mirror of
https://github.com/github/codeql.git
synced 2026-04-24 08:15:14 +02:00
Merge branch 'main' into rust/type-inference-tuples
This commit is contained in:
Simon Friis Vindum
@@ -1,7 +1,3 @@
|
||||
## 0.4.13
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 0.4.12
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
@@ -1,3 +0,0 @@
|
||||
## 0.4.13
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.4.13
|
||||
lastReleaseVersion: 0.4.12
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/actions-all
|
||||
version: 0.4.14-dev
|
||||
version: 0.4.13-dev
|
||||
library: true
|
||||
warnOnImplicitThis: true
|
||||
dependencies:
|
||||
|
||||
@@ -1,7 +1,3 @@
|
||||
## 0.6.5
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 0.6.4
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,3 +0,0 @@
|
||||
## 0.6.5
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.6.5
|
||||
lastReleaseVersion: 0.6.4
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/actions-queries
|
||||
version: 0.6.6-dev
|
||||
version: 0.6.5-dev
|
||||
library: false
|
||||
warnOnImplicitThis: true
|
||||
groups: [actions, queries]
|
||||
|
||||
@@ -231,35 +231,10 @@
|
||||
"java/ql/src/experimental/Security/CWE/CWE-400/LocalThreadResourceAbuse.qhelp",
|
||||
"java/ql/src/experimental/Security/CWE/CWE-400/ThreadResourceAbuse.qhelp"
|
||||
],
|
||||
"CryptoAlgorithms Python/JS/Ruby": [
|
||||
"javascript/ql/lib/semmle/javascript/security/CryptoAlgorithms.qll",
|
||||
"python/ql/lib/semmle/python/concepts/CryptoAlgorithms.qll",
|
||||
"ruby/ql/lib/codeql/ruby/security/CryptoAlgorithms.qll",
|
||||
"rust/ql/lib/codeql/rust/security/CryptoAlgorithms.qll"
|
||||
],
|
||||
"CryptoAlgorithmNames Python/JS/Ruby": [
|
||||
"javascript/ql/lib/semmle/javascript/security/internal/CryptoAlgorithmNames.qll",
|
||||
"python/ql/lib/semmle/python/concepts/internal/CryptoAlgorithmNames.qll",
|
||||
"ruby/ql/lib/codeql/ruby/security/internal/CryptoAlgorithmNames.qll",
|
||||
"rust/ql/lib/codeql/rust/security/internal/CryptoAlgorithmNames.qll"
|
||||
],
|
||||
"SensitiveDataHeuristics Python/JS": [
|
||||
"javascript/ql/lib/semmle/javascript/security/internal/SensitiveDataHeuristics.qll",
|
||||
"python/ql/lib/semmle/python/security/internal/SensitiveDataHeuristics.qll",
|
||||
"ruby/ql/lib/codeql/ruby/security/internal/SensitiveDataHeuristics.qll",
|
||||
"swift/ql/lib/codeql/swift/security/internal/SensitiveDataHeuristics.qll",
|
||||
"rust/ql/lib/codeql/rust/security/internal/SensitiveDataHeuristics.qll"
|
||||
],
|
||||
"IncompleteUrlSubstringSanitization": [
|
||||
"javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.qll",
|
||||
"ruby/ql/src/queries/security/cwe-020/IncompleteUrlSubstringSanitization.qll"
|
||||
],
|
||||
"Concepts Python/Ruby/JS": [
|
||||
"python/ql/lib/semmle/python/internal/ConceptsShared.qll",
|
||||
"ruby/ql/lib/codeql/ruby/internal/ConceptsShared.qll",
|
||||
"javascript/ql/lib/semmle/javascript/internal/ConceptsShared.qll",
|
||||
"rust/ql/lib/codeql/rust/internal/ConceptsShared.qll"
|
||||
],
|
||||
"ApiGraphModels": [
|
||||
"javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModels.qll",
|
||||
"ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModels.qll",
|
||||
|
||||
@@ -1,15 +1,3 @@
|
||||
## 5.3.0
|
||||
|
||||
### Deprecated APIs
|
||||
|
||||
* The `UnknownDefaultLocation`, `UnknownExprLocation`, and `UnknownStmtLocation` classes have been deprecated. Use `UnknownLocation` instead.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The analysis of C/C++ code targeting 64-bit Arm platforms has been improved. This includes support for the Arm-specific builtin functions, support for the `arm_neon.h` header and Neon vector types, and support for the `fp8` scalar type. The `arm_sve.h` header and scalable vectors are only partially supported at this point.
|
||||
* Added support for `__fp16 _Complex` and `__bf16 _Complex` types
|
||||
* Added `sql-injection` sink models for the Oracle Call Interface (OCI) database library functions `OCIStmtPrepare` and `OCIStmtPrepare2`.
|
||||
|
||||
## 5.2.0
|
||||
|
||||
### Deprecated APIs
|
||||
|
||||
4
cpp/ql/lib/change-notes/2025-06-20-oracle-oci-models.md
Normal file
4
cpp/ql/lib/change-notes/2025-06-20-oracle-oci-models.md
Normal file
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added `sql-injection` sink models for the Oracle Call Interface (OCI) database library functions `OCIStmtPrepare` and `OCIStmtPrepare2`.
|
||||
4
cpp/ql/lib/change-notes/2025-06-24-arm64.md
Normal file
4
cpp/ql/lib/change-notes/2025-06-24-arm64.md
Normal file
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The analysis of C/C++ code targeting 64-bit Arm platforms has been improved. This includes support for the Arm-specific builtin functions, support for the `arm_neon.h` header and Neon vector types, and support for the `fp8` scalar type. The `arm_sve.h` header and scalable vectors are only partially supported at this point.
|
||||
4
cpp/ql/lib/change-notes/2025-06-24-float16.md
Normal file
4
cpp/ql/lib/change-notes/2025-06-24-float16.md
Normal file
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added support for `__fp16 _Complex` and `__bf16 _Complex` types
|
||||
4
cpp/ql/lib/change-notes/2025-06-27-locations.md
Normal file
4
cpp/ql/lib/change-notes/2025-06-27-locations.md
Normal file
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: deprecated
|
||||
---
|
||||
* The `UnknownDefaultLocation`, `UnknownExprLocation`, and `UnknownStmtLocation` classes have been deprecated. Use `UnknownLocation` instead.
|
||||
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The `FunctionWithWrappers` library (`semmle.code.cpp.security.FunctionWithWrappers`) no longer considers calls through function pointers as wrapper functions.
|
||||
@@ -1,11 +0,0 @@
|
||||
## 5.3.0
|
||||
|
||||
### Deprecated APIs
|
||||
|
||||
* The `UnknownDefaultLocation`, `UnknownExprLocation`, and `UnknownStmtLocation` classes have been deprecated. Use `UnknownLocation` instead.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The analysis of C/C++ code targeting 64-bit Arm platforms has been improved. This includes support for the Arm-specific builtin functions, support for the `arm_neon.h` header and Neon vector types, and support for the `fp8` scalar type. The `arm_sve.h` header and scalable vectors are only partially supported at this point.
|
||||
* Added support for `__fp16 _Complex` and `__bf16 _Complex` types
|
||||
* Added `sql-injection` sink models for the Oracle Call Interface (OCI) database library functions `OCIStmtPrepare` and `OCIStmtPrepare2`.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 5.3.0
|
||||
lastReleaseVersion: 5.2.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/cpp-all
|
||||
version: 5.3.1-dev
|
||||
version: 5.2.1-dev
|
||||
groups: cpp
|
||||
dbscheme: semmlecode.cpp.dbscheme
|
||||
extractor: cpp
|
||||
|
||||
@@ -153,6 +153,10 @@ private predicate isGlobalDefImpl(
|
||||
GlobalLikeVariable v, IRFunction f, int indirection, int indirectionIndex
|
||||
) {
|
||||
exists(VariableAddressInstruction vai |
|
||||
// The right-hand side of an initialization of a global variable
|
||||
// creates its own `IRFunction`. We don't want flow into that `IRFunction`
|
||||
// since the variable is only initialized once.
|
||||
not vai.getEnclosingFunction() = v and
|
||||
vai.getEnclosingIRFunction() = f and
|
||||
vai.getAstVariable() = v and
|
||||
isUse(_, _, vai, indirection, indirectionIndex) and
|
||||
|
||||
@@ -42,6 +42,7 @@ private newtype TOpcode =
|
||||
TCompareGT() or
|
||||
TCompareLE() or
|
||||
TCompareGE() or
|
||||
TSpaceship() or
|
||||
TPointerAdd() or
|
||||
TPointerSub() or
|
||||
TPointerDiff() or
|
||||
@@ -92,7 +93,9 @@ private newtype TOpcode =
|
||||
TUninitializedGroup() or
|
||||
TInlineAsm() or
|
||||
TUnreached() or
|
||||
TNewObj()
|
||||
TNewObj() or
|
||||
TTypeidExpr() or
|
||||
TTypeidType()
|
||||
|
||||
/**
|
||||
* An opcode that specifies the operation performed by an `Instruction`.
|
||||
@@ -763,6 +766,15 @@ module Opcode {
|
||||
final override string toString() { result = "CompareGE" }
|
||||
}
|
||||
|
||||
/**
|
||||
* The `Opcode` for a `SpaceshipInstruction`.
|
||||
*
|
||||
* See the `SpaceshipInstruction` documentation for more details.
|
||||
*/
|
||||
class Spaceship extends BinaryOpcode, TSpaceship {
|
||||
final override string toString() { result = "Spaceship" }
|
||||
}
|
||||
|
||||
/**
|
||||
* The `Opcode` for a `PointerAddInstruction`.
|
||||
*
|
||||
@@ -1281,4 +1293,29 @@ module Opcode {
|
||||
class NewObj extends Opcode, TNewObj {
|
||||
final override string toString() { result = "NewObj" }
|
||||
}
|
||||
|
||||
/**
|
||||
* The `Opcode` for a `TypeidInstruction`.
|
||||
*
|
||||
* See the `TypeidInstruction` documentation for more details.
|
||||
*/
|
||||
abstract class Typeid extends Opcode { }
|
||||
|
||||
/**
|
||||
* The `Opcode` for a `TypeidExprInstruction`.
|
||||
*
|
||||
* See the `TypeidExprInstruction` documentation for more details.
|
||||
*/
|
||||
class TypeidExpr extends Typeid, UnaryOpcode, TTypeidExpr {
|
||||
final override string toString() { result = "TypeidExpr" }
|
||||
}
|
||||
|
||||
/**
|
||||
* The `Opcode` for a `TypeidTypeInstruction`.
|
||||
*
|
||||
* See the `TypeidTypeInstruction` documentation for more details.
|
||||
*/
|
||||
class TypeidType extends Typeid, TTypeidType {
|
||||
final override string toString() { result = "TypeidType" }
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1604,6 +1604,13 @@ class CompareGEInstruction extends RelationalInstruction {
|
||||
override predicate isStrict() { none() }
|
||||
}
|
||||
|
||||
/**
|
||||
* An instruction that represents a three-way comparison operator.
|
||||
*/
|
||||
class SpaceshipInstruction extends BinaryInstruction {
|
||||
SpaceshipInstruction() { this.getOpcode() instanceof Opcode::Spaceship }
|
||||
}
|
||||
|
||||
/**
|
||||
* An instruction that branches to one of multiple successor instructions based on the value of an
|
||||
* integer operand.
|
||||
@@ -2293,3 +2300,26 @@ class NextVarArgInstruction extends UnaryInstruction {
|
||||
class NewObjInstruction extends Instruction {
|
||||
NewObjInstruction() { this.getOpcode() instanceof Opcode::NewObj }
|
||||
}
|
||||
|
||||
/**
|
||||
* An instruction that returns the type info for its operand.
|
||||
*/
|
||||
class TypeidInstruction extends Instruction {
|
||||
TypeidInstruction() { this.getOpcode() instanceof Opcode::Typeid }
|
||||
}
|
||||
|
||||
/**
|
||||
* An instruction that returns the type info for its operand, where the
|
||||
* operand occurs as an expression in the AST.
|
||||
*/
|
||||
class TypeidExprInstruction extends TypeidInstruction, UnaryInstruction {
|
||||
TypeidExprInstruction() { this.getOpcode() instanceof Opcode::TypeidExpr }
|
||||
}
|
||||
|
||||
/**
|
||||
* An instruction that returns the type info for its operand, where the
|
||||
* operand occurs as a type in the AST.
|
||||
*/
|
||||
class TypeidTypeInstruction extends TypeidInstruction {
|
||||
TypeidTypeInstruction() { this.getOpcode() instanceof Opcode::TypeidType }
|
||||
}
|
||||
|
||||
@@ -1604,6 +1604,13 @@ class CompareGEInstruction extends RelationalInstruction {
|
||||
override predicate isStrict() { none() }
|
||||
}
|
||||
|
||||
/**
|
||||
* An instruction that represents a three-way comparison operator.
|
||||
*/
|
||||
class SpaceshipInstruction extends BinaryInstruction {
|
||||
SpaceshipInstruction() { this.getOpcode() instanceof Opcode::Spaceship }
|
||||
}
|
||||
|
||||
/**
|
||||
* An instruction that branches to one of multiple successor instructions based on the value of an
|
||||
* integer operand.
|
||||
@@ -2293,3 +2300,26 @@ class NextVarArgInstruction extends UnaryInstruction {
|
||||
class NewObjInstruction extends Instruction {
|
||||
NewObjInstruction() { this.getOpcode() instanceof Opcode::NewObj }
|
||||
}
|
||||
|
||||
/**
|
||||
* An instruction that returns the type info for its operand.
|
||||
*/
|
||||
class TypeidInstruction extends Instruction {
|
||||
TypeidInstruction() { this.getOpcode() instanceof Opcode::Typeid }
|
||||
}
|
||||
|
||||
/**
|
||||
* An instruction that returns the type info for its operand, where the
|
||||
* operand occurs as an expression in the AST.
|
||||
*/
|
||||
class TypeidExprInstruction extends TypeidInstruction, UnaryInstruction {
|
||||
TypeidExprInstruction() { this.getOpcode() instanceof Opcode::TypeidExpr }
|
||||
}
|
||||
|
||||
/**
|
||||
* An instruction that returns the type info for its operand, where the
|
||||
* operand occurs as a type in the AST.
|
||||
*/
|
||||
class TypeidTypeInstruction extends TypeidInstruction {
|
||||
TypeidTypeInstruction() { this.getOpcode() instanceof Opcode::TypeidType }
|
||||
}
|
||||
|
||||
@@ -1808,6 +1808,11 @@ private Opcode comparisonOpcode(ComparisonOperation expr) {
|
||||
expr instanceof GEExpr and result instanceof Opcode::CompareGE
|
||||
}
|
||||
|
||||
private Opcode spaceShipOpcode(SpaceshipExpr expr) {
|
||||
exists(expr) and
|
||||
result instanceof Opcode::Spaceship
|
||||
}
|
||||
|
||||
/**
|
||||
* IR translation of a simple binary operation.
|
||||
*/
|
||||
@@ -1867,7 +1872,8 @@ class TranslatedBinaryOperation extends TranslatedSingleInstructionExpr {
|
||||
override Opcode getOpcode() {
|
||||
result = binaryArithmeticOpcode(expr) or
|
||||
result = binaryBitwiseOpcode(expr) or
|
||||
result = comparisonOpcode(expr)
|
||||
result = comparisonOpcode(expr) or
|
||||
result = spaceShipOpcode(expr)
|
||||
}
|
||||
|
||||
override Type getExprType() {
|
||||
@@ -4185,3 +4191,52 @@ class TranslatedAssumeExpr extends TranslatedSingleInstructionExpr {
|
||||
none()
|
||||
}
|
||||
}
|
||||
|
||||
class TranslatedTypeidExpr extends TranslatedSingleInstructionExpr {
|
||||
override TypeidOperator expr;
|
||||
|
||||
final override Opcode getOpcode() {
|
||||
exists(this.getOperand()) and
|
||||
result instanceof Opcode::TypeidExpr
|
||||
or
|
||||
not exists(this.getOperand()) and
|
||||
result instanceof Opcode::TypeidType
|
||||
}
|
||||
|
||||
final override Instruction getFirstInstruction(EdgeKind kind) {
|
||||
result = this.getOperand().getFirstInstruction(kind)
|
||||
or
|
||||
not exists(this.getOperand()) and
|
||||
result = this.getInstruction(OnlyInstructionTag()) and
|
||||
kind instanceof GotoEdge
|
||||
}
|
||||
|
||||
override Instruction getALastInstructionInternal() {
|
||||
result = this.getInstruction(OnlyInstructionTag())
|
||||
}
|
||||
|
||||
final override TranslatedElement getChildInternal(int id) {
|
||||
id = 0 and result = this.getOperand()
|
||||
}
|
||||
|
||||
final override Instruction getInstructionSuccessorInternal(InstructionTag tag, EdgeKind kind) {
|
||||
tag = OnlyInstructionTag() and
|
||||
result = this.getParent().getChildSuccessor(this, kind)
|
||||
}
|
||||
|
||||
final override Instruction getChildSuccessorInternal(TranslatedElement child, EdgeKind kind) {
|
||||
child = this.getOperand() and
|
||||
result = this.getInstruction(OnlyInstructionTag()) and
|
||||
kind instanceof GotoEdge
|
||||
}
|
||||
|
||||
final override Instruction getInstructionRegisterOperand(InstructionTag tag, OperandTag operandTag) {
|
||||
tag = OnlyInstructionTag() and
|
||||
result = this.getOperand().getResult() and
|
||||
operandTag instanceof UnaryOperandTag
|
||||
}
|
||||
|
||||
private TranslatedExpr getOperand() {
|
||||
result = getTranslatedExpr(expr.getExpr().getFullyConverted())
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1604,6 +1604,13 @@ class CompareGEInstruction extends RelationalInstruction {
|
||||
override predicate isStrict() { none() }
|
||||
}
|
||||
|
||||
/**
|
||||
* An instruction that represents a three-way comparison operator.
|
||||
*/
|
||||
class SpaceshipInstruction extends BinaryInstruction {
|
||||
SpaceshipInstruction() { this.getOpcode() instanceof Opcode::Spaceship }
|
||||
}
|
||||
|
||||
/**
|
||||
* An instruction that branches to one of multiple successor instructions based on the value of an
|
||||
* integer operand.
|
||||
@@ -2293,3 +2300,26 @@ class NextVarArgInstruction extends UnaryInstruction {
|
||||
class NewObjInstruction extends Instruction {
|
||||
NewObjInstruction() { this.getOpcode() instanceof Opcode::NewObj }
|
||||
}
|
||||
|
||||
/**
|
||||
* An instruction that returns the type info for its operand.
|
||||
*/
|
||||
class TypeidInstruction extends Instruction {
|
||||
TypeidInstruction() { this.getOpcode() instanceof Opcode::Typeid }
|
||||
}
|
||||
|
||||
/**
|
||||
* An instruction that returns the type info for its operand, where the
|
||||
* operand occurs as an expression in the AST.
|
||||
*/
|
||||
class TypeidExprInstruction extends TypeidInstruction, UnaryInstruction {
|
||||
TypeidExprInstruction() { this.getOpcode() instanceof Opcode::TypeidExpr }
|
||||
}
|
||||
|
||||
/**
|
||||
* An instruction that returns the type info for its operand, where the
|
||||
* operand occurs as a type in the AST.
