hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 08:43:11 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into redsun82/cargo-upgrade-2

Browse Source
This commit is contained in:
Paolo Tranquilli
2025-08-14 17:55:17 +02:00
parent 92e94695e7 5c0300cbdf
commit 6ca1c587f6
101 changed files with 4153 additions and 2548 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
MODULE.bazel
View File

@@ -15,7 +15,7 @@ local_path_override(
# see https://registry.bazel.build/ for a list of available packages
bazel_dep(name = "platforms", version = "0.0.11")
bazel_dep(name = "rules_go", version = "0.50.1")
bazel_dep(name = "rules_go", version = "0.56.1")
bazel_dep(name = "rules_pkg", version = "1.0.1")
bazel_dep(name = "rules_nodejs", version = "6.2.0-codeql.1")
bazel_dep(name = "rules_python", version = "0.40.0")
@@ -263,7 +263,7 @@ use_repo(
)
go_sdk = use_extension("@rules_go//go:extensions.bzl", "go_sdk")
go_sdk.download(version = "1.24.0")
go_sdk.download(version = "1.25.0")
go_deps = use_extension("@gazelle//:extensions.bzl", "go_deps")
go_deps.from_file(go_mod = "//go/extractor:go.mod")

4
cpp/ql/lib/change-notes/2025-08-13-guards.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* The guards libraries (`semmle.code.cpp.controlflow.Guards` and `semmle.code.cpp.controlflow.IRGuards`) have been improved to recognize more guards.

184
cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll
View File

@@ -936,6 +936,77 @@ private module Cached {
ValueNumber getUnary() { result.getAnInstruction() = instr.getUnary() }
}
signature predicate sinkSig(Instruction instr);
private module BooleanInstruction<sinkSig/1 isSink> {
/**
* Holds if `i1` flows to `i2` in a single step and `i2` is not an
* instruction that produces a value of Boolean type.
*/
private predicate stepToNonBoolean(Instruction i1, Instruction i2) {
not i2.getResultIRType() instanceof IRBooleanType and
(
i2.(CopyInstruction).getSourceValue() = i1
or
i2.(ConvertInstruction).getUnary() = i1
or
i2.(BuiltinExpectCallInstruction).getArgument(0) = i1
)
}
private predicate rev(Instruction instr) {
isSink(instr)
or
exists(Instruction instr1 |
rev(instr1) and
stepToNonBoolean(instr, instr1)
)
}
private predicate hasBooleanType(Instruction instr) {
instr.getResultIRType() instanceof IRBooleanType
}
private predicate fwd(Instruction instr) {
rev(instr) and
(
hasBooleanType(instr)
or
exists(Instruction instr0 |
fwd(instr0) and
stepToNonBoolean(instr0, instr)
)
)
}
private predicate prunedStep(Instruction i1, Instruction i2) {
fwd(i1) and
fwd(i2) and
stepToNonBoolean(i1, i2)
}
private predicate stepsPlus(Instruction i1, Instruction i2) =
doublyBoundedFastTC(prunedStep/2, hasBooleanType/1, isSink/1)(i1, i2)
/**
* Gets the Boolean-typed instruction that defines `instr` before any
* integer conversions are applied, if any.
*/
Instruction get(Instruction instr) {
isSink(instr) and
(
result = instr
or
stepsPlus(result, instr)
) and
hasBooleanType(result)
}
}
private predicate isUnaryComparesEqLeft(Instruction instr) {
unary_compares_eq(_, instr.getAUse(), 0, _, _)
}
/**
* Holds if `left == right + k` is `areEqual` given that test is `testIsTrue`.
*
@@ -966,14 +1037,19 @@ private module Cached {
)
or
compares_eq(test.(BuiltinExpectCallValueNumber).getCondition(), left, right, k, areEqual, value)
}
private predicate isConvertedBool(Instruction instr) {
instr.getResultIRType() instanceof IRBooleanType
or
isConvertedBool(instr.(ConvertInstruction).getUnary())
or
isConvertedBool(instr.(BuiltinExpectCallInstruction).getCondition())
exists(Operand l, BooleanValue bv |
// 1. test = value -> int(l) = 0 is !bv
unary_compares_eq(test, l, 0, bv.getValue().booleanNot(), value) and
// 2. l = bv -> left + right is areEqual
compares_eq(valueNumber(BooleanInstruction<isUnaryComparesEqLeft/1>::get(l.getDef())), left,
right, k, areEqual, bv)
// We want this to hold:
// `test = value -> left + right is areEqual`
// Applying 2 we need to show:
// `test = value -> l = bv`
// And `l = bv` holds by `int(l) = 0 is !bv`
)
}
/**
@@ -1006,19 +1082,11 @@ private module Cached {
k = k1 + k2
)
or
exists(CompareValueNumber cmp, Operand left, Operand right, AbstractValue v |
test = cmp and
pragma[only_bind_into](cmp)
.hasOperands(pragma[only_bind_into](left), pragma[only_bind_into](right)) and
isConvertedBool(left.getDef()) and
int_value(right.getDef()) = 0 and
unary_compares_eq(valueNumberOfOperand(left), op, k, areEqual, v)
|
cmp instanceof CompareNEValueNumber and
v = value
or
cmp instanceof CompareEQValueNumber and
v.getDualValue() = value
// See argument for why this is correct in compares_eq
exists(Operand l, BooleanValue bv |
unary_compares_eq(test, l, 0, bv.getValue().booleanNot(), value) and
unary_compares_eq(valueNumber(BooleanInstruction<isUnaryComparesEqLeft/1>::get(l.getDef())),
op, k, areEqual, bv)
)
or
unary_compares_eq(test.(BuiltinExpectCallValueNumber).getCondition(), op, k, areEqual, value)
@@ -1116,70 +1184,26 @@ private module Cached {
)
}
private predicate isBuiltInExpectArg(Instruction instr) {
instr = any(BuiltinExpectCallInstruction buildinExpect).getArgument(0)
}
/** A call to the builtin operation `__builtin_expect`. */
private class BuiltinExpectCallInstruction extends CallInstruction {
BuiltinExpectCallInstruction() { this.getStaticCallTarget().hasName("__builtin_expect") }
/** Gets the condition of this call. */
Instruction getCondition() { result = this.getConditionOperand().getDef() }
Operand getConditionOperand() {
// The first parameter of `__builtin_expect` has type `long`. So we skip
// the conversion when inferring guards.
result = this.getArgument(0).(ConvertInstruction).getUnaryOperand()
Instruction getCondition() {
result = BooleanInstruction<isBuiltInExpectArg/1>::get(this.getArgument(0))
}
}
/**
* Holds if `left == right + k` is `areEqual` if `cmp` evaluates to `value`,
* and `cmp` is an instruction that compares the value of
* `__builtin_expect(left == right + k, _)` to `0`.
*/
private predicate builtin_expect_eq(
CompareValueNumber cmp, Operand left, Operand right, int k, boolean areEqual,
AbstractValue value
) {
exists(BuiltinExpectCallValueNumber call, Instruction const, AbstractValue innerValue |
int_value(const) = 0 and
cmp.hasOperands(call.getAUse(), const.getAUse()) and
compares_eq(call.getCondition(), left, right, k, areEqual, innerValue)
|
cmp instanceof CompareNEValueNumber and
value = innerValue
or
cmp instanceof CompareEQValueNumber and
value.getDualValue() = innerValue
)
}
private predicate complex_eq(
ValueNumber cmp, Operand left, Operand right, int k, boolean areEqual, AbstractValue value
) {
sub_eq(cmp, left, right, k, areEqual, value)
or
add_eq(cmp, left, right, k, areEqual, value)
or
builtin_expect_eq(cmp, left, right, k, areEqual, value)
}
/**
* Holds if `op == k` is `areEqual` if `cmp` evaluates to `value`, and `cmp` is
* an instruction that compares the value of `__builtin_expect(op == k, _)` to `0`.
*/
private predicate unary_builtin_expect_eq(
CompareValueNumber cmp, Operand op, int k, boolean areEqual, AbstractValue value
) {
exists(BuiltinExpectCallValueNumber call, Instruction const, AbstractValue innerValue |
int_value(const) = 0 and
cmp.hasOperands(call.getAUse(), const.getAUse()) and
unary_compares_eq(call.getCondition(), op, k, areEqual, innerValue)
|
cmp instanceof CompareNEValueNumber and
value = innerValue
or
cmp instanceof CompareEQValueNumber and
value.getDualValue() = innerValue
)
}
private predicate unary_complex_eq(
@@ -1188,8 +1212,6 @@ private module Cached {
unary_sub_eq(test, op, k, areEqual, value)
or
unary_add_eq(test, op, k, areEqual, value)
or
unary_builtin_expect_eq(test, op, k, areEqual, value)
}
/*
@@ -1215,6 +1237,15 @@ private module Cached {
exists(AbstractValue dual | value = dual.getDualValue() |
compares_lt(test.(LogicalNotValueNumber).getUnary(), left, right, k, isLt, dual)
)
or
compares_lt(test.(BuiltinExpectCallValueNumber).getCondition(), left, right, k, isLt, value)
or
// See argument for why this is correct in compares_eq
exists(Operand l, BooleanValue bv |
unary_compares_eq(test, l, 0, bv.getValue().booleanNot(), value) and
compares_lt(valueNumber(BooleanInstruction<isUnaryComparesEqLeft/1>::get(l.getDef())), left,
right, k, isLt, bv)
)
}
/** Holds if `op < k` evaluates to `isLt` given that `test` evaluates to `value`. */
@@ -1234,6 +1265,15 @@ private module Cached {
int_value(const) = k1 and
k = k1 + k2
)
or
compares_lt(test.(BuiltinExpectCallValueNumber).getCondition(), op, k, isLt, value)
or
// See argument for why this is correct in compares_eq
exists(Operand l, BooleanValue bv |
unary_compares_eq(test, l, 0, bv.getValue().booleanNot(), value) and
compares_lt(valueNumber(BooleanInstruction<isUnaryComparesEqLeft/1>::get(l.getDef())), op, k,
isLt, bv)
)
}
/** `(a < b + k) => (b > a - k) => (b >= a + (1-k))` */

14
cpp/ql/test/library-tests/controlflow/guards/Guards.expected
View File

@@ -44,6 +44,8 @@
| test.c:198:8:198:8 | b |
| test.c:206:7:206:8 | ! ... |
| test.c:206:8:206:8 | c |
| test.c:215:6:215:18 | call to __builtin_expect |
| test.c:219:9:219:22 | call to __builtin_expect |
| test.cpp:18:8:18:10 | call to get |
| test.cpp:31:7:31:13 | ... == ... |
| test.cpp:42:13:42:20 | call to getABool |
@@ -92,3 +94,15 @@
| test.cpp:241:9:241:43 | ... && ... |
| test.cpp:241:22:241:30 | ... == ... |
| test.cpp:241:35:241:43 | ... == ... |
| test.cpp:247:6:247:18 | ... == ... |
| test.cpp:253:6:253:18 | ... != ... |
| test.cpp:260:6:260:18 | ... == ... |
| test.cpp:266:6:266:18 | ... != ... |
| test.cpp:273:6:273:17 | ... == ... |
| test.cpp:279:6:279:17 | ... != ... |
| test.cpp:287:6:287:19 | ... == ... |
| test.cpp:293:6:293:19 | ... != ... |
| test.cpp:300:6:300:19 | ... == ... |
| test.cpp:306:6:306:19 | ... != ... |
| test.cpp:312:6:312:18 | ... == ... |
| test.cpp:318:6:318:18 | ... != ... |

1807
cpp/ql/test/library-tests/controlflow/guards/GuardsCompare.expected
View File

File diff suppressed because it is too large Load Diff

2
cpp/ql/test/library-tests/controlflow/guards/GuardsCompare.ql
View File

@@ -38,4 +38,4 @@ where
|
msg = left + op + k + " when " + guard + " is " + value
)
select guard.getLocation().getStartLine(), msg
select guard, msg

361
cpp/ql/test/library-tests/controlflow/guards/GuardsControl.expected
View File

