The query remains in the
default Code Scanning suites for use internal to GitHub. Once the Immutable Actions feature is
available, the query will be updated to report alerts again.

11
actions/ql/src/change-notes/2025-02-06-curate-suites.md → actions/ql/src/change-notes/released/0.5.0.md
View File

@@ -1,6 +1,7 @@
---
category: breaking
---
## 0.5.0
### Breaking Changes
* The following queries have been removed from the `code-scanning` and `security-extended` suites.
Any existing alerts for these queries will be closed automatically.
* `actions/if-expression-always-true/critical`
@@ -18,3 +19,7 @@ category: breaking
* `actions/code-injection/medium`
* `actions/artifact-poisoning/medium`
* `actions/untrusted-checkout/medium`
### Minor Analysis Improvements
* Fixed false positives in the query `actions/unpinned-tag` (CWE-829), which will no longer flag uses of Docker-based GitHub actions pinned by the container's SHA256 digest.

2
actions/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.4.2
lastReleaseVersion: 0.5.0

2
actions/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/actions-queries
version: 0.4.3-dev
version: 0.5.1-dev
library: false
warnOnImplicitThis: true
groups: [actions, queries]

4
actions/ql/test/qlpack.yml
View File

@@ -3,6 +3,10 @@ groups: [codeql, test]
dependencies:
codeql/actions-all: ${workspace}
codeql/actions-queries: ${workspace}
# Use the `immutable-actions-list` model pack so that we have some actual data to test against.
# We can remove this dependency when we incorporate the data from that model pack back into the
# standard library pack.
codeql/immutable-actions-list: ${workspace}
extractor: actions
tests: .
warnOnImplicitThis: true

2
actions/ql/test/query-tests/Security/CWE-829/.github/workflows/unpinned_tags.yml vendored
View File

@@ -9,3 +9,5 @@ jobs:
- uses: foo/bar
- uses: foo/bar@v1
- uses: foo/bar@25b062c917b0c75f8b47d8469aff6c94ffd89abb
- uses: docker://foo/bar@latest
- uses: docker://foo/bar@sha256:887a259a5a534f3c4f36cb02dca341673c6089431057242cdc931e9f133147e9

1
actions/ql/test/query-tests/Security/CWE-829/UnpinnedActionsTag.expected
View File

@@ -32,3 +32,4 @@
| .github/workflows/test17.yml:20:21:20:63 | sonarsource/sonarcloud-github-action@master | Unpinned 3rd party Action 'Sonar' step $@ uses 'sonarsource/sonarcloud-github-action' with ref 'master', not a pinned commit hash | .github/workflows/test17.yml:19:15:23:58 | Uses Step | Uses Step |
| .github/workflows/test18.yml:37:21:37:63 | sonarsource/sonarcloud-github-action@master | Unpinned 3rd party Action 'Sonar' step $@ uses 'sonarsource/sonarcloud-github-action' with ref 'master', not a pinned commit hash | .github/workflows/test18.yml:36:15:40:58 | Uses Step | Uses Step |
| .github/workflows/unpinned_tags.yml:10:13:10:22 | foo/bar@v1 | Unpinned 3rd party Action 'unpinned_tags.yml' step $@ uses 'foo/bar' with ref 'v1', not a pinned commit hash | .github/workflows/unpinned_tags.yml:10:7:11:4 | Uses Step | Uses Step |
| .github/workflows/unpinned_tags.yml:12:13:12:35 | docker://foo/bar@latest | Unpinned 3rd party Action 'unpinned_tags.yml' step $@ uses 'docker://foo/bar' with ref 'latest', not a pinned commit hash | .github/workflows/unpinned_tags.yml:12:7:13:4 | Uses Step | Uses Step |

4
actions/ql/test/query-tests/Security/CWE-829/UntrustedCheckoutCritical.expected
View File

@@ -299,7 +299,9 @@ edges
| .github/workflows/test.yml:14:9:25:6 | Run Step | .github/workflows/test.yml:25:9:33:6 | Run Step |
| .github/workflows/test.yml:25:9:33:6 | Run Step | .github/workflows/test.yml:33:9:37:34 | Run Step |
| .github/workflows/unpinned_tags.yml:9:7:10:4 | Uses Step | .github/workflows/unpinned_tags.yml:10:7:11:4 | Uses Step |
| .github/workflows/unpinned_tags.yml:10:7:11:4 | Uses Step | .github/workflows/unpinned_tags.yml:11:7:11:61 | Uses Step |
| .github/workflows/unpinned_tags.yml:10:7:11:4 | Uses Step | .github/workflows/unpinned_tags.yml:11:7:12:4 | Uses Step |
| .github/workflows/unpinned_tags.yml:11:7:12:4 | Uses Step | .github/workflows/unpinned_tags.yml:12:7:13:4 | Uses Step |
| .github/workflows/unpinned_tags.yml:12:7:13:4 | Uses Step | .github/workflows/unpinned_tags.yml:13:7:13:101 | Uses Step |
| .github/workflows/untrusted_checkout2.yml:7:9:14:6 | Run Step: pr_number | .github/workflows/untrusted_checkout2.yml:14:9:19:72 | Run Step |
| .github/workflows/untrusted_checkout3.yml:11:9:12:6 | Uses Step | .github/workflows/untrusted_checkout3.yml:12:9:13:6 | Uses Step |
| .github/workflows/untrusted_checkout3.yml:12:9:13:6 | Uses Step | .github/actions/dangerous-git-checkout/action.yml:6:7:11:4 | Uses Step |

2
codeql-workspace.yml
View File

@@ -17,7 +17,7 @@ provide:
- "misc/legacy-support/*/qlpack.yml"
- "misc/suite-helpers/qlpack.yml"
- ".github/codeql/extensions/**/codeql-pack.yml"
- "actions/ql/extensions/**/qlpack.yml"
versionPolicies:
default:
requireChangeNotes: true

4
cpp/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 4.0.1
No user-facing changes.
## 4.0.0
### Breaking Changes

4
cpp/ql/lib/change-notes/2025-02-20-getbuffersize.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Fixed an issue where the `getBufferSize` predicate in `commons/Buffer.qll` was returning results for references inside `offsetof` expressions, which are not accesses to a buffer.

4
cpp/ql/lib/change-notes/2025-02-25-getbuffersize.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Modified the `getBufferSize` predicate in `commons/Buffer.qll` to be more tolerant in some cases involving member variables in a larger struct or class.

3
cpp/ql/lib/change-notes/released/4.0.1.md Normal file
View File

@@ -0,0 +1,3 @@
## 4.0.1
No user-facing changes.

2
cpp/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 4.0.0
lastReleaseVersion: 4.0.1

2
cpp/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/cpp-all
version: 4.0.1-dev
version: 4.0.2-dev
groups: cpp
dbscheme: semmlecode.cpp.dbscheme
extractor: cpp

5
cpp/ql/lib/semmle/code/cpp/Location.qll
View File

@@ -75,7 +75,10 @@ class Location extends @location {
/** Holds if `this` comes on a line strictly before `l`. */
pragma[inline]
predicate isBefore(Location l) { this.isBefore(l, false) }
predicate isBefore(Location l) {
this.getFile() = l.getFile() and
this.getEndLine() < l.getStartLine()
}
/**
* Holds if `this` comes strictly before `l`. The boolean `sameLine` is

15
cpp/ql/lib/semmle/code/cpp/commons/Buffer.qll
View File

@@ -71,7 +71,7 @@ private int getSize(VariableAccess va) {
result = t.getSize()
)
or
exists(Class c |
exists(Class c, int trueSize |
// Otherwise, we find the "outermost" object and compute the size
// as the difference between the size of the type of the "outermost
// object" and the offset of the field relative to that type.
@@ -91,7 +91,9 @@ private int getSize(VariableAccess va) {
// of `y` relative to the type `S2` (i.e., `4`). So the size of the
// buffer is `12 - 4 = 8`.
c = getRootType(va) and
result = c.getSize() - v.(Field).getOffsetInClass(c)
// we calculate the size based on the last field, to avoid including any padding after it
trueSize = max(Field f | | f.getOffsetInClass(c) + f.getUnspecifiedType().getSize()) and
result = trueSize - v.(Field).getOffsetInClass(c)
)
)
}
@@ -105,9 +107,16 @@ private int getSize(VariableAccess va) {
private int isSource(Expr bufferExpr, Element why) {
exists(Variable bufferVar | bufferVar = bufferExpr.(VariableAccess).getTarget() |
// buffer is a fixed size array
result = bufferVar.getUnspecifiedType().(ArrayType).getSize() and
exists(bufferVar.getUnspecifiedType().(ArrayType).getSize()) and
result =
unique(int size | // more generous than .getSize() itself, when the array is a class field or similar.
size = getSize(bufferExpr)
|
size
) and
why = bufferVar and
not memberMayBeVarSize(_, bufferVar) and
not exists(BuiltInOperationBuiltInOffsetOf offsetof | offsetof.getAChild*() = bufferExpr) and
// zero sized arrays are likely to have special usage, for example
// behaving a bit like a 'union' overlapping other fields.
not result = 0

11
cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll
View File

@@ -869,12 +869,11 @@ private predicate elementSpecMatchesSignature(
bindingset[nameWithoutArgs]
pragma[inline_late]
private Class getClassAndNameImpl(Function method, string nameWithoutArgs) {
exists(string memberName | result = method.getClassAndName(memberName) |
nameWithoutArgs = "operator " + method.(ConversionOperator).getDestType()
or
not method instanceof ConversionOperator and
memberName = nameWithoutArgs
)
result = method.getDeclaringType() and
nameWithoutArgs = "operator " + method.(ConversionOperator).getDestType()
or
result = method.getClassAndName(nameWithoutArgs) and
not method instanceof ConversionOperator
}
/**

29
cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll
View File

@@ -1520,16 +1520,17 @@ private EdgeKind caseOrDefaultEdge() {
private int countNumberOfBranchesUsingParameter(SwitchInstruction switch, ParameterNode p) {
exists(Ssa::SourceVariable sv |
parameterNodeHasSourceVariable(p, sv) and
// Count the number of cases that use the parameter. We do this by finding the phi node
// that merges the uses/defs of the parameter. There might be multiple such phi nodes, so
// we pick the one with the highest edge count.
// Count the number of cases that use the parameter.
result =
max(SsaPhiNode phi |
switch.getSuccessor(caseOrDefaultEdge()).getBlock().dominanceFrontier() =
phi.getBasicBlock() and
phi.getSourceVariable() = sv
|
strictcount(phi.getAnInput())
strictcount(IRBlock caseblock |
exists(IRBlock useblock |
switch.getSuccessor(caseOrDefaultEdge()).getBlock() = caseblock and
caseblock.dominates(useblock)
|
exists(Ssa::UseImpl use | use.hasIndexInBlock(useblock, _, sv))
or
exists(Ssa::DefImpl def | def.hasIndexInBlock(useblock, _, sv))
)
)
)
}
@@ -1765,14 +1766,14 @@ module IteratorFlow {
* Note: Unlike `def.getAnUltimateDefinition()` this predicate also
* traverses back through iterator increment and decrement operations.
*/
private Ssa::Def getAnUltimateDefinition(Ssa::Def def) {
private Ssa::DefinitionExt getAnUltimateDefinition(Ssa::DefinitionExt def) {
result = def.getAnUltimateDefinition()
or
exists(IRBlock bb, int i, IteratorCrementCall crementCall, Ssa::SourceVariable sv |
crementCall = def.getValue().asInstruction().(StoreInstruction).getSourceValue() and
sv = def.getSourceVariable() and
bb.getInstruction(i) = crementCall and
Ssa::ssaDefReachesReadExt(sv, result.asDef(), bb, i)
Ssa::ssaDefReachesReadExt(sv, result, bb, i)
)
}
@@ -1800,13 +1801,13 @@ module IteratorFlow {
GetsIteratorCall beginCall, Instruction writeToDeref
) {
exists(
StoreInstruction beginStore, IRBlock bbStar, int iStar, Ssa::Def def,
IteratorPointerDereferenceCall starCall, Ssa::Def ultimate, Operand address
StoreInstruction beginStore, IRBlock bbStar, int iStar, Ssa::DefinitionExt def,
IteratorPointerDereferenceCall starCall, Ssa::DefinitionExt ultimate, Operand address
|
isIteratorWrite(writeToDeref, address) and
operandForFullyConvertedCall(address, starCall) and
bbStar.getInstruction(iStar) = starCall and
Ssa::ssaDefReachesReadExt(_, def.asDef(), bbStar, iStar) and
Ssa::ssaDefReachesReadExt(_, def, bbStar, iStar) and
ultimate = getAnUltimateDefinition*(def) and
beginStore = ultimate.getValue().asInstruction() and
operandForFullyConvertedCall(beginStore.getSourceValueOperand(), beginCall)

15
cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll
View File

@@ -842,18 +842,11 @@ class InitialGlobalValue extends Node, TInitialGlobalValue {
result.asSourceCallable() = this.getFunction()
}
override Declaration getFunction() { result = globalDef.getIRFunction().getFunction() }
override Declaration getFunction() { result = globalDef.getFunction() }
final override predicate isGLValue() { globalDef.getIndirectionIndex() = 0 }
override DataFlowType getType() {
exists(DataFlowType type |
type = globalDef.getUnderlyingType() and
if this.isGLValue()
then result = type
else result = getTypeImpl(type, globalDef.getIndirectionIndex() - 1)
)
}
override DataFlowType getType() { result = globalDef.getUnderlyingType() }
final override Location getLocationImpl() { result = globalDef.getLocation() }
@@ -1312,7 +1305,7 @@ class UninitializedNode extends Node {
LocalVariable v;
UninitializedNode() {
exists(Ssa::Def def, Ssa::SourceVariable sv |
exists(Ssa::DefinitionExt def, Ssa::SourceVariable sv |
def.getIndirectionIndex() = 0 and
def.getValue().asInstruction() instanceof UninitializedInstruction and
Ssa::defToNode(this, def, sv, _, _, _) and
@@ -2299,7 +2292,7 @@ class ContentSet instanceof Content {
pragma[nomagic]
private predicate guardControlsPhiInput(
IRGuardCondition g, boolean branch, Ssa::Definition def, IRBlock input, Ssa::PhiNode phi
IRGuardCondition g, boolean branch, Ssa::DefinitionExt def, IRBlock input, Ssa::PhiNode phi
) {
phi.hasInputFromBlock(def, _, _, _, input) and
(

202
cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll
View File

@@ -225,10 +225,16 @@ abstract class DefImpl extends TDefImpl {
)
}
/**
* Holds if this definition is guaranteed to totally overwrite the
* destination buffer.
*/
abstract predicate isCertain();
/** Gets the value written to the destination variable by this definition. */
abstract Node0Impl getValue();
/** Gets the operand that represents the address of this definition, if any. */
Operand getAddressOperand() { none() }
}
@@ -691,8 +697,10 @@ predicate outNodeHasAddressAndIndex(
*
* Holds if `node` is the node that corresponds to the definition of `def`.
*/
predicate defToNode(Node node, Def def, SourceVariable sv, IRBlock bb, int i, boolean uncertain) {
def.hasIndexInBlock(bb, i, sv) and
predicate defToNode(
Node node, DefinitionExt def, SourceVariable sv, IRBlock bb, int i, boolean uncertain
) {
def.definesAt(sv, bb, i, _) and
(
nodeHasOperand(node, def.getValue().asOperand(), def.getIndirectionIndex())
or
@@ -1057,7 +1065,7 @@ module SsaCached {
}
cached
Definition phiHasInputFromBlockExt(PhiNode phi, IRBlock bb) {
DefinitionExt phiHasInputFromBlockExt(PhiNode phi, IRBlock bb) {
SsaImpl::phiHasInputFromBlockExt(phi, result, bb)
}
@@ -1071,157 +1079,24 @@ module SsaCached {
predicate variableWrite = SsaInput::variableWrite/4;
}
cached
private newtype TSsaDef =
TDef(DefinitionExt def) or
TPhi(PhiNode phi)
abstract private class SsaDef extends TSsaDef {
/** Gets a textual representation of this element. */
string toString() { none() }
/** Gets the underlying non-phi definition or use. */
DefinitionExt asDef() { none() }
/** Gets the underlying phi node. */
PhiNode asPhi() { none() }
/** Gets the location of this element. */
abstract Location getLocation();
}
abstract class Def extends SsaDef, TDef {
DefinitionExt def;
Def() { this = TDef(def) }
final override DefinitionExt asDef() { result = def }
/** Gets the source variable underlying this SSA definition. */
final SourceVariable getSourceVariable() { result = def.getSourceVariable() }
override string toString() { result = def.toString() }
/**
* Holds if this definition (or use) has index `index` in block `block`,
* and is a definition (or use) of the variable `sv`.
*/
predicate hasIndexInBlock(IRBlock block, int index, SourceVariable sv) {
def.definesAt(sv, block, index, _)
}
/** Gets the value written by this definition, if any. */
Node0Impl getValue() { none() }
/**
* Holds if this definition is guaranteed to overwrite the entire
* destination's allocation.
*/
abstract predicate isCertain();
/** Gets the address operand written to by this definition. */
Operand getAddressOperand() { none() }
/** Gets the address written to by this definition. */
final Instruction getAddress() { result = this.getAddressOperand().getDef() }
/** Gets the indirection index of this definition. */
abstract int getIndirectionIndex();
/**
* Gets the indirection level that this definition is writing to.
* For instance, `x = y` is a definition of `x` at indirection level 1 and
* `*x = y` is a definition of `x` at indirection level 2.
*/
abstract int getIndirection();
/**
* Gets a definition that ultimately defines this SSA definition and is not
* itself a phi node.
*/
Def getAnUltimateDefinition() { result.asDef() = def.getAnUltimateDefinition() }
}
private predicate isGlobal(DefinitionExt def, GlobalDefImpl global) {
/** Gets the `DefImpl` corresponding to `def`. */
private DefImpl getDefImpl(SsaImpl::DefinitionExt def) {
exists(SourceVariable sv, IRBlock bb, int i |
def.definesAt(sv, bb, i, _) and
global.hasIndexInBlock(bb, i, sv)
result.hasIndexInBlock(bb, i, sv)
)
}
private class NonGlobalDef extends Def {
NonGlobalDef() { not isGlobal(def, _) }
class GlobalDef extends DefinitionExt {
GlobalDefImpl impl;
final override Location getLocation() { result = this.getImpl().getLocation() }
private DefImpl getImpl() {
exists(SourceVariable sv, IRBlock bb, int i |
this.hasIndexInBlock(bb, i, sv) and
result.hasIndexInBlock(bb, i, sv)
)
}
override Node0Impl getValue() { result = this.getImpl().getValue() }
override predicate isCertain() { this.getImpl().isCertain() }
override Operand getAddressOperand() { result = this.getImpl().getAddressOperand() }
override int getIndirectionIndex() { result = this.getImpl().getIndirectionIndex() }
override int getIndirection() { result = this.getImpl().getIndirection() }
}
class GlobalDef extends Def {
GlobalDefImpl global;
GlobalDef() { isGlobal(def, global) }
/** Gets a textual representation of this definition. */
override string toString() { result = global.toString() }
final override Location getLocation() { result = global.getLocation() }
GlobalDef() { impl = getDefImpl(this) }
/**
* Gets the type of this definition after specifiers have been deeply stripped
* and typedefs have been resolved.
* Gets the global (or `static` local) variable written to by this SSA
* definition.
*/
DataFlowType getUnspecifiedType() { result = global.getUnspecifiedType() }
/**
* Gets the type of this definition, after typedefs have been resolved.
*/
DataFlowType getUnderlyingType() { result = global.getUnderlyingType() }
/** Gets the `IRFunction` whose body is evaluated after this definition. */
IRFunction getIRFunction() { result = global.getIRFunction() }
/** Gets the global variable associated with this definition. */
GlobalLikeVariable getVariable() { result = global.getVariable() }
override predicate isCertain() { any() }
final override int getIndirectionIndex() { result = global.getIndirectionIndex() }
final override int getIndirection() { result = global.getIndirection() }
}
class Phi extends TPhi, SsaDef {
PhiNode phi;
Phi() { this = TPhi(phi) }
final override PhiNode asPhi() { result = phi }
final override Location getLocation() { result = phi.getBasicBlock().getLocation() }
override string toString() { result = phi.toString() }
SsaPhiInputNode getNode(IRBlock block) { result.getPhiNode() = phi and result.getBlock() = block }
predicate hasInputFromBlock(Definition inp, IRBlock bb) { inp = phiHasInputFromBlockExt(phi, bb) }
final Definition getAnInput() { this.hasInputFromBlock(result, _) }
GlobalLikeVariable getVariable() { result = impl.getVariable() }
}
private module SsaImpl = SsaImplCommon::Make<Location, SsaInput>;
@@ -1259,12 +1134,12 @@ class PhiNode extends SsaImpl::DefinitionExt {
}
/** Gets a definition that is an input to this phi node. */
final Definition getAnInput() { this.hasInputFromBlock(result, _, _, _, _) }
final DefinitionExt getAnInput() { this.hasInputFromBlock(result, _, _, _, _) }
}
/** An static single assignment (SSA) definition. */
class DefinitionExt extends SsaImpl::DefinitionExt {
private Definition getAPhiInputOrPriorDefinition() { result = this.(PhiNode).getAnInput() }
private DefinitionExt getAPhiInputOrPriorDefinition() { result = this.(PhiNode).getAnInput() }
/**
* Gets a definition that ultimately defines this SSA definition and is
@@ -1275,6 +1150,37 @@ class DefinitionExt extends SsaImpl::DefinitionExt {
not result instanceof PhiNode
}
/**
* INTERNAL: Do not use.
*/
Node0Impl getValue() { result = getDefImpl(this).getValue() }
/** Gets the indirection index of this definition. */
int getIndirectionIndex() { result = getDefImpl(this).getIndirectionIndex() }
/** Gets the indirection of this definition. */
int getIndirection() { result = getDefImpl(this).getIndirection() }
/**
* Holds if this definition is guaranteed to totally overwrite the buffer
* being written to.
*/
predicate isCertain() { getDefImpl(this).isCertain() }
/**
* Gets the enclosing declaration of this definition.
*
* Note that this may be a variable when this definition defines a global, or
* a static local, variable.
*/
Declaration getFunction() { result = getDefImpl(this).getBlock().getEnclosingFunction() }
/** Gets the underlying type of the variable being defined by this definition. */
Type getUnderlyingType() { result = this.getSourceVariable().getType() }
/** Gets the unspecified type of the variable being defined by this definition. */
Type getUnspecifiedType() { result = this.getUnderlyingType().getUnspecifiedType() }
/** Gets a node that represents a read of this SSA definition. */
pragma[nomagic]
Node getARead() {
@@ -1286,6 +1192,4 @@ class DefinitionExt extends SsaImpl::DefinitionExt {
}
}
class Definition = SsaImpl::Definition;
import SsaCached

4
cpp/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 1.3.4
No user-facing changes.
## 1.3.3
### Minor Analysis Improvements

20
cpp/ql/src/Metrics/Internal/IncludeResolutionStatus.ql Normal file
View File

@@ -0,0 +1,20 @@
/**
* @name Include file resolution status
* @description A count of successful includes and includes that failed to resolve.
* This query is for internal use only and may change without notice.
* @kind table
* @id cpp/include-resolution-status
*/
import cpp
/**
* A cannot open file error.
*
* Typically this is due to a missing include.
*/
class CannotOpenFileError extends CompilerError {
CannotOpenFileError() { this.hasTag(["cannot_open_file", "cannot_open_file_reason"]) }
}
select count(CannotOpenFileError e) as failed_includes, count(Include i) as successful_includes

18
cpp/ql/src/Security/CWE/CWE-078/ExecTainted.ql
View File

@@ -49,11 +49,17 @@ predicate interestingConcatenation(DataFlow::Node incoming, DataFlow::Node outgo
call.getTarget() = op and
op.hasQualifiedName("std", "operator+") and
op.getType().(UserType).hasQualifiedName("std", "basic_string") and
incoming.asIndirectArgument() = call.getArgument(1) and // left operand
incoming.asIndirectArgument() = call.getArgument(1) and // right operand
call = outgoing.asInstruction().getUnconvertedResultExpression()
)
}
/**
* A state will represent the most recent concatenation that occurred in the data flow.
* - `TConcatState` if the concetenation has not yet occurred.
* - `TExecState(incoming, outgoing)`, representing the concatenation of data from `incoming`
* into result `outgoing`.
*/
newtype TState =
TConcatState() or
TExecState(DataFlow::Node incoming, DataFlow::Node outgoing) {
@@ -74,7 +80,9 @@ class ExecState extends TExecState {
DataFlow::Node getOutgoingNode() { result = outgoing }
/** Holds if this is a possible `ExecState` for `sink`. */
/**
* Holds if this is a possible `ExecState` at `sink`, that is, if `outgoing` flows to `sink`.
*/
predicate isFeasibleForSink(DataFlow::Node sink) { ExecState::flow(outgoing, sink) }
string toString() { result = "ExecState" }
@@ -110,6 +118,12 @@ module ExecStateConfig implements DataFlow::ConfigSig {
module ExecState = TaintTracking::Global<ExecStateConfig>;
/**
* A full `TaintTracking` configuration from source to concatenation to sink, using a flow
* state to remember the concatenation. It's important that we track flow to the sink even though
* as soon as we reach the concatenation we know it will get there (due to the check of
* `isFeasibleForSink`), because this way we get a complete flow path.
*/
module ExecTaintConfig implements DataFlow::StateConfigSig {
class FlowState = TState;

3
cpp/ql/src/Security/CWE/CWE-119/OverflowBuffer.ql
View File

@@ -5,8 +5,9 @@
* buffer.
* @kind problem
* @id cpp/overflow-buffer
* @problem.severity recommendation
* @problem.severity warning
* @security-severity 9.3
* @precision medium
* @tags security
* external/cwe/cwe-119
* external/cwe/cwe-121

4
cpp/ql/src/change-notes/2025-02-20-overflow-buffer.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* The query "Call to memory access function may overflow buffer" (`cpp/overflow-buffer`) has been added to the security-extended query suite. The query detects a range of buffer overflow and underflow issues.

4
cpp/ql/src/change-notes/2025-02-27-static-buffer-overflow.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Due to changes in libraries the query "Static array access may cause overflow" (`cpp/static-buffer-overflow`) will no longer report cases where multiple fields of a struct or class are written with a single `memset` or similar operation.

3
cpp/ql/src/change-notes/released/1.3.4.md Normal file
View File

@@ -0,0 +1,3 @@
## 1.3.4
No user-facing changes.

2
cpp/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.3.3
lastReleaseVersion: 1.3.4

2
cpp/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/cpp-queries
version: 1.3.4-dev
version: 1.3.5-dev
groups:
- cpp
- queries

26
cpp/ql/test/library-tests/templates/nontype_instantiations/general/test.expected
View File

@@ -1,13 +1,13 @@
| test.cpp:3:8:3:8 | C<1> | 0 | int | test.cpp:5:25:5:25 | 1 |
| test.cpp:3:8:3:8 | C<2> | 0 | int | file://:0:0:0:0 | 2 |
| test.cpp:3:8:3:8 | C<x> | 0 | int | file://:0:0:0:0 | x |
| test.cpp:10:8:10:8 | D<T, X> | 0 | <none> | test.cpp:9:19:9:19 | T |
| test.cpp:10:8:10:8 | D<T, X> | 1 | T | file://:0:0:0:0 | X |
| test.cpp:10:8:10:8 | D<int, 2> | 0 | <none> | file://:0:0:0:0 | int |
| test.cpp:10:8:10:8 | D<int, 2> | 1 | int | test.cpp:12:8:12:8 | 2 |
| test.cpp:10:8:10:8 | D<long, 2L> | 0 | <none> | file://:0:0:0:0 | long |
| test.cpp:10:8:10:8 | D<long, 2L> | 1 | long | file://:0:0:0:0 | 2 |
| test.cpp:16:8:16:8 | E<T, X> | 0 | <none> | test.cpp:15:19:15:19 | T |
| test.cpp:16:8:16:8 | E<T, X> | 1 | T * | file://:0:0:0:0 | X |
| test.cpp:16:8:16:8 | E<int, (int *)nullptr> | 0 | <none> | file://:0:0:0:0 | int |
| test.cpp:16:8:16:8 | E<int, (int *)nullptr> | 1 | int * | file://:0:0:0:0 | 0 |
| test.cpp:3:8:3:8 | C<1> | 0 | int | test.cpp:5:25:5:25 | 1 | 1 |
| test.cpp:3:8:3:8 | C<2> | 0 | int | file://:0:0:0:0 | 2 | 2 |
| test.cpp:3:8:3:8 | C<x> | 0 | int | file://:0:0:0:0 | x | x |
| test.cpp:10:8:10:8 | D<T, X> | 0 | <none> | test.cpp:9:19:9:19 | T | <none> |
| test.cpp:10:8:10:8 | D<T, X> | 1 | T | file://:0:0:0:0 | X | X |
| test.cpp:10:8:10:8 | D<int, 2> | 0 | <none> | file://:0:0:0:0 | int | <none> |
| test.cpp:10:8:10:8 | D<int, 2> | 1 | int | test.cpp:12:8:12:8 | 2 | 2 |
| test.cpp:10:8:10:8 | D<long, 2L> | 0 | <none> | file://:0:0:0:0 | long | <none> |
| test.cpp:10:8:10:8 | D<long, 2L> | 1 | long | file://:0:0:0:0 | 2 | 2 |
| test.cpp:16:8:16:8 | E<T, X> | 0 | <none> | test.cpp:15:19:15:19 | T | <none> |
| test.cpp:16:8:16:8 | E<T, X> | 1 | T * | file://:0:0:0:0 | X | X |
| test.cpp:16:8:16:8 | E<int, (int *)nullptr> | 0 | <none> | file://:0:0:0:0 | int | <none> |
| test.cpp:16:8:16:8 | E<int, (int *)nullptr> | 1 | int * | file://:0:0:0:0 | 0 | 0 |

12
cpp/ql/test/library-tests/templates/nontype_instantiations/general/test.ql
View File

@@ -9,6 +9,16 @@ string maybeGetTemplateArgumentKind(Declaration d, int i) {
i = [0 .. d.getNumberOfTemplateArguments()]
}
string maybeGetTemplateArgumentValue(Declaration d, int i) {
(
if exists(d.getTemplateArgument(i).(Expr).getValue())
then result = d.getTemplateArgument(i).(Expr).getValue()
else result = "<none>"
) and
i = [0 .. d.getNumberOfTemplateArguments()]
}
from Declaration d, int i
where i >= 0 and i < d.getNumberOfTemplateArguments()
select d, i, maybeGetTemplateArgumentKind(d, i), d.getTemplateArgument(i)
select d, i, maybeGetTemplateArgumentKind(d, i), d.getTemplateArgument(i),
maybeGetTemplateArgumentValue(d, i)

358
cpp/ql/test/query-tests/Security/CWE/CWE-078/semmle/ExecTainted/ExecTainted.expected
View File