|
||||
*/
|
||||
class TypeidTypeInstruction extends TypeidInstruction {
|
||||
TypeidTypeInstruction() { this.getOpcode() instanceof Opcode::TypeidType }
|
||||
}
|
||||
|
||||
@@ -17,7 +17,6 @@
|
||||
|
||||
import cpp
|
||||
import PrintfLike
|
||||
private import semmle.code.cpp.ir.dataflow.ResolveCall
|
||||
|
||||
bindingset[index]
|
||||
private string toCause(Function func, int index) {
|
||||
@@ -37,9 +36,9 @@ private predicate wrapperFunctionStep(
|
||||
not target.isVirtual() and
|
||||
not source.isVirtual() and
|
||||
source.hasDefinition() and
|
||||
exists(Call call, Expr arg, Parameter sourceParam |
|
||||
exists(FunctionCall call, Expr arg, Parameter sourceParam |
|
||||
// there is a 'call' to 'target' with argument 'arg' at index 'targetParamIndex'
|
||||
target = resolveCall(call) and
|
||||
target = call.getTarget() and
|
||||
arg = call.getArgument(targetParamIndex) and
|
||||
// 'call' is enclosed in 'source'
|
||||
source = call.getEnclosingFunction() and
|
||||
@@ -154,8 +153,8 @@ abstract class FunctionWithWrappers extends Function {
|
||||
* Whether 'arg' is an argument in a call to an outermost wrapper function of 'this' function.
|
||||
*/
|
||||
predicate outermostWrapperFunctionCall(Expr arg, string callChain) {
|
||||
exists(Function targetFunc, Call call, int argIndex |
|
||||
targetFunc = resolveCall(call) and
|
||||
exists(Function targetFunc, FunctionCall call, int argIndex |
|
||||
targetFunc = call.getTarget() and
|
||||
this.wrapperFunction(targetFunc, argIndex, callChain) and
|
||||
(
|
||||
exists(Function sourceFunc | sourceFunc = call.getEnclosingFunction() |
|
||||
|
||||
@@ -1,12 +1,3 @@
|
||||
## 1.4.4
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added flow models for the Win32 API functions `CreateThread`, `CreateRemoteThread`, and `CreateRemoteThreadEx`.
|
||||
* Added flow models for the GNU C Library.
|
||||
* Fixed a number of false positives and false negatives in `cpp/global-use-before-init`. Note that this query is not part of any of the default query suites.
|
||||
* The query `cpp/sql-injection` now can be extended using the `sql-injection` Models as Data (MaD) sink kind.
|
||||
|
||||
## 1.4.3
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
@@ -49,21 +49,16 @@ need to be part of the class. (A classic example of this is the
|
||||
observes, there are at least two key problems with this approach:
|
||||
|
||||
|
||||
<ul>
|
||||
<li>
|
||||
It may be possible to generalize some of the utility functions beyond the
|
||||
<i>1. It may be possible to generalize some of the utility functions beyond the
|
||||
narrow context of the class in question -- by bundling them with the class,
|
||||
the class author reduces the scope for functionality reuse.
|
||||
</li>
|
||||
|
||||
<li>
|
||||
It's usually impossible for the class author to know every possible
|
||||
2. It's usually impossible for the class author to know every possible
|
||||
operation that the user might want to perform on the class, so the public
|
||||
interface will inherently be incomplete. New utility functions will end up
|
||||
having a different syntax to the privileged public functions in the class,
|
||||
negatively impacting on code consistency.
|
||||
</li>
|
||||
</ul>
|
||||
</i>
|
||||
|
||||
To refactor a class like this, simply move its utility functions elsewhere,
|
||||
paring its public interface down to the bare minimum.
|
||||
|
||||
@@ -46,21 +46,17 @@ need to be part of the class. (A classic example of this is the
|
||||
<code>std::string</code> class in the C++ Standard Library.) As [Sutter]
|
||||
observes, there are at least two key problems with this approach:
|
||||
|
||||
<ul>
|
||||
<li>
|
||||
It may be possible to generalize some of the utility functions beyond the
|
||||
<i>
|
||||
1. It may be possible to generalize some of the utility functions beyond the
|
||||
narrow context of the class in question -- by bundling them with the class,
|
||||
the class author reduces the scope for functionality reuse.
|
||||
</li>
|
||||
|
||||
<li>
|
||||
It's usually impossible for the class author to know every possible
|
||||
2. It's usually impossible for the class author to know every possible
|
||||
operation that the user might want to perform on the class, so the public
|
||||
interface will inherently be incomplete. New utility functions will end up
|
||||
having a different syntax to the privileged public functions in the class,
|
||||
negatively impacting on code consistency.
|
||||
</li>
|
||||
</ul>
|
||||
</i>
|
||||
|
||||
To refactor a class like this, simply move its utility functions elsewhere,
|
||||
paring its public interface down to the bare minimum.
|
||||
|
||||
@@ -23,7 +23,7 @@ predicate isProcessOperationExplanation(DataFlow::Node arg, string processOperat
|
||||
exists(int processOperationArg, FunctionCall call |
|
||||
isProcessOperationArgument(processOperation, processOperationArg) and
|
||||
call.getTarget().getName() = processOperation and
|
||||
call.getArgument(processOperationArg) = [arg.asExpr(), arg.asIndirectExpr()]
|
||||
call.getArgument(processOperationArg) = arg.asIndirectExpr()
|
||||
)
|
||||
}
|
||||
|
||||
|
||||
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The query `cpp/sql-injection` now can be extended using the `sql-injection` Models as Data (MaD) sink kind.
|
||||
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Fixed a number of false positives and false negatives in `cpp/global-use-before-init`. Note that this query is not part of any of the default query suites.
|
||||
4
cpp/ql/src/change-notes/2025-07-04-create-thread.md
Normal file
4
cpp/ql/src/change-notes/2025-07-04-create-thread.md
Normal file
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added flow models for the GNU C Library.
|
||||
4
cpp/ql/src/change-notes/2025-07-12-create-thread.md
Normal file
4
cpp/ql/src/change-notes/2025-07-12-create-thread.md
Normal file
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added flow models for the Win32 API functions `CreateThread`, `CreateRemoteThread`, and `CreateRemoteThreadEx`.
|
||||
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Due to changes in the `FunctionWithWrappers` library (`semmle.code.cpp.security.FunctionWithWrappers`) the primary alert location generated by the queries `cpp/path-injection`, `cpp/sql-injection`, `cpp/tainted-format-string`, and `cpp/command-line-injection` may have changed.
|
||||
@@ -1,8 +0,0 @@
|
||||
## 1.4.4
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added flow models for the Win32 API functions `CreateThread`, `CreateRemoteThread`, and `CreateRemoteThreadEx`.
|
||||
* Added flow models for the GNU C Library.
|
||||
* Fixed a number of false positives and false negatives in `cpp/global-use-before-init`. Note that this query is not part of any of the default query suites.
|
||||
* The query `cpp/sql-injection` now can be extended using the `sql-injection` Models as Data (MaD) sink kind.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.4.4
|
||||
lastReleaseVersion: 1.4.3
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/cpp-queries
|
||||
version: 1.4.5-dev
|
||||
version: 1.4.4-dev
|
||||
groups:
|
||||
- cpp
|
||||
- queries
|
||||
|
||||
@@ -6,9 +6,15 @@ uniqueEnclosingCallable
|
||||
| test.cpp:1126:33:1129:1 | {...} | Node should have one enclosing callable but has 0. |
|
||||
| test.cpp:1127:3:1127:13 | reads_input | Node should have one enclosing callable but has 0. |
|
||||
| test.cpp:1128:3:1128:21 | not_does_read_input | Node should have one enclosing callable but has 0. |
|
||||
| test.cpp:1158:18:1158:21 | call to sink | Node should have one enclosing callable but has 0. |
|
||||
| test.cpp:1158:18:1158:42 | ... , ... | Node should have one enclosing callable but has 0. |
|
||||
| test.cpp:1158:23:1158:31 | recursion | Node should have one enclosing callable but has 0. |
|
||||
| test.cpp:1158:35:1158:40 | call to source | Node should have one enclosing callable but has 0. |
|
||||
uniqueCallEnclosingCallable
|
||||
| test.cpp:864:47:864:54 | call to source | Call should have one enclosing callable but has 0. |
|
||||
| test.cpp:872:46:872:51 | call to source | Call should have one enclosing callable but has 0. |
|
||||
| test.cpp:1158:18:1158:21 | call to sink | Call should have one enclosing callable but has 0. |
|
||||
| test.cpp:1158:35:1158:40 | call to source | Call should have one enclosing callable but has 0. |
|
||||
uniqueType
|
||||
uniqueNodeLocation
|
||||
missingLocation
|
||||
|
||||
@@ -1153,4 +1153,6 @@ namespace conflation_regression {
|
||||
*p = source(0);
|
||||
read_deref_deref(p);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
int recursion = (sink(recursion), source()); // clean
|
||||
@@ -24436,6 +24436,107 @@ ir.cpp:
|
||||
# 2742| Type = [IntType] int
|
||||
# 2742| ValueCategory = prvalue
|
||||
# 2743| getStmt(14): [ReturnStmt] return ...
|
||||
# 2747| [CopyAssignmentOperator] std::strong_ordering& std::strong_ordering::operator=(std::strong_ordering const&)
|
||||
# 2747| <params>:
|
||||
#-----| getParameter(0): [Parameter] (unnamed parameter 0)
|
||||
#-----| Type = [LValueReferenceType] const strong_ordering &
|
||||
# 2747| [MoveAssignmentOperator] std::strong_ordering& std::strong_ordering::operator=(std::strong_ordering&&)
|
||||
# 2747| <params>:
|
||||
#-----| getParameter(0): [Parameter] (unnamed parameter 0)
|
||||
#-----| Type = [RValueReferenceType] strong_ordering &&
|
||||
# 2747| [CopyConstructor] void std::strong_ordering::strong_ordering(std::strong_ordering const&)
|
||||
# 2747| <params>:
|
||||
#-----| getParameter(0): [Parameter] (unnamed parameter 0)
|
||||
#-----| Type = [LValueReferenceType] const strong_ordering &
|
||||
# 2747| [MoveConstructor] void std::strong_ordering::strong_ordering(std::strong_ordering&&)
|
||||
# 2747| <params>:
|
||||
#-----| getParameter(0): [Parameter] (unnamed parameter 0)
|
||||
#-----| Type = [RValueReferenceType] strong_ordering &&
|
||||
# 2747| <initializations>:
|
||||
# 2747| getEntryPoint(): [BlockStmt] { ... }
|
||||
# 2747| getStmt(0): [ReturnStmt] return ...
|
||||
# 2748| [Constructor] void std::strong_ordering::strong_ordering(std::_Order)
|
||||
# 2748| <params>:
|
||||
# 2748| getParameter(0): [Parameter] v
|
||||
# 2748| Type = [ScopedEnum] _Order
|
||||
# 2748| <initializations>:
|
||||
# 2748| getEntryPoint(): [BlockStmt] { ... }
|
||||
# 2748| getStmt(0): [ReturnStmt] return ...
|
||||
# 2763| [CopyAssignmentOperator] ThreeWay& ThreeWay::operator=(ThreeWay const&)
|
||||
# 2763| <params>:
|
||||
#-----| getParameter(0): [Parameter] (unnamed parameter 0)
|
||||
#-----| Type = [LValueReferenceType] const ThreeWay &
|
||||
# 2763| [MoveAssignmentOperator] ThreeWay& ThreeWay::operator=(ThreeWay&&)
|
||||
# 2763| <params>:
|
||||
#-----| getParameter(0): [Parameter] (unnamed parameter 0)
|
||||
#-----| Type = [RValueReferenceType] ThreeWay &&
|
||||
# 2763| [Constructor] void ThreeWay::ThreeWay()
|
||||
# 2763| <params>:
|
||||
# 2766| [MemberFunction] std::strong_ordering ThreeWay::operator<=>(ThreeWay&)
|
||||
# 2766| <params>:
|
||||
# 2766| getParameter(0): [Parameter] y
|
||||
# 2766| Type = [LValueReferenceType] ThreeWay &
|
||||
# 2766| getEntryPoint(): [BlockStmt] { ... }
|
||||
# 2766| getStmt(0): [ReturnStmt] return ...
|
||||
# 2766| getExpr(): [SpaceshipExpr] ... <=> ...
|
||||
# 2766| Type = [Class] strong_ordering
|
||||
# 2766| ValueCategory = prvalue
|
||||
# 2766| getChild(0): [PointerFieldAccess] x
|
||||
# 2766| Type = [IntType] int
|
||||
# 2766| ValueCategory = prvalue(load)
|
||||
# 2766| getQualifier(): [ThisExpr] this
|
||||
# 2766| Type = [PointerType] ThreeWay *
|
||||
# 2766| ValueCategory = prvalue(load)
|
||||
# 2766| getChild(1): [ReferenceFieldAccess] x
|
||||
# 2766| Type = [IntType] int
|
||||
# 2766| ValueCategory = prvalue(load)
|
||||
# 2766| getQualifier(): [VariableAccess] y
|
||||
# 2766| Type = [LValueReferenceType] ThreeWay &
|
||||
# 2766| ValueCategory = prvalue(load)
|
||||
# 2766| getQualifier().getFullyConverted(): [ReferenceDereferenceExpr] (reference dereference)
|
||||
# 2766| Type = [Class] ThreeWay
|
||||
# 2766| ValueCategory = lvalue
|
||||
# 2769| [TopLevelFunction] void test_three_way(int, int, ThreeWay, ThreeWay)
|
||||
# 2769| <params>:
|
||||
# 2769| getParameter(0): [Parameter] a
|
||||
# 2769| Type = [IntType] int
|
||||
# 2769| getParameter(1): [Parameter] b
|
||||
# 2769| Type = [IntType] int
|
||||
# 2769| getParameter(2): [Parameter] c
|
||||
# 2769| Type = [Class] ThreeWay
|
||||
# 2769| getParameter(3): [Parameter] d
|
||||
# 2769| Type = [Class] ThreeWay
|
||||
# 2769| getEntryPoint(): [BlockStmt] { ... }
|
||||
# 2770| getStmt(0): [DeclStmt] declaration
|
||||
# 2770| getDeclarationEntry(0): [VariableDeclarationEntry] definition of x
|
||||
# 2770| Type = [Class] strong_ordering
|
||||
# 2770| getVariable().getInitializer(): [Initializer] initializer for x
|
||||
# 2770| getExpr(): [SpaceshipExpr] ... <=> ...
|
||||
# 2770| Type = [Class] strong_ordering
|
||||
# 2770| ValueCategory = prvalue
|
||||
# 2770| getChild(0): [VariableAccess] a
|
||||
# 2770| Type = [IntType] int
|
||||
# 2770| ValueCategory = prvalue(load)
|
||||
# 2770| getChild(1): [VariableAccess] b
|
||||
# 2770| Type = [IntType] int
|
||||
# 2770| ValueCategory = prvalue(load)
|
||||
# 2771| getStmt(1): [DeclStmt] declaration
|
||||
# 2771| getDeclarationEntry(0): [VariableDeclarationEntry] definition of y
|
||||
# 2771| Type = [Class] strong_ordering
|
||||
# 2771| getVariable().getInitializer(): [Initializer] initializer for y
|
||||
# 2771| getExpr(): [FunctionCall] call to operator<=>
|
||||
# 2771| Type = [Class] strong_ordering
|
||||
# 2771| ValueCategory = prvalue
|
||||
# 2771| getQualifier(): [VariableAccess] c
|
||||
# 2771| Type = [Class] ThreeWay
|
||||
# 2771| ValueCategory = lvalue
|
||||
# 2771| getArgument(0): [VariableAccess] d
|
||||
# 2771| Type = [Class] ThreeWay
|
||||
# 2771| ValueCategory = lvalue
|
||||
# 2771| getArgument(0).getFullyConverted(): [ReferenceToExpr] (reference to)
|
||||
# 2771| Type = [LValueReferenceType] ThreeWay &
|
||||
# 2771| ValueCategory = prvalue
|
||||
# 2772| getStmt(2): [ReturnStmt] return ...
|
||||
ir23.cpp:
|
||||
# 1| [TopLevelFunction] bool consteval_1()
|
||||
# 1| <params>:
|
||||
@@ -50174,3 +50275,42 @@ try_except.cpp:
|
||||
# 52| Type = [IntType] int
|
||||
# 52| ValueCategory = prvalue(load)
|
||||
# 54| getStmt(2): [ReturnStmt] return ...
|
||||
type_info_test.cpp:
|
||||
# 3| [TopLevelFunction] void type_info_test(int)
|
||||
# 3| <params>:
|
||||
# 3| getParameter(0): [Parameter] x
|
||||
# 3| Type = [IntType] int
|
||||
# 3| getEntryPoint(): [BlockStmt] { ... }
|
||||
# 4| getStmt(0): [DeclStmt] declaration
|
||||
# 4| getDeclarationEntry(0): [VariableDeclarationEntry] definition of t1
|
||||
# 4| Type = [LValueReferenceType] const type_info &
|
||||
# 4| getVariable().getInitializer(): [Initializer] initializer for t1
|
||||
# 4| getExpr(): [TypeidOperator] typeid ...
|
||||
# 4| Type = [SpecifiedType] const type_info
|
||||
# 4| ValueCategory = lvalue
|
||||
# 4| getExpr(): [VariableAccess] x
|
||||
# 4| Type = [IntType] int
|
||||
# 4| ValueCategory = lvalue
|
||||
# 4| getExpr().getFullyConverted(): [ReferenceToExpr] (reference to)
|
||||
# 4| Type = [LValueReferenceType] const type_info &
|
||||
# 4| ValueCategory = prvalue
|
||||
# 5| getStmt(1): [DeclStmt] declaration
|
||||
# 5| getDeclarationEntry(0): [VariableDeclarationEntry] definition of t2
|
||||
# 5| Type = [LValueReferenceType] const type_info &
|
||||
# 5| getVariable().getInitializer(): [Initializer] initializer for t2
|
||||
# 5| getExpr(): [TypeidOperator] typeid ...
|
||||
# 5| Type = [SpecifiedType] const type_info
|
||||
# 5| ValueCategory = lvalue
|
||||
# 5| getExpr().getFullyConverted(): [ReferenceToExpr] (reference to)
|
||||
# 5| Type = [LValueReferenceType] const type_info &
|
||||
# 5| ValueCategory = prvalue
|
||||
# 6| getStmt(2): [ReturnStmt] return ...
|
||||
typeinfo:
|
||||
# 4| [CopyAssignmentOperator] std::type_info& std::type_info::operator=(std::type_info const&)
|
||||
# 4| <params>:
|
||||
#-----| getParameter(0): [Parameter] (unnamed parameter 0)
|
||||
#-----| Type = [LValueReferenceType] const type_info &
|
||||
# 4| [MoveAssignmentOperator] std::type_info& std::type_info::operator=(std::type_info&&)
|
||||
# 4| <params>:
|
||||
#-----| getParameter(0): [Parameter] (unnamed parameter 0)
|
||||
#-----| Type = [RValueReferenceType] type_info &&
|
||||
|
||||
@@ -20273,6 +20273,119 @@ ir.cpp:
|
||||
# 2728| v2728_14(void) = AliasedUse : ~m2728_9
|
||||
# 2728| v2728_15(void) = ExitFunction :
|
||||
|
||||
# 2747| void std::strong_ordering::strong_ordering(std::strong_ordering&&)
|
||||
# 2747| Block 0
|
||||
# 2747| v2747_1(void) = EnterFunction :
|
||||
# 2747| m2747_2(unknown) = AliasedDefinition :
|
||||
# 2747| m2747_3(unknown) = InitializeNonLocal :
|
||||
# 2747| m2747_4(unknown) = Chi : total:m2747_2, partial:m2747_3
|
||||
# 2747| r2747_5(glval<unknown>) = VariableAddress[#this] :
|
||||
# 2747| m2747_6(glval<strong_ordering>) = InitializeParameter[#this] : &:r2747_5
|
||||
# 2747| r2747_7(glval<strong_ordering>) = Load[#this] : &:r2747_5, m2747_6
|
||||
# 2747| m2747_8(strong_ordering) = InitializeIndirection[#this] : &:r2747_7
|
||||
#-----| r0_1(glval<strong_ordering &&>) = VariableAddress[(unnamed parameter 0)] :
|
||||
#-----| m0_2(strong_ordering &&) = InitializeParameter[(unnamed parameter 0)] : &:r0_1
|
||||
#-----| r0_3(strong_ordering &&) = Load[(unnamed parameter 0)] : &:r0_1, m0_2
|
||||
#-----| m0_4(unknown) = InitializeIndirection[(unnamed parameter 0)] : &:r0_3
|
||||
# 2747| v2747_9(void) = NoOp :
|
||||
# 2747| v2747_10(void) = ReturnIndirection[#this] : &:r2747_7, m2747_8
|
||||
#-----| v0_5(void) = ReturnIndirection[(unnamed parameter 0)] : &:r0_3, m0_4
|
||||
# 2747| v2747_11(void) = ReturnVoid :
|
||||
# 2747| v2747_12(void) = AliasedUse : m2747_3
|
||||
# 2747| v2747_13(void) = ExitFunction :
|
||||
|
||||
# 2748| void std::strong_ordering::strong_ordering(std::_Order)
|
||||
# 2748| Block 0
|
||||
# 2748| v2748_1(void) = EnterFunction :
|
||||
# 2748| m2748_2(unknown) = AliasedDefinition :
|
||||
# 2748| m2748_3(unknown) = InitializeNonLocal :
|
||||
# 2748| m2748_4(unknown) = Chi : total:m2748_2, partial:m2748_3
|
||||
# 2748| r2748_5(glval<unknown>) = VariableAddress[#this] :
|
||||
# 2748| m2748_6(glval<strong_ordering>) = InitializeParameter[#this] : &:r2748_5
|
||||
# 2748| r2748_7(glval<strong_ordering>) = Load[#this] : &:r2748_5, m2748_6
|
||||
# 2748| m2748_8(strong_ordering) = InitializeIndirection[#this] : &:r2748_7
|
||||
# 2748| r2748_9(glval<_Order>) = VariableAddress[v] :
|
||||
# 2748| m2748_10(_Order) = InitializeParameter[v] : &:r2748_9
|
||||
# 2748| v2748_11(void) = NoOp :
|
||||
# 2748| v2748_12(void) = ReturnIndirection[#this] : &:r2748_7, m2748_8
|
||||
# 2748| v2748_13(void) = ReturnVoid :
|
||||
# 2748| v2748_14(void) = AliasedUse : m2748_3
|
||||
# 2748| v2748_15(void) = ExitFunction :
|
||||
|
||||
# 2766| std::strong_ordering ThreeWay::operator<=>(ThreeWay&)
|
||||
# 2766| Block 0
|
||||
# 2766| v2766_1(void) = EnterFunction :
|
||||
# 2766| m2766_2(unknown) = AliasedDefinition :
|
||||
# 2766| m2766_3(unknown) = InitializeNonLocal :
|
||||
# 2766| m2766_4(unknown) = Chi : total:m2766_2, partial:m2766_3
|
||||
# 2766| r2766_5(glval<unknown>) = VariableAddress[#this] :
|
||||
# 2766| m2766_6(glval<ThreeWay>) = InitializeParameter[#this] : &:r2766_5
|
||||
# 2766| r2766_7(glval<ThreeWay>) = Load[#this] : &:r2766_5, m2766_6
|
||||
# 2766| m2766_8(ThreeWay) = InitializeIndirection[#this] : &:r2766_7
|
||||
# 2766| r2766_9(glval<ThreeWay &>) = VariableAddress[y] :
|
||||
# 2766| m2766_10(ThreeWay &) = InitializeParameter[y] : &:r2766_9
|
||||
# 2766| r2766_11(ThreeWay &) = Load[y] : &:r2766_9, m2766_10
|
||||
# 2766| m2766_12(unknown) = InitializeIndirection[y] : &:r2766_11
|
||||
# 2766| r2766_13(glval<strong_ordering>) = VariableAddress[#return] :
|
||||
# 2766| r2766_14(glval<unknown>) = VariableAddress[#this] :
|
||||
# 2766| r2766_15(ThreeWay *) = Load[#this] : &:r2766_14, m2766_6
|
||||
# 2766| r2766_16(glval<int>) = FieldAddress[x] : r2766_15
|
||||
# 2766| r2766_17(int) = Load[?] : &:r2766_16, ~m2766_8
|
||||
# 2766| r2766_18(glval<ThreeWay &>) = VariableAddress[y] :
|
||||
# 2766| r2766_19(ThreeWay &) = Load[y] : &:r2766_18, m2766_10
|
||||
# 2766| r2766_20(glval<ThreeWay>) = CopyValue : r2766_19
|
||||
# 2766| r2766_21(glval<int>) = FieldAddress[x] : r2766_20
|
||||
# 2766| r2766_22(int) = Load[?] : &:r2766_21, ~m2766_12
|
||||
# 2766| r2766_23(strong_ordering) = Spaceship : r2766_17, r2766_22
|
||||
# 2766| m2766_24(strong_ordering) = Store[#return] : &:r2766_13, r2766_23
|
||||
# 2766| v2766_25(void) = ReturnIndirection[#this] : &:r2766_7, m2766_8
|
||||
# 2766| v2766_26(void) = ReturnIndirection[y] : &:r2766_11, m2766_12
|
||||
# 2766| r2766_27(glval<strong_ordering>) = VariableAddress[#return] :
|
||||
# 2766| v2766_28(void) = ReturnValue : &:r2766_27, m2766_24
|
||||
# 2766| v2766_29(void) = AliasedUse : m2766_3
|
||||
# 2766| v2766_30(void) = ExitFunction :
|
||||
|
||||
# 2769| void test_three_way(int, int, ThreeWay, ThreeWay)
|
||||
# 2769| Block 0
|
||||
# 2769| v2769_1(void) = EnterFunction :
|
||||
# 2769| m2769_2(unknown) = AliasedDefinition :
|
||||
# 2769| m2769_3(unknown) = InitializeNonLocal :
|
||||
# 2769| m2769_4(unknown) = Chi : total:m2769_2, partial:m2769_3
|
||||
# 2769| r2769_5(glval<int>) = VariableAddress[a] :
|
||||
# 2769| m2769_6(int) = InitializeParameter[a] : &:r2769_5
|
||||
# 2769| r2769_7(glval<int>) = VariableAddress[b] :
|
||||
# 2769| m2769_8(int) = InitializeParameter[b] : &:r2769_7
|
||||
# 2769| r2769_9(glval<ThreeWay>) = VariableAddress[c] :
|
||||
# 2769| m2769_10(ThreeWay) = InitializeParameter[c] : &:r2769_9
|
||||
# 2769| r2769_11(glval<ThreeWay>) = VariableAddress[d] :
|
||||
# 2769| m2769_12(ThreeWay) = InitializeParameter[d] : &:r2769_11
|
||||
# 2770| r2770_1(glval<strong_ordering>) = VariableAddress[x] :
|
||||
# 2770| r2770_2(glval<int>) = VariableAddress[a] :
|
||||
# 2770| r2770_3(int) = Load[a] : &:r2770_2, m2769_6
|
||||
# 2770| r2770_4(glval<int>) = VariableAddress[b] :
|
||||
# 2770| r2770_5(int) = Load[b] : &:r2770_4, m2769_8
|
||||
# 2770| r2770_6(strong_ordering) = Spaceship : r2770_3, r2770_5
|
||||
# 2770| m2770_7(strong_ordering) = Store[x] : &:r2770_1, r2770_6
|
||||
# 2771| r2771_1(glval<strong_ordering>) = VariableAddress[y] :
|
||||
# 2771| r2771_2(glval<ThreeWay>) = VariableAddress[c] :
|
||||
# 2771| r2771_3(glval<unknown>) = FunctionAddress[operator<=>] :
|
||||
# 2771| r2771_4(glval<ThreeWay>) = VariableAddress[d] :
|
||||
# 2771| r2771_5(ThreeWay &) = CopyValue : r2771_4
|
||||
# 2771| r2771_6(strong_ordering) = Call[operator<=>] : func:r2771_3, this:r2771_2, 0:r2771_5
|
||||
# 2771| m2771_7(unknown) = ^CallSideEffect : ~m2769_4
|
||||
# 2771| m2771_8(unknown) = Chi : total:m2769_4, partial:m2771_7
|
||||
# 2771| v2771_9(void) = ^IndirectReadSideEffect[-1] : &:r2771_2, m2769_10
|
||||
# 2771| v2771_10(void) = ^BufferReadSideEffect[0] : &:r2771_5, ~m2769_12
|
||||
# 2771| m2771_11(ThreeWay) = ^IndirectMayWriteSideEffect[-1] : &:r2771_2
|
||||
# 2771| m2771_12(ThreeWay) = Chi : total:m2769_10, partial:m2771_11
|
||||
# 2771| m2771_13(unknown) = ^BufferMayWriteSideEffect[0] : &:r2771_5
|
||||
# 2771| m2771_14(ThreeWay) = Chi : total:m2769_12, partial:m2771_13
|
||||
# 2771| m2771_15(strong_ordering) = Store[y] : &:r2771_1, r2771_6
|
||||
# 2772| v2772_1(void) = NoOp :
|
||||
# 2769| v2769_13(void) = ReturnVoid :
|
||||
# 2769| v2769_14(void) = AliasedUse : ~m2771_8
|
||||
# 2769| v2769_15(void) = ExitFunction :
|
||||
|
||||
ir23.cpp:
|
||||
# 1| bool consteval_1()
|
||||
# 1| Block 0
|
||||
@@ -39973,3 +40086,27 @@ try_except.cpp:
|
||||
|
||||
# 44| Block 7
|
||||
# 44| v44_10(void) = Unreached :
|
||||
|
||||
type_info_test.cpp:
|
||||
# 3| void type_info_test(int)
|
||||
# 3| Block 0
|
||||
# 3| v3_1(void) = EnterFunction :
|
||||
# 3| m3_2(unknown) = AliasedDefinition :
|
||||
# 3| m3_3(unknown) = InitializeNonLocal :
|
||||
# 3| m3_4(unknown) = Chi : total:m3_2, partial:m3_3
|
||||
# 3| r3_5(glval<int>) = VariableAddress[x] :
|
||||
# 3| m3_6(int) = InitializeParameter[x] : &:r3_5
|
||||
# 3| m3_7(unknown) = Chi : total:m3_4, partial:m3_6
|
||||
# 4| r4_1(glval<type_info &>) = VariableAddress[t1] :
|
||||
# 4| r4_2(glval<int>) = VariableAddress[x] :
|
||||
# 4| r4_3(glval<type_info>) = TypeidExpr : r4_2
|
||||
# 4| r4_4(type_info &) = CopyValue : r4_3
|
||||
# 4| m4_5(type_info &) = Store[t1] : &:r4_1, r4_4
|
||||
# 5| r5_1(glval<type_info &>) = VariableAddress[t2] :
|
||||
# 5| r5_2(glval<type_info>) = TypeidType :
|
||||
# 5| r5_3(type_info &) = CopyValue : r5_2
|
||||
# 5| m5_4(type_info &) = Store[t2] : &:r5_1, r5_3
|
||||
# 6| v6_1(void) = NoOp :
|
||||
# 3| v3_8(void) = ReturnVoid :
|
||||
# 3| v3_9(void) = AliasedUse : m3_3
|
||||
# 3| v3_10(void) = ExitFunction :
|
||||
|
||||
@@ -2742,4 +2742,33 @@ void test_postfix_crement(int *p, int q) {
|
||||
int q2 = (int)(q++);
|
||||
}
|
||||
|
||||
namespace std {
|
||||
enum class _Order : signed char { __less = -1, __equiv = 0, __greater = 1 };
|
||||
class strong_ordering {
|
||||
explicit constexpr strong_ordering(_Order v) {}
|
||||
|
||||
public:
|
||||
static const strong_ordering less;
|
||||
static const strong_ordering equal;
|
||||
static const strong_ordering equivalent;
|
||||
static const strong_ordering greater;
|
||||
};
|
||||
|
||||
inline constexpr strong_ordering strong_ordering::less(_Order::__less);
|
||||
inline constexpr strong_ordering strong_ordering::equal(_Order::__equiv);
|
||||
inline constexpr strong_ordering strong_ordering::equivalent(_Order::__equiv);
|
||||
inline constexpr strong_ordering strong_ordering::greater(_Order::__greater);
|
||||
}
|
||||
|
||||
class ThreeWay {
|
||||
int x;
|
||||
public:
|
||||
std::strong_ordering operator<=>(ThreeWay &y) { return this->x <=> y.x; }
|
||||
};
|
||||
|
||||
void test_three_way(int a, int b, ThreeWay c, ThreeWay d) {
|
||||
auto x = a <=> b;
|
||||
auto y = c <=> d;
|
||||
}
|
||||
|
||||
// semmle-extractor-options: -std=c++20 --clang
|
||||
|
||||
@@ -18432,6 +18432,112 @@ ir.cpp:
|
||||
# 2728| v2728_12(void) = AliasedUse : ~m?
|
||||
# 2728| v2728_13(void) = ExitFunction :
|
||||
|
||||
# 2747| void std::strong_ordering::strong_ordering(std::strong_ordering&&)
|
||||
# 2747| Block 0
|
||||
# 2747| v2747_1(void) = EnterFunction :
|
||||
# 2747| mu2747_2(unknown) = AliasedDefinition :
|
||||
# 2747| mu2747_3(unknown) = InitializeNonLocal :
|
||||
# 2747| r2747_4(glval<unknown>) = VariableAddress[#this] :
|
||||
# 2747| mu2747_5(glval<strong_ordering>) = InitializeParameter[#this] : &:r2747_4
|
||||
# 2747| r2747_6(glval<strong_ordering>) = Load[#this] : &:r2747_4, ~m?
|
||||
# 2747| mu2747_7(strong_ordering) = InitializeIndirection[#this] : &:r2747_6
|
||||
#-----| r0_1(glval<strong_ordering &&>) = VariableAddress[(unnamed parameter 0)] :
|
||||
#-----| mu0_2(strong_ordering &&) = InitializeParameter[(unnamed parameter 0)] : &:r0_1
|
||||
#-----| r0_3(strong_ordering &&) = Load[(unnamed parameter 0)] : &:r0_1, ~m?
|
||||
#-----| mu0_4(unknown) = InitializeIndirection[(unnamed parameter 0)] : &:r0_3
|
||||
# 2747| v2747_8(void) = NoOp :
|
||||
# 2747| v2747_9(void) = ReturnIndirection[#this] : &:r2747_6, ~m?
|
||||
#-----| v0_5(void) = ReturnIndirection[(unnamed parameter 0)] : &:r0_3, ~m?