@@ -1,165 +1,196 @@
| test.c:7:9:7:13 | ... > ... | false | 10 | 11 |
| test.c:7:9:7:13 | ... > ... | true | 7 | 9 |
| test.c:17:8:17:12 | ... < ... | true | 17 | 17 |
| test.c:17:8:17:12 | ... < ... | true | 18 | 18 |
| test.c:17:8:17:21 | ... && ... | true | 18 | 18 |
| test.c:17:17:17:21 | ... > ... | true | 18 | 18 |
| test.c:26:11:26:15 | ... > ... | false | 2 | 2 |
| test.c:26:11:26:15 | ... > ... | false | 31 | 34 |
| test.c:26:11:26:15 | ... > ... | false | 34 | 34 |
| test.c:26:11:26:15 | ... > ... | false | 39 | 42 |
| test.c:26:11:26:15 | ... > ... | false | 42 | 42 |
| test.c:26:11:26:15 | ... > ... | false | 42 | 44 |
| test.c:26:11:26:15 | ... > ... | false | 45 | 45 |
| test.c:26:11:26:15 | ... > ... | false | 45 | 47 |
| test.c:26:11:26:15 | ... > ... | false | 51 | 53 |
| test.c:26:11:26:15 | ... > ... | false | 56 | 58 |
| test.c:26:11:26:15 | ... > ... | false | 58 | 58 |
| test.c:26:11:26:15 | ... > ... | false | 58 | 66 |
| test.c:26:11:26:15 | ... > ... | false | 62 | 62 |
| test.c:26:11:26:15 | ... > ... | true | 26 | 28 |
| test.c:34:16:34:21 | ... < ... | false | 2 | 2 |
| test.c:34:16:34:21 | ... < ... | false | 39 | 42 |
| test.c:34:16:34:21 | ... < ... | false | 42 | 42 |
| test.c:34:16:34:21 | ... < ... | false | 42 | 44 |
| test.c:34:16:34:21 | ... < ... | false | 45 | 45 |
| test.c:34:16:34:21 | ... < ... | false | 45 | 47 |
| test.c:34:16:34:21 | ... < ... | false | 51 | 53 |
| test.c:34:16:34:21 | ... < ... | false | 56 | 58 |
| test.c:34:16:34:21 | ... < ... | false | 58 | 58 |
| test.c:34:16:34:21 | ... < ... | false | 58 | 66 |
| test.c:34:16:34:21 | ... < ... | false | 62 | 62 |
| test.c:34:16:34:21 | ... < ... | true | 34 | 34 |
| test.c:42:16:42:21 | ... < ... | true | 42 | 42 |
| test.c:42:16:42:21 | ... < ... | true | 42 | 44 |
| test.c:42:16:42:21 | ... < ... | true | 45 | 45 |
| test.c:42:16:42:21 | ... < ... | true | 45 | 47 |
| test.c:42:16:42:21 | ... < ... | true | 51 | 53 |
| test.c:44:12:44:16 | ... > ... | false | 42 | 42 |
| test.c:44:12:44:16 | ... > ... | false | 51 | 53 |
| test.c:44:12:44:16 | ... > ... | true | 45 | 45 |
| test.c:44:12:44:16 | ... > ... | true | 45 | 47 |
| test.c:45:16:45:20 | ... > ... | true | 45 | 47 |
| test.c:58:9:58:14 | ... == ... | false | 58 | 58 |
| test.c:58:9:58:14 | ... == ... | false | 62 | 62 |
| test.c:58:9:58:23 | ... \|\| ... | false | 62 | 62 |
| test.c:58:19:58:23 | ... < ... | false | 62 | 62 |
| test.c:75:9:75:14 | ... == ... | false | 78 | 79 |
| test.c:75:9:75:14 | ... == ... | true | 75 | 77 |
| test.c:85:8:85:13 | ... == ... | true | 85 | 85 |
| test.c:85:8:85:13 | ... == ... | true | 86 | 86 |
| test.c:85:8:85:23 | ... && ... | true | 86 | 86 |
| test.c:85:18:85:23 | ... != ... | true | 86 | 86 |
| test.c:94:11:94:16 | ... != ... | false | 70 | 70 |
| test.c:94:11:94:16 | ... != ... | false | 99 | 102 |
| test.c:94:11:94:16 | ... != ... | false | 102 | 102 |
| test.c:94:11:94:16 | ... != ... | false | 107 | 109 |
| test.c:94:11:94:16 | ... != ... | false | 109 | 109 |
| test.c:94:11:94:16 | ... != ... | false | 109 | 117 |
| test.c:94:11:94:16 | ... != ... | false | 113 | 113 |
| test.c:94:11:94:16 | ... != ... | true | 94 | 96 |
| test.c:102:16:102:21 | ... < ... | false | 70 | 70 |
| test.c:102:16:102:21 | ... < ... | false | 107 | 109 |
| test.c:102:16:102:21 | ... < ... | false | 109 | 109 |
| test.c:102:16:102:21 | ... < ... | false | 109 | 117 |
| test.c:102:16:102:21 | ... < ... | false | 113 | 113 |
| test.c:102:16:102:21 | ... < ... | true | 102 | 102 |
| test.c:109:9:109:14 | ... == ... | false | 109 | 109 |
| test.c:109:9:109:14 | ... == ... | false | 113 | 113 |
| test.c:109:9:109:23 | ... \|\| ... | false | 113 | 113 |
| test.c:109:19:109:23 | ... < ... | false | 113 | 113 |
| test.c:126:7:126:7 | 1 | true | 126 | 126 |
| test.c:126:7:126:7 | 1 | true | 126 | 128 |
| test.c:126:7:126:7 | 1 | true | 131 | 131 |
| test.c:126:7:126:7 | 1 | true | 131 | 132 |
| test.c:126:7:126:7 | 1 | true | 134 | 123 |
| test.c:126:7:126:28 | ... && ... | true | 126 | 128 |
| test.c:126:12:126:26 | call to test3_condition | true | 126 | 128 |
| test.c:131:7:131:7 | b | true | 131 | 132 |
| test.c:137:7:137:7 | 0 | false | 142 | 136 |
| test.c:146:7:146:8 | ! ... | true | 146 | 147 |
| test.c:146:8:146:8 | x | false | 146 | 147 |
| test.c:152:8:152:8 | p | true | 152 | 154 |
| test.c:158:8:158:9 | ! ... | true | 158 | 160 |
| test.c:158:9:158:9 | p | false | 158 | 160 |
| test.c:164:8:164:8 | s | true | 164 | 166 |
| test.c:170:8:170:9 | ! ... | true | 170 | 172 |
| test.c:170:9:170:9 | s | false | 170 | 172 |
| test.c:176:8:176:15 | ! ... | true | 176 | 178 |
| test.c:176:10:176:14 | ... < ... | false | 176 | 178 |
| test.c:182:8:182:34 | ! ... | true | 182 | 184 |
| test.c:182:10:182:20 | ... >= ... | true | 181 | 182 |
| test.c:182:10:182:20 | ... >= ... | true | 182 | 182 |
| test.c:182:10:182:33 | ... && ... | false | 182 | 184 |
| test.c:182:10:182:33 | ... && ... | true | 181 | 182 |
| test.c:182:25:182:33 | ... < ... | true | 181 | 182 |
| test.c:190:7:190:8 | ! ... | true | 190 | 192 |
| test.c:190:8:190:8 | c | false | 190 | 192 |
| test.c:198:7:198:8 | ! ... | true | 198 | 200 |
| test.c:198:8:198:8 | b | false | 198 | 200 |
| test.c:206:7:206:8 | ! ... | true | 206 | 208 |
| test.c:206:8:206:8 | c | false | 206 | 208 |
| test.cpp:18:8:18:10 | call to get | true | 19 | 19 |
| test.cpp:31:7:31:13 | ... == ... | false | 30 | 30 |
| test.cpp:31:7:31:13 | ... == ... | false | 34 | 34 |
| test.cpp:31:7:31:13 | ... == ... | true | 30 | 30 |
| test.cpp:31:7:31:13 | ... == ... | true | 31 | 32 |
| test.cpp:42:13:42:20 | call to getABool | true | 43 | 45 |
| test.cpp:61:10:61:10 | i | Case[0] | 62 | 64 |
| test.cpp:61:10:61:10 | i | Case[1] | 65 | 66 |
| test.cpp:74:10:74:10 | i | Case[0..10] | 75 | 77 |
| test.cpp:74:10:74:10 | i | Case[11..20] | 78 | 79 |
| test.cpp:93:6:93:6 | c | true | 93 | 94 |
| test.cpp:99:6:99:6 | f | true | 99 | 100 |
| test.cpp:105:6:105:14 | ... != ... | true | 105 | 106 |
| test.cpp:111:6:111:14 | ... != ... | true | 111 | 112 |
| test.cpp:122:9:122:9 | b | true | 123 | 125 |
| test.cpp:122:9:122:9 | b | true | 125 | 125 |
| test.cpp:125:13:125:20 | ! ... | true | 125 | 125 |
| test.cpp:125:14:125:17 | call to safe | false | 125 | 125 |
| test.cpp:131:6:131:21 | call to __builtin_expect | true | 131 | 132 |
| test.cpp:135:6:135:21 | call to __builtin_expect | true | 135 | 136 |
| test.cpp:141:6:141:21 | call to __builtin_expect | true | 141 | 142 |
| test.cpp:145:6:145:21 | call to __builtin_expect | true | 145 | 146 |
| test.cpp:152:7:152:8 | ! ... | true | 152 | 153 |
| test.cpp:152:8:152:8 | b | false | 152 | 153 |
| test.cpp:160:7:160:8 | ! ... | true | 160 | 162 |
| test.cpp:160:8:160:8 | c | false | 160 | 162 |
| test.cpp:168:7:168:8 | ! ... | true | 168 | 170 |
| test.cpp:168:8:168:8 | b | false | 168 | 170 |
| test.cpp:176:7:176:8 | ! ... | true | 176 | 178 |
| test.cpp:176:8:176:8 | c | false | 176 | 178 |
| test.cpp:182:6:182:16 | ! ... | false | 185 | 188 |
| test.cpp:182:6:182:16 | ! ... | true | 182 | 184 |
| test.cpp:182:8:182:9 | b1 | true | 181 | 182 |
| test.cpp:182:8:182:9 | b1 | true | 182 | 182 |
| test.cpp:182:8:182:15 | ... && ... | false | 182 | 184 |
| test.cpp:182:8:182:15 | ... && ... | true | 181 | 182 |
| test.cpp:182:8:182:15 | ... && ... | true | 185 | 188 |
| test.cpp:182:14:182:15 | b2 | true | 181 | 182 |
| test.cpp:193:6:193:16 | ! ... | false | 197 | 199 |
| test.cpp:193:6:193:16 | ! ... | true | 193 | 196 |
| test.cpp:193:8:193:9 | b1 | false | 192 | 193 |
| test.cpp:193:8:193:9 | b1 | false | 193 | 193 |
| test.cpp:193:8:193:15 | ... \|\| ... | false | 192 | 193 |
| test.cpp:193:8:193:15 | ... \|\| ... | false | 193 | 196 |
| test.cpp:193:8:193:15 | ... \|\| ... | true | 197 | 199 |
| test.cpp:193:14:193:15 | b2 | false | 192 | 193 |
| test.cpp:211:9:211:15 | ... == ... | true | 211 | 212 |
| test.cpp:214:9:214:17 | ... == ... | true | 214 | 215 |
| test.cpp:217:9:217:15 | ... == ... | true | 217 | 218 |
| test.cpp:220:9:220:14 | ... == ... | true | 220 | 221 |
| test.cpp:223:9:223:16 | ... == ... | true | 223 | 224 |
| test.cpp:226:9:226:14 | ... == ... | true | 226 | 227 |
| test.cpp:229:9:229:14 | ... == ... | true | 229 | 230 |
| test.cpp:232:9:232:18 | ... == ... | true | 232 | 233 |
| test.cpp:235:9:235:17 | ... == ... | true | 235 | 236 |
| test.cpp:238:9:238:17 | ... == ... | true | 238 | 239 |
| test.cpp:241:9:241:17 | ... == ... | true | 241 | 241 |
| test.cpp:241:9:241:17 | ... == ... | true | 241 | 242 |
| test.cpp:241:9:241:30 | ... && ... | true | 241 | 241 |
| test.cpp:241:9:241:30 | ... && ... | true | 241 | 242 |
| test.cpp:241:9:241:43 | ... && ... | true | 241 | 242 |
| test.cpp:241:22:241:30 | ... == ... | true | 241 | 241 |
| test.cpp:241:22:241:30 | ... == ... | true | 241 | 242 |
| test.cpp:241:35:241:43 | ... == ... | true | 241 | 242 |
| test.c:7:9:7:13 | ... > ... | false | test.c:10:12:11:14 | { ... } |
| test.c:7:9:7:13 | ... > ... | true | test.c:7:16:9:14 | { ... } |
| test.c:17:8:17:12 | ... < ... | true | test.c:17:17:17:21 | y |
| test.c:17:8:17:12 | ... < ... | true | test.c:18:9:18:14 | ExprStmt |
| test.c:17:8:17:21 | ... && ... | true | test.c:18:9:18:14 | ExprStmt |
| test.c:17:17:17:21 | ... > ... | true | test.c:18:9:18:14 | ExprStmt |
| test.c:26:11:26:15 | ... > ... | false | test.c:2:5:2:8 | test |
| test.c:26:11:26:15 | ... > ... | false | test.c:31:5:34:13 | ExprStmt |
| test.c:26:11:26:15 | ... > ... | false | test.c:34:16:34:21 | j |
| test.c:26:11:26:15 | ... > ... | false | test.c:34:29:34:26 | { ... } |
| test.c:26:11:26:15 | ... > ... | false | test.c:39:5:42:13 | ExprStmt |
| test.c:26:11:26:15 | ... > ... | false | test.c:42:5:42:26 | label ...: |
| test.c:26:11:26:15 | ... > ... | false | test.c:42:16:42:21 | j |
| test.c:26:11:26:15 | ... > ... | false | test.c:42:29:44:16 | { ... } |
| test.c:26:11:26:15 | ... > ... | false | test.c:45:13:45:20 | if (...) ... |
| test.c:26:11:26:15 | ... > ... | false | test.c:45:23:47:22 | { ... } |
| test.c:26:11:26:15 | ... > ... | false | test.c:51:14:53:21 | { ... } |
| test.c:26:11:26:15 | ... > ... | false | test.c:56:5:58:14 | label ...: |
| test.c:26:11:26:15 | ... > ... | false | test.c:58:19:58:23 | y |
| test.c:26:11:26:15 | ... > ... | false | test.c:58:26:66:12 | { ... } |
| test.c:26:11:26:15 | ... > ... | false | test.c:62:9:62:16 | return ... |
| test.c:26:11:26:15 | ... > ... | true | test.c:26:18:28:11 | { ... } |
| test.c:34:16:34:21 | ... < ... | false | test.c:2:5:2:8 | test |
| test.c:34:16:34:21 | ... < ... | false | test.c:39:5:42:13 | ExprStmt |
| test.c:34:16:34:21 | ... < ... | false | test.c:42:5:42:26 | label ...: |
| test.c:34:16:34:21 | ... < ... | false | test.c:42:16:42:21 | j |
| test.c:34:16:34:21 | ... < ... | false | test.c:42:29:44:16 | { ... } |
| test.c:34:16:34:21 | ... < ... | false | test.c:45:13:45:20 | if (...) ... |
| test.c:34:16:34:21 | ... < ... | false | test.c:45:23:47:22 | { ... } |
| test.c:34:16:34:21 | ... < ... | false | test.c:51:14:53:21 | { ... } |
| test.c:34:16:34:21 | ... < ... | false | test.c:56:5:58:14 | label ...: |
| test.c:34:16:34:21 | ... < ... | false | test.c:58:19:58:23 | y |
| test.c:34:16:34:21 | ... < ... | false | test.c:58:26:66:12 | { ... } |
| test.c:34:16:34:21 | ... < ... | false | test.c:62:9:62:16 | return ... |
| test.c:34:16:34:21 | ... < ... | true | test.c:34:29:34:26 | { ... } |
| test.c:42:16:42:21 | ... < ... | true | test.c:42:5:42:26 | label ...: |
| test.c:42:16:42:21 | ... < ... | true | test.c:42:29:44:16 | { ... } |
| test.c:42:16:42:21 | ... < ... | true | test.c:45:13:45:20 | if (...) ... |
| test.c:42:16:42:21 | ... < ... | true | test.c:45:23:47:22 | { ... } |
| test.c:42:16:42:21 | ... < ... | true | test.c:51:14:53:21 | { ... } |
| test.c:44:12:44:16 | ... > ... | false | test.c:42:5:42:26 | label ...: |
| test.c:44:12:44:16 | ... > ... | false | test.c:51:14:53:21 | { ... } |
| test.c:44:12:44:16 | ... > ... | true | test.c:45:13:45:20 | if (...) ... |
| test.c:44:12:44:16 | ... > ... | true | test.c:45:23:47:22 | { ... } |
| test.c:45:16:45:20 | ... > ... | true | test.c:45:23:47:22 | { ... } |
| test.c:58:9:58:14 | ... == ... | false | test.c:58:19:58:23 | y |
| test.c:58:9:58:14 | ... == ... | false | test.c:62:9:62:16 | return ... |
| test.c:58:9:58:23 | ... \|\| ... | false | test.c:62:9:62:16 | return ... |
| test.c:58:19:58:23 | ... < ... | false | test.c:62:9:62:16 | return ... |
| test.c:75:9:75:14 | ... == ... | false | test.c:78:12:79:14 | { ... } |
| test.c:75:9:75:14 | ... == ... | true | test.c:75:17:77:14 | { ... } |
| test.c:85:8:85:13 | ... == ... | true | test.c:85:18:85:23 | y |
| test.c:85:8:85:13 | ... == ... | true | test.c:86:9:86:14 | ExprStmt |
| test.c:85:8:85:23 | ... && ... | true | test.c:86:9:86:14 | ExprStmt |
| test.c:85:18:85:23 | ... != ... | true | test.c:86:9:86:14 | ExprStmt |
| test.c:94:11:94:16 | ... != ... | false | test.c:70:5:70:9 | test2 |
| test.c:94:11:94:16 | ... != ... | false | test.c:99:5:102:13 | ExprStmt |
| test.c:94:11:94:16 | ... != ... | false | test.c:102:16:102:21 | j |
| test.c:94:11:94:16 | ... != ... | false | test.c:102:29:102:26 | { ... } |
| test.c:94:11:94:16 | ... != ... | false | test.c:107:5:109:14 | ExprStmt |
| test.c:94:11:94:16 | ... != ... | false | test.c:109:19:109:23 | y |
| test.c:94:11:94:16 | ... != ... | false | test.c:109:26:117:12 | { ... } |
| test.c:94:11:94:16 | ... != ... | false | test.c:113:9:113:16 | return ... |
| test.c:94:11:94:16 | ... != ... | true | test.c:94:19:96:11 | { ... } |
| test.c:102:16:102:21 | ... < ... | false | test.c:70:5:70:9 | test2 |
| test.c:102:16:102:21 | ... < ... | false | test.c:107:5:109:14 | ExprStmt |
| test.c:102:16:102:21 | ... < ... | false | test.c:109:19:109:23 | y |
| test.c:102:16:102:21 | ... < ... | false | test.c:109:26:117:12 | { ... } |
| test.c:102:16:102:21 | ... < ... | false | test.c:113:9:113:16 | return ... |
| test.c:102:16:102:21 | ... < ... | true | test.c:102:29:102:26 | { ... } |
| test.c:109:9:109:14 | ... == ... | false | test.c:109:19:109:23 | y |
| test.c:109:9:109:14 | ... == ... | false | test.c:113:9:113:16 | return ... |
| test.c:109:9:109:23 | ... \|\| ... | false | test.c:113:9:113:16 | return ... |
| test.c:109:19:109:23 | ... < ... | false | test.c:113:9:113:16 | return ... |
| test.c:126:7:126:7 | 1 | true | test.c:126:12:126:26 | call to test3_condition |
| test.c:126:7:126:7 | 1 | true | test.c:126:31:128:16 | { ... } |
| test.c:126:7:126:7 | 1 | true | test.c:131:3:131:7 | if (...) ... |
| test.c:126:7:126:7 | 1 | true | test.c:131:10:132:16 | { ... } |
| test.c:126:7:126:7 | 1 | true | test.c:134:1:123:10 | return ... |
| test.c:126:7:126:28 | ... && ... | true | test.c:126:31:128:16 | { ... } |
| test.c:126:12:126:26 | call to test3_condition | true | test.c:126:31:128:16 | { ... } |
| test.c:131:7:131:7 | b | true | test.c:131:10:132:16 | { ... } |
| test.c:137:7:137:7 | 0 | false | test.c:142:3:136:10 | return ... |
| test.c:146:7:146:8 | ! ... | true | test.c:146:11:147:9 | { ... } |
| test.c:146:8:146:8 | x | false | test.c:146:11:147:9 | { ... } |
| test.c:152:8:152:8 | p | true | test.c:152:11:154:5 | { ... } |
| test.c:158:8:158:9 | ! ... | true | test.c:158:12:160:5 | { ... } |
| test.c:158:9:158:9 | p | false | test.c:158:12:160:5 | { ... } |
| test.c:164:8:164:8 | s | true | test.c:164:11:166:5 | { ... } |
| test.c:170:8:170:9 | ! ... | true | test.c:170:12:172:5 | { ... } |
| test.c:170:9:170:9 | s | false | test.c:170:12:172:5 | { ... } |
| test.c:176:8:176:15 | ! ... | true | test.c:176:18:178:5 | { ... } |
| test.c:176:10:176:14 | ... < ... | false | test.c:176:18:178:5 | { ... } |
| test.c:182:8:182:34 | ! ... | true | test.c:182:37:184:5 | { ... } |
| test.c:182:10:182:20 | ... >= ... | true | test.c:181:25:182:20 | { ... } |
| test.c:182:10:182:20 | ... >= ... | true | test.c:182:25:182:33 | foo |
| test.c:182:10:182:33 | ... && ... | false | test.c:182:37:184:5 | { ... } |
| test.c:182:10:182:33 | ... && ... | true | test.c:181:25:182:20 | { ... } |
| test.c:182:25:182:33 | ... < ... | true | test.c:181:25:182:20 | { ... } |
| test.c:190:7:190:8 | ! ... | true | test.c:190:11:192:3 | { ... } |
| test.c:190:8:190:8 | c | false | test.c:190:11:192:3 | { ... } |
| test.c:198:7:198:8 | ! ... | true | test.c:198:11:200:3 | { ... } |
| test.c:198:8:198:8 | b | false | test.c:198:11:200:3 | { ... } |
| test.c:206:7:206:8 | ! ... | true | test.c:206:11:208:3 | { ... } |
| test.c:206:8:206:8 | c | false | test.c:206:11:208:3 | { ... } |
| test.c:215:6:215:18 | call to __builtin_expect | true | test.c:215:21:217:5 | { ... } |
| test.c:219:9:219:22 | call to __builtin_expect | true | test.c:219:25:221:5 | { ... } |
| test.cpp:18:8:18:10 | call to get | true | test.cpp:19:5:19:14 | ExprStmt |
| test.cpp:31:7:31:13 | ... == ... | false | test.cpp:30:6:30:16 | doSomething |
| test.cpp:31:7:31:13 | ... == ... | false | test.cpp:34:1:34:1 | return ... |
| test.cpp:31:7:31:13 | ... == ... | true | test.cpp:30:6:30:16 | doSomething |
| test.cpp:31:7:31:13 | ... == ... | true | test.cpp:31:16:32:21 | { ... } |
| test.cpp:42:13:42:20 | call to getABool | true | test.cpp:43:9:45:23 | { ... } |
| test.cpp:61:10:61:10 | i | Case[0] | test.cpp:62:5:64:12 | case ...: |
| test.cpp:61:10:61:10 | i | Case[1] | test.cpp:65:5:66:10 | case ...: |
| test.cpp:74:10:74:10 | i | Case[0..10] | test.cpp:75:5:77:12 | case ...: |
| test.cpp:74:10:74:10 | i | Case[11..20] | test.cpp:78:5:79:10 | case ...: |
| test.cpp:93:6:93:6 | c | true | test.cpp:93:9:94:7 | { ... } |
| test.cpp:99:6:99:6 | f | true | test.cpp:99:9:100:7 | { ... } |
| test.cpp:105:6:105:14 | ... != ... | true | test.cpp:105:17:106:7 | { ... } |
| test.cpp:111:6:111:14 | ... != ... | true | test.cpp:111:17:112:7 | { ... } |
| test.cpp:122:9:122:9 | b | true | test.cpp:123:5:125:20 | { ... } |
| test.cpp:122:9:122:9 | b | true | test.cpp:125:23:125:29 | return ... |
| test.cpp:125:13:125:20 | ! ... | true | test.cpp:125:23:125:29 | return ... |
| test.cpp:125:14:125:17 | call to safe | false | test.cpp:125:23:125:29 | return ... |
| test.cpp:131:6:131:21 | call to __builtin_expect | true | test.cpp:131:40:132:9 | { ... } |
| test.cpp:135:6:135:21 | call to __builtin_expect | true | test.cpp:135:40:136:9 | { ... } |
| test.cpp:141:6:141:21 | call to __builtin_expect | true | test.cpp:141:36:142:9 | { ... } |
| test.cpp:145:6:145:21 | call to __builtin_expect | true | test.cpp:145:36:146:9 | { ... } |
| test.cpp:152:7:152:8 | ! ... | true | test.cpp:152:11:153:9 | { ... } |
| test.cpp:152:8:152:8 | b | false | test.cpp:152:11:153:9 | { ... } |
| test.cpp:160:7:160:8 | ! ... | true | test.cpp:160:11:162:3 | { ... } |
| test.cpp:160:8:160:8 | c | false | test.cpp:160:11:162:3 | { ... } |
| test.cpp:168:7:168:8 | ! ... | true | test.cpp:168:11:170:3 | { ... } |
| test.cpp:168:8:168:8 | b | false | test.cpp:168:11:170:3 | { ... } |
| test.cpp:176:7:176:8 | ! ... | true | test.cpp:176:11:178:3 | { ... } |
| test.cpp:176:8:176:8 | c | false | test.cpp:176:11:178:3 | { ... } |
| test.cpp:182:6:182:16 | ! ... | false | test.cpp:185:10:188:7 | { ... } |
| test.cpp:182:6:182:16 | ! ... | true | test.cpp:182:19:184:7 | { ... } |
| test.cpp:182:8:182:9 | b1 | true | test.cpp:181:41:182:9 | { ... } |
| test.cpp:182:8:182:9 | b1 | true | test.cpp:182:14:182:15 | b2 |
| test.cpp:182:8:182:15 | ... && ... | false | test.cpp:182:19:184:7 | { ... } |
| test.cpp:182:8:182:15 | ... && ... | true | test.cpp:181:41:182:9 | { ... } |
| test.cpp:182:8:182:15 | ... && ... | true | test.cpp:185:10:188:7 | { ... } |
| test.cpp:182:14:182:15 | b2 | true | test.cpp:181:41:182:9 | { ... } |
| test.cpp:193:6:193:16 | ! ... | false | test.cpp:197:10:199:7 | { ... } |
| test.cpp:193:6:193:16 | ! ... | true | test.cpp:193:19:196:7 | { ... } |
| test.cpp:193:8:193:9 | b1 | false | test.cpp:192:40:193:9 | { ... } |
| test.cpp:193:8:193:9 | b1 | false | test.cpp:193:14:193:15 | b2 |
| test.cpp:193:8:193:15 | ... \|\| ... | false | test.cpp:192:40:193:9 | { ... } |
| test.cpp:193:8:193:15 | ... \|\| ... | false | test.cpp:193:19:196:7 | { ... } |
| test.cpp:193:8:193:15 | ... \|\| ... | true | test.cpp:197:10:199:7 | { ... } |
| test.cpp:193:14:193:15 | b2 | false | test.cpp:192:40:193:9 | { ... } |
| test.cpp:211:9:211:15 | ... == ... | true | test.cpp:211:18:212:13 | { ... } |
| test.cpp:214:9:214:17 | ... == ... | true | test.cpp:214:20:215:13 | { ... } |
| test.cpp:217:9:217:15 | ... == ... | true | test.cpp:217:18:218:13 | { ... } |
| test.cpp:220:9:220:14 | ... == ... | true | test.cpp:220:17:221:13 | { ... } |
| test.cpp:223:9:223:16 | ... == ... | true | test.cpp:223:19:224:13 | { ... } |
| test.cpp:226:9:226:14 | ... == ... | true | test.cpp:226:17:227:13 | { ... } |
| test.cpp:229:9:229:14 | ... == ... | true | test.cpp:229:17:230:13 | { ... } |
| test.cpp:232:9:232:18 | ... == ... | true | test.cpp:232:21:233:13 | { ... } |
| test.cpp:235:9:235:17 | ... == ... | true | test.cpp:235:20:236:13 | { ... } |
| test.cpp:238:9:238:17 | ... == ... | true | test.cpp:238:20:239:13 | { ... } |
| test.cpp:241:9:241:17 | ... == ... | true | test.cpp:241:22:241:30 | ms |
| test.cpp:241:9:241:17 | ... == ... | true | test.cpp:241:35:241:43 | ms |
| test.cpp:241:9:241:17 | ... == ... | true | test.cpp:241:46:242:13 | { ... } |
| test.cpp:241:9:241:30 | ... && ... | true | test.cpp:241:35:241:43 | ms |
| test.cpp:241:9:241:30 | ... && ... | true | test.cpp:241:46:242:13 | { ... } |
| test.cpp:241:9:241:43 | ... && ... | true | test.cpp:241:46:242:13 | { ... } |
| test.cpp:241:22:241:30 | ... == ... | true | test.cpp:241:35:241:43 | ms |
| test.cpp:241:22:241:30 | ... == ... | true | test.cpp:241:46:242:13 | { ... } |
| test.cpp:241:35:241:43 | ... == ... | true | test.cpp:241:46:242:13 | { ... } |
| test.cpp:247:6:247:18 | ... == ... | false | test.cpp:249:10:251:3 | { ... } |
| test.cpp:247:6:247:18 | ... == ... | true | test.cpp:247:21:249:3 | { ... } |
| test.cpp:253:6:253:18 | ... != ... | false | test.cpp:255:10:257:3 | { ... } |
| test.cpp:253:6:253:18 | ... != ... | true | test.cpp:253:21:255:3 | { ... } |
| test.cpp:260:6:260:18 | ... == ... | false | test.cpp:262:10:264:3 | { ... } |
| test.cpp:260:6:260:18 | ... == ... | true | test.cpp:260:21:262:3 | { ... } |
| test.cpp:266:6:266:18 | ... != ... | false | test.cpp:268:10:270:3 | { ... } |
| test.cpp:266:6:266:18 | ... != ... | true | test.cpp:266:21:268:3 | { ... } |
| test.cpp:273:6:273:17 | ... == ... | false | test.cpp:275:10:277:3 | { ... } |
| test.cpp:273:6:273:17 | ... == ... | true | test.cpp:273:20:275:3 | { ... } |
| test.cpp:279:6:279:17 | ... != ... | false | test.cpp:281:10:283:3 | { ... } |
| test.cpp:279:6:279:17 | ... != ... | true | test.cpp:279:20:281:3 | { ... } |
| test.cpp:287:6:287:19 | ... == ... | false | test.cpp:289:10:291:3 | { ... } |
| test.cpp:287:6:287:19 | ... == ... | true | test.cpp:287:22:289:3 | { ... } |
| test.cpp:293:6:293:19 | ... != ... | false | test.cpp:295:10:297:3 | { ... } |
| test.cpp:293:6:293:19 | ... != ... | true | test.cpp:293:22:295:3 | { ... } |
| test.cpp:300:6:300:19 | ... == ... | false | test.cpp:302:10:304:3 | { ... } |
| test.cpp:300:6:300:19 | ... == ... | true | test.cpp:300:22:302:3 | { ... } |
| test.cpp:306:6:306:19 | ... != ... | false | test.cpp:308:10:310:3 | { ... } |
| test.cpp:306:6:306:19 | ... != ... | true | test.cpp:306:22:308:3 | { ... } |
| test.cpp:312:6:312:18 | ... == ... | false | test.cpp:314:10:316:3 | { ... } |
| test.cpp:312:6:312:18 | ... == ... | true | test.cpp:312:21:314:3 | { ... } |
| test.cpp:318:6:318:18 | ... != ... | false | test.cpp:320:10:322:3 | { ... } |
| test.cpp:318:6:318:18 | ... != ... | true | test.cpp:318:21:320:3 | { ... } |

10
cpp/ql/test/library-tests/controlflow/guards/GuardsControl.ql
View File

@@ -7,10 +7,6 @@
import cpp
import semmle.code.cpp.controlflow.Guards
from GuardCondition guard, AbstractValue value, int start, int end
where
exists(BasicBlock block |
guard.valueControls(block, value) and
block.hasLocationInfo(_, start, _, end, _)
)
select guard, value, start, end
from GuardCondition guard, AbstractValue value, BasicBlock block
where guard.valueControls(block, value)
select guard, value, block

2144
cpp/ql/test/library-tests/controlflow/guards/GuardsEnsure.expected
View File

File diff suppressed because it is too large Load Diff

40
cpp/ql/test/library-tests/controlflow/guards/GuardsEnsure.ql
View File

@@ -8,31 +8,23 @@ import cpp
import semmle.code.cpp.controlflow.Guards
query predicate binary(
GuardCondition guard, Expr left, string op, Expr right, int k, int start, int end
GuardCondition guard, Expr left, string op, Expr right, int k, BasicBlock block
) {
exists(BasicBlock block |
guard.ensuresLt(left, right, k, block, true) and op = "<"
or
guard.ensuresLt(left, right, k, block, false) and op = ">="
or
guard.ensuresEq(left, right, k, block, true) and op = "=="
or
guard.ensuresEq(left, right, k, block, false) and op = "!="
|
block.hasLocationInfo(_, start, _, end, _)
)
guard.ensuresLt(left, right, k, block, true) and op = "<"
or
guard.ensuresLt(left, right, k, block, false) and op = ">="
or
guard.ensuresEq(left, right, k, block, true) and op = "=="
or
guard.ensuresEq(left, right, k, block, false) and op = "!="
}
query predicate unary(GuardCondition guard, Expr left, string op, int k, int start, int end) {
exists(BasicBlock block |
guard.ensuresLt(left, k, block, true) and op = "<"
or
guard.ensuresLt(left, k, block, false) and op = ">="
or
guard.ensuresEq(left, k, block, true) and op = "=="
or
guard.ensuresEq(left, k, block, false) and op = "!="
|
block.hasLocationInfo(_, start, _, end, _)
)
query predicate unary(GuardCondition guard, Expr left, string op, int k, BasicBlock block) {
guard.ensuresLt(left, k, block, true) and op = "<"
or
guard.ensuresLt(left, k, block, false) and op = ">="
or
guard.ensuresEq(left, k, block, true) and op = "=="
or
guard.ensuresEq(left, k, block, false) and op = "!="
}

15
cpp/ql/test/library-tests/controlflow/guards/test.c
View File

@@ -206,4 +206,17 @@ void test14(int a, int b) {
if (!c) {
}
}
}
# define likely(x) __builtin_expect(!!(x), 1)
void test15(int a, int b)
{
if (likely(a > b)) {
}
if (likely(a > 42)) {
}
}

79
cpp/ql/test/library-tests/controlflow/guards/test.cpp
View File

@@ -242,3 +242,82 @@ int test_types(signed char sc, unsigned long ul, float f, double d, bool b, Myst
ctr++;
}
}
void test_cmp_implies(int a, int b) {
if((a == b) == 0) {
} else {
}
if((a == b) != 0) {
} else {
}
if((a != b) == 0) {
} else {
}
if((a != b) != 0) {
} else {
}
if((a < b) == 0) {
} else {
}
if((a < b) != 0) {
} else {
}
}
void test_cmp_implies_unary(int a) {
if((a == 42) == 0) {
} else {
}
if((a == 42) != 0) {
} else {
}
if((a != 42) == 0) {
} else {
}
if((a != 42) != 0) {
} else {
}
if((a < 42) == 0) {
} else {
}
if((a < 42) != 0) {
} else {
}
}

5
cpp/ql/test/query-tests/Critical/MissingCheckScanf/MissingCheckScanf.expected
View File

@@ -1,4 +1,5 @@
edges
| test.c:10:31:10:32 | sscanf output argument | test.c:11:7:11:7 | x | provenance | |
| test.cpp:34:15:34:16 | scanf output argument | test.cpp:35:7:35:7 | i | provenance | |
| test.cpp:41:19:41:20 | scanf output argument | test.cpp:43:8:43:8 | i | provenance | |
| test.cpp:58:19:58:20 | scanf output argument | test.cpp:60:8:60:8 | i | provenance | |
@@ -56,6 +57,8 @@ edges
| test.cpp:567:35:567:36 | scanf output argument | test.cpp:569:9:569:9 | i | provenance | |
| test.cpp:575:30:575:31 | scanf output argument | test.cpp:577:9:577:9 | i | provenance | |
nodes
| test.c:10:31:10:32 | sscanf output argument | semmle.label | sscanf output argument |
| test.c:11:7:11:7 | x | semmle.label | x |
| test.cpp:34:15:34:16 | scanf output argument | semmle.label | scanf output argument |
| test.cpp:35:7:35:7 | i | semmle.label | i |
| test.cpp:41:19:41:20 | scanf output argument | semmle.label | scanf output argument |
@@ -186,5 +189,3 @@ subpaths
| test.cpp:484:9:484:9 | i | test.cpp:480:25:480:26 | scanf output argument | test.cpp:484:9:484:9 | i | This variable is read, but may not have been written. It should be guarded by a check that the $@ returns at least 1. | test.cpp:480:13:480:17 | call to scanf | call to scanf |
| test.cpp:495:8:495:8 | i | test.cpp:491:25:491:26 | scanf output argument | test.cpp:495:8:495:8 | i | This variable is read, but may not have been written. It should be guarded by a check that the $@ returns at least 1. | test.cpp:491:13:491:17 | call to scanf | call to scanf |
| test.cpp:545:8:545:8 | f | test.cpp:541:43:541:44 | sscanf output argument | test.cpp:545:8:545:8 | f | This variable is read, but may not have been written. It should be guarded by a check that the $@ returns at least 3. | test.cpp:541:10:541:15 | call to sscanf | call to sscanf |
| test.cpp:569:9:569:9 | i | test.cpp:567:35:567:36 | scanf output argument | test.cpp:569:9:569:9 | i | This variable is read, but may not have been written. It should be guarded by a check that the $@ returns at least 1. | test.cpp:567:23:567:27 | call to scanf | call to scanf |
| test.cpp:577:9:577:9 | i | test.cpp:575:30:575:31 | scanf output argument | test.cpp:577:9:577:9 | i | This variable is read, but may not have been written. It should be guarded by a check that the $@ returns at least 1. | test.cpp:575:18:575:22 | call to scanf | call to scanf |

13
cpp/ql/test/query-tests/Critical/MissingCheckScanf/test.c Normal file
View File

@@ -0,0 +1,13 @@
# define likely(x) __builtin_expect(!!(x), 1)
int sscanf(const char *s, const char *format, ...);
void use(int i);
void test_likely(const char* s, const char* format)
{
int x;
if (likely(sscanf(s, format, &x) == 1)) {
use(x); // GOOD
}
}