@@ -7,68 +7,88 @@ edges
| test.cpp:47:21:47:26 | *call to getenv | test.cpp:50:35:50:43 | *envCflags | provenance | |
| test.cpp:50:11:50:17 | sprintf output argument | test.cpp:51:10:51:16 | *command | provenance | |
| test.cpp:50:35:50:43 | *envCflags | test.cpp:50:11:50:17 | sprintf output argument | provenance | Config |
| test.cpp:62:9:62:16 | fread output argument | test.cpp:64:20:64:27 | *filename | provenance | |
| test.cpp:64:11:64:17 | strncat output argument | test.cpp:65:10:65:16 | *command | provenance | |
| test.cpp:64:20:64:27 | *filename | test.cpp:64:11:64:17 | strncat output argument | provenance | Config |
| test.cpp:82:9:82:16 | fread output argument | test.cpp:84:20:84:27 | *filename | provenance | |
| test.cpp:84:11:84:17 | strncat output argument | test.cpp:85:32:85:38 | *command | provenance | |
| test.cpp:84:20:84:27 | *filename | test.cpp:84:11:84:17 | strncat output argument | provenance | Config |
| test.cpp:91:9:91:16 | fread output argument | test.cpp:93:17:93:24 | *filename | provenance | |
| test.cpp:93:11:93:14 | strncat output argument | test.cpp:94:45:94:48 | *path | provenance | |
| test.cpp:93:17:93:24 | *filename | test.cpp:93:11:93:14 | strncat output argument | provenance | Config |
| test.cpp:106:20:106:38 | *call to getenv | test.cpp:107:33:107:36 | *path | provenance | TaintFunction |
| test.cpp:107:31:107:31 | call to operator+ | test.cpp:107:31:107:31 | call to operator+ | provenance | |
| test.cpp:107:31:107:31 | call to operator+ | test.cpp:108:18:108:22 | *call to c_str | provenance | TaintFunction |
| test.cpp:107:33:107:36 | *path | test.cpp:107:31:107:31 | call to operator+ | provenance | Config |
| test.cpp:113:20:113:38 | *call to getenv | test.cpp:114:19:114:22 | *path | provenance | TaintFunction |
| test.cpp:114:10:114:23 | call to operator+ | test.cpp:114:25:114:29 | *call to c_str | provenance | TaintFunction |
| test.cpp:114:10:114:23 | call to operator+ | test.cpp:114:25:114:29 | *call to c_str | provenance | TaintFunction |
| test.cpp:114:17:114:17 | call to operator+ | test.cpp:114:10:114:23 | call to operator+ | provenance | |
| test.cpp:114:19:114:22 | *path | test.cpp:114:10:114:23 | call to operator+ | provenance | Config |
| test.cpp:114:19:114:22 | *path | test.cpp:114:17:114:17 | call to operator+ | provenance | Config |
| test.cpp:119:20:119:38 | *call to getenv | test.cpp:120:19:120:22 | *path | provenance | TaintFunction |
| test.cpp:120:17:120:17 | call to operator+ | test.cpp:120:10:120:30 | *call to data | provenance | TaintFunction |
| test.cpp:120:19:120:22 | *path | test.cpp:120:17:120:17 | call to operator+ | provenance | Config |
| test.cpp:140:9:140:11 | fread output argument | test.cpp:142:31:142:33 | *str | provenance | |
| test.cpp:142:11:142:17 | sprintf output argument | test.cpp:143:10:143:16 | *command | provenance | |
| test.cpp:142:31:142:33 | *str | test.cpp:142:11:142:17 | sprintf output argument | provenance | Config |
| test.cpp:174:9:174:16 | fread output argument | test.cpp:177:20:177:27 | *filename | provenance | |
| test.cpp:174:9:174:16 | fread output argument | test.cpp:180:22:180:29 | *filename | provenance | |
| test.cpp:177:13:177:17 | strncat output argument | test.cpp:178:22:178:26 | *flags | provenance | |
| test.cpp:177:13:177:17 | strncat output argument | test.cpp:178:22:178:26 | *flags | provenance | |
| test.cpp:177:20:177:27 | *filename | test.cpp:177:13:177:17 | strncat output argument | provenance | Config |
| test.cpp:177:20:177:27 | *filename | test.cpp:177:13:177:17 | strncat output argument | provenance | TaintFunction |
| test.cpp:178:13:178:19 | strncat output argument | test.cpp:183:32:183:38 | *command | provenance | |
| test.cpp:178:13:178:19 | strncat output argument | test.cpp:183:32:183:38 | *command | provenance | |
| test.cpp:178:22:178:26 | *flags | test.cpp:178:13:178:19 | strncat output argument | provenance | Config |
| test.cpp:178:22:178:26 | *flags | test.cpp:178:13:178:19 | strncat output argument | provenance | TaintFunction |
| test.cpp:180:13:180:19 | strncat output argument | test.cpp:183:32:183:38 | *command | provenance | |
| test.cpp:180:22:180:29 | *filename | test.cpp:180:13:180:19 | strncat output argument | provenance | Config |
| test.cpp:186:47:186:54 | *filename | test.cpp:187:18:187:25 | *filename | provenance | |
| test.cpp:187:11:187:15 | strncat output argument | test.cpp:188:20:188:24 | *flags | provenance | |
| test.cpp:187:11:187:15 | strncat output argument | test.cpp:188:20:188:24 | *flags | provenance | |
| test.cpp:187:18:187:25 | *filename | test.cpp:187:11:187:15 | strncat output argument | provenance | Config |
| test.cpp:187:18:187:25 | *filename | test.cpp:187:11:187:15 | strncat output argument | provenance | TaintFunction |
| test.cpp:188:11:188:17 | strncat output argument | test.cpp:186:19:186:25 | *command | provenance | |
| test.cpp:188:11:188:17 | strncat output argument | test.cpp:186:19:186:25 | *command | provenance | |
| test.cpp:188:11:188:17 | strncat output argument | test.cpp:186:19:186:25 | *command [Return] | provenance | |
| test.cpp:188:11:188:17 | strncat output argument | test.cpp:186:19:186:25 | *command [Return] | provenance | |
| test.cpp:188:20:188:24 | *flags | test.cpp:188:11:188:17 | strncat output argument | provenance | Config |
| test.cpp:188:20:188:24 | *flags | test.cpp:188:11:188:17 | strncat output argument | provenance | TaintFunction |
| test.cpp:194:9:194:16 | fread output argument | test.cpp:196:26:196:33 | *filename | provenance | |
| test.cpp:196:10:196:16 | concat output argument | test.cpp:198:32:198:38 | *command | provenance | |
| test.cpp:196:10:196:16 | concat output argument | test.cpp:198:32:198:38 | *command | provenance | |
| test.cpp:196:26:196:33 | *filename | test.cpp:186:47:186:54 | *filename | provenance | |
| test.cpp:196:26:196:33 | *filename | test.cpp:196:10:196:16 | concat output argument | provenance | Config |
| test.cpp:196:26:196:33 | *filename | test.cpp:196:10:196:16 | concat output argument | provenance | TaintFunction |
| test.cpp:218:9:218:16 | fread output argument | test.cpp:220:19:220:26 | *filename | provenance | |
| test.cpp:220:10:220:16 | strncat output argument | test.cpp:220:10:220:16 | strncat output argument | provenance | TaintFunction |
| test.cpp:220:10:220:16 | strncat output argument | test.cpp:220:10:220:16 | strncat output argument | provenance | TaintFunction |
| test.cpp:220:10:220:16 | strncat output argument | test.cpp:222:32:222:38 | *command | provenance | |
| test.cpp:220:10:220:16 | strncat output argument | test.cpp:222:32:222:38 | *command | provenance | |
| test.cpp:220:19:220:26 | *filename | test.cpp:220:10:220:16 | strncat output argument | provenance | Config |
| test.cpp:220:19:220:26 | *filename | test.cpp:220:10:220:16 | strncat output argument | provenance | Config |
| test.cpp:220:19:220:26 | *filename | test.cpp:220:19:220:26 | *filename | provenance | |
| test.cpp:63:9:63:16 | fread output argument | test.cpp:65:20:65:27 | *filename | provenance | |
| test.cpp:65:11:65:17 | strncat output argument | test.cpp:66:10:66:16 | *command | provenance | |
| test.cpp:65:20:65:27 | *filename | test.cpp:65:11:65:17 | strncat output argument | provenance | Config |
| test.cpp:83:9:83:16 | fread output argument | test.cpp:85:20:85:27 | *filename | provenance | |
| test.cpp:85:11:85:17 | strncat output argument | test.cpp:86:32:86:38 | *command | provenance | |
| test.cpp:85:20:85:27 | *filename | test.cpp:85:11:85:17 | strncat output argument | provenance | Config |
| test.cpp:92:9:92:16 | fread output argument | test.cpp:94:17:94:24 | *filename | provenance | |
| test.cpp:94:11:94:14 | strncat output argument | test.cpp:95:45:95:48 | *path | provenance | |
| test.cpp:94:17:94:24 | *filename | test.cpp:94:11:94:14 | strncat output argument | provenance | Config |
| test.cpp:107:20:107:38 | *call to getenv | test.cpp:108:33:108:36 | *path | provenance | TaintFunction |
| test.cpp:108:31:108:31 | call to operator+ | test.cpp:108:31:108:31 | call to operator+ | provenance | |
| test.cpp:108:31:108:31 | call to operator+ | test.cpp:109:18:109:22 | *call to c_str | provenance | TaintFunction |
| test.cpp:108:33:108:36 | *path | test.cpp:108:31:108:31 | call to operator+ | provenance | Config |
| test.cpp:114:20:114:38 | *call to getenv | test.cpp:115:19:115:22 | *path | provenance | TaintFunction |
| test.cpp:115:10:115:23 | call to operator+ | test.cpp:115:25:115:29 | *call to c_str | provenance | TaintFunction |
| test.cpp:115:10:115:23 | call to operator+ | test.cpp:115:25:115:29 | *call to c_str | provenance | TaintFunction |
| test.cpp:115:17:115:17 | call to operator+ | test.cpp:115:10:115:23 | call to operator+ | provenance | |
| test.cpp:115:19:115:22 | *path | test.cpp:115:10:115:23 | call to operator+ | provenance | Config |
| test.cpp:115:19:115:22 | *path | test.cpp:115:17:115:17 | call to operator+ | provenance | Config |
| test.cpp:120:20:120:38 | *call to getenv | test.cpp:121:19:121:22 | *path | provenance | TaintFunction |
| test.cpp:121:17:121:17 | call to operator+ | test.cpp:121:10:121:30 | *call to data | provenance | TaintFunction |
| test.cpp:121:19:121:22 | *path | test.cpp:121:17:121:17 | call to operator+ | provenance | Config |
| test.cpp:141:9:141:11 | fread output argument | test.cpp:143:31:143:33 | *str | provenance | |
| test.cpp:143:11:143:17 | sprintf output argument | test.cpp:144:10:144:16 | *command | provenance | |
| test.cpp:143:31:143:33 | *str | test.cpp:143:11:143:17 | sprintf output argument | provenance | Config |
| test.cpp:175:9:175:16 | fread output argument | test.cpp:178:20:178:27 | *filename | provenance | |
| test.cpp:175:9:175:16 | fread output argument | test.cpp:181:22:181:29 | *filename | provenance | |
| test.cpp:178:13:178:17 | strncat output argument | test.cpp:179:22:179:26 | *flags | provenance | |
| test.cpp:178:13:178:17 | strncat output argument | test.cpp:179:22:179:26 | *flags | provenance | |
| test.cpp:178:20:178:27 | *filename | test.cpp:178:13:178:17 | strncat output argument | provenance | Config |
| test.cpp:178:20:178:27 | *filename | test.cpp:178:13:178:17 | strncat output argument | provenance | TaintFunction |
| test.cpp:179:13:179:19 | strncat output argument | test.cpp:184:32:184:38 | *command | provenance | |
| test.cpp:179:13:179:19 | strncat output argument | test.cpp:184:32:184:38 | *command | provenance | |
| test.cpp:179:22:179:26 | *flags | test.cpp:179:13:179:19 | strncat output argument | provenance | Config |
| test.cpp:179:22:179:26 | *flags | test.cpp:179:13:179:19 | strncat output argument | provenance | TaintFunction |
| test.cpp:181:13:181:19 | strncat output argument | test.cpp:184:32:184:38 | *command | provenance | |
| test.cpp:181:22:181:29 | *filename | test.cpp:181:13:181:19 | strncat output argument | provenance | Config |
| test.cpp:187:47:187:54 | *filename | test.cpp:188:18:188:25 | *filename | provenance | |
| test.cpp:188:11:188:15 | strncat output argument | test.cpp:189:20:189:24 | *flags | provenance | |
| test.cpp:188:11:188:15 | strncat output argument | test.cpp:189:20:189:24 | *flags | provenance | |
| test.cpp:188:18:188:25 | *filename | test.cpp:188:11:188:15 | strncat output argument | provenance | Config |
| test.cpp:188:18:188:25 | *filename | test.cpp:188:11:188:15 | strncat output argument | provenance | TaintFunction |
| test.cpp:189:11:189:17 | strncat output argument | test.cpp:187:19:187:25 | *command | provenance | |
| test.cpp:189:11:189:17 | strncat output argument | test.cpp:187:19:187:25 | *command | provenance | |
| test.cpp:189:11:189:17 | strncat output argument | test.cpp:187:19:187:25 | *command [Return] | provenance | |
| test.cpp:189:11:189:17 | strncat output argument | test.cpp:187:19:187:25 | *command [Return] | provenance | |
| test.cpp:189:20:189:24 | *flags | test.cpp:189:11:189:17 | strncat output argument | provenance | Config |
| test.cpp:189:20:189:24 | *flags | test.cpp:189:11:189:17 | strncat output argument | provenance | TaintFunction |
| test.cpp:195:9:195:16 | fread output argument | test.cpp:197:26:197:33 | *filename | provenance | |
| test.cpp:197:10:197:16 | concat output argument | test.cpp:199:32:199:38 | *command | provenance | |
| test.cpp:197:10:197:16 | concat output argument | test.cpp:199:32:199:38 | *command | provenance | |
| test.cpp:197:26:197:33 | *filename | test.cpp:187:47:187:54 | *filename | provenance | |
| test.cpp:197:26:197:33 | *filename | test.cpp:197:10:197:16 | concat output argument | provenance | Config |
| test.cpp:197:26:197:33 | *filename | test.cpp:197:10:197:16 | concat output argument | provenance | TaintFunction |
| test.cpp:219:9:219:16 | fread output argument | test.cpp:221:19:221:26 | *filename | provenance | |
| test.cpp:221:10:221:16 | strncat output argument | test.cpp:221:10:221:16 | strncat output argument | provenance | TaintFunction |
| test.cpp:221:10:221:16 | strncat output argument | test.cpp:221:10:221:16 | strncat output argument | provenance | TaintFunction |
| test.cpp:221:10:221:16 | strncat output argument | test.cpp:223:32:223:38 | *command | provenance | |
| test.cpp:221:10:221:16 | strncat output argument | test.cpp:223:32:223:38 | *command | provenance | |
| test.cpp:221:19:221:26 | *filename | test.cpp:221:10:221:16 | strncat output argument | provenance | Config |
| test.cpp:221:19:221:26 | *filename | test.cpp:221:10:221:16 | strncat output argument | provenance | Config |
| test.cpp:221:19:221:26 | *filename | test.cpp:221:19:221:26 | *filename | provenance | |
| test.cpp:231:11:231:16 | strncat output argument | test.cpp:232:11:232:16 | strncat output argument | provenance | TaintFunction |
| test.cpp:231:19:231:33 | *call to getenv | test.cpp:231:11:231:16 | strncat output argument | provenance | Config |
| test.cpp:232:11:232:16 | strncat output argument | test.cpp:233:11:233:16 | strncat output argument | provenance | TaintFunction |
| test.cpp:232:11:232:16 | strncat output argument | test.cpp:233:11:233:16 | strncat output argument | provenance | TaintFunction |
| test.cpp:232:19:232:33 | *call to getenv | test.cpp:232:11:232:16 | strncat output argument | provenance | Config |
| test.cpp:233:11:233:16 | strncat output argument | test.cpp:234:10:234:15 | *buffer | provenance | |
| test.cpp:233:11:233:16 | strncat output argument | test.cpp:234:10:234:15 | *buffer | provenance | |
| test.cpp:242:11:242:17 | sprintf output argument | test.cpp:247:5:247:11 | *buffer1 | provenance | |
| test.cpp:242:11:242:17 | sprintf output argument | test.cpp:247:5:247:11 | *buffer1 | provenance | |
| test.cpp:243:5:243:10 | *call to getenv | test.cpp:242:11:242:17 | sprintf output argument | provenance | TaintFunction |
| test.cpp:244:5:244:10 | *call to getenv | test.cpp:242:11:242:17 | sprintf output argument | provenance | Config |
| test.cpp:244:5:244:10 | *call to getenv | test.cpp:242:11:242:17 | sprintf output argument | provenance | TaintFunction |
| test.cpp:245:11:245:17 | sprintf output argument | test.cpp:249:10:249:16 | *buffer2 | provenance | |
| test.cpp:245:11:245:17 | sprintf output argument | test.cpp:249:10:249:16 | *buffer2 | provenance | |
| test.cpp:245:11:245:17 | sprintf output argument | test.cpp:249:10:249:16 | *buffer2 | provenance | |
| test.cpp:247:5:247:11 | *buffer1 | test.cpp:245:11:245:17 | sprintf output argument | provenance | Config |
| test.cpp:247:5:247:11 | *buffer1 | test.cpp:245:11:245:17 | sprintf output argument | provenance | TaintFunction |
| test.cpp:248:5:248:10 | *call to getenv | test.cpp:245:11:245:17 | sprintf output argument | provenance | Config |
| test.cpp:259:13:259:18 | strncat output argument | test.cpp:261:10:261:15 | *buffer | provenance | |
| test.cpp:259:21:259:35 | *call to getenv | test.cpp:259:13:259:18 | strncat output argument | provenance | Config |
nodes
| test.cpp:15:27:15:30 | **argv | semmle.label | **argv |
| test.cpp:16:20:16:26 | *access to array | semmle.label | *access to array |
@@ -80,98 +100,130 @@ nodes
| test.cpp:50:11:50:17 | sprintf output argument | semmle.label | sprintf output argument |
| test.cpp:50:35:50:43 | *envCflags | semmle.label | *envCflags |
| test.cpp:51:10:51:16 | *command | semmle.label | *command |
| test.cpp:62:9:62:16 | fread output argument | semmle.label | fread output argument |
| test.cpp:64:11:64:17 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:64:20:64:27 | *filename | semmle.label | *filename |
| test.cpp:65:10:65:16 | *command | semmle.label | *command |
| test.cpp:82:9:82:16 | fread output argument | semmle.label | fread output argument |
| test.cpp:84:11:84:17 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:84:20:84:27 | *filename | semmle.label | *filename |
| test.cpp:85:32:85:38 | *command | semmle.label | *command |
| test.cpp:91:9:91:16 | fread output argument | semmle.label | fread output argument |
| test.cpp:93:11:93:14 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:93:17:93:24 | *filename | semmle.label | *filename |
| test.cpp:94:45:94:48 | *path | semmle.label | *path |
| test.cpp:106:20:106:38 | *call to getenv | semmle.label | *call to getenv |
| test.cpp:107:31:107:31 | call to operator+ | semmle.label | call to operator+ |
| test.cpp:107:31:107:31 | call to operator+ | semmle.label | call to operator+ |
| test.cpp:107:33:107:36 | *path | semmle.label | *path |
| test.cpp:108:18:108:22 | *call to c_str | semmle.label | *call to c_str |
| test.cpp:113:20:113:38 | *call to getenv | semmle.label | *call to getenv |
| test.cpp:114:10:114:23 | call to operator+ | semmle.label | call to operator+ |
| test.cpp:114:10:114:23 | call to operator+ | semmle.label | call to operator+ |
| test.cpp:114:17:114:17 | call to operator+ | semmle.label | call to operator+ |
| test.cpp:114:19:114:22 | *path | semmle.label | *path |
| test.cpp:114:25:114:29 | *call to c_str | semmle.label | *call to c_str |
| test.cpp:114:25:114:29 | *call to c_str | semmle.label | *call to c_str |
| test.cpp:119:20:119:38 | *call to getenv | semmle.label | *call to getenv |
| test.cpp:120:10:120:30 | *call to data | semmle.label | *call to data |
| test.cpp:120:17:120:17 | call to operator+ | semmle.label | call to operator+ |
| test.cpp:120:19:120:22 | *path | semmle.label | *path |
| test.cpp:140:9:140:11 | fread output argument | semmle.label | fread output argument |
| test.cpp:142:11:142:17 | sprintf output argument | semmle.label | sprintf output argument |
| test.cpp:142:31:142:33 | *str | semmle.label | *str |
| test.cpp:143:10:143:16 | *command | semmle.label | *command |
| test.cpp:174:9:174:16 | fread output argument | semmle.label | fread output argument |
| test.cpp:177:13:177:17 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:177:13:177:17 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:177:20:177:27 | *filename | semmle.label | *filename |
| test.cpp:178:13:178:19 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:178:13:178:19 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:178:22:178:26 | *flags | semmle.label | *flags |
| test.cpp:178:22:178:26 | *flags | semmle.label | *flags |
| test.cpp:180:13:180:19 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:180:22:180:29 | *filename | semmle.label | *filename |
| test.cpp:183:32:183:38 | *command | semmle.label | *command |
| test.cpp:183:32:183:38 | *command | semmle.label | *command |
| test.cpp:183:32:183:38 | *command | semmle.label | *command |
| test.cpp:186:19:186:25 | *command | semmle.label | *command |
| test.cpp:186:19:186:25 | *command | semmle.label | *command |
| test.cpp:186:19:186:25 | *command [Return] | semmle.label | *command [Return] |
| test.cpp:186:19:186:25 | *command [Return] | semmle.label | *command [Return] |
| test.cpp:186:47:186:54 | *filename | semmle.label | *filename |
| test.cpp:187:11:187:15 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:187:11:187:15 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:187:18:187:25 | *filename | semmle.label | *filename |
| test.cpp:188:11:188:17 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:188:11:188:17 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:188:20:188:24 | *flags | semmle.label | *flags |
| test.cpp:188:20:188:24 | *flags | semmle.label | *flags |
| test.cpp:194:9:194:16 | fread output argument | semmle.label | fread output argument |
| test.cpp:196:10:196:16 | concat output argument | semmle.label | concat output argument |
| test.cpp:196:10:196:16 | concat output argument | semmle.label | concat output argument |
| test.cpp:196:26:196:33 | *filename | semmle.label | *filename |
| test.cpp:198:32:198:38 | *command | semmle.label | *command |
| test.cpp:198:32:198:38 | *command | semmle.label | *command |
| test.cpp:218:9:218:16 | fread output argument | semmle.label | fread output argument |
| test.cpp:220:10:220:16 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:220:10:220:16 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:220:10:220:16 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:220:10:220:16 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:220:19:220:26 | *filename | semmle.label | *filename |
| test.cpp:220:19:220:26 | *filename | semmle.label | *filename |
| test.cpp:222:32:222:38 | *command | semmle.label | *command |
| test.cpp:222:32:222:38 | *command | semmle.label | *command |
| test.cpp:63:9:63:16 | fread output argument | semmle.label | fread output argument |
| test.cpp:65:11:65:17 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:65:20:65:27 | *filename | semmle.label | *filename |
| test.cpp:66:10:66:16 | *command | semmle.label | *command |
| test.cpp:83:9:83:16 | fread output argument | semmle.label | fread output argument |
| test.cpp:85:11:85:17 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:85:20:85:27 | *filename | semmle.label | *filename |
| test.cpp:86:32:86:38 | *command | semmle.label | *command |
| test.cpp:92:9:92:16 | fread output argument | semmle.label | fread output argument |
| test.cpp:94:11:94:14 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:94:17:94:24 | *filename | semmle.label | *filename |
| test.cpp:95:45:95:48 | *path | semmle.label | *path |
| test.cpp:107:20:107:38 | *call to getenv | semmle.label | *call to getenv |
| test.cpp:108:31:108:31 | call to operator+ | semmle.label | call to operator+ |
| test.cpp:108:31:108:31 | call to operator+ | semmle.label | call to operator+ |
| test.cpp:108:33:108:36 | *path | semmle.label | *path |
| test.cpp:109:18:109:22 | *call to c_str | semmle.label | *call to c_str |
| test.cpp:114:20:114:38 | *call to getenv | semmle.label | *call to getenv |
| test.cpp:115:10:115:23 | call to operator+ | semmle.label | call to operator+ |
| test.cpp:115:10:115:23 | call to operator+ | semmle.label | call to operator+ |
| test.cpp:115:17:115:17 | call to operator+ | semmle.label | call to operator+ |
| test.cpp:115:19:115:22 | *path | semmle.label | *path |
| test.cpp:115:25:115:29 | *call to c_str | semmle.label | *call to c_str |
| test.cpp:115:25:115:29 | *call to c_str | semmle.label | *call to c_str |
| test.cpp:120:20:120:38 | *call to getenv | semmle.label | *call to getenv |
| test.cpp:121:10:121:30 | *call to data | semmle.label | *call to data |
| test.cpp:121:17:121:17 | call to operator+ | semmle.label | call to operator+ |
| test.cpp:121:19:121:22 | *path | semmle.label | *path |
| test.cpp:141:9:141:11 | fread output argument | semmle.label | fread output argument |
| test.cpp:143:11:143:17 | sprintf output argument | semmle.label | sprintf output argument |
| test.cpp:143:31:143:33 | *str | semmle.label | *str |
| test.cpp:144:10:144:16 | *command | semmle.label | *command |
| test.cpp:175:9:175:16 | fread output argument | semmle.label | fread output argument |
| test.cpp:178:13:178:17 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:178:13:178:17 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:178:20:178:27 | *filename | semmle.label | *filename |
| test.cpp:179:13:179:19 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:179:13:179:19 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:179:22:179:26 | *flags | semmle.label | *flags |
| test.cpp:179:22:179:26 | *flags | semmle.label | *flags |
| test.cpp:181:13:181:19 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:181:22:181:29 | *filename | semmle.label | *filename |
| test.cpp:184:32:184:38 | *command | semmle.label | *command |
| test.cpp:184:32:184:38 | *command | semmle.label | *command |
| test.cpp:184:32:184:38 | *command | semmle.label | *command |
| test.cpp:187:19:187:25 | *command | semmle.label | *command |
| test.cpp:187:19:187:25 | *command | semmle.label | *command |
| test.cpp:187:19:187:25 | *command [Return] | semmle.label | *command [Return] |
| test.cpp:187:19:187:25 | *command [Return] | semmle.label | *command [Return] |
| test.cpp:187:47:187:54 | *filename | semmle.label | *filename |
| test.cpp:188:11:188:15 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:188:11:188:15 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:188:18:188:25 | *filename | semmle.label | *filename |
| test.cpp:189:11:189:17 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:189:11:189:17 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:189:20:189:24 | *flags | semmle.label | *flags |
| test.cpp:189:20:189:24 | *flags | semmle.label | *flags |
| test.cpp:195:9:195:16 | fread output argument | semmle.label | fread output argument |
| test.cpp:197:10:197:16 | concat output argument | semmle.label | concat output argument |
| test.cpp:197:10:197:16 | concat output argument | semmle.label | concat output argument |
| test.cpp:197:26:197:33 | *filename | semmle.label | *filename |
| test.cpp:199:32:199:38 | *command | semmle.label | *command |
| test.cpp:199:32:199:38 | *command | semmle.label | *command |
| test.cpp:219:9:219:16 | fread output argument | semmle.label | fread output argument |
| test.cpp:221:10:221:16 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:221:10:221:16 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:221:10:221:16 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:221:10:221:16 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:221:19:221:26 | *filename | semmle.label | *filename |
| test.cpp:221:19:221:26 | *filename | semmle.label | *filename |
| test.cpp:223:32:223:38 | *command | semmle.label | *command |
| test.cpp:223:32:223:38 | *command | semmle.label | *command |
| test.cpp:231:11:231:16 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:231:19:231:33 | *call to getenv | semmle.label | *call to getenv |
| test.cpp:232:11:232:16 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:232:11:232:16 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:232:19:232:33 | *call to getenv | semmle.label | *call to getenv |
| test.cpp:233:11:233:16 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:233:11:233:16 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:234:10:234:15 | *buffer | semmle.label | *buffer |
| test.cpp:234:10:234:15 | *buffer | semmle.label | *buffer |
| test.cpp:242:11:242:17 | sprintf output argument | semmle.label | sprintf output argument |
| test.cpp:242:11:242:17 | sprintf output argument | semmle.label | sprintf output argument |
| test.cpp:243:5:243:10 | *call to getenv | semmle.label | *call to getenv |
| test.cpp:244:5:244:10 | *call to getenv | semmle.label | *call to getenv |
| test.cpp:245:11:245:17 | sprintf output argument | semmle.label | sprintf output argument |
| test.cpp:245:11:245:17 | sprintf output argument | semmle.label | sprintf output argument |
| test.cpp:245:11:245:17 | sprintf output argument | semmle.label | sprintf output argument |
| test.cpp:247:5:247:11 | *buffer1 | semmle.label | *buffer1 |
| test.cpp:247:5:247:11 | *buffer1 | semmle.label | *buffer1 |
| test.cpp:248:5:248:10 | *call to getenv | semmle.label | *call to getenv |
| test.cpp:249:10:249:16 | *buffer2 | semmle.label | *buffer2 |
| test.cpp:249:10:249:16 | *buffer2 | semmle.label | *buffer2 |
| test.cpp:249:10:249:16 | *buffer2 | semmle.label | *buffer2 |
| test.cpp:259:13:259:18 | strncat output argument | semmle.label | strncat output argument |
| test.cpp:259:21:259:35 | *call to getenv | semmle.label | *call to getenv |
| test.cpp:261:10:261:15 | *buffer | semmle.label | *buffer |
subpaths
| test.cpp:196:26:196:33 | *filename | test.cpp:186:47:186:54 | *filename | test.cpp:186:19:186:25 | *command | test.cpp:196:10:196:16 | concat output argument |
| test.cpp:196:26:196:33 | *filename | test.cpp:186:47:186:54 | *filename | test.cpp:186:19:186:25 | *command | test.cpp:196:10:196:16 | concat output argument |
| test.cpp:196:26:196:33 | *filename | test.cpp:186:47:186:54 | *filename | test.cpp:186:19:186:25 | *command [Return] | test.cpp:196:10:196:16 | concat output argument |
| test.cpp:196:26:196:33 | *filename | test.cpp:186:47:186:54 | *filename | test.cpp:186:19:186:25 | *command [Return] | test.cpp:196:10:196:16 | concat output argument |
| test.cpp:197:26:197:33 | *filename | test.cpp:187:47:187:54 | *filename | test.cpp:187:19:187:25 | *command | test.cpp:197:10:197:16 | concat output argument |
| test.cpp:197:26:197:33 | *filename | test.cpp:187:47:187:54 | *filename | test.cpp:187:19:187:25 | *command | test.cpp:197:10:197:16 | concat output argument |
| test.cpp:197:26:197:33 | *filename | test.cpp:187:47:187:54 | *filename | test.cpp:187:19:187:25 | *command [Return] | test.cpp:197:10:197:16 | concat output argument |
| test.cpp:197:26:197:33 | *filename | test.cpp:187:47:187:54 | *filename | test.cpp:187:19:187:25 | *command [Return] | test.cpp:197:10:197:16 | concat output argument |
#select
| test.cpp:23:12:23:19 | command1 | test.cpp:15:27:15:30 | **argv | test.cpp:23:12:23:19 | *command1 | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:15:27:15:30 | **argv | user input (a command-line argument) | test.cpp:22:13:22:20 | sprintf output argument | sprintf output argument |
| test.cpp:51:10:51:16 | command | test.cpp:47:21:47:26 | *call to getenv | test.cpp:51:10:51:16 | *command | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:47:21:47:26 | *call to getenv | user input (an environment variable) | test.cpp:50:11:50:17 | sprintf output argument | sprintf output argument |
| test.cpp:65:10:65:16 | command | test.cpp:62:9:62:16 | fread output argument | test.cpp:65:10:65:16 | *command | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:62:9:62:16 | fread output argument | user input (string read by fread) | test.cpp:64:11:64:17 | strncat output argument | strncat output argument |
| test.cpp:85:32:85:38 | command | test.cpp:82:9:82:16 | fread output argument | test.cpp:85:32:85:38 | *command | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:82:9:82:16 | fread output argument | user input (string read by fread) | test.cpp:84:11:84:17 | strncat output argument | strncat output argument |
| test.cpp:94:45:94:48 | path | test.cpp:91:9:91:16 | fread output argument | test.cpp:94:45:94:48 | *path | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:91:9:91:16 | fread output argument | user input (string read by fread) | test.cpp:93:11:93:14 | strncat output argument | strncat output argument |
| test.cpp:108:18:108:22 | call to c_str | test.cpp:106:20:106:38 | *call to getenv | test.cpp:108:18:108:22 | *call to c_str | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:106:20:106:38 | *call to getenv | user input (an environment variable) | test.cpp:107:31:107:31 | call to operator+ | call to operator+ |
| test.cpp:114:25:114:29 | call to c_str | test.cpp:113:20:113:38 | *call to getenv | test.cpp:114:25:114:29 | *call to c_str | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:113:20:113:38 | *call to getenv | user input (an environment variable) | test.cpp:114:10:114:23 | call to operator+ | call to operator+ |
| test.cpp:114:25:114:29 | call to c_str | test.cpp:113:20:113:38 | *call to getenv | test.cpp:114:25:114:29 | *call to c_str | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:113:20:113:38 | *call to getenv | user input (an environment variable) | test.cpp:114:17:114:17 | call to operator+ | call to operator+ |
| test.cpp:120:25:120:28 | call to data | test.cpp:119:20:119:38 | *call to getenv | test.cpp:120:10:120:30 | *call to data | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:119:20:119:38 | *call to getenv | user input (an environment variable) | test.cpp:120:17:120:17 | call to operator+ | call to operator+ |
| test.cpp:143:10:143:16 | command | test.cpp:140:9:140:11 | fread output argument | test.cpp:143:10:143:16 | *command | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:140:9:140:11 | fread output argument | user input (string read by fread) | test.cpp:142:11:142:17 | sprintf output argument | sprintf output argument |
| test.cpp:183:32:183:38 | command | test.cpp:174:9:174:16 | fread output argument | test.cpp:183:32:183:38 | *command | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:174:9:174:16 | fread output argument | user input (string read by fread) | test.cpp:177:13:177:17 | strncat output argument | strncat output argument |
| test.cpp:183:32:183:38 | command | test.cpp:174:9:174:16 | fread output argument | test.cpp:183:32:183:38 | *command | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:174:9:174:16 | fread output argument | user input (string read by fread) | test.cpp:178:13:178:19 | strncat output argument | strncat output argument |
| test.cpp:183:32:183:38 | command | test.cpp:174:9:174:16 | fread output argument | test.cpp:183:32:183:38 | *command | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:174:9:174:16 | fread output argument | user input (string read by fread) | test.cpp:180:13:180:19 | strncat output argument | strncat output argument |
| test.cpp:198:32:198:38 | command | test.cpp:194:9:194:16 | fread output argument | test.cpp:198:32:198:38 | *command | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:194:9:194:16 | fread output argument | user input (string read by fread) | test.cpp:187:11:187:15 | strncat output argument | strncat output argument |
| test.cpp:198:32:198:38 | command | test.cpp:194:9:194:16 | fread output argument | test.cpp:198:32:198:38 | *command | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:194:9:194:16 | fread output argument | user input (string read by fread) | test.cpp:188:11:188:17 | strncat output argument | strncat output argument |
| test.cpp:222:32:222:38 | command | test.cpp:218:9:218:16 | fread output argument | test.cpp:222:32:222:38 | *command | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:218:9:218:16 | fread output argument | user input (string read by fread) | test.cpp:220:10:220:16 | strncat output argument | strncat output argument |
| test.cpp:222:32:222:38 | command | test.cpp:218:9:218:16 | fread output argument | test.cpp:222:32:222:38 | *command | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:218:9:218:16 | fread output argument | user input (string read by fread) | test.cpp:220:10:220:16 | strncat output argument | strncat output argument |
| test.cpp:66:10:66:16 | command | test.cpp:63:9:63:16 | fread output argument | test.cpp:66:10:66:16 | *command | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:63:9:63:16 | fread output argument | user input (string read by fread) | test.cpp:65:11:65:17 | strncat output argument | strncat output argument |
| test.cpp:86:32:86:38 | command | test.cpp:83:9:83:16 | fread output argument | test.cpp:86:32:86:38 | *command | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:83:9:83:16 | fread output argument | user input (string read by fread) | test.cpp:85:11:85:17 | strncat output argument | strncat output argument |
| test.cpp:95:45:95:48 | path | test.cpp:92:9:92:16 | fread output argument | test.cpp:95:45:95:48 | *path | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:92:9:92:16 | fread output argument | user input (string read by fread) | test.cpp:94:11:94:14 | strncat output argument | strncat output argument |
| test.cpp:109:18:109:22 | call to c_str | test.cpp:107:20:107:38 | *call to getenv | test.cpp:109:18:109:22 | *call to c_str | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:107:20:107:38 | *call to getenv | user input (an environment variable) | test.cpp:108:31:108:31 | call to operator+ | call to operator+ |
| test.cpp:115:25:115:29 | call to c_str | test.cpp:114:20:114:38 | *call to getenv | test.cpp:115:25:115:29 | *call to c_str | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:114:20:114:38 | *call to getenv | user input (an environment variable) | test.cpp:115:10:115:23 | call to operator+ | call to operator+ |
| test.cpp:115:25:115:29 | call to c_str | test.cpp:114:20:114:38 | *call to getenv | test.cpp:115:25:115:29 | *call to c_str | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:114:20:114:38 | *call to getenv | user input (an environment variable) | test.cpp:115:17:115:17 | call to operator+ | call to operator+ |
| test.cpp:121:25:121:28 | call to data | test.cpp:120:20:120:38 | *call to getenv | test.cpp:121:10:121:30 | *call to data | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:120:20:120:38 | *call to getenv | user input (an environment variable) | test.cpp:121:17:121:17 | call to operator+ | call to operator+ |
| test.cpp:144:10:144:16 | command | test.cpp:141:9:141:11 | fread output argument | test.cpp:144:10:144:16 | *command | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:141:9:141:11 | fread output argument | user input (string read by fread) | test.cpp:143:11:143:17 | sprintf output argument | sprintf output argument |
| test.cpp:184:32:184:38 | command | test.cpp:175:9:175:16 | fread output argument | test.cpp:184:32:184:38 | *command | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:175:9:175:16 | fread output argument | user input (string read by fread) | test.cpp:178:13:178:17 | strncat output argument | strncat output argument |
| test.cpp:184:32:184:38 | command | test.cpp:175:9:175:16 | fread output argument | test.cpp:184:32:184:38 | *command | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:175:9:175:16 | fread output argument | user input (string read by fread) | test.cpp:179:13:179:19 | strncat output argument | strncat output argument |
| test.cpp:184:32:184:38 | command | test.cpp:175:9:175:16 | fread output argument | test.cpp:184:32:184:38 | *command | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:175:9:175:16 | fread output argument | user input (string read by fread) | test.cpp:181:13:181:19 | strncat output argument | strncat output argument |
| test.cpp:199:32:199:38 | command | test.cpp:195:9:195:16 | fread output argument | test.cpp:199:32:199:38 | *command | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:195:9:195:16 | fread output argument | user input (string read by fread) | test.cpp:188:11:188:15 | strncat output argument | strncat output argument |
| test.cpp:199:32:199:38 | command | test.cpp:195:9:195:16 | fread output argument | test.cpp:199:32:199:38 | *command | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:195:9:195:16 | fread output argument | user input (string read by fread) | test.cpp:189:11:189:17 | strncat output argument | strncat output argument |
| test.cpp:223:32:223:38 | command | test.cpp:219:9:219:16 | fread output argument | test.cpp:223:32:223:38 | *command | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:219:9:219:16 | fread output argument | user input (string read by fread) | test.cpp:221:10:221:16 | strncat output argument | strncat output argument |
| test.cpp:223:32:223:38 | command | test.cpp:219:9:219:16 | fread output argument | test.cpp:223:32:223:38 | *command | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:219:9:219:16 | fread output argument | user input (string read by fread) | test.cpp:221:10:221:16 | strncat output argument | strncat output argument |
| test.cpp:234:10:234:15 | buffer | test.cpp:231:19:231:33 | *call to getenv | test.cpp:234:10:234:15 | *buffer | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:231:19:231:33 | *call to getenv | user input (an environment variable) | test.cpp:231:11:231:16 | strncat output argument | strncat output argument |
| test.cpp:234:10:234:15 | buffer | test.cpp:232:19:232:33 | *call to getenv | test.cpp:234:10:234:15 | *buffer | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:232:19:232:33 | *call to getenv | user input (an environment variable) | test.cpp:232:11:232:16 | strncat output argument | strncat output argument |
| test.cpp:249:10:249:16 | buffer2 | test.cpp:243:5:243:10 | *call to getenv | test.cpp:249:10:249:16 | *buffer2 | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:243:5:243:10 | *call to getenv | user input (an environment variable) | test.cpp:245:11:245:17 | sprintf output argument | sprintf output argument |
| test.cpp:249:10:249:16 | buffer2 | test.cpp:244:5:244:10 | *call to getenv | test.cpp:249:10:249:16 | *buffer2 | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:244:5:244:10 | *call to getenv | user input (an environment variable) | test.cpp:242:11:242:17 | sprintf output argument | sprintf output argument |
| test.cpp:249:10:249:16 | buffer2 | test.cpp:244:5:244:10 | *call to getenv | test.cpp:249:10:249:16 | *buffer2 | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:244:5:244:10 | *call to getenv | user input (an environment variable) | test.cpp:245:11:245:17 | sprintf output argument | sprintf output argument |
| test.cpp:249:10:249:16 | buffer2 | test.cpp:248:5:248:10 | *call to getenv | test.cpp:249:10:249:16 | *buffer2 | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:248:5:248:10 | *call to getenv | user input (an environment variable) | test.cpp:245:11:245:17 | sprintf output argument | sprintf output argument |
| test.cpp:261:10:261:15 | buffer | test.cpp:259:21:259:35 | *call to getenv | test.cpp:261:10:261:15 | *buffer | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:259:21:259:35 | *call to getenv | user input (an environment variable) | test.cpp:259:13:259:18 | strncat output argument | strncat output argument |

53
cpp/ql/test/query-tests/Security/CWE/CWE-078/semmle/ExecTainted/test.cpp
View File

@@ -14,7 +14,7 @@ extern void encodeShellString(char *shellStr, int maxChars, const char* cStr);
int main(int argc, char** argv) {
char *userName = argv[2];
{
// BAD: a string from the user is injected directly into
// a command.
@@ -23,10 +23,10 @@ int main(int argc, char** argv) {
system(command1);
}
{
{
// GOOD: the user string is encoded by a library routine.
char userNameQuoted[1000] = {0};
encodeShellString(userNameQuoted, 1000, userName);
encodeShellString(userNameQuoted, 1000, userName);
char command2[1000] = {0};
sprintf(command2, "userinfo -v %s", userNameQuoted);
system(command2);
@@ -36,16 +36,16 @@ int main(int argc, char** argv) {
void test2(char* arg2) {
// GOOD?: the user string is the *first* part of the command, like $CC in many environments
char *envCC = getenv("CC");
char command[1000];
sprintf("%s %s", envCC, arg2);
sprintf(command, "%s %s", envCC, arg2);
system(command);
}
void test3(char* arg1) {
// GOOD?: the user string is a `$CFLAGS` environment variable
char *envCflags = getenv("CFLAGS");
char command[1000];
sprintf(command, "%s %s", arg1, envCflags);
system(command);
@@ -54,6 +54,7 @@ void test3(char* arg1) {
typedef unsigned long size_t;
typedef void FILE;
size_t fread(void *ptr, size_t size, size_t nmemb, FILE *stream);
char *strncpy(char *s1, const char *s2, size_t n);
char *strncat(char *s1, const char *s2, size_t n);
void test4(FILE *f) {
@@ -160,7 +161,7 @@ void test15(FILE *f) {
fread(temp, 1, 10, f);
int x = atoi(temp);
char temp2[10];
sprintf(temp2, "%d", x);
sprintf(command, "tail -n %s foo.log", temp2);
@@ -222,4 +223,42 @@ void test19(FILE *f) {
execl("/bin/sh", "sh", "-c", command);
}
void test20() {
// BAD: the user strings `var_b`, `var_c` are injected directly into a command
char buffer[1024 * 4];
strncpy(buffer, getenv("var_a"), 1024);
strncat(buffer, getenv("var_b"), 1024);
strncat(buffer, getenv("var_c"), 1024);
strncat(buffer, " ", 1024);
system(buffer);
}
void test21() {
// BAD: the user strings `var_b`, `var_c` are injected directly into a command
char buffer1[1024];
char buffer2[1024];
sprintf(buffer1, "%s %s",
getenv("var_a"),
getenv("var_b"));
sprintf(buffer2, "%s %s %s",
" ",
buffer1,
getenv("var_c"));
system(buffer2);
}
void test22() {
// BAD: the user strings `var_a` are injected directly into a command
char buffer[1024 * 11];
int i;
strncpy(buffer, "command ", 1024);
for (i = 0; i < 10; i++) {
strncat(buffer, getenv("var_a"), 1024);
}
system(buffer);
}
// open question: do we want to report certain sources even when they're the start of the string?