|
||||
# 2747| v2747_10(void) = ReturnVoid :
|
||||
# 2747| v2747_11(void) = AliasedUse : ~m?
|
||||
# 2747| v2747_12(void) = ExitFunction :
|
||||
|
||||
# 2748| void std::strong_ordering::strong_ordering(std::_Order)
|
||||
# 2748| Block 0
|
||||
# 2748| v2748_1(void) = EnterFunction :
|
||||
# 2748| mu2748_2(unknown) = AliasedDefinition :
|
||||
# 2748| mu2748_3(unknown) = InitializeNonLocal :
|
||||
# 2748| r2748_4(glval<unknown>) = VariableAddress[#this] :
|
||||
# 2748| mu2748_5(glval<strong_ordering>) = InitializeParameter[#this] : &:r2748_4
|
||||
# 2748| r2748_6(glval<strong_ordering>) = Load[#this] : &:r2748_4, ~m?
|
||||
# 2748| mu2748_7(strong_ordering) = InitializeIndirection[#this] : &:r2748_6
|
||||
# 2748| r2748_8(glval<_Order>) = VariableAddress[v] :
|
||||
# 2748| mu2748_9(_Order) = InitializeParameter[v] : &:r2748_8
|
||||
# 2748| v2748_10(void) = NoOp :
|
||||
# 2748| v2748_11(void) = ReturnIndirection[#this] : &:r2748_6, ~m?
|
||||
# 2748| v2748_12(void) = ReturnVoid :
|
||||
# 2748| v2748_13(void) = AliasedUse : ~m?
|
||||
# 2748| v2748_14(void) = ExitFunction :
|
||||
|
||||
# 2766| std::strong_ordering ThreeWay::operator<=>(ThreeWay&)
|
||||
# 2766| Block 0
|
||||
# 2766| v2766_1(void) = EnterFunction :
|
||||
# 2766| mu2766_2(unknown) = AliasedDefinition :
|
||||
# 2766| mu2766_3(unknown) = InitializeNonLocal :
|
||||
# 2766| r2766_4(glval<unknown>) = VariableAddress[#this] :
|
||||
# 2766| mu2766_5(glval<ThreeWay>) = InitializeParameter[#this] : &:r2766_4
|
||||
# 2766| r2766_6(glval<ThreeWay>) = Load[#this] : &:r2766_4, ~m?
|
||||
# 2766| mu2766_7(ThreeWay) = InitializeIndirection[#this] : &:r2766_6
|
||||
# 2766| r2766_8(glval<ThreeWay &>) = VariableAddress[y] :
|
||||
# 2766| mu2766_9(ThreeWay &) = InitializeParameter[y] : &:r2766_8
|
||||
# 2766| r2766_10(ThreeWay &) = Load[y] : &:r2766_8, ~m?
|
||||
# 2766| mu2766_11(unknown) = InitializeIndirection[y] : &:r2766_10
|
||||
# 2766| r2766_12(glval<strong_ordering>) = VariableAddress[#return] :
|
||||
# 2766| r2766_13(glval<unknown>) = VariableAddress[#this] :
|
||||
# 2766| r2766_14(ThreeWay *) = Load[#this] : &:r2766_13, ~m?
|
||||
# 2766| r2766_15(glval<int>) = FieldAddress[x] : r2766_14
|
||||
# 2766| r2766_16(int) = Load[?] : &:r2766_15, ~m?
|
||||
# 2766| r2766_17(glval<ThreeWay &>) = VariableAddress[y] :
|
||||
# 2766| r2766_18(ThreeWay &) = Load[y] : &:r2766_17, ~m?
|
||||
# 2766| r2766_19(glval<ThreeWay>) = CopyValue : r2766_18
|
||||
# 2766| r2766_20(glval<int>) = FieldAddress[x] : r2766_19
|
||||
# 2766| r2766_21(int) = Load[?] : &:r2766_20, ~m?
|
||||
# 2766| r2766_22(strong_ordering) = Spaceship : r2766_16, r2766_21
|
||||
# 2766| mu2766_23(strong_ordering) = Store[#return] : &:r2766_12, r2766_22
|
||||
# 2766| v2766_24(void) = ReturnIndirection[#this] : &:r2766_6, ~m?
|
||||
# 2766| v2766_25(void) = ReturnIndirection[y] : &:r2766_10, ~m?
|
||||
# 2766| r2766_26(glval<strong_ordering>) = VariableAddress[#return] :
|
||||
# 2766| v2766_27(void) = ReturnValue : &:r2766_26, ~m?
|
||||
# 2766| v2766_28(void) = AliasedUse : ~m?
|
||||
# 2766| v2766_29(void) = ExitFunction :
|
||||
|
||||
# 2769| void test_three_way(int, int, ThreeWay, ThreeWay)
|
||||
# 2769| Block 0
|
||||
# 2769| v2769_1(void) = EnterFunction :
|
||||
# 2769| mu2769_2(unknown) = AliasedDefinition :
|
||||
# 2769| mu2769_3(unknown) = InitializeNonLocal :
|
||||
# 2769| r2769_4(glval<int>) = VariableAddress[a] :
|
||||
# 2769| mu2769_5(int) = InitializeParameter[a] : &:r2769_4
|
||||
# 2769| r2769_6(glval<int>) = VariableAddress[b] :
|
||||
# 2769| mu2769_7(int) = InitializeParameter[b] : &:r2769_6
|
||||
# 2769| r2769_8(glval<ThreeWay>) = VariableAddress[c] :
|
||||
# 2769| mu2769_9(ThreeWay) = InitializeParameter[c] : &:r2769_8
|
||||
# 2769| r2769_10(glval<ThreeWay>) = VariableAddress[d] :
|
||||
# 2769| mu2769_11(ThreeWay) = InitializeParameter[d] : &:r2769_10
|
||||
# 2770| r2770_1(glval<strong_ordering>) = VariableAddress[x] :
|
||||
# 2770| r2770_2(glval<int>) = VariableAddress[a] :
|
||||
# 2770| r2770_3(int) = Load[a] : &:r2770_2, ~m?
|
||||
# 2770| r2770_4(glval<int>) = VariableAddress[b] :
|
||||
# 2770| r2770_5(int) = Load[b] : &:r2770_4, ~m?
|
||||
# 2770| r2770_6(strong_ordering) = Spaceship : r2770_3, r2770_5
|
||||
# 2770| mu2770_7(strong_ordering) = Store[x] : &:r2770_1, r2770_6
|
||||
# 2771| r2771_1(glval<strong_ordering>) = VariableAddress[y] :
|
||||
# 2771| r2771_2(glval<ThreeWay>) = VariableAddress[c] :
|
||||
# 2771| r2771_3(glval<unknown>) = FunctionAddress[operator<=>] :
|
||||
# 2771| r2771_4(glval<ThreeWay>) = VariableAddress[d] :
|
||||
# 2771| r2771_5(ThreeWay &) = CopyValue : r2771_4
|
||||
# 2771| r2771_6(strong_ordering) = Call[operator<=>] : func:r2771_3, this:r2771_2, 0:r2771_5
|
||||
# 2771| mu2771_7(unknown) = ^CallSideEffect : ~m?
|
||||
# 2771| v2771_8(void) = ^IndirectReadSideEffect[-1] : &:r2771_2, ~m?
|
||||
# 2771| v2771_9(void) = ^BufferReadSideEffect[0] : &:r2771_5, ~m?
|
||||
# 2771| mu2771_10(ThreeWay) = ^IndirectMayWriteSideEffect[-1] : &:r2771_2
|
||||
# 2771| mu2771_11(unknown) = ^BufferMayWriteSideEffect[0] : &:r2771_5
|
||||
# 2771| mu2771_12(strong_ordering) = Store[y] : &:r2771_1, r2771_6
|
||||
# 2772| v2772_1(void) = NoOp :
|
||||
# 2769| v2769_12(void) = ReturnVoid :
|
||||
# 2769| v2769_13(void) = AliasedUse : ~m?
|
||||
# 2769| v2769_14(void) = ExitFunction :
|
||||
|
||||
ir23.cpp:
|
||||
# 1| bool consteval_1()
|
||||
# 1| Block 0
|
||||
@@ -38102,3 +38208,25 @@ try_except.cpp:
|
||||
# 54| v54_1(void) = NoOp :
|
||||
# 44| v44_9(void) = ReturnVoid :
|
||||
#-----| Goto -> Block 1
|
||||
|
||||
type_info_test.cpp:
|
||||
# 3| void type_info_test(int)
|
||||
# 3| Block 0
|
||||
# 3| v3_1(void) = EnterFunction :
|
||||
# 3| mu3_2(unknown) = AliasedDefinition :
|
||||
# 3| mu3_3(unknown) = InitializeNonLocal :
|
||||
# 3| r3_4(glval<int>) = VariableAddress[x] :
|
||||
# 3| mu3_5(int) = InitializeParameter[x] : &:r3_4
|
||||
# 4| r4_1(glval<type_info &>) = VariableAddress[t1] :
|
||||
# 4| r4_2(glval<int>) = VariableAddress[x] :
|
||||
# 4| r4_3(glval<type_info>) = TypeidExpr : r4_2
|
||||
# 4| r4_4(type_info &) = CopyValue : r4_3
|
||||
# 4| mu4_5(type_info &) = Store[t1] : &:r4_1, r4_4
|
||||
# 5| r5_1(glval<type_info &>) = VariableAddress[t2] :
|
||||
# 5| r5_2(glval<type_info>) = TypeidType :
|
||||
# 5| r5_3(type_info &) = CopyValue : r5_2
|
||||
# 5| mu5_4(type_info &) = Store[t2] : &:r5_1, r5_3
|
||||
# 6| v6_1(void) = NoOp :
|
||||
# 3| v3_6(void) = ReturnVoid :
|
||||
# 3| v3_7(void) = AliasedUse : ~m?
|
||||
# 3| v3_8(void) = ExitFunction :
|
||||
|
||||
8
cpp/ql/test/library-tests/ir/ir/type_info_test.cpp
Normal file
8
cpp/ql/test/library-tests/ir/ir/type_info_test.cpp
Normal file
@@ -0,0 +1,8 @@
|
||||
#include <typeinfo>
|
||||
|
||||
void type_info_test(int x) {
|
||||
const std::type_info &t1 = typeid(x);
|
||||
const std::type_info &t2 = typeid(int);
|
||||
}
|
||||
|
||||
// semmle-extractor-options: -I.
|
||||
5
cpp/ql/test/library-tests/ir/ir/typeinfo
Normal file
5
cpp/ql/test/library-tests/ir/ir/typeinfo
Normal file
@@ -0,0 +1,5 @@
|
||||
#pragma once
|
||||
|
||||
namespace std{
|
||||
class type_info {};
|
||||
}
|
||||
@@ -1,9 +1,6 @@
|
||||
edges
|
||||
| consts.cpp:24:7:24:9 | **gv1 | consts.cpp:25:2:25:4 | *a | provenance | |
|
||||
| consts.cpp:24:7:24:9 | **gv1 | consts.cpp:30:9:30:14 | *access to array | provenance | |
|
||||
| consts.cpp:24:7:24:9 | **gv1 | consts.cpp:123:2:123:12 | *... = ... | provenance | |
|
||||
| consts.cpp:25:2:25:4 | *a | consts.cpp:26:2:26:4 | *{...} | provenance | |
|
||||
| consts.cpp:26:2:26:4 | *{...} | consts.cpp:24:7:24:9 | **gv1 | provenance | |
|
||||
| consts.cpp:29:7:29:25 | **nonConstFuncToArray | consts.cpp:126:9:126:30 | *call to nonConstFuncToArray | provenance | |
|
||||
| consts.cpp:30:9:30:14 | *access to array | consts.cpp:29:7:29:25 | **nonConstFuncToArray | provenance | |
|
||||
| consts.cpp:85:7:85:8 | gets output argument | consts.cpp:86:9:86:10 | *v1 | provenance | |
|
||||
@@ -38,8 +35,6 @@ edges
|
||||
| consts.cpp:144:16:144:18 | readStringRef output argument | consts.cpp:145:9:145:11 | *v12 | provenance | |
|
||||
nodes
|
||||
| consts.cpp:24:7:24:9 | **gv1 | semmle.label | **gv1 |
|
||||
| consts.cpp:25:2:25:4 | *a | semmle.label | *a |
|
||||
| consts.cpp:26:2:26:4 | *{...} | semmle.label | *{...} |
|
||||
| consts.cpp:29:7:29:25 | **nonConstFuncToArray | semmle.label | **nonConstFuncToArray |
|
||||
| consts.cpp:30:9:30:14 | *access to array | semmle.label | *access to array |
|
||||
| consts.cpp:85:7:85:8 | gets output argument | semmle.label | gets output argument |
|
||||
|
||||
@@ -43,5 +43,5 @@ MySql.Data.MySqlClient,48,,,,,,,,,,,,48,,,,,,,,,,
|
||||
Newtonsoft.Json,,,91,,,,,,,,,,,,,,,,,,,73,18
|
||||
ServiceStack,194,,7,27,,,,,75,,,,92,,,,,,,,,7,
|
||||
SourceGenerators,,,5,,,,,,,,,,,,,,,,,,,,5
|
||||
System,54,47,12139,,6,5,5,,,4,1,,33,2,,6,15,17,4,3,,5903,6236
|
||||
System,54,47,12165,,6,5,5,,,4,1,,33,2,,6,15,17,4,3,,5929,6236
|
||||
Windows.Security.Cryptography.Core,1,,,,,,,1,,,,,,,,,,,,,,,
|
||||
|
||||
|
@@ -8,7 +8,7 @@ C# framework & library support
|
||||
|
||||
Framework / library,Package,Flow sources,Taint & value steps,Sinks (total),`CWE-079` :sub:`Cross-site scripting`
|
||||
`ServiceStack <https://servicestack.net/>`_,"``ServiceStack.*``, ``ServiceStack``",,7,194,
|
||||
System,"``System.*``, ``System``",47,12139,54,5
|
||||
System,"``System.*``, ``System``",47,12165,54,5
|
||||
Others,"``Amazon.Lambda.APIGatewayEvents``, ``Amazon.Lambda.Core``, ``Dapper``, ``ILCompiler``, ``ILLink.RoslynAnalyzer``, ``ILLink.Shared``, ``ILLink.Tasks``, ``Internal.IL``, ``Internal.Pgo``, ``Internal.TypeSystem``, ``Microsoft.ApplicationBlocks.Data``, ``Microsoft.AspNetCore.Components``, ``Microsoft.AspNetCore.Http``, ``Microsoft.AspNetCore.Mvc``, ``Microsoft.AspNetCore.WebUtilities``, ``Microsoft.CSharp``, ``Microsoft.Data.SqlClient``, ``Microsoft.Diagnostics.Tools.Pgo``, ``Microsoft.DotNet.Build.Tasks``, ``Microsoft.DotNet.PlatformAbstractions``, ``Microsoft.EntityFrameworkCore``, ``Microsoft.Extensions.Caching.Distributed``, ``Microsoft.Extensions.Caching.Memory``, ``Microsoft.Extensions.Configuration``, ``Microsoft.Extensions.DependencyInjection``, ``Microsoft.Extensions.DependencyModel``, ``Microsoft.Extensions.Diagnostics.Metrics``, ``Microsoft.Extensions.FileProviders``, ``Microsoft.Extensions.FileSystemGlobbing``, ``Microsoft.Extensions.Hosting``, ``Microsoft.Extensions.Http``, ``Microsoft.Extensions.Logging``, ``Microsoft.Extensions.Options``, ``Microsoft.Extensions.Primitives``, ``Microsoft.Interop``, ``Microsoft.JSInterop``, ``Microsoft.NET.Build.Tasks``, ``Microsoft.VisualBasic``, ``Microsoft.Win32``, ``Mono.Linker``, ``MySql.Data.MySqlClient``, ``Newtonsoft.Json``, ``SourceGenerators``, ``Windows.Security.Cryptography.Core``",60,2257,159,4
|
||||
Totals,,107,14403,407,9
|
||||
Totals,,107,14429,407,9
|
||||
|
||||
|
||||
@@ -1,7 +1,3 @@
|
||||
## 1.7.44
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.7.43
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,3 +0,0 @@
|
||||
## 1.7.44
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.7.44
|
||||
lastReleaseVersion: 1.7.43
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-solorigate-all
|
||||
version: 1.7.45-dev
|
||||
version: 1.7.44-dev
|
||||
groups:
|
||||
- csharp
|
||||
- solorigate
|
||||
|
||||
@@ -1,7 +1,3 @@
|
||||
## 1.7.44
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.7.43
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,3 +0,0 @@
|
||||
## 1.7.44
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.7.44
|
||||
lastReleaseVersion: 1.7.43
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-solorigate-queries
|
||||
version: 1.7.45-dev
|
||||
version: 1.7.44-dev
|
||||
groups:
|
||||
- csharp
|
||||
- solorigate
|
||||
|
||||
@@ -1,7 +1,3 @@
|
||||
## 5.1.10
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 5.1.9
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
4
csharp/ql/lib/change-notes/2025-06-10-getasupertype.md
Normal file
4
csharp/ql/lib/change-notes/2025-06-10-getasupertype.md
Normal file
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: feature
|
||||
---
|
||||
* Added a new predicate, `getASuperType()`, to get a direct supertype of this type.
|
||||
@@ -1,3 +0,0 @@
|
||||
## 5.1.10
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 5.1.10
|
||||
lastReleaseVersion: 5.1.9
|
||||
|
||||
@@ -47,7 +47,7 @@ extensions:
|
||||
- ["System.IO", "FileStream", False, "FileStream", "(System.String,System.IO.FileMode,System.IO.FileAccess,System.IO.FileShare,System.Int32)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
|
||||
- ["System.IO", "FileStream", False, "FileStream", "(System.String,System.IO.FileMode,System.IO.FileAccess,System.IO.FileShare,System.Int32,System.Boolean)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
|
||||
- ["System.IO", "FileStream", False, "FileStream", "(System.String,System.IO.FileMode,System.IO.FileAccess,System.IO.FileShare,System.Int32,System.IO.FileOptions)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
|
||||
- ["System.IO", "MemoryStream", False, "MemoryStream", "(System.Byte[])", "", "Argument[0]", "Argument[this]", "taint", "manual"]
|
||||
- ["System.IO", "MemoryStream", False, "MemoryStream", "(System.Byte[])", "", "Argument[0].Element", "Argument[this]", "taint", "manual"]
|
||||
- ["System.IO", "MemoryStream", False, "MemoryStream", "(System.Byte[],System.Boolean)", "", "Argument[0].Element", "Argument[this]", "taint", "manual"]
|
||||
- ["System.IO", "MemoryStream", False, "MemoryStream", "(System.Byte[],System.Int32,System.Int32)", "", "Argument[0].Element", "Argument[this]", "taint", "manual"]
|
||||
- ["System.IO", "MemoryStream", False, "MemoryStream", "(System.Byte[],System.Int32,System.Int32,System.Boolean)", "", "Argument[0].Element", "Argument[this]", "taint", "manual"]
|
||||
|
||||
13
csharp/ql/lib/ext/System.Runtime.Serialization.model.yml
Normal file
13
csharp/ql/lib/ext/System.Runtime.Serialization.model.yml
Normal file
@@ -0,0 +1,13 @@
|
||||
extensions:
|
||||
- addsTo:
|
||||
pack: codeql/csharp-all
|
||||
extensible: summaryModel
|
||||
data:
|
||||
- ["System.Runtime.Serialization", "SerializationInfo", False, "AddValue", "(System.String,System.Object)", "", "Argument[1]", "Argument[this]", "taint", "manual"]
|
||||
- ["System.Runtime.Serialization", "SerializationInfo", False, "AddValue", "(System.String,System.Object,System.Type)", "", "Argument[1]", "Argument[this]", "taint", "manual"]
|
||||
- ["System.Runtime.Serialization", "SerializationInfo", False, "GetEnumerator", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
|
||||
- ["System.Runtime.Serialization", "SerializationInfo", False, "GetString", "(System.String)", "", "Argument[this]", "ReturnValue", "taint", "manual"]
|
||||
- ["System.Runtime.Serialization", "SerializationInfo", False, "GetValue", "(System.String,System.Type)", "", "Argument[this]", "ReturnValue", "taint", "manual"]
|
||||
# Note that SerializationEntry hasn't been modeled yet, so the model below for get_Current will not in itself provide more flow.