4
cpp/ql/test/query-tests/Critical/MissingCheckScanf/test.cpp
View File

@@ -566,7 +566,7 @@ void test_scanf_compared_in_conjunct_right(bool b) {
int i;
bool success = b && scanf("%d", &i) == 1;
if(success) {
use(i); // GOOD [FALSE POSITIVE]
use(i); // GOOD
}
}
@@ -574,6 +574,6 @@ void test_scanf_compared_in_conjunct_left(bool b) {
int i;
bool success = scanf("%d", &i) == 1 && b;
if(success) {
use(i); // GOOD [FALSE POSITIVE]
use(i); // GOOD
}
}

1
cpp/ql/test/query-tests/Security/CWE/CWE-295/SSLResultConflation.expected
View File

@@ -6,3 +6,4 @@
| test.cpp:83:7:83:40 | ... \|\| ... | This expression conflates OK and non-OK results from $@. | test.cpp:78:16:78:36 | call to SSL_get_verify_result | call to SSL_get_verify_result |
| test.cpp:87:7:87:38 | ... \|\| ... | This expression conflates OK and non-OK results from $@. | test.cpp:7:57:7:77 | call to SSL_get_verify_result | call to SSL_get_verify_result |
| test.cpp:107:13:107:42 | ... \|\| ... | This expression conflates OK and non-OK results from $@. | test.cpp:105:16:105:36 | call to SSL_get_verify_result | call to SSL_get_verify_result |
| test.cpp:109:7:109:8 | ok | This expression conflates OK and non-OK results from $@. | test.cpp:105:16:105:36 | call to SSL_get_verify_result | call to SSL_get_verify_result |

2
docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.19.4.rst
View File

@@ -79,4 +79,4 @@ JavaScript/TypeScript
* Added taint-steps for :code:`Array.prototype.toReversed`.
* Added taint-steps for :code:`Array.prototype.toSorted`.
* Added support for :code:`String.prototype.matchAll`.
* Added taint-steps for :code:`Array.prototype.reverse`.
* Added taint-steps for :code:`Array.prototype.reverse`\

6
docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.20.4.rst
View File

@@ -117,8 +117,8 @@ Java/Kotlin
* Deleted the deprecated :code:`isLValue` and :code:`isRValue` predicates from the :code:`VarAccess` class, use :code:`isVarWrite` and :code:`isVarRead` respectively instead.
* Deleted the deprecated :code:`getRhs` predicate from the :code:`VarWrite` class, use :code:`getASource` instead.
* Deleted the deprecated :code:`LValue` and :code:`RValue` classes, use :code:`VarWrite` and :code:`VarRead` respectively instead.
* Deleted a lot of deprecated classes ending in ``*Access``, use the corresponding ``*Call`` classes instead.
* Deleted a lot of deprecated predicates ending in ``*Access``, use the corresponding ``*Call`` predicates instead.
* Deleted a lot of deprecated classes ending in :code:`*Access`, use the corresponding :code:`*Call` classes instead.
* Deleted a lot of deprecated predicates ending in :code:`*Access`, use the corresponding :code:`*Call` predicates instead.
* Deleted the deprecated :code:`EnvInput` and :code:`DatabaseInput` classes from :code:`FlowSources.qll`, use the threat models feature instead.
* Deleted some deprecated API predicates from :code:`SensitiveApi.qll`, use the Sink classes from that file instead.
@@ -144,7 +144,7 @@ Ruby
* Deleted the deprecated :code:`ModelClass` and :code:`ModelInstance` classes from :code:`ActiveResource.qll`, use :code:`ModelClassNode` and :code:`ModelClassNode.getAnInstanceReference()` instead.
* Deleted the deprecated :code:`Collection` class from :code:`ActiveResource.qll`, use :code:`CollectionSource` instead.
* Deleted the deprecated :code:`ServiceInstantiation` and :code:`ClientInstantiation` classes from :code:`Twirp.qll`.
* Deleted a lot of deprecated dataflow modules from ``*Query.qll`` files.
* Deleted a lot of deprecated dataflow modules from :code:`*Query.qll` files.
* Deleted the old deprecated TypeTracking library.
Swift

2
docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.21.0.rst
View File

@@ -207,5 +207,5 @@ JavaScript/TypeScript
* Intersection :code:`&&`
* Subtraction :code:`--`
* :code:`\\q` quoted string
* :code:`\q` quoted string

2
docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.21.4.rst
View File

@@ -38,7 +38,7 @@ Minor Analysis Improvements
C/C++
"""""
* Added flow model for the :code:`SQLite` and :code:`OpenSSL` libraries. This may result in more alerts when running queries on codebases that use these libraries.
* Added flow models for the :code:`SQLite` and :code:`OpenSSL` libraries. This may result in more alerts when running queries on codebases that use these libraries.
C#
""

2
docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.22.0.rst
View File

@@ -50,7 +50,7 @@ New Queries
Golang
""""""
* Query (:code:`go/html-template-escaping-bypass-xss`) has been promoted to the main query suite. This query finds potential cross-site scripting (XSS) vulnerabilities when using the :code:`html/template` package, caused by user input being cast to a type which bypasses the HTML autoescaping. It was originally contributed to the experimental query pack by @gagliardetto in `https://github.com/github/codeql-go/pull/493 <https://github.com/github/codeql-go/pull/493>`_.
* Query (:code:`go/html-template-escaping-bypass-xss`) has been promoted to the main query suite. This query finds potential cross-site scripting (XSS) vulnerabilities when using the :code:`html/template` package, caused by user input being cast to a type which bypasses the HTML autoescaping. It was originally contributed to the experimental query pack by @gagliardetto in https://github.com/github/codeql-go/pull/493.
Language Libraries
------------------

4
docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.22.1.rst
View File

@@ -14,7 +14,7 @@ This is an overview of changes in the CodeQL CLI and relevant CodeQL query and l
Security Coverage
-----------------
CodeQL 2.22.1 runs a total of 449 security queries when configured with the Default suite (covering 165 CWE). The Extended suite enables an additional 129 queries (covering 33 more CWE).
CodeQL 2.22.1 runs a total of 476 security queries when configured with the Default suite (covering 166 CWE). The Extended suite enables an additional 129 queries (covering 32 more CWE). 27 security queries have been added with this release.
CodeQL CLI
----------
@@ -38,7 +38,7 @@ Minor Analysis Improvements
C/C++
"""""
* Added flow model for the following libraries: :code:`madler/zlib`, :code:`google/brotli`, :code:`libidn/libidn2`, :code:`libssh2/libssh2/`, :code:`nghttp2/nghttp2`, :code:`libuv/libuv/`, and :code:`curl/curl`. This may result in more alerts when running queries on codebases that use these libraries.
* Added flow models for the following libraries: :code:`madler/zlib`, :code:`google/brotli`, :code:`libidn/libidn2`, :code:`libssh2/libssh2`, :code:`nghttp2/nghttp2`, :code:`libuv/libuv`, and :code:`curl/curl`. This may result in more alerts when running queries on codebases that use these libraries.
C#
""

238
docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.22.2.rst Normal file
View File

@@ -0,0 +1,238 @@
.. _codeql-cli-2.22.2:
==========================
CodeQL 2.22.2 (2025-07-29)
==========================
.. contents:: Contents
:depth: 2
:local:
:backlinks: none
This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog <https://github.blog/tag/code-scanning/>`__, `relevant GitHub Changelog updates <https://github.blog/changelog/label/code-scanning/>`__, `changes in the CodeQL extension for Visual Studio Code <https://marketplace.visualstudio.com/items/GitHub.vscode-codeql/changelog>`__, and the `CodeQL Action changelog <https://github.com/github/codeql-action/blob/main/CHANGELOG.md>`__.
Security Coverage
-----------------
CodeQL 2.22.2 runs a total of 474 security queries when configured with the Default suite (covering 166 CWE). The Extended suite enables an additional 130 queries (covering 32 more CWE).
CodeQL CLI
----------
Bug Fixes
~~~~~~~~~
* Fixes a bug in query suites where the :code:`version` property of an :code:`import` instruction was ignored. Previously, the following query suite would *not* resolve to :code:`v1.0.19` of :code:`codeql/csharp-queries`. Instead it would resolve to the latest version. This is now fixed and the resolve pack version would be :code:`v1.0.19`.
.. code-block:: text
- from: codeql/csharp-queries
import: codeql-suites/csharp-security-and-quality.qls
version: 1.0.19
Query Packs
-----------
Bug Fixes
~~~~~~~~~
C#
""
* :code:`web.config` and :code:`web.release.config` files are now recognized regardless of case. This means queries :code:`cs/web/debug-binary` and :code:`cs/web/missing-x-frame-options` may produce more results than before.
Breaking Changes
~~~~~~~~~~~~~~~~
JavaScript/TypeScript
"""""""""""""""""""""
* The :code:`Type` and :code:`Symbol` classes have been deprecated and will be empty in newly extracted databases, since the TypeScript extractor no longer populates them.
This is a breaking change for custom queries that explicitly relied on these classes.
Such queries will still compile, but with deprecation warnings, and may have different query results due to type information no longer being available.
We expect most custom queries will not be affected, however. If a custom query has no deprecation warnings, it should not be affected by this change.
Uses of :code:`getType()` should be rewritten to use the new :code:`getTypeBinding()` or :code:`getNameBinding()` APIs instead.
If the new API is not sufficient, please consider opening an issue in :code:`github/codeql` describing your use-case.
Major Analysis Improvements
~~~~~~~~~~~~~~~~~~~~~~~~~~~
JavaScript/TypeScript
"""""""""""""""""""""
* The TypeScript extractor no longer relies on the TypeScript compiler for extracting type information.
Instead, the information we need from types is now derived by an algorithm written in QL.
This results in more robust extraction with faster extraction times, in some cases significantly faster.
* Taint is now tracked through the React :code:`use` function.
* Parameters of React server functions, marked with the :code:`"use server"` directive, are now seen as taint sources.
Minor Analysis Improvements
~~~~~~~~~~~~~~~~~~~~~~~~~~~
C/C++
"""""
* Due to changes in the :code:`FunctionWithWrappers` library (:code:`semmle.code.cpp.security.FunctionWithWrappers`) the primary alert location generated by the queries :code:`cpp/path-injection`, :code:`cpp/sql-injection`, :code:`cpp/tainted-format-string`, and :code:`cpp/command-line-injection` may have changed.
* Added flow models for the Win32 API functions :code:`CreateThread`, :code:`CreateRemoteThread`, and :code:`CreateRemoteThreadEx`.
* Improved support for dataflow through function objects and lambda expressions.
* Added flow models for :code:`pthread_create` and :code:`std::thread`.
* The :code:`cpp/incorrect-string-type-conversion` query no longer alerts on incorrect type conversions that occur in unreachable code.
* Added flow models for the GNU C Library.
* Fixed a number of false positives and false negatives in :code:`cpp/global-use-before-init`. Note that this query is not part of any of the default query suites.
* The query :code:`cpp/sql-injection` now can be extended using the :code:`sql-injection` Models as Data (MaD) sink kind.
C#
""
* Explicitly added summary models for all overloads of :code:`System.Xml.XmlDictionaryReader.CreateBinaryReader`. Added models for some of the methods and properties in :code:`System.Runtime.Serialization.SerializationInfo` and :code:`System.Runtime.Serialization.SerializationInfoEnumerator`. Updated models for :code:`System.Text.Encoding.GetBytes`, :code:`System.Text.Encoding.GetChars` and the constructor for :code:`System.IO.MemoryStream`. This generally improves the library modelling and thus reduces the number of false negatives.
* Added explicit SQL injection Models as Data models for :code:`Microsoft.Data.SqlClient.SqlCommand` and :code:`Microsoft.Data.SqlClient.SqlDataAdapter`. This reduces false negatives for the query :code:`cs/sql-injection`.
Golang
""""""
* :code:`filepath.IsLocal` is now recognized as a sanitizer against path-traversal and related vulnerabilities.
Java/Kotlin
"""""""""""
* Java analysis of guards has been switched to use the new and improved shared guards library. This improves precision of a number of queries, in particular :code:`java/dereferenced-value-may-be-null`, which now has fewer false positives, and :code:`java/useless-null-check` and :code:`java/constant-comparison`, which gain additional true positives.
JavaScript/TypeScript
"""""""""""""""""""""
* Removed three queries from the JS qlpack, which have been superseded by newer queries that are part of the Actions qlpack:
* :code:`js/actions/pull-request-target` has been superseded by :code:`actions/untrusted-checkout/{medium,high,critical}`
* :code:`js/actions/actions-artifact-leak` has been superseded by :code:`actions/secrets-in-artifacts`
* :code:`js/actions/command-injection` has been superseded by :code:`actions/command-injection/{medium,critical}`
New Queries
~~~~~~~~~~~
Rust
""""
* Added a new query, :code:`rust/access-after-lifetime-ended`, for detecting pointer dereferences after the lifetime of the pointed-to object has ended.
Language Libraries
------------------
Bug Fixes
~~~~~~~~~
JavaScript/TypeScript
"""""""""""""""""""""
* The JavaScript extractor no longer ignores source files specified in the :code:`tsconfig.json` compiler options :code:`outDir` if doing so would result in excluding all source code.
Python
""""""
* The Python parser is now able to correctly parse expressions such as :code:`match[1]` and :code:`match()` where :code:`match` is not used as a keyword.
GitHub Actions
""""""""""""""
* The :code:`actions/artifact-poisoning/critical` and :code:`actions/artifact-poisoning/medium` queries now exclude artifacts downloaded to :code:`$[{ runner.temp }}` in addition to :code:`/tmp`.
Breaking Changes
~~~~~~~~~~~~~~~~
Ruby
""""
* Most classes and predicates in the AST, SSA, and control-flow-graph libraries are now annotated with :code:`overlay[local]`, in preparation for incremental analysis. This could result in compiler errors for custom queries if they extend these classes. To mitigate such errors, look for ways to restructure custom QL code so it doesn't depend on changing the behavior of standard-library classes.
Minor Analysis Improvements
~~~~~~~~~~~~~~~~~~~~~~~~~~~
C/C++
"""""
* The :code:`FunctionWithWrappers` library (:code:`semmle.code.cpp.security.FunctionWithWrappers`) no longer considers calls through function pointers as wrapper functions.
* The analysis of C/C++ code targeting 64-bit Arm platforms has been improved. This includes support for the Arm-specific builtin functions, support for the :code:`arm_neon.h` header and Neon vector types, and support for the :code:`fp8` scalar type. The :code:`arm_sve.h` header and scalable vectors are only partially supported at this point.
* Added support for :code:`__fp16 _Complex` and :code:`__bf16 _Complex` types
* Added :code:`sql-injection` sink models for the Oracle Call Interface (OCI) database library functions :code:`OCIStmtPrepare` and :code:`OCIStmtPrepare2`.
Golang
""""""
* Added models for the :code:`Head` function and the :code:`Client.Head` method, from the :code:`net/http` package, to the :code:`Http::ClientRequest` class. This means that they will be recognized as sinks for the query :code:`go/request-forgery` and the experimental query :code:`go/ssrf`.
* Previously, :code:`DefinedType.getBaseType` gave the underlying type. It now gives the right hand side of the type declaration, as the documentation indicated that it should.
Java/Kotlin
"""""""""""
* The qualifiers of a calls to :code:`readObject` on any classes that implement :code:`java.io.ObjectInput` are now recognised as sinks for :code:`java/unsafe-deserialization`. Previously this was only the case for classes which extend :code:`java.io.ObjectInputStream`.
JavaScript/TypeScript
"""""""""""""""""""""
* Enhanced modeling for the :code:`execa` library, adding support for command execution methods :code:`execaCommand`, :code:`execaCommandSync`, :code:`$`, and :code:`$.sync`, as well as file system operations through :code:`inputFile`, :code:`pipeStdout`, :code:`pipeAll`, and :code:`pipeStderr`.
Python
""""""
* Type annotations such as :code:`foo : Bar` are now treated by the call graph as an indication that :code:`foo` may be an instance of :code:`Bar`.
Rust
""""
* Type inference has been extended to support pattern matching.
* Call resolution for calls to associated functions has been improved, so it now disambiguates the targets based on type information at the call sites (either type information about the arguments or about the expected return types).
* Type inference has been improved for :code:`for` loops and range expressions, which improves call resolution and may ultimately lead to more query results.
* Implemented support for data flow through trait functions. For the purpose of data flow, calls to trait functions dispatch to all possible implementations.
* :code:`AssocItem` and :code:`ExternItem` are now proper subclasses of :code:`Item`.
* Added type inference for :code:`for` loops and array expressions.
Deprecated APIs
~~~~~~~~~~~~~~~
C/C++
"""""
* The :code:`UnknownDefaultLocation`, :code:`UnknownExprLocation`, and :code:`UnknownStmtLocation` classes have been deprecated. Use :code:`UnknownLocation` instead.
Golang
""""""
* The class :code:`BuiltinType` is now deprecated. Use the new replacement :code:`BuiltinTypeEntity` instead.
* The class :code:`DeclaredType` is now deprecated. Use the new replacement :code:`DeclaredTypeEntity` instead.
Java/Kotlin
"""""""""""
* The module :code:`semmle.code.java.frameworks.Castor` has been deprecated and will be removed in a future release.
* The module :code:`semmle.code.java.frameworks.JYaml` has been deprecated and will be removed in a future release.
* The classes :code:`UnsafeHessianInputReadObjectMethod` and :code:`BurlapInputReadObjectMethod` in the module :code:`semmle.code.java.frameworks.HessianBurlap` have been deprecated and will be removed in a future release.
* The class :code:`YamlBeansReaderReadMethod` in the module :code:`semmle.code.java.frameworks.YamlBeans` has been deprecated and will be removed in a future release.
* The class :code:`MethodApacheSerializationUtilsDeserialize` in the module :code:`semmle.code.java.frameworks.apache.Lang` has been deprecated and will be removed in a future release.
New Features
~~~~~~~~~~~~
C/C++
"""""
* Added a :code:`isFinalValueOfParameter` predicate to :code:`DataFlow::Node` which holds when a dataflow node represents the final value of an output parameter of a function.
C#
""
* Added a new predicate, :code:`getASuperType()`, to get a direct supertype of this type.
Java/Kotlin
"""""""""""
* You can now add sinks for the query "Deserialization of user-controlled data" (:code:`java/unsafe-deserialization`) using `data extensions <https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-java-and-kotlin/#extensible-predicates-used-to-create-custom-models-in-java-and-kotlin>`__ by extending :code:`sinkModel` and using the kind "unsafe-deserialization". The existing sinks that do not require extra logic to determine if they are unsafe are now defined in this way.
Shared Libraries
----------------
Minor Analysis Improvements
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Concepts
""""""""
* Initial release. Moves the shared concepts library into its own qlpack.

101
docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.22.3.rst Normal file
View File

@@ -0,0 +1,101 @@
.. _codeql-cli-2.22.3:
==========================
CodeQL 2.22.3 (2025-08-06)
==========================
.. contents:: Contents
:depth: 2
:local:
:backlinks: none
This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog <https://github.blog/tag/code-scanning/>`__, `relevant GitHub Changelog updates <https://github.blog/changelog/label/code-scanning/>`__, `changes in the CodeQL extension for Visual Studio Code <https://marketplace.visualstudio.com/items/GitHub.vscode-codeql/changelog>`__, and the `CodeQL Action changelog <https://github.com/github/codeql-action/blob/main/CHANGELOG.md>`__.
Security Coverage
-----------------
CodeQL 2.22.3 runs a total of 476 security queries when configured with the Default suite (covering 169 CWE). The Extended suite enables an additional 130 queries (covering 32 more CWE). 2 security queries have been added with this release.
CodeQL CLI
----------
New Features
~~~~~~~~~~~~
* The :code:`codeql database cleanup` command now takes the :code:`--cache-cleanup=overlay` option, which trims the cache to just the data that will be useful when evaluating against an overlay.
Query Packs
-----------
Minor Analysis Improvements
~~~~~~~~~~~~~~~~~~~~~~~~~~~
C/C++
"""""
* The "Initialization code not run" query (:code:`cpp/initialization-not-run`) no longer reports an alert on static global variables that have no dereference.
Rust
""""
* Type inference now supports closures, calls to closures, and trait bounds using the :code:`FnOnce` trait.
* Type inference now supports trait objects, i.e., :code:`dyn Trait` types.
* Type inference now supports tuple types.
New Queries
~~~~~~~~~~~
Rust
""""
* Added a new query, :code:`rust/hard-coded-cryptographic-value`, for detecting use of hardcoded keys, passwords, salts and initialization vectors.
Language Libraries
------------------
Minor Analysis Improvements
~~~~~~~~~~~~~~~~~~~~~~~~~~~
C/C++
"""""
* The :code:`cpp/overrun-write` query now recognizes more bound checks and thus produces fewer false positives.
JavaScript/TypeScript
"""""""""""""""""""""
* The regular expressions in :code:`SensitiveDataHeuristics.qll` have been extended to find more instances of sensitive data such as secrets used in authentication, finance and health information, and device data. The heuristics have also been refined to find fewer false positive matches. This will improve results for queries related to sensitive information.
Python
""""""
* The regular expressions in :code:`SensitiveDataHeuristics.qll` have been extended to find more instances of sensitive data such as secrets used in authentication, finance and health information, and device data. The heuristics have also been refined to find fewer false positive matches. This will improve results for queries related to sensitive information.
Ruby
""""
* The regular expressions in :code:`SensitiveDataHeuristics.qll` have been extended to find more instances of sensitive data such as secrets used in authentication, finance and health information, and device data. The heuristics have also been refined to find fewer false positive matches. This will improve results for queries related to sensitive information.
Swift
"""""
* The regular expressions in :code:`SensitiveDataHeuristics.qll` have been extended to find more instances of sensitive data such as secrets used in authentication, finance and health information, and device data. The heuristics have also been refined to find fewer false positive matches. This will improve results for queries related to sensitive information.
Rust
""""
* Removed deprecated dataflow extensible predicates :code:`sourceModelDeprecated`, :code:`sinkModelDeprecated`, and :code:`summaryModelDeprecated`, along with their associated classes.
* The regular expressions in :code:`SensitiveDataHeuristics.qll` have been extended to find more instances of sensitive data such as secrets used in authentication, finance and health information, and device data. The heuristics have also been refined to find fewer false positive matches. This will improve results for queries related to sensitive information.
New Features
~~~~~~~~~~~~
C/C++
"""""
* Exposed various SSA-related classes (:code:`Definition`, :code:`PhiNode`, :code:`ExplicitDefinition`, :code:`DirectExplicitDefinition`, and :code:`IndirectExplicitDefinition`) which were previously only usable inside the internal dataflow directory.
Java/Kotlin
"""""""""""
* Kotlin versions up to 2.2.2\ *x* are now supported.

2
docs/codeql/codeql-overview/codeql-changelog/index.rst
View File

@@ -11,6 +11,8 @@ A list of queries for each suite and language `is available here <https://docs.g
.. toctree::
:maxdepth: 1
codeql-cli-2.22.3
codeql-cli-2.22.2
codeql-cli-2.22.1
codeql-cli-2.22.0
codeql-cli-2.21.4

2
go/actions/test/action.yml
View File

@@ -4,7 +4,7 @@ inputs:
go-test-version:
description: Which Go version to use for running the tests
required: false
default: "~1.24.0"
default: "~1.25.0"
run-code-checks:
description: Whether to run formatting, code and qhelp generation checks
required: false

2
go/extractor/autobuilder/build-environment.go
View File

@@ -12,7 +12,7 @@ import (
)
var minGoVersion = util.NewSemVer("1.11")
var maxGoVersion = util.NewSemVer("1.24")
var maxGoVersion = util.NewSemVer("1.25")
type versionInfo struct {
goModVersion util.SemVer // The version of Go found in the go directive in the `go.mod` file.