2
cpp/ql/test/query-tests/Security/CWE/CWE-119/SAMATE/OverflowBuffer.expected
View File

@@ -1,5 +1,3 @@
| tests.cpp:45:9:45:14 | call to memcpy | This 'memcpy' operation accesses 32 bytes but the $@ is only 16 bytes. | tests.cpp:32:10:32:18 | charFirst | destination buffer |
| tests.cpp:60:9:60:14 | call to memcpy | This 'memcpy' operation accesses 32 bytes but the $@ is only 16 bytes. | tests.cpp:32:10:32:18 | charFirst | destination buffer |
| tests.cpp:171:9:171:14 | call to memcpy | This 'memcpy' operation accesses 100 bytes but the $@ is only 50 bytes. | tests.cpp:164:20:164:25 | call to malloc | destination buffer |
| tests.cpp:172:9:172:19 | access to array | This array indexing operation accesses byte offset 99 but the $@ is only 50 bytes. | tests.cpp:164:20:164:25 | call to malloc | array |
| tests.cpp:192:9:192:14 | call to memcpy | This 'memcpy' operation accesses 100 bytes but the $@ is only 50 bytes. | tests.cpp:181:10:181:22 | dataBadBuffer | destination buffer |

2
cpp/ql/test/query-tests/Security/CWE/CWE-119/SAMATE/OverflowStatic.expected
View File

@@ -1,2 +0,0 @@
| tests.cpp:45:51:45:72 | sizeof(<expr>) | Potential buffer-overflow: 'charFirst' has size 16 not 32. |
| tests.cpp:60:52:60:74 | sizeof(<expr>) | Potential buffer-overflow: 'charFirst' has size 16 not 32. |

14
cpp/ql/test/query-tests/Security/CWE/CWE-119/SAMATE/tests.cpp
View File

@@ -42,7 +42,7 @@ void CWE121_Stack_Based_Buffer_Overflow__char_type_overrun_memcpy_01_bad()
/* Print the initial block pointed to by structCharVoid.voidSecond */
printLine((char *)structCharVoid.voidSecond);
/* FLAW: Use the sizeof(structCharVoid) which will overwrite the pointer voidSecond */
memcpy(structCharVoid.charFirst, SRC_STR, sizeof(structCharVoid));
memcpy(structCharVoid.charFirst, SRC_STR, sizeof(structCharVoid)); // [NOT DETECTED]
structCharVoid.charFirst[(sizeof(structCharVoid.charFirst)/sizeof(char))-1] = '\0'; /* null terminate the string */
printLine((char *)structCharVoid.charFirst);
printLine((char *)structCharVoid.voidSecond);
@@ -57,7 +57,7 @@ void CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_01_bad()
/* Print the initial block pointed to by structCharVoid->voidSecond */
printLine((char *)structCharVoid->voidSecond);
/* FLAW: Use the sizeof(*structCharVoid) which will overwrite the pointer y */
memcpy(structCharVoid->charFirst, SRC_STR, sizeof(*structCharVoid));
memcpy(structCharVoid->charFirst, SRC_STR, sizeof(*structCharVoid)); // [NOT DETECTED]
structCharVoid->charFirst[(sizeof(structCharVoid->charFirst)/sizeof(char))-1] = '\0'; /* null terminate the string */
printLine((char *)structCharVoid->charFirst);
printLine((char *)structCharVoid->voidSecond);
@@ -292,7 +292,7 @@ namespace CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_01
delete [] data;
}
}
static void goodG2B()
{
wchar_t * data;
@@ -459,7 +459,7 @@ void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_01_bad()
#ifdef _WIN32
int _snwprintf(wchar_t *buffer, size_t count, const wchar_t *format, ...);
#define SNPRINTF _snwprintf
#else
#else
int snprintf(char *s, size_t n, const char *format, ...);
int swprintf(wchar_t *wcs, size_t maxlen, const wchar_t *format, ...);
//#define SNPRINTF snprintf --- original code; using snprintf appears to be a mistake in samate?
@@ -485,14 +485,14 @@ void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_snprintf_01_bad()
}
/* classes used in some test cases as a custom type */
class TwoIntsClass
class TwoIntsClass
{
public: // Needed to access variables from label files
int intOne;
int intTwo;
};
class OneIntClass
class OneIntClass
{
public: // Needed to access variables from label files
int intOne;
@@ -636,7 +636,7 @@ void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_snprintf_31_bad()
int rand(void);
int globalReturnsTrueOrFalse()
int globalReturnsTrueOrFalse()
{
return (rand() % 2);
}

2
cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/BadlyBoundedWrite.expected
View File

@@ -1,2 +1,4 @@
| tests.cpp:1055:2:1055:8 | call to strncpy | This 'call to strncpy' operation is limited to 131 bytes but the destination is only 128 bytes. |
| tests.cpp:1057:2:1057:8 | call to strncpy | This 'call to strncpy' operation is limited to 131 bytes but the destination is only 64 bytes. |
| var_size_struct.cpp:73:3:73:9 | call to strncpy | This 'call to strncpy' operation is limited to 1025 bytes but the destination is only 1024 bytes. |
| var_size_struct.cpp:103:3:103:9 | call to strncpy | This 'call to strncpy' operation is limited to 129 bytes but the destination is only 128 bytes. |

137
cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/OverflowBuffer.expected
View File

@@ -17,69 +17,81 @@
| tests.cpp:285:3:285:8 | call to memset | This 'memset' operation accesses 128 bytes but the $@ is only 64 bytes. | tests.cpp:283:12:283:23 | new[] | destination buffer |
| tests.cpp:292:3:292:8 | call to memset | This 'memset' operation accesses 11 bytes but the $@ is only 10 bytes. | tests.cpp:289:8:289:12 | array | destination buffer |
| tests.cpp:310:2:310:7 | call to memset | This 'memset' operation accesses 21 bytes but the $@ is only 20 bytes. | tests.cpp:301:10:301:14 | myVar | destination buffer |
| tests.cpp:312:2:312:7 | call to memset | This 'memset' operation accesses 17 bytes but the $@ is only 16 bytes. | tests.cpp:298:7:298:12 | buffer | destination buffer |
| tests.cpp:314:2:314:7 | call to memset | This 'memset' operation accesses 8 bytes but the $@ is only 4 bytes. | tests.cpp:299:6:299:10 | field | destination buffer |
| tests.cpp:346:2:346:14 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:342:7:342:15 | charArray | array |
| tests.cpp:349:2:349:14 | access to array | This array indexing operation accesses byte offset 10 but the $@ is only 10 bytes. | tests.cpp:342:7:342:15 | charArray | array |
| tests.cpp:350:17:350:29 | access to array | This array indexing operation accesses byte offset 10 but the $@ is only 10 bytes. | tests.cpp:342:7:342:15 | charArray | array |
| tests.cpp:352:2:352:13 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:343:6:343:13 | intArray | array |
| tests.cpp:355:2:355:13 | access to array | This array indexing operation accesses byte offset 43 but the $@ is only 40 bytes. | tests.cpp:343:6:343:13 | intArray | array |
| tests.cpp:356:16:356:27 | access to array | This array indexing operation accesses byte offset 43 but the $@ is only 40 bytes. | tests.cpp:343:6:343:13 | intArray | array |
| tests.cpp:358:2:358:16 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:344:11:344:21 | structArray | array |
| tests.cpp:361:2:361:16 | access to array | This array indexing operation accesses byte offset 219 but the $@ is only 200 bytes. | tests.cpp:344:11:344:21 | structArray | array |
| tests.cpp:362:25:362:39 | access to array | This array indexing operation accesses byte offset 219 but the $@ is only 200 bytes. | tests.cpp:344:11:344:21 | structArray | array |
| tests.cpp:365:23:365:34 | access to array | This array indexing operation accesses byte offset 43 but the $@ is only 40 bytes. | tests.cpp:343:6:343:13 | intArray | array |
| tests.cpp:373:3:373:13 | access to array | This array indexing operation accesses byte offset 101 but the $@ is only 100 bytes. | tests.cpp:368:47:368:52 | call to malloc | array |
| tests.cpp:376:3:376:13 | access to array | This array indexing operation accesses byte offset 101 but the $@ is only 101 bytes. | tests.cpp:369:47:369:52 | call to malloc | array |
| tests.cpp:446:3:446:24 | access to array | This array indexing operation accesses a negative index -3 on the $@. | tests.cpp:444:7:444:14 | intArray | array |
| tests.cpp:454:3:454:11 | access to array | This array indexing operation accesses a negative index -21 on the $@. | tests.cpp:450:7:450:11 | multi | array |
| tests.cpp:456:3:456:11 | access to array | This array indexing operation accesses a negative index -21 on the $@. | tests.cpp:450:7:450:11 | multi | array |
| tests.cpp:459:3:459:11 | access to array | This array indexing operation accesses byte offset 639 but the $@ is only 400 bytes. | tests.cpp:450:7:450:11 | multi | array |
| tests.cpp:461:3:461:11 | access to array | This array indexing operation accesses byte offset 639 but the $@ is only 400 bytes. | tests.cpp:450:7:450:11 | multi | array |
| tests.cpp:476:2:476:7 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:469:7:469:12 | buffer | array |
| tests.cpp:477:2:477:7 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:469:7:469:12 | buffer | array |
| tests.cpp:481:2:481:7 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:469:7:469:12 | buffer | array |
| tests.cpp:487:2:487:7 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:473:21:473:26 | call to malloc | array |
| tests.cpp:491:2:491:7 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:474:21:474:26 | call to malloc | array |
| tests.cpp:519:3:519:8 | call to memset | This 'memset' operation accesses 20 bytes but the $@ is only 10 bytes. | tests.cpp:502:15:502:20 | call to malloc | destination buffer |
| tests.cpp:519:3:519:8 | call to memset | This 'memset' operation accesses 20 bytes but the $@ is only 10 bytes. | tests.cpp:510:16:510:21 | call to malloc | destination buffer |
| tests.cpp:541:6:541:10 | call to fread | This 'fread' operation may access 101 bytes but the $@ is only 100 bytes. | tests.cpp:532:7:532:16 | charBuffer | destination buffer |
| tests.cpp:546:6:546:10 | call to fread | This 'fread' operation may access 400 bytes but the $@ is only 100 bytes. | tests.cpp:532:7:532:16 | charBuffer | destination buffer |
| tests.cpp:569:6:569:15 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:565:7:565:12 | buffer | array |
| tests.cpp:577:7:577:13 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:565:7:565:12 | buffer | array |
| tests.cpp:637:6:637:15 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:633:7:633:12 | buffer | array |
| tests.cpp:645:7:645:13 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:633:7:633:12 | buffer | array |
| tests.cpp:708:3:708:8 | call to memset | This 'memset' operation accesses 24 bytes but the $@ is only 8 bytes. | tests.cpp:693:16:693:16 | c | destination buffer |
| tests.cpp:712:3:712:8 | call to memset | This 'memset' operation accesses 16 bytes but the $@ is only 8 bytes. | tests.cpp:693:16:693:16 | c | destination buffer |
| tests.cpp:716:3:716:8 | call to memset | This 'memset' operation accesses 24 bytes but the $@ is only 16 bytes. | tests.cpp:692:16:692:16 | b | destination buffer |
| tests.cpp:727:2:727:7 | call to memset | This 'memset' operation accesses 24 bytes but the $@ is only 8 bytes. | tests.cpp:693:16:693:16 | c | destination buffer |
| tests.cpp:753:5:753:10 | call to memset | This 'memset' operation accesses 16 bytes but the $@ is only 12 bytes. | tests.cpp:735:20:735:22 | b_1 | destination buffer |
| tests.cpp:756:5:756:10 | call to memset | This 'memset' operation accesses 16 bytes but the $@ is only 12 bytes. | tests.cpp:735:20:735:22 | b_1 | destination buffer |
| tests.cpp:760:5:760:10 | call to memset | This 'memset' operation accesses 16 bytes but the $@ is only 8 bytes. | tests.cpp:736:20:736:22 | c_1 | destination buffer |
| tests.cpp:761:5:761:10 | call to memset | This 'memset' operation accesses 12 bytes but the $@ is only 8 bytes. | tests.cpp:736:20:736:22 | c_1 | destination buffer |
| tests.cpp:763:5:763:10 | call to memset | This 'memset' operation accesses 16 bytes but the $@ is only 8 bytes. | tests.cpp:736:20:736:22 | c_1 | destination buffer |
| tests.cpp:764:5:764:10 | call to memset | This 'memset' operation accesses 12 bytes but the $@ is only 8 bytes. | tests.cpp:736:20:736:22 | c_1 | destination buffer |
| tests.cpp:774:5:774:10 | call to memset | This 'memset' operation accesses 16 bytes but the $@ is only 12 bytes. | tests.cpp:740:20:740:22 | b_2 | destination buffer |
| tests.cpp:777:5:777:10 | call to memset | This 'memset' operation accesses 16 bytes but the $@ is only 12 bytes. | tests.cpp:740:20:740:22 | b_2 | destination buffer |
| tests.cpp:795:5:795:10 | call to memset | This 'memset' operation accesses 8 bytes but the $@ is only 4 bytes. | tests.cpp:790:16:790:16 | b | destination buffer |
| tests.cpp:822:5:822:10 | call to memset | This 'memset' operation accesses 20 bytes but the $@ is only 16 bytes. | tests.cpp:801:16:801:16 | b | destination buffer |
| tests.cpp:825:5:825:10 | call to memset | This 'memset' operation accesses 20 bytes but the $@ is only 16 bytes. | tests.cpp:801:16:801:16 | b | destination buffer |
| tests.cpp:827:5:827:10 | call to memset | This 'memset' operation accesses 20 bytes but the $@ is only 16 bytes. | tests.cpp:801:16:801:16 | b | destination buffer |
| tests.cpp:830:5:830:10 | call to memset | This 'memset' operation accesses 20 bytes but the $@ is only 12 bytes. | tests.cpp:802:16:802:16 | c | destination buffer |
| tests.cpp:831:5:831:10 | call to memset | This 'memset' operation accesses 16 bytes but the $@ is only 12 bytes. | tests.cpp:802:16:802:16 | c | destination buffer |
| tests.cpp:833:5:833:10 | call to memset | This 'memset' operation accesses 20 bytes but the $@ is only 12 bytes. | tests.cpp:802:16:802:16 | c | destination buffer |
| tests.cpp:835:5:835:10 | call to memset | This 'memset' operation accesses 20 bytes but the $@ is only 12 bytes. | tests.cpp:802:16:802:16 | c | destination buffer |
| tests.cpp:846:5:846:10 | call to memset | This 'memset' operation accesses 20 bytes but the $@ is only 8 bytes. | tests.cpp:807:16:807:16 | x | destination buffer |
| tests.cpp:847:5:847:10 | call to memset | This 'memset' operation accesses 16 bytes but the $@ is only 8 bytes. | tests.cpp:807:16:807:16 | x | destination buffer |
| tests.cpp:848:5:848:10 | call to memset | This 'memset' operation accesses 12 bytes but the $@ is only 8 bytes. | tests.cpp:807:16:807:16 | x | destination buffer |
| tests.cpp:849:5:849:10 | call to memset | This 'memset' operation accesses 20 bytes but the $@ is only 8 bytes. | tests.cpp:807:16:807:16 | x | destination buffer |
| tests.cpp:851:5:851:10 | call to memset | This 'memset' operation accesses 20 bytes but the $@ is only 8 bytes. | tests.cpp:807:16:807:16 | x | destination buffer |
| tests.cpp:862:5:862:10 | call to memset | This 'memset' operation accesses 20 bytes but the $@ is only 4 bytes. | tests.cpp:812:12:812:12 | u | destination buffer |
| tests.cpp:863:5:863:10 | call to memset | This 'memset' operation accesses 16 bytes but the $@ is only 4 bytes. | tests.cpp:812:12:812:12 | u | destination buffer |
| tests.cpp:864:5:864:10 | call to memset | This 'memset' operation accesses 12 bytes but the $@ is only 4 bytes. | tests.cpp:812:12:812:12 | u | destination buffer |
| tests.cpp:865:5:865:10 | call to memset | This 'memset' operation accesses 20 bytes but the $@ is only 4 bytes. | tests.cpp:812:12:812:12 | u | destination buffer |
| tests.cpp:866:5:866:10 | call to memset | This 'memset' operation accesses 8 bytes but the $@ is only 4 bytes. | tests.cpp:812:12:812:12 | u | destination buffer |
| tests.cpp:867:5:867:10 | call to memset | This 'memset' operation accesses 20 bytes but the $@ is only 4 bytes. | tests.cpp:812:12:812:12 | u | destination buffer |
| tests.cpp:348:2:348:14 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:342:7:342:15 | charArray | array |
| tests.cpp:351:2:351:14 | access to array | This array indexing operation accesses byte offset 10 but the $@ is only 10 bytes. | tests.cpp:342:7:342:15 | charArray | array |
| tests.cpp:352:17:352:29 | access to array | This array indexing operation accesses byte offset 10 but the $@ is only 10 bytes. | tests.cpp:342:7:342:15 | charArray | array |
| tests.cpp:354:2:354:13 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:343:6:343:13 | intArray | array |
| tests.cpp:357:2:357:13 | access to array | This array indexing operation accesses byte offset 43 but the $@ is only 40 bytes. | tests.cpp:343:6:343:13 | intArray | array |
| tests.cpp:358:16:358:27 | access to array | This array indexing operation accesses byte offset 43 but the $@ is only 40 bytes. | tests.cpp:343:6:343:13 | intArray | array |
| tests.cpp:360:2:360:16 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:344:11:344:21 | structArray | array |
| tests.cpp:363:2:363:16 | access to array | This array indexing operation accesses byte offset 219 but the $@ is only 200 bytes. | tests.cpp:344:11:344:21 | structArray | array |
| tests.cpp:364:25:364:39 | access to array | This array indexing operation accesses byte offset 219 but the $@ is only 200 bytes. | tests.cpp:344:11:344:21 | structArray | array |
| tests.cpp:367:23:367:34 | access to array | This array indexing operation accesses byte offset 43 but the $@ is only 40 bytes. | tests.cpp:343:6:343:13 | intArray | array |
| tests.cpp:369:2:369:13 | access to array | This array indexing operation accesses a negative index -2 on the $@. | tests.cpp:342:7:342:15 | charArray | array |
| tests.cpp:370:2:370:13 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:342:7:342:15 | charArray | array |
| tests.cpp:374:2:374:13 | access to array | This array indexing operation accesses byte offset 10 but the $@ is only 10 bytes. | tests.cpp:342:7:342:15 | charArray | array |
| tests.cpp:394:3:394:13 | access to array | This array indexing operation accesses byte offset 101 but the $@ is only 100 bytes. | tests.cpp:389:47:389:52 | call to malloc | array |
| tests.cpp:397:3:397:13 | access to array | This array indexing operation accesses byte offset 101 but the $@ is only 101 bytes. | tests.cpp:390:47:390:52 | call to malloc | array |
| tests.cpp:467:3:467:24 | access to array | This array indexing operation accesses a negative index -3 on the $@. | tests.cpp:465:7:465:14 | intArray | array |
| tests.cpp:475:3:475:11 | access to array | This array indexing operation accesses a negative index -21 on the $@. | tests.cpp:471:7:471:11 | multi | array |
| tests.cpp:477:3:477:11 | access to array | This array indexing operation accesses a negative index -21 on the $@. | tests.cpp:471:7:471:11 | multi | array |
| tests.cpp:480:3:480:11 | access to array | This array indexing operation accesses byte offset 639 but the $@ is only 400 bytes. | tests.cpp:471:7:471:11 | multi | array |
| tests.cpp:482:3:482:11 | access to array | This array indexing operation accesses byte offset 639 but the $@ is only 400 bytes. | tests.cpp:471:7:471:11 | multi | array |
| tests.cpp:497:2:497:7 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:490:7:490:12 | buffer | array |
| tests.cpp:498:2:498:7 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:490:7:490:12 | buffer | array |
| tests.cpp:502:2:502:7 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:490:7:490:12 | buffer | array |
| tests.cpp:508:2:508:7 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:494:21:494:26 | call to malloc | array |
| tests.cpp:512:2:512:7 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:495:21:495:26 | call to malloc | array |
| tests.cpp:540:3:540:8 | call to memset | This 'memset' operation accesses 20 bytes but the $@ is only 10 bytes. | tests.cpp:523:15:523:20 | call to malloc | destination buffer |
| tests.cpp:540:3:540:8 | call to memset | This 'memset' operation accesses 20 bytes but the $@ is only 10 bytes. | tests.cpp:531:16:531:21 | call to malloc | destination buffer |
| tests.cpp:562:6:562:10 | call to fread | This 'fread' operation may access 101 bytes but the $@ is only 100 bytes. | tests.cpp:553:7:553:16 | charBuffer | destination buffer |
| tests.cpp:567:6:567:10 | call to fread | This 'fread' operation may access 400 bytes but the $@ is only 100 bytes. | tests.cpp:553:7:553:16 | charBuffer | destination buffer |
| tests.cpp:590:6:590:15 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:586:7:586:12 | buffer | array |
| tests.cpp:598:7:598:13 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:586:7:586:12 | buffer | array |
| tests.cpp:658:6:658:15 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:654:7:654:12 | buffer | array |
| tests.cpp:666:7:666:13 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:654:7:654:12 | buffer | array |
| tests.cpp:729:3:729:8 | call to memset | This 'memset' operation accesses 24 bytes but the $@ is only 8 bytes. | tests.cpp:714:16:714:16 | c | destination buffer |
| tests.cpp:733:3:733:8 | call to memset | This 'memset' operation accesses 16 bytes but the $@ is only 8 bytes. | tests.cpp:714:16:714:16 | c | destination buffer |
| tests.cpp:737:3:737:8 | call to memset | This 'memset' operation accesses 24 bytes but the $@ is only 16 bytes. | tests.cpp:713:16:713:16 | b | destination buffer |
| tests.cpp:748:2:748:7 | call to memset | This 'memset' operation accesses 24 bytes but the $@ is only 8 bytes. | tests.cpp:714:16:714:16 | c | destination buffer |
| tests.cpp:774:5:774:10 | call to memset | This 'memset' operation accesses 16 bytes but the $@ is only 12 bytes. | tests.cpp:756:20:756:22 | b_1 | destination buffer |
| tests.cpp:777:5:777:10 | call to memset | This 'memset' operation accesses 16 bytes but the $@ is only 12 bytes. | tests.cpp:756:20:756:22 | b_1 | destination buffer |
| tests.cpp:781:5:781:10 | call to memset | This 'memset' operation accesses 16 bytes but the $@ is only 8 bytes. | tests.cpp:757:20:757:22 | c_1 | destination buffer |
| tests.cpp:782:5:782:10 | call to memset | This 'memset' operation accesses 12 bytes but the $@ is only 8 bytes. | tests.cpp:757:20:757:22 | c_1 | destination buffer |
| tests.cpp:784:5:784:10 | call to memset | This 'memset' operation accesses 16 bytes but the $@ is only 8 bytes. | tests.cpp:757:20:757:22 | c_1 | destination buffer |
| tests.cpp:785:5:785:10 | call to memset | This 'memset' operation accesses 12 bytes but the $@ is only 8 bytes. | tests.cpp:757:20:757:22 | c_1 | destination buffer |
| tests.cpp:795:5:795:10 | call to memset | This 'memset' operation accesses 16 bytes but the $@ is only 12 bytes. | tests.cpp:761:20:761:22 | b_2 | destination buffer |
| tests.cpp:798:5:798:10 | call to memset | This 'memset' operation accesses 16 bytes but the $@ is only 12 bytes. | tests.cpp:761:20:761:22 | b_2 | destination buffer |
| tests.cpp:816:5:816:10 | call to memset | This 'memset' operation accesses 8 bytes but the $@ is only 4 bytes. | tests.cpp:811:16:811:16 | b | destination buffer |
| tests.cpp:843:5:843:10 | call to memset | This 'memset' operation accesses 20 bytes but the $@ is only 16 bytes. | tests.cpp:822:16:822:16 | b | destination buffer |
| tests.cpp:846:5:846:10 | call to memset | This 'memset' operation accesses 20 bytes but the $@ is only 16 bytes. | tests.cpp:822:16:822:16 | b | destination buffer |
| tests.cpp:848:5:848:10 | call to memset | This 'memset' operation accesses 20 bytes but the $@ is only 16 bytes. | tests.cpp:822:16:822:16 | b | destination buffer |
| tests.cpp:851:5:851:10 | call to memset | This 'memset' operation accesses 20 bytes but the $@ is only 12 bytes. | tests.cpp:823:16:823:16 | c | destination buffer |
| tests.cpp:852:5:852:10 | call to memset | This 'memset' operation accesses 16 bytes but the $@ is only 12 bytes. | tests.cpp:823:16:823:16 | c | destination buffer |
| tests.cpp:854:5:854:10 | call to memset | This 'memset' operation accesses 20 bytes but the $@ is only 12 bytes. | tests.cpp:823:16:823:16 | c | destination buffer |
| tests.cpp:856:5:856:10 | call to memset | This 'memset' operation accesses 20 bytes but the $@ is only 12 bytes. | tests.cpp:823:16:823:16 | c | destination buffer |
| tests.cpp:867:5:867:10 | call to memset | This 'memset' operation accesses 20 bytes but the $@ is only 8 bytes. | tests.cpp:828:16:828:16 | x | destination buffer |
| tests.cpp:868:5:868:10 | call to memset | This 'memset' operation accesses 16 bytes but the $@ is only 8 bytes. | tests.cpp:828:16:828:16 | x | destination buffer |
| tests.cpp:869:5:869:10 | call to memset | This 'memset' operation accesses 12 bytes but the $@ is only 8 bytes. | tests.cpp:828:16:828:16 | x | destination buffer |
| tests.cpp:870:5:870:10 | call to memset | This 'memset' operation accesses 20 bytes but the $@ is only 8 bytes. | tests.cpp:828:16:828:16 | x | destination buffer |
| tests.cpp:872:5:872:10 | call to memset | This 'memset' operation accesses 20 bytes but the $@ is only 8 bytes. | tests.cpp:828:16:828:16 | x | destination buffer |
| tests.cpp:883:5:883:10 | call to memset | This 'memset' operation accesses 20 bytes but the $@ is only 4 bytes. | tests.cpp:833:12:833:12 | u | destination buffer |
| tests.cpp:884:5:884:10 | call to memset | This 'memset' operation accesses 16 bytes but the $@ is only 4 bytes. | tests.cpp:833:12:833:12 | u | destination buffer |
| tests.cpp:885:5:885:10 | call to memset | This 'memset' operation accesses 12 bytes but the $@ is only 4 bytes. | tests.cpp:833:12:833:12 | u | destination buffer |
| tests.cpp:886:5:886:10 | call to memset | This 'memset' operation accesses 20 bytes but the $@ is only 4 bytes. | tests.cpp:833:12:833:12 | u | destination buffer |
| tests.cpp:887:5:887:10 | call to memset | This 'memset' operation accesses 8 bytes but the $@ is only 4 bytes. | tests.cpp:833:12:833:12 | u | destination buffer |
| tests.cpp:888:5:888:10 | call to memset | This 'memset' operation accesses 20 bytes but the $@ is only 4 bytes. | tests.cpp:833:12:833:12 | u | destination buffer |
| tests.cpp:984:2:984:9 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:981:6:981:8 | arr | array |
| tests.cpp:989:2:989:9 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:981:6:981:8 | arr | array |
| tests.cpp:994:2:994:9 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:981:6:981:8 | arr | array |
| tests.cpp:1001:2:1001:9 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:981:6:981:8 | arr | array |
| tests.cpp:1009:2:1009:9 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:981:6:981:8 | arr | array |
| tests.cpp:1031:2:1031:7 | call to memset | This 'memset' operation accesses 130 bytes but the $@ is only 120 bytes. | tests.cpp:1020:12:1020:15 | arr1 | destination buffer |
| tests.cpp:1050:2:1050:7 | call to memset | This 'memset' operation accesses 132 bytes but the $@ is only 128 bytes. | tests.cpp:1037:8:1037:14 | buffer1 | destination buffer |
| tests.cpp:1052:2:1052:7 | call to memset | This 'memset' operation accesses 132 bytes but the $@ is only 64 bytes. | tests.cpp:1041:8:1041:14 | buffer2 | destination buffer |
| tests.cpp:1055:2:1055:8 | call to strncpy | This 'strncpy' operation may access 131 bytes but the $@ is only 128 bytes. | tests.cpp:1037:8:1037:14 | buffer1 | destination buffer |
| tests.cpp:1057:2:1057:8 | call to strncpy | This 'strncpy' operation may access 131 bytes but the $@ is only 64 bytes. | tests.cpp:1041:8:1041:14 | buffer2 | destination buffer |
| tests_restrict.c:12:2:12:7 | call to memcpy | This 'memcpy' operation accesses 2 bytes but the $@ is only 1 byte. | tests_restrict.c:7:6:7:13 | smallbuf | source buffer |
| unions.cpp:26:2:26:7 | call to memset | This 'memset' operation accesses 200 bytes but the $@ is only 100 bytes. | unions.cpp:21:10:21:11 | mu | destination buffer |
| unions.cpp:30:2:30:7 | call to memset | This 'memset' operation accesses 200 bytes but the $@ is only 100 bytes. | unions.cpp:15:7:15:11 | small | destination buffer |
@@ -88,5 +100,4 @@
| var_size_struct.cpp:73:3:73:9 | call to strncpy | This 'strncpy' operation may access 1025 bytes but the $@ is only 1024 bytes. | var_size_struct.cpp:63:8:63:11 | data | destination buffer |
| var_size_struct.cpp:87:3:87:19 | access to array | This array indexing operation accesses byte offset 67 but the $@ is only 64 bytes. | var_size_struct.cpp:78:7:78:14 | elements | array |
| var_size_struct.cpp:99:3:99:8 | call to memset | This 'memset' operation accesses 129 bytes but the $@ is only 128 bytes. | var_size_struct.cpp:92:8:92:10 | str | destination buffer |
| var_size_struct.cpp:101:3:101:8 | call to memset | This 'memset' operation accesses 129 bytes but the $@ is only 128 bytes. | var_size_struct.cpp:92:8:92:10 | str | destination buffer |
| var_size_struct.cpp:103:3:103:9 | call to strncpy | This 'strncpy' operation may access 129 bytes but the $@ is only 128 bytes. | var_size_struct.cpp:92:8:92:10 | str | destination buffer |

6
cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/OverflowStatic.expected
View File

@@ -3,6 +3,8 @@
| tests.cpp:163:3:163:11 | access to array | Potential buffer-overflow: counter 'k' <= 100 but 'buffer' has 100 elements. |
| tests.cpp:164:8:164:16 | access to array | Potential buffer-overflow: counter 'k' <= 100 but 'buffer' has 100 elements. |
| tests.cpp:245:42:245:42 | 6 | Potential buffer-overflow: 'global_array_5' has size 5 not 6. |
| tests.cpp:349:2:349:14 | access to array | Potential buffer-overflow: 'charArray' has size 10 but 'charArray[10]' may be accessed here. |
| tests.cpp:350:17:350:29 | access to array | Potential buffer-overflow: 'charArray' has size 10 but 'charArray[10]' may be accessed here. |
| tests.cpp:351:2:351:14 | access to array | Potential buffer-overflow: 'charArray' has size 10 but 'charArray[10]' may be accessed here. |
| tests.cpp:352:17:352:29 | access to array | Potential buffer-overflow: 'charArray' has size 10 but 'charArray[10]' may be accessed here. |
| tests.cpp:1055:26:1055:39 | ... - ... | Potential buffer-overflow: 'buffer1' has size 128 not 131. |
| tests.cpp:1057:26:1057:39 | ... - ... | Potential buffer-overflow: 'buffer2' has size 64 not 131. |
| var_size_struct.cpp:103:39:103:41 | 129 | Potential buffer-overflow: 'str' has size 128 not 129. |

58
cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/UnboundedWrite.expected
View File

@@ -27,26 +27,26 @@ edges
| main.cpp:9:29:9:32 | *argv | tests_restrict.c:15:41:15:44 | *argv | provenance | |
| main.cpp:9:29:9:32 | tests_restrict_main output argument | main.cpp:10:20:10:23 | **argv | provenance | |
| main.cpp:9:29:9:32 | tests_restrict_main output argument | main.cpp:10:20:10:23 | *argv | provenance | |
| main.cpp:10:20:10:23 | **argv | tests.cpp:872:32:872:35 | **argv | provenance | |
| main.cpp:10:20:10:23 | *argv | tests.cpp:872:32:872:35 | *argv | provenance | |
| main.cpp:10:20:10:23 | **argv | tests.cpp:1060:32:1060:35 | **argv | provenance | |
| main.cpp:10:20:10:23 | *argv | tests.cpp:1060:32:1060:35 | *argv | provenance | |
| overflowdestination.cpp:23:45:23:48 | **argv | overflowdestination.cpp:23:45:23:48 | **argv | provenance | |
| overflowdestination.cpp:23:45:23:48 | **argv | overflowdestination.cpp:23:45:23:48 | *argv | provenance | |
| test_buffer_overrun.cpp:32:46:32:49 | **argv | test_buffer_overrun.cpp:32:46:32:49 | **argv | provenance | |
| test_buffer_overrun.cpp:32:46:32:49 | **argv | test_buffer_overrun.cpp:32:46:32:49 | *argv | provenance | |
| test_buffer_overrun.cpp:32:46:32:49 | *argv | test_buffer_overrun.cpp:32:46:32:49 | *argv | provenance | |
| tests.cpp:613:19:613:24 | *source | tests.cpp:615:17:615:22 | *source | provenance | |
| tests.cpp:622:19:622:24 | *source | tests.cpp:625:2:625:16 | *... = ... | provenance | |
| tests.cpp:625:2:625:2 | *s [post update] [*home] | tests.cpp:628:14:628:14 | *s [*home] | provenance | |
| tests.cpp:625:2:625:16 | *... = ... | tests.cpp:625:2:625:2 | *s [post update] [*home] | provenance | |
| tests.cpp:628:14:628:14 | *s [*home] | tests.cpp:628:14:628:19 | *home | provenance | |
| tests.cpp:628:14:628:14 | *s [*home] | tests.cpp:628:16:628:19 | *home | provenance | |
| tests.cpp:628:16:628:19 | *home | tests.cpp:628:14:628:19 | *home | provenance | |
| tests.cpp:872:32:872:35 | **argv | tests.cpp:897:9:897:15 | *access to array | provenance | |
| tests.cpp:872:32:872:35 | **argv | tests.cpp:898:9:898:15 | *access to array | provenance | |
| tests.cpp:872:32:872:35 | *argv | tests.cpp:897:9:897:15 | *access to array | provenance | |
| tests.cpp:872:32:872:35 | *argv | tests.cpp:898:9:898:15 | *access to array | provenance | |
| tests.cpp:897:9:897:15 | *access to array | tests.cpp:613:19:613:24 | *source | provenance | |
| tests.cpp:898:9:898:15 | *access to array | tests.cpp:622:19:622:24 | *source | provenance | |
| tests.cpp:634:19:634:24 | *source | tests.cpp:636:17:636:22 | *source | provenance | |
| tests.cpp:643:19:643:24 | *source | tests.cpp:646:2:646:16 | *... = ... | provenance | |
| tests.cpp:646:2:646:2 | *s [post update] [*home] | tests.cpp:649:14:649:14 | *s [*home] | provenance | |
| tests.cpp:646:2:646:16 | *... = ... | tests.cpp:646:2:646:2 | *s [post update] [*home] | provenance | |
| tests.cpp:649:14:649:14 | *s [*home] | tests.cpp:649:14:649:19 | *home | provenance | |
| tests.cpp:649:14:649:14 | *s [*home] | tests.cpp:649:16:649:19 | *home | provenance | |
| tests.cpp:649:16:649:19 | *home | tests.cpp:649:14:649:19 | *home | provenance | |
| tests.cpp:1060:32:1060:35 | **argv | tests.cpp:1085:9:1085:15 | *access to array | provenance | |
| tests.cpp:1060:32:1060:35 | **argv | tests.cpp:1086:9:1086:15 | *access to array | provenance | |
| tests.cpp:1060:32:1060:35 | *argv | tests.cpp:1085:9:1085:15 | *access to array | provenance | |
| tests.cpp:1060:32:1060:35 | *argv | tests.cpp:1086:9:1086:15 | *access to array | provenance | |
| tests.cpp:1085:9:1085:15 | *access to array | tests.cpp:634:19:634:24 | *source | provenance | |
| tests.cpp:1086:9:1086:15 | *access to array | tests.cpp:643:19:643:24 | *source | provenance | |
| tests_restrict.c:15:41:15:44 | **argv | tests_restrict.c:15:41:15:44 | **argv | provenance | |
| tests_restrict.c:15:41:15:44 | *argv | tests_restrict.c:15:41:15:44 | *argv | provenance | |
nodes
@@ -72,18 +72,18 @@ nodes
| test_buffer_overrun.cpp:32:46:32:49 | *argv | semmle.label | *argv |
| test_buffer_overrun.cpp:32:46:32:49 | *argv | semmle.label | *argv |
| test_buffer_overrun.cpp:32:46:32:49 | *argv | semmle.label | *argv |
| tests.cpp:613:19:613:24 | *source | semmle.label | *source |
| tests.cpp:615:17:615:22 | *source | semmle.label | *source |
| tests.cpp:622:19:622:24 | *source | semmle.label | *source |
| tests.cpp:625:2:625:2 | *s [post update] [*home] | semmle.label | *s [post update] [*home] |
| tests.cpp:625:2:625:16 | *... = ... | semmle.label | *... = ... |
| tests.cpp:628:14:628:14 | *s [*home] | semmle.label | *s [*home] |
| tests.cpp:628:14:628:19 | *home | semmle.label | *home |
| tests.cpp:628:16:628:19 | *home | semmle.label | *home |
| tests.cpp:872:32:872:35 | **argv | semmle.label | **argv |
| tests.cpp:872:32:872:35 | *argv | semmle.label | *argv |
| tests.cpp:897:9:897:15 | *access to array | semmle.label | *access to array |
| tests.cpp:898:9:898:15 | *access to array | semmle.label | *access to array |
| tests.cpp:634:19:634:24 | *source | semmle.label | *source |
| tests.cpp:636:17:636:22 | *source | semmle.label | *source |
| tests.cpp:643:19:643:24 | *source | semmle.label | *source |
| tests.cpp:646:2:646:2 | *s [post update] [*home] | semmle.label | *s [post update] [*home] |
| tests.cpp:646:2:646:16 | *... = ... | semmle.label | *... = ... |
| tests.cpp:649:14:649:14 | *s [*home] | semmle.label | *s [*home] |
| tests.cpp:649:14:649:19 | *home | semmle.label | *home |
| tests.cpp:649:16:649:19 | *home | semmle.label | *home |
| tests.cpp:1060:32:1060:35 | **argv | semmle.label | **argv |
| tests.cpp:1060:32:1060:35 | *argv | semmle.label | *argv |
| tests.cpp:1085:9:1085:15 | *access to array | semmle.label | *access to array |
| tests.cpp:1086:9:1086:15 | *access to array | semmle.label | *access to array |
| tests_restrict.c:15:41:15:44 | **argv | semmle.label | **argv |
| tests_restrict.c:15:41:15:44 | **argv | semmle.label | **argv |
| tests_restrict.c:15:41:15:44 | *argv | semmle.label | *argv |
@@ -97,5 +97,5 @@ subpaths
| main.cpp:9:29:9:32 | **argv | tests_restrict.c:15:41:15:44 | **argv | tests_restrict.c:15:41:15:44 | **argv | main.cpp:9:29:9:32 | tests_restrict_main output argument |
| main.cpp:9:29:9:32 | *argv | tests_restrict.c:15:41:15:44 | *argv | tests_restrict.c:15:41:15:44 | *argv | main.cpp:9:29:9:32 | tests_restrict_main output argument |
#select
| tests.cpp:615:2:615:7 | call to strcpy | main.cpp:6:27:6:30 | **argv | tests.cpp:615:17:615:22 | *source | This 'call to strcpy' with input from $@ may overflow the destination. | main.cpp:6:27:6:30 | **argv | a command-line argument |
| tests.cpp:628:2:628:7 | call to strcpy | main.cpp:6:27:6:30 | **argv | tests.cpp:628:14:628:19 | *home | This 'call to strcpy' with input from $@ may overflow the destination. | main.cpp:6:27:6:30 | **argv | a command-line argument |
| tests.cpp:636:2:636:7 | call to strcpy | main.cpp:6:27:6:30 | **argv | tests.cpp:636:17:636:22 | *source | This 'call to strcpy' with input from $@ may overflow the destination. | main.cpp:6:27:6:30 | **argv | a command-line argument |
| tests.cpp:649:2:649:7 | call to strcpy | main.cpp:6:27:6:30 | **argv | tests.cpp:649:14:649:19 | *home | This 'call to strcpy' with input from $@ may overflow the destination. | main.cpp:6:27:6:30 | **argv | a command-line argument |