|
||||
- ["System.Runtime.Serialization", "SerializationInfoEnumerator", False, "get_Current", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
|
||||
- ["System.Runtime.Serialization", "SerializationInfoEnumerator", False, "get_Value", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
|
||||
@@ -3,18 +3,18 @@ extensions:
|
||||
pack: codeql/csharp-all
|
||||
extensible: summaryModel
|
||||
data:
|
||||
- ["System.Text", "Encoding", True, "GetBytes", "(System.Char*,System.Int32,System.Byte*,System.Int32)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
|
||||
- ["System.Text", "Encoding", True, "GetBytes", "(System.Char*,System.Int32,System.Byte*,System.Int32)", "", "Argument[0].Element", "Argument[2]", "taint", "manual"]
|
||||
- ["System.Text", "Encoding", True, "GetBytes", "(System.Char[])", "", "Argument[0].Element", "ReturnValue", "taint", "manual"]
|
||||
- ["System.Text", "Encoding", True, "GetBytes", "(System.Char[],System.Int32,System.Int32)", "", "Argument[0].Element", "ReturnValue", "taint", "manual"]
|
||||
- ["System.Text", "Encoding", True, "GetBytes", "(System.Char[],System.Int32,System.Int32,System.Byte[],System.Int32)", "", "Argument[0].Element", "ReturnValue", "taint", "manual"]
|
||||
- ["System.Text", "Encoding", True, "GetBytes", "(System.ReadOnlySpan<System.Char>,System.Span<System.Byte>)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
|
||||
- ["System.Text", "Encoding", True, "GetBytes", "(System.Char[],System.Int32,System.Int32,System.Byte[],System.Int32)", "", "Argument[0].Element", "Argument[3]", "taint", "manual"]
|
||||
- ["System.Text", "Encoding", True, "GetBytes", "(System.ReadOnlySpan<System.Char>,System.Span<System.Byte>)", "", "Argument[0].Element", "Argument[1]", "taint", "manual"]
|
||||
- ["System.Text", "Encoding", True, "GetBytes", "(System.String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
|
||||
- ["System.Text", "Encoding", False, "GetBytes", "(System.String,System.Int32,System.Int32)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
|
||||
- ["System.Text", "Encoding", True, "GetBytes", "(System.String,System.Int32,System.Int32,System.Byte[],System.Int32)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
|
||||
- ["System.Text", "Encoding", True, "GetChars", "(System.Byte*,System.Int32,System.Char*,System.Int32)", "", "Argument[0].Element", "ReturnValue", "taint", "manual"]
|
||||
- ["System.Text", "Encoding", True, "GetBytes", "(System.String,System.Int32,System.Int32)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
|
||||
- ["System.Text", "Encoding", True, "GetBytes", "(System.String,System.Int32,System.Int32,System.Byte[],System.Int32)", "", "Argument[0]", "Argument[3]", "taint", "manual"]
|
||||
- ["System.Text", "Encoding", True, "GetChars", "(System.Byte*,System.Int32,System.Char*,System.Int32)", "", "Argument[0].Element", "Argument[2]", "taint", "manual"]
|
||||
- ["System.Text", "Encoding", True, "GetChars", "(System.Byte[])", "", "Argument[0].Element", "ReturnValue", "taint", "manual"]
|
||||
- ["System.Text", "Encoding", True, "GetChars", "(System.Byte[],System.Int32,System.Int32)", "", "Argument[0].Element", "ReturnValue", "taint", "manual"]
|
||||
- ["System.Text", "Encoding", True, "GetChars", "(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32)", "", "Argument[0].Element", "ReturnValue", "taint", "manual"]
|
||||
- ["System.Text", "Encoding", True, "GetChars", "(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32)", "", "Argument[0].Element", "Argument[3]", "taint", "manual"]
|
||||
- ["System.Text", "Encoding", True, "GetChars", "(System.ReadOnlySpan<System.Byte>,System.Span<System.Char>)", "", "Argument[0].Element", "ReturnValue", "taint", "manual"]
|
||||
- ["System.Text", "Encoding", False, "GetString", "(System.Byte*,System.Int32)", "", "Argument[0].Element", "ReturnValue", "taint", "manual"]
|
||||
- ["System.Text", "Encoding", True, "GetString", "(System.Byte[])", "", "Argument[0].Element", "ReturnValue", "taint", "manual"]
|
||||
|
||||
@@ -4,6 +4,25 @@ extensions:
|
||||
extensible: summaryModel
|
||||
data:
|
||||
- ["System.Xml", "XmlAttributeCollection", False, "CopyTo", "(System.Xml.XmlAttribute[],System.Int32)", "", "Argument[this].Element", "Argument[0].Element", "value", "manual"]
|
||||
- ["System.Xml", "XmlDictionaryReader", False, "CreateBinaryReader", "(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas)", "", "Argument[0].Element", "ReturnValue", "taint", "df-manual"]
|
||||
- ["System.Xml", "XmlDictionaryReader", False, "CreateBinaryReader", "(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas)", "", "Argument[3]", "ReturnValue", "taint", "df-manual"]
|
||||
- ["System.Xml", "XmlDictionaryReader", False, "CreateBinaryReader", "(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession)", "", "Argument[0].Element", "ReturnValue", "taint", "df-manual"]
|
||||
- ["System.Xml", "XmlDictionaryReader", False, "CreateBinaryReader", "(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession)", "", "Argument[3]", "ReturnValue", "taint", "df-manual"]
|
||||
- ["System.Xml", "XmlDictionaryReader", False, "CreateBinaryReader", "(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession)", "", "Argument[5]", "ReturnValue", "taint", "df-manual"]
|
||||
- ["System.Xml", "XmlDictionaryReader", False, "CreateBinaryReader", "(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession,System.Xml.OnXmlDictionaryReaderClose)", "", "Argument[0].Element", "ReturnValue", "taint", "manual"]
|
||||
- ["System.Xml", "XmlDictionaryReader", False, "CreateBinaryReader", "(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession,System.Xml.OnXmlDictionaryReaderClose)", "", "Argument[3]", "ReturnValue", "taint", "manual"]
|
||||
- ["System.Xml", "XmlDictionaryReader", False, "CreateBinaryReader", "(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession,System.Xml.OnXmlDictionaryReaderClose)", "", "Argument[5]", "ReturnValue", "taint", "manual"]
|
||||
- ["System.Xml", "XmlDictionaryReader", False, "CreateBinaryReader", "(System.Byte[],System.Int32,System.Int32,System.Xml.XmlDictionaryReaderQuotas)", "", "Argument[0].Element", "ReturnValue", "taint", "df-manual"]
|
||||
- ["System.Xml", "XmlDictionaryReader", False, "CreateBinaryReader", "(System.Byte[],System.Xml.XmlDictionaryReaderQuotas)", "", "Argument[0].Element", "ReturnValue", "taint", "df-manual"]
|
||||
- ["System.Xml", "XmlDictionaryReader", False, "CreateBinaryReader", "(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas)", "", "Argument[0]", "ReturnValue", "taint", "df-manual"]
|
||||
- ["System.Xml", "XmlDictionaryReader", False, "CreateBinaryReader", "(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas)", "", "Argument[1]", "ReturnValue", "taint", "df-manual"]
|
||||
- ["System.Xml", "XmlDictionaryReader", False, "CreateBinaryReader", "(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession)", "", "Argument[0]", "ReturnValue", "taint", "df-manual"]
|
||||
- ["System.Xml", "XmlDictionaryReader", False, "CreateBinaryReader", "(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession)", "", "Argument[1]", "ReturnValue", "taint", "df-manual"]
|
||||
- ["System.Xml", "XmlDictionaryReader", False, "CreateBinaryReader", "(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession)", "", "Argument[3]", "ReturnValue", "taint", "df-manual"]
|
||||
- ["System.Xml", "XmlDictionaryReader", False, "CreateBinaryReader", "(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession,System.Xml.OnXmlDictionaryReaderClose)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
|
||||
- ["System.Xml", "XmlDictionaryReader", False, "CreateBinaryReader", "(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession,System.Xml.OnXmlDictionaryReaderClose)", "", "Argument[1]", "ReturnValue", "taint", "manual"]
|
||||
- ["System.Xml", "XmlDictionaryReader", False, "CreateBinaryReader", "(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession,System.Xml.OnXmlDictionaryReaderClose)", "", "Argument[3]", "ReturnValue", "taint", "manual"]
|
||||
- ["System.Xml", "XmlDictionaryReader", False, "CreateBinaryReader", "(System.IO.Stream,System.Xml.XmlDictionaryReaderQuotas)", "", "Argument[0]", "ReturnValue", "taint", "df-manual"]
|
||||
- ["System.Xml", "XmlDocument", False, "Load", "(System.IO.Stream)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
|
||||
- ["System.Xml", "XmlDocument", False, "Load", "(System.IO.TextReader)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
|
||||
- ["System.Xml", "XmlDocument", False, "Load", "(System.String)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-all
|
||||
version: 5.1.11-dev
|
||||
version: 5.1.10-dev
|
||||
groups: csharp
|
||||
dbscheme: semmlecode.csharp.dbscheme
|
||||
extractor: csharp
|
||||
|
||||
@@ -8,14 +8,14 @@ import csharp
|
||||
* A `Web.config` file.
|
||||
*/
|
||||
class WebConfigXml extends XmlFile {
|
||||
WebConfigXml() { this.getName().matches("%Web.config") }
|
||||
WebConfigXml() { this.getName().toLowerCase().matches("%web.config") }
|
||||
}
|
||||
|
||||
/**
|
||||
* A `Web.config` transformation file.
|
||||
*/
|
||||
class WebConfigReleaseTransformXml extends XmlFile {
|
||||
WebConfigReleaseTransformXml() { this.getName().matches("%Web.Release.config") }
|
||||
WebConfigReleaseTransformXml() { this.getName().toLowerCase().matches("%web.release.config") }
|
||||
}
|
||||
|
||||
/** A `<configuration>` tag in an ASP.NET configuration file. */
|
||||
|
||||
@@ -138,6 +138,9 @@ class ValueOrRefType extends Type, Attributable, @value_or_ref_type {
|
||||
/** Gets an immediate subtype of this type, if any. */
|
||||
ValueOrRefType getASubType() { result.getABaseType() = this }
|
||||
|
||||
/** Gets an immediate supertype of this type, if any. */
|
||||
ValueOrRefType getASuperType() { this.getABaseType() = result }
|
||||
|
||||
/** Gets a member of this type, if any. */
|
||||
Member getAMember() { result.getDeclaringType() = this }
|
||||
|
||||
|
||||
@@ -1,9 +1,3 @@
|
||||
## 1.3.1
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added explicit SQL injection Models as Data models for `Microsoft.Data.SqlClient.SqlCommand` and `Microsoft.Data.SqlClient.SqlDataAdapter`. This reduces false negatives for the query `cs/sql-injection`.
|
||||
|
||||
## 1.3.0
|
||||
|
||||
### Query Metadata Changes
|
||||
|
||||
@@ -1,5 +1,4 @@
|
||||
## 1.3.1
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added explicit SQL injection Models as Data models for `Microsoft.Data.SqlClient.SqlCommand` and `Microsoft.Data.SqlClient.SqlDataAdapter`. This reduces false negatives for the query `cs/sql-injection`.
|
||||
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Explicitly added summary models for all overloads of `System.Xml.XmlDictionaryReader.CreateBinaryReader`. Added models for some of the methods and properties in `System.Runtime.Serialization.SerializationInfo` and `System.Runtime.Serialization.SerializationInfoEnumerator`. Updated models for `System.Text.Encoding.GetBytes`, `System.Text.Encoding.GetChars` and the constructor for `System.IO.MemoryStream`. This generally improves the library modelling and thus reduces the number of false negatives.
|
||||
4
csharp/ql/src/change-notes/2025-07-16-web-config.md
Normal file
4
csharp/ql/src/change-notes/2025-07-16-web-config.md
Normal file
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: fix
|
||||
---
|
||||
* `web.config` and `web.release.config` files are now recognised regardless of case. This means queries `cs/web/debug-binary` and `cs/web/missing-x-frame-options` may produce more results than before.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.3.1
|
||||
lastReleaseVersion: 1.3.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-queries
|
||||
version: 1.3.2-dev
|
||||
version: 1.3.1-dev
|
||||
groups:
|
||||
- csharp
|
||||
- queries
|
||||
|
||||
@@ -12371,7 +12371,7 @@ summary
|
||||
| System.IO;MemoryStream;CopyToAsync;(System.IO.Stream,System.Int32,System.Threading.CancellationToken);Argument[this];Argument[0];taint;manual |
|
||||
| System.IO;MemoryStream;FlushAsync;(System.Threading.CancellationToken);Argument[this];ReturnValue.SyntheticField[System.Threading.Tasks.Task.m_stateObject];value;dfc-generated |
|
||||
| System.IO;MemoryStream;GetBuffer;();Argument[this];ReturnValue;taint;df-generated |
|
||||
| System.IO;MemoryStream;MemoryStream;(System.Byte[]);Argument[0];Argument[this];taint;manual |
|
||||
| System.IO;MemoryStream;MemoryStream;(System.Byte[]);Argument[0].Element;Argument[this];taint;manual |
|
||||
| System.IO;MemoryStream;MemoryStream;(System.Byte[],System.Boolean);Argument[0].Element;Argument[this];taint;manual |
|
||||
| System.IO;MemoryStream;MemoryStream;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;Argument[this];taint;manual |
|
||||
| System.IO;MemoryStream;MemoryStream;(System.Byte[],System.Int32,System.Int32,System.Boolean);Argument[0].Element;Argument[this];taint;manual |
|
||||
@@ -17277,30 +17277,20 @@ summary
|
||||
| System.Runtime.Serialization;SerializationInfo;AddValue;(System.String,System.Int16);Argument[0];Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._names].Element;value;dfc-generated |
|
||||
| System.Runtime.Serialization;SerializationInfo;AddValue;(System.String,System.Int32);Argument[0];Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._names].Element;value;dfc-generated |
|
||||
| System.Runtime.Serialization;SerializationInfo;AddValue;(System.String,System.Int64);Argument[0];Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._names].Element;value;dfc-generated |
|
||||
| System.Runtime.Serialization;SerializationInfo;AddValue;(System.String,System.Object);Argument[0];Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._names].Element;value;dfc-generated |
|
||||
| System.Runtime.Serialization;SerializationInfo;AddValue;(System.String,System.Object);Argument[1];Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._values].Element;value;dfc-generated |
|
||||
| System.Runtime.Serialization;SerializationInfo;AddValue;(System.String,System.Object,System.Type);Argument[0];Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._names].Element;value;dfc-generated |
|
||||
| System.Runtime.Serialization;SerializationInfo;AddValue;(System.String,System.Object,System.Type);Argument[1];Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._values].Element;value;dfc-generated |
|
||||
| System.Runtime.Serialization;SerializationInfo;AddValue;(System.String,System.Object);Argument[1];Argument[this];taint;manual |
|
||||
| System.Runtime.Serialization;SerializationInfo;AddValue;(System.String,System.Object,System.Type);Argument[1];Argument[this];taint;manual |
|
||||
| System.Runtime.Serialization;SerializationInfo;AddValue;(System.String,System.SByte);Argument[0];Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._names].Element;value;dfc-generated |
|
||||
| System.Runtime.Serialization;SerializationInfo;AddValue;(System.String,System.Single);Argument[0];Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._names].Element;value;dfc-generated |
|
||||
| System.Runtime.Serialization;SerializationInfo;AddValue;(System.String,System.UInt16);Argument[0];Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._names].Element;value;dfc-generated |
|
||||
| System.Runtime.Serialization;SerializationInfo;AddValue;(System.String,System.UInt32);Argument[0];Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._names].Element;value;dfc-generated |
|
||||
| System.Runtime.Serialization;SerializationInfo;AddValue;(System.String,System.UInt64);Argument[0];Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._names].Element;value;dfc-generated |
|
||||
| System.Runtime.Serialization;SerializationInfo;GetEnumerator;();Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._names];ReturnValue.SyntheticField[System.Runtime.Serialization.SerializationInfoEnumerator._members];value;dfc-generated |
|
||||
| System.Runtime.Serialization;SerializationInfo;GetEnumerator;();Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._values];ReturnValue.SyntheticField[System.Runtime.Serialization.SerializationInfoEnumerator._data];value;dfc-generated |
|
||||
| System.Runtime.Serialization;SerializationInfo;GetString;(System.String);Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._values].Element;ReturnValue;value;dfc-generated |
|
||||
| System.Runtime.Serialization;SerializationInfo;GetValue;(System.String,System.Type);Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._values].Element;ReturnValue;value;dfc-generated |
|
||||
| System.Runtime.Serialization;SerializationInfo;GetEnumerator;();Argument[this];ReturnValue;taint;manual |
|
||||
| System.Runtime.Serialization;SerializationInfo;GetString;(System.String);Argument[this];ReturnValue;taint;manual |
|
||||
| System.Runtime.Serialization;SerializationInfo;GetValue;(System.String,System.Type);Argument[this];ReturnValue;taint;manual |
|
||||
| System.Runtime.Serialization;SerializationInfo;SerializationInfo;(System.Type,System.Runtime.Serialization.IFormatterConverter);Argument[1];Argument[this];taint;df-generated |
|
||||
| System.Runtime.Serialization;SerializationInfoEnumerator;get_Current;();Argument[this].Property[System.Runtime.Serialization.SerializationInfoEnumerator.Current];ReturnValue;value;df-generated |
|
||||
| System.Runtime.Serialization;SerializationInfoEnumerator;get_Current;();Argument[this].Property[System.Runtime.Serialization.SerializationInfoEnumerator.Current];ReturnValue;value;dfc-generated |
|
||||
| System.Runtime.Serialization;SerializationInfoEnumerator;get_Current;();Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfoEnumerator._data].Element;ReturnValue.SyntheticField[System.Runtime.Serialization.SerializationEntry._value];value;df-generated |
|
||||
| System.Runtime.Serialization;SerializationInfoEnumerator;get_Current;();Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfoEnumerator._data].Element;ReturnValue.SyntheticField[System.Runtime.Serialization.SerializationEntry._value];value;dfc-generated |
|
||||
| System.Runtime.Serialization;SerializationInfoEnumerator;get_Current;();Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfoEnumerator._members].Element;ReturnValue.SyntheticField[System.Runtime.Serialization.SerializationEntry._name];value;df-generated |
|
||||
| System.Runtime.Serialization;SerializationInfoEnumerator;get_Current;();Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfoEnumerator._members].Element;ReturnValue.SyntheticField[System.Runtime.Serialization.SerializationEntry._name];value;dfc-generated |
|
||||
| System.Runtime.Serialization;SerializationInfoEnumerator;get_Current;();Argument[this];ReturnValue;taint;df-generated |
|
||||
| System.Runtime.Serialization;SerializationInfoEnumerator;get_Current;();Argument[this];ReturnValue;taint;dfc-generated |
|
||||
| System.Runtime.Serialization;SerializationInfoEnumerator;get_Current;();Argument[this];ReturnValue;taint;manual |
|
||||