4
go/extractor/go.mod
View File

@@ -1,8 +1,8 @@
module github.com/github/codeql-go/extractor
go 1.24
go 1.25
toolchain go1.24.0
toolchain go1.25.0
// when updating this, run
// bazel run @rules_go//go -- mod tidy

9
misc/bazel/3rdparty/py_deps/BUILD.ahash-0.4.8.bazel generated vendored
View File

@@ -6,10 +6,16 @@
# bazel run @@//misc/bazel/3rdparty:vendor_py_deps
###############################################################################
load("@rules_rust//cargo:defs.bzl", "cargo_toml_env_vars")
load("@rules_rust//rust:defs.bzl", "rust_library")
package(default_visibility = ["//visibility:public"])
cargo_toml_env_vars(
name = "cargo_toml_env_vars",
src = "Cargo.toml",
)
rust_library(
name = "ahash",
srcs = glob(
@@ -30,6 +36,9 @@ rust_library(
),
crate_root = "src/lib.rs",
edition = "2018",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],

9
misc/bazel/3rdparty/py_deps/BUILD.aho-corasick-1.1.3.bazel generated vendored
View File

@@ -6,10 +6,16 @@
# bazel run @@//misc/bazel/3rdparty:vendor_py_deps
###############################################################################
load("@rules_rust//cargo:defs.bzl", "cargo_toml_env_vars")
load("@rules_rust//rust:defs.bzl", "rust_library")
package(default_visibility = ["//visibility:public"])
cargo_toml_env_vars(
name = "cargo_toml_env_vars",
src = "Cargo.toml",
)
rust_library(
name = "aho_corasick",
srcs = glob(
@@ -34,6 +40,9 @@ rust_library(
],
crate_root = "src/lib.rs",
edition = "2021",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],

9
misc/bazel/3rdparty/py_deps/BUILD.anstream-0.6.18.bazel generated vendored
View File

@@ -6,10 +6,16 @@
# bazel run @@//misc/bazel/3rdparty:vendor_py_deps
###############################################################################
load("@rules_rust//cargo:defs.bzl", "cargo_toml_env_vars")
load("@rules_rust//rust:defs.bzl", "rust_library")
package(default_visibility = ["//visibility:public"])
cargo_toml_env_vars(
name = "cargo_toml_env_vars",
src = "Cargo.toml",
)
rust_library(
name = "anstream",
srcs = glob(
@@ -35,6 +41,9 @@ rust_library(
],
crate_root = "src/lib.rs",
edition = "2021",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],

9
misc/bazel/3rdparty/py_deps/BUILD.anstyle-1.0.10.bazel generated vendored
View File

@@ -6,10 +6,16 @@
# bazel run @@//misc/bazel/3rdparty:vendor_py_deps
###############################################################################
load("@rules_rust//cargo:defs.bzl", "cargo_toml_env_vars")
load("@rules_rust//rust:defs.bzl", "rust_library")
package(default_visibility = ["//visibility:public"])
cargo_toml_env_vars(
name = "cargo_toml_env_vars",
src = "Cargo.toml",
)
rust_library(
name = "anstyle",
srcs = glob(
@@ -34,6 +40,9 @@ rust_library(
],
crate_root = "src/lib.rs",
edition = "2021",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],

9
misc/bazel/3rdparty/py_deps/BUILD.anstyle-parse-0.2.6.bazel generated vendored
View File

@@ -6,10 +6,16 @@
# bazel run @@//misc/bazel/3rdparty:vendor_py_deps
###############################################################################
load("@rules_rust//cargo:defs.bzl", "cargo_toml_env_vars")
load("@rules_rust//rust:defs.bzl", "rust_library")
package(default_visibility = ["//visibility:public"])
cargo_toml_env_vars(
name = "cargo_toml_env_vars",
src = "Cargo.toml",
)
rust_library(
name = "anstyle_parse",
srcs = glob(
@@ -34,6 +40,9 @@ rust_library(
],
crate_root = "src/lib.rs",
edition = "2021",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],

9
misc/bazel/3rdparty/py_deps/BUILD.anstyle-query-1.1.2.bazel generated vendored
View File

@@ -6,10 +6,16 @@
# bazel run @@//misc/bazel/3rdparty:vendor_py_deps
###############################################################################
load("@rules_rust//cargo:defs.bzl", "cargo_toml_env_vars")
load("@rules_rust//rust:defs.bzl", "rust_library")
package(default_visibility = ["//visibility:public"])
cargo_toml_env_vars(
name = "cargo_toml_env_vars",
src = "Cargo.toml",
)
rust_library(
name = "anstyle_query",
srcs = glob(
@@ -30,6 +36,9 @@ rust_library(
),
crate_root = "src/lib.rs",
edition = "2021",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],

9
misc/bazel/3rdparty/py_deps/BUILD.anstyle-wincon-3.0.7.bazel generated vendored
View File

@@ -6,10 +6,16 @@
# bazel run @@//misc/bazel/3rdparty:vendor_py_deps
###############################################################################
load("@rules_rust//cargo:defs.bzl", "cargo_toml_env_vars")
load("@rules_rust//rust:defs.bzl", "rust_library")
package(default_visibility = ["//visibility:public"])
cargo_toml_env_vars(
name = "cargo_toml_env_vars",
src = "Cargo.toml",
)
rust_library(
name = "anstyle_wincon",
srcs = glob(
@@ -30,6 +36,9 @@ rust_library(
),
crate_root = "src/lib.rs",
edition = "2021",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],

17
misc/bazel/3rdparty/py_deps/BUILD.anyhow-1.0.95.bazel generated vendored
View File

@@ -6,11 +6,20 @@
# bazel run @@//misc/bazel/3rdparty:vendor_py_deps
###############################################################################
load("@rules_rust//cargo:defs.bzl", "cargo_build_script")
load(
"@rules_rust//cargo:defs.bzl",
"cargo_build_script",
"cargo_toml_env_vars",
)
load("@rules_rust//rust:defs.bzl", "rust_library")
package(default_visibility = ["//visibility:public"])
cargo_toml_env_vars(
name = "cargo_toml_env_vars",
src = "Cargo.toml",
)
rust_library(
name = "anyhow",
srcs = glob(
@@ -35,6 +44,9 @@ rust_library(
],
crate_root = "src/lib.rs",
edition = "2018",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],
@@ -129,6 +141,9 @@ cargo_build_script(
),
edition = "2018",
pkg_name = "anyhow",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],

9
misc/bazel/3rdparty/py_deps/BUILD.cc-1.2.14.bazel generated vendored
View File

@@ -6,10 +6,16 @@
# bazel run @@//misc/bazel/3rdparty:vendor_py_deps
###############################################################################
load("@rules_rust//cargo:defs.bzl", "cargo_toml_env_vars")
load("@rules_rust//rust:defs.bzl", "rust_library")
package(default_visibility = ["//visibility:public"])
cargo_toml_env_vars(
name = "cargo_toml_env_vars",
src = "Cargo.toml",
)
rust_library(
name = "cc",
srcs = glob(
@@ -30,6 +36,9 @@ rust_library(
),
crate_root = "src/lib.rs",
edition = "2018",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],

9
misc/bazel/3rdparty/py_deps/BUILD.cfg-if-1.0.0.bazel generated vendored
View File

@@ -6,10 +6,16 @@
# bazel run @@//misc/bazel/3rdparty:vendor_py_deps
###############################################################################
load("@rules_rust//cargo:defs.bzl", "cargo_toml_env_vars")
load("@rules_rust//rust:defs.bzl", "rust_library")
package(default_visibility = ["//visibility:public"])
cargo_toml_env_vars(
name = "cargo_toml_env_vars",
src = "Cargo.toml",
)
rust_library(
name = "cfg_if",
srcs = glob(
@@ -30,6 +36,9 @@ rust_library(
),
crate_root = "src/lib.rs",
edition = "2018",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],

9
misc/bazel/3rdparty/py_deps/BUILD.clap-4.5.30.bazel generated vendored
View File

@@ -6,10 +6,16 @@
# bazel run @@//misc/bazel/3rdparty:vendor_py_deps
###############################################################################
load("@rules_rust//cargo:defs.bzl", "cargo_toml_env_vars")
load("@rules_rust//rust:defs.bzl", "rust_library")
package(default_visibility = ["//visibility:public"])
cargo_toml_env_vars(
name = "cargo_toml_env_vars",
src = "Cargo.toml",
)
rust_library(
name = "clap",
srcs = glob(
@@ -39,6 +45,9 @@ rust_library(
],
crate_root = "src/lib.rs",
edition = "2021",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],

9
misc/bazel/3rdparty/py_deps/BUILD.clap_builder-4.5.30.bazel generated vendored
View File

@@ -6,10 +6,16 @@
# bazel run @@//misc/bazel/3rdparty:vendor_py_deps
###############################################################################
load("@rules_rust//cargo:defs.bzl", "cargo_toml_env_vars")
load("@rules_rust//rust:defs.bzl", "rust_library")
package(default_visibility = ["//visibility:public"])
cargo_toml_env_vars(
name = "cargo_toml_env_vars",
src = "Cargo.toml",
)
rust_library(
name = "clap_builder",
srcs = glob(
@@ -38,6 +44,9 @@ rust_library(
],
crate_root = "src/lib.rs",
edition = "2021",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],

9
misc/bazel/3rdparty/py_deps/BUILD.clap_lex-0.7.4.bazel generated vendored
View File

@@ -6,10 +6,16 @@
# bazel run @@//misc/bazel/3rdparty:vendor_py_deps
###############################################################################
load("@rules_rust//cargo:defs.bzl", "cargo_toml_env_vars")
load("@rules_rust//rust:defs.bzl", "rust_library")
package(default_visibility = ["//visibility:public"])
cargo_toml_env_vars(
name = "cargo_toml_env_vars",
src = "Cargo.toml",
)
rust_library(
name = "clap_lex",
srcs = glob(
@@ -30,6 +36,9 @@ rust_library(
),
crate_root = "src/lib.rs",
edition = "2021",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],

9
misc/bazel/3rdparty/py_deps/BUILD.colorchoice-1.0.3.bazel generated vendored
View File

@@ -6,10 +6,16 @@
# bazel run @@//misc/bazel/3rdparty:vendor_py_deps
###############################################################################
load("@rules_rust//cargo:defs.bzl", "cargo_toml_env_vars")
load("@rules_rust//rust:defs.bzl", "rust_library")
package(default_visibility = ["//visibility:public"])
cargo_toml_env_vars(
name = "cargo_toml_env_vars",
src = "Cargo.toml",
)
rust_library(
name = "colorchoice",
srcs = glob(
@@ -30,6 +36,9 @@ rust_library(
),
crate_root = "src/lib.rs",
edition = "2021",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],

9
misc/bazel/3rdparty/py_deps/BUILD.hashbrown-0.9.1.bazel generated vendored
View File

@@ -6,10 +6,16 @@
# bazel run @@//misc/bazel/3rdparty:vendor_py_deps
###############################################################################
load("@rules_rust//cargo:defs.bzl", "cargo_toml_env_vars")
load("@rules_rust//rust:defs.bzl", "rust_library")
package(default_visibility = ["//visibility:public"])
cargo_toml_env_vars(
name = "cargo_toml_env_vars",
src = "Cargo.toml",
)
rust_library(
name = "hashbrown",
srcs = glob(
@@ -34,6 +40,9 @@ rust_library(
],
crate_root = "src/lib.rs",
edition = "2018",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],

9
misc/bazel/3rdparty/py_deps/BUILD.is_terminal_polyfill-1.70.1.bazel generated vendored
View File

@@ -6,10 +6,16 @@
# bazel run @@//misc/bazel/3rdparty:vendor_py_deps
###############################################################################
load("@rules_rust//cargo:defs.bzl", "cargo_toml_env_vars")
load("@rules_rust//rust:defs.bzl", "rust_library")
package(default_visibility = ["//visibility:public"])
cargo_toml_env_vars(
name = "cargo_toml_env_vars",
src = "Cargo.toml",
)
rust_library(
name = "is_terminal_polyfill",
srcs = glob(
@@ -33,6 +39,9 @@ rust_library(
],
crate_root = "src/lib.rs",
edition = "2021",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],

9
misc/bazel/3rdparty/py_deps/BUILD.itoa-1.0.14.bazel generated vendored
View File

@@ -6,10 +6,16 @@
# bazel run @@//misc/bazel/3rdparty:vendor_py_deps
###############################################################################
load("@rules_rust//cargo:defs.bzl", "cargo_toml_env_vars")
load("@rules_rust//rust:defs.bzl", "rust_library")
package(default_visibility = ["//visibility:public"])
cargo_toml_env_vars(
name = "cargo_toml_env_vars",
src = "Cargo.toml",
)
rust_library(
name = "itoa",
srcs = glob(
@@ -30,6 +36,9 @@ rust_library(
),
crate_root = "src/lib.rs",
edition = "2018",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],

9
misc/bazel/3rdparty/py_deps/BUILD.log-0.4.25.bazel generated vendored
View File

@@ -6,10 +6,16 @@
# bazel run @@//misc/bazel/3rdparty:vendor_py_deps
###############################################################################
load("@rules_rust//cargo:defs.bzl", "cargo_toml_env_vars")
load("@rules_rust//rust:defs.bzl", "rust_library")
package(default_visibility = ["//visibility:public"])
cargo_toml_env_vars(
name = "cargo_toml_env_vars",
src = "Cargo.toml",
)
rust_library(
name = "log",
srcs = glob(
@@ -30,6 +36,9 @@ rust_library(
),
crate_root = "src/lib.rs",
edition = "2021",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],

9
misc/bazel/3rdparty/py_deps/BUILD.memchr-2.7.4.bazel generated vendored
View File

@@ -6,10 +6,16 @@
# bazel run @@//misc/bazel/3rdparty:vendor_py_deps
###############################################################################
load("@rules_rust//cargo:defs.bzl", "cargo_toml_env_vars")
load("@rules_rust//rust:defs.bzl", "rust_library")
package(default_visibility = ["//visibility:public"])
cargo_toml_env_vars(
name = "cargo_toml_env_vars",
src = "Cargo.toml",
)
rust_library(
name = "memchr",
srcs = glob(
@@ -34,6 +40,9 @@ rust_library(
],
crate_root = "src/lib.rs",
edition = "2021",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],

9
misc/bazel/3rdparty/py_deps/BUILD.once_cell-1.20.3.bazel generated vendored
View File

@@ -6,10 +6,16 @@
# bazel run @@//misc/bazel/3rdparty:vendor_py_deps
###############################################################################
load("@rules_rust//cargo:defs.bzl", "cargo_toml_env_vars")
load("@rules_rust//rust:defs.bzl", "rust_library")
package(default_visibility = ["//visibility:public"])
cargo_toml_env_vars(
name = "cargo_toml_env_vars",
src = "Cargo.toml",
)
rust_library(
name = "once_cell",
srcs = glob(
@@ -36,6 +42,9 @@ rust_library(
],
crate_root = "src/lib.rs",
edition = "2021",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],

17
misc/bazel/3rdparty/py_deps/BUILD.proc-macro2-1.0.93.bazel generated vendored
View File

@@ -6,11 +6,20 @@
# bazel run @@//misc/bazel/3rdparty:vendor_py_deps
###############################################################################
load("@rules_rust//cargo:defs.bzl", "cargo_build_script")
load(
"@rules_rust//cargo:defs.bzl",
"cargo_build_script",
"cargo_toml_env_vars",
)
load("@rules_rust//rust:defs.bzl", "rust_library")
package(default_visibility = ["//visibility:public"])
cargo_toml_env_vars(
name = "cargo_toml_env_vars",
src = "Cargo.toml",
)
rust_library(
name = "proc_macro2",
srcs = glob(
@@ -35,6 +44,9 @@ rust_library(
],
crate_root = "src/lib.rs",
edition = "2021",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],
@@ -130,6 +142,9 @@ cargo_build_script(
),
edition = "2021",
pkg_name = "proc-macro2",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],

9
misc/bazel/3rdparty/py_deps/BUILD.quote-1.0.38.bazel generated vendored
View File

@@ -6,10 +6,16 @@
# bazel run @@//misc/bazel/3rdparty:vendor_py_deps
###############################################################################
load("@rules_rust//cargo:defs.bzl", "cargo_toml_env_vars")
load("@rules_rust//rust:defs.bzl", "rust_library")
package(default_visibility = ["//visibility:public"])
cargo_toml_env_vars(
name = "cargo_toml_env_vars",
src = "Cargo.toml",
)
rust_library(
name = "quote",
srcs = glob(
@@ -34,6 +40,9 @@ rust_library(
],
crate_root = "src/lib.rs",
edition = "2018",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],

9
misc/bazel/3rdparty/py_deps/BUILD.regex-1.11.1.bazel generated vendored
View File

@@ -6,10 +6,16 @@
# bazel run @@//misc/bazel/3rdparty:vendor_py_deps
###############################################################################
load("@rules_rust//cargo:defs.bzl", "cargo_toml_env_vars")
load("@rules_rust//rust:defs.bzl", "rust_library")
package(default_visibility = ["//visibility:public"])
cargo_toml_env_vars(
name = "cargo_toml_env_vars",
src = "Cargo.toml",
)
rust_library(
name = "regex",
srcs = glob(
@@ -49,6 +55,9 @@ rust_library(
],
crate_root = "src/lib.rs",
edition = "2021",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],

9
misc/bazel/3rdparty/py_deps/BUILD.regex-automata-0.4.9.bazel generated vendored
View File

@@ -6,10 +6,16 @@
# bazel run @@//misc/bazel/3rdparty:vendor_py_deps
###############################################################################
load("@rules_rust//cargo:defs.bzl", "cargo_toml_env_vars")
load("@rules_rust//rust:defs.bzl", "rust_library")
package(default_visibility = ["//visibility:public"])
cargo_toml_env_vars(
name = "cargo_toml_env_vars",
src = "Cargo.toml",
)
rust_library(
name = "regex_automata",
srcs = glob(
@@ -54,6 +60,9 @@ rust_library(
],
crate_root = "src/lib.rs",
edition = "2021",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],

9
misc/bazel/3rdparty/py_deps/BUILD.regex-syntax-0.8.5.bazel generated vendored
View File

@@ -6,10 +6,16 @@
# bazel run @@//misc/bazel/3rdparty:vendor_py_deps
###############################################################################
load("@rules_rust//cargo:defs.bzl", "cargo_toml_env_vars")
load("@rules_rust//rust:defs.bzl", "rust_library")
package(default_visibility = ["//visibility:public"])
cargo_toml_env_vars(
name = "cargo_toml_env_vars",
src = "Cargo.toml",
)
rust_library(
name = "regex_syntax",
srcs = glob(
@@ -42,6 +48,9 @@ rust_library(
],
crate_root = "src/lib.rs",
edition = "2021",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],

9
misc/bazel/3rdparty/py_deps/BUILD.ryu-1.0.19.bazel generated vendored
View File

@@ -6,10 +6,16 @@
# bazel run @@//misc/bazel/3rdparty:vendor_py_deps
###############################################################################
load("@rules_rust//cargo:defs.bzl", "cargo_toml_env_vars")
load("@rules_rust//rust:defs.bzl", "rust_library")
package(default_visibility = ["//visibility:public"])
cargo_toml_env_vars(
name = "cargo_toml_env_vars",
src = "Cargo.toml",
)
rust_library(
name = "ryu",
srcs = glob(
@@ -30,6 +36,9 @@ rust_library(
),
crate_root = "src/lib.rs",
edition = "2018",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],

17
misc/bazel/3rdparty/py_deps/BUILD.serde-1.0.217.bazel generated vendored
View File

@@ -6,11 +6,20 @@
# bazel run @@//misc/bazel/3rdparty:vendor_py_deps
###############################################################################
load("@rules_rust//cargo:defs.bzl", "cargo_build_script")
load(
"@rules_rust//cargo:defs.bzl",
"cargo_build_script",
"cargo_toml_env_vars",
)
load("@rules_rust//rust:defs.bzl", "rust_library")
package(default_visibility = ["//visibility:public"])
cargo_toml_env_vars(
name = "cargo_toml_env_vars",
src = "Cargo.toml",
)
rust_library(
name = "serde",
srcs = glob(
@@ -35,6 +44,9 @@ rust_library(
],
crate_root = "src/lib.rs",
edition = "2018",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],
@@ -129,6 +141,9 @@ cargo_build_script(
),
edition = "2018",
pkg_name = "serde",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],

9
misc/bazel/3rdparty/py_deps/BUILD.serde_derive-1.0.217.bazel generated vendored
View File

@@ -6,10 +6,16 @@
# bazel run @@//misc/bazel/3rdparty:vendor_py_deps
###############################################################################
load("@rules_rust//cargo:defs.bzl", "cargo_toml_env_vars")
load("@rules_rust//rust:defs.bzl", "rust_proc_macro")
package(default_visibility = ["//visibility:public"])
cargo_toml_env_vars(
name = "cargo_toml_env_vars",
src = "Cargo.toml",
)
rust_proc_macro(
name = "serde_derive",
srcs = glob(
@@ -30,6 +36,9 @@ rust_proc_macro(
),
crate_root = "src/lib.rs",
edition = "2015",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],

17
misc/bazel/3rdparty/py_deps/BUILD.serde_json-1.0.138.bazel generated vendored
View File

@@ -6,11 +6,20 @@
# bazel run @@//misc/bazel/3rdparty:vendor_py_deps
###############################################################################
load("@rules_rust//cargo:defs.bzl", "cargo_build_script")
load(
"@rules_rust//cargo:defs.bzl",
"cargo_build_script",
"cargo_toml_env_vars",
)
load("@rules_rust//rust:defs.bzl", "rust_library")
package(default_visibility = ["//visibility:public"])
cargo_toml_env_vars(
name = "cargo_toml_env_vars",
src = "Cargo.toml",
)
rust_library(
name = "serde_json",
srcs = glob(
@@ -35,6 +44,9 @@ rust_library(
],
crate_root = "src/lib.rs",
edition = "2021",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],
@@ -133,6 +145,9 @@ cargo_build_script(
),
edition = "2021",
pkg_name = "serde_json",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],

9
misc/bazel/3rdparty/py_deps/BUILD.shlex-1.3.0.bazel generated vendored
View File

@@ -6,10 +6,16 @@
# bazel run @@//misc/bazel/3rdparty:vendor_py_deps
###############################################################################
load("@rules_rust//cargo:defs.bzl", "cargo_toml_env_vars")
load("@rules_rust//rust:defs.bzl", "rust_library")
package(default_visibility = ["//visibility:public"])
cargo_toml_env_vars(
name = "cargo_toml_env_vars",
src = "Cargo.toml",
)
rust_library(
name = "shlex",
srcs = glob(
@@ -34,6 +40,9 @@ rust_library(
],
crate_root = "src/lib.rs",
edition = "2015",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],

9
misc/bazel/3rdparty/py_deps/BUILD.smallvec-1.14.0.bazel generated vendored
View File

@@ -6,10 +6,16 @@
# bazel run @@//misc/bazel/3rdparty:vendor_py_deps
###############################################################################
load("@rules_rust//cargo:defs.bzl", "cargo_toml_env_vars")
load("@rules_rust//rust:defs.bzl", "rust_library")
package(default_visibility = ["//visibility:public"])
cargo_toml_env_vars(
name = "cargo_toml_env_vars",
src = "Cargo.toml",
)
rust_library(
name = "smallvec",
srcs = glob(
@@ -33,6 +39,9 @@ rust_library(
],
crate_root = "src/lib.rs",
edition = "2018",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],

9
misc/bazel/3rdparty/py_deps/BUILD.string-interner-0.12.2.bazel generated vendored
View File

@@ -6,10 +6,16 @@
# bazel run @@//misc/bazel/3rdparty:vendor_py_deps
###############################################################################
load("@rules_rust//cargo:defs.bzl", "cargo_toml_env_vars")
load("@rules_rust//rust:defs.bzl", "rust_library")
package(default_visibility = ["//visibility:public"])
cargo_toml_env_vars(
name = "cargo_toml_env_vars",
src = "Cargo.toml",
)
rust_library(
name = "string_interner",
srcs = glob(
@@ -35,6 +41,9 @@ rust_library(
],
crate_root = "src/lib.rs",
edition = "2018",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],

9
misc/bazel/3rdparty/py_deps/BUILD.strsim-0.11.1.bazel generated vendored
View File

@@ -6,10 +6,16 @@
# bazel run @@//misc/bazel/3rdparty:vendor_py_deps
###############################################################################
load("@rules_rust//cargo:defs.bzl", "cargo_toml_env_vars")
load("@rules_rust//rust:defs.bzl", "rust_library")
package(default_visibility = ["//visibility:public"])
cargo_toml_env_vars(
name = "cargo_toml_env_vars",
src = "Cargo.toml",
)
rust_library(
name = "strsim",
srcs = glob(
@@ -30,6 +36,9 @@ rust_library(
),
crate_root = "src/lib.rs",
edition = "2015",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],

9
misc/bazel/3rdparty/py_deps/BUILD.syn-2.0.98.bazel generated vendored
View File

@@ -6,10 +6,16 @@
# bazel run @@//misc/bazel/3rdparty:vendor_py_deps
###############################################################################
load("@rules_rust//cargo:defs.bzl", "cargo_toml_env_vars")
load("@rules_rust//rust:defs.bzl", "rust_library")
package(default_visibility = ["//visibility:public"])
cargo_toml_env_vars(
name = "cargo_toml_env_vars",
src = "Cargo.toml",
)
rust_library(
name = "syn",
srcs = glob(
@@ -38,6 +44,9 @@ rust_library(
],
crate_root = "src/lib.rs",
edition = "2021",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],

17
misc/bazel/3rdparty/py_deps/BUILD.thiserror-1.0.69.bazel generated vendored
View File

@@ -6,11 +6,20 @@
# bazel run @@//misc/bazel/3rdparty:vendor_py_deps
###############################################################################
load("@rules_rust//cargo:defs.bzl", "cargo_build_script")
load(
"@rules_rust//cargo:defs.bzl",
"cargo_build_script",
"cargo_toml_env_vars",
)
load("@rules_rust//rust:defs.bzl", "rust_library")
package(default_visibility = ["//visibility:public"])
cargo_toml_env_vars(
name = "cargo_toml_env_vars",
src = "Cargo.toml",
)
rust_library(
name = "thiserror",
srcs = glob(
@@ -34,6 +43,9 @@ rust_library(
proc_macro_deps = [
"@vendor_py__thiserror-impl-1.0.69//:thiserror_impl",
],
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],
@@ -124,6 +136,9 @@ cargo_build_script(
),
edition = "2021",
pkg_name = "thiserror",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],

9
misc/bazel/3rdparty/py_deps/BUILD.thiserror-impl-1.0.69.bazel generated vendored
View File

@@ -6,10 +6,16 @@
# bazel run @@//misc/bazel/3rdparty:vendor_py_deps
###############################################################################
load("@rules_rust//cargo:defs.bzl", "cargo_toml_env_vars")
load("@rules_rust//rust:defs.bzl", "rust_proc_macro")
package(default_visibility = ["//visibility:public"])
cargo_toml_env_vars(
name = "cargo_toml_env_vars",
src = "Cargo.toml",
)
rust_proc_macro(
name = "thiserror_impl",
srcs = glob(
@@ -30,6 +36,9 @@ rust_proc_macro(
),
crate_root = "src/lib.rs",
edition = "2021",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],

17
misc/bazel/3rdparty/py_deps/BUILD.tree-sitter-0.20.4.bazel generated vendored
View File

@@ -6,11 +6,20 @@
# bazel run @@//misc/bazel/3rdparty:vendor_py_deps
###############################################################################
load("@rules_rust//cargo:defs.bzl", "cargo_build_script")
load(
"@rules_rust//cargo:defs.bzl",
"cargo_build_script",
"cargo_toml_env_vars",
)
load("@rules_rust//rust:defs.bzl", "rust_library")
package(default_visibility = ["//visibility:public"])
cargo_toml_env_vars(
name = "cargo_toml_env_vars",
src = "Cargo.toml",
)
rust_library(
name = "tree_sitter",
srcs = glob(
@@ -31,6 +40,9 @@ rust_library(
),
crate_root = "binding_rust/lib.rs",
edition = "2018",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],
@@ -122,6 +134,9 @@ cargo_build_script(
),
edition = "2018",
pkg_name = "tree-sitter",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],