241
cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/tests.cpp
View File

@@ -18,7 +18,7 @@ void test1()
{
char smallbuffer[10];
char bigbuffer[20];
memcpy(bigbuffer, smallbuffer, sizeof(smallbuffer)); // GOOD
memcpy(bigbuffer, smallbuffer, sizeof(bigbuffer)); // BAD: over-read
memcpy(smallbuffer, bigbuffer, sizeof(smallbuffer)); // GOOD
@@ -29,7 +29,7 @@ void test2()
{
char *smallbuffer = (char *)malloc(sizeof(char) * 10);
char *bigbuffer = (char *)malloc(sizeof(char) * 20);
memcpy(bigbuffer, smallbuffer, sizeof(smallbuffer)); // GOOD
memcpy(bigbuffer, smallbuffer, sizeof(bigbuffer)); // BAD: over-read [NOT DETECTED]
memcpy(smallbuffer, bigbuffer, sizeof(smallbuffer)); // GOOD
@@ -59,7 +59,7 @@ void test4(int unbounded)
{
int bounded = 100;
char buffer1[100], buffer2[100];
memmove(buffer1, buffer2, bounded); // GOOD
memmove(buffer1, buffer2, unbounded); // BAD: may over-write [NOT DETECTED]
}
@@ -107,11 +107,11 @@ void test6(bool cond)
a = -1;
buffer[a] = 'x'; // BAD: under-write [NOT DETECTED]
ch = buffer[a]; // BAD: under-read [NOT DETECTED]
b = 0;
buffer[b] = 'x'; // GOOD
ch = buffer[b]; // GOOD
c = 100;
buffer[c] = 'x'; // BAD: over-write [NOT DETECTED]
ch = buffer[c]; // BAD: over-read [NOT DETECTED]
@@ -120,7 +120,7 @@ void test6(bool cond)
d = 1000;
buffer[d] = 'x'; // BAD: over-write [NOT DETECTED]
ch = buffer[d]; // BAD: over-read [NOT DETECTED]
e = 1000;
e = 0;
buffer[e] = 'x'; // GOOD
@@ -130,12 +130,12 @@ void test6(bool cond)
if (cond) {f = 1000;}
buffer[f] = 'x'; // BAD: may over-write [NOT DETECTED]
ch = buffer[f]; // BAD: may over-read [NOT DETECTED]
g = 1000;
if (cond) {g = 0;}
buffer[g] = 'x'; // BAD: may over-write [NOT DETECTED]
ch = buffer[g]; // BAD: may over-read [NOT DETECTED]
h = 1000;
if (cond)
{
@@ -151,13 +151,13 @@ void test6(bool cond)
buffer[i] = 'x'; // GOOD
ch = buffer[i]; // GOOD
}
for (j = -1; j < 100; j++)
{
buffer[j] = 'x'; // BAD: under-write [NOT DETECTED]
ch = buffer[j]; // BAD: under-read [NOT DETECTED]
}
for (k = 0; k <= 100; k++)
{
buffer[k] = 'x'; // BAD: over-write
@@ -187,7 +187,7 @@ void test8(int unbounded)
{
buffer[i] = 0; // GOOD
}
for (i = 0; i < v2; i++)
{
buffer[i] = 0; // BAD: over-write [NOT DETECTED]
@@ -226,7 +226,7 @@ void test9(int param)
memset(buffer3, 0, 33); // BAD: overrun write of buffer3
memset(buffer4, 0, 32); // GOOD
memset(buffer4, 0, 33); // BAD: overrun write of buffer4 (buffer3)
memcmp(buffer1, buffer2, 32); // GOOD
memcmp(buffer1, buffer2, 33); // BAD: overrun read of buffer1, buffer2
}
@@ -274,7 +274,7 @@ void test11()
memset(string, 0, 14); // GOOD
memset(string, 0, 15); // BAD: overrun write of string
}
{
char *buffer = new char[128];
@@ -284,7 +284,7 @@ void test11()
memset(buffer, 0, 128); // BAD: overrun write of buffer
}
{
char array[10] = "123";
@@ -309,7 +309,7 @@ void test12()
memset(&myVar, 0, sizeof(myVar)); // GOOD
memset(&myVar, 0, sizeof(myVar) + 1); // BAD: overrun write of myVar
memset(myVar.buffer, 0, 16); // GOOD
memset(myVar.buffer, 0, 17); // BAD: overrun write of myVar.buffer
memset(myVar.buffer, 0, 17); // DUBIOUS: overrun write of myVar.buffer, but not out of myVar itself [NOT DETECTED]
memset(&(myVar.field), 0, sizeof(int)); // GOOD
memset(&(myVar.field), 0, sizeof(int) * 2); // BAD: overrun write of myVar.field
@@ -317,7 +317,7 @@ void test12()
memset(buf + 8, 0, 9); // BAD: overrun write of buf [NOT DETECTED]
memset(dbuf + 8, 0, 8); // GOOD
memset(dbuf + 8, 0, 9); // BAD: overrun write of dbuf [NOT DETECTED]
{
myStruct *myPtr1 = &myVar;
myStruct *myPtr2;
@@ -331,17 +331,19 @@ void test12()
{
void *myPtr3 = (void *)(&myVar);
memset(myPtr3, 0, sizeof(myStruct)); // GOOD
memset(myPtr3, 0, sizeof(myStruct) + 1); // BAD: overrun write of myVar
}
}
void test13()
void test13(char *argArray)
{
char charArray[10];
int intArray[10];
myStruct structArray[10];
char *ptrArray = charArray;
char *ptrArrayOffset = charArray + 1;
charArray[-1] = 1; // BAD: underrun write
charArray[0] = 1; // GOOD
@@ -363,7 +365,26 @@ void test13()
charArray[9] = (char)intArray[9]; // GOOD
charArray[9] = (char)intArray[10]; // BAD: overrun read
ptrArray[-2] = 1; // BAD: underrun write
ptrArray[-1] = 1; // BAD: underrun write
ptrArray[0] = 1; // GOOD
ptrArray[8] = 1; // GOOD
ptrArray[9] = 1; // GOOD
ptrArray[10] = 1; // BAD: overrun write
ptrArrayOffset[-2] = 1; // BAD: underrun write [NOT DETECTED]
ptrArrayOffset[-1] = 1; // GOOD (there is room for this)
ptrArrayOffset[0] = 1; // GOOD
ptrArrayOffset[8] = 1; // GOOD
ptrArrayOffset[9] = 1; // BAD: overrun write [NOT DETECTED]
ptrArrayOffset[10] = 1; // BAD: overrun write [NOT DETECTED]
argArray[-1] = 1; // BAD: underrun write [NOT DETECTED]
argArray[0] = 1; // GOOD
argArray[1] = 1; // GOOD (we can't tell the length of this array)
argArray[999] = 1; // GOOD (we can't tell the length of this array)
{
unsigned short *buffer1 = (unsigned short *)malloc(sizeof(short) * 50);
unsigned short *buffer2 = (unsigned short *)malloc(101); // 50.5 shorts
@@ -442,13 +463,13 @@ void test17(long long *longArray)
{
int intArray[5];
((char *)intArray)[-3] = 0; // BAD: underrun write
}
{
int multi[10][10];
multi[5][5] = 0; // GOOD
multi[-5][5] = 0; // BAD: underrun write [INCORRECT MESSAGE]
@@ -511,7 +532,7 @@ void test19(bool b)
p2 = (char *)malloc(20);
p3 = (char *)malloc(20);
}
// ...
if (b)
@@ -663,7 +684,7 @@ void test27(){
char buffer[MAX_SIZE];
strncpy(dest, src, 8); // GOOD, strncpy will not read past null terminator of source
if(IND < MAX_SIZE){
buffer[IND] = 0; // GOOD: out of bounds, but inaccessible code
}
@@ -739,7 +760,7 @@ struct AnonUnionInStruct
unsigned int a_2;
unsigned int b_2;
};
};
};
unsigned int d;
void test37() {
@@ -869,6 +890,173 @@ struct S2 {
}
};
typedef int MyArray[10];
typedef struct _MyArrayArray {
struct {
int as[10];
} bs[10];
union {
int i;
char cs[4];
} ds[10];
struct {
MyArray xs;
} ys[10];
} MyArrayArray;
void test26() {
MyArrayArray maa;
maa.bs[0].as[-1] = 0; // BAD: underrun write [NOT DETECTED]
maa.bs[0].as[0] = 0; // GOOD
maa.bs[0].as[99] = 0; // GOOD (overflows into bs[9])
maa.bs[0].as[100] = 0; // BAD: overrun write [NOT DETECTED]
maa.bs[1].as[-1] = 0; // GOOD (underflows into bs[0])
maa.bs[1].as[0] = 0; // GOOD
maa.bs[1].as[99] = 0; // BAD: overrun write [NOT DETECTED]
maa.bs[1].as[100] = 0; // BAD: overrun write[ NOT DETECTED]
maa.ds[0].i = 0; // GOOD
maa.ds[9].i = 0; // GOOD
maa.ds[10].i = 0; // BAD: overrun write [NOT DETECTED]
maa.ds[0].cs[0] = 0; // GOOD
maa.ds[0].cs[3] = 0; // GOOD
maa.ds[0].cs[4] = 0; // GOOD (overflows into vs[1])
maa.ds[0].cs[39] = 0; // GOOD (overflows into vs[9])
maa.ds[0].cs[40] = 0; // BAD: overrun write [NOT DETECTED]
maa.ds[9].cs[0] = 0; // GOOD
maa.ds[9].cs[3] = 0; // GOOD
maa.ds[9].cs[4] = 0; // BAD: overrun write [NOT DETECTED]
maa.ys[0].xs[-1] = 0; // BAD: underrun write [NOT DETECTED]
maa.ys[0].xs[0] = 0; // GOOD
maa.ys[0].xs[99] = 0; // GOOD (overflows into bs[9])
maa.ys[0].xs[100] = 0; // BAD: overrun write [NOT DETECTED]
maa.ys[1].xs[-1] = 0; // GOOD (underflows into ys[0])
maa.ys[1].xs[0] = 0; // GOOD
maa.ys[1].xs[99] = 0; // BAD: overrun write [NOT DETECTED]
maa.ys[1].xs[100] = 0; // BAD: overrun write [NOT DETECTED]
char zs[2][2];
zs[0][-1] = 0; // BAD: underrun write [NOT DETECTED]
zs[0][0] = 0; // GOOD
zs[0][1] = 0; // GOOD
zs[0][2] = 0; // GOOD
zs[0][3] = 0; // GOOD
zs[0][4] = 0; // BAD: overrun write [NOT DETECTED]
zs[1][-3] = 0; // BAD: underrun write [NOT DETECTED]
zs[1][-2] = 0; // GOOD
zs[1][-1] = 0; // GOOD
zs[1][0] = 0; // GOOD
zs[1][1] = 0; // GOOD
zs[1][2] = 0; // BAD: overrun write [NOT DETECTED]
}
struct Array10 {
int values[10];
};
void test27(size_t s) {
Array10 arr;
if (s < sizeof(arr.values[10])) { // GOOD (harmless)
// ...
}
if (s < offsetof(Array10, values[10])) { // GOOD (harmless)
// ...
}
if (s < &(arr.values[10]) - &(arr.values[0])) { // GOOD (harmless)
// ...
}
}
bool cond();
void test28() {
int arr[10];
int *ptr1 = arr;
ptr1[-1] = 0; // BAD: underrun write
ptr1++;
ptr1[-1] = 0; // GOOD
int *ptr2 = arr;
ptr2[-1] = 0; // BAD: underrun write
*ptr2++;
ptr2[-1] = 0; // GOOD
int *ptr3 = arr;
ptr3[-1] = 0; // BAD: underrun write
if (cond()) {
ptr3++;
}
ptr3[-1] = 0; // GOOD (depending what cond() does)
int *ptr4 = arr;
ptr4[-1] = 0; // BAD: underrun write
while (true) {
ptr4++;
if (cond()) break;
}
ptr4[-1] = 0; // GOOD
int *ptr5 = arr;
ptr5[-1] = 0; // BAD: underrun write
while (true) {
if (cond()) ptr5++;
if (cond()) break;
}
ptr5[-1] = 0; // GOOD (depending what cond() does)
}
typedef int myInt29;
typedef myInt29 myArray29[10];
struct _myStruct29 {
myArray29 arr1;
myInt29 arr2[20];
};
typedef _myStruct29 myStruct29;
void test29() {
myStruct29 *ptr;
memset(ptr->arr1, 0, sizeof(ptr->arr1) + sizeof(ptr->arr2)); // GOOD (overwrites arr1, arr2)
memset(&(ptr->arr1[0]), 0, sizeof(ptr->arr1) + sizeof(ptr->arr2)); // GOOD (overwrites arr1, arr2)
memset(ptr->arr1, 0, sizeof(ptr->arr1) + sizeof(ptr->arr2) + 10); // BAD
}
struct UnionStruct {
int a;
union {
char buffer1[64];
int b;
};
union {
char buffer2[64];
int c;
};
};
void test30() {
UnionStruct us;
memset(us.buffer1, 0, sizeof(us.buffer1)); // GOOD
memset(us.buffer1, 0, sizeof(us)); // BAD
memset(us.buffer2, 0, sizeof(us.buffer2)); // GOOD
memset(us.buffer2, 0, sizeof(us)); // BAD
strncpy(us.buffer1, "", sizeof(us.buffer1) - 1); // GOOD
strncpy(us.buffer1, "", sizeof(us) - 1); // BAD
strncpy(us.buffer2, "", sizeof(us.buffer2) - 1); // GOOD
strncpy(us.buffer2, "", sizeof(us) - 1); // BAD
}
int tests_main(int argc, char *argv[])
{
long long arr17[19];
@@ -896,6 +1084,11 @@ int tests_main(int argc, char *argv[])
test23();
test24(argv[0]);
test25(argv[0]);
test26();
test27(argc);
test28();
test29();
test30();
return 0;
}

4
cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/var_size_struct.cpp
View File

@@ -96,9 +96,9 @@ void testNotVarStruct1() {
notVarStruct1 *nvs1 = (notVarStruct1 *)malloc(sizeof(notVarStruct1) * 2);
memset(nvs1->str, 0, 128); // GOOD
memset(nvs1->str, 0, 129); // BAD: buffer overflow
memset(nvs1->str, 0, 129); // DUBIOUS: buffer overflow (overflows nvs1->str but not nvs1 overall)
memset(nvs1[1].str, 0, 128); // GOOD
memset(nvs1[1].str, 0, 129); // BAD: buffer overflow
memset(nvs1[1].str, 0, 129); // BAD: buffer overflow [NOT DETECTED]
strncpy(nvs1->str, "Hello, world!", 128); // GOOD
strncpy(nvs1->str, "Hello, world!", 129); // BAD
}

15
cpp/ql/test/query-tests/Security/CWE/CWE-120/semmle/tests/VeryLikelyOverrunWrite.expected
View File

@@ -16,6 +16,17 @@
| tests.c:136:2:136:8 | call to sprintf | This 'call to sprintf' operation requires 11 bytes but the destination is only 10 bytes. |
| tests.c:186:3:186:9 | call to sprintf | This 'call to sprintf' operation requires 9 bytes but the destination is only 2 bytes. |
| tests.c:189:3:189:9 | call to sprintf | This 'call to sprintf' operation requires 3 bytes but the destination is only 2 bytes. |
| unions.c:26:2:26:7 | call to strcpy | This 'call to strcpy' operation requires 21 bytes but the destination is only 16 bytes. |
| unions.c:27:2:27:7 | call to strcpy | This 'call to strcpy' operation requires 21 bytes but the destination is only 16 bytes. |
| unions.c:26:2:26:7 | call to strcpy | This 'call to strcpy' operation requires 21 bytes but the destination is only 15 bytes. |
| unions.c:27:2:27:7 | call to strcpy | This 'call to strcpy' operation requires 21 bytes but the destination is only 15 bytes. |
| var_size_struct.cpp:22:3:22:8 | call to strcpy | This 'call to strcpy' operation requires 10 bytes but the destination is only 9 bytes. |
| varbuffer.c:15:5:15:10 | call to strcpy | This 'call to strcpy' operation requires 2 bytes but the destination is only 1 bytes. |
| varbuffer.c:16:5:16:10 | call to strcpy | This 'call to strcpy' operation requires 10 bytes but the destination is only 1 bytes. |
| varbuffer.c:23:5:23:10 | call to strcpy | This 'call to strcpy' operation requires 12 bytes but the destination is only 11 bytes. |
| varbuffer.c:24:5:24:10 | call to strcpy | This 'call to strcpy' operation requires 17 bytes but the destination is only 11 bytes. |
| varbuffer.c:39:5:39:10 | call to strcpy | This 'call to strcpy' operation requires 3 bytes but the destination is only 2 bytes. |
| varbuffer.c:40:5:40:10 | call to strcpy | This 'call to strcpy' operation requires 10 bytes but the destination is only 2 bytes. |
| varbuffer.c:45:5:45:10 | call to strcpy | This 'call to strcpy' operation requires 10 bytes but the destination is only 2 bytes. |
| varbuffer.c:46:5:46:10 | call to strcpy | This 'call to strcpy' operation requires 17 bytes but the destination is only 2 bytes. |
| varbuffer.c:60:5:60:10 | call to strcpy | This 'call to strcpy' operation requires 2 bytes but the destination is only 1 bytes. |
| varbuffer.c:61:5:61:10 | call to strcpy | This 'call to strcpy' operation requires 10 bytes but the destination is only 1 bytes. |
| varbuffer.c:67:5:67:10 | call to strcpy | This 'call to strcpy' operation requires 17 bytes but the destination is only 11 bytes. |

69
cpp/ql/test/query-tests/Security/CWE/CWE-120/semmle/tests/varbuffer.c Normal file
View File

@@ -0,0 +1,69 @@
// Further test cases for CWE-120.
typedef unsigned long size_t;
typedef struct _MyVarStruct {
size_t len;
char buffer[1]; // variable size buffer
} MyVarStruct;
void testMyVarStruct()
{
MyVarStruct *ptr1 = (MyVarStruct*)malloc(sizeof(MyVarStruct));
ptr1->len = 0;
strcpy(ptr1->buffer, ""); // GOOD
strcpy(ptr1->buffer, "1"); // BAD: length 2, but destination only has length 1
strcpy(ptr1->buffer, "123456789"); // BAD: length 10, but destination only has length 1
// ...
MyVarStruct *ptr2 = (MyVarStruct*)malloc(sizeof(MyVarStruct) + (sizeof(char) * 10));
ptr2->len = 10;
strcpy(ptr2->buffer, "123456789"); // GOOD
strcpy(ptr2->buffer, "1234567890"); // GOOD
strcpy(ptr2->buffer, "1234567890a"); // BAD: length 12, but destination only has length 11
strcpy(ptr2->buffer, "1234567890abcdef"); // BAD: length 17, but destination only has length 11
// ...
}
typedef struct MyFixedStruct1 {
int len;
char buffer[2]; // assumed to be a fixed size buffer
} MyFixedStruct1;
void testMyFixedStruct()
{
MyFixedStruct1 *ptr1 = (MyFixedStruct1 *)malloc(sizeof(MyFixedStruct1));
ptr1->len = 1;
strcpy(ptr1->buffer, ""); // GOOD
strcpy(ptr1->buffer, "1"); // GOOD
strcpy(ptr1->buffer, "12"); // BAD: length 3, but destination only has length 2
strcpy(ptr1->buffer, "123456789"); // BAD: length 10, but destination only has length 2
// ...
MyFixedStruct1 *ptr2 = (MyFixedStruct1*)malloc(sizeof(MyFixedStruct1) + (sizeof(char) * 10));
ptr2->len = 11;
strcpy(ptr2->buffer, "123456789"); // BAD / DUBIOUS: length 10, but destination only has length 2
strcpy(ptr2->buffer, "1234567890abcdef"); // BAD: length 17, but destination only has length 2
// ...
}
typedef struct _MyFixedStruct2 {
char buffer[1]; // fixed size buffer
size_t len;
} MyFixedStruct2;
void testMyFixedStruct2()
{
MyFixedStruct2 *ptr1 = (MyFixedStruct2 *)malloc(sizeof(MyFixedStruct2));
ptr1->len = 1;
strcpy(ptr1->buffer, ""); // GOOD
strcpy(ptr1->buffer, "1"); // BAD: length 2, but destination only has length 1
strcpy(ptr1->buffer, "123456789"); // BAD: length 10, but destination only has length 1
// ...
MyFixedStruct2 *ptr2 = (MyFixedStruct2*)malloc(sizeof(MyFixedStruct2) + (sizeof(char) * 10));
ptr2->len = 11;
strcpy(ptr2->buffer, "123456789"); // BAD: length 10, but destination only has length 1 [NOT DETECTED]
strcpy(ptr2->buffer, "1234567890abcdef"); // BAD: length 17, but destination only has length 1
// ...
}

42
csharp/documentation/library-coverage/coverage.csv
View File

@@ -2,51 +2,45 @@ package,sink,source,summary,sink:code-injection,sink:encryption-decryptor,sink:e
Amazon.Lambda.APIGatewayEvents,,6,,,,,,,,,,,,,,,,,6,,,,
Amazon.Lambda.Core,10,,,,,,,,,,,10,,,,,,,,,,,
Dapper,55,42,1,,,,,,,,,,55,,42,,,,,,,,1
ILCompiler,,,123,,,,,,,,,,,,,,,,,,,79,44
ILLink.RoslynAnalyzer,,,139,,,,,,,,,,,,,,,,,,,50,89
ILLink.Shared,,,31,,,,,,,,,,,,,,,,,,,11,20
ILCompiler,,,121,,,,,,,,,,,,,,,,,,,77,44
ILLink.RoslynAnalyzer,,,107,,,,,,,,,,,,,,,,,,,31,76
ILLink.Shared,,,37,,,,,,,,,,,,,,,,,,,11,26
ILLink.Tasks,,,5,,,,,,,,,,,,,,,,,,,4,1
Internal.IL,,,54,,,,,,,,,,,,,,,,,,,28,26
Internal.Pgo,,,9,,,,,,,,,,,,,,,,,,,2,7
Internal.TypeSystem,,,329,,,,,,,,,,,,,,,,,,,201,128
JsonToItemsTaskFactory,,,11,,,,,,,,,,,,,,,,,,,1,10
Microsoft.Android.Build,,1,14,,,,,,,,,,,,,1,,,,,,12,2
Microsoft.Apple.Build,,,7,,,,,,,,,,,,,,,,,,,7,
Internal.TypeSystem,,,345,,,,,,,,,,,,,,,,,,,205,140
Microsoft.ApplicationBlocks.Data,28,,,,,,,,,,,,28,,,,,,,,,,
Microsoft.AspNetCore.Components,2,4,2,,,,,,,2,,,,,,,,,4,,,1,1
Microsoft.AspNetCore.Http,,,1,,,,,,,,,,,,,,,,,,,1,
Microsoft.AspNetCore.Mvc,,,2,,,,,,,,,,,,,,,,,,,,2
Microsoft.AspNetCore.WebUtilities,,,2,,,,,,,,,,,,,,,,,,,2,
Microsoft.CSharp,,,2,,,,,,,,,,,,,,,,,,,2,
Microsoft.Diagnostics.Tools.Pgo,,,25,,,,,,,,,,,,,,,,,,,2,23
Microsoft.DotNet.Build.Tasks,,,10,,,,,,,,,,,,,,,,,,,8,2
Microsoft.Diagnostics.Tools.Pgo,,,23,,,,,,,,,,,,,,,,,,,,23
Microsoft.DotNet.Build.Tasks,,,11,,,,,,,,,,,,,,,,,,,9,2
Microsoft.DotNet.PlatformAbstractions,,,1,,,,,,,,,,,,,,,,,,,1,
Microsoft.EntityFrameworkCore,6,,12,,,,,,,,,,6,,,,,,,,,,12
Microsoft.Extensions.Caching.Distributed,,,3,,,,,,,,,,,,,,,,,,,,3
Microsoft.Extensions.Caching.Memory,,,37,,,,,,,,,,,,,,,,,,,5,32
Microsoft.Extensions.Configuration,,3,101,,,,,,,,,,,,,3,,,,,,29,72
Microsoft.Extensions.DependencyInjection,,,202,,,,,,,,,,,,,,,,,,,15,187
Microsoft.Extensions.DependencyModel,,1,16,,,,,,,,,,,,,1,,,,,,14,2
Microsoft.Extensions.Configuration,,3,123,,,,,,,,,,,,,3,,,,,,40,83
Microsoft.Extensions.DependencyInjection,,,209,,,,,,,,,,,,,,,,,,,15,194
Microsoft.Extensions.DependencyModel,,1,57,,,,,,,,,,,,,1,,,,,,13,44
Microsoft.Extensions.Diagnostics.Metrics,,,14,,,,,,,,,,,,,,,,,,,1,13
Microsoft.Extensions.FileProviders,,,17,,,,,,,,,,,,,,,,,,,7,10
Microsoft.Extensions.FileSystemGlobbing,,,21,,,,,,,,,,,,,,,,,,,10,11
Microsoft.Extensions.Hosting,,,58,,,,,,,,,,,,,,,,,,,29,29
Microsoft.Extensions.FileProviders,,,18,,,,,,,,,,,,,,,,,,,8,10
Microsoft.Extensions.FileSystemGlobbing,,,37,,,,,,,,,,,,,,,,,,,13,24
Microsoft.Extensions.Hosting,,,61,,,,,,,,,,,,,,,,,,,29,32
Microsoft.Extensions.Http,,,9,,,,,,,,,,,,,,,,,,,7,2
Microsoft.Extensions.Logging,,,91,,,,,,,,,,,,,,,,,,,25,66
Microsoft.Extensions.Options,,,68,,,,,,,,,,,,,,,,,,,44,24
Microsoft.Extensions.Primitives,,,73,,,,,,,,,,,,,,,,,,,67,6
Microsoft.Interop,,,159,,,,,,,,,,,,,,,,,,,75,84
Microsoft.Extensions.Logging,,,107,,,,,,,,,,,,,,,,,,,26,81
Microsoft.Extensions.Options,,,174,,,,,,,,,,,,,,,,,,,48,126
Microsoft.Extensions.Primitives,,,76,,,,,,,,,,,,,,,,,,,67,9
Microsoft.Interop,,,216,,,,,,,,,,,,,,,,,,,71,145
Microsoft.JSInterop,2,,,,,,,,,,2,,,,,,,,,,,,
Microsoft.NET.Build.Tasks,,,5,,,,,,,,,,,,,,,,,,,3,2
Microsoft.NET.Sdk.WebAssembly,,,2,,,,,,,,,,,,,,,,,,,1,1
Microsoft.NET.WebAssembly.Webcil,,,6,,,,,,,,,,,,,,,,,,,6,
Microsoft.VisualBasic,,,13,,,,,,,,,,,,,,,,,,,1,12
Microsoft.WebAssembly.Build.Tasks,,,9,,,,,,,,,,,,,,,,,,,8,1
Microsoft.Win32,,4,2,,,,,,,,,,,,,,,,,,4,,2
Mono.Linker,,,293,,,,,,,,,,,,,,,,,,,145,148
Mono.Linker,,,280,,,,,,,,,,,,,,,,,,,129,151
MySql.Data.MySqlClient,48,,,,,,,,,,,,48,,,,,,,,,,
Newtonsoft.Json,,,91,,,,,,,,,,,,,,,,,,,73,18
ServiceStack,194,,7,27,,,,,75,,,,92,,,,,,,,,7,
SourceGenerators,,,5,,,,,,,,,,,,,,,,,,,,5
System,54,47,10864,,6,5,5,,,4,1,,33,2,,6,15,17,4,3,,5547,5317
System,54,47,12241,,6,5,5,,,4,1,,33,2,,6,15,17,4,3,,5941,6300
Windows.Security.Cryptography.Core,1,,,,,,,1,,,,,,,,,,,,,,,
1 package sink source summary sink:code-injection sink:encryption-decryptor sink:encryption-encryptor sink:encryption-keyprop sink:encryption-symmetrickey sink:file-content-store sink:html-injection sink:js-injection sink:log-injection sink:sql-injection source:commandargs source:database source:environment source:file source:file-write source:remote source:stdin source:windows-registry summary:taint summary:value
2 Amazon.Lambda.APIGatewayEvents 6 6
3 Amazon.Lambda.Core 10 10
4 Dapper 55 42 1 55 42 1
5 ILCompiler 123 121 79 77 44
6 ILLink.RoslynAnalyzer 139 107 50 31 89 76
7 ILLink.Shared 31 37 11 20 26
8 ILLink.Tasks 5 4 1
9 Internal.IL 54 28 26
10 Internal.Pgo 9 2 7
11 Internal.TypeSystem 329 345 201 205 128 140
JsonToItemsTaskFactory 11 1 10
Microsoft.Android.Build 1 14 1 12 2
Microsoft.Apple.Build 7 7
12 Microsoft.ApplicationBlocks.Data 28 28
13 Microsoft.AspNetCore.Components 2 4 2 2 4 1 1
14 Microsoft.AspNetCore.Http 1 1
15 Microsoft.AspNetCore.Mvc 2 2
16 Microsoft.AspNetCore.WebUtilities 2 2
17 Microsoft.CSharp 2 2
18 Microsoft.Diagnostics.Tools.Pgo 25 23 2 23
19 Microsoft.DotNet.Build.Tasks 10 11 8 9 2
20 Microsoft.DotNet.PlatformAbstractions 1 1
21 Microsoft.EntityFrameworkCore 6 12 6 12
22 Microsoft.Extensions.Caching.Distributed 3 3
23 Microsoft.Extensions.Caching.Memory 37 5 32
24 Microsoft.Extensions.Configuration 3 101 123 3 29 40 72 83
25 Microsoft.Extensions.DependencyInjection 202 209 15 187 194
26 Microsoft.Extensions.DependencyModel 1 16 57 1 14 13 2 44
27 Microsoft.Extensions.Diagnostics.Metrics 14 1 13
28 Microsoft.Extensions.FileProviders 17 18 7 8 10
29 Microsoft.Extensions.FileSystemGlobbing 21 37 10 13 11 24
30 Microsoft.Extensions.Hosting 58 61 29 29 32
31 Microsoft.Extensions.Http 9 7 2
32 Microsoft.Extensions.Logging 91 107 25 26 66 81
33 Microsoft.Extensions.Options 68 174 44 48 24 126
34 Microsoft.Extensions.Primitives 73 76 67 6 9
35 Microsoft.Interop 159 216 75 71 84 145
36 Microsoft.JSInterop 2 2
37 Microsoft.NET.Build.Tasks 5 3 2
Microsoft.NET.Sdk.WebAssembly 2 1 1
Microsoft.NET.WebAssembly.Webcil 6 6
38 Microsoft.VisualBasic 13 1 12
Microsoft.WebAssembly.Build.Tasks 9 8 1
39 Microsoft.Win32 4 2 4 2
40 Mono.Linker 293 280 145 129 148 151
41 MySql.Data.MySqlClient 48 48
42 Newtonsoft.Json 91 73 18
43 ServiceStack 194 7 27 75 92 7
44 SourceGenerators 5 5
45 System 54 47 10864 12241 6 5 5 4 1 33 2 6 15 17 4 3 5547 5941 5317 6300
46 Windows.Security.Cryptography.Core 1 1

6
csharp/documentation/library-coverage/coverage.rst
View File

@@ -8,7 +8,7 @@ C# framework & library support
Framework / library,Package,Flow sources,Taint & value steps,Sinks (total),`CWE-079` :sub:`Cross-site scripting`
`ServiceStack <https://servicestack.net/>`_,"``ServiceStack.*``, ``ServiceStack``",,7,194,
System,"``System.*``, ``System``",47,10864,54,5
Others,"``Amazon.Lambda.APIGatewayEvents``, ``Amazon.Lambda.Core``, ``Dapper``, ``ILCompiler``, ``ILLink.RoslynAnalyzer``, ``ILLink.Shared``, ``ILLink.Tasks``, ``Internal.IL``, ``Internal.Pgo``, ``Internal.TypeSystem``, ``JsonToItemsTaskFactory``, ``Microsoft.Android.Build``, ``Microsoft.Apple.Build``, ``Microsoft.ApplicationBlocks.Data``, ``Microsoft.AspNetCore.Components``, ``Microsoft.AspNetCore.Http``, ``Microsoft.AspNetCore.Mvc``, ``Microsoft.AspNetCore.WebUtilities``, ``Microsoft.CSharp``, ``Microsoft.Diagnostics.Tools.Pgo``, ``Microsoft.DotNet.Build.Tasks``, ``Microsoft.DotNet.PlatformAbstractions``, ``Microsoft.EntityFrameworkCore``, ``Microsoft.Extensions.Caching.Distributed``, ``Microsoft.Extensions.Caching.Memory``, ``Microsoft.Extensions.Configuration``, ``Microsoft.Extensions.DependencyInjection``, ``Microsoft.Extensions.DependencyModel``, ``Microsoft.Extensions.Diagnostics.Metrics``, ``Microsoft.Extensions.FileProviders``, ``Microsoft.Extensions.FileSystemGlobbing``, ``Microsoft.Extensions.Hosting``, ``Microsoft.Extensions.Http``, ``Microsoft.Extensions.Logging``, ``Microsoft.Extensions.Options``, ``Microsoft.Extensions.Primitives``, ``Microsoft.Interop``, ``Microsoft.JSInterop``, ``Microsoft.NET.Build.Tasks``, ``Microsoft.NET.Sdk.WebAssembly``, ``Microsoft.NET.WebAssembly.Webcil``, ``Microsoft.VisualBasic``, ``Microsoft.WebAssembly.Build.Tasks``, ``Microsoft.Win32``, ``Mono.Linker``, ``MySql.Data.MySqlClient``, ``Newtonsoft.Json``, ``SourceGenerators``, ``Windows.Security.Cryptography.Core``",61,2075,152,4
Totals,,108,12946,400,9
System,"``System.*``, ``System``",47,12241,54,5
Others,"``Amazon.Lambda.APIGatewayEvents``, ``Amazon.Lambda.Core``, ``Dapper``, ``ILCompiler``, ``ILLink.RoslynAnalyzer``, ``ILLink.Shared``, ``ILLink.Tasks``, ``Internal.IL``, ``Internal.Pgo``, ``Internal.TypeSystem``, ``Microsoft.ApplicationBlocks.Data``, ``Microsoft.AspNetCore.Components``, ``Microsoft.AspNetCore.Http``, ``Microsoft.AspNetCore.Mvc``, ``Microsoft.AspNetCore.WebUtilities``, ``Microsoft.CSharp``, ``Microsoft.Diagnostics.Tools.Pgo``, ``Microsoft.DotNet.Build.Tasks``, ``Microsoft.DotNet.PlatformAbstractions``, ``Microsoft.EntityFrameworkCore``, ``Microsoft.Extensions.Caching.Distributed``, ``Microsoft.Extensions.Caching.Memory``, ``Microsoft.Extensions.Configuration``, ``Microsoft.Extensions.DependencyInjection``, ``Microsoft.Extensions.DependencyModel``, ``Microsoft.Extensions.Diagnostics.Metrics``, ``Microsoft.Extensions.FileProviders``, ``Microsoft.Extensions.FileSystemGlobbing``, ``Microsoft.Extensions.Hosting``, ``Microsoft.Extensions.Http``, ``Microsoft.Extensions.Logging``, ``Microsoft.Extensions.Options``, ``Microsoft.Extensions.Primitives``, ``Microsoft.Interop``, ``Microsoft.JSInterop``, ``Microsoft.NET.Build.Tasks``, ``Microsoft.VisualBasic``, ``Microsoft.Win32``, ``Mono.Linker``, ``MySql.Data.MySqlClient``, ``Newtonsoft.Json``, ``SourceGenerators``, ``Windows.Security.Cryptography.Core``",60,2272,152,4
Totals,,107,14520,400,9

4
csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 1.7.34
No user-facing changes.
## 1.7.33
No user-facing changes.

3
csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.34.md Normal file
View File

@@ -0,0 +1,3 @@
## 1.7.34
No user-facing changes.

2
csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.7.33
lastReleaseVersion: 1.7.34

2
csharp/ql/campaigns/Solorigate/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/csharp-solorigate-all
version: 1.7.34-dev
version: 1.7.35-dev
groups:
- csharp
- solorigate

4
csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 1.7.34
No user-facing changes.
## 1.7.33
No user-facing changes.

3
csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.34.md Normal file
View File

@@ -0,0 +1,3 @@
## 1.7.34
No user-facing changes.

2
csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.7.33
lastReleaseVersion: 1.7.34

2
csharp/ql/campaigns/Solorigate/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/csharp-solorigate-queries
version: 1.7.34-dev
version: 1.7.35-dev
groups:
- csharp
- solorigate

16
csharp/ql/consistency-queries/SsaConsistency.ql
View File

@@ -3,22 +3,6 @@ import semmle.code.csharp.dataflow.internal.SsaImpl as Impl
import Impl::Consistency
import Ssa
class MyRelevantDefinition extends RelevantDefinition, Ssa::Definition {
override predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
}
class MyRelevantDefinitionExt extends RelevantDefinitionExt, Impl::DefinitionExt {
override predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
}
query predicate localDeclWithSsaDef(LocalVariableDeclExpr d) {
// Local variables in C# must be initialized before every use, so uninitialized
// local variables should not have an SSA definition, as that would imply that

5
csharp/ql/integration-tests/posix/standalone_dependencies_nuget_config_error/global.json Normal file
View File

@@ -0,0 +1,5 @@
{
"sdk": {
"version": "9.0.100"
}
}

16
csharp/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,18 @@
## 5.1.0
### Deprecated APIs
* The predicates `immediatelyControls` and `controls` on the `ConditionBlock`
class have been deprecated in favor of the newly added `dominatingEdge`
predicate.
### Minor Analysis Improvements
* Full support for C# 13 / .NET 9. All new language features are now supported by the extractor. QL library and data flow support for the new C# 13 language constructs and generated MaD models for the .NET 9 runtime.
* C# 13: Add generated models for .NET 9.
* The models for `System.Net.Http.HttpRequestMessage` and `System.UriBuilder` have been modified to better model the flow of tainted URIs.
* Blazor `[Parameter]` fields bound to a variable from the route specified in the `@page` directive are now modeled as remote flow sources.
## 5.0.0
### Breaking Changes
@@ -53,7 +68,6 @@
### Minor Analysis Improvements
* .NET 9 is now required to build the C# extractor.
* The Models as Data models for .NET 8 Runtime now include generated models for higher order methods.
## 3.1.0

4
csharp/ql/lib/change-notes/2025-02-03-blazor-routing-parameters.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Blazor `[Parameter]` fields bound to a variable from the route specified in the `@page` directive are now modeled as remote flow sources.

1
csharp/ql/lib/change-notes/released/3.1.1.md
View File

@@ -2,5 +2,4 @@
### Minor Analysis Improvements
* .NET 9 is now required to build the C# extractor.
* The Models as Data models for .NET 8 Runtime now include generated models for higher order methods.

14
csharp/ql/lib/change-notes/released/5.1.0.md Normal file
View File

@@ -0,0 +1,14 @@
## 5.1.0
### Deprecated APIs
* The predicates `immediatelyControls` and `controls` on the `ConditionBlock`
class have been deprecated in favor of the newly added `dominatingEdge`
predicate.
### Minor Analysis Improvements
* Full support for C# 13 / .NET 9. All new language features are now supported by the extractor. QL library and data flow support for the new C# 13 language constructs and generated MaD models for the .NET 9 runtime.
* C# 13: Add generated models for .NET 9.
* The models for `System.Net.Http.HttpRequestMessage` and `System.UriBuilder` have been modified to better model the flow of tainted URIs.
* Blazor `[Parameter]` fields bound to a variable from the route specified in the `@page` directive are now modeled as remote flow sources.