| System.Runtime.Serialization;SerializationInfoEnumerator;get_Name;();Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfoEnumerator._members].Element;ReturnValue;value;dfc-generated |
|
||||
| System.Runtime.Serialization;SerializationInfoEnumerator;get_Value;();Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfoEnumerator._data].Element;ReturnValue;value;dfc-generated |
|
||||
| System.Runtime.Serialization;SerializationInfoEnumerator;get_Value;();Argument[this];ReturnValue;taint;manual |
|
||||
| System.Runtime.Serialization;SerializationObjectManager;SerializationObjectManager;(System.Runtime.Serialization.StreamingContext);Argument[0];Argument[this];taint;df-generated |
|
||||
| System.Runtime.Serialization;StreamingContext;StreamingContext;(System.Runtime.Serialization.StreamingContextStates,System.Object);Argument[1];Argument[this].SyntheticField[System.Runtime.Serialization.StreamingContext._additionalContext];value;dfc-generated |
|
||||
| System.Runtime.Serialization;StreamingContext;get_Context;();Argument[this].SyntheticField[System.Runtime.Serialization.StreamingContext._additionalContext];ReturnValue;value;dfc-generated |
|
||||
@@ -18467,12 +18457,12 @@ summary
|
||||
| System.Text.Unicode;Utf8+TryWriteInterpolatedStringHandler;TryWriteInterpolatedStringHandler;(System.Int32,System.Int32,System.Span<System.Byte>,System.Boolean);Argument[2];Argument[this];taint;df-generated |
|
||||
| System.Text.Unicode;Utf8+TryWriteInterpolatedStringHandler;TryWriteInterpolatedStringHandler;(System.Int32,System.Int32,System.Span<System.Byte>,System.IFormatProvider,System.Boolean);Argument[2];Argument[this];taint;df-generated |
|
||||
| System.Text.Unicode;Utf8+TryWriteInterpolatedStringHandler;TryWriteInterpolatedStringHandler;(System.Int32,System.Int32,System.Span<System.Byte>,System.IFormatProvider,System.Boolean);Argument[3];Argument[this];taint;df-generated |
|
||||
| System.Text;ASCIIEncoding;GetBytes;(System.Char*,System.Int32,System.Byte*,System.Int32);Argument[0];ReturnValue;taint;manual |
|
||||
| System.Text;ASCIIEncoding;GetBytes;(System.Char[],System.Int32,System.Int32,System.Byte[],System.Int32);Argument[0].Element;ReturnValue;taint;manual |
|
||||
| System.Text;ASCIIEncoding;GetBytes;(System.ReadOnlySpan<System.Char>,System.Span<System.Byte>);Argument[0];ReturnValue;taint;manual |
|
||||
| System.Text;ASCIIEncoding;GetBytes;(System.String,System.Int32,System.Int32,System.Byte[],System.Int32);Argument[0];ReturnValue;taint;manual |
|
||||
| System.Text;ASCIIEncoding;GetChars;(System.Byte*,System.Int32,System.Char*,System.Int32);Argument[0].Element;ReturnValue;taint;manual |
|
||||
| System.Text;ASCIIEncoding;GetChars;(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32);Argument[0].Element;ReturnValue;taint;manual |
|
||||
| System.Text;ASCIIEncoding;GetBytes;(System.Char*,System.Int32,System.Byte*,System.Int32);Argument[0].Element;Argument[2];taint;manual |
|
||||
| System.Text;ASCIIEncoding;GetBytes;(System.Char[],System.Int32,System.Int32,System.Byte[],System.Int32);Argument[0].Element;Argument[3];taint;manual |
|
||||
| System.Text;ASCIIEncoding;GetBytes;(System.ReadOnlySpan<System.Char>,System.Span<System.Byte>);Argument[0].Element;Argument[1];taint;manual |
|
||||
| System.Text;ASCIIEncoding;GetBytes;(System.String,System.Int32,System.Int32,System.Byte[],System.Int32);Argument[0];Argument[3];taint;manual |
|
||||
| System.Text;ASCIIEncoding;GetChars;(System.Byte*,System.Int32,System.Char*,System.Int32);Argument[0].Element;Argument[2];taint;manual |
|
||||
| System.Text;ASCIIEncoding;GetChars;(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32);Argument[0].Element;Argument[3];taint;manual |
|
||||
| System.Text;ASCIIEncoding;GetChars;(System.ReadOnlySpan<System.Byte>,System.Span<System.Char>);Argument[0].Element;ReturnValue;taint;manual |
|
||||
| System.Text;ASCIIEncoding;GetDecoder;();Argument[this];ReturnValue;taint;df-generated |
|
||||
| System.Text;ASCIIEncoding;GetEncoder;();Argument[this];ReturnValue;taint;df-generated |
|
||||
@@ -18501,18 +18491,18 @@ summary
|
||||
| System.Text;Encoding;CreateTranscodingStream;(System.IO.Stream,System.Text.Encoding,System.Text.Encoding,System.Boolean);Argument[2];ReturnValue;taint;df-generated |
|
||||
| System.Text;Encoding;Encoding;(System.Int32,System.Text.EncoderFallback,System.Text.DecoderFallback);Argument[1];Argument[this];taint;df-generated |
|
||||
| System.Text;Encoding;Encoding;(System.Int32,System.Text.EncoderFallback,System.Text.DecoderFallback);Argument[2];Argument[this];taint;df-generated |
|
||||
| System.Text;Encoding;GetBytes;(System.Char*,System.Int32,System.Byte*,System.Int32);Argument[0];ReturnValue;taint;manual |
|
||||
| System.Text;Encoding;GetBytes;(System.Char*,System.Int32,System.Byte*,System.Int32);Argument[0].Element;Argument[2];taint;manual |
|
||||
| System.Text;Encoding;GetBytes;(System.Char[]);Argument[0].Element;ReturnValue;taint;manual |
|
||||
| System.Text;Encoding;GetBytes;(System.Char[],System.Int32,System.Int32);Argument[0].Element;ReturnValue;taint;manual |
|
||||
| System.Text;Encoding;GetBytes;(System.Char[],System.Int32,System.Int32,System.Byte[],System.Int32);Argument[0].Element;ReturnValue;taint;manual |
|
||||
| System.Text;Encoding;GetBytes;(System.ReadOnlySpan<System.Char>,System.Span<System.Byte>);Argument[0];ReturnValue;taint;manual |
|
||||
| System.Text;Encoding;GetBytes;(System.Char[],System.Int32,System.Int32,System.Byte[],System.Int32);Argument[0].Element;Argument[3];taint;manual |
|
||||
| System.Text;Encoding;GetBytes;(System.ReadOnlySpan<System.Char>,System.Span<System.Byte>);Argument[0].Element;Argument[1];taint;manual |
|
||||
| System.Text;Encoding;GetBytes;(System.String);Argument[0];ReturnValue;taint;manual |
|
||||
| System.Text;Encoding;GetBytes;(System.String,System.Int32,System.Int32);Argument[0];ReturnValue;taint;manual |
|
||||
| System.Text;Encoding;GetBytes;(System.String,System.Int32,System.Int32,System.Byte[],System.Int32);Argument[0];ReturnValue;taint;manual |
|
||||
| System.Text;Encoding;GetChars;(System.Byte*,System.Int32,System.Char*,System.Int32);Argument[0].Element;ReturnValue;taint;manual |
|
||||
| System.Text;Encoding;GetBytes;(System.String,System.Int32,System.Int32,System.Byte[],System.Int32);Argument[0];Argument[3];taint;manual |
|
||||
| System.Text;Encoding;GetChars;(System.Byte*,System.Int32,System.Char*,System.Int32);Argument[0].Element;Argument[2];taint;manual |
|
||||
| System.Text;Encoding;GetChars;(System.Byte[]);Argument[0].Element;ReturnValue;taint;manual |
|
||||
| System.Text;Encoding;GetChars;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;ReturnValue;taint;manual |
|
||||
| System.Text;Encoding;GetChars;(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32);Argument[0].Element;ReturnValue;taint;manual |
|
||||
| System.Text;Encoding;GetChars;(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32);Argument[0].Element;Argument[3];taint;manual |
|
||||
| System.Text;Encoding;GetChars;(System.ReadOnlySpan<System.Byte>,System.Span<System.Char>);Argument[0].Element;ReturnValue;taint;manual |
|
||||
| System.Text;Encoding;GetDecoder;();Argument[this];ReturnValue;taint;df-generated |
|
||||
| System.Text;Encoding;GetEncoder;();Argument[this];ReturnValue;taint;df-generated |
|
||||
@@ -18703,37 +18693,37 @@ summary
|
||||
| System.Text;StringRuneEnumerator;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.IEnumerator.Current];value;manual |
|
||||
| System.Text;StringRuneEnumerator;GetEnumerator;();Argument[this];ReturnValue;value;dfc-generated |
|
||||
| System.Text;StringRuneEnumerator;get_Current;();Argument[this];ReturnValue;taint;df-generated |
|
||||
| System.Text;UTF7Encoding;GetBytes;(System.Char*,System.Int32,System.Byte*,System.Int32);Argument[0];ReturnValue;taint;manual |
|
||||
| System.Text;UTF7Encoding;GetBytes;(System.Char[],System.Int32,System.Int32,System.Byte[],System.Int32);Argument[0].Element;ReturnValue;taint;manual |
|
||||
| System.Text;UTF7Encoding;GetBytes;(System.String,System.Int32,System.Int32,System.Byte[],System.Int32);Argument[0];ReturnValue;taint;manual |
|
||||
| System.Text;UTF7Encoding;GetChars;(System.Byte*,System.Int32,System.Char*,System.Int32);Argument[0].Element;ReturnValue;taint;manual |
|
||||
| System.Text;UTF7Encoding;GetChars;(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32);Argument[0].Element;ReturnValue;taint;manual |
|
||||
| System.Text;UTF7Encoding;GetBytes;(System.Char*,System.Int32,System.Byte*,System.Int32);Argument[0].Element;Argument[2];taint;manual |
|
||||
| System.Text;UTF7Encoding;GetBytes;(System.Char[],System.Int32,System.Int32,System.Byte[],System.Int32);Argument[0].Element;Argument[3];taint;manual |
|
||||
| System.Text;UTF7Encoding;GetBytes;(System.String,System.Int32,System.Int32,System.Byte[],System.Int32);Argument[0];Argument[3];taint;manual |
|
||||
| System.Text;UTF7Encoding;GetChars;(System.Byte*,System.Int32,System.Char*,System.Int32);Argument[0].Element;Argument[2];taint;manual |
|
||||
| System.Text;UTF7Encoding;GetChars;(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32);Argument[0].Element;Argument[3];taint;manual |
|
||||
| System.Text;UTF7Encoding;GetDecoder;();Argument[this];ReturnValue;taint;df-generated |
|
||||
| System.Text;UTF7Encoding;GetEncoder;();Argument[this];ReturnValue;taint;df-generated |
|
||||
| System.Text;UTF7Encoding;GetString;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;ReturnValue;taint;manual |
|
||||
| System.Text;UTF8Encoding;GetBytes;(System.Char*,System.Int32,System.Byte*,System.Int32);Argument[0];ReturnValue;taint;manual |
|
||||
| System.Text;UTF8Encoding;GetBytes;(System.Char[],System.Int32,System.Int32,System.Byte[],System.Int32);Argument[0].Element;ReturnValue;taint;manual |
|
||||
| System.Text;UTF8Encoding;GetBytes;(System.ReadOnlySpan<System.Char>,System.Span<System.Byte>);Argument[0];ReturnValue;taint;manual |
|
||||
| System.Text;UTF8Encoding;GetBytes;(System.String,System.Int32,System.Int32,System.Byte[],System.Int32);Argument[0];ReturnValue;taint;manual |
|
||||
| System.Text;UTF8Encoding;GetChars;(System.Byte*,System.Int32,System.Char*,System.Int32);Argument[0].Element;ReturnValue;taint;manual |
|
||||
| System.Text;UTF8Encoding;GetChars;(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32);Argument[0].Element;ReturnValue;taint;manual |
|
||||
| System.Text;UTF8Encoding;GetBytes;(System.Char*,System.Int32,System.Byte*,System.Int32);Argument[0].Element;Argument[2];taint;manual |
|
||||
| System.Text;UTF8Encoding;GetBytes;(System.Char[],System.Int32,System.Int32,System.Byte[],System.Int32);Argument[0].Element;Argument[3];taint;manual |
|
||||
| System.Text;UTF8Encoding;GetBytes;(System.ReadOnlySpan<System.Char>,System.Span<System.Byte>);Argument[0].Element;Argument[1];taint;manual |
|
||||
| System.Text;UTF8Encoding;GetBytes;(System.String,System.Int32,System.Int32,System.Byte[],System.Int32);Argument[0];Argument[3];taint;manual |
|
||||
| System.Text;UTF8Encoding;GetChars;(System.Byte*,System.Int32,System.Char*,System.Int32);Argument[0].Element;Argument[2];taint;manual |
|
||||
| System.Text;UTF8Encoding;GetChars;(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32);Argument[0].Element;Argument[3];taint;manual |
|
||||
| System.Text;UTF8Encoding;GetChars;(System.ReadOnlySpan<System.Byte>,System.Span<System.Char>);Argument[0].Element;ReturnValue;taint;manual |
|
||||
| System.Text;UTF8Encoding;GetDecoder;();Argument[this];ReturnValue;taint;df-generated |
|
||||
| System.Text;UTF8Encoding;GetEncoder;();Argument[this];ReturnValue;taint;df-generated |
|
||||
| System.Text;UTF8Encoding;GetString;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;ReturnValue;taint;manual |
|
||||
| System.Text;UTF32Encoding;GetBytes;(System.Char*,System.Int32,System.Byte*,System.Int32);Argument[0];ReturnValue;taint;manual |
|
||||
| System.Text;UTF32Encoding;GetBytes;(System.Char[],System.Int32,System.Int32,System.Byte[],System.Int32);Argument[0].Element;ReturnValue;taint;manual |
|
||||
| System.Text;UTF32Encoding;GetBytes;(System.String,System.Int32,System.Int32,System.Byte[],System.Int32);Argument[0];ReturnValue;taint;manual |
|
||||
| System.Text;UTF32Encoding;GetChars;(System.Byte*,System.Int32,System.Char*,System.Int32);Argument[0].Element;ReturnValue;taint;manual |
|
||||
| System.Text;UTF32Encoding;GetChars;(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32);Argument[0].Element;ReturnValue;taint;manual |
|
||||
| System.Text;UTF32Encoding;GetBytes;(System.Char*,System.Int32,System.Byte*,System.Int32);Argument[0].Element;Argument[2];taint;manual |
|
||||
| System.Text;UTF32Encoding;GetBytes;(System.Char[],System.Int32,System.Int32,System.Byte[],System.Int32);Argument[0].Element;Argument[3];taint;manual |
|
||||
| System.Text;UTF32Encoding;GetBytes;(System.String,System.Int32,System.Int32,System.Byte[],System.Int32);Argument[0];Argument[3];taint;manual |
|
||||
| System.Text;UTF32Encoding;GetChars;(System.Byte*,System.Int32,System.Char*,System.Int32);Argument[0].Element;Argument[2];taint;manual |
|
||||
| System.Text;UTF32Encoding;GetChars;(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32);Argument[0].Element;Argument[3];taint;manual |
|
||||
| System.Text;UTF32Encoding;GetDecoder;();Argument[this];ReturnValue;taint;df-generated |
|
||||
| System.Text;UTF32Encoding;GetEncoder;();Argument[this];ReturnValue;taint;df-generated |
|
||||
| System.Text;UTF32Encoding;GetString;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;ReturnValue;taint;manual |
|
||||
| System.Text;UnicodeEncoding;GetBytes;(System.Char*,System.Int32,System.Byte*,System.Int32);Argument[0];ReturnValue;taint;manual |
|
||||
| System.Text;UnicodeEncoding;GetBytes;(System.Char[],System.Int32,System.Int32,System.Byte[],System.Int32);Argument[0].Element;ReturnValue;taint;manual |
|
||||
| System.Text;UnicodeEncoding;GetBytes;(System.String,System.Int32,System.Int32,System.Byte[],System.Int32);Argument[0];ReturnValue;taint;manual |
|
||||
| System.Text;UnicodeEncoding;GetChars;(System.Byte*,System.Int32,System.Char*,System.Int32);Argument[0].Element;ReturnValue;taint;manual |
|
||||
| System.Text;UnicodeEncoding;GetChars;(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32);Argument[0].Element;ReturnValue;taint;manual |
|
||||
| System.Text;UnicodeEncoding;GetBytes;(System.Char*,System.Int32,System.Byte*,System.Int32);Argument[0].Element;Argument[2];taint;manual |
|
||||
| System.Text;UnicodeEncoding;GetBytes;(System.Char[],System.Int32,System.Int32,System.Byte[],System.Int32);Argument[0].Element;Argument[3];taint;manual |
|
||||
| System.Text;UnicodeEncoding;GetBytes;(System.String,System.Int32,System.Int32,System.Byte[],System.Int32);Argument[0];Argument[3];taint;manual |
|
||||
| System.Text;UnicodeEncoding;GetChars;(System.Byte*,System.Int32,System.Char*,System.Int32);Argument[0].Element;Argument[2];taint;manual |
|
||||
| System.Text;UnicodeEncoding;GetChars;(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32);Argument[0].Element;Argument[3];taint;manual |
|
||||
| System.Text;UnicodeEncoding;GetDecoder;();Argument[this];ReturnValue;taint;df-generated |
|
||||
| System.Text;UnicodeEncoding;GetEncoder;();Argument[this];ReturnValue;taint;df-generated |
|
||||
| System.Text;UnicodeEncoding;GetString;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;ReturnValue;taint;manual |
|
||||
@@ -20868,21 +20858,27 @@ summary
|
||||
| System.Xml;XmlDictionary;TryLookup;(System.Int32,System.Xml.XmlDictionaryString);Argument[this];Argument[1];taint;df-generated |
|
||||
| System.Xml;XmlDictionary;TryLookup;(System.String,System.Xml.XmlDictionaryString);Argument[this];Argument[1];taint;df-generated |
|
||||
| System.Xml;XmlDictionary;TryLookup;(System.Xml.XmlDictionaryString,System.Xml.XmlDictionaryString);Argument[0];Argument[1];value;dfc-generated |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas);Argument[0].Element;ReturnValue;taint;df-generated |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas);Argument[3];ReturnValue;taint;df-generated |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession);Argument[0].Element;ReturnValue;taint;df-generated |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession);Argument[3];ReturnValue;taint;df-generated |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession);Argument[5];ReturnValue;taint;df-generated |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession,System.Xml.OnXmlDictionaryReaderClose);Argument[6];Argument[6].Parameter[delegate-self];value;hq-generated |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.XmlDictionaryReaderQuotas);Argument[0].Element;ReturnValue;taint;df-generated |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Xml.XmlDictionaryReaderQuotas);Argument[0].Element;ReturnValue;taint;df-generated |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas);Argument[0];ReturnValue;taint;df-generated |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas);Argument[1];ReturnValue;taint;df-generated |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession);Argument[0];ReturnValue;taint;df-generated |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession);Argument[1];ReturnValue;taint;df-generated |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession);Argument[3];ReturnValue;taint;df-generated |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession,System.Xml.OnXmlDictionaryReaderClose);Argument[4];Argument[4].Parameter[delegate-self];value;hq-generated |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.XmlDictionaryReaderQuotas);Argument[0];ReturnValue;taint;df-generated |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas);Argument[0].Element;ReturnValue;taint;df-manual |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas);Argument[3];ReturnValue;taint;df-manual |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession);Argument[0].Element;ReturnValue;taint;df-manual |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession);Argument[3];ReturnValue;taint;df-manual |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession);Argument[5];ReturnValue;taint;df-manual |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession,System.Xml.OnXmlDictionaryReaderClose);Argument[0].Element;ReturnValue;taint;manual |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession,System.Xml.OnXmlDictionaryReaderClose);Argument[3];ReturnValue;taint;manual |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession,System.Xml.OnXmlDictionaryReaderClose);Argument[5];ReturnValue;taint;manual |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession,System.Xml.OnXmlDictionaryReaderClose);Argument[6];Argument[6].Parameter[delegate-self];value;manual |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.XmlDictionaryReaderQuotas);Argument[0].Element;ReturnValue;taint;df-manual |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Xml.XmlDictionaryReaderQuotas);Argument[0].Element;ReturnValue;taint;df-manual |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas);Argument[0];ReturnValue;taint;df-manual |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas);Argument[1];ReturnValue;taint;df-manual |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession);Argument[0];ReturnValue;taint;df-manual |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession);Argument[1];ReturnValue;taint;df-manual |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession);Argument[3];ReturnValue;taint;df-manual |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession,System.Xml.OnXmlDictionaryReaderClose);Argument[0];ReturnValue;taint;manual |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession,System.Xml.OnXmlDictionaryReaderClose);Argument[1];ReturnValue;taint;manual |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession,System.Xml.OnXmlDictionaryReaderClose);Argument[3];ReturnValue;taint;manual |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession,System.Xml.OnXmlDictionaryReaderClose);Argument[4];Argument[4].Parameter[delegate-self];value;manual |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.XmlDictionaryReaderQuotas);Argument[0];ReturnValue;taint;df-manual |