9
misc/bazel/3rdparty/py_deps/BUILD.tree-sitter-graph-0.7.0.bazel generated vendored
View File

@@ -6,10 +6,16 @@
# bazel run @@//misc/bazel/3rdparty:vendor_py_deps
###############################################################################
load("@rules_rust//cargo:defs.bzl", "cargo_toml_env_vars")
load("@rules_rust//rust:defs.bzl", "rust_library")
package(default_visibility = ["//visibility:public"])
cargo_toml_env_vars(
name = "cargo_toml_env_vars",
src = "Cargo.toml",
)
rust_library(
name = "tree_sitter_graph",
srcs = glob(
@@ -30,6 +36,9 @@ rust_library(
),
crate_root = "src/lib.rs",
edition = "2018",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],

9
misc/bazel/3rdparty/py_deps/BUILD.unicode-ident-1.0.16.bazel generated vendored
View File

@@ -6,10 +6,16 @@
# bazel run @@//misc/bazel/3rdparty:vendor_py_deps
###############################################################################
load("@rules_rust//cargo:defs.bzl", "cargo_toml_env_vars")
load("@rules_rust//rust:defs.bzl", "rust_library")
package(default_visibility = ["//visibility:public"])
cargo_toml_env_vars(
name = "cargo_toml_env_vars",
src = "Cargo.toml",
)
rust_library(
name = "unicode_ident",
srcs = glob(
@@ -30,6 +36,9 @@ rust_library(
),
crate_root = "src/lib.rs",
edition = "2018",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],

9
misc/bazel/3rdparty/py_deps/BUILD.utf8parse-0.2.2.bazel generated vendored
View File

@@ -6,10 +6,16 @@
# bazel run @@//misc/bazel/3rdparty:vendor_py_deps
###############################################################################
load("@rules_rust//cargo:defs.bzl", "cargo_toml_env_vars")
load("@rules_rust//rust:defs.bzl", "rust_library")
package(default_visibility = ["//visibility:public"])
cargo_toml_env_vars(
name = "cargo_toml_env_vars",
src = "Cargo.toml",
)
rust_library(
name = "utf8parse",
srcs = glob(
@@ -33,6 +39,9 @@ rust_library(
],
crate_root = "src/lib.rs",
edition = "2018",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],

9
misc/bazel/3rdparty/py_deps/BUILD.windows-sys-0.59.0.bazel generated vendored
View File

@@ -6,10 +6,16 @@
# bazel run @@//misc/bazel/3rdparty:vendor_py_deps
###############################################################################
load("@rules_rust//cargo:defs.bzl", "cargo_toml_env_vars")
load("@rules_rust//rust:defs.bzl", "rust_library")
package(default_visibility = ["//visibility:public"])
cargo_toml_env_vars(
name = "cargo_toml_env_vars",
src = "Cargo.toml",
)
rust_library(
name = "windows_sys",
srcs = glob(
@@ -37,6 +43,9 @@ rust_library(
],
crate_root = "src/lib.rs",
edition = "2021",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],

9
misc/bazel/3rdparty/py_deps/BUILD.windows-targets-0.52.6.bazel generated vendored
View File

@@ -6,10 +6,16 @@
# bazel run @@//misc/bazel/3rdparty:vendor_py_deps
###############################################################################
load("@rules_rust//cargo:defs.bzl", "cargo_toml_env_vars")
load("@rules_rust//rust:defs.bzl", "rust_library")
package(default_visibility = ["//visibility:public"])
cargo_toml_env_vars(
name = "cargo_toml_env_vars",
src = "Cargo.toml",
)
rust_library(
name = "windows_targets",
srcs = glob(
@@ -30,6 +36,9 @@ rust_library(
),
crate_root = "src/lib.rs",
edition = "2021",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],

17
misc/bazel/3rdparty/py_deps/BUILD.windows_aarch64_gnullvm-0.52.6.bazel generated vendored
View File

@@ -6,11 +6,20 @@
# bazel run @@//misc/bazel/3rdparty:vendor_py_deps
###############################################################################
load("@rules_rust//cargo:defs.bzl", "cargo_build_script")
load(
"@rules_rust//cargo:defs.bzl",
"cargo_build_script",
"cargo_toml_env_vars",
)
load("@rules_rust//rust:defs.bzl", "rust_library")
package(default_visibility = ["//visibility:public"])
cargo_toml_env_vars(
name = "cargo_toml_env_vars",
src = "Cargo.toml",
)
rust_library(
name = "windows_aarch64_gnullvm",
srcs = glob(
@@ -31,6 +40,9 @@ rust_library(
),
crate_root = "src/lib.rs",
edition = "2021",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],
@@ -121,6 +133,9 @@ cargo_build_script(
),
edition = "2021",
pkg_name = "windows_aarch64_gnullvm",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],

17
misc/bazel/3rdparty/py_deps/BUILD.windows_aarch64_msvc-0.52.6.bazel generated vendored
View File

@@ -6,11 +6,20 @@
# bazel run @@//misc/bazel/3rdparty:vendor_py_deps
###############################################################################
load("@rules_rust//cargo:defs.bzl", "cargo_build_script")
load(
"@rules_rust//cargo:defs.bzl",
"cargo_build_script",
"cargo_toml_env_vars",
)
load("@rules_rust//rust:defs.bzl", "rust_library")
package(default_visibility = ["//visibility:public"])
cargo_toml_env_vars(
name = "cargo_toml_env_vars",
src = "Cargo.toml",
)
rust_library(
name = "windows_aarch64_msvc",
srcs = glob(
@@ -31,6 +40,9 @@ rust_library(
),
crate_root = "src/lib.rs",
edition = "2021",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],
@@ -121,6 +133,9 @@ cargo_build_script(
),
edition = "2021",
pkg_name = "windows_aarch64_msvc",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],

17
misc/bazel/3rdparty/py_deps/BUILD.windows_i686_gnu-0.52.6.bazel generated vendored
View File

@@ -6,11 +6,20 @@
# bazel run @@//misc/bazel/3rdparty:vendor_py_deps
###############################################################################
load("@rules_rust//cargo:defs.bzl", "cargo_build_script")
load(
"@rules_rust//cargo:defs.bzl",
"cargo_build_script",
"cargo_toml_env_vars",
)
load("@rules_rust//rust:defs.bzl", "rust_library")
package(default_visibility = ["//visibility:public"])
cargo_toml_env_vars(
name = "cargo_toml_env_vars",
src = "Cargo.toml",
)
rust_library(
name = "windows_i686_gnu",
srcs = glob(
@@ -31,6 +40,9 @@ rust_library(
),
crate_root = "src/lib.rs",
edition = "2021",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],
@@ -121,6 +133,9 @@ cargo_build_script(
),
edition = "2021",
pkg_name = "windows_i686_gnu",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],

17
misc/bazel/3rdparty/py_deps/BUILD.windows_i686_gnullvm-0.52.6.bazel generated vendored
View File

@@ -6,11 +6,20 @@
# bazel run @@//misc/bazel/3rdparty:vendor_py_deps
###############################################################################
load("@rules_rust//cargo:defs.bzl", "cargo_build_script")
load(
"@rules_rust//cargo:defs.bzl",
"cargo_build_script",
"cargo_toml_env_vars",
)
load("@rules_rust//rust:defs.bzl", "rust_library")
package(default_visibility = ["//visibility:public"])
cargo_toml_env_vars(
name = "cargo_toml_env_vars",
src = "Cargo.toml",
)
rust_library(
name = "windows_i686_gnullvm",
srcs = glob(
@@ -31,6 +40,9 @@ rust_library(
),
crate_root = "src/lib.rs",
edition = "2021",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],
@@ -121,6 +133,9 @@ cargo_build_script(
),
edition = "2021",
pkg_name = "windows_i686_gnullvm",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],

17
misc/bazel/3rdparty/py_deps/BUILD.windows_i686_msvc-0.52.6.bazel generated vendored
View File

@@ -6,11 +6,20 @@
# bazel run @@//misc/bazel/3rdparty:vendor_py_deps
###############################################################################
load("@rules_rust//cargo:defs.bzl", "cargo_build_script")
load(
"@rules_rust//cargo:defs.bzl",
"cargo_build_script",
"cargo_toml_env_vars",
)
load("@rules_rust//rust:defs.bzl", "rust_library")
package(default_visibility = ["//visibility:public"])
cargo_toml_env_vars(
name = "cargo_toml_env_vars",
src = "Cargo.toml",
)
rust_library(
name = "windows_i686_msvc",
srcs = glob(
@@ -31,6 +40,9 @@ rust_library(
),
crate_root = "src/lib.rs",
edition = "2021",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],
@@ -121,6 +133,9 @@ cargo_build_script(
),
edition = "2021",
pkg_name = "windows_i686_msvc",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],

17
misc/bazel/3rdparty/py_deps/BUILD.windows_x86_64_gnu-0.52.6.bazel generated vendored
View File

@@ -6,11 +6,20 @@
# bazel run @@//misc/bazel/3rdparty:vendor_py_deps
###############################################################################
load("@rules_rust//cargo:defs.bzl", "cargo_build_script")
load(
"@rules_rust//cargo:defs.bzl",
"cargo_build_script",
"cargo_toml_env_vars",
)
load("@rules_rust//rust:defs.bzl", "rust_library")
package(default_visibility = ["//visibility:public"])
cargo_toml_env_vars(
name = "cargo_toml_env_vars",
src = "Cargo.toml",
)
rust_library(
name = "windows_x86_64_gnu",
srcs = glob(
@@ -31,6 +40,9 @@ rust_library(
),
crate_root = "src/lib.rs",
edition = "2021",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],
@@ -121,6 +133,9 @@ cargo_build_script(
),
edition = "2021",
pkg_name = "windows_x86_64_gnu",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],

17
misc/bazel/3rdparty/py_deps/BUILD.windows_x86_64_gnullvm-0.52.6.bazel generated vendored
View File

@@ -6,11 +6,20 @@
# bazel run @@//misc/bazel/3rdparty:vendor_py_deps
###############################################################################
load("@rules_rust//cargo:defs.bzl", "cargo_build_script")
load(
"@rules_rust//cargo:defs.bzl",
"cargo_build_script",
"cargo_toml_env_vars",
)
load("@rules_rust//rust:defs.bzl", "rust_library")
package(default_visibility = ["//visibility:public"])
cargo_toml_env_vars(
name = "cargo_toml_env_vars",
src = "Cargo.toml",
)
rust_library(
name = "windows_x86_64_gnullvm",
srcs = glob(
@@ -31,6 +40,9 @@ rust_library(
),
crate_root = "src/lib.rs",
edition = "2021",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],
@@ -121,6 +133,9 @@ cargo_build_script(
),
edition = "2021",
pkg_name = "windows_x86_64_gnullvm",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],

17
misc/bazel/3rdparty/py_deps/BUILD.windows_x86_64_msvc-0.52.6.bazel generated vendored
View File

@@ -6,11 +6,20 @@
# bazel run @@//misc/bazel/3rdparty:vendor_py_deps
###############################################################################
load("@rules_rust//cargo:defs.bzl", "cargo_build_script")
load(
"@rules_rust//cargo:defs.bzl",
"cargo_build_script",
"cargo_toml_env_vars",
)
load("@rules_rust//rust:defs.bzl", "rust_library")
package(default_visibility = ["//visibility:public"])
cargo_toml_env_vars(
name = "cargo_toml_env_vars",
src = "Cargo.toml",
)
rust_library(
name = "windows_x86_64_msvc",
srcs = glob(
@@ -31,6 +40,9 @@ rust_library(
),
crate_root = "src/lib.rs",
edition = "2021",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],
@@ -121,6 +133,9 @@ cargo_build_script(
),
edition = "2021",
pkg_name = "windows_x86_64_msvc",
rustc_env_files = [
":cargo_toml_env_vars",
],
rustc_flags = [
"--cap-lints=allow",
],

4
rust/ql/lib/change-notes/2025-08-11-database-models.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Added more detail to models of `postgres`, `rusqlite`, `sqlx` and `tokio-postgres`. This may improve query results, particularly for `rust/sql-injection` and `rust/cleartext-storage-database`.

13
rust/ql/lib/codeql/rust/dataflow/internal/FlowSummaryImpl.qll
View File

@@ -19,19 +19,6 @@ module Input implements InputSig<Location, RustDataFlow> {
/** Gets the associated call. */
abstract CallExprBase getCall();
/** Holds if the associated call resolves to `crate, path`. */
final predicate callResolvesTo(string crate, string path) {
exists(Resolvable r |
r = CallExprBaseImpl::getCallResolvable(this.getCall()) and
path = r.getResolvedPath()
|
crate = r.getResolvedCrateOrigin()
or
not r.hasResolvedCrateOrigin() and
crate = ""
)
}
/** Holds if the associated call resolves to `path`. */
final predicate callResolvesTo(string path) {
path = this.getCall().getStaticTarget().(Addressable).getCanonicalPath()

9
rust/ql/lib/codeql/rust/frameworks/postgres.model.yml
View File

@@ -13,3 +13,12 @@ extensions:
- ["<postgres::client::Client>::query_raw", "Argument[0]", "sql-injection", "manual"]
- ["<postgres::client::Client>::query_typed", "Argument[0]", "sql-injection", "manual"]
- ["<postgres::client::Client>::query_typed_raw", "Argument[0]", "sql-injection", "manual"]
- ["<postgres::client::Client>::simple_query", "Argument[0]", "sql-injection", "manual"]
- addsTo:
pack: codeql/rust-all
extensible: sourceModel
data:
- ["<postgres::row::Row>::get", "ReturnValue", "database", "manual"]
- ["<postgres::row::Row>::try_get", "ReturnValue.Field[core::result::Result::Ok(0)]", "database", "manual"]
- ["<postgres::row::SimpleQueryRow>::get", "ReturnValue.Field[core::option::Option::Some(0)]", "database", "manual"]
- ["<postgres::row::SimpleQueryRow>::try_get", "ReturnValue.Field[core::result::Result::Ok(0)].Field[core::option::Option::Some(0)]", "database", "manual"]

4
rust/ql/lib/codeql/rust/frameworks/rusqlite.model.yml
View File

@@ -5,10 +5,12 @@ extensions:
data:
- ["<rusqlite::Connection>::execute", "Argument[0]", "sql-injection", "manual"]
- ["<rusqlite::Connection>::execute_batch", "Argument[0]", "sql-injection", "manual"]
- ["<rusqlite::Connection>::prepare_cached", "Argument[0]", "sql-injection", "manual"]
- ["<rusqlite::Connection>::prepare", "Argument[0]", "sql-injection", "manual"]
- [<rusqlite::Connection>::prepare_with_flags", "Argument[0]", "sql-injection", "manual"]
- ["<rusqlite::Connection>::prepare_with_flags", "Argument[0]", "sql-injection", "manual"]
- ["<rusqlite::Connection>::query_row", "Argument[0]", "sql-injection", "manual"]
- ["<rusqlite::Connection>::query_row_and_then", "Argument[0]", "sql-injection", "manual"]
- ["<rusqlite::Connection>::query_one", "Argument[0]", "sql-injection", "manual"]
- addsTo:
pack: codeql/rust-all
extensible: sourceModel

8
rust/ql/lib/codeql/rust/frameworks/sqlx.model.yml
View File

@@ -11,3 +11,11 @@ extensions:
- ["sqlx_core::query_scalar_with::query_scalar_with", "Argument[0]", "sql-injection", "manual"]
- ["sqlx_core::raw_sql::raw_sql", "Argument[0]", "sql-injection", "manual"]
- ["<_ as sqlx_core::executor::Executor>::execute", "Argument[0]", "sql-injection", "manual"]
- addsTo:
pack: codeql/rust-all
extensible: sourceModel
data:
- ["<sqlx_core::row::Row>::get", "ReturnValue", "database", "manual"]
- ["<sqlx_core::row::Row>::get_unchecked", "ReturnValue", "database", "manual"]
- ["<sqlx_core::row::Row>::try_get", "ReturnValue.Field[core::result::Result::Ok(0)]", "database", "manual"]
- ["<sqlx_core::row::Row>::try_get_unchecked", "ReturnValue.Field[core::result::Result::Ok(0)]", "database", "manual"]

2
rust/ql/lib/codeql/rust/frameworks/stdlib/Stdlib.qll
View File

@@ -14,7 +14,7 @@ private import codeql.rust.internal.PathResolution
*/
private class StartswithCall extends Path::SafeAccessCheck::Range, CfgNodes::MethodCallExprCfgNode {
StartswithCall() {
this.getAstNode().(Resolvable).getResolvedPath() = "<crate::path::Path>::starts_with"
this.getMethodCallExpr().getStaticTarget().getCanonicalPath() = "<std::path::Path>::starts_with"
}
override predicate checks(Cfg::CfgNode e, boolean branch) {

3
rust/ql/lib/codeql/rust/frameworks/tokio-postgres.model.yml
View File

@@ -9,6 +9,7 @@ extensions:
- ["<tokio_postgres::client::Client>::prepare", "Argument[0]", "sql-injection", "manual"]
- ["<tokio_postgres::client::Client>::prepare_typed", "Argument[0]", "sql-injection", "manual"]
- ["<tokio_postgres::client::Client>::query", "Argument[0]", "sql-injection", "manual"]
- ["<tokio_postgres::client::Client>::query_one", "Argument[0]", "sql-injection", "manual"]
- ["<tokio_postgres::client::Client>::query_opt", "Argument[0]", "sql-injection", "manual"]
- ["<tokio_postgres::client::Client>::query_raw", "Argument[0]", "sql-injection", "manual"]
- ["<tokio_postgres::client::Client>::query_typed", "Argument[0]", "sql-injection", "manual"]
@@ -21,3 +22,5 @@ extensions:
data:
- ["<tokio_postgres::row::Row>::get", "ReturnValue", "database", "manual"]
- ["<tokio_postgres::row::Row>::try_get", "ReturnValue.Field[core::result::Result::Ok(0)]", "database", "manual"]
- ["<tokio_postgres::row::SimpleQueryRow>::get", "ReturnValue.Field[core::option::Option::Some(0)]", "database", "manual"]
- ["<tokio_postgres::row::SimpleQueryRow>::try_get", "ReturnValue.Field[core::result::Result::Ok(0)].Field[core::option::Option::Some(0)]", "database", "manual"]

2
rust/ql/lib/codeql/rust/internal/Type.qll
View File

@@ -119,7 +119,7 @@ class TupleType extends Type, TTuple {
}
/** The unit type `()`. */
class UnitType extends TupleType, TTuple {
class UnitType extends TupleType {
UnitType() { this = TTuple(0) }
override string toString() { result = "()" }

169
rust/ql/lib/codeql/rust/internal/TypeInference.qll
View File

@@ -1135,6 +1135,36 @@ private Type inferCallExprBaseType(AstNode n, TypePath path) {
)
}
pragma[inline]
private Type inferRootTypeDeref(AstNode n) {
result = inferType(n) and
result != TRefType()
or
// for reference types, lookup members in the type being referenced
result = inferType(n, TypePath::singleton(TRefTypeParameter()))
}
pragma[nomagic]
private Type getFieldExprLookupType(FieldExpr fe, string name) {
result = inferRootTypeDeref(fe.getContainer()) and name = fe.getIdentifier().getText()
}
pragma[nomagic]
private Type getTupleFieldExprLookupType(FieldExpr fe, int pos) {
exists(string name |
result = getFieldExprLookupType(fe, name) and
pos = name.toInt()
)
}
pragma[nomagic]
private TupleTypeParameter resolveTupleTypeFieldExpr(FieldExpr fe) {
exists(int arity, int i |
TTuple(arity) = getTupleFieldExprLookupType(fe, i) and
result = TTupleTypeParameter(arity, i)
)
}
/**
* A matching configuration for resolving types of field expressions
* like `x.field`.
@@ -1158,15 +1188,30 @@ private module FieldExprMatchingInput implements MatchingInputSig {
}
}
abstract class Declaration extends AstNode {
private newtype TDeclaration =
TStructFieldDecl(StructField sf) or
TTupleFieldDecl(TupleField tf) or
TTupleTypeParameterDecl(TupleTypeParameter ttp)
abstract class Declaration extends TDeclaration {
TypeParameter getTypeParameter(TypeParameterPosition ppos) { none() }
abstract Type getDeclaredType(DeclarationPosition dpos, TypePath path);
abstract string toString();
abstract Location getLocation();
}
abstract private class StructOrTupleFieldDecl extends Declaration {
abstract AstNode getAstNode();
abstract TypeRepr getTypeRepr();
Type getDeclaredType(DeclarationPosition dpos, TypePath path) {
override Type getDeclaredType(DeclarationPosition dpos, TypePath path) {
dpos.isSelf() and
// no case for variants as those can only be destructured using pattern matching
exists(Struct s | s.getStructField(_) = this or s.getTupleField(_) = this |
exists(Struct s | this.getAstNode() = [s.getStructField(_).(AstNode), s.getTupleField(_)] |
result = TStruct(s) and
path.isEmpty()
or
@@ -1177,14 +1222,55 @@ private module FieldExprMatchingInput implements MatchingInputSig {
dpos.isField() and
result = this.getTypeRepr().(TypeMention).resolveTypeAt(path)
}
override string toString() { result = this.getAstNode().toString() }
override Location getLocation() { result = this.getAstNode().getLocation() }
}
private class StructFieldDecl extends Declaration instanceof StructField {
override TypeRepr getTypeRepr() { result = StructField.super.getTypeRepr() }
private class StructFieldDecl extends StructOrTupleFieldDecl, TStructFieldDecl {
private StructField sf;
StructFieldDecl() { this = TStructFieldDecl(sf) }
override AstNode getAstNode() { result = sf }
override TypeRepr getTypeRepr() { result = sf.getTypeRepr() }
}
private class TupleFieldDecl extends Declaration instanceof TupleField {
override TypeRepr getTypeRepr() { result = TupleField.super.getTypeRepr() }
private class TupleFieldDecl extends StructOrTupleFieldDecl, TTupleFieldDecl {
private TupleField tf;
TupleFieldDecl() { this = TTupleFieldDecl(tf) }
override AstNode getAstNode() { result = tf }
override TypeRepr getTypeRepr() { result = tf.getTypeRepr() }
}
private class TupleTypeParameterDecl extends Declaration, TTupleTypeParameterDecl {
private TupleTypeParameter ttp;
TupleTypeParameterDecl() { this = TTupleTypeParameterDecl(ttp) }
override Type getDeclaredType(DeclarationPosition dpos, TypePath path) {
dpos.isSelf() and
(
result = ttp.getTupleType() and
path.isEmpty()
or
result = ttp and
path = TypePath::singleton(ttp)
)
or
dpos.isField() and
result = ttp and
path.isEmpty()
}
override string toString() { result = ttp.toString() }
override Location getLocation() { result = ttp.getLocation() }
}
class AccessPosition = DeclarationPosition;
@@ -1206,7 +1292,12 @@ private module FieldExprMatchingInput implements MatchingInputSig {
Declaration getTarget() {
// mutual recursion; resolving fields requires resolving types and vice versa
result = [resolveStructFieldExpr(this).(AstNode), resolveTupleFieldExpr(this)]
result =
[
TStructFieldDecl(resolveStructFieldExpr(this)).(TDeclaration),
TTupleFieldDecl(resolveTupleFieldExpr(this)),
TTupleTypeParameterDecl(resolveTupleTypeFieldExpr(this))
]
}
}
@@ -1266,42 +1357,6 @@ private Type inferFieldExprType(AstNode n, TypePath path) {
)
}
pragma[nomagic]
private Type inferTupleIndexExprType(FieldExpr fe, TypePath path) {
exists(int i, TypePath path0 |
fe.getIdentifier().getText() = i.toString() and
result = inferType(fe.getContainer(), path0) and
path0.isCons(TTupleTypeParameter(_, i), path) and
fe.getIdentifier().getText() = i.toString()
)
}
/** Infers the type of `t` in `t.n` when `t` is a tuple. */
private Type inferTupleContainerExprType(Expr e, TypePath path) {
// NOTE: For a field expression `t.n` where `n` is a number `t` might be a
// tuple as in:
// ```rust
// let t = (Default::default(), 2);
// let s: String = t.0;
// ```
// But it could also be a tuple struct as in:
// ```rust
// struct T(String, u32);
// let t = T(Default::default(), 2);
// let s: String = t.0;
// ```
// We need type information to flow from `t.n` to tuple type parameters of `t`
// in the former case but not the latter case. Hence we include the condition
// that the root type of `t` must be a tuple type.
exists(int i, TypePath path0, FieldExpr fe, int arity |
e = fe.getContainer() and
fe.getIdentifier().getText() = i.toString() and
arity = inferType(fe.getContainer()).(TupleType).getArity() and
result = inferType(fe, path0) and
path = TypePath::cons(TTupleTypeParameter(arity, i), path0)
)
}
/** Gets the root type of the reference node `ref`. */
pragma[nomagic]
private Type inferRefNodeType(AstNode ref) {
@@ -2230,20 +2285,6 @@ private module Cached {
result = resolveFunctionCallTarget(call)
}
pragma[inline]
private Type inferRootTypeDeref(AstNode n) {
result = inferType(n) and
result != TRefType()
or
// for reference types, lookup members in the type being referenced
result = inferType(n, TypePath::singleton(TRefTypeParameter()))
}
pragma[nomagic]
private Type getFieldExprLookupType(FieldExpr fe, string name) {
result = inferRootTypeDeref(fe.getContainer()) and name = fe.getIdentifier().getText()
}
/**
* Gets the struct field that the field expression `fe` resolves to, if any.
*/
@@ -2252,14 +2293,6 @@ private module Cached {
exists(string name | result = getFieldExprLookupType(fe, name).getStructField(name))
}
pragma[nomagic]
private Type getTupleFieldExprLookupType(FieldExpr fe, int pos) {
exists(string name |
result = getFieldExprLookupType(fe, name) and
pos = name.toInt()
)
}
/**
* Gets the tuple field that the field expression `fe` resolves to, if any.
*/
@@ -2341,10 +2374,6 @@ private module Cached {
or
result = inferFieldExprType(n, path)
or
result = inferTupleIndexExprType(n, path)
or
result = inferTupleContainerExprType(n, path)
or
result = inferRefNodeType(n) and
path.isEmpty()
or