2
csharp/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 5.0.0
lastReleaseVersion: 5.1.0

2
csharp/ql/lib/ext/System.Net.Http.model.yml
View File

@@ -10,6 +10,8 @@ extensions:
data:
- ["System.Net.Http", "HttpRequestMessage", False, "HttpRequestMessage", "(System.Net.Http.HttpMethod,System.String)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
- ["System.Net.Http", "HttpRequestMessage", False, "HttpRequestMessage", "(System.Net.Http.HttpMethod,System.String)", "", "Argument[1]", "Argument[this]", "taint", "manual"]
- ["System.Net.Http", "HttpRequestMessage", False, "HttpRequestMessage", "(System.Net.Http.HttpMethod,System.Uri)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
- ["System.Net.Http", "HttpRequestMessage", False, "HttpRequestMessage", "(System.Net.Http.HttpMethod,System.Uri)", "", "Argument[1]", "Argument[this]", "taint", "manual"]
- ["System.Net.Http", "HttpRequestOptions", False, "Add", "(System.Collections.Generic.KeyValuePair<System.String,System.Object>)", "", "Argument[0].Property[System.Collections.Generic.KeyValuePair`2.Key]", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key]", "value", "manual"]
- ["System.Net.Http", "HttpRequestOptions", False, "Add", "(System.Collections.Generic.KeyValuePair<System.String,System.Object>)", "", "Argument[0].Property[System.Collections.Generic.KeyValuePair`2.Value]", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value]", "value", "manual"]
- ["System.Net.Http", "MultipartContent", False, "Add", "(System.Net.Http.HttpContent)", "", "Argument[0]", "Argument[this].Element", "value", "manual"]

18
csharp/ql/lib/ext/System.model.yml
View File

@@ -784,6 +784,24 @@ extensions:
- ["System", "Uri", False, "get_OriginalString", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
- ["System", "Uri", False, "get_PathAndQuery", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
- ["System", "Uri", False, "get_Query", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
- ["System", "UriBuilder", False, "ToString", "()", "", "Argument[this].Property[System.UriBuilder.Scheme,System.UriBuilder.UserName,System.UriBuilder.Password,System.UriBuilder.Host,System.UriBuilder.Port,System.UriBuilder.Path,System.UriBuilder.Query,System.UriBuilder.Fragment]", "ReturnValue", "taint", "manual"]
- ["System", "UriBuilder", False, "UriBuilder", "(System.String)", "", "Argument[0]", "Argument[this].Property[System.UriBuilder.Scheme,System.UriBuilder.Host,System.UriBuilder.Port,System.UriBuilder.Path,System.UriBuilder.Query,System.UriBuilder.Fragment]", "taint", "manual"]
- ["System", "UriBuilder", False, "UriBuilder", "(System.Uri)", "", "Argument[0]", "Argument[this].Property[System.UriBuilder.Scheme,System.UriBuilder.Host,System.UriBuilder.Port,System.UriBuilder.Path,System.UriBuilder.Query,System.UriBuilder.Fragment]", "taint", "manual"]
- ["System", "UriBuilder", False, "UriBuilder", "(System.String,System.String)", "", "Argument[0]", "Argument[this].Property[System.UriBuilder.Scheme]", "taint", "manual"]
- ["System", "UriBuilder", False, "UriBuilder", "(System.String,System.String)", "", "Argument[1]", "Argument[this].Property[System.UriBuilder.Host]", "taint", "manual"]
- ["System", "UriBuilder", False, "UriBuilder", "(System.String,System.String,System.Int32)", "", "Argument[0]", "Argument[this].Property[System.UriBuilder.Scheme]", "taint", "manual"]
- ["System", "UriBuilder", False, "UriBuilder", "(System.String,System.String,System.Int32)", "", "Argument[1]", "Argument[this].Property[System.UriBuilder.Host]", "taint", "manual"]
- ["System", "UriBuilder", False, "UriBuilder", "(System.String,System.String,System.Int32)", "", "Argument[2]", "Argument[this].Property[System.UriBuilder.Port]", "taint", "manual"]
- ["System", "UriBuilder", False, "UriBuilder", "(System.String,System.String,System.Int32,System.String)", "", "Argument[0]", "Argument[this].Property[System.UriBuilder.Scheme]", "taint", "manual"]
- ["System", "UriBuilder", False, "UriBuilder", "(System.String,System.String,System.Int32,System.String)", "", "Argument[1]", "Argument[this].Property[System.UriBuilder.Host]", "taint", "manual"]
- ["System", "UriBuilder", False, "UriBuilder", "(System.String,System.String,System.Int32,System.String)", "", "Argument[2]", "Argument[this].Property[System.UriBuilder.Port]", "taint", "manual"]
- ["System", "UriBuilder", False, "UriBuilder", "(System.String,System.String,System.Int32,System.String)", "", "Argument[3]", "Argument[this].Property[System.UriBuilder.Path]", "taint", "manual"]
- ["System", "UriBuilder", False, "UriBuilder", "(System.String,System.String,System.Int32,System.String,System.String)", "", "Argument[0]", "Argument[this].Property[System.UriBuilder.Scheme]", "taint", "manual"]
- ["System", "UriBuilder", False, "UriBuilder", "(System.String,System.String,System.Int32,System.String,System.String)", "", "Argument[1]", "Argument[this].Property[System.UriBuilder.Host]", "taint", "manual"]
- ["System", "UriBuilder", False, "UriBuilder", "(System.String,System.String,System.Int32,System.String,System.String)", "", "Argument[2]", "Argument[this].Property[System.UriBuilder.Port]", "taint", "manual"]
- ["System", "UriBuilder", False, "UriBuilder", "(System.String,System.String,System.Int32,System.String,System.String)", "", "Argument[3]", "Argument[this].Property[System.UriBuilder.Path]", "taint", "manual"]
- ["System", "UriBuilder", False, "UriBuilder", "(System.String,System.String,System.Int32,System.String,System.String)", "", "Argument[4]", "Argument[this].Property[System.UriBuilder.Query,System.UriBuilder.Fragment]", "taint", "manual"]
- ["System", "UriBuilder", False, "get_Uri", "()", "", "Argument[this].Property[System.UriBuilder.Scheme,System.UriBuilder.UserName,System.UriBuilder.Password,System.UriBuilder.Host,System.UriBuilder.Port,System.UriBuilder.Path,System.UriBuilder.Query,System.UriBuilder.Fragment]", "ReturnValue", "taint", "manual"]
- ["System", "ValueTuple", False, "Create<T1,T2,T3,T4,T5,T6,T7,T8>", "(T1,T2,T3,T4,T5,T6,T7,T8)", "", "Argument[0]", "ReturnValue.Field[System.ValueTuple`8.Item1]", "value", "manual"]
- ["System", "ValueTuple", False, "Create<T1,T2,T3,T4,T5,T6,T7,T8>", "(T1,T2,T3,T4,T5,T6,T7,T8)", "", "Argument[1]", "ReturnValue.Field[System.ValueTuple`8.Item2]", "value", "manual"]
- ["System", "ValueTuple", False, "Create<T1,T2,T3,T4,T5,T6,T7,T8>", "(T1,T2,T3,T4,T5,T6,T7,T8)", "", "Argument[2]", "ReturnValue.Field[System.ValueTuple`8.Item3]", "value", "manual"]

7
csharp/ql/lib/ext/generated/AssemblyStripper.model.yml
View File

@@ -1,7 +0,0 @@
# THIS FILE IS AN AUTO-GENERATED MODELS AS DATA FILE. DO NOT EDIT.
extensions:
- addsTo:
pack: codeql/csharp-all
extensible: neutralModel
data:
- ["AssemblyStripper", "AssemblyStripper", "StripAssembly", "(System.String,System.String)", "summary", "df-generated"]

1
csharp/ql/lib/ext/generated/Generators.model.yml
View File

@@ -5,3 +5,4 @@ extensions:
extensible: neutralModel
data:
- ["Generators", "EventSourceGenerator", "Initialize", "(Microsoft.CodeAnalysis.IncrementalGeneratorInitializationContext)", "summary", "df-generated"]
- ["Generators", "ProductVersionInfoGenerator", "Initialize", "(Microsoft.CodeAnalysis.IncrementalGeneratorInitializationContext)", "summary", "df-generated"]

2
csharp/ql/lib/ext/generated/ILCompiler.Reflection.ReadyToRun.Amd64.model.yml
View File

@@ -12,7 +12,7 @@ extensions:
extensible: neutralModel
data:
- ["ILCompiler.Reflection.ReadyToRun.Amd64", "GcInfo+SafePointOffset", "SafePointOffset", "(System.Int32,System.UInt32)", "summary", "df-generated"]
- ["ILCompiler.Reflection.ReadyToRun.Amd64", "GcInfo", "GcInfo", "(System.Byte[],System.Int32,System.Reflection.PortableExecutable.Machine,System.UInt16)", "summary", "df-generated"]
- ["ILCompiler.Reflection.ReadyToRun.Amd64", "GcInfo", "GcInfo", "(System.Byte[],System.Int32,System.Reflection.PortableExecutable.Machine,System.UInt16,System.UInt16)", "summary", "df-generated"]
- ["ILCompiler.Reflection.ReadyToRun.Amd64", "GcInfo", "ToString", "()", "summary", "df-generated"]
- ["ILCompiler.Reflection.ReadyToRun.Amd64", "GcSlotTable+GcSlot", "WriteTo", "(System.Text.StringBuilder,System.Reflection.PortableExecutable.Machine,ILCompiler.Reflection.ReadyToRun.GcSlotFlags)", "summary", "df-generated"]
- ["ILCompiler.Reflection.ReadyToRun.Amd64", "GcSlotTable", "GcSlotTable", "(System.Byte[],System.Reflection.PortableExecutable.Machine,ILCompiler.Reflection.ReadyToRun.GcInfoTypes,System.Int32)", "summary", "df-generated"]

11
csharp/ql/lib/ext/generated/ILCompiler.Reflection.ReadyToRun.RiscV64.model.yml Normal file
View File

@@ -0,0 +1,11 @@
# THIS FILE IS AN AUTO-GENERATED MODELS AS DATA FILE. DO NOT EDIT.
extensions:
- addsTo:
pack: codeql/csharp-all
extensible: neutralModel
data:
- ["ILCompiler.Reflection.ReadyToRun.RiscV64", "Epilog", "Epilog", "(System.Int32,System.Int32,System.UInt32)", "summary", "df-generated"]
- ["ILCompiler.Reflection.ReadyToRun.RiscV64", "Epilog", "ToString", "()", "summary", "df-generated"]
- ["ILCompiler.Reflection.ReadyToRun.RiscV64", "UnwindCode", "UnwindCode", "(System.Int32)", "summary", "df-generated"]
- ["ILCompiler.Reflection.ReadyToRun.RiscV64", "UnwindInfo", "ToString", "()", "summary", "df-generated"]
- ["ILCompiler.Reflection.ReadyToRun.RiscV64", "UnwindInfo", "UnwindInfo", "(System.Byte[],System.Int32)", "summary", "df-generated"]

5
csharp/ql/lib/ext/generated/ILCompiler.Reflection.ReadyToRun.x86.model.yml
View File

@@ -4,8 +4,6 @@ extensions:
pack: codeql/csharp-all
extensible: summaryModel
data:
- ["ILCompiler.Reflection.ReadyToRun.x86", "GcInfo", False, "ToString", "()", "", "Argument[this].Property[ILCompiler.Reflection.ReadyToRun.x86.GcInfo.Header]", "ReturnValue", "taint", "dfc-generated"]
- ["ILCompiler.Reflection.ReadyToRun.x86", "GcInfo", False, "ToString", "()", "", "Argument[this].Property[ILCompiler.Reflection.ReadyToRun.x86.GcInfo.SlotTable]", "ReturnValue", "taint", "dfc-generated"]
- ["ILCompiler.Reflection.ReadyToRun.x86", "GcSlotTable+GcSlot", False, "GcSlot", "(System.Int32,System.String,System.Int32,System.Int32,ILCompiler.Reflection.ReadyToRun.GcSlotFlags)", "", "Argument[1]", "Argument[this].Property[ILCompiler.Reflection.ReadyToRun.x86.GcSlotTable+GcSlot.Register]", "value", "dfc-generated"]
- ["ILCompiler.Reflection.ReadyToRun.x86", "GcSlotTable+GcSlot", False, "GcSlot", "(System.Int32,System.String,System.Int32,System.Int32,System.Int32,System.Int32,ILCompiler.Reflection.ReadyToRun.GcSlotFlags)", "", "Argument[1]", "Argument[this].Property[ILCompiler.Reflection.ReadyToRun.x86.GcSlotTable+GcSlot.Register]", "taint", "dfc-generated"]
- ["ILCompiler.Reflection.ReadyToRun.x86", "GcSlotTable+GcSlot", False, "ToString", "()", "", "Argument[this].Property[ILCompiler.Reflection.ReadyToRun.x86.GcSlotTable+GcSlot.Register]", "ReturnValue", "taint", "dfc-generated"]
@@ -16,8 +14,9 @@ extensions:
data:
- ["ILCompiler.Reflection.ReadyToRun.x86", "CalleeSavedRegister", "CalleeSavedRegister", "(System.Int32,ILCompiler.Reflection.ReadyToRun.x86.CalleeSavedRegisters)", "summary", "df-generated"]
- ["ILCompiler.Reflection.ReadyToRun.x86", "CalleeSavedRegister", "ToString", "()", "summary", "df-generated"]
- ["ILCompiler.Reflection.ReadyToRun.x86", "GcInfo", "GcInfo", "(System.Byte[],System.Int32,System.Reflection.PortableExecutable.Machine,System.UInt16)", "summary", "df-generated"]
- ["ILCompiler.Reflection.ReadyToRun.x86", "GcInfo", "GcInfo", "(System.Byte[],System.Int32)", "summary", "df-generated"]
- ["ILCompiler.Reflection.ReadyToRun.x86", "GcInfo", "GetRegisterName", "(System.Int32)", "summary", "df-generated"]
- ["ILCompiler.Reflection.ReadyToRun.x86", "GcInfo", "ToString", "()", "summary", "df-generated"]
- ["ILCompiler.Reflection.ReadyToRun.x86", "GcSlotTable", "GcSlotTable", "(System.Byte[],ILCompiler.Reflection.ReadyToRun.x86.InfoHdrSmall,System.Int32)", "summary", "df-generated"]
- ["ILCompiler.Reflection.ReadyToRun.x86", "GcTransitionCall+CallRegister", "CallRegister", "(ILCompiler.Reflection.ReadyToRun.x86.Registers,System.Boolean)", "summary", "df-generated"]
- ["ILCompiler.Reflection.ReadyToRun.x86", "GcTransitionCall+PtrArg", "PtrArg", "(System.UInt32,System.UInt32)", "summary", "df-generated"]

66
csharp/ql/lib/ext/generated/ILLink.RoslynAnalyzer.DataFlow.model.yml
View File

@@ -4,18 +4,30 @@ extensions:
pack: codeql/csharp-all
extensible: summaryModel
data:
- ["ILLink.RoslynAnalyzer.DataFlow", "BlockProxy", False, "BlockProxy", "(Microsoft.CodeAnalysis.FlowAnalysis.BasicBlock)", "", "Argument[0]", "Argument[this].Property[ILLink.RoslynAnalyzer.DataFlow.BlockProxy.Block]", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "CapturedReferenceValue", False, "CapturedReferenceValue", "(Microsoft.CodeAnalysis.IOperation)", "", "Argument[0]", "Argument[this].Field[ILLink.RoslynAnalyzer.DataFlow.CapturedReferenceValue.Reference]", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "ControlFlowGraphProxy", False, "ControlFlowGraphProxy", "(Microsoft.CodeAnalysis.FlowAnalysis.ControlFlowGraph)", "", "Argument[0]", "Argument[this].Property[ILLink.RoslynAnalyzer.DataFlow.ControlFlowGraphProxy.ControlFlowGraph]", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "ControlFlowGraphProxy", False, "CreateProxyBranch", "(Microsoft.CodeAnalysis.FlowAnalysis.ControlFlowBranch)", "", "Argument[0].Property[Microsoft.CodeAnalysis.FlowAnalysis.ControlFlowBranch.Destination]", "ReturnValue.Field[ILLink.Shared.DataFlow.IControlFlowGraph`2+ControlFlowBranch.Destination].Property[ILLink.RoslynAnalyzer.DataFlow.BlockProxy.Block]", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "ControlFlowGraphProxy", False, "CreateProxyBranch", "(Microsoft.CodeAnalysis.FlowAnalysis.ControlFlowBranch)", "", "Argument[0].Property[Microsoft.CodeAnalysis.FlowAnalysis.ControlFlowBranch.Source]", "ReturnValue.Field[ILLink.Shared.DataFlow.IControlFlowGraph`2+ControlFlowBranch.Source].Property[ILLink.RoslynAnalyzer.DataFlow.BlockProxy.Block]", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "ControlFlowGraphProxy", False, "FirstBlock", "(ILLink.RoslynAnalyzer.DataFlow.RegionProxy)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "ControlFlowGraphProxy", False, "LastBlock", "(ILLink.RoslynAnalyzer.DataFlow.RegionProxy)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "ControlFlowGraphProxy", False, "TryGetEnclosingFinally", "(ILLink.RoslynAnalyzer.DataFlow.BlockProxy,ILLink.RoslynAnalyzer.DataFlow.RegionProxy)", "", "Argument[0].Property[ILLink.RoslynAnalyzer.DataFlow.BlockProxy.Block].Property[Microsoft.CodeAnalysis.FlowAnalysis.BasicBlock.EnclosingRegion]", "ReturnValue.Property[ILLink.RoslynAnalyzer.DataFlow.RegionProxy.Region]", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "ControlFlowGraphProxy", False, "TryGetEnclosingTryOrCatchOrFilter", "(ILLink.RoslynAnalyzer.DataFlow.BlockProxy,ILLink.RoslynAnalyzer.DataFlow.RegionProxy)", "", "Argument[0].Property[ILLink.RoslynAnalyzer.DataFlow.BlockProxy.Block].Property[Microsoft.CodeAnalysis.FlowAnalysis.BasicBlock.EnclosingRegion]", "ReturnValue.Property[ILLink.RoslynAnalyzer.DataFlow.RegionProxy.Region]", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "ControlFlowGraphProxy", False, "TryGetEnclosingTryOrCatchOrFilter", "(ILLink.RoslynAnalyzer.DataFlow.RegionProxy,ILLink.RoslynAnalyzer.DataFlow.RegionProxy)", "", "Argument[0].Property[ILLink.RoslynAnalyzer.DataFlow.RegionProxy.Region].Property[Microsoft.CodeAnalysis.FlowAnalysis.ControlFlowRegion.EnclosingRegion]", "ReturnValue.Property[ILLink.RoslynAnalyzer.DataFlow.RegionProxy.Region]", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "ControlFlowGraphProxy", False, "get_Blocks", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "ControlFlowGraphProxy", False, "get_Entry", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "FeatureChecksValue", False, "And", "(ILLink.RoslynAnalyzer.DataFlow.FeatureChecksValue)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "FeatureChecksValue", False, "And", "(ILLink.RoslynAnalyzer.DataFlow.FeatureChecksValue)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "FeatureChecksValue", False, "DeepCopy", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "FeatureChecksValue", False, "FeatureChecksValue", "(System.String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "FeatureChecksValue", False, "Negate", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "FeatureChecksValue", False, "Or", "(ILLink.RoslynAnalyzer.DataFlow.FeatureChecksValue)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "FeatureChecksValue", False, "Or", "(ILLink.RoslynAnalyzer.DataFlow.FeatureChecksValue)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "FeatureChecksVisitor", False, "FeatureChecksVisitor", "(ILLink.RoslynAnalyzer.DataFlowAnalyzerContext)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "FeatureContext", False, "DeepCopy", "()", "", "Argument[this].Field[ILLink.RoslynAnalyzer.DataFlow.FeatureContext.EnabledFeatures]", "ReturnValue.Field[ILLink.RoslynAnalyzer.DataFlow.FeatureContext.EnabledFeatures]", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "FeatureContext", False, "FeatureContext", "(ILLink.Shared.DataFlow.ValueSet<System.String>)", "", "Argument[0]", "Argument[this].Field[ILLink.RoslynAnalyzer.DataFlow.FeatureContext.EnabledFeatures]", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "FeatureContext", False, "Intersection", "(ILLink.RoslynAnalyzer.DataFlow.FeatureContext)", "", "Argument[0].Field[ILLink.RoslynAnalyzer.DataFlow.FeatureContext.EnabledFeatures]", "ReturnValue.Field[ILLink.RoslynAnalyzer.DataFlow.FeatureContext.EnabledFeatures]", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "FeatureContext", False, "Intersection", "(ILLink.RoslynAnalyzer.DataFlow.FeatureContext)", "", "Argument[this].Field[ILLink.RoslynAnalyzer.DataFlow.FeatureContext.EnabledFeatures]", "ReturnValue.Field[ILLink.RoslynAnalyzer.DataFlow.FeatureContext.EnabledFeatures]", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "FeatureContext", False, "ToString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "FeatureContext", False, "Union", "(ILLink.RoslynAnalyzer.DataFlow.FeatureContext)", "", "Argument[0].Field[ILLink.RoslynAnalyzer.DataFlow.FeatureContext.EnabledFeatures]", "ReturnValue.Field[ILLink.RoslynAnalyzer.DataFlow.FeatureContext.EnabledFeatures]", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "FeatureContext", False, "Union", "(ILLink.RoslynAnalyzer.DataFlow.FeatureContext)", "", "Argument[this].Field[ILLink.RoslynAnalyzer.DataFlow.FeatureContext.EnabledFeatures]", "ReturnValue.Field[ILLink.RoslynAnalyzer.DataFlow.FeatureContext.EnabledFeatures]", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "FeatureContextLattice", False, "Meet", "(ILLink.RoslynAnalyzer.DataFlow.FeatureContext,ILLink.RoslynAnalyzer.DataFlow.FeatureContext)", "", "Argument[0].Field[ILLink.RoslynAnalyzer.DataFlow.FeatureContext.EnabledFeatures]", "ReturnValue.Field[ILLink.RoslynAnalyzer.DataFlow.FeatureContext.EnabledFeatures]", "value", "dfc-generated"]
@@ -29,7 +41,7 @@ extensions:
- ["ILLink.RoslynAnalyzer.DataFlow", "InterproceduralStateLattice<TValue,TValueLattice>", False, "Meet", "(ILLink.RoslynAnalyzer.DataFlow.InterproceduralState<TValue,TValueLattice>,ILLink.RoslynAnalyzer.DataFlow.InterproceduralState<TValue,TValueLattice>)", "", "Argument[1].Field[ILLink.RoslynAnalyzer.DataFlow.InterproceduralState`2.Methods]", "ReturnValue.Field[ILLink.RoslynAnalyzer.DataFlow.InterproceduralState`2.Methods]", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "InterproceduralStateLattice<TValue,TValueLattice>", False, "get_Top", "()", "", "Argument[this].Field[ILLink.RoslynAnalyzer.DataFlow.InterproceduralStateLattice`2.HoistedLocalLattice].Property[ILLink.Shared.DataFlow.DictionaryLattice`3.Top]", "ReturnValue.Field[ILLink.RoslynAnalyzer.DataFlow.InterproceduralState`2.HoistedLocals]", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "InterproceduralStateLattice<TValue,TValueLattice>", False, "get_Top", "()", "", "Argument[this].Field[ILLink.RoslynAnalyzer.DataFlow.InterproceduralStateLattice`2.MethodLattice].Property[ILLink.Shared.DataFlow.ValueSetLattice`1.Top]", "ReturnValue.Field[ILLink.RoslynAnalyzer.DataFlow.InterproceduralState`2.Methods]", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "LocalDataFlowAnalysis<TValue,TContext,TLattice,TContextLattice,TTransfer,TConditionValue>", False, "LocalDataFlowAnalysis", "(Microsoft.CodeAnalysis.Diagnostics.OperationBlockAnalysisContext,Microsoft.CodeAnalysis.IOperation,TContext)", "", "Argument[0]", "Argument[this].Field[ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowAnalysis`6.Context]", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "LocalDataFlowAnalysis<TValue,TContext,TLattice,TContextLattice,TTransfer,TConditionValue>", False, "LocalDataFlowAnalysis", "(Microsoft.CodeAnalysis.Diagnostics.OperationBlockAnalysisContext,Microsoft.CodeAnalysis.IOperation,TLattice,TContextLattice,TContext)", "", "Argument[0]", "Argument[this].Field[ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowAnalysis`6.Context]", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "LocalDataFlowVisitor<TValue,TContext,TValueLattice,TContextLattice,TConditionValue>", False, "LocalDataFlowVisitor", "(Microsoft.CodeAnalysis.Compilation,ILLink.RoslynAnalyzer.DataFlow.LocalStateAndContextLattice<TValue,TContext,TValueLattice,TContextLattice>,Microsoft.CodeAnalysis.ISymbol,Microsoft.CodeAnalysis.FlowAnalysis.ControlFlowGraph,System.Collections.Immutable.ImmutableDictionary<Microsoft.CodeAnalysis.FlowAnalysis.CaptureId,ILLink.RoslynAnalyzer.DataFlow.FlowCaptureKind>,ILLink.RoslynAnalyzer.DataFlow.InterproceduralState<TValue,TValueLattice>)", "", "Argument[0]", "Argument[this].Field[ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowVisitor`5.Compilation]", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "LocalDataFlowVisitor<TValue,TContext,TValueLattice,TContextLattice,TConditionValue>", False, "LocalDataFlowVisitor", "(Microsoft.CodeAnalysis.Compilation,ILLink.RoslynAnalyzer.DataFlow.LocalStateAndContextLattice<TValue,TContext,TValueLattice,TContextLattice>,Microsoft.CodeAnalysis.ISymbol,Microsoft.CodeAnalysis.FlowAnalysis.ControlFlowGraph,System.Collections.Immutable.ImmutableDictionary<Microsoft.CodeAnalysis.FlowAnalysis.CaptureId,ILLink.RoslynAnalyzer.DataFlow.FlowCaptureKind>,ILLink.RoslynAnalyzer.DataFlow.InterproceduralState<TValue,TValueLattice>)", "", "Argument[1]", "Argument[this].Field[ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowVisitor`5.LocalStateAndContextLattice]", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "LocalDataFlowVisitor<TValue,TContext,TValueLattice,TContextLattice,TConditionValue>", False, "LocalDataFlowVisitor", "(Microsoft.CodeAnalysis.Compilation,ILLink.RoslynAnalyzer.DataFlow.LocalStateAndContextLattice<TValue,TContext,TValueLattice,TContextLattice>,Microsoft.CodeAnalysis.ISymbol,Microsoft.CodeAnalysis.FlowAnalysis.ControlFlowGraph,System.Collections.Immutable.ImmutableDictionary<Microsoft.CodeAnalysis.FlowAnalysis.CaptureId,ILLink.RoslynAnalyzer.DataFlow.FlowCaptureKind>,ILLink.RoslynAnalyzer.DataFlow.InterproceduralState<TValue,TValueLattice>)", "", "Argument[2]", "Argument[this].Field[ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowVisitor`5.OwningSymbol]", "value", "dfc-generated"]
@@ -39,28 +51,28 @@ extensions:
- ["ILLink.RoslynAnalyzer.DataFlow", "LocalDataFlowVisitor<TValue,TContext,TValueLattice,TContextLattice,TConditionValue>", True, "VisitCompoundAssignment", "(Microsoft.CodeAnalysis.Operations.ICompoundAssignmentOperation,ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState<TValue,TContext,TValueLattice,TContextLattice>)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "LocalDataFlowVisitor<TValue,TContext,TValueLattice,TContextLattice,TConditionValue>", True, "VisitConversion", "(Microsoft.CodeAnalysis.Operations.IConversionOperation,ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState<TValue,TContext,TValueLattice,TContextLattice>)", "", "Argument[this].Property[ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowVisitor`5.TopValue]", "ReturnValue", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "LocalDataFlowVisitor<TValue,TContext,TValueLattice,TContextLattice,TConditionValue>", True, "VisitDelegateCreation", "(Microsoft.CodeAnalysis.Operations.IDelegateCreationOperation,ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState<TValue,TContext,TValueLattice,TContextLattice>)", "", "Argument[this].Property[ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowVisitor`5.TopValue]", "ReturnValue", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "LocalDataFlowVisitor<TValue,TContext,TValueLattice,TContextLattice,TConditionValue>", True, "VisitDynamicIndexerAccess", "(Microsoft.CodeAnalysis.Operations.IDynamicIndexerAccessOperation,ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState<TValue,TContext,TValueLattice,TContextLattice>)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "LocalDataFlowVisitor<TValue,TContext,TValueLattice,TContextLattice,TConditionValue>", True, "VisitDynamicIndexerAccess", "(Microsoft.CodeAnalysis.Operations.IDynamicIndexerAccessOperation,ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState<TValue,TContext,TValueLattice,TContextLattice>)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "LocalDataFlowVisitor<TValue,TContext,TValueLattice,TContextLattice,TConditionValue>", True, "VisitDynamicInvocation", "(Microsoft.CodeAnalysis.Operations.IDynamicInvocationOperation,ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState<TValue,TContext,TValueLattice,TContextLattice>)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "LocalDataFlowVisitor<TValue,TContext,TValueLattice,TContextLattice,TConditionValue>", True, "VisitDynamicInvocation", "(Microsoft.CodeAnalysis.Operations.IDynamicInvocationOperation,ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState<TValue,TContext,TValueLattice,TContextLattice>)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "LocalDataFlowVisitor<TValue,TContext,TValueLattice,TContextLattice,TConditionValue>", True, "VisitDynamicMemberReference", "(Microsoft.CodeAnalysis.Operations.IDynamicMemberReferenceOperation,ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState<TValue,TContext,TValueLattice,TContextLattice>)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "LocalDataFlowVisitor<TValue,TContext,TValueLattice,TContextLattice,TConditionValue>", True, "VisitDynamicMemberReference", "(Microsoft.CodeAnalysis.Operations.IDynamicMemberReferenceOperation,ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState<TValue,TContext,TValueLattice,TContextLattice>)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "LocalDataFlowVisitor<TValue,TContext,TValueLattice,TContextLattice,TConditionValue>", True, "VisitDynamicObjectCreation", "(Microsoft.CodeAnalysis.Operations.IDynamicObjectCreationOperation,ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState<TValue,TContext,TValueLattice,TContextLattice>)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "LocalDataFlowVisitor<TValue,TContext,TValueLattice,TContextLattice,TConditionValue>", True, "VisitDynamicObjectCreation", "(Microsoft.CodeAnalysis.Operations.IDynamicObjectCreationOperation,ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState<TValue,TContext,TValueLattice,TContextLattice>)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "LocalDataFlowVisitor<TValue,TContext,TValueLattice,TContextLattice,TConditionValue>", True, "VisitDynamicIndexerAccess", "(Microsoft.CodeAnalysis.Operations.IDynamicIndexerAccessOperation,ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState<TValue,TContext,TValueLattice,TContextLattice>)", "", "Argument[this].Field[ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowVisitor`5.LocalStateAndContextLattice].Property[ILLink.RoslynAnalyzer.DataFlow.LocalStateAndContextLattice`4.Top]", "Argument[1].Property[ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState`4.Current]", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "LocalDataFlowVisitor<TValue,TContext,TValueLattice,TContextLattice,TConditionValue>", True, "VisitDynamicIndexerAccess", "(Microsoft.CodeAnalysis.Operations.IDynamicIndexerAccessOperation,ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState<TValue,TContext,TValueLattice,TContextLattice>)", "", "Argument[this].Property[ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowVisitor`5.TopValue]", "ReturnValue", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "LocalDataFlowVisitor<TValue,TContext,TValueLattice,TContextLattice,TConditionValue>", True, "VisitDynamicInvocation", "(Microsoft.CodeAnalysis.Operations.IDynamicInvocationOperation,ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState<TValue,TContext,TValueLattice,TContextLattice>)", "", "Argument[this].Field[ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowVisitor`5.LocalStateAndContextLattice].Property[ILLink.RoslynAnalyzer.DataFlow.LocalStateAndContextLattice`4.Top]", "Argument[1].Property[ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState`4.Current]", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "LocalDataFlowVisitor<TValue,TContext,TValueLattice,TContextLattice,TConditionValue>", True, "VisitDynamicInvocation", "(Microsoft.CodeAnalysis.Operations.IDynamicInvocationOperation,ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState<TValue,TContext,TValueLattice,TContextLattice>)", "", "Argument[this].Property[ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowVisitor`5.TopValue]", "ReturnValue", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "LocalDataFlowVisitor<TValue,TContext,TValueLattice,TContextLattice,TConditionValue>", True, "VisitDynamicMemberReference", "(Microsoft.CodeAnalysis.Operations.IDynamicMemberReferenceOperation,ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState<TValue,TContext,TValueLattice,TContextLattice>)", "", "Argument[this].Field[ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowVisitor`5.LocalStateAndContextLattice].Property[ILLink.RoslynAnalyzer.DataFlow.LocalStateAndContextLattice`4.Top]", "Argument[1].Property[ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState`4.Current]", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "LocalDataFlowVisitor<TValue,TContext,TValueLattice,TContextLattice,TConditionValue>", True, "VisitDynamicMemberReference", "(Microsoft.CodeAnalysis.Operations.IDynamicMemberReferenceOperation,ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState<TValue,TContext,TValueLattice,TContextLattice>)", "", "Argument[this].Property[ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowVisitor`5.TopValue]", "ReturnValue", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "LocalDataFlowVisitor<TValue,TContext,TValueLattice,TContextLattice,TConditionValue>", True, "VisitDynamicObjectCreation", "(Microsoft.CodeAnalysis.Operations.IDynamicObjectCreationOperation,ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState<TValue,TContext,TValueLattice,TContextLattice>)", "", "Argument[this].Field[ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowVisitor`5.LocalStateAndContextLattice].Property[ILLink.RoslynAnalyzer.DataFlow.LocalStateAndContextLattice`4.Top]", "Argument[1].Property[ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState`4.Current]", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "LocalDataFlowVisitor<TValue,TContext,TValueLattice,TContextLattice,TConditionValue>", True, "VisitDynamicObjectCreation", "(Microsoft.CodeAnalysis.Operations.IDynamicObjectCreationOperation,ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState<TValue,TContext,TValueLattice,TContextLattice>)", "", "Argument[this].Property[ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowVisitor`5.TopValue]", "ReturnValue", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "LocalDataFlowVisitor<TValue,TContext,TValueLattice,TContextLattice,TConditionValue>", True, "VisitEventAssignment", "(Microsoft.CodeAnalysis.Operations.IEventAssignmentOperation,ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState<TValue,TContext,TValueLattice,TContextLattice>)", "", "Argument[this].Field[ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowVisitor`5.LocalStateAndContextLattice].Property[ILLink.RoslynAnalyzer.DataFlow.LocalStateAndContextLattice`4.Top]", "Argument[1].Property[ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState`4.Current]", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "LocalDataFlowVisitor<TValue,TContext,TValueLattice,TContextLattice,TConditionValue>", True, "VisitEventReference", "(Microsoft.CodeAnalysis.Operations.IEventReferenceOperation,ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState<TValue,TContext,TValueLattice,TContextLattice>)", "", "Argument[this].Property[ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowVisitor`5.TopValue]", "ReturnValue", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "LocalDataFlowVisitor<TValue,TContext,TValueLattice,TContextLattice,TConditionValue>", True, "VisitExpressionStatement", "(Microsoft.CodeAnalysis.Operations.IExpressionStatementOperation,ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState<TValue,TContext,TValueLattice,TContextLattice>)", "", "Argument[this].Property[ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowVisitor`5.TopValue]", "ReturnValue", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "LocalDataFlowVisitor<TValue,TContext,TValueLattice,TContextLattice,TConditionValue>", True, "VisitFlowAnonymousFunction", "(Microsoft.CodeAnalysis.FlowAnalysis.IFlowAnonymousFunctionOperation,ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState<TValue,TContext,TValueLattice,TContextLattice>)", "", "Argument[this].Property[ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowVisitor`5.TopValue]", "ReturnValue", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "LocalDataFlowVisitor<TValue,TContext,TValueLattice,TContextLattice,TConditionValue>", True, "VisitFlowCapture", "(Microsoft.CodeAnalysis.FlowAnalysis.IFlowCaptureOperation,ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState<TValue,TContext,TValueLattice,TContextLattice>)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "LocalDataFlowVisitor<TValue,TContext,TValueLattice,TContextLattice,TConditionValue>", True, "VisitFlowCaptureReference", "(Microsoft.CodeAnalysis.FlowAnalysis.IFlowCaptureReferenceOperation,ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState<TValue,TContext,TValueLattice,TContextLattice>)", "", "Argument[this].Property[ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowVisitor`5.TopValue]", "ReturnValue", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "LocalDataFlowVisitor<TValue,TContext,TValueLattice,TContextLattice,TConditionValue>", True, "VisitImplicitIndexerReference", "(Microsoft.CodeAnalysis.Operations.IImplicitIndexerReferenceOperation,ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState<TValue,TContext,TValueLattice,TContextLattice>)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "LocalDataFlowVisitor<TValue,TContext,TValueLattice,TContextLattice,TConditionValue>", True, "VisitImplicitIndexerReference", "(Microsoft.CodeAnalysis.Operations.IImplicitIndexerReferenceOperation,ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState<TValue,TContext,TValueLattice,TContextLattice>)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "LocalDataFlowVisitor<TValue,TContext,TValueLattice,TContextLattice,TConditionValue>", True, "VisitImplicitIndexerReference", "(Microsoft.CodeAnalysis.Operations.IImplicitIndexerReferenceOperation,ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState<TValue,TContext,TValueLattice,TContextLattice>)", "", "Argument[this].Field[ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowVisitor`5.LocalStateAndContextLattice].Property[ILLink.RoslynAnalyzer.DataFlow.LocalStateAndContextLattice`4.Top]", "Argument[1].Property[ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState`4.Current]", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "LocalDataFlowVisitor<TValue,TContext,TValueLattice,TContextLattice,TConditionValue>", True, "VisitImplicitIndexerReference", "(Microsoft.CodeAnalysis.Operations.IImplicitIndexerReferenceOperation,ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState<TValue,TContext,TValueLattice,TContextLattice>)", "", "Argument[this].Property[ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowVisitor`5.TopValue]", "ReturnValue", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "LocalDataFlowVisitor<TValue,TContext,TValueLattice,TContextLattice,TConditionValue>", True, "VisitInlineArrayAccess", "(Microsoft.CodeAnalysis.Operations.IInlineArrayAccessOperation,ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState<TValue,TContext,TValueLattice,TContextLattice>)", "", "Argument[this].Property[ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowVisitor`5.TopValue]", "ReturnValue", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "LocalDataFlowVisitor<TValue,TContext,TValueLattice,TContextLattice,TConditionValue>", True, "VisitInvocation", "(Microsoft.CodeAnalysis.Operations.IInvocationOperation,ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState<TValue,TContext,TValueLattice,TContextLattice>)", "", "Argument[this].Field[ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowVisitor`5.LocalStateAndContextLattice].Property[ILLink.RoslynAnalyzer.DataFlow.LocalStateAndContextLattice`4.Top]", "Argument[1].Property[ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState`4.Current]", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "LocalDataFlowVisitor<TValue,TContext,TValueLattice,TContextLattice,TConditionValue>", True, "VisitObjectCreation", "(Microsoft.CodeAnalysis.Operations.IObjectCreationOperation,ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState<TValue,TContext,TValueLattice,TContextLattice>)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "LocalDataFlowVisitor<TValue,TContext,TValueLattice,TContextLattice,TConditionValue>", True, "VisitObjectCreation", "(Microsoft.CodeAnalysis.Operations.IObjectCreationOperation,ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState<TValue,TContext,TValueLattice,TContextLattice>)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "LocalDataFlowVisitor<TValue,TContext,TValueLattice,TContextLattice,TConditionValue>", True, "VisitPropertyReference", "(Microsoft.CodeAnalysis.Operations.IPropertyReferenceOperation,ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState<TValue,TContext,TValueLattice,TContextLattice>)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "LocalDataFlowVisitor<TValue,TContext,TValueLattice,TContextLattice,TConditionValue>", True, "VisitPropertyReference", "(Microsoft.CodeAnalysis.Operations.IPropertyReferenceOperation,ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState<TValue,TContext,TValueLattice,TContextLattice>)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "LocalDataFlowVisitor<TValue,TContext,TValueLattice,TContextLattice,TConditionValue>", True, "VisitObjectCreation", "(Microsoft.CodeAnalysis.Operations.IObjectCreationOperation,ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState<TValue,TContext,TValueLattice,TContextLattice>)", "", "Argument[this].Field[ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowVisitor`5.LocalStateAndContextLattice].Property[ILLink.RoslynAnalyzer.DataFlow.LocalStateAndContextLattice`4.Top]", "Argument[1].Property[ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState`4.Current]", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "LocalDataFlowVisitor<TValue,TContext,TValueLattice,TContextLattice,TConditionValue>", True, "VisitObjectCreation", "(Microsoft.CodeAnalysis.Operations.IObjectCreationOperation,ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState<TValue,TContext,TValueLattice,TContextLattice>)", "", "Argument[this].Property[ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowVisitor`5.TopValue]", "ReturnValue", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "LocalDataFlowVisitor<TValue,TContext,TValueLattice,TContextLattice,TConditionValue>", True, "VisitPropertyReference", "(Microsoft.CodeAnalysis.Operations.IPropertyReferenceOperation,ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState<TValue,TContext,TValueLattice,TContextLattice>)", "", "Argument[this].Field[ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowVisitor`5.LocalStateAndContextLattice].Property[ILLink.RoslynAnalyzer.DataFlow.LocalStateAndContextLattice`4.Top]", "Argument[1].Property[ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState`4.Current]", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "LocalDataFlowVisitor<TValue,TContext,TValueLattice,TContextLattice,TConditionValue>", True, "VisitPropertyReference", "(Microsoft.CodeAnalysis.Operations.IPropertyReferenceOperation,ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState<TValue,TContext,TValueLattice,TContextLattice>)", "", "Argument[this].Property[ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowVisitor`5.TopValue]", "ReturnValue", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "LocalDataFlowVisitor<TValue,TContext,TValueLattice,TContextLattice,TConditionValue>", True, "VisitReturn", "(Microsoft.CodeAnalysis.Operations.IReturnOperation,ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState<TValue,TContext,TValueLattice,TContextLattice>)", "", "Argument[this].Property[ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowVisitor`5.TopValue]", "ReturnValue", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "LocalDataFlowVisitor<TValue,TContext,TValueLattice,TContextLattice,TConditionValue>", True, "VisitSimpleAssignment", "(Microsoft.CodeAnalysis.Operations.ISimpleAssignmentOperation,ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState<TValue,TContext,TValueLattice,TContextLattice>)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "LocalDataFlowVisitor<TValue,TContext,TValueLattice,TContextLattice,TConditionValue>", True, "VisitSimpleAssignment", "(Microsoft.CodeAnalysis.Operations.ISimpleAssignmentOperation,ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState<TValue,TContext,TValueLattice,TContextLattice>)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
@@ -85,11 +97,11 @@ extensions:
- ["ILLink.RoslynAnalyzer.DataFlow", "LocalStateLattice<TValue,TValueLattice>", False, "Meet", "(ILLink.RoslynAnalyzer.DataFlow.LocalState<TValue>,ILLink.RoslynAnalyzer.DataFlow.LocalState<TValue>)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "MethodBodyValue", False, "MethodBodyValue", "(Microsoft.CodeAnalysis.ISymbol,Microsoft.CodeAnalysis.FlowAnalysis.ControlFlowGraph)", "", "Argument[0]", "Argument[this].Property[ILLink.RoslynAnalyzer.DataFlow.MethodBodyValue.OwningSymbol]", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "MethodBodyValue", False, "MethodBodyValue", "(Microsoft.CodeAnalysis.ISymbol,Microsoft.CodeAnalysis.FlowAnalysis.ControlFlowGraph)", "", "Argument[1]", "Argument[this].Property[ILLink.RoslynAnalyzer.DataFlow.MethodBodyValue.ControlFlowGraph]", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "RegionProxy", False, "RegionProxy", "(Microsoft.CodeAnalysis.FlowAnalysis.ControlFlowRegion)", "", "Argument[0]", "Argument[this].Property[ILLink.RoslynAnalyzer.DataFlow.RegionProxy.Region]", "value", "dfc-generated"]
- addsTo:
pack: codeql/csharp-all
extensible: neutralModel
data:
- ["ILLink.RoslynAnalyzer.DataFlow", "BlockProxy", "BlockProxy", "(Microsoft.CodeAnalysis.FlowAnalysis.BasicBlock)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "BlockProxy", "ToString", "()", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "BlockProxy", "get_ConditionKind", "()", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "BlockProxy", "op_Equality", "(ILLink.RoslynAnalyzer.DataFlow.BlockProxy,ILLink.RoslynAnalyzer.DataFlow.BlockProxy)", "summary", "df-generated"]
@@ -97,31 +109,15 @@ extensions:
- ["ILLink.RoslynAnalyzer.DataFlow", "CapturedReferenceValue", "Equals", "(ILLink.RoslynAnalyzer.DataFlow.CapturedReferenceValue)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "CapturedReferenceValue", "Equals", "(System.Object)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "CapturedReferenceValue", "GetHashCode", "()", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "ControlFlowGraphProxy", "ControlFlowGraphProxy", "(Microsoft.CodeAnalysis.FlowAnalysis.ControlFlowGraph)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "ControlFlowGraphProxy", "CreateProxyBranch", "(Microsoft.CodeAnalysis.FlowAnalysis.ControlFlowBranch)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "ControlFlowGraphProxy", "FirstBlock", "(ILLink.RoslynAnalyzer.DataFlow.RegionProxy)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "ControlFlowGraphProxy", "GetConditionalSuccessor", "(ILLink.RoslynAnalyzer.DataFlow.BlockProxy)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "ControlFlowGraphProxy", "GetCorrespondingTry", "(ILLink.RoslynAnalyzer.DataFlow.RegionProxy)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "ControlFlowGraphProxy", "GetFallThroughSuccessor", "(ILLink.RoslynAnalyzer.DataFlow.BlockProxy)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "ControlFlowGraphProxy", "GetPredecessors", "(ILLink.RoslynAnalyzer.DataFlow.BlockProxy)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "ControlFlowGraphProxy", "GetPreviousFilters", "(ILLink.RoslynAnalyzer.DataFlow.RegionProxy)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "ControlFlowGraphProxy", "GetSuccessors", "(ILLink.RoslynAnalyzer.DataFlow.BlockProxy)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "ControlFlowGraphProxy", "HasFilter", "(ILLink.RoslynAnalyzer.DataFlow.RegionProxy)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "ControlFlowGraphProxy", "LastBlock", "(ILLink.RoslynAnalyzer.DataFlow.RegionProxy)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "ControlFlowGraphProxy", "TryGetEnclosingFinally", "(ILLink.RoslynAnalyzer.DataFlow.BlockProxy,ILLink.RoslynAnalyzer.DataFlow.RegionProxy)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "ControlFlowGraphProxy", "TryGetEnclosingTryOrCatchOrFilter", "(ILLink.RoslynAnalyzer.DataFlow.BlockProxy,ILLink.RoslynAnalyzer.DataFlow.RegionProxy)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "ControlFlowGraphProxy", "TryGetEnclosingTryOrCatchOrFilter", "(ILLink.RoslynAnalyzer.DataFlow.RegionProxy,ILLink.RoslynAnalyzer.DataFlow.RegionProxy)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "ControlFlowGraphProxy", "get_Blocks", "()", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "ControlFlowGraphProxy", "get_Entry", "()", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "ControlFlowGraphProxy", "op_Equality", "(ILLink.RoslynAnalyzer.DataFlow.ControlFlowGraphProxy,ILLink.RoslynAnalyzer.DataFlow.ControlFlowGraphProxy)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "ControlFlowGraphProxy", "op_Inequality", "(ILLink.RoslynAnalyzer.DataFlow.ControlFlowGraphProxy,ILLink.RoslynAnalyzer.DataFlow.ControlFlowGraphProxy)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "FeatureChecksValue", "op_Equality", "(ILLink.RoslynAnalyzer.DataFlow.FeatureChecksValue,ILLink.RoslynAnalyzer.DataFlow.FeatureChecksValue)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "FeatureChecksValue", "op_Inequality", "(ILLink.RoslynAnalyzer.DataFlow.FeatureChecksValue,ILLink.RoslynAnalyzer.DataFlow.FeatureChecksValue)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "FeatureChecksVisitor", "GetLiteralBool", "(Microsoft.CodeAnalysis.IOperation)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "FeatureChecksVisitor", "VisitArgument", "(Microsoft.CodeAnalysis.Operations.IArgumentOperation,ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState<ILLink.Shared.DataFlow.ValueSet<ILLink.Shared.DataFlow.SingleValue>,ILLink.RoslynAnalyzer.DataFlow.FeatureContext,ILLink.Shared.DataFlow.ValueSetLattice<ILLink.Shared.DataFlow.SingleValue>,ILLink.RoslynAnalyzer.DataFlow.FeatureContextLattice>)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "FeatureChecksVisitor", "VisitBinaryOperator", "(Microsoft.CodeAnalysis.Operations.IBinaryOperation,ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState<ILLink.Shared.DataFlow.ValueSet<ILLink.Shared.DataFlow.SingleValue>,ILLink.RoslynAnalyzer.DataFlow.FeatureContext,ILLink.Shared.DataFlow.ValueSetLattice<ILLink.Shared.DataFlow.SingleValue>,ILLink.RoslynAnalyzer.DataFlow.FeatureContextLattice>)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "FeatureChecksVisitor", "VisitIsPattern", "(Microsoft.CodeAnalysis.Operations.IIsPatternOperation,ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState<ILLink.Shared.DataFlow.ValueSet<ILLink.Shared.DataFlow.SingleValue>,ILLink.RoslynAnalyzer.DataFlow.FeatureContext,ILLink.Shared.DataFlow.ValueSetLattice<ILLink.Shared.DataFlow.SingleValue>,ILLink.RoslynAnalyzer.DataFlow.FeatureContextLattice>)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "FeatureChecksVisitor", "VisitPropertyReference", "(Microsoft.CodeAnalysis.Operations.IPropertyReferenceOperation,ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState<ILLink.Shared.DataFlow.ValueSet<ILLink.Shared.DataFlow.SingleValue>,ILLink.RoslynAnalyzer.DataFlow.FeatureContext,ILLink.Shared.DataFlow.ValueSetLattice<ILLink.Shared.DataFlow.SingleValue>,ILLink.RoslynAnalyzer.DataFlow.FeatureContextLattice>)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "FeatureChecksVisitor", "VisitUnaryOperator", "(Microsoft.CodeAnalysis.Operations.IUnaryOperation,ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState<ILLink.Shared.DataFlow.ValueSet<ILLink.Shared.DataFlow.SingleValue>,ILLink.RoslynAnalyzer.DataFlow.FeatureContext,ILLink.Shared.DataFlow.ValueSetLattice<ILLink.Shared.DataFlow.SingleValue>,ILLink.RoslynAnalyzer.DataFlow.FeatureContextLattice>)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "FeatureContext", "Equals", "(ILLink.RoslynAnalyzer.DataFlow.FeatureContext)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "FeatureContext", "Equals", "(System.Object)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "FeatureContext", "GetHashCode", "()", "summary", "df-generated"]
@@ -149,6 +145,7 @@ extensions:
- ["ILLink.RoslynAnalyzer.DataFlow", "LocalDataFlowVisitor<TValue,TContext,TValueLattice,TContextLattice,TConditionValue>", "HandleAssignment", "(TValue,TValue,Microsoft.CodeAnalysis.IOperation,TContext)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "LocalDataFlowVisitor<TValue,TContext,TValueLattice,TContextLattice,TConditionValue>", "HandleDelegateCreation", "(Microsoft.CodeAnalysis.IMethodSymbol,Microsoft.CodeAnalysis.IOperation,TContext)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "LocalDataFlowVisitor<TValue,TContext,TValueLattice,TContextLattice,TConditionValue>", "HandleMethodCall", "(Microsoft.CodeAnalysis.IMethodSymbol,TValue,System.Collections.Immutable.ImmutableArray<TValue>,Microsoft.CodeAnalysis.IOperation,TContext)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "LocalDataFlowVisitor<TValue,TContext,TValueLattice,TContextLattice,TConditionValue>", "HandleReturnConditionValue", "(TConditionValue,Microsoft.CodeAnalysis.IOperation)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "LocalDataFlowVisitor<TValue,TContext,TValueLattice,TContextLattice,TConditionValue>", "HandleReturnValue", "(TValue,Microsoft.CodeAnalysis.IOperation,TContext)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "LocalDataFlowVisitor<TValue,TContext,TValueLattice,TContextLattice,TConditionValue>", "Transfer", "(ILLink.RoslynAnalyzer.DataFlow.BlockProxy,ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState<TValue,TContext,TValueLattice,TContextLattice>)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "LocalDataFlowVisitor<TValue,TContext,TValueLattice,TContextLattice,TConditionValue>", "VisitArgument", "(Microsoft.CodeAnalysis.Operations.IArgumentOperation,ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState<TValue,TContext,TValueLattice,TContextLattice>)", "summary", "df-generated"]
@@ -176,7 +173,6 @@ extensions:
- ["ILLink.RoslynAnalyzer.DataFlow", "MethodBodyValue", "get_OwningSymbol", "()", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "OperationWalker<TArgument,TResult>", "DefaultVisit", "(Microsoft.CodeAnalysis.IOperation,TArgument)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "OperationWalker<TArgument,TResult>", "Visit", "(Microsoft.CodeAnalysis.IOperation,TArgument)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "RegionProxy", "RegionProxy", "(Microsoft.CodeAnalysis.FlowAnalysis.ControlFlowRegion)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "RegionProxy", "get_Kind", "()", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "RegionProxy", "op_Equality", "(ILLink.RoslynAnalyzer.DataFlow.RegionProxy,ILLink.RoslynAnalyzer.DataFlow.RegionProxy)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.DataFlow", "RegionProxy", "op_Inequality", "(ILLink.RoslynAnalyzer.DataFlow.RegionProxy,ILLink.RoslynAnalyzer.DataFlow.RegionProxy)", "summary", "df-generated"]