|
||||
| System.Xml;XmlDictionaryReader;CreateDictionaryReader;(System.Xml.XmlReader);Argument[0];ReturnValue;value;dfc-generated |
|
||||
| System.Xml;XmlDictionaryReader;CreateMtomReader;(System.Byte[],System.Int32,System.Int32,System.Text.Encoding[],System.String,System.Xml.XmlDictionaryReaderQuotas,System.Int32,System.Xml.OnXmlDictionaryReaderClose);Argument[7];Argument[7].Parameter[delegate-self];value;hq-generated |
|
||||
| System.Xml;XmlDictionaryReader;CreateMtomReader;(System.IO.Stream,System.Text.Encoding[],System.String,System.Xml.XmlDictionaryReaderQuotas,System.Int32,System.Xml.OnXmlDictionaryReaderClose);Argument[5];Argument[5].Parameter[delegate-self];value;hq-generated |
|
||||
|
||||
@@ -9208,7 +9208,7 @@
|
||||
| System.IO;FileSystemWatcher;remove_Error;(System.IO.ErrorEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated |
|
||||
| System.IO;FileSystemWatcher;remove_Renamed;(System.IO.RenamedEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated |
|
||||
| System.IO;MemoryStream;GetBuffer;();Argument[this];ReturnValue;taint;df-generated |
|
||||
| System.IO;MemoryStream;MemoryStream;(System.Byte[]);Argument[0];Argument[this];taint;manual |
|
||||
| System.IO;MemoryStream;MemoryStream;(System.Byte[]);Argument[0].Element;Argument[this];taint;manual |
|
||||
| System.IO;MemoryStream;MemoryStream;(System.Byte[],System.Boolean);Argument[0].Element;Argument[this];taint;manual |
|
||||
| System.IO;MemoryStream;MemoryStream;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;Argument[this];taint;manual |
|
||||
| System.IO;MemoryStream;MemoryStream;(System.Byte[],System.Int32,System.Int32,System.Boolean);Argument[0].Element;Argument[this];taint;manual |
|
||||
@@ -13222,28 +13222,20 @@
|
||||
| System.Runtime.Serialization;SerializationInfo;AddValue;(System.String,System.Int16);Argument[0];Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._names].Element;value;dfc-generated |
|
||||
| System.Runtime.Serialization;SerializationInfo;AddValue;(System.String,System.Int32);Argument[0];Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._names].Element;value;dfc-generated |
|
||||
| System.Runtime.Serialization;SerializationInfo;AddValue;(System.String,System.Int64);Argument[0];Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._names].Element;value;dfc-generated |
|
||||
| System.Runtime.Serialization;SerializationInfo;AddValue;(System.String,System.Object);Argument[0];Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._names].Element;value;dfc-generated |
|
||||
| System.Runtime.Serialization;SerializationInfo;AddValue;(System.String,System.Object);Argument[1];Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._values].Element;value;dfc-generated |
|
||||
| System.Runtime.Serialization;SerializationInfo;AddValue;(System.String,System.Object,System.Type);Argument[0];Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._names].Element;value;dfc-generated |
|
||||
| System.Runtime.Serialization;SerializationInfo;AddValue;(System.String,System.Object,System.Type);Argument[1];Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._values].Element;value;dfc-generated |
|
||||
| System.Runtime.Serialization;SerializationInfo;AddValue;(System.String,System.Object);Argument[1];Argument[this];taint;manual |
|
||||
| System.Runtime.Serialization;SerializationInfo;AddValue;(System.String,System.Object,System.Type);Argument[1];Argument[this];taint;manual |
|
||||
| System.Runtime.Serialization;SerializationInfo;AddValue;(System.String,System.SByte);Argument[0];Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._names].Element;value;dfc-generated |
|
||||
| System.Runtime.Serialization;SerializationInfo;AddValue;(System.String,System.Single);Argument[0];Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._names].Element;value;dfc-generated |
|
||||
| System.Runtime.Serialization;SerializationInfo;AddValue;(System.String,System.UInt16);Argument[0];Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._names].Element;value;dfc-generated |
|
||||
| System.Runtime.Serialization;SerializationInfo;AddValue;(System.String,System.UInt32);Argument[0];Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._names].Element;value;dfc-generated |
|
||||
| System.Runtime.Serialization;SerializationInfo;AddValue;(System.String,System.UInt64);Argument[0];Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._names].Element;value;dfc-generated |
|
||||
| System.Runtime.Serialization;SerializationInfo;GetEnumerator;();Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._names];ReturnValue.SyntheticField[System.Runtime.Serialization.SerializationInfoEnumerator._members];value;dfc-generated |
|
||||
| System.Runtime.Serialization;SerializationInfo;GetEnumerator;();Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._values];ReturnValue.SyntheticField[System.Runtime.Serialization.SerializationInfoEnumerator._data];value;dfc-generated |
|
||||
| System.Runtime.Serialization;SerializationInfo;GetString;(System.String);Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._values].Element;ReturnValue;value;dfc-generated |
|
||||
| System.Runtime.Serialization;SerializationInfo;GetValue;(System.String,System.Type);Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfo._values].Element;ReturnValue;value;dfc-generated |
|
||||
| System.Runtime.Serialization;SerializationInfo;GetEnumerator;();Argument[this];ReturnValue;taint;manual |
|
||||
| System.Runtime.Serialization;SerializationInfo;GetString;(System.String);Argument[this];ReturnValue;taint;manual |
|
||||
| System.Runtime.Serialization;SerializationInfo;GetValue;(System.String,System.Type);Argument[this];ReturnValue;taint;manual |
|
||||
| System.Runtime.Serialization;SerializationInfo;SerializationInfo;(System.Type,System.Runtime.Serialization.IFormatterConverter);Argument[1];Argument[this];taint;df-generated |
|
||||
| System.Runtime.Serialization;SerializationInfoEnumerator;get_Current;();Argument[this].Property[System.Runtime.Serialization.SerializationInfoEnumerator.Current];ReturnValue;value;df-generated |
|
||||
| System.Runtime.Serialization;SerializationInfoEnumerator;get_Current;();Argument[this].Property[System.Runtime.Serialization.SerializationInfoEnumerator.Current];ReturnValue;value;dfc-generated |
|
||||
| System.Runtime.Serialization;SerializationInfoEnumerator;get_Current;();Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfoEnumerator._data].Element;ReturnValue.SyntheticField[System.Runtime.Serialization.SerializationEntry._value];value;df-generated |
|
||||
| System.Runtime.Serialization;SerializationInfoEnumerator;get_Current;();Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfoEnumerator._data].Element;ReturnValue.SyntheticField[System.Runtime.Serialization.SerializationEntry._value];value;dfc-generated |
|
||||
| System.Runtime.Serialization;SerializationInfoEnumerator;get_Current;();Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfoEnumerator._members].Element;ReturnValue.SyntheticField[System.Runtime.Serialization.SerializationEntry._name];value;df-generated |
|
||||
| System.Runtime.Serialization;SerializationInfoEnumerator;get_Current;();Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfoEnumerator._members].Element;ReturnValue.SyntheticField[System.Runtime.Serialization.SerializationEntry._name];value;dfc-generated |
|
||||
| System.Runtime.Serialization;SerializationInfoEnumerator;get_Current;();Argument[this];ReturnValue;taint;manual |
|
||||
| System.Runtime.Serialization;SerializationInfoEnumerator;get_Name;();Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfoEnumerator._members].Element;ReturnValue;value;dfc-generated |
|
||||
| System.Runtime.Serialization;SerializationInfoEnumerator;get_Value;();Argument[this].SyntheticField[System.Runtime.Serialization.SerializationInfoEnumerator._data].Element;ReturnValue;value;dfc-generated |
|
||||
| System.Runtime.Serialization;SerializationInfoEnumerator;get_Value;();Argument[this];ReturnValue;taint;manual |
|
||||
| System.Runtime.Serialization;SerializationObjectManager;SerializationObjectManager;(System.Runtime.Serialization.StreamingContext);Argument[0];Argument[this];taint;df-generated |
|
||||
| System.Runtime.Serialization;StreamingContext;StreamingContext;(System.Runtime.Serialization.StreamingContextStates,System.Object);Argument[1];Argument[this].SyntheticField[System.Runtime.Serialization.StreamingContext._additionalContext];value;dfc-generated |
|
||||
| System.Runtime.Serialization;StreamingContext;get_Context;();Argument[this].SyntheticField[System.Runtime.Serialization.StreamingContext._additionalContext];ReturnValue;value;dfc-generated |
|
||||
@@ -14074,18 +14066,18 @@
|
||||
| System.Text;Encoding;CreateTranscodingStream;(System.IO.Stream,System.Text.Encoding,System.Text.Encoding,System.Boolean);Argument[2];ReturnValue;taint;df-generated |
|
||||
| System.Text;Encoding;Encoding;(System.Int32,System.Text.EncoderFallback,System.Text.DecoderFallback);Argument[1];Argument[this];taint;df-generated |
|
||||
| System.Text;Encoding;Encoding;(System.Int32,System.Text.EncoderFallback,System.Text.DecoderFallback);Argument[2];Argument[this];taint;df-generated |
|
||||
| System.Text;Encoding;GetBytes;(System.Char*,System.Int32,System.Byte*,System.Int32);Argument[0];ReturnValue;taint;manual |
|
||||
| System.Text;Encoding;GetBytes;(System.Char*,System.Int32,System.Byte*,System.Int32);Argument[0].Element;Argument[2];taint;manual |
|
||||
| System.Text;Encoding;GetBytes;(System.Char[]);Argument[0].Element;ReturnValue;taint;manual |
|
||||
| System.Text;Encoding;GetBytes;(System.Char[],System.Int32,System.Int32);Argument[0].Element;ReturnValue;taint;manual |
|
||||
| System.Text;Encoding;GetBytes;(System.Char[],System.Int32,System.Int32,System.Byte[],System.Int32);Argument[0].Element;ReturnValue;taint;manual |
|
||||
| System.Text;Encoding;GetBytes;(System.ReadOnlySpan<System.Char>,System.Span<System.Byte>);Argument[0];ReturnValue;taint;manual |
|
||||
| System.Text;Encoding;GetBytes;(System.Char[],System.Int32,System.Int32,System.Byte[],System.Int32);Argument[0].Element;Argument[3];taint;manual |
|
||||
| System.Text;Encoding;GetBytes;(System.ReadOnlySpan<System.Char>,System.Span<System.Byte>);Argument[0].Element;Argument[1];taint;manual |
|
||||
| System.Text;Encoding;GetBytes;(System.String);Argument[0];ReturnValue;taint;manual |
|
||||
| System.Text;Encoding;GetBytes;(System.String,System.Int32,System.Int32);Argument[0];ReturnValue;taint;manual |
|
||||
| System.Text;Encoding;GetBytes;(System.String,System.Int32,System.Int32,System.Byte[],System.Int32);Argument[0];ReturnValue;taint;manual |
|
||||
| System.Text;Encoding;GetChars;(System.Byte*,System.Int32,System.Char*,System.Int32);Argument[0].Element;ReturnValue;taint;manual |
|
||||
| System.Text;Encoding;GetBytes;(System.String,System.Int32,System.Int32,System.Byte[],System.Int32);Argument[0];Argument[3];taint;manual |
|
||||
| System.Text;Encoding;GetChars;(System.Byte*,System.Int32,System.Char*,System.Int32);Argument[0].Element;Argument[2];taint;manual |
|
||||
| System.Text;Encoding;GetChars;(System.Byte[]);Argument[0].Element;ReturnValue;taint;manual |
|
||||
| System.Text;Encoding;GetChars;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;ReturnValue;taint;manual |
|
||||
| System.Text;Encoding;GetChars;(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32);Argument[0].Element;ReturnValue;taint;manual |
|
||||
| System.Text;Encoding;GetChars;(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32);Argument[0].Element;Argument[3];taint;manual |
|
||||
| System.Text;Encoding;GetChars;(System.ReadOnlySpan<System.Byte>,System.Span<System.Char>);Argument[0].Element;ReturnValue;taint;manual |
|
||||
| System.Text;Encoding;GetDecoder;();Argument[this];ReturnValue;taint;df-generated |
|
||||
| System.Text;Encoding;GetEncoder;();Argument[this];ReturnValue;taint;df-generated |
|
||||
@@ -16194,21 +16186,27 @@
|
||||
| System.Xml;XmlDeclaration;XmlDeclaration;(System.String,System.String,System.String,System.Xml.XmlDocument);Argument[2];Argument[this];taint;df-generated |
|
||||
| System.Xml;XmlDictionary;Add;(System.String);Argument[0];ReturnValue.SyntheticField[System.Xml.XmlDictionaryString._value];value;dfc-generated |
|
||||
| System.Xml;XmlDictionary;Add;(System.String);Argument[this];ReturnValue.SyntheticField[System.Xml.XmlDictionaryString._dictionary];value;dfc-generated |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas);Argument[0].Element;ReturnValue;taint;df-generated |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas);Argument[3];ReturnValue;taint;df-generated |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession);Argument[0].Element;ReturnValue;taint;df-generated |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession);Argument[3];ReturnValue;taint;df-generated |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession);Argument[5];ReturnValue;taint;df-generated |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession,System.Xml.OnXmlDictionaryReaderClose);Argument[6];Argument[6].Parameter[delegate-self];value;hq-generated |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.XmlDictionaryReaderQuotas);Argument[0].Element;ReturnValue;taint;df-generated |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Xml.XmlDictionaryReaderQuotas);Argument[0].Element;ReturnValue;taint;df-generated |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas);Argument[0];ReturnValue;taint;df-generated |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas);Argument[1];ReturnValue;taint;df-generated |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession);Argument[0];ReturnValue;taint;df-generated |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession);Argument[1];ReturnValue;taint;df-generated |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession);Argument[3];ReturnValue;taint;df-generated |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession,System.Xml.OnXmlDictionaryReaderClose);Argument[4];Argument[4].Parameter[delegate-self];value;hq-generated |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.XmlDictionaryReaderQuotas);Argument[0];ReturnValue;taint;df-generated |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas);Argument[0].Element;ReturnValue;taint;df-manual |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas);Argument[3];ReturnValue;taint;df-manual |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession);Argument[0].Element;ReturnValue;taint;df-manual |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession);Argument[3];ReturnValue;taint;df-manual |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession);Argument[5];ReturnValue;taint;df-manual |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession,System.Xml.OnXmlDictionaryReaderClose);Argument[0].Element;ReturnValue;taint;manual |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession,System.Xml.OnXmlDictionaryReaderClose);Argument[3];ReturnValue;taint;manual |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession,System.Xml.OnXmlDictionaryReaderClose);Argument[5];ReturnValue;taint;manual |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession,System.Xml.OnXmlDictionaryReaderClose);Argument[6];Argument[6].Parameter[delegate-self];value;manual |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.XmlDictionaryReaderQuotas);Argument[0].Element;ReturnValue;taint;df-manual |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Xml.XmlDictionaryReaderQuotas);Argument[0].Element;ReturnValue;taint;df-manual |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas);Argument[0];ReturnValue;taint;df-manual |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas);Argument[1];ReturnValue;taint;df-manual |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession);Argument[0];ReturnValue;taint;df-manual |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession);Argument[1];ReturnValue;taint;df-manual |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession);Argument[3];ReturnValue;taint;df-manual |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession,System.Xml.OnXmlDictionaryReaderClose);Argument[0];ReturnValue;taint;manual |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession,System.Xml.OnXmlDictionaryReaderClose);Argument[1];ReturnValue;taint;manual |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession,System.Xml.OnXmlDictionaryReaderClose);Argument[3];ReturnValue;taint;manual |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession,System.Xml.OnXmlDictionaryReaderClose);Argument[4];Argument[4].Parameter[delegate-self];value;manual |
|
||||
| System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.IO.Stream,System.Xml.XmlDictionaryReaderQuotas);Argument[0];ReturnValue;taint;df-manual |
|
||||
| System.Xml;XmlDictionaryReader;CreateDictionaryReader;(System.Xml.XmlReader);Argument[0];ReturnValue;value;dfc-generated |
|
||||
| System.Xml;XmlDictionaryReader;CreateMtomReader;(System.Byte[],System.Int32,System.Int32,System.Text.Encoding[],System.String,System.Xml.XmlDictionaryReaderQuotas,System.Int32,System.Xml.OnXmlDictionaryReaderClose);Argument[7];Argument[7].Parameter[delegate-self];value;hq-generated |
|
||||
| System.Xml;XmlDictionaryReader;CreateMtomReader;(System.IO.Stream,System.Text.Encoding[],System.String,System.Xml.XmlDictionaryReaderQuotas,System.Int32,System.Xml.OnXmlDictionaryReaderClose);Argument[5];Argument[5].Parameter[delegate-self];value;hq-generated |
|
||||
|
||||
@@ -11,11 +11,11 @@ class DeserializedDelegate
|
||||
{
|
||||
var formatter = new BinaryFormatter();
|
||||
// BAD
|
||||
var a = (Func<int>)formatter.Deserialize(fs);
|
||||
var a = (Func<int>)formatter.Deserialize(fs); // $ Alert[cs/deserialized-delegate]
|
||||
// BAD
|
||||
var b = (Expression<Func<int>>)formatter.Deserialize(fs);
|
||||
var b = (Expression<Func<int>>)formatter.Deserialize(fs); // $ Alert[cs/deserialized-delegate]
|
||||
// BAD
|
||||