23
rust/ql/src/queries/telemetry/RustAnalyzerComparison.qll
View File

@@ -9,12 +9,13 @@ import rust
pragma[nomagic]
private predicate resolvesAsItem(Resolvable r, Item i) {
r.getResolvedPath() = i.getExtendedCanonicalPath() and
(
r.getResolvedCrateOrigin() = i.getCrateOrigin()
or
not r.hasResolvedCrateOrigin() and not i.hasCrateOrigin()
)
none()
// r.getResolvedPath() = i.getExtendedCanonicalPath() and
// (
// r.getResolvedCrateOrigin() = i.getCrateOrigin()
// or
// not r.hasResolvedCrateOrigin() and not i.hasCrateOrigin()
// )
}
private signature module ResolvableSig {
@@ -102,7 +103,10 @@ private module PathResolution implements ResolvableSig {
}
private module RustAnalyzerPathResolution implements CompareSig<PathResolution> {
predicate isResolvable(PathResolution::Source s) { s.hasResolvedPath() }
predicate isResolvable(PathResolution::Source s) {
none()
//s.hasResolvedPath()
}
Item resolve(PathResolution::Source s) { resolvesAsItem(s, result) }
}
@@ -157,6 +161,7 @@ private module QlCallGraph implements CompareSig<CallGraph> {
module CallGraphCompare = Compare<CallGraph, RustAnalyzerCallGraph, QlCallGraph>;
predicate qlMissingCanonicalPath(Addressable a, string path) {
path = a.getExtendedCanonicalPath() and
not exists(a.getCanonicalPath(_))
none()
// path = a.getExtendedCanonicalPath() and
// not exists(a.getCanonicalPath(_))
}

84
rust/ql/test/extractor-tests/canonical_path/canonical_paths.expected
View File

@@ -1,4 +1,3 @@
canonicalPath
| anonymous.rs:3:1:32:1 | fn canonicals | test::anonymous::canonicals |
| anonymous.rs:34:1:36:1 | fn other | test::anonymous::other |
| {EXTERNAL LOCATION} | fn trim | <core::str>::trim |
@@ -31,86 +30,3 @@ canonicalPath
| regular.rs:74:5:74:25 | fn abs | <_ as test::regular::Abs>::abs |
| regular.rs:77:1:85:1 | impl Abs for i32 { ... } | <core::i32 as test::regular::Abs> |
| regular.rs:78:5:84:5 | fn abs | <core::i32 as test::regular::Abs>::abs |
canonicalPaths
| anonymous.rs:1:1:1:26 | use ...::Trait | None | None |
| anonymous.rs:3:1:32:1 | fn canonicals | repo::test | crate::anonymous::canonicals |
| anonymous.rs:4:5:4:23 | struct OtherStruct | None | None |
| anonymous.rs:6:5:8:5 | trait OtherTrait | None | None |
| anonymous.rs:7:9:7:20 | fn g | None | None |
| anonymous.rs:10:5:12:5 | impl OtherTrait for OtherStruct { ... } | None | None |
| anonymous.rs:11:9:11:22 | fn g | None | None |
| anonymous.rs:14:5:16:5 | impl OtherTrait for ...::Struct { ... } | None | None |
| anonymous.rs:15:9:15:22 | fn g | None | None |
| anonymous.rs:18:5:20:5 | impl ...::Trait for OtherStruct { ... } | None | None |
| anonymous.rs:19:9:19:22 | fn f | None | None |
| anonymous.rs:22:5:24:5 | fn nested | None | None |
| anonymous.rs:23:9:23:27 | struct OtherStruct | None | None |
| anonymous.rs:26:5:31:5 | fn usage | None | None |
| anonymous.rs:34:1:36:1 | fn other | repo::test | crate::anonymous::other |
| anonymous.rs:35:5:35:23 | struct OtherStruct | None | None |
| lib.rs:1:1:1:18 | mod anonymous | repo::test | crate::anonymous |
| lib.rs:2:1:2:16 | mod regular | repo::test | crate::regular |
| regular.rs:1:1:2:18 | struct Struct | repo::test | crate::regular::Struct |
| regular.rs:2:12:2:17 | fn eq | repo::test | <crate::regular::Struct as crate::cmp::PartialEq>::eq |
| regular.rs:2:12:2:17 | impl ...::Eq for Struct::<...> { ... } | None | None |
| regular.rs:2:12:2:17 | impl ...::PartialEq for Struct::<...> { ... } | None | None |
| regular.rs:4:1:6:1 | trait Trait | repo::test | crate::regular::Trait |
| regular.rs:5:5:5:16 | fn f | repo::test | crate::regular::Trait::f |
| regular.rs:8:1:10:1 | impl Trait for Struct { ... } | None | None |
| regular.rs:9:5:9:18 | fn f | repo::test | <crate::regular::Struct as crate::regular::Trait>::f |
| regular.rs:12:1:14:1 | impl Struct { ... } | None | None |
| regular.rs:13:5:13:18 | fn g | repo::test | <crate::regular::Struct>::g |
| regular.rs:16:1:18:1 | trait TraitWithBlanketImpl | repo::test | crate::regular::TraitWithBlanketImpl |
| regular.rs:17:5:17:16 | fn h | repo::test | crate::regular::TraitWithBlanketImpl::h |
| regular.rs:20:1:22:1 | impl TraitWithBlanketImpl for T { ... } | None | None |
| regular.rs:21:5:21:18 | fn h | repo::test | <_ as crate::regular::TraitWithBlanketImpl>::h |
| regular.rs:24:1:24:12 | fn free | repo::test | crate::regular::free |
| regular.rs:26:1:32:1 | fn usage | repo::test | crate::regular::usage |
| regular.rs:34:1:38:1 | enum MyEnum | repo::test | crate::regular::MyEnum |
| regular.rs:40:1:46:1 | fn enum_qualified_usage | repo::test | crate::regular::enum_qualified_usage |
| regular.rs:48:1:55:1 | fn enum_unqualified_usage | repo::test | crate::regular::enum_unqualified_usage |
| regular.rs:51:5:51:18 | use MyEnum::* | None | None |
| regular.rs:57:1:63:1 | fn enum_match | repo::test | crate::regular::enum_match |
| regular.rs:65:1:67:1 | ExternBlock | None | None |
| regular.rs:66:5:66:40 | fn is_alphanum | repo::test | ::is_alphanum |
| regular.rs:69:1:71:1 | fn is_number_or_letter | repo::test | crate::regular::is_number_or_letter |
| regular.rs:73:1:75:1 | trait Abs | repo::test | crate::regular::Abs |
| regular.rs:74:5:74:25 | fn abs | repo::test | crate::regular::Abs::abs |
| regular.rs:77:1:85:1 | impl Abs for i32 { ... } | None | None |
| regular.rs:78:5:84:5 | fn abs | repo::test | <i32 as crate::regular::Abs>::abs |
resolvedPaths
| anonymous.rs:27:17:27:30 | OtherStruct {...} | None | None |
| anonymous.rs:28:9:28:9 | s | None | None |
| anonymous.rs:28:9:28:13 | s.f() | None | None |
| anonymous.rs:29:9:29:9 | s | None | None |
| anonymous.rs:29:9:29:13 | s.g() | None | None |
| anonymous.rs:30:9:30:14 | nested | None | None |
| regular.rs:1:1:1:24 | other | None | None |
| regular.rs:1:1:1:24 | self | None | None |
| regular.rs:27:13:27:21 | Struct {...} | repo::test | crate::regular::Struct |
| regular.rs:28:5:28:5 | s | None | None |
| regular.rs:28:5:28:9 | s.f() | repo::test | <crate::regular::Struct as crate::regular::Trait>::f |
| regular.rs:29:5:29:5 | s | None | None |
| regular.rs:29:5:29:9 | s.g() | repo::test | <crate::regular::Struct>::g |
| regular.rs:30:5:30:5 | s | None | None |
| regular.rs:30:5:30:9 | s.h() | repo::test | <_ as crate::regular::TraitWithBlanketImpl>::h |
| regular.rs:31:5:31:8 | free | repo::test | crate::regular::free |
| regular.rs:41:9:41:26 | ...::None::<...> | lang:core | crate::option::Option::None |
| regular.rs:42:9:42:20 | ...::Some | lang:core | crate::option::Option::Some |
| regular.rs:43:9:43:24 | ...::Variant1 | repo::test | crate::regular::MyEnum::Variant1 |
| regular.rs:44:9:44:24 | ...::Variant2 | repo::test | crate::regular::MyEnum::Variant2 |
| regular.rs:45:9:45:33 | ...::Variant3 {...} | repo::test | crate::regular::MyEnum::Variant3 |
| regular.rs:49:9:49:18 | None::<...> | lang:core | crate::option::Option::None |
| regular.rs:50:9:50:12 | Some | lang:core | crate::option::Option::Some |
| regular.rs:52:9:52:16 | Variant1 | repo::test | crate::regular::MyEnum::Variant1 |
| regular.rs:53:9:53:16 | Variant2 | repo::test | crate::regular::MyEnum::Variant2 |
| regular.rs:54:9:54:25 | Variant3 {...} | repo::test | crate::regular::MyEnum::Variant3 |
| regular.rs:58:11:58:11 | e | None | None |
| regular.rs:59:9:59:24 | ...::Variant1 | repo::test | crate::regular::MyEnum::Variant1 |
| regular.rs:60:9:60:27 | ...::Variant2(...) | repo::test | crate::regular::MyEnum::Variant2 |
| regular.rs:61:9:61:31 | ...::Variant3 {...} | repo::test | crate::regular::MyEnum::Variant3 |
| regular.rs:70:14:70:24 | is_alphanum | repo::test | ::is_alphanum |
| regular.rs:70:26:70:28 | chr | None | None |
| regular.rs:79:12:79:15 | self | None | None |
| regular.rs:80:14:80:17 | self | None | None |
| regular.rs:82:13:82:16 | self | None | None |

28
rust/ql/test/extractor-tests/canonical_path/canonical_paths.ql
View File

@@ -17,31 +17,3 @@ query predicate canonicalPath(Addressable a, string path) {
) and
path = a.getCanonicalPath(_)
}
query predicate canonicalPaths(Item i, string origin, string path) {
toBeTested(i) and
(
origin = i.getCrateOrigin()
or
not i.hasCrateOrigin() and origin = "None"
) and
(
path = i.getExtendedCanonicalPath()
or
not i.hasExtendedCanonicalPath() and path = "None"
)
}
query predicate resolvedPaths(Resolvable e, string origin, string path) {
toBeTested(e) and
(
origin = e.getResolvedCrateOrigin()
or
not e.hasResolvedCrateOrigin() and origin = "None"
) and
(
path = e.getResolvedPath()
or
not e.hasResolvedPath() and path = "None"
)
}

72
rust/ql/test/extractor-tests/canonical_path_disabled/canonical_paths.expected
View File

@@ -1,4 +1,3 @@
canonicalPath
| anonymous.rs:6:1:35:1 | fn canonicals | test::anonymous::canonicals |
| anonymous.rs:37:1:39:1 | fn other | test::anonymous::other |
| {EXTERNAL LOCATION} | fn trim | <core::str>::trim |
@@ -25,74 +24,3 @@ canonicalPath
| regular.rs:43:1:49:1 | fn enum_qualified_usage | test::regular::enum_qualified_usage |
| regular.rs:51:1:58:1 | fn enum_unqualified_usage | test::regular::enum_unqualified_usage |
| regular.rs:60:1:66:1 | fn enum_match | test::regular::enum_match |
canonicalPaths
| anonymous.rs:4:1:4:26 | use ...::Trait | None | None |
| anonymous.rs:6:1:35:1 | fn canonicals | None | None |
| anonymous.rs:7:5:7:23 | struct OtherStruct | None | None |
| anonymous.rs:9:5:11:5 | trait OtherTrait | None | None |
| anonymous.rs:10:9:10:20 | fn g | None | None |
| anonymous.rs:13:5:15:5 | impl OtherTrait for OtherStruct { ... } | None | None |
| anonymous.rs:14:9:14:22 | fn g | None | None |
| anonymous.rs:17:5:19:5 | impl OtherTrait for ...::Struct { ... } | None | None |
| anonymous.rs:18:9:18:22 | fn g | None | None |
| anonymous.rs:21:5:23:5 | impl ...::Trait for OtherStruct { ... } | None | None |
| anonymous.rs:22:9:22:22 | fn f | None | None |
| anonymous.rs:25:5:27:5 | fn nested | None | None |
| anonymous.rs:26:9:26:27 | struct OtherStruct | None | None |
| anonymous.rs:29:5:34:5 | fn usage | None | None |
| anonymous.rs:37:1:39:1 | fn other | None | None |
| anonymous.rs:38:5:38:23 | struct OtherStruct | None | None |
| lib.rs:1:1:1:18 | mod anonymous | None | None |
| lib.rs:2:1:2:16 | mod regular | None | None |
| regular.rs:4:1:5:18 | struct Struct | None | None |
| regular.rs:5:12:5:17 | fn eq | None | None |
| regular.rs:5:12:5:17 | impl ...::Eq for Struct::<...> { ... } | None | None |
| regular.rs:5:12:5:17 | impl ...::PartialEq for Struct::<...> { ... } | None | None |
| regular.rs:7:1:9:1 | trait Trait | None | None |
| regular.rs:8:5:8:16 | fn f | None | None |
| regular.rs:11:1:13:1 | impl Trait for Struct { ... } | None | None |
| regular.rs:12:5:12:18 | fn f | None | None |
| regular.rs:15:1:17:1 | impl Struct { ... } | None | None |
| regular.rs:16:5:16:18 | fn g | None | None |
| regular.rs:19:1:21:1 | trait TraitWithBlanketImpl | None | None |
| regular.rs:20:5:20:16 | fn h | None | None |
| regular.rs:23:1:25:1 | impl TraitWithBlanketImpl for T { ... } | None | None |
| regular.rs:24:5:24:18 | fn h | None | None |
| regular.rs:27:1:27:12 | fn free | None | None |
| regular.rs:29:1:35:1 | fn usage | None | None |
| regular.rs:37:1:41:1 | enum MyEnum | None | None |
| regular.rs:43:1:49:1 | fn enum_qualified_usage | None | None |
| regular.rs:51:1:58:1 | fn enum_unqualified_usage | None | None |
| regular.rs:54:5:54:18 | use MyEnum::* | None | None |
| regular.rs:60:1:66:1 | fn enum_match | None | None |
resolvedPaths
| anonymous.rs:30:17:30:30 | OtherStruct {...} | None | None |
| anonymous.rs:31:9:31:9 | s | None | None |
| anonymous.rs:31:9:31:13 | s.f() | None | None |
| anonymous.rs:32:9:32:9 | s | None | None |
| anonymous.rs:32:9:32:13 | s.g() | None | None |
| anonymous.rs:33:9:33:14 | nested | None | None |
| regular.rs:4:1:4:24 | other | None | None |
| regular.rs:4:1:4:24 | self | None | None |
| regular.rs:30:13:30:21 | Struct {...} | None | None |
| regular.rs:31:5:31:5 | s | None | None |
| regular.rs:31:5:31:9 | s.f() | None | None |
| regular.rs:32:5:32:5 | s | None | None |
| regular.rs:32:5:32:9 | s.g() | None | None |
| regular.rs:33:5:33:5 | s | None | None |
| regular.rs:33:5:33:9 | s.h() | None | None |
| regular.rs:34:5:34:8 | free | None | None |
| regular.rs:44:9:44:26 | ...::None::<...> | None | None |
| regular.rs:45:9:45:20 | ...::Some | None | None |
| regular.rs:46:9:46:24 | ...::Variant1 | None | None |
| regular.rs:47:9:47:24 | ...::Variant2 | None | None |
| regular.rs:48:9:48:33 | ...::Variant3 {...} | None | None |
| regular.rs:52:9:52:18 | None::<...> | None | None |
| regular.rs:53:9:53:12 | Some | None | None |
| regular.rs:55:9:55:16 | Variant1 | None | None |
| regular.rs:56:9:56:16 | Variant2 | None | None |
| regular.rs:57:9:57:25 | Variant3 {...} | None | None |
| regular.rs:61:11:61:11 | e | None | None |
| regular.rs:62:9:62:24 | ...::Variant1 | None | None |
| regular.rs:63:9:63:27 | ...::Variant2(...) | None | None |
| regular.rs:64:9:64:31 | ...::Variant3 {...} | None | None |

6
rust/ql/test/library-tests/dataflow/sources/InlineFlow.ql
View File

@@ -10,9 +10,9 @@ module MyFlowConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { source instanceof ThreatModelSource }
predicate isSink(DataFlow::Node sink) {
any(CallExpr call | call.getFunction().(PathExpr).getResolvedPath().matches("%::sink"))
.getArgList()
.getAnArg() = sink.asExpr().getExpr()
any(CallExpr call |
call.getFunction().(PathExpr).getPath().getSegment().getIdentifier().getText() = "sink"
).getArgList().getAnArg() = sink.asExpr().getExpr()
}
predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) {

2
rust/ql/test/library-tests/frameworks/postgres/CONSISTENCY/PathResolutionConsistency.expected
View File

@@ -5,3 +5,5 @@ multipleCallTargets
| main.rs:28:16:28:29 | query.as_str() |
| main.rs:29:20:29:33 | query.as_str() |
| main.rs:30:20:30:33 | query.as_str() |
| main.rs:32:20:32:33 | query.as_str() |
| main.rs:33:22:33:35 | query.as_str() |

21
rust/ql/test/library-tests/frameworks/postgres/main.rs
View File

@@ -1,5 +1,4 @@
fn main() -> Result<(), Box<dyn std::error::Error>> {
// Get input from CLI
let args: Vec<String> = std::env::args().collect();
@@ -18,19 +17,22 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
)?;
let query = format!("INSERT INTO person (name, age) VALUES ('{}', '{}')", name, age);
let query2 = "INSERT INTO person (id) VALUES ($1)";
conn.execute(query.as_str(), &[])?; // $ sql-sink
conn.batch_execute(query.as_str())?; // $ sql-sink
conn.prepare(query.as_str())?; // $ sql-sink
// conn.prepare_typed(query.as_str(), &[])?;
conn.prepare_typed(query2, &[postgres::types::Type::INT4])?; // $ sql-sink
conn.query(query.as_str(), &[])?; // $ sql-sink
conn.query_one(query.as_str(), &[])?; // $ sql-sink
conn.query_opt(query.as_str(), &[])?; // $ sql-sink
// conn.query_raw(query.as_str(), &[])?;
// conn.query_typed(query.as_str(), &[])?;
// conn.query_typed_raw(query.as_str(), &[])?;
let params: Vec<i32> = vec![0];
conn.query_raw(query.as_str(), params)?; // $ sql-sink
conn.query_typed(query.as_str(), &[])?; // $ sql-sink
let params: Vec<(i32, postgres::types::Type)> = vec![(0, postgres::types::Type::INT4)];
conn.query_typed_raw(query2, params)?; // $ sql-sink
for row in &conn.query("SELECT id, name, age FROM person", &[])? { // $ sql-sink
let id: i32 = row.get("id"); // $ database-read
@@ -39,5 +41,14 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
println!("found person: {} {} {}", id, name, age);
}
for message in &conn.simple_query("SELECT id, name, age FROM person")? { // $ sql-sink
if let postgres::SimpleQueryMessage::Row(row) = message {
let id: i32 = row.get(0).unwrap().parse().unwrap(); // $ database-read
let name: &str = row.get(1).unwrap(); // $ database-read
let age: i32 = row.get(2).unwrap().parse().unwrap(); // $ database-read
println!("found person: {} {} {}", id, name, age);
}
}
Ok(())
}

8
rust/ql/test/library-tests/frameworks/rusqlite/main.rs
View File

@@ -48,5 +48,13 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
})
})?;
_ = connection.prepare_cached("SELECT id, name, age FROM person")?; // $ sql-sink
_ = connection.prepare_with_flags("SELECT id, name, age FROM person", rusqlite::PrepFlags::empty())?; // $ sql-sink
_ = connection.query_row_and_then("SELECT id, name, age FROM person", [], |row| { // $ sql-sink
let row: &rusqlite::Row<'_> = row;
let result: Result<i32, rusqlite::Error> = Ok(row.get(0)?); // $ database-read
result
})?;
Ok(())
}

6
rust/ql/test/library-tests/sensitivedata/SensitiveData.ql
View File

@@ -11,9 +11,9 @@ module SensitiveDataConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { source instanceof SensitiveData }
predicate isSink(DataFlow::Node sink) {
any(CallExpr call | call.getFunction().(PathExpr).getResolvedPath() = "crate::test::sink")
.getArgList()
.getAnArg() = sink.asExpr().getExpr()
any(CallExpr call |
call.getFunction().(PathExpr).getPath().getSegment().getIdentifier().getText() = "sink"
).getArgList().getAnArg() = sink.asExpr().getExpr()
}
}

4
rust/ql/test/library-tests/type-inference/main.rs
View File

@@ -2444,6 +2444,7 @@ mod explicit_type_args {
}
mod tuples {
#[derive(Debug, Clone, Copy)]
struct S1 {}
impl S1 {
@@ -2484,6 +2485,9 @@ mod tuples {
_ => print!("expected"),
}
let x = pair.0; // $ type=x:i32
let y = &S1::get_pair(); // $ target=get_pair
y.0.foo(); // $ target=foo
}
}

436
rust/ql/test/library-tests/type-inference/type-inference.expected
View File

@@ -4726,219 +4726,235 @@ inferType
| main.rs:2442:13:2442:15 | x14 | | {EXTERNAL LOCATION} | i32 |
| main.rs:2442:19:2442:48 | foo::<...>(...) | | {EXTERNAL LOCATION} | i32 |
| main.rs:2442:30:2442:47 | ...::default(...) | | {EXTERNAL LOCATION} | i32 |
| main.rs:2450:35:2452:9 | { ... } | | file://:0:0:0:0 | (T_2) |
| main.rs:2450:35:2452:9 | { ... } | 0(2) | main.rs:2447:5:2447:16 | S1 |
| main.rs:2450:35:2452:9 | { ... } | 1(2) | main.rs:2447:5:2447:16 | S1 |
| main.rs:2451:13:2451:26 | TupleExpr | | file://:0:0:0:0 | (T_2) |
| main.rs:2451:13:2451:26 | TupleExpr | 0(2) | main.rs:2447:5:2447:16 | S1 |
| main.rs:2451:13:2451:26 | TupleExpr | 1(2) | main.rs:2447:5:2447:16 | S1 |
| main.rs:2451:14:2451:18 | S1 {...} | | main.rs:2447:5:2447:16 | S1 |
| main.rs:2451:21:2451:25 | S1 {...} | | main.rs:2447:5:2447:16 | S1 |
| main.rs:2453:16:2453:19 | SelfParam | | main.rs:2447:5:2447:16 | S1 |
| main.rs:2457:13:2457:13 | a | | file://:0:0:0:0 | (T_2) |
| main.rs:2457:13:2457:13 | a | 0(2) | main.rs:2447:5:2447:16 | S1 |
| main.rs:2457:13:2457:13 | a | 1(2) | main.rs:2447:5:2447:16 | S1 |
| main.rs:2457:17:2457:30 | ...::get_pair(...) | | file://:0:0:0:0 | (T_2) |
| main.rs:2457:17:2457:30 | ...::get_pair(...) | 0(2) | main.rs:2447:5:2447:16 | S1 |
| main.rs:2457:17:2457:30 | ...::get_pair(...) | 1(2) | main.rs:2447:5:2447:16 | S1 |
| main.rs:2458:17:2458:17 | b | | file://:0:0:0:0 | (T_2) |
| main.rs:2458:17:2458:17 | b | 0(2) | main.rs:2447:5:2447:16 | S1 |
| main.rs:2458:17:2458:17 | b | 1(2) | main.rs:2447:5:2447:16 | S1 |
| main.rs:2458:21:2458:34 | ...::get_pair(...) | | file://:0:0:0:0 | (T_2) |
| main.rs:2458:21:2458:34 | ...::get_pair(...) | 0(2) | main.rs:2447:5:2447:16 | S1 |
| main.rs:2458:21:2458:34 | ...::get_pair(...) | 1(2) | main.rs:2447:5:2447:16 | S1 |
| main.rs:2459:13:2459:18 | TuplePat | | file://:0:0:0:0 | (T_2) |
| main.rs:2459:13:2459:18 | TuplePat | 0(2) | main.rs:2447:5:2447:16 | S1 |
| main.rs:2459:13:2459:18 | TuplePat | 1(2) | main.rs:2447:5:2447:16 | S1 |
| main.rs:2459:14:2459:14 | c | | main.rs:2447:5:2447:16 | S1 |
| main.rs:2459:17:2459:17 | d | | main.rs:2447:5:2447:16 | S1 |
| main.rs:2459:22:2459:35 | ...::get_pair(...) | | file://:0:0:0:0 | (T_2) |
| main.rs:2459:22:2459:35 | ...::get_pair(...) | 0(2) | main.rs:2447:5:2447:16 | S1 |
| main.rs:2459:22:2459:35 | ...::get_pair(...) | 1(2) | main.rs:2447:5:2447:16 | S1 |
| main.rs:2460:13:2460:22 | TuplePat | | file://:0:0:0:0 | (T_2) |
| main.rs:2460:13:2460:22 | TuplePat | 0(2) | main.rs:2447:5:2447:16 | S1 |
| main.rs:2460:13:2460:22 | TuplePat | 1(2) | main.rs:2447:5:2447:16 | S1 |
| main.rs:2460:18:2460:18 | e | | main.rs:2447:5:2447:16 | S1 |
| main.rs:2460:21:2460:21 | f | | main.rs:2447:5:2447:16 | S1 |
| main.rs:2460:26:2460:39 | ...::get_pair(...) | | file://:0:0:0:0 | (T_2) |
| main.rs:2460:26:2460:39 | ...::get_pair(...) | 0(2) | main.rs:2447:5:2447:16 | S1 |
| main.rs:2460:26:2460:39 | ...::get_pair(...) | 1(2) | main.rs:2447:5:2447:16 | S1 |
| main.rs:2461:13:2461:26 | TuplePat | | file://:0:0:0:0 | (T_2) |
| main.rs:2461:13:2461:26 | TuplePat | 0(2) | main.rs:2447:5:2447:16 | S1 |
| main.rs:2461:13:2461:26 | TuplePat | 1(2) | main.rs:2447:5:2447:16 | S1 |
| main.rs:2461:18:2461:18 | g | | main.rs:2447:5:2447:16 | S1 |
| main.rs:2461:25:2461:25 | h | | main.rs:2447:5:2447:16 | S1 |
| main.rs:2461:30:2461:43 | ...::get_pair(...) | | file://:0:0:0:0 | (T_2) |
| main.rs:2461:30:2461:43 | ...::get_pair(...) | 0(2) | main.rs:2447:5:2447:16 | S1 |
| main.rs:2461:30:2461:43 | ...::get_pair(...) | 1(2) | main.rs:2447:5:2447:16 | S1 |
| main.rs:2463:9:2463:9 | a | | file://:0:0:0:0 | (T_2) |
| main.rs:2463:9:2463:9 | a | 0(2) | main.rs:2447:5:2447:16 | S1 |
| main.rs:2463:9:2463:9 | a | 1(2) | main.rs:2447:5:2447:16 | S1 |
| main.rs:2463:9:2463:11 | a.0 | | main.rs:2447:5:2447:16 | S1 |
| main.rs:2464:9:2464:9 | b | | file://:0:0:0:0 | (T_2) |
| main.rs:2464:9:2464:9 | b | 0(2) | main.rs:2447:5:2447:16 | S1 |
| main.rs:2464:9:2464:9 | b | 1(2) | main.rs:2447:5:2447:16 | S1 |
| main.rs:2464:9:2464:11 | b.1 | | main.rs:2447:5:2447:16 | S1 |
| main.rs:2465:9:2465:9 | c | | main.rs:2447:5:2447:16 | S1 |
| main.rs:2466:9:2466:9 | d | | main.rs:2447:5:2447:16 | S1 |
| main.rs:2467:9:2467:9 | e | | main.rs:2447:5:2447:16 | S1 |
| main.rs:2468:9:2468:9 | f | | main.rs:2447:5:2447:16 | S1 |
| main.rs:2469:9:2469:9 | g | | main.rs:2447:5:2447:16 | S1 |
| main.rs:2470:9:2470:9 | h | | main.rs:2447:5:2447:16 | S1 |
| main.rs:2475:13:2475:13 | a | | {EXTERNAL LOCATION} | i64 |
| main.rs:2475:17:2475:34 | ...::default(...) | | {EXTERNAL LOCATION} | i64 |
| main.rs:2476:13:2476:13 | b | | {EXTERNAL LOCATION} | bool |
| main.rs:2476:17:2476:34 | ...::default(...) | | {EXTERNAL LOCATION} | bool |
| main.rs:2477:13:2477:16 | pair | | file://:0:0:0:0 | (T_2) |
| main.rs:2477:13:2477:16 | pair | 0(2) | {EXTERNAL LOCATION} | i64 |
| main.rs:2477:13:2477:16 | pair | 1(2) | {EXTERNAL LOCATION} | bool |
| main.rs:2477:20:2477:25 | TupleExpr | | file://:0:0:0:0 | (T_2) |
| main.rs:2477:20:2477:25 | TupleExpr | 0(2) | {EXTERNAL LOCATION} | i64 |
| main.rs:2477:20:2477:25 | TupleExpr | 1(2) | {EXTERNAL LOCATION} | bool |
| main.rs:2477:21:2477:21 | a | | {EXTERNAL LOCATION} | i64 |
| main.rs:2477:24:2477:24 | b | | {EXTERNAL LOCATION} | bool |
| main.rs:2478:13:2478:13 | i | | {EXTERNAL LOCATION} | i64 |
| main.rs:2478:22:2478:25 | pair | | file://:0:0:0:0 | (T_2) |
| main.rs:2478:22:2478:25 | pair | 0(2) | {EXTERNAL LOCATION} | i64 |
| main.rs:2478:22:2478:25 | pair | 1(2) | {EXTERNAL LOCATION} | bool |
| main.rs:2478:22:2478:27 | pair.0 | | {EXTERNAL LOCATION} | i64 |
| main.rs:2479:13:2479:13 | j | | {EXTERNAL LOCATION} | bool |
| main.rs:2479:23:2479:26 | pair | | file://:0:0:0:0 | (T_2) |
| main.rs:2479:23:2479:26 | pair | 0(2) | {EXTERNAL LOCATION} | i64 |
| main.rs:2479:23:2479:26 | pair | 1(2) | {EXTERNAL LOCATION} | bool |
| main.rs:2479:23:2479:28 | pair.1 | | {EXTERNAL LOCATION} | bool |
| main.rs:2481:13:2481:16 | pair | | file://:0:0:0:0 | (T_2) |
| main.rs:2481:13:2481:16 | pair | 0(2) | {EXTERNAL LOCATION} | i32 |
| main.rs:2481:13:2481:16 | pair | 1(2) | {EXTERNAL LOCATION} | i32 |
| main.rs:2481:20:2481:25 | [...] | | file://:0:0:0:0 | [] |
| main.rs:2481:20:2481:25 | [...] | [T;...] | {EXTERNAL LOCATION} | i32 |
| main.rs:2481:20:2481:32 | ... .into() | | file://:0:0:0:0 | (T_2) |
| main.rs:2481:20:2481:32 | ... .into() | 0(2) | {EXTERNAL LOCATION} | i32 |
| main.rs:2481:20:2481:32 | ... .into() | 1(2) | {EXTERNAL LOCATION} | i32 |
| main.rs:2481:21:2481:21 | 1 | | {EXTERNAL LOCATION} | i32 |
| main.rs:2481:24:2481:24 | 1 | | {EXTERNAL LOCATION} | i32 |
| main.rs:2482:15:2482:18 | pair | | file://:0:0:0:0 | (T_2) |
| main.rs:2482:15:2482:18 | pair | 0(2) | {EXTERNAL LOCATION} | i32 |
| main.rs:2482:15:2482:18 | pair | 1(2) | {EXTERNAL LOCATION} | i32 |
| main.rs:2483:13:2483:18 | TuplePat | | file://:0:0:0:0 | (T_2) |
| main.rs:2483:13:2483:18 | TuplePat | 0(2) | {EXTERNAL LOCATION} | i32 |
| main.rs:2483:13:2483:18 | TuplePat | 1(2) | {EXTERNAL LOCATION} | i32 |
| main.rs:2483:14:2483:14 | 0 | | {EXTERNAL LOCATION} | i32 |
| main.rs:2483:17:2483:17 | 0 | | {EXTERNAL LOCATION} | i32 |
| main.rs:2483:30:2483:41 | "unexpected" | | file://:0:0:0:0 | & |
| main.rs:2483:30:2483:41 | "unexpected" | &T | {EXTERNAL LOCATION} | str |
| main.rs:2483:30:2483:41 | FormatArgsExpr | | {EXTERNAL LOCATION} | Arguments |
| main.rs:2483:30:2483:41 | MacroExpr | | {EXTERNAL LOCATION} | Arguments |
| main.rs:2484:13:2484:13 | _ | | file://:0:0:0:0 | (T_2) |
| main.rs:2484:13:2484:13 | _ | 0(2) | {EXTERNAL LOCATION} | i32 |
| main.rs:2484:13:2484:13 | _ | 1(2) | {EXTERNAL LOCATION} | i32 |
| main.rs:2484:25:2484:34 | "expected" | | file://:0:0:0:0 | & |
| main.rs:2484:25:2484:34 | "expected" | &T | {EXTERNAL LOCATION} | str |
| main.rs:2484:25:2484:34 | FormatArgsExpr | | {EXTERNAL LOCATION} | Arguments |
| main.rs:2484:25:2484:34 | MacroExpr | | {EXTERNAL LOCATION} | Arguments |
| main.rs:2486:13:2486:13 | x | | {EXTERNAL LOCATION} | i32 |
| main.rs:2486:17:2486:20 | pair | | file://:0:0:0:0 | (T_2) |
| main.rs:2486:17:2486:20 | pair | 0(2) | {EXTERNAL LOCATION} | i32 |
| main.rs:2486:17:2486:20 | pair | 1(2) | {EXTERNAL LOCATION} | i32 |
| main.rs:2486:17:2486:22 | pair.0 | | {EXTERNAL LOCATION} | i32 |
| main.rs:2493:13:2493:23 | boxed_value | | {EXTERNAL LOCATION} | Box |
| main.rs:2493:13:2493:23 | boxed_value | A | {EXTERNAL LOCATION} | Global |
| main.rs:2493:13:2493:23 | boxed_value | T | {EXTERNAL LOCATION} | i32 |
| main.rs:2493:27:2493:42 | ...::new(...) | | {EXTERNAL LOCATION} | Box |
| main.rs:2493:27:2493:42 | ...::new(...) | A | {EXTERNAL LOCATION} | Global |
| main.rs:2493:27:2493:42 | ...::new(...) | T | {EXTERNAL LOCATION} | i32 |
| main.rs:2493:36:2493:41 | 100i32 | | {EXTERNAL LOCATION} | i32 |
| main.rs:2496:15:2496:25 | boxed_value | | {EXTERNAL LOCATION} | Box |
| main.rs:2496:15:2496:25 | boxed_value | A | {EXTERNAL LOCATION} | Global |
| main.rs:2496:15:2496:25 | boxed_value | T | {EXTERNAL LOCATION} | i32 |
| main.rs:2497:13:2497:19 | box 100 | | {EXTERNAL LOCATION} | Box |
| main.rs:2497:13:2497:19 | box 100 | A | {EXTERNAL LOCATION} | Global |
| main.rs:2497:13:2497:19 | box 100 | T | {EXTERNAL LOCATION} | i32 |
| main.rs:2497:17:2497:19 | 100 | | {EXTERNAL LOCATION} | i32 |
| main.rs:2498:26:2498:36 | "Boxed 100\\n" | | file://:0:0:0:0 | & |
| main.rs:2498:26:2498:36 | "Boxed 100\\n" | &T | {EXTERNAL LOCATION} | str |
| main.rs:2498:26:2498:36 | FormatArgsExpr | | {EXTERNAL LOCATION} | Arguments |
| main.rs:2498:26:2498:36 | MacroExpr | | {EXTERNAL LOCATION} | Arguments |
| main.rs:2500:13:2500:17 | box ... | | {EXTERNAL LOCATION} | Box |
| main.rs:2500:13:2500:17 | box ... | A | {EXTERNAL LOCATION} | Global |
| main.rs:2500:13:2500:17 | box ... | T | {EXTERNAL LOCATION} | i32 |
| main.rs:2502:26:2502:42 | "Boxed value: {}\\n" | | file://:0:0:0:0 | & |
| main.rs:2502:26:2502:42 | "Boxed value: {}\\n" | &T | {EXTERNAL LOCATION} | str |
| main.rs:2502:26:2502:51 | FormatArgsExpr | | {EXTERNAL LOCATION} | Arguments |
| main.rs:2502:26:2502:51 | MacroExpr | | {EXTERNAL LOCATION} | Arguments |
| main.rs:2507:13:2507:22 | nested_box | | {EXTERNAL LOCATION} | Box |
| main.rs:2507:13:2507:22 | nested_box | A | {EXTERNAL LOCATION} | Global |
| main.rs:2507:13:2507:22 | nested_box | T | {EXTERNAL LOCATION} | Box |
| main.rs:2507:13:2507:22 | nested_box | T.A | {EXTERNAL LOCATION} | Global |
| main.rs:2507:13:2507:22 | nested_box | T.T | {EXTERNAL LOCATION} | i32 |
| main.rs:2507:26:2507:50 | ...::new(...) | | {EXTERNAL LOCATION} | Box |
| main.rs:2507:26:2507:50 | ...::new(...) | A | {EXTERNAL LOCATION} | Global |
| main.rs:2507:26:2507:50 | ...::new(...) | T | {EXTERNAL LOCATION} | Box |
| main.rs:2507:26:2507:50 | ...::new(...) | T.A | {EXTERNAL LOCATION} | Global |
| main.rs:2507:26:2507:50 | ...::new(...) | T.T | {EXTERNAL LOCATION} | i32 |
| main.rs:2507:35:2507:49 | ...::new(...) | | {EXTERNAL LOCATION} | Box |
| main.rs:2507:35:2507:49 | ...::new(...) | A | {EXTERNAL LOCATION} | Global |
| main.rs:2507:35:2507:49 | ...::new(...) | T | {EXTERNAL LOCATION} | i32 |
| main.rs:2507:44:2507:48 | 42i32 | | {EXTERNAL LOCATION} | i32 |
| main.rs:2508:15:2508:24 | nested_box | | {EXTERNAL LOCATION} | Box |
| main.rs:2508:15:2508:24 | nested_box | A | {EXTERNAL LOCATION} | Global |
| main.rs:2508:15:2508:24 | nested_box | T | {EXTERNAL LOCATION} | Box |
| main.rs:2508:15:2508:24 | nested_box | T.A | {EXTERNAL LOCATION} | Global |
| main.rs:2508:15:2508:24 | nested_box | T.T | {EXTERNAL LOCATION} | i32 |
| main.rs:2509:13:2509:21 | box ... | | {EXTERNAL LOCATION} | Box |
| main.rs:2509:13:2509:21 | box ... | A | {EXTERNAL LOCATION} | Global |
| main.rs:2509:13:2509:21 | box ... | T | {EXTERNAL LOCATION} | Box |
| main.rs:2509:13:2509:21 | box ... | T.A | {EXTERNAL LOCATION} | Global |
| main.rs:2509:13:2509:21 | box ... | T.T | {EXTERNAL LOCATION} | i32 |
| main.rs:2511:26:2511:43 | "Nested boxed: {}\\n" | | file://:0:0:0:0 | & |
| main.rs:2511:26:2511:43 | "Nested boxed: {}\\n" | &T | {EXTERNAL LOCATION} | str |
| main.rs:2511:26:2511:59 | FormatArgsExpr | | {EXTERNAL LOCATION} | Arguments |
| main.rs:2511:26:2511:59 | MacroExpr | | {EXTERNAL LOCATION} | Arguments |
| main.rs:2523:21:2523:25 | SelfParam | | file://:0:0:0:0 | & |
| main.rs:2523:21:2523:25 | SelfParam | &T | main.rs:2522:5:2525:5 | Self [trait Executor] |
| main.rs:2524:24:2524:28 | SelfParam | | file://:0:0:0:0 | & |
| main.rs:2524:24:2524:28 | SelfParam | &T | main.rs:2522:5:2525:5 | Self [trait Executor] |
| main.rs:2524:31:2524:35 | query | | main.rs:2524:21:2524:21 | E |
| main.rs:2528:21:2528:25 | SelfParam | | file://:0:0:0:0 | & |
| main.rs:2528:21:2528:25 | SelfParam | &T | main.rs:2527:10:2527:22 | T |
| main.rs:2529:22:2529:41 | "Executor::execute1\\n" | | file://:0:0:0:0 | & |
| main.rs:2529:22:2529:41 | "Executor::execute1\\n" | &T | {EXTERNAL LOCATION} | str |
| main.rs:2529:22:2529:41 | FormatArgsExpr | | {EXTERNAL LOCATION} | Arguments |
| main.rs:2529:22:2529:41 | MacroExpr | | {EXTERNAL LOCATION} | Arguments |
| main.rs:2532:24:2532:28 | SelfParam | | file://:0:0:0:0 | & |
| main.rs:2532:24:2532:28 | SelfParam | &T | main.rs:2527:10:2527:22 | T |
| main.rs:2532:31:2532:36 | _query | | main.rs:2532:21:2532:21 | E |
| main.rs:2533:22:2533:41 | "Executor::execute2\\n" | | file://:0:0:0:0 | & |
| main.rs:2533:22:2533:41 | "Executor::execute2\\n" | &T | {EXTERNAL LOCATION} | str |
| main.rs:2451:35:2453:9 | { ... } | | file://:0:0:0:0 | (T_2) |
| main.rs:2451:35:2453:9 | { ... } | 0(2) | main.rs:2447:5:2448:16 | S1 |
| main.rs:2451:35:2453:9 | { ... } | 1(2) | main.rs:2447:5:2448:16 | S1 |
| main.rs:2452:13:2452:26 | TupleExpr | | file://:0:0:0:0 | (T_2) |
| main.rs:2452:13:2452:26 | TupleExpr | 0(2) | main.rs:2447:5:2448:16 | S1 |
| main.rs:2452:13:2452:26 | TupleExpr | 1(2) | main.rs:2447:5:2448:16 | S1 |
| main.rs:2452:14:2452:18 | S1 {...} | | main.rs:2447:5:2448:16 | S1 |
| main.rs:2452:21:2452:25 | S1 {...} | | main.rs:2447:5:2448:16 | S1 |
| main.rs:2454:16:2454:19 | SelfParam | | main.rs:2447:5:2448:16 | S1 |
| main.rs:2458:13:2458:13 | a | | file://:0:0:0:0 | (T_2) |
| main.rs:2458:13:2458:13 | a | 0(2) | main.rs:2447:5:2448:16 | S1 |
| main.rs:2458:13:2458:13 | a | 1(2) | main.rs:2447:5:2448:16 | S1 |
| main.rs:2458:17:2458:30 | ...::get_pair(...) | | file://:0:0:0:0 | (T_2) |
| main.rs:2458:17:2458:30 | ...::get_pair(...) | 0(2) | main.rs:2447:5:2448:16 | S1 |
| main.rs:2458:17:2458:30 | ...::get_pair(...) | 1(2) | main.rs:2447:5:2448:16 | S1 |
| main.rs:2459:17:2459:17 | b | | file://:0:0:0:0 | (T_2) |
| main.rs:2459:17:2459:17 | b | 0(2) | main.rs:2447:5:2448:16 | S1 |
| main.rs:2459:17:2459:17 | b | 1(2) | main.rs:2447:5:2448:16 | S1 |
| main.rs:2459:21:2459:34 | ...::get_pair(...) | | file://:0:0:0:0 | (T_2) |
| main.rs:2459:21:2459:34 | ...::get_pair(...) | 0(2) | main.rs:2447:5:2448:16 | S1 |
| main.rs:2459:21:2459:34 | ...::get_pair(...) | 1(2) | main.rs:2447:5:2448:16 | S1 |
| main.rs:2460:13:2460:18 | TuplePat | | file://:0:0:0:0 | (T_2) |
| main.rs:2460:13:2460:18 | TuplePat | 0(2) | main.rs:2447:5:2448:16 | S1 |
| main.rs:2460:13:2460:18 | TuplePat | 1(2) | main.rs:2447:5:2448:16 | S1 |
| main.rs:2460:14:2460:14 | c | | main.rs:2447:5:2448:16 | S1 |
| main.rs:2460:17:2460:17 | d | | main.rs:2447:5:2448:16 | S1 |
| main.rs:2460:22:2460:35 | ...::get_pair(...) | | file://:0:0:0:0 | (T_2) |
| main.rs:2460:22:2460:35 | ...::get_pair(...) | 0(2) | main.rs:2447:5:2448:16 | S1 |
| main.rs:2460:22:2460:35 | ...::get_pair(...) | 1(2) | main.rs:2447:5:2448:16 | S1 |
| main.rs:2461:13:2461:22 | TuplePat | | file://:0:0:0:0 | (T_2) |
| main.rs:2461:13:2461:22 | TuplePat | 0(2) | main.rs:2447:5:2448:16 | S1 |
| main.rs:2461:13:2461:22 | TuplePat | 1(2) | main.rs:2447:5:2448:16 | S1 |
| main.rs:2461:18:2461:18 | e | | main.rs:2447:5:2448:16 | S1 |
| main.rs:2461:21:2461:21 | f | | main.rs:2447:5:2448:16 | S1 |
| main.rs:2461:26:2461:39 | ...::get_pair(...) | | file://:0:0:0:0 | (T_2) |
| main.rs:2461:26:2461:39 | ...::get_pair(...) | 0(2) | main.rs:2447:5:2448:16 | S1 |
| main.rs:2461:26:2461:39 | ...::get_pair(...) | 1(2) | main.rs:2447:5:2448:16 | S1 |
| main.rs:2462:13:2462:26 | TuplePat | | file://:0:0:0:0 | (T_2) |
| main.rs:2462:13:2462:26 | TuplePat | 0(2) | main.rs:2447:5:2448:16 | S1 |
| main.rs:2462:13:2462:26 | TuplePat | 1(2) | main.rs:2447:5:2448:16 | S1 |
| main.rs:2462:18:2462:18 | g | | main.rs:2447:5:2448:16 | S1 |
| main.rs:2462:25:2462:25 | h | | main.rs:2447:5:2448:16 | S1 |
| main.rs:2462:30:2462:43 | ...::get_pair(...) | | file://:0:0:0:0 | (T_2) |
| main.rs:2462:30:2462:43 | ...::get_pair(...) | 0(2) | main.rs:2447:5:2448:16 | S1 |
| main.rs:2462:30:2462:43 | ...::get_pair(...) | 1(2) | main.rs:2447:5:2448:16 | S1 |
| main.rs:2464:9:2464:9 | a | | file://:0:0:0:0 | (T_2) |
| main.rs:2464:9:2464:9 | a | 0(2) | main.rs:2447:5:2448:16 | S1 |
| main.rs:2464:9:2464:9 | a | 1(2) | main.rs:2447:5:2448:16 | S1 |
| main.rs:2464:9:2464:11 | a.0 | | main.rs:2447:5:2448:16 | S1 |
| main.rs:2465:9:2465:9 | b | | file://:0:0:0:0 | (T_2) |
| main.rs:2465:9:2465:9 | b | 0(2) | main.rs:2447:5:2448:16 | S1 |
| main.rs:2465:9:2465:9 | b | 1(2) | main.rs:2447:5:2448:16 | S1 |
| main.rs:2465:9:2465:11 | b.1 | | main.rs:2447:5:2448:16 | S1 |
| main.rs:2466:9:2466:9 | c | | main.rs:2447:5:2448:16 | S1 |
| main.rs:2467:9:2467:9 | d | | main.rs:2447:5:2448:16 | S1 |
| main.rs:2468:9:2468:9 | e | | main.rs:2447:5:2448:16 | S1 |
| main.rs:2469:9:2469:9 | f | | main.rs:2447:5:2448:16 | S1 |
| main.rs:2470:9:2470:9 | g | | main.rs:2447:5:2448:16 | S1 |
| main.rs:2471:9:2471:9 | h | | main.rs:2447:5:2448:16 | S1 |
| main.rs:2476:13:2476:13 | a | | {EXTERNAL LOCATION} | i64 |
| main.rs:2476:17:2476:34 | ...::default(...) | | {EXTERNAL LOCATION} | i64 |
| main.rs:2477:13:2477:13 | b | | {EXTERNAL LOCATION} | bool |
| main.rs:2477:17:2477:34 | ...::default(...) | | {EXTERNAL LOCATION} | bool |
| main.rs:2478:13:2478:16 | pair | | file://:0:0:0:0 | (T_2) |
| main.rs:2478:13:2478:16 | pair | 0(2) | {EXTERNAL LOCATION} | i64 |
| main.rs:2478:13:2478:16 | pair | 1(2) | {EXTERNAL LOCATION} | bool |
| main.rs:2478:20:2478:25 | TupleExpr | | file://:0:0:0:0 | (T_2) |
| main.rs:2478:20:2478:25 | TupleExpr | 0(2) | {EXTERNAL LOCATION} | i64 |
| main.rs:2478:20:2478:25 | TupleExpr | 1(2) | {EXTERNAL LOCATION} | bool |
| main.rs:2478:21:2478:21 | a | | {EXTERNAL LOCATION} | i64 |
| main.rs:2478:24:2478:24 | b | | {EXTERNAL LOCATION} | bool |
| main.rs:2479:13:2479:13 | i | | {EXTERNAL LOCATION} | i64 |
| main.rs:2479:22:2479:25 | pair | | file://:0:0:0:0 | (T_2) |
| main.rs:2479:22:2479:25 | pair | 0(2) | {EXTERNAL LOCATION} | i64 |
| main.rs:2479:22:2479:25 | pair | 1(2) | {EXTERNAL LOCATION} | bool |
| main.rs:2479:22:2479:27 | pair.0 | | {EXTERNAL LOCATION} | i64 |
| main.rs:2480:13:2480:13 | j | | {EXTERNAL LOCATION} | bool |
| main.rs:2480:23:2480:26 | pair | | file://:0:0:0:0 | (T_2) |
| main.rs:2480:23:2480:26 | pair | 0(2) | {EXTERNAL LOCATION} | i64 |
| main.rs:2480:23:2480:26 | pair | 1(2) | {EXTERNAL LOCATION} | bool |
| main.rs:2480:23:2480:28 | pair.1 | | {EXTERNAL LOCATION} | bool |
| main.rs:2482:13:2482:16 | pair | | file://:0:0:0:0 | (T_2) |
| main.rs:2482:13:2482:16 | pair | 0(2) | {EXTERNAL LOCATION} | i32 |
| main.rs:2482:13:2482:16 | pair | 1(2) | {EXTERNAL LOCATION} | i32 |
| main.rs:2482:20:2482:25 | [...] | | file://:0:0:0:0 | [] |
| main.rs:2482:20:2482:25 | [...] | [T;...] | {EXTERNAL LOCATION} | i32 |
| main.rs:2482:20:2482:32 | ... .into() | | file://:0:0:0:0 | (T_2) |
| main.rs:2482:20:2482:32 | ... .into() | 0(2) | {EXTERNAL LOCATION} | i32 |
| main.rs:2482:20:2482:32 | ... .into() | 1(2) | {EXTERNAL LOCATION} | i32 |
| main.rs:2482:21:2482:21 | 1 | | {EXTERNAL LOCATION} | i32 |
| main.rs:2482:24:2482:24 | 1 | | {EXTERNAL LOCATION} | i32 |
| main.rs:2483:15:2483:18 | pair | | file://:0:0:0:0 | (T_2) |
| main.rs:2483:15:2483:18 | pair | 0(2) | {EXTERNAL LOCATION} | i32 |
| main.rs:2483:15:2483:18 | pair | 1(2) | {EXTERNAL LOCATION} | i32 |
| main.rs:2484:13:2484:18 | TuplePat | | file://:0:0:0:0 | (T_2) |
| main.rs:2484:13:2484:18 | TuplePat | 0(2) | {EXTERNAL LOCATION} | i32 |
| main.rs:2484:13:2484:18 | TuplePat | 1(2) | {EXTERNAL LOCATION} | i32 |
| main.rs:2484:14:2484:14 | 0 | | {EXTERNAL LOCATION} | i32 |
| main.rs:2484:17:2484:17 | 0 | | {EXTERNAL LOCATION} | i32 |
| main.rs:2484:30:2484:41 | "unexpected" | | file://:0:0:0:0 | & |
| main.rs:2484:30:2484:41 | "unexpected" | &T | {EXTERNAL LOCATION} | str |
| main.rs:2484:30:2484:41 | FormatArgsExpr | | {EXTERNAL LOCATION} | Arguments |
| main.rs:2484:30:2484:41 | MacroExpr | | {EXTERNAL LOCATION} | Arguments |
| main.rs:2485:13:2485:13 | _ | | file://:0:0:0:0 | (T_2) |
| main.rs:2485:13:2485:13 | _ | 0(2) | {EXTERNAL LOCATION} | i32 |
| main.rs:2485:13:2485:13 | _ | 1(2) | {EXTERNAL LOCATION} | i32 |
| main.rs:2485:25:2485:34 | "expected" | | file://:0:0:0:0 | & |
| main.rs:2485:25:2485:34 | "expected" | &T | {EXTERNAL LOCATION} | str |
| main.rs:2485:25:2485:34 | FormatArgsExpr | | {EXTERNAL LOCATION} | Arguments |
| main.rs:2485:25:2485:34 | MacroExpr | | {EXTERNAL LOCATION} | Arguments |
| main.rs:2487:13:2487:13 | x | | {EXTERNAL LOCATION} | i32 |
| main.rs:2487:17:2487:20 | pair | | file://:0:0:0:0 | (T_2) |
| main.rs:2487:17:2487:20 | pair | 0(2) | {EXTERNAL LOCATION} | i32 |
| main.rs:2487:17:2487:20 | pair | 1(2) | {EXTERNAL LOCATION} | i32 |
| main.rs:2487:17:2487:22 | pair.0 | | {EXTERNAL LOCATION} | i32 |
| main.rs:2489:13:2489:13 | y | | file://:0:0:0:0 | & |
| main.rs:2489:13:2489:13 | y | &T | file://:0:0:0:0 | (T_2) |
| main.rs:2489:13:2489:13 | y | &T.0(2) | main.rs:2447:5:2448:16 | S1 |
| main.rs:2489:13:2489:13 | y | &T.1(2) | main.rs:2447:5:2448:16 | S1 |
| main.rs:2489:17:2489:31 | &... | | file://:0:0:0:0 | & |
| main.rs:2489:17:2489:31 | &... | &T | file://:0:0:0:0 | (T_2) |
| main.rs:2489:17:2489:31 | &... | &T.0(2) | main.rs:2447:5:2448:16 | S1 |
| main.rs:2489:17:2489:31 | &... | &T.1(2) | main.rs:2447:5:2448:16 | S1 |
| main.rs:2489:18:2489:31 | ...::get_pair(...) | | file://:0:0:0:0 | (T_2) |
| main.rs:2489:18:2489:31 | ...::get_pair(...) | 0(2) | main.rs:2447:5:2448:16 | S1 |
| main.rs:2489:18:2489:31 | ...::get_pair(...) | 1(2) | main.rs:2447:5:2448:16 | S1 |
| main.rs:2490:9:2490:9 | y | | file://:0:0:0:0 | & |
| main.rs:2490:9:2490:9 | y | &T | file://:0:0:0:0 | (T_2) |
| main.rs:2490:9:2490:9 | y | &T.0(2) | main.rs:2447:5:2448:16 | S1 |
| main.rs:2490:9:2490:9 | y | &T.1(2) | main.rs:2447:5:2448:16 | S1 |
| main.rs:2490:9:2490:11 | y.0 | | main.rs:2447:5:2448:16 | S1 |
| main.rs:2497:13:2497:23 | boxed_value | | {EXTERNAL LOCATION} | Box |
| main.rs:2497:13:2497:23 | boxed_value | A | {EXTERNAL LOCATION} | Global |
| main.rs:2497:13:2497:23 | boxed_value | T | {EXTERNAL LOCATION} | i32 |
| main.rs:2497:27:2497:42 | ...::new(...) | | {EXTERNAL LOCATION} | Box |
| main.rs:2497:27:2497:42 | ...::new(...) | A | {EXTERNAL LOCATION} | Global |
| main.rs:2497:27:2497:42 | ...::new(...) | T | {EXTERNAL LOCATION} | i32 |
| main.rs:2497:36:2497:41 | 100i32 | | {EXTERNAL LOCATION} | i32 |
| main.rs:2500:15:2500:25 | boxed_value | | {EXTERNAL LOCATION} | Box |
| main.rs:2500:15:2500:25 | boxed_value | A | {EXTERNAL LOCATION} | Global |
| main.rs:2500:15:2500:25 | boxed_value | T | {EXTERNAL LOCATION} | i32 |
| main.rs:2501:13:2501:19 | box 100 | | {EXTERNAL LOCATION} | Box |
| main.rs:2501:13:2501:19 | box 100 | A | {EXTERNAL LOCATION} | Global |
| main.rs:2501:13:2501:19 | box 100 | T | {EXTERNAL LOCATION} | i32 |
| main.rs:2501:17:2501:19 | 100 | | {EXTERNAL LOCATION} | i32 |
| main.rs:2502:26:2502:36 | "Boxed 100\\n" | | file://:0:0:0:0 | & |
| main.rs:2502:26:2502:36 | "Boxed 100\\n" | &T | {EXTERNAL LOCATION} | str |
| main.rs:2502:26:2502:36 | FormatArgsExpr | | {EXTERNAL LOCATION} | Arguments |
| main.rs:2502:26:2502:36 | MacroExpr | | {EXTERNAL LOCATION} | Arguments |
| main.rs:2504:13:2504:17 | box ... | | {EXTERNAL LOCATION} | Box |
| main.rs:2504:13:2504:17 | box ... | A | {EXTERNAL LOCATION} | Global |
| main.rs:2504:13:2504:17 | box ... | T | {EXTERNAL LOCATION} | i32 |
| main.rs:2506:26:2506:42 | "Boxed value: {}\\n" | | file://:0:0:0:0 | & |
| main.rs:2506:26:2506:42 | "Boxed value: {}\\n" | &T | {EXTERNAL LOCATION} | str |
| main.rs:2506:26:2506:51 | FormatArgsExpr | | {EXTERNAL LOCATION} | Arguments |
| main.rs:2506:26:2506:51 | MacroExpr | | {EXTERNAL LOCATION} | Arguments |
| main.rs:2511:13:2511:22 | nested_box | | {EXTERNAL LOCATION} | Box |
| main.rs:2511:13:2511:22 | nested_box | A | {EXTERNAL LOCATION} | Global |
| main.rs:2511:13:2511:22 | nested_box | T | {EXTERNAL LOCATION} | Box |
| main.rs:2511:13:2511:22 | nested_box | T.A | {EXTERNAL LOCATION} | Global |
| main.rs:2511:13:2511:22 | nested_box | T.T | {EXTERNAL LOCATION} | i32 |
| main.rs:2511:26:2511:50 | ...::new(...) | | {EXTERNAL LOCATION} | Box |
| main.rs:2511:26:2511:50 | ...::new(...) | A | {EXTERNAL LOCATION} | Global |
| main.rs:2511:26:2511:50 | ...::new(...) | T | {EXTERNAL LOCATION} | Box |
| main.rs:2511:26:2511:50 | ...::new(...) | T.A | {EXTERNAL LOCATION} | Global |
| main.rs:2511:26:2511:50 | ...::new(...) | T.T | {EXTERNAL LOCATION} | i32 |
| main.rs:2511:35:2511:49 | ...::new(...) | | {EXTERNAL LOCATION} | Box |
| main.rs:2511:35:2511:49 | ...::new(...) | A | {EXTERNAL LOCATION} | Global |
| main.rs:2511:35:2511:49 | ...::new(...) | T | {EXTERNAL LOCATION} | i32 |
| main.rs:2511:44:2511:48 | 42i32 | | {EXTERNAL LOCATION} | i32 |
| main.rs:2512:15:2512:24 | nested_box | | {EXTERNAL LOCATION} | Box |
| main.rs:2512:15:2512:24 | nested_box | A | {EXTERNAL LOCATION} | Global |
| main.rs:2512:15:2512:24 | nested_box | T | {EXTERNAL LOCATION} | Box |
| main.rs:2512:15:2512:24 | nested_box | T.A | {EXTERNAL LOCATION} | Global |
| main.rs:2512:15:2512:24 | nested_box | T.T | {EXTERNAL LOCATION} | i32 |
| main.rs:2513:13:2513:21 | box ... | | {EXTERNAL LOCATION} | Box |
| main.rs:2513:13:2513:21 | box ... | A | {EXTERNAL LOCATION} | Global |
| main.rs:2513:13:2513:21 | box ... | T | {EXTERNAL LOCATION} | Box |
| main.rs:2513:13:2513:21 | box ... | T.A | {EXTERNAL LOCATION} | Global |
| main.rs:2513:13:2513:21 | box ... | T.T | {EXTERNAL LOCATION} | i32 |
| main.rs:2515:26:2515:43 | "Nested boxed: {}\\n" | | file://:0:0:0:0 | & |
| main.rs:2515:26:2515:43 | "Nested boxed: {}\\n" | &T | {EXTERNAL LOCATION} | str |
| main.rs:2515:26:2515:59 | FormatArgsExpr | | {EXTERNAL LOCATION} | Arguments |
| main.rs:2515:26:2515:59 | MacroExpr | | {EXTERNAL LOCATION} | Arguments |
| main.rs:2527:21:2527:25 | SelfParam | | file://:0:0:0:0 | & |
| main.rs:2527:21:2527:25 | SelfParam | &T | main.rs:2526:5:2529:5 | Self [trait Executor] |
| main.rs:2528:24:2528:28 | SelfParam | | file://:0:0:0:0 | & |
| main.rs:2528:24:2528:28 | SelfParam | &T | main.rs:2526:5:2529:5 | Self [trait Executor] |
| main.rs:2528:31:2528:35 | query | | main.rs:2528:21:2528:21 | E |
| main.rs:2532:21:2532:25 | SelfParam | | file://:0:0:0:0 | & |
| main.rs:2532:21:2532:25 | SelfParam | &T | main.rs:2531:10:2531:22 | T |
| main.rs:2533:22:2533:41 | "Executor::execute1\\n" | | file://:0:0:0:0 | & |
| main.rs:2533:22:2533:41 | "Executor::execute1\\n" | &T | {EXTERNAL LOCATION} | str |
| main.rs:2533:22:2533:41 | FormatArgsExpr | | {EXTERNAL LOCATION} | Arguments |
| main.rs:2533:22:2533:41 | MacroExpr | | {EXTERNAL LOCATION} | Arguments |
| main.rs:2542:13:2542:13 | c | | main.rs:2537:5:2537:29 | MySqlConnection |
| main.rs:2542:17:2542:34 | MySqlConnection {...} | | main.rs:2537:5:2537:29 | MySqlConnection |
| main.rs:2544:9:2544:9 | c | | main.rs:2537:5:2537:29 | MySqlConnection |
| main.rs:2545:35:2545:36 | &c | | file://:0:0:0:0 | & |
| main.rs:2545:35:2545:36 | &c | &T | main.rs:2537:5:2537:29 | MySqlConnection |
| main.rs:2545:36:2545:36 | c | | main.rs:2537:5:2537:29 | MySqlConnection |
| main.rs:2547:9:2547:9 | c | | main.rs:2537:5:2537:29 | MySqlConnection |
| main.rs:2547:20:2547:40 | "SELECT * FROM users" | | file://:0:0:0:0 | & |
| main.rs:2547:20:2547:40 | "SELECT * FROM users" | &T | {EXTERNAL LOCATION} | str |
| main.rs:2548:9:2548:9 | c | | main.rs:2537:5:2537:29 | MySqlConnection |
| main.rs:2548:28:2548:48 | "SELECT * FROM users" | | file://:0:0:0:0 | & |
| main.rs:2548:28:2548:48 | "SELECT * FROM users" | &T | {EXTERNAL LOCATION} | str |
| main.rs:2536:24:2536:28 | SelfParam | | file://:0:0:0:0 | & |
| main.rs:2536:24:2536:28 | SelfParam | &T | main.rs:2531:10:2531:22 | T |
| main.rs:2536:31:2536:36 | _query | | main.rs:2536:21:2536:21 | E |
| main.rs:2537:22:2537:41 | "Executor::execute2\\n" | | file://:0:0:0:0 | & |
| main.rs:2537:22:2537:41 | "Executor::execute2\\n" | &T | {EXTERNAL LOCATION} | str |
| main.rs:2537:22:2537:41 | FormatArgsExpr | | {EXTERNAL LOCATION} | Arguments |
| main.rs:2537:22:2537:41 | MacroExpr | | {EXTERNAL LOCATION} | Arguments |
| main.rs:2546:13:2546:13 | c | | main.rs:2541:5:2541:29 | MySqlConnection |
| main.rs:2546:17:2546:34 | MySqlConnection {...} | | main.rs:2541:5:2541:29 | MySqlConnection |
| main.rs:2548:9:2548:9 | c | | main.rs:2541:5:2541:29 | MySqlConnection |
| main.rs:2549:35:2549:36 | &c | | file://:0:0:0:0 | & |
| main.rs:2549:35:2549:36 | &c | &T | main.rs:2537:5:2537:29 | MySqlConnection |
| main.rs:2549:36:2549:36 | c | | main.rs:2537:5:2537:29 | MySqlConnection |
| main.rs:2549:39:2549:59 | "SELECT * FROM users" | | file://:0:0:0:0 | & |
| main.rs:2549:39:2549:59 | "SELECT * FROM users" | &T | {EXTERNAL LOCATION} | str |
| main.rs:2550:43:2550:44 | &c | | file://:0:0:0:0 | & |
| main.rs:2550:43:2550:44 | &c | &T | main.rs:2537:5:2537:29 | MySqlConnection |
| main.rs:2550:44:2550:44 | c | | main.rs:2537:5:2537:29 | MySqlConnection |
| main.rs:2550:47:2550:67 | "SELECT * FROM users" | | file://:0:0:0:0 | & |
| main.rs:2550:47:2550:67 | "SELECT * FROM users" | &T | {EXTERNAL LOCATION} | str |
| main.rs:2560:5:2560:20 | ...::f(...) | | main.rs:72:5:72:21 | Foo |
| main.rs:2561:5:2561:60 | ...::g(...) | | main.rs:72:5:72:21 | Foo |
| main.rs:2561:20:2561:38 | ...::Foo {...} | | main.rs:72:5:72:21 | Foo |
| main.rs:2561:41:2561:59 | ...::Foo {...} | | main.rs:72:5:72:21 | Foo |
| main.rs:2577:5:2577:15 | ...::f(...) | | {EXTERNAL LOCATION} | trait Future |
| main.rs:2549:35:2549:36 | &c | &T | main.rs:2541:5:2541:29 | MySqlConnection |
| main.rs:2549:36:2549:36 | c | | main.rs:2541:5:2541:29 | MySqlConnection |
| main.rs:2551:9:2551:9 | c | | main.rs:2541:5:2541:29 | MySqlConnection |
| main.rs:2551:20:2551:40 | "SELECT * FROM users" | | file://:0:0:0:0 | & |
| main.rs:2551:20:2551:40 | "SELECT * FROM users" | &T | {EXTERNAL LOCATION} | str |
| main.rs:2552:9:2552:9 | c | | main.rs:2541:5:2541:29 | MySqlConnection |
| main.rs:2552:28:2552:48 | "SELECT * FROM users" | | file://:0:0:0:0 | & |
| main.rs:2552:28:2552:48 | "SELECT * FROM users" | &T | {EXTERNAL LOCATION} | str |
| main.rs:2553:35:2553:36 | &c | | file://:0:0:0:0 | & |
| main.rs:2553:35:2553:36 | &c | &T | main.rs:2541:5:2541:29 | MySqlConnection |
| main.rs:2553:36:2553:36 | c | | main.rs:2541:5:2541:29 | MySqlConnection |
| main.rs:2553:39:2553:59 | "SELECT * FROM users" | | file://:0:0:0:0 | & |
| main.rs:2553:39:2553:59 | "SELECT * FROM users" | &T | {EXTERNAL LOCATION} | str |
| main.rs:2554:43:2554:44 | &c | | file://:0:0:0:0 | & |
| main.rs:2554:43:2554:44 | &c | &T | main.rs:2541:5:2541:29 | MySqlConnection |
| main.rs:2554:44:2554:44 | c | | main.rs:2541:5:2541:29 | MySqlConnection |
| main.rs:2554:47:2554:67 | "SELECT * FROM users" | | file://:0:0:0:0 | & |
| main.rs:2554:47:2554:67 | "SELECT * FROM users" | &T | {EXTERNAL LOCATION} | str |
| main.rs:2564:5:2564:20 | ...::f(...) | | main.rs:72:5:72:21 | Foo |
| main.rs:2565:5:2565:60 | ...::g(...) | | main.rs:72:5:72:21 | Foo |
| main.rs:2565:20:2565:38 | ...::Foo {...} | | main.rs:72:5:72:21 | Foo |
| main.rs:2565:41:2565:59 | ...::Foo {...} | | main.rs:72:5:72:21 | Foo |
| main.rs:2581:5:2581:15 | ...::f(...) | | {EXTERNAL LOCATION} | trait Future |
| pattern_matching.rs:13:26:133:1 | { ... } | | {EXTERNAL LOCATION} | Option |
| pattern_matching.rs:13:26:133:1 | { ... } | T | file://:0:0:0:0 | () |
| pattern_matching.rs:14:9:14:13 | value | | {EXTERNAL LOCATION} | Option |

41
rust/ql/test/query-tests/security/CWE-022/TaintedPathSinks.ql
View File

@@ -1,9 +1,18 @@
import rust
import codeql.rust.security.TaintedPathExtensions
import utils.test.InlineExpectationsTest
import codeql.rust.dataflow.DataFlow
import codeql.rust.dataflow.internal.DataFlowImpl as DataflowImpl
import codeql.rust.Concepts
module TaintedPathSinksTest implements TestSig {
string getARelevantTag() { result = "path-injection-sink" }
string getARelevantTag() {
result =
[
"path-injection-sink", "path-injection-barrier", "path-injection-normalize",
"path-injection-checked"
]
}
predicate hasActualResult(Location location, string element, string tag, string value) {
exists(TaintedPath::Sink sink |
@@ -13,6 +22,36 @@ module TaintedPathSinksTest implements TestSig {
tag = "path-injection-sink" and
value = ""
)
or
exists(DataFlow::Node node |
(
node instanceof TaintedPath::Barrier or
node instanceof TaintedPath::SanitizerGuard // tends to label the node *after* the check
) and
location = node.getLocation() and
location.getFile().getBaseName() != "" and
element = node.toString() and
tag = "path-injection-barrier" and
value = ""
)
or
exists(DataFlow::Node node |
DataflowImpl::optionalBarrier(node, "normalize-path") and
location = node.getLocation() and
location.getFile().getBaseName() != "" and
element = node.toString() and
tag = "path-injection-normalize" and
value = ""
)
or
exists(DataFlow::Node node |
node instanceof Path::SafeAccessCheck and // tends to label the node *after* the check
location = node.getLocation() and
location.getFile().getBaseName() != "" and
element = node.toString() and
tag = "path-injection-checked" and
value = ""
)
}
}

53
rust/ql/test/query-tests/security/CWE-022/src/main.rs
View File

@@ -13,10 +13,10 @@ fn tainted_path_handler_bad(
//#[handler]
fn tainted_path_handler_good(Query(file_name): Query<String>) -> Result<String> {
// GOOD: ensure that the filename has no path separators or parent directory references
if file_name.contains("..") || file_name.contains("/") || file_name.contains("\\") {
if file_name.contains("..") || file_name.contains("/") || file_name.contains("\\") { // $ path-injection-barrier
return Err(Error::from_status(StatusCode::BAD_REQUEST));
}
let file_path = PathBuf::from(file_name);
let file_path = PathBuf::from(file_name); // $ path-injection-barrier (following the last `.contains` check)
fs::read_to_string(file_path).map_err(InternalServerError) // $ path-injection-sink
}
@@ -29,12 +29,12 @@ fn tainted_path_handler_folder_good(Query(file_path): Query<String>) -> Result<S
if !file_path.starts_with(public_path) {
return Err(Error::from_status(StatusCode::BAD_REQUEST));
}
fs::read_to_string(file_path).map_err(InternalServerError) // $ path-injection-sink
fs::read_to_string(file_path).map_err(InternalServerError) // $ path-injection-sink MISSING: path-injection-checked
}
//#[handler]
fn tainted_path_handler_folder_almost_good1(
Query(file_path): Query<String>, // $ MISSING: Source=remote4
Query(file_path): Query<String>, // $ MISSING: Source=remote2
) -> Result<String> {
let public_path = PathBuf::from("/var/www/public_html");
let file_path = public_path.join(PathBuf::from(file_path));
@@ -42,12 +42,37 @@ fn tainted_path_handler_folder_almost_good1(
if !file_path.starts_with(public_path) {
return Err(Error::from_status(StatusCode::BAD_REQUEST));
}
fs::read_to_string(file_path).map_err(InternalServerError) // $ path-injection-sink MISSING: Alert[rust/path-injection]=remote4 -- we cannot resolve the `join` call above, because it needs a `PathBuf -> Path` `Deref`
fs::read_to_string(file_path).map_err(InternalServerError) // $ path-injection-sink MISSING: path-injection-checked Alert[rust/path-injection]=remote2 -- we cannot resolve the `join` call above, because it needs a `PathBuf -> Path` `Deref`
}
//#[handler]
fn tainted_path_handler_folder_good_simpler(Query(file_path): Query<String>) -> Result<String> {
let public_path = "/var/www/public_html";
let file_path = Path::new(&file_path);
let file_path = file_path.canonicalize().unwrap();
// GOOD: ensure that the path stays within the public folder
if !file_path.starts_with(public_path) {
return Err(Error::from_status(StatusCode::BAD_REQUEST));
}
fs::read_to_string(file_path).map_err(InternalServerError) // $ path-injection-sink MISSING: path-injection-checked
}
//#[handler]
fn tainted_path_handler_folder_almost_good1_simpler(
Query(file_path): Query<String>, // $ MISSING: Source=remote3
) -> Result<String> {
let public_path = "/var/www/public_html";
let file_path = Path::new(&file_path);
// BAD: the path could still contain `..` and escape the public folder
if !file_path.starts_with(public_path) {
return Err(Error::from_status(StatusCode::BAD_REQUEST));
}
fs::read_to_string(file_path).map_err(InternalServerError) // $ path-injection-checked path-injection-sink MISSING: Alert[rust/path-injection]=remote3
}
//#[handler]
fn tainted_path_handler_folder_almost_good2(
Query(file_path): Query<String>, // $ MISSING: Source=remote5
Query(file_path): Query<String>, // $ MISSING: Source=remote4
) -> Result<String> {
let public_path = PathBuf::from("/var/www/public_html");
let file_path = public_path.join(PathBuf::from(file_path));
@@ -56,7 +81,21 @@ fn tainted_path_handler_folder_almost_good2(
if file_path.starts_with(public_path) {
return Err(Error::from_status(StatusCode::BAD_REQUEST));
}
fs::read_to_string(file_path).map_err(InternalServerError) // $ path-injection-sink MISSING: Alert[rust/path-injection]=remote5 -- we cannot resolve the `join` call above, because it needs a `PathBuf -> Path` `Deref`
fs::read_to_string(file_path).map_err(InternalServerError) // $ path-injection-sink MISSING: path-injection-checked Alert[rust/path-injection]=remote4 -- we cannot resolve the `join` call above, because it needs a `PathBuf -> Path` `Deref`
}
//#[handler]
fn tainted_path_handler_folder_almost_good3(
Query(file_path): Query<String>, // $ MISSING: Source=remote5
) -> Result<String> {
let public_path = "/var/www/public_html";
let file_path = Path::new(&file_path);
// BAD: the starts_with check is ineffective before canonicalization, the path could still contain `..`
if !file_path.starts_with(public_path) {
return Err(Error::from_status(StatusCode::BAD_REQUEST));
}
let file_path = file_path.canonicalize().unwrap(); // $ path-injection-checked
fs::read_to_string(file_path).map_err(InternalServerError) // $ path-injection-sink MISSING: Alert[rust/path-injection]=remote5
}
fn sinks(path1: &Path, path2: &Path) {

Some files were not shown because too many files have changed in this diff Show More