75
csharp/ql/lib/ext/generated/ILLink.RoslynAnalyzer.TrimAnalysis.model.yml
View File

@@ -5,78 +5,3 @@ extensions:
extensible: summaryModel
data:
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "SingleValueExtensions", False, "FromTypeSymbol", "(Microsoft.CodeAnalysis.ITypeSymbol)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisAssignmentPattern", False, "Merge", "(ILLink.Shared.DataFlow.ValueSetLattice<ILLink.Shared.DataFlow.SingleValue>,ILLink.RoslynAnalyzer.DataFlow.FeatureContextLattice,ILLink.RoslynAnalyzer.TrimAnalysis.TrimAnalysisAssignmentPattern)", "", "Argument[2]", "ReturnValue", "taint", "df-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisAssignmentPattern", False, "Merge", "(ILLink.Shared.DataFlow.ValueSetLattice<ILLink.Shared.DataFlow.SingleValue>,ILLink.RoslynAnalyzer.DataFlow.FeatureContextLattice,ILLink.RoslynAnalyzer.TrimAnalysis.TrimAnalysisAssignmentPattern)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisAssignmentPattern", False, "TrimAnalysisAssignmentPattern", "(ILLink.Shared.DataFlow.ValueSet<ILLink.Shared.DataFlow.SingleValue>,ILLink.Shared.DataFlow.ValueSet<ILLink.Shared.DataFlow.SingleValue>,Microsoft.CodeAnalysis.IOperation,Microsoft.CodeAnalysis.ISymbol,ILLink.RoslynAnalyzer.DataFlow.FeatureContext)", "", "Argument[0]", "Argument[this].Property[ILLink.RoslynAnalyzer.TrimAnalysis.TrimAnalysisAssignmentPattern.Source]", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisAssignmentPattern", False, "TrimAnalysisAssignmentPattern", "(ILLink.Shared.DataFlow.ValueSet<ILLink.Shared.DataFlow.SingleValue>,ILLink.Shared.DataFlow.ValueSet<ILLink.Shared.DataFlow.SingleValue>,Microsoft.CodeAnalysis.IOperation,Microsoft.CodeAnalysis.ISymbol,ILLink.RoslynAnalyzer.DataFlow.FeatureContext)", "", "Argument[1]", "Argument[this].Property[ILLink.RoslynAnalyzer.TrimAnalysis.TrimAnalysisAssignmentPattern.Target]", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisAssignmentPattern", False, "TrimAnalysisAssignmentPattern", "(ILLink.Shared.DataFlow.ValueSet<ILLink.Shared.DataFlow.SingleValue>,ILLink.Shared.DataFlow.ValueSet<ILLink.Shared.DataFlow.SingleValue>,Microsoft.CodeAnalysis.IOperation,Microsoft.CodeAnalysis.ISymbol,ILLink.RoslynAnalyzer.DataFlow.FeatureContext)", "", "Argument[2]", "Argument[this].Property[ILLink.RoslynAnalyzer.TrimAnalysis.TrimAnalysisAssignmentPattern.Operation]", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisAssignmentPattern", False, "TrimAnalysisAssignmentPattern", "(ILLink.Shared.DataFlow.ValueSet<ILLink.Shared.DataFlow.SingleValue>,ILLink.Shared.DataFlow.ValueSet<ILLink.Shared.DataFlow.SingleValue>,Microsoft.CodeAnalysis.IOperation,Microsoft.CodeAnalysis.ISymbol,ILLink.RoslynAnalyzer.DataFlow.FeatureContext)", "", "Argument[3]", "Argument[this].Property[ILLink.RoslynAnalyzer.TrimAnalysis.TrimAnalysisAssignmentPattern.OwningSymbol]", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisAssignmentPattern", False, "TrimAnalysisAssignmentPattern", "(ILLink.Shared.DataFlow.ValueSet<ILLink.Shared.DataFlow.SingleValue>,ILLink.Shared.DataFlow.ValueSet<ILLink.Shared.DataFlow.SingleValue>,Microsoft.CodeAnalysis.IOperation,Microsoft.CodeAnalysis.ISymbol,ILLink.RoslynAnalyzer.DataFlow.FeatureContext)", "", "Argument[4]", "Argument[this].Property[ILLink.RoslynAnalyzer.TrimAnalysis.TrimAnalysisAssignmentPattern.FeatureContext]", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisFieldAccessPattern", False, "Merge", "(ILLink.Shared.DataFlow.ValueSetLattice<ILLink.Shared.DataFlow.SingleValue>,ILLink.RoslynAnalyzer.DataFlow.FeatureContextLattice,ILLink.RoslynAnalyzer.TrimAnalysis.TrimAnalysisFieldAccessPattern)", "", "Argument[2].Property[ILLink.RoslynAnalyzer.TrimAnalysis.TrimAnalysisFieldAccessPattern.FeatureContext].Field[ILLink.RoslynAnalyzer.DataFlow.FeatureContext.EnabledFeatures]", "ReturnValue.Property[ILLink.RoslynAnalyzer.TrimAnalysis.TrimAnalysisFieldAccessPattern.FeatureContext].Field[ILLink.RoslynAnalyzer.DataFlow.FeatureContext.EnabledFeatures]", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisFieldAccessPattern", False, "TrimAnalysisFieldAccessPattern", "(Microsoft.CodeAnalysis.IFieldSymbol,Microsoft.CodeAnalysis.Operations.IFieldReferenceOperation,Microsoft.CodeAnalysis.ISymbol,ILLink.RoslynAnalyzer.DataFlow.FeatureContext)", "", "Argument[0]", "Argument[this].Property[ILLink.RoslynAnalyzer.TrimAnalysis.TrimAnalysisFieldAccessPattern.Field]", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisFieldAccessPattern", False, "TrimAnalysisFieldAccessPattern", "(Microsoft.CodeAnalysis.IFieldSymbol,Microsoft.CodeAnalysis.Operations.IFieldReferenceOperation,Microsoft.CodeAnalysis.ISymbol,ILLink.RoslynAnalyzer.DataFlow.FeatureContext)", "", "Argument[1]", "Argument[this].Property[ILLink.RoslynAnalyzer.TrimAnalysis.TrimAnalysisFieldAccessPattern.Operation]", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisFieldAccessPattern", False, "TrimAnalysisFieldAccessPattern", "(Microsoft.CodeAnalysis.IFieldSymbol,Microsoft.CodeAnalysis.Operations.IFieldReferenceOperation,Microsoft.CodeAnalysis.ISymbol,ILLink.RoslynAnalyzer.DataFlow.FeatureContext)", "", "Argument[2]", "Argument[this].Property[ILLink.RoslynAnalyzer.TrimAnalysis.TrimAnalysisFieldAccessPattern.OwningSymbol]", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisFieldAccessPattern", False, "TrimAnalysisFieldAccessPattern", "(Microsoft.CodeAnalysis.IFieldSymbol,Microsoft.CodeAnalysis.Operations.IFieldReferenceOperation,Microsoft.CodeAnalysis.ISymbol,ILLink.RoslynAnalyzer.DataFlow.FeatureContext)", "", "Argument[3]", "Argument[this].Property[ILLink.RoslynAnalyzer.TrimAnalysis.TrimAnalysisFieldAccessPattern.FeatureContext]", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisMethodCallPattern", False, "Merge", "(ILLink.Shared.DataFlow.ValueSetLattice<ILLink.Shared.DataFlow.SingleValue>,ILLink.RoslynAnalyzer.DataFlow.FeatureContextLattice,ILLink.RoslynAnalyzer.TrimAnalysis.TrimAnalysisMethodCallPattern)", "", "Argument[2].Property[ILLink.RoslynAnalyzer.TrimAnalysis.TrimAnalysisMethodCallPattern.FeatureContext].Field[ILLink.RoslynAnalyzer.DataFlow.FeatureContext.EnabledFeatures]", "ReturnValue.Property[ILLink.RoslynAnalyzer.TrimAnalysis.TrimAnalysisMethodCallPattern.FeatureContext].Field[ILLink.RoslynAnalyzer.DataFlow.FeatureContext.EnabledFeatures]", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisMethodCallPattern", False, "Merge", "(ILLink.Shared.DataFlow.ValueSetLattice<ILLink.Shared.DataFlow.SingleValue>,ILLink.RoslynAnalyzer.DataFlow.FeatureContextLattice,ILLink.RoslynAnalyzer.TrimAnalysis.TrimAnalysisMethodCallPattern)", "", "Argument[2].Property[ILLink.RoslynAnalyzer.TrimAnalysis.TrimAnalysisMethodCallPattern.Instance]", "ReturnValue.Property[ILLink.RoslynAnalyzer.TrimAnalysis.TrimAnalysisMethodCallPattern.Instance]", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisMethodCallPattern", False, "TrimAnalysisMethodCallPattern", "(Microsoft.CodeAnalysis.IMethodSymbol,ILLink.Shared.DataFlow.ValueSet<ILLink.Shared.DataFlow.SingleValue>,System.Collections.Immutable.ImmutableArray<ILLink.Shared.DataFlow.ValueSet<ILLink.Shared.DataFlow.SingleValue>>,Microsoft.CodeAnalysis.IOperation,Microsoft.CodeAnalysis.ISymbol,ILLink.RoslynAnalyzer.DataFlow.FeatureContext)", "", "Argument[0]", "Argument[this].Property[ILLink.RoslynAnalyzer.TrimAnalysis.TrimAnalysisMethodCallPattern.CalledMethod]", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisMethodCallPattern", False, "TrimAnalysisMethodCallPattern", "(Microsoft.CodeAnalysis.IMethodSymbol,ILLink.Shared.DataFlow.ValueSet<ILLink.Shared.DataFlow.SingleValue>,System.Collections.Immutable.ImmutableArray<ILLink.Shared.DataFlow.ValueSet<ILLink.Shared.DataFlow.SingleValue>>,Microsoft.CodeAnalysis.IOperation,Microsoft.CodeAnalysis.ISymbol,ILLink.RoslynAnalyzer.DataFlow.FeatureContext)", "", "Argument[1]", "Argument[this].Property[ILLink.RoslynAnalyzer.TrimAnalysis.TrimAnalysisMethodCallPattern.Instance]", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisMethodCallPattern", False, "TrimAnalysisMethodCallPattern", "(Microsoft.CodeAnalysis.IMethodSymbol,ILLink.Shared.DataFlow.ValueSet<ILLink.Shared.DataFlow.SingleValue>,System.Collections.Immutable.ImmutableArray<ILLink.Shared.DataFlow.ValueSet<ILLink.Shared.DataFlow.SingleValue>>,Microsoft.CodeAnalysis.IOperation,Microsoft.CodeAnalysis.ISymbol,ILLink.RoslynAnalyzer.DataFlow.FeatureContext)", "", "Argument[3]", "Argument[this].Property[ILLink.RoslynAnalyzer.TrimAnalysis.TrimAnalysisMethodCallPattern.Operation]", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisMethodCallPattern", False, "TrimAnalysisMethodCallPattern", "(Microsoft.CodeAnalysis.IMethodSymbol,ILLink.Shared.DataFlow.ValueSet<ILLink.Shared.DataFlow.SingleValue>,System.Collections.Immutable.ImmutableArray<ILLink.Shared.DataFlow.ValueSet<ILLink.Shared.DataFlow.SingleValue>>,Microsoft.CodeAnalysis.IOperation,Microsoft.CodeAnalysis.ISymbol,ILLink.RoslynAnalyzer.DataFlow.FeatureContext)", "", "Argument[4]", "Argument[this].Property[ILLink.RoslynAnalyzer.TrimAnalysis.TrimAnalysisMethodCallPattern.OwningSymbol]", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisMethodCallPattern", False, "TrimAnalysisMethodCallPattern", "(Microsoft.CodeAnalysis.IMethodSymbol,ILLink.Shared.DataFlow.ValueSet<ILLink.Shared.DataFlow.SingleValue>,System.Collections.Immutable.ImmutableArray<ILLink.Shared.DataFlow.ValueSet<ILLink.Shared.DataFlow.SingleValue>>,Microsoft.CodeAnalysis.IOperation,Microsoft.CodeAnalysis.ISymbol,ILLink.RoslynAnalyzer.DataFlow.FeatureContext)", "", "Argument[5].Field[ILLink.RoslynAnalyzer.DataFlow.FeatureContext.EnabledFeatures]", "Argument[this].Property[ILLink.RoslynAnalyzer.TrimAnalysis.TrimAnalysisMethodCallPattern.FeatureContext].Field[ILLink.RoslynAnalyzer.DataFlow.FeatureContext.EnabledFeatures]", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisPatternStore", False, "TrimAnalysisPatternStore", "(ILLink.Shared.DataFlow.ValueSetLattice<ILLink.Shared.DataFlow.SingleValue>,ILLink.RoslynAnalyzer.DataFlow.FeatureContextLattice)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisPatternStore", False, "TrimAnalysisPatternStore", "(ILLink.Shared.DataFlow.ValueSetLattice<ILLink.Shared.DataFlow.SingleValue>,ILLink.RoslynAnalyzer.DataFlow.FeatureContextLattice)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisReflectionAccessPattern", False, "Merge", "(ILLink.Shared.DataFlow.ValueSetLattice<ILLink.Shared.DataFlow.SingleValue>,ILLink.RoslynAnalyzer.DataFlow.FeatureContextLattice,ILLink.RoslynAnalyzer.TrimAnalysis.TrimAnalysisReflectionAccessPattern)", "", "Argument[2].Property[ILLink.RoslynAnalyzer.TrimAnalysis.TrimAnalysisReflectionAccessPattern.FeatureContext].Field[ILLink.RoslynAnalyzer.DataFlow.FeatureContext.EnabledFeatures]", "ReturnValue.Property[ILLink.RoslynAnalyzer.TrimAnalysis.TrimAnalysisReflectionAccessPattern.FeatureContext].Field[ILLink.RoslynAnalyzer.DataFlow.FeatureContext.EnabledFeatures]", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisReflectionAccessPattern", False, "TrimAnalysisReflectionAccessPattern", "(Microsoft.CodeAnalysis.IMethodSymbol,Microsoft.CodeAnalysis.IOperation,Microsoft.CodeAnalysis.ISymbol,ILLink.RoslynAnalyzer.DataFlow.FeatureContext)", "", "Argument[0]", "Argument[this].Property[ILLink.RoslynAnalyzer.TrimAnalysis.TrimAnalysisReflectionAccessPattern.ReferencedMethod]", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisReflectionAccessPattern", False, "TrimAnalysisReflectionAccessPattern", "(Microsoft.CodeAnalysis.IMethodSymbol,Microsoft.CodeAnalysis.IOperation,Microsoft.CodeAnalysis.ISymbol,ILLink.RoslynAnalyzer.DataFlow.FeatureContext)", "", "Argument[1]", "Argument[this].Property[ILLink.RoslynAnalyzer.TrimAnalysis.TrimAnalysisReflectionAccessPattern.Operation]", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisReflectionAccessPattern", False, "TrimAnalysisReflectionAccessPattern", "(Microsoft.CodeAnalysis.IMethodSymbol,Microsoft.CodeAnalysis.IOperation,Microsoft.CodeAnalysis.ISymbol,ILLink.RoslynAnalyzer.DataFlow.FeatureContext)", "", "Argument[2]", "Argument[this].Property[ILLink.RoslynAnalyzer.TrimAnalysis.TrimAnalysisReflectionAccessPattern.OwningSymbol]", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisReflectionAccessPattern", False, "TrimAnalysisReflectionAccessPattern", "(Microsoft.CodeAnalysis.IMethodSymbol,Microsoft.CodeAnalysis.IOperation,Microsoft.CodeAnalysis.ISymbol,ILLink.RoslynAnalyzer.DataFlow.FeatureContext)", "", "Argument[3].Field[ILLink.RoslynAnalyzer.DataFlow.FeatureContext.EnabledFeatures]", "Argument[this].Property[ILLink.RoslynAnalyzer.TrimAnalysis.TrimAnalysisReflectionAccessPattern.FeatureContext].Field[ILLink.RoslynAnalyzer.DataFlow.FeatureContext.EnabledFeatures]", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisVisitor", False, "TrimAnalysisVisitor", "(Microsoft.CodeAnalysis.Compilation,ILLink.RoslynAnalyzer.DataFlow.LocalStateAndContextLattice<ILLink.Shared.DataFlow.ValueSet<ILLink.Shared.DataFlow.SingleValue>,ILLink.RoslynAnalyzer.DataFlow.FeatureContext,ILLink.Shared.DataFlow.ValueSetLattice<ILLink.Shared.DataFlow.SingleValue>,ILLink.RoslynAnalyzer.DataFlow.FeatureContextLattice>,Microsoft.CodeAnalysis.ISymbol,Microsoft.CodeAnalysis.FlowAnalysis.ControlFlowGraph,System.Collections.Immutable.ImmutableDictionary<Microsoft.CodeAnalysis.FlowAnalysis.CaptureId,ILLink.RoslynAnalyzer.DataFlow.FlowCaptureKind>,ILLink.RoslynAnalyzer.TrimAnalysis.TrimAnalysisPatternStore,ILLink.RoslynAnalyzer.DataFlow.InterproceduralState<ILLink.Shared.DataFlow.ValueSet<ILLink.Shared.DataFlow.SingleValue>,ILLink.Shared.DataFlow.ValueSetLattice<ILLink.Shared.DataFlow.SingleValue>>,ILLink.RoslynAnalyzer.DataFlowAnalyzerContext)", "", "Argument[5]", "Argument[this].Field[ILLink.RoslynAnalyzer.TrimAnalysis.TrimAnalysisVisitor.TrimAnalysisPatterns]", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisVisitor", True, "ApplyCondition", "(ILLink.RoslynAnalyzer.DataFlow.FeatureChecksValue,ILLink.RoslynAnalyzer.DataFlow.LocalStateAndContext<ILLink.Shared.DataFlow.ValueSet<ILLink.Shared.DataFlow.SingleValue>,ILLink.RoslynAnalyzer.DataFlow.FeatureContext>)", "", "Argument[0].Field[ILLink.RoslynAnalyzer.DataFlow.FeatureChecksValue.EnabledFeatures]", "Argument[1].Field[ILLink.RoslynAnalyzer.DataFlow.LocalStateAndContext`2.Context].Field[ILLink.RoslynAnalyzer.DataFlow.FeatureContext.EnabledFeatures]", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisVisitor", True, "ApplyCondition", "(ILLink.RoslynAnalyzer.DataFlow.FeatureChecksValue,ILLink.RoslynAnalyzer.DataFlow.LocalStateAndContext<ILLink.Shared.DataFlow.ValueSet<ILLink.Shared.DataFlow.SingleValue>,ILLink.RoslynAnalyzer.DataFlow.FeatureContext>)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisVisitor", True, "GetFieldTargetValue", "(Microsoft.CodeAnalysis.IFieldSymbol,Microsoft.CodeAnalysis.Operations.IFieldReferenceOperation,ILLink.RoslynAnalyzer.DataFlow.FeatureContext)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisVisitor", True, "HandleArrayElementRead", "(ILLink.Shared.DataFlow.ValueSet<ILLink.Shared.DataFlow.SingleValue>,ILLink.Shared.DataFlow.ValueSet<ILLink.Shared.DataFlow.SingleValue>,Microsoft.CodeAnalysis.IOperation)", "", "Argument[this].Property[ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowVisitor`5.TopValue]", "ReturnValue", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisVisitor", True, "HandleDelegateCreation", "(Microsoft.CodeAnalysis.IMethodSymbol,Microsoft.CodeAnalysis.IOperation,ILLink.RoslynAnalyzer.DataFlow.FeatureContext)", "", "Argument[this].Property[ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowVisitor`5.TopValue]", "ReturnValue", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisVisitor", True, "HandleMethodCall", "(Microsoft.CodeAnalysis.IMethodSymbol,ILLink.Shared.DataFlow.ValueSet<ILLink.Shared.DataFlow.SingleValue>,System.Collections.Immutable.ImmutableArray<ILLink.Shared.DataFlow.ValueSet<ILLink.Shared.DataFlow.SingleValue>>,Microsoft.CodeAnalysis.IOperation,ILLink.RoslynAnalyzer.DataFlow.FeatureContext)", "", "Argument[1].Property[System.Nullable`1.Value]", "ReturnValue", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisVisitor", True, "Visit", "(Microsoft.CodeAnalysis.IOperation,ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState<ILLink.Shared.DataFlow.ValueSet<ILLink.Shared.DataFlow.SingleValue>,ILLink.RoslynAnalyzer.DataFlow.FeatureContext,ILLink.Shared.DataFlow.ValueSetLattice<ILLink.Shared.DataFlow.SingleValue>,ILLink.RoslynAnalyzer.DataFlow.FeatureContextLattice>)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisVisitor", True, "VisitArrayCreation", "(Microsoft.CodeAnalysis.Operations.IArrayCreationOperation,ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState<ILLink.Shared.DataFlow.ValueSet<ILLink.Shared.DataFlow.SingleValue>,ILLink.RoslynAnalyzer.DataFlow.FeatureContext,ILLink.Shared.DataFlow.ValueSetLattice<ILLink.Shared.DataFlow.SingleValue>,ILLink.RoslynAnalyzer.DataFlow.FeatureContextLattice>)", "", "Argument[this].Property[ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowVisitor`5.TopValue]", "ReturnValue", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisVisitor", True, "VisitBinaryOperator", "(Microsoft.CodeAnalysis.Operations.IBinaryOperation,ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState<ILLink.Shared.DataFlow.ValueSet<ILLink.Shared.DataFlow.SingleValue>,ILLink.RoslynAnalyzer.DataFlow.FeatureContext,ILLink.Shared.DataFlow.ValueSetLattice<ILLink.Shared.DataFlow.SingleValue>,ILLink.RoslynAnalyzer.DataFlow.FeatureContextLattice>)", "", "Argument[this].Property[ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowVisitor`5.TopValue]", "ReturnValue", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisVisitor", True, "VisitConversion", "(Microsoft.CodeAnalysis.Operations.IConversionOperation,ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState<ILLink.Shared.DataFlow.ValueSet<ILLink.Shared.DataFlow.SingleValue>,ILLink.RoslynAnalyzer.DataFlow.FeatureContext,ILLink.Shared.DataFlow.ValueSetLattice<ILLink.Shared.DataFlow.SingleValue>,ILLink.RoslynAnalyzer.DataFlow.FeatureContextLattice>)", "", "Argument[this].Property[ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowVisitor`5.TopValue]", "ReturnValue", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisVisitor", True, "VisitFieldReference", "(Microsoft.CodeAnalysis.Operations.IFieldReferenceOperation,ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState<ILLink.Shared.DataFlow.ValueSet<ILLink.Shared.DataFlow.SingleValue>,ILLink.RoslynAnalyzer.DataFlow.FeatureContext,ILLink.Shared.DataFlow.ValueSetLattice<ILLink.Shared.DataFlow.SingleValue>,ILLink.RoslynAnalyzer.DataFlow.FeatureContextLattice>)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisVisitor", True, "VisitInstanceReference", "(Microsoft.CodeAnalysis.Operations.IInstanceReferenceOperation,ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState<ILLink.Shared.DataFlow.ValueSet<ILLink.Shared.DataFlow.SingleValue>,ILLink.RoslynAnalyzer.DataFlow.FeatureContext,ILLink.Shared.DataFlow.ValueSetLattice<ILLink.Shared.DataFlow.SingleValue>,ILLink.RoslynAnalyzer.DataFlow.FeatureContextLattice>)", "", "Argument[this].Property[ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowVisitor`5.TopValue]", "ReturnValue", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisVisitor", True, "VisitTypeOf", "(Microsoft.CodeAnalysis.Operations.ITypeOfOperation,ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState<ILLink.Shared.DataFlow.ValueSet<ILLink.Shared.DataFlow.SingleValue>,ILLink.RoslynAnalyzer.DataFlow.FeatureContext,ILLink.Shared.DataFlow.ValueSetLattice<ILLink.Shared.DataFlow.SingleValue>,ILLink.RoslynAnalyzer.DataFlow.FeatureContextLattice>)", "", "Argument[this].Property[ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowVisitor`5.TopValue]", "ReturnValue", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimDataFlowAnalysis", False, "TrimDataFlowAnalysis", "(Microsoft.CodeAnalysis.Diagnostics.OperationBlockAnalysisContext,ILLink.RoslynAnalyzer.DataFlowAnalyzerContext,Microsoft.CodeAnalysis.IOperation)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimDataFlowAnalysis", True, "GetVisitor", "(Microsoft.CodeAnalysis.ISymbol,Microsoft.CodeAnalysis.FlowAnalysis.ControlFlowGraph,System.Collections.Immutable.ImmutableDictionary<Microsoft.CodeAnalysis.FlowAnalysis.CaptureId,ILLink.RoslynAnalyzer.DataFlow.FlowCaptureKind>,ILLink.RoslynAnalyzer.DataFlow.InterproceduralState<ILLink.Shared.DataFlow.ValueSet<ILLink.Shared.DataFlow.SingleValue>,ILLink.Shared.DataFlow.ValueSetLattice<ILLink.Shared.DataFlow.SingleValue>>)", "", "Argument[this].Property[ILLink.RoslynAnalyzer.TrimAnalysis.TrimDataFlowAnalysis.TrimAnalysisPatterns]", "ReturnValue.Field[ILLink.RoslynAnalyzer.TrimAnalysis.TrimAnalysisVisitor.TrimAnalysisPatterns]", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimDataFlowAnalysis", True, "TraceStart", "(ILLink.RoslynAnalyzer.DataFlow.ControlFlowGraphProxy)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- addsTo:
pack: codeql/csharp-all
extensible: neutralModel
data:
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisAssignmentPattern", "CollectDiagnostics", "(ILLink.RoslynAnalyzer.DataFlowAnalyzerContext)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisAssignmentPattern", "op_Equality", "(ILLink.RoslynAnalyzer.TrimAnalysis.TrimAnalysisAssignmentPattern,ILLink.RoslynAnalyzer.TrimAnalysis.TrimAnalysisAssignmentPattern)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisAssignmentPattern", "op_Inequality", "(ILLink.RoslynAnalyzer.TrimAnalysis.TrimAnalysisAssignmentPattern,ILLink.RoslynAnalyzer.TrimAnalysis.TrimAnalysisAssignmentPattern)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisFieldAccessPattern", "CollectDiagnostics", "(ILLink.RoslynAnalyzer.DataFlowAnalyzerContext)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisFieldAccessPattern", "op_Equality", "(ILLink.RoslynAnalyzer.TrimAnalysis.TrimAnalysisFieldAccessPattern,ILLink.RoslynAnalyzer.TrimAnalysis.TrimAnalysisFieldAccessPattern)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisFieldAccessPattern", "op_Inequality", "(ILLink.RoslynAnalyzer.TrimAnalysis.TrimAnalysisFieldAccessPattern,ILLink.RoslynAnalyzer.TrimAnalysis.TrimAnalysisFieldAccessPattern)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisMethodCallPattern", "CollectDiagnostics", "(ILLink.RoslynAnalyzer.DataFlowAnalyzerContext)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisMethodCallPattern", "op_Equality", "(ILLink.RoslynAnalyzer.TrimAnalysis.TrimAnalysisMethodCallPattern,ILLink.RoslynAnalyzer.TrimAnalysis.TrimAnalysisMethodCallPattern)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisMethodCallPattern", "op_Inequality", "(ILLink.RoslynAnalyzer.TrimAnalysis.TrimAnalysisMethodCallPattern,ILLink.RoslynAnalyzer.TrimAnalysis.TrimAnalysisMethodCallPattern)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisPatternStore", "Add", "(ILLink.RoslynAnalyzer.TrimAnalysis.TrimAnalysisAssignmentPattern,System.Boolean)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisPatternStore", "Add", "(ILLink.RoslynAnalyzer.TrimAnalysis.TrimAnalysisFieldAccessPattern)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisPatternStore", "Add", "(ILLink.RoslynAnalyzer.TrimAnalysis.TrimAnalysisMethodCallPattern)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisPatternStore", "Add", "(ILLink.RoslynAnalyzer.TrimAnalysis.TrimAnalysisReflectionAccessPattern)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisPatternStore", "CollectDiagnostics", "(ILLink.RoslynAnalyzer.DataFlowAnalyzerContext)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisReflectionAccessPattern", "CollectDiagnostics", "(ILLink.RoslynAnalyzer.DataFlowAnalyzerContext)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisReflectionAccessPattern", "op_Equality", "(ILLink.RoslynAnalyzer.TrimAnalysis.TrimAnalysisReflectionAccessPattern,ILLink.RoslynAnalyzer.TrimAnalysis.TrimAnalysisReflectionAccessPattern)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisReflectionAccessPattern", "op_Inequality", "(ILLink.RoslynAnalyzer.TrimAnalysis.TrimAnalysisReflectionAccessPattern,ILLink.RoslynAnalyzer.TrimAnalysis.TrimAnalysisReflectionAccessPattern)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisVisitor", "GetConditionValue", "(Microsoft.CodeAnalysis.IOperation,ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState<ILLink.Shared.DataFlow.ValueSet<ILLink.Shared.DataFlow.SingleValue>,ILLink.RoslynAnalyzer.DataFlow.FeatureContext,ILLink.Shared.DataFlow.ValueSetLattice<ILLink.Shared.DataFlow.SingleValue>,ILLink.RoslynAnalyzer.DataFlow.FeatureContextLattice>)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisVisitor", "GetParameterTargetValue", "(Microsoft.CodeAnalysis.IParameterSymbol)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisVisitor", "HandleArrayElementWrite", "(ILLink.Shared.DataFlow.ValueSet<ILLink.Shared.DataFlow.SingleValue>,ILLink.Shared.DataFlow.ValueSet<ILLink.Shared.DataFlow.SingleValue>,ILLink.Shared.DataFlow.ValueSet<ILLink.Shared.DataFlow.SingleValue>,Microsoft.CodeAnalysis.IOperation,System.Boolean)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisVisitor", "HandleAssignment", "(ILLink.Shared.DataFlow.ValueSet<ILLink.Shared.DataFlow.SingleValue>,ILLink.Shared.DataFlow.ValueSet<ILLink.Shared.DataFlow.SingleValue>,Microsoft.CodeAnalysis.IOperation,ILLink.RoslynAnalyzer.DataFlow.FeatureContext)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisVisitor", "HandleReturnValue", "(ILLink.Shared.DataFlow.ValueSet<ILLink.Shared.DataFlow.SingleValue>,Microsoft.CodeAnalysis.IOperation,ILLink.RoslynAnalyzer.DataFlow.FeatureContext)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimAnalysisVisitor", "VisitParameterReference", "(Microsoft.CodeAnalysis.Operations.IParameterReferenceOperation,ILLink.RoslynAnalyzer.DataFlow.LocalDataFlowState<ILLink.Shared.DataFlow.ValueSet<ILLink.Shared.DataFlow.SingleValue>,ILLink.RoslynAnalyzer.DataFlow.FeatureContext,ILLink.Shared.DataFlow.ValueSetLattice<ILLink.Shared.DataFlow.SingleValue>,ILLink.RoslynAnalyzer.DataFlow.FeatureContextLattice>)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimDataFlowAnalysis", "CollectDiagnostics", "()", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimDataFlowAnalysis", "TraceBlockInput", "(ILLink.RoslynAnalyzer.DataFlow.LocalStateAndContext<ILLink.Shared.DataFlow.ValueSet<ILLink.Shared.DataFlow.SingleValue>,ILLink.RoslynAnalyzer.DataFlow.FeatureContext>,System.Nullable<ILLink.RoslynAnalyzer.DataFlow.LocalStateAndContext<ILLink.Shared.DataFlow.ValueSet<ILLink.Shared.DataFlow.SingleValue>,ILLink.RoslynAnalyzer.DataFlow.FeatureContext>>,System.Nullable<ILLink.RoslynAnalyzer.DataFlow.LocalStateAndContext<ILLink.Shared.DataFlow.ValueSet<ILLink.Shared.DataFlow.SingleValue>,ILLink.RoslynAnalyzer.DataFlow.FeatureContext>>)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimDataFlowAnalysis", "TraceBlockOutput", "(ILLink.RoslynAnalyzer.DataFlow.LocalStateAndContext<ILLink.Shared.DataFlow.ValueSet<ILLink.Shared.DataFlow.SingleValue>,ILLink.RoslynAnalyzer.DataFlow.FeatureContext>,System.Nullable<ILLink.RoslynAnalyzer.DataFlow.LocalStateAndContext<ILLink.Shared.DataFlow.ValueSet<ILLink.Shared.DataFlow.SingleValue>,ILLink.RoslynAnalyzer.DataFlow.FeatureContext>>,System.Nullable<ILLink.RoslynAnalyzer.DataFlow.LocalStateAndContext<ILLink.Shared.DataFlow.ValueSet<ILLink.Shared.DataFlow.SingleValue>,ILLink.RoslynAnalyzer.DataFlow.FeatureContext>>)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimDataFlowAnalysis", "TraceVisitBlock", "(ILLink.RoslynAnalyzer.DataFlow.BlockProxy)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer.TrimAnalysis", "TrimDataFlowAnalysis", "get_TrimAnalysisPatterns", "()", "summary", "df-generated"]

17
csharp/ql/lib/ext/generated/ILLink.RoslynAnalyzer.model.yml
View File

@@ -7,8 +7,6 @@ extensions:
- ["ILLink.RoslynAnalyzer", "CompilationExtensions", False, "GetUnqualifiedName", "(Microsoft.CodeAnalysis.CSharp.Syntax.NameSyntax)", "", "Argument[0].Property[Microsoft.CodeAnalysis.CSharp.Syntax.AliasQualifiedNameSyntax.Name]", "ReturnValue", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer", "CompilationExtensions", False, "GetUnqualifiedName", "(Microsoft.CodeAnalysis.CSharp.Syntax.NameSyntax)", "", "Argument[0].Property[Microsoft.CodeAnalysis.CSharp.Syntax.QualifiedNameSyntax.Right]", "ReturnValue", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer", "CompilationExtensions", False, "GetUnqualifiedName", "(Microsoft.CodeAnalysis.CSharp.Syntax.NameSyntax)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer", "DataFlowAnalyzerContext", False, "Create", "(Microsoft.CodeAnalysis.Diagnostics.AnalyzerOptions,Microsoft.CodeAnalysis.Compilation,System.Collections.Immutable.ImmutableArray<ILLink.RoslynAnalyzer.RequiresAnalyzerBase>)", "", "Argument[1]", "ReturnValue.Property[ILLink.RoslynAnalyzer.DataFlowAnalyzerContext.Compilation]", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer", "DataFlowAnalyzerContext", False, "get_EnabledRequiresAnalyzers", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["ILLink.RoslynAnalyzer", "IPropertySymbolExtensions", False, "GetGetMethod", "(Microsoft.CodeAnalysis.IPropertySymbol)", "", "Argument[0].Property[Microsoft.CodeAnalysis.IPropertySymbol.GetMethod]", "ReturnValue", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer", "IPropertySymbolExtensions", False, "GetGetMethod", "(Microsoft.CodeAnalysis.IPropertySymbol)", "", "Argument[0].Property[Microsoft.CodeAnalysis.IPropertySymbol.OverriddenProperty].Property[Microsoft.CodeAnalysis.IPropertySymbol.GetMethod]", "ReturnValue", "value", "dfc-generated"]
- ["ILLink.RoslynAnalyzer", "IPropertySymbolExtensions", False, "GetSetMethod", "(Microsoft.CodeAnalysis.IPropertySymbol)", "", "Argument[0].Property[Microsoft.CodeAnalysis.IPropertySymbol.OverriddenProperty].Property[Microsoft.CodeAnalysis.IPropertySymbol.SetMethod]", "ReturnValue", "value", "dfc-generated"]
@@ -25,11 +23,9 @@ extensions:
- ["ILLink.RoslynAnalyzer", "COMAnalyzer", "Initialize", "(Microsoft.CodeAnalysis.Diagnostics.AnalysisContext)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer", "COMAnalyzer", "get_SupportedDiagnostics", "()", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer", "CompilationExtensions", "GetBestTypeByMetadataName", "(Microsoft.CodeAnalysis.Compilation,System.String)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer", "CompilationExtensions", "TaskOfTType", "(Microsoft.CodeAnalysis.Compilation)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer", "CompilationExtensions", "TaskType", "(Microsoft.CodeAnalysis.Compilation)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer", "CompilationExtensions", "ToImmutableArray<T>", "(System.ReadOnlySpan<T>)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer", "DataFlowAnalyzerContext", "GetSpecialIncompatibleMembers", "(ILLink.RoslynAnalyzer.RequiresAnalyzerBase)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer", "DataFlowAnalyzerContext", "get_AnyAnalyzersEnabled", "()", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer", "DataFlowAnalyzerContext", "get_Compilation", "()", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer", "DataFlowAnalyzerContext", "get_EnableTrimAnalyzer", "()", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer", "DiagnosticDescriptors", "GetDiagnosticDescriptor", "(ILLink.Shared.DiagnosticId)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer", "DiagnosticDescriptors", "GetDiagnosticDescriptor", "(ILLink.Shared.DiagnosticId,ILLink.Shared.DiagnosticString)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer", "DiagnosticDescriptors", "GetDiagnosticDescriptor", "(ILLink.Shared.DiagnosticId,Microsoft.CodeAnalysis.LocalizableResourceString,Microsoft.CodeAnalysis.LocalizableResourceString,System.String,Microsoft.CodeAnalysis.DiagnosticSeverity,System.Boolean,System.String)", "summary", "df-generated"]
@@ -38,17 +34,18 @@ extensions:
- ["ILLink.RoslynAnalyzer", "DynamicallyAccessedMembersAnalyzer", "get_RequiresAnalyzers", "()", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer", "DynamicallyAccessedMembersAnalyzer", "get_SupportedDiagnostics", "()", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer", "ISymbolExtensions", "IsConstructor", "(Microsoft.CodeAnalysis.ISymbol)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer", "ISymbolExtensions", "IsEntryPoint", "(Microsoft.CodeAnalysis.IMethodSymbol,Microsoft.CodeAnalysis.Compilation)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer", "ISymbolExtensions", "IsInterface", "(Microsoft.CodeAnalysis.ISymbol)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer", "ISymbolExtensions", "IsStaticConstructor", "(Microsoft.CodeAnalysis.ISymbol)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer", "ISymbolExtensions", "IsSubclassOf", "(Microsoft.CodeAnalysis.ISymbol,System.String,System.String)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer", "ISymbolExtensions", "IsUnmanagedCallersOnlyEntryPoint", "(Microsoft.CodeAnalysis.IMethodSymbol)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer", "ISymbolExtensions", "get_ILLinkMemberDisplayFormat", "()", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer", "ISymbolExtensions", "get_ILLinkTypeDisplayFormat", "()", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer", "RequiresAnalyzerBase", "CheckAndCreateRequiresDiagnostic", "(Microsoft.CodeAnalysis.IOperation,Microsoft.CodeAnalysis.ISymbol,Microsoft.CodeAnalysis.ISymbol,System.Collections.Immutable.ImmutableArray<Microsoft.CodeAnalysis.ISymbol>,Microsoft.CodeAnalysis.Diagnostic)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer", "RequiresAnalyzerBase", "CreateSpecialIncompatibleMembersDiagnostic", "(Microsoft.CodeAnalysis.IOperation,System.Collections.Immutable.ImmutableArray<Microsoft.CodeAnalysis.ISymbol>,Microsoft.CodeAnalysis.ISymbol,Microsoft.CodeAnalysis.Diagnostic)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer", "RequiresAnalyzerBase", "CreateSpecialIncompatibleMembersDiagnostic", "(System.Collections.Immutable.ImmutableArray<Microsoft.CodeAnalysis.ISymbol>,Microsoft.CodeAnalysis.ISymbol,ILLink.Shared.TrimAnalysis.DiagnosticContext)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer", "RequiresAnalyzerBase", "GetUrlFromAttribute", "(Microsoft.CodeAnalysis.AttributeData)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer", "RequiresAnalyzerBase", "Initialize", "(Microsoft.CodeAnalysis.Diagnostics.AnalysisContext)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer", "RequiresAnalyzerBase", "VerifyAttributeArguments", "(Microsoft.CodeAnalysis.AttributeData)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer", "RequiresAssemblyFilesAnalyzer", "CreateSpecialIncompatibleMembersDiagnostic", "(Microsoft.CodeAnalysis.IOperation,System.Collections.Immutable.ImmutableArray<Microsoft.CodeAnalysis.ISymbol>,Microsoft.CodeAnalysis.ISymbol,Microsoft.CodeAnalysis.Diagnostic)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer", "RequiresAssemblyFilesAnalyzer", "CreateSpecialIncompatibleMembersDiagnostic", "(System.Collections.Immutable.ImmutableArray<Microsoft.CodeAnalysis.ISymbol>,Microsoft.CodeAnalysis.ISymbol,ILLink.Shared.TrimAnalysis.DiagnosticContext)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer", "RequiresAssemblyFilesAnalyzer", "VerifyAttributeArguments", "(Microsoft.CodeAnalysis.AttributeData)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer", "RequiresAssemblyFilesAnalyzer", "get_SupportedDiagnostics", "()", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer", "RequiresDynamicCodeAnalyzer", "VerifyAttributeArguments", "(Microsoft.CodeAnalysis.AttributeData)", "summary", "df-generated"]
@@ -56,7 +53,7 @@ extensions:
- ["ILLink.RoslynAnalyzer", "RequiresISymbolExtensions", "DoesMemberRequire", "(Microsoft.CodeAnalysis.ISymbol,System.String,Microsoft.CodeAnalysis.AttributeData)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer", "RequiresISymbolExtensions", "IsInRequiresScope", "(Microsoft.CodeAnalysis.ISymbol,System.String)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer", "RequiresISymbolExtensions", "IsInRequiresScope", "(Microsoft.CodeAnalysis.ISymbol,System.String,Microsoft.CodeAnalysis.AttributeData)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer", "RequiresUnreferencedCodeAnalyzer", "CreateSpecialIncompatibleMembersDiagnostic", "(Microsoft.CodeAnalysis.IOperation,System.Collections.Immutable.ImmutableArray<Microsoft.CodeAnalysis.ISymbol>,Microsoft.CodeAnalysis.ISymbol,Microsoft.CodeAnalysis.Diagnostic)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer", "RequiresUnreferencedCodeAnalyzer", "CreateSpecialIncompatibleMembersDiagnostic", "(System.Collections.Immutable.ImmutableArray<Microsoft.CodeAnalysis.ISymbol>,Microsoft.CodeAnalysis.ISymbol,ILLink.Shared.TrimAnalysis.DiagnosticContext)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer", "RequiresUnreferencedCodeAnalyzer", "VerifyAttributeArguments", "(Microsoft.CodeAnalysis.AttributeData)", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer", "RequiresUnreferencedCodeAnalyzer", "get_SupportedDiagnostics", "()", "summary", "df-generated"]
- ["ILLink.RoslynAnalyzer", "RequiresUnreferencedCodeUtils", "DoesMemberRequireUnreferencedCodeAttribute", "(Microsoft.CodeAnalysis.ISymbol,Microsoft.CodeAnalysis.AttributeData)", "summary", "df-generated"]

10
csharp/ql/lib/ext/generated/ILLink.Shared.DataFlow.model.yml
View File

@@ -13,8 +13,9 @@ extensions:
- ["ILLink.Shared.DataFlow", "DictionaryLattice<TKey,TValue,TValueLattice>", False, "DictionaryLattice", "(TValueLattice)", "", "Argument[0]", "Argument[this].Field[ILLink.Shared.DataFlow.DictionaryLattice`3.ValueLattice]", "value", "dfc-generated"]
- ["ILLink.Shared.DataFlow", "DictionaryLattice<TKey,TValue,TValueLattice>", False, "Meet", "(ILLink.Shared.DataFlow.DefaultValueDictionary<TKey,TValue>,ILLink.Shared.DataFlow.DefaultValueDictionary<TKey,TValue>)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"]
- ["ILLink.Shared.DataFlow", "ForwardDataFlowAnalysis<TValue,TState,TLattice,TBlock,TRegion,TControlFlowGraph,TTransfer,TConditionValue>", False, "ForwardDataFlowAnalysis", "(TLattice,TValue)", "", "Argument[0]", "Argument[this].Field[ILLink.Shared.DataFlow.ForwardDataFlowAnalysis`8.lattice]", "value", "dfc-generated"]
- ["ILLink.Shared.DataFlow", "IControlFlowGraph<TBlock,TRegion>+ControlFlowBranch", False, "ControlFlowBranch", "(TBlock,System.Nullable<TBlock>,System.Collections.Immutable.ImmutableArray<TRegion>,System.Boolean)", "", "Argument[0]", "Argument[this].Field[ILLink.Shared.DataFlow.IControlFlowGraph`2+ControlFlowBranch.Source]", "value", "dfc-generated"]
- ["ILLink.Shared.DataFlow", "IControlFlowGraph<TBlock,TRegion>+ControlFlowBranch", False, "ControlFlowBranch", "(TBlock,System.Nullable<TBlock>,System.Collections.Immutable.ImmutableArray<TRegion>,System.Boolean)", "", "Argument[2]", "Argument[this].Field[ILLink.Shared.DataFlow.IControlFlowGraph`2+ControlFlowBranch.FinallyRegions]", "value", "dfc-generated"]
- ["ILLink.Shared.DataFlow", "IControlFlowGraph<TBlock,TRegion>+ControlFlowBranch", False, "ControlFlowBranch", "(TBlock,System.Nullable<TBlock>,System.Collections.Immutable.ImmutableArray<TRegion>,ILLink.Shared.DataFlow.ConditionKind)", "", "Argument[0]", "Argument[this].Field[ILLink.Shared.DataFlow.IControlFlowGraph`2+ControlFlowBranch.Source]", "value", "dfc-generated"]
- ["ILLink.Shared.DataFlow", "IControlFlowGraph<TBlock,TRegion>+ControlFlowBranch", False, "ControlFlowBranch", "(TBlock,System.Nullable<TBlock>,System.Collections.Immutable.ImmutableArray<TRegion>,ILLink.Shared.DataFlow.ConditionKind)", "", "Argument[1]", "Argument[this].Field[ILLink.Shared.DataFlow.IControlFlowGraph`2+ControlFlowBranch.Destination]", "value", "dfc-generated"]
- ["ILLink.Shared.DataFlow", "IControlFlowGraph<TBlock,TRegion>+ControlFlowBranch", False, "ControlFlowBranch", "(TBlock,System.Nullable<TBlock>,System.Collections.Immutable.ImmutableArray<TRegion>,ILLink.Shared.DataFlow.ConditionKind)", "", "Argument[2]", "Argument[this].Field[ILLink.Shared.DataFlow.IControlFlowGraph`2+ControlFlowBranch.FinallyRegions]", "value", "dfc-generated"]
- ["ILLink.Shared.DataFlow", "Maybe<T>", False, "Maybe", "(T)", "", "Argument[0]", "Argument[this].Field[ILLink.Shared.DataFlow.Maybe`1.MaybeValue]", "value", "dfc-generated"]
- ["ILLink.Shared.DataFlow", "MaybeLattice<T,TValueLattice>", False, "MaybeLattice", "(TValueLattice)", "", "Argument[0]", "Argument[this].Field[ILLink.Shared.DataFlow.MaybeLattice`2.ValueLattice]", "value", "dfc-generated"]
- ["ILLink.Shared.DataFlow", "SingleValue", True, "DeepCopy", "()", "", "Argument[this]", "ReturnValue", "value", "dfc-generated"]
@@ -44,18 +45,17 @@ extensions:
- ["ILLink.Shared.DataFlow", "ForwardDataFlowAnalysis<TValue,TState,TLattice,TBlock,TRegion,TControlFlowGraph,TTransfer,TConditionValue>", "Fixpoint", "(TControlFlowGraph,TTransfer)", "summary", "df-generated"]
- ["ILLink.Shared.DataFlow", "ForwardDataFlowAnalysis<TValue,TState,TLattice,TBlock,TRegion,TControlFlowGraph,TTransfer,TConditionValue>", "TraceBlockInput", "(TValue,System.Nullable<TValue>,System.Nullable<TValue>)", "summary", "df-generated"]
- ["ILLink.Shared.DataFlow", "ForwardDataFlowAnalysis<TValue,TState,TLattice,TBlock,TRegion,TControlFlowGraph,TTransfer,TConditionValue>", "TraceBlockOutput", "(TValue,System.Nullable<TValue>,System.Nullable<TValue>)", "summary", "df-generated"]
- ["ILLink.Shared.DataFlow", "ForwardDataFlowAnalysis<TValue,TState,TLattice,TBlock,TRegion,TControlFlowGraph,TTransfer,TConditionValue>", "TraceEdgeInput", "(ILLink.Shared.DataFlow.IControlFlowGraph<TBlock,TRegion>+ControlFlowBranch,TValue)", "summary", "df-generated"]
- ["ILLink.Shared.DataFlow", "ForwardDataFlowAnalysis<TValue,TState,TLattice,TBlock,TRegion,TControlFlowGraph,TTransfer,TConditionValue>", "TraceStart", "(TControlFlowGraph)", "summary", "df-generated"]
- ["ILLink.Shared.DataFlow", "ForwardDataFlowAnalysis<TValue,TState,TLattice,TBlock,TRegion,TControlFlowGraph,TTransfer,TConditionValue>", "TraceVisitBlock", "(TBlock)", "summary", "df-generated"]
- ["ILLink.Shared.DataFlow", "IBlock<TBlock>", "get_ConditionKind", "()", "summary", "df-generated"]
- ["ILLink.Shared.DataFlow", "IControlFlowGraph<TBlock,TRegion>+ControlFlowBranch", "Equals", "(ILLink.Shared.DataFlow.IControlFlowGraph<TBlock,TRegion>+ControlFlowBranch)", "summary", "df-generated"]
- ["ILLink.Shared.DataFlow", "IControlFlowGraph<TBlock,TRegion>+ControlFlowBranch", "Equals", "(System.Object)", "summary", "df-generated"]
- ["ILLink.Shared.DataFlow", "IControlFlowGraph<TBlock,TRegion>+ControlFlowBranch", "GetHashCode", "()", "summary", "df-generated"]
- ["ILLink.Shared.DataFlow", "IControlFlowGraph<TBlock,TRegion>", "FirstBlock", "(TRegion)", "summary", "df-generated"]
- ["ILLink.Shared.DataFlow", "IControlFlowGraph<TBlock,TRegion>", "GetConditionalSuccessor", "(TBlock)", "summary", "df-generated"]
- ["ILLink.Shared.DataFlow", "IControlFlowGraph<TBlock,TRegion>", "GetCorrespondingTry", "(TRegion)", "summary", "df-generated"]
- ["ILLink.Shared.DataFlow", "IControlFlowGraph<TBlock,TRegion>", "GetFallThroughSuccessor", "(TBlock)", "summary", "df-generated"]
- ["ILLink.Shared.DataFlow", "IControlFlowGraph<TBlock,TRegion>", "GetPredecessors", "(TBlock)", "summary", "df-generated"]
- ["ILLink.Shared.DataFlow", "IControlFlowGraph<TBlock,TRegion>", "GetPreviousFilters", "(TRegion)", "summary", "df-generated"]
- ["ILLink.Shared.DataFlow", "IControlFlowGraph<TBlock,TRegion>", "GetSuccessors", "(TBlock)", "summary", "df-generated"]
- ["ILLink.Shared.DataFlow", "IControlFlowGraph<TBlock,TRegion>", "HasFilter", "(TRegion)", "summary", "df-generated"]
- ["ILLink.Shared.DataFlow", "IControlFlowGraph<TBlock,TRegion>", "LastBlock", "(TRegion)", "summary", "df-generated"]
- ["ILLink.Shared.DataFlow", "IControlFlowGraph<TBlock,TRegion>", "TryGetEnclosingFinally", "(TBlock,TRegion)", "summary", "df-generated"]

17
csharp/ql/lib/ext/generated/ILLink.Shared.TrimAnalysis.model.yml
View File

@@ -4,37 +4,42 @@ extensions:
pack: codeql/csharp-all
extensible: summaryModel
data:
- ["ILLink.Shared.TrimAnalysis", "DiagnosticContext", False, "DiagnosticContext", "(Microsoft.CodeAnalysis.Location,System.Action<Microsoft.CodeAnalysis.Diagnostic>)", "", "Argument[0]", "Argument[this].Property[ILLink.Shared.TrimAnalysis.DiagnosticContext.Location]", "value", "dfc-generated"]
- ["ILLink.Shared.TrimAnalysis", "DiagnosticContext", False, "DiagnosticContext", "(Mono.Linker.MessageOrigin,System.Boolean,Mono.Linker.LinkContext)", "", "Argument[0]", "Argument[this].Field[ILLink.Shared.TrimAnalysis.DiagnosticContext.Origin]", "value", "dfc-generated"]
- ["ILLink.Shared.TrimAnalysis", "FieldReferenceValue", False, "FieldReferenceValue", "(Mono.Cecil.FieldReference)", "", "Argument[0]", "Argument[this].Property[ILLink.Shared.TrimAnalysis.FieldReferenceValue.Field]", "value", "dfc-generated"]
- ["ILLink.Shared.TrimAnalysis", "FlowAnnotations", False, "FlowAnnotations", "(Mono.Linker.LinkContext)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["ILLink.Shared.TrimAnalysis", "LocalVariableReferenceValue", False, "LocalVariableReferenceValue", "(Mono.Cecil.Cil.VariableDefinition)", "", "Argument[0]", "Argument[this].Property[ILLink.Shared.TrimAnalysis.LocalVariableReferenceValue.LocalDefinition]", "value", "dfc-generated"]
- ["ILLink.Shared.TrimAnalysis", "ReferenceValue", False, "ReferenceValue", "(Mono.Cecil.TypeReference)", "", "Argument[0]", "Argument[this].Property[ILLink.Shared.TrimAnalysis.ReferenceValue.ReferencedType]", "value", "dfc-generated"]
- ["ILLink.Shared.TrimAnalysis", "ValueWithDynamicallyAccessedMembers", True, "GetDiagnosticArgumentsForAnnotationMismatch", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- addsTo:
pack: codeql/csharp-all
extensible: neutralModel
data:
- ["ILLink.Shared.TrimAnalysis", "FieldReferenceValue", "FieldReferenceValue", "(Mono.Cecil.FieldDefinition)", "summary", "df-generated"]
- ["ILLink.Shared.TrimAnalysis", "DiagnosticContext", "AddDiagnostic", "(ILLink.Shared.DiagnosticId,ILLink.Shared.TrimAnalysis.ValueWithDynamicallyAccessedMembers,ILLink.Shared.TrimAnalysis.ValueWithDynamicallyAccessedMembers,System.String[])", "summary", "df-generated"]
- ["ILLink.Shared.TrimAnalysis", "DiagnosticContext", "AddDiagnostic", "(ILLink.Shared.DiagnosticId,System.String[])", "summary", "df-generated"]
- ["ILLink.Shared.TrimAnalysis", "DiagnosticContext", "get_Location", "()", "summary", "df-generated"]
- ["ILLink.Shared.TrimAnalysis", "FieldReferenceValue", "get_EqualityContract", "()", "summary", "df-generated"]
- ["ILLink.Shared.TrimAnalysis", "FieldReferenceValue", "op_Equality", "(ILLink.Shared.TrimAnalysis.FieldReferenceValue,ILLink.Shared.TrimAnalysis.FieldReferenceValue)", "summary", "df-generated"]
- ["ILLink.Shared.TrimAnalysis", "FieldReferenceValue", "op_Inequality", "(ILLink.Shared.TrimAnalysis.FieldReferenceValue,ILLink.Shared.TrimAnalysis.FieldReferenceValue)", "summary", "df-generated"]
- ["ILLink.Shared.TrimAnalysis", "FlowAnnotations", "GetFieldAnnotation", "(Mono.Cecil.FieldDefinition)", "summary", "df-generated"]
- ["ILLink.Shared.TrimAnalysis", "FlowAnnotations", "GetFieldAnnotation", "(Mono.Cecil.FieldReference)", "summary", "df-generated"]
- ["ILLink.Shared.TrimAnalysis", "FlowAnnotations", "GetGenericParameterAnnotation", "(Mono.Cecil.GenericParameter)", "summary", "df-generated"]
- ["ILLink.Shared.TrimAnalysis", "FlowAnnotations", "GetMethodReturnValueAnnotation", "(Microsoft.CodeAnalysis.IMethodSymbol)", "summary", "df-generated"]
- ["ILLink.Shared.TrimAnalysis", "FlowAnnotations", "GetReturnParameterAnnotation", "(Mono.Cecil.MethodDefinition)", "summary", "df-generated"]
- ["ILLink.Shared.TrimAnalysis", "FlowAnnotations", "GetReturnParameterAnnotation", "(Mono.Cecil.MethodReference)", "summary", "df-generated"]
- ["ILLink.Shared.TrimAnalysis", "FlowAnnotations", "GetTypeAnnotation", "(Microsoft.CodeAnalysis.ITypeSymbol)", "summary", "df-generated"]
- ["ILLink.Shared.TrimAnalysis", "FlowAnnotations", "GetTypeAnnotation", "(Mono.Cecil.TypeDefinition)", "summary", "df-generated"]
- ["ILLink.Shared.TrimAnalysis", "FlowAnnotations", "IsTypeInterestingForDataflow", "(Mono.Cecil.TypeReference)", "summary", "df-generated"]
- ["ILLink.Shared.TrimAnalysis", "FlowAnnotations", "RequiresDataFlowAnalysis", "(Microsoft.CodeAnalysis.IMethodSymbol)", "summary", "df-generated"]
- ["ILLink.Shared.TrimAnalysis", "FlowAnnotations", "RequiresDataFlowAnalysis", "(Mono.Cecil.FieldDefinition)", "summary", "df-generated"]
- ["ILLink.Shared.TrimAnalysis", "FlowAnnotations", "RequiresDataFlowAnalysis", "(Mono.Cecil.MethodDefinition)", "summary", "df-generated"]
- ["ILLink.Shared.TrimAnalysis", "FlowAnnotations", "RequiresDataFlowAnalysis", "(Mono.Cecil.MethodReference)", "summary", "df-generated"]
- ["ILLink.Shared.TrimAnalysis", "FlowAnnotations", "RequiresGenericArgumentDataFlowAnalysis", "(Mono.Cecil.GenericParameter)", "summary", "df-generated"]
- ["ILLink.Shared.TrimAnalysis", "FlowAnnotations", "RequiresVirtualMethodDataFlowAnalysis", "(Mono.Cecil.MethodDefinition)", "summary", "df-generated"]
- ["ILLink.Shared.TrimAnalysis", "FlowAnnotations", "ShouldWarnWhenAccessedForReflection", "(Mono.Cecil.FieldDefinition)", "summary", "df-generated"]
- ["ILLink.Shared.TrimAnalysis", "FlowAnnotations", "ShouldWarnWhenAccessedForReflection", "(Mono.Cecil.IMemberDefinition)", "summary", "df-generated"]
- ["ILLink.Shared.TrimAnalysis", "FlowAnnotations", "ShouldWarnWhenAccessedForReflection", "(Mono.Cecil.MethodDefinition)", "summary", "df-generated"]
- ["ILLink.Shared.TrimAnalysis", "FlowAnnotations", "get_Instance", "()", "summary", "df-generated"]
- ["ILLink.Shared.TrimAnalysis", "LocalVariableReferenceValue", "LocalVariableReferenceValue", "(Mono.Cecil.Cil.VariableDefinition)", "summary", "df-generated"]
- ["ILLink.Shared.TrimAnalysis", "LocalVariableReferenceValue", "get_EqualityContract", "()", "summary", "df-generated"]
- ["ILLink.Shared.TrimAnalysis", "LocalVariableReferenceValue", "op_Equality", "(ILLink.Shared.TrimAnalysis.LocalVariableReferenceValue,ILLink.Shared.TrimAnalysis.LocalVariableReferenceValue)", "summary", "df-generated"]
- ["ILLink.Shared.TrimAnalysis", "LocalVariableReferenceValue", "op_Inequality", "(ILLink.Shared.TrimAnalysis.LocalVariableReferenceValue,ILLink.Shared.TrimAnalysis.LocalVariableReferenceValue)", "summary", "df-generated"]
- ["ILLink.Shared.TrimAnalysis", "ReferenceValue", "ReferenceValue", "(Mono.Cecil.TypeReference)", "summary", "df-generated"]
- ["ILLink.Shared.TrimAnalysis", "ReferenceValue", "get_EqualityContract", "()", "summary", "df-generated"]
- ["ILLink.Shared.TrimAnalysis", "ReferenceValue", "op_Equality", "(ILLink.Shared.TrimAnalysis.ReferenceValue,ILLink.Shared.TrimAnalysis.ReferenceValue)", "summary", "df-generated"]
- ["ILLink.Shared.TrimAnalysis", "ReferenceValue", "op_Inequality", "(ILLink.Shared.TrimAnalysis.ReferenceValue,ILLink.Shared.TrimAnalysis.ReferenceValue)", "summary", "df-generated"]

2
csharp/ql/lib/ext/generated/Internal.IL.Stubs.model.yml
View File

@@ -70,3 +70,5 @@ extensions:
- ["Internal.IL.Stubs", "PInvokeTargetNativeMethod", "get_IsNoInlining", "()", "summary", "df-generated"]
- ["Internal.IL.Stubs", "PInvokeTargetNativeMethod", "get_IsPInvoke", "()", "summary", "df-generated"]
- ["Internal.IL.Stubs", "PInvokeTargetNativeMethod", "get_Prefix", "()", "summary", "df-generated"]
- ["Internal.IL.Stubs", "SpecializableILStubMethod", "EmitIL", "(Internal.TypeSystem.MethodDesc)", "summary", "df-generated"]
- ["Internal.IL.Stubs", "SpecializableILStubMethod", "HasCustomAttribute", "(System.String,System.String)", "summary", "df-generated"]

4
csharp/ql/lib/ext/generated/Internal.TypeSystem.Ecma.model.yml
View File

@@ -124,7 +124,6 @@ extensions:
- ["Internal.TypeSystem.Ecma", "EcmaMethod", "get_RequireSecObject", "()", "summary", "df-generated"]
- ["Internal.TypeSystem.Ecma", "EcmaModule", "CompareTo", "(Internal.TypeSystem.Ecma.EcmaModule)", "summary", "df-generated"]
- ["Internal.TypeSystem.Ecma", "EcmaModule", "CompareTo", "(Internal.TypeSystem.Ecma.IEcmaModule)", "summary", "df-generated"]
- ["Internal.TypeSystem.Ecma", "EcmaModule", "GetContentTypeFromAssemblyFlags", "(System.Reflection.AssemblyFlags)", "summary", "df-generated"]
- ["Internal.TypeSystem.Ecma", "EcmaModule", "GetUserString", "(System.Reflection.Metadata.UserStringHandle)", "summary", "df-generated"]
- ["Internal.TypeSystem.Ecma", "EcmaModule", "get_IsPlatformNeutral", "()", "summary", "df-generated"]
- ["Internal.TypeSystem.Ecma", "EcmaModule", "get_ModuleTypeSort", "()", "summary", "df-generated"]
@@ -185,15 +184,18 @@ extensions:
- ["Internal.TypeSystem.Ecma", "PdbSymbolReader", "Dispose", "()", "summary", "df-generated"]
- ["Internal.TypeSystem.Ecma", "PdbSymbolReader", "GetLocalVariableNamesForMethod", "(System.Int32)", "summary", "df-generated"]
- ["Internal.TypeSystem.Ecma", "PdbSymbolReader", "GetSequencePointsForMethod", "(System.Int32)", "summary", "df-generated"]
- ["Internal.TypeSystem.Ecma", "PdbSymbolReader", "GetSourceLinkData", "()", "summary", "df-generated"]
- ["Internal.TypeSystem.Ecma", "PdbSymbolReader", "GetStateMachineKickoffMethod", "(System.Int32)", "summary", "df-generated"]
- ["Internal.TypeSystem.Ecma", "PortablePdbSymbolReader", "Dispose", "()", "summary", "df-generated"]
- ["Internal.TypeSystem.Ecma", "PortablePdbSymbolReader", "GetLocalVariableNamesForMethod", "(System.Int32)", "summary", "df-generated"]
- ["Internal.TypeSystem.Ecma", "PortablePdbSymbolReader", "GetSequencePointsForMethod", "(System.Int32)", "summary", "df-generated"]
- ["Internal.TypeSystem.Ecma", "PortablePdbSymbolReader", "GetSourceLinkData", "()", "summary", "df-generated"]
- ["Internal.TypeSystem.Ecma", "PortablePdbSymbolReader", "GetStateMachineKickoffMethod", "(System.Int32)", "summary", "df-generated"]
- ["Internal.TypeSystem.Ecma", "PortablePdbSymbolReader", "TryOpen", "(System.String,System.Reflection.Metadata.MetadataStringDecoder,System.Reflection.Metadata.BlobContentId)", "summary", "df-generated"]
- ["Internal.TypeSystem.Ecma", "PortablePdbSymbolReader", "TryOpenEmbedded", "(System.Reflection.PortableExecutable.PEReader,System.Reflection.Metadata.MetadataStringDecoder)", "summary", "df-generated"]
- ["Internal.TypeSystem.Ecma", "UnmanagedPdbSymbolReader", "Dispose", "()", "summary", "df-generated"]
- ["Internal.TypeSystem.Ecma", "UnmanagedPdbSymbolReader", "GetLocalVariableNamesForMethod", "(System.Int32)", "summary", "df-generated"]
- ["Internal.TypeSystem.Ecma", "UnmanagedPdbSymbolReader", "GetSequencePointsForMethod", "(System.Int32)", "summary", "df-generated"]
- ["Internal.TypeSystem.Ecma", "UnmanagedPdbSymbolReader", "GetSourceLinkData", "()", "summary", "df-generated"]
- ["Internal.TypeSystem.Ecma", "UnmanagedPdbSymbolReader", "GetStateMachineKickoffMethod", "(System.Int32)", "summary", "df-generated"]
- ["Internal.TypeSystem.Ecma", "UnmanagedPdbSymbolReader", "TryOpenSymbolReaderForMetadataFile", "(System.String,System.String)", "summary", "df-generated"]

65
csharp/ql/lib/ext/generated/Internal.TypeSystem.model.yml
View File

@@ -23,6 +23,8 @@ extensions:
- ["Internal.TypeSystem", "CustomAttributeTypeNameFormatter", False, "AppendNameForNestedType", "(System.Text.StringBuilder,Internal.TypeSystem.DefType,Internal.TypeSystem.DefType,System.Boolean)", "", "Argument[2]", "Argument[0]", "taint", "df-generated"]
- ["Internal.TypeSystem", "CustomAttributeTypeNameFormatter", False, "AppendNameForNestedType", "(System.Text.StringBuilder,Internal.TypeSystem.DefType,Internal.TypeSystem.DefType,System.Boolean)", "", "Argument[2]", "ReturnValue", "taint", "df-generated"]
- ["Internal.TypeSystem", "CustomAttributeTypeNameFormatter", False, "CustomAttributeTypeNameFormatter", "(Internal.TypeSystem.IAssemblyDesc)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["Internal.TypeSystem", "CustomAttributeTypeNameParser", False, "GetTypeByCustomAttributeTypeName", "(Internal.TypeSystem.ModuleDesc,System.String,System.Boolean,System.Func<Internal.TypeSystem.ModuleDesc,System.String,Internal.TypeSystem.MetadataType>)", "", "Argument[3].ReturnValue", "ReturnValue", "value", "dfc-generated"]
- ["Internal.TypeSystem", "CustomAttributeTypeNameParser", False, "GetTypeByCustomAttributeTypeNameForDataFlow", "(System.String,Internal.TypeSystem.ModuleDesc,Internal.TypeSystem.TypeSystemContext,System.Collections.Generic.List<Internal.TypeSystem.ModuleDesc>,System.Boolean,System.Boolean)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"]
- ["Internal.TypeSystem", "DebugNameFormatter", True, "AppendName", "(System.Text.StringBuilder,Internal.TypeSystem.ArrayType,Internal.TypeSystem.DebugNameFormatter+FormatOptions)", "", "Argument[1].Property[Internal.TypeSystem.ArrayType.ElementType].Property[Internal.TypeSystem.GenericParameterDesc.DiagnosticName]", "Argument[0]", "taint", "dfc-generated"]
- ["Internal.TypeSystem", "DebugNameFormatter", True, "AppendName", "(System.Text.StringBuilder,Internal.TypeSystem.ArrayType,Internal.TypeSystem.DebugNameFormatter+FormatOptions)", "", "Argument[1].Property[Internal.TypeSystem.ParameterizedType.ParameterType].Property[Internal.TypeSystem.GenericParameterDesc.DiagnosticName]", "Argument[0]", "taint", "dfc-generated"]
- ["Internal.TypeSystem", "DebugNameFormatter", True, "AppendName", "(System.Text.StringBuilder,Internal.TypeSystem.ByRefType,Internal.TypeSystem.DebugNameFormatter+FormatOptions)", "", "Argument[1].Property[Internal.TypeSystem.ParameterizedType.ParameterType].Property[Internal.TypeSystem.GenericParameterDesc.DiagnosticName]", "Argument[0]", "taint", "dfc-generated"]
@@ -58,10 +60,17 @@ extensions:
- ["Internal.TypeSystem", "FieldDesc", True, "get_Name", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["Internal.TypeSystem", "FieldDesc", True, "get_OwningType", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["Internal.TypeSystem", "FieldLayoutAlgorithm", True, "ComputeInstanceLayout", "(Internal.TypeSystem.DefType,Internal.TypeSystem.InstanceLayoutKind)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["Internal.TypeSystem", "FieldLayoutIntervalCalculator<TIntervalTag>+FieldLayoutInterval", False, "FieldLayoutInterval", "(System.Int32,System.Int32,TIntervalTag)", "", "Argument[2]", "Argument[this].Field[Internal.TypeSystem.FieldLayoutIntervalCalculator`1+FieldLayoutInterval.Tag]", "value", "dfc-generated"]
- ["Internal.TypeSystem", "FieldLayoutIntervalCalculator<TIntervalTag>", False, "get_Intervals", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["Internal.TypeSystem", "FunctionPointerType", False, "get_Signature", "()", "", "Argument[this].SyntheticField[Internal.TypeSystem.FunctionPointerType._signature]", "ReturnValue", "value", "dfc-generated"]
- ["Internal.TypeSystem", "GenericParameterDesc", True, "get_AssociatedTypeOrMethod", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["Internal.TypeSystem", "IAssemblyDesc", True, "GetName", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["Internal.TypeSystem", "IModuleResolver", True, "ResolveAssembly", "(System.Reflection.AssemblyName,System.Boolean)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["Internal.TypeSystem", "IModuleResolver", True, "ResolveAssembly", "(System.Reflection.Metadata.AssemblyNameInfo,System.Boolean)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["Internal.TypeSystem", "ImpliedRepeatedFieldDesc", False, "ImpliedRepeatedFieldDesc", "(Internal.TypeSystem.DefType,Internal.TypeSystem.FieldDesc,System.Int32)", "", "Argument[0]", "Argument[this].Property[Internal.TypeSystem.ImpliedRepeatedFieldDesc.OwningType]", "value", "dfc-generated"]
- ["Internal.TypeSystem", "ImpliedRepeatedFieldDesc", False, "ImpliedRepeatedFieldDesc", "(Internal.TypeSystem.DefType,Internal.TypeSystem.FieldDesc,System.Int32)", "", "Argument[1]", "Argument[this].SyntheticField[Internal.TypeSystem.ImpliedRepeatedFieldDesc._underlyingFieldDesc]", "value", "dfc-generated"]
- ["Internal.TypeSystem", "ImpliedRepeatedFieldDesc", False, "get_Context", "()", "", "Argument[this].SyntheticField[Internal.TypeSystem.ImpliedRepeatedFieldDesc._underlyingFieldDesc].Property[Internal.TypeSystem.TypeSystemEntity.Context]", "ReturnValue", "value", "dfc-generated"]
- ["Internal.TypeSystem", "ImpliedRepeatedFieldDesc", False, "get_FieldType", "()", "", "Argument[this].SyntheticField[Internal.TypeSystem.ImpliedRepeatedFieldDesc._underlyingFieldDesc].Property[Internal.TypeSystem.FieldDesc.FieldType]", "ReturnValue", "value", "dfc-generated"]
- ["Internal.TypeSystem", "ImpliedRepeatedFieldDesc", False, "get_Name", "()", "", "Argument[this].SyntheticField[Internal.TypeSystem.ImpliedRepeatedFieldDesc._underlyingFieldDesc].Property[Internal.TypeSystem.FieldDesc.Name]", "ReturnValue", "taint", "dfc-generated"]
- ["Internal.TypeSystem", "InstantiatedType", False, "InstantiateTypeArray<T>", "(T[],Internal.TypeSystem.Instantiation,Internal.TypeSystem.Instantiation)", "", "Argument[0].Element", "ReturnValue.Element", "value", "dfc-generated"]
- ["Internal.TypeSystem", "InstantiatedType", False, "InstantiateTypeArray<T>", "(T[],Internal.TypeSystem.Instantiation,Internal.TypeSystem.Instantiation)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"]
- ["Internal.TypeSystem", "InstantiatedType", False, "InstantiateTypeArray<T>", "(T[],Internal.TypeSystem.Instantiation,Internal.TypeSystem.Instantiation)", "", "Argument[1].SyntheticField[Internal.TypeSystem.Instantiation._genericParameters].Element", "ReturnValue.Element", "value", "dfc-generated"]
@@ -272,6 +281,13 @@ extensions:
- ["Internal.TypeSystem", "TypeSystemHelpers", False, "ResolveVariantInterfaceMethodToDefaultImplementationOnType", "(Internal.TypeSystem.TypeDesc,Internal.TypeSystem.MethodDesc,Internal.TypeSystem.MethodDesc)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["Internal.TypeSystem", "TypeSystemHelpers", False, "ResolveVariantInterfaceMethodToDefaultImplementationOnType", "(Internal.TypeSystem.TypeDesc,Internal.TypeSystem.MethodDesc,Internal.TypeSystem.MethodDesc)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"]
- ["Internal.TypeSystem", "TypeSystemHelpers", False, "ResolveVariantInterfaceMethodToVirtualMethodOnType", "(Internal.TypeSystem.TypeDesc,Internal.TypeSystem.MethodDesc)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["Internal.TypeSystem", "TypeWithRepeatedFields", False, "TypeWithRepeatedFields", "(Internal.TypeSystem.MetadataType)", "", "Argument[0]", "Argument[this].SyntheticField[Internal.TypeSystem.TypeWithRepeatedFields.MetadataType]", "value", "dfc-generated"]
- ["Internal.TypeSystem", "TypeWithRepeatedFields", False, "get_ContainingType", "()", "", "Argument[this].SyntheticField[Internal.TypeSystem.TypeWithRepeatedFields.MetadataType].Property[Internal.TypeSystem.MetadataType.ContainingType]", "ReturnValue", "value", "dfc-generated"]
- ["Internal.TypeSystem", "TypeWithRepeatedFields", False, "get_Context", "()", "", "Argument[this].SyntheticField[Internal.TypeSystem.TypeWithRepeatedFields.MetadataType].Property[Internal.TypeSystem.TypeSystemEntity.Context]", "ReturnValue", "value", "dfc-generated"]
- ["Internal.TypeSystem", "TypeWithRepeatedFields", False, "get_Module", "()", "", "Argument[this].SyntheticField[Internal.TypeSystem.TypeWithRepeatedFields.MetadataType].Property[Internal.TypeSystem.MetadataType.Module]", "ReturnValue", "value", "dfc-generated"]
- ["Internal.TypeSystem", "TypeWithRepeatedFields", False, "get_Name", "()", "", "Argument[this].SyntheticField[Internal.TypeSystem.TypeWithRepeatedFields.MetadataType].Property[Internal.TypeSystem.MetadataType.Name]", "ReturnValue", "value", "dfc-generated"]
- ["Internal.TypeSystem", "TypeWithRepeatedFields", False, "get_Namespace", "()", "", "Argument[this].SyntheticField[Internal.TypeSystem.TypeWithRepeatedFields.MetadataType].Property[Internal.TypeSystem.MetadataType.Namespace]", "ReturnValue", "value", "dfc-generated"]
- ["Internal.TypeSystem", "TypeWithRepeatedFieldsFieldLayoutAlgorithm", False, "TypeWithRepeatedFieldsFieldLayoutAlgorithm", "(Internal.TypeSystem.FieldLayoutAlgorithm)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["Internal.TypeSystem", "VirtualMethodAlgorithm", True, "ComputeAllVirtualSlots", "(Internal.TypeSystem.TypeDesc)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
- ["Internal.TypeSystem", "VirtualMethodAlgorithm", True, "FindVirtualFunctionTargetMethodOnObjectType", "(Internal.TypeSystem.MethodDesc,Internal.TypeSystem.TypeDesc)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"]
- ["Internal.TypeSystem", "VirtualMethodAlgorithm", True, "ResolveInterfaceMethodToDefaultImplementationOnType", "(Internal.TypeSystem.MethodDesc,Internal.TypeSystem.TypeDesc,Internal.TypeSystem.MethodDesc)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"]
@@ -332,7 +348,6 @@ extensions:
- ["Internal.TypeSystem", "CustomAttributeTypeNameFormatter", "AppendName", "(System.Text.StringBuilder,Internal.TypeSystem.SignatureMethodVariable,System.Boolean)", "summary", "df-generated"]
- ["Internal.TypeSystem", "CustomAttributeTypeNameFormatter", "AppendName", "(System.Text.StringBuilder,Internal.TypeSystem.SignatureTypeVariable,System.Boolean)", "summary", "df-generated"]
- ["Internal.TypeSystem", "CustomAttributeTypeNameFormatter", "AppendNameForInstantiatedType", "(System.Text.StringBuilder,Internal.TypeSystem.DefType,System.Boolean)", "summary", "df-generated"]
- ["Internal.TypeSystem", "CustomAttributeTypeNameParser", "GetTypeByCustomAttributeTypeName", "(Internal.TypeSystem.ModuleDesc,System.String,System.Boolean,System.Func<Internal.TypeSystem.ModuleDesc,System.String,Internal.TypeSystem.MetadataType>)", "summary", "df-generated"]
- ["Internal.TypeSystem", "DebugNameFormatter+Void", "get_Value", "()", "summary", "df-generated"]
- ["Internal.TypeSystem", "DebugNameFormatter", "AppendName", "(System.Text.StringBuilder,Internal.TypeSystem.SignatureMethodVariable,Internal.TypeSystem.DebugNameFormatter+FormatOptions)", "summary", "df-generated"]
- ["Internal.TypeSystem", "DebugNameFormatter", "AppendName", "(System.Text.StringBuilder,Internal.TypeSystem.SignatureTypeVariable,Internal.TypeSystem.DebugNameFormatter+FormatOptions)", "summary", "df-generated"]
@@ -400,6 +415,17 @@ extensions:
- ["Internal.TypeSystem", "FieldLayoutAlgorithm", "ComputeIsUnsafeValueType", "(Internal.TypeSystem.DefType)", "summary", "df-generated"]
- ["Internal.TypeSystem", "FieldLayoutAlgorithm", "ComputeStaticFieldLayout", "(Internal.TypeSystem.DefType,Internal.TypeSystem.StaticLayoutKind)", "summary", "df-generated"]
- ["Internal.TypeSystem", "FieldLayoutAlgorithm", "ComputeValueTypeShapeCharacteristics", "(Internal.TypeSystem.DefType)", "summary", "df-generated"]
- ["Internal.TypeSystem", "FieldLayoutIntervalCalculator<TIntervalTag>+FieldLayoutInterval", "CompareTo", "(Internal.TypeSystem.FieldLayoutIntervalCalculator<TIntervalTag>+FieldLayoutInterval)", "summary", "df-generated"]
- ["Internal.TypeSystem", "FieldLayoutIntervalCalculator<TIntervalTag>", "AddFields", "(Internal.TypeSystem.TypeDesc,System.Boolean)", "summary", "df-generated"]
- ["Internal.TypeSystem", "FieldLayoutIntervalCalculator<TIntervalTag>", "AddToFieldLayout", "(System.Int32,Internal.TypeSystem.TypeDesc)", "summary", "df-generated"]
- ["Internal.TypeSystem", "FieldLayoutIntervalCalculator<TIntervalTag>", "AddToFieldLayout", "(System.Int32,Internal.TypeSystem.TypeDesc,System.Boolean)", "summary", "df-generated"]
- ["Internal.TypeSystem", "FieldLayoutIntervalCalculator<TIntervalTag>", "CombineIntervals", "(Internal.TypeSystem.FieldLayoutIntervalCalculator<TIntervalTag>+FieldLayoutInterval,Internal.TypeSystem.FieldLayoutIntervalCalculator<TIntervalTag>+FieldLayoutInterval)", "summary", "df-generated"]
- ["Internal.TypeSystem", "FieldLayoutIntervalCalculator<TIntervalTag>", "FieldLayoutIntervalCalculator", "(System.Int32)", "summary", "df-generated"]
- ["Internal.TypeSystem", "FieldLayoutIntervalCalculator<TIntervalTag>", "GetIntervalDataForType", "(System.Int32,Internal.TypeSystem.TypeDesc)", "summary", "df-generated"]
- ["Internal.TypeSystem", "FieldLayoutIntervalCalculator<TIntervalTag>", "IntervalsHaveCompatibleTags", "(TIntervalTag,TIntervalTag)", "summary", "df-generated"]
- ["Internal.TypeSystem", "FieldLayoutIntervalCalculator<TIntervalTag>", "NeedsRecursiveLayout", "(System.Int32,Internal.TypeSystem.TypeDesc)", "summary", "df-generated"]
- ["Internal.TypeSystem", "FieldLayoutIntervalCalculator<TIntervalTag>", "get_EmptyIntervalData", "()", "summary", "df-generated"]
- ["Internal.TypeSystem", "FieldLayoutIntervalCalculator<TIntervalTag>", "get_PointerSize", "()", "summary", "df-generated"]
- ["Internal.TypeSystem", "FunctionPointerType", "CompareToImpl", "(Internal.TypeSystem.TypeDesc,Internal.TypeSystem.TypeSystemComparer)", "summary", "df-generated"]
- ["Internal.TypeSystem", "FunctionPointerType", "ComputeTypeFlags", "(Internal.TypeSystem.TypeFlags)", "summary", "df-generated"]
- ["Internal.TypeSystem", "FunctionPointerType", "GetHashCode", "()", "summary", "df-generated"]
@@ -433,7 +459,7 @@ extensions:
- ["Internal.TypeSystem", "GenericParameterDesc", "IsCanonicalSubtype", "(Internal.TypeSystem.CanonicalFormKind)", "summary", "df-generated"]
- ["Internal.TypeSystem", "GenericParameterDesc", "get_Constraints", "()", "summary", "df-generated"]
- ["Internal.TypeSystem", "GenericParameterDesc", "get_DiagnosticName", "()", "summary", "df-generated"]
- ["Internal.TypeSystem", "GenericParameterDesc", "get_HasAcceptByRefLikeConstraint", "()", "summary", "df-generated"]
- ["Internal.TypeSystem", "GenericParameterDesc", "get_HasAllowByRefLikeConstraint", "()", "summary", "df-generated"]
- ["Internal.TypeSystem", "GenericParameterDesc", "get_HasDefaultConstructorConstraint", "()", "summary", "df-generated"]
- ["Internal.TypeSystem", "GenericParameterDesc", "get_HasNotNullableValueTypeConstraint", "()", "summary", "df-generated"]
- ["Internal.TypeSystem", "GenericParameterDesc", "get_HasReferenceTypeConstraint", "()", "summary", "df-generated"]
@@ -452,6 +478,17 @@ extensions:
- ["Internal.TypeSystem", "IPrefixMangledSignature", "get_Prefix", "()", "summary", "df-generated"]
- ["Internal.TypeSystem", "IPrefixMangledType", "get_BaseType", "()", "summary", "df-generated"]
- ["Internal.TypeSystem", "IPrefixMangledType", "get_Prefix", "()", "summary", "df-generated"]
- ["Internal.TypeSystem", "ImpliedRepeatedFieldDesc", "CompareToImpl", "(Internal.TypeSystem.FieldDesc,Internal.TypeSystem.TypeSystemComparer)", "summary", "df-generated"]
- ["Internal.TypeSystem", "ImpliedRepeatedFieldDesc", "GetMarshalAsDescriptor", "()", "summary", "df-generated"]
- ["Internal.TypeSystem", "ImpliedRepeatedFieldDesc", "HasCustomAttribute", "(System.String,System.String)", "summary", "df-generated"]
- ["Internal.TypeSystem", "ImpliedRepeatedFieldDesc", "get_ClassCode", "()", "summary", "df-generated"]
- ["Internal.TypeSystem", "ImpliedRepeatedFieldDesc", "get_FieldIndex", "()", "summary", "df-generated"]
- ["Internal.TypeSystem", "ImpliedRepeatedFieldDesc", "get_HasEmbeddedSignatureData", "()", "summary", "df-generated"]
- ["Internal.TypeSystem", "ImpliedRepeatedFieldDesc", "get_HasRva", "()", "summary", "df-generated"]
- ["Internal.TypeSystem", "ImpliedRepeatedFieldDesc", "get_IsInitOnly", "()", "summary", "df-generated"]
- ["Internal.TypeSystem", "ImpliedRepeatedFieldDesc", "get_IsLiteral", "()", "summary", "df-generated"]
- ["Internal.TypeSystem", "ImpliedRepeatedFieldDesc", "get_IsStatic", "()", "summary", "df-generated"]
- ["Internal.TypeSystem", "ImpliedRepeatedFieldDesc", "get_IsThreadStatic", "()", "summary", "df-generated"]
- ["Internal.TypeSystem", "InstantiatedMethod", "CompareToImpl", "(Internal.TypeSystem.MethodDesc,Internal.TypeSystem.TypeSystemComparer)", "summary", "df-generated"]
- ["Internal.TypeSystem", "InstantiatedMethod", "ComputeHashCode", "()", "summary", "df-generated"]
- ["Internal.TypeSystem", "InstantiatedMethod", "GetParameterMetadata", "()", "summary", "df-generated"]
@@ -503,6 +540,7 @@ extensions:
- ["Internal.TypeSystem", "Instantiation", "GetHashCode", "()", "summary", "df-generated"]
- ["Internal.TypeSystem", "Instantiation", "get_IsNull", "()", "summary", "df-generated"]
- ["Internal.TypeSystem", "Instantiation", "get_Length", "()", "summary", "df-generated"]
- ["Internal.TypeSystem", "LayoutInt", "AddThrowing", "(Internal.TypeSystem.LayoutInt,Internal.TypeSystem.LayoutInt,Internal.TypeSystem.TypeDesc)", "summary", "df-generated"]
- ["Internal.TypeSystem", "LayoutInt", "Equals", "(System.Object)", "summary", "df-generated"]
- ["Internal.TypeSystem", "LayoutInt", "GetHashCode", "()", "summary", "df-generated"]
- ["Internal.TypeSystem", "LayoutInt", "LayoutInt", "(System.Int32)", "summary", "df-generated"]
@@ -669,6 +707,7 @@ extensions:
- ["Internal.TypeSystem", "MethodSignature", "get_Flags", "()", "summary", "df-generated"]
- ["Internal.TypeSystem", "MethodSignature", "get_GenericParameterCount", "()", "summary", "df-generated"]
- ["Internal.TypeSystem", "MethodSignature", "get_HasEmbeddedSignatureData", "()", "summary", "df-generated"]
- ["Internal.TypeSystem", "MethodSignature", "get_IsExplicitThis", "()", "summary", "df-generated"]
- ["Internal.TypeSystem", "MethodSignature", "get_IsStatic", "()", "summary", "df-generated"]
- ["Internal.TypeSystem", "MethodSignature", "get_Length", "()", "summary", "df-generated"]
- ["Internal.TypeSystem", "MethodSignatureBuilder", "set_Flags", "(Internal.TypeSystem.MethodSignatureFlags)", "summary", "df-generated"]
@@ -743,6 +782,7 @@ extensions:
- ["Internal.TypeSystem", "TargetDetails", "get_OperatingSystem", "()", "summary", "df-generated"]
- ["Internal.TypeSystem", "TargetDetails", "get_OptimumFunctionAlignment", "()", "summary", "df-generated"]
- ["Internal.TypeSystem", "TargetDetails", "get_PointerSize", "()", "summary", "df-generated"]
- ["Internal.TypeSystem", "TargetDetails", "get_SupportsAlign8", "()", "summary", "df-generated"]
- ["Internal.TypeSystem", "TargetDetails", "get_SupportsRelativePointers", "()", "summary", "df-generated"]
- ["Internal.TypeSystem", "ThreadSafeFlags", "AddFlags", "(System.Int32)", "summary", "df-generated"]
- ["Internal.TypeSystem", "ThreadSafeFlags", "HasFlags", "(System.Int32)", "summary", "df-generated"]
@@ -899,6 +939,25 @@ extensions:
- ["Internal.TypeSystem", "TypeSystemHelpers", "RequiresSlotUnification", "(Internal.TypeSystem.MethodDesc)", "summary", "df-generated"]
- ["Internal.TypeSystem", "TypeSystemHelpers", "ResolveInterfaceMethodToStaticVirtualMethodOnType", "(Internal.TypeSystem.TypeDesc,Internal.TypeSystem.MethodDesc)", "summary", "df-generated"]
- ["Internal.TypeSystem", "TypeSystemHelpers", "ResolveVariantInterfaceMethodToStaticVirtualMethodOnType", "(Internal.TypeSystem.TypeDesc,Internal.TypeSystem.MethodDesc)", "summary", "df-generated"]
- ["Internal.TypeSystem", "TypeWithRepeatedFields", "CompareToImpl", "(Internal.TypeSystem.TypeDesc,Internal.TypeSystem.TypeSystemComparer)", "summary", "df-generated"]
- ["Internal.TypeSystem", "TypeWithRepeatedFields", "ComputeTypeFlags", "(Internal.TypeSystem.TypeFlags)", "summary", "df-generated"]
- ["Internal.TypeSystem", "TypeWithRepeatedFields", "FindMethodsImplWithMatchingDeclName", "(System.String)", "summary", "df-generated"]
- ["Internal.TypeSystem", "TypeWithRepeatedFields", "GetClassLayout", "()", "summary", "df-generated"]
- ["Internal.TypeSystem", "TypeWithRepeatedFields", "GetHashCode", "()", "summary", "df-generated"]
- ["Internal.TypeSystem", "TypeWithRepeatedFields", "GetInlineArrayLength", "()", "summary", "df-generated"]
- ["Internal.TypeSystem", "TypeWithRepeatedFields", "GetNestedType", "(System.String)", "summary", "df-generated"]
- ["Internal.TypeSystem", "TypeWithRepeatedFields", "HasCustomAttribute", "(System.String,System.String)", "summary", "df-generated"]
- ["Internal.TypeSystem", "TypeWithRepeatedFields", "get_ClassCode", "()", "summary", "df-generated"]
- ["Internal.TypeSystem", "TypeWithRepeatedFields", "get_IsAbstract", "()", "summary", "df-generated"]
- ["Internal.TypeSystem", "TypeWithRepeatedFields", "get_IsBeforeFieldInit", "()", "summary", "df-generated"]
- ["Internal.TypeSystem", "TypeWithRepeatedFields", "get_IsExplicitLayout", "()", "summary", "df-generated"]
- ["Internal.TypeSystem", "TypeWithRepeatedFields", "get_IsSealed", "()", "summary", "df-generated"]
- ["Internal.TypeSystem", "TypeWithRepeatedFields", "get_IsSequentialLayout", "()", "summary", "df-generated"]
- ["Internal.TypeSystem", "TypeWithRepeatedFields", "get_PInvokeStringFormat", "()", "summary", "df-generated"]
- ["Internal.TypeSystem", "TypeWithRepeatedFieldsFieldLayoutAlgorithm", "ComputeContainsGCPointers", "(Internal.TypeSystem.DefType)", "summary", "df-generated"]
- ["Internal.TypeSystem", "TypeWithRepeatedFieldsFieldLayoutAlgorithm", "ComputeIsUnsafeValueType", "(Internal.TypeSystem.DefType)", "summary", "df-generated"]
- ["Internal.TypeSystem", "TypeWithRepeatedFieldsFieldLayoutAlgorithm", "ComputeStaticFieldLayout", "(Internal.TypeSystem.DefType,Internal.TypeSystem.StaticLayoutKind)", "summary", "df-generated"]
- ["Internal.TypeSystem", "TypeWithRepeatedFieldsFieldLayoutAlgorithm", "ComputeValueTypeShapeCharacteristics", "(Internal.TypeSystem.DefType)", "summary", "df-generated"]
- ["Internal.TypeSystem", "UniversalCanonLayoutAlgorithm", "ComputeContainsGCPointers", "(Internal.TypeSystem.DefType)", "summary", "df-generated"]
- ["Internal.TypeSystem", "UniversalCanonLayoutAlgorithm", "ComputeIsUnsafeValueType", "(Internal.TypeSystem.DefType)", "summary", "df-generated"]
- ["Internal.TypeSystem", "UniversalCanonLayoutAlgorithm", "ComputeStaticFieldLayout", "(Internal.TypeSystem.DefType,Internal.TypeSystem.StaticLayoutKind)", "summary", "df-generated"]

35
csharp/ql/lib/ext/generated/JsonToItemsTaskFactory.model.yml
View File

@@ -1,35 +0,0 @@
# THIS FILE IS AN AUTO-GENERATED MODELS AS DATA FILE. DO NOT EDIT.
extensions:
- addsTo:
pack: codeql/csharp-all
extensible: summaryModel
data:
- ["JsonToItemsTaskFactory", "JsonToItemsTaskFactory+CaseInsensitiveDictionaryConverter", True, "Read", "(System.Text.Json.Utf8JsonReader,System.Type,System.Text.Json.JsonSerializerOptions)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"]
- ["JsonToItemsTaskFactory", "JsonToItemsTaskFactory+JsonModelItem", False, "JsonModelItem", "(System.String,System.Collections.Generic.Dictionary<System.String,System.String>)", "", "Argument[0]", "Argument[this].Property[JsonToItemsTaskFactory.JsonToItemsTaskFactory+JsonModelItem.Identity]", "value", "dfc-generated"]
- ["JsonToItemsTaskFactory", "JsonToItemsTaskFactory+JsonModelItem", False, "JsonModelItem", "(System.String,System.Collections.Generic.Dictionary<System.String,System.String>)", "", "Argument[1]", "Argument[this].Property[JsonToItemsTaskFactory.JsonToItemsTaskFactory+JsonModelItem.Metadata]", "value", "dfc-generated"]
- ["JsonToItemsTaskFactory", "JsonToItemsTaskFactory+JsonModelItemConverter", True, "Read", "(System.Text.Json.Utf8JsonReader,System.Type,System.Text.Json.JsonSerializerOptions)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"]
- ["JsonToItemsTaskFactory", "JsonToItemsTaskFactory+JsonToItemsTask", False, "JsonToItemsTask", "(System.String,System.Boolean)", "", "Argument[0]", "Argument[this].Property[JsonToItemsTaskFactory.JsonToItemsTaskFactory+JsonToItemsTask.TaskName]", "value", "dfc-generated"]
- ["JsonToItemsTaskFactory", "JsonToItemsTaskFactory+JsonToItemsTask", False, "SetPropertyValue", "(Microsoft.Build.Framework.TaskPropertyInfo,System.Object)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["JsonToItemsTaskFactory", "JsonToItemsTaskFactory", False, "CreateTask", "(Microsoft.Build.Framework.IBuildEngine)", "", "Argument[this].SyntheticField[JsonToItemsTaskFactory.JsonToItemsTaskFactory._taskName]", "ReturnValue.Property[JsonToItemsTaskFactory.JsonToItemsTaskFactory+JsonToItemsTask.TaskName]", "value", "dfc-generated"]
- ["JsonToItemsTaskFactory", "JsonToItemsTaskFactory", False, "GetTaskParameters", "()", "", "Argument[this].SyntheticField[JsonToItemsTaskFactory.JsonToItemsTaskFactory._taskProperties]", "ReturnValue", "value", "dfc-generated"]
- ["JsonToItemsTaskFactory", "JsonToItemsTaskFactory", False, "Initialize", "(System.String,System.Collections.Generic.IDictionary<System.String,Microsoft.Build.Framework.TaskPropertyInfo>,System.String,Microsoft.Build.Framework.IBuildEngine)", "", "Argument[0]", "Argument[this].SyntheticField[JsonToItemsTaskFactory.JsonToItemsTaskFactory._taskName]", "value", "dfc-generated"]
- ["JsonToItemsTaskFactory", "JsonToItemsTaskFactory", False, "Initialize", "(System.String,System.Collections.Generic.IDictionary<System.String,Microsoft.Build.Framework.TaskPropertyInfo>,System.String,Microsoft.Build.Framework.IBuildEngine)", "", "Argument[1].Element.Property[System.Collections.Generic.KeyValuePair`2.Value]", "Argument[this].SyntheticField[JsonToItemsTaskFactory.JsonToItemsTaskFactory._taskProperties].Element", "value", "dfc-generated"]
- ["JsonToItemsTaskFactory", "JsonToItemsTaskFactory", False, "Initialize", "(System.String,System.Collections.Generic.IDictionary<System.String,Microsoft.Build.Framework.TaskPropertyInfo>,System.String,Microsoft.Build.Framework.IBuildEngine)", "", "Argument[1].Property[System.Collections.Generic.IDictionary`2.Values].Element", "Argument[this].SyntheticField[JsonToItemsTaskFactory.JsonToItemsTaskFactory._taskProperties].Element", "value", "dfc-generated"]
- addsTo:
pack: codeql/csharp-all
extensible: neutralModel
data:
- ["JsonToItemsTaskFactory", "JsonToItemsTaskFactory+CaseInsensitiveDictionaryConverter", "Write", "(System.Text.Json.Utf8JsonWriter,System.Collections.Generic.Dictionary<System.String,System.String>,System.Text.Json.JsonSerializerOptions)", "summary", "df-generated"]
- ["JsonToItemsTaskFactory", "JsonToItemsTaskFactory+JsonModelItem", "get_Identity", "()", "summary", "df-generated"]
- ["JsonToItemsTaskFactory", "JsonToItemsTaskFactory+JsonModelItem", "get_Metadata", "()", "summary", "df-generated"]
- ["JsonToItemsTaskFactory", "JsonToItemsTaskFactory+JsonModelItemConverter", "Write", "(System.Text.Json.Utf8JsonWriter,JsonToItemsTaskFactory.JsonToItemsTaskFactory+JsonModelItem,System.Text.Json.JsonSerializerOptions)", "summary", "df-generated"]
- ["JsonToItemsTaskFactory", "JsonToItemsTaskFactory+JsonToItemsTask", "ConvertItems", "(JsonToItemsTaskFactory.JsonToItemsTaskFactory+JsonModelItem[])", "summary", "df-generated"]
- ["JsonToItemsTaskFactory", "JsonToItemsTaskFactory+JsonToItemsTask", "Execute", "()", "summary", "df-generated"]
- ["JsonToItemsTaskFactory", "JsonToItemsTaskFactory+JsonToItemsTask", "GetJsonAsync", "(System.String,System.IO.FileStream)", "summary", "df-generated"]
- ["JsonToItemsTaskFactory", "JsonToItemsTaskFactory+JsonToItemsTask", "GetPropertyValue", "(Microsoft.Build.Framework.TaskPropertyInfo)", "summary", "df-generated"]
- ["JsonToItemsTaskFactory", "JsonToItemsTaskFactory+JsonToItemsTask", "TryGetJson", "(System.String,JsonToItemsTaskFactory.JsonToItemsTaskFactory+JsonModelRoot)", "summary", "df-generated"]
- ["JsonToItemsTaskFactory", "JsonToItemsTaskFactory+JsonToItemsTask", "get_JsonOptions", "()", "summary", "df-generated"]
- ["JsonToItemsTaskFactory", "JsonToItemsTaskFactory+JsonToItemsTask", "get_TaskName", "()", "summary", "df-generated"]
- ["JsonToItemsTaskFactory", "JsonToItemsTaskFactory", "CleanupTask", "(Microsoft.Build.Framework.ITask)", "summary", "df-generated"]
- ["JsonToItemsTaskFactory", "JsonToItemsTaskFactory", "get_FactoryName", "()", "summary", "df-generated"]
- ["JsonToItemsTaskFactory", "JsonToItemsTaskFactory", "get_TaskType", "()", "summary", "df-generated"]

30
csharp/ql/lib/ext/generated/Microsoft.Android.Build.Ndk.model.yml
View File

@@ -1,30 +0,0 @@
# THIS FILE IS AN AUTO-GENERATED MODELS AS DATA FILE. DO NOT EDIT.
extensions:
- addsTo:
pack: codeql/csharp-all
extensible: summaryModel
data:
- ["Microsoft.Android.Build.Ndk", "NdkTools", False, "NdkTools", "(System.String,System.String,System.String)", "", "Argument[2]", "Argument[this].SyntheticField[Microsoft.Android.Build.Ndk.NdkTools.clangPath]", "taint", "dfc-generated"]
- ["Microsoft.Android.Build.Ndk", "NdkTools", False, "get_AsPrefixPath", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["Microsoft.Android.Build.Ndk", "NdkTools", False, "get_ClangPath", "()", "", "Argument[this].SyntheticField[Microsoft.Android.Build.Ndk.NdkTools.clangPath]", "ReturnValue", "value", "dfc-generated"]
- ["Microsoft.Android.Build.Ndk", "NdkTools", False, "get_LdName", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["Microsoft.Android.Build.Ndk", "NdkTools", False, "get_LdPath", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["Microsoft.Android.Build.Ndk", "NdkTools", False, "get_ToolPrefixPath", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["Microsoft.Android.Build.Ndk", "NdkVersion", False, "NdkVersion", "(System.String)", "", "Argument[0]", "Argument[this].Property[Microsoft.Android.Build.Ndk.NdkVersion.Tag]", "taint", "dfc-generated"]
- ["Microsoft.Android.Build.Ndk", "NdkVersion", False, "ToString", "()", "", "Argument[this].Property[Microsoft.Android.Build.Ndk.NdkVersion.Main]", "ReturnValue", "taint", "dfc-generated"]
- ["Microsoft.Android.Build.Ndk", "NdkVersion", False, "ToString", "()", "", "Argument[this].Property[Microsoft.Android.Build.Ndk.NdkVersion.Tag]", "ReturnValue", "taint", "dfc-generated"]
- addsTo:
pack: codeql/csharp-all
extensible: sourceModel
data:
- ["Microsoft.Android.Build.Ndk", "Ndk", False, "get_NdkPath", "()", "", "ReturnValue", "environment", "df-generated"]
- addsTo:
pack: codeql/csharp-all
extensible: neutralModel
data:
- ["Microsoft.Android.Build.Ndk", "AndroidArch", "AndroidArch", "(System.String,System.String,System.String)", "summary", "df-generated"]
- ["Microsoft.Android.Build.Ndk", "Ndk", "get_NdkPath", "()", "summary", "df-generated"]
- ["Microsoft.Android.Build.Ndk", "Ndk", "get_NdkVersion", "()", "summary", "df-generated"]
- ["Microsoft.Android.Build.Ndk", "NdkTools", "get_Triple", "()", "summary", "df-generated"]
- ["Microsoft.Android.Build.Ndk", "NdkVersion", "get_Main", "()", "summary", "df-generated"]
- ["Microsoft.Android.Build.Ndk", "NdkVersion", "get_Tag", "()", "summary", "df-generated"]

7
csharp/ql/lib/ext/generated/Microsoft.Android.Build.Tasks.model.yml
View File

@@ -1,7 +0,0 @@
# THIS FILE IS AN AUTO-GENERATED MODELS AS DATA FILE. DO NOT EDIT.
extensions:
- addsTo:
pack: codeql/csharp-all
extensible: summaryModel
data:
- ["Microsoft.Android.Build.Tasks", "NdkToolFinderTask", True, "Execute", "()", "", "Argument[this].Property[Microsoft.Android.Build.Tasks.NdkToolFinderTask.MinApiLevel]", "Argument[this].Property[Microsoft.Android.Build.Tasks.NdkToolFinderTask.ClangPath]", "taint", "dfc-generated"]

23
csharp/ql/lib/ext/generated/Microsoft.Android.Build.model.yml
View File

@@ -1,23 +0,0 @@
# THIS FILE IS AN AUTO-GENERATED MODELS AS DATA FILE. DO NOT EDIT.
extensions:
- addsTo:
pack: codeql/csharp-all
extensible: summaryModel
data:
- ["Microsoft.Android.Build", "AndroidProject", False, "AndroidProject", "(System.String,System.String,System.String,Microsoft.Build.Utilities.TaskLoggingHelper)", "", "Argument[0]", "Argument[this].SyntheticField[Microsoft.Android.Build.AndroidProject.projectName]", "value", "dfc-generated"]
- ["Microsoft.Android.Build", "AndroidProject", False, "BuildCMake", "(System.String,System.Boolean)", "", "Argument[0]", "ReturnValue", "taint", "dfc-generated"]
- ["Microsoft.Android.Build", "AndroidProject", False, "BuildCMake", "(System.String,System.Boolean)", "", "Argument[this].SyntheticField[Microsoft.Android.Build.AndroidProject.projectName]", "ReturnValue", "taint", "dfc-generated"]
- ["Microsoft.Android.Build", "AndroidProject", False, "get_Abi", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- addsTo:
pack: codeql/csharp-all
extensible: neutralModel
data:
- ["Microsoft.Android.Build", "AndroidBuildOptions", "get_CompilerArguments", "()", "summary", "df-generated"]
- ["Microsoft.Android.Build", "AndroidBuildOptions", "get_IncludePaths", "()", "summary", "df-generated"]
- ["Microsoft.Android.Build", "AndroidBuildOptions", "get_LinkerArguments", "()", "summary", "df-generated"]
- ["Microsoft.Android.Build", "AndroidBuildOptions", "get_NativeLibraryPaths", "()", "summary", "df-generated"]
- ["Microsoft.Android.Build", "AndroidBuildOptions", "get_Sources", "()", "summary", "df-generated"]
- ["Microsoft.Android.Build", "AndroidProject", "AndroidProject", "(System.String,System.String,Microsoft.Build.Utilities.TaskLoggingHelper)", "summary", "df-generated"]
- ["Microsoft.Android.Build", "AndroidProject", "Build", "(System.String,Microsoft.Mobile.Build.Clang.ClangBuildOptions,System.Boolean,System.String)", "summary", "df-generated"]
- ["Microsoft.Android.Build", "AndroidProject", "GenerateCMake", "(System.String,System.Boolean)", "summary", "df-generated"]
- ["Microsoft.Android.Build", "AndroidProject", "GenerateCMake", "(System.String,System.String,System.Boolean)", "summary", "df-generated"]

18
csharp/ql/lib/ext/generated/Microsoft.Apple.Build.model.yml
View File

@@ -1,18 +0,0 @@
# THIS FILE IS AN AUTO-GENERATED MODELS AS DATA FILE. DO NOT EDIT.
extensions:
- addsTo:
pack: codeql/csharp-all
extensible: summaryModel
data:
- ["Microsoft.Apple.Build", "AppleProject", False, "AppleProject", "(System.String,System.String,Microsoft.Build.Utilities.TaskLoggingHelper)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["Microsoft.Apple.Build", "AppleProject", False, "AppleProject", "(System.String,System.String,Microsoft.Build.Utilities.TaskLoggingHelper)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"]
- ["Microsoft.Apple.Build", "AppleProject", False, "Build", "(System.String,Microsoft.Mobile.Build.Clang.ClangBuildOptions,System.Boolean)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"]
- ["Microsoft.Apple.Build", "AppleProject", False, "Build", "(System.String,Microsoft.Mobile.Build.Clang.ClangBuildOptions,System.String,System.Boolean)", "", "Argument[2]", "Argument[1].Property[Microsoft.Mobile.Build.Clang.ClangBuildOptions.CompilerArguments].Element", "taint", "dfc-generated"]
- ["Microsoft.Apple.Build", "AppleSdk", False, "AppleSdk", "(System.String,Microsoft.Build.Utilities.TaskLoggingHelper)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
- ["Microsoft.Apple.Build", "AppleSdk", False, "get_DeveloperRoot", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- ["Microsoft.Apple.Build", "AppleSdk", False, "get_SdkRoot", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
- addsTo:
pack: codeql/csharp-all
extensible: neutralModel
data:
- ["Microsoft.Apple.Build", "AppleSdk", "GetPlatformName", "(System.String)", "summary", "df-generated"]

3
csharp/ql/lib/ext/generated/Microsoft.Diagnostics.Tools.Pgo.model.yml
View File

@@ -16,8 +16,6 @@ extensions:
- ["Microsoft.Diagnostics.Tools.Pgo", "Edge", False, "Edge", "(Microsoft.Diagnostics.Tools.Pgo.Node,Microsoft.Diagnostics.Tools.Pgo.Node,System.Int64,System.Int64,System.Int64)", "", "Argument[this].Field[Microsoft.Diagnostics.Tools.Pgo.Edge.Source]", "Argument[this].Field[Microsoft.Diagnostics.Tools.Pgo.Edge.BackEdge].Field[Microsoft.Diagnostics.Tools.Pgo.Edge.Target]", "value", "dfc-generated"]
- ["Microsoft.Diagnostics.Tools.Pgo", "Edge", False, "Edge", "(Microsoft.Diagnostics.Tools.Pgo.Node,Microsoft.Diagnostics.Tools.Pgo.Node,System.Int64,System.Int64,System.Int64)", "", "Argument[this].Field[Microsoft.Diagnostics.Tools.Pgo.Edge.Target]", "Argument[this].Field[Microsoft.Diagnostics.Tools.Pgo.Edge.BackEdge].Field[Microsoft.Diagnostics.Tools.Pgo.Edge.Source]", "value", "dfc-generated"]
- ["Microsoft.Diagnostics.Tools.Pgo", "Edge", False, "Edge", "(Microsoft.Diagnostics.Tools.Pgo.Node,Microsoft.Diagnostics.Tools.Pgo.Node,System.Int64,System.Int64,System.Int64)", "", "Argument[this]", "Argument[this].Field[Microsoft.Diagnostics.Tools.Pgo.Edge.BackEdge].Field[Microsoft.Diagnostics.Tools.Pgo.Edge.BackEdge]", "value", "dfc-generated"]
- ["Microsoft.Diagnostics.Tools.Pgo", "Edge", False, "ToString", "()", "", "Argument[this].Field[Microsoft.Diagnostics.Tools.Pgo.Edge.Source]", "ReturnValue", "taint", "dfc-generated"]
- ["Microsoft.Diagnostics.Tools.Pgo", "Edge", False, "ToString", "()", "", "Argument[this].Field[Microsoft.Diagnostics.Tools.Pgo.Edge.Target]", "ReturnValue", "taint", "dfc-generated"]
- ["Microsoft.Diagnostics.Tools.Pgo", "FlowSmoothing<T>", False, "MapEdges<S>", "(System.Func<System.ValueTuple<T,T>,System.Int64,S>)", "", "Argument[0].ReturnValue", "ReturnValue.Element.Property[System.Collections.Generic.KeyValuePair`2.Value]", "value", "dfc-generated"]
- ["Microsoft.Diagnostics.Tools.Pgo", "FlowSmoothing<T>", False, "MapNodes<S>", "(System.Func<T,System.Int64,S>)", "", "Argument[0].ReturnValue", "ReturnValue.Element.Property[System.Collections.Generic.KeyValuePair`2.Value]", "value", "dfc-generated"]
- ["Microsoft.Diagnostics.Tools.Pgo", "KeyValueMap<TKey,TValue>", False, "KeyValueMap", "(TKey[],TValue[])", "", "Argument[1]", "Argument[this].SyntheticField[Microsoft.Diagnostics.Tools.Pgo.KeyValueMap`2._values]", "value", "dfc-generated"]
@@ -36,6 +34,7 @@ extensions:
- ["Microsoft.Diagnostics.Tools.Pgo", "CirculationGraph", "TotalCirculationCost", "()", "summary", "df-generated"]
- ["Microsoft.Diagnostics.Tools.Pgo", "Edge", "AddFlow", "(System.Int64)", "summary", "df-generated"]
- ["Microsoft.Diagnostics.Tools.Pgo", "Edge", "CheckEdgeConsistency", "()", "summary", "df-generated"]
- ["Microsoft.Diagnostics.Tools.Pgo", "Edge", "ToString", "()", "summary", "df-generated"]
- ["Microsoft.Diagnostics.Tools.Pgo", "FlowSmoothing<T>", "CheckGraphConsistency", "()", "summary", "df-generated"]
- ["Microsoft.Diagnostics.Tools.Pgo", "FlowSmoothing<T>", "FlowSmoothing", "(System.Collections.Generic.Dictionary<T,System.Int64>,T,System.Func<T,System.Collections.Generic.HashSet<T>>,System.Func<T,System.Boolean,System.Int64>)", "summary", "df-generated"]
- ["Microsoft.Diagnostics.Tools.Pgo", "FlowSmoothing<T>", "MakeGraphFeasible", "()", "summary", "df-generated"]

Some files were not shown because too many files have changed in this diff Show More