var c = (D)formatter.Deserialize(fs);
|
||||
var c = (D)formatter.Deserialize(fs); // $ Alert[cs/deserialized-delegate]
|
||||
// GOOD
|
||||
var d = (int)formatter.Deserialize(fs);
|
||||
}
|
||||
|
||||
@@ -1 +1,4 @@
|
||||
Security Features/CWE-502/DeserializedDelegate.ql
|
||||
query: Security Features/CWE-502/DeserializedDelegate.ql
|
||||
postprocess:
|
||||
- utils/test/PrettyPrintModels.ql
|
||||
- utils/test/InlineExpectationsTestQuery.ql
|
||||
|
||||
@@ -8,7 +8,7 @@ class Bad
|
||||
{
|
||||
var formatter = new BinaryFormatter();
|
||||
// BAD
|
||||
var f = (Func<int>)formatter.Deserialize(fs);
|
||||
var f = (Func<int>)formatter.Deserialize(fs); // $ Alert[cs/deserialized-delegate]
|
||||
return f();
|
||||
}
|
||||
}
|
||||
|
||||
@@ -7,6 +7,6 @@ class BadBinaryFormatter
|
||||
{
|
||||
var ds = new BinaryFormatter();
|
||||
// BAD
|
||||
return ds.Deserialize(s);
|
||||
return ds.Deserialize(s); // $ Alert[cs/unsafe-deserialization]
|
||||
}
|
||||
}
|
||||
|
||||
@@ -8,6 +8,6 @@ class BadDataContractJsonSerializer
|
||||
{
|
||||
var ds = new DataContractJsonSerializer(type);
|
||||
// BAD
|
||||
return ds.ReadObject(s);
|
||||
return ds.ReadObject(s); // $ Alert[cs/unsafe-deserialization]
|
||||
}
|
||||
}
|
||||
|
||||
@@ -8,6 +8,6 @@ class BadDataContractSerializer
|
||||
{
|
||||
var ds = new DataContractSerializer(type);
|
||||
// BAD
|
||||
return ds.ReadObject(s);
|
||||
return ds.ReadObject(s); // $ Alert[cs/unsafe-deserialization]
|
||||
}
|
||||
}
|
||||
|
||||
@@ -6,11 +6,11 @@ class BadResourceReader
|
||||
{
|
||||
public static void Deserialize(Stream s)
|
||||
{
|
||||
var ds = new ResourceReader(s);
|
||||
var ds = new ResourceReader(s); // $ Alert[cs/unsafe-deserialization]
|
||||
// BAD
|
||||
var dict = ds.GetEnumerator();
|
||||
while (dict.MoveNext())
|
||||
Console.WriteLine(" {0}: '{1}' (Type {2})",
|
||||
Console.WriteLine(" {0}: '{1}' (Type {2})",
|
||||
dict.Key, dict.Value, dict.Value.GetType().Name);
|
||||
ds.Close();
|
||||
}
|
||||
|
||||
@@ -1 +1,4 @@
|
||||
Security Features/CWE-502/UnsafeDeserialization.ql
|
||||
query: Security Features/CWE-502/UnsafeDeserialization.ql
|
||||
postprocess:
|
||||
- utils/test/PrettyPrintModels.ql
|
||||
- utils/test/InlineExpectationsTestQuery.ql
|
||||
|
||||
@@ -6,6 +6,6 @@ class Bad
|
||||
{
|
||||
JavaScriptSerializer sr = new JavaScriptSerializer(new SimpleTypeResolver());
|
||||
// BAD
|
||||
return sr.DeserializeObject(s);
|
||||
return sr.DeserializeObject(s); // $ Alert[cs/unsafe-deserialization]
|
||||
}
|
||||
}
|
||||
|
||||
@@ -8,6 +8,6 @@ class BadXmlObjectSerializer
|
||||
{
|
||||
XmlObjectSerializer ds = new DataContractSerializer(type);
|
||||
// BAD
|
||||
return ds.ReadObject(s);
|
||||
return ds.ReadObject(s); // $ Alert[cs/unsafe-deserialization]
|
||||
}
|
||||
}
|
||||
|
||||
@@ -8,6 +8,6 @@ class BadXmlSerializer
|
||||
{
|
||||
var ds = new XmlSerializer(type);
|
||||
// BAD
|
||||
return ds.Deserialize(s);
|
||||
return ds.Deserialize(s); // $ Alert[cs/unsafe-deserialization]
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,14 +1,25 @@
|
||||
using System.Web.UI.WebControls;
|
||||
using System.Runtime.Serialization.Formatters.Binary;
|
||||
using System;
|
||||
using System.IO;
|
||||
using System.Runtime.Serialization.Formatters.Binary;
|
||||
using System.Text;
|
||||
using System.Web.UI.WebControls;
|
||||
|
||||
class BadBinaryFormatter
|
||||
class BadBinaryFormatter1
|
||||
{
|
||||
public static object Deserialize(TextBox textBox)
|
||||
{
|
||||
var ds = new BinaryFormatter();
|
||||
// BAD
|
||||
return ds.Deserialize(new MemoryStream(Encoding.UTF8.GetBytes(textBox.Text)));
|
||||
return ds.Deserialize(new MemoryStream(Encoding.UTF8.GetBytes(textBox.Text))); // $ Alert[cs/unsafe-deserialization-untrusted-input]
|
||||
}
|
||||
}
|
||||
|
||||
class BadBinaryFormatter2
|
||||
{
|
||||
public static object Deserialize(TextBox type, TextBox data)
|
||||
{
|
||||
var ds = new BinaryFormatter();
|
||||
// BAD
|
||||
return ds.Deserialize(new MemoryStream(Convert.FromBase64String(data.Text))); // $ Alert[cs/unsafe-deserialization-untrusted-input]
|
||||
}
|
||||
}
|
||||
|
||||
@@ -10,6 +10,6 @@ class BadDataContractJsonSerializer
|
||||
{
|
||||
var ds = new DataContractJsonSerializer(Type.GetType(type.Text));
|
||||
// BAD
|
||||
return ds.ReadObject(new MemoryStream(Encoding.UTF8.GetBytes(data.Text)));
|
||||
return ds.ReadObject(new MemoryStream(Encoding.UTF8.GetBytes(data.Text))); // $ Alert[cs/unsafe-deserialization-untrusted-input]
|
||||
}
|
||||
}
|
||||
|
||||
@@ -10,6 +10,6 @@ class BadDataContractSerializer
|
||||
{
|
||||
var ds = new DataContractSerializer(Type.GetType(type.Text));
|
||||
// BAD
|
||||
return ds.ReadObject(new MemoryStream(Encoding.UTF8.GetBytes(data.Text)));
|
||||
return ds.ReadObject(new MemoryStream(Encoding.UTF8.GetBytes(data.Text))); // $ Alert[cs/unsafe-deserialization-untrusted-input]
|
||||
}
|
||||
}
|
||||
|
||||
@@ -8,11 +8,11 @@ class BadResourceReader
|
||||
{
|
||||
public static void Deserialize(TextBox data)
|
||||
{
|
||||
var ds = new ResourceReader(new MemoryStream(Encoding.UTF8.GetBytes(data.Text)));
|
||||
var ds = new ResourceReader(new MemoryStream(Encoding.UTF8.GetBytes(data.Text))); // $ Alert[cs/unsafe-deserialization-untrusted-input]
|
||||
// BAD
|
||||
var dict = ds.GetEnumerator();
|
||||
while (dict.MoveNext())
|
||||
Console.WriteLine(" {0}: '{1}' (Type {2})",
|
||||
Console.WriteLine(" {0}: '{1}' (Type {2})",
|
||||
dict.Key, dict.Value, dict.Value.GetType().Name);
|
||||
ds.Close();
|
||||
}
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
#select
|
||||
| BinaryFormatterUntrustedInputBad.cs:12:31:12:84 | object creation of type MemoryStream | BinaryFormatterUntrustedInputBad.cs:12:71:12:77 | access to parameter textBox : TextBox | BinaryFormatterUntrustedInputBad.cs:12:31:12:84 | object creation of type MemoryStream | $@ flows to unsafe deserializer. | BinaryFormatterUntrustedInputBad.cs:12:71:12:77 | access to parameter textBox : TextBox | User-provided data |
|
||||
| BinaryFormatterUntrustedInputBad.cs:13:31:13:84 | object creation of type MemoryStream | BinaryFormatterUntrustedInputBad.cs:13:71:13:77 | access to parameter textBox : TextBox | BinaryFormatterUntrustedInputBad.cs:13:31:13:84 | object creation of type MemoryStream | $@ flows to unsafe deserializer. | BinaryFormatterUntrustedInputBad.cs:13:71:13:77 | access to parameter textBox : TextBox | User-provided data |
|
||||
| BinaryFormatterUntrustedInputBad.cs:23:31:23:83 | object creation of type MemoryStream | BinaryFormatterUntrustedInputBad.cs:23:73:23:76 | access to parameter data : TextBox | BinaryFormatterUntrustedInputBad.cs:23:31:23:83 | object creation of type MemoryStream | $@ flows to unsafe deserializer. | BinaryFormatterUntrustedInputBad.cs:23:73:23:76 | access to parameter data : TextBox | User-provided data |
|
||||
| DataContractJsonSerializerUntrustedInputBad.cs:13:30:13:80 | object creation of type MemoryStream | DataContractJsonSerializerUntrustedInputBad.cs:13:70:13:73 | access to parameter data : TextBox | DataContractJsonSerializerUntrustedInputBad.cs:13:30:13:80 | object creation of type MemoryStream | $@ flows to unsafe deserializer. | DataContractJsonSerializerUntrustedInputBad.cs:13:70:13:73 | access to parameter data : TextBox | User-provided data |
|
||||
| DataContractSerializerUntrustedInputBad.cs:13:30:13:80 | object creation of type MemoryStream | DataContractSerializerUntrustedInputBad.cs:13:70:13:73 | access to parameter data : TextBox | DataContractSerializerUntrustedInputBad.cs:13:30:13:80 | object creation of type MemoryStream | $@ flows to unsafe deserializer. | DataContractSerializerUntrustedInputBad.cs:13:70:13:73 | access to parameter data : TextBox | User-provided data |
|
||||
| ResourceReaderUntrustedInputBad.cs:11:37:11:87 | object creation of type MemoryStream | ResourceReaderUntrustedInputBad.cs:11:77:11:80 | access to parameter data : TextBox | ResourceReaderUntrustedInputBad.cs:11:37:11:87 | object creation of type MemoryStream | $@ flows to unsafe deserializer. | ResourceReaderUntrustedInputBad.cs:11:77:11:80 | access to parameter data : TextBox | User-provided data |
|
||||
@@ -7,9 +8,12 @@
|
||||
| XmlObjectSerializerUntrustedInputBad.cs:13:30:13:80 | object creation of type MemoryStream | XmlObjectSerializerUntrustedInputBad.cs:13:70:13:73 | access to parameter data : TextBox | XmlObjectSerializerUntrustedInputBad.cs:13:30:13:80 | object creation of type MemoryStream | $@ flows to unsafe deserializer. | XmlObjectSerializerUntrustedInputBad.cs:13:70:13:73 | access to parameter data : TextBox | User-provided data |
|
||||
| XmlSerializerUntrustedInputBad.cs:13:31:13:81 | object creation of type MemoryStream | XmlSerializerUntrustedInputBad.cs:13:71:13:74 | access to parameter data : TextBox | XmlSerializerUntrustedInputBad.cs:13:31:13:81 | object creation of type MemoryStream | $@ flows to unsafe deserializer. | XmlSerializerUntrustedInputBad.cs:13:71:13:74 | access to parameter data : TextBox | User-provided data |
|
||||
edges
|
||||
| BinaryFormatterUntrustedInputBad.cs:12:48:12:83 | call to method GetBytes : Byte[] | BinaryFormatterUntrustedInputBad.cs:12:31:12:84 | object creation of type MemoryStream | provenance | MaD:1 |
|
||||
| BinaryFormatterUntrustedInputBad.cs:12:71:12:77 | access to parameter textBox : TextBox | BinaryFormatterUntrustedInputBad.cs:12:71:12:82 | access to property Text : String | provenance | MaD:3 |
|
||||
| BinaryFormatterUntrustedInputBad.cs:12:71:12:82 | access to property Text : String | BinaryFormatterUntrustedInputBad.cs:12:48:12:83 | call to method GetBytes : Byte[] | provenance | MaD:2 |
|
||||
| BinaryFormatterUntrustedInputBad.cs:13:48:13:83 | call to method GetBytes : Byte[] | BinaryFormatterUntrustedInputBad.cs:13:31:13:84 | object creation of type MemoryStream | provenance | MaD:1 |
|
||||
| BinaryFormatterUntrustedInputBad.cs:13:71:13:77 | access to parameter textBox : TextBox | BinaryFormatterUntrustedInputBad.cs:13:71:13:82 | access to property Text : String | provenance | MaD:3 |
|
||||
| BinaryFormatterUntrustedInputBad.cs:13:71:13:82 | access to property Text : String | BinaryFormatterUntrustedInputBad.cs:13:48:13:83 | call to method GetBytes : Byte[] | provenance | MaD:2 |
|
||||
| BinaryFormatterUntrustedInputBad.cs:23:48:23:82 | call to method FromBase64String : Byte[] [element] : Object | BinaryFormatterUntrustedInputBad.cs:23:31:23:83 | object creation of type MemoryStream | provenance | MaD:1 |
|
||||
| BinaryFormatterUntrustedInputBad.cs:23:73:23:76 | access to parameter data : TextBox | BinaryFormatterUntrustedInputBad.cs:23:73:23:81 | access to property Text : String | provenance | MaD:3 |
|
||||
| BinaryFormatterUntrustedInputBad.cs:23:73:23:81 | access to property Text : String | BinaryFormatterUntrustedInputBad.cs:23:48:23:82 | call to method FromBase64String : Byte[] [element] : Object | provenance | MaD:4 |
|
||||
| DataContractJsonSerializerUntrustedInputBad.cs:13:47:13:79 | call to method GetBytes : Byte[] | DataContractJsonSerializerUntrustedInputBad.cs:13:30:13:80 | object creation of type MemoryStream | provenance | MaD:1 |
|
||||
| DataContractJsonSerializerUntrustedInputBad.cs:13:70:13:73 | access to parameter data : TextBox | DataContractJsonSerializerUntrustedInputBad.cs:13:70:13:78 | access to property Text : String | provenance | MaD:3 |
|
||||
| DataContractJsonSerializerUntrustedInputBad.cs:13:70:13:78 | access to property Text : String | DataContractJsonSerializerUntrustedInputBad.cs:13:47:13:79 | call to method GetBytes : Byte[] | provenance | MaD:2 |
|
||||
@@ -27,14 +31,19 @@ edges
|
||||
| XmlSerializerUntrustedInputBad.cs:13:71:13:74 | access to parameter data : TextBox | XmlSerializerUntrustedInputBad.cs:13:71:13:79 | access to property Text : String | provenance | MaD:3 |
|
||||
| XmlSerializerUntrustedInputBad.cs:13:71:13:79 | access to property Text : String | XmlSerializerUntrustedInputBad.cs:13:48:13:80 | call to method GetBytes : Byte[] | provenance | MaD:2 |
|
||||
models
|
||||
| 1 | Summary: System.IO; MemoryStream; false; MemoryStream; (System.Byte[]); ; Argument[0]; Argument[this]; taint; manual |
|
||||
| 1 | Summary: System.IO; MemoryStream; false; MemoryStream; (System.Byte[]); ; Argument[0].Element; Argument[this]; taint; manual |
|
||||
| 2 | Summary: System.Text; Encoding; true; GetBytes; (System.String); ; Argument[0]; ReturnValue; taint; manual |
|
||||
| 3 | Summary: System.Web.UI.WebControls; TextBox; false; get_Text; (); ; Argument[this]; ReturnValue; taint; manual |
|
||||
| 4 | Summary: System; Convert; false; FromBase64String; (System.String); ; Argument[0]; ReturnValue.Element; taint; manual |
|
||||
nodes
|
||||
| BinaryFormatterUntrustedInputBad.cs:12:31:12:84 | object creation of type MemoryStream | semmle.label | object creation of type MemoryStream |
|
||||
| BinaryFormatterUntrustedInputBad.cs:12:48:12:83 | call to method GetBytes : Byte[] | semmle.label | call to method GetBytes : Byte[] |
|
||||
| BinaryFormatterUntrustedInputBad.cs:12:71:12:77 | access to parameter textBox : TextBox | semmle.label | access to parameter textBox : TextBox |
|
||||
| BinaryFormatterUntrustedInputBad.cs:12:71:12:82 | access to property Text : String | semmle.label | access to property Text : String |
|
||||
| BinaryFormatterUntrustedInputBad.cs:13:31:13:84 | object creation of type MemoryStream | semmle.label | object creation of type MemoryStream |
|
||||
| BinaryFormatterUntrustedInputBad.cs:13:48:13:83 | call to method GetBytes : Byte[] | semmle.label | call to method GetBytes : Byte[] |
|
||||
| BinaryFormatterUntrustedInputBad.cs:13:71:13:77 | access to parameter textBox : TextBox | semmle.label | access to parameter textBox : TextBox |
|
||||
| BinaryFormatterUntrustedInputBad.cs:13:71:13:82 | access to property Text : String | semmle.label | access to property Text : String |
|
||||
| BinaryFormatterUntrustedInputBad.cs:23:31:23:83 | object creation of type MemoryStream | semmle.label | object creation of type MemoryStream |
|
||||
| BinaryFormatterUntrustedInputBad.cs:23:48:23:82 | call to method FromBase64String : Byte[] [element] : Object | semmle.label | call to method FromBase64String : Byte[] [element] : Object |
|
||||
| BinaryFormatterUntrustedInputBad.cs:23:73:23:76 | access to parameter data : TextBox | semmle.label | access to parameter data : TextBox |
|
||||
| BinaryFormatterUntrustedInputBad.cs:23:73:23:81 | access to property Text : String | semmle.label | access to property Text : String |
|
||||
| DataContractJsonSerializerUntrustedInputBad.cs:13:30:13:80 | object creation of type MemoryStream | semmle.label | object creation of type MemoryStream |
|
||||
| DataContractJsonSerializerUntrustedInputBad.cs:13:47:13:79 | call to method GetBytes : Byte[] | semmle.label | call to method GetBytes : Byte[] |
|
||||
| DataContractJsonSerializerUntrustedInputBad.cs:13:70:13:73 | access to parameter data : TextBox | semmle.label | access to parameter data : TextBox |
|
||||
|
||||
@@ -1,2 +1,4 @@
|
||||
query: Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql
|
||||
postprocess: utils/test/PrettyPrintModels.ql
|
||||
postprocess:
|
||||
- utils/test/PrettyPrintModels.ql
|
||||
- utils/test/InlineExpectationsTestQuery.ql
|
||||
|
||||
@@ -7,6 +7,6 @@ class Bad
|
||||
{
|
||||
JavaScriptSerializer sr = new JavaScriptSerializer(new SimpleTypeResolver());
|
||||
// BAD
|
||||
return sr.DeserializeObject(textBox.Text);
|
||||
return sr.DeserializeObject(textBox.Text); // $ Alert[cs/unsafe-deserialization-untrusted-input]
|
||||
}
|
||||
}
|
||||
|
||||
@@ -10,6 +10,6 @@ class BadXmlObjectSerializer
|
||||
{
|
||||
XmlObjectSerializer ds = new DataContractSerializer(Type.GetType(type.Text));
|
||||
// BAD
|
||||
return ds.ReadObject(new MemoryStream(Encoding.UTF8.GetBytes(data.Text)));
|
||||
return ds.ReadObject(new MemoryStream(Encoding.UTF8.GetBytes(data.Text))); // $ Alert[cs/unsafe-deserialization-untrusted-input]
|
||||
}
|
||||
}
|
||||
|
||||
@@ -10,6 +10,6 @@ class BadXmlSerializer
|
||||
{
|
||||
var ds = new XmlSerializer(Type.GetType(type.Text));
|
||||
// BAD
|
||||
return ds.Deserialize(new MemoryStream(Encoding.UTF8.GetBytes(data.Text)));
|
||||
return ds.Deserialize(new MemoryStream(Encoding.UTF8.GetBytes(data.Text))); // $ Alert[cs/unsafe-deserialization-untrusted-input]
|
||||
}
|
||||
}
|
||||
|
||||
@@ -14,9 +14,9 @@ class Test
|
||||
|
||||
public static object Deserialize2(TextBox data)
|
||||
{
|
||||
return JsonConvert.DeserializeObject(data.Text, new JsonSerializerSettings
|
||||
return JsonConvert.DeserializeObject(data.Text, new JsonSerializerSettings // $ Alert[cs/unsafe-deserialization-untrusted-input]
|
||||
{
|
||||
TypeNameHandling = TypeNameHandling.Auto // BAD
|
||||
TypeNameHandling = TypeNameHandling.Auto
|
||||
});
|
||||
}
|
||||
|
||||
|
||||
@@ -1,2 +1,4 @@
|
||||
query: Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql
|
||||
postprocess: utils/test/PrettyPrintModels.ql
|
||||
postprocess:
|
||||
- utils/test/PrettyPrintModels.ql
|
||||
- utils/test/InlineExpectationsTestQuery.ql
|
||||
|
||||
@@ -157,7 +157,7 @@ Each code quality related query should have **one** of these two "top-level" cat
|
||||
* `@tags maintainability`–for queries that detect patterns that make it harder for developers to make changes to the code.
|
||||
* `@tags reliability`–for queries that detect issues that affect whether the code will perform as expected during execution.
|
||||
|
||||
In addition to the "top-level" categories, we will also add sub-categories to further group code quality related queries:
|
||||
In addition to the "top-level" categories, we may also add sub-categories to further group code quality related queries:
|
||||
|
||||
* `@tags maintainability`–for queries that detect patterns that make it harder for developers to make changes to the code.
|
||||
* `@tags readability`–for queries that detect confusing patterns that make it harder for developers to read the code.
|
||||
@@ -171,6 +171,7 @@ In addition to the "top-level" categories, we will also add sub-categories to fu
|
||||
* `@tags concurrency`-for queries that detect concurrency related issues such as race conditions, deadlocks, thread safety, etc
|
||||
* `@tags error-handling`-for queries that detect issues related to unsafe error handling such as uncaught exceptions, etc
|
||||
|
||||
You may use sub-categories from both top-level categories on the same query. However, if you only use sub-categories from a single top-level category, then you must also tag the query with that top-level category.
|
||||
|
||||
There are also more specific `@tags` that can be added. See, the following pages for examples of the low-level tags:
|
||||
|
||||
|
||||
@@ -1,7 +1,3 @@
|
||||
## 1.0.27
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.0.26
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,3 +0,0 @@
|
||||
## 1.0.27
|
||||
|
||||
No user-facing changes.
